Sample viewer

vx.netlux.org/Virus.DOS.PS-MPC.2832

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:59:37.066397691Z 26 PC: 12a9d | Set disk transfer address
2018-12-17T22:59:37.068097545Z 71 PC: 12aa7 | Get current directory
2018-12-17T22:59:37.072860448Z 53 PC: 12ab1 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:59:37.074615972Z 37 PC: 12ac1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:59:37.076318051Z 42 PC: 12ac7 | Get date 0x12ac7: cmp al, 5
0x12ac9: je 0x12b31
0x12acb: lea dx, word ptr [bp + 0x406]
0x12acf: call 0x12bd0
0x12ad2: lea dx, word ptr [bp + 0x40c]
0x12ad6: call 0x12bd0
0x12ad9: mov ah, 0x3b
0x12adb: lea dx, word ptr [bp + 0x412]
0x12adf: int 0x21
0x12ae1: jae 0x12ac3
0x12ae3: mov ax, 0x2524
0x12ae6: lds dx, ptr [bp + 0xc45]
0x12aea: int 0x21
0x12aec: push cs
0x12aed: pop ds
0x12aee: mov ah, 0x3b
0x12af0: lea dx, word ptr [bp + 0xc49]
0x12af4: int 0x21
0x12af6: mov ah, 0x1a
0x12af8: mov dx, 0x80
2018-12-17T22:59:37.07998713Z 78 PC: 12bd7 | Find first file
2018-12-17T22:59:37.087276561Z 78 PC: 12bd7 | Find first file
2018-12-17T22:59:37.094222206Z 61 PC: 12d39 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:59:37.102518238Z 63 PC: 12be9 | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:59:37.109741723Z 62 PC: 12bed | Close file
2018-12-17T22:59:37.111808785Z 67 PC: 12d44 | Get or set file attributes
2018-12-17T22:59:37.139830331Z 61 PC: 12d39 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:59:37.157207626Z 64 PC: 12cbf | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:59:37.164492223Z 66 PC: 12cc7 | Move file pointer
2018-12-17T22:59:37.166061712Z 44 PC: 12ccb | Get time 0x12ccb: or dx, dx
0x12ccd: je 0x12cc7
0x12ccf: mov word ptr [bp + 0x10d], dx
0x12cd3: lea di, word ptr [bp + 0xc13]
0x12cd7: mov ax, 0x5355
0x12cda: stosw word ptr es:[di], ax
0x12cdb: lea si, word ptr [bp + 0x103]
0x12cdf: mov cx, 0x11
0x12ce2: push si
0x12ce3: push cx
0x12ce4: rep movsb byte ptr es:[di], byte ptr [si]
0x12ce6: lea si, word ptr [bp + 0x3f4]
0x12cea: mov cx, 0xf
0x12ced: rep movsb byte ptr es:[di], byte ptr [si]
0x12cef: pop cx
0x12cf0: pop si
0x12cf1: pop dx
0x12cf2: push di
0x12cf3: push si
0x12cf4: push cx
2018-12-17T22:59:37.170005987Z 64 PC: 13584 | Write file or device (Write 2832 bytes on handle 5)
2018-12-17T22:59:37.180301662Z 87 PC: 12d1a | Get or set file date and time
2018-12-17T22:59:37.181804917Z 62 PC: 12d1e | Close file
2018-12-17T22:59:37.191492426Z 67 PC: 12d44 | Get or set file attributes
2018-12-17T22:59:37.204326961Z 79 PC: 12bd7 | Find next file
2018-12-17T22:59:37.207678635Z 61 PC: 12d39 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:59:37.216359839Z 63 PC: 12be9 | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:59:37.232701288Z 62 PC: 12bed | Close file
2018-12-17T22:59:37.234907252Z 67 PC: 12d44 | Get or set file attributes
2018-12-17T22:59:37.247682237Z 61 PC: 12d39 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:59:37.25568772Z 64 PC: 12cbf | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:59:37.258813282Z 66 PC: 12cc7 | Move file pointer
2018-12-17T22:59:37.26097539Z 44 PC: 12ccb | Get time 0x12ccb: or dx, dx
0x12ccd: je 0x12cc7
0x12ccf: mov word ptr [bp + 0x10d], dx
0x12cd3: lea di, word ptr [bp + 0xc13]
0x12cd7: mov ax, 0x5355
0x12cda: stosw word ptr es:[di], ax
0x12cdb: lea si, word ptr [bp + 0x103]
0x12cdf: mov cx, 0x11
0x12ce2: push si
0x12ce3: push cx
0x12ce4: rep movsb byte ptr es:[di], byte ptr [si]
0x12ce6: lea si, word ptr [bp + 0x3f4]
0x12cea: mov cx, 0xf
0x12ced: rep movsb byte ptr es:[di], byte ptr [si]
0x12cef: pop cx
0x12cf0: pop si
0x12cf1: pop dx
0x12cf2: push di
0x12cf3: push si
0x12cf4: push cx
2018-12-17T22:59:37.264360906Z 64 PC: 13584 | Write file or device (Write 2832 bytes on handle 5)
2018-12-17T22:59:37.275847684Z 87 PC: 12d1a | Get or set file date and time
2018-12-17T22:59:37.278468268Z 62 PC: 12d1e | Close file
2018-12-17T22:59:37.288445746Z 67 PC: 12d44 | Get or set file attributes
2018-12-17T22:59:37.299801205Z 79 PC: 12bd7 | Find next file
2018-12-17T22:59:37.303044573Z 61 PC: 12d39 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:59:37.311128335Z 63 PC: 12be9 | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:59:37.318986193Z 62 PC: 12bed | Close file
2018-12-17T22:59:37.321419022Z 67 PC: 12d44 | Get or set file attributes
2018-12-17T22:59:37.333709197Z 61 PC: 12d39 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:59:37.343378261Z 64 PC: 12cbf | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:59:37.346552781Z 66 PC: 12cc7 | Move file pointer
2018-12-17T22:59:37.349221245Z 44 PC: 12ccb | Get time 0x12ccb: or dx, dx
0x12ccd: je 0x12cc7
0x12ccf: mov word ptr [bp + 0x10d], dx
0x12cd3: lea di, word ptr [bp + 0xc13]
0x12cd7: mov ax, 0x5355
0x12cda: stosw word ptr es:[di], ax
0x12cdb: lea si, word ptr [bp + 0x103]
0x12cdf: mov cx, 0x11
0x12ce2: push si
0x12ce3: push cx
0x12ce4: rep movsb byte ptr es:[di], byte ptr [si]
0x12ce6: lea si, word ptr [bp + 0x3f4]
0x12cea: mov cx, 0xf
0x12ced: rep movsb byte ptr es:[di], byte ptr [si]
0x12cef: pop cx
0x12cf0: pop si
0x12cf1: pop dx
0x12cf2: push di
0x12cf3: push si
0x12cf4: push cx
2018-12-17T22:59:37.353172558Z 64 PC: 13584 | Write file or device (Write 2832 bytes on handle 5)
2018-12-17T22:59:37.364282887Z 87 PC: 12d1a | Get or set file date and time
2018-12-17T22:59:37.367311161Z 62 PC: 12d1e | Close file
2018-12-17T22:59:37.375939564Z 67 PC: 12d44 | Get or set file attributes
2018-12-17T22:59:37.387747987Z 79 PC: 12bd7 | Find next file
2018-12-17T22:59:37.391170782Z 61 PC: 12d39 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:59:37.399418933Z 63 PC: 12be9 | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:59:37.406965346Z 62 PC: 12bed | Close file
2018-12-17T22:59:37.409422852Z 67 PC: 12d44 | Get or set file attributes
2018-12-17T22:59:37.422506171Z 61 PC: 12d39 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:59:37.430028841Z 64 PC: 12cbf | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:59:37.433223733Z 66 PC: 12cc7 | Move file pointer
2018-12-17T22:59:37.435398789Z 44 PC: 12ccb | Get time 0x12ccb: or dx, dx
0x12ccd: je 0x12cc7
0x12ccf: mov word ptr [bp + 0x10d], dx
0x12cd3: lea di, word ptr [bp + 0xc13]
0x12cd7: mov ax, 0x5355
0x12cda: stosw word ptr es:[di], ax
0x12cdb: lea si, word ptr [bp + 0x103]
0x12cdf: mov cx, 0x11
0x12ce2: push si
0x12ce3: push cx
0x12ce4: rep movsb byte ptr es:[di], byte ptr [si]
0x12ce6: lea si, word ptr [bp + 0x3f4]
0x12cea: mov cx, 0xf
0x12ced: rep movsb byte ptr es:[di], byte ptr [si]
0x12cef: pop cx
0x12cf0: pop si
0x12cf1: pop dx
0x12cf2: push di
0x12cf3: push si
0x12cf4: push cx
2018-12-17T22:59:37.438620847Z 64 PC: 13584 | Write file or device (Write 2832 bytes on handle 5)
2018-12-17T22:59:37.449938371Z 87 PC: 12d1a | Get or set file date and time
2018-12-17T22:59:37.452643325Z 62 PC: 12d1e | Close file
2018-12-17T22:59:37.461493518Z 67 PC: 12d44 | Get or set file attributes
2018-12-17T22:59:37.472428227Z 79 PC: 12bd7 | Find next file
2018-12-17T22:59:37.476082671Z 61 PC: 12d39 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:59:37.483378026Z 63 PC: 12be9 | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:59:37.490414677Z 62 PC: 12bed | Close file
2018-12-17T22:59:37.494555296Z 67 PC: 12d44 | Get or set file attributes
2018-12-17T22:59:37.50546263Z 61 PC: 12d39 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:59:37.518847906Z 64 PC: 12cbf | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:59:37.527912767Z 66 PC: 12cc7 | Move file pointer
2018-12-17T22:59:37.529851044Z 44 PC: 12ccb | Get time 0x12ccb: or dx, dx
0x12ccd: je 0x12cc7
0x12ccf: mov word ptr [bp + 0x10d], dx
0x12cd3: lea di, word ptr [bp + 0xc13]
0x12cd7: mov ax, 0x5355
0x12cda: stosw word ptr es:[di], ax
0x12cdb: lea si, word ptr [bp + 0x103]
0x12cdf: mov cx, 0x11
0x12ce2: push si
0x12ce3: push cx
0x12ce4: rep movsb byte ptr es:[di], byte ptr [si]
0x12ce6: lea si, word ptr [bp + 0x3f4]
0x12cea: mov cx, 0xf
0x12ced: rep movsb byte ptr es:[di], byte ptr [si]
0x12cef: pop cx
0x12cf0: pop si
0x12cf1: pop dx
0x12cf2: push di
0x12cf3: push si
0x12cf4: push cx
2018-12-17T22:59:37.533477344Z 64 PC: 13584 | Write file or device (Write 2832 bytes on handle 5)
2018-12-17T22:59:37.544056651Z 87 PC: 12d1a | Get or set file date and time
2018-12-17T22:59:37.546978741Z 62 PC: 12d1e | Close file
2018-12-17T22:59:37.555532547Z 67 PC: 12d44 | Get or set file attributes
2018-12-17T22:59:37.56702438Z 79 PC: 12bd7 | Find next file
2018-12-17T22:59:37.570889291Z 61 PC: 12d39 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:59:37.579317165Z 63 PC: 12be9 | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:59:37.586833561Z 62 PC: 12bed | Close file
2018-12-17T22:59:37.590187978Z 67 PC: 12d44 | Get or set file attributes
2018-12-17T22:59:37.601382411Z 61 PC: 12d39 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:59:37.608757673Z 64 PC: 12cbf | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:59:37.612479347Z 66 PC: 12cc7 | Move file pointer
2018-12-17T22:59:37.613953154Z 44 PC: 12ccb | Get time 0x12ccb: or dx, dx
0x12ccd: je 0x12cc7
0x12ccf: mov word ptr [bp + 0x10d], dx
0x12cd3: lea di, word ptr [bp + 0xc13]
0x12cd7: mov ax, 0x5355
0x12cda: stosw word ptr es:[di], ax
0x12cdb: lea si, word ptr [bp + 0x103]
0x12cdf: mov cx, 0x11
0x12ce2: push si
0x12ce3: push cx
0x12ce4: rep movsb byte ptr es:[di], byte ptr [si]
0x12ce6: lea si, word ptr [bp + 0x3f4]
0x12cea: mov cx, 0xf
0x12ced: rep movsb byte ptr es:[di], byte ptr [si]
0x12cef: pop cx
0x12cf0: pop si
0x12cf1: pop dx
0x12cf2: push di
0x12cf3: push si
0x12cf4: push cx
2018-12-17T22:59:37.617142854Z 64 PC: 13584 | Write file or device (Write 2832 bytes on handle 5)
2018-12-17T22:59:37.627762241Z 87 PC: 12d1a | Get or set file date and time
2018-12-17T22:59:37.629577917Z 62 PC: 12d1e | Close file
2018-12-17T22:59:37.637963794Z 67 PC: 12d44 | Get or set file attributes
2018-12-17T22:59:37.649450114Z 79 PC: 12bd7 | Find next file
2018-12-17T22:59:37.652537518Z 61 PC: 12d39 | Open file (Filename = 'PAH.COM')
2018-12-17T22:59:37.659632605Z 63 PC: 12be9 | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:59:37.666389689Z 62 PC: 12bed | Close file
2018-12-17T22:59:37.669719899Z 67 PC: 12d44 | Get or set file attributes
2018-12-17T22:59:37.681014966Z 61 PC: 12d39 | Open file (Filename = 'PAH.COM')
2018-12-17T22:59:37.688318601Z 64 PC: 12cbf | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:59:37.69182892Z 66 PC: 12cc7 | Move file pointer
2018-12-17T22:59:37.693877837Z 44 PC: 12ccb | Get time 0x12ccb: or dx, dx
0x12ccd: je 0x12cc7
0x12ccf: mov word ptr [bp + 0x10d], dx
0x12cd3: lea di, word ptr [bp + 0xc13]
0x12cd7: mov ax, 0x5355
0x12cda: stosw word ptr es:[di], ax
0x12cdb: lea si, word ptr [bp + 0x103]
0x12cdf: mov cx, 0x11
0x12ce2: push si
0x12ce3: push cx
0x12ce4: rep movsb byte ptr es:[di], byte ptr [si]
0x12ce6: lea si, word ptr [bp + 0x3f4]
0x12cea: mov cx, 0xf
0x12ced: rep movsb byte ptr es:[di], byte ptr [si]
0x12cef: pop cx
0x12cf0: pop si
0x12cf1: pop dx
0x12cf2: push di
0x12cf3: push si
0x12cf4: push cx
2018-12-17T22:59:37.697158969Z 64 PC: 13584 | Write file or device (Write 2832 bytes on handle 5)
2018-12-17T22:59:37.708426752Z 87 PC: 12d1a | Get or set file date and time
2018-12-17T22:59:37.710016154Z 62 PC: 12d1e | Close file
2018-12-17T22:59:37.718626075Z 67 PC: 12d44 | Get or set file attributes
2018-12-17T22:59:37.729843507Z 79 PC: 12bd7 | Find next file
2018-12-17T22:59:37.73297308Z 61 PC: 12d39 | Open file (Filename = 'TEST.COM')
2018-12-17T22:59:37.740446171Z 63 PC: 12be9 | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:59:37.747974103Z 62 PC: 12bed | Close file
2018-12-17T22:59:37.750097369Z 79 PC: 12bd7 | Find next file

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13262,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:37:51.359232961Z 26 PC: 12a9d | Set disk transfer address
2018-12-25T12:37:51.362812571Z 71 PC: 12aa7 | Get current directory
2018-12-25T12:37:51.365975261Z 53 PC: 12ab1 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:37:51.3672014Z 37 PC: 12ac1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:37:51.369710961Z 42 PC: 12ac7 | Get date 0x12ac7: cmp al, 5
0x12ac9: je 0x12b31
0x12acb: lea dx, word ptr [bp + 0x406]
0x12acf: call 0x12bd0
0x12ad2: lea dx, word ptr [bp + 0x40c]
0x12ad6: call 0x12bd0
0x12ad9: mov ah, 0x3b
0x12adb: lea dx, word ptr [bp + 0x412]
0x12adf: int 0x21
0x12ae1: jae 0x12ac3
0x12ae3: mov ax, 0x2524
0x12ae6: lds dx, ptr [bp + 0xc45]
0x12aea: int 0x21
0x12aec: push cs
0x12aed: pop ds
0x12aee: mov ah, 0x3b
0x12af0: lea dx, word ptr [bp + 0xc49]
0x12af4: int 0x21
0x12af6: mov ah, 0x1a
0x12af8: mov dx, 0x80
2018-12-25T12:37:51.371362435Z 78 PC: 12bd7 | Find first file
2018-12-25T12:37:51.375070797Z 78 PC: 12bd7 | Find first file (See above)
2018-12-25T12:37:51.387041509Z 61 PC: 12d39 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:37:51.406880127Z 63 PC: 12be9 | Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:37:51.413867548Z 62 PC: 12bed | Close file
2018-12-25T12:37:51.416089563Z 67 PC: 12d44 | Get or set file attributes
2018-12-25T12:37:51.432623114Z 61 PC: 12d39 | Open file (See above)
2018-12-25T12:37:51.440232447Z 64 PC: 12cbf | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:37:51.443292832Z 66 PC: 12cc7 | Move file pointer
2018-12-25T12:37:51.445898077Z 44 PC: 12ccb | Get time 0x12ccb: or dx, dx
0x12ccd: je 0x12cc7
0x12ccf: mov word ptr [bp + 0x10d], dx
0x12cd3: lea di, word ptr [bp + 0xc13]
0x12cd7: mov ax, 0x5355
0x12cda: stosw word ptr es:[di], ax
0x12cdb: lea si, word ptr [bp + 0x103]
0x12cdf: mov cx, 0x11
0x12ce2: push si
0x12ce3: push cx
0x12ce4: rep movsb byte ptr es:[di], byte ptr [si]
0x12ce6: lea si, word ptr [bp + 0x3f4]
0x12cea: mov cx, 0xf
0x12ced: rep movsb byte ptr es:[di], byte ptr [si]
0x12cef: pop cx
0x12cf0: pop si
0x12cf1: pop dx
0x12cf2: push di
0x12cf3: push si
0x12cf4: push cx
2018-12-25T12:37:51.449179505Z 64 PC: 13584 | Write file or device (Write 2832 bytes on handle 5)
2018-12-25T12:37:51.457401504Z 87 PC: 12d1a | Get or set file date and time
2018-12-25T12:37:51.463281525Z 62 PC: 12d1e | Close file
2018-12-25T12:37:51.470497308Z 67 PC: 12d44 | Get or set file attributes (See above)
2018-12-25T12:37:51.477897665Z 79 PC: 12bd7 | Find next file (See above)
2018-12-25T12:37:51.480502236Z 61 PC: 12d39 | Open file (See above)
2018-12-25T12:37:51.485538431Z 63 PC: 12be9 | Read file or device (See above)
2018-12-25T12:37:51.4902586Z 62 PC: 12bed | Close file (See above)
2018-12-25T12:37:51.49254648Z 67 PC: 12d44 | Get or set file attributes (See above)
2018-12-25T12:37:51.500723893Z 61 PC: 12d39 | Open file (See above)
2018-12-25T12:37:51.505710138Z 64 PC: 12cbf | Write file or device (See above)
2018-12-25T12:37:51.508574111Z 66 PC: 12cc7 | Move file pointer (See above)
2018-12-25T12:37:51.510131966Z 44 PC: 12ccb | Get time (See above)
2018-12-25T12:37:51.512297146Z 64 PC: 13584 | Write file or device (See above)
2018-12-25T12:37:51.519283176Z 87 PC: 12d1a | Get or set file date and time (See above)
2018-12-25T12:37:51.521253542Z 62 PC: 12d1e | Close file (See above)
2018-12-25T12:37:51.535276645Z 67 PC: 12d44 | Get or set file attributes (See above)
2018-12-25T12:37:51.544177833Z 79 PC: 12bd7 | Find next file (See above)
2018-12-25T12:37:51.549346765Z 61 PC: 12d39 | Open file (See above)
2018-12-25T12:37:51.554673147Z 63 PC: 12be9 | Read file or device (See above)
2018-12-25T12:37:51.559851863Z 62 PC: 12bed | Close file (See above)
2018-12-25T12:37:51.562952758Z 67 PC: 12d44 | Get or set file attributes (See above)
2018-12-25T12:37:51.573211446Z 61 PC: 12d39 | Open file (See above)
2018-12-25T12:37:51.579971905Z 64 PC: 12cbf | Write file or device (See above)
2018-12-25T12:37:51.583323854Z 66 PC: 12cc7 | Move file pointer (See above)
2018-12-25T12:37:51.584679507Z 44 PC: 12ccb | Get time (See above)
2018-12-25T12:37:51.587606569Z 64 PC: 13584 | Write file or device (See above)
2018-12-25T12:37:51.597556644Z 87 PC: 12d1a | Get or set file date and time (See above)
2018-12-25T12:37:51.599373128Z 62 PC: 12d1e | Close file (See above)
2018-12-25T12:37:51.607495554Z 67 PC: 12d44 | Get or set file attributes (See above)
2018-12-25T12:37:51.618600201Z 79 PC: 12bd7 | Find next file (See above)
2018-12-25T12:37:51.621204924Z 61 PC: 12d39 | Open file (See above)
2018-12-25T12:37:51.628118281Z 63 PC: 12be9 | Read file or device (See above)
2018-12-25T12:37:51.635457003Z 62 PC: 12bed | Close file (See above)
2018-12-25T12:37:51.637631504Z 67 PC: 12d44 | Get or set file attributes (See above)
2018-12-25T12:37:51.645027254Z 61 PC: 12d39 | Open file (See above)
2018-12-25T12:37:51.650809396Z 64 PC: 12cbf | Write file or device (See above)
2018-12-25T12:37:51.652874483Z 66 PC: 12cc7 | Move file pointer (See above)
2018-12-25T12:37:51.654025559Z 44 PC: 12ccb | Get time (See above)
2018-12-25T12:37:51.656309303Z 64 PC: 13584 | Write file or device (See above)
2018-12-25T12:37:51.662596229Z 87 PC: 12d1a | Get or set file date and time (See above)
2018-12-25T12:37:51.680749392Z 62 PC: 12d1e | Close file (See above)
2018-12-25T12:37:51.689372215Z 67 PC: 12d44 | Get or set file attributes (See above)
2018-12-25T12:37:51.699445664Z 79 PC: 12bd7 | Find next file (See above)
2018-12-25T12:37:51.702216815Z 61 PC: 12d39 | Open file (See above)
2018-12-25T12:37:51.709116873Z 63 PC: 12be9 | Read file or device (See above)
2018-12-25T12:37:51.716019713Z 62 PC: 12bed | Close file (See above)
2018-12-25T12:37:51.718179327Z 67 PC: 12d44 | Get or set file attributes (See above)
2018-12-25T12:37:51.728234815Z 61 PC: 12d39 | Open file (See above)
2018-12-25T12:37:51.736881059Z 64 PC: 12cbf | Write file or device (See above)
2018-12-25T12:37:51.739810316Z 66 PC: 12cc7 | Move file pointer (See above)
2018-12-25T12:37:51.741279781Z 44 PC: 12ccb | Get time (See above)
2018-12-25T12:37:51.745847374Z 64 PC: 13584 | Write file or device (See above)
2018-12-25T12:37:51.75504721Z 87 PC: 12d1a | Get or set file date and time (See above)
2018-12-25T12:37:51.756693299Z 62 PC: 12d1e | Close file (See above)
2018-12-25T12:37:51.764647379Z 67 PC: 12d44 | Get or set file attributes (See above)
2018-12-25T12:37:51.774597663Z 79 PC: 12bd7 | Find next file (See above)
2018-12-25T12:37:51.777475679Z 61 PC: 12d39 | Open file (See above)
2018-12-25T12:37:51.78520005Z 63 PC: 12be9 | Read file or device (See above)
2018-12-25T12:37:51.791734706Z 62 PC: 12bed | Close file (See above)
2018-12-25T12:37:51.793858158Z 67 PC: 12d44 | Get or set file attributes (See above)
2018-12-25T12:37:51.805021972Z 61 PC: 12d39 | Open file (See above)
2018-12-25T12:37:51.812119661Z 64 PC: 12cbf | Write file or device (See above)
2018-12-25T12:37:51.815138078Z 66 PC: 12cc7 | Move file pointer (See above)
2018-12-25T12:37:51.817605382Z 44 PC: 12ccb | Get time (See above)
2018-12-25T12:37:51.821078448Z 64 PC: 13584 | Write file or device (See above)
2018-12-25T12:37:51.830213424Z 87 PC: 12d1a | Get or set file date and time (See above)
2018-12-25T12:37:51.832344323Z 62 PC: 12d1e | Close file (See above)
2018-12-25T12:37:51.840215281Z 67 PC: 12d44 | Get or set file attributes (See above)
2018-12-25T12:37:51.850107967Z 79 PC: 12bd7 | Find next file (See above)
2018-12-25T12:37:51.853716346Z 61 PC: 12d39 | Open file (See above)
2018-12-25T12:37:51.860757528Z 63 PC: 12be9 | Read file or device (See above)
2018-12-25T12:37:51.867668017Z 62 PC: 12bed | Close file (See above)
2018-12-25T12:37:51.869971778Z 67 PC: 12d44 | Get or set file attributes (See above)
2018-12-25T12:37:51.880875948Z 61 PC: 12d39 | Open file (See above)
2018-12-25T12:37:51.887644683Z 64 PC: 12cbf | Write file or device (See above)
2018-12-25T12:37:51.890698004Z 66 PC: 12cc7 | Move file pointer (See above)
2018-12-25T12:37:51.893451194Z 44 PC: 12ccb | Get time (See above)
2018-12-25T12:37:51.896611405Z 64 PC: 13584 | Write file or device (See above)
2018-12-25T12:37:51.905775038Z 87 PC: 12d1a | Get or set file date and time (See above)
2018-12-25T12:37:51.908684365Z 62 PC: 12d1e | Close file (See above)
2018-12-25T12:37:51.916615719Z 67 PC: 12d44 | Get or set file attributes (See above)
2018-12-25T12:37:51.926582781Z 79 PC: 12bd7 | Find next file (See above)
2018-12-25T12:37:51.930740701Z 61 PC: 12d39 | Open file (See above)
2018-12-25T12:37:51.938112237Z 63 PC: 12be9 | Read file or device (See above)
2018-12-25T12:37:51.944922436Z 62 PC: 12bed | Close file (See above)
2018-12-25T12:37:51.947948008Z 79 PC: 12bd7 | Find next file (See above)

{"DateBased":true,"Day":4,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13262,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:37:51.475835203Z 26 PC: 12a9d | Set disk transfer address
2018-12-25T12:37:51.47734701Z 71 PC: 12aa7 | Get current directory
2018-12-25T12:37:51.480678473Z 53 PC: 12ab1 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:37:51.481753402Z 37 PC: 12ac1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:37:51.482943331Z 42 PC: 12ac7 | Get date 0x12ac7: cmp al, 5
0x12ac9: je 0x12b31
0x12acb: lea dx, word ptr [bp + 0x406]
0x12acf: call 0x12bd0
0x12ad2: lea dx, word ptr [bp + 0x40c]
0x12ad6: call 0x12bd0
0x12ad9: mov ah, 0x3b
0x12adb: lea dx, word ptr [bp + 0x412]
0x12adf: int 0x21
0x12ae1: jae 0x12ac3
0x12ae3: mov ax, 0x2524
0x12ae6: lds dx, ptr [bp + 0xc45]
0x12aea: int 0x21
0x12aec: push cs
0x12aed: pop ds
0x12aee: mov ah, 0x3b
0x12af0: lea dx, word ptr [bp + 0xc49]
0x12af4: int 0x21
0x12af6: mov ah, 0x1a
0x12af8: mov dx, 0x80
2018-12-25T12:37:51.485686999Z 47 PC: 12b3d | Get disk transfer address
2018-12-25T12:37:51.486904976Z 26 PC: 12b45 | Set disk transfer address
2018-12-25T12:37:51.48888765Z 47 PC: 12b52 | Get disk transfer address
2018-12-25T12:37:51.490508729Z 78 PC: 12b5b | Find first file
2018-12-25T12:37:51.496578881Z 60 PC: 12ba3 | Create or truncate file
2018-12-25T12:37:51.501483896Z 64 PC: 12bad | Write file or device (Write 2038 bytes on handle 2)
2018-12-25T12:37:51.559190962Z 62 PC: 12bb1 | Close file
2018-12-25T12:37:51.56182447Z 76 PC: 12bb7 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13262,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:37:51.493302392Z 26 PC: 12a9d | Set disk transfer address
2018-12-25T12:37:51.502229241Z 71 PC: 12aa7 | Get current directory
2018-12-25T12:37:51.505178858Z 53 PC: 12ab1 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:37:51.506455951Z 37 PC: 12ac1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:37:51.508703386Z 42 PC: 12ac7 | Get date 0x12ac7: cmp al, 5
0x12ac9: je 0x12b31
0x12acb: lea dx, word ptr [bp + 0x406]
0x12acf: call 0x12bd0
0x12ad2: lea dx, word ptr [bp + 0x40c]
0x12ad6: call 0x12bd0
0x12ad9: mov ah, 0x3b
0x12adb: lea dx, word ptr [bp + 0x412]
0x12adf: int 0x21
0x12ae1: jae 0x12ac3
0x12ae3: mov ax, 0x2524
0x12ae6: lds dx, ptr [bp + 0xc45]
0x12aea: int 0x21
0x12aec: push cs
0x12aed: pop ds
0x12aee: mov ah, 0x3b
0x12af0: lea dx, word ptr [bp + 0xc49]
0x12af4: int 0x21
0x12af6: mov ah, 0x1a
0x12af8: mov dx, 0x80
2018-12-25T12:37:51.510645992Z 78 PC: 12bd7 | Find first file
2018-12-25T12:37:51.515637468Z 78 PC: 12bd7 | Find first file (See above)
2018-12-25T12:37:51.529006051Z 61 PC: 12d39 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:37:51.536758813Z 63 PC: 12be9 | Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:37:51.541854909Z 62 PC: 12bed | Close file
2018-12-25T12:37:51.54326355Z 67 PC: 12d44 | Get or set file attributes
2018-12-25T12:37:51.55899731Z 61 PC: 12d39 | Open file (See above)
2018-12-25T12:37:51.564350044Z 64 PC: 12cbf | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:37:51.570589784Z 66 PC: 12cc7 | Move file pointer
2018-12-25T12:37:51.575079095Z 44 PC: 12ccb | Get time 0x12ccb: or dx, dx
0x12ccd: je 0x12cc7
0x12ccf: mov word ptr [bp + 0x10d], dx
0x12cd3: lea di, word ptr [bp + 0xc13]
0x12cd7: mov ax, 0x5355
0x12cda: stosw word ptr es:[di], ax
0x12cdb: lea si, word ptr [bp + 0x103]
0x12cdf: mov cx, 0x11
0x12ce2: push si
0x12ce3: push cx
0x12ce4: rep movsb byte ptr es:[di], byte ptr [si]
0x12ce6: lea si, word ptr [bp + 0x3f4]
0x12cea: mov cx, 0xf
0x12ced: rep movsb byte ptr es:[di], byte ptr [si]
0x12cef: pop cx
0x12cf0: pop si
0x12cf1: pop dx
0x12cf2: push di
0x12cf3: push si
0x12cf4: push cx
2018-12-25T12:37:51.577705022Z 64 PC: 13584 | Write file or device (Write 2832 bytes on handle 5)
2018-12-25T12:37:51.585567636Z 87 PC: 12d1a | Get or set file date and time
2018-12-25T12:37:51.587712063Z 62 PC: 12d1e | Close file
2018-12-25T12:37:51.594019213Z 67 PC: 12d44 | Get or set file attributes (See above)
2018-12-25T12:37:51.60245101Z 79 PC: 12bd7 | Find next file (See above)
2018-12-25T12:37:51.605371311Z 61 PC: 12d39 | Open file (See above)
2018-12-25T12:37:51.610624606Z 63 PC: 12be9 | Read file or device (See above)
2018-12-25T12:37:51.615838942Z 62 PC: 12bed | Close file (See above)
2018-12-25T12:37:51.622430041Z 67 PC: 12d44 | Get or set file attributes (See above)
2018-12-25T12:37:51.634135188Z 61 PC: 12d39 | Open file (See above)
2018-12-25T12:37:51.640589618Z 64 PC: 12cbf | Write file or device (See above)
2018-12-25T12:37:51.647855509Z 66 PC: 12cc7 | Move file pointer (See above)
2018-12-25T12:37:51.649076499Z 44 PC: 12ccb | Get time (See above)
2018-12-25T12:37:51.651885372Z 64 PC: 13584 | Write file or device (See above)
2018-12-25T12:37:51.66202366Z 87 PC: 12d1a | Get or set file date and time (See above)
2018-12-25T12:37:51.663918991Z 62 PC: 12d1e | Close file (See above)
2018-12-25T12:37:51.671732101Z 67 PC: 12d44 | Get or set file attributes (See above)
2018-12-25T12:37:51.681721852Z 79 PC: 12bd7 | Find next file (See above)
2018-12-25T12:37:51.684905707Z 61 PC: 12d39 | Open file (See above)
2018-12-25T12:37:51.69213622Z 63 PC: 12be9 | Read file or device (See above)
2018-12-25T12:37:51.698614821Z 62 PC: 12bed | Close file (See above)
2018-12-25T12:37:51.700709053Z 67 PC: 12d44 | Get or set file attributes (See above)
2018-12-25T12:37:51.710423163Z 61 PC: 12d39 | Open file (See above)
2018-12-25T12:37:51.716808493Z 64 PC: 12cbf | Write file or device (See above)
2018-12-25T12:37:51.720442481Z 66 PC: 12cc7 | Move file pointer (See above)
2018-12-25T12:37:51.721665866Z 44 PC: 12ccb | Get time (See above)
2018-12-25T12:37:51.724579361Z 64 PC: 13584 | Write file or device (See above)
2018-12-25T12:37:51.734092334Z 87 PC: 12d1a | Get or set file date and time (See above)
2018-12-25T12:37:51.735581626Z 62 PC: 12d1e | Close file (See above)
2018-12-25T12:37:51.743176571Z 67 PC: 12d44 | Get or set file attributes (See above)
2018-12-25T12:37:51.753038298Z 79 PC: 12bd7 | Find next file (See above)
2018-12-25T12:37:51.756398338Z 61 PC: 12d39 | Open file (See above)
2018-12-25T12:37:51.762616015Z 63 PC: 12be9 | Read file or device (See above)
2018-12-25T12:37:51.770030913Z 62 PC: 12bed | Close file (See above)
2018-12-25T12:37:51.772261438Z 67 PC: 12d44 | Get or set file attributes (See above)
2018-12-25T12:37:51.782433892Z 61 PC: 12d39 | Open file (See above)
2018-12-25T12:37:51.789604916Z 64 PC: 12cbf | Write file or device (See above)
2018-12-25T12:37:51.792259487Z 66 PC: 12cc7 | Move file pointer (See above)
2018-12-25T12:37:51.793517504Z 44 PC: 12ccb | Get time (See above)
2018-12-25T12:37:51.796801514Z 64 PC: 13584 | Write file or device (See above)
2018-12-25T12:37:51.805687891Z 87 PC: 12d1a | Get or set file date and time (See above)
2018-12-25T12:37:51.807066163Z 62 PC: 12d1e | Close file (See above)
2018-12-25T12:37:51.814906591Z 67 PC: 12d44 | Get or set file attributes (See above)
2018-12-25T12:37:51.825341968Z 79 PC: 12bd7 | Find next file (See above)
2018-12-25T12:37:51.827887863Z 61 PC: 12d39 | Open file (See above)
2018-12-25T12:37:51.835075378Z 63 PC: 12be9 | Read file or device (See above)
2018-12-25T12:37:51.841519101Z 62 PC: 12bed | Close file (See above)
2018-12-25T12:37:51.843685246Z 67 PC: 12d44 | Get or set file attributes (See above)
2018-12-25T12:37:51.854614196Z 61 PC: 12d39 | Open file (See above)
2018-12-25T12:37:51.861833645Z 64 PC: 12cbf | Write file or device (See above)
2018-12-25T12:37:51.864824226Z 66 PC: 12cc7 | Move file pointer (See above)
2018-12-25T12:37:51.867236776Z 44 PC: 12ccb | Get time (See above)
2018-12-25T12:37:51.870718832Z 64 PC: 13584 | Write file or device (See above)
2018-12-25T12:37:51.879940863Z 87 PC: 12d1a | Get or set file date and time (See above)
2018-12-25T12:37:51.882608054Z 62 PC: 12d1e | Close file (See above)
2018-12-25T12:37:51.890723006Z 67 PC: 12d44 | Get or set file attributes (See above)
2018-12-25T12:37:51.900567952Z 79 PC: 12bd7 | Find next file (See above)
2018-12-25T12:37:51.904045461Z 61 PC: 12d39 | Open file (See above)
2018-12-25T12:37:51.911572964Z 63 PC: 12be9 | Read file or device (See above)
2018-12-25T12:37:51.918049357Z 62 PC: 12bed | Close file (See above)
2018-12-25T12:37:51.920167149Z 67 PC: 12d44 | Get or set file attributes (See above)
2018-12-25T12:37:51.931141781Z 61 PC: 12d39 | Open file (See above)
2018-12-25T12:37:51.937902646Z 64 PC: 12cbf | Write file or device (See above)
2018-12-25T12:37:51.940912828Z 66 PC: 12cc7 | Move file pointer (See above)
2018-12-25T12:37:51.943788913Z 44 PC: 12ccb | Get time (See above)
2018-12-25T12:37:51.946950548Z 64 PC: 13584 | Write file or device (See above)
2018-12-25T12:37:51.956705517Z 87 PC: 12d1a | Get or set file date and time (See above)
2018-12-25T12:37:51.959623868Z 62 PC: 12d1e | Close file (See above)
2018-12-25T12:37:51.967391085Z 67 PC: 12d44 | Get or set file attributes (See above)
2018-12-25T12:37:51.97733662Z 79 PC: 12bd7 | Find next file (See above)
2018-12-25T12:37:51.981066613Z 61 PC: 12d39 | Open file (See above)
2018-12-25T12:37:51.98853995Z 63 PC: 12be9 | Read file or device (See above)
2018-12-25T12:37:51.995060361Z 62 PC: 12bed | Close file (See above)
2018-12-25T12:37:51.998017968Z 67 PC: 12d44 | Get or set file attributes (See above)
2018-12-25T12:37:52.008505479Z 61 PC: 12d39 | Open file (See above)
2018-12-25T12:37:52.020405048Z 64 PC: 12cbf | Write file or device (See above)
2018-12-25T12:37:52.02795341Z 66 PC: 12cc7 | Move file pointer (See above)
2018-12-25T12:37:52.029985057Z 44 PC: 12ccb | Get time (See above)
2018-12-25T12:37:52.033109895Z 64 PC: 13584 | Write file or device (See above)
2018-12-25T12:37:52.043181729Z 87 PC: 12d1a | Get or set file date and time (See above)
2018-12-25T12:37:52.044714034Z 62 PC: 12d1e | Close file (See above)
2018-12-25T12:37:52.052331363Z 67 PC: 12d44 | Get or set file attributes (See above)
2018-12-25T12:37:52.062622537Z 79 PC: 12bd7 | Find next file (See above)
2018-12-25T12:37:52.065998556Z 61 PC: 12d39 | Open file (See above)
2018-12-25T12:37:52.072715256Z 63 PC: 12be9 | Read file or device (See above)
2018-12-25T12:37:52.079858243Z 62 PC: 12bed | Close file (See above)
2018-12-25T12:37:52.082839725Z 79 PC: 12bd7 | Find next file (See above)

{"DateBased":true,"Day":4,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13262,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:37:51.519013924Z 26 PC: 12a9d | Set disk transfer address
2018-12-25T12:37:51.523333511Z 71 PC: 12aa7 | Get current directory
2018-12-25T12:37:51.53208942Z 53 PC: 12ab1 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:37:51.533606382Z 37 PC: 12ac1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:37:51.535548094Z 42 PC: 12ac7 | Get date 0x12ac7: cmp al, 5
0x12ac9: je 0x12b31
0x12acb: lea dx, word ptr [bp + 0x406]
0x12acf: call 0x12bd0
0x12ad2: lea dx, word ptr [bp + 0x40c]
0x12ad6: call 0x12bd0
0x12ad9: mov ah, 0x3b
0x12adb: lea dx, word ptr [bp + 0x412]
0x12adf: int 0x21
0x12ae1: jae 0x12ac3
0x12ae3: mov ax, 0x2524
0x12ae6: lds dx, ptr [bp + 0xc45]
0x12aea: int 0x21
0x12aec: push cs
0x12aed: pop ds
0x12aee: mov ah, 0x3b
0x12af0: lea dx, word ptr [bp + 0xc49]
0x12af4: int 0x21
0x12af6: mov ah, 0x1a
0x12af8: mov dx, 0x80
2018-12-25T12:37:51.538395968Z 47 PC: 12b3d | Get disk transfer address
2018-12-25T12:37:51.539992035Z 26 PC: 12b45 | Set disk transfer address
2018-12-25T12:37:51.541353768Z 47 PC: 12b52 | Get disk transfer address
2018-12-25T12:37:51.550591509Z 78 PC: 12b5b | Find first file
2018-12-25T12:37:51.557593171Z 60 PC: 12ba3 | Create or truncate file
2018-12-25T12:37:51.563417082Z 64 PC: 12bad | Write file or device (Write 2038 bytes on handle 2)
2018-12-25T12:37:51.615066291Z 62 PC: 12bb1 | Close file
2018-12-25T12:37:51.617040669Z 76 PC: 12bb7 | Terminate with return code (Return code = '0')