Sample viewer

vx.netlux.org/Virus.DOS.Todor.1993

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:59:43.228846125Z 42 PC: 13481 | Get date 0x13481: cmp dh, 8
0x13484: jb 0x134bc
0x13486: cmp dl, 0xf
0x13489: jb 0x134bc
0x1348b: mov cx, 1
0x1348e: call 0x13b7c
0x13491: mov dx, ax
0x13493: mov ah, 0x19
0x13495: int 0x21
0x13497: lea bx, word ptr [si + 0x85f]
0x1349b: push si
0x1349c: push ax
0x1349d: push cx
0x1349e: push bx
0x1349f: push dx
0x134a0: push bp
0x134a1: int 0x25
0x134a3: pop bp
0x134a4: pop bp
0x134a5: pop dx
2018-12-17T22:59:43.230888431Z 25 PC: 13497 | Get default drive
2018-12-17T22:59:43.242565906Z 53 PC: 134e1 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:59:43.243556061Z 37 PC: 134f2 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:59:43.245011866Z 47 PC: 134f6 | Get disk transfer address
2018-12-17T22:59:43.247001888Z 26 PC: 134fe | Set disk transfer address
2018-12-17T22:59:43.249278903Z 98 PC: 13531 | Get current PSP
2018-12-17T22:59:43.251272078Z 90 PC: 13758 | Create unique file
2018-12-17T22:59:43.598804741Z 62 PC: 13760 | Close file
2018-12-17T22:59:43.601311789Z 65 PC: 13764 | Delete file (Filename = 'C:\ABAJAHDK')
2018-12-17T22:59:43.61266103Z 67 PC: 1379a | Get or set file attributes
2018-12-17T22:59:43.62288369Z 61 PC: 137bd | Open file (Filename = 'C:\COMMAND.COM')
2018-12-17T22:59:43.631656143Z 87 PC: 137ca | Get or set file date and time
2018-12-17T22:59:43.635974229Z 63 PC: 137e8 | Read file or device (Read 40 bytes on handle 5)
2018-12-17T22:59:43.64688326Z 66 PC: 13860 | Move file pointer
2018-12-17T22:59:43.653643444Z 66 PC: 13944 | Move file pointer
2018-12-17T22:59:43.655172312Z 64 PC: 1394f | Write file or device (Write 24 bytes on handle 5)
2018-12-17T22:59:43.658535446Z 66 PC: 13963 | Move file pointer
2018-12-17T22:59:43.668033569Z 64 PC: 13bd2 | Write file or device (Write 1993 bytes on handle 5)
2018-12-17T22:59:43.909551146Z 87 PC: 13b1e | Get or set file date and time
2018-12-17T22:59:43.911752151Z 62 PC: 13b22 | Close file
2018-12-17T22:59:43.968282635Z 67 PC: 13b30 | Get or set file attributes
2018-12-17T22:59:43.970809678Z 71 PC: 13740 | Get current directory
2018-12-17T22:59:43.974488867Z 90 PC: 13758 | Create unique file
2018-12-17T22:59:43.988600703Z 62 PC: 13760 | Close file
2018-12-17T22:59:43.991330689Z 65 PC: 13764 | Delete file (Filename = '\ABAJAHEA')
2018-12-17T22:59:44.004687189Z 78 PC: 136ff | Find first file
2018-12-17T22:59:44.01305648Z 67 PC: 1379a | Get or set file attributes
2018-12-17T22:59:44.020565987Z 61 PC: 137bd | Open file (Filename = 'TEST.EXE')
2018-12-17T22:59:44.02846153Z 87 PC: 137ca | Get or set file date and time
2018-12-17T22:59:44.031374226Z 63 PC: 137e8 | Read file or device (Read 40 bytes on handle 5)
2018-12-17T22:59:44.036487218Z 66 PC: 13860 | Move file pointer
2018-12-17T22:59:44.039171875Z 66 PC: 13944 | Move file pointer
2018-12-17T22:59:44.041511172Z 64 PC: 1394f | Write file or device (Write 24 bytes on handle 5)
2018-12-17T22:59:44.046040206Z 66 PC: 13963 | Move file pointer
2018-12-17T22:59:44.049496071Z 64 PC: 13bd2 | Write file or device (Write 1993 bytes on handle 5)
2018-12-17T22:59:44.060808925Z 87 PC: 13b1e | Get or set file date and time
2018-12-17T22:59:44.063918149Z 62 PC: 13b22 | Close file
2018-12-17T22:59:44.080231676Z 67 PC: 13b30 | Get or set file attributes
2018-12-17T22:59:44.121181245Z 79 PC: 13727 | Find next file
2018-12-17T22:59:44.125354947Z 78 PC: 136ff | Find first file
2018-12-17T22:59:44.133566244Z 67 PC: 1379a | Get or set file attributes
2018-12-17T22:59:44.150635909Z 61 PC: 137bd | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:59:44.16180673Z 87 PC: 137ca | Get or set file date and time
2018-12-17T22:59:44.164181681Z 63 PC: 137e8 | Read file or device (Read 40 bytes on handle 5)
2018-12-17T22:59:44.186583369Z 66 PC: 13860 | Move file pointer
2018-12-17T22:59:44.189610274Z 87 PC: 13b1e | Get or set file date and time
2018-12-17T22:59:44.192890274Z 62 PC: 13b22 | Close file
2018-12-17T22:59:44.201254739Z 67 PC: 13b30 | Get or set file attributes
2018-12-17T22:59:44.212655547Z 79 PC: 13727 | Find next file
2018-12-17T22:59:44.216436964Z 67 PC: 1379a | Get or set file attributes
2018-12-17T22:59:44.22055974Z 61 PC: 137bd | Open file (Filename = 'PRINT.COM')
2018-12-17T22:59:44.224996445Z 87 PC: 137ca | Get or set file date and time
2018-12-17T22:59:44.227784043Z 63 PC: 137e8 | Read file or device (Read 40 bytes on handle 5)
2018-12-17T22:59:44.235705902Z 66 PC: 13860 | Move file pointer
2018-12-17T22:59:44.237956222Z 87 PC: 13b1e | Get or set file date and time
2018-12-17T22:59:44.240751116Z 62 PC: 13b22 | Close file
2018-12-17T22:59:44.24951418Z 67 PC: 13b30 | Get or set file attributes
2018-12-17T22:59:44.265447084Z 79 PC: 13727 | Find next file
2018-12-17T22:59:44.269624244Z 67 PC: 1379a | Get or set file attributes
2018-12-17T22:59:44.27748205Z 61 PC: 137bd | Open file (Filename = 'HELLO.COM')
2018-12-17T22:59:44.285987649Z 87 PC: 137ca | Get or set file date and time
2018-12-17T22:59:44.288474187Z 63 PC: 137e8 | Read file or device (Read 40 bytes on handle 5)
2018-12-17T22:59:44.29742412Z 66 PC: 13860 | Move file pointer
2018-12-17T22:59:44.299949469Z 87 PC: 13b1e | Get or set file date and time
2018-12-17T22:59:44.302525291Z 62 PC: 13b22 | Close file
2018-12-17T22:59:44.31143648Z 67 PC: 13b30 | Get or set file attributes
2018-12-17T22:59:44.323470042Z 79 PC: 13727 | Find next file
2018-12-17T22:59:44.326961659Z 67 PC: 1379a | Get or set file attributes
2018-12-17T22:59:44.334751958Z 61 PC: 137bd | Open file (Filename = 'PHANG.COM')
2018-12-17T22:59:44.342471655Z 87 PC: 137ca | Get or set file date and time
2018-12-17T22:59:44.344458901Z 63 PC: 137e8 | Read file or device (Read 40 bytes on handle 5)
2018-12-17T22:59:44.353064512Z 66 PC: 13860 | Move file pointer
2018-12-17T22:59:44.355373509Z 87 PC: 13b1e | Get or set file date and time
2018-12-17T22:59:44.366791112Z 62 PC: 13b22 | Close file
2018-12-17T22:59:44.375865993Z 67 PC: 13b30 | Get or set file attributes
2018-12-17T22:59:44.38795721Z 79 PC: 13727 | Find next file
2018-12-17T22:59:44.391347871Z 67 PC: 1379a | Get or set file attributes
2018-12-17T22:59:44.398084723Z 61 PC: 137bd | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:59:44.406768648Z 87 PC: 137ca | Get or set file date and time
2018-12-17T22:59:44.408623966Z 63 PC: 137e8 | Read file or device (Read 40 bytes on handle 5)
2018-12-17T22:59:44.416205125Z 66 PC: 13860 | Move file pointer
2018-12-17T22:59:44.419212569Z 87 PC: 13b1e | Get or set file date and time
2018-12-17T22:59:44.421184819Z 62 PC: 13b22 | Close file
2018-12-17T22:59:44.429296859Z 67 PC: 13b30 | Get or set file attributes
2018-12-17T22:59:44.441610186Z 79 PC: 13727 | Find next file
2018-12-17T22:59:44.444816114Z 67 PC: 1379a | Get or set file attributes
2018-12-17T22:59:44.457443244Z 61 PC: 137bd | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:59:44.465531834Z 87 PC: 137ca | Get or set file date and time
2018-12-17T22:59:44.467411689Z 63 PC: 137e8 | Read file or device (Read 40 bytes on handle 5)
2018-12-17T22:59:44.474973446Z 66 PC: 13860 | Move file pointer
2018-12-17T22:59:44.477271908Z 87 PC: 13b1e | Get or set file date and time
2018-12-17T22:59:44.479541897Z 62 PC: 13b22 | Close file
2018-12-17T22:59:44.487620021Z 67 PC: 13b30 | Get or set file attributes
2018-12-17T22:59:44.499076491Z 26 PC: 135cb | Set disk transfer address
2018-12-17T22:59:44.501137312Z 37 PC: 135d5 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:59:44.502499631Z 9 PC: 133f2 | Display string (Could not find end pointer)
2018-12-17T22:59:44.507073702Z 76 PC: 133f8 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13300,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:37:59.312724903Z 42 PC: 13481 | Get date 0x13481: cmp dh, 8
0x13484: jb 0x134bc
0x13486: cmp dl, 0xf
0x13489: jb 0x134bc
0x1348b: mov cx, 1
0x1348e: call 0x13b7c
0x13491: mov dx, ax
0x13493: mov ah, 0x19
0x13495: int 0x21
0x13497: lea bx, word ptr [si + 0x85f]
0x1349b: push si
0x1349c: push ax
0x1349d: push cx
0x1349e: push bx
0x1349f: push dx
0x134a0: push bp
0x134a1: int 0x25
0x134a3: pop bp
0x134a4: pop bp
0x134a5: pop dx
2018-12-25T12:37:59.315393806Z 53 PC: 134e1 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:37:59.321004676Z 37 PC: 134f2 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:37:59.32208804Z 47 PC: 134f6 | Get disk transfer address
2018-12-25T12:37:59.323622009Z 26 PC: 134fe | Set disk transfer address
2018-12-25T12:37:59.324799605Z 98 PC: 13531 | Get current PSP
2018-12-25T12:37:59.32580507Z 90 PC: 13758 | Create unique file
2018-12-25T12:37:59.661543303Z 62 PC: 13760 | Close file
2018-12-25T12:37:59.664456652Z 65 PC: 13764 | Delete file (Filename = 'C:\AMCFDJEL')
2018-12-25T12:37:59.673568159Z 67 PC: 1379a | Get or set file attributes
2018-12-25T12:37:59.67910879Z 61 PC: 137bd | Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T12:37:59.686020178Z 87 PC: 137ca | Get or set file date and time
2018-12-25T12:37:59.687517209Z 63 PC: 137e8 | Read file or device (Read 40 bytes on handle 5)
2018-12-25T12:37:59.69027821Z 66 PC: 13860 | Move file pointer
2018-12-25T12:37:59.693609793Z 66 PC: 13944 | Move file pointer
2018-12-25T12:37:59.695212728Z 64 PC: 1394f | Write file or device (Write 24 bytes on handle 5)
2018-12-25T12:37:59.698122068Z 66 PC: 13963 | Move file pointer
2018-12-25T12:37:59.701717796Z 64 PC: 13bd2 | Write file or device (Write 1993 bytes on handle 5)
2018-12-25T12:37:59.971370707Z 87 PC: 13b1e | Get or set file date and time
2018-12-25T12:37:59.97287704Z 62 PC: 13b22 | Close file
2018-12-25T12:38:00.01048554Z 67 PC: 13b30 | Get or set file attributes
2018-12-25T12:38:00.013133444Z 71 PC: 13740 | Get current directory
2018-12-25T12:38:00.016350078Z 90 PC: 13758 | Create unique file (See above)
2018-12-25T12:38:00.03590667Z 62 PC: 13760 | Close file (See above)
2018-12-25T12:38:00.038468253Z 65 PC: 13764 | Delete file (See above)
2018-12-25T12:38:00.04932289Z 78 PC: 136ff | Find first file
2018-12-25T12:38:00.056979825Z 67 PC: 1379a | Get or set file attributes (See above)
2018-12-25T12:38:00.063819258Z 61 PC: 137bd | Open file (See above)
2018-12-25T12:38:00.070491843Z 87 PC: 137ca | Get or set file date and time (See above)
2018-12-25T12:38:00.072516809Z 63 PC: 137e8 | Read file or device (See above)
2018-12-25T12:38:00.076689882Z 66 PC: 13860 | Move file pointer (See above)
2018-12-25T12:38:00.078662027Z 66 PC: 13944 | Move file pointer (See above)
2018-12-25T12:38:00.080434981Z 64 PC: 1394f | Write file or device (See above)
2018-12-25T12:38:00.084896367Z 66 PC: 13963 | Move file pointer (See above)
2018-12-25T12:38:00.088316788Z 64 PC: 13bd2 | Write file or device (See above)
2018-12-25T12:38:00.098062802Z 87 PC: 13b1e | Get or set file date and time (See above)
2018-12-25T12:38:00.103330974Z 62 PC: 13b22 | Close file (See above)
2018-12-25T12:38:00.111164325Z 67 PC: 13b30 | Get or set file attributes (See above)
2018-12-25T12:38:00.131001867Z 79 PC: 13727 | Find next file
2018-12-25T12:38:00.135004663Z 78 PC: 136ff | Find first file (See above)
2018-12-25T12:38:00.141336209Z 67 PC: 1379a | Get or set file attributes (See above)
2018-12-25T12:38:00.147234852Z 61 PC: 137bd | Open file (See above)
2018-12-25T12:38:00.154908496Z 87 PC: 137ca | Get or set file date and time (See above)
2018-12-25T12:38:00.156357987Z 63 PC: 137e8 | Read file or device (See above)
2018-12-25T12:38:00.163055628Z 66 PC: 13860 | Move file pointer (See above)
2018-12-25T12:38:00.165332996Z 87 PC: 13b1e | Get or set file date and time (See above)
2018-12-25T12:38:00.166931503Z 62 PC: 13b22 | Close file (See above)
2018-12-25T12:38:00.174143738Z 67 PC: 13b30 | Get or set file attributes (See above)
2018-12-25T12:38:00.184890944Z 79 PC: 13727 | Find next file (See above)
2018-12-25T12:38:00.188075195Z 67 PC: 1379a | Get or set file attributes (See above)
2018-12-25T12:38:00.194647216Z 61 PC: 137bd | Open file (See above)
2018-12-25T12:38:00.20196304Z 87 PC: 137ca | Get or set file date and time (See above)
2018-12-25T12:38:00.204032014Z 63 PC: 137e8 | Read file or device (See above)
2018-12-25T12:38:00.210731011Z 66 PC: 13860 | Move file pointer (See above)
2018-12-25T12:38:00.212626954Z 87 PC: 13b1e | Get or set file date and time (See above)
2018-12-25T12:38:00.215189618Z 62 PC: 13b22 | Close file (See above)
2018-12-25T12:38:00.222323983Z 67 PC: 13b30 | Get or set file attributes (See above)
2018-12-25T12:38:00.232026478Z 79 PC: 13727 | Find next file (See above)
2018-12-25T12:38:00.234830507Z 67 PC: 1379a | Get or set file attributes (See above)
2018-12-25T12:38:00.240356504Z 61 PC: 137bd | Open file (See above)
2018-12-25T12:38:00.246553129Z 87 PC: 137ca | Get or set file date and time (See above)
2018-12-25T12:38:00.248611096Z 63 PC: 137e8 | Read file or device (See above)
2018-12-25T12:38:00.255598815Z 66 PC: 13860 | Move file pointer (See above)
2018-12-25T12:38:00.257254943Z 87 PC: 13b1e | Get or set file date and time (See above)
2018-12-25T12:38:00.260198651Z 62 PC: 13b22 | Close file (See above)
2018-12-25T12:38:00.267378796Z 67 PC: 13b30 | Get or set file attributes (See above)
2018-12-25T12:38:00.284578861Z 79 PC: 13727 | Find next file (See above)
2018-12-25T12:38:00.288287929Z 67 PC: 1379a | Get or set file attributes (See above)
2018-12-25T12:38:00.294279693Z 61 PC: 137bd | Open file (See above)
2018-12-25T12:38:00.30090638Z 87 PC: 137ca | Get or set file date and time (See above)
2018-12-25T12:38:00.303320017Z 63 PC: 137e8 | Read file or device (See above)
2018-12-25T12:38:00.310117558Z 66 PC: 13860 | Move file pointer (See above)
2018-12-25T12:38:00.311529823Z 87 PC: 13b1e | Get or set file date and time (See above)
2018-12-25T12:38:00.313661478Z 62 PC: 13b22 | Close file (See above)
2018-12-25T12:38:00.321183276Z 67 PC: 13b30 | Get or set file attributes (See above)
2018-12-25T12:38:00.331139303Z 79 PC: 13727 | Find next file (See above)
2018-12-25T12:38:00.33484569Z 67 PC: 1379a | Get or set file attributes (See above)
2018-12-25T12:38:00.34049258Z 61 PC: 137bd | Open file (See above)
2018-12-25T12:38:00.349275305Z 87 PC: 137ca | Get or set file date and time (See above)
2018-12-25T12:38:00.351293744Z 63 PC: 137e8 | Read file or device (See above)
2018-12-25T12:38:00.357883959Z 66 PC: 13860 | Move file pointer (See above)
2018-12-25T12:38:00.360129004Z 87 PC: 13b1e | Get or set file date and time (See above)
2018-12-25T12:38:00.362051603Z 62 PC: 13b22 | Close file (See above)
2018-12-25T12:38:00.370524523Z 67 PC: 13b30 | Get or set file attributes (See above)
2018-12-25T12:38:00.383797442Z 79 PC: 13727 | Find next file (See above)
2018-12-25T12:38:00.387697956Z 67 PC: 1379a | Get or set file attributes (See above)
2018-12-25T12:38:00.393883245Z 61 PC: 137bd | Open file (See above)
2018-12-25T12:38:00.40067103Z 87 PC: 137ca | Get or set file date and time (See above)
2018-12-25T12:38:00.402553531Z 63 PC: 137e8 | Read file or device (See above)
2018-12-25T12:38:00.409528951Z 66 PC: 13860 | Move file pointer (See above)
2018-12-25T12:38:00.411296045Z 87 PC: 13b1e | Get or set file date and time (See above)
2018-12-25T12:38:00.413252115Z 62 PC: 13b22 | Close file (See above)
2018-12-25T12:38:00.421143628Z 67 PC: 13b30 | Get or set file attributes (See above)
2018-12-25T12:38:00.431246661Z 26 PC: 135cb | Set disk transfer address
2018-12-25T12:38:00.43260874Z 37 PC: 135d5 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:38:00.43474861Z 9 PC: 133f2 | Display string (Could not find end pointer)
2018-12-25T12:38:00.440242058Z 76 PC: 133f8 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":8,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13300,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:37:59.361738782Z 42 PC: 13481 | Get date 0x13481: cmp dh, 8
0x13484: jb 0x134bc
0x13486: cmp dl, 0xf
0x13489: jb 0x134bc
0x1348b: mov cx, 1
0x1348e: call 0x13b7c
0x13491: mov dx, ax
0x13493: mov ah, 0x19
0x13495: int 0x21
0x13497: lea bx, word ptr [si + 0x85f]
0x1349b: push si
0x1349c: push ax
0x1349d: push cx
0x1349e: push bx
0x1349f: push dx
0x134a0: push bp
0x134a1: int 0x25
0x134a3: pop bp
0x134a4: pop bp
0x134a5: pop dx
2018-12-25T12:37:59.364836795Z 53 PC: 134e1 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:37:59.367152571Z 37 PC: 134f2 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:37:59.368810779Z 47 PC: 134f6 | Get disk transfer address
2018-12-25T12:37:59.370389013Z 26 PC: 134fe | Set disk transfer address
2018-12-25T12:37:59.373096538Z 98 PC: 13531 | Get current PSP
2018-12-25T12:37:59.374443224Z 90 PC: 13758 | Create unique file
2018-12-25T12:37:59.735067074Z 62 PC: 13760 | Close file
2018-12-25T12:37:59.738700142Z 65 PC: 13764 | Delete file (Filename = 'C:\AMCFDJEL')
2018-12-25T12:37:59.756609164Z 67 PC: 1379a | Get or set file attributes
2018-12-25T12:37:59.76302249Z 61 PC: 137bd | Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T12:37:59.771644936Z 87 PC: 137ca | Get or set file date and time
2018-12-25T12:37:59.773792038Z 63 PC: 137e8 | Read file or device (Read 40 bytes on handle 5)
2018-12-25T12:37:59.776928718Z 66 PC: 13860 | Move file pointer
2018-12-25T12:37:59.778905022Z 66 PC: 13944 | Move file pointer
2018-12-25T12:37:59.781969884Z 64 PC: 1394f | Write file or device (Write 24 bytes on handle 5)
2018-12-25T12:37:59.788629982Z 66 PC: 13963 | Move file pointer
2018-12-25T12:37:59.791839571Z 64 PC: 13bd2 | Write file or device (Write 1993 bytes on handle 5)
2018-12-25T12:37:59.804867742Z 87 PC: 13b1e | Get or set file date and time
2018-12-25T12:37:59.80670953Z 62 PC: 13b22 | Close file
2018-12-25T12:37:59.816026091Z 67 PC: 13b30 | Get or set file attributes
2018-12-25T12:37:59.819931771Z 71 PC: 13740 | Get current directory
2018-12-25T12:37:59.823824395Z 90 PC: 13758 | Create unique file (See above)
2018-12-25T12:37:59.844088974Z 62 PC: 13760 | Close file (See above)
2018-12-25T12:37:59.847617917Z 65 PC: 13764 | Delete file (See above)
2018-12-25T12:37:59.859924914Z 78 PC: 136ff | Find first file
2018-12-25T12:37:59.866975315Z 67 PC: 1379a | Get or set file attributes (See above)
2018-12-25T12:37:59.874719062Z 61 PC: 137bd | Open file (See above)
2018-12-25T12:37:59.883617545Z 87 PC: 137ca | Get or set file date and time (See above)
2018-12-25T12:37:59.885640946Z 63 PC: 137e8 | Read file or device (See above)
2018-12-25T12:37:59.889052217Z 66 PC: 13860 | Move file pointer (See above)
2018-12-25T12:37:59.892027338Z 66 PC: 13944 | Move file pointer (See above)
2018-12-25T12:37:59.893886145Z 64 PC: 1394f | Write file or device (See above)
2018-12-25T12:37:59.897268696Z 66 PC: 13963 | Move file pointer (See above)
2018-12-25T12:37:59.901008092Z 64 PC: 13bd2 | Write file or device (See above)
2018-12-25T12:37:59.908430743Z 87 PC: 13b1e | Get or set file date and time (See above)
2018-12-25T12:37:59.910288902Z 62 PC: 13b22 | Close file (See above)
2018-12-25T12:37:59.920740385Z 67 PC: 13b30 | Get or set file attributes (See above)
2018-12-25T12:37:59.932286953Z 79 PC: 13727 | Find next file
2018-12-25T12:37:59.935525543Z 78 PC: 136ff | Find first file (See above)
2018-12-25T12:37:59.943566511Z 67 PC: 1379a | Get or set file attributes (See above)
2018-12-25T12:37:59.950802088Z 61 PC: 137bd | Open file (See above)
2018-12-25T12:37:59.958014643Z 87 PC: 137ca | Get or set file date and time (See above)
2018-12-25T12:37:59.960083622Z 63 PC: 137e8 | Read file or device (See above)
2018-12-25T12:37:59.967741743Z 66 PC: 13860 | Move file pointer (See above)
2018-12-25T12:37:59.969490609Z 87 PC: 13b1e | Get or set file date and time (See above)
2018-12-25T12:37:59.971452239Z 62 PC: 13b22 | Close file (See above)
2018-12-25T12:37:59.9854247Z 67 PC: 13b30 | Get or set file attributes (See above)
2018-12-25T12:38:00.004167613Z 79 PC: 13727 | Find next file (See above)
2018-12-25T12:38:00.010398978Z 67 PC: 1379a | Get or set file attributes (See above)
2018-12-25T12:38:00.018377851Z 61 PC: 137bd | Open file (See above)
2018-12-25T12:38:00.026166202Z 87 PC: 137ca | Get or set file date and time (See above)
2018-12-25T12:38:00.027699409Z 63 PC: 137e8 | Read file or device (See above)
2018-12-25T12:38:00.035586481Z 66 PC: 13860 | Move file pointer (See above)
2018-12-25T12:38:00.040532212Z 87 PC: 13b1e | Get or set file date and time (See above)
2018-12-25T12:38:00.042075409Z 62 PC: 13b22 | Close file (See above)
2018-12-25T12:38:00.051006429Z 67 PC: 13b30 | Get or set file attributes (See above)
2018-12-25T12:38:00.062060138Z 79 PC: 13727 | Find next file (See above)
2018-12-25T12:38:00.064971909Z 67 PC: 1379a | Get or set file attributes (See above)
2018-12-25T12:38:00.071606159Z 61 PC: 137bd | Open file (See above)
2018-12-25T12:38:00.078767009Z 87 PC: 137ca | Get or set file date and time (See above)
2018-12-25T12:38:00.080204625Z 63 PC: 137e8 | Read file or device (See above)
2018-12-25T12:38:00.087683769Z 66 PC: 13860 | Move file pointer (See above)
2018-12-25T12:38:00.089397253Z 87 PC: 13b1e | Get or set file date and time (See above)
2018-12-25T12:38:00.091058302Z 62 PC: 13b22 | Close file (See above)
2018-12-25T12:38:00.099091118Z 67 PC: 13b30 | Get or set file attributes (See above)
2018-12-25T12:38:00.113572438Z 79 PC: 13727 | Find next file (See above)
2018-12-25T12:38:00.116446831Z 67 PC: 1379a | Get or set file attributes (See above)
2018-12-25T12:38:00.122985912Z 61 PC: 137bd | Open file (See above)
2018-12-25T12:38:00.130275953Z 87 PC: 137ca | Get or set file date and time (See above)
2018-12-25T12:38:00.140514346Z 63 PC: 137e8 | Read file or device (See above)
2018-12-25T12:38:00.147621476Z 66 PC: 13860 | Move file pointer (See above)
2018-12-25T12:38:00.149436696Z 87 PC: 13b1e | Get or set file date and time (See above)
2018-12-25T12:38:00.151358317Z 62 PC: 13b22 | Close file (See above)
2018-12-25T12:38:00.159273727Z 67 PC: 13b30 | Get or set file attributes (See above)
2018-12-25T12:38:00.170974216Z 79 PC: 13727 | Find next file (See above)
2018-12-25T12:38:00.17376913Z 67 PC: 1379a | Get or set file attributes (See above)
2018-12-25T12:38:00.180023729Z 61 PC: 137bd | Open file (See above)
2018-12-25T12:38:00.187391343Z 87 PC: 137ca | Get or set file date and time (See above)
2018-12-25T12:38:00.189058469Z 63 PC: 137e8 | Read file or device (See above)
2018-12-25T12:38:00.196236841Z 66 PC: 13860 | Move file pointer (See above)
2018-12-25T12:38:00.198282612Z 87 PC: 13b1e | Get or set file date and time (See above)
2018-12-25T12:38:00.199898113Z 62 PC: 13b22 | Close file (See above)
2018-12-25T12:38:00.207369353Z 67 PC: 13b30 | Get or set file attributes (See above)
2018-12-25T12:38:00.218497552Z 79 PC: 13727 | Find next file (See above)
2018-12-25T12:38:00.221316101Z 67 PC: 1379a | Get or set file attributes (See above)
2018-12-25T12:38:00.23308422Z 61 PC: 137bd | Open file (See above)
2018-12-25T12:38:00.240982097Z 87 PC: 137ca | Get or set file date and time (See above)
2018-12-25T12:38:00.242466517Z 63 PC: 137e8 | Read file or device (See above)
2018-12-25T12:38:00.2494716Z 66 PC: 13860 | Move file pointer (See above)
2018-12-25T12:38:00.251859259Z 87 PC: 13b1e | Get or set file date and time (See above)
2018-12-25T12:38:00.253369884Z 62 PC: 13b22 | Close file (See above)
2018-12-25T12:38:00.2608717Z 67 PC: 13b30 | Get or set file attributes (See above)
2018-12-25T12:38:00.271957107Z 26 PC: 135cb | Set disk transfer address
2018-12-25T12:38:00.273286236Z 37 PC: 135d5 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:38:00.274488943Z 9 PC: 133f2 | Display string (Could not find end pointer)
2018-12-25T12:38:00.281012704Z 76 PC: 133f8 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":15,"Month":8,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13300,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:37:59.463359619Z 42 PC: 13481 | Get date 0x13481: cmp dh, 8
0x13484: jb 0x134bc
0x13486: cmp dl, 0xf
0x13489: jb 0x134bc
0x1348b: mov cx, 1
0x1348e: call 0x13b7c
0x13491: mov dx, ax
0x13493: mov ah, 0x19
0x13495: int 0x21
0x13497: lea bx, word ptr [si + 0x85f]
0x1349b: push si
0x1349c: push ax
0x1349d: push cx
0x1349e: push bx
0x1349f: push dx
0x134a0: push bp
0x134a1: int 0x25
0x134a3: pop bp
0x134a4: pop bp
0x134a5: pop dx
2018-12-25T12:37:59.465940804Z 25 PC: 13497 | Get default drive
2018-12-25T12:37:59.661118022Z 53 PC: 134e1 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:37:59.662610169Z 37 PC: 134f2 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:37:59.664235574Z 47 PC: 134f6 | Get disk transfer address
2018-12-25T12:37:59.666406636Z 26 PC: 134fe | Set disk transfer address
2018-12-25T12:37:59.667822054Z 98 PC: 13531 | Get current PSP
2018-12-25T12:37:59.66910371Z 90 PC: 13758 | Create unique file
2018-12-25T12:38:00.008823244Z 62 PC: 13760 | Close file
2018-12-25T12:38:00.010962616Z 65 PC: 13764 | Delete file (Filename = 'C:\AMCFDJEG')
2018-12-25T12:38:00.019628053Z 67 PC: 1379a | Get or set file attributes
2018-12-25T12:38:00.025909715Z 61 PC: 137bd | Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T12:38:00.031448735Z 87 PC: 137ca | Get or set file date and time
2018-12-25T12:38:00.033036447Z 63 PC: 137e8 | Read file or device (Read 40 bytes on handle 5)
2018-12-25T12:38:00.036554348Z 66 PC: 13860 | Move file pointer
2018-12-25T12:38:00.038409171Z 66 PC: 13944 | Move file pointer
2018-12-25T12:38:00.039936216Z 64 PC: 1394f | Write file or device (Write 24 bytes on handle 5)
2018-12-25T12:38:00.043812959Z 66 PC: 13963 | Move file pointer
2018-12-25T12:38:00.04732563Z 64 PC: 13bd2 | Write file or device (Write 1993 bytes on handle 5)
2018-12-25T12:38:00.056939853Z 87 PC: 13b1e | Get or set file date and time
2018-12-25T12:38:00.058910831Z 62 PC: 13b22 | Close file
2018-12-25T12:38:00.066258088Z 67 PC: 13b30 | Get or set file attributes
2018-12-25T12:38:00.068268173Z 71 PC: 13740 | Get current directory
2018-12-25T12:38:00.071086517Z 90 PC: 13758 | Create unique file (See above)
2018-12-25T12:38:00.087232283Z 62 PC: 13760 | Close file (See above)
2018-12-25T12:38:00.088956463Z 65 PC: 13764 | Delete file (See above)
2018-12-25T12:38:00.099059477Z 78 PC: 136ff | Find first file
2018-12-25T12:38:00.10611189Z 67 PC: 1379a | Get or set file attributes (See above)
2018-12-25T12:38:00.111666677Z 61 PC: 137bd | Open file (See above)
2018-12-25T12:38:00.117955442Z 87 PC: 137ca | Get or set file date and time (See above)
2018-12-25T12:38:00.120769359Z 63 PC: 137e8 | Read file or device (See above)
2018-12-25T12:38:00.123758643Z 66 PC: 13860 | Move file pointer (See above)
2018-12-25T12:38:00.125757019Z 66 PC: 13944 | Move file pointer (See above)
2018-12-25T12:38:00.128618744Z 64 PC: 1394f | Write file or device (See above)
2018-12-25T12:38:00.131849049Z 66 PC: 13963 | Move file pointer (See above)
2018-12-25T12:38:00.147722275Z 64 PC: 13bd2 | Write file or device (See above)
2018-12-25T12:38:00.157939419Z 87 PC: 13b1e | Get or set file date and time (See above)
2018-12-25T12:38:00.159441371Z 62 PC: 13b22 | Close file (See above)
2018-12-25T12:38:00.167328398Z 67 PC: 13b30 | Get or set file attributes (See above)
2018-12-25T12:38:00.178285108Z 79 PC: 13727 | Find next file
2018-12-25T12:38:00.181183478Z 78 PC: 136ff | Find first file (See above)
2018-12-25T12:38:00.187441892Z 67 PC: 1379a | Get or set file attributes (See above)
2018-12-25T12:38:00.194038163Z 61 PC: 137bd | Open file (See above)
2018-12-25T12:38:00.201021585Z 87 PC: 137ca | Get or set file date and time (See above)
2018-12-25T12:38:00.202860937Z 63 PC: 137e8 | Read file or device (See above)
2018-12-25T12:38:00.21128493Z 66 PC: 13860 | Move file pointer (See above)
2018-12-25T12:38:00.228681689Z 87 PC: 13b1e | Get or set file date and time (See above)
2018-12-25T12:38:00.230191019Z 62 PC: 13b22 | Close file (See above)
2018-12-25T12:38:00.237534072Z 67 PC: 13b30 | Get or set file attributes (See above)
2018-12-25T12:38:00.248411305Z 79 PC: 13727 | Find next file (See above)
2018-12-25T12:38:00.251063905Z 67 PC: 1379a | Get or set file attributes (See above)
2018-12-25T12:38:00.258661193Z 61 PC: 137bd | Open file (See above)
2018-12-25T12:38:00.265995388Z 87 PC: 137ca | Get or set file date and time (See above)
2018-12-25T12:38:00.267356625Z 63 PC: 137e8 | Read file or device (See above)
2018-12-25T12:38:00.274282929Z 66 PC: 13860 | Move file pointer (See above)
2018-12-25T12:38:00.276686818Z 87 PC: 13b1e | Get or set file date and time (See above)
2018-12-25T12:38:00.278106184Z 62 PC: 13b22 | Close file (See above)
2018-12-25T12:38:00.285058655Z 67 PC: 13b30 | Get or set file attributes (See above)
2018-12-25T12:38:00.298998017Z 79 PC: 13727 | Find next file (See above)
2018-12-25T12:38:00.301729779Z 67 PC: 1379a | Get or set file attributes (See above)
2018-12-25T12:38:00.307355576Z 61 PC: 137bd | Open file (See above)
2018-12-25T12:38:00.314636949Z 87 PC: 137ca | Get or set file date and time (See above)
2018-12-25T12:38:00.315992597Z 63 PC: 137e8 | Read file or device (See above)
2018-12-25T12:38:00.32256447Z 66 PC: 13860 | Move file pointer (See above)
2018-12-25T12:38:00.324910529Z 87 PC: 13b1e | Get or set file date and time (See above)
2018-12-25T12:38:00.32631688Z 62 PC: 13b22 | Close file (See above)
2018-12-25T12:38:00.333258343Z 67 PC: 13b30 | Get or set file attributes (See above)
2018-12-25T12:38:00.343892667Z 79 PC: 13727 | Find next file (See above)
2018-12-25T12:38:00.34660906Z 67 PC: 1379a | Get or set file attributes (See above)
2018-12-25T12:38:00.357326061Z 61 PC: 137bd | Open file (See above)
2018-12-25T12:38:00.36498496Z 87 PC: 137ca | Get or set file date and time (See above)
2018-12-25T12:38:00.367110589Z 63 PC: 137e8 | Read file or device (See above)
2018-12-25T12:38:00.373934152Z 66 PC: 13860 | Move file pointer (See above)
2018-12-25T12:38:00.375990599Z 87 PC: 13b1e | Get or set file date and time (See above)
2018-12-25T12:38:00.378570842Z 62 PC: 13b22 | Close file (See above)
2018-12-25T12:38:00.385989993Z 67 PC: 13b30 | Get or set file attributes (See above)
2018-12-25T12:38:00.396282488Z 79 PC: 13727 | Find next file (See above)
2018-12-25T12:38:00.399677918Z 67 PC: 1379a | Get or set file attributes (See above)
2018-12-25T12:38:00.405703689Z 61 PC: 137bd | Open file (See above)
2018-12-25T12:38:00.412573566Z 87 PC: 137ca | Get or set file date and time (See above)
2018-12-25T12:38:00.414621468Z 63 PC: 137e8 | Read file or device (See above)
2018-12-25T12:38:00.421486726Z 66 PC: 13860 | Move file pointer (See above)
2018-12-25T12:38:00.423331546Z 87 PC: 13b1e | Get or set file date and time (See above)
2018-12-25T12:38:00.426278043Z 62 PC: 13b22 | Close file (See above)
2018-12-25T12:38:00.433836185Z 67 PC: 13b30 | Get or set file attributes (See above)
2018-12-25T12:38:00.444060998Z 79 PC: 13727 | Find next file (See above)
2018-12-25T12:38:00.448145772Z 67 PC: 1379a | Get or set file attributes (See above)
2018-12-25T12:38:00.454140599Z 61 PC: 137bd | Open file (See above)
2018-12-25T12:38:00.461173504Z 87 PC: 137ca | Get or set file date and time (See above)
2018-12-25T12:38:00.463187452Z 63 PC: 137e8 | Read file or device (See above)
2018-12-25T12:38:00.469495726Z 66 PC: 13860 | Move file pointer (See above)
2018-12-25T12:38:00.470957644Z 87 PC: 13b1e | Get or set file date and time (See above)
2018-12-25T12:38:00.472952092Z 62 PC: 13b22 | Close file (See above)
2018-12-25T12:38:00.479784038Z 67 PC: 13b30 | Get or set file attributes (See above)
2018-12-25T12:38:00.492471518Z 26 PC: 135cb | Set disk transfer address
2018-12-25T12:38:00.494726915Z 37 PC: 135d5 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:38:00.496003846Z 9 PC: 133f2 | Display string (Could not find end pointer)
2018-12-25T12:38:00.501512544Z 76 PC: 133f8 | Terminate with return code (Return code = '0')