Sample viewer

vx.netlux.org/Virus.DOS.Vienna.Bloodspill.740

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:04:51.320615063Z 53 PC: 1550c | Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T23:04:51.322348292Z 37 PC: 15519 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T23:04:51.324980652Z 53 PC: 1550c | Get interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T23:04:51.326474106Z 37 PC: 15519 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T23:04:51.327832261Z 53 PC: 1550c | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:51.33065582Z 37 PC: 15519 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:51.332134219Z 47 PC: 1540f | Get disk transfer address
2018-12-17T23:04:51.33364024Z 26 PC: 1541d | Set disk transfer address
2018-12-17T23:04:51.335547237Z 78 PC: 155bd | Find first file
2018-12-17T23:04:51.343183663Z 67 PC: 155f4 | Get or set file attributes
2018-12-17T23:04:51.349769224Z 67 PC: 15602 | Get or set file attributes
2018-12-17T23:04:51.367655113Z 61 PC: 1560a | Open file (Filename = 'SLEEP.COM')
2018-12-17T23:04:51.375008161Z 87 PC: 15616 | Get or set file date and time
2018-12-17T23:04:51.376660855Z 63 PC: 15626 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:04:51.384290872Z 66 PC: 15636 | Move file pointer
2018-12-17T23:04:51.386085398Z 64 PC: 15659 | Write file or device (Write 740 bytes on handle 5)
2018-12-17T23:04:51.395632037Z 66 PC: 15664 | Move file pointer
2018-12-17T23:04:51.397334088Z 64 PC: 1567a | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:04:51.40726338Z 87 PC: 1568b | Get or set file date and time
2018-12-17T23:04:51.409864462Z 62 PC: 1568f | Close file
2018-12-17T23:04:51.420755572Z 67 PC: 1569a | Get or set file attributes
2018-12-17T23:04:51.432640933Z 78 PC: 155bd | Find first file
2018-12-17T23:04:51.439240972Z 79 PC: 155c3 | Find next file
2018-12-17T23:04:51.442054432Z 79 PC: 155c3 | Find next file
2018-12-17T23:04:51.44588402Z 79 PC: 155c3 | Find next file
2018-12-17T23:04:51.448660623Z 79 PC: 155c3 | Find next file
2018-12-17T23:04:51.451400019Z 79 PC: 155c3 | Find next file
2018-12-17T23:04:51.455205955Z 67 PC: 155f4 | Get or set file attributes
2018-12-17T23:04:51.461538472Z 67 PC: 15602 | Get or set file attributes
2018-12-17T23:04:51.473482895Z 61 PC: 1560a | Open file (Filename = 'MANDEL.COM')
2018-12-17T23:04:51.481917572Z 87 PC: 15616 | Get or set file date and time
2018-12-17T23:04:51.483815576Z 63 PC: 15626 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:04:51.491496025Z 66 PC: 15636 | Move file pointer
2018-12-17T23:04:51.494209844Z 64 PC: 15659 | Write file or device (Write 740 bytes on handle 5)
2018-12-17T23:04:51.503271481Z 66 PC: 15664 | Move file pointer
2018-12-17T23:04:51.505935272Z 64 PC: 1567a | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:04:51.513688971Z 87 PC: 1568b | Get or set file date and time
2018-12-17T23:04:51.516324413Z 62 PC: 1568f | Close file
2018-12-17T23:04:51.524668347Z 67 PC: 1569a | Get or set file attributes
2018-12-17T23:04:51.536144015Z 78 PC: 155bd | Find first file
2018-12-17T23:04:51.545264608Z 79 PC: 155c3 | Find next file
2018-12-17T23:04:51.548532345Z 79 PC: 155c3 | Find next file
2018-12-17T23:04:51.551739789Z 79 PC: 155c3 | Find next file
2018-12-17T23:04:51.555690896Z 79 PC: 155c3 | Find next file
2018-12-17T23:04:51.558958683Z 79 PC: 155c3 | Find next file
2018-12-17T23:04:51.562170612Z 79 PC: 155c3 | Find next file
2018-12-17T23:04:51.566025453Z 79 PC: 155c3 | Find next file
2018-12-17T23:04:51.569584969Z 67 PC: 155f4 | Get or set file attributes
2018-12-17T23:04:51.576369144Z 67 PC: 15602 | Get or set file attributes
2018-12-17T23:04:51.588703524Z 61 PC: 1560a | Open file (Filename = 'TEST.COM')
2018-12-17T23:04:51.596485826Z 87 PC: 15616 | Get or set file date and time
2018-12-17T23:04:51.598272049Z 63 PC: 15626 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:04:51.603493841Z 66 PC: 15636 | Move file pointer
2018-12-17T23:04:51.605478023Z 64 PC: 15659 | Write file or device (Write 740 bytes on handle 5)
2018-12-17T23:04:51.615637101Z 66 PC: 15664 | Move file pointer
2018-12-17T23:04:51.617939625Z 64 PC: 1567a | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:04:51.622218031Z 87 PC: 1568b | Get or set file date and time
2018-12-17T23:04:51.62454384Z 62 PC: 1568f | Close file
2018-12-17T23:04:51.633966666Z 67 PC: 1569a | Get or set file attributes
2018-12-17T23:04:51.645935544Z 26 PC: 1543b | Set disk transfer address
2018-12-17T23:04:51.647230226Z 37 PC: 1553a | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T23:04:51.648569047Z 37 PC: 1553a | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T23:04:51.650218917Z 37 PC: 1553a | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:51.651458532Z 48 PC: 15169 | Get DOS version
2018-12-17T23:04:51.652774947Z 47 PC: 15175 | Get disk transfer address
2018-12-17T23:04:51.654770834Z 26 PC: 15185 | Set disk transfer address
2018-12-17T23:04:51.655895099Z 42 PC: 15194 | Get date 0x15194: cmp cx, 0x7cb
0x15198: jge 0x1519c
0x1519a: jmp 0x151c4
0x1519c: mov ah, 0x2a
0x1519e: int 0x21
0x151a0: cmp dh, 6
0x151a3: jge 0x151a7
0x151a5: jmp 0x151c4
0x151a7: mov ah, 0x2a
0x151a9: int 0x21
0x151ab: cmp dl, 0x16
0x151ae: jge 0x151b2
0x151b0: jmp 0x151c4
0x151b2: mov al, 1
0x151b4: mov dx, 0
0x151b7: mov cx, 1
0x151ba: mov ds, word ptr [di + 0x37]
0x151bd: mov bx, word ptr [di + 0x63]
0x151c0: int 0x26
0x151c2: jmp 0x151c4
2018-12-17T23:04:51.658247193Z 42 PC: 151a0 | Get date 0x151a0: cmp dh, 6
0x151a3: jge 0x151a7
0x151a5: jmp 0x151c4
0x151a7: mov ah, 0x2a
0x151a9: int 0x21
0x151ab: cmp dl, 0x16
0x151ae: jge 0x151b2
0x151b0: jmp 0x151c4
0x151b2: mov al, 1
0x151b4: mov dx, 0
0x151b7: mov cx, 1
0x151ba: mov ds, word ptr [di + 0x37]
0x151bd: mov bx, word ptr [di + 0x63]
0x151c0: int 0x26
0x151c2: jmp 0x151c4
0x151c4: pop si
0x151c5: push si
0x151c6: add si, 0x2c
0x151ca: lodsb al, byte ptr [si]
0x151cb: mov cx, 0x8000
2018-12-17T23:04:51.661341038Z 42 PC: 151ab | Get date 0x151ab: cmp dl, 0x16
0x151ae: jge 0x151b2
0x151b0: jmp 0x151c4
0x151b2: mov al, 1
0x151b4: mov dx, 0
0x151b7: mov cx, 1
0x151ba: mov ds, word ptr [di + 0x37]
0x151bd: mov bx, word ptr [di + 0x63]
0x151c0: int 0x26
0x151c2: jmp 0x151c4
0x151c4: pop si
0x151c5: push si
0x151c6: add si, 0x2c
0x151ca: lodsb al, byte ptr [si]
0x151cb: mov cx, 0x8000
0x151ce: repne scasb al, byte ptr es:[di]
0x151d0: mov cx, 4
0x151d3: lodsb al, byte ptr [si]
0x151d4: scasb al, byte ptr es:[di]
0x151d5: jne 0x151c4
2018-12-17T23:04:51.663992798Z 78 PC: 15241 | Find first file
2018-12-17T23:04:51.670900228Z 67 PC: 1527d | Get or set file attributes
2018-12-17T23:04:51.678440037Z 67 PC: 1528d | Get or set file attributes
2018-12-17T23:04:51.692689954Z 61 PC: 15297 | Open file (Filename = 'SLEEP.COM')
2018-12-17T23:04:51.699985279Z 87 PC: 152a3 | Get or set file date and time
2018-12-17T23:04:51.701639913Z 44 PC: 152ad | Get time 0x152ad: and dh, 7
0x152b0: jmp 0x152b2
0x152b2: mov ah, 0x3f
0x152b4: mov cx, 3
0x152b7: mov dx, 0x1c
0x152ba: add dx, si
0x152bc: int 0x21
0x152be: jb 0x15314
0x152c0: cmp ax, 3
0x152c3: jne 0x15314
0x152c5: mov ax, 0x4202
0x152c8: mov cx, 0
0x152cb: mov dx, 0
0x152ce: int 0x21
0x152d0: jb 0x15314
0x152d2: mov cx, ax
0x152d4: sub ax, 3
0x152d7: mov word ptr [si + 0x20], ax
0x152da: add cx, 0x304
0x152de: mov di, si
2018-12-17T23:04:51.704481317Z 63 PC: 152be | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:04:51.712257386Z 66 PC: 152d0 | Move file pointer
2018-12-17T23:04:51.714201562Z 64 PC: 152f3 | Write file or device (Write 672 bytes on handle 5)
2018-12-17T23:04:51.724968833Z 66 PC: 15305 | Move file pointer
2018-12-17T23:04:51.726833569Z 64 PC: 15314 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:04:51.730224372Z 87 PC: 15325 | Get or set file date and time
2018-12-17T23:04:51.732490997Z 62 PC: 15329 | Close file
2018-12-17T23:04:51.741511117Z 67 PC: 15336 | Get or set file attributes
2018-12-17T23:04:51.752821815Z 26 PC: 15341 | Set disk transfer address
2018-12-17T23:04:51.754965124Z 9 PC: 12a51 | Display string (String= 'This is a sample! (10.000 bytes)')
2018-12-17T23:04:51.757679292Z 76 PC: 12a56 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15003,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:42:22.551521219Z 53 PC: 1550c | Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:42:22.559062603Z 37 PC: 15519 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:42:22.560504916Z 53 PC: 1550c | Get interrupt vector (See above)
2018-12-25T12:42:22.56191829Z 37 PC: 15519 | Set interrupt vector (See above)
2018-12-25T12:42:22.564108594Z 53 PC: 1550c | Get interrupt vector (See above)
2018-12-25T12:42:22.565488802Z 37 PC: 15519 | Set interrupt vector (See above)
2018-12-25T12:42:22.566878211Z 47 PC: 1540f | Get disk transfer address
2018-12-25T12:42:22.569251359Z 26 PC: 1541d | Set disk transfer address
2018-12-25T12:42:22.570674072Z 78 PC: 155bd | Find first file
2018-12-25T12:42:22.577354817Z 67 PC: 155f4 | Get or set file attributes
2018-12-25T12:42:22.583726477Z 67 PC: 15602 | Get or set file attributes
2018-12-25T12:42:22.601895077Z 61 PC: 1560a | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:42:22.608682227Z 87 PC: 15616 | Get or set file date and time
2018-12-25T12:42:22.611109067Z 63 PC: 15626 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:42:22.617324664Z 66 PC: 15636 | Move file pointer
2018-12-25T12:42:22.618680393Z 64 PC: 15659 | Write file or device (Write 740 bytes on handle 5)
2018-12-25T12:42:22.627742694Z 66 PC: 15664 | Move file pointer
2018-12-25T12:42:22.629508031Z 64 PC: 1567a | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:42:22.636931335Z 87 PC: 1568b | Get or set file date and time
2018-12-25T12:42:22.638602176Z 62 PC: 1568f | Close file
2018-12-25T12:42:22.647223297Z 67 PC: 1569a | Get or set file attributes
2018-12-25T12:42:22.65834991Z 78 PC: 155bd | Find first file (See above)
2018-12-25T12:42:22.664171297Z 79 PC: 155c3 | Find next file
2018-12-25T12:42:22.667687454Z 79 PC: 155c3 | Find next file (See above)
2018-12-25T12:42:22.670822746Z 79 PC: 155c3 | Find next file (See above)
2018-12-25T12:42:22.67424998Z 79 PC: 155c3 | Find next file (See above)
2018-12-25T12:42:22.677370469Z 79 PC: 155c3 | Find next file (See above)
2018-12-25T12:42:22.679353732Z 67 PC: 155f4 | Get or set file attributes (See above)
2018-12-25T12:42:22.685726928Z 67 PC: 15602 | Get or set file attributes (See above)
2018-12-25T12:42:22.695736473Z 61 PC: 1560a | Open file (See above)
2018-12-25T12:42:22.706841243Z 87 PC: 15616 | Get or set file date and time (See above)
2018-12-25T12:42:22.722873367Z 63 PC: 15626 | Read file or device (See above)
2018-12-25T12:42:22.729587919Z 66 PC: 15636 | Move file pointer (See above)
2018-12-25T12:42:22.731253849Z 64 PC: 15659 | Write file or device (See above)
2018-12-25T12:42:22.740921161Z 66 PC: 15664 | Move file pointer (See above)
2018-12-25T12:42:22.743380413Z 64 PC: 1567a | Write file or device (See above)
2018-12-25T12:42:22.749709453Z 87 PC: 1568b | Get or set file date and time (See above)
2018-12-25T12:42:22.751765433Z 62 PC: 1568f | Close file (See above)
2018-12-25T12:42:22.759708059Z 67 PC: 1569a | Get or set file attributes (See above)
2018-12-25T12:42:22.76929744Z 78 PC: 155bd | Find first file (See above)
2018-12-25T12:42:22.776327901Z 79 PC: 155c3 | Find next file (See above)
2018-12-25T12:42:22.779081452Z 79 PC: 155c3 | Find next file (See above)
2018-12-25T12:42:22.781818213Z 79 PC: 155c3 | Find next file (See above)
2018-12-25T12:42:22.785150617Z 79 PC: 155c3 | Find next file (See above)
2018-12-25T12:42:22.78801356Z 79 PC: 155c3 | Find next file (See above)
2018-12-25T12:42:22.790665122Z 79 PC: 155c3 | Find next file (See above)
2018-12-25T12:42:22.806017491Z 79 PC: 155c3 | Find next file (See above)
2018-12-25T12:42:22.809031952Z 67 PC: 155f4 | Get or set file attributes (See above)
2018-12-25T12:42:22.814958908Z 67 PC: 15602 | Get or set file attributes (See above)
2018-12-25T12:42:22.825580257Z 61 PC: 1560a | Open file (See above)
2018-12-25T12:42:22.832614129Z 87 PC: 15616 | Get or set file date and time (See above)
2018-12-25T12:42:22.834255973Z 63 PC: 15626 | Read file or device (See above)
2018-12-25T12:42:22.841526808Z 66 PC: 15636 | Move file pointer (See above)
2018-12-25T12:42:22.843496859Z 64 PC: 15659 | Write file or device (See above)
2018-12-25T12:42:22.852014874Z 66 PC: 15664 | Move file pointer (See above)
2018-12-25T12:42:22.85431144Z 64 PC: 1567a | Write file or device (See above)
2018-12-25T12:42:22.85752964Z 87 PC: 1568b | Get or set file date and time (See above)
2018-12-25T12:42:22.859211437Z 62 PC: 1568f | Close file (See above)
2018-12-25T12:42:22.867485329Z 67 PC: 1569a | Get or set file attributes (See above)
2018-12-25T12:42:22.896072944Z 26 PC: 1543b | Set disk transfer address
2018-12-25T12:42:22.89744723Z 37 PC: 1553a | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:42:22.89893825Z 37 PC: 1553a | Set interrupt vector (See above)
2018-12-25T12:42:22.900577517Z 37 PC: 1553a | Set interrupt vector (See above)
2018-12-25T12:42:22.90177005Z 48 PC: 15169 | Get DOS version
2018-12-25T12:42:22.902909467Z 47 PC: 15175 | Get disk transfer address
2018-12-25T12:42:22.90464244Z 26 PC: 15185 | Set disk transfer address
2018-12-25T12:42:22.9057143Z 42 PC: 15194 | Get date 0x15194: cmp cx, 0x7cb
0x15198: jge 0x1519c
0x1519a: jmp 0x151c4
0x1519c: mov ah, 0x2a
0x1519e: int 0x21
0x151a0: cmp dh, 6
0x151a3: jge 0x151a7
0x151a5: jmp 0x151c4
0x151a7: mov ah, 0x2a
0x151a9: int 0x21
0x151ab: cmp dl, 0x16
0x151ae: jge 0x151b2
0x151b0: jmp 0x151c4
0x151b2: mov al, 1
0x151b4: mov dx, 0
0x151b7: mov cx, 1
0x151ba: mov ds, word ptr [di + 0x37]
0x151bd: mov bx, word ptr [di + 0x63]
0x151c0: int 0x26
0x151c2: jmp 0x151c4
2018-12-25T12:42:22.907957455Z 78 PC: 15241 | Find first file
2018-12-25T12:42:22.917333872Z 67 PC: 1527d | Get or set file attributes
2018-12-25T12:42:22.930071426Z 67 PC: 1528d | Get or set file attributes
2018-12-25T12:42:22.941048966Z 61 PC: 15297 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:42:22.948462929Z 87 PC: 152a3 | Get or set file date and time
2018-12-25T12:42:22.949784606Z 44 PC: 152ad | Get time 0x152ad: and dh, 7
0x152b0: jmp 0x152b2
0x152b2: mov ah, 0x3f
0x152b4: mov cx, 3
0x152b7: mov dx, 0x1c
0x152ba: add dx, si
0x152bc: int 0x21
0x152be: jb 0x15314
0x152c0: cmp ax, 3
0x152c3: jne 0x15314
0x152c5: mov ax, 0x4202
0x152c8: mov cx, 0
0x152cb: mov dx, 0
0x152ce: int 0x21
0x152d0: jb 0x15314
0x152d2: mov cx, ax
0x152d4: sub ax, 3
0x152d7: mov word ptr [si + 0x20], ax
0x152da: add cx, 0x304
0x152de: mov di, si
2018-12-25T12:42:22.95183226Z 63 PC: 152be | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:42:22.958805062Z 66 PC: 152d0 | Move file pointer
2018-12-25T12:42:22.960142459Z 64 PC: 152f3 | Write file or device (Write 672 bytes on handle 5)
2018-12-25T12:42:22.968574179Z 66 PC: 15305 | Move file pointer
2018-12-25T12:42:22.970633947Z 64 PC: 15314 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:42:22.973389859Z 87 PC: 15325 | Get or set file date and time
2018-12-25T12:42:22.975117946Z 62 PC: 15329 | Close file
2018-12-25T12:42:22.983667478Z 67 PC: 15336 | Get or set file attributes
2018-12-25T12:42:22.993673313Z 26 PC: 15341 | Set disk transfer address
2018-12-25T12:42:22.995170592Z 9 PC: 12a51 | Display string (String= 'This is a sample! (10.000 bytes)')
2018-12-25T12:42:22.998444424Z 76 PC: 12a56 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1995,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15003,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:42:22.868749362Z 53 PC: 1550c | Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:42:22.869900415Z 37 PC: 15519 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:42:22.871526431Z 53 PC: 1550c | Get interrupt vector (See above)
2018-12-25T12:42:22.872648064Z 37 PC: 15519 | Set interrupt vector (See above)
2018-12-25T12:42:22.873687648Z 53 PC: 1550c | Get interrupt vector (See above)
2018-12-25T12:42:22.87605983Z 37 PC: 15519 | Set interrupt vector (See above)
2018-12-25T12:42:22.877596353Z 47 PC: 1540f | Get disk transfer address
2018-12-25T12:42:22.87895336Z 26 PC: 1541d | Set disk transfer address
2018-12-25T12:42:22.881326405Z 78 PC: 155bd | Find first file
2018-12-25T12:42:22.88748719Z 67 PC: 155f4 | Get or set file attributes
2018-12-25T12:42:22.893384188Z 67 PC: 15602 | Get or set file attributes
2018-12-25T12:42:22.910102668Z 61 PC: 1560a | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:42:22.92977975Z 87 PC: 15616 | Get or set file date and time
2018-12-25T12:42:22.931390733Z 63 PC: 15626 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:42:22.937761793Z 66 PC: 15636 | Move file pointer
2018-12-25T12:42:22.93958593Z 64 PC: 15659 | Write file or device (Write 740 bytes on handle 5)
2018-12-25T12:42:22.962452479Z 66 PC: 15664 | Move file pointer
2018-12-25T12:42:22.96376949Z 64 PC: 1567a | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:42:22.980071515Z 87 PC: 1568b | Get or set file date and time
2018-12-25T12:42:22.98150829Z 62 PC: 1568f | Close file
2018-12-25T12:42:22.98947855Z 67 PC: 1569a | Get or set file attributes
2018-12-25T12:42:23.01278604Z 78 PC: 155bd | Find first file (See above)
2018-12-25T12:42:23.02051029Z 79 PC: 155c3 | Find next file
2018-12-25T12:42:23.026739054Z 79 PC: 155c3 | Find next file (See above)
2018-12-25T12:42:23.030877488Z 79 PC: 155c3 | Find next file (See above)
2018-12-25T12:42:23.033414507Z 79 PC: 155c3 | Find next file (See above)
2018-12-25T12:42:23.038846386Z 79 PC: 155c3 | Find next file (See above)
2018-12-25T12:42:23.041996565Z 67 PC: 155f4 | Get or set file attributes (See above)
2018-12-25T12:42:23.047392986Z 67 PC: 15602 | Get or set file attributes (See above)
2018-12-25T12:42:23.056814323Z 61 PC: 1560a | Open file (See above)
2018-12-25T12:42:23.063537716Z 87 PC: 15616 | Get or set file date and time (See above)
2018-12-25T12:42:23.064831833Z 63 PC: 15626 | Read file or device (See above)
2018-12-25T12:42:23.071323771Z 66 PC: 15636 | Move file pointer (See above)
2018-12-25T12:42:23.074443452Z 64 PC: 15659 | Write file or device (See above)
2018-12-25T12:42:23.0827672Z 66 PC: 15664 | Move file pointer (See above)
2018-12-25T12:42:23.084085713Z 64 PC: 1567a | Write file or device (See above)
2018-12-25T12:42:23.090786691Z 87 PC: 1568b | Get or set file date and time (See above)
2018-12-25T12:42:23.092208413Z 62 PC: 1568f | Close file (See above)
2018-12-25T12:42:23.099761029Z 67 PC: 1569a | Get or set file attributes (See above)
2018-12-25T12:42:23.109796952Z 78 PC: 155bd | Find first file (See above)
2018-12-25T12:42:23.115529013Z 79 PC: 155c3 | Find next file (See above)
2018-12-25T12:42:23.118151797Z 79 PC: 155c3 | Find next file (See above)
2018-12-25T12:42:23.121465041Z 79 PC: 155c3 | Find next file (See above)
2018-12-25T12:42:23.1247539Z 79 PC: 155c3 | Find next file (See above)
2018-12-25T12:42:23.127539007Z 79 PC: 155c3 | Find next file (See above)
2018-12-25T12:42:23.130209083Z 79 PC: 155c3 | Find next file (See above)
2018-12-25T12:42:23.13308945Z 79 PC: 155c3 | Find next file (See above)
2018-12-25T12:42:23.135903656Z 67 PC: 155f4 | Get or set file attributes (See above)
2018-12-25T12:42:23.141869117Z 67 PC: 15602 | Get or set file attributes (See above)
2018-12-25T12:42:23.151286341Z 61 PC: 1560a | Open file (See above)
2018-12-25T12:42:23.158034518Z 87 PC: 15616 | Get or set file date and time (See above)
2018-12-25T12:42:23.159345827Z 63 PC: 15626 | Read file or device (See above)
2018-12-25T12:42:23.161803892Z 66 PC: 15636 | Move file pointer (See above)
2018-12-25T12:42:23.163315661Z 64 PC: 15659 | Write file or device (See above)
2018-12-25T12:42:23.170998742Z 66 PC: 15664 | Move file pointer (See above)
2018-12-25T12:42:23.172311328Z 64 PC: 1567a | Write file or device (See above)
2018-12-25T12:42:23.175744681Z 87 PC: 1568b | Get or set file date and time (See above)
2018-12-25T12:42:23.177401927Z 62 PC: 1568f | Close file (See above)
2018-12-25T12:42:23.185003312Z 67 PC: 1569a | Get or set file attributes (See above)
2018-12-25T12:42:23.194873779Z 26 PC: 1543b | Set disk transfer address
2018-12-25T12:42:23.196243196Z 37 PC: 1553a | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:42:23.197562094Z 37 PC: 1553a | Set interrupt vector (See above)
2018-12-25T12:42:23.199845396Z 37 PC: 1553a | Set interrupt vector (See above)
2018-12-25T12:42:23.201257007Z 48 PC: 15169 | Get DOS version
2018-12-25T12:42:23.202628139Z 47 PC: 15175 | Get disk transfer address
2018-12-25T12:42:23.204876856Z 26 PC: 15185 | Set disk transfer address
2018-12-25T12:42:23.207009488Z 42 PC: 15194 | Get date 0x15194: cmp cx, 0x7cb
0x15198: jge 0x1519c
0x1519a: jmp 0x151c4
0x1519c: mov ah, 0x2a
0x1519e: int 0x21
0x151a0: cmp dh, 6
0x151a3: jge 0x151a7
0x151a5: jmp 0x151c4
0x151a7: mov ah, 0x2a
0x151a9: int 0x21
0x151ab: cmp dl, 0x16
0x151ae: jge 0x151b2
0x151b0: jmp 0x151c4
0x151b2: mov al, 1
0x151b4: mov dx, 0
0x151b7: mov cx, 1
0x151ba: mov ds, word ptr [di + 0x37]
0x151bd: mov bx, word ptr [di + 0x63]
0x151c0: int 0x26
0x151c2: jmp 0x151c4
2018-12-25T12:42:23.209175377Z 42 PC: 151a0 | Get date 0x151a0: cmp dh, 6
0x151a3: jge 0x151a7
0x151a5: jmp 0x151c4
0x151a7: mov ah, 0x2a
0x151a9: int 0x21
0x151ab: cmp dl, 0x16
0x151ae: jge 0x151b2
0x151b0: jmp 0x151c4
0x151b2: mov al, 1
0x151b4: mov dx, 0
0x151b7: mov cx, 1
0x151ba: mov ds, word ptr [di + 0x37]
0x151bd: mov bx, word ptr [di + 0x63]
0x151c0: int 0x26
0x151c2: jmp 0x151c4
0x151c4: pop si
0x151c5: push si
0x151c6: add si, 0x2c
0x151ca: lodsb al, byte ptr [si]
0x151cb: mov cx, 0x8000
2018-12-25T12:42:23.212172035Z 78 PC: 15241 | Find first file
2018-12-25T12:42:23.218056782Z 67 PC: 1527d | Get or set file attributes
2018-12-25T12:42:23.223552298Z 67 PC: 1528d | Get or set file attributes
2018-12-25T12:42:23.234164172Z 61 PC: 15297 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:42:23.241065361Z 87 PC: 152a3 | Get or set file date and time
2018-12-25T12:42:23.242705213Z 44 PC: 152ad | Get time 0x152ad: and dh, 7
0x152b0: jmp 0x152b2
0x152b2: mov ah, 0x3f
0x152b4: mov cx, 3
0x152b7: mov dx, 0x1c
0x152ba: add dx, si
0x152bc: int 0x21
0x152be: jb 0x15314
0x152c0: cmp ax, 3
0x152c3: jne 0x15314
0x152c5: mov ax, 0x4202
0x152c8: mov cx, 0
0x152cb: mov dx, 0
0x152ce: int 0x21
0x152d0: jb 0x15314
0x152d2: mov cx, ax
0x152d4: sub ax, 3
0x152d7: mov word ptr [si + 0x20], ax
0x152da: add cx, 0x304
0x152de: mov di, si
2018-12-25T12:42:23.245686828Z 63 PC: 152be | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:42:23.2486104Z 66 PC: 152d0 | Move file pointer
2018-12-25T12:42:23.250309906Z 64 PC: 152f3 | Write file or device (Write 672 bytes on handle 5)
2018-12-25T12:42:23.25923861Z 66 PC: 15305 | Move file pointer
2018-12-25T12:42:23.261053157Z 64 PC: 15314 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:42:23.264072028Z 87 PC: 15325 | Get or set file date and time
2018-12-25T12:42:23.266529632Z 62 PC: 15329 | Close file
2018-12-25T12:42:23.274713118Z 67 PC: 15336 | Get or set file attributes
2018-12-25T12:42:23.284871386Z 26 PC: 15341 | Set disk transfer address
2018-12-25T12:42:23.28640006Z 9 PC: 12a51 | Display string (String= 'This is a sample! (10.000 bytes)')
2018-12-25T12:42:23.289896653Z 76 PC: 12a56 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15003,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:42:24.554369967Z 53 PC: 1550c | Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:42:24.556908752Z 37 PC: 15519 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:42:24.561216702Z 53 PC: 1550c | Get interrupt vector (See above)
2018-12-25T12:42:24.562386993Z 37 PC: 15519 | Set interrupt vector (See above)
2018-12-25T12:42:24.564062072Z 53 PC: 1550c | Get interrupt vector (See above)
2018-12-25T12:42:24.566021858Z 37 PC: 15519 | Set interrupt vector (See above)
2018-12-25T12:42:24.567731367Z 47 PC: 1540f | Get disk transfer address
2018-12-25T12:42:24.569382048Z 26 PC: 1541d | Set disk transfer address
2018-12-25T12:42:24.571253392Z 78 PC: 155bd | Find first file
2018-12-25T12:42:24.578024373Z 67 PC: 155f4 | Get or set file attributes
2018-12-25T12:42:24.584509005Z 67 PC: 15602 | Get or set file attributes
2018-12-25T12:42:24.630849201Z 61 PC: 1560a | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:42:24.64010183Z 87 PC: 15616 | Get or set file date and time
2018-12-25T12:42:24.642787469Z 63 PC: 15626 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:42:24.654944141Z 66 PC: 15636 | Move file pointer
2018-12-25T12:42:24.658247849Z 64 PC: 15659 | Write file or device (Write 740 bytes on handle 5)
2018-12-25T12:42:24.668311769Z 66 PC: 15664 | Move file pointer
2018-12-25T12:42:24.670772576Z 64 PC: 1567a | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:42:24.692255709Z 87 PC: 1568b | Get or set file date and time
2018-12-25T12:42:24.694345449Z 62 PC: 1568f | Close file
2018-12-25T12:42:24.703925268Z 67 PC: 1569a | Get or set file attributes
2018-12-25T12:42:24.716665655Z 78 PC: 155bd | Find first file (See above)
2018-12-25T12:42:24.724372629Z 79 PC: 155c3 | Find next file
2018-12-25T12:42:24.728140057Z 79 PC: 155c3 | Find next file (See above)
2018-12-25T12:42:24.732935121Z 79 PC: 155c3 | Find next file (See above)
2018-12-25T12:42:24.737137244Z 79 PC: 155c3 | Find next file (See above)
2018-12-25T12:42:24.740091811Z 79 PC: 155c3 | Find next file (See above)
2018-12-25T12:42:24.744380582Z 67 PC: 155f4 | Get or set file attributes (See above)
2018-12-25T12:42:24.751014811Z 67 PC: 15602 | Get or set file attributes (See above)
2018-12-25T12:42:24.762583757Z 61 PC: 1560a | Open file (See above)
2018-12-25T12:42:24.774258326Z 87 PC: 15616 | Get or set file date and time (See above)
2018-12-25T12:42:24.775918897Z 63 PC: 15626 | Read file or device (See above)
2018-12-25T12:42:24.783210209Z 66 PC: 15636 | Move file pointer (See above)
2018-12-25T12:42:24.785254529Z 64 PC: 15659 | Write file or device (See above)
2018-12-25T12:42:24.795166211Z 66 PC: 15664 | Move file pointer (See above)
2018-12-25T12:42:24.796640286Z 64 PC: 1567a | Write file or device (See above)
2018-12-25T12:42:24.805547763Z 87 PC: 1568b | Get or set file date and time (See above)
2018-12-25T12:42:24.807620093Z 62 PC: 1568f | Close file (See above)
2018-12-25T12:42:24.816921983Z 67 PC: 1569a | Get or set file attributes (See above)
2018-12-25T12:42:24.83024547Z 78 PC: 155bd | Find first file (See above)
2018-12-25T12:42:24.838194417Z 79 PC: 155c3 | Find next file (See above)
2018-12-25T12:42:24.841576033Z 79 PC: 155c3 | Find next file (See above)
2018-12-25T12:42:24.844907865Z 79 PC: 155c3 | Find next file (See above)
2018-12-25T12:42:24.849185856Z 79 PC: 155c3 | Find next file (See above)
2018-12-25T12:42:24.852492679Z 79 PC: 155c3 | Find next file (See above)
2018-12-25T12:42:24.855689241Z 79 PC: 155c3 | Find next file (See above)
2018-12-25T12:42:24.859285653Z 79 PC: 155c3 | Find next file (See above)
2018-12-25T12:42:24.862507993Z 67 PC: 155f4 | Get or set file attributes (See above)
2018-12-25T12:42:24.869277838Z 67 PC: 15602 | Get or set file attributes (See above)
2018-12-25T12:42:24.881836526Z 61 PC: 1560a | Open file (See above)
2018-12-25T12:42:24.889663828Z 87 PC: 15616 | Get or set file date and time (See above)
2018-12-25T12:42:24.891656418Z 63 PC: 15626 | Read file or device (See above)
2018-12-25T12:42:24.895602486Z 66 PC: 15636 | Move file pointer (See above)
2018-12-25T12:42:24.897354328Z 64 PC: 15659 | Write file or device (See above)
2018-12-25T12:42:24.906460343Z 66 PC: 15664 | Move file pointer (See above)
2018-12-25T12:42:24.908836407Z 64 PC: 1567a | Write file or device (See above)
2018-12-25T12:42:24.912491455Z 87 PC: 1568b | Get or set file date and time (See above)
2018-12-25T12:42:24.914469063Z 62 PC: 1568f | Close file (See above)
2018-12-25T12:42:24.924592904Z 67 PC: 1569a | Get or set file attributes (See above)
2018-12-25T12:42:24.935947129Z 26 PC: 1543b | Set disk transfer address
2018-12-25T12:42:24.937525661Z 37 PC: 1553a | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:42:24.940885676Z 37 PC: 1553a | Set interrupt vector (See above)
2018-12-25T12:42:24.942787683Z 37 PC: 1553a | Set interrupt vector (See above)
2018-12-25T12:42:24.944310395Z 48 PC: 15169 | Get DOS version
2018-12-25T12:42:24.945739778Z 47 PC: 15175 | Get disk transfer address
2018-12-25T12:42:24.948321379Z 26 PC: 15185 | Set disk transfer address
2018-12-25T12:42:24.949845947Z 42 PC: 15194 | Get date 0x15194: cmp cx, 0x7cb
0x15198: jge 0x1519c
0x1519a: jmp 0x151c4
0x1519c: mov ah, 0x2a
0x1519e: int 0x21
0x151a0: cmp dh, 6
0x151a3: jge 0x151a7
0x151a5: jmp 0x151c4
0x151a7: mov ah, 0x2a
0x151a9: int 0x21
0x151ab: cmp dl, 0x16
0x151ae: jge 0x151b2
0x151b0: jmp 0x151c4
0x151b2: mov al, 1
0x151b4: mov dx, 0
0x151b7: mov cx, 1
0x151ba: mov ds, word ptr [di + 0x37]
0x151bd: mov bx, word ptr [di + 0x63]
0x151c0: int 0x26
0x151c2: jmp 0x151c4
2018-12-25T12:42:24.952398135Z 78 PC: 15241 | Find first file
2018-12-25T12:42:24.968777519Z 67 PC: 1527d | Get or set file attributes
2018-12-25T12:42:24.975152936Z 67 PC: 1528d | Get or set file attributes
2018-12-25T12:42:24.985322693Z 61 PC: 15297 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:42:24.990162914Z 87 PC: 152a3 | Get or set file date and time
2018-12-25T12:42:24.991419638Z 44 PC: 152ad | Get time 0x152ad: and dh, 7
0x152b0: jmp 0x152b2
0x152b2: mov ah, 0x3f
0x152b4: mov cx, 3
0x152b7: mov dx, 0x1c
0x152ba: add dx, si
0x152bc: int 0x21
0x152be: jb 0x15314
0x152c0: cmp ax, 3
0x152c3: jne 0x15314
0x152c5: mov ax, 0x4202
0x152c8: mov cx, 0
0x152cb: mov dx, 0
0x152ce: int 0x21
0x152d0: jb 0x15314
0x152d2: mov cx, ax
0x152d4: sub ax, 3
0x152d7: mov word ptr [si + 0x20], ax
0x152da: add cx, 0x304
0x152de: mov di, si
2018-12-25T12:42:24.993130176Z 63 PC: 152be | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:42:24.99566237Z 66 PC: 152d0 | Move file pointer
2018-12-25T12:42:24.996896905Z 64 PC: 152f3 | Write file or device (Write 672 bytes on handle 5)
2018-12-25T12:42:25.002203899Z 66 PC: 15305 | Move file pointer
2018-12-25T12:42:25.003843578Z 64 PC: 15314 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:42:25.006070325Z 87 PC: 15325 | Get or set file date and time
2018-12-25T12:42:25.00736561Z 62 PC: 15329 | Close file
2018-12-25T12:42:25.013507539Z 67 PC: 15336 | Get or set file attributes
2018-12-25T12:42:25.021532434Z 26 PC: 15341 | Set disk transfer address
2018-12-25T12:42:25.022645307Z 9 PC: 12a51 | Display string (String= 'This is a sample! (10.000 bytes)')
2018-12-25T12:42:25.024740197Z 76 PC: 12a56 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15003,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:42:24.694033426Z 53 PC: 1550c | Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:42:24.695850469Z 37 PC: 15519 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:42:24.697213171Z 53 PC: 1550c | Get interrupt vector (See above)
2018-12-25T12:42:24.705154552Z 37 PC: 15519 | Set interrupt vector (See above)
2018-12-25T12:42:24.706192543Z 53 PC: 1550c | Get interrupt vector (See above)
2018-12-25T12:42:24.707554309Z 37 PC: 15519 | Set interrupt vector (See above)
2018-12-25T12:42:24.708606812Z 47 PC: 1540f | Get disk transfer address
2018-12-25T12:42:24.709682803Z 26 PC: 1541d | Set disk transfer address
2018-12-25T12:42:24.711809893Z 78 PC: 155bd | Find first file
2018-12-25T12:42:24.716619842Z 67 PC: 155f4 | Get or set file attributes
2018-12-25T12:42:24.720462908Z 67 PC: 15602 | Get or set file attributes
2018-12-25T12:42:24.743104842Z 61 PC: 1560a | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:42:24.750224107Z 87 PC: 15616 | Get or set file date and time
2018-12-25T12:42:24.752080248Z 63 PC: 15626 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:42:24.76073015Z 66 PC: 15636 | Move file pointer
2018-12-25T12:42:24.762209508Z 64 PC: 15659 | Write file or device (Write 740 bytes on handle 5)
2018-12-25T12:42:24.770317554Z 66 PC: 15664 | Move file pointer
2018-12-25T12:42:24.772448252Z 64 PC: 1567a | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:42:24.779818435Z 87 PC: 1568b | Get or set file date and time
2018-12-25T12:42:24.781445158Z 62 PC: 1568f | Close file
2018-12-25T12:42:24.790768804Z 67 PC: 1569a | Get or set file attributes
2018-12-25T12:42:24.803326528Z 78 PC: 155bd | Find first file (See above)
2018-12-25T12:42:24.809887848Z 79 PC: 155c3 | Find next file
2018-12-25T12:42:24.812543786Z 79 PC: 155c3 | Find next file (See above)
2018-12-25T12:42:24.816160084Z 79 PC: 155c3 | Find next file (See above)
2018-12-25T12:42:24.81897633Z 79 PC: 155c3 | Find next file (See above)
2018-12-25T12:42:24.821749459Z 79 PC: 155c3 | Find next file (See above)
2018-12-25T12:42:24.825405613Z 67 PC: 155f4 | Get or set file attributes (See above)
2018-12-25T12:42:24.83240417Z 67 PC: 15602 | Get or set file attributes (See above)
2018-12-25T12:42:24.84311687Z 61 PC: 1560a | Open file (See above)
2018-12-25T12:42:24.851061205Z 87 PC: 15616 | Get or set file date and time (See above)
2018-12-25T12:42:24.852623584Z 63 PC: 15626 | Read file or device (See above)
2018-12-25T12:42:24.860467872Z 66 PC: 15636 | Move file pointer (See above)
2018-12-25T12:42:24.862871755Z 64 PC: 15659 | Write file or device (See above)
2018-12-25T12:42:24.872790378Z 66 PC: 15664 | Move file pointer (See above)
2018-12-25T12:42:24.874295461Z 64 PC: 1567a | Write file or device (See above)
2018-12-25T12:42:24.880561776Z 87 PC: 1568b | Get or set file date and time (See above)
2018-12-25T12:42:24.882658993Z 62 PC: 1568f | Close file (See above)
2018-12-25T12:42:24.891738243Z 67 PC: 1569a | Get or set file attributes (See above)
2018-12-25T12:42:24.903336202Z 78 PC: 155bd | Find first file (See above)
2018-12-25T12:42:24.910794044Z 79 PC: 155c3 | Find next file (See above)
2018-12-25T12:42:24.914021398Z 79 PC: 155c3 | Find next file (See above)
2018-12-25T12:42:24.916682207Z 79 PC: 155c3 | Find next file (See above)
2018-12-25T12:42:24.919639129Z 79 PC: 155c3 | Find next file (See above)
2018-12-25T12:42:24.923060213Z 79 PC: 155c3 | Find next file (See above)
2018-12-25T12:42:24.925620109Z 79 PC: 155c3 | Find next file (See above)
2018-12-25T12:42:24.928780922Z 79 PC: 155c3 | Find next file (See above)
2018-12-25T12:42:24.931522428Z 67 PC: 155f4 | Get or set file attributes (See above)
2018-12-25T12:42:24.937647543Z 67 PC: 15602 | Get or set file attributes (See above)
2018-12-25T12:42:24.949352758Z 61 PC: 1560a | Open file (See above)
2018-12-25T12:42:24.95742111Z 87 PC: 15616 | Get or set file date and time (See above)
2018-12-25T12:42:24.959345221Z 63 PC: 15626 | Read file or device (See above)
2018-12-25T12:42:24.963068639Z 66 PC: 15636 | Move file pointer (See above)
2018-12-25T12:42:24.96524304Z 64 PC: 15659 | Write file or device (See above)
2018-12-25T12:42:24.974404785Z 66 PC: 15664 | Move file pointer (See above)
2018-12-25T12:42:24.97728289Z 64 PC: 1567a | Write file or device (See above)
2018-12-25T12:42:24.980853558Z 87 PC: 1568b | Get or set file date and time (See above)
2018-12-25T12:42:24.98297288Z 62 PC: 1568f | Close file (See above)
2018-12-25T12:42:24.992970345Z 67 PC: 1569a | Get or set file attributes (See above)
2018-12-25T12:42:25.004088856Z 26 PC: 1543b | Set disk transfer address
2018-12-25T12:42:25.005764416Z 37 PC: 1553a | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:42:25.008542079Z 37 PC: 1553a | Set interrupt vector (See above)
2018-12-25T12:42:25.010232193Z 37 PC: 1553a | Set interrupt vector (See above)
2018-12-25T12:42:25.01175206Z 48 PC: 15169 | Get DOS version
2018-12-25T12:42:25.013085467Z 47 PC: 15175 | Get disk transfer address
2018-12-25T12:42:25.01517962Z 26 PC: 15185 | Set disk transfer address
2018-12-25T12:42:25.016447859Z 42 PC: 15194 | Get date 0x15194: cmp cx, 0x7cb
0x15198: jge 0x1519c
0x1519a: jmp 0x151c4
0x1519c: mov ah, 0x2a
0x1519e: int 0x21
0x151a0: cmp dh, 6
0x151a3: jge 0x151a7
0x151a5: jmp 0x151c4
0x151a7: mov ah, 0x2a
0x151a9: int 0x21
0x151ab: cmp dl, 0x16
0x151ae: jge 0x151b2
0x151b0: jmp 0x151c4
0x151b2: mov al, 1
0x151b4: mov dx, 0
0x151b7: mov cx, 1
0x151ba: mov ds, word ptr [di + 0x37]
0x151bd: mov bx, word ptr [di + 0x63]
0x151c0: int 0x26
0x151c2: jmp 0x151c4
2018-12-25T12:42:25.018954967Z 78 PC: 15241 | Find first file
2018-12-25T12:42:25.026653646Z 67 PC: 1527d | Get or set file attributes
2018-12-25T12:42:25.033253591Z 67 PC: 1528d | Get or set file attributes
2018-12-25T12:42:25.048485122Z 61 PC: 15297 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:42:25.063041031Z 87 PC: 152a3 | Get or set file date and time
2018-12-25T12:42:25.065023824Z 44 PC: 152ad | Get time 0x152ad: and dh, 7
0x152b0: jmp 0x152b2
0x152b2: mov ah, 0x3f
0x152b4: mov cx, 3
0x152b7: mov dx, 0x1c
0x152ba: add dx, si
0x152bc: int 0x21
0x152be: jb 0x15314
0x152c0: cmp ax, 3
0x152c3: jne 0x15314
0x152c5: mov ax, 0x4202
0x152c8: mov cx, 0
0x152cb: mov dx, 0
0x152ce: int 0x21
0x152d0: jb 0x15314
0x152d2: mov cx, ax
0x152d4: sub ax, 3
0x152d7: mov word ptr [si + 0x20], ax
0x152da: add cx, 0x304
0x152de: mov di, si
2018-12-25T12:42:25.067835629Z 63 PC: 152be | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:42:25.07184151Z 66 PC: 152d0 | Move file pointer
2018-12-25T12:42:25.074170786Z 64 PC: 152f3 | Write file or device (Write 672 bytes on handle 5)
2018-12-25T12:42:25.0836886Z 66 PC: 15305 | Move file pointer
2018-12-25T12:42:25.085599896Z 64 PC: 15314 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:42:25.091105128Z 87 PC: 15325 | Get or set file date and time
2018-12-25T12:42:25.093117299Z 62 PC: 15329 | Close file
2018-12-25T12:42:25.106354057Z 67 PC: 15336 | Get or set file attributes
2018-12-25T12:42:25.117807793Z 26 PC: 15341 | Set disk transfer address
2018-12-25T12:42:25.119113665Z 9 PC: 12a51 | Display string (String= 'This is a sample! (10.000 bytes)')
2018-12-25T12:42:25.121697479Z 76 PC: 12a56 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15003,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:42:24.847047335Z 53 PC: 1550c | Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:42:24.849210056Z 37 PC: 15519 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:42:24.851014266Z 53 PC: 1550c | Get interrupt vector (See above)
2018-12-25T12:42:24.852500779Z 37 PC: 15519 | Set interrupt vector (See above)
2018-12-25T12:42:24.85902027Z 53 PC: 1550c | Get interrupt vector (See above)
2018-12-25T12:42:24.860554702Z 37 PC: 15519 | Set interrupt vector (See above)
2018-12-25T12:42:24.862039488Z 47 PC: 1540f | Get disk transfer address
2018-12-25T12:42:24.863699073Z 26 PC: 1541d | Set disk transfer address
2018-12-25T12:42:24.875794699Z 78 PC: 155bd | Find first file
2018-12-25T12:42:24.88203172Z 67 PC: 155f4 | Get or set file attributes
2018-12-25T12:42:24.888545422Z 67 PC: 15602 | Get or set file attributes
2018-12-25T12:42:24.90521292Z 61 PC: 1560a | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:42:24.911644732Z 87 PC: 15616 | Get or set file date and time
2018-12-25T12:42:24.912958055Z 63 PC: 15626 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:42:24.91981727Z 66 PC: 15636 | Move file pointer
2018-12-25T12:42:24.921173565Z 64 PC: 15659 | Write file or device (Write 740 bytes on handle 5)
2018-12-25T12:42:24.929354056Z 66 PC: 15664 | Move file pointer
2018-12-25T12:42:24.931333632Z 64 PC: 1567a | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:42:24.937847344Z 87 PC: 1568b | Get or set file date and time
2018-12-25T12:42:24.939470356Z 62 PC: 1568f | Close file
2018-12-25T12:42:24.948215102Z 67 PC: 1569a | Get or set file attributes
2018-12-25T12:42:24.958523189Z 78 PC: 155bd | Find first file (See above)
2018-12-25T12:42:24.96439323Z 79 PC: 155c3 | Find next file
2018-12-25T12:42:24.967389371Z 79 PC: 155c3 | Find next file (See above)
2018-12-25T12:42:24.969898806Z 79 PC: 155c3 | Find next file (See above)
2018-12-25T12:42:24.97239156Z 79 PC: 155c3 | Find next file (See above)
2018-12-25T12:42:24.98256389Z 79 PC: 155c3 | Find next file (See above)
2018-12-25T12:42:24.985232702Z 67 PC: 155f4 | Get or set file attributes (See above)
2018-12-25T12:42:24.99089809Z 67 PC: 15602 | Get or set file attributes (See above)
2018-12-25T12:42:25.000942346Z 61 PC: 1560a | Open file (See above)
2018-12-25T12:42:25.008109781Z 87 PC: 15616 | Get or set file date and time (See above)
2018-12-25T12:42:25.009668782Z 63 PC: 15626 | Read file or device (See above)
2018-12-25T12:42:25.016714098Z 66 PC: 15636 | Move file pointer (See above)
2018-12-25T12:42:25.018202457Z 64 PC: 15659 | Write file or device (See above)
2018-12-25T12:42:25.027025251Z 66 PC: 15664 | Move file pointer (See above)
2018-12-25T12:42:25.028883458Z 64 PC: 1567a | Write file or device (See above)
2018-12-25T12:42:25.035771939Z 87 PC: 1568b | Get or set file date and time (See above)
2018-12-25T12:42:25.037275457Z 62 PC: 1568f | Close file (See above)
2018-12-25T12:42:25.046007214Z 67 PC: 1569a | Get or set file attributes (See above)
2018-12-25T12:42:25.055757396Z 78 PC: 155bd | Find first file (See above)
2018-12-25T12:42:25.062178995Z 79 PC: 155c3 | Find next file (See above)
2018-12-25T12:42:25.065041546Z 79 PC: 155c3 | Find next file (See above)
2018-12-25T12:42:25.068132245Z 79 PC: 155c3 | Find next file (See above)
2018-12-25T12:42:25.070693184Z 79 PC: 155c3 | Find next file (See above)
2018-12-25T12:42:25.07332031Z 79 PC: 155c3 | Find next file (See above)
2018-12-25T12:42:25.075996783Z 79 PC: 155c3 | Find next file (See above)
2018-12-25T12:42:25.078481669Z 79 PC: 155c3 | Find next file (See above)
2018-12-25T12:42:25.081063288Z 67 PC: 155f4 | Get or set file attributes (See above)
2018-12-25T12:42:25.087147901Z 67 PC: 15602 | Get or set file attributes (See above)
2018-12-25T12:42:25.099537736Z 61 PC: 1560a | Open file (See above)
2018-12-25T12:42:25.106210347Z 87 PC: 15616 | Get or set file date and time (See above)
2018-12-25T12:42:25.108477863Z 63 PC: 15626 | Read file or device (See above)
2018-12-25T12:42:25.114886694Z 66 PC: 15636 | Move file pointer (See above)
2018-12-25T12:42:25.116359395Z 64 PC: 15659 | Write file or device (See above)
2018-12-25T12:42:25.1276331Z 66 PC: 15664 | Move file pointer (See above)
2018-12-25T12:42:25.128997987Z 64 PC: 1567a | Write file or device (See above)
2018-12-25T12:42:25.131611244Z 87 PC: 1568b | Get or set file date and time (See above)
2018-12-25T12:42:25.133099112Z 62 PC: 1568f | Close file (See above)
2018-12-25T12:42:25.140766464Z 67 PC: 1569a | Get or set file attributes (See above)
2018-12-25T12:42:25.150861065Z 26 PC: 1543b | Set disk transfer address
2018-12-25T12:42:25.152451596Z 37 PC: 1553a | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:42:25.153706786Z 37 PC: 1553a | Set interrupt vector (See above)
2018-12-25T12:42:25.154978052Z 37 PC: 1553a | Set interrupt vector (See above)
2018-12-25T12:42:25.156770316Z 48 PC: 15169 | Get DOS version
2018-12-25T12:42:25.157933685Z 47 PC: 15175 | Get disk transfer address
2018-12-25T12:42:25.159103283Z 26 PC: 15185 | Set disk transfer address
2018-12-25T12:42:25.160795513Z 42 PC: 15194 | Get date 0x15194: cmp cx, 0x7cb
0x15198: jge 0x1519c
0x1519a: jmp 0x151c4
0x1519c: mov ah, 0x2a
0x1519e: int 0x21
0x151a0: cmp dh, 6
0x151a3: jge 0x151a7
0x151a5: jmp 0x151c4
0x151a7: mov ah, 0x2a
0x151a9: int 0x21
0x151ab: cmp dl, 0x16
0x151ae: jge 0x151b2
0x151b0: jmp 0x151c4
0x151b2: mov al, 1
0x151b4: mov dx, 0
0x151b7: mov cx, 1
0x151ba: mov ds, word ptr [di + 0x37]
0x151bd: mov bx, word ptr [di + 0x63]
0x151c0: int 0x26
0x151c2: jmp 0x151c4
2018-12-25T12:42:25.1636274Z 78 PC: 15241 | Find first file
2018-12-25T12:42:25.169661511Z 67 PC: 1527d | Get or set file attributes
2018-12-25T12:42:25.175856082Z 67 PC: 1528d | Get or set file attributes
2018-12-25T12:42:25.185607403Z 61 PC: 15297 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:42:25.19223205Z 87 PC: 152a3 | Get or set file date and time
2018-12-25T12:42:25.193822838Z 44 PC: 152ad | Get time 0x152ad: and dh, 7
0x152b0: jmp 0x152b2
0x152b2: mov ah, 0x3f
0x152b4: mov cx, 3
0x152b7: mov dx, 0x1c
0x152ba: add dx, si
0x152bc: int 0x21
0x152be: jb 0x15314
0x152c0: cmp ax, 3
0x152c3: jne 0x15314
0x152c5: mov ax, 0x4202
0x152c8: mov cx, 0
0x152cb: mov dx, 0
0x152ce: int 0x21
0x152d0: jb 0x15314
0x152d2: mov cx, ax
0x152d4: sub ax, 3
0x152d7: mov word ptr [si + 0x20], ax
0x152da: add cx, 0x304
0x152de: mov di, si
2018-12-25T12:42:25.196118462Z 63 PC: 152be | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:42:25.202545467Z 66 PC: 152d0 | Move file pointer
2018-12-25T12:42:25.205007564Z 64 PC: 152f3 | Write file or device (Write 672 bytes on handle 5)
2018-12-25T12:42:25.213454597Z 66 PC: 15305 | Move file pointer
2018-12-25T12:42:25.214738546Z 64 PC: 15314 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:42:25.218243566Z 87 PC: 15325 | Get or set file date and time
2018-12-25T12:42:25.219635372Z 62 PC: 15329 | Close file
2018-12-25T12:42:25.227403296Z 67 PC: 15336 | Get or set file attributes
2018-12-25T12:42:25.238459501Z 26 PC: 15341 | Set disk transfer address
2018-12-25T12:42:25.239889974Z 9 PC: 12a51 | Display string (String= 'This is a sample! (10.000 bytes)')
2018-12-25T12:42:25.242428716Z 76 PC: 12a56 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":22,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15003,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:42:26.184057724Z 53 PC: 1550c | Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:42:26.186397241Z 37 PC: 15519 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:42:26.187804477Z 53 PC: 1550c | Get interrupt vector (See above)
2018-12-25T12:42:26.189264647Z 37 PC: 15519 | Set interrupt vector (See above)
2018-12-25T12:42:26.191769232Z 53 PC: 1550c | Get interrupt vector (See above)
2018-12-25T12:42:26.193415214Z 37 PC: 15519 | Set interrupt vector (See above)
2018-12-25T12:42:26.1948595Z 47 PC: 1540f | Get disk transfer address
2018-12-25T12:42:26.196790394Z 26 PC: 1541d | Set disk transfer address
2018-12-25T12:42:26.198417956Z 78 PC: 155bd | Find first file
2018-12-25T12:42:26.204884686Z 67 PC: 155f4 | Get or set file attributes
2018-12-25T12:42:26.211534466Z 67 PC: 15602 | Get or set file attributes
2018-12-25T12:42:26.669527678Z 61 PC: 1560a | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:42:26.674143977Z 87 PC: 15616 | Get or set file date and time
2018-12-25T12:42:26.675444225Z 63 PC: 15626 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:42:26.681222509Z 66 PC: 15636 | Move file pointer
2018-12-25T12:42:26.682341485Z 64 PC: 15659 | Write file or device (Write 740 bytes on handle 5)
2018-12-25T12:42:26.742981697Z 66 PC: 15664 | Move file pointer
2018-12-25T12:42:26.745170899Z 64 PC: 1567a | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:42:26.751947032Z 87 PC: 1568b | Get or set file date and time
2018-12-25T12:42:26.753357697Z 62 PC: 1568f | Close file
2018-12-25T12:42:26.818792492Z 67 PC: 1569a | Get or set file attributes
2018-12-25T12:42:26.878400979Z 78 PC: 155bd | Find first file (See above)
2018-12-25T12:42:26.884871315Z 79 PC: 155c3 | Find next file
2018-12-25T12:42:26.891024227Z 79 PC: 155c3 | Find next file (See above)
2018-12-25T12:42:26.893468054Z 79 PC: 155c3 | Find next file (See above)
2018-12-25T12:42:26.895921679Z 79 PC: 155c3 | Find next file (See above)
2018-12-25T12:42:26.899073945Z 79 PC: 155c3 | Find next file (See above)
2018-12-25T12:42:26.901541884Z 67 PC: 155f4 | Get or set file attributes (See above)
2018-12-25T12:42:26.907198193Z 67 PC: 15602 | Get or set file attributes (See above)
2018-12-25T12:42:26.971856566Z 61 PC: 1560a | Open file (See above)
2018-12-25T12:42:26.978767467Z 87 PC: 15616 | Get or set file date and time (See above)
2018-12-25T12:42:26.980456509Z 63 PC: 15626 | Read file or device (See above)
2018-12-25T12:42:26.987926704Z 66 PC: 15636 | Move file pointer (See above)
2018-12-25T12:42:26.990141796Z 64 PC: 15659 | Write file or device (See above)
2018-12-25T12:42:27.066910454Z 66 PC: 15664 | Move file pointer (See above)
2018-12-25T12:42:27.068713252Z 64 PC: 1567a | Write file or device (See above)
2018-12-25T12:42:27.076800437Z 87 PC: 1568b | Get or set file date and time (See above)
2018-12-25T12:42:27.078647389Z 62 PC: 1568f | Close file (See above)
2018-12-25T12:42:27.1651222Z 67 PC: 1569a | Get or set file attributes (See above)
2018-12-25T12:42:27.277814481Z 78 PC: 155bd | Find first file (See above)
2018-12-25T12:42:27.28424058Z 79 PC: 155c3 | Find next file (See above)
2018-12-25T12:42:27.287131728Z 79 PC: 155c3 | Find next file (See above)
2018-12-25T12:42:27.291156224Z 79 PC: 155c3 | Find next file (See above)
2018-12-25T12:42:27.293953696Z 79 PC: 155c3 | Find next file (See above)
2018-12-25T12:42:27.296691784Z 79 PC: 155c3 | Find next file (See above)
2018-12-25T12:42:27.300019917Z 79 PC: 155c3 | Find next file (See above)
2018-12-25T12:42:27.302564702Z 79 PC: 155c3 | Find next file (See above)
2018-12-25T12:42:27.305109934Z 67 PC: 155f4 | Get or set file attributes (See above)
2018-12-25T12:42:27.311567207Z 67 PC: 15602 | Get or set file attributes (See above)
2018-12-25T12:42:27.395511092Z 61 PC: 1560a | Open file (See above)
2018-12-25T12:42:27.401926735Z 87 PC: 15616 | Get or set file date and time (See above)
2018-12-25T12:42:27.403507104Z 63 PC: 15626 | Read file or device (See above)
2018-12-25T12:42:27.40972984Z 66 PC: 15636 | Move file pointer (See above)
2018-12-25T12:42:27.410971555Z 64 PC: 15659 | Write file or device (See above)
2018-12-25T12:42:27.494950712Z 66 PC: 15664 | Move file pointer (See above)
2018-12-25T12:42:27.49623044Z 64 PC: 1567a | Write file or device (See above)
2018-12-25T12:42:27.498800108Z 87 PC: 1568b | Get or set file date and time (See above)
2018-12-25T12:42:27.500513719Z 62 PC: 1568f | Close file (See above)
2018-12-25T12:42:27.593148149Z 67 PC: 1569a | Get or set file attributes (See above)
2018-12-25T12:42:27.603065228Z 26 PC: 1543b | Set disk transfer address
2018-12-25T12:42:27.605425565Z 37 PC: 1553a | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:42:27.606814963Z 37 PC: 1553a | Set interrupt vector (See above)
2018-12-25T12:42:27.60790861Z 37 PC: 1553a | Set interrupt vector (See above)
2018-12-25T12:42:27.609349691Z 48 PC: 15169 | Get DOS version
2018-12-25T12:42:27.611193982Z 47 PC: 15175 | Get disk transfer address
2018-12-25T12:42:27.612204268Z 26 PC: 15185 | Set disk transfer address
2018-12-25T12:42:27.613184054Z 42 PC: 15194 | Get date 0x15194: cmp cx, 0x7cb
0x15198: jge 0x1519c
0x1519a: jmp 0x151c4
0x1519c: mov ah, 0x2a
0x1519e: int 0x21
0x151a0: cmp dh, 6
0x151a3: jge 0x151a7
0x151a5: jmp 0x151c4
0x151a7: mov ah, 0x2a
0x151a9: int 0x21
0x151ab: cmp dl, 0x16
0x151ae: jge 0x151b2
0x151b0: jmp 0x151c4
0x151b2: mov al, 1
0x151b4: mov dx, 0
0x151b7: mov cx, 1
0x151ba: mov ds, word ptr [di + 0x37]
0x151bd: mov bx, word ptr [di + 0x63]
0x151c0: int 0x26
0x151c2: jmp 0x151c4
2018-12-25T12:42:27.616186069Z 78 PC: 15241 | Find first file
2018-12-25T12:42:27.622827973Z 67 PC: 1527d | Get or set file attributes
2018-12-25T12:42:27.628461908Z 67 PC: 1528d | Get or set file attributes
2018-12-25T12:42:27.639057186Z 61 PC: 15297 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:42:27.645601438Z 87 PC: 152a3 | Get or set file date and time
2018-12-25T12:42:27.646940901Z 44 PC: 152ad | Get time 0x152ad: and dh, 7
0x152b0: jmp 0x152b2
0x152b2: mov ah, 0x3f
0x152b4: mov cx, 3
0x152b7: mov dx, 0x1c
0x152ba: add dx, si
0x152bc: int 0x21
0x152be: jb 0x15314
0x152c0: cmp ax, 3
0x152c3: jne 0x15314
0x152c5: mov ax, 0x4202
0x152c8: mov cx, 0
0x152cb: mov dx, 0
0x152ce: int 0x21
0x152d0: jb 0x15314
0x152d2: mov cx, ax
0x152d4: sub ax, 3
0x152d7: mov word ptr [si + 0x20], ax
0x152da: add cx, 0x304
0x152de: mov di, si
2018-12-25T12:42:27.650126758Z 63 PC: 152be | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:42:27.656685731Z 66 PC: 152d0 | Move file pointer
2018-12-25T12:42:27.658109149Z 64 PC: 152f3 | Write file or device (Write 672 bytes on handle 5)
2018-12-25T12:42:27.667259131Z 66 PC: 15305 | Move file pointer
2018-12-25T12:42:27.668790934Z 64 PC: 15314 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:42:27.671443329Z 87 PC: 15325 | Get or set file date and time
2018-12-25T12:42:27.674125545Z 62 PC: 15329 | Close file
2018-12-25T12:42:27.681873725Z 67 PC: 15336 | Get or set file attributes
2018-12-25T12:42:27.692681399Z 26 PC: 15341 | Set disk transfer address
2018-12-25T12:42:27.697917146Z 9 PC: 12a51 | Display string (String= 'This is a sample! (10.000 bytes)')
2018-12-25T12:42:27.699849728Z 76 PC: 12a56 | Terminate with return code (Return code = '0')