Sample viewer

vx.netlux.org/Virus.DOS.April30.426

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:06:57.769869171Z 42 PC: 12b6a | Get date 0x12b6a: cmp dh, 4
0x12b6d: jne 0x12b7f
0x12b6f: cmp dl, 0x1e
0x12b72: jne 0x12b7f
0x12b74: mov ah, 9
0x12b76: lea dx, word ptr [bp + 0x26d]
0x12b7a: int 0x21
0x12b7c: cli
0x12b7d: jmp 0x12b7c
0x12b7f: mov ax, 0x3524
0x12b82: int 0x21
0x12b84: mov word ptr [bp + 0x25b], es
0x12b88: mov word ptr [bp + 0x25d], bx
0x12b8c: push cs
0x12b8d: pop es
0x12b8e: mov ax, 0x2524
0x12b91: mov dx, 0x258
0x12b94: int 0x21
0x12b96: mov ah, 0x1a
0x12b98: mov dx, 0xfc00
2018-12-17T23:06:57.771614397Z 53 PC: 12b84 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:06:57.772428433Z 37 PC: 12b96 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:06:57.773166038Z 26 PC: 12b9e | Set disk transfer address
2018-12-17T23:06:57.782211523Z 78 PC: 12ba8 | Find first file
2018-12-17T23:06:57.785922366Z 67 PC: 12bbe | Get or set file attributes
2018-12-17T23:06:57.78937588Z 67 PC: 12bc6 | Get or set file attributes
2018-12-17T23:06:58.333429173Z 61 PC: 12bcb | Open file (Filename = 'SLEEP.COM')
2018-12-17T23:06:58.341623639Z 87 PC: 12bd1 | Get or set file date and time
2018-12-17T23:06:58.342656003Z 63 PC: 12bde | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:06:58.353330391Z 66 PC: 12c05 | Move file pointer
2018-12-17T23:06:58.354358388Z 87 PC: 12c88 | Get or set file date and time
2018-12-17T23:06:58.355369071Z 62 PC: 12c8c | Close file
2018-12-17T23:06:58.361652097Z 67 PC: 12c96 | Get or set file attributes
2018-12-17T23:06:58.370252822Z 79 PC: 12ba8 | Find next file
2018-12-17T23:06:58.372818911Z 67 PC: 12bbe | Get or set file attributes
2018-12-17T23:06:58.378852653Z 67 PC: 12bc6 | Get or set file attributes
2018-12-17T23:06:58.385206967Z 61 PC: 12bcb | Open file (Filename = 'PRINT.COM')
2018-12-17T23:06:58.389587014Z 87 PC: 12bd1 | Get or set file date and time
2018-12-17T23:06:58.390969401Z 63 PC: 12bde | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:06:58.39499529Z 66 PC: 12c05 | Move file pointer
2018-12-17T23:06:58.395970071Z 87 PC: 12c88 | Get or set file date and time
2018-12-17T23:06:58.397716382Z 62 PC: 12c8c | Close file
2018-12-17T23:06:58.402166924Z 67 PC: 12c96 | Get or set file attributes
2018-12-17T23:06:58.409714795Z 79 PC: 12ba8 | Find next file
2018-12-17T23:06:58.411998933Z 67 PC: 12bbe | Get or set file attributes
2018-12-17T23:06:58.418335316Z 67 PC: 12bc6 | Get or set file attributes
2018-12-17T23:06:58.437326465Z 61 PC: 12bcb | Open file (Filename = 'HELLO.COM')
2018-12-17T23:06:58.444545739Z 87 PC: 12bd1 | Get or set file date and time
2018-12-17T23:06:58.445864488Z 63 PC: 12bde | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:06:58.452052343Z 66 PC: 12c05 | Move file pointer
2018-12-17T23:06:58.454513627Z 87 PC: 12c88 | Get or set file date and time
2018-12-17T23:06:58.456272995Z 62 PC: 12c8c | Close file
2018-12-17T23:06:58.463446234Z 67 PC: 12c96 | Get or set file attributes
2018-12-17T23:06:58.473606501Z 79 PC: 12ba8 | Find next file
2018-12-17T23:06:58.47559716Z 67 PC: 12bbe | Get or set file attributes
2018-12-17T23:06:58.481201842Z 67 PC: 12bc6 | Get or set file attributes
2018-12-17T23:06:58.494285263Z 61 PC: 12bcb | Open file (Filename = 'PHANG.COM')
2018-12-17T23:06:58.50105103Z 87 PC: 12bd1 | Get or set file date and time
2018-12-17T23:06:58.5025225Z 63 PC: 12bde | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:06:58.509041337Z 66 PC: 12c05 | Move file pointer
2018-12-17T23:06:58.51019134Z 87 PC: 12c88 | Get or set file date and time
2018-12-17T23:06:58.511672642Z 62 PC: 12c8c | Close file
2018-12-17T23:06:58.51889047Z 67 PC: 12c96 | Get or set file attributes
2018-12-17T23:06:58.528687195Z 79 PC: 12ba8 | Find next file
2018-12-17T23:06:58.531120276Z 67 PC: 12bbe | Get or set file attributes
2018-12-17T23:06:58.536720107Z 67 PC: 12bc6 | Get or set file attributes
2018-12-17T23:06:58.548734436Z 61 PC: 12bcb | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T23:06:58.560277974Z 87 PC: 12bd1 | Get or set file date and time
2018-12-17T23:06:58.56187847Z 63 PC: 12bde | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:06:58.568635096Z 66 PC: 12c05 | Move file pointer
2018-12-17T23:06:58.570016305Z 87 PC: 12c88 | Get or set file date and time
2018-12-17T23:06:58.57144685Z 62 PC: 12c8c | Close file
2018-12-17T23:06:58.578716361Z 67 PC: 12c96 | Get or set file attributes
2018-12-17T23:06:58.588698876Z 79 PC: 12ba8 | Find next file
2018-12-17T23:06:58.59158648Z 67 PC: 12bbe | Get or set file attributes
2018-12-17T23:06:58.597910153Z 67 PC: 12bc6 | Get or set file attributes
2018-12-17T23:06:58.607649292Z 61 PC: 12bcb | Open file (Filename = 'MANDEL.COM')
2018-12-17T23:06:58.620002421Z 87 PC: 12bd1 | Get or set file date and time
2018-12-17T23:06:58.622581105Z 63 PC: 12bde | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:06:58.627677996Z 66 PC: 12c05 | Move file pointer
2018-12-17T23:06:58.629117455Z 87 PC: 12c88 | Get or set file date and time
2018-12-17T23:06:58.631085272Z 62 PC: 12c8c | Close file
2018-12-17T23:06:58.637893Z 67 PC: 12c96 | Get or set file attributes
2018-12-17T23:06:58.653681482Z 79 PC: 12ba8 | Find next file
2018-12-17T23:06:58.656892151Z 67 PC: 12bbe | Get or set file attributes
2018-12-17T23:06:58.662324074Z 67 PC: 12bc6 | Get or set file attributes
2018-12-17T23:06:58.671767792Z 61 PC: 12bcb | Open file (Filename = 'PAH.COM')
2018-12-17T23:06:58.684961777Z 87 PC: 12bd1 | Get or set file date and time
2018-12-17T23:06:58.686667547Z 63 PC: 12bde | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:06:58.692780781Z 66 PC: 12c05 | Move file pointer
2018-12-17T23:06:58.694806263Z 87 PC: 12c88 | Get or set file date and time
2018-12-17T23:06:58.696572315Z 62 PC: 12c8c | Close file
2018-12-17T23:06:58.703623167Z 67 PC: 12c96 | Get or set file attributes
2018-12-17T23:06:58.713733874Z 79 PC: 12ba8 | Find next file
2018-12-17T23:06:58.716201501Z 67 PC: 12bbe | Get or set file attributes
2018-12-17T23:06:58.721666856Z 67 PC: 12bc6 | Get or set file attributes
2018-12-17T23:06:58.731518584Z 61 PC: 12bcb | Open file (Filename = 'TEST.COM')
2018-12-17T23:06:58.742970121Z 87 PC: 12bd1 | Get or set file date and time
2018-12-17T23:06:58.744969023Z 63 PC: 12bde | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:06:58.751899169Z 66 PC: 12c05 | Move file pointer
2018-12-17T23:06:58.753279784Z 87 PC: 12c88 | Get or set file date and time
2018-12-17T23:06:58.754655847Z 62 PC: 12c8c | Close file
2018-12-17T23:06:58.762335701Z 67 PC: 12c96 | Get or set file attributes
2018-12-17T23:06:58.771919146Z 79 PC: 12ba8 | Find next file
2018-12-17T23:06:58.774686636Z 37 PC: 12c71 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:06:58.776334835Z 26 PC: 12c7a | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15696,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:44:13.132400269Z 42 PC: 12b6a | Get date 0x12b6a: cmp dh, 4
0x12b6d: jne 0x12b7f
0x12b6f: cmp dl, 0x1e
0x12b72: jne 0x12b7f
0x12b74: mov ah, 9
0x12b76: lea dx, word ptr [bp + 0x26d]
0x12b7a: int 0x21
0x12b7c: cli
0x12b7d: jmp 0x12b7c
0x12b7f: mov ax, 0x3524
0x12b82: int 0x21
0x12b84: mov word ptr [bp + 0x25b], es
0x12b88: mov word ptr [bp + 0x25d], bx
0x12b8c: push cs
0x12b8d: pop es
0x12b8e: mov ax, 0x2524
0x12b91: mov dx, 0x258
0x12b94: int 0x21
0x12b96: mov ah, 0x1a
0x12b98: mov dx, 0xfc00
2018-12-25T12:44:13.135696016Z 53 PC: 12b84 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:44:13.13674546Z 37 PC: 12b96 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:44:13.137648671Z 26 PC: 12b9e | Set disk transfer address
2018-12-25T12:44:13.138951877Z 78 PC: 12ba8 | Find first file
2018-12-25T12:44:13.144552911Z 67 PC: 12bbe | Get or set file attributes
2018-12-25T12:44:13.149858936Z 67 PC: 12bc6 | Get or set file attributes
2018-12-25T12:44:13.17232716Z 61 PC: 12bcb | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:44:13.178714976Z 87 PC: 12bd1 | Get or set file date and time
2018-12-25T12:44:13.180015594Z 63 PC: 12bde | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:44:13.187146439Z 66 PC: 12c05 | Move file pointer
2018-12-25T12:44:13.188686451Z 87 PC: 12c88 | Get or set file date and time
2018-12-25T12:44:13.190801489Z 62 PC: 12c8c | Close file
2018-12-25T12:44:13.197543758Z 67 PC: 12c96 | Get or set file attributes
2018-12-25T12:44:13.208068257Z 79 PC: 12ba8 | Find next file (See above)
2018-12-25T12:44:13.210926556Z 67 PC: 12bbe | Get or set file attributes (See above)
2018-12-25T12:44:13.217154679Z 67 PC: 12bc6 | Get or set file attributes (See above)
2018-12-25T12:44:13.227311041Z 61 PC: 12bcb | Open file (See above)
2018-12-25T12:44:13.234133542Z 87 PC: 12bd1 | Get or set file date and time (See above)
2018-12-25T12:44:13.235754981Z 63 PC: 12bde | Read file or device (See above)
2018-12-25T12:44:13.242682522Z 66 PC: 12c05 | Move file pointer (See above)
2018-12-25T12:44:13.244111842Z 87 PC: 12c88 | Get or set file date and time (See above)
2018-12-25T12:44:13.245422107Z 62 PC: 12c8c | Close file (See above)
2018-12-25T12:44:13.255449522Z 67 PC: 12c96 | Get or set file attributes (See above)
2018-12-25T12:44:13.261571569Z 79 PC: 12ba8 | Find next file (See above)
2018-12-25T12:44:13.263350409Z 67 PC: 12bbe | Get or set file attributes (See above)
2018-12-25T12:44:13.267349283Z 67 PC: 12bc6 | Get or set file attributes (See above)
2018-12-25T12:44:13.273462923Z 61 PC: 12bcb | Open file (See above)
2018-12-25T12:44:13.280087517Z 87 PC: 12bd1 | Get or set file date and time (See above)
2018-12-25T12:44:13.2829379Z 63 PC: 12bde | Read file or device (See above)
2018-12-25T12:44:13.289874251Z 66 PC: 12c05 | Move file pointer (See above)
2018-12-25T12:44:13.291696412Z 87 PC: 12c88 | Get or set file date and time (See above)
2018-12-25T12:44:13.294148777Z 62 PC: 12c8c | Close file (See above)
2018-12-25T12:44:13.303906716Z 67 PC: 12c96 | Get or set file attributes (See above)
2018-12-25T12:44:13.316917162Z 79 PC: 12ba8 | Find next file (See above)
2018-12-25T12:44:13.321534093Z 67 PC: 12bbe | Get or set file attributes (See above)
2018-12-25T12:44:13.328006201Z 67 PC: 12bc6 | Get or set file attributes (See above)
2018-12-25T12:44:13.334583182Z 61 PC: 12bcb | Open file (See above)
2018-12-25T12:44:13.339172895Z 87 PC: 12bd1 | Get or set file date and time (See above)
2018-12-25T12:44:13.340112214Z 63 PC: 12bde | Read file or device (See above)
2018-12-25T12:44:13.344169189Z 66 PC: 12c05 | Move file pointer (See above)
2018-12-25T12:44:13.34563923Z 87 PC: 12c88 | Get or set file date and time (See above)
2018-12-25T12:44:13.346948194Z 62 PC: 12c8c | Close file (See above)
2018-12-25T12:44:13.351725346Z 67 PC: 12c96 | Get or set file attributes (See above)
2018-12-25T12:44:13.359539076Z 79 PC: 12ba8 | Find next file (See above)
2018-12-25T12:44:13.361517405Z 67 PC: 12bbe | Get or set file attributes (See above)
2018-12-25T12:44:13.36510012Z 67 PC: 12bc6 | Get or set file attributes (See above)
2018-12-25T12:44:13.374938946Z 61 PC: 12bcb | Open file (See above)
2018-12-25T12:44:13.38925336Z 87 PC: 12bd1 | Get or set file date and time (See above)
2018-12-25T12:44:13.390930886Z 63 PC: 12bde | Read file or device (See above)
2018-12-25T12:44:13.3974773Z 66 PC: 12c05 | Move file pointer (See above)
2018-12-25T12:44:13.399906635Z 87 PC: 12c88 | Get or set file date and time (See above)
2018-12-25T12:44:13.401396239Z 62 PC: 12c8c | Close file (See above)
2018-12-25T12:44:13.408436187Z 67 PC: 12c96 | Get or set file attributes (See above)
2018-12-25T12:44:13.419456701Z 79 PC: 12ba8 | Find next file (See above)
2018-12-25T12:44:13.421969888Z 67 PC: 12bbe | Get or set file attributes (See above)
2018-12-25T12:44:13.429521947Z 67 PC: 12bc6 | Get or set file attributes (See above)
2018-12-25T12:44:13.445173994Z 61 PC: 12bcb | Open file (See above)
2018-12-25T12:44:13.452616463Z 87 PC: 12bd1 | Get or set file date and time (See above)
2018-12-25T12:44:13.453922589Z 63 PC: 12bde | Read file or device (See above)
2018-12-25T12:44:13.462214341Z 66 PC: 12c05 | Move file pointer (See above)
2018-12-25T12:44:13.464410571Z 87 PC: 12c88 | Get or set file date and time (See above)
2018-12-25T12:44:13.466167569Z 62 PC: 12c8c | Close file (See above)
2018-12-25T12:44:13.47377131Z 67 PC: 12c96 | Get or set file attributes (See above)
2018-12-25T12:44:13.484217232Z 79 PC: 12ba8 | Find next file (See above)
2018-12-25T12:44:13.486686274Z 67 PC: 12bbe | Get or set file attributes (See above)
2018-12-25T12:44:13.492559114Z 67 PC: 12bc6 | Get or set file attributes (See above)
2018-12-25T12:44:13.502216787Z 61 PC: 12bcb | Open file (See above)
2018-12-25T12:44:13.514085483Z 87 PC: 12bd1 | Get or set file date and time (See above)
2018-12-25T12:44:13.516454704Z 63 PC: 12bde | Read file or device (See above)
2018-12-25T12:44:13.523668296Z 66 PC: 12c05 | Move file pointer (See above)
2018-12-25T12:44:13.525626858Z 87 PC: 12c88 | Get or set file date and time (See above)
2018-12-25T12:44:13.528003623Z 62 PC: 12c8c | Close file (See above)
2018-12-25T12:44:13.535377992Z 67 PC: 12c96 | Get or set file attributes (See above)
2018-12-25T12:44:13.545627807Z 79 PC: 12ba8 | Find next file (See above)
2018-12-25T12:44:13.548510942Z 67 PC: 12bbe | Get or set file attributes (See above)
2018-12-25T12:44:13.554856541Z 67 PC: 12bc6 | Get or set file attributes (See above)
2018-12-25T12:44:13.854021033Z 61 PC: 12bcb | Open file (See above)
2018-12-25T12:44:13.865872364Z 87 PC: 12bd1 | Get or set file date and time (See above)
2018-12-25T12:44:13.86905344Z 63 PC: 12bde | Read file or device (See above)
2018-12-25T12:44:13.875391771Z 66 PC: 12c05 | Move file pointer (See above)
2018-12-25T12:44:13.876750141Z 87 PC: 12c88 | Get or set file date and time (See above)
2018-12-25T12:44:13.879277721Z 62 PC: 12c8c | Close file (See above)
2018-12-25T12:44:13.886379841Z 67 PC: 12c96 | Get or set file attributes (See above)
2018-12-25T12:44:13.896224459Z 79 PC: 12ba8 | Find next file (See above)
2018-12-25T12:44:13.899819287Z 37 PC: 12c71 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:44:13.900961093Z 26 PC: 12c7a | Set disk transfer address

{"DateBased":true,"Day":1,"Month":4,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15696,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:44:13.283004782Z 42 PC: 12b6a | Get date 0x12b6a: cmp dh, 4
0x12b6d: jne 0x12b7f
0x12b6f: cmp dl, 0x1e
0x12b72: jne 0x12b7f
0x12b74: mov ah, 9
0x12b76: lea dx, word ptr [bp + 0x26d]
0x12b7a: int 0x21
0x12b7c: cli
0x12b7d: jmp 0x12b7c
0x12b7f: mov ax, 0x3524
0x12b82: int 0x21
0x12b84: mov word ptr [bp + 0x25b], es
0x12b88: mov word ptr [bp + 0x25d], bx
0x12b8c: push cs
0x12b8d: pop es
0x12b8e: mov ax, 0x2524
0x12b91: mov dx, 0x258
0x12b94: int 0x21
0x12b96: mov ah, 0x1a
0x12b98: mov dx, 0xfc00
2018-12-25T12:44:13.286128516Z 53 PC: 12b84 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:44:13.289316991Z 37 PC: 12b96 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:44:13.293352671Z 26 PC: 12b9e | Set disk transfer address
2018-12-25T12:44:13.294635442Z 78 PC: 12ba8 | Find first file
2018-12-25T12:44:13.301580694Z 67 PC: 12bbe | Get or set file attributes
2018-12-25T12:44:13.307876892Z 67 PC: 12bc6 | Get or set file attributes
2018-12-25T12:44:13.324861439Z 61 PC: 12bcb | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:44:13.332812077Z 87 PC: 12bd1 | Get or set file date and time
2018-12-25T12:44:13.334470315Z 63 PC: 12bde | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:44:13.342172121Z 66 PC: 12c05 | Move file pointer
2018-12-25T12:44:13.344552533Z 87 PC: 12c88 | Get or set file date and time
2018-12-25T12:44:13.346520801Z 62 PC: 12c8c | Close file
2018-12-25T12:44:13.355924268Z 67 PC: 12c96 | Get or set file attributes
2018-12-25T12:44:13.367669568Z 79 PC: 12ba8 | Find next file (See above)
2018-12-25T12:44:13.370617109Z 67 PC: 12bbe | Get or set file attributes (See above)
2018-12-25T12:44:13.377055552Z 67 PC: 12bc6 | Get or set file attributes (See above)
2018-12-25T12:44:13.392494181Z 61 PC: 12bcb | Open file (See above)
2018-12-25T12:44:13.400092647Z 87 PC: 12bd1 | Get or set file date and time (See above)
2018-12-25T12:44:13.401694718Z 63 PC: 12bde | Read file or device (See above)
2018-12-25T12:44:13.409856981Z 66 PC: 12c05 | Move file pointer (See above)
2018-12-25T12:44:13.412180274Z 87 PC: 12c88 | Get or set file date and time (See above)
2018-12-25T12:44:13.414242435Z 62 PC: 12c8c | Close file (See above)
2018-12-25T12:44:13.425456702Z 67 PC: 12c96 | Get or set file attributes (See above)
2018-12-25T12:44:13.434912622Z 79 PC: 12ba8 | Find next file (See above)
2018-12-25T12:44:13.437858401Z 67 PC: 12bbe | Get or set file attributes (See above)
2018-12-25T12:44:13.443948183Z 67 PC: 12bc6 | Get or set file attributes (See above)
2018-12-25T12:44:13.45878637Z 61 PC: 12bcb | Open file (See above)
2018-12-25T12:44:13.466098031Z 87 PC: 12bd1 | Get or set file date and time (See above)
2018-12-25T12:44:13.467700644Z 63 PC: 12bde | Read file or device (See above)
2018-12-25T12:44:13.47589774Z 66 PC: 12c05 | Move file pointer (See above)
2018-12-25T12:44:13.47755561Z 87 PC: 12c88 | Get or set file date and time (See above)
2018-12-25T12:44:13.479065877Z 62 PC: 12c8c | Close file (See above)
2018-12-25T12:44:13.487624339Z 67 PC: 12c96 | Get or set file attributes (See above)
2018-12-25T12:44:13.498620618Z 79 PC: 12ba8 | Find next file (See above)
2018-12-25T12:44:13.501293927Z 67 PC: 12bbe | Get or set file attributes (See above)
2018-12-25T12:44:13.507985178Z 67 PC: 12bc6 | Get or set file attributes (See above)
2018-12-25T12:44:13.518227221Z 61 PC: 12bcb | Open file (See above)
2018-12-25T12:44:13.522530645Z 87 PC: 12bd1 | Get or set file date and time (See above)
2018-12-25T12:44:13.531898451Z 63 PC: 12bde | Read file or device (See above)
2018-12-25T12:44:13.539230548Z 66 PC: 12c05 | Move file pointer (See above)
2018-12-25T12:44:13.541471834Z 87 PC: 12c88 | Get or set file date and time (See above)
2018-12-25T12:44:13.543310866Z 62 PC: 12c8c | Close file (See above)
2018-12-25T12:44:13.728686635Z 67 PC: 12c96 | Get or set file attributes (See above)
2018-12-25T12:44:14.155511258Z 79 PC: 12ba8 | Find next file (See above)
2018-12-25T12:44:14.159136826Z 67 PC: 12bbe | Get or set file attributes (See above)
2018-12-25T12:44:14.165399067Z 67 PC: 12bc6 | Get or set file attributes (See above)
2018-12-25T12:44:14.181777318Z 61 PC: 12bcb | Open file (See above)
2018-12-25T12:44:14.18952408Z 87 PC: 12bd1 | Get or set file date and time (See above)
2018-12-25T12:44:14.191158412Z 63 PC: 12bde | Read file or device (See above)
2018-12-25T12:44:14.198324671Z 66 PC: 12c05 | Move file pointer (See above)
2018-12-25T12:44:14.199956692Z 87 PC: 12c88 | Get or set file date and time (See above)
2018-12-25T12:44:14.201625355Z 62 PC: 12c8c | Close file (See above)
2018-12-25T12:44:14.209783191Z 67 PC: 12c96 | Get or set file attributes (See above)
2018-12-25T12:44:14.220670826Z 79 PC: 12ba8 | Find next file (See above)
2018-12-25T12:44:14.223899594Z 67 PC: 12bbe | Get or set file attributes (See above)
2018-12-25T12:44:14.230283062Z 67 PC: 12bc6 | Get or set file attributes (See above)
2018-12-25T12:44:14.241358382Z 61 PC: 12bcb | Open file (See above)
2018-12-25T12:44:14.250044084Z 87 PC: 12bd1 | Get or set file date and time (See above)
2018-12-25T12:44:14.252095222Z 63 PC: 12bde | Read file or device (See above)
2018-12-25T12:44:14.259726143Z 66 PC: 12c05 | Move file pointer (See above)
2018-12-25T12:44:14.262634041Z 87 PC: 12c88 | Get or set file date and time (See above)
2018-12-25T12:44:14.264396888Z 62 PC: 12c8c | Close file (See above)
2018-12-25T12:44:14.275257621Z 67 PC: 12c96 | Get or set file attributes (See above)
2018-12-25T12:44:14.283837203Z 79 PC: 12ba8 | Find next file (See above)
2018-12-25T12:44:14.2868685Z 67 PC: 12bbe | Get or set file attributes (See above)
2018-12-25T12:44:14.29329167Z 67 PC: 12bc6 | Get or set file attributes (See above)
2018-12-25T12:44:14.319031881Z 61 PC: 12bcb | Open file (See above)
2018-12-25T12:44:14.327533099Z 87 PC: 12bd1 | Get or set file date and time (See above)
2018-12-25T12:44:14.33021175Z 63 PC: 12bde | Read file or device (See above)
2018-12-25T12:44:14.337733116Z 66 PC: 12c05 | Move file pointer (See above)
2018-12-25T12:44:14.340826277Z 87 PC: 12c88 | Get or set file date and time (See above)
2018-12-25T12:44:14.34288146Z 62 PC: 12c8c | Close file (See above)
2018-12-25T12:44:14.351089102Z 67 PC: 12c96 | Get or set file attributes (See above)
2018-12-25T12:44:14.363052734Z 79 PC: 12ba8 | Find next file (See above)
2018-12-25T12:44:14.366493643Z 67 PC: 12bbe | Get or set file attributes (See above)
2018-12-25T12:44:14.372917985Z 67 PC: 12bc6 | Get or set file attributes (See above)
2018-12-25T12:44:14.384274679Z 61 PC: 12bcb | Open file (See above)
2018-12-25T12:44:14.397456342Z 87 PC: 12bd1 | Get or set file date and time (See above)
2018-12-25T12:44:14.399346034Z 63 PC: 12bde | Read file or device (See above)
2018-12-25T12:44:14.406975225Z 66 PC: 12c05 | Move file pointer (See above)
2018-12-25T12:44:14.409539053Z 87 PC: 12c88 | Get or set file date and time (See above)
2018-12-25T12:44:14.411580198Z 62 PC: 12c8c | Close file (See above)
2018-12-25T12:44:14.41681523Z 67 PC: 12c96 | Get or set file attributes (See above)
2018-12-25T12:44:14.42865584Z 79 PC: 12ba8 | Find next file (See above)
2018-12-25T12:44:14.432784774Z 37 PC: 12c71 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:44:14.434094912Z 26 PC: 12c7a | Set disk transfer address

{"DateBased":true,"Day":30,"Month":4,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15696,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:44:13.353971045Z 42 PC: 12b6a | Get date 0x12b6a: cmp dh, 4
0x12b6d: jne 0x12b7f
0x12b6f: cmp dl, 0x1e
0x12b72: jne 0x12b7f
0x12b74: mov ah, 9
0x12b76: lea dx, word ptr [bp + 0x26d]
0x12b7a: int 0x21
0x12b7c: cli
0x12b7d: jmp 0x12b7c
0x12b7f: mov ax, 0x3524
0x12b82: int 0x21
0x12b84: mov word ptr [bp + 0x25b], es
0x12b88: mov word ptr [bp + 0x25d], bx
0x12b8c: push cs
0x12b8d: pop es
0x12b8e: mov ax, 0x2524
0x12b91: mov dx, 0x258
0x12b94: int 0x21
0x12b96: mov ah, 0x1a
0x12b98: mov dx, 0xfc00
2018-12-25T12:44:13.356521662Z 9 PC: 12b7c | Display string (String= ' "NightBird goes, Along with the Queen..." ')