Sample viewer

vx.netlux.org/Virus.DOS.VrapExe.3730

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:08:05.533960795Z 42 PC: 14927 | Get date 0x14927: cmp dh, 6
0x1492a: je 0x1492f
0x1492c: jmp 0x149c6
0x1492f: mov byte ptr cs:[0x24], 2
0x14935: mov al, byte ptr [0x24]
0x14938: mov cx, 0x64
0x1493b: test dx, ax
0x1493d: xor dx, dx
0x1493f: inc dx
0x14940: mov dx, dx
0x14942: mov bx, 0
0x14945: test dx, bp
0x14947: int 0x25
0x14949: add sp, 2
0x1494c: clc
0x1494d: mov word ptr [0x55f], ds
0x14951: push di
0x14952: pop di
0x14953: mov cx, 0xffff
0x14956: test cx, di
2018-12-17T23:08:05.53730981Z 42 PC: 14562 | Get date 0x14562: test dx, bx
0x14564: mov byte ptr [0x2b], al
0x14567: mov byte ptr cs:[0x2e], 0
0x1456d: or dl, dl
0x1456f: mov ah, 0x2f
0x14571: and cx, cx
0x14573: int 0x21
0x14575: and si, si
0x14577: mov word ptr [0x27], bx
0x1457b: xchg ah, ah
0x1457d: mov word ptr [0x29], es
0x14581: test si, cx
0x14583: mov ax, cs
0x14585: and dl, dl
0x14587: mov es, ax
0x14589: mov ah, 0x1a
0x1458b: test si, bx
0x1458d: mov dx, 0xdc7
0x14590: test bp, bx
0x14592: int 0x21
2018-12-17T23:08:05.539559789Z 47 PC: 14575 | Get disk transfer address
2018-12-17T23:08:05.54077323Z 26 PC: 14594 | Set disk transfer address
2018-12-17T23:08:05.542729988Z 53 PC: 1459b | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:08:05.544790401Z 37 PC: 145bb | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:08:05.546840885Z 44 PC: 14bab | Get time 0x14bab: xor ax, ax
0x14bad: add al, ch
0x14baf: and si, si
0x14bb1: xor ch, ch
0x14bb3: test bp, si
0x14bb5: add ax, cx
0x14bb7: test ax, dx
0x14bb9: xchg dh, dl
0x14bbb: mov cx, dx
0x14bbd: test si, bp
0x14bbf: xor ch, ch
0x14bc1: add ax, cx
0x14bc3: test cx, bx
0x14bc5: xchg dh, dl
0x14bc7: mov cx, dx
0x14bc9: xor ch, ch
0x14bcb: mul cx
0x14bcd: pop bp
0x14bce: mov cx, bp
0x14bd0: div cx
2018-12-17T23:08:05.570349202Z 44 PC: 14bab | Get time 0x14bab: xor ax, ax
0x14bad: add al, ch
0x14baf: and si, si
0x14bb1: xor ch, ch
0x14bb3: mov al, al
0x14bb5: add ax, cx
0x14bb7: xchg cl, cl
0x14bb9: xchg dh, dl
0x14bbb: mov cx, dx
0x14bbd: push cx
0x14bbe: pop cx
0x14bbf: xor ch, ch
0x14bc1: add ax, cx
0x14bc3: test dx, ax
0x14bc5: xchg dh, dl
0x14bc7: mov cx, dx
0x14bc9: xor ch, ch
0x14bcb: mul cx
0x14bcd: pop bp
0x14bce: mov cx, bp
2018-12-17T23:08:05.573177108Z 25 PC: 14795 | Get default drive
2018-12-17T23:08:05.574558545Z 54 PC: 147aa | Get free disk space
2018-12-17T23:08:05.584551498Z 42 PC: 14a18 | Get date 0x14a18: mov cl, cl
0x14a1a: and al, 1
0x14a1c: cmp al, 1
0x14a1e: jne 0x14a24
0x14a20: clc
0x14a21: jmp 0x14a25
0x14a23: nop
0x14a24: stc
0x14a25: pop ds
0x14a26: pop es
0x14a27: pop di
0x14a28: pop si
0x14a29: pop dx
0x14a2a: pop cx
0x14a2b: pop bx
0x14a2c: pop ax
0x14a2d: ret
0x14a2e: pushf
0x14a2f: push es
0x14a30: push ax
2018-12-17T23:08:05.588130545Z 78 PC: 14aa7 | Find first file
2018-12-17T23:08:05.595010788Z 79 PC: 14ad3 | Find next file
2018-12-17T23:08:05.59829464Z 79 PC: 14ad3 | Find next file
2018-12-17T23:08:05.601941115Z 79 PC: 14ad3 | Find next file
2018-12-17T23:08:05.604773849Z 79 PC: 14ad3 | Find next file
2018-12-17T23:08:05.607733652Z 79 PC: 14ad3 | Find next file
2018-12-17T23:08:05.611569102Z 79 PC: 14ad3 | Find next file
2018-12-17T23:08:05.61426015Z 79 PC: 14ad3 | Find next file
2018-12-17T23:08:05.616965986Z 79 PC: 14ad3 | Find next file
2018-12-17T23:08:05.620550895Z 79 PC: 14ad3 | Find next file
2018-12-17T23:08:05.623978868Z 44 PC: 14bab | Get time 0x14bab: xor ax, ax
0x14bad: add al, ch
0x14baf: and si, si
0x14bb1: xor ch, ch
0x14bb3: mov al, al
0x14bb5: add ax, cx
0x14bb7: xchg cl, cl
0x14bb9: xchg dh, dl
0x14bbb: mov cx, dx
0x14bbd: push cx
0x14bbe: pop cx
0x14bbf: xor ch, ch
0x14bc1: add ax, cx
0x14bc3: test dx, ax
0x14bc5: xchg dh, dl
0x14bc7: mov cx, dx
0x14bc9: xor ch, ch
0x14bcb: mul cx
0x14bcd: pop bp
0x14bce: mov cx, bp
2018-12-17T23:08:05.626426178Z 44 PC: 1465f | Get time 0x1465f: test cx, dx
0x14661: mov byte ptr [0x2c], dh
0x14665: mov al, byte ptr [0x2d]
0x14668: and ah, ah
0x1466a: mov dx, 0xd2d
0x1466d: xchg cx, cx
0x1466f: call 0x14ae9
0x14672: test si, dx
0x14674: test ax, bp
0x14676: or bx, bx
0x14678: mov dx, 0xd2d
0x1467b: and dh, dh
0x1467d: call 0x14bde
0x14680: mov al, byte ptr [0x2e]
0x14683: test ax, dx
0x14685: and al, 2
0x14687: and bh, bh
0x14689: cmp al, 2
0x1468b: je 0x146f5
0x1468d: mov byte ptr [0xd30], 0
2018-12-17T23:08:05.629383868Z 78 PC: 14b24 | Find first file
2018-12-17T23:08:05.636139626Z 79 PC: 14b5f | Find next file
2018-12-17T23:08:05.639222511Z 79 PC: 14b5f | Find next file
2018-12-17T23:08:05.64333965Z 79 PC: 14b5f | Find next file
2018-12-17T23:08:05.646417014Z 79 PC: 14b5f | Find next file
2018-12-17T23:08:05.649471275Z 79 PC: 14b5f | Find next file
2018-12-17T23:08:05.652220903Z 79 PC: 14b5f | Find next file
2018-12-17T23:08:05.666738081Z 79 PC: 14b5f | Find next file
2018-12-17T23:08:05.670522334Z 79 PC: 14b5f | Find next file
2018-12-17T23:08:05.674410983Z 79 PC: 14b5f | Find next file
2018-12-17T23:08:05.678217719Z 78 PC: 14d3a | Find first file
2018-12-17T23:08:05.684672191Z 78 PC: 14d3a | Find first file
2018-12-17T23:08:05.691090255Z 78 PC: 14c61 | Find first file
2018-12-17T23:08:05.705157285Z 37 PC: 1470a | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:08:05.706651424Z 26 PC: 14717 | Set disk transfer address
2018-12-17T23:08:05.708427803Z 53 PC: 12d2a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:08:05.710835439Z 53 PC: 12d2a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:08:05.721895898Z 53 PC: 12d2a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:08:05.724092828Z 53 PC: 12d2a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:08:05.736135073Z 53 PC: 12d2a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:08:05.737471525Z 53 PC: 12d2a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:08:05.738729841Z 53 PC: 12d2a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:08:05.740942039Z 53 PC: 12d2a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:08:05.742242934Z 53 PC: 12d2a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:08:05.743489027Z 53 PC: 12d2a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:08:05.744728436Z 53 PC: 12d2a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:08:05.746467325Z 53 PC: 12d2a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:08:05.747683801Z 53 PC: 12d2a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:08:05.748887864Z 53 PC: 12d2a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:08:05.751766916Z 53 PC: 12d2a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:08:05.753358087Z 53 PC: 12d2a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:08:05.75493991Z 53 PC: 12d2a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:08:05.757300247Z 53 PC: 12d2a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:08:05.75932342Z 53 PC: 12d2a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:08:05.761254259Z 37 PC: 12d3f | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:08:05.763827926Z 37 PC: 12d47 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:08:05.767115516Z 37 PC: 12d4f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:08:05.76987331Z 37 PC: 12d57 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:08:05.772985811Z 68 PC: 1335a | I/O control for devices (Set for = '0 ')
2018-12-17T23:08:05.775082411Z 64 PC: 130ed | Write file or device (Write 2 bytes on handle 1)
2018-12-17T23:08:05.780528688Z 64 PC: 130ed | Write file or device (Write 28 bytes on handle 1)
2018-12-17T23:08:05.787006685Z 64 PC: 130ed | Write file or device (Write 2 bytes on handle 1)
2018-12-17T23:08:05.792018275Z 64 PC: 130ed | Write file or device (Write 29 bytes on handle 1)
2018-12-17T23:08:05.798813928Z 64 PC: 130ed | Write file or device (Write 2 bytes on handle 1)
2018-12-17T23:08:05.804300822Z 64 PC: 130ed | Write file or device (Write 43 bytes on handle 1)
2018-12-17T23:08:05.810992981Z 63 PC: 13096 | Read file or device (Read 128 bytes on handle 0)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16085,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:45:22.531433822Z 42 PC: 14927 | Get date 0x14927: cmp dh, 6
0x1492a: je 0x1492f
0x1492c: jmp 0x149c6
0x1492f: mov byte ptr cs:[0x24], 2
0x14935: mov al, byte ptr [0x24]
0x14938: mov cx, 0x64
0x1493b: test dx, ax
0x1493d: xor dx, dx
0x1493f: inc dx
0x14940: mov dx, dx
0x14942: mov bx, 0
0x14945: test dx, bp
0x14947: int 0x25
0x14949: add sp, 2
0x1494c: clc
0x1494d: mov word ptr [0x55f], ds
0x14951: push di
0x14952: pop di
0x14953: mov cx, 0xffff
0x14956: test cx, di
2018-12-25T12:45:22.534072801Z 42 PC: 14562 | Get date 0x14562: test dx, bx
0x14564: mov byte ptr [0x2b], al
0x14567: mov byte ptr cs:[0x2e], 0
0x1456d: or dl, dl
0x1456f: mov ah, 0x2f
0x14571: and cx, cx
0x14573: int 0x21
0x14575: and si, si
0x14577: mov word ptr [0x27], bx
0x1457b: xchg ah, ah
0x1457d: mov word ptr [0x29], es
0x14581: test si, cx
0x14583: mov ax, cs
0x14585: and dl, dl
0x14587: mov es, ax
0x14589: mov ah, 0x1a
0x1458b: test si, bx
0x1458d: mov dx, 0xdc7
0x14590: test bp, bx
0x14592: int 0x21
2018-12-25T12:45:22.536140055Z 47 PC: 14575 | Get disk transfer address
2018-12-25T12:45:22.537136131Z 26 PC: 14594 | Set disk transfer address
2018-12-25T12:45:22.5387933Z 53 PC: 1459b | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:45:22.540989159Z 37 PC: 145bb | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:45:22.543493408Z 44 PC: 14bab | Get time 0x14bab: xor ax, ax
0x14bad: add al, ch
0x14baf: and si, si
0x14bb1: xor ch, ch
0x14bb3: test bp, si
0x14bb5: add ax, cx
0x14bb7: test ax, dx
0x14bb9: xchg dh, dl
0x14bbb: mov cx, dx
0x14bbd: test si, bp
0x14bbf: xor ch, ch
0x14bc1: add ax, cx
0x14bc3: test cx, bx
0x14bc5: xchg dh, dl
0x14bc7: mov cx, dx
0x14bc9: xor ch, ch
0x14bcb: mul cx
0x14bcd: pop bp
0x14bce: mov cx, bp
0x14bd0: div cx
2018-12-25T12:45:22.586289722Z 44 PC: 14bab | Get time (See above)
2018-12-25T12:45:22.588642251Z 25 PC: 14795 | Get default drive
2018-12-25T12:45:22.589773348Z 54 PC: 147aa | Get free disk space
2018-12-25T12:45:22.607192575Z 42 PC: 14a18 | Get date 0x14a18: mov cl, cl
0x14a1a: and al, 1
0x14a1c: cmp al, 1
0x14a1e: jne 0x14a24
0x14a20: clc
0x14a21: jmp 0x14a25
0x14a23: nop
0x14a24: stc
0x14a25: pop ds
0x14a26: pop es
0x14a27: pop di
0x14a28: pop si
0x14a29: pop dx
0x14a2a: pop cx
0x14a2b: pop bx
0x14a2c: pop ax
0x14a2d: ret
0x14a2e: pushf
0x14a2f: push es
0x14a30: push ax
2018-12-25T12:45:22.609823216Z 37 PC: 1470a | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:45:22.611340777Z 26 PC: 14717 | Set disk transfer address
2018-12-25T12:45:22.613477996Z 53 PC: 12d2a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:45:22.615775928Z 53 PC: 12d2a | Get interrupt vector (See above)
2018-12-25T12:45:22.617434429Z 53 PC: 12d2a | Get interrupt vector (See above)
2018-12-25T12:45:22.619030772Z 53 PC: 12d2a | Get interrupt vector (See above)
2018-12-25T12:45:22.620645756Z 53 PC: 12d2a | Get interrupt vector (See above)
2018-12-25T12:45:22.621755149Z 53 PC: 12d2a | Get interrupt vector (See above)
2018-12-25T12:45:22.622836344Z 53 PC: 12d2a | Get interrupt vector (See above)
2018-12-25T12:45:22.624501088Z 53 PC: 12d2a | Get interrupt vector (See above)
2018-12-25T12:45:22.62569103Z 53 PC: 12d2a | Get interrupt vector (See above)
2018-12-25T12:45:22.626883602Z 53 PC: 12d2a | Get interrupt vector (See above)
2018-12-25T12:45:22.628799782Z 53 PC: 12d2a | Get interrupt vector (See above)
2018-12-25T12:45:22.630005733Z 53 PC: 12d2a | Get interrupt vector (See above)
2018-12-25T12:45:22.631258398Z 53 PC: 12d2a | Get interrupt vector (See above)
2018-12-25T12:45:22.632816455Z 53 PC: 12d2a | Get interrupt vector (See above)
2018-12-25T12:45:22.633802096Z 53 PC: 12d2a | Get interrupt vector (See above)
2018-12-25T12:45:22.634766257Z 53 PC: 12d2a | Get interrupt vector (See above)
2018-12-25T12:45:22.636610574Z 53 PC: 12d2a | Get interrupt vector (See above)
2018-12-25T12:45:22.638926834Z 53 PC: 12d2a | Get interrupt vector (See above)
2018-12-25T12:45:22.651403136Z 53 PC: 12d2a | Get interrupt vector (See above)
2018-12-25T12:45:22.652775201Z 37 PC: 12d3f | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:45:22.653624557Z 37 PC: 12d47 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:45:22.654410184Z 37 PC: 12d4f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:45:22.658679242Z 37 PC: 12d57 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-25T12:45:22.659858756Z 68 PC: 1335a | I/O control for devices (Set for = '0 ')
2018-12-25T12:45:22.661070565Z 64 PC: 130ed | Write file or device (Write 2 bytes on handle 1)
2018-12-25T12:45:22.667766507Z 64 PC: 130ed | Write file or device (See above)
2018-12-25T12:45:22.671172092Z 64 PC: 130ed | Write file or device (See above)
2018-12-25T12:45:22.673823967Z 64 PC: 130ed | Write file or device (See above)
2018-12-25T12:45:22.677814583Z 64 PC: 130ed | Write file or device (See above)
2018-12-25T12:45:22.68048804Z 64 PC: 130ed | Write file or device (See above)
2018-12-25T12:45:22.68409964Z 63 PC: 13096 | Read file or device (Read 128 bytes on handle 0)

{"DateBased":true,"Day":1,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16085,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:45:22.487353406Z 42 PC: 14927 | Get date 0x14927: cmp dh, 6
0x1492a: je 0x1492f
0x1492c: jmp 0x149c6
0x1492f: mov byte ptr cs:[0x24], 2
0x14935: mov al, byte ptr [0x24]
0x14938: mov cx, 0x64
0x1493b: test dx, ax
0x1493d: xor dx, dx
0x1493f: inc dx
0x14940: mov dx, dx
0x14942: mov bx, 0
0x14945: test dx, bp
0x14947: int 0x25
0x14949: add sp, 2
0x1494c: clc
0x1494d: mov word ptr [0x55f], ds
0x14951: push di
0x14952: pop di
0x14953: mov cx, 0xffff
0x14956: test cx, di

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16085,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:45:23.01648321Z 42 PC: 14927 | Get date 0x14927: cmp dh, 6
0x1492a: je 0x1492f
0x1492c: jmp 0x149c6
0x1492f: mov byte ptr cs:[0x24], 2
0x14935: mov al, byte ptr [0x24]
0x14938: mov cx, 0x64
0x1493b: test dx, ax
0x1493d: xor dx, dx
0x1493f: inc dx
0x14940: mov dx, dx
0x14942: mov bx, 0
0x14945: test dx, bp
0x14947: int 0x25
0x14949: add sp, 2
0x1494c: clc
0x1494d: mov word ptr [0x55f], ds
0x14951: push di
0x14952: pop di
0x14953: mov cx, 0xffff
0x14956: test cx, di
2018-12-25T12:45:23.018639509Z 42 PC: 14562 | Get date 0x14562: test dx, bx
0x14564: mov byte ptr [0x2b], al
0x14567: mov byte ptr cs:[0x2e], 0
0x1456d: or dl, dl
0x1456f: mov ah, 0x2f
0x14571: and cx, cx
0x14573: int 0x21
0x14575: and si, si
0x14577: mov word ptr [0x27], bx
0x1457b: xchg ah, ah
0x1457d: mov word ptr [0x29], es
0x14581: test si, cx
0x14583: mov ax, cs
0x14585: and dl, dl
0x14587: mov es, ax
0x14589: mov ah, 0x1a
0x1458b: test si, bx
0x1458d: mov dx, 0xdc7
0x14590: test bp, bx
0x14592: int 0x21
2018-12-25T12:45:23.021101391Z 47 PC: 14575 | Get disk transfer address
2018-12-25T12:45:23.022206277Z 26 PC: 14594 | Set disk transfer address
2018-12-25T12:45:23.023747908Z 53 PC: 1459b | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:45:23.024813857Z 37 PC: 145bb | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:45:23.026061145Z 44 PC: 14bab | Get time 0x14bab: xor ax, ax
0x14bad: add al, ch
0x14baf: and si, si
0x14bb1: xor ch, ch
0x14bb3: test bp, si
0x14bb5: add ax, cx
0x14bb7: test ax, dx
0x14bb9: xchg dh, dl
0x14bbb: mov cx, dx
0x14bbd: test si, bp
0x14bbf: xor ch, ch
0x14bc1: add ax, cx
0x14bc3: test cx, bx
0x14bc5: xchg dh, dl
0x14bc7: mov cx, dx
0x14bc9: xor ch, ch
0x14bcb: mul cx
0x14bcd: pop bp
0x14bce: mov cx, bp
0x14bd0: div cx
2018-12-25T12:45:23.038787612Z 44 PC: 14bab | Get time (See above)
2018-12-25T12:45:23.041225066Z 25 PC: 14795 | Get default drive
2018-12-25T12:45:23.042167554Z 54 PC: 147aa | Get free disk space
2018-12-25T12:45:23.050355853Z 42 PC: 14a18 | Get date 0x14a18: mov cl, cl
0x14a1a: and al, 1
0x14a1c: cmp al, 1
0x14a1e: jne 0x14a24
0x14a20: clc
0x14a21: jmp 0x14a25
0x14a23: nop
0x14a24: stc
0x14a25: pop ds
0x14a26: pop es
0x14a27: pop di
0x14a28: pop si
0x14a29: pop dx
0x14a2a: pop cx
0x14a2b: pop bx
0x14a2c: pop ax
0x14a2d: ret
0x14a2e: pushf
0x14a2f: push es
0x14a30: push ax
2018-12-25T12:45:23.052810903Z 37 PC: 1470a | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:45:23.053926907Z 26 PC: 14717 | Set disk transfer address
2018-12-25T12:45:23.055506559Z 53 PC: 12d2a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:45:23.056729415Z 53 PC: 12d2a | Get interrupt vector (See above)
2018-12-25T12:45:23.057654599Z 53 PC: 12d2a | Get interrupt vector (See above)
2018-12-25T12:45:23.058574253Z 53 PC: 12d2a | Get interrupt vector (See above)
2018-12-25T12:45:23.059859898Z 53 PC: 12d2a | Get interrupt vector (See above)
2018-12-25T12:45:23.060821437Z 53 PC: 12d2a | Get interrupt vector (See above)
2018-12-25T12:45:23.061662169Z 53 PC: 12d2a | Get interrupt vector (See above)
2018-12-25T12:45:23.063002012Z 53 PC: 12d2a | Get interrupt vector (See above)
2018-12-25T12:45:23.063794624Z 53 PC: 12d2a | Get interrupt vector (See above)
2018-12-25T12:45:23.064588942Z 53 PC: 12d2a | Get interrupt vector (See above)
2018-12-25T12:45:23.065771976Z 53 PC: 12d2a | Get interrupt vector (See above)
2018-12-25T12:45:23.066940894Z 53 PC: 12d2a | Get interrupt vector (See above)
2018-12-25T12:45:23.068763546Z 53 PC: 12d2a | Get interrupt vector (See above)
2018-12-25T12:45:23.070085145Z 53 PC: 12d2a | Get interrupt vector (See above)
2018-12-25T12:45:23.071204747Z 53 PC: 12d2a | Get interrupt vector (See above)
2018-12-25T12:45:23.072191057Z 53 PC: 12d2a | Get interrupt vector (See above)
2018-12-25T12:45:23.073596774Z 53 PC: 12d2a | Get interrupt vector (See above)
2018-12-25T12:45:23.074726745Z 53 PC: 12d2a | Get interrupt vector (See above)
2018-12-25T12:45:23.075816021Z 53 PC: 12d2a | Get interrupt vector (See above)
2018-12-25T12:45:23.077133951Z 37 PC: 12d3f | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:45:23.078179769Z 37 PC: 12d47 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:45:23.079202401Z 37 PC: 12d4f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:45:23.080422908Z 37 PC: 12d57 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-25T12:45:23.081576095Z 68 PC: 1335a | I/O control for devices (Set for = '0 ')
2018-12-25T12:45:23.082726082Z 64 PC: 130ed | Write file or device (Write 2 bytes on handle 1)
2018-12-25T12:45:23.085720858Z 64 PC: 130ed | Write file or device (See above)
2018-12-25T12:45:23.08891666Z 64 PC: 130ed | Write file or device (See above)
2018-12-25T12:45:23.091722466Z 64 PC: 130ed | Write file or device (See above)
2018-12-25T12:45:23.096188585Z 64 PC: 130ed | Write file or device (See above)
2018-12-25T12:45:23.099303865Z 64 PC: 130ed | Write file or device (See above)
2018-12-25T12:45:23.105131569Z 63 PC: 13096 | Read file or device (Read 128 bytes on handle 0)

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16085,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:45:23.58939232Z 42 PC: 14927 | Get date 0x14927: cmp dh, 6
0x1492a: je 0x1492f
0x1492c: jmp 0x149c6
0x1492f: mov byte ptr cs:[0x24], 2
0x14935: mov al, byte ptr [0x24]
0x14938: mov cx, 0x64
0x1493b: test dx, ax
0x1493d: xor dx, dx
0x1493f: inc dx
0x14940: mov dx, dx
0x14942: mov bx, 0
0x14945: test dx, bp
0x14947: int 0x25
0x14949: add sp, 2
0x1494c: clc
0x1494d: mov word ptr [0x55f], ds
0x14951: push di
0x14952: pop di
0x14953: mov cx, 0xffff
0x14956: test cx, di
2018-12-25T12:45:23.592360627Z 42 PC: 14562 | Get date 0x14562: test dx, bx
0x14564: mov byte ptr [0x2b], al
0x14567: mov byte ptr cs:[0x2e], 0
0x1456d: or dl, dl
0x1456f: mov ah, 0x2f
0x14571: and cx, cx
0x14573: int 0x21
0x14575: and si, si
0x14577: mov word ptr [0x27], bx
0x1457b: xchg ah, ah
0x1457d: mov word ptr [0x29], es
0x14581: test si, cx
0x14583: mov ax, cs
0x14585: and dl, dl
0x14587: mov es, ax
0x14589: mov ah, 0x1a
0x1458b: test si, bx
0x1458d: mov dx, 0xdc7
0x14590: test bp, bx
0x14592: int 0x21
2018-12-25T12:45:23.594695714Z 47 PC: 14575 | Get disk transfer address
2018-12-25T12:45:23.599448055Z 26 PC: 14594 | Set disk transfer address
2018-12-25T12:45:23.601310296Z 53 PC: 1459b | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:45:23.603259031Z 37 PC: 145bb | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:45:23.604796079Z 44 PC: 14bab | Get time 0x14bab: xor ax, ax
0x14bad: add al, ch
0x14baf: and si, si
0x14bb1: xor ch, ch
0x14bb3: test bp, si
0x14bb5: add ax, cx
0x14bb7: test ax, dx
0x14bb9: xchg dh, dl
0x14bbb: mov cx, dx
0x14bbd: test si, bp
0x14bbf: xor ch, ch
0x14bc1: add ax, cx
0x14bc3: test cx, bx
0x14bc5: xchg dh, dl
0x14bc7: mov cx, dx
0x14bc9: xor ch, ch
0x14bcb: mul cx
0x14bcd: pop bp
0x14bce: mov cx, bp
0x14bd0: div cx
2018-12-25T12:45:23.617683093Z 44 PC: 14bab | Get time (See above)
2018-12-25T12:45:23.619185859Z 25 PC: 14795 | Get default drive
2018-12-25T12:45:23.619943238Z 54 PC: 147aa | Get free disk space
2018-12-25T12:45:23.626354877Z 42 PC: 14a18 | Get date 0x14a18: mov cl, cl
0x14a1a: and al, 1
0x14a1c: cmp al, 1
0x14a1e: jne 0x14a24
0x14a20: clc
0x14a21: jmp 0x14a25
0x14a23: nop
0x14a24: stc
0x14a25: pop ds
0x14a26: pop es
0x14a27: pop di
0x14a28: pop si
0x14a29: pop dx
0x14a2a: pop cx
0x14a2b: pop bx
0x14a2c: pop ax
0x14a2d: ret
0x14a2e: pushf
0x14a2f: push es
0x14a30: push ax
2018-12-25T12:45:23.62794151Z 78 PC: 14aa7 | Find first file
2018-12-25T12:45:23.633029655Z 79 PC: 14ad3 | Find next file
2018-12-25T12:45:23.635746316Z 79 PC: 14ad3 | Find next file (See above)
2018-12-25T12:45:23.641427937Z 79 PC: 14ad3 | Find next file (See above)
2018-12-25T12:45:23.644122758Z 79 PC: 14ad3 | Find next file (See above)
2018-12-25T12:45:23.650359776Z 79 PC: 14ad3 | Find next file (See above)
2018-12-25T12:45:23.653221993Z 79 PC: 14ad3 | Find next file (See above)
2018-12-25T12:45:23.655543284Z 79 PC: 14ad3 | Find next file (See above)
2018-12-25T12:45:23.658715545Z 79 PC: 14ad3 | Find next file (See above)
2018-12-25T12:45:23.662531837Z 79 PC: 14ad3 | Find next file (See above)
2018-12-25T12:45:23.664145219Z 44 PC: 14bab | Get time (See above)
2018-12-25T12:45:23.665880015Z 44 PC: 1465f | Get time 0x1465f: test cx, dx
0x14661: mov byte ptr [0x2c], dh
0x14665: mov al, byte ptr [0x2d]
0x14668: push bp
0x14669: pop bp
0x1466a: mov dx, 0xd2d
0x1466d: xchg cx, cx
0x1466f: call 0x14ae9
0x14672: test si, dx
0x14674: test ax, bp
0x14676: and si, si
0x14678: mov dx, 0xd2d
0x1467b: and dh, dh
0x1467d: call 0x14bde
0x14680: mov al, byte ptr [0x2e]
0x14683: test ax, dx
0x14685: and al, 2
0x14687: and bh, bh
0x14689: cmp al, 2
0x1468b: je 0x146f5
2018-12-25T12:45:23.667989836Z 78 PC: 14b24 | Find first file
2018-12-25T12:45:23.671585849Z 79 PC: 14b5f | Find next file
2018-12-25T12:45:23.673268083Z 79 PC: 14b5f | Find next file (See above)
2018-12-25T12:45:23.675518217Z 79 PC: 14b5f | Find next file (See above)
2018-12-25T12:45:23.677608382Z 79 PC: 14b5f | Find next file (See above)
2018-12-25T12:45:23.679318206Z 79 PC: 14b5f | Find next file (See above)
2018-12-25T12:45:23.681556649Z 79 PC: 14b5f | Find next file (See above)
2018-12-25T12:45:23.683133808Z 79 PC: 14b5f | Find next file (See above)
2018-12-25T12:45:23.684777565Z 79 PC: 14b5f | Find next file (See above)
2018-12-25T12:45:23.687081259Z 79 PC: 14b5f | Find next file (See above)
2018-12-25T12:45:23.689045971Z 78 PC: 14d3a | Find first file
2018-12-25T12:45:23.693350364Z 78 PC: 14d3a | Find first file (See above)
2018-12-25T12:45:23.699169927Z 78 PC: 14c61 | Find first file
2018-12-25T12:45:23.704516937Z 37 PC: 1470a | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:45:23.705725803Z 26 PC: 14717 | Set disk transfer address
2018-12-25T12:45:23.707803729Z 53 PC: 12d2a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:45:23.709175397Z 53 PC: 12d2a | Get interrupt vector (See above)
2018-12-25T12:45:23.710217449Z 53 PC: 12d2a | Get interrupt vector (See above)
2018-12-25T12:45:23.712043729Z 53 PC: 12d2a | Get interrupt vector (See above)
2018-12-25T12:45:23.713393998Z 53 PC: 12d2a | Get interrupt vector (See above)
2018-12-25T12:45:23.714846136Z 53 PC: 12d2a | Get interrupt vector (See above)
2018-12-25T12:45:23.716829239Z 53 PC: 12d2a | Get interrupt vector (See above)
2018-12-25T12:45:23.717968567Z 53 PC: 12d2a | Get interrupt vector (See above)
2018-12-25T12:45:23.719237997Z 53 PC: 12d2a | Get interrupt vector (See above)
2018-12-25T12:45:23.721247861Z 53 PC: 12d2a | Get interrupt vector (See above)
2018-12-25T12:45:23.722420711Z 53 PC: 12d2a | Get interrupt vector (See above)
2018-12-25T12:45:23.723570224Z 53 PC: 12d2a | Get interrupt vector (See above)
2018-12-25T12:45:23.725619999Z 53 PC: 12d2a | Get interrupt vector (See above)
2018-12-25T12:45:23.726725188Z 53 PC: 12d2a | Get interrupt vector (See above)
2018-12-25T12:45:23.727817849Z 53 PC: 12d2a | Get interrupt vector (See above)
2018-12-25T12:45:23.729883746Z 53 PC: 12d2a | Get interrupt vector (See above)
2018-12-25T12:45:23.731006726Z 53 PC: 12d2a | Get interrupt vector (See above)
2018-12-25T12:45:23.73226844Z 53 PC: 12d2a | Get interrupt vector (See above)
2018-12-25T12:45:23.733906024Z 53 PC: 12d2a | Get interrupt vector (See above)
2018-12-25T12:45:23.735307911Z 37 PC: 12d3f | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:45:23.736583412Z 37 PC: 12d47 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:45:23.738752841Z 37 PC: 12d4f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:45:23.740064645Z 37 PC: 12d57 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-25T12:45:23.741745382Z 68 PC: 1335a | I/O control for devices (Set for = '0 ')
2018-12-25T12:45:23.744224918Z 64 PC: 130ed | Write file or device (Write 2 bytes on handle 1)
2018-12-25T12:45:23.74902627Z 64 PC: 130ed | Write file or device (See above)
2018-12-25T12:45:23.753584276Z 64 PC: 130ed | Write file or device (See above)
2018-12-25T12:45:23.75809491Z 64 PC: 130ed | Write file or device (See above)
2018-12-25T12:45:23.76452503Z 64 PC: 130ed | Write file or device (See above)
2018-12-25T12:45:23.768775994Z 64 PC: 130ed | Write file or device (See above)
2018-12-25T12:45:23.774664374Z 63 PC: 13096 | Read file or device (Read 128 bytes on handle 0)