Sample viewer

vx.netlux.org/Virus.DOS.Vienna.Feliz.518

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:19:51.677511622Z 47 PC: 20736 | Get disk transfer address
2018-12-17T22:19:51.680593967Z 26 PC: 20746 | Set disk transfer address
2018-12-17T22:19:51.682049099Z 37 PC: 2074f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:19:51.683712278Z 78 PC: 207bc | Find first file
2018-12-17T22:19:51.691748236Z 67 PC: 207f1 | Get or set file attributes
2018-12-17T22:19:51.710464543Z 61 PC: 207fa | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:19:51.718045345Z 63 PC: 20809 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:19:51.726233374Z 66 PC: 20819 | Move file pointer
2018-12-17T22:19:51.728180423Z 64 PC: 2082d | Write file or device (Write 518 bytes on handle 5)
2018-12-17T22:19:51.738466681Z 66 PC: 2083d | Move file pointer
2018-12-17T22:19:51.740916861Z 64 PC: 2084a | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:19:51.748804427Z 87 PC: 2085d | Get or set file date and time
2018-12-17T22:19:51.750794245Z 62 PC: 20861 | Close file
2018-12-17T22:19:51.761539823Z 67 PC: 20870 | Get or set file attributes
2018-12-17T22:19:51.772798372Z 26 PC: 20879 | Set disk transfer address
2018-12-17T22:19:51.774488747Z 37 PC: 20883 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:19:51.776217501Z 13 PC: 20888 | Disk reset
2018-12-17T22:19:51.779196617Z 42 PC: 2088c | Get date 0x2088c: cmp dh, 1
0x2088f: je 0x208a1
0x20891: cmp dh, 0xc
0x20894: jne 0x208b8
0x20896: cmp dl, 0x19
0x20899: jg 0x208a6
0x2089b: lea bx, word ptr [bp + 0x30d]
0x2089f: jmp 0x208aa
0x208a1: cmp dl, 0xf
0x208a4: jg 0x208b8
0x208a6: lea bx, word ptr [bp + 0x323]
0x208aa: mov ah, 0x2c
0x208ac: int 0x21
0x208ae: or dh, dh
0x208b0: jne 0x208b8
0x208b2: mov ah, 9
0x208b4: mov dx, bx
0x208b6: int 0x21
0x208b8: pop ax
0x208b9: xor bx, bx
2018-12-17T22:19:51.782011436Z 44 PC: 208ae | Get time 0x208ae: or dh, dh
0x208b0: jne 0x208b8
0x208b2: mov ah, 9
0x208b4: mov dx, bx
0x208b6: int 0x21
0x208b8: pop ax
0x208b9: xor bx, bx
0x208bb: xor cx, cx
0x208bd: xor dx, dx
0x208bf: xor si, si
0x208c1: xor di, di
0x208c3: mov bp, 0x100
0x208c6: push bp
0x208c7: xor bp, bp
0x208c9: ret
0x208ca: add sp, 6
0x208cd: pop ax
0x208ce: pop bx
0x208cf: pop cx
0x208d0: pop dx
2018-12-17T22:19:51.784832481Z 80 PC: 141b9 | Set current PSP
2018-12-17T22:19:51.787279439Z 48 PC: 141be | Get DOS version
2018-12-17T22:19:51.788754159Z 2 PC: 1406c | Character output (Char = '56')
2018-12-17T22:19:51.791170456Z 2 PC: 1406c | Character output (Char = '65')
2018-12-17T22:19:51.794724575Z 2 PC: 1406c | Character output (Char = '72')
2018-12-17T22:19:51.797238254Z 2 PC: 1406c | Character output (Char = '73')
2018-12-17T22:19:51.799918488Z 2 PC: 1406c | Character output (Char = '69')
2018-12-17T22:19:51.805417995Z 2 PC: 1406c | Character output (Char = 'a2')
2018-12-17T22:19:51.807898242Z 2 PC: 1406c | Character output (Char = '6e')
2018-12-17T22:19:51.810406104Z 2 PC: 1406c | Character output (Char = '20')
2018-12-17T22:19:51.822209662Z 2 PC: 1406c | Character output (Char = '69')
2018-12-17T22:19:51.824835244Z 2 PC: 1406c | Character output (Char = '6e')
2018-12-17T22:19:51.827778985Z 2 PC: 1406c | Character output (Char = '63')
2018-12-17T22:19:51.846022511Z 2 PC: 1406c | Character output (Char = '6f')
2018-12-17T22:19:51.84893856Z 2 PC: 1406c | Character output (Char = '72')
2018-12-17T22:19:51.851876569Z 2 PC: 1406c | Character output (Char = '72')
2018-12-17T22:19:51.854958619Z 2 PC: 1406c | Character output (Char = '65')
2018-12-17T22:19:51.859486529Z 2 PC: 1406c | Character output (Char = '63')
2018-12-17T22:19:51.862317463Z 2 PC: 1406c | Character output (Char = '74')
2018-12-17T22:19:51.871152496Z 2 PC: 1406c | Character output (Char = '61')
2018-12-17T22:19:51.874309308Z 2 PC: 1406c | Character output (Char = '20')
2018-12-17T22:19:51.876715746Z 2 PC: 1406c | Character output (Char = '64')
2018-12-17T22:19:51.878979285Z 2 PC: 1406c | Character output (Char = '65')
2018-12-17T22:19:51.88183928Z 2 PC: 1406c | Character output (Char = '20')
2018-12-17T22:19:51.884100106Z 2 PC: 1406c | Character output (Char = '44')
2018-12-17T22:19:51.886320005Z 2 PC: 1406c | Character output (Char = '4f')
2018-12-17T22:19:51.888967403Z 2 PC: 1406c | Character output (Char = '53')
2018-12-17T22:19:51.891249589Z 2 PC: 1406c | Character output (Char = '0d')
2018-12-17T22:19:51.893475475Z 2 PC: 1406c | Character output (Char = '0a')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3428,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:49:12.114560332Z 47 PC: 20736 | Get disk transfer address
2018-12-25T11:49:12.115618951Z 26 PC: 20746 | Set disk transfer address
2018-12-25T11:49:12.116494872Z 37 PC: 2074f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:49:12.117910422Z 78 PC: 207bc | Find first file
2018-12-25T11:49:12.124263302Z 67 PC: 207f1 | Get or set file attributes
2018-12-25T11:49:12.140061494Z 61 PC: 207fa | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:49:12.148163929Z 63 PC: 20809 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:49:12.154598624Z 66 PC: 20819 | Move file pointer
2018-12-25T11:49:12.156335859Z 64 PC: 2082d | Write file or device (Write 518 bytes on handle 5)
2018-12-25T11:49:12.164662586Z 66 PC: 2083d | Move file pointer
2018-12-25T11:49:12.16614514Z 64 PC: 2084a | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:49:12.17244045Z 87 PC: 2085d | Get or set file date and time
2018-12-25T11:49:12.175832566Z 62 PC: 20861 | Close file
2018-12-25T11:49:12.183388462Z 67 PC: 20870 | Get or set file attributes
2018-12-25T11:49:12.193673363Z 26 PC: 20879 | Set disk transfer address
2018-12-25T11:49:12.194931728Z 37 PC: 20883 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:49:12.197021178Z 13 PC: 20888 | Disk reset
2018-12-25T11:49:12.198738887Z 42 PC: 2088c | Get date 0x2088c: cmp dh, 1
0x2088f: je 0x208a1
0x20891: cmp dh, 0xc
0x20894: jne 0x208b8
0x20896: cmp dl, 0x19
0x20899: jg 0x208a6
0x2089b: lea bx, word ptr [bp + 0x30d]
0x2089f: jmp 0x208aa
0x208a1: cmp dl, 0xf
0x208a4: jg 0x208b8
0x208a6: lea bx, word ptr [bp + 0x323]
0x208aa: mov ah, 0x2c
0x208ac: int 0x21
0x208ae: or dh, dh
0x208b0: jne 0x208b8
0x208b2: mov ah, 9
0x208b4: mov dx, bx
0x208b6: int 0x21
0x208b8: pop ax
0x208b9: xor bx, bx
2018-12-25T11:49:12.201076595Z 44 PC: 208ae | Get time 0x208ae: or dh, dh
0x208b0: jne 0x208b8
0x208b2: mov ah, 9
0x208b4: mov dx, bx
0x208b6: int 0x21
0x208b8: pop ax
0x208b9: xor bx, bx
0x208bb: xor cx, cx
0x208bd: xor dx, dx
0x208bf: xor si, si
0x208c1: xor di, di
0x208c3: mov bp, 0x100
0x208c6: push bp
0x208c7: xor bp, bp
0x208c9: ret
0x208ca: add sp, 6
0x208cd: pop ax
0x208ce: pop bx
0x208cf: pop cx
0x208d0: pop dx
2018-12-25T11:49:12.204106559Z 80 PC: 141b9 | Set current PSP
2018-12-25T11:49:12.20504856Z 48 PC: 141be | Get DOS version
2018-12-25T11:49:12.206426752Z 2 PC: 1406c | Character output (Char = '56')
2018-12-25T11:49:12.209259571Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.211321202Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.213320891Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.2226703Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.225635106Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.228500405Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.232150577Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.234782952Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.237188623Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.242317687Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.244275922Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.246209651Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.248653902Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.250573213Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.252460909Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.254497096Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.256372301Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.258684578Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.260819271Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.262824543Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.264819026Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.267440139Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.269436264Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.271407728Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.274547956Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.276687357Z 2 PC: 1406c | Character output (See above)

{"DateBased":true,"Day":16,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3428,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:49:12.061454918Z 47 PC: 20736 | Get disk transfer address
2018-12-25T11:49:12.062603153Z 26 PC: 20746 | Set disk transfer address
2018-12-25T11:49:12.063725291Z 37 PC: 2074f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:49:12.064891767Z 78 PC: 207bc | Find first file
2018-12-25T11:49:12.070610332Z 67 PC: 207f1 | Get or set file attributes
2018-12-25T11:49:12.249339732Z 61 PC: 207fa | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:49:12.257552851Z 63 PC: 20809 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:49:12.265522427Z 66 PC: 20819 | Move file pointer
2018-12-25T11:49:12.267178862Z 64 PC: 2082d | Write file or device (Write 518 bytes on handle 5)
2018-12-25T11:49:12.276096249Z 66 PC: 2083d | Move file pointer
2018-12-25T11:49:12.278056559Z 64 PC: 2084a | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:49:12.285415434Z 87 PC: 2085d | Get or set file date and time
2018-12-25T11:49:12.286977114Z 62 PC: 20861 | Close file
2018-12-25T11:49:12.293638108Z 67 PC: 20870 | Get or set file attributes
2018-12-25T11:49:12.304878377Z 26 PC: 20879 | Set disk transfer address
2018-12-25T11:49:12.305982799Z 37 PC: 20883 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:49:12.30784208Z 13 PC: 20888 | Disk reset
2018-12-25T11:49:12.309482957Z 42 PC: 2088c | Get date 0x2088c: cmp dh, 1
0x2088f: je 0x208a1
0x20891: cmp dh, 0xc
0x20894: jne 0x208b8
0x20896: cmp dl, 0x19
0x20899: jg 0x208a6
0x2089b: lea bx, word ptr [bp + 0x30d]
0x2089f: jmp 0x208aa
0x208a1: cmp dl, 0xf
0x208a4: jg 0x208b8
0x208a6: lea bx, word ptr [bp + 0x323]
0x208aa: mov ah, 0x2c
0x208ac: int 0x21
0x208ae: or dh, dh
0x208b0: jne 0x208b8
0x208b2: mov ah, 9
0x208b4: mov dx, bx
0x208b6: int 0x21
0x208b8: pop ax
0x208b9: xor bx, bx
2018-12-25T11:49:12.311831205Z 80 PC: 141b9 | Set current PSP
2018-12-25T11:49:12.312979004Z 48 PC: 141be | Get DOS version
2018-12-25T11:49:12.314217686Z 2 PC: 1406c | Character output (Char = '56')
2018-12-25T11:49:12.316286525Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.31896112Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.321241239Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.323404334Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.326189231Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.32867487Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.331118721Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.335824593Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.338133936Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.340352321Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.342871619Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.34560916Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.348435818Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.360926381Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.366291806Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.368642019Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.371323417Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.373651736Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.375122472Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.376978014Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.379001171Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.380490668Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.382080025Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.383701206Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.38515674Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.387378449Z 2 PC: 1406c | Character output (See above)

{"DateBased":true,"Day":1,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3428,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:49:12.398072243Z 47 PC: 20736 | Get disk transfer address
2018-12-25T11:49:12.399482561Z 26 PC: 20746 | Set disk transfer address
2018-12-25T11:49:12.400702559Z 37 PC: 2074f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:49:12.402404772Z 78 PC: 207bc | Find first file
2018-12-25T11:49:12.407998819Z 67 PC: 207f1 | Get or set file attributes
2018-12-25T11:49:12.423679713Z 61 PC: 207fa | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:49:12.430972824Z 63 PC: 20809 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:49:12.439118822Z 66 PC: 20819 | Move file pointer
2018-12-25T11:49:12.440567107Z 64 PC: 2082d | Write file or device (Write 518 bytes on handle 5)
2018-12-25T11:49:12.446079953Z 66 PC: 2083d | Move file pointer
2018-12-25T11:49:12.447613148Z 64 PC: 2084a | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:49:12.451908381Z 87 PC: 2085d | Get or set file date and time
2018-12-25T11:49:12.452903749Z 62 PC: 20861 | Close file
2018-12-25T11:49:12.459097938Z 67 PC: 20870 | Get or set file attributes
2018-12-25T11:49:12.467488438Z 26 PC: 20879 | Set disk transfer address
2018-12-25T11:49:12.468393041Z 37 PC: 20883 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:49:12.469898248Z 13 PC: 20888 | Disk reset
2018-12-25T11:49:12.471094582Z 42 PC: 2088c | Get date 0x2088c: cmp dh, 1
0x2088f: je 0x208a1
0x20891: cmp dh, 0xc
0x20894: jne 0x208b8
0x20896: cmp dl, 0x19
0x20899: jg 0x208a6
0x2089b: lea bx, word ptr [bp + 0x30d]
0x2089f: jmp 0x208aa
0x208a1: cmp dl, 0xf
0x208a4: jg 0x208b8
0x208a6: lea bx, word ptr [bp + 0x323]
0x208aa: mov ah, 0x2c
0x208ac: int 0x21
0x208ae: or dh, dh
0x208b0: jne 0x208b8
0x208b2: mov ah, 9
0x208b4: mov dx, bx
0x208b6: int 0x21
0x208b8: pop ax
0x208b9: xor bx, bx
2018-12-25T11:49:12.472603028Z 80 PC: 141b9 | Set current PSP
2018-12-25T11:49:12.473752699Z 48 PC: 141be | Get DOS version
2018-12-25T11:49:12.475121409Z 2 PC: 1406c | Character output (Char = '56')
2018-12-25T11:49:12.477400135Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.480095073Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.482423788Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.484767208Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.488025784Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.490303862Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.492485764Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.49550524Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.498214391Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.500726172Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.503547222Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.512605133Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.51503812Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.51801275Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.521372057Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.524155729Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.528146023Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.53115283Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.533859257Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.536614751Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.539903673Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.542578802Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.545246196Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.549176945Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.551896879Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.554433972Z 2 PC: 1406c | Character output (See above)

{"DateBased":true,"Day":1,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3428,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:49:12.435590271Z 47 PC: 20736 | Get disk transfer address
2018-12-25T11:49:12.436637917Z 26 PC: 20746 | Set disk transfer address
2018-12-25T11:49:12.437545417Z 37 PC: 2074f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:49:12.440369912Z 78 PC: 207bc | Find first file
2018-12-25T11:49:12.452763317Z 67 PC: 207f1 | Get or set file attributes
2018-12-25T11:49:12.467763905Z 61 PC: 207fa | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:49:12.476463945Z 63 PC: 20809 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:49:12.483004194Z 66 PC: 20819 | Move file pointer
2018-12-25T11:49:12.484397301Z 64 PC: 2082d | Write file or device (Write 518 bytes on handle 5)
2018-12-25T11:49:12.49431112Z 66 PC: 2083d | Move file pointer
2018-12-25T11:49:12.495945811Z 64 PC: 2084a | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:49:12.502675189Z 87 PC: 2085d | Get or set file date and time
2018-12-25T11:49:12.504631333Z 62 PC: 20861 | Close file
2018-12-25T11:49:12.51240257Z 67 PC: 20870 | Get or set file attributes
2018-12-25T11:49:12.52220592Z 26 PC: 20879 | Set disk transfer address
2018-12-25T11:49:12.523794966Z 37 PC: 20883 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:49:12.525660276Z 13 PC: 20888 | Disk reset
2018-12-25T11:49:12.527124515Z 42 PC: 2088c | Get date 0x2088c: cmp dh, 1
0x2088f: je 0x208a1
0x20891: cmp dh, 0xc
0x20894: jne 0x208b8
0x20896: cmp dl, 0x19
0x20899: jg 0x208a6
0x2089b: lea bx, word ptr [bp + 0x30d]
0x2089f: jmp 0x208aa
0x208a1: cmp dl, 0xf
0x208a4: jg 0x208b8
0x208a6: lea bx, word ptr [bp + 0x323]
0x208aa: mov ah, 0x2c
0x208ac: int 0x21
0x208ae: or dh, dh
0x208b0: jne 0x208b8
0x208b2: mov ah, 9
0x208b4: mov dx, bx
0x208b6: int 0x21
0x208b8: pop ax
0x208b9: xor bx, bx
2018-12-25T11:49:12.529197603Z 44 PC: 208ae | Get time 0x208ae: or dh, dh
0x208b0: jne 0x208b8
0x208b2: mov ah, 9
0x208b4: mov dx, bx
0x208b6: int 0x21
0x208b8: pop ax
0x208b9: xor bx, bx
0x208bb: xor cx, cx
0x208bd: xor dx, dx
0x208bf: xor si, si
0x208c1: xor di, di
0x208c3: mov bp, 0x100
0x208c6: push bp
0x208c7: xor bp, bp
0x208c9: ret
0x208ca: add sp, 6
0x208cd: pop ax
0x208ce: pop bx
0x208cf: pop cx
0x208d0: pop dx
2018-12-25T11:49:12.532056999Z 80 PC: 141b9 | Set current PSP
2018-12-25T11:49:12.532835968Z 48 PC: 141be | Get DOS version
2018-12-25T11:49:12.533938918Z 2 PC: 1406c | Character output (Char = '56')
2018-12-25T11:49:12.538761984Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.540836271Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.543678806Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.546935121Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.549358665Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.551832534Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.555265548Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.558175225Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.560304961Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.563157363Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.565125985Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.567233297Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.570704658Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.572613402Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.574567519Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.577144742Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.579159062Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.581118583Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.5868559Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.588929235Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.590917526Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.593495365Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.595597492Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.597768019Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.600943916Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.603110986Z 2 PC: 1406c | Character output (See above)

{"DateBased":true,"Day":26,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3428,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:49:12.55355183Z 47 PC: 20736 | Get disk transfer address
2018-12-25T11:49:12.555574437Z 26 PC: 20746 | Set disk transfer address
2018-12-25T11:49:12.556630862Z 37 PC: 2074f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:49:12.559794833Z 78 PC: 207bc | Find first file
2018-12-25T11:49:12.566928958Z 67 PC: 207f1 | Get or set file attributes
2018-12-25T11:49:12.583135702Z 61 PC: 207fa | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:49:12.596236486Z 63 PC: 20809 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:49:12.603606224Z 66 PC: 20819 | Move file pointer
2018-12-25T11:49:12.609380733Z 64 PC: 2082d | Write file or device (Write 518 bytes on handle 5)
2018-12-25T11:49:12.618509051Z 66 PC: 2083d | Move file pointer
2018-12-25T11:49:12.620187919Z 64 PC: 2084a | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:49:12.627588644Z 87 PC: 2085d | Get or set file date and time
2018-12-25T11:49:12.628992713Z 62 PC: 20861 | Close file
2018-12-25T11:49:12.637374003Z 67 PC: 20870 | Get or set file attributes
2018-12-25T11:49:12.649197015Z 26 PC: 20879 | Set disk transfer address
2018-12-25T11:49:12.650622611Z 37 PC: 20883 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:49:12.652313223Z 13 PC: 20888 | Disk reset
2018-12-25T11:49:12.654960017Z 42 PC: 2088c | Get date 0x2088c: cmp dh, 1
0x2088f: je 0x208a1
0x20891: cmp dh, 0xc
0x20894: jne 0x208b8
0x20896: cmp dl, 0x19
0x20899: jg 0x208a6
0x2089b: lea bx, word ptr [bp + 0x30d]
0x2089f: jmp 0x208aa
0x208a1: cmp dl, 0xf
0x208a4: jg 0x208b8
0x208a6: lea bx, word ptr [bp + 0x323]
0x208aa: mov ah, 0x2c
0x208ac: int 0x21
0x208ae: or dh, dh
0x208b0: jne 0x208b8
0x208b2: mov ah, 9
0x208b4: mov dx, bx
0x208b6: int 0x21
0x208b8: pop ax
0x208b9: xor bx, bx
2018-12-25T11:49:12.668477283Z 44 PC: 208ae | Get time 0x208ae: or dh, dh
0x208b0: jne 0x208b8
0x208b2: mov ah, 9
0x208b4: mov dx, bx
0x208b6: int 0x21
0x208b8: pop ax
0x208b9: xor bx, bx
0x208bb: xor cx, cx
0x208bd: xor dx, dx
0x208bf: xor si, si
0x208c1: xor di, di
0x208c3: mov bp, 0x100
0x208c6: push bp
0x208c7: xor bp, bp
0x208c9: ret
0x208ca: add sp, 6
0x208cd: pop ax
0x208ce: pop bx
0x208cf: pop cx
0x208d0: pop dx
2018-12-25T11:49:12.670760691Z 80 PC: 141b9 | Set current PSP
2018-12-25T11:49:12.672201181Z 48 PC: 141be | Get DOS version
2018-12-25T11:49:12.67364066Z 2 PC: 1406c | Character output (Char = '56')
2018-12-25T11:49:12.675952359Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.678912372Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.681111416Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.683392318Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.68625109Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.689401899Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.691545863Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.695483542Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.698807995Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.701293256Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.704330383Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.70680798Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.70923775Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.712398345Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.714767627Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.717165065Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.719735872Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.722871798Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.725107683Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.727515317Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.729900355Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.732106189Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.734326547Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.736621999Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.739654728Z 2 PC: 1406c | Character output (See above)
2018-12-25T11:49:12.741720571Z 2 PC: 1406c | Character output (See above)