Sample viewer

vx.netlux.org/Virus.DOS.SillyC.452

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:22:13.635625393Z	67	PC: 200a7 \| Get or set file attributes
2018-12-17T22:22:13.64309166Z	67	PC: 200bf \| Get or set file attributes
2018-12-17T22:22:13.982593836Z	61	PC: 200c4 \| Open file (Filename = 'C:\COMMAND.COM')
2018-12-17T22:22:13.989619305Z	87	PC: 200cd \| Get or set file date and time
2018-12-17T22:22:13.992014441Z	63	PC: 200e4 \| Read file or device (Read 6 bytes on handle 5)
2018-12-17T22:22:13.99532442Z	66	PC: 20105 \| Move file pointer
2018-12-17T22:22:13.997196573Z	66	PC: 2011e \| Move file pointer
2018-12-17T22:22:13.999056426Z	64	PC: 2012a \| Write file or device (Write 6 bytes on handle 5)
2018-12-17T22:22:14.002586132Z	66	PC: 20133 \| Move file pointer
2018-12-17T22:22:14.004157471Z	64	PC: 20142 \| Write file or device (Write 452 bytes on handle 5)
2018-12-17T22:22:14.012522307Z	87	PC: 2014d \| Get or set file date and time
2018-12-17T22:22:14.01488407Z	62	PC: 20151 \| Close file
2018-12-17T22:22:14.022444163Z	67	PC: 20161 \| Get or set file attributes
2018-12-17T22:22:14.032849118Z	67	PC: 200a7 \| Get or set file attributes
2018-12-17T22:22:14.044429873Z	42	PC: 20037 \| Get date 0x20037: cmp al, 4 0x20039: jne 0x2006b 0x2003b: call 0x20171 0x2003e: sub ax, 0x4f 0x20041: mov dx, ax 0x20043: mov ax, 0x3d00 0x20046: int 0x21 0x20048: jb 0x2006b 0x2004a: mov bx, ax 0x2004c: mov ah, 0x3e 0x2004e: int 0x21 0x20050: call 0x20079 0x20053: jae 0x2006b 0x20055: call 0x20171 0x20058: sub ax, 0x79 0x2005b: mov dx, ax 0x2005d: mov ax, 0x4301 0x20060: xor cx, cx 0x20062: int 0x21 0x20064: mov ah, 0x41
2018-12-17T22:22:14.047322736Z	80	PC: 13fb9 \| Set current PSP
2018-12-17T22:22:14.048656923Z	48	PC: 13fbe \| Get DOS version
2018-12-17T22:22:14.051754794Z	101	PC: 14044 \| Get extended country info
2018-12-17T22:22:14.053536278Z	99	PC: 1404a \| Get DBCS lead byte table pointer
2018-12-17T22:22:14.055250044Z	74	PC: 140ac \| Reallocate memory
2018-12-17T22:22:14.058201406Z	25	PC: 140e3 \| Get default drive
2018-12-17T22:22:14.05975025Z	37	PC: 13ba3 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:22:14.061485799Z	37	PC: 13baa \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:22:14.063587602Z	37	PC: 13bb1 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:22:14.067841763Z	2	PC: 13e6c \| Character output (Char = '0d')
2018-12-17T22:22:14.070593725Z	2	PC: 13e6c \| Character output (Char = '0a')
2018-12-17T22:22:14.076329393Z	2	PC: 13e6c \| Character output (Char = '0d')
2018-12-17T22:22:14.078808277Z	2	PC: 13e6c \| Character output (Char = '0a')
2018-12-17T22:22:14.083659971Z	2	PC: 13e6c \| Character output (Char = '4d')
2018-12-17T22:22:14.087273417Z	2	PC: 13e6c \| Character output (Char = '69')
2018-12-17T22:22:14.089891867Z	2	PC: 13e6c \| Character output (Char = '63')
2018-12-17T22:22:14.092238914Z	2	PC: 13e6c \| Character output (Char = '72')
2018-12-17T22:22:14.095239968Z	2	PC: 13e6c \| Character output (Char = '6f')
2018-12-17T22:22:14.097918659Z	2	PC: 13e6c \| Character output (Char = '73')
2018-12-17T22:22:14.101298713Z	2	PC: 13e6c \| Character output (Char = '6f')
2018-12-17T22:22:14.104538819Z	2	PC: 13e6c \| Character output (Char = '66')
2018-12-17T22:22:14.108038785Z	2	PC: 13e6c \| Character output (Char = '74')
2018-12-17T22:22:14.111790064Z	2	PC: 13e6c \| Character output (Char = '28')
2018-12-17T22:22:14.115117461Z	2	PC: 13e6c \| Character output (Char = '52')
2018-12-17T22:22:14.118955704Z	2	PC: 13e6c \| Character output (Char = '29')
2018-12-17T22:22:14.121544693Z	2	PC: 13e6c \| Character output (Char = '20')
2018-12-17T22:22:14.124098089Z	2	PC: 13e6c \| Character output (Char = '4d')
2018-12-17T22:22:14.127618198Z	2	PC: 13e6c \| Character output (Char = '53')
2018-12-17T22:22:14.130313248Z	2	PC: 13e6c \| Character output (Char = '2d')
2018-12-17T22:22:14.13314417Z	2	PC: 13e6c \| Character output (Char = '44')
2018-12-17T22:22:14.136807401Z	2	PC: 13e6c \| Character output (Char = '4f')
2018-12-17T22:22:14.139738567Z	2	PC: 13e6c \| Character output (Char = '53')
2018-12-17T22:22:14.142505644Z	2	PC: 13e6c \| Character output (Char = '28')
2018-12-17T22:22:14.145374888Z	2	PC: 13e6c \| Character output (Char = '52')
2018-12-17T22:22:14.148238372Z	2	PC: 13e6c \| Character output (Char = '29')
2018-12-17T22:22:14.150988569Z	2	PC: 13e6c \| Character output (Char = '20')
2018-12-17T22:22:14.153600019Z	2	PC: 13e6c \| Character output (Char = '56')
2018-12-17T22:22:14.156233273Z	2	PC: 13e6c \| Character output (Char = '65')
2018-12-17T22:22:14.167014011Z	2	PC: 13e6c \| Character output (Char = '72')
2018-12-17T22:22:14.169810236Z	2	PC: 13e6c \| Character output (Char = '73')
2018-12-17T22:22:14.173097708Z	2	PC: 13e6c \| Character output (Char = '69')
2018-12-17T22:22:14.175633657Z	2	PC: 13e6c \| Character output (Char = '6f')
2018-12-17T22:22:14.178671522Z	2	PC: 13e6c \| Character output (Char = '6e')
2018-12-17T22:22:14.181927943Z	2	PC: 13e6c \| Character output (Char = '20')
2018-12-17T22:22:14.184405218Z	2	PC: 13e6c \| Character output (Char = '36')
2018-12-17T22:22:14.187139025Z	2	PC: 13e6c \| Character output (Char = '2e')
2018-12-17T22:22:14.190396188Z	2	PC: 13e6c \| Character output (Char = '32')
2018-12-17T22:22:14.192871529Z	2	PC: 13e6c \| Character output (Char = '32')
2018-12-17T22:22:14.195444107Z	2	PC: 13e6c \| Character output (Char = '0d')
2018-12-17T22:22:14.198513709Z	2	PC: 13e6c \| Character output (Char = '0a')
2018-12-17T22:22:14.203273982Z	2	PC: 13e6c \| Character output (Char = '20')
2018-12-17T22:22:14.205941179Z	2	PC: 13e6c \| Character output (Char = '20')
2018-12-17T22:22:14.212126317Z	2	PC: 13e6c \| Character output (Char = '20')
2018-12-17T22:22:14.214883369Z	2	PC: 13e6c \| Character output (Char = '20')
2018-12-17T22:22:14.217628887Z	2	PC: 13e6c \| Character output (Char = '20')
2018-12-17T22:22:14.221042997Z	2	PC: 13e6c \| Character output (Char = '20')
2018-12-17T22:22:14.223599805Z	2	PC: 13e6c \| Character output (Char = '20')
2018-12-17T22:22:14.225916788Z	2	PC: 13e6c \| Character output (Char = '20')
2018-12-17T22:22:14.229306036Z	2	PC: 13e6c \| Character output (Char = '20')
2018-12-17T22:22:14.232207387Z	2	PC: 13e6c \| Character output (Char = '20')
2018-12-17T22:22:14.235106684Z	2	PC: 13e6c \| Character output (Char = '20')
2018-12-17T22:22:14.238489138Z	2	PC: 13e6c \| Character output (Char = '20')
2018-12-17T22:22:14.241077436Z	2	PC: 13e6c \| Character output (Char = '20')
2018-12-17T22:22:14.243566557Z	2	PC: 13e6c \| Character output (Char = '28')
2018-12-17T22:22:14.247204868Z	2	PC: 13e6c \| Character output (Char = '43')
2018-12-17T22:22:14.249807257Z	2	PC: 13e6c \| Character output (Char = '29')
2018-12-17T22:22:14.253770227Z	2	PC: 13e6c \| Character output (Char = '43')
2018-12-17T22:22:14.256576605Z	2	PC: 13e6c \| Character output (Char = '6f')
2018-12-17T22:22:14.258984822Z	2	PC: 13e6c \| Character output (Char = '70')
2018-12-17T22:22:14.261265576Z	2	PC: 13e6c \| Character output (Char = '79')
2018-12-17T22:22:14.264454638Z	2	PC: 13e6c \| Character output (Char = '72')
2018-12-17T22:22:14.267555041Z	2	PC: 13e6c \| Character output (Char = '69')
2018-12-17T22:22:14.27040656Z	2	PC: 13e6c \| Character output (Char = '67')
2018-12-17T22:22:14.273153136Z	2	PC: 13e6c \| Character output (Char = '68')
2018-12-17T22:22:14.277055737Z	2	PC: 13e6c \| Character output (Char = '74')
2018-12-17T22:22:14.279812625Z	2	PC: 13e6c \| Character output (Char = '20')
2018-12-17T22:22:14.282607663Z	2	PC: 13e6c \| Character output (Char = '4d')
2018-12-17T22:22:14.286463312Z	2	PC: 13e6c \| Character output (Char = '69')
2018-12-17T22:22:14.289196411Z	2	PC: 13e6c \| Character output (Char = '63')
2018-12-17T22:22:14.29192551Z	2	PC: 13e6c \| Character output (Char = '72')
2018-12-17T22:22:14.295692721Z	2	PC: 13e6c \| Character output (Char = '6f')
2018-12-17T22:22:14.298442857Z	2	PC: 13e6c \| Character output (Char = '73')
2018-12-17T22:22:14.301279324Z	2	PC: 13e6c \| Character output (Char = '6f')
2018-12-17T22:22:14.304530498Z	2	PC: 13e6c \| Character output (Char = '66')
2018-12-17T22:22:14.307131062Z	2	PC: 13e6c \| Character output (Char = '74')
2018-12-17T22:22:14.309731251Z	2	PC: 13e6c \| Character output (Char = '20')
2018-12-17T22:22:14.313139835Z	2	PC: 13e6c \| Character output (Char = '43')
2018-12-17T22:22:14.315836091Z	2	PC: 13e6c \| Character output (Char = '6f')
2018-12-17T22:22:14.319227681Z	2	PC: 13e6c \| Character output (Char = '72')
2018-12-17T22:22:14.322793581Z	2	PC: 13e6c \| Character output (Char = '70')
2018-12-17T22:22:14.326617697Z	2	PC: 13e6c \| Character output (Char = '20')
2018-12-17T22:22:14.329323342Z	2	PC: 13e6c \| Character output (Char = '31')
2018-12-17T22:22:14.332758659Z	2	PC: 13e6c \| Character output (Char = '39')
2018-12-17T22:22:14.335795777Z	2	PC: 13e6c \| Character output (Char = '38')
2018-12-17T22:22:14.338547711Z	2	PC: 13e6c \| Character output (Char = '31')
2018-12-17T22:22:14.341916732Z	2	PC: 13e6c \| Character output (Char = '2d')
2018-12-17T22:22:14.34446222Z	2	PC: 13e6c \| Character output (Char = '31')
2018-12-17T22:22:14.350706191Z	2	PC: 13e6c \| Character output (Char = '39')
2018-12-17T22:22:14.353289978Z	2	PC: 13e6c \| Character output (Char = '39')
2018-12-17T22:22:14.356296974Z	2	PC: 13e6c \| Character output (Char = '34')
2018-12-17T22:22:14.359142446Z	2	PC: 13e6c \| Character output (Char = '2e')
2018-12-17T22:22:14.36195794Z	2	PC: 13e6c \| Character output (Char = '0d')
2018-12-17T22:22:14.365223576Z	2	PC: 13e6c \| Character output (Char = '0a')
2018-12-17T22:22:14.370023738Z	74	PC: 12d4c \| Reallocate memory
2018-12-17T22:22:14.371917446Z	72	PC: 12d8d \| Allocate memory
2018-12-17T22:22:14.374706053Z	72	PC: 12dc5 \| Allocate memory
2018-12-17T22:22:14.376895649Z	72	PC: 12dcd \| Allocate memory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3883,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:50:20.224542837Z	67	PC: 200a7 \| Get or set file attributes
2018-12-25T11:50:20.231671055Z	67	PC: 200bf \| Get or set file attributes
2018-12-25T11:50:20.904734804Z	61	PC: 200c4 \| Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T11:50:20.916243089Z	87	PC: 200cd \| Get or set file date and time
2018-12-25T11:50:20.919010644Z	63	PC: 200e4 \| Read file or device (Read 6 bytes on handle 5)
2018-12-25T11:50:20.922587253Z	66	PC: 20105 \| Move file pointer
2018-12-25T11:50:20.924607333Z	66	PC: 2011e \| Move file pointer
2018-12-25T11:50:20.928423036Z	64	PC: 2012a \| Write file or device (Write 6 bytes on handle 5)
2018-12-25T11:50:20.931541702Z	66	PC: 20133 \| Move file pointer
2018-12-25T11:50:20.933228281Z	64	PC: 20142 \| Write file or device (Write 452 bytes on handle 5)
2018-12-25T11:50:20.942817015Z	87	PC: 2014d \| Get or set file date and time
2018-12-25T11:50:20.945175036Z	62	PC: 20151 \| Close file
2018-12-25T11:50:20.953222944Z	67	PC: 20161 \| Get or set file attributes
2018-12-25T11:50:20.963590594Z	67	PC: 200a7 \| Get or set file attributes (See above)
2018-12-25T11:50:20.974328138Z	42	PC: 20037 \| Get date 0x20037: cmp al, 4 0x20039: jne 0x2006b 0x2003b: call 0x20171 0x2003e: sub ax, 0x4f 0x20041: mov dx, ax 0x20043: mov ax, 0x3d00 0x20046: int 0x21 0x20048: jb 0x2006b 0x2004a: mov bx, ax 0x2004c: mov ah, 0x3e 0x2004e: int 0x21 0x20050: call 0x20079 0x20053: jae 0x2006b 0x20055: call 0x20171 0x20058: sub ax, 0x79 0x2005b: mov dx, ax 0x2005d: mov ax, 0x4301 0x20060: xor cx, cx 0x20062: int 0x21 0x20064: mov ah, 0x41
2018-12-25T11:50:20.976659355Z	80	PC: 13fb9 \| Set current PSP
2018-12-25T11:50:20.977819975Z	48	PC: 13fbe \| Get DOS version
2018-12-25T11:50:20.981952215Z	101	PC: 14044 \| Get extended country info
2018-12-25T11:50:20.983164876Z	99	PC: 1404a \| Get DBCS lead byte table pointer
2018-12-25T11:50:20.985520047Z	74	PC: 140ac \| Reallocate memory
2018-12-25T11:50:20.988818249Z	25	PC: 140e3 \| Get default drive
2018-12-25T11:50:20.990127463Z	37	PC: 13ba3 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T11:50:20.991534654Z	37	PC: 13baa \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T11:50:20.994337402Z	37	PC: 13bb1 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:50:20.997808433Z	2	PC: 13e6c \| Character output (Char = '0d')
2018-12-25T11:50:21.000080217Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.016105537Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.019216215Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.023358317Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.026367359Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.036834588Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.058800078Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.062567021Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.065429289Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.068387504Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.072020312Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.075160965Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.078067039Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.082046063Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.084955283Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.08777425Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.090959815Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.093421109Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.095246015Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.097068487Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.099551118Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.101252001Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.103294131Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.105191696Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.107296723Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.109168792Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.118876517Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.121482633Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.123981016Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.127365709Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.1301046Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.13259509Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.136169436Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.138604107Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.141115035Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.146084039Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.149103027Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.152053052Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.155530665Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.158627146Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.16426916Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.167501176Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.170217358Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.172987128Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.176491339Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.179539103Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.182273321Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.18575962Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.188814232Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.197006083Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.200003904Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.203611918Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.206373625Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.209140569Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.212870294Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.215607673Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.218372785Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.222398889Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.225150975Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.227885637Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.231618613Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.235205738Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.238405076Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.241590001Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.243934412Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.24651916Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.256282307Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.259927797Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.262406245Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.266405979Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.268902974Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.271350337Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.274420139Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.277147555Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.280139121Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.283479941Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.286161831Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.288874253Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.292529905Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.295271142Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.298006237Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.301538397Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.304477633Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.306864254Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.310750687Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.313471383Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.315861496Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.318964751Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.322317441Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.325591655Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.328294015Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.331030575Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.333362051Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.33793997Z	74	PC: 12d4c \| Reallocate memory
2018-12-25T11:50:21.345850007Z	72	PC: 12d8d \| Allocate memory
2018-12-25T11:50:21.347808169Z	72	PC: 12dc5 \| Allocate memory
2018-12-25T11:50:21.350295942Z	72	PC: 12dcd \| Allocate memory

{"DateBased":true,"Day":3,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3883,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:50:20.225965311Z	67	PC: 200a7 \| Get or set file attributes
2018-12-25T11:50:20.233099365Z	67	PC: 200bf \| Get or set file attributes
2018-12-25T11:50:20.903282214Z	61	PC: 200c4 \| Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T11:50:20.910585338Z	87	PC: 200cd \| Get or set file date and time
2018-12-25T11:50:20.912843582Z	63	PC: 200e4 \| Read file or device (Read 6 bytes on handle 5)
2018-12-25T11:50:20.915741618Z	66	PC: 20105 \| Move file pointer
2018-12-25T11:50:20.917594459Z	66	PC: 2011e \| Move file pointer
2018-12-25T11:50:20.920548264Z	64	PC: 2012a \| Write file or device (Write 6 bytes on handle 5)
2018-12-25T11:50:20.92360223Z	66	PC: 20133 \| Move file pointer
2018-12-25T11:50:20.92535585Z	64	PC: 20142 \| Write file or device (Write 452 bytes on handle 5)
2018-12-25T11:50:20.934184833Z	87	PC: 2014d \| Get or set file date and time
2018-12-25T11:50:20.937520037Z	62	PC: 20151 \| Close file
2018-12-25T11:50:20.945969336Z	67	PC: 20161 \| Get or set file attributes
2018-12-25T11:50:20.956787593Z	67	PC: 200a7 \| Get or set file attributes (See above)
2018-12-25T11:50:20.969239176Z	42	PC: 20037 \| Get date 0x20037: cmp al, 4 0x20039: jne 0x2006b 0x2003b: call 0x20171 0x2003e: sub ax, 0x4f 0x20041: mov dx, ax 0x20043: mov ax, 0x3d00 0x20046: int 0x21 0x20048: jb 0x2006b 0x2004a: mov bx, ax 0x2004c: mov ah, 0x3e 0x2004e: int 0x21 0x20050: call 0x20079 0x20053: jae 0x2006b 0x20055: call 0x20171 0x20058: sub ax, 0x79 0x2005b: mov dx, ax 0x2005d: mov ax, 0x4301 0x20060: xor cx, cx 0x20062: int 0x21 0x20064: mov ah, 0x41
2018-12-25T11:50:20.972854843Z	61	PC: 20048 \| Open file (Filename = 'C:\AUTOEXEC.BAT')
2018-12-25T11:50:20.980498959Z	62	PC: 20050 \| Close file
2018-12-25T11:50:20.983644532Z	86	PC: 2008d \| Rename file
2018-12-25T11:50:20.995219214Z	80	PC: 13fb9 \| Set current PSP
2018-12-25T11:50:20.996259683Z	48	PC: 13fbe \| Get DOS version
2018-12-25T11:50:20.998937151Z	101	PC: 14044 \| Get extended country info
2018-12-25T11:50:21.000903713Z	99	PC: 1404a \| Get DBCS lead byte table pointer
2018-12-25T11:50:21.003666782Z	74	PC: 140ac \| Reallocate memory
2018-12-25T11:50:21.006587693Z	25	PC: 140e3 \| Get default drive
2018-12-25T11:50:21.008590414Z	37	PC: 13ba3 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T11:50:21.010171449Z	37	PC: 13baa \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T11:50:21.012259208Z	37	PC: 13bb1 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:50:21.026739236Z	2	PC: 13e6c \| Character output (Char = '0d')
2018-12-25T11:50:21.029381393Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.034288732Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.038090632Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.043269023Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.047678463Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.051932555Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.054400893Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.056832667Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.059902122Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.062640553Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.065519497Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.06919913Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.071988149Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.074902039Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.084774237Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.088074614Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.090421865Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.093777385Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.096806807Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.100980486Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.104554557Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.107614497Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.110390027Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.11311901Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.11608317Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.118467549Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.120623074Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.12307613Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.126383088Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.12877483Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.131442194Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.133660448Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.136250383Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.139161717Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.142442826Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.146366578Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.149710583Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.152030194Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.154451609Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.157366291Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.161298251Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.163667615Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.166977428Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.169284404Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.171520536Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.175222237Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.18016218Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.182137318Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.184453677Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.186212571Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.188124925Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.190384476Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.192263608Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.193710095Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.195725543Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.197269995Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.19878788Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.201202002Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.202857599Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.204441914Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.206734421Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.208938899Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.210425703Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.212244799Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.214173539Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.215556715Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.217550618Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.219254052Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.220626342Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.222464905Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.224093588Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.225535689Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.227668876Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.229175467Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.23072034Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.233163015Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.235032285Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.236620388Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.23939381Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.241270247Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.242852213Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.24509232Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.247064041Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.248839842Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.251134647Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.252751468Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.256147884Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.260775081Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.262629224Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.26460589Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.268003935Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.27001747Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.271690593Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:50:21.276462498Z	74	PC: 12d4c \| Reallocate memory
2018-12-25T11:50:21.277648585Z	72	PC: 12d8d \| Allocate memory
2018-12-25T11:50:21.278808909Z	72	PC: 12dc5 \| Allocate memory
2018-12-25T11:50:21.280559567Z	72	PC: 12dcd \| Allocate memory