Sample viewer

vx.netlux.org/Virus.DOS.Ouse.591

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:27:11.396948178Z 42 PC: 17c97 | Get date 0x17c97: cmp cx, 0x7c7
0x17c9b: jb 0x17cbd
0x17c9d: cmp dh, byte ptr ds:[bp + 0x8f]
0x17ca2: jb 0x17cbd
0x17ca4: cmp dl, byte ptr ds:[bp + 0x8e]
0x17ca9: jne 0x17cbd
0x17cab: mov al, 2
0x17cad: lea bx, word ptr [0x90]
0x17cb1: mov cx, 1
0x17cb4: mov dx, 0
0x17cb7: int 0x26
0x17cb9: popf
0x17cba: jmp 0x17db4
0x17cbd: cmp dh, 9
0x17cc0: jbe 0x17cc4
0x17cc2: mov dh, 1
0x17cc4: add dh, 3
0x17cc7: mov byte ptr ds:[bp + 0x8f], dh
0x17ccc: mov byte ptr ds:[bp + 0x8e], dl
0x17cd1: mov dl, 0
2018-12-17T22:27:11.399582457Z 71 PC: 17cdb | Get current directory
2018-12-17T22:27:11.40418092Z 26 PC: 17cee | Set disk transfer address
2018-12-17T22:27:11.405285495Z 78 PC: 17cf9 | Find first file
2018-12-17T22:27:11.411788496Z 61 PC: 17d0a | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:27:11.419408683Z 66 PC: 17df2 | Move file pointer
2018-12-17T22:27:11.42119876Z 66 PC: 17e1b | Move file pointer
2018-12-17T22:27:11.422708936Z 63 PC: 17dce | Read file or device (Read 13 bytes on handle 5)
2018-12-17T22:27:11.43019998Z 66 PC: 17de0 | Move file pointer
2018-12-17T22:27:11.431636759Z 63 PC: 17dce | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:27:11.434288821Z 62 PC: 17d88 | Close file
2018-12-17T22:27:11.43637247Z 79 PC: 17d96 | Find next file
2018-12-17T22:27:11.438425455Z 61 PC: 17d0a | Open file (Filename = 'PRINT.COM')
2018-12-17T22:27:11.443106744Z 66 PC: 17df2 | Move file pointer
2018-12-17T22:27:11.444661932Z 66 PC: 17e1b | Move file pointer
2018-12-17T22:27:11.445735616Z 63 PC: 17dce | Read file or device (Read 13 bytes on handle 5)
2018-12-17T22:27:11.447047433Z 66 PC: 17de0 | Move file pointer
2018-12-17T22:27:11.448552272Z 63 PC: 17dce | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:27:11.452801298Z 62 PC: 17d88 | Close file
2018-12-17T22:27:11.455442154Z 79 PC: 17d96 | Find next file
2018-12-17T22:27:11.458428693Z 61 PC: 17d0a | Open file (Filename = 'HELLO.COM')
2018-12-17T22:27:11.465596551Z 66 PC: 17df2 | Move file pointer
2018-12-17T22:27:11.466683571Z 66 PC: 17e1b | Move file pointer
2018-12-17T22:27:11.470020595Z 63 PC: 17dce | Read file or device (Read 13 bytes on handle 5)
2018-12-17T22:27:11.477392445Z 66 PC: 17de0 | Move file pointer
2018-12-17T22:27:11.478825722Z 63 PC: 17dce | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:27:11.481434167Z 62 PC: 17d88 | Close file
2018-12-17T22:27:11.484172929Z 79 PC: 17d96 | Find next file
2018-12-17T22:27:11.487630949Z 61 PC: 17d0a | Open file (Filename = 'PHANG.COM')
2018-12-17T22:27:11.494830626Z 66 PC: 17df2 | Move file pointer
2018-12-17T22:27:11.497063247Z 66 PC: 17e1b | Move file pointer
2018-12-17T22:27:11.4989354Z 63 PC: 17dce | Read file or device (Read 13 bytes on handle 5)
2018-12-17T22:27:11.501101402Z 66 PC: 17de0 | Move file pointer
2018-12-17T22:27:11.50364562Z 63 PC: 17dce | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:27:11.510626413Z 62 PC: 17d88 | Close file
2018-12-17T22:27:11.512510172Z 79 PC: 17d96 | Find next file
2018-12-17T22:27:11.51639117Z 61 PC: 17d0a | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:27:11.524670954Z 66 PC: 17df2 | Move file pointer
2018-12-17T22:27:11.52624723Z 66 PC: 17e1b | Move file pointer
2018-12-17T22:27:11.528607274Z 63 PC: 17dce | Read file or device (Read 13 bytes on handle 5)
2018-12-17T22:27:11.530775748Z 66 PC: 17de0 | Move file pointer
2018-12-17T22:27:11.532430555Z 63 PC: 17dce | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:27:11.539502931Z 62 PC: 17d88 | Close file
2018-12-17T22:27:11.541687099Z 79 PC: 17d96 | Find next file
2018-12-17T22:27:11.544690037Z 61 PC: 17d0a | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:27:11.552003974Z 66 PC: 17df2 | Move file pointer
2018-12-17T22:27:11.56357369Z 66 PC: 17e1b | Move file pointer
2018-12-17T22:27:11.565120876Z 63 PC: 17dce | Read file or device (Read 13 bytes on handle 5)
2018-12-17T22:27:11.573039438Z 66 PC: 17de0 | Move file pointer
2018-12-17T22:27:11.575160424Z 63 PC: 17dce | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:27:11.577920871Z 62 PC: 17d88 | Close file
2018-12-17T22:27:11.579738134Z 79 PC: 17d96 | Find next file
2018-12-17T22:27:11.583419Z 61 PC: 17d0a | Open file (Filename = 'PAH.COM')
2018-12-17T22:27:11.590672984Z 66 PC: 17df2 | Move file pointer
2018-12-17T22:27:11.592160412Z 66 PC: 17e1b | Move file pointer
2018-12-17T22:27:11.594172021Z 63 PC: 17dce | Read file or device (Read 13 bytes on handle 5)
2018-12-17T22:27:11.596141801Z 66 PC: 17de0 | Move file pointer
2018-12-17T22:27:11.597544736Z 63 PC: 17dce | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:27:11.605132235Z 62 PC: 17d88 | Close file
2018-12-17T22:27:11.607180649Z 79 PC: 17d96 | Find next file
2018-12-17T22:27:11.609893534Z 61 PC: 17d0a | Open file (Filename = 'TEST.COM')
2018-12-17T22:27:11.616942908Z 66 PC: 17df2 | Move file pointer
2018-12-17T22:27:11.6184814Z 66 PC: 17e1b | Move file pointer
2018-12-17T22:27:11.619796396Z 63 PC: 17dce | Read file or device (Read 13 bytes on handle 5)
2018-12-17T22:27:11.622743921Z 62 PC: 17d88 | Close file
2018-12-17T22:27:11.624925337Z 79 PC: 17d96 | Find next file
2018-12-17T22:27:11.627189471Z 59 PC: 17da7 | Change current directory
2018-12-17T22:27:11.631507675Z 59 PC: 17db4 | Change current directory
2018-12-17T22:27:11.634094917Z 74 PC: 16178 | Reallocate memory
2018-12-17T22:27:11.635673155Z 48 PC: 1619a | Get DOS version
2018-12-17T22:27:11.63692743Z 72 PC: 161e6 | Allocate memory
2018-12-17T22:27:11.639201488Z 61 PC: 161fc | Open file (Filename = 'A:\TEST.COM')
2018-12-17T22:27:11.646050753Z 66 PC: 1765f | Move file pointer
2018-12-17T22:27:11.647449721Z 66 PC: 17677 | Move file pointer
2018-12-17T22:27:11.64943767Z 63 PC: 1768a | Read file or device (Read 4096 bytes on handle 5)
2018-12-17T22:27:11.657034904Z 63 PC: 1768a | Read file or device (Read 4096 bytes on handle 5)
2018-12-17T22:27:11.664503658Z 63 PC: 1768a | Read file or device (Read 4096 bytes on handle 5)
2018-12-17T22:27:11.67297665Z 63 PC: 1768a | Read file or device (Read 4096 bytes on handle 5)
2018-12-17T22:27:11.680426402Z 63 PC: 1768a | Read file or device (Read 4096 bytes on handle 5)
2018-12-17T22:27:11.687613012Z 63 PC: 1768a | Read file or device (Read 4096 bytes on handle 5)
2018-12-17T22:27:11.695511099Z 62 PC: 176f0 | Close file
2018-12-17T22:27:11.697626022Z 61 PC: 16223 | Open file (Filename = 'A:\MESSAGES.DRV')
2018-12-17T22:27:11.72242034Z 76 PC: 16240 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4827,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:52:58.002621553Z 42 PC: 17c97 | Get date 0x17c97: cmp cx, 0x7c7
0x17c9b: jb 0x17cbd
0x17c9d: cmp dh, byte ptr ds:[bp + 0x8f]
0x17ca2: jb 0x17cbd
0x17ca4: cmp dl, byte ptr ds:[bp + 0x8e]
0x17ca9: jne 0x17cbd
0x17cab: mov al, 2
0x17cad: lea bx, word ptr [0x90]
0x17cb1: mov cx, 1
0x17cb4: mov dx, 0
0x17cb7: int 0x26
0x17cb9: popf
0x17cba: jmp 0x17db4
0x17cbd: cmp dh, 9
0x17cc0: jbe 0x17cc4
0x17cc2: mov dh, 1
0x17cc4: add dh, 3
0x17cc7: mov byte ptr ds:[bp + 0x8f], dh
0x17ccc: mov byte ptr ds:[bp + 0x8e], dl
0x17cd1: mov dl, 0
2018-12-25T11:52:58.005780567Z 71 PC: 17cdb | Get current directory
2018-12-25T11:52:58.009244258Z 26 PC: 17cee | Set disk transfer address
2018-12-25T11:52:58.010980478Z 78 PC: 17cf9 | Find first file
2018-12-25T11:52:58.018641035Z 61 PC: 17d0a | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:52:58.029490203Z 66 PC: 17df2 | Move file pointer
2018-12-25T11:52:58.03099459Z 66 PC: 17e1b | Move file pointer
2018-12-25T11:52:58.032441742Z 63 PC: 17dce | Read file or device (Read 13 bytes on handle 5)
2018-12-25T11:52:58.039663137Z 66 PC: 17de0 | Move file pointer
2018-12-25T11:52:58.041124509Z 63 PC: 17dce | Read file or device (See above)
2018-12-25T11:52:58.04374523Z 62 PC: 17d88 | Close file
2018-12-25T11:52:58.045921747Z 79 PC: 17d96 | Find next file
2018-12-25T11:52:58.048784926Z 61 PC: 17d0a | Open file (See above)
2018-12-25T11:52:58.05729656Z 66 PC: 17df2 | Move file pointer (See above)
2018-12-25T11:52:58.060294126Z 66 PC: 17e1b | Move file pointer (See above)
2018-12-25T11:52:58.063034399Z 63 PC: 17dce | Read file or device (See above)
2018-12-25T11:52:58.065611968Z 66 PC: 17de0 | Move file pointer (See above)
2018-12-25T11:52:58.067924344Z 63 PC: 17dce | Read file or device (See above)
2018-12-25T11:52:58.075609408Z 62 PC: 17d88 | Close file (See above)
2018-12-25T11:52:58.077790469Z 79 PC: 17d96 | Find next file (See above)
2018-12-25T11:52:58.096094405Z 61 PC: 17d0a | Open file (See above)
2018-12-25T11:52:58.103511582Z 66 PC: 17df2 | Move file pointer (See above)
2018-12-25T11:52:58.105165816Z 66 PC: 17e1b | Move file pointer (See above)
2018-12-25T11:52:58.107093807Z 63 PC: 17dce | Read file or device (See above)
2018-12-25T11:52:58.115152286Z 66 PC: 17de0 | Move file pointer (See above)
2018-12-25T11:52:58.116887967Z 63 PC: 17dce | Read file or device (See above)
2018-12-25T11:52:58.119861082Z 62 PC: 17d88 | Close file (See above)
2018-12-25T11:52:58.123396965Z 79 PC: 17d96 | Find next file (See above)
2018-12-25T11:52:58.127612998Z 61 PC: 17d0a | Open file (See above)
2018-12-25T11:52:58.135544905Z 66 PC: 17df2 | Move file pointer (See above)
2018-12-25T11:52:58.140037539Z 66 PC: 17e1b | Move file pointer (See above)
2018-12-25T11:52:58.141582389Z 63 PC: 17dce | Read file or device (See above)
2018-12-25T11:52:58.143222882Z 66 PC: 17de0 | Move file pointer (See above)
2018-12-25T11:52:58.146552047Z 63 PC: 17dce | Read file or device (See above)
2018-12-25T11:52:58.151846586Z 62 PC: 17d88 | Close file (See above)
2018-12-25T11:52:58.153485038Z 79 PC: 17d96 | Find next file (See above)
2018-12-25T11:52:58.157643247Z 61 PC: 17d0a | Open file (See above)
2018-12-25T11:52:58.162512463Z 66 PC: 17df2 | Move file pointer (See above)
2018-12-25T11:52:58.164094761Z 66 PC: 17e1b | Move file pointer (See above)
2018-12-25T11:52:58.16602863Z 63 PC: 17dce | Read file or device (See above)
2018-12-25T11:52:58.168194293Z 66 PC: 17de0 | Move file pointer (See above)
2018-12-25T11:52:58.16973028Z 63 PC: 17dce | Read file or device (See above)
2018-12-25T11:52:58.176994376Z 62 PC: 17d88 | Close file (See above)
2018-12-25T11:52:58.17907673Z 79 PC: 17d96 | Find next file (See above)
2018-12-25T11:52:58.181728309Z 61 PC: 17d0a | Open file (See above)
2018-12-25T11:52:58.18821209Z 66 PC: 17df2 | Move file pointer (See above)
2018-12-25T11:52:58.190219835Z 66 PC: 17e1b | Move file pointer (See above)
2018-12-25T11:52:58.191971055Z 63 PC: 17dce | Read file or device (See above)
2018-12-25T11:52:58.203145236Z 66 PC: 17de0 | Move file pointer (See above)
2018-12-25T11:52:58.209257469Z 63 PC: 17dce | Read file or device (See above)
2018-12-25T11:52:58.212086332Z 62 PC: 17d88 | Close file (See above)
2018-12-25T11:52:58.213890353Z 79 PC: 17d96 | Find next file (See above)
2018-12-25T11:52:58.218172443Z 61 PC: 17d0a | Open file (See above)
2018-12-25T11:52:58.225499777Z 66 PC: 17df2 | Move file pointer (See above)
2018-12-25T11:52:58.227058962Z 66 PC: 17e1b | Move file pointer (See above)
2018-12-25T11:52:58.229584515Z 63 PC: 17dce | Read file or device (See above)
2018-12-25T11:52:58.231685973Z 66 PC: 17de0 | Move file pointer (See above)
2018-12-25T11:52:58.233265755Z 63 PC: 17dce | Read file or device (See above)
2018-12-25T11:52:58.240974829Z 62 PC: 17d88 | Close file (See above)
2018-12-25T11:52:58.243408728Z 79 PC: 17d96 | Find next file (See above)
2018-12-25T11:52:58.246745503Z 61 PC: 17d0a | Open file (See above)
2018-12-25T11:52:58.25539483Z 66 PC: 17df2 | Move file pointer (See above)
2018-12-25T11:52:58.257145349Z 66 PC: 17e1b | Move file pointer (See above)
2018-12-25T11:52:58.258789074Z 63 PC: 17dce | Read file or device (See above)
2018-12-25T11:52:58.263070211Z 62 PC: 17d88 | Close file (See above)
2018-12-25T11:52:58.265049898Z 79 PC: 17d96 | Find next file (See above)
2018-12-25T11:52:58.267775137Z 59 PC: 17da7 | Change current directory
2018-12-25T11:52:58.272535293Z 59 PC: 17db4 | Change current directory
2018-12-25T11:52:58.275462393Z 74 PC: 16178 | Reallocate memory
2018-12-25T11:52:58.277469095Z 48 PC: 1619a | Get DOS version
2018-12-25T11:52:58.279332938Z 72 PC: 161e6 | Allocate memory
2018-12-25T11:52:58.281897134Z 61 PC: 161fc | Open file (Filename = 'A:\TEST.COM')
2018-12-25T11:52:58.289936994Z 66 PC: 1765f | Move file pointer
2018-12-25T11:52:58.29175185Z 66 PC: 17677 | Move file pointer
2018-12-25T11:52:58.294037152Z 63 PC: 1768a | Read file or device (Read 4096 bytes on handle 5)
2018-12-25T11:52:58.301969304Z 63 PC: 1768a | Read file or device (See above)
2018-12-25T11:52:58.309502867Z 63 PC: 1768a | Read file or device (See above)
2018-12-25T11:52:58.31749628Z 63 PC: 1768a | Read file or device (See above)
2018-12-25T11:52:58.325193498Z 63 PC: 1768a | Read file or device (See above)
2018-12-25T11:52:58.33261357Z 63 PC: 1768a | Read file or device (See above)
2018-12-25T11:52:58.340548203Z 62 PC: 176f0 | Close file
2018-12-25T11:52:58.342528435Z 61 PC: 16223 | Open file (Filename = 'A:\MESSAGES.DRV')
2018-12-25T11:52:58.352980851Z 76 PC: 16240 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":9,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4827,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:52:58.07734692Z 42 PC: 17c97 | Get date 0x17c97: cmp cx, 0x7c7
0x17c9b: jb 0x17cbd
0x17c9d: cmp dh, byte ptr ds:[bp + 0x8f]
0x17ca2: jb 0x17cbd
0x17ca4: cmp dl, byte ptr ds:[bp + 0x8e]
0x17ca9: jne 0x17cbd
0x17cab: mov al, 2
0x17cad: lea bx, word ptr [0x90]
0x17cb1: mov cx, 1
0x17cb4: mov dx, 0
0x17cb7: int 0x26
0x17cb9: popf
0x17cba: jmp 0x17db4
0x17cbd: cmp dh, 9
0x17cc0: jbe 0x17cc4
0x17cc2: mov dh, 1
0x17cc4: add dh, 3
0x17cc7: mov byte ptr ds:[bp + 0x8f], dh
0x17ccc: mov byte ptr ds:[bp + 0x8e], dl
0x17cd1: mov dl, 0
2018-12-25T11:52:58.079651165Z 71 PC: 17cdb | Get current directory
2018-12-25T11:52:58.08227386Z 26 PC: 17cee | Set disk transfer address
2018-12-25T11:52:58.083164658Z 78 PC: 17cf9 | Find first file
2018-12-25T11:52:58.089221383Z 61 PC: 17d0a | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:52:58.100125937Z 66 PC: 17df2 | Move file pointer
2018-12-25T11:52:58.101432674Z 66 PC: 17e1b | Move file pointer
2018-12-25T11:52:58.102996862Z 63 PC: 17dce | Read file or device (Read 13 bytes on handle 5)
2018-12-25T11:52:58.109088659Z 66 PC: 17de0 | Move file pointer
2018-12-25T11:52:58.110325529Z 63 PC: 17dce | Read file or device (See above)
2018-12-25T11:52:58.114225136Z 62 PC: 17d88 | Close file
2018-12-25T11:52:58.116703046Z 79 PC: 17d96 | Find next file
2018-12-25T11:52:58.118508536Z 61 PC: 17d0a | Open file (See above)
2018-12-25T11:52:58.125335106Z 66 PC: 17df2 | Move file pointer (See above)
2018-12-25T11:52:58.126713192Z 66 PC: 17e1b | Move file pointer (See above)
2018-12-25T11:52:58.127885155Z 63 PC: 17dce | Read file or device (See above)
2018-12-25T11:52:58.129857025Z 66 PC: 17de0 | Move file pointer (See above)
2018-12-25T11:52:58.131422814Z 63 PC: 17dce | Read file or device (See above)
2018-12-25T11:52:58.138479255Z 62 PC: 17d88 | Close file (See above)
2018-12-25T11:52:58.140351164Z 79 PC: 17d96 | Find next file (See above)
2018-12-25T11:52:58.143309406Z 61 PC: 17d0a | Open file (See above)
2018-12-25T11:52:58.150685558Z 66 PC: 17df2 | Move file pointer (See above)
2018-12-25T11:52:58.151914054Z 66 PC: 17e1b | Move file pointer (See above)
2018-12-25T11:52:58.153725252Z 63 PC: 17dce | Read file or device (See above)
2018-12-25T11:52:58.159850205Z 66 PC: 17de0 | Move file pointer (See above)
2018-12-25T11:52:58.161255957Z 63 PC: 17dce | Read file or device (See above)
2018-12-25T11:52:58.164094564Z 62 PC: 17d88 | Close file (See above)
2018-12-25T11:52:58.165626645Z 79 PC: 17d96 | Find next file (See above)
2018-12-25T11:52:58.168020196Z 61 PC: 17d0a | Open file (See above)
2018-12-25T11:52:58.174461921Z 66 PC: 17df2 | Move file pointer (See above)
2018-12-25T11:52:58.175854706Z 66 PC: 17e1b | Move file pointer (See above)
2018-12-25T11:52:58.177155889Z 63 PC: 17dce | Read file or device (See above)
2018-12-25T11:52:58.178990257Z 66 PC: 17de0 | Move file pointer (See above)
2018-12-25T11:52:58.180138152Z 63 PC: 17dce | Read file or device (See above)
2018-12-25T11:52:58.186571054Z 62 PC: 17d88 | Close file (See above)
2018-12-25T11:52:58.188216649Z 79 PC: 17d96 | Find next file (See above)
2018-12-25T11:52:58.190626342Z 61 PC: 17d0a | Open file (See above)
2018-12-25T11:52:58.196859506Z 66 PC: 17df2 | Move file pointer (See above)
2018-12-25T11:52:58.198718644Z 66 PC: 17e1b | Move file pointer (See above)
2018-12-25T11:52:58.199854944Z 63 PC: 17dce | Read file or device (See above)
2018-12-25T11:52:58.201451835Z 66 PC: 17de0 | Move file pointer (See above)
2018-12-25T11:52:58.203100541Z 63 PC: 17dce | Read file or device (See above)
2018-12-25T11:52:58.209294771Z 62 PC: 17d88 | Close file (See above)
2018-12-25T11:52:58.210830148Z 79 PC: 17d96 | Find next file (See above)
2018-12-25T11:52:58.213818892Z 61 PC: 17d0a | Open file (See above)
2018-12-25T11:52:58.220105542Z 66 PC: 17df2 | Move file pointer (See above)
2018-12-25T11:52:58.221291824Z 66 PC: 17e1b | Move file pointer (See above)
2018-12-25T11:52:58.222944259Z 63 PC: 17dce | Read file or device (See above)
2018-12-25T11:52:58.228958663Z 66 PC: 17de0 | Move file pointer (See above)
2018-12-25T11:52:58.230118483Z 63 PC: 17dce | Read file or device (See above)
2018-12-25T11:52:58.238776476Z 62 PC: 17d88 | Close file (See above)
2018-12-25T11:52:58.240320856Z 79 PC: 17d96 | Find next file (See above)
2018-12-25T11:52:58.242676522Z 61 PC: 17d0a | Open file (See above)
2018-12-25T11:52:58.249146305Z 66 PC: 17df2 | Move file pointer (See above)
2018-12-25T11:52:58.250386803Z 66 PC: 17e1b | Move file pointer (See above)
2018-12-25T11:52:58.251567142Z 63 PC: 17dce | Read file or device (See above)
2018-12-25T11:52:58.253377501Z 66 PC: 17de0 | Move file pointer (See above)
2018-12-25T11:52:58.255263534Z 63 PC: 17dce | Read file or device (See above)
2018-12-25T11:52:58.261345509Z 62 PC: 17d88 | Close file (See above)
2018-12-25T11:52:58.276887011Z 79 PC: 17d96 | Find next file (See above)
2018-12-25T11:52:58.279442861Z 61 PC: 17d0a | Open file (See above)
2018-12-25T11:52:58.285799219Z 66 PC: 17df2 | Move file pointer (See above)
2018-12-25T11:52:58.287553637Z 66 PC: 17e1b | Move file pointer (See above)
2018-12-25T11:52:58.288886767Z 63 PC: 17dce | Read file or device (See above)
2018-12-25T11:52:58.295512949Z 62 PC: 17d88 | Close file (See above)
2018-12-25T11:52:58.297614907Z 79 PC: 17d96 | Find next file (See above)
2018-12-25T11:52:58.299795351Z 59 PC: 17da7 | Change current directory
2018-12-25T11:52:58.303623339Z 59 PC: 17db4 | Change current directory
2018-12-25T11:52:58.305540063Z 74 PC: 16178 | Reallocate memory
2018-12-25T11:52:58.306598229Z 48 PC: 1619a | Get DOS version
2018-12-25T11:52:58.307681786Z 72 PC: 161e6 | Allocate memory
2018-12-25T11:52:58.309638542Z 61 PC: 161fc | Open file (Filename = 'A:\TEST.COM')
2018-12-25T11:52:58.315821595Z 66 PC: 1765f | Move file pointer
2018-12-25T11:52:58.317051467Z 66 PC: 17677 | Move file pointer
2018-12-25T11:52:58.318468714Z 63 PC: 1768a | Read file or device (Read 4096 bytes on handle 5)
2018-12-25T11:52:58.3254374Z 63 PC: 1768a | Read file or device (See above)
2018-12-25T11:52:58.331195504Z 63 PC: 1768a | Read file or device (See above)
2018-12-25T11:52:58.339425007Z 63 PC: 1768a | Read file or device (See above)
2018-12-25T11:52:58.346251169Z 63 PC: 1768a | Read file or device (See above)
2018-12-25T11:52:58.352996329Z 63 PC: 1768a | Read file or device (See above)
2018-12-25T11:52:58.360739619Z 62 PC: 176f0 | Close file
2018-12-25T11:52:58.36283169Z 61 PC: 16223 | Open file (Filename = 'A:\MESSAGES.DRV')
2018-12-25T11:52:58.371613281Z 76 PC: 16240 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1991,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4827,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:52:58.166242832Z 42 PC: 17c97 | Get date 0x17c97: cmp cx, 0x7c7
0x17c9b: jb 0x17cbd
0x17c9d: cmp dh, byte ptr ds:[bp + 0x8f]
0x17ca2: jb 0x17cbd
0x17ca4: cmp dl, byte ptr ds:[bp + 0x8e]
0x17ca9: jne 0x17cbd
0x17cab: mov al, 2
0x17cad: lea bx, word ptr [0x90]
0x17cb1: mov cx, 1
0x17cb4: mov dx, 0
0x17cb7: int 0x26
0x17cb9: popf
0x17cba: jmp 0x17db4
0x17cbd: cmp dh, 9
0x17cc0: jbe 0x17cc4
0x17cc2: mov dh, 1
0x17cc4: add dh, 3
0x17cc7: mov byte ptr ds:[bp + 0x8f], dh
0x17ccc: mov byte ptr ds:[bp + 0x8e], dl
0x17cd1: mov dl, 0
2018-12-25T11:52:58.169089436Z 71 PC: 17cdb | Get current directory
2018-12-25T11:52:58.172202443Z 26 PC: 17cee | Set disk transfer address
2018-12-25T11:52:58.173306249Z 78 PC: 17cf9 | Find first file
2018-12-25T11:52:58.180949251Z 61 PC: 17d0a | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:52:58.188059616Z 66 PC: 17df2 | Move file pointer
2018-12-25T11:52:58.189770155Z 66 PC: 17e1b | Move file pointer
2018-12-25T11:52:58.191399169Z 63 PC: 17dce | Read file or device (Read 13 bytes on handle 5)
2018-12-25T11:52:58.198550532Z 66 PC: 17de0 | Move file pointer
2018-12-25T11:52:58.200205112Z 63 PC: 17dce | Read file or device (See above)
2018-12-25T11:52:58.202866626Z 62 PC: 17d88 | Close file
2018-12-25T11:52:58.205149861Z 79 PC: 17d96 | Find next file
2018-12-25T11:52:58.207385201Z 61 PC: 17d0a | Open file (See above)
2018-12-25T11:52:58.214626933Z 66 PC: 17df2 | Move file pointer (See above)
2018-12-25T11:52:58.216437064Z 66 PC: 17e1b | Move file pointer (See above)
2018-12-25T11:52:58.217665247Z 63 PC: 17dce | Read file or device (See above)
2018-12-25T11:52:58.219618035Z 66 PC: 17de0 | Move file pointer (See above)
2018-12-25T11:52:58.221773802Z 63 PC: 17dce | Read file or device (See above)
2018-12-25T11:52:58.229947001Z 62 PC: 17d88 | Close file (See above)
2018-12-25T11:52:58.231779499Z 79 PC: 17d96 | Find next file (See above)
2018-12-25T11:52:58.235119341Z 61 PC: 17d0a | Open file (See above)
2018-12-25T11:52:58.242980788Z 66 PC: 17df2 | Move file pointer (See above)
2018-12-25T11:52:58.244314419Z 66 PC: 17e1b | Move file pointer (See above)
2018-12-25T11:52:58.246028995Z 63 PC: 17dce | Read file or device (See above)
2018-12-25T11:52:58.253029633Z 66 PC: 17de0 | Move file pointer (See above)
2018-12-25T11:52:58.254525245Z 63 PC: 17dce | Read file or device (See above)
2018-12-25T11:52:58.257769488Z 62 PC: 17d88 | Close file (See above)
2018-12-25T11:52:58.259721544Z 79 PC: 17d96 | Find next file (See above)
2018-12-25T11:52:58.262619598Z 61 PC: 17d0a | Open file (See above)
2018-12-25T11:52:58.269904458Z 66 PC: 17df2 | Move file pointer (See above)
2018-12-25T11:52:58.279510071Z 66 PC: 17e1b | Move file pointer (See above)
2018-12-25T11:52:58.281046451Z 63 PC: 17dce | Read file or device (See above)
2018-12-25T11:52:58.282996752Z 66 PC: 17de0 | Move file pointer (See above)
2018-12-25T11:52:58.284677278Z 63 PC: 17dce | Read file or device (See above)
2018-12-25T11:52:58.291929463Z 62 PC: 17d88 | Close file (See above)
2018-12-25T11:52:58.293816241Z 79 PC: 17d96 | Find next file (See above)
2018-12-25T11:52:58.297172616Z 61 PC: 17d0a | Open file (See above)
2018-12-25T11:52:58.304308126Z 66 PC: 17df2 | Move file pointer (See above)
2018-12-25T11:52:58.305699556Z 66 PC: 17e1b | Move file pointer (See above)
2018-12-25T11:52:58.307536981Z 63 PC: 17dce | Read file or device (See above)
2018-12-25T11:52:58.308900719Z 66 PC: 17de0 | Move file pointer (See above)
2018-12-25T11:52:58.309901031Z 63 PC: 17dce | Read file or device (See above)
2018-12-25T11:52:58.314813202Z 62 PC: 17d88 | Close file (See above)
2018-12-25T11:52:58.31748331Z 79 PC: 17d96 | Find next file (See above)
2018-12-25T11:52:58.32030053Z 61 PC: 17d0a | Open file (See above)
2018-12-25T11:52:58.327705939Z 66 PC: 17df2 | Move file pointer (See above)
2018-12-25T11:52:58.329440327Z 66 PC: 17e1b | Move file pointer (See above)
2018-12-25T11:52:58.33114268Z 63 PC: 17dce | Read file or device (See above)
2018-12-25T11:52:58.338418083Z 66 PC: 17de0 | Move file pointer (See above)
2018-12-25T11:52:58.340311246Z 63 PC: 17dce | Read file or device (See above)
2018-12-25T11:52:58.35262846Z 62 PC: 17d88 | Close file (See above)
2018-12-25T11:52:58.354573349Z 79 PC: 17d96 | Find next file (See above)
2018-12-25T11:52:58.35785636Z 61 PC: 17d0a | Open file (See above)
2018-12-25T11:52:58.36497551Z 66 PC: 17df2 | Move file pointer (See above)
2018-12-25T11:52:58.366357692Z 66 PC: 17e1b | Move file pointer (See above)
2018-12-25T11:52:58.367936622Z 63 PC: 17dce | Read file or device (See above)
2018-12-25T11:52:58.369960008Z 66 PC: 17de0 | Move file pointer (See above)
2018-12-25T11:52:58.371399507Z 63 PC: 17dce | Read file or device (See above)
2018-12-25T11:52:58.378763858Z 62 PC: 17d88 | Close file (See above)
2018-12-25T11:52:58.380652104Z 79 PC: 17d96 | Find next file (See above)
2018-12-25T11:52:58.384352129Z 61 PC: 17d0a | Open file (See above)
2018-12-25T11:52:58.392233074Z 66 PC: 17df2 | Move file pointer (See above)
2018-12-25T11:52:58.398001585Z 66 PC: 17e1b | Move file pointer (See above)
2018-12-25T11:52:58.39937351Z 63 PC: 17dce | Read file or device (See above)
2018-12-25T11:52:58.4017618Z 62 PC: 17d88 | Close file (See above)
2018-12-25T11:52:58.403430969Z 79 PC: 17d96 | Find next file (See above)
2018-12-25T11:52:58.405105264Z 59 PC: 17da7 | Change current directory
2018-12-25T11:52:58.408288972Z 59 PC: 17db4 | Change current directory
2018-12-25T11:52:58.414941665Z 74 PC: 16178 | Reallocate memory
2018-12-25T11:52:58.416381447Z 48 PC: 1619a | Get DOS version
2018-12-25T11:52:58.41788883Z 72 PC: 161e6 | Allocate memory
2018-12-25T11:52:58.419765466Z 61 PC: 161fc | Open file (Filename = 'A:\TEST.COM')
2018-12-25T11:52:58.427177678Z 66 PC: 1765f | Move file pointer
2018-12-25T11:52:58.429044063Z 66 PC: 17677 | Move file pointer
2018-12-25T11:52:58.430872014Z 63 PC: 1768a | Read file or device (Read 4096 bytes on handle 5)
2018-12-25T11:52:58.439037145Z 63 PC: 1768a | Read file or device (See above)
2018-12-25T11:52:58.447026738Z 63 PC: 1768a | Read file or device (See above)
2018-12-25T11:52:58.454986265Z 63 PC: 1768a | Read file or device (See above)
2018-12-25T11:52:58.462799967Z 63 PC: 1768a | Read file or device (See above)
2018-12-25T11:52:58.470732436Z 63 PC: 1768a | Read file or device (See above)
2018-12-25T11:52:58.479803863Z 62 PC: 176f0 | Close file
2018-12-25T11:52:58.48146301Z 61 PC: 16223 | Open file (Filename = 'A:\MESSAGES.DRV')
2018-12-25T11:52:58.491871938Z 76 PC: 16240 | Terminate with return code (Return code = '1')