Sample viewer

vx.netlux.org/Virus.DOS.Grog.518

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T21:55:54.125530447Z	26	PC: 12f9f \| Set disk transfer address
2018-12-17T21:55:54.128188747Z	78	PC: 12fab \| Find first file
2018-12-17T21:55:54.134165046Z	53	PC: 12ff6 \| Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T21:55:54.135385321Z	53	PC: 12ffc \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:55:54.137505854Z	37	PC: 13007 \| Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T21:55:54.139250006Z	37	PC: 13017 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:55:54.140648081Z	61	PC: 13028 \| Open file (Filename = '')
2018-12-17T21:55:54.148911215Z	63	PC: 13037 \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T21:55:54.159302631Z	66	PC: 13046 \| Move file pointer
2018-12-17T21:55:54.160764489Z	62	PC: 1305c \| Close file
2018-12-17T21:55:54.163512571Z	37	PC: 13063 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:55:54.164604558Z	37	PC: 1306a \| Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T21:55:54.16564679Z	79	PC: 12fab \| Find next file
2018-12-17T21:55:54.168168044Z	53	PC: 12ff6 \| Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T21:55:54.170103778Z	53	PC: 12ffc \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:55:54.17172328Z	37	PC: 13007 \| Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T21:55:54.173428586Z	37	PC: 13017 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:55:54.175611045Z	61	PC: 13028 \| Open file (Filename = '')
2018-12-17T21:55:54.18235928Z	63	PC: 13037 \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T21:55:54.188663015Z	66	PC: 13046 \| Move file pointer
2018-12-17T21:55:54.191354618Z	62	PC: 1305c \| Close file
2018-12-17T21:55:54.193403747Z	37	PC: 13063 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:55:54.194774635Z	37	PC: 1306a \| Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T21:55:54.198436308Z	79	PC: 12fab \| Find next file
2018-12-17T21:55:54.201274718Z	53	PC: 12ff6 \| Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T21:55:54.203471348Z	53	PC: 12ffc \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:55:54.206514654Z	37	PC: 13007 \| Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T21:55:54.209768462Z	37	PC: 13017 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:55:54.211987183Z	61	PC: 13028 \| Open file (Filename = '')
2018-12-17T21:55:54.219819973Z	63	PC: 13037 \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T21:55:54.226765195Z	66	PC: 13046 \| Move file pointer
2018-12-17T21:55:54.228368084Z	62	PC: 1305c \| Close file
2018-12-17T21:55:54.230321353Z	37	PC: 13063 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:55:54.240870935Z	37	PC: 1306a \| Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T21:55:54.243372522Z	79	PC: 12fab \| Find next file
2018-12-17T21:55:54.246322173Z	53	PC: 12ff6 \| Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T21:55:54.248156379Z	53	PC: 12ffc \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:55:54.2498055Z	37	PC: 13007 \| Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T21:55:54.251449531Z	37	PC: 13017 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:55:54.253256763Z	61	PC: 13028 \| Open file (Filename = '')
2018-12-17T21:55:54.259742748Z	63	PC: 13037 \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T21:55:54.265671313Z	66	PC: 13046 \| Move file pointer
2018-12-17T21:55:54.268097567Z	62	PC: 1305c \| Close file
2018-12-17T21:55:54.270231211Z	37	PC: 13063 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:55:54.271563226Z	37	PC: 1306a \| Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T21:55:54.273629845Z	79	PC: 12fab \| Find next file
2018-12-17T21:55:54.276363425Z	53	PC: 12ff6 \| Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T21:55:54.277722466Z	53	PC: 12ffc \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:55:54.280254225Z	37	PC: 13007 \| Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T21:55:54.282579336Z	37	PC: 13017 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:55:54.284478691Z	61	PC: 13028 \| Open file (Filename = '')
2018-12-17T21:55:54.292142605Z	63	PC: 13037 \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T21:55:54.298421895Z	66	PC: 13046 \| Move file pointer
2018-12-17T21:55:54.299996406Z	62	PC: 1305c \| Close file
2018-12-17T21:55:54.301912174Z	37	PC: 13063 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:55:54.304009126Z	37	PC: 1306a \| Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T21:55:54.305321047Z	79	PC: 12fab \| Find next file
2018-12-17T21:55:54.308519454Z	53	PC: 12ff6 \| Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T21:55:54.310370512Z	53	PC: 12ffc \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:55:54.312140083Z	37	PC: 13007 \| Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T21:55:54.313743309Z	37	PC: 13017 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:55:54.315836442Z	61	PC: 13028 \| Open file (Filename = '')
2018-12-17T21:55:54.322717746Z	63	PC: 13037 \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T21:55:54.328853632Z	66	PC: 13046 \| Move file pointer
2018-12-17T21:55:54.330757788Z	62	PC: 1305c \| Close file
2018-12-17T21:55:54.332360296Z	37	PC: 13063 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:55:54.334083187Z	37	PC: 1306a \| Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T21:55:54.336016616Z	79	PC: 12fab \| Find next file
2018-12-17T21:55:54.338599655Z	53	PC: 12ff6 \| Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T21:55:54.339899825Z	53	PC: 12ffc \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:55:54.342142657Z	37	PC: 13007 \| Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T21:55:54.343518633Z	37	PC: 13017 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:55:54.344588504Z	61	PC: 13028 \| Open file (Filename = '')
2018-12-17T21:55:54.352062714Z	63	PC: 13037 \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T21:55:54.362038796Z	66	PC: 13046 \| Move file pointer
2018-12-17T21:55:54.36343208Z	62	PC: 1305c \| Close file
2018-12-17T21:55:54.365648193Z	37	PC: 13063 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:55:54.366651551Z	37	PC: 1306a \| Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T21:55:54.367679778Z	79	PC: 12fab \| Find next file
2018-12-17T21:55:54.371281694Z	53	PC: 12ff6 \| Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T21:55:54.372725793Z	53	PC: 12ffc \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:55:54.374420398Z	37	PC: 13007 \| Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T21:55:54.376957429Z	37	PC: 13017 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:55:54.378315193Z	61	PC: 13028 \| Open file (Filename = '')
2018-12-17T21:55:54.384792871Z	63	PC: 13037 \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T21:55:54.387882137Z	62	PC: 1305c \| Close file
2018-12-17T21:55:54.389611726Z	37	PC: 13063 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:55:54.390637477Z	37	PC: 1306a \| Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T21:55:54.392399279Z	79	PC: 12fab \| Find next file
2018-12-17T21:55:54.395547234Z	42	PC: 12fb8 \| Get date 0x12fb8: cmp al, 1 0x12fba: jne 0x12fc7 0x12fbc: or dl, 0xfc 0x12fbf: cmp dl, 0xff 0x12fc2: jne 0x12fc7 0x12fc4: call 0x13110 0x12fc7: mov dx, 0x80 0x12fca: mov ah, 0x1a 0x12fcc: int 0x21 0x12fce: mov ax, 0x100 0x12fd1: push ax 0x12fd2: push cs 0x12fd3: pop es 0x12fd4: xor ax, ax 0x12fd6: xor bx, bx 0x12fd8: xor cx, cx 0x12fda: xor dx, dx 0x12fdc: xor si, si 0x12fde: xor di, di 0x12fe0: xor bp, bp
2018-12-17T21:55:54.397775049Z	26	PC: 12fce \| Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":644,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:41:24.418190482Z	26	PC: 12f9f \| Set disk transfer address
2018-12-25T11:41:24.419377553Z	78	PC: 12fab \| Find first file
2018-12-25T11:41:24.432066068Z	53	PC: 12ff6 \| Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:41:24.433440024Z	53	PC: 12ffc \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:41:24.436130614Z	37	PC: 13007 \| Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:41:24.442172509Z	37	PC: 13017 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:41:24.443304459Z	61	PC: 13028 \| Open file (Filename = '')
2018-12-25T11:41:24.450419373Z	63	PC: 13037 \| Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:41:24.457500764Z	66	PC: 13046 \| Move file pointer
2018-12-25T11:41:24.458951081Z	62	PC: 1305c \| Close file
2018-12-25T11:41:24.461137366Z	37	PC: 13063 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:41:24.463343586Z	37	PC: 1306a \| Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:41:24.46446792Z	79	PC: 12fab \| Find next file (See above)
2018-12-25T11:41:24.467311325Z	53	PC: 12ff6 \| Get interrupt vector (See above)
2018-12-25T11:41:24.469044636Z	53	PC: 12ffc \| Get interrupt vector (See above)
2018-12-25T11:41:24.480366143Z	37	PC: 13007 \| Set interrupt vector (See above)
2018-12-25T11:41:24.481994958Z	37	PC: 13017 \| Set interrupt vector (See above)
2018-12-25T11:41:24.483784758Z	61	PC: 13028 \| Open file (See above)
2018-12-25T11:41:24.492372866Z	63	PC: 13037 \| Read file or device (See above)
2018-12-25T11:41:24.499292248Z	66	PC: 13046 \| Move file pointer (See above)
2018-12-25T11:41:24.505633129Z	62	PC: 1305c \| Close file (See above)
2018-12-25T11:41:24.507629947Z	37	PC: 13063 \| Set interrupt vector (See above)
2018-12-25T11:41:24.508807357Z	37	PC: 1306a \| Set interrupt vector (See above)
2018-12-25T11:41:24.510006108Z	79	PC: 12fab \| Find next file (See above)
2018-12-25T11:41:24.516766471Z	53	PC: 12ff6 \| Get interrupt vector (See above)
2018-12-25T11:41:24.519146779Z	53	PC: 12ffc \| Get interrupt vector (See above)
2018-12-25T11:41:24.521598936Z	37	PC: 13007 \| Set interrupt vector (See above)
2018-12-25T11:41:24.525194654Z	37	PC: 13017 \| Set interrupt vector (See above)
2018-12-25T11:41:24.527265266Z	61	PC: 13028 \| Open file (See above)
2018-12-25T11:41:24.534498678Z	63	PC: 13037 \| Read file or device (See above)
2018-12-25T11:41:24.544538134Z	66	PC: 13046 \| Move file pointer (See above)
2018-12-25T11:41:24.546406869Z	62	PC: 1305c \| Close file (See above)
2018-12-25T11:41:24.548488068Z	37	PC: 13063 \| Set interrupt vector (See above)
2018-12-25T11:41:24.550690268Z	37	PC: 1306a \| Set interrupt vector (See above)
2018-12-25T11:41:24.552254285Z	79	PC: 12fab \| Find next file (See above)
2018-12-25T11:41:24.555806993Z	53	PC: 12ff6 \| Get interrupt vector (See above)
2018-12-25T11:41:24.558326166Z	53	PC: 12ffc \| Get interrupt vector (See above)
2018-12-25T11:41:24.560062084Z	37	PC: 13007 \| Set interrupt vector (See above)
2018-12-25T11:41:24.56168196Z	37	PC: 13017 \| Set interrupt vector (See above)
2018-12-25T11:41:24.563461019Z	61	PC: 13028 \| Open file (See above)
2018-12-25T11:41:24.571148068Z	63	PC: 13037 \| Read file or device (See above)
2018-12-25T11:41:24.578357996Z	66	PC: 13046 \| Move file pointer (See above)
2018-12-25T11:41:24.580605541Z	62	PC: 1305c \| Close file (See above)
2018-12-25T11:41:24.584084164Z	37	PC: 13063 \| Set interrupt vector (See above)
2018-12-25T11:41:24.585389137Z	37	PC: 1306a \| Set interrupt vector (See above)
2018-12-25T11:41:24.586697965Z	79	PC: 12fab \| Find next file (See above)
2018-12-25T11:41:24.590581497Z	53	PC: 12ff6 \| Get interrupt vector (See above)
2018-12-25T11:41:24.591897999Z	53	PC: 12ffc \| Get interrupt vector (See above)
2018-12-25T11:41:24.593488931Z	37	PC: 13007 \| Set interrupt vector (See above)
2018-12-25T11:41:24.596923354Z	37	PC: 13017 \| Set interrupt vector (See above)
2018-12-25T11:41:24.598189538Z	61	PC: 13028 \| Open file (See above)
2018-12-25T11:41:24.606210856Z	63	PC: 13037 \| Read file or device (See above)
2018-12-25T11:41:24.614389954Z	66	PC: 13046 \| Move file pointer (See above)
2018-12-25T11:41:24.616179098Z	62	PC: 1305c \| Close file (See above)
2018-12-25T11:41:24.618164041Z	37	PC: 13063 \| Set interrupt vector (See above)
2018-12-25T11:41:24.619546356Z	37	PC: 1306a \| Set interrupt vector (See above)
2018-12-25T11:41:24.621032732Z	79	PC: 12fab \| Find next file (See above)
2018-12-25T11:41:24.624005741Z	53	PC: 12ff6 \| Get interrupt vector (See above)
2018-12-25T11:41:24.625610656Z	53	PC: 12ffc \| Get interrupt vector (See above)
2018-12-25T11:41:24.627797261Z	37	PC: 13007 \| Set interrupt vector (See above)
2018-12-25T11:41:24.629282347Z	37	PC: 13017 \| Set interrupt vector (See above)
2018-12-25T11:41:24.630469448Z	61	PC: 13028 \| Open file (See above)
2018-12-25T11:41:24.638875495Z	63	PC: 13037 \| Read file or device (See above)
2018-12-25T11:41:24.645948718Z	66	PC: 13046 \| Move file pointer (See above)
2018-12-25T11:41:24.647542655Z	62	PC: 1305c \| Close file (See above)
2018-12-25T11:41:24.649309756Z	37	PC: 13063 \| Set interrupt vector (See above)
2018-12-25T11:41:24.651374434Z	37	PC: 1306a \| Set interrupt vector (See above)
2018-12-25T11:41:24.654281349Z	79	PC: 12fab \| Find next file (See above)
2018-12-25T11:41:24.657794499Z	53	PC: 12ff6 \| Get interrupt vector (See above)
2018-12-25T11:41:24.659136379Z	53	PC: 12ffc \| Get interrupt vector (See above)
2018-12-25T11:41:24.671726476Z	37	PC: 13007 \| Set interrupt vector (See above)
2018-12-25T11:41:24.673865423Z	37	PC: 13017 \| Set interrupt vector (See above)
2018-12-25T11:41:24.675128937Z	61	PC: 13028 \| Open file (See above)
2018-12-25T11:41:24.67991482Z	63	PC: 13037 \| Read file or device (See above)
2018-12-25T11:41:24.684588766Z	66	PC: 13046 \| Move file pointer (See above)
2018-12-25T11:41:24.686129489Z	62	PC: 1305c \| Close file (See above)
2018-12-25T11:41:24.688015517Z	37	PC: 13063 \| Set interrupt vector (See above)
2018-12-25T11:41:24.689496322Z	37	PC: 1306a \| Set interrupt vector (See above)
2018-12-25T11:41:24.690508803Z	79	PC: 12fab \| Find next file (See above)
2018-12-25T11:41:24.692297639Z	53	PC: 12ff6 \| Get interrupt vector (See above)
2018-12-25T11:41:24.693729703Z	53	PC: 12ffc \| Get interrupt vector (See above)
2018-12-25T11:41:24.699965693Z	37	PC: 13007 \| Set interrupt vector (See above)
2018-12-25T11:41:24.701101902Z	37	PC: 13017 \| Set interrupt vector (See above)
2018-12-25T11:41:24.702247832Z	61	PC: 13028 \| Open file (See above)
2018-12-25T11:41:24.707349385Z	63	PC: 13037 \| Read file or device (See above)
2018-12-25T11:41:24.710160136Z	62	PC: 1305c \| Close file (See above)
2018-12-25T11:41:24.712974732Z	37	PC: 13063 \| Set interrupt vector (See above)
2018-12-25T11:41:24.715176957Z	37	PC: 1306a \| Set interrupt vector (See above)
2018-12-25T11:41:24.716852944Z	79	PC: 12fab \| Find next file (See above)
2018-12-25T11:41:24.719989401Z	42	PC: 12fb8 \| Get date 0x12fb8: cmp al, 1 0x12fba: jne 0x12fc7 0x12fbc: or dl, 0xfc 0x12fbf: cmp dl, 0xff 0x12fc2: jne 0x12fc7 0x12fc4: call 0x13110 0x12fc7: mov dx, 0x80 0x12fca: mov ah, 0x1a 0x12fcc: int 0x21 0x12fce: mov ax, 0x100 0x12fd1: push ax 0x12fd2: push cs 0x12fd3: pop es 0x12fd4: xor ax, ax 0x12fd6: xor bx, bx 0x12fd8: xor cx, cx 0x12fda: xor dx, dx 0x12fdc: xor si, si 0x12fde: xor di, di 0x12fe0: xor bp, bp
2018-12-25T11:41:24.723846958Z	26	PC: 12fce \| Set disk transfer address

{"DateBased":true,"Day":7,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":644,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:41:24.53541476Z	26	PC: 12f9f \| Set disk transfer address
2018-12-25T11:41:24.536886277Z	78	PC: 12fab \| Find first file
2018-12-25T11:41:24.544638494Z	53	PC: 12ff6 \| Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:41:24.546248728Z	53	PC: 12ffc \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:41:24.548171705Z	37	PC: 13007 \| Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:41:24.550401819Z	37	PC: 13017 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:41:24.551712112Z	61	PC: 13028 \| Open file (Filename = '')
2018-12-25T11:41:24.558881281Z	63	PC: 13037 \| Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:41:24.566875999Z	66	PC: 13046 \| Move file pointer
2018-12-25T11:41:24.568754499Z	62	PC: 1305c \| Close file
2018-12-25T11:41:24.571122008Z	37	PC: 13063 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:41:24.574052839Z	37	PC: 1306a \| Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:41:24.57595657Z	79	PC: 12fab \| Find next file (See above)
2018-12-25T11:41:24.578877444Z	53	PC: 12ff6 \| Get interrupt vector (See above)
2018-12-25T11:41:24.580041827Z	53	PC: 12ffc \| Get interrupt vector (See above)
2018-12-25T11:41:24.581870116Z	37	PC: 13007 \| Set interrupt vector (See above)
2018-12-25T11:41:24.583344985Z	37	PC: 13017 \| Set interrupt vector (See above)
2018-12-25T11:41:24.584343308Z	61	PC: 13028 \| Open file (See above)
2018-12-25T11:41:24.592589213Z	63	PC: 13037 \| Read file or device (See above)
2018-12-25T11:41:24.600307677Z	66	PC: 13046 \| Move file pointer (See above)
2018-12-25T11:41:24.602088391Z	62	PC: 1305c \| Close file (See above)
2018-12-25T11:41:24.604566471Z	37	PC: 13063 \| Set interrupt vector (See above)
2018-12-25T11:41:24.605878358Z	37	PC: 1306a \| Set interrupt vector (See above)
2018-12-25T11:41:24.60712019Z	79	PC: 12fab \| Find next file (See above)
2018-12-25T11:41:24.611003691Z	53	PC: 12ff6 \| Get interrupt vector (See above)
2018-12-25T11:41:24.612294143Z	53	PC: 12ffc \| Get interrupt vector (See above)
2018-12-25T11:41:24.613859108Z	37	PC: 13007 \| Set interrupt vector (See above)
2018-12-25T11:41:24.615966755Z	37	PC: 13017 \| Set interrupt vector (See above)
2018-12-25T11:41:24.617561014Z	61	PC: 13028 \| Open file (See above)
2018-12-25T11:41:24.625575216Z	63	PC: 13037 \| Read file or device (See above)
2018-12-25T11:41:24.633374745Z	66	PC: 13046 \| Move file pointer (See above)
2018-12-25T11:41:24.635062586Z	62	PC: 1305c \| Close file (See above)
2018-12-25T11:41:24.637343197Z	37	PC: 13063 \| Set interrupt vector (See above)
2018-12-25T11:41:24.638911083Z	37	PC: 1306a \| Set interrupt vector (See above)
2018-12-25T11:41:24.640627705Z	79	PC: 12fab \| Find next file (See above)
2018-12-25T11:41:24.65164562Z	53	PC: 12ff6 \| Get interrupt vector (See above)
2018-12-25T11:41:24.653324312Z	53	PC: 12ffc \| Get interrupt vector (See above)
2018-12-25T11:41:24.655868213Z	37	PC: 13007 \| Set interrupt vector (See above)
2018-12-25T11:41:24.657723696Z	37	PC: 13017 \| Set interrupt vector (See above)
2018-12-25T11:41:24.659262378Z	61	PC: 13028 \| Open file (See above)
2018-12-25T11:41:24.668709983Z	63	PC: 13037 \| Read file or device (See above)
2018-12-25T11:41:24.675518701Z	66	PC: 13046 \| Move file pointer (See above)
2018-12-25T11:41:24.677065564Z	62	PC: 1305c \| Close file (See above)
2018-12-25T11:41:24.680092797Z	37	PC: 13063 \| Set interrupt vector (See above)
2018-12-25T11:41:24.681234176Z	37	PC: 1306a \| Set interrupt vector (See above)
2018-12-25T11:41:24.682365703Z	79	PC: 12fab \| Find next file (See above)
2018-12-25T11:41:24.685765816Z	53	PC: 12ff6 \| Get interrupt vector (See above)
2018-12-25T11:41:24.687239159Z	53	PC: 12ffc \| Get interrupt vector (See above)
2018-12-25T11:41:24.688835026Z	37	PC: 13007 \| Set interrupt vector (See above)
2018-12-25T11:41:24.69099204Z	37	PC: 13017 \| Set interrupt vector (See above)
2018-12-25T11:41:24.692451569Z	61	PC: 13028 \| Open file (See above)
2018-12-25T11:41:24.699898626Z	63	PC: 13037 \| Read file or device (See above)
2018-12-25T11:41:24.706746239Z	66	PC: 13046 \| Move file pointer (See above)
2018-12-25T11:41:24.708447638Z	62	PC: 1305c \| Close file (See above)
2018-12-25T11:41:24.710413575Z	37	PC: 13063 \| Set interrupt vector (See above)
2018-12-25T11:41:24.711905038Z	37	PC: 1306a \| Set interrupt vector (See above)
2018-12-25T11:41:24.713774157Z	79	PC: 12fab \| Find next file (See above)
2018-12-25T11:41:24.730959371Z	53	PC: 12ff6 \| Get interrupt vector (See above)
2018-12-25T11:41:24.733290949Z	53	PC: 12ffc \| Get interrupt vector (See above)
2018-12-25T11:41:24.736011264Z	37	PC: 13007 \| Set interrupt vector (See above)
2018-12-25T11:41:24.737794913Z	37	PC: 13017 \| Set interrupt vector (See above)
2018-12-25T11:41:24.739219327Z	61	PC: 13028 \| Open file (See above)
2018-12-25T11:41:24.747179987Z	63	PC: 13037 \| Read file or device (See above)
2018-12-25T11:41:24.754782843Z	66	PC: 13046 \| Move file pointer (See above)
2018-12-25T11:41:24.756594073Z	62	PC: 1305c \| Close file (See above)
2018-12-25T11:41:24.759449844Z	37	PC: 13063 \| Set interrupt vector (See above)
2018-12-25T11:41:24.761425458Z	37	PC: 1306a \| Set interrupt vector (See above)
2018-12-25T11:41:24.762771216Z	79	PC: 12fab \| Find next file (See above)
2018-12-25T11:41:24.76689462Z	53	PC: 12ff6 \| Get interrupt vector (See above)
2018-12-25T11:41:24.768756574Z	53	PC: 12ffc \| Get interrupt vector (See above)
2018-12-25T11:41:24.770836646Z	37	PC: 13007 \| Set interrupt vector (See above)
2018-12-25T11:41:24.774328236Z	37	PC: 13017 \| Set interrupt vector (See above)
2018-12-25T11:41:24.776382913Z	61	PC: 13028 \| Open file (See above)
2018-12-25T11:41:24.800458866Z	63	PC: 13037 \| Read file or device (See above)
2018-12-25T11:41:24.805019703Z	66	PC: 13046 \| Move file pointer (See above)
2018-12-25T11:41:24.80662491Z	62	PC: 1305c \| Close file (See above)
2018-12-25T11:41:24.808477682Z	37	PC: 13063 \| Set interrupt vector (See above)
2018-12-25T11:41:24.809579708Z	37	PC: 1306a \| Set interrupt vector (See above)
2018-12-25T11:41:24.810737293Z	79	PC: 12fab \| Find next file (See above)
2018-12-25T11:41:24.812765903Z	53	PC: 12ff6 \| Get interrupt vector (See above)
2018-12-25T11:41:24.813678063Z	53	PC: 12ffc \| Get interrupt vector (See above)
2018-12-25T11:41:24.81538703Z	37	PC: 13007 \| Set interrupt vector (See above)
2018-12-25T11:41:24.816466067Z	37	PC: 13017 \| Set interrupt vector (See above)
2018-12-25T11:41:24.817478993Z	61	PC: 13028 \| Open file (See above)
2018-12-25T11:41:24.822387325Z	63	PC: 13037 \| Read file or device (See above)
2018-12-25T11:41:24.825168161Z	62	PC: 1305c \| Close file (See above)
2018-12-25T11:41:24.82712618Z	37	PC: 13063 \| Set interrupt vector (See above)
2018-12-25T11:41:24.828842279Z	37	PC: 1306a \| Set interrupt vector (See above)
2018-12-25T11:41:24.830009839Z	79	PC: 12fab \| Find next file (See above)
2018-12-25T11:41:24.832578463Z	42	PC: 12fb8 \| Get date 0x12fb8: cmp al, 1 0x12fba: jne 0x12fc7 0x12fbc: or dl, 0xfc 0x12fbf: cmp dl, 0xff 0x12fc2: jne 0x12fc7 0x12fc4: call 0x13110 0x12fc7: mov dx, 0x80 0x12fca: mov ah, 0x1a 0x12fcc: int 0x21 0x12fce: mov ax, 0x100 0x12fd1: push ax 0x12fd2: push cs 0x12fd3: pop es 0x12fd4: xor ax, ax 0x12fd6: xor bx, bx 0x12fd8: xor cx, cx 0x12fda: xor dx, dx 0x12fdc: xor si, si 0x12fde: xor di, di 0x12fe0: xor bp, bp

{"DateBased":true,"Day":14,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":644,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:41:24.532298497Z	26	PC: 12f9f \| Set disk transfer address
2018-12-25T11:41:24.533820009Z	78	PC: 12fab \| Find first file
2018-12-25T11:41:24.55203025Z	53	PC: 12ff6 \| Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:41:24.553241089Z	53	PC: 12ffc \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:41:24.560285721Z	37	PC: 13007 \| Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:41:24.561519699Z	37	PC: 13017 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:41:24.562626032Z	61	PC: 13028 \| Open file (Filename = '')
2018-12-25T11:41:24.572351844Z	63	PC: 13037 \| Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:41:24.57881001Z	66	PC: 13046 \| Move file pointer
2018-12-25T11:41:24.580343992Z	62	PC: 1305c \| Close file
2018-12-25T11:41:24.582895862Z	37	PC: 13063 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:41:24.584229383Z	37	PC: 1306a \| Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:41:24.585423992Z	79	PC: 12fab \| Find next file (See above)
2018-12-25T11:41:24.588555916Z	53	PC: 12ff6 \| Get interrupt vector (See above)
2018-12-25T11:41:24.589914975Z	53	PC: 12ffc \| Get interrupt vector (See above)
2018-12-25T11:41:24.591468372Z	37	PC: 13007 \| Set interrupt vector (See above)
2018-12-25T11:41:24.593176314Z	37	PC: 13017 \| Set interrupt vector (See above)
2018-12-25T11:41:24.594634512Z	61	PC: 13028 \| Open file (See above)
2018-12-25T11:41:24.601145754Z	63	PC: 13037 \| Read file or device (See above)
2018-12-25T11:41:24.60744906Z	66	PC: 13046 \| Move file pointer (See above)
2018-12-25T11:41:24.609347368Z	62	PC: 1305c \| Close file (See above)
2018-12-25T11:41:24.611253354Z	37	PC: 13063 \| Set interrupt vector (See above)
2018-12-25T11:41:24.612518886Z	37	PC: 1306a \| Set interrupt vector (See above)
2018-12-25T11:41:24.61416216Z	79	PC: 12fab \| Find next file (See above)
2018-12-25T11:41:24.616999182Z	53	PC: 12ff6 \| Get interrupt vector (See above)
2018-12-25T11:41:24.61841292Z	53	PC: 12ffc \| Get interrupt vector (See above)
2018-12-25T11:41:24.620610015Z	37	PC: 13007 \| Set interrupt vector (See above)
2018-12-25T11:41:24.621795577Z	37	PC: 13017 \| Set interrupt vector (See above)
2018-12-25T11:41:24.622698413Z	61	PC: 13028 \| Open file (See above)
2018-12-25T11:41:24.629821235Z	63	PC: 13037 \| Read file or device (See above)
2018-12-25T11:41:24.63622811Z	66	PC: 13046 \| Move file pointer (See above)
2018-12-25T11:41:24.637597133Z	62	PC: 1305c \| Close file (See above)
2018-12-25T11:41:24.640110317Z	37	PC: 13063 \| Set interrupt vector (See above)
2018-12-25T11:41:24.641117827Z	37	PC: 1306a \| Set interrupt vector (See above)
2018-12-25T11:41:24.642115375Z	79	PC: 12fab \| Find next file (See above)
2018-12-25T11:41:24.646470191Z	53	PC: 12ff6 \| Get interrupt vector (See above)
2018-12-25T11:41:24.647551282Z	53	PC: 12ffc \| Get interrupt vector (See above)
2018-12-25T11:41:24.648875634Z	37	PC: 13007 \| Set interrupt vector (See above)
2018-12-25T11:41:24.650811547Z	37	PC: 13017 \| Set interrupt vector (See above)
2018-12-25T11:41:24.652121743Z	61	PC: 13028 \| Open file (See above)
2018-12-25T11:41:24.659683381Z	63	PC: 13037 \| Read file or device (See above)
2018-12-25T11:41:24.674573969Z	66	PC: 13046 \| Move file pointer (See above)
2018-12-25T11:41:24.675940134Z	62	PC: 1305c \| Close file (See above)
2018-12-25T11:41:24.677650798Z	37	PC: 13063 \| Set interrupt vector (See above)
2018-12-25T11:41:24.679229633Z	37	PC: 1306a \| Set interrupt vector (See above)
2018-12-25T11:41:24.680514374Z	79	PC: 12fab \| Find next file (See above)
2018-12-25T11:41:24.68275389Z	53	PC: 12ff6 \| Get interrupt vector (See above)
2018-12-25T11:41:24.684772396Z	53	PC: 12ffc \| Get interrupt vector (See above)
2018-12-25T11:41:24.686614483Z	37	PC: 13007 \| Set interrupt vector (See above)
2018-12-25T11:41:24.688234224Z	37	PC: 13017 \| Set interrupt vector (See above)
2018-12-25T11:41:24.689699418Z	61	PC: 13028 \| Open file (See above)
2018-12-25T11:41:24.696052627Z	63	PC: 13037 \| Read file or device (See above)
2018-12-25T11:41:24.69993292Z	66	PC: 13046 \| Move file pointer (See above)
2018-12-25T11:41:24.701087158Z	62	PC: 1305c \| Close file (See above)
2018-12-25T11:41:24.70280148Z	37	PC: 13063 \| Set interrupt vector (See above)
2018-12-25T11:41:24.703579065Z	37	PC: 1306a \| Set interrupt vector (See above)
2018-12-25T11:41:24.704282122Z	79	PC: 12fab \| Find next file (See above)
2018-12-25T11:41:24.706492246Z	53	PC: 12ff6 \| Get interrupt vector (See above)
2018-12-25T11:41:24.707220498Z	53	PC: 12ffc \| Get interrupt vector (See above)
2018-12-25T11:41:24.708200442Z	37	PC: 13007 \| Set interrupt vector (See above)
2018-12-25T11:41:24.709815266Z	37	PC: 13017 \| Set interrupt vector (See above)
2018-12-25T11:41:24.710529816Z	61	PC: 13028 \| Open file (See above)
2018-12-25T11:41:24.714513874Z	63	PC: 13037 \| Read file or device (See above)
2018-12-25T11:41:24.719005227Z	66	PC: 13046 \| Move file pointer (See above)
2018-12-25T11:41:24.719890598Z	62	PC: 1305c \| Close file (See above)
2018-12-25T11:41:24.720925661Z	37	PC: 13063 \| Set interrupt vector (See above)
2018-12-25T11:41:24.722132529Z	37	PC: 1306a \| Set interrupt vector (See above)
2018-12-25T11:41:24.722902985Z	79	PC: 12fab \| Find next file (See above)
2018-12-25T11:41:24.724477651Z	53	PC: 12ff6 \| Get interrupt vector (See above)
2018-12-25T11:41:24.72564231Z	53	PC: 12ffc \| Get interrupt vector (See above)
2018-12-25T11:41:24.726676537Z	37	PC: 13007 \| Set interrupt vector (See above)
2018-12-25T11:41:24.727668871Z	37	PC: 13017 \| Set interrupt vector (See above)
2018-12-25T11:41:24.729102732Z	61	PC: 13028 \| Open file (See above)
2018-12-25T11:41:24.733036837Z	63	PC: 13037 \| Read file or device (See above)
2018-12-25T11:41:24.738054117Z	66	PC: 13046 \| Move file pointer (See above)
2018-12-25T11:41:24.739805505Z	62	PC: 1305c \| Close file (See above)
2018-12-25T11:41:24.741372825Z	37	PC: 13063 \| Set interrupt vector (See above)
2018-12-25T11:41:24.742280534Z	37	PC: 1306a \| Set interrupt vector (See above)
2018-12-25T11:41:24.743730577Z	79	PC: 12fab \| Find next file (See above)
2018-12-25T11:41:24.746045277Z	53	PC: 12ff6 \| Get interrupt vector (See above)
2018-12-25T11:41:24.746889302Z	53	PC: 12ffc \| Get interrupt vector (See above)
2018-12-25T11:41:24.748470884Z	37	PC: 13007 \| Set interrupt vector (See above)
2018-12-25T11:41:24.749703979Z	37	PC: 13017 \| Set interrupt vector (See above)
2018-12-25T11:41:24.750641829Z	61	PC: 13028 \| Open file (See above)
2018-12-25T11:41:24.757865045Z	63	PC: 13037 \| Read file or device (See above)
2018-12-25T11:41:24.76044865Z	62	PC: 1305c \| Close file (See above)
2018-12-25T11:41:24.763013347Z	37	PC: 13063 \| Set interrupt vector (See above)
2018-12-25T11:41:24.765364114Z	37	PC: 1306a \| Set interrupt vector (See above)
2018-12-25T11:41:24.766327799Z	79	PC: 12fab \| Find next file (See above)
2018-12-25T11:41:24.767938261Z	42	PC: 12fb8 \| Get date 0x12fb8: cmp al, 1 0x12fba: jne 0x12fc7 0x12fbc: or dl, 0xfc 0x12fbf: cmp dl, 0xff 0x12fc2: jne 0x12fc7 0x12fc4: call 0x13110 0x12fc7: mov dx, 0x80 0x12fca: mov ah, 0x1a 0x12fcc: int 0x21 0x12fce: mov ax, 0x100 0x12fd1: push ax 0x12fd2: push cs 0x12fd3: pop es 0x12fd4: xor ax, ax 0x12fd6: xor bx, bx 0x12fd8: xor cx, cx 0x12fda: xor dx, dx 0x12fdc: xor si, si 0x12fde: xor di, di 0x12fe0: xor bp, bp
2018-12-25T11:41:24.770051346Z	26	PC: 12fce \| Set disk transfer address