Sample viewer

vx.netlux.org/Virus.DOS.Nafigator.990

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:39:33.449302023Z	42	PC: 144d9 \| Get date 0x144d9: cmp dl, 0x1e 0x144dc: jne 0x14520 0x144de: xchg si, bp 0x144e0: mov ax, 0x1300 0x144e3: mov dx, 0xc34 0x144e6: mov bx, 0xf 0x144e9: lea bp, word ptr [si + 0x2a6] 0x144ed: mov cx, 0xb 0x144f0: int 0x10 0x144f2: inc dh 0x144f4: mov bl, 1 0x144f6: int 0x10 0x144f8: inc dh 0x144fa: mov bl, 4 0x144fc: int 0x10 0x144fe: lea bp, word ptr [si + 0x1d5] 0x14502: inc dh 0x14504: mov dl, 0x30 0x14506: mov bl, 0xf 0x14508: mov cx, 0x14
2018-12-17T22:39:33.452387403Z	53	PC: 14525 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:39:33.453823049Z	37	PC: 14536 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:39:33.45516735Z	26	PC: 1453e \| Set disk transfer address
2018-12-17T22:39:33.456936856Z	71	PC: 14548 \| Get current directory
2018-12-17T22:39:33.460020665Z	25	PC: 1454c \| Get default drive
2018-12-17T22:39:33.461359467Z	78	PC: 14682 \| Find first file
2018-12-17T22:39:33.468204783Z	67	PC: 146fa \| Get or set file attributes
2018-12-17T22:39:33.487080795Z	61	PC: 14703 \| Open file (Filename = '�>')
2018-12-17T22:39:33.493460133Z	63	PC: 14711 \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:39:33.500376841Z	87	PC: 14830 \| Get or set file date and time
2018-12-17T22:39:33.501814263Z	62	PC: 14834 \| Close file
2018-12-17T22:39:33.512221825Z	79	PC: 146e7 \| Find next file
2018-12-17T22:39:33.51667002Z	79	PC: 146e7 \| Find next file
2018-12-17T22:39:33.519588523Z	67	PC: 146fa \| Get or set file attributes
2018-12-17T22:39:33.52455863Z	61	PC: 14703 \| Open file (Filename = '�>')
2018-12-17T22:39:33.532621127Z	63	PC: 14711 \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:39:33.539928573Z	87	PC: 14830 \| Get or set file date and time
2018-12-17T22:39:33.542441058Z	62	PC: 14834 \| Close file
2018-12-17T22:39:33.554585518Z	79	PC: 146e7 \| Find next file
2018-12-17T22:39:33.557881113Z	67	PC: 146fa \| Get or set file attributes
2018-12-17T22:39:33.562739267Z	61	PC: 14703 \| Open file (Filename = '�>')
2018-12-17T22:39:33.569205Z	63	PC: 14711 \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:39:33.577741244Z	87	PC: 14830 \| Get or set file date and time
2018-12-17T22:39:33.579261042Z	62	PC: 14834 \| Close file
2018-12-17T22:39:33.586969041Z	79	PC: 146e7 \| Find next file
2018-12-17T22:39:33.591067505Z	67	PC: 146fa \| Get or set file attributes
2018-12-17T22:39:33.595709027Z	61	PC: 14703 \| Open file (Filename = '�>')
2018-12-17T22:39:33.606869639Z	63	PC: 14711 \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:39:33.614249442Z	87	PC: 14830 \| Get or set file date and time
2018-12-17T22:39:33.615766081Z	62	PC: 14834 \| Close file
2018-12-17T22:39:33.622931628Z	79	PC: 146e7 \| Find next file
2018-12-17T22:39:33.626985628Z	67	PC: 146fa \| Get or set file attributes
2018-12-17T22:39:33.631801619Z	61	PC: 14703 \| Open file (Filename = '�>')
2018-12-17T22:39:33.638274422Z	63	PC: 14711 \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:39:33.648380361Z	87	PC: 14830 \| Get or set file date and time
2018-12-17T22:39:33.650031459Z	62	PC: 14834 \| Close file
2018-12-17T22:39:33.656872799Z	79	PC: 146e7 \| Find next file
2018-12-17T22:39:33.668326516Z	67	PC: 146fa \| Get or set file attributes
2018-12-17T22:39:33.672849074Z	61	PC: 14703 \| Open file (Filename = '�>')
2018-12-17T22:39:33.683805886Z	63	PC: 14711 \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:39:33.690887923Z	87	PC: 14830 \| Get or set file date and time
2018-12-17T22:39:33.69238909Z	62	PC: 14834 \| Close file
2018-12-17T22:39:33.69921923Z	79	PC: 146e7 \| Find next file
2018-12-17T22:39:33.702733042Z	67	PC: 146fa \| Get or set file attributes
2018-12-17T22:39:33.707662516Z	61	PC: 14703 \| Open file (Filename = '�>')
2018-12-17T22:39:33.7142759Z	63	PC: 14711 \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:39:33.7215824Z	87	PC: 14830 \| Get or set file date and time
2018-12-17T22:39:33.723251728Z	62	PC: 14834 \| Close file
2018-12-17T22:39:33.730225812Z	79	PC: 146e7 \| Find next file
2018-12-17T22:39:33.733594842Z	67	PC: 146fa \| Get or set file attributes
2018-12-17T22:39:33.742722859Z	61	PC: 14703 \| Open file (Filename = '�>')
2018-12-17T22:39:33.754189259Z	63	PC: 14711 \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:39:33.760931968Z	66	PC: 147ea \| Move file pointer
2018-12-17T22:39:33.762251127Z	64	PC: 147f5 \| Write file or device (Write 990 bytes on handle 5)
2018-12-17T22:39:33.770948062Z	66	PC: 14800 \| Move file pointer
2018-12-17T22:39:33.772657868Z	64	PC: 1481a \| Write file or device (Write 24 bytes on handle 5)
2018-12-17T22:39:33.775335787Z	87	PC: 14830 \| Get or set file date and time
2018-12-17T22:39:33.776698607Z	62	PC: 14834 \| Close file
2018-12-17T22:39:33.785656139Z	79	PC: 146e7 \| Find next file
2018-12-17T22:39:33.787966881Z	14	PC: 1459a \| Set default drive (Drive = 'A')
2018-12-17T22:39:33.789148054Z	59	PC: 145a2 \| Change current directory
2018-12-17T22:39:33.791630669Z	37	PC: 145b1 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:39:33.792903566Z	26	PC: 145ba \| Set disk transfer address
2018-12-17T22:39:33.794495102Z	53	PC: 13452 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:39:33.797015953Z	53	PC: 13452 \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:39:33.79852821Z	53	PC: 13452 \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:39:33.799549583Z	53	PC: 13452 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:39:33.801668869Z	53	PC: 13452 \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:39:33.803186139Z	53	PC: 13452 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:39:33.804275195Z	53	PC: 13452 \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:39:33.806285514Z	53	PC: 13452 \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:39:33.807387403Z	53	PC: 13452 \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:39:33.80852114Z	53	PC: 13452 \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:39:33.810262207Z	53	PC: 13452 \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:39:33.811766401Z	53	PC: 13452 \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:39:33.812837288Z	53	PC: 13452 \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:39:33.814348738Z	53	PC: 13452 \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:39:33.815657213Z	53	PC: 13452 \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:39:33.817042839Z	53	PC: 13452 \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:39:33.81908837Z	53	PC: 13452 \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:39:33.820196371Z	53	PC: 13452 \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:39:33.821340817Z	53	PC: 13452 \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:39:33.823032507Z	37	PC: 13467 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:39:33.823980218Z	37	PC: 1346f \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:39:33.824882764Z	37	PC: 13477 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:39:33.826587709Z	37	PC: 1347f \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:39:33.827923879Z	68	PC: 137ef \| I/O control for devices (Set for = '')
2018-12-17T22:39:33.845604275Z	37	PC: 12e75 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:39:33.851109168Z	58	PC: 142fa \| Remove subdirectory
2018-12-17T22:39:33.859981938Z	25	PC: 14233 \| Get default drive
2018-12-17T22:39:33.862021177Z	71	PC: 14246 \| Get current directory
2018-12-17T22:39:33.865612809Z	59	PC: 142fa \| Change current directory
2018-12-17T22:39:33.871554456Z	14	PC: 1428c \| Set default drive (Drive = 'A')
2018-12-17T22:39:33.872760258Z	25	PC: 14290 \| Get default drive
2018-12-17T22:39:33.87424702Z	59	PC: 142fa \| Change current directory
2018-12-17T22:39:34.005321032Z	54	PC: 12d6a \| Get free disk space
2018-12-17T22:39:34.014727771Z	67	PC: 12dca \| Get or set file attributes
2018-12-17T22:39:34.018892184Z	60	PC: 1407a \| Create or truncate file
2018-12-17T22:39:34.356570127Z	62	PC: 140ca \| Close file
2018-12-17T22:39:34.358575299Z	65	PC: 141c3 \| Delete file (Filename = 'C:\mempatch.exe')
2018-12-17T22:39:34.367811498Z	37	PC: 13566 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:39:34.369083778Z	37	PC: 13566 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:39:34.370227922Z	37	PC: 13566 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:39:34.37206207Z	37	PC: 13566 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:39:34.373248948Z	37	PC: 13566 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:39:34.374345697Z	37	PC: 13566 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:39:34.376137342Z	37	PC: 13566 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:39:34.377653343Z	37	PC: 13566 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:39:34.378732278Z	37	PC: 13566 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:39:34.379997571Z	37	PC: 13566 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:39:34.381490207Z	37	PC: 13566 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:39:34.382549399Z	37	PC: 13566 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:39:34.383786506Z	37	PC: 13566 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:39:34.385574441Z	37	PC: 13566 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:39:34.386621498Z	37	PC: 13566 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:39:34.387695675Z	37	PC: 13566 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:39:34.389673505Z	37	PC: 13566 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:39:34.390707089Z	37	PC: 13566 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:39:34.391775102Z	37	PC: 13566 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:39:34.393845112Z	76	PC: 135a5 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6805,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:00:18.71403427Z	42	PC: 144d9 \| Get date 0x144d9: cmp dl, 0x1e 0x144dc: jne 0x14520 0x144de: xchg si, bp 0x144e0: mov ax, 0x1300 0x144e3: mov dx, 0xc34 0x144e6: mov bx, 0xf 0x144e9: lea bp, word ptr [si + 0x2a6] 0x144ed: mov cx, 0xb 0x144f0: int 0x10 0x144f2: inc dh 0x144f4: mov bl, 1 0x144f6: int 0x10 0x144f8: inc dh 0x144fa: mov bl, 4 0x144fc: int 0x10 0x144fe: lea bp, word ptr [si + 0x1d5] 0x14502: inc dh 0x14504: mov dl, 0x30 0x14506: mov bl, 0xf 0x14508: mov cx, 0x14
2018-12-25T12:00:18.716770264Z	53	PC: 14525 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:00:18.718721249Z	37	PC: 14536 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:00:18.72091834Z	26	PC: 1453e \| Set disk transfer address
2018-12-25T12:00:18.724052699Z	71	PC: 14548 \| Get current directory
2018-12-25T12:00:18.72814396Z	25	PC: 1454c \| Get default drive
2018-12-25T12:00:18.729518915Z	78	PC: 14682 \| Find first file
2018-12-25T12:00:18.737489406Z	67	PC: 146fa \| Get or set file attributes
2018-12-25T12:00:19.584682368Z	61	PC: 14703 \| Open file (Filename = '�>')
2018-12-25T12:00:19.602137962Z	63	PC: 14711 \| Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:00:19.610867544Z	87	PC: 14830 \| Get or set file date and time
2018-12-25T12:00:19.614224944Z	62	PC: 14834 \| Close file
2018-12-25T12:00:19.623693186Z	79	PC: 146e7 \| Find next file
2018-12-25T12:00:19.627254856Z	79	PC: 146e7 \| Find next file (See above)
2018-12-25T12:00:19.630785831Z	67	PC: 146fa \| Get or set file attributes (See above)
2018-12-25T12:00:19.636827035Z	61	PC: 14703 \| Open file (See above)
2018-12-25T12:00:19.644179205Z	63	PC: 14711 \| Read file or device (See above)
2018-12-25T12:00:19.65201049Z	87	PC: 14830 \| Get or set file date and time (See above)
2018-12-25T12:00:19.658656535Z	62	PC: 14834 \| Close file (See above)
2018-12-25T12:00:19.667417736Z	79	PC: 146e7 \| Find next file (See above)
2018-12-25T12:00:19.671958547Z	67	PC: 146fa \| Get or set file attributes (See above)
2018-12-25T12:00:19.680865001Z	61	PC: 14703 \| Open file (See above)
2018-12-25T12:00:19.689216638Z	63	PC: 14711 \| Read file or device (See above)
2018-12-25T12:00:19.696386133Z	87	PC: 14830 \| Get or set file date and time (See above)
2018-12-25T12:00:19.698472767Z	62	PC: 14834 \| Close file (See above)
2018-12-25T12:00:19.707309017Z	79	PC: 146e7 \| Find next file (See above)
2018-12-25T12:00:19.712856351Z	67	PC: 146fa \| Get or set file attributes (See above)
2018-12-25T12:00:19.72198777Z	61	PC: 14703 \| Open file (See above)
2018-12-25T12:00:19.729863092Z	63	PC: 14711 \| Read file or device (See above)
2018-12-25T12:00:19.739117277Z	87	PC: 14830 \| Get or set file date and time (See above)
2018-12-25T12:00:19.743351906Z	62	PC: 14834 \| Close file (See above)
2018-12-25T12:00:19.753013417Z	79	PC: 146e7 \| Find next file (See above)
2018-12-25T12:00:19.756631658Z	67	PC: 146fa \| Get or set file attributes (See above)
2018-12-25T12:00:19.763542534Z	61	PC: 14703 \| Open file (See above)
2018-12-25T12:00:19.772400918Z	63	PC: 14711 \| Read file or device (See above)
2018-12-25T12:00:19.780257007Z	87	PC: 14830 \| Get or set file date and time (See above)
2018-12-25T12:00:19.782695735Z	62	PC: 14834 \| Close file (See above)
2018-12-25T12:00:20.032345385Z	79	PC: 146e7 \| Find next file (See above)
2018-12-25T12:00:20.036419986Z	67	PC: 146fa \| Get or set file attributes (See above)
2018-12-25T12:00:20.04900888Z	61	PC: 14703 \| Open file (See above)
2018-12-25T12:00:20.061830409Z	63	PC: 14711 \| Read file or device (See above)
2018-12-25T12:00:20.069103944Z	87	PC: 14830 \| Get or set file date and time (See above)
2018-12-25T12:00:20.070801609Z	62	PC: 14834 \| Close file (See above)
2018-12-25T12:00:20.418783375Z	79	PC: 146e7 \| Find next file (See above)
2018-12-25T12:00:20.421858238Z	67	PC: 146fa \| Get or set file attributes (See above)
2018-12-25T12:00:20.425731638Z	61	PC: 14703 \| Open file (See above)
2018-12-25T12:00:20.442213848Z	63	PC: 14711 \| Read file or device (See above)
2018-12-25T12:00:20.44955424Z	87	PC: 14830 \| Get or set file date and time (See above)
2018-12-25T12:00:20.451133526Z	62	PC: 14834 \| Close file (See above)
2018-12-25T12:00:20.540252113Z	79	PC: 146e7 \| Find next file (See above)
2018-12-25T12:00:20.542731125Z	67	PC: 146fa \| Get or set file attributes (See above)
2018-12-25T12:00:20.547840024Z	61	PC: 14703 \| Open file (See above)
2018-12-25T12:00:20.555238555Z	63	PC: 14711 \| Read file or device (See above)
2018-12-25T12:00:20.56299404Z	66	PC: 147ea \| Move file pointer
2018-12-25T12:00:20.565669182Z	64	PC: 147f5 \| Write file or device (Write 990 bytes on handle 5)
2018-12-25T12:00:20.581533952Z	66	PC: 14800 \| Move file pointer
2018-12-25T12:00:20.584334876Z	64	PC: 1481a \| Write file or device (Write 24 bytes on handle 5)
2018-12-25T12:00:20.587397132Z	87	PC: 14830 \| Get or set file date and time (See above)
2018-12-25T12:00:20.588967707Z	62	PC: 14834 \| Close file (See above)
2018-12-25T12:00:20.628897504Z	79	PC: 146e7 \| Find next file (See above)
2018-12-25T12:00:20.632349046Z	14	PC: 1459a \| Set default drive (Drive = 'A')
2018-12-25T12:00:20.634271375Z	59	PC: 145a2 \| Change current directory
2018-12-25T12:00:20.637910214Z	37	PC: 145b1 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:00:20.639462752Z	26	PC: 145ba \| Set disk transfer address
2018-12-25T12:00:20.640951011Z	53	PC: 13452 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:00:20.643476775Z	53	PC: 13452 \| Get interrupt vector (See above)
2018-12-25T12:00:20.64559879Z	53	PC: 13452 \| Get interrupt vector (See above)
2018-12-25T12:00:20.647246613Z	53	PC: 13452 \| Get interrupt vector (See above)
2018-12-25T12:00:20.6485046Z	53	PC: 13452 \| Get interrupt vector (See above)
2018-12-25T12:00:20.650361917Z	53	PC: 13452 \| Get interrupt vector (See above)
2018-12-25T12:00:20.651554484Z	53	PC: 13452 \| Get interrupt vector (See above)
2018-12-25T12:00:20.652732456Z	53	PC: 13452 \| Get interrupt vector (See above)
2018-12-25T12:00:20.654462952Z	53	PC: 13452 \| Get interrupt vector (See above)
2018-12-25T12:00:20.655586552Z	53	PC: 13452 \| Get interrupt vector (See above)
2018-12-25T12:00:20.656813663Z	53	PC: 13452 \| Get interrupt vector (See above)
2018-12-25T12:00:20.658673866Z	53	PC: 13452 \| Get interrupt vector (See above)
2018-12-25T12:00:20.659783193Z	53	PC: 13452 \| Get interrupt vector (See above)
2018-12-25T12:00:20.661032693Z	53	PC: 13452 \| Get interrupt vector (See above)
2018-12-25T12:00:20.662860216Z	53	PC: 13452 \| Get interrupt vector (See above)
2018-12-25T12:00:20.664238021Z	53	PC: 13452 \| Get interrupt vector (See above)
2018-12-25T12:00:20.665538284Z	53	PC: 13452 \| Get interrupt vector (See above)
2018-12-25T12:00:20.667765269Z	53	PC: 13452 \| Get interrupt vector (See above)
2018-12-25T12:00:20.669037389Z	53	PC: 13452 \| Get interrupt vector (See above)
2018-12-25T12:00:20.670228337Z	37	PC: 13467 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:00:20.671696189Z	37	PC: 1346f \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:00:20.672863952Z	37	PC: 13477 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:00:20.674169377Z	37	PC: 1347f \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-25T12:00:20.67614678Z	68	PC: 137ef \| I/O control for devices (Set for = '')
2018-12-25T12:00:20.709150828Z	37	PC: 12e75 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-25T12:00:20.713870179Z	58	PC: 142fa \| Remove subdirectory
2018-12-25T12:00:20.724030707Z	25	PC: 14233 \| Get default drive
2018-12-25T12:00:20.725715367Z	71	PC: 14246 \| Get current directory
2018-12-25T12:00:20.729008507Z	59	PC: 142fa \| Change current directory (See above)
2018-12-25T12:00:20.735121252Z	14	PC: 1428c \| Set default drive (Drive = 'A')
2018-12-25T12:00:20.736815211Z	25	PC: 14290 \| Get default drive
2018-12-25T12:00:20.738048942Z	59	PC: 142fa \| Change current directory (See above)
2018-12-25T12:00:20.941253783Z	54	PC: 12d6a \| Get free disk space
2018-12-25T12:00:20.952131131Z	67	PC: 12dca \| Get or set file attributes
2018-12-25T12:00:20.958306263Z	60	PC: 1407a \| Create or truncate file
2018-12-25T12:00:21.766314596Z	62	PC: 140ca \| Close file
2018-12-25T12:00:21.769834619Z	65	PC: 141c3 \| Delete file (Filename = 'C:\mempatch.exe')
2018-12-25T12:00:21.781807745Z	37	PC: 13566 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:00:21.783390139Z	37	PC: 13566 \| Set interrupt vector (See above)
2018-12-25T12:00:21.785147949Z	37	PC: 13566 \| Set interrupt vector (See above)
2018-12-25T12:00:21.787806008Z	37	PC: 13566 \| Set interrupt vector (See above)
2018-12-25T12:00:21.792136247Z	37	PC: 13566 \| Set interrupt vector (See above)
2018-12-25T12:00:21.794792469Z	37	PC: 13566 \| Set interrupt vector (See above)
2018-12-25T12:00:21.795872124Z	37	PC: 13566 \| Set interrupt vector (See above)
2018-12-25T12:00:21.796932778Z	37	PC: 13566 \| Set interrupt vector (See above)
2018-12-25T12:00:21.798525756Z	37	PC: 13566 \| Set interrupt vector (See above)
2018-12-25T12:00:21.799630778Z	37	PC: 13566 \| Set interrupt vector (See above)
2018-12-25T12:00:21.800756828Z	37	PC: 13566 \| Set interrupt vector (See above)
2018-12-25T12:00:21.803234699Z	37	PC: 13566 \| Set interrupt vector (See above)
2018-12-25T12:00:21.80461536Z	37	PC: 13566 \| Set interrupt vector (See above)
2018-12-25T12:00:21.805694286Z	37	PC: 13566 \| Set interrupt vector (See above)
2018-12-25T12:00:21.807481289Z	37	PC: 13566 \| Set interrupt vector (See above)
2018-12-25T12:00:21.809077381Z	37	PC: 13566 \| Set interrupt vector (See above)
2018-12-25T12:00:21.81133456Z	37	PC: 13566 \| Set interrupt vector (See above)
2018-12-25T12:00:21.813453151Z	37	PC: 13566 \| Set interrupt vector (See above)
2018-12-25T12:00:21.815624568Z	37	PC: 13566 \| Set interrupt vector (See above)
2018-12-25T12:00:21.81789677Z	76	PC: 135a5 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":30,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6805,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:00:18.768109125Z	42	PC: 144d9 \| Get date 0x144d9: cmp dl, 0x1e 0x144dc: jne 0x14520 0x144de: xchg si, bp 0x144e0: mov ax, 0x1300 0x144e3: mov dx, 0xc34 0x144e6: mov bx, 0xf 0x144e9: lea bp, word ptr [si + 0x2a6] 0x144ed: mov cx, 0xb 0x144f0: int 0x10 0x144f2: inc dh 0x144f4: mov bl, 1 0x144f6: int 0x10 0x144f8: inc dh 0x144fa: mov bl, 4 0x144fc: int 0x10 0x144fe: lea bp, word ptr [si + 0x1d5] 0x14502: inc dh 0x14504: mov dl, 0x30 0x14506: mov bl, 0xf 0x14508: mov cx, 0x14