Sample viewer

vx.netlux.org/Virus.DOS.MtE.Pogue

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:43:55.252045269Z 218 PC: 12a5d | UNKNOWN!
2018-12-17T22:43:55.254136817Z 48 PC: 12a67 | Get DOS version
2018-12-17T22:43:55.25622546Z 37 PC: 12ab0 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:43:55.257942765Z 37 PC: 12abe | Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:43:55.262344112Z 42 PC: 12ae8 | Get date 0x12ae8: cmp dh, 5
0x12aeb: jne 0x12b05
0x12aed: cmp dl, 1
0x12af0: jne 0x12b05
0x12af2: mov word ptr [0xc12], 0xc96
0x12af8: mov word ptr [0xc14], 0xcb6
0x12afe: mov byte ptr [0xc10], 1
0x12b03: nop
0x12b04: ret
0x12b05: mov ah, 0x2c
0x12b07: int 0x21
0x12b09: dec ch
0x12b0b: cmp ch, 7
0x12b0e: jbe 0x12afe
0x12b10: ret
0x12b11: mov al, 3
0x12b13: iret
0x12b14: pushf
0x12b15: cmp ax, 0xdada
0x12b18: je 0x12b48
2018-12-17T22:43:55.265874052Z 44 PC: 12b09 | Get time 0x12b09: dec ch
0x12b0b: cmp ch, 7
0x12b0e: jbe 0x12afe
0x12b10: ret
0x12b11: mov al, 3
0x12b13: iret
0x12b14: pushf
0x12b15: cmp ax, 0xdada
0x12b18: je 0x12b48
0x12b1a: push dx
0x12b1b: push cx
0x12b1c: push bx
0x12b1d: push ax
0x12b1e: push si
0x12b1f: push di
0x12b20: push ds
0x12b21: push es
0x12b22: cmp ah, 0x3e
0x12b25: jne 0x12b2b
0x12b27: mov ah, 0x45
2018-12-17T22:43:55.27090435Z 77 PC: 11fe0 | Get program return code
2018-12-17T22:43:55.272876123Z 72 PC: 12174 | Allocate memory
2018-12-17T22:43:55.276418736Z 72 PC: 1218d | Allocate memory
2018-12-17T22:43:55.278895578Z 37 PC: 123c4 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:43:55.28032314Z 37 PC: 123cb | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:43:55.297943403Z 37 PC: 123d2 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:43:55.299819507Z 69 PC: 9d7f4 | Duplicate handle
2018-12-17T22:43:55.302086565Z 62 PC: 122ab | Close file
2018-12-17T22:43:55.306438128Z 69 PC: 9d7f4 | Duplicate handle
2018-12-17T22:43:55.310883377Z 62 PC: 122ab | Close file
2018-12-17T22:43:55.312742528Z 69 PC: 9d7f4 | Duplicate handle
2018-12-17T22:43:55.314614765Z 62 PC: 122ab | Close file
2018-12-17T22:43:55.31750884Z 69 PC: 9d7f4 | Duplicate handle
2018-12-17T22:43:55.31946835Z 62 PC: 122ab | Close file
2018-12-17T22:43:55.321321581Z 69 PC: 9d7f4 | Duplicate handle
2018-12-17T22:43:55.324387439Z 62 PC: 122ab | Close file
2018-12-17T22:43:55.327072011Z 69 PC: 9d7f4 | Duplicate handle
2018-12-17T22:43:55.329356953Z 62 PC: 122ab | Close file
2018-12-17T22:43:55.332845705Z 69 PC: 9d7f4 | Duplicate handle
2018-12-17T22:43:55.335274958Z 62 PC: 122ab | Close file
2018-12-17T22:43:55.337602599Z 69 PC: 9d7f4 | Duplicate handle
2018-12-17T22:43:55.340405304Z 62 PC: 122ab | Close file
2018-12-17T22:43:55.342776186Z 69 PC: 9d7f4 | Duplicate handle
2018-12-17T22:43:55.344985616Z 62 PC: 122ab | Close file
2018-12-17T22:43:55.348878598Z 69 PC: 9d7f4 | Duplicate handle
2018-12-17T22:43:55.351761993Z 62 PC: 122ab | Close file
2018-12-17T22:43:55.353979899Z 69 PC: 9d7f4 | Duplicate handle
2018-12-17T22:43:55.358234359Z 62 PC: 122ab | Close file
2018-12-17T22:43:55.362155023Z 69 PC: 9d7f4 | Duplicate handle
2018-12-17T22:43:55.365341437Z 62 PC: 122ab | Close file
2018-12-17T22:43:55.367959886Z 69 PC: 9d7f4 | Duplicate handle
2018-12-17T22:43:55.374776328Z 62 PC: 122ab | Close file
2018-12-17T22:43:55.376833301Z 69 PC: 9d7f4 | Duplicate handle
2018-12-17T22:43:55.378926643Z 62 PC: 122ab | Close file
2018-12-17T22:43:55.381416149Z 69 PC: 9d7f4 | Duplicate handle
2018-12-17T22:43:55.383467631Z 62 PC: 122ab | Close file
2018-12-17T22:43:55.386720701Z 61 PC: 12354 | Open file (Filename = 'C:\COMMAND.COM')
2018-12-17T22:43:55.394566187Z 66 PC: 12372 | Move file pointer
2018-12-17T22:43:55.399367534Z 63 PC: 12383 | Read file or device (Read 44693 bytes on handle 5)
2018-12-17T22:43:55.418253946Z 69 PC: 9d7f4 | Duplicate handle
2018-12-17T22:43:55.421783936Z 51 PC: 9d870 | Get or set Ctrl-Break
2018-12-17T22:43:55.423450175Z 51 PC: 9d876 | Get or set Ctrl-Break
2018-12-17T22:43:55.424892304Z 53 PC: 9d87d | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:43:55.426930913Z 37 PC: 9d88b | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:43:55.443431553Z 62 PC: 9d92b | Close file
2018-12-17T22:43:55.445556274Z 37 PC: 9d93a | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:43:55.446947186Z 51 PC: 9d93e | Get or set Ctrl-Break
2018-12-17T22:43:55.448906927Z 62 PC: 1238a | Close file
2018-12-17T22:43:55.452839553Z 99 PC: 97fd7 | Get DBCS lead byte table pointer
2018-12-17T22:43:55.454719684Z 56 PC: 927f9 | Get or set country info
2018-12-17T22:43:55.458357187Z 64 PC: 98248 | Write file or device (Write 2 bytes on handle 1)
2018-12-17T22:43:55.463457836Z 25 PC: 92862 | Get default drive
2018-12-17T22:43:55.465654692Z 71 PC: 94add | Get current directory
2018-12-17T22:43:55.471133372Z 64 PC: 98248 | Write file or device (Write 3 bytes on handle 1)
2018-12-17T22:43:55.475476479Z 2 PC: 94ab2 | Character output (Char = '3e')
2018-12-17T22:43:55.478227065Z 93 PC: 92920 | File sharing functions
2018-12-17T22:43:55.481191042Z 93 PC: 92927 | File sharing functions
2018-12-17T22:43:55.484573164Z 10 PC: 92939 | Buffered keyboard input
2018-12-17T22:44:10.220678547Z 0 PC: 0 | Program terminate
2018-12-17T22:44:11.575424836Z 0 PC: 0 | Program terminate
2018-12-17T22:44:11.68314999Z 64 PC: 98248 | Write file or device (Write 2 bytes on handle 1)
2018-12-17T22:44:11.689831499Z 41 PC: 929ae | Parse filename
2018-12-17T22:44:11.693407005Z 41 PC: 92a2f | Parse filename
2018-12-17T22:44:11.696797803Z 41 PC: 92a4c | Parse filename
2018-12-17T22:44:11.699445987Z 26 PC: 95ef7 | Set disk transfer address
2018-12-17T22:44:11.706303437Z 71 PC: 960f3 | Get current directory
2018-12-17T22:44:11.71501031Z 78 PC: 960fe | Find first file
2018-12-17T22:44:11.72556848Z 71 PC: 95f6c | Get current directory
2018-12-17T22:44:11.729807601Z 73 PC: 95609 | Release memory
2018-12-17T22:44:11.731704654Z 61 PC: 9d7f4 | Open file (Filename = 'A:\PRINT.COM')
2018-12-17T22:44:11.738823795Z 51 PC: 9d870 | Get or set Ctrl-Break
2018-12-17T22:44:11.7412441Z 51 PC: 9d876 | Get or set Ctrl-Break
2018-12-17T22:44:11.742328497Z 53 PC: 9d87d | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:44:11.743784291Z 37 PC: 9d88b | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:44:11.746466539Z 63 PC: 9d8d7 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:44:11.758600529Z 64 PC: 9d8f8 | Write file or device (Write 3133 bytes on handle 5)
2018-12-17T22:44:11.774793672Z 64 PC: 9d91b | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:44:11.782855814Z 62 PC: 9d92b | Close file
2018-12-17T22:44:11.791195647Z 37 PC: 9d93a | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:44:11.792762019Z 51 PC: 9d93e | Get or set Ctrl-Break
2018-12-17T22:44:11.795128293Z 75 PC: 11821 | Execute program
2018-12-17T22:44:11.811832296Z 77 PC: 11fe0 | Get program return code
2018-12-17T22:44:11.81344753Z 72 PC: 12174 | Allocate memory
2018-12-17T22:44:11.815840224Z 72 PC: 1218d | Allocate memory
2018-12-17T22:44:11.818381066Z 37 PC: 123c4 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:44:11.819780454Z 37 PC: 123cb | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:44:11.821185683Z 37 PC: 123d2 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:44:11.823820752Z 69 PC: 9d7f4 | Duplicate handle
2018-12-17T22:44:11.825801272Z 62 PC: 122ab | Close file
2018-12-17T22:44:11.827792742Z 69 PC: 9d7f4 | Duplicate handle
2018-12-17T22:44:11.830012592Z 62 PC: 122ab | Close file
2018-12-17T22:44:11.831861895Z 69 PC: 9d7f4 | Duplicate handle
2018-12-17T22:44:11.833638341Z 62 PC: 122ab | Close file
2018-12-17T22:44:11.838309966Z 69 PC: 9d7f4 | Duplicate handle
2018-12-17T22:44:11.840077535Z 62 PC: 122ab | Close file
2018-12-17T22:44:11.841796724Z 69 PC: 9d7f4 | Duplicate handle
2018-12-17T22:44:11.844179008Z 62 PC: 122ab | Close file
2018-12-17T22:44:11.846299501Z 69 PC: 9d7f4 | Duplicate handle
2018-12-17T22:44:11.848176837Z 62 PC: 122ab | Close file
2018-12-17T22:44:11.85096304Z 69 PC: 9d7f4 | Duplicate handle
2018-12-17T22:44:11.852812804Z 62 PC: 122ab | Close file
2018-12-17T22:44:11.854652239Z 69 PC: 9d7f4 | Duplicate handle
2018-12-17T22:44:11.858095747Z 62 PC: 122ab | Close file
2018-12-17T22:44:11.860244993Z 69 PC: 9d7f4 | Duplicate handle
2018-12-17T22:44:11.86205924Z 62 PC: 122ab | Close file
2018-12-17T22:44:11.86519Z 69 PC: 9d7f4 | Duplicate handle
2018-12-17T22:44:11.867293872Z 62 PC: 122ab | Close file
2018-12-17T22:44:11.869315419Z 69 PC: 9d7f4 | Duplicate handle
2018-12-17T22:44:11.872400383Z 62 PC: 122ab | Close file
2018-12-17T22:44:11.874572462Z 69 PC: 9d7f4 | Duplicate handle
2018-12-17T22:44:11.876679079Z 62 PC: 122ab | Close file
2018-12-17T22:44:11.878566414Z 69 PC: 9d7f4 | Duplicate handle
2018-12-17T22:44:11.880936345Z 62 PC: 122ab | Close file
2018-12-17T22:44:11.882929929Z 69 PC: 9d7f4 | Duplicate handle
2018-12-17T22:44:11.8845492Z 62 PC: 122ab | Close file
2018-12-17T22:44:11.88687592Z 69 PC: 9d7f4 | Duplicate handle
2018-12-17T22:44:11.8887284Z 62 PC: 122ab | Close file
2018-12-17T22:44:11.893171564Z 99 PC: 97fd7 | Get DBCS lead byte table pointer
2018-12-17T22:44:11.895342672Z 56 PC: 927f9 | Get or set country info
2018-12-17T22:44:11.897666467Z 64 PC: 98248 | Write file or device (Write 2 bytes on handle 1)
2018-12-17T22:44:11.902494805Z 25 PC: 92862 | Get default drive
2018-12-17T22:44:11.905017793Z 71 PC: 94add | Get current directory
2018-12-17T22:44:11.909452763Z 64 PC: 98248 | Write file or device (Write 3 bytes on handle 1)
2018-12-17T22:44:11.913207755Z 2 PC: 94ab2 | Character output (Char = '3e')
2018-12-17T22:44:11.916355237Z 93 PC: 92920 | File sharing functions
2018-12-17T22:44:11.91831595Z 93 PC: 92927 | File sharing functions
2018-12-17T22:44:11.920351042Z 10 PC: 92939 | Buffered keyboard input

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":8042,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:03:18.236407831Z 218 PC: 12a5d | UNKNOWN!
2018-12-25T12:03:18.23765016Z 48 PC: 12a67 | Get DOS version
2018-12-25T12:03:18.238993523Z 37 PC: 12ab0 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:03:18.240201296Z 37 PC: 12abe | Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:03:18.242283301Z 42 PC: 12ae8 | Get date 0x12ae8: cmp dh, 5
0x12aeb: jne 0x12b05
0x12aed: cmp dl, 1
0x12af0: jne 0x12b05
0x12af2: mov word ptr [0xc12], 0xc96
0x12af8: mov word ptr [0xc14], 0xcb6
0x12afe: mov byte ptr [0xc10], 1
0x12b03: nop
0x12b04: ret
0x12b05: mov ah, 0x2c
0x12b07: int 0x21
0x12b09: dec ch
0x12b0b: cmp ch, 7
0x12b0e: jbe 0x12afe
0x12b10: ret
0x12b11: mov al, 3
0x12b13: iret
0x12b14: pushf
0x12b15: cmp ax, 0xdada
0x12b18: je 0x12b48
2018-12-25T12:03:18.245093869Z 44 PC: 12b09 | Get time 0x12b09: dec ch
0x12b0b: cmp ch, 7
0x12b0e: jbe 0x12afe
0x12b10: ret
0x12b11: mov al, 3
0x12b13: iret
0x12b14: pushf
0x12b15: cmp ax, 0xdada
0x12b18: je 0x12b48
0x12b1a: push dx
0x12b1b: push cx
0x12b1c: push bx
0x12b1d: push ax
0x12b1e: push si
0x12b1f: push di
0x12b20: push ds
0x12b21: push es
0x12b22: cmp ah, 0x3e
0x12b25: jne 0x12b2b
0x12b27: mov ah, 0x45
2018-12-25T12:03:18.249183091Z 77 PC: 11fe0 | Get program return code
2018-12-25T12:03:18.250907802Z 72 PC: 12174 | Allocate memory
2018-12-25T12:03:18.252809074Z 72 PC: 1218d | Allocate memory
2018-12-25T12:03:18.25502241Z 37 PC: 123c4 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:03:18.256471815Z 37 PC: 123cb | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:03:18.257814677Z 37 PC: 123d2 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:03:18.258894568Z 69 PC: 9d7f4 | Duplicate handle
2018-12-25T12:03:18.260357622Z 62 PC: 122ab | Close file
2018-12-25T12:03:18.262680823Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:18.264768844Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:18.266958671Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:18.269579702Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:18.271855418Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:18.273946298Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:18.276401066Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:18.278454478Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:18.280422325Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:18.284755781Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:18.286639226Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:18.2885909Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:18.291571543Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:18.293136641Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:18.295080698Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:18.297693277Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:18.299200426Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:18.300704482Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:18.303191605Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:18.305251955Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:18.307523609Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:18.310520814Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:18.312276868Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:18.313990289Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:18.316090311Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:18.317947621Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:18.319798738Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:18.322157853Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:18.324929891Z 61 PC: 12354 | Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T12:03:18.331106815Z 66 PC: 12372 | Move file pointer
2018-12-25T12:03:18.333071043Z 63 PC: 12383 | Read file or device (Read 44693 bytes on handle 5)
2018-12-25T12:03:18.346926228Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:18.348514434Z 51 PC: 9d870 | Get or set Ctrl-Break
2018-12-25T12:03:18.34935459Z 51 PC: 9d876 | Get or set Ctrl-Break
2018-12-25T12:03:18.350893781Z 53 PC: 9d87d | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:03:18.352066606Z 37 PC: 9d88b | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:03:18.353509157Z 62 PC: 9d92b | Close file
2018-12-25T12:03:18.356546583Z 37 PC: 9d93a | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:03:18.357695976Z 51 PC: 9d93e | Get or set Ctrl-Break
2018-12-25T12:03:18.358510478Z 62 PC: 1238a | Close file
2018-12-25T12:03:18.362360565Z 99 PC: 97fd7 | Get DBCS lead byte table pointer
2018-12-25T12:03:18.363908609Z 56 PC: 927f9 | Get or set country info
2018-12-25T12:03:18.365995642Z 64 PC: 98248 | Write file or device (Write 2 bytes on handle 1)
2018-12-25T12:03:18.371327411Z 25 PC: 92862 | Get default drive
2018-12-25T12:03:18.372894956Z 71 PC: 94add | Get current directory
2018-12-25T12:03:18.37672715Z 64 PC: 98248 | Write file or device (See above)
2018-12-25T12:03:18.380645805Z 2 PC: 94ab2 | Character output (Char = '3e')
2018-12-25T12:03:18.382734719Z 93 PC: 92920 | File sharing functions
2018-12-25T12:03:18.384278118Z 93 PC: 92927 | File sharing functions
2018-12-25T12:03:18.386397309Z 10 PC: 92939 | Buffered keyboard input
2018-12-25T12:03:33.226698385Z 0 PC: 0 | Program terminate
2018-12-25T12:03:34.581007485Z 0 PC: 0 | Program terminate (See above)
2018-12-25T12:03:34.683571837Z 64 PC: 98248 | Write file or device (See above)
2018-12-25T12:03:34.68955258Z 41 PC: 929ae | Parse filename
2018-12-25T12:03:34.692966595Z 41 PC: 92a2f | Parse filename
2018-12-25T12:03:34.696618833Z 41 PC: 92a4c | Parse filename
2018-12-25T12:03:34.699028658Z 26 PC: 95ef7 | Set disk transfer address
2018-12-25T12:03:34.702004306Z 71 PC: 960f3 | Get current directory
2018-12-25T12:03:34.71008455Z 78 PC: 960fe | Find first file
2018-12-25T12:03:34.72257564Z 71 PC: 95f6c | Get current directory
2018-12-25T12:03:34.728277814Z 73 PC: 95609 | Release memory
2018-12-25T12:03:34.730022949Z 61 PC: 9d7f4 | Open file (See above)
2018-12-25T12:03:34.736921729Z 51 PC: 9d870 | Get or set Ctrl-Break (See above)
2018-12-25T12:03:34.738844088Z 51 PC: 9d876 | Get or set Ctrl-Break (See above)
2018-12-25T12:03:34.740341042Z 53 PC: 9d87d | Get interrupt vector (See above)
2018-12-25T12:03:34.741857655Z 37 PC: 9d88b | Set interrupt vector (See above)
2018-12-25T12:03:34.744402288Z 63 PC: 9d8d7 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:03:34.756599293Z 64 PC: 9d8f8 | Write file or device (Write 3135 bytes on handle 5)
2018-12-25T12:03:34.771437233Z 64 PC: 9d91b | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:03:34.778621345Z 62 PC: 9d92b | Close file (See above)
2018-12-25T12:03:34.786716495Z 37 PC: 9d93a | Set interrupt vector (See above)
2018-12-25T12:03:34.787955501Z 51 PC: 9d93e | Get or set Ctrl-Break (See above)
2018-12-25T12:03:34.789060929Z 75 PC: 11821 | Execute program
2018-12-25T12:03:34.805821668Z 77 PC: 11fe0 | Get program return code (See above)
2018-12-25T12:03:34.807332531Z 72 PC: 12174 | Allocate memory (See above)
2018-12-25T12:03:34.80944871Z 72 PC: 1218d | Allocate memory (See above)
2018-12-25T12:03:34.815121579Z 37 PC: 123c4 | Set interrupt vector (See above)
2018-12-25T12:03:34.816674773Z 37 PC: 123cb | Set interrupt vector (See above)
2018-12-25T12:03:34.818184165Z 37 PC: 123d2 | Set interrupt vector (See above)
2018-12-25T12:03:34.819919979Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:34.8214303Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:34.822981647Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:34.825338386Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:34.827214184Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:34.829132208Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:34.831473272Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:34.833272641Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:34.8351074Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:34.837412956Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:34.839181089Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:34.841007243Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:34.843101532Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:34.844628768Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:34.846168682Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:34.848840964Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:34.851190371Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:34.852965902Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:34.85558442Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:34.857233048Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:34.859134981Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:34.86200105Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:34.864211324Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:34.866168619Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:34.869082235Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:34.871050889Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:34.873008841Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:34.875906664Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:34.87792127Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:34.879911251Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:34.884028476Z 99 PC: 97fd7 | Get DBCS lead byte table pointer (See above)
2018-12-25T12:03:34.886928325Z 56 PC: 927f9 | Get or set country info (See above)
2018-12-25T12:03:34.889279682Z 64 PC: 98248 | Write file or device (See above)
2018-12-25T12:03:34.895358523Z 25 PC: 92862 | Get default drive (See above)
2018-12-25T12:03:34.898382855Z 71 PC: 94add | Get current directory (See above)
2018-12-25T12:03:34.902766013Z 64 PC: 98248 | Write file or device (See above)
2018-12-25T12:03:34.906431862Z 2 PC: 94ab2 | Character output (See above)
2018-12-25T12:03:34.909704357Z 93 PC: 92920 | File sharing functions (See above)
2018-12-25T12:03:34.911703873Z 93 PC: 92927 | File sharing functions (See above)
2018-12-25T12:03:34.913630576Z 10 PC: 92939 | Buffered keyboard input (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":8042,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:03:18.642128734Z 218 PC: 12a5d | UNKNOWN!
2018-12-25T12:03:18.643229569Z 48 PC: 12a67 | Get DOS version
2018-12-25T12:03:18.644083446Z 37 PC: 12ab0 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:03:18.645081511Z 37 PC: 12abe | Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:03:18.646601262Z 42 PC: 12ae8 | Get date 0x12ae8: cmp dh, 5
0x12aeb: jne 0x12b05
0x12aed: cmp dl, 1
0x12af0: jne 0x12b05
0x12af2: mov word ptr [0xc12], 0xc96
0x12af8: mov word ptr [0xc14], 0xcb6
0x12afe: mov byte ptr [0xc10], 1
0x12b03: nop
0x12b04: ret
0x12b05: mov ah, 0x2c
0x12b07: int 0x21
0x12b09: dec ch
0x12b0b: cmp ch, 7
0x12b0e: jbe 0x12afe
0x12b10: ret
0x12b11: mov al, 3
0x12b13: iret
0x12b14: pushf
0x12b15: cmp ax, 0xdada
0x12b18: je 0x12b48
2018-12-25T12:03:18.648138657Z 44 PC: 12b09 | Get time 0x12b09: dec ch
0x12b0b: cmp ch, 7
0x12b0e: jbe 0x12afe
0x12b10: ret
0x12b11: mov al, 3
0x12b13: iret
0x12b14: pushf
0x12b15: cmp ax, 0xdada
0x12b18: je 0x12b48
0x12b1a: push dx
0x12b1b: push cx
0x12b1c: push bx
0x12b1d: push ax
0x12b1e: push si
0x12b1f: push di
0x12b20: push ds
0x12b21: push es
0x12b22: cmp ah, 0x3e
0x12b25: jne 0x12b2b
0x12b27: mov ah, 0x45
2018-12-25T12:03:18.650904603Z 77 PC: 11fe0 | Get program return code
2018-12-25T12:03:18.652275915Z 72 PC: 12174 | Allocate memory
2018-12-25T12:03:18.653519155Z 72 PC: 1218d | Allocate memory
2018-12-25T12:03:18.654950608Z 37 PC: 123c4 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:03:18.656536219Z 37 PC: 123cb | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:03:18.65737963Z 37 PC: 123d2 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:03:18.658247583Z 69 PC: 9d7f4 | Duplicate handle
2018-12-25T12:03:18.659711791Z 62 PC: 122ab | Close file
2018-12-25T12:03:18.660838674Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:18.661914945Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:18.66337039Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:18.664527427Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:18.665429972Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:18.666998741Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:18.668052613Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:18.669028695Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:18.670340227Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:18.671815641Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:18.67284274Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:18.674491497Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:18.675963184Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:18.67704181Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:18.681511586Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:18.68268312Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:18.683843047Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:18.685488204Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:18.686729437Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:18.688056073Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:18.689805716Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:18.690929362Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:18.692025036Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:18.693793016Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:18.695011684Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:18.696193446Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:18.697952509Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:18.699083833Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:18.700953149Z 61 PC: 12354 | Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T12:03:18.705503036Z 66 PC: 12372 | Move file pointer
2018-12-25T12:03:18.706617914Z 63 PC: 12383 | Read file or device (Read 44693 bytes on handle 5)
2018-12-25T12:03:18.714725673Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:18.716162573Z 51 PC: 9d870 | Get or set Ctrl-Break
2018-12-25T12:03:18.717035786Z 51 PC: 9d876 | Get or set Ctrl-Break
2018-12-25T12:03:18.71765142Z 53 PC: 9d87d | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:03:18.71943356Z 37 PC: 9d88b | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:03:18.720565084Z 62 PC: 9d92b | Close file
2018-12-25T12:03:18.721809489Z 37 PC: 9d93a | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:03:18.722890394Z 51 PC: 9d93e | Get or set Ctrl-Break
2018-12-25T12:03:18.723756846Z 62 PC: 1238a | Close file
2018-12-25T12:03:18.725739716Z 99 PC: 97fd7 | Get DBCS lead byte table pointer
2018-12-25T12:03:18.727400811Z 56 PC: 927f9 | Get or set country info
2018-12-25T12:03:18.728708109Z 64 PC: 98248 | Write file or device (Write 2 bytes on handle 1)
2018-12-25T12:03:18.731782972Z 25 PC: 92862 | Get default drive
2018-12-25T12:03:18.733117823Z 71 PC: 94add | Get current directory
2018-12-25T12:03:18.736173325Z 64 PC: 98248 | Write file or device (See above)
2018-12-25T12:03:18.738336778Z 2 PC: 94ab2 | Character output (Char = '3e')
2018-12-25T12:03:18.740271075Z 93 PC: 92920 | File sharing functions
2018-12-25T12:03:18.741533546Z 93 PC: 92927 | File sharing functions
2018-12-25T12:03:18.743418789Z 10 PC: 92939 | Buffered keyboard input
2018-12-25T12:03:33.638269429Z 0 PC: 0 | Program terminate
2018-12-25T12:03:34.997389525Z 0 PC: 0 | Program terminate (See above)
2018-12-25T12:03:35.100802392Z 64 PC: 98248 | Write file or device (See above)
2018-12-25T12:03:35.108071231Z 41 PC: 929ae | Parse filename
2018-12-25T12:03:35.110231962Z 41 PC: 92a2f | Parse filename
2018-12-25T12:03:35.114016788Z 41 PC: 92a4c | Parse filename
2018-12-25T12:03:35.116600106Z 26 PC: 95ef7 | Set disk transfer address
2018-12-25T12:03:35.118616144Z 71 PC: 960f3 | Get current directory
2018-12-25T12:03:35.126916257Z 78 PC: 960fe | Find first file
2018-12-25T12:03:35.136923789Z 71 PC: 95f6c | Get current directory
2018-12-25T12:03:35.140322153Z 73 PC: 95609 | Release memory
2018-12-25T12:03:35.142320948Z 61 PC: 9d7f4 | Open file (See above)
2018-12-25T12:03:35.1527014Z 51 PC: 9d870 | Get or set Ctrl-Break (See above)
2018-12-25T12:03:35.153556066Z 51 PC: 9d876 | Get or set Ctrl-Break (See above)
2018-12-25T12:03:35.154365987Z 53 PC: 9d87d | Get interrupt vector (See above)
2018-12-25T12:03:35.156178853Z 37 PC: 9d88b | Set interrupt vector (See above)
2018-12-25T12:03:35.157387408Z 63 PC: 9d8d7 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:03:35.164593343Z 64 PC: 9d8f8 | Write file or device (Write 3132 bytes on handle 5)
2018-12-25T12:03:35.176724779Z 64 PC: 9d91b | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:03:35.183146909Z 62 PC: 9d92b | Close file (See above)
2018-12-25T12:03:35.188046113Z 37 PC: 9d93a | Set interrupt vector (See above)
2018-12-25T12:03:35.189939342Z 51 PC: 9d93e | Get or set Ctrl-Break (See above)
2018-12-25T12:03:35.190929669Z 75 PC: 11821 | Execute program
2018-12-25T12:03:35.204352176Z 77 PC: 11fe0 | Get program return code (See above)
2018-12-25T12:03:35.20593918Z 72 PC: 12174 | Allocate memory (See above)
2018-12-25T12:03:35.207277613Z 72 PC: 1218d | Allocate memory (See above)
2018-12-25T12:03:35.208538955Z 37 PC: 123c4 | Set interrupt vector (See above)
2018-12-25T12:03:35.210085846Z 37 PC: 123cb | Set interrupt vector (See above)
2018-12-25T12:03:35.211069097Z 37 PC: 123d2 | Set interrupt vector (See above)
2018-12-25T12:03:35.212030163Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:35.213753305Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:35.215009739Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:35.216157509Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:35.217880005Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:35.219087683Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:35.220203068Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:35.222086536Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:35.223241633Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:35.224369763Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:35.226136762Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:35.227288407Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:35.228378229Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:35.230063251Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:35.231317137Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:35.232491499Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:35.234175599Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:35.235326936Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:35.236449093Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:35.238141675Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:35.239256183Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:35.240373064Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:35.242278664Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:35.24342069Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:35.244529308Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:35.246111344Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:35.247232205Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:35.248352849Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:35.249899242Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:35.251046402Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:35.252850111Z 99 PC: 97fd7 | Get DBCS lead byte table pointer (See above)
2018-12-25T12:03:35.254934097Z 56 PC: 927f9 | Get or set country info (See above)
2018-12-25T12:03:35.256395773Z 64 PC: 98248 | Write file or device (See above)
2018-12-25T12:03:35.259061004Z 25 PC: 92862 | Get default drive (See above)
2018-12-25T12:03:35.260797401Z 71 PC: 94add | Get current directory (See above)
2018-12-25T12:03:35.263403434Z 64 PC: 98248 | Write file or device (See above)
2018-12-25T12:03:35.265621962Z 2 PC: 94ab2 | Character output (See above)
2018-12-25T12:03:35.267636329Z 93 PC: 92920 | File sharing functions (See above)
2018-12-25T12:03:35.268954681Z 93 PC: 92927 | File sharing functions (See above)
2018-12-25T12:03:35.270266879Z 10 PC: 92939 | Buffered keyboard input (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":1,"Min":0,"Second":0,"TimeBased":true,"OriginalID":8042,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:03:19.231964071Z 218 PC: 12a5d | UNKNOWN!
2018-12-25T12:03:19.233790086Z 48 PC: 12a67 | Get DOS version
2018-12-25T12:03:19.235477075Z 37 PC: 12ab0 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:03:19.236929498Z 37 PC: 12abe | Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:03:19.238694788Z 42 PC: 12ae8 | Get date 0x12ae8: cmp dh, 5
0x12aeb: jne 0x12b05
0x12aed: cmp dl, 1
0x12af0: jne 0x12b05
0x12af2: mov word ptr [0xc12], 0xc96
0x12af8: mov word ptr [0xc14], 0xcb6
0x12afe: mov byte ptr [0xc10], 1
0x12b03: nop
0x12b04: ret
0x12b05: mov ah, 0x2c
0x12b07: int 0x21
0x12b09: dec ch
0x12b0b: cmp ch, 7
0x12b0e: jbe 0x12afe
0x12b10: ret
0x12b11: mov al, 3
0x12b13: iret
0x12b14: pushf
0x12b15: cmp ax, 0xdada
0x12b18: je 0x12b48
2018-12-25T12:03:19.241442002Z 44 PC: 12b09 | Get time 0x12b09: dec ch
0x12b0b: cmp ch, 7
0x12b0e: jbe 0x12afe
0x12b10: ret
0x12b11: mov al, 3
0x12b13: iret
0x12b14: pushf
0x12b15: cmp ax, 0xdada
0x12b18: je 0x12b48
0x12b1a: push dx
0x12b1b: push cx
0x12b1c: push bx
0x12b1d: push ax
0x12b1e: push si
0x12b1f: push di
0x12b20: push ds
0x12b21: push es
0x12b22: cmp ah, 0x3e
0x12b25: jne 0x12b2b
0x12b27: mov ah, 0x45
2018-12-25T12:03:19.246253215Z 77 PC: 11fe0 | Get program return code
2018-12-25T12:03:19.24770271Z 72 PC: 12174 | Allocate memory
2018-12-25T12:03:19.25030426Z 72 PC: 1218d | Allocate memory
2018-12-25T12:03:19.253039882Z 37 PC: 123c4 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:03:19.254519422Z 37 PC: 123cb | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:03:19.256787623Z 37 PC: 123d2 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:03:19.258755774Z 69 PC: 9d7f4 | Duplicate handle
2018-12-25T12:03:19.260847862Z 62 PC: 122ab | Close file
2018-12-25T12:03:19.271443899Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:19.273544873Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:19.27549632Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:19.278430181Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:19.280218764Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:19.281996517Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:19.284596509Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:19.286452535Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:19.288185421Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:19.290369795Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:19.292300415Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:19.294083953Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:19.296087779Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:19.29885538Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:19.301879969Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:19.304340024Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:19.307160283Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:19.309227714Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:19.311233029Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:19.313624149Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:19.316795683Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:19.318629239Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:19.320794512Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:19.322611037Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:19.324287039Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:19.326884941Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:19.328699325Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:19.330379543Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:19.333663906Z 61 PC: 12354 | Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T12:03:19.338409534Z 66 PC: 12372 | Move file pointer
2018-12-25T12:03:19.339953064Z 63 PC: 12383 | Read file or device (Read 44693 bytes on handle 5)
2018-12-25T12:03:19.354384785Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:19.356784036Z 51 PC: 9d870 | Get or set Ctrl-Break
2018-12-25T12:03:19.35799211Z 51 PC: 9d876 | Get or set Ctrl-Break
2018-12-25T12:03:19.359017581Z 53 PC: 9d87d | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:03:19.363609867Z 37 PC: 9d88b | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:03:19.365531791Z 62 PC: 9d92b | Close file
2018-12-25T12:03:19.36803056Z 37 PC: 9d93a | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:03:19.370727491Z 51 PC: 9d93e | Get or set Ctrl-Break
2018-12-25T12:03:19.372190189Z 62 PC: 1238a | Close file
2018-12-25T12:03:19.375957725Z 99 PC: 97fd7 | Get DBCS lead byte table pointer
2018-12-25T12:03:19.377969225Z 56 PC: 927f9 | Get or set country info
2018-12-25T12:03:19.38012021Z 64 PC: 98248 | Write file or device (Write 2 bytes on handle 1)
2018-12-25T12:03:19.385166926Z 25 PC: 92862 | Get default drive
2018-12-25T12:03:19.387523508Z 71 PC: 94add | Get current directory
2018-12-25T12:03:19.392744574Z 64 PC: 98248 | Write file or device (See above)
2018-12-25T12:03:19.396315874Z 2 PC: 94ab2 | Character output (Char = '3e')
2018-12-25T12:03:19.40002463Z 93 PC: 92920 | File sharing functions
2018-12-25T12:03:19.402264039Z 93 PC: 92927 | File sharing functions
2018-12-25T12:03:19.404598731Z 10 PC: 92939 | Buffered keyboard input
2018-12-25T12:03:34.219691548Z 0 PC: 0 | Program terminate
2018-12-25T12:03:35.573805066Z 0 PC: 0 | Program terminate (See above)
2018-12-25T12:03:35.677457867Z 64 PC: 98248 | Write file or device (See above)
2018-12-25T12:03:35.684363072Z 41 PC: 929ae | Parse filename
2018-12-25T12:03:35.686759181Z 41 PC: 92a2f | Parse filename
2018-12-25T12:03:35.689905149Z 41 PC: 92a4c | Parse filename
2018-12-25T12:03:35.692393407Z 26 PC: 95ef7 | Set disk transfer address
2018-12-25T12:03:35.693596333Z 71 PC: 960f3 | Get current directory
2018-12-25T12:03:35.69877224Z 78 PC: 960fe | Find first file
2018-12-25T12:03:35.711151129Z 71 PC: 95f6c | Get current directory
2018-12-25T12:03:35.715832692Z 73 PC: 95609 | Release memory
2018-12-25T12:03:35.717631657Z 61 PC: 9d7f4 | Open file (See above)
2018-12-25T12:03:35.72570275Z 51 PC: 9d870 | Get or set Ctrl-Break (See above)
2018-12-25T12:03:35.726994946Z 51 PC: 9d876 | Get or set Ctrl-Break (See above)
2018-12-25T12:03:35.728870167Z 53 PC: 9d87d | Get interrupt vector (See above)
2018-12-25T12:03:35.731002848Z 37 PC: 9d88b | Set interrupt vector (See above)
2018-12-25T12:03:35.73317113Z 63 PC: 9d8d7 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:03:35.746451931Z 64 PC: 9d8f8 | Write file or device (Write 3120 bytes on handle 5)
2018-12-25T12:03:35.763428646Z 64 PC: 9d91b | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:03:35.771053703Z 62 PC: 9d92b | Close file (See above)
2018-12-25T12:03:35.780580875Z 37 PC: 9d93a | Set interrupt vector (See above)
2018-12-25T12:03:35.782935334Z 51 PC: 9d93e | Get or set Ctrl-Break (See above)
2018-12-25T12:03:35.784098782Z 75 PC: 11821 | Execute program
2018-12-25T12:03:35.802412609Z 77 PC: 11fe0 | Get program return code (See above)
2018-12-25T12:03:35.804684911Z 72 PC: 12174 | Allocate memory (See above)
2018-12-25T12:03:35.806849332Z 72 PC: 1218d | Allocate memory (See above)
2018-12-25T12:03:35.808870172Z 37 PC: 123c4 | Set interrupt vector (See above)
2018-12-25T12:03:35.81112236Z 37 PC: 123cb | Set interrupt vector (See above)
2018-12-25T12:03:35.813472334Z 37 PC: 123d2 | Set interrupt vector (See above)
2018-12-25T12:03:35.815043739Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:35.816980138Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:35.820029812Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:35.821969057Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:35.823855692Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:35.826938901Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:35.828865683Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:35.830836652Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:35.833764281Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:35.836409612Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:35.838592803Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:35.84096463Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:35.843578507Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:35.845496532Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:35.847352264Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:35.850544315Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:35.852690442Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:35.85542939Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:35.858211483Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:35.860270605Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:35.862248423Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:35.864934989Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:35.866982321Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:35.869003439Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:35.871651759Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:35.873673927Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:35.875584348Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:35.879877775Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:35.881817163Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:35.883930834Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:35.888491939Z 99 PC: 97fd7 | Get DBCS lead byte table pointer (See above)
2018-12-25T12:03:35.89025705Z 56 PC: 927f9 | Get or set country info (See above)
2018-12-25T12:03:35.892676666Z 64 PC: 98248 | Write file or device (See above)
2018-12-25T12:03:35.898738027Z 25 PC: 92862 | Get default drive (See above)
2018-12-25T12:03:35.900883751Z 71 PC: 94add | Get current directory (See above)
2018-12-25T12:03:35.905850257Z 64 PC: 98248 | Write file or device (See above)
2018-12-25T12:03:35.910250244Z 2 PC: 94ab2 | Character output (See above)
2018-12-25T12:03:35.913761617Z 93 PC: 92920 | File sharing functions (See above)
2018-12-25T12:03:35.916018701Z 93 PC: 92927 | File sharing functions (See above)
2018-12-25T12:03:35.918286105Z 10 PC: 92939 | Buffered keyboard input (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":1,"Min":0,"Second":0,"TimeBased":true,"OriginalID":8042,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:03:21.03001889Z 218 PC: 12a5d | UNKNOWN!
2018-12-25T12:03:21.031922827Z 48 PC: 12a67 | Get DOS version
2018-12-25T12:03:21.033750924Z 37 PC: 12ab0 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:03:21.035393268Z 37 PC: 12abe | Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:03:21.037690109Z 42 PC: 12ae8 | Get date 0x12ae8: cmp dh, 5
0x12aeb: jne 0x12b05
0x12aed: cmp dl, 1
0x12af0: jne 0x12b05
0x12af2: mov word ptr [0xc12], 0xc96
0x12af8: mov word ptr [0xc14], 0xcb6
0x12afe: mov byte ptr [0xc10], 1
0x12b03: nop
0x12b04: ret
0x12b05: mov ah, 0x2c
0x12b07: int 0x21
0x12b09: dec ch
0x12b0b: cmp ch, 7
0x12b0e: jbe 0x12afe
0x12b10: ret
0x12b11: mov al, 3
0x12b13: iret
0x12b14: pushf
0x12b15: cmp ax, 0xdada
0x12b18: je 0x12b48
2018-12-25T12:03:21.040710019Z 44 PC: 12b09 | Get time 0x12b09: dec ch
0x12b0b: cmp ch, 7
0x12b0e: jbe 0x12afe
0x12b10: ret
0x12b11: mov al, 3
0x12b13: iret
0x12b14: pushf
0x12b15: cmp ax, 0xdada
0x12b18: je 0x12b48
0x12b1a: push dx
0x12b1b: push cx
0x12b1c: push bx
0x12b1d: push ax
0x12b1e: push si
0x12b1f: push di
0x12b20: push ds
0x12b21: push es
0x12b22: cmp ah, 0x3e
0x12b25: jne 0x12b2b
0x12b27: mov ah, 0x45
2018-12-25T12:03:21.045831568Z 77 PC: 11fe0 | Get program return code
2018-12-25T12:03:21.047809681Z 72 PC: 12174 | Allocate memory
2018-12-25T12:03:21.050099053Z 72 PC: 1218d | Allocate memory
2018-12-25T12:03:21.053270216Z 37 PC: 123c4 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:03:21.054733501Z 37 PC: 123cb | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:03:21.05727505Z 37 PC: 123d2 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:03:21.059078391Z 69 PC: 9d7f4 | Duplicate handle
2018-12-25T12:03:21.061323796Z 62 PC: 122ab | Close file
2018-12-25T12:03:21.065224609Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:21.067354815Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:21.069412458Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:21.072250472Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:21.074596342Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:21.076821068Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:21.079263268Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:21.082306201Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:21.084449078Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:21.08764736Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:21.090122152Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:21.093042833Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:21.096720067Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:21.099244549Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:21.101069173Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:21.103054634Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:21.105233528Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:21.107278646Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:21.109645358Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:21.112089834Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:21.113668953Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:21.115145235Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:21.117229681Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:21.1188606Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:21.120456045Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:21.122546505Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:21.124310803Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:21.126075286Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:21.129250211Z 61 PC: 12354 | Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T12:03:21.136355775Z 66 PC: 12372 | Move file pointer
2018-12-25T12:03:21.138336439Z 63 PC: 12383 | Read file or device (Read 44693 bytes on handle 5)
2018-12-25T12:03:21.1529457Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:21.155673763Z 51 PC: 9d870 | Get or set Ctrl-Break
2018-12-25T12:03:21.156839622Z 51 PC: 9d876 | Get or set Ctrl-Break
2018-12-25T12:03:21.157952776Z 53 PC: 9d87d | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:03:21.160664554Z 37 PC: 9d88b | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:03:21.162754527Z 62 PC: 9d92b | Close file
2018-12-25T12:03:21.165192317Z 37 PC: 9d93a | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:03:21.16684748Z 51 PC: 9d93e | Get or set Ctrl-Break
2018-12-25T12:03:21.167732644Z 62 PC: 1238a | Close file
2018-12-25T12:03:21.171896449Z 99 PC: 97fd7 | Get DBCS lead byte table pointer
2018-12-25T12:03:21.173844399Z 56 PC: 927f9 | Get or set country info
2018-12-25T12:03:21.175878977Z 64 PC: 98248 | Write file or device (Write 2 bytes on handle 1)
2018-12-25T12:03:21.180738187Z 25 PC: 92862 | Get default drive
2018-12-25T12:03:21.183320006Z 71 PC: 94add | Get current directory
2018-12-25T12:03:21.187709494Z 64 PC: 98248 | Write file or device (See above)
2018-12-25T12:03:21.191155606Z 2 PC: 94ab2 | Character output (Char = '3e')
2018-12-25T12:03:21.193931159Z 93 PC: 92920 | File sharing functions
2018-12-25T12:03:21.195902934Z 93 PC: 92927 | File sharing functions
2018-12-25T12:03:21.197594267Z 10 PC: 92939 | Buffered keyboard input
2018-12-25T12:03:36.014813874Z 0 PC: 0 | Program terminate
2018-12-25T12:03:37.369617999Z 0 PC: 0 | Program terminate (See above)
2018-12-25T12:03:37.473106088Z 64 PC: 98248 | Write file or device (See above)
2018-12-25T12:03:37.479595217Z 41 PC: 929ae | Parse filename
2018-12-25T12:03:37.481715796Z 41 PC: 92a2f | Parse filename
2018-12-25T12:03:37.483503814Z 41 PC: 92a4c | Parse filename
2018-12-25T12:03:37.487360033Z 26 PC: 95ef7 | Set disk transfer address
2018-12-25T12:03:37.489214361Z 71 PC: 960f3 | Get current directory
2018-12-25T12:03:37.498546843Z 78 PC: 960fe | Find first file
2018-12-25T12:03:37.509622651Z 71 PC: 95f6c | Get current directory
2018-12-25T12:03:37.513919301Z 73 PC: 95609 | Release memory
2018-12-25T12:03:37.515803375Z 61 PC: 9d7f4 | Open file (See above)
2018-12-25T12:03:37.523853978Z 51 PC: 9d870 | Get or set Ctrl-Break (See above)
2018-12-25T12:03:37.524834651Z 51 PC: 9d876 | Get or set Ctrl-Break (See above)
2018-12-25T12:03:37.525748151Z 53 PC: 9d87d | Get interrupt vector (See above)
2018-12-25T12:03:37.527540045Z 37 PC: 9d88b | Set interrupt vector (See above)
2018-12-25T12:03:37.529375761Z 63 PC: 9d8d7 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:03:37.54244327Z 64 PC: 9d8f8 | Write file or device (Write 3149 bytes on handle 5)
2018-12-25T12:03:37.562534108Z 64 PC: 9d91b | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:03:37.570479222Z 62 PC: 9d92b | Close file (See above)
2018-12-25T12:03:37.579303485Z 37 PC: 9d93a | Set interrupt vector (See above)
2018-12-25T12:03:37.581127658Z 51 PC: 9d93e | Get or set Ctrl-Break (See above)
2018-12-25T12:03:37.582636187Z 75 PC: 11821 | Execute program
2018-12-25T12:03:37.600676937Z 77 PC: 11fe0 | Get program return code (See above)
2018-12-25T12:03:37.602180479Z 72 PC: 12174 | Allocate memory (See above)
2018-12-25T12:03:37.60479473Z 72 PC: 1218d | Allocate memory (See above)
2018-12-25T12:03:37.606692175Z 37 PC: 123c4 | Set interrupt vector (See above)
2018-12-25T12:03:37.60806016Z 37 PC: 123cb | Set interrupt vector (See above)
2018-12-25T12:03:37.610076476Z 37 PC: 123d2 | Set interrupt vector (See above)
2018-12-25T12:03:37.611491535Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:37.613158738Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:37.615354147Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:37.61701989Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:37.618646264Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:37.620979399Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:37.62273244Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:37.624932671Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:37.632316898Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:37.634029242Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:37.635497396Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:37.637746114Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:37.63937652Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:37.641845958Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:37.64371016Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:37.645411271Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:37.647023645Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:37.648848051Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:37.651008769Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:37.65265144Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:37.654492104Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:37.656489881Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:37.658069466Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:37.659672027Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:37.661648617Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:37.663267744Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:37.665288506Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:37.668248572Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:37.670306881Z 69 PC: 9d7f4 | Duplicate handle (See above)
2018-12-25T12:03:37.672392427Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:03:37.676684163Z 99 PC: 97fd7 | Get DBCS lead byte table pointer (See above)
2018-12-25T12:03:37.678287134Z 56 PC: 927f9 | Get or set country info (See above)
2018-12-25T12:03:37.680456714Z 64 PC: 98248 | Write file or device (See above)
2018-12-25T12:03:37.686316633Z 25 PC: 92862 | Get default drive (See above)
2018-12-25T12:03:37.688203949Z 71 PC: 94add | Get current directory (See above)
2018-12-25T12:03:37.692631195Z 64 PC: 98248 | Write file or device (See above)
2018-12-25T12:03:37.696648487Z 2 PC: 94ab2 | Character output (See above)
2018-12-25T12:03:37.699220463Z 93 PC: 92920 | File sharing functions (See above)
2018-12-25T12:03:37.701045726Z 93 PC: 92927 | File sharing functions (See above)
2018-12-25T12:03:37.703425642Z 10 PC: 92939 | Buffered keyboard input (See above)