Sample viewer

vx.netlux.org/Virus.DOS.Grog.1200

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:44:06.594444057Z 75 PC: 12a73 | Execute program
2018-12-17T22:44:06.596718038Z 46 PC: 12a8a | Set verify flag
2018-12-17T22:44:06.598750867Z 53 PC: 12b0a | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T22:44:06.600693956Z 53 PC: 12b19 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:44:06.602816576Z 37 PC: 12ae8 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:44:06.604941224Z 53 PC: 9ec19 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:44:06.606088668Z 37 PC: 9ec28 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:44:06.607174878Z 53 PC: 9eb35 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T22:44:06.608659917Z 37 PC: 9eb47 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T22:44:06.60993078Z 67 PC: 9ecd5 | Get or set file attributes
2018-12-17T22:44:06.614201683Z 61 PC: 9ece1 | Open file (Filename = 'C:\COMMAND.COM')
2018-12-17T22:44:06.62181975Z 66 PC: 9ed49 | Move file pointer
2018-12-17T22:44:06.623888421Z 66 PC: 9ed49 | Move file pointer
2018-12-17T22:44:06.625189942Z 63 PC: 9ebd0 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:44:06.628135225Z 62 PC: 9ed72 | Close file
2018-12-17T22:44:06.629560644Z 67 PC: 9ed7a | Get or set file attributes
2018-12-17T22:44:07.15548685Z 61 PC: 9ed85 | Open file (Filename = 'C:\COMMAND.COM')
2018-12-17T22:44:07.163569897Z 87 PC: 9ed96 | Get or set file date and time
2018-12-17T22:44:07.165788891Z 66 PC: 9ed49 | Move file pointer
2018-12-17T22:44:07.167997001Z 63 PC: 9edb2 | Read file or device (Read 1200 bytes on handle 5)
2018-12-17T22:44:07.176764876Z 66 PC: 9ed49 | Move file pointer
2018-12-17T22:44:07.180555114Z 64 PC: 9edc4 | Write file or device (Write 1200 bytes on handle 5)
2018-12-17T22:44:07.192112547Z 66 PC: 9ed49 | Move file pointer
2018-12-17T22:44:07.194249482Z 44 PC: 9ee01 | Get time 0x9ee01: cmp dh, 0
0x9ee04: je 0x9edfc
0x9ee06: cmp dh, 0x20
0x9ee09: je 0x9edfc
0x9ee0b: cmp dh, 0xe0
0x9ee0e: je 0x9edfc
0x9ee10: mov si, dx
0x9ee12: mov di, 0x100
0x9ee15: and dl, 1
0x9ee18: cmp dl, 1
0x9ee1b: je 0x9ee26
0x9ee1d: call 0x9ee2f
0x9ee20: call 0x9ee3c
0x9ee23: jmp 0x9ee49
0x9ee25: nop
0x9ee26: call 0x9ee3c
0x9ee29: call 0x9ee2f
0x9ee2c: jmp 0x9ee49
0x9ee2e: nop
0x9ee2f: mov al, 0xbe
2018-12-17T22:44:07.19871633Z 64 PC: 9edf3 | Write file or device (Write 1200 bytes on handle 5)
2018-12-17T22:44:07.207407683Z 87 PC: 9edfb | Get or set file date and time
2018-12-17T22:44:07.209565185Z 62 PC: 9ed3b | Close file
2018-12-17T22:44:07.222160674Z 67 PC: 9ecff | Get or set file attributes
2018-12-17T22:44:07.235754679Z 53 PC: 9eb35 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T22:44:07.237285738Z 37 PC: 9eb47 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T22:44:07.239834175Z 37 PC: 9ec35 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:44:07.241223166Z 67 PC: 12af2 | Get or set file attributes
2018-12-17T22:44:07.244837532Z 42 PC: 12a94 | Get date 0x12a94: or dh, 0xfe
0x12a97: cmp dh, 0xff
0x12a9a: jne 0x12aa7
0x12a9c: or dl, 0xfa
0x12a9f: cmp dl, 0xff
0x12aa2: jne 0x12aa7
0x12aa4: call 0x12b71
0x12aa7: mov bx, word ptr [0x591]
0x12aab: mov ax, 0x4b47
0x12aae: mov si, 0x4731
0x12ab1: mov dx, si
0x12ab3: int 0x21
0x12ab5: cli
0x12ab6: mov ax, word ptr cs:[2]
0x12aba: mov cx, 0x12c
0x12abd: sub ax, cx
0x12abf: mov word ptr cs:[2], ax
0x12ac3: push ax
0x12ac4: mov cx, cs
0x12ac6: sub ax, cx

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":32,"TimeBased":true,"OriginalID":8107,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:03:26.170842703Z 75 PC: 12a73 | Execute program
2018-12-25T12:03:26.172832648Z 46 PC: 12a8a | Set verify flag
2018-12-25T12:03:26.174088316Z 53 PC: 12b0a | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:03:26.175316994Z 53 PC: 12b19 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:03:26.176947102Z 37 PC: 12ae8 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:03:26.178671815Z 53 PC: 9ec19 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:03:26.180168226Z 37 PC: 9ec28 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:03:26.181807527Z 53 PC: 9eb35 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:03:26.183405977Z 37 PC: 9eb47 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:03:26.184652411Z 67 PC: 9ecd5 | Get or set file attributes
2018-12-25T12:03:26.190534992Z 61 PC: 9ece1 | Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T12:03:26.197785995Z 66 PC: 9ed49 | Move file pointer
2018-12-25T12:03:26.199140115Z 66 PC: 9ed49 | Move file pointer (See above)
2018-12-25T12:03:26.200521141Z 63 PC: 9ebd0 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:03:26.203938265Z 62 PC: 9ed72 | Close file
2018-12-25T12:03:26.20594003Z 67 PC: 9ed7a | Get or set file attributes
2018-12-25T12:03:26.548063946Z 61 PC: 9ed85 | Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T12:03:26.555826261Z 87 PC: 9ed96 | Get or set file date and time
2018-12-25T12:03:26.558143597Z 66 PC: 9ed49 | Move file pointer (See above)
2018-12-25T12:03:26.559551939Z 63 PC: 9edb2 | Read file or device (Read 1200 bytes on handle 5)
2018-12-25T12:03:26.567897218Z 66 PC: 9ed49 | Move file pointer (See above)
2018-12-25T12:03:26.569987241Z 64 PC: 9edc4 | Write file or device (Write 1200 bytes on handle 5)
2018-12-25T12:03:26.580607219Z 66 PC: 9ed49 | Move file pointer (See above)
2018-12-25T12:03:26.582030456Z 44 PC: 9ee01 | Get time 0x9ee01: cmp dh, 0
0x9ee04: je 0x9edfc
0x9ee06: cmp dh, 0x20
0x9ee09: je 0x9edfc
0x9ee0b: cmp dh, 0xe0
0x9ee0e: je 0x9edfc
0x9ee10: mov si, dx
0x9ee12: mov di, 0x100
0x9ee15: and dl, 1
0x9ee18: cmp dl, 1
0x9ee1b: je 0x9ee26
0x9ee1d: call 0x9ee2f
0x9ee20: call 0x9ee3c
0x9ee23: jmp 0x9ee49
0x9ee25: nop
0x9ee26: call 0x9ee3c
0x9ee29: call 0x9ee2f
0x9ee2c: jmp 0x9ee49
0x9ee2e: nop
0x9ee2f: mov al, 0xbe
2018-12-25T12:03:26.585282468Z 64 PC: 9edf3 | Write file or device (Write 1200 bytes on handle 5)
2018-12-25T12:03:26.593542247Z 87 PC: 9edfb | Get or set file date and time
2018-12-25T12:03:26.595300554Z 62 PC: 9ed3b | Close file
2018-12-25T12:03:26.603587623Z 67 PC: 9ecff | Get or set file attributes
2018-12-25T12:03:26.61399093Z 53 PC: 9eb35 | Get interrupt vector (See above)
2018-12-25T12:03:26.615543021Z 37 PC: 9eb47 | Set interrupt vector (See above)
2018-12-25T12:03:26.617309242Z 37 PC: 9ec35 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:03:26.620382469Z 67 PC: 12af2 | Get or set file attributes
2018-12-25T12:03:26.62663978Z 42 PC: 12a94 | Get date 0x12a94: or dh, 0xfe
0x12a97: cmp dh, 0xff
0x12a9a: jne 0x12aa7
0x12a9c: or dl, 0xfa
0x12a9f: cmp dl, 0xff
0x12aa2: jne 0x12aa7
0x12aa4: call 0x12b71
0x12aa7: mov bx, word ptr [0x591]
0x12aab: mov ax, 0x4b47
0x12aae: mov si, 0x4731
0x12ab1: mov dx, si
0x12ab3: int 0x21
0x12ab5: cli
0x12ab6: mov ax, word ptr cs:[2]
0x12aba: mov cx, 0x12c
0x12abd: sub ax, cx
0x12abf: mov word ptr cs:[2], ax
0x12ac3: push ax
0x12ac4: mov cx, cs
0x12ac6: sub ax, cx

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":32,"TimeBased":true,"OriginalID":8107,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:03:26.568043743Z 75 PC: 12a73 | Execute program
2018-12-25T12:03:26.570050549Z 46 PC: 12a8a | Set verify flag
2018-12-25T12:03:26.571247012Z 53 PC: 12b0a | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:03:26.572455206Z 53 PC: 12b19 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:03:26.573979589Z 37 PC: 12ae8 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:03:26.57696095Z 53 PC: 9ec19 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:03:26.578306283Z 37 PC: 9ec28 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:03:26.579781459Z 53 PC: 9eb35 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:03:26.581902954Z 37 PC: 9eb47 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:03:26.583280658Z 67 PC: 9ecd5 | Get or set file attributes
2018-12-25T12:03:26.589134651Z 61 PC: 9ece1 | Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T12:03:26.596467386Z 66 PC: 9ed49 | Move file pointer
2018-12-25T12:03:26.598832163Z 66 PC: 9ed49 | Move file pointer (See above)
2018-12-25T12:03:26.601558847Z 63 PC: 9ebd0 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:03:26.605548964Z 62 PC: 9ed72 | Close file
2018-12-25T12:03:26.607567559Z 67 PC: 9ed7a | Get or set file attributes
2018-12-25T12:03:28.627110763Z 61 PC: 9ed85 | Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T12:03:28.634236709Z 87 PC: 9ed96 | Get or set file date and time
2018-12-25T12:03:28.636348735Z 66 PC: 9ed49 | Move file pointer (See above)
2018-12-25T12:03:28.638343481Z 63 PC: 9edb2 | Read file or device (Read 1200 bytes on handle 5)
2018-12-25T12:03:28.646876131Z 66 PC: 9ed49 | Move file pointer (See above)
2018-12-25T12:03:28.649052519Z 64 PC: 9edc4 | Write file or device (Write 1200 bytes on handle 5)
2018-12-25T12:03:28.658132979Z 66 PC: 9ed49 | Move file pointer (See above)
2018-12-25T12:03:28.66017619Z 44 PC: 9ee01 | Get time 0x9ee01: cmp dh, 0
0x9ee04: je 0x9edfc
0x9ee06: cmp dh, 0x20
0x9ee09: je 0x9edfc
0x9ee0b: cmp dh, 0xe0
0x9ee0e: je 0x9edfc
0x9ee10: mov si, dx
0x9ee12: mov di, 0x100
0x9ee15: and dl, 1
0x9ee18: cmp dl, 1
0x9ee1b: je 0x9ee26
0x9ee1d: call 0x9ee2f
0x9ee20: call 0x9ee3c
0x9ee23: jmp 0x9ee49
0x9ee25: nop
0x9ee26: call 0x9ee3c
0x9ee29: call 0x9ee2f
0x9ee2c: jmp 0x9ee49
0x9ee2e: nop
0x9ee2f: mov al, 0xbe
2018-12-25T12:03:28.663559044Z 64 PC: 9edf3 | Write file or device (Write 1200 bytes on handle 5)
2018-12-25T12:03:28.671315145Z 87 PC: 9edfb | Get or set file date and time
2018-12-25T12:03:28.673460402Z 62 PC: 9ed3b | Close file
2018-12-25T12:03:28.683766157Z 67 PC: 9ecff | Get or set file attributes
2018-12-25T12:03:28.696241998Z 53 PC: 9eb35 | Get interrupt vector (See above)
2018-12-25T12:03:28.699215578Z 37 PC: 9eb47 | Set interrupt vector (See above)
2018-12-25T12:03:28.701878723Z 37 PC: 9ec35 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:03:28.7032989Z 67 PC: 12af2 | Get or set file attributes
2018-12-25T12:03:28.713429415Z 42 PC: 12a94 | Get date 0x12a94: or dh, 0xfe
0x12a97: cmp dh, 0xff
0x12a9a: jne 0x12aa7
0x12a9c: or dl, 0xfa
0x12a9f: cmp dl, 0xff
0x12aa2: jne 0x12aa7
0x12aa4: call 0x12b71
0x12aa7: mov bx, word ptr [0x591]
0x12aab: mov ax, 0x4b47
0x12aae: mov si, 0x4731
0x12ab1: mov dx, si
0x12ab3: int 0x21
0x12ab5: cli
0x12ab6: mov ax, word ptr cs:[2]
0x12aba: mov cx, 0x12c
0x12abd: sub ax, cx
0x12abf: mov word ptr cs:[2], ax
0x12ac3: push ax
0x12ac4: mov cx, cs
0x12ac6: sub ax, cx

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":32,"TimeBased":true,"OriginalID":8107,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:03:26.572235694Z 75 PC: 12a73 | Execute program
2018-12-25T12:03:26.574377108Z 46 PC: 12a8a | Set verify flag
2018-12-25T12:03:26.575629714Z 53 PC: 12b0a | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:03:26.576993212Z 53 PC: 12b19 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:03:26.579081252Z 37 PC: 12ae8 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:03:26.593757335Z 53 PC: 9ec19 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:03:26.595488447Z 37 PC: 9ec28 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:03:26.597621989Z 53 PC: 9eb35 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:03:26.599194483Z 37 PC: 9eb47 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:03:26.600540029Z 67 PC: 9ecd5 | Get or set file attributes
2018-12-25T12:03:26.606611221Z 61 PC: 9ece1 | Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T12:03:26.614245023Z 66 PC: 9ed49 | Move file pointer
2018-12-25T12:03:26.615958351Z 66 PC: 9ed49 | Move file pointer (See above)
2018-12-25T12:03:26.617758671Z 63 PC: 9ebd0 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:03:26.621499907Z 62 PC: 9ed72 | Close file
2018-12-25T12:03:26.624043865Z 67 PC: 9ed7a | Get or set file attributes
2018-12-25T12:03:28.62745215Z 61 PC: 9ed85 | Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T12:03:28.634262007Z 87 PC: 9ed96 | Get or set file date and time
2018-12-25T12:03:28.635845559Z 66 PC: 9ed49 | Move file pointer (See above)
2018-12-25T12:03:28.644365912Z 63 PC: 9edb2 | Read file or device (Read 1200 bytes on handle 5)
2018-12-25T12:03:28.652855425Z 66 PC: 9ed49 | Move file pointer (See above)
2018-12-25T12:03:28.654929167Z 64 PC: 9edc4 | Write file or device (Write 1200 bytes on handle 5)
2018-12-25T12:03:28.67185596Z 66 PC: 9ed49 | Move file pointer (See above)
2018-12-25T12:03:28.675062095Z 44 PC: 9ee01 | Get time 0x9ee01: cmp dh, 0
0x9ee04: je 0x9edfc
0x9ee06: cmp dh, 0x20
0x9ee09: je 0x9edfc
0x9ee0b: cmp dh, 0xe0
0x9ee0e: je 0x9edfc
0x9ee10: mov si, dx
0x9ee12: mov di, 0x100
0x9ee15: and dl, 1
0x9ee18: cmp dl, 1
0x9ee1b: je 0x9ee26
0x9ee1d: call 0x9ee2f
0x9ee20: call 0x9ee3c
0x9ee23: jmp 0x9ee49
0x9ee25: nop
0x9ee26: call 0x9ee3c
0x9ee29: call 0x9ee2f
0x9ee2c: jmp 0x9ee49
0x9ee2e: nop
0x9ee2f: mov al, 0xbe
2018-12-25T12:03:28.684454797Z 64 PC: 9edf3 | Write file or device (Write 1200 bytes on handle 5)
2018-12-25T12:03:28.692277066Z 87 PC: 9edfb | Get or set file date and time
2018-12-25T12:03:28.695531397Z 62 PC: 9ed3b | Close file
2018-12-25T12:03:28.711963163Z 67 PC: 9ecff | Get or set file attributes
2018-12-25T12:03:28.722776006Z 53 PC: 9eb35 | Get interrupt vector (See above)
2018-12-25T12:03:28.724678033Z 37 PC: 9eb47 | Set interrupt vector (See above)
2018-12-25T12:03:28.727725757Z 37 PC: 9ec35 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:03:28.729224165Z 67 PC: 12af2 | Get or set file attributes
2018-12-25T12:03:28.750793529Z 42 PC: 12a94 | Get date 0x12a94: or dh, 0xfe
0x12a97: cmp dh, 0xff
0x12a9a: jne 0x12aa7
0x12a9c: or dl, 0xfa
0x12a9f: cmp dl, 0xff
0x12aa2: jne 0x12aa7
0x12aa4: call 0x12b71
0x12aa7: mov bx, word ptr [0x591]
0x12aab: mov ax, 0x4b47
0x12aae: mov si, 0x4731
0x12ab1: mov dx, si
0x12ab3: int 0x21
0x12ab5: cli
0x12ab6: mov ax, word ptr cs:[2]
0x12aba: mov cx, 0x12c
0x12abd: sub ax, cx
0x12abf: mov word ptr cs:[2], ax
0x12ac3: push ax
0x12ac4: mov cx, cs
0x12ac6: sub ax, cx

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":8107,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:03:26.634582373Z 75 PC: 12a73 | Execute program
2018-12-25T12:03:26.637211636Z 46 PC: 12a8a | Set verify flag
2018-12-25T12:03:26.638553297Z 53 PC: 12b0a | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:03:26.639863253Z 53 PC: 12b19 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:03:26.641339298Z 37 PC: 12ae8 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:03:26.643020524Z 53 PC: 9ec19 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:03:26.644365555Z 37 PC: 9ec28 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:03:26.648083698Z 53 PC: 9eb35 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:03:26.650154513Z 37 PC: 9eb47 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:03:26.651320863Z 67 PC: 9ecd5 | Get or set file attributes
2018-12-25T12:03:26.657189605Z 61 PC: 9ece1 | Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T12:03:26.666328193Z 66 PC: 9ed49 | Move file pointer
2018-12-25T12:03:26.668305339Z 66 PC: 9ed49 | Move file pointer (See above)
2018-12-25T12:03:26.669906274Z 63 PC: 9ebd0 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:03:26.673245977Z 62 PC: 9ed72 | Close file
2018-12-25T12:03:26.67529004Z 67 PC: 9ed7a | Get or set file attributes
2018-12-25T12:03:28.626906854Z 61 PC: 9ed85 | Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T12:03:28.635483171Z 87 PC: 9ed96 | Get or set file date and time
2018-12-25T12:03:28.63734257Z 66 PC: 9ed49 | Move file pointer (See above)
2018-12-25T12:03:28.638854491Z 63 PC: 9edb2 | Read file or device (Read 1200 bytes on handle 5)
2018-12-25T12:03:28.646745218Z 66 PC: 9ed49 | Move file pointer (See above)
2018-12-25T12:03:28.648446095Z 64 PC: 9edc4 | Write file or device (Write 1200 bytes on handle 5)
2018-12-25T12:03:28.659474724Z 66 PC: 9ed49 | Move file pointer (See above)
2018-12-25T12:03:28.662041237Z 44 PC: 9ee01 | Get time 0x9ee01: cmp dh, 0
0x9ee04: je 0x9edfc
0x9ee06: cmp dh, 0x20
0x9ee09: je 0x9edfc
0x9ee0b: cmp dh, 0xe0
0x9ee0e: je 0x9edfc
0x9ee10: mov si, dx
0x9ee12: mov di, 0x100
0x9ee15: and dl, 1
0x9ee18: cmp dl, 1
0x9ee1b: je 0x9ee26
0x9ee1d: call 0x9ee2f
0x9ee20: call 0x9ee3c
0x9ee23: jmp 0x9ee49
0x9ee25: nop
0x9ee26: call 0x9ee3c
0x9ee29: call 0x9ee2f
0x9ee2c: jmp 0x9ee49
0x9ee2e: nop
0x9ee2f: mov al, 0xbe
2018-12-25T12:03:28.665369458Z 64 PC: 9edf3 | Write file or device (Write 1200 bytes on handle 5)
2018-12-25T12:03:28.673447349Z 87 PC: 9edfb | Get or set file date and time
2018-12-25T12:03:28.675927095Z 62 PC: 9ed3b | Close file
2018-12-25T12:03:28.685059611Z 67 PC: 9ecff | Get or set file attributes
2018-12-25T12:03:28.69555938Z 53 PC: 9eb35 | Get interrupt vector (See above)
2018-12-25T12:03:28.697387637Z 37 PC: 9eb47 | Set interrupt vector (See above)
2018-12-25T12:03:28.699896852Z 37 PC: 9ec35 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:03:28.701952495Z 67 PC: 12af2 | Get or set file attributes
2018-12-25T12:03:28.709591411Z 42 PC: 12a94 | Get date 0x12a94: or dh, 0xfe
0x12a97: cmp dh, 0xff
0x12a9a: jne 0x12aa7
0x12a9c: or dl, 0xfa
0x12a9f: cmp dl, 0xff
0x12aa2: jne 0x12aa7
0x12aa4: call 0x12b71
0x12aa7: mov bx, word ptr [0x591]
0x12aab: mov ax, 0x4b47
0x12aae: mov si, 0x4731
0x12ab1: mov dx, si
0x12ab3: int 0x21
0x12ab5: cli
0x12ab6: mov ax, word ptr cs:[2]
0x12aba: mov cx, 0x12c
0x12abd: sub ax, cx
0x12abf: mov word ptr cs:[2], ax
0x12ac3: push ax
0x12ac4: mov cx, cs
0x12ac6: sub ax, cx

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":8107,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:03:26.787816677Z 75 PC: 12a73 | Execute program
2018-12-25T12:03:26.790204318Z 46 PC: 12a8a | Set verify flag
2018-12-25T12:03:26.791847463Z 53 PC: 12b0a | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:03:26.793224807Z 53 PC: 12b19 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:03:26.794738879Z 37 PC: 12ae8 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:03:26.796614387Z 53 PC: 9ec19 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:03:26.797872423Z 37 PC: 9ec28 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:03:26.801065461Z 53 PC: 9eb35 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:03:26.803515114Z 37 PC: 9eb47 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:03:26.805639381Z 67 PC: 9ecd5 | Get or set file attributes
2018-12-25T12:03:26.812074647Z 61 PC: 9ece1 | Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T12:03:26.824999238Z 66 PC: 9ed49 | Move file pointer
2018-12-25T12:03:26.82675171Z 66 PC: 9ed49 | Move file pointer (See above)
2018-12-25T12:03:26.828196869Z 63 PC: 9ebd0 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:03:26.832235064Z 62 PC: 9ed72 | Close file
2018-12-25T12:03:26.834315773Z 67 PC: 9ed7a | Get or set file attributes
2018-12-25T12:03:28.627653167Z 61 PC: 9ed85 | Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T12:03:28.643163399Z 87 PC: 9ed96 | Get or set file date and time
2018-12-25T12:03:28.644946643Z 66 PC: 9ed49 | Move file pointer (See above)
2018-12-25T12:03:28.647188218Z 63 PC: 9edb2 | Read file or device (Read 1200 bytes on handle 5)
2018-12-25T12:03:28.656553771Z 66 PC: 9ed49 | Move file pointer (See above)
2018-12-25T12:03:28.659269092Z 64 PC: 9edc4 | Write file or device (Write 1200 bytes on handle 5)
2018-12-25T12:03:28.682112604Z 66 PC: 9ed49 | Move file pointer (See above)
2018-12-25T12:03:28.692072097Z 44 PC: 9ee01 | Get time 0x9ee01: cmp dh, 0
0x9ee04: je 0x9edfc
0x9ee06: cmp dh, 0x20
0x9ee09: je 0x9edfc
0x9ee0b: cmp dh, 0xe0
0x9ee0e: je 0x9edfc
0x9ee10: mov si, dx
0x9ee12: mov di, 0x100
0x9ee15: and dl, 1
0x9ee18: cmp dl, 1
0x9ee1b: je 0x9ee26
0x9ee1d: call 0x9ee2f
0x9ee20: call 0x9ee3c
0x9ee23: jmp 0x9ee49
0x9ee25: nop
0x9ee26: call 0x9ee3c
0x9ee29: call 0x9ee2f
0x9ee2c: jmp 0x9ee49
0x9ee2e: nop
0x9ee2f: mov al, 0xbe
2018-12-25T12:03:28.696192196Z 64 PC: 9edf3 | Write file or device (Write 1200 bytes on handle 5)
2018-12-25T12:03:28.706821879Z 87 PC: 9edfb | Get or set file date and time
2018-12-25T12:03:28.70916088Z 62 PC: 9ed3b | Close file
2018-12-25T12:03:28.719384403Z 67 PC: 9ecff | Get or set file attributes
2018-12-25T12:03:28.73336439Z 53 PC: 9eb35 | Get interrupt vector (See above)
2018-12-25T12:03:28.73519663Z 37 PC: 9eb47 | Set interrupt vector (See above)
2018-12-25T12:03:28.737657439Z 37 PC: 9ec35 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:03:28.739223951Z 67 PC: 12af2 | Get or set file attributes
2018-12-25T12:03:28.746023853Z 42 PC: 12a94 | Get date 0x12a94: or dh, 0xfe
0x12a97: cmp dh, 0xff
0x12a9a: jne 0x12aa7
0x12a9c: or dl, 0xfa
0x12a9f: cmp dl, 0xff
0x12aa2: jne 0x12aa7
0x12aa4: call 0x12b71
0x12aa7: mov bx, word ptr [0x591]
0x12aab: mov ax, 0x4b47
0x12aae: mov si, 0x4731
0x12ab1: mov dx, si
0x12ab3: int 0x21
0x12ab5: cli
0x12ab6: mov ax, word ptr cs:[2]
0x12aba: mov cx, 0x12c
0x12abd: sub ax, cx
0x12abf: mov word ptr cs:[2], ax
0x12ac3: push ax
0x12ac4: mov cx, cs
0x12ac6: sub ax, cx

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":8107,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:03:26.825476222Z 75 PC: 12a73 | Execute program
2018-12-25T12:03:26.828383058Z 46 PC: 12a8a | Set verify flag
2018-12-25T12:03:26.830166174Z 53 PC: 12b0a | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:03:26.831973783Z 53 PC: 12b19 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:03:26.834700271Z 37 PC: 12ae8 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:03:26.836364237Z 53 PC: 9ec19 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:03:26.837689888Z 37 PC: 9ec28 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:03:26.839070336Z 53 PC: 9eb35 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:03:26.841080713Z 37 PC: 9eb47 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:03:26.842373494Z 67 PC: 9ecd5 | Get or set file attributes
2018-12-25T12:03:26.848380478Z 61 PC: 9ece1 | Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T12:03:26.856045138Z 66 PC: 9ed49 | Move file pointer
2018-12-25T12:03:26.857821389Z 66 PC: 9ed49 | Move file pointer (See above)
2018-12-25T12:03:26.862768959Z 63 PC: 9ebd0 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:03:26.866435428Z 62 PC: 9ed72 | Close file
2018-12-25T12:03:26.868450889Z 67 PC: 9ed7a | Get or set file attributes
2018-12-25T12:03:28.628774537Z 61 PC: 9ed85 | Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T12:03:28.637138114Z 87 PC: 9ed96 | Get or set file date and time
2018-12-25T12:03:28.63934264Z 66 PC: 9ed49 | Move file pointer (See above)
2018-12-25T12:03:28.641453327Z 63 PC: 9edb2 | Read file or device (Read 1200 bytes on handle 5)
2018-12-25T12:03:28.650267183Z 66 PC: 9ed49 | Move file pointer (See above)
2018-12-25T12:03:28.653051392Z 64 PC: 9edc4 | Write file or device (Write 1200 bytes on handle 5)
2018-12-25T12:03:28.67259136Z 66 PC: 9ed49 | Move file pointer (See above)
2018-12-25T12:03:28.675256288Z 44 PC: 9ee01 | Get time 0x9ee01: cmp dh, 0
0x9ee04: je 0x9edfc
0x9ee06: cmp dh, 0x20
0x9ee09: je 0x9edfc
0x9ee0b: cmp dh, 0xe0
0x9ee0e: je 0x9edfc
0x9ee10: mov si, dx
0x9ee12: mov di, 0x100
0x9ee15: and dl, 1
0x9ee18: cmp dl, 1
0x9ee1b: je 0x9ee26
0x9ee1d: call 0x9ee2f
0x9ee20: call 0x9ee3c
0x9ee23: jmp 0x9ee49
0x9ee25: nop
0x9ee26: call 0x9ee3c
0x9ee29: call 0x9ee2f
0x9ee2c: jmp 0x9ee49
0x9ee2e: nop
0x9ee2f: mov al, 0xbe
2018-12-25T12:03:28.67817928Z 64 PC: 9edf3 | Write file or device (Write 1200 bytes on handle 5)
2018-12-25T12:03:28.687436391Z 87 PC: 9edfb | Get or set file date and time
2018-12-25T12:03:28.689581187Z 62 PC: 9ed3b | Close file
2018-12-25T12:03:28.701556857Z 67 PC: 9ecff | Get or set file attributes
2018-12-25T12:03:28.711329059Z 53 PC: 9eb35 | Get interrupt vector (See above)
2018-12-25T12:03:28.712852429Z 37 PC: 9eb47 | Set interrupt vector (See above)
2018-12-25T12:03:28.715234051Z 37 PC: 9ec35 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:03:28.716201264Z 67 PC: 12af2 | Get or set file attributes
2018-12-25T12:03:28.720600683Z 42 PC: 12a94 | Get date 0x12a94: or dh, 0xfe
0x12a97: cmp dh, 0xff
0x12a9a: jne 0x12aa7
0x12a9c: or dl, 0xfa
0x12a9f: cmp dl, 0xff
0x12aa2: jne 0x12aa7
0x12aa4: call 0x12b71
0x12aa7: mov bx, word ptr [0x591]
0x12aab: mov ax, 0x4b47
0x12aae: mov si, 0x4731
0x12ab1: mov dx, si
0x12ab3: int 0x21
0x12ab5: cli
0x12ab6: mov ax, word ptr cs:[2]
0x12aba: mov cx, 0x12c
0x12abd: sub ax, cx
0x12abf: mov word ptr cs:[2], ax
0x12ac3: push ax
0x12ac4: mov cx, cs
0x12ac6: sub ax, cx

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":8107,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:03:26.849175535Z 75 PC: 12a73 | Execute program
2018-12-25T12:03:26.850809325Z 46 PC: 12a8a | Set verify flag
2018-12-25T12:03:26.852018199Z 53 PC: 12b0a | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:03:26.85317228Z 53 PC: 12b19 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:03:26.854320526Z 37 PC: 12ae8 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:03:26.856039647Z 53 PC: 9ec19 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:03:26.857264942Z 37 PC: 9ec28 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:03:26.858929167Z 53 PC: 9eb35 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:03:26.860591951Z 37 PC: 9eb47 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:03:26.861908574Z 67 PC: 9ecd5 | Get or set file attributes
2018-12-25T12:03:26.868434055Z 61 PC: 9ece1 | Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T12:03:26.875350128Z 66 PC: 9ed49 | Move file pointer
2018-12-25T12:03:26.876926885Z 66 PC: 9ed49 | Move file pointer (See above)
2018-12-25T12:03:26.878268765Z 63 PC: 9ebd0 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:03:26.881341531Z 62 PC: 9ed72 | Close file
2018-12-25T12:03:26.883225196Z 67 PC: 9ed7a | Get or set file attributes
2018-12-25T12:03:28.634606732Z 61 PC: 9ed85 | Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T12:03:28.641630722Z 87 PC: 9ed96 | Get or set file date and time
2018-12-25T12:03:28.644076485Z 66 PC: 9ed49 | Move file pointer (See above)
2018-12-25T12:03:28.645730242Z 63 PC: 9edb2 | Read file or device (Read 1200 bytes on handle 5)
2018-12-25T12:03:28.653777221Z 66 PC: 9ed49 | Move file pointer (See above)
2018-12-25T12:03:28.656275824Z 64 PC: 9edc4 | Write file or device (Write 1200 bytes on handle 5)
2018-12-25T12:03:28.667844953Z 66 PC: 9ed49 | Move file pointer (See above)
2018-12-25T12:03:28.669275904Z 44 PC: 9ee01 | Get time 0x9ee01: cmp dh, 0
0x9ee04: je 0x9edfc
0x9ee06: cmp dh, 0x20
0x9ee09: je 0x9edfc
0x9ee0b: cmp dh, 0xe0
0x9ee0e: je 0x9edfc
0x9ee10: mov si, dx
0x9ee12: mov di, 0x100
0x9ee15: and dl, 1
0x9ee18: cmp dl, 1
0x9ee1b: je 0x9ee26
0x9ee1d: call 0x9ee2f
0x9ee20: call 0x9ee3c
0x9ee23: jmp 0x9ee49
0x9ee25: nop
0x9ee26: call 0x9ee3c
0x9ee29: call 0x9ee2f
0x9ee2c: jmp 0x9ee49
0x9ee2e: nop
0x9ee2f: mov al, 0xbe
2018-12-25T12:03:28.672372809Z 64 PC: 9edf3 | Write file or device (Write 1200 bytes on handle 5)
2018-12-25T12:03:28.680706904Z 87 PC: 9edfb | Get or set file date and time
2018-12-25T12:03:28.682388515Z 62 PC: 9ed3b | Close file
2018-12-25T12:03:28.691695435Z 67 PC: 9ecff | Get or set file attributes
2018-12-25T12:03:28.70257777Z 53 PC: 9eb35 | Get interrupt vector (See above)
2018-12-25T12:03:28.704630856Z 37 PC: 9eb47 | Set interrupt vector (See above)
2018-12-25T12:03:28.707425124Z 37 PC: 9ec35 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:03:28.708726329Z 67 PC: 12af2 | Get or set file attributes
2018-12-25T12:03:28.71506645Z 42 PC: 12a94 | Get date 0x12a94: or dh, 0xfe
0x12a97: cmp dh, 0xff
0x12a9a: jne 0x12aa7
0x12a9c: or dl, 0xfa
0x12a9f: cmp dl, 0xff
0x12aa2: jne 0x12aa7
0x12aa4: call 0x12b71
0x12aa7: mov bx, word ptr [0x591]
0x12aab: mov ax, 0x4b47
0x12aae: mov si, 0x4731
0x12ab1: mov dx, si
0x12ab3: int 0x21
0x12ab5: cli
0x12ab6: mov ax, word ptr cs:[2]
0x12aba: mov cx, 0x12c
0x12abd: sub ax, cx
0x12abf: mov word ptr cs:[2], ax
0x12ac3: push ax
0x12ac4: mov cx, cs
0x12ac6: sub ax, cx

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":8107,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:03:26.902240775Z 75 PC: f803 | Execute program
2018-12-25T12:03:26.904797171Z 46 PC: f81a | Set verify flag
2018-12-25T12:03:26.905727351Z 53 PC: f89a | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:03:26.906763616Z 53 PC: f8a9 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:03:26.908142099Z 37 PC: f878 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:03:26.90962913Z 53 PC: 9ec19 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:03:26.911093742Z 37 PC: 9ec28 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:03:26.912476264Z 53 PC: 9eb35 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:03:26.913826401Z 37 PC: 9eb47 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:03:26.915005241Z 67 PC: 9ecd5 | Get or set file attributes
2018-12-25T12:03:26.920092724Z 61 PC: 9ece1 | Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T12:03:26.926764925Z 66 PC: 9ed49 | Move file pointer
2018-12-25T12:03:26.928207432Z 66 PC: 9ed49 | Move file pointer (See above)
2018-12-25T12:03:26.929560335Z 63 PC: 9ebd0 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:03:26.933507287Z 62 PC: 9ed72 | Close file
2018-12-25T12:03:26.935510889Z 67 PC: 9ed7a | Get or set file attributes
2018-12-25T12:03:27.273229805Z 61 PC: 9ed85 | Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T12:03:27.277631545Z 87 PC: 9ed96 | Get or set file date and time
2018-12-25T12:03:27.278765679Z 66 PC: 9ed49 | Move file pointer (See above)
2018-12-25T12:03:27.279833921Z 63 PC: 9edb2 | Read file or device (Read 1200 bytes on handle 5)
2018-12-25T12:03:27.284477444Z 66 PC: 9ed49 | Move file pointer (See above)
2018-12-25T12:03:27.285616541Z 64 PC: 9edc4 | Write file or device (Write 1200 bytes on handle 5)
2018-12-25T12:03:27.29388145Z 66 PC: 9ed49 | Move file pointer (See above)
2018-12-25T12:03:27.295879125Z 44 PC: 9ee01 | Get time 0x9ee01: cmp dh, 0
0x9ee04: je 0x9edfc
0x9ee06: cmp dh, 0x20
0x9ee09: je 0x9edfc
0x9ee0b: cmp dh, 0xe0
0x9ee0e: je 0x9edfc
0x9ee10: mov si, dx
0x9ee12: mov di, 0x100
0x9ee15: and dl, 1
0x9ee18: cmp dl, 1
0x9ee1b: je 0x9ee26
0x9ee1d: call 0x9ee2f
0x9ee20: call 0x9ee3c
0x9ee23: jmp 0x9ee49
0x9ee25: nop
0x9ee26: call 0x9ee3c
0x9ee29: call 0x9ee2f
0x9ee2c: jmp 0x9ee49
0x9ee2e: nop
0x9ee2f: mov al, 0xbe
2018-12-25T12:03:27.298186981Z 64 PC: 9edf3 | Write file or device (Write 1200 bytes on handle 5)
2018-12-25T12:03:27.304768825Z 87 PC: 9edfb | Get or set file date and time
2018-12-25T12:03:27.306806767Z 62 PC: 9ed3b | Close file
2018-12-25T12:03:27.313773924Z 67 PC: 9ecff | Get or set file attributes
2018-12-25T12:03:27.322603336Z 53 PC: 9eb35 | Get interrupt vector (See above)
2018-12-25T12:03:27.325327189Z 37 PC: 9eb47 | Set interrupt vector (See above)
2018-12-25T12:03:27.326381778Z 37 PC: 9ec35 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:03:27.327331652Z 67 PC: f882 | Get or set file attributes
2018-12-25T12:03:27.333665889Z 42 PC: f824 | Get date 0xf824: or dh, 0xfe
0xf827: cmp dh, 0xff
0xf82a: jne 0xf837
0xf82c: or dl, 0xfa
0xf82f: cmp dl, 0xff
0xf832: jne 0xf837
0xf834: call 0xf901
0xf837: mov bx, word ptr [0x591]
0xf83b: mov ax, 0x4b47
0xf83e: mov si, 0x4731
0xf841: mov dx, si
0xf843: int 0x21
0xf845: cli
0xf846: mov ax, word ptr cs:[2]
0xf84a: mov cx, 0x12c
0xf84d: sub ax, cx
0xf84f: mov word ptr cs:[2], ax
0xf853: push ax
0xf854: mov cx, cs
0xf856: sub ax, cx

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":8107,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:03:27.352159698Z 75 PC: 12a73 | Execute program
2018-12-25T12:03:27.354525082Z 46 PC: 12a8a | Set verify flag
2018-12-25T12:03:27.355469576Z 53 PC: 12b0a | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:03:27.356817819Z 53 PC: 12b19 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:03:27.35843351Z 37 PC: 12ae8 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:03:27.359496635Z 53 PC: 9ec19 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:03:27.360519971Z 37 PC: 9ec28 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:03:27.362103224Z 53 PC: 9eb35 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:03:27.363502186Z 37 PC: 9eb47 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:03:27.364888733Z 67 PC: 9ecd5 | Get or set file attributes
2018-12-25T12:03:27.370818717Z 61 PC: 9ece1 | Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T12:03:27.376800638Z 66 PC: 9ed49 | Move file pointer
2018-12-25T12:03:27.378120533Z 66 PC: 9ed49 | Move file pointer (See above)
2018-12-25T12:03:27.379856929Z 63 PC: 9ebd0 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:03:27.382331457Z 62 PC: 9ed72 | Close file
2018-12-25T12:03:27.383876702Z 67 PC: 9ed7a | Get or set file attributes
2018-12-25T12:03:27.716121346Z 61 PC: 9ed85 | Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T12:03:27.722354619Z 87 PC: 9ed96 | Get or set file date and time
2018-12-25T12:03:27.724328173Z 66 PC: 9ed49 | Move file pointer (See above)
2018-12-25T12:03:27.727944383Z 63 PC: 9edb2 | Read file or device (Read 1200 bytes on handle 5)
2018-12-25T12:03:27.734222345Z 66 PC: 9ed49 | Move file pointer (See above)
2018-12-25T12:03:27.735504876Z 64 PC: 9edc4 | Write file or device (Write 1200 bytes on handle 5)
2018-12-25T12:03:27.744972001Z 66 PC: 9ed49 | Move file pointer (See above)
2018-12-25T12:03:27.746617845Z 44 PC: 9ee01 | Get time 0x9ee01: cmp dh, 0
0x9ee04: je 0x9edfc
0x9ee06: cmp dh, 0x20
0x9ee09: je 0x9edfc
0x9ee0b: cmp dh, 0xe0
0x9ee0e: je 0x9edfc
0x9ee10: mov si, dx
0x9ee12: mov di, 0x100
0x9ee15: and dl, 1
0x9ee18: cmp dl, 1
0x9ee1b: je 0x9ee26
0x9ee1d: call 0x9ee2f
0x9ee20: call 0x9ee3c
0x9ee23: jmp 0x9ee49
0x9ee25: nop
0x9ee26: call 0x9ee3c
0x9ee29: call 0x9ee2f
0x9ee2c: jmp 0x9ee49
0x9ee2e: nop
0x9ee2f: mov al, 0xbe
2018-12-25T12:03:27.748972996Z 64 PC: 9edf3 | Write file or device (Write 1200 bytes on handle 5)
2018-12-25T12:03:27.755559678Z 87 PC: 9edfb | Get or set file date and time
2018-12-25T12:03:27.757654588Z 62 PC: 9ed3b | Close file
2018-12-25T12:03:27.764729147Z 67 PC: 9ecff | Get or set file attributes
2018-12-25T12:03:27.773871975Z 53 PC: 9eb35 | Get interrupt vector (See above)
2018-12-25T12:03:27.776268758Z 37 PC: 9eb47 | Set interrupt vector (See above)
2018-12-25T12:03:27.777375642Z 37 PC: 9ec35 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:03:27.778318115Z 67 PC: 12af2 | Get or set file attributes
2018-12-25T12:03:27.784012578Z 42 PC: 12a94 | Get date 0x12a94: or dh, 0xfe
0x12a97: cmp dh, 0xff
0x12a9a: jne 0x12aa7
0x12a9c: or dl, 0xfa
0x12a9f: cmp dl, 0xff
0x12aa2: jne 0x12aa7
0x12aa4: call 0x12b71
0x12aa7: mov bx, word ptr [0x591]
0x12aab: mov ax, 0x4b47
0x12aae: mov si, 0x4731
0x12ab1: mov dx, si
0x12ab3: int 0x21
0x12ab5: cli
0x12ab6: mov ax, word ptr cs:[2]
0x12aba: mov cx, 0x12c
0x12abd: sub ax, cx
0x12abf: mov word ptr cs:[2], ax
0x12ac3: push ax
0x12ac4: mov cx, cs
0x12ac6: sub ax, cx