Sample viewer

vx.netlux.org/Virus.DOS.Rape.2877.b

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:44:18.162620937Z 42 PC: 12a53 | Get date 0x12a53: cmp al, 0
0x12a55: jne 0x12a59
0x12a57: jmp 0x12a5c
0x12a59: jmp 0x12c25
0x12a5c: mov ah, 1
0x12a5e: mov cx, 0x2020
0x12a61: int 0x10
0x12a63: mov ah, 2
0x12a65: xor dx, dx
0x12a67: int 0x10
0x12a69: xor ax, ax
0x12a6b: int 0x10
0x12a6d: mov ah, 0xe
0x12a6f: mov al, 0x49
0x12a71: int 0x10
0x12a73: mov ah, 0xe
0x12a75: mov al, 0x74
0x12a77: int 0x10
0x12a79: mov ah, 0xe
0x12a7b: mov al, 0x27
2018-12-17T22:44:18.165337281Z 105 PC: 12c2a | Get or set media id
2018-12-17T22:44:18.167052488Z 73 PC: 12ca0 | Release memory
2018-12-17T22:44:18.168432205Z 72 PC: 12ca7 | Allocate memory
2018-12-17T22:44:18.170282397Z 74 PC: 12cb6 | Reallocate memory
2018-12-17T22:44:18.172507817Z 74 PC: 12cc6 | Reallocate memory
2018-12-17T22:44:18.174329455Z 98 PC: 9e99c | Get current PSP
2018-12-17T22:44:18.175313573Z 48 PC: 9e99c | Get DOS version
2018-12-17T22:44:18.177172571Z 98 PC: 9e99c | Get current PSP
2018-12-17T22:44:18.178603945Z 98 PC: 9e99c | Get current PSP
2018-12-17T22:44:18.17986226Z 42 PC: 9e99c | Get date 0x9e99c: ret
0x9e99d: push ds
0x9e99e: push es
0x9e99f: push si
0x9e9a0: push di
0x9e9a1: push ax
0x9e9a2: push bx
0x9e9a3: push cx
0x9e9a4: push dx
0x9e9a5: xor cx, cx
0x9e9a7: mov ax, 0x4300
0x9e9aa: call 0xae996
0x9e9ad: mov bx, cx
0x9e9af: and cl, 0xfe
0x9e9b2: cmp cl, bl
0x9e9b4: je 0x9e9bd
0x9e9b6: mov ax, 0x4301
0x9e9b9: call 0xae996
0x9e9bc: stc
0x9e9bd: pushf
2018-12-17T22:44:18.183468357Z 98 PC: 9e99c | Get current PSP
2018-12-17T22:44:18.185139371Z 98 PC: 9e99c | Get current PSP
2018-12-17T22:44:18.186463356Z 44 PC: 9e99c | Get time 0x9e99c: ret
0x9e99d: push ds
0x9e99e: push es
0x9e99f: push si
0x9e9a0: push di
0x9e9a1: push ax
0x9e9a2: push bx
0x9e9a3: push cx
0x9e9a4: push dx
0x9e9a5: xor cx, cx
0x9e9a7: mov ax, 0x4300
0x9e9aa: call 0xae996
0x9e9ad: mov bx, cx
0x9e9af: and cl, 0xfe
0x9e9b2: cmp cl, bl
0x9e9b4: je 0x9e9bd
0x9e9b6: mov ax, 0x4301
0x9e9b9: call 0xae996
0x9e9bc: stc
0x9e9bd: pushf
2018-12-17T22:44:18.18944181Z 98 PC: 9e99c | Get current PSP
2018-12-17T22:44:20.389238264Z 72 PC: 8f1b9 | Allocate memory
2018-12-17T22:44:20.391340745Z 72 PC: 8f1bd | Allocate memory
2018-12-17T22:44:20.394976752Z 99 PC: 90858 | Get DBCS lead byte table pointer
2018-12-17T22:44:20.398619265Z 61 PC: 91f88 | Open file (Filename = 'C:\WINDOWS\HIMEM.SYS')
2018-12-17T22:44:20.411142752Z 66 PC: 91f95 | Move file pointer
2018-12-17T22:44:20.412831148Z 62 PC: 91fc1 | Close file
2018-12-17T22:44:20.425728478Z 75 PC: 91fe0 | Execute program
2018-12-17T22:44:20.444316767Z 98 PC: 916f1 | Get current PSP
2018-12-17T22:44:20.445773775Z 9 PC: c605 | Display string (String= '6��r�&;] u')
2018-12-17T22:44:20.452072246Z 48 PC: c609 | Get DOS version
2018-12-17T22:44:20.455943494Z 9 PC: c382 | Display string (String= ' Installed A20 handler number ')
2018-12-17T22:44:20.459035606Z 2 PC: c38c | Character output (Char = '32')
2018-12-17T22:44:20.462817992Z 2 PC: c3a7 | Character output (Char = '2e')
2018-12-17T22:44:20.467185818Z 9 PC: c6d9 | Display string (String= '�����VH�VD���V@��������������_���Ku��t1��������D�����t �� ��������a1��Z�����W���� ������5���|�����(���������Nj�(��������p�^')
2018-12-17T22:44:20.471443577Z 9 PC: c6e0 | Display string (String= '�5���|�����(���������Nj�(��������p�^')
2018-12-17T22:44:20.480444555Z 61 PC: 91f88 | Open file (Filename = 'C:\WINDOWS\SMARTDRV.EXE')
2018-12-17T22:44:20.510291658Z 66 PC: 91f95 | Move file pointer
2018-12-17T22:44:20.513097712Z 62 PC: 91fc1 | Close file
2018-12-17T22:44:20.516891733Z 75 PC: 91fe0 | Execute program
2018-12-17T22:44:20.541552566Z 98 PC: 916f1 | Get current PSP
2018-12-17T22:44:20.548694936Z 82 PC: 13d46 | Get DOS internal pointers (SYSVARS)
2018-12-17T22:44:20.550833559Z 53 PC: 13ac3 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T22:44:20.553381407Z 37 PC: 13ad6 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T22:44:20.555229622Z 53 PC: 13ae0 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T22:44:20.557442235Z 37 PC: 13af3 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T22:44:20.560269646Z 9 PC: 13a0d | Display string (Could not find end pointer)
2018-12-17T22:44:20.569154807Z 62 PC: 8f8eb | Close file
2018-12-17T22:44:20.571581183Z 62 PC: 8f8f2 | Close file
2018-12-17T22:44:20.574670733Z 62 PC: 8f8f2 | Close file
2018-12-17T22:44:20.576772765Z 62 PC: 8f8f2 | Close file
2018-12-17T22:44:20.578863271Z 62 PC: 8f8f2 | Close file
2018-12-17T22:44:20.581618195Z 62 PC: 8f8f2 | Close file
2018-12-17T22:44:20.587849858Z 62 PC: 8f8f2 | Close file
2018-12-17T22:44:20.590011653Z 62 PC: 8f8f2 | Close file
2018-12-17T22:44:20.592893895Z 62 PC: 8f8f2 | Close file
2018-12-17T22:44:20.596085363Z 62 PC: 8f8f2 | Close file
2018-12-17T22:44:20.598176793Z 62 PC: 8f8f2 | Close file
2018-12-17T22:44:20.600460723Z 62 PC: 8f8f2 | Close file
2018-12-17T22:44:20.603383324Z 62 PC: 8f8f2 | Close file
2018-12-17T22:44:20.605490672Z 62 PC: 8f8f2 | Close file
2018-12-17T22:44:20.607566006Z 62 PC: 8f8f2 | Close file
2018-12-17T22:44:20.610636381Z 62 PC: 8f8f2 | Close file
2018-12-17T22:44:20.612712633Z 62 PC: 8f8f2 | Close file
2018-12-17T22:44:20.614804007Z 62 PC: 8f8f2 | Close file
2018-12-17T22:44:20.617756125Z 62 PC: 8f8f2 | Close file
2018-12-17T22:44:20.620229906Z 62 PC: 8f8f2 | Close file
2018-12-17T22:44:20.622305487Z 62 PC: 8f8f2 | Close file
2018-12-17T22:44:20.62515887Z 62 PC: 8f8f2 | Close file
2018-12-17T22:44:20.628215334Z 62 PC: 8f8f2 | Close file
2018-12-17T22:44:20.630294182Z 62 PC: 8f8f2 | Close file
2018-12-17T22:44:20.632557318Z 62 PC: 8f8f2 | Close file
2018-12-17T22:44:20.635407244Z 62 PC: 8f8f2 | Close file
2018-12-17T22:44:20.653743666Z 62 PC: 8f8f2 | Close file
2018-12-17T22:44:20.655878458Z 62 PC: 8f8f2 | Close file
2018-12-17T22:44:20.658413312Z 62 PC: 8f8f2 | Close file
2018-12-17T22:44:20.660106129Z 62 PC: 8f8f2 | Close file
2018-12-17T22:44:20.661787625Z 62 PC: 8f8f2 | Close file
2018-12-17T22:44:20.66516376Z 61 PC: 8f8ff | Open file (Filename = '')
2018-12-17T22:44:20.681717532Z 62 PC: 8f90e | Close file
2018-12-17T22:44:20.683992737Z 69 PC: 8f915 | Duplicate handle
2018-12-17T22:44:20.687008905Z 69 PC: 8f919 | Duplicate handle
2018-12-17T22:44:20.691464119Z 61 PC: 9387b | Open file (Filename = '')
2018-12-17T22:44:20.698896644Z 68 PC: 9386b | I/O control for devices (Set for = '')
2018-12-17T22:44:20.701683472Z 61 PC: 9387b | Open file (Filename = '')
2018-12-17T22:44:20.707739742Z 68 PC: 9386b | I/O control for devices (Set for = '')
2018-12-17T22:44:20.709804808Z 74 PC: 8f9c4 | Reallocate memory
2018-12-17T22:44:20.711649258Z 72 PC: 8f9e0 | Allocate memory
2018-12-17T22:44:20.714374968Z 72 PC: 8f9e4 | Allocate memory
2018-12-17T22:44:20.71644073Z 74 PC: 8f9fb | Reallocate memory
2018-12-17T22:44:20.718352224Z 72 PC: 8fa02 | Allocate memory
2018-12-17T22:44:20.7212085Z 72 PC: 8fa06 | Allocate memory
2018-12-17T22:44:20.723405248Z 73 PC: 8fa11 | Release memory
2018-12-17T22:44:20.72557492Z 73 PC: 8efea | Release memory
2018-12-17T22:44:20.727929781Z 74 PC: 8f003 | Reallocate memory
2018-12-17T22:44:20.73007585Z 72 PC: 8f054 | Allocate memory
2018-12-17T22:44:20.732333245Z 72 PC: 8f058 | Allocate memory
2018-12-17T22:44:20.7349766Z 73 PC: 8f060 | Release memory
2018-12-17T22:44:20.736960504Z 61 PC: 8f080 | Open file (Filename = '')
2018-12-17T22:44:20.749005746Z 63 PC: 8f095 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:44:20.756402636Z 66 PC: 8f0ad | Move file pointer
2018-12-17T22:44:20.758204677Z 62 PC: 8f0d1 | Close file
2018-12-17T22:44:20.760302761Z 75 PC: 8f0f2 | Execute program
2018-12-17T22:44:20.784839705Z 80 PC: 12be9 | Set current PSP
2018-12-17T22:44:20.786509231Z 48 PC: 12bee | Get DOS version
2018-12-17T22:44:20.788910796Z 99 PC: 193d0 | Get DBCS lead byte table pointer
2018-12-17T22:44:20.792592818Z 101 PC: 12c74 | Get extended country info
2018-12-17T22:44:20.79454489Z 99 PC: 12c7a | Get DBCS lead byte table pointer
2018-12-17T22:44:20.796527423Z 74 PC: 12cdc | Reallocate memory
2018-12-17T22:44:20.799171892Z 72 PC: 1355d | Allocate memory
2018-12-17T22:44:20.801457884Z 25 PC: 13596 | Get default drive
2018-12-17T22:44:20.803298754Z 71 PC: 135ad | Get current directory
2018-12-17T22:44:20.806965183Z 59 PC: 135ba | Change current directory
2018-12-17T22:44:20.814113612Z 59 PC: 135c8 | Change current directory
2018-12-17T22:44:20.821106502Z 59 PC: 135d3 | Change current directory
2018-12-17T22:44:20.826112976Z 25 PC: 12d13 | Get default drive
2018-12-17T22:44:20.828137177Z 37 PC: 127d3 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:44:20.83007617Z 37 PC: 127da | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:44:20.832357887Z 37 PC: 127e1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:44:20.835603142Z 80 PC: 1301d | Set current PSP
2018-12-17T22:44:20.837246178Z 37 PC: 13041 | Set interrupt vector (Interrupt = '46' AKA 'Set verify flag')
2018-12-17T22:44:20.839915935Z 53 PC: 13362 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T22:44:20.841726412Z 37 PC: 13383 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T22:44:20.843228663Z 51 PC: 13417 | Get or set Ctrl-Break
2018-12-17T22:44:20.846209085Z 72 PC: 130ec | Allocate memory
2018-12-17T22:44:20.848742976Z 61 PC: 131b2 | Open file (Filename = '')
2018-12-17T22:44:20.855869133Z 62 PC: 131ba | Close file
2018-12-17T22:44:20.858541267Z 51 PC: 1344c | Get or set Ctrl-Break
2018-12-17T22:44:20.860557123Z 74 PC: 1197c | Reallocate memory
2018-12-17T22:44:20.862530541Z 72 PC: 11991 | Allocate memory
2018-12-17T22:44:20.864707479Z 73 PC: 119b2 | Release memory
2018-12-17T22:44:20.867426072Z 72 PC: 119bd | Allocate memory
2018-12-17T22:44:20.869632331Z 73 PC: 119df | Release memory
2018-12-17T22:44:20.871454634Z 72 PC: 119f5 | Allocate memory
2018-12-17T22:44:20.874341469Z 72 PC: 119fd | Allocate memory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8167,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:03:37.917100839Z 42 PC: 12a53 | Get date 0x12a53: cmp al, 0
0x12a55: jne 0x12a59
0x12a57: jmp 0x12a5c
0x12a59: jmp 0x12c25
0x12a5c: mov ah, 1
0x12a5e: mov cx, 0x2020
0x12a61: int 0x10
0x12a63: mov ah, 2
0x12a65: xor dx, dx
0x12a67: int 0x10
0x12a69: xor ax, ax
0x12a6b: int 0x10
0x12a6d: mov ah, 0xe
0x12a6f: mov al, 0x49
0x12a71: int 0x10
0x12a73: mov ah, 0xe
0x12a75: mov al, 0x74
0x12a77: int 0x10
0x12a79: mov ah, 0xe
0x12a7b: mov al, 0x27
2018-12-25T12:03:37.919814479Z 105 PC: 12c2a | Get or set media id
2018-12-25T12:03:37.92178571Z 73 PC: 12ca0 | Release memory
2018-12-25T12:03:37.923214576Z 72 PC: 12ca7 | Allocate memory
2018-12-25T12:03:37.925384112Z 74 PC: 12cb6 | Reallocate memory
2018-12-25T12:03:37.928429722Z 74 PC: 12cc6 | Reallocate memory
2018-12-25T12:03:37.930432574Z 98 PC: 9e99c | Get current PSP
2018-12-25T12:03:37.931438578Z 48 PC: 9e99c | Get DOS version (See above)
2018-12-25T12:03:37.933399806Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:37.934701141Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:37.935738303Z 42 PC: 9e99c | Get date (See above)
2018-12-25T12:03:37.939238199Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:37.94289398Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:37.944080044Z 77 PC: 9e99c | Get program return code (See above)
2018-12-25T12:03:37.945793242Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:37.947541286Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:37.948869605Z 72 PC: 9e99c | Allocate memory (See above)
2018-12-25T12:03:37.9511087Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:37.953190244Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:37.954644991Z 72 PC: 9e99c | Allocate memory (See above)
2018-12-25T12:03:37.956714565Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:37.968324519Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:37.969217619Z 37 PC: 9e99c | Set interrupt vector (See above)
2018-12-25T12:03:37.970342429Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:37.972032059Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:37.973083782Z 37 PC: 9e99c | Set interrupt vector (See above)
2018-12-25T12:03:37.974411173Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:37.976359348Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:37.977590134Z 37 PC: 9e99c | Set interrupt vector (See above)
2018-12-25T12:03:37.978877055Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:37.981144003Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:37.982029944Z 62 PC: 9e99c | Close file (See above)
2018-12-25T12:03:37.983669003Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:37.985278963Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:37.986397974Z 62 PC: 9e99c | Close file (See above)
2018-12-25T12:03:37.988203473Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:37.989963229Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:37.991621187Z 62 PC: 9e99c | Close file (See above)
2018-12-25T12:03:37.993732893Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:37.995515513Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:37.997268293Z 62 PC: 9e99c | Close file (See above)
2018-12-25T12:03:37.999295096Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:38.001187302Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:38.003091695Z 62 PC: 9e99c | Close file (See above)
2018-12-25T12:03:38.004781023Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:38.00641356Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:38.00834828Z 62 PC: 9e99c | Close file (See above)
2018-12-25T12:03:38.010409321Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:38.011898999Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:38.01436822Z 62 PC: 9e99c | Close file (See above)
2018-12-25T12:03:38.016623134Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:38.01830191Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:38.022832153Z 62 PC: 9e99c | Close file (See above)
2018-12-25T12:03:38.025117367Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:38.02642129Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:38.027968401Z 62 PC: 9e99c | Close file (See above)
2018-12-25T12:03:38.02954767Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:38.03087881Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:38.031854965Z 62 PC: 9e99c | Close file (See above)
2018-12-25T12:03:38.034396791Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:38.036085758Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:38.037607923Z 62 PC: 9e99c | Close file (See above)
2018-12-25T12:03:38.040402879Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:38.041457342Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:38.042221057Z 62 PC: 9e99c | Close file (See above)
2018-12-25T12:03:38.044135249Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:38.045078143Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:38.045920784Z 62 PC: 9e99c | Close file (See above)
2018-12-25T12:03:38.048141915Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:38.049225592Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:38.050342732Z 62 PC: 9e99c | Close file (See above)
2018-12-25T12:03:38.052641134Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:38.053639532Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:38.054535835Z 62 PC: 9e99c | Close file (See above)
2018-12-25T12:03:38.056353666Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:38.058165366Z 67 PC: 9e99c | Get or set file attributes (See above)
2018-12-25T12:03:38.062187528Z 61 PC: 9e99c | Open file (See above)
2018-12-25T12:03:38.066462966Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:38.067613554Z 63 PC: 9e99c | Read file or device (See above)
2018-12-25T12:03:38.069538475Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:38.070475054Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:38.07159496Z 66 PC: 9e99c | Move file pointer (See above)
2018-12-25T12:03:38.072661277Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:38.073502183Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:38.075317063Z 87 PC: 9e99c | Get or set file date and time (See above)
2018-12-25T12:03:38.077271787Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:38.078734986Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:38.080780825Z 66 PC: 9e99c | Move file pointer (See above)
2018-12-25T12:03:38.082338624Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:38.083268759Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:38.08483712Z 87 PC: 9e99c | Get or set file date and time (See above)
2018-12-25T12:03:38.086350582Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:38.087528077Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:38.089671868Z 44 PC: 9e99c | Get time (See above)
2018-12-25T12:03:38.091998741Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:38.093138296Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:38.094735695Z 44 PC: 9e99c | Get time (See above)
2018-12-25T12:03:38.097104494Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:38.098285313Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:38.099294484Z 44 PC: 9e99c | Get time (See above)
2018-12-25T12:03:38.101101526Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:38.102005583Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:38.102813328Z 44 PC: 9e99c | Get time (See above)
2018-12-25T12:03:38.105553879Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:38.106691787Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:38.107670024Z 44 PC: 9e99c | Get time (See above)
2018-12-25T12:03:38.110704053Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:38.112625344Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:38.114002625Z 44 PC: 9e99c | Get time (See above)
2018-12-25T12:03:38.116771915Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:38.11827276Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:38.119169627Z 64 PC: 9e99c | Write file or device (See above)
2018-12-25T12:03:38.460470259Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:38.462195863Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:38.463710261Z 66 PC: 9e99c | Move file pointer (See above)
2018-12-25T12:03:38.466970069Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:38.468619511Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:38.470005026Z 64 PC: 9e99c | Write file or device (See above)
2018-12-25T12:03:38.474507984Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:38.475620621Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:38.479168903Z 87 PC: 9e99c | Get or set file date and time (See above)
2018-12-25T12:03:38.481252437Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:38.482222007Z 62 PC: 9e99c | Close file (See above)
2018-12-25T12:03:38.491224218Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:38.493509737Z 61 PC: 9e99c | Open file (See above)
2018-12-25T12:03:38.500893253Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:38.502515677Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:38.504182001Z 66 PC: 9e99c | Move file pointer (See above)
2018-12-25T12:03:38.506905046Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:38.50853367Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:38.510171504Z 63 PC: 9e99c | Read file or device (See above)
2018-12-25T12:03:38.526184478Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:38.527921955Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:38.534002963Z 62 PC: 9e99c | Close file (See above)
2018-12-25T12:03:38.536560209Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:38.539532165Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:38.540606042Z 99 PC: 9e99c | Get DBCS lead byte table pointer (See above)
2018-12-25T12:03:38.542044174Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:38.543367989Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:38.544955119Z 56 PC: 9e99c | Get or set country info (See above)
2018-12-25T12:03:38.546266344Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:38.548087749Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:38.549310344Z 64 PC: 9e99c | Write file or device (See above)
2018-12-25T12:03:38.55267889Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:38.553946634Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:38.555156942Z 25 PC: 9e99c | Get default drive (See above)
2018-12-25T12:03:38.556124218Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:38.557615244Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:38.568173688Z 71 PC: 9e99c | Get current directory (See above)
2018-12-25T12:03:38.573749607Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:38.57702843Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:38.580293134Z 64 PC: 9e99c | Write file or device (See above)
2018-12-25T12:03:38.584386211Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:38.58684293Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:38.589237434Z 2 PC: 9e99c | Character output (See above)
2018-12-25T12:03:38.592167517Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:38.593614017Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:38.595094858Z 93 PC: 9e99c | File sharing functions (See above)
2018-12-25T12:03:38.597871856Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:38.599368296Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:38.600851743Z 93 PC: 9e99c | File sharing functions (See above)
2018-12-25T12:03:38.60384678Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:38.605533344Z 98 PC: 9e99c | Get current PSP (See above)
2018-12-25T12:03:38.606756903Z 10 PC: 9e99c | Buffered keyboard input (See above)

{"DateBased":true,"Day":6,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8167,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:03:38.295884019Z 42 PC: 12a53 | Get date 0x12a53: cmp al, 0
0x12a55: jne 0x12a59
0x12a57: jmp 0x12a5c
0x12a59: jmp 0x12c25
0x12a5c: mov ah, 1
0x12a5e: mov cx, 0x2020
0x12a61: int 0x10
0x12a63: mov ah, 2
0x12a65: xor dx, dx
0x12a67: int 0x10
0x12a69: xor ax, ax
0x12a6b: int 0x10
0x12a6d: mov ah, 0xe
0x12a6f: mov al, 0x49
0x12a71: int 0x10
0x12a73: mov ah, 0xe
0x12a75: mov al, 0x74
0x12a77: int 0x10
0x12a79: mov ah, 0xe
0x12a7b: mov al, 0x27