Sample viewer

vx.netlux.org/Virus.DOS.Akuku.1111

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:44:50.545306657Z 37 PC: 18d2f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:44:50.547769299Z 47 PC: 18d39 | Get disk transfer address
2018-12-17T22:44:50.54922278Z 26 PC: 18d42 | Set disk transfer address
2018-12-17T22:44:50.550637816Z 25 PC: 18d46 | Get default drive
2018-12-17T22:44:50.553095286Z 44 PC: 18d4d | Get time 0x18d4d: and dh, 0xf
0x18d50: mov dl, dh
0x18d52: cmp dl, 0
0x18d55: je 0x18d5e
0x18d57: cmp dl, 0xb
0x18d5a: jbe 0x18d62
0x18d5c: mov dl, 2
0x18d5e: mov ah, 0xe
0x18d60: int 0x21
0x18d62: mov ax, cs
0x18d64: mov es, ax
0x18d66: mov byte ptr [0x496], 0
0x18d6b: nop
0x18d6c: mov di, 0x460
0x18d6f: mov word ptr [0x494], di
0x18d73: call 0x18fb6
0x18d76: mov di, 0x460
0x18d79: mov ax, 0x2e2a
0x18d7c: stosw word ptr es:[di], ax
0x18d7d: mov ah, 0
2018-12-17T22:44:50.555674918Z 14 PC: 18d62 | Set default drive (Drive = 'C')
2018-12-17T22:44:50.558438452Z 78 PC: 18fcb | Find first file
2018-12-17T22:44:50.564685184Z 79 PC: 19036 | Find next file
2018-12-17T22:44:50.568750239Z 79 PC: 19036 | Find next file
2018-12-17T22:44:50.572261004Z 54 PC: 1904e | Get free disk space
2018-12-17T22:44:50.61445189Z 67 PC: 19067 | Get or set file attributes
2018-12-17T22:44:50.624924848Z 67 PC: 19073 | Get or set file attributes
2018-12-17T22:44:50.968533208Z 61 PC: 19078 | Open file (Filename = 'COMMAND.COM')
2018-12-17T22:44:50.975957075Z 87 PC: 1907f | Get or set file date and time
2018-12-17T22:44:50.979365163Z 63 PC: 18edb | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:44:50.994609662Z 66 PC: 18f22 | Move file pointer
2018-12-17T22:44:50.996186676Z 64 PC: 18f35 | Write file or device (Write 11 bytes on handle 5)
2018-12-17T22:44:51.042249193Z 64 PC: 18ee7 | Write file or device (Write 1108 bytes on handle 5)
2018-12-17T22:44:51.053356873Z 64 PC: 18ef3 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:44:51.058037181Z 66 PC: 18efc | Move file pointer
2018-12-17T22:44:51.063731463Z 64 PC: 18f17 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:44:51.067300631Z 87 PC: 18ead | Get or set file date and time
2018-12-17T22:44:51.071448053Z 62 PC: 18eb1 | Close file
2018-12-17T22:44:51.08856425Z 67 PC: 18ebd | Get or set file attributes
2018-12-17T22:44:51.099886031Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.103309139Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.106871414Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.11011342Z 78 PC: 18d89 | Find first file
2018-12-17T22:44:51.116094733Z 79 PC: 18dce | Find next file
2018-12-17T22:44:51.119261245Z 79 PC: 18dce | Find next file
2018-12-17T22:44:51.123718945Z 78 PC: 18fcb | Find first file
2018-12-17T22:44:51.135217045Z 54 PC: 1904e | Get free disk space
2018-12-17T22:44:51.144529711Z 67 PC: 19067 | Get or set file attributes
2018-12-17T22:44:51.168005994Z 67 PC: 19073 | Get or set file attributes
2018-12-17T22:44:51.18021312Z 61 PC: 19078 | Open file (Filename = 'DOS\ATTRIB.EXE')
2018-12-17T22:44:51.188331544Z 87 PC: 1907f | Get or set file date and time
2018-12-17T22:44:51.191066879Z 63 PC: 18e32 | Read file or device (Read 27 bytes on handle 5)
2018-12-17T22:44:51.197928107Z 66 PC: 18f22 | Move file pointer
2018-12-17T22:44:51.199908624Z 64 PC: 18f35 | Write file or device (Write 8 bytes on handle 5)
2018-12-17T22:44:51.207561119Z 64 PC: 18e63 | Write file or device (Write 1108 bytes on handle 5)
2018-12-17T22:44:51.218130506Z 64 PC: 18e71 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:44:51.22154322Z 64 PC: 18e81 | Write file or device (Write 2 bytes on handle 5)
2018-12-17T22:44:51.224944325Z 66 PC: 18e90 | Move file pointer
2018-12-17T22:44:51.227445374Z 64 PC: 18e9a | Write file or device (Write 27 bytes on handle 5)
2018-12-17T22:44:51.230985101Z 87 PC: 18ead | Get or set file date and time
2018-12-17T22:44:51.233041302Z 62 PC: 18eb1 | Close file
2018-12-17T22:44:51.241556592Z 67 PC: 18ebd | Get or set file attributes
2018-12-17T22:44:51.252625025Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.256560902Z 54 PC: 1904e | Get free disk space
2018-12-17T22:44:51.260716936Z 67 PC: 19067 | Get or set file attributes
2018-12-17T22:44:51.268159615Z 67 PC: 19073 | Get or set file attributes
2018-12-17T22:44:51.279205901Z 61 PC: 19078 | Open file (Filename = 'DOS\CHKDSK.EXE')
2018-12-17T22:44:51.28890491Z 87 PC: 1907f | Get or set file date and time
2018-12-17T22:44:51.291232568Z 63 PC: 18e32 | Read file or device (Read 27 bytes on handle 5)
2018-12-17T22:44:51.2978386Z 66 PC: 18f22 | Move file pointer
2018-12-17T22:44:51.300113881Z 64 PC: 18f35 | Write file or device (Write 15 bytes on handle 5)
2018-12-17T22:44:51.308361182Z 64 PC: 18e63 | Write file or device (Write 1108 bytes on handle 5)
2018-12-17T22:44:51.318074644Z 64 PC: 18e71 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:44:51.321562287Z 64 PC: 18e81 | Write file or device (Write 2 bytes on handle 5)
2018-12-17T22:44:51.325969327Z 66 PC: 18e90 | Move file pointer
2018-12-17T22:44:51.327937956Z 64 PC: 18e9a | Write file or device (Write 27 bytes on handle 5)
2018-12-17T22:44:51.331468587Z 87 PC: 18ead | Get or set file date and time
2018-12-17T22:44:51.334363387Z 62 PC: 18eb1 | Close file
2018-12-17T22:44:51.342758528Z 67 PC: 18ebd | Get or set file attributes
2018-12-17T22:44:51.354650185Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.359294316Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.363460531Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.370914939Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.374603251Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.378771685Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.382698028Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.386664326Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.391656159Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.395605797Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.399532669Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.404469134Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.40851011Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.415930826Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.421491302Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.425697931Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.429619198Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.434320401Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.43861063Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.442509227Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.446461879Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.451173293Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.455118719Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.459210467Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.464063496Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.467893608Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.471691508Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.476275775Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.480410157Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.488506566Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.49305354Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.497184702Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.501062492Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.505076476Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.509434096Z 79 PC: 18dce | Find next file
2018-12-17T22:44:51.512761342Z 79 PC: 18dce | Find next file
2018-12-17T22:44:51.516011528Z 78 PC: 18fcb | Find first file
2018-12-17T22:44:51.527349089Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.531512264Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.535753026Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.540454912Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.544329927Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.548121769Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.553254634Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.558375935Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.562131855Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.566964577Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.570631747Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.574348654Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.578799162Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.585703956Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.589625116Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.593601853Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.597419988Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.602607775Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.607626165Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.611304804Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.615783309Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.621087909Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.625169527Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.630196938Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.634425208Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.639141655Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.643714654Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.647641874Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.652605085Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.659989622Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.663899643Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.668911349Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.672886166Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.676758461Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.681610612Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.685500433Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.689453415Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.694229011Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.699415148Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.703346315Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.708143052Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.712404714Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.716247729Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.720878977Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.725557582Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.732844066Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.742153286Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.748155822Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.761772754Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.765603956Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.782477297Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.786012861Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.789454243Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.802446423Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.805934187Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.809401525Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.816982094Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.820424199Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.834524839Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.839663724Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.843159875Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.860840173Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.865358063Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.868938387Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.882548683Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.886992572Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.891233761Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.894738329Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.911828876Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.92120803Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.930364427Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.934964409Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.9388282Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.945293917Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.962905335Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.968302988Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.972102147Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.982444873Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.987235003Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.991004755Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.994789242Z 79 PC: 19036 | Find next file
2018-12-17T22:44:51.999543408Z 79 PC: 19036 | Find next file
2018-12-17T22:44:52.003331728Z 79 PC: 19036 | Find next file
2018-12-17T22:44:52.007089773Z 79 PC: 19036 | Find next file
2018-12-17T22:44:52.011834449Z 79 PC: 19036 | Find next file
2018-12-17T22:44:52.015667608Z 79 PC: 19036 | Find next file
2018-12-17T22:44:52.019445546Z 79 PC: 19036 | Find next file
2018-12-17T22:44:52.024911884Z 79 PC: 19036 | Find next file
2018-12-17T22:44:52.028955085Z 79 PC: 19036 | Find next file
2018-12-17T22:44:52.032749573Z 79 PC: 19036 | Find next file
2018-12-17T22:44:52.037404424Z 79 PC: 19036 | Find next file
2018-12-17T22:44:52.04149461Z 79 PC: 19036 | Find next file
2018-12-17T22:44:52.045985249Z 79 PC: 19036 | Find next file
2018-12-17T22:44:52.053918808Z 79 PC: 19036 | Find next file
2018-12-17T22:44:52.066271812Z 79 PC: 19036 | Find next file
2018-12-17T22:44:52.076654914Z 79 PC: 19036 | Find next file
2018-12-17T22:44:52.081870751Z 79 PC: 19036 | Find next file
2018-12-17T22:44:52.086208858Z 79 PC: 19036 | Find next file
2018-12-17T22:44:52.090966715Z 79 PC: 19036 | Find next file
2018-12-17T22:44:52.095119067Z 79 PC: 19036 | Find next file
2018-12-17T22:44:52.099875921Z 79 PC: 19036 | Find next file
2018-12-17T22:44:52.103756239Z 79 PC: 19036 | Find next file
2018-12-17T22:44:52.107633085Z 79 PC: 19036 | Find next file
2018-12-17T22:44:52.11259406Z 79 PC: 19036 | Find next file
2018-12-17T22:44:52.116480323Z 79 PC: 19036 | Find next file
2018-12-17T22:44:52.120354956Z 79 PC: 19036 | Find next file
2018-12-17T22:44:52.125380773Z 79 PC: 19036 | Find next file
2018-12-17T22:44:52.132730552Z 79 PC: 19036 | Find next file
2018-12-17T22:44:52.136631249Z 79 PC: 19036 | Find next file
2018-12-17T22:44:52.141378161Z 79 PC: 18dce | Find next file
2018-12-17T22:44:52.144734704Z 79 PC: 18dce | Find next file
2018-12-17T22:44:52.147917059Z 79 PC: 18dce | Find next file
2018-12-17T22:44:52.151748256Z 14 PC: 18ddb | Set default drive (Drive = '›')
2018-12-17T22:44:52.153783527Z 44 PC: 18ddf | Get time 0x18ddf: cmp cl, 0x20
0x18de2: jb 0x18e0c
0x18de4: cmp cl, 0x23
0x18de7: jae 0x18e0c
0x18de9: mov ah, 9
0x18deb: mov dx, 0x42e
0x18dee: int 0x21
0x18df0: mov ax, 0x3508
0x18df3: int 0x21
0x18df5: mov si, 0x368
0x18df8: mov word ptr [si], bx
0x18dfa: mov bx, es
0x18dfc: mov word ptr [si + 2], bx
0x18dff: mov ax, 0x2508
0x18e02: mov dx, 0x36f
0x18e05: int 0x21
0x18e07: mov dx, 0x499
0x18e0a: int 0x27
0x18e0c: mov cx, cs
0x18e0e: sub cx, word ptr [0x458]
2018-12-17T22:44:52.156582216Z 26 PC: 18e1d | Set disk transfer address
2018-12-17T22:44:52.159062675Z 48 PC: 13777 | Get DOS version
2018-12-17T22:44:52.161865278Z 9 PC: 13783 | Display string (String= 'Incorrect DOS version ')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":8349,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:04:24.782980283Z 37 PC: 18d2f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:04:24.785398186Z 47 PC: 18d39 | Get disk transfer address
2018-12-25T12:04:24.786750742Z 26 PC: 18d42 | Set disk transfer address
2018-12-25T12:04:24.787955181Z 25 PC: 18d46 | Get default drive
2018-12-25T12:04:24.789798388Z 44 PC: 18d4d | Get time 0x18d4d: and dh, 0xf
0x18d50: mov dl, dh
0x18d52: cmp dl, 0
0x18d55: je 0x18d5e
0x18d57: cmp dl, 0xb
0x18d5a: jbe 0x18d62
0x18d5c: mov dl, 2
0x18d5e: mov ah, 0xe
0x18d60: int 0x21
0x18d62: mov ax, cs
0x18d64: mov es, ax
0x18d66: mov byte ptr [0x496], 0
0x18d6b: nop
0x18d6c: mov di, 0x460
0x18d6f: mov word ptr [0x494], di
0x18d73: call 0x18fb6
0x18d76: mov di, 0x460
0x18d79: mov ax, 0x2e2a
0x18d7c: stosw word ptr es:[di], ax
0x18d7d: mov ah, 0
2018-12-25T12:04:24.791485898Z 78 PC: 18fcb | Find first file
2018-12-25T12:04:24.795803694Z 79 PC: 19036 | Find next file
2018-12-25T12:04:24.799044122Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:24.801699035Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:24.804342155Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:24.810145664Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:24.81313533Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:24.816319371Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:24.819890204Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:24.823172201Z 54 PC: 1904e | Get free disk space
2018-12-25T12:04:24.832493578Z 67 PC: 19067 | Get or set file attributes
2018-12-25T12:04:24.839122865Z 67 PC: 19073 | Get or set file attributes
2018-12-25T12:04:24.855039336Z 61 PC: 19078 | Open file (Filename = 'TEST.COM')
2018-12-25T12:04:24.861909239Z 87 PC: 1907f | Get or set file date and time
2018-12-25T12:04:24.864793608Z 63 PC: 18edb | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:04:24.867347713Z 66 PC: 18f22 | Move file pointer
2018-12-25T12:04:24.868627641Z 64 PC: 18f35 | Write file or device (Write 9 bytes on handle 5)
2018-12-25T12:04:24.872445041Z 64 PC: 18ee7 | Write file or device (Write 1108 bytes on handle 5)
2018-12-25T12:04:24.881218128Z 64 PC: 18ef3 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:04:24.883894752Z 66 PC: 18efc | Move file pointer
2018-12-25T12:04:24.885571048Z 64 PC: 18f17 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:04:24.88894576Z 87 PC: 18ead | Get or set file date and time
2018-12-25T12:04:24.890842685Z 62 PC: 18eb1 | Close file
2018-12-25T12:04:24.899139825Z 67 PC: 18ebd | Get or set file attributes
2018-12-25T12:04:24.921887261Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:24.924277621Z 78 PC: 18d89 | Find first file
2018-12-25T12:04:24.930084618Z 79 PC: 18dce | Find next file
2018-12-25T12:04:24.933732567Z 79 PC: 18dce | Find next file (See above)
2018-12-25T12:04:24.936566089Z 79 PC: 18dce | Find next file (See above)
2018-12-25T12:04:24.939385425Z 79 PC: 18dce | Find next file (See above)
2018-12-25T12:04:24.943305624Z 79 PC: 18dce | Find next file (See above)
2018-12-25T12:04:24.94611207Z 79 PC: 18dce | Find next file (See above)
2018-12-25T12:04:24.94886337Z 79 PC: 18dce | Find next file (See above)
2018-12-25T12:04:24.95268076Z 79 PC: 18dce | Find next file (See above)
2018-12-25T12:04:24.955417199Z 79 PC: 18dce | Find next file (See above)
2018-12-25T12:04:24.95791658Z 14 PC: 18ddb | Set default drive (Drive = 'A')
2018-12-25T12:04:24.97063007Z 44 PC: 18ddf | Get time 0x18ddf: cmp cl, 0x20
0x18de2: jb 0x18e0c
0x18de4: cmp cl, 0x23
0x18de7: jae 0x18e0c
0x18de9: mov ah, 9
0x18deb: mov dx, 0x42e
0x18dee: int 0x21
0x18df0: mov ax, 0x3508
0x18df3: int 0x21
0x18df5: mov si, 0x368
0x18df8: mov word ptr [si], bx
0x18dfa: mov bx, es
0x18dfc: mov word ptr [si + 2], bx
0x18dff: mov ax, 0x2508
0x18e02: mov dx, 0x36f
0x18e05: int 0x21
0x18e07: mov dx, 0x499
0x18e0a: int 0x27
0x18e0c: mov cx, cs
0x18e0e: sub cx, word ptr [0x458]
2018-12-25T12:04:24.972734476Z 26 PC: 18e1d | Set disk transfer address
2018-12-25T12:04:24.973866035Z 48 PC: 13777 | Get DOS version
2018-12-25T12:04:24.975651805Z 9 PC: 13783 | Display string (String= 'Incorrect DOS version ')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":8349,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:04:26.290480938Z 37 PC: 18d2f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:04:26.29271376Z 47 PC: 18d39 | Get disk transfer address
2018-12-25T12:04:26.293703378Z 26 PC: 18d42 | Set disk transfer address
2018-12-25T12:04:26.294700843Z 25 PC: 18d46 | Get default drive
2018-12-25T12:04:26.296372328Z 44 PC: 18d4d | Get time 0x18d4d: and dh, 0xf
0x18d50: mov dl, dh
0x18d52: cmp dl, 0
0x18d55: je 0x18d5e
0x18d57: cmp dl, 0xb
0x18d5a: jbe 0x18d62
0x18d5c: mov dl, 2
0x18d5e: mov ah, 0xe
0x18d60: int 0x21
0x18d62: mov ax, cs
0x18d64: mov es, ax
0x18d66: mov byte ptr [0x496], 0
0x18d6b: nop
0x18d6c: mov di, 0x460
0x18d6f: mov word ptr [0x494], di
0x18d73: call 0x18fb6
0x18d76: mov di, 0x460
0x18d79: mov ax, 0x2e2a
0x18d7c: stosw word ptr es:[di], ax
0x18d7d: mov ah, 0
2018-12-25T12:04:26.298056814Z 78 PC: 18fcb | Find first file
2018-12-25T12:04:26.302099758Z 79 PC: 19036 | Find next file
2018-12-25T12:04:26.304840429Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:26.307252035Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:26.309521911Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:26.312130761Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:26.314173714Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:26.316092391Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:26.318401305Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:26.320334049Z 54 PC: 1904e | Get free disk space
2018-12-25T12:04:26.327105471Z 67 PC: 19067 | Get or set file attributes
2018-12-25T12:04:26.341164281Z 67 PC: 19073 | Get or set file attributes
2018-12-25T12:04:26.356436301Z 61 PC: 19078 | Open file (Filename = 'TEST.COM')
2018-12-25T12:04:26.362972625Z 87 PC: 1907f | Get or set file date and time
2018-12-25T12:04:26.365696865Z 63 PC: 18edb | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:04:26.372272304Z 66 PC: 18f22 | Move file pointer
2018-12-25T12:04:26.373916423Z 64 PC: 18f35 | Write file or device (Write 9 bytes on handle 5)
2018-12-25T12:04:26.381645947Z 64 PC: 18ee7 | Write file or device (Write 1108 bytes on handle 5)
2018-12-25T12:04:26.389996671Z 64 PC: 18ef3 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:04:26.392655352Z 66 PC: 18efc | Move file pointer
2018-12-25T12:04:26.394592042Z 64 PC: 18f17 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:04:26.413714889Z 87 PC: 18ead | Get or set file date and time
2018-12-25T12:04:26.41566864Z 62 PC: 18eb1 | Close file
2018-12-25T12:04:26.563735003Z 67 PC: 18ebd | Get or set file attributes
2018-12-25T12:04:26.577769665Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:26.581600402Z 78 PC: 18d89 | Find first file
2018-12-25T12:04:26.588594511Z 79 PC: 18dce | Find next file
2018-12-25T12:04:26.591634776Z 79 PC: 18dce | Find next file (See above)
2018-12-25T12:04:26.594479918Z 79 PC: 18dce | Find next file (See above)
2018-12-25T12:04:26.597831965Z 79 PC: 18dce | Find next file (See above)
2018-12-25T12:04:26.600498824Z 79 PC: 18dce | Find next file (See above)
2018-12-25T12:04:26.603290709Z 79 PC: 18dce | Find next file (See above)
2018-12-25T12:04:26.60651485Z 79 PC: 18dce | Find next file (See above)
2018-12-25T12:04:26.609153412Z 79 PC: 18dce | Find next file (See above)
2018-12-25T12:04:26.61159527Z 79 PC: 18dce | Find next file (See above)
2018-12-25T12:04:26.61496332Z 14 PC: 18ddb | Set default drive (Drive = 'A')
2018-12-25T12:04:26.616462697Z 44 PC: 18ddf | Get time 0x18ddf: cmp cl, 0x20
0x18de2: jb 0x18e0c
0x18de4: cmp cl, 0x23
0x18de7: jae 0x18e0c
0x18de9: mov ah, 9
0x18deb: mov dx, 0x42e
0x18dee: int 0x21
0x18df0: mov ax, 0x3508
0x18df3: int 0x21
0x18df5: mov si, 0x368
0x18df8: mov word ptr [si], bx
0x18dfa: mov bx, es
0x18dfc: mov word ptr [si + 2], bx
0x18dff: mov ax, 0x2508
0x18e02: mov dx, 0x36f
0x18e05: int 0x21
0x18e07: mov dx, 0x499
0x18e0a: int 0x27
0x18e0c: mov cx, cs
0x18e0e: sub cx, word ptr [0x458]
2018-12-25T12:04:26.618837162Z 26 PC: 18e1d | Set disk transfer address
2018-12-25T12:04:26.621216697Z 48 PC: 13777 | Get DOS version
2018-12-25T12:04:26.622570133Z 9 PC: 13783 | Display string (String= 'Incorrect DOS version ')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":11,"TimeBased":true,"OriginalID":8349,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:04:27.858186767Z 37 PC: 18d2f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:04:27.860000953Z 47 PC: 18d39 | Get disk transfer address
2018-12-25T12:04:27.860998974Z 26 PC: 18d42 | Set disk transfer address
2018-12-25T12:04:27.861965863Z 25 PC: 18d46 | Get default drive
2018-12-25T12:04:27.863554997Z 44 PC: 18d4d | Get time 0x18d4d: and dh, 0xf
0x18d50: mov dl, dh
0x18d52: cmp dl, 0
0x18d55: je 0x18d5e
0x18d57: cmp dl, 0xb
0x18d5a: jbe 0x18d62
0x18d5c: mov dl, 2
0x18d5e: mov ah, 0xe
0x18d60: int 0x21
0x18d62: mov ax, cs
0x18d64: mov es, ax
0x18d66: mov byte ptr [0x496], 0
0x18d6b: nop
0x18d6c: mov di, 0x460
0x18d6f: mov word ptr [0x494], di
0x18d73: call 0x18fb6
0x18d76: mov di, 0x460
0x18d79: mov ax, 0x2e2a
0x18d7c: stosw word ptr es:[di], ax
0x18d7d: mov ah, 0
2018-12-25T12:04:27.865615519Z 14 PC: 18d62 | Set default drive (Drive = 'C')
2018-12-25T12:04:27.866746038Z 78 PC: 18fcb | Find first file
2018-12-25T12:04:27.872432938Z 79 PC: 19036 | Find next file
2018-12-25T12:04:27.875066938Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:27.877555049Z 54 PC: 1904e | Get free disk space
2018-12-25T12:04:27.916113785Z 67 PC: 19067 | Get or set file attributes
2018-12-25T12:04:27.924196145Z 67 PC: 19073 | Get or set file attributes
2018-12-25T12:04:28.261488457Z 61 PC: 19078 | Open file (Filename = 'COMMAND.COM')
2018-12-25T12:04:28.26809173Z 87 PC: 1907f | Get or set file date and time
2018-12-25T12:04:28.269447388Z 63 PC: 18edb | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:04:28.274673231Z 66 PC: 18f22 | Move file pointer
2018-12-25T12:04:28.276468214Z 64 PC: 18f35 | Write file or device (Write 11 bytes on handle 5)
2018-12-25T12:04:28.282454452Z 64 PC: 18ee7 | Write file or device (Write 1108 bytes on handle 5)
2018-12-25T12:04:28.291273585Z 64 PC: 18ef3 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:04:28.294806647Z 66 PC: 18efc | Move file pointer
2018-12-25T12:04:28.296352752Z 64 PC: 18f17 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:04:28.299270981Z 87 PC: 18ead | Get or set file date and time
2018-12-25T12:04:28.301913655Z 62 PC: 18eb1 | Close file
2018-12-25T12:04:28.308823041Z 67 PC: 18ebd | Get or set file attributes
2018-12-25T12:04:28.318356261Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.32173125Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.324389576Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.326649478Z 78 PC: 18d89 | Find first file
2018-12-25T12:04:28.332494183Z 79 PC: 18dce | Find next file
2018-12-25T12:04:28.33517377Z 79 PC: 18dce | Find next file (See above)
2018-12-25T12:04:28.337627881Z 78 PC: 18fcb | Find first file (See above)
2018-12-25T12:04:28.347612821Z 54 PC: 1904e | Get free disk space (See above)
2018-12-25T12:04:28.350085554Z 67 PC: 19067 | Get or set file attributes (See above)
2018-12-25T12:04:28.356216665Z 67 PC: 19073 | Get or set file attributes (See above)
2018-12-25T12:04:28.366900608Z 61 PC: 19078 | Open file (See above)
2018-12-25T12:04:28.372811723Z 87 PC: 1907f | Get or set file date and time (See above)
2018-12-25T12:04:28.374025282Z 63 PC: 18e32 | Read file or device (Read 27 bytes on handle 5)
2018-12-25T12:04:28.3802529Z 66 PC: 18f22 | Move file pointer (See above)
2018-12-25T12:04:28.381555356Z 64 PC: 18f35 | Write file or device (See above)
2018-12-25T12:04:28.387469071Z 64 PC: 18e63 | Write file or device (Write 1108 bytes on handle 5)
2018-12-25T12:04:28.395434312Z 64 PC: 18e71 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:04:28.398743351Z 64 PC: 18e81 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:04:28.401679744Z 66 PC: 18e90 | Move file pointer
2018-12-25T12:04:28.403571806Z 64 PC: 18e9a | Write file or device (Write 27 bytes on handle 5)
2018-12-25T12:04:28.406225824Z 87 PC: 18ead | Get or set file date and time (See above)
2018-12-25T12:04:28.407603926Z 62 PC: 18eb1 | Close file (See above)
2018-12-25T12:04:28.415100456Z 67 PC: 18ebd | Get or set file attributes (See above)
2018-12-25T12:04:28.424481154Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.427542279Z 54 PC: 1904e | Get free disk space (See above)
2018-12-25T12:04:28.430230719Z 67 PC: 19067 | Get or set file attributes (See above)
2018-12-25T12:04:28.436581775Z 67 PC: 19073 | Get or set file attributes (See above)
2018-12-25T12:04:28.446572124Z 61 PC: 19078 | Open file (See above)
2018-12-25T12:04:28.453055956Z 87 PC: 1907f | Get or set file date and time (See above)
2018-12-25T12:04:28.454707361Z 63 PC: 18e32 | Read file or device (See above)
2018-12-25T12:04:28.45997289Z 66 PC: 18f22 | Move file pointer (See above)
2018-12-25T12:04:28.46121496Z 64 PC: 18f35 | Write file or device (See above)
2018-12-25T12:04:28.467372547Z 64 PC: 18e63 | Write file or device (See above)
2018-12-25T12:04:28.475395578Z 64 PC: 18e71 | Write file or device (See above)
2018-12-25T12:04:28.477882235Z 64 PC: 18e81 | Write file or device (See above)
2018-12-25T12:04:28.480393715Z 66 PC: 18e90 | Move file pointer (See above)
2018-12-25T12:04:28.481634761Z 64 PC: 18e9a | Write file or device (See above)
2018-12-25T12:04:28.484175689Z 87 PC: 18ead | Get or set file date and time (See above)
2018-12-25T12:04:28.485962087Z 62 PC: 18eb1 | Close file (See above)
2018-12-25T12:04:28.492528765Z 67 PC: 18ebd | Get or set file attributes (See above)
2018-12-25T12:04:28.501654556Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.505102489Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.508977532Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.512303107Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.516501848Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.519839564Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.523110568Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.527358077Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.530647645Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.533993674Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.539314919Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.542636266Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.545927249Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.552820134Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.555740027Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.557663471Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.560243916Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.563286158Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.566263191Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.570465096Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.573636516Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.576772834Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.580852882Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.583748503Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.585829898Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.588637413Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.590606996Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.59254325Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.595050456Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.598840124Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.600802205Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.603884219Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.606888119Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.609778581Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.612758998Z 79 PC: 18dce | Find next file (See above)
2018-12-25T12:04:28.61525113Z 79 PC: 18dce | Find next file (See above)
2018-12-25T12:04:28.617554375Z 78 PC: 18fcb | Find first file (See above)
2018-12-25T12:04:28.626484449Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.62998981Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.633079686Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.636896909Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.639872809Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.642772391Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.646294216Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.649915713Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.652743922Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.656199044Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.659080665Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.661904965Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.664822742Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.670996925Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.673838446Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.676576359Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.679482128Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.682314989Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.685068315Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.68846013Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.691313615Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.694100448Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.697311898Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.700066844Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.702731017Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.705728489Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.708616668Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.711266034Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.714655521Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.721185522Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.724147529Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.727602112Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.730809394Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.733954892Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.737413109Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.740216452Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.743525156Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.746330761Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.749163413Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.752895948Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.755900241Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.758852238Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.762307332Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.765114627Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.767945886Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.773967792Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.776879304Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.780378939Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.783352976Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.786156593Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.788899815Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.792128714Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.794871712Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.797580985Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.800553309Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.803388284Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.806247Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.809347121Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.812093747Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.815172671Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.818012381Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.82373931Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.826871768Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.829709073Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.832458944Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.835772444Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.838693245Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.842534684Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.846258832Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.849241678Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.852206451Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.85554302Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.858549664Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.861469898Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.864638656Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.867521573Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.870379659Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.876816406Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.879805806Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.882675093Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.886375555Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.889252983Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.892274288Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.895336773Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.898210014Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.902060613Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.905073875Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.908731878Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.912606574Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.915523316Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.918510701Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.921742283Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.924775495Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.930683867Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.934027243Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.936979836Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.939871121Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.946612303Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.949493883Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.952255187Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.955574276Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.958450293Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.961245269Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.964247558Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.96636536Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.968247623Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.970539338Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.974224473Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.976239762Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.978814818Z 79 PC: 18dce | Find next file (See above)
2018-12-25T12:04:28.981221612Z 79 PC: 18dce | Find next file (See above)
2018-12-25T12:04:28.983502956Z 79 PC: 18dce | Find next file (See above)
2018-12-25T12:04:28.985590449Z 14 PC: 18ddb | Set default drive (Drive = '›')
2018-12-25T12:04:28.986618434Z 44 PC: 18ddf | Get time 0x18ddf: cmp cl, 0x20
0x18de2: jb 0x18e0c
0x18de4: cmp cl, 0x23
0x18de7: jae 0x18e0c
0x18de9: mov ah, 9
0x18deb: mov dx, 0x42e
0x18dee: int 0x21
0x18df0: mov ax, 0x3508
0x18df3: int 0x21
0x18df5: mov si, 0x368
0x18df8: mov word ptr [si], bx
0x18dfa: mov bx, es
0x18dfc: mov word ptr [si + 2], bx
0x18dff: mov ax, 0x2508
0x18e02: mov dx, 0x36f
0x18e05: int 0x21
0x18e07: mov dx, 0x499
0x18e0a: int 0x27
0x18e0c: mov cx, cs
0x18e0e: sub cx, word ptr [0x458]
2018-12-25T12:04:28.989055215Z 26 PC: 18e1d | Set disk transfer address
2018-12-25T12:04:28.990024949Z 48 PC: 13777 | Get DOS version
2018-12-25T12:04:28.990936757Z 9 PC: 13783 | Display string (String= 'Incorrect DOS version ')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":8349,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:04:28.96110308Z 37 PC: 18d2f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:04:28.962271167Z 47 PC: 18d39 | Get disk transfer address
2018-12-25T12:04:28.963180051Z 26 PC: 18d42 | Set disk transfer address
2018-12-25T12:04:28.964069039Z 25 PC: 18d46 | Get default drive
2018-12-25T12:04:28.96577388Z 44 PC: 18d4d | Get time 0x18d4d: and dh, 0xf
0x18d50: mov dl, dh
0x18d52: cmp dl, 0
0x18d55: je 0x18d5e
0x18d57: cmp dl, 0xb
0x18d5a: jbe 0x18d62
0x18d5c: mov dl, 2
0x18d5e: mov ah, 0xe
0x18d60: int 0x21
0x18d62: mov ax, cs
0x18d64: mov es, ax
0x18d66: mov byte ptr [0x496], 0
0x18d6b: nop
0x18d6c: mov di, 0x460
0x18d6f: mov word ptr [0x494], di
0x18d73: call 0x18fb6
0x18d76: mov di, 0x460
0x18d79: mov ax, 0x2e2a
0x18d7c: stosw word ptr es:[di], ax
0x18d7d: mov ah, 0
2018-12-25T12:04:28.968289132Z 78 PC: 18fcb | Find first file
2018-12-25T12:04:28.974441823Z 79 PC: 19036 | Find next file
2018-12-25T12:04:28.977490774Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.981085977Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.983831713Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.986791368Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.989276579Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.991745536Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.994967189Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:28.997390078Z 54 PC: 1904e | Get free disk space
2018-12-25T12:04:29.005708033Z 67 PC: 19067 | Get or set file attributes
2018-12-25T12:04:29.011619223Z 67 PC: 19073 | Get or set file attributes
2018-12-25T12:04:29.028556318Z 61 PC: 19078 | Open file (Filename = 'TEST.COM')
2018-12-25T12:04:29.036194777Z 87 PC: 1907f | Get or set file date and time
2018-12-25T12:04:29.038888254Z 63 PC: 18edb | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:04:29.041457889Z 66 PC: 18f22 | Move file pointer
2018-12-25T12:04:29.042710931Z 64 PC: 18f35 | Write file or device (Write 9 bytes on handle 5)
2018-12-25T12:04:29.046218871Z 64 PC: 18ee7 | Write file or device (Write 1108 bytes on handle 5)
2018-12-25T12:04:29.054654995Z 64 PC: 18ef3 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:04:29.057182884Z 66 PC: 18efc | Move file pointer
2018-12-25T12:04:29.058781799Z 64 PC: 18f17 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:04:29.061400268Z 87 PC: 18ead | Get or set file date and time
2018-12-25T12:04:29.06317035Z 62 PC: 18eb1 | Close file
2018-12-25T12:04:29.072046226Z 67 PC: 18ebd | Get or set file attributes
2018-12-25T12:04:29.081775439Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:29.084062474Z 78 PC: 18d89 | Find first file
2018-12-25T12:04:29.089673322Z 79 PC: 18dce | Find next file
2018-12-25T12:04:29.093080065Z 79 PC: 18dce | Find next file (See above)
2018-12-25T12:04:29.095487876Z 79 PC: 18dce | Find next file (See above)
2018-12-25T12:04:29.097962261Z 79 PC: 18dce | Find next file (See above)
2018-12-25T12:04:29.101742966Z 79 PC: 18dce | Find next file (See above)
2018-12-25T12:04:29.104148151Z 79 PC: 18dce | Find next file (See above)
2018-12-25T12:04:29.106501747Z 79 PC: 18dce | Find next file (See above)
2018-12-25T12:04:29.109724191Z 79 PC: 18dce | Find next file (See above)
2018-12-25T12:04:29.112440042Z 79 PC: 18dce | Find next file (See above)
2018-12-25T12:04:29.114592051Z 14 PC: 18ddb | Set default drive (Drive = 'A')
2018-12-25T12:04:29.117601886Z 44 PC: 18ddf | Get time 0x18ddf: cmp cl, 0x20
0x18de2: jb 0x18e0c
0x18de4: cmp cl, 0x23
0x18de7: jae 0x18e0c
0x18de9: mov ah, 9
0x18deb: mov dx, 0x42e
0x18dee: int 0x21
0x18df0: mov ax, 0x3508
0x18df3: int 0x21
0x18df5: mov si, 0x368
0x18df8: mov word ptr [si], bx
0x18dfa: mov bx, es
0x18dfc: mov word ptr [si + 2], bx
0x18dff: mov ax, 0x2508
0x18e02: mov dx, 0x36f
0x18e05: int 0x21
0x18e07: mov dx, 0x499
0x18e0a: int 0x27
0x18e0c: mov cx, cs
0x18e0e: sub cx, word ptr [0x458]
2018-12-25T12:04:29.119646178Z 26 PC: 18e1d | Set disk transfer address
2018-12-25T12:04:29.120694966Z 48 PC: 13777 | Get DOS version
2018-12-25T12:04:29.12230133Z 9 PC: 13783 | Display string (String= 'Incorrect DOS version ')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":32,"Second":0,"TimeBased":true,"OriginalID":8349,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:04:29.196361166Z 37 PC: 18d2f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:04:29.19728306Z 47 PC: 18d39 | Get disk transfer address
2018-12-25T12:04:29.198344626Z 26 PC: 18d42 | Set disk transfer address
2018-12-25T12:04:29.199203854Z 25 PC: 18d46 | Get default drive
2018-12-25T12:04:29.200133837Z 44 PC: 18d4d | Get time 0x18d4d: and dh, 0xf
0x18d50: mov dl, dh
0x18d52: cmp dl, 0
0x18d55: je 0x18d5e
0x18d57: cmp dl, 0xb
0x18d5a: jbe 0x18d62
0x18d5c: mov dl, 2
0x18d5e: mov ah, 0xe
0x18d60: int 0x21
0x18d62: mov ax, cs
0x18d64: mov es, ax
0x18d66: mov byte ptr [0x496], 0
0x18d6b: nop
0x18d6c: mov di, 0x460
0x18d6f: mov word ptr [0x494], di
0x18d73: call 0x18fb6
0x18d76: mov di, 0x460
0x18d79: mov ax, 0x2e2a
0x18d7c: stosw word ptr es:[di], ax
0x18d7d: mov ah, 0
2018-12-25T12:04:29.20163324Z 78 PC: 18fcb | Find first file
2018-12-25T12:04:29.205561063Z 79 PC: 19036 | Find next file
2018-12-25T12:04:29.207280513Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:29.208886708Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:29.210724722Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:29.212730383Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:29.215146787Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:29.217725411Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:29.220640613Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:29.223673091Z 54 PC: 1904e | Get free disk space
2018-12-25T12:04:29.232160843Z 67 PC: 19067 | Get or set file attributes
2018-12-25T12:04:29.23805992Z 67 PC: 19073 | Get or set file attributes
2018-12-25T12:04:29.252998672Z 61 PC: 19078 | Open file (Filename = 'TEST.COM')
2018-12-25T12:04:29.26445538Z 87 PC: 1907f | Get or set file date and time
2018-12-25T12:04:29.266710142Z 63 PC: 18edb | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:04:29.272890559Z 66 PC: 18f22 | Move file pointer
2018-12-25T12:04:29.274198405Z 64 PC: 18f35 | Write file or device (Write 9 bytes on handle 5)
2018-12-25T12:04:29.281437891Z 64 PC: 18ee7 | Write file or device (Write 1108 bytes on handle 5)
2018-12-25T12:04:29.290601297Z 64 PC: 18ef3 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:04:29.293321462Z 66 PC: 18efc | Move file pointer
2018-12-25T12:04:29.295278047Z 64 PC: 18f17 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:04:29.298091361Z 87 PC: 18ead | Get or set file date and time
2018-12-25T12:04:29.299447634Z 62 PC: 18eb1 | Close file
2018-12-25T12:04:29.307676591Z 67 PC: 18ebd | Get or set file attributes
2018-12-25T12:04:29.317318392Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:29.31950489Z 78 PC: 18d89 | Find first file
2018-12-25T12:04:29.32583813Z 79 PC: 18dce | Find next file
2018-12-25T12:04:29.349798178Z 79 PC: 18dce | Find next file (See above)
2018-12-25T12:04:29.352167111Z 79 PC: 18dce | Find next file (See above)
2018-12-25T12:04:29.354560501Z 79 PC: 18dce | Find next file (See above)
2018-12-25T12:04:29.357064768Z 79 PC: 18dce | Find next file (See above)
2018-12-25T12:04:29.359377299Z 79 PC: 18dce | Find next file (See above)
2018-12-25T12:04:29.361703972Z 79 PC: 18dce | Find next file (See above)
2018-12-25T12:04:29.364136944Z 79 PC: 18dce | Find next file (See above)
2018-12-25T12:04:29.366412273Z 79 PC: 18dce | Find next file (See above)
2018-12-25T12:04:29.368491146Z 14 PC: 18ddb | Set default drive (Drive = 'A')
2018-12-25T12:04:29.370117751Z 44 PC: 18ddf | Get time 0x18ddf: cmp cl, 0x20
0x18de2: jb 0x18e0c
0x18de4: cmp cl, 0x23
0x18de7: jae 0x18e0c
0x18de9: mov ah, 9
0x18deb: mov dx, 0x42e
0x18dee: int 0x21
0x18df0: mov ax, 0x3508
0x18df3: int 0x21
0x18df5: mov si, 0x368
0x18df8: mov word ptr [si], bx
0x18dfa: mov bx, es
0x18dfc: mov word ptr [si + 2], bx
0x18dff: mov ax, 0x2508
0x18e02: mov dx, 0x36f
0x18e05: int 0x21
0x18e07: mov dx, 0x499
0x18e0a: int 0x27
0x18e0c: mov cx, cs
0x18e0e: sub cx, word ptr [0x458]
2018-12-25T12:04:29.372143746Z 9 PC: 18df0 | Display string (String= ' Sorry, I'm copmpletly dead. ')
2018-12-25T12:04:29.377141552Z 53 PC: 18df5 | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:04:29.379218525Z 37 PC: 18e07 | Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:04:29.380270322Z 49 PC: 18e0c | Terminate and stay resident (Return code = '0' | Memory size = '74')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":36,"Second":0,"TimeBased":true,"OriginalID":8349,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:04:29.270463413Z 37 PC: 18d2f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:04:29.272474356Z 47 PC: 18d39 | Get disk transfer address
2018-12-25T12:04:29.273802547Z 26 PC: 18d42 | Set disk transfer address
2018-12-25T12:04:29.275094758Z 25 PC: 18d46 | Get default drive
2018-12-25T12:04:29.277252943Z 44 PC: 18d4d | Get time 0x18d4d: and dh, 0xf
0x18d50: mov dl, dh
0x18d52: cmp dl, 0
0x18d55: je 0x18d5e
0x18d57: cmp dl, 0xb
0x18d5a: jbe 0x18d62
0x18d5c: mov dl, 2
0x18d5e: mov ah, 0xe
0x18d60: int 0x21
0x18d62: mov ax, cs
0x18d64: mov es, ax
0x18d66: mov byte ptr [0x496], 0
0x18d6b: nop
0x18d6c: mov di, 0x460
0x18d6f: mov word ptr [0x494], di
0x18d73: call 0x18fb6
0x18d76: mov di, 0x460
0x18d79: mov ax, 0x2e2a
0x18d7c: stosw word ptr es:[di], ax
0x18d7d: mov ah, 0
2018-12-25T12:04:29.27961146Z 78 PC: 18fcb | Find first file
2018-12-25T12:04:29.285780879Z 79 PC: 19036 | Find next file
2018-12-25T12:04:29.289119986Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:29.292195263Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:29.294990869Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:29.299357268Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:29.301927876Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:29.304385999Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:29.306938564Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:29.309811378Z 54 PC: 1904e | Get free disk space
2018-12-25T12:04:29.31843463Z 67 PC: 19067 | Get or set file attributes
2018-12-25T12:04:29.32463299Z 67 PC: 19073 | Get or set file attributes
2018-12-25T12:04:29.3402707Z 61 PC: 19078 | Open file (Filename = 'TEST.COM')
2018-12-25T12:04:29.346944598Z 87 PC: 1907f | Get or set file date and time
2018-12-25T12:04:29.349397884Z 63 PC: 18edb | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:04:29.351764292Z 66 PC: 18f22 | Move file pointer
2018-12-25T12:04:29.353081683Z 64 PC: 18f35 | Write file or device (Write 9 bytes on handle 5)
2018-12-25T12:04:29.356816996Z 64 PC: 18ee7 | Write file or device (Write 1108 bytes on handle 5)
2018-12-25T12:04:29.365120765Z 64 PC: 18ef3 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:04:29.36755334Z 66 PC: 18efc | Move file pointer
2018-12-25T12:04:29.369120339Z 64 PC: 18f17 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:04:29.371724971Z 87 PC: 18ead | Get or set file date and time
2018-12-25T12:04:29.37298779Z 62 PC: 18eb1 | Close file
2018-12-25T12:04:29.380776731Z 67 PC: 18ebd | Get or set file attributes
2018-12-25T12:04:29.390122149Z 79 PC: 19036 | Find next file (See above)
2018-12-25T12:04:29.392362955Z 78 PC: 18d89 | Find first file
2018-12-25T12:04:29.39970717Z 79 PC: 18dce | Find next file
2018-12-25T12:04:29.402190804Z 79 PC: 18dce | Find next file (See above)
2018-12-25T12:04:29.404568208Z 79 PC: 18dce | Find next file (See above)
2018-12-25T12:04:29.407645425Z 79 PC: 18dce | Find next file (See above)
2018-12-25T12:04:29.410020294Z 79 PC: 18dce | Find next file (See above)
2018-12-25T12:04:29.41233106Z 79 PC: 18dce | Find next file (See above)
2018-12-25T12:04:29.420184845Z 79 PC: 18dce | Find next file (See above)
2018-12-25T12:04:29.422628621Z 79 PC: 18dce | Find next file (See above)
2018-12-25T12:04:29.425567887Z 79 PC: 18dce | Find next file (See above)
2018-12-25T12:04:29.429148919Z 14 PC: 18ddb | Set default drive (Drive = 'A')
2018-12-25T12:04:29.430449736Z 44 PC: 18ddf | Get time 0x18ddf: cmp cl, 0x20
0x18de2: jb 0x18e0c
0x18de4: cmp cl, 0x23
0x18de7: jae 0x18e0c
0x18de9: mov ah, 9
0x18deb: mov dx, 0x42e
0x18dee: int 0x21
0x18df0: mov ax, 0x3508
0x18df3: int 0x21
0x18df5: mov si, 0x368
0x18df8: mov word ptr [si], bx
0x18dfa: mov bx, es
0x18dfc: mov word ptr [si + 2], bx
0x18dff: mov ax, 0x2508
0x18e02: mov dx, 0x36f
0x18e05: int 0x21
0x18e07: mov dx, 0x499
0x18e0a: int 0x27
0x18e0c: mov cx, cs
0x18e0e: sub cx, word ptr [0x458]
2018-12-25T12:04:29.432615122Z 26 PC: 18e1d | Set disk transfer address
2018-12-25T12:04:29.434108895Z 48 PC: 13777 | Get DOS version
2018-12-25T12:04:29.4357573Z 9 PC: 13783 | Display string (String= 'Incorrect DOS version ')