Sample viewer

vx.netlux.org/Virus.DOS.Yanush.934

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:45:44.641876038Z 26 PC: 16276 | Set disk transfer address
2018-12-17T22:45:44.644111697Z 71 PC: 1628e | Get current directory
2018-12-17T22:45:44.647136438Z 59 PC: 16297 | Change current directory
2018-12-17T22:45:44.65101361Z 47 PC: 16373 | Get disk transfer address
2018-12-17T22:45:44.652859527Z 26 PC: 16380 | Set disk transfer address
2018-12-17T22:45:44.654164187Z 78 PC: 1638b | Find first file
2018-12-17T22:45:44.660425016Z 67 PC: 163af | Get or set file attributes
2018-12-17T22:45:44.666437147Z 67 PC: 163c1 | Get or set file attributes
2018-12-17T22:45:44.6853507Z 61 PC: 163cd | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:45:44.692317334Z 87 PC: 163d8 | Get or set file date and time
2018-12-17T22:45:44.693813534Z 63 PC: 163eb | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:45:44.702126958Z 66 PC: 1641b | Move file pointer
2018-12-17T22:45:44.704153313Z 64 PC: 16434 | Write file or device (Write 934 bytes on handle 5)
2018-12-17T22:45:44.713625494Z 66 PC: 16443 | Move file pointer
2018-12-17T22:45:44.71847962Z 64 PC: 1644e | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:45:44.726159955Z 87 PC: 16460 | Get or set file date and time
2018-12-17T22:45:44.728267163Z 67 PC: 1646e | Get or set file attributes
2018-12-17T22:45:44.742353699Z 62 PC: 16472 | Close file
2018-12-17T22:45:44.752810919Z 79 PC: 1638b | Find next file
2018-12-17T22:45:44.755683896Z 67 PC: 163af | Get or set file attributes
2018-12-17T22:45:44.762260197Z 67 PC: 163c1 | Get or set file attributes
2018-12-17T22:45:44.773380613Z 61 PC: 163cd | Open file (Filename = 'PRINT.COM')
2018-12-17T22:45:44.78180771Z 87 PC: 163d8 | Get or set file date and time
2018-12-17T22:45:44.783520487Z 63 PC: 163eb | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:45:44.797034979Z 66 PC: 1641b | Move file pointer
2018-12-17T22:45:44.799263294Z 64 PC: 16434 | Write file or device (Write 934 bytes on handle 5)
2018-12-17T22:45:44.812608368Z 66 PC: 16443 | Move file pointer
2018-12-17T22:45:44.815943802Z 64 PC: 1644e | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:45:44.823207014Z 87 PC: 16460 | Get or set file date and time
2018-12-17T22:45:44.825188595Z 67 PC: 1646e | Get or set file attributes
2018-12-17T22:45:44.837430337Z 62 PC: 16472 | Close file
2018-12-17T22:45:44.845383194Z 79 PC: 1638b | Find next file
2018-12-17T22:45:44.848422943Z 67 PC: 163af | Get or set file attributes
2018-12-17T22:45:44.85589127Z 67 PC: 163c1 | Get or set file attributes
2018-12-17T22:45:44.866883124Z 61 PC: 163cd | Open file (Filename = 'HELLO.COM')
2018-12-17T22:45:44.873944195Z 87 PC: 163d8 | Get or set file date and time
2018-12-17T22:45:44.876692808Z 63 PC: 163eb | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:45:44.883694237Z 66 PC: 1641b | Move file pointer
2018-12-17T22:45:44.885787879Z 64 PC: 16434 | Write file or device (Write 934 bytes on handle 5)
2018-12-17T22:45:44.896017202Z 66 PC: 16443 | Move file pointer
2018-12-17T22:45:44.897870512Z 64 PC: 1644e | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:45:44.905037834Z 87 PC: 16460 | Get or set file date and time
2018-12-17T22:45:44.906988016Z 67 PC: 1646e | Get or set file attributes
2018-12-17T22:45:44.919524351Z 62 PC: 16472 | Close file
2018-12-17T22:45:44.927495542Z 79 PC: 1638b | Find next file
2018-12-17T22:45:44.931390488Z 67 PC: 163af | Get or set file attributes
2018-12-17T22:45:44.938389012Z 67 PC: 163c1 | Get or set file attributes
2018-12-17T22:45:44.948805666Z 61 PC: 163cd | Open file (Filename = 'PHANG.COM')
2018-12-17T22:45:44.956779251Z 87 PC: 163d8 | Get or set file date and time
2018-12-17T22:45:44.959362092Z 63 PC: 163eb | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:45:44.967526947Z 66 PC: 1641b | Move file pointer
2018-12-17T22:45:44.97038765Z 64 PC: 16434 | Write file or device (Write 934 bytes on handle 5)
2018-12-17T22:45:44.9805681Z 66 PC: 16443 | Move file pointer
2018-12-17T22:45:44.983007462Z 64 PC: 1644e | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:45:44.990369599Z 87 PC: 16460 | Get or set file date and time
2018-12-17T22:45:44.992609877Z 67 PC: 1646e | Get or set file attributes
2018-12-17T22:45:45.005457486Z 62 PC: 16472 | Close file
2018-12-17T22:45:45.013559012Z 26 PC: 163a5 | Set disk transfer address
2018-12-17T22:45:45.015042679Z 59 PC: 162a2 | Change current directory
2018-12-17T22:45:45.018096755Z 26 PC: 162ab | Set disk transfer address
2018-12-17T22:45:45.019328708Z 42 PC: 162af | Get date 0x162af: cmp dh, 6
0x162b2: je 0x162c0
0x162b4: cmp dh, 9
0x162b7: je 0x162c7
0x162b9: cmp dh, 4
0x162bc: je 0x162ce
0x162be: jmp 0x1630d
0x162c0: cmp dl, 2
0x162c3: je 0x162d5
0x162c5: jmp 0x1630d
0x162c7: cmp dl, 3
0x162ca: je 0x162e7
0x162cc: jmp 0x1630d
0x162ce: cmp dl, 1
0x162d1: je 0x162f9
0x162d3: jmp 0x1630d
0x162d5: mov ah, 9
0x162d7: lea dx, word ptr [si + 0x3b0]
0x162db: int 0x21
0x162dd: mov ah, 9
2018-12-17T22:45:45.026296916Z 9 PC: 154f8 | Display string (String= 'Keyboard driver installed. (C) 1988,1989 A.Strakhov, AcademySoft. ')
2018-12-17T22:45:45.033297564Z 9 PC: 159b7 | Display string (String= 'Switch RUS/LAT modes : ')
2018-12-17T22:45:45.035799152Z 9 PC: 159c5 | Display string (String= '+')
2018-12-17T22:45:45.054303025Z 9 PC: 159cc | Display string (String= ' ')
2018-12-17T22:45:45.059169004Z 9 PC: 159b7 | Display string (String= 'Switch IBM/RUS modes : ')
2018-12-17T22:45:45.064290353Z 9 PC: 159c5 | Display string (String= '++')
2018-12-17T22:45:45.06726517Z 9 PC: 159cc | Display string (String= ' ')
2018-12-17T22:45:45.074013323Z 73 PC: 15513 | Release memory
2018-12-17T22:45:45.075866073Z 49 PC: 15533 | Terminate and stay resident (Return code = '0' | Memory size = '690')

{"DateBased":true,"Day":1,"Month":9,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8643,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:21:36.769064015Z 26 PC: 16276 | Set disk transfer address
2018-12-25T12:21:36.770973788Z 71 PC: 1628e | Get current directory
2018-12-25T12:21:36.773766548Z 59 PC: 16297 | Change current directory
2018-12-25T12:21:36.777635569Z 47 PC: 16373 | Get disk transfer address
2018-12-25T12:21:36.77935846Z 26 PC: 16380 | Set disk transfer address
2018-12-25T12:21:36.780324626Z 78 PC: 1638b | Find first file
2018-12-25T12:21:36.786095793Z 67 PC: 163af | Get or set file attributes
2018-12-25T12:21:36.791891593Z 67 PC: 163c1 | Get or set file attributes
2018-12-25T12:21:36.808021489Z 61 PC: 163cd | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:21:36.814674198Z 87 PC: 163d8 | Get or set file date and time
2018-12-25T12:21:36.817074724Z 63 PC: 163eb | Read file or device (Read 5 bytes on handle 5)
2018-12-25T12:21:36.823620799Z 66 PC: 1641b | Move file pointer
2018-12-25T12:21:36.825497818Z 64 PC: 16434 | Write file or device (Write 934 bytes on handle 5)
2018-12-25T12:21:36.833926625Z 66 PC: 16443 | Move file pointer
2018-12-25T12:21:36.835590988Z 64 PC: 1644e | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:21:36.842482667Z 87 PC: 16460 | Get or set file date and time
2018-12-25T12:21:36.843983525Z 67 PC: 1646e | Get or set file attributes
2018-12-25T12:21:36.854747707Z 62 PC: 16472 | Close file
2018-12-25T12:21:36.862493318Z 79 PC: 1638b | Find next file (See above)
2018-12-25T12:21:36.86533779Z 67 PC: 163af | Get or set file attributes (See above)
2018-12-25T12:21:36.872188875Z 67 PC: 163c1 | Get or set file attributes (See above)
2018-12-25T12:21:36.881751771Z 61 PC: 163cd | Open file (See above)
2018-12-25T12:21:36.888115883Z 87 PC: 163d8 | Get or set file date and time (See above)
2018-12-25T12:21:36.890089086Z 63 PC: 163eb | Read file or device (See above)
2018-12-25T12:21:36.896469583Z 66 PC: 1641b | Move file pointer (See above)
2018-12-25T12:21:36.898058253Z 64 PC: 16434 | Write file or device (See above)
2018-12-25T12:21:36.906380936Z 66 PC: 16443 | Move file pointer (See above)
2018-12-25T12:21:36.911171595Z 64 PC: 1644e | Write file or device (See above)
2018-12-25T12:21:36.91802109Z 87 PC: 16460 | Get or set file date and time (See above)
2018-12-25T12:21:36.926201608Z 67 PC: 1646e | Get or set file attributes (See above)
2018-12-25T12:21:36.939096305Z 62 PC: 16472 | Close file (See above)
2018-12-25T12:21:36.946196005Z 79 PC: 1638b | Find next file (See above)
2018-12-25T12:21:36.949975338Z 67 PC: 163af | Get or set file attributes (See above)
2018-12-25T12:21:36.955577048Z 67 PC: 163c1 | Get or set file attributes (See above)
2018-12-25T12:21:36.965244223Z 61 PC: 163cd | Open file (See above)
2018-12-25T12:21:36.978069834Z 87 PC: 163d8 | Get or set file date and time (See above)
2018-12-25T12:21:36.979641837Z 63 PC: 163eb | Read file or device (See above)
2018-12-25T12:21:36.986258641Z 66 PC: 1641b | Move file pointer (See above)
2018-12-25T12:21:36.988057283Z 64 PC: 16434 | Write file or device (See above)
2018-12-25T12:21:36.998271152Z 66 PC: 16443 | Move file pointer (See above)
2018-12-25T12:21:36.999939502Z 64 PC: 1644e | Write file or device (See above)
2018-12-25T12:21:37.006619865Z 87 PC: 16460 | Get or set file date and time (See above)
2018-12-25T12:21:37.008727206Z 67 PC: 1646e | Get or set file attributes (See above)
2018-12-25T12:21:37.020139336Z 62 PC: 16472 | Close file (See above)
2018-12-25T12:21:37.027138651Z 79 PC: 1638b | Find next file (See above)
2018-12-25T12:21:37.031068504Z 67 PC: 163af | Get or set file attributes (See above)
2018-12-25T12:21:37.036851612Z 67 PC: 163c1 | Get or set file attributes (See above)
2018-12-25T12:21:37.046930491Z 61 PC: 163cd | Open file (See above)
2018-12-25T12:21:37.057578893Z 87 PC: 163d8 | Get or set file date and time (See above)
2018-12-25T12:21:37.059001955Z 63 PC: 163eb | Read file or device (See above)
2018-12-25T12:21:37.064203043Z 66 PC: 1641b | Move file pointer (See above)
2018-12-25T12:21:37.066342597Z 64 PC: 16434 | Write file or device (See above)
2018-12-25T12:21:37.07427002Z 66 PC: 16443 | Move file pointer (See above)
2018-12-25T12:21:37.076245908Z 64 PC: 1644e | Write file or device (See above)
2018-12-25T12:21:37.084024327Z 87 PC: 16460 | Get or set file date and time (See above)
2018-12-25T12:21:37.085463871Z 67 PC: 1646e | Get or set file attributes (See above)
2018-12-25T12:21:37.096818563Z 62 PC: 16472 | Close file (See above)
2018-12-25T12:21:37.104368685Z 26 PC: 163a5 | Set disk transfer address
2018-12-25T12:21:37.105362293Z 59 PC: 162a2 | Change current directory
2018-12-25T12:21:37.107050194Z 26 PC: 162ab | Set disk transfer address
2018-12-25T12:21:37.109067942Z 42 PC: 162af | Get date 0x162af: cmp dh, 6
0x162b2: je 0x162c0
0x162b4: cmp dh, 9
0x162b7: je 0x162c7
0x162b9: cmp dh, 4
0x162bc: je 0x162ce
0x162be: jmp 0x1630d
0x162c0: cmp dl, 2
0x162c3: je 0x162d5
0x162c5: jmp 0x1630d
0x162c7: cmp dl, 3
0x162ca: je 0x162e7
0x162cc: jmp 0x1630d
0x162ce: cmp dl, 1
0x162d1: je 0x162f9
0x162d3: jmp 0x1630d
0x162d5: mov ah, 9
0x162d7: lea dx, word ptr [si + 0x3b0]
0x162db: int 0x21
0x162dd: mov ah, 9
2018-12-25T12:21:37.115995408Z 9 PC: 154f8 | Display string (String= 'Keyboard driver installed. (C) 1988,1989 A.Strakhov, AcademySoft. ')
2018-12-25T12:21:37.128147548Z 9 PC: 159b7 | Display string (String= 'Switch RUS/LAT modes : ')
2018-12-25T12:21:37.131543833Z 9 PC: 159c5 | Display string (String= '+')
2018-12-25T12:21:37.135521335Z 9 PC: 159cc | Display string (String= ' ')
2018-12-25T12:21:37.139566629Z 9 PC: 159b7 | Display string (See above)
2018-12-25T12:21:37.142440004Z 9 PC: 159c5 | Display string (See above)
2018-12-25T12:21:37.145844678Z 9 PC: 159cc | Display string (See above)
2018-12-25T12:21:37.149728293Z 73 PC: 15513 | Release memory
2018-12-25T12:21:37.151545969Z 49 PC: 15533 | Terminate and stay resident (Return code = '0' | Memory size = '690')

{"DateBased":true,"Day":3,"Month":9,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8643,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:21:36.900609478Z 26 PC: 16276 | Set disk transfer address
2018-12-25T12:21:36.902550039Z 71 PC: 1628e | Get current directory
2018-12-25T12:21:36.90546413Z 59 PC: 16297 | Change current directory
2018-12-25T12:21:36.909979378Z 47 PC: 16373 | Get disk transfer address
2018-12-25T12:21:36.915463585Z 26 PC: 16380 | Set disk transfer address
2018-12-25T12:21:36.918179778Z 78 PC: 1638b | Find first file
2018-12-25T12:21:36.924150158Z 67 PC: 163af | Get or set file attributes
2018-12-25T12:21:36.930142558Z 67 PC: 163c1 | Get or set file attributes
2018-12-25T12:21:36.947570847Z 61 PC: 163cd | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:21:36.953884291Z 87 PC: 163d8 | Get or set file date and time
2018-12-25T12:21:36.956062476Z 63 PC: 163eb | Read file or device (Read 5 bytes on handle 5)
2018-12-25T12:21:36.962267152Z 66 PC: 1641b | Move file pointer
2018-12-25T12:21:36.964044215Z 64 PC: 16434 | Write file or device (Write 934 bytes on handle 5)
2018-12-25T12:21:36.972952743Z 66 PC: 16443 | Move file pointer
2018-12-25T12:21:36.974669628Z 64 PC: 1644e | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:21:36.981889702Z 87 PC: 16460 | Get or set file date and time
2018-12-25T12:21:36.983418525Z 67 PC: 1646e | Get or set file attributes
2018-12-25T12:21:36.995148738Z 62 PC: 16472 | Close file
2018-12-25T12:21:37.002642295Z 79 PC: 1638b | Find next file (See above)
2018-12-25T12:21:37.006831469Z 67 PC: 163af | Get or set file attributes (See above)
2018-12-25T12:21:37.012873826Z 67 PC: 163c1 | Get or set file attributes (See above)
2018-12-25T12:21:37.022735626Z 61 PC: 163cd | Open file (See above)
2018-12-25T12:21:37.034569659Z 87 PC: 163d8 | Get or set file date and time (See above)
2018-12-25T12:21:37.037575098Z 63 PC: 163eb | Read file or device (See above)
2018-12-25T12:21:37.044570982Z 66 PC: 1641b | Move file pointer (See above)
2018-12-25T12:21:37.046772638Z 64 PC: 16434 | Write file or device (See above)
2018-12-25T12:21:37.055310482Z 66 PC: 16443 | Move file pointer (See above)
2018-12-25T12:21:37.056634313Z 64 PC: 1644e | Write file or device (See above)
2018-12-25T12:21:37.06312648Z 87 PC: 16460 | Get or set file date and time (See above)
2018-12-25T12:21:37.064975193Z 67 PC: 1646e | Get or set file attributes (See above)
2018-12-25T12:21:37.075497049Z 62 PC: 16472 | Close file (See above)
2018-12-25T12:21:37.082142168Z 79 PC: 1638b | Find next file (See above)
2018-12-25T12:21:37.084968075Z 67 PC: 163af | Get or set file attributes (See above)
2018-12-25T12:21:37.090292618Z 67 PC: 163c1 | Get or set file attributes (See above)
2018-12-25T12:21:37.099600566Z 61 PC: 163cd | Open file (See above)
2018-12-25T12:21:37.114423354Z 87 PC: 163d8 | Get or set file date and time (See above)
2018-12-25T12:21:37.115895776Z 63 PC: 163eb | Read file or device (See above)
2018-12-25T12:21:37.121995409Z 66 PC: 1641b | Move file pointer (See above)
2018-12-25T12:21:37.124368084Z 64 PC: 16434 | Write file or device (See above)
2018-12-25T12:21:37.132942938Z 66 PC: 16443 | Move file pointer (See above)
2018-12-25T12:21:37.134124587Z 64 PC: 1644e | Write file or device (See above)
2018-12-25T12:21:37.140952438Z 87 PC: 16460 | Get or set file date and time (See above)
2018-12-25T12:21:37.142389928Z 67 PC: 1646e | Get or set file attributes (See above)
2018-12-25T12:21:37.153174771Z 62 PC: 16472 | Close file (See above)
2018-12-25T12:21:37.16033991Z 79 PC: 1638b | Find next file (See above)
2018-12-25T12:21:37.162817379Z 67 PC: 163af | Get or set file attributes (See above)
2018-12-25T12:21:37.168761007Z 67 PC: 163c1 | Get or set file attributes (See above)
2018-12-25T12:21:37.178863907Z 61 PC: 163cd | Open file (See above)
2018-12-25T12:21:37.185716764Z 87 PC: 163d8 | Get or set file date and time (See above)
2018-12-25T12:21:37.187241369Z 63 PC: 163eb | Read file or device (See above)
2018-12-25T12:21:37.19364298Z 66 PC: 1641b | Move file pointer (See above)
2018-12-25T12:21:37.195301709Z 64 PC: 16434 | Write file or device (See above)
2018-12-25T12:21:37.203538297Z 66 PC: 16443 | Move file pointer (See above)
2018-12-25T12:21:37.205318222Z 64 PC: 1644e | Write file or device (See above)
2018-12-25T12:21:37.214840477Z 87 PC: 16460 | Get or set file date and time (See above)
2018-12-25T12:21:37.216193915Z 67 PC: 1646e | Get or set file attributes (See above)
2018-12-25T12:21:37.226381387Z 62 PC: 16472 | Close file (See above)
2018-12-25T12:21:37.233863129Z 26 PC: 163a5 | Set disk transfer address
2018-12-25T12:21:37.235238287Z 59 PC: 162a2 | Change current directory
2018-12-25T12:21:37.237216878Z 26 PC: 162ab | Set disk transfer address
2018-12-25T12:21:37.239152793Z 42 PC: 162af | Get date 0x162af: cmp dh, 6
0x162b2: je 0x162c0
0x162b4: cmp dh, 9
0x162b7: je 0x162c7
0x162b9: cmp dh, 4
0x162bc: je 0x162ce
0x162be: jmp 0x1630d
0x162c0: cmp dl, 2
0x162c3: je 0x162d5
0x162c5: jmp 0x1630d
0x162c7: cmp dl, 3
0x162ca: je 0x162e7
0x162cc: jmp 0x1630d
0x162ce: cmp dl, 1
0x162d1: je 0x162f9
0x162d3: jmp 0x1630d
0x162d5: mov ah, 9
0x162d7: lea dx, word ptr [si + 0x3b0]
0x162db: int 0x21
0x162dd: mov ah, 9
2018-12-25T12:21:37.241144962Z 9 PC: 162ef | Display string (String= 'Relax man ... relax ... ')
2018-12-25T12:21:37.245043631Z 9 PC: 162f7 | Display string (String= '[VivatNadym] v.2.0 [1998] ')
2018-12-25T12:21:37.252122186Z 0 PC: 1630d | Program terminate

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8643,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:21:37.241517354Z 26 PC: 16276 | Set disk transfer address
2018-12-25T12:21:37.243362308Z 71 PC: 1628e | Get current directory
2018-12-25T12:21:37.246005124Z 59 PC: 16297 | Change current directory
2018-12-25T12:21:37.249781995Z 47 PC: 16373 | Get disk transfer address
2018-12-25T12:21:37.251343674Z 26 PC: 16380 | Set disk transfer address
2018-12-25T12:21:37.252348194Z 78 PC: 1638b | Find first file
2018-12-25T12:21:37.258086989Z 67 PC: 163af | Get or set file attributes
2018-12-25T12:21:37.26445623Z 67 PC: 163c1 | Get or set file attributes
2018-12-25T12:21:37.280726338Z 61 PC: 163cd | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:21:37.287035437Z 87 PC: 163d8 | Get or set file date and time
2018-12-25T12:21:37.288742095Z 63 PC: 163eb | Read file or device (Read 5 bytes on handle 5)
2018-12-25T12:21:37.294912195Z 66 PC: 1641b | Move file pointer
2018-12-25T12:21:37.296353745Z 64 PC: 16434 | Write file or device (Write 934 bytes on handle 5)
2018-12-25T12:21:37.308403871Z 66 PC: 16443 | Move file pointer
2018-12-25T12:21:37.30974532Z 64 PC: 1644e | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:21:37.316519139Z 87 PC: 16460 | Get or set file date and time
2018-12-25T12:21:37.318936057Z 67 PC: 1646e | Get or set file attributes
2018-12-25T12:21:37.329184911Z 62 PC: 16472 | Close file
2018-12-25T12:21:37.335854864Z 79 PC: 1638b | Find next file (See above)
2018-12-25T12:21:37.338859775Z 67 PC: 163af | Get or set file attributes (See above)
2018-12-25T12:21:37.344237419Z 67 PC: 163c1 | Get or set file attributes (See above)
2018-12-25T12:21:37.353652475Z 61 PC: 163cd | Open file (See above)
2018-12-25T12:21:37.365285079Z 87 PC: 163d8 | Get or set file date and time (See above)
2018-12-25T12:21:37.366625031Z 63 PC: 163eb | Read file or device (See above)
2018-12-25T12:21:37.37291113Z 66 PC: 1641b | Move file pointer (See above)
2018-12-25T12:21:37.374949007Z 64 PC: 16434 | Write file or device (See above)
2018-12-25T12:21:37.384012236Z 66 PC: 16443 | Move file pointer (See above)
2018-12-25T12:21:37.385428685Z 64 PC: 1644e | Write file or device (See above)
2018-12-25T12:21:37.391260393Z 87 PC: 16460 | Get or set file date and time (See above)
2018-12-25T12:21:37.392943683Z 67 PC: 1646e | Get or set file attributes (See above)
2018-12-25T12:21:37.400251353Z 62 PC: 16472 | Close file (See above)
2018-12-25T12:21:37.405486649Z 79 PC: 1638b | Find next file (See above)
2018-12-25T12:21:37.407426201Z 67 PC: 163af | Get or set file attributes (See above)
2018-12-25T12:21:37.411074426Z 67 PC: 163c1 | Get or set file attributes (See above)
2018-12-25T12:21:37.419773236Z 61 PC: 163cd | Open file (See above)
2018-12-25T12:21:37.430525493Z 87 PC: 163d8 | Get or set file date and time (See above)
2018-12-25T12:21:37.431442415Z 63 PC: 163eb | Read file or device (See above)
2018-12-25T12:21:37.436061494Z 66 PC: 1641b | Move file pointer (See above)
2018-12-25T12:21:37.437354328Z 64 PC: 16434 | Write file or device (See above)
2018-12-25T12:21:37.446217738Z 66 PC: 16443 | Move file pointer (See above)
2018-12-25T12:21:37.448474174Z 64 PC: 1644e | Write file or device (See above)
2018-12-25T12:21:37.454625808Z 87 PC: 16460 | Get or set file date and time (See above)
2018-12-25T12:21:37.455909647Z 67 PC: 1646e | Get or set file attributes (See above)
2018-12-25T12:21:37.467324336Z 62 PC: 16472 | Close file (See above)
2018-12-25T12:21:37.474082351Z 79 PC: 1638b | Find next file (See above)
2018-12-25T12:21:37.476715486Z 67 PC: 163af | Get or set file attributes (See above)
2018-12-25T12:21:37.482563912Z 67 PC: 163c1 | Get or set file attributes (See above)
2018-12-25T12:21:37.492553616Z 61 PC: 163cd | Open file (See above)
2018-12-25T12:21:37.504641218Z 87 PC: 163d8 | Get or set file date and time (See above)
2018-12-25T12:21:37.506688169Z 63 PC: 163eb | Read file or device (See above)
2018-12-25T12:21:37.513237605Z 66 PC: 1641b | Move file pointer (See above)
2018-12-25T12:21:37.514919905Z 64 PC: 16434 | Write file or device (See above)
2018-12-25T12:21:37.527181385Z 66 PC: 16443 | Move file pointer (See above)
2018-12-25T12:21:37.528873974Z 64 PC: 1644e | Write file or device (See above)
2018-12-25T12:21:37.535648494Z 87 PC: 16460 | Get or set file date and time (See above)
2018-12-25T12:21:37.537567318Z 67 PC: 1646e | Get or set file attributes (See above)
2018-12-25T12:21:37.548660344Z 62 PC: 16472 | Close file (See above)
2018-12-25T12:21:37.555601171Z 26 PC: 163a5 | Set disk transfer address
2018-12-25T12:21:37.556841634Z 59 PC: 162a2 | Change current directory
2018-12-25T12:21:37.561770102Z 26 PC: 162ab | Set disk transfer address
2018-12-25T12:21:37.563133969Z 42 PC: 162af | Get date 0x162af: cmp dh, 6
0x162b2: je 0x162c0
0x162b4: cmp dh, 9
0x162b7: je 0x162c7
0x162b9: cmp dh, 4
0x162bc: je 0x162ce
0x162be: jmp 0x1630d
0x162c0: cmp dl, 2
0x162c3: je 0x162d5
0x162c5: jmp 0x1630d
0x162c7: cmp dl, 3
0x162ca: je 0x162e7
0x162cc: jmp 0x1630d
0x162ce: cmp dl, 1
0x162d1: je 0x162f9
0x162d3: jmp 0x1630d
0x162d5: mov ah, 9
0x162d7: lea dx, word ptr [si + 0x3b0]
0x162db: int 0x21
0x162dd: mov ah, 9
2018-12-25T12:21:37.580026164Z 9 PC: 154f8 | Display string (String= 'Keyboard driver installed. (C) 1988,1989 A.Strakhov, AcademySoft. ')
2018-12-25T12:21:37.586722039Z 9 PC: 159b7 | Display string (String= 'Switch RUS/LAT modes : ')
2018-12-25T12:21:37.589637288Z 9 PC: 159c5 | Display string (String= '+')
2018-12-25T12:21:37.593402727Z 9 PC: 159cc | Display string (String= ' ')
2018-12-25T12:21:37.597634974Z 9 PC: 159b7 | Display string (See above)
2018-12-25T12:21:37.601012545Z 9 PC: 159c5 | Display string (See above)
2018-12-25T12:21:37.604804933Z 9 PC: 159cc | Display string (See above)
2018-12-25T12:21:37.609264853Z 73 PC: 15513 | Release memory
2018-12-25T12:21:37.610704733Z 49 PC: 15533 | Terminate and stay resident (Return code = '0' | Memory size = '690')

{"DateBased":true,"Day":1,"Month":4,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8643,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:21:37.487545453Z 26 PC: 16276 | Set disk transfer address
2018-12-25T12:21:37.489822542Z 71 PC: 1628e | Get current directory
2018-12-25T12:21:37.49313229Z 59 PC: 16297 | Change current directory
2018-12-25T12:21:37.496958039Z 47 PC: 16373 | Get disk transfer address
2018-12-25T12:21:37.498690142Z 26 PC: 16380 | Set disk transfer address
2018-12-25T12:21:37.499762868Z 78 PC: 1638b | Find first file
2018-12-25T12:21:37.505709129Z 67 PC: 163af | Get or set file attributes
2018-12-25T12:21:37.512010835Z 67 PC: 163c1 | Get or set file attributes
2018-12-25T12:21:37.527420779Z 61 PC: 163cd | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:21:37.533875402Z 87 PC: 163d8 | Get or set file date and time
2018-12-25T12:21:37.535599094Z 63 PC: 163eb | Read file or device (Read 5 bytes on handle 5)
2018-12-25T12:21:37.542895424Z 66 PC: 1641b | Move file pointer
2018-12-25T12:21:37.544902194Z 64 PC: 16434 | Write file or device (Write 934 bytes on handle 5)
2018-12-25T12:21:37.554099681Z 66 PC: 16443 | Move file pointer
2018-12-25T12:21:37.557112018Z 64 PC: 1644e | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:21:37.563968511Z 87 PC: 16460 | Get or set file date and time
2018-12-25T12:21:37.565455358Z 67 PC: 1646e | Get or set file attributes
2018-12-25T12:21:37.576701933Z 62 PC: 16472 | Close file
2018-12-25T12:21:37.58387701Z 79 PC: 1638b | Find next file (See above)
2018-12-25T12:21:37.586828008Z 67 PC: 163af | Get or set file attributes (See above)
2018-12-25T12:21:37.593490561Z 67 PC: 163c1 | Get or set file attributes (See above)
2018-12-25T12:21:37.603254256Z 61 PC: 163cd | Open file (See above)
2018-12-25T12:21:37.610826908Z 87 PC: 163d8 | Get or set file date and time (See above)
2018-12-25T12:21:37.612837446Z 63 PC: 163eb | Read file or device (See above)
2018-12-25T12:21:37.619979801Z 66 PC: 1641b | Move file pointer (See above)
2018-12-25T12:21:37.622018942Z 64 PC: 16434 | Write file or device (See above)
2018-12-25T12:21:37.631556666Z 66 PC: 16443 | Move file pointer (See above)
2018-12-25T12:21:37.63337992Z 64 PC: 1644e | Write file or device (See above)
2018-12-25T12:21:37.639829494Z 87 PC: 16460 | Get or set file date and time (See above)
2018-12-25T12:21:37.650327336Z 67 PC: 1646e | Get or set file attributes (See above)
2018-12-25T12:21:37.661679778Z 62 PC: 16472 | Close file (See above)
2018-12-25T12:21:37.66853175Z 79 PC: 1638b | Find next file (See above)
2018-12-25T12:21:37.671894249Z 67 PC: 163af | Get or set file attributes (See above)
2018-12-25T12:21:37.677471319Z 67 PC: 163c1 | Get or set file attributes (See above)
2018-12-25T12:21:37.688964626Z 61 PC: 163cd | Open file (See above)
2018-12-25T12:21:37.701093085Z 87 PC: 163d8 | Get or set file date and time (See above)
2018-12-25T12:21:37.702495703Z 63 PC: 163eb | Read file or device (See above)
2018-12-25T12:21:37.708684013Z 66 PC: 1641b | Move file pointer (See above)
2018-12-25T12:21:37.711704202Z 64 PC: 16434 | Write file or device (See above)
2018-12-25T12:21:37.720460113Z 66 PC: 16443 | Move file pointer (See above)
2018-12-25T12:21:37.722050081Z 64 PC: 1644e | Write file or device (See above)
2018-12-25T12:21:37.734525461Z 87 PC: 16460 | Get or set file date and time (See above)
2018-12-25T12:21:37.736311905Z 67 PC: 1646e | Get or set file attributes (See above)
2018-12-25T12:21:37.747598326Z 62 PC: 16472 | Close file (See above)
2018-12-25T12:21:37.752810899Z 79 PC: 1638b | Find next file (See above)
2018-12-25T12:21:37.755303009Z 67 PC: 163af | Get or set file attributes (See above)
2018-12-25T12:21:37.760621084Z 67 PC: 163c1 | Get or set file attributes (See above)
2018-12-25T12:21:37.770760134Z 61 PC: 163cd | Open file (See above)
2018-12-25T12:21:37.775443757Z 87 PC: 163d8 | Get or set file date and time (See above)
2018-12-25T12:21:37.776512764Z 63 PC: 163eb | Read file or device (See above)
2018-12-25T12:21:37.782123102Z 66 PC: 1641b | Move file pointer (See above)
2018-12-25T12:21:37.783344914Z 64 PC: 16434 | Write file or device (See above)
2018-12-25T12:21:37.788775912Z 66 PC: 16443 | Move file pointer (See above)
2018-12-25T12:21:37.790343224Z 64 PC: 1644e | Write file or device (See above)
2018-12-25T12:21:37.794755025Z 87 PC: 16460 | Get or set file date and time (See above)
2018-12-25T12:21:37.795929077Z 67 PC: 1646e | Get or set file attributes (See above)
2018-12-25T12:21:37.80522776Z 62 PC: 16472 | Close file (See above)
2018-12-25T12:21:37.81052074Z 26 PC: 163a5 | Set disk transfer address
2018-12-25T12:21:37.811547081Z 59 PC: 162a2 | Change current directory
2018-12-25T12:21:37.813449197Z 26 PC: 162ab | Set disk transfer address
2018-12-25T12:21:37.81448521Z 42 PC: 162af | Get date 0x162af: cmp dh, 6
0x162b2: je 0x162c0
0x162b4: cmp dh, 9
0x162b7: je 0x162c7
0x162b9: cmp dh, 4
0x162bc: je 0x162ce
0x162be: jmp 0x1630d
0x162c0: cmp dl, 2
0x162c3: je 0x162d5
0x162c5: jmp 0x1630d
0x162c7: cmp dl, 3
0x162ca: je 0x162e7
0x162cc: jmp 0x1630d
0x162ce: cmp dl, 1
0x162d1: je 0x162f9
0x162d3: jmp 0x1630d
0x162d5: mov ah, 9
0x162d7: lea dx, word ptr [si + 0x3b0]
0x162db: int 0x21
0x162dd: mov ah, 9
2018-12-25T12:21:37.816111118Z 9 PC: 16301 | Display string (String= 'Hello, Welcome to the Psychiatric Hotline. ')
2018-12-25T12:21:37.819966504Z 9 PC: 16309 | Display string (String= '[VivatNadym] v.2.0 [1998] ')
2018-12-25T12:21:37.822621326Z 0 PC: 1630d | Program terminate

{"DateBased":true,"Day":2,"Month":4,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8643,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:21:37.72186677Z 26 PC: 16276 | Set disk transfer address
2018-12-25T12:21:37.724586992Z 71 PC: 1628e | Get current directory
2018-12-25T12:21:37.728486733Z 59 PC: 16297 | Change current directory
2018-12-25T12:21:37.732632759Z 47 PC: 16373 | Get disk transfer address
2018-12-25T12:21:37.734588225Z 26 PC: 16380 | Set disk transfer address
2018-12-25T12:21:37.735694053Z 78 PC: 1638b | Find first file
2018-12-25T12:21:37.741923645Z 67 PC: 163af | Get or set file attributes
2018-12-25T12:21:37.747808718Z 67 PC: 163c1 | Get or set file attributes
2018-12-25T12:21:37.770919928Z 61 PC: 163cd | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:21:37.777423187Z 87 PC: 163d8 | Get or set file date and time
2018-12-25T12:21:37.779190377Z 63 PC: 163eb | Read file or device (Read 5 bytes on handle 5)
2018-12-25T12:21:37.785869424Z 66 PC: 1641b | Move file pointer
2018-12-25T12:21:37.787399442Z 64 PC: 16434 | Write file or device (Write 934 bytes on handle 5)
2018-12-25T12:21:37.796071401Z 66 PC: 16443 | Move file pointer
2018-12-25T12:21:37.798146042Z 64 PC: 1644e | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:21:37.804841686Z 87 PC: 16460 | Get or set file date and time
2018-12-25T12:21:37.807417965Z 67 PC: 1646e | Get or set file attributes
2018-12-25T12:21:37.818676444Z 62 PC: 16472 | Close file
2018-12-25T12:21:37.825799598Z 79 PC: 1638b | Find next file (See above)
2018-12-25T12:21:37.829422375Z 67 PC: 163af | Get or set file attributes (See above)
2018-12-25T12:21:37.837375439Z 67 PC: 163c1 | Get or set file attributes (See above)
2018-12-25T12:21:37.84696902Z 61 PC: 163cd | Open file (See above)
2018-12-25T12:21:37.853411835Z 87 PC: 163d8 | Get or set file date and time (See above)
2018-12-25T12:21:37.855320061Z 63 PC: 163eb | Read file or device (See above)
2018-12-25T12:21:37.861556579Z 66 PC: 1641b | Move file pointer (See above)
2018-12-25T12:21:37.863034477Z 64 PC: 16434 | Write file or device (See above)
2018-12-25T12:21:37.872096246Z 66 PC: 16443 | Move file pointer (See above)
2018-12-25T12:21:37.873477978Z 64 PC: 1644e | Write file or device (See above)
2018-12-25T12:21:37.879866049Z 87 PC: 16460 | Get or set file date and time (See above)
2018-12-25T12:21:37.882949302Z 67 PC: 1646e | Get or set file attributes (See above)
2018-12-25T12:21:37.893623916Z 62 PC: 16472 | Close file (See above)
2018-12-25T12:21:37.900714259Z 79 PC: 1638b | Find next file (See above)
2018-12-25T12:21:37.904515931Z 67 PC: 163af | Get or set file attributes (See above)
2018-12-25T12:21:37.910790372Z 67 PC: 163c1 | Get or set file attributes (See above)
2018-12-25T12:21:37.918039066Z 61 PC: 163cd | Open file (See above)
2018-12-25T12:21:37.929846204Z 87 PC: 163d8 | Get or set file date and time (See above)
2018-12-25T12:21:37.931185742Z 63 PC: 163eb | Read file or device (See above)
2018-12-25T12:21:37.93770323Z 66 PC: 1641b | Move file pointer (See above)
2018-12-25T12:21:37.939686086Z 64 PC: 16434 | Write file or device (See above)
2018-12-25T12:21:37.948292713Z 66 PC: 16443 | Move file pointer (See above)
2018-12-25T12:21:37.949735973Z 64 PC: 1644e | Write file or device (See above)
2018-12-25T12:21:37.956943293Z 87 PC: 16460 | Get or set file date and time (See above)
2018-12-25T12:21:37.958524672Z 67 PC: 1646e | Get or set file attributes (See above)
2018-12-25T12:21:37.974581572Z 62 PC: 16472 | Close file (See above)
2018-12-25T12:21:37.98241813Z 79 PC: 1638b | Find next file (See above)
2018-12-25T12:21:37.985124983Z 67 PC: 163af | Get or set file attributes (See above)
2018-12-25T12:21:37.990814924Z 67 PC: 163c1 | Get or set file attributes (See above)
2018-12-25T12:21:38.002101772Z 61 PC: 163cd | Open file (See above)
2018-12-25T12:21:38.009294251Z 87 PC: 163d8 | Get or set file date and time (See above)
2018-12-25T12:21:38.010788476Z 63 PC: 163eb | Read file or device (See above)
2018-12-25T12:21:38.017797962Z 66 PC: 1641b | Move file pointer (See above)
2018-12-25T12:21:38.019302613Z 64 PC: 16434 | Write file or device (See above)
2018-12-25T12:21:38.027192465Z 66 PC: 16443 | Move file pointer (See above)
2018-12-25T12:21:38.028804867Z 64 PC: 1644e | Write file or device (See above)
2018-12-25T12:21:38.03403479Z 87 PC: 16460 | Get or set file date and time (See above)
2018-12-25T12:21:38.035397743Z 67 PC: 1646e | Get or set file attributes (See above)
2018-12-25T12:21:38.045853063Z 62 PC: 16472 | Close file (See above)
2018-12-25T12:21:38.0525717Z 26 PC: 163a5 | Set disk transfer address
2018-12-25T12:21:38.053592901Z 59 PC: 162a2 | Change current directory
2018-12-25T12:21:38.055365562Z 26 PC: 162ab | Set disk transfer address
2018-12-25T12:21:38.056826259Z 42 PC: 162af | Get date 0x162af: cmp dh, 6
0x162b2: je 0x162c0
0x162b4: cmp dh, 9
0x162b7: je 0x162c7
0x162b9: cmp dh, 4
0x162bc: je 0x162ce
0x162be: jmp 0x1630d
0x162c0: cmp dl, 2
0x162c3: je 0x162d5
0x162c5: jmp 0x1630d
0x162c7: cmp dl, 3
0x162ca: je 0x162e7
0x162cc: jmp 0x1630d
0x162ce: cmp dl, 1
0x162d1: je 0x162f9
0x162d3: jmp 0x1630d
0x162d5: mov ah, 9
0x162d7: lea dx, word ptr [si + 0x3b0]
0x162db: int 0x21
0x162dd: mov ah, 9
2018-12-25T12:21:38.06344748Z 9 PC: 154f8 | Display string (String= 'Keyboard driver installed. (C) 1988,1989 A.Strakhov, AcademySoft. ')
2018-12-25T12:21:38.068858531Z 9 PC: 159b7 | Display string (String= 'Switch RUS/LAT modes : ')
2018-12-25T12:21:38.071810548Z 9 PC: 159c5 | Display string (String= '+')
2018-12-25T12:21:38.074088084Z 9 PC: 159cc | Display string (String= ' ')
2018-12-25T12:21:38.077475898Z 9 PC: 159b7 | Display string (See above)
2018-12-25T12:21:38.080147795Z 9 PC: 159c5 | Display string (See above)
2018-12-25T12:21:38.083562431Z 9 PC: 159cc | Display string (See above)
2018-12-25T12:21:38.08772003Z 73 PC: 15513 | Release memory
2018-12-25T12:21:38.08906557Z 49 PC: 15533 | Terminate and stay resident (Return code = '0' | Memory size = '690')

{"DateBased":true,"Day":1,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8643,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:21:37.939040147Z 26 PC: 16276 | Set disk transfer address
2018-12-25T12:21:37.941077792Z 71 PC: 1628e | Get current directory
2018-12-25T12:21:37.944159988Z 59 PC: 16297 | Change current directory
2018-12-25T12:21:37.948278079Z 47 PC: 16373 | Get disk transfer address
2018-12-25T12:21:37.951840434Z 26 PC: 16380 | Set disk transfer address
2018-12-25T12:21:37.952797236Z 78 PC: 1638b | Find first file
2018-12-25T12:21:37.95669478Z 67 PC: 163af | Get or set file attributes
2018-12-25T12:21:37.961990191Z 67 PC: 163c1 | Get or set file attributes
2018-12-25T12:21:37.974509156Z 61 PC: 163cd | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:21:37.978618795Z 87 PC: 163d8 | Get or set file date and time
2018-12-25T12:21:37.980373876Z 63 PC: 163eb | Read file or device (Read 5 bytes on handle 5)
2018-12-25T12:21:37.986672105Z 66 PC: 1641b | Move file pointer
2018-12-25T12:21:37.98824736Z 64 PC: 16434 | Write file or device (Write 934 bytes on handle 5)
2018-12-25T12:21:37.996577944Z 66 PC: 16443 | Move file pointer
2018-12-25T12:21:37.998341112Z 64 PC: 1644e | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:21:38.005647368Z 87 PC: 16460 | Get or set file date and time
2018-12-25T12:21:38.007122236Z 67 PC: 1646e | Get or set file attributes
2018-12-25T12:21:38.022088634Z 62 PC: 16472 | Close file
2018-12-25T12:21:38.028905385Z 79 PC: 1638b | Find next file (See above)
2018-12-25T12:21:38.031497526Z 67 PC: 163af | Get or set file attributes (See above)
2018-12-25T12:21:38.037818956Z 67 PC: 163c1 | Get or set file attributes (See above)
2018-12-25T12:21:38.044072198Z 61 PC: 163cd | Open file (See above)
2018-12-25T12:21:38.048749048Z 87 PC: 163d8 | Get or set file date and time (See above)
2018-12-25T12:21:38.05040188Z 63 PC: 163eb | Read file or device (See above)
2018-12-25T12:21:38.054408365Z 66 PC: 1641b | Move file pointer (See above)
2018-12-25T12:21:38.056129788Z 64 PC: 16434 | Write file or device (See above)
2018-12-25T12:21:38.064348867Z 66 PC: 16443 | Move file pointer (See above)
2018-12-25T12:21:38.065315421Z 64 PC: 1644e | Write file or device (See above)
2018-12-25T12:21:38.069913982Z 87 PC: 16460 | Get or set file date and time (See above)
2018-12-25T12:21:38.074900115Z 67 PC: 1646e | Get or set file attributes (See above)
2018-12-25T12:21:38.085342124Z 62 PC: 16472 | Close file (See above)
2018-12-25T12:21:38.090525536Z 79 PC: 1638b | Find next file (See above)
2018-12-25T12:21:38.093233373Z 67 PC: 163af | Get or set file attributes (See above)
2018-12-25T12:21:38.097789379Z 67 PC: 163c1 | Get or set file attributes (See above)
2018-12-25T12:21:38.104201932Z 61 PC: 163cd | Open file (See above)
2018-12-25T12:21:38.111242789Z 87 PC: 163d8 | Get or set file date and time (See above)
2018-12-25T12:21:38.112679728Z 63 PC: 163eb | Read file or device (See above)
2018-12-25T12:21:38.119590325Z 66 PC: 1641b | Move file pointer (See above)
2018-12-25T12:21:38.122304394Z 64 PC: 16434 | Write file or device (See above)
2018-12-25T12:21:38.130973959Z 66 PC: 16443 | Move file pointer (See above)
2018-12-25T12:21:38.132405876Z 64 PC: 1644e | Write file or device (See above)
2018-12-25T12:21:38.140599249Z 87 PC: 16460 | Get or set file date and time (See above)
2018-12-25T12:21:38.142592093Z 67 PC: 1646e | Get or set file attributes (See above)
2018-12-25T12:21:38.153643756Z 62 PC: 16472 | Close file (See above)
2018-12-25T12:21:38.160720673Z 79 PC: 1638b | Find next file (See above)
2018-12-25T12:21:38.163207343Z 67 PC: 163af | Get or set file attributes (See above)
2018-12-25T12:21:38.168862815Z 67 PC: 163c1 | Get or set file attributes (See above)
2018-12-25T12:21:38.179376139Z 61 PC: 163cd | Open file (See above)
2018-12-25T12:21:38.185845628Z 87 PC: 163d8 | Get or set file date and time (See above)
2018-12-25T12:21:38.187406175Z 63 PC: 163eb | Read file or device (See above)
2018-12-25T12:21:38.194143063Z 66 PC: 1641b | Move file pointer (See above)
2018-12-25T12:21:38.195812268Z 64 PC: 16434 | Write file or device (See above)
2018-12-25T12:21:38.203965459Z 66 PC: 16443 | Move file pointer (See above)
2018-12-25T12:21:38.205486073Z 64 PC: 1644e | Write file or device (See above)
2018-12-25T12:21:38.212540434Z 87 PC: 16460 | Get or set file date and time (See above)
2018-12-25T12:21:38.214055768Z 67 PC: 1646e | Get or set file attributes (See above)
2018-12-25T12:21:38.22533015Z 62 PC: 16472 | Close file (See above)
2018-12-25T12:21:38.232961768Z 26 PC: 163a5 | Set disk transfer address
2018-12-25T12:21:38.234073264Z 59 PC: 162a2 | Change current directory
2018-12-25T12:21:38.236527552Z 26 PC: 162ab | Set disk transfer address
2018-12-25T12:21:38.238878113Z 42 PC: 162af | Get date 0x162af: cmp dh, 6
0x162b2: je 0x162c0
0x162b4: cmp dh, 9
0x162b7: je 0x162c7
0x162b9: cmp dh, 4
0x162bc: je 0x162ce
0x162be: jmp 0x1630d
0x162c0: cmp dl, 2
0x162c3: je 0x162d5
0x162c5: jmp 0x1630d
0x162c7: cmp dl, 3
0x162ca: je 0x162e7
0x162cc: jmp 0x1630d
0x162ce: cmp dl, 1
0x162d1: je 0x162f9
0x162d3: jmp 0x1630d
0x162d5: mov ah, 9
0x162d7: lea dx, word ptr [si + 0x3b0]
0x162db: int 0x21
0x162dd: mov ah, 9
2018-12-25T12:21:38.245319601Z 9 PC: 154f8 | Display string (String= 'Keyboard driver installed. (C) 1988,1989 A.Strakhov, AcademySoft. ')
2018-12-25T12:21:38.250652159Z 9 PC: 159b7 | Display string (String= 'Switch RUS/LAT modes : ')
2018-12-25T12:21:38.25537457Z 9 PC: 159c5 | Display string (String= '+')
2018-12-25T12:21:38.259315335Z 9 PC: 159cc | Display string (String= ' ')
2018-12-25T12:21:38.262937984Z 9 PC: 159b7 | Display string (See above)
2018-12-25T12:21:38.265584008Z 9 PC: 159c5 | Display string (See above)
2018-12-25T12:21:38.269369923Z 9 PC: 159cc | Display string (See above)
2018-12-25T12:21:38.273081579Z 73 PC: 15513 | Release memory
2018-12-25T12:21:38.275073718Z 49 PC: 15533 | Terminate and stay resident (Return code = '0' | Memory size = '690')

{"DateBased":true,"Day":2,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8643,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:21:38.149375553Z 26 PC: 16276 | Set disk transfer address
2018-12-25T12:21:38.151726757Z 71 PC: 1628e | Get current directory
2018-12-25T12:21:38.15476061Z 59 PC: 16297 | Change current directory
2018-12-25T12:21:38.158726545Z 47 PC: 16373 | Get disk transfer address
2018-12-25T12:21:38.162391656Z 26 PC: 16380 | Set disk transfer address
2018-12-25T12:21:38.164285664Z 78 PC: 1638b | Find first file
2018-12-25T12:21:38.170071391Z 67 PC: 163af | Get or set file attributes
2018-12-25T12:21:38.178644966Z 67 PC: 163c1 | Get or set file attributes
2018-12-25T12:21:38.194639685Z 61 PC: 163cd | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:21:38.201833494Z 87 PC: 163d8 | Get or set file date and time
2018-12-25T12:21:38.204050047Z 63 PC: 163eb | Read file or device (Read 5 bytes on handle 5)
2018-12-25T12:21:38.211948669Z 66 PC: 1641b | Move file pointer
2018-12-25T12:21:38.213585805Z 64 PC: 16434 | Write file or device (Write 934 bytes on handle 5)
2018-12-25T12:21:38.222502094Z 66 PC: 16443 | Move file pointer
2018-12-25T12:21:38.225377731Z 64 PC: 1644e | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:21:38.23222467Z 87 PC: 16460 | Get or set file date and time
2018-12-25T12:21:38.234885464Z 67 PC: 1646e | Get or set file attributes
2018-12-25T12:21:38.249952411Z 62 PC: 16472 | Close file
2018-12-25T12:21:38.257812717Z 79 PC: 1638b | Find next file (See above)
2018-12-25T12:21:38.259759835Z 67 PC: 163af | Get or set file attributes (See above)
2018-12-25T12:21:38.26512309Z 67 PC: 163c1 | Get or set file attributes (See above)
2018-12-25T12:21:38.271275392Z 61 PC: 163cd | Open file (See above)
2018-12-25T12:21:38.275917071Z 87 PC: 163d8 | Get or set file date and time (See above)
2018-12-25T12:21:38.27774718Z 63 PC: 163eb | Read file or device (See above)
2018-12-25T12:21:38.282288793Z 66 PC: 1641b | Move file pointer (See above)
2018-12-25T12:21:38.28359797Z 64 PC: 16434 | Write file or device (See above)
2018-12-25T12:21:38.289866345Z 66 PC: 16443 | Move file pointer (See above)
2018-12-25T12:21:38.29135324Z 64 PC: 1644e | Write file or device (See above)
2018-12-25T12:21:38.297751748Z 87 PC: 16460 | Get or set file date and time (See above)
2018-12-25T12:21:38.305692461Z 67 PC: 1646e | Get or set file attributes (See above)
2018-12-25T12:21:38.315841729Z 62 PC: 16472 | Close file (See above)
2018-12-25T12:21:38.322110558Z 79 PC: 1638b | Find next file (See above)
2018-12-25T12:21:38.330719066Z 67 PC: 163af | Get or set file attributes (See above)
2018-12-25T12:21:38.336548229Z 67 PC: 163c1 | Get or set file attributes (See above)
2018-12-25T12:21:38.346614477Z 61 PC: 163cd | Open file (See above)
2018-12-25T12:21:38.353503409Z 87 PC: 163d8 | Get or set file date and time (See above)
2018-12-25T12:21:38.355506959Z 63 PC: 163eb | Read file or device (See above)
2018-12-25T12:21:38.359847778Z 66 PC: 1641b | Move file pointer (See above)
2018-12-25T12:21:38.361415001Z 64 PC: 16434 | Write file or device (See above)
2018-12-25T12:21:38.369523159Z 66 PC: 16443 | Move file pointer (See above)
2018-12-25T12:21:38.370616873Z 64 PC: 1644e | Write file or device (See above)
2018-12-25T12:21:38.375144723Z 87 PC: 16460 | Get or set file date and time (See above)
2018-12-25T12:21:38.37693551Z 67 PC: 1646e | Get or set file attributes (See above)
2018-12-25T12:21:38.384186928Z 62 PC: 16472 | Close file (See above)
2018-12-25T12:21:38.392888982Z 79 PC: 1638b | Find next file (See above)
2018-12-25T12:21:38.394957914Z 67 PC: 163af | Get or set file attributes (See above)
2018-12-25T12:21:38.398371981Z 67 PC: 163c1 | Get or set file attributes (See above)
2018-12-25T12:21:38.410392088Z 61 PC: 163cd | Open file (See above)
2018-12-25T12:21:38.415088471Z 87 PC: 163d8 | Get or set file date and time (See above)
2018-12-25T12:21:38.41625912Z 63 PC: 163eb | Read file or device (See above)
2018-12-25T12:21:38.420833367Z 66 PC: 1641b | Move file pointer (See above)
2018-12-25T12:21:38.422199555Z 64 PC: 16434 | Write file or device (See above)
2018-12-25T12:21:38.4276326Z 66 PC: 16443 | Move file pointer (See above)
2018-12-25T12:21:38.429224744Z 64 PC: 1644e | Write file or device (See above)
2018-12-25T12:21:38.433410152Z 87 PC: 16460 | Get or set file date and time (See above)
2018-12-25T12:21:38.434624838Z 67 PC: 1646e | Get or set file attributes (See above)
2018-12-25T12:21:38.442455936Z 62 PC: 16472 | Close file (See above)
2018-12-25T12:21:38.44832452Z 26 PC: 163a5 | Set disk transfer address
2018-12-25T12:21:38.449185385Z 59 PC: 162a2 | Change current directory
2018-12-25T12:21:38.451058517Z 26 PC: 162ab | Set disk transfer address
2018-12-25T12:21:38.451989854Z 42 PC: 162af | Get date 0x162af: cmp dh, 6
0x162b2: je 0x162c0
0x162b4: cmp dh, 9
0x162b7: je 0x162c7
0x162b9: cmp dh, 4
0x162bc: je 0x162ce
0x162be: jmp 0x1630d
0x162c0: cmp dl, 2
0x162c3: je 0x162d5
0x162c5: jmp 0x1630d
0x162c7: cmp dl, 3
0x162ca: je 0x162e7
0x162cc: jmp 0x1630d
0x162ce: cmp dl, 1
0x162d1: je 0x162f9
0x162d3: jmp 0x1630d
0x162d5: mov ah, 9
0x162d7: lea dx, word ptr [si + 0x3b0]
0x162db: int 0x21
0x162dd: mov ah, 9
2018-12-25T12:21:38.453494771Z 9 PC: 162dd | Display string (String= 'Thanks to Yana Diagileva for their songs Thanks to Shunya for their love and hate And Thanks You Stupid User for using our virus ')
2018-12-25T12:21:38.460928927Z 9 PC: 162e5 | Display string (String= '[VivatNadym] v.2.0 [1998] ')
2018-12-25T12:21:38.46357622Z 0 PC: 1630d | Program terminate

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8643,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:21:38.351079643Z 26 PC: 16276 | Set disk transfer address
2018-12-25T12:21:38.353321541Z 71 PC: 1628e | Get current directory
2018-12-25T12:21:38.35611738Z 59 PC: 16297 | Change current directory
2018-12-25T12:21:38.362179537Z 47 PC: 16373 | Get disk transfer address
2018-12-25T12:21:38.36568468Z 26 PC: 16380 | Set disk transfer address
2018-12-25T12:21:38.367066421Z 78 PC: 1638b | Find first file
2018-12-25T12:21:38.373163556Z 67 PC: 163af | Get or set file attributes
2018-12-25T12:21:38.379414347Z 67 PC: 163c1 | Get or set file attributes
2018-12-25T12:21:38.39455474Z 61 PC: 163cd | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:21:38.400938442Z 87 PC: 163d8 | Get or set file date and time
2018-12-25T12:21:38.402647447Z 63 PC: 163eb | Read file or device (Read 5 bytes on handle 5)
2018-12-25T12:21:38.409874298Z 66 PC: 1641b | Move file pointer
2018-12-25T12:21:38.41172938Z 64 PC: 16434 | Write file or device (Write 934 bytes on handle 5)
2018-12-25T12:21:38.421733666Z 66 PC: 16443 | Move file pointer
2018-12-25T12:21:38.429669466Z 64 PC: 1644e | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:21:38.436375568Z 87 PC: 16460 | Get or set file date and time
2018-12-25T12:21:38.438364302Z 67 PC: 1646e | Get or set file attributes
2018-12-25T12:21:38.449413983Z 62 PC: 16472 | Close file
2018-12-25T12:21:38.456434194Z 79 PC: 1638b | Find next file (See above)
2018-12-25T12:21:38.460679851Z 67 PC: 163af | Get or set file attributes (See above)
2018-12-25T12:21:38.466967925Z 67 PC: 163c1 | Get or set file attributes (See above)
2018-12-25T12:21:38.476938719Z 61 PC: 163cd | Open file (See above)
2018-12-25T12:21:38.488751008Z 87 PC: 163d8 | Get or set file date and time (See above)
2018-12-25T12:21:38.491825636Z 63 PC: 163eb | Read file or device (See above)
2018-12-25T12:21:38.49857116Z 66 PC: 1641b | Move file pointer (See above)
2018-12-25T12:21:38.500111122Z 64 PC: 16434 | Write file or device (See above)
2018-12-25T12:21:38.508471503Z 66 PC: 16443 | Move file pointer (See above)
2018-12-25T12:21:38.509664056Z 64 PC: 1644e | Write file or device (See above)
2018-12-25T12:21:38.515916791Z 87 PC: 16460 | Get or set file date and time (See above)
2018-12-25T12:21:38.517672546Z 67 PC: 1646e | Get or set file attributes (See above)
2018-12-25T12:21:38.527952473Z 62 PC: 16472 | Close file (See above)
2018-12-25T12:21:38.534668358Z 79 PC: 1638b | Find next file (See above)
2018-12-25T12:21:38.538321465Z 67 PC: 163af | Get or set file attributes (See above)
2018-12-25T12:21:38.543923671Z 67 PC: 163c1 | Get or set file attributes (See above)
2018-12-25T12:21:38.553386339Z 61 PC: 163cd | Open file (See above)
2018-12-25T12:21:38.561342634Z 87 PC: 163d8 | Get or set file date and time (See above)
2018-12-25T12:21:38.56288165Z 63 PC: 163eb | Read file or device (See above)
2018-12-25T12:21:38.569272225Z 66 PC: 1641b | Move file pointer (See above)
2018-12-25T12:21:38.571981415Z 64 PC: 16434 | Write file or device (See above)
2018-12-25T12:21:38.580879691Z 66 PC: 16443 | Move file pointer (See above)
2018-12-25T12:21:38.582268083Z 64 PC: 1644e | Write file or device (See above)
2018-12-25T12:21:38.58981886Z 87 PC: 16460 | Get or set file date and time (See above)
2018-12-25T12:21:38.591500562Z 67 PC: 1646e | Get or set file attributes (See above)
2018-12-25T12:21:38.60190942Z 62 PC: 16472 | Close file (See above)
2018-12-25T12:21:38.609142293Z 79 PC: 1638b | Find next file (See above)
2018-12-25T12:21:38.611804681Z 67 PC: 163af | Get or set file attributes (See above)
2018-12-25T12:21:38.617188036Z 67 PC: 163c1 | Get or set file attributes (See above)
2018-12-25T12:21:38.628087323Z 61 PC: 163cd | Open file (See above)
2018-12-25T12:21:38.634543503Z 87 PC: 163d8 | Get or set file date and time (See above)
2018-12-25T12:21:38.642761873Z 63 PC: 163eb | Read file or device (See above)
2018-12-25T12:21:38.650818782Z 66 PC: 1641b | Move file pointer (See above)
2018-12-25T12:21:38.652356026Z 64 PC: 16434 | Write file or device (See above)
2018-12-25T12:21:38.660275658Z 66 PC: 16443 | Move file pointer (See above)
2018-12-25T12:21:38.662011168Z 64 PC: 1644e | Write file or device (See above)
2018-12-25T12:21:38.668410354Z 87 PC: 16460 | Get or set file date and time (See above)
2018-12-25T12:21:38.669832045Z 67 PC: 1646e | Get or set file attributes (See above)
2018-12-25T12:21:38.681214954Z 62 PC: 16472 | Close file (See above)
2018-12-25T12:21:38.688104876Z 26 PC: 163a5 | Set disk transfer address
2018-12-25T12:21:38.689521623Z 59 PC: 162a2 | Change current directory
2018-12-25T12:21:38.694665503Z 26 PC: 162ab | Set disk transfer address
2018-12-25T12:21:38.695767794Z 42 PC: 162af | Get date 0x162af: cmp dh, 6
0x162b2: je 0x162c0
0x162b4: cmp dh, 9
0x162b7: je 0x162c7
0x162b9: cmp dh, 4
0x162bc: je 0x162ce
0x162be: jmp 0x1630d
0x162c0: cmp dl, 2
0x162c3: je 0x162d5
0x162c5: jmp 0x1630d
0x162c7: cmp dl, 3
0x162ca: je 0x162e7
0x162cc: jmp 0x1630d
0x162ce: cmp dl, 1
0x162d1: je 0x162f9
0x162d3: jmp 0x1630d
0x162d5: mov ah, 9
0x162d7: lea dx, word ptr [si + 0x3b0]
0x162db: int 0x21
0x162dd: mov ah, 9
2018-12-25T12:21:38.702246449Z 9 PC: 154f8 | Display string (String= 'Keyboard driver installed. (C) 1988,1989 A.Strakhov, AcademySoft. ')
2018-12-25T12:21:38.708063367Z 9 PC: 159b7 | Display string (String= 'Switch RUS/LAT modes : ')
2018-12-25T12:21:38.710287522Z 9 PC: 159c5 | Display string (String= '+')
2018-12-25T12:21:38.713679751Z 9 PC: 159cc | Display string (String= ' ')
2018-12-25T12:21:38.718100472Z 9 PC: 159b7 | Display string (See above)
2018-12-25T12:21:38.720852559Z 9 PC: 159c5 | Display string (See above)
2018-12-25T12:21:38.724368225Z 9 PC: 159cc | Display string (See above)
2018-12-25T12:21:38.728366533Z 73 PC: 15513 | Release memory
2018-12-25T12:21:38.730542828Z 49 PC: 15533 | Terminate and stay resident (Return code = '0' | Memory size = '690')

{"DateBased":true,"Day":1,"Month":4,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8643,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:21:38.42030677Z 26 PC: 16276 | Set disk transfer address
2018-12-25T12:21:38.426081246Z 71 PC: 1628e | Get current directory
2018-12-25T12:21:38.429378752Z 59 PC: 16297 | Change current directory
2018-12-25T12:21:38.43377767Z 47 PC: 16373 | Get disk transfer address
2018-12-25T12:21:38.435963086Z 26 PC: 16380 | Set disk transfer address
2018-12-25T12:21:38.437262371Z 78 PC: 1638b | Find first file
2018-12-25T12:21:38.444348478Z 67 PC: 163af | Get or set file attributes
2018-12-25T12:21:38.451755883Z 67 PC: 163c1 | Get or set file attributes
2018-12-25T12:21:38.495315265Z 61 PC: 163cd | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:21:38.502684718Z 87 PC: 163d8 | Get or set file date and time
2018-12-25T12:21:38.504281791Z 63 PC: 163eb | Read file or device (Read 5 bytes on handle 5)
2018-12-25T12:21:38.512858647Z 66 PC: 1641b | Move file pointer
2018-12-25T12:21:38.514810761Z 64 PC: 16434 | Write file or device (Write 934 bytes on handle 5)
2018-12-25T12:21:38.524536809Z 66 PC: 16443 | Move file pointer
2018-12-25T12:21:38.526525915Z 64 PC: 1644e | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:21:38.533595168Z 87 PC: 16460 | Get or set file date and time
2018-12-25T12:21:38.535109943Z 67 PC: 1646e | Get or set file attributes
2018-12-25T12:21:38.54744631Z 62 PC: 16472 | Close file
2018-12-25T12:21:38.55559842Z 79 PC: 1638b | Find next file (See above)
2018-12-25T12:21:38.558503358Z 67 PC: 163af | Get or set file attributes (See above)
2018-12-25T12:21:38.572678275Z 67 PC: 163c1 | Get or set file attributes (See above)
2018-12-25T12:21:38.583510189Z 61 PC: 163cd | Open file (See above)
2018-12-25T12:21:38.590572437Z 87 PC: 163d8 | Get or set file date and time (See above)
2018-12-25T12:21:38.592661661Z 63 PC: 163eb | Read file or device (See above)
2018-12-25T12:21:38.599514259Z 66 PC: 1641b | Move file pointer (See above)
2018-12-25T12:21:38.601175085Z 64 PC: 16434 | Write file or device (See above)
2018-12-25T12:21:38.610400786Z 66 PC: 16443 | Move file pointer (See above)
2018-12-25T12:21:38.611953994Z 64 PC: 1644e | Write file or device (See above)
2018-12-25T12:21:38.618742089Z 87 PC: 16460 | Get or set file date and time (See above)
2018-12-25T12:21:38.620272998Z 67 PC: 1646e | Get or set file attributes (See above)
2018-12-25T12:21:38.632743006Z 62 PC: 16472 | Close file (See above)
2018-12-25T12:21:38.640287119Z 79 PC: 1638b | Find next file (See above)
2018-12-25T12:21:38.64306337Z 67 PC: 163af | Get or set file attributes (See above)
2018-12-25T12:21:38.649353102Z 67 PC: 163c1 | Get or set file attributes (See above)
2018-12-25T12:21:38.65976507Z 61 PC: 163cd | Open file (See above)
2018-12-25T12:21:38.666934297Z 87 PC: 163d8 | Get or set file date and time (See above)
2018-12-25T12:21:38.669288575Z 63 PC: 163eb | Read file or device (See above)
2018-12-25T12:21:38.676192196Z 66 PC: 1641b | Move file pointer (See above)
2018-12-25T12:21:38.677823866Z 64 PC: 16434 | Write file or device (See above)
2018-12-25T12:21:38.688334461Z 66 PC: 16443 | Move file pointer (See above)
2018-12-25T12:21:38.689877146Z 64 PC: 1644e | Write file or device (See above)
2018-12-25T12:21:38.696948681Z 87 PC: 16460 | Get or set file date and time (See above)
2018-12-25T12:21:38.699358351Z 67 PC: 1646e | Get or set file attributes (See above)
2018-12-25T12:21:38.711169405Z 62 PC: 16472 | Close file (See above)
2018-12-25T12:21:38.718620379Z 79 PC: 1638b | Find next file (See above)
2018-12-25T12:21:38.729097983Z 67 PC: 163af | Get or set file attributes (See above)
2018-12-25T12:21:38.735559984Z 67 PC: 163c1 | Get or set file attributes (See above)
2018-12-25T12:21:38.746026136Z 61 PC: 163cd | Open file (See above)
2018-12-25T12:21:38.754667036Z 87 PC: 163d8 | Get or set file date and time (See above)
2018-12-25T12:21:38.756348294Z 63 PC: 163eb | Read file or device (See above)
2018-12-25T12:21:38.763320746Z 66 PC: 1641b | Move file pointer (See above)
2018-12-25T12:21:38.76511098Z 64 PC: 16434 | Write file or device (See above)
2018-12-25T12:21:38.774622704Z 66 PC: 16443 | Move file pointer (See above)
2018-12-25T12:21:38.776005655Z 64 PC: 1644e | Write file or device (See above)
2018-12-25T12:21:38.782765625Z 87 PC: 16460 | Get or set file date and time (See above)
2018-12-25T12:21:38.785037967Z 67 PC: 1646e | Get or set file attributes (See above)
2018-12-25T12:21:38.800396396Z 62 PC: 16472 | Close file (See above)
2018-12-25T12:21:38.816772233Z 26 PC: 163a5 | Set disk transfer address
2018-12-25T12:21:38.818684654Z 59 PC: 162a2 | Change current directory
2018-12-25T12:21:38.820664963Z 26 PC: 162ab | Set disk transfer address
2018-12-25T12:21:38.821795625Z 42 PC: 162af | Get date 0x162af: cmp dh, 6
0x162b2: je 0x162c0
0x162b4: cmp dh, 9
0x162b7: je 0x162c7
0x162b9: cmp dh, 4
0x162bc: je 0x162ce
0x162be: jmp 0x1630d
0x162c0: cmp dl, 2
0x162c3: je 0x162d5
0x162c5: jmp 0x1630d
0x162c7: cmp dl, 3
0x162ca: je 0x162e7
0x162cc: jmp 0x1630d
0x162ce: cmp dl, 1
0x162d1: je 0x162f9
0x162d3: jmp 0x1630d
0x162d5: mov ah, 9
0x162d7: lea dx, word ptr [si + 0x3b0]
0x162db: int 0x21
0x162dd: mov ah, 9
2018-12-25T12:21:38.824659632Z 9 PC: 16301 | Display string (String= 'Hello, Welcome to the Psychiatric Hotline. ')
2018-12-25T12:21:38.831056201Z 9 PC: 16309 | Display string (String= '[VivatNadym] v.2.0 [1998] ')
2018-12-25T12:21:38.83597722Z 0 PC: 1630d | Program terminate

{"DateBased":true,"Day":2,"Month":4,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8643,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:21:38.593255913Z 26 PC: 16276 | Set disk transfer address
2018-12-25T12:21:38.595060791Z 71 PC: 1628e | Get current directory
2018-12-25T12:21:38.597767627Z 59 PC: 16297 | Change current directory
2018-12-25T12:21:38.600362168Z 47 PC: 16373 | Get disk transfer address
2018-12-25T12:21:38.601808146Z 26 PC: 16380 | Set disk transfer address
2018-12-25T12:21:38.602918673Z 78 PC: 1638b | Find first file
2018-12-25T12:21:38.606966452Z 67 PC: 163af | Get or set file attributes
2018-12-25T12:21:38.610717317Z 67 PC: 163c1 | Get or set file attributes
2018-12-25T12:21:38.627447445Z 61 PC: 163cd | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:21:38.633562113Z 87 PC: 163d8 | Get or set file date and time
2018-12-25T12:21:38.635068083Z 63 PC: 163eb | Read file or device (Read 5 bytes on handle 5)
2018-12-25T12:21:38.639862997Z 66 PC: 1641b | Move file pointer
2018-12-25T12:21:38.641023001Z 64 PC: 16434 | Write file or device (Write 934 bytes on handle 5)
2018-12-25T12:21:38.646898516Z 66 PC: 16443 | Move file pointer
2018-12-25T12:21:38.649142529Z 64 PC: 1644e | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:21:38.655748666Z 87 PC: 16460 | Get or set file date and time
2018-12-25T12:21:38.657557609Z 67 PC: 1646e | Get or set file attributes
2018-12-25T12:21:38.669836265Z 62 PC: 16472 | Close file
2018-12-25T12:21:38.681348401Z 79 PC: 1638b | Find next file (See above)
2018-12-25T12:21:38.683891064Z 67 PC: 163af | Get or set file attributes (See above)
2018-12-25T12:21:38.690329338Z 67 PC: 163c1 | Get or set file attributes (See above)
2018-12-25T12:21:38.700012511Z 61 PC: 163cd | Open file (See above)
2018-12-25T12:21:38.706599883Z 87 PC: 163d8 | Get or set file date and time (See above)
2018-12-25T12:21:38.708921151Z 63 PC: 163eb | Read file or device (See above)
2018-12-25T12:21:38.715201809Z 66 PC: 1641b | Move file pointer (See above)
2018-12-25T12:21:38.718920945Z 64 PC: 16434 | Write file or device (See above)
2018-12-25T12:21:38.727894227Z 66 PC: 16443 | Move file pointer (See above)
2018-12-25T12:21:38.729317139Z 64 PC: 1644e | Write file or device (See above)
2018-12-25T12:21:38.736180668Z 87 PC: 16460 | Get or set file date and time (See above)
2018-12-25T12:21:38.738914134Z 67 PC: 1646e | Get or set file attributes (See above)
2018-12-25T12:21:38.74936221Z 62 PC: 16472 | Close file (See above)
2018-12-25T12:21:38.756602889Z 79 PC: 1638b | Find next file (See above)
2018-12-25T12:21:38.758969006Z 67 PC: 163af | Get or set file attributes (See above)
2018-12-25T12:21:38.763831356Z 67 PC: 163c1 | Get or set file attributes (See above)
2018-12-25T12:21:38.770878455Z 61 PC: 163cd | Open file (See above)
2018-12-25T12:21:38.77607942Z 87 PC: 163d8 | Get or set file date and time (See above)
2018-12-25T12:21:38.777757736Z 63 PC: 163eb | Read file or device (See above)
2018-12-25T12:21:38.782067836Z 66 PC: 1641b | Move file pointer (See above)
2018-12-25T12:21:38.783958037Z 64 PC: 16434 | Write file or device (See above)
2018-12-25T12:21:38.790646744Z 66 PC: 16443 | Move file pointer (See above)
2018-12-25T12:21:38.791697548Z 64 PC: 1644e | Write file or device (See above)
2018-12-25T12:21:38.798001541Z 87 PC: 16460 | Get or set file date and time (See above)
2018-12-25T12:21:38.799844877Z 67 PC: 1646e | Get or set file attributes (See above)
2018-12-25T12:21:38.807233801Z 62 PC: 16472 | Close file (See above)
2018-12-25T12:21:38.812357054Z 79 PC: 1638b | Find next file (See above)
2018-12-25T12:21:38.815257326Z 67 PC: 163af | Get or set file attributes (See above)
2018-12-25T12:21:38.826748971Z 67 PC: 163c1 | Get or set file attributes (See above)
2018-12-25T12:21:38.837707288Z 61 PC: 163cd | Open file (See above)
2018-12-25T12:21:38.84429225Z 87 PC: 163d8 | Get or set file date and time (See above)
2018-12-25T12:21:38.845602442Z 63 PC: 163eb | Read file or device (See above)
2018-12-25T12:21:38.852055949Z 66 PC: 1641b | Move file pointer (See above)
2018-12-25T12:21:38.854173805Z 64 PC: 16434 | Write file or device (See above)
2018-12-25T12:21:38.862733836Z 66 PC: 16443 | Move file pointer (See above)
2018-12-25T12:21:38.864166194Z 64 PC: 1644e | Write file or device (See above)
2018-12-25T12:21:38.871418182Z 87 PC: 16460 | Get or set file date and time (See above)
2018-12-25T12:21:38.872875842Z 67 PC: 1646e | Get or set file attributes (See above)
2018-12-25T12:21:38.883290801Z 62 PC: 16472 | Close file (See above)
2018-12-25T12:21:38.89122763Z 26 PC: 163a5 | Set disk transfer address
2018-12-25T12:21:38.892557861Z 59 PC: 162a2 | Change current directory
2018-12-25T12:21:38.894465332Z 26 PC: 162ab | Set disk transfer address
2018-12-25T12:21:38.896644234Z 42 PC: 162af | Get date 0x162af: cmp dh, 6
0x162b2: je 0x162c0
0x162b4: cmp dh, 9
0x162b7: je 0x162c7
0x162b9: cmp dh, 4
0x162bc: je 0x162ce
0x162be: jmp 0x1630d
0x162c0: cmp dl, 2
0x162c3: je 0x162d5
0x162c5: jmp 0x1630d
0x162c7: cmp dl, 3
0x162ca: je 0x162e7
0x162cc: jmp 0x1630d
0x162ce: cmp dl, 1
0x162d1: je 0x162f9
0x162d3: jmp 0x1630d
0x162d5: mov ah, 9
0x162d7: lea dx, word ptr [si + 0x3b0]
0x162db: int 0x21
0x162dd: mov ah, 9
2018-12-25T12:21:38.903324217Z 9 PC: 154f8 | Display string (String= 'Keyboard driver installed. (C) 1988,1989 A.Strakhov, AcademySoft. ')
2018-12-25T12:21:38.909012062Z 9 PC: 159b7 | Display string (String= 'Switch RUS/LAT modes : ')
2018-12-25T12:21:38.91287645Z 9 PC: 159c5 | Display string (String= '+')
2018-12-25T12:21:38.916455721Z 9 PC: 159cc | Display string (String= ' ')
2018-12-25T12:21:38.920472633Z 9 PC: 159b7 | Display string (See above)
2018-12-25T12:21:38.923799604Z 9 PC: 159c5 | Display string (See above)
2018-12-25T12:21:38.927974617Z 9 PC: 159cc | Display string (See above)
2018-12-25T12:21:38.931988241Z 73 PC: 15513 | Release memory
2018-12-25T12:21:38.934267327Z 49 PC: 15533 | Terminate and stay resident (Return code = '0' | Memory size = '690')

{"DateBased":true,"Day":1,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8643,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:21:38.686550788Z 26 PC: 16276 | Set disk transfer address
2018-12-25T12:21:38.688369976Z 71 PC: 1628e | Get current directory
2018-12-25T12:21:38.69144237Z 59 PC: 16297 | Change current directory
2018-12-25T12:21:38.695737451Z 47 PC: 16373 | Get disk transfer address
2018-12-25T12:21:38.697672341Z 26 PC: 16380 | Set disk transfer address
2018-12-25T12:21:38.698935353Z 78 PC: 1638b | Find first file
2018-12-25T12:21:38.706090294Z 67 PC: 163af | Get or set file attributes
2018-12-25T12:21:38.71223321Z 67 PC: 163c1 | Get or set file attributes
2018-12-25T12:21:38.728809155Z 61 PC: 163cd | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:21:38.736143491Z 87 PC: 163d8 | Get or set file date and time
2018-12-25T12:21:38.737701532Z 63 PC: 163eb | Read file or device (Read 5 bytes on handle 5)
2018-12-25T12:21:38.74510763Z 66 PC: 1641b | Move file pointer
2018-12-25T12:21:38.746922603Z 64 PC: 16434 | Write file or device (Write 934 bytes on handle 5)
2018-12-25T12:21:38.75661063Z 66 PC: 16443 | Move file pointer
2018-12-25T12:21:38.759275767Z 64 PC: 1644e | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:21:38.766490789Z 87 PC: 16460 | Get or set file date and time
2018-12-25T12:21:38.768191239Z 67 PC: 1646e | Get or set file attributes
2018-12-25T12:21:38.781036744Z 62 PC: 16472 | Close file
2018-12-25T12:21:38.788827034Z 79 PC: 1638b | Find next file (See above)
2018-12-25T12:21:38.791828935Z 67 PC: 163af | Get or set file attributes (See above)
2018-12-25T12:21:38.798555844Z 67 PC: 163c1 | Get or set file attributes (See above)
2018-12-25T12:21:38.809131206Z 61 PC: 163cd | Open file (See above)
2018-12-25T12:21:38.816218116Z 87 PC: 163d8 | Get or set file date and time (See above)
2018-12-25T12:21:38.818420454Z 63 PC: 163eb | Read file or device (See above)
2018-12-25T12:21:38.826119232Z 66 PC: 1641b | Move file pointer (See above)
2018-12-25T12:21:38.82776839Z 64 PC: 16434 | Write file or device (See above)
2018-12-25T12:21:38.837595066Z 66 PC: 16443 | Move file pointer (See above)
2018-12-25T12:21:38.83930779Z 64 PC: 1644e | Write file or device (See above)
2018-12-25T12:21:38.846421405Z 87 PC: 16460 | Get or set file date and time (See above)
2018-12-25T12:21:38.847921932Z 67 PC: 1646e | Get or set file attributes (See above)
2018-12-25T12:21:38.859983107Z 62 PC: 16472 | Close file (See above)
2018-12-25T12:21:38.867364352Z 79 PC: 1638b | Find next file (See above)
2018-12-25T12:21:38.870214822Z 67 PC: 163af | Get or set file attributes (See above)
2018-12-25T12:21:38.876620836Z 67 PC: 163c1 | Get or set file attributes (See above)
2018-12-25T12:21:38.887082129Z 61 PC: 163cd | Open file (See above)
2018-12-25T12:21:38.899830138Z 87 PC: 163d8 | Get or set file date and time (See above)
2018-12-25T12:21:38.901972367Z 63 PC: 163eb | Read file or device (See above)
2018-12-25T12:21:38.90918271Z 66 PC: 1641b | Move file pointer (See above)
2018-12-25T12:21:38.911114804Z 64 PC: 16434 | Write file or device (See above)
2018-12-25T12:21:38.920979633Z 66 PC: 16443 | Move file pointer (See above)
2018-12-25T12:21:38.92236972Z 64 PC: 1644e | Write file or device (See above)
2018-12-25T12:21:38.929301219Z 87 PC: 16460 | Get or set file date and time (See above)
2018-12-25T12:21:38.931514492Z 67 PC: 1646e | Get or set file attributes (See above)
2018-12-25T12:21:38.942877378Z 62 PC: 16472 | Close file (See above)
2018-12-25T12:21:38.950382717Z 79 PC: 1638b | Find next file (See above)
2018-12-25T12:21:38.954008495Z 67 PC: 163af | Get or set file attributes (See above)
2018-12-25T12:21:38.960211151Z 67 PC: 163c1 | Get or set file attributes (See above)
2018-12-25T12:21:38.970965196Z 61 PC: 163cd | Open file (See above)
2018-12-25T12:21:38.979402327Z 87 PC: 163d8 | Get or set file date and time (See above)
2018-12-25T12:21:38.980984008Z 63 PC: 163eb | Read file or device (See above)
2018-12-25T12:21:38.987854629Z 66 PC: 1641b | Move file pointer (See above)
2018-12-25T12:21:38.99008896Z 64 PC: 16434 | Write file or device (See above)
2018-12-25T12:21:38.99900777Z 66 PC: 16443 | Move file pointer (See above)
2018-12-25T12:21:39.000617345Z 64 PC: 1644e | Write file or device (See above)
2018-12-25T12:21:39.007895014Z 87 PC: 16460 | Get or set file date and time (See above)
2018-12-25T12:21:39.009895178Z 67 PC: 1646e | Get or set file attributes (See above)
2018-12-25T12:21:39.021644388Z 62 PC: 16472 | Close file (See above)
2018-12-25T12:21:39.02950826Z 26 PC: 163a5 | Set disk transfer address
2018-12-25T12:21:39.031394673Z 59 PC: 162a2 | Change current directory
2018-12-25T12:21:39.033177496Z 26 PC: 162ab | Set disk transfer address
2018-12-25T12:21:39.034540499Z 42 PC: 162af | Get date 0x162af: cmp dh, 6
0x162b2: je 0x162c0
0x162b4: cmp dh, 9
0x162b7: je 0x162c7
0x162b9: cmp dh, 4
0x162bc: je 0x162ce
0x162be: jmp 0x1630d
0x162c0: cmp dl, 2
0x162c3: je 0x162d5
0x162c5: jmp 0x1630d
0x162c7: cmp dl, 3
0x162ca: je 0x162e7
0x162cc: jmp 0x1630d
0x162ce: cmp dl, 1
0x162d1: je 0x162f9
0x162d3: jmp 0x1630d
0x162d5: mov ah, 9
0x162d7: lea dx, word ptr [si + 0x3b0]
0x162db: int 0x21
0x162dd: mov ah, 9
2018-12-25T12:21:39.045218533Z 9 PC: 154f8 | Display string (String= 'Keyboard driver installed. (C) 1988,1989 A.Strakhov, AcademySoft. ')
2018-12-25T12:21:39.049995211Z 9 PC: 159b7 | Display string (String= 'Switch RUS/LAT modes : ')
2018-12-25T12:21:39.051915974Z 9 PC: 159c5 | Display string (String= '+')
2018-12-25T12:21:39.055229658Z 9 PC: 159cc | Display string (String= ' ')
2018-12-25T12:21:39.060401749Z 9 PC: 159b7 | Display string (See above)
2018-12-25T12:21:39.066859747Z 9 PC: 159c5 | Display string (See above)
2018-12-25T12:21:39.070919466Z 9 PC: 159cc | Display string (See above)
2018-12-25T12:21:39.075204181Z 73 PC: 15513 | Release memory
2018-12-25T12:21:39.076707849Z 49 PC: 15533 | Terminate and stay resident (Return code = '0' | Memory size = '690')

{"DateBased":true,"Day":2,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8643,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:21:38.788884376Z 26 PC: 16276 | Set disk transfer address
2018-12-25T12:21:38.791495846Z 71 PC: 1628e | Get current directory
2018-12-25T12:21:38.794644801Z 59 PC: 16297 | Change current directory
2018-12-25T12:21:38.798459761Z 47 PC: 16373 | Get disk transfer address
2018-12-25T12:21:38.801723358Z 26 PC: 16380 | Set disk transfer address
2018-12-25T12:21:38.803497321Z 78 PC: 1638b | Find first file
2018-12-25T12:21:38.824885251Z 67 PC: 163af | Get or set file attributes
2018-12-25T12:21:38.830723225Z 67 PC: 163c1 | Get or set file attributes
2018-12-25T12:21:38.84706487Z 61 PC: 163cd | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:21:38.853539161Z 87 PC: 163d8 | Get or set file date and time
2018-12-25T12:21:38.855656776Z 63 PC: 163eb | Read file or device (Read 5 bytes on handle 5)
2018-12-25T12:21:38.862208478Z 66 PC: 1641b | Move file pointer
2018-12-25T12:21:38.863682034Z 64 PC: 16434 | Write file or device (Write 934 bytes on handle 5)
2018-12-25T12:21:38.872194337Z 66 PC: 16443 | Move file pointer
2018-12-25T12:21:38.873730909Z 64 PC: 1644e | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:21:38.880008567Z 87 PC: 16460 | Get or set file date and time
2018-12-25T12:21:38.881495874Z 67 PC: 1646e | Get or set file attributes
2018-12-25T12:21:38.891991579Z 62 PC: 16472 | Close file
2018-12-25T12:21:38.898760388Z 79 PC: 1638b | Find next file (See above)
2018-12-25T12:21:38.901226454Z 67 PC: 163af | Get or set file attributes (See above)
2018-12-25T12:21:38.907298102Z 67 PC: 163c1 | Get or set file attributes (See above)
2018-12-25T12:21:38.916690759Z 61 PC: 163cd | Open file (See above)
2018-12-25T12:21:38.92826582Z 87 PC: 163d8 | Get or set file date and time (See above)
2018-12-25T12:21:38.93162814Z 63 PC: 163eb | Read file or device (See above)
2018-12-25T12:21:38.938550588Z 66 PC: 1641b | Move file pointer (See above)
2018-12-25T12:21:38.940186257Z 64 PC: 16434 | Write file or device (See above)
2018-12-25T12:21:38.949448507Z 66 PC: 16443 | Move file pointer (See above)
2018-12-25T12:21:38.950834733Z 64 PC: 1644e | Write file or device (See above)
2018-12-25T12:21:38.957303937Z 87 PC: 16460 | Get or set file date and time (See above)
2018-12-25T12:21:38.959861567Z 67 PC: 1646e | Get or set file attributes (See above)
2018-12-25T12:21:38.970611477Z 62 PC: 16472 | Close file (See above)
2018-12-25T12:21:38.977411418Z 79 PC: 1638b | Find next file (See above)
2018-12-25T12:21:38.980725669Z 67 PC: 163af | Get or set file attributes (See above)
2018-12-25T12:21:38.986270323Z 67 PC: 163c1 | Get or set file attributes (See above)
2018-12-25T12:21:38.99809496Z 61 PC: 163cd | Open file (See above)
2018-12-25T12:21:39.005769399Z 87 PC: 163d8 | Get or set file date and time (See above)
2018-12-25T12:21:39.007597415Z 63 PC: 163eb | Read file or device (See above)
2018-12-25T12:21:39.015136622Z 66 PC: 1641b | Move file pointer (See above)
2018-12-25T12:21:39.017752209Z 64 PC: 16434 | Write file or device (See above)
2018-12-25T12:21:39.026150277Z 66 PC: 16443 | Move file pointer (See above)
2018-12-25T12:21:39.027899382Z 64 PC: 1644e | Write file or device (See above)
2018-12-25T12:21:39.0354631Z 87 PC: 16460 | Get or set file date and time (See above)
2018-12-25T12:21:39.04338481Z 67 PC: 1646e | Get or set file attributes (See above)
2018-12-25T12:21:39.053774418Z 62 PC: 16472 | Close file (See above)
2018-12-25T12:21:39.061472267Z 79 PC: 1638b | Find next file (See above)
2018-12-25T12:21:39.065526105Z 67 PC: 163af | Get or set file attributes (See above)
2018-12-25T12:21:39.071579202Z 67 PC: 163c1 | Get or set file attributes (See above)
2018-12-25T12:21:39.081308878Z 61 PC: 163cd | Open file (See above)
2018-12-25T12:21:39.088286706Z 87 PC: 163d8 | Get or set file date and time (See above)
2018-12-25T12:21:39.089593682Z 63 PC: 163eb | Read file or device (See above)
2018-12-25T12:21:39.096344942Z 66 PC: 1641b | Move file pointer (See above)
2018-12-25T12:21:39.099292349Z 64 PC: 16434 | Write file or device (See above)
2018-12-25T12:21:39.107953449Z 66 PC: 16443 | Move file pointer (See above)
2018-12-25T12:21:39.10972075Z 64 PC: 1644e | Write file or device (See above)
2018-12-25T12:21:39.11756804Z 87 PC: 16460 | Get or set file date and time (See above)
2018-12-25T12:21:39.119208177Z 67 PC: 1646e | Get or set file attributes (See above)
2018-12-25T12:21:39.134487913Z 62 PC: 16472 | Close file (See above)
2018-12-25T12:21:39.14280686Z 26 PC: 163a5 | Set disk transfer address
2018-12-25T12:21:39.144224213Z 59 PC: 162a2 | Change current directory
2018-12-25T12:21:39.146267267Z 26 PC: 162ab | Set disk transfer address
2018-12-25T12:21:39.148302861Z 42 PC: 162af | Get date 0x162af: cmp dh, 6
0x162b2: je 0x162c0
0x162b4: cmp dh, 9
0x162b7: je 0x162c7
0x162b9: cmp dh, 4
0x162bc: je 0x162ce
0x162be: jmp 0x1630d
0x162c0: cmp dl, 2
0x162c3: je 0x162d5
0x162c5: jmp 0x1630d
0x162c7: cmp dl, 3
0x162ca: je 0x162e7
0x162cc: jmp 0x1630d
0x162ce: cmp dl, 1
0x162d1: je 0x162f9
0x162d3: jmp 0x1630d
0x162d5: mov ah, 9
0x162d7: lea dx, word ptr [si + 0x3b0]
0x162db: int 0x21
0x162dd: mov ah, 9
2018-12-25T12:21:39.150868491Z 9 PC: 162dd | Display string (String= 'Thanks to Yana Diagileva for their songs Thanks to Shunya for their love and hate And Thanks You Stupid User for using our virus ')
2018-12-25T12:21:39.159309502Z 9 PC: 162e5 | Display string (String= '[VivatNadym] v.2.0 [1998] ')
2018-12-25T12:21:39.164514742Z 0 PC: 1630d | Program terminate

{"DateBased":true,"Day":1,"Month":9,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8643,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:21:38.896329076Z 26 PC: 16276 | Set disk transfer address
2018-12-25T12:21:38.898342254Z 71 PC: 1628e | Get current directory
2018-12-25T12:21:38.901866813Z 59 PC: 16297 | Change current directory
2018-12-25T12:21:38.906300515Z 47 PC: 16373 | Get disk transfer address
2018-12-25T12:21:38.907868715Z 26 PC: 16380 | Set disk transfer address
2018-12-25T12:21:38.908996693Z 78 PC: 1638b | Find first file
2018-12-25T12:21:38.916203383Z 67 PC: 163af | Get or set file attributes
2018-12-25T12:21:38.922282696Z 67 PC: 163c1 | Get or set file attributes
2018-12-25T12:21:38.938922689Z 61 PC: 163cd | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:21:38.945907157Z 87 PC: 163d8 | Get or set file date and time
2018-12-25T12:21:38.947089905Z 63 PC: 163eb | Read file or device (Read 5 bytes on handle 5)
2018-12-25T12:21:38.951413413Z 66 PC: 1641b | Move file pointer
2018-12-25T12:21:38.952635207Z 64 PC: 16434 | Write file or device (Write 934 bytes on handle 5)
2018-12-25T12:21:38.958243726Z 66 PC: 16443 | Move file pointer
2018-12-25T12:21:38.959770123Z 64 PC: 1644e | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:21:38.966928653Z 87 PC: 16460 | Get or set file date and time
2018-12-25T12:21:38.968487334Z 67 PC: 1646e | Get or set file attributes
2018-12-25T12:21:38.981464476Z 62 PC: 16472 | Close file
2018-12-25T12:21:38.989224872Z 79 PC: 1638b | Find next file (See above)
2018-12-25T12:21:38.992493422Z 67 PC: 163af | Get or set file attributes (See above)
2018-12-25T12:21:38.999615535Z 67 PC: 163c1 | Get or set file attributes (See above)
2018-12-25T12:21:39.010435637Z 61 PC: 163cd | Open file (See above)
2018-12-25T12:21:39.017698224Z 87 PC: 163d8 | Get or set file date and time (See above)
2018-12-25T12:21:39.020258846Z 63 PC: 163eb | Read file or device (See above)
2018-12-25T12:21:39.027447812Z 66 PC: 1641b | Move file pointer (See above)
2018-12-25T12:21:39.029138436Z 64 PC: 16434 | Write file or device (See above)
2018-12-25T12:21:39.038117716Z 66 PC: 16443 | Move file pointer (See above)
2018-12-25T12:21:39.039675222Z 64 PC: 1644e | Write file or device (See above)
2018-12-25T12:21:39.04724306Z 87 PC: 16460 | Get or set file date and time (See above)
2018-12-25T12:21:39.048755862Z 67 PC: 1646e | Get or set file attributes (See above)
2018-12-25T12:21:39.060630841Z 62 PC: 16472 | Close file (See above)
2018-12-25T12:21:39.067989503Z 79 PC: 1638b | Find next file (See above)
2018-12-25T12:21:39.070603282Z 67 PC: 163af | Get or set file attributes (See above)
2018-12-25T12:21:39.077414779Z 67 PC: 163c1 | Get or set file attributes (See above)
2018-12-25T12:21:39.088198423Z 61 PC: 163cd | Open file (See above)
2018-12-25T12:21:39.101150138Z 87 PC: 163d8 | Get or set file date and time (See above)
2018-12-25T12:21:39.103017945Z 63 PC: 163eb | Read file or device (See above)
2018-12-25T12:21:39.107731876Z 66 PC: 1641b | Move file pointer (See above)
2018-12-25T12:21:39.112455982Z 64 PC: 16434 | Write file or device (See above)
2018-12-25T12:21:39.12711133Z 66 PC: 16443 | Move file pointer (See above)
2018-12-25T12:21:39.128334513Z 64 PC: 1644e | Write file or device (See above)
2018-12-25T12:21:39.132740228Z 87 PC: 16460 | Get or set file date and time (See above)
2018-12-25T12:21:39.135405439Z 67 PC: 1646e | Get or set file attributes (See above)
2018-12-25T12:21:39.147430134Z 62 PC: 16472 | Close file (See above)
2018-12-25T12:21:39.154926478Z 79 PC: 1638b | Find next file (See above)
2018-12-25T12:21:39.158074758Z 67 PC: 163af | Get or set file attributes (See above)
2018-12-25T12:21:39.165005917Z 67 PC: 163c1 | Get or set file attributes (See above)
2018-12-25T12:21:39.175494382Z 61 PC: 163cd | Open file (See above)
2018-12-25T12:21:39.182797197Z 87 PC: 163d8 | Get or set file date and time (See above)
2018-12-25T12:21:39.18444868Z 63 PC: 163eb | Read file or device (See above)
2018-12-25T12:21:39.191409918Z 66 PC: 1641b | Move file pointer (See above)
2018-12-25T12:21:39.192913867Z 64 PC: 16434 | Write file or device (See above)
2018-12-25T12:21:39.201766571Z 66 PC: 16443 | Move file pointer (See above)
2018-12-25T12:21:39.203079579Z 64 PC: 1644e | Write file or device (See above)
2018-12-25T12:21:39.209894567Z 87 PC: 16460 | Get or set file date and time (See above)
2018-12-25T12:21:39.21173514Z 67 PC: 1646e | Get or set file attributes (See above)
2018-12-25T12:21:39.223201587Z 62 PC: 16472 | Close file (See above)
2018-12-25T12:21:39.231030278Z 26 PC: 163a5 | Set disk transfer address
2018-12-25T12:21:39.232882592Z 59 PC: 162a2 | Change current directory
2018-12-25T12:21:39.234987817Z 26 PC: 162ab | Set disk transfer address
2018-12-25T12:21:39.236104716Z 42 PC: 162af | Get date 0x162af: cmp dh, 6
0x162b2: je 0x162c0
0x162b4: cmp dh, 9
0x162b7: je 0x162c7
0x162b9: cmp dh, 4
0x162bc: je 0x162ce
0x162be: jmp 0x1630d
0x162c0: cmp dl, 2
0x162c3: je 0x162d5
0x162c5: jmp 0x1630d
0x162c7: cmp dl, 3
0x162ca: je 0x162e7
0x162cc: jmp 0x1630d
0x162ce: cmp dl, 1
0x162d1: je 0x162f9
0x162d3: jmp 0x1630d
0x162d5: mov ah, 9
0x162d7: lea dx, word ptr [si + 0x3b0]
0x162db: int 0x21
0x162dd: mov ah, 9
2018-12-25T12:21:39.244228559Z 9 PC: 154f8 | Display string (String= 'Keyboard driver installed. (C) 1988,1989 A.Strakhov, AcademySoft. ')
2018-12-25T12:21:39.250341699Z 9 PC: 159b7 | Display string (String= 'Switch RUS/LAT modes : ')
2018-12-25T12:21:39.252784082Z 9 PC: 159c5 | Display string (String= '+')
2018-12-25T12:21:39.257131591Z 9 PC: 159cc | Display string (String= ' ')
2018-12-25T12:21:39.261251053Z 9 PC: 159b7 | Display string (See above)
2018-12-25T12:21:39.263659822Z 9 PC: 159c5 | Display string (See above)
2018-12-25T12:21:39.26808976Z 9 PC: 159cc | Display string (See above)
2018-12-25T12:21:39.27226407Z 73 PC: 15513 | Release memory
2018-12-25T12:21:39.273392736Z 49 PC: 15533 | Terminate and stay resident (Return code = '0' | Memory size = '690')

{"DateBased":true,"Day":3,"Month":9,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8643,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:21:39.090520897Z 26 PC: 16276 | Set disk transfer address
2018-12-25T12:21:39.093204242Z 71 PC: 1628e | Get current directory
2018-12-25T12:21:39.096679537Z 59 PC: 16297 | Change current directory
2018-12-25T12:21:39.100894225Z 47 PC: 16373 | Get disk transfer address
2018-12-25T12:21:39.103616571Z 26 PC: 16380 | Set disk transfer address
2018-12-25T12:21:39.105014173Z 78 PC: 1638b | Find first file
2018-12-25T12:21:39.1111947Z 67 PC: 163af | Get or set file attributes
2018-12-25T12:21:39.117875185Z 67 PC: 163c1 | Get or set file attributes
2018-12-25T12:21:39.135066506Z 61 PC: 163cd | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:21:39.139331039Z 87 PC: 163d8 | Get or set file date and time
2018-12-25T12:21:39.140564006Z 63 PC: 163eb | Read file or device (Read 5 bytes on handle 5)
2018-12-25T12:21:39.145273586Z 66 PC: 1641b | Move file pointer
2018-12-25T12:21:39.14647548Z 64 PC: 16434 | Write file or device (Write 934 bytes on handle 5)
2018-12-25T12:21:39.151959918Z 66 PC: 16443 | Move file pointer
2018-12-25T12:21:39.153772879Z 64 PC: 1644e | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:21:39.15804192Z 87 PC: 16460 | Get or set file date and time
2018-12-25T12:21:39.159111883Z 67 PC: 1646e | Get or set file attributes
2018-12-25T12:21:39.166922104Z 62 PC: 16472 | Close file
2018-12-25T12:21:39.173712485Z 79 PC: 1638b | Find next file (See above)
2018-12-25T12:21:39.176308741Z 67 PC: 163af | Get or set file attributes (See above)
2018-12-25T12:21:39.183135636Z 67 PC: 163c1 | Get or set file attributes (See above)
2018-12-25T12:21:39.192762435Z 61 PC: 163cd | Open file (See above)
2018-12-25T12:21:39.199385365Z 87 PC: 163d8 | Get or set file date and time (See above)
2018-12-25T12:21:39.201460111Z 63 PC: 163eb | Read file or device (See above)
2018-12-25T12:21:39.208533577Z 66 PC: 1641b | Move file pointer (See above)
2018-12-25T12:21:39.211503573Z 64 PC: 16434 | Write file or device (See above)
2018-12-25T12:21:39.220990217Z 66 PC: 16443 | Move file pointer (See above)
2018-12-25T12:21:39.222198691Z 64 PC: 1644e | Write file or device (See above)
2018-12-25T12:21:39.228575163Z 87 PC: 16460 | Get or set file date and time (See above)
2018-12-25T12:21:39.230407874Z 67 PC: 1646e | Get or set file attributes (See above)
2018-12-25T12:21:39.237325778Z 62 PC: 16472 | Close file (See above)
2018-12-25T12:21:39.24164668Z 79 PC: 1638b | Find next file (See above)
2018-12-25T12:21:39.251463311Z 67 PC: 163af | Get or set file attributes (See above)
2018-12-25T12:21:39.25791289Z 67 PC: 163c1 | Get or set file attributes (See above)
2018-12-25T12:21:39.267453296Z 61 PC: 163cd | Open file (See above)
2018-12-25T12:21:39.274209517Z 87 PC: 163d8 | Get or set file date and time (See above)
2018-12-25T12:21:39.275792835Z 63 PC: 163eb | Read file or device (See above)
2018-12-25T12:21:39.282072553Z 66 PC: 1641b | Move file pointer (See above)
2018-12-25T12:21:39.284103684Z 64 PC: 16434 | Write file or device (See above)
2018-12-25T12:21:39.292633885Z 66 PC: 16443 | Move file pointer (See above)
2018-12-25T12:21:39.293841789Z 64 PC: 1644e | Write file or device (See above)
2018-12-25T12:21:39.300373369Z 87 PC: 16460 | Get or set file date and time (See above)
2018-12-25T12:21:39.301722962Z 67 PC: 1646e | Get or set file attributes (See above)
2018-12-25T12:21:39.312357329Z 62 PC: 16472 | Close file (See above)
2018-12-25T12:21:39.319088143Z 79 PC: 1638b | Find next file (See above)
2018-12-25T12:21:39.322044564Z 67 PC: 163af | Get or set file attributes (See above)
2018-12-25T12:21:39.327627768Z 67 PC: 163c1 | Get or set file attributes (See above)
2018-12-25T12:21:39.337163344Z 61 PC: 163cd | Open file (See above)
2018-12-25T12:21:39.344374935Z 87 PC: 163d8 | Get or set file date and time (See above)
2018-12-25T12:21:39.345695828Z 63 PC: 163eb | Read file or device (See above)
2018-12-25T12:21:39.3595091Z 66 PC: 1641b | Move file pointer (See above)
2018-12-25T12:21:39.361202883Z 64 PC: 16434 | Write file or device (See above)
2018-12-25T12:21:39.370038299Z 66 PC: 16443 | Move file pointer (See above)
2018-12-25T12:21:39.371416574Z 64 PC: 1644e | Write file or device (See above)
2018-12-25T12:21:39.378164218Z 87 PC: 16460 | Get or set file date and time (See above)
2018-12-25T12:21:39.379552303Z 67 PC: 1646e | Get or set file attributes (See above)
2018-12-25T12:21:39.391054766Z 62 PC: 16472 | Close file (See above)
2018-12-25T12:21:39.398174034Z 26 PC: 163a5 | Set disk transfer address
2018-12-25T12:21:39.399302419Z 59 PC: 162a2 | Change current directory
2018-12-25T12:21:39.401172163Z 26 PC: 162ab | Set disk transfer address
2018-12-25T12:21:39.402725142Z 42 PC: 162af | Get date 0x162af: cmp dh, 6
0x162b2: je 0x162c0
0x162b4: cmp dh, 9
0x162b7: je 0x162c7
0x162b9: cmp dh, 4
0x162bc: je 0x162ce
0x162be: jmp 0x1630d
0x162c0: cmp dl, 2
0x162c3: je 0x162d5
0x162c5: jmp 0x1630d
0x162c7: cmp dl, 3
0x162ca: je 0x162e7
0x162cc: jmp 0x1630d
0x162ce: cmp dl, 1
0x162d1: je 0x162f9
0x162d3: jmp 0x1630d
0x162d5: mov ah, 9
0x162d7: lea dx, word ptr [si + 0x3b0]
0x162db: int 0x21
0x162dd: mov ah, 9
2018-12-25T12:21:39.404744407Z 9 PC: 162ef | Display string (String= 'Relax man ... relax ... ')
2018-12-25T12:21:39.408504791Z 9 PC: 162f7 | Display string (String= '[VivatNadym] v.2.0 [1998] ')
2018-12-25T12:21:39.413849672Z 0 PC: 1630d | Program terminate