Sample viewer

vx.netlux.org/Virus.DOS.Inch.733

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:50:30.752094238Z 26 PC: 12af5 | Set disk transfer address
2018-12-17T22:50:30.754523805Z 78 PC: 12b1a | Find first file
2018-12-17T22:50:30.760496407Z 67 PC: 12b8a | Get or set file attributes
2018-12-17T22:50:30.776668533Z 61 PC: 12b9a | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:50:30.783321788Z 63 PC: 12bba | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:50:30.789827018Z 66 PC: 12bd9 | Move file pointer
2018-12-17T22:50:30.791086425Z 64 PC: 12bf7 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:50:30.793891692Z 66 PC: 12c74 | Move file pointer
2018-12-17T22:50:30.796190176Z 64 PC: 12c82 | Write file or device (Write 733 bytes on handle 5)
2018-12-17T22:50:30.804232517Z 87 PC: 12c8d | Get or set file date and time
2018-12-17T22:50:30.805645742Z 62 PC: 12c91 | Close file
2018-12-17T22:50:30.814630893Z 67 PC: 12ca1 | Get or set file attributes
2018-12-17T22:50:30.825056307Z 79 PC: 12ca5 | Find next file
2018-12-17T22:50:30.827903756Z 67 PC: 12b8a | Get or set file attributes
2018-12-17T22:50:30.838045575Z 61 PC: 12b9a | Open file (Filename = 'PRINT.COM')
2018-12-17T22:50:30.844593426Z 63 PC: 12bba | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:50:30.850849372Z 66 PC: 12bd9 | Move file pointer
2018-12-17T22:50:30.852851457Z 64 PC: 12bf7 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:50:30.855821518Z 66 PC: 12c74 | Move file pointer
2018-12-17T22:50:30.857083254Z 64 PC: 12c82 | Write file or device (Write 733 bytes on handle 5)
2018-12-17T22:50:30.865568886Z 87 PC: 12c8d | Get or set file date and time
2018-12-17T22:50:30.867373952Z 62 PC: 12c91 | Close file
2018-12-17T22:50:30.875451376Z 67 PC: 12ca1 | Get or set file attributes
2018-12-17T22:50:30.885715237Z 79 PC: 12ca5 | Find next file
2018-12-17T22:50:30.888416279Z 79 PC: 12ca5 | Find next file
2018-12-17T22:50:30.891308386Z 67 PC: 12b8a | Get or set file attributes
2018-12-17T22:50:30.902246604Z 61 PC: 12b9a | Open file (Filename = 'PHANG.COM')
2018-12-17T22:50:30.909010904Z 63 PC: 12bba | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:50:30.915513701Z 66 PC: 12bd9 | Move file pointer
2018-12-17T22:50:30.920699967Z 64 PC: 12bf7 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:50:30.923685136Z 66 PC: 12c74 | Move file pointer
2018-12-17T22:50:30.925019651Z 64 PC: 12c82 | Write file or device (Write 733 bytes on handle 5)
2018-12-17T22:50:30.938057922Z 87 PC: 12c8d | Get or set file date and time
2018-12-17T22:50:30.939644517Z 62 PC: 12c91 | Close file
2018-12-17T22:50:30.947763236Z 67 PC: 12ca1 | Get or set file attributes
2018-12-17T22:50:30.958045399Z 79 PC: 12ca5 | Find next file
2018-12-17T22:50:30.961445796Z 67 PC: 12b8a | Get or set file attributes
2018-12-17T22:50:30.971418791Z 61 PC: 12b9a | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:50:30.978615033Z 63 PC: 12bba | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:50:30.99882308Z 66 PC: 12bd9 | Move file pointer
2018-12-17T22:50:31.00018458Z 64 PC: 12bf7 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:50:31.003096976Z 66 PC: 12c74 | Move file pointer
2018-12-17T22:50:31.004871134Z 64 PC: 12c82 | Write file or device (Write 733 bytes on handle 5)
2018-12-17T22:50:31.013078182Z 87 PC: 12c8d | Get or set file date and time
2018-12-17T22:50:31.014519898Z 62 PC: 12c91 | Close file
2018-12-17T22:50:31.022984878Z 67 PC: 12ca1 | Get or set file attributes
2018-12-17T22:50:31.033198132Z 79 PC: 12ca5 | Find next file
2018-12-17T22:50:31.036106009Z 67 PC: 12b8a | Get or set file attributes
2018-12-17T22:50:31.046820667Z 61 PC: 12b9a | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:50:31.054010548Z 63 PC: 12bba | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:50:31.060366899Z 66 PC: 12bd9 | Move file pointer
2018-12-17T22:50:31.062911727Z 64 PC: 12bf7 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:50:31.065830127Z 66 PC: 12c74 | Move file pointer
2018-12-17T22:50:31.067233411Z 64 PC: 12c82 | Write file or device (Write 733 bytes on handle 5)
2018-12-17T22:50:31.076764324Z 87 PC: 12c8d | Get or set file date and time
2018-12-17T22:50:31.078797213Z 62 PC: 12c91 | Close file
2018-12-17T22:50:31.086594921Z 67 PC: 12ca1 | Get or set file attributes
2018-12-17T22:50:31.097441576Z 79 PC: 12ca5 | Find next file
2018-12-17T22:50:31.100509349Z 67 PC: 12b8a | Get or set file attributes
2018-12-17T22:50:31.110362767Z 61 PC: 12b9a | Open file (Filename = 'PAH.COM')
2018-12-17T22:50:31.117889087Z 63 PC: 12bba | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:50:31.125305916Z 66 PC: 12bd9 | Move file pointer
2018-12-17T22:50:31.126990792Z 64 PC: 12bf7 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:50:31.130213188Z 66 PC: 12c74 | Move file pointer
2018-12-17T22:50:31.132684796Z 64 PC: 12c82 | Write file or device (Write 733 bytes on handle 5)
2018-12-17T22:50:31.141207475Z 87 PC: 12c8d | Get or set file date and time
2018-12-17T22:50:31.143028852Z 62 PC: 12c91 | Close file
2018-12-17T22:50:31.151198423Z 67 PC: 12ca1 | Get or set file attributes
2018-12-17T22:50:31.161123392Z 79 PC: 12ca5 | Find next file
2018-12-17T22:50:31.164203992Z 67 PC: 12b8a | Get or set file attributes
2018-12-17T22:50:31.173932312Z 61 PC: 12b9a | Open file (Filename = 'TEST.COM')
2018-12-17T22:50:31.180416468Z 63 PC: 12bba | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:50:31.183170746Z 66 PC: 12bd9 | Move file pointer
2018-12-17T22:50:31.185418939Z 64 PC: 12bf7 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:50:31.188105673Z 66 PC: 12c74 | Move file pointer
2018-12-17T22:50:31.189408592Z 64 PC: 12c82 | Write file or device (Write 733 bytes on handle 5)
2018-12-17T22:50:31.212316502Z 87 PC: 12c8d | Get or set file date and time
2018-12-17T22:50:31.213825999Z 62 PC: 12c91 | Close file
2018-12-17T22:50:31.222193696Z 67 PC: 12ca1 | Get or set file attributes
2018-12-17T22:50:31.232743564Z 79 PC: 12ca5 | Find next file
2018-12-17T22:50:31.235141518Z 44 PC: 12cae | Get time 0x12cae: cmp ch, 0x12
0x12cb1: jne 0x12cc5
0x12cb3: cmp cl, 0xf
0x12cb6: jg 0x12cc5
0x12cb8: mov dx, word ptr [bp]
0x12cbb: sub dx, 0xaf
0x12cbf: mov ah, 9
0x12cc1: int 0x21
0x12cc3: jmp 0x12cc3
0x12cc5: mov dx, 0x80
0x12cc8: mov ah, 0x1a
0x12cca: int 0x21
0x12ccc: mov ax, 0x100
0x12ccf: push ax
0x12cd0: ret
0x12cd1: pop es
2018-12-17T22:50:31.237241296Z 26 PC: 12ccc | Set disk transfer address

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10239,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:27:34.701287969Z 26 PC: 12af5 | Set disk transfer address
2018-12-25T12:27:34.70315459Z 78 PC: 12b1a | Find first file
2018-12-25T12:27:34.707687869Z 67 PC: 12b8a | Get or set file attributes
2018-12-25T12:27:34.724744023Z 61 PC: 12b9a | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:27:34.732339487Z 63 PC: 12bba | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:27:34.739611129Z 66 PC: 12bd9 | Move file pointer
2018-12-25T12:27:34.741140781Z 64 PC: 12bf7 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:27:34.744485978Z 66 PC: 12c74 | Move file pointer
2018-12-25T12:27:34.746761652Z 64 PC: 12c82 | Write file or device (Write 733 bytes on handle 5)
2018-12-25T12:27:34.75605041Z 87 PC: 12c8d | Get or set file date and time
2018-12-25T12:27:34.75756645Z 62 PC: 12c91 | Close file
2018-12-25T12:27:34.76742989Z 67 PC: 12ca1 | Get or set file attributes
2018-12-25T12:27:34.779001325Z 79 PC: 12ca5 | Find next file
2018-12-25T12:27:34.782066973Z 67 PC: 12b8a | Get or set file attributes (See above)
2018-12-25T12:27:34.793916323Z 61 PC: 12b9a | Open file (See above)
2018-12-25T12:27:34.801498011Z 63 PC: 12bba | Read file or device (See above)
2018-12-25T12:27:34.808803054Z 66 PC: 12bd9 | Move file pointer (See above)
2018-12-25T12:27:34.811377192Z 64 PC: 12bf7 | Write file or device (See above)
2018-12-25T12:27:34.814970284Z 66 PC: 12c74 | Move file pointer (See above)
2018-12-25T12:27:34.816897246Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T12:27:34.828819924Z 87 PC: 12c8d | Get or set file date and time (See above)
2018-12-25T12:27:34.832049157Z 62 PC: 12c91 | Close file (See above)
2018-12-25T12:27:34.841447418Z 67 PC: 12ca1 | Get or set file attributes (See above)
2018-12-25T12:27:34.852521881Z 79 PC: 12ca5 | Find next file (See above)
2018-12-25T12:27:34.855025067Z 79 PC: 12ca5 | Find next file (See above)
2018-12-25T12:27:34.856877623Z 67 PC: 12b8a | Get or set file attributes (See above)
2018-12-25T12:27:34.865092139Z 61 PC: 12b9a | Open file (See above)
2018-12-25T12:27:34.873434232Z 63 PC: 12bba | Read file or device (See above)
2018-12-25T12:27:34.880547896Z 66 PC: 12bd9 | Move file pointer (See above)
2018-12-25T12:27:34.882164252Z 64 PC: 12bf7 | Write file or device (See above)
2018-12-25T12:27:34.892464652Z 66 PC: 12c74 | Move file pointer (See above)
2018-12-25T12:27:34.894125674Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T12:27:34.903267944Z 87 PC: 12c8d | Get or set file date and time (See above)
2018-12-25T12:27:34.905423333Z 62 PC: 12c91 | Close file (See above)
2018-12-25T12:27:34.910845308Z 67 PC: 12ca1 | Get or set file attributes (See above)
2018-12-25T12:27:34.918195232Z 79 PC: 12ca5 | Find next file (See above)
2018-12-25T12:27:34.922411226Z 67 PC: 12b8a | Get or set file attributes (See above)
2018-12-25T12:27:34.929104671Z 61 PC: 12b9a | Open file (See above)
2018-12-25T12:27:34.933717812Z 63 PC: 12bba | Read file or device (See above)
2018-12-25T12:27:34.938302259Z 66 PC: 12bd9 | Move file pointer (See above)
2018-12-25T12:27:34.940091557Z 64 PC: 12bf7 | Write file or device (See above)
2018-12-25T12:27:34.943363088Z 66 PC: 12c74 | Move file pointer (See above)
2018-12-25T12:27:34.94480434Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T12:27:34.953663985Z 87 PC: 12c8d | Get or set file date and time (See above)
2018-12-25T12:27:34.955301985Z 62 PC: 12c91 | Close file (See above)
2018-12-25T12:27:34.964049048Z 67 PC: 12ca1 | Get or set file attributes (See above)
2018-12-25T12:27:34.975687601Z 79 PC: 12ca5 | Find next file (See above)
2018-12-25T12:27:34.979389854Z 67 PC: 12b8a | Get or set file attributes (See above)
2018-12-25T12:27:34.990483597Z 61 PC: 12b9a | Open file (See above)
2018-12-25T12:27:34.998309079Z 63 PC: 12bba | Read file or device (See above)
2018-12-25T12:27:35.005224461Z 66 PC: 12bd9 | Move file pointer (See above)
2018-12-25T12:27:35.0066132Z 64 PC: 12bf7 | Write file or device (See above)
2018-12-25T12:27:35.010190305Z 66 PC: 12c74 | Move file pointer (See above)
2018-12-25T12:27:35.011735219Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T12:27:35.021455765Z 87 PC: 12c8d | Get or set file date and time (See above)
2018-12-25T12:27:35.024086098Z 62 PC: 12c91 | Close file (See above)
2018-12-25T12:27:35.032799754Z 67 PC: 12ca1 | Get or set file attributes (See above)
2018-12-25T12:27:35.04444585Z 79 PC: 12ca5 | Find next file (See above)
2018-12-25T12:27:35.048578328Z 67 PC: 12b8a | Get or set file attributes (See above)
2018-12-25T12:27:35.060105378Z 61 PC: 12b9a | Open file (See above)
2018-12-25T12:27:35.067865945Z 63 PC: 12bba | Read file or device (See above)
2018-12-25T12:27:35.075330631Z 66 PC: 12bd9 | Move file pointer (See above)
2018-12-25T12:27:35.07746169Z 64 PC: 12bf7 | Write file or device (See above)
2018-12-25T12:27:35.080737902Z 66 PC: 12c74 | Move file pointer (See above)
2018-12-25T12:27:35.082264623Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T12:27:35.091501657Z 87 PC: 12c8d | Get or set file date and time (See above)
2018-12-25T12:27:35.093212114Z 62 PC: 12c91 | Close file (See above)
2018-12-25T12:27:35.101321956Z 67 PC: 12ca1 | Get or set file attributes (See above)
2018-12-25T12:27:35.113047524Z 79 PC: 12ca5 | Find next file (See above)
2018-12-25T12:27:35.115854344Z 67 PC: 12b8a | Get or set file attributes (See above)
2018-12-25T12:27:35.126471279Z 61 PC: 12b9a | Open file (See above)
2018-12-25T12:27:35.134642794Z 63 PC: 12bba | Read file or device (See above)
2018-12-25T12:27:35.137557696Z 66 PC: 12bd9 | Move file pointer (See above)
2018-12-25T12:27:35.139055509Z 64 PC: 12bf7 | Write file or device (See above)
2018-12-25T12:27:35.142734606Z 66 PC: 12c74 | Move file pointer (See above)
2018-12-25T12:27:35.144303231Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T12:27:35.154025159Z 87 PC: 12c8d | Get or set file date and time (See above)
2018-12-25T12:27:35.155904279Z 62 PC: 12c91 | Close file (See above)
2018-12-25T12:27:35.167283634Z 67 PC: 12ca1 | Get or set file attributes (See above)
2018-12-25T12:27:35.17902501Z 79 PC: 12ca5 | Find next file (See above)
2018-12-25T12:27:35.181924268Z 44 PC: 12cae | Get time 0x12cae: cmp ch, 0x12
0x12cb1: jne 0x12cc5
0x12cb3: cmp cl, 0xf
0x12cb6: jg 0x12cc5
0x12cb8: mov dx, word ptr [bp]
0x12cbb: sub dx, 0xaf
0x12cbf: mov ah, 9
0x12cc1: int 0x21
0x12cc3: jmp 0x12cc3
0x12cc5: mov dx, 0x80
0x12cc8: mov ah, 0x1a
0x12cca: int 0x21
0x12ccc: mov ax, 0x100
0x12ccf: push ax
0x12cd0: ret
0x12cd1: pop es
2018-12-25T12:27:35.18473395Z 26 PC: 12ccc | Set disk transfer address

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":18,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10239,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:27:34.72531225Z 26 PC: 12af5 | Set disk transfer address
2018-12-25T12:27:34.727592725Z 78 PC: 12b1a | Find first file
2018-12-25T12:27:34.735738401Z 67 PC: 12b8a | Get or set file attributes
2018-12-25T12:27:34.752899908Z 61 PC: 12b9a | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:27:34.760612098Z 63 PC: 12bba | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:27:34.767928456Z 66 PC: 12bd9 | Move file pointer
2018-12-25T12:27:34.769682363Z 64 PC: 12bf7 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:27:34.775237328Z 66 PC: 12c74 | Move file pointer
2018-12-25T12:27:34.777984306Z 64 PC: 12c82 | Write file or device (Write 733 bytes on handle 5)
2018-12-25T12:27:34.787137628Z 87 PC: 12c8d | Get or set file date and time
2018-12-25T12:27:34.789070954Z 62 PC: 12c91 | Close file
2018-12-25T12:27:34.802241136Z 67 PC: 12ca1 | Get or set file attributes
2018-12-25T12:27:34.816770867Z 79 PC: 12ca5 | Find next file
2018-12-25T12:27:34.819596671Z 67 PC: 12b8a | Get or set file attributes (See above)
2018-12-25T12:27:34.831463899Z 61 PC: 12b9a | Open file (See above)
2018-12-25T12:27:34.838929878Z 63 PC: 12bba | Read file or device (See above)
2018-12-25T12:27:34.845935269Z 66 PC: 12bd9 | Move file pointer (See above)
2018-12-25T12:27:34.84852592Z 64 PC: 12bf7 | Write file or device (See above)
2018-12-25T12:27:34.852162554Z 66 PC: 12c74 | Move file pointer (See above)
2018-12-25T12:27:34.854044087Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T12:27:34.863415284Z 87 PC: 12c8d | Get or set file date and time (See above)
2018-12-25T12:27:34.866560555Z 62 PC: 12c91 | Close file (See above)
2018-12-25T12:27:34.875548185Z 67 PC: 12ca1 | Get or set file attributes (See above)
2018-12-25T12:27:34.886746871Z 79 PC: 12ca5 | Find next file (See above)
2018-12-25T12:27:34.893472257Z 79 PC: 12ca5 | Find next file (See above)
2018-12-25T12:27:34.89687978Z 67 PC: 12b8a | Get or set file attributes (See above)
2018-12-25T12:27:34.911282792Z 61 PC: 12b9a | Open file (See above)
2018-12-25T12:27:34.919245561Z 63 PC: 12bba | Read file or device (See above)
2018-12-25T12:27:34.926201783Z 66 PC: 12bd9 | Move file pointer (See above)
2018-12-25T12:27:34.927630836Z 64 PC: 12bf7 | Write file or device (See above)
2018-12-25T12:27:34.932379391Z 66 PC: 12c74 | Move file pointer (See above)
2018-12-25T12:27:34.933869469Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T12:27:34.942231989Z 87 PC: 12c8d | Get or set file date and time (See above)
2018-12-25T12:27:34.944151421Z 62 PC: 12c91 | Close file (See above)
2018-12-25T12:27:34.951761298Z 67 PC: 12ca1 | Get or set file attributes (See above)
2018-12-25T12:27:34.961488936Z 79 PC: 12ca5 | Find next file (See above)
2018-12-25T12:27:34.963745198Z 67 PC: 12b8a | Get or set file attributes (See above)
2018-12-25T12:27:34.969995418Z 61 PC: 12b9a | Open file (See above)
2018-12-25T12:27:34.974183247Z 63 PC: 12bba | Read file or device (See above)
2018-12-25T12:27:34.978798825Z 66 PC: 12bd9 | Move file pointer (See above)
2018-12-25T12:27:34.979827772Z 64 PC: 12bf7 | Write file or device (See above)
2018-12-25T12:27:34.981780328Z 66 PC: 12c74 | Move file pointer (See above)
2018-12-25T12:27:34.983232576Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T12:27:34.988368527Z 87 PC: 12c8d | Get or set file date and time (See above)
2018-12-25T12:27:34.989543351Z 62 PC: 12c91 | Close file (See above)
2018-12-25T12:27:34.996373044Z 67 PC: 12ca1 | Get or set file attributes (See above)
2018-12-25T12:27:35.007176584Z 79 PC: 12ca5 | Find next file (See above)
2018-12-25T12:27:35.010023229Z 67 PC: 12b8a | Get or set file attributes (See above)
2018-12-25T12:27:35.021055053Z 61 PC: 12b9a | Open file (See above)
2018-12-25T12:27:35.028517507Z 63 PC: 12bba | Read file or device (See above)
2018-12-25T12:27:35.035462246Z 66 PC: 12bd9 | Move file pointer (See above)
2018-12-25T12:27:35.036802055Z 64 PC: 12bf7 | Write file or device (See above)
2018-12-25T12:27:35.040627873Z 66 PC: 12c74 | Move file pointer (See above)
2018-12-25T12:27:35.042507855Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T12:27:35.05206714Z 87 PC: 12c8d | Get or set file date and time (See above)
2018-12-25T12:27:35.053673981Z 62 PC: 12c91 | Close file (See above)
2018-12-25T12:27:35.062481346Z 67 PC: 12ca1 | Get or set file attributes (See above)
2018-12-25T12:27:35.073169465Z 79 PC: 12ca5 | Find next file (See above)
2018-12-25T12:27:35.076646927Z 67 PC: 12b8a | Get or set file attributes (See above)
2018-12-25T12:27:35.087421979Z 61 PC: 12b9a | Open file (See above)
2018-12-25T12:27:35.095214165Z 63 PC: 12bba | Read file or device (See above)
2018-12-25T12:27:35.10354568Z 66 PC: 12bd9 | Move file pointer (See above)
2018-12-25T12:27:35.105035234Z 64 PC: 12bf7 | Write file or device (See above)
2018-12-25T12:27:35.108148662Z 66 PC: 12c74 | Move file pointer (See above)
2018-12-25T12:27:35.110252379Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T12:27:35.118876289Z 87 PC: 12c8d | Get or set file date and time (See above)
2018-12-25T12:27:35.121242681Z 62 PC: 12c91 | Close file (See above)
2018-12-25T12:27:35.129955312Z 67 PC: 12ca1 | Get or set file attributes (See above)
2018-12-25T12:27:35.140709759Z 79 PC: 12ca5 | Find next file (See above)
2018-12-25T12:27:35.143540383Z 67 PC: 12b8a | Get or set file attributes (See above)
2018-12-25T12:27:35.154573329Z 61 PC: 12b9a | Open file (See above)
2018-12-25T12:27:35.161996187Z 63 PC: 12bba | Read file or device (See above)
2018-12-25T12:27:35.164806591Z 66 PC: 12bd9 | Move file pointer (See above)
2018-12-25T12:27:35.166848488Z 64 PC: 12bf7 | Write file or device (See above)
2018-12-25T12:27:35.170188491Z 66 PC: 12c74 | Move file pointer (See above)
2018-12-25T12:27:35.171728991Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T12:27:35.181894182Z 87 PC: 12c8d | Get or set file date and time (See above)
2018-12-25T12:27:35.184897706Z 62 PC: 12c91 | Close file (See above)
2018-12-25T12:27:35.194159888Z 67 PC: 12ca1 | Get or set file attributes (See above)
2018-12-25T12:27:35.203366422Z 79 PC: 12ca5 | Find next file (See above)
2018-12-25T12:27:35.205696366Z 44 PC: 12cae | Get time 0x12cae: cmp ch, 0x12
0x12cb1: jne 0x12cc5
0x12cb3: cmp cl, 0xf
0x12cb6: jg 0x12cc5
0x12cb8: mov dx, word ptr [bp]
0x12cbb: sub dx, 0xaf
0x12cbf: mov ah, 9
0x12cc1: int 0x21
0x12cc3: jmp 0x12cc3
0x12cc5: mov dx, 0x80
0x12cc8: mov ah, 0x1a
0x12cca: int 0x21
0x12ccc: mov ax, 0x100
0x12ccf: push ax
0x12cd0: ret
0x12cd1: pop es
2018-12-25T12:27:35.20797424Z 9 PC: 12cc3 | Display string (String= '���⨬ ���������� ������ ��⠩᪮�� 堪��, 㡨⮣� ����묨 ����㭨�⠬�.')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":18,"Min":16,"Second":0,"TimeBased":true,"OriginalID":10239,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:27:34.755480861Z 26 PC: 12af5 | Set disk transfer address
2018-12-25T12:27:34.757912058Z 78 PC: 12b1a | Find first file
2018-12-25T12:27:34.765563754Z 67 PC: 12b8a | Get or set file attributes
2018-12-25T12:27:34.793184273Z 61 PC: 12b9a | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:27:34.798924518Z 63 PC: 12bba | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:27:34.803706163Z 66 PC: 12bd9 | Move file pointer
2018-12-25T12:27:34.805030619Z 64 PC: 12bf7 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:27:34.807707597Z 66 PC: 12c74 | Move file pointer
2018-12-25T12:27:34.809019463Z 64 PC: 12c82 | Write file or device (Write 733 bytes on handle 5)
2018-12-25T12:27:34.823343159Z 87 PC: 12c8d | Get or set file date and time
2018-12-25T12:27:34.82522738Z 62 PC: 12c91 | Close file
2018-12-25T12:27:34.845894455Z 67 PC: 12ca1 | Get or set file attributes
2018-12-25T12:27:34.855132578Z 79 PC: 12ca5 | Find next file
2018-12-25T12:27:34.857518369Z 67 PC: 12b8a | Get or set file attributes (See above)
2018-12-25T12:27:34.867711361Z 61 PC: 12b9a | Open file (See above)
2018-12-25T12:27:34.873591198Z 63 PC: 12bba | Read file or device (See above)
2018-12-25T12:27:34.879502331Z 66 PC: 12bd9 | Move file pointer (See above)
2018-12-25T12:27:34.881983599Z 64 PC: 12bf7 | Write file or device (See above)
2018-12-25T12:27:34.884809694Z 66 PC: 12c74 | Move file pointer (See above)
2018-12-25T12:27:34.88610663Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T12:27:34.893985314Z 87 PC: 12c8d | Get or set file date and time (See above)
2018-12-25T12:27:34.89554083Z 62 PC: 12c91 | Close file (See above)
2018-12-25T12:27:34.902754246Z 67 PC: 12ca1 | Get or set file attributes (See above)
2018-12-25T12:27:34.912325676Z 79 PC: 12ca5 | Find next file (See above)
2018-12-25T12:27:34.914867369Z 79 PC: 12ca5 | Find next file (See above)
2018-12-25T12:27:34.917287436Z 67 PC: 12b8a | Get or set file attributes (See above)
2018-12-25T12:27:34.926222451Z 61 PC: 12b9a | Open file (See above)
2018-12-25T12:27:34.933287594Z 63 PC: 12bba | Read file or device (See above)
2018-12-25T12:27:34.93957111Z 66 PC: 12bd9 | Move file pointer (See above)
2018-12-25T12:27:34.940855422Z 64 PC: 12bf7 | Write file or device (See above)
2018-12-25T12:27:34.944239916Z 66 PC: 12c74 | Move file pointer (See above)
2018-12-25T12:27:34.945608804Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T12:27:34.953509413Z 87 PC: 12c8d | Get or set file date and time (See above)
2018-12-25T12:27:34.955875171Z 62 PC: 12c91 | Close file (See above)
2018-12-25T12:27:34.968396477Z 67 PC: 12ca1 | Get or set file attributes (See above)
2018-12-25T12:27:34.988690328Z 79 PC: 12ca5 | Find next file (See above)
2018-12-25T12:27:34.999641337Z 67 PC: 12b8a | Get or set file attributes (See above)
2018-12-25T12:27:35.009884984Z 61 PC: 12b9a | Open file (See above)
2018-12-25T12:27:35.016367979Z 63 PC: 12bba | Read file or device (See above)
2018-12-25T12:27:35.021259944Z 66 PC: 12bd9 | Move file pointer (See above)
2018-12-25T12:27:35.023101149Z 64 PC: 12bf7 | Write file or device (See above)
2018-12-25T12:27:35.026136514Z 66 PC: 12c74 | Move file pointer (See above)
2018-12-25T12:27:35.028217204Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T12:27:35.03633964Z 87 PC: 12c8d | Get or set file date and time (See above)
2018-12-25T12:27:35.037738527Z 62 PC: 12c91 | Close file (See above)
2018-12-25T12:27:35.045573662Z 67 PC: 12ca1 | Get or set file attributes (See above)
2018-12-25T12:27:35.055237972Z 79 PC: 12ca5 | Find next file (See above)
2018-12-25T12:27:35.057985048Z 67 PC: 12b8a | Get or set file attributes (See above)
2018-12-25T12:27:35.067779845Z 61 PC: 12b9a | Open file (See above)
2018-12-25T12:27:35.074179974Z 63 PC: 12bba | Read file or device (See above)
2018-12-25T12:27:35.08032412Z 66 PC: 12bd9 | Move file pointer (See above)
2018-12-25T12:27:35.082358718Z 64 PC: 12bf7 | Write file or device (See above)
2018-12-25T12:27:35.085264958Z 66 PC: 12c74 | Move file pointer (See above)
2018-12-25T12:27:35.086527062Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T12:27:35.096189225Z 87 PC: 12c8d | Get or set file date and time (See above)
2018-12-25T12:27:35.097634999Z 62 PC: 12c91 | Close file (See above)
2018-12-25T12:27:35.105600302Z 67 PC: 12ca1 | Get or set file attributes (See above)
2018-12-25T12:27:35.116387382Z 79 PC: 12ca5 | Find next file (See above)
2018-12-25T12:27:35.119038996Z 67 PC: 12b8a | Get or set file attributes (See above)
2018-12-25T12:27:35.129113343Z 61 PC: 12b9a | Open file (See above)
2018-12-25T12:27:35.136358557Z 63 PC: 12bba | Read file or device (See above)
2018-12-25T12:27:35.142733302Z 66 PC: 12bd9 | Move file pointer (See above)
2018-12-25T12:27:35.144004379Z 64 PC: 12bf7 | Write file or device (See above)
2018-12-25T12:27:35.147625551Z 66 PC: 12c74 | Move file pointer (See above)
2018-12-25T12:27:35.148917539Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T12:27:35.156515276Z 87 PC: 12c8d | Get or set file date and time (See above)
2018-12-25T12:27:35.15845515Z 62 PC: 12c91 | Close file (See above)
2018-12-25T12:27:35.166063488Z 67 PC: 12ca1 | Get or set file attributes (See above)
2018-12-25T12:27:35.17582673Z 79 PC: 12ca5 | Find next file (See above)
2018-12-25T12:27:35.179564179Z 67 PC: 12b8a | Get or set file attributes (See above)
2018-12-25T12:27:35.190072097Z 61 PC: 12b9a | Open file (See above)
2018-12-25T12:27:35.196700124Z 63 PC: 12bba | Read file or device (See above)
2018-12-25T12:27:35.200167242Z 66 PC: 12bd9 | Move file pointer (See above)
2018-12-25T12:27:35.201988393Z 64 PC: 12bf7 | Write file or device (See above)
2018-12-25T12:27:35.204675643Z 66 PC: 12c74 | Move file pointer (See above)
2018-12-25T12:27:35.206393957Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T12:27:35.214038307Z 87 PC: 12c8d | Get or set file date and time (See above)
2018-12-25T12:27:35.215412854Z 62 PC: 12c91 | Close file (See above)
2018-12-25T12:27:35.223586735Z 67 PC: 12ca1 | Get or set file attributes (See above)
2018-12-25T12:27:35.235922233Z 79 PC: 12ca5 | Find next file (See above)
2018-12-25T12:27:35.238175964Z 44 PC: 12cae | Get time 0x12cae: cmp ch, 0x12
0x12cb1: jne 0x12cc5
0x12cb3: cmp cl, 0xf
0x12cb6: jg 0x12cc5
0x12cb8: mov dx, word ptr [bp]
0x12cbb: sub dx, 0xaf
0x12cbf: mov ah, 9
0x12cc1: int 0x21
0x12cc3: jmp 0x12cc3
0x12cc5: mov dx, 0x80
0x12cc8: mov ah, 0x1a
0x12cca: int 0x21
0x12ccc: mov ax, 0x100
0x12ccf: push ax
0x12cd0: ret
0x12cd1: pop es
2018-12-25T12:27:35.240876544Z 26 PC: 12ccc | Set disk transfer address

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":18,"Min":16,"Second":0,"TimeBased":true,"OriginalID":10239,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:27:34.782702824Z 26 PC: 12af5 | Set disk transfer address
2018-12-25T12:27:34.785341163Z 78 PC: 12b1a | Find first file
2018-12-25T12:27:34.791604512Z 67 PC: 12b8a | Get or set file attributes
2018-12-25T12:27:34.827043514Z 61 PC: 12b9a | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:27:34.834641316Z 63 PC: 12bba | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:27:34.841173628Z 66 PC: 12bd9 | Move file pointer
2018-12-25T12:27:34.842922462Z 64 PC: 12bf7 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:27:34.846684725Z 66 PC: 12c74 | Move file pointer
2018-12-25T12:27:34.851669654Z 64 PC: 12c82 | Write file or device (Write 733 bytes on handle 5)
2018-12-25T12:27:34.874345599Z 87 PC: 12c8d | Get or set file date and time
2018-12-25T12:27:34.87638189Z 62 PC: 12c91 | Close file
2018-12-25T12:27:34.884178474Z 67 PC: 12ca1 | Get or set file attributes
2018-12-25T12:27:34.894104859Z 79 PC: 12ca5 | Find next file
2018-12-25T12:27:34.897108023Z 67 PC: 12b8a | Get or set file attributes (See above)
2018-12-25T12:27:34.907586128Z 61 PC: 12b9a | Open file (See above)
2018-12-25T12:27:34.914363231Z 63 PC: 12bba | Read file or device (See above)
2018-12-25T12:27:34.920933395Z 66 PC: 12bd9 | Move file pointer (See above)
2018-12-25T12:27:34.923454642Z 64 PC: 12bf7 | Write file or device (See above)
2018-12-25T12:27:34.926603229Z 66 PC: 12c74 | Move file pointer (See above)
2018-12-25T12:27:34.927993819Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T12:27:34.936811392Z 87 PC: 12c8d | Get or set file date and time (See above)
2018-12-25T12:27:34.939345091Z 62 PC: 12c91 | Close file (See above)
2018-12-25T12:27:34.947004953Z 67 PC: 12ca1 | Get or set file attributes (See above)
2018-12-25T12:27:34.956978387Z 79 PC: 12ca5 | Find next file (See above)
2018-12-25T12:27:34.95986342Z 79 PC: 12ca5 | Find next file (See above)
2018-12-25T12:27:34.962692285Z 67 PC: 12b8a | Get or set file attributes (See above)
2018-12-25T12:27:34.972793351Z 61 PC: 12b9a | Open file (See above)
2018-12-25T12:27:34.979570307Z 63 PC: 12bba | Read file or device (See above)
2018-12-25T12:27:34.985780325Z 66 PC: 12bd9 | Move file pointer (See above)
2018-12-25T12:27:34.988095965Z 64 PC: 12bf7 | Write file or device (See above)
2018-12-25T12:27:34.99135692Z 66 PC: 12c74 | Move file pointer (See above)
2018-12-25T12:27:34.992963785Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T12:27:35.00179715Z 87 PC: 12c8d | Get or set file date and time (See above)
2018-12-25T12:27:35.003697155Z 62 PC: 12c91 | Close file (See above)
2018-12-25T12:27:35.011649091Z 67 PC: 12ca1 | Get or set file attributes (See above)
2018-12-25T12:27:35.021600666Z 79 PC: 12ca5 | Find next file (See above)
2018-12-25T12:27:35.025055197Z 67 PC: 12b8a | Get or set file attributes (See above)
2018-12-25T12:27:35.034605676Z 61 PC: 12b9a | Open file (See above)
2018-12-25T12:27:35.041135063Z 63 PC: 12bba | Read file or device (See above)
2018-12-25T12:27:35.048627753Z 66 PC: 12bd9 | Move file pointer (See above)
2018-12-25T12:27:35.050030155Z 64 PC: 12bf7 | Write file or device (See above)
2018-12-25T12:27:35.0529597Z 66 PC: 12c74 | Move file pointer (See above)
2018-12-25T12:27:35.055094764Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T12:27:35.063145532Z 87 PC: 12c8d | Get or set file date and time (See above)
2018-12-25T12:27:35.064869429Z 62 PC: 12c91 | Close file (See above)
2018-12-25T12:27:35.073323173Z 67 PC: 12ca1 | Get or set file attributes (See above)
2018-12-25T12:27:35.083064645Z 79 PC: 12ca5 | Find next file (See above)
2018-12-25T12:27:35.085965042Z 67 PC: 12b8a | Get or set file attributes (See above)
2018-12-25T12:27:35.096660132Z 61 PC: 12b9a | Open file (See above)
2018-12-25T12:27:35.103450373Z 63 PC: 12bba | Read file or device (See above)
2018-12-25T12:27:35.109566213Z 66 PC: 12bd9 | Move file pointer (See above)
2018-12-25T12:27:35.111927217Z 64 PC: 12bf7 | Write file or device (See above)
2018-12-25T12:27:35.115724813Z 66 PC: 12c74 | Move file pointer (See above)
2018-12-25T12:27:35.117312351Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T12:27:35.125819981Z 87 PC: 12c8d | Get or set file date and time (See above)
2018-12-25T12:27:35.128121415Z 62 PC: 12c91 | Close file (See above)
2018-12-25T12:27:35.135420337Z 67 PC: 12ca1 | Get or set file attributes (See above)
2018-12-25T12:27:35.147841116Z 79 PC: 12ca5 | Find next file (See above)
2018-12-25T12:27:35.151298855Z 67 PC: 12b8a | Get or set file attributes (See above)
2018-12-25T12:27:35.160778523Z 61 PC: 12b9a | Open file (See above)
2018-12-25T12:27:35.167219047Z 63 PC: 12bba | Read file or device (See above)
2018-12-25T12:27:35.17389654Z 66 PC: 12bd9 | Move file pointer (See above)
2018-12-25T12:27:35.175240533Z 64 PC: 12bf7 | Write file or device (See above)
2018-12-25T12:27:35.178106363Z 66 PC: 12c74 | Move file pointer (See above)
2018-12-25T12:27:35.180440967Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T12:27:35.188195083Z 87 PC: 12c8d | Get or set file date and time (See above)
2018-12-25T12:27:35.190343209Z 62 PC: 12c91 | Close file (See above)
2018-12-25T12:27:35.198550452Z 67 PC: 12ca1 | Get or set file attributes (See above)
2018-12-25T12:27:35.208579907Z 79 PC: 12ca5 | Find next file (See above)
2018-12-25T12:27:35.211396288Z 67 PC: 12b8a | Get or set file attributes (See above)
2018-12-25T12:27:35.222038545Z 61 PC: 12b9a | Open file (See above)
2018-12-25T12:27:35.228542293Z 63 PC: 12bba | Read file or device (See above)
2018-12-25T12:27:35.234762495Z 66 PC: 12bd9 | Move file pointer (See above)
2018-12-25T12:27:35.237253681Z 64 PC: 12bf7 | Write file or device (See above)
2018-12-25T12:27:35.23982156Z 66 PC: 12c74 | Move file pointer (See above)
2018-12-25T12:27:35.241338914Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T12:27:35.25077679Z 87 PC: 12c8d | Get or set file date and time (See above)
2018-12-25T12:27:35.252216386Z 62 PC: 12c91 | Close file (See above)
2018-12-25T12:27:35.259808388Z 67 PC: 12ca1 | Get or set file attributes (See above)
2018-12-25T12:27:35.270683489Z 79 PC: 12ca5 | Find next file (See above)
2018-12-25T12:27:35.272841291Z 44 PC: 12cae | Get time 0x12cae: cmp ch, 0x12
0x12cb1: jne 0x12cc5
0x12cb3: cmp cl, 0xf
0x12cb6: jg 0x12cc5
0x12cb8: mov dx, word ptr [bp]
0x12cbb: sub dx, 0xaf
0x12cbf: mov ah, 9
0x12cc1: int 0x21
0x12cc3: jmp 0x12cc3
0x12cc5: mov dx, 0x80
0x12cc8: mov ah, 0x1a
0x12cca: int 0x21
0x12ccc: mov ax, 0x100
0x12ccf: push ax
0x12cd0: ret
0x12cd1: pop es
2018-12-25T12:27:35.274873903Z 26 PC: 12ccc | Set disk transfer address

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10239,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:27:34.781349113Z 26 PC: 12af5 | Set disk transfer address
2018-12-25T12:27:34.783668928Z 78 PC: 12b1a | Find first file
2018-12-25T12:27:34.789790318Z 67 PC: 12b8a | Get or set file attributes
2018-12-25T12:27:34.805376453Z 61 PC: 12b9a | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:27:34.817661096Z 63 PC: 12bba | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:27:34.824405696Z 66 PC: 12bd9 | Move file pointer
2018-12-25T12:27:34.825964801Z 64 PC: 12bf7 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:27:34.82901373Z 66 PC: 12c74 | Move file pointer
2018-12-25T12:27:34.831220638Z 64 PC: 12c82 | Write file or device (Write 733 bytes on handle 5)
2018-12-25T12:27:34.839515604Z 87 PC: 12c8d | Get or set file date and time
2018-12-25T12:27:34.841185202Z 62 PC: 12c91 | Close file
2018-12-25T12:27:34.849293298Z 67 PC: 12ca1 | Get or set file attributes
2018-12-25T12:27:34.858914344Z 79 PC: 12ca5 | Find next file
2018-12-25T12:27:34.861771885Z 67 PC: 12b8a | Get or set file attributes (See above)
2018-12-25T12:27:34.872467473Z 61 PC: 12b9a | Open file (See above)
2018-12-25T12:27:34.879470683Z 63 PC: 12bba | Read file or device (See above)
2018-12-25T12:27:34.885657328Z 66 PC: 12bd9 | Move file pointer (See above)
2018-12-25T12:27:34.887999672Z 64 PC: 12bf7 | Write file or device (See above)
2018-12-25T12:27:34.890796631Z 66 PC: 12c74 | Move file pointer (See above)
2018-12-25T12:27:34.892090702Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T12:27:34.899853332Z 87 PC: 12c8d | Get or set file date and time (See above)
2018-12-25T12:27:34.902701419Z 62 PC: 12c91 | Close file (See above)
2018-12-25T12:27:34.91025114Z 67 PC: 12ca1 | Get or set file attributes (See above)
2018-12-25T12:27:34.919848203Z 79 PC: 12ca5 | Find next file (See above)
2018-12-25T12:27:34.923567634Z 79 PC: 12ca5 | Find next file (See above)
2018-12-25T12:27:34.926024664Z 67 PC: 12b8a | Get or set file attributes (See above)
2018-12-25T12:27:34.935291424Z 61 PC: 12b9a | Open file (See above)
2018-12-25T12:27:34.942481737Z 63 PC: 12bba | Read file or device (See above)
2018-12-25T12:27:34.949003425Z 66 PC: 12bd9 | Move file pointer (See above)
2018-12-25T12:27:34.950332518Z 64 PC: 12bf7 | Write file or device (See above)
2018-12-25T12:27:34.953789852Z 66 PC: 12c74 | Move file pointer (See above)
2018-12-25T12:27:34.955358811Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T12:27:34.963166928Z 87 PC: 12c8d | Get or set file date and time (See above)
2018-12-25T12:27:34.965532904Z 62 PC: 12c91 | Close file (See above)
2018-12-25T12:27:34.973068411Z 67 PC: 12ca1 | Get or set file attributes (See above)
2018-12-25T12:27:34.987895093Z 79 PC: 12ca5 | Find next file (See above)
2018-12-25T12:27:34.991493013Z 67 PC: 12b8a | Get or set file attributes (See above)
2018-12-25T12:27:35.00188081Z 61 PC: 12b9a | Open file (See above)
2018-12-25T12:27:35.008427813Z 63 PC: 12bba | Read file or device (See above)
2018-12-25T12:27:35.015613401Z 66 PC: 12bd9 | Move file pointer (See above)
2018-12-25T12:27:35.016969938Z 64 PC: 12bf7 | Write file or device (See above)
2018-12-25T12:27:35.019865931Z 66 PC: 12c74 | Move file pointer (See above)
2018-12-25T12:27:35.022356482Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T12:27:35.030182308Z 87 PC: 12c8d | Get or set file date and time (See above)
2018-12-25T12:27:35.031622976Z 62 PC: 12c91 | Close file (See above)
2018-12-25T12:27:35.039761063Z 67 PC: 12ca1 | Get or set file attributes (See above)
2018-12-25T12:27:35.049377023Z 79 PC: 12ca5 | Find next file (See above)
2018-12-25T12:27:35.052784278Z 67 PC: 12b8a | Get or set file attributes (See above)
2018-12-25T12:27:35.063224484Z 61 PC: 12b9a | Open file (See above)
2018-12-25T12:27:35.070074715Z 63 PC: 12bba | Read file or device (See above)
2018-12-25T12:27:35.07686308Z 66 PC: 12bd9 | Move file pointer (See above)
2018-12-25T12:27:35.079221806Z 64 PC: 12bf7 | Write file or device (See above)
2018-12-25T12:27:35.082849108Z 66 PC: 12c74 | Move file pointer (See above)
2018-12-25T12:27:35.084199585Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T12:27:35.093479178Z 87 PC: 12c8d | Get or set file date and time (See above)
2018-12-25T12:27:35.095384177Z 62 PC: 12c91 | Close file (See above)
2018-12-25T12:27:35.102771071Z 67 PC: 12ca1 | Get or set file attributes (See above)
2018-12-25T12:27:35.112668087Z 79 PC: 12ca5 | Find next file (See above)
2018-12-25T12:27:35.116327285Z 67 PC: 12b8a | Get or set file attributes (See above)
2018-12-25T12:27:35.127019443Z 61 PC: 12b9a | Open file (See above)
2018-12-25T12:27:35.133612187Z 63 PC: 12bba | Read file or device (See above)
2018-12-25T12:27:35.140188574Z 66 PC: 12bd9 | Move file pointer (See above)
2018-12-25T12:27:35.141495304Z 64 PC: 12bf7 | Write file or device (See above)
2018-12-25T12:27:35.145469778Z 66 PC: 12c74 | Move file pointer (See above)
2018-12-25T12:27:35.148019212Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T12:27:35.155904457Z 87 PC: 12c8d | Get or set file date and time (See above)
2018-12-25T12:27:35.15730767Z 62 PC: 12c91 | Close file (See above)
2018-12-25T12:27:35.16526063Z 67 PC: 12ca1 | Get or set file attributes (See above)
2018-12-25T12:27:35.174928333Z 79 PC: 12ca5 | Find next file (See above)
2018-12-25T12:27:35.176759531Z 67 PC: 12b8a | Get or set file attributes (See above)
2018-12-25T12:27:35.183371473Z 61 PC: 12b9a | Open file (See above)
2018-12-25T12:27:35.187856217Z 63 PC: 12bba | Read file or device (See above)
2018-12-25T12:27:35.192251344Z 66 PC: 12bd9 | Move file pointer (See above)
2018-12-25T12:27:35.194015167Z 64 PC: 12bf7 | Write file or device (See above)
2018-12-25T12:27:35.196232131Z 66 PC: 12c74 | Move file pointer (See above)
2018-12-25T12:27:35.197392857Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T12:27:35.20384427Z 87 PC: 12c8d | Get or set file date and time (See above)
2018-12-25T12:27:35.205081213Z 62 PC: 12c91 | Close file (See above)
2018-12-25T12:27:35.211254933Z 67 PC: 12ca1 | Get or set file attributes (See above)
2018-12-25T12:27:35.218101803Z 79 PC: 12ca5 | Find next file (See above)
2018-12-25T12:27:35.219846577Z 44 PC: 12cae | Get time 0x12cae: cmp ch, 0x12
0x12cb1: jne 0x12cc5
0x12cb3: cmp cl, 0xf
0x12cb6: jg 0x12cc5
0x12cb8: mov dx, word ptr [bp]
0x12cbb: sub dx, 0xaf
0x12cbf: mov ah, 9
0x12cc1: int 0x21
0x12cc3: jmp 0x12cc3
0x12cc5: mov dx, 0x80
0x12cc8: mov ah, 0x1a
0x12cca: int 0x21
0x12ccc: mov ax, 0x100
0x12ccf: push ax
0x12cd0: ret
0x12cd1: pop es
2018-12-25T12:27:35.221447927Z 26 PC: 12ccc | Set disk transfer address

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":18,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10239,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:27:34.788951493Z 26 PC: 12af5 | Set disk transfer address
2018-12-25T12:27:34.791013124Z 78 PC: 12b1a | Find first file
2018-12-25T12:27:34.798762312Z 67 PC: 12b8a | Get or set file attributes
2018-12-25T12:27:34.818290281Z 61 PC: 12b9a | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:27:34.826163467Z 63 PC: 12bba | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:27:34.833498112Z 66 PC: 12bd9 | Move file pointer
2018-12-25T12:27:34.834724956Z 64 PC: 12bf7 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:27:34.836950104Z 66 PC: 12c74 | Move file pointer
2018-12-25T12:27:34.838877784Z 64 PC: 12c82 | Write file or device (Write 733 bytes on handle 5)
2018-12-25T12:27:34.844634559Z 87 PC: 12c8d | Get or set file date and time
2018-12-25T12:27:34.846074555Z 62 PC: 12c91 | Close file
2018-12-25T12:27:34.85286538Z 67 PC: 12ca1 | Get or set file attributes
2018-12-25T12:27:34.863876488Z 79 PC: 12ca5 | Find next file
2018-12-25T12:27:34.87286086Z 67 PC: 12b8a | Get or set file attributes (See above)
2018-12-25T12:27:34.885052172Z 61 PC: 12b9a | Open file (See above)
2018-12-25T12:27:34.892514559Z 63 PC: 12bba | Read file or device (See above)
2018-12-25T12:27:34.899613957Z 66 PC: 12bd9 | Move file pointer (See above)
2018-12-25T12:27:34.901166935Z 64 PC: 12bf7 | Write file or device (See above)
2018-12-25T12:27:34.903728491Z 66 PC: 12c74 | Move file pointer (See above)
2018-12-25T12:27:34.90536414Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T12:27:34.914661589Z 87 PC: 12c8d | Get or set file date and time (See above)
2018-12-25T12:27:34.916687161Z 62 PC: 12c91 | Close file (See above)
2018-12-25T12:27:34.925217518Z 67 PC: 12ca1 | Get or set file attributes (See above)
2018-12-25T12:27:34.936691449Z 79 PC: 12ca5 | Find next file (See above)
2018-12-25T12:27:34.940457156Z 79 PC: 12ca5 | Find next file (See above)
2018-12-25T12:27:34.944077947Z 67 PC: 12b8a | Get or set file attributes (See above)
2018-12-25T12:27:34.954703093Z 61 PC: 12b9a | Open file (See above)
2018-12-25T12:27:34.962439116Z 63 PC: 12bba | Read file or device (See above)
2018-12-25T12:27:34.969492225Z 66 PC: 12bd9 | Move file pointer (See above)
2018-12-25T12:27:34.970797054Z 64 PC: 12bf7 | Write file or device (See above)
2018-12-25T12:27:34.973476965Z 66 PC: 12c74 | Move file pointer (See above)
2018-12-25T12:27:34.97470125Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T12:27:34.983386035Z 87 PC: 12c8d | Get or set file date and time (See above)
2018-12-25T12:27:34.985565351Z 62 PC: 12c91 | Close file (See above)
2018-12-25T12:27:34.994355455Z 67 PC: 12ca1 | Get or set file attributes (See above)
2018-12-25T12:27:35.005642615Z 79 PC: 12ca5 | Find next file (See above)
2018-12-25T12:27:35.009351408Z 67 PC: 12b8a | Get or set file attributes (See above)
2018-12-25T12:27:35.02029154Z 61 PC: 12b9a | Open file (See above)
2018-12-25T12:27:35.025256889Z 63 PC: 12bba | Read file or device (See above)
2018-12-25T12:27:35.030856579Z 66 PC: 12bd9 | Move file pointer (See above)
2018-12-25T12:27:35.032402991Z 64 PC: 12bf7 | Write file or device (See above)
2018-12-25T12:27:35.035544182Z 66 PC: 12c74 | Move file pointer (See above)
2018-12-25T12:27:35.037172817Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T12:27:35.046298985Z 87 PC: 12c8d | Get or set file date and time (See above)
2018-12-25T12:27:35.048064476Z 62 PC: 12c91 | Close file (See above)
2018-12-25T12:27:35.056351096Z 67 PC: 12ca1 | Get or set file attributes (See above)
2018-12-25T12:27:35.073619964Z 79 PC: 12ca5 | Find next file (See above)
2018-12-25T12:27:35.076878784Z 67 PC: 12b8a | Get or set file attributes (See above)
2018-12-25T12:27:35.08766324Z 61 PC: 12b9a | Open file (See above)
2018-12-25T12:27:35.095657443Z 63 PC: 12bba | Read file or device (See above)
2018-12-25T12:27:35.103259977Z 66 PC: 12bd9 | Move file pointer (See above)
2018-12-25T12:27:35.105268574Z 64 PC: 12bf7 | Write file or device (See above)
2018-12-25T12:27:35.109269741Z 66 PC: 12c74 | Move file pointer (See above)
2018-12-25T12:27:35.110974956Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T12:27:35.120488223Z 87 PC: 12c8d | Get or set file date and time (See above)
2018-12-25T12:27:35.122818346Z 62 PC: 12c91 | Close file (See above)
2018-12-25T12:27:35.131216367Z 67 PC: 12ca1 | Get or set file attributes (See above)
2018-12-25T12:27:35.143396616Z 79 PC: 12ca5 | Find next file (See above)
2018-12-25T12:27:35.14771476Z 67 PC: 12b8a | Get or set file attributes (See above)
2018-12-25T12:27:35.158852134Z 61 PC: 12b9a | Open file (See above)
2018-12-25T12:27:35.166505201Z 63 PC: 12bba | Read file or device (See above)
2018-12-25T12:27:35.174591248Z 66 PC: 12bd9 | Move file pointer (See above)
2018-12-25T12:27:35.17659157Z 64 PC: 12bf7 | Write file or device (See above)
2018-12-25T12:27:35.179962947Z 66 PC: 12c74 | Move file pointer (See above)
2018-12-25T12:27:35.181774983Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T12:27:35.190735542Z 87 PC: 12c8d | Get or set file date and time (See above)
2018-12-25T12:27:35.192286423Z 62 PC: 12c91 | Close file (See above)
2018-12-25T12:27:35.200611379Z 67 PC: 12ca1 | Get or set file attributes (See above)
2018-12-25T12:27:35.211995652Z 79 PC: 12ca5 | Find next file (See above)
2018-12-25T12:27:35.214691226Z 67 PC: 12b8a | Get or set file attributes (See above)
2018-12-25T12:27:35.225157557Z 61 PC: 12b9a | Open file (See above)
2018-12-25T12:27:35.233011804Z 63 PC: 12bba | Read file or device (See above)
2018-12-25T12:27:35.236358022Z 66 PC: 12bd9 | Move file pointer (See above)
2018-12-25T12:27:35.238308142Z 64 PC: 12bf7 | Write file or device (See above)
2018-12-25T12:27:35.242452886Z 66 PC: 12c74 | Move file pointer (See above)
2018-12-25T12:27:35.244080839Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T12:27:35.253639134Z 87 PC: 12c8d | Get or set file date and time (See above)
2018-12-25T12:27:35.256179116Z 62 PC: 12c91 | Close file (See above)
2018-12-25T12:27:35.265458265Z 67 PC: 12ca1 | Get or set file attributes (See above)
2018-12-25T12:27:35.277608791Z 79 PC: 12ca5 | Find next file (See above)
2018-12-25T12:27:35.280715742Z 44 PC: 12cae | Get time 0x12cae: cmp ch, 0x12
0x12cb1: jne 0x12cc5
0x12cb3: cmp cl, 0xf
0x12cb6: jg 0x12cc5
0x12cb8: mov dx, word ptr [bp]
0x12cbb: sub dx, 0xaf
0x12cbf: mov ah, 9
0x12cc1: int 0x21
0x12cc3: jmp 0x12cc3
0x12cc5: mov dx, 0x80
0x12cc8: mov ah, 0x1a
0x12cca: int 0x21
0x12ccc: mov ax, 0x100
0x12ccf: push ax
0x12cd0: ret
0x12cd1: pop es
2018-12-25T12:27:35.283087049Z 9 PC: 12cc3 | Display string (String= '���⨬ ���������� ������ ��⠩᪮�� 堪��, 㡨⮣� ����묨 ����㭨�⠬�.')