Sample viewer

vx.netlux.org/Virus.DOS.Spanska.1120.a

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:59:01.730332697Z 71 PC: 1561c | Get current directory
2018-12-17T22:59:01.734571784Z 26 PC: 1562d | Set disk transfer address
2018-12-17T22:59:01.735844325Z 78 PC: 15639 | Find first file
2018-12-17T22:59:01.74190704Z 67 PC: 1567d | Get or set file attributes
2018-12-17T22:59:01.761737612Z 61 PC: 15686 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:59:01.770435018Z 63 PC: 1569c | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:59:01.778715901Z 66 PC: 156e5 | Move file pointer
2018-12-17T22:59:01.780612716Z 44 PC: 156e9 | Get time 0x156e9: mov byte ptr [bp + 0x130], dl
0x156ed: mov byte ptr [bp + 0x136], dh
0x156f1: mov byte ptr [bp + 0x13d], cl
0x156f5: mov byte ptr [bp + 0x142], ch
0x156f9: xor cx, 0x16
0x156fc: xor dx, 0x5a
0x156ff: mov byte ptr [bp + 0x146], dl
0x15703: mov byte ptr [bp + 0x14a], dh
0x15707: mov byte ptr [bp + 0x158], cl
0x1570b: mov byte ptr [bp + 0x15c], ch
0x1570f: xor cx, 0xf2
0x15713: xor dx, 0xa8
0x15717: mov byte ptr [bp + 0x11a], dl
0x1571b: mov byte ptr [bp + 0x11e], dh
0x1571f: mov byte ptr [bp + 0x122], cl
0x15723: mov byte ptr [bp + 0x129], ch
0x15727: mov byte ptr [bp + 0x114], dl
0x1572b: push ax
0x1572c: push bp
0x1572d: mov bp, sp
2018-12-17T22:59:01.783954487Z 64 PC: 1573f | Write file or device (Write 80 bytes on handle 5)
2018-12-17T22:59:01.786965005Z 64 PC: 15774 | Write file or device (Write 1034 bytes on handle 5)
2018-12-17T22:59:01.794603672Z 66 PC: 15783 | Move file pointer
2018-12-17T22:59:01.796691897Z 64 PC: 15797 | Write file or device (Write 6 bytes on handle 5)
2018-12-17T22:59:01.799483103Z 66 PC: 157a0 | Move file pointer
2018-12-17T22:59:01.801144686Z 64 PC: 157ca | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:59:01.807405293Z 87 PC: 157df | Get or set file date and time
2018-12-17T22:59:01.809513836Z 62 PC: 157e3 | Close file
2018-12-17T22:59:01.818319064Z 67 PC: 157fa | Get or set file attributes
2018-12-17T22:59:01.830753685Z 79 PC: 1564a | Find next file
2018-12-17T22:59:01.833841789Z 67 PC: 1567d | Get or set file attributes
2018-12-17T22:59:01.844888972Z 61 PC: 15686 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:59:01.853232863Z 63 PC: 1569c | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:59:01.860740123Z 62 PC: 156c2 | Close file
2018-12-17T22:59:01.863208041Z 67 PC: 156d9 | Get or set file attributes
2018-12-17T22:59:01.876131521Z 79 PC: 1564a | Find next file
2018-12-17T22:59:01.879378524Z 67 PC: 1567d | Get or set file attributes
2018-12-17T22:59:01.890432189Z 61 PC: 15686 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:59:01.899179759Z 63 PC: 1569c | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:59:01.906812364Z 62 PC: 156c2 | Close file
2018-12-17T22:59:01.909331489Z 67 PC: 156d9 | Get or set file attributes
2018-12-17T22:59:01.924483237Z 79 PC: 1564a | Find next file
2018-12-17T22:59:01.927686798Z 67 PC: 1567d | Get or set file attributes
2018-12-17T22:59:01.939018154Z 61 PC: 15686 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:59:01.946653004Z 63 PC: 1569c | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:59:01.954241165Z 62 PC: 156c2 | Close file
2018-12-17T22:59:01.956573299Z 67 PC: 156d9 | Get or set file attributes
2018-12-17T22:59:01.967665807Z 79 PC: 1564a | Find next file
2018-12-17T22:59:01.972036361Z 67 PC: 1567d | Get or set file attributes
2018-12-17T22:59:01.983133678Z 61 PC: 15686 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:59:01.990425202Z 63 PC: 1569c | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:59:01.999296876Z 62 PC: 156c2 | Close file
2018-12-17T22:59:02.001973297Z 67 PC: 156d9 | Get or set file attributes
2018-12-17T22:59:02.013790306Z 79 PC: 1564a | Find next file
2018-12-17T22:59:02.018295373Z 67 PC: 1567d | Get or set file attributes
2018-12-17T22:59:02.029320915Z 61 PC: 15686 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:59:02.036574608Z 63 PC: 1569c | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:59:02.044537544Z 66 PC: 156e5 | Move file pointer
2018-12-17T22:59:02.046165774Z 44 PC: 156e9 | Get time 0x156e9: mov byte ptr [bp + 0x130], dl
0x156ed: mov byte ptr [bp + 0x136], dh
0x156f1: mov byte ptr [bp + 0x13d], cl
0x156f5: mov byte ptr [bp + 0x142], ch
0x156f9: xor cx, 0x16
0x156fc: xor dx, 0x5a
0x156ff: mov byte ptr [bp + 0x146], dl
0x15703: mov byte ptr [bp + 0x14a], dh
0x15707: mov byte ptr [bp + 0x158], cl
0x1570b: mov byte ptr [bp + 0x15c], ch
0x1570f: xor cx, 0xf2
0x15713: xor dx, 0xa8
0x15717: mov byte ptr [bp + 0x11a], dl
0x1571b: mov byte ptr [bp + 0x11e], dh
0x1571f: mov byte ptr [bp + 0x122], cl
0x15723: mov byte ptr [bp + 0x129], ch
0x15727: mov byte ptr [bp + 0x114], dl
0x1572b: push ax
0x1572c: push bp
0x1572d: mov bp, sp
2018-12-17T22:59:02.048596513Z 64 PC: 1573f | Write file or device (Write 80 bytes on handle 5)
2018-12-17T22:59:02.057500377Z 64 PC: 15774 | Write file or device (Write 1034 bytes on handle 5)
2018-12-17T22:59:02.067867663Z 66 PC: 15783 | Move file pointer
2018-12-17T22:59:02.069698544Z 64 PC: 15797 | Write file or device (Write 6 bytes on handle 5)
2018-12-17T22:59:02.073244899Z 66 PC: 157a0 | Move file pointer
2018-12-17T22:59:02.076309349Z 64 PC: 157ca | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:59:02.084181934Z 87 PC: 157df | Get or set file date and time
2018-12-17T22:59:02.086033965Z 62 PC: 157e3 | Close file
2018-12-17T22:59:02.095115554Z 67 PC: 157fa | Get or set file attributes
2018-12-17T22:59:02.105725235Z 79 PC: 1564a | Find next file
2018-12-17T22:59:02.108557939Z 67 PC: 1567d | Get or set file attributes
2018-12-17T22:59:02.119906167Z 61 PC: 15686 | Open file (Filename = 'PAH.COM')
2018-12-17T22:59:02.127256972Z 63 PC: 1569c | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:59:02.134978645Z 62 PC: 156c2 | Close file
2018-12-17T22:59:02.138058353Z 67 PC: 156d9 | Get or set file attributes
2018-12-17T22:59:02.149309389Z 79 PC: 1564a | Find next file
2018-12-17T22:59:02.152550691Z 67 PC: 1567d | Get or set file attributes
2018-12-17T22:59:02.163564531Z 61 PC: 15686 | Open file (Filename = 'TEST.COM')
2018-12-17T22:59:02.171971632Z 63 PC: 1569c | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:59:02.175108578Z 62 PC: 156c2 | Close file
2018-12-17T22:59:02.17734936Z 67 PC: 156d9 | Get or set file attributes
2018-12-17T22:59:02.18932685Z 79 PC: 1564a | Find next file
2018-12-17T22:59:02.192101685Z 59 PC: 15814 | Change current directory
2018-12-17T22:59:02.202093635Z 78 PC: 15824 | Find first file
2018-12-17T22:59:02.212800779Z 59 PC: 1585a | Change current directory
2018-12-17T22:59:02.219091982Z 78 PC: 15639 | Find first file
2018-12-17T22:59:02.225636373Z 67 PC: 1567d | Get or set file attributes
2018-12-17T22:59:02.238942411Z 61 PC: 15686 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:59:02.251500253Z 63 PC: 1569c | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:59:02.259454452Z 62 PC: 156c2 | Close file
2018-12-17T22:59:02.26195393Z 67 PC: 156d9 | Get or set file attributes
2018-12-17T22:59:02.274236155Z 79 PC: 1564a | Find next file
2018-12-17T22:59:02.27733564Z 67 PC: 1567d | Get or set file attributes
2018-12-17T22:59:02.287939158Z 61 PC: 15686 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:59:02.296545103Z 63 PC: 1569c | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:59:02.304191514Z 62 PC: 156c2 | Close file
2018-12-17T22:59:02.306497268Z 67 PC: 156d9 | Get or set file attributes
2018-12-17T22:59:02.318774121Z 79 PC: 1564a | Find next file
2018-12-17T22:59:02.321922058Z 67 PC: 1567d | Get or set file attributes
2018-12-17T22:59:02.333018854Z 61 PC: 15686 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:59:02.342156218Z 63 PC: 1569c | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:59:02.350033423Z 62 PC: 156c2 | Close file
2018-12-17T22:59:02.352083976Z 67 PC: 156d9 | Get or set file attributes
2018-12-17T22:59:02.36415852Z 79 PC: 1564a | Find next file
2018-12-17T22:59:02.367901224Z 67 PC: 1567d | Get or set file attributes
2018-12-17T22:59:02.379156509Z 61 PC: 15686 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:59:02.386375597Z 63 PC: 1569c | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:59:02.395009012Z 62 PC: 156c2 | Close file
2018-12-17T22:59:02.397171076Z 67 PC: 156d9 | Get or set file attributes
2018-12-17T22:59:02.408028121Z 79 PC: 1564a | Find next file
2018-12-17T22:59:02.411750628Z 67 PC: 1567d | Get or set file attributes
2018-12-17T22:59:02.422121299Z 61 PC: 15686 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:59:02.429117368Z 63 PC: 1569c | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:59:02.437871781Z 62 PC: 156c2 | Close file
2018-12-17T22:59:02.440455668Z 67 PC: 156d9 | Get or set file attributes
2018-12-17T22:59:02.451728285Z 79 PC: 1564a | Find next file
2018-12-17T22:59:02.456103908Z 67 PC: 1567d | Get or set file attributes
2018-12-17T22:59:02.467787467Z 61 PC: 15686 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:59:02.475284457Z 63 PC: 1569c | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:59:02.483057296Z 62 PC: 156c2 | Close file
2018-12-17T22:59:02.485148186Z 67 PC: 156d9 | Get or set file attributes
2018-12-17T22:59:02.497191641Z 79 PC: 1564a | Find next file
2018-12-17T22:59:02.500279264Z 67 PC: 1567d | Get or set file attributes
2018-12-17T22:59:02.511764681Z 61 PC: 15686 | Open file (Filename = 'PAH.COM')
2018-12-17T22:59:02.518987516Z 63 PC: 1569c | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:59:02.526650537Z 62 PC: 156c2 | Close file
2018-12-17T22:59:02.529968624Z 67 PC: 156d9 | Get or set file attributes
2018-12-17T22:59:02.54099103Z 79 PC: 1564a | Find next file
2018-12-17T22:59:02.544240688Z 67 PC: 1567d | Get or set file attributes
2018-12-17T22:59:02.555669017Z 61 PC: 15686 | Open file (Filename = 'TEST.COM')
2018-12-17T22:59:02.563280061Z 63 PC: 1569c | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:59:02.570964003Z 62 PC: 156c2 | Close file
2018-12-17T22:59:02.57402162Z 67 PC: 156d9 | Get or set file attributes
2018-12-17T22:59:02.586422698Z 79 PC: 1564a | Find next file
2018-12-17T22:59:02.590458944Z 59 PC: 15814 | Change current directory
2018-12-17T22:59:02.594987614Z 78 PC: 15824 | Find first file
2018-12-17T22:59:02.604545929Z 79 PC: 1583e | Find next file
2018-12-17T22:59:02.607352274Z 79 PC: 1583e | Find next file
2018-12-17T22:59:02.610217258Z 79 PC: 1583e | Find next file
2018-12-17T22:59:02.614114293Z 79 PC: 1583e | Find next file
2018-12-17T22:59:02.617234006Z 79 PC: 1583e | Find next file
2018-12-17T22:59:02.620391501Z 79 PC: 1583e | Find next file
2018-12-17T22:59:02.623970427Z 79 PC: 1583e | Find next file
2018-12-17T22:59:02.627292741Z 79 PC: 1583e | Find next file
2018-12-17T22:59:02.630083306Z 79 PC: 1583e | Find next file
2018-12-17T22:59:02.633600005Z 26 PC: 1586d | Set disk transfer address
2018-12-17T22:59:02.634872677Z 59 PC: 15875 | Change current directory
2018-12-17T22:59:02.644815344Z 59 PC: 15880 | Change current directory
2018-12-17T22:59:02.650748335Z 44 PC: 15894 | Get time 0x15894: cmp cl, 0x16
0x15897: jne 0x1589e
0x15899: cmp dh, 0x1e
0x1589c: jb 0x1589f
0x1589e: ret
0x1589f: mov ax, 0x13
0x158a2: int 0x10
0x158a4: mov dx, 0x3c8
0x158a7: xor al, al
0x158a9: out dx, al
0x158aa: inc dx
0x158ab: xor cx, cx
0x158ad: mov al, cl
0x158af: out dx, al
0x158b0: xor al, al
0x158b2: out dx, al
0x158b3: out dx, al
0x158b4: inc cx
0x158b5: cmp cx, 0x3f
0x158b8: jne 0x158ad
2018-12-17T22:59:02.653467065Z 44 PC: 12a42 | Get time 0x12a42: jmp 0x125e6
0x12a45: sub dx, word ptr [bx + si - 0x6f70]
0x12a49: nop
0x12a4a: nop
0x12a4b: nop
0x12a4c: nop
0x12a4d: nop
0x12a4e: nop
0x12a4f: nop
0x12a50: nop
0x12a51: nop
0x12a52: nop
0x12a53: nop
0x12a54: nop
0x12a55: nop
0x12a56: nop
0x12a57: nop
0x12a58: nop
0x12a59: nop
0x12a5a: nop

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":13073,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:37:19.980024164Z 71 PC: 1561c | Get current directory
2018-12-25T12:37:19.984145995Z 26 PC: 1562d | Set disk transfer address
2018-12-25T12:37:19.985556048Z 78 PC: 15639 | Find first file
2018-12-25T12:37:19.99256874Z 67 PC: 1567d | Get or set file attributes
2018-12-25T12:37:20.010953363Z 61 PC: 15686 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:37:20.019051994Z 63 PC: 1569c | Read file or device (Read 5 bytes on handle 5)
2018-12-25T12:37:20.035831266Z 66 PC: 156e5 | Move file pointer
2018-12-25T12:37:20.043701697Z 44 PC: 156e9 | Get time 0x156e9: mov byte ptr [bp + 0x130], dl
0x156ed: mov byte ptr [bp + 0x136], dh
0x156f1: mov byte ptr [bp + 0x13d], cl
0x156f5: mov byte ptr [bp + 0x142], ch
0x156f9: xor cx, 0x16
0x156fc: xor dx, 0x5a
0x156ff: mov byte ptr [bp + 0x146], dl
0x15703: mov byte ptr [bp + 0x14a], dh
0x15707: mov byte ptr [bp + 0x158], cl
0x1570b: mov byte ptr [bp + 0x15c], ch
0x1570f: xor cx, 0xf2
0x15713: xor dx, 0xa8
0x15717: mov byte ptr [bp + 0x11a], dl
0x1571b: mov byte ptr [bp + 0x11e], dh
0x1571f: mov byte ptr [bp + 0x122], cl
0x15723: mov byte ptr [bp + 0x129], ch
0x15727: mov byte ptr [bp + 0x114], dl
0x1572b: push ax
0x1572c: push bp
0x1572d: mov bp, sp
2018-12-25T12:37:20.046367249Z 64 PC: 1573f | Write file or device (Write 80 bytes on handle 5)
2018-12-25T12:37:20.049705411Z 64 PC: 15774 | Write file or device (Write 1034 bytes on handle 5)
2018-12-25T12:37:20.05954217Z 66 PC: 15783 | Move file pointer
2018-12-25T12:37:20.061320121Z 64 PC: 15797 | Write file or device (Write 6 bytes on handle 5)
2018-12-25T12:37:20.064407316Z 66 PC: 157a0 | Move file pointer
2018-12-25T12:37:20.066069615Z 64 PC: 157ca | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:37:20.07570592Z 87 PC: 157df | Get or set file date and time
2018-12-25T12:37:20.077632943Z 62 PC: 157e3 | Close file
2018-12-25T12:37:20.086971814Z 67 PC: 157fa | Get or set file attributes
2018-12-25T12:37:20.099821609Z 79 PC: 1564a | Find next file
2018-12-25T12:37:20.103442409Z 67 PC: 1567d | Get or set file attributes (See above)
2018-12-25T12:37:20.114709446Z 61 PC: 15686 | Open file (See above)
2018-12-25T12:37:20.123184223Z 63 PC: 1569c | Read file or device (See above)
2018-12-25T12:37:20.130535805Z 62 PC: 156c2 | Close file
2018-12-25T12:37:20.132855519Z 67 PC: 156d9 | Get or set file attributes
2018-12-25T12:37:20.14438673Z 79 PC: 1564a | Find next file (See above)
2018-12-25T12:37:20.148690016Z 67 PC: 1567d | Get or set file attributes (See above)
2018-12-25T12:37:20.160893205Z 61 PC: 15686 | Open file (See above)
2018-12-25T12:37:20.170154975Z 63 PC: 1569c | Read file or device (See above)
2018-12-25T12:37:20.177485009Z 62 PC: 156c2 | Close file (See above)
2018-12-25T12:37:20.180021013Z 67 PC: 156d9 | Get or set file attributes (See above)
2018-12-25T12:37:20.262743811Z 79 PC: 1564a | Find next file (See above)
2018-12-25T12:37:20.267997513Z 67 PC: 1567d | Get or set file attributes (See above)
2018-12-25T12:37:20.436936129Z 61 PC: 15686 | Open file (See above)
2018-12-25T12:37:20.445001104Z 63 PC: 1569c | Read file or device (See above)
2018-12-25T12:37:20.454248266Z 62 PC: 156c2 | Close file (See above)
2018-12-25T12:37:20.456616256Z 67 PC: 156d9 | Get or set file attributes (See above)
2018-12-25T12:37:20.488859206Z 79 PC: 1564a | Find next file (See above)
2018-12-25T12:37:20.492772359Z 67 PC: 1567d | Get or set file attributes (See above)
2018-12-25T12:37:20.509623601Z 61 PC: 15686 | Open file (See above)
2018-12-25T12:37:20.517403912Z 63 PC: 1569c | Read file or device (See above)
2018-12-25T12:37:20.523379415Z 62 PC: 156c2 | Close file (See above)
2018-12-25T12:37:20.52520144Z 67 PC: 156d9 | Get or set file attributes (See above)
2018-12-25T12:37:20.53199947Z 79 PC: 1564a | Find next file (See above)
2018-12-25T12:37:20.534714573Z 67 PC: 1567d | Get or set file attributes (See above)
2018-12-25T12:37:20.541268605Z 61 PC: 15686 | Open file (See above)
2018-12-25T12:37:20.545710719Z 63 PC: 1569c | Read file or device (See above)
2018-12-25T12:37:20.55057266Z 66 PC: 156e5 | Move file pointer (See above)
2018-12-25T12:37:20.552317002Z 44 PC: 156e9 | Get time (See above)
2018-12-25T12:37:20.554082741Z 64 PC: 1573f | Write file or device (See above)
2018-12-25T12:37:20.562261318Z 64 PC: 15774 | Write file or device (See above)
2018-12-25T12:37:20.573003876Z 66 PC: 15783 | Move file pointer (See above)
2018-12-25T12:37:20.575088638Z 64 PC: 15797 | Write file or device (See above)
2018-12-25T12:37:20.578588256Z 66 PC: 157a0 | Move file pointer (See above)
2018-12-25T12:37:20.581737103Z 64 PC: 157ca | Write file or device (See above)
2018-12-25T12:37:20.58967595Z 87 PC: 157df | Get or set file date and time (See above)
2018-12-25T12:37:20.591891058Z 62 PC: 157e3 | Close file (See above)
2018-12-25T12:37:20.602351907Z 67 PC: 157fa | Get or set file attributes (See above)
2018-12-25T12:37:20.613433724Z 79 PC: 1564a | Find next file (See above)
2018-12-25T12:37:20.617170623Z 67 PC: 1567d | Get or set file attributes (See above)
2018-12-25T12:37:20.629293901Z 61 PC: 15686 | Open file (See above)
2018-12-25T12:37:20.63759675Z 63 PC: 1569c | Read file or device (See above)
2018-12-25T12:37:20.644985829Z 62 PC: 156c2 | Close file (See above)
2018-12-25T12:37:20.647617708Z 67 PC: 156d9 | Get or set file attributes (See above)
2018-12-25T12:37:20.659105443Z 79 PC: 1564a | Find next file (See above)
2018-12-25T12:37:20.663427563Z 67 PC: 1567d | Get or set file attributes (See above)
2018-12-25T12:37:20.67496296Z 61 PC: 15686 | Open file (See above)
2018-12-25T12:37:20.683039724Z 63 PC: 1569c | Read file or device (See above)
2018-12-25T12:37:20.686473494Z 62 PC: 156c2 | Close file (See above)
2018-12-25T12:37:20.688995113Z 67 PC: 156d9 | Get or set file attributes (See above)
2018-12-25T12:37:20.701393204Z 79 PC: 1564a | Find next file (See above)
2018-12-25T12:37:20.704602358Z 59 PC: 15814 | Change current directory
2018-12-25T12:37:20.709723236Z 78 PC: 15824 | Find first file
2018-12-25T12:37:20.717260086Z 59 PC: 1585a | Change current directory
2018-12-25T12:37:20.730151111Z 78 PC: 15639 | Find first file (See above)
2018-12-25T12:37:20.737763966Z 67 PC: 1567d | Get or set file attributes (See above)
2018-12-25T12:37:20.750632044Z 61 PC: 15686 | Open file (See above)
2018-12-25T12:37:20.758701427Z 63 PC: 1569c | Read file or device (See above)
2018-12-25T12:37:20.766810058Z 62 PC: 156c2 | Close file (See above)
2018-12-25T12:37:20.76991903Z 67 PC: 156d9 | Get or set file attributes (See above)
2018-12-25T12:37:20.781525888Z 79 PC: 1564a | Find next file (See above)
2018-12-25T12:37:20.785031643Z 67 PC: 1567d | Get or set file attributes (See above)
2018-12-25T12:37:20.799793838Z 61 PC: 15686 | Open file (See above)
2018-12-25T12:37:20.807798259Z 63 PC: 1569c | Read file or device (See above)
2018-12-25T12:37:20.815376575Z 62 PC: 156c2 | Close file (See above)
2018-12-25T12:37:20.817862453Z 67 PC: 156d9 | Get or set file attributes (See above)
2018-12-25T12:37:20.831759734Z 79 PC: 1564a | Find next file (See above)
2018-12-25T12:37:20.835067151Z 67 PC: 1567d | Get or set file attributes (See above)
2018-12-25T12:37:20.846243827Z 61 PC: 15686 | Open file (See above)
2018-12-25T12:37:20.856255543Z 63 PC: 1569c | Read file or device (See above)
2018-12-25T12:37:20.863977492Z 62 PC: 156c2 | Close file (See above)
2018-12-25T12:37:20.866392096Z 67 PC: 156d9 | Get or set file attributes (See above)
2018-12-25T12:37:20.878727066Z 79 PC: 1564a | Find next file (See above)
2018-12-25T12:37:20.882545673Z 67 PC: 1567d | Get or set file attributes (See above)
2018-12-25T12:37:20.893786685Z 61 PC: 15686 | Open file (See above)
2018-12-25T12:37:20.902752542Z 63 PC: 1569c | Read file or device (See above)
2018-12-25T12:37:20.910770058Z 62 PC: 156c2 | Close file (See above)
2018-12-25T12:37:20.913252919Z 67 PC: 156d9 | Get or set file attributes (See above)
2018-12-25T12:37:20.925231037Z 79 PC: 1564a | Find next file (See above)
2018-12-25T12:37:20.929328777Z 67 PC: 1567d | Get or set file attributes (See above)
2018-12-25T12:37:20.945257806Z 61 PC: 15686 | Open file (See above)
2018-12-25T12:37:20.953124539Z 63 PC: 1569c | Read file or device (See above)
2018-12-25T12:37:20.961676721Z 62 PC: 156c2 | Close file (See above)
2018-12-25T12:37:20.964095975Z 67 PC: 156d9 | Get or set file attributes (See above)
2018-12-25T12:37:20.975457867Z 79 PC: 1564a | Find next file (See above)
2018-12-25T12:37:20.980509581Z 67 PC: 1567d | Get or set file attributes (See above)
2018-12-25T12:37:20.992000285Z 61 PC: 15686 | Open file (See above)
2018-12-25T12:37:20.999801514Z 63 PC: 1569c | Read file or device (See above)
2018-12-25T12:37:21.008046347Z 62 PC: 156c2 | Close file (See above)
2018-12-25T12:37:21.010773315Z 67 PC: 156d9 | Get or set file attributes (See above)
2018-12-25T12:37:21.022097258Z 79 PC: 1564a | Find next file (See above)
2018-12-25T12:37:21.025460045Z 67 PC: 1567d | Get or set file attributes (See above)
2018-12-25T12:37:21.046030489Z 61 PC: 15686 | Open file (See above)
2018-12-25T12:37:21.054544625Z 63 PC: 1569c | Read file or device (See above)
2018-12-25T12:37:21.062078516Z 62 PC: 156c2 | Close file (See above)
2018-12-25T12:37:21.065497066Z 67 PC: 156d9 | Get or set file attributes (See above)
2018-12-25T12:37:21.076906447Z 79 PC: 1564a | Find next file (See above)
2018-12-25T12:37:21.080282782Z 67 PC: 1567d | Get or set file attributes (See above)
2018-12-25T12:37:21.09226827Z 61 PC: 15686 | Open file (See above)
2018-12-25T12:37:21.10050244Z 63 PC: 1569c | Read file or device (See above)
2018-12-25T12:37:21.108018283Z 62 PC: 156c2 | Close file (See above)
2018-12-25T12:37:21.111146518Z 67 PC: 156d9 | Get or set file attributes (See above)
2018-12-25T12:37:21.123388422Z 79 PC: 1564a | Find next file (See above)
2018-12-25T12:37:21.126434435Z 59 PC: 15814 | Change current directory (See above)
2018-12-25T12:37:21.131409896Z 78 PC: 15824 | Find first file (See above)
2018-12-25T12:37:21.139079489Z 79 PC: 1583e | Find next file
2018-12-25T12:37:21.142358445Z 79 PC: 1583e | Find next file (See above)
2018-12-25T12:37:21.145649149Z 79 PC: 1583e | Find next file (See above)
2018-12-25T12:37:21.149924933Z 79 PC: 1583e | Find next file (See above)
2018-12-25T12:37:21.153218311Z 79 PC: 1583e | Find next file (See above)
2018-12-25T12:37:21.156533198Z 79 PC: 1583e | Find next file (See above)
2018-12-25T12:37:21.160609824Z 79 PC: 1583e | Find next file (See above)
2018-12-25T12:37:21.164229005Z 79 PC: 1583e | Find next file (See above)
2018-12-25T12:37:21.167466934Z 79 PC: 1583e | Find next file (See above)
2018-12-25T12:37:21.171238813Z 26 PC: 1586d | Set disk transfer address
2018-12-25T12:37:21.172984139Z 59 PC: 15875 | Change current directory
2018-12-25T12:37:21.17790119Z 59 PC: 15880 | Change current directory
2018-12-25T12:37:21.180891031Z 44 PC: 15894 | Get time 0x15894: cmp cl, 0x16
0x15897: jne 0x1589e
0x15899: cmp dh, 0x1e
0x1589c: jb 0x1589f
0x1589e: ret
0x1589f: mov ax, 0x13
0x158a2: int 0x10
0x158a4: mov dx, 0x3c8
0x158a7: xor al, al
0x158a9: out dx, al
0x158aa: inc dx
0x158ab: xor cx, cx
0x158ad: mov al, cl
0x158af: out dx, al
0x158b0: xor al, al
0x158b2: out dx, al
0x158b3: out dx, al
0x158b4: inc cx
0x158b5: cmp cx, 0x3f
0x158b8: jne 0x158ad
2018-12-25T12:37:21.18372312Z 44 PC: 12a42 | Get time 0x12a42: jmp 0x125e6
0x12a45: sub dx, word ptr [bx + si - 0x6f70]
0x12a49: nop
0x12a4a: nop
0x12a4b: nop
0x12a4c: nop
0x12a4d: nop
0x12a4e: nop
0x12a4f: nop
0x12a50: nop
0x12a51: nop
0x12a52: nop
0x12a53: nop
0x12a54: nop
0x12a55: nop
0x12a56: nop
0x12a57: nop
0x12a58: nop
0x12a59: nop
0x12a5a: nop

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":22,"Second":0,"TimeBased":true,"OriginalID":13073,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:37:23.679222852Z 71 PC: 1561c | Get current directory
2018-12-25T12:37:23.682866364Z 26 PC: 1562d | Set disk transfer address
2018-12-25T12:37:23.684012741Z 78 PC: 15639 | Find first file
2018-12-25T12:37:23.690599149Z 67 PC: 1567d | Get or set file attributes
2018-12-25T12:37:23.710728621Z 61 PC: 15686 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:37:23.718236185Z 63 PC: 1569c | Read file or device (Read 5 bytes on handle 5)
2018-12-25T12:37:23.72525639Z 66 PC: 156e5 | Move file pointer
2018-12-25T12:37:23.726639528Z 44 PC: 156e9 | Get time 0x156e9: mov byte ptr [bp + 0x130], dl
0x156ed: mov byte ptr [bp + 0x136], dh
0x156f1: mov byte ptr [bp + 0x13d], cl
0x156f5: mov byte ptr [bp + 0x142], ch
0x156f9: xor cx, 0x16
0x156fc: xor dx, 0x5a
0x156ff: mov byte ptr [bp + 0x146], dl
0x15703: mov byte ptr [bp + 0x14a], dh
0x15707: mov byte ptr [bp + 0x158], cl
0x1570b: mov byte ptr [bp + 0x15c], ch
0x1570f: xor cx, 0xf2
0x15713: xor dx, 0xa8
0x15717: mov byte ptr [bp + 0x11a], dl
0x1571b: mov byte ptr [bp + 0x11e], dh
0x1571f: mov byte ptr [bp + 0x122], cl
0x15723: mov byte ptr [bp + 0x129], ch
0x15727: mov byte ptr [bp + 0x114], dl
0x1572b: push ax
0x1572c: push bp
0x1572d: mov bp, sp
2018-12-25T12:37:23.729380025Z 64 PC: 1573f | Write file or device (Write 80 bytes on handle 5)
2018-12-25T12:37:23.732331965Z 64 PC: 15774 | Write file or device (Write 1034 bytes on handle 5)
2018-12-25T12:37:23.741601185Z 66 PC: 15783 | Move file pointer
2018-12-25T12:37:23.74340094Z 64 PC: 15797 | Write file or device (Write 6 bytes on handle 5)
2018-12-25T12:37:23.746287948Z 66 PC: 157a0 | Move file pointer
2018-12-25T12:37:23.747820448Z 64 PC: 157ca | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:37:23.755428139Z 87 PC: 157df | Get or set file date and time
2018-12-25T12:37:23.756997327Z 62 PC: 157e3 | Close file
2018-12-25T12:37:23.765977407Z 67 PC: 157fa | Get or set file attributes
2018-12-25T12:37:23.777188253Z 79 PC: 1564a | Find next file
2018-12-25T12:37:23.780041535Z 67 PC: 1567d | Get or set file attributes (See above)
2018-12-25T12:37:23.786525947Z 61 PC: 15686 | Open file (See above)
2018-12-25T12:37:23.794032379Z 63 PC: 1569c | Read file or device (See above)
2018-12-25T12:37:23.800742501Z 62 PC: 156c2 | Close file
2018-12-25T12:37:23.802641179Z 67 PC: 156d9 | Get or set file attributes
2018-12-25T12:37:23.814028375Z 79 PC: 1564a | Find next file (See above)
2018-12-25T12:37:23.816842483Z 67 PC: 1567d | Get or set file attributes (See above)
2018-12-25T12:37:23.830158906Z 61 PC: 15686 | Open file (See above)
2018-12-25T12:37:23.837205353Z 63 PC: 1569c | Read file or device (See above)
2018-12-25T12:37:23.843453785Z 62 PC: 156c2 | Close file (See above)
2018-12-25T12:37:23.845086155Z 67 PC: 156d9 | Get or set file attributes (See above)
2018-12-25T12:37:23.853982493Z 79 PC: 1564a | Find next file (See above)
2018-12-25T12:37:23.856587442Z 67 PC: 1567d | Get or set file attributes (See above)
2018-12-25T12:37:23.865175912Z 61 PC: 15686 | Open file (See above)
2018-12-25T12:37:23.870985802Z 63 PC: 1569c | Read file or device (See above)
2018-12-25T12:37:23.87761596Z 62 PC: 156c2 | Close file (See above)
2018-12-25T12:37:23.879671064Z 67 PC: 156d9 | Get or set file attributes (See above)
2018-12-25T12:37:23.89409207Z 79 PC: 1564a | Find next file (See above)
2018-12-25T12:37:23.89748693Z 67 PC: 1567d | Get or set file attributes (See above)
2018-12-25T12:37:23.908597145Z 61 PC: 15686 | Open file (See above)
2018-12-25T12:37:23.915900234Z 63 PC: 1569c | Read file or device (See above)
2018-12-25T12:37:23.923581487Z 62 PC: 156c2 | Close file (See above)
2018-12-25T12:37:23.925508631Z 67 PC: 156d9 | Get or set file attributes (See above)
2018-12-25T12:37:23.93679853Z 79 PC: 1564a | Find next file (See above)
2018-12-25T12:37:23.9401578Z 67 PC: 1567d | Get or set file attributes (See above)
2018-12-25T12:37:23.950751353Z 61 PC: 15686 | Open file (See above)
2018-12-25T12:37:23.955092138Z 63 PC: 1569c | Read file or device (See above)
2018-12-25T12:37:23.960061582Z 66 PC: 156e5 | Move file pointer (See above)
2018-12-25T12:37:23.961211207Z 44 PC: 156e9 | Get time (See above)
2018-12-25T12:37:23.962767346Z 64 PC: 1573f | Write file or device (See above)
2018-12-25T12:37:23.968206963Z 64 PC: 15774 | Write file or device (See above)
2018-12-25T12:37:23.976149732Z 66 PC: 15783 | Move file pointer (See above)
2018-12-25T12:37:23.977340567Z 64 PC: 15797 | Write file or device (See above)
2018-12-25T12:37:23.979255779Z 66 PC: 157a0 | Move file pointer (See above)
2018-12-25T12:37:23.98089402Z 64 PC: 157ca | Write file or device (See above)
2018-12-25T12:37:23.98528755Z 87 PC: 157df | Get or set file date and time (See above)
2018-12-25T12:37:23.986530234Z 62 PC: 157e3 | Close file (See above)
2018-12-25T12:37:23.992500297Z 67 PC: 157fa | Get or set file attributes (See above)
2018-12-25T12:37:24.003282874Z 79 PC: 1564a | Find next file (See above)
2018-12-25T12:37:24.006087951Z 67 PC: 1567d | Get or set file attributes (See above)
2018-12-25T12:37:24.017742884Z 61 PC: 15686 | Open file (See above)
2018-12-25T12:37:24.02502768Z 63 PC: 1569c | Read file or device (See above)
2018-12-25T12:37:24.03213714Z 62 PC: 156c2 | Close file (See above)
2018-12-25T12:37:24.034525911Z 67 PC: 156d9 | Get or set file attributes (See above)
2018-12-25T12:37:24.041258067Z 79 PC: 1564a | Find next file (See above)
2018-12-25T12:37:24.043318203Z 67 PC: 1567d | Get or set file attributes (See above)
2018-12-25T12:37:24.054721015Z 61 PC: 15686 | Open file (See above)
2018-12-25T12:37:24.059096203Z 63 PC: 1569c | Read file or device (See above)
2018-12-25T12:37:24.063246083Z 62 PC: 156c2 | Close file (See above)
2018-12-25T12:37:24.064986243Z 67 PC: 156d9 | Get or set file attributes (See above)
2018-12-25T12:37:24.079078024Z 79 PC: 1564a | Find next file (See above)
2018-12-25T12:37:24.081497523Z 59 PC: 15814 | Change current directory
2018-12-25T12:37:24.086544989Z 78 PC: 15824 | Find first file
2018-12-25T12:37:24.093397926Z 59 PC: 1585a | Change current directory
2018-12-25T12:37:24.099911937Z 78 PC: 15639 | Find first file (See above)
2018-12-25T12:37:24.106955274Z 67 PC: 1567d | Get or set file attributes (See above)
2018-12-25T12:37:24.121095244Z 61 PC: 15686 | Open file (See above)
2018-12-25T12:37:24.133867072Z 63 PC: 1569c | Read file or device (See above)
2018-12-25T12:37:24.141906016Z 62 PC: 156c2 | Close file (See above)
2018-12-25T12:37:24.143795735Z 67 PC: 156d9 | Get or set file attributes (See above)
2018-12-25T12:37:24.154888296Z 79 PC: 1564a | Find next file (See above)
2018-12-25T12:37:24.158363866Z 67 PC: 1567d | Get or set file attributes (See above)
2018-12-25T12:37:24.169404033Z 61 PC: 15686 | Open file (See above)
2018-12-25T12:37:24.176674564Z 63 PC: 1569c | Read file or device (See above)
2018-12-25T12:37:24.184286035Z 62 PC: 156c2 | Close file (See above)
2018-12-25T12:37:24.186132932Z 67 PC: 156d9 | Get or set file attributes (See above)
2018-12-25T12:37:24.197065571Z 79 PC: 1564a | Find next file (See above)
2018-12-25T12:37:24.201306938Z 67 PC: 1567d | Get or set file attributes (See above)
2018-12-25T12:37:24.211752273Z 61 PC: 15686 | Open file (See above)
2018-12-25T12:37:24.216063426Z 63 PC: 1569c | Read file or device (See above)
2018-12-25T12:37:24.221062706Z 62 PC: 156c2 | Close file (See above)
2018-12-25T12:37:24.22361956Z 67 PC: 156d9 | Get or set file attributes (See above)
2018-12-25T12:37:24.234661544Z 79 PC: 1564a | Find next file (See above)
2018-12-25T12:37:24.237314096Z 67 PC: 1567d | Get or set file attributes (See above)
2018-12-25T12:37:24.244269107Z 61 PC: 15686 | Open file (See above)
2018-12-25T12:37:24.25137313Z 63 PC: 1569c | Read file or device (See above)
2018-12-25T12:37:24.256224632Z 62 PC: 156c2 | Close file (See above)
2018-12-25T12:37:24.257680296Z 67 PC: 156d9 | Get or set file attributes (See above)
2018-12-25T12:37:24.271314286Z 79 PC: 1564a | Find next file (See above)
2018-12-25T12:37:24.274727027Z 67 PC: 1567d | Get or set file attributes (See above)
2018-12-25T12:37:24.285507219Z 61 PC: 15686 | Open file (See above)
2018-12-25T12:37:24.292895785Z 63 PC: 1569c | Read file or device (See above)
2018-12-25T12:37:24.300443571Z 62 PC: 156c2 | Close file (See above)
2018-12-25T12:37:24.302422943Z 67 PC: 156d9 | Get or set file attributes (See above)
2018-12-25T12:37:24.313279539Z 79 PC: 1564a | Find next file (See above)
2018-12-25T12:37:24.316755655Z 67 PC: 1567d | Get or set file attributes (See above)
2018-12-25T12:37:24.328162508Z 61 PC: 15686 | Open file (See above)
2018-12-25T12:37:24.335374266Z 63 PC: 1569c | Read file or device (See above)
2018-12-25T12:37:24.342819437Z 62 PC: 156c2 | Close file (See above)
2018-12-25T12:37:24.344860677Z 67 PC: 156d9 | Get or set file attributes (See above)
2018-12-25T12:37:24.356902368Z 79 PC: 1564a | Find next file (See above)
2018-12-25T12:37:24.360343817Z 67 PC: 1567d | Get or set file attributes (See above)
2018-12-25T12:37:24.370793854Z 61 PC: 15686 | Open file (See above)
2018-12-25T12:37:24.37747331Z 63 PC: 1569c | Read file or device (See above)
2018-12-25T12:37:24.384362657Z 62 PC: 156c2 | Close file (See above)
2018-12-25T12:37:24.386883041Z 67 PC: 156d9 | Get or set file attributes (See above)
2018-12-25T12:37:24.393822529Z 79 PC: 1564a | Find next file (See above)
2018-12-25T12:37:24.397121676Z 67 PC: 1567d | Get or set file attributes (See above)
2018-12-25T12:37:24.407460572Z 61 PC: 15686 | Open file (See above)
2018-12-25T12:37:24.414429275Z 63 PC: 1569c | Read file or device (See above)
2018-12-25T12:37:24.421419162Z 62 PC: 156c2 | Close file (See above)
2018-12-25T12:37:24.422715833Z 67 PC: 156d9 | Get or set file attributes (See above)
2018-12-25T12:37:24.429074329Z 79 PC: 1564a | Find next file (See above)
2018-12-25T12:37:24.431083489Z 59 PC: 15814 | Change current directory (See above)
2018-12-25T12:37:24.43388261Z 78 PC: 15824 | Find first file (See above)
2018-12-25T12:37:24.440715203Z 79 PC: 1583e | Find next file
2018-12-25T12:37:24.442872543Z 79 PC: 1583e | Find next file (See above)
2018-12-25T12:37:24.444734363Z 79 PC: 1583e | Find next file (See above)
2018-12-25T12:37:24.446479796Z 79 PC: 1583e | Find next file (See above)
2018-12-25T12:37:24.448744641Z 79 PC: 1583e | Find next file (See above)
2018-12-25T12:37:24.451062258Z 79 PC: 1583e | Find next file (See above)
2018-12-25T12:37:24.452825598Z 79 PC: 1583e | Find next file (See above)
2018-12-25T12:37:24.455145358Z 79 PC: 1583e | Find next file (See above)
2018-12-25T12:37:24.456864908Z 79 PC: 1583e | Find next file (See above)
2018-12-25T12:37:24.45836796Z 26 PC: 1586d | Set disk transfer address
2018-12-25T12:37:24.459311863Z 59 PC: 15875 | Change current directory
2018-12-25T12:37:24.462261758Z 59 PC: 15880 | Change current directory
2018-12-25T12:37:24.463457068Z 44 PC: 15894 | Get time 0x15894: cmp cl, 0x16
0x15897: jne 0x1589e
0x15899: cmp dh, 0x1e
0x1589c: jb 0x1589f
0x1589e: ret
0x1589f: mov ax, 0x13
0x158a2: int 0x10
0x158a4: mov dx, 0x3c8
0x158a7: xor al, al
0x158a9: out dx, al
0x158aa: inc dx
0x158ab: xor cx, cx
0x158ad: mov al, cl
0x158af: out dx, al
0x158b0: xor al, al
0x158b2: out dx, al
0x158b3: out dx, al
0x158b4: inc cx
0x158b5: cmp cx, 0x3f
0x158b8: jne 0x158ad

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":22,"Second":30,"TimeBased":true,"OriginalID":13073,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:37:24.234942203Z 71 PC: 1561c | Get current directory
2018-12-25T12:37:24.238147552Z 26 PC: 1562d | Set disk transfer address
2018-12-25T12:37:24.239274879Z 78 PC: 15639 | Find first file
2018-12-25T12:37:24.242967242Z 67 PC: 1567d | Get or set file attributes
2018-12-25T12:37:25.078775641Z 61 PC: 15686 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:37:25.085262508Z 63 PC: 1569c | Read file or device (Read 5 bytes on handle 5)
2018-12-25T12:37:25.154606704Z 66 PC: 156e5 | Move file pointer
2018-12-25T12:37:25.156753258Z 44 PC: 156e9 | Get time 0x156e9: mov byte ptr [bp + 0x130], dl
0x156ed: mov byte ptr [bp + 0x136], dh
0x156f1: mov byte ptr [bp + 0x13d], cl
0x156f5: mov byte ptr [bp + 0x142], ch
0x156f9: xor cx, 0x16
0x156fc: xor dx, 0x5a
0x156ff: mov byte ptr [bp + 0x146], dl
0x15703: mov byte ptr [bp + 0x14a], dh
0x15707: mov byte ptr [bp + 0x158], cl
0x1570b: mov byte ptr [bp + 0x15c], ch
0x1570f: xor cx, 0xf2
0x15713: xor dx, 0xa8
0x15717: mov byte ptr [bp + 0x11a], dl
0x1571b: mov byte ptr [bp + 0x11e], dh
0x1571f: mov byte ptr [bp + 0x122], cl
0x15723: mov byte ptr [bp + 0x129], ch
0x15727: mov byte ptr [bp + 0x114], dl
0x1572b: push ax
0x1572c: push bp
0x1572d: mov bp, sp
2018-12-25T12:37:25.158998017Z 64 PC: 1573f | Write file or device (Write 80 bytes on handle 5)
2018-12-25T12:37:25.16155174Z 64 PC: 15774 | Write file or device (Write 1034 bytes on handle 5)
2018-12-25T12:37:25.204135767Z 66 PC: 15783 | Move file pointer
2018-12-25T12:37:25.207061835Z 64 PC: 15797 | Write file or device (Write 6 bytes on handle 5)
2018-12-25T12:37:25.21048602Z 66 PC: 157a0 | Move file pointer
2018-12-25T12:37:25.212197474Z 64 PC: 157ca | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:37:25.219211604Z 87 PC: 157df | Get or set file date and time
2018-12-25T12:37:25.220554029Z 62 PC: 157e3 | Close file
2018-12-25T12:37:25.257422667Z 67 PC: 157fa | Get or set file attributes
2018-12-25T12:37:25.316118844Z 79 PC: 1564a | Find next file
2018-12-25T12:37:25.318640972Z 67 PC: 1567d | Get or set file attributes (See above)
2018-12-25T12:37:25.354995881Z 61 PC: 15686 | Open file (See above)
2018-12-25T12:37:25.361891199Z 63 PC: 1569c | Read file or device (See above)
2018-12-25T12:37:25.368063757Z 62 PC: 156c2 | Close file
2018-12-25T12:37:25.369649263Z 67 PC: 156d9 | Get or set file attributes
2018-12-25T12:37:25.423974805Z 79 PC: 1564a | Find next file (See above)
2018-12-25T12:37:25.426454213Z 67 PC: 1567d | Get or set file attributes (See above)
2018-12-25T12:37:25.476500775Z 61 PC: 15686 | Open file (See above)
2018-12-25T12:37:25.483383596Z 63 PC: 1569c | Read file or device (See above)
2018-12-25T12:37:25.489484127Z 62 PC: 156c2 | Close file (See above)
2018-12-25T12:37:25.491161498Z 67 PC: 156d9 | Get or set file attributes (See above)
2018-12-25T12:37:25.549288406Z 79 PC: 1564a | Find next file (See above)
2018-12-25T12:37:25.551833884Z 67 PC: 1567d | Get or set file attributes (See above)
2018-12-25T12:37:25.606320773Z 61 PC: 15686 | Open file (See above)
2018-12-25T12:37:25.618333949Z 63 PC: 1569c | Read file or device (See above)
2018-12-25T12:37:25.624586201Z 62 PC: 156c2 | Close file (See above)
2018-12-25T12:37:25.626190078Z 67 PC: 156d9 | Get or set file attributes (See above)
2018-12-25T12:37:25.686782215Z 79 PC: 1564a | Find next file (See above)
2018-12-25T12:37:25.689234752Z 67 PC: 1567d | Get or set file attributes (See above)
2018-12-25T12:37:25.761176702Z 61 PC: 15686 | Open file (See above)
2018-12-25T12:37:25.766279904Z 63 PC: 1569c | Read file or device (See above)
2018-12-25T12:37:25.771421222Z 62 PC: 156c2 | Close file (See above)
2018-12-25T12:37:25.773151029Z 67 PC: 156d9 | Get or set file attributes (See above)
2018-12-25T12:37:25.862600274Z 79 PC: 1564a | Find next file (See above)
2018-12-25T12:37:25.865549927Z 67 PC: 1567d | Get or set file attributes (See above)
2018-12-25T12:37:25.925674583Z 61 PC: 15686 | Open file (See above)
2018-12-25T12:37:25.933279977Z 63 PC: 1569c | Read file or device (See above)
2018-12-25T12:37:25.939464555Z 66 PC: 156e5 | Move file pointer (See above)
2018-12-25T12:37:25.940677434Z 44 PC: 156e9 | Get time (See above)
2018-12-25T12:37:25.943437752Z 64 PC: 1573f | Write file or device (See above)
2018-12-25T12:37:26.037079099Z 64 PC: 15774 | Write file or device (See above)
2018-12-25T12:37:26.096202365Z 66 PC: 15783 | Move file pointer (See above)
2018-12-25T12:37:26.09824719Z 64 PC: 15797 | Write file or device (See above)
2018-12-25T12:37:26.102310549Z 66 PC: 157a0 | Move file pointer (See above)
2018-12-25T12:37:26.104033221Z 64 PC: 157ca | Write file or device (See above)
2018-12-25T12:37:26.110885207Z 87 PC: 157df | Get or set file date and time (See above)
2018-12-25T12:37:26.113040655Z 62 PC: 157e3 | Close file (See above)
2018-12-25T12:37:26.206686544Z 67 PC: 157fa | Get or set file attributes (See above)
2018-12-25T12:37:26.277088867Z 79 PC: 1564a | Find next file (See above)
2018-12-25T12:37:26.280537196Z 67 PC: 1567d | Get or set file attributes (See above)
2018-12-25T12:37:26.356135147Z 61 PC: 15686 | Open file (See above)
2018-12-25T12:37:26.362558381Z 63 PC: 1569c | Read file or device (See above)
2018-12-25T12:37:26.369629627Z 62 PC: 156c2 | Close file (See above)
2018-12-25T12:37:26.371261267Z 67 PC: 156d9 | Get or set file attributes (See above)
2018-12-25T12:37:26.425099299Z 79 PC: 1564a | Find next file (See above)
2018-12-25T12:37:26.428683088Z 67 PC: 1567d | Get or set file attributes (See above)
2018-12-25T12:37:26.724321944Z 61 PC: 15686 | Open file (See above)
2018-12-25T12:37:26.731046521Z 63 PC: 1569c | Read file or device (See above)
2018-12-25T12:37:26.738525964Z 62 PC: 156c2 | Close file (See above)
2018-12-25T12:37:26.741077936Z 67 PC: 156d9 | Get or set file attributes (See above)
2018-12-25T12:37:26.840144198Z 79 PC: 1564a | Find next file (See above)
2018-12-25T12:37:26.843552982Z 59 PC: 15814 | Change current directory
2018-12-25T12:37:26.847834139Z 78 PC: 15824 | Find first file
2018-12-25T12:37:26.853477222Z 59 PC: 1585a | Change current directory
2018-12-25T12:37:26.859760341Z 78 PC: 15639 | Find first file (See above)
2018-12-25T12:37:26.865550217Z 67 PC: 1567d | Get or set file attributes (See above)
2018-12-25T12:37:26.967698907Z 61 PC: 15686 | Open file (See above)
2018-12-25T12:37:26.979818736Z 63 PC: 1569c | Read file or device (See above)
2018-12-25T12:37:26.986112436Z 62 PC: 156c2 | Close file (See above)
2018-12-25T12:37:26.987990296Z 67 PC: 156d9 | Get or set file attributes (See above)
2018-12-25T12:37:27.144893435Z 79 PC: 1564a | Find next file (See above)
2018-12-25T12:37:27.147315231Z 67 PC: 1567d | Get or set file attributes (See above)
2018-12-25T12:37:27.342528437Z 61 PC: 15686 | Open file (See above)
2018-12-25T12:37:27.350084796Z 63 PC: 1569c | Read file or device (See above)
2018-12-25T12:37:27.356779546Z 62 PC: 156c2 | Close file (See above)
2018-12-25T12:37:27.358446695Z 67 PC: 156d9 | Get or set file attributes (See above)
2018-12-25T12:37:27.367988911Z 79 PC: 1564a | Find next file (See above)
2018-12-25T12:37:27.370760654Z 67 PC: 1567d | Get or set file attributes (See above)
2018-12-25T12:37:27.380180256Z 61 PC: 15686 | Open file (See above)
2018-12-25T12:37:27.391820413Z 63 PC: 1569c | Read file or device (See above)
2018-12-25T12:37:27.399188869Z 62 PC: 156c2 | Close file (See above)
2018-12-25T12:37:27.401253582Z 67 PC: 156d9 | Get or set file attributes (See above)
2018-12-25T12:37:27.41182991Z 79 PC: 1564a | Find next file (See above)
2018-12-25T12:37:27.415372546Z 67 PC: 1567d | Get or set file attributes (See above)
2018-12-25T12:37:27.425406853Z 61 PC: 15686 | Open file (See above)
2018-12-25T12:37:27.431919313Z 63 PC: 1569c | Read file or device (See above)
2018-12-25T12:37:27.438373211Z 62 PC: 156c2 | Close file (See above)
2018-12-25T12:37:27.440093283Z 67 PC: 156d9 | Get or set file attributes (See above)
2018-12-25T12:37:27.450243056Z 79 PC: 1564a | Find next file (See above)
2018-12-25T12:37:27.453493338Z 67 PC: 1567d | Get or set file attributes (See above)
2018-12-25T12:37:27.463170684Z 61 PC: 15686 | Open file (See above)
2018-12-25T12:37:27.469784394Z 63 PC: 1569c | Read file or device (See above)
2018-12-25T12:37:27.477528899Z 62 PC: 156c2 | Close file (See above)
2018-12-25T12:37:27.479560579Z 67 PC: 156d9 | Get or set file attributes (See above)
2018-12-25T12:37:27.489156937Z 79 PC: 1564a | Find next file (See above)
2018-12-25T12:37:27.493268965Z 67 PC: 1567d | Get or set file attributes (See above)
2018-12-25T12:37:27.502747138Z 61 PC: 15686 | Open file (See above)
2018-12-25T12:37:27.514524587Z 63 PC: 1569c | Read file or device (See above)
2018-12-25T12:37:27.521603882Z 62 PC: 156c2 | Close file (See above)
2018-12-25T12:37:27.523929565Z 67 PC: 156d9 | Get or set file attributes (See above)
2018-12-25T12:37:27.832070125Z 79 PC: 1564a | Find next file (See above)
2018-12-25T12:37:27.836148741Z 67 PC: 1567d | Get or set file attributes (See above)
2018-12-25T12:37:27.846042354Z 61 PC: 15686 | Open file (See above)
2018-12-25T12:37:27.852728406Z 63 PC: 1569c | Read file or device (See above)
2018-12-25T12:37:27.866284869Z 62 PC: 156c2 | Close file (See above)
2018-12-25T12:37:27.868066088Z 67 PC: 156d9 | Get or set file attributes (See above)
2018-12-25T12:37:27.878007781Z 79 PC: 1564a | Find next file (See above)
2018-12-25T12:37:27.881702782Z 67 PC: 1567d | Get or set file attributes (See above)
2018-12-25T12:37:27.893566965Z 61 PC: 15686 | Open file (See above)
2018-12-25T12:37:27.900167866Z 63 PC: 1569c | Read file or device (See above)
2018-12-25T12:37:27.907285158Z 62 PC: 156c2 | Close file (See above)
2018-12-25T12:37:27.909208513Z 67 PC: 156d9 | Get or set file attributes (See above)
2018-12-25T12:37:27.919037489Z 79 PC: 1564a | Find next file (See above)
2018-12-25T12:37:27.92220485Z 59 PC: 15814 | Change current directory (See above)
2018-12-25T12:37:27.926663768Z 78 PC: 15824 | Find first file (See above)
2018-12-25T12:37:27.932726426Z 79 PC: 1583e | Find next file
2018-12-25T12:37:27.941975457Z 79 PC: 1583e | Find next file (See above)
2018-12-25T12:37:27.945019565Z 79 PC: 1583e | Find next file (See above)
2018-12-25T12:37:27.948544187Z 79 PC: 1583e | Find next file (See above)
2018-12-25T12:37:27.951570641Z 79 PC: 1583e | Find next file (See above)
2018-12-25T12:37:27.954697128Z 79 PC: 1583e | Find next file (See above)
2018-12-25T12:37:27.957439285Z 79 PC: 1583e | Find next file (See above)
2018-12-25T12:37:27.96062315Z 79 PC: 1583e | Find next file (See above)
2018-12-25T12:37:27.963212791Z 79 PC: 1583e | Find next file (See above)
2018-12-25T12:37:27.965664248Z 26 PC: 1586d | Set disk transfer address
2018-12-25T12:37:27.967954229Z 59 PC: 15875 | Change current directory
2018-12-25T12:37:27.97234035Z 59 PC: 15880 | Change current directory
2018-12-25T12:37:27.974348862Z 44 PC: 15894 | Get time 0x15894: cmp cl, 0x16
0x15897: jne 0x1589e
0x15899: cmp dh, 0x1e
0x1589c: jb 0x1589f
0x1589e: ret
0x1589f: mov ax, 0x13
0x158a2: int 0x10
0x158a4: mov dx, 0x3c8
0x158a7: xor al, al
0x158a9: out dx, al
0x158aa: inc dx
0x158ab: xor cx, cx
0x158ad: mov al, cl
0x158af: out dx, al
0x158b0: xor al, al
0x158b2: out dx, al
0x158b3: out dx, al
0x158b4: inc cx
0x158b5: cmp cx, 0x3f
0x158b8: jne 0x158ad
2018-12-25T12:37:27.976850747Z 44 PC: 12a42 | Get time 0x12a42: jmp 0x125e6
0x12a45: sub dx, word ptr [bx + si - 0x6f70]
0x12a49: nop
0x12a4a: nop
0x12a4b: nop
0x12a4c: nop
0x12a4d: nop
0x12a4e: nop
0x12a4f: nop
0x12a50: nop
0x12a51: nop
0x12a52: nop
0x12a53: nop
0x12a54: nop
0x12a55: nop
0x12a56: nop
0x12a57: nop
0x12a58: nop
0x12a59: nop
0x12a5a: nop