Sample viewer

vx.netlux.org/Virus.DOS.Satan.620

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:00:10.010494937Z 42 PC: 12a62 | Get date 0x12a62: cmp dh, 0xc
0x12a65: jne 0x12a6f
0x12a67: cmp dl, 0x19
0x12a6a: jne 0x12a6f
0x12a6c: jmp 0x12c4a
0x12a6f: cmp dh, 4
0x12a72: jne 0x12a7c
0x12a74: cmp dl, 1
0x12a77: jne 0x12a7c
0x12a79: jmp 0x12c4c
0x12a7c: call 0x12c2a
0x12a7f: call 0x12c17
0x12a82: mov si, bp
0x12a84: add si, 0x23f
0x12a88: lodsw ax, word ptr [si]
0x12a89: cmp ax, 5
0x12a8c: ja 0x12a91
0x12a8e: jmp 0x12ae8
0x12a90: nop
0x12a91: call 0x12bfe
2018-12-17T23:00:10.013414898Z 26 PC: 12c34 | Set disk transfer address
2018-12-17T23:00:10.014491464Z 78 PC: 12c24 | Find first file
2018-12-17T23:00:10.020131733Z 61 PC: 12c09 | Open file (Filename = 'SLEEP.COM')
2018-12-17T23:00:10.026647777Z 87 PC: 12bec | Get or set file date and time
2018-12-17T23:00:10.028073737Z 63 PC: 12aa8 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T23:00:10.034116725Z 66 PC: 12ab2 | Move file pointer
2018-12-17T23:00:10.035788746Z 64 PC: 12b0c | Write file or device (Write 620 bytes on handle 5)
2018-12-17T23:00:10.050443074Z 66 PC: 12b16 | Move file pointer
2018-12-17T23:00:10.051656811Z 64 PC: 12b24 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T23:00:10.058097335Z 87 PC: 12be7 | Get or set file date and time
2018-12-17T23:00:10.059576908Z 62 PC: 12b2e | Close file
2018-12-17T23:00:10.066908038Z 79 PC: 12aef | Find next file
2018-12-17T23:00:10.081646152Z 61 PC: 12c09 | Open file (Filename = 'PRINT.COM')
2018-12-17T23:00:10.088988428Z 87 PC: 12bec | Get or set file date and time
2018-12-17T23:00:10.090233951Z 63 PC: 12aa8 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T23:00:10.101801185Z 66 PC: 12ab2 | Move file pointer
2018-12-17T23:00:10.103614984Z 64 PC: 12b0c | Write file or device (Write 620 bytes on handle 5)
2018-12-17T23:00:10.11104319Z 66 PC: 12b16 | Move file pointer
2018-12-17T23:00:10.112177065Z 64 PC: 12b24 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T23:00:10.123321155Z 87 PC: 12be7 | Get or set file date and time
2018-12-17T23:00:10.124726889Z 62 PC: 12b2e | Close file
2018-12-17T23:00:10.132251308Z 79 PC: 12aef | Find next file
2018-12-17T23:00:10.135346916Z 61 PC: 12c09 | Open file (Filename = 'HELLO.COM')
2018-12-17T23:00:10.141481049Z 87 PC: 12bec | Get or set file date and time
2018-12-17T23:00:10.142664178Z 63 PC: 12aa8 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T23:00:10.149461359Z 66 PC: 12ab2 | Move file pointer
2018-12-17T23:00:10.150785281Z 64 PC: 12b0c | Write file or device (Write 620 bytes on handle 5)
2018-12-17T23:00:10.158155739Z 66 PC: 12b16 | Move file pointer
2018-12-17T23:00:10.159781689Z 64 PC: 12b24 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T23:00:10.165985432Z 87 PC: 12be7 | Get or set file date and time
2018-12-17T23:00:10.16741497Z 62 PC: 12b2e | Close file
2018-12-17T23:00:10.175882145Z 79 PC: 12aef | Find next file
2018-12-17T23:00:10.178377119Z 61 PC: 12c09 | Open file (Filename = 'PHANG.COM')
2018-12-17T23:00:10.184500678Z 87 PC: 12bec | Get or set file date and time
2018-12-17T23:00:10.186147979Z 63 PC: 12aa8 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T23:00:10.192184321Z 66 PC: 12ab2 | Move file pointer
2018-12-17T23:00:10.19364325Z 64 PC: 12b0c | Write file or device (Write 620 bytes on handle 5)
2018-12-17T23:00:10.20154569Z 66 PC: 12b16 | Move file pointer
2018-12-17T23:00:10.203458485Z 64 PC: 12b24 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T23:00:10.20967505Z 87 PC: 12be7 | Get or set file date and time
2018-12-17T23:00:10.211444171Z 62 PC: 12b2e | Close file
2018-12-17T23:00:10.219332518Z 79 PC: 12aef | Find next file
2018-12-17T23:00:10.221724542Z 61 PC: 12c09 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T23:00:10.227880566Z 87 PC: 12bec | Get or set file date and time
2018-12-17T23:00:10.229324127Z 63 PC: 12aa8 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T23:00:10.235277241Z 66 PC: 12ab2 | Move file pointer
2018-12-17T23:00:10.236763722Z 64 PC: 12b0c | Write file or device (Write 620 bytes on handle 5)
2018-12-17T23:00:10.244842133Z 66 PC: 12b16 | Move file pointer
2018-12-17T23:00:10.246422814Z 64 PC: 12b24 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T23:00:10.252968763Z 87 PC: 12be7 | Get or set file date and time
2018-12-17T23:00:10.255272951Z 62 PC: 12b2e | Close file
2018-12-17T23:00:10.263155808Z 79 PC: 12aef | Find next file
2018-12-17T23:00:10.265778416Z 61 PC: 12c09 | Open file (Filename = 'MANDEL.COM')
2018-12-17T23:00:10.273647789Z 87 PC: 12bec | Get or set file date and time
2018-12-17T23:00:10.281030056Z 63 PC: 12aa8 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T23:00:10.288193809Z 66 PC: 12ab2 | Move file pointer
2018-12-17T23:00:10.29085635Z 64 PC: 12b0c | Write file or device (Write 620 bytes on handle 5)
2018-12-17T23:00:10.299242953Z 66 PC: 12b16 | Move file pointer
2018-12-17T23:00:10.300475028Z 64 PC: 12b24 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T23:00:10.307482582Z 87 PC: 12be7 | Get or set file date and time
2018-12-17T23:00:10.308884633Z 62 PC: 12b2e | Close file
2018-12-17T23:00:10.31649275Z 79 PC: 12aef | Find next file
2018-12-17T23:00:10.319599329Z 61 PC: 12c09 | Open file (Filename = 'PAH.COM')
2018-12-17T23:00:10.326175014Z 87 PC: 12bec | Get or set file date and time
2018-12-17T23:00:10.327478267Z 63 PC: 12aa8 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T23:00:10.334278204Z 66 PC: 12ab2 | Move file pointer
2018-12-17T23:00:10.335620575Z 64 PC: 12b0c | Write file or device (Write 620 bytes on handle 5)
2018-12-17T23:00:10.343629863Z 66 PC: 12b16 | Move file pointer
2018-12-17T23:00:10.34535191Z 64 PC: 12b24 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T23:00:10.351600361Z 87 PC: 12be7 | Get or set file date and time
2018-12-17T23:00:10.352910059Z 62 PC: 12b2e | Close file
2018-12-17T23:00:10.360836366Z 79 PC: 12aef | Find next file
2018-12-17T23:00:10.36333739Z 61 PC: 12c09 | Open file (Filename = 'TEST.COM')
2018-12-17T23:00:10.369618967Z 87 PC: 12bec | Get or set file date and time
2018-12-17T23:00:10.371446569Z 63 PC: 12aa8 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T23:00:10.37382353Z 66 PC: 12ab2 | Move file pointer
2018-12-17T23:00:10.37528296Z 64 PC: 12b0c | Write file or device (Write 620 bytes on handle 5)
2018-12-17T23:00:10.383689984Z 66 PC: 12b16 | Move file pointer
2018-12-17T23:00:10.38522625Z 64 PC: 12b24 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T23:00:10.38810203Z 87 PC: 12be7 | Get or set file date and time
2018-12-17T23:00:10.390151064Z 62 PC: 12b2e | Close file
2018-12-17T23:00:10.397653314Z 79 PC: 12aef | Find next file

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13451,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:38:13.952868022Z 42 PC: 12a62 | Get date 0x12a62: cmp dh, 0xc
0x12a65: jne 0x12a6f
0x12a67: cmp dl, 0x19
0x12a6a: jne 0x12a6f
0x12a6c: jmp 0x12c4a
0x12a6f: cmp dh, 4
0x12a72: jne 0x12a7c
0x12a74: cmp dl, 1
0x12a77: jne 0x12a7c
0x12a79: jmp 0x12c4c
0x12a7c: call 0x12c2a
0x12a7f: call 0x12c17
0x12a82: mov si, bp
0x12a84: add si, 0x23f
0x12a88: lodsw ax, word ptr [si]
0x12a89: cmp ax, 5
0x12a8c: ja 0x12a91
0x12a8e: jmp 0x12ae8
0x12a90: nop
0x12a91: call 0x12bfe
2018-12-25T12:38:13.955672619Z 26 PC: 12c34 | Set disk transfer address
2018-12-25T12:38:13.957751383Z 78 PC: 12c24 | Find first file
2018-12-25T12:38:13.964553711Z 61 PC: 12c09 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:38:13.972482125Z 87 PC: 12bec | Get or set file date and time
2018-12-25T12:38:13.975008781Z 63 PC: 12aa8 | Read file or device (Read 5 bytes on handle 5)
2018-12-25T12:38:13.981918386Z 66 PC: 12ab2 | Move file pointer
2018-12-25T12:38:13.983828477Z 64 PC: 12b0c | Write file or device (Write 620 bytes on handle 5)
2018-12-25T12:38:13.998656637Z 66 PC: 12b16 | Move file pointer
2018-12-25T12:38:14.000694203Z 64 PC: 12b24 | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:38:14.008205328Z 87 PC: 12be7 | Get or set file date and time
2018-12-25T12:38:14.018225568Z 62 PC: 12b2e | Close file
2018-12-25T12:38:14.026911304Z 79 PC: 12aef | Find next file
2018-12-25T12:38:14.029939023Z 61 PC: 12c09 | Open file (See above)
2018-12-25T12:38:14.037812123Z 87 PC: 12bec | Get or set file date and time (See above)
2018-12-25T12:38:14.039334222Z 63 PC: 12aa8 | Read file or device (See above)
2018-12-25T12:38:14.045298259Z 66 PC: 12ab2 | Move file pointer (See above)
2018-12-25T12:38:14.046672091Z 64 PC: 12b0c | Write file or device (See above)
2018-12-25T12:38:14.055344031Z 66 PC: 12b16 | Move file pointer (See above)
2018-12-25T12:38:14.056403908Z 64 PC: 12b24 | Write file or device (See above)
2018-12-25T12:38:14.063578412Z 87 PC: 12be7 | Get or set file date and time (See above)
2018-12-25T12:38:14.065261944Z 62 PC: 12b2e | Close file (See above)
2018-12-25T12:38:14.073465187Z 79 PC: 12aef | Find next file (See above)
2018-12-25T12:38:14.076278652Z 61 PC: 12c09 | Open file (See above)
2018-12-25T12:38:14.084388535Z 87 PC: 12bec | Get or set file date and time (See above)
2018-12-25T12:38:14.089196441Z 63 PC: 12aa8 | Read file or device (See above)
2018-12-25T12:38:14.093524154Z 66 PC: 12ab2 | Move file pointer (See above)
2018-12-25T12:38:14.09510719Z 64 PC: 12b0c | Write file or device (See above)
2018-12-25T12:38:14.100371453Z 66 PC: 12b16 | Move file pointer (See above)
2018-12-25T12:38:14.10146038Z 64 PC: 12b24 | Write file or device (See above)
2018-12-25T12:38:14.106475413Z 87 PC: 12be7 | Get or set file date and time (See above)
2018-12-25T12:38:14.107633078Z 62 PC: 12b2e | Close file (See above)
2018-12-25T12:38:14.113246246Z 79 PC: 12aef | Find next file (See above)
2018-12-25T12:38:14.115558213Z 61 PC: 12c09 | Open file (See above)
2018-12-25T12:38:14.119855215Z 87 PC: 12bec | Get or set file date and time (See above)
2018-12-25T12:38:14.120960751Z 63 PC: 12aa8 | Read file or device (See above)
2018-12-25T12:38:14.125577274Z 66 PC: 12ab2 | Move file pointer (See above)
2018-12-25T12:38:14.126732346Z 64 PC: 12b0c | Write file or device (See above)
2018-12-25T12:38:14.131823303Z 66 PC: 12b16 | Move file pointer (See above)
2018-12-25T12:38:14.136163201Z 64 PC: 12b24 | Write file or device (See above)
2018-12-25T12:38:14.14056037Z 87 PC: 12be7 | Get or set file date and time (See above)
2018-12-25T12:38:14.141667696Z 62 PC: 12b2e | Close file (See above)
2018-12-25T12:38:14.147219728Z 79 PC: 12aef | Find next file (See above)
2018-12-25T12:38:14.149408191Z 61 PC: 12c09 | Open file (See above)
2018-12-25T12:38:14.153620239Z 87 PC: 12bec | Get or set file date and time (See above)
2018-12-25T12:38:14.15470702Z 63 PC: 12aa8 | Read file or device (See above)
2018-12-25T12:38:14.159353348Z 66 PC: 12ab2 | Move file pointer (See above)
2018-12-25T12:38:14.160469661Z 64 PC: 12b0c | Write file or device (See above)
2018-12-25T12:38:14.165685772Z 66 PC: 12b16 | Move file pointer (See above)
2018-12-25T12:38:14.167716435Z 64 PC: 12b24 | Write file or device (See above)
2018-12-25T12:38:14.17233076Z 87 PC: 12be7 | Get or set file date and time (See above)
2018-12-25T12:38:14.173442095Z 62 PC: 12b2e | Close file (See above)
2018-12-25T12:38:14.183480295Z 79 PC: 12aef | Find next file (See above)
2018-12-25T12:38:14.187353045Z 61 PC: 12c09 | Open file (See above)
2018-12-25T12:38:14.195519719Z 87 PC: 12bec | Get or set file date and time (See above)
2018-12-25T12:38:14.200163958Z 63 PC: 12aa8 | Read file or device (See above)
2018-12-25T12:38:14.207614796Z 66 PC: 12ab2 | Move file pointer (See above)
2018-12-25T12:38:14.209043438Z 64 PC: 12b0c | Write file or device (See above)
2018-12-25T12:38:14.218927018Z 66 PC: 12b16 | Move file pointer (See above)
2018-12-25T12:38:14.220495187Z 64 PC: 12b24 | Write file or device (See above)
2018-12-25T12:38:14.227773944Z 87 PC: 12be7 | Get or set file date and time (See above)
2018-12-25T12:38:14.22977459Z 62 PC: 12b2e | Close file (See above)
2018-12-25T12:38:14.238448059Z 79 PC: 12aef | Find next file (See above)
2018-12-25T12:38:14.241001132Z 61 PC: 12c09 | Open file (See above)
2018-12-25T12:38:14.248724847Z 87 PC: 12bec | Get or set file date and time (See above)
2018-12-25T12:38:14.250193821Z 63 PC: 12aa8 | Read file or device (See above)
2018-12-25T12:38:14.257074228Z 66 PC: 12ab2 | Move file pointer (See above)
2018-12-25T12:38:14.258660945Z 64 PC: 12b0c | Write file or device (See above)
2018-12-25T12:38:14.267193819Z 66 PC: 12b16 | Move file pointer (See above)
2018-12-25T12:38:14.268562128Z 64 PC: 12b24 | Write file or device (See above)
2018-12-25T12:38:14.275353872Z 87 PC: 12be7 | Get or set file date and time (See above)
2018-12-25T12:38:14.277244561Z 62 PC: 12b2e | Close file (See above)
2018-12-25T12:38:14.285430408Z 79 PC: 12aef | Find next file (See above)
2018-12-25T12:38:14.28824424Z 61 PC: 12c09 | Open file (See above)
2018-12-25T12:38:14.296416064Z 87 PC: 12bec | Get or set file date and time (See above)
2018-12-25T12:38:14.298262962Z 63 PC: 12aa8 | Read file or device (See above)
2018-12-25T12:38:14.301650852Z 66 PC: 12ab2 | Move file pointer (See above)
2018-12-25T12:38:14.304022826Z 64 PC: 12b0c | Write file or device (See above)
2018-12-25T12:38:14.314009102Z 66 PC: 12b16 | Move file pointer (See above)
2018-12-25T12:38:14.315321691Z 64 PC: 12b24 | Write file or device (See above)
2018-12-25T12:38:14.318896085Z 87 PC: 12be7 | Get or set file date and time (See above)
2018-12-25T12:38:14.320657072Z 62 PC: 12b2e | Close file (See above)
2018-12-25T12:38:14.32985001Z 79 PC: 12aef | Find next file (See above)

{"DateBased":true,"Day":1,"Month":4,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13451,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:38:14.285127086Z 42 PC: 12a62 | Get date 0x12a62: cmp dh, 0xc
0x12a65: jne 0x12a6f
0x12a67: cmp dl, 0x19
0x12a6a: jne 0x12a6f
0x12a6c: jmp 0x12c4a
0x12a6f: cmp dh, 4
0x12a72: jne 0x12a7c
0x12a74: cmp dl, 1
0x12a77: jne 0x12a7c
0x12a79: jmp 0x12c4c
0x12a7c: call 0x12c2a
0x12a7f: call 0x12c17
0x12a82: mov si, bp
0x12a84: add si, 0x23f
0x12a88: lodsw ax, word ptr [si]
0x12a89: cmp ax, 5
0x12a8c: ja 0x12a91
0x12a8e: jmp 0x12ae8
0x12a90: nop
0x12a91: call 0x12bfe
2018-12-25T12:38:14.289046366Z 65 PC: 12c53 | Delete file (Filename = 'A:\TEST.COM')

{"DateBased":true,"Day":2,"Month":4,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13451,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:38:14.813088755Z 42 PC: 12a62 | Get date 0x12a62: cmp dh, 0xc
0x12a65: jne 0x12a6f
0x12a67: cmp dl, 0x19
0x12a6a: jne 0x12a6f
0x12a6c: jmp 0x12c4a
0x12a6f: cmp dh, 4
0x12a72: jne 0x12a7c
0x12a74: cmp dl, 1
0x12a77: jne 0x12a7c
0x12a79: jmp 0x12c4c
0x12a7c: call 0x12c2a
0x12a7f: call 0x12c17
0x12a82: mov si, bp
0x12a84: add si, 0x23f
0x12a88: lodsw ax, word ptr [si]
0x12a89: cmp ax, 5
0x12a8c: ja 0x12a91
0x12a8e: jmp 0x12ae8
0x12a90: nop
0x12a91: call 0x12bfe
2018-12-25T12:38:14.815562178Z 26 PC: 12c34 | Set disk transfer address
2018-12-25T12:38:14.817042648Z 78 PC: 12c24 | Find first file
2018-12-25T12:38:14.82322113Z 61 PC: 12c09 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:38:14.830516494Z 87 PC: 12bec | Get or set file date and time
2018-12-25T12:38:14.832562071Z 63 PC: 12aa8 | Read file or device (Read 5 bytes on handle 5)
2018-12-25T12:38:14.839000251Z 66 PC: 12ab2 | Move file pointer
2018-12-25T12:38:14.840668495Z 64 PC: 12b0c | Write file or device (Write 620 bytes on handle 5)
2018-12-25T12:38:14.856228566Z 66 PC: 12b16 | Move file pointer
2018-12-25T12:38:14.857582854Z 64 PC: 12b24 | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:38:14.864330193Z 87 PC: 12be7 | Get or set file date and time
2018-12-25T12:38:14.868769944Z 62 PC: 12b2e | Close file
2018-12-25T12:38:14.876360682Z 79 PC: 12aef | Find next file
2018-12-25T12:38:14.878920903Z 61 PC: 12c09 | Open file (See above)
2018-12-25T12:38:14.886118499Z 87 PC: 12bec | Get or set file date and time (See above)
2018-12-25T12:38:14.887500824Z 63 PC: 12aa8 | Read file or device (See above)
2018-12-25T12:38:14.893854718Z 66 PC: 12ab2 | Move file pointer (See above)
2018-12-25T12:38:14.89623499Z 64 PC: 12b0c | Write file or device (See above)
2018-12-25T12:38:14.906893166Z 66 PC: 12b16 | Move file pointer (See above)
2018-12-25T12:38:14.908304141Z 64 PC: 12b24 | Write file or device (See above)
2018-12-25T12:38:14.91832299Z 87 PC: 12be7 | Get or set file date and time (See above)
2018-12-25T12:38:14.934864329Z 62 PC: 12b2e | Close file (See above)
2018-12-25T12:38:14.943397782Z 79 PC: 12aef | Find next file (See above)
2018-12-25T12:38:14.946444544Z 61 PC: 12c09 | Open file (See above)
2018-12-25T12:38:14.953074897Z 87 PC: 12bec | Get or set file date and time (See above)
2018-12-25T12:38:14.954521419Z 63 PC: 12aa8 | Read file or device (See above)
2018-12-25T12:38:14.965507284Z 66 PC: 12ab2 | Move file pointer (See above)
2018-12-25T12:38:14.967367285Z 64 PC: 12b0c | Write file or device (See above)
2018-12-25T12:38:14.975535119Z 66 PC: 12b16 | Move file pointer (See above)
2018-12-25T12:38:14.977237372Z 64 PC: 12b24 | Write file or device (See above)
2018-12-25T12:38:14.984726433Z 87 PC: 12be7 | Get or set file date and time (See above)
2018-12-25T12:38:14.98627086Z 62 PC: 12b2e | Close file (See above)
2018-12-25T12:38:14.994406049Z 79 PC: 12aef | Find next file (See above)
2018-12-25T12:38:14.998435918Z 61 PC: 12c09 | Open file (See above)
2018-12-25T12:38:15.005196022Z 87 PC: 12bec | Get or set file date and time (See above)
2018-12-25T12:38:15.006936339Z 63 PC: 12aa8 | Read file or device (See above)
2018-12-25T12:38:15.013722567Z 66 PC: 12ab2 | Move file pointer (See above)
2018-12-25T12:38:15.015321564Z 64 PC: 12b0c | Write file or device (See above)
2018-12-25T12:38:15.023088054Z 66 PC: 12b16 | Move file pointer (See above)
2018-12-25T12:38:15.025316732Z 64 PC: 12b24 | Write file or device (See above)
2018-12-25T12:38:15.031826653Z 87 PC: 12be7 | Get or set file date and time (See above)
2018-12-25T12:38:15.033537024Z 62 PC: 12b2e | Close file (See above)
2018-12-25T12:38:15.042921297Z 79 PC: 12aef | Find next file (See above)
2018-12-25T12:38:15.0456355Z 61 PC: 12c09 | Open file (See above)
2018-12-25T12:38:15.052074766Z 87 PC: 12bec | Get or set file date and time (See above)
2018-12-25T12:38:15.054127197Z 63 PC: 12aa8 | Read file or device (See above)
2018-12-25T12:38:15.060512248Z 66 PC: 12ab2 | Move file pointer (See above)
2018-12-25T12:38:15.062726317Z 64 PC: 12b0c | Write file or device (See above)
2018-12-25T12:38:15.070764783Z 66 PC: 12b16 | Move file pointer (See above)
2018-12-25T12:38:15.072825376Z 64 PC: 12b24 | Write file or device (See above)
2018-12-25T12:38:15.079418234Z 87 PC: 12be7 | Get or set file date and time (See above)
2018-12-25T12:38:15.081127028Z 62 PC: 12b2e | Close file (See above)
2018-12-25T12:38:15.089747411Z 79 PC: 12aef | Find next file (See above)
2018-12-25T12:38:15.092522565Z 61 PC: 12c09 | Open file (See above)
2018-12-25T12:38:15.099170043Z 87 PC: 12bec | Get or set file date and time (See above)
2018-12-25T12:38:15.101548688Z 63 PC: 12aa8 | Read file or device (See above)
2018-12-25T12:38:15.108312124Z 66 PC: 12ab2 | Move file pointer (See above)
2018-12-25T12:38:15.109991736Z 64 PC: 12b0c | Write file or device (See above)
2018-12-25T12:38:15.119641847Z 66 PC: 12b16 | Move file pointer (See above)
2018-12-25T12:38:15.121478815Z 64 PC: 12b24 | Write file or device (See above)
2018-12-25T12:38:15.12852396Z 87 PC: 12be7 | Get or set file date and time (See above)
2018-12-25T12:38:15.131137511Z 62 PC: 12b2e | Close file (See above)
2018-12-25T12:38:15.139072031Z 79 PC: 12aef | Find next file (See above)
2018-12-25T12:38:15.14166887Z 61 PC: 12c09 | Open file (See above)
2018-12-25T12:38:15.148284005Z 87 PC: 12bec | Get or set file date and time (See above)
2018-12-25T12:38:15.150216322Z 63 PC: 12aa8 | Read file or device (See above)
2018-12-25T12:38:15.156550161Z 66 PC: 12ab2 | Move file pointer (See above)
2018-12-25T12:38:15.158043104Z 64 PC: 12b0c | Write file or device (See above)
2018-12-25T12:38:15.16687128Z 66 PC: 12b16 | Move file pointer (See above)
2018-12-25T12:38:15.168273378Z 64 PC: 12b24 | Write file or device (See above)
2018-12-25T12:38:15.174806785Z 87 PC: 12be7 | Get or set file date and time (See above)
2018-12-25T12:38:15.177203273Z 62 PC: 12b2e | Close file (See above)
2018-12-25T12:38:15.185037168Z 79 PC: 12aef | Find next file (See above)
2018-12-25T12:38:15.187786379Z 61 PC: 12c09 | Open file (See above)
2018-12-25T12:38:15.195226622Z 87 PC: 12bec | Get or set file date and time (See above)
2018-12-25T12:38:15.197614614Z 63 PC: 12aa8 | Read file or device (See above)
2018-12-25T12:38:15.200777882Z 66 PC: 12ab2 | Move file pointer (See above)
2018-12-25T12:38:15.203015806Z 64 PC: 12b0c | Write file or device (See above)
2018-12-25T12:38:15.211322927Z 66 PC: 12b16 | Move file pointer (See above)
2018-12-25T12:38:15.212951557Z 64 PC: 12b24 | Write file or device (See above)
2018-12-25T12:38:15.216752481Z 87 PC: 12be7 | Get or set file date and time (See above)
2018-12-25T12:38:15.218396233Z 62 PC: 12b2e | Close file (See above)
2018-12-25T12:38:15.226032494Z 79 PC: 12aef | Find next file (See above)

{"DateBased":true,"Day":1,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13451,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:38:15.238242762Z 42 PC: 12a62 | Get date 0x12a62: cmp dh, 0xc
0x12a65: jne 0x12a6f
0x12a67: cmp dl, 0x19
0x12a6a: jne 0x12a6f
0x12a6c: jmp 0x12c4a
0x12a6f: cmp dh, 4
0x12a72: jne 0x12a7c
0x12a74: cmp dl, 1
0x12a77: jne 0x12a7c
0x12a79: jmp 0x12c4c
0x12a7c: call 0x12c2a
0x12a7f: call 0x12c17
0x12a82: mov si, bp
0x12a84: add si, 0x23f
0x12a88: lodsw ax, word ptr [si]
0x12a89: cmp ax, 5
0x12a8c: ja 0x12a91
0x12a8e: jmp 0x12ae8
0x12a90: nop
0x12a91: call 0x12bfe
2018-12-25T12:38:15.240945527Z 26 PC: 12c34 | Set disk transfer address
2018-12-25T12:38:15.242993701Z 78 PC: 12c24 | Find first file
2018-12-25T12:38:15.248994893Z 61 PC: 12c09 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:38:15.255540022Z 87 PC: 12bec | Get or set file date and time
2018-12-25T12:38:15.268100066Z 63 PC: 12aa8 | Read file or device (Read 5 bytes on handle 5)
2018-12-25T12:38:15.274991487Z 66 PC: 12ab2 | Move file pointer
2018-12-25T12:38:15.276733682Z 64 PC: 12b0c | Write file or device (Write 620 bytes on handle 5)
2018-12-25T12:38:15.29190405Z 66 PC: 12b16 | Move file pointer
2018-12-25T12:38:15.293892846Z 64 PC: 12b24 | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:38:15.300989146Z 87 PC: 12be7 | Get or set file date and time
2018-12-25T12:38:15.3032088Z 62 PC: 12b2e | Close file
2018-12-25T12:38:15.311163872Z 79 PC: 12aef | Find next file
2018-12-25T12:38:15.313727502Z 61 PC: 12c09 | Open file (See above)
2018-12-25T12:38:15.320844244Z 87 PC: 12bec | Get or set file date and time (See above)
2018-12-25T12:38:15.330481978Z 63 PC: 12aa8 | Read file or device (See above)
2018-12-25T12:38:15.337474524Z 66 PC: 12ab2 | Move file pointer (See above)
2018-12-25T12:38:15.339600573Z 64 PC: 12b0c | Write file or device (See above)
2018-12-25T12:38:15.348330536Z 66 PC: 12b16 | Move file pointer (See above)
2018-12-25T12:38:15.349901991Z 64 PC: 12b24 | Write file or device (See above)
2018-12-25T12:38:15.356918368Z 87 PC: 12be7 | Get or set file date and time (See above)
2018-12-25T12:38:15.35971453Z 62 PC: 12b2e | Close file (See above)
2018-12-25T12:38:15.367815664Z 79 PC: 12aef | Find next file (See above)
2018-12-25T12:38:15.370732369Z 61 PC: 12c09 | Open file (See above)
2018-12-25T12:38:15.378894861Z 87 PC: 12bec | Get or set file date and time (See above)
2018-12-25T12:38:15.38055093Z 63 PC: 12aa8 | Read file or device (See above)
2018-12-25T12:38:15.387008262Z 66 PC: 12ab2 | Move file pointer (See above)
2018-12-25T12:38:15.389775584Z 64 PC: 12b0c | Write file or device (See above)
2018-12-25T12:38:15.399017373Z 66 PC: 12b16 | Move file pointer (See above)
2018-12-25T12:38:15.400643774Z 64 PC: 12b24 | Write file or device (See above)
2018-12-25T12:38:15.408241195Z 87 PC: 12be7 | Get or set file date and time (See above)
2018-12-25T12:38:15.409752267Z 62 PC: 12b2e | Close file (See above)
2018-12-25T12:38:15.417932927Z 79 PC: 12aef | Find next file (See above)
2018-12-25T12:38:15.421694849Z 61 PC: 12c09 | Open file (See above)
2018-12-25T12:38:15.428097292Z 87 PC: 12bec | Get or set file date and time (See above)
2018-12-25T12:38:15.429429306Z 63 PC: 12aa8 | Read file or device (See above)
2018-12-25T12:38:15.436292068Z 66 PC: 12ab2 | Move file pointer (See above)
2018-12-25T12:38:15.438516733Z 64 PC: 12b0c | Write file or device (See above)
2018-12-25T12:38:15.446755266Z 66 PC: 12b16 | Move file pointer (See above)
2018-12-25T12:38:15.448219563Z 64 PC: 12b24 | Write file or device (See above)
2018-12-25T12:38:15.45566966Z 87 PC: 12be7 | Get or set file date and time (See above)
2018-12-25T12:38:15.457408461Z 62 PC: 12b2e | Close file (See above)
2018-12-25T12:38:15.465446693Z 79 PC: 12aef | Find next file (See above)
2018-12-25T12:38:15.468860697Z 61 PC: 12c09 | Open file (See above)
2018-12-25T12:38:15.475221415Z 87 PC: 12bec | Get or set file date and time (See above)
2018-12-25T12:38:15.476744364Z 63 PC: 12aa8 | Read file or device (See above)
2018-12-25T12:38:15.483140001Z 66 PC: 12ab2 | Move file pointer (See above)
2018-12-25T12:38:15.484447999Z 64 PC: 12b0c | Write file or device (See above)
2018-12-25T12:38:15.493091217Z 66 PC: 12b16 | Move file pointer (See above)
2018-12-25T12:38:15.495010834Z 64 PC: 12b24 | Write file or device (See above)
2018-12-25T12:38:15.501679843Z 87 PC: 12be7 | Get or set file date and time (See above)
2018-12-25T12:38:15.503234598Z 62 PC: 12b2e | Close file (See above)
2018-12-25T12:38:15.511643118Z 79 PC: 12aef | Find next file (See above)
2018-12-25T12:38:15.514277375Z 61 PC: 12c09 | Open file (See above)
2018-12-25T12:38:15.520561004Z 87 PC: 12bec | Get or set file date and time (See above)
2018-12-25T12:38:15.522479968Z 63 PC: 12aa8 | Read file or device (See above)
2018-12-25T12:38:15.528933237Z 66 PC: 12ab2 | Move file pointer (See above)
2018-12-25T12:38:15.530358379Z 64 PC: 12b0c | Write file or device (See above)
2018-12-25T12:38:15.538950482Z 66 PC: 12b16 | Move file pointer (See above)
2018-12-25T12:38:15.54041149Z 64 PC: 12b24 | Write file or device (See above)
2018-12-25T12:38:15.546546153Z 87 PC: 12be7 | Get or set file date and time (See above)
2018-12-25T12:38:15.54882538Z 62 PC: 12b2e | Close file (See above)
2018-12-25T12:38:15.556279073Z 79 PC: 12aef | Find next file (See above)
2018-12-25T12:38:15.558908086Z 61 PC: 12c09 | Open file (See above)
2018-12-25T12:38:15.565829535Z 87 PC: 12bec | Get or set file date and time (See above)
2018-12-25T12:38:15.568049911Z 63 PC: 12aa8 | Read file or device (See above)
2018-12-25T12:38:15.574107179Z 66 PC: 12ab2 | Move file pointer (See above)
2018-12-25T12:38:15.575860907Z 64 PC: 12b0c | Write file or device (See above)
2018-12-25T12:38:15.58493076Z 66 PC: 12b16 | Move file pointer (See above)
2018-12-25T12:38:15.58636176Z 64 PC: 12b24 | Write file or device (See above)
2018-12-25T12:38:15.592664124Z 87 PC: 12be7 | Get or set file date and time (See above)
2018-12-25T12:38:15.595141069Z 62 PC: 12b2e | Close file (See above)
2018-12-25T12:38:15.602510936Z 79 PC: 12aef | Find next file (See above)
2018-12-25T12:38:15.605112231Z 61 PC: 12c09 | Open file (See above)
2018-12-25T12:38:15.612331719Z 87 PC: 12bec | Get or set file date and time (See above)
2018-12-25T12:38:15.613797704Z 63 PC: 12aa8 | Read file or device (See above)
2018-12-25T12:38:15.616289241Z 66 PC: 12ab2 | Move file pointer (See above)
2018-12-25T12:38:15.618586438Z 64 PC: 12b0c | Write file or device (See above)
2018-12-25T12:38:15.626376878Z 66 PC: 12b16 | Move file pointer (See above)
2018-12-25T12:38:15.627830952Z 64 PC: 12b24 | Write file or device (See above)
2018-12-25T12:38:15.631655569Z 87 PC: 12be7 | Get or set file date and time (See above)
2018-12-25T12:38:15.633269504Z 62 PC: 12b2e | Close file (See above)
2018-12-25T12:38:15.640662575Z 79 PC: 12aef | Find next file (See above)

{"DateBased":true,"Day":25,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13451,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:38:15.277376068Z 42 PC: 12a62 | Get date 0x12a62: cmp dh, 0xc
0x12a65: jne 0x12a6f
0x12a67: cmp dl, 0x19
0x12a6a: jne 0x12a6f
0x12a6c: jmp 0x12c4a
0x12a6f: cmp dh, 4
0x12a72: jne 0x12a7c
0x12a74: cmp dl, 1
0x12a77: jne 0x12a7c
0x12a79: jmp 0x12c4c
0x12a7c: call 0x12c2a
0x12a7f: call 0x12c17
0x12a82: mov si, bp
0x12a84: add si, 0x23f
0x12a88: lodsw ax, word ptr [si]
0x12a89: cmp ax, 5
0x12a8c: ja 0x12a91
0x12a8e: jmp 0x12ae8
0x12a90: nop
0x12a91: call 0x12bfe

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13451,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:38:15.357480471Z 42 PC: 12a62 | Get date 0x12a62: cmp dh, 0xc
0x12a65: jne 0x12a6f
0x12a67: cmp dl, 0x19
0x12a6a: jne 0x12a6f
0x12a6c: jmp 0x12c4a
0x12a6f: cmp dh, 4
0x12a72: jne 0x12a7c
0x12a74: cmp dl, 1
0x12a77: jne 0x12a7c
0x12a79: jmp 0x12c4c
0x12a7c: call 0x12c2a
0x12a7f: call 0x12c17
0x12a82: mov si, bp
0x12a84: add si, 0x23f
0x12a88: lodsw ax, word ptr [si]
0x12a89: cmp ax, 5
0x12a8c: ja 0x12a91
0x12a8e: jmp 0x12ae8
0x12a90: nop
0x12a91: call 0x12bfe
2018-12-25T12:38:15.360740381Z 26 PC: 12c34 | Set disk transfer address
2018-12-25T12:38:15.361869523Z 78 PC: 12c24 | Find first file
2018-12-25T12:38:15.367687331Z 61 PC: 12c09 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:38:15.374970192Z 87 PC: 12bec | Get or set file date and time
2018-12-25T12:38:15.377097409Z 63 PC: 12aa8 | Read file or device (Read 5 bytes on handle 5)
2018-12-25T12:38:15.383446982Z 66 PC: 12ab2 | Move file pointer
2018-12-25T12:38:15.38581991Z 64 PC: 12b0c | Write file or device (Write 620 bytes on handle 5)
2018-12-25T12:38:15.39943797Z 66 PC: 12b16 | Move file pointer
2018-12-25T12:38:15.401028867Z 64 PC: 12b24 | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:38:15.408674411Z 87 PC: 12be7 | Get or set file date and time
2018-12-25T12:38:15.414683988Z 62 PC: 12b2e | Close file
2018-12-25T12:38:15.424207375Z 79 PC: 12aef | Find next file
2018-12-25T12:38:15.433983952Z 61 PC: 12c09 | Open file (See above)
2018-12-25T12:38:15.441151989Z 87 PC: 12bec | Get or set file date and time (See above)
2018-12-25T12:38:15.442485675Z 63 PC: 12aa8 | Read file or device (See above)
2018-12-25T12:38:15.449169671Z 66 PC: 12ab2 | Move file pointer (See above)
2018-12-25T12:38:15.458328174Z 64 PC: 12b0c | Write file or device (See above)
2018-12-25T12:38:15.466781186Z 66 PC: 12b16 | Move file pointer (See above)
2018-12-25T12:38:15.468615832Z 64 PC: 12b24 | Write file or device (See above)
2018-12-25T12:38:15.476081754Z 87 PC: 12be7 | Get or set file date and time (See above)
2018-12-25T12:38:15.477694272Z 62 PC: 12b2e | Close file (See above)
2018-12-25T12:38:15.490351974Z 79 PC: 12aef | Find next file (See above)
2018-12-25T12:38:15.49762874Z 61 PC: 12c09 | Open file (See above)
2018-12-25T12:38:15.504437566Z 87 PC: 12bec | Get or set file date and time (See above)
2018-12-25T12:38:15.50611795Z 63 PC: 12aa8 | Read file or device (See above)
2018-12-25T12:38:15.513296033Z 66 PC: 12ab2 | Move file pointer (See above)
2018-12-25T12:38:15.51513818Z 64 PC: 12b0c | Write file or device (See above)
2018-12-25T12:38:15.523083966Z 66 PC: 12b16 | Move file pointer (See above)
2018-12-25T12:38:15.525516629Z 64 PC: 12b24 | Write file or device (See above)
2018-12-25T12:38:15.532525123Z 87 PC: 12be7 | Get or set file date and time (See above)
2018-12-25T12:38:15.534146573Z 62 PC: 12b2e | Close file (See above)
2018-12-25T12:38:15.542631475Z 79 PC: 12aef | Find next file (See above)
2018-12-25T12:38:15.545926855Z 61 PC: 12c09 | Open file (See above)
2018-12-25T12:38:15.552418432Z 87 PC: 12bec | Get or set file date and time (See above)
2018-12-25T12:38:15.554512399Z 63 PC: 12aa8 | Read file or device (See above)
2018-12-25T12:38:15.56114752Z 66 PC: 12ab2 | Move file pointer (See above)
2018-12-25T12:38:15.56285505Z 64 PC: 12b0c | Write file or device (See above)
2018-12-25T12:38:15.571516831Z 66 PC: 12b16 | Move file pointer (See above)
2018-12-25T12:38:15.574155711Z 64 PC: 12b24 | Write file or device (See above)
2018-12-25T12:38:15.58058381Z 87 PC: 12be7 | Get or set file date and time (See above)
2018-12-25T12:38:15.582230124Z 62 PC: 12b2e | Close file (See above)
2018-12-25T12:38:15.590466385Z 79 PC: 12aef | Find next file (See above)
2018-12-25T12:38:15.592980089Z 61 PC: 12c09 | Open file (See above)
2018-12-25T12:38:15.600168932Z 87 PC: 12bec | Get or set file date and time (See above)
2018-12-25T12:38:15.601645572Z 63 PC: 12aa8 | Read file or device (See above)
2018-12-25T12:38:15.608041491Z 66 PC: 12ab2 | Move file pointer (See above)
2018-12-25T12:38:15.6098173Z 64 PC: 12b0c | Write file or device (See above)
2018-12-25T12:38:15.618170028Z 66 PC: 12b16 | Move file pointer (See above)
2018-12-25T12:38:15.61977624Z 64 PC: 12b24 | Write file or device (See above)
2018-12-25T12:38:15.62631792Z 87 PC: 12be7 | Get or set file date and time (See above)
2018-12-25T12:38:15.628565927Z 62 PC: 12b2e | Close file (See above)
2018-12-25T12:38:15.636507183Z 79 PC: 12aef | Find next file (See above)
2018-12-25T12:38:15.639288404Z 61 PC: 12c09 | Open file (See above)
2018-12-25T12:38:15.646658743Z 87 PC: 12bec | Get or set file date and time (See above)
2018-12-25T12:38:15.648263775Z 63 PC: 12aa8 | Read file or device (See above)
2018-12-25T12:38:15.654967661Z 66 PC: 12ab2 | Move file pointer (See above)
2018-12-25T12:38:15.657360853Z 64 PC: 12b0c | Write file or device (See above)
2018-12-25T12:38:15.666469387Z 66 PC: 12b16 | Move file pointer (See above)
2018-12-25T12:38:15.668047039Z 64 PC: 12b24 | Write file or device (See above)
2018-12-25T12:38:15.675557773Z 87 PC: 12be7 | Get or set file date and time (See above)
2018-12-25T12:38:15.677186894Z 62 PC: 12b2e | Close file (See above)
2018-12-25T12:38:15.685017784Z 79 PC: 12aef | Find next file (See above)
2018-12-25T12:38:15.688731079Z 61 PC: 12c09 | Open file (See above)
2018-12-25T12:38:15.6953143Z 87 PC: 12bec | Get or set file date and time (See above)
2018-12-25T12:38:15.696882615Z 63 PC: 12aa8 | Read file or device (See above)
2018-12-25T12:38:15.704335837Z 66 PC: 12ab2 | Move file pointer (See above)
2018-12-25T12:38:15.705923598Z 64 PC: 12b0c | Write file or device (See above)
2018-12-25T12:38:15.713886162Z 66 PC: 12b16 | Move file pointer (See above)
2018-12-25T12:38:15.716275001Z 64 PC: 12b24 | Write file or device (See above)
2018-12-25T12:38:15.725061225Z 87 PC: 12be7 | Get or set file date and time (See above)
2018-12-25T12:38:15.72652458Z 62 PC: 12b2e | Close file (See above)
2018-12-25T12:38:15.735834228Z 79 PC: 12aef | Find next file (See above)
2018-12-25T12:38:15.738458584Z 61 PC: 12c09 | Open file (See above)
2018-12-25T12:38:15.744906407Z 87 PC: 12bec | Get or set file date and time (See above)
2018-12-25T12:38:15.746477962Z 63 PC: 12aa8 | Read file or device (See above)
2018-12-25T12:38:15.749285896Z 66 PC: 12ab2 | Move file pointer (See above)
2018-12-25T12:38:15.750823415Z 64 PC: 12b0c | Write file or device (See above)
2018-12-25T12:38:15.759018811Z 66 PC: 12b16 | Move file pointer (See above)
2018-12-25T12:38:15.760620004Z 64 PC: 12b24 | Write file or device (See above)
2018-12-25T12:38:15.763391149Z 87 PC: 12be7 | Get or set file date and time (See above)
2018-12-25T12:38:15.765022104Z 62 PC: 12b2e | Close file (See above)
2018-12-25T12:38:15.773330568Z 79 PC: 12aef | Find next file (See above)

{"DateBased":true,"Day":1,"Month":4,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13451,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:38:15.700667567Z 42 PC: 12a62 | Get date 0x12a62: cmp dh, 0xc
0x12a65: jne 0x12a6f
0x12a67: cmp dl, 0x19
0x12a6a: jne 0x12a6f
0x12a6c: jmp 0x12c4a
0x12a6f: cmp dh, 4
0x12a72: jne 0x12a7c
0x12a74: cmp dl, 1
0x12a77: jne 0x12a7c
0x12a79: jmp 0x12c4c
0x12a7c: call 0x12c2a
0x12a7f: call 0x12c17
0x12a82: mov si, bp
0x12a84: add si, 0x23f
0x12a88: lodsw ax, word ptr [si]
0x12a89: cmp ax, 5
0x12a8c: ja 0x12a91
0x12a8e: jmp 0x12ae8
0x12a90: nop
0x12a91: call 0x12bfe
2018-12-25T12:38:15.703242288Z 65 PC: 12c53 | Delete file (Filename = 'A:\TEST.COM')

{"DateBased":true,"Day":2,"Month":4,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13451,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:38:16.322351186Z 42 PC: 12a62 | Get date 0x12a62: cmp dh, 0xc
0x12a65: jne 0x12a6f
0x12a67: cmp dl, 0x19
0x12a6a: jne 0x12a6f
0x12a6c: jmp 0x12c4a
0x12a6f: cmp dh, 4
0x12a72: jne 0x12a7c
0x12a74: cmp dl, 1
0x12a77: jne 0x12a7c
0x12a79: jmp 0x12c4c
0x12a7c: call 0x12c2a
0x12a7f: call 0x12c17
0x12a82: mov si, bp
0x12a84: add si, 0x23f
0x12a88: lodsw ax, word ptr [si]
0x12a89: cmp ax, 5
0x12a8c: ja 0x12a91
0x12a8e: jmp 0x12ae8
0x12a90: nop
0x12a91: call 0x12bfe
2018-12-25T12:38:16.325752929Z 26 PC: 12c34 | Set disk transfer address
2018-12-25T12:38:16.327189288Z 78 PC: 12c24 | Find first file
2018-12-25T12:38:16.333943398Z 61 PC: 12c09 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:38:16.341664479Z 87 PC: 12bec | Get or set file date and time
2018-12-25T12:38:16.343764245Z 63 PC: 12aa8 | Read file or device (Read 5 bytes on handle 5)
2018-12-25T12:38:16.350577729Z 66 PC: 12ab2 | Move file pointer
2018-12-25T12:38:16.352247462Z 64 PC: 12b0c | Write file or device (Write 620 bytes on handle 5)
2018-12-25T12:38:16.368235272Z 66 PC: 12b16 | Move file pointer
2018-12-25T12:38:16.369656761Z 64 PC: 12b24 | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:38:16.376632047Z 87 PC: 12be7 | Get or set file date and time
2018-12-25T12:38:16.37854656Z 62 PC: 12b2e | Close file
2018-12-25T12:38:16.386941065Z 79 PC: 12aef | Find next file
2018-12-25T12:38:16.391663093Z 61 PC: 12c09 | Open file (See above)
2018-12-25T12:38:16.399967779Z 87 PC: 12bec | Get or set file date and time (See above)
2018-12-25T12:38:16.401576782Z 63 PC: 12aa8 | Read file or device (See above)
2018-12-25T12:38:16.4085408Z 66 PC: 12ab2 | Move file pointer (See above)
2018-12-25T12:38:16.410729215Z 64 PC: 12b0c | Write file or device (See above)
2018-12-25T12:38:16.419660658Z 66 PC: 12b16 | Move file pointer (See above)
2018-12-25T12:38:16.421492584Z 64 PC: 12b24 | Write file or device (See above)
2018-12-25T12:38:16.429678275Z 87 PC: 12be7 | Get or set file date and time (See above)
2018-12-25T12:38:16.431421917Z 62 PC: 12b2e | Close file (See above)
2018-12-25T12:38:16.440256562Z 79 PC: 12aef | Find next file (See above)
2018-12-25T12:38:16.443866735Z 61 PC: 12c09 | Open file (See above)
2018-12-25T12:38:16.451396969Z 87 PC: 12bec | Get or set file date and time (See above)
2018-12-25T12:38:16.452663094Z 63 PC: 12aa8 | Read file or device (See above)
2018-12-25T12:38:16.457065484Z 66 PC: 12ab2 | Move file pointer (See above)
2018-12-25T12:38:16.458535177Z 64 PC: 12b0c | Write file or device (See above)
2018-12-25T12:38:16.463909589Z 66 PC: 12b16 | Move file pointer (See above)
2018-12-25T12:38:16.465105024Z 64 PC: 12b24 | Write file or device (See above)
2018-12-25T12:38:16.470573269Z 87 PC: 12be7 | Get or set file date and time (See above)
2018-12-25T12:38:16.471781623Z 62 PC: 12b2e | Close file (See above)
2018-12-25T12:38:16.47706805Z 79 PC: 12aef | Find next file (See above)
2018-12-25T12:38:16.479548595Z 61 PC: 12c09 | Open file (See above)
2018-12-25T12:38:16.484414761Z 87 PC: 12bec | Get or set file date and time (See above)
2018-12-25T12:38:16.485710388Z 63 PC: 12aa8 | Read file or device (See above)
2018-12-25T12:38:16.490822208Z 66 PC: 12ab2 | Move file pointer (See above)
2018-12-25T12:38:16.492209261Z 64 PC: 12b0c | Write file or device (See above)
2018-12-25T12:38:16.497714698Z 66 PC: 12b16 | Move file pointer (See above)
2018-12-25T12:38:16.498793104Z 64 PC: 12b24 | Write file or device (See above)
2018-12-25T12:38:16.503700859Z 87 PC: 12be7 | Get or set file date and time (See above)
2018-12-25T12:38:16.504976522Z 62 PC: 12b2e | Close file (See above)
2018-12-25T12:38:16.510422617Z 79 PC: 12aef | Find next file (See above)
2018-12-25T12:38:16.512607088Z 61 PC: 12c09 | Open file (See above)
2018-12-25T12:38:16.516945924Z 87 PC: 12bec | Get or set file date and time (See above)
2018-12-25T12:38:16.518023554Z 63 PC: 12aa8 | Read file or device (See above)
2018-12-25T12:38:16.522562919Z 66 PC: 12ab2 | Move file pointer (See above)
2018-12-25T12:38:16.523656218Z 64 PC: 12b0c | Write file or device (See above)
2018-12-25T12:38:16.532547997Z 66 PC: 12b16 | Move file pointer (See above)
2018-12-25T12:38:16.534580219Z 64 PC: 12b24 | Write file or device (See above)
2018-12-25T12:38:16.541844515Z 87 PC: 12be7 | Get or set file date and time (See above)
2018-12-25T12:38:16.543145485Z 62 PC: 12b2e | Close file (See above)
2018-12-25T12:38:16.54956659Z 79 PC: 12aef | Find next file (See above)
2018-12-25T12:38:16.551459162Z 61 PC: 12c09 | Open file (See above)
2018-12-25T12:38:16.556067011Z 87 PC: 12bec | Get or set file date and time (See above)
2018-12-25T12:38:16.557884331Z 63 PC: 12aa8 | Read file or device (See above)
2018-12-25T12:38:16.56493393Z 66 PC: 12ab2 | Move file pointer (See above)
2018-12-25T12:38:16.566426758Z 64 PC: 12b0c | Write file or device (See above)
2018-12-25T12:38:16.576646604Z 66 PC: 12b16 | Move file pointer (See above)
2018-12-25T12:38:16.578383428Z 64 PC: 12b24 | Write file or device (See above)
2018-12-25T12:38:16.585763407Z 87 PC: 12be7 | Get or set file date and time (See above)
2018-12-25T12:38:16.587515199Z 62 PC: 12b2e | Close file (See above)
2018-12-25T12:38:16.597226375Z 79 PC: 12aef | Find next file (See above)
2018-12-25T12:38:16.600045641Z 61 PC: 12c09 | Open file (See above)
2018-12-25T12:38:16.607266555Z 87 PC: 12bec | Get or set file date and time (See above)
2018-12-25T12:38:16.609325789Z 63 PC: 12aa8 | Read file or device (See above)
2018-12-25T12:38:16.616414602Z 66 PC: 12ab2 | Move file pointer (See above)
2018-12-25T12:38:16.617842327Z 64 PC: 12b0c | Write file or device (See above)
2018-12-25T12:38:16.627056707Z 66 PC: 12b16 | Move file pointer (See above)
2018-12-25T12:38:16.628654056Z 64 PC: 12b24 | Write file or device (See above)
2018-12-25T12:38:16.635821931Z 87 PC: 12be7 | Get or set file date and time (See above)
2018-12-25T12:38:16.638158416Z 62 PC: 12b2e | Close file (See above)
2018-12-25T12:38:16.647790726Z 79 PC: 12aef | Find next file (See above)
2018-12-25T12:38:16.650630991Z 61 PC: 12c09 | Open file (See above)
2018-12-25T12:38:16.659169294Z 87 PC: 12bec | Get or set file date and time (See above)
2018-12-25T12:38:16.660819458Z 63 PC: 12aa8 | Read file or device (See above)
2018-12-25T12:38:16.663586215Z 66 PC: 12ab2 | Move file pointer (See above)
2018-12-25T12:38:16.665921542Z 64 PC: 12b0c | Write file or device (See above)
2018-12-25T12:38:16.674766473Z 66 PC: 12b16 | Move file pointer (See above)
2018-12-25T12:38:16.676212651Z 64 PC: 12b24 | Write file or device (See above)
2018-12-25T12:38:16.679844347Z 87 PC: 12be7 | Get or set file date and time (See above)
2018-12-25T12:38:16.681487222Z 62 PC: 12b2e | Close file (See above)
2018-12-25T12:38:16.690059031Z 79 PC: 12aef | Find next file (See above)

{"DateBased":true,"Day":1,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13451,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:38:16.45219971Z 42 PC: 12a62 | Get date 0x12a62: cmp dh, 0xc
0x12a65: jne 0x12a6f
0x12a67: cmp dl, 0x19
0x12a6a: jne 0x12a6f
0x12a6c: jmp 0x12c4a
0x12a6f: cmp dh, 4
0x12a72: jne 0x12a7c
0x12a74: cmp dl, 1
0x12a77: jne 0x12a7c
0x12a79: jmp 0x12c4c
0x12a7c: call 0x12c2a
0x12a7f: call 0x12c17
0x12a82: mov si, bp
0x12a84: add si, 0x23f
0x12a88: lodsw ax, word ptr [si]
0x12a89: cmp ax, 5
0x12a8c: ja 0x12a91
0x12a8e: jmp 0x12ae8
0x12a90: nop
0x12a91: call 0x12bfe
2018-12-25T12:38:16.455640312Z 26 PC: 12c34 | Set disk transfer address
2018-12-25T12:38:16.457366229Z 78 PC: 12c24 | Find first file
2018-12-25T12:38:16.463455052Z 61 PC: 12c09 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:38:16.470869016Z 87 PC: 12bec | Get or set file date and time
2018-12-25T12:38:16.477404371Z 63 PC: 12aa8 | Read file or device (Read 5 bytes on handle 5)
2018-12-25T12:38:16.484195514Z 66 PC: 12ab2 | Move file pointer
2018-12-25T12:38:16.485980961Z 64 PC: 12b0c | Write file or device (Write 620 bytes on handle 5)
2018-12-25T12:38:16.501882254Z 66 PC: 12b16 | Move file pointer
2018-12-25T12:38:16.514888384Z 64 PC: 12b24 | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:38:16.521751452Z 87 PC: 12be7 | Get or set file date and time
2018-12-25T12:38:16.524778168Z 62 PC: 12b2e | Close file
2018-12-25T12:38:16.532980581Z 79 PC: 12aef | Find next file
2018-12-25T12:38:16.535581114Z 61 PC: 12c09 | Open file (See above)
2018-12-25T12:38:16.543135097Z 87 PC: 12bec | Get or set file date and time (See above)
2018-12-25T12:38:16.544921679Z 63 PC: 12aa8 | Read file or device (See above)
2018-12-25T12:38:16.551921738Z 66 PC: 12ab2 | Move file pointer (See above)
2018-12-25T12:38:16.554048929Z 64 PC: 12b0c | Write file or device (See above)
2018-12-25T12:38:16.567511874Z 66 PC: 12b16 | Move file pointer (See above)
2018-12-25T12:38:16.569916337Z 64 PC: 12b24 | Write file or device (See above)
2018-12-25T12:38:16.577774016Z 87 PC: 12be7 | Get or set file date and time (See above)
2018-12-25T12:38:16.579453127Z 62 PC: 12b2e | Close file (See above)
2018-12-25T12:38:16.587179111Z 79 PC: 12aef | Find next file (See above)
2018-12-25T12:38:16.58974988Z 61 PC: 12c09 | Open file (See above)
2018-12-25T12:38:16.596675185Z 87 PC: 12bec | Get or set file date and time (See above)
2018-12-25T12:38:16.598197543Z 63 PC: 12aa8 | Read file or device (See above)
2018-12-25T12:38:16.604797256Z 66 PC: 12ab2 | Move file pointer (See above)
2018-12-25T12:38:16.606995295Z 64 PC: 12b0c | Write file or device (See above)
2018-12-25T12:38:16.630040401Z 66 PC: 12b16 | Move file pointer (See above)
2018-12-25T12:38:16.631849182Z 64 PC: 12b24 | Write file or device (See above)
2018-12-25T12:38:16.655352253Z 87 PC: 12be7 | Get or set file date and time (See above)
2018-12-25T12:38:16.657317634Z 62 PC: 12b2e | Close file (See above)
2018-12-25T12:38:16.665390891Z 79 PC: 12aef | Find next file (See above)
2018-12-25T12:38:16.669412472Z 61 PC: 12c09 | Open file (See above)
2018-12-25T12:38:16.688143282Z 87 PC: 12bec | Get or set file date and time (See above)
2018-12-25T12:38:16.689579432Z 63 PC: 12aa8 | Read file or device (See above)
2018-12-25T12:38:16.696766671Z 66 PC: 12ab2 | Move file pointer (See above)
2018-12-25T12:38:16.70672473Z 64 PC: 12b0c | Write file or device (See above)
2018-12-25T12:38:16.732066092Z 66 PC: 12b16 | Move file pointer (See above)
2018-12-25T12:38:16.734733236Z 64 PC: 12b24 | Write file or device (See above)
2018-12-25T12:38:16.741560862Z 87 PC: 12be7 | Get or set file date and time (See above)
2018-12-25T12:38:16.743262206Z 62 PC: 12b2e | Close file (See above)
2018-12-25T12:38:16.751630411Z 79 PC: 12aef | Find next file (See above)
2018-12-25T12:38:16.754743807Z 61 PC: 12c09 | Open file (See above)
2018-12-25T12:38:16.761105309Z 87 PC: 12bec | Get or set file date and time (See above)
2018-12-25T12:38:16.762860034Z 63 PC: 12aa8 | Read file or device (See above)
2018-12-25T12:38:16.770881356Z 66 PC: 12ab2 | Move file pointer (See above)
2018-12-25T12:38:16.772356755Z 64 PC: 12b0c | Write file or device (See above)
2018-12-25T12:38:16.78123534Z 66 PC: 12b16 | Move file pointer (See above)
2018-12-25T12:38:16.785105376Z 64 PC: 12b24 | Write file or device (See above)
2018-12-25T12:38:16.796146273Z 87 PC: 12be7 | Get or set file date and time (See above)
2018-12-25T12:38:16.797908835Z 62 PC: 12b2e | Close file (See above)
2018-12-25T12:38:16.808237441Z 79 PC: 12aef | Find next file (See above)
2018-12-25T12:38:16.811153705Z 61 PC: 12c09 | Open file (See above)
2018-12-25T12:38:16.817808676Z 87 PC: 12bec | Get or set file date and time (See above)
2018-12-25T12:38:16.820278092Z 63 PC: 12aa8 | Read file or device (See above)
2018-12-25T12:38:16.827431022Z 66 PC: 12ab2 | Move file pointer (See above)
2018-12-25T12:38:16.828971855Z 64 PC: 12b0c | Write file or device (See above)
2018-12-25T12:38:16.838063463Z 66 PC: 12b16 | Move file pointer (See above)
2018-12-25T12:38:16.84010424Z 64 PC: 12b24 | Write file or device (See above)
2018-12-25T12:38:16.846682911Z 87 PC: 12be7 | Get or set file date and time (See above)
2018-12-25T12:38:16.84984867Z 62 PC: 12b2e | Close file (See above)
2018-12-25T12:38:16.857924294Z 79 PC: 12aef | Find next file (See above)
2018-12-25T12:38:16.860699989Z 61 PC: 12c09 | Open file (See above)
2018-12-25T12:38:16.868007885Z 87 PC: 12bec | Get or set file date and time (See above)
2018-12-25T12:38:16.8698811Z 63 PC: 12aa8 | Read file or device (See above)
2018-12-25T12:38:16.876325392Z 66 PC: 12ab2 | Move file pointer (See above)
2018-12-25T12:38:16.878244904Z 64 PC: 12b0c | Write file or device (See above)
2018-12-25T12:38:16.887149949Z 66 PC: 12b16 | Move file pointer (See above)
2018-12-25T12:38:16.888732467Z 64 PC: 12b24 | Write file or device (See above)
2018-12-25T12:38:16.895176138Z 87 PC: 12be7 | Get or set file date and time (See above)
2018-12-25T12:38:16.896706579Z 62 PC: 12b2e | Close file (See above)
2018-12-25T12:38:16.904407577Z 79 PC: 12aef | Find next file (See above)
2018-12-25T12:38:16.907146428Z 61 PC: 12c09 | Open file (See above)
2018-12-25T12:38:16.914756788Z 87 PC: 12bec | Get or set file date and time (See above)
2018-12-25T12:38:16.916321846Z 63 PC: 12aa8 | Read file or device (See above)
2018-12-25T12:38:16.918999145Z 66 PC: 12ab2 | Move file pointer (See above)
2018-12-25T12:38:16.92137401Z 64 PC: 12b0c | Write file or device (See above)
2018-12-25T12:38:16.92953815Z 66 PC: 12b16 | Move file pointer (See above)
2018-12-25T12:38:16.931147498Z 64 PC: 12b24 | Write file or device (See above)
2018-12-25T12:38:16.934599656Z 87 PC: 12be7 | Get or set file date and time (See above)
2018-12-25T12:38:16.936024661Z 62 PC: 12b2e | Close file (See above)
2018-12-25T12:38:16.943640577Z 79 PC: 12aef | Find next file (See above)

{"DateBased":true,"Day":25,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13451,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:38:16.451233055Z 42 PC: 12a62 | Get date 0x12a62: cmp dh, 0xc
0x12a65: jne 0x12a6f
0x12a67: cmp dl, 0x19
0x12a6a: jne 0x12a6f
0x12a6c: jmp 0x12c4a
0x12a6f: cmp dh, 4
0x12a72: jne 0x12a7c
0x12a74: cmp dl, 1
0x12a77: jne 0x12a7c
0x12a79: jmp 0x12c4c
0x12a7c: call 0x12c2a
0x12a7f: call 0x12c17
0x12a82: mov si, bp
0x12a84: add si, 0x23f
0x12a88: lodsw ax, word ptr [si]
0x12a89: cmp ax, 5
0x12a8c: ja 0x12a91
0x12a8e: jmp 0x12ae8
0x12a90: nop
0x12a91: call 0x12bfe