Sample viewer

vx.netlux.org/Virus.DOS.Warning.658

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:05:23.89752447Z	26	PC: 12a9e \| Set disk transfer address
2018-12-17T23:05:23.898776605Z	78	PC: 12ab1 \| Find first file
2018-12-17T23:05:23.909867417Z	47	PC: 12ab7 \| Get disk transfer address
2018-12-17T23:05:23.911495403Z	67	PC: 12c3a \| Get or set file attributes
2018-12-17T23:05:23.918218069Z	67	PC: 12c42 \| Get or set file attributes
2018-12-17T23:05:23.93755809Z	61	PC: 12c48 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T23:05:23.944801624Z	87	PC: 12c4f \| Get or set file date and time
2018-12-17T23:05:23.946884692Z	63	PC: 12af0 \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:05:23.954399635Z	66	PC: 12b12 \| Move file pointer
2018-12-17T23:05:23.956138926Z	44	PC: 12a69 \| Get time 0x12a69: xor cx, dx 0x12a6b: xor ch, cl 0x12a6d: mov byte ptr [di + 0xf], ch 0x12a70: call 0x22a4c 0x12a73: pop bx 0x12a74: popaw 0x12a75: mov ah, byte ptr [di + 8] 0x12a78: mov cx, 0x292 0x12a7b: mov dx, di 0x12a7d: int 0x21 0x12a7f: pushaw 0x12a80: call 0x22a4c 0x12a83: pop bx 0x12a84: popaw 0x12a85: ret 0x12a86: xchg si, di 0x12a88: pop si 0x12a89: sub si, 6 0x12a8c: push si 0x12a8d: add si, 0x180
2018-12-17T23:05:23.958935782Z	64	PC: 12a7f \| Write file or device (Write 658 bytes on handle 5)
2018-12-17T23:05:23.970348115Z	66	PC: 12b2f \| Move file pointer
2018-12-17T23:05:23.972228817Z	64	PC: 12b4f \| Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:05:23.979637972Z	87	PC: 12b58 \| Get or set file date and time
2018-12-17T23:05:23.981750617Z	62	PC: 12b5e \| Close file
2018-12-17T23:05:23.990583072Z	67	PC: 12b65 \| Get or set file attributes
2018-12-17T23:05:24.001897293Z	79	PC: 12ab1 \| Find next file
2018-12-17T23:05:24.006315778Z	47	PC: 12ab7 \| Get disk transfer address
2018-12-17T23:05:24.019944367Z	67	PC: 12c3a \| Get or set file attributes
2018-12-17T23:05:24.026471284Z	67	PC: 12c42 \| Get or set file attributes
2018-12-17T23:05:24.037252692Z	61	PC: 12c48 \| Open file (Filename = 'PRINT.COM')
2018-12-17T23:05:24.045525804Z	87	PC: 12c4f \| Get or set file date and time
2018-12-17T23:05:24.047230645Z	63	PC: 12af0 \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:05:24.054350747Z	66	PC: 12b12 \| Move file pointer
2018-12-17T23:05:24.056852239Z	44	PC: 12a69 \| Get time 0x12a69: xor cx, dx 0x12a6b: xor ch, cl 0x12a6d: mov byte ptr [di + 0xf], ch 0x12a70: call 0x22a4c 0x12a73: pop bx 0x12a74: popaw 0x12a75: mov ah, byte ptr [di + 8] 0x12a78: mov cx, 0x292 0x12a7b: mov dx, di 0x12a7d: int 0x21 0x12a7f: pushaw 0x12a80: call 0x22a4c 0x12a83: pop bx 0x12a84: popaw 0x12a85: ret 0x12a86: xchg si, di 0x12a88: pop si 0x12a89: sub si, 6 0x12a8c: push si 0x12a8d: add si, 0x180
2018-12-17T23:05:24.059488628Z	64	PC: 12a7f \| Write file or device (Write 658 bytes on handle 5)
2018-12-17T23:05:24.068915471Z	66	PC: 12b2f \| Move file pointer
2018-12-17T23:05:24.071447439Z	64	PC: 12b4f \| Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:05:24.079398258Z	87	PC: 12b58 \| Get or set file date and time
2018-12-17T23:05:24.081109618Z	62	PC: 12b5e \| Close file
2018-12-17T23:05:24.090414013Z	67	PC: 12b65 \| Get or set file attributes
2018-12-17T23:05:24.101575027Z	79	PC: 12ab1 \| Find next file
2018-12-17T23:05:24.104617315Z	47	PC: 12ab7 \| Get disk transfer address
2018-12-17T23:05:24.106584464Z	67	PC: 12c3a \| Get or set file attributes
2018-12-17T23:05:24.113057303Z	67	PC: 12c42 \| Get or set file attributes
2018-12-17T23:05:24.123885786Z	61	PC: 12c48 \| Open file (Filename = 'HELLO.COM')
2018-12-17T23:05:24.137068151Z	87	PC: 12c4f \| Get or set file date and time
2018-12-17T23:05:24.139339024Z	63	PC: 12af0 \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:05:24.146918183Z	66	PC: 12b12 \| Move file pointer
2018-12-17T23:05:24.148833144Z	44	PC: 12a69 \| Get time 0x12a69: xor cx, dx 0x12a6b: xor ch, cl 0x12a6d: mov byte ptr [di + 0xf], ch 0x12a70: call 0x22a4c 0x12a73: pop bx 0x12a74: popaw 0x12a75: mov ah, byte ptr [di + 8] 0x12a78: mov cx, 0x292 0x12a7b: mov dx, di 0x12a7d: int 0x21 0x12a7f: pushaw 0x12a80: call 0x22a4c 0x12a83: pop bx 0x12a84: popaw 0x12a85: ret 0x12a86: xchg si, di 0x12a88: pop si 0x12a89: sub si, 6 0x12a8c: push si 0x12a8d: add si, 0x180
2018-12-17T23:05:24.152445675Z	64	PC: 12a7f \| Write file or device (Write 658 bytes on handle 5)
2018-12-17T23:05:24.162301317Z	66	PC: 12b2f \| Move file pointer
2018-12-17T23:05:24.164258868Z	64	PC: 12b4f \| Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:05:24.172783015Z	87	PC: 12b58 \| Get or set file date and time
2018-12-17T23:05:24.174487769Z	62	PC: 12b5e \| Close file
2018-12-17T23:05:24.186096591Z	67	PC: 12b65 \| Get or set file attributes
2018-12-17T23:05:24.198108249Z	79	PC: 12ab1 \| Find next file
2018-12-17T23:05:24.201838548Z	47	PC: 12ab7 \| Get disk transfer address
2018-12-17T23:05:24.203054008Z	67	PC: 12c3a \| Get or set file attributes
2018-12-17T23:05:24.210185633Z	67	PC: 12c42 \| Get or set file attributes
2018-12-17T23:05:24.221218202Z	61	PC: 12c48 \| Open file (Filename = 'PHANG.COM')
2018-12-17T23:05:24.228704256Z	87	PC: 12c4f \| Get or set file date and time
2018-12-17T23:05:24.231359403Z	63	PC: 12af0 \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:05:24.238710642Z	66	PC: 12b12 \| Move file pointer
2018-12-17T23:05:24.240427489Z	44	PC: 12a69 \| Get time 0x12a69: xor cx, dx 0x12a6b: xor ch, cl 0x12a6d: mov byte ptr [di + 0xf], ch 0x12a70: call 0x22a4c 0x12a73: pop bx 0x12a74: popaw 0x12a75: mov ah, byte ptr [di + 8] 0x12a78: mov cx, 0x292 0x12a7b: mov dx, di 0x12a7d: int 0x21 0x12a7f: pushaw 0x12a80: call 0x22a4c 0x12a83: pop bx 0x12a84: popaw 0x12a85: ret 0x12a86: xchg si, di 0x12a88: pop si 0x12a89: sub si, 6 0x12a8c: push si 0x12a8d: add si, 0x180
2018-12-17T23:05:24.243611501Z	64	PC: 12a7f \| Write file or device (Write 658 bytes on handle 5)
2018-12-17T23:05:24.252852986Z	66	PC: 12b2f \| Move file pointer
2018-12-17T23:05:24.254395277Z	64	PC: 12b4f \| Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:05:24.261828728Z	87	PC: 12b58 \| Get or set file date and time
2018-12-17T23:05:24.263873695Z	62	PC: 12b5e \| Close file
2018-12-17T23:05:24.274381931Z	67	PC: 12b65 \| Get or set file attributes
2018-12-17T23:05:24.28528416Z	79	PC: 12ab1 \| Find next file
2018-12-17T23:05:24.288740239Z	47	PC: 12ab7 \| Get disk transfer address
2018-12-17T23:05:24.290345663Z	67	PC: 12c3a \| Get or set file attributes
2018-12-17T23:05:24.297232109Z	67	PC: 12c42 \| Get or set file attributes
2018-12-17T23:05:24.31497281Z	61	PC: 12c48 \| Open file (Filename = 'PRINTA~1.COM')
2018-12-17T23:05:24.322435451Z	87	PC: 12c4f \| Get or set file date and time
2018-12-17T23:05:24.323936455Z	63	PC: 12af0 \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:05:24.331842428Z	66	PC: 12b12 \| Move file pointer
2018-12-17T23:05:24.333330559Z	44	PC: 12a69 \| Get time 0x12a69: xor cx, dx 0x12a6b: xor ch, cl 0x12a6d: mov byte ptr [di + 0xf], ch 0x12a70: call 0x22a4c 0x12a73: pop bx 0x12a74: popaw 0x12a75: mov ah, byte ptr [di + 8] 0x12a78: mov cx, 0x292 0x12a7b: mov dx, di 0x12a7d: int 0x21 0x12a7f: pushaw 0x12a80: call 0x22a4c 0x12a83: pop bx 0x12a84: popaw 0x12a85: ret 0x12a86: xchg si, di 0x12a88: pop si 0x12a89: sub si, 6 0x12a8c: push si 0x12a8d: add si, 0x180
2018-12-17T23:05:24.336110347Z	64	PC: 12a7f \| Write file or device (Write 658 bytes on handle 5)
2018-12-17T23:05:24.34671897Z	66	PC: 12b2f \| Move file pointer
2018-12-17T23:05:24.348932094Z	64	PC: 12b4f \| Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:05:24.356515481Z	87	PC: 12b58 \| Get or set file date and time
2018-12-17T23:05:24.359717604Z	62	PC: 12b5e \| Close file
2018-12-17T23:05:24.368655218Z	67	PC: 12b65 \| Get or set file attributes
2018-12-17T23:05:24.380277215Z	79	PC: 12ab1 \| Find next file
2018-12-17T23:05:24.383852284Z	47	PC: 12ab7 \| Get disk transfer address
2018-12-17T23:05:24.385164312Z	67	PC: 12c3a \| Get or set file attributes
2018-12-17T23:05:24.391902646Z	67	PC: 12c42 \| Get or set file attributes
2018-12-17T23:05:24.403261674Z	61	PC: 12c48 \| Open file (Filename = 'MANDEL.COM')
2018-12-17T23:05:24.410802388Z	87	PC: 12c4f \| Get or set file date and time
2018-12-17T23:05:24.412498823Z	63	PC: 12af0 \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:05:24.419651064Z	66	PC: 12b12 \| Move file pointer
2018-12-17T23:05:24.421557949Z	44	PC: 12a69 \| Get time 0x12a69: xor cx, dx 0x12a6b: xor ch, cl 0x12a6d: mov byte ptr [di + 0xf], ch 0x12a70: call 0x22a4c 0x12a73: pop bx 0x12a74: popaw 0x12a75: mov ah, byte ptr [di + 8] 0x12a78: mov cx, 0x292 0x12a7b: mov dx, di 0x12a7d: int 0x21 0x12a7f: pushaw 0x12a80: call 0x22a4c 0x12a83: pop bx 0x12a84: popaw 0x12a85: ret 0x12a86: xchg si, di 0x12a88: pop si 0x12a89: sub si, 6 0x12a8c: push si 0x12a8d: add si, 0x180
2018-12-17T23:05:24.424258847Z	64	PC: 12a7f \| Write file or device (Write 658 bytes on handle 5)
2018-12-17T23:05:24.43413941Z	66	PC: 12b2f \| Move file pointer
2018-12-17T23:05:24.437164124Z	64	PC: 12b4f \| Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:05:24.444745431Z	87	PC: 12b58 \| Get or set file date and time
2018-12-17T23:05:24.4462723Z	62	PC: 12b5e \| Close file
2018-12-17T23:05:24.454931064Z	67	PC: 12b65 \| Get or set file attributes
2018-12-17T23:05:24.466231009Z	79	PC: 12ab1 \| Find next file
2018-12-17T23:05:24.469038824Z	47	PC: 12ab7 \| Get disk transfer address
2018-12-17T23:05:24.470879323Z	67	PC: 12c3a \| Get or set file attributes
2018-12-17T23:05:24.477757453Z	67	PC: 12c42 \| Get or set file attributes
2018-12-17T23:05:24.489176337Z	61	PC: 12c48 \| Open file (Filename = 'PAH.COM')
2018-12-17T23:05:24.497990443Z	87	PC: 12c4f \| Get or set file date and time
2018-12-17T23:05:24.499918641Z	63	PC: 12af0 \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:05:24.507515208Z	66	PC: 12b12 \| Move file pointer
2018-12-17T23:05:24.510635183Z	44	PC: 12a69 \| Get time 0x12a69: xor cx, dx 0x12a6b: xor ch, cl 0x12a6d: mov byte ptr [di + 0xf], ch 0x12a70: call 0x22a4c 0x12a73: pop bx 0x12a74: popaw 0x12a75: mov ah, byte ptr [di + 8] 0x12a78: mov cx, 0x292 0x12a7b: mov dx, di 0x12a7d: int 0x21 0x12a7f: pushaw 0x12a80: call 0x22a4c 0x12a83: pop bx 0x12a84: popaw 0x12a85: ret 0x12a86: xchg si, di 0x12a88: pop si 0x12a89: sub si, 6 0x12a8c: push si 0x12a8d: add si, 0x180
2018-12-17T23:05:24.513910816Z	64	PC: 12a7f \| Write file or device (Write 658 bytes on handle 5)
2018-12-17T23:05:24.52495087Z	66	PC: 12b2f \| Move file pointer
2018-12-17T23:05:24.527976792Z	64	PC: 12b4f \| Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:05:24.535482545Z	87	PC: 12b58 \| Get or set file date and time
2018-12-17T23:05:24.537531073Z	62	PC: 12b5e \| Close file
2018-12-17T23:05:24.546957682Z	67	PC: 12b65 \| Get or set file attributes
2018-12-17T23:05:24.558096216Z	79	PC: 12ab1 \| Find next file
2018-12-17T23:05:24.560863579Z	78	PC: 12bfd \| Find first file
2018-12-17T23:05:24.567883715Z	78	PC: 12bfd \| Find first file
2018-12-17T23:05:24.57585965Z	78	PC: 12b8f \| Find first file
2018-12-17T23:05:24.588441516Z	44	PC: 12cbc \| Get time 0x12cbc: cmp ch, cl 0x12cbe: je 0x12cc1 0x12cc0: ret 0x12cc1: cli 0x12cc2: mov al, 0xad 0x12cc4: out 0x64, al 0x12cc6: nop 0x12cc7: sti 0x12cc8: mov dx, di 0x12cca: add dx, 0x210 0x12cce: mov ah, 9 0x12cd0: int 0x21 0x12cd2: cli 0x12cd3: jmp 0x12cd3 0x12cd5: add word ptr [bx], di 0x12cd7: aas 0x12cd8: aas 0x12cd9: aas 0x12cda: aas 0x12cdb: aas
2018-12-17T23:05:24.590928026Z	26	PC: 12ad0 \| Set disk transfer address

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":1,"Second":0,"TimeBased":true,"OriginalID":15183,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:42:50.961656112Z	26	PC: 12a9e \| Set disk transfer address
2018-12-25T12:42:50.969648345Z	78	PC: 12ab1 \| Find first file
2018-12-25T12:42:50.991595098Z	47	PC: 12ab7 \| Get disk transfer address
2018-12-25T12:42:50.993093421Z	67	PC: 12c3a \| Get or set file attributes
2018-12-25T12:42:50.999674097Z	67	PC: 12c42 \| Get or set file attributes
2018-12-25T12:42:51.307975749Z	61	PC: 12c48 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:42:51.315985501Z	87	PC: 12c4f \| Get or set file date and time
2018-12-25T12:42:51.319378374Z	63	PC: 12af0 \| Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:42:51.328218854Z	66	PC: 12b12 \| Move file pointer
2018-12-25T12:42:51.330324076Z	44	PC: 12a69 \| Get time 0x12a69: xor cx, dx 0x12a6b: xor ch, cl 0x12a6d: mov byte ptr [di + 0xf], ch 0x12a70: call 0x22a4c 0x12a73: pop bx 0x12a74: popaw 0x12a75: mov ah, byte ptr [di + 8] 0x12a78: mov cx, 0x292 0x12a7b: mov dx, di 0x12a7d: int 0x21 0x12a7f: pushaw 0x12a80: call 0x22a4c 0x12a83: pop bx 0x12a84: popaw 0x12a85: ret 0x12a86: xchg si, di 0x12a88: pop si 0x12a89: sub si, 6 0x12a8c: push si 0x12a8d: add si, 0x180
2018-12-25T12:42:51.33339379Z	64	PC: 12a7f \| Write file or device (Write 658 bytes on handle 5)
2018-12-25T12:42:51.344367462Z	66	PC: 12b2f \| Move file pointer
2018-12-25T12:42:51.346668958Z	64	PC: 12b4f \| Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:42:51.354173056Z	87	PC: 12b58 \| Get or set file date and time
2018-12-25T12:42:51.357169087Z	62	PC: 12b5e \| Close file
2018-12-25T12:42:51.365976113Z	67	PC: 12b65 \| Get or set file attributes
2018-12-25T12:42:51.376939867Z	79	PC: 12ab1 \| Find next file (See above)
2018-12-25T12:42:51.380414576Z	47	PC: 12ab7 \| Get disk transfer address (See above)
2018-12-25T12:42:51.389800879Z	67	PC: 12c3a \| Get or set file attributes (See above)
2018-12-25T12:42:51.397232898Z	67	PC: 12c42 \| Get or set file attributes (See above)
2018-12-25T12:42:51.408167997Z	61	PC: 12c48 \| Open file (See above)
2018-12-25T12:42:51.419610049Z	87	PC: 12c4f \| Get or set file date and time (See above)
2018-12-25T12:42:51.422107332Z	63	PC: 12af0 \| Read file or device (See above)
2018-12-25T12:42:51.430252564Z	66	PC: 12b12 \| Move file pointer (See above)
2018-12-25T12:42:51.433334824Z	44	PC: 12a69 \| Get time (See above)
2018-12-25T12:42:51.43645882Z	64	PC: 12a7f \| Write file or device (See above)
2018-12-25T12:42:51.446193091Z	66	PC: 12b2f \| Move file pointer (See above)
2018-12-25T12:42:51.448616594Z	64	PC: 12b4f \| Write file or device (See above)
2018-12-25T12:42:51.45635577Z	87	PC: 12b58 \| Get or set file date and time (See above)
2018-12-25T12:42:51.459616682Z	62	PC: 12b5e \| Close file (See above)
2018-12-25T12:42:51.469292582Z	67	PC: 12b65 \| Get or set file attributes (See above)
2018-12-25T12:42:51.481088392Z	79	PC: 12ab1 \| Find next file (See above)
2018-12-25T12:42:51.484486871Z	47	PC: 12ab7 \| Get disk transfer address (See above)
2018-12-25T12:42:51.486947107Z	67	PC: 12c3a \| Get or set file attributes (See above)
2018-12-25T12:42:51.493385726Z	67	PC: 12c42 \| Get or set file attributes (See above)
2018-12-25T12:42:51.509160073Z	61	PC: 12c48 \| Open file (See above)
2018-12-25T12:42:51.514217441Z	87	PC: 12c4f \| Get or set file date and time (See above)
2018-12-25T12:42:51.515709043Z	63	PC: 12af0 \| Read file or device (See above)
2018-12-25T12:42:51.521061681Z	66	PC: 12b12 \| Move file pointer (See above)
2018-12-25T12:42:51.522413759Z	44	PC: 12a69 \| Get time (See above)
2018-12-25T12:42:51.526121783Z	64	PC: 12a7f \| Write file or device (See above)
2018-12-25T12:42:51.532179484Z	66	PC: 12b2f \| Move file pointer (See above)
2018-12-25T12:42:51.533590962Z	64	PC: 12b4f \| Write file or device (See above)
2018-12-25T12:42:51.538788585Z	87	PC: 12b58 \| Get or set file date and time (See above)
2018-12-25T12:42:51.540450933Z	62	PC: 12b5e \| Close file (See above)
2018-12-25T12:42:51.547220439Z	67	PC: 12b65 \| Get or set file attributes (See above)
2018-12-25T12:42:51.555209948Z	79	PC: 12ab1 \| Find next file (See above)
2018-12-25T12:42:51.557246708Z	47	PC: 12ab7 \| Get disk transfer address (See above)
2018-12-25T12:42:51.558386985Z	67	PC: 12c3a \| Get or set file attributes (See above)
2018-12-25T12:42:51.563129458Z	67	PC: 12c42 \| Get or set file attributes (See above)
2018-12-25T12:42:51.569836697Z	61	PC: 12c48 \| Open file (See above)
2018-12-25T12:42:51.584196509Z	87	PC: 12c4f \| Get or set file date and time (See above)
2018-12-25T12:42:51.588182882Z	63	PC: 12af0 \| Read file or device (See above)
2018-12-25T12:42:51.596600893Z	66	PC: 12b12 \| Move file pointer (See above)
2018-12-25T12:42:51.598880391Z	44	PC: 12a69 \| Get time (See above)
2018-12-25T12:42:51.603076853Z	64	PC: 12a7f \| Write file or device (See above)
2018-12-25T12:42:51.613966964Z	66	PC: 12b2f \| Move file pointer (See above)
2018-12-25T12:42:51.615949268Z	64	PC: 12b4f \| Write file or device (See above)
2018-12-25T12:42:51.624518541Z	87	PC: 12b58 \| Get or set file date and time (See above)
2018-12-25T12:42:51.626932039Z	62	PC: 12b5e \| Close file (See above)
2018-12-25T12:42:51.636129154Z	67	PC: 12b65 \| Get or set file attributes (See above)
2018-12-25T12:42:51.647632879Z	79	PC: 12ab1 \| Find next file (See above)
2018-12-25T12:42:51.651403363Z	47	PC: 12ab7 \| Get disk transfer address (See above)
2018-12-25T12:42:51.652838581Z	67	PC: 12c3a \| Get or set file attributes (See above)
2018-12-25T12:42:51.660157758Z	67	PC: 12c42 \| Get or set file attributes (See above)
2018-12-25T12:42:51.672813583Z	61	PC: 12c48 \| Open file (See above)
2018-12-25T12:42:51.680682706Z	87	PC: 12c4f \| Get or set file date and time (See above)
2018-12-25T12:42:51.682726128Z	63	PC: 12af0 \| Read file or device (See above)
2018-12-25T12:42:51.691223666Z	66	PC: 12b12 \| Move file pointer (See above)
2018-12-25T12:42:51.693589431Z	44	PC: 12a69 \| Get time (See above)
2018-12-25T12:42:51.696719592Z	64	PC: 12a7f \| Write file or device (See above)
2018-12-25T12:42:51.707213278Z	66	PC: 12b2f \| Move file pointer (See above)
2018-12-25T12:42:51.709969709Z	64	PC: 12b4f \| Write file or device (See above)
2018-12-25T12:42:51.718101093Z	87	PC: 12b58 \| Get or set file date and time (See above)
2018-12-25T12:42:51.720214721Z	62	PC: 12b5e \| Close file (See above)
2018-12-25T12:42:51.73085487Z	67	PC: 12b65 \| Get or set file attributes (See above)
2018-12-25T12:42:51.742214446Z	79	PC: 12ab1 \| Find next file (See above)
2018-12-25T12:42:51.746127592Z	47	PC: 12ab7 \| Get disk transfer address (See above)
2018-12-25T12:42:51.749179168Z	67	PC: 12c3a \| Get or set file attributes (See above)
2018-12-25T12:42:51.755972213Z	67	PC: 12c42 \| Get or set file attributes (See above)
2018-12-25T12:42:51.767128566Z	61	PC: 12c48 \| Open file (See above)
2018-12-25T12:42:51.775833677Z	87	PC: 12c4f \| Get or set file date and time (See above)
2018-12-25T12:42:51.778274401Z	63	PC: 12af0 \| Read file or device (See above)
2018-12-25T12:42:51.785915577Z	66	PC: 12b12 \| Move file pointer (See above)
2018-12-25T12:42:51.789672588Z	44	PC: 12a69 \| Get time (See above)
2018-12-25T12:42:51.793695466Z	64	PC: 12a7f \| Write file or device (See above)
2018-12-25T12:42:51.804576277Z	66	PC: 12b2f \| Move file pointer (See above)
2018-12-25T12:42:51.806585596Z	64	PC: 12b4f \| Write file or device (See above)
2018-12-25T12:42:51.815542844Z	87	PC: 12b58 \| Get or set file date and time (See above)
2018-12-25T12:42:51.817615913Z	62	PC: 12b5e \| Close file (See above)
2018-12-25T12:42:51.826611649Z	67	PC: 12b65 \| Get or set file attributes (See above)
2018-12-25T12:42:51.839681504Z	79	PC: 12ab1 \| Find next file (See above)
2018-12-25T12:42:51.84210224Z	47	PC: 12ab7 \| Get disk transfer address (See above)
2018-12-25T12:42:51.843887446Z	67	PC: 12c3a \| Get or set file attributes (See above)
2018-12-25T12:42:51.848468932Z	67	PC: 12c42 \| Get or set file attributes (See above)
2018-12-25T12:42:51.859878806Z	61	PC: 12c48 \| Open file (See above)
2018-12-25T12:42:51.867133905Z	87	PC: 12c4f \| Get or set file date and time (See above)
2018-12-25T12:42:51.870688907Z	63	PC: 12af0 \| Read file or device (See above)
2018-12-25T12:42:51.887964003Z	66	PC: 12b12 \| Move file pointer (See above)
2018-12-25T12:42:51.897994573Z	44	PC: 12a69 \| Get time (See above)
2018-12-25T12:42:51.902097063Z	64	PC: 12a7f \| Write file or device (See above)
2018-12-25T12:42:51.912579897Z	66	PC: 12b2f \| Move file pointer (See above)
2018-12-25T12:42:51.914670326Z	64	PC: 12b4f \| Write file or device (See above)
2018-12-25T12:42:51.922850646Z	87	PC: 12b58 \| Get or set file date and time (See above)
2018-12-25T12:42:51.92618607Z	62	PC: 12b5e \| Close file (See above)
2018-12-25T12:42:51.935082139Z	67	PC: 12b65 \| Get or set file attributes (See above)
2018-12-25T12:42:51.946490214Z	79	PC: 12ab1 \| Find next file (See above)
2018-12-25T12:42:51.950273708Z	78	PC: 12bfd \| Find first file
2018-12-25T12:42:51.958100165Z	78	PC: 12bfd \| Find first file (See above)
2018-12-25T12:42:51.963111951Z	78	PC: 12b8f \| Find first file
2018-12-25T12:42:51.972660242Z	44	PC: 12cbc \| Get time 0x12cbc: cmp ch, cl 0x12cbe: je 0x12cc1 0x12cc0: ret 0x12cc1: cli 0x12cc2: mov al, 0xad 0x12cc4: out 0x64, al 0x12cc6: nop 0x12cc7: sti 0x12cc8: mov dx, di 0x12cca: add dx, 0x210 0x12cce: mov ah, 9 0x12cd0: int 0x21 0x12cd2: cli 0x12cd3: jmp 0x12cd3 0x12cd5: add word ptr [bx], di 0x12cd7: aas 0x12cd8: aas 0x12cd9: aas 0x12cda: aas 0x12cdb: aas
2018-12-25T12:42:51.975377249Z	26	PC: 12ad0 \| Set disk transfer address

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":15183,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:42:51.030285793Z	26	PC: 12a9e \| Set disk transfer address
2018-12-25T12:42:51.031971394Z	78	PC: 12ab1 \| Find first file
2018-12-25T12:42:51.038984443Z	47	PC: 12ab7 \| Get disk transfer address
2018-12-25T12:42:51.040170254Z	67	PC: 12c3a \| Get or set file attributes
2018-12-25T12:42:51.046810376Z	67	PC: 12c42 \| Get or set file attributes
2018-12-25T12:42:51.309577192Z	61	PC: 12c48 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:42:51.31807548Z	87	PC: 12c4f \| Get or set file date and time
2018-12-25T12:42:51.320263241Z	63	PC: 12af0 \| Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:42:51.329482074Z	66	PC: 12b12 \| Move file pointer
2018-12-25T12:42:51.332213667Z	44	PC: 12a69 \| Get time 0x12a69: xor cx, dx 0x12a6b: xor ch, cl 0x12a6d: mov byte ptr [di + 0xf], ch 0x12a70: call 0x22a4c 0x12a73: pop bx 0x12a74: popaw 0x12a75: mov ah, byte ptr [di + 8] 0x12a78: mov cx, 0x292 0x12a7b: mov dx, di 0x12a7d: int 0x21 0x12a7f: pushaw 0x12a80: call 0x22a4c 0x12a83: pop bx 0x12a84: popaw 0x12a85: ret 0x12a86: xchg si, di 0x12a88: pop si 0x12a89: sub si, 6 0x12a8c: push si 0x12a8d: add si, 0x180
2018-12-25T12:42:51.335049288Z	64	PC: 12a7f \| Write file or device (Write 658 bytes on handle 5)
2018-12-25T12:42:51.34536716Z	66	PC: 12b2f \| Move file pointer
2018-12-25T12:42:51.348546144Z	64	PC: 12b4f \| Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:42:51.356385061Z	87	PC: 12b58 \| Get or set file date and time
2018-12-25T12:42:51.358569962Z	62	PC: 12b5e \| Close file
2018-12-25T12:42:51.368793444Z	67	PC: 12b65 \| Get or set file attributes
2018-12-25T12:42:51.380008448Z	79	PC: 12ab1 \| Find next file (See above)
2018-12-25T12:42:51.386990027Z	47	PC: 12ab7 \| Get disk transfer address (See above)
2018-12-25T12:42:51.389315133Z	67	PC: 12c3a \| Get or set file attributes (See above)
2018-12-25T12:42:51.395753164Z	67	PC: 12c42 \| Get or set file attributes (See above)
2018-12-25T12:42:51.406768488Z	61	PC: 12c48 \| Open file (See above)
2018-12-25T12:42:51.415293228Z	87	PC: 12c4f \| Get or set file date and time (See above)
2018-12-25T12:42:51.417508315Z	63	PC: 12af0 \| Read file or device (See above)
2018-12-25T12:42:51.424448474Z	66	PC: 12b12 \| Move file pointer (See above)
2018-12-25T12:42:51.426388105Z	44	PC: 12a69 \| Get time (See above)
2018-12-25T12:42:51.429438006Z	64	PC: 12a7f \| Write file or device (See above)
2018-12-25T12:42:51.43875926Z	66	PC: 12b2f \| Move file pointer (See above)
2018-12-25T12:42:51.440468512Z	64	PC: 12b4f \| Write file or device (See above)
2018-12-25T12:42:51.445447986Z	87	PC: 12b58 \| Get or set file date and time (See above)
2018-12-25T12:42:51.446742857Z	62	PC: 12b5e \| Close file (See above)
2018-12-25T12:42:51.451982828Z	67	PC: 12b65 \| Get or set file attributes (See above)
2018-12-25T12:42:51.458880029Z	79	PC: 12ab1 \| Find next file (See above)
2018-12-25T12:42:51.460766228Z	47	PC: 12ab7 \| Get disk transfer address (See above)
2018-12-25T12:42:51.461769191Z	67	PC: 12c3a \| Get or set file attributes (See above)
2018-12-25T12:42:51.466688349Z	67	PC: 12c42 \| Get or set file attributes (See above)
2018-12-25T12:42:51.47739811Z	61	PC: 12c48 \| Open file (See above)
2018-12-25T12:42:51.484683532Z	87	PC: 12c4f \| Get or set file date and time (See above)
2018-12-25T12:42:51.487442064Z	63	PC: 12af0 \| Read file or device (See above)
2018-12-25T12:42:51.494774132Z	66	PC: 12b12 \| Move file pointer (See above)
2018-12-25T12:42:51.496566004Z	44	PC: 12a69 \| Get time (See above)
2018-12-25T12:42:51.50611113Z	64	PC: 12a7f \| Write file or device (See above)
2018-12-25T12:42:51.515750137Z	66	PC: 12b2f \| Move file pointer (See above)
2018-12-25T12:42:51.517572391Z	64	PC: 12b4f \| Write file or device (See above)
2018-12-25T12:42:51.525941633Z	87	PC: 12b58 \| Get or set file date and time (See above)
2018-12-25T12:42:51.528739238Z	62	PC: 12b5e \| Close file (See above)
2018-12-25T12:42:51.538182991Z	67	PC: 12b65 \| Get or set file attributes (See above)
2018-12-25T12:42:51.549427618Z	79	PC: 12ab1 \| Find next file (See above)
2018-12-25T12:42:51.553046737Z	47	PC: 12ab7 \| Get disk transfer address (See above)
2018-12-25T12:42:51.5546606Z	67	PC: 12c3a \| Get or set file attributes (See above)
2018-12-25T12:42:51.561331713Z	67	PC: 12c42 \| Get or set file attributes (See above)
2018-12-25T12:42:51.572952446Z	61	PC: 12c48 \| Open file (See above)
2018-12-25T12:42:51.580325454Z	87	PC: 12c4f \| Get or set file date and time (See above)
2018-12-25T12:42:51.582195897Z	63	PC: 12af0 \| Read file or device (See above)
2018-12-25T12:42:51.592488186Z	66	PC: 12b12 \| Move file pointer (See above)
2018-12-25T12:42:51.594032346Z	44	PC: 12a69 \| Get time (See above)
2018-12-25T12:42:51.596120599Z	64	PC: 12a7f \| Write file or device (See above)
2018-12-25T12:42:51.606923998Z	66	PC: 12b2f \| Move file pointer (See above)
2018-12-25T12:42:51.609287859Z	64	PC: 12b4f \| Write file or device (See above)
2018-12-25T12:42:51.616805102Z	87	PC: 12b58 \| Get or set file date and time (See above)
2018-12-25T12:42:51.619670938Z	62	PC: 12b5e \| Close file (See above)
2018-12-25T12:42:51.627406779Z	67	PC: 12b65 \| Get or set file attributes (See above)
2018-12-25T12:42:51.634675534Z	79	PC: 12ab1 \| Find next file (See above)
2018-12-25T12:42:51.637114777Z	47	PC: 12ab7 \| Get disk transfer address (See above)
2018-12-25T12:42:51.638689747Z	67	PC: 12c3a \| Get or set file attributes (See above)
2018-12-25T12:42:51.64279306Z	67	PC: 12c42 \| Get or set file attributes (See above)
2018-12-25T12:42:51.649845075Z	61	PC: 12c48 \| Open file (See above)
2018-12-25T12:42:51.658769332Z	87	PC: 12c4f \| Get or set file date and time (See above)
2018-12-25T12:42:51.660095041Z	63	PC: 12af0 \| Read file or device (See above)
2018-12-25T12:42:51.664448279Z	66	PC: 12b12 \| Move file pointer (See above)
2018-12-25T12:42:51.666264931Z	44	PC: 12a69 \| Get time (See above)
2018-12-25T12:42:51.668700382Z	64	PC: 12a7f \| Write file or device (See above)
2018-12-25T12:42:51.675012203Z	66	PC: 12b2f \| Move file pointer (See above)
2018-12-25T12:42:51.677028324Z	64	PC: 12b4f \| Write file or device (See above)
2018-12-25T12:42:51.681863314Z	87	PC: 12b58 \| Get or set file date and time (See above)
2018-12-25T12:42:51.683211073Z	62	PC: 12b5e \| Close file (See above)
2018-12-25T12:42:51.703135406Z	67	PC: 12b65 \| Get or set file attributes (See above)
2018-12-25T12:42:51.714474802Z	79	PC: 12ab1 \| Find next file (See above)
2018-12-25T12:42:51.717661353Z	47	PC: 12ab7 \| Get disk transfer address (See above)
2018-12-25T12:42:51.718969986Z	67	PC: 12c3a \| Get or set file attributes (See above)
2018-12-25T12:42:51.723480264Z	67	PC: 12c42 \| Get or set file attributes (See above)
2018-12-25T12:42:51.731184742Z	61	PC: 12c48 \| Open file (See above)
2018-12-25T12:42:51.762409401Z	87	PC: 12c4f \| Get or set file date and time (See above)
2018-12-25T12:42:51.765651193Z	63	PC: 12af0 \| Read file or device (See above)
2018-12-25T12:42:51.773406638Z	66	PC: 12b12 \| Move file pointer (See above)
2018-12-25T12:42:51.775481053Z	44	PC: 12a69 \| Get time (See above)
2018-12-25T12:42:51.779615873Z	64	PC: 12a7f \| Write file or device (See above)
2018-12-25T12:42:51.799991891Z	66	PC: 12b2f \| Move file pointer (See above)
2018-12-25T12:42:51.802073287Z	64	PC: 12b4f \| Write file or device (See above)
2018-12-25T12:42:51.81127942Z	87	PC: 12b58 \| Get or set file date and time (See above)
2018-12-25T12:42:51.815951233Z	62	PC: 12b5e \| Close file (See above)
2018-12-25T12:42:51.825376348Z	67	PC: 12b65 \| Get or set file attributes (See above)
2018-12-25T12:42:51.840923524Z	79	PC: 12ab1 \| Find next file (See above)
2018-12-25T12:42:51.846981502Z	47	PC: 12ab7 \| Get disk transfer address (See above)
2018-12-25T12:42:51.848858291Z	67	PC: 12c3a \| Get or set file attributes (See above)
2018-12-25T12:42:51.85655939Z	67	PC: 12c42 \| Get or set file attributes (See above)
2018-12-25T12:42:51.868852389Z	61	PC: 12c48 \| Open file (See above)
2018-12-25T12:42:51.87774323Z	87	PC: 12c4f \| Get or set file date and time (See above)
2018-12-25T12:42:51.879928666Z	63	PC: 12af0 \| Read file or device (See above)
2018-12-25T12:42:51.886714739Z	66	PC: 12b12 \| Move file pointer (See above)
2018-12-25T12:42:51.888865932Z	44	PC: 12a69 \| Get time (See above)
2018-12-25T12:42:51.892130442Z	64	PC: 12a7f \| Write file or device (See above)
2018-12-25T12:42:51.900726441Z	66	PC: 12b2f \| Move file pointer (See above)
2018-12-25T12:42:51.902829058Z	64	PC: 12b4f \| Write file or device (See above)
2018-12-25T12:42:51.9247613Z	87	PC: 12b58 \| Get or set file date and time (See above)
2018-12-25T12:42:51.928344786Z	62	PC: 12b5e \| Close file (See above)
2018-12-25T12:42:51.940547271Z	67	PC: 12b65 \| Get or set file attributes (See above)
2018-12-25T12:42:51.95178582Z	79	PC: 12ab1 \| Find next file (See above)
2018-12-25T12:42:51.955279298Z	78	PC: 12bfd \| Find first file
2018-12-25T12:42:51.963288612Z	78	PC: 12bfd \| Find first file (See above)
2018-12-25T12:42:51.97055333Z	78	PC: 12b8f \| Find first file
2018-12-25T12:42:51.977618178Z	44	PC: 12cbc \| Get time 0x12cbc: cmp ch, cl 0x12cbe: je 0x12cc1 0x12cc0: ret 0x12cc1: cli 0x12cc2: mov al, 0xad 0x12cc4: out 0x64, al 0x12cc6: nop 0x12cc7: sti 0x12cc8: mov dx, di 0x12cca: add dx, 0x210 0x12cce: mov ah, 9 0x12cd0: int 0x21 0x12cd2: cli 0x12cd3: jmp 0x12cd3 0x12cd5: add word ptr [bx], di 0x12cd7: aas 0x12cd8: aas 0x12cd9: aas 0x12cda: aas 0x12cdb: aas
2018-12-25T12:42:51.981984432Z	9	PC: 12cd2 \| Display string (String= ' WARNING: ALL DATA ON NON-REMOVABLE DISK DRIVE C: WILL BE LOST! Proced with Format (Y/N)? Yes Ok')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":15183,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:42:51.768296216Z	26	PC: 12a9e \| Set disk transfer address
2018-12-25T12:42:51.77010953Z	78	PC: 12ab1 \| Find first file
2018-12-25T12:42:51.781403834Z	47	PC: 12ab7 \| Get disk transfer address
2018-12-25T12:42:51.783107982Z	67	PC: 12c3a \| Get or set file attributes
2018-12-25T12:42:51.790072218Z	67	PC: 12c42 \| Get or set file attributes
2018-12-25T12:42:51.812799147Z	61	PC: 12c48 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:42:51.821501274Z	87	PC: 12c4f \| Get or set file date and time
2018-12-25T12:42:51.823551446Z	63	PC: 12af0 \| Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:42:51.833017824Z	66	PC: 12b12 \| Move file pointer
2018-12-25T12:42:51.835069998Z	44	PC: 12a69 \| Get time 0x12a69: xor cx, dx 0x12a6b: xor ch, cl 0x12a6d: mov byte ptr [di + 0xf], ch 0x12a70: call 0x22a4c 0x12a73: pop bx 0x12a74: popaw 0x12a75: mov ah, byte ptr [di + 8] 0x12a78: mov cx, 0x292 0x12a7b: mov dx, di 0x12a7d: int 0x21 0x12a7f: pushaw 0x12a80: call 0x22a4c 0x12a83: pop bx 0x12a84: popaw 0x12a85: ret 0x12a86: xchg si, di 0x12a88: pop si 0x12a89: sub si, 6 0x12a8c: push si 0x12a8d: add si, 0x180
2018-12-25T12:42:51.838383551Z	64	PC: 12a7f \| Write file or device (Write 658 bytes on handle 5)
2018-12-25T12:42:51.849394997Z	66	PC: 12b2f \| Move file pointer
2018-12-25T12:42:51.851227433Z	64	PC: 12b4f \| Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:42:51.858760132Z	87	PC: 12b58 \| Get or set file date and time
2018-12-25T12:42:51.861573671Z	62	PC: 12b5e \| Close file
2018-12-25T12:42:51.870768277Z	67	PC: 12b65 \| Get or set file attributes
2018-12-25T12:42:51.877586491Z	79	PC: 12ab1 \| Find next file (See above)
2018-12-25T12:42:51.88120359Z	47	PC: 12ab7 \| Get disk transfer address (See above)
2018-12-25T12:42:51.885853327Z	67	PC: 12c3a \| Get or set file attributes (See above)
2018-12-25T12:42:51.892610751Z	67	PC: 12c42 \| Get or set file attributes (See above)
2018-12-25T12:42:51.906364745Z	61	PC: 12c48 \| Open file (See above)
2018-12-25T12:42:51.911690691Z	87	PC: 12c4f \| Get or set file date and time (See above)
2018-12-25T12:42:51.913018425Z	63	PC: 12af0 \| Read file or device (See above)
2018-12-25T12:42:51.918064034Z	66	PC: 12b12 \| Move file pointer (See above)
2018-12-25T12:42:51.920163384Z	44	PC: 12a69 \| Get time (See above)
2018-12-25T12:42:51.923311493Z	64	PC: 12a7f \| Write file or device (See above)
2018-12-25T12:42:51.936719746Z	66	PC: 12b2f \| Move file pointer (See above)
2018-12-25T12:42:51.940155347Z	64	PC: 12b4f \| Write file or device (See above)
2018-12-25T12:42:51.948786758Z	87	PC: 12b58 \| Get or set file date and time (See above)
2018-12-25T12:42:51.953666582Z	62	PC: 12b5e \| Close file (See above)
2018-12-25T12:42:51.963717896Z	67	PC: 12b65 \| Get or set file attributes (See above)
2018-12-25T12:42:51.975421021Z	79	PC: 12ab1 \| Find next file (See above)
2018-12-25T12:42:51.978418704Z	47	PC: 12ab7 \| Get disk transfer address (See above)
2018-12-25T12:42:51.980330584Z	67	PC: 12c3a \| Get or set file attributes (See above)
2018-12-25T12:42:51.985165941Z	67	PC: 12c42 \| Get or set file attributes (See above)
2018-12-25T12:42:51.991741183Z	61	PC: 12c48 \| Open file (See above)
2018-12-25T12:42:51.996082414Z	87	PC: 12c4f \| Get or set file date and time (See above)
2018-12-25T12:42:51.998876611Z	63	PC: 12af0 \| Read file or device (See above)
2018-12-25T12:42:52.005972558Z	66	PC: 12b12 \| Move file pointer (See above)
2018-12-25T12:42:52.007448009Z	44	PC: 12a69 \| Get time (See above)
2018-12-25T12:42:52.011345677Z	64	PC: 12a7f \| Write file or device (See above)
2018-12-25T12:42:52.021219554Z	66	PC: 12b2f \| Move file pointer (See above)
2018-12-25T12:42:52.022843887Z	64	PC: 12b4f \| Write file or device (See above)
2018-12-25T12:42:52.031136342Z	87	PC: 12b58 \| Get or set file date and time (See above)
2018-12-25T12:42:52.041377206Z	62	PC: 12b5e \| Close file (See above)
2018-12-25T12:42:52.050066238Z	67	PC: 12b65 \| Get or set file attributes (See above)
2018-12-25T12:42:52.06111546Z	79	PC: 12ab1 \| Find next file (See above)
2018-12-25T12:42:52.063185271Z	47	PC: 12ab7 \| Get disk transfer address (See above)
2018-12-25T12:42:52.064096256Z	67	PC: 12c3a \| Get or set file attributes (See above)
2018-12-25T12:42:52.068377263Z	67	PC: 12c42 \| Get or set file attributes (See above)
2018-12-25T12:42:52.075454977Z	61	PC: 12c48 \| Open file (See above)
2018-12-25T12:42:52.083680835Z	87	PC: 12c4f \| Get or set file date and time (See above)
2018-12-25T12:42:52.08492448Z	63	PC: 12af0 \| Read file or device (See above)
2018-12-25T12:42:52.090022555Z	66	PC: 12b12 \| Move file pointer (See above)
2018-12-25T12:42:52.091192276Z	44	PC: 12a69 \| Get time (See above)
2018-12-25T12:42:52.092964247Z	64	PC: 12a7f \| Write file or device (See above)
2018-12-25T12:42:52.099494013Z	66	PC: 12b2f \| Move file pointer (See above)
2018-12-25T12:42:52.100813039Z	64	PC: 12b4f \| Write file or device (See above)
2018-12-25T12:42:52.105284225Z	87	PC: 12b58 \| Get or set file date and time (See above)
2018-12-25T12:42:52.107085798Z	62	PC: 12b5e \| Close file (See above)
2018-12-25T12:42:52.112280619Z	67	PC: 12b65 \| Get or set file attributes (See above)
2018-12-25T12:42:52.11936486Z	79	PC: 12ab1 \| Find next file (See above)
2018-12-25T12:42:52.122108418Z	47	PC: 12ab7 \| Get disk transfer address (See above)
2018-12-25T12:42:52.123198697Z	67	PC: 12c3a \| Get or set file attributes (See above)
2018-12-25T12:42:52.127073983Z	67	PC: 12c42 \| Get or set file attributes (See above)
2018-12-25T12:42:52.133961559Z	61	PC: 12c48 \| Open file (See above)
2018-12-25T12:42:52.141724926Z	87	PC: 12c4f \| Get or set file date and time (See above)
2018-12-25T12:42:52.143189696Z	63	PC: 12af0 \| Read file or device (See above)
2018-12-25T12:42:52.150611919Z	66	PC: 12b12 \| Move file pointer (See above)
2018-12-25T12:42:52.153441441Z	44	PC: 12a69 \| Get time (See above)
2018-12-25T12:42:52.15682889Z	64	PC: 12a7f \| Write file or device (See above)
2018-12-25T12:42:52.166064307Z	66	PC: 12b2f \| Move file pointer (See above)
2018-12-25T12:42:52.168614431Z	64	PC: 12b4f \| Write file or device (See above)
2018-12-25T12:42:52.17588162Z	87	PC: 12b58 \| Get or set file date and time (See above)
2018-12-25T12:42:52.17726955Z	62	PC: 12b5e \| Close file (See above)
2018-12-25T12:42:52.186972108Z	67	PC: 12b65 \| Get or set file attributes (See above)
2018-12-25T12:42:52.198362634Z	79	PC: 12ab1 \| Find next file (See above)
2018-12-25T12:42:52.201695361Z	47	PC: 12ab7 \| Get disk transfer address (See above)
2018-12-25T12:42:52.204422968Z	67	PC: 12c3a \| Get or set file attributes (See above)
2018-12-25T12:42:52.211159762Z	67	PC: 12c42 \| Get or set file attributes (See above)
2018-12-25T12:42:52.222749415Z	61	PC: 12c48 \| Open file (See above)
2018-12-25T12:42:52.231331103Z	87	PC: 12c4f \| Get or set file date and time (See above)
2018-12-25T12:42:52.233632191Z	63	PC: 12af0 \| Read file or device (See above)
2018-12-25T12:42:52.241339872Z	66	PC: 12b12 \| Move file pointer (See above)
2018-12-25T12:42:52.243343368Z	44	PC: 12a69 \| Get time (See above)
2018-12-25T12:42:52.247640971Z	64	PC: 12a7f \| Write file or device (See above)
2018-12-25T12:42:52.258044225Z	66	PC: 12b2f \| Move file pointer (See above)
2018-12-25T12:42:52.260029572Z	64	PC: 12b4f \| Write file or device (See above)
2018-12-25T12:42:52.268169638Z	87	PC: 12b58 \| Get or set file date and time (See above)
2018-12-25T12:42:52.269597686Z	62	PC: 12b5e \| Close file (See above)
2018-12-25T12:42:52.277590336Z	67	PC: 12b65 \| Get or set file attributes (See above)
2018-12-25T12:42:52.287669064Z	79	PC: 12ab1 \| Find next file (See above)
2018-12-25T12:42:52.290189167Z	47	PC: 12ab7 \| Get disk transfer address (See above)
2018-12-25T12:42:52.291410332Z	67	PC: 12c3a \| Get or set file attributes (See above)
2018-12-25T12:42:52.297722993Z	67	PC: 12c42 \| Get or set file attributes (See above)
2018-12-25T12:42:52.306561962Z	61	PC: 12c48 \| Open file (See above)
2018-12-25T12:42:52.315203558Z	87	PC: 12c4f \| Get or set file date and time (See above)
2018-12-25T12:42:52.317226127Z	63	PC: 12af0 \| Read file or device (See above)
2018-12-25T12:42:52.324720682Z	66	PC: 12b12 \| Move file pointer (See above)
2018-12-25T12:42:52.326693077Z	44	PC: 12a69 \| Get time (See above)
2018-12-25T12:42:52.329504363Z	64	PC: 12a7f \| Write file or device (See above)
2018-12-25T12:42:52.339239879Z	66	PC: 12b2f \| Move file pointer (See above)
2018-12-25T12:42:52.341222649Z	64	PC: 12b4f \| Write file or device (See above)
2018-12-25T12:42:52.34897819Z	87	PC: 12b58 \| Get or set file date and time (See above)
2018-12-25T12:42:52.352508289Z	62	PC: 12b5e \| Close file (See above)
2018-12-25T12:42:52.361601886Z	67	PC: 12b65 \| Get or set file attributes (See above)
2018-12-25T12:42:52.372917831Z	79	PC: 12ab1 \| Find next file (See above)
2018-12-25T12:42:52.377341023Z	78	PC: 12bfd \| Find first file
2018-12-25T12:42:52.384224431Z	78	PC: 12bfd \| Find first file (See above)
2018-12-25T12:42:52.391180605Z	78	PC: 12b8f \| Find first file
2018-12-25T12:42:52.398809366Z	44	PC: 12cbc \| Get time 0x12cbc: cmp ch, cl 0x12cbe: je 0x12cc1 0x12cc0: ret 0x12cc1: cli 0x12cc2: mov al, 0xad 0x12cc4: out 0x64, al 0x12cc6: nop 0x12cc7: sti 0x12cc8: mov dx, di 0x12cca: add dx, 0x210 0x12cce: mov ah, 9 0x12cd0: int 0x21 0x12cd2: cli 0x12cd3: jmp 0x12cd3 0x12cd5: add word ptr [bx], di 0x12cd7: aas 0x12cd8: aas 0x12cd9: aas 0x12cda: aas 0x12cdb: aas
2018-12-25T12:42:52.401068242Z	9	PC: 12cd2 \| Display string (String= ' WARNING: ALL DATA ON NON-REMOVABLE DISK DRIVE C: WILL BE LOST! Proced with Format (Y/N)? Yes Ok')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":1,"Second":0,"TimeBased":true,"OriginalID":15183,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:42:51.781395232Z	26	PC: 12a9e \| Set disk transfer address
2018-12-25T12:42:51.784971858Z	78	PC: 12ab1 \| Find first file
2018-12-25T12:42:51.78988463Z	47	PC: 12ab7 \| Get disk transfer address
2018-12-25T12:42:51.791512341Z	67	PC: 12c3a \| Get or set file attributes
2018-12-25T12:42:51.799830843Z	67	PC: 12c42 \| Get or set file attributes
2018-12-25T12:42:51.821034033Z	61	PC: 12c48 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:42:51.82850689Z	87	PC: 12c4f \| Get or set file date and time
2018-12-25T12:42:51.830621664Z	63	PC: 12af0 \| Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:42:51.852246919Z	66	PC: 12b12 \| Move file pointer
2018-12-25T12:42:51.855298983Z	44	PC: 12a69 \| Get time 0x12a69: xor cx, dx 0x12a6b: xor ch, cl 0x12a6d: mov byte ptr [di + 0xf], ch 0x12a70: call 0x22a4c 0x12a73: pop bx 0x12a74: popaw 0x12a75: mov ah, byte ptr [di + 8] 0x12a78: mov cx, 0x292 0x12a7b: mov dx, di 0x12a7d: int 0x21 0x12a7f: pushaw 0x12a80: call 0x22a4c 0x12a83: pop bx 0x12a84: popaw 0x12a85: ret 0x12a86: xchg si, di 0x12a88: pop si 0x12a89: sub si, 6 0x12a8c: push si 0x12a8d: add si, 0x180
2018-12-25T12:42:51.859207718Z	64	PC: 12a7f \| Write file or device (Write 658 bytes on handle 5)
2018-12-25T12:42:51.884626013Z	66	PC: 12b2f \| Move file pointer
2018-12-25T12:42:51.886827073Z	64	PC: 12b4f \| Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:42:51.89438036Z	87	PC: 12b58 \| Get or set file date and time
2018-12-25T12:42:51.896723024Z	62	PC: 12b5e \| Close file
2018-12-25T12:42:51.906720597Z	67	PC: 12b65 \| Get or set file attributes
2018-12-25T12:42:51.917595494Z	79	PC: 12ab1 \| Find next file (See above)
2018-12-25T12:42:51.920409567Z	47	PC: 12ab7 \| Get disk transfer address (See above)
2018-12-25T12:42:51.923216917Z	67	PC: 12c3a \| Get or set file attributes (See above)
2018-12-25T12:42:51.930324547Z	67	PC: 12c42 \| Get or set file attributes (See above)
2018-12-25T12:42:51.942227541Z	61	PC: 12c48 \| Open file (See above)
2018-12-25T12:42:51.951124825Z	87	PC: 12c4f \| Get or set file date and time (See above)
2018-12-25T12:42:51.953616182Z	63	PC: 12af0 \| Read file or device (See above)
2018-12-25T12:42:51.961431944Z	66	PC: 12b12 \| Move file pointer (See above)
2018-12-25T12:42:51.964375924Z	44	PC: 12a69 \| Get time (See above)
2018-12-25T12:42:51.967796639Z	64	PC: 12a7f \| Write file or device (See above)
2018-12-25T12:42:51.974183127Z	66	PC: 12b2f \| Move file pointer (See above)
2018-12-25T12:42:51.979064124Z	64	PC: 12b4f \| Write file or device (See above)
2018-12-25T12:42:51.985179287Z	87	PC: 12b58 \| Get or set file date and time (See above)
2018-12-25T12:42:51.987411417Z	62	PC: 12b5e \| Close file (See above)
2018-12-25T12:42:51.997186725Z	67	PC: 12b65 \| Get or set file attributes (See above)
2018-12-25T12:42:52.011294496Z	79	PC: 12ab1 \| Find next file (See above)
2018-12-25T12:42:52.014912429Z	47	PC: 12ab7 \| Get disk transfer address (See above)
2018-12-25T12:42:52.016480767Z	67	PC: 12c3a \| Get or set file attributes (See above)
2018-12-25T12:42:52.023687962Z	67	PC: 12c42 \| Get or set file attributes (See above)
2018-12-25T12:42:52.034970458Z	61	PC: 12c48 \| Open file (See above)
2018-12-25T12:42:52.039365518Z	87	PC: 12c4f \| Get or set file date and time (See above)
2018-12-25T12:42:52.040865447Z	63	PC: 12af0 \| Read file or device (See above)
2018-12-25T12:42:52.045122573Z	66	PC: 12b12 \| Move file pointer (See above)
2018-12-25T12:42:52.046129479Z	44	PC: 12a69 \| Get time (See above)
2018-12-25T12:42:52.048214101Z	64	PC: 12a7f \| Write file or device (See above)
2018-12-25T12:42:52.053505922Z	66	PC: 12b2f \| Move file pointer (See above)
2018-12-25T12:42:52.054471639Z	64	PC: 12b4f \| Write file or device (See above)
2018-12-25T12:42:52.059066376Z	87	PC: 12b58 \| Get or set file date and time (See above)
2018-12-25T12:42:52.060154147Z	62	PC: 12b5e \| Close file (See above)
2018-12-25T12:42:52.066143166Z	67	PC: 12b65 \| Get or set file attributes (See above)
2018-12-25T12:42:52.073422174Z	79	PC: 12ab1 \| Find next file (See above)
2018-12-25T12:42:52.075261834Z	47	PC: 12ab7 \| Get disk transfer address (See above)
2018-12-25T12:42:52.076741701Z	67	PC: 12c3a \| Get or set file attributes (See above)
2018-12-25T12:42:52.081090157Z	67	PC: 12c42 \| Get or set file attributes (See above)
2018-12-25T12:42:52.093166763Z	61	PC: 12c48 \| Open file (See above)
2018-12-25T12:42:52.101421999Z	87	PC: 12c4f \| Get or set file date and time (See above)
2018-12-25T12:42:52.103254668Z	63	PC: 12af0 \| Read file or device (See above)
2018-12-25T12:42:52.109747688Z	66	PC: 12b12 \| Move file pointer (See above)
2018-12-25T12:42:52.111037536Z	44	PC: 12a69 \| Get time (See above)
2018-12-25T12:42:52.113559838Z	64	PC: 12a7f \| Write file or device (See above)
2018-12-25T12:42:52.121610271Z	66	PC: 12b2f \| Move file pointer (See above)
2018-12-25T12:42:52.123864032Z	64	PC: 12b4f \| Write file or device (See above)
2018-12-25T12:42:52.130167718Z	87	PC: 12b58 \| Get or set file date and time (See above)
2018-12-25T12:42:52.132279783Z	62	PC: 12b5e \| Close file (See above)
2018-12-25T12:42:52.13954717Z	67	PC: 12b65 \| Get or set file attributes (See above)
2018-12-25T12:42:52.14848954Z	79	PC: 12ab1 \| Find next file (See above)
2018-12-25T12:42:52.1517462Z	47	PC: 12ab7 \| Get disk transfer address (See above)
2018-12-25T12:42:52.152856183Z	67	PC: 12c3a \| Get or set file attributes (See above)
2018-12-25T12:42:52.157964021Z	67	PC: 12c42 \| Get or set file attributes (See above)
2018-12-25T12:42:52.167285166Z	61	PC: 12c48 \| Open file (See above)
2018-12-25T12:42:52.173204701Z	87	PC: 12c4f \| Get or set file date and time (See above)
2018-12-25T12:42:52.174313109Z	63	PC: 12af0 \| Read file or device (See above)
2018-12-25T12:42:52.180464459Z	66	PC: 12b12 \| Move file pointer (See above)
2018-12-25T12:42:52.181696411Z	44	PC: 12a69 \| Get time (See above)
2018-12-25T12:42:52.183857749Z	64	PC: 12a7f \| Write file or device (See above)
2018-12-25T12:42:52.191955309Z	66	PC: 12b2f \| Move file pointer (See above)
2018-12-25T12:42:52.193788687Z	64	PC: 12b4f \| Write file or device (See above)
2018-12-25T12:42:52.199950178Z	87	PC: 12b58 \| Get or set file date and time (See above)
2018-12-25T12:42:52.201851781Z	62	PC: 12b5e \| Close file (See above)
2018-12-25T12:42:52.209258237Z	67	PC: 12b65 \| Get or set file attributes (See above)
2018-12-25T12:42:52.218337338Z	79	PC: 12ab1 \| Find next file (See above)
2018-12-25T12:42:52.221033695Z	47	PC: 12ab7 \| Get disk transfer address (See above)
2018-12-25T12:42:52.222773182Z	67	PC: 12c3a \| Get or set file attributes (See above)
2018-12-25T12:42:52.22871347Z	67	PC: 12c42 \| Get or set file attributes (See above)
2018-12-25T12:42:52.237691642Z	61	PC: 12c48 \| Open file (See above)
2018-12-25T12:42:52.244490191Z	87	PC: 12c4f \| Get or set file date and time (See above)
2018-12-25T12:42:52.246503007Z	63	PC: 12af0 \| Read file or device (See above)
2018-12-25T12:42:52.253958005Z	66	PC: 12b12 \| Move file pointer (See above)
2018-12-25T12:42:52.256681911Z	44	PC: 12a69 \| Get time (See above)
2018-12-25T12:42:52.259417588Z	64	PC: 12a7f \| Write file or device (See above)
2018-12-25T12:42:52.269685773Z	66	PC: 12b2f \| Move file pointer (See above)
2018-12-25T12:42:52.272194042Z	64	PC: 12b4f \| Write file or device (See above)
2018-12-25T12:42:52.280490724Z	87	PC: 12b58 \| Get or set file date and time (See above)
2018-12-25T12:42:52.282720286Z	62	PC: 12b5e \| Close file (See above)
2018-12-25T12:42:52.29291421Z	67	PC: 12b65 \| Get or set file attributes (See above)
2018-12-25T12:42:52.304842302Z	79	PC: 12ab1 \| Find next file (See above)
2018-12-25T12:42:52.308150993Z	47	PC: 12ab7 \| Get disk transfer address (See above)
2018-12-25T12:42:52.309862611Z	67	PC: 12c3a \| Get or set file attributes (See above)
2018-12-25T12:42:52.317044379Z	67	PC: 12c42 \| Get or set file attributes (See above)
2018-12-25T12:42:52.327925492Z	61	PC: 12c48 \| Open file (See above)
2018-12-25T12:42:52.335693551Z	87	PC: 12c4f \| Get or set file date and time (See above)
2018-12-25T12:42:52.338430251Z	63	PC: 12af0 \| Read file or device (See above)
2018-12-25T12:42:52.345934743Z	66	PC: 12b12 \| Move file pointer (See above)
2018-12-25T12:42:52.347835347Z	44	PC: 12a69 \| Get time (See above)
2018-12-25T12:42:52.351676876Z	64	PC: 12a7f \| Write file or device (See above)
2018-12-25T12:42:52.361864924Z	66	PC: 12b2f \| Move file pointer (See above)
2018-12-25T12:42:52.364003959Z	64	PC: 12b4f \| Write file or device (See above)
2018-12-25T12:42:52.372541118Z	87	PC: 12b58 \| Get or set file date and time (See above)
2018-12-25T12:42:52.37456468Z	62	PC: 12b5e \| Close file (See above)
2018-12-25T12:42:52.383607004Z	67	PC: 12b65 \| Get or set file attributes (See above)
2018-12-25T12:42:52.39226845Z	79	PC: 12ab1 \| Find next file (See above)
2018-12-25T12:42:52.39418235Z	78	PC: 12bfd \| Find first file
2018-12-25T12:42:52.398960488Z	78	PC: 12bfd \| Find first file (See above)
2018-12-25T12:42:52.405688859Z	78	PC: 12b8f \| Find first file
2018-12-25T12:42:52.417630017Z	44	PC: 12cbc \| Get time 0x12cbc: cmp ch, cl 0x12cbe: je 0x12cc1 0x12cc0: ret 0x12cc1: cli 0x12cc2: mov al, 0xad 0x12cc4: out 0x64, al 0x12cc6: nop 0x12cc7: sti 0x12cc8: mov dx, di 0x12cca: add dx, 0x210 0x12cce: mov ah, 9 0x12cd0: int 0x21 0x12cd2: cli 0x12cd3: jmp 0x12cd3 0x12cd5: add word ptr [bx], di 0x12cd7: aas 0x12cd8: aas 0x12cd9: aas 0x12cda: aas 0x12cdb: aas
2018-12-25T12:42:52.41989025Z	26	PC: 12ad0 \| Set disk transfer address