Sample viewer

vx.netlux.org/Virus.DOS.Coconut.1323

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:11:34.392935831Z 78 PC: 12aca | Find first file
2018-12-17T23:11:34.399819835Z 44 PC: 12b0f | Get time 0x12b0f: cmp dx, 0
0x12b12: je 0x12b0b
0x12b14: mov word ptr [0x5dd], dx
0x12b18: ret
0x12b19: sub ch, byte ptr [0x4f43]
0x12b1d: dec bp
0x12b1e: add byte ptr [bp + di + 0x56], bl
0x12b21: imul si, word ptr [bp + si + 0x75], 0x2073
0x12b26: arpl word ptr [bx + 0x63], bp
0x12b29: outsw dx, word ptr [si]
0x12b2a: outsb dx, byte ptr [si]
0x12b2b: jne 0x12ba1
0x12b2d: sub al, 0x20
0x12b2f: bound di, dword ptr [bx + di + 0x20]
0x12b32: push sp
0x12b33: push 0x2065
0x12b36: dec bx
0x12b37: imul bp, word ptr [bp + 0x67], 0x4c20
0x12b3c: imul di, word ptr [bp + si + 0x61], 0x6472
0x12b41: pop bp
2018-12-17T23:11:34.403375332Z 67 PC: 12a53 | Get or set file attributes
2018-12-17T23:11:34.410003182Z 67 PC: 12a5e | Get or set file attributes
2018-12-17T23:11:34.430293035Z 61 PC: 12a63 | Open file (Filename = 'SLEEP.COM')
2018-12-17T23:11:34.436440594Z 87 PC: 12a6b | Get or set file date and time
2018-12-17T23:11:34.437581665Z 64 PC: 12a7d | Write file or device (Write 1323 bytes on handle 5)
2018-12-17T23:11:34.444508738Z 87 PC: 12a8a | Get or set file date and time
2018-12-17T23:11:34.446529125Z 62 PC: 12a8e | Close file
2018-12-17T23:11:34.451750128Z 67 PC: 12a9a | Get or set file attributes
2018-12-17T23:11:34.45869609Z 79 PC: 12ad8 | Find next file
2018-12-17T23:11:34.461008844Z 44 PC: 12b0f | Get time 0x12b0f: cmp dx, 0
0x12b12: je 0x12b0b
0x12b14: mov word ptr [0x5dd], dx
0x12b18: ret
0x12b19: sub ch, byte ptr [0x4f43]
0x12b1d: dec bp
0x12b1e: add byte ptr [bp + di + 0x56], bl
0x12b21: imul si, word ptr [bp + si + 0x75], 0x2073
0x12b26: arpl word ptr [bx + 0x63], bp
0x12b29: outsw dx, word ptr [si]
0x12b2a: outsb dx, byte ptr [si]
0x12b2b: jne 0x12ba1
0x12b2d: sub al, 0x20
0x12b2f: bound di, dword ptr [bx + di + 0x20]
0x12b32: push sp
0x12b33: push 0x2065
0x12b36: dec bx
0x12b37: imul bp, word ptr [bp + 0x67], 0x4c20
0x12b3c: imul di, word ptr [bp + si + 0x61], 0x6472
0x12b41: pop bp
2018-12-17T23:11:34.463191135Z 67 PC: 12a53 | Get or set file attributes
2018-12-17T23:11:34.467001824Z 67 PC: 12a5e | Get or set file attributes
2018-12-17T23:11:34.475986709Z 61 PC: 12a63 | Open file (Filename = 'PRINT.COM')
2018-12-17T23:11:34.488881378Z 87 PC: 12a6b | Get or set file date and time
2018-12-17T23:11:34.490470069Z 64 PC: 12a7d | Write file or device (Write 1323 bytes on handle 5)
2018-12-17T23:11:34.500237523Z 87 PC: 12a8a | Get or set file date and time
2018-12-17T23:11:34.502830411Z 62 PC: 12a8e | Close file
2018-12-17T23:11:34.51144213Z 67 PC: 12a9a | Get or set file attributes
2018-12-17T23:11:34.523024086Z 79 PC: 12ad8 | Find next file
2018-12-17T23:11:34.526525802Z 44 PC: 12b0f | Get time 0x12b0f: cmp dx, 0
0x12b12: je 0x12b0b
0x12b14: mov word ptr [0x5dd], dx
0x12b18: ret
0x12b19: sub ch, byte ptr [0x4f43]
0x12b1d: dec bp
0x12b1e: add byte ptr [bp + di + 0x56], bl
0x12b21: imul si, word ptr [bp + si + 0x75], 0x2073
0x12b26: arpl word ptr [bx + 0x63], bp
0x12b29: outsw dx, word ptr [si]
0x12b2a: outsb dx, byte ptr [si]
0x12b2b: jne 0x12ba1
0x12b2d: sub al, 0x20
0x12b2f: bound di, dword ptr [bx + di + 0x20]
0x12b32: push sp
0x12b33: push 0x2065
0x12b36: dec bx
0x12b37: imul bp, word ptr [bp + 0x67], 0x4c20
0x12b3c: imul di, word ptr [bp + si + 0x61], 0x6472
0x12b41: pop bp
2018-12-17T23:11:34.530004415Z 67 PC: 12a53 | Get or set file attributes
2018-12-17T23:11:34.536323959Z 67 PC: 12a5e | Get or set file attributes
2018-12-17T23:11:34.548372838Z 61 PC: 12a63 | Open file (Filename = 'HELLO.COM')
2018-12-17T23:11:34.561898727Z 87 PC: 12a6b | Get or set file date and time
2018-12-17T23:11:34.563627196Z 64 PC: 12a7d | Write file or device (Write 1323 bytes on handle 5)
2018-12-17T23:11:34.57561543Z 87 PC: 12a8a | Get or set file date and time
2018-12-17T23:11:34.577674242Z 62 PC: 12a8e | Close file
2018-12-17T23:11:34.587535678Z 67 PC: 12a9a | Get or set file attributes
2018-12-17T23:11:34.601031637Z 79 PC: 12ad8 | Find next file
2018-12-17T23:11:34.605085549Z 44 PC: 12b0f | Get time 0x12b0f: cmp dx, 0
0x12b12: je 0x12b0b
0x12b14: mov word ptr [0x5dd], dx
0x12b18: ret
0x12b19: sub ch, byte ptr [0x4f43]
0x12b1d: dec bp
0x12b1e: add byte ptr [bp + di + 0x56], bl
0x12b21: imul si, word ptr [bp + si + 0x75], 0x2073
0x12b26: arpl word ptr [bx + 0x63], bp
0x12b29: outsw dx, word ptr [si]
0x12b2a: outsb dx, byte ptr [si]
0x12b2b: jne 0x12ba1
0x12b2d: sub al, 0x20
0x12b2f: bound di, dword ptr [bx + di + 0x20]
0x12b32: push sp
0x12b33: push 0x2065
0x12b36: dec bx
0x12b37: imul bp, word ptr [bp + 0x67], 0x4c20
0x12b3c: imul di, word ptr [bp + si + 0x61], 0x6472
0x12b41: pop bp
2018-12-17T23:11:34.608870639Z 67 PC: 12a53 | Get or set file attributes
2018-12-17T23:11:34.616233079Z 67 PC: 12a5e | Get or set file attributes
2018-12-17T23:11:34.629329869Z 61 PC: 12a63 | Open file (Filename = 'PHANG.COM')
2018-12-17T23:11:34.63750838Z 87 PC: 12a6b | Get or set file date and time
2018-12-17T23:11:34.639637232Z 64 PC: 12a7d | Write file or device (Write 1323 bytes on handle 5)
2018-12-17T23:11:34.648393546Z 87 PC: 12a8a | Get or set file date and time
2018-12-17T23:11:34.650477381Z 62 PC: 12a8e | Close file
2018-12-17T23:11:34.66049532Z 67 PC: 12a9a | Get or set file attributes
2018-12-17T23:11:34.680024935Z 79 PC: 12ad8 | Find next file
2018-12-17T23:11:34.690133804Z 44 PC: 12b0f | Get time 0x12b0f: cmp dx, 0
0x12b12: je 0x12b0b
0x12b14: mov word ptr [0x5dd], dx
0x12b18: ret
0x12b19: sub ch, byte ptr [0x4f43]
0x12b1d: dec bp
0x12b1e: add byte ptr [bp + di + 0x56], bl
0x12b21: imul si, word ptr [bp + si + 0x75], 0x2073
0x12b26: arpl word ptr [bx + 0x63], bp
0x12b29: outsw dx, word ptr [si]
0x12b2a: outsb dx, byte ptr [si]
0x12b2b: jne 0x12ba1
0x12b2d: sub al, 0x20
0x12b2f: bound di, dword ptr [bx + di + 0x20]
0x12b32: push sp
0x12b33: push 0x2065
0x12b36: dec bx
0x12b37: imul bp, word ptr [bp + 0x67], 0x4c20
0x12b3c: imul di, word ptr [bp + si + 0x61], 0x6472
0x12b41: pop bp
2018-12-17T23:11:34.69399937Z 67 PC: 12a53 | Get or set file attributes
2018-12-17T23:11:34.701930814Z 67 PC: 12a5e | Get or set file attributes
2018-12-17T23:11:34.714397996Z 61 PC: 12a63 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T23:11:34.722922465Z 87 PC: 12a6b | Get or set file date and time
2018-12-17T23:11:34.726167304Z 64 PC: 12a7d | Write file or device (Write 1323 bytes on handle 5)
2018-12-17T23:11:34.736774237Z 87 PC: 12a8a | Get or set file date and time
2018-12-17T23:11:34.738653592Z 62 PC: 12a8e | Close file
2018-12-17T23:11:34.747881919Z 67 PC: 12a9a | Get or set file attributes
2018-12-17T23:11:34.761585284Z 79 PC: 12ad8 | Find next file
2018-12-17T23:11:34.764956873Z 44 PC: 12b0f | Get time 0x12b0f: cmp dx, 0
0x12b12: je 0x12b0b
0x12b14: mov word ptr [0x5dd], dx
0x12b18: ret
0x12b19: sub ch, byte ptr [0x4f43]
0x12b1d: dec bp
0x12b1e: add byte ptr [bp + di + 0x56], bl
0x12b21: imul si, word ptr [bp + si + 0x75], 0x2073
0x12b26: arpl word ptr [bx + 0x63], bp
0x12b29: outsw dx, word ptr [si]
0x12b2a: outsb dx, byte ptr [si]
0x12b2b: jne 0x12ba1
0x12b2d: sub al, 0x20
0x12b2f: bound di, dword ptr [bx + di + 0x20]
0x12b32: push sp
0x12b33: push 0x2065
0x12b36: dec bx
0x12b37: imul bp, word ptr [bp + 0x67], 0x4c20
0x12b3c: imul di, word ptr [bp + si + 0x61], 0x6472
0x12b41: pop bp
2018-12-17T23:11:34.768751408Z 67 PC: 12a53 | Get or set file attributes
2018-12-17T23:11:34.776758872Z 67 PC: 12a5e | Get or set file attributes
2018-12-17T23:11:34.787940685Z 61 PC: 12a63 | Open file (Filename = 'MANDEL.COM')
2018-12-17T23:11:34.795365976Z 87 PC: 12a6b | Get or set file date and time
2018-12-17T23:11:34.797460347Z 64 PC: 12a7d | Write file or device (Write 1323 bytes on handle 5)
2018-12-17T23:11:34.807472199Z 87 PC: 12a8a | Get or set file date and time
2018-12-17T23:11:34.809503376Z 62 PC: 12a8e | Close file
2018-12-17T23:11:34.820623606Z 67 PC: 12a9a | Get or set file attributes
2018-12-17T23:11:34.833076273Z 79 PC: 12ad8 | Find next file
2018-12-17T23:11:34.836178135Z 44 PC: 12b0f | Get time 0x12b0f: cmp dx, 0
0x12b12: je 0x12b0b
0x12b14: mov word ptr [0x5dd], dx
0x12b18: ret
0x12b19: sub ch, byte ptr [0x4f43]
0x12b1d: dec bp
0x12b1e: add byte ptr [bp + di + 0x56], bl
0x12b21: imul si, word ptr [bp + si + 0x75], 0x2073
0x12b26: arpl word ptr [bx + 0x63], bp
0x12b29: outsw dx, word ptr [si]
0x12b2a: outsb dx, byte ptr [si]
0x12b2b: jne 0x12ba1
0x12b2d: sub al, 0x20
0x12b2f: bound di, dword ptr [bx + di + 0x20]
0x12b32: push sp
0x12b33: push 0x2065
0x12b36: dec bx
0x12b37: imul bp, word ptr [bp + 0x67], 0x4c20
0x12b3c: imul di, word ptr [bp + si + 0x61], 0x6472
0x12b41: pop bp
2018-12-17T23:11:34.84068369Z 67 PC: 12a53 | Get or set file attributes
2018-12-17T23:11:34.847241326Z 67 PC: 12a5e | Get or set file attributes
2018-12-17T23:11:34.858178118Z 61 PC: 12a63 | Open file (Filename = 'PAH.COM')
2018-12-17T23:11:34.865860037Z 87 PC: 12a6b | Get or set file date and time
2018-12-17T23:11:34.867875209Z 64 PC: 12a7d | Write file or device (Write 1323 bytes on handle 5)
2018-12-17T23:11:34.87744987Z 87 PC: 12a8a | Get or set file date and time
2018-12-17T23:11:34.879644532Z 62 PC: 12a8e | Close file
2018-12-17T23:11:34.889467906Z 67 PC: 12a9a | Get or set file attributes
2018-12-17T23:11:34.901463611Z 79 PC: 12ad8 | Find next file
2018-12-17T23:11:34.905768018Z 44 PC: 12b0f | Get time 0x12b0f: cmp dx, 0
0x12b12: je 0x12b0b
0x12b14: mov word ptr [0x5dd], dx
0x12b18: ret
0x12b19: sub ch, byte ptr [0x4f43]
0x12b1d: dec bp
0x12b1e: add byte ptr [bp + di + 0x56], bl
0x12b21: imul si, word ptr [bp + si + 0x75], 0x2073
0x12b26: arpl word ptr [bx + 0x63], bp
0x12b29: outsw dx, word ptr [si]
0x12b2a: outsb dx, byte ptr [si]
0x12b2b: jne 0x12ba1
0x12b2d: sub al, 0x20
0x12b2f: bound di, dword ptr [bx + di + 0x20]
0x12b32: push sp
0x12b33: push 0x2065
0x12b36: dec bx
0x12b37: imul bp, word ptr [bp + 0x67], 0x4c20
0x12b3c: imul di, word ptr [bp + si + 0x61], 0x6472
0x12b41: pop bp
2018-12-17T23:11:34.909962876Z 67 PC: 12a53 | Get or set file attributes
2018-12-17T23:11:34.916596277Z 67 PC: 12a5e | Get or set file attributes
2018-12-17T23:11:34.92809022Z 61 PC: 12a63 | Open file (Filename = 'TEST.COM')
2018-12-17T23:11:34.936706175Z 87 PC: 12a6b | Get or set file date and time
2018-12-17T23:11:34.938367302Z 64 PC: 12a7d | Write file or device (Write 1323 bytes on handle 5)
2018-12-17T23:11:34.947982663Z 87 PC: 12a8a | Get or set file date and time
2018-12-17T23:11:34.950718294Z 62 PC: 12a8e | Close file
2018-12-17T23:11:34.959728601Z 67 PC: 12a9a | Get or set file attributes
2018-12-17T23:11:34.971925569Z 79 PC: 12ad8 | Find next file
2018-12-17T23:11:34.975433853Z 42 PC: 12ae2 | Get date 0x12ae2: cmp dh, 8
0x12ae5: jne 0x12af3
0x12ae7: cmp dl, 0x1f
0x12aea: jne 0x12af3
0x12aec: mov ah, 9
0x12aee: mov dx, 0x202
0x12af1: int 1
0x12af3: cli
0x12af4: push ds
0x12af5: xor ax, ax
0x12af7: mov ds, ax
0x12af9: mov ax, word ptr cs:[0x5e5]
0x12afd: mov word ptr [4], ax
0x12b00: mov ax, word ptr cs:[0x5e7]
0x12b04: mov word ptr [6], ax
0x12b07: pop ds
0x12b08: sti
0x12b09: int 0x20
0x12b0b: mov ah, 0x2c
0x12b0d: int 1

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":17230,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:55:19.159644402Z 78 PC: 12aca | Find first file
2018-12-25T12:55:19.166995508Z 44 PC: 12b0f | Get time 0x12b0f: cmp dx, 0
0x12b12: je 0x12b0b
0x12b14: mov word ptr [0x5dd], dx
0x12b18: ret
0x12b19: sub ch, byte ptr [0x4f43]
0x12b1d: dec bp
0x12b1e: add byte ptr [bp + di + 0x56], bl
0x12b21: imul si, word ptr [bp + si + 0x75], 0x2073
0x12b26: arpl word ptr [bx + 0x63], bp
0x12b29: outsw dx, word ptr [si]
0x12b2a: outsb dx, byte ptr [si]
0x12b2b: jne 0x12ba1
0x12b2d: sub al, 0x20
0x12b2f: bound di, dword ptr [bx + di + 0x20]
0x12b32: push sp
0x12b33: push 0x2065
0x12b36: dec bx
0x12b37: imul bp, word ptr [bp + 0x67], 0x4c20
0x12b3c: imul di, word ptr [bp + si + 0x61], 0x6472
0x12b41: pop bp
2018-12-25T12:55:19.169623416Z 67 PC: 12a53 | Get or set file attributes
2018-12-25T12:55:19.174950769Z 67 PC: 12a5e | Get or set file attributes
2018-12-25T12:55:19.194255723Z 61 PC: 12a63 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:55:19.201305673Z 87 PC: 12a6b | Get or set file date and time
2018-12-25T12:55:19.202840405Z 64 PC: 12a7d | Write file or device (Write 1323 bytes on handle 5)
2018-12-25T12:55:19.210800713Z 87 PC: 12a8a | Get or set file date and time
2018-12-25T12:55:19.212349469Z 62 PC: 12a8e | Close file
2018-12-25T12:55:19.220055974Z 67 PC: 12a9a | Get or set file attributes
2018-12-25T12:55:19.230243287Z 79 PC: 12ad8 | Find next file
2018-12-25T12:55:19.233145045Z 44 PC: 12b0f | Get time (See above)
2018-12-25T12:55:19.235783182Z 67 PC: 12a53 | Get or set file attributes (See above)
2018-12-25T12:55:19.24104176Z 67 PC: 12a5e | Get or set file attributes (See above)
2018-12-25T12:55:19.253838093Z 61 PC: 12a63 | Open file (See above)
2018-12-25T12:55:19.260358755Z 87 PC: 12a6b | Get or set file date and time (See above)
2018-12-25T12:55:19.261632751Z 64 PC: 12a7d | Write file or device (See above)
2018-12-25T12:55:19.270117156Z 87 PC: 12a8a | Get or set file date and time (See above)
2018-12-25T12:55:19.271912942Z 62 PC: 12a8e | Close file (See above)
2018-12-25T12:55:19.279285942Z 67 PC: 12a9a | Get or set file attributes (See above)
2018-12-25T12:55:19.289703538Z 79 PC: 12ad8 | Find next file (See above)
2018-12-25T12:55:19.292144503Z 44 PC: 12b0f | Get time (See above)
2018-12-25T12:55:19.294689396Z 67 PC: 12a53 | Get or set file attributes (See above)
2018-12-25T12:55:19.300601344Z 67 PC: 12a5e | Get or set file attributes (See above)
2018-12-25T12:55:19.312766569Z 61 PC: 12a63 | Open file (See above)
2018-12-25T12:55:19.319088881Z 87 PC: 12a6b | Get or set file date and time (See above)
2018-12-25T12:55:19.321517346Z 64 PC: 12a7d | Write file or device (See above)
2018-12-25T12:55:19.330142131Z 87 PC: 12a8a | Get or set file date and time (See above)
2018-12-25T12:55:19.331997585Z 62 PC: 12a8e | Close file (See above)
2018-12-25T12:55:19.340258483Z 67 PC: 12a9a | Get or set file attributes (See above)
2018-12-25T12:55:19.35082514Z 79 PC: 12ad8 | Find next file (See above)
2018-12-25T12:55:19.353684077Z 44 PC: 12b0f | Get time (See above)
2018-12-25T12:55:19.357347716Z 67 PC: 12a53 | Get or set file attributes (See above)
2018-12-25T12:55:19.363113225Z 67 PC: 12a5e | Get or set file attributes (See above)
2018-12-25T12:55:19.375082874Z 61 PC: 12a63 | Open file (See above)
2018-12-25T12:55:19.383118169Z 87 PC: 12a6b | Get or set file date and time (See above)
2018-12-25T12:55:19.384407285Z 64 PC: 12a7d | Write file or device (See above)
2018-12-25T12:55:19.392738038Z 87 PC: 12a8a | Get or set file date and time (See above)
2018-12-25T12:55:19.394957847Z 62 PC: 12a8e | Close file (See above)
2018-12-25T12:55:19.402302158Z 67 PC: 12a9a | Get or set file attributes (See above)
2018-12-25T12:55:19.412399802Z 79 PC: 12ad8 | Find next file (See above)
2018-12-25T12:55:19.415278844Z 44 PC: 12b0f | Get time (See above)
2018-12-25T12:55:19.417967811Z 67 PC: 12a53 | Get or set file attributes (See above)
2018-12-25T12:55:19.423330227Z 67 PC: 12a5e | Get or set file attributes (See above)
2018-12-25T12:55:19.433004928Z 61 PC: 12a63 | Open file (See above)
2018-12-25T12:55:19.444419557Z 87 PC: 12a6b | Get or set file date and time (See above)
2018-12-25T12:55:19.445645047Z 64 PC: 12a7d | Write file or device (See above)
2018-12-25T12:55:19.454428854Z 87 PC: 12a8a | Get or set file date and time (See above)
2018-12-25T12:55:19.455692744Z 62 PC: 12a8e | Close file (See above)
2018-12-25T12:55:19.462979708Z 67 PC: 12a9a | Get or set file attributes (See above)
2018-12-25T12:55:19.473239592Z 79 PC: 12ad8 | Find next file (See above)
2018-12-25T12:55:19.476081506Z 44 PC: 12b0f | Get time (See above)
2018-12-25T12:55:19.478646219Z 67 PC: 12a53 | Get or set file attributes (See above)
2018-12-25T12:55:19.484600934Z 67 PC: 12a5e | Get or set file attributes (See above)
2018-12-25T12:55:19.494032651Z 61 PC: 12a63 | Open file (See above)
2018-12-25T12:55:19.505374334Z 87 PC: 12a6b | Get or set file date and time (See above)
2018-12-25T12:55:19.507033389Z 64 PC: 12a7d | Write file or device (See above)
2018-12-25T12:55:19.517606573Z 87 PC: 12a8a | Get or set file date and time (See above)
2018-12-25T12:55:19.518775679Z 62 PC: 12a8e | Close file (See above)
2018-12-25T12:55:19.526247702Z 67 PC: 12a9a | Get or set file attributes (See above)
2018-12-25T12:55:19.536832021Z 79 PC: 12ad8 | Find next file (See above)
2018-12-25T12:55:19.5393251Z 44 PC: 12b0f | Get time (See above)
2018-12-25T12:55:19.542220481Z 67 PC: 12a53 | Get or set file attributes (See above)
2018-12-25T12:55:19.547737141Z 67 PC: 12a5e | Get or set file attributes (See above)
2018-12-25T12:55:19.557070912Z 61 PC: 12a63 | Open file (See above)
2018-12-25T12:55:19.568887956Z 87 PC: 12a6b | Get or set file date and time (See above)
2018-12-25T12:55:19.570105049Z 64 PC: 12a7d | Write file or device (See above)
2018-12-25T12:55:19.578095444Z 87 PC: 12a8a | Get or set file date and time (See above)
2018-12-25T12:55:19.579790013Z 62 PC: 12a8e | Close file (See above)
2018-12-25T12:55:19.58708986Z 67 PC: 12a9a | Get or set file attributes (See above)
2018-12-25T12:55:19.59733139Z 79 PC: 12ad8 | Find next file (See above)
2018-12-25T12:55:19.600850149Z 44 PC: 12b0f | Get time (See above)
2018-12-25T12:55:19.604162558Z 67 PC: 12a53 | Get or set file attributes (See above)
2018-12-25T12:55:19.609926095Z 67 PC: 12a5e | Get or set file attributes (See above)
2018-12-25T12:55:19.619783517Z 61 PC: 12a63 | Open file (See above)
2018-12-25T12:55:19.632363659Z 87 PC: 12a6b | Get or set file date and time (See above)
2018-12-25T12:55:19.633600984Z 64 PC: 12a7d | Write file or device (See above)
2018-12-25T12:55:19.641336821Z 87 PC: 12a8a | Get or set file date and time (See above)
2018-12-25T12:55:19.643379865Z 62 PC: 12a8e | Close file (See above)
2018-12-25T12:55:19.650512672Z 67 PC: 12a9a | Get or set file attributes (See above)
2018-12-25T12:55:19.661203152Z 79 PC: 12ad8 | Find next file (See above)
2018-12-25T12:55:19.664613745Z 42 PC: 12ae2 | Get date 0x12ae2: cmp dh, 8
0x12ae5: jne 0x12af3
0x12ae7: cmp dl, 0x1f
0x12aea: jne 0x12af3
0x12aec: mov ah, 9
0x12aee: mov dx, 0x202
0x12af1: int 1
0x12af3: cli
0x12af4: push ds
0x12af5: xor ax, ax
0x12af7: mov ds, ax
0x12af9: mov ax, word ptr cs:[0x5e5]
0x12afd: mov word ptr [4], ax
0x12b00: mov ax, word ptr cs:[0x5e7]
0x12b04: mov word ptr [6], ax
0x12b07: pop ds
0x12b08: sti
0x12b09: int 0x20
0x12b0b: mov ah, 0x2c
0x12b0d: int 1

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":17230,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:55:19.422098624Z 78 PC: 12aca | Find first file
2018-12-25T12:55:19.429584593Z 44 PC: 12b0f | Get time 0x12b0f: cmp dx, 0
0x12b12: je 0x12b0b
0x12b14: mov word ptr [0x5dd], dx
0x12b18: ret
0x12b19: sub ch, byte ptr [0x4f43]
0x12b1d: dec bp
0x12b1e: add byte ptr [bp + di + 0x56], bl
0x12b21: imul si, word ptr [bp + si + 0x75], 0x2073
0x12b26: arpl word ptr [bx + 0x63], bp
0x12b29: outsw dx, word ptr [si]
0x12b2a: outsb dx, byte ptr [si]
0x12b2b: jne 0x12ba1
0x12b2d: sub al, 0x20
0x12b2f: bound di, dword ptr [bx + di + 0x20]
0x12b32: push sp
0x12b33: push 0x2065
0x12b36: dec bx
0x12b37: imul bp, word ptr [bp + 0x67], 0x4c20
0x12b3c: imul di, word ptr [bp + si + 0x61], 0x6472
0x12b41: pop bp
2018-12-25T12:55:19.433456746Z 67 PC: 12a53 | Get or set file attributes
2018-12-25T12:55:19.439624438Z 67 PC: 12a5e | Get or set file attributes
2018-12-25T12:55:19.456609956Z 61 PC: 12a63 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:55:19.46552837Z 87 PC: 12a6b | Get or set file date and time
2018-12-25T12:55:19.467478573Z 64 PC: 12a7d | Write file or device (Write 1323 bytes on handle 5)
2018-12-25T12:55:19.477739123Z 87 PC: 12a8a | Get or set file date and time
2018-12-25T12:55:19.481553008Z 62 PC: 12a8e | Close file
2018-12-25T12:55:19.490785032Z 67 PC: 12a9a | Get or set file attributes
2018-12-25T12:55:19.503254892Z 79 PC: 12ad8 | Find next file
2018-12-25T12:55:19.507359529Z 44 PC: 12b0f | Get time (See above)
2018-12-25T12:55:19.510732569Z 67 PC: 12a53 | Get or set file attributes (See above)
2018-12-25T12:55:19.517586255Z 67 PC: 12a5e | Get or set file attributes (See above)
2018-12-25T12:55:19.529825031Z 61 PC: 12a63 | Open file (See above)
2018-12-25T12:55:19.537300962Z 87 PC: 12a6b | Get or set file date and time (See above)
2018-12-25T12:55:19.539251142Z 64 PC: 12a7d | Write file or device (See above)
2018-12-25T12:55:19.552476219Z 87 PC: 12a8a | Get or set file date and time (See above)
2018-12-25T12:55:19.554297558Z 62 PC: 12a8e | Close file (See above)
2018-12-25T12:55:19.563019836Z 67 PC: 12a9a | Get or set file attributes (See above)
2018-12-25T12:55:19.575983539Z 79 PC: 12ad8 | Find next file (See above)
2018-12-25T12:55:19.579243196Z 44 PC: 12b0f | Get time (See above)
2018-12-25T12:55:19.582762875Z 67 PC: 12a53 | Get or set file attributes (See above)
2018-12-25T12:55:19.589518746Z 67 PC: 12a5e | Get or set file attributes (See above)
2018-12-25T12:55:19.601532592Z 61 PC: 12a63 | Open file (See above)
2018-12-25T12:55:19.615044008Z 87 PC: 12a6b | Get or set file date and time (See above)
2018-12-25T12:55:19.616981908Z 64 PC: 12a7d | Write file or device (See above)
2018-12-25T12:55:19.627289943Z 87 PC: 12a8a | Get or set file date and time (See above)
2018-12-25T12:55:19.629248262Z 62 PC: 12a8e | Close file (See above)
2018-12-25T12:55:19.638160119Z 67 PC: 12a9a | Get or set file attributes (See above)
2018-12-25T12:55:19.650506493Z 79 PC: 12ad8 | Find next file (See above)
2018-12-25T12:55:19.654396129Z 44 PC: 12b0f | Get time (See above)
2018-12-25T12:55:19.658228116Z 67 PC: 12a53 | Get or set file attributes (See above)
2018-12-25T12:55:19.665498842Z 67 PC: 12a5e | Get or set file attributes (See above)
2018-12-25T12:55:19.676923839Z 61 PC: 12a63 | Open file (See above)
2018-12-25T12:55:19.684473714Z 87 PC: 12a6b | Get or set file date and time (See above)
2018-12-25T12:55:19.686643608Z 64 PC: 12a7d | Write file or device (See above)
2018-12-25T12:55:19.696209057Z 87 PC: 12a8a | Get or set file date and time (See above)
2018-12-25T12:55:19.698068158Z 62 PC: 12a8e | Close file (See above)
2018-12-25T12:55:19.707151936Z 67 PC: 12a9a | Get or set file attributes (See above)
2018-12-25T12:55:19.719542019Z 79 PC: 12ad8 | Find next file (See above)
2018-12-25T12:55:19.722591307Z 44 PC: 12b0f | Get time (See above)
2018-12-25T12:55:19.725791121Z 67 PC: 12a53 | Get or set file attributes (See above)
2018-12-25T12:55:19.732380872Z 67 PC: 12a5e | Get or set file attributes (See above)
2018-12-25T12:55:19.745865616Z 61 PC: 12a63 | Open file (See above)
2018-12-25T12:55:19.752772066Z 87 PC: 12a6b | Get or set file date and time (See above)
2018-12-25T12:55:19.754494007Z 64 PC: 12a7d | Write file or device (See above)
2018-12-25T12:55:19.763283292Z 87 PC: 12a8a | Get or set file date and time (See above)
2018-12-25T12:55:19.764375352Z 62 PC: 12a8e | Close file (See above)
2018-12-25T12:55:19.770294662Z 67 PC: 12a9a | Get or set file attributes (See above)
2018-12-25T12:55:19.777165812Z 79 PC: 12ad8 | Find next file (See above)
2018-12-25T12:55:19.779694706Z 44 PC: 12b0f | Get time (See above)
2018-12-25T12:55:19.783167069Z 67 PC: 12a53 | Get or set file attributes (See above)
2018-12-25T12:55:19.78913874Z 67 PC: 12a5e | Get or set file attributes (See above)
2018-12-25T12:55:19.802675945Z 61 PC: 12a63 | Open file (See above)
2018-12-25T12:55:19.810136736Z 87 PC: 12a6b | Get or set file date and time (See above)
2018-12-25T12:55:19.811644598Z 64 PC: 12a7d | Write file or device (See above)
2018-12-25T12:55:19.820661038Z 87 PC: 12a8a | Get or set file date and time (See above)
2018-12-25T12:55:19.82268415Z 62 PC: 12a8e | Close file (See above)
2018-12-25T12:55:19.830778267Z 67 PC: 12a9a | Get or set file attributes (See above)
2018-12-25T12:55:19.841871431Z 79 PC: 12ad8 | Find next file (See above)
2018-12-25T12:55:19.844721747Z 44 PC: 12b0f | Get time (See above)
2018-12-25T12:55:19.847690919Z 67 PC: 12a53 | Get or set file attributes (See above)
2018-12-25T12:55:19.853747481Z 67 PC: 12a5e | Get or set file attributes (See above)
2018-12-25T12:55:19.867105138Z 61 PC: 12a63 | Open file (See above)
2018-12-25T12:55:19.874275332Z 87 PC: 12a6b | Get or set file date and time (See above)
2018-12-25T12:55:19.875587463Z 64 PC: 12a7d | Write file or device (See above)
2018-12-25T12:55:19.884318985Z 87 PC: 12a8a | Get or set file date and time (See above)
2018-12-25T12:55:19.886612359Z 62 PC: 12a8e | Close file (See above)
2018-12-25T12:55:19.895739547Z 67 PC: 12a9a | Get or set file attributes (See above)
2018-12-25T12:55:19.907445347Z 79 PC: 12ad8 | Find next file (See above)
2018-12-25T12:55:19.910752836Z 44 PC: 12b0f | Get time (See above)
2018-12-25T12:55:19.913862853Z 67 PC: 12a53 | Get or set file attributes (See above)
2018-12-25T12:55:19.920172007Z 67 PC: 12a5e | Get or set file attributes (See above)
2018-12-25T12:55:19.935193697Z 61 PC: 12a63 | Open file (See above)
2018-12-25T12:55:19.942624361Z 87 PC: 12a6b | Get or set file date and time (See above)
2018-12-25T12:55:19.944286029Z 64 PC: 12a7d | Write file or device (See above)
2018-12-25T12:55:19.95458852Z 87 PC: 12a8a | Get or set file date and time (See above)
2018-12-25T12:55:19.956500606Z 62 PC: 12a8e | Close file (See above)
2018-12-25T12:55:19.965238619Z 67 PC: 12a9a | Get or set file attributes (See above)
2018-12-25T12:55:19.977758421Z 79 PC: 12ad8 | Find next file (See above)
2018-12-25T12:55:19.980245518Z 42 PC: 12ae2 | Get date 0x12ae2: cmp dh, 8
0x12ae5: jne 0x12af3
0x12ae7: cmp dl, 0x1f
0x12aea: jne 0x12af3
0x12aec: mov ah, 9
0x12aee: mov dx, 0x202
0x12af1: int 1
0x12af3: cli
0x12af4: push ds
0x12af5: xor ax, ax
0x12af7: mov ds, ax
0x12af9: mov ax, word ptr cs:[0x5e5]
0x12afd: mov word ptr [4], ax
0x12b00: mov ax, word ptr cs:[0x5e7]
0x12b04: mov word ptr [6], ax
0x12b07: pop ds
0x12b08: sti
0x12b09: int 0x20
0x12b0b: mov ah, 0x2c
0x12b0d: int 1

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":17230,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:55:19.484833788Z 78 PC: 12aca | Find first file
2018-12-25T12:55:19.490858233Z 44 PC: 12b0f | Get time 0x12b0f: cmp dx, 0
0x12b12: je 0x12b0b
0x12b14: mov word ptr [0x5dd], dx
0x12b18: ret
0x12b19: sub ch, byte ptr [0x4f43]
0x12b1d: dec bp
0x12b1e: add byte ptr [bp + di + 0x56], bl
0x12b21: imul si, word ptr [bp + si + 0x75], 0x2073
0x12b26: arpl word ptr [bx + 0x63], bp
0x12b29: outsw dx, word ptr [si]
0x12b2a: outsb dx, byte ptr [si]
0x12b2b: jne 0x12ba1
0x12b2d: sub al, 0x20
0x12b2f: bound di, dword ptr [bx + di + 0x20]
0x12b32: push sp
0x12b33: push 0x2065
0x12b36: dec bx
0x12b37: imul bp, word ptr [bp + 0x67], 0x4c20
0x12b3c: imul di, word ptr [bp + si + 0x61], 0x6472
0x12b41: pop bp
2018-12-25T12:55:19.493415389Z 67 PC: 12a53 | Get or set file attributes
2018-12-25T12:55:19.498735107Z 67 PC: 12a5e | Get or set file attributes
2018-12-25T12:55:19.518447614Z 61 PC: 12a63 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:55:19.524695846Z 87 PC: 12a6b | Get or set file date and time
2018-12-25T12:55:19.525749757Z 64 PC: 12a7d | Write file or device (Write 1323 bytes on handle 5)
2018-12-25T12:55:19.534523655Z 87 PC: 12a8a | Get or set file date and time
2018-12-25T12:55:19.536216893Z 62 PC: 12a8e | Close file
2018-12-25T12:55:19.543960946Z 67 PC: 12a9a | Get or set file attributes
2018-12-25T12:55:19.556262448Z 79 PC: 12ad8 | Find next file
2018-12-25T12:55:19.558802394Z 44 PC: 12b0f | Get time (See above)
2018-12-25T12:55:19.561317951Z 67 PC: 12a53 | Get or set file attributes (See above)
2018-12-25T12:55:19.567381928Z 67 PC: 12a5e | Get or set file attributes (See above)
2018-12-25T12:55:19.580270236Z 61 PC: 12a63 | Open file (See above)
2018-12-25T12:55:19.586892435Z 87 PC: 12a6b | Get or set file date and time (See above)
2018-12-25T12:55:19.588500751Z 64 PC: 12a7d | Write file or device (See above)
2018-12-25T12:55:19.597600552Z 87 PC: 12a8a | Get or set file date and time (See above)
2018-12-25T12:55:19.599409041Z 62 PC: 12a8e | Close file (See above)
2018-12-25T12:55:19.607189978Z 67 PC: 12a9a | Get or set file attributes (See above)
2018-12-25T12:55:19.618114342Z 79 PC: 12ad8 | Find next file (See above)
2018-12-25T12:55:19.620776209Z 44 PC: 12b0f | Get time (See above)
2018-12-25T12:55:19.623343541Z 67 PC: 12a53 | Get or set file attributes (See above)
2018-12-25T12:55:19.629424211Z 67 PC: 12a5e | Get or set file attributes (See above)
2018-12-25T12:55:19.641647083Z 61 PC: 12a63 | Open file (See above)
2018-12-25T12:55:19.647979345Z 87 PC: 12a6b | Get or set file date and time (See above)
2018-12-25T12:55:19.649877247Z 64 PC: 12a7d | Write file or device (See above)
2018-12-25T12:55:19.658000823Z 87 PC: 12a8a | Get or set file date and time (See above)
2018-12-25T12:55:19.659431466Z 62 PC: 12a8e | Close file (See above)
2018-12-25T12:55:19.667132357Z 67 PC: 12a9a | Get or set file attributes (See above)
2018-12-25T12:55:19.677217608Z 79 PC: 12ad8 | Find next file (See above)
2018-12-25T12:55:19.679684471Z 44 PC: 12b0f | Get time (See above)
2018-12-25T12:55:19.68289746Z 67 PC: 12a53 | Get or set file attributes (See above)
2018-12-25T12:55:19.688456622Z 67 PC: 12a5e | Get or set file attributes (See above)
2018-12-25T12:55:19.700796762Z 61 PC: 12a63 | Open file (See above)
2018-12-25T12:55:19.708265756Z 87 PC: 12a6b | Get or set file date and time (See above)
2018-12-25T12:55:19.709903039Z 64 PC: 12a7d | Write file or device (See above)
2018-12-25T12:55:19.715298622Z 87 PC: 12a8a | Get or set file date and time (See above)
2018-12-25T12:55:19.71702664Z 62 PC: 12a8e | Close file (See above)
2018-12-25T12:55:19.721964727Z 67 PC: 12a9a | Get or set file attributes (See above)
2018-12-25T12:55:19.728368488Z 79 PC: 12ad8 | Find next file (See above)
2018-12-25T12:55:19.730618248Z 44 PC: 12b0f | Get time (See above)
2018-12-25T12:55:19.732493077Z 67 PC: 12a53 | Get or set file attributes (See above)
2018-12-25T12:55:19.737245102Z 67 PC: 12a5e | Get or set file attributes (See above)
2018-12-25T12:55:19.747640933Z 61 PC: 12a63 | Open file (See above)
2018-12-25T12:55:19.759723798Z 87 PC: 12a6b | Get or set file date and time (See above)
2018-12-25T12:55:19.761378062Z 64 PC: 12a7d | Write file or device (See above)
2018-12-25T12:55:19.769909324Z 87 PC: 12a8a | Get or set file date and time (See above)
2018-12-25T12:55:19.771534564Z 62 PC: 12a8e | Close file (See above)
2018-12-25T12:55:19.778908579Z 67 PC: 12a9a | Get or set file attributes (See above)
2018-12-25T12:55:19.789239103Z 79 PC: 12ad8 | Find next file (See above)
2018-12-25T12:55:19.792210068Z 44 PC: 12b0f | Get time (See above)
2018-12-25T12:55:19.794629401Z 67 PC: 12a53 | Get or set file attributes (See above)
2018-12-25T12:55:19.800004743Z 67 PC: 12a5e | Get or set file attributes (See above)
2018-12-25T12:55:19.809599436Z 61 PC: 12a63 | Open file (See above)
2018-12-25T12:55:19.820348882Z 87 PC: 12a6b | Get or set file date and time (See above)
2018-12-25T12:55:19.821580103Z 64 PC: 12a7d | Write file or device (See above)
2018-12-25T12:55:19.831236655Z 87 PC: 12a8a | Get or set file date and time (See above)
2018-12-25T12:55:19.832640321Z 62 PC: 12a8e | Close file (See above)
2018-12-25T12:55:19.840048332Z 67 PC: 12a9a | Get or set file attributes (See above)
2018-12-25T12:55:19.850981962Z 79 PC: 12ad8 | Find next file (See above)
2018-12-25T12:55:19.853553446Z 44 PC: 12b0f | Get time (See above)
2018-12-25T12:55:19.856251643Z 67 PC: 12a53 | Get or set file attributes (See above)
2018-12-25T12:55:19.862706376Z 67 PC: 12a5e | Get or set file attributes (See above)
2018-12-25T12:55:19.872160935Z 61 PC: 12a63 | Open file (See above)
2018-12-25T12:55:19.883038687Z 87 PC: 12a6b | Get or set file date and time (See above)
2018-12-25T12:55:19.884625904Z 64 PC: 12a7d | Write file or device (See above)
2018-12-25T12:55:19.893063446Z 87 PC: 12a8a | Get or set file date and time (See above)
2018-12-25T12:55:19.894356753Z 62 PC: 12a8e | Close file (See above)
2018-12-25T12:55:19.90209799Z 67 PC: 12a9a | Get or set file attributes (See above)
2018-12-25T12:55:19.912200718Z 79 PC: 12ad8 | Find next file (See above)
2018-12-25T12:55:19.914592113Z 44 PC: 12b0f | Get time (See above)
2018-12-25T12:55:19.917332116Z 67 PC: 12a53 | Get or set file attributes (See above)
2018-12-25T12:55:19.922665211Z 67 PC: 12a5e | Get or set file attributes (See above)
2018-12-25T12:55:19.93187609Z 61 PC: 12a63 | Open file (See above)
2018-12-25T12:55:19.943033777Z 87 PC: 12a6b | Get or set file date and time (See above)
2018-12-25T12:55:19.944188901Z 64 PC: 12a7d | Write file or device (See above)
2018-12-25T12:55:19.952275724Z 87 PC: 12a8a | Get or set file date and time (See above)
2018-12-25T12:55:19.954172464Z 62 PC: 12a8e | Close file (See above)
2018-12-25T12:55:19.961529337Z 67 PC: 12a9a | Get or set file attributes (See above)
2018-12-25T12:55:19.971636419Z 79 PC: 12ad8 | Find next file (See above)
2018-12-25T12:55:19.974720319Z 42 PC: 12ae2 | Get date 0x12ae2: cmp dh, 8
0x12ae5: jne 0x12af3
0x12ae7: cmp dl, 0x1f
0x12aea: jne 0x12af3
0x12aec: mov ah, 9
0x12aee: mov dx, 0x202
0x12af1: int 1
0x12af3: cli
0x12af4: push ds
0x12af5: xor ax, ax
0x12af7: mov ds, ax
0x12af9: mov ax, word ptr cs:[0x5e5]
0x12afd: mov word ptr [4], ax
0x12b00: mov ax, word ptr cs:[0x5e7]
0x12b04: mov word ptr [6], ax
0x12b07: pop ds
0x12b08: sti
0x12b09: int 0x20
0x12b0b: mov ah, 0x2c
0x12b0d: int 1

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":17230,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:55:19.525230803Z 78 PC: 12aca | Find first file
2018-12-25T12:55:19.531369007Z 44 PC: 12b0f | Get time 0x12b0f: cmp dx, 0
0x12b12: je 0x12b0b
0x12b14: mov word ptr [0x5dd], dx
0x12b18: ret
0x12b19: sub ch, byte ptr [0x4f43]
0x12b1d: dec bp
0x12b1e: add byte ptr [bp + di + 0x56], bl
0x12b21: imul si, word ptr [bp + si + 0x75], 0x2073
0x12b26: arpl word ptr [bx + 0x63], bp
0x12b29: outsw dx, word ptr [si]
0x12b2a: outsb dx, byte ptr [si]
0x12b2b: jne 0x12ba1
0x12b2d: sub al, 0x20
0x12b2f: bound di, dword ptr [bx + di + 0x20]
0x12b32: push sp
0x12b33: push 0x2065
0x12b36: dec bx
0x12b37: imul bp, word ptr [bp + 0x67], 0x4c20
0x12b3c: imul di, word ptr [bp + si + 0x61], 0x6472
0x12b41: pop bp
2018-12-25T12:55:19.533915828Z 67 PC: 12a53 | Get or set file attributes
2018-12-25T12:55:19.539183616Z 67 PC: 12a5e | Get or set file attributes
2018-12-25T12:55:19.556490853Z 61 PC: 12a63 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:55:19.563005733Z 87 PC: 12a6b | Get or set file date and time
2018-12-25T12:55:19.564403138Z 64 PC: 12a7d | Write file or device (Write 1323 bytes on handle 5)
2018-12-25T12:55:19.573026067Z 87 PC: 12a8a | Get or set file date and time
2018-12-25T12:55:19.574533398Z 62 PC: 12a8e | Close file
2018-12-25T12:55:19.582430294Z 67 PC: 12a9a | Get or set file attributes
2018-12-25T12:55:19.592773777Z 79 PC: 12ad8 | Find next file
2018-12-25T12:55:19.59542951Z 44 PC: 12b0f | Get time (See above)
2018-12-25T12:55:19.598028395Z 67 PC: 12a53 | Get or set file attributes (See above)
2018-12-25T12:55:19.603364406Z 67 PC: 12a5e | Get or set file attributes (See above)
2018-12-25T12:55:19.613035212Z 61 PC: 12a63 | Open file (See above)
2018-12-25T12:55:19.619380817Z 87 PC: 12a6b | Get or set file date and time (See above)
2018-12-25T12:55:19.620678468Z 64 PC: 12a7d | Write file or device (See above)
2018-12-25T12:55:19.629763857Z 87 PC: 12a8a | Get or set file date and time (See above)
2018-12-25T12:55:19.631095147Z 62 PC: 12a8e | Close file (See above)
2018-12-25T12:55:19.638483241Z 67 PC: 12a9a | Get or set file attributes (See above)
2018-12-25T12:55:19.649437736Z 79 PC: 12ad8 | Find next file (See above)
2018-12-25T12:55:19.652207394Z 44 PC: 12b0f | Get time (See above)
2018-12-25T12:55:19.655075345Z 67 PC: 12a53 | Get or set file attributes (See above)
2018-12-25T12:55:19.66161907Z 67 PC: 12a5e | Get or set file attributes (See above)
2018-12-25T12:55:19.671129116Z 61 PC: 12a63 | Open file (See above)
2018-12-25T12:55:19.677715733Z 87 PC: 12a6b | Get or set file date and time (See above)
2018-12-25T12:55:19.680291346Z 64 PC: 12a7d | Write file or device (See above)
2018-12-25T12:55:19.68837415Z 87 PC: 12a8a | Get or set file date and time (See above)
2018-12-25T12:55:19.689750145Z 62 PC: 12a8e | Close file (See above)
2018-12-25T12:55:19.698113257Z 67 PC: 12a9a | Get or set file attributes (See above)
2018-12-25T12:55:19.710882004Z 79 PC: 12ad8 | Find next file (See above)
2018-12-25T12:55:19.713400558Z 44 PC: 12b0f | Get time (See above)
2018-12-25T12:55:19.71708195Z 67 PC: 12a53 | Get or set file attributes (See above)
2018-12-25T12:55:19.722521185Z 67 PC: 12a5e | Get or set file attributes (See above)
2018-12-25T12:55:19.731968531Z 61 PC: 12a63 | Open file (See above)
2018-12-25T12:55:19.738269367Z 87 PC: 12a6b | Get or set file date and time (See above)
2018-12-25T12:55:19.739560325Z 64 PC: 12a7d | Write file or device (See above)
2018-12-25T12:55:19.74766627Z 87 PC: 12a8a | Get or set file date and time (See above)
2018-12-25T12:55:19.749139012Z 62 PC: 12a8e | Close file (See above)
2018-12-25T12:55:19.756772779Z 67 PC: 12a9a | Get or set file attributes (See above)
2018-12-25T12:55:19.769438023Z 79 PC: 12ad8 | Find next file (See above)
2018-12-25T12:55:19.771858373Z 44 PC: 12b0f | Get time (See above)
2018-12-25T12:55:19.774680439Z 67 PC: 12a53 | Get or set file attributes (See above)
2018-12-25T12:55:19.780005056Z 67 PC: 12a5e | Get or set file attributes (See above)
2018-12-25T12:55:19.789765975Z 61 PC: 12a63 | Open file (See above)
2018-12-25T12:55:19.796446526Z 87 PC: 12a6b | Get or set file date and time (See above)
2018-12-25T12:55:19.797630758Z 64 PC: 12a7d | Write file or device (See above)
2018-12-25T12:55:19.805557951Z 87 PC: 12a8a | Get or set file date and time (See above)
2018-12-25T12:55:19.807315731Z 62 PC: 12a8e | Close file (See above)
2018-12-25T12:55:19.814514743Z 67 PC: 12a9a | Get or set file attributes (See above)
2018-12-25T12:55:19.826862149Z 79 PC: 12ad8 | Find next file (See above)
2018-12-25T12:55:19.82925708Z 44 PC: 12b0f | Get time (See above)
2018-12-25T12:55:19.831610393Z 67 PC: 12a53 | Get or set file attributes (See above)
2018-12-25T12:55:19.835195878Z 67 PC: 12a5e | Get or set file attributes (See above)
2018-12-25T12:55:19.842146223Z 61 PC: 12a63 | Open file (See above)
2018-12-25T12:55:19.846974305Z 87 PC: 12a6b | Get or set file date and time (See above)
2018-12-25T12:55:19.847998368Z 64 PC: 12a7d | Write file or device (See above)
2018-12-25T12:55:19.854119403Z 87 PC: 12a8a | Get or set file date and time (See above)
2018-12-25T12:55:19.855218495Z 62 PC: 12a8e | Close file (See above)
2018-12-25T12:55:19.859974789Z 67 PC: 12a9a | Get or set file attributes (See above)
2018-12-25T12:55:19.86664723Z 79 PC: 12ad8 | Find next file (See above)
2018-12-25T12:55:19.869064468Z 44 PC: 12b0f | Get time (See above)
2018-12-25T12:55:19.871562722Z 67 PC: 12a53 | Get or set file attributes (See above)
2018-12-25T12:55:19.877285991Z 67 PC: 12a5e | Get or set file attributes (See above)
2018-12-25T12:55:19.889083613Z 61 PC: 12a63 | Open file (See above)
2018-12-25T12:55:19.900447507Z 87 PC: 12a6b | Get or set file date and time (See above)
2018-12-25T12:55:19.902703867Z 64 PC: 12a7d | Write file or device (See above)
2018-12-25T12:55:19.910784395Z 87 PC: 12a8a | Get or set file date and time (See above)
2018-12-25T12:55:19.912099119Z 62 PC: 12a8e | Close file (See above)
2018-12-25T12:55:19.919947401Z 67 PC: 12a9a | Get or set file attributes (See above)
2018-12-25T12:55:19.930066171Z 79 PC: 12ad8 | Find next file (See above)
2018-12-25T12:55:19.932478053Z 44 PC: 12b0f | Get time (See above)
2018-12-25T12:55:19.935586983Z 67 PC: 12a53 | Get or set file attributes (See above)
2018-12-25T12:55:19.940968248Z 67 PC: 12a5e | Get or set file attributes (See above)
2018-12-25T12:55:19.950261661Z 61 PC: 12a63 | Open file (See above)
2018-12-25T12:55:19.961957021Z 87 PC: 12a6b | Get or set file date and time (See above)
2018-12-25T12:55:19.963186228Z 64 PC: 12a7d | Write file or device (See above)
2018-12-25T12:55:19.9712495Z 87 PC: 12a8a | Get or set file date and time (See above)
2018-12-25T12:55:19.973298887Z 62 PC: 12a8e | Close file (See above)
2018-12-25T12:55:19.980520926Z 67 PC: 12a9a | Get or set file attributes (See above)
2018-12-25T12:55:19.990867947Z 79 PC: 12ad8 | Find next file (See above)
2018-12-25T12:55:19.993512447Z 42 PC: 12ae2 | Get date 0x12ae2: cmp dh, 8
0x12ae5: jne 0x12af3
0x12ae7: cmp dl, 0x1f
0x12aea: jne 0x12af3
0x12aec: mov ah, 9
0x12aee: mov dx, 0x202
0x12af1: int 1
0x12af3: cli
0x12af4: push ds
0x12af5: xor ax, ax
0x12af7: mov ds, ax
0x12af9: mov ax, word ptr cs:[0x5e5]
0x12afd: mov word ptr [4], ax
0x12b00: mov ax, word ptr cs:[0x5e7]
0x12b04: mov word ptr [6], ax
0x12b07: pop ds
0x12b08: sti
0x12b09: int 0x20
0x12b0b: mov ah, 0x2c
0x12b0d: int 1