Sample viewer

vx.netlux.org/Virus.DOS.Lct.599

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:15:07.160603562Z 42 PC: 12a62 | Get date 0x12a62: cmp dh, 0xc
0x12a65: jne 0x12a6f
0x12a67: cmp dl, 0x19
0x12a6a: jne 0x12a6f
0x12a6c: jmp 0x12c44
0x12a6f: cmp dh, 4
0x12a72: jne 0x12a79
0x12a74: cmp dl, 1
0x12a77: jne 0x12a79
0x12a79: call 0x12c24
0x12a7c: call 0x12c11
0x12a7f: mov si, bp
0x12a81: add si, 0x22a
0x12a85: lodsw ax, word ptr [si]
0x12a86: cmp ax, 5
0x12a89: ja 0x12a8e
0x12a8b: jmp 0x12ae5
0x12a8e: call 0x12bf8
0x12a91: mov bx, ax
0x12a93: mov al, 0
2018-12-17T22:15:07.163019569Z 26 PC: 12c2e | Set disk transfer address
2018-12-17T22:15:07.165326159Z 78 PC: 12c1e | Find first file
2018-12-17T22:15:07.17140393Z 61 PC: 12c03 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:15:07.178037319Z 87 PC: 12be6 | Get or set file date and time
2018-12-17T22:15:07.180600009Z 63 PC: 12aa5 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:15:07.186930255Z 66 PC: 12aaf | Move file pointer
2018-12-17T22:15:07.188493013Z 64 PC: 12b08 | Write file or device (Write 599 bytes on handle 5)
2018-12-17T22:15:07.203687401Z 66 PC: 12b12 | Move file pointer
2018-12-17T22:15:07.218246645Z 64 PC: 12b20 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:15:07.226056515Z 87 PC: 12be1 | Get or set file date and time
2018-12-17T22:15:07.228118553Z 62 PC: 12b2a | Close file
2018-12-17T22:15:07.242182084Z 79 PC: 12aec | Find next file
2018-12-17T22:15:07.244968914Z 61 PC: 12c03 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:15:07.251789163Z 87 PC: 12be6 | Get or set file date and time
2018-12-17T22:15:07.254048859Z 63 PC: 12aa5 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:15:07.26072271Z 66 PC: 12aaf | Move file pointer
2018-12-17T22:15:07.262657667Z 64 PC: 12b08 | Write file or device (Write 599 bytes on handle 5)
2018-12-17T22:15:07.271451451Z 66 PC: 12b12 | Move file pointer
2018-12-17T22:15:07.27697911Z 64 PC: 12b20 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:15:07.299810012Z 87 PC: 12be1 | Get or set file date and time
2018-12-17T22:15:07.302696616Z 62 PC: 12b2a | Close file
2018-12-17T22:15:07.31104605Z 79 PC: 12aec | Find next file
2018-12-17T22:15:07.313941144Z 61 PC: 12c03 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:15:07.321613924Z 87 PC: 12be6 | Get or set file date and time
2018-12-17T22:15:07.323331422Z 63 PC: 12aa5 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:15:07.329778715Z 66 PC: 12aaf | Move file pointer
2018-12-17T22:15:07.332361314Z 64 PC: 12b08 | Write file or device (Write 599 bytes on handle 5)
2018-12-17T22:15:07.341242203Z 66 PC: 12b12 | Move file pointer
2018-12-17T22:15:07.342557844Z 64 PC: 12b20 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:15:07.349724574Z 87 PC: 12be1 | Get or set file date and time
2018-12-17T22:15:07.352344478Z 62 PC: 12b2a | Close file
2018-12-17T22:15:07.36050438Z 79 PC: 12aec | Find next file
2018-12-17T22:15:07.363491994Z 61 PC: 12c03 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:15:07.371344792Z 87 PC: 12be6 | Get or set file date and time
2018-12-17T22:15:07.373101517Z 63 PC: 12aa5 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:15:07.379759592Z 66 PC: 12aaf | Move file pointer
2018-12-17T22:15:07.382368153Z 64 PC: 12b08 | Write file or device (Write 599 bytes on handle 5)
2018-12-17T22:15:07.390968975Z 66 PC: 12b12 | Move file pointer
2018-12-17T22:15:07.392669636Z 64 PC: 12b20 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:15:07.399798371Z 87 PC: 12be1 | Get or set file date and time
2018-12-17T22:15:07.401917493Z 62 PC: 12b2a | Close file
2018-12-17T22:15:07.410344837Z 79 PC: 12aec | Find next file
2018-12-17T22:15:07.424614325Z 61 PC: 12c03 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:15:07.431677505Z 87 PC: 12be6 | Get or set file date and time
2018-12-17T22:15:07.433364182Z 63 PC: 12aa5 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:15:07.442927568Z 66 PC: 12aaf | Move file pointer
2018-12-17T22:15:07.445496794Z 64 PC: 12b08 | Write file or device (Write 599 bytes on handle 5)
2018-12-17T22:15:07.460465945Z 66 PC: 12b12 | Move file pointer
2018-12-17T22:15:07.461895131Z 64 PC: 12b20 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:15:07.475265182Z 87 PC: 12be1 | Get or set file date and time
2018-12-17T22:15:07.481169743Z 62 PC: 12b2a | Close file
2018-12-17T22:15:07.501508259Z 79 PC: 12aec | Find next file
2018-12-17T22:15:07.506663216Z 61 PC: 12c03 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:15:07.513744142Z 87 PC: 12be6 | Get or set file date and time
2018-12-17T22:15:07.520845756Z 63 PC: 12aa5 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:15:07.5279608Z 66 PC: 12aaf | Move file pointer
2018-12-17T22:15:07.529645926Z 64 PC: 12b08 | Write file or device (Write 599 bytes on handle 5)
2018-12-17T22:15:07.538674895Z 66 PC: 12b12 | Move file pointer
2018-12-17T22:15:07.540902971Z 64 PC: 12b20 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:15:07.547484448Z 87 PC: 12be1 | Get or set file date and time
2018-12-17T22:15:07.549263684Z 62 PC: 12b2a | Close file
2018-12-17T22:15:07.557859849Z 79 PC: 12aec | Find next file
2018-12-17T22:15:07.564475153Z 61 PC: 12c03 | Open file (Filename = 'PAH.COM')
2018-12-17T22:15:07.57110098Z 87 PC: 12be6 | Get or set file date and time
2018-12-17T22:15:07.573572822Z 63 PC: 12aa5 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:15:07.580488408Z 66 PC: 12aaf | Move file pointer
2018-12-17T22:15:07.582231633Z 64 PC: 12b08 | Write file or device (Write 599 bytes on handle 5)
2018-12-17T22:15:07.591087369Z 66 PC: 12b12 | Move file pointer
2018-12-17T22:15:07.593026019Z 64 PC: 12b20 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:15:07.599680581Z 87 PC: 12be1 | Get or set file date and time
2018-12-17T22:15:07.602208612Z 62 PC: 12b2a | Close file
2018-12-17T22:15:07.61074141Z 79 PC: 12aec | Find next file
2018-12-17T22:15:07.613580089Z 61 PC: 12c03 | Open file (Filename = 'TEST.COM')
2018-12-17T22:15:07.620439751Z 87 PC: 12be6 | Get or set file date and time
2018-12-17T22:15:07.622909651Z 63 PC: 12aa5 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:15:07.625656066Z 66 PC: 12aaf | Move file pointer
2018-12-17T22:15:07.627362938Z 64 PC: 12b08 | Write file or device (Write 599 bytes on handle 5)
2018-12-17T22:15:07.636356148Z 66 PC: 12b12 | Move file pointer
2018-12-17T22:15:07.637919832Z 64 PC: 12b20 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:15:07.640867328Z 87 PC: 12be1 | Get or set file date and time
2018-12-17T22:15:07.643560228Z 62 PC: 12b2a | Close file
2018-12-17T22:15:07.651355443Z 79 PC: 12aec | Find next file

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2793,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:46:27.692563Z 42 PC: 12a62 | Get date 0x12a62: cmp dh, 0xc
0x12a65: jne 0x12a6f
0x12a67: cmp dl, 0x19
0x12a6a: jne 0x12a6f
0x12a6c: jmp 0x12c44
0x12a6f: cmp dh, 4
0x12a72: jne 0x12a79
0x12a74: cmp dl, 1
0x12a77: jne 0x12a79
0x12a79: call 0x12c24
0x12a7c: call 0x12c11
0x12a7f: mov si, bp
0x12a81: add si, 0x22a
0x12a85: lodsw ax, word ptr [si]
0x12a86: cmp ax, 5
0x12a89: ja 0x12a8e
0x12a8b: jmp 0x12ae5
0x12a8e: call 0x12bf8
0x12a91: mov bx, ax
0x12a93: mov al, 0
2018-12-25T11:46:27.695373866Z 26 PC: 12c2e | Set disk transfer address
2018-12-25T11:46:27.696586409Z 78 PC: 12c1e | Find first file
2018-12-25T11:46:27.703152204Z 61 PC: 12c03 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:46:27.70933128Z 87 PC: 12be6 | Get or set file date and time
2018-12-25T11:46:27.711385376Z 63 PC: 12aa5 | Read file or device (Read 5 bytes on handle 5)
2018-12-25T11:46:27.717128181Z 66 PC: 12aaf | Move file pointer
2018-12-25T11:46:27.718865617Z 64 PC: 12b08 | Write file or device (Write 599 bytes on handle 5)
2018-12-25T11:46:28.106327387Z 66 PC: 12b12 | Move file pointer
2018-12-25T11:46:28.108464579Z 64 PC: 12b20 | Write file or device (Write 5 bytes on handle 5)
2018-12-25T11:46:28.120857756Z 87 PC: 12be1 | Get or set file date and time
2018-12-25T11:46:28.123256437Z 62 PC: 12b2a | Close file
2018-12-25T11:46:28.134916509Z 79 PC: 12aec | Find next file
2018-12-25T11:46:28.138348989Z 61 PC: 12c03 | Open file (See above)
2018-12-25T11:46:28.147839536Z 87 PC: 12be6 | Get or set file date and time (See above)
2018-12-25T11:46:28.149449244Z 63 PC: 12aa5 | Read file or device (See above)
2018-12-25T11:46:28.159672208Z 66 PC: 12aaf | Move file pointer (See above)
2018-12-25T11:46:28.161824628Z 64 PC: 12b08 | Write file or device (See above)
2018-12-25T11:46:28.170807449Z 66 PC: 12b12 | Move file pointer (See above)
2018-12-25T11:46:28.172435791Z 64 PC: 12b20 | Write file or device (See above)
2018-12-25T11:46:28.180523976Z 87 PC: 12be1 | Get or set file date and time (See above)
2018-12-25T11:46:28.182995717Z 62 PC: 12b2a | Close file (See above)
2018-12-25T11:46:28.193498739Z 79 PC: 12aec | Find next file (See above)
2018-12-25T11:46:28.196888433Z 61 PC: 12c03 | Open file (See above)
2018-12-25T11:46:28.204738774Z 87 PC: 12be6 | Get or set file date and time (See above)
2018-12-25T11:46:28.206378932Z 63 PC: 12aa5 | Read file or device (See above)
2018-12-25T11:46:28.215078358Z 66 PC: 12aaf | Move file pointer (See above)
2018-12-25T11:46:28.217388525Z 64 PC: 12b08 | Write file or device (See above)
2018-12-25T11:46:28.223450416Z 66 PC: 12b12 | Move file pointer (See above)
2018-12-25T11:46:28.224884647Z 64 PC: 12b20 | Write file or device (See above)
2018-12-25T11:46:28.232576102Z 87 PC: 12be1 | Get or set file date and time (See above)
2018-12-25T11:46:28.233917333Z 62 PC: 12b2a | Close file (See above)
2018-12-25T11:46:28.239801228Z 79 PC: 12aec | Find next file (See above)
2018-12-25T11:46:28.244267532Z 61 PC: 12c03 | Open file (See above)
2018-12-25T11:46:28.249783587Z 87 PC: 12be6 | Get or set file date and time (See above)
2018-12-25T11:46:28.251298549Z 63 PC: 12aa5 | Read file or device (See above)
2018-12-25T11:46:28.257490817Z 66 PC: 12aaf | Move file pointer (See above)
2018-12-25T11:46:28.259327613Z 64 PC: 12b08 | Write file or device (See above)
2018-12-25T11:46:28.266554608Z 66 PC: 12b12 | Move file pointer (See above)
2018-12-25T11:46:28.267872558Z 64 PC: 12b20 | Write file or device (See above)
2018-12-25T11:46:28.272989738Z 87 PC: 12be1 | Get or set file date and time (See above)
2018-12-25T11:46:28.274674147Z 62 PC: 12b2a | Close file (See above)
2018-12-25T11:46:28.28370601Z 79 PC: 12aec | Find next file (See above)
2018-12-25T11:46:28.28725561Z 61 PC: 12c03 | Open file (See above)
2018-12-25T11:46:28.295043672Z 87 PC: 12be6 | Get or set file date and time (See above)
2018-12-25T11:46:28.297083829Z 63 PC: 12aa5 | Read file or device (See above)
2018-12-25T11:46:28.305631336Z 66 PC: 12aaf | Move file pointer (See above)
2018-12-25T11:46:28.307686716Z 64 PC: 12b08 | Write file or device (See above)
2018-12-25T11:46:28.317140956Z 66 PC: 12b12 | Move file pointer (See above)
2018-12-25T11:46:28.320482822Z 64 PC: 12b20 | Write file or device (See above)
2018-12-25T11:46:28.327920959Z 87 PC: 12be1 | Get or set file date and time (See above)
2018-12-25T11:46:28.329734074Z 62 PC: 12b2a | Close file (See above)
2018-12-25T11:46:28.339238824Z 79 PC: 12aec | Find next file (See above)
2018-12-25T11:46:28.342406477Z 61 PC: 12c03 | Open file (See above)
2018-12-25T11:46:28.34997429Z 87 PC: 12be6 | Get or set file date and time (See above)
2018-12-25T11:46:28.351991483Z 63 PC: 12aa5 | Read file or device (See above)
2018-12-25T11:46:28.359641868Z 66 PC: 12aaf | Move file pointer (See above)
2018-12-25T11:46:28.360971238Z 64 PC: 12b08 | Write file or device (See above)
2018-12-25T11:46:28.367572242Z 66 PC: 12b12 | Move file pointer (See above)
2018-12-25T11:46:28.369469447Z 64 PC: 12b20 | Write file or device (See above)
2018-12-25T11:46:28.376711935Z 87 PC: 12be1 | Get or set file date and time (See above)
2018-12-25T11:46:28.378092229Z 62 PC: 12b2a | Close file (See above)
2018-12-25T11:46:28.387493603Z 79 PC: 12aec | Find next file (See above)
2018-12-25T11:46:28.390101737Z 61 PC: 12c03 | Open file (See above)
2018-12-25T11:46:28.397303983Z 87 PC: 12be6 | Get or set file date and time (See above)
2018-12-25T11:46:28.399118191Z 63 PC: 12aa5 | Read file or device (See above)
2018-12-25T11:46:28.406101948Z 66 PC: 12aaf | Move file pointer (See above)
2018-12-25T11:46:28.407517936Z 64 PC: 12b08 | Write file or device (See above)
2018-12-25T11:46:28.418567209Z 66 PC: 12b12 | Move file pointer (See above)
2018-12-25T11:46:28.420355445Z 64 PC: 12b20 | Write file or device (See above)
2018-12-25T11:46:28.428093859Z 87 PC: 12be1 | Get or set file date and time (See above)
2018-12-25T11:46:28.43165652Z 62 PC: 12b2a | Close file (See above)
2018-12-25T11:46:28.440741653Z 79 PC: 12aec | Find next file (See above)
2018-12-25T11:46:28.443956616Z 61 PC: 12c03 | Open file (See above)
2018-12-25T11:46:28.448465093Z 87 PC: 12be6 | Get or set file date and time (See above)
2018-12-25T11:46:28.449950742Z 63 PC: 12aa5 | Read file or device (See above)
2018-12-25T11:46:28.452363785Z 66 PC: 12aaf | Move file pointer (See above)
2018-12-25T11:46:28.453667213Z 64 PC: 12b08 | Write file or device (See above)
2018-12-25T11:46:28.45989793Z 66 PC: 12b12 | Move file pointer (See above)
2018-12-25T11:46:28.461173753Z 64 PC: 12b20 | Write file or device (See above)
2018-12-25T11:46:28.463333751Z 87 PC: 12be1 | Get or set file date and time (See above)
2018-12-25T11:46:28.465288169Z 62 PC: 12b2a | Close file (See above)
2018-12-25T11:46:28.470932506Z 79 PC: 12aec | Find next file (See above)

{"DateBased":true,"Day":1,"Month":4,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2793,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:46:27.886331368Z 42 PC: 12a62 | Get date 0x12a62: cmp dh, 0xc
0x12a65: jne 0x12a6f
0x12a67: cmp dl, 0x19
0x12a6a: jne 0x12a6f
0x12a6c: jmp 0x12c44
0x12a6f: cmp dh, 4
0x12a72: jne 0x12a79
0x12a74: cmp dl, 1
0x12a77: jne 0x12a79
0x12a79: call 0x12c24
0x12a7c: call 0x12c11
0x12a7f: mov si, bp
0x12a81: add si, 0x22a
0x12a85: lodsw ax, word ptr [si]
0x12a86: cmp ax, 5
0x12a89: ja 0x12a8e
0x12a8b: jmp 0x12ae5
0x12a8e: call 0x12bf8
0x12a91: mov bx, ax
0x12a93: mov al, 0
2018-12-25T11:46:27.888227097Z 26 PC: 12c2e | Set disk transfer address
2018-12-25T11:46:27.889562022Z 78 PC: 12c1e | Find first file
2018-12-25T11:46:27.893864036Z 61 PC: 12c03 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:46:27.898050862Z 87 PC: 12be6 | Get or set file date and time
2018-12-25T11:46:27.899967499Z 63 PC: 12aa5 | Read file or device (Read 5 bytes on handle 5)
2018-12-25T11:46:27.908619022Z 66 PC: 12aaf | Move file pointer
2018-12-25T11:46:27.910758477Z 64 PC: 12b08 | Write file or device (Write 599 bytes on handle 5)
2018-12-25T11:46:28.115612038Z 66 PC: 12b12 | Move file pointer
2018-12-25T11:46:28.117318947Z 64 PC: 12b20 | Write file or device (Write 5 bytes on handle 5)
2018-12-25T11:46:28.126345077Z 87 PC: 12be1 | Get or set file date and time
2018-12-25T11:46:28.129616763Z 62 PC: 12b2a | Close file
2018-12-25T11:46:28.138730481Z 79 PC: 12aec | Find next file
2018-12-25T11:46:28.142098383Z 61 PC: 12c03 | Open file (See above)
2018-12-25T11:46:28.15099815Z 87 PC: 12be6 | Get or set file date and time (See above)
2018-12-25T11:46:28.166251007Z 63 PC: 12aa5 | Read file or device (See above)
2018-12-25T11:46:28.173260915Z 66 PC: 12aaf | Move file pointer (See above)
2018-12-25T11:46:28.175300688Z 64 PC: 12b08 | Write file or device (See above)
2018-12-25T11:46:28.185340402Z 66 PC: 12b12 | Move file pointer (See above)
2018-12-25T11:46:28.186906056Z 64 PC: 12b20 | Write file or device (See above)
2018-12-25T11:46:28.194806867Z 87 PC: 12be1 | Get or set file date and time (See above)
2018-12-25T11:46:28.197344757Z 62 PC: 12b2a | Close file (See above)
2018-12-25T11:46:28.206729269Z 79 PC: 12aec | Find next file (See above)
2018-12-25T11:46:28.210104439Z 61 PC: 12c03 | Open file (See above)
2018-12-25T11:46:28.216892642Z 87 PC: 12be6 | Get or set file date and time (See above)
2018-12-25T11:46:28.2185776Z 63 PC: 12aa5 | Read file or device (See above)
2018-12-25T11:46:28.225027941Z 66 PC: 12aaf | Move file pointer (See above)
2018-12-25T11:46:28.227274035Z 64 PC: 12b08 | Write file or device (See above)
2018-12-25T11:46:28.233661739Z 66 PC: 12b12 | Move file pointer (See above)
2018-12-25T11:46:28.239041322Z 64 PC: 12b20 | Write file or device (See above)
2018-12-25T11:46:28.244915831Z 87 PC: 12be1 | Get or set file date and time (See above)
2018-12-25T11:46:28.246290524Z 62 PC: 12b2a | Close file (See above)
2018-12-25T11:46:28.256515199Z 79 PC: 12aec | Find next file (See above)
2018-12-25T11:46:28.260569335Z 61 PC: 12c03 | Open file (See above)
2018-12-25T11:46:28.268313932Z 87 PC: 12be6 | Get or set file date and time (See above)
2018-12-25T11:46:28.270389542Z 63 PC: 12aa5 | Read file or device (See above)
2018-12-25T11:46:28.278748115Z 66 PC: 12aaf | Move file pointer (See above)
2018-12-25T11:46:28.280352953Z 64 PC: 12b08 | Write file or device (See above)
2018-12-25T11:46:28.29019448Z 66 PC: 12b12 | Move file pointer (See above)
2018-12-25T11:46:28.292455666Z 64 PC: 12b20 | Write file or device (See above)
2018-12-25T11:46:28.299705703Z 87 PC: 12be1 | Get or set file date and time (See above)
2018-12-25T11:46:28.301509986Z 62 PC: 12b2a | Close file (See above)
2018-12-25T11:46:28.31061608Z 79 PC: 12aec | Find next file (See above)
2018-12-25T11:46:28.314406037Z 61 PC: 12c03 | Open file (See above)
2018-12-25T11:46:28.322955122Z 87 PC: 12be6 | Get or set file date and time (See above)
2018-12-25T11:46:28.324776594Z 63 PC: 12aa5 | Read file or device (See above)
2018-12-25T11:46:28.334745723Z 66 PC: 12aaf | Move file pointer (See above)
2018-12-25T11:46:28.336642999Z 64 PC: 12b08 | Write file or device (See above)
2018-12-25T11:46:28.345900226Z 66 PC: 12b12 | Move file pointer (See above)
2018-12-25T11:46:28.348805464Z 64 PC: 12b20 | Write file or device (See above)
2018-12-25T11:46:28.357179201Z 87 PC: 12be1 | Get or set file date and time (See above)
2018-12-25T11:46:28.359288251Z 62 PC: 12b2a | Close file (See above)
2018-12-25T11:46:28.368901144Z 79 PC: 12aec | Find next file (See above)
2018-12-25T11:46:28.372089289Z 61 PC: 12c03 | Open file (See above)
2018-12-25T11:46:28.379747185Z 87 PC: 12be6 | Get or set file date and time (See above)
2018-12-25T11:46:28.382077116Z 63 PC: 12aa5 | Read file or device (See above)
2018-12-25T11:46:28.389182994Z 66 PC: 12aaf | Move file pointer (See above)
2018-12-25T11:46:28.390778193Z 64 PC: 12b08 | Write file or device (See above)
2018-12-25T11:46:28.401545466Z 66 PC: 12b12 | Move file pointer (See above)
2018-12-25T11:46:28.403067582Z 64 PC: 12b20 | Write file or device (See above)
2018-12-25T11:46:28.410408966Z 87 PC: 12be1 | Get or set file date and time (See above)
2018-12-25T11:46:28.412394346Z 62 PC: 12b2a | Close file (See above)
2018-12-25T11:46:28.422372464Z 79 PC: 12aec | Find next file (See above)
2018-12-25T11:46:28.42570182Z 61 PC: 12c03 | Open file (See above)
2018-12-25T11:46:28.433398627Z 87 PC: 12be6 | Get or set file date and time (See above)
2018-12-25T11:46:28.4363228Z 63 PC: 12aa5 | Read file or device (See above)
2018-12-25T11:46:28.44387979Z 66 PC: 12aaf | Move file pointer (See above)
2018-12-25T11:46:28.446045403Z 64 PC: 12b08 | Write file or device (See above)
2018-12-25T11:46:28.455921744Z 66 PC: 12b12 | Move file pointer (See above)
2018-12-25T11:46:28.457871145Z 64 PC: 12b20 | Write file or device (See above)
2018-12-25T11:46:28.465569476Z 87 PC: 12be1 | Get or set file date and time (See above)
2018-12-25T11:46:28.468464809Z 62 PC: 12b2a | Close file (See above)
2018-12-25T11:46:28.475495324Z 79 PC: 12aec | Find next file (See above)
2018-12-25T11:46:28.477879475Z 61 PC: 12c03 | Open file (See above)
2018-12-25T11:46:28.483463107Z 87 PC: 12be6 | Get or set file date and time (See above)
2018-12-25T11:46:28.485275207Z 63 PC: 12aa5 | Read file or device (See above)
2018-12-25T11:46:28.487217Z 66 PC: 12aaf | Move file pointer (See above)
2018-12-25T11:46:28.488674668Z 64 PC: 12b08 | Write file or device (See above)
2018-12-25T11:46:28.494670575Z 66 PC: 12b12 | Move file pointer (See above)
2018-12-25T11:46:28.496404767Z 64 PC: 12b20 | Write file or device (See above)
2018-12-25T11:46:28.499477446Z 87 PC: 12be1 | Get or set file date and time (See above)
2018-12-25T11:46:28.501534985Z 62 PC: 12b2a | Close file (See above)
2018-12-25T11:46:28.508467714Z 79 PC: 12aec | Find next file (See above)

{"DateBased":true,"Day":1,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2793,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:46:28.008185514Z 42 PC: 12a62 | Get date 0x12a62: cmp dh, 0xc
0x12a65: jne 0x12a6f
0x12a67: cmp dl, 0x19
0x12a6a: jne 0x12a6f
0x12a6c: jmp 0x12c44
0x12a6f: cmp dh, 4
0x12a72: jne 0x12a79
0x12a74: cmp dl, 1
0x12a77: jne 0x12a79
0x12a79: call 0x12c24
0x12a7c: call 0x12c11
0x12a7f: mov si, bp
0x12a81: add si, 0x22a
0x12a85: lodsw ax, word ptr [si]
0x12a86: cmp ax, 5
0x12a89: ja 0x12a8e
0x12a8b: jmp 0x12ae5
0x12a8e: call 0x12bf8
0x12a91: mov bx, ax
0x12a93: mov al, 0
2018-12-25T11:46:28.010749207Z 26 PC: 12c2e | Set disk transfer address
2018-12-25T11:46:28.012489198Z 78 PC: 12c1e | Find first file
2018-12-25T11:46:28.023966373Z 61 PC: 12c03 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:46:28.031271114Z 87 PC: 12be6 | Get or set file date and time
2018-12-25T11:46:28.033540381Z 63 PC: 12aa5 | Read file or device (Read 5 bytes on handle 5)
2018-12-25T11:46:28.038021725Z 66 PC: 12aaf | Move file pointer
2018-12-25T11:46:28.039536791Z 64 PC: 12b08 | Write file or device (Write 599 bytes on handle 5)
2018-12-25T11:46:28.106557836Z 66 PC: 12b12 | Move file pointer
2018-12-25T11:46:28.108373792Z 64 PC: 12b20 | Write file or device (Write 5 bytes on handle 5)
2018-12-25T11:46:28.117132932Z 87 PC: 12be1 | Get or set file date and time
2018-12-25T11:46:28.120178621Z 62 PC: 12b2a | Close file
2018-12-25T11:46:28.130265432Z 79 PC: 12aec | Find next file
2018-12-25T11:46:28.134238914Z 61 PC: 12c03 | Open file (See above)
2018-12-25T11:46:28.142060429Z 87 PC: 12be6 | Get or set file date and time (See above)
2018-12-25T11:46:28.145686279Z 63 PC: 12aa5 | Read file or device (See above)
2018-12-25T11:46:28.153335311Z 66 PC: 12aaf | Move file pointer (See above)
2018-12-25T11:46:28.155518706Z 64 PC: 12b08 | Write file or device (See above)
2018-12-25T11:46:28.163145152Z 66 PC: 12b12 | Move file pointer (See above)
2018-12-25T11:46:28.164266993Z 64 PC: 12b20 | Write file or device (See above)
2018-12-25T11:46:28.168654221Z 87 PC: 12be1 | Get or set file date and time (See above)
2018-12-25T11:46:28.170459168Z 62 PC: 12b2a | Close file (See above)
2018-12-25T11:46:28.176440906Z 79 PC: 12aec | Find next file (See above)
2018-12-25T11:46:28.178405407Z 61 PC: 12c03 | Open file (See above)
2018-12-25T11:46:28.183430533Z 87 PC: 12be6 | Get or set file date and time (See above)
2018-12-25T11:46:28.18489631Z 63 PC: 12aa5 | Read file or device (See above)
2018-12-25T11:46:28.189249951Z 66 PC: 12aaf | Move file pointer (See above)
2018-12-25T11:46:28.190896256Z 64 PC: 12b08 | Write file or device (See above)
2018-12-25T11:46:28.196334569Z 66 PC: 12b12 | Move file pointer (See above)
2018-12-25T11:46:28.19757206Z 64 PC: 12b20 | Write file or device (See above)
2018-12-25T11:46:28.202527291Z 87 PC: 12be1 | Get or set file date and time (See above)
2018-12-25T11:46:28.204213934Z 62 PC: 12b2a | Close file (See above)
2018-12-25T11:46:28.209570956Z 79 PC: 12aec | Find next file (See above)
2018-12-25T11:46:28.212446105Z 61 PC: 12c03 | Open file (See above)
2018-12-25T11:46:28.217282168Z 87 PC: 12be6 | Get or set file date and time (See above)
2018-12-25T11:46:28.218942099Z 63 PC: 12aa5 | Read file or device (See above)
2018-12-25T11:46:28.226145652Z 66 PC: 12aaf | Move file pointer (See above)
2018-12-25T11:46:28.229140134Z 64 PC: 12b08 | Write file or device (See above)
2018-12-25T11:46:28.238168413Z 66 PC: 12b12 | Move file pointer (See above)
2018-12-25T11:46:28.240157891Z 64 PC: 12b20 | Write file or device (See above)
2018-12-25T11:46:28.24902982Z 87 PC: 12be1 | Get or set file date and time (See above)
2018-12-25T11:46:28.250862359Z 62 PC: 12b2a | Close file (See above)
2018-12-25T11:46:28.259731433Z 79 PC: 12aec | Find next file (See above)
2018-12-25T11:46:28.263673999Z 61 PC: 12c03 | Open file (See above)
2018-12-25T11:46:28.272297146Z 87 PC: 12be6 | Get or set file date and time (See above)
2018-12-25T11:46:28.274344202Z 63 PC: 12aa5 | Read file or device (See above)
2018-12-25T11:46:28.282133111Z 66 PC: 12aaf | Move file pointer (See above)
2018-12-25T11:46:28.284382559Z 64 PC: 12b08 | Write file or device (See above)
2018-12-25T11:46:28.293624179Z 66 PC: 12b12 | Move file pointer (See above)
2018-12-25T11:46:28.29579279Z 64 PC: 12b20 | Write file or device (See above)
2018-12-25T11:46:28.304355998Z 87 PC: 12be1 | Get or set file date and time (See above)
2018-12-25T11:46:28.306433916Z 62 PC: 12b2a | Close file (See above)
2018-12-25T11:46:28.31549537Z 79 PC: 12aec | Find next file (See above)
2018-12-25T11:46:28.319370673Z 61 PC: 12c03 | Open file (See above)
2018-12-25T11:46:28.326634552Z 87 PC: 12be6 | Get or set file date and time (See above)
2018-12-25T11:46:28.328276227Z 63 PC: 12aa5 | Read file or device (See above)
2018-12-25T11:46:28.334739437Z 66 PC: 12aaf | Move file pointer (See above)
2018-12-25T11:46:28.336042448Z 64 PC: 12b08 | Write file or device (See above)
2018-12-25T11:46:28.342806068Z 66 PC: 12b12 | Move file pointer (See above)
2018-12-25T11:46:28.344805852Z 64 PC: 12b20 | Write file or device (See above)
2018-12-25T11:46:28.349236979Z 87 PC: 12be1 | Get or set file date and time (See above)
2018-12-25T11:46:28.350418746Z 62 PC: 12b2a | Close file (See above)
2018-12-25T11:46:28.356249969Z 79 PC: 12aec | Find next file (See above)
2018-12-25T11:46:28.358249061Z 61 PC: 12c03 | Open file (See above)
2018-12-25T11:46:28.364879497Z 87 PC: 12be6 | Get or set file date and time (See above)
2018-12-25T11:46:28.366590809Z 63 PC: 12aa5 | Read file or device (See above)
2018-12-25T11:46:28.373594073Z 66 PC: 12aaf | Move file pointer (See above)
2018-12-25T11:46:28.374920775Z 64 PC: 12b08 | Write file or device (See above)
2018-12-25T11:46:28.383336086Z 66 PC: 12b12 | Move file pointer (See above)
2018-12-25T11:46:28.38477172Z 64 PC: 12b20 | Write file or device (See above)
2018-12-25T11:46:28.391728543Z 87 PC: 12be1 | Get or set file date and time (See above)
2018-12-25T11:46:28.393091495Z 62 PC: 12b2a | Close file (See above)
2018-12-25T11:46:28.402220192Z 79 PC: 12aec | Find next file (See above)
2018-12-25T11:46:28.404967372Z 61 PC: 12c03 | Open file (See above)
2018-12-25T11:46:28.412191859Z 87 PC: 12be6 | Get or set file date and time (See above)
2018-12-25T11:46:28.415245645Z 63 PC: 12aa5 | Read file or device (See above)
2018-12-25T11:46:28.418626867Z 66 PC: 12aaf | Move file pointer (See above)
2018-12-25T11:46:28.420846008Z 64 PC: 12b08 | Write file or device (See above)
2018-12-25T11:46:28.432531703Z 66 PC: 12b12 | Move file pointer (See above)
2018-12-25T11:46:28.434181397Z 64 PC: 12b20 | Write file or device (See above)
2018-12-25T11:46:28.437529444Z 87 PC: 12be1 | Get or set file date and time (See above)
2018-12-25T11:46:28.440362159Z 62 PC: 12b2a | Close file (See above)
2018-12-25T11:46:28.449427367Z 79 PC: 12aec | Find next file (See above)

{"DateBased":true,"Day":25,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2793,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:46:28.563230694Z 42 PC: 12a62 | Get date 0x12a62: cmp dh, 0xc
0x12a65: jne 0x12a6f
0x12a67: cmp dl, 0x19
0x12a6a: jne 0x12a6f
0x12a6c: jmp 0x12c44
0x12a6f: cmp dh, 4
0x12a72: jne 0x12a79
0x12a74: cmp dl, 1
0x12a77: jne 0x12a79
0x12a79: call 0x12c24
0x12a7c: call 0x12c11
0x12a7f: mov si, bp
0x12a81: add si, 0x22a
0x12a85: lodsw ax, word ptr [si]
0x12a86: cmp ax, 5
0x12a89: ja 0x12a8e
0x12a8b: jmp 0x12ae5
0x12a8e: call 0x12bf8
0x12a91: mov bx, ax
0x12a93: mov al, 0

{"DateBased":true,"Day":1,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2793,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:46:28.590301405Z 42 PC: 12a62 | Get date 0x12a62: cmp dh, 0xc
0x12a65: jne 0x12a6f
0x12a67: cmp dl, 0x19
0x12a6a: jne 0x12a6f
0x12a6c: jmp 0x12c44
0x12a6f: cmp dh, 4
0x12a72: jne 0x12a79
0x12a74: cmp dl, 1
0x12a77: jne 0x12a79
0x12a79: call 0x12c24
0x12a7c: call 0x12c11
0x12a7f: mov si, bp
0x12a81: add si, 0x22a
0x12a85: lodsw ax, word ptr [si]
0x12a86: cmp ax, 5
0x12a89: ja 0x12a8e
0x12a8b: jmp 0x12ae5
0x12a8e: call 0x12bf8
0x12a91: mov bx, ax
0x12a93: mov al, 0
2018-12-25T11:46:28.592786231Z 26 PC: 12c2e | Set disk transfer address
2018-12-25T11:46:28.593835063Z 78 PC: 12c1e | Find first file
2018-12-25T11:46:28.599658603Z 61 PC: 12c03 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:46:28.607011292Z 87 PC: 12be6 | Get or set file date and time
2018-12-25T11:46:28.60847297Z 63 PC: 12aa5 | Read file or device (Read 5 bytes on handle 5)
2018-12-25T11:46:28.619441287Z 66 PC: 12aaf | Move file pointer
2018-12-25T11:46:28.621574889Z 64 PC: 12b08 | Write file or device (Write 599 bytes on handle 5)
2018-12-25T11:46:28.635673253Z 66 PC: 12b12 | Move file pointer
2018-12-25T11:46:28.637139173Z 64 PC: 12b20 | Write file or device (Write 5 bytes on handle 5)
2018-12-25T11:46:28.643628521Z 87 PC: 12be1 | Get or set file date and time
2018-12-25T11:46:28.645817518Z 62 PC: 12b2a | Close file
2018-12-25T11:46:28.65430434Z 79 PC: 12aec | Find next file
2018-12-25T11:46:28.657523282Z 61 PC: 12c03 | Open file (See above)
2018-12-25T11:46:28.664353254Z 87 PC: 12be6 | Get or set file date and time (See above)
2018-12-25T11:46:28.665736472Z 63 PC: 12aa5 | Read file or device (See above)
2018-12-25T11:46:28.671974389Z 66 PC: 12aaf | Move file pointer (See above)
2018-12-25T11:46:28.681728551Z 64 PC: 12b08 | Write file or device (See above)
2018-12-25T11:46:28.689498019Z 66 PC: 12b12 | Move file pointer (See above)
2018-12-25T11:46:28.690794455Z 64 PC: 12b20 | Write file or device (See above)
2018-12-25T11:46:28.706321398Z 87 PC: 12be1 | Get or set file date and time (See above)
2018-12-25T11:46:28.707869991Z 62 PC: 12b2a | Close file (See above)
2018-12-25T11:46:28.715566387Z 79 PC: 12aec | Find next file (See above)
2018-12-25T11:46:28.719380981Z 61 PC: 12c03 | Open file (See above)
2018-12-25T11:46:28.72558815Z 87 PC: 12be6 | Get or set file date and time (See above)
2018-12-25T11:46:28.72696703Z 63 PC: 12aa5 | Read file or device (See above)
2018-12-25T11:46:28.733876051Z 66 PC: 12aaf | Move file pointer (See above)
2018-12-25T11:46:28.735373343Z 64 PC: 12b08 | Write file or device (See above)
2018-12-25T11:46:28.743155632Z 66 PC: 12b12 | Move file pointer (See above)
2018-12-25T11:46:28.751260446Z 64 PC: 12b20 | Write file or device (See above)
2018-12-25T11:46:28.757814952Z 87 PC: 12be1 | Get or set file date and time (See above)
2018-12-25T11:46:28.759331711Z 62 PC: 12b2a | Close file (See above)
2018-12-25T11:46:28.768275349Z 79 PC: 12aec | Find next file (See above)
2018-12-25T11:46:28.770852738Z 61 PC: 12c03 | Open file (See above)
2018-12-25T11:46:28.777906096Z 87 PC: 12be6 | Get or set file date and time (See above)
2018-12-25T11:46:28.77940061Z 63 PC: 12aa5 | Read file or device (See above)
2018-12-25T11:46:28.786528266Z 66 PC: 12aaf | Move file pointer (See above)
2018-12-25T11:46:28.788402394Z 64 PC: 12b08 | Write file or device (See above)
2018-12-25T11:46:28.796586406Z 66 PC: 12b12 | Move file pointer (See above)
2018-12-25T11:46:28.798919889Z 64 PC: 12b20 | Write file or device (See above)
2018-12-25T11:46:28.805591331Z 87 PC: 12be1 | Get or set file date and time (See above)
2018-12-25T11:46:28.807388754Z 62 PC: 12b2a | Close file (See above)
2018-12-25T11:46:28.817106365Z 79 PC: 12aec | Find next file (See above)
2018-12-25T11:46:28.820183764Z 61 PC: 12c03 | Open file (See above)
2018-12-25T11:46:28.827733262Z 87 PC: 12be6 | Get or set file date and time (See above)
2018-12-25T11:46:28.830191928Z 63 PC: 12aa5 | Read file or device (See above)
2018-12-25T11:46:28.836523926Z 66 PC: 12aaf | Move file pointer (See above)
2018-12-25T11:46:28.838023074Z 64 PC: 12b08 | Write file or device (See above)
2018-12-25T11:46:28.847018789Z 66 PC: 12b12 | Move file pointer (See above)
2018-12-25T11:46:28.848483915Z 64 PC: 12b20 | Write file or device (See above)
2018-12-25T11:46:28.854890989Z 87 PC: 12be1 | Get or set file date and time (See above)
2018-12-25T11:46:28.857439019Z 62 PC: 12b2a | Close file (See above)
2018-12-25T11:46:28.86569479Z 79 PC: 12aec | Find next file (See above)
2018-12-25T11:46:28.868214339Z 61 PC: 12c03 | Open file (See above)
2018-12-25T11:46:28.875489919Z 87 PC: 12be6 | Get or set file date and time (See above)
2018-12-25T11:46:28.87701277Z 63 PC: 12aa5 | Read file or device (See above)
2018-12-25T11:46:28.883092272Z 66 PC: 12aaf | Move file pointer (See above)
2018-12-25T11:46:28.884458604Z 64 PC: 12b08 | Write file or device (See above)
2018-12-25T11:46:28.893588498Z 66 PC: 12b12 | Move file pointer (See above)
2018-12-25T11:46:28.894961897Z 64 PC: 12b20 | Write file or device (See above)
2018-12-25T11:46:28.901699269Z 87 PC: 12be1 | Get or set file date and time (See above)
2018-12-25T11:46:28.904063078Z 62 PC: 12b2a | Close file (See above)
2018-12-25T11:46:28.913649537Z 79 PC: 12aec | Find next file (See above)
2018-12-25T11:46:28.916150171Z 61 PC: 12c03 | Open file (See above)
2018-12-25T11:46:28.923687538Z 87 PC: 12be6 | Get or set file date and time (See above)
2018-12-25T11:46:28.925004932Z 63 PC: 12aa5 | Read file or device (See above)
2018-12-25T11:46:28.93119136Z 66 PC: 12aaf | Move file pointer (See above)
2018-12-25T11:46:28.933292203Z 64 PC: 12b08 | Write file or device (See above)
2018-12-25T11:46:28.941255809Z 66 PC: 12b12 | Move file pointer (See above)
2018-12-25T11:46:28.94320309Z 64 PC: 12b20 | Write file or device (See above)
2018-12-25T11:46:28.950642494Z 87 PC: 12be1 | Get or set file date and time (See above)
2018-12-25T11:46:28.95211985Z 62 PC: 12b2a | Close file (See above)
2018-12-25T11:46:28.959767531Z 79 PC: 12aec | Find next file (See above)
2018-12-25T11:46:28.963613341Z 61 PC: 12c03 | Open file (See above)
2018-12-25T11:46:28.970093583Z 87 PC: 12be6 | Get or set file date and time (See above)
2018-12-25T11:46:28.971443176Z 63 PC: 12aa5 | Read file or device (See above)
2018-12-25T11:46:28.975334625Z 66 PC: 12aaf | Move file pointer (See above)
2018-12-25T11:46:28.978667814Z 64 PC: 12b08 | Write file or device (See above)
2018-12-25T11:46:28.991647288Z 66 PC: 12b12 | Move file pointer (See above)
2018-12-25T11:46:28.994621131Z 64 PC: 12b20 | Write file or device (See above)
2018-12-25T11:46:28.999135418Z 87 PC: 12be1 | Get or set file date and time (See above)
2018-12-25T11:46:29.001438236Z 62 PC: 12b2a | Close file (See above)
2018-12-25T11:46:29.014967506Z 79 PC: 12aec | Find next file (See above)

{"DateBased":true,"Day":25,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2793,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:46:28.8061165Z 42 PC: 12a62 | Get date 0x12a62: cmp dh, 0xc
0x12a65: jne 0x12a6f
0x12a67: cmp dl, 0x19
0x12a6a: jne 0x12a6f
0x12a6c: jmp 0x12c44
0x12a6f: cmp dh, 4
0x12a72: jne 0x12a79
0x12a74: cmp dl, 1
0x12a77: jne 0x12a79
0x12a79: call 0x12c24
0x12a7c: call 0x12c11
0x12a7f: mov si, bp
0x12a81: add si, 0x22a
0x12a85: lodsw ax, word ptr [si]
0x12a86: cmp ax, 5
0x12a89: ja 0x12a8e
0x12a8b: jmp 0x12ae5
0x12a8e: call 0x12bf8
0x12a91: mov bx, ax
0x12a93: mov al, 0

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2793,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:46:29.387143642Z 42 PC: 12a62 | Get date 0x12a62: cmp dh, 0xc
0x12a65: jne 0x12a6f
0x12a67: cmp dl, 0x19
0x12a6a: jne 0x12a6f
0x12a6c: jmp 0x12c44
0x12a6f: cmp dh, 4
0x12a72: jne 0x12a79
0x12a74: cmp dl, 1
0x12a77: jne 0x12a79
0x12a79: call 0x12c24
0x12a7c: call 0x12c11
0x12a7f: mov si, bp
0x12a81: add si, 0x22a
0x12a85: lodsw ax, word ptr [si]
0x12a86: cmp ax, 5
0x12a89: ja 0x12a8e
0x12a8b: jmp 0x12ae5
0x12a8e: call 0x12bf8
0x12a91: mov bx, ax
0x12a93: mov al, 0
2018-12-25T11:46:29.390193607Z 26 PC: 12c2e | Set disk transfer address
2018-12-25T11:46:29.392166559Z 78 PC: 12c1e | Find first file
2018-12-25T11:46:29.398796916Z 61 PC: 12c03 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:46:29.413729812Z 87 PC: 12be6 | Get or set file date and time
2018-12-25T11:46:29.416404673Z 63 PC: 12aa5 | Read file or device (Read 5 bytes on handle 5)
2018-12-25T11:46:29.423076873Z 66 PC: 12aaf | Move file pointer
2018-12-25T11:46:29.424484447Z 64 PC: 12b08 | Write file or device (Write 599 bytes on handle 5)
2018-12-25T11:46:29.439996575Z 66 PC: 12b12 | Move file pointer
2018-12-25T11:46:29.441487367Z 64 PC: 12b20 | Write file or device (Write 5 bytes on handle 5)
2018-12-25T11:46:29.448752113Z 87 PC: 12be1 | Get or set file date and time
2018-12-25T11:46:29.451864208Z 62 PC: 12b2a | Close file
2018-12-25T11:46:29.460528537Z 79 PC: 12aec | Find next file
2018-12-25T11:46:29.463339532Z 61 PC: 12c03 | Open file (See above)
2018-12-25T11:46:29.470616206Z 87 PC: 12be6 | Get or set file date and time (See above)
2018-12-25T11:46:29.472872158Z 63 PC: 12aa5 | Read file or device (See above)
2018-12-25T11:46:29.480129282Z 66 PC: 12aaf | Move file pointer (See above)
2018-12-25T11:46:29.482167819Z 64 PC: 12b08 | Write file or device (See above)
2018-12-25T11:46:29.492075534Z 66 PC: 12b12 | Move file pointer (See above)
2018-12-25T11:46:29.494306705Z 64 PC: 12b20 | Write file or device (See above)
2018-12-25T11:46:29.501978534Z 87 PC: 12be1 | Get or set file date and time (See above)
2018-12-25T11:46:29.504432036Z 62 PC: 12b2a | Close file (See above)
2018-12-25T11:46:29.514040079Z 79 PC: 12aec | Find next file (See above)
2018-12-25T11:46:29.517486231Z 61 PC: 12c03 | Open file (See above)
2018-12-25T11:46:29.526402899Z 87 PC: 12be6 | Get or set file date and time (See above)
2018-12-25T11:46:29.528077047Z 63 PC: 12aa5 | Read file or device (See above)
2018-12-25T11:46:29.535251217Z 66 PC: 12aaf | Move file pointer (See above)
2018-12-25T11:46:29.537953488Z 64 PC: 12b08 | Write file or device (See above)
2018-12-25T11:46:29.546852821Z 66 PC: 12b12 | Move file pointer (See above)
2018-12-25T11:46:29.548811122Z 64 PC: 12b20 | Write file or device (See above)
2018-12-25T11:46:29.557276147Z 87 PC: 12be1 | Get or set file date and time (See above)
2018-12-25T11:46:29.560043877Z 62 PC: 12b2a | Close file (See above)
2018-12-25T11:46:29.569144718Z 79 PC: 12aec | Find next file (See above)
2018-12-25T11:46:29.57252216Z 61 PC: 12c03 | Open file (See above)
2018-12-25T11:46:29.582675696Z 87 PC: 12be6 | Get or set file date and time (See above)
2018-12-25T11:46:29.584418889Z 63 PC: 12aa5 | Read file or device (See above)
2018-12-25T11:46:29.591542151Z 66 PC: 12aaf | Move file pointer (See above)
2018-12-25T11:46:29.594414979Z 64 PC: 12b08 | Write file or device (See above)
2018-12-25T11:46:29.603561198Z 66 PC: 12b12 | Move file pointer (See above)
2018-12-25T11:46:29.605795357Z 64 PC: 12b20 | Write file or device (See above)
2018-12-25T11:46:29.614357144Z 87 PC: 12be1 | Get or set file date and time (See above)
2018-12-25T11:46:29.616090199Z 62 PC: 12b2a | Close file (See above)
2018-12-25T11:46:29.625709827Z 79 PC: 12aec | Find next file (See above)
2018-12-25T11:46:29.629875319Z 61 PC: 12c03 | Open file (See above)
2018-12-25T11:46:29.63807347Z 87 PC: 12be6 | Get or set file date and time (See above)
2018-12-25T11:46:29.639723519Z 63 PC: 12aa5 | Read file or device (See above)
2018-12-25T11:46:29.646759323Z 66 PC: 12aaf | Move file pointer (See above)
2018-12-25T11:46:29.649397526Z 64 PC: 12b08 | Write file or device (See above)
2018-12-25T11:46:29.659251446Z 66 PC: 12b12 | Move file pointer (See above)
2018-12-25T11:46:29.661148111Z 64 PC: 12b20 | Write file or device (See above)
2018-12-25T11:46:29.669453705Z 87 PC: 12be1 | Get or set file date and time (See above)
2018-12-25T11:46:29.671383702Z 62 PC: 12b2a | Close file (See above)
2018-12-25T11:46:29.68062539Z 79 PC: 12aec | Find next file (See above)
2018-12-25T11:46:29.686460374Z 61 PC: 12c03 | Open file (See above)
2018-12-25T11:46:29.695525777Z 87 PC: 12be6 | Get or set file date and time (See above)
2018-12-25T11:46:29.69719614Z 63 PC: 12aa5 | Read file or device (See above)
2018-12-25T11:46:29.7048607Z 66 PC: 12aaf | Move file pointer (See above)
2018-12-25T11:46:29.706609291Z 64 PC: 12b08 | Write file or device (See above)
2018-12-25T11:46:29.71638786Z 66 PC: 12b12 | Move file pointer (See above)
2018-12-25T11:46:29.718518734Z 64 PC: 12b20 | Write file or device (See above)
2018-12-25T11:46:29.726049521Z 87 PC: 12be1 | Get or set file date and time (See above)
2018-12-25T11:46:29.72766457Z 62 PC: 12b2a | Close file (See above)
2018-12-25T11:46:29.737112459Z 79 PC: 12aec | Find next file (See above)
2018-12-25T11:46:29.741028729Z 61 PC: 12c03 | Open file (See above)
2018-12-25T11:46:29.748523705Z 87 PC: 12be6 | Get or set file date and time (See above)
2018-12-25T11:46:29.750998624Z 63 PC: 12aa5 | Read file or device (See above)
2018-12-25T11:46:29.759744186Z 66 PC: 12aaf | Move file pointer (See above)
2018-12-25T11:46:29.761584734Z 64 PC: 12b08 | Write file or device (See above)
2018-12-25T11:46:29.771095011Z 66 PC: 12b12 | Move file pointer (See above)
2018-12-25T11:46:29.773884383Z 64 PC: 12b20 | Write file or device (See above)
2018-12-25T11:46:29.781441522Z 87 PC: 12be1 | Get or set file date and time (See above)
2018-12-25T11:46:29.783272328Z 62 PC: 12b2a | Close file (See above)
2018-12-25T11:46:29.793225419Z 79 PC: 12aec | Find next file (See above)
2018-12-25T11:46:29.796641485Z 61 PC: 12c03 | Open file (See above)
2018-12-25T11:46:29.804174594Z 87 PC: 12be6 | Get or set file date and time (See above)
2018-12-25T11:46:29.806594872Z 63 PC: 12aa5 | Read file or device (See above)
2018-12-25T11:46:29.809478784Z 66 PC: 12aaf | Move file pointer (See above)
2018-12-25T11:46:29.811206931Z 64 PC: 12b08 | Write file or device (See above)
2018-12-25T11:46:29.820629906Z 66 PC: 12b12 | Move file pointer (See above)
2018-12-25T11:46:29.822150343Z 64 PC: 12b20 | Write file or device (See above)
2018-12-25T11:46:29.825385125Z 87 PC: 12be1 | Get or set file date and time (See above)
2018-12-25T11:46:29.827226918Z 62 PC: 12b2a | Close file (See above)
2018-12-25T11:46:29.836811943Z 79 PC: 12aec | Find next file (See above)

{"DateBased":true,"Day":1,"Month":4,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2793,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:46:29.775392313Z 42 PC: 12a62 | Get date 0x12a62: cmp dh, 0xc
0x12a65: jne 0x12a6f
0x12a67: cmp dl, 0x19
0x12a6a: jne 0x12a6f
0x12a6c: jmp 0x12c44
0x12a6f: cmp dh, 4
0x12a72: jne 0x12a79
0x12a74: cmp dl, 1
0x12a77: jne 0x12a79
0x12a79: call 0x12c24
0x12a7c: call 0x12c11
0x12a7f: mov si, bp
0x12a81: add si, 0x22a
0x12a85: lodsw ax, word ptr [si]
0x12a86: cmp ax, 5
0x12a89: ja 0x12a8e
0x12a8b: jmp 0x12ae5
0x12a8e: call 0x12bf8
0x12a91: mov bx, ax
0x12a93: mov al, 0
2018-12-25T11:46:29.77718719Z 26 PC: 12c2e | Set disk transfer address
2018-12-25T11:46:29.778499967Z 78 PC: 12c1e | Find first file
2018-12-25T11:46:29.783049371Z 61 PC: 12c03 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:46:29.788263921Z 87 PC: 12be6 | Get or set file date and time
2018-12-25T11:46:29.790154247Z 63 PC: 12aa5 | Read file or device (Read 5 bytes on handle 5)
2018-12-25T11:46:29.794765116Z 66 PC: 12aaf | Move file pointer
2018-12-25T11:46:29.796054201Z 64 PC: 12b08 | Write file or device (Write 599 bytes on handle 5)
2018-12-25T11:46:29.808877945Z 66 PC: 12b12 | Move file pointer
2018-12-25T11:46:29.810184761Z 64 PC: 12b20 | Write file or device (Write 5 bytes on handle 5)
2018-12-25T11:46:29.814756343Z 87 PC: 12be1 | Get or set file date and time
2018-12-25T11:46:29.816761849Z 62 PC: 12b2a | Close file
2018-12-25T11:46:29.822269324Z 79 PC: 12aec | Find next file
2018-12-25T11:46:29.824283712Z 61 PC: 12c03 | Open file (See above)
2018-12-25T11:46:29.828990509Z 87 PC: 12be6 | Get or set file date and time (See above)
2018-12-25T11:46:29.830523254Z 63 PC: 12aa5 | Read file or device (See above)
2018-12-25T11:46:29.834896467Z 66 PC: 12aaf | Move file pointer (See above)
2018-12-25T11:46:29.836220902Z 64 PC: 12b08 | Write file or device (See above)
2018-12-25T11:46:29.84248793Z 66 PC: 12b12 | Move file pointer (See above)
2018-12-25T11:46:29.843651906Z 64 PC: 12b20 | Write file or device (See above)
2018-12-25T11:46:29.848332971Z 87 PC: 12be1 | Get or set file date and time (See above)
2018-12-25T11:46:29.851167426Z 62 PC: 12b2a | Close file (See above)
2018-12-25T11:46:29.857109502Z 79 PC: 12aec | Find next file (See above)
2018-12-25T11:46:29.859237496Z 61 PC: 12c03 | Open file (See above)
2018-12-25T11:46:29.864913532Z 87 PC: 12be6 | Get or set file date and time (See above)
2018-12-25T11:46:29.866613725Z 63 PC: 12aa5 | Read file or device (See above)
2018-12-25T11:46:29.875027958Z 66 PC: 12aaf | Move file pointer (See above)
2018-12-25T11:46:29.877123188Z 64 PC: 12b08 | Write file or device (See above)
2018-12-25T11:46:29.885833605Z 66 PC: 12b12 | Move file pointer (See above)
2018-12-25T11:46:29.887454264Z 64 PC: 12b20 | Write file or device (See above)
2018-12-25T11:46:29.895865237Z 87 PC: 12be1 | Get or set file date and time (See above)
2018-12-25T11:46:29.898374798Z 62 PC: 12b2a | Close file (See above)
2018-12-25T11:46:29.907424734Z 79 PC: 12aec | Find next file (See above)
2018-12-25T11:46:29.911437789Z 61 PC: 12c03 | Open file (See above)
2018-12-25T11:46:29.920872823Z 87 PC: 12be6 | Get or set file date and time (See above)
2018-12-25T11:46:29.922555962Z 63 PC: 12aa5 | Read file or device (See above)
2018-12-25T11:46:29.930902013Z 66 PC: 12aaf | Move file pointer (See above)
2018-12-25T11:46:29.942869719Z 64 PC: 12b08 | Write file or device (See above)
2018-12-25T11:46:29.951871433Z 66 PC: 12b12 | Move file pointer (See above)
2018-12-25T11:46:29.953796759Z 64 PC: 12b20 | Write file or device (See above)
2018-12-25T11:46:29.961709669Z 87 PC: 12be1 | Get or set file date and time (See above)
2018-12-25T11:46:29.963719952Z 62 PC: 12b2a | Close file (See above)
2018-12-25T11:46:29.9727296Z 79 PC: 12aec | Find next file (See above)
2018-12-25T11:46:29.976979077Z 61 PC: 12c03 | Open file (See above)
2018-12-25T11:46:29.984465385Z 87 PC: 12be6 | Get or set file date and time (See above)
2018-12-25T11:46:29.986047355Z 63 PC: 12aa5 | Read file or device (See above)
2018-12-25T11:46:29.993675456Z 66 PC: 12aaf | Move file pointer (See above)
2018-12-25T11:46:29.99573904Z 64 PC: 12b08 | Write file or device (See above)
2018-12-25T11:46:30.00440374Z 66 PC: 12b12 | Move file pointer (See above)
2018-12-25T11:46:30.006423061Z 64 PC: 12b20 | Write file or device (See above)
2018-12-25T11:46:30.013834131Z 87 PC: 12be1 | Get or set file date and time (See above)
2018-12-25T11:46:30.0159219Z 62 PC: 12b2a | Close file (See above)
2018-12-25T11:46:30.024874531Z 79 PC: 12aec | Find next file (See above)
2018-12-25T11:46:30.027958671Z 61 PC: 12c03 | Open file (See above)
2018-12-25T11:46:30.035237319Z 87 PC: 12be6 | Get or set file date and time (See above)
2018-12-25T11:46:30.03680243Z 63 PC: 12aa5 | Read file or device (See above)
2018-12-25T11:46:30.043742165Z 66 PC: 12aaf | Move file pointer (See above)
2018-12-25T11:46:30.04531296Z 64 PC: 12b08 | Write file or device (See above)
2018-12-25T11:46:30.054479631Z 66 PC: 12b12 | Move file pointer (See above)
2018-12-25T11:46:30.056442074Z 64 PC: 12b20 | Write file or device (See above)
2018-12-25T11:46:30.063731516Z 87 PC: 12be1 | Get or set file date and time (See above)
2018-12-25T11:46:30.065419524Z 62 PC: 12b2a | Close file (See above)
2018-12-25T11:46:30.074829863Z 79 PC: 12aec | Find next file (See above)
2018-12-25T11:46:30.077710844Z 61 PC: 12c03 | Open file (See above)
2018-12-25T11:46:30.084941018Z 87 PC: 12be6 | Get or set file date and time (See above)
2018-12-25T11:46:30.086975999Z 63 PC: 12aa5 | Read file or device (See above)
2018-12-25T11:46:30.094219886Z 66 PC: 12aaf | Move file pointer (See above)
2018-12-25T11:46:30.096164534Z 64 PC: 12b08 | Write file or device (See above)
2018-12-25T11:46:30.105731794Z 66 PC: 12b12 | Move file pointer (See above)
2018-12-25T11:46:30.107526315Z 64 PC: 12b20 | Write file or device (See above)
2018-12-25T11:46:30.11472735Z 87 PC: 12be1 | Get or set file date and time (See above)
2018-12-25T11:46:30.117074674Z 62 PC: 12b2a | Close file (See above)
2018-12-25T11:46:30.125803979Z 79 PC: 12aec | Find next file (See above)
2018-12-25T11:46:30.128585345Z 61 PC: 12c03 | Open file (See above)
2018-12-25T11:46:30.137484404Z 87 PC: 12be6 | Get or set file date and time (See above)
2018-12-25T11:46:30.139509088Z 63 PC: 12aa5 | Read file or device (See above)
2018-12-25T11:46:30.142661505Z 66 PC: 12aaf | Move file pointer (See above)
2018-12-25T11:46:30.144141693Z 64 PC: 12b08 | Write file or device (See above)
2018-12-25T11:46:30.153337374Z 66 PC: 12b12 | Move file pointer (See above)
2018-12-25T11:46:30.154719804Z 64 PC: 12b20 | Write file or device (See above)
2018-12-25T11:46:30.157745383Z 87 PC: 12be1 | Get or set file date and time (See above)
2018-12-25T11:46:30.159928991Z 62 PC: 12b2a | Close file (See above)
2018-12-25T11:46:30.166329646Z 79 PC: 12aec | Find next file (See above)