Sample viewer

vx.netlux.org/Virus.DOS.VCL.Xaxa.814

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:21:50.66632226Z	26	PC: 12cd8 \| Set disk transfer address
2018-12-17T22:21:50.668411488Z	53	PC: 12aa2 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:21:50.669676877Z	37	PC: 12ab9 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:21:50.670948591Z	71	PC: 12ac9 \| Get current directory
2018-12-17T22:21:50.674558611Z	78	PC: 12b4f \| Find first file
2018-12-17T22:21:50.680524212Z	78	PC: 12b4f \| Find first file
2018-12-17T22:21:50.693603744Z	61	PC: 12ce4 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:21:50.700483896Z	63	PC: 12b70 \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:21:50.707163514Z	62	PC: 12b75 \| Close file
2018-12-17T22:21:50.709492915Z	67	PC: 12cf3 \| Get or set file attributes
2018-12-17T22:21:50.730917806Z	61	PC: 12ce4 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:21:50.738175002Z	64	PC: 12c82 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:21:50.741244039Z	66	PC: 12cd1 \| Move file pointer
2018-12-17T22:21:50.743143369Z	44	PC: 12c91 \| Get time 0x12c91: nop 0x12c92: cmp dh, 0 0x12c95: nop 0x12c96: je 0x12c8c 0x12c98: nop 0x12c99: mov byte ptr cs:[bp + 0x430], dh 0x12c9e: nop 0x12c9f: call 0x12d1e 0x12ca2: mov ax, 0x5701 0x12ca5: nop 0x12ca6: mov cx, word ptr cs:[bp + 0x4ac] 0x12cab: nop 0x12cac: mov dx, word ptr cs:[bp + 0x4ae] 0x12cb1: nop 0x12cb2: int 0x21 0x12cb4: mov ah, 0x3e 0x12cb6: nop 0x12cb7: int 0x21 0x12cb9: xor cx, cx 0x12cbb: nop
2018-12-17T22:21:50.746478748Z	64	PC: 12d98 \| Write file or device (Write 814 bytes on handle 5)
2018-12-17T22:21:50.755361893Z	87	PC: 12cb4 \| Get or set file date and time
2018-12-17T22:21:50.769746542Z	62	PC: 12cb9 \| Close file
2018-12-17T22:21:50.777898744Z	67	PC: 12cf3 \| Get or set file attributes
2018-12-17T22:21:50.793449185Z	79	PC: 12b4f \| Find next file
2018-12-17T22:21:50.796583849Z	61	PC: 12ce4 \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:21:50.80464365Z	63	PC: 12b70 \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:21:50.811924406Z	62	PC: 12b75 \| Close file
2018-12-17T22:21:50.814263213Z	67	PC: 12cf3 \| Get or set file attributes
2018-12-17T22:21:50.826434949Z	61	PC: 12ce4 \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:21:50.833545262Z	64	PC: 12c82 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:21:50.836491526Z	66	PC: 12cd1 \| Move file pointer
2018-12-17T22:21:50.843163254Z	44	PC: 12c91 \| Get time 0x12c91: nop 0x12c92: cmp dh, 0 0x12c95: nop 0x12c96: je 0x12c8c 0x12c98: nop 0x12c99: mov byte ptr cs:[bp + 0x430], dh 0x12c9e: nop 0x12c9f: call 0x12d1e 0x12ca2: mov ax, 0x5701 0x12ca5: nop 0x12ca6: mov cx, word ptr cs:[bp + 0x4ac] 0x12cab: nop 0x12cac: mov dx, word ptr cs:[bp + 0x4ae] 0x12cb1: nop 0x12cb2: int 0x21 0x12cb4: mov ah, 0x3e 0x12cb6: nop 0x12cb7: int 0x21 0x12cb9: xor cx, cx 0x12cbb: nop
2018-12-17T22:21:50.845944036Z	64	PC: 12d98 \| Write file or device (Write 814 bytes on handle 5)
2018-12-17T22:21:50.854815843Z	87	PC: 12cb4 \| Get or set file date and time
2018-12-17T22:21:50.857610451Z	62	PC: 12cb9 \| Close file
2018-12-17T22:21:50.865290584Z	67	PC: 12cf3 \| Get or set file attributes
2018-12-17T22:21:50.875946657Z	79	PC: 12b4f \| Find next file
2018-12-17T22:21:50.879200854Z	61	PC: 12ce4 \| Open file (Filename = 'HELLO.COM')
2018-12-17T22:21:50.886333956Z	63	PC: 12b70 \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:21:50.892795778Z	62	PC: 12b75 \| Close file
2018-12-17T22:21:50.895670835Z	67	PC: 12cf3 \| Get or set file attributes
2018-12-17T22:21:50.905649615Z	61	PC: 12ce4 \| Open file (Filename = 'HELLO.COM')
2018-12-17T22:21:50.917518286Z	64	PC: 12c82 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:21:50.925852422Z	66	PC: 12cd1 \| Move file pointer
2018-12-17T22:21:50.927470947Z	44	PC: 12c91 \| Get time 0x12c91: nop 0x12c92: cmp dh, 0 0x12c95: nop 0x12c96: je 0x12c8c 0x12c98: nop 0x12c99: mov byte ptr cs:[bp + 0x430], dh 0x12c9e: nop 0x12c9f: call 0x12d1e 0x12ca2: mov ax, 0x5701 0x12ca5: nop 0x12ca6: mov cx, word ptr cs:[bp + 0x4ac] 0x12cab: nop 0x12cac: mov dx, word ptr cs:[bp + 0x4ae] 0x12cb1: nop 0x12cb2: int 0x21 0x12cb4: mov ah, 0x3e 0x12cb6: nop 0x12cb7: int 0x21 0x12cb9: xor cx, cx 0x12cbb: nop
2018-12-17T22:21:50.930223712Z	64	PC: 12d98 \| Write file or device (Write 814 bytes on handle 5)
2018-12-17T22:21:50.939485128Z	87	PC: 12cb4 \| Get or set file date and time
2018-12-17T22:21:50.941539798Z	62	PC: 12cb9 \| Close file
2018-12-17T22:21:50.950221358Z	67	PC: 12cf3 \| Get or set file attributes
2018-12-17T22:21:50.960476227Z	79	PC: 12b4f \| Find next file
2018-12-17T22:21:50.965979677Z	61	PC: 12ce4 \| Open file (Filename = 'PHANG.COM')
2018-12-17T22:21:50.972345964Z	63	PC: 12b70 \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:21:50.978613784Z	62	PC: 12b75 \| Close file
2018-12-17T22:21:50.981184734Z	67	PC: 12cf3 \| Get or set file attributes
2018-12-17T22:21:50.992085387Z	61	PC: 12ce4 \| Open file (Filename = 'PHANG.COM')
2018-12-17T22:21:50.998805996Z	64	PC: 12c82 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:21:51.003912545Z	66	PC: 12cd1 \| Move file pointer
2018-12-17T22:21:51.005392834Z	44	PC: 12c91 \| Get time 0x12c91: nop 0x12c92: cmp dh, 0 0x12c95: nop 0x12c96: je 0x12c8c 0x12c98: nop 0x12c99: mov byte ptr cs:[bp + 0x430], dh 0x12c9e: nop 0x12c9f: call 0x12d1e 0x12ca2: mov ax, 0x5701 0x12ca5: nop 0x12ca6: mov cx, word ptr cs:[bp + 0x4ac] 0x12cab: nop 0x12cac: mov dx, word ptr cs:[bp + 0x4ae] 0x12cb1: nop 0x12cb2: int 0x21 0x12cb4: mov ah, 0x3e 0x12cb6: nop 0x12cb7: int 0x21 0x12cb9: xor cx, cx 0x12cbb: nop
2018-12-17T22:21:51.008221204Z	64	PC: 12d98 \| Write file or device (Write 814 bytes on handle 5)
2018-12-17T22:21:51.018904488Z	87	PC: 12cb4 \| Get or set file date and time
2018-12-17T22:21:51.020612056Z	62	PC: 12cb9 \| Close file
2018-12-17T22:21:51.028646457Z	67	PC: 12cf3 \| Get or set file attributes
2018-12-17T22:21:51.039483489Z	79	PC: 12b4f \| Find next file
2018-12-17T22:21:51.042439722Z	61	PC: 12ce4 \| Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:21:51.049239986Z	63	PC: 12b70 \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:21:51.05725581Z	62	PC: 12b75 \| Close file
2018-12-17T22:21:51.059938412Z	67	PC: 12cf3 \| Get or set file attributes
2018-12-17T22:21:51.069991692Z	61	PC: 12ce4 \| Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:21:51.077709039Z	64	PC: 12c82 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:21:51.081101689Z	66	PC: 12cd1 \| Move file pointer
2018-12-17T22:21:51.082399281Z	44	PC: 12c91 \| Get time 0x12c91: nop 0x12c92: cmp dh, 0 0x12c95: nop 0x12c96: je 0x12c8c 0x12c98: nop 0x12c99: mov byte ptr cs:[bp + 0x430], dh 0x12c9e: nop 0x12c9f: call 0x12d1e 0x12ca2: mov ax, 0x5701 0x12ca5: nop 0x12ca6: mov cx, word ptr cs:[bp + 0x4ac] 0x12cab: nop 0x12cac: mov dx, word ptr cs:[bp + 0x4ae] 0x12cb1: nop 0x12cb2: int 0x21 0x12cb4: mov ah, 0x3e 0x12cb6: nop 0x12cb7: int 0x21 0x12cb9: xor cx, cx 0x12cbb: nop
2018-12-17T22:21:51.085271333Z	64	PC: 12d98 \| Write file or device (Write 814 bytes on handle 5)
2018-12-17T22:21:51.093560859Z	87	PC: 12cb4 \| Get or set file date and time
2018-12-17T22:21:51.095014213Z	62	PC: 12cb9 \| Close file
2018-12-17T22:21:51.103483762Z	67	PC: 12cf3 \| Get or set file attributes
2018-12-17T22:21:51.113748343Z	79	PC: 12b4f \| Find next file
2018-12-17T22:21:51.11652848Z	61	PC: 12ce4 \| Open file (Filename = 'MANDEL.COM')
2018-12-17T22:21:51.123706052Z	63	PC: 12b70 \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:21:51.130680304Z	62	PC: 12b75 \| Close file
2018-12-17T22:21:51.132577903Z	67	PC: 12cf3 \| Get or set file attributes
2018-12-17T22:21:51.142836959Z	61	PC: 12ce4 \| Open file (Filename = 'MANDEL.COM')
2018-12-17T22:21:51.150032153Z	64	PC: 12c82 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:21:51.15303295Z	66	PC: 12cd1 \| Move file pointer
2018-12-17T22:21:51.155006505Z	44	PC: 12c91 \| Get time 0x12c91: nop 0x12c92: cmp dh, 0 0x12c95: nop 0x12c96: je 0x12c8c 0x12c98: nop 0x12c99: mov byte ptr cs:[bp + 0x430], dh 0x12c9e: nop 0x12c9f: call 0x12d1e 0x12ca2: mov ax, 0x5701 0x12ca5: nop 0x12ca6: mov cx, word ptr cs:[bp + 0x4ac] 0x12cab: nop 0x12cac: mov dx, word ptr cs:[bp + 0x4ae] 0x12cb1: nop 0x12cb2: int 0x21 0x12cb4: mov ah, 0x3e 0x12cb6: nop 0x12cb7: int 0x21 0x12cb9: xor cx, cx 0x12cbb: nop
2018-12-17T22:21:51.158408756Z	64	PC: 12d98 \| Write file or device (Write 814 bytes on handle 5)
2018-12-17T22:21:51.167436047Z	87	PC: 12cb4 \| Get or set file date and time
2018-12-17T22:21:51.169118098Z	62	PC: 12cb9 \| Close file
2018-12-17T22:21:51.176904853Z	67	PC: 12cf3 \| Get or set file attributes
2018-12-17T22:21:51.186951121Z	79	PC: 12b4f \| Find next file
2018-12-17T22:21:51.189465293Z	61	PC: 12ce4 \| Open file (Filename = 'PAH.COM')
2018-12-17T22:21:51.196146138Z	63	PC: 12b70 \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:21:51.202474591Z	62	PC: 12b75 \| Close file
2018-12-17T22:21:51.204484559Z	67	PC: 12cf3 \| Get or set file attributes
2018-12-17T22:21:51.21462289Z	61	PC: 12ce4 \| Open file (Filename = 'PAH.COM')
2018-12-17T22:21:51.221312096Z	64	PC: 12c82 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:21:51.223996277Z	66	PC: 12cd1 \| Move file pointer
2018-12-17T22:21:51.226023462Z	44	PC: 12c91 \| Get time 0x12c91: nop 0x12c92: cmp dh, 0 0x12c95: nop 0x12c96: je 0x12c8c 0x12c98: nop 0x12c99: mov byte ptr cs:[bp + 0x430], dh 0x12c9e: nop 0x12c9f: call 0x12d1e 0x12ca2: mov ax, 0x5701 0x12ca5: nop 0x12ca6: mov cx, word ptr cs:[bp + 0x4ac] 0x12cab: nop 0x12cac: mov dx, word ptr cs:[bp + 0x4ae] 0x12cb1: nop 0x12cb2: int 0x21 0x12cb4: mov ah, 0x3e 0x12cb6: nop 0x12cb7: int 0x21 0x12cb9: xor cx, cx 0x12cbb: nop
2018-12-17T22:21:51.228798338Z	64	PC: 12d98 \| Write file or device (Write 814 bytes on handle 5)
2018-12-17T22:21:51.237343256Z	87	PC: 12cb4 \| Get or set file date and time
2018-12-17T22:21:51.239065766Z	62	PC: 12cb9 \| Close file
2018-12-17T22:21:51.246694906Z	67	PC: 12cf3 \| Get or set file attributes
2018-12-17T22:21:51.256807216Z	79	PC: 12b4f \| Find next file
2018-12-17T22:21:51.275576467Z	61	PC: 12ce4 \| Open file (Filename = 'TEST.COM')
2018-12-17T22:21:51.282027204Z	63	PC: 12b70 \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:21:51.286380042Z	62	PC: 12b75 \| Close file
2018-12-17T22:21:51.289153817Z	79	PC: 12b4f \| Find next file
2018-12-17T22:21:51.291697605Z	59	PC: 12ae5 \| Change current directory
2018-12-17T22:21:51.295894994Z	37	PC: 12af5 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:21:51.297961064Z	59	PC: 12b02 \| Change current directory
2018-12-17T22:21:51.299873739Z	26	PC: 12cd8 \| Set disk transfer address

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":3817,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:50:16.181621158Z	26	PC: 12cd8 \| Set disk transfer address
2018-12-25T11:50:16.183127676Z	53	PC: 12aa2 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:50:16.184264788Z	37	PC: 12ab9 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:50:16.18567476Z	71	PC: 12ac9 \| Get current directory
2018-12-25T11:50:16.188778925Z	78	PC: 12b4f \| Find first file
2018-12-25T11:50:16.194549993Z	78	PC: 12b4f \| Find first file (See above)
2018-12-25T11:50:16.200162477Z	61	PC: 12ce4 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:50:16.206648243Z	63	PC: 12b70 \| Read file or device (Read 26 bytes on handle 5)
2018-12-25T11:50:16.213462561Z	62	PC: 12b75 \| Close file
2018-12-25T11:50:16.215786394Z	67	PC: 12cf3 \| Get or set file attributes
2018-12-25T11:50:16.231585356Z	61	PC: 12ce4 \| Open file (See above)
2018-12-25T11:50:16.24005745Z	64	PC: 12c82 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:50:16.242945264Z	66	PC: 12cd1 \| Move file pointer
2018-12-25T11:50:16.244333852Z	44	PC: 12c91 \| Get time 0x12c91: nop 0x12c92: cmp dh, 0 0x12c95: nop 0x12c96: je 0x12c8c 0x12c98: nop 0x12c99: mov byte ptr cs:[bp + 0x430], dh 0x12c9e: nop 0x12c9f: call 0x12d1e 0x12ca2: mov ax, 0x5701 0x12ca5: nop 0x12ca6: mov cx, word ptr cs:[bp + 0x4ac] 0x12cab: nop 0x12cac: mov dx, word ptr cs:[bp + 0x4ae] 0x12cb1: nop 0x12cb2: int 0x21 0x12cb4: mov ah, 0x3e 0x12cb6: nop 0x12cb7: int 0x21 0x12cb9: xor cx, cx 0x12cbb: nop
2018-12-25T11:50:16.247562323Z	64	PC: 12d98 \| Write file or device (Write 814 bytes on handle 5)
2018-12-25T11:50:16.257323674Z	87	PC: 12cb4 \| Get or set file date and time
2018-12-25T11:50:16.259576038Z	62	PC: 12cb9 \| Close file
2018-12-25T11:50:16.267873487Z	67	PC: 12cf3 \| Get or set file attributes (See above)
2018-12-25T11:50:16.278892341Z	79	PC: 12b4f \| Find next file (See above)
2018-12-25T11:50:16.281431913Z	61	PC: 12ce4 \| Open file (See above)
2018-12-25T11:50:16.288829532Z	63	PC: 12b70 \| Read file or device (See above)
2018-12-25T11:50:16.29496882Z	62	PC: 12b75 \| Close file (See above)
2018-12-25T11:50:16.296769047Z	67	PC: 12cf3 \| Get or set file attributes (See above)
2018-12-25T11:50:16.306953317Z	61	PC: 12ce4 \| Open file (See above)
2018-12-25T11:50:16.313497721Z	64	PC: 12c82 \| Write file or device (See above)
2018-12-25T11:50:16.316034805Z	66	PC: 12cd1 \| Move file pointer (See above)
2018-12-25T11:50:16.317791918Z	44	PC: 12c91 \| Get time (See above)
2018-12-25T11:50:16.320109335Z	64	PC: 12d98 \| Write file or device (See above)
2018-12-25T11:50:16.328330529Z	87	PC: 12cb4 \| Get or set file date and time (See above)
2018-12-25T11:50:16.330429962Z	62	PC: 12cb9 \| Close file (See above)
2018-12-25T11:50:16.338084Z	67	PC: 12cf3 \| Get or set file attributes (See above)
2018-12-25T11:50:16.347821826Z	79	PC: 12b4f \| Find next file (See above)
2018-12-25T11:50:16.351549004Z	61	PC: 12ce4 \| Open file (See above)
2018-12-25T11:50:16.357882111Z	63	PC: 12b70 \| Read file or device (See above)
2018-12-25T11:50:16.36395771Z	62	PC: 12b75 \| Close file (See above)
2018-12-25T11:50:16.366158592Z	67	PC: 12cf3 \| Get or set file attributes (See above)
2018-12-25T11:50:16.379582734Z	61	PC: 12ce4 \| Open file (See above)
2018-12-25T11:50:16.386003112Z	64	PC: 12c82 \| Write file or device (See above)
2018-12-25T11:50:16.389188542Z	66	PC: 12cd1 \| Move file pointer (See above)
2018-12-25T11:50:16.390773925Z	44	PC: 12c91 \| Get time (See above)
2018-12-25T11:50:16.393551594Z	64	PC: 12d98 \| Write file or device (See above)
2018-12-25T11:50:16.402677285Z	87	PC: 12cb4 \| Get or set file date and time (See above)
2018-12-25T11:50:16.404199302Z	62	PC: 12cb9 \| Close file (See above)
2018-12-25T11:50:16.411654569Z	67	PC: 12cf3 \| Get or set file attributes (See above)
2018-12-25T11:50:16.421589241Z	79	PC: 12b4f \| Find next file (See above)
2018-12-25T11:50:16.430418113Z	61	PC: 12ce4 \| Open file (See above)
2018-12-25T11:50:16.437107743Z	63	PC: 12b70 \| Read file or device (See above)
2018-12-25T11:50:16.441640423Z	62	PC: 12b75 \| Close file (See above)
2018-12-25T11:50:16.4436678Z	67	PC: 12cf3 \| Get or set file attributes (See above)
2018-12-25T11:50:16.453324368Z	61	PC: 12ce4 \| Open file (See above)
2018-12-25T11:50:16.459655413Z	64	PC: 12c82 \| Write file or device (See above)
2018-12-25T11:50:16.462834775Z	66	PC: 12cd1 \| Move file pointer (See above)
2018-12-25T11:50:16.464176601Z	44	PC: 12c91 \| Get time (See above)
2018-12-25T11:50:16.466551887Z	64	PC: 12d98 \| Write file or device (See above)
2018-12-25T11:50:16.474918855Z	87	PC: 12cb4 \| Get or set file date and time (See above)
2018-12-25T11:50:16.476351148Z	62	PC: 12cb9 \| Close file (See above)
2018-12-25T11:50:16.484590491Z	67	PC: 12cf3 \| Get or set file attributes (See above)
2018-12-25T11:50:16.49475656Z	79	PC: 12b4f \| Find next file (See above)
2018-12-25T11:50:16.497237039Z	61	PC: 12ce4 \| Open file (See above)
2018-12-25T11:50:16.503480492Z	63	PC: 12b70 \| Read file or device (See above)
2018-12-25T11:50:16.510221199Z	62	PC: 12b75 \| Close file (See above)
2018-12-25T11:50:16.511981583Z	67	PC: 12cf3 \| Get or set file attributes (See above)
2018-12-25T11:50:16.521579027Z	61	PC: 12ce4 \| Open file (See above)
2018-12-25T11:50:16.529019665Z	64	PC: 12c82 \| Write file or device (See above)
2018-12-25T11:50:16.532339075Z	66	PC: 12cd1 \| Move file pointer (See above)
2018-12-25T11:50:16.533920423Z	44	PC: 12c91 \| Get time (See above)
2018-12-25T11:50:16.537344568Z	64	PC: 12d98 \| Write file or device (See above)
2018-12-25T11:50:16.546182027Z	87	PC: 12cb4 \| Get or set file date and time (See above)
2018-12-25T11:50:16.547620067Z	62	PC: 12cb9 \| Close file (See above)
2018-12-25T11:50:16.555995205Z	67	PC: 12cf3 \| Get or set file attributes (See above)
2018-12-25T11:50:16.565638388Z	79	PC: 12b4f \| Find next file (See above)
2018-12-25T11:50:16.568207997Z	61	PC: 12ce4 \| Open file (See above)
2018-12-25T11:50:16.574606392Z	63	PC: 12b70 \| Read file or device (See above)
2018-12-25T11:50:16.581201378Z	62	PC: 12b75 \| Close file (See above)
2018-12-25T11:50:16.583144766Z	67	PC: 12cf3 \| Get or set file attributes (See above)
2018-12-25T11:50:16.59296917Z	61	PC: 12ce4 \| Open file (See above)
2018-12-25T11:50:16.600004666Z	64	PC: 12c82 \| Write file or device (See above)
2018-12-25T11:50:16.602952022Z	66	PC: 12cd1 \| Move file pointer (See above)
2018-12-25T11:50:16.604595498Z	44	PC: 12c91 \| Get time (See above)
2018-12-25T11:50:16.607601501Z	64	PC: 12d98 \| Write file or device (See above)
2018-12-25T11:50:16.616931827Z	87	PC: 12cb4 \| Get or set file date and time (See above)
2018-12-25T11:50:16.618789389Z	62	PC: 12cb9 \| Close file (See above)
2018-12-25T11:50:16.626476866Z	67	PC: 12cf3 \| Get or set file attributes (See above)
2018-12-25T11:50:16.635921016Z	79	PC: 12b4f \| Find next file (See above)
2018-12-25T11:50:16.63852996Z	61	PC: 12ce4 \| Open file (See above)
2018-12-25T11:50:16.645149517Z	63	PC: 12b70 \| Read file or device (See above)
2018-12-25T11:50:16.651190569Z	62	PC: 12b75 \| Close file (See above)
2018-12-25T11:50:16.652815256Z	67	PC: 12cf3 \| Get or set file attributes (See above)
2018-12-25T11:50:16.662730052Z	61	PC: 12ce4 \| Open file (See above)
2018-12-25T11:50:16.674360952Z	64	PC: 12c82 \| Write file or device (See above)
2018-12-25T11:50:16.681033934Z	66	PC: 12cd1 \| Move file pointer (See above)
2018-12-25T11:50:16.683100055Z	44	PC: 12c91 \| Get time (See above)
2018-12-25T11:50:16.685555355Z	64	PC: 12d98 \| Write file or device (See above)
2018-12-25T11:50:16.693924255Z	87	PC: 12cb4 \| Get or set file date and time (See above)
2018-12-25T11:50:16.695985648Z	62	PC: 12cb9 \| Close file (See above)
2018-12-25T11:50:16.703476756Z	67	PC: 12cf3 \| Get or set file attributes (See above)
2018-12-25T11:50:16.712982221Z	79	PC: 12b4f \| Find next file (See above)
2018-12-25T11:50:16.715875986Z	61	PC: 12ce4 \| Open file (See above)
2018-12-25T11:50:16.722574121Z	63	PC: 12b70 \| Read file or device (See above)
2018-12-25T11:50:16.72861088Z	62	PC: 12b75 \| Close file (See above)
2018-12-25T11:50:16.73144187Z	79	PC: 12b4f \| Find next file (See above)
2018-12-25T11:50:16.734404575Z	59	PC: 12ae5 \| Change current directory
2018-12-25T11:50:16.738206293Z	37	PC: 12af5 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:50:16.740327295Z	59	PC: 12b02 \| Change current directory
2018-12-25T11:50:16.742001191Z	26	PC: 12cd8 \| Set disk transfer address (See above)

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":3817,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:50:16.166236321Z	26	PC: 12cd8 \| Set disk transfer address
2018-12-25T11:50:16.167843932Z	53	PC: 12aa2 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:50:16.169120975Z	37	PC: 12ab9 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:50:16.170784155Z	71	PC: 12ac9 \| Get current directory
2018-12-25T11:50:16.173941816Z	78	PC: 12b4f \| Find first file
2018-12-25T11:50:16.181448419Z	78	PC: 12b4f \| Find first file (See above)
2018-12-25T11:50:16.188205429Z	61	PC: 12ce4 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:50:16.195752603Z	63	PC: 12b70 \| Read file or device (Read 26 bytes on handle 5)
2018-12-25T11:50:16.203272723Z	62	PC: 12b75 \| Close file
2018-12-25T11:50:16.20645576Z	67	PC: 12cf3 \| Get or set file attributes
2018-12-25T11:50:16.223982252Z	61	PC: 12ce4 \| Open file (See above)
2018-12-25T11:50:16.231830389Z	64	PC: 12c82 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:50:16.23481788Z	66	PC: 12cd1 \| Move file pointer
2018-12-25T11:50:16.236093346Z	44	PC: 12c91 \| Get time 0x12c91: nop 0x12c92: cmp dh, 0 0x12c95: nop 0x12c96: je 0x12c8c 0x12c98: nop 0x12c99: mov byte ptr cs:[bp + 0x430], dh 0x12c9e: nop 0x12c9f: call 0x12d1e 0x12ca2: mov ax, 0x5701 0x12ca5: nop 0x12ca6: mov cx, word ptr cs:[bp + 0x4ac] 0x12cab: nop 0x12cac: mov dx, word ptr cs:[bp + 0x4ae] 0x12cb1: nop 0x12cb2: int 0x21 0x12cb4: mov ah, 0x3e 0x12cb6: nop 0x12cb7: int 0x21 0x12cb9: xor cx, cx 0x12cbb: nop
2018-12-25T11:50:16.239251414Z	64	PC: 12d98 \| Write file or device (Write 814 bytes on handle 5)
2018-12-25T11:50:16.250210187Z	87	PC: 12cb4 \| Get or set file date and time
2018-12-25T11:50:16.252073954Z	62	PC: 12cb9 \| Close file
2018-12-25T11:50:16.260979714Z	67	PC: 12cf3 \| Get or set file attributes (See above)
2018-12-25T11:50:16.271994385Z	79	PC: 12b4f \| Find next file (See above)
2018-12-25T11:50:16.274972217Z	61	PC: 12ce4 \| Open file (See above)
2018-12-25T11:50:16.282274287Z	63	PC: 12b70 \| Read file or device (See above)
2018-12-25T11:50:16.287528835Z	62	PC: 12b75 \| Close file (See above)
2018-12-25T11:50:16.289264658Z	67	PC: 12cf3 \| Get or set file attributes (See above)
2018-12-25T11:50:16.300099907Z	61	PC: 12ce4 \| Open file (See above)
2018-12-25T11:50:16.313481978Z	64	PC: 12c82 \| Write file or device (See above)
2018-12-25T11:50:16.318989126Z	66	PC: 12cd1 \| Move file pointer (See above)
2018-12-25T11:50:16.319963483Z	44	PC: 12c91 \| Get time (See above)
2018-12-25T11:50:16.322443638Z	64	PC: 12d98 \| Write file or device (See above)
2018-12-25T11:50:16.33143932Z	87	PC: 12cb4 \| Get or set file date and time (See above)
2018-12-25T11:50:16.332808038Z	62	PC: 12cb9 \| Close file (See above)
2018-12-25T11:50:16.341687905Z	67	PC: 12cf3 \| Get or set file attributes (See above)
2018-12-25T11:50:16.3524221Z	79	PC: 12b4f \| Find next file (See above)
2018-12-25T11:50:16.35511028Z	61	PC: 12ce4 \| Open file (See above)
2018-12-25T11:50:16.362532135Z	63	PC: 12b70 \| Read file or device (See above)
2018-12-25T11:50:16.370096603Z	62	PC: 12b75 \| Close file (See above)
2018-12-25T11:50:16.372128055Z	67	PC: 12cf3 \| Get or set file attributes (See above)
2018-12-25T11:50:16.379454294Z	61	PC: 12ce4 \| Open file (See above)
2018-12-25T11:50:16.384092901Z	64	PC: 12c82 \| Write file or device (See above)
2018-12-25T11:50:16.385993055Z	66	PC: 12cd1 \| Move file pointer (See above)
2018-12-25T11:50:16.388017768Z	44	PC: 12c91 \| Get time (See above)
2018-12-25T11:50:16.390813912Z	64	PC: 12d98 \| Write file or device (See above)
2018-12-25T11:50:16.399874209Z	87	PC: 12cb4 \| Get or set file date and time (See above)
2018-12-25T11:50:16.401734357Z	62	PC: 12cb9 \| Close file (See above)
2018-12-25T11:50:16.410060161Z	67	PC: 12cf3 \| Get or set file attributes (See above)
2018-12-25T11:50:16.420962036Z	79	PC: 12b4f \| Find next file (See above)
2018-12-25T11:50:16.42430667Z	61	PC: 12ce4 \| Open file (See above)
2018-12-25T11:50:16.437852323Z	63	PC: 12b70 \| Read file or device (See above)
2018-12-25T11:50:16.444828927Z	62	PC: 12b75 \| Close file (See above)
2018-12-25T11:50:16.446820567Z	67	PC: 12cf3 \| Get or set file attributes (See above)
2018-12-25T11:50:16.458465993Z	61	PC: 12ce4 \| Open file (See above)
2018-12-25T11:50:16.46580305Z	64	PC: 12c82 \| Write file or device (See above)
2018-12-25T11:50:16.468937645Z	66	PC: 12cd1 \| Move file pointer (See above)
2018-12-25T11:50:16.47114897Z	44	PC: 12c91 \| Get time (See above)
2018-12-25T11:50:16.473830181Z	64	PC: 12d98 \| Write file or device (See above)
2018-12-25T11:50:16.483876848Z	87	PC: 12cb4 \| Get or set file date and time (See above)
2018-12-25T11:50:16.486596631Z	62	PC: 12cb9 \| Close file (See above)
2018-12-25T11:50:16.492613259Z	67	PC: 12cf3 \| Get or set file attributes (See above)
2018-12-25T11:50:16.500400975Z	79	PC: 12b4f \| Find next file (See above)
2018-12-25T11:50:16.503264331Z	61	PC: 12ce4 \| Open file (See above)
2018-12-25T11:50:16.508169681Z	63	PC: 12b70 \| Read file or device (See above)
2018-12-25T11:50:16.51314973Z	62	PC: 12b75 \| Close file (See above)
2018-12-25T11:50:16.514820131Z	67	PC: 12cf3 \| Get or set file attributes (See above)
2018-12-25T11:50:16.526043345Z	61	PC: 12ce4 \| Open file (See above)
2018-12-25T11:50:16.533408654Z	64	PC: 12c82 \| Write file or device (See above)
2018-12-25T11:50:16.536615842Z	66	PC: 12cd1 \| Move file pointer (See above)
2018-12-25T11:50:16.538778154Z	44	PC: 12c91 \| Get time (See above)
2018-12-25T11:50:16.541638548Z	64	PC: 12d98 \| Write file or device (See above)
2018-12-25T11:50:16.550819239Z	87	PC: 12cb4 \| Get or set file date and time (See above)
2018-12-25T11:50:16.553247214Z	62	PC: 12cb9 \| Close file (See above)
2018-12-25T11:50:16.562067478Z	67	PC: 12cf3 \| Get or set file attributes (See above)
2018-12-25T11:50:16.572690775Z	79	PC: 12b4f \| Find next file (See above)
2018-12-25T11:50:16.575683754Z	61	PC: 12ce4 \| Open file (See above)
2018-12-25T11:50:16.582728434Z	63	PC: 12b70 \| Read file or device (See above)
2018-12-25T11:50:16.589560956Z	62	PC: 12b75 \| Close file (See above)
2018-12-25T11:50:16.59170213Z	67	PC: 12cf3 \| Get or set file attributes (See above)
2018-12-25T11:50:16.6022758Z	61	PC: 12ce4 \| Open file (See above)
2018-12-25T11:50:16.609270491Z	64	PC: 12c82 \| Write file or device (See above)
2018-12-25T11:50:16.61259417Z	66	PC: 12cd1 \| Move file pointer (See above)
2018-12-25T11:50:16.613969529Z	44	PC: 12c91 \| Get time (See above)
2018-12-25T11:50:16.616491894Z	64	PC: 12d98 \| Write file or device (See above)
2018-12-25T11:50:16.626802738Z	87	PC: 12cb4 \| Get or set file date and time (See above)
2018-12-25T11:50:16.628324299Z	62	PC: 12cb9 \| Close file (See above)
2018-12-25T11:50:16.636731614Z	67	PC: 12cf3 \| Get or set file attributes (See above)
2018-12-25T11:50:16.647453598Z	79	PC: 12b4f \| Find next file (See above)
2018-12-25T11:50:16.65071229Z	61	PC: 12ce4 \| Open file (See above)
2018-12-25T11:50:16.657962023Z	63	PC: 12b70 \| Read file or device (See above)
2018-12-25T11:50:16.665219271Z	62	PC: 12b75 \| Close file (See above)
2018-12-25T11:50:16.66768596Z	67	PC: 12cf3 \| Get or set file attributes (See above)
2018-12-25T11:50:16.678786375Z	61	PC: 12ce4 \| Open file (See above)
2018-12-25T11:50:16.686584159Z	64	PC: 12c82 \| Write file or device (See above)
2018-12-25T11:50:16.689741041Z	66	PC: 12cd1 \| Move file pointer (See above)
2018-12-25T11:50:16.691192001Z	44	PC: 12c91 \| Get time (See above)
2018-12-25T11:50:16.693911117Z	64	PC: 12d98 \| Write file or device (See above)
2018-12-25T11:50:16.703495289Z	87	PC: 12cb4 \| Get or set file date and time (See above)
2018-12-25T11:50:16.705048542Z	62	PC: 12cb9 \| Close file (See above)
2018-12-25T11:50:16.713554188Z	67	PC: 12cf3 \| Get or set file attributes (See above)
2018-12-25T11:50:16.724573139Z	79	PC: 12b4f \| Find next file (See above)
2018-12-25T11:50:16.727360451Z	61	PC: 12ce4 \| Open file (See above)
2018-12-25T11:50:16.735220745Z	63	PC: 12b70 \| Read file or device (See above)
2018-12-25T11:50:16.743331463Z	62	PC: 12b75 \| Close file (See above)
2018-12-25T11:50:16.74517802Z	79	PC: 12b4f \| Find next file (See above)
2018-12-25T11:50:16.747678421Z	59	PC: 12ae5 \| Change current directory
2018-12-25T11:50:16.752694241Z	37	PC: 12af5 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:50:16.754306444Z	59	PC: 12b02 \| Change current directory
2018-12-25T11:50:16.756377151Z	26	PC: 12cd8 \| Set disk transfer address (See above)