Sample viewer

vx.netlux.org/Virus.DOS.SSR.1630

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:29:38.755241234Z 78 PC: 12ab2 | Find first file
2018-12-17T22:29:38.762440455Z 67 PC: 12afd | Get or set file attributes
2018-12-17T22:29:38.786814555Z 61 PC: 12b07 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:29:38.794438213Z 63 PC: 12b17 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:29:38.801547749Z 66 PC: 12b36 | Move file pointer
2018-12-17T22:29:38.804411225Z 64 PC: 12b8b | Write file or device (Write 1630 bytes on handle 5)
2018-12-17T22:29:38.813520471Z 66 PC: 12b9a | Move file pointer
2018-12-17T22:29:38.81521265Z 64 PC: 12bab | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:29:38.821899917Z 62 PC: 12bb4 | Close file
2018-12-17T22:29:38.830179214Z 79 PC: 12aba | Find next file
2018-12-17T22:29:38.833172913Z 67 PC: 12afd | Get or set file attributes
2018-12-17T22:29:38.938177103Z 61 PC: 12b07 | Open file
2018-12-17T22:29:38.945289962Z 63 PC: 12b17 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:29:38.952085043Z 66 PC: 12b36 | Move file pointer
2018-12-17T22:29:38.956009033Z 64 PC: 12b8b | Write file or device (Write 1630 bytes on handle 5)
2018-12-17T22:29:39.03685747Z 66 PC: 12b9a | Move file pointer
2018-12-17T22:29:39.03870334Z 64 PC: 12bab | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:29:39.046732311Z 62 PC: 12bb4 | Close file
2018-12-17T22:29:39.258359415Z 79 PC: 12aba | Find next file
2018-12-17T22:29:39.261385389Z 67 PC: 12afd | Get or set file attributes
2018-12-17T22:29:39.475658879Z 61 PC: 12b07 | Open file
2018-12-17T22:29:39.482699685Z 63 PC: 12b17 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:29:39.489290416Z 66 PC: 12b36 | Move file pointer
2018-12-17T22:29:39.493173305Z 64 PC: 12b8b | Write file or device (Write 1630 bytes on handle 5)
2018-12-17T22:29:39.643265459Z 66 PC: 12b9a | Move file pointer
2018-12-17T22:29:39.645006174Z 64 PC: 12bab | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:29:39.651226765Z 62 PC: 12bb4 | Close file
2018-12-17T22:29:39.668812582Z 79 PC: 12aba | Find next file
2018-12-17T22:29:39.67137894Z 67 PC: 12afd | Get or set file attributes
2018-12-17T22:29:39.690902518Z 61 PC: 12b07 | Open file
2018-12-17T22:29:39.697746592Z 63 PC: 12b17 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:29:39.704450678Z 66 PC: 12b36 | Move file pointer
2018-12-17T22:29:39.70792044Z 64 PC: 12b8b | Write file or device (Write 1630 bytes on handle 5)
2018-12-17T22:29:39.725121276Z 66 PC: 12b9a | Move file pointer
2018-12-17T22:29:39.726750522Z 64 PC: 12bab | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:29:39.733128684Z 62 PC: 12bb4 | Close file
2018-12-17T22:29:39.761473106Z 79 PC: 12aba | Find next file
2018-12-17T22:29:39.764334394Z 67 PC: 12afd | Get or set file attributes
2018-12-17T22:29:39.782156221Z 61 PC: 12b07 | Open file
2018-12-17T22:29:39.789676693Z 63 PC: 12b17 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:29:39.795920405Z 66 PC: 12b36 | Move file pointer
2018-12-17T22:29:39.798640781Z 64 PC: 12b8b | Write file or device (Write 1630 bytes on handle 5)
2018-12-17T22:29:39.817584764Z 66 PC: 12b9a | Move file pointer
2018-12-17T22:29:39.819027678Z 64 PC: 12bab | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:29:39.825481246Z 62 PC: 12bb4 | Close file
2018-12-17T22:29:39.850967209Z 79 PC: 12aba | Find next file
2018-12-17T22:29:39.854622793Z 67 PC: 12afd | Get or set file attributes
2018-12-17T22:29:39.872455375Z 61 PC: 12b07 | Open file
2018-12-17T22:29:39.880545048Z 63 PC: 12b17 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:29:39.887046635Z 66 PC: 12b36 | Move file pointer
2018-12-17T22:29:39.889504441Z 64 PC: 12b8b | Write file or device (Write 1630 bytes on handle 5)
2018-12-17T22:29:39.909075365Z 66 PC: 12b9a | Move file pointer
2018-12-17T22:29:39.911073706Z 64 PC: 12bab | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:29:39.917842201Z 62 PC: 12bb4 | Close file
2018-12-17T22:29:39.943903164Z 79 PC: 12aba | Find next file
2018-12-17T22:29:39.94656584Z 67 PC: 12afd | Get or set file attributes
2018-12-17T22:29:39.971908018Z 61 PC: 12b07 | Open file
2018-12-17T22:29:39.979481961Z 63 PC: 12b17 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:29:39.986548512Z 66 PC: 12b36 | Move file pointer
2018-12-17T22:29:39.990064744Z 64 PC: 12b8b | Write file or device (Write 1630 bytes on handle 5)
2018-12-17T22:29:40.028364424Z 66 PC: 12b9a | Move file pointer
2018-12-17T22:29:40.030035831Z 64 PC: 12bab | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:29:40.03648809Z 62 PC: 12bb4 | Close file
2018-12-17T22:29:40.069634805Z 79 PC: 12aba | Find next file
2018-12-17T22:29:40.072786553Z 67 PC: 12afd | Get or set file attributes
2018-12-17T22:29:40.102901782Z 61 PC: 12b07 | Open file
2018-12-17T22:29:40.111064452Z 63 PC: 12b17 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:29:40.114003653Z 62 PC: 12ac2 | Close file
2018-12-17T22:29:40.116149449Z 79 PC: 12aba | Find next file
2018-12-17T22:29:40.118785686Z 42 PC: 12ac8 | Get date 0x12ac8: cmp cx, 0x7cb
0x12acc: jne 0x12adb
0x12ace: cmp dh, 5
0x12ad1: jne 0x12adb
0x12ad3: cmp dl, 9
0x12ad6: jne 0x12adb
0x12ad8: jmp 0x12bb7
0x12adb: push cs
0x12adc: pop es
0x12add: mov ax, 0xb900
0x12ae0: mov ds, ax
0x12ae2: mov si, 0
0x12ae5: xor di, di
0x12ae7: mov cx, 0x100
0x12aea: rep movsb byte ptr es:[di], byte ptr [si]
0x12aec: pop es
0x12aed: pop ds
0x12aee: mov ax, 0x100
0x12af1: push ax
0x12af2: ret

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5300,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:54:09.675822789Z 78 PC: 12ab2 | Find first file
2018-12-25T11:54:09.682120379Z 67 PC: 12afd | Get or set file attributes
2018-12-25T11:54:09.69896942Z 61 PC: 12b07 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:54:09.705234295Z 63 PC: 12b17 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:54:09.711895521Z 66 PC: 12b36 | Move file pointer
2018-12-25T11:54:09.716118314Z 64 PC: 12b8b | Write file or device (Write 1630 bytes on handle 5)
2018-12-25T11:54:09.72474809Z 66 PC: 12b9a | Move file pointer
2018-12-25T11:54:09.729593263Z 64 PC: 12bab | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:54:09.736593001Z 62 PC: 12bb4 | Close file
2018-12-25T11:54:09.744857286Z 79 PC: 12aba | Find next file
2018-12-25T11:54:09.747967056Z 67 PC: 12afd | Get or set file attributes (See above)
2018-12-25T11:54:09.757701729Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:54:09.76423834Z 63 PC: 12b17 | Read file or device (See above)
2018-12-25T11:54:09.770671279Z 66 PC: 12b36 | Move file pointer (See above)
2018-12-25T11:54:09.773783116Z 64 PC: 12b8b | Write file or device (See above)
2018-12-25T11:54:09.782518385Z 66 PC: 12b9a | Move file pointer (See above)
2018-12-25T11:54:09.783674509Z 64 PC: 12bab | Write file or device (See above)
2018-12-25T11:54:09.790835116Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:54:09.798783046Z 79 PC: 12aba | Find next file (See above)
2018-12-25T11:54:09.801932717Z 67 PC: 12afd | Get or set file attributes (See above)
2018-12-25T11:54:09.826598786Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:54:09.833153797Z 63 PC: 12b17 | Read file or device (See above)
2018-12-25T11:54:09.839500359Z 66 PC: 12b36 | Move file pointer (See above)
2018-12-25T11:54:09.842871961Z 64 PC: 12b8b | Write file or device (See above)
2018-12-25T11:54:09.852460387Z 66 PC: 12b9a | Move file pointer (See above)
2018-12-25T11:54:09.853732544Z 64 PC: 12bab | Write file or device (See above)
2018-12-25T11:54:09.858653379Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:54:09.864274715Z 79 PC: 12aba | Find next file (See above)
2018-12-25T11:54:09.867276144Z 67 PC: 12afd | Get or set file attributes (See above)
2018-12-25T11:54:09.877931927Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:54:09.884857493Z 63 PC: 12b17 | Read file or device (See above)
2018-12-25T11:54:09.891862792Z 66 PC: 12b36 | Move file pointer (See above)
2018-12-25T11:54:09.895244407Z 64 PC: 12b8b | Write file or device (See above)
2018-12-25T11:54:09.904452572Z 66 PC: 12b9a | Move file pointer (See above)
2018-12-25T11:54:09.906113727Z 64 PC: 12bab | Write file or device (See above)
2018-12-25T11:54:09.913052816Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:54:09.921616358Z 79 PC: 12aba | Find next file (See above)
2018-12-25T11:54:09.924217509Z 67 PC: 12afd | Get or set file attributes (See above)
2018-12-25T11:54:09.930257462Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:54:09.935285733Z 63 PC: 12b17 | Read file or device (See above)
2018-12-25T11:54:09.939216388Z 66 PC: 12b36 | Move file pointer (See above)
2018-12-25T11:54:09.940767587Z 64 PC: 12b8b | Write file or device (See above)
2018-12-25T11:54:09.946834989Z 66 PC: 12b9a | Move file pointer (See above)
2018-12-25T11:54:09.947885849Z 64 PC: 12bab | Write file or device (See above)
2018-12-25T11:54:09.95195626Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:54:09.957990009Z 79 PC: 12aba | Find next file (See above)
2018-12-25T11:54:09.95979031Z 67 PC: 12afd | Get or set file attributes (See above)
2018-12-25T11:54:09.965836315Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:54:09.970594869Z 63 PC: 12b17 | Read file or device (See above)
2018-12-25T11:54:09.974629812Z 66 PC: 12b36 | Move file pointer (See above)
2018-12-25T11:54:09.977472085Z 64 PC: 12b8b | Write file or device (See above)
2018-12-25T11:54:09.986669189Z 66 PC: 12b9a | Move file pointer (See above)
2018-12-25T11:54:09.987813125Z 64 PC: 12bab | Write file or device (See above)
2018-12-25T11:54:09.99193881Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:54:09.997719827Z 79 PC: 12aba | Find next file (See above)
2018-12-25T11:54:10.000164093Z 67 PC: 12afd | Get or set file attributes (See above)
2018-12-25T11:54:10.012584797Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:54:10.019336838Z 63 PC: 12b17 | Read file or device (See above)
2018-12-25T11:54:10.025436789Z 66 PC: 12b36 | Move file pointer (See above)
2018-12-25T11:54:10.027767516Z 64 PC: 12b8b | Write file or device (See above)
2018-12-25T11:54:10.036428187Z 66 PC: 12b9a | Move file pointer (See above)
2018-12-25T11:54:10.037627055Z 64 PC: 12bab | Write file or device (See above)
2018-12-25T11:54:10.043911054Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:54:10.052258199Z 79 PC: 12aba | Find next file (See above)
2018-12-25T11:54:10.054703804Z 67 PC: 12afd | Get or set file attributes (See above)
2018-12-25T11:54:10.064097637Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:54:10.071449069Z 63 PC: 12b17 | Read file or device (See above)
2018-12-25T11:54:10.075296291Z 62 PC: 12ac2 | Close file
2018-12-25T11:54:10.076370909Z 79 PC: 12aba | Find next file (See above)
2018-12-25T11:54:10.078645479Z 42 PC: 12ac8 | Get date 0x12ac8: cmp cx, 0x7cb
0x12acc: jne 0x12adb
0x12ace: cmp dh, 5
0x12ad1: jne 0x12adb
0x12ad3: cmp dl, 9
0x12ad6: jne 0x12adb
0x12ad8: jmp 0x12bb7
0x12adb: push cs
0x12adc: pop es
0x12add: mov ax, 0xb900
0x12ae0: mov ds, ax
0x12ae2: mov si, 0
0x12ae5: xor di, di
0x12ae7: mov cx, 0x100
0x12aea: rep movsb byte ptr es:[di], byte ptr [si]
0x12aec: pop es
0x12aed: pop ds
0x12aee: mov ax, 0x100
0x12af1: push ax
0x12af2: ret

{"DateBased":true,"Day":1,"Month":1,"Year":1995,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5300,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:54:09.80182394Z 78 PC: 12ab2 | Find first file
2018-12-25T11:54:09.811848699Z 67 PC: 12afd | Get or set file attributes
2018-12-25T11:54:09.830375083Z 61 PC: 12b07 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:54:09.837681921Z 63 PC: 12b17 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:54:09.844852984Z 66 PC: 12b36 | Move file pointer
2018-12-25T11:54:09.848173937Z 64 PC: 12b8b | Write file or device (Write 1630 bytes on handle 5)
2018-12-25T11:54:09.856484011Z 66 PC: 12b9a | Move file pointer
2018-12-25T11:54:09.857784026Z 64 PC: 12bab | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:54:09.864835217Z 62 PC: 12bb4 | Close file
2018-12-25T11:54:09.873961334Z 79 PC: 12aba | Find next file
2018-12-25T11:54:09.876965224Z 67 PC: 12afd | Get or set file attributes (See above)
2018-12-25T11:54:09.89245596Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:54:09.900344937Z 63 PC: 12b17 | Read file or device (See above)
2018-12-25T11:54:09.907930091Z 66 PC: 12b36 | Move file pointer (See above)
2018-12-25T11:54:09.911267458Z 64 PC: 12b8b | Write file or device (See above)
2018-12-25T11:54:09.921715957Z 66 PC: 12b9a | Move file pointer (See above)
2018-12-25T11:54:09.923433491Z 64 PC: 12bab | Write file or device (See above)
2018-12-25T11:54:09.931502665Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:54:09.941291003Z 79 PC: 12aba | Find next file (See above)
2018-12-25T11:54:09.944683288Z 67 PC: 12afd | Get or set file attributes (See above)
2018-12-25T11:54:09.956476367Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:54:09.964664776Z 63 PC: 12b17 | Read file or device (See above)
2018-12-25T11:54:09.971981551Z 66 PC: 12b36 | Move file pointer (See above)
2018-12-25T11:54:09.975146534Z 64 PC: 12b8b | Write file or device (See above)
2018-12-25T11:54:09.985967445Z 66 PC: 12b9a | Move file pointer (See above)
2018-12-25T11:54:09.987878932Z 64 PC: 12bab | Write file or device (See above)
2018-12-25T11:54:10.002029534Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:54:10.012322371Z 79 PC: 12aba | Find next file (See above)
2018-12-25T11:54:10.016607923Z 67 PC: 12afd | Get or set file attributes (See above)
2018-12-25T11:54:10.027664931Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:54:10.035989371Z 63 PC: 12b17 | Read file or device (See above)
2018-12-25T11:54:10.043139519Z 66 PC: 12b36 | Move file pointer (See above)
2018-12-25T11:54:10.045886573Z 64 PC: 12b8b | Write file or device (See above)
2018-12-25T11:54:10.062525233Z 66 PC: 12b9a | Move file pointer (See above)
2018-12-25T11:54:10.06537153Z 64 PC: 12bab | Write file or device (See above)
2018-12-25T11:54:10.072905416Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:54:10.083197873Z 79 PC: 12aba | Find next file (See above)
2018-12-25T11:54:10.08619128Z 67 PC: 12afd | Get or set file attributes (See above)
2018-12-25T11:54:10.097635507Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:54:10.106162197Z 63 PC: 12b17 | Read file or device (See above)
2018-12-25T11:54:10.120192092Z 66 PC: 12b36 | Move file pointer (See above)
2018-12-25T11:54:10.123477069Z 64 PC: 12b8b | Write file or device (See above)
2018-12-25T11:54:10.133544761Z 66 PC: 12b9a | Move file pointer (See above)
2018-12-25T11:54:10.136617288Z 64 PC: 12bab | Write file or device (See above)
2018-12-25T11:54:10.144235918Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:54:10.154052622Z 79 PC: 12aba | Find next file (See above)
2018-12-25T11:54:10.158430744Z 67 PC: 12afd | Get or set file attributes (See above)
2018-12-25T11:54:10.16938225Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:54:10.176753928Z 63 PC: 12b17 | Read file or device (See above)
2018-12-25T11:54:10.184761582Z 66 PC: 12b36 | Move file pointer (See above)
2018-12-25T11:54:10.187798698Z 64 PC: 12b8b | Write file or device (See above)
2018-12-25T11:54:10.197672678Z 66 PC: 12b9a | Move file pointer (See above)
2018-12-25T11:54:10.200143322Z 64 PC: 12bab | Write file or device (See above)
2018-12-25T11:54:10.207697888Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:54:10.217512521Z 79 PC: 12aba | Find next file (See above)
2018-12-25T11:54:10.221072456Z 67 PC: 12afd | Get or set file attributes (See above)
2018-12-25T11:54:10.232482766Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:54:10.239630825Z 63 PC: 12b17 | Read file or device (See above)
2018-12-25T11:54:10.246740185Z 66 PC: 12b36 | Move file pointer (See above)
2018-12-25T11:54:10.249861042Z 64 PC: 12b8b | Write file or device (See above)
2018-12-25T11:54:10.259171265Z 66 PC: 12b9a | Move file pointer (See above)
2018-12-25T11:54:10.261825459Z 64 PC: 12bab | Write file or device (See above)
2018-12-25T11:54:10.269858021Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:54:10.27929744Z 79 PC: 12aba | Find next file (See above)
2018-12-25T11:54:10.283402031Z 67 PC: 12afd | Get or set file attributes (See above)
2018-12-25T11:54:10.295242065Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:54:10.302924313Z 63 PC: 12b17 | Read file or device (See above)
2018-12-25T11:54:10.30614189Z 62 PC: 12ac2 | Close file
2018-12-25T11:54:10.312371697Z 79 PC: 12aba | Find next file (See above)
2018-12-25T11:54:10.315679523Z 42 PC: 12ac8 | Get date 0x12ac8: cmp cx, 0x7cb
0x12acc: jne 0x12adb
0x12ace: cmp dh, 5
0x12ad1: jne 0x12adb
0x12ad3: cmp dl, 9
0x12ad6: jne 0x12adb
0x12ad8: jmp 0x12bb7
0x12adb: push cs
0x12adc: pop es
0x12add: mov ax, 0xb900
0x12ae0: mov ds, ax
0x12ae2: mov si, 0
0x12ae5: xor di, di
0x12ae7: mov cx, 0x100
0x12aea: rep movsb byte ptr es:[di], byte ptr [si]
0x12aec: pop es
0x12aed: pop ds
0x12aee: mov ax, 0x100
0x12af1: push ax
0x12af2: ret

{"DateBased":true,"Day":1,"Month":5,"Year":1995,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5300,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:54:09.694450252Z 78 PC: 12ab2 | Find first file
2018-12-25T11:54:09.700606561Z 67 PC: 12afd | Get or set file attributes
2018-12-25T11:54:09.712122555Z 61 PC: 12b07 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:54:09.719649205Z 63 PC: 12b17 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:54:09.724084118Z 66 PC: 12b36 | Move file pointer
2018-12-25T11:54:09.72609031Z 64 PC: 12b8b | Write file or device (Write 1630 bytes on handle 5)
2018-12-25T11:54:09.731482725Z 66 PC: 12b9a | Move file pointer
2018-12-25T11:54:09.73331142Z 64 PC: 12bab | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:54:09.73830818Z 62 PC: 12bb4 | Close file
2018-12-25T11:54:09.74605176Z 79 PC: 12aba | Find next file
2018-12-25T11:54:09.748861078Z 67 PC: 12afd | Get or set file attributes (See above)
2018-12-25T11:54:09.758324668Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:54:09.764674266Z 63 PC: 12b17 | Read file or device (See above)
2018-12-25T11:54:09.770985369Z 66 PC: 12b36 | Move file pointer (See above)
2018-12-25T11:54:09.77391277Z 64 PC: 12b8b | Write file or device (See above)
2018-12-25T11:54:09.78235278Z 66 PC: 12b9a | Move file pointer (See above)
2018-12-25T11:54:09.783607501Z 64 PC: 12bab | Write file or device (See above)
2018-12-25T11:54:09.790670788Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:54:09.799143515Z 79 PC: 12aba | Find next file (See above)
2018-12-25T11:54:09.801639364Z 67 PC: 12afd | Get or set file attributes (See above)
2018-12-25T11:54:09.811485116Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:54:09.817766874Z 63 PC: 12b17 | Read file or device (See above)
2018-12-25T11:54:09.823866884Z 66 PC: 12b36 | Move file pointer (See above)
2018-12-25T11:54:09.826699368Z 64 PC: 12b8b | Write file or device (See above)
2018-12-25T11:54:09.835435303Z 66 PC: 12b9a | Move file pointer (See above)
2018-12-25T11:54:09.836852807Z 64 PC: 12bab | Write file or device (See above)
2018-12-25T11:54:09.843743956Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:54:09.852327456Z 79 PC: 12aba | Find next file (See above)
2018-12-25T11:54:09.854828915Z 67 PC: 12afd | Get or set file attributes (See above)
2018-12-25T11:54:09.865119901Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:54:09.87151127Z 63 PC: 12b17 | Read file or device (See above)
2018-12-25T11:54:09.877932361Z 66 PC: 12b36 | Move file pointer (See above)
2018-12-25T11:54:09.881416606Z 64 PC: 12b8b | Write file or device (See above)
2018-12-25T11:54:09.890022371Z 66 PC: 12b9a | Move file pointer (See above)
2018-12-25T11:54:09.891782739Z 64 PC: 12bab | Write file or device (See above)
2018-12-25T11:54:09.899378285Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:54:09.907879393Z 79 PC: 12aba | Find next file (See above)
2018-12-25T11:54:09.910752079Z 67 PC: 12afd | Get or set file attributes (See above)
2018-12-25T11:54:09.918383514Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:54:09.924805215Z 63 PC: 12b17 | Read file or device (See above)
2018-12-25T11:54:09.931087815Z 66 PC: 12b36 | Move file pointer (See above)
2018-12-25T11:54:09.933421199Z 64 PC: 12b8b | Write file or device (See above)
2018-12-25T11:54:09.942055685Z 66 PC: 12b9a | Move file pointer (See above)
2018-12-25T11:54:09.943367775Z 64 PC: 12bab | Write file or device (See above)
2018-12-25T11:54:09.950359161Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:54:09.958297193Z 79 PC: 12aba | Find next file (See above)
2018-12-25T11:54:09.960710965Z 67 PC: 12afd | Get or set file attributes (See above)
2018-12-25T11:54:09.970210168Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:54:09.97735377Z 63 PC: 12b17 | Read file or device (See above)
2018-12-25T11:54:09.983353939Z 66 PC: 12b36 | Move file pointer (See above)
2018-12-25T11:54:09.986512145Z 64 PC: 12b8b | Write file or device (See above)
2018-12-25T11:54:09.995630421Z 66 PC: 12b9a | Move file pointer (See above)
2018-12-25T11:54:09.996994414Z 64 PC: 12bab | Write file or device (See above)
2018-12-25T11:54:10.003186192Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:54:10.011424553Z 79 PC: 12aba | Find next file (See above)
2018-12-25T11:54:10.013799074Z 67 PC: 12afd | Get or set file attributes (See above)
2018-12-25T11:54:10.023035498Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:54:10.029664984Z 63 PC: 12b17 | Read file or device (See above)
2018-12-25T11:54:10.035655845Z 66 PC: 12b36 | Move file pointer (See above)
2018-12-25T11:54:10.037900371Z 64 PC: 12b8b | Write file or device (See above)
2018-12-25T11:54:10.046585994Z 66 PC: 12b9a | Move file pointer (See above)
2018-12-25T11:54:10.04810803Z 64 PC: 12bab | Write file or device (See above)
2018-12-25T11:54:10.054697098Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:54:10.062959433Z 79 PC: 12aba | Find next file (See above)
2018-12-25T11:54:10.065300145Z 67 PC: 12afd | Get or set file attributes (See above)
2018-12-25T11:54:10.074559764Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:54:10.08146019Z 63 PC: 12b17 | Read file or device (See above)
2018-12-25T11:54:10.087483114Z 62 PC: 12ac2 | Close file
2018-12-25T11:54:10.089061859Z 79 PC: 12aba | Find next file (See above)
2018-12-25T11:54:10.092282244Z 42 PC: 12ac8 | Get date 0x12ac8: cmp cx, 0x7cb
0x12acc: jne 0x12adb
0x12ace: cmp dh, 5
0x12ad1: jne 0x12adb
0x12ad3: cmp dl, 9
0x12ad6: jne 0x12adb
0x12ad8: jmp 0x12bb7
0x12adb: push cs
0x12adc: pop es
0x12add: mov ax, 0xb900
0x12ae0: mov ds, ax
0x12ae2: mov si, 0
0x12ae5: xor di, di
0x12ae7: mov cx, 0x100
0x12aea: rep movsb byte ptr es:[di], byte ptr [si]
0x12aec: pop es
0x12aed: pop ds
0x12aee: mov ax, 0x100
0x12af1: push ax
0x12af2: ret

{"DateBased":true,"Day":9,"Month":5,"Year":1995,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5300,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:54:09.814043877Z 78 PC: 12ab2 | Find first file
2018-12-25T11:54:09.824938338Z 67 PC: 12afd | Get or set file attributes
2018-12-25T11:54:09.841970755Z 61 PC: 12b07 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:54:09.849442559Z 63 PC: 12b17 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:54:09.864255115Z 66 PC: 12b36 | Move file pointer
2018-12-25T11:54:09.867937375Z 64 PC: 12b8b | Write file or device (Write 1630 bytes on handle 5)
2018-12-25T11:54:09.877739062Z 66 PC: 12b9a | Move file pointer
2018-12-25T11:54:09.879536714Z 64 PC: 12bab | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:54:09.896464178Z 62 PC: 12bb4 | Close file
2018-12-25T11:54:09.905287623Z 79 PC: 12aba | Find next file
2018-12-25T11:54:09.908595873Z 67 PC: 12afd | Get or set file attributes (See above)
2018-12-25T11:54:09.920499512Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:54:09.928174213Z 63 PC: 12b17 | Read file or device (See above)
2018-12-25T11:54:09.93602575Z 66 PC: 12b36 | Move file pointer (See above)
2018-12-25T11:54:09.939450353Z 64 PC: 12b8b | Write file or device (See above)
2018-12-25T11:54:09.9494692Z 66 PC: 12b9a | Move file pointer (See above)
2018-12-25T11:54:09.951401491Z 64 PC: 12bab | Write file or device (See above)
2018-12-25T11:54:09.960241713Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:54:09.969507768Z 79 PC: 12aba | Find next file (See above)
2018-12-25T11:54:09.974765223Z 67 PC: 12afd | Get or set file attributes (See above)
2018-12-25T11:54:09.985996462Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:54:09.993333464Z 63 PC: 12b17 | Read file or device (See above)
2018-12-25T11:54:10.000855593Z 66 PC: 12b36 | Move file pointer (See above)
2018-12-25T11:54:10.003850193Z 64 PC: 12b8b | Write file or device (See above)
2018-12-25T11:54:10.013970209Z 66 PC: 12b9a | Move file pointer (See above)
2018-12-25T11:54:10.015814599Z 64 PC: 12bab | Write file or device (See above)
2018-12-25T11:54:10.023336198Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:54:10.033372385Z 79 PC: 12aba | Find next file (See above)
2018-12-25T11:54:10.0365543Z 67 PC: 12afd | Get or set file attributes (See above)
2018-12-25T11:54:10.047692729Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:54:10.056081368Z 63 PC: 12b17 | Read file or device (See above)
2018-12-25T11:54:10.064286504Z 66 PC: 12b36 | Move file pointer (See above)
2018-12-25T11:54:10.067360285Z 64 PC: 12b8b | Write file or device (See above)
2018-12-25T11:54:10.079747109Z 66 PC: 12b9a | Move file pointer (See above)
2018-12-25T11:54:10.081402702Z 64 PC: 12bab | Write file or device (See above)
2018-12-25T11:54:10.088853004Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:54:10.099622925Z 79 PC: 12aba | Find next file (See above)
2018-12-25T11:54:10.102828129Z 67 PC: 12afd | Get or set file attributes (See above)
2018-12-25T11:54:10.11368084Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:54:10.121742332Z 63 PC: 12b17 | Read file or device (See above)
2018-12-25T11:54:10.129612242Z 66 PC: 12b36 | Move file pointer (See above)
2018-12-25T11:54:10.132849479Z 64 PC: 12b8b | Write file or device (See above)
2018-12-25T11:54:10.143155212Z 66 PC: 12b9a | Move file pointer (See above)
2018-12-25T11:54:10.146471732Z 64 PC: 12bab | Write file or device (See above)
2018-12-25T11:54:10.154219316Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:54:10.163637098Z 79 PC: 12aba | Find next file (See above)
2018-12-25T11:54:10.167806337Z 67 PC: 12afd | Get or set file attributes (See above)
2018-12-25T11:54:10.178986377Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:54:10.190486201Z 63 PC: 12b17 | Read file or device (See above)
2018-12-25T11:54:10.200449763Z 66 PC: 12b36 | Move file pointer (See above)
2018-12-25T11:54:10.203400537Z 64 PC: 12b8b | Write file or device (See above)
2018-12-25T11:54:10.213481101Z 66 PC: 12b9a | Move file pointer (See above)
2018-12-25T11:54:10.216382499Z 64 PC: 12bab | Write file or device (See above)
2018-12-25T11:54:10.223839805Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:54:10.233338876Z 79 PC: 12aba | Find next file (See above)
2018-12-25T11:54:10.236681342Z 67 PC: 12afd | Get or set file attributes (See above)
2018-12-25T11:54:10.24792416Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:54:10.256508053Z 63 PC: 12b17 | Read file or device (See above)
2018-12-25T11:54:10.264161857Z 66 PC: 12b36 | Move file pointer (See above)
2018-12-25T11:54:10.26848097Z 64 PC: 12b8b | Write file or device (See above)
2018-12-25T11:54:10.279290671Z 66 PC: 12b9a | Move file pointer (See above)
2018-12-25T11:54:10.280900391Z 64 PC: 12bab | Write file or device (See above)
2018-12-25T11:54:10.289501324Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:54:10.298701863Z 79 PC: 12aba | Find next file (See above)
2018-12-25T11:54:10.301683692Z 67 PC: 12afd | Get or set file attributes (See above)
2018-12-25T11:54:10.313397617Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:54:10.321748934Z 63 PC: 12b17 | Read file or device (See above)
2018-12-25T11:54:10.324927676Z 62 PC: 12ac2 | Close file
2018-12-25T11:54:10.328014281Z 79 PC: 12aba | Find next file (See above)
2018-12-25T11:54:10.330815831Z 42 PC: 12ac8 | Get date 0x12ac8: cmp cx, 0x7cb
0x12acc: jne 0x12adb
0x12ace: cmp dh, 5
0x12ad1: jne 0x12adb
0x12ad3: cmp dl, 9
0x12ad6: jne 0x12adb
0x12ad8: jmp 0x12bb7
0x12adb: push cs
0x12adc: pop es
0x12add: mov ax, 0xb900
0x12ae0: mov ds, ax
0x12ae2: mov si, 0
0x12ae5: xor di, di
0x12ae7: mov cx, 0x100
0x12aea: rep movsb byte ptr es:[di], byte ptr [si]
0x12aec: pop es
0x12aed: pop ds
0x12aee: mov ax, 0x100
0x12af1: push ax
0x12af2: ret
2018-12-25T11:54:10.334148975Z 1 PC: 12c7e | Character input

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5300,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:54:10.333762191Z 78 PC: 12ab2 | Find first file
2018-12-25T11:54:10.339998373Z 67 PC: 12afd | Get or set file attributes
2018-12-25T11:54:10.355877294Z 61 PC: 12b07 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:54:10.372879448Z 63 PC: 12b17 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:54:10.379805577Z 66 PC: 12b36 | Move file pointer
2018-12-25T11:54:10.382572444Z 64 PC: 12b8b | Write file or device (Write 1630 bytes on handle 5)
2018-12-25T11:54:10.391427Z 66 PC: 12b9a | Move file pointer
2018-12-25T11:54:10.393604338Z 64 PC: 12bab | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:54:10.400771281Z 62 PC: 12bb4 | Close file
2018-12-25T11:54:10.406120612Z 79 PC: 12aba | Find next file
2018-12-25T11:54:10.407884281Z 67 PC: 12afd | Get or set file attributes (See above)
2018-12-25T11:54:10.414059568Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:54:10.421007549Z 63 PC: 12b17 | Read file or device (See above)
2018-12-25T11:54:10.428082344Z 66 PC: 12b36 | Move file pointer (See above)
2018-12-25T11:54:10.438636808Z 64 PC: 12b8b | Write file or device (See above)
2018-12-25T11:54:10.451410133Z 66 PC: 12b9a | Move file pointer (See above)
2018-12-25T11:54:10.453059359Z 64 PC: 12bab | Write file or device (See above)
2018-12-25T11:54:10.466561931Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:54:10.474735159Z 79 PC: 12aba | Find next file (See above)
2018-12-25T11:54:10.477655144Z 67 PC: 12afd | Get or set file attributes (See above)
2018-12-25T11:54:10.487636854Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:54:10.494106179Z 63 PC: 12b17 | Read file or device (See above)
2018-12-25T11:54:10.500285158Z 66 PC: 12b36 | Move file pointer (See above)
2018-12-25T11:54:10.502882049Z 64 PC: 12b8b | Write file or device (See above)
2018-12-25T11:54:10.512146863Z 66 PC: 12b9a | Move file pointer (See above)
2018-12-25T11:54:10.513369509Z 64 PC: 12bab | Write file or device (See above)
2018-12-25T11:54:10.519821488Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:54:10.528374258Z 79 PC: 12aba | Find next file (See above)
2018-12-25T11:54:10.531430691Z 67 PC: 12afd | Get or set file attributes (See above)
2018-12-25T11:54:10.54119535Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:54:10.548389844Z 63 PC: 12b17 | Read file or device (See above)
2018-12-25T11:54:10.554776804Z 66 PC: 12b36 | Move file pointer (See above)
2018-12-25T11:54:10.557308945Z 64 PC: 12b8b | Write file or device (See above)
2018-12-25T11:54:10.566539359Z 66 PC: 12b9a | Move file pointer (See above)
2018-12-25T11:54:10.567917102Z 64 PC: 12bab | Write file or device (See above)
2018-12-25T11:54:10.574664035Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:54:10.582897088Z 79 PC: 12aba | Find next file (See above)
2018-12-25T11:54:10.585360759Z 67 PC: 12afd | Get or set file attributes (See above)
2018-12-25T11:54:10.59491103Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:54:10.601794477Z 63 PC: 12b17 | Read file or device (See above)
2018-12-25T11:54:10.608011793Z 66 PC: 12b36 | Move file pointer (See above)
2018-12-25T11:54:10.610419447Z 64 PC: 12b8b | Write file or device (See above)
2018-12-25T11:54:10.619664779Z 66 PC: 12b9a | Move file pointer (See above)
2018-12-25T11:54:10.620821392Z 64 PC: 12bab | Write file or device (See above)
2018-12-25T11:54:10.626872564Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:54:10.635574164Z 79 PC: 12aba | Find next file (See above)
2018-12-25T11:54:10.637930694Z 67 PC: 12afd | Get or set file attributes (See above)
2018-12-25T11:54:10.647312804Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:54:10.654254701Z 63 PC: 12b17 | Read file or device (See above)
2018-12-25T11:54:10.660343329Z 66 PC: 12b36 | Move file pointer (See above)
2018-12-25T11:54:10.662674478Z 64 PC: 12b8b | Write file or device (See above)
2018-12-25T11:54:10.67206312Z 66 PC: 12b9a | Move file pointer (See above)
2018-12-25T11:54:10.673316724Z 64 PC: 12bab | Write file or device (See above)
2018-12-25T11:54:10.686689429Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:54:10.694945721Z 79 PC: 12aba | Find next file (See above)
2018-12-25T11:54:10.69729971Z 67 PC: 12afd | Get or set file attributes (See above)
2018-12-25T11:54:10.707057324Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:54:10.71375609Z 63 PC: 12b17 | Read file or device (See above)
2018-12-25T11:54:10.720121014Z 66 PC: 12b36 | Move file pointer (See above)
2018-12-25T11:54:10.722413075Z 64 PC: 12b8b | Write file or device (See above)
2018-12-25T11:54:10.731109442Z 66 PC: 12b9a | Move file pointer (See above)
2018-12-25T11:54:10.732344985Z 64 PC: 12bab | Write file or device (See above)
2018-12-25T11:54:10.738534964Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:54:10.746596194Z 79 PC: 12aba | Find next file (See above)
2018-12-25T11:54:10.749029531Z 67 PC: 12afd | Get or set file attributes (See above)
2018-12-25T11:54:10.758269145Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:54:10.765207907Z 63 PC: 12b17 | Read file or device (See above)
2018-12-25T11:54:10.771654849Z 62 PC: 12ac2 | Close file
2018-12-25T11:54:10.773215639Z 79 PC: 12aba | Find next file (See above)
2018-12-25T11:54:10.775835617Z 42 PC: 12ac8 | Get date 0x12ac8: cmp cx, 0x7cb
0x12acc: jne 0x12adb
0x12ace: cmp dh, 5
0x12ad1: jne 0x12adb
0x12ad3: cmp dl, 9
0x12ad6: jne 0x12adb
0x12ad8: jmp 0x12bb7
0x12adb: push cs
0x12adc: pop es
0x12add: mov ax, 0xb900
0x12ae0: mov ds, ax
0x12ae2: mov si, 0
0x12ae5: xor di, di
0x12ae7: mov cx, 0x100
0x12aea: rep movsb byte ptr es:[di], byte ptr [si]
0x12aec: pop es
0x12aed: pop ds
0x12aee: mov ax, 0x100
0x12af1: push ax
0x12af2: ret

{"DateBased":true,"Day":1,"Month":1,"Year":1995,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5300,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:54:10.530298729Z 78 PC: 12ab2 | Find first file
2018-12-25T11:54:10.538605494Z 67 PC: 12afd | Get or set file attributes
2018-12-25T11:54:10.556060606Z 61 PC: 12b07 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:54:10.563732111Z 63 PC: 12b17 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:54:10.572204958Z 66 PC: 12b36 | Move file pointer
2018-12-25T11:54:10.575449516Z 64 PC: 12b8b | Write file or device (Write 1630 bytes on handle 5)
2018-12-25T11:54:10.58605632Z 66 PC: 12b9a | Move file pointer
2018-12-25T11:54:10.588620677Z 64 PC: 12bab | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:54:10.596210125Z 62 PC: 12bb4 | Close file
2018-12-25T11:54:10.605455003Z 79 PC: 12aba | Find next file
2018-12-25T11:54:10.608754271Z 67 PC: 12afd | Get or set file attributes (See above)
2018-12-25T11:54:10.619908878Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:54:10.627235711Z 63 PC: 12b17 | Read file or device (See above)
2018-12-25T11:54:10.634245507Z 66 PC: 12b36 | Move file pointer (See above)
2018-12-25T11:54:10.637309768Z 64 PC: 12b8b | Write file or device (See above)
2018-12-25T11:54:10.647189432Z 66 PC: 12b9a | Move file pointer (See above)
2018-12-25T11:54:10.648781329Z 64 PC: 12bab | Write file or device (See above)
2018-12-25T11:54:10.656753774Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:54:10.666190761Z 79 PC: 12aba | Find next file (See above)
2018-12-25T11:54:10.669576223Z 67 PC: 12afd | Get or set file attributes (See above)
2018-12-25T11:54:10.681800498Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:54:10.689530749Z 63 PC: 12b17 | Read file or device (See above)
2018-12-25T11:54:10.696685779Z 66 PC: 12b36 | Move file pointer (See above)
2018-12-25T11:54:10.700328328Z 64 PC: 12b8b | Write file or device (See above)
2018-12-25T11:54:10.711124208Z 66 PC: 12b9a | Move file pointer (See above)
2018-12-25T11:54:10.713322264Z 64 PC: 12bab | Write file or device (See above)
2018-12-25T11:54:10.757122138Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:54:10.768469245Z 79 PC: 12aba | Find next file (See above)
2018-12-25T11:54:10.771756738Z 67 PC: 12afd | Get or set file attributes (See above)
2018-12-25T11:54:10.783389537Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:54:10.7912088Z 63 PC: 12b17 | Read file or device (See above)
2018-12-25T11:54:10.807699571Z 66 PC: 12b36 | Move file pointer (See above)
2018-12-25T11:54:10.810638874Z 64 PC: 12b8b | Write file or device (See above)
2018-12-25T11:54:10.822134359Z 66 PC: 12b9a | Move file pointer (See above)
2018-12-25T11:54:10.823748622Z 64 PC: 12bab | Write file or device (See above)
2018-12-25T11:54:10.831977015Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:54:10.842360295Z 79 PC: 12aba | Find next file (See above)
2018-12-25T11:54:10.84548599Z 67 PC: 12afd | Get or set file attributes (See above)
2018-12-25T11:54:10.856579694Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:54:10.865268154Z 63 PC: 12b17 | Read file or device (See above)
2018-12-25T11:54:10.873044266Z 66 PC: 12b36 | Move file pointer (See above)
2018-12-25T11:54:10.876761971Z 64 PC: 12b8b | Write file or device (See above)
2018-12-25T11:54:10.889503338Z 66 PC: 12b9a | Move file pointer (See above)
2018-12-25T11:54:10.891510484Z 64 PC: 12bab | Write file or device (See above)
2018-12-25T11:54:10.899719846Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:54:10.909935625Z 79 PC: 12aba | Find next file (See above)
2018-12-25T11:54:10.913471328Z 67 PC: 12afd | Get or set file attributes (See above)
2018-12-25T11:54:10.923949749Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:54:10.931741406Z 63 PC: 12b17 | Read file or device (See above)
2018-12-25T11:54:10.940389962Z 66 PC: 12b36 | Move file pointer (See above)
2018-12-25T11:54:10.943609022Z 64 PC: 12b8b | Write file or device (See above)
2018-12-25T11:54:10.953679796Z 66 PC: 12b9a | Move file pointer (See above)
2018-12-25T11:54:10.95660509Z 64 PC: 12bab | Write file or device (See above)
2018-12-25T11:54:10.968326968Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:54:10.977926408Z 79 PC: 12aba | Find next file (See above)
2018-12-25T11:54:10.982847135Z 67 PC: 12afd | Get or set file attributes (See above)
2018-12-25T11:54:10.994071314Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:54:11.001950312Z 63 PC: 12b17 | Read file or device (See above)
2018-12-25T11:54:11.01043199Z 66 PC: 12b36 | Move file pointer (See above)
2018-12-25T11:54:11.013944233Z 64 PC: 12b8b | Write file or device (See above)
2018-12-25T11:54:11.024352288Z 66 PC: 12b9a | Move file pointer (See above)
2018-12-25T11:54:11.026433683Z 64 PC: 12bab | Write file or device (See above)
2018-12-25T11:54:11.034831613Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:54:11.044078113Z 79 PC: 12aba | Find next file (See above)
2018-12-25T11:54:11.047094099Z 67 PC: 12afd | Get or set file attributes (See above)
2018-12-25T11:54:11.058578536Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:54:11.066210539Z 63 PC: 12b17 | Read file or device (See above)
2018-12-25T11:54:11.069384524Z 62 PC: 12ac2 | Close file
2018-12-25T11:54:11.072474367Z 79 PC: 12aba | Find next file (See above)
2018-12-25T11:54:11.07571827Z 42 PC: 12ac8 | Get date 0x12ac8: cmp cx, 0x7cb
0x12acc: jne 0x12adb
0x12ace: cmp dh, 5
0x12ad1: jne 0x12adb
0x12ad3: cmp dl, 9
0x12ad6: jne 0x12adb
0x12ad8: jmp 0x12bb7
0x12adb: push cs
0x12adc: pop es
0x12add: mov ax, 0xb900
0x12ae0: mov ds, ax
0x12ae2: mov si, 0
0x12ae5: xor di, di
0x12ae7: mov cx, 0x100
0x12aea: rep movsb byte ptr es:[di], byte ptr [si]
0x12aec: pop es
0x12aed: pop ds
0x12aee: mov ax, 0x100
0x12af1: push ax
0x12af2: ret

{"DateBased":true,"Day":1,"Month":5,"Year":1995,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5300,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:54:10.554541296Z 78 PC: 12ab2 | Find first file
2018-12-25T11:54:10.561174951Z 67 PC: 12afd | Get or set file attributes
2018-12-25T11:54:10.575972458Z 61 PC: 12b07 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:54:10.58725973Z 63 PC: 12b17 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:54:10.594131065Z 66 PC: 12b36 | Move file pointer
2018-12-25T11:54:10.596423654Z 64 PC: 12b8b | Write file or device (Write 1630 bytes on handle 5)
2018-12-25T11:54:10.604663255Z 66 PC: 12b9a | Move file pointer
2018-12-25T11:54:10.60699383Z 64 PC: 12bab | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:54:10.61383977Z 62 PC: 12bb4 | Close file
2018-12-25T11:54:10.621709485Z 79 PC: 12aba | Find next file
2018-12-25T11:54:10.624908501Z 67 PC: 12afd | Get or set file attributes (See above)
2018-12-25T11:54:10.635487253Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:54:10.641853082Z 63 PC: 12b17 | Read file or device (See above)
2018-12-25T11:54:10.649016223Z 66 PC: 12b36 | Move file pointer (See above)
2018-12-25T11:54:10.651396156Z 64 PC: 12b8b | Write file or device (See above)
2018-12-25T11:54:10.659781246Z 66 PC: 12b9a | Move file pointer (See above)
2018-12-25T11:54:10.661809062Z 64 PC: 12bab | Write file or device (See above)
2018-12-25T11:54:10.668169524Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:54:10.675956988Z 79 PC: 12aba | Find next file (See above)
2018-12-25T11:54:10.678700932Z 67 PC: 12afd | Get or set file attributes (See above)
2018-12-25T11:54:10.690154683Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:54:10.696873874Z 63 PC: 12b17 | Read file or device (See above)
2018-12-25T11:54:10.703284151Z 66 PC: 12b36 | Move file pointer (See above)
2018-12-25T11:54:10.708813465Z 64 PC: 12b8b | Write file or device (See above)
2018-12-25T11:54:10.714496132Z 66 PC: 12b9a | Move file pointer (See above)
2018-12-25T11:54:10.715407682Z 64 PC: 12bab | Write file or device (See above)
2018-12-25T11:54:10.720437468Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:54:10.728383559Z 79 PC: 12aba | Find next file (See above)
2018-12-25T11:54:10.730961823Z 67 PC: 12afd | Get or set file attributes (See above)
2018-12-25T11:54:10.740751087Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:54:10.747767054Z 63 PC: 12b17 | Read file or device (See above)
2018-12-25T11:54:10.753766957Z 66 PC: 12b36 | Move file pointer (See above)
2018-12-25T11:54:10.75657296Z 64 PC: 12b8b | Write file or device (See above)
2018-12-25T11:54:10.764796625Z 66 PC: 12b9a | Move file pointer (See above)
2018-12-25T11:54:10.766173747Z 64 PC: 12bab | Write file or device (See above)
2018-12-25T11:54:10.773507699Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:54:10.782289764Z 79 PC: 12aba | Find next file (See above)
2018-12-25T11:54:10.784782713Z 67 PC: 12afd | Get or set file attributes (See above)
2018-12-25T11:54:10.79471554Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:54:10.801181552Z 63 PC: 12b17 | Read file or device (See above)
2018-12-25T11:54:10.807483294Z 66 PC: 12b36 | Move file pointer (See above)
2018-12-25T11:54:10.810558937Z 64 PC: 12b8b | Write file or device (See above)
2018-12-25T11:54:10.819010215Z 66 PC: 12b9a | Move file pointer (See above)
2018-12-25T11:54:10.820229691Z 64 PC: 12bab | Write file or device (See above)
2018-12-25T11:54:10.827224548Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:54:10.835202968Z 79 PC: 12aba | Find next file (See above)
2018-12-25T11:54:10.837740826Z 67 PC: 12afd | Get or set file attributes (See above)
2018-12-25T11:54:10.848916274Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:54:10.855393935Z 63 PC: 12b17 | Read file or device (See above)
2018-12-25T11:54:10.861461032Z 66 PC: 12b36 | Move file pointer (See above)
2018-12-25T11:54:10.864225795Z 64 PC: 12b8b | Write file or device (See above)
2018-12-25T11:54:10.872713953Z 66 PC: 12b9a | Move file pointer (See above)
2018-12-25T11:54:10.873927739Z 64 PC: 12bab | Write file or device (See above)
2018-12-25T11:54:10.880508437Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:54:10.88845521Z 79 PC: 12aba | Find next file (See above)
2018-12-25T11:54:10.890827761Z 67 PC: 12afd | Get or set file attributes (See above)
2018-12-25T11:54:10.900747361Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:54:10.907699016Z 63 PC: 12b17 | Read file or device (See above)
2018-12-25T11:54:10.913952087Z 66 PC: 12b36 | Move file pointer (See above)
2018-12-25T11:54:10.916682588Z 64 PC: 12b8b | Write file or device (See above)
2018-12-25T11:54:10.925054167Z 66 PC: 12b9a | Move file pointer (See above)
2018-12-25T11:54:10.926323553Z 64 PC: 12bab | Write file or device (See above)
2018-12-25T11:54:10.933134654Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:54:10.941018642Z 79 PC: 12aba | Find next file (See above)
2018-12-25T11:54:10.943362883Z 67 PC: 12afd | Get or set file attributes (See above)
2018-12-25T11:54:10.953557924Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:54:10.960043316Z 63 PC: 12b17 | Read file or device (See above)
2018-12-25T11:54:10.966556945Z 62 PC: 12ac2 | Close file
2018-12-25T11:54:10.968706864Z 79 PC: 12aba | Find next file (See above)
2018-12-25T11:54:10.970971796Z 42 PC: 12ac8 | Get date 0x12ac8: cmp cx, 0x7cb
0x12acc: jne 0x12adb
0x12ace: cmp dh, 5
0x12ad1: jne 0x12adb
0x12ad3: cmp dl, 9
0x12ad6: jne 0x12adb
0x12ad8: jmp 0x12bb7
0x12adb: push cs
0x12adc: pop es
0x12add: mov ax, 0xb900
0x12ae0: mov ds, ax
0x12ae2: mov si, 0
0x12ae5: xor di, di
0x12ae7: mov cx, 0x100
0x12aea: rep movsb byte ptr es:[di], byte ptr [si]
0x12aec: pop es
0x12aed: pop ds
0x12aee: mov ax, 0x100
0x12af1: push ax
0x12af2: ret

{"DateBased":true,"Day":9,"Month":5,"Year":1995,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5300,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:54:10.837094357Z 78 PC: 12ab2 | Find first file
2018-12-25T11:54:10.844030576Z 67 PC: 12afd | Get or set file attributes
2018-12-25T11:54:10.87009449Z 61 PC: 12b07 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:54:10.878691835Z 63 PC: 12b17 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:54:10.886177493Z 66 PC: 12b36 | Move file pointer
2018-12-25T11:54:10.890066525Z 64 PC: 12b8b | Write file or device (Write 1630 bytes on handle 5)
2018-12-25T11:54:10.900511849Z 66 PC: 12b9a | Move file pointer
2018-12-25T11:54:10.903526101Z 64 PC: 12bab | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:54:10.912149679Z 62 PC: 12bb4 | Close file
2018-12-25T11:54:10.921755343Z 79 PC: 12aba | Find next file
2018-12-25T11:54:10.925422459Z 67 PC: 12afd | Get or set file attributes (See above)
2018-12-25T11:54:10.937816172Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:54:10.945656389Z 63 PC: 12b17 | Read file or device (See above)
2018-12-25T11:54:10.95295394Z 66 PC: 12b36 | Move file pointer (See above)
2018-12-25T11:54:10.9570076Z 64 PC: 12b8b | Write file or device (See above)
2018-12-25T11:54:10.971047214Z 66 PC: 12b9a | Move file pointer (See above)
2018-12-25T11:54:10.97277649Z 64 PC: 12bab | Write file or device (See above)
2018-12-25T11:54:10.981017139Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:54:10.990714992Z 79 PC: 12aba | Find next file (See above)
2018-12-25T11:54:10.994403115Z 67 PC: 12afd | Get or set file attributes (See above)
2018-12-25T11:54:11.006096842Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:54:11.014702544Z 63 PC: 12b17 | Read file or device (See above)
2018-12-25T11:54:11.022147731Z 66 PC: 12b36 | Move file pointer (See above)
2018-12-25T11:54:11.025033618Z 64 PC: 12b8b | Write file or device (See above)
2018-12-25T11:54:11.035862756Z 66 PC: 12b9a | Move file pointer (See above)
2018-12-25T11:54:11.037641678Z 64 PC: 12bab | Write file or device (See above)
2018-12-25T11:54:11.045224693Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:54:11.054940898Z 79 PC: 12aba | Find next file (See above)
2018-12-25T11:54:11.05840557Z 67 PC: 12afd | Get or set file attributes (See above)
2018-12-25T11:54:11.070257324Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:54:11.080891695Z 63 PC: 12b17 | Read file or device (See above)
2018-12-25T11:54:11.088148962Z 66 PC: 12b36 | Move file pointer (See above)
2018-12-25T11:54:11.091026454Z 64 PC: 12b8b | Write file or device (See above)
2018-12-25T11:54:11.101753549Z 66 PC: 12b9a | Move file pointer (See above)
2018-12-25T11:54:11.103863981Z 64 PC: 12bab | Write file or device (See above)
2018-12-25T11:54:11.111923616Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:54:11.119010719Z 79 PC: 12aba | Find next file (See above)
2018-12-25T11:54:11.12223799Z 67 PC: 12afd | Get or set file attributes (See above)
2018-12-25T11:54:11.13186422Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:54:11.142248561Z 63 PC: 12b17 | Read file or device (See above)
2018-12-25T11:54:11.149537608Z 66 PC: 12b36 | Move file pointer (See above)
2018-12-25T11:54:11.157433753Z 64 PC: 12b8b | Write file or device (See above)
2018-12-25T11:54:11.168901344Z 66 PC: 12b9a | Move file pointer (See above)
2018-12-25T11:54:11.171744241Z 64 PC: 12bab | Write file or device (See above)
2018-12-25T11:54:11.17957351Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:54:11.201083129Z 79 PC: 12aba | Find next file (See above)
2018-12-25T11:54:11.205565028Z 67 PC: 12afd | Get or set file attributes (See above)
2018-12-25T11:54:11.21694193Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:54:11.225761003Z 63 PC: 12b17 | Read file or device (See above)
2018-12-25T11:54:11.234460003Z 66 PC: 12b36 | Move file pointer (See above)
2018-12-25T11:54:11.238297719Z 64 PC: 12b8b | Write file or device (See above)
2018-12-25T11:54:11.248739199Z 66 PC: 12b9a | Move file pointer (See above)
2018-12-25T11:54:11.251638686Z 64 PC: 12bab | Write file or device (See above)
2018-12-25T11:54:11.260150194Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:54:11.270361373Z 79 PC: 12aba | Find next file (See above)
2018-12-25T11:54:11.274150249Z 67 PC: 12afd | Get or set file attributes (See above)
2018-12-25T11:54:11.287112361Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:54:11.29599376Z 63 PC: 12b17 | Read file or device (See above)
2018-12-25T11:54:11.303720995Z 66 PC: 12b36 | Move file pointer (See above)
2018-12-25T11:54:11.308264091Z 64 PC: 12b8b | Write file or device (See above)
2018-12-25T11:54:11.318508739Z 66 PC: 12b9a | Move file pointer (See above)
2018-12-25T11:54:11.320647045Z 64 PC: 12bab | Write file or device (See above)
2018-12-25T11:54:11.329414133Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:54:11.33955339Z 79 PC: 12aba | Find next file (See above)
2018-12-25T11:54:11.343008802Z 67 PC: 12afd | Get or set file attributes (See above)
2018-12-25T11:54:11.355107043Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:54:11.364072935Z 63 PC: 12b17 | Read file or device (See above)
2018-12-25T11:54:11.367978139Z 62 PC: 12ac2 | Close file
2018-12-25T11:54:11.370566413Z 79 PC: 12aba | Find next file (See above)
2018-12-25T11:54:11.374507435Z 42 PC: 12ac8 | Get date 0x12ac8: cmp cx, 0x7cb
0x12acc: jne 0x12adb
0x12ace: cmp dh, 5
0x12ad1: jne 0x12adb
0x12ad3: cmp dl, 9
0x12ad6: jne 0x12adb
0x12ad8: jmp 0x12bb7
0x12adb: push cs
0x12adc: pop es
0x12add: mov ax, 0xb900
0x12ae0: mov ds, ax
0x12ae2: mov si, 0
0x12ae5: xor di, di
0x12ae7: mov cx, 0x100
0x12aea: rep movsb byte ptr es:[di], byte ptr [si]
0x12aec: pop es
0x12aed: pop ds
0x12aee: mov ax, 0x100
0x12af1: push ax
0x12af2: ret
2018-12-25T11:54:11.378108742Z 1 PC: 12c7e | Character input