Sample viewer

vx.netlux.org/Virus.DOS.Vesna.1000.a

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:33:52.002097629Z 48 PC: 12b57 | Get DOS version
2018-12-17T22:33:52.013482862Z 47 PC: 12b63 | Get disk transfer address
2018-12-17T22:33:52.014678908Z 26 PC: 12b71 | Set disk transfer address
2018-12-17T22:33:52.015897467Z 78 PC: 12c3f | Find first file
2018-12-17T22:33:52.022692596Z 47 PC: 12c48 | Get disk transfer address
2018-12-17T22:33:52.023883029Z 67 PC: 12ba9 | Get or set file attributes
2018-12-17T22:33:52.029300089Z 67 PC: 12bb5 | Get or set file attributes
2018-12-17T22:33:52.044531264Z 61 PC: 12bba | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:33:52.051934432Z 87 PC: 12bc1 | Get or set file date and time
2018-12-17T22:33:52.054115289Z 63 PC: 12bd5 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:33:52.060518041Z 66 PC: 12bf1 | Move file pointer
2018-12-17T22:33:52.062134669Z 64 PC: 12bfa | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:33:52.064724156Z 66 PC: 12c06 | Move file pointer
2018-12-17T22:33:52.066085436Z 64 PC: 12c12 | Write file or device (Write 1000 bytes on handle 5)
2018-12-17T22:33:52.075095703Z 87 PC: 12c1f | Get or set file date and time
2018-12-17T22:33:52.076666508Z 62 PC: 12c23 | Close file
2018-12-17T22:33:52.084264939Z 67 PC: 12c33 | Get or set file attributes
2018-12-17T22:33:52.095286057Z 79 PC: 12c5e | Find next file
2018-12-17T22:33:52.098046291Z 67 PC: 12ba9 | Get or set file attributes
2018-12-17T22:33:52.103801587Z 67 PC: 12bb5 | Get or set file attributes
2018-12-17T22:33:52.11384427Z 61 PC: 12bba | Open file (Filename = 'PRINT.COM')
2018-12-17T22:33:52.124911908Z 87 PC: 12bc1 | Get or set file date and time
2018-12-17T22:33:52.125963674Z 63 PC: 12bd5 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:33:52.133547041Z 66 PC: 12bf1 | Move file pointer
2018-12-17T22:33:52.134934369Z 64 PC: 12bfa | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:33:52.136772814Z 66 PC: 12c06 | Move file pointer
2018-12-17T22:33:52.138363285Z 64 PC: 12c12 | Write file or device (Write 1000 bytes on handle 5)
2018-12-17T22:33:52.144711233Z 87 PC: 12c1f | Get or set file date and time
2018-12-17T22:33:52.147249865Z 62 PC: 12c23 | Close file
2018-12-17T22:33:52.152669193Z 67 PC: 12c33 | Get or set file attributes
2018-12-17T22:33:52.159252971Z 79 PC: 12c5e | Find next file
2018-12-17T22:33:52.162265319Z 67 PC: 12ba9 | Get or set file attributes
2018-12-17T22:33:52.166177715Z 67 PC: 12bb5 | Get or set file attributes
2018-12-17T22:33:52.174361992Z 61 PC: 12bba | Open file (Filename = 'HELLO.COM')
2018-12-17T22:33:52.184118808Z 87 PC: 12bc1 | Get or set file date and time
2018-12-17T22:33:52.185314544Z 63 PC: 12bd5 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:33:52.191139678Z 66 PC: 12bf1 | Move file pointer
2018-12-17T22:33:52.192890326Z 64 PC: 12bfa | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:33:52.195278872Z 66 PC: 12c06 | Move file pointer
2018-12-17T22:33:52.196396329Z 64 PC: 12c12 | Write file or device (Write 1000 bytes on handle 5)
2018-12-17T22:33:52.205457245Z 87 PC: 12c1f | Get or set file date and time
2018-12-17T22:33:52.207366839Z 62 PC: 12c23 | Close file
2018-12-17T22:33:52.215436619Z 67 PC: 12c33 | Get or set file attributes
2018-12-17T22:33:52.225114438Z 79 PC: 12c5e | Find next file
2018-12-17T22:33:52.229829319Z 67 PC: 12ba9 | Get or set file attributes
2018-12-17T22:33:52.2360439Z 67 PC: 12bb5 | Get or set file attributes
2018-12-17T22:33:52.246350246Z 61 PC: 12bba | Open file (Filename = 'PHANG.COM')
2018-12-17T22:33:52.257672627Z 87 PC: 12bc1 | Get or set file date and time
2018-12-17T22:33:52.259044112Z 63 PC: 12bd5 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:33:52.2656618Z 66 PC: 12bf1 | Move file pointer
2018-12-17T22:33:52.267957393Z 64 PC: 12bfa | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:33:52.270607681Z 66 PC: 12c06 | Move file pointer
2018-12-17T22:33:52.273341235Z 64 PC: 12c12 | Write file or device (Write 1000 bytes on handle 5)
2018-12-17T22:33:52.281748087Z 87 PC: 12c1f | Get or set file date and time
2018-12-17T22:33:52.283188164Z 62 PC: 12c23 | Close file
2018-12-17T22:33:52.291116531Z 67 PC: 12c33 | Get or set file attributes
2018-12-17T22:33:52.300603765Z 79 PC: 12c5e | Find next file
2018-12-17T22:33:52.303411074Z 67 PC: 12ba9 | Get or set file attributes
2018-12-17T22:33:52.309857239Z 67 PC: 12bb5 | Get or set file attributes
2018-12-17T22:33:52.316679686Z 61 PC: 12bba | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:33:52.323820322Z 87 PC: 12bc1 | Get or set file date and time
2018-12-17T22:33:52.325744398Z 63 PC: 12bd5 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:33:52.329971997Z 66 PC: 12bf1 | Move file pointer
2018-12-17T22:33:52.331759912Z 64 PC: 12bfa | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:33:52.335694774Z 66 PC: 12c06 | Move file pointer
2018-12-17T22:33:52.337722773Z 64 PC: 12c12 | Write file or device (Write 1000 bytes on handle 5)
2018-12-17T22:33:52.34711909Z 87 PC: 12c1f | Get or set file date and time
2018-12-17T22:33:52.349302478Z 62 PC: 12c23 | Close file
2018-12-17T22:33:52.356859629Z 67 PC: 12c33 | Get or set file attributes
2018-12-17T22:33:52.366509984Z 79 PC: 12c5e | Find next file
2018-12-17T22:33:52.369533308Z 67 PC: 12ba9 | Get or set file attributes
2018-12-17T22:33:52.37543213Z 67 PC: 12bb5 | Get or set file attributes
2018-12-17T22:33:52.385650832Z 61 PC: 12bba | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:33:52.399245377Z 87 PC: 12bc1 | Get or set file date and time
2018-12-17T22:33:52.400619114Z 63 PC: 12bd5 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:33:52.407168031Z 66 PC: 12bf1 | Move file pointer
2018-12-17T22:33:52.409214604Z 64 PC: 12bfa | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:33:52.411766191Z 66 PC: 12c06 | Move file pointer
2018-12-17T22:33:52.413152177Z 64 PC: 12c12 | Write file or device (Write 1000 bytes on handle 5)
2018-12-17T22:33:52.421983405Z 87 PC: 12c1f | Get or set file date and time
2018-12-17T22:33:52.423559414Z 62 PC: 12c23 | Close file
2018-12-17T22:33:52.431017653Z 67 PC: 12c33 | Get or set file attributes
2018-12-17T22:33:52.440726043Z 79 PC: 12c5e | Find next file
2018-12-17T22:33:52.459596521Z 67 PC: 12ba9 | Get or set file attributes
2018-12-17T22:33:52.466981744Z 67 PC: 12bb5 | Get or set file attributes
2018-12-17T22:33:52.477210633Z 61 PC: 12bba | Open file (Filename = 'PAH.COM')
2018-12-17T22:33:52.484320811Z 87 PC: 12bc1 | Get or set file date and time
2018-12-17T22:33:52.485726041Z 63 PC: 12bd5 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:33:52.492136254Z 66 PC: 12bf1 | Move file pointer
2018-12-17T22:33:52.494418351Z 64 PC: 12bfa | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:33:52.497198379Z 66 PC: 12c06 | Move file pointer
2018-12-17T22:33:52.498780031Z 64 PC: 12c12 | Write file or device (Write 1000 bytes on handle 5)
2018-12-17T22:33:52.507422874Z 87 PC: 12c1f | Get or set file date and time
2018-12-17T22:33:52.509175089Z 62 PC: 12c23 | Close file
2018-12-17T22:33:52.516913333Z 67 PC: 12c33 | Get or set file attributes
2018-12-17T22:33:52.527670134Z 79 PC: 12c5e | Find next file
2018-12-17T22:33:52.530175425Z 78 PC: 12ced | Find first file
2018-12-17T22:33:52.53623955Z 78 PC: 12ced | Find first file
2018-12-17T22:33:52.54198981Z 42 PC: 12c6f | Get date 0x12c6f: mov bl, al
0x12c71: cmp bl, 5
0x12c74: jne 0x12c7e
0x12c76: cmp dl, 0xd
0x12c79: je 0x12c8c
0x12c7b: jmp 0x12c86
0x12c7d: nop
0x12c7e: cmp bl, 0
0x12c81: jne 0x12c86
0x12c83: jmp 0x12c95
0x12c85: nop
0x12c86: call 0x12c9f
0x12c89: pop bx
0x12c8a: jmp bx
0x12c8c: call 0x12e3f
0x12c8f: call 0x12c9f
0x12c92: pop bx
0x12c93: int 0x20
0x12c95: call 0x12d7c
0x12c98: jmp 0x12c86
2018-12-17T22:33:52.544085633Z 78 PC: 12d36 | Find first file
2018-12-17T22:33:52.549413634Z 26 PC: 12b8e | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6060,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:58:19.776539702Z 48 PC: 12b57 | Get DOS version
2018-12-25T11:58:19.778169596Z 47 PC: 12b63 | Get disk transfer address
2018-12-25T11:58:19.780939272Z 26 PC: 12b71 | Set disk transfer address
2018-12-25T11:58:19.782326922Z 78 PC: 12c3f | Find first file
2018-12-25T11:58:19.789328715Z 47 PC: 12c48 | Get disk transfer address
2018-12-25T11:58:19.791635625Z 67 PC: 12ba9 | Get or set file attributes
2018-12-25T11:58:19.799007517Z 67 PC: 12bb5 | Get or set file attributes
2018-12-25T11:58:19.816862429Z 61 PC: 12bba | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:58:19.824894118Z 87 PC: 12bc1 | Get or set file date and time
2018-12-25T11:58:19.827778233Z 63 PC: 12bd5 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:58:19.835118077Z 66 PC: 12bf1 | Move file pointer
2018-12-25T11:58:19.836701262Z 64 PC: 12bfa | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:58:19.841120195Z 66 PC: 12c06 | Move file pointer
2018-12-25T11:58:19.842941944Z 64 PC: 12c12 | Write file or device (Write 1000 bytes on handle 5)
2018-12-25T11:58:19.853403543Z 87 PC: 12c1f | Get or set file date and time
2018-12-25T11:58:19.856628Z 62 PC: 12c23 | Close file
2018-12-25T11:58:19.866714936Z 67 PC: 12c33 | Get or set file attributes
2018-12-25T11:58:19.877947037Z 79 PC: 12c5e | Find next file
2018-12-25T11:58:19.881646115Z 67 PC: 12ba9 | Get or set file attributes (See above)
2018-12-25T11:58:19.888070286Z 67 PC: 12bb5 | Get or set file attributes (See above)
2018-12-25T11:58:19.899615277Z 61 PC: 12bba | Open file (See above)
2018-12-25T11:58:19.903990492Z 87 PC: 12bc1 | Get or set file date and time (See above)
2018-12-25T11:58:19.90558221Z 63 PC: 12bd5 | Read file or device (See above)
2018-12-25T11:58:19.910371575Z 66 PC: 12bf1 | Move file pointer (See above)
2018-12-25T11:58:19.912222371Z 64 PC: 12bfa | Write file or device (See above)
2018-12-25T11:58:19.920671095Z 66 PC: 12c06 | Move file pointer (See above)
2018-12-25T11:58:19.922290764Z 64 PC: 12c12 | Write file or device (See above)
2018-12-25T11:58:19.93179791Z 87 PC: 12c1f | Get or set file date and time (See above)
2018-12-25T11:58:19.934561305Z 62 PC: 12c23 | Close file (See above)
2018-12-25T11:58:19.943708428Z 67 PC: 12c33 | Get or set file attributes (See above)
2018-12-25T11:58:19.954866872Z 79 PC: 12c5e | Find next file (See above)
2018-12-25T11:58:19.958352634Z 67 PC: 12ba9 | Get or set file attributes (See above)
2018-12-25T11:58:19.964751902Z 67 PC: 12bb5 | Get or set file attributes (See above)
2018-12-25T11:58:19.975565075Z 61 PC: 12bba | Open file (See above)
2018-12-25T11:58:19.984005721Z 87 PC: 12bc1 | Get or set file date and time (See above)
2018-12-25T11:58:19.985714718Z 63 PC: 12bd5 | Read file or device (See above)
2018-12-25T11:58:19.992977512Z 66 PC: 12bf1 | Move file pointer (See above)
2018-12-25T11:58:19.996155123Z 64 PC: 12bfa | Write file or device (See above)
2018-12-25T11:58:19.999474249Z 66 PC: 12c06 | Move file pointer (See above)
2018-12-25T11:58:20.001292498Z 64 PC: 12c12 | Write file or device (See above)
2018-12-25T11:58:20.011446839Z 87 PC: 12c1f | Get or set file date and time (See above)
2018-12-25T11:58:20.013952906Z 62 PC: 12c23 | Close file (See above)
2018-12-25T11:58:20.022914115Z 67 PC: 12c33 | Get or set file attributes (See above)
2018-12-25T11:58:20.03416052Z 79 PC: 12c5e | Find next file (See above)
2018-12-25T11:58:20.038553857Z 67 PC: 12ba9 | Get or set file attributes (See above)
2018-12-25T11:58:20.045211398Z 67 PC: 12bb5 | Get or set file attributes (See above)
2018-12-25T11:58:20.056358628Z 61 PC: 12bba | Open file (See above)
2018-12-25T11:58:20.071037365Z 87 PC: 12bc1 | Get or set file date and time (See above)
2018-12-25T11:58:20.0731441Z 63 PC: 12bd5 | Read file or device (See above)
2018-12-25T11:58:20.080039043Z 66 PC: 12bf1 | Move file pointer (See above)
2018-12-25T11:58:20.082312196Z 64 PC: 12bfa | Write file or device (See above)
2018-12-25T11:58:20.085439782Z 66 PC: 12c06 | Move file pointer (See above)
2018-12-25T11:58:20.087050654Z 64 PC: 12c12 | Write file or device (See above)
2018-12-25T11:58:20.096390921Z 87 PC: 12c1f | Get or set file date and time (See above)
2018-12-25T11:58:20.098324981Z 62 PC: 12c23 | Close file (See above)
2018-12-25T11:58:20.106767581Z 67 PC: 12c33 | Get or set file attributes (See above)
2018-12-25T11:58:20.117429312Z 79 PC: 12c5e | Find next file (See above)
2018-12-25T11:58:20.121119037Z 67 PC: 12ba9 | Get or set file attributes (See above)
2018-12-25T11:58:20.127414711Z 67 PC: 12bb5 | Get or set file attributes (See above)
2018-12-25T11:58:20.138930614Z 61 PC: 12bba | Open file (See above)
2018-12-25T11:58:20.147141528Z 87 PC: 12bc1 | Get or set file date and time (See above)
2018-12-25T11:58:20.148787292Z 63 PC: 12bd5 | Read file or device (See above)
2018-12-25T11:58:20.15610953Z 66 PC: 12bf1 | Move file pointer (See above)
2018-12-25T11:58:20.158621294Z 64 PC: 12bfa | Write file or device (See above)
2018-12-25T11:58:20.161978518Z 66 PC: 12c06 | Move file pointer (See above)
2018-12-25T11:58:20.163619392Z 64 PC: 12c12 | Write file or device (See above)
2018-12-25T11:58:20.173963261Z 87 PC: 12c1f | Get or set file date and time (See above)
2018-12-25T11:58:20.176068271Z 62 PC: 12c23 | Close file (See above)
2018-12-25T11:58:20.18463463Z 67 PC: 12c33 | Get or set file attributes (See above)
2018-12-25T11:58:20.198213433Z 79 PC: 12c5e | Find next file (See above)
2018-12-25T11:58:20.202363131Z 67 PC: 12ba9 | Get or set file attributes (See above)
2018-12-25T11:58:20.208830453Z 67 PC: 12bb5 | Get or set file attributes (See above)
2018-12-25T11:58:20.22006654Z 61 PC: 12bba | Open file (See above)
2018-12-25T11:58:20.22825339Z 87 PC: 12bc1 | Get or set file date and time (See above)
2018-12-25T11:58:20.230175206Z 63 PC: 12bd5 | Read file or device (See above)
2018-12-25T11:58:20.237463509Z 66 PC: 12bf1 | Move file pointer (See above)
2018-12-25T11:58:20.240406404Z 64 PC: 12bfa | Write file or device (See above)
2018-12-25T11:58:20.243678186Z 66 PC: 12c06 | Move file pointer (See above)
2018-12-25T11:58:20.245591783Z 64 PC: 12c12 | Write file or device (See above)
2018-12-25T11:58:20.256098919Z 87 PC: 12c1f | Get or set file date and time (See above)
2018-12-25T11:58:20.258443435Z 62 PC: 12c23 | Close file (See above)
2018-12-25T11:58:20.267358209Z 67 PC: 12c33 | Get or set file attributes (See above)
2018-12-25T11:58:20.279352907Z 79 PC: 12c5e | Find next file (See above)
2018-12-25T11:58:20.282341243Z 67 PC: 12ba9 | Get or set file attributes (See above)
2018-12-25T11:58:20.288545761Z 67 PC: 12bb5 | Get or set file attributes (See above)
2018-12-25T11:58:20.299359598Z 61 PC: 12bba | Open file (See above)
2018-12-25T11:58:20.307932047Z 87 PC: 12bc1 | Get or set file date and time (See above)
2018-12-25T11:58:20.309905815Z 63 PC: 12bd5 | Read file or device (See above)
2018-12-25T11:58:20.317317405Z 66 PC: 12bf1 | Move file pointer (See above)
2018-12-25T11:58:20.319891012Z 64 PC: 12bfa | Write file or device (See above)
2018-12-25T11:58:20.323199844Z 66 PC: 12c06 | Move file pointer (See above)
2018-12-25T11:58:20.325129923Z 64 PC: 12c12 | Write file or device (See above)
2018-12-25T11:58:20.335545021Z 87 PC: 12c1f | Get or set file date and time (See above)
2018-12-25T11:58:20.337603628Z 62 PC: 12c23 | Close file (See above)
2018-12-25T11:58:20.346536684Z 67 PC: 12c33 | Get or set file attributes (See above)
2018-12-25T11:58:20.358472701Z 79 PC: 12c5e | Find next file (See above)
2018-12-25T11:58:20.361531076Z 78 PC: 12ced | Find first file
2018-12-25T11:58:20.368166067Z 78 PC: 12ced | Find first file (See above)
2018-12-25T11:58:20.375382192Z 42 PC: 12c6f | Get date 0x12c6f: mov bl, al
0x12c71: cmp bl, 5
0x12c74: jne 0x12c7e
0x12c76: cmp dl, 0xd
0x12c79: je 0x12c8c
0x12c7b: jmp 0x12c86
0x12c7d: nop
0x12c7e: cmp bl, 0
0x12c81: jne 0x12c86
0x12c83: jmp 0x12c95
0x12c85: nop
0x12c86: call 0x12c9f
0x12c89: pop bx
0x12c8a: jmp bx
0x12c8c: call 0x12e3f
0x12c8f: call 0x12c9f
0x12c92: pop bx
0x12c93: int 0x20
0x12c95: call 0x12d7c
0x12c98: jmp 0x12c86
2018-12-25T11:58:20.378084068Z 78 PC: 12d36 | Find first file
2018-12-25T11:58:20.390508128Z 26 PC: 12b8e | Set disk transfer address

{"DateBased":true,"Day":4,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6060,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:58:21.349500694Z 48 PC: 12b57 | Get DOS version
2018-12-25T11:58:21.351739988Z 47 PC: 12b63 | Get disk transfer address
2018-12-25T11:58:21.352990513Z 26 PC: 12b71 | Set disk transfer address
2018-12-25T11:58:21.354435273Z 78 PC: 12c3f | Find first file
2018-12-25T11:58:21.361488564Z 47 PC: 12c48 | Get disk transfer address
2018-12-25T11:58:21.363990817Z 67 PC: 12ba9 | Get or set file attributes
2018-12-25T11:58:21.372611843Z 67 PC: 12bb5 | Get or set file attributes
2018-12-25T11:58:21.390629413Z 61 PC: 12bba | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:58:21.399052902Z 87 PC: 12bc1 | Get or set file date and time
2018-12-25T11:58:21.400589628Z 63 PC: 12bd5 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:58:21.408375194Z 66 PC: 12bf1 | Move file pointer
2018-12-25T11:58:21.410694754Z 64 PC: 12bfa | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:58:21.41386839Z 66 PC: 12c06 | Move file pointer
2018-12-25T11:58:21.415733573Z 64 PC: 12c12 | Write file or device (Write 1000 bytes on handle 5)
2018-12-25T11:58:21.427394418Z 87 PC: 12c1f | Get or set file date and time
2018-12-25T11:58:21.429230658Z 62 PC: 12c23 | Close file
2018-12-25T11:58:21.438459905Z 67 PC: 12c33 | Get or set file attributes
2018-12-25T11:58:21.450712851Z 79 PC: 12c5e | Find next file
2018-12-25T11:58:21.456158972Z 67 PC: 12ba9 | Get or set file attributes (See above)
2018-12-25T11:58:21.462898346Z 67 PC: 12bb5 | Get or set file attributes (See above)
2018-12-25T11:58:21.476358527Z 61 PC: 12bba | Open file (See above)
2018-12-25T11:58:21.493638738Z 87 PC: 12bc1 | Get or set file date and time (See above)
2018-12-25T11:58:21.495353176Z 63 PC: 12bd5 | Read file or device (See above)
2018-12-25T11:58:21.509284804Z 66 PC: 12bf1 | Move file pointer (See above)
2018-12-25T11:58:21.511530148Z 64 PC: 12bfa | Write file or device (See above)
2018-12-25T11:58:21.514559132Z 66 PC: 12c06 | Move file pointer (See above)
2018-12-25T11:58:21.516206091Z 64 PC: 12c12 | Write file or device (See above)
2018-12-25T11:58:21.526967321Z 87 PC: 12c1f | Get or set file date and time (See above)
2018-12-25T11:58:21.528811594Z 62 PC: 12c23 | Close file (See above)
2018-12-25T11:58:21.537511953Z 67 PC: 12c33 | Get or set file attributes (See above)
2018-12-25T11:58:21.550703629Z 79 PC: 12c5e | Find next file (See above)
2018-12-25T11:58:21.554226585Z 67 PC: 12ba9 | Get or set file attributes (See above)
2018-12-25T11:58:21.561052633Z 67 PC: 12bb5 | Get or set file attributes (See above)
2018-12-25T11:58:21.573595201Z 61 PC: 12bba | Open file (See above)
2018-12-25T11:58:21.581199923Z 87 PC: 12bc1 | Get or set file date and time (See above)
2018-12-25T11:58:21.582870596Z 63 PC: 12bd5 | Read file or device (See above)
2018-12-25T11:58:21.591345521Z 66 PC: 12bf1 | Move file pointer (See above)
2018-12-25T11:58:21.593832706Z 64 PC: 12bfa | Write file or device (See above)
2018-12-25T11:58:21.596832288Z 66 PC: 12c06 | Move file pointer (See above)
2018-12-25T11:58:21.598645982Z 64 PC: 12c12 | Write file or device (See above)
2018-12-25T11:58:21.608691914Z 87 PC: 12c1f | Get or set file date and time (See above)
2018-12-25T11:58:21.61048873Z 62 PC: 12c23 | Close file (See above)
2018-12-25T11:58:21.619917672Z 67 PC: 12c33 | Get or set file attributes (See above)
2018-12-25T11:58:21.629974176Z 79 PC: 12c5e | Find next file (See above)
2018-12-25T11:58:21.632196307Z 67 PC: 12ba9 | Get or set file attributes (See above)
2018-12-25T11:58:21.636569836Z 67 PC: 12bb5 | Get or set file attributes (See above)
2018-12-25T11:58:21.643272974Z 61 PC: 12bba | Open file (See above)
2018-12-25T11:58:21.650734074Z 87 PC: 12bc1 | Get or set file date and time (See above)
2018-12-25T11:58:21.652157326Z 63 PC: 12bd5 | Read file or device (See above)
2018-12-25T11:58:21.660483072Z 66 PC: 12bf1 | Move file pointer (See above)
2018-12-25T11:58:21.661929636Z 64 PC: 12bfa | Write file or device (See above)
2018-12-25T11:58:21.664958628Z 66 PC: 12c06 | Move file pointer (See above)
2018-12-25T11:58:21.666973543Z 64 PC: 12c12 | Write file or device (See above)
2018-12-25T11:58:21.676776634Z 87 PC: 12c1f | Get or set file date and time (See above)
2018-12-25T11:58:21.678530893Z 62 PC: 12c23 | Close file (See above)
2018-12-25T11:58:21.688757875Z 67 PC: 12c33 | Get or set file attributes (See above)
2018-12-25T11:58:21.700300239Z 79 PC: 12c5e | Find next file (See above)
2018-12-25T11:58:21.703900025Z 67 PC: 12ba9 | Get or set file attributes (See above)
2018-12-25T11:58:21.710943001Z 67 PC: 12bb5 | Get or set file attributes (See above)
2018-12-25T11:58:21.722294727Z 61 PC: 12bba | Open file (See above)
2018-12-25T11:58:21.729879313Z 87 PC: 12bc1 | Get or set file date and time (See above)
2018-12-25T11:58:21.731444767Z 63 PC: 12bd5 | Read file or device (See above)
2018-12-25T11:58:21.739480551Z 66 PC: 12bf1 | Move file pointer (See above)
2018-12-25T11:58:21.740871571Z 64 PC: 12bfa | Write file or device (See above)
2018-12-25T11:58:21.745280133Z 66 PC: 12c06 | Move file pointer (See above)
2018-12-25T11:58:21.747354382Z 64 PC: 12c12 | Write file or device (See above)
2018-12-25T11:58:21.757543827Z 87 PC: 12c1f | Get or set file date and time (See above)
2018-12-25T11:58:21.759601272Z 62 PC: 12c23 | Close file (See above)
2018-12-25T11:58:21.769742735Z 67 PC: 12c33 | Get or set file attributes (See above)
2018-12-25T11:58:21.780829765Z 79 PC: 12c5e | Find next file (See above)
2018-12-25T11:58:21.7836894Z 67 PC: 12ba9 | Get or set file attributes (See above)
2018-12-25T11:58:21.790644845Z 67 PC: 12bb5 | Get or set file attributes (See above)
2018-12-25T11:58:21.80134072Z 61 PC: 12bba | Open file (See above)
2018-12-25T11:58:21.814427885Z 87 PC: 12bc1 | Get or set file date and time (See above)
2018-12-25T11:58:21.816644843Z 63 PC: 12bd5 | Read file or device (See above)
2018-12-25T11:58:21.823685699Z 66 PC: 12bf1 | Move file pointer (See above)
2018-12-25T11:58:21.825164508Z 64 PC: 12bfa | Write file or device (See above)
2018-12-25T11:58:21.827951855Z 66 PC: 12c06 | Move file pointer (See above)
2018-12-25T11:58:21.830049293Z 64 PC: 12c12 | Write file or device (See above)
2018-12-25T11:58:21.839706346Z 87 PC: 12c1f | Get or set file date and time (See above)
2018-12-25T11:58:21.842046973Z 62 PC: 12c23 | Close file (See above)
2018-12-25T11:58:21.85882082Z 67 PC: 12c33 | Get or set file attributes (See above)
2018-12-25T11:58:21.870120381Z 79 PC: 12c5e | Find next file (See above)
2018-12-25T11:58:21.874304359Z 67 PC: 12ba9 | Get or set file attributes (See above)
2018-12-25T11:58:21.881783036Z 67 PC: 12bb5 | Get or set file attributes (See above)
2018-12-25T11:58:21.89333438Z 61 PC: 12bba | Open file (See above)
2018-12-25T11:58:21.901474011Z 87 PC: 12bc1 | Get or set file date and time (See above)
2018-12-25T11:58:21.904591105Z 63 PC: 12bd5 | Read file or device (See above)
2018-12-25T11:58:21.911781895Z 66 PC: 12bf1 | Move file pointer (See above)
2018-12-25T11:58:21.913075047Z 64 PC: 12bfa | Write file or device (See above)
2018-12-25T11:58:21.916924677Z 66 PC: 12c06 | Move file pointer (See above)
2018-12-25T11:58:21.918537963Z 64 PC: 12c12 | Write file or device (See above)
2018-12-25T11:58:21.927860644Z 87 PC: 12c1f | Get or set file date and time (See above)
2018-12-25T11:58:21.930934611Z 62 PC: 12c23 | Close file (See above)
2018-12-25T11:58:21.940305071Z 67 PC: 12c33 | Get or set file attributes (See above)
2018-12-25T11:58:21.951294556Z 79 PC: 12c5e | Find next file (See above)
2018-12-25T11:58:21.955033193Z 78 PC: 12ced | Find first file
2018-12-25T11:58:21.961484265Z 78 PC: 12ced | Find first file (See above)
2018-12-25T11:58:21.967785658Z 42 PC: 12c6f | Get date 0x12c6f: mov bl, al
0x12c71: cmp bl, 5
0x12c74: jne 0x12c7e
0x12c76: cmp dl, 0xd
0x12c79: je 0x12c8c
0x12c7b: jmp 0x12c86
0x12c7d: nop
0x12c7e: cmp bl, 0
0x12c81: jne 0x12c86
0x12c83: jmp 0x12c95
0x12c85: nop
0x12c86: call 0x12c9f
0x12c89: pop bx
0x12c8a: jmp bx
0x12c8c: call 0x12e3f
0x12c8f: call 0x12c9f
0x12c92: pop bx
0x12c93: int 0x20
0x12c95: call 0x12d7c
0x12c98: jmp 0x12c86
2018-12-25T11:58:21.970497385Z 78 PC: 12d36 | Find first file
2018-12-25T11:58:21.978069141Z 26 PC: 12b8e | Set disk transfer address

{"DateBased":true,"Day":6,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6060,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:58:21.527648672Z 48 PC: 12b57 | Get DOS version
2018-12-25T11:58:21.529391896Z 47 PC: 12b63 | Get disk transfer address
2018-12-25T11:58:21.531677074Z 26 PC: 12b71 | Set disk transfer address
2018-12-25T11:58:21.533011012Z 78 PC: 12c3f | Find first file
2018-12-25T11:58:21.540499604Z 47 PC: 12c48 | Get disk transfer address
2018-12-25T11:58:21.542396395Z 67 PC: 12ba9 | Get or set file attributes
2018-12-25T11:58:21.547673591Z 67 PC: 12bb5 | Get or set file attributes
2018-12-25T11:58:21.560512095Z 61 PC: 12bba | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:58:21.56850075Z 87 PC: 12bc1 | Get or set file date and time
2018-12-25T11:58:21.570055176Z 63 PC: 12bd5 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:58:21.577703645Z 66 PC: 12bf1 | Move file pointer
2018-12-25T11:58:21.579037286Z 64 PC: 12bfa | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:58:21.582989198Z 66 PC: 12c06 | Move file pointer
2018-12-25T11:58:21.584987962Z 64 PC: 12c12 | Write file or device (Write 1000 bytes on handle 5)
2018-12-25T11:58:21.59536217Z 87 PC: 12c1f | Get or set file date and time
2018-12-25T11:58:21.600318596Z 62 PC: 12c23 | Close file
2018-12-25T11:58:21.609439269Z 67 PC: 12c33 | Get or set file attributes
2018-12-25T11:58:21.620435993Z 79 PC: 12c5e | Find next file
2018-12-25T11:58:21.624997565Z 67 PC: 12ba9 | Get or set file attributes (See above)
2018-12-25T11:58:21.631707093Z 67 PC: 12bb5 | Get or set file attributes (See above)
2018-12-25T11:58:21.649344606Z 61 PC: 12bba | Open file (See above)
2018-12-25T11:58:21.657581146Z 87 PC: 12bc1 | Get or set file date and time (See above)
2018-12-25T11:58:21.660552232Z 63 PC: 12bd5 | Read file or device (See above)
2018-12-25T11:58:21.670201615Z 66 PC: 12bf1 | Move file pointer (See above)
2018-12-25T11:58:21.67370341Z 64 PC: 12bfa | Write file or device (See above)
2018-12-25T11:58:21.679196412Z 66 PC: 12c06 | Move file pointer (See above)
2018-12-25T11:58:21.683207841Z 64 PC: 12c12 | Write file or device (See above)
2018-12-25T11:58:21.693029499Z 87 PC: 12c1f | Get or set file date and time (See above)
2018-12-25T11:58:21.695367599Z 62 PC: 12c23 | Close file (See above)
2018-12-25T11:58:21.704071091Z 67 PC: 12c33 | Get or set file attributes (See above)
2018-12-25T11:58:21.715149522Z 79 PC: 12c5e | Find next file (See above)
2018-12-25T11:58:21.718364344Z 67 PC: 12ba9 | Get or set file attributes (See above)
2018-12-25T11:58:21.725054378Z 67 PC: 12bb5 | Get or set file attributes (See above)
2018-12-25T11:58:21.735645525Z 61 PC: 12bba | Open file (See above)
2018-12-25T11:58:21.749384336Z 87 PC: 12bc1 | Get or set file date and time (See above)
2018-12-25T11:58:21.750981396Z 63 PC: 12bd5 | Read file or device (See above)
2018-12-25T11:58:21.758158899Z 66 PC: 12bf1 | Move file pointer (See above)
2018-12-25T11:58:21.760128903Z 64 PC: 12bfa | Write file or device (See above)
2018-12-25T11:58:21.763049398Z 66 PC: 12c06 | Move file pointer (See above)
2018-12-25T11:58:21.764505299Z 64 PC: 12c12 | Write file or device (See above)
2018-12-25T11:58:21.774408676Z 87 PC: 12c1f | Get or set file date and time (See above)
2018-12-25T11:58:21.775612654Z 62 PC: 12c23 | Close file (See above)
2018-12-25T11:58:21.78095325Z 67 PC: 12c33 | Get or set file attributes (See above)
2018-12-25T11:58:21.792409306Z 79 PC: 12c5e | Find next file (See above)
2018-12-25T11:58:21.795671321Z 67 PC: 12ba9 | Get or set file attributes (See above)
2018-12-25T11:58:21.802284207Z 67 PC: 12bb5 | Get or set file attributes (See above)
2018-12-25T11:58:21.814488693Z 61 PC: 12bba | Open file (See above)
2018-12-25T11:58:21.822982085Z 87 PC: 12bc1 | Get or set file date and time (See above)
2018-12-25T11:58:21.824973435Z 63 PC: 12bd5 | Read file or device (See above)
2018-12-25T11:58:21.838205524Z 66 PC: 12bf1 | Move file pointer (See above)
2018-12-25T11:58:21.839379599Z 64 PC: 12bfa | Write file or device (See above)
2018-12-25T11:58:21.852472611Z 66 PC: 12c06 | Move file pointer (See above)
2018-12-25T11:58:21.853935122Z 64 PC: 12c12 | Write file or device (See above)
2018-12-25T11:58:21.864495235Z 87 PC: 12c1f | Get or set file date and time (See above)
2018-12-25T11:58:21.865983222Z 62 PC: 12c23 | Close file (See above)
2018-12-25T11:58:21.874848794Z 67 PC: 12c33 | Get or set file attributes (See above)
2018-12-25T11:58:21.886165167Z 79 PC: 12c5e | Find next file (See above)
2018-12-25T11:58:21.888916063Z 67 PC: 12ba9 | Get or set file attributes (See above)
2018-12-25T11:58:21.895094633Z 67 PC: 12bb5 | Get or set file attributes (See above)
2018-12-25T11:58:21.906301319Z 61 PC: 12bba | Open file (See above)
2018-12-25T11:58:21.914162719Z 87 PC: 12bc1 | Get or set file date and time (See above)
2018-12-25T11:58:21.916039362Z 63 PC: 12bd5 | Read file or device (See above)
2018-12-25T11:58:21.923817083Z 66 PC: 12bf1 | Move file pointer (See above)
2018-12-25T11:58:21.925567299Z 64 PC: 12bfa | Write file or device (See above)
2018-12-25T11:58:21.928626998Z 66 PC: 12c06 | Move file pointer (See above)
2018-12-25T11:58:21.930939088Z 64 PC: 12c12 | Write file or device (See above)
2018-12-25T11:58:21.941282026Z 87 PC: 12c1f | Get or set file date and time (See above)
2018-12-25T11:58:21.943104842Z 62 PC: 12c23 | Close file (See above)
2018-12-25T11:58:21.952351308Z 67 PC: 12c33 | Get or set file attributes (See above)
2018-12-25T11:58:21.964182399Z 79 PC: 12c5e | Find next file (See above)
2018-12-25T11:58:21.9676751Z 67 PC: 12ba9 | Get or set file attributes (See above)
2018-12-25T11:58:21.97517125Z 67 PC: 12bb5 | Get or set file attributes (See above)
2018-12-25T11:58:21.98647746Z 61 PC: 12bba | Open file (See above)
2018-12-25T11:58:22.000616269Z 87 PC: 12bc1 | Get or set file date and time (See above)
2018-12-25T11:58:22.00271697Z 63 PC: 12bd5 | Read file or device (See above)
2018-12-25T11:58:22.011030202Z 66 PC: 12bf1 | Move file pointer (See above)
2018-12-25T11:58:22.013126415Z 64 PC: 12bfa | Write file or device (See above)
2018-12-25T11:58:22.016539896Z 66 PC: 12c06 | Move file pointer (See above)
2018-12-25T11:58:22.019438414Z 64 PC: 12c12 | Write file or device (See above)
2018-12-25T11:58:22.030191193Z 87 PC: 12c1f | Get or set file date and time (See above)
2018-12-25T11:58:22.031983588Z 62 PC: 12c23 | Close file (See above)
2018-12-25T11:58:22.041228395Z 67 PC: 12c33 | Get or set file attributes (See above)
2018-12-25T11:58:22.052315601Z 79 PC: 12c5e | Find next file (See above)
2018-12-25T11:58:22.055343316Z 67 PC: 12ba9 | Get or set file attributes (See above)
2018-12-25T11:58:22.062965323Z 67 PC: 12bb5 | Get or set file attributes (See above)
2018-12-25T11:58:22.073846174Z 61 PC: 12bba | Open file (See above)
2018-12-25T11:58:22.081206295Z 87 PC: 12bc1 | Get or set file date and time (See above)
2018-12-25T11:58:22.083377163Z 63 PC: 12bd5 | Read file or device (See above)
2018-12-25T11:58:22.090573098Z 66 PC: 12bf1 | Move file pointer (See above)
2018-12-25T11:58:22.092172595Z 64 PC: 12bfa | Write file or device (See above)
2018-12-25T11:58:22.095596441Z 66 PC: 12c06 | Move file pointer (See above)
2018-12-25T11:58:22.097354325Z 64 PC: 12c12 | Write file or device (See above)
2018-12-25T11:58:22.107396392Z 87 PC: 12c1f | Get or set file date and time (See above)
2018-12-25T11:58:22.110268288Z 62 PC: 12c23 | Close file (See above)
2018-12-25T11:58:22.119417959Z 67 PC: 12c33 | Get or set file attributes (See above)
2018-12-25T11:58:22.131148013Z 79 PC: 12c5e | Find next file (See above)
2018-12-25T11:58:22.1347971Z 78 PC: 12ced | Find first file
2018-12-25T11:58:22.142355543Z 78 PC: 12ced | Find first file (See above)
2018-12-25T11:58:22.1493053Z 42 PC: 12c6f | Get date 0x12c6f: mov bl, al
0x12c71: cmp bl, 5
0x12c74: jne 0x12c7e
0x12c76: cmp dl, 0xd
0x12c79: je 0x12c8c
0x12c7b: jmp 0x12c86
0x12c7d: nop
0x12c7e: cmp bl, 0
0x12c81: jne 0x12c86
0x12c83: jmp 0x12c95
0x12c85: nop
0x12c86: call 0x12c9f
0x12c89: pop bx
0x12c8a: jmp bx
0x12c8c: call 0x12e3f
0x12c8f: call 0x12c9f
0x12c92: pop bx
0x12c93: int 0x20
0x12c95: call 0x12d7c
0x12c98: jmp 0x12c86

{"DateBased":true,"Day":13,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6060,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:58:21.580430578Z 48 PC: 12b57 | Get DOS version
2018-12-25T11:58:21.59185692Z 47 PC: 12b63 | Get disk transfer address
2018-12-25T11:58:21.593091821Z 26 PC: 12b71 | Set disk transfer address
2018-12-25T11:58:21.594097459Z 78 PC: 12c3f | Find first file
2018-12-25T11:58:21.600670214Z 47 PC: 12c48 | Get disk transfer address
2018-12-25T11:58:21.603687941Z 67 PC: 12ba9 | Get or set file attributes
2018-12-25T11:58:21.609299246Z 67 PC: 12bb5 | Get or set file attributes
2018-12-25T11:58:21.62616279Z 61 PC: 12bba | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:58:21.632618356Z 87 PC: 12bc1 | Get or set file date and time
2018-12-25T11:58:21.633880232Z 63 PC: 12bd5 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:58:21.641020881Z 66 PC: 12bf1 | Move file pointer
2018-12-25T11:58:21.642445453Z 64 PC: 12bfa | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:58:21.644999491Z 66 PC: 12c06 | Move file pointer
2018-12-25T11:58:21.647637387Z 64 PC: 12c12 | Write file or device (Write 1000 bytes on handle 5)
2018-12-25T11:58:21.656350664Z 87 PC: 12c1f | Get or set file date and time
2018-12-25T11:58:21.657727773Z 62 PC: 12c23 | Close file
2018-12-25T11:58:21.665204394Z 67 PC: 12c33 | Get or set file attributes
2018-12-25T11:58:21.675519636Z 79 PC: 12c5e | Find next file
2018-12-25T11:58:21.678222495Z 67 PC: 12ba9 | Get or set file attributes (See above)
2018-12-25T11:58:21.684510482Z 67 PC: 12bb5 | Get or set file attributes (See above)
2018-12-25T11:58:21.707527281Z 61 PC: 12bba | Open file (See above)
2018-12-25T11:58:21.722202825Z 87 PC: 12bc1 | Get or set file date and time (See above)
2018-12-25T11:58:21.724316494Z 63 PC: 12bd5 | Read file or device (See above)
2018-12-25T11:58:21.732281301Z 66 PC: 12bf1 | Move file pointer (See above)
2018-12-25T11:58:21.734644528Z 64 PC: 12bfa | Write file or device (See above)
2018-12-25T11:58:21.73758105Z 66 PC: 12c06 | Move file pointer (See above)
2018-12-25T11:58:21.739559552Z 64 PC: 12c12 | Write file or device (See above)
2018-12-25T11:58:21.748129973Z 87 PC: 12c1f | Get or set file date and time (See above)
2018-12-25T11:58:21.749934665Z 62 PC: 12c23 | Close file (See above)
2018-12-25T11:58:21.758451854Z 67 PC: 12c33 | Get or set file attributes (See above)
2018-12-25T11:58:21.768527781Z 79 PC: 12c5e | Find next file (See above)
2018-12-25T11:58:21.771468939Z 67 PC: 12ba9 | Get or set file attributes (See above)
2018-12-25T11:58:21.77813437Z 67 PC: 12bb5 | Get or set file attributes (See above)
2018-12-25T11:58:21.78789418Z 61 PC: 12bba | Open file (See above)
2018-12-25T11:58:21.795527115Z 87 PC: 12bc1 | Get or set file date and time (See above)
2018-12-25T11:58:21.797968736Z 63 PC: 12bd5 | Read file or device (See above)
2018-12-25T11:58:21.80466911Z 66 PC: 12bf1 | Move file pointer (See above)
2018-12-25T11:58:21.806713777Z 64 PC: 12bfa | Write file or device (See above)
2018-12-25T11:58:21.809735514Z 66 PC: 12c06 | Move file pointer (See above)
2018-12-25T11:58:21.811996257Z 64 PC: 12c12 | Write file or device (See above)
2018-12-25T11:58:21.820361651Z 87 PC: 12c1f | Get or set file date and time (See above)
2018-12-25T11:58:21.822308783Z 62 PC: 12c23 | Close file (See above)
2018-12-25T11:58:21.830568383Z 67 PC: 12c33 | Get or set file attributes (See above)
2018-12-25T11:58:21.840428823Z 79 PC: 12c5e | Find next file (See above)
2018-12-25T11:58:21.843290719Z 67 PC: 12ba9 | Get or set file attributes (See above)
2018-12-25T11:58:21.850106783Z 67 PC: 12bb5 | Get or set file attributes (See above)
2018-12-25T11:58:21.859773625Z 61 PC: 12bba | Open file (See above)
2018-12-25T11:58:21.865282551Z 87 PC: 12bc1 | Get or set file date and time (See above)
2018-12-25T11:58:21.867117979Z 63 PC: 12bd5 | Read file or device (See above)
2018-12-25T11:58:21.872276024Z 66 PC: 12bf1 | Move file pointer (See above)
2018-12-25T11:58:21.873370484Z 64 PC: 12bfa | Write file or device (See above)
2018-12-25T11:58:21.875937493Z 66 PC: 12c06 | Move file pointer (See above)
2018-12-25T11:58:21.876991466Z 64 PC: 12c12 | Write file or device (See above)
2018-12-25T11:58:21.882992468Z 87 PC: 12c1f | Get or set file date and time (See above)
2018-12-25T11:58:21.884952365Z 62 PC: 12c23 | Close file (See above)
2018-12-25T11:58:21.891110904Z 67 PC: 12c33 | Get or set file attributes (See above)
2018-12-25T11:58:21.899159927Z 79 PC: 12c5e | Find next file (See above)
2018-12-25T11:58:21.902660328Z 67 PC: 12ba9 | Get or set file attributes (See above)
2018-12-25T11:58:21.907545836Z 67 PC: 12bb5 | Get or set file attributes (See above)
2018-12-25T11:58:21.919470834Z 61 PC: 12bba | Open file (See above)
2018-12-25T11:58:21.927722627Z 87 PC: 12bc1 | Get or set file date and time (See above)
2018-12-25T11:58:21.929030532Z 63 PC: 12bd5 | Read file or device (See above)
2018-12-25T11:58:21.935099979Z 66 PC: 12bf1 | Move file pointer (See above)
2018-12-25T11:58:21.937063304Z 64 PC: 12bfa | Write file or device (See above)
2018-12-25T11:58:21.939944265Z 66 PC: 12c06 | Move file pointer (See above)
2018-12-25T11:58:21.941791775Z 64 PC: 12c12 | Write file or device (See above)
2018-12-25T11:58:21.951756655Z 87 PC: 12c1f | Get or set file date and time (See above)
2018-12-25T11:58:21.953201807Z 62 PC: 12c23 | Close file (See above)
2018-12-25T11:58:21.961148305Z 67 PC: 12c33 | Get or set file attributes (See above)
2018-12-25T11:58:21.97171618Z 79 PC: 12c5e | Find next file (See above)
2018-12-25T11:58:21.974888224Z 67 PC: 12ba9 | Get or set file attributes (See above)
2018-12-25T11:58:21.980530768Z 67 PC: 12bb5 | Get or set file attributes (See above)
2018-12-25T11:58:21.991716432Z 61 PC: 12bba | Open file (See above)
2018-12-25T11:58:21.998654736Z 87 PC: 12bc1 | Get or set file date and time (See above)
2018-12-25T11:58:22.000074498Z 63 PC: 12bd5 | Read file or device (See above)
2018-12-25T11:58:22.006732251Z 66 PC: 12bf1 | Move file pointer (See above)
2018-12-25T11:58:22.008407545Z 64 PC: 12bfa | Write file or device (See above)
2018-12-25T11:58:22.010927027Z 66 PC: 12c06 | Move file pointer (See above)
2018-12-25T11:58:22.012804759Z 64 PC: 12c12 | Write file or device (See above)
2018-12-25T11:58:22.021700766Z 87 PC: 12c1f | Get or set file date and time (See above)
2018-12-25T11:58:22.023463308Z 62 PC: 12c23 | Close file (See above)
2018-12-25T11:58:22.031957368Z 67 PC: 12c33 | Get or set file attributes (See above)
2018-12-25T11:58:22.042189558Z 79 PC: 12c5e | Find next file (See above)
2018-12-25T11:58:22.044975093Z 67 PC: 12ba9 | Get or set file attributes (See above)
2018-12-25T11:58:22.05093325Z 67 PC: 12bb5 | Get or set file attributes (See above)
2018-12-25T11:58:22.064011519Z 61 PC: 12bba | Open file (See above)
2018-12-25T11:58:22.070502527Z 87 PC: 12bc1 | Get or set file date and time (See above)
2018-12-25T11:58:22.07195219Z 63 PC: 12bd5 | Read file or device (See above)
2018-12-25T11:58:22.078907419Z 66 PC: 12bf1 | Move file pointer (See above)
2018-12-25T11:58:22.080290098Z 64 PC: 12bfa | Write file or device (See above)
2018-12-25T11:58:22.08305645Z 66 PC: 12c06 | Move file pointer (See above)
2018-12-25T11:58:22.085152482Z 64 PC: 12c12 | Write file or device (See above)
2018-12-25T11:58:22.093505097Z 87 PC: 12c1f | Get or set file date and time (See above)
2018-12-25T11:58:22.095170323Z 62 PC: 12c23 | Close file (See above)
2018-12-25T11:58:22.103468669Z 67 PC: 12c33 | Get or set file attributes (See above)
2018-12-25T11:58:22.113139463Z 79 PC: 12c5e | Find next file (See above)
2018-12-25T11:58:22.11587647Z 78 PC: 12ced | Find first file
2018-12-25T11:58:22.123312789Z 78 PC: 12ced | Find first file (See above)
2018-12-25T11:58:22.129112231Z 42 PC: 12c6f | Get date 0x12c6f: mov bl, al
0x12c71: cmp bl, 5
0x12c74: jne 0x12c7e
0x12c76: cmp dl, 0xd
0x12c79: je 0x12c8c
0x12c7b: jmp 0x12c86
0x12c7d: nop
0x12c7e: cmp bl, 0
0x12c81: jne 0x12c86
0x12c83: jmp 0x12c95
0x12c85: nop
0x12c86: call 0x12c9f
0x12c89: pop bx
0x12c8a: jmp bx
0x12c8c: call 0x12e3f
0x12c8f: call 0x12c9f
0x12c92: pop bx
0x12c93: int 0x20
0x12c95: call 0x12d7c
0x12c98: jmp 0x12c86
2018-12-25T11:58:22.131464274Z 2 PC: 12e4d | Character output (Char = '0a')
2018-12-25T11:58:22.136024925Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:22.13924607Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:22.142026395Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:22.144809538Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:22.146812532Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:22.149221068Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:22.152162672Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:22.154120737Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:22.156103449Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:22.158838301Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:22.160842376Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:22.162810087Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:22.164930963Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:22.167769932Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:22.169744969Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:22.171715181Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:22.1736944Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:22.177035543Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:22.178785932Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:22.180693404Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:22.182864491Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:22.185034658Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:22.187901432Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:22.189823801Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:22.191780519Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:22.195260542Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:22.1982115Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:22.200739445Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:22.204153049Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:22.206206667Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:22.208276433Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:22.211161978Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:22.213112535Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:22.215094794Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:22.217366525Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:22.223432745Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:22.225165525Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:22.227380592Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:22.229858596Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:22.231478168Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:22.233991065Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:22.23557694Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:22.237031148Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:22.239265972Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:22.241252066Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:22.243166934Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:22.245954203Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:22.248050959Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:22.250071036Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:22.252815833Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:22.254941381Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:22.256803866Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:22.259366523Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:22.261767973Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:22.26860828Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:22.271948115Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:22.273891069Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:22.275987636Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:22.279502843Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:22.281599543Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:22.283577096Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:22.288121084Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:22.289923677Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:22.293620801Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:22.296267742Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:22.298292535Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:22.300184388Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:22.302830855Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:22.3047862Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:22.306713847Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:22.309351821Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:22.311159532Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:22.31305963Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:22.315558968Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:22.317554298Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:22.319535042Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:22.322071204Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:22.324256102Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:22.326588393Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:22.329390067Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:22.331532822Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:22.333585265Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:22.33601897Z 2 PC: 12e4d | Character output (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6060,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:58:21.748010812Z 48 PC: 12b57 | Get DOS version
2018-12-25T11:58:21.749683299Z 47 PC: 12b63 | Get disk transfer address
2018-12-25T11:58:21.750955142Z 26 PC: 12b71 | Set disk transfer address
2018-12-25T11:58:21.752255694Z 78 PC: 12c3f | Find first file
2018-12-25T11:58:21.759242494Z 47 PC: 12c48 | Get disk transfer address
2018-12-25T11:58:21.760657417Z 67 PC: 12ba9 | Get or set file attributes
2018-12-25T11:58:21.766101931Z 67 PC: 12bb5 | Get or set file attributes
2018-12-25T11:58:21.781768138Z 61 PC: 12bba | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:58:21.788728772Z 87 PC: 12bc1 | Get or set file date and time
2018-12-25T11:58:21.790347941Z 63 PC: 12bd5 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:58:21.796596381Z 66 PC: 12bf1 | Move file pointer
2018-12-25T11:58:21.798827948Z 64 PC: 12bfa | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:58:21.801290513Z 66 PC: 12c06 | Move file pointer
2018-12-25T11:58:21.802619692Z 64 PC: 12c12 | Write file or device (Write 1000 bytes on handle 5)
2018-12-25T11:58:21.811571259Z 87 PC: 12c1f | Get or set file date and time
2018-12-25T11:58:21.813309391Z 62 PC: 12c23 | Close file
2018-12-25T11:58:21.82134555Z 67 PC: 12c33 | Get or set file attributes
2018-12-25T11:58:21.833068443Z 79 PC: 12c5e | Find next file
2018-12-25T11:58:21.83588929Z 67 PC: 12ba9 | Get or set file attributes (See above)
2018-12-25T11:58:21.841659164Z 67 PC: 12bb5 | Get or set file attributes (See above)
2018-12-25T11:58:21.851534345Z 61 PC: 12bba | Open file (See above)
2018-12-25T11:58:21.874491714Z 87 PC: 12bc1 | Get or set file date and time (See above)
2018-12-25T11:58:21.875992765Z 63 PC: 12bd5 | Read file or device (See above)
2018-12-25T11:58:21.883768891Z 66 PC: 12bf1 | Move file pointer (See above)
2018-12-25T11:58:21.885240242Z 64 PC: 12bfa | Write file or device (See above)
2018-12-25T11:58:21.887991723Z 66 PC: 12c06 | Move file pointer (See above)
2018-12-25T11:58:21.895354225Z 64 PC: 12c12 | Write file or device (See above)
2018-12-25T11:58:21.906811614Z 87 PC: 12c1f | Get or set file date and time (See above)
2018-12-25T11:58:21.909063873Z 62 PC: 12c23 | Close file (See above)
2018-12-25T11:58:21.919106558Z 67 PC: 12c33 | Get or set file attributes (See above)
2018-12-25T11:58:21.931744217Z 79 PC: 12c5e | Find next file (See above)
2018-12-25T11:58:21.934537846Z 67 PC: 12ba9 | Get or set file attributes (See above)
2018-12-25T11:58:21.94046172Z 67 PC: 12bb5 | Get or set file attributes (See above)
2018-12-25T11:58:21.950550393Z 61 PC: 12bba | Open file (See above)
2018-12-25T11:58:21.958583198Z 87 PC: 12bc1 | Get or set file date and time (See above)
2018-12-25T11:58:21.96027791Z 63 PC: 12bd5 | Read file or device (See above)
2018-12-25T11:58:21.967183708Z 66 PC: 12bf1 | Move file pointer (See above)
2018-12-25T11:58:21.968772391Z 64 PC: 12bfa | Write file or device (See above)
2018-12-25T11:58:21.971535679Z 66 PC: 12c06 | Move file pointer (See above)
2018-12-25T11:58:21.973841111Z 64 PC: 12c12 | Write file or device (See above)
2018-12-25T11:58:21.982375114Z 87 PC: 12c1f | Get or set file date and time (See above)
2018-12-25T11:58:21.984173787Z 62 PC: 12c23 | Close file (See above)
2018-12-25T11:58:21.999577147Z 67 PC: 12c33 | Get or set file attributes (See above)
2018-12-25T11:58:22.010459452Z 79 PC: 12c5e | Find next file (See above)
2018-12-25T11:58:22.012795772Z 67 PC: 12ba9 | Get or set file attributes (See above)
2018-12-25T11:58:22.018198107Z 67 PC: 12bb5 | Get or set file attributes (See above)
2018-12-25T11:58:22.026263573Z 61 PC: 12bba | Open file (See above)
2018-12-25T11:58:22.031730667Z 87 PC: 12bc1 | Get or set file date and time (See above)
2018-12-25T11:58:22.033633676Z 63 PC: 12bd5 | Read file or device (See above)
2018-12-25T11:58:22.038768531Z 66 PC: 12bf1 | Move file pointer (See above)
2018-12-25T11:58:22.040204321Z 64 PC: 12bfa | Write file or device (See above)
2018-12-25T11:58:22.043206763Z 66 PC: 12c06 | Move file pointer (See above)
2018-12-25T11:58:22.044397699Z 64 PC: 12c12 | Write file or device (See above)
2018-12-25T11:58:22.05118983Z 87 PC: 12c1f | Get or set file date and time (See above)
2018-12-25T11:58:22.052837167Z 62 PC: 12c23 | Close file (See above)
2018-12-25T11:58:22.058267841Z 67 PC: 12c33 | Get or set file attributes (See above)
2018-12-25T11:58:22.06459421Z 79 PC: 12c5e | Find next file (See above)
2018-12-25T11:58:22.066869744Z 67 PC: 12ba9 | Get or set file attributes (See above)
2018-12-25T11:58:22.071057483Z 67 PC: 12bb5 | Get or set file attributes (See above)
2018-12-25T11:58:22.079617182Z 61 PC: 12bba | Open file (See above)
2018-12-25T11:58:22.087583053Z 87 PC: 12bc1 | Get or set file date and time (See above)
2018-12-25T11:58:22.089968106Z 63 PC: 12bd5 | Read file or device (See above)
2018-12-25T11:58:22.094015295Z 66 PC: 12bf1 | Move file pointer (See above)
2018-12-25T11:58:22.096269936Z 64 PC: 12bfa | Write file or device (See above)
2018-12-25T11:58:22.098152333Z 66 PC: 12c06 | Move file pointer (See above)
2018-12-25T11:58:22.099235033Z 64 PC: 12c12 | Write file or device (See above)
2018-12-25T11:58:22.105302629Z 87 PC: 12c1f | Get or set file date and time (See above)
2018-12-25T11:58:22.106807173Z 62 PC: 12c23 | Close file (See above)
2018-12-25T11:58:22.111735476Z 67 PC: 12c33 | Get or set file attributes (See above)
2018-12-25T11:58:22.118567162Z 79 PC: 12c5e | Find next file (See above)
2018-12-25T11:58:22.121101448Z 67 PC: 12ba9 | Get or set file attributes (See above)
2018-12-25T11:58:22.125504491Z 67 PC: 12bb5 | Get or set file attributes (See above)
2018-12-25T11:58:22.131744573Z 61 PC: 12bba | Open file (See above)
2018-12-25T11:58:22.140724237Z 87 PC: 12bc1 | Get or set file date and time (See above)
2018-12-25T11:58:22.142155011Z 63 PC: 12bd5 | Read file or device (See above)
2018-12-25T11:58:22.146290685Z 66 PC: 12bf1 | Move file pointer (See above)
2018-12-25T11:58:22.147808143Z 64 PC: 12bfa | Write file or device (See above)
2018-12-25T11:58:22.150142009Z 66 PC: 12c06 | Move file pointer (See above)
2018-12-25T11:58:22.151423616Z 64 PC: 12c12 | Write file or device (See above)
2018-12-25T11:58:22.158394072Z 87 PC: 12c1f | Get or set file date and time (See above)
2018-12-25T11:58:22.159547454Z 62 PC: 12c23 | Close file (See above)
2018-12-25T11:58:22.165543831Z 67 PC: 12c33 | Get or set file attributes (See above)
2018-12-25T11:58:22.188994367Z 79 PC: 12c5e | Find next file (See above)
2018-12-25T11:58:22.190983755Z 67 PC: 12ba9 | Get or set file attributes (See above)
2018-12-25T11:58:22.195546602Z 67 PC: 12bb5 | Get or set file attributes (See above)
2018-12-25T11:58:22.204008863Z 61 PC: 12bba | Open file (See above)
2018-12-25T11:58:22.225528067Z 87 PC: 12bc1 | Get or set file date and time (See above)
2018-12-25T11:58:22.227219876Z 63 PC: 12bd5 | Read file or device (See above)
2018-12-25T11:58:22.234474275Z 66 PC: 12bf1 | Move file pointer (See above)
2018-12-25T11:58:22.236167439Z 64 PC: 12bfa | Write file or device (See above)
2018-12-25T11:58:22.239089157Z 66 PC: 12c06 | Move file pointer (See above)
2018-12-25T11:58:22.241335674Z 64 PC: 12c12 | Write file or device (See above)
2018-12-25T11:58:22.249603322Z 87 PC: 12c1f | Get or set file date and time (See above)
2018-12-25T11:58:22.25107268Z 62 PC: 12c23 | Close file (See above)
2018-12-25T11:58:22.259086375Z 67 PC: 12c33 | Get or set file attributes (See above)
2018-12-25T11:58:22.268934971Z 79 PC: 12c5e | Find next file (See above)
2018-12-25T11:58:22.271810146Z 78 PC: 12ced | Find first file
2018-12-25T11:58:22.278586168Z 78 PC: 12ced | Find first file (See above)
2018-12-25T11:58:22.284747118Z 42 PC: 12c6f | Get date 0x12c6f: mov bl, al
0x12c71: cmp bl, 5
0x12c74: jne 0x12c7e
0x12c76: cmp dl, 0xd
0x12c79: je 0x12c8c
0x12c7b: jmp 0x12c86
0x12c7d: nop
0x12c7e: cmp bl, 0
0x12c81: jne 0x12c86
0x12c83: jmp 0x12c95
0x12c85: nop
0x12c86: call 0x12c9f
0x12c89: pop bx
0x12c8a: jmp bx
0x12c8c: call 0x12e3f
0x12c8f: call 0x12c9f
0x12c92: pop bx
0x12c93: int 0x20
0x12c95: call 0x12d7c
0x12c98: jmp 0x12c86
2018-12-25T11:58:22.286869631Z 78 PC: 12d36 | Find first file
2018-12-25T11:58:22.298180634Z 26 PC: 12b8e | Set disk transfer address

{"DateBased":true,"Day":4,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6060,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:58:22.291260084Z 48 PC: 12b57 | Get DOS version
2018-12-25T11:58:22.292878779Z 47 PC: 12b63 | Get disk transfer address
2018-12-25T11:58:22.294321565Z 26 PC: 12b71 | Set disk transfer address
2018-12-25T11:58:22.295543586Z 78 PC: 12c3f | Find first file
2018-12-25T11:58:22.301538922Z 47 PC: 12c48 | Get disk transfer address
2018-12-25T11:58:22.303166012Z 67 PC: 12ba9 | Get or set file attributes
2018-12-25T11:58:22.308720933Z 67 PC: 12bb5 | Get or set file attributes
2018-12-25T11:58:22.326349666Z 61 PC: 12bba | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:58:22.333409747Z 87 PC: 12bc1 | Get or set file date and time
2018-12-25T11:58:22.334773548Z 63 PC: 12bd5 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:58:22.340765363Z 66 PC: 12bf1 | Move file pointer
2018-12-25T11:58:22.342478317Z 64 PC: 12bfa | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:58:22.344952378Z 66 PC: 12c06 | Move file pointer
2018-12-25T11:58:22.346288358Z 64 PC: 12c12 | Write file or device (Write 1000 bytes on handle 5)
2018-12-25T11:58:22.358056054Z 87 PC: 12c1f | Get or set file date and time
2018-12-25T11:58:22.359449239Z 62 PC: 12c23 | Close file
2018-12-25T11:58:22.366717972Z 67 PC: 12c33 | Get or set file attributes
2018-12-25T11:58:22.385215311Z 79 PC: 12c5e | Find next file
2018-12-25T11:58:22.400586649Z 67 PC: 12ba9 | Get or set file attributes (See above)
2018-12-25T11:58:22.406268092Z 67 PC: 12bb5 | Get or set file attributes (See above)
2018-12-25T11:58:22.416770444Z 61 PC: 12bba | Open file (See above)
2018-12-25T11:58:22.42378671Z 87 PC: 12bc1 | Get or set file date and time (See above)
2018-12-25T11:58:22.425184236Z 63 PC: 12bd5 | Read file or device (See above)
2018-12-25T11:58:22.431785329Z 66 PC: 12bf1 | Move file pointer (See above)
2018-12-25T11:58:22.433589721Z 64 PC: 12bfa | Write file or device (See above)
2018-12-25T11:58:22.436325136Z 66 PC: 12c06 | Move file pointer (See above)
2018-12-25T11:58:22.43802918Z 64 PC: 12c12 | Write file or device (See above)
2018-12-25T11:58:22.447396694Z 87 PC: 12c1f | Get or set file date and time (See above)
2018-12-25T11:58:22.449041632Z 62 PC: 12c23 | Close file (See above)
2018-12-25T11:58:22.456439443Z 67 PC: 12c33 | Get or set file attributes (See above)
2018-12-25T11:58:22.466685869Z 79 PC: 12c5e | Find next file (See above)
2018-12-25T11:58:22.469766166Z 67 PC: 12ba9 | Get or set file attributes (See above)
2018-12-25T11:58:22.475158039Z 67 PC: 12bb5 | Get or set file attributes (See above)
2018-12-25T11:58:22.486187447Z 61 PC: 12bba | Open file (See above)
2018-12-25T11:58:22.493040493Z 87 PC: 12bc1 | Get or set file date and time (See above)
2018-12-25T11:58:22.494657526Z 63 PC: 12bd5 | Read file or device (See above)
2018-12-25T11:58:22.502087897Z 66 PC: 12bf1 | Move file pointer (See above)
2018-12-25T11:58:22.504077614Z 64 PC: 12bfa | Write file or device (See above)
2018-12-25T11:58:22.506911826Z 66 PC: 12c06 | Move file pointer (See above)
2018-12-25T11:58:22.509248308Z 64 PC: 12c12 | Write file or device (See above)
2018-12-25T11:58:22.51793645Z 87 PC: 12c1f | Get or set file date and time (See above)
2018-12-25T11:58:22.519634052Z 62 PC: 12c23 | Close file (See above)
2018-12-25T11:58:22.527447921Z 67 PC: 12c33 | Get or set file attributes (See above)
2018-12-25T11:58:22.540279718Z 79 PC: 12c5e | Find next file (See above)
2018-12-25T11:58:22.542794745Z 67 PC: 12ba9 | Get or set file attributes (See above)
2018-12-25T11:58:22.548233428Z 67 PC: 12bb5 | Get or set file attributes (See above)
2018-12-25T11:58:22.558670197Z 61 PC: 12bba | Open file (See above)
2018-12-25T11:58:22.5651642Z 87 PC: 12bc1 | Get or set file date and time (See above)
2018-12-25T11:58:22.56658368Z 63 PC: 12bd5 | Read file or device (See above)
2018-12-25T11:58:22.574015554Z 66 PC: 12bf1 | Move file pointer (See above)
2018-12-25T11:58:22.576357895Z 64 PC: 12bfa | Write file or device (See above)
2018-12-25T11:58:22.578897708Z 66 PC: 12c06 | Move file pointer (See above)
2018-12-25T11:58:22.581030232Z 64 PC: 12c12 | Write file or device (See above)
2018-12-25T11:58:22.589169144Z 87 PC: 12c1f | Get or set file date and time (See above)
2018-12-25T11:58:22.590640863Z 62 PC: 12c23 | Close file (See above)
2018-12-25T11:58:22.599234611Z 67 PC: 12c33 | Get or set file attributes (See above)
2018-12-25T11:58:22.608900046Z 79 PC: 12c5e | Find next file (See above)
2018-12-25T11:58:22.611618753Z 67 PC: 12ba9 | Get or set file attributes (See above)
2018-12-25T11:58:22.617689732Z 67 PC: 12bb5 | Get or set file attributes (See above)
2018-12-25T11:58:22.627292275Z 61 PC: 12bba | Open file (See above)
2018-12-25T11:58:22.633991006Z 87 PC: 12bc1 | Get or set file date and time (See above)
2018-12-25T11:58:22.63610494Z 63 PC: 12bd5 | Read file or device (See above)
2018-12-25T11:58:22.642358271Z 66 PC: 12bf1 | Move file pointer (See above)
2018-12-25T11:58:22.643562313Z 64 PC: 12bfa | Write file or device (See above)
2018-12-25T11:58:22.647773092Z 66 PC: 12c06 | Move file pointer (See above)
2018-12-25T11:58:22.649373398Z 64 PC: 12c12 | Write file or device (See above)
2018-12-25T11:58:22.657887926Z 87 PC: 12c1f | Get or set file date and time (See above)
2018-12-25T11:58:22.659835661Z 62 PC: 12c23 | Close file (See above)
2018-12-25T11:58:22.668129837Z 67 PC: 12c33 | Get or set file attributes (See above)
2018-12-25T11:58:22.678073531Z 79 PC: 12c5e | Find next file (See above)
2018-12-25T11:58:22.681248645Z 67 PC: 12ba9 | Get or set file attributes (See above)
2018-12-25T11:58:22.686909192Z 67 PC: 12bb5 | Get or set file attributes (See above)
2018-12-25T11:58:22.696588305Z 61 PC: 12bba | Open file (See above)
2018-12-25T11:58:22.703796539Z 87 PC: 12bc1 | Get or set file date and time (See above)
2018-12-25T11:58:22.705162466Z 63 PC: 12bd5 | Read file or device (See above)
2018-12-25T11:58:22.711552175Z 66 PC: 12bf1 | Move file pointer (See above)
2018-12-25T11:58:22.713438355Z 64 PC: 12bfa | Write file or device (See above)
2018-12-25T11:58:22.716114355Z 66 PC: 12c06 | Move file pointer (See above)
2018-12-25T11:58:22.717649696Z 64 PC: 12c12 | Write file or device (See above)
2018-12-25T11:58:22.727337316Z 87 PC: 12c1f | Get or set file date and time (See above)
2018-12-25T11:58:22.728986323Z 62 PC: 12c23 | Close file (See above)
2018-12-25T11:58:22.73659263Z 67 PC: 12c33 | Get or set file attributes (See above)
2018-12-25T11:58:22.74686384Z 79 PC: 12c5e | Find next file (See above)
2018-12-25T11:58:22.749474406Z 67 PC: 12ba9 | Get or set file attributes (See above)
2018-12-25T11:58:22.754849405Z 67 PC: 12bb5 | Get or set file attributes (See above)
2018-12-25T11:58:22.765345623Z 61 PC: 12bba | Open file (See above)
2018-12-25T11:58:22.776645503Z 87 PC: 12bc1 | Get or set file date and time (See above)
2018-12-25T11:58:22.77805008Z 63 PC: 12bd5 | Read file or device (See above)
2018-12-25T11:58:22.784762596Z 66 PC: 12bf1 | Move file pointer (See above)
2018-12-25T11:58:22.786102368Z 64 PC: 12bfa | Write file or device (See above)
2018-12-25T11:58:22.788613698Z 66 PC: 12c06 | Move file pointer (See above)
2018-12-25T11:58:22.791339881Z 64 PC: 12c12 | Write file or device (See above)
2018-12-25T11:58:22.799619887Z 87 PC: 12c1f | Get or set file date and time (See above)
2018-12-25T11:58:22.801495809Z 62 PC: 12c23 | Close file (See above)
2018-12-25T11:58:22.810005744Z 67 PC: 12c33 | Get or set file attributes (See above)
2018-12-25T11:58:22.819684003Z 79 PC: 12c5e | Find next file (See above)
2018-12-25T11:58:22.822381988Z 78 PC: 12ced | Find first file
2018-12-25T11:58:22.828679863Z 78 PC: 12ced | Find first file (See above)
2018-12-25T11:58:22.834288676Z 42 PC: 12c6f | Get date 0x12c6f: mov bl, al
0x12c71: cmp bl, 5
0x12c74: jne 0x12c7e
0x12c76: cmp dl, 0xd
0x12c79: je 0x12c8c
0x12c7b: jmp 0x12c86
0x12c7d: nop
0x12c7e: cmp bl, 0
0x12c81: jne 0x12c86
0x12c83: jmp 0x12c95
0x12c85: nop
0x12c86: call 0x12c9f
0x12c89: pop bx
0x12c8a: jmp bx
0x12c8c: call 0x12e3f
0x12c8f: call 0x12c9f
0x12c92: pop bx
0x12c93: int 0x20
0x12c95: call 0x12d7c
0x12c98: jmp 0x12c86
2018-12-25T11:58:22.83657707Z 78 PC: 12d36 | Find first file
2018-12-25T11:58:22.847547591Z 26 PC: 12b8e | Set disk transfer address

{"DateBased":true,"Day":6,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6060,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:58:23.258155497Z 48 PC: 12b57 | Get DOS version
2018-12-25T11:58:23.259581916Z 47 PC: 12b63 | Get disk transfer address
2018-12-25T11:58:23.26126481Z 26 PC: 12b71 | Set disk transfer address
2018-12-25T11:58:23.262504293Z 78 PC: 12c3f | Find first file
2018-12-25T11:58:23.269116053Z 47 PC: 12c48 | Get disk transfer address
2018-12-25T11:58:23.271302127Z 67 PC: 12ba9 | Get or set file attributes
2018-12-25T11:58:23.277601259Z 67 PC: 12bb5 | Get or set file attributes
2018-12-25T11:58:23.299473143Z 61 PC: 12bba | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:58:23.307598905Z 87 PC: 12bc1 | Get or set file date and time
2018-12-25T11:58:23.30951699Z 63 PC: 12bd5 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:58:23.317088349Z 66 PC: 12bf1 | Move file pointer
2018-12-25T11:58:23.319924395Z 64 PC: 12bfa | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:58:23.323948861Z 66 PC: 12c06 | Move file pointer
2018-12-25T11:58:23.325653544Z 64 PC: 12c12 | Write file or device (Write 1000 bytes on handle 5)
2018-12-25T11:58:23.335801242Z 87 PC: 12c1f | Get or set file date and time
2018-12-25T11:58:23.337546077Z 62 PC: 12c23 | Close file
2018-12-25T11:58:23.346217049Z 67 PC: 12c33 | Get or set file attributes
2018-12-25T11:58:23.35887967Z 79 PC: 12c5e | Find next file
2018-12-25T11:58:23.361931288Z 67 PC: 12ba9 | Get or set file attributes (See above)
2018-12-25T11:58:23.368222019Z 67 PC: 12bb5 | Get or set file attributes (See above)
2018-12-25T11:58:23.379034775Z 61 PC: 12bba | Open file (See above)
2018-12-25T11:58:23.39234203Z 87 PC: 12bc1 | Get or set file date and time (See above)
2018-12-25T11:58:23.393940434Z 63 PC: 12bd5 | Read file or device (See above)
2018-12-25T11:58:23.401110816Z 66 PC: 12bf1 | Move file pointer (See above)
2018-12-25T11:58:23.403525809Z 64 PC: 12bfa | Write file or device (See above)
2018-12-25T11:58:23.406942312Z 66 PC: 12c06 | Move file pointer (See above)
2018-12-25T11:58:23.409131077Z 64 PC: 12c12 | Write file or device (See above)
2018-12-25T11:58:23.419168982Z 87 PC: 12c1f | Get or set file date and time (See above)
2018-12-25T11:58:23.420822818Z 62 PC: 12c23 | Close file (See above)
2018-12-25T11:58:23.429416815Z 67 PC: 12c33 | Get or set file attributes (See above)
2018-12-25T11:58:23.441342944Z 79 PC: 12c5e | Find next file (See above)
2018-12-25T11:58:23.444295906Z 67 PC: 12ba9 | Get or set file attributes (See above)
2018-12-25T11:58:23.450654785Z 67 PC: 12bb5 | Get or set file attributes (See above)
2018-12-25T11:58:23.462570505Z 61 PC: 12bba | Open file (See above)
2018-12-25T11:58:23.470144776Z 87 PC: 12bc1 | Get or set file date and time (See above)
2018-12-25T11:58:23.471581213Z 63 PC: 12bd5 | Read file or device (See above)
2018-12-25T11:58:23.478849982Z 66 PC: 12bf1 | Move file pointer (See above)
2018-12-25T11:58:23.480476124Z 64 PC: 12bfa | Write file or device (See above)
2018-12-25T11:58:23.483134094Z 66 PC: 12c06 | Move file pointer (See above)
2018-12-25T11:58:23.48475511Z 64 PC: 12c12 | Write file or device (See above)
2018-12-25T11:58:23.494126945Z 87 PC: 12c1f | Get or set file date and time (See above)
2018-12-25T11:58:23.495697478Z 62 PC: 12c23 | Close file (See above)
2018-12-25T11:58:23.504393415Z 67 PC: 12c33 | Get or set file attributes (See above)
2018-12-25T11:58:23.51603166Z 79 PC: 12c5e | Find next file (See above)
2018-12-25T11:58:23.518850426Z 67 PC: 12ba9 | Get or set file attributes (See above)
2018-12-25T11:58:23.525038268Z 67 PC: 12bb5 | Get or set file attributes (See above)
2018-12-25T11:58:23.536043355Z 61 PC: 12bba | Open file (See above)
2018-12-25T11:58:23.543162309Z 87 PC: 12bc1 | Get or set file date and time (See above)
2018-12-25T11:58:23.544465206Z 63 PC: 12bd5 | Read file or device (See above)
2018-12-25T11:58:23.551843323Z 66 PC: 12bf1 | Move file pointer (See above)
2018-12-25T11:58:23.553242285Z 64 PC: 12bfa | Write file or device (See above)
2018-12-25T11:58:23.556024958Z 66 PC: 12c06 | Move file pointer (See above)
2018-12-25T11:58:23.558345712Z 64 PC: 12c12 | Write file or device (See above)
2018-12-25T11:58:23.567451822Z 87 PC: 12c1f | Get or set file date and time (See above)
2018-12-25T11:58:23.568928758Z 62 PC: 12c23 | Close file (See above)
2018-12-25T11:58:23.578758009Z 67 PC: 12c33 | Get or set file attributes (See above)
2018-12-25T11:58:23.590264829Z 79 PC: 12c5e | Find next file (See above)
2018-12-25T11:58:23.592987487Z 67 PC: 12ba9 | Get or set file attributes (See above)
2018-12-25T11:58:23.599490709Z 67 PC: 12bb5 | Get or set file attributes (See above)
2018-12-25T11:58:23.610353887Z 61 PC: 12bba | Open file (See above)
2018-12-25T11:58:23.617672336Z 87 PC: 12bc1 | Get or set file date and time (See above)
2018-12-25T11:58:23.619261487Z 63 PC: 12bd5 | Read file or device (See above)
2018-12-25T11:58:23.626257135Z 66 PC: 12bf1 | Move file pointer (See above)
2018-12-25T11:58:23.627780709Z 64 PC: 12bfa | Write file or device (See above)
2018-12-25T11:58:23.631051056Z 66 PC: 12c06 | Move file pointer (See above)
2018-12-25T11:58:23.63332081Z 64 PC: 12c12 | Write file or device (See above)
2018-12-25T11:58:23.643066824Z 87 PC: 12c1f | Get or set file date and time (See above)
2018-12-25T11:58:23.644573223Z 62 PC: 12c23 | Close file (See above)
2018-12-25T11:58:23.653208123Z 67 PC: 12c33 | Get or set file attributes (See above)
2018-12-25T11:58:23.664150759Z 79 PC: 12c5e | Find next file (See above)
2018-12-25T11:58:23.66688691Z 67 PC: 12ba9 | Get or set file attributes (See above)
2018-12-25T11:58:23.673233866Z 67 PC: 12bb5 | Get or set file attributes (See above)
2018-12-25T11:58:23.683878351Z 61 PC: 12bba | Open file (See above)
2018-12-25T11:58:23.69633681Z 87 PC: 12bc1 | Get or set file date and time (See above)
2018-12-25T11:58:23.698504684Z 63 PC: 12bd5 | Read file or device (See above)
2018-12-25T11:58:23.705944793Z 66 PC: 12bf1 | Move file pointer (See above)
2018-12-25T11:58:23.707175422Z 64 PC: 12bfa | Write file or device (See above)
2018-12-25T11:58:23.710528525Z 66 PC: 12c06 | Move file pointer (See above)
2018-12-25T11:58:23.711898431Z 64 PC: 12c12 | Write file or device (See above)
2018-12-25T11:58:23.721442742Z 87 PC: 12c1f | Get or set file date and time (See above)
2018-12-25T11:58:23.723980511Z 62 PC: 12c23 | Close file (See above)
2018-12-25T11:58:23.732460447Z 67 PC: 12c33 | Get or set file attributes (See above)
2018-12-25T11:58:23.743108883Z 79 PC: 12c5e | Find next file (See above)
2018-12-25T11:58:23.745973989Z 67 PC: 12ba9 | Get or set file attributes (See above)
2018-12-25T11:58:23.752593752Z 67 PC: 12bb5 | Get or set file attributes (See above)
2018-12-25T11:58:23.763600329Z 61 PC: 12bba | Open file (See above)
2018-12-25T11:58:23.77068339Z 87 PC: 12bc1 | Get or set file date and time (See above)
2018-12-25T11:58:23.772511191Z 63 PC: 12bd5 | Read file or device (See above)
2018-12-25T11:58:23.779317953Z 66 PC: 12bf1 | Move file pointer (See above)
2018-12-25T11:58:23.780535927Z 64 PC: 12bfa | Write file or device (See above)
2018-12-25T11:58:23.783451919Z 66 PC: 12c06 | Move file pointer (See above)
2018-12-25T11:58:23.784700349Z 64 PC: 12c12 | Write file or device (See above)
2018-12-25T11:58:23.793661053Z 87 PC: 12c1f | Get or set file date and time (See above)
2018-12-25T11:58:23.795508522Z 62 PC: 12c23 | Close file (See above)
2018-12-25T11:58:23.803913738Z 67 PC: 12c33 | Get or set file attributes (See above)
2018-12-25T11:58:23.814631983Z 79 PC: 12c5e | Find next file (See above)
2018-12-25T11:58:23.81756007Z 78 PC: 12ced | Find first file
2018-12-25T11:58:23.824592515Z 78 PC: 12ced | Find first file (See above)
2018-12-25T11:58:23.830800944Z 42 PC: 12c6f | Get date 0x12c6f: mov bl, al
0x12c71: cmp bl, 5
0x12c74: jne 0x12c7e
0x12c76: cmp dl, 0xd
0x12c79: je 0x12c8c
0x12c7b: jmp 0x12c86
0x12c7d: nop
0x12c7e: cmp bl, 0
0x12c81: jne 0x12c86
0x12c83: jmp 0x12c95
0x12c85: nop
0x12c86: call 0x12c9f
0x12c89: pop bx
0x12c8a: jmp bx
0x12c8c: call 0x12e3f
0x12c8f: call 0x12c9f
0x12c92: pop bx
0x12c93: int 0x20
0x12c95: call 0x12d7c
0x12c98: jmp 0x12c86

{"DateBased":true,"Day":13,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6060,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:58:24.303309006Z 48 PC: 12b57 | Get DOS version
2018-12-25T11:58:24.304449804Z 47 PC: 12b63 | Get disk transfer address
2018-12-25T11:58:24.306129428Z 26 PC: 12b71 | Set disk transfer address
2018-12-25T11:58:24.307276189Z 78 PC: 12c3f | Find first file
2018-12-25T11:58:24.313738658Z 47 PC: 12c48 | Get disk transfer address
2018-12-25T11:58:24.317605189Z 67 PC: 12ba9 | Get or set file attributes
2018-12-25T11:58:24.323782051Z 67 PC: 12bb5 | Get or set file attributes
2018-12-25T11:58:24.349069046Z 61 PC: 12bba | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:58:24.358247959Z 87 PC: 12bc1 | Get or set file date and time
2018-12-25T11:58:24.359598341Z 63 PC: 12bd5 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:58:24.366519222Z 66 PC: 12bf1 | Move file pointer
2018-12-25T11:58:24.368527797Z 64 PC: 12bfa | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:58:24.370709326Z 66 PC: 12c06 | Move file pointer
2018-12-25T11:58:24.372915664Z 64 PC: 12c12 | Write file or device (Write 1000 bytes on handle 5)
2018-12-25T11:58:24.383021695Z 87 PC: 12c1f | Get or set file date and time
2018-12-25T11:58:24.385045163Z 62 PC: 12c23 | Close file
2018-12-25T11:58:24.394144829Z 67 PC: 12c33 | Get or set file attributes
2018-12-25T11:58:24.405777576Z 79 PC: 12c5e | Find next file
2018-12-25T11:58:24.409709608Z 67 PC: 12ba9 | Get or set file attributes (See above)
2018-12-25T11:58:24.416032866Z 67 PC: 12bb5 | Get or set file attributes (See above)
2018-12-25T11:58:24.427445249Z 61 PC: 12bba | Open file (See above)
2018-12-25T11:58:24.435561307Z 87 PC: 12bc1 | Get or set file date and time (See above)
2018-12-25T11:58:24.437455692Z 63 PC: 12bd5 | Read file or device (See above)
2018-12-25T11:58:24.44511821Z 66 PC: 12bf1 | Move file pointer (See above)
2018-12-25T11:58:24.44790397Z 64 PC: 12bfa | Write file or device (See above)
2018-12-25T11:58:24.451409566Z 66 PC: 12c06 | Move file pointer (See above)
2018-12-25T11:58:24.453377881Z 64 PC: 12c12 | Write file or device (See above)
2018-12-25T11:58:24.464021116Z 87 PC: 12c1f | Get or set file date and time (See above)
2018-12-25T11:58:24.466004971Z 62 PC: 12c23 | Close file (See above)
2018-12-25T11:58:24.474776944Z 67 PC: 12c33 | Get or set file attributes (See above)
2018-12-25T11:58:24.486418275Z 79 PC: 12c5e | Find next file (See above)
2018-12-25T11:58:24.49025769Z 67 PC: 12ba9 | Get or set file attributes (See above)
2018-12-25T11:58:24.49653984Z 67 PC: 12bb5 | Get or set file attributes (See above)
2018-12-25T11:58:24.507895016Z 61 PC: 12bba | Open file (See above)
2018-12-25T11:58:24.515275091Z 87 PC: 12bc1 | Get or set file date and time (See above)
2018-12-25T11:58:24.516920108Z 63 PC: 12bd5 | Read file or device (See above)
2018-12-25T11:58:24.524706936Z 66 PC: 12bf1 | Move file pointer (See above)
2018-12-25T11:58:24.52731521Z 64 PC: 12bfa | Write file or device (See above)
2018-12-25T11:58:24.530630381Z 66 PC: 12c06 | Move file pointer (See above)
2018-12-25T11:58:24.532558982Z 64 PC: 12c12 | Write file or device (See above)
2018-12-25T11:58:24.5423286Z 87 PC: 12c1f | Get or set file date and time (See above)
2018-12-25T11:58:24.544035016Z 62 PC: 12c23 | Close file (See above)
2018-12-25T11:58:24.552727184Z 67 PC: 12c33 | Get or set file attributes (See above)
2018-12-25T11:58:24.564891364Z 79 PC: 12c5e | Find next file (See above)
2018-12-25T11:58:24.567949685Z 67 PC: 12ba9 | Get or set file attributes (See above)
2018-12-25T11:58:24.57434989Z 67 PC: 12bb5 | Get or set file attributes (See above)
2018-12-25T11:58:24.585910663Z 61 PC: 12bba | Open file (See above)
2018-12-25T11:58:24.593386325Z 87 PC: 12bc1 | Get or set file date and time (See above)
2018-12-25T11:58:24.595012449Z 63 PC: 12bd5 | Read file or device (See above)
2018-12-25T11:58:24.602793183Z 66 PC: 12bf1 | Move file pointer (See above)
2018-12-25T11:58:24.604495231Z 64 PC: 12bfa | Write file or device (See above)
2018-12-25T11:58:24.607602845Z 66 PC: 12c06 | Move file pointer (See above)
2018-12-25T11:58:24.609976934Z 64 PC: 12c12 | Write file or device (See above)
2018-12-25T11:58:24.619175948Z 87 PC: 12c1f | Get or set file date and time (See above)
2018-12-25T11:58:24.621614749Z 62 PC: 12c23 | Close file (See above)
2018-12-25T11:58:24.63047944Z 67 PC: 12c33 | Get or set file attributes (See above)
2018-12-25T11:58:24.642152596Z 79 PC: 12c5e | Find next file (See above)
2018-12-25T11:58:24.645145234Z 67 PC: 12ba9 | Get or set file attributes (See above)
2018-12-25T11:58:24.651672118Z 67 PC: 12bb5 | Get or set file attributes (See above)
2018-12-25T11:58:24.662847786Z 61 PC: 12bba | Open file (See above)
2018-12-25T11:58:24.670186196Z 87 PC: 12bc1 | Get or set file date and time (See above)
2018-12-25T11:58:24.671592869Z 63 PC: 12bd5 | Read file or device (See above)
2018-12-25T11:58:24.681049804Z 66 PC: 12bf1 | Move file pointer (See above)
2018-12-25T11:58:24.682965144Z 64 PC: 12bfa | Write file or device (See above)
2018-12-25T11:58:24.687071385Z 66 PC: 12c06 | Move file pointer (See above)
2018-12-25T11:58:24.689822512Z 64 PC: 12c12 | Write file or device (See above)
2018-12-25T11:58:24.698868464Z 87 PC: 12c1f | Get or set file date and time (See above)
2018-12-25T11:58:24.699969317Z 62 PC: 12c23 | Close file (See above)
2018-12-25T11:58:24.70553537Z 67 PC: 12c33 | Get or set file attributes (See above)
2018-12-25T11:58:24.711864467Z 79 PC: 12c5e | Find next file (See above)
2018-12-25T11:58:24.713646519Z 67 PC: 12ba9 | Get or set file attributes (See above)
2018-12-25T11:58:24.717735783Z 67 PC: 12bb5 | Get or set file attributes (See above)
2018-12-25T11:58:24.72406111Z 61 PC: 12bba | Open file (See above)
2018-12-25T11:58:24.731276561Z 87 PC: 12bc1 | Get or set file date and time (See above)
2018-12-25T11:58:24.732655168Z 63 PC: 12bd5 | Read file or device (See above)
2018-12-25T11:58:24.737079093Z 66 PC: 12bf1 | Move file pointer (See above)
2018-12-25T11:58:24.738105997Z 64 PC: 12bfa | Write file or device (See above)
2018-12-25T11:58:24.739937666Z 66 PC: 12c06 | Move file pointer (See above)
2018-12-25T11:58:24.741632358Z 64 PC: 12c12 | Write file or device (See above)
2018-12-25T11:58:24.747393757Z 87 PC: 12c1f | Get or set file date and time (See above)
2018-12-25T11:58:24.748412344Z 62 PC: 12c23 | Close file (See above)
2018-12-25T11:58:24.754663994Z 67 PC: 12c33 | Get or set file attributes (See above)
2018-12-25T11:58:24.765710994Z 79 PC: 12c5e | Find next file (See above)
2018-12-25T11:58:24.768546806Z 67 PC: 12ba9 | Get or set file attributes (See above)
2018-12-25T11:58:24.775508056Z 67 PC: 12bb5 | Get or set file attributes (See above)
2018-12-25T11:58:24.785969373Z 61 PC: 12bba | Open file (See above)
2018-12-25T11:58:24.79296178Z 87 PC: 12bc1 | Get or set file date and time (See above)
2018-12-25T11:58:24.794811202Z 63 PC: 12bd5 | Read file or device (See above)
2018-12-25T11:58:24.801661912Z 66 PC: 12bf1 | Move file pointer (See above)
2018-12-25T11:58:24.80297505Z 64 PC: 12bfa | Write file or device (See above)
2018-12-25T11:58:24.806534867Z 66 PC: 12c06 | Move file pointer (See above)
2018-12-25T11:58:24.807919141Z 64 PC: 12c12 | Write file or device (See above)
2018-12-25T11:58:24.817310764Z 87 PC: 12c1f | Get or set file date and time (See above)
2018-12-25T11:58:24.819428509Z 62 PC: 12c23 | Close file (See above)
2018-12-25T11:58:24.8278848Z 67 PC: 12c33 | Get or set file attributes (See above)
2018-12-25T11:58:24.845681123Z 79 PC: 12c5e | Find next file (See above)
2018-12-25T11:58:24.848850219Z 78 PC: 12ced | Find first file
2018-12-25T11:58:24.855708507Z 78 PC: 12ced | Find first file (See above)
2018-12-25T11:58:24.862102634Z 42 PC: 12c6f | Get date 0x12c6f: mov bl, al
0x12c71: cmp bl, 5
0x12c74: jne 0x12c7e
0x12c76: cmp dl, 0xd
0x12c79: je 0x12c8c
0x12c7b: jmp 0x12c86
0x12c7d: nop
0x12c7e: cmp bl, 0
0x12c81: jne 0x12c86
0x12c83: jmp 0x12c95
0x12c85: nop
0x12c86: call 0x12c9f
0x12c89: pop bx
0x12c8a: jmp bx
0x12c8c: call 0x12e3f
0x12c8f: call 0x12c9f
0x12c92: pop bx
0x12c93: int 0x20
0x12c95: call 0x12d7c
0x12c98: jmp 0x12c86
2018-12-25T11:58:24.864172204Z 2 PC: 12e4d | Character output (Char = '0a')
2018-12-25T11:58:24.867253004Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:24.86866428Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:24.870091129Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:24.872141097Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:24.874378448Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:24.876428077Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:24.879652807Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:24.881674515Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:24.883709721Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:24.886439321Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:24.889089445Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:24.891418539Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:24.894511018Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:24.896931129Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:24.899250443Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:24.902174337Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:24.90525005Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:24.909418242Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:24.912169821Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:24.9144837Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:24.920739941Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:24.925471775Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:24.927649661Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:24.929878292Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:24.933098844Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:24.935408734Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:24.937669568Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:24.940035192Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:24.942493845Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:24.94470727Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:24.949544554Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:24.952007335Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:24.954980232Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:24.957263327Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:24.959891901Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:24.963524326Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:24.965739067Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:24.968026733Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:24.97208052Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:24.974146405Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:24.977079254Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:24.979480551Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:24.981748088Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:24.984221244Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:24.986428941Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:24.989352532Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:24.992154191Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:24.994344634Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:24.996579763Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:24.999304859Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:25.001707957Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:25.003878707Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:25.006643563Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:25.008954991Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:25.011261415Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:25.014029166Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:25.016296969Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:25.018480363Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:25.021109822Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:25.023085984Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:25.02579205Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:25.030378028Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:25.032251896Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:25.034093044Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:25.036571919Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:25.038710308Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:25.040738334Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:25.043329885Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:25.045453212Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:25.047432159Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:25.051564955Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:25.054127827Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:25.056520332Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:25.059268004Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:25.061610591Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:25.063866113Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:25.066406569Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:25.068562501Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:25.0706833Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:25.073086003Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:25.07505451Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:25.077022757Z 2 PC: 12e4d | Character output (See above)
2018-12-25T11:58:25.080342622Z 2 PC: 12e4d | Character output (See above)