Sample viewer

vx.netlux.org/Virus.DOS.Lct.609

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:42:00.822868256Z 42 PC: 12a6d | Get date 0x12a6d: cmp dh, 0xc
0x12a70: jne 0x12a7a
0x12a72: cmp dl, 0x19
0x12a75: jne 0x12a7a
0x12a77: jmp 0x12c52
0x12a7a: cmp dh, 4
0x12a7d: jne 0x12a87
0x12a7f: cmp dl, 1
0x12a82: jne 0x12a87
0x12a84: jmp 0x12c54
0x12a87: call 0x12c32
0x12a8a: call 0x12c1f
0x12a8d: mov si, bp
0x12a8f: add si, 0x247
0x12a93: lodsw ax, word ptr [si]
0x12a94: cmp ax, 5
0x12a97: ja 0x12a9c
0x12a99: jmp 0x12af3
0x12a9c: call 0x12c06
0x12a9f: mov bx, ax
2018-12-17T22:42:00.826165123Z 26 PC: 12c3c | Set disk transfer address
2018-12-17T22:42:00.827903939Z 78 PC: 12c2c | Find first file
2018-12-17T22:42:00.835013172Z 61 PC: 12c11 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:42:00.847824987Z 87 PC: 12bf4 | Get or set file date and time
2018-12-17T22:42:00.849622991Z 63 PC: 12ab3 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:42:00.856956591Z 66 PC: 12abd | Move file pointer
2018-12-17T22:42:00.859073798Z 64 PC: 12b16 | Write file or device (Write 609 bytes on handle 5)
2018-12-17T22:42:01.129916816Z 66 PC: 12b20 | Move file pointer
2018-12-17T22:42:01.131778505Z 64 PC: 12b2e | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:42:01.139925104Z 87 PC: 12bef | Get or set file date and time
2018-12-17T22:42:01.143264765Z 62 PC: 12b38 | Close file
2018-12-17T22:42:01.152519862Z 79 PC: 12afa | Find next file
2018-12-17T22:42:01.1557904Z 61 PC: 12c11 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:42:01.164371556Z 87 PC: 12bf4 | Get or set file date and time
2018-12-17T22:42:01.166358738Z 63 PC: 12ab3 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:42:01.173876488Z 66 PC: 12abd | Move file pointer
2018-12-17T22:42:01.176627914Z 64 PC: 12b16 | Write file or device (Write 609 bytes on handle 5)
2018-12-17T22:42:01.185864115Z 66 PC: 12b20 | Move file pointer
2018-12-17T22:42:01.187763286Z 64 PC: 12b2e | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:42:01.195712257Z 87 PC: 12bef | Get or set file date and time
2018-12-17T22:42:01.198326792Z 62 PC: 12b38 | Close file
2018-12-17T22:42:01.211133821Z 79 PC: 12afa | Find next file
2018-12-17T22:42:01.214460634Z 61 PC: 12c11 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:42:01.223299201Z 87 PC: 12bf4 | Get or set file date and time
2018-12-17T22:42:01.225224908Z 63 PC: 12ab3 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:42:01.232669788Z 66 PC: 12abd | Move file pointer
2018-12-17T22:42:01.250287547Z 64 PC: 12b16 | Write file or device (Write 609 bytes on handle 5)
2018-12-17T22:42:01.259688353Z 66 PC: 12b20 | Move file pointer
2018-12-17T22:42:01.261650688Z 64 PC: 12b2e | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:42:01.270594385Z 87 PC: 12bef | Get or set file date and time
2018-12-17T22:42:01.272782401Z 62 PC: 12b38 | Close file
2018-12-17T22:42:01.282060831Z 79 PC: 12afa | Find next file
2018-12-17T22:42:01.286598863Z 61 PC: 12c11 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:42:01.295479381Z 87 PC: 12bf4 | Get or set file date and time
2018-12-17T22:42:01.298232453Z 63 PC: 12ab3 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:42:01.306554166Z 66 PC: 12abd | Move file pointer
2018-12-17T22:42:01.309014087Z 64 PC: 12b16 | Write file or device (Write 609 bytes on handle 5)
2018-12-17T22:42:01.318172172Z 66 PC: 12b20 | Move file pointer
2018-12-17T22:42:01.320161795Z 64 PC: 12b2e | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:42:01.328344451Z 87 PC: 12bef | Get or set file date and time
2018-12-17T22:42:01.330504194Z 62 PC: 12b38 | Close file
2018-12-17T22:42:01.339796287Z 79 PC: 12afa | Find next file
2018-12-17T22:42:01.344161736Z 61 PC: 12c11 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:42:01.351703209Z 87 PC: 12bf4 | Get or set file date and time
2018-12-17T22:42:01.353664292Z 63 PC: 12ab3 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:42:01.362265473Z 66 PC: 12abd | Move file pointer
2018-12-17T22:42:01.364686441Z 64 PC: 12b16 | Write file or device (Write 609 bytes on handle 5)
2018-12-17T22:42:01.373536001Z 66 PC: 12b20 | Move file pointer
2018-12-17T22:42:01.375836769Z 64 PC: 12b2e | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:42:01.383158762Z 87 PC: 12bef | Get or set file date and time
2018-12-17T22:42:01.384917115Z 62 PC: 12b38 | Close file
2018-12-17T22:42:01.39530437Z 79 PC: 12afa | Find next file
2018-12-17T22:42:01.398678656Z 61 PC: 12c11 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:42:01.406222163Z 87 PC: 12bf4 | Get or set file date and time
2018-12-17T22:42:01.408261731Z 63 PC: 12ab3 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:42:01.415871681Z 66 PC: 12abd | Move file pointer
2018-12-17T22:42:01.417774607Z 64 PC: 12b16 | Write file or device (Write 609 bytes on handle 5)
2018-12-17T22:42:01.428337626Z 66 PC: 12b20 | Move file pointer
2018-12-17T22:42:01.431018695Z 64 PC: 12b2e | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:42:01.438369569Z 87 PC: 12bef | Get or set file date and time
2018-12-17T22:42:01.440033904Z 62 PC: 12b38 | Close file
2018-12-17T22:42:01.450110912Z 79 PC: 12afa | Find next file
2018-12-17T22:42:01.453204196Z 61 PC: 12c11 | Open file (Filename = 'PAH.COM')
2018-12-17T22:42:01.460950685Z 87 PC: 12bf4 | Get or set file date and time
2018-12-17T22:42:01.463152Z 63 PC: 12ab3 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:42:01.470309873Z 66 PC: 12abd | Move file pointer
2018-12-17T22:42:01.472006989Z 64 PC: 12b16 | Write file or device (Write 609 bytes on handle 5)
2018-12-17T22:42:01.481954077Z 66 PC: 12b20 | Move file pointer
2018-12-17T22:42:01.48385718Z 64 PC: 12b2e | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:42:01.492823788Z 87 PC: 12bef | Get or set file date and time
2018-12-17T22:42:01.494783223Z 62 PC: 12b38 | Close file
2018-12-17T22:42:01.504673715Z 79 PC: 12afa | Find next file
2018-12-17T22:42:01.50795907Z 61 PC: 12c11 | Open file (Filename = 'TEST.COM')
2018-12-17T22:42:01.516137331Z 87 PC: 12bf4 | Get or set file date and time
2018-12-17T22:42:01.518549544Z 63 PC: 12ab3 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:42:01.521767817Z 66 PC: 12abd | Move file pointer
2018-12-17T22:42:01.523625537Z 64 PC: 12b16 | Write file or device (Write 609 bytes on handle 5)
2018-12-17T22:42:01.533924976Z 66 PC: 12b20 | Move file pointer
2018-12-17T22:42:01.535722636Z 64 PC: 12b2e | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:42:01.539086048Z 87 PC: 12bef | Get or set file date and time
2018-12-17T22:42:01.541650523Z 62 PC: 12b38 | Close file
2018-12-17T22:42:01.550599038Z 79 PC: 12afa | Find next file

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7415,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:01:30.982918642Z 42 PC: 12a6d | Get date 0x12a6d: cmp dh, 0xc
0x12a70: jne 0x12a7a
0x12a72: cmp dl, 0x19
0x12a75: jne 0x12a7a
0x12a77: jmp 0x12c52
0x12a7a: cmp dh, 4
0x12a7d: jne 0x12a87
0x12a7f: cmp dl, 1
0x12a82: jne 0x12a87
0x12a84: jmp 0x12c54
0x12a87: call 0x12c32
0x12a8a: call 0x12c1f
0x12a8d: mov si, bp
0x12a8f: add si, 0x247
0x12a93: lodsw ax, word ptr [si]
0x12a94: cmp ax, 5
0x12a97: ja 0x12a9c
0x12a99: jmp 0x12af3
0x12a9c: call 0x12c06
0x12a9f: mov bx, ax
2018-12-25T12:01:30.985202192Z 26 PC: 12c3c | Set disk transfer address
2018-12-25T12:01:30.986500036Z 78 PC: 12c2c | Find first file
2018-12-25T12:01:30.990423942Z 61 PC: 12c11 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:01:30.998090881Z 87 PC: 12bf4 | Get or set file date and time
2018-12-25T12:01:30.99980338Z 63 PC: 12ab3 | Read file or device (Read 5 bytes on handle 5)
2018-12-25T12:01:31.004484082Z 66 PC: 12abd | Move file pointer
2018-12-25T12:01:31.005692131Z 64 PC: 12b16 | Write file or device (Write 609 bytes on handle 5)
2018-12-25T12:01:31.01834818Z 66 PC: 12b20 | Move file pointer
2018-12-25T12:01:31.019986041Z 64 PC: 12b2e | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:01:31.025038529Z 87 PC: 12bef | Get or set file date and time
2018-12-25T12:01:31.029274151Z 62 PC: 12b38 | Close file
2018-12-25T12:01:31.037921243Z 79 PC: 12afa | Find next file
2018-12-25T12:01:31.039902887Z 61 PC: 12c11 | Open file (See above)
2018-12-25T12:01:31.047451639Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T12:01:31.049853128Z 63 PC: 12ab3 | Read file or device (See above)
2018-12-25T12:01:31.06532459Z 66 PC: 12abd | Move file pointer (See above)
2018-12-25T12:01:31.067764477Z 64 PC: 12b16 | Write file or device (See above)
2018-12-25T12:01:31.077698016Z 66 PC: 12b20 | Move file pointer (See above)
2018-12-25T12:01:31.079272535Z 64 PC: 12b2e | Write file or device (See above)
2018-12-25T12:01:31.084365941Z 87 PC: 12bef | Get or set file date and time (See above)
2018-12-25T12:01:31.093237286Z 62 PC: 12b38 | Close file (See above)
2018-12-25T12:01:31.103147115Z 79 PC: 12afa | Find next file (See above)
2018-12-25T12:01:31.107120784Z 61 PC: 12c11 | Open file (See above)
2018-12-25T12:01:31.114882341Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T12:01:31.11672285Z 63 PC: 12ab3 | Read file or device (See above)
2018-12-25T12:01:31.124605687Z 66 PC: 12abd | Move file pointer (See above)
2018-12-25T12:01:31.127460858Z 64 PC: 12b16 | Write file or device (See above)
2018-12-25T12:01:31.13633519Z 66 PC: 12b20 | Move file pointer (See above)
2018-12-25T12:01:31.138350894Z 64 PC: 12b2e | Write file or device (See above)
2018-12-25T12:01:31.146639286Z 87 PC: 12bef | Get or set file date and time (See above)
2018-12-25T12:01:31.149310316Z 62 PC: 12b38 | Close file (See above)
2018-12-25T12:01:31.158262666Z 79 PC: 12afa | Find next file (See above)
2018-12-25T12:01:31.162396523Z 61 PC: 12c11 | Open file (See above)
2018-12-25T12:01:31.169981373Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T12:01:31.17192944Z 63 PC: 12ab3 | Read file or device (See above)
2018-12-25T12:01:31.180365053Z 66 PC: 12abd | Move file pointer (See above)
2018-12-25T12:01:31.182766416Z 64 PC: 12b16 | Write file or device (See above)
2018-12-25T12:01:31.192158199Z 66 PC: 12b20 | Move file pointer (See above)
2018-12-25T12:01:31.194050141Z 64 PC: 12b2e | Write file or device (See above)
2018-12-25T12:01:31.202626219Z 87 PC: 12bef | Get or set file date and time (See above)
2018-12-25T12:01:31.205020664Z 62 PC: 12b38 | Close file (See above)
2018-12-25T12:01:31.214313687Z 79 PC: 12afa | Find next file (See above)
2018-12-25T12:01:31.21823723Z 61 PC: 12c11 | Open file (See above)
2018-12-25T12:01:31.226066806Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T12:01:31.228141256Z 63 PC: 12ab3 | Read file or device (See above)
2018-12-25T12:01:31.236861151Z 66 PC: 12abd | Move file pointer (See above)
2018-12-25T12:01:31.238642214Z 64 PC: 12b16 | Write file or device (See above)
2018-12-25T12:01:31.248433044Z 66 PC: 12b20 | Move file pointer (See above)
2018-12-25T12:01:31.251099109Z 64 PC: 12b2e | Write file or device (See above)
2018-12-25T12:01:31.258776982Z 87 PC: 12bef | Get or set file date and time (See above)
2018-12-25T12:01:31.261405037Z 62 PC: 12b38 | Close file (See above)
2018-12-25T12:01:31.272111578Z 79 PC: 12afa | Find next file (See above)
2018-12-25T12:01:31.275807121Z 61 PC: 12c11 | Open file (See above)
2018-12-25T12:01:31.283668478Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T12:01:31.285985551Z 63 PC: 12ab3 | Read file or device (See above)
2018-12-25T12:01:31.293797379Z 66 PC: 12abd | Move file pointer (See above)
2018-12-25T12:01:31.295672521Z 64 PC: 12b16 | Write file or device (See above)
2018-12-25T12:01:31.30546091Z 66 PC: 12b20 | Move file pointer (See above)
2018-12-25T12:01:31.307699144Z 64 PC: 12b2e | Write file or device (See above)
2018-12-25T12:01:31.316004221Z 87 PC: 12bef | Get or set file date and time (See above)
2018-12-25T12:01:31.318284285Z 62 PC: 12b38 | Close file (See above)
2018-12-25T12:01:31.335688442Z 79 PC: 12afa | Find next file (See above)
2018-12-25T12:01:31.338669533Z 61 PC: 12c11 | Open file (See above)
2018-12-25T12:01:31.346095511Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T12:01:31.349332107Z 63 PC: 12ab3 | Read file or device (See above)
2018-12-25T12:01:31.35667344Z 66 PC: 12abd | Move file pointer (See above)
2018-12-25T12:01:31.358339452Z 64 PC: 12b16 | Write file or device (See above)
2018-12-25T12:01:31.368315597Z 66 PC: 12b20 | Move file pointer (See above)
2018-12-25T12:01:31.369883269Z 64 PC: 12b2e | Write file or device (See above)
2018-12-25T12:01:31.377318767Z 87 PC: 12bef | Get or set file date and time (See above)
2018-12-25T12:01:31.379369454Z 62 PC: 12b38 | Close file (See above)
2018-12-25T12:01:31.389228457Z 79 PC: 12afa | Find next file (See above)
2018-12-25T12:01:31.392457763Z 61 PC: 12c11 | Open file (See above)
2018-12-25T12:01:31.400490482Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T12:01:31.403284366Z 63 PC: 12ab3 | Read file or device (See above)
2018-12-25T12:01:31.406584017Z 66 PC: 12abd | Move file pointer (See above)
2018-12-25T12:01:31.40878002Z 64 PC: 12b16 | Write file or device (See above)
2018-12-25T12:01:31.419218658Z 66 PC: 12b20 | Move file pointer (See above)
2018-12-25T12:01:31.420870709Z 64 PC: 12b2e | Write file or device (See above)
2018-12-25T12:01:31.424228606Z 87 PC: 12bef | Get or set file date and time (See above)
2018-12-25T12:01:31.426916368Z 62 PC: 12b38 | Close file (See above)
2018-12-25T12:01:31.435919056Z 79 PC: 12afa | Find next file (See above)

{"DateBased":true,"Day":1,"Month":4,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7415,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:01:31.12252512Z 42 PC: 12a6d | Get date 0x12a6d: cmp dh, 0xc
0x12a70: jne 0x12a7a
0x12a72: cmp dl, 0x19
0x12a75: jne 0x12a7a
0x12a77: jmp 0x12c52
0x12a7a: cmp dh, 4
0x12a7d: jne 0x12a87
0x12a7f: cmp dl, 1
0x12a82: jne 0x12a87
0x12a84: jmp 0x12c54
0x12a87: call 0x12c32
0x12a8a: call 0x12c1f
0x12a8d: mov si, bp
0x12a8f: add si, 0x247
0x12a93: lodsw ax, word ptr [si]
0x12a94: cmp ax, 5
0x12a97: ja 0x12a9c
0x12a99: jmp 0x12af3
0x12a9c: call 0x12c06
0x12a9f: mov bx, ax
2018-12-25T12:01:31.125792051Z 65 PC: 12c5b | Delete file (Filename = 'A:\TEST.COM')

{"DateBased":true,"Day":2,"Month":4,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7415,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:01:31.838627825Z 42 PC: 12a6d | Get date 0x12a6d: cmp dh, 0xc
0x12a70: jne 0x12a7a
0x12a72: cmp dl, 0x19
0x12a75: jne 0x12a7a
0x12a77: jmp 0x12c52
0x12a7a: cmp dh, 4
0x12a7d: jne 0x12a87
0x12a7f: cmp dl, 1
0x12a82: jne 0x12a87
0x12a84: jmp 0x12c54
0x12a87: call 0x12c32
0x12a8a: call 0x12c1f
0x12a8d: mov si, bp
0x12a8f: add si, 0x247
0x12a93: lodsw ax, word ptr [si]
0x12a94: cmp ax, 5
0x12a97: ja 0x12a9c
0x12a99: jmp 0x12af3
0x12a9c: call 0x12c06
0x12a9f: mov bx, ax
2018-12-25T12:01:31.841500906Z 26 PC: 12c3c | Set disk transfer address
2018-12-25T12:01:31.843044439Z 78 PC: 12c2c | Find first file
2018-12-25T12:01:31.850381586Z 61 PC: 12c11 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:01:31.857359993Z 87 PC: 12bf4 | Get or set file date and time
2018-12-25T12:01:31.859092141Z 63 PC: 12ab3 | Read file or device (Read 5 bytes on handle 5)
2018-12-25T12:01:31.865961246Z 66 PC: 12abd | Move file pointer
2018-12-25T12:01:31.867432377Z 64 PC: 12b16 | Write file or device (Write 609 bytes on handle 5)
2018-12-25T12:01:31.883898057Z 66 PC: 12b20 | Move file pointer
2018-12-25T12:01:31.885354766Z 64 PC: 12b2e | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:01:31.892505024Z 87 PC: 12bef | Get or set file date and time
2018-12-25T12:01:31.894592367Z 62 PC: 12b38 | Close file
2018-12-25T12:01:31.902925041Z 79 PC: 12afa | Find next file
2018-12-25T12:01:31.905689716Z 61 PC: 12c11 | Open file (See above)
2018-12-25T12:01:31.913159312Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T12:01:31.914599852Z 63 PC: 12ab3 | Read file or device (See above)
2018-12-25T12:01:31.921978812Z 66 PC: 12abd | Move file pointer (See above)
2018-12-25T12:01:31.923958205Z 64 PC: 12b16 | Write file or device (See above)
2018-12-25T12:01:31.932670954Z 66 PC: 12b20 | Move file pointer (See above)
2018-12-25T12:01:31.934255379Z 64 PC: 12b2e | Write file or device (See above)
2018-12-25T12:01:31.941713413Z 87 PC: 12bef | Get or set file date and time (See above)
2018-12-25T12:01:31.943287741Z 62 PC: 12b38 | Close file (See above)
2018-12-25T12:01:31.951964626Z 79 PC: 12afa | Find next file (See above)
2018-12-25T12:01:31.95481633Z 61 PC: 12c11 | Open file (See above)
2018-12-25T12:01:31.961957057Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T12:01:31.96340001Z 63 PC: 12ab3 | Read file or device (See above)
2018-12-25T12:01:31.970441589Z 66 PC: 12abd | Move file pointer (See above)
2018-12-25T12:01:31.972366317Z 64 PC: 12b16 | Write file or device (See above)
2018-12-25T12:01:31.981553597Z 66 PC: 12b20 | Move file pointer (See above)
2018-12-25T12:01:31.982979073Z 64 PC: 12b2e | Write file or device (See above)
2018-12-25T12:01:31.990481633Z 87 PC: 12bef | Get or set file date and time (See above)
2018-12-25T12:01:31.991989574Z 62 PC: 12b38 | Close file (See above)
2018-12-25T12:01:32.000523721Z 79 PC: 12afa | Find next file (See above)
2018-12-25T12:01:32.00379776Z 61 PC: 12c11 | Open file (See above)
2018-12-25T12:01:32.01111779Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T12:01:32.012829186Z 63 PC: 12ab3 | Read file or device (See above)
2018-12-25T12:01:32.020550071Z 66 PC: 12abd | Move file pointer (See above)
2018-12-25T12:01:32.022673361Z 64 PC: 12b16 | Write file or device (See above)
2018-12-25T12:01:32.031345296Z 66 PC: 12b20 | Move file pointer (See above)
2018-12-25T12:01:32.033472482Z 64 PC: 12b2e | Write file or device (See above)
2018-12-25T12:01:32.041108828Z 87 PC: 12bef | Get or set file date and time (See above)
2018-12-25T12:01:32.043224248Z 62 PC: 12b38 | Close file (See above)
2018-12-25T12:01:32.054032731Z 79 PC: 12afa | Find next file (See above)
2018-12-25T12:01:32.057480533Z 61 PC: 12c11 | Open file (See above)
2018-12-25T12:01:32.064983884Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T12:01:32.066886024Z 63 PC: 12ab3 | Read file or device (See above)
2018-12-25T12:01:32.076179212Z 66 PC: 12abd | Move file pointer (See above)
2018-12-25T12:01:32.078221581Z 64 PC: 12b16 | Write file or device (See above)
2018-12-25T12:01:32.087328094Z 66 PC: 12b20 | Move file pointer (See above)
2018-12-25T12:01:32.089821553Z 64 PC: 12b2e | Write file or device (See above)
2018-12-25T12:01:32.097575351Z 87 PC: 12bef | Get or set file date and time (See above)
2018-12-25T12:01:32.099639414Z 62 PC: 12b38 | Close file (See above)
2018-12-25T12:01:32.109444389Z 79 PC: 12afa | Find next file (See above)
2018-12-25T12:01:32.113537863Z 61 PC: 12c11 | Open file (See above)
2018-12-25T12:01:32.121201883Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T12:01:32.123952041Z 63 PC: 12ab3 | Read file or device (See above)
2018-12-25T12:01:32.131180906Z 66 PC: 12abd | Move file pointer (See above)
2018-12-25T12:01:32.133132505Z 64 PC: 12b16 | Write file or device (See above)
2018-12-25T12:01:32.143632984Z 66 PC: 12b20 | Move file pointer (See above)
2018-12-25T12:01:32.145210916Z 64 PC: 12b2e | Write file or device (See above)
2018-12-25T12:01:32.152586657Z 87 PC: 12bef | Get or set file date and time (See above)
2018-12-25T12:01:32.154160453Z 62 PC: 12b38 | Close file (See above)
2018-12-25T12:01:32.163754957Z 79 PC: 12afa | Find next file (See above)
2018-12-25T12:01:32.166712649Z 61 PC: 12c11 | Open file (See above)
2018-12-25T12:01:32.175458334Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T12:01:32.178673965Z 63 PC: 12ab3 | Read file or device (See above)
2018-12-25T12:01:32.18590426Z 66 PC: 12abd | Move file pointer (See above)
2018-12-25T12:01:32.187601067Z 64 PC: 12b16 | Write file or device (See above)
2018-12-25T12:01:32.197562259Z 66 PC: 12b20 | Move file pointer (See above)
2018-12-25T12:01:32.199066528Z 64 PC: 12b2e | Write file or device (See above)
2018-12-25T12:01:32.206393356Z 87 PC: 12bef | Get or set file date and time (See above)
2018-12-25T12:01:32.208447463Z 62 PC: 12b38 | Close file (See above)
2018-12-25T12:01:32.217011335Z 79 PC: 12afa | Find next file (See above)
2018-12-25T12:01:32.219898025Z 61 PC: 12c11 | Open file (See above)
2018-12-25T12:01:32.230055654Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T12:01:32.231572589Z 63 PC: 12ab3 | Read file or device (See above)
2018-12-25T12:01:32.234837519Z 66 PC: 12abd | Move file pointer (See above)
2018-12-25T12:01:32.237832553Z 64 PC: 12b16 | Write file or device (See above)
2018-12-25T12:01:32.247706947Z 66 PC: 12b20 | Move file pointer (See above)
2018-12-25T12:01:32.249334692Z 64 PC: 12b2e | Write file or device (See above)
2018-12-25T12:01:32.251453331Z 87 PC: 12bef | Get or set file date and time (See above)
2018-12-25T12:01:32.253243702Z 62 PC: 12b38 | Close file (See above)
2018-12-25T12:01:32.259397804Z 79 PC: 12afa | Find next file (See above)

{"DateBased":true,"Day":1,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7415,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:01:32.272968876Z 42 PC: 12a6d | Get date 0x12a6d: cmp dh, 0xc
0x12a70: jne 0x12a7a
0x12a72: cmp dl, 0x19
0x12a75: jne 0x12a7a
0x12a77: jmp 0x12c52
0x12a7a: cmp dh, 4
0x12a7d: jne 0x12a87
0x12a7f: cmp dl, 1
0x12a82: jne 0x12a87
0x12a84: jmp 0x12c54
0x12a87: call 0x12c32
0x12a8a: call 0x12c1f
0x12a8d: mov si, bp
0x12a8f: add si, 0x247
0x12a93: lodsw ax, word ptr [si]
0x12a94: cmp ax, 5
0x12a97: ja 0x12a9c
0x12a99: jmp 0x12af3
0x12a9c: call 0x12c06
0x12a9f: mov bx, ax
2018-12-25T12:01:32.276289821Z 26 PC: 12c3c | Set disk transfer address
2018-12-25T12:01:32.277645143Z 78 PC: 12c2c | Find first file
2018-12-25T12:01:32.285226497Z 61 PC: 12c11 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:01:32.293881327Z 87 PC: 12bf4 | Get or set file date and time
2018-12-25T12:01:32.295829949Z 63 PC: 12ab3 | Read file or device (Read 5 bytes on handle 5)
2018-12-25T12:01:32.303797022Z 66 PC: 12abd | Move file pointer
2018-12-25T12:01:32.305502281Z 64 PC: 12b16 | Write file or device (Write 609 bytes on handle 5)
2018-12-25T12:01:32.322172991Z 66 PC: 12b20 | Move file pointer
2018-12-25T12:01:32.32409251Z 64 PC: 12b2e | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:01:32.332300467Z 87 PC: 12bef | Get or set file date and time
2018-12-25T12:01:32.335438003Z 62 PC: 12b38 | Close file
2018-12-25T12:01:32.346181596Z 79 PC: 12afa | Find next file
2018-12-25T12:01:32.34961118Z 61 PC: 12c11 | Open file (See above)
2018-12-25T12:01:32.358108878Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T12:01:32.360226272Z 63 PC: 12ab3 | Read file or device (See above)
2018-12-25T12:01:32.368201653Z 66 PC: 12abd | Move file pointer (See above)
2018-12-25T12:01:32.370974396Z 64 PC: 12b16 | Write file or device (See above)
2018-12-25T12:01:32.380222644Z 66 PC: 12b20 | Move file pointer (See above)
2018-12-25T12:01:32.381599031Z 64 PC: 12b2e | Write file or device (See above)
2018-12-25T12:01:32.389446459Z 87 PC: 12bef | Get or set file date and time (See above)
2018-12-25T12:01:32.391848503Z 62 PC: 12b38 | Close file (See above)
2018-12-25T12:01:32.400474107Z 79 PC: 12afa | Find next file (See above)
2018-12-25T12:01:32.403581568Z 61 PC: 12c11 | Open file (See above)
2018-12-25T12:01:32.408543501Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T12:01:32.410034416Z 63 PC: 12ab3 | Read file or device (See above)
2018-12-25T12:01:32.414541088Z 66 PC: 12abd | Move file pointer (See above)
2018-12-25T12:01:32.416985661Z 64 PC: 12b16 | Write file or device (See above)
2018-12-25T12:01:32.422126378Z 66 PC: 12b20 | Move file pointer (See above)
2018-12-25T12:01:32.423190249Z 64 PC: 12b2e | Write file or device (See above)
2018-12-25T12:01:32.42806681Z 87 PC: 12bef | Get or set file date and time (See above)
2018-12-25T12:01:32.429634693Z 62 PC: 12b38 | Close file (See above)
2018-12-25T12:01:32.435309543Z 79 PC: 12afa | Find next file (See above)
2018-12-25T12:01:32.438180046Z 61 PC: 12c11 | Open file (See above)
2018-12-25T12:01:32.444396967Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T12:01:32.445885778Z 63 PC: 12ab3 | Read file or device (See above)
2018-12-25T12:01:32.451666354Z 66 PC: 12abd | Move file pointer (See above)
2018-12-25T12:01:32.45306802Z 64 PC: 12b16 | Write file or device (See above)
2018-12-25T12:01:32.458634018Z 66 PC: 12b20 | Move file pointer (See above)
2018-12-25T12:01:32.460475057Z 64 PC: 12b2e | Write file or device (See above)
2018-12-25T12:01:32.465499111Z 87 PC: 12bef | Get or set file date and time (See above)
2018-12-25T12:01:32.466784633Z 62 PC: 12b38 | Close file (See above)
2018-12-25T12:01:32.476502556Z 79 PC: 12afa | Find next file (See above)
2018-12-25T12:01:32.479431647Z 61 PC: 12c11 | Open file (See above)
2018-12-25T12:01:32.486698345Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T12:01:32.488735484Z 63 PC: 12ab3 | Read file or device (See above)
2018-12-25T12:01:32.495731744Z 66 PC: 12abd | Move file pointer (See above)
2018-12-25T12:01:32.497403625Z 64 PC: 12b16 | Write file or device (See above)
2018-12-25T12:01:32.50622469Z 66 PC: 12b20 | Move file pointer (See above)
2018-12-25T12:01:32.507631504Z 64 PC: 12b2e | Write file or device (See above)
2018-12-25T12:01:32.511986631Z 87 PC: 12bef | Get or set file date and time (See above)
2018-12-25T12:01:32.513719995Z 62 PC: 12b38 | Close file (See above)
2018-12-25T12:01:32.519673423Z 79 PC: 12afa | Find next file (See above)
2018-12-25T12:01:32.52159057Z 61 PC: 12c11 | Open file (See above)
2018-12-25T12:01:32.525740705Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T12:01:32.527466139Z 63 PC: 12ab3 | Read file or device (See above)
2018-12-25T12:01:32.531910355Z 66 PC: 12abd | Move file pointer (See above)
2018-12-25T12:01:32.533065878Z 64 PC: 12b16 | Write file or device (See above)
2018-12-25T12:01:32.539524882Z 66 PC: 12b20 | Move file pointer (See above)
2018-12-25T12:01:32.540801548Z 64 PC: 12b2e | Write file or device (See above)
2018-12-25T12:01:32.545081559Z 87 PC: 12bef | Get or set file date and time (See above)
2018-12-25T12:01:32.546699408Z 62 PC: 12b38 | Close file (See above)
2018-12-25T12:01:32.55226065Z 79 PC: 12afa | Find next file (See above)
2018-12-25T12:01:32.555070497Z 61 PC: 12c11 | Open file (See above)
2018-12-25T12:01:32.559855348Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T12:01:32.561484271Z 63 PC: 12ab3 | Read file or device (See above)
2018-12-25T12:01:32.568414794Z 66 PC: 12abd | Move file pointer (See above)
2018-12-25T12:01:32.569808685Z 64 PC: 12b16 | Write file or device (See above)
2018-12-25T12:01:32.578870382Z 66 PC: 12b20 | Move file pointer (See above)
2018-12-25T12:01:32.580321809Z 64 PC: 12b2e | Write file or device (See above)
2018-12-25T12:01:32.587468705Z 87 PC: 12bef | Get or set file date and time (See above)
2018-12-25T12:01:32.592661913Z 62 PC: 12b38 | Close file (See above)
2018-12-25T12:01:32.601812378Z 79 PC: 12afa | Find next file (See above)
2018-12-25T12:01:32.604420438Z 61 PC: 12c11 | Open file (See above)
2018-12-25T12:01:32.612172597Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T12:01:32.61539632Z 63 PC: 12ab3 | Read file or device (See above)
2018-12-25T12:01:32.618600292Z 66 PC: 12abd | Move file pointer (See above)
2018-12-25T12:01:32.621325323Z 64 PC: 12b16 | Write file or device (See above)
2018-12-25T12:01:32.79289229Z 66 PC: 12b20 | Move file pointer (See above)
2018-12-25T12:01:32.794931104Z 64 PC: 12b2e | Write file or device (See above)
2018-12-25T12:01:32.799646263Z 87 PC: 12bef | Get or set file date and time (See above)
2018-12-25T12:01:32.802302841Z 62 PC: 12b38 | Close file (See above)
2018-12-25T12:01:32.854185672Z 79 PC: 12afa | Find next file (See above)

{"DateBased":true,"Day":25,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7415,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:01:32.957386033Z 42 PC: 12a6d | Get date 0x12a6d: cmp dh, 0xc
0x12a70: jne 0x12a7a
0x12a72: cmp dl, 0x19
0x12a75: jne 0x12a7a
0x12a77: jmp 0x12c52
0x12a7a: cmp dh, 4
0x12a7d: jne 0x12a87
0x12a7f: cmp dl, 1
0x12a82: jne 0x12a87
0x12a84: jmp 0x12c54
0x12a87: call 0x12c32
0x12a8a: call 0x12c1f
0x12a8d: mov si, bp
0x12a8f: add si, 0x247
0x12a93: lodsw ax, word ptr [si]
0x12a94: cmp ax, 5
0x12a97: ja 0x12a9c
0x12a99: jmp 0x12af3
0x12a9c: call 0x12c06
0x12a9f: mov bx, ax

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7415,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:01:33.474043624Z 42 PC: 12a6d | Get date 0x12a6d: cmp dh, 0xc
0x12a70: jne 0x12a7a
0x12a72: cmp dl, 0x19
0x12a75: jne 0x12a7a
0x12a77: jmp 0x12c52
0x12a7a: cmp dh, 4
0x12a7d: jne 0x12a87
0x12a7f: cmp dl, 1
0x12a82: jne 0x12a87
0x12a84: jmp 0x12c54
0x12a87: call 0x12c32
0x12a8a: call 0x12c1f
0x12a8d: mov si, bp
0x12a8f: add si, 0x247
0x12a93: lodsw ax, word ptr [si]
0x12a94: cmp ax, 5
0x12a97: ja 0x12a9c
0x12a99: jmp 0x12af3
0x12a9c: call 0x12c06
0x12a9f: mov bx, ax
2018-12-25T12:01:33.476682843Z 26 PC: 12c3c | Set disk transfer address
2018-12-25T12:01:33.477650466Z 78 PC: 12c2c | Find first file
2018-12-25T12:01:33.483326657Z 61 PC: 12c11 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:01:33.490011889Z 87 PC: 12bf4 | Get or set file date and time
2018-12-25T12:01:33.491557604Z 63 PC: 12ab3 | Read file or device (Read 5 bytes on handle 5)
2018-12-25T12:01:33.497550302Z 66 PC: 12abd | Move file pointer
2018-12-25T12:01:33.49928669Z 64 PC: 12b16 | Write file or device (Write 609 bytes on handle 5)
2018-12-25T12:01:33.5092714Z 66 PC: 12b20 | Move file pointer
2018-12-25T12:01:33.510525307Z 64 PC: 12b2e | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:01:33.517375487Z 87 PC: 12bef | Get or set file date and time
2018-12-25T12:01:33.519389308Z 62 PC: 12b38 | Close file
2018-12-25T12:01:33.527604436Z 79 PC: 12afa | Find next file
2018-12-25T12:01:33.530614712Z 61 PC: 12c11 | Open file (See above)
2018-12-25T12:01:33.53804481Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T12:01:33.539683714Z 63 PC: 12ab3 | Read file or device (See above)
2018-12-25T12:01:33.546125823Z 66 PC: 12abd | Move file pointer (See above)
2018-12-25T12:01:33.548713736Z 64 PC: 12b16 | Write file or device (See above)
2018-12-25T12:01:33.556519142Z 66 PC: 12b20 | Move file pointer (See above)
2018-12-25T12:01:33.557745681Z 64 PC: 12b2e | Write file or device (See above)
2018-12-25T12:01:33.564924091Z 87 PC: 12bef | Get or set file date and time (See above)
2018-12-25T12:01:33.566438999Z 62 PC: 12b38 | Close file (See above)
2018-12-25T12:01:33.574856882Z 79 PC: 12afa | Find next file (See above)
2018-12-25T12:01:33.578646869Z 61 PC: 12c11 | Open file (See above)
2018-12-25T12:01:33.586598844Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T12:01:33.587966642Z 63 PC: 12ab3 | Read file or device (See above)
2018-12-25T12:01:33.595109217Z 66 PC: 12abd | Move file pointer (See above)
2018-12-25T12:01:33.596927969Z 64 PC: 12b16 | Write file or device (See above)
2018-12-25T12:01:33.605049061Z 66 PC: 12b20 | Move file pointer (See above)
2018-12-25T12:01:33.607036579Z 64 PC: 12b2e | Write file or device (See above)
2018-12-25T12:01:33.614523021Z 87 PC: 12bef | Get or set file date and time (See above)
2018-12-25T12:01:33.615957665Z 62 PC: 12b38 | Close file (See above)
2018-12-25T12:01:33.623626547Z 79 PC: 12afa | Find next file (See above)
2018-12-25T12:01:33.626702217Z 61 PC: 12c11 | Open file (See above)
2018-12-25T12:01:33.633051685Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T12:01:33.634317898Z 63 PC: 12ab3 | Read file or device (See above)
2018-12-25T12:01:33.640792631Z 66 PC: 12abd | Move file pointer (See above)
2018-12-25T12:01:33.642124941Z 64 PC: 12b16 | Write file or device (See above)
2018-12-25T12:01:33.650108233Z 66 PC: 12b20 | Move file pointer (See above)
2018-12-25T12:01:33.651870068Z 64 PC: 12b2e | Write file or device (See above)
2018-12-25T12:01:33.658125507Z 87 PC: 12bef | Get or set file date and time (See above)
2018-12-25T12:01:33.659437764Z 62 PC: 12b38 | Close file (See above)
2018-12-25T12:01:33.683135201Z 79 PC: 12afa | Find next file (See above)
2018-12-25T12:01:33.686376877Z 61 PC: 12c11 | Open file (See above)
2018-12-25T12:01:33.693573435Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T12:01:33.695352436Z 63 PC: 12ab3 | Read file or device (See above)
2018-12-25T12:01:33.701560029Z 66 PC: 12abd | Move file pointer (See above)
2018-12-25T12:01:33.702875421Z 64 PC: 12b16 | Write file or device (See above)
2018-12-25T12:01:33.710990417Z 66 PC: 12b20 | Move file pointer (See above)
2018-12-25T12:01:33.712890872Z 64 PC: 12b2e | Write file or device (See above)
2018-12-25T12:01:33.71910133Z 87 PC: 12bef | Get or set file date and time (See above)
2018-12-25T12:01:33.720866756Z 62 PC: 12b38 | Close file (See above)
2018-12-25T12:01:33.728544842Z 79 PC: 12afa | Find next file (See above)
2018-12-25T12:01:33.731418373Z 61 PC: 12c11 | Open file (See above)
2018-12-25T12:01:33.7379166Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T12:01:33.743121005Z 63 PC: 12ab3 | Read file or device (See above)
2018-12-25T12:01:33.749084828Z 66 PC: 12abd | Move file pointer (See above)
2018-12-25T12:01:33.750920508Z 64 PC: 12b16 | Write file or device (See above)
2018-12-25T12:01:33.759383485Z 66 PC: 12b20 | Move file pointer (See above)
2018-12-25T12:01:33.760562622Z 64 PC: 12b2e | Write file or device (See above)
2018-12-25T12:01:33.767327512Z 87 PC: 12bef | Get or set file date and time (See above)
2018-12-25T12:01:33.768724306Z 62 PC: 12b38 | Close file (See above)
2018-12-25T12:01:33.776233099Z 79 PC: 12afa | Find next file (See above)
2018-12-25T12:01:33.779079136Z 61 PC: 12c11 | Open file (See above)
2018-12-25T12:01:33.785805354Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T12:01:33.787001809Z 63 PC: 12ab3 | Read file or device (See above)
2018-12-25T12:01:33.793293004Z 66 PC: 12abd | Move file pointer (See above)
2018-12-25T12:01:33.794595212Z 64 PC: 12b16 | Write file or device (See above)
2018-12-25T12:01:33.802098206Z 66 PC: 12b20 | Move file pointer (See above)
2018-12-25T12:01:33.804011037Z 64 PC: 12b2e | Write file or device (See above)
2018-12-25T12:01:33.810130106Z 87 PC: 12bef | Get or set file date and time (See above)
2018-12-25T12:01:33.811429634Z 62 PC: 12b38 | Close file (See above)
2018-12-25T12:01:33.820037938Z 79 PC: 12afa | Find next file (See above)
2018-12-25T12:01:33.822629214Z 61 PC: 12c11 | Open file (See above)
2018-12-25T12:01:33.828733469Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T12:01:33.830109778Z 63 PC: 12ab3 | Read file or device (See above)
2018-12-25T12:01:33.833260961Z 66 PC: 12abd | Move file pointer (See above)
2018-12-25T12:01:33.834892795Z 64 PC: 12b16 | Write file or device (See above)
2018-12-25T12:01:33.843042573Z 66 PC: 12b20 | Move file pointer (See above)
2018-12-25T12:01:33.845287066Z 64 PC: 12b2e | Write file or device (See above)
2018-12-25T12:01:33.849319491Z 87 PC: 12bef | Get or set file date and time (See above)
2018-12-25T12:01:33.851079596Z 62 PC: 12b38 | Close file (See above)
2018-12-25T12:01:33.859256299Z 79 PC: 12afa | Find next file (See above)

{"DateBased":true,"Day":1,"Month":4,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7415,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:01:33.617502845Z 42 PC: 12a6d | Get date 0x12a6d: cmp dh, 0xc
0x12a70: jne 0x12a7a
0x12a72: cmp dl, 0x19
0x12a75: jne 0x12a7a
0x12a77: jmp 0x12c52
0x12a7a: cmp dh, 4
0x12a7d: jne 0x12a87
0x12a7f: cmp dl, 1
0x12a82: jne 0x12a87
0x12a84: jmp 0x12c54
0x12a87: call 0x12c32
0x12a8a: call 0x12c1f
0x12a8d: mov si, bp
0x12a8f: add si, 0x247
0x12a93: lodsw ax, word ptr [si]
0x12a94: cmp ax, 5
0x12a97: ja 0x12a9c
0x12a99: jmp 0x12af3
0x12a9c: call 0x12c06
0x12a9f: mov bx, ax
2018-12-25T12:01:33.620471096Z 65 PC: 12c5b | Delete file (Filename = 'A:\TEST.COM')

{"DateBased":true,"Day":2,"Month":4,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7415,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:01:34.282953643Z 42 PC: 12a6d | Get date 0x12a6d: cmp dh, 0xc
0x12a70: jne 0x12a7a
0x12a72: cmp dl, 0x19
0x12a75: jne 0x12a7a
0x12a77: jmp 0x12c52
0x12a7a: cmp dh, 4
0x12a7d: jne 0x12a87
0x12a7f: cmp dl, 1
0x12a82: jne 0x12a87
0x12a84: jmp 0x12c54
0x12a87: call 0x12c32
0x12a8a: call 0x12c1f
0x12a8d: mov si, bp
0x12a8f: add si, 0x247
0x12a93: lodsw ax, word ptr [si]
0x12a94: cmp ax, 5
0x12a97: ja 0x12a9c
0x12a99: jmp 0x12af3
0x12a9c: call 0x12c06
0x12a9f: mov bx, ax
2018-12-25T12:01:34.2861837Z 26 PC: 12c3c | Set disk transfer address
2018-12-25T12:01:34.287301719Z 78 PC: 12c2c | Find first file
2018-12-25T12:01:34.291459774Z 61 PC: 12c11 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:01:34.296406562Z 87 PC: 12bf4 | Get or set file date and time
2018-12-25T12:01:34.297488726Z 63 PC: 12ab3 | Read file or device (Read 5 bytes on handle 5)
2018-12-25T12:01:34.301540673Z 66 PC: 12abd | Move file pointer
2018-12-25T12:01:34.302996625Z 64 PC: 12b16 | Write file or device (Write 609 bytes on handle 5)
2018-12-25T12:01:34.315644842Z 66 PC: 12b20 | Move file pointer
2018-12-25T12:01:34.317291446Z 64 PC: 12b2e | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:01:34.321410033Z 87 PC: 12bef | Get or set file date and time
2018-12-25T12:01:34.323229563Z 62 PC: 12b38 | Close file
2018-12-25T12:01:34.328262844Z 79 PC: 12afa | Find next file
2018-12-25T12:01:34.330085838Z 61 PC: 12c11 | Open file (See above)
2018-12-25T12:01:34.334784667Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T12:01:34.335896344Z 63 PC: 12ab3 | Read file or device (See above)
2018-12-25T12:01:34.340139652Z 66 PC: 12abd | Move file pointer (See above)
2018-12-25T12:01:34.341882515Z 64 PC: 12b16 | Write file or device (See above)
2018-12-25T12:01:34.347074352Z 66 PC: 12b20 | Move file pointer (See above)
2018-12-25T12:01:34.348179215Z 64 PC: 12b2e | Write file or device (See above)
2018-12-25T12:01:34.355259889Z 87 PC: 12bef | Get or set file date and time (See above)
2018-12-25T12:01:34.356406399Z 62 PC: 12b38 | Close file (See above)
2018-12-25T12:01:34.361634751Z 79 PC: 12afa | Find next file (See above)
2018-12-25T12:01:34.367341743Z 61 PC: 12c11 | Open file (See above)
2018-12-25T12:01:34.371794569Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T12:01:34.373174738Z 63 PC: 12ab3 | Read file or device (See above)
2018-12-25T12:01:34.378107063Z 66 PC: 12abd | Move file pointer (See above)
2018-12-25T12:01:34.37992338Z 64 PC: 12b16 | Write file or device (See above)
2018-12-25T12:01:34.388166264Z 66 PC: 12b20 | Move file pointer (See above)
2018-12-25T12:01:34.395637957Z 64 PC: 12b2e | Write file or device (See above)
2018-12-25T12:01:34.403466616Z 87 PC: 12bef | Get or set file date and time (See above)
2018-12-25T12:01:34.405275304Z 62 PC: 12b38 | Close file (See above)
2018-12-25T12:01:34.414223805Z 79 PC: 12afa | Find next file (See above)
2018-12-25T12:01:34.417169493Z 61 PC: 12c11 | Open file (See above)
2018-12-25T12:01:34.42380389Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T12:01:34.42586198Z 63 PC: 12ab3 | Read file or device (See above)
2018-12-25T12:01:34.432378649Z 66 PC: 12abd | Move file pointer (See above)
2018-12-25T12:01:34.434098243Z 64 PC: 12b16 | Write file or device (See above)
2018-12-25T12:01:34.442982605Z 66 PC: 12b20 | Move file pointer (See above)
2018-12-25T12:01:34.444977648Z 64 PC: 12b2e | Write file or device (See above)
2018-12-25T12:01:34.451336154Z 87 PC: 12bef | Get or set file date and time (See above)
2018-12-25T12:01:34.453309591Z 62 PC: 12b38 | Close file (See above)
2018-12-25T12:01:34.461299655Z 79 PC: 12afa | Find next file (See above)
2018-12-25T12:01:34.464219917Z 61 PC: 12c11 | Open file (See above)
2018-12-25T12:01:34.471889617Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T12:01:34.474428087Z 63 PC: 12ab3 | Read file or device (See above)
2018-12-25T12:01:34.480312977Z 66 PC: 12abd | Move file pointer (See above)
2018-12-25T12:01:34.48171588Z 64 PC: 12b16 | Write file or device (See above)
2018-12-25T12:01:34.489619007Z 66 PC: 12b20 | Move file pointer (See above)
2018-12-25T12:01:34.491404615Z 64 PC: 12b2e | Write file or device (See above)
2018-12-25T12:01:34.498220436Z 87 PC: 12bef | Get or set file date and time (See above)
2018-12-25T12:01:34.500864356Z 62 PC: 12b38 | Close file (See above)
2018-12-25T12:01:34.508570371Z 79 PC: 12afa | Find next file (See above)
2018-12-25T12:01:34.511354441Z 61 PC: 12c11 | Open file (See above)
2018-12-25T12:01:34.518831642Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T12:01:34.520497222Z 63 PC: 12ab3 | Read file or device (See above)
2018-12-25T12:01:34.52679311Z 66 PC: 12abd | Move file pointer (See above)
2018-12-25T12:01:34.529055149Z 64 PC: 12b16 | Write file or device (See above)
2018-12-25T12:01:34.537625633Z 66 PC: 12b20 | Move file pointer (See above)
2018-12-25T12:01:34.538882823Z 64 PC: 12b2e | Write file or device (See above)
2018-12-25T12:01:34.54569752Z 87 PC: 12bef | Get or set file date and time (See above)
2018-12-25T12:01:34.54712068Z 62 PC: 12b38 | Close file (See above)
2018-12-25T12:01:34.554878318Z 79 PC: 12afa | Find next file (See above)
2018-12-25T12:01:34.560937548Z 61 PC: 12c11 | Open file (See above)
2018-12-25T12:01:34.567391937Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T12:01:34.568819818Z 63 PC: 12ab3 | Read file or device (See above)
2018-12-25T12:01:34.576254267Z 66 PC: 12abd | Move file pointer (See above)
2018-12-25T12:01:34.578069239Z 64 PC: 12b16 | Write file or device (See above)
2018-12-25T12:01:34.585978299Z 66 PC: 12b20 | Move file pointer (See above)
2018-12-25T12:01:34.58878382Z 64 PC: 12b2e | Write file or device (See above)
2018-12-25T12:01:34.595086434Z 87 PC: 12bef | Get or set file date and time (See above)
2018-12-25T12:01:34.596455258Z 62 PC: 12b38 | Close file (See above)
2018-12-25T12:01:34.605404428Z 79 PC: 12afa | Find next file (See above)
2018-12-25T12:01:34.607818554Z 61 PC: 12c11 | Open file (See above)
2018-12-25T12:01:34.614042901Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T12:01:34.61648857Z 63 PC: 12ab3 | Read file or device (See above)
2018-12-25T12:01:34.61943031Z 66 PC: 12abd | Move file pointer (See above)
2018-12-25T12:01:34.621314909Z 64 PC: 12b16 | Write file or device (See above)
2018-12-25T12:01:34.630210621Z 66 PC: 12b20 | Move file pointer (See above)
2018-12-25T12:01:34.632374351Z 64 PC: 12b2e | Write file or device (See above)
2018-12-25T12:01:34.635502732Z 87 PC: 12bef | Get or set file date and time (See above)
2018-12-25T12:01:34.638038362Z 62 PC: 12b38 | Close file (See above)
2018-12-25T12:01:34.646193557Z 79 PC: 12afa | Find next file (See above)

{"DateBased":true,"Day":1,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7415,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:01:34.582369909Z 42 PC: 12a6d | Get date 0x12a6d: cmp dh, 0xc
0x12a70: jne 0x12a7a
0x12a72: cmp dl, 0x19
0x12a75: jne 0x12a7a
0x12a77: jmp 0x12c52
0x12a7a: cmp dh, 4
0x12a7d: jne 0x12a87
0x12a7f: cmp dl, 1
0x12a82: jne 0x12a87
0x12a84: jmp 0x12c54
0x12a87: call 0x12c32
0x12a8a: call 0x12c1f
0x12a8d: mov si, bp
0x12a8f: add si, 0x247
0x12a93: lodsw ax, word ptr [si]
0x12a94: cmp ax, 5
0x12a97: ja 0x12a9c
0x12a99: jmp 0x12af3
0x12a9c: call 0x12c06
0x12a9f: mov bx, ax
2018-12-25T12:01:34.585535262Z 26 PC: 12c3c | Set disk transfer address
2018-12-25T12:01:34.586806418Z 78 PC: 12c2c | Find first file
2018-12-25T12:01:34.593482183Z 61 PC: 12c11 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:01:34.600729389Z 87 PC: 12bf4 | Get or set file date and time
2018-12-25T12:01:34.602406087Z 63 PC: 12ab3 | Read file or device (Read 5 bytes on handle 5)
2018-12-25T12:01:34.609760876Z 66 PC: 12abd | Move file pointer
2018-12-25T12:01:34.611874871Z 64 PC: 12b16 | Write file or device (Write 609 bytes on handle 5)
2018-12-25T12:01:34.628586258Z 66 PC: 12b20 | Move file pointer
2018-12-25T12:01:34.630030325Z 64 PC: 12b2e | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:01:34.637226326Z 87 PC: 12bef | Get or set file date and time
2018-12-25T12:01:34.63934488Z 62 PC: 12b38 | Close file
2018-12-25T12:01:34.649251107Z 79 PC: 12afa | Find next file
2018-12-25T12:01:34.6526847Z 61 PC: 12c11 | Open file (See above)
2018-12-25T12:01:34.660995744Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T12:01:34.663707464Z 63 PC: 12ab3 | Read file or device (See above)
2018-12-25T12:01:34.670799799Z 66 PC: 12abd | Move file pointer (See above)
2018-12-25T12:01:34.674305031Z 64 PC: 12b16 | Write file or device (See above)
2018-12-25T12:01:34.683311639Z 66 PC: 12b20 | Move file pointer (See above)
2018-12-25T12:01:34.684880914Z 64 PC: 12b2e | Write file or device (See above)
2018-12-25T12:01:34.692271534Z 87 PC: 12bef | Get or set file date and time (See above)
2018-12-25T12:01:34.693871847Z 62 PC: 12b38 | Close file (See above)
2018-12-25T12:01:34.704735241Z 79 PC: 12afa | Find next file (See above)
2018-12-25T12:01:34.706887294Z 61 PC: 12c11 | Open file (See above)
2018-12-25T12:01:34.711742345Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T12:01:34.714285087Z 63 PC: 12ab3 | Read file or device (See above)
2018-12-25T12:01:34.720892941Z 66 PC: 12abd | Move file pointer (See above)
2018-12-25T12:01:34.723216504Z 64 PC: 12b16 | Write file or device (See above)
2018-12-25T12:01:34.731648482Z 66 PC: 12b20 | Move file pointer (See above)
2018-12-25T12:01:34.732971763Z 64 PC: 12b2e | Write file or device (See above)
2018-12-25T12:01:34.741791836Z 87 PC: 12bef | Get or set file date and time (See above)
2018-12-25T12:01:34.743440722Z 62 PC: 12b38 | Close file (See above)
2018-12-25T12:01:34.754535359Z 79 PC: 12afa | Find next file (See above)
2018-12-25T12:01:34.76383706Z 61 PC: 12c11 | Open file (See above)
2018-12-25T12:01:34.770981431Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T12:01:34.772695999Z 63 PC: 12ab3 | Read file or device (See above)
2018-12-25T12:01:34.780272084Z 66 PC: 12abd | Move file pointer (See above)
2018-12-25T12:01:34.784348149Z 64 PC: 12b16 | Write file or device (See above)
2018-12-25T12:01:34.795507737Z 66 PC: 12b20 | Move file pointer (See above)
2018-12-25T12:01:34.797716057Z 64 PC: 12b2e | Write file or device (See above)
2018-12-25T12:01:34.804513467Z 87 PC: 12bef | Get or set file date and time (See above)
2018-12-25T12:01:34.806282917Z 62 PC: 12b38 | Close file (See above)
2018-12-25T12:01:34.812537349Z 79 PC: 12afa | Find next file (See above)
2018-12-25T12:01:34.81511548Z 61 PC: 12c11 | Open file (See above)
2018-12-25T12:01:34.819986923Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T12:01:34.821221792Z 63 PC: 12ab3 | Read file or device (See above)
2018-12-25T12:01:34.826674049Z 66 PC: 12abd | Move file pointer (See above)
2018-12-25T12:01:34.828073753Z 64 PC: 12b16 | Write file or device (See above)
2018-12-25T12:01:34.840606864Z 66 PC: 12b20 | Move file pointer (See above)
2018-12-25T12:01:34.844519311Z 64 PC: 12b2e | Write file or device (See above)
2018-12-25T12:01:34.852231474Z 87 PC: 12bef | Get or set file date and time (See above)
2018-12-25T12:01:34.854379252Z 62 PC: 12b38 | Close file (See above)
2018-12-25T12:01:34.863377789Z 79 PC: 12afa | Find next file (See above)
2018-12-25T12:01:34.868588861Z 61 PC: 12c11 | Open file (See above)
2018-12-25T12:01:34.873648778Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T12:01:34.874749361Z 63 PC: 12ab3 | Read file or device (See above)
2018-12-25T12:01:34.881520083Z 66 PC: 12abd | Move file pointer (See above)
2018-12-25T12:01:34.882911835Z 64 PC: 12b16 | Write file or device (See above)
2018-12-25T12:01:34.891235605Z 66 PC: 12b20 | Move file pointer (See above)
2018-12-25T12:01:34.894056063Z 64 PC: 12b2e | Write file or device (See above)
2018-12-25T12:01:34.901597344Z 87 PC: 12bef | Get or set file date and time (See above)
2018-12-25T12:01:34.903260766Z 62 PC: 12b38 | Close file (See above)
2018-12-25T12:01:34.913365942Z 79 PC: 12afa | Find next file (See above)
2018-12-25T12:01:34.916499236Z 61 PC: 12c11 | Open file (See above)
2018-12-25T12:01:34.923964085Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T12:01:34.927549191Z 63 PC: 12ab3 | Read file or device (See above)
2018-12-25T12:01:34.934891324Z 66 PC: 12abd | Move file pointer (See above)
2018-12-25T12:01:34.936629505Z 64 PC: 12b16 | Write file or device (See above)
2018-12-25T12:01:34.945635204Z 66 PC: 12b20 | Move file pointer (See above)
2018-12-25T12:01:34.947727998Z 64 PC: 12b2e | Write file or device (See above)
2018-12-25T12:01:34.955015057Z 87 PC: 12bef | Get or set file date and time (See above)
2018-12-25T12:01:34.956723531Z 62 PC: 12b38 | Close file (See above)
2018-12-25T12:01:34.966569965Z 79 PC: 12afa | Find next file (See above)
2018-12-25T12:01:34.969667075Z 61 PC: 12c11 | Open file (See above)
2018-12-25T12:01:34.977183512Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T12:01:34.979918617Z 63 PC: 12ab3 | Read file or device (See above)
2018-12-25T12:01:34.983310588Z 66 PC: 12abd | Move file pointer (See above)
2018-12-25T12:01:34.98516899Z 64 PC: 12b16 | Write file or device (See above)
2018-12-25T12:01:34.99689632Z 66 PC: 12b20 | Move file pointer (See above)
2018-12-25T12:01:34.998584775Z 64 PC: 12b2e | Write file or device (See above)
2018-12-25T12:01:35.00278983Z 87 PC: 12bef | Get or set file date and time (See above)
2018-12-25T12:01:35.005982483Z 62 PC: 12b38 | Close file (See above)
2018-12-25T12:01:35.015232877Z 79 PC: 12afa | Find next file (See above)

{"DateBased":true,"Day":25,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7415,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:01:34.604211033Z 42 PC: 12a6d | Get date 0x12a6d: cmp dh, 0xc
0x12a70: jne 0x12a7a
0x12a72: cmp dl, 0x19
0x12a75: jne 0x12a7a
0x12a77: jmp 0x12c52
0x12a7a: cmp dh, 4
0x12a7d: jne 0x12a87
0x12a7f: cmp dl, 1
0x12a82: jne 0x12a87
0x12a84: jmp 0x12c54
0x12a87: call 0x12c32
0x12a8a: call 0x12c1f
0x12a8d: mov si, bp
0x12a8f: add si, 0x247
0x12a93: lodsw ax, word ptr [si]
0x12a94: cmp ax, 5
0x12a97: ja 0x12a9c
0x12a99: jmp 0x12af3
0x12a9c: call 0x12c06
0x12a9f: mov bx, ax