Sample viewer

vx.netlux.org/Virus.DOS.Apparition.1248

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:02:16.64573863Z 37 PC: 12a48 | Set interrupt vector (Interrupt = '160' AKA 'UNKNOWN!')
2018-12-17T22:02:16.647770471Z 15 PC: 15902 | Open file (Filename = 'XXX^!=55u3&p&r&&]&&_H&&MCC&)&&@&@&&&IO& CT& LD&RV3V^P3X&&&p&rށ '%CGPP@&l&lXPP')
2018-12-17T22:02:16.649478988Z 47 PC: 15c8c | Get disk transfer address
2018-12-17T22:02:16.650740919Z 26 PC: 15c9d | Set disk transfer address
2018-12-17T22:02:16.652847649Z 78 PC: 15caa | Find first file
2018-12-17T22:02:16.65721211Z 61 PC: 15bcf | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:02:16.661289059Z 66 PC: 15be7 | Move file pointer
2018-12-17T22:02:16.662826622Z 62 PC: 15c87 | Close file
2018-12-17T22:02:16.664515973Z 79 PC: 15caa | Find next file
2018-12-17T22:02:16.666263702Z 61 PC: 15bcf | Open file (Filename = 'PRINT.COM')
2018-12-17T22:02:16.672477824Z 66 PC: 15be7 | Move file pointer
2018-12-17T22:02:16.674512691Z 62 PC: 15c87 | Close file
2018-12-17T22:02:16.677310423Z 79 PC: 15caa | Find next file
2018-12-17T22:02:16.679552843Z 61 PC: 15bcf | Open file (Filename = 'HELLO.COM')
2018-12-17T22:02:16.686586602Z 66 PC: 15be7 | Move file pointer
2018-12-17T22:02:16.688203732Z 62 PC: 15c87 | Close file
2018-12-17T22:02:16.690334326Z 79 PC: 15caa | Find next file
2018-12-17T22:02:16.693243963Z 61 PC: 15bcf | Open file (Filename = 'PHANG.COM')
2018-12-17T22:02:16.705089087Z 66 PC: 15be7 | Move file pointer
2018-12-17T22:02:16.706715722Z 62 PC: 15c87 | Close file
2018-12-17T22:02:16.709313302Z 79 PC: 15caa | Find next file
2018-12-17T22:02:16.712022946Z 61 PC: 15bcf | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:02:16.723374572Z 66 PC: 15be7 | Move file pointer
2018-12-17T22:02:16.726037909Z 62 PC: 15c87 | Close file
2018-12-17T22:02:16.727759387Z 79 PC: 15caa | Find next file
2018-12-17T22:02:16.730364549Z 61 PC: 15bcf | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:02:16.737610722Z 66 PC: 15be7 | Move file pointer
2018-12-17T22:02:16.739263735Z 62 PC: 15c87 | Close file
2018-12-17T22:02:16.741344881Z 79 PC: 15caa | Find next file
2018-12-17T22:02:16.751880019Z 61 PC: 15bcf | Open file (Filename = 'PAH.COM')
2018-12-17T22:02:16.758501906Z 66 PC: 15be7 | Move file pointer
2018-12-17T22:02:16.760405936Z 62 PC: 15c87 | Close file
2018-12-17T22:02:16.763551218Z 79 PC: 15caa | Find next file
2018-12-17T22:02:16.766617071Z 61 PC: 15bcf | Open file (Filename = 'TEST.COM')
2018-12-17T22:02:16.773160218Z 66 PC: 15be7 | Move file pointer
2018-12-17T22:02:16.77546107Z 66 PC: 15c0a | Move file pointer
2018-12-17T22:02:16.776757022Z 63 PC: 15c1a | Read file or device (Read 32 bytes on handle 5)
2018-12-17T22:02:16.783369758Z 62 PC: 15c87 | Close file
2018-12-17T22:02:16.785706951Z 79 PC: 15caa | Find next file
2018-12-17T22:02:16.787985273Z 26 PC: 15cc2 | Set disk transfer address
2018-12-17T22:02:16.789115017Z 42 PC: 154b4 | Get date 0x154b4: cmp dl, 0xf
0x154b7: je 0x154bb
0x154b9: jmp 0x154d8
0x154bb: cli
0x154bc: mov ah, 2
0x154be: cdq
0x154bf: mov cx, 0x100
0x154c2: int 0x26
0x154c4: jmp 0x154c6
0x154c6: cli
0x154c7: mov al, 3
0x154c9: mov cx, 0x2bc
0x154cc: mov dx, 0
0x154cf: mov ds, word ptr [di + 0x63]
0x154d2: mov bx, word ptr [di + 0x37]
0x154d5: call 0x254bb
0x154d8: ret
0x154d9: lodsb al, byte ptr [si]
0x154da: xor al, ah
0x154dc: stosb byte ptr es:[di], al
2018-12-17T22:02:16.791869429Z 71 PC: 155a0 | Get current directory
2018-12-17T22:02:16.79978703Z 47 PC: 9fa9a | Get disk transfer address
2018-12-17T22:02:16.800926167Z 26 PC: 9faab | Set disk transfer address
2018-12-17T22:02:16.803680995Z 78 PC: 9fab8 | Find first file
2018-12-17T22:02:16.813987512Z 61 PC: 9f9dd | Open file
2018-12-17T22:02:16.820623895Z 66 PC: 9f9f5 | Move file pointer
2018-12-17T22:02:16.822856463Z 62 PC: 9fa95 | Close file
2018-12-17T22:02:16.824949872Z 79 PC: 9fab8 | Find next file
2018-12-17T22:02:16.827440008Z 61 PC: 9f9dd | Open file
2018-12-17T22:02:16.834699008Z 66 PC: 9f9f5 | Move file pointer
2018-12-17T22:02:16.835965527Z 62 PC: 9fa95 | Close file
2018-12-17T22:02:16.837537267Z 79 PC: 9fab8 | Find next file
2018-12-17T22:02:16.840515624Z 61 PC: 9f9dd | Open file
2018-12-17T22:02:16.847165583Z 66 PC: 9f9f5 | Move file pointer
2018-12-17T22:02:16.849350315Z 62 PC: 9fa95 | Close file
2018-12-17T22:02:16.851851008Z 79 PC: 9fab8 | Find next file
2018-12-17T22:02:16.855689702Z 61 PC: 9f9dd | Open file
2018-12-17T22:02:16.868691701Z 66 PC: 9f9f5 | Move file pointer
2018-12-17T22:02:16.871598988Z 62 PC: 9fa95 | Close file
2018-12-17T22:02:16.875143119Z 79 PC: 9fab8 | Find next file
2018-12-17T22:02:16.877915739Z 61 PC: 9f9dd | Open file
2018-12-17T22:02:16.885559065Z 66 PC: 9f9f5 | Move file pointer
2018-12-17T22:02:16.887238022Z 62 PC: 9fa95 | Close file
2018-12-17T22:02:16.889264585Z 79 PC: 9fab8 | Find next file
2018-12-17T22:02:16.892857889Z 61 PC: 9f9dd | Open file
2018-12-17T22:02:16.899442537Z 66 PC: 9f9f5 | Move file pointer
2018-12-17T22:02:16.900805626Z 62 PC: 9fa95 | Close file
2018-12-17T22:02:16.902758281Z 79 PC: 9fab8 | Find next file
2018-12-17T22:02:16.90601332Z 61 PC: 9f9dd | Open file
2018-12-17T22:02:16.912237424Z 66 PC: 9f9f5 | Move file pointer
2018-12-17T22:02:16.91344545Z 62 PC: 9fa95 | Close file
2018-12-17T22:02:16.915375106Z 79 PC: 9fab8 | Find next file
2018-12-17T22:02:16.917820586Z 61 PC: 9f9dd | Open file
2018-12-17T22:02:16.925041422Z 66 PC: 9f9f5 | Move file pointer
2018-12-17T22:02:16.927461976Z 66 PC: 9fa18 | Move file pointer
2018-12-17T22:02:16.929054806Z 63 PC: 9fa28 | Read file or device (Read 32 bytes on handle 5)
2018-12-17T22:02:16.935686935Z 62 PC: 9fa95 | Close file
2018-12-17T22:02:16.938333741Z 79 PC: 9fab8 | Find next file
2018-12-17T22:02:16.940872524Z 26 PC: 9fad0 | Set disk transfer address
2018-12-17T22:02:16.942284016Z 59 PC: 155ab | Change current directory
2018-12-17T22:02:16.947078178Z 26 PC: 1565e | Set disk transfer address
2018-12-17T22:02:16.948318554Z 78 PC: 9fb79 | Find first file
2018-12-17T22:02:16.954260492Z 47 PC: 9fb8b | Get disk transfer address
2018-12-17T22:02:16.956476752Z 61 PC: 9fb0d | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:02:16.962822164Z 63 PC: 9fb1e | Read file or device (Read 32 bytes on handle 5)
2018-12-17T22:02:16.967863064Z 62 PC: 9fb75 | Close file
2018-12-17T22:02:16.969874939Z 61 PC: 15697 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:02:16.975335939Z 63 PC: 156a9 | Read file or device (Read 8 bytes on handle 5)
2018-12-17T22:02:16.977759641Z 44 PC: 156e4 | Get time 0x156e4: add dl, dh
0x156e6: je 0x156e0
0x156e8: mov si, 0x115
0x156eb: add si, word ptr [0x106]
0x156ef: mov byte ptr [si], dl
0x156f1: mov ax, 0x4301
0x156f4: xor cx, cx
0x156f6: mov dx, si
0x156f8: add dx, 0xc7
0x156fc: int 0x21
0x156fe: mov ah, 0x3e
0x15700: int 0x21
0x15702: mov ax, 0x3d02
0x15705: int 0x21
0x15707: jb 0x156b8
0x15709: mov di, dx
0x1570b: add di, 0x63
0x1570e: stosw word ptr es:[di], ax
0x1570f: xchg ax, bx
0x15710: mov ah, 0x40
2018-12-17T22:02:16.981949219Z 67 PC: 156fe | Get or set file attributes
2018-12-17T22:02:17.001903037Z 62 PC: 15702 | Close file
2018-12-17T22:02:17.003958895Z 61 PC: 9fb0d | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:02:17.015393839Z 63 PC: 9fb1e | Read file or device (Read 32 bytes on handle 5)
2018-12-17T22:02:17.021977929Z 62 PC: 9fb75 | Close file
2018-12-17T22:02:17.024508648Z 61 PC: 15707 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:02:17.033524384Z 64 PC: 1571a | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:02:17.036473984Z 64 PC: 1572c | Write file or device (Write 2 bytes on handle 5)
2018-12-17T22:02:17.040847046Z 64 PC: 15741 | Write file or device (Write 2 bytes on handle 5)
2018-12-17T22:02:17.044894726Z 66 PC: 1574a | Move file pointer
2018-12-17T22:02:17.047162787Z 42 PC: 154b4 | Get date 0x154b4: cmp dl, 0xf
0x154b7: je 0x154bb
0x154b9: jmp 0x154d8
0x154bb: cli
0x154bc: mov ah, 2
0x154be: cdq
0x154bf: mov cx, 0x100
0x154c2: int 0x26
0x154c4: jmp 0x154c6
0x154c6: cli
0x154c7: mov al, 3
0x154c9: mov cx, 0x2bc
0x154cc: mov dx, 0
0x154cf: mov ds, word ptr [di + 0x63]
0x154d2: mov bx, word ptr [di + 0x37]
0x154d5: call 0x254bb
0x154d8: ret
0x154d9: lodsb al, byte ptr [si]
0x154da: xor al, ah
0x154dc: stosb byte ptr es:[di], al
2018-12-17T22:02:17.0494592Z 64 PC: 154ef | Write file or device (Write 1104 bytes on handle 5)
2018-12-17T22:02:17.05996261Z 42 PC: 154b4 | Get date 0x154b4: cmp dl, 0xf
0x154b7: je 0x154bb
0x154b9: jmp 0x154d8
0x154bb: cli
0x154bc: mov ah, 2
0x154be: cdq
0x154bf: mov cx, 0x100
0x154c2: int 0x26
0x154c4: jmp 0x154c6
0x154c6: cli
0x154c7: mov al, 3
0x154c9: mov cx, 0x2bc
0x154cc: mov dx, 0
0x154cf: mov ds, word ptr [di + 0x63]
0x154d2: mov bx, word ptr [di + 0x37]
0x154d5: call 0x254bb
0x154d8: ret
0x154d9: lodsb al, byte ptr [si]
0x154da: xor al, ah
0x154dc: stosb byte ptr es:[di], al
2018-12-17T22:02:17.062588295Z 87 PC: 15763 | Get or set file date and time
2018-12-17T22:02:17.0643958Z 62 PC: 15767 | Close file
2018-12-17T22:02:17.073430295Z 67 PC: 15778 | Get or set file attributes
2018-12-17T22:02:17.08302388Z 79 PC: 9fb79 | Find next file
2018-12-17T22:02:17.085796546Z 47 PC: 9fb8b | Get disk transfer address
2018-12-17T22:02:17.087932129Z 61 PC: 9fb0d | Open file (Filename = 'PRINT.COM')
2018-12-17T22:02:17.094467864Z 63 PC: 9fb1e | Read file or device (Read 32 bytes on handle 5)
2018-12-17T22:02:17.100838192Z 62 PC: 9fb75 | Close file
2018-12-17T22:02:17.103854399Z 61 PC: 15697 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:02:17.110551749Z 63 PC: 156a9 | Read file or device (Read 8 bytes on handle 5)
2018-12-17T22:02:17.113244426Z 44 PC: 156e4 | Get time 0x156e4: add dl, dh
0x156e6: je 0x156e0
0x156e8: mov si, 0x115
0x156eb: add si, word ptr [0x106]
0x156ef: mov byte ptr [si], dl
0x156f1: mov ax, 0x4301
0x156f4: xor cx, cx
0x156f6: mov dx, si
0x156f8: add dx, 0xc7
0x156fc: int 0x21
0x156fe: mov ah, 0x3e
0x15700: int 0x21
0x15702: mov ax, 0x3d02
0x15705: int 0x21
0x15707: jb 0x156b8
0x15709: mov di, dx
0x1570b: add di, 0x63
0x1570e: stosw word ptr es:[di], ax
0x1570f: xchg ax, bx
0x15710: mov ah, 0x40
2018-12-17T22:02:17.116100124Z 67 PC: 156fe | Get or set file attributes
2018-12-17T22:02:17.125790966Z 62 PC: 15702 | Close file
2018-12-17T22:02:17.127624139Z 61 PC: 9fb0d | Open file (Filename = 'PRINT.COM')
2018-12-17T22:02:17.139887795Z 63 PC: 9fb1e | Read file or device (Read 32 bytes on handle 5)
2018-12-17T22:02:17.146074707Z 62 PC: 9fb75 | Close file
2018-12-17T22:02:17.147771676Z 61 PC: 15707 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:02:17.155038109Z 64 PC: 1571a | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:02:17.157786028Z 64 PC: 1572c | Write file or device (Write 2 bytes on handle 5)
2018-12-17T22:02:17.160338412Z 64 PC: 15741 | Write file or device (Write 2 bytes on handle 5)
2018-12-17T22:02:17.163653652Z 66 PC: 1574a | Move file pointer
2018-12-17T22:02:17.165152594Z 42 PC: 154b4 | Get date 0x154b4: cmp dl, 0xf
0x154b7: je 0x154bb
0x154b9: jmp 0x154d8
0x154bb: cli
0x154bc: mov ah, 2
0x154be: cdq
0x154bf: mov cx, 0x100
0x154c2: int 0x26
0x154c4: jmp 0x154c6
0x154c6: cli
0x154c7: mov al, 3
0x154c9: mov cx, 0x2bc
0x154cc: mov dx, 0
0x154cf: mov ds, word ptr [di + 0x63]
0x154d2: mov bx, word ptr [di + 0x37]
0x154d5: call 0x254bb
0x154d8: ret
0x154d9: lodsb al, byte ptr [si]
0x154da: xor al, ah
0x154dc: stosb byte ptr es:[di], al
2018-12-17T22:02:17.16785071Z 64 PC: 154ef | Write file or device (Write 1104 bytes on handle 5)
2018-12-17T22:02:17.176745745Z 42 PC: 154b4 | Get date 0x154b4: cmp dl, 0xf
0x154b7: je 0x154bb
0x154b9: jmp 0x154d8
0x154bb: cli
0x154bc: mov ah, 2
0x154be: cdq
0x154bf: mov cx, 0x100
0x154c2: int 0x26
0x154c4: jmp 0x154c6
0x154c6: cli
0x154c7: mov al, 3
0x154c9: mov cx, 0x2bc
0x154cc: mov dx, 0
0x154cf: mov ds, word ptr [di + 0x63]
0x154d2: mov bx, word ptr [di + 0x37]
0x154d5: call 0x254bb
0x154d8: ret
0x154d9: lodsb al, byte ptr [si]
0x154da: xor al, ah
0x154dc: stosb byte ptr es:[di], al
2018-12-17T22:02:17.179525498Z 87 PC: 15763 | Get or set file date and time
2018-12-17T22:02:17.181031779Z 62 PC: 15767 | Close file
2018-12-17T22:02:17.189304726Z 67 PC: 15778 | Get or set file attributes
2018-12-17T22:02:17.199732233Z 79 PC: 9fb79 | Find next file
2018-12-17T22:02:17.203226766Z 47 PC: 9fb8b | Get disk transfer address
2018-12-17T22:02:17.205023959Z 61 PC: 9fb0d | Open file (Filename = 'HELLO.COM')
2018-12-17T22:02:17.21669952Z 63 PC: 9fb1e | Read file or device (Read 32 bytes on handle 5)
2018-12-17T22:02:17.222914743Z 62 PC: 9fb75 | Close file
2018-12-17T22:02:17.224613746Z 61 PC: 15697 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:02:17.232186735Z 63 PC: 156a9 | Read file or device (Read 8 bytes on handle 5)
2018-12-17T22:02:17.234797151Z 44 PC: 156e4 | Get time 0x156e4: add dl, dh
0x156e6: je 0x156e0
0x156e8: mov si, 0x115
0x156eb: add si, word ptr [0x106]
0x156ef: mov byte ptr [si], dl
0x156f1: mov ax, 0x4301
0x156f4: xor cx, cx
0x156f6: mov dx, si
0x156f8: add dx, 0xc7
0x156fc: int 0x21
0x156fe: mov ah, 0x3e
0x15700: int 0x21
0x15702: mov ax, 0x3d02
0x15705: int 0x21
0x15707: jb 0x156b8
0x15709: mov di, dx
0x1570b: add di, 0x63
0x1570e: stosw word ptr es:[di], ax
0x1570f: xchg ax, bx
0x15710: mov ah, 0x40
2018-12-17T22:02:17.236957556Z 67 PC: 156fe | Get or set file attributes
2018-12-17T22:02:17.24665701Z 62 PC: 15702 | Close file
2018-12-17T22:02:17.248587293Z 61 PC: 9fb0d | Open file (Filename = 'HELLO.COM')
2018-12-17T22:02:17.254787324Z 63 PC: 9fb1e | Read file or device (Read 32 bytes on handle 5)
2018-12-17T22:02:17.258267107Z 62 PC: 9fb75 | Close file
2018-12-17T22:02:17.260108002Z 61 PC: 15707 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:02:17.267770729Z 64 PC: 1571a | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:02:17.272366417Z 64 PC: 1572c | Write file or device (Write 2 bytes on handle 5)
2018-12-17T22:02:17.275217664Z 64 PC: 15741 | Write file or device (Write 2 bytes on handle 5)
2018-12-17T22:02:17.277832509Z 66 PC: 1574a | Move file pointer
2018-12-17T22:02:17.28111564Z 42 PC: 154b4 | Get date 0x154b4: cmp dl, 0xf
0x154b7: je 0x154bb
0x154b9: jmp 0x154d8
0x154bb: cli
0x154bc: mov ah, 2
0x154be: cdq
0x154bf: mov cx, 0x100
0x154c2: int 0x26
0x154c4: jmp 0x154c6
0x154c6: cli
0x154c7: mov al, 3
0x154c9: mov cx, 0x2bc
0x154cc: mov dx, 0
0x154cf: mov ds, word ptr [di + 0x63]
0x154d2: mov bx, word ptr [di + 0x37]
0x154d5: call 0x254bb
0x154d8: ret
0x154d9: lodsb al, byte ptr [si]
0x154da: xor al, ah
0x154dc: stosb byte ptr es:[di], al
2018-12-17T22:02:17.283413056Z 64 PC: 154ef | Write file or device (Write 1104 bytes on handle 5)
2018-12-17T22:02:17.289279101Z 42 PC: 154b4 | Get date 0x154b4: cmp dl, 0xf
0x154b7: je 0x154bb
0x154b9: jmp 0x154d8
0x154bb: cli
0x154bc: mov ah, 2
0x154be: cdq
0x154bf: mov cx, 0x100
0x154c2: int 0x26
0x154c4: jmp 0x154c6
0x154c6: cli
0x154c7: mov al, 3
0x154c9: mov cx, 0x2bc
0x154cc: mov dx, 0
0x154cf: mov ds, word ptr [di + 0x63]
0x154d2: mov bx, word ptr [di + 0x37]
0x154d5: call 0x254bb
0x154d8: ret
0x154d9: lodsb al, byte ptr [si]
0x154da: xor al, ah
0x154dc: stosb byte ptr es:[di], al
2018-12-17T22:02:17.291769318Z 87 PC: 15763 | Get or set file date and time
2018-12-17T22:02:17.294241864Z 62 PC: 15767 | Close file
2018-12-17T22:02:17.300277346Z 67 PC: 15778 | Get or set file attributes
2018-12-17T22:02:17.308010931Z 42 PC: 155c6 | Get date 0x155c6: cmp dx, 0x1602
0x155ca: je 0x155cf
0x155cc: jmp 0x157e8
0x155cf: jmp 0x1577d
0x155d2: and ah, bh
0x155d4: movsw word ptr es:[di], word ptr [si]
0x155d5: mov ax, 0x5c4c
0x155d8: add word ptr [di], ax
0x155da: add byte ptr [di - 0x75], dl
0x155dd: in al, dx
0x155de: sub sp, 0x2c
0x155e1: push si
0x155e2: jmp 0x15653
0x155e4: mov ah, 0x1a
0x155e6: lea dx, word ptr [bp - 0x2c]
0x155e9: int 0x21
0x155eb: mov ah, 0x4e
0x155ed: mov cx, 0x10
0x155f0: mov dx, 0x1b5
0x155f3: add dx, word ptr [0x106]
2018-12-17T22:02:17.309630202Z 47 PC: 9fa9a | Get disk transfer address
2018-12-17T22:02:17.31143119Z 26 PC: 9faab | Set disk transfer address
2018-12-17T22:02:17.314392954Z 78 PC: 9fab8 | Find first file
2018-12-17T22:02:17.320336106Z 61 PC: 9f9dd | Open file
2018-12-17T22:02:17.326797349Z 66 PC: 9f9f5 | Move file pointer
2018-12-17T22:02:17.329069223Z 66 PC: 9fa18 | Move file pointer
2018-12-17T22:02:17.331695032Z 63 PC: 9fa28 | Read file or device (Read 32 bytes on handle 5)
2018-12-17T22:02:17.339052919Z 66 PC: 9fa5e | Move file pointer
2018-12-17T22:02:17.342432333Z 64 PC: 9fa6e | Write file or device (Write 1248 bytes on handle 5)
2018-12-17T22:02:17.351579314Z 66 PC: 9fa7d | Move file pointer
2018-12-17T22:02:17.353099769Z 64 PC: 9fa8d | Write file or device (Write 32 bytes on handle 5)
2018-12-17T22:02:17.356813335Z 62 PC: 9fa95 | Close file
2018-12-17T22:02:17.365132667Z 79 PC: 9fab8 | Find next file
2018-12-17T22:02:17.368216247Z 61 PC: 9f9dd | Open file
2018-12-17T22:02:17.375824427Z 66 PC: 9f9f5 | Move file pointer
2018-12-17T22:02:17.377383468Z 66 PC: 9fa18 | Move file pointer
2018-12-17T22:02:17.379013894Z 63 PC: 9fa28 | Read file or device (Read 32 bytes on handle 5)
2018-12-17T22:02:17.386544947Z 66 PC: 9fa5e | Move file pointer
2018-12-17T22:02:17.388162704Z 64 PC: 9fa6e | Write file or device (Write 1248 bytes on handle 5)
2018-12-17T22:02:17.397410477Z 66 PC: 9fa7d | Move file pointer
2018-12-17T22:02:17.399113618Z 64 PC: 9fa8d | Write file or device (Write 32 bytes on handle 5)
2018-12-17T22:02:17.401847594Z 62 PC: 9fa95 | Close file
2018-12-17T22:02:17.410606583Z 79 PC: 9fab8 | Find next file
2018-12-17T22:02:17.413912399Z 61 PC: 9f9dd | Open file
2018-12-17T22:02:17.420436535Z 66 PC: 9f9f5 | Move file pointer
2018-12-17T22:02:17.422087747Z 66 PC: 9fa18 | Move file pointer
2018-12-17T22:02:17.42415947Z 63 PC: 9fa28 | Read file or device (Read 32 bytes on handle 5)
2018-12-17T22:02:17.430630804Z 66 PC: 9fa5e | Move file pointer
2018-12-17T22:02:17.432258652Z 64 PC: 9fa6e | Write file or device (Write 1248 bytes on handle 5)
2018-12-17T22:02:17.441685836Z 66 PC: 9fa7d | Move file pointer
2018-12-17T22:02:17.443635116Z 64 PC: 9fa8d | Write file or device (Write 32 bytes on handle 5)
2018-12-17T22:02:17.446753688Z 62 PC: 9fa95 | Close file
2018-12-17T22:02:17.455257826Z 79 PC: 9fab8 | Find next file
2018-12-17T22:02:17.457796971Z 61 PC: 9f9dd | Open file
2018-12-17T22:02:17.466240202Z 66 PC: 9f9f5 | Move file pointer
2018-12-17T22:02:17.467610094Z 62 PC: 9fa95 | Close file
2018-12-17T22:02:17.469323617Z 79 PC: 9fab8 | Find next file
2018-12-17T22:02:17.472780808Z 61 PC: 9f9dd | Open file
2018-12-17T22:02:17.479822286Z 66 PC: 9f9f5 | Move file pointer
2018-12-17T22:02:17.481188876Z 62 PC: 9fa95 | Close file
2018-12-17T22:02:17.485381729Z 79 PC: 9fab8 | Find next file
2018-12-17T22:02:17.487988873Z 61 PC: 9f9dd | Open file
2018-12-17T22:02:17.499172418Z 66 PC: 9f9f5 | Move file pointer
2018-12-17T22:02:17.502780205Z 62 PC: 9fa95 | Close file
2018-12-17T22:02:17.504725229Z 79 PC: 9fab8 | Find next file
2018-12-17T22:02:17.507091717Z 61 PC: 9f9dd | Open file
2018-12-17T22:02:17.514228983Z 66 PC: 9f9f5 | Move file pointer
2018-12-17T22:02:17.515884741Z 62 PC: 9fa95 | Close file
2018-12-17T22:02:17.517857447Z 79 PC: 9fab8 | Find next file
2018-12-17T22:02:17.521229598Z 61 PC: 9f9dd | Open file
2018-12-17T22:02:17.527578911Z 66 PC: 9f9f5 | Move file pointer
2018-12-17T22:02:17.529071406Z 66 PC: 9fa18 | Move file pointer
2018-12-17T22:02:17.532529645Z 63 PC: 9fa28 | Read file or device (Read 32 bytes on handle 5)
2018-12-17T22:02:17.539270865Z 62 PC: 9fa95 | Close file
2018-12-17T22:02:17.541292167Z 79 PC: 9fab8 | Find next file
2018-12-17T22:02:17.544609133Z 26 PC: 9fad0 | Set disk transfer address
2018-12-17T22:02:17.546224001Z 59 PC: 157f3 | Change current directory
2018-12-17T22:02:17.550364399Z 47 PC: 9fa9a | Get disk transfer address
2018-12-17T22:02:17.552435165Z 26 PC: 9faab | Set disk transfer address
2018-12-17T22:02:17.554002921Z 78 PC: 9fab8 | Find first file
2018-12-17T22:02:17.565130467Z 61 PC: 9f9dd | Open file
2018-12-17T22:02:17.571798019Z 66 PC: 9f9f5 | Move file pointer
2018-12-17T22:02:17.573393543Z 66 PC: 9fa18 | Move file pointer
2018-12-17T22:02:17.574611027Z 63 PC: 9fa28 | Read file or device (Read 32 bytes on handle 5)
2018-12-17T22:02:17.5816879Z 62 PC: 9fa95 | Close file
2018-12-17T22:02:17.583584058Z 79 PC: 9fab8 | Find next file
2018-12-17T22:02:17.586437078Z 61 PC: 9f9dd | Open file
2018-12-17T22:02:17.593831653Z 66 PC: 9f9f5 | Move file pointer
2018-12-17T22:02:17.595765839Z 66 PC: 9fa18 | Move file pointer
2018-12-17T22:02:17.597376834Z 63 PC: 9fa28 | Read file or device (Read 32 bytes on handle 5)
2018-12-17T22:02:17.604530528Z 62 PC: 9fa95 | Close file
2018-12-17T22:02:17.606784827Z 79 PC: 9fab8 | Find next file
2018-12-17T22:02:17.609609534Z 61 PC: 9f9dd | Open file
2018-12-17T22:02:17.617430134Z 66 PC: 9f9f5 | Move file pointer
2018-12-17T22:02:17.619813874Z 66 PC: 9fa18 | Move file pointer
2018-12-17T22:02:17.621365329Z 63 PC: 9fa28 | Read file or device (Read 32 bytes on handle 5)
2018-12-17T22:02:17.628906192Z 62 PC: 9fa95 | Close file
2018-12-17T22:02:17.631134735Z 79 PC: 9fab8 | Find next file
2018-12-17T22:02:17.633909615Z 61 PC: 9f9dd | Open file
2018-12-17T22:02:17.641195926Z 66 PC: 9f9f5 | Move file pointer
2018-12-17T22:02:17.643067625Z 62 PC: 9fa95 | Close file
2018-12-17T22:02:17.644975184Z 79 PC: 9fab8 | Find next file
2018-12-17T22:02:17.648410865Z 61 PC: 9f9dd | Open file
2018-12-17T22:02:17.655309301Z 66 PC: 9f9f5 | Move file pointer
2018-12-17T22:02:17.656887509Z 62 PC: 9fa95 | Close file
2018-12-17T22:02:17.659746928Z 79 PC: 9fab8 | Find next file
2018-12-17T22:02:17.662704635Z 61 PC: 9f9dd | Open file
2018-12-17T22:02:17.669262078Z 66 PC: 9f9f5 | Move file pointer
2018-12-17T22:02:17.671502284Z 62 PC: 9fa95 | Close file
2018-12-17T22:02:17.673649375Z 79 PC: 9fab8 | Find next file
2018-12-17T22:02:17.676422073Z 61 PC: 9f9dd | Open file
2018-12-17T22:02:17.683479202Z 66 PC: 9f9f5 | Move file pointer
2018-12-17T22:02:17.684835444Z 62 PC: 9fa95 | Close file
2018-12-17T22:02:17.686637715Z 79 PC: 9fab8 | Find next file
2018-12-17T22:02:17.690057707Z 61 PC: 9f9dd | Open file
2018-12-17T22:02:17.702983707Z 66 PC: 9f9f5 | Move file pointer
2018-12-17T22:02:17.704630673Z 66 PC: 9fa18 | Move file pointer
2018-12-17T22:02:17.70747265Z 63 PC: 9fa28 | Read file or device (Read 32 bytes on handle 5)
2018-12-17T22:02:17.717858794Z 62 PC: 9fa95 | Close file
2018-12-17T22:02:17.719558556Z 79 PC: 9fab8 | Find next file
2018-12-17T22:02:17.723071349Z 26 PC: 9fad0 | Set disk transfer address
2018-12-17T22:02:17.724291989Z 59 PC: 157fa | Change current directory
2018-12-17T22:02:17.726336915Z 37 PC: 15483 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:02:17.728726629Z 25 PC: 1517b | Get default drive
2018-12-17T22:02:17.729979601Z 26 PC: 1518f | Set disk transfer address
2018-12-17T22:02:17.732286834Z 78 PC: 9fb79 | Find first file
2018-12-17T22:02:17.738234154Z 47 PC: 9fb8b | Get disk transfer address
2018-12-17T22:02:17.739749238Z 67 PC: 15231 | Get or set file attributes
2018-12-17T22:02:17.750223817Z 61 PC: 9fb0d | Open file (Filename = 'A:\SLEEP.COM')
2018-12-17T22:02:17.758060966Z 63 PC: 9fb1e | Read file or device (Read 32 bytes on handle 5)
2018-12-17T22:02:17.764760227Z 66 PC: 9fb2f | Move file pointer
2018-12-17T22:02:17.767118106Z 66 PC: 9fb3d | Move file pointer
2018-12-17T22:02:17.769291685Z 63 PC: 9fb49 | Read file or device (Read 32 bytes on handle 5)
2018-12-17T22:02:17.775984959Z 66 PC: 9fb50 | Move file pointer
2018-12-17T22:02:17.777607263Z 64 PC: 9fb5c | Write file or device (Write 32 bytes on handle 5)
2018-12-17T22:02:17.782005248Z 66 PC: 9fb6b | Move file pointer
2018-12-17T22:02:17.783752864Z 64 PC: 9fb71 | Write file or device (Write 0 bytes on handle 5)
2018-12-17T22:02:17.792174835Z 62 PC: 9fb75 | Close file
2018-12-17T22:02:17.81094673Z 61 PC: 15238 | Open file (Filename = 'A:\SLEEP.COM')
2018-12-17T22:02:17.817961737Z 63 PC: 1524f | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:02:17.821946254Z 66 PC: 1527a | Move file pointer
2018-12-17T22:02:17.824226094Z 64 PC: 1528b | Write file or device (Write 850 bytes on handle 5)
2018-12-17T22:02:17.833784137Z 66 PC: 15295 | Move file pointer
2018-12-17T22:02:17.836497007Z 64 PC: 1529e | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:02:17.840103908Z 87 PC: 1545b | Get or set file date and time
2018-12-17T22:02:17.842051464Z 62 PC: 1545f | Close file
2018-12-17T22:02:17.849591139Z 67 PC: 1546b | Get or set file attributes

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":1369,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:43:29.922624009Z 37 PC: 12a48 | Set interrupt vector (Interrupt = '160' AKA 'UNKNOWN!')
2018-12-25T11:43:29.924110639Z 15 PC: 15902 | Open file (Filename = 'XXX^!=55u3&p&r&&]&&_H&&MCC&)&&@&@&&&IO& CT& LD&RV3V^P3X&&&p&rށ '%CGPP@&l&lXPP')
2018-12-25T11:43:29.925582087Z 47 PC: 15c8c | Get disk transfer address
2018-12-25T11:43:29.926532423Z 26 PC: 15c9d | Set disk transfer address
2018-12-25T11:43:29.927563569Z 78 PC: 15caa | Find first file
2018-12-25T11:43:29.933794535Z 61 PC: 15bcf | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:43:29.940224399Z 66 PC: 15be7 | Move file pointer
2018-12-25T11:43:29.941895824Z 62 PC: 15c87 | Close file
2018-12-25T11:43:29.944341468Z 79 PC: 15caa | Find next file (See above)
2018-12-25T11:43:29.94727031Z 61 PC: 15bcf | Open file (See above)
2018-12-25T11:43:29.96514577Z 66 PC: 15be7 | Move file pointer (See above)
2018-12-25T11:43:29.967037031Z 62 PC: 15c87 | Close file (See above)
2018-12-25T11:43:29.96872118Z 79 PC: 15caa | Find next file (See above)
2018-12-25T11:43:29.97152784Z 61 PC: 15bcf | Open file (See above)
2018-12-25T11:43:29.978309808Z 66 PC: 15be7 | Move file pointer (See above)
2018-12-25T11:43:29.979634642Z 62 PC: 15c87 | Close file (See above)
2018-12-25T11:43:29.981269696Z 79 PC: 15caa | Find next file (See above)
2018-12-25T11:43:29.98395925Z 61 PC: 15bcf | Open file (See above)
2018-12-25T11:43:29.99154244Z 66 PC: 15be7 | Move file pointer (See above)
2018-12-25T11:43:29.992929073Z 62 PC: 15c87 | Close file (See above)
2018-12-25T11:43:29.994702949Z 79 PC: 15caa | Find next file (See above)
2018-12-25T11:43:29.997754108Z 61 PC: 15bcf | Open file (See above)
2018-12-25T11:43:30.004227619Z 66 PC: 15be7 | Move file pointer (See above)
2018-12-25T11:43:30.00568016Z 62 PC: 15c87 | Close file (See above)
2018-12-25T11:43:30.009003283Z 79 PC: 15caa | Find next file (See above)
2018-12-25T11:43:30.011510218Z 61 PC: 15bcf | Open file (See above)
2018-12-25T11:43:30.018019944Z 66 PC: 15be7 | Move file pointer (See above)
2018-12-25T11:43:30.020146066Z 62 PC: 15c87 | Close file (See above)
2018-12-25T11:43:30.02187967Z 79 PC: 15caa | Find next file (See above)
2018-12-25T11:43:30.024361015Z 61 PC: 15bcf | Open file (See above)
2018-12-25T11:43:30.036658618Z 66 PC: 15be7 | Move file pointer (See above)
2018-12-25T11:43:30.038715474Z 62 PC: 15c87 | Close file (See above)
2018-12-25T11:43:30.041218494Z 79 PC: 15caa | Find next file (See above)
2018-12-25T11:43:30.044596928Z 61 PC: 15bcf | Open file (See above)
2018-12-25T11:43:30.051262513Z 66 PC: 15be7 | Move file pointer (See above)
2018-12-25T11:43:30.052620356Z 66 PC: 15c0a | Move file pointer
2018-12-25T11:43:30.054598942Z 63 PC: 15c1a | Read file or device (Read 32 bytes on handle 5)
2018-12-25T11:43:30.060910697Z 62 PC: 15c87 | Close file (See above)
2018-12-25T11:43:30.062647229Z 79 PC: 15caa | Find next file (See above)
2018-12-25T11:43:30.065920686Z 26 PC: 15cc2 | Set disk transfer address
2018-12-25T11:43:30.06734635Z 42 PC: 154b4 | Get date 0x154b4: cmp dl, 0xf
0x154b7: je 0x154bb
0x154b9: jmp 0x154d8
0x154bb: cli
0x154bc: mov ah, 2
0x154be: cdq
0x154bf: mov cx, 0x100
0x154c2: int 0x26
0x154c4: jmp 0x154c6
0x154c6: cli
0x154c7: mov al, 3
0x154c9: mov cx, 0x2bc
0x154cc: mov dx, 0
0x154cf: mov ds, word ptr [di + 0x63]
0x154d2: mov bx, word ptr [di + 0x37]
0x154d5: call 0x254bb
0x154d8: ret
0x154d9: lodsb al, byte ptr [si]
0x154da: xor al, ah
0x154dc: stosb byte ptr es:[di], al
2018-12-25T11:43:30.069922023Z 71 PC: 155a0 | Get current directory
2018-12-25T11:43:30.080776276Z 47 PC: 9fa9a | Get disk transfer address
2018-12-25T11:43:30.081837165Z 26 PC: 9faab | Set disk transfer address
2018-12-25T11:43:30.08302436Z 78 PC: 9fab8 | Find first file
2018-12-25T11:43:30.089535675Z 61 PC: 9f9dd | Open file
2018-12-25T11:43:30.093571429Z 66 PC: 9f9f5 | Move file pointer
2018-12-25T11:43:30.094567665Z 62 PC: 9fa95 | Close file
2018-12-25T11:43:30.09617581Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:30.098565255Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:30.109975155Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:30.112185173Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:30.113907965Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:30.116181316Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:30.127395965Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:30.128633894Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:30.130522515Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:30.133329647Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:30.140095027Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:30.14173588Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:30.144158606Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:30.146678477Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:30.153118383Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:30.154548846Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:30.156670975Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:30.15926314Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:30.1658343Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:30.167800306Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:30.169505617Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:30.172588904Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:30.181339204Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:30.182842641Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:30.184780574Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:30.188434922Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:30.200051206Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:30.201415352Z 66 PC: 9fa18 | Move file pointer
2018-12-25T11:43:30.203839042Z 63 PC: 9fa28 | Read file or device (Read 32 bytes on handle 5)
2018-12-25T11:43:30.210308426Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:30.212620229Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:30.21611168Z 26 PC: 9fad0 | Set disk transfer address
2018-12-25T11:43:30.217712134Z 59 PC: 155ab | Change current directory
2018-12-25T11:43:30.222392624Z 26 PC: 1565e | Set disk transfer address
2018-12-25T11:43:30.224402925Z 78 PC: 9fb79 | Find first file
2018-12-25T11:43:30.230518293Z 47 PC: 9fb8b | Get disk transfer address
2018-12-25T11:43:30.232045086Z 61 PC: 9fb0d | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:43:30.239318544Z 63 PC: 9fb1e | Read file or device (Read 32 bytes on handle 5)
2018-12-25T11:43:30.246431882Z 62 PC: 9fb75 | Close file
2018-12-25T11:43:30.248382333Z 61 PC: 15697 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:43:30.25844889Z 63 PC: 156a9 | Read file or device (Read 8 bytes on handle 5)
2018-12-25T11:43:30.262618366Z 44 PC: 156e4 | Get time 0x156e4: add dl, dh
0x156e6: je 0x156e0
0x156e8: mov si, 0x115
0x156eb: add si, word ptr [0x106]
0x156ef: mov byte ptr [si], dl
0x156f1: mov ax, 0x4301
0x156f4: xor cx, cx
0x156f6: mov dx, si
0x156f8: add dx, 0xc7
0x156fc: int 0x21
0x156fe: mov ah, 0x3e
0x15700: int 0x21
0x15702: mov ax, 0x3d02
0x15705: int 0x21
0x15707: jb 0x156b8
0x15709: mov di, dx
0x1570b: add di, 0x63
0x1570e: stosw word ptr es:[di], ax
0x1570f: xchg ax, bx
0x15710: mov ah, 0x40
2018-12-25T11:43:30.264144206Z 67 PC: 156fe | Get or set file attributes
2018-12-25T11:43:30.277672304Z 62 PC: 15702 | Close file
2018-12-25T11:43:30.280041402Z 61 PC: 9fb0d | Open file (See above)
2018-12-25T11:43:30.286588945Z 63 PC: 9fb1e | Read file or device (See above)
2018-12-25T11:43:30.289678596Z 62 PC: 9fb75 | Close file (See above)
2018-12-25T11:43:30.292594411Z 61 PC: 15707 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:43:30.299701316Z 64 PC: 1571a | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:43:30.302893459Z 64 PC: 1572c | Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:43:30.306589575Z 64 PC: 15741 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:43:30.309140532Z 66 PC: 1574a | Move file pointer
2018-12-25T11:43:30.31036352Z 42 PC: 154b4 | Get date (See above)
2018-12-25T11:43:30.312973114Z 64 PC: 154ef | Write file or device (Write 1104 bytes on handle 5)
2018-12-25T11:43:30.31891277Z 42 PC: 154b4 | Get date (See above)
2018-12-25T11:43:30.320863788Z 87 PC: 15763 | Get or set file date and time
2018-12-25T11:43:30.323090104Z 62 PC: 15767 | Close file
2018-12-25T11:43:30.328485681Z 67 PC: 15778 | Get or set file attributes
2018-12-25T11:43:30.334901536Z 79 PC: 9fb79 | Find next file (See above)
2018-12-25T11:43:30.337421552Z 47 PC: 9fb8b | Get disk transfer address (See above)
2018-12-25T11:43:30.338441835Z 61 PC: 9fb0d | Open file (See above)
2018-12-25T11:43:30.342849285Z 63 PC: 9fb1e | Read file or device (See above)
2018-12-25T11:43:30.34726759Z 62 PC: 9fb75 | Close file (See above)
2018-12-25T11:43:30.348669597Z 61 PC: 15697 | Open file (See above)
2018-12-25T11:43:30.353570461Z 63 PC: 156a9 | Read file or device (See above)
2018-12-25T11:43:30.356157387Z 44 PC: 156e4 | Get time (See above)
2018-12-25T11:43:30.358532743Z 67 PC: 156fe | Get or set file attributes (See above)
2018-12-25T11:43:30.365621556Z 62 PC: 15702 | Close file (See above)
2018-12-25T11:43:30.368149266Z 61 PC: 9fb0d | Open file (See above)
2018-12-25T11:43:30.376438133Z 63 PC: 9fb1e | Read file or device (See above)
2018-12-25T11:43:30.380964997Z 62 PC: 9fb75 | Close file (See above)
2018-12-25T11:43:30.382860579Z 61 PC: 15707 | Open file (See above)
2018-12-25T11:43:30.391547413Z 64 PC: 1571a | Write file or device (See above)
2018-12-25T11:43:30.396307674Z 64 PC: 1572c | Write file or device (See above)
2018-12-25T11:43:30.398520343Z 64 PC: 15741 | Write file or device (See above)
2018-12-25T11:43:30.400383713Z 66 PC: 1574a | Move file pointer (See above)
2018-12-25T11:43:30.40130716Z 42 PC: 154b4 | Get date (See above)
2018-12-25T11:43:30.403326971Z 64 PC: 154ef | Write file or device (See above)
2018-12-25T11:43:30.40892598Z 42 PC: 154b4 | Get date (See above)
2018-12-25T11:43:30.410541769Z 87 PC: 15763 | Get or set file date and time (See above)
2018-12-25T11:43:30.412453395Z 62 PC: 15767 | Close file (See above)
2018-12-25T11:43:30.417921643Z 67 PC: 15778 | Get or set file attributes (See above)
2018-12-25T11:43:30.424144525Z 79 PC: 9fb79 | Find next file (See above)
2018-12-25T11:43:30.426293348Z 47 PC: 9fb8b | Get disk transfer address (See above)
2018-12-25T11:43:30.42760649Z 61 PC: 9fb0d | Open file (See above)
2018-12-25T11:43:30.435105595Z 63 PC: 9fb1e | Read file or device (See above)
2018-12-25T11:43:30.44229509Z 62 PC: 9fb75 | Close file (See above)
2018-12-25T11:43:30.444542885Z 61 PC: 15697 | Open file (See above)
2018-12-25T11:43:30.451023585Z 63 PC: 156a9 | Read file or device (See above)
2018-12-25T11:43:30.455114258Z 44 PC: 156e4 | Get time (See above)
2018-12-25T11:43:30.457426751Z 67 PC: 156fe | Get or set file attributes (See above)
2018-12-25T11:43:30.46926421Z 62 PC: 15702 | Close file (See above)
2018-12-25T11:43:30.472455412Z 61 PC: 9fb0d | Open file (See above)
2018-12-25T11:43:30.478654791Z 63 PC: 9fb1e | Read file or device (See above)
2018-12-25T11:43:30.484705521Z 62 PC: 9fb75 | Close file (See above)
2018-12-25T11:43:30.487523467Z 61 PC: 15707 | Open file (See above)
2018-12-25T11:43:30.494437755Z 64 PC: 1571a | Write file or device (See above)
2018-12-25T11:43:30.497623992Z 64 PC: 1572c | Write file or device (See above)
2018-12-25T11:43:30.500763158Z 64 PC: 15741 | Write file or device (See above)
2018-12-25T11:43:30.503560737Z 66 PC: 1574a | Move file pointer (See above)
2018-12-25T11:43:30.505303299Z 42 PC: 154b4 | Get date (See above)
2018-12-25T11:43:30.508242805Z 64 PC: 154ef | Write file or device (See above)
2018-12-25T11:43:30.516426425Z 42 PC: 154b4 | Get date (See above)
2018-12-25T11:43:30.518494664Z 87 PC: 15763 | Get or set file date and time (See above)
2018-12-25T11:43:30.520559712Z 62 PC: 15767 | Close file (See above)
2018-12-25T11:43:30.528154988Z 67 PC: 15778 | Get or set file attributes (See above)
2018-12-25T11:43:30.537848317Z 42 PC: 155c6 | Get date 0x155c6: cmp dx, 0x1602
0x155ca: je 0x155cf
0x155cc: jmp 0x157e8
0x155cf: jmp 0x1577d
0x155d2: and ah, bh
0x155d4: movsw word ptr es:[di], word ptr [si]
0x155d5: mov ax, 0x5c4c
0x155d8: add word ptr [di], ax
0x155da: add byte ptr [di - 0x75], dl
0x155dd: in al, dx
0x155de: sub sp, 0x2c
0x155e1: push si
0x155e2: jmp 0x15653
0x155e4: mov ah, 0x1a
0x155e6: lea dx, word ptr [bp - 0x2c]
0x155e9: int 0x21
0x155eb: mov ah, 0x4e
0x155ed: mov cx, 0x10
0x155f0: mov dx, 0x1b5
0x155f3: add dx, word ptr [0x106]
2018-12-25T11:43:30.540345857Z 47 PC: 9fa9a | Get disk transfer address (See above)
2018-12-25T11:43:30.54133148Z 26 PC: 9faab | Set disk transfer address (See above)
2018-12-25T11:43:30.542262355Z 78 PC: 9fab8 | Find first file (See above)
2018-12-25T11:43:30.54807381Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:30.554166663Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:30.555676746Z 66 PC: 9fa18 | Move file pointer (See above)
2018-12-25T11:43:30.557469585Z 63 PC: 9fa28 | Read file or device (See above)
2018-12-25T11:43:30.563456975Z 66 PC: 9fa5e | Move file pointer
2018-12-25T11:43:30.564614096Z 64 PC: 9fa6e | Write file or device (Write 1248 bytes on handle 5)
2018-12-25T11:43:30.573457145Z 66 PC: 9fa7d | Move file pointer
2018-12-25T11:43:30.574941595Z 64 PC: 9fa8d | Write file or device (Write 32 bytes on handle 5)
2018-12-25T11:43:30.577434855Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:30.585188732Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:30.588304805Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:30.599164584Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:30.600564196Z 66 PC: 9fa18 | Move file pointer (See above)
2018-12-25T11:43:30.601977651Z 63 PC: 9fa28 | Read file or device (See above)
2018-12-25T11:43:30.608595208Z 66 PC: 9fa5e | Move file pointer (See above)
2018-12-25T11:43:30.609808616Z 64 PC: 9fa6e | Write file or device (See above)
2018-12-25T11:43:30.618978765Z 66 PC: 9fa7d | Move file pointer (See above)
2018-12-25T11:43:30.621447295Z 64 PC: 9fa8d | Write file or device (See above)
2018-12-25T11:43:30.624786878Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:30.633319314Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:30.636689316Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:30.642996351Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:30.644503667Z 66 PC: 9fa18 | Move file pointer (See above)
2018-12-25T11:43:30.646538978Z 63 PC: 9fa28 | Read file or device (See above)
2018-12-25T11:43:30.653094784Z 66 PC: 9fa5e | Move file pointer (See above)
2018-12-25T11:43:30.654307656Z 64 PC: 9fa6e | Write file or device (See above)
2018-12-25T11:43:30.663560391Z 66 PC: 9fa7d | Move file pointer (See above)
2018-12-25T11:43:30.665154893Z 64 PC: 9fa8d | Write file or device (See above)
2018-12-25T11:43:30.668014225Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:30.678128569Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:30.680538802Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:30.687163899Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:30.69002831Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:30.692140693Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:30.694924285Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:30.702787798Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:30.704373619Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:30.706011518Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:30.71047487Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:30.716804742Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:30.71816807Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:30.720266755Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:30.722649008Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:30.734126111Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:30.735883839Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:30.73744501Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:30.739760209Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:30.746337585Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:30.74787843Z 66 PC: 9fa18 | Move file pointer (See above)
2018-12-25T11:43:30.749667181Z 63 PC: 9fa28 | Read file or device (See above)
2018-12-25T11:43:30.757074351Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:30.759091203Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:30.761856719Z 26 PC: 9fad0 | Set disk transfer address (See above)
2018-12-25T11:43:30.76363482Z 59 PC: 157f3 | Change current directory
2018-12-25T11:43:30.76772176Z 47 PC: 9fa9a | Get disk transfer address (See above)
2018-12-25T11:43:30.769135278Z 26 PC: 9faab | Set disk transfer address (See above)
2018-12-25T11:43:30.770827874Z 78 PC: 9fab8 | Find first file (See above)
2018-12-25T11:43:30.776700248Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:30.784187595Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:30.785902846Z 66 PC: 9fa18 | Move file pointer (See above)
2018-12-25T11:43:30.787480263Z 63 PC: 9fa28 | Read file or device (See above)
2018-12-25T11:43:30.794784666Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:30.796736475Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:30.799677417Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:30.808286268Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:30.810013666Z 66 PC: 9fa18 | Move file pointer (See above)
2018-12-25T11:43:30.811647736Z 63 PC: 9fa28 | Read file or device (See above)
2018-12-25T11:43:30.819107202Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:30.821135238Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:30.823887419Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:30.830815248Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:30.832403357Z 66 PC: 9fa18 | Move file pointer (See above)
2018-12-25T11:43:30.83953148Z 63 PC: 9fa28 | Read file or device (See above)
2018-12-25T11:43:30.847404246Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:30.849255497Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:30.852152328Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:30.859501317Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:30.861707417Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:30.863363083Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:30.867322Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:30.878847903Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:30.880212771Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:30.882518199Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:30.88551919Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:30.892618985Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:30.894443756Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:30.896216456Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:30.898811284Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:30.904320288Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:30.905657846Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:30.90788356Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:30.9104699Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:30.935947282Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:30.938194078Z 66 PC: 9fa18 | Move file pointer (See above)
2018-12-25T11:43:30.93982529Z 63 PC: 9fa28 | Read file or device (See above)
2018-12-25T11:43:30.94592665Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:30.948107695Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:30.950786301Z 26 PC: 9fad0 | Set disk transfer address (See above)
2018-12-25T11:43:30.951908376Z 59 PC: 157fa | Change current directory
2018-12-25T11:43:30.954129746Z 37 PC: 15483 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:30.95520546Z 25 PC: 1517b | Get default drive
2018-12-25T11:43:30.956322422Z 26 PC: 1518f | Set disk transfer address
2018-12-25T11:43:30.957749262Z 78 PC: 9fb79 | Find first file (See above)
2018-12-25T11:43:30.963498081Z 47 PC: 9fb8b | Get disk transfer address (See above)
2018-12-25T11:43:30.965156408Z 67 PC: 15231 | Get or set file attributes
2018-12-25T11:43:30.974914522Z 61 PC: 9fb0d | Open file (See above)
2018-12-25T11:43:30.981430895Z 63 PC: 9fb1e | Read file or device (See above)
2018-12-25T11:43:30.987958377Z 66 PC: 9fb2f | Move file pointer
2018-12-25T11:43:30.990704489Z 66 PC: 9fb3d | Move file pointer
2018-12-25T11:43:30.992325896Z 63 PC: 9fb49 | Read file or device (Read 32 bytes on handle 5)
2018-12-25T11:43:31.000002918Z 66 PC: 9fb50 | Move file pointer
2018-12-25T11:43:31.00201099Z 64 PC: 9fb5c | Write file or device (Write 32 bytes on handle 5)
2018-12-25T11:43:31.004754647Z 66 PC: 9fb6b | Move file pointer
2018-12-25T11:43:31.006262816Z 64 PC: 9fb71 | Write file or device (Write 0 bytes on handle 5)
2018-12-25T11:43:31.156344706Z 62 PC: 9fb75 | Close file (See above)
2018-12-25T11:43:31.238744248Z 61 PC: 15238 | Open file (Filename = 'A:\SLEEP.COM')
2018-12-25T11:43:31.245829127Z 63 PC: 1524f | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:43:31.247930767Z 66 PC: 1527a | Move file pointer
2018-12-25T11:43:31.248980776Z 64 PC: 1528b | Write file or device (Write 850 bytes on handle 5)
2018-12-25T11:43:31.264626427Z 66 PC: 15295 | Move file pointer
2018-12-25T11:43:31.265887856Z 64 PC: 1529e | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:43:31.268622143Z 87 PC: 1545b | Get or set file date and time
2018-12-25T11:43:31.270634395Z 62 PC: 1545f | Close file
2018-12-25T11:43:31.310173013Z 67 PC: 1546b | Get or set file attributes
2018-12-25T11:43:31.321507237Z 37 PC: 15483 | Set interrupt vector (See above)
2018-12-25T11:43:31.323369748Z 26 PC: 151f2 | Set disk transfer address
2018-12-25T11:43:31.324723492Z 63 PC: 155a0 | Read file or device (See above)
2018-12-25T11:43:31.326382151Z 47 PC: 9fa9a | Get disk transfer address (See above)
2018-12-25T11:43:31.328445948Z 26 PC: 9faab | Set disk transfer address (See above)
2018-12-25T11:43:31.329621786Z 78 PC: 9fab8 | Find first file (See above)
2018-12-25T11:43:31.335918213Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:31.342470296Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:31.343965399Z 66 PC: 9fa18 | Move file pointer (See above)
2018-12-25T11:43:31.345852711Z 63 PC: 9fa28 | Read file or device (See above)
2018-12-25T11:43:31.348374721Z 66 PC: 9fa5e | Move file pointer (See above)
2018-12-25T11:43:31.34964559Z 64 PC: 9fa6e | Write file or device (See above)
2018-12-25T11:43:31.389371715Z 66 PC: 9fa7d | Move file pointer (See above)
2018-12-25T11:43:31.390749653Z 64 PC: 9fa8d | Write file or device (See above)
2018-12-25T11:43:31.395429726Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:31.436286388Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:31.439790673Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:31.448358412Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:31.450886545Z 66 PC: 9fa18 | Move file pointer (See above)
2018-12-25T11:43:31.454900164Z 63 PC: 9fa28 | Read file or device (See above)
2018-12-25T11:43:31.462865018Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:31.46474174Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:31.467434003Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:31.475030158Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:31.480808277Z 66 PC: 9fa18 | Move file pointer (See above)
2018-12-25T11:43:31.482306744Z 63 PC: 9fa28 | Read file or device (See above)
2018-12-25T11:43:31.489075751Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:31.491056477Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:31.494185205Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:31.502003637Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:31.503712551Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:31.506679769Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:31.509193238Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:31.516654164Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:31.51848878Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:31.520173653Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:31.522542279Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:31.53564478Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:31.537272769Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:31.539008451Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:31.542196675Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:31.548424238Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:31.549851829Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:31.551415168Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:31.553068437Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:31.557644878Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:31.558745343Z 66 PC: 9fa18 | Move file pointer (See above)
2018-12-25T11:43:31.559795094Z 63 PC: 9fa28 | Read file or device (See above)
2018-12-25T11:43:31.564827257Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:31.566154227Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:31.567822691Z 26 PC: 9fad0 | Set disk transfer address (See above)
2018-12-25T11:43:31.569271805Z 59 PC: 157f3 | Change current directory (See above)
2018-12-25T11:43:31.570561741Z 47 PC: 9fa9a | Get disk transfer address (See above)
2018-12-25T11:43:31.571600839Z 26 PC: 9faab | Set disk transfer address (See above)
2018-12-25T11:43:31.572721117Z 78 PC: 9fab8 | Find first file (See above)
2018-12-25T11:43:31.576243992Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:31.58362405Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:31.584917008Z 66 PC: 9fa18 | Move file pointer (See above)
2018-12-25T11:43:31.585896124Z 63 PC: 9fa28 | Read file or device (See above)
2018-12-25T11:43:31.592754963Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:31.595544346Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:31.598461218Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:31.610177537Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:31.611493738Z 66 PC: 9fa18 | Move file pointer (See above)
2018-12-25T11:43:31.613048387Z 63 PC: 9fa28 | Read file or device (See above)
2018-12-25T11:43:31.619798411Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:31.621415253Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:31.625133987Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:31.631494297Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:31.632878478Z 66 PC: 9fa18 | Move file pointer (See above)
2018-12-25T11:43:31.634814797Z 63 PC: 9fa28 | Read file or device (See above)
2018-12-25T11:43:31.640892958Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:31.642467627Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:31.645393114Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:31.65172297Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:31.652921174Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:31.654703625Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:31.656961247Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:31.664123467Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:31.665679645Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:31.667755865Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:31.678768904Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:31.689941658Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:31.691700536Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:31.693263032Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:31.696054576Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:31.702355269Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:31.703577854Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:31.705639069Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:31.708014157Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:31.718559211Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:31.720063454Z 66 PC: 9fa18 | Move file pointer (See above)
2018-12-25T11:43:31.721316247Z 63 PC: 9fa28 | Read file or device (See above)
2018-12-25T11:43:31.727946394Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:31.729607944Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:31.73187653Z 26 PC: 9fad0 | Set disk transfer address (See above)
2018-12-25T11:43:31.734096195Z 59 PC: 157fa | Change current directory (See above)
2018-12-25T11:43:31.736611411Z 9 PC: 12a51 | Display string (String= 'This is a sample! (10.000 bytes)')
2018-12-25T11:43:31.74015236Z 76 PC: 12a56 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":1369,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:43:30.117544205Z 37 PC: 12a48 | Set interrupt vector (Interrupt = '160' AKA 'UNKNOWN!')
2018-12-25T11:43:30.119507414Z 15 PC: 15902 | Open file (Filename = 'XXX^!=55u3&p&r&&]&&_H&&MCC&)&&@&@&&&IO& CT& LD&RV3V^P3X&&&p&rށ '%CGPP@&l&lXPP')
2018-12-25T11:43:30.12143004Z 47 PC: 15c8c | Get disk transfer address
2018-12-25T11:43:30.122392287Z 26 PC: 15c9d | Set disk transfer address
2018-12-25T11:43:30.123866981Z 78 PC: 15caa | Find first file
2018-12-25T11:43:30.129570715Z 61 PC: 15bcf | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:43:30.141967359Z 66 PC: 15be7 | Move file pointer
2018-12-25T11:43:30.143440507Z 62 PC: 15c87 | Close file
2018-12-25T11:43:30.144590872Z 79 PC: 15caa | Find next file (See above)
2018-12-25T11:43:30.146148219Z 61 PC: 15bcf | Open file (See above)
2018-12-25T11:43:30.153675231Z 66 PC: 15be7 | Move file pointer (See above)
2018-12-25T11:43:30.154984802Z 62 PC: 15c87 | Close file (See above)
2018-12-25T11:43:30.156511869Z 79 PC: 15caa | Find next file (See above)
2018-12-25T11:43:30.159231715Z 61 PC: 15bcf | Open file (See above)
2018-12-25T11:43:30.171007767Z 66 PC: 15be7 | Move file pointer (See above)
2018-12-25T11:43:30.172218103Z 62 PC: 15c87 | Close file (See above)
2018-12-25T11:43:30.174020721Z 79 PC: 15caa | Find next file (See above)
2018-12-25T11:43:30.176504411Z 61 PC: 15bcf | Open file (See above)
2018-12-25T11:43:30.18283874Z 66 PC: 15be7 | Move file pointer (See above)
2018-12-25T11:43:30.18438122Z 62 PC: 15c87 | Close file (See above)
2018-12-25T11:43:30.18673403Z 79 PC: 15caa | Find next file (See above)
2018-12-25T11:43:30.18901519Z 61 PC: 15bcf | Open file (See above)
2018-12-25T11:43:30.195342205Z 66 PC: 15be7 | Move file pointer (See above)
2018-12-25T11:43:30.196958542Z 62 PC: 15c87 | Close file (See above)
2018-12-25T11:43:30.198617353Z 79 PC: 15caa | Find next file (See above)
2018-12-25T11:43:30.201012056Z 61 PC: 15bcf | Open file (See above)
2018-12-25T11:43:30.207716605Z 66 PC: 15be7 | Move file pointer (See above)
2018-12-25T11:43:30.20894728Z 62 PC: 15c87 | Close file (See above)
2018-12-25T11:43:30.210482858Z 79 PC: 15caa | Find next file (See above)
2018-12-25T11:43:30.213554665Z 61 PC: 15bcf | Open file (See above)
2018-12-25T11:43:30.220388922Z 66 PC: 15be7 | Move file pointer (See above)
2018-12-25T11:43:30.221340313Z 62 PC: 15c87 | Close file (See above)
2018-12-25T11:43:30.222860589Z 79 PC: 15caa | Find next file (See above)
2018-12-25T11:43:30.224449412Z 61 PC: 15bcf | Open file (See above)
2018-12-25T11:43:30.231239791Z 66 PC: 15be7 | Move file pointer (See above)
2018-12-25T11:43:30.233060855Z 66 PC: 15c0a | Move file pointer
2018-12-25T11:43:30.234208137Z 63 PC: 15c1a | Read file or device (Read 32 bytes on handle 5)
2018-12-25T11:43:30.240139045Z 62 PC: 15c87 | Close file (See above)
2018-12-25T11:43:30.24189232Z 79 PC: 15caa | Find next file (See above)
2018-12-25T11:43:30.244054836Z 26 PC: 15cc2 | Set disk transfer address
2018-12-25T11:43:30.24491914Z 42 PC: 154b4 | Get date 0x154b4: cmp dl, 0xf
0x154b7: je 0x154bb
0x154b9: jmp 0x154d8
0x154bb: cli
0x154bc: mov ah, 2
0x154be: cdq
0x154bf: mov cx, 0x100
0x154c2: int 0x26
0x154c4: jmp 0x154c6
0x154c6: cli
0x154c7: mov al, 3
0x154c9: mov cx, 0x2bc
0x154cc: mov dx, 0
0x154cf: mov ds, word ptr [di + 0x63]
0x154d2: mov bx, word ptr [di + 0x37]
0x154d5: call 0x254bb
0x154d8: ret
0x154d9: lodsb al, byte ptr [si]
0x154da: xor al, ah
0x154dc: stosb byte ptr es:[di], al
2018-12-25T11:43:30.247402684Z 71 PC: 155a0 | Get current directory
2018-12-25T11:43:30.249256935Z 47 PC: 9fa9a | Get disk transfer address
2018-12-25T11:43:30.249984434Z 26 PC: 9faab | Set disk transfer address
2018-12-25T11:43:30.251116437Z 78 PC: 9fab8 | Find first file
2018-12-25T11:43:30.254597941Z 61 PC: 9f9dd | Open file
2018-12-25T11:43:30.259380789Z 66 PC: 9f9f5 | Move file pointer
2018-12-25T11:43:30.262613774Z 62 PC: 9fa95 | Close file
2018-12-25T11:43:30.264208322Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:30.266473675Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:30.277053644Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:30.278482073Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:30.280034896Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:30.282461316Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:30.293881173Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:30.295089752Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:30.297129026Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:30.29964044Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:30.306143083Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:30.314587783Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:30.316286798Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:30.318717038Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:30.325511194Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:30.327109577Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:30.329037788Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:30.332193093Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:30.338528423Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:30.339762209Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:30.341649274Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:30.343925081Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:30.350162075Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:30.351762719Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:30.353284911Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:30.355433204Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:30.367200443Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:30.368447444Z 66 PC: 9fa18 | Move file pointer
2018-12-25T11:43:30.369575997Z 63 PC: 9fa28 | Read file or device (Read 32 bytes on handle 5)
2018-12-25T11:43:30.376343053Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:30.377843315Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:30.379871004Z 26 PC: 9fad0 | Set disk transfer address
2018-12-25T11:43:30.381219993Z 59 PC: 155ab | Change current directory
2018-12-25T11:43:30.38525627Z 26 PC: 1565e | Set disk transfer address
2018-12-25T11:43:30.386095022Z 78 PC: 9fb79 | Find first file
2018-12-25T11:43:30.392232431Z 47 PC: 9fb8b | Get disk transfer address
2018-12-25T11:43:30.393475955Z 61 PC: 9fb0d | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:43:30.399743365Z 63 PC: 9fb1e | Read file or device (Read 32 bytes on handle 5)
2018-12-25T11:43:30.406065061Z 62 PC: 9fb75 | Close file
2018-12-25T11:43:30.407918229Z 61 PC: 15697 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:43:30.414376928Z 63 PC: 156a9 | Read file or device (Read 8 bytes on handle 5)
2018-12-25T11:43:30.41714278Z 44 PC: 156e4 | Get time 0x156e4: add dl, dh
0x156e6: je 0x156e0
0x156e8: mov si, 0x115
0x156eb: add si, word ptr [0x106]
0x156ef: mov byte ptr [si], dl
0x156f1: mov ax, 0x4301
0x156f4: xor cx, cx
0x156f6: mov dx, si
0x156f8: add dx, 0xc7
0x156fc: int 0x21
0x156fe: mov ah, 0x3e
0x15700: int 0x21
0x15702: mov ax, 0x3d02
0x15705: int 0x21
0x15707: jb 0x156b8
0x15709: mov di, dx
0x1570b: add di, 0x63
0x1570e: stosw word ptr es:[di], ax
0x1570f: xchg ax, bx
0x15710: mov ah, 0x40
2018-12-25T11:43:30.419284175Z 67 PC: 156fe | Get or set file attributes
2018-12-25T11:43:30.437541199Z 62 PC: 15702 | Close file
2018-12-25T11:43:30.440385895Z 61 PC: 9fb0d | Open file (See above)
2018-12-25T11:43:30.44734269Z 63 PC: 9fb1e | Read file or device (See above)
2018-12-25T11:43:30.453776591Z 62 PC: 9fb75 | Close file (See above)
2018-12-25T11:43:30.456026643Z 61 PC: 15707 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:43:30.460573076Z 64 PC: 1571a | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:43:30.462392587Z 64 PC: 1572c | Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:43:30.464657998Z 64 PC: 15741 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:43:30.467243202Z 66 PC: 1574a | Move file pointer
2018-12-25T11:43:30.468646593Z 42 PC: 154b4 | Get date (See above)
2018-12-25T11:43:30.47121677Z 64 PC: 154ef | Write file or device (Write 1104 bytes on handle 5)
2018-12-25T11:43:30.479433608Z 42 PC: 154b4 | Get date (See above)
2018-12-25T11:43:30.481538755Z 87 PC: 15763 | Get or set file date and time
2018-12-25T11:43:30.483838334Z 62 PC: 15767 | Close file
2018-12-25T11:43:30.491377207Z 67 PC: 15778 | Get or set file attributes
2018-12-25T11:43:30.501599258Z 79 PC: 9fb79 | Find next file (See above)
2018-12-25T11:43:30.504041211Z 47 PC: 9fb8b | Get disk transfer address (See above)
2018-12-25T11:43:30.505057206Z 61 PC: 9fb0d | Open file (See above)
2018-12-25T11:43:30.508937779Z 63 PC: 9fb1e | Read file or device (See above)
2018-12-25T11:43:30.513214816Z 62 PC: 9fb75 | Close file (See above)
2018-12-25T11:43:30.514845124Z 61 PC: 15697 | Open file (See above)
2018-12-25T11:43:30.521362147Z 63 PC: 156a9 | Read file or device (See above)
2018-12-25T11:43:30.524528647Z 44 PC: 156e4 | Get time (See above)
2018-12-25T11:43:30.52668176Z 67 PC: 156fe | Get or set file attributes (See above)
2018-12-25T11:43:30.536187271Z 62 PC: 15702 | Close file (See above)
2018-12-25T11:43:30.538538597Z 61 PC: 9fb0d | Open file (See above)
2018-12-25T11:43:30.544686962Z 63 PC: 9fb1e | Read file or device (See above)
2018-12-25T11:43:30.547024549Z 62 PC: 9fb75 | Close file (See above)
2018-12-25T11:43:30.549067767Z 61 PC: 15707 | Open file (See above)
2018-12-25T11:43:30.55987482Z 64 PC: 1571a | Write file or device (See above)
2018-12-25T11:43:30.566395167Z 64 PC: 1572c | Write file or device (See above)
2018-12-25T11:43:30.56911697Z 64 PC: 15741 | Write file or device (See above)
2018-12-25T11:43:30.571540688Z 66 PC: 1574a | Move file pointer (See above)
2018-12-25T11:43:30.572926982Z 42 PC: 154b4 | Get date (See above)
2018-12-25T11:43:30.575435343Z 64 PC: 154ef | Write file or device (See above)
2018-12-25T11:43:30.583417405Z 42 PC: 154b4 | Get date (See above)
2018-12-25T11:43:30.585425819Z 87 PC: 15763 | Get or set file date and time (See above)
2018-12-25T11:43:30.587184784Z 62 PC: 15767 | Close file (See above)
2018-12-25T11:43:30.594452718Z 67 PC: 15778 | Get or set file attributes (See above)
2018-12-25T11:43:30.603847191Z 79 PC: 9fb79 | Find next file (See above)
2018-12-25T11:43:30.606407923Z 47 PC: 9fb8b | Get disk transfer address (See above)
2018-12-25T11:43:30.607571554Z 61 PC: 9fb0d | Open file (See above)
2018-12-25T11:43:30.613795351Z 63 PC: 9fb1e | Read file or device (See above)
2018-12-25T11:43:30.621134129Z 62 PC: 9fb75 | Close file (See above)
2018-12-25T11:43:30.623134245Z 61 PC: 15697 | Open file (See above)
2018-12-25T11:43:30.634691547Z 63 PC: 156a9 | Read file or device (See above)
2018-12-25T11:43:30.641740707Z 44 PC: 156e4 | Get time (See above)
2018-12-25T11:43:30.643841948Z 67 PC: 156fe | Get or set file attributes (See above)
2018-12-25T11:43:30.653543376Z 62 PC: 15702 | Close file (See above)
2018-12-25T11:43:30.655927694Z 61 PC: 9fb0d | Open file (See above)
2018-12-25T11:43:30.662460022Z 63 PC: 9fb1e | Read file or device (See above)
2018-12-25T11:43:30.664846761Z 62 PC: 9fb75 | Close file (See above)
2018-12-25T11:43:30.666954871Z 61 PC: 15707 | Open file (See above)
2018-12-25T11:43:30.673265311Z 64 PC: 1571a | Write file or device (See above)
2018-12-25T11:43:30.68621733Z 64 PC: 1572c | Write file or device (See above)
2018-12-25T11:43:30.689734375Z 64 PC: 15741 | Write file or device (See above)
2018-12-25T11:43:30.692490251Z 66 PC: 1574a | Move file pointer (See above)
2018-12-25T11:43:30.693996459Z 42 PC: 154b4 | Get date (See above)
2018-12-25T11:43:30.69725214Z 64 PC: 154ef | Write file or device (See above)
2018-12-25T11:43:30.70599814Z 42 PC: 154b4 | Get date (See above)
2018-12-25T11:43:30.708129447Z 87 PC: 15763 | Get or set file date and time (See above)
2018-12-25T11:43:30.710796221Z 62 PC: 15767 | Close file (See above)
2018-12-25T11:43:30.718532226Z 67 PC: 15778 | Get or set file attributes (See above)
2018-12-25T11:43:30.728520524Z 42 PC: 155c6 | Get date 0x155c6: cmp dx, 0x1602
0x155ca: je 0x155cf
0x155cc: jmp 0x157e8
0x155cf: jmp 0x1577d
0x155d2: and ah, bh
0x155d4: movsw word ptr es:[di], word ptr [si]
0x155d5: mov ax, 0x5c4c
0x155d8: add word ptr [di], ax
0x155da: add byte ptr [di - 0x75], dl
0x155dd: in al, dx
0x155de: sub sp, 0x2c
0x155e1: push si
0x155e2: jmp 0x15653
0x155e4: mov ah, 0x1a
0x155e6: lea dx, word ptr [bp - 0x2c]
0x155e9: int 0x21
0x155eb: mov ah, 0x4e
0x155ed: mov cx, 0x10
0x155f0: mov dx, 0x1b5
0x155f3: add dx, word ptr [0x106]
2018-12-25T11:43:30.731259438Z 47 PC: 9fa9a | Get disk transfer address (See above)
2018-12-25T11:43:30.732324762Z 26 PC: 9faab | Set disk transfer address (See above)
2018-12-25T11:43:30.733799458Z 78 PC: 9fab8 | Find first file (See above)
2018-12-25T11:43:30.740315676Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:30.746875238Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:30.748432311Z 66 PC: 9fa18 | Move file pointer (See above)
2018-12-25T11:43:30.750255823Z 63 PC: 9fa28 | Read file or device (See above)
2018-12-25T11:43:30.757180779Z 66 PC: 9fa5e | Move file pointer
2018-12-25T11:43:30.759599188Z 64 PC: 9fa6e | Write file or device (Write 1248 bytes on handle 5)
2018-12-25T11:43:30.770374999Z 66 PC: 9fa7d | Move file pointer
2018-12-25T11:43:30.771780471Z 64 PC: 9fa8d | Write file or device (Write 32 bytes on handle 5)
2018-12-25T11:43:30.774783309Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:30.783507575Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:30.786156305Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:30.792878522Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:30.794492975Z 66 PC: 9fa18 | Move file pointer (See above)
2018-12-25T11:43:30.796339037Z 63 PC: 9fa28 | Read file or device (See above)
2018-12-25T11:43:30.809086724Z 66 PC: 9fa5e | Move file pointer (See above)
2018-12-25T11:43:30.810496969Z 64 PC: 9fa6e | Write file or device (See above)
2018-12-25T11:43:30.819906752Z 66 PC: 9fa7d | Move file pointer (See above)
2018-12-25T11:43:30.822068013Z 64 PC: 9fa8d | Write file or device (See above)
2018-12-25T11:43:30.825595104Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:30.833743551Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:30.836642666Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:30.843188543Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:30.844469935Z 66 PC: 9fa18 | Move file pointer (See above)
2018-12-25T11:43:30.851114399Z 63 PC: 9fa28 | Read file or device (See above)
2018-12-25T11:43:30.857795632Z 66 PC: 9fa5e | Move file pointer (See above)
2018-12-25T11:43:30.859220318Z 64 PC: 9fa6e | Write file or device (See above)
2018-12-25T11:43:30.867792725Z 66 PC: 9fa7d | Move file pointer (See above)
2018-12-25T11:43:30.869505457Z 64 PC: 9fa8d | Write file or device (See above)
2018-12-25T11:43:30.871471696Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:30.878231906Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:30.885188141Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:30.891919132Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:30.895243751Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:30.897619972Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:30.900174691Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:30.912063825Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:30.913274628Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:30.915130321Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:30.917900232Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:30.924077256Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:30.925402712Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:30.9274301Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:30.929856605Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:30.936692155Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:30.93803144Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:30.939631395Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:30.942469763Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:30.948703019Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:30.950141414Z 66 PC: 9fa18 | Move file pointer (See above)
2018-12-25T11:43:30.952138015Z 63 PC: 9fa28 | Read file or device (See above)
2018-12-25T11:43:30.95832512Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:30.960277547Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:30.965395697Z 26 PC: 9fad0 | Set disk transfer address (See above)
2018-12-25T11:43:30.966688281Z 59 PC: 157f3 | Change current directory
2018-12-25T11:43:30.975331403Z 47 PC: 9fa9a | Get disk transfer address (See above)
2018-12-25T11:43:30.976838855Z 26 PC: 9faab | Set disk transfer address (See above)
2018-12-25T11:43:30.977761124Z 78 PC: 9fab8 | Find first file (See above)
2018-12-25T11:43:30.986444901Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:30.993643133Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:30.995096542Z 66 PC: 9fa18 | Move file pointer (See above)
2018-12-25T11:43:30.996138622Z 63 PC: 9fa28 | Read file or device (See above)
2018-12-25T11:43:31.000511922Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:31.001735885Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:31.00427744Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:31.011078773Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:31.012272357Z 66 PC: 9fa18 | Move file pointer (See above)
2018-12-25T11:43:31.013534785Z 63 PC: 9fa28 | Read file or device (See above)
2018-12-25T11:43:31.019803908Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:31.021383855Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:31.023995886Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:31.031281206Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:31.032458375Z 66 PC: 9fa18 | Move file pointer (See above)
2018-12-25T11:43:31.034142851Z 63 PC: 9fa28 | Read file or device (See above)
2018-12-25T11:43:31.040241517Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:31.041646737Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:31.044896189Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:31.051976691Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:31.053002704Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:31.055512518Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:31.058670499Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:31.065192214Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:31.07417357Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:31.075459556Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:31.077198946Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:31.091443545Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:31.092529302Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:31.094182526Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:31.096227088Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:31.100309713Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:31.101182235Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:31.103396679Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:31.104942107Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:31.111915541Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:31.113269693Z 66 PC: 9fa18 | Move file pointer (See above)
2018-12-25T11:43:31.114321176Z 63 PC: 9fa28 | Read file or device (See above)
2018-12-25T11:43:31.118992787Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:31.120191716Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:31.121605032Z 26 PC: 9fad0 | Set disk transfer address (See above)
2018-12-25T11:43:31.122335246Z 59 PC: 157fa | Change current directory
2018-12-25T11:43:31.123737405Z 37 PC: 15483 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:31.124494246Z 25 PC: 1517b | Get default drive
2018-12-25T11:43:31.12596431Z 26 PC: 1518f | Set disk transfer address
2018-12-25T11:43:31.126720277Z 78 PC: 9fb79 | Find first file (See above)
2018-12-25T11:43:31.13006846Z 47 PC: 9fb8b | Get disk transfer address (See above)
2018-12-25T11:43:31.131260861Z 67 PC: 15231 | Get or set file attributes
2018-12-25T11:43:31.238765885Z 61 PC: 9fb0d | Open file (See above)
2018-12-25T11:43:31.24520563Z 63 PC: 9fb1e | Read file or device (See above)
2018-12-25T11:43:31.251951103Z 66 PC: 9fb2f | Move file pointer
2018-12-25T11:43:31.253671265Z 66 PC: 9fb3d | Move file pointer
2018-12-25T11:43:31.254896117Z 63 PC: 9fb49 | Read file or device (Read 32 bytes on handle 5)
2018-12-25T11:43:31.261948398Z 66 PC: 9fb50 | Move file pointer
2018-12-25T11:43:31.263255279Z 64 PC: 9fb5c | Write file or device (Write 32 bytes on handle 5)
2018-12-25T11:43:31.266151086Z 66 PC: 9fb6b | Move file pointer
2018-12-25T11:43:31.267984202Z 64 PC: 9fb71 | Write file or device (Write 0 bytes on handle 5)
2018-12-25T11:43:31.304265591Z 62 PC: 9fb75 | Close file (See above)
2018-12-25T11:43:31.316867702Z 61 PC: 15238 | Open file (Filename = 'A:\SLEEP.COM')
2018-12-25T11:43:31.323406865Z 63 PC: 1524f | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:43:31.326056736Z 66 PC: 1527a | Move file pointer
2018-12-25T11:43:31.328193659Z 64 PC: 1528b | Write file or device (Write 850 bytes on handle 5)
2018-12-25T11:43:31.342291874Z 66 PC: 15295 | Move file pointer
2018-12-25T11:43:31.343661448Z 64 PC: 1529e | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:43:31.34667582Z 87 PC: 1545b | Get or set file date and time
2018-12-25T11:43:31.34843963Z 62 PC: 1545f | Close file
2018-12-25T11:43:31.383967243Z 67 PC: 1546b | Get or set file attributes
2018-12-25T11:43:31.399739953Z 37 PC: 15483 | Set interrupt vector (See above)
2018-12-25T11:43:31.401015762Z 26 PC: 151f2 | Set disk transfer address
2018-12-25T11:43:31.402695499Z 63 PC: 155a0 | Read file or device (See above)
2018-12-25T11:43:31.404828673Z 47 PC: 9fa9a | Get disk transfer address (See above)
2018-12-25T11:43:31.405881784Z 26 PC: 9faab | Set disk transfer address (See above)
2018-12-25T11:43:31.407059783Z 78 PC: 9fab8 | Find first file (See above)
2018-12-25T11:43:31.413155479Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:31.424516001Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:31.426476241Z 66 PC: 9fa18 | Move file pointer (See above)
2018-12-25T11:43:31.436010031Z 63 PC: 9fa28 | Read file or device (See above)
2018-12-25T11:43:31.442607074Z 66 PC: 9fa5e | Move file pointer (See above)
2018-12-25T11:43:31.444545872Z 64 PC: 9fa6e | Write file or device (See above)
2018-12-25T11:43:31.489843728Z 66 PC: 9fa7d | Move file pointer (See above)
2018-12-25T11:43:31.491251201Z 64 PC: 9fa8d | Write file or device (See above)
2018-12-25T11:43:31.495479129Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:31.521698772Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:31.524226047Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:31.529103957Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:31.530113441Z 66 PC: 9fa18 | Move file pointer (See above)
2018-12-25T11:43:31.531251409Z 63 PC: 9fa28 | Read file or device (See above)
2018-12-25T11:43:31.537377556Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:31.540885329Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:31.544296876Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:31.555681627Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:31.558957674Z 66 PC: 9fa18 | Move file pointer (See above)
2018-12-25T11:43:31.560783346Z 63 PC: 9fa28 | Read file or device (See above)
2018-12-25T11:43:31.567151037Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:31.568868749Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:31.57200854Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:31.57829536Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:31.580128656Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:31.582461795Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:31.585045687Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:31.591857994Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:31.593089549Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:31.594766098Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:31.598007757Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:31.604666533Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:31.605858295Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:31.608846248Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:31.611276774Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:31.622586142Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:31.624508367Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:31.626389108Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:31.629137454Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:31.635460239Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:31.63674983Z 66 PC: 9fa18 | Move file pointer (See above)
2018-12-25T11:43:31.638396608Z 63 PC: 9fa28 | Read file or device (See above)
2018-12-25T11:43:31.64435607Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:31.645883157Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:31.648691559Z 26 PC: 9fad0 | Set disk transfer address (See above)
2018-12-25T11:43:31.649623664Z 59 PC: 157f3 | Change current directory (See above)
2018-12-25T11:43:31.651220096Z 47 PC: 9fa9a | Get disk transfer address (See above)
2018-12-25T11:43:31.652547377Z 26 PC: 9faab | Set disk transfer address (See above)
2018-12-25T11:43:31.653593833Z 78 PC: 9fab8 | Find first file (See above)
2018-12-25T11:43:31.659175301Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:31.665475308Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:31.666647214Z 66 PC: 9fa18 | Move file pointer (See above)
2018-12-25T11:43:31.680011247Z 63 PC: 9fa28 | Read file or device (See above)
2018-12-25T11:43:31.686513682Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:31.688033666Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:31.690976716Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:31.697246182Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:31.698426304Z 66 PC: 9fa18 | Move file pointer (See above)
2018-12-25T11:43:31.700065495Z 63 PC: 9fa28 | Read file or device (See above)
2018-12-25T11:43:31.703846927Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:31.704908575Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:31.70671843Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:31.710665963Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:31.711944906Z 66 PC: 9fa18 | Move file pointer (See above)
2018-12-25T11:43:31.712792358Z 63 PC: 9fa28 | Read file or device (See above)
2018-12-25T11:43:31.716530812Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:31.718164327Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:31.719989346Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:31.724144053Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:31.729401512Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:31.731066812Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:31.733365336Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:31.739837595Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:31.740982696Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:31.742726601Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:31.74602794Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:31.757908934Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:31.760010037Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:31.761662851Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:31.764430319Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:31.771522395Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:31.772853369Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:31.7743969Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:31.777076076Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:31.783428186Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:31.784835117Z 66 PC: 9fa18 | Move file pointer (See above)
2018-12-25T11:43:31.785934605Z 63 PC: 9fa28 | Read file or device (See above)
2018-12-25T11:43:31.789785145Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:31.791280597Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:31.792745026Z 26 PC: 9fad0 | Set disk transfer address (See above)
2018-12-25T11:43:31.79359826Z 59 PC: 157fa | Change current directory (See above)
2018-12-25T11:43:31.795133672Z 9 PC: 12a51 | Display string (String= 'This is a sample! (10.000 bytes)')
2018-12-25T11:43:31.797292778Z 76 PC: 12a56 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":1369,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:43:30.591740965Z 37 PC: 12a48 | Set interrupt vector (Interrupt = '160' AKA 'UNKNOWN!')
2018-12-25T11:43:30.593795003Z 15 PC: 15902 | Open file (Filename = 'XXX^!=55u3&p&r&&]&&_H&&MCC&)&&@&@&&&IO& CT& LD&RV3V^P3X&&&p&rށ '%CGPP@&l&lXPP')
2018-12-25T11:43:30.595342333Z 47 PC: 15c8c | Get disk transfer address
2018-12-25T11:43:30.596367989Z 26 PC: 15c9d | Set disk transfer address
2018-12-25T11:43:30.597804343Z 78 PC: 15caa | Find first file
2018-12-25T11:43:30.603580748Z 61 PC: 15bcf | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:43:30.609852783Z 66 PC: 15be7 | Move file pointer
2018-12-25T11:43:30.612309253Z 62 PC: 15c87 | Close file
2018-12-25T11:43:30.613790466Z 79 PC: 15caa | Find next file (See above)
2018-12-25T11:43:30.615293108Z 61 PC: 15bcf | Open file (See above)
2018-12-25T11:43:30.622613251Z 66 PC: 15be7 | Move file pointer (See above)
2018-12-25T11:43:30.623709831Z 62 PC: 15c87 | Close file (See above)
2018-12-25T11:43:30.624903039Z 79 PC: 15caa | Find next file (See above)
2018-12-25T11:43:30.62699826Z 61 PC: 15bcf | Open file (See above)
2018-12-25T11:43:30.634016358Z 66 PC: 15be7 | Move file pointer (See above)
2018-12-25T11:43:30.634931632Z 62 PC: 15c87 | Close file (See above)
2018-12-25T11:43:30.65115831Z 79 PC: 15caa | Find next file (See above)
2018-12-25T11:43:30.653679528Z 61 PC: 15bcf | Open file (See above)
2018-12-25T11:43:30.658913196Z 66 PC: 15be7 | Move file pointer (See above)
2018-12-25T11:43:30.660678162Z 62 PC: 15c87 | Close file (See above)
2018-12-25T11:43:30.663170142Z 79 PC: 15caa | Find next file (See above)
2018-12-25T11:43:30.665911875Z 61 PC: 15bcf | Open file (See above)
2018-12-25T11:43:30.67185461Z 66 PC: 15be7 | Move file pointer (See above)
2018-12-25T11:43:30.686474483Z 62 PC: 15c87 | Close file (See above)
2018-12-25T11:43:30.688660913Z 79 PC: 15caa | Find next file (See above)
2018-12-25T11:43:30.691522314Z 61 PC: 15bcf | Open file (See above)
2018-12-25T11:43:30.699041541Z 66 PC: 15be7 | Move file pointer (See above)
2018-12-25T11:43:30.700729892Z 62 PC: 15c87 | Close file (See above)
2018-12-25T11:43:30.702549377Z 79 PC: 15caa | Find next file (See above)
2018-12-25T11:43:30.705419306Z 61 PC: 15bcf | Open file (See above)
2018-12-25T11:43:30.711903166Z 66 PC: 15be7 | Move file pointer (See above)
2018-12-25T11:43:30.713384019Z 62 PC: 15c87 | Close file (See above)
2018-12-25T11:43:30.726492878Z 79 PC: 15caa | Find next file (See above)
2018-12-25T11:43:30.732702606Z 61 PC: 15bcf | Open file (See above)
2018-12-25T11:43:30.744402363Z 66 PC: 15be7 | Move file pointer (See above)
2018-12-25T11:43:30.746355959Z 66 PC: 15c0a | Move file pointer
2018-12-25T11:43:30.750801443Z 63 PC: 15c1a | Read file or device (Read 32 bytes on handle 5)
2018-12-25T11:43:30.757271028Z 62 PC: 15c87 | Close file (See above)
2018-12-25T11:43:30.759727Z 79 PC: 15caa | Find next file (See above)
2018-12-25T11:43:30.76232638Z 26 PC: 15cc2 | Set disk transfer address
2018-12-25T11:43:30.763787741Z 42 PC: 154b4 | Get date 0x154b4: cmp dl, 0xf
0x154b7: je 0x154bb
0x154b9: jmp 0x154d8
0x154bb: cli
0x154bc: mov ah, 2
0x154be: cdq
0x154bf: mov cx, 0x100
0x154c2: int 0x26
0x154c4: jmp 0x154c6
0x154c6: cli
0x154c7: mov al, 3
0x154c9: mov cx, 0x2bc
0x154cc: mov dx, 0
0x154cf: mov ds, word ptr [di + 0x63]
0x154d2: mov bx, word ptr [di + 0x37]
0x154d5: call 0x254bb
0x154d8: ret
0x154d9: lodsb al, byte ptr [si]
0x154da: xor al, ah
0x154dc: stosb byte ptr es:[di], al
2018-12-25T11:43:30.766956752Z 71 PC: 155a0 | Get current directory
2018-12-25T11:43:30.769798925Z 47 PC: 9fa9a | Get disk transfer address
2018-12-25T11:43:30.770961299Z 26 PC: 9faab | Set disk transfer address
2018-12-25T11:43:30.772776461Z 78 PC: 9fab8 | Find first file
2018-12-25T11:43:30.778461583Z 61 PC: 9f9dd | Open file
2018-12-25T11:43:30.784992719Z 66 PC: 9f9f5 | Move file pointer
2018-12-25T11:43:30.786639174Z 62 PC: 9fa95 | Close file
2018-12-25T11:43:30.788504979Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:30.79080487Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:30.802316339Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:30.803850498Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:30.805654481Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:30.809338077Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:30.821019676Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:30.821957158Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:30.82335808Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:30.825163986Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:30.829152991Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:30.83021621Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:30.831691054Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:30.833318996Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:30.837628804Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:30.840975686Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:30.842634964Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:30.845209481Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:30.851892348Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:30.854120438Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:30.856172884Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:30.859849473Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:30.866427306Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:30.867945754Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:30.870868672Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:30.873539534Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:30.885285661Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:30.887241858Z 66 PC: 9fa18 | Move file pointer
2018-12-25T11:43:30.888584072Z 63 PC: 9fa28 | Read file or device (Read 32 bytes on handle 5)
2018-12-25T11:43:30.894857796Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:30.897148476Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:30.899385023Z 26 PC: 9fad0 | Set disk transfer address
2018-12-25T11:43:30.900390212Z 59 PC: 155ab | Change current directory
2018-12-25T11:43:30.904979029Z 26 PC: 1565e | Set disk transfer address
2018-12-25T11:43:30.905985612Z 78 PC: 9fb79 | Find first file
2018-12-25T11:43:30.911692988Z 47 PC: 9fb8b | Get disk transfer address
2018-12-25T11:43:30.913295679Z 61 PC: 9fb0d | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:43:30.91977193Z 63 PC: 9fb1e | Read file or device (Read 32 bytes on handle 5)
2018-12-25T11:43:30.925926555Z 62 PC: 9fb75 | Close file
2018-12-25T11:43:30.928652436Z 61 PC: 15697 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:43:30.93510482Z 63 PC: 156a9 | Read file or device (Read 8 bytes on handle 5)
2018-12-25T11:43:30.93759521Z 44 PC: 156e4 | Get time 0x156e4: add dl, dh
0x156e6: je 0x156e0
0x156e8: mov si, 0x115
0x156eb: add si, word ptr [0x106]
0x156ef: mov byte ptr [si], dl
0x156f1: mov ax, 0x4301
0x156f4: xor cx, cx
0x156f6: mov dx, si
0x156f8: add dx, 0xc7
0x156fc: int 0x21
0x156fe: mov ah, 0x3e
0x15700: int 0x21
0x15702: mov ax, 0x3d02
0x15705: int 0x21
0x15707: jb 0x156b8
0x15709: mov di, dx
0x1570b: add di, 0x63
0x1570e: stosw word ptr es:[di], ax
0x1570f: xchg ax, bx
0x15710: mov ah, 0x40
2018-12-25T11:43:30.940194864Z 67 PC: 156fe | Get or set file attributes
2018-12-25T11:43:30.960915197Z 62 PC: 15702 | Close file
2018-12-25T11:43:30.962699282Z 61 PC: 9fb0d | Open file (See above)
2018-12-25T11:43:30.969491314Z 63 PC: 9fb1e | Read file or device (See above)
2018-12-25T11:43:30.975598791Z 62 PC: 9fb75 | Close file (See above)
2018-12-25T11:43:30.977238417Z 61 PC: 15707 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:43:30.984117783Z 64 PC: 1571a | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:43:30.986916927Z 64 PC: 1572c | Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:43:30.989416306Z 64 PC: 15741 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:43:30.992359384Z 66 PC: 1574a | Move file pointer
2018-12-25T11:43:30.993629393Z 42 PC: 154b4 | Get date (See above)
2018-12-25T11:43:30.995689035Z 64 PC: 154ef | Write file or device (Write 1104 bytes on handle 5)
2018-12-25T11:43:31.095571628Z 42 PC: 154b4 | Get date (See above)
2018-12-25T11:43:31.097798693Z 87 PC: 15763 | Get or set file date and time
2018-12-25T11:43:31.099261364Z 62 PC: 15767 | Close file
2018-12-25T11:43:31.233697765Z 67 PC: 15778 | Get or set file attributes
2018-12-25T11:43:31.253425523Z 79 PC: 9fb79 | Find next file (See above)
2018-12-25T11:43:31.256648704Z 47 PC: 9fb8b | Get disk transfer address (See above)
2018-12-25T11:43:31.258291246Z 61 PC: 9fb0d | Open file (See above)
2018-12-25T11:43:31.264676314Z 63 PC: 9fb1e | Read file or device (See above)
2018-12-25T11:43:31.270950871Z 62 PC: 9fb75 | Close file (See above)
2018-12-25T11:43:31.272946949Z 61 PC: 15697 | Open file (See above)
2018-12-25T11:43:31.279438264Z 63 PC: 156a9 | Read file or device (See above)
2018-12-25T11:43:31.281947161Z 44 PC: 156e4 | Get time (See above)
2018-12-25T11:43:31.284499694Z 67 PC: 156fe | Get or set file attributes (See above)
2018-12-25T11:43:31.311134599Z 62 PC: 15702 | Close file (See above)
2018-12-25T11:43:31.313004551Z 61 PC: 9fb0d | Open file (See above)
2018-12-25T11:43:31.320050088Z 63 PC: 9fb1e | Read file or device (See above)
2018-12-25T11:43:31.323234875Z 62 PC: 9fb75 | Close file (See above)
2018-12-25T11:43:31.324931904Z 61 PC: 15707 | Open file (See above)
2018-12-25T11:43:31.337204112Z 64 PC: 1571a | Write file or device (See above)
2018-12-25T11:43:31.344411768Z 64 PC: 1572c | Write file or device (See above)
2018-12-25T11:43:31.34749267Z 64 PC: 15741 | Write file or device (See above)
2018-12-25T11:43:31.350497325Z 66 PC: 1574a | Move file pointer (See above)
2018-12-25T11:43:31.351833261Z 42 PC: 154b4 | Get date (See above)
2018-12-25T11:43:31.35388606Z 64 PC: 154ef | Write file or device (See above)
2018-12-25T11:43:31.38946436Z 42 PC: 154b4 | Get date (See above)
2018-12-25T11:43:31.392031219Z 87 PC: 15763 | Get or set file date and time (See above)
2018-12-25T11:43:31.394075308Z 62 PC: 15767 | Close file (See above)
2018-12-25T11:43:31.431412505Z 67 PC: 15778 | Get or set file attributes (See above)
2018-12-25T11:43:31.475974911Z 79 PC: 9fb79 | Find next file (See above)
2018-12-25T11:43:31.478979268Z 47 PC: 9fb8b | Get disk transfer address (See above)
2018-12-25T11:43:31.480401214Z 61 PC: 9fb0d | Open file (See above)
2018-12-25T11:43:31.487481776Z 63 PC: 9fb1e | Read file or device (See above)
2018-12-25T11:43:31.497112481Z 62 PC: 9fb75 | Close file (See above)
2018-12-25T11:43:31.499564907Z 61 PC: 15697 | Open file (See above)
2018-12-25T11:43:31.506542287Z 63 PC: 156a9 | Read file or device (See above)
2018-12-25T11:43:31.509572024Z 44 PC: 156e4 | Get time (See above)
2018-12-25T11:43:31.512268695Z 67 PC: 156fe | Get or set file attributes (See above)
2018-12-25T11:43:31.532912223Z 62 PC: 15702 | Close file (See above)
2018-12-25T11:43:31.534796232Z 61 PC: 9fb0d | Open file (See above)
2018-12-25T11:43:31.543829262Z 63 PC: 9fb1e | Read file or device (See above)
2018-12-25T11:43:31.546521888Z 62 PC: 9fb75 | Close file (See above)
2018-12-25T11:43:31.548218956Z 61 PC: 15707 | Open file (See above)
2018-12-25T11:43:31.559880487Z 64 PC: 1571a | Write file or device (See above)
2018-12-25T11:43:31.566318049Z 64 PC: 1572c | Write file or device (See above)
2018-12-25T11:43:31.568893827Z 64 PC: 15741 | Write file or device (See above)
2018-12-25T11:43:31.571710246Z 66 PC: 1574a | Move file pointer (See above)
2018-12-25T11:43:31.573034399Z 42 PC: 154b4 | Get date (See above)
2018-12-25T11:43:31.575250005Z 64 PC: 154ef | Write file or device (See above)
2018-12-25T11:43:31.613990021Z 42 PC: 154b4 | Get date (See above)
2018-12-25T11:43:31.616378687Z 87 PC: 15763 | Get or set file date and time (See above)
2018-12-25T11:43:31.617914273Z 62 PC: 15767 | Close file (See above)
2018-12-25T11:43:31.662210189Z 67 PC: 15778 | Get or set file attributes (See above)
2018-12-25T11:43:31.725994553Z 42 PC: 155c6 | Get date 0x155c6: cmp dx, 0x1602
0x155ca: je 0x155cf
0x155cc: jmp 0x157e8
0x155cf: jmp 0x1577d
0x155d2: and ah, bh
0x155d4: movsw word ptr es:[di], word ptr [si]
0x155d5: mov ax, 0x5c4c
0x155d8: add word ptr [di], ax
0x155da: add byte ptr [di - 0x75], dl
0x155dd: in al, dx
0x155de: sub sp, 0x2c
0x155e1: push si
0x155e2: jmp 0x15653
0x155e4: mov ah, 0x1a
0x155e6: lea dx, word ptr [bp - 0x2c]
0x155e9: int 0x21
0x155eb: mov ah, 0x4e
0x155ed: mov cx, 0x10
0x155f0: mov dx, 0x1b5
0x155f3: add dx, word ptr [0x106]
2018-12-25T11:43:31.730048965Z 47 PC: 9fa9a | Get disk transfer address (See above)
2018-12-25T11:43:31.731619986Z 26 PC: 9faab | Set disk transfer address (See above)
2018-12-25T11:43:31.732871796Z 78 PC: 9fab8 | Find first file (See above)
2018-12-25T11:43:31.74371663Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:31.750253611Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:31.751500467Z 66 PC: 9fa18 | Move file pointer (See above)
2018-12-25T11:43:31.752974146Z 63 PC: 9fa28 | Read file or device (See above)
2018-12-25T11:43:31.759292937Z 66 PC: 9fa5e | Move file pointer
2018-12-25T11:43:31.760535568Z 64 PC: 9fa6e | Write file or device (Write 1248 bytes on handle 5)
2018-12-25T11:43:31.815833216Z 66 PC: 9fa7d | Move file pointer
2018-12-25T11:43:31.81747358Z 64 PC: 9fa8d | Write file or device (Write 32 bytes on handle 5)
2018-12-25T11:43:31.819233534Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:31.882050969Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:31.884856231Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:31.89111178Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:31.893110572Z 66 PC: 9fa18 | Move file pointer (See above)
2018-12-25T11:43:31.894443776Z 63 PC: 9fa28 | Read file or device (See above)
2018-12-25T11:43:31.901004843Z 66 PC: 9fa5e | Move file pointer (See above)
2018-12-25T11:43:31.902674194Z 64 PC: 9fa6e | Write file or device (See above)
2018-12-25T11:43:31.974736791Z 66 PC: 9fa7d | Move file pointer (See above)
2018-12-25T11:43:31.975799515Z 64 PC: 9fa8d | Write file or device (See above)
2018-12-25T11:43:31.978859Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:32.062555241Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:32.065022444Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:32.071790341Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:32.073045991Z 66 PC: 9fa18 | Move file pointer (See above)
2018-12-25T11:43:32.074216359Z 63 PC: 9fa28 | Read file or device (See above)
2018-12-25T11:43:32.080610546Z 66 PC: 9fa5e | Move file pointer (See above)
2018-12-25T11:43:32.081764251Z 64 PC: 9fa6e | Write file or device (See above)
2018-12-25T11:43:32.165429794Z 66 PC: 9fa7d | Move file pointer (See above)
2018-12-25T11:43:32.166905431Z 64 PC: 9fa8d | Write file or device (See above)
2018-12-25T11:43:32.169426029Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:32.264315041Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:32.267072509Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:32.273499589Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:32.275348149Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:32.277170827Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:32.279614699Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:32.286438057Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:32.287860078Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:32.289485737Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:32.292280584Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:32.299307922Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:32.300573145Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:32.30248433Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:32.304774826Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:32.310927896Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:32.312736412Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:32.314334865Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:32.316637981Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:32.328475005Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:32.32966544Z 66 PC: 9fa18 | Move file pointer (See above)
2018-12-25T11:43:32.330944848Z 63 PC: 9fa28 | Read file or device (See above)
2018-12-25T11:43:32.337128463Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:32.338659335Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:32.34127366Z 26 PC: 9fad0 | Set disk transfer address (See above)
2018-12-25T11:43:32.342366835Z 59 PC: 157f3 | Change current directory
2018-12-25T11:43:32.346127741Z 47 PC: 9fa9a | Get disk transfer address (See above)
2018-12-25T11:43:32.34746497Z 26 PC: 9faab | Set disk transfer address (See above)
2018-12-25T11:43:32.348364438Z 78 PC: 9fab8 | Find first file (See above)
2018-12-25T11:43:32.353910229Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:32.360546139Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:32.361789785Z 66 PC: 9fa18 | Move file pointer (See above)
2018-12-25T11:43:32.362953079Z 63 PC: 9fa28 | Read file or device (See above)
2018-12-25T11:43:32.369501941Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:32.371147145Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:32.373694401Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:32.380242207Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:32.381626239Z 66 PC: 9fa18 | Move file pointer (See above)
2018-12-25T11:43:32.382874847Z 63 PC: 9fa28 | Read file or device (See above)
2018-12-25T11:43:32.389155925Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:32.396122553Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:32.398685334Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:32.410535308Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:32.4121724Z 66 PC: 9fa18 | Move file pointer (See above)
2018-12-25T11:43:32.414012205Z 63 PC: 9fa28 | Read file or device (See above)
2018-12-25T11:43:32.420374367Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:32.422187757Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:32.426013859Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:32.445036725Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:32.446275973Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:32.448270705Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:32.450609261Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:32.456617086Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:32.458521352Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:32.459777205Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:32.461975917Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:32.470968075Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:32.472352237Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:32.474019244Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:32.47690243Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:32.483083759Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:32.484295789Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:32.486418599Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:32.488746335Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:32.494942378Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:32.496253537Z 66 PC: 9fa18 | Move file pointer (See above)
2018-12-25T11:43:32.497387428Z 63 PC: 9fa28 | Read file or device (See above)
2018-12-25T11:43:32.503616232Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:32.505625603Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:32.50781055Z 26 PC: 9fad0 | Set disk transfer address (See above)
2018-12-25T11:43:32.508882262Z 59 PC: 157fa | Change current directory
2018-12-25T11:43:32.511095655Z 37 PC: 15483 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:32.512102509Z 25 PC: 1517b | Get default drive
2018-12-25T11:43:32.513188729Z 26 PC: 1518f | Set disk transfer address
2018-12-25T11:43:32.514347342Z 78 PC: 9fb79 | Find first file (See above)
2018-12-25T11:43:32.519855722Z 47 PC: 9fb8b | Get disk transfer address (See above)
2018-12-25T11:43:32.521432627Z 67 PC: 15231 | Get or set file attributes
2018-12-25T11:43:32.654830559Z 61 PC: 9fb0d | Open file (See above)
2018-12-25T11:43:32.661208811Z 63 PC: 9fb1e | Read file or device (See above)
2018-12-25T11:43:32.667806568Z 66 PC: 9fb2f | Move file pointer
2018-12-25T11:43:32.668988299Z 66 PC: 9fb3d | Move file pointer
2018-12-25T11:43:32.670266555Z 63 PC: 9fb49 | Read file or device (Read 32 bytes on handle 5)
2018-12-25T11:43:32.677277487Z 66 PC: 9fb50 | Move file pointer
2018-12-25T11:43:32.678569362Z 64 PC: 9fb5c | Write file or device (Write 32 bytes on handle 5)
2018-12-25T11:43:32.681183129Z 66 PC: 9fb6b | Move file pointer
2018-12-25T11:43:32.682945614Z 64 PC: 9fb71 | Write file or device (Write 0 bytes on handle 5)
2018-12-25T11:43:32.834609429Z 62 PC: 9fb75 | Close file (See above)
2018-12-25T11:43:33.097915829Z 61 PC: 15238 | Open file (Filename = 'A:\SLEEP.COM')
2018-12-25T11:43:33.103057653Z 63 PC: 1524f | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:43:33.106105734Z 66 PC: 1527a | Move file pointer
2018-12-25T11:43:33.108138955Z 64 PC: 1528b | Write file or device (Write 850 bytes on handle 5)
2018-12-25T11:43:33.278525416Z 66 PC: 15295 | Move file pointer
2018-12-25T11:43:33.280351735Z 64 PC: 1529e | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:43:33.284152235Z 87 PC: 1545b | Get or set file date and time
2018-12-25T11:43:33.285911075Z 62 PC: 1545f | Close file
2018-12-25T11:43:33.427459346Z 67 PC: 1546b | Get or set file attributes
2018-12-25T11:43:33.46260776Z 37 PC: 15483 | Set interrupt vector (See above)
2018-12-25T11:43:33.463865434Z 26 PC: 151f2 | Set disk transfer address
2018-12-25T11:43:33.465173618Z 63 PC: 155a0 | Read file or device (See above)
2018-12-25T11:43:33.467248553Z 47 PC: 9fa9a | Get disk transfer address (See above)
2018-12-25T11:43:33.468217721Z 26 PC: 9faab | Set disk transfer address (See above)
2018-12-25T11:43:33.469158289Z 78 PC: 9fab8 | Find first file (See above)
2018-12-25T11:43:33.475916911Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:33.481979067Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:33.483822631Z 66 PC: 9fa18 | Move file pointer (See above)
2018-12-25T11:43:33.485287202Z 63 PC: 9fa28 | Read file or device (See above)
2018-12-25T11:43:33.48786001Z 66 PC: 9fa5e | Move file pointer (See above)
2018-12-25T11:43:33.489467453Z 64 PC: 9fa6e | Write file or device (See above)
2018-12-25T11:43:33.582303558Z 66 PC: 9fa7d | Move file pointer (See above)
2018-12-25T11:43:33.588636557Z 64 PC: 9fa8d | Write file or device (See above)
2018-12-25T11:43:33.592623749Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:33.60129159Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:33.603923369Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:33.611777887Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:33.613478035Z 66 PC: 9fa18 | Move file pointer (See above)
2018-12-25T11:43:33.615100719Z 63 PC: 9fa28 | Read file or device (See above)
2018-12-25T11:43:33.623444453Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:33.625536852Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:33.628712036Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:33.636296081Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:33.637805253Z 66 PC: 9fa18 | Move file pointer (See above)
2018-12-25T11:43:33.640110387Z 63 PC: 9fa28 | Read file or device (See above)
2018-12-25T11:43:33.646848756Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:33.648761362Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:33.652416703Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:33.659317437Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:33.660876188Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:33.664549868Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:33.667089714Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:33.676115437Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:33.677781918Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:33.67918457Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:33.681061475Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:33.688639651Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:33.689922694Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:33.691777249Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:33.694294068Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:33.702954036Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:33.704877951Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:33.70668265Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:33.709186538Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:33.715905482Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:33.717454691Z 66 PC: 9fa18 | Move file pointer (See above)
2018-12-25T11:43:33.718705457Z 63 PC: 9fa28 | Read file or device (See above)
2018-12-25T11:43:33.725858612Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:33.727664704Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:33.730007848Z 26 PC: 9fad0 | Set disk transfer address (See above)
2018-12-25T11:43:33.731642193Z 59 PC: 157f3 | Change current directory (See above)
2018-12-25T11:43:33.741161793Z 47 PC: 9fa9a | Get disk transfer address (See above)
2018-12-25T11:43:33.743458859Z 26 PC: 9faab | Set disk transfer address (See above)
2018-12-25T11:43:33.744987079Z 78 PC: 9fab8 | Find first file (See above)
2018-12-25T11:43:33.753875608Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:33.761070327Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:33.762592852Z 66 PC: 9fa18 | Move file pointer (See above)
2018-12-25T11:43:33.764179597Z 63 PC: 9fa28 | Read file or device (See above)
2018-12-25T11:43:33.771658398Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:33.774169318Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:33.777105337Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:33.784689878Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:33.787192792Z 66 PC: 9fa18 | Move file pointer (See above)
2018-12-25T11:43:33.788842794Z 63 PC: 9fa28 | Read file or device (See above)
2018-12-25T11:43:33.796379564Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:33.798430851Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:33.801306725Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:33.81374214Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:33.815342054Z 66 PC: 9fa18 | Move file pointer (See above)
2018-12-25T11:43:33.81705513Z 63 PC: 9fa28 | Read file or device (See above)
2018-12-25T11:43:33.823847368Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:33.825540665Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:33.828890648Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:33.835314614Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:33.836662979Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:33.839140983Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:33.841479411Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:33.847740029Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:33.849753685Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:33.851462404Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:33.85374791Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:33.860436966Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:33.861671868Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:33.863455777Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:33.86593872Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:33.873466249Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:33.875767333Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:33.87760478Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:33.880223002Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:33.892328319Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:33.893730816Z 66 PC: 9fa18 | Move file pointer (See above)
2018-12-25T11:43:33.89499374Z 63 PC: 9fa28 | Read file or device (See above)
2018-12-25T11:43:33.902098607Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:33.90409303Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:33.906931439Z 26 PC: 9fad0 | Set disk transfer address (See above)
2018-12-25T11:43:33.908471307Z 59 PC: 157fa | Change current directory (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":1369,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:43:30.549091286Z 37 PC: 12a48 | Set interrupt vector (Interrupt = '160' AKA 'UNKNOWN!')
2018-12-25T11:43:30.55124808Z 15 PC: 15902 | Open file (Filename = 'XXX^!=55u3&p&r&&]&&_H&&MCC&)&&@&@&&&IO& CT& LD&RV3V^P3X&&&p&rށ '%CGPP@&l&lXPP')
2018-12-25T11:43:30.553176165Z 47 PC: 15c8c | Get disk transfer address
2018-12-25T11:43:30.554553663Z 26 PC: 15c9d | Set disk transfer address
2018-12-25T11:43:30.556461482Z 78 PC: 15caa | Find first file
2018-12-25T11:43:30.563223418Z 61 PC: 15bcf | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:43:30.57144304Z 66 PC: 15be7 | Move file pointer
2018-12-25T11:43:30.578984237Z 62 PC: 15c87 | Close file
2018-12-25T11:43:30.586031351Z 79 PC: 15caa | Find next file (See above)
2018-12-25T11:43:30.589813023Z 61 PC: 15bcf | Open file (See above)
2018-12-25T11:43:30.603189215Z 66 PC: 15be7 | Move file pointer (See above)
2018-12-25T11:43:30.608673889Z 62 PC: 15c87 | Close file (See above)
2018-12-25T11:43:30.610549627Z 79 PC: 15caa | Find next file (See above)
2018-12-25T11:43:30.613382764Z 61 PC: 15bcf | Open file (See above)
2018-12-25T11:43:30.62421255Z 66 PC: 15be7 | Move file pointer (See above)
2018-12-25T11:43:30.625763617Z 62 PC: 15c87 | Close file (See above)
2018-12-25T11:43:30.627671305Z 79 PC: 15caa | Find next file (See above)
2018-12-25T11:43:30.644469899Z 61 PC: 15bcf | Open file (See above)
2018-12-25T11:43:30.652168997Z 66 PC: 15be7 | Move file pointer (See above)
2018-12-25T11:43:30.653765693Z 62 PC: 15c87 | Close file (See above)
2018-12-25T11:43:30.656101768Z 79 PC: 15caa | Find next file (See above)
2018-12-25T11:43:30.657953262Z 61 PC: 15bcf | Open file (See above)
2018-12-25T11:43:30.662026412Z 66 PC: 15be7 | Move file pointer (See above)
2018-12-25T11:43:30.663620491Z 62 PC: 15c87 | Close file (See above)
2018-12-25T11:43:30.664930164Z 79 PC: 15caa | Find next file (See above)
2018-12-25T11:43:30.666629668Z 61 PC: 15bcf | Open file (See above)
2018-12-25T11:43:30.676781552Z 66 PC: 15be7 | Move file pointer (See above)
2018-12-25T11:43:30.67794476Z 62 PC: 15c87 | Close file (See above)
2018-12-25T11:43:30.679229192Z 79 PC: 15caa | Find next file (See above)
2018-12-25T11:43:30.681172767Z 61 PC: 15bcf | Open file (See above)
2018-12-25T11:43:30.685938406Z 66 PC: 15be7 | Move file pointer (See above)
2018-12-25T11:43:30.689193767Z 62 PC: 15c87 | Close file (See above)
2018-12-25T11:43:30.691151306Z 79 PC: 15caa | Find next file (See above)
2018-12-25T11:43:30.694728057Z 61 PC: 15bcf | Open file (See above)
2018-12-25T11:43:30.702111798Z 66 PC: 15be7 | Move file pointer (See above)
2018-12-25T11:43:30.703633541Z 66 PC: 15c0a | Move file pointer
2018-12-25T11:43:30.705375538Z 63 PC: 15c1a | Read file or device (Read 32 bytes on handle 5)
2018-12-25T11:43:30.717141734Z 62 PC: 15c87 | Close file (See above)
2018-12-25T11:43:30.719599859Z 79 PC: 15caa | Find next file (See above)
2018-12-25T11:43:30.722809675Z 26 PC: 15cc2 | Set disk transfer address
2018-12-25T11:43:30.724194421Z 42 PC: 154b4 | Get date 0x154b4: cmp dl, 0xf
0x154b7: je 0x154bb
0x154b9: jmp 0x154d8
0x154bb: cli
0x154bc: mov ah, 2
0x154be: cdq
0x154bf: mov cx, 0x100
0x154c2: int 0x26
0x154c4: jmp 0x154c6
0x154c6: cli
0x154c7: mov al, 3
0x154c9: mov cx, 0x2bc
0x154cc: mov dx, 0
0x154cf: mov ds, word ptr [di + 0x63]
0x154d2: mov bx, word ptr [di + 0x37]
0x154d5: call 0x254bb
0x154d8: ret
0x154d9: lodsb al, byte ptr [si]
0x154da: xor al, ah
0x154dc: stosb byte ptr es:[di], al
2018-12-25T11:43:30.727111417Z 71 PC: 155a0 | Get current directory
2018-12-25T11:43:30.731117173Z 47 PC: 9fa9a | Get disk transfer address
2018-12-25T11:43:30.732814184Z 26 PC: 9faab | Set disk transfer address
2018-12-25T11:43:30.734344285Z 78 PC: 9fab8 | Find first file
2018-12-25T11:43:30.742393689Z 61 PC: 9f9dd | Open file
2018-12-25T11:43:30.756313674Z 66 PC: 9f9f5 | Move file pointer
2018-12-25T11:43:30.757962813Z 62 PC: 9fa95 | Close file
2018-12-25T11:43:30.760747689Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:30.763694782Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:30.770935022Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:30.773258289Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:30.775217718Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:30.777770101Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:30.785197362Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:30.786686559Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:30.788451261Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:30.791309578Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:30.795861168Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:30.797337055Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:30.799460184Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:30.802528836Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:30.811030465Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:30.812685939Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:30.828859643Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:30.832273185Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:30.845665988Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:30.848512117Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:30.850511508Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:30.853206077Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:30.861419665Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:30.86299638Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:30.86498749Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:30.868410617Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:30.887980756Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:30.889526166Z 66 PC: 9fa18 | Move file pointer
2018-12-25T11:43:30.891270951Z 63 PC: 9fa28 | Read file or device (Read 32 bytes on handle 5)
2018-12-25T11:43:30.899644297Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:30.901759115Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:30.904806285Z 26 PC: 9fad0 | Set disk transfer address
2018-12-25T11:43:30.911248722Z 59 PC: 155ab | Change current directory
2018-12-25T11:43:30.916093149Z 26 PC: 1565e | Set disk transfer address
2018-12-25T11:43:30.917863026Z 78 PC: 9fb79 | Find first file
2018-12-25T11:43:30.925386655Z 47 PC: 9fb8b | Get disk transfer address
2018-12-25T11:43:30.927033794Z 61 PC: 9fb0d | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:43:30.934611745Z 63 PC: 9fb1e | Read file or device (Read 32 bytes on handle 5)
2018-12-25T11:43:30.942822058Z 62 PC: 9fb75 | Close file
2018-12-25T11:43:30.945308244Z 61 PC: 15697 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:43:30.959318487Z 63 PC: 156a9 | Read file or device (Read 8 bytes on handle 5)
2018-12-25T11:43:30.967321496Z 44 PC: 156e4 | Get time 0x156e4: add dl, dh
0x156e6: je 0x156e0
0x156e8: mov si, 0x115
0x156eb: add si, word ptr [0x106]
0x156ef: mov byte ptr [si], dl
0x156f1: mov ax, 0x4301
0x156f4: xor cx, cx
0x156f6: mov dx, si
0x156f8: add dx, 0xc7
0x156fc: int 0x21
0x156fe: mov ah, 0x3e
0x15700: int 0x21
0x15702: mov ax, 0x3d02
0x15705: int 0x21
0x15707: jb 0x156b8
0x15709: mov di, dx
0x1570b: add di, 0x63
0x1570e: stosw word ptr es:[di], ax
0x1570f: xchg ax, bx
0x15710: mov ah, 0x40
2018-12-25T11:43:30.970063148Z 67 PC: 156fe | Get or set file attributes
2018-12-25T11:43:30.987650066Z 62 PC: 15702 | Close file
2018-12-25T11:43:30.990327986Z 61 PC: 9fb0d | Open file (See above)
2018-12-25T11:43:30.997636333Z 63 PC: 9fb1e | Read file or device (See above)
2018-12-25T11:43:31.000215016Z 62 PC: 9fb75 | Close file (See above)
2018-12-25T11:43:31.003011348Z 61 PC: 15707 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:43:31.022101711Z 64 PC: 1571a | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:43:31.041762411Z 64 PC: 1572c | Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:43:31.045406831Z 64 PC: 15741 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:43:31.048226632Z 66 PC: 1574a | Move file pointer
2018-12-25T11:43:31.049706019Z 42 PC: 154b4 | Get date (See above)
2018-12-25T11:43:31.052090866Z 64 PC: 154ef | Write file or device (Write 1104 bytes on handle 5)
2018-12-25T11:43:31.058668984Z 42 PC: 154b4 | Get date (See above)
2018-12-25T11:43:31.061040798Z 87 PC: 15763 | Get or set file date and time
2018-12-25T11:43:31.06330431Z 62 PC: 15767 | Close file
2018-12-25T11:43:31.072090455Z 67 PC: 15778 | Get or set file attributes
2018-12-25T11:43:31.083341147Z 79 PC: 9fb79 | Find next file (See above)
2018-12-25T11:43:31.087163822Z 47 PC: 9fb8b | Get disk transfer address (See above)
2018-12-25T11:43:31.088825069Z 61 PC: 9fb0d | Open file (See above)
2018-12-25T11:43:31.102222629Z 63 PC: 9fb1e | Read file or device (See above)
2018-12-25T11:43:31.109931456Z 62 PC: 9fb75 | Close file (See above)
2018-12-25T11:43:31.112001803Z 61 PC: 15697 | Open file (See above)
2018-12-25T11:43:31.126478265Z 63 PC: 156a9 | Read file or device (See above)
2018-12-25T11:43:31.130170485Z 44 PC: 156e4 | Get time (See above)
2018-12-25T11:43:31.132108896Z 67 PC: 156fe | Get or set file attributes (See above)
2018-12-25T11:43:31.138943528Z 62 PC: 15702 | Close file (See above)
2018-12-25T11:43:31.14073415Z 61 PC: 9fb0d | Open file (See above)
2018-12-25T11:43:31.145274421Z 63 PC: 9fb1e | Read file or device (See above)
2018-12-25T11:43:31.147396629Z 62 PC: 9fb75 | Close file (See above)
2018-12-25T11:43:31.149625497Z 61 PC: 15707 | Open file (See above)
2018-12-25T11:43:31.154135493Z 64 PC: 1571a | Write file or device (See above)
2018-12-25T11:43:31.156076557Z 64 PC: 1572c | Write file or device (See above)
2018-12-25T11:43:31.158012188Z 64 PC: 15741 | Write file or device (See above)
2018-12-25T11:43:31.159932904Z 66 PC: 1574a | Move file pointer (See above)
2018-12-25T11:43:31.160933842Z 42 PC: 154b4 | Get date (See above)
2018-12-25T11:43:31.162941652Z 64 PC: 154ef | Write file or device (See above)
2018-12-25T11:43:31.170232571Z 42 PC: 154b4 | Get date (See above)
2018-12-25T11:43:31.172621038Z 87 PC: 15763 | Get or set file date and time (See above)
2018-12-25T11:43:31.174244323Z 62 PC: 15767 | Close file (See above)
2018-12-25T11:43:31.183504128Z 67 PC: 15778 | Get or set file attributes (See above)
2018-12-25T11:43:31.195448251Z 79 PC: 9fb79 | Find next file (See above)
2018-12-25T11:43:31.200496374Z 47 PC: 9fb8b | Get disk transfer address (See above)
2018-12-25T11:43:31.202715898Z 61 PC: 9fb0d | Open file (See above)
2018-12-25T11:43:31.210866589Z 63 PC: 9fb1e | Read file or device (See above)
2018-12-25T11:43:31.217887875Z 62 PC: 9fb75 | Close file (See above)
2018-12-25T11:43:31.221847074Z 61 PC: 15697 | Open file (See above)
2018-12-25T11:43:31.229804834Z 63 PC: 156a9 | Read file or device (See above)
2018-12-25T11:43:31.232686065Z 44 PC: 156e4 | Get time (See above)
2018-12-25T11:43:31.235704329Z 67 PC: 156fe | Get or set file attributes (See above)
2018-12-25T11:43:31.264034473Z 62 PC: 15702 | Close file (See above)
2018-12-25T11:43:31.266445316Z 61 PC: 9fb0d | Open file (See above)
2018-12-25T11:43:31.274081004Z 63 PC: 9fb1e | Read file or device (See above)
2018-12-25T11:43:31.280912363Z 62 PC: 9fb75 | Close file (See above)
2018-12-25T11:43:31.282703469Z 61 PC: 15707 | Open file (See above)
2018-12-25T11:43:31.2915542Z 64 PC: 1571a | Write file or device (See above)
2018-12-25T11:43:31.294821219Z 64 PC: 1572c | Write file or device (See above)
2018-12-25T11:43:31.2979384Z 64 PC: 15741 | Write file or device (See above)
2018-12-25T11:43:31.302281077Z 66 PC: 1574a | Move file pointer (See above)
2018-12-25T11:43:31.304427461Z 42 PC: 154b4 | Get date (See above)
2018-12-25T11:43:31.307353784Z 64 PC: 154ef | Write file or device (See above)
2018-12-25T11:43:31.317912566Z 42 PC: 154b4 | Get date (See above)
2018-12-25T11:43:31.322541781Z 87 PC: 15763 | Get or set file date and time (See above)
2018-12-25T11:43:31.324814001Z 62 PC: 15767 | Close file (See above)
2018-12-25T11:43:31.334992359Z 67 PC: 15778 | Get or set file attributes (See above)
2018-12-25T11:43:31.346438504Z 42 PC: 155c6 | Get date 0x155c6: cmp dx, 0x1602
0x155ca: je 0x155cf
0x155cc: jmp 0x157e8
0x155cf: jmp 0x1577d
0x155d2: and ah, bh
0x155d4: movsw word ptr es:[di], word ptr [si]
0x155d5: mov ax, 0x5c4c
0x155d8: add word ptr [di], ax
0x155da: add byte ptr [di - 0x75], dl
0x155dd: in al, dx
0x155de: sub sp, 0x2c
0x155e1: push si
0x155e2: jmp 0x15653
0x155e4: mov ah, 0x1a
0x155e6: lea dx, word ptr [bp - 0x2c]
0x155e9: int 0x21
0x155eb: mov ah, 0x4e
0x155ed: mov cx, 0x10
0x155f0: mov dx, 0x1b5
0x155f3: add dx, word ptr [0x106]
2018-12-25T11:43:31.34936042Z 47 PC: 9fa9a | Get disk transfer address (See above)
2018-12-25T11:43:31.35212657Z 26 PC: 9faab | Set disk transfer address (See above)
2018-12-25T11:43:31.353548098Z 78 PC: 9fab8 | Find first file (See above)
2018-12-25T11:43:31.360976639Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:31.374650773Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:31.376912787Z 66 PC: 9fa18 | Move file pointer (See above)
2018-12-25T11:43:31.378801402Z 63 PC: 9fa28 | Read file or device (See above)
2018-12-25T11:43:31.388447877Z 66 PC: 9fa5e | Move file pointer
2018-12-25T11:43:31.390252135Z 64 PC: 9fa6e | Write file or device (Write 1248 bytes on handle 5)
2018-12-25T11:43:31.400651623Z 66 PC: 9fa7d | Move file pointer
2018-12-25T11:43:31.403476733Z 64 PC: 9fa8d | Write file or device (Write 32 bytes on handle 5)
2018-12-25T11:43:31.406781379Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:31.415946777Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:31.420353785Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:31.428644251Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:31.43121554Z 66 PC: 9fa18 | Move file pointer (See above)
2018-12-25T11:43:31.433099223Z 63 PC: 9fa28 | Read file or device (See above)
2018-12-25T11:43:31.441727094Z 66 PC: 9fa5e | Move file pointer (See above)
2018-12-25T11:43:31.443559016Z 64 PC: 9fa6e | Write file or device (See above)
2018-12-25T11:43:31.456238944Z 66 PC: 9fa7d | Move file pointer (See above)
2018-12-25T11:43:31.459059833Z 64 PC: 9fa8d | Write file or device (See above)
2018-12-25T11:43:31.462257302Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:31.471683872Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:31.476933258Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:31.484707058Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:31.487121772Z 66 PC: 9fa18 | Move file pointer (See above)
2018-12-25T11:43:31.490290638Z 63 PC: 9fa28 | Read file or device (See above)
2018-12-25T11:43:31.497874582Z 66 PC: 9fa5e | Move file pointer (See above)
2018-12-25T11:43:31.500740117Z 64 PC: 9fa6e | Write file or device (See above)
2018-12-25T11:43:31.512897422Z 66 PC: 9fa7d | Move file pointer (See above)
2018-12-25T11:43:31.51529178Z 64 PC: 9fa8d | Write file or device (See above)
2018-12-25T11:43:31.51879545Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:31.530312158Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:31.534063656Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:31.541927316Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:31.543710393Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:31.545518267Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:31.548559479Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:31.55714551Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:31.559065849Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:31.561331024Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:31.564668385Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:31.578626123Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:31.580688516Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:31.584278919Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:31.587899255Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:31.608359Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:31.611869237Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:31.614404693Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:31.617677606Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:31.629462895Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:31.631124831Z 66 PC: 9fa18 | Move file pointer (See above)
2018-12-25T11:43:31.633428277Z 63 PC: 9fa28 | Read file or device (See above)
2018-12-25T11:43:31.640910948Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:31.643517114Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:31.646560222Z 26 PC: 9fad0 | Set disk transfer address (See above)
2018-12-25T11:43:31.648190886Z 59 PC: 157f3 | Change current directory
2018-12-25T11:43:31.653520232Z 47 PC: 9fa9a | Get disk transfer address (See above)
2018-12-25T11:43:31.6551721Z 26 PC: 9faab | Set disk transfer address (See above)
2018-12-25T11:43:31.656995767Z 78 PC: 9fab8 | Find first file (See above)
2018-12-25T11:43:31.664883865Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:31.672290733Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:31.675164686Z 66 PC: 9fa18 | Move file pointer (See above)
2018-12-25T11:43:31.677455841Z 63 PC: 9fa28 | Read file or device (See above)
2018-12-25T11:43:31.684685417Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:31.686909921Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:31.690921151Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:31.698453142Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:31.700411003Z 66 PC: 9fa18 | Move file pointer (See above)
2018-12-25T11:43:31.704221716Z 63 PC: 9fa28 | Read file or device (See above)
2018-12-25T11:43:31.711583585Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:31.713915841Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:31.718156685Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:31.725374916Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:31.726752258Z 66 PC: 9fa18 | Move file pointer (See above)
2018-12-25T11:43:31.728722234Z 63 PC: 9fa28 | Read file or device (See above)
2018-12-25T11:43:31.735909713Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:31.73795078Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:31.741573581Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:31.749039007Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:31.75086226Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:31.754112096Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:31.756955734Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:31.764435775Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:31.767348092Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:31.769387247Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:31.7735067Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:31.787377025Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:31.789041319Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:31.79174976Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:31.795347744Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:31.802714033Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:31.804339508Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:31.807028676Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:31.809931896Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:31.817384279Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:31.819207098Z 66 PC: 9fa18 | Move file pointer (See above)
2018-12-25T11:43:31.826934548Z 63 PC: 9fa28 | Read file or device (See above)
2018-12-25T11:43:31.834220371Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:31.837229764Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:31.840099237Z 26 PC: 9fad0 | Set disk transfer address (See above)
2018-12-25T11:43:31.841909389Z 59 PC: 157fa | Change current directory
2018-12-25T11:43:31.845452276Z 37 PC: 15483 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:31.848034159Z 25 PC: 1517b | Get default drive
2018-12-25T11:43:31.859835468Z 26 PC: 1518f | Set disk transfer address
2018-12-25T11:43:31.8616193Z 78 PC: 9fb79 | Find first file (See above)
2018-12-25T11:43:31.873928777Z 47 PC: 9fb8b | Get disk transfer address (See above)
2018-12-25T11:43:31.876757211Z 67 PC: 15231 | Get or set file attributes
2018-12-25T11:43:31.887993187Z 61 PC: 9fb0d | Open file (See above)
2018-12-25T11:43:31.895187315Z 63 PC: 9fb1e | Read file or device (See above)
2018-12-25T11:43:31.902995822Z 66 PC: 9fb2f | Move file pointer
2018-12-25T11:43:31.904483114Z 66 PC: 9fb3d | Move file pointer
2018-12-25T11:43:31.905698975Z 63 PC: 9fb49 | Read file or device (Read 32 bytes on handle 5)
2018-12-25T11:43:31.913890296Z 66 PC: 9fb50 | Move file pointer
2018-12-25T11:43:31.915769954Z 64 PC: 9fb5c | Write file or device (Write 32 bytes on handle 5)
2018-12-25T11:43:31.919023898Z 66 PC: 9fb6b | Move file pointer
2018-12-25T11:43:31.921791968Z 64 PC: 9fb71 | Write file or device (Write 0 bytes on handle 5)
2018-12-25T11:43:31.931361656Z 62 PC: 9fb75 | Close file (See above)
2018-12-25T11:43:31.93964256Z 61 PC: 15238 | Open file (Filename = 'A:\SLEEP.COM')
2018-12-25T11:43:31.950724778Z 63 PC: 1524f | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:43:31.953886221Z 66 PC: 1527a | Move file pointer
2018-12-25T11:43:31.955890428Z 64 PC: 1528b | Write file or device (Write 850 bytes on handle 5)
2018-12-25T11:43:31.967200275Z 66 PC: 15295 | Move file pointer
2018-12-25T11:43:31.969366495Z 64 PC: 1529e | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:43:31.972910123Z 87 PC: 1545b | Get or set file date and time
2018-12-25T11:43:31.975891639Z 62 PC: 1545f | Close file
2018-12-25T11:43:31.985217727Z 67 PC: 1546b | Get or set file attributes
2018-12-25T11:43:31.993481136Z 37 PC: 15483 | Set interrupt vector (See above)
2018-12-25T11:43:31.995369012Z 26 PC: 151f2 | Set disk transfer address
2018-12-25T11:43:31.996624916Z 63 PC: 155a0 | Read file or device (See above)
2018-12-25T11:43:31.99784967Z 47 PC: 9fa9a | Get disk transfer address (See above)
2018-12-25T11:43:31.999500766Z 26 PC: 9faab | Set disk transfer address (See above)
2018-12-25T11:43:32.000549492Z 78 PC: 9fab8 | Find first file (See above)
2018-12-25T11:43:32.004523618Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:32.009663505Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:32.010850403Z 66 PC: 9fa18 | Move file pointer (See above)
2018-12-25T11:43:32.011920747Z 63 PC: 9fa28 | Read file or device (See above)
2018-12-25T11:43:32.014515876Z 66 PC: 9fa5e | Move file pointer (See above)
2018-12-25T11:43:32.01573451Z 64 PC: 9fa6e | Write file or device (See above)
2018-12-25T11:43:32.021594461Z 66 PC: 9fa7d | Move file pointer (See above)
2018-12-25T11:43:32.02311827Z 64 PC: 9fa8d | Write file or device (See above)
2018-12-25T11:43:32.025345576Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:32.031013892Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:32.033425251Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:32.037862262Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:32.03905545Z 66 PC: 9fa18 | Move file pointer (See above)
2018-12-25T11:43:32.040794824Z 63 PC: 9fa28 | Read file or device (See above)
2018-12-25T11:43:32.045588686Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:32.047192039Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:32.049615186Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:32.057704843Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:32.060484661Z 66 PC: 9fa18 | Move file pointer (See above)
2018-12-25T11:43:32.063649577Z 63 PC: 9fa28 | Read file or device (See above)
2018-12-25T11:43:32.071336415Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:32.074601798Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:32.078778381Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:32.08648381Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:32.089480857Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:32.092168241Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:32.09596076Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:32.104598447Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:32.107215556Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:32.109279172Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:32.113667353Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:32.121455168Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:32.123375845Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:32.126495414Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:32.130151569Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:32.145140073Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:32.148252394Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:32.150697284Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:32.153765691Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:32.163069972Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:32.165116556Z 66 PC: 9fa18 | Move file pointer (See above)
2018-12-25T11:43:32.167119283Z 63 PC: 9fa28 | Read file or device (See above)
2018-12-25T11:43:32.176792993Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:32.179611808Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:32.18330485Z 26 PC: 9fad0 | Set disk transfer address (See above)
2018-12-25T11:43:32.185682566Z 59 PC: 157f3 | Change current directory (See above)
2018-12-25T11:43:32.19074455Z 47 PC: 9fa9a | Get disk transfer address (See above)
2018-12-25T11:43:32.192099063Z 26 PC: 9faab | Set disk transfer address (See above)
2018-12-25T11:43:32.194018228Z 78 PC: 9fab8 | Find first file (See above)
2018-12-25T11:43:32.200754906Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:32.215010531Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:32.218563994Z 66 PC: 9fa18 | Move file pointer (See above)
2018-12-25T11:43:32.2201903Z 63 PC: 9fa28 | Read file or device (See above)
2018-12-25T11:43:32.227314595Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:32.230122088Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:32.233189364Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:32.240771372Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:32.242956209Z 66 PC: 9fa18 | Move file pointer (See above)
2018-12-25T11:43:32.244491347Z 63 PC: 9fa28 | Read file or device (See above)
2018-12-25T11:43:32.256749691Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:32.26066448Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:32.264524097Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:32.273413644Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:32.276934541Z 66 PC: 9fa18 | Move file pointer (See above)
2018-12-25T11:43:32.28181937Z 63 PC: 9fa28 | Read file or device (See above)
2018-12-25T11:43:32.294351316Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:32.297083393Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:32.300322829Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:32.307882733Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:32.309246948Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:32.310749449Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:32.317034192Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:32.32175395Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:32.323069819Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:32.32531553Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:32.328172072Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:32.332912148Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:32.33483288Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:32.33624977Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:32.338384609Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:32.34362325Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:32.345162198Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:32.34781166Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:32.350458421Z 61 PC: 9f9dd | Open file (See above)
2018-12-25T11:43:32.36379808Z 66 PC: 9f9f5 | Move file pointer (See above)
2018-12-25T11:43:32.366966936Z 66 PC: 9fa18 | Move file pointer (See above)
2018-12-25T11:43:32.371281731Z 63 PC: 9fa28 | Read file or device (See above)
2018-12-25T11:43:32.378513039Z 62 PC: 9fa95 | Close file (See above)
2018-12-25T11:43:32.38127901Z 79 PC: 9fab8 | Find next file (See above)
2018-12-25T11:43:32.383990516Z 26 PC: 9fad0 | Set disk transfer address (See above)
2018-12-25T11:43:32.385527236Z 59 PC: 157fa | Change current directory (See above)