Sample viewer

vx.netlux.org/Virus.DOS.IVP.776

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:03:58.080985974Z 26 PC: 12c8c | Set disk transfer address
2018-12-17T23:03:58.08312706Z 53 PC: 12a8c | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:03:58.085427738Z 37 PC: 12a9e | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:03:58.086979073Z 71 PC: 12aaa | Get current directory
2018-12-17T23:03:58.091008038Z 78 PC: 12b18 | Find first file
2018-12-17T23:03:58.096721873Z 78 PC: 12b18 | Find first file
2018-12-17T23:03:58.100955386Z 59 PC: 12ac0 | Change current directory
2018-12-17T23:03:58.105988662Z 42 PC: 12c4f | Get date 0x12c4f: cmp cx, 0x7ca
0x12c53: jb 0x12c7e
0x12c55: cmp dh, 4
0x12c58: jb 0x12c7e
0x12c5a: cmp dl, 1
0x12c5d: jb 0x12c7e
0x12c5f: cmp al, 1
0x12c61: add byte ptr [bp + di], bl
0x12c63: mov ah, 0x2c
0x12c65: int 0x21
0x12c67: cmp ch, 1
0x12c6a: jb 0x12c7e
0x12c6c: cmp cl, 1
0x12c6f: jb 0x12c7e
0x12c71: cmp dh, 1
0x12c74: jb 0x12c7e
0x12c76: mov ah, 9
0x12c78: lea dx, word ptr [bp + 0x371]
0x12c7c: int 0x21
0x12c7e: ret
2018-12-17T23:03:58.109936855Z 44 PC: 12c67 | Get time 0x12c67: cmp ch, 1
0x12c6a: jb 0x12c7e
0x12c6c: cmp cl, 1
0x12c6f: jb 0x12c7e
0x12c71: cmp dh, 1
0x12c74: jb 0x12c7e
0x12c76: mov ah, 9
0x12c78: lea dx, word ptr [bp + 0x371]
0x12c7c: int 0x21
0x12c7e: ret
0x12c7f: mov ah, 0x42
0x12c81: xor cx, cx
0x12c83: xor dx, dx
0x12c85: int 0x21
0x12c87: ret
0x12c88: mov ah, 0x1a
0x12c8a: int 0x21
0x12c8c: ret
0x12c8d: mov ah, 0x3d
0x12c8f: lea dx, word ptr [bp + 0x487]
2018-12-17T23:03:58.113599024Z 9 PC: 12c7e | Display string (String= '.�������.Ć���PR+Ã����.���.���.���.dž�):ZX��� P������X��.���.����Q3�����@���Y�!r��c�,�!��t�.�� ���W.��.����!�>�!3�.��~�Mô*�!���r)��r')
2018-12-17T23:03:58.12428353Z 64 PC: 19838 | Write file or device (Write 2 bytes on handle 2)
2018-12-17T23:03:58.129977273Z 64 PC: 19838 | Write file or device (Write 2 bytes on handle 2)
2018-12-17T23:03:58.133848515Z 100 PC: 19d8b | Set wait for external event flag
2018-12-17T23:03:58.135973257Z 62 PC: 1808a | Close file

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":1,"Min":1,"Second":1,"TimeBased":true,"OriginalID":14720,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:41:28.470696652Z 26 PC: 12c8c | Set disk transfer address
2018-12-25T12:41:28.471864422Z 53 PC: 12a8c | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:41:28.473594873Z 37 PC: 12a9e | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:41:28.474945291Z 71 PC: 12aaa | Get current directory
2018-12-25T12:41:28.478892434Z 78 PC: 12b18 | Find first file
2018-12-25T12:41:28.484250649Z 78 PC: 12b18 | Find first file (See above)
2018-12-25T12:41:28.514084631Z 59 PC: 12ac0 | Change current directory
2018-12-25T12:41:28.518980618Z 42 PC: 12c4f | Get date 0x12c4f: cmp cx, 0x7ca
0x12c53: jb 0x12c7e
0x12c55: cmp dh, 4
0x12c58: jb 0x12c7e
0x12c5a: cmp dl, 1
0x12c5d: jb 0x12c7e
0x12c5f: cmp al, 1
0x12c61: add byte ptr [bp + di], bl
0x12c63: mov ah, 0x2c
0x12c65: int 0x21
0x12c67: cmp ch, 1
0x12c6a: jb 0x12c7e
0x12c6c: cmp cl, 1
0x12c6f: jb 0x12c7e
0x12c71: cmp dh, 1
0x12c74: jb 0x12c7e
0x12c76: mov ah, 9
0x12c78: lea dx, word ptr [bp + 0x371]
0x12c7c: int 0x21
0x12c7e: ret
2018-12-25T12:41:28.522366229Z 37 PC: 12acf | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:41:28.52379842Z 59 PC: 12ad9 | Change current directory
2018-12-25T12:41:28.525840629Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:28.540760732Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:28.542954638Z 53 PC: 12a8c | Get interrupt vector (See above)
2018-12-25T12:41:28.545464646Z 37 PC: 12a9e | Set interrupt vector (See above)
2018-12-25T12:41:28.552983214Z 71 PC: 12aaa | Get current directory (See above)
2018-12-25T12:41:28.556204187Z 78 PC: 12b18 | Find first file (See above)
2018-12-25T12:41:28.561526192Z 78 PC: 12b18 | Find first file (See above)
2018-12-25T12:41:28.567494394Z 59 PC: 12ac0 | Change current directory (See above)
2018-12-25T12:41:28.572425195Z 42 PC: 12c4f | Get date (See above)
2018-12-25T12:41:28.57492008Z 37 PC: 12acf | Set interrupt vector (See above)
2018-12-25T12:41:28.577029359Z 59 PC: 12ad9 | Change current directory (See above)
2018-12-25T12:41:28.579085959Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:28.58055797Z 26 PC: 34c | Set disk transfer address
2018-12-25T12:41:28.58227115Z 53 PC: 12a8c | Get interrupt vector (See above)
2018-12-25T12:41:28.584615121Z 37 PC: 12a9e | Set interrupt vector (See above)
2018-12-25T12:41:28.586073426Z 71 PC: 12aaa | Get current directory (See above)
2018-12-25T12:41:28.589853126Z 78 PC: 1d8 | Find first file
2018-12-25T12:41:28.594938868Z 78 PC: 1d8 | Find first file (See above)
2018-12-25T12:41:28.599799378Z 59 PC: 12ac0 | Change current directory (See above)
2018-12-25T12:41:28.604662837Z 42 PC: 30f | Get date
2018-12-25T12:41:28.611605753Z 37 PC: 12acf | Set interrupt vector (See above)
2018-12-25T12:41:28.614124382Z 59 PC: 12ad9 | Change current directory (See above)
2018-12-25T12:41:28.617304475Z 26 PC: 34c | Set disk transfer address (See above)
2018-12-25T12:41:28.620562469Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:28.622039472Z 53 PC: 12a8c | Get interrupt vector (See above)
2018-12-25T12:41:28.623561898Z 37 PC: 12a9e | Set interrupt vector (See above)
2018-12-25T12:41:28.625425376Z 71 PC: 12aaa | Get current directory (See above)
2018-12-25T12:41:28.629213866Z 78 PC: 12b18 | Find first file (See above)
2018-12-25T12:41:28.636022615Z 78 PC: 12b18 | Find first file (See above)
2018-12-25T12:41:28.63937937Z 59 PC: 12ac0 | Change current directory (See above)
2018-12-25T12:41:28.644773063Z 42 PC: 12c4f | Get date (See above)
2018-12-25T12:41:28.647509149Z 37 PC: 12acf | Set interrupt vector (See above)
2018-12-25T12:41:28.649995456Z 59 PC: 12ad9 | Change current directory (See above)
2018-12-25T12:41:28.653054079Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:28.655582069Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:28.657193976Z 53 PC: 12a8c | Get interrupt vector (See above)
2018-12-25T12:41:28.659260211Z 37 PC: 12a9e | Set interrupt vector (See above)
2018-12-25T12:41:28.660853389Z 71 PC: 12aaa | Get current directory (See above)
2018-12-25T12:41:28.664375327Z 78 PC: 12b18 | Find first file (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":1,"Min":1,"Second":1,"TimeBased":true,"OriginalID":14720,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:41:28.479144874Z 26 PC: 12c8c | Set disk transfer address
2018-12-25T12:41:28.480929601Z 53 PC: 12a8c | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:41:28.482346731Z 37 PC: 12a9e | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:41:28.483592645Z 71 PC: 12aaa | Get current directory
2018-12-25T12:41:28.489087511Z 78 PC: 12b18 | Find first file
2018-12-25T12:41:28.493476681Z 78 PC: 12b18 | Find first file (See above)
2018-12-25T12:41:28.503734645Z 59 PC: 12ac0 | Change current directory
2018-12-25T12:41:28.514536666Z 42 PC: 12c4f | Get date 0x12c4f: cmp cx, 0x7ca
0x12c53: jb 0x12c7e
0x12c55: cmp dh, 4
0x12c58: jb 0x12c7e
0x12c5a: cmp dl, 1
0x12c5d: jb 0x12c7e
0x12c5f: cmp al, 1
0x12c61: add byte ptr [bp + di], bl
0x12c63: mov ah, 0x2c
0x12c65: int 0x21
0x12c67: cmp ch, 1
0x12c6a: jb 0x12c7e
0x12c6c: cmp cl, 1
0x12c6f: jb 0x12c7e
0x12c71: cmp dh, 1
0x12c74: jb 0x12c7e
0x12c76: mov ah, 9
0x12c78: lea dx, word ptr [bp + 0x371]
0x12c7c: int 0x21
0x12c7e: ret
2018-12-25T12:41:28.517593892Z 37 PC: 12acf | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:41:28.519018939Z 59 PC: 12ad9 | Change current directory
2018-12-25T12:41:28.520724053Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:28.522421292Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:28.524147078Z 53 PC: 12a8c | Get interrupt vector (See above)
2018-12-25T12:41:28.525256357Z 37 PC: 12a9e | Set interrupt vector (See above)
2018-12-25T12:41:28.527241928Z 71 PC: 12aaa | Get current directory (See above)
2018-12-25T12:41:28.53106779Z 78 PC: 12b18 | Find first file (See above)
2018-12-25T12:41:28.536280474Z 78 PC: 12b18 | Find first file (See above)
2018-12-25T12:41:28.542006103Z 59 PC: 12ac0 | Change current directory (See above)
2018-12-25T12:41:28.546602225Z 42 PC: 12c4f | Get date (See above)
2018-12-25T12:41:28.549035214Z 37 PC: 12acf | Set interrupt vector (See above)
2018-12-25T12:41:28.55165725Z 59 PC: 12ad9 | Change current directory (See above)
2018-12-25T12:41:28.553739899Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:28.555265862Z 26 PC: 34c | Set disk transfer address
2018-12-25T12:41:28.564653843Z 53 PC: 12a8c | Get interrupt vector (See above)
2018-12-25T12:41:28.565931053Z 37 PC: 12a9e | Set interrupt vector (See above)
2018-12-25T12:41:28.567057991Z 71 PC: 12aaa | Get current directory (See above)
2018-12-25T12:41:28.570004469Z 78 PC: 1d8 | Find first file
2018-12-25T12:41:28.574221509Z 78 PC: 1d8 | Find first file (See above)
2018-12-25T12:41:28.578417784Z 59 PC: 12ac0 | Change current directory (See above)
2018-12-25T12:41:28.582590117Z 42 PC: 30f | Get date
2018-12-25T12:41:28.585115357Z 37 PC: 12acf | Set interrupt vector (See above)
2018-12-25T12:41:28.586610825Z 59 PC: 12ad9 | Change current directory (See above)
2018-12-25T12:41:28.588662969Z 26 PC: 34c | Set disk transfer address (See above)
2018-12-25T12:41:28.59109027Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:28.592101519Z 53 PC: 12a8c | Get interrupt vector (See above)
2018-12-25T12:41:28.593166984Z 37 PC: 12a9e | Set interrupt vector (See above)
2018-12-25T12:41:28.594893097Z 71 PC: 12aaa | Get current directory (See above)
2018-12-25T12:41:28.597246194Z 78 PC: 12b18 | Find first file (See above)
2018-12-25T12:41:28.600196182Z 78 PC: 12b18 | Find first file (See above)
2018-12-25T12:41:28.603052156Z 59 PC: 12ac0 | Change current directory (See above)
2018-12-25T12:41:28.606301135Z 42 PC: 12c4f | Get date (See above)
2018-12-25T12:41:28.608032209Z 37 PC: 12acf | Set interrupt vector (See above)
2018-12-25T12:41:28.609774633Z 59 PC: 12ad9 | Change current directory (See above)
2018-12-25T12:41:28.612436Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:28.615172165Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:28.617072526Z 53 PC: 12a8c | Get interrupt vector (See above)
2018-12-25T12:41:28.618513781Z 37 PC: 12a9e | Set interrupt vector (See above)
2018-12-25T12:41:28.619838596Z 71 PC: 12aaa | Get current directory (See above)
2018-12-25T12:41:28.624240044Z 78 PC: 12b18 | Find first file (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":1,"Min":1,"Second":1,"TimeBased":true,"OriginalID":14720,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:41:28.526437708Z 26 PC: 12c8c | Set disk transfer address
2018-12-25T12:41:28.527992121Z 53 PC: 12a8c | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:41:28.528991091Z 37 PC: 12a9e | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:41:28.52995937Z 71 PC: 12aaa | Get current directory
2018-12-25T12:41:28.532542067Z 78 PC: 12b18 | Find first file
2018-12-25T12:41:28.535261614Z 78 PC: 12b18 | Find first file (See above)
2018-12-25T12:41:28.541018507Z 59 PC: 12ac0 | Change current directory
2018-12-25T12:41:28.547473864Z 42 PC: 12c4f | Get date 0x12c4f: cmp cx, 0x7ca
0x12c53: jb 0x12c7e
0x12c55: cmp dh, 4
0x12c58: jb 0x12c7e
0x12c5a: cmp dl, 1
0x12c5d: jb 0x12c7e
0x12c5f: cmp al, 1
0x12c61: add byte ptr [bp + di], bl
0x12c63: mov ah, 0x2c
0x12c65: int 0x21
0x12c67: cmp ch, 1
0x12c6a: jb 0x12c7e
0x12c6c: cmp cl, 1
0x12c6f: jb 0x12c7e
0x12c71: cmp dh, 1
0x12c74: jb 0x12c7e
0x12c76: mov ah, 9
0x12c78: lea dx, word ptr [bp + 0x371]
0x12c7c: int 0x21
0x12c7e: ret
2018-12-25T12:41:28.549028054Z 37 PC: 12acf | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:41:28.550056698Z 59 PC: 12ad9 | Change current directory
2018-12-25T12:41:28.557431884Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:28.55886299Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:28.562353393Z 53 PC: 12a8c | Get interrupt vector (See above)
2018-12-25T12:41:28.564841717Z 37 PC: 12a9e | Set interrupt vector (See above)
2018-12-25T12:41:28.567367138Z 71 PC: 12aaa | Get current directory (See above)
2018-12-25T12:41:28.572848025Z 78 PC: 12b18 | Find first file (See above)
2018-12-25T12:41:28.57923702Z 78 PC: 12b18 | Find first file (See above)
2018-12-25T12:41:28.597775065Z 59 PC: 12ac0 | Change current directory (See above)
2018-12-25T12:41:28.602167913Z 42 PC: 12c4f | Get date (See above)
2018-12-25T12:41:28.604732351Z 37 PC: 12acf | Set interrupt vector (See above)
2018-12-25T12:41:28.606517521Z 59 PC: 12ad9 | Change current directory (See above)
2018-12-25T12:41:28.608559694Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:28.610128973Z 26 PC: 34c | Set disk transfer address
2018-12-25T12:41:28.611841663Z 53 PC: 12a8c | Get interrupt vector (See above)
2018-12-25T12:41:28.612987148Z 37 PC: 12a9e | Set interrupt vector (See above)
2018-12-25T12:41:28.614073899Z 71 PC: 12aaa | Get current directory (See above)
2018-12-25T12:41:28.617969553Z 78 PC: 1d8 | Find first file
2018-12-25T12:41:28.621885568Z 78 PC: 1d8 | Find first file (See above)
2018-12-25T12:41:28.626176781Z 59 PC: 12ac0 | Change current directory (See above)
2018-12-25T12:41:28.633033592Z 42 PC: 30f | Get date
2018-12-25T12:41:28.635242466Z 37 PC: 12acf | Set interrupt vector (See above)
2018-12-25T12:41:28.638825574Z 59 PC: 12ad9 | Change current directory (See above)
2018-12-25T12:41:28.64111029Z 26 PC: 34c | Set disk transfer address (See above)
2018-12-25T12:41:28.642720404Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:28.644216437Z 53 PC: 12a8c | Get interrupt vector (See above)
2018-12-25T12:41:28.646671977Z 37 PC: 12a9e | Set interrupt vector (See above)
2018-12-25T12:41:28.648158557Z 71 PC: 12aaa | Get current directory (See above)
2018-12-25T12:41:28.651259154Z 78 PC: 12b18 | Find first file (See above)
2018-12-25T12:41:28.657040539Z 78 PC: 12b18 | Find first file (See above)
2018-12-25T12:41:28.658706241Z 59 PC: 12ac0 | Change current directory (See above)
2018-12-25T12:41:28.662976839Z 42 PC: 12c4f | Get date (See above)
2018-12-25T12:41:28.667055511Z 37 PC: 12acf | Set interrupt vector (See above)
2018-12-25T12:41:28.685851166Z 59 PC: 12ad9 | Change current directory (See above)
2018-12-25T12:41:28.687843934Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:28.689361181Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:28.693245871Z 53 PC: 12a8c | Get interrupt vector (See above)
2018-12-25T12:41:28.694405894Z 37 PC: 12a9e | Set interrupt vector (See above)
2018-12-25T12:41:28.695581461Z 71 PC: 12aaa | Get current directory (See above)
2018-12-25T12:41:28.698614383Z 78 PC: 12b18 | Find first file (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":1,"Min":1,"Second":1,"TimeBased":true,"OriginalID":14720,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:41:28.647736626Z 26 PC: 12c8c | Set disk transfer address
2018-12-25T12:41:28.649737025Z 53 PC: 12a8c | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:41:28.651198185Z 37 PC: 12a9e | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:41:28.653066593Z 71 PC: 12aaa | Get current directory
2018-12-25T12:41:28.656879595Z 78 PC: 12b18 | Find first file
2018-12-25T12:41:28.661174419Z 78 PC: 12b18 | Find first file (See above)
2018-12-25T12:41:28.671117641Z 59 PC: 12ac0 | Change current directory
2018-12-25T12:41:28.682048432Z 42 PC: 12c4f | Get date 0x12c4f: cmp cx, 0x7ca
0x12c53: jb 0x12c7e
0x12c55: cmp dh, 4
0x12c58: jb 0x12c7e
0x12c5a: cmp dl, 1
0x12c5d: jb 0x12c7e
0x12c5f: cmp al, 1
0x12c61: add byte ptr [bp + di], bl
0x12c63: mov ah, 0x2c
0x12c65: int 0x21
0x12c67: cmp ch, 1
0x12c6a: jb 0x12c7e
0x12c6c: cmp cl, 1
0x12c6f: jb 0x12c7e
0x12c71: cmp dh, 1
0x12c74: jb 0x12c7e
0x12c76: mov ah, 9
0x12c78: lea dx, word ptr [bp + 0x371]
0x12c7c: int 0x21
0x12c7e: ret
2018-12-25T12:41:28.685382684Z 37 PC: 12acf | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:41:28.686869511Z 59 PC: 12ad9 | Change current directory
2018-12-25T12:41:28.689012038Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:28.691752578Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:28.693174308Z 53 PC: 12a8c | Get interrupt vector (See above)
2018-12-25T12:41:28.694420905Z 37 PC: 12a9e | Set interrupt vector (See above)
2018-12-25T12:41:28.697907062Z 71 PC: 12aaa | Get current directory (See above)
2018-12-25T12:41:28.701210635Z 78 PC: 12b18 | Find first file (See above)
2018-12-25T12:41:28.705762392Z 78 PC: 12b18 | Find first file (See above)
2018-12-25T12:41:28.711534363Z 59 PC: 12ac0 | Change current directory (See above)
2018-12-25T12:41:28.715773156Z 42 PC: 12c4f | Get date (See above)
2018-12-25T12:41:28.717730338Z 37 PC: 12acf | Set interrupt vector (See above)
2018-12-25T12:41:28.719827012Z 59 PC: 12ad9 | Change current directory (See above)
2018-12-25T12:41:28.721707762Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:28.723153916Z 26 PC: 34c | Set disk transfer address
2018-12-25T12:41:28.741396302Z 53 PC: 12a8c | Get interrupt vector (See above)
2018-12-25T12:41:28.742923537Z 37 PC: 12a9e | Set interrupt vector (See above)
2018-12-25T12:41:28.744358905Z 71 PC: 12aaa | Get current directory (See above)
2018-12-25T12:41:28.747667223Z 78 PC: 1d8 | Find first file
2018-12-25T12:41:28.752301098Z 78 PC: 1d8 | Find first file (See above)
2018-12-25T12:41:28.756394386Z 59 PC: 12ac0 | Change current directory (See above)
2018-12-25T12:41:28.760465999Z 42 PC: 30f | Get date
2018-12-25T12:41:28.763466105Z 37 PC: 12acf | Set interrupt vector (See above)
2018-12-25T12:41:28.764602286Z 59 PC: 12ad9 | Change current directory (See above)
2018-12-25T12:41:28.76623127Z 26 PC: 34c | Set disk transfer address (See above)
2018-12-25T12:41:28.774736736Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:28.777156103Z 53 PC: 12a8c | Get interrupt vector (See above)
2018-12-25T12:41:28.778518998Z 37 PC: 12a9e | Set interrupt vector (See above)
2018-12-25T12:41:28.780706337Z 71 PC: 12aaa | Get current directory (See above)
2018-12-25T12:41:28.784835559Z 78 PC: 12b18 | Find first file (See above)
2018-12-25T12:41:28.78900599Z 78 PC: 12b18 | Find first file (See above)
2018-12-25T12:41:28.791512768Z 59 PC: 12ac0 | Change current directory (See above)
2018-12-25T12:41:28.7957262Z 42 PC: 12c4f | Get date (See above)
2018-12-25T12:41:28.798394826Z 37 PC: 12acf | Set interrupt vector (See above)
2018-12-25T12:41:28.800245268Z 59 PC: 12ad9 | Change current directory (See above)
2018-12-25T12:41:28.802094633Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:28.803476943Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:28.805158584Z 53 PC: 12a8c | Get interrupt vector (See above)
2018-12-25T12:41:28.806425861Z 37 PC: 12a9e | Set interrupt vector (See above)
2018-12-25T12:41:28.807666965Z 71 PC: 12aaa | Get current directory (See above)
2018-12-25T12:41:28.810991832Z 78 PC: 12b18 | Find first file (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":14720,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:41:28.756124862Z 26 PC: 12c8c | Set disk transfer address
2018-12-25T12:41:28.758205255Z 53 PC: 12a8c | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:41:28.759244035Z 37 PC: 12a9e | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:41:28.760458666Z 71 PC: 12aaa | Get current directory
2018-12-25T12:41:28.763382632Z 78 PC: 12b18 | Find first file
2018-12-25T12:41:28.766841738Z 78 PC: 12b18 | Find first file (See above)
2018-12-25T12:41:28.769687539Z 59 PC: 12ac0 | Change current directory
2018-12-25T12:41:28.772703661Z 42 PC: 12c4f | Get date 0x12c4f: cmp cx, 0x7ca
0x12c53: jb 0x12c7e
0x12c55: cmp dh, 4
0x12c58: jb 0x12c7e
0x12c5a: cmp dl, 1
0x12c5d: jb 0x12c7e
0x12c5f: cmp al, 1
0x12c61: add byte ptr [bp + di], bl
0x12c63: mov ah, 0x2c
0x12c65: int 0x21
0x12c67: cmp ch, 1
0x12c6a: jb 0x12c7e
0x12c6c: cmp cl, 1
0x12c6f: jb 0x12c7e
0x12c71: cmp dh, 1
0x12c74: jb 0x12c7e
0x12c76: mov ah, 9
0x12c78: lea dx, word ptr [bp + 0x371]
0x12c7c: int 0x21
0x12c7e: ret
2018-12-25T12:41:28.77481177Z 37 PC: 12acf | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:41:28.77586596Z 59 PC: 12ad9 | Change current directory
2018-12-25T12:41:28.777718285Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:28.779110782Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:28.78009239Z 53 PC: 12a8c | Get interrupt vector (See above)
2018-12-25T12:41:28.78121599Z 37 PC: 12a9e | Set interrupt vector (See above)
2018-12-25T12:41:28.784538376Z 71 PC: 12aaa | Get current directory (See above)
2018-12-25T12:41:28.790026711Z 78 PC: 12b18 | Find first file (See above)
2018-12-25T12:41:28.796195669Z 78 PC: 12b18 | Find first file (See above)
2018-12-25T12:41:28.804045325Z 59 PC: 12ac0 | Change current directory (See above)
2018-12-25T12:41:28.810784891Z 42 PC: 12c4f | Get date (See above)
2018-12-25T12:41:28.812934405Z 37 PC: 12acf | Set interrupt vector (See above)
2018-12-25T12:41:28.814415392Z 59 PC: 12ad9 | Change current directory (See above)
2018-12-25T12:41:28.816027293Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:28.817234619Z 26 PC: 34c | Set disk transfer address
2018-12-25T12:41:28.818469075Z 53 PC: 12a8c | Get interrupt vector (See above)
2018-12-25T12:41:28.824607066Z 37 PC: 12a9e | Set interrupt vector (See above)
2018-12-25T12:41:28.837594764Z 71 PC: 12aaa | Get current directory (See above)
2018-12-25T12:41:28.841419373Z 78 PC: 1d8 | Find first file
2018-12-25T12:41:28.846969675Z 78 PC: 1d8 | Find first file (See above)
2018-12-25T12:41:28.8525392Z 59 PC: 12ac0 | Change current directory (See above)
2018-12-25T12:41:28.858046422Z 42 PC: 30f | Get date
2018-12-25T12:41:28.861415075Z 37 PC: 12acf | Set interrupt vector (See above)
2018-12-25T12:41:28.862990036Z 59 PC: 12ad9 | Change current directory (See above)
2018-12-25T12:41:28.865135741Z 26 PC: 34c | Set disk transfer address (See above)
2018-12-25T12:41:28.86725588Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:28.86880212Z 53 PC: 12a8c | Get interrupt vector (See above)
2018-12-25T12:41:28.870218802Z 37 PC: 12a9e | Set interrupt vector (See above)
2018-12-25T12:41:28.87253569Z 71 PC: 12aaa | Get current directory (See above)
2018-12-25T12:41:28.881728497Z 78 PC: 12b18 | Find first file (See above)
2018-12-25T12:41:28.886807973Z 78 PC: 12b18 | Find first file (See above)
2018-12-25T12:41:28.890102545Z 59 PC: 12ac0 | Change current directory (See above)
2018-12-25T12:41:28.895374361Z 42 PC: 12c4f | Get date (See above)
2018-12-25T12:41:28.898214478Z 37 PC: 12acf | Set interrupt vector (See above)
2018-12-25T12:41:28.900101313Z 59 PC: 12ad9 | Change current directory (See above)
2018-12-25T12:41:28.902616851Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:28.904362193Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:28.905912945Z 53 PC: 12a8c | Get interrupt vector (See above)
2018-12-25T12:41:28.907631773Z 37 PC: 12a9e | Set interrupt vector (See above)
2018-12-25T12:41:28.908957142Z 71 PC: 12aaa | Get current directory (See above)
2018-12-25T12:41:28.912026012Z 78 PC: 12b18 | Find first file (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":14720,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:41:28.767648504Z 26 PC: 12c8c | Set disk transfer address
2018-12-25T12:41:28.771838429Z 53 PC: 12a8c | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:41:28.772976865Z 37 PC: 12a9e | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:41:28.774020529Z 71 PC: 12aaa | Get current directory
2018-12-25T12:41:28.776623121Z 78 PC: 12b18 | Find first file
2018-12-25T12:41:28.792118978Z 78 PC: 12b18 | Find first file (See above)
2018-12-25T12:41:28.813637848Z 59 PC: 12ac0 | Change current directory
2018-12-25T12:41:28.817912119Z 42 PC: 12c4f | Get date 0x12c4f: cmp cx, 0x7ca
0x12c53: jb 0x12c7e
0x12c55: cmp dh, 4
0x12c58: jb 0x12c7e
0x12c5a: cmp dl, 1
0x12c5d: jb 0x12c7e
0x12c5f: cmp al, 1
0x12c61: add byte ptr [bp + di], bl
0x12c63: mov ah, 0x2c
0x12c65: int 0x21
0x12c67: cmp ch, 1
0x12c6a: jb 0x12c7e
0x12c6c: cmp cl, 1
0x12c6f: jb 0x12c7e
0x12c71: cmp dh, 1
0x12c74: jb 0x12c7e
0x12c76: mov ah, 9
0x12c78: lea dx, word ptr [bp + 0x371]
0x12c7c: int 0x21
0x12c7e: ret
2018-12-25T12:41:28.824916798Z 37 PC: 12acf | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:41:28.826618318Z 59 PC: 12ad9 | Change current directory
2018-12-25T12:41:28.828280304Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:28.82944636Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:28.831064753Z 53 PC: 12a8c | Get interrupt vector (See above)
2018-12-25T12:41:28.832048529Z 37 PC: 12a9e | Set interrupt vector (See above)
2018-12-25T12:41:28.83295378Z 71 PC: 12aaa | Get current directory (See above)
2018-12-25T12:41:28.837817517Z 78 PC: 12b18 | Find first file (See above)
2018-12-25T12:41:28.842749387Z 78 PC: 12b18 | Find first file (See above)
2018-12-25T12:41:28.846865188Z 59 PC: 12ac0 | Change current directory (See above)
2018-12-25T12:41:28.861536742Z 42 PC: 12c4f | Get date (See above)
2018-12-25T12:41:28.863882493Z 37 PC: 12acf | Set interrupt vector (See above)
2018-12-25T12:41:28.865241431Z 59 PC: 12ad9 | Change current directory (See above)
2018-12-25T12:41:28.8673905Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:28.868837824Z 26 PC: 34c | Set disk transfer address
2018-12-25T12:41:28.869909345Z 53 PC: 12a8c | Get interrupt vector (See above)
2018-12-25T12:41:28.872076365Z 37 PC: 12a9e | Set interrupt vector (See above)
2018-12-25T12:41:28.873229691Z 71 PC: 12aaa | Get current directory (See above)
2018-12-25T12:41:28.880646685Z 78 PC: 1d8 | Find first file
2018-12-25T12:41:28.886405653Z 78 PC: 1d8 | Find first file (See above)
2018-12-25T12:41:28.893396097Z 59 PC: 12ac0 | Change current directory (See above)
2018-12-25T12:41:28.897986123Z 42 PC: 30f | Get date
2018-12-25T12:41:28.90059984Z 37 PC: 12acf | Set interrupt vector (See above)
2018-12-25T12:41:28.902317526Z 59 PC: 12ad9 | Change current directory (See above)
2018-12-25T12:41:28.904083905Z 26 PC: 34c | Set disk transfer address (See above)
2018-12-25T12:41:28.905623402Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:28.907518366Z 53 PC: 12a8c | Get interrupt vector (See above)
2018-12-25T12:41:28.909004929Z 37 PC: 12a9e | Set interrupt vector (See above)
2018-12-25T12:41:28.910442329Z 71 PC: 12aaa | Get current directory (See above)
2018-12-25T12:41:28.914066429Z 78 PC: 12b18 | Find first file (See above)
2018-12-25T12:41:28.918587058Z 78 PC: 12b18 | Find first file (See above)
2018-12-25T12:41:28.92062187Z 59 PC: 12ac0 | Change current directory (See above)
2018-12-25T12:41:28.925783163Z 42 PC: 12c4f | Get date (See above)
2018-12-25T12:41:28.927978979Z 37 PC: 12acf | Set interrupt vector (See above)
2018-12-25T12:41:28.929118209Z 59 PC: 12ad9 | Change current directory (See above)
2018-12-25T12:41:28.931701662Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:28.933037488Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:28.934409927Z 53 PC: 12a8c | Get interrupt vector (See above)
2018-12-25T12:41:28.936334791Z 37 PC: 12a9e | Set interrupt vector (See above)
2018-12-25T12:41:28.93741436Z 71 PC: 12aaa | Get current directory (See above)
2018-12-25T12:41:28.940119721Z 78 PC: 12b18 | Find first file (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":14720,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:41:28.781184086Z 26 PC: 12c8c | Set disk transfer address
2018-12-25T12:41:28.782432246Z 53 PC: 12a8c | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:41:28.788748608Z 37 PC: 12a9e | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:41:28.790305758Z 71 PC: 12aaa | Get current directory
2018-12-25T12:41:28.795021714Z 78 PC: 12b18 | Find first file
2018-12-25T12:41:28.800340004Z 78 PC: 12b18 | Find first file (See above)
2018-12-25T12:41:28.805444439Z 59 PC: 12ac0 | Change current directory
2018-12-25T12:41:28.810691229Z 42 PC: 12c4f | Get date 0x12c4f: cmp cx, 0x7ca
0x12c53: jb 0x12c7e
0x12c55: cmp dh, 4
0x12c58: jb 0x12c7e
0x12c5a: cmp dl, 1
0x12c5d: jb 0x12c7e
0x12c5f: cmp al, 1
0x12c61: add byte ptr [bp + di], bl
0x12c63: mov ah, 0x2c
0x12c65: int 0x21
0x12c67: cmp ch, 1
0x12c6a: jb 0x12c7e
0x12c6c: cmp cl, 1
0x12c6f: jb 0x12c7e
0x12c71: cmp dh, 1
0x12c74: jb 0x12c7e
0x12c76: mov ah, 9
0x12c78: lea dx, word ptr [bp + 0x371]
0x12c7c: int 0x21
0x12c7e: ret
2018-12-25T12:41:28.818430321Z 37 PC: 12acf | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:41:28.820300376Z 59 PC: 12ad9 | Change current directory
2018-12-25T12:41:28.822167175Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:28.824082008Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:28.825590792Z 53 PC: 12a8c | Get interrupt vector (See above)
2018-12-25T12:41:28.827167867Z 37 PC: 12a9e | Set interrupt vector (See above)
2018-12-25T12:41:28.829196691Z 71 PC: 12aaa | Get current directory (See above)
2018-12-25T12:41:28.832226194Z 78 PC: 12b18 | Find first file (See above)
2018-12-25T12:41:28.83748948Z 78 PC: 12b18 | Find first file (See above)
2018-12-25T12:41:28.842572652Z 59 PC: 12ac0 | Change current directory (See above)
2018-12-25T12:41:28.849084137Z 42 PC: 12c4f | Get date (See above)
2018-12-25T12:41:28.851562585Z 37 PC: 12acf | Set interrupt vector (See above)
2018-12-25T12:41:28.853214165Z 59 PC: 12ad9 | Change current directory (See above)
2018-12-25T12:41:28.856544773Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:28.85836286Z 26 PC: 34c | Set disk transfer address
2018-12-25T12:41:28.859976675Z 53 PC: 12a8c | Get interrupt vector (See above)
2018-12-25T12:41:28.86266355Z 37 PC: 12a9e | Set interrupt vector (See above)
2018-12-25T12:41:28.864341292Z 71 PC: 12aaa | Get current directory (See above)
2018-12-25T12:41:28.867904627Z 78 PC: 1d8 | Find first file
2018-12-25T12:41:28.874425623Z 78 PC: 1d8 | Find first file (See above)
2018-12-25T12:41:28.879162757Z 59 PC: 12ac0 | Change current directory (See above)
2018-12-25T12:41:28.883977292Z 42 PC: 30f | Get date
2018-12-25T12:41:28.888199926Z 37 PC: 12acf | Set interrupt vector (See above)
2018-12-25T12:41:28.889871091Z 59 PC: 12ad9 | Change current directory (See above)
2018-12-25T12:41:28.89193776Z 26 PC: 34c | Set disk transfer address (See above)
2018-12-25T12:41:28.893567095Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:28.895914468Z 53 PC: 12a8c | Get interrupt vector (See above)
2018-12-25T12:41:28.897620079Z 37 PC: 12a9e | Set interrupt vector (See above)
2018-12-25T12:41:28.899266426Z 71 PC: 12aaa | Get current directory (See above)
2018-12-25T12:41:28.903292415Z 78 PC: 12b18 | Find first file (See above)
2018-12-25T12:41:28.908700272Z 78 PC: 12b18 | Find first file (See above)
2018-12-25T12:41:28.910759918Z 59 PC: 12ac0 | Change current directory (See above)
2018-12-25T12:41:28.916608467Z 42 PC: 12c4f | Get date (See above)
2018-12-25T12:41:28.919049922Z 37 PC: 12acf | Set interrupt vector (See above)
2018-12-25T12:41:28.920252345Z 59 PC: 12ad9 | Change current directory (See above)
2018-12-25T12:41:28.923135799Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:28.924471758Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:28.925569888Z 53 PC: 12a8c | Get interrupt vector (See above)
2018-12-25T12:41:28.927096109Z 37 PC: 12a9e | Set interrupt vector (See above)
2018-12-25T12:41:28.928407243Z 71 PC: 12aaa | Get current directory (See above)
2018-12-25T12:41:28.931419456Z 78 PC: 12b18 | Find first file (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":14720,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:41:29.131431902Z 26 PC: 12c8c | Set disk transfer address
2018-12-25T12:41:29.133646743Z 53 PC: 12a8c | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:41:29.135385842Z 37 PC: 12a9e | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:41:29.136739541Z 71 PC: 12aaa | Get current directory
2018-12-25T12:41:29.140022017Z 78 PC: 12b18 | Find first file
2018-12-25T12:41:29.145693611Z 78 PC: 12b18 | Find first file (See above)
2018-12-25T12:41:29.150015587Z 59 PC: 12ac0 | Change current directory
2018-12-25T12:41:29.15475009Z 42 PC: 12c4f | Get date 0x12c4f: cmp cx, 0x7ca
0x12c53: jb 0x12c7e
0x12c55: cmp dh, 4
0x12c58: jb 0x12c7e
0x12c5a: cmp dl, 1
0x12c5d: jb 0x12c7e
0x12c5f: cmp al, 1
0x12c61: add byte ptr [bp + di], bl
0x12c63: mov ah, 0x2c
0x12c65: int 0x21
0x12c67: cmp ch, 1
0x12c6a: jb 0x12c7e
0x12c6c: cmp cl, 1
0x12c6f: jb 0x12c7e
0x12c71: cmp dh, 1
0x12c74: jb 0x12c7e
0x12c76: mov ah, 9
0x12c78: lea dx, word ptr [bp + 0x371]
0x12c7c: int 0x21
0x12c7e: ret
2018-12-25T12:41:29.157951687Z 37 PC: 12acf | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:41:29.159569397Z 59 PC: 12ad9 | Change current directory
2018-12-25T12:41:29.161860405Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:29.164761823Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:29.166604861Z 53 PC: 12a8c | Get interrupt vector (See above)
2018-12-25T12:41:29.168130589Z 37 PC: 12a9e | Set interrupt vector (See above)
2018-12-25T12:41:29.171076087Z 71 PC: 12aaa | Get current directory (See above)
2018-12-25T12:41:29.174473887Z 78 PC: 12b18 | Find first file (See above)
2018-12-25T12:41:29.179301522Z 78 PC: 12b18 | Find first file (See above)
2018-12-25T12:41:29.184813761Z 59 PC: 12ac0 | Change current directory (See above)
2018-12-25T12:41:29.190465444Z 42 PC: 12c4f | Get date (See above)
2018-12-25T12:41:29.194505405Z 37 PC: 12acf | Set interrupt vector (See above)
2018-12-25T12:41:29.198453661Z 59 PC: 12ad9 | Change current directory (See above)
2018-12-25T12:41:29.202871652Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:29.204787096Z 26 PC: 34c | Set disk transfer address
2018-12-25T12:41:29.206479089Z 53 PC: 12a8c | Get interrupt vector (See above)
2018-12-25T12:41:29.208788323Z 37 PC: 12a9e | Set interrupt vector (See above)
2018-12-25T12:41:29.210215671Z 71 PC: 12aaa | Get current directory (See above)
2018-12-25T12:41:29.213879893Z 78 PC: 1d8 | Find first file
2018-12-25T12:41:29.219642112Z 78 PC: 1d8 | Find first file (See above)
2018-12-25T12:41:29.225654458Z 59 PC: 12ac0 | Change current directory (See above)
2018-12-25T12:41:29.230835889Z 42 PC: 30f | Get date
2018-12-25T12:41:29.234087285Z 37 PC: 12acf | Set interrupt vector (See above)
2018-12-25T12:41:29.235965746Z 59 PC: 12ad9 | Change current directory (See above)
2018-12-25T12:41:29.23831953Z 26 PC: 34c | Set disk transfer address (See above)
2018-12-25T12:41:29.240389108Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:29.242832388Z 53 PC: 12a8c | Get interrupt vector (See above)
2018-12-25T12:41:29.244515913Z 37 PC: 12a9e | Set interrupt vector (See above)
2018-12-25T12:41:29.246149082Z 71 PC: 12aaa | Get current directory (See above)
2018-12-25T12:41:29.259732191Z 78 PC: 12b18 | Find first file (See above)
2018-12-25T12:41:29.267787777Z 78 PC: 12b18 | Find first file (See above)
2018-12-25T12:41:29.271577668Z 59 PC: 12ac0 | Change current directory (See above)
2018-12-25T12:41:29.279124964Z 42 PC: 12c4f | Get date (See above)
2018-12-25T12:41:29.281749632Z 37 PC: 12acf | Set interrupt vector (See above)
2018-12-25T12:41:29.283204678Z 59 PC: 12ad9 | Change current directory (See above)
2018-12-25T12:41:29.286303425Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:29.287977196Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:29.289420478Z 53 PC: 12a8c | Get interrupt vector (See above)
2018-12-25T12:41:29.291263423Z 37 PC: 12a9e | Set interrupt vector (See above)
2018-12-25T12:41:29.293530025Z 71 PC: 12aaa | Get current directory (See above)
2018-12-25T12:41:29.300517573Z 78 PC: 12b18 | Find first file (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":1,"Min":0,"Second":0,"TimeBased":true,"OriginalID":14720,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:41:29.262366543Z 26 PC: 12c8c | Set disk transfer address
2018-12-25T12:41:29.264719042Z 53 PC: 12a8c | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:41:29.26738736Z 37 PC: 12a9e | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:41:29.269042042Z 71 PC: 12aaa | Get current directory
2018-12-25T12:41:29.272472773Z 78 PC: 12b18 | Find first file
2018-12-25T12:41:29.27905374Z 78 PC: 12b18 | Find first file (See above)
2018-12-25T12:41:29.283701016Z 59 PC: 12ac0 | Change current directory
2018-12-25T12:41:29.288804148Z 42 PC: 12c4f | Get date 0x12c4f: cmp cx, 0x7ca
0x12c53: jb 0x12c7e
0x12c55: cmp dh, 4
0x12c58: jb 0x12c7e
0x12c5a: cmp dl, 1
0x12c5d: jb 0x12c7e
0x12c5f: cmp al, 1
0x12c61: add byte ptr [bp + di], bl
0x12c63: mov ah, 0x2c
0x12c65: int 0x21
0x12c67: cmp ch, 1
0x12c6a: jb 0x12c7e
0x12c6c: cmp cl, 1
0x12c6f: jb 0x12c7e
0x12c71: cmp dh, 1
0x12c74: jb 0x12c7e
0x12c76: mov ah, 9
0x12c78: lea dx, word ptr [bp + 0x371]
0x12c7c: int 0x21
0x12c7e: ret
2018-12-25T12:41:29.292769052Z 37 PC: 12acf | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:41:29.294702769Z 59 PC: 12ad9 | Change current directory
2018-12-25T12:41:29.296802979Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:29.299504562Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:29.300751119Z 53 PC: 12a8c | Get interrupt vector (See above)
2018-12-25T12:41:29.302317592Z 37 PC: 12a9e | Set interrupt vector (See above)
2018-12-25T12:41:29.304058997Z 71 PC: 12aaa | Get current directory (See above)
2018-12-25T12:41:29.30798404Z 78 PC: 12b18 | Find first file (See above)
2018-12-25T12:41:29.31304374Z 78 PC: 12b18 | Find first file (See above)
2018-12-25T12:41:29.318176348Z 59 PC: 12ac0 | Change current directory (See above)
2018-12-25T12:41:29.323887341Z 42 PC: 12c4f | Get date (See above)
2018-12-25T12:41:29.326294976Z 37 PC: 12acf | Set interrupt vector (See above)
2018-12-25T12:41:29.327503875Z 59 PC: 12ad9 | Change current directory (See above)
2018-12-25T12:41:29.330250103Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:29.331810136Z 26 PC: 34c | Set disk transfer address
2018-12-25T12:41:29.333185531Z 53 PC: 12a8c | Get interrupt vector (See above)
2018-12-25T12:41:29.33583048Z 37 PC: 12a9e | Set interrupt vector (See above)
2018-12-25T12:41:29.337266071Z 71 PC: 12aaa | Get current directory (See above)
2018-12-25T12:41:29.341003121Z 78 PC: 1d8 | Find first file
2018-12-25T12:41:29.347927271Z 78 PC: 1d8 | Find first file (See above)
2018-12-25T12:41:29.352999447Z 59 PC: 12ac0 | Change current directory (See above)
2018-12-25T12:41:29.358381098Z 42 PC: 30f | Get date
2018-12-25T12:41:29.361223713Z 37 PC: 12acf | Set interrupt vector (See above)
2018-12-25T12:41:29.362583681Z 59 PC: 12ad9 | Change current directory (See above)
2018-12-25T12:41:29.364666143Z 26 PC: 34c | Set disk transfer address (See above)
2018-12-25T12:41:29.367632966Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:29.369031953Z 53 PC: 12a8c | Get interrupt vector (See above)
2018-12-25T12:41:29.370496469Z 37 PC: 12a9e | Set interrupt vector (See above)
2018-12-25T12:41:29.371907685Z 71 PC: 12aaa | Get current directory (See above)
2018-12-25T12:41:29.376967001Z 78 PC: 12b18 | Find first file (See above)
2018-12-25T12:41:29.381890154Z 78 PC: 12b18 | Find first file (See above)
2018-12-25T12:41:29.383947803Z 59 PC: 12ac0 | Change current directory (See above)
2018-12-25T12:41:29.392502657Z 42 PC: 12c4f | Get date (See above)
2018-12-25T12:41:29.395402971Z 37 PC: 12acf | Set interrupt vector (See above)
2018-12-25T12:41:29.396841259Z 59 PC: 12ad9 | Change current directory (See above)
2018-12-25T12:41:29.399674265Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:29.400952511Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:29.401990908Z 53 PC: 12a8c | Get interrupt vector (See above)
2018-12-25T12:41:29.403755235Z 37 PC: 12a9e | Set interrupt vector (See above)
2018-12-25T12:41:29.404987353Z 71 PC: 12aaa | Get current directory (See above)
2018-12-25T12:41:29.407936667Z 78 PC: 12b18 | Find first file (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":1,"Min":0,"Second":0,"TimeBased":true,"OriginalID":14720,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:41:29.582452139Z 26 PC: 12c8c | Set disk transfer address
2018-12-25T12:41:29.5844431Z 53 PC: 12a8c | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:41:29.585547481Z 37 PC: 12a9e | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:41:29.586531738Z 71 PC: 12aaa | Get current directory
2018-12-25T12:41:29.589582111Z 78 PC: 12b18 | Find first file
2018-12-25T12:41:29.593497246Z 78 PC: 12b18 | Find first file (See above)
2018-12-25T12:41:29.597208081Z 59 PC: 12ac0 | Change current directory
2018-12-25T12:41:29.601911237Z 42 PC: 12c4f | Get date 0x12c4f: cmp cx, 0x7ca
0x12c53: jb 0x12c7e
0x12c55: cmp dh, 4
0x12c58: jb 0x12c7e
0x12c5a: cmp dl, 1
0x12c5d: jb 0x12c7e
0x12c5f: cmp al, 1
0x12c61: add byte ptr [bp + di], bl
0x12c63: mov ah, 0x2c
0x12c65: int 0x21
0x12c67: cmp ch, 1
0x12c6a: jb 0x12c7e
0x12c6c: cmp cl, 1
0x12c6f: jb 0x12c7e
0x12c71: cmp dh, 1
0x12c74: jb 0x12c7e
0x12c76: mov ah, 9
0x12c78: lea dx, word ptr [bp + 0x371]
0x12c7c: int 0x21
0x12c7e: ret
2018-12-25T12:41:29.604227033Z 37 PC: 12acf | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:41:29.605638207Z 59 PC: 12ad9 | Change current directory
2018-12-25T12:41:29.608405681Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:29.609782788Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:29.610968438Z 53 PC: 12a8c | Get interrupt vector (See above)
2018-12-25T12:41:29.612562226Z 37 PC: 12a9e | Set interrupt vector (See above)
2018-12-25T12:41:29.614141075Z 71 PC: 12aaa | Get current directory (See above)
2018-12-25T12:41:29.621870464Z 78 PC: 12b18 | Find first file (See above)
2018-12-25T12:41:29.630997414Z 78 PC: 12b18 | Find first file (See above)
2018-12-25T12:41:29.640731971Z 59 PC: 12ac0 | Change current directory (See above)
2018-12-25T12:41:29.645017031Z 42 PC: 12c4f | Get date (See above)
2018-12-25T12:41:29.647352102Z 37 PC: 12acf | Set interrupt vector (See above)
2018-12-25T12:41:29.649342857Z 59 PC: 12ad9 | Change current directory (See above)
2018-12-25T12:41:29.651210822Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:29.652751501Z 26 PC: 34c | Set disk transfer address
2018-12-25T12:41:29.654680357Z 53 PC: 12a8c | Get interrupt vector (See above)
2018-12-25T12:41:29.656119089Z 37 PC: 12a9e | Set interrupt vector (See above)
2018-12-25T12:41:29.657507137Z 71 PC: 12aaa | Get current directory (See above)
2018-12-25T12:41:29.660980291Z 78 PC: 1d8 | Find first file
2018-12-25T12:41:29.665139465Z 78 PC: 1d8 | Find first file (See above)
2018-12-25T12:41:29.669668755Z 59 PC: 12ac0 | Change current directory (See above)
2018-12-25T12:41:29.67845927Z 42 PC: 30f | Get date
2018-12-25T12:41:29.680392802Z 37 PC: 12acf | Set interrupt vector (See above)
2018-12-25T12:41:29.681334056Z 59 PC: 12ad9 | Change current directory (See above)
2018-12-25T12:41:29.683399552Z 26 PC: 34c | Set disk transfer address (See above)
2018-12-25T12:41:29.684771376Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:29.685901743Z 53 PC: 12a8c | Get interrupt vector (See above)
2018-12-25T12:41:29.68728967Z 37 PC: 12a9e | Set interrupt vector (See above)
2018-12-25T12:41:29.688462426Z 71 PC: 12aaa | Get current directory (See above)
2018-12-25T12:41:29.696123585Z 78 PC: 12b18 | Find first file (See above)
2018-12-25T12:41:29.704783097Z 78 PC: 12b18 | Find first file (See above)
2018-12-25T12:41:29.706657949Z 59 PC: 12ac0 | Change current directory (See above)
2018-12-25T12:41:29.711321876Z 42 PC: 12c4f | Get date (See above)
2018-12-25T12:41:29.713255325Z 37 PC: 12acf | Set interrupt vector (See above)
2018-12-25T12:41:29.714808084Z 59 PC: 12ad9 | Change current directory (See above)
2018-12-25T12:41:29.716323705Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:29.717388426Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:29.718717306Z 53 PC: 12a8c | Get interrupt vector (See above)
2018-12-25T12:41:29.719661129Z 37 PC: 12a9e | Set interrupt vector (See above)
2018-12-25T12:41:29.720585907Z 71 PC: 12aaa | Get current directory (See above)
2018-12-25T12:41:29.723683545Z 78 PC: 12b18 | Find first file (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":1,"Min":0,"Second":0,"TimeBased":true,"OriginalID":14720,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:41:30.632961579Z 26 PC: 12c8c | Set disk transfer address
2018-12-25T12:41:30.634699811Z 53 PC: 12a8c | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:41:30.63616141Z 37 PC: 12a9e | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:41:30.637521678Z 71 PC: 12aaa | Get current directory
2018-12-25T12:41:30.641726626Z 78 PC: 12b18 | Find first file
2018-12-25T12:41:30.645909949Z 78 PC: 12b18 | Find first file (See above)
2018-12-25T12:41:30.6587962Z 59 PC: 12ac0 | Change current directory
2018-12-25T12:41:30.676170536Z 42 PC: 12c4f | Get date 0x12c4f: cmp cx, 0x7ca
0x12c53: jb 0x12c7e
0x12c55: cmp dh, 4
0x12c58: jb 0x12c7e
0x12c5a: cmp dl, 1
0x12c5d: jb 0x12c7e
0x12c5f: cmp al, 1
0x12c61: add byte ptr [bp + di], bl
0x12c63: mov ah, 0x2c
0x12c65: int 0x21
0x12c67: cmp ch, 1
0x12c6a: jb 0x12c7e
0x12c6c: cmp cl, 1
0x12c6f: jb 0x12c7e
0x12c71: cmp dh, 1
0x12c74: jb 0x12c7e
0x12c76: mov ah, 9
0x12c78: lea dx, word ptr [bp + 0x371]
0x12c7c: int 0x21
0x12c7e: ret
2018-12-25T12:41:30.678323715Z 37 PC: 12acf | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:41:30.679636636Z 59 PC: 12ad9 | Change current directory
2018-12-25T12:41:30.681724091Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:30.683379749Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:30.684600062Z 53 PC: 12a8c | Get interrupt vector (See above)
2018-12-25T12:41:30.685921958Z 37 PC: 12a9e | Set interrupt vector (See above)
2018-12-25T12:41:30.688276052Z 71 PC: 12aaa | Get current directory (See above)
2018-12-25T12:41:30.691215397Z 78 PC: 12b18 | Find first file (See above)
2018-12-25T12:41:30.695610344Z 78 PC: 12b18 | Find first file (See above)
2018-12-25T12:41:30.700274013Z 59 PC: 12ac0 | Change current directory (See above)
2018-12-25T12:41:30.704529286Z 42 PC: 12c4f | Get date (See above)
2018-12-25T12:41:30.706606575Z 37 PC: 12acf | Set interrupt vector (See above)
2018-12-25T12:41:30.708806521Z 59 PC: 12ad9 | Change current directory (See above)
2018-12-25T12:41:30.710464565Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:30.712155832Z 26 PC: 34c | Set disk transfer address
2018-12-25T12:41:30.714146373Z 53 PC: 12a8c | Get interrupt vector (See above)
2018-12-25T12:41:30.715295229Z 37 PC: 12a9e | Set interrupt vector (See above)
2018-12-25T12:41:30.716350268Z 71 PC: 12aaa | Get current directory (See above)
2018-12-25T12:41:30.724620953Z 78 PC: 1d8 | Find first file
2018-12-25T12:41:30.733355351Z 78 PC: 1d8 | Find first file (See above)
2018-12-25T12:41:30.742264429Z 59 PC: 12ac0 | Change current directory (See above)
2018-12-25T12:41:30.74919506Z 42 PC: 30f | Get date
2018-12-25T12:41:30.751535958Z 37 PC: 12acf | Set interrupt vector (See above)
2018-12-25T12:41:30.752908348Z 59 PC: 12ad9 | Change current directory (See above)
2018-12-25T12:41:30.755616196Z 26 PC: 34c | Set disk transfer address (See above)
2018-12-25T12:41:30.757583092Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:30.758924359Z 53 PC: 12a8c | Get interrupt vector (See above)
2018-12-25T12:41:30.761289023Z 37 PC: 12a9e | Set interrupt vector (See above)
2018-12-25T12:41:30.76278852Z 71 PC: 12aaa | Get current directory (See above)
2018-12-25T12:41:30.765778453Z 78 PC: 12b18 | Find first file (See above)
2018-12-25T12:41:30.770567759Z 78 PC: 12b18 | Find first file (See above)
2018-12-25T12:41:30.77297414Z 59 PC: 12ac0 | Change current directory (See above)
2018-12-25T12:41:30.77736638Z 42 PC: 12c4f | Get date (See above)
2018-12-25T12:41:30.779858171Z 37 PC: 12acf | Set interrupt vector (See above)
2018-12-25T12:41:30.78124681Z 59 PC: 12ad9 | Change current directory (See above)
2018-12-25T12:41:30.782897848Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:30.784909949Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:30.786431269Z 53 PC: 12a8c | Get interrupt vector (See above)
2018-12-25T12:41:30.787470417Z 37 PC: 12a9e | Set interrupt vector (See above)
2018-12-25T12:41:30.788502088Z 71 PC: 12aaa | Get current directory (See above)
2018-12-25T12:41:30.791919262Z 78 PC: 12b18 | Find first file (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":1,"Min":0,"Second":0,"TimeBased":true,"OriginalID":14720,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:41:31.009656977Z 26 PC: 12c8c | Set disk transfer address
2018-12-25T12:41:31.011218732Z 53 PC: 12a8c | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:41:31.012872933Z 37 PC: 12a9e | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:41:31.014258677Z 71 PC: 12aaa | Get current directory
2018-12-25T12:41:31.017950099Z 78 PC: 12b18 | Find first file
2018-12-25T12:41:31.023534652Z 78 PC: 12b18 | Find first file (See above)
2018-12-25T12:41:31.033488489Z 59 PC: 12ac0 | Change current directory
2018-12-25T12:41:31.042152015Z 42 PC: 12c4f | Get date 0x12c4f: cmp cx, 0x7ca
0x12c53: jb 0x12c7e
0x12c55: cmp dh, 4
0x12c58: jb 0x12c7e
0x12c5a: cmp dl, 1
0x12c5d: jb 0x12c7e
0x12c5f: cmp al, 1
0x12c61: add byte ptr [bp + di], bl
0x12c63: mov ah, 0x2c
0x12c65: int 0x21
0x12c67: cmp ch, 1
0x12c6a: jb 0x12c7e
0x12c6c: cmp cl, 1
0x12c6f: jb 0x12c7e
0x12c71: cmp dh, 1
0x12c74: jb 0x12c7e
0x12c76: mov ah, 9
0x12c78: lea dx, word ptr [bp + 0x371]
0x12c7c: int 0x21
0x12c7e: ret
2018-12-25T12:41:31.044842591Z 37 PC: 12acf | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:41:31.045882464Z 59 PC: 12ad9 | Change current directory
2018-12-25T12:41:31.047266318Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:31.048988639Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:31.050159506Z 53 PC: 12a8c | Get interrupt vector (See above)
2018-12-25T12:41:31.05122705Z 37 PC: 12a9e | Set interrupt vector (See above)
2018-12-25T12:41:31.052678014Z 71 PC: 12aaa | Get current directory (See above)
2018-12-25T12:41:31.055437033Z 78 PC: 12b18 | Find first file (See above)
2018-12-25T12:41:31.058457827Z 78 PC: 12b18 | Find first file (See above)
2018-12-25T12:41:31.061664578Z 59 PC: 12ac0 | Change current directory (See above)
2018-12-25T12:41:31.0649735Z 42 PC: 12c4f | Get date (See above)
2018-12-25T12:41:31.066491081Z 37 PC: 12acf | Set interrupt vector (See above)
2018-12-25T12:41:31.068098394Z 59 PC: 12ad9 | Change current directory (See above)
2018-12-25T12:41:31.077589764Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:31.078818132Z 26 PC: 34c | Set disk transfer address
2018-12-25T12:41:31.080198609Z 53 PC: 12a8c | Get interrupt vector (See above)
2018-12-25T12:41:31.082004571Z 37 PC: 12a9e | Set interrupt vector (See above)
2018-12-25T12:41:31.083647157Z 71 PC: 12aaa | Get current directory (See above)
2018-12-25T12:41:31.089053317Z 78 PC: 1d8 | Find first file
2018-12-25T12:41:31.095472835Z 78 PC: 1d8 | Find first file (See above)
2018-12-25T12:41:31.10231887Z 59 PC: 12ac0 | Change current directory (See above)
2018-12-25T12:41:31.108161422Z 42 PC: 30f | Get date
2018-12-25T12:41:31.110268672Z 37 PC: 12acf | Set interrupt vector (See above)
2018-12-25T12:41:31.11431099Z 59 PC: 12ad9 | Change current directory (See above)
2018-12-25T12:41:31.115766753Z 26 PC: 34c | Set disk transfer address (See above)
2018-12-25T12:41:31.117153064Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:31.11824277Z 53 PC: 12a8c | Get interrupt vector (See above)
2018-12-25T12:41:31.119256301Z 37 PC: 12a9e | Set interrupt vector (See above)
2018-12-25T12:41:31.120429041Z 71 PC: 12aaa | Get current directory (See above)
2018-12-25T12:41:31.125894814Z 78 PC: 12b18 | Find first file (See above)
2018-12-25T12:41:31.128722802Z 78 PC: 12b18 | Find first file (See above)
2018-12-25T12:41:31.129939436Z 59 PC: 12ac0 | Change current directory (See above)
2018-12-25T12:41:31.132960244Z 42 PC: 12c4f | Get date (See above)
2018-12-25T12:41:31.134433468Z 37 PC: 12acf | Set interrupt vector (See above)
2018-12-25T12:41:31.135297865Z 59 PC: 12ad9 | Change current directory (See above)
2018-12-25T12:41:31.137311914Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:31.138679231Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:31.139906164Z 53 PC: 12a8c | Get interrupt vector (See above)
2018-12-25T12:41:31.142381175Z 37 PC: 12a9e | Set interrupt vector (See above)
2018-12-25T12:41:31.145024496Z 71 PC: 12aaa | Get current directory (See above)
2018-12-25T12:41:31.147666416Z 78 PC: 12b18 | Find first file (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":1,"Min":1,"Second":0,"TimeBased":true,"OriginalID":14720,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:41:32.65141694Z 26 PC: 12c8c | Set disk transfer address
2018-12-25T12:41:32.652758497Z 53 PC: 12a8c | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:41:32.654427777Z 37 PC: 12a9e | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:41:32.656199238Z 71 PC: 12aaa | Get current directory
2018-12-25T12:41:32.659795637Z 78 PC: 12b18 | Find first file
2018-12-25T12:41:32.66497276Z 78 PC: 12b18 | Find first file (See above)
2018-12-25T12:41:32.669626524Z 59 PC: 12ac0 | Change current directory
2018-12-25T12:41:32.674189738Z 42 PC: 12c4f | Get date 0x12c4f: cmp cx, 0x7ca
0x12c53: jb 0x12c7e
0x12c55: cmp dh, 4
0x12c58: jb 0x12c7e
0x12c5a: cmp dl, 1
0x12c5d: jb 0x12c7e
0x12c5f: cmp al, 1
0x12c61: add byte ptr [bp + di], bl
0x12c63: mov ah, 0x2c
0x12c65: int 0x21
0x12c67: cmp ch, 1
0x12c6a: jb 0x12c7e
0x12c6c: cmp cl, 1
0x12c6f: jb 0x12c7e
0x12c71: cmp dh, 1
0x12c74: jb 0x12c7e
0x12c76: mov ah, 9
0x12c78: lea dx, word ptr [bp + 0x371]
0x12c7c: int 0x21
0x12c7e: ret
2018-12-25T12:41:32.676927356Z 37 PC: 12acf | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:41:32.678378663Z 59 PC: 12ad9 | Change current directory
2018-12-25T12:41:32.6803458Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:32.683470579Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:32.684576614Z 53 PC: 12a8c | Get interrupt vector (See above)
2018-12-25T12:41:32.685827741Z 37 PC: 12a9e | Set interrupt vector (See above)
2018-12-25T12:41:32.68839101Z 71 PC: 12aaa | Get current directory (See above)
2018-12-25T12:41:32.691578361Z 78 PC: 12b18 | Find first file (See above)
2018-12-25T12:41:32.696931158Z 78 PC: 12b18 | Find first file (See above)
2018-12-25T12:41:32.702711966Z 59 PC: 12ac0 | Change current directory (See above)
2018-12-25T12:41:32.707896228Z 42 PC: 12c4f | Get date (See above)
2018-12-25T12:41:32.710129769Z 37 PC: 12acf | Set interrupt vector (See above)
2018-12-25T12:41:32.720059681Z 59 PC: 12ad9 | Change current directory (See above)
2018-12-25T12:41:32.722187401Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:32.724011177Z 26 PC: 34c | Set disk transfer address
2018-12-25T12:41:32.7264543Z 53 PC: 12a8c | Get interrupt vector (See above)
2018-12-25T12:41:32.727862244Z 37 PC: 12a9e | Set interrupt vector (See above)
2018-12-25T12:41:32.729273868Z 71 PC: 12aaa | Get current directory (See above)
2018-12-25T12:41:32.732356764Z 78 PC: 1d8 | Find first file
2018-12-25T12:41:32.737262181Z 78 PC: 1d8 | Find first file (See above)
2018-12-25T12:41:32.741666346Z 59 PC: 12ac0 | Change current directory (See above)
2018-12-25T12:41:32.746749412Z 42 PC: 30f | Get date
2018-12-25T12:41:32.750293933Z 37 PC: 12acf | Set interrupt vector (See above)
2018-12-25T12:41:32.75249979Z 59 PC: 12ad9 | Change current directory (See above)
2018-12-25T12:41:32.754697146Z 26 PC: 34c | Set disk transfer address (See above)
2018-12-25T12:41:32.756819372Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:32.757948881Z 53 PC: 12a8c | Get interrupt vector (See above)
2018-12-25T12:41:32.759133828Z 37 PC: 12a9e | Set interrupt vector (See above)
2018-12-25T12:41:32.761252235Z 71 PC: 12aaa | Get current directory (See above)
2018-12-25T12:41:32.764138768Z 78 PC: 12b18 | Find first file (See above)
2018-12-25T12:41:32.768582768Z 78 PC: 12b18 | Find first file (See above)
2018-12-25T12:41:32.771278976Z 59 PC: 12ac0 | Change current directory (See above)
2018-12-25T12:41:32.781884785Z 42 PC: 12c4f | Get date (See above)
2018-12-25T12:41:32.783947695Z 37 PC: 12acf | Set interrupt vector (See above)
2018-12-25T12:41:32.785862855Z 59 PC: 12ad9 | Change current directory (See above)
2018-12-25T12:41:32.788010844Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:32.789523627Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:32.791393939Z 53 PC: 12a8c | Get interrupt vector (See above)
2018-12-25T12:41:32.793028529Z 37 PC: 12a9e | Set interrupt vector (See above)
2018-12-25T12:41:32.79440953Z 71 PC: 12aaa | Get current directory (See above)
2018-12-25T12:41:32.797696516Z 78 PC: 12b18 | Find first file (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":1,"Min":1,"Second":0,"TimeBased":true,"OriginalID":14720,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:41:33.028067535Z 26 PC: 12c8c | Set disk transfer address
2018-12-25T12:41:33.030274576Z 53 PC: 12a8c | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:41:33.031759461Z 37 PC: 12a9e | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:41:33.033155264Z 71 PC: 12aaa | Get current directory
2018-12-25T12:41:33.037060541Z 78 PC: 12b18 | Find first file
2018-12-25T12:41:33.041197087Z 78 PC: 12b18 | Find first file (See above)
2018-12-25T12:41:33.045156804Z 59 PC: 12ac0 | Change current directory
2018-12-25T12:41:33.049781606Z 42 PC: 12c4f | Get date 0x12c4f: cmp cx, 0x7ca
0x12c53: jb 0x12c7e
0x12c55: cmp dh, 4
0x12c58: jb 0x12c7e
0x12c5a: cmp dl, 1
0x12c5d: jb 0x12c7e
0x12c5f: cmp al, 1
0x12c61: add byte ptr [bp + di], bl
0x12c63: mov ah, 0x2c
0x12c65: int 0x21
0x12c67: cmp ch, 1
0x12c6a: jb 0x12c7e
0x12c6c: cmp cl, 1
0x12c6f: jb 0x12c7e
0x12c71: cmp dh, 1
0x12c74: jb 0x12c7e
0x12c76: mov ah, 9
0x12c78: lea dx, word ptr [bp + 0x371]
0x12c7c: int 0x21
0x12c7e: ret
2018-12-25T12:41:33.053755021Z 37 PC: 12acf | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:41:33.054943556Z 59 PC: 12ad9 | Change current directory
2018-12-25T12:41:33.056810394Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:33.067728535Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:33.068769743Z 53 PC: 12a8c | Get interrupt vector (See above)
2018-12-25T12:41:33.069798814Z 37 PC: 12a9e | Set interrupt vector (See above)
2018-12-25T12:41:33.071287434Z 71 PC: 12aaa | Get current directory (See above)
2018-12-25T12:41:33.078956145Z 78 PC: 12b18 | Find first file (See above)
2018-12-25T12:41:33.087853256Z 78 PC: 12b18 | Find first file (See above)
2018-12-25T12:41:33.098977758Z 59 PC: 12ac0 | Change current directory (See above)
2018-12-25T12:41:33.10640145Z 42 PC: 12c4f | Get date (See above)
2018-12-25T12:41:33.109002571Z 37 PC: 12acf | Set interrupt vector (See above)
2018-12-25T12:41:33.111409066Z 59 PC: 12ad9 | Change current directory (See above)
2018-12-25T12:41:33.113370367Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:33.114832829Z 26 PC: 34c | Set disk transfer address
2018-12-25T12:41:33.117534458Z 53 PC: 12a8c | Get interrupt vector (See above)
2018-12-25T12:41:33.118966402Z 37 PC: 12a9e | Set interrupt vector (See above)
2018-12-25T12:41:33.120259859Z 71 PC: 12aaa | Get current directory (See above)
2018-12-25T12:41:33.123884628Z 78 PC: 1d8 | Find first file
2018-12-25T12:41:33.128112493Z 78 PC: 1d8 | Find first file (See above)
2018-12-25T12:41:33.132474595Z 59 PC: 12ac0 | Change current directory (See above)
2018-12-25T12:41:33.137055841Z 42 PC: 30f | Get date
2018-12-25T12:41:33.139431234Z 37 PC: 12acf | Set interrupt vector (See above)
2018-12-25T12:41:33.140561195Z 59 PC: 12ad9 | Change current directory (See above)
2018-12-25T12:41:33.14262743Z 26 PC: 34c | Set disk transfer address (See above)
2018-12-25T12:41:33.144529088Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:33.145770088Z 53 PC: 12a8c | Get interrupt vector (See above)
2018-12-25T12:41:33.147319633Z 37 PC: 12a9e | Set interrupt vector (See above)
2018-12-25T12:41:33.149474984Z 71 PC: 12aaa | Get current directory (See above)
2018-12-25T12:41:33.152530588Z 78 PC: 12b18 | Find first file (See above)
2018-12-25T12:41:33.158203208Z 78 PC: 12b18 | Find first file (See above)
2018-12-25T12:41:33.160730434Z 59 PC: 12ac0 | Change current directory (See above)
2018-12-25T12:41:33.165250968Z 42 PC: 12c4f | Get date (See above)
2018-12-25T12:41:33.167628595Z 37 PC: 12acf | Set interrupt vector (See above)
2018-12-25T12:41:33.170048747Z 59 PC: 12ad9 | Change current directory (See above)
2018-12-25T12:41:33.172129378Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:33.173700451Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:33.176141994Z 53 PC: 12a8c | Get interrupt vector (See above)
2018-12-25T12:41:33.177643854Z 37 PC: 12a9e | Set interrupt vector (See above)
2018-12-25T12:41:33.179081465Z 71 PC: 12aaa | Get current directory (See above)
2018-12-25T12:41:33.183561234Z 78 PC: 12b18 | Find first file (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":1,"Min":1,"Second":0,"TimeBased":true,"OriginalID":14720,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:41:33.250997871Z 26 PC: 12c8c | Set disk transfer address
2018-12-25T12:41:33.253716081Z 53 PC: 12a8c | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:41:33.255608074Z 37 PC: 12a9e | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:41:33.257405451Z 71 PC: 12aaa | Get current directory
2018-12-25T12:41:33.261143832Z 78 PC: 12b18 | Find first file
2018-12-25T12:41:33.267154405Z 78 PC: 12b18 | Find first file (See above)
2018-12-25T12:41:33.272270801Z 59 PC: 12ac0 | Change current directory
2018-12-25T12:41:33.278141181Z 42 PC: 12c4f | Get date 0x12c4f: cmp cx, 0x7ca
0x12c53: jb 0x12c7e
0x12c55: cmp dh, 4
0x12c58: jb 0x12c7e
0x12c5a: cmp dl, 1
0x12c5d: jb 0x12c7e
0x12c5f: cmp al, 1
0x12c61: add byte ptr [bp + di], bl
0x12c63: mov ah, 0x2c
0x12c65: int 0x21
0x12c67: cmp ch, 1
0x12c6a: jb 0x12c7e
0x12c6c: cmp cl, 1
0x12c6f: jb 0x12c7e
0x12c71: cmp dh, 1
0x12c74: jb 0x12c7e
0x12c76: mov ah, 9
0x12c78: lea dx, word ptr [bp + 0x371]
0x12c7c: int 0x21
0x12c7e: ret
2018-12-25T12:41:33.281391206Z 37 PC: 12acf | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:41:33.282869498Z 59 PC: 12ad9 | Change current directory
2018-12-25T12:41:33.285069101Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:33.287693266Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:33.289568816Z 53 PC: 12a8c | Get interrupt vector (See above)
2018-12-25T12:41:33.291045924Z 37 PC: 12a9e | Set interrupt vector (See above)
2018-12-25T12:41:33.29350182Z 71 PC: 12aaa | Get current directory (See above)
2018-12-25T12:41:33.304157908Z 78 PC: 12b18 | Find first file (See above)
2018-12-25T12:41:33.314967067Z 78 PC: 12b18 | Find first file (See above)
2018-12-25T12:41:33.320674283Z 59 PC: 12ac0 | Change current directory (See above)
2018-12-25T12:41:33.327290112Z 42 PC: 12c4f | Get date (See above)
2018-12-25T12:41:33.329841656Z 37 PC: 12acf | Set interrupt vector (See above)
2018-12-25T12:41:33.331197002Z 59 PC: 12ad9 | Change current directory (See above)
2018-12-25T12:41:33.334220672Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:33.335635688Z 26 PC: 34c | Set disk transfer address
2018-12-25T12:41:33.33734755Z 53 PC: 12a8c | Get interrupt vector (See above)
2018-12-25T12:41:33.348157774Z 37 PC: 12a9e | Set interrupt vector (See above)
2018-12-25T12:41:33.349388391Z 71 PC: 12aaa | Get current directory (See above)
2018-12-25T12:41:33.352450716Z 78 PC: 1d8 | Find first file
2018-12-25T12:41:33.357619526Z 78 PC: 1d8 | Find first file (See above)
2018-12-25T12:41:33.368042496Z 59 PC: 12ac0 | Change current directory (See above)
2018-12-25T12:41:33.381156298Z 42 PC: 30f | Get date
2018-12-25T12:41:33.390856567Z 37 PC: 12acf | Set interrupt vector (See above)
2018-12-25T12:41:33.398319618Z 59 PC: 12ad9 | Change current directory (See above)
2018-12-25T12:41:33.400815276Z 26 PC: 34c | Set disk transfer address (See above)
2018-12-25T12:41:33.402669586Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:33.404470847Z 53 PC: 12a8c | Get interrupt vector (See above)
2018-12-25T12:41:33.405809452Z 37 PC: 12a9e | Set interrupt vector (See above)
2018-12-25T12:41:33.407121808Z 71 PC: 12aaa | Get current directory (See above)
2018-12-25T12:41:33.411046277Z 78 PC: 12b18 | Find first file (See above)
2018-12-25T12:41:33.415790267Z 78 PC: 12b18 | Find first file (See above)
2018-12-25T12:41:33.417633705Z 59 PC: 12ac0 | Change current directory (See above)
2018-12-25T12:41:33.423503713Z 42 PC: 12c4f | Get date (See above)
2018-12-25T12:41:33.426579773Z 37 PC: 12acf | Set interrupt vector (See above)
2018-12-25T12:41:33.428393483Z 59 PC: 12ad9 | Change current directory (See above)
2018-12-25T12:41:33.431959347Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:33.434603635Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:33.436415706Z 53 PC: 12a8c | Get interrupt vector (See above)
2018-12-25T12:41:33.439169873Z 37 PC: 12a9e | Set interrupt vector (See above)
2018-12-25T12:41:33.441373606Z 71 PC: 12aaa | Get current directory (See above)
2018-12-25T12:41:33.445093837Z 78 PC: 12b18 | Find first file (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":1,"Min":1,"Second":0,"TimeBased":true,"OriginalID":14720,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:41:34.361361628Z 26 PC: 12c8c | Set disk transfer address
2018-12-25T12:41:34.363392044Z 53 PC: 12a8c | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:41:34.364921007Z 37 PC: 12a9e | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:41:34.366351893Z 71 PC: 12aaa | Get current directory
2018-12-25T12:41:34.369968601Z 78 PC: 12b18 | Find first file
2018-12-25T12:41:34.378307267Z 78 PC: 12b18 | Find first file (See above)
2018-12-25T12:41:34.388828148Z 59 PC: 12ac0 | Change current directory
2018-12-25T12:41:34.394280008Z 42 PC: 12c4f | Get date 0x12c4f: cmp cx, 0x7ca
0x12c53: jb 0x12c7e
0x12c55: cmp dh, 4
0x12c58: jb 0x12c7e
0x12c5a: cmp dl, 1
0x12c5d: jb 0x12c7e
0x12c5f: cmp al, 1
0x12c61: add byte ptr [bp + di], bl
0x12c63: mov ah, 0x2c
0x12c65: int 0x21
0x12c67: cmp ch, 1
0x12c6a: jb 0x12c7e
0x12c6c: cmp cl, 1
0x12c6f: jb 0x12c7e
0x12c71: cmp dh, 1
0x12c74: jb 0x12c7e
0x12c76: mov ah, 9
0x12c78: lea dx, word ptr [bp + 0x371]
0x12c7c: int 0x21
0x12c7e: ret
2018-12-25T12:41:34.397742401Z 37 PC: 12acf | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:41:34.399405313Z 59 PC: 12ad9 | Change current directory
2018-12-25T12:41:34.401753128Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:34.404665402Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:34.405973959Z 53 PC: 12a8c | Get interrupt vector (See above)
2018-12-25T12:41:34.407385686Z 37 PC: 12a9e | Set interrupt vector (See above)
2018-12-25T12:41:34.409175132Z 71 PC: 12aaa | Get current directory (See above)
2018-12-25T12:41:34.418557513Z 78 PC: 12b18 | Find first file (See above)
2018-12-25T12:41:34.423776456Z 78 PC: 12b18 | Find first file (See above)
2018-12-25T12:41:34.429962344Z 59 PC: 12ac0 | Change current directory (See above)
2018-12-25T12:41:34.435067784Z 42 PC: 12c4f | Get date (See above)
2018-12-25T12:41:34.437567719Z 37 PC: 12acf | Set interrupt vector (See above)
2018-12-25T12:41:34.439148932Z 59 PC: 12ad9 | Change current directory (See above)
2018-12-25T12:41:34.441596292Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:34.442900695Z 26 PC: 34c | Set disk transfer address
2018-12-25T12:41:34.444012216Z 53 PC: 12a8c | Get interrupt vector (See above)
2018-12-25T12:41:34.460414953Z 37 PC: 12a9e | Set interrupt vector (See above)
2018-12-25T12:41:34.461747434Z 71 PC: 12aaa | Get current directory (See above)
2018-12-25T12:41:34.464983059Z 78 PC: 1d8 | Find first file
2018-12-25T12:41:34.472725785Z 78 PC: 1d8 | Find first file (See above)
2018-12-25T12:41:34.488502229Z 59 PC: 12ac0 | Change current directory (See above)
2018-12-25T12:41:34.493271321Z 42 PC: 30f | Get date
2018-12-25T12:41:34.509639027Z 37 PC: 12acf | Set interrupt vector (See above)
2018-12-25T12:41:34.511097049Z 59 PC: 12ad9 | Change current directory (See above)
2018-12-25T12:41:34.51309765Z 26 PC: 34c | Set disk transfer address (See above)
2018-12-25T12:41:34.516335728Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:34.517682867Z 53 PC: 12a8c | Get interrupt vector (See above)
2018-12-25T12:41:34.519070935Z 37 PC: 12a9e | Set interrupt vector (See above)
2018-12-25T12:41:34.520628264Z 71 PC: 12aaa | Get current directory (See above)
2018-12-25T12:41:34.524835477Z 78 PC: 12b18 | Find first file (See above)
2018-12-25T12:41:34.53377713Z 78 PC: 12b18 | Find first file (See above)
2018-12-25T12:41:34.536222136Z 59 PC: 12ac0 | Change current directory (See above)
2018-12-25T12:41:34.541831771Z 42 PC: 12c4f | Get date (See above)
2018-12-25T12:41:34.544738539Z 37 PC: 12acf | Set interrupt vector (See above)
2018-12-25T12:41:34.546513795Z 59 PC: 12ad9 | Change current directory (See above)
2018-12-25T12:41:34.549505459Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:34.55081638Z 26 PC: 12c8c | Set disk transfer address (See above)
2018-12-25T12:41:34.551883892Z 53 PC: 12a8c | Get interrupt vector (See above)
2018-12-25T12:41:34.554365588Z 37 PC: 12a9e | Set interrupt vector (See above)
2018-12-25T12:41:34.556019532Z 71 PC: 12aaa | Get current directory (See above)
2018-12-25T12:41:34.559530565Z 78 PC: 12b18 | Find first file (See above)