Sample viewer

vx.netlux.org/Virus.DOS.IVP.SH.924

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:10:25.296408968Z 26 PC: 12d6e | Set disk transfer address
2018-12-17T23:10:25.297471257Z 53 PC: 12af5 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:10:25.299202751Z 37 PC: 12b08 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:10:25.300205398Z 71 PC: 12b16 | Get current directory
2018-12-17T23:10:25.302783281Z 78 PC: 12b9a | Find first file
2018-12-17T23:10:25.309228357Z 78 PC: 12b9a | Find first file
2018-12-17T23:10:25.313332202Z 61 PC: 12d78 | Open file (Filename = 'SLEEP.COM')
2018-12-17T23:10:25.318547775Z 63 PC: 12bb6 | Read file or device (Read 26 bytes on handle 5)
2018-12-17T23:10:25.323546408Z 62 PC: 12bba | Close file
2018-12-17T23:10:25.325530895Z 67 PC: 12d85 | Get or set file attributes
2018-12-17T23:10:25.339086138Z 61 PC: 12d78 | Open file (Filename = 'SLEEP.COM')
2018-12-17T23:10:25.362451582Z 64 PC: 12cab | Write file or device (Write 5 bytes on handle 5)
2018-12-17T23:10:25.371397734Z 66 PC: 12d67 | Move file pointer
2018-12-17T23:10:25.373260888Z 44 PC: 12cb8 | Get time 0x12cb8: cmp dh, 0
0x12cbb: je 0x12cb2
0x12cbd: mov byte ptr cs:[bp + 0x4a0], dh
0x12cc2: call 0x12df9
0x12cc5: inc byte ptr cs:[bp + 0x4a1]
0x12cca: mov ax, 0x5701
0x12ccd: nop
0x12cce: mov cx, word ptr cs:[bp + 0x516]
0x12cd3: nop
0x12cd4: mov dx, word ptr cs:[bp + 0x518]
0x12cd9: int 0x21
0x12cdb: mov ah, 0x3e
0x12cdd: int 0x21
0x12cdf: xor cx, cx
0x12ce1: mov cl, byte ptr cs:[bp + 0x515]
0x12ce6: call 0x12d7a
0x12ce9: ret
0x12cea: nop
0x12ceb: mov ah, 0x2a
0x12ced: nop
2018-12-17T23:10:25.376085563Z 64 PC: 12e56 | Write file or device (Write 924 bytes on handle 5)
2018-12-17T23:10:25.385939611Z 87 PC: 12cdb | Get or set file date and time
2018-12-17T23:10:25.387478775Z 62 PC: 12cdf | Close file
2018-12-17T23:10:25.395902342Z 67 PC: 12d85 | Get or set file attributes
2018-12-17T23:10:25.407405361Z 79 PC: 12b9a | Find next file
2018-12-17T23:10:25.410567143Z 61 PC: 12d78 | Open file (Filename = 'PRINT.COM')
2018-12-17T23:10:25.418958473Z 63 PC: 12bb6 | Read file or device (Read 26 bytes on handle 5)
2018-12-17T23:10:25.427114014Z 62 PC: 12bba | Close file
2018-12-17T23:10:25.429797755Z 67 PC: 12d85 | Get or set file attributes
2018-12-17T23:10:25.438644646Z 61 PC: 12d78 | Open file (Filename = 'PRINT.COM')
2018-12-17T23:10:25.447681022Z 64 PC: 12cab | Write file or device (Write 5 bytes on handle 5)
2018-12-17T23:10:25.451321989Z 66 PC: 12d67 | Move file pointer
2018-12-17T23:10:25.453344483Z 44 PC: 12cb8 | Get time 0x12cb8: cmp dh, 0
0x12cbb: je 0x12cb2
0x12cbd: mov byte ptr cs:[bp + 0x4a0], dh
0x12cc2: call 0x12df9
0x12cc5: inc byte ptr cs:[bp + 0x4a1]
0x12cca: mov ax, 0x5701
0x12ccd: nop
0x12cce: mov cx, word ptr cs:[bp + 0x516]
0x12cd3: nop
0x12cd4: mov dx, word ptr cs:[bp + 0x518]
0x12cd9: int 0x21
0x12cdb: mov ah, 0x3e
0x12cdd: int 0x21
0x12cdf: xor cx, cx
0x12ce1: mov cl, byte ptr cs:[bp + 0x515]
0x12ce6: call 0x12d7a
0x12ce9: ret
0x12cea: nop
0x12ceb: mov ah, 0x2a
0x12ced: nop
2018-12-17T23:10:25.456685649Z 64 PC: 12e56 | Write file or device (Write 924 bytes on handle 5)
2018-12-17T23:10:25.466074521Z 87 PC: 12cdb | Get or set file date and time
2018-12-17T23:10:25.467712962Z 62 PC: 12cdf | Close file
2018-12-17T23:10:25.47668488Z 67 PC: 12d85 | Get or set file attributes
2018-12-17T23:10:25.48857092Z 79 PC: 12b9a | Find next file
2018-12-17T23:10:25.491954888Z 61 PC: 12d78 | Open file (Filename = 'HELLO.COM')
2018-12-17T23:10:25.499717221Z 63 PC: 12bb6 | Read file or device (Read 26 bytes on handle 5)
2018-12-17T23:10:25.508967587Z 62 PC: 12bba | Close file
2018-12-17T23:10:25.511484364Z 67 PC: 12d85 | Get or set file attributes
2018-12-17T23:10:25.523083598Z 61 PC: 12d78 | Open file (Filename = 'HELLO.COM')
2018-12-17T23:10:25.53143632Z 64 PC: 12cab | Write file or device (Write 5 bytes on handle 5)
2018-12-17T23:10:25.534708382Z 66 PC: 12d67 | Move file pointer
2018-12-17T23:10:25.536543558Z 44 PC: 12cb8 | Get time 0x12cb8: cmp dh, 0
0x12cbb: je 0x12cb2
0x12cbd: mov byte ptr cs:[bp + 0x4a0], dh
0x12cc2: call 0x12df9
0x12cc5: inc byte ptr cs:[bp + 0x4a1]
0x12cca: mov ax, 0x5701
0x12ccd: nop
0x12cce: mov cx, word ptr cs:[bp + 0x516]
0x12cd3: nop
0x12cd4: mov dx, word ptr cs:[bp + 0x518]
0x12cd9: int 0x21
0x12cdb: mov ah, 0x3e
0x12cdd: int 0x21
0x12cdf: xor cx, cx
0x12ce1: mov cl, byte ptr cs:[bp + 0x515]
0x12ce6: call 0x12d7a
0x12ce9: ret
0x12cea: nop
0x12ceb: mov ah, 0x2a
0x12ced: nop
2018-12-17T23:10:25.540578572Z 64 PC: 12e56 | Write file or device (Write 924 bytes on handle 5)
2018-12-17T23:10:25.550086253Z 87 PC: 12cdb | Get or set file date and time
2018-12-17T23:10:25.552800114Z 62 PC: 12cdf | Close file
2018-12-17T23:10:25.562833171Z 67 PC: 12d85 | Get or set file attributes
2018-12-17T23:10:25.573967667Z 79 PC: 12b9a | Find next file
2018-12-17T23:10:25.577074849Z 61 PC: 12d78 | Open file (Filename = 'PHANG.COM')
2018-12-17T23:10:25.582538609Z 63 PC: 12bb6 | Read file or device (Read 26 bytes on handle 5)
2018-12-17T23:10:25.590449678Z 62 PC: 12bba | Close file
2018-12-17T23:10:25.592718101Z 67 PC: 12d85 | Get or set file attributes
2018-12-17T23:10:25.603954448Z 61 PC: 12d78 | Open file (Filename = 'PHANG.COM')
2018-12-17T23:10:25.611654484Z 64 PC: 12cab | Write file or device (Write 5 bytes on handle 5)
2018-12-17T23:10:25.615501935Z 66 PC: 12d67 | Move file pointer
2018-12-17T23:10:25.617025715Z 44 PC: 12cb8 | Get time 0x12cb8: cmp dh, 0
0x12cbb: je 0x12cb2
0x12cbd: mov byte ptr cs:[bp + 0x4a0], dh
0x12cc2: call 0x12df9
0x12cc5: inc byte ptr cs:[bp + 0x4a1]
0x12cca: mov ax, 0x5701
0x12ccd: nop
0x12cce: mov cx, word ptr cs:[bp + 0x516]
0x12cd3: nop
0x12cd4: mov dx, word ptr cs:[bp + 0x518]
0x12cd9: int 0x21
0x12cdb: mov ah, 0x3e
0x12cdd: int 0x21
0x12cdf: xor cx, cx
0x12ce1: mov cl, byte ptr cs:[bp + 0x515]
0x12ce6: call 0x12d7a
0x12ce9: ret
0x12cea: nop
0x12ceb: mov ah, 0x2a
0x12ced: nop
2018-12-17T23:10:25.620269745Z 64 PC: 12e56 | Write file or device (Write 924 bytes on handle 5)
2018-12-17T23:10:25.629685624Z 87 PC: 12cdb | Get or set file date and time
2018-12-17T23:10:25.631742607Z 62 PC: 12cdf | Close file
2018-12-17T23:10:25.641316045Z 67 PC: 12d85 | Get or set file attributes
2018-12-17T23:10:25.652370907Z 79 PC: 12b9a | Find next file
2018-12-17T23:10:25.655355951Z 61 PC: 12d78 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T23:10:25.66364122Z 63 PC: 12bb6 | Read file or device (Read 26 bytes on handle 5)
2018-12-17T23:10:25.670832507Z 62 PC: 12bba | Close file
2018-12-17T23:10:25.672966158Z 67 PC: 12d85 | Get or set file attributes
2018-12-17T23:10:25.677780774Z 61 PC: 12d78 | Open file (Filename = 'PRINTA~1.COM�')
2018-12-17T23:10:25.683785937Z 64 PC: 12cab | Write file or device (Write 5 bytes on handle 2)
2018-12-17T23:10:25.686764623Z 66 PC: 12d67 | Move file pointer
2018-12-17T23:10:25.688173563Z 44 PC: 12cb8 | Get time 0x12cb8: cmp dh, 0
0x12cbb: je 0x12cb2
0x12cbd: mov byte ptr cs:[bp + 0x4a0], dh
0x12cc2: call 0x12df9
0x12cc5: inc byte ptr cs:[bp + 0x4a1]
0x12cca: mov ax, 0x5701
0x12ccd: nop
0x12cce: mov cx, word ptr cs:[bp + 0x516]
0x12cd3: nop
0x12cd4: mov dx, word ptr cs:[bp + 0x518]
0x12cd9: int 0x21
0x12cdb: mov ah, 0x3e
0x12cdd: int 0x21
0x12cdf: xor cx, cx
0x12ce1: mov cl, byte ptr cs:[bp + 0x515]
0x12ce6: call 0x12d7a
0x12ce9: ret
0x12cea: nop
0x12ceb: mov ah, 0x2a
0x12ced: nop
2018-12-17T23:10:25.691189773Z 64 PC: 12e56 | Write file or device (Write 924 bytes on handle 2)
2018-12-17T23:10:25.707436095Z 87 PC: 12cdb | Get or set file date and time
2018-12-17T23:10:25.709031271Z 62 PC: 12cdf | Close file
2018-12-17T23:10:25.712928879Z 67 PC: 12d85 | Get or set file attributes
2018-12-17T23:10:25.717714358Z 79 PC: 12b9a | Find next file
2018-12-17T23:10:25.720671703Z 61 PC: 12d78 | Open file (Filename = 'MANDEL.COM')
2018-12-17T23:10:25.728563986Z 63 PC: 12bb6 | Read file or device (Read 26 bytes on handle 2)
2018-12-17T23:10:25.735789267Z 62 PC: 12bba | Close file
2018-12-17T23:10:25.73850028Z 67 PC: 12d85 | Get or set file attributes
2018-12-17T23:10:25.750949142Z 61 PC: 12d78 | Open file (Filename = 'MANDEL.COM')
2018-12-17T23:10:25.760935961Z 64 PC: 12cab | Write file or device (Write 5 bytes on handle 2)
2018-12-17T23:10:25.764505717Z 66 PC: 12d67 | Move file pointer
2018-12-17T23:10:25.767449425Z 44 PC: 12cb8 | Get time 0x12cb8: cmp dh, 0
0x12cbb: je 0x12cb2
0x12cbd: mov byte ptr cs:[bp + 0x4a0], dh
0x12cc2: call 0x12df9
0x12cc5: inc byte ptr cs:[bp + 0x4a1]
0x12cca: mov ax, 0x5701
0x12ccd: nop
0x12cce: mov cx, word ptr cs:[bp + 0x516]
0x12cd3: nop
0x12cd4: mov dx, word ptr cs:[bp + 0x518]
0x12cd9: int 0x21
0x12cdb: mov ah, 0x3e
0x12cdd: int 0x21
0x12cdf: xor cx, cx
0x12ce1: mov cl, byte ptr cs:[bp + 0x515]
0x12ce6: call 0x12d7a
0x12ce9: ret
0x12cea: nop
0x12ceb: mov ah, 0x2a
0x12ced: nop
2018-12-17T23:10:25.771073368Z 64 PC: 12e56 | Write file or device (Write 924 bytes on handle 2)
2018-12-17T23:10:25.781705556Z 87 PC: 12cdb | Get or set file date and time
2018-12-17T23:10:25.785124304Z 62 PC: 12cdf | Close file
2018-12-17T23:10:25.794266454Z 67 PC: 12d85 | Get or set file attributes
2018-12-17T23:10:25.806213434Z 79 PC: 12b9a | Find next file
2018-12-17T23:10:25.810365281Z 61 PC: 12d78 | Open file (Filename = 'PAH.COM')
2018-12-17T23:10:25.818462768Z 63 PC: 12bb6 | Read file or device (Read 26 bytes on handle 2)
2018-12-17T23:10:25.826518657Z 62 PC: 12bba | Close file
2018-12-17T23:10:25.828885863Z 67 PC: 12d85 | Get or set file attributes
2018-12-17T23:10:25.840961226Z 61 PC: 12d78 | Open file (Filename = 'PAH.COM')
2018-12-17T23:10:25.848710535Z 64 PC: 12cab | Write file or device (Write 5 bytes on handle 2)
2018-12-17T23:10:25.852635611Z 66 PC: 12d67 | Move file pointer
2018-12-17T23:10:25.855250609Z 44 PC: 12cb8 | Get time 0x12cb8: cmp dh, 0
0x12cbb: je 0x12cb2
0x12cbd: mov byte ptr cs:[bp + 0x4a0], dh
0x12cc2: call 0x12df9
0x12cc5: inc byte ptr cs:[bp + 0x4a1]
0x12cca: mov ax, 0x5701
0x12ccd: nop
0x12cce: mov cx, word ptr cs:[bp + 0x516]
0x12cd3: nop
0x12cd4: mov dx, word ptr cs:[bp + 0x518]
0x12cd9: int 0x21
0x12cdb: mov ah, 0x3e
0x12cdd: int 0x21
0x12cdf: xor cx, cx
0x12ce1: mov cl, byte ptr cs:[bp + 0x515]
0x12ce6: call 0x12d7a
0x12ce9: ret
0x12cea: nop
0x12ceb: mov ah, 0x2a
0x12ced: nop
2018-12-17T23:10:25.858198499Z 64 PC: 12e56 | Write file or device (Write 924 bytes on handle 2)
2018-12-17T23:10:25.867820128Z 87 PC: 12cdb | Get or set file date and time
2018-12-17T23:10:25.870787622Z 62 PC: 12cdf | Close file
2018-12-17T23:10:25.880000402Z 67 PC: 12d85 | Get or set file attributes
2018-12-17T23:10:25.890919779Z 79 PC: 12b9a | Find next file
2018-12-17T23:10:25.894460462Z 61 PC: 12d78 | Open file (Filename = 'TEST.COM')
2018-12-17T23:10:25.901899632Z 63 PC: 12bb6 | Read file or device (Read 26 bytes on handle 2)
2018-12-17T23:10:25.909076401Z 62 PC: 12bba | Close file
2018-12-17T23:10:25.911805749Z 79 PC: 12b9a | Find next file
2018-12-17T23:10:25.914692179Z 59 PC: 12b2e | Change current directory
2018-12-17T23:10:25.919176686Z 42 PC: 12cf3 | Get date 0x12cf3: cmp cx, 0x7cc
0x12cf7: jb 0x12d5c
0x12cf9: cmp dh, 0xc
0x12cfc: jb 0x12d5c
0x12cfe: cmp dl, 1
0x12d01: jb 0x12d5c
0x12d03: mov ah, 9
0x12d05: nop
0x12d06: lea dx, word ptr [bp + 0x404]
0x12d0a: int 0x21
0x12d0c: mov ah, 0x2a
0x12d0e: nop
0x12d0f: nop
0x12d10: int 0x21
0x12d12: cmp al, 1
0x12d14: nop
0x12d15: jne 0x12d5c
0x12d17: mov cx, 3
0x12d1a: push cx
0x12d1b: cli
2018-12-17T23:10:25.922058517Z 9 PC: 12d0c | Display string (String= 'I,the almighty StEaLtH hACkeR, ..FUK VIVEK MUNDKUR!! SH LIVES! ')
2018-12-17T23:10:25.931225326Z 42 PC: 12d12 | Get date 0x12d12: cmp al, 1
0x12d14: nop
0x12d15: jne 0x12d5c
0x12d17: mov cx, 3
0x12d1a: push cx
0x12d1b: cli
0x12d1c: mov dx, 0x2ee0
0x12d1f: sub dx, word ptr cs:[0x1388]
0x12d24: mov bx, 0x64
0x12d27: mov al, 0xb6
0x12d29: out 0x43, al
0x12d2b: mov ax, bx
0x12d2d: out 0x42, al
0x12d2f: mov al, ah
0x12d31: out 0x42, al
0x12d33: in al, 0x61
0x12d35: mov ah, 0
0x12d37: or ax, 3
0x12d3a: out 0x61, al
0x12d3c: inc bx

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":16849,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:54:07.169107616Z 26 PC: 12d6e | Set disk transfer address
2018-12-25T12:54:07.170468595Z 53 PC: 12af5 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:54:07.171812888Z 37 PC: 12b08 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:54:07.172827183Z 71 PC: 12b16 | Get current directory
2018-12-25T12:54:07.175539603Z 78 PC: 12b9a | Find first file
2018-12-25T12:54:07.18174646Z 78 PC: 12b9a | Find first file (See above)
2018-12-25T12:54:07.187295471Z 61 PC: 12d78 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:54:07.193509251Z 63 PC: 12bb6 | Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:54:07.200327852Z 62 PC: 12bba | Close file
2018-12-25T12:54:07.202075364Z 67 PC: 12d85 | Get or set file attributes
2018-12-25T12:54:07.220931267Z 61 PC: 12d78 | Open file (See above)
2018-12-25T12:54:07.229035103Z 64 PC: 12cab | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:54:07.235335217Z 66 PC: 12d67 | Move file pointer
2018-12-25T12:54:07.236538125Z 44 PC: 12cb8 | Get time 0x12cb8: cmp dh, 0
0x12cbb: je 0x12cb2
0x12cbd: mov byte ptr cs:[bp + 0x4a0], dh
0x12cc2: call 0x12df9
0x12cc5: inc byte ptr cs:[bp + 0x4a1]
0x12cca: mov ax, 0x5701
0x12ccd: nop
0x12cce: mov cx, word ptr cs:[bp + 0x516]
0x12cd3: nop
0x12cd4: mov dx, word ptr cs:[bp + 0x518]
0x12cd9: int 0x21
0x12cdb: mov ah, 0x3e
0x12cdd: int 0x21
0x12cdf: xor cx, cx
0x12ce1: mov cl, byte ptr cs:[bp + 0x515]
0x12ce6: call 0x12d7a
0x12ce9: ret
0x12cea: nop
0x12ceb: mov ah, 0x2a
0x12ced: nop
2018-12-25T12:54:07.239796803Z 64 PC: 12e56 | Write file or device (Write 924 bytes on handle 5)
2018-12-25T12:54:07.248147076Z 87 PC: 12cdb | Get or set file date and time
2018-12-25T12:54:07.249407874Z 62 PC: 12cdf | Close file
2018-12-25T12:54:07.256648826Z 67 PC: 12d85 | Get or set file attributes (See above)
2018-12-25T12:54:07.266355587Z 79 PC: 12b9a | Find next file (See above)
2018-12-25T12:54:07.268879097Z 61 PC: 12d78 | Open file (See above)
2018-12-25T12:54:07.275250051Z 63 PC: 12bb6 | Read file or device (See above)
2018-12-25T12:54:07.281902986Z 62 PC: 12bba | Close file (See above)
2018-12-25T12:54:07.283621224Z 67 PC: 12d85 | Get or set file attributes (See above)
2018-12-25T12:54:07.293622287Z 61 PC: 12d78 | Open file (See above)
2018-12-25T12:54:07.300644926Z 64 PC: 12cab | Write file or device (See above)
2018-12-25T12:54:07.303331679Z 66 PC: 12d67 | Move file pointer (See above)
2018-12-25T12:54:07.304624169Z 44 PC: 12cb8 | Get time (See above)
2018-12-25T12:54:07.307696265Z 64 PC: 12e56 | Write file or device (See above)
2018-12-25T12:54:07.315873081Z 87 PC: 12cdb | Get or set file date and time (See above)
2018-12-25T12:54:07.317309699Z 62 PC: 12cdf | Close file (See above)
2018-12-25T12:54:07.325109045Z 67 PC: 12d85 | Get or set file attributes (See above)
2018-12-25T12:54:07.33453969Z 79 PC: 12b9a | Find next file (See above)
2018-12-25T12:54:07.336947029Z 61 PC: 12d78 | Open file (See above)
2018-12-25T12:54:07.343573408Z 63 PC: 12bb6 | Read file or device (See above)
2018-12-25T12:54:07.349943735Z 62 PC: 12bba | Close file (See above)
2018-12-25T12:54:07.351592637Z 67 PC: 12d85 | Get or set file attributes (See above)
2018-12-25T12:54:07.361531957Z 61 PC: 12d78 | Open file (See above)
2018-12-25T12:54:07.367754175Z 64 PC: 12cab | Write file or device (See above)
2018-12-25T12:54:07.37021913Z 66 PC: 12d67 | Move file pointer (See above)
2018-12-25T12:54:07.371728807Z 44 PC: 12cb8 | Get time (See above)
2018-12-25T12:54:07.374113436Z 64 PC: 12e56 | Write file or device (See above)
2018-12-25T12:54:07.382092962Z 87 PC: 12cdb | Get or set file date and time (See above)
2018-12-25T12:54:07.383706514Z 62 PC: 12cdf | Close file (See above)
2018-12-25T12:54:07.388469707Z 67 PC: 12d85 | Get or set file attributes (See above)
2018-12-25T12:54:07.394345799Z 79 PC: 12b9a | Find next file (See above)
2018-12-25T12:54:07.396771436Z 61 PC: 12d78 | Open file (See above)
2018-12-25T12:54:07.403240946Z 63 PC: 12bb6 | Read file or device (See above)
2018-12-25T12:54:07.409254832Z 62 PC: 12bba | Close file (See above)
2018-12-25T12:54:07.411092315Z 67 PC: 12d85 | Get or set file attributes (See above)
2018-12-25T12:54:07.421315737Z 61 PC: 12d78 | Open file (See above)
2018-12-25T12:54:07.427552273Z 64 PC: 12cab | Write file or device (See above)
2018-12-25T12:54:07.430308812Z 66 PC: 12d67 | Move file pointer (See above)
2018-12-25T12:54:07.432067777Z 44 PC: 12cb8 | Get time (See above)
2018-12-25T12:54:07.434437154Z 64 PC: 12e56 | Write file or device (See above)
2018-12-25T12:54:07.442447999Z 87 PC: 12cdb | Get or set file date and time (See above)
2018-12-25T12:54:07.443845441Z 62 PC: 12cdf | Close file (See above)
2018-12-25T12:54:07.451068657Z 67 PC: 12d85 | Get or set file attributes (See above)
2018-12-25T12:54:07.460512495Z 79 PC: 12b9a | Find next file (See above)
2018-12-25T12:54:07.463490758Z 61 PC: 12d78 | Open file (See above)
2018-12-25T12:54:07.469660357Z 63 PC: 12bb6 | Read file or device (See above)
2018-12-25T12:54:07.475932586Z 62 PC: 12bba | Close file (See above)
2018-12-25T12:54:07.478003782Z 67 PC: 12d85 | Get or set file attributes (See above)
2018-12-25T12:54:07.482123243Z 61 PC: 12d78 | Open file (See above)
2018-12-25T12:54:07.486483347Z 64 PC: 12cab | Write file or device (See above)
2018-12-25T12:54:07.489455359Z 66 PC: 12d67 | Move file pointer (See above)
2018-12-25T12:54:07.490719757Z 44 PC: 12cb8 | Get time (See above)
2018-12-25T12:54:07.492988226Z 64 PC: 12e56 | Write file or device (See above)
2018-12-25T12:54:07.50826368Z 87 PC: 12cdb | Get or set file date and time (See above)
2018-12-25T12:54:07.509813592Z 62 PC: 12cdf | Close file (See above)
2018-12-25T12:54:07.5117147Z 67 PC: 12d85 | Get or set file attributes (See above)
2018-12-25T12:54:07.516520945Z 79 PC: 12b9a | Find next file (See above)
2018-12-25T12:54:07.519057723Z 61 PC: 12d78 | Open file (See above)
2018-12-25T12:54:07.525262895Z 63 PC: 12bb6 | Read file or device (See above)
2018-12-25T12:54:07.532214559Z 62 PC: 12bba | Close file (See above)
2018-12-25T12:54:07.533923223Z 67 PC: 12d85 | Get or set file attributes (See above)
2018-12-25T12:54:07.546041956Z 61 PC: 12d78 | Open file (See above)
2018-12-25T12:54:07.553103418Z 64 PC: 12cab | Write file or device (See above)
2018-12-25T12:54:07.55945453Z 66 PC: 12d67 | Move file pointer (See above)
2018-12-25T12:54:07.560745604Z 44 PC: 12cb8 | Get time (See above)
2018-12-25T12:54:07.56381053Z 64 PC: 12e56 | Write file or device (See above)
2018-12-25T12:54:07.57246548Z 87 PC: 12cdb | Get or set file date and time (See above)
2018-12-25T12:54:07.57382069Z 62 PC: 12cdf | Close file (See above)
2018-12-25T12:54:07.588790027Z 67 PC: 12d85 | Get or set file attributes (See above)
2018-12-25T12:54:07.598345964Z 79 PC: 12b9a | Find next file (See above)
2018-12-25T12:54:07.601616986Z 61 PC: 12d78 | Open file (See above)
2018-12-25T12:54:07.609056277Z 63 PC: 12bb6 | Read file or device (See above)
2018-12-25T12:54:07.615309903Z 62 PC: 12bba | Close file (See above)
2018-12-25T12:54:07.617276641Z 67 PC: 12d85 | Get or set file attributes (See above)
2018-12-25T12:54:07.627911042Z 61 PC: 12d78 | Open file (See above)
2018-12-25T12:54:07.634891926Z 64 PC: 12cab | Write file or device (See above)
2018-12-25T12:54:07.637825774Z 66 PC: 12d67 | Move file pointer (See above)
2018-12-25T12:54:07.639874575Z 44 PC: 12cb8 | Get time (See above)
2018-12-25T12:54:07.642268108Z 64 PC: 12e56 | Write file or device (See above)
2018-12-25T12:54:07.650468713Z 87 PC: 12cdb | Get or set file date and time (See above)
2018-12-25T12:54:07.652513775Z 62 PC: 12cdf | Close file (See above)
2018-12-25T12:54:07.659924918Z 67 PC: 12d85 | Get or set file attributes (See above)
2018-12-25T12:54:07.669757053Z 79 PC: 12b9a | Find next file (See above)
2018-12-25T12:54:07.672919084Z 61 PC: 12d78 | Open file (See above)
2018-12-25T12:54:07.679140987Z 63 PC: 12bb6 | Read file or device (See above)
2018-12-25T12:54:07.685218452Z 62 PC: 12bba | Close file (See above)
2018-12-25T12:54:07.68709587Z 79 PC: 12b9a | Find next file (See above)
2018-12-25T12:54:07.689802473Z 59 PC: 12b2e | Change current directory
2018-12-25T12:54:07.693708511Z 42 PC: 12cf3 | Get date 0x12cf3: cmp cx, 0x7cc
0x12cf7: jb 0x12d5c
0x12cf9: cmp dh, 0xc
0x12cfc: jb 0x12d5c
0x12cfe: cmp dl, 1
0x12d01: jb 0x12d5c
0x12d03: mov ah, 9
0x12d05: nop
0x12d06: lea dx, word ptr [bp + 0x404]
0x12d0a: int 0x21
0x12d0c: mov ah, 0x2a
0x12d0e: nop
0x12d0f: nop
0x12d10: int 0x21
0x12d12: cmp al, 1
0x12d14: nop
0x12d15: jne 0x12d5c
0x12d17: mov cx, 3
0x12d1a: push cx
0x12d1b: cli
2018-12-25T12:54:07.695700932Z 37 PC: 12b40 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:54:07.697126025Z 59 PC: 12b4d | Change current directory
2018-12-25T12:54:07.69883314Z 26 PC: 12d6e | Set disk transfer address (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":16849,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:54:07.428587784Z 26 PC: 12d6e | Set disk transfer address
2018-12-25T12:54:07.430126107Z 53 PC: 12af5 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:54:07.431345727Z 37 PC: 12b08 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:54:07.432415898Z 71 PC: 12b16 | Get current directory
2018-12-25T12:54:07.435560204Z 78 PC: 12b9a | Find first file
2018-12-25T12:54:07.441162355Z 78 PC: 12b9a | Find first file (See above)
2018-12-25T12:54:07.451497527Z 61 PC: 12d78 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:54:07.463039793Z 63 PC: 12bb6 | Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:54:07.469537807Z 62 PC: 12bba | Close file
2018-12-25T12:54:07.471266431Z 67 PC: 12d85 | Get or set file attributes
2018-12-25T12:54:07.487442394Z 61 PC: 12d78 | Open file (See above)
2018-12-25T12:54:07.493932527Z 64 PC: 12cab | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:54:07.496553973Z 66 PC: 12d67 | Move file pointer
2018-12-25T12:54:07.497718303Z 44 PC: 12cb8 | Get time 0x12cb8: cmp dh, 0
0x12cbb: je 0x12cb2
0x12cbd: mov byte ptr cs:[bp + 0x4a0], dh
0x12cc2: call 0x12df9
0x12cc5: inc byte ptr cs:[bp + 0x4a1]
0x12cca: mov ax, 0x5701
0x12ccd: nop
0x12cce: mov cx, word ptr cs:[bp + 0x516]
0x12cd3: nop
0x12cd4: mov dx, word ptr cs:[bp + 0x518]
0x12cd9: int 0x21
0x12cdb: mov ah, 0x3e
0x12cdd: int 0x21
0x12cdf: xor cx, cx
0x12ce1: mov cl, byte ptr cs:[bp + 0x515]
0x12ce6: call 0x12d7a
0x12ce9: ret
0x12cea: nop
0x12ceb: mov ah, 0x2a
0x12ced: nop
2018-12-25T12:54:07.500376146Z 64 PC: 12e56 | Write file or device (Write 924 bytes on handle 5)
2018-12-25T12:54:07.509012682Z 87 PC: 12cdb | Get or set file date and time
2018-12-25T12:54:07.510299018Z 62 PC: 12cdf | Close file
2018-12-25T12:54:07.518019286Z 67 PC: 12d85 | Get or set file attributes (See above)
2018-12-25T12:54:07.527589198Z 79 PC: 12b9a | Find next file (See above)
2018-12-25T12:54:07.530057024Z 61 PC: 12d78 | Open file (See above)
2018-12-25T12:54:07.542835992Z 63 PC: 12bb6 | Read file or device (See above)
2018-12-25T12:54:07.549758222Z 62 PC: 12bba | Close file (See above)
2018-12-25T12:54:07.551668769Z 67 PC: 12d85 | Get or set file attributes (See above)
2018-12-25T12:54:07.562347436Z 61 PC: 12d78 | Open file (See above)
2018-12-25T12:54:07.568766124Z 64 PC: 12cab | Write file or device (See above)
2018-12-25T12:54:07.571356703Z 66 PC: 12d67 | Move file pointer (See above)
2018-12-25T12:54:07.573334744Z 44 PC: 12cb8 | Get time (See above)
2018-12-25T12:54:07.575969694Z 64 PC: 12e56 | Write file or device (See above)
2018-12-25T12:54:07.584279268Z 87 PC: 12cdb | Get or set file date and time (See above)
2018-12-25T12:54:07.586188478Z 62 PC: 12cdf | Close file (See above)
2018-12-25T12:54:07.593568593Z 67 PC: 12d85 | Get or set file attributes (See above)
2018-12-25T12:54:07.603438169Z 79 PC: 12b9a | Find next file (See above)
2018-12-25T12:54:07.606342122Z 61 PC: 12d78 | Open file (See above)
2018-12-25T12:54:07.612580973Z 63 PC: 12bb6 | Read file or device (See above)
2018-12-25T12:54:07.618639809Z 62 PC: 12bba | Close file (See above)
2018-12-25T12:54:07.620860506Z 67 PC: 12d85 | Get or set file attributes (See above)
2018-12-25T12:54:07.630739456Z 61 PC: 12d78 | Open file (See above)
2018-12-25T12:54:07.637219358Z 64 PC: 12cab | Write file or device (See above)
2018-12-25T12:54:07.64064899Z 66 PC: 12d67 | Move file pointer (See above)
2018-12-25T12:54:07.641902193Z 44 PC: 12cb8 | Get time (See above)
2018-12-25T12:54:07.644262034Z 64 PC: 12e56 | Write file or device (See above)
2018-12-25T12:54:07.65312961Z 87 PC: 12cdb | Get or set file date and time (See above)
2018-12-25T12:54:07.654473247Z 62 PC: 12cdf | Close file (See above)
2018-12-25T12:54:07.661406566Z 67 PC: 12d85 | Get or set file attributes (See above)
2018-12-25T12:54:07.673275033Z 79 PC: 12b9a | Find next file (See above)
2018-12-25T12:54:07.675728735Z 61 PC: 12d78 | Open file (See above)
2018-12-25T12:54:07.681862717Z 63 PC: 12bb6 | Read file or device (See above)
2018-12-25T12:54:07.688204223Z 62 PC: 12bba | Close file (See above)
2018-12-25T12:54:07.689861194Z 67 PC: 12d85 | Get or set file attributes (See above)
2018-12-25T12:54:07.699272142Z 61 PC: 12d78 | Open file (See above)
2018-12-25T12:54:07.706374829Z 64 PC: 12cab | Write file or device (See above)
2018-12-25T12:54:07.709044313Z 66 PC: 12d67 | Move file pointer (See above)
2018-12-25T12:54:07.7102447Z 44 PC: 12cb8 | Get time (See above)
2018-12-25T12:54:07.712975657Z 64 PC: 12e56 | Write file or device (See above)
2018-12-25T12:54:07.7212841Z 87 PC: 12cdb | Get or set file date and time (See above)
2018-12-25T12:54:07.722873344Z 62 PC: 12cdf | Close file (See above)
2018-12-25T12:54:07.73144303Z 67 PC: 12d85 | Get or set file attributes (See above)
2018-12-25T12:54:07.741094656Z 79 PC: 12b9a | Find next file (See above)
2018-12-25T12:54:07.743508374Z 61 PC: 12d78 | Open file (See above)
2018-12-25T12:54:07.749840085Z 63 PC: 12bb6 | Read file or device (See above)
2018-12-25T12:54:07.755740889Z 62 PC: 12bba | Close file (See above)
2018-12-25T12:54:07.75735114Z 67 PC: 12d85 | Get or set file attributes (See above)
2018-12-25T12:54:07.761624522Z 61 PC: 12d78 | Open file (See above)
2018-12-25T12:54:07.766193463Z 64 PC: 12cab | Write file or device (See above)
2018-12-25T12:54:07.768667394Z 66 PC: 12d67 | Move file pointer (See above)
2018-12-25T12:54:07.770016539Z 44 PC: 12cb8 | Get time (See above)
2018-12-25T12:54:07.772521114Z 64 PC: 12e56 | Write file or device (See above)
2018-12-25T12:54:07.787549916Z 87 PC: 12cdb | Get or set file date and time (See above)
2018-12-25T12:54:07.789123904Z 62 PC: 12cdf | Close file (See above)
2018-12-25T12:54:07.792006753Z 67 PC: 12d85 | Get or set file attributes (See above)
2018-12-25T12:54:07.796094909Z 79 PC: 12b9a | Find next file (See above)
2018-12-25T12:54:07.798663731Z 61 PC: 12d78 | Open file (See above)
2018-12-25T12:54:07.804852633Z 63 PC: 12bb6 | Read file or device (See above)
2018-12-25T12:54:07.810862695Z 62 PC: 12bba | Close file (See above)
2018-12-25T12:54:07.812703592Z 67 PC: 12d85 | Get or set file attributes (See above)
2018-12-25T12:54:07.822632201Z 61 PC: 12d78 | Open file (See above)
2018-12-25T12:54:07.828978392Z 64 PC: 12cab | Write file or device (See above)
2018-12-25T12:54:07.831572051Z 66 PC: 12d67 | Move file pointer (See above)
2018-12-25T12:54:07.832987107Z 44 PC: 12cb8 | Get time (See above)
2018-12-25T12:54:07.835421588Z 64 PC: 12e56 | Write file or device (See above)
2018-12-25T12:54:07.845235466Z 87 PC: 12cdb | Get or set file date and time (See above)
2018-12-25T12:54:07.847689042Z 62 PC: 12cdf | Close file (See above)
2018-12-25T12:54:07.855512284Z 67 PC: 12d85 | Get or set file attributes (See above)
2018-12-25T12:54:07.865039569Z 79 PC: 12b9a | Find next file (See above)
2018-12-25T12:54:07.868590885Z 61 PC: 12d78 | Open file (See above)
2018-12-25T12:54:07.874995478Z 63 PC: 12bb6 | Read file or device (See above)
2018-12-25T12:54:07.881246928Z 62 PC: 12bba | Close file (See above)
2018-12-25T12:54:07.883954832Z 67 PC: 12d85 | Get or set file attributes (See above)
2018-12-25T12:54:07.893704922Z 61 PC: 12d78 | Open file (See above)
2018-12-25T12:54:07.900316836Z 64 PC: 12cab | Write file or device (See above)
2018-12-25T12:54:07.904392817Z 66 PC: 12d67 | Move file pointer (See above)
2018-12-25T12:54:07.905863688Z 44 PC: 12cb8 | Get time (See above)
2018-12-25T12:54:07.908349148Z 64 PC: 12e56 | Write file or device (See above)
2018-12-25T12:54:07.917720041Z 87 PC: 12cdb | Get or set file date and time (See above)
2018-12-25T12:54:07.919174848Z 62 PC: 12cdf | Close file (See above)
2018-12-25T12:54:07.927035194Z 67 PC: 12d85 | Get or set file attributes (See above)
2018-12-25T12:54:07.939654027Z 79 PC: 12b9a | Find next file (See above)
2018-12-25T12:54:07.942146247Z 61 PC: 12d78 | Open file (See above)
2018-12-25T12:54:07.94844121Z 63 PC: 12bb6 | Read file or device (See above)
2018-12-25T12:54:07.955044583Z 62 PC: 12bba | Close file (See above)
2018-12-25T12:54:07.956732344Z 79 PC: 12b9a | Find next file (See above)
2018-12-25T12:54:07.959017595Z 59 PC: 12b2e | Change current directory
2018-12-25T12:54:07.963918253Z 42 PC: 12cf3 | Get date 0x12cf3: cmp cx, 0x7cc
0x12cf7: jb 0x12d5c
0x12cf9: cmp dh, 0xc
0x12cfc: jb 0x12d5c
0x12cfe: cmp dl, 1
0x12d01: jb 0x12d5c
0x12d03: mov ah, 9
0x12d05: nop
0x12d06: lea dx, word ptr [bp + 0x404]
0x12d0a: int 0x21
0x12d0c: mov ah, 0x2a
0x12d0e: nop
0x12d0f: nop
0x12d10: int 0x21
0x12d12: cmp al, 1
0x12d14: nop
0x12d15: jne 0x12d5c
0x12d17: mov cx, 3
0x12d1a: push cx
0x12d1b: cli
2018-12-25T12:54:07.965973035Z 37 PC: 12b40 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:54:07.967020075Z 59 PC: 12b4d | Change current directory
2018-12-25T12:54:07.973817201Z 26 PC: 12d6e | Set disk transfer address (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":16849,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:54:08.027507422Z 26 PC: 12d6e | Set disk transfer address
2018-12-25T12:54:08.028796222Z 53 PC: 12af5 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:54:08.030529925Z 37 PC: 12b08 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:54:08.031606217Z 71 PC: 12b16 | Get current directory
2018-12-25T12:54:08.035354701Z 78 PC: 12b9a | Find first file
2018-12-25T12:54:08.042738898Z 78 PC: 12b9a | Find first file (See above)
2018-12-25T12:54:08.050863373Z 61 PC: 12d78 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:54:08.058456761Z 63 PC: 12bb6 | Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:54:08.066648273Z 62 PC: 12bba | Close file
2018-12-25T12:54:08.068767675Z 67 PC: 12d85 | Get or set file attributes
2018-12-25T12:54:08.086220603Z 61 PC: 12d78 | Open file (See above)
2018-12-25T12:54:08.094702055Z 64 PC: 12cab | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:54:08.098335196Z 66 PC: 12d67 | Move file pointer
2018-12-25T12:54:08.099924052Z 44 PC: 12cb8 | Get time 0x12cb8: cmp dh, 0
0x12cbb: je 0x12cb2
0x12cbd: mov byte ptr cs:[bp + 0x4a0], dh
0x12cc2: call 0x12df9
0x12cc5: inc byte ptr cs:[bp + 0x4a1]
0x12cca: mov ax, 0x5701
0x12ccd: nop
0x12cce: mov cx, word ptr cs:[bp + 0x516]
0x12cd3: nop
0x12cd4: mov dx, word ptr cs:[bp + 0x518]
0x12cd9: int 0x21
0x12cdb: mov ah, 0x3e
0x12cdd: int 0x21
0x12cdf: xor cx, cx
0x12ce1: mov cl, byte ptr cs:[bp + 0x515]
0x12ce6: call 0x12d7a
0x12ce9: ret
0x12cea: nop
0x12ceb: mov ah, 0x2a
0x12ced: nop
2018-12-25T12:54:08.103778654Z 64 PC: 12e56 | Write file or device (Write 924 bytes on handle 5)
2018-12-25T12:54:08.114423388Z 87 PC: 12cdb | Get or set file date and time
2018-12-25T12:54:08.116109692Z 62 PC: 12cdf | Close file
2018-12-25T12:54:08.124578596Z 67 PC: 12d85 | Get or set file attributes (See above)
2018-12-25T12:54:08.13647489Z 79 PC: 12b9a | Find next file (See above)
2018-12-25T12:54:08.140341008Z 61 PC: 12d78 | Open file (See above)
2018-12-25T12:54:08.148005627Z 63 PC: 12bb6 | Read file or device (See above)
2018-12-25T12:54:08.155796203Z 62 PC: 12bba | Close file (See above)
2018-12-25T12:54:08.158268977Z 67 PC: 12d85 | Get or set file attributes (See above)
2018-12-25T12:54:08.170209839Z 61 PC: 12d78 | Open file (See above)
2018-12-25T12:54:08.179097244Z 64 PC: 12cab | Write file or device (See above)
2018-12-25T12:54:08.182899337Z 66 PC: 12d67 | Move file pointer (See above)
2018-12-25T12:54:08.184882568Z 44 PC: 12cb8 | Get time (See above)
2018-12-25T12:54:08.188676587Z 64 PC: 12e56 | Write file or device (See above)
2018-12-25T12:54:08.198196075Z 87 PC: 12cdb | Get or set file date and time (See above)
2018-12-25T12:54:08.19981508Z 62 PC: 12cdf | Close file (See above)
2018-12-25T12:54:08.209572996Z 67 PC: 12d85 | Get or set file attributes (See above)
2018-12-25T12:54:08.221204013Z 79 PC: 12b9a | Find next file (See above)
2018-12-25T12:54:08.224647321Z 61 PC: 12d78 | Open file (See above)
2018-12-25T12:54:08.232897021Z 63 PC: 12bb6 | Read file or device (See above)
2018-12-25T12:54:08.242978939Z 62 PC: 12bba | Close file (See above)
2018-12-25T12:54:08.247369608Z 67 PC: 12d85 | Get or set file attributes (See above)
2018-12-25T12:54:08.259218975Z 61 PC: 12d78 | Open file (See above)
2018-12-25T12:54:08.267717176Z 64 PC: 12cab | Write file or device (See above)
2018-12-25T12:54:08.271199407Z 66 PC: 12d67 | Move file pointer (See above)
2018-12-25T12:54:08.273176669Z 44 PC: 12cb8 | Get time (See above)
2018-12-25T12:54:08.277231286Z 64 PC: 12e56 | Write file or device (See above)
2018-12-25T12:54:08.28736704Z 87 PC: 12cdb | Get or set file date and time (See above)
2018-12-25T12:54:08.289416068Z 62 PC: 12cdf | Close file (See above)
2018-12-25T12:54:08.299838719Z 67 PC: 12d85 | Get or set file attributes (See above)
2018-12-25T12:54:08.311406365Z 79 PC: 12b9a | Find next file (See above)
2018-12-25T12:54:08.319639002Z 61 PC: 12d78 | Open file (See above)
2018-12-25T12:54:08.32717862Z 63 PC: 12bb6 | Read file or device (See above)
2018-12-25T12:54:08.335747193Z 62 PC: 12bba | Close file (See above)
2018-12-25T12:54:08.338324642Z 67 PC: 12d85 | Get or set file attributes (See above)
2018-12-25T12:54:08.349827894Z 61 PC: 12d78 | Open file (See above)
2018-12-25T12:54:08.358692878Z 64 PC: 12cab | Write file or device (See above)
2018-12-25T12:54:08.363093733Z 66 PC: 12d67 | Move file pointer (See above)
2018-12-25T12:54:08.365128439Z 44 PC: 12cb8 | Get time (See above)
2018-12-25T12:54:08.368928097Z 64 PC: 12e56 | Write file or device (See above)
2018-12-25T12:54:08.37868124Z 87 PC: 12cdb | Get or set file date and time (See above)
2018-12-25T12:54:08.380775946Z 62 PC: 12cdf | Close file (See above)
2018-12-25T12:54:08.390532046Z 67 PC: 12d85 | Get or set file attributes (See above)
2018-12-25T12:54:08.40198509Z 79 PC: 12b9a | Find next file (See above)
2018-12-25T12:54:08.405092343Z 61 PC: 12d78 | Open file (See above)
2018-12-25T12:54:08.412865363Z 63 PC: 12bb6 | Read file or device (See above)
2018-12-25T12:54:08.425683496Z 62 PC: 12bba | Close file (See above)
2018-12-25T12:54:08.428241192Z 67 PC: 12d85 | Get or set file attributes (See above)
2018-12-25T12:54:08.434033441Z 61 PC: 12d78 | Open file (See above)
2018-12-25T12:54:08.440036832Z 64 PC: 12cab | Write file or device (See above)
2018-12-25T12:54:08.443589824Z 66 PC: 12d67 | Move file pointer (See above)
2018-12-25T12:54:08.445722132Z 44 PC: 12cb8 | Get time (See above)
2018-12-25T12:54:08.450285111Z 64 PC: 12e56 | Write file or device (See above)
2018-12-25T12:54:08.477112066Z 87 PC: 12cdb | Get or set file date and time (See above)
2018-12-25T12:54:08.479353754Z 62 PC: 12cdf | Close file (See above)
2018-12-25T12:54:08.48237523Z 67 PC: 12d85 | Get or set file attributes (See above)
2018-12-25T12:54:08.487189261Z 79 PC: 12b9a | Find next file (See above)
2018-12-25T12:54:08.490358242Z 61 PC: 12d78 | Open file (See above)
2018-12-25T12:54:08.499252397Z 63 PC: 12bb6 | Read file or device (See above)
2018-12-25T12:54:08.506413675Z 62 PC: 12bba | Close file (See above)
2018-12-25T12:54:08.508452732Z 67 PC: 12d85 | Get or set file attributes (See above)
2018-12-25T12:54:08.520331431Z 61 PC: 12d78 | Open file (See above)
2018-12-25T12:54:08.528066894Z 64 PC: 12cab | Write file or device (See above)
2018-12-25T12:54:08.531373652Z 66 PC: 12d67 | Move file pointer (See above)
2018-12-25T12:54:08.533368346Z 44 PC: 12cb8 | Get time (See above)
2018-12-25T12:54:08.537078804Z 64 PC: 12e56 | Write file or device (See above)
2018-12-25T12:54:08.547506557Z 87 PC: 12cdb | Get or set file date and time (See above)
2018-12-25T12:54:08.549609184Z 62 PC: 12cdf | Close file (See above)
2018-12-25T12:54:08.558759063Z 67 PC: 12d85 | Get or set file attributes (See above)
2018-12-25T12:54:08.570332537Z 79 PC: 12b9a | Find next file (See above)
2018-12-25T12:54:08.574840114Z 61 PC: 12d78 | Open file (See above)
2018-12-25T12:54:08.583226135Z 63 PC: 12bb6 | Read file or device (See above)
2018-12-25T12:54:08.590902204Z 62 PC: 12bba | Close file (See above)
2018-12-25T12:54:08.593413749Z 67 PC: 12d85 | Get or set file attributes (See above)
2018-12-25T12:54:08.605565014Z 61 PC: 12d78 | Open file (See above)
2018-12-25T12:54:08.613002018Z 64 PC: 12cab | Write file or device (See above)
2018-12-25T12:54:08.616139139Z 66 PC: 12d67 | Move file pointer (See above)
2018-12-25T12:54:08.624298811Z 44 PC: 12cb8 | Get time (See above)
2018-12-25T12:54:08.627973208Z 64 PC: 12e56 | Write file or device (See above)
2018-12-25T12:54:08.641393468Z 87 PC: 12cdb | Get or set file date and time (See above)
2018-12-25T12:54:08.644476577Z 62 PC: 12cdf | Close file (See above)
2018-12-25T12:54:08.653576999Z 67 PC: 12d85 | Get or set file attributes (See above)
2018-12-25T12:54:08.66538475Z 79 PC: 12b9a | Find next file (See above)
2018-12-25T12:54:08.669796994Z 61 PC: 12d78 | Open file (See above)
2018-12-25T12:54:08.678443862Z 63 PC: 12bb6 | Read file or device (See above)
2018-12-25T12:54:08.682318876Z 62 PC: 12bba | Close file (See above)
2018-12-25T12:54:08.684961633Z 79 PC: 12b9a | Find next file (See above)
2018-12-25T12:54:08.688911132Z 59 PC: 12b2e | Change current directory
2018-12-25T12:54:08.694071372Z 42 PC: 12cf3 | Get date 0x12cf3: cmp cx, 0x7cc
0x12cf7: jb 0x12d5c
0x12cf9: cmp dh, 0xc
0x12cfc: jb 0x12d5c
0x12cfe: cmp dl, 1
0x12d01: jb 0x12d5c
0x12d03: mov ah, 9
0x12d05: nop
0x12d06: lea dx, word ptr [bp + 0x404]
0x12d0a: int 0x21
0x12d0c: mov ah, 0x2a
0x12d0e: nop
0x12d0f: nop
0x12d10: int 0x21
0x12d12: cmp al, 1
0x12d14: nop
0x12d15: jne 0x12d5c
0x12d17: mov cx, 3
0x12d1a: push cx
0x12d1b: cli
2018-12-25T12:54:08.697024169Z 37 PC: 12b40 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:54:08.699645887Z 59 PC: 12b4d | Change current directory
2018-12-25T12:54:08.70331748Z 26 PC: 12d6e | Set disk transfer address (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":16849,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:54:08.021231606Z 26 PC: 12d6e | Set disk transfer address
2018-12-25T12:54:08.022841735Z 53 PC: 12af5 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:54:08.024014847Z 37 PC: 12b08 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:54:08.025197394Z 71 PC: 12b16 | Get current directory
2018-12-25T12:54:08.028796905Z 78 PC: 12b9a | Find first file
2018-12-25T12:54:08.034776242Z 78 PC: 12b9a | Find first file (See above)
2018-12-25T12:54:08.045576509Z 61 PC: 12d78 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:54:08.05280323Z 63 PC: 12bb6 | Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:54:08.059494477Z 62 PC: 12bba | Close file
2018-12-25T12:54:08.061611357Z 67 PC: 12d85 | Get or set file attributes
2018-12-25T12:54:08.087109192Z 61 PC: 12d78 | Open file (See above)
2018-12-25T12:54:08.093554826Z 64 PC: 12cab | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:54:08.096176405Z 66 PC: 12d67 | Move file pointer
2018-12-25T12:54:08.098195885Z 44 PC: 12cb8 | Get time 0x12cb8: cmp dh, 0
0x12cbb: je 0x12cb2
0x12cbd: mov byte ptr cs:[bp + 0x4a0], dh
0x12cc2: call 0x12df9
0x12cc5: inc byte ptr cs:[bp + 0x4a1]
0x12cca: mov ax, 0x5701
0x12ccd: nop
0x12cce: mov cx, word ptr cs:[bp + 0x516]
0x12cd3: nop
0x12cd4: mov dx, word ptr cs:[bp + 0x518]
0x12cd9: int 0x21
0x12cdb: mov ah, 0x3e
0x12cdd: int 0x21
0x12cdf: xor cx, cx
0x12ce1: mov cl, byte ptr cs:[bp + 0x515]
0x12ce6: call 0x12d7a
0x12ce9: ret
0x12cea: nop
0x12ceb: mov ah, 0x2a
0x12ced: nop
2018-12-25T12:54:08.102347958Z 64 PC: 12e56 | Write file or device (Write 924 bytes on handle 5)
2018-12-25T12:54:08.111013436Z 87 PC: 12cdb | Get or set file date and time
2018-12-25T12:54:08.11231139Z 62 PC: 12cdf | Close file
2018-12-25T12:54:08.119937557Z 67 PC: 12d85 | Get or set file attributes (See above)
2018-12-25T12:54:08.129096153Z 79 PC: 12b9a | Find next file (See above)
2018-12-25T12:54:08.131977652Z 61 PC: 12d78 | Open file (See above)
2018-12-25T12:54:08.139035912Z 63 PC: 12bb6 | Read file or device (See above)
2018-12-25T12:54:08.145170693Z 62 PC: 12bba | Close file (See above)
2018-12-25T12:54:08.146866602Z 67 PC: 12d85 | Get or set file attributes (See above)
2018-12-25T12:54:08.157029838Z 61 PC: 12d78 | Open file (See above)
2018-12-25T12:54:08.163443955Z 64 PC: 12cab | Write file or device (See above)
2018-12-25T12:54:08.166064618Z 66 PC: 12d67 | Move file pointer (See above)
2018-12-25T12:54:08.167758836Z 44 PC: 12cb8 | Get time (See above)
2018-12-25T12:54:08.170141564Z 64 PC: 12e56 | Write file or device (See above)
2018-12-25T12:54:08.178314521Z 87 PC: 12cdb | Get or set file date and time (See above)
2018-12-25T12:54:08.180040419Z 62 PC: 12cdf | Close file (See above)
2018-12-25T12:54:08.187721251Z 67 PC: 12d85 | Get or set file attributes (See above)
2018-12-25T12:54:08.197121312Z 79 PC: 12b9a | Find next file (See above)
2018-12-25T12:54:08.200016505Z 61 PC: 12d78 | Open file (See above)
2018-12-25T12:54:08.206212787Z 63 PC: 12bb6 | Read file or device (See above)
2018-12-25T12:54:08.212304672Z 62 PC: 12bba | Close file (See above)
2018-12-25T12:54:08.214413612Z 67 PC: 12d85 | Get or set file attributes (See above)
2018-12-25T12:54:08.22402388Z 61 PC: 12d78 | Open file (See above)
2018-12-25T12:54:08.230288114Z 64 PC: 12cab | Write file or device (See above)
2018-12-25T12:54:08.233300288Z 66 PC: 12d67 | Move file pointer (See above)
2018-12-25T12:54:08.234532621Z 44 PC: 12cb8 | Get time (See above)
2018-12-25T12:54:08.236863883Z 64 PC: 12e56 | Write file or device (See above)
2018-12-25T12:54:08.245701159Z 87 PC: 12cdb | Get or set file date and time (See above)
2018-12-25T12:54:08.246980819Z 62 PC: 12cdf | Close file (See above)
2018-12-25T12:54:08.254227739Z 67 PC: 12d85 | Get or set file attributes (See above)
2018-12-25T12:54:08.263914215Z 79 PC: 12b9a | Find next file (See above)
2018-12-25T12:54:08.266357892Z 61 PC: 12d78 | Open file (See above)
2018-12-25T12:54:08.272497515Z 63 PC: 12bb6 | Read file or device (See above)
2018-12-25T12:54:08.278895751Z 62 PC: 12bba | Close file (See above)
2018-12-25T12:54:08.280832236Z 67 PC: 12d85 | Get or set file attributes (See above)
2018-12-25T12:54:08.290491708Z 61 PC: 12d78 | Open file (See above)
2018-12-25T12:54:08.301653496Z 64 PC: 12cab | Write file or device (See above)
2018-12-25T12:54:08.308580425Z 66 PC: 12d67 | Move file pointer (See above)
2018-12-25T12:54:08.309841316Z 44 PC: 12cb8 | Get time (See above)
2018-12-25T12:54:08.312360659Z 64 PC: 12e56 | Write file or device (See above)
2018-12-25T12:54:08.320375881Z 87 PC: 12cdb | Get or set file date and time (See above)
2018-12-25T12:54:08.321665484Z 62 PC: 12cdf | Close file (See above)
2018-12-25T12:54:08.329119818Z 67 PC: 12d85 | Get or set file attributes (See above)
2018-12-25T12:54:08.338601174Z 79 PC: 12b9a | Find next file (See above)
2018-12-25T12:54:08.34099075Z 61 PC: 12d78 | Open file (See above)
2018-12-25T12:54:08.347313049Z 63 PC: 12bb6 | Read file or device (See above)
2018-12-25T12:54:08.353271407Z 62 PC: 12bba | Close file (See above)
2018-12-25T12:54:08.354902167Z 67 PC: 12d85 | Get or set file attributes (See above)
2018-12-25T12:54:08.359127628Z 61 PC: 12d78 | Open file (See above)
2018-12-25T12:54:08.368500665Z 64 PC: 12cab | Write file or device (See above)
2018-12-25T12:54:08.370847885Z 66 PC: 12d67 | Move file pointer (See above)
2018-12-25T12:54:08.372137505Z 44 PC: 12cb8 | Get time (See above)
2018-12-25T12:54:08.374539566Z 64 PC: 12e56 | Write file or device (See above)
2018-12-25T12:54:08.396512731Z 87 PC: 12cdb | Get or set file date and time (See above)
2018-12-25T12:54:08.397908896Z 62 PC: 12cdf | Close file (See above)
2018-12-25T12:54:08.39975217Z 67 PC: 12d85 | Get or set file attributes (See above)
2018-12-25T12:54:08.404107385Z 79 PC: 12b9a | Find next file (See above)
2018-12-25T12:54:08.410716571Z 61 PC: 12d78 | Open file (See above)
2018-12-25T12:54:08.417400986Z 63 PC: 12bb6 | Read file or device (See above)
2018-12-25T12:54:08.423798999Z 62 PC: 12bba | Close file (See above)
2018-12-25T12:54:08.425680107Z 67 PC: 12d85 | Get or set file attributes (See above)
2018-12-25T12:54:08.435754762Z 61 PC: 12d78 | Open file (See above)
2018-12-25T12:54:08.442857225Z 64 PC: 12cab | Write file or device (See above)
2018-12-25T12:54:08.445590088Z 66 PC: 12d67 | Move file pointer (See above)
2018-12-25T12:54:08.446888008Z 44 PC: 12cb8 | Get time (See above)
2018-12-25T12:54:08.449224779Z 64 PC: 12e56 | Write file or device (See above)
2018-12-25T12:54:08.457979093Z 87 PC: 12cdb | Get or set file date and time (See above)
2018-12-25T12:54:08.459414735Z 62 PC: 12cdf | Close file (See above)
2018-12-25T12:54:08.466730678Z 67 PC: 12d85 | Get or set file attributes (See above)
2018-12-25T12:54:08.476693465Z 79 PC: 12b9a | Find next file (See above)
2018-12-25T12:54:08.479316789Z 61 PC: 12d78 | Open file (See above)
2018-12-25T12:54:08.485560478Z 63 PC: 12bb6 | Read file or device (See above)
2018-12-25T12:54:08.492091205Z 62 PC: 12bba | Close file (See above)
2018-12-25T12:54:08.493924543Z 67 PC: 12d85 | Get or set file attributes (See above)
2018-12-25T12:54:08.503555213Z 61 PC: 12d78 | Open file (See above)
2018-12-25T12:54:08.509951135Z 64 PC: 12cab | Write file or device (See above)
2018-12-25T12:54:08.512601817Z 66 PC: 12d67 | Move file pointer (See above)
2018-12-25T12:54:08.513781992Z 44 PC: 12cb8 | Get time (See above)
2018-12-25T12:54:08.516301602Z 64 PC: 12e56 | Write file or device (See above)
2018-12-25T12:54:08.524401394Z 87 PC: 12cdb | Get or set file date and time (See above)
2018-12-25T12:54:08.525676604Z 62 PC: 12cdf | Close file (See above)
2018-12-25T12:54:08.533037643Z 67 PC: 12d85 | Get or set file attributes (See above)
2018-12-25T12:54:08.54241386Z 79 PC: 12b9a | Find next file (See above)
2018-12-25T12:54:08.544763522Z 61 PC: 12d78 | Open file (See above)
2018-12-25T12:54:08.556407825Z 63 PC: 12bb6 | Read file or device (See above)
2018-12-25T12:54:08.562819175Z 62 PC: 12bba | Close file (See above)
2018-12-25T12:54:08.564415784Z 79 PC: 12b9a | Find next file (See above)
2018-12-25T12:54:08.566766699Z 59 PC: 12b2e | Change current directory
2018-12-25T12:54:08.571246928Z 42 PC: 12cf3 | Get date 0x12cf3: cmp cx, 0x7cc
0x12cf7: jb 0x12d5c
0x12cf9: cmp dh, 0xc
0x12cfc: jb 0x12d5c
0x12cfe: cmp dl, 1
0x12d01: jb 0x12d5c
0x12d03: mov ah, 9
0x12d05: nop
0x12d06: lea dx, word ptr [bp + 0x404]
0x12d0a: int 0x21
0x12d0c: mov ah, 0x2a
0x12d0e: nop
0x12d0f: nop
0x12d10: int 0x21
0x12d12: cmp al, 1
0x12d14: nop
0x12d15: jne 0x12d5c
0x12d17: mov cx, 3
0x12d1a: push cx
0x12d1b: cli
2018-12-25T12:54:08.573323553Z 37 PC: 12b40 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:54:08.574526186Z 59 PC: 12b4d | Change current directory
2018-12-25T12:54:08.58059075Z 26 PC: 12d6e | Set disk transfer address (See above)