Sample viewer

vx.netlux.org/Virus.DOS.Obid.555

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:22:49.136355282Z 53 PC: 13419 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:22:49.138960481Z 37 PC: 13429 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:22:49.140205978Z 26 PC: 1329c | Set disk transfer address
2018-12-17T22:22:49.14125174Z 78 PC: 13286 | Find first file
2018-12-17T22:22:49.145341971Z 61 PC: 132cc | Open file (Filename = 'OA^��I< u���&�e�&���nt/�>�t���')
2018-12-17T22:22:49.149090177Z 87 PC: 132d7 | Get or set file date and time
2018-12-17T22:22:49.150470111Z 63 PC: 132f0 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:22:49.15323731Z 66 PC: 13354 | Move file pointer
2018-12-17T22:22:49.154417594Z 66 PC: 133db | Move file pointer
2018-12-17T22:22:49.15553568Z 63 PC: 133ee | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:22:49.157796715Z 66 PC: 13354 | Move file pointer
2018-12-17T22:22:49.1591955Z 64 PC: 13312 | Write file or device (Write 555 bytes on handle 5)
2018-12-17T22:22:49.499722757Z 66 PC: 13348 | Move file pointer
2018-12-17T22:22:49.501405347Z 64 PC: 13322 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:22:49.50438128Z 87 PC: 13333 | Get or set file date and time
2018-12-17T22:22:49.505701156Z 62 PC: 13338 | Close file
2018-12-17T22:22:49.510818153Z 79 PC: 13286 | Find next file
2018-12-17T22:22:49.513382283Z 78 PC: 13286 | Find first file
2018-12-17T22:22:49.517310163Z 61 PC: 132cc | Open file (Filename = '��I< u���&�e�&���nt/�>�t���')
2018-12-17T22:22:49.523615688Z 87 PC: 132d7 | Get or set file date and time
2018-12-17T22:22:49.526252399Z 63 PC: 132f0 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:22:49.532627141Z 66 PC: 13354 | Move file pointer
2018-12-17T22:22:49.53406431Z 66 PC: 133db | Move file pointer
2018-12-17T22:22:49.536000865Z 63 PC: 133ee | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:22:49.53886411Z 66 PC: 13354 | Move file pointer
2018-12-17T22:22:49.540255702Z 64 PC: 13312 | Write file or device (Write 555 bytes on handle 5)
2018-12-17T22:22:49.851015679Z 66 PC: 13348 | Move file pointer
2018-12-17T22:22:49.853509866Z 64 PC: 13322 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:22:49.860030975Z 87 PC: 13333 | Get or set file date and time
2018-12-17T22:22:49.862112665Z 62 PC: 13338 | Close file
2018-12-17T22:22:49.87007546Z 79 PC: 13286 | Find next file
2018-12-17T22:22:49.872603033Z 61 PC: 132cc | Open file (Filename = '��I< u���&�e�&���nt/�>�t���')
2018-12-17T22:22:49.879339164Z 87 PC: 132d7 | Get or set file date and time
2018-12-17T22:22:49.880953342Z 63 PC: 132f0 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:22:49.887525259Z 66 PC: 13354 | Move file pointer
2018-12-17T22:22:49.889914186Z 66 PC: 133db | Move file pointer
2018-12-17T22:22:49.891407896Z 63 PC: 133ee | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:22:49.893915827Z 66 PC: 13354 | Move file pointer
2018-12-17T22:22:49.896022355Z 64 PC: 13312 | Write file or device (Write 555 bytes on handle 5)
2018-12-17T22:22:49.903958299Z 66 PC: 13348 | Move file pointer
2018-12-17T22:22:49.905249149Z 64 PC: 13322 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:22:49.911897583Z 87 PC: 13333 | Get or set file date and time
2018-12-17T22:22:49.913882725Z 62 PC: 13338 | Close file
2018-12-17T22:22:49.921415681Z 79 PC: 13286 | Find next file
2018-12-17T22:22:49.924712233Z 61 PC: 132cc | Open file (Filename = '��I< u���&�e�&���nt/�>�t���')
2018-12-17T22:22:49.931023117Z 87 PC: 132d7 | Get or set file date and time
2018-12-17T22:22:49.932401342Z 63 PC: 132f0 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:22:49.939311124Z 66 PC: 13354 | Move file pointer
2018-12-17T22:22:49.941493339Z 66 PC: 133db | Move file pointer
2018-12-17T22:22:49.942883027Z 63 PC: 133ee | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:22:49.945701073Z 66 PC: 13354 | Move file pointer
2018-12-17T22:22:49.948912766Z 64 PC: 13312 | Write file or device (Write 555 bytes on handle 5)
2018-12-17T22:22:49.957168175Z 66 PC: 13348 | Move file pointer
2018-12-17T22:22:49.959225395Z 64 PC: 13322 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:22:49.966643088Z 87 PC: 13333 | Get or set file date and time
2018-12-17T22:22:49.968468655Z 62 PC: 13338 | Close file
2018-12-17T22:22:49.976393727Z 79 PC: 13286 | Find next file
2018-12-17T22:22:49.98166021Z 61 PC: 132cc | Open file (Filename = '��I< u���&�e�&���nt/�>�t���')
2018-12-17T22:22:49.988028233Z 87 PC: 132d7 | Get or set file date and time
2018-12-17T22:22:49.989419311Z 63 PC: 132f0 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:22:49.996353564Z 66 PC: 13354 | Move file pointer
2018-12-17T22:22:49.99809556Z 66 PC: 133db | Move file pointer
2018-12-17T22:22:49.9998721Z 63 PC: 133ee | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:22:50.003208491Z 66 PC: 13354 | Move file pointer
2018-12-17T22:22:50.00502511Z 64 PC: 13312 | Write file or device (Write 555 bytes on handle 5)
2018-12-17T22:22:50.013684687Z 66 PC: 13348 | Move file pointer
2018-12-17T22:22:50.017622377Z 64 PC: 13322 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:22:50.024308134Z 87 PC: 13333 | Get or set file date and time
2018-12-17T22:22:50.025821077Z 62 PC: 13338 | Close file
2018-12-17T22:22:50.035155954Z 79 PC: 13286 | Find next file
2018-12-17T22:22:50.037986573Z 61 PC: 132cc | Open file (Filename = '��I< u���&�e�&���nt/�>�t���')
2018-12-17T22:22:50.044758139Z 87 PC: 132d7 | Get or set file date and time
2018-12-17T22:22:50.046459109Z 63 PC: 132f0 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:22:50.053308892Z 66 PC: 13354 | Move file pointer
2018-12-17T22:22:50.054654557Z 66 PC: 133db | Move file pointer
2018-12-17T22:22:50.056401494Z 63 PC: 133ee | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:22:50.0590201Z 66 PC: 13354 | Move file pointer
2018-12-17T22:22:50.060430002Z 64 PC: 13312 | Write file or device (Write 555 bytes on handle 5)
2018-12-17T22:22:50.068728239Z 66 PC: 13348 | Move file pointer
2018-12-17T22:22:50.070433409Z 64 PC: 13322 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:22:50.077223039Z 87 PC: 13333 | Get or set file date and time
2018-12-17T22:22:50.079280786Z 62 PC: 13338 | Close file
2018-12-17T22:22:50.088126092Z 79 PC: 13286 | Find next file
2018-12-17T22:22:50.091137015Z 61 PC: 132cc | Open file (Filename = '��I< u���&�e�&���nt/�>�t���')
2018-12-17T22:22:50.098917123Z 87 PC: 132d7 | Get or set file date and time
2018-12-17T22:22:50.1005905Z 63 PC: 132f0 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:22:50.107258969Z 66 PC: 13354 | Move file pointer
2018-12-17T22:22:50.1098022Z 66 PC: 133db | Move file pointer
2018-12-17T22:22:50.111377143Z 63 PC: 133ee | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:22:50.113872585Z 66 PC: 13354 | Move file pointer
2018-12-17T22:22:50.11608475Z 64 PC: 13312 | Write file or device (Write 555 bytes on handle 5)
2018-12-17T22:22:50.125339366Z 66 PC: 13348 | Move file pointer
2018-12-17T22:22:50.126667202Z 64 PC: 13322 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:22:50.133906551Z 87 PC: 13333 | Get or set file date and time
2018-12-17T22:22:50.135403557Z 62 PC: 13338 | Close file
2018-12-17T22:22:50.143287287Z 79 PC: 13286 | Find next file
2018-12-17T22:22:50.146687554Z 61 PC: 132cc | Open file (Filename = '��I< u���&�e�&���nt/�>�t���')
2018-12-17T22:22:50.15453992Z 87 PC: 132d7 | Get or set file date and time
2018-12-17T22:22:50.156251034Z 63 PC: 132f0 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:22:50.163578429Z 66 PC: 13354 | Move file pointer
2018-12-17T22:22:50.165635273Z 66 PC: 133db | Move file pointer
2018-12-17T22:22:50.167301702Z 63 PC: 133ee | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:22:50.17082199Z 66 PC: 13354 | Move file pointer
2018-12-17T22:22:50.172839409Z 64 PC: 13312 | Write file or device (Write 555 bytes on handle 5)
2018-12-17T22:22:50.181407609Z 66 PC: 13348 | Move file pointer
2018-12-17T22:22:50.18329289Z 64 PC: 13322 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:22:50.19092182Z 87 PC: 13333 | Get or set file date and time
2018-12-17T22:22:50.193320291Z 62 PC: 13338 | Close file
2018-12-17T22:22:50.201330659Z 79 PC: 13286 | Find next file
2018-12-17T22:22:50.205280858Z 61 PC: 132cc | Open file (Filename = '��I< u���&�e�&���nt/�>�t���')
2018-12-17T22:22:50.211969302Z 87 PC: 132d7 | Get or set file date and time
2018-12-17T22:22:50.213679404Z 63 PC: 132f0 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:22:50.21757801Z 66 PC: 13354 | Move file pointer
2018-12-17T22:22:50.219277092Z 66 PC: 133db | Move file pointer
2018-12-17T22:22:50.221663652Z 63 PC: 133ee | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:22:50.225921189Z 87 PC: 13333 | Get or set file date and time
2018-12-17T22:22:50.227687749Z 62 PC: 13338 | Close file
2018-12-17T22:22:50.235096927Z 79 PC: 13286 | Find next file
2018-12-17T22:22:50.239488635Z 37 PC: 13439 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:22:50.240841722Z 42 PC: 13359 | Get date 0x13359: cmp cx, 0x7c9
0x1335d: jb 0x13390
0x1335f: cmp al, 0
0x13361: jne 0x1336e
0x13363: mov dx, 0x29a
0x13366: add dx, si
0x13368: mov ah, 9
0x1336a: int 0x21
0x1336c: jmp 0x13380
0x1336e: mov ah, 0x2c
0x13370: int 0x21
0x13372: cmp ch, 0xc
0x13375: jne 0x13390
0x13377: mov dx, 0x281
0x1337a: add dx, si
0x1337c: mov ah, 9
0x1337e: int 0x21
0x13380: mov bh, 7
0x13382: mov ah, 0x10
0x13384: mov al, 1
2018-12-17T22:22:50.243306161Z 44 PC: 13372 | Get time 0x13372: cmp ch, 0xc
0x13375: jne 0x13390
0x13377: mov dx, 0x281
0x1337a: add dx, si
0x1337c: mov ah, 9
0x1337e: int 0x21
0x13380: mov bh, 7
0x13382: mov ah, 0x10
0x13384: mov al, 1
0x13386: int 0x10
0x13388: mov ah, 0xc
0x1338a: mov al, 7
0x1338c: int 0x21
0x1338e: jmp 0x13355
0x13390: ret
0x13391: or ax, 0x909
0x13394: or dl, byte ptr [bp + 0x20]
0x13397: insw word ptr es:[di], dx
0x13398: outsb dx, byte ptr gs:[si]
0x1339a: and byte ptr gs:[bx + 0x62], ch
2018-12-17T22:22:50.24638979Z 26 PC: 1329c | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":3999,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:50:48.892621593Z 53 PC: 13419 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:50:48.894120203Z 37 PC: 13429 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:50:48.895305626Z 26 PC: 1329c | Set disk transfer address
2018-12-25T11:50:48.911954594Z 78 PC: 13286 | Find first file
2018-12-25T11:50:48.919416693Z 61 PC: 132cc | Open file (Filename = 'OA^��I< u���&�e�&���nt/�>�t���')
2018-12-25T11:50:48.9259738Z 87 PC: 132d7 | Get or set file date and time
2018-12-25T11:50:48.92722899Z 63 PC: 132f0 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:50:48.929789679Z 66 PC: 13354 | Move file pointer
2018-12-25T11:50:48.931458353Z 66 PC: 133db | Move file pointer
2018-12-25T11:50:48.932793074Z 63 PC: 133ee | Read file or device (Read 5 bytes on handle 5)
2018-12-25T11:50:48.936547358Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:48.938266572Z 64 PC: 13312 | Write file or device (Write 555 bytes on handle 5)
2018-12-25T11:50:55.271136525Z 66 PC: 13348 | Move file pointer
2018-12-25T11:50:55.272761823Z 64 PC: 13322 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:50:55.278098689Z 87 PC: 13333 | Get or set file date and time
2018-12-25T11:50:55.279954869Z 62 PC: 13338 | Close file
2018-12-25T11:50:55.293262727Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:55.307885275Z 78 PC: 13286 | Find first file (See above)
2018-12-25T11:50:55.322758978Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:55.329447635Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:55.332871762Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:55.34563852Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:55.34766807Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:55.353414843Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:55.356912657Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:55.358380358Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:55.434368738Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:55.437046772Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:55.444696956Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:55.446950742Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.116561133Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.124130853Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:56.136933029Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:56.139521265Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:56.147495499Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.149207586Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:56.151754069Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:56.155174543Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.156841131Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:56.166795013Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:56.169730495Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:56.177634899Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.179523761Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.189144793Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.19279746Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:56.206355819Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:56.209348377Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:56.217168676Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.219099842Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:56.221936423Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:56.225511779Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.2273923Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:56.237606481Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:56.239676889Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:56.247527469Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.249473842Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.259899237Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.263176259Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:56.270703336Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:56.274162585Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:56.282050137Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.28401794Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:56.286795542Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:56.29033758Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.292423271Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:56.302003207Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:56.304258113Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:56.311981252Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.314636447Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.323837185Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.327039437Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:56.335079982Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:56.337976468Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:56.34599593Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.348048036Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:56.35126323Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:56.354435133Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.356225184Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:56.366164953Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:56.367979758Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:56.37576187Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.378933673Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.392032461Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.395348391Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:56.405266392Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:56.407655558Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:56.415733056Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.418056741Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:56.42119051Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:56.424440032Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.426485058Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:56.437620077Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:56.439549395Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:56.447436701Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.450548899Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.459952699Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.463385016Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:56.472197493Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:56.474445196Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:56.482347895Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.484403379Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:56.486749915Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:56.489822788Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.491506235Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:56.501396523Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:56.503252447Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:56.510876612Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.514208078Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.523278402Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.526658577Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:56.535410613Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:56.537892308Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:56.541255757Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.544215794Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:56.546607903Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:56.550420268Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.553671509Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.567123462Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.570485713Z 37 PC: 13439 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:50:56.572395598Z 42 PC: 13359 | Get date 0x13359: cmp cx, 0x7c9
0x1335d: jb 0x13390
0x1335f: cmp al, 0
0x13361: jne 0x1336e
0x13363: mov dx, 0x29a
0x13366: add dx, si
0x13368: mov ah, 9
0x1336a: int 0x21
0x1336c: jmp 0x13380
0x1336e: mov ah, 0x2c
0x13370: int 0x21
0x13372: cmp ch, 0xc
0x13375: jne 0x13390
0x13377: mov dx, 0x281
0x1337a: add dx, si
0x1337c: mov ah, 9
0x1337e: int 0x21
0x13380: mov bh, 7
0x13382: mov ah, 0x10
0x13384: mov al, 1
2018-12-25T11:50:56.575999623Z 26 PC: 1329c | Set disk transfer address (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":3999,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:50:48.898053129Z 53 PC: 13419 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:50:48.899627176Z 37 PC: 13429 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:50:48.900687771Z 26 PC: 1329c | Set disk transfer address
2018-12-25T11:50:48.901587656Z 78 PC: 13286 | Find first file
2018-12-25T11:50:48.907612675Z 61 PC: 132cc | Open file (Filename = 'OA^��I< u���&�e�&���nt/�>�t���')
2018-12-25T11:50:48.914386207Z 87 PC: 132d7 | Get or set file date and time
2018-12-25T11:50:48.915730257Z 63 PC: 132f0 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:50:48.918324745Z 66 PC: 13354 | Move file pointer
2018-12-25T11:50:48.919975811Z 66 PC: 133db | Move file pointer
2018-12-25T11:50:48.921546094Z 63 PC: 133ee | Read file or device (Read 5 bytes on handle 5)
2018-12-25T11:50:48.925221875Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:48.927298872Z 64 PC: 13312 | Write file or device (Write 555 bytes on handle 5)
2018-12-25T11:50:55.23306093Z 66 PC: 13348 | Move file pointer
2018-12-25T11:50:55.234497765Z 64 PC: 13322 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:50:55.238007937Z 87 PC: 13333 | Get or set file date and time
2018-12-25T11:50:55.239564332Z 62 PC: 13338 | Close file
2018-12-25T11:50:55.287909857Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:55.291877834Z 78 PC: 13286 | Find first file (See above)
2018-12-25T11:50:55.305132594Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:55.312495609Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:55.314556027Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:55.329202323Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:55.330696933Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:55.332452012Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:55.33562738Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:55.337337636Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:55.375577535Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:55.377561391Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:55.384636404Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:55.386969751Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:55.427676452Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:55.430709362Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:55.439053864Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:55.442511082Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:55.448251371Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:55.449467514Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:55.451412152Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:55.453220604Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:55.454873057Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:56.089066427Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:56.091017168Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:56.098244073Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.099786925Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.115016784Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.118446956Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:56.126333785Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:56.12992153Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:56.137288555Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.139698972Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:56.142807246Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:56.147435428Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.149470718Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:56.159504241Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:56.16208295Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:56.169791826Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.171996932Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.183262562Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.186735662Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:56.194198828Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:56.197020951Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:56.204911525Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.206812164Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:56.209557146Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:56.213085444Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.215776586Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:56.226734813Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:56.228973193Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:56.236366615Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.23830397Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.247308089Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.25023419Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:56.25738725Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:56.26007559Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:56.267516833Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.269207142Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:56.272211311Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:56.275068594Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.276927459Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:56.286918391Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:56.288745294Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:56.296309747Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.299308523Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.308441945Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.311258587Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:56.318773143Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:56.320498316Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:56.327407072Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.329910848Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:56.332733698Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:56.335696553Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.337418906Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:56.348436919Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:56.350000058Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:56.357537546Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.359982742Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.368689391Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.371834885Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:56.380350196Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:56.381738032Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:56.388682394Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.391246962Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:56.393018141Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:56.395737492Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.398198753Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:56.406757765Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:56.412512729Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:56.419817176Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.42216856Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.428335569Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.431673735Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:56.440724949Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:56.442692863Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:56.4460523Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.449320827Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:56.451311794Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:56.454834314Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.457597414Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.466037324Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.469055212Z 37 PC: 13439 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:50:56.471808941Z 42 PC: 13359 | Get date 0x13359: cmp cx, 0x7c9
0x1335d: jb 0x13390
0x1335f: cmp al, 0
0x13361: jne 0x1336e
0x13363: mov dx, 0x29a
0x13366: add dx, si
0x13368: mov ah, 9
0x1336a: int 0x21
0x1336c: jmp 0x13380
0x1336e: mov ah, 0x2c
0x13370: int 0x21
0x13372: cmp ch, 0xc
0x13375: jne 0x13390
0x13377: mov dx, 0x281
0x1337a: add dx, si
0x1337c: mov ah, 9
0x1337e: int 0x21
0x13380: mov bh, 7
0x13382: mov ah, 0x10
0x13384: mov al, 1
2018-12-25T11:50:56.474619342Z 26 PC: 1329c | Set disk transfer address (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":3999,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:50:48.90100884Z 53 PC: 13419 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:50:48.90258471Z 37 PC: 13429 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:50:48.90393753Z 26 PC: 1329c | Set disk transfer address
2018-12-25T11:50:48.904877176Z 78 PC: 13286 | Find first file
2018-12-25T11:50:48.911287668Z 61 PC: 132cc | Open file (Filename = 'OA^��I< u���&�e�&���nt/�>�t���')
2018-12-25T11:50:48.918138105Z 87 PC: 132d7 | Get or set file date and time
2018-12-25T11:50:48.919682724Z 63 PC: 132f0 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:50:48.922470667Z 66 PC: 13354 | Move file pointer
2018-12-25T11:50:48.923930523Z 66 PC: 133db | Move file pointer
2018-12-25T11:50:48.925287787Z 63 PC: 133ee | Read file or device (Read 5 bytes on handle 5)
2018-12-25T11:50:48.92844187Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:48.930485649Z 64 PC: 13312 | Write file or device (Write 555 bytes on handle 5)
2018-12-25T11:50:55.270066123Z 66 PC: 13348 | Move file pointer
2018-12-25T11:50:55.272871516Z 64 PC: 13322 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:50:55.276913222Z 87 PC: 13333 | Get or set file date and time
2018-12-25T11:50:55.279053799Z 62 PC: 13338 | Close file
2018-12-25T11:50:55.28656661Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:55.289564807Z 78 PC: 13286 | Find first file (See above)
2018-12-25T11:50:55.293675054Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:55.298618551Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:55.300277339Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:55.306330009Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:55.308786465Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:55.314206962Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:55.317181037Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:55.319076694Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:55.342455755Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:55.345095886Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:55.363767902Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:55.364989541Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:55.42746197Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:55.429409137Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:55.433731049Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:55.436164384Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:55.444416294Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:55.447763522Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:55.450647462Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:55.452537794Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:55.453693343Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:56.115572078Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:56.118446883Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:56.136764798Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.14101782Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.151740845Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.156493351Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:56.17013736Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:56.172634386Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:56.186802725Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.18849332Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:56.19060061Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:56.193497417Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.195400831Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:56.205737742Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:56.207697453Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:56.215744334Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.218936772Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.228215202Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.231527135Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:56.241029001Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:56.243069361Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:56.250871579Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.253940599Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:56.256148323Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:56.259428063Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.261711768Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:56.272036166Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:56.274112765Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:56.28249592Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.284919482Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.29413966Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.297750423Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:56.306588735Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:56.308705758Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:56.316062492Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.318719546Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:56.320648092Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:56.323766464Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.326339755Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:56.335635511Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:56.337354143Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:56.347105085Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.351015041Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.360455212Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.364126712Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:56.373361278Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:56.37535472Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:56.382983196Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.386421459Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:56.388474304Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:56.39174551Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.394825881Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:56.405071207Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:56.406974215Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:56.416189686Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.418467822Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.427691442Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.431893289Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:56.439873705Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:56.459683175Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:56.46743542Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.470597169Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:56.472638001Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:56.475896739Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.478745402Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:56.488665324Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:56.490707061Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:56.499611171Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.50178207Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.510992555Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.515344895Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:56.523379093Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:56.525459266Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:56.529317003Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.531562751Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:56.533600024Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:56.541704144Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.544710005Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.553796629Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.556795114Z 37 PC: 13439 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:50:56.559481068Z 42 PC: 13359 | Get date 0x13359: cmp cx, 0x7c9
0x1335d: jb 0x13390
0x1335f: cmp al, 0
0x13361: jne 0x1336e
0x13363: mov dx, 0x29a
0x13366: add dx, si
0x13368: mov ah, 9
0x1336a: int 0x21
0x1336c: jmp 0x13380
0x1336e: mov ah, 0x2c
0x13370: int 0x21
0x13372: cmp ch, 0xc
0x13375: jne 0x13390
0x13377: mov dx, 0x281
0x1337a: add dx, si
0x1337c: mov ah, 9
0x1337e: int 0x21
0x13380: mov bh, 7
0x13382: mov ah, 0x10
0x13384: mov al, 1
2018-12-25T11:50:56.562165059Z 26 PC: 1329c | Set disk transfer address (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":3999,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:50:48.908824454Z 53 PC: 13419 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:50:48.910471844Z 37 PC: 13429 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:50:48.911978201Z 26 PC: 1329c | Set disk transfer address
2018-12-25T11:50:48.913192035Z 78 PC: 13286 | Find first file
2018-12-25T11:50:48.919589658Z 61 PC: 132cc | Open file (Filename = 'OA^��I< u���&�e�&���nt/�>�t���')
2018-12-25T11:50:48.926306106Z 87 PC: 132d7 | Get or set file date and time
2018-12-25T11:50:48.927607923Z 63 PC: 132f0 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:50:48.9304289Z 66 PC: 13354 | Move file pointer
2018-12-25T11:50:48.932124199Z 66 PC: 133db | Move file pointer
2018-12-25T11:50:48.933307977Z 63 PC: 133ee | Read file or device (Read 5 bytes on handle 5)
2018-12-25T11:50:48.936397629Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:48.938087907Z 64 PC: 13312 | Write file or device (Write 555 bytes on handle 5)
2018-12-25T11:50:55.273520751Z 66 PC: 13348 | Move file pointer
2018-12-25T11:50:55.275365782Z 64 PC: 13322 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:50:55.278109556Z 87 PC: 13333 | Get or set file date and time
2018-12-25T11:50:55.279824982Z 62 PC: 13338 | Close file
2018-12-25T11:50:55.288491774Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:55.294069828Z 78 PC: 13286 | Find first file (See above)
2018-12-25T11:50:55.301535069Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:55.311171612Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:55.315224794Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:55.326361001Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:55.328524551Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:55.331363762Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:55.334613408Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:55.336360445Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:55.37610224Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:55.377628043Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:55.400184253Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:55.401929818Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:55.442457803Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:55.445695143Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:55.450237117Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:55.451885376Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:55.456317803Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:55.45790717Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:55.460510023Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:55.463142005Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:55.464515154Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:55.493091231Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:55.494495842Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:55.501873738Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:55.503831419Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:55.550449615Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:55.553217242Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:55.560559392Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:55.561969666Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:55.568738983Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:55.570566481Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:55.572007447Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:55.574532277Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:55.576285489Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:55.596281338Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:55.597986573Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:55.605560803Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:55.608848385Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:55.748544428Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:55.751514714Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:55.759456262Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:55.760914153Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:55.768078267Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:55.770207134Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:55.771667367Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:55.774356807Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:55.77651447Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:55.790419326Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:55.791607013Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:55.796821506Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:55.798395119Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:55.885617917Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:55.889209074Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:55.893563966Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:55.894588546Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:55.89945542Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:55.900589411Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:55.901824529Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:55.905621365Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:55.907120503Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:55.929143726Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:55.931174874Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:55.938722305Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:55.940195571Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:55.966051332Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:55.968909676Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:55.973345303Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:55.974731616Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:55.978816792Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:55.979822109Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:55.981149467Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:55.982912788Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:55.983908997Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:56.03669572Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:56.03826359Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:56.045929796Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.048094556Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.115994654Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.119686312Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:56.128087133Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:56.131650194Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:56.139405728Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.142368953Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:56.144980374Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:56.147897527Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.149957024Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:56.159361786Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:56.161276059Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:56.168962552Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.17169054Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.191538791Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.194861505Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:56.203729016Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:56.205642906Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:56.209033055Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.212294014Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:56.214308911Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:56.218169964Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.221321904Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.230006904Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.233069912Z 37 PC: 13439 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:50:56.235721515Z 42 PC: 13359 | Get date 0x13359: cmp cx, 0x7c9
0x1335d: jb 0x13390
0x1335f: cmp al, 0
0x13361: jne 0x1336e
0x13363: mov dx, 0x29a
0x13366: add dx, si
0x13368: mov ah, 9
0x1336a: int 0x21
0x1336c: jmp 0x13380
0x1336e: mov ah, 0x2c
0x13370: int 0x21
0x13372: cmp ch, 0xc
0x13375: jne 0x13390
0x13377: mov dx, 0x281
0x1337a: add dx, si
0x1337c: mov ah, 9
0x1337e: int 0x21
0x13380: mov bh, 7
0x13382: mov ah, 0x10
0x13384: mov al, 1
2018-12-25T11:50:56.239073149Z 26 PC: 1329c | Set disk transfer address (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":12,"Min":0,"Second":0,"TimeBased":true,"OriginalID":3999,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:50:48.894719463Z 53 PC: 13419 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:50:48.896321483Z 37 PC: 13429 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:50:48.897459226Z 26 PC: 1329c | Set disk transfer address
2018-12-25T11:50:48.898508145Z 78 PC: 13286 | Find first file
2018-12-25T11:50:48.905123901Z 61 PC: 132cc | Open file (Filename = 'OA^��I< u���&�e�&���nt/�>�t���')
2018-12-25T11:50:48.911830411Z 87 PC: 132d7 | Get or set file date and time
2018-12-25T11:50:48.913378951Z 63 PC: 132f0 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:50:48.916547032Z 66 PC: 13354 | Move file pointer
2018-12-25T11:50:48.917947357Z 66 PC: 133db | Move file pointer
2018-12-25T11:50:48.920170838Z 63 PC: 133ee | Read file or device (Read 5 bytes on handle 5)
2018-12-25T11:50:48.923433962Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:48.924918198Z 64 PC: 13312 | Write file or device (Write 555 bytes on handle 5)
2018-12-25T11:50:55.271265944Z 66 PC: 13348 | Move file pointer
2018-12-25T11:50:55.2726506Z 64 PC: 13322 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:50:55.276304859Z 87 PC: 13333 | Get or set file date and time
2018-12-25T11:50:55.278551719Z 62 PC: 13338 | Close file
2018-12-25T11:50:55.283147169Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:55.285592355Z 78 PC: 13286 | Find first file (See above)
2018-12-25T11:50:55.289908812Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:55.294371494Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:55.296521619Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:55.301572048Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:55.302998234Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:55.304982973Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:55.307674607Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:55.309053215Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:55.328386951Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:55.330385014Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:55.340198892Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:55.342804134Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:55.375506349Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:55.378491499Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:55.386282048Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:55.38773444Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:55.39881676Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:55.400721527Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:55.402639002Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:55.405311603Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:55.407103381Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:55.435872864Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:55.438101381Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:55.455034695Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:55.457775884Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:55.514206089Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:55.517246885Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:55.525164019Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:55.526524159Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:55.533468326Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:55.535122558Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:55.536527025Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:55.539015232Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:55.540875311Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:55.596136125Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:55.597637066Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:55.606118836Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:55.607951881Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:55.785877266Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:55.789614724Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:55.797505154Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:55.799033463Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:55.806379069Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:55.808294863Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:55.809703043Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:55.812379408Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:55.813877332Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:55.866633268Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:55.86811768Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:55.875683667Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:55.877208773Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:55.905146996Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:55.908439083Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:55.916348752Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:55.917949866Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:55.925899229Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:55.927364314Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:55.928886066Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:55.932047568Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:55.933474697Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:56.047713075Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:56.049944144Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:56.057545293Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.059079616Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.115373847Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.119345266Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:56.127334597Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:56.129195849Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:56.136572259Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.138504629Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:56.140538236Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:56.14519043Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.146858858Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:56.156470119Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:56.159509323Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:56.167286269Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.169086666Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.178617078Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.182352493Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:56.190794127Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:56.193507492Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:56.201346933Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.203271607Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:56.205510597Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:56.209791778Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.21179976Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:56.221083251Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:56.224481235Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:56.232278443Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.234174086Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.244254162Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.248182492Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:56.256824727Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:56.259859649Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:56.26369009Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.265771645Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:56.26807222Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:56.272925683Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.275084936Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.283323434Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.287216128Z 37 PC: 13439 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:50:56.288878166Z 42 PC: 13359 | Get date 0x13359: cmp cx, 0x7c9
0x1335d: jb 0x13390
0x1335f: cmp al, 0
0x13361: jne 0x1336e
0x13363: mov dx, 0x29a
0x13366: add dx, si
0x13368: mov ah, 9
0x1336a: int 0x21
0x1336c: jmp 0x13380
0x1336e: mov ah, 0x2c
0x13370: int 0x21
0x13372: cmp ch, 0xc
0x13375: jne 0x13390
0x13377: mov dx, 0x281
0x1337a: add dx, si
0x1337c: mov ah, 9
0x1337e: int 0x21
0x13380: mov bh, 7
0x13382: mov ah, 0x10
0x13384: mov al, 1
2018-12-25T11:50:56.291662514Z 26 PC: 1329c | Set disk transfer address (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":12,"Min":0,"Second":0,"TimeBased":true,"OriginalID":3999,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:50:49.17443694Z 53 PC: 13419 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:50:49.175744168Z 37 PC: 13429 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:50:49.176732135Z 26 PC: 1329c | Set disk transfer address
2018-12-25T11:50:49.177636904Z 78 PC: 13286 | Find first file
2018-12-25T11:50:49.181847901Z 61 PC: 132cc | Open file (Filename = 'OA^��I< u���&�e�&���nt/�>�t���')
2018-12-25T11:50:49.185691297Z 87 PC: 132d7 | Get or set file date and time
2018-12-25T11:50:49.186670481Z 63 PC: 132f0 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:50:49.188544308Z 66 PC: 13354 | Move file pointer
2018-12-25T11:50:49.189845133Z 66 PC: 133db | Move file pointer
2018-12-25T11:50:49.191247778Z 63 PC: 133ee | Read file or device (Read 5 bytes on handle 5)
2018-12-25T11:50:49.194128595Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:49.195783208Z 64 PC: 13312 | Write file or device (Write 555 bytes on handle 5)
2018-12-25T11:50:55.271206159Z 66 PC: 13348 | Move file pointer
2018-12-25T11:50:55.274057949Z 64 PC: 13322 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:50:55.288017484Z 87 PC: 13333 | Get or set file date and time
2018-12-25T11:50:55.290945361Z 62 PC: 13338 | Close file
2018-12-25T11:50:55.298386903Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:55.311118405Z 78 PC: 13286 | Find first file (See above)
2018-12-25T11:50:55.318237285Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:55.326581255Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:55.329153209Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:55.336971332Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:55.339248612Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:55.34210842Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:55.345463268Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:55.347341753Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:55.434477216Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:55.440928883Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:55.4534426Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:55.455222056Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:55.821801593Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:55.824689388Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:55.829654454Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:55.831172714Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:55.838208998Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:55.839624817Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:55.841440378Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:55.844164273Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:55.845607605Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:55.86734245Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:55.868808208Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:55.876024877Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:55.878015738Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:55.905056251Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:55.909767798Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:55.918060503Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:55.919128269Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:55.923213093Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:55.924697286Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:55.926195896Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:55.928103661Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:55.929733859Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:55.944422897Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:55.946080887Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:55.950505466Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:55.952434606Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:55.999991205Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.002875676Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:56.010180345Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:56.011538717Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:56.01893848Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.020850415Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:56.022196362Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:56.024653877Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.026323357Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:56.047081571Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:56.048628722Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:56.053952616Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.055067797Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.088751007Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.10466306Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:56.112215259Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:56.113863365Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:56.131879802Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.133695163Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:56.135284442Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:56.139735378Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.14173776Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:56.151246803Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:56.153858687Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:56.161985388Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.164142772Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.173502318Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.176667949Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:56.186003609Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:56.188363961Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:56.202207158Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.204490452Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:56.208049513Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:56.210876424Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.212575131Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:56.223090821Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:56.225520086Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:56.233291992Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.235223619Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.245652316Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.249062796Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:56.256896359Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:56.260202145Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:56.267895553Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.269967545Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:56.272867934Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:56.276443054Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.27836716Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:56.288938236Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:56.291200093Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:56.298682637Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.30000555Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.310708713Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.313951647Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:56.32186428Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:56.324726843Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:56.327925194Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.329777969Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:56.332822784Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:56.336561092Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.338353404Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.347019445Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.350125507Z 37 PC: 13439 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:50:56.351896312Z 42 PC: 13359 | Get date 0x13359: cmp cx, 0x7c9
0x1335d: jb 0x13390
0x1335f: cmp al, 0
0x13361: jne 0x1336e
0x13363: mov dx, 0x29a
0x13366: add dx, si
0x13368: mov ah, 9
0x1336a: int 0x21
0x1336c: jmp 0x13380
0x1336e: mov ah, 0x2c
0x13370: int 0x21
0x13372: cmp ch, 0xc
0x13375: jne 0x13390
0x13377: mov dx, 0x281
0x1337a: add dx, si
0x1337c: mov ah, 9
0x1337e: int 0x21
0x13380: mov bh, 7
0x13382: mov ah, 0x10
0x13384: mov al, 1
2018-12-25T11:50:56.355603158Z 26 PC: 1329c | Set disk transfer address (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":12,"Min":0,"Second":0,"TimeBased":true,"OriginalID":3999,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:50:49.416768631Z 53 PC: 13419 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:50:49.418454949Z 37 PC: 13429 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:50:49.419646718Z 26 PC: 1329c | Set disk transfer address
2018-12-25T11:50:49.420793925Z 78 PC: 13286 | Find first file
2018-12-25T11:50:49.427422142Z 61 PC: 132cc | Open file (Filename = 'OA^��I< u���&�e�&���nt/�>�t���')
2018-12-25T11:50:49.434697518Z 87 PC: 132d7 | Get or set file date and time
2018-12-25T11:50:49.436531669Z 63 PC: 132f0 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:50:49.439521704Z 66 PC: 13354 | Move file pointer
2018-12-25T11:50:49.441183285Z 66 PC: 133db | Move file pointer
2018-12-25T11:50:49.442479166Z 63 PC: 133ee | Read file or device (Read 5 bytes on handle 5)
2018-12-25T11:50:49.445916412Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:49.447394862Z 64 PC: 13312 | Write file or device (Write 555 bytes on handle 5)
2018-12-25T11:50:55.270050962Z 66 PC: 13348 | Move file pointer
2018-12-25T11:50:55.272205741Z 64 PC: 13322 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:50:55.277172109Z 87 PC: 13333 | Get or set file date and time
2018-12-25T11:50:55.28373078Z 62 PC: 13338 | Close file
2018-12-25T11:50:55.304024753Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:55.307424497Z 78 PC: 13286 | Find first file (See above)
2018-12-25T11:50:55.323414526Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:55.331188821Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:55.334453522Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:55.342715481Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:55.344473955Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:55.346742707Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:55.350277316Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:55.351916915Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:55.434557079Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:55.4400259Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:55.447491132Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:55.449702992Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.088975828Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.091965986Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:56.09912674Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:56.101731304Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:56.108748914Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.110184664Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:56.112562898Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:56.134222001Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.136432258Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:56.144030607Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:56.145803007Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:56.154894478Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.157052201Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.166097509Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.169386844Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:56.176684968Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:56.178511519Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:56.185679663Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.187461938Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:56.193257148Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:56.195639887Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.197229848Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:56.207729007Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:56.209584153Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:56.217813402Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.220888308Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.230544076Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.23385Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:56.242488381Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:56.244981183Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:56.252757017Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.255175483Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:56.258253228Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:56.2615567Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.263636602Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:56.274622468Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:56.276567626Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:56.284360705Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.287429565Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.29759529Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.300939872Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:56.309468055Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:56.311811903Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:56.319497661Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.321802775Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:56.324783598Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:56.327948255Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.330115274Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:56.340019736Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:56.342906728Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:56.351283133Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.35486315Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.36399065Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.367438206Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:56.37612459Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:56.378429176Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:56.386584537Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.389586702Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:56.392047091Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:56.39533932Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.397404348Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:56.408763459Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:56.411663298Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:56.419334505Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.42270758Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.431865827Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.435240212Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:56.443493452Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:56.445484809Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:56.453094693Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.456068588Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:56.458538866Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:56.461870078Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.464238286Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:56.475300355Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:56.477366738Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:56.487758054Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.491001956Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.500365966Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.503949816Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:56.512636558Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:56.514811211Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:56.518253985Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.521114732Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:56.522735186Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:56.5265263Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.529311963Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.537712167Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.540876155Z 37 PC: 13439 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:50:56.543479488Z 42 PC: 13359 | Get date 0x13359: cmp cx, 0x7c9
0x1335d: jb 0x13390
0x1335f: cmp al, 0
0x13361: jne 0x1336e
0x13363: mov dx, 0x29a
0x13366: add dx, si
0x13368: mov ah, 9
0x1336a: int 0x21
0x1336c: jmp 0x13380
0x1336e: mov ah, 0x2c
0x13370: int 0x21
0x13372: cmp ch, 0xc
0x13375: jne 0x13390
0x13377: mov dx, 0x281
0x1337a: add dx, si
0x1337c: mov ah, 9
0x1337e: int 0x21
0x13380: mov bh, 7
0x13382: mov ah, 0x10
0x13384: mov al, 1
2018-12-25T11:50:56.546760262Z 26 PC: 1329c | Set disk transfer address (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":12,"Min":0,"Second":0,"TimeBased":true,"OriginalID":3999,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:50:49.515918679Z 53 PC: 13419 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:50:49.517155966Z 37 PC: 13429 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:50:49.518447515Z 26 PC: 1329c | Set disk transfer address
2018-12-25T11:50:49.519416636Z 78 PC: 13286 | Find first file
2018-12-25T11:50:49.525357099Z 61 PC: 132cc | Open file (Filename = 'OA^��I< u���&�e�&���nt/�>�t���')
2018-12-25T11:50:49.532024482Z 87 PC: 132d7 | Get or set file date and time
2018-12-25T11:50:49.533436726Z 63 PC: 132f0 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:50:49.536138753Z 66 PC: 13354 | Move file pointer
2018-12-25T11:50:49.537807897Z 66 PC: 133db | Move file pointer
2018-12-25T11:50:49.539171233Z 63 PC: 133ee | Read file or device (Read 5 bytes on handle 5)
2018-12-25T11:50:49.542288379Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:49.544030995Z 64 PC: 13312 | Write file or device (Write 555 bytes on handle 5)
2018-12-25T11:50:55.270118171Z 66 PC: 13348 | Move file pointer
2018-12-25T11:50:55.271924521Z 64 PC: 13322 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:50:55.278030634Z 87 PC: 13333 | Get or set file date and time
2018-12-25T11:50:55.286483066Z 62 PC: 13338 | Close file
2018-12-25T11:50:55.296857236Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:55.307043886Z 78 PC: 13286 | Find first file (See above)
2018-12-25T11:50:55.314407695Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:55.322502972Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:55.324455568Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:55.333033886Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:55.33505152Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:55.336739422Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:55.339915651Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:55.341592591Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:55.43427813Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:55.442499708Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:55.454816143Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:55.456840434Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:55.629426358Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:55.631335549Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:55.635797338Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:55.637700901Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:55.64188793Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:55.643449066Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:55.644876518Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:55.646720139Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:55.648165097Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:55.655739041Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:55.657177461Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:55.66440942Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:55.666328617Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:55.712691071Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:55.714600277Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:55.722111524Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:55.723850803Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:55.730939376Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:55.732547245Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:55.733785559Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:55.735671322Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:55.736788863Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:56.116273957Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:56.118576997Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:56.128040172Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.1316596Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.14224837Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.145752214Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:56.154956444Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:56.157779497Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:56.165441024Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.168425217Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:56.171249447Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:56.174551692Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.176853879Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:56.18800859Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:56.189656709Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:56.198550357Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.201461976Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.210859922Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.214634642Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:56.225469893Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:56.227769108Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:56.23597484Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.239017509Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:56.241390827Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:56.244750612Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.248244976Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:56.25771583Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:56.259870709Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:56.26831345Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.270843823Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.280548384Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.283561179Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:56.291819747Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:56.293823021Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:56.301945973Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.304377609Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:56.306314596Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:56.309905829Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.31259788Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:56.322677132Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:56.324536853Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:56.333752671Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.336972914Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.34629519Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.350501565Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:56.358215136Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:56.359948402Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:56.365129708Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.367519948Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:56.368782132Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:56.370470084Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.37279921Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:56.378291419Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:56.379513224Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:56.384449068Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.385955064Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.392891466Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.396144352Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:56.401564374Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:56.404116573Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:56.409767665Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.411499288Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:56.413309459Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:56.416619649Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.418887079Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.427540835Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.430150433Z 37 PC: 13439 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:50:56.433461592Z 42 PC: 13359 | Get date 0x13359: cmp cx, 0x7c9
0x1335d: jb 0x13390
0x1335f: cmp al, 0
0x13361: jne 0x1336e
0x13363: mov dx, 0x29a
0x13366: add dx, si
0x13368: mov ah, 9
0x1336a: int 0x21
0x1336c: jmp 0x13380
0x1336e: mov ah, 0x2c
0x13370: int 0x21
0x13372: cmp ch, 0xc
0x13375: jne 0x13390
0x13377: mov dx, 0x281
0x1337a: add dx, si
0x1337c: mov ah, 9
0x1337e: int 0x21
0x13380: mov bh, 7
0x13382: mov ah, 0x10
0x13384: mov al, 1
2018-12-25T11:50:56.436285808Z 26 PC: 1329c | Set disk transfer address (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":3999,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:50:49.551321519Z 53 PC: 13419 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:50:49.552960424Z 37 PC: 13429 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:50:49.554126386Z 26 PC: 1329c | Set disk transfer address
2018-12-25T11:50:49.555080497Z 78 PC: 13286 | Find first file
2018-12-25T11:50:49.562658489Z 61 PC: 132cc | Open file (Filename = 'OA^��I< u���&�e�&���nt/�>�t���')
2018-12-25T11:50:49.569288626Z 87 PC: 132d7 | Get or set file date and time
2018-12-25T11:50:49.570677828Z 63 PC: 132f0 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:50:49.57376992Z 66 PC: 13354 | Move file pointer
2018-12-25T11:50:49.575230443Z 66 PC: 133db | Move file pointer
2018-12-25T11:50:49.576461859Z 63 PC: 133ee | Read file or device (Read 5 bytes on handle 5)
2018-12-25T11:50:49.579776094Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:49.581719238Z 64 PC: 13312 | Write file or device (Write 555 bytes on handle 5)
2018-12-25T11:50:55.279095412Z 66 PC: 13348 | Move file pointer
2018-12-25T11:50:55.281690981Z 64 PC: 13322 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:50:55.285524622Z 87 PC: 13333 | Get or set file date and time
2018-12-25T11:50:55.28708482Z 62 PC: 13338 | Close file
2018-12-25T11:50:55.294700814Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:55.298596656Z 78 PC: 13286 | Find first file (See above)
2018-12-25T11:50:55.305253237Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:55.31264852Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:55.315957262Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:55.322875488Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:55.324383502Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:55.327054137Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:55.329765918Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:55.331777786Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:55.376641082Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:55.378113952Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:55.399575306Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:55.401497099Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:55.435895355Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:55.439212777Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:55.446844933Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:55.449698712Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:55.457511134Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:55.459172406Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:55.46089679Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:55.46344569Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:55.464840207Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:55.514232419Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:55.515562381Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:55.522458862Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:55.524438046Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:55.628877202Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:55.631037933Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:55.635769253Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:55.636892002Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:55.641032306Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:55.643086992Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:55.644791397Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:55.647745586Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:55.649424322Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:55.712635095Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:55.714132881Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:55.721341566Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:55.723583122Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:55.748445559Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:55.751292574Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:55.759284577Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:55.7607679Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:55.767811089Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:55.769700427Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:55.771128809Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:55.773784305Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:55.775965148Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:56.121198263Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:56.123833642Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:56.135696602Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.139521967Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.153369735Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.162493511Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:56.181398921Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:56.184026377Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:56.195199983Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.197521215Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:56.199473114Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:56.202875528Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.20576559Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:56.216105882Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:56.218062554Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:56.231230001Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.236005885Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.252346842Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.255590911Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:56.263549462Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:56.265278048Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:56.273441802Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.276594222Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:56.278294312Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:56.28245451Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.284474954Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:56.295049972Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:56.296923187Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:56.305545085Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.308051012Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.316947175Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.320862192Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:56.329844563Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:56.331537468Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:56.339895301Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.34146052Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:56.343618675Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:56.348410853Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.350586754Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:56.360209228Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:56.36287496Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:56.371292363Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.373374672Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.387697872Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.397925682Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:56.415987322Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:56.419181098Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:56.422785718Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.424476663Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:56.426822861Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:56.429507596Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.430909306Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.43655411Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.438924454Z 37 PC: 13439 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:50:56.440080982Z 42 PC: 13359 | Get date 0x13359: cmp cx, 0x7c9
0x1335d: jb 0x13390
0x1335f: cmp al, 0
0x13361: jne 0x1336e
0x13363: mov dx, 0x29a
0x13366: add dx, si
0x13368: mov ah, 9
0x1336a: int 0x21
0x1336c: jmp 0x13380
0x1336e: mov ah, 0x2c
0x13370: int 0x21
0x13372: cmp ch, 0xc
0x13375: jne 0x13390
0x13377: mov dx, 0x281
0x1337a: add dx, si
0x1337c: mov ah, 9
0x1337e: int 0x21
0x13380: mov bh, 7
0x13382: mov ah, 0x10
0x13384: mov al, 1
2018-12-25T11:50:56.443267113Z 26 PC: 1329c | Set disk transfer address (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":3999,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:50:49.897422656Z 53 PC: 13419 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:50:49.899579907Z 37 PC: 13429 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:50:49.900700627Z 26 PC: 1329c | Set disk transfer address
2018-12-25T11:50:49.901776875Z 78 PC: 13286 | Find first file
2018-12-25T11:50:49.907465419Z 61 PC: 132cc | Open file (Filename = 'OA^��I< u���&�e�&���nt/�>�t���')
2018-12-25T11:50:49.913507387Z 87 PC: 132d7 | Get or set file date and time
2018-12-25T11:50:49.915140408Z 63 PC: 132f0 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:50:49.917977369Z 66 PC: 13354 | Move file pointer
2018-12-25T11:50:49.923065711Z 66 PC: 133db | Move file pointer
2018-12-25T11:50:49.924623044Z 63 PC: 133ee | Read file or device (Read 5 bytes on handle 5)
2018-12-25T11:50:49.928495966Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:49.930633298Z 64 PC: 13312 | Write file or device (Write 555 bytes on handle 5)
2018-12-25T11:50:50.252131122Z 66 PC: 13348 | Move file pointer
2018-12-25T11:50:50.253985346Z 64 PC: 13322 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:50:50.258932281Z 87 PC: 13333 | Get or set file date and time
2018-12-25T11:50:50.261472307Z 62 PC: 13338 | Close file
2018-12-25T11:50:50.26858096Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:50.271075595Z 78 PC: 13286 | Find first file (See above)
2018-12-25T11:50:50.275382421Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:50.280028194Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:50.281855504Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:50.285793111Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:50.287035735Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:50.288757659Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:50.290947724Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:50.291912023Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:50.306823079Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:50.309230669Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:50.315938581Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:50.317644433Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:50.325297541Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:50.32806285Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:50.334616735Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:50.336301746Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:50.342695214Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:50.344053486Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:50.346072703Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:50.34847966Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:50.350025168Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:50.358288391Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:50.359631977Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:50.365960856Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:50.368013613Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:50.375665645Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:50.378460761Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:50.388665365Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:50.390907835Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:50.397113328Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:50.399357318Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:50.400733244Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:50.403374054Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:50.405610468Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:50.413573724Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:50.415232401Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:50.422597826Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:50.424412561Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:50.432251076Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:50.435617207Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:50.441760442Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:50.443074386Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:50.449823037Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:50.451065043Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:50.452348835Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:50.45542228Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:50.456739715Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:50.464841358Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:50.467121362Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:50.473939494Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:50.475611093Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:50.483518644Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:50.487071539Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:50.493663812Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:50.495038623Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:50.504217497Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:50.50586082Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:50.50725366Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:50.511371133Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:50.512731493Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:50.520579349Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:50.523051461Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:50.530372613Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:50.531801165Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:50.540625671Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:50.543191767Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:50.549624964Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:50.553631797Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:50.559805625Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:50.561258263Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:50.563566941Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:50.566010711Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:50.567394886Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:50.579012038Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:50.580819265Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:50.587496399Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:50.589934364Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:50.597785626Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:50.600594204Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:50.608582583Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:50.610580979Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:50.616753399Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:50.6189648Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:50.620351265Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:50.623044737Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:50.625024014Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:50.63269331Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:50.633980606Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:50.640586661Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:50.642335908Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:50.649815123Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:50.652559938Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:50.659486908Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:50.660759261Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:50.663172633Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:50.665483596Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:50.66695617Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:50.669759072Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:50.672395354Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:50.6795642Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:50.681769176Z 37 PC: 13439 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:50:50.68352057Z 42 PC: 13359 | Get date 0x13359: cmp cx, 0x7c9
0x1335d: jb 0x13390
0x1335f: cmp al, 0
0x13361: jne 0x1336e
0x13363: mov dx, 0x29a
0x13366: add dx, si
0x13368: mov ah, 9
0x1336a: int 0x21
0x1336c: jmp 0x13380
0x1336e: mov ah, 0x2c
0x13370: int 0x21
0x13372: cmp ch, 0xc
0x13375: jne 0x13390
0x13377: mov dx, 0x281
0x1337a: add dx, si
0x1337c: mov ah, 9
0x1337e: int 0x21
0x13380: mov bh, 7
0x13382: mov ah, 0x10
0x13384: mov al, 1
2018-12-25T11:50:50.68588658Z 26 PC: 1329c | Set disk transfer address (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":3999,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:50:49.883716723Z 53 PC: 13419 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:50:49.885313792Z 37 PC: 13429 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:50:49.886557331Z 26 PC: 1329c | Set disk transfer address
2018-12-25T11:50:49.88765054Z 78 PC: 13286 | Find first file
2018-12-25T11:50:49.893935051Z 61 PC: 132cc | Open file (Filename = 'OA^��I< u���&�e�&���nt/�>�t���')
2018-12-25T11:50:49.900835948Z 87 PC: 132d7 | Get or set file date and time
2018-12-25T11:50:49.902162192Z 63 PC: 132f0 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:50:49.904816405Z 66 PC: 13354 | Move file pointer
2018-12-25T11:50:49.906498748Z 66 PC: 133db | Move file pointer
2018-12-25T11:50:49.907753011Z 63 PC: 133ee | Read file or device (Read 5 bytes on handle 5)
2018-12-25T11:50:49.910825458Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:49.912911632Z 64 PC: 13312 | Write file or device (Write 555 bytes on handle 5)
2018-12-25T11:50:55.280909896Z 66 PC: 13348 | Move file pointer
2018-12-25T11:50:55.283736861Z 64 PC: 13322 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:50:55.288559089Z 87 PC: 13333 | Get or set file date and time
2018-12-25T11:50:55.300103426Z 62 PC: 13338 | Close file
2018-12-25T11:50:55.30737159Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:55.311509055Z 78 PC: 13286 | Find first file (See above)
2018-12-25T11:50:55.328114461Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:55.340918225Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:55.344666248Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:55.354760108Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:55.356399392Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:55.358236971Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:55.361711598Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:55.363553582Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:55.434361528Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:55.436600572Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:55.445259026Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:55.446894535Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.119787026Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.123336929Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:56.131950047Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:56.138709536Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:56.147211461Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.149327907Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:56.151936529Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:56.155163885Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.157186453Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:56.16710376Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:56.169550395Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:56.177605605Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.179839819Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.191193729Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.194693704Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:56.202603651Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:56.205918722Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:56.214017249Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.216218768Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:56.219189534Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:56.222347775Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.224044932Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:56.234178346Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:56.235933468Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:56.24365355Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.246662341Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.256130356Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.259012745Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:56.266556381Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:56.269592828Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:56.277325682Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.279235166Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:56.281691072Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:56.284705435Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.28624733Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:56.296782035Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:56.298618667Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:56.30628718Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.309753451Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.319688158Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.323038905Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:56.331775976Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:56.334132Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:56.345756739Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.347724043Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:56.350714324Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:56.353757712Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.355787944Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:56.365815058Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:56.367757952Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:56.375656255Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.379049572Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.388482754Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.391725756Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:56.399656164Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:56.401323194Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:56.408843241Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.411319698Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:56.413253988Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:56.416460261Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.41932833Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:56.429978312Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:56.431996863Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:56.440703532Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.4439091Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.453628884Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.458090843Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:56.467056777Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:56.469056427Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:56.476673367Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.479622805Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:56.48193865Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:56.485146743Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.488262249Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:56.497625444Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:56.499587237Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:56.508193328Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.510754986Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.520190946Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.523655582Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:56.532768076Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:56.534605399Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:56.537973157Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.541293659Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:56.543268878Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:56.547099291Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.550183062Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.558914503Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.562086295Z 37 PC: 13439 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:50:56.564728332Z 42 PC: 13359 | Get date 0x13359: cmp cx, 0x7c9
0x1335d: jb 0x13390
0x1335f: cmp al, 0
0x13361: jne 0x1336e
0x13363: mov dx, 0x29a
0x13366: add dx, si
0x13368: mov ah, 9
0x1336a: int 0x21
0x1336c: jmp 0x13380
0x1336e: mov ah, 0x2c
0x13370: int 0x21
0x13372: cmp ch, 0xc
0x13375: jne 0x13390
0x13377: mov dx, 0x281
0x1337a: add dx, si
0x1337c: mov ah, 9
0x1337e: int 0x21
0x13380: mov bh, 7
0x13382: mov ah, 0x10
0x13384: mov al, 1
2018-12-25T11:50:56.568042949Z 26 PC: 1329c | Set disk transfer address (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":3999,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:50:49.947171189Z 53 PC: 13419 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:50:49.948226053Z 37 PC: 13429 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:50:49.94942758Z 26 PC: 1329c | Set disk transfer address
2018-12-25T11:50:49.95098819Z 78 PC: 13286 | Find first file
2018-12-25T11:50:49.95704213Z 61 PC: 132cc | Open file (Filename = 'OA^��I< u���&�e�&���nt/�>�t���')
2018-12-25T11:50:49.963245138Z 87 PC: 132d7 | Get or set file date and time
2018-12-25T11:50:49.96516161Z 63 PC: 132f0 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:50:49.967855174Z 66 PC: 13354 | Move file pointer
2018-12-25T11:50:49.969226212Z 66 PC: 133db | Move file pointer
2018-12-25T11:50:49.971719157Z 63 PC: 133ee | Read file or device (Read 5 bytes on handle 5)
2018-12-25T11:50:49.974901146Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:49.976324347Z 64 PC: 13312 | Write file or device (Write 555 bytes on handle 5)
2018-12-25T11:50:55.289413558Z 66 PC: 13348 | Move file pointer
2018-12-25T11:50:55.29166853Z 64 PC: 13322 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:50:55.294967085Z 87 PC: 13333 | Get or set file date and time
2018-12-25T11:50:55.297424706Z 62 PC: 13338 | Close file
2018-12-25T11:50:55.305773084Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:55.308568022Z 78 PC: 13286 | Find first file (See above)
2018-12-25T11:50:55.318299267Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:55.33198694Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:55.337694578Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:55.353420892Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:55.356437906Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:55.357920975Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:55.373724455Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:55.376203993Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:55.722280397Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:55.723481766Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:55.730292018Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:55.732052365Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:55.785997563Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:55.789391321Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:55.796822162Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:55.79823244Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:55.805469001Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:55.807241835Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:55.808649384Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:55.811290181Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:55.812822021Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:55.839411211Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:55.840889687Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:55.846216269Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:55.847553594Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:55.885639589Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:55.888303037Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:55.895576237Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:55.89700117Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:55.904720985Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:55.906376539Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:55.907952129Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:55.911432588Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:55.912711267Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:55.944488545Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:55.946996526Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:55.954183941Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:55.955651657Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.116426018Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.120284911Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:56.128910673Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:56.130519229Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:56.13900253Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.141167289Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:56.143032205Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:56.147936119Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.149470519Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:56.160610748Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:56.163849483Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:56.172274418Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.17431753Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.184191388Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.188021867Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:56.197580905Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:56.199590405Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:56.207224311Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.209681243Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:56.211567382Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:56.215887201Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.217947184Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:56.227196907Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:56.229776723Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:56.237699147Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.239866826Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.249663543Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.253659087Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:56.262366723Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:56.26540743Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:56.273405065Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.275521128Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:56.278670281Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:56.281528833Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.283143541Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:56.29281595Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:56.2952477Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:56.302904555Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.304845068Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.31463769Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.317685986Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:56.325384716Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:56.329404968Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:56.337043597Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.339086247Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:56.341618589Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:56.344502524Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.348375772Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:56.35972046Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:56.362158218Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:56.370020113Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.373117088Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.38681225Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.390222023Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:56.398291485Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:56.401464167Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:56.405701825Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.407615748Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:56.410881272Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:56.414554297Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.41632846Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.42402441Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.426970741Z 37 PC: 13439 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:50:56.428510003Z 42 PC: 13359 | Get date 0x13359: cmp cx, 0x7c9
0x1335d: jb 0x13390
0x1335f: cmp al, 0
0x13361: jne 0x1336e
0x13363: mov dx, 0x29a
0x13366: add dx, si
0x13368: mov ah, 9
0x1336a: int 0x21
0x1336c: jmp 0x13380
0x1336e: mov ah, 0x2c
0x13370: int 0x21
0x13372: cmp ch, 0xc
0x13375: jne 0x13390
0x13377: mov dx, 0x281
0x1337a: add dx, si
0x1337c: mov ah, 9
0x1337e: int 0x21
0x13380: mov bh, 7
0x13382: mov ah, 0x10
0x13384: mov al, 1
2018-12-25T11:50:56.432010838Z 26 PC: 1329c | Set disk transfer address (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":12,"Min":0,"Second":0,"TimeBased":true,"OriginalID":3999,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:50:50.053564223Z 53 PC: 13419 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:50:50.055332599Z 37 PC: 13429 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:50:50.05654424Z 26 PC: 1329c | Set disk transfer address
2018-12-25T11:50:50.057492607Z 78 PC: 13286 | Find first file
2018-12-25T11:50:50.063685407Z 61 PC: 132cc | Open file (Filename = 'OA^��I< u���&�e�&���nt/�>�t���')
2018-12-25T11:50:50.070479271Z 87 PC: 132d7 | Get or set file date and time
2018-12-25T11:50:50.07173354Z 63 PC: 132f0 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:50:50.074298512Z 66 PC: 13354 | Move file pointer
2018-12-25T11:50:50.075797878Z 66 PC: 133db | Move file pointer
2018-12-25T11:50:50.077037142Z 63 PC: 133ee | Read file or device (Read 5 bytes on handle 5)
2018-12-25T11:50:50.080038446Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:50.081638109Z 64 PC: 13312 | Write file or device (Write 555 bytes on handle 5)
2018-12-25T11:50:55.284366866Z 66 PC: 13348 | Move file pointer
2018-12-25T11:50:55.286508415Z 64 PC: 13322 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:50:55.299679743Z 87 PC: 13333 | Get or set file date and time
2018-12-25T11:50:55.301845347Z 62 PC: 13338 | Close file
2018-12-25T11:50:55.309577247Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:55.313504203Z 78 PC: 13286 | Find first file (See above)
2018-12-25T11:50:55.320560034Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:55.330030452Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:55.333223523Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:55.348641584Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:55.35311566Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:55.355500811Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:55.366751654Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:55.368199536Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:55.722092072Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:55.725674489Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:55.733622765Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:55.735714793Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.118403952Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.127910664Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:56.136399145Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:56.139292168Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:56.147459811Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.150302112Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:56.15582174Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:56.158955927Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.160861859Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:56.170469331Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:56.173165082Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:56.180752609Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.182422796Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.197812825Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.201099528Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:56.208754395Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:56.211521715Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:56.219273443Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.221417937Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:56.224716759Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:56.22784679Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.229768162Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:56.240145023Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:56.242702606Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:56.250612581Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.25368987Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.263772744Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.267252296Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:56.275110188Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:56.278375291Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:56.286096717Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.288116987Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:56.291201026Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:56.29424274Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.296261317Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:56.306830829Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:56.308811908Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:56.316596926Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.319348885Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.328626241Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.331923492Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:56.340202403Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:56.342632683Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:56.34995631Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.352049474Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:56.355183596Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:56.35825239Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.36031666Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:56.370965508Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:56.372982557Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:56.380687013Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.3831151Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.392360691Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.395779336Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:56.405257558Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:56.40769946Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:56.415199787Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.41720772Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:56.419563643Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:56.422607545Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.424598675Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:56.434931625Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:56.43695713Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:56.44481685Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.447653307Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.457749651Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.461217043Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:56.470320793Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:56.473185164Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:56.480909504Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.483782275Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:56.486169582Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:56.489471097Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.492435505Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:56.501828602Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:56.503773684Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:56.511796105Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.514842031Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.523949038Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.527311449Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:56.536275089Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:56.538220379Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:56.542350139Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.545200758Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:56.547443783Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:56.551120166Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.553986035Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.562359444Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.565408823Z 37 PC: 13439 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:50:56.567268798Z 42 PC: 13359 | Get date 0x13359: cmp cx, 0x7c9
0x1335d: jb 0x13390
0x1335f: cmp al, 0
0x13361: jne 0x1336e
0x13363: mov dx, 0x29a
0x13366: add dx, si
0x13368: mov ah, 9
0x1336a: int 0x21
0x1336c: jmp 0x13380
0x1336e: mov ah, 0x2c
0x13370: int 0x21
0x13372: cmp ch, 0xc
0x13375: jne 0x13390
0x13377: mov dx, 0x281
0x1337a: add dx, si
0x1337c: mov ah, 9
0x1337e: int 0x21
0x13380: mov bh, 7
0x13382: mov ah, 0x10
0x13384: mov al, 1
2018-12-25T11:50:56.570503739Z 26 PC: 1329c | Set disk transfer address (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":12,"Min":0,"Second":0,"TimeBased":true,"OriginalID":3999,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:50:50.088683792Z 53 PC: 13419 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:50:50.090110662Z 37 PC: 13429 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:50:50.091397671Z 26 PC: 1329c | Set disk transfer address
2018-12-25T11:50:50.092906755Z 78 PC: 13286 | Find first file
2018-12-25T11:50:50.099659581Z 61 PC: 132cc | Open file (Filename = 'OA^��I< u���&�e�&���nt/�>�t���')
2018-12-25T11:50:50.106322782Z 87 PC: 132d7 | Get or set file date and time
2018-12-25T11:50:50.107710884Z 63 PC: 132f0 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:50:50.111152726Z 66 PC: 13354 | Move file pointer
2018-12-25T11:50:50.112935193Z 66 PC: 133db | Move file pointer
2018-12-25T11:50:50.114305628Z 63 PC: 133ee | Read file or device (Read 5 bytes on handle 5)
2018-12-25T11:50:50.117487828Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:50.121396031Z 64 PC: 13312 | Write file or device (Write 555 bytes on handle 5)
2018-12-25T11:50:55.275971082Z 66 PC: 13348 | Move file pointer
2018-12-25T11:50:55.279471492Z 64 PC: 13322 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:50:55.284583142Z 87 PC: 13333 | Get or set file date and time
2018-12-25T11:50:55.286424714Z 62 PC: 13338 | Close file
2018-12-25T11:50:55.302438334Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:55.30835331Z 78 PC: 13286 | Find first file (See above)
2018-12-25T11:50:55.315857163Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:55.326625364Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:55.328800701Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:55.346811975Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:55.348492116Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:55.350376572Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:55.354192688Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:55.355980312Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:55.433984758Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:55.436557002Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:55.443735867Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:55.445037022Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:55.45879017Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:55.461307621Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:55.466493632Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:55.467878667Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:55.471962012Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:55.47295063Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:55.474306684Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:55.476002749Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:55.476863057Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:55.514392638Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:55.515847256Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:55.523072888Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:55.524730951Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:55.596324411Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:55.598475802Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:55.602661591Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:55.604164496Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:55.608956532Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:55.610094422Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:55.611977079Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:55.613699743Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:55.614710024Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:55.655827109Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:55.656938855Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:55.661562134Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:55.663345834Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:55.712483849Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:55.715401626Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:55.723508026Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:55.725038715Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:55.732268218Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:55.734074986Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:55.735450868Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:55.738077148Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:55.73953415Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:56.114982812Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:56.116960339Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:56.124759195Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.127141765Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.137380989Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.14081203Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:56.149750816Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:56.151551481Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:56.158615656Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.160985249Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:56.162725211Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:56.165575778Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.167737396Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:56.176925212Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:56.178918937Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:56.1873194Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.189413749Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.198732778Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.202626738Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:56.210471188Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:56.212542848Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:56.221164909Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.223632862Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:56.225603581Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:56.229737378Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.23220548Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:56.242407267Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:56.244440921Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:56.253584744Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.255733853Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.264930032Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.270442766Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:56.278318978Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:56.28024072Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:56.288758487Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.290975417Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:56.292946578Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:56.296789511Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.298851407Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:56.308100183Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:56.310441009Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:56.319024224Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.3210681Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.330326744Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.334809702Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:56.343156775Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:56.344946439Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:56.348762484Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.350811989Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:56.352700835Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:56.357240009Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.359851481Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.368186266Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.372136498Z 37 PC: 13439 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:50:56.373529081Z 42 PC: 13359 | Get date 0x13359: cmp cx, 0x7c9
0x1335d: jb 0x13390
0x1335f: cmp al, 0
0x13361: jne 0x1336e
0x13363: mov dx, 0x29a
0x13366: add dx, si
0x13368: mov ah, 9
0x1336a: int 0x21
0x1336c: jmp 0x13380
0x1336e: mov ah, 0x2c
0x13370: int 0x21
0x13372: cmp ch, 0xc
0x13375: jne 0x13390
0x13377: mov dx, 0x281
0x1337a: add dx, si
0x1337c: mov ah, 9
0x1337e: int 0x21
0x13380: mov bh, 7
0x13382: mov ah, 0x10
0x13384: mov al, 1
2018-12-25T11:50:56.376246781Z 26 PC: 1329c | Set disk transfer address (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":12,"Min":0,"Second":0,"TimeBased":true,"OriginalID":3999,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:50:50.345901602Z 53 PC: 13419 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:50:50.347351846Z 37 PC: 13429 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:50:50.348649282Z 26 PC: 1329c | Set disk transfer address
2018-12-25T11:50:50.349780837Z 78 PC: 13286 | Find first file
2018-12-25T11:50:50.356250501Z 61 PC: 132cc | Open file (Filename = 'OA^��I< u���&�e�&���nt/�>�t���')
2018-12-25T11:50:50.362850554Z 87 PC: 132d7 | Get or set file date and time
2018-12-25T11:50:50.364297544Z 63 PC: 132f0 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:50:50.367220554Z 66 PC: 13354 | Move file pointer
2018-12-25T11:50:50.368866263Z 66 PC: 133db | Move file pointer
2018-12-25T11:50:50.370109643Z 63 PC: 133ee | Read file or device (Read 5 bytes on handle 5)
2018-12-25T11:50:50.373266677Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:50.374680509Z 64 PC: 13312 | Write file or device (Write 555 bytes on handle 5)
2018-12-25T11:50:55.273676106Z 66 PC: 13348 | Move file pointer
2018-12-25T11:50:55.27566539Z 64 PC: 13322 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:50:55.281489038Z 87 PC: 13333 | Get or set file date and time
2018-12-25T11:50:55.283605622Z 62 PC: 13338 | Close file
2018-12-25T11:50:55.293924918Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:55.304236047Z 78 PC: 13286 | Find first file (See above)
2018-12-25T11:50:55.312116658Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:55.321571854Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:55.32346943Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:55.333610663Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:55.336163993Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:55.338543405Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:55.348889711Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:55.350875296Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:55.43467156Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:55.436921806Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:55.44521312Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:55.44715869Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.114919129Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.120530943Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:56.127878108Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:56.129692625Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:56.139525803Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.141863124Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:56.14390098Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:56.147445263Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.150555322Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:56.160376635Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:56.16235914Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:56.171526524Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.173645542Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.182690804Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.186821136Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:56.194441166Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:56.196430692Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:56.205142021Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.20728778Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:56.209437629Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:56.213738889Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.216231609Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:56.226009762Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:56.228254988Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:56.236809334Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.238744793Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.248514007Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.252479737Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:56.260235971Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:56.262091079Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:56.271069906Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.273044576Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:56.274919237Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:56.278747365Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.280455845Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:56.289756741Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:56.29275992Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:56.301323093Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.303293865Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.312536534Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.316553168Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:56.324065953Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:56.325720233Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:56.333706314Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.33564749Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:56.337413466Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:56.340863661Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.342972827Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:56.352162255Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:56.354723003Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:56.36280054Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.364737315Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.374961697Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.378354942Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:56.386029986Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:56.389056917Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:56.396504571Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.398402756Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:56.400933386Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:56.404012429Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.405682711Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:56.41600925Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:56.419153423Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:56.427033231Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.428540865Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.439511313Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.442963513Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:56.450816219Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:56.453806915Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:56.461980907Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.463846099Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:56.466779287Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:56.470364554Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.472335767Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:56.482033444Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:56.484308375Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:56.492141416Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.494145128Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.504405681Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.507647683Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:56.515385362Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:56.518612499Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:56.521913545Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.523791059Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:56.526534091Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:56.530095741Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.532008051Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.541231762Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.544809536Z 37 PC: 13439 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:50:56.546565216Z 42 PC: 13359 | Get date 0x13359: cmp cx, 0x7c9
0x1335d: jb 0x13390
0x1335f: cmp al, 0
0x13361: jne 0x1336e
0x13363: mov dx, 0x29a
0x13366: add dx, si
0x13368: mov ah, 9
0x1336a: int 0x21
0x1336c: jmp 0x13380
0x1336e: mov ah, 0x2c
0x13370: int 0x21
0x13372: cmp ch, 0xc
0x13375: jne 0x13390
0x13377: mov dx, 0x281
0x1337a: add dx, si
0x1337c: mov ah, 9
0x1337e: int 0x21
0x13380: mov bh, 7
0x13382: mov ah, 0x10
0x13384: mov al, 1
2018-12-25T11:50:56.550425396Z 26 PC: 1329c | Set disk transfer address (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":12,"Min":0,"Second":0,"TimeBased":true,"OriginalID":3999,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:50:50.540339759Z 53 PC: 13419 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:50:50.54186684Z 37 PC: 13429 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:50:50.543895571Z 26 PC: 1329c | Set disk transfer address
2018-12-25T11:50:50.545339479Z 78 PC: 13286 | Find first file
2018-12-25T11:50:50.551431642Z 61 PC: 132cc | Open file (Filename = 'OA^��I< u���&�e�&���nt/�>�t���')
2018-12-25T11:50:50.558604705Z 87 PC: 132d7 | Get or set file date and time
2018-12-25T11:50:50.560024979Z 63 PC: 132f0 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:50:50.562759615Z 66 PC: 13354 | Move file pointer
2018-12-25T11:50:50.56424147Z 66 PC: 133db | Move file pointer
2018-12-25T11:50:50.565421509Z 63 PC: 133ee | Read file or device (Read 5 bytes on handle 5)
2018-12-25T11:50:50.568472921Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:50.570433659Z 64 PC: 13312 | Write file or device (Write 555 bytes on handle 5)
2018-12-25T11:50:55.278929725Z 66 PC: 13348 | Move file pointer
2018-12-25T11:50:55.281046089Z 64 PC: 13322 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:50:55.290946409Z 87 PC: 13333 | Get or set file date and time
2018-12-25T11:50:55.293301033Z 62 PC: 13338 | Close file
2018-12-25T11:50:55.308454438Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:55.313620914Z 78 PC: 13286 | Find first file (See above)
2018-12-25T11:50:55.321934401Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:55.349647559Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:55.353203998Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:55.361004779Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:55.362491384Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:55.364207026Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:55.36908988Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:55.372082847Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:55.722706965Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:55.726111324Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:55.734419065Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:55.736161082Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.115424035Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.119277111Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:56.127908317Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:56.133537048Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:56.152403713Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.157101376Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:56.159549214Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:56.163957895Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.165864107Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:56.181896872Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:56.183482241Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:56.191218902Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.193962041Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.202883988Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.205976502Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:56.215922897Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:56.218492965Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:56.226661359Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.228889526Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:56.23186802Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:56.235165538Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.237294991Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:56.248121393Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:56.250296035Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:56.258509543Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.261645934Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.271223569Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.274551119Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:56.283483268Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:56.285355517Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:56.292390017Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.294320291Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:56.297210886Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:56.300291157Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.302018498Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:56.312227121Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:56.314244323Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:56.321905156Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.324870016Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.333483952Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.336658029Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:56.344851493Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:56.346615207Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:56.354345165Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.357017888Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:56.35904241Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:56.362092166Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.364258652Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:56.373860008Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:56.37557452Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:56.382944632Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.384727227Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.393533865Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.396886721Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:56.40528606Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:56.406898375Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:56.411597003Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.413405628Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:56.415147988Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:56.418995243Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.421504024Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:56.431281503Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:56.433597823Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:56.442238573Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.444954407Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.454401438Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.458580848Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:56.467033851Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:56.46918331Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:56.477671412Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.480094618Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:56.482192955Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:56.485518432Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.48937765Z 64 PC: 13312 | Write file or device (See above)
2018-12-25T11:50:56.499018758Z 66 PC: 13348 | Move file pointer (See above)
2018-12-25T11:50:56.501092986Z 64 PC: 13322 | Write file or device (See above)
2018-12-25T11:50:56.509969983Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.512171073Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.521692322Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.52600315Z 61 PC: 132cc | Open file (See above)
2018-12-25T11:50:56.533599702Z 87 PC: 132d7 | Get or set file date and time (See above)
2018-12-25T11:50:56.535607886Z 63 PC: 132f0 | Read file or device (See above)
2018-12-25T11:50:56.539632471Z 66 PC: 13354 | Move file pointer (See above)
2018-12-25T11:50:56.541835791Z 66 PC: 133db | Move file pointer (See above)
2018-12-25T11:50:56.543783649Z 63 PC: 133ee | Read file or device (See above)
2018-12-25T11:50:56.547665783Z 87 PC: 13333 | Get or set file date and time (See above)
2018-12-25T11:50:56.550013221Z 62 PC: 13338 | Close file (See above)
2018-12-25T11:50:56.557960959Z 79 PC: 13286 | Find next file (See above)
2018-12-25T11:50:56.561985964Z 37 PC: 13439 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:50:56.564587962Z 42 PC: 13359 | Get date 0x13359: cmp cx, 0x7c9
0x1335d: jb 0x13390
0x1335f: cmp al, 0
0x13361: jne 0x1336e
0x13363: mov dx, 0x29a
0x13366: add dx, si
0x13368: mov ah, 9
0x1336a: int 0x21
0x1336c: jmp 0x13380
0x1336e: mov ah, 0x2c
0x13370: int 0x21
0x13372: cmp ch, 0xc
0x13375: jne 0x13390
0x13377: mov dx, 0x281
0x1337a: add dx, si
0x1337c: mov ah, 9
0x1337e: int 0x21
0x13380: mov bh, 7
0x13382: mov ah, 0x10
0x13384: mov al, 1
2018-12-25T11:50:56.567323868Z 26 PC: 1329c | Set disk transfer address (See above)