Sample viewer

vx.netlux.org/Virus.DOS.Radiaki.580

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:27:15.770820177Z 26 PC: 14232 | Set disk transfer address
2018-12-17T22:27:15.773419647Z 71 PC: 142aa | Get current directory
2018-12-17T22:27:15.77707653Z 53 PC: 14139 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:27:15.778437456Z 37 PC: 14149 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:27:15.782873794Z 78 PC: 14156 | Find first file
2018-12-17T22:27:15.788835383Z 67 PC: 14225 | Get or set file attributes
2018-12-17T22:27:15.794744035Z 67 PC: 14238 | Get or set file attributes
2018-12-17T22:27:15.811767973Z 61 PC: 14249 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:27:15.818312724Z 66 PC: 1429d | Move file pointer
2018-12-17T22:27:15.819825859Z 87 PC: 141f0 | Get or set file date and time
2018-12-17T22:27:15.82108344Z 44 PC: 1408d | Get time 0x1408d: cmp dx, 0
0x14090: je 0x14089
0x14092: mov word ptr [bp + 0x10b], dx
0x14096: call 0x140de
0x14099: mov word ptr [bp + 0x12d], ax
0x1409d: add dx, 0x13
0x140a0: mov byte ptr [bp + 0x18b], ah
0x140a4: mov byte ptr [bp + 0x157], dl
0x140a8: ret
0x140a9: pushaw
0x140aa: sbb byte ptr [bp + di], dh
0x140ac: sar byte ptr [bx + di + 0x8d], 0x8d
0x140b1: mov dh, 0x32
0x140b3: add cl, byte ptr [bp + di + 0x2d96]
0x140b7: add word ptr [bp + di - 0x7442], cx
0x140bb: add cx, dx
0x140bd: ret 0xc283
0x140c0: add ax, 0x1431
0x140c3: ror di, 1
0x140c5: dec di
2018-12-17T22:27:15.823982984Z 66 PC: 1418b | Move file pointer
2018-12-17T22:27:15.825474919Z 66 PC: 141a1 | Move file pointer
2018-12-17T22:27:15.826715108Z 64 PC: 1410c | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:27:15.833655418Z 87 PC: 14257 | Get or set file date and time
2018-12-17T22:27:15.83528046Z 62 PC: 1423f | Close file
2018-12-17T22:27:15.842594687Z 67 PC: 14238 | Get or set file attributes
2018-12-17T22:27:15.854995874Z 79 PC: 141c3 | Find next file
2018-12-17T22:27:15.857976328Z 67 PC: 14225 | Get or set file attributes
2018-12-17T22:27:15.863821749Z 67 PC: 14238 | Get or set file attributes
2018-12-17T22:27:15.874389664Z 61 PC: 14249 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:27:15.880977628Z 66 PC: 1429d | Move file pointer
2018-12-17T22:27:15.882632589Z 87 PC: 141f0 | Get or set file date and time
2018-12-17T22:27:15.893141153Z 44 PC: 1408d | Get time 0x1408d: cmp dx, 0
0x14090: je 0x14089
0x14092: mov word ptr [bp + 0x10b], dx
0x14096: call 0x140de
0x14099: mov word ptr [bp + 0x12d], ax
0x1409d: add dx, 0x13
0x140a0: mov byte ptr [bp + 0x18b], ah
0x140a4: mov byte ptr [bp + 0x157], dl
0x140a8: ret
0x140a9: cmp al, 0x27
0x140ab: xor ax, ax
0x140ad: mov cx, 0x8d
0x140b0: lea si, word ptr [bp + 0x232]
0x140b4: mov dx, word ptr [bp + 0x12d]
0x140b8: mov di, word ptr [bp + 0x18b]
0x140bc: rol dx, 1
0x140be: add dx, 5
0x140c1: xor word ptr [si], dx
0x140c3: ror di, 1
0x140c5: dec di
2018-12-17T22:27:15.896243821Z 66 PC: 1418b | Move file pointer
2018-12-17T22:27:15.897838374Z 64 PC: 1410c | Write file or device (Write 580 bytes on handle 5)
2018-12-17T22:27:15.907082812Z 66 PC: 141a1 | Move file pointer
2018-12-17T22:27:15.908434383Z 64 PC: 1410c | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:27:15.914795882Z 87 PC: 14257 | Get or set file date and time
2018-12-17T22:27:15.916829618Z 62 PC: 1423f | Close file
2018-12-17T22:27:15.925327567Z 67 PC: 14238 | Get or set file attributes
2018-12-17T22:27:15.935583436Z 79 PC: 141c3 | Find next file
2018-12-17T22:27:15.93935039Z 67 PC: 14225 | Get or set file attributes
2018-12-17T22:27:15.945427044Z 67 PC: 14238 | Get or set file attributes
2018-12-17T22:27:15.955283086Z 61 PC: 14249 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:27:15.962098017Z 66 PC: 1429d | Move file pointer
2018-12-17T22:27:15.963843758Z 87 PC: 141f0 | Get or set file date and time
2018-12-17T22:27:15.965057734Z 44 PC: 1408d | Get time 0x1408d: cmp dx, 0
0x14090: je 0x14089
0x14092: mov word ptr [bp + 0x10b], dx
0x14096: call 0x140de
0x14099: mov word ptr [bp + 0x12d], ax
0x1409d: add dx, 0x13
0x140a0: mov byte ptr [bp + 0x18b], ah
0x140a4: mov byte ptr [bp + 0x157], dl
0x140a8: ret
0x140a9: inc cx
0x140aa: daa
0x140ab: xor ax, ax
0x140ad: mov cx, 0x8d
0x140b0: lea si, word ptr [bp + 0x232]
0x140b4: mov dx, word ptr [bp + 0x12d]
0x140b8: mov di, word ptr [bp + 0x18b]
0x140bc: rol dx, 1
0x140be: add dx, 5
0x140c1: xor word ptr [si], dx
0x140c3: ror di, 1
2018-12-17T22:27:15.967021988Z 66 PC: 1418b | Move file pointer
2018-12-17T22:27:15.968847281Z 64 PC: 1410c | Write file or device (Write 580 bytes on handle 5)
2018-12-17T22:27:15.974491644Z 66 PC: 141a1 | Move file pointer
2018-12-17T22:27:15.975982079Z 64 PC: 1410c | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:27:15.980589286Z 87 PC: 14257 | Get or set file date and time
2018-12-17T22:27:15.981882584Z 62 PC: 1423f | Close file
2018-12-17T22:27:15.990103027Z 67 PC: 14238 | Get or set file attributes
2018-12-17T22:27:16.002517269Z 79 PC: 141c3 | Find next file
2018-12-17T22:27:16.005171812Z 67 PC: 14225 | Get or set file attributes
2018-12-17T22:27:16.011426385Z 67 PC: 14238 | Get or set file attributes
2018-12-17T22:27:16.021328453Z 61 PC: 14249 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:27:16.028348201Z 66 PC: 1429d | Move file pointer
2018-12-17T22:27:16.029764177Z 87 PC: 141f0 | Get or set file date and time
2018-12-17T22:27:16.031496403Z 44 PC: 1408d | Get time 0x1408d: cmp dx, 0
0x14090: je 0x14089
0x14092: mov word ptr [bp + 0x10b], dx
0x14096: call 0x140de
0x14099: mov word ptr [bp + 0x12d], ax
0x1409d: add dx, 0x13
0x140a0: mov byte ptr [bp + 0x18b], ah
0x140a4: mov byte ptr [bp + 0x157], dl
0x140a8: ret
0x140a9: inc di
0x140aa: daa
0x140ab: xor ax, ax
0x140ad: mov cx, 0x8d
0x140b0: lea si, word ptr [bp + 0x232]
0x140b4: mov dx, word ptr [bp + 0x12d]
0x140b8: mov di, word ptr [bp + 0x18b]
0x140bc: rol dx, 1
0x140be: add dx, 5
0x140c1: xor word ptr [si], dx
0x140c3: ror di, 1
2018-12-17T22:27:16.034511506Z 66 PC: 1418b | Move file pointer
2018-12-17T22:27:16.036101244Z 64 PC: 1410c | Write file or device (Write 580 bytes on handle 5)
2018-12-17T22:27:16.045342641Z 66 PC: 141a1 | Move file pointer
2018-12-17T22:27:16.046977874Z 64 PC: 1410c | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:27:16.053420661Z 87 PC: 14257 | Get or set file date and time
2018-12-17T22:27:16.055624259Z 62 PC: 1423f | Close file
2018-12-17T22:27:16.063932589Z 67 PC: 14238 | Get or set file attributes
2018-12-17T22:27:16.073566005Z 79 PC: 141c3 | Find next file
2018-12-17T22:27:16.077497819Z 67 PC: 14225 | Get or set file attributes
2018-12-17T22:27:16.083329481Z 67 PC: 14238 | Get or set file attributes
2018-12-17T22:27:16.092994073Z 61 PC: 14249 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:27:16.100631558Z 66 PC: 1429d | Move file pointer
2018-12-17T22:27:16.102968005Z 87 PC: 141f0 | Get or set file date and time
2018-12-17T22:27:16.104664662Z 44 PC: 1408d | Get time 0x1408d: cmp dx, 0
0x14090: je 0x14089
0x14092: mov word ptr [bp + 0x10b], dx
0x14096: call 0x140de
0x14099: mov word ptr [bp + 0x12d], ax
0x1409d: add dx, 0x13
0x140a0: mov byte ptr [bp + 0x18b], ah
0x140a4: mov byte ptr [bp + 0x157], dl
0x140a8: ret
0x140a9: dec sp
0x140aa: daa
0x140ab: xor ax, ax
0x140ad: mov cx, 0x8d
0x140b0: lea si, word ptr [bp + 0x232]
0x140b4: mov dx, word ptr [bp + 0x12d]
0x140b8: mov di, word ptr [bp + 0x18b]
0x140bc: rol dx, 1
0x140be: add dx, 5
0x140c1: xor word ptr [si], dx
0x140c3: ror di, 1
2018-12-17T22:27:16.108104455Z 66 PC: 1418b | Move file pointer
2018-12-17T22:27:16.109728331Z 64 PC: 1410c | Write file or device (Write 580 bytes on handle 5)
2018-12-17T22:27:16.118228714Z 66 PC: 141a1 | Move file pointer
2018-12-17T22:27:16.120394339Z 87 PC: 14257 | Get or set file date and time
2018-12-17T22:27:16.121894417Z 62 PC: 1423f | Close file
2018-12-17T22:27:16.129819086Z 67 PC: 14238 | Get or set file attributes
2018-12-17T22:27:16.140401342Z 79 PC: 141c3 | Find next file
2018-12-17T22:27:16.143044744Z 67 PC: 14225 | Get or set file attributes
2018-12-17T22:27:16.148603658Z 67 PC: 14238 | Get or set file attributes
2018-12-17T22:27:16.158494739Z 61 PC: 14249 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:27:16.166156391Z 66 PC: 1429d | Move file pointer
2018-12-17T22:27:16.16808035Z 87 PC: 141f0 | Get or set file date and time
2018-12-17T22:27:16.169794838Z 44 PC: 1408d | Get time 0x1408d: cmp dx, 0
0x14090: je 0x14089
0x14092: mov word ptr [bp + 0x10b], dx
0x14096: call 0x140de
0x14099: mov word ptr [bp + 0x12d], ax
0x1409d: add dx, 0x13
0x140a0: mov byte ptr [bp + 0x18b], ah
0x140a4: mov byte ptr [bp + 0x157], dl
0x140a8: ret
0x140a9: push dx
0x140aa: daa
0x140ab: xor ax, ax
0x140ad: mov cx, 0x8d
0x140b0: lea si, word ptr [bp + 0x232]
0x140b4: mov dx, word ptr [bp + 0x12d]
0x140b8: mov di, word ptr [bp + 0x18b]
0x140bc: rol dx, 1
0x140be: add dx, 5
0x140c1: xor word ptr [si], dx
0x140c3: ror di, 1
2018-12-17T22:27:16.173646502Z 66 PC: 1418b | Move file pointer
2018-12-17T22:27:16.175212821Z 64 PC: 1410c | Write file or device (Write 580 bytes on handle 5)
2018-12-17T22:27:16.18481833Z 66 PC: 141a1 | Move file pointer
2018-12-17T22:27:16.187678237Z 64 PC: 1410c | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:27:16.194380079Z 87 PC: 14257 | Get or set file date and time
2018-12-17T22:27:16.196894323Z 62 PC: 1423f | Close file
2018-12-17T22:27:16.20595928Z 67 PC: 14238 | Get or set file attributes
2018-12-17T22:27:16.215587221Z 79 PC: 141c3 | Find next file
2018-12-17T22:27:16.218341919Z 67 PC: 14225 | Get or set file attributes
2018-12-17T22:27:16.224549645Z 67 PC: 14238 | Get or set file attributes
2018-12-17T22:27:16.234178036Z 61 PC: 14249 | Open file (Filename = 'PAH.COM')
2018-12-17T22:27:16.240766601Z 66 PC: 1429d | Move file pointer
2018-12-17T22:27:16.243688833Z 87 PC: 141f0 | Get or set file date and time
2018-12-17T22:27:16.245326625Z 44 PC: 1408d | Get time 0x1408d: cmp dx, 0
0x14090: je 0x14089
0x14092: mov word ptr [bp + 0x10b], dx
0x14096: call 0x140de
0x14099: mov word ptr [bp + 0x12d], ax
0x1409d: add dx, 0x13
0x140a0: mov byte ptr [bp + 0x18b], ah
0x140a4: mov byte ptr [bp + 0x157], dl
0x140a8: ret
0x140a9: push di
0x140aa: daa
0x140ab: xor ax, ax
0x140ad: mov cx, 0x8d
0x140b0: lea si, word ptr [bp + 0x232]
0x140b4: mov dx, word ptr [bp + 0x12d]
0x140b8: mov di, word ptr [bp + 0x18b]
0x140bc: rol dx, 1
0x140be: add dx, 5
0x140c1: xor word ptr [si], dx
0x140c3: ror di, 1
2018-12-17T22:27:16.247675113Z 66 PC: 1418b | Move file pointer
2018-12-17T22:27:16.250125982Z 64 PC: 1410c | Write file or device (Write 580 bytes on handle 5)
2018-12-17T22:27:16.258788401Z 66 PC: 141a1 | Move file pointer
2018-12-17T22:27:16.260284016Z 64 PC: 1410c | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:27:16.267654135Z 87 PC: 14257 | Get or set file date and time
2018-12-17T22:27:16.269272863Z 62 PC: 1423f | Close file
2018-12-17T22:27:16.276916169Z 67 PC: 14238 | Get or set file attributes
2018-12-17T22:27:16.286909975Z 79 PC: 141c3 | Find next file
2018-12-17T22:27:16.289446539Z 67 PC: 14225 | Get or set file attributes
2018-12-17T22:27:16.295875119Z 67 PC: 14238 | Get or set file attributes
2018-12-17T22:27:16.305789104Z 61 PC: 14249 | Open file (Filename = 'TEST.COM')
2018-12-17T22:27:16.316790687Z 66 PC: 1429d | Move file pointer
2018-12-17T22:27:16.319614239Z 87 PC: 141f0 | Get or set file date and time
2018-12-17T22:27:16.321840858Z 44 PC: 1408d | Get time 0x1408d: cmp dx, 0
0x14090: je 0x14089
0x14092: mov word ptr [bp + 0x10b], dx
0x14096: call 0x140de
0x14099: mov word ptr [bp + 0x12d], ax
0x1409d: add dx, 0x13
0x140a0: mov byte ptr [bp + 0x18b], ah
0x140a4: mov byte ptr [bp + 0x157], dl
0x140a8: ret
0x140a9: pop bp
0x140aa: daa
0x140ab: xor ax, ax
0x140ad: mov cx, 0x8d
0x140b0: lea si, word ptr [bp + 0x232]
0x140b4: mov dx, word ptr [bp + 0x12d]
0x140b8: mov di, word ptr [bp + 0x18b]
0x140bc: rol dx, 1
0x140be: add dx, 5
0x140c1: xor word ptr [si], dx
0x140c3: ror di, 1
2018-12-17T22:27:16.324244324Z 66 PC: 1418b | Move file pointer
2018-12-17T22:27:16.325628592Z 64 PC: 1410c | Write file or device (Write 580 bytes on handle 5)
2018-12-17T22:27:16.335533716Z 66 PC: 141a1 | Move file pointer
2018-12-17T22:27:16.337093718Z 64 PC: 1410c | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:27:16.344680163Z 87 PC: 14257 | Get or set file date and time
2018-12-17T22:27:16.347876508Z 62 PC: 1423f | Close file
2018-12-17T22:27:16.356617291Z 67 PC: 14238 | Get or set file attributes
2018-12-17T22:27:16.36665627Z 79 PC: 141c3 | Find next file
2018-12-17T22:27:16.371361354Z 59 PC: 14293 | Change current directory
2018-12-17T22:27:16.375463306Z 37 PC: 141d7 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:27:16.376614896Z 59 PC: 14293 | Change current directory
2018-12-17T22:27:16.379067966Z 26 PC: 14232 | Set disk transfer address

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":4848,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:52:58.593533048Z 26 PC: 14232 | Set disk transfer address
2018-12-25T11:52:58.595329464Z 71 PC: 142aa | Get current directory
2018-12-25T11:52:58.598814161Z 53 PC: 14139 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:52:58.599798186Z 37 PC: 14149 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:52:58.601270083Z 78 PC: 14156 | Find first file
2018-12-25T11:52:58.625863747Z 67 PC: 14225 | Get or set file attributes
2018-12-25T11:52:58.631656005Z 67 PC: 14238 | Get or set file attributes
2018-12-25T11:52:58.649144312Z 61 PC: 14249 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:52:58.659390843Z 66 PC: 1429d | Move file pointer
2018-12-25T11:52:58.670462594Z 87 PC: 141f0 | Get or set file date and time
2018-12-25T11:52:58.681200365Z 44 PC: 1408d | Get time 0x1408d: cmp dx, 0
0x14090: je 0x14089
0x14092: mov word ptr [bp + 0x10b], dx
0x14096: call 0x140de
0x14099: mov word ptr [bp + 0x12d], ax
0x1409d: add dx, 0x13
0x140a0: mov byte ptr [bp + 0x18b], ah
0x140a4: mov byte ptr [bp + 0x157], dl
0x140a8: ret
0x140a9: pushaw
0x140aa: sbb byte ptr [bp + di], dh
0x140ac: sar byte ptr [bx + di + 0x8d], 0x8d
0x140b1: mov dh, 0x32
0x140b3: add cl, byte ptr [bp + di + 0x2d96]
0x140b7: add word ptr [bp + di - 0x7442], cx
0x140bb: add cx, dx
0x140bd: ret 0xc283
0x140c0: add ax, 0x1431
0x140c3: ror di, 1
0x140c5: dec di
2018-12-25T11:52:58.683977626Z 66 PC: 1418b | Move file pointer
2018-12-25T11:52:58.685142243Z 64 PC: 1410c | Write file or device (Write 580 bytes on handle 5)
2018-12-25T11:52:58.696501212Z 66 PC: 141a1 | Move file pointer
2018-12-25T11:52:58.699278261Z 64 PC: 1410c | Write file or device (See above)
2018-12-25T11:52:58.705341909Z 87 PC: 14257 | Get or set file date and time
2018-12-25T11:52:58.706881619Z 62 PC: 1423f | Close file
2018-12-25T11:52:58.714452839Z 67 PC: 14238 | Get or set file attributes (See above)
2018-12-25T11:52:58.723474204Z 79 PC: 141c3 | Find next file
2018-12-25T11:52:58.725888999Z 67 PC: 14225 | Get or set file attributes (See above)
2018-12-25T11:52:58.733811387Z 67 PC: 14238 | Get or set file attributes (See above)
2018-12-25T11:52:58.743989775Z 61 PC: 14249 | Open file (See above)
2018-12-25T11:52:58.750447755Z 66 PC: 1429d | Move file pointer (See above)
2018-12-25T11:52:58.752922326Z 87 PC: 141f0 | Get or set file date and time (See above)
2018-12-25T11:52:58.754372736Z 44 PC: 1408d | Get time (See above)
2018-12-25T11:52:58.757512418Z 66 PC: 1418b | Move file pointer (See above)
2018-12-25T11:52:58.759851047Z 64 PC: 1410c | Write file or device (See above)
2018-12-25T11:52:58.768392455Z 66 PC: 141a1 | Move file pointer (See above)
2018-12-25T11:52:58.769733302Z 64 PC: 1410c | Write file or device (See above)
2018-12-25T11:52:58.778183498Z 87 PC: 14257 | Get or set file date and time (See above)
2018-12-25T11:52:58.779736808Z 62 PC: 1423f | Close file (See above)
2018-12-25T11:52:58.787315381Z 67 PC: 14238 | Get or set file attributes (See above)
2018-12-25T11:52:58.80100009Z 79 PC: 141c3 | Find next file (See above)
2018-12-25T11:52:58.803951202Z 67 PC: 14225 | Get or set file attributes (See above)
2018-12-25T11:52:58.809957671Z 67 PC: 14238 | Get or set file attributes (See above)
2018-12-25T11:52:58.821247784Z 61 PC: 14249 | Open file (See above)
2018-12-25T11:52:58.825413915Z 66 PC: 1429d | Move file pointer (See above)
2018-12-25T11:52:58.826543533Z 87 PC: 141f0 | Get or set file date and time (See above)
2018-12-25T11:52:58.828064387Z 44 PC: 1408d | Get time (See above)
2018-12-25T11:52:58.830443699Z 66 PC: 1418b | Move file pointer (See above)
2018-12-25T11:52:58.831972396Z 66 PC: 141a1 | Move file pointer (See above)
2018-12-25T11:52:58.833371575Z 64 PC: 1410c | Write file or device (See above)
2018-12-25T11:52:58.840985636Z 87 PC: 14257 | Get or set file date and time (See above)
2018-12-25T11:52:58.842700393Z 62 PC: 1423f | Close file (See above)
2018-12-25T11:52:58.850244904Z 67 PC: 14238 | Get or set file attributes (See above)
2018-12-25T11:52:58.860479862Z 79 PC: 141c3 | Find next file (See above)
2018-12-25T11:52:58.863101684Z 67 PC: 14225 | Get or set file attributes (See above)
2018-12-25T11:52:58.868600058Z 67 PC: 14238 | Get or set file attributes (See above)
2018-12-25T11:52:58.881167048Z 61 PC: 14249 | Open file (See above)
2018-12-25T11:52:58.88781181Z 66 PC: 1429d | Move file pointer (See above)
2018-12-25T11:52:58.889721991Z 87 PC: 141f0 | Get or set file date and time (See above)
2018-12-25T11:52:58.891379433Z 44 PC: 1408d | Get time (See above)
2018-12-25T11:52:58.894053983Z 66 PC: 1418b | Move file pointer (See above)
2018-12-25T11:52:58.895585395Z 64 PC: 1410c | Write file or device (See above)
2018-12-25T11:52:58.904842486Z 66 PC: 141a1 | Move file pointer (See above)
2018-12-25T11:52:58.906290653Z 64 PC: 1410c | Write file or device (See above)
2018-12-25T11:52:58.912844865Z 87 PC: 14257 | Get or set file date and time (See above)
2018-12-25T11:52:58.915284266Z 62 PC: 1423f | Close file (See above)
2018-12-25T11:52:58.92364473Z 67 PC: 14238 | Get or set file attributes (See above)
2018-12-25T11:52:58.933304818Z 79 PC: 141c3 | Find next file (See above)
2018-12-25T11:52:58.942691108Z 67 PC: 14225 | Get or set file attributes (See above)
2018-12-25T11:52:58.948367359Z 67 PC: 14238 | Get or set file attributes (See above)
2018-12-25T11:52:58.959235679Z 61 PC: 14249 | Open file (See above)
2018-12-25T11:52:58.966192663Z 66 PC: 1429d | Move file pointer (See above)
2018-12-25T11:52:58.967989955Z 87 PC: 141f0 | Get or set file date and time (See above)
2018-12-25T11:52:58.969287975Z 44 PC: 1408d | Get time (See above)
2018-12-25T11:52:58.972145797Z 66 PC: 1418b | Move file pointer (See above)
2018-12-25T11:52:58.973720639Z 66 PC: 141a1 | Move file pointer (See above)
2018-12-25T11:52:58.975282665Z 64 PC: 1410c | Write file or device (See above)
2018-12-25T11:52:58.982533888Z 87 PC: 14257 | Get or set file date and time (See above)
2018-12-25T11:52:58.983958524Z 62 PC: 1423f | Close file (See above)
2018-12-25T11:52:58.990781189Z 67 PC: 14238 | Get or set file attributes (See above)
2018-12-25T11:52:59.000362984Z 79 PC: 141c3 | Find next file (See above)
2018-12-25T11:52:59.002995031Z 67 PC: 14225 | Get or set file attributes (See above)
2018-12-25T11:52:59.008848201Z 67 PC: 14238 | Get or set file attributes (See above)
2018-12-25T11:52:59.022482536Z 61 PC: 14249 | Open file (See above)
2018-12-25T11:52:59.029133317Z 66 PC: 1429d | Move file pointer (See above)
2018-12-25T11:52:59.030916446Z 87 PC: 141f0 | Get or set file date and time (See above)
2018-12-25T11:52:59.033403789Z 44 PC: 1408d | Get time (See above)
2018-12-25T11:52:59.035857952Z 66 PC: 1418b | Move file pointer (See above)
2018-12-25T11:52:59.037401715Z 66 PC: 141a1 | Move file pointer (See above)
2018-12-25T11:52:59.039506956Z 64 PC: 1410c | Write file or device (See above)
2018-12-25T11:52:59.046248863Z 87 PC: 14257 | Get or set file date and time (See above)
2018-12-25T11:52:59.0476651Z 62 PC: 1423f | Close file (See above)
2018-12-25T11:52:59.0550164Z 67 PC: 14238 | Get or set file attributes (See above)
2018-12-25T11:52:59.065182916Z 79 PC: 141c3 | Find next file (See above)
2018-12-25T11:52:59.067801874Z 67 PC: 14225 | Get or set file attributes (See above)
2018-12-25T11:52:59.073808445Z 67 PC: 14238 | Get or set file attributes (See above)
2018-12-25T11:52:59.086279152Z 61 PC: 14249 | Open file (See above)
2018-12-25T11:52:59.092926581Z 66 PC: 1429d | Move file pointer (See above)
2018-12-25T11:52:59.0948374Z 87 PC: 141f0 | Get or set file date and time (See above)
2018-12-25T11:52:59.096533819Z 44 PC: 1408d | Get time (See above)
2018-12-25T11:52:59.098737989Z 66 PC: 1418b | Move file pointer (See above)
2018-12-25T11:52:59.100725021Z 64 PC: 1410c | Write file or device (See above)
2018-12-25T11:52:59.109736013Z 66 PC: 141a1 | Move file pointer (See above)
2018-12-25T11:52:59.111163049Z 64 PC: 1410c | Write file or device (See above)
2018-12-25T11:52:59.118094298Z 87 PC: 14257 | Get or set file date and time (See above)
2018-12-25T11:52:59.120990291Z 62 PC: 1423f | Close file (See above)
2018-12-25T11:52:59.128986323Z 67 PC: 14238 | Get or set file attributes (See above)
2018-12-25T11:52:59.138436934Z 79 PC: 141c3 | Find next file (See above)
2018-12-25T11:52:59.141619689Z 67 PC: 14225 | Get or set file attributes (See above)
2018-12-25T11:52:59.147429534Z 67 PC: 14238 | Get or set file attributes (See above)
2018-12-25T11:52:59.156395522Z 61 PC: 14249 | Open file (See above)
2018-12-25T11:52:59.161922629Z 66 PC: 1429d | Move file pointer (See above)
2018-12-25T11:52:59.163108647Z 87 PC: 141f0 | Get or set file date and time (See above)
2018-12-25T11:52:59.164074209Z 44 PC: 1408d | Get time (See above)
2018-12-25T11:52:59.16704417Z 66 PC: 1418b | Move file pointer (See above)
2018-12-25T11:52:59.16831102Z 66 PC: 141a1 | Move file pointer (See above)
2018-12-25T11:52:59.16938892Z 64 PC: 1410c | Write file or device (See above)
2018-12-25T11:52:59.17419749Z 87 PC: 14257 | Get or set file date and time (See above)
2018-12-25T11:52:59.175317769Z 62 PC: 1423f | Close file (See above)
2018-12-25T11:52:59.180307651Z 67 PC: 14238 | Get or set file attributes (See above)
2018-12-25T11:52:59.186952978Z 79 PC: 141c3 | Find next file (See above)
2018-12-25T11:52:59.188649846Z 59 PC: 14293 | Change current directory
2018-12-25T11:52:59.19125565Z 37 PC: 141d7 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:52:59.192600511Z 59 PC: 14293 | Change current directory (See above)
2018-12-25T11:52:59.193911891Z 26 PC: 14232 | Set disk transfer address (See above)

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":4848,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:52:58.697161397Z 26 PC: 14232 | Set disk transfer address
2018-12-25T11:52:58.699662263Z 71 PC: 142aa | Get current directory
2018-12-25T11:52:58.702774119Z 53 PC: 14139 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:52:58.703989341Z 37 PC: 14149 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:52:58.705182243Z 78 PC: 14156 | Find first file
2018-12-25T11:52:58.712423075Z 67 PC: 14225 | Get or set file attributes
2018-12-25T11:52:58.718637155Z 67 PC: 14238 | Get or set file attributes
2018-12-25T11:52:58.735438144Z 61 PC: 14249 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:52:58.748548647Z 66 PC: 1429d | Move file pointer
2018-12-25T11:52:58.750209102Z 87 PC: 141f0 | Get or set file date and time
2018-12-25T11:52:58.751591529Z 44 PC: 1408d | Get time 0x1408d: cmp dx, 0
0x14090: je 0x14089
0x14092: mov word ptr [bp + 0x10b], dx
0x14096: call 0x140de
0x14099: mov word ptr [bp + 0x12d], ax
0x1409d: add dx, 0x13
0x140a0: mov byte ptr [bp + 0x18b], ah
0x140a4: mov byte ptr [bp + 0x157], dl
0x140a8: ret
0x140a9: pushaw
0x140aa: sbb byte ptr [bp + di], dh
0x140ac: sar byte ptr [bx + di + 0x8d], 0x8d
0x140b1: mov dh, 0x32
0x140b3: add cl, byte ptr [bp + di + 0x2d96]
0x140b7: add word ptr [bp + di - 0x7442], cx
0x140bb: add cx, dx
0x140bd: ret 0xc283
0x140c0: add ax, 0x1431
0x140c3: ror di, 1
0x140c5: dec di
2018-12-25T11:52:58.75489975Z 66 PC: 1418b | Move file pointer
2018-12-25T11:52:58.756593857Z 64 PC: 1410c | Write file or device (Write 580 bytes on handle 5)
2018-12-25T11:52:58.766786313Z 66 PC: 141a1 | Move file pointer
2018-12-25T11:52:58.768750743Z 87 PC: 14257 | Get or set file date and time
2018-12-25T11:52:58.770337448Z 62 PC: 1423f | Close file
2018-12-25T11:52:58.778691492Z 67 PC: 14238 | Get or set file attributes (See above)
2018-12-25T11:52:58.789824844Z 79 PC: 141c3 | Find next file
2018-12-25T11:52:58.792756356Z 67 PC: 14225 | Get or set file attributes (See above)
2018-12-25T11:52:58.798955255Z 67 PC: 14238 | Get or set file attributes (See above)
2018-12-25T11:52:58.809676169Z 61 PC: 14249 | Open file (See above)
2018-12-25T11:52:58.820681497Z 66 PC: 1429d | Move file pointer (See above)
2018-12-25T11:52:58.822488047Z 87 PC: 141f0 | Get or set file date and time (See above)
2018-12-25T11:52:58.824006103Z 44 PC: 1408d | Get time (See above)
2018-12-25T11:52:58.826830413Z 66 PC: 1418b | Move file pointer (See above)
2018-12-25T11:52:58.828276495Z 64 PC: 1410c | Write file or device (See above)
2018-12-25T11:52:58.838511535Z 66 PC: 141a1 | Move file pointer (See above)
2018-12-25T11:52:58.840530505Z 64 PC: 1410c | Write file or device (See above)
2018-12-25T11:52:58.847572228Z 87 PC: 14257 | Get or set file date and time (See above)
2018-12-25T11:52:58.849128532Z 62 PC: 1423f | Close file (See above)
2018-12-25T11:52:58.857938039Z 67 PC: 14238 | Get or set file attributes (See above)
2018-12-25T11:52:58.868755985Z 79 PC: 141c3 | Find next file (See above)
2018-12-25T11:52:58.871471904Z 67 PC: 14225 | Get or set file attributes (See above)
2018-12-25T11:52:58.877918775Z 67 PC: 14238 | Get or set file attributes (See above)
2018-12-25T11:52:58.896871035Z 61 PC: 14249 | Open file (See above)
2018-12-25T11:52:58.901536932Z 66 PC: 1429d | Move file pointer (See above)
2018-12-25T11:52:58.90366415Z 87 PC: 141f0 | Get or set file date and time (See above)
2018-12-25T11:52:58.904792373Z 44 PC: 1408d | Get time (See above)
2018-12-25T11:52:58.906460217Z 66 PC: 1418b | Move file pointer (See above)
2018-12-25T11:52:58.908466649Z 64 PC: 1410c | Write file or device (See above)
2018-12-25T11:52:58.914470868Z 66 PC: 141a1 | Move file pointer (See above)
2018-12-25T11:52:58.915967161Z 64 PC: 1410c | Write file or device (See above)
2018-12-25T11:52:58.924000993Z 87 PC: 14257 | Get or set file date and time (See above)
2018-12-25T11:52:58.925865051Z 62 PC: 1423f | Close file (See above)
2018-12-25T11:52:58.934705712Z 67 PC: 14238 | Get or set file attributes (See above)
2018-12-25T11:52:58.956365024Z 79 PC: 141c3 | Find next file (See above)
2018-12-25T11:52:58.967866064Z 67 PC: 14225 | Get or set file attributes (See above)
2018-12-25T11:52:58.974241691Z 67 PC: 14238 | Get or set file attributes (See above)
2018-12-25T11:52:58.987452445Z 61 PC: 14249 | Open file (See above)
2018-12-25T11:52:58.995682761Z 66 PC: 1429d | Move file pointer (See above)
2018-12-25T11:52:58.997769118Z 87 PC: 141f0 | Get or set file date and time (See above)
2018-12-25T11:52:58.999468219Z 44 PC: 1408d | Get time (See above)
2018-12-25T11:52:59.00331039Z 66 PC: 1418b | Move file pointer (See above)
2018-12-25T11:52:59.005081676Z 64 PC: 1410c | Write file or device (See above)
2018-12-25T11:52:59.014009164Z 66 PC: 141a1 | Move file pointer (See above)
2018-12-25T11:52:59.016303854Z 64 PC: 1410c | Write file or device (See above)
2018-12-25T11:52:59.023695104Z 87 PC: 14257 | Get or set file date and time (See above)
2018-12-25T11:52:59.025404239Z 62 PC: 1423f | Close file (See above)
2018-12-25T11:52:59.035379094Z 67 PC: 14238 | Get or set file attributes (See above)
2018-12-25T11:52:59.04704338Z 79 PC: 141c3 | Find next file (See above)
2018-12-25T11:52:59.050575987Z 67 PC: 14225 | Get or set file attributes (See above)
2018-12-25T11:52:59.058293535Z 67 PC: 14238 | Get or set file attributes (See above)
2018-12-25T11:52:59.070498247Z 61 PC: 14249 | Open file (See above)
2018-12-25T11:52:59.079480648Z 66 PC: 1429d | Move file pointer (See above)
2018-12-25T11:52:59.081771408Z 87 PC: 141f0 | Get or set file date and time (See above)
2018-12-25T11:52:59.085883428Z 44 PC: 1408d | Get time (See above)
2018-12-25T11:52:59.089394122Z 66 PC: 1418b | Move file pointer (See above)
2018-12-25T11:52:59.092120376Z 64 PC: 1410c | Write file or device (See above)
2018-12-25T11:52:59.110108845Z 66 PC: 141a1 | Move file pointer (See above)
2018-12-25T11:52:59.111948498Z 87 PC: 14257 | Get or set file date and time (See above)
2018-12-25T11:52:59.119310795Z 62 PC: 1423f | Close file (See above)
2018-12-25T11:52:59.129139444Z 67 PC: 14238 | Get or set file attributes (See above)
2018-12-25T11:52:59.141528045Z 79 PC: 141c3 | Find next file (See above)
2018-12-25T11:52:59.144543839Z 67 PC: 14225 | Get or set file attributes (See above)
2018-12-25T11:52:59.154129212Z 67 PC: 14238 | Get or set file attributes (See above)
2018-12-25T11:52:59.170180505Z 61 PC: 14249 | Open file (See above)
2018-12-25T11:52:59.177626955Z 66 PC: 1429d | Move file pointer (See above)
2018-12-25T11:52:59.185484241Z 87 PC: 141f0 | Get or set file date and time (See above)
2018-12-25T11:52:59.187827368Z 44 PC: 1408d | Get time (See above)
2018-12-25T11:52:59.191087418Z 66 PC: 1418b | Move file pointer (See above)
2018-12-25T11:52:59.193456813Z 64 PC: 1410c | Write file or device (See above)
2018-12-25T11:52:59.206288468Z 66 PC: 141a1 | Move file pointer (See above)
2018-12-25T11:52:59.208392558Z 64 PC: 1410c | Write file or device (See above)
2018-12-25T11:52:59.216207221Z 87 PC: 14257 | Get or set file date and time (See above)
2018-12-25T11:52:59.219415729Z 62 PC: 1423f | Close file (See above)
2018-12-25T11:52:59.229742916Z 67 PC: 14238 | Get or set file attributes (See above)
2018-12-25T11:52:59.240875106Z 79 PC: 141c3 | Find next file (See above)
2018-12-25T11:52:59.246090433Z 67 PC: 14225 | Get or set file attributes (See above)
2018-12-25T11:52:59.253494938Z 67 PC: 14238 | Get or set file attributes (See above)
2018-12-25T11:52:59.265922489Z 61 PC: 14249 | Open file (See above)
2018-12-25T11:52:59.274361375Z 66 PC: 1429d | Move file pointer (See above)
2018-12-25T11:52:59.276328042Z 87 PC: 141f0 | Get or set file date and time (See above)
2018-12-25T11:52:59.277923678Z 44 PC: 1408d | Get time (See above)
2018-12-25T11:52:59.281443283Z 66 PC: 1418b | Move file pointer (See above)
2018-12-25T11:52:59.28309317Z 64 PC: 1410c | Write file or device (See above)
2018-12-25T11:52:59.294589556Z 66 PC: 141a1 | Move file pointer (See above)
2018-12-25T11:52:59.296551895Z 64 PC: 1410c | Write file or device (See above)
2018-12-25T11:52:59.305019799Z 87 PC: 14257 | Get or set file date and time (See above)
2018-12-25T11:52:59.306996458Z 62 PC: 1423f | Close file (See above)
2018-12-25T11:52:59.315688706Z 67 PC: 14238 | Get or set file attributes (See above)
2018-12-25T11:52:59.327042484Z 79 PC: 141c3 | Find next file (See above)
2018-12-25T11:52:59.330307408Z 67 PC: 14225 | Get or set file attributes (See above)
2018-12-25T11:52:59.336637018Z 67 PC: 14238 | Get or set file attributes (See above)
2018-12-25T11:52:59.348894974Z 61 PC: 14249 | Open file (See above)
2018-12-25T11:52:59.362600491Z 66 PC: 1429d | Move file pointer (See above)
2018-12-25T11:52:59.364922863Z 87 PC: 141f0 | Get or set file date and time (See above)
2018-12-25T11:52:59.367474216Z 44 PC: 1408d | Get time (See above)
2018-12-25T11:52:59.370780603Z 66 PC: 1418b | Move file pointer (See above)
2018-12-25T11:52:59.372603657Z 64 PC: 1410c | Write file or device (See above)
2018-12-25T11:52:59.383352982Z 66 PC: 141a1 | Move file pointer (See above)
2018-12-25T11:52:59.385566053Z 64 PC: 1410c | Write file or device (See above)
2018-12-25T11:52:59.393115356Z 87 PC: 14257 | Get or set file date and time (See above)
2018-12-25T11:52:59.394936921Z 62 PC: 1423f | Close file (See above)
2018-12-25T11:52:59.404715844Z 67 PC: 14238 | Get or set file attributes (See above)
2018-12-25T11:52:59.415868937Z 79 PC: 141c3 | Find next file (See above)
2018-12-25T11:52:59.418793522Z 59 PC: 14293 | Change current directory
2018-12-25T11:52:59.425465233Z 37 PC: 141d7 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:52:59.427547747Z 59 PC: 14293 | Change current directory (See above)
2018-12-25T11:52:59.429685725Z 26 PC: 14232 | Set disk transfer address (See above)

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":4848,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:52:58.839758531Z 26 PC: 14232 | Set disk transfer address
2018-12-25T11:52:58.84570667Z 71 PC: 142aa | Get current directory
2018-12-25T11:52:58.847546835Z 53 PC: 14139 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:52:58.848334297Z 37 PC: 14149 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:52:58.849730037Z 78 PC: 14156 | Find first file
2018-12-25T11:52:58.853871689Z 67 PC: 14225 | Get or set file attributes
2018-12-25T11:52:58.865101974Z 67 PC: 14238 | Get or set file attributes
2018-12-25T11:52:58.880237415Z 61 PC: 14249 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:52:58.886892495Z 66 PC: 1429d | Move file pointer
2018-12-25T11:52:58.888450143Z 87 PC: 141f0 | Get or set file date and time
2018-12-25T11:52:58.891590202Z 44 PC: 1408d | Get time 0x1408d: cmp dx, 0
0x14090: je 0x14089
0x14092: mov word ptr [bp + 0x10b], dx
0x14096: call 0x140de
0x14099: mov word ptr [bp + 0x12d], ax
0x1409d: add dx, 0x13
0x140a0: mov byte ptr [bp + 0x18b], ah
0x140a4: mov byte ptr [bp + 0x157], dl
0x140a8: ret
0x140a9: pushaw
0x140aa: sbb byte ptr [bp + di], dh
0x140ac: sar byte ptr [bx + di + 0x8d], 0x8d
0x140b1: mov dh, 0x32
0x140b3: add cl, byte ptr [bp + di + 0x2d96]
0x140b7: add word ptr [bp + di - 0x7442], cx
0x140bb: add cx, dx
0x140bd: ret 0xc283
0x140c0: add ax, 0x1431
0x140c3: ror di, 1
0x140c5: dec di
2018-12-25T11:52:58.899690953Z 66 PC: 1418b | Move file pointer
2018-12-25T11:52:58.901125874Z 64 PC: 1410c | Write file or device (Write 580 bytes on handle 5)
2018-12-25T11:52:58.912713885Z 66 PC: 141a1 | Move file pointer
2018-12-25T11:52:58.914093744Z 64 PC: 1410c | Write file or device (See above)
2018-12-25T11:52:58.920991763Z 87 PC: 14257 | Get or set file date and time
2018-12-25T11:52:58.923802845Z 62 PC: 1423f | Close file
2018-12-25T11:52:58.931496415Z 67 PC: 14238 | Get or set file attributes (See above)
2018-12-25T11:52:58.941213079Z 79 PC: 141c3 | Find next file
2018-12-25T11:52:58.946318795Z 67 PC: 14225 | Get or set file attributes (See above)
2018-12-25T11:52:58.952289581Z 67 PC: 14238 | Get or set file attributes (See above)
2018-12-25T11:52:58.962100795Z 61 PC: 14249 | Open file (See above)
2018-12-25T11:52:58.969113224Z 66 PC: 1429d | Move file pointer (See above)
2018-12-25T11:52:58.970745564Z 87 PC: 141f0 | Get or set file date and time (See above)
2018-12-25T11:52:58.972248758Z 44 PC: 1408d | Get time (See above)
2018-12-25T11:52:58.975612644Z 66 PC: 1418b | Move file pointer (See above)
2018-12-25T11:52:58.979771954Z 64 PC: 1410c | Write file or device (See above)
2018-12-25T11:52:58.988982371Z 66 PC: 141a1 | Move file pointer (See above)
2018-12-25T11:52:58.990240704Z 87 PC: 14257 | Get or set file date and time (See above)
2018-12-25T11:52:58.991825633Z 62 PC: 1423f | Close file (See above)
2018-12-25T11:52:58.999220142Z 67 PC: 14238 | Get or set file attributes (See above)
2018-12-25T11:52:59.009160937Z 79 PC: 141c3 | Find next file (See above)
2018-12-25T11:52:59.012407444Z 67 PC: 14225 | Get or set file attributes (See above)
2018-12-25T11:52:59.018138682Z 67 PC: 14238 | Get or set file attributes (See above)
2018-12-25T11:52:59.031143572Z 61 PC: 14249 | Open file (See above)
2018-12-25T11:52:59.039657259Z 66 PC: 1429d | Move file pointer (See above)
2018-12-25T11:52:59.041557042Z 87 PC: 141f0 | Get or set file date and time (See above)
2018-12-25T11:52:59.043218545Z 44 PC: 1408d | Get time (See above)
2018-12-25T11:52:59.046376291Z 66 PC: 1418b | Move file pointer (See above)
2018-12-25T11:52:59.048226051Z 64 PC: 1410c | Write file or device (See above)
2018-12-25T11:52:59.05766507Z 66 PC: 141a1 | Move file pointer (See above)
2018-12-25T11:52:59.059984299Z 64 PC: 1410c | Write file or device (See above)
2018-12-25T11:52:59.066679245Z 87 PC: 14257 | Get or set file date and time (See above)
2018-12-25T11:52:59.0683329Z 62 PC: 1423f | Close file (See above)
2018-12-25T11:52:59.076283217Z 67 PC: 14238 | Get or set file attributes (See above)
2018-12-25T11:52:59.095866736Z 79 PC: 141c3 | Find next file (See above)
2018-12-25T11:52:59.099474021Z 67 PC: 14225 | Get or set file attributes (See above)
2018-12-25T11:52:59.107113221Z 67 PC: 14238 | Get or set file attributes (See above)
2018-12-25T11:52:59.116129804Z 61 PC: 14249 | Open file (See above)
2018-12-25T11:52:59.120270018Z 66 PC: 1429d | Move file pointer (See above)
2018-12-25T11:52:59.122909064Z 87 PC: 141f0 | Get or set file date and time (See above)
2018-12-25T11:52:59.124286013Z 44 PC: 1408d | Get time (See above)
2018-12-25T11:52:59.126609053Z 66 PC: 1418b | Move file pointer (See above)
2018-12-25T11:52:59.129012323Z 64 PC: 1410c | Write file or device (See above)
2018-12-25T11:52:59.137875293Z 66 PC: 141a1 | Move file pointer (See above)
2018-12-25T11:52:59.139590513Z 64 PC: 1410c | Write file or device (See above)
2018-12-25T11:52:59.146882705Z 87 PC: 14257 | Get or set file date and time (See above)
2018-12-25T11:52:59.14867657Z 62 PC: 1423f | Close file (See above)
2018-12-25T11:52:59.157684789Z 67 PC: 14238 | Get or set file attributes (See above)
2018-12-25T11:52:59.17083454Z 79 PC: 141c3 | Find next file (See above)
2018-12-25T11:52:59.173442721Z 67 PC: 14225 | Get or set file attributes (See above)
2018-12-25T11:52:59.179160161Z 67 PC: 14238 | Get or set file attributes (See above)
2018-12-25T11:52:59.195539165Z 61 PC: 14249 | Open file (See above)
2018-12-25T11:52:59.202413962Z 66 PC: 1429d | Move file pointer (See above)
2018-12-25T11:52:59.204319196Z 87 PC: 141f0 | Get or set file date and time (See above)
2018-12-25T11:52:59.206804506Z 44 PC: 1408d | Get time (See above)
2018-12-25T11:52:59.212732285Z 66 PC: 1418b | Move file pointer (See above)
2018-12-25T11:52:59.21445987Z 64 PC: 1410c | Write file or device (See above)
2018-12-25T11:52:59.224082674Z 66 PC: 141a1 | Move file pointer (See above)
2018-12-25T11:52:59.226290411Z 64 PC: 1410c | Write file or device (See above)
2018-12-25T11:52:59.234023522Z 87 PC: 14257 | Get or set file date and time (See above)
2018-12-25T11:52:59.236049936Z 62 PC: 1423f | Close file (See above)
2018-12-25T11:52:59.247550082Z 67 PC: 14238 | Get or set file attributes (See above)
2018-12-25T11:52:59.257911704Z 79 PC: 141c3 | Find next file (See above)
2018-12-25T11:52:59.260856607Z 67 PC: 14225 | Get or set file attributes (See above)
2018-12-25T11:52:59.267727205Z 67 PC: 14238 | Get or set file attributes (See above)
2018-12-25T11:52:59.277551458Z 61 PC: 14249 | Open file (See above)
2018-12-25T11:52:59.290107819Z 66 PC: 1429d | Move file pointer (See above)
2018-12-25T11:52:59.292915481Z 87 PC: 141f0 | Get or set file date and time (See above)
2018-12-25T11:52:59.294318615Z 44 PC: 1408d | Get time (See above)
2018-12-25T11:52:59.296627456Z 66 PC: 1418b | Move file pointer (See above)
2018-12-25T11:52:59.307224817Z 64 PC: 1410c | Write file or device (See above)
2018-12-25T11:52:59.316707798Z 66 PC: 141a1 | Move file pointer (See above)
2018-12-25T11:52:59.318439857Z 87 PC: 14257 | Get or set file date and time (See above)
2018-12-25T11:52:59.321291448Z 62 PC: 1423f | Close file (See above)
2018-12-25T11:52:59.329009763Z 67 PC: 14238 | Get or set file attributes (See above)
2018-12-25T11:52:59.338793118Z 79 PC: 141c3 | Find next file (See above)
2018-12-25T11:52:59.342477646Z 67 PC: 14225 | Get or set file attributes (See above)
2018-12-25T11:52:59.348744198Z 67 PC: 14238 | Get or set file attributes (See above)
2018-12-25T11:52:59.358915325Z 61 PC: 14249 | Open file (See above)
2018-12-25T11:52:59.366699035Z 66 PC: 1429d | Move file pointer (See above)
2018-12-25T11:52:59.368424812Z 87 PC: 141f0 | Get or set file date and time (See above)
2018-12-25T11:52:59.36997266Z 44 PC: 1408d | Get time (See above)
2018-12-25T11:52:59.373020336Z 66 PC: 1418b | Move file pointer (See above)
2018-12-25T11:52:59.374548694Z 64 PC: 1410c | Write file or device (See above)
2018-12-25T11:52:59.383271533Z 66 PC: 141a1 | Move file pointer (See above)
2018-12-25T11:52:59.385487206Z 87 PC: 14257 | Get or set file date and time (See above)
2018-12-25T11:52:59.387227456Z 62 PC: 1423f | Close file (See above)
2018-12-25T11:52:59.394838328Z 67 PC: 14238 | Get or set file attributes (See above)
2018-12-25T11:52:59.405168358Z 79 PC: 141c3 | Find next file (See above)
2018-12-25T11:52:59.407635484Z 67 PC: 14225 | Get or set file attributes (See above)
2018-12-25T11:52:59.413132297Z 67 PC: 14238 | Get or set file attributes (See above)
2018-12-25T11:52:59.425913761Z 61 PC: 14249 | Open file (See above)
2018-12-25T11:52:59.432902117Z 66 PC: 1429d | Move file pointer (See above)
2018-12-25T11:52:59.434798467Z 87 PC: 141f0 | Get or set file date and time (See above)
2018-12-25T11:52:59.437396378Z 44 PC: 1408d | Get time (See above)
2018-12-25T11:52:59.440630941Z 66 PC: 1418b | Move file pointer (See above)
2018-12-25T11:52:59.442474623Z 66 PC: 141a1 | Move file pointer (See above)
2018-12-25T11:52:59.443871051Z 87 PC: 14257 | Get or set file date and time (See above)
2018-12-25T11:52:59.445415487Z 62 PC: 1423f | Close file (See above)
2018-12-25T11:52:59.458659316Z 67 PC: 14238 | Get or set file attributes (See above)
2018-12-25T11:52:59.46865963Z 79 PC: 141c3 | Find next file (See above)
2018-12-25T11:52:59.471042845Z 59 PC: 14293 | Change current directory
2018-12-25T11:52:59.475376854Z 37 PC: 141d7 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:52:59.476989926Z 59 PC: 14293 | Change current directory (See above)
2018-12-25T11:52:59.479339521Z 26 PC: 14232 | Set disk transfer address (See above)

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":4848,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:52:59.069566928Z 26 PC: 14232 | Set disk transfer address
2018-12-25T11:52:59.071562482Z 71 PC: 142aa | Get current directory
2018-12-25T11:52:59.074933839Z 53 PC: 14139 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:52:59.076699122Z 37 PC: 14149 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:52:59.078276197Z 78 PC: 14156 | Find first file
2018-12-25T11:52:59.082889536Z 67 PC: 14225 | Get or set file attributes
2018-12-25T11:52:59.095163145Z 67 PC: 14238 | Get or set file attributes
2018-12-25T11:52:59.116637254Z 61 PC: 14249 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:52:59.124952865Z 66 PC: 1429d | Move file pointer
2018-12-25T11:52:59.126837136Z 87 PC: 141f0 | Get or set file date and time
2018-12-25T11:52:59.128732863Z 44 PC: 1408d | Get time 0x1408d: cmp dx, 0
0x14090: je 0x14089
0x14092: mov word ptr [bp + 0x10b], dx
0x14096: call 0x140de
0x14099: mov word ptr [bp + 0x12d], ax
0x1409d: add dx, 0x13
0x140a0: mov byte ptr [bp + 0x18b], ah
0x140a4: mov byte ptr [bp + 0x157], dl
0x140a8: ret
0x140a9: pushaw
0x140aa: sbb byte ptr [bp + di], dh
0x140ac: sar byte ptr [bx + di + 0x8d], 0x8d
0x140b1: mov dh, 0x32
0x140b3: add cl, byte ptr [bp + di + 0x2d96]
0x140b7: add word ptr [bp + di - 0x7442], cx
0x140bb: add cx, dx
0x140bd: ret 0xc283
0x140c0: add ax, 0x1431
0x140c3: ror di, 1
0x140c5: dec di
2018-12-25T11:52:59.132933137Z 66 PC: 1418b | Move file pointer
2018-12-25T11:52:59.135099951Z 66 PC: 141a1 | Move file pointer
2018-12-25T11:52:59.138630401Z 64 PC: 1410c | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:52:59.147448581Z 87 PC: 14257 | Get or set file date and time
2018-12-25T11:52:59.149247772Z 62 PC: 1423f | Close file
2018-12-25T11:52:59.158110935Z 67 PC: 14238 | Get or set file attributes (See above)
2018-12-25T11:52:59.169880748Z 79 PC: 141c3 | Find next file
2018-12-25T11:52:59.173181694Z 67 PC: 14225 | Get or set file attributes (See above)
2018-12-25T11:52:59.17994641Z 67 PC: 14238 | Get or set file attributes (See above)
2018-12-25T11:52:59.192058051Z 61 PC: 14249 | Open file (See above)
2018-12-25T11:52:59.199654495Z 66 PC: 1429d | Move file pointer (See above)
2018-12-25T11:52:59.201455131Z 87 PC: 141f0 | Get or set file date and time (See above)
2018-12-25T11:52:59.203116994Z 44 PC: 1408d | Get time (See above)
2018-12-25T11:52:59.205809459Z 66 PC: 1418b | Move file pointer (See above)
2018-12-25T11:52:59.207194504Z 64 PC: 1410c | Write file or device (See above)
2018-12-25T11:52:59.219703637Z 66 PC: 141a1 | Move file pointer (See above)
2018-12-25T11:52:59.22173513Z 64 PC: 1410c | Write file or device (See above)
2018-12-25T11:52:59.228992225Z 87 PC: 14257 | Get or set file date and time (See above)
2018-12-25T11:52:59.230698103Z 62 PC: 1423f | Close file (See above)
2018-12-25T11:52:59.241939036Z 67 PC: 14238 | Get or set file attributes (See above)
2018-12-25T11:52:59.253044147Z 79 PC: 141c3 | Find next file (See above)
2018-12-25T11:52:59.256946646Z 67 PC: 14225 | Get or set file attributes (See above)
2018-12-25T11:52:59.26407431Z 67 PC: 14238 | Get or set file attributes (See above)
2018-12-25T11:52:59.27480451Z 61 PC: 14249 | Open file (See above)
2018-12-25T11:52:59.28212295Z 66 PC: 1429d | Move file pointer (See above)
2018-12-25T11:52:59.289260202Z 87 PC: 141f0 | Get or set file date and time (See above)
2018-12-25T11:52:59.295573113Z 44 PC: 1408d | Get time (See above)
2018-12-25T11:52:59.298632443Z 66 PC: 1418b | Move file pointer (See above)
2018-12-25T11:52:59.300834246Z 64 PC: 1410c | Write file or device (See above)
2018-12-25T11:52:59.310496135Z 66 PC: 141a1 | Move file pointer (See above)
2018-12-25T11:52:59.311977108Z 64 PC: 1410c | Write file or device (See above)
2018-12-25T11:52:59.319478969Z 87 PC: 14257 | Get or set file date and time (See above)
2018-12-25T11:52:59.321600841Z 62 PC: 1423f | Close file (See above)
2018-12-25T11:52:59.330460931Z 67 PC: 14238 | Get or set file attributes (See above)
2018-12-25T11:52:59.3408451Z 79 PC: 141c3 | Find next file (See above)
2018-12-25T11:52:59.343786133Z 67 PC: 14225 | Get or set file attributes (See above)
2018-12-25T11:52:59.349030043Z 67 PC: 14238 | Get or set file attributes (See above)
2018-12-25T11:52:59.360236852Z 61 PC: 14249 | Open file (See above)
2018-12-25T11:52:59.369415819Z 66 PC: 1429d | Move file pointer (See above)
2018-12-25T11:52:59.371437654Z 87 PC: 141f0 | Get or set file date and time (See above)
2018-12-25T11:52:59.373032642Z 44 PC: 1408d | Get time (See above)
2018-12-25T11:52:59.376817303Z 66 PC: 1418b | Move file pointer (See above)
2018-12-25T11:52:59.379283364Z 64 PC: 1410c | Write file or device (See above)
2018-12-25T11:52:59.390124792Z 66 PC: 141a1 | Move file pointer (See above)
2018-12-25T11:52:59.393094269Z 87 PC: 14257 | Get or set file date and time (See above)
2018-12-25T11:52:59.395582671Z 62 PC: 1423f | Close file (See above)
2018-12-25T11:52:59.40464268Z 67 PC: 14238 | Get or set file attributes (See above)
2018-12-25T11:52:59.416388542Z 79 PC: 141c3 | Find next file (See above)
2018-12-25T11:52:59.420822378Z 67 PC: 14225 | Get or set file attributes (See above)
2018-12-25T11:52:59.427717854Z 67 PC: 14238 | Get or set file attributes (See above)
2018-12-25T11:52:59.439189299Z 61 PC: 14249 | Open file (See above)
2018-12-25T11:52:59.44843509Z 66 PC: 1429d | Move file pointer (See above)
2018-12-25T11:52:59.450758379Z 87 PC: 141f0 | Get or set file date and time (See above)
2018-12-25T11:52:59.452787956Z 44 PC: 1408d | Get time (See above)
2018-12-25T11:52:59.456932917Z 66 PC: 1418b | Move file pointer (See above)
2018-12-25T11:52:59.459648277Z 64 PC: 1410c | Write file or device (See above)
2018-12-25T11:52:59.469293106Z 66 PC: 141a1 | Move file pointer (See above)
2018-12-25T11:52:59.472073374Z 87 PC: 14257 | Get or set file date and time (See above)
2018-12-25T11:52:59.473723638Z 62 PC: 1423f | Close file (See above)
2018-12-25T11:52:59.482293696Z 67 PC: 14238 | Get or set file attributes (See above)
2018-12-25T11:52:59.493119448Z 79 PC: 141c3 | Find next file (See above)
2018-12-25T11:52:59.496422067Z 67 PC: 14225 | Get or set file attributes (See above)
2018-12-25T11:52:59.502079004Z 67 PC: 14238 | Get or set file attributes (See above)
2018-12-25T11:52:59.512121962Z 61 PC: 14249 | Open file (See above)
2018-12-25T11:52:59.522971621Z 66 PC: 1429d | Move file pointer (See above)
2018-12-25T11:52:59.524431258Z 87 PC: 141f0 | Get or set file date and time (See above)
2018-12-25T11:52:59.525549184Z 44 PC: 1408d | Get time (See above)
2018-12-25T11:52:59.529211419Z 66 PC: 1418b | Move file pointer (See above)
2018-12-25T11:52:59.530388572Z 64 PC: 1410c | Write file or device (See above)
2018-12-25T11:52:59.539012291Z 66 PC: 141a1 | Move file pointer (See above)
2018-12-25T11:52:59.546434511Z 64 PC: 1410c | Write file or device (See above)
2018-12-25T11:52:59.554152791Z 87 PC: 14257 | Get or set file date and time (See above)
2018-12-25T11:52:59.555878113Z 62 PC: 1423f | Close file (See above)
2018-12-25T11:52:59.565159043Z 67 PC: 14238 | Get or set file attributes (See above)
2018-12-25T11:52:59.579677943Z 79 PC: 141c3 | Find next file (See above)
2018-12-25T11:52:59.582924841Z 67 PC: 14225 | Get or set file attributes (See above)
2018-12-25T11:52:59.589693416Z 67 PC: 14238 | Get or set file attributes (See above)
2018-12-25T11:52:59.601110116Z 61 PC: 14249 | Open file (See above)
2018-12-25T11:52:59.608715452Z 66 PC: 1429d | Move file pointer (See above)
2018-12-25T11:52:59.610855105Z 87 PC: 141f0 | Get or set file date and time (See above)
2018-12-25T11:52:59.613035866Z 44 PC: 1408d | Get time (See above)
2018-12-25T11:52:59.616358814Z 66 PC: 1418b | Move file pointer (See above)
2018-12-25T11:52:59.617899376Z 64 PC: 1410c | Write file or device (See above)
2018-12-25T11:52:59.62832071Z 66 PC: 141a1 | Move file pointer (See above)
2018-12-25T11:52:59.630090671Z 64 PC: 1410c | Write file or device (See above)
2018-12-25T11:52:59.637549391Z 87 PC: 14257 | Get or set file date and time (See above)
2018-12-25T11:52:59.640256281Z 62 PC: 1423f | Close file (See above)
2018-12-25T11:52:59.649174145Z 67 PC: 14238 | Get or set file attributes (See above)
2018-12-25T11:52:59.661338942Z 79 PC: 141c3 | Find next file (See above)
2018-12-25T11:52:59.665673166Z 67 PC: 14225 | Get or set file attributes (See above)
2018-12-25T11:52:59.672757391Z 67 PC: 14238 | Get or set file attributes (See above)
2018-12-25T11:52:59.683991631Z 61 PC: 14249 | Open file (See above)
2018-12-25T11:52:59.692809681Z 66 PC: 1429d | Move file pointer (See above)
2018-12-25T11:52:59.694645557Z 87 PC: 141f0 | Get or set file date and time (See above)
2018-12-25T11:52:59.696233175Z 44 PC: 1408d | Get time (See above)
2018-12-25T11:52:59.699693891Z 66 PC: 1418b | Move file pointer (See above)
2018-12-25T11:52:59.701936967Z 64 PC: 1410c | Write file or device (See above)
2018-12-25T11:52:59.711797927Z 66 PC: 141a1 | Move file pointer (See above)
2018-12-25T11:52:59.714201451Z 64 PC: 1410c | Write file or device (See above)
2018-12-25T11:52:59.722369027Z 87 PC: 14257 | Get or set file date and time (See above)
2018-12-25T11:52:59.724184622Z 62 PC: 1423f | Close file (See above)
2018-12-25T11:52:59.733882924Z 67 PC: 14238 | Get or set file attributes (See above)
2018-12-25T11:52:59.745400651Z 79 PC: 141c3 | Find next file (See above)
2018-12-25T11:52:59.748254672Z 59 PC: 14293 | Change current directory
2018-12-25T11:52:59.753047903Z 37 PC: 141d7 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:52:59.755549065Z 59 PC: 14293 | Change current directory (See above)
2018-12-25T11:52:59.757597416Z 26 PC: 14232 | Set disk transfer address (See above)