Sample viewer

vx.netlux.org/Virus.DOS.VCL.Erin.883

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:34:50.341661267Z 26 PC: 13603 | Set disk transfer address
2018-12-17T22:34:50.344266631Z 59 PC: 1360b | Change current directory
2018-12-17T22:34:50.346574607Z 78 PC: 13678 | Find first file
2018-12-17T22:34:50.352910754Z 61 PC: 13686 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:34:50.360995642Z 63 PC: 13692 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:34:50.367531093Z 66 PC: 136b2 | Move file pointer
2018-12-17T22:34:50.369239579Z 64 PC: 136bd | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:34:50.372502026Z 66 PC: 136c6 | Move file pointer
2018-12-17T22:34:50.37396024Z 64 PC: 136d1 | Write file or device (Write 649 bytes on handle 5)
2018-12-17T22:34:50.388638151Z 66 PC: 136da | Move file pointer
2018-12-17T22:34:50.390289376Z 64 PC: 136e5 | Write file or device (Write 234 bytes on handle 5)
2018-12-17T22:34:50.393235109Z 62 PC: 136e9 | Close file
2018-12-17T22:34:50.401331967Z 79 PC: 13678 | Find next file
2018-12-17T22:34:50.403794354Z 61 PC: 13686 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:34:50.410738874Z 63 PC: 13692 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:34:50.416943146Z 66 PC: 136b2 | Move file pointer
2018-12-17T22:34:50.418270264Z 64 PC: 136bd | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:34:50.422223614Z 66 PC: 136c6 | Move file pointer
2018-12-17T22:34:50.423613719Z 64 PC: 136d1 | Write file or device (Write 649 bytes on handle 5)
2018-12-17T22:34:50.434868821Z 66 PC: 136da | Move file pointer
2018-12-17T22:34:50.437032156Z 64 PC: 136e5 | Write file or device (Write 234 bytes on handle 5)
2018-12-17T22:34:50.439944042Z 62 PC: 136e9 | Close file
2018-12-17T22:34:50.448020499Z 79 PC: 13678 | Find next file
2018-12-17T22:34:50.451012483Z 61 PC: 13686 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:34:50.457326181Z 63 PC: 13692 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:34:50.46343316Z 66 PC: 136b2 | Move file pointer
2018-12-17T22:34:50.465116386Z 64 PC: 136bd | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:34:50.467769517Z 66 PC: 136c6 | Move file pointer
2018-12-17T22:34:50.469243879Z 64 PC: 136d1 | Write file or device (Write 649 bytes on handle 5)
2018-12-17T22:34:50.478172068Z 66 PC: 136da | Move file pointer
2018-12-17T22:34:50.479659145Z 64 PC: 136e5 | Write file or device (Write 234 bytes on handle 5)
2018-12-17T22:34:50.48228799Z 62 PC: 136e9 | Close file
2018-12-17T22:34:50.490223375Z 79 PC: 13678 | Find next file
2018-12-17T22:34:50.493328834Z 61 PC: 13686 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:34:50.5001892Z 63 PC: 13692 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:34:50.506369048Z 66 PC: 136b2 | Move file pointer
2018-12-17T22:34:50.50797387Z 64 PC: 136bd | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:34:50.510400305Z 66 PC: 136c6 | Move file pointer
2018-12-17T22:34:50.511614918Z 64 PC: 136d1 | Write file or device (Write 649 bytes on handle 5)
2018-12-17T22:34:50.520366212Z 66 PC: 136da | Move file pointer
2018-12-17T22:34:50.521572085Z 64 PC: 136e5 | Write file or device (Write 234 bytes on handle 5)
2018-12-17T22:34:50.523967068Z 62 PC: 136e9 | Close file
2018-12-17T22:34:50.53243065Z 79 PC: 13678 | Find next file
2018-12-17T22:34:50.534824906Z 61 PC: 13686 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:34:50.541038773Z 63 PC: 13692 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:34:50.547824032Z 66 PC: 136b2 | Move file pointer
2018-12-17T22:34:50.549333025Z 64 PC: 136bd | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:34:50.552076138Z 66 PC: 136c6 | Move file pointer
2018-12-17T22:34:50.553930718Z 64 PC: 136d1 | Write file or device (Write 649 bytes on handle 5)
2018-12-17T22:34:50.561540807Z 66 PC: 136da | Move file pointer
2018-12-17T22:34:50.562732842Z 64 PC: 136e5 | Write file or device (Write 234 bytes on handle 5)
2018-12-17T22:34:50.566619773Z 62 PC: 136e9 | Close file
2018-12-17T22:34:50.601970003Z 79 PC: 13678 | Find next file
2018-12-17T22:34:50.60458268Z 61 PC: 13686 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:34:50.611992017Z 63 PC: 13692 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:34:50.618250026Z 66 PC: 136b2 | Move file pointer
2018-12-17T22:34:50.619501424Z 64 PC: 136bd | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:34:50.62280074Z 66 PC: 136c6 | Move file pointer
2018-12-17T22:34:50.624478707Z 64 PC: 136d1 | Write file or device (Write 649 bytes on handle 5)
2018-12-17T22:34:50.63445095Z 66 PC: 136da | Move file pointer
2018-12-17T22:34:50.636759372Z 64 PC: 136e5 | Write file or device (Write 234 bytes on handle 5)
2018-12-17T22:34:50.639326922Z 62 PC: 136e9 | Close file
2018-12-17T22:34:50.647236488Z 79 PC: 13678 | Find next file
2018-12-17T22:34:50.650402755Z 61 PC: 13686 | Open file (Filename = 'PAH.COM')
2018-12-17T22:34:50.656771946Z 63 PC: 13692 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:34:50.663317748Z 66 PC: 136b2 | Move file pointer
2018-12-17T22:34:50.66564014Z 64 PC: 136bd | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:34:50.668284967Z 66 PC: 136c6 | Move file pointer
2018-12-17T22:34:50.669711946Z 64 PC: 136d1 | Write file or device (Write 649 bytes on handle 5)
2018-12-17T22:34:50.678402766Z 66 PC: 136da | Move file pointer
2018-12-17T22:34:50.679761878Z 64 PC: 136e5 | Write file or device (Write 234 bytes on handle 5)
2018-12-17T22:34:50.682596251Z 62 PC: 136e9 | Close file
2018-12-17T22:34:50.692019951Z 79 PC: 13678 | Find next file
2018-12-17T22:34:50.695009165Z 61 PC: 13686 | Open file (Filename = 'TEST.COM')
2018-12-17T22:34:50.702365428Z 63 PC: 13692 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:34:50.70637475Z 66 PC: 136b2 | Move file pointer
2018-12-17T22:34:50.708131364Z 64 PC: 136bd | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:34:50.711094062Z 66 PC: 136c6 | Move file pointer
2018-12-17T22:34:50.712901476Z 64 PC: 136d1 | Write file or device (Write 649 bytes on handle 5)
2018-12-17T22:34:50.721739878Z 66 PC: 136da | Move file pointer
2018-12-17T22:34:50.722986846Z 64 PC: 136e5 | Write file or device (Write 234 bytes on handle 5)
2018-12-17T22:34:50.730771417Z 62 PC: 136e9 | Close file
2018-12-17T22:34:50.738615003Z 79 PC: 13678 | Find next file
2018-12-17T22:34:50.740766257Z 42 PC: 13612 | Get date 0x13612: cmp dl, 0x1e
0x13615: jne 0x13665
0x13617: mov ah, 0x39
0x13619: lea dx, word ptr [bp + 0x342]
0x1361d: int 0x21
0x1361f: mov ah, 9
0x13621: lea dx, word ptr [bp + 0x35b]
0x13625: int 0x21
0x13627: mov ax, 0x3521
0x1362a: int 0x21
0x1362c: mov word ptr cs:[bp + 0x2f5], bx
0x13631: mov word ptr cs:[bp + 0x2f7], es
0x13636: mov ax, 0x2521
0x13639: lea dx, word ptr [bp + 0x162]
0x1363d: int 0x21
0x1363f: lea dx, word ptr [bp + 0x38c]
0x13643: int 0x27
0x13645: pushf
0x13646: cmp ah, 0x4b
0x13649: jne 0x13663
2018-12-17T22:34:50.74267459Z 26 PC: 1366c | Set disk transfer address
2018-12-17T22:34:50.743985063Z 26 PC: 13290 | Set disk transfer address
2018-12-17T22:34:50.744864624Z 59 PC: 13298 | Change current directory
2018-12-17T22:34:50.746391423Z 78 PC: 13305 | Find first file
2018-12-17T22:34:50.752316909Z 61 PC: 13313 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:34:50.7586458Z 63 PC: 1331f | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:34:50.765175735Z 66 PC: 1333f | Move file pointer
2018-12-17T22:34:50.76687018Z 64 PC: 1334a | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:34:50.769362449Z 66 PC: 13353 | Move file pointer
2018-12-17T22:34:50.770672684Z 64 PC: 1335e | Write file or device (Write 649 bytes on handle 5)
2018-12-17T22:34:50.77873562Z 66 PC: 13367 | Move file pointer
2018-12-17T22:34:50.78001032Z 64 PC: 13372 | Write file or device (Write 234 bytes on handle 5)
2018-12-17T22:34:50.78833038Z 62 PC: 13376 | Close file
2018-12-17T22:34:50.796470721Z 79 PC: 13305 | Find next file
2018-12-17T22:34:50.798876233Z 61 PC: 13313 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:34:50.805159417Z 63 PC: 1331f | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:34:50.811818974Z 66 PC: 1333f | Move file pointer
2018-12-17T22:34:50.812979312Z 64 PC: 1334a | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:34:50.815345557Z 66 PC: 13353 | Move file pointer
2018-12-17T22:34:50.817024683Z 64 PC: 1335e | Write file or device (Write 649 bytes on handle 5)
2018-12-17T22:34:50.825121442Z 66 PC: 13367 | Move file pointer
2018-12-17T22:34:50.826383382Z 64 PC: 13372 | Write file or device (Write 234 bytes on handle 5)
2018-12-17T22:34:50.830149178Z 62 PC: 13376 | Close file
2018-12-17T22:34:50.837902326Z 79 PC: 13305 | Find next file
2018-12-17T22:34:50.840256812Z 61 PC: 13313 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:34:50.847153207Z 63 PC: 1331f | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:34:50.853244502Z 66 PC: 1333f | Move file pointer
2018-12-17T22:34:50.854342858Z 64 PC: 1334a | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:34:50.857155919Z 66 PC: 13353 | Move file pointer
2018-12-17T22:34:50.858336447Z 64 PC: 1335e | Write file or device (Write 649 bytes on handle 5)
2018-12-17T22:34:50.86642304Z 66 PC: 13367 | Move file pointer
2018-12-17T22:34:50.897599694Z 64 PC: 13372 | Write file or device (Write 234 bytes on handle 5)
2018-12-17T22:34:50.900141595Z 62 PC: 13376 | Close file
2018-12-17T22:34:50.908597565Z 79 PC: 13305 | Find next file
2018-12-17T22:34:50.920208842Z 61 PC: 13313 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:34:50.926616157Z 63 PC: 1331f | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:34:50.93301362Z 66 PC: 1333f | Move file pointer
2018-12-17T22:34:50.935023961Z 64 PC: 1334a | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:34:50.937581108Z 66 PC: 13353 | Move file pointer
2018-12-17T22:34:50.938883072Z 64 PC: 1335e | Write file or device (Write 649 bytes on handle 5)
2018-12-17T22:34:50.958598572Z 66 PC: 13367 | Move file pointer
2018-12-17T22:34:50.960553185Z 64 PC: 13372 | Write file or device (Write 234 bytes on handle 5)
2018-12-17T22:34:50.963465675Z 62 PC: 13376 | Close file
2018-12-17T22:34:50.973764924Z 79 PC: 13305 | Find next file
2018-12-17T22:34:50.976400633Z 61 PC: 13313 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:34:50.983768051Z 63 PC: 1331f | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:34:50.991304485Z 66 PC: 1333f | Move file pointer
2018-12-17T22:34:50.992761176Z 64 PC: 1334a | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:34:50.995516534Z 66 PC: 13353 | Move file pointer
2018-12-17T22:34:50.997778944Z 64 PC: 1335e | Write file or device (Write 649 bytes on handle 5)
2018-12-17T22:34:51.006276952Z 66 PC: 13367 | Move file pointer
2018-12-17T22:34:51.007608558Z 64 PC: 13372 | Write file or device (Write 234 bytes on handle 5)
2018-12-17T22:34:51.012679966Z 62 PC: 13376 | Close file
2018-12-17T22:34:51.020863847Z 79 PC: 13305 | Find next file
2018-12-17T22:34:51.023383735Z 61 PC: 13313 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:34:51.030901424Z 63 PC: 1331f | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:34:51.037150432Z 66 PC: 1333f | Move file pointer
2018-12-17T22:34:51.038574546Z 64 PC: 1334a | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:34:51.042629084Z 66 PC: 13353 | Move file pointer
2018-12-17T22:34:51.043740115Z 64 PC: 1335e | Write file or device (Write 649 bytes on handle 5)
2018-12-17T22:34:51.049289413Z 66 PC: 13367 | Move file pointer
2018-12-17T22:34:51.050862599Z 64 PC: 13372 | Write file or device (Write 234 bytes on handle 5)
2018-12-17T22:34:51.057205304Z 62 PC: 13376 | Close file
2018-12-17T22:34:51.062609695Z 79 PC: 13305 | Find next file
2018-12-17T22:34:51.064648131Z 61 PC: 13313 | Open file (Filename = 'PAH.COM')
2018-12-17T22:34:51.0700202Z 63 PC: 1331f | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:34:51.074207503Z 66 PC: 1333f | Move file pointer
2018-12-17T22:34:51.075443097Z 64 PC: 1334a | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:34:51.077674413Z 66 PC: 13353 | Move file pointer
2018-12-17T22:34:51.078790267Z 64 PC: 1335e | Write file or device (Write 649 bytes on handle 5)
2018-12-17T22:34:51.08678813Z 66 PC: 13367 | Move file pointer
2018-12-17T22:34:51.088534499Z 64 PC: 13372 | Write file or device (Write 234 bytes on handle 5)
2018-12-17T22:34:51.091450759Z 62 PC: 13376 | Close file
2018-12-17T22:34:51.099962937Z 79 PC: 13305 | Find next file
2018-12-17T22:34:51.103250885Z 61 PC: 13313 | Open file (Filename = 'TEST.COM')
2018-12-17T22:34:51.109941056Z 63 PC: 1331f | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:34:51.113059348Z 66 PC: 1333f | Move file pointer
2018-12-17T22:34:51.114923879Z 64 PC: 1334a | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:34:51.117755813Z 66 PC: 13353 | Move file pointer
2018-12-17T22:34:51.120077402Z 64 PC: 1335e | Write file or device (Write 649 bytes on handle 5)
2018-12-17T22:34:51.128677957Z 66 PC: 13367 | Move file pointer
2018-12-17T22:34:51.129998965Z 64 PC: 13372 | Write file or device (Write 234 bytes on handle 5)
2018-12-17T22:34:51.133570719Z 62 PC: 13376 | Close file
2018-12-17T22:34:51.141662567Z 79 PC: 13305 | Find next file
2018-12-17T22:34:51.143967877Z 42 PC: 1329f | Get date 0x1329f: cmp dl, 0x1e
0x132a2: jne 0x132f2
0x132a4: mov ah, 0x39
0x132a6: lea dx, word ptr [bp + 0x342]
0x132aa: int 0x21
0x132ac: mov ah, 9
0x132ae: lea dx, word ptr [bp + 0x35b]
0x132b2: int 0x21
0x132b4: mov ax, 0x3521
0x132b7: int 0x21
0x132b9: mov word ptr cs:[bp + 0x2f5], bx
0x132be: mov word ptr cs:[bp + 0x2f7], es
0x132c3: mov ax, 0x2521
0x132c6: lea dx, word ptr [bp + 0x162]
0x132ca: int 0x21
0x132cc: lea dx, word ptr [bp + 0x38c]
0x132d0: int 0x27
0x132d2: pushf
0x132d3: cmp ah, 0x4b
0x132d6: jne 0x132f0
2018-12-17T22:34:51.146199219Z 26 PC: 132f9 | Set disk transfer address
2018-12-17T22:34:51.147842343Z 26 PC: 12f1d | Set disk transfer address
2018-12-17T22:34:51.148910846Z 59 PC: 12f25 | Change current directory
2018-12-17T22:34:51.150595405Z 78 PC: 12f92 | Find first file
2018-12-17T22:34:51.157189245Z 61 PC: 12fa0 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:34:51.163643874Z 63 PC: 12fac | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:34:51.166112417Z 66 PC: 12fcc | Move file pointer
2018-12-17T22:34:51.168190372Z 64 PC: 12fd7 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:34:51.170688132Z 66 PC: 12fe0 | Move file pointer
2018-12-17T22:34:51.172064307Z 64 PC: 12feb | Write file or device (Write 649 bytes on handle 5)
2018-12-17T22:34:51.181515952Z 66 PC: 12ff4 | Move file pointer
2018-12-17T22:34:51.183304655Z 64 PC: 12fff | Write file or device (Write 234 bytes on handle 5)
2018-12-17T22:34:51.186293483Z 62 PC: 13003 | Close file
2018-12-17T22:34:51.195313887Z 79 PC: 12f92 | Find next file
2018-12-17T22:34:51.197990812Z 61 PC: 12fa0 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:34:51.204488383Z 63 PC: 12fac | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:34:51.209004563Z 66 PC: 12fcc | Move file pointer
2018-12-17T22:34:51.21050869Z 64 PC: 12fd7 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:34:51.21343863Z 66 PC: 12fe0 | Move file pointer
2018-12-17T22:34:51.215508572Z 64 PC: 12feb | Write file or device (Write 649 bytes on handle 5)
2018-12-17T22:34:51.223530127Z 66 PC: 12ff4 | Move file pointer
2018-12-17T22:34:51.22529952Z 64 PC: 12fff | Write file or device (Write 234 bytes on handle 5)
2018-12-17T22:34:51.233517957Z 62 PC: 13003 | Close file
2018-12-17T22:34:51.241645246Z 79 PC: 12f92 | Find next file
2018-12-17T22:34:51.245401803Z 61 PC: 12fa0 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:34:51.257525201Z 63 PC: 12fac | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:34:51.260560177Z 66 PC: 12fcc | Move file pointer
2018-12-17T22:34:51.263388761Z 64 PC: 12fd7 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:34:51.26806897Z 66 PC: 12fe0 | Move file pointer
2018-12-17T22:34:51.269895828Z 64 PC: 12feb | Write file or device (Write 649 bytes on handle 5)
2018-12-17T22:34:51.283250074Z 66 PC: 12ff4 | Move file pointer
2018-12-17T22:34:51.284644515Z 64 PC: 12fff | Write file or device (Write 234 bytes on handle 5)
2018-12-17T22:34:51.292909941Z 62 PC: 13003 | Close file
2018-12-17T22:34:51.301590703Z 79 PC: 12f92 | Find next file
2018-12-17T22:34:51.304082565Z 61 PC: 12fa0 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:34:51.310640589Z 63 PC: 12fac | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:34:51.314747017Z 66 PC: 12fcc | Move file pointer
2018-12-17T22:34:51.316180536Z 64 PC: 12fd7 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:34:51.318903826Z 66 PC: 12fe0 | Move file pointer
2018-12-17T22:34:51.320881231Z 64 PC: 12feb | Write file or device (Write 649 bytes on handle 5)
2018-12-17T22:34:51.329246873Z 66 PC: 12ff4 | Move file pointer
2018-12-17T22:34:51.330721478Z 64 PC: 12fff | Write file or device (Write 234 bytes on handle 5)
2018-12-17T22:34:51.340336523Z 62 PC: 13003 | Close file
2018-12-17T22:34:51.34925515Z 79 PC: 12f92 | Find next file
2018-12-17T22:34:51.351758053Z 61 PC: 12fa0 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:34:51.358891709Z 63 PC: 12fac | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:34:51.361231588Z 66 PC: 12fcc | Move file pointer
2018-12-17T22:34:51.362411277Z 64 PC: 12fd7 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:34:51.365328957Z 66 PC: 12fe0 | Move file pointer
2018-12-17T22:34:51.366540256Z 64 PC: 12feb | Write file or device (Write 649 bytes on handle 5)
2018-12-17T22:34:51.374202403Z 66 PC: 12ff4 | Move file pointer
2018-12-17T22:34:51.375831632Z 64 PC: 12fff | Write file or device (Write 234 bytes on handle 5)
2018-12-17T22:34:51.383426385Z 62 PC: 13003 | Close file
2018-12-17T22:34:51.38855815Z 79 PC: 12f92 | Find next file
2018-12-17T22:34:51.391463774Z 61 PC: 12fa0 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:34:51.398054749Z 63 PC: 12fac | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:34:51.40034569Z 66 PC: 12fcc | Move file pointer
2018-12-17T22:34:51.401768844Z 64 PC: 12fd7 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:34:51.404097486Z 66 PC: 12fe0 | Move file pointer
2018-12-17T22:34:51.405689004Z 64 PC: 12feb | Write file or device (Write 649 bytes on handle 5)
2018-12-17T22:34:51.414057615Z 66 PC: 12ff4 | Move file pointer
2018-12-17T22:34:51.41534194Z 64 PC: 12fff | Write file or device (Write 234 bytes on handle 5)
2018-12-17T22:34:51.424241852Z 62 PC: 13003 | Close file
2018-12-17T22:34:51.432279395Z 79 PC: 12f92 | Find next file
2018-12-17T22:34:51.434893397Z 61 PC: 12fa0 | Open file (Filename = 'PAH.COM')
2018-12-17T22:34:51.442477993Z 63 PC: 12fac | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:34:51.445189706Z 66 PC: 12fcc | Move file pointer
2018-12-17T22:34:51.446695903Z 64 PC: 12fd7 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:34:51.450531332Z 66 PC: 12fe0 | Move file pointer
2018-12-17T22:34:51.452057034Z 64 PC: 12feb | Write file or device (Write 649 bytes on handle 5)
2018-12-17T22:34:51.460145719Z 66 PC: 12ff4 | Move file pointer
2018-12-17T22:34:51.462753725Z 64 PC: 12fff | Write file or device (Write 234 bytes on handle 5)
2018-12-17T22:34:51.47111774Z 62 PC: 13003 | Close file
2018-12-17T22:34:51.47937904Z 79 PC: 12f92 | Find next file
2018-12-17T22:34:51.483100022Z 61 PC: 12fa0 | Open file (Filename = 'TEST.COM')
2018-12-17T22:34:51.489953816Z 63 PC: 12fac | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:34:51.49280552Z 66 PC: 12fcc | Move file pointer
2018-12-17T22:34:51.495516171Z 64 PC: 12fd7 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:34:51.498469761Z 66 PC: 12fe0 | Move file pointer
2018-12-17T22:34:51.500216099Z 64 PC: 12feb | Write file or device (Write 649 bytes on handle 5)
2018-12-17T22:34:51.510256564Z 66 PC: 12ff4 | Move file pointer
2018-12-17T22:34:51.511985292Z 64 PC: 12fff | Write file or device (Write 234 bytes on handle 5)
2018-12-17T22:34:51.514910751Z 62 PC: 13003 | Close file
2018-12-17T22:34:51.524267385Z 79 PC: 12f92 | Find next file
2018-12-17T22:34:51.526883248Z 42 PC: 12f2c | Get date 0x12f2c: cmp dl, 0x1e
0x12f2f: jne 0x12f7f
0x12f31: mov ah, 0x39
0x12f33: lea dx, word ptr [bp + 0x342]
0x12f37: int 0x21
0x12f39: mov ah, 9
0x12f3b: lea dx, word ptr [bp + 0x35b]
0x12f3f: int 0x21
0x12f41: mov ax, 0x3521
0x12f44: int 0x21
0x12f46: mov word ptr cs:[bp + 0x2f5], bx
0x12f4b: mov word ptr cs:[bp + 0x2f7], es
0x12f50: mov ax, 0x2521
0x12f53: lea dx, word ptr [bp + 0x162]
0x12f57: int 0x21
0x12f59: lea dx, word ptr [bp + 0x38c]
0x12f5d: int 0x27
0x12f5f: pushf
0x12f60: cmp ah, 0x4b
0x12f63: jne 0x12f7d
2018-12-17T22:34:51.52966807Z 26 PC: 12f86 | Set disk transfer address
2018-12-17T22:34:51.532033338Z 26 PC: 12baa | Set disk transfer address
2018-12-17T22:34:51.533407235Z 59 PC: 12bb2 | Change current directory
2018-12-17T22:34:51.535334189Z 78 PC: 12c1f | Find first file
2018-12-17T22:34:51.542196219Z 61 PC: 12c2d | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:34:51.549209756Z 63 PC: 12c39 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:34:51.551689421Z 66 PC: 12c59 | Move file pointer
2018-12-17T22:34:51.553684239Z 64 PC: 12c64 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:34:51.556222237Z 66 PC: 12c6d | Move file pointer
2018-12-17T22:34:51.557576798Z 64 PC: 12c78 | Write file or device (Write 649 bytes on handle 5)
2018-12-17T22:34:51.567270829Z 66 PC: 12c81 | Move file pointer
2018-12-17T22:34:51.568833387Z 64 PC: 12c8c | Write file or device (Write 234 bytes on handle 5)
2018-12-17T22:34:51.571688325Z 62 PC: 12c90 | Close file
2018-12-17T22:34:51.58098571Z 79 PC: 12c1f | Find next file
2018-12-17T22:34:51.583962227Z 61 PC: 12c2d | Open file (Filename = 'PRINT.COM')
2018-12-17T22:34:51.590362013Z 63 PC: 12c39 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:34:51.593555769Z 66 PC: 12c59 | Move file pointer
2018-12-17T22:34:51.595106697Z 64 PC: 12c64 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:34:51.597621749Z 66 PC: 12c6d | Move file pointer
2018-12-17T22:34:51.599599641Z 64 PC: 12c78 | Write file or device (Write 649 bytes on handle 5)
2018-12-17T22:34:51.60760359Z 66 PC: 12c81 | Move file pointer
2018-12-17T22:34:51.609258912Z 64 PC: 12c8c | Write file or device (Write 234 bytes on handle 5)
2018-12-17T22:34:51.613235046Z 62 PC: 12c90 | Close file
2018-12-17T22:34:51.621344899Z 79 PC: 12c1f | Find next file
2018-12-17T22:34:51.624095359Z 61 PC: 12c2d | Open file (Filename = 'HELLO.COM')
2018-12-17T22:34:51.630599036Z 63 PC: 12c39 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:34:51.633079975Z 66 PC: 12c59 | Move file pointer
2018-12-17T22:34:51.634844884Z 64 PC: 12c64 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:34:51.637474755Z 66 PC: 12c6d | Move file pointer
2018-12-17T22:34:51.638897133Z 64 PC: 12c78 | Write file or device (Write 649 bytes on handle 5)
2018-12-17T22:34:51.647398909Z 66 PC: 12c81 | Move file pointer
2018-12-17T22:34:51.649454588Z 64 PC: 12c8c | Write file or device (Write 234 bytes on handle 5)
2018-12-17T22:34:51.657124903Z 62 PC: 12c90 | Close file
2018-12-17T22:34:51.666050125Z 79 PC: 12c1f | Find next file
2018-12-17T22:34:51.668459234Z 61 PC: 12c2d | Open file (Filename = 'PHANG.COM')
2018-12-17T22:34:51.674523325Z 63 PC: 12c39 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:34:51.679593534Z 66 PC: 12c59 | Move file pointer
2018-12-17T22:34:51.680988924Z 64 PC: 12c64 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:34:51.68348097Z 66 PC: 12c6d | Move file pointer
2018-12-17T22:34:51.685523914Z 64 PC: 12c78 | Write file or device (Write 649 bytes on handle 5)
2018-12-17T22:34:51.69392609Z 66 PC: 12c81 | Move file pointer
2018-12-17T22:34:51.695696969Z 64 PC: 12c8c | Write file or device (Write 234 bytes on handle 5)
2018-12-17T22:34:51.69856291Z 62 PC: 12c90 | Close file
2018-12-17T22:34:51.706927258Z 79 PC: 12c1f | Find next file
2018-12-17T22:34:51.710373792Z 61 PC: 12c2d | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:34:51.716733981Z 63 PC: 12c39 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:34:51.719411426Z 66 PC: 12c59 | Move file pointer
2018-12-17T22:34:51.72136449Z 64 PC: 12c64 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:34:51.724020281Z 66 PC: 12c6d | Move file pointer
2018-12-17T22:34:51.725372081Z 64 PC: 12c78 | Write file or device (Write 649 bytes on handle 5)
2018-12-17T22:34:51.734332241Z 66 PC: 12c81 | Move file pointer
2018-12-17T22:34:51.735746215Z 64 PC: 12c8c | Write file or device (Write 234 bytes on handle 5)
2018-12-17T22:34:51.738297668Z 62 PC: 12c90 | Close file
2018-12-17T22:34:51.746667102Z 79 PC: 12c1f | Find next file
2018-12-17T22:34:51.749946117Z 61 PC: 12c2d | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:34:51.756562143Z 63 PC: 12c39 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:34:51.759545676Z 66 PC: 12c59 | Move file pointer
2018-12-17T22:34:51.761042478Z 64 PC: 12c64 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:34:51.76513302Z 66 PC: 12c6d | Move file pointer
2018-12-17T22:34:51.76649286Z 64 PC: 12c78 | Write file or device (Write 649 bytes on handle 5)
2018-12-17T22:34:51.774573749Z 66 PC: 12c81 | Move file pointer
2018-12-17T22:34:51.776533749Z 64 PC: 12c8c | Write file or device (Write 234 bytes on handle 5)
2018-12-17T22:34:51.779177382Z 62 PC: 12c90 | Close file
2018-12-17T22:34:51.786893799Z 79 PC: 12c1f | Find next file
2018-12-17T22:34:51.790334717Z 61 PC: 12c2d | Open file (Filename = 'PAH.COM')
2018-12-17T22:34:51.796492797Z 63 PC: 12c39 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:34:51.799125308Z 66 PC: 12c59 | Move file pointer
2018-12-17T22:34:51.801328963Z 64 PC: 12c64 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:34:51.80488858Z 66 PC: 12c6d | Move file pointer
2018-12-17T22:34:51.80672248Z 64 PC: 12c78 | Write file or device (Write 649 bytes on handle 5)
2018-12-17T22:34:51.814436974Z 66 PC: 12c81 | Move file pointer
2018-12-17T22:34:51.815754842Z 64 PC: 12c8c | Write file or device (Write 234 bytes on handle 5)
2018-12-17T22:34:51.820004369Z 62 PC: 12c90 | Close file
2018-12-17T22:34:51.827998051Z 79 PC: 12c1f | Find next file
2018-12-17T22:34:51.830404229Z 61 PC: 12c2d | Open file (Filename = 'TEST.COM')
2018-12-17T22:34:51.837086125Z 63 PC: 12c39 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:34:51.852665137Z 66 PC: 12c59 | Move file pointer
2018-12-17T22:34:51.853987771Z 64 PC: 12c64 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:34:51.857024518Z 66 PC: 12c6d | Move file pointer
2018-12-17T22:34:51.858612058Z 64 PC: 12c78 | Write file or device (Write 649 bytes on handle 5)
2018-12-17T22:34:51.86713405Z 66 PC: 12c81 | Move file pointer
2018-12-17T22:34:51.868540473Z 64 PC: 12c8c | Write file or device (Write 234 bytes on handle 5)
2018-12-17T22:34:51.87634661Z 62 PC: 12c90 | Close file
2018-12-17T22:34:51.885309252Z 79 PC: 12c1f | Find next file
2018-12-17T22:34:51.887742573Z 42 PC: 12bb9 | Get date 0x12bb9: cmp dl, 0x1e
0x12bbc: jne 0x12c0c
0x12bbe: mov ah, 0x39
0x12bc0: lea dx, word ptr [bp + 0x342]
0x12bc4: int 0x21
0x12bc6: mov ah, 9
0x12bc8: lea dx, word ptr [bp + 0x35b]
0x12bcc: int 0x21
0x12bce: mov ax, 0x3521
0x12bd1: int 0x21
0x12bd3: mov word ptr cs:[bp + 0x2f5], bx
0x12bd8: mov word ptr cs:[bp + 0x2f7], es
0x12bdd: mov ax, 0x2521
0x12be0: lea dx, word ptr [bp + 0x162]
0x12be4: int 0x21
0x12be6: lea dx, word ptr [bp + 0x38c]
0x12bea: int 0x27
0x12bec: pushf
0x12bed: cmp ah, 0x4b
0x12bf0: jne 0x12c0a
2018-12-17T22:34:51.889930529Z 26 PC: 12c13 | Set disk transfer address
2018-12-17T22:34:51.891778185Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-17T22:34:51.895769812Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6240,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:58:51.347344498Z 26 PC: 13603 | Set disk transfer address
2018-12-25T11:58:51.352728073Z 59 PC: 1360b | Change current directory
2018-12-25T11:58:51.354632843Z 78 PC: 13678 | Find first file
2018-12-25T11:58:51.361112319Z 61 PC: 13686 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:58:51.368223104Z 63 PC: 13692 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:58:51.375985423Z 66 PC: 136b2 | Move file pointer
2018-12-25T11:58:51.377051607Z 64 PC: 136bd | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:58:51.380165022Z 66 PC: 136c6 | Move file pointer
2018-12-25T11:58:51.382131869Z 64 PC: 136d1 | Write file or device (Write 649 bytes on handle 5)
2018-12-25T11:58:51.605540907Z 66 PC: 136da | Move file pointer
2018-12-25T11:58:51.611089386Z 64 PC: 136e5 | Write file or device (Write 234 bytes on handle 5)
2018-12-25T11:58:51.615193946Z 62 PC: 136e9 | Close file
2018-12-25T11:58:51.62609386Z 79 PC: 13678 | Find next file (See above)
2018-12-25T11:58:51.629331321Z 61 PC: 13686 | Open file (See above)
2018-12-25T11:58:51.637293871Z 63 PC: 13692 | Read file or device (See above)
2018-12-25T11:58:51.652762881Z 66 PC: 136b2 | Move file pointer (See above)
2018-12-25T11:58:51.655772704Z 64 PC: 136bd | Write file or device (See above)
2018-12-25T11:58:51.662755667Z 66 PC: 136c6 | Move file pointer (See above)
2018-12-25T11:58:51.668243827Z 64 PC: 136d1 | Write file or device (See above)
2018-12-25T11:58:51.678979135Z 66 PC: 136da | Move file pointer (See above)
2018-12-25T11:58:51.683092161Z 64 PC: 136e5 | Write file or device (See above)
2018-12-25T11:58:51.687301031Z 62 PC: 136e9 | Close file (See above)
2018-12-25T11:58:51.697724435Z 79 PC: 13678 | Find next file (See above)
2018-12-25T11:58:51.701115635Z 61 PC: 13686 | Open file (See above)
2018-12-25T11:58:51.710925562Z 63 PC: 13692 | Read file or device (See above)
2018-12-25T11:58:51.727323461Z 66 PC: 136b2 | Move file pointer (See above)
2018-12-25T11:58:51.729027987Z 64 PC: 136bd | Write file or device (See above)
2018-12-25T11:58:51.733751305Z 66 PC: 136c6 | Move file pointer (See above)
2018-12-25T11:58:51.735517527Z 64 PC: 136d1 | Write file or device (See above)
2018-12-25T11:58:51.745512394Z 66 PC: 136da | Move file pointer (See above)
2018-12-25T11:58:51.747877696Z 64 PC: 136e5 | Write file or device (See above)
2018-12-25T11:58:51.751219411Z 62 PC: 136e9 | Close file (See above)
2018-12-25T11:58:51.760897403Z 79 PC: 13678 | Find next file (See above)
2018-12-25T11:58:51.770257958Z 61 PC: 13686 | Open file (See above)
2018-12-25T11:58:51.780275396Z 63 PC: 13692 | Read file or device (See above)
2018-12-25T11:58:51.790281839Z 66 PC: 136b2 | Move file pointer (See above)
2018-12-25T11:58:51.793369886Z 64 PC: 136bd | Write file or device (See above)
2018-12-25T11:58:51.797422993Z 66 PC: 136c6 | Move file pointer (See above)
2018-12-25T11:58:51.799383961Z 64 PC: 136d1 | Write file or device (See above)
2018-12-25T11:58:51.812894883Z 66 PC: 136da | Move file pointer (See above)
2018-12-25T11:58:51.815316148Z 64 PC: 136e5 | Write file or device (See above)
2018-12-25T11:58:51.818623592Z 62 PC: 136e9 | Close file (See above)
2018-12-25T11:58:51.831718198Z 79 PC: 13678 | Find next file (See above)
2018-12-25T11:58:51.836216133Z 61 PC: 13686 | Open file (See above)
2018-12-25T11:58:51.844060452Z 63 PC: 13692 | Read file or device (See above)
2018-12-25T11:58:51.851641206Z 66 PC: 136b2 | Move file pointer (See above)
2018-12-25T11:58:51.854897792Z 64 PC: 136bd | Write file or device (See above)
2018-12-25T11:58:51.858336441Z 66 PC: 136c6 | Move file pointer (See above)
2018-12-25T11:58:51.860376906Z 64 PC: 136d1 | Write file or device (See above)
2018-12-25T11:58:51.870879866Z 66 PC: 136da | Move file pointer (See above)
2018-12-25T11:58:51.87344956Z 64 PC: 136e5 | Write file or device (See above)
2018-12-25T11:58:51.876860719Z 62 PC: 136e9 | Close file (See above)
2018-12-25T11:58:51.887234586Z 79 PC: 13678 | Find next file (See above)
2018-12-25T11:58:51.890860315Z 61 PC: 13686 | Open file (See above)
2018-12-25T11:58:51.899507208Z 63 PC: 13692 | Read file or device (See above)
2018-12-25T11:58:51.907684511Z 66 PC: 136b2 | Move file pointer (See above)
2018-12-25T11:58:51.91027264Z 64 PC: 136bd | Write file or device (See above)
2018-12-25T11:58:51.913693941Z 66 PC: 136c6 | Move file pointer (See above)
2018-12-25T11:58:51.915726864Z 64 PC: 136d1 | Write file or device (See above)
2018-12-25T11:58:51.927052632Z 66 PC: 136da | Move file pointer (See above)
2018-12-25T11:58:51.929142468Z 64 PC: 136e5 | Write file or device (See above)
2018-12-25T11:58:51.932571152Z 62 PC: 136e9 | Close file (See above)
2018-12-25T11:58:51.942684218Z 79 PC: 13678 | Find next file (See above)
2018-12-25T11:58:51.945933168Z 61 PC: 13686 | Open file (See above)
2018-12-25T11:58:51.953764411Z 63 PC: 13692 | Read file or device (See above)
2018-12-25T11:58:51.962293159Z 66 PC: 136b2 | Move file pointer (See above)
2018-12-25T11:58:51.964272369Z 64 PC: 136bd | Write file or device (See above)
2018-12-25T11:58:51.967617774Z 66 PC: 136c6 | Move file pointer (See above)
2018-12-25T11:58:51.970283206Z 64 PC: 136d1 | Write file or device (See above)
2018-12-25T11:58:51.980383321Z 66 PC: 136da | Move file pointer (See above)
2018-12-25T11:58:51.98226705Z 64 PC: 136e5 | Write file or device (See above)
2018-12-25T11:58:51.986585552Z 62 PC: 136e9 | Close file (See above)
2018-12-25T11:58:51.99562426Z 79 PC: 13678 | Find next file (See above)
2018-12-25T11:58:51.998481872Z 61 PC: 13686 | Open file (See above)
2018-12-25T11:58:52.010409257Z 63 PC: 13692 | Read file or device (See above)
2018-12-25T11:58:52.013859303Z 66 PC: 136b2 | Move file pointer (See above)
2018-12-25T11:58:52.01577511Z 64 PC: 136bd | Write file or device (See above)
2018-12-25T11:58:52.018966266Z 66 PC: 136c6 | Move file pointer (See above)
2018-12-25T11:58:52.022038439Z 64 PC: 136d1 | Write file or device (See above)
2018-12-25T11:58:52.031673541Z 66 PC: 136da | Move file pointer (See above)
2018-12-25T11:58:52.033351811Z 64 PC: 136e5 | Write file or device (See above)
2018-12-25T11:58:52.043138818Z 62 PC: 136e9 | Close file (See above)
2018-12-25T11:58:52.052437549Z 79 PC: 13678 | Find next file (See above)
2018-12-25T11:58:52.055042093Z 42 PC: 13612 | Get date 0x13612: cmp dl, 0x1e
0x13615: jne 0x13665
0x13617: mov ah, 0x39
0x13619: lea dx, word ptr [bp + 0x342]
0x1361d: int 0x21
0x1361f: mov ah, 9
0x13621: lea dx, word ptr [bp + 0x35b]
0x13625: int 0x21
0x13627: mov ax, 0x3521
0x1362a: int 0x21
0x1362c: mov word ptr cs:[bp + 0x2f5], bx
0x13631: mov word ptr cs:[bp + 0x2f7], es
0x13636: mov ax, 0x2521
0x13639: lea dx, word ptr [bp + 0x162]
0x1363d: int 0x21
0x1363f: lea dx, word ptr [bp + 0x38c]
0x13643: int 0x27
0x13645: pushf
0x13646: cmp ah, 0x4b
0x13649: jne 0x13663
2018-12-25T11:58:52.058252744Z 26 PC: 1366c | Set disk transfer address
2018-12-25T11:58:52.05947934Z 26 PC: 13290 | Set disk transfer address
2018-12-25T11:58:52.060732987Z 59 PC: 13298 | Change current directory
2018-12-25T11:58:52.063638353Z 78 PC: 13305 | Find first file
2018-12-25T11:58:52.070371977Z 61 PC: 13313 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:58:52.078056146Z 63 PC: 1331f | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:58:52.086274955Z 66 PC: 1333f | Move file pointer
2018-12-25T11:58:52.088243697Z 64 PC: 1334a | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:58:52.091571729Z 66 PC: 13353 | Move file pointer
2018-12-25T11:58:52.093539004Z 64 PC: 1335e | Write file or device (Write 649 bytes on handle 5)
2018-12-25T11:58:52.105331061Z 66 PC: 13367 | Move file pointer
2018-12-25T11:58:52.107332232Z 64 PC: 13372 | Write file or device (Write 234 bytes on handle 5)
2018-12-25T11:58:52.117082111Z 62 PC: 13376 | Close file
2018-12-25T11:58:52.127711801Z 79 PC: 13305 | Find next file (See above)
2018-12-25T11:58:52.131074613Z 61 PC: 13313 | Open file (See above)
2018-12-25T11:58:52.138847848Z 63 PC: 1331f | Read file or device (See above)
2018-12-25T11:58:52.147957923Z 66 PC: 1333f | Move file pointer (See above)
2018-12-25T11:58:52.150395352Z 64 PC: 1334a | Write file or device (See above)
2018-12-25T11:58:52.153746446Z 66 PC: 13353 | Move file pointer (See above)
2018-12-25T11:58:52.15658011Z 64 PC: 1335e | Write file or device (See above)
2018-12-25T11:58:52.167300207Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:58:52.168836794Z 64 PC: 13372 | Write file or device (See above)
2018-12-25T11:58:52.171979706Z 62 PC: 13376 | Close file (See above)
2018-12-25T11:58:52.181957675Z 79 PC: 13305 | Find next file (See above)
2018-12-25T11:58:52.184894651Z 61 PC: 13313 | Open file (See above)
2018-12-25T11:58:52.192224155Z 63 PC: 1331f | Read file or device (See above)
2018-12-25T11:58:52.200608422Z 66 PC: 1333f | Move file pointer (See above)
2018-12-25T11:58:52.202210068Z 64 PC: 1334a | Write file or device (See above)
2018-12-25T11:58:52.205384818Z 66 PC: 13353 | Move file pointer (See above)
2018-12-25T11:58:52.207916515Z 64 PC: 1335e | Write file or device (See above)
2018-12-25T11:58:52.222714554Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:58:52.224774187Z 64 PC: 13372 | Write file or device (See above)
2018-12-25T11:58:52.22996099Z 62 PC: 13376 | Close file (See above)
2018-12-25T11:58:52.239921356Z 79 PC: 13305 | Find next file (See above)
2018-12-25T11:58:52.243646334Z 61 PC: 13313 | Open file (See above)
2018-12-25T11:58:52.252647071Z 63 PC: 1331f | Read file or device (See above)
2018-12-25T11:58:52.260655925Z 66 PC: 1333f | Move file pointer (See above)
2018-12-25T11:58:52.262679318Z 64 PC: 1334a | Write file or device (See above)
2018-12-25T11:58:52.266571427Z 66 PC: 13353 | Move file pointer (See above)
2018-12-25T11:58:52.269566616Z 64 PC: 1335e | Write file or device (See above)
2018-12-25T11:58:52.280063246Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:58:52.28210373Z 64 PC: 13372 | Write file or device (See above)
2018-12-25T11:58:52.286746188Z 62 PC: 13376 | Close file (See above)
2018-12-25T11:58:52.296909755Z 79 PC: 13305 | Find next file (See above)
2018-12-25T11:58:52.300058049Z 61 PC: 13313 | Open file (See above)
2018-12-25T11:58:52.308432052Z 63 PC: 1331f | Read file or device (See above)
2018-12-25T11:58:52.317788422Z 66 PC: 1333f | Move file pointer (See above)
2018-12-25T11:58:52.319777802Z 64 PC: 1334a | Write file or device (See above)
2018-12-25T11:58:52.324010345Z 66 PC: 13353 | Move file pointer (See above)
2018-12-25T11:58:52.325584783Z 64 PC: 1335e | Write file or device (See above)
2018-12-25T11:58:52.336766536Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:58:52.339655039Z 64 PC: 13372 | Write file or device (See above)
2018-12-25T11:58:52.343414157Z 62 PC: 13376 | Close file (See above)
2018-12-25T11:58:52.35377933Z 79 PC: 13305 | Find next file (See above)
2018-12-25T11:58:52.358046516Z 61 PC: 13313 | Open file (See above)
2018-12-25T11:58:52.366832689Z 63 PC: 1331f | Read file or device (See above)
2018-12-25T11:58:52.376204551Z 66 PC: 1333f | Move file pointer (See above)
2018-12-25T11:58:52.378552066Z 64 PC: 1334a | Write file or device (See above)
2018-12-25T11:58:52.381661542Z 66 PC: 13353 | Move file pointer (See above)
2018-12-25T11:58:52.383145612Z 64 PC: 1335e | Write file or device (See above)
2018-12-25T11:58:52.393310854Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:58:52.39553616Z 64 PC: 13372 | Write file or device (See above)
2018-12-25T11:58:52.404464177Z 62 PC: 13376 | Close file (See above)
2018-12-25T11:58:52.415760173Z 79 PC: 13305 | Find next file (See above)
2018-12-25T11:58:52.419008977Z 61 PC: 13313 | Open file (See above)
2018-12-25T11:58:52.42683514Z 63 PC: 1331f | Read file or device (See above)
2018-12-25T11:58:52.43495611Z 66 PC: 1333f | Move file pointer (See above)
2018-12-25T11:58:52.436714138Z 64 PC: 1334a | Write file or device (See above)
2018-12-25T11:58:52.439901262Z 66 PC: 13353 | Move file pointer (See above)
2018-12-25T11:58:52.442392286Z 64 PC: 1335e | Write file or device (See above)
2018-12-25T11:58:52.452579687Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:58:52.454912899Z 64 PC: 13372 | Write file or device (See above)
2018-12-25T11:58:52.459449043Z 62 PC: 13376 | Close file (See above)
2018-12-25T11:58:52.469089848Z 79 PC: 13305 | Find next file (See above)
2018-12-25T11:58:52.472873209Z 61 PC: 13313 | Open file (See above)
2018-12-25T11:58:52.480972014Z 63 PC: 1331f | Read file or device (See above)
2018-12-25T11:58:52.484973441Z 66 PC: 1333f | Move file pointer (See above)
2018-12-25T11:58:52.486929739Z 64 PC: 1334a | Write file or device (See above)
2018-12-25T11:58:52.490373676Z 66 PC: 13353 | Move file pointer (See above)
2018-12-25T11:58:52.493226329Z 64 PC: 1335e | Write file or device (See above)
2018-12-25T11:58:52.503454527Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:58:52.505734889Z 64 PC: 13372 | Write file or device (See above)
2018-12-25T11:58:52.510351301Z 62 PC: 13376 | Close file (See above)
2018-12-25T11:58:52.519769201Z 79 PC: 13305 | Find next file (See above)
2018-12-25T11:58:52.52301701Z 42 PC: 1329f | Get date 0x1329f: cmp dl, 0x1e
0x132a2: jne 0x132f2
0x132a4: mov ah, 0x39
0x132a6: lea dx, word ptr [bp + 0x342]
0x132aa: int 0x21
0x132ac: mov ah, 9
0x132ae: lea dx, word ptr [bp + 0x35b]
0x132b2: int 0x21
0x132b4: mov ax, 0x3521
0x132b7: int 0x21
0x132b9: mov word ptr cs:[bp + 0x2f5], bx
0x132be: mov word ptr cs:[bp + 0x2f7], es
0x132c3: mov ax, 0x2521
0x132c6: lea dx, word ptr [bp + 0x162]
0x132ca: int 0x21
0x132cc: lea dx, word ptr [bp + 0x38c]
0x132d0: int 0x27
0x132d2: pushf
0x132d3: cmp ah, 0x4b
0x132d6: jne 0x132f0
2018-12-25T11:58:52.526186945Z 26 PC: 132f9 | Set disk transfer address
2018-12-25T11:58:52.52751081Z 26 PC: 12f1d | Set disk transfer address
2018-12-25T11:58:52.528912367Z 59 PC: 12f25 | Change current directory
2018-12-25T11:58:52.5324997Z 78 PC: 12f92 | Find first file
2018-12-25T11:58:52.53963862Z 61 PC: 12fa0 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:58:52.547098537Z 63 PC: 12fac | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:58:52.550602609Z 66 PC: 12fcc | Move file pointer
2018-12-25T11:58:52.552048569Z 64 PC: 12fd7 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:58:52.55498132Z 66 PC: 12fe0 | Move file pointer
2018-12-25T11:58:52.557311692Z 64 PC: 12feb | Write file or device (Write 649 bytes on handle 5)
2018-12-25T11:58:52.566800112Z 66 PC: 12ff4 | Move file pointer
2018-12-25T11:58:52.569209388Z 64 PC: 12fff | Write file or device (Write 234 bytes on handle 5)
2018-12-25T11:58:52.572909803Z 62 PC: 13003 | Close file
2018-12-25T11:58:52.582433922Z 79 PC: 12f92 | Find next file (See above)
2018-12-25T11:58:52.58581658Z 61 PC: 12fa0 | Open file (See above)
2018-12-25T11:58:52.593797104Z 63 PC: 12fac | Read file or device (See above)
2018-12-25T11:58:52.596980017Z 66 PC: 12fcc | Move file pointer (See above)
2018-12-25T11:58:52.598736945Z 64 PC: 12fd7 | Write file or device (See above)
2018-12-25T11:58:52.602196377Z 66 PC: 12fe0 | Move file pointer (See above)
2018-12-25T11:58:52.603582178Z 64 PC: 12feb | Write file or device (See above)
2018-12-25T11:58:52.613820814Z 66 PC: 12ff4 | Move file pointer (See above)
2018-12-25T11:58:52.616307808Z 64 PC: 12fff | Write file or device (See above)
2018-12-25T11:58:52.626130452Z 62 PC: 13003 | Close file (See above)
2018-12-25T11:58:52.63590347Z 79 PC: 12f92 | Find next file (See above)
2018-12-25T11:58:52.640137263Z 61 PC: 12fa0 | Open file (See above)
2018-12-25T11:58:52.648183023Z 63 PC: 12fac | Read file or device (See above)
2018-12-25T11:58:52.651485454Z 66 PC: 12fcc | Move file pointer (See above)
2018-12-25T11:58:52.65446977Z 64 PC: 12fd7 | Write file or device (See above)
2018-12-25T11:58:52.658482782Z 66 PC: 12fe0 | Move file pointer (See above)
2018-12-25T11:58:52.660481625Z 64 PC: 12feb | Write file or device (See above)
2018-12-25T11:58:52.670577316Z 66 PC: 12ff4 | Move file pointer (See above)
2018-12-25T11:58:52.672309992Z 64 PC: 12fff | Write file or device (See above)
2018-12-25T11:58:52.682317268Z 62 PC: 13003 | Close file (See above)
2018-12-25T11:58:52.693825142Z 79 PC: 12f92 | Find next file (See above)
2018-12-25T11:58:52.697054414Z 61 PC: 12fa0 | Open file (See above)
2018-12-25T11:58:52.705950192Z 63 PC: 12fac | Read file or device (See above)
2018-12-25T11:58:52.709913543Z 66 PC: 12fcc | Move file pointer (See above)
2018-12-25T11:58:52.711706026Z 64 PC: 12fd7 | Write file or device (See above)
2018-12-25T11:58:52.715163193Z 66 PC: 12fe0 | Move file pointer (See above)
2018-12-25T11:58:52.717816296Z 64 PC: 12feb | Write file or device (See above)
2018-12-25T11:58:52.727354552Z 66 PC: 12ff4 | Move file pointer (See above)
2018-12-25T11:58:52.729286206Z 64 PC: 12fff | Write file or device (See above)
2018-12-25T11:58:52.739603124Z 62 PC: 13003 | Close file (See above)
2018-12-25T11:58:52.749373168Z 79 PC: 12f92 | Find next file (See above)
2018-12-25T11:58:52.752434559Z 61 PC: 12fa0 | Open file (See above)
2018-12-25T11:58:52.759935349Z 63 PC: 12fac | Read file or device (See above)
2018-12-25T11:58:52.763394292Z 66 PC: 12fcc | Move file pointer (See above)
2018-12-25T11:58:52.764988657Z 64 PC: 12fd7 | Write file or device (See above)
2018-12-25T11:58:52.768782849Z 66 PC: 12fe0 | Move file pointer (See above)
2018-12-25T11:58:52.77067652Z 64 PC: 12feb | Write file or device (See above)
2018-12-25T11:58:52.779612949Z 66 PC: 12ff4 | Move file pointer (See above)
2018-12-25T11:58:52.781666153Z 64 PC: 12fff | Write file or device (See above)
2018-12-25T11:58:52.791269317Z 62 PC: 13003 | Close file (See above)
2018-12-25T11:58:52.800313848Z 79 PC: 12f92 | Find next file (See above)
2018-12-25T11:58:52.803593303Z 61 PC: 12fa0 | Open file (See above)
2018-12-25T11:58:52.811348628Z 63 PC: 12fac | Read file or device (See above)
2018-12-25T11:58:52.814347979Z 66 PC: 12fcc | Move file pointer (See above)
2018-12-25T11:58:52.817314883Z 64 PC: 12fd7 | Write file or device (See above)
2018-12-25T11:58:52.82064006Z 66 PC: 12fe0 | Move file pointer (See above)
2018-12-25T11:58:52.82259102Z 64 PC: 12feb | Write file or device (See above)
2018-12-25T11:58:52.832236283Z 66 PC: 12ff4 | Move file pointer (See above)
2018-12-25T11:58:52.83446015Z 64 PC: 12fff | Write file or device (See above)
2018-12-25T11:58:52.844389412Z 62 PC: 13003 | Close file (See above)
2018-12-25T11:58:52.853614733Z 79 PC: 12f92 | Find next file (See above)
2018-12-25T11:58:52.857294571Z 61 PC: 12fa0 | Open file (See above)
2018-12-25T11:58:52.864830017Z 63 PC: 12fac | Read file or device (See above)
2018-12-25T11:58:52.868040656Z 66 PC: 12fcc | Move file pointer (See above)
2018-12-25T11:58:52.870808485Z 64 PC: 12fd7 | Write file or device (See above)
2018-12-25T11:58:52.873840577Z 66 PC: 12fe0 | Move file pointer (See above)
2018-12-25T11:58:52.87598295Z 64 PC: 12feb | Write file or device (See above)
2018-12-25T11:58:52.92365181Z 66 PC: 12ff4 | Move file pointer (See above)
2018-12-25T11:58:52.924971167Z 64 PC: 12fff | Write file or device (See above)
2018-12-25T11:58:52.954552281Z 62 PC: 13003 | Close file (See above)
2018-12-25T11:58:52.995101198Z 79 PC: 12f92 | Find next file (See above)
2018-12-25T11:58:52.997962318Z 61 PC: 12fa0 | Open file (See above)
2018-12-25T11:58:53.005126887Z 63 PC: 12fac | Read file or device (See above)
2018-12-25T11:58:53.008414248Z 66 PC: 12fcc | Move file pointer (See above)
2018-12-25T11:58:53.01003074Z 64 PC: 12fd7 | Write file or device (See above)
2018-12-25T11:58:53.012897267Z 66 PC: 12fe0 | Move file pointer (See above)
2018-12-25T11:58:53.014983637Z 64 PC: 12feb | Write file or device (See above)
2018-12-25T11:58:53.249039374Z 66 PC: 12ff4 | Move file pointer (See above)
2018-12-25T11:58:53.250780985Z 64 PC: 12fff | Write file or device (See above)
2018-12-25T11:58:53.253154662Z 62 PC: 13003 | Close file (See above)
2018-12-25T11:58:53.373042651Z 79 PC: 12f92 | Find next file (See above)
2018-12-25T11:58:53.376189362Z 42 PC: 12f2c | Get date 0x12f2c: cmp dl, 0x1e
0x12f2f: jne 0x12f7f
0x12f31: mov ah, 0x39
0x12f33: lea dx, word ptr [bp + 0x342]
0x12f37: int 0x21
0x12f39: mov ah, 9
0x12f3b: lea dx, word ptr [bp + 0x35b]
0x12f3f: int 0x21
0x12f41: mov ax, 0x3521
0x12f44: int 0x21
0x12f46: mov word ptr cs:[bp + 0x2f5], bx
0x12f4b: mov word ptr cs:[bp + 0x2f7], es
0x12f50: mov ax, 0x2521
0x12f53: lea dx, word ptr [bp + 0x162]
0x12f57: int 0x21
0x12f59: lea dx, word ptr [bp + 0x38c]
0x12f5d: int 0x27
0x12f5f: pushf
0x12f60: cmp ah, 0x4b
0x12f63: jne 0x12f7d
2018-12-25T11:58:53.380309639Z 26 PC: 12f86 | Set disk transfer address
2018-12-25T11:58:53.382627086Z 26 PC: 12baa | Set disk transfer address
2018-12-25T11:58:53.38441357Z 59 PC: 12bb2 | Change current directory
2018-12-25T11:58:53.388099477Z 78 PC: 12c1f | Find first file
2018-12-25T11:58:53.394878085Z 61 PC: 12c2d | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:58:53.403091153Z 63 PC: 12c39 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:58:53.407427282Z 66 PC: 12c59 | Move file pointer
2018-12-25T11:58:53.409047158Z 64 PC: 12c64 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:58:53.412043169Z 66 PC: 12c6d | Move file pointer
2018-12-25T11:58:53.414821337Z 64 PC: 12c78 | Write file or device (Write 649 bytes on handle 5)
2018-12-25T11:58:53.501378332Z 66 PC: 12c81 | Move file pointer
2018-12-25T11:58:53.50389825Z 64 PC: 12c8c | Write file or device (Write 234 bytes on handle 5)
2018-12-25T11:58:53.508107413Z 62 PC: 12c90 | Close file
2018-12-25T11:58:53.647991015Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:58:53.650798759Z 61 PC: 12c2d | Open file (See above)
2018-12-25T11:58:53.659971926Z 63 PC: 12c39 | Read file or device (See above)
2018-12-25T11:58:53.664148323Z 66 PC: 12c59 | Move file pointer (See above)
2018-12-25T11:58:53.666037794Z 64 PC: 12c64 | Write file or device (See above)
2018-12-25T11:58:53.669652069Z 66 PC: 12c6d | Move file pointer (See above)
2018-12-25T11:58:53.671110303Z 64 PC: 12c78 | Write file or device (See above)
2018-12-25T11:58:53.787576016Z 66 PC: 12c81 | Move file pointer (See above)
2018-12-25T11:58:53.796335869Z 64 PC: 12c8c | Write file or device (See above)
2018-12-25T11:58:53.800954091Z 62 PC: 12c90 | Close file (See above)
2018-12-25T11:58:54.057567289Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:58:54.061826938Z 61 PC: 12c2d | Open file (See above)
2018-12-25T11:58:54.071161921Z 63 PC: 12c39 | Read file or device (See above)
2018-12-25T11:58:54.074463646Z 66 PC: 12c59 | Move file pointer (See above)
2018-12-25T11:58:54.07761322Z 64 PC: 12c64 | Write file or device (See above)
2018-12-25T11:58:54.080958342Z 66 PC: 12c6d | Move file pointer (See above)
2018-12-25T11:58:54.082884624Z 64 PC: 12c78 | Write file or device (See above)
2018-12-25T11:58:54.188920541Z 66 PC: 12c81 | Move file pointer (See above)
2018-12-25T11:58:54.190902216Z 64 PC: 12c8c | Write file or device (See above)
2018-12-25T11:58:54.200139127Z 62 PC: 12c90 | Close file (See above)
2018-12-25T11:58:54.213327209Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:58:54.216658574Z 61 PC: 12c2d | Open file (See above)
2018-12-25T11:58:54.222845569Z 63 PC: 12c39 | Read file or device (See above)
2018-12-25T11:58:54.228262351Z 66 PC: 12c59 | Move file pointer (See above)
2018-12-25T11:58:54.229785084Z 64 PC: 12c64 | Write file or device (See above)
2018-12-25T11:58:54.232615783Z 66 PC: 12c6d | Move file pointer (See above)
2018-12-25T11:58:54.236575067Z 64 PC: 12c78 | Write file or device (See above)
2018-12-25T11:58:54.244541429Z 66 PC: 12c81 | Move file pointer (See above)
2018-12-25T11:58:54.246251767Z 64 PC: 12c8c | Write file or device (See above)
2018-12-25T11:58:54.249864504Z 62 PC: 12c90 | Close file (See above)
2018-12-25T11:58:54.257485151Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:58:54.260505412Z 61 PC: 12c2d | Open file (See above)
2018-12-25T11:58:54.268129603Z 63 PC: 12c39 | Read file or device (See above)
2018-12-25T11:58:54.270981037Z 66 PC: 12c59 | Move file pointer (See above)
2018-12-25T11:58:54.273473197Z 64 PC: 12c64 | Write file or device (See above)
2018-12-25T11:58:54.276539839Z 66 PC: 12c6d | Move file pointer (See above)
2018-12-25T11:58:54.278013376Z 64 PC: 12c78 | Write file or device (See above)
2018-12-25T11:58:54.286119607Z 66 PC: 12c81 | Move file pointer (See above)
2018-12-25T11:58:54.287838706Z 64 PC: 12c8c | Write file or device (See above)
2018-12-25T11:58:54.290462326Z 62 PC: 12c90 | Close file (See above)
2018-12-25T11:58:54.297873774Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:58:54.30152969Z 61 PC: 12c2d | Open file (See above)
2018-12-25T11:58:54.307538933Z 63 PC: 12c39 | Read file or device (See above)
2018-12-25T11:58:54.310510394Z 66 PC: 12c59 | Move file pointer (See above)
2018-12-25T11:58:54.311833608Z 64 PC: 12c64 | Write file or device (See above)
2018-12-25T11:58:54.31434106Z 66 PC: 12c6d | Move file pointer (See above)
2018-12-25T11:58:54.316726741Z 64 PC: 12c78 | Write file or device (See above)
2018-12-25T11:58:54.324425597Z 66 PC: 12c81 | Move file pointer (See above)
2018-12-25T11:58:54.325916222Z 64 PC: 12c8c | Write file or device (See above)
2018-12-25T11:58:54.329495468Z 62 PC: 12c90 | Close file (See above)
2018-12-25T11:58:54.337048089Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:58:54.339511309Z 61 PC: 12c2d | Open file (See above)
2018-12-25T11:58:54.347010711Z 63 PC: 12c39 | Read file or device (See above)
2018-12-25T11:58:54.349373464Z 66 PC: 12c59 | Move file pointer (See above)
2018-12-25T11:58:54.351493827Z 64 PC: 12c64 | Write file or device (See above)
2018-12-25T11:58:54.354443309Z 66 PC: 12c6d | Move file pointer (See above)
2018-12-25T11:58:54.355899486Z 64 PC: 12c78 | Write file or device (See above)
2018-12-25T11:58:54.3632506Z 66 PC: 12c81 | Move file pointer (See above)
2018-12-25T11:58:54.365350046Z 64 PC: 12c8c | Write file or device (See above)
2018-12-25T11:58:54.368028241Z 62 PC: 12c90 | Close file (See above)
2018-12-25T11:58:54.375463213Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:58:54.378109668Z 61 PC: 12c2d | Open file (See above)
2018-12-25T11:58:54.383843452Z 63 PC: 12c39 | Read file or device (See above)
2018-12-25T11:58:54.386396738Z 66 PC: 12c59 | Move file pointer (See above)
2018-12-25T11:58:54.388131237Z 64 PC: 12c64 | Write file or device (See above)
2018-12-25T11:58:54.390508787Z 66 PC: 12c6d | Move file pointer (See above)
2018-12-25T11:58:54.393137392Z 64 PC: 12c78 | Write file or device (See above)
2018-12-25T11:58:54.400476869Z 66 PC: 12c81 | Move file pointer (See above)
2018-12-25T11:58:54.401895154Z 64 PC: 12c8c | Write file or device (See above)
2018-12-25T11:58:54.410320102Z 62 PC: 12c90 | Close file (See above)
2018-12-25T11:58:54.418157094Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:58:54.4205206Z 42 PC: 12bb9 | Get date 0x12bb9: cmp dl, 0x1e
0x12bbc: jne 0x12c0c
0x12bbe: mov ah, 0x39
0x12bc0: lea dx, word ptr [bp + 0x342]
0x12bc4: int 0x21
0x12bc6: mov ah, 9
0x12bc8: lea dx, word ptr [bp + 0x35b]
0x12bcc: int 0x21
0x12bce: mov ax, 0x3521
0x12bd1: int 0x21
0x12bd3: mov word ptr cs:[bp + 0x2f5], bx
0x12bd8: mov word ptr cs:[bp + 0x2f7], es
0x12bdd: mov ax, 0x2521
0x12be0: lea dx, word ptr [bp + 0x162]
0x12be4: int 0x21
0x12be6: lea dx, word ptr [bp + 0x38c]
0x12bea: int 0x27
0x12bec: pushf
0x12bed: cmp ah, 0x4b
0x12bf0: jne 0x12c0a
2018-12-25T11:58:54.423623303Z 26 PC: 12c13 | Set disk transfer address
2018-12-25T11:58:54.424719041Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T11:58:54.429570196Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6240,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:58:53.63493284Z 26 PC: 13603 | Set disk transfer address
2018-12-25T11:58:53.63748905Z 59 PC: 1360b | Change current directory
2018-12-25T11:58:53.641257522Z 78 PC: 13678 | Find first file
2018-12-25T11:58:53.647094674Z 61 PC: 13686 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:58:53.654476839Z 63 PC: 13692 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:58:53.661119946Z 66 PC: 136b2 | Move file pointer
2018-12-25T11:58:53.662853953Z 64 PC: 136bd | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:58:53.666527344Z 66 PC: 136c6 | Move file pointer
2018-12-25T11:58:53.668206307Z 64 PC: 136d1 | Write file or device (Write 649 bytes on handle 5)
2018-12-25T11:58:53.683053807Z 66 PC: 136da | Move file pointer
2018-12-25T11:58:53.684794584Z 64 PC: 136e5 | Write file or device (Write 234 bytes on handle 5)
2018-12-25T11:58:53.687969673Z 62 PC: 136e9 | Close file
2018-12-25T11:58:53.697622139Z 79 PC: 13678 | Find next file (See above)
2018-12-25T11:58:53.700627277Z 61 PC: 13686 | Open file (See above)
2018-12-25T11:58:53.708745267Z 63 PC: 13692 | Read file or device (See above)
2018-12-25T11:58:53.715511069Z 66 PC: 136b2 | Move file pointer (See above)
2018-12-25T11:58:53.717197305Z 64 PC: 136bd | Write file or device (See above)
2018-12-25T11:58:53.72134492Z 66 PC: 136c6 | Move file pointer (See above)
2018-12-25T11:58:53.722965416Z 64 PC: 136d1 | Write file or device (See above)
2018-12-25T11:58:53.730942765Z 66 PC: 136da | Move file pointer (See above)
2018-12-25T11:58:53.733276929Z 64 PC: 136e5 | Write file or device (See above)
2018-12-25T11:58:53.735918094Z 62 PC: 136e9 | Close file (See above)
2018-12-25T11:58:53.750662808Z 79 PC: 13678 | Find next file (See above)
2018-12-25T11:58:53.76551013Z 61 PC: 13686 | Open file (See above)
2018-12-25T11:58:53.77318789Z 63 PC: 13692 | Read file or device (See above)
2018-12-25T11:58:53.779515132Z 66 PC: 136b2 | Move file pointer (See above)
2018-12-25T11:58:53.780799113Z 64 PC: 136bd | Write file or device (See above)
2018-12-25T11:58:53.78392107Z 66 PC: 136c6 | Move file pointer (See above)
2018-12-25T11:58:53.785357643Z 64 PC: 136d1 | Write file or device (See above)
2018-12-25T11:58:53.793480485Z 66 PC: 136da | Move file pointer (See above)
2018-12-25T11:58:53.795873487Z 64 PC: 136e5 | Write file or device (See above)
2018-12-25T11:58:53.798539419Z 62 PC: 136e9 | Close file (See above)
2018-12-25T11:58:53.806520841Z 79 PC: 13678 | Find next file (See above)
2018-12-25T11:58:53.809999384Z 61 PC: 13686 | Open file (See above)
2018-12-25T11:58:53.816584395Z 63 PC: 13692 | Read file or device (See above)
2018-12-25T11:58:53.823258102Z 66 PC: 136b2 | Move file pointer (See above)
2018-12-25T11:58:53.825764221Z 64 PC: 136bd | Write file or device (See above)
2018-12-25T11:58:53.828731209Z 66 PC: 136c6 | Move file pointer (See above)
2018-12-25T11:58:53.830811462Z 64 PC: 136d1 | Write file or device (See above)
2018-12-25T11:58:53.839652212Z 66 PC: 136da | Move file pointer (See above)
2018-12-25T11:58:53.841016075Z 64 PC: 136e5 | Write file or device (See above)
2018-12-25T11:58:53.843567582Z 62 PC: 136e9 | Close file (See above)
2018-12-25T11:58:53.854102301Z 79 PC: 13678 | Find next file (See above)
2018-12-25T11:58:53.856931722Z 61 PC: 13686 | Open file (See above)
2018-12-25T11:58:53.86615957Z 63 PC: 13692 | Read file or device (See above)
2018-12-25T11:58:53.873900642Z 66 PC: 136b2 | Move file pointer (See above)
2018-12-25T11:58:53.875783302Z 64 PC: 136bd | Write file or device (See above)
2018-12-25T11:58:53.878611006Z 66 PC: 136c6 | Move file pointer (See above)
2018-12-25T11:58:53.88098503Z 64 PC: 136d1 | Write file or device (See above)
2018-12-25T11:58:53.889097045Z 66 PC: 136da | Move file pointer (See above)
2018-12-25T11:58:53.890783742Z 64 PC: 136e5 | Write file or device (See above)
2018-12-25T11:58:53.895161021Z 62 PC: 136e9 | Close file (See above)
2018-12-25T11:58:53.905500164Z 79 PC: 13678 | Find next file (See above)
2018-12-25T11:58:53.908063128Z 61 PC: 13686 | Open file (See above)
2018-12-25T11:58:53.915356012Z 63 PC: 13692 | Read file or device (See above)
2018-12-25T11:58:53.922074506Z 66 PC: 136b2 | Move file pointer (See above)
2018-12-25T11:58:53.923455Z 64 PC: 136bd | Write file or device (See above)
2018-12-25T11:58:53.926432865Z 66 PC: 136c6 | Move file pointer (See above)
2018-12-25T11:58:53.928866058Z 64 PC: 136d1 | Write file or device (See above)
2018-12-25T11:58:53.937500059Z 66 PC: 136da | Move file pointer (See above)
2018-12-25T11:58:53.939100523Z 64 PC: 136e5 | Write file or device (See above)
2018-12-25T11:58:53.942941259Z 62 PC: 136e9 | Close file (See above)
2018-12-25T11:58:53.950915901Z 79 PC: 13678 | Find next file (See above)
2018-12-25T11:58:53.953675597Z 61 PC: 13686 | Open file (See above)
2018-12-25T11:58:53.961998787Z 63 PC: 13692 | Read file or device (See above)
2018-12-25T11:58:53.968515538Z 66 PC: 136b2 | Move file pointer (See above)
2018-12-25T11:58:53.970080454Z 64 PC: 136bd | Write file or device (See above)
2018-12-25T11:58:53.973935856Z 66 PC: 136c6 | Move file pointer (See above)
2018-12-25T11:58:53.9751162Z 64 PC: 136d1 | Write file or device (See above)
2018-12-25T11:58:53.980918878Z 66 PC: 136da | Move file pointer (See above)
2018-12-25T11:58:53.983410176Z 64 PC: 136e5 | Write file or device (See above)
2018-12-25T11:58:53.986851999Z 62 PC: 136e9 | Close file (See above)
2018-12-25T11:58:53.99514134Z 79 PC: 13678 | Find next file (See above)
2018-12-25T11:58:53.997602583Z 61 PC: 13686 | Open file (See above)
2018-12-25T11:58:54.004284182Z 63 PC: 13692 | Read file or device (See above)
2018-12-25T11:58:54.007183129Z 66 PC: 136b2 | Move file pointer (See above)
2018-12-25T11:58:54.009599466Z 64 PC: 136bd | Write file or device (See above)
2018-12-25T11:58:54.012150501Z 66 PC: 136c6 | Move file pointer (See above)
2018-12-25T11:58:54.013890958Z 64 PC: 136d1 | Write file or device (See above)
2018-12-25T11:58:54.02125111Z 66 PC: 136da | Move file pointer (See above)
2018-12-25T11:58:54.022459102Z 64 PC: 136e5 | Write file or device (See above)
2018-12-25T11:58:54.027442986Z 62 PC: 136e9 | Close file (See above)
2018-12-25T11:58:54.035974934Z 79 PC: 13678 | Find next file (See above)
2018-12-25T11:58:54.038990687Z 42 PC: 13612 | Get date 0x13612: cmp dl, 0x1e
0x13615: jne 0x13665
0x13617: mov ah, 0x39
0x13619: lea dx, word ptr [bp + 0x342]
0x1361d: int 0x21
0x1361f: mov ah, 9
0x13621: lea dx, word ptr [bp + 0x35b]
0x13625: int 0x21
0x13627: mov ax, 0x3521
0x1362a: int 0x21
0x1362c: mov word ptr cs:[bp + 0x2f5], bx
0x13631: mov word ptr cs:[bp + 0x2f7], es
0x13636: mov ax, 0x2521
0x13639: lea dx, word ptr [bp + 0x162]
0x1363d: int 0x21
0x1363f: lea dx, word ptr [bp + 0x38c]
0x13643: int 0x27
0x13645: pushf
0x13646: cmp ah, 0x4b
0x13649: jne 0x13663
2018-12-25T11:58:54.041216633Z 26 PC: 1366c | Set disk transfer address
2018-12-25T11:58:54.042739464Z 26 PC: 13290 | Set disk transfer address
2018-12-25T11:58:54.044802664Z 59 PC: 13298 | Change current directory
2018-12-25T11:58:54.046720902Z 78 PC: 13305 | Find first file
2018-12-25T11:58:54.052435114Z 61 PC: 13313 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:58:54.059222142Z 63 PC: 1331f | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:58:54.065053874Z 66 PC: 1333f | Move file pointer
2018-12-25T11:58:54.06611134Z 64 PC: 1334a | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:58:54.068512408Z 66 PC: 13353 | Move file pointer
2018-12-25T11:58:54.069563525Z 64 PC: 1335e | Write file or device (Write 649 bytes on handle 5)
2018-12-25T11:58:54.074551704Z 66 PC: 13367 | Move file pointer
2018-12-25T11:58:54.076301714Z 64 PC: 13372 | Write file or device (Write 234 bytes on handle 5)
2018-12-25T11:58:54.081858227Z 62 PC: 13376 | Close file
2018-12-25T11:58:54.087425594Z 79 PC: 13305 | Find next file (See above)
2018-12-25T11:58:54.090098986Z 61 PC: 13313 | Open file (See above)
2018-12-25T11:58:54.096573396Z 63 PC: 1331f | Read file or device (See above)
2018-12-25T11:58:54.103375401Z 66 PC: 1333f | Move file pointer (See above)
2018-12-25T11:58:54.106251658Z 64 PC: 1334a | Write file or device (See above)
2018-12-25T11:58:54.109097063Z 66 PC: 13353 | Move file pointer (See above)
2018-12-25T11:58:54.110741658Z 64 PC: 1335e | Write file or device (See above)
2018-12-25T11:58:54.120671033Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:58:54.122193961Z 64 PC: 13372 | Write file or device (See above)
2018-12-25T11:58:54.124068463Z 62 PC: 13376 | Close file (See above)
2018-12-25T11:58:54.130601464Z 79 PC: 13305 | Find next file (See above)
2018-12-25T11:58:54.132718968Z 61 PC: 13313 | Open file (See above)
2018-12-25T11:58:54.13984059Z 63 PC: 1331f | Read file or device (See above)
2018-12-25T11:58:54.147781774Z 66 PC: 1333f | Move file pointer (See above)
2018-12-25T11:58:54.15009664Z 64 PC: 1334a | Write file or device (See above)
2018-12-25T11:58:54.152803255Z 66 PC: 13353 | Move file pointer (See above)
2018-12-25T11:58:54.154902588Z 64 PC: 1335e | Write file or device (See above)
2018-12-25T11:58:54.163420448Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:58:54.16475207Z 64 PC: 13372 | Write file or device (See above)
2018-12-25T11:58:54.167312482Z 62 PC: 13376 | Close file (See above)
2018-12-25T11:58:54.174343126Z 79 PC: 13305 | Find next file (See above)
2018-12-25T11:58:54.176645379Z 61 PC: 13313 | Open file (See above)
2018-12-25T11:58:54.182655127Z 63 PC: 1331f | Read file or device (See above)
2018-12-25T11:58:54.187000164Z 66 PC: 1333f | Move file pointer (See above)
2018-12-25T11:58:54.188608064Z 64 PC: 1334a | Write file or device (See above)
2018-12-25T11:58:54.190975476Z 66 PC: 13353 | Move file pointer (See above)
2018-12-25T11:58:54.192275157Z 64 PC: 1335e | Write file or device (See above)
2018-12-25T11:58:54.198292442Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:58:54.200039313Z 64 PC: 13372 | Write file or device (See above)
2018-12-25T11:58:54.201901899Z 62 PC: 13376 | Close file (See above)
2018-12-25T11:58:54.209467437Z 79 PC: 13305 | Find next file (See above)
2018-12-25T11:58:54.212841832Z 61 PC: 13313 | Open file (See above)
2018-12-25T11:58:54.218693965Z 63 PC: 1331f | Read file or device (See above)
2018-12-25T11:58:54.225179142Z 66 PC: 1333f | Move file pointer (See above)
2018-12-25T11:58:54.227360394Z 64 PC: 1334a | Write file or device (See above)
2018-12-25T11:58:54.233752481Z 66 PC: 13353 | Move file pointer (See above)
2018-12-25T11:58:54.238768918Z 64 PC: 1335e | Write file or device (See above)
2018-12-25T11:58:54.250275774Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:58:54.252193297Z 64 PC: 13372 | Write file or device (See above)
2018-12-25T11:58:54.254857611Z 62 PC: 13376 | Close file (See above)
2018-12-25T11:58:54.263001876Z 79 PC: 13305 | Find next file (See above)
2018-12-25T11:58:54.265769767Z 61 PC: 13313 | Open file (See above)
2018-12-25T11:58:54.272062828Z 63 PC: 1331f | Read file or device (See above)
2018-12-25T11:58:54.279395574Z 66 PC: 1333f | Move file pointer (See above)
2018-12-25T11:58:54.281894762Z 64 PC: 1334a | Write file or device (See above)
2018-12-25T11:58:54.286346732Z 66 PC: 13353 | Move file pointer (See above)
2018-12-25T11:58:54.28776524Z 64 PC: 1335e | Write file or device (See above)
2018-12-25T11:58:54.297013639Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:58:54.29825177Z 64 PC: 13372 | Write file or device (See above)
2018-12-25T11:58:54.306446277Z 62 PC: 13376 | Close file (See above)
2018-12-25T11:58:54.317896183Z 79 PC: 13305 | Find next file (See above)
2018-12-25T11:58:54.321134699Z 61 PC: 13313 | Open file (See above)
2018-12-25T11:58:54.328930746Z 63 PC: 1331f | Read file or device (See above)
2018-12-25T11:58:54.33585764Z 66 PC: 1333f | Move file pointer (See above)
2018-12-25T11:58:54.337300163Z 64 PC: 1334a | Write file or device (See above)
2018-12-25T11:58:54.341102935Z 66 PC: 13353 | Move file pointer (See above)
2018-12-25T11:58:54.342893069Z 64 PC: 1335e | Write file or device (See above)
2018-12-25T11:58:54.352367705Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:58:54.354221584Z 64 PC: 13372 | Write file or device (See above)
2018-12-25T11:58:54.357472158Z 62 PC: 13376 | Close file (See above)
2018-12-25T11:58:54.365797319Z 79 PC: 13305 | Find next file (See above)
2018-12-25T11:58:54.369475109Z 61 PC: 13313 | Open file (See above)
2018-12-25T11:58:54.376789043Z 63 PC: 1331f | Read file or device (See above)
2018-12-25T11:58:54.379610015Z 66 PC: 1333f | Move file pointer (See above)
2018-12-25T11:58:54.382088363Z 64 PC: 1334a | Write file or device (See above)
2018-12-25T11:58:54.389045084Z 66 PC: 13353 | Move file pointer (See above)
2018-12-25T11:58:54.390522668Z 64 PC: 1335e | Write file or device (See above)
2018-12-25T11:58:54.399357668Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:58:54.40139893Z 64 PC: 13372 | Write file or device (See above)
2018-12-25T11:58:54.404315873Z 62 PC: 13376 | Close file (See above)
2018-12-25T11:58:54.41238634Z 79 PC: 13305 | Find next file (See above)
2018-12-25T11:58:54.415359266Z 42 PC: 1329f | Get date 0x1329f: cmp dl, 0x1e
0x132a2: jne 0x132f2
0x132a4: mov ah, 0x39
0x132a6: lea dx, word ptr [bp + 0x342]
0x132aa: int 0x21
0x132ac: mov ah, 9
0x132ae: lea dx, word ptr [bp + 0x35b]
0x132b2: int 0x21
0x132b4: mov ax, 0x3521
0x132b7: int 0x21
0x132b9: mov word ptr cs:[bp + 0x2f5], bx
0x132be: mov word ptr cs:[bp + 0x2f7], es
0x132c3: mov ax, 0x2521
0x132c6: lea dx, word ptr [bp + 0x162]
0x132ca: int 0x21
0x132cc: lea dx, word ptr [bp + 0x38c]
0x132d0: int 0x27
0x132d2: pushf
0x132d3: cmp ah, 0x4b
0x132d6: jne 0x132f0
2018-12-25T11:58:54.417787496Z 26 PC: 132f9 | Set disk transfer address
2018-12-25T11:58:54.419450489Z 26 PC: 12f1d | Set disk transfer address
2018-12-25T11:58:54.42160076Z 59 PC: 12f25 | Change current directory
2018-12-25T11:58:54.423632581Z 78 PC: 12f92 | Find first file
2018-12-25T11:58:54.429575113Z 61 PC: 12fa0 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:58:54.43714233Z 63 PC: 12fac | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:58:54.439960893Z 66 PC: 12fcc | Move file pointer
2018-12-25T11:58:54.441654437Z 64 PC: 12fd7 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:58:54.445532782Z 66 PC: 12fe0 | Move file pointer
2018-12-25T11:58:54.448022931Z 64 PC: 12feb | Write file or device (Write 649 bytes on handle 5)
2018-12-25T11:58:54.456298057Z 66 PC: 12ff4 | Move file pointer
2018-12-25T11:58:54.459272907Z 64 PC: 12fff | Write file or device (Write 234 bytes on handle 5)
2018-12-25T11:58:54.462200921Z 62 PC: 13003 | Close file
2018-12-25T11:58:54.47019475Z 79 PC: 12f92 | Find next file (See above)
2018-12-25T11:58:54.47444854Z 61 PC: 12fa0 | Open file (See above)
2018-12-25T11:58:54.48062205Z 63 PC: 12fac | Read file or device (See above)
2018-12-25T11:58:54.483141253Z 66 PC: 12fcc | Move file pointer (See above)
2018-12-25T11:58:54.485778858Z 64 PC: 12fd7 | Write file or device (See above)
2018-12-25T11:58:54.488629009Z 66 PC: 12fe0 | Move file pointer (See above)
2018-12-25T11:58:54.490279519Z 64 PC: 12feb | Write file or device (See above)
2018-12-25T11:58:54.499191089Z 66 PC: 12ff4 | Move file pointer (See above)
2018-12-25T11:58:54.500569282Z 64 PC: 12fff | Write file or device (See above)
2018-12-25T11:58:54.526736438Z 62 PC: 13003 | Close file (See above)
2018-12-25T11:58:54.534760556Z 79 PC: 12f92 | Find next file (See above)
2018-12-25T11:58:54.537550548Z 61 PC: 12fa0 | Open file (See above)
2018-12-25T11:58:54.544165584Z 63 PC: 12fac | Read file or device (See above)
2018-12-25T11:58:54.547981586Z 66 PC: 12fcc | Move file pointer (See above)
2018-12-25T11:58:54.549277Z 64 PC: 12fd7 | Write file or device (See above)
2018-12-25T11:58:54.551940572Z 66 PC: 12fe0 | Move file pointer (See above)
2018-12-25T11:58:54.554196655Z 64 PC: 12feb | Write file or device (See above)
2018-12-25T11:58:54.562132121Z 66 PC: 12ff4 | Move file pointer (See above)
2018-12-25T11:58:54.563631006Z 64 PC: 12fff | Write file or device (See above)
2018-12-25T11:58:54.5724415Z 62 PC: 13003 | Close file (See above)
2018-12-25T11:58:54.580979277Z 79 PC: 12f92 | Find next file (See above)
2018-12-25T11:58:54.583934004Z 61 PC: 12fa0 | Open file (See above)
2018-12-25T11:58:54.591753466Z 63 PC: 12fac | Read file or device (See above)
2018-12-25T11:58:54.594539291Z 66 PC: 12fcc | Move file pointer (See above)
2018-12-25T11:58:54.59708513Z 64 PC: 12fd7 | Write file or device (See above)
2018-12-25T11:58:54.599819782Z 66 PC: 12fe0 | Move file pointer (See above)
2018-12-25T11:58:54.601109041Z 64 PC: 12feb | Write file or device (See above)
2018-12-25T11:58:54.609607202Z 66 PC: 12ff4 | Move file pointer (See above)
2018-12-25T11:58:54.610955068Z 64 PC: 12fff | Write file or device (See above)
2018-12-25T11:58:54.618810919Z 62 PC: 13003 | Close file (See above)
2018-12-25T11:58:54.627112056Z 79 PC: 12f92 | Find next file (See above)
2018-12-25T11:58:54.630062837Z 61 PC: 12fa0 | Open file (See above)
2018-12-25T11:58:54.636333254Z 63 PC: 12fac | Read file or device (See above)
2018-12-25T11:58:54.640911971Z 66 PC: 12fcc | Move file pointer (See above)
2018-12-25T11:58:54.64248383Z 64 PC: 12fd7 | Write file or device (See above)
2018-12-25T11:58:54.645051271Z 66 PC: 12fe0 | Move file pointer (See above)
2018-12-25T11:58:54.647659898Z 64 PC: 12feb | Write file or device (See above)
2018-12-25T11:58:54.655992407Z 66 PC: 12ff4 | Move file pointer (See above)
2018-12-25T11:58:54.657344252Z 64 PC: 12fff | Write file or device (See above)
2018-12-25T11:58:54.665978224Z 62 PC: 13003 | Close file (See above)
2018-12-25T11:58:54.673831238Z 79 PC: 12f92 | Find next file (See above)
2018-12-25T11:58:54.676304255Z 61 PC: 12fa0 | Open file (See above)
2018-12-25T11:58:54.683389625Z 63 PC: 12fac | Read file or device (See above)
2018-12-25T11:58:54.686063837Z 66 PC: 12fcc | Move file pointer (See above)
2018-12-25T11:58:54.687527646Z 64 PC: 12fd7 | Write file or device (See above)
2018-12-25T11:58:54.691058944Z 66 PC: 12fe0 | Move file pointer (See above)
2018-12-25T11:58:54.692588831Z 64 PC: 12feb | Write file or device (See above)
2018-12-25T11:58:54.700561454Z 66 PC: 12ff4 | Move file pointer (See above)
2018-12-25T11:58:54.702446855Z 64 PC: 12fff | Write file or device (See above)
2018-12-25T11:58:54.710353168Z 62 PC: 13003 | Close file (See above)
2018-12-25T11:58:54.718718448Z 79 PC: 12f92 | Find next file (See above)
2018-12-25T11:58:54.721690379Z 61 PC: 12fa0 | Open file (See above)
2018-12-25T11:58:54.728152215Z 63 PC: 12fac | Read file or device (See above)
2018-12-25T11:58:54.731858579Z 66 PC: 12fcc | Move file pointer (See above)
2018-12-25T11:58:54.733978519Z 64 PC: 12fd7 | Write file or device (See above)
2018-12-25T11:58:54.736660567Z 66 PC: 12fe0 | Move file pointer (See above)
2018-12-25T11:58:54.738961342Z 64 PC: 12feb | Write file or device (See above)
2018-12-25T11:58:54.746829596Z 66 PC: 12ff4 | Move file pointer (See above)
2018-12-25T11:58:54.748286549Z 64 PC: 12fff | Write file or device (See above)
2018-12-25T11:58:54.756258513Z 62 PC: 13003 | Close file (See above)
2018-12-25T11:58:54.764457661Z 79 PC: 12f92 | Find next file (See above)
2018-12-25T11:58:54.767268678Z 61 PC: 12fa0 | Open file (See above)
2018-12-25T11:58:54.774309638Z 63 PC: 12fac | Read file or device (See above)
2018-12-25T11:58:54.776737521Z 66 PC: 12fcc | Move file pointer (See above)
2018-12-25T11:58:54.77792908Z 64 PC: 12fd7 | Write file or device (See above)
2018-12-25T11:58:54.780786765Z 66 PC: 12fe0 | Move file pointer (See above)
2018-12-25T11:58:54.782574282Z 64 PC: 12feb | Write file or device (See above)
2018-12-25T11:58:54.791451773Z 66 PC: 12ff4 | Move file pointer (See above)
2018-12-25T11:58:54.794064204Z 64 PC: 12fff | Write file or device (See above)
2018-12-25T11:58:54.796958802Z 62 PC: 13003 | Close file (See above)
2018-12-25T11:58:54.805070594Z 79 PC: 12f92 | Find next file (See above)
2018-12-25T11:58:54.808841014Z 42 PC: 12f2c | Get date 0x12f2c: cmp dl, 0x1e
0x12f2f: jne 0x12f7f
0x12f31: mov ah, 0x39
0x12f33: lea dx, word ptr [bp + 0x342]
0x12f37: int 0x21
0x12f39: mov ah, 9
0x12f3b: lea dx, word ptr [bp + 0x35b]
0x12f3f: int 0x21
0x12f41: mov ax, 0x3521
0x12f44: int 0x21
0x12f46: mov word ptr cs:[bp + 0x2f5], bx
0x12f4b: mov word ptr cs:[bp + 0x2f7], es
0x12f50: mov ax, 0x2521
0x12f53: lea dx, word ptr [bp + 0x162]
0x12f57: int 0x21
0x12f59: lea dx, word ptr [bp + 0x38c]
0x12f5d: int 0x27
0x12f5f: pushf
0x12f60: cmp ah, 0x4b
0x12f63: jne 0x12f7d
2018-12-25T11:58:54.810892916Z 26 PC: 12f86 | Set disk transfer address
2018-12-25T11:58:54.81203387Z 26 PC: 12baa | Set disk transfer address
2018-12-25T11:58:54.813541617Z 59 PC: 12bb2 | Change current directory
2018-12-25T11:58:54.814734182Z 78 PC: 12c1f | Find first file
2018-12-25T11:58:54.818594296Z 61 PC: 12c2d | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:58:54.825630978Z 63 PC: 12c39 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:58:54.828092899Z 66 PC: 12c59 | Move file pointer
2018-12-25T11:58:54.829266072Z 64 PC: 12c64 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:58:54.832360978Z 66 PC: 12c6d | Move file pointer
2018-12-25T11:58:54.833593856Z 64 PC: 12c78 | Write file or device (Write 649 bytes on handle 5)
2018-12-25T11:58:54.841920292Z 66 PC: 12c81 | Move file pointer
2018-12-25T11:58:54.843542587Z 64 PC: 12c8c | Write file or device (Write 234 bytes on handle 5)
2018-12-25T11:58:54.84619576Z 62 PC: 12c90 | Close file
2018-12-25T11:58:54.854997518Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:58:54.857492771Z 61 PC: 12c2d | Open file (See above)
2018-12-25T11:58:54.863917465Z 63 PC: 12c39 | Read file or device (See above)
2018-12-25T11:58:54.86745226Z 66 PC: 12c59 | Move file pointer (See above)
2018-12-25T11:58:54.869046998Z 64 PC: 12c64 | Write file or device (See above)
2018-12-25T11:58:54.871492164Z 66 PC: 12c6d | Move file pointer (See above)
2018-12-25T11:58:54.873320814Z 64 PC: 12c78 | Write file or device (See above)
2018-12-25T11:58:54.881145688Z 66 PC: 12c81 | Move file pointer (See above)
2018-12-25T11:58:54.882529676Z 64 PC: 12c8c | Write file or device (See above)
2018-12-25T11:58:54.901493517Z 62 PC: 12c90 | Close file (See above)
2018-12-25T11:58:54.907733598Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:58:54.909601814Z 61 PC: 12c2d | Open file (See above)
2018-12-25T11:58:54.9142967Z 63 PC: 12c39 | Read file or device (See above)
2018-12-25T11:58:54.916139375Z 66 PC: 12c59 | Move file pointer (See above)
2018-12-25T11:58:54.917260097Z 64 PC: 12c64 | Write file or device (See above)
2018-12-25T11:58:54.92011835Z 66 PC: 12c6d | Move file pointer (See above)
2018-12-25T11:58:54.921246021Z 64 PC: 12c78 | Write file or device (See above)
2018-12-25T11:58:54.926601759Z 66 PC: 12c81 | Move file pointer (See above)
2018-12-25T11:58:54.928135261Z 64 PC: 12c8c | Write file or device (See above)
2018-12-25T11:58:54.933199994Z 62 PC: 12c90 | Close file (See above)
2018-12-25T11:58:54.939064436Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:58:54.941404108Z 61 PC: 12c2d | Open file (See above)
2018-12-25T11:58:54.945509085Z 63 PC: 12c39 | Read file or device (See above)
2018-12-25T11:58:54.947939555Z 66 PC: 12c59 | Move file pointer (See above)
2018-12-25T11:58:54.949027284Z 64 PC: 12c64 | Write file or device (See above)
2018-12-25T11:58:54.950797162Z 66 PC: 12c6d | Move file pointer (See above)
2018-12-25T11:58:54.952348788Z 64 PC: 12c78 | Write file or device (See above)
2018-12-25T11:58:54.957389341Z 66 PC: 12c81 | Move file pointer (See above)
2018-12-25T11:58:54.958474885Z 64 PC: 12c8c | Write file or device (See above)
2018-12-25T11:58:54.960995114Z 62 PC: 12c90 | Close file (See above)
2018-12-25T11:58:54.966720104Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:58:54.968622241Z 61 PC: 12c2d | Open file (See above)
2018-12-25T11:58:54.973196699Z 63 PC: 12c39 | Read file or device (See above)
2018-12-25T11:58:54.974944382Z 66 PC: 12c59 | Move file pointer (See above)
2018-12-25T11:58:54.976526883Z 64 PC: 12c64 | Write file or device (See above)
2018-12-25T11:58:54.978238893Z 66 PC: 12c6d | Move file pointer (See above)
2018-12-25T11:58:54.979249725Z 64 PC: 12c78 | Write file or device (See above)
2018-12-25T11:58:54.984985768Z 66 PC: 12c81 | Move file pointer (See above)
2018-12-25T11:58:54.986036082Z 64 PC: 12c8c | Write file or device (See above)
2018-12-25T11:58:54.987778224Z 62 PC: 12c90 | Close file (See above)
2018-12-25T11:58:54.99474724Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:58:54.997573153Z 61 PC: 12c2d | Open file (See above)
2018-12-25T11:58:55.003370269Z 63 PC: 12c39 | Read file or device (See above)
2018-12-25T11:58:55.007268591Z 66 PC: 12c59 | Move file pointer (See above)
2018-12-25T11:58:55.008885195Z 64 PC: 12c64 | Write file or device (See above)
2018-12-25T11:58:55.011803691Z 66 PC: 12c6d | Move file pointer (See above)
2018-12-25T11:58:55.014498296Z 64 PC: 12c78 | Write file or device (See above)
2018-12-25T11:58:55.022825629Z 66 PC: 12c81 | Move file pointer (See above)
2018-12-25T11:58:55.024432246Z 64 PC: 12c8c | Write file or device (See above)
2018-12-25T11:58:55.028426787Z 62 PC: 12c90 | Close file (See above)
2018-12-25T11:58:55.037104091Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:58:55.039865239Z 61 PC: 12c2d | Open file (See above)
2018-12-25T11:58:55.047002315Z 63 PC: 12c39 | Read file or device (See above)
2018-12-25T11:58:55.048836856Z 66 PC: 12c59 | Move file pointer (See above)
2018-12-25T11:58:55.050098671Z 64 PC: 12c64 | Write file or device (See above)
2018-12-25T11:58:55.052808069Z 66 PC: 12c6d | Move file pointer (See above)
2018-12-25T11:58:55.054486865Z 64 PC: 12c78 | Write file or device (See above)
2018-12-25T11:58:55.061492124Z 66 PC: 12c81 | Move file pointer (See above)
2018-12-25T11:58:55.062630806Z 64 PC: 12c8c | Write file or device (See above)
2018-12-25T11:58:55.064477413Z 62 PC: 12c90 | Close file (See above)
2018-12-25T11:58:55.072621819Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:58:55.075461835Z 61 PC: 12c2d | Open file (See above)
2018-12-25T11:58:55.082410538Z 63 PC: 12c39 | Read file or device (See above)
2018-12-25T11:58:55.085482957Z 66 PC: 12c59 | Move file pointer (See above)
2018-12-25T11:58:55.08681042Z 64 PC: 12c64 | Write file or device (See above)
2018-12-25T11:58:55.089296822Z 66 PC: 12c6d | Move file pointer (See above)
2018-12-25T11:58:55.091367184Z 64 PC: 12c78 | Write file or device (See above)
2018-12-25T11:58:55.099547449Z 66 PC: 12c81 | Move file pointer (See above)
2018-12-25T11:58:55.101968502Z 64 PC: 12c8c | Write file or device (See above)
2018-12-25T11:58:55.110359512Z 62 PC: 12c90 | Close file (See above)
2018-12-25T11:58:55.118623121Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:58:55.122362572Z 42 PC: 12bb9 | Get date 0x12bb9: cmp dl, 0x1e
0x12bbc: jne 0x12c0c
0x12bbe: mov ah, 0x39
0x12bc0: lea dx, word ptr [bp + 0x342]
0x12bc4: int 0x21
0x12bc6: mov ah, 9
0x12bc8: lea dx, word ptr [bp + 0x35b]
0x12bcc: int 0x21
0x12bce: mov ax, 0x3521
0x12bd1: int 0x21
0x12bd3: mov word ptr cs:[bp + 0x2f5], bx
0x12bd8: mov word ptr cs:[bp + 0x2f7], es
0x12bdd: mov ax, 0x2521
0x12be0: lea dx, word ptr [bp + 0x162]
0x12be4: int 0x21
0x12be6: lea dx, word ptr [bp + 0x38c]
0x12bea: int 0x27
0x12bec: pushf
0x12bed: cmp ah, 0x4b
0x12bf0: jne 0x12c0a
2018-12-25T11:58:55.124437832Z 26 PC: 12c13 | Set disk transfer address
2018-12-25T11:58:55.125708995Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T11:58:55.132393708Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6240,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:58:53.861283071Z 26 PC: 13603 | Set disk transfer address
2018-12-25T11:58:53.863674387Z 59 PC: 1360b | Change current directory
2018-12-25T11:58:53.865553318Z 78 PC: 13678 | Find first file
2018-12-25T11:58:53.871335057Z 61 PC: 13686 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:58:53.878557059Z 63 PC: 13692 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:58:53.884915229Z 66 PC: 136b2 | Move file pointer
2018-12-25T11:58:53.88618656Z 64 PC: 136bd | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:58:53.889904171Z 66 PC: 136c6 | Move file pointer
2018-12-25T11:58:53.892156371Z 64 PC: 136d1 | Write file or device (Write 649 bytes on handle 5)
2018-12-25T11:58:53.906278421Z 66 PC: 136da | Move file pointer
2018-12-25T11:58:53.907996768Z 64 PC: 136e5 | Write file or device (Write 234 bytes on handle 5)
2018-12-25T11:58:53.911104398Z 62 PC: 136e9 | Close file
2018-12-25T11:58:53.91965224Z 79 PC: 13678 | Find next file (See above)
2018-12-25T11:58:53.922530987Z 61 PC: 13686 | Open file (See above)
2018-12-25T11:58:53.92933859Z 63 PC: 13692 | Read file or device (See above)
2018-12-25T11:58:53.935558121Z 66 PC: 136b2 | Move file pointer (See above)
2018-12-25T11:58:53.937113891Z 64 PC: 136bd | Write file or device (See above)
2018-12-25T11:58:53.940275062Z 66 PC: 136c6 | Move file pointer (See above)
2018-12-25T11:58:53.941557415Z 64 PC: 136d1 | Write file or device (See above)
2018-12-25T11:58:53.949354456Z 66 PC: 136da | Move file pointer (See above)
2018-12-25T11:58:53.954863144Z 64 PC: 136e5 | Write file or device (See above)
2018-12-25T11:58:53.957687985Z 62 PC: 136e9 | Close file (See above)
2018-12-25T11:58:53.965513238Z 79 PC: 13678 | Find next file (See above)
2018-12-25T11:58:53.970171431Z 61 PC: 13686 | Open file (See above)
2018-12-25T11:58:53.976653547Z 63 PC: 13692 | Read file or device (See above)
2018-12-25T11:58:53.982971157Z 66 PC: 136b2 | Move file pointer (See above)
2018-12-25T11:58:53.98473668Z 64 PC: 136bd | Write file or device (See above)
2018-12-25T11:58:53.987987769Z 66 PC: 136c6 | Move file pointer (See above)
2018-12-25T11:58:53.989570201Z 64 PC: 136d1 | Write file or device (See above)
2018-12-25T11:58:53.998943518Z 66 PC: 136da | Move file pointer (See above)
2018-12-25T11:58:54.000690263Z 64 PC: 136e5 | Write file or device (See above)
2018-12-25T11:58:54.003484846Z 62 PC: 136e9 | Close file (See above)
2018-12-25T11:58:54.017481973Z 79 PC: 13678 | Find next file (See above)
2018-12-25T11:58:54.020745064Z 61 PC: 13686 | Open file (See above)
2018-12-25T11:58:54.027019136Z 63 PC: 13692 | Read file or device (See above)
2018-12-25T11:58:54.034400668Z 66 PC: 136b2 | Move file pointer (See above)
2018-12-25T11:58:54.036422803Z 64 PC: 136bd | Write file or device (See above)
2018-12-25T11:58:54.039291522Z 66 PC: 136c6 | Move file pointer (See above)
2018-12-25T11:58:54.040948298Z 64 PC: 136d1 | Write file or device (See above)
2018-12-25T11:58:54.049059284Z 66 PC: 136da | Move file pointer (See above)
2018-12-25T11:58:54.050328106Z 64 PC: 136e5 | Write file or device (See above)
2018-12-25T11:58:54.052768725Z 62 PC: 136e9 | Close file (See above)
2018-12-25T11:58:54.064541393Z 79 PC: 13678 | Find next file (See above)
2018-12-25T11:58:54.06740925Z 61 PC: 13686 | Open file (See above)
2018-12-25T11:58:54.074014532Z 63 PC: 13692 | Read file or device (See above)
2018-12-25T11:58:54.080972572Z 66 PC: 136b2 | Move file pointer (See above)
2018-12-25T11:58:54.082553824Z 64 PC: 136bd | Write file or device (See above)
2018-12-25T11:58:54.08539106Z 66 PC: 136c6 | Move file pointer (See above)
2018-12-25T11:58:54.089723277Z 64 PC: 136d1 | Write file or device (See above)
2018-12-25T11:58:54.097634374Z 66 PC: 136da | Move file pointer (See above)
2018-12-25T11:58:54.099236382Z 64 PC: 136e5 | Write file or device (See above)
2018-12-25T11:58:54.103761407Z 62 PC: 136e9 | Close file (See above)
2018-12-25T11:58:54.112101903Z 79 PC: 13678 | Find next file (See above)
2018-12-25T11:58:54.114871324Z 61 PC: 13686 | Open file (See above)
2018-12-25T11:58:54.121718839Z 63 PC: 13692 | Read file or device (See above)
2018-12-25T11:58:54.128498404Z 66 PC: 136b2 | Move file pointer (See above)
2018-12-25T11:58:54.13019804Z 64 PC: 136bd | Write file or device (See above)
2018-12-25T11:58:54.133920262Z 66 PC: 136c6 | Move file pointer (See above)
2018-12-25T11:58:54.136440341Z 64 PC: 136d1 | Write file or device (See above)
2018-12-25T11:58:54.144879511Z 66 PC: 136da | Move file pointer (See above)
2018-12-25T11:58:54.148818392Z 64 PC: 136e5 | Write file or device (See above)
2018-12-25T11:58:54.15234911Z 62 PC: 136e9 | Close file (See above)
2018-12-25T11:58:54.158154072Z 79 PC: 13678 | Find next file (See above)
2018-12-25T11:58:54.160698135Z 61 PC: 13686 | Open file (See above)
2018-12-25T11:58:54.165627252Z 63 PC: 13692 | Read file or device (See above)
2018-12-25T11:58:54.17126828Z 66 PC: 136b2 | Move file pointer (See above)
2018-12-25T11:58:54.173299624Z 64 PC: 136bd | Write file or device (See above)
2018-12-25T11:58:54.175898764Z 66 PC: 136c6 | Move file pointer (See above)
2018-12-25T11:58:54.177427226Z 64 PC: 136d1 | Write file or device (See above)
2018-12-25T11:58:54.183750087Z 66 PC: 136da | Move file pointer (See above)
2018-12-25T11:58:54.196707251Z 64 PC: 136e5 | Write file or device (See above)
2018-12-25T11:58:54.199783359Z 62 PC: 136e9 | Close file (See above)
2018-12-25T11:58:54.214630478Z 79 PC: 13678 | Find next file (See above)
2018-12-25T11:58:54.217668227Z 61 PC: 13686 | Open file (See above)
2018-12-25T11:58:54.2311679Z 63 PC: 13692 | Read file or device (See above)
2018-12-25T11:58:54.235914664Z 66 PC: 136b2 | Move file pointer (See above)
2018-12-25T11:58:54.237500219Z 64 PC: 136bd | Write file or device (See above)
2018-12-25T11:58:54.239944334Z 66 PC: 136c6 | Move file pointer (See above)
2018-12-25T11:58:54.241439241Z 64 PC: 136d1 | Write file or device (See above)
2018-12-25T11:58:54.250155685Z 66 PC: 136da | Move file pointer (See above)
2018-12-25T11:58:54.251701449Z 64 PC: 136e5 | Write file or device (See above)
2018-12-25T11:58:54.268601591Z 62 PC: 136e9 | Close file (See above)
2018-12-25T11:58:54.277027781Z 79 PC: 13678 | Find next file (See above)
2018-12-25T11:58:54.280291589Z 42 PC: 13612 | Get date 0x13612: cmp dl, 0x1e
0x13615: jne 0x13665
0x13617: mov ah, 0x39
0x13619: lea dx, word ptr [bp + 0x342]
0x1361d: int 0x21
0x1361f: mov ah, 9
0x13621: lea dx, word ptr [bp + 0x35b]
0x13625: int 0x21
0x13627: mov ax, 0x3521
0x1362a: int 0x21
0x1362c: mov word ptr cs:[bp + 0x2f5], bx
0x13631: mov word ptr cs:[bp + 0x2f7], es
0x13636: mov ax, 0x2521
0x13639: lea dx, word ptr [bp + 0x162]
0x1363d: int 0x21
0x1363f: lea dx, word ptr [bp + 0x38c]
0x13643: int 0x27
0x13645: pushf
0x13646: cmp ah, 0x4b
0x13649: jne 0x13663
2018-12-25T11:58:54.282550231Z 26 PC: 1366c | Set disk transfer address
2018-12-25T11:58:54.283851571Z 26 PC: 13290 | Set disk transfer address
2018-12-25T11:58:54.284775209Z 59 PC: 13298 | Change current directory
2018-12-25T11:58:54.286514731Z 78 PC: 13305 | Find first file
2018-12-25T11:58:54.293482961Z 61 PC: 13313 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:58:54.301114051Z 63 PC: 1331f | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:58:54.308226584Z 66 PC: 1333f | Move file pointer
2018-12-25T11:58:54.309867418Z 64 PC: 1334a | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:58:54.313423549Z 66 PC: 13353 | Move file pointer
2018-12-25T11:58:54.314867585Z 64 PC: 1335e | Write file or device (Write 649 bytes on handle 5)
2018-12-25T11:58:54.32305173Z 66 PC: 13367 | Move file pointer
2018-12-25T11:58:54.324463211Z 64 PC: 13372 | Write file or device (Write 234 bytes on handle 5)
2018-12-25T11:58:54.333276634Z 62 PC: 13376 | Close file
2018-12-25T11:58:54.342469149Z 79 PC: 13305 | Find next file (See above)
2018-12-25T11:58:54.345586189Z 61 PC: 13313 | Open file (See above)
2018-12-25T11:58:54.351985326Z 63 PC: 1331f | Read file or device (See above)
2018-12-25T11:58:54.360580799Z 66 PC: 1333f | Move file pointer (See above)
2018-12-25T11:58:54.362922347Z 64 PC: 1334a | Write file or device (See above)
2018-12-25T11:58:54.365755135Z 66 PC: 13353 | Move file pointer (See above)
2018-12-25T11:58:54.367933986Z 64 PC: 1335e | Write file or device (See above)
2018-12-25T11:58:54.377452046Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:58:54.379146479Z 64 PC: 13372 | Write file or device (See above)
2018-12-25T11:58:54.382620392Z 62 PC: 13376 | Close file (See above)
2018-12-25T11:58:54.391206171Z 79 PC: 13305 | Find next file (See above)
2018-12-25T11:58:54.394192679Z 61 PC: 13313 | Open file (See above)
2018-12-25T11:58:54.401829934Z 63 PC: 1331f | Read file or device (See above)
2018-12-25T11:58:54.408398975Z 66 PC: 1333f | Move file pointer (See above)
2018-12-25T11:58:54.410095574Z 64 PC: 1334a | Write file or device (See above)
2018-12-25T11:58:54.413605142Z 66 PC: 13353 | Move file pointer (See above)
2018-12-25T11:58:54.415229055Z 64 PC: 1335e | Write file or device (See above)
2018-12-25T11:58:54.424160257Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:58:54.426383861Z 64 PC: 13372 | Write file or device (See above)
2018-12-25T11:58:54.42906514Z 62 PC: 13376 | Close file (See above)
2018-12-25T11:58:54.437733105Z 79 PC: 13305 | Find next file (See above)
2018-12-25T11:58:54.440983367Z 61 PC: 13313 | Open file (See above)
2018-12-25T11:58:54.447528515Z 63 PC: 1331f | Read file or device (See above)
2018-12-25T11:58:54.453929375Z 66 PC: 1333f | Move file pointer (See above)
2018-12-25T11:58:54.456770522Z 64 PC: 1334a | Write file or device (See above)
2018-12-25T11:58:54.459586078Z 66 PC: 13353 | Move file pointer (See above)
2018-12-25T11:58:54.461447411Z 64 PC: 1335e | Write file or device (See above)
2018-12-25T11:58:54.470759504Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:58:54.471918976Z 64 PC: 13372 | Write file or device (See above)
2018-12-25T11:58:54.475384741Z 62 PC: 13376 | Close file (See above)
2018-12-25T11:58:54.484064271Z 79 PC: 13305 | Find next file (See above)
2018-12-25T11:58:54.486076553Z 61 PC: 13313 | Open file (See above)
2018-12-25T11:58:54.490280703Z 63 PC: 1331f | Read file or device (See above)
2018-12-25T11:58:54.501149238Z 66 PC: 1333f | Move file pointer (See above)
2018-12-25T11:58:54.506876185Z 64 PC: 1334a | Write file or device (See above)
2018-12-25T11:58:54.509823907Z 66 PC: 13353 | Move file pointer (See above)
2018-12-25T11:58:54.514736125Z 64 PC: 1335e | Write file or device (See above)
2018-12-25T11:58:54.523074496Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:58:54.524398274Z 64 PC: 13372 | Write file or device (See above)
2018-12-25T11:58:54.527565653Z 62 PC: 13376 | Close file (See above)
2018-12-25T11:58:54.536283335Z 79 PC: 13305 | Find next file (See above)
2018-12-25T11:58:54.538902538Z 61 PC: 13313 | Open file (See above)
2018-12-25T11:58:54.545741058Z 63 PC: 1331f | Read file or device (See above)
2018-12-25T11:58:54.551965328Z 66 PC: 1333f | Move file pointer (See above)
2018-12-25T11:58:54.553526617Z 64 PC: 1334a | Write file or device (See above)
2018-12-25T11:58:54.556582111Z 66 PC: 13353 | Move file pointer (See above)
2018-12-25T11:58:54.558052036Z 64 PC: 1335e | Write file or device (See above)
2018-12-25T11:58:54.565923751Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:58:54.568759307Z 64 PC: 13372 | Write file or device (See above)
2018-12-25T11:58:54.576417464Z 62 PC: 13376 | Close file (See above)
2018-12-25T11:58:54.584428259Z 79 PC: 13305 | Find next file (See above)
2018-12-25T11:58:54.587585684Z 61 PC: 13313 | Open file (See above)
2018-12-25T11:58:54.594026051Z 63 PC: 1331f | Read file or device (See above)
2018-12-25T11:58:54.60033629Z 66 PC: 1333f | Move file pointer (See above)
2018-12-25T11:58:54.602814421Z 64 PC: 1334a | Write file or device (See above)
2018-12-25T11:58:54.605480282Z 66 PC: 13353 | Move file pointer (See above)
2018-12-25T11:58:54.606925449Z 64 PC: 1335e | Write file or device (See above)
2018-12-25T11:58:54.61618956Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:58:54.617648814Z 64 PC: 13372 | Write file or device (See above)
2018-12-25T11:58:54.620099779Z 62 PC: 13376 | Close file (See above)
2018-12-25T11:58:54.628351496Z 79 PC: 13305 | Find next file (See above)
2018-12-25T11:58:54.631115114Z 61 PC: 13313 | Open file (See above)
2018-12-25T11:58:54.63890079Z 63 PC: 1331f | Read file or device (See above)
2018-12-25T11:58:54.64208355Z 66 PC: 1333f | Move file pointer (See above)
2018-12-25T11:58:54.643565886Z 64 PC: 1334a | Write file or device (See above)
2018-12-25T11:58:54.646132725Z 66 PC: 13353 | Move file pointer (See above)
2018-12-25T11:58:54.64847973Z 64 PC: 1335e | Write file or device (See above)
2018-12-25T11:58:54.65626726Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:58:54.657827123Z 64 PC: 13372 | Write file or device (See above)
2018-12-25T11:58:54.661492302Z 62 PC: 13376 | Close file (See above)
2018-12-25T11:58:54.669168629Z 79 PC: 13305 | Find next file (See above)
2018-12-25T11:58:54.671603295Z 42 PC: 1329f | Get date 0x1329f: cmp dl, 0x1e
0x132a2: jne 0x132f2
0x132a4: mov ah, 0x39
0x132a6: lea dx, word ptr [bp + 0x342]
0x132aa: int 0x21
0x132ac: mov ah, 9
0x132ae: lea dx, word ptr [bp + 0x35b]
0x132b2: int 0x21
0x132b4: mov ax, 0x3521
0x132b7: int 0x21
0x132b9: mov word ptr cs:[bp + 0x2f5], bx
0x132be: mov word ptr cs:[bp + 0x2f7], es
0x132c3: mov ax, 0x2521
0x132c6: lea dx, word ptr [bp + 0x162]
0x132ca: int 0x21
0x132cc: lea dx, word ptr [bp + 0x38c]
0x132d0: int 0x27
0x132d2: pushf
0x132d3: cmp ah, 0x4b
0x132d6: jne 0x132f0
2018-12-25T11:58:54.674687293Z 26 PC: 132f9 | Set disk transfer address
2018-12-25T11:58:54.675949657Z 26 PC: 12f1d | Set disk transfer address
2018-12-25T11:58:54.677072418Z 59 PC: 12f25 | Change current directory
2018-12-25T11:58:54.679336776Z 78 PC: 12f92 | Find first file
2018-12-25T11:58:54.68492812Z 61 PC: 12fa0 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:58:54.691202406Z 63 PC: 12fac | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:58:54.694691368Z 66 PC: 12fcc | Move file pointer
2018-12-25T11:58:54.695871617Z 64 PC: 12fd7 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:58:54.698092723Z 66 PC: 12fe0 | Move file pointer
2018-12-25T11:58:54.699867743Z 64 PC: 12feb | Write file or device (Write 649 bytes on handle 5)
2018-12-25T11:58:54.707888625Z 66 PC: 12ff4 | Move file pointer
2018-12-25T11:58:54.7093752Z 64 PC: 12fff | Write file or device (Write 234 bytes on handle 5)
2018-12-25T11:58:54.71249078Z 62 PC: 13003 | Close file
2018-12-25T11:58:54.720027914Z 79 PC: 12f92 | Find next file (See above)
2018-12-25T11:58:54.722434909Z 61 PC: 12fa0 | Open file (See above)
2018-12-25T11:58:54.729655195Z 63 PC: 12fac | Read file or device (See above)
2018-12-25T11:58:54.73201024Z 66 PC: 12fcc | Move file pointer (See above)
2018-12-25T11:58:54.733254937Z 64 PC: 12fd7 | Write file or device (See above)
2018-12-25T11:58:54.736697564Z 66 PC: 12fe0 | Move file pointer (See above)
2018-12-25T11:58:54.738223562Z 64 PC: 12feb | Write file or device (See above)
2018-12-25T11:58:54.746026633Z 66 PC: 12ff4 | Move file pointer (See above)
2018-12-25T11:58:54.748341499Z 64 PC: 12fff | Write file or device (See above)
2018-12-25T11:58:54.756235515Z 62 PC: 13003 | Close file (See above)
2018-12-25T11:58:54.763875874Z 79 PC: 12f92 | Find next file (See above)
2018-12-25T11:58:54.767147553Z 61 PC: 12fa0 | Open file (See above)
2018-12-25T11:58:54.774188186Z 63 PC: 12fac | Read file or device (See above)
2018-12-25T11:58:54.776859455Z 66 PC: 12fcc | Move file pointer (See above)
2018-12-25T11:58:54.779021499Z 64 PC: 12fd7 | Write file or device (See above)
2018-12-25T11:58:54.781643717Z 66 PC: 12fe0 | Move file pointer (See above)
2018-12-25T11:58:54.782835896Z 64 PC: 12feb | Write file or device (See above)
2018-12-25T11:58:54.791235831Z 66 PC: 12ff4 | Move file pointer (See above)
2018-12-25T11:58:54.792795484Z 64 PC: 12fff | Write file or device (See above)
2018-12-25T11:58:54.800687309Z 62 PC: 13003 | Close file (See above)
2018-12-25T11:58:54.809420415Z 79 PC: 12f92 | Find next file (See above)
2018-12-25T11:58:54.812305738Z 61 PC: 12fa0 | Open file (See above)
2018-12-25T11:58:54.818811514Z 63 PC: 12fac | Read file or device (See above)
2018-12-25T11:58:54.82193836Z 66 PC: 12fcc | Move file pointer (See above)
2018-12-25T11:58:54.82335515Z 64 PC: 12fd7 | Write file or device (See above)
2018-12-25T11:58:54.825976222Z 66 PC: 12fe0 | Move file pointer (See above)
2018-12-25T11:58:54.827909661Z 64 PC: 12feb | Write file or device (See above)
2018-12-25T11:58:54.835673894Z 66 PC: 12ff4 | Move file pointer (See above)
2018-12-25T11:58:54.837935591Z 64 PC: 12fff | Write file or device (See above)
2018-12-25T11:58:54.845899019Z 62 PC: 13003 | Close file (See above)
2018-12-25T11:58:54.853963455Z 79 PC: 12f92 | Find next file (See above)
2018-12-25T11:58:54.856875073Z 61 PC: 12fa0 | Open file (See above)
2018-12-25T11:58:54.862994746Z 63 PC: 12fac | Read file or device (See above)
2018-12-25T11:58:54.865301374Z 66 PC: 12fcc | Move file pointer (See above)
2018-12-25T11:58:54.868385459Z 64 PC: 12fd7 | Write file or device (See above)
2018-12-25T11:58:54.870901626Z 66 PC: 12fe0 | Move file pointer (See above)
2018-12-25T11:58:54.872118127Z 64 PC: 12feb | Write file or device (See above)
2018-12-25T11:58:54.880701192Z 66 PC: 12ff4 | Move file pointer (See above)
2018-12-25T11:58:54.881965024Z 64 PC: 12fff | Write file or device (See above)
2018-12-25T11:58:54.889468594Z 62 PC: 13003 | Close file (See above)
2018-12-25T11:58:54.897701885Z 79 PC: 12f92 | Find next file (See above)
2018-12-25T11:58:54.900267386Z 61 PC: 12fa0 | Open file (See above)
2018-12-25T11:58:54.907500263Z 63 PC: 12fac | Read file or device (See above)
2018-12-25T11:58:54.910922268Z 66 PC: 12fcc | Move file pointer (See above)
2018-12-25T11:58:54.912349318Z 64 PC: 12fd7 | Write file or device (See above)
2018-12-25T11:58:54.915299811Z 66 PC: 12fe0 | Move file pointer (See above)
2018-12-25T11:58:54.91788769Z 64 PC: 12feb | Write file or device (See above)
2018-12-25T11:58:54.92567241Z 66 PC: 12ff4 | Move file pointer (See above)
2018-12-25T11:58:54.927074594Z 64 PC: 12fff | Write file or device (See above)
2018-12-25T11:58:54.936226369Z 62 PC: 13003 | Close file (See above)
2018-12-25T11:58:54.944050914Z 79 PC: 12f92 | Find next file (See above)
2018-12-25T11:58:54.946701493Z 61 PC: 12fa0 | Open file (See above)
2018-12-25T11:58:54.953985773Z 63 PC: 12fac | Read file or device (See above)
2018-12-25T11:58:54.956515798Z 66 PC: 12fcc | Move file pointer (See above)
2018-12-25T11:58:54.958570264Z 64 PC: 12fd7 | Write file or device (See above)
2018-12-25T11:58:54.962631048Z 66 PC: 12fe0 | Move file pointer (See above)
2018-12-25T11:58:54.963950018Z 64 PC: 12feb | Write file or device (See above)
2018-12-25T11:58:54.971770302Z 66 PC: 12ff4 | Move file pointer (See above)
2018-12-25T11:58:54.974467438Z 64 PC: 12fff | Write file or device (See above)
2018-12-25T11:58:54.982623249Z 62 PC: 13003 | Close file (See above)
2018-12-25T11:58:54.990623665Z 79 PC: 12f92 | Find next file (See above)
2018-12-25T11:58:54.994484106Z 61 PC: 12fa0 | Open file (See above)
2018-12-25T11:58:55.000976049Z 63 PC: 12fac | Read file or device (See above)
2018-12-25T11:58:55.003711922Z 66 PC: 12fcc | Move file pointer (See above)
2018-12-25T11:58:55.006098269Z 64 PC: 12fd7 | Write file or device (See above)
2018-12-25T11:58:55.008836698Z 66 PC: 12fe0 | Move file pointer (See above)
2018-12-25T11:58:55.010049153Z 64 PC: 12feb | Write file or device (See above)
2018-12-25T11:58:55.019324963Z 66 PC: 12ff4 | Move file pointer (See above)
2018-12-25T11:58:55.020587104Z 64 PC: 12fff | Write file or device (See above)
2018-12-25T11:58:55.023123851Z 62 PC: 13003 | Close file (See above)
2018-12-25T11:58:55.031965991Z 79 PC: 12f92 | Find next file (See above)
2018-12-25T11:58:55.03438186Z 42 PC: 12f2c | Get date 0x12f2c: cmp dl, 0x1e
0x12f2f: jne 0x12f7f
0x12f31: mov ah, 0x39
0x12f33: lea dx, word ptr [bp + 0x342]
0x12f37: int 0x21
0x12f39: mov ah, 9
0x12f3b: lea dx, word ptr [bp + 0x35b]
0x12f3f: int 0x21
0x12f41: mov ax, 0x3521
0x12f44: int 0x21
0x12f46: mov word ptr cs:[bp + 0x2f5], bx
0x12f4b: mov word ptr cs:[bp + 0x2f7], es
0x12f50: mov ax, 0x2521
0x12f53: lea dx, word ptr [bp + 0x162]
0x12f57: int 0x21
0x12f59: lea dx, word ptr [bp + 0x38c]
0x12f5d: int 0x27
0x12f5f: pushf
0x12f60: cmp ah, 0x4b
0x12f63: jne 0x12f7d
2018-12-25T11:58:55.036975537Z 26 PC: 12f86 | Set disk transfer address
2018-12-25T11:58:55.039150542Z 26 PC: 12baa | Set disk transfer address
2018-12-25T11:58:55.040161697Z 59 PC: 12bb2 | Change current directory
2018-12-25T11:58:55.041967447Z 78 PC: 12c1f | Find first file
2018-12-25T11:58:55.049094487Z 61 PC: 12c2d | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:58:55.056134713Z 63 PC: 12c39 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:58:55.059896337Z 66 PC: 12c59 | Move file pointer
2018-12-25T11:58:55.061688502Z 64 PC: 12c64 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:58:55.064622531Z 66 PC: 12c6d | Move file pointer
2018-12-25T11:58:55.067255109Z 64 PC: 12c78 | Write file or device (Write 649 bytes on handle 5)
2018-12-25T11:58:55.076603681Z 66 PC: 12c81 | Move file pointer
2018-12-25T11:58:55.078379298Z 64 PC: 12c8c | Write file or device (Write 234 bytes on handle 5)
2018-12-25T11:58:55.082244998Z 62 PC: 12c90 | Close file
2018-12-25T11:58:55.090389478Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:58:55.093357849Z 61 PC: 12c2d | Open file (See above)
2018-12-25T11:58:55.100990676Z 63 PC: 12c39 | Read file or device (See above)
2018-12-25T11:58:55.104027999Z 66 PC: 12c59 | Move file pointer (See above)
2018-12-25T11:58:55.105436955Z 64 PC: 12c64 | Write file or device (See above)
2018-12-25T11:58:55.108801316Z 66 PC: 12c6d | Move file pointer (See above)
2018-12-25T11:58:55.11149483Z 64 PC: 12c78 | Write file or device (See above)
2018-12-25T11:58:55.121446784Z 66 PC: 12c81 | Move file pointer (See above)
2018-12-25T11:58:55.124083948Z 64 PC: 12c8c | Write file or device (See above)
2018-12-25T11:58:55.127299529Z 62 PC: 12c90 | Close file (See above)
2018-12-25T11:58:55.13635799Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:58:55.140023218Z 61 PC: 12c2d | Open file (See above)
2018-12-25T11:58:55.147685989Z 63 PC: 12c39 | Read file or device (See above)
2018-12-25T11:58:55.150341298Z 66 PC: 12c59 | Move file pointer (See above)
2018-12-25T11:58:55.152255828Z 64 PC: 12c64 | Write file or device (See above)
2018-12-25T11:58:55.154813565Z 66 PC: 12c6d | Move file pointer (See above)
2018-12-25T11:58:55.156774891Z 64 PC: 12c78 | Write file or device (See above)
2018-12-25T11:58:55.164921224Z 66 PC: 12c81 | Move file pointer (See above)
2018-12-25T11:58:55.166896859Z 64 PC: 12c8c | Write file or device (See above)
2018-12-25T11:58:55.174034641Z 62 PC: 12c90 | Close file (See above)
2018-12-25T11:58:55.179170776Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:58:55.181149396Z 61 PC: 12c2d | Open file (See above)
2018-12-25T11:58:55.186479193Z 63 PC: 12c39 | Read file or device (See above)
2018-12-25T11:58:55.188243808Z 66 PC: 12c59 | Move file pointer (See above)
2018-12-25T11:58:55.189309774Z 64 PC: 12c64 | Write file or device (See above)
2018-12-25T11:58:55.191891699Z 66 PC: 12c6d | Move file pointer (See above)
2018-12-25T11:58:55.193018769Z 64 PC: 12c78 | Write file or device (See above)
2018-12-25T11:58:55.198885803Z 66 PC: 12c81 | Move file pointer (See above)
2018-12-25T11:58:55.200306459Z 64 PC: 12c8c | Write file or device (See above)
2018-12-25T11:58:55.202402857Z 62 PC: 12c90 | Close file (See above)
2018-12-25T11:58:55.209484818Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:58:55.211718775Z 61 PC: 12c2d | Open file (See above)
2018-12-25T11:58:55.217703441Z 63 PC: 12c39 | Read file or device (See above)
2018-12-25T11:58:55.221296332Z 66 PC: 12c59 | Move file pointer (See above)
2018-12-25T11:58:55.22321504Z 64 PC: 12c64 | Write file or device (See above)
2018-12-25T11:58:55.226671201Z 66 PC: 12c6d | Move file pointer (See above)
2018-12-25T11:58:55.228962839Z 64 PC: 12c78 | Write file or device (See above)
2018-12-25T11:58:55.237189347Z 66 PC: 12c81 | Move file pointer (See above)
2018-12-25T11:58:55.238595889Z 64 PC: 12c8c | Write file or device (See above)
2018-12-25T11:58:55.242202791Z 62 PC: 12c90 | Close file (See above)
2018-12-25T11:58:55.250491045Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:58:55.253203151Z 61 PC: 12c2d | Open file (See above)
2018-12-25T11:58:55.261235917Z 63 PC: 12c39 | Read file or device (See above)
2018-12-25T11:58:55.264080961Z 66 PC: 12c59 | Move file pointer (See above)
2018-12-25T11:58:55.265931894Z 64 PC: 12c64 | Write file or device (See above)
2018-12-25T11:58:55.269698629Z 66 PC: 12c6d | Move file pointer (See above)
2018-12-25T11:58:55.271355878Z 64 PC: 12c78 | Write file or device (See above)
2018-12-25T11:58:55.280216152Z 66 PC: 12c81 | Move file pointer (See above)
2018-12-25T11:58:55.282155557Z 64 PC: 12c8c | Write file or device (See above)
2018-12-25T11:58:55.285005329Z 62 PC: 12c90 | Close file (See above)
2018-12-25T11:58:55.29393673Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:58:55.296905584Z 61 PC: 12c2d | Open file (See above)
2018-12-25T11:58:55.303480245Z 63 PC: 12c39 | Read file or device (See above)
2018-12-25T11:58:55.307113223Z 66 PC: 12c59 | Move file pointer (See above)
2018-12-25T11:58:55.309067396Z 64 PC: 12c64 | Write file or device (See above)
2018-12-25T11:58:55.311872145Z 66 PC: 12c6d | Move file pointer (See above)
2018-12-25T11:58:55.314340383Z 64 PC: 12c78 | Write file or device (See above)
2018-12-25T11:58:55.32278303Z 66 PC: 12c81 | Move file pointer (See above)
2018-12-25T11:58:55.324418266Z 64 PC: 12c8c | Write file or device (See above)
2018-12-25T11:58:55.328092176Z 62 PC: 12c90 | Close file (See above)
2018-12-25T11:58:55.337759238Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:58:55.340624801Z 61 PC: 12c2d | Open file (See above)
2018-12-25T11:58:55.348421258Z 63 PC: 12c39 | Read file or device (See above)
2018-12-25T11:58:55.351264127Z 66 PC: 12c59 | Move file pointer (See above)
2018-12-25T11:58:55.35278417Z 64 PC: 12c64 | Write file or device (See above)
2018-12-25T11:58:55.356803673Z 66 PC: 12c6d | Move file pointer (See above)
2018-12-25T11:58:55.358404211Z 64 PC: 12c78 | Write file or device (See above)
2018-12-25T11:58:55.366741466Z 66 PC: 12c81 | Move file pointer (See above)
2018-12-25T11:58:55.369302909Z 64 PC: 12c8c | Write file or device (See above)
2018-12-25T11:58:55.377305619Z 62 PC: 12c90 | Close file (See above)
2018-12-25T11:58:55.386346683Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:58:55.38936961Z 42 PC: 12bb9 | Get date 0x12bb9: cmp dl, 0x1e
0x12bbc: jne 0x12c0c
0x12bbe: mov ah, 0x39
0x12bc0: lea dx, word ptr [bp + 0x342]
0x12bc4: int 0x21
0x12bc6: mov ah, 9
0x12bc8: lea dx, word ptr [bp + 0x35b]
0x12bcc: int 0x21
0x12bce: mov ax, 0x3521
0x12bd1: int 0x21
0x12bd3: mov word ptr cs:[bp + 0x2f5], bx
0x12bd8: mov word ptr cs:[bp + 0x2f7], es
0x12bdd: mov ax, 0x2521
0x12be0: lea dx, word ptr [bp + 0x162]
0x12be4: int 0x21
0x12be6: lea dx, word ptr [bp + 0x38c]
0x12bea: int 0x27
0x12bec: pushf
0x12bed: cmp ah, 0x4b
0x12bf0: jne 0x12c0a
2018-12-25T11:58:55.391722279Z 26 PC: 12c13 | Set disk transfer address
2018-12-25T11:58:55.394184339Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T11:58:55.400620945Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6240,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:58:54.258875057Z 26 PC: 13603 | Set disk transfer address
2018-12-25T11:58:54.274959512Z 59 PC: 1360b | Change current directory
2018-12-25T11:58:54.277137976Z 78 PC: 13678 | Find first file
2018-12-25T11:58:54.283723302Z 61 PC: 13686 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:58:54.290750955Z 63 PC: 13692 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:58:54.297013863Z 66 PC: 136b2 | Move file pointer
2018-12-25T11:58:54.298319747Z 64 PC: 136bd | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:58:54.303079357Z 66 PC: 136c6 | Move file pointer
2018-12-25T11:58:54.305048626Z 64 PC: 136d1 | Write file or device (Write 649 bytes on handle 5)
2018-12-25T11:58:54.318331252Z 66 PC: 136da | Move file pointer
2018-12-25T11:58:54.320093697Z 64 PC: 136e5 | Write file or device (Write 234 bytes on handle 5)
2018-12-25T11:58:54.324365762Z 62 PC: 136e9 | Close file
2018-12-25T11:58:54.332615181Z 79 PC: 13678 | Find next file (See above)
2018-12-25T11:58:54.337281649Z 61 PC: 13686 | Open file (See above)
2018-12-25T11:58:54.344849676Z 63 PC: 13692 | Read file or device (See above)
2018-12-25T11:58:54.352564417Z 66 PC: 136b2 | Move file pointer (See above)
2018-12-25T11:58:54.353873993Z 64 PC: 136bd | Write file or device (See above)
2018-12-25T11:58:54.358548937Z 66 PC: 136c6 | Move file pointer (See above)
2018-12-25T11:58:54.359921877Z 64 PC: 136d1 | Write file or device (See above)
2018-12-25T11:58:54.3679214Z 66 PC: 136da | Move file pointer (See above)
2018-12-25T11:58:54.370588776Z 64 PC: 136e5 | Write file or device (See above)
2018-12-25T11:58:54.373431095Z 62 PC: 136e9 | Close file (See above)
2018-12-25T11:58:54.381844492Z 79 PC: 13678 | Find next file (See above)
2018-12-25T11:58:54.384886642Z 61 PC: 13686 | Open file (See above)
2018-12-25T11:58:54.393706891Z 63 PC: 13692 | Read file or device (See above)
2018-12-25T11:58:54.400496665Z 66 PC: 136b2 | Move file pointer (See above)
2018-12-25T11:58:54.402191789Z 64 PC: 136bd | Write file or device (See above)
2018-12-25T11:58:54.405363661Z 66 PC: 136c6 | Move file pointer (See above)
2018-12-25T11:58:54.406800431Z 64 PC: 136d1 | Write file or device (See above)
2018-12-25T11:58:54.414887697Z 66 PC: 136da | Move file pointer (See above)
2018-12-25T11:58:54.41715583Z 64 PC: 136e5 | Write file or device (See above)
2018-12-25T11:58:54.419836746Z 62 PC: 136e9 | Close file (See above)
2018-12-25T11:58:54.428348559Z 79 PC: 13678 | Find next file (See above)
2018-12-25T11:58:54.431971473Z 61 PC: 13686 | Open file (See above)
2018-12-25T11:58:54.438753164Z 63 PC: 13692 | Read file or device (See above)
2018-12-25T11:58:54.445434604Z 66 PC: 136b2 | Move file pointer (See above)
2018-12-25T11:58:54.447916475Z 64 PC: 136bd | Write file or device (See above)
2018-12-25T11:58:54.450836022Z 66 PC: 136c6 | Move file pointer (See above)
2018-12-25T11:58:54.452528471Z 64 PC: 136d1 | Write file or device (See above)
2018-12-25T11:58:54.461843341Z 66 PC: 136da | Move file pointer (See above)
2018-12-25T11:58:54.46348277Z 64 PC: 136e5 | Write file or device (See above)
2018-12-25T11:58:54.466095177Z 62 PC: 136e9 | Close file (See above)
2018-12-25T11:58:54.47517775Z 79 PC: 13678 | Find next file (See above)
2018-12-25T11:58:54.477640205Z 61 PC: 13686 | Open file (See above)
2018-12-25T11:58:54.484026299Z 63 PC: 13692 | Read file or device (See above)
2018-12-25T11:58:54.491327185Z 66 PC: 136b2 | Move file pointer (See above)
2018-12-25T11:58:54.493177426Z 64 PC: 136bd | Write file or device (See above)
2018-12-25T11:58:54.495980016Z 66 PC: 136c6 | Move file pointer (See above)
2018-12-25T11:58:54.498488514Z 64 PC: 136d1 | Write file or device (See above)
2018-12-25T11:58:54.506973177Z 66 PC: 136da | Move file pointer (See above)
2018-12-25T11:58:54.508619966Z 64 PC: 136e5 | Write file or device (See above)
2018-12-25T11:58:54.512476985Z 62 PC: 136e9 | Close file (See above)
2018-12-25T11:58:54.520502582Z 79 PC: 13678 | Find next file (See above)
2018-12-25T11:58:54.52325731Z 61 PC: 13686 | Open file (See above)
2018-12-25T11:58:54.530250081Z 63 PC: 13692 | Read file or device (See above)
2018-12-25T11:58:54.536682981Z 66 PC: 136b2 | Move file pointer (See above)
2018-12-25T11:58:54.538318112Z 64 PC: 136bd | Write file or device (See above)
2018-12-25T11:58:54.541184663Z 66 PC: 136c6 | Move file pointer (See above)
2018-12-25T11:58:54.542734224Z 64 PC: 136d1 | Write file or device (See above)
2018-12-25T11:58:54.559498976Z 66 PC: 136da | Move file pointer (See above)
2018-12-25T11:58:54.56135018Z 64 PC: 136e5 | Write file or device (See above)
2018-12-25T11:58:54.564300905Z 62 PC: 136e9 | Close file (See above)
2018-12-25T11:58:54.572177416Z 79 PC: 13678 | Find next file (See above)
2018-12-25T11:58:54.574894565Z 61 PC: 13686 | Open file (See above)
2018-12-25T11:58:54.581615716Z 63 PC: 13692 | Read file or device (See above)
2018-12-25T11:58:54.588070444Z 66 PC: 136b2 | Move file pointer (See above)
2018-12-25T11:58:54.590544857Z 64 PC: 136bd | Write file or device (See above)
2018-12-25T11:58:54.593820892Z 66 PC: 136c6 | Move file pointer (See above)
2018-12-25T11:58:54.59544409Z 64 PC: 136d1 | Write file or device (See above)
2018-12-25T11:58:54.603543421Z 66 PC: 136da | Move file pointer (See above)
2018-12-25T11:58:54.605143161Z 64 PC: 136e5 | Write file or device (See above)
2018-12-25T11:58:54.607969283Z 62 PC: 136e9 | Close file (See above)
2018-12-25T11:58:54.616241613Z 79 PC: 13678 | Find next file (See above)
2018-12-25T11:58:54.619270955Z 61 PC: 13686 | Open file (See above)
2018-12-25T11:58:54.62650839Z 63 PC: 13692 | Read file or device (See above)
2018-12-25T11:58:54.629117536Z 66 PC: 136b2 | Move file pointer (See above)
2018-12-25T11:58:54.630648756Z 64 PC: 136bd | Write file or device (See above)
2018-12-25T11:58:54.633445155Z 66 PC: 136c6 | Move file pointer (See above)
2018-12-25T11:58:54.635260267Z 64 PC: 136d1 | Write file or device (See above)
2018-12-25T11:58:54.644343263Z 66 PC: 136da | Move file pointer (See above)
2018-12-25T11:58:54.649274228Z 64 PC: 136e5 | Write file or device (See above)
2018-12-25T11:58:54.657328709Z 62 PC: 136e9 | Close file (See above)
2018-12-25T11:58:54.665820526Z 79 PC: 13678 | Find next file (See above)
2018-12-25T11:58:54.66848036Z 42 PC: 13612 | Get date 0x13612: cmp dl, 0x1e
0x13615: jne 0x13665
0x13617: mov ah, 0x39
0x13619: lea dx, word ptr [bp + 0x342]
0x1361d: int 0x21
0x1361f: mov ah, 9
0x13621: lea dx, word ptr [bp + 0x35b]
0x13625: int 0x21
0x13627: mov ax, 0x3521
0x1362a: int 0x21
0x1362c: mov word ptr cs:[bp + 0x2f5], bx
0x13631: mov word ptr cs:[bp + 0x2f7], es
0x13636: mov ax, 0x2521
0x13639: lea dx, word ptr [bp + 0x162]
0x1363d: int 0x21
0x1363f: lea dx, word ptr [bp + 0x38c]
0x13643: int 0x27
0x13645: pushf
0x13646: cmp ah, 0x4b
0x13649: jne 0x13663
2018-12-25T11:58:54.670931752Z 26 PC: 1366c | Set disk transfer address
2018-12-25T11:58:54.673630174Z 26 PC: 13290 | Set disk transfer address
2018-12-25T11:58:54.674718218Z 59 PC: 13298 | Change current directory
2018-12-25T11:58:54.676519145Z 78 PC: 13305 | Find first file
2018-12-25T11:58:54.683876369Z 61 PC: 13313 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:58:54.690326497Z 63 PC: 1331f | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:58:54.697373403Z 66 PC: 1333f | Move file pointer
2018-12-25T11:58:54.699684843Z 64 PC: 1334a | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:58:54.702468532Z 66 PC: 13353 | Move file pointer
2018-12-25T11:58:54.703836807Z 64 PC: 1335e | Write file or device (Write 649 bytes on handle 5)
2018-12-25T11:58:54.712806153Z 66 PC: 13367 | Move file pointer
2018-12-25T11:58:54.714505165Z 64 PC: 13372 | Write file or device (Write 234 bytes on handle 5)
2018-12-25T11:58:54.722445556Z 62 PC: 13376 | Close file
2018-12-25T11:58:54.731166442Z 79 PC: 13305 | Find next file (See above)
2018-12-25T11:58:54.733934527Z 61 PC: 13313 | Open file (See above)
2018-12-25T11:58:54.740610337Z 63 PC: 1331f | Read file or device (See above)
2018-12-25T11:58:54.747788519Z 66 PC: 1333f | Move file pointer (See above)
2018-12-25T11:58:54.749121567Z 64 PC: 1334a | Write file or device (See above)
2018-12-25T11:58:54.751641042Z 66 PC: 13353 | Move file pointer (See above)
2018-12-25T11:58:54.753484877Z 64 PC: 1335e | Write file or device (See above)
2018-12-25T11:58:54.762447326Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:58:54.764177205Z 64 PC: 13372 | Write file or device (See above)
2018-12-25T11:58:54.768587887Z 62 PC: 13376 | Close file (See above)
2018-12-25T11:58:54.776708044Z 79 PC: 13305 | Find next file (See above)
2018-12-25T11:58:54.779537301Z 61 PC: 13313 | Open file (See above)
2018-12-25T11:58:54.78696386Z 63 PC: 1331f | Read file or device (See above)
2018-12-25T11:58:54.79332311Z 66 PC: 1333f | Move file pointer (See above)
2018-12-25T11:58:54.79493905Z 64 PC: 1334a | Write file or device (See above)
2018-12-25T11:58:54.798407281Z 66 PC: 13353 | Move file pointer (See above)
2018-12-25T11:58:54.799998444Z 64 PC: 1335e | Write file or device (See above)
2018-12-25T11:58:54.80832115Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:58:54.81068917Z 64 PC: 13372 | Write file or device (See above)
2018-12-25T11:58:54.813837699Z 62 PC: 13376 | Close file (See above)
2018-12-25T11:58:54.821787964Z 79 PC: 13305 | Find next file (See above)
2018-12-25T11:58:54.825294772Z 61 PC: 13313 | Open file (See above)
2018-12-25T11:58:54.832794727Z 63 PC: 1331f | Read file or device (See above)
2018-12-25T11:58:54.839159995Z 66 PC: 1333f | Move file pointer (See above)
2018-12-25T11:58:54.840801496Z 64 PC: 1334a | Write file or device (See above)
2018-12-25T11:58:54.843995566Z 66 PC: 13353 | Move file pointer (See above)
2018-12-25T11:58:54.845587044Z 64 PC: 1335e | Write file or device (See above)
2018-12-25T11:58:54.854424158Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:58:54.856884494Z 64 PC: 13372 | Write file or device (See above)
2018-12-25T11:58:54.859684324Z 62 PC: 13376 | Close file (See above)
2018-12-25T11:58:54.867735046Z 79 PC: 13305 | Find next file (See above)
2018-12-25T11:58:54.871501438Z 61 PC: 13313 | Open file (See above)
2018-12-25T11:58:54.878006412Z 63 PC: 1331f | Read file or device (See above)
2018-12-25T11:58:54.884374751Z 66 PC: 1333f | Move file pointer (See above)
2018-12-25T11:58:54.887009759Z 64 PC: 1334a | Write file or device (See above)
2018-12-25T11:58:54.889796663Z 66 PC: 13353 | Move file pointer (See above)
2018-12-25T11:58:54.891407518Z 64 PC: 1335e | Write file or device (See above)
2018-12-25T11:58:54.901568195Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:58:54.902850499Z 64 PC: 13372 | Write file or device (See above)
2018-12-25T11:58:54.906010883Z 62 PC: 13376 | Close file (See above)
2018-12-25T11:58:54.914833724Z 79 PC: 13305 | Find next file (See above)
2018-12-25T11:58:54.918207189Z 61 PC: 13313 | Open file (See above)
2018-12-25T11:58:54.92506681Z 63 PC: 1331f | Read file or device (See above)
2018-12-25T11:58:54.932751181Z 66 PC: 1333f | Move file pointer (See above)
2018-12-25T11:58:54.93414094Z 64 PC: 1334a | Write file or device (See above)
2018-12-25T11:58:54.936669831Z 66 PC: 13353 | Move file pointer (See above)
2018-12-25T11:58:54.939070388Z 64 PC: 1335e | Write file or device (See above)
2018-12-25T11:58:54.94700223Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:58:54.948425342Z 64 PC: 13372 | Write file or device (See above)
2018-12-25T11:58:54.956737033Z 62 PC: 13376 | Close file (See above)
2018-12-25T11:58:54.964657248Z 79 PC: 13305 | Find next file (See above)
2018-12-25T11:58:54.967177355Z 61 PC: 13313 | Open file (See above)
2018-12-25T11:58:54.974118815Z 63 PC: 1331f | Read file or device (See above)
2018-12-25T11:58:54.980749922Z 66 PC: 1333f | Move file pointer (See above)
2018-12-25T11:58:54.982268836Z 64 PC: 1334a | Write file or device (See above)
2018-12-25T11:58:54.984771588Z 66 PC: 13353 | Move file pointer (See above)
2018-12-25T11:58:54.986851857Z 64 PC: 1335e | Write file or device (See above)
2018-12-25T11:58:54.99475443Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:58:54.996065373Z 64 PC: 13372 | Write file or device (See above)
2018-12-25T11:58:54.999411315Z 62 PC: 13376 | Close file (See above)
2018-12-25T11:58:55.007976844Z 79 PC: 13305 | Find next file (See above)
2018-12-25T11:58:55.010842233Z 61 PC: 13313 | Open file (See above)
2018-12-25T11:58:55.018347575Z 63 PC: 1331f | Read file or device (See above)
2018-12-25T11:58:55.022088224Z 66 PC: 1333f | Move file pointer (See above)
2018-12-25T11:58:55.02377629Z 64 PC: 1334a | Write file or device (See above)
2018-12-25T11:58:55.027174642Z 66 PC: 13353 | Move file pointer (See above)
2018-12-25T11:58:55.028713986Z 64 PC: 1335e | Write file or device (See above)
2018-12-25T11:58:55.036596822Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:58:55.03980674Z 64 PC: 13372 | Write file or device (See above)
2018-12-25T11:58:55.042511009Z 62 PC: 13376 | Close file (See above)
2018-12-25T11:58:55.050332868Z 79 PC: 13305 | Find next file (See above)
2018-12-25T11:58:55.053587394Z 42 PC: 1329f | Get date 0x1329f: cmp dl, 0x1e
0x132a2: jne 0x132f2
0x132a4: mov ah, 0x39
0x132a6: lea dx, word ptr [bp + 0x342]
0x132aa: int 0x21
0x132ac: mov ah, 9
0x132ae: lea dx, word ptr [bp + 0x35b]
0x132b2: int 0x21
0x132b4: mov ax, 0x3521
0x132b7: int 0x21
0x132b9: mov word ptr cs:[bp + 0x2f5], bx
0x132be: mov word ptr cs:[bp + 0x2f7], es
0x132c3: mov ax, 0x2521
0x132c6: lea dx, word ptr [bp + 0x162]
0x132ca: int 0x21
0x132cc: lea dx, word ptr [bp + 0x38c]
0x132d0: int 0x27
0x132d2: pushf
0x132d3: cmp ah, 0x4b
0x132d6: jne 0x132f0
2018-12-25T11:58:55.056031527Z 26 PC: 132f9 | Set disk transfer address
2018-12-25T11:58:55.057417553Z 26 PC: 12f1d | Set disk transfer address
2018-12-25T11:58:55.059406613Z 59 PC: 12f25 | Change current directory
2018-12-25T11:58:55.061522113Z 78 PC: 12f92 | Find first file
2018-12-25T11:58:55.067178797Z 61 PC: 12fa0 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:58:55.073970071Z 63 PC: 12fac | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:58:55.076672831Z 66 PC: 12fcc | Move file pointer
2018-12-25T11:58:55.078109435Z 64 PC: 12fd7 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:58:55.08157146Z 66 PC: 12fe0 | Move file pointer
2018-12-25T11:58:55.083144237Z 64 PC: 12feb | Write file or device (Write 649 bytes on handle 5)
2018-12-25T11:58:55.090881524Z 66 PC: 12ff4 | Move file pointer
2018-12-25T11:58:55.093165389Z 64 PC: 12fff | Write file or device (Write 234 bytes on handle 5)
2018-12-25T11:58:55.096056525Z 62 PC: 13003 | Close file
2018-12-25T11:58:55.104202937Z 79 PC: 12f92 | Find next file (See above)
2018-12-25T11:58:55.107604226Z 61 PC: 12fa0 | Open file (See above)
2018-12-25T11:58:55.11491348Z 63 PC: 12fac | Read file or device (See above)
2018-12-25T11:58:55.117509459Z 66 PC: 12fcc | Move file pointer (See above)
2018-12-25T11:58:55.119542855Z 64 PC: 12fd7 | Write file or device (See above)
2018-12-25T11:58:55.122578322Z 66 PC: 12fe0 | Move file pointer (See above)
2018-12-25T11:58:55.124089426Z 64 PC: 12feb | Write file or device (See above)
2018-12-25T11:58:55.131819253Z 66 PC: 12ff4 | Move file pointer (See above)
2018-12-25T11:58:55.132929591Z 64 PC: 12fff | Write file or device (See above)
2018-12-25T11:58:55.13890882Z 62 PC: 13003 | Close file (See above)
2018-12-25T11:58:55.145207974Z 79 PC: 12f92 | Find next file (See above)
2018-12-25T11:58:55.147245615Z 61 PC: 12fa0 | Open file (See above)
2018-12-25T11:58:55.151653765Z 63 PC: 12fac | Read file or device (See above)
2018-12-25T11:58:55.153911316Z 66 PC: 12fcc | Move file pointer (See above)
2018-12-25T11:58:55.155091759Z 64 PC: 12fd7 | Write file or device (See above)
2018-12-25T11:58:55.156909835Z 66 PC: 12fe0 | Move file pointer (See above)
2018-12-25T11:58:55.15857707Z 64 PC: 12feb | Write file or device (See above)
2018-12-25T11:58:55.164103948Z 66 PC: 12ff4 | Move file pointer (See above)
2018-12-25T11:58:55.165177946Z 64 PC: 12fff | Write file or device (See above)
2018-12-25T11:58:55.171230242Z 62 PC: 13003 | Close file (See above)
2018-12-25T11:58:55.177004193Z 79 PC: 12f92 | Find next file (See above)
2018-12-25T11:58:55.180191477Z 61 PC: 12fa0 | Open file (See above)
2018-12-25T11:58:55.187211813Z 63 PC: 12fac | Read file or device (See above)
2018-12-25T11:58:55.190354162Z 66 PC: 12fcc | Move file pointer (See above)
2018-12-25T11:58:55.192008213Z 64 PC: 12fd7 | Write file or device (See above)
2018-12-25T11:58:55.195911768Z 66 PC: 12fe0 | Move file pointer (See above)
2018-12-25T11:58:55.197345716Z 64 PC: 12feb | Write file or device (See above)
2018-12-25T11:58:55.206261193Z 66 PC: 12ff4 | Move file pointer (See above)
2018-12-25T11:58:55.208285374Z 64 PC: 12fff | Write file or device (See above)
2018-12-25T11:58:55.216395285Z 62 PC: 13003 | Close file (See above)
2018-12-25T11:58:55.22418755Z 79 PC: 12f92 | Find next file (See above)
2018-12-25T11:58:55.227042737Z 61 PC: 12fa0 | Open file (See above)
2018-12-25T11:58:55.231933654Z 63 PC: 12fac | Read file or device (See above)
2018-12-25T11:58:55.23377883Z 66 PC: 12fcc | Move file pointer (See above)
2018-12-25T11:58:55.235685897Z 64 PC: 12fd7 | Write file or device (See above)
2018-12-25T11:58:55.237853951Z 66 PC: 12fe0 | Move file pointer (See above)
2018-12-25T11:58:55.239238488Z 64 PC: 12feb | Write file or device (See above)
2018-12-25T11:58:55.245549953Z 66 PC: 12ff4 | Move file pointer (See above)
2018-12-25T11:58:55.246852687Z 64 PC: 12fff | Write file or device (See above)
2018-12-25T11:58:55.252380882Z 62 PC: 13003 | Close file (See above)
2018-12-25T11:58:55.258527551Z 79 PC: 12f92 | Find next file (See above)
2018-12-25T11:58:55.260517164Z 61 PC: 12fa0 | Open file (See above)
2018-12-25T11:58:55.264605272Z 63 PC: 12fac | Read file or device (See above)
2018-12-25T11:58:55.267043051Z 66 PC: 12fcc | Move file pointer (See above)
2018-12-25T11:58:55.268139059Z 64 PC: 12fd7 | Write file or device (See above)
2018-12-25T11:58:55.270091234Z 66 PC: 12fe0 | Move file pointer (See above)
2018-12-25T11:58:55.271853254Z 64 PC: 12feb | Write file or device (See above)
2018-12-25T11:58:55.277242656Z 66 PC: 12ff4 | Move file pointer (See above)
2018-12-25T11:58:55.278284908Z 64 PC: 12fff | Write file or device (See above)
2018-12-25T11:58:55.28464598Z 62 PC: 13003 | Close file (See above)
2018-12-25T11:58:55.290071397Z 79 PC: 12f92 | Find next file (See above)
2018-12-25T11:58:55.291770544Z 61 PC: 12fa0 | Open file (See above)
2018-12-25T11:58:55.297788162Z 63 PC: 12fac | Read file or device (See above)
2018-12-25T11:58:55.29965126Z 66 PC: 12fcc | Move file pointer (See above)
2018-12-25T11:58:55.300695483Z 64 PC: 12fd7 | Write file or device (See above)
2018-12-25T11:58:55.303648395Z 66 PC: 12fe0 | Move file pointer (See above)
2018-12-25T11:58:55.305179276Z 64 PC: 12feb | Write file or device (See above)
2018-12-25T11:58:55.311196338Z 66 PC: 12ff4 | Move file pointer (See above)
2018-12-25T11:58:55.312827543Z 64 PC: 12fff | Write file or device (See above)
2018-12-25T11:58:55.318693693Z 62 PC: 13003 | Close file (See above)
2018-12-25T11:58:55.324166764Z 79 PC: 12f92 | Find next file (See above)
2018-12-25T11:58:55.326489015Z 61 PC: 12fa0 | Open file (See above)
2018-12-25T11:58:55.330648735Z 63 PC: 12fac | Read file or device (See above)
2018-12-25T11:58:55.332662038Z 66 PC: 12fcc | Move file pointer (See above)
2018-12-25T11:58:55.334319219Z 64 PC: 12fd7 | Write file or device (See above)
2018-12-25T11:58:55.336195621Z 66 PC: 12fe0 | Move file pointer (See above)
2018-12-25T11:58:55.337533062Z 64 PC: 12feb | Write file or device (See above)
2018-12-25T11:58:55.343709017Z 66 PC: 12ff4 | Move file pointer (See above)
2018-12-25T11:58:55.344798138Z 64 PC: 12fff | Write file or device (See above)
2018-12-25T11:58:55.347389676Z 62 PC: 13003 | Close file (See above)
2018-12-25T11:58:55.352915234Z 79 PC: 12f92 | Find next file (See above)
2018-12-25T11:58:55.354738756Z 42 PC: 12f2c | Get date 0x12f2c: cmp dl, 0x1e
0x12f2f: jne 0x12f7f
0x12f31: mov ah, 0x39
0x12f33: lea dx, word ptr [bp + 0x342]
0x12f37: int 0x21
0x12f39: mov ah, 9
0x12f3b: lea dx, word ptr [bp + 0x35b]
0x12f3f: int 0x21
0x12f41: mov ax, 0x3521
0x12f44: int 0x21
0x12f46: mov word ptr cs:[bp + 0x2f5], bx
0x12f4b: mov word ptr cs:[bp + 0x2f7], es
0x12f50: mov ax, 0x2521
0x12f53: lea dx, word ptr [bp + 0x162]
0x12f57: int 0x21
0x12f59: lea dx, word ptr [bp + 0x38c]
0x12f5d: int 0x27
0x12f5f: pushf
0x12f60: cmp ah, 0x4b
0x12f63: jne 0x12f7d
2018-12-25T11:58:55.357119877Z 26 PC: 12f86 | Set disk transfer address
2018-12-25T11:58:55.358279517Z 26 PC: 12baa | Set disk transfer address
2018-12-25T11:58:55.359321656Z 59 PC: 12bb2 | Change current directory
2018-12-25T11:58:55.361378163Z 78 PC: 12c1f | Find first file
2018-12-25T11:58:55.365334116Z 61 PC: 12c2d | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:58:55.369552523Z 63 PC: 12c39 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:58:55.372239377Z 66 PC: 12c59 | Move file pointer
2018-12-25T11:58:55.373409847Z 64 PC: 12c64 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:58:55.375394204Z 66 PC: 12c6d | Move file pointer
2018-12-25T11:58:55.377300081Z 64 PC: 12c78 | Write file or device (Write 649 bytes on handle 5)
2018-12-25T11:58:55.386099362Z 66 PC: 12c81 | Move file pointer
2018-12-25T11:58:55.387911589Z 64 PC: 12c8c | Write file or device (Write 234 bytes on handle 5)
2018-12-25T11:58:55.392265729Z 62 PC: 12c90 | Close file
2018-12-25T11:58:55.417216984Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:58:55.419939261Z 61 PC: 12c2d | Open file (See above)
2018-12-25T11:58:55.427734606Z 63 PC: 12c39 | Read file or device (See above)
2018-12-25T11:58:55.430679436Z 66 PC: 12c59 | Move file pointer (See above)
2018-12-25T11:58:55.432261376Z 64 PC: 12c64 | Write file or device (See above)
2018-12-25T11:58:55.435426441Z 66 PC: 12c6d | Move file pointer (See above)
2018-12-25T11:58:55.437041397Z 64 PC: 12c78 | Write file or device (See above)
2018-12-25T11:58:55.445199184Z 66 PC: 12c81 | Move file pointer (See above)
2018-12-25T11:58:55.447809199Z 64 PC: 12c8c | Write file or device (See above)
2018-12-25T11:58:55.450314534Z 62 PC: 12c90 | Close file (See above)
2018-12-25T11:58:55.458648717Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:58:55.461762046Z 61 PC: 12c2d | Open file (See above)
2018-12-25T11:58:55.46832342Z 63 PC: 12c39 | Read file or device (See above)
2018-12-25T11:58:55.471034897Z 66 PC: 12c59 | Move file pointer (See above)
2018-12-25T11:58:55.472636259Z 64 PC: 12c64 | Write file or device (See above)
2018-12-25T11:58:55.475324375Z 66 PC: 12c6d | Move file pointer (See above)
2018-12-25T11:58:55.477820845Z 64 PC: 12c78 | Write file or device (See above)
2018-12-25T11:58:55.485600275Z 66 PC: 12c81 | Move file pointer (See above)
2018-12-25T11:58:55.487643597Z 64 PC: 12c8c | Write file or device (See above)
2018-12-25T11:58:55.496167072Z 62 PC: 12c90 | Close file (See above)
2018-12-25T11:58:55.504243438Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:58:55.50680596Z 61 PC: 12c2d | Open file (See above)
2018-12-25T11:58:55.51405974Z 63 PC: 12c39 | Read file or device (See above)
2018-12-25T11:58:55.516745905Z 66 PC: 12c59 | Move file pointer (See above)
2018-12-25T11:58:55.517987721Z 64 PC: 12c64 | Write file or device (See above)
2018-12-25T11:58:55.521025832Z 66 PC: 12c6d | Move file pointer (See above)
2018-12-25T11:58:55.522999864Z 64 PC: 12c78 | Write file or device (See above)
2018-12-25T11:58:55.532252162Z 66 PC: 12c81 | Move file pointer (See above)
2018-12-25T11:58:55.534036321Z 64 PC: 12c8c | Write file or device (See above)
2018-12-25T11:58:55.536886505Z 62 PC: 12c90 | Close file (See above)
2018-12-25T11:58:55.545024527Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:58:55.54941573Z 61 PC: 12c2d | Open file (See above)
2018-12-25T11:58:55.555759239Z 63 PC: 12c39 | Read file or device (See above)
2018-12-25T11:58:55.558346464Z 66 PC: 12c59 | Move file pointer (See above)
2018-12-25T11:58:55.561085409Z 64 PC: 12c64 | Write file or device (See above)
2018-12-25T11:58:55.563700802Z 66 PC: 12c6d | Move file pointer (See above)
2018-12-25T11:58:55.565158587Z 64 PC: 12c78 | Write file or device (See above)
2018-12-25T11:58:55.573794686Z 66 PC: 12c81 | Move file pointer (See above)
2018-12-25T11:58:55.575425371Z 64 PC: 12c8c | Write file or device (See above)
2018-12-25T11:58:55.578580581Z 62 PC: 12c90 | Close file (See above)
2018-12-25T11:58:55.586798028Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:58:55.58960085Z 61 PC: 12c2d | Open file (See above)
2018-12-25T11:58:55.597991205Z 63 PC: 12c39 | Read file or device (See above)
2018-12-25T11:58:55.600732146Z 66 PC: 12c59 | Move file pointer (See above)
2018-12-25T11:58:55.602291996Z 64 PC: 12c64 | Write file or device (See above)
2018-12-25T11:58:55.606049418Z 66 PC: 12c6d | Move file pointer (See above)
2018-12-25T11:58:55.607789892Z 64 PC: 12c78 | Write file or device (See above)
2018-12-25T11:58:55.615996783Z 66 PC: 12c81 | Move file pointer (See above)
2018-12-25T11:58:55.618915804Z 64 PC: 12c8c | Write file or device (See above)
2018-12-25T11:58:55.621838799Z 62 PC: 12c90 | Close file (See above)
2018-12-25T11:58:55.630126707Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:58:55.634131131Z 61 PC: 12c2d | Open file (See above)
2018-12-25T11:58:55.640775527Z 63 PC: 12c39 | Read file or device (See above)
2018-12-25T11:58:55.643600463Z 66 PC: 12c59 | Move file pointer (See above)
2018-12-25T11:58:55.645969567Z 64 PC: 12c64 | Write file or device (See above)
2018-12-25T11:58:55.648775536Z 66 PC: 12c6d | Move file pointer (See above)
2018-12-25T11:58:55.651137235Z 64 PC: 12c78 | Write file or device (See above)
2018-12-25T11:58:55.660084154Z 66 PC: 12c81 | Move file pointer (See above)
2018-12-25T11:58:55.661410173Z 64 PC: 12c8c | Write file or device (See above)
2018-12-25T11:58:55.664705212Z 62 PC: 12c90 | Close file (See above)
2018-12-25T11:58:55.673692569Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:58:55.676598716Z 61 PC: 12c2d | Open file (See above)
2018-12-25T11:58:55.684290171Z 63 PC: 12c39 | Read file or device (See above)
2018-12-25T11:58:55.687227862Z 66 PC: 12c59 | Move file pointer (See above)
2018-12-25T11:58:55.688940128Z 64 PC: 12c64 | Write file or device (See above)
2018-12-25T11:58:55.693241405Z 66 PC: 12c6d | Move file pointer (See above)
2018-12-25T11:58:55.694935537Z 64 PC: 12c78 | Write file or device (See above)
2018-12-25T11:58:55.703892155Z 66 PC: 12c81 | Move file pointer (See above)
2018-12-25T11:58:55.706056925Z 64 PC: 12c8c | Write file or device (See above)
2018-12-25T11:58:55.713726378Z 62 PC: 12c90 | Close file (See above)
2018-12-25T11:58:55.722586971Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:58:55.724975364Z 42 PC: 12bb9 | Get date 0x12bb9: cmp dl, 0x1e
0x12bbc: jne 0x12c0c
0x12bbe: mov ah, 0x39
0x12bc0: lea dx, word ptr [bp + 0x342]
0x12bc4: int 0x21
0x12bc6: mov ah, 9
0x12bc8: lea dx, word ptr [bp + 0x35b]
0x12bcc: int 0x21
0x12bce: mov ax, 0x3521
0x12bd1: int 0x21
0x12bd3: mov word ptr cs:[bp + 0x2f5], bx
0x12bd8: mov word ptr cs:[bp + 0x2f7], es
0x12bdd: mov ax, 0x2521
0x12be0: lea dx, word ptr [bp + 0x162]
0x12be4: int 0x21
0x12be6: lea dx, word ptr [bp + 0x38c]
0x12bea: int 0x27
0x12bec: pushf
0x12bed: cmp ah, 0x4b
0x12bf0: jne 0x12c0a
2018-12-25T11:58:55.727187947Z 26 PC: 12c13 | Set disk transfer address
2018-12-25T11:58:55.728914187Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T11:58:55.734193821Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6240,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:58:57.343066964Z 26 PC: 13603 | Set disk transfer address
2018-12-25T11:58:57.344443475Z 59 PC: 1360b | Change current directory
2018-12-25T11:58:57.346664656Z 78 PC: 13678 | Find first file
2018-12-25T11:58:57.350893907Z 61 PC: 13686 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:58:57.356112948Z 63 PC: 13692 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:58:57.361433697Z 66 PC: 136b2 | Move file pointer
2018-12-25T11:58:57.362717764Z 64 PC: 136bd | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:58:57.364912374Z 66 PC: 136c6 | Move file pointer
2018-12-25T11:58:57.366642578Z 64 PC: 136d1 | Write file or device (Write 649 bytes on handle 5)
2018-12-25T11:58:57.386002837Z 66 PC: 136da | Move file pointer
2018-12-25T11:58:57.389342487Z 64 PC: 136e5 | Write file or device (Write 234 bytes on handle 5)
2018-12-25T11:58:57.394318683Z 62 PC: 136e9 | Close file
2018-12-25T11:58:57.405150656Z 79 PC: 13678 | Find next file (See above)
2018-12-25T11:58:57.41026416Z 61 PC: 13686 | Open file (See above)
2018-12-25T11:58:57.419012724Z 63 PC: 13692 | Read file or device (See above)
2018-12-25T11:58:57.42471122Z 66 PC: 136b2 | Move file pointer (See above)
2018-12-25T11:58:57.426565481Z 64 PC: 136bd | Write file or device (See above)
2018-12-25T11:58:57.429022344Z 66 PC: 136c6 | Move file pointer (See above)
2018-12-25T11:58:57.430954912Z 64 PC: 136d1 | Write file or device (See above)
2018-12-25T11:58:57.440141651Z 66 PC: 136da | Move file pointer (See above)
2018-12-25T11:58:57.442554538Z 64 PC: 136e5 | Write file or device (See above)
2018-12-25T11:58:57.44632011Z 62 PC: 136e9 | Close file (See above)
2018-12-25T11:58:57.455257261Z 79 PC: 13678 | Find next file (See above)
2018-12-25T11:58:57.45847851Z 61 PC: 13686 | Open file (See above)
2018-12-25T11:58:57.467788113Z 63 PC: 13692 | Read file or device (See above)
2018-12-25T11:58:57.475261027Z 66 PC: 136b2 | Move file pointer (See above)
2018-12-25T11:58:57.477197499Z 64 PC: 136bd | Write file or device (See above)
2018-12-25T11:58:57.48150721Z 66 PC: 136c6 | Move file pointer (See above)
2018-12-25T11:58:57.483160862Z 64 PC: 136d1 | Write file or device (See above)
2018-12-25T11:58:57.492619002Z 66 PC: 136da | Move file pointer (See above)
2018-12-25T11:58:57.494654139Z 64 PC: 136e5 | Write file or device (See above)
2018-12-25T11:58:57.498048509Z 62 PC: 136e9 | Close file (See above)
2018-12-25T11:58:57.507567339Z 79 PC: 13678 | Find next file (See above)
2018-12-25T11:58:57.511391929Z 61 PC: 13686 | Open file (See above)
2018-12-25T11:58:57.518707656Z 63 PC: 13692 | Read file or device (See above)
2018-12-25T11:58:57.526161364Z 66 PC: 136b2 | Move file pointer (See above)
2018-12-25T11:58:57.527800377Z 64 PC: 136bd | Write file or device (See above)
2018-12-25T11:58:57.53147465Z 66 PC: 136c6 | Move file pointer (See above)
2018-12-25T11:58:57.533511563Z 64 PC: 136d1 | Write file or device (See above)
2018-12-25T11:58:57.542874465Z 66 PC: 136da | Move file pointer (See above)
2018-12-25T11:58:57.545924572Z 64 PC: 136e5 | Write file or device (See above)
2018-12-25T11:58:57.549297533Z 62 PC: 136e9 | Close file (See above)
2018-12-25T11:58:57.559166181Z 79 PC: 13678 | Find next file (See above)
2018-12-25T11:58:57.563596922Z 61 PC: 13686 | Open file (See above)
2018-12-25T11:58:57.571742648Z 63 PC: 13692 | Read file or device (See above)
2018-12-25T11:58:57.57925626Z 66 PC: 136b2 | Move file pointer (See above)
2018-12-25T11:58:57.582265226Z 64 PC: 136bd | Write file or device (See above)
2018-12-25T11:58:57.586088022Z 66 PC: 136c6 | Move file pointer (See above)
2018-12-25T11:58:57.588118994Z 64 PC: 136d1 | Write file or device (See above)
2018-12-25T11:58:57.598325185Z 66 PC: 136da | Move file pointer (See above)
2018-12-25T11:58:57.600714055Z 64 PC: 136e5 | Write file or device (See above)
2018-12-25T11:58:57.604123194Z 62 PC: 136e9 | Close file (See above)
2018-12-25T11:58:57.613592012Z 79 PC: 13678 | Find next file (See above)
2018-12-25T11:58:57.617537543Z 61 PC: 13686 | Open file (See above)
2018-12-25T11:58:57.626019175Z 63 PC: 13692 | Read file or device (See above)
2018-12-25T11:58:57.633271962Z 66 PC: 136b2 | Move file pointer (See above)
2018-12-25T11:58:57.635728132Z 64 PC: 136bd | Write file or device (See above)
2018-12-25T11:58:57.638679163Z 66 PC: 136c6 | Move file pointer (See above)
2018-12-25T11:58:57.64080513Z 64 PC: 136d1 | Write file or device (See above)
2018-12-25T11:58:57.652577176Z 66 PC: 136da | Move file pointer (See above)
2018-12-25T11:58:57.655035905Z 64 PC: 136e5 | Write file or device (See above)
2018-12-25T11:58:57.658489894Z 62 PC: 136e9 | Close file (See above)
2018-12-25T11:58:57.668817608Z 79 PC: 13678 | Find next file (See above)
2018-12-25T11:58:57.671983906Z 61 PC: 13686 | Open file (See above)
2018-12-25T11:58:57.677654236Z 63 PC: 13692 | Read file or device (See above)
2018-12-25T11:58:57.691595335Z 66 PC: 136b2 | Move file pointer (See above)
2018-12-25T11:58:57.692965386Z 64 PC: 136bd | Write file or device (See above)
2018-12-25T11:58:57.696526397Z 66 PC: 136c6 | Move file pointer (See above)
2018-12-25T11:58:57.698491456Z 64 PC: 136d1 | Write file or device (See above)
2018-12-25T11:58:57.707504679Z 66 PC: 136da | Move file pointer (See above)
2018-12-25T11:58:57.725530466Z 64 PC: 136e5 | Write file or device (See above)
2018-12-25T11:58:57.728655721Z 62 PC: 136e9 | Close file (See above)
2018-12-25T11:58:57.740042831Z 79 PC: 13678 | Find next file (See above)
2018-12-25T11:58:57.743195778Z 61 PC: 13686 | Open file (See above)
2018-12-25T11:58:57.756906821Z 63 PC: 13692 | Read file or device (See above)
2018-12-25T11:58:57.762666386Z 66 PC: 136b2 | Move file pointer (See above)
2018-12-25T11:58:57.764321423Z 64 PC: 136bd | Write file or device (See above)
2018-12-25T11:58:57.771281778Z 66 PC: 136c6 | Move file pointer (See above)
2018-12-25T11:58:57.774356423Z 64 PC: 136d1 | Write file or device (See above)
2018-12-25T11:58:57.783594881Z 66 PC: 136da | Move file pointer (See above)
2018-12-25T11:58:57.785251331Z 64 PC: 136e5 | Write file or device (See above)
2018-12-25T11:58:57.795814978Z 62 PC: 136e9 | Close file (See above)
2018-12-25T11:58:57.805922936Z 79 PC: 13678 | Find next file (See above)
2018-12-25T11:58:57.80905944Z 42 PC: 13612 | Get date 0x13612: cmp dl, 0x1e
0x13615: jne 0x13665
0x13617: mov ah, 0x39
0x13619: lea dx, word ptr [bp + 0x342]
0x1361d: int 0x21
0x1361f: mov ah, 9
0x13621: lea dx, word ptr [bp + 0x35b]
0x13625: int 0x21
0x13627: mov ax, 0x3521
0x1362a: int 0x21
0x1362c: mov word ptr cs:[bp + 0x2f5], bx
0x13631: mov word ptr cs:[bp + 0x2f7], es
0x13636: mov ax, 0x2521
0x13639: lea dx, word ptr [bp + 0x162]
0x1363d: int 0x21
0x1363f: lea dx, word ptr [bp + 0x38c]
0x13643: int 0x27
0x13645: pushf
0x13646: cmp ah, 0x4b
0x13649: jne 0x13663
2018-12-25T11:58:57.811952261Z 26 PC: 1366c | Set disk transfer address
2018-12-25T11:58:57.814586046Z 26 PC: 13290 | Set disk transfer address
2018-12-25T11:58:57.816223595Z 59 PC: 13298 | Change current directory
2018-12-25T11:58:57.818633141Z 78 PC: 13305 | Find first file
2018-12-25T11:58:57.827132584Z 61 PC: 13313 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:58:57.834850484Z 63 PC: 1331f | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:58:57.842502953Z 66 PC: 1333f | Move file pointer
2018-12-25T11:58:57.845527183Z 64 PC: 1334a | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:58:57.849617085Z 66 PC: 13353 | Move file pointer
2018-12-25T11:58:57.851643227Z 64 PC: 1335e | Write file or device (Write 649 bytes on handle 5)
2018-12-25T11:58:57.862280837Z 66 PC: 13367 | Move file pointer
2018-12-25T11:58:57.864319515Z 64 PC: 13372 | Write file or device (Write 234 bytes on handle 5)
2018-12-25T11:58:57.873651114Z 62 PC: 13376 | Close file
2018-12-25T11:58:57.884243567Z 79 PC: 13305 | Find next file (See above)
2018-12-25T11:58:57.889187398Z 61 PC: 13313 | Open file (See above)
2018-12-25T11:58:57.896893424Z 63 PC: 1331f | Read file or device (See above)
2018-12-25T11:58:57.904235797Z 66 PC: 1333f | Move file pointer (See above)
2018-12-25T11:58:57.906818313Z 64 PC: 1334a | Write file or device (See above)
2018-12-25T11:58:57.910116237Z 66 PC: 13353 | Move file pointer (See above)
2018-12-25T11:58:57.912020592Z 64 PC: 1335e | Write file or device (See above)
2018-12-25T11:58:57.92218517Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:58:57.923848059Z 64 PC: 13372 | Write file or device (See above)
2018-12-25T11:58:57.926947715Z 62 PC: 13376 | Close file (See above)
2018-12-25T11:58:57.936474524Z 79 PC: 13305 | Find next file (See above)
2018-12-25T11:58:57.939574797Z 61 PC: 13313 | Open file (See above)
2018-12-25T11:58:57.947132929Z 63 PC: 1331f | Read file or device (See above)
2018-12-25T11:58:57.955089381Z 66 PC: 1333f | Move file pointer (See above)
2018-12-25T11:58:57.956863889Z 64 PC: 1334a | Write file or device (See above)
2018-12-25T11:58:57.95972766Z 66 PC: 13353 | Move file pointer (See above)
2018-12-25T11:58:57.961976601Z 64 PC: 1335e | Write file or device (See above)
2018-12-25T11:58:57.972056961Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:58:57.973989082Z 64 PC: 13372 | Write file or device (See above)
2018-12-25T11:58:57.978176945Z 62 PC: 13376 | Close file (See above)
2018-12-25T11:58:57.987666502Z 79 PC: 13305 | Find next file (See above)
2018-12-25T11:58:57.99073019Z 61 PC: 13313 | Open file (See above)
2018-12-25T11:58:57.99938021Z 63 PC: 1331f | Read file or device (See above)
2018-12-25T11:58:58.006896564Z 66 PC: 1333f | Move file pointer (See above)
2018-12-25T11:58:58.008662689Z 64 PC: 1334a | Write file or device (See above)
2018-12-25T11:58:58.012015934Z 66 PC: 13353 | Move file pointer (See above)
2018-12-25T11:58:58.013942679Z 64 PC: 1335e | Write file or device (See above)
2018-12-25T11:58:58.023329072Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:58:58.025991486Z 64 PC: 13372 | Write file or device (See above)
2018-12-25T11:58:58.029287923Z 62 PC: 13376 | Close file (See above)
2018-12-25T11:58:58.038070651Z 79 PC: 13305 | Find next file (See above)
2018-12-25T11:58:58.041099209Z 61 PC: 13313 | Open file (See above)
2018-12-25T11:58:58.048950502Z 63 PC: 1331f | Read file or device (See above)
2018-12-25T11:58:58.056617347Z 66 PC: 1333f | Move file pointer (See above)
2018-12-25T11:58:58.058439456Z 64 PC: 1334a | Write file or device (See above)
2018-12-25T11:58:58.062173221Z 66 PC: 13353 | Move file pointer (See above)
2018-12-25T11:58:58.064559578Z 64 PC: 1335e | Write file or device (See above)
2018-12-25T11:58:58.071309934Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:58:58.072995015Z 64 PC: 13372 | Write file or device (See above)
2018-12-25T11:58:58.07560485Z 62 PC: 13376 | Close file (See above)
2018-12-25T11:58:58.081772286Z 79 PC: 13305 | Find next file (See above)
2018-12-25T11:58:58.084352696Z 61 PC: 13313 | Open file (See above)
2018-12-25T11:58:58.089644555Z 63 PC: 1331f | Read file or device (See above)
2018-12-25T11:58:58.095057045Z 66 PC: 1333f | Move file pointer (See above)
2018-12-25T11:58:58.098010808Z 64 PC: 1334a | Write file or device (See above)
2018-12-25T11:58:58.101046864Z 66 PC: 13353 | Move file pointer (See above)
2018-12-25T11:58:58.102796257Z 64 PC: 1335e | Write file or device (See above)
2018-12-25T11:58:58.112802012Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:58:58.114298241Z 64 PC: 13372 | Write file or device (See above)
2018-12-25T11:58:58.123382181Z 62 PC: 13376 | Close file (See above)
2018-12-25T11:58:58.133497686Z 79 PC: 13305 | Find next file (See above)
2018-12-25T11:58:58.136522057Z 61 PC: 13313 | Open file (See above)
2018-12-25T11:58:58.143968789Z 63 PC: 1331f | Read file or device (See above)
2018-12-25T11:58:58.152129731Z 66 PC: 1333f | Move file pointer (See above)
2018-12-25T11:58:58.154117648Z 64 PC: 1334a | Write file or device (See above)
2018-12-25T11:58:58.158164861Z 66 PC: 13353 | Move file pointer (See above)
2018-12-25T11:58:58.160802678Z 64 PC: 1335e | Write file or device (See above)
2018-12-25T11:58:58.170138537Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:58:58.171784954Z 64 PC: 13372 | Write file or device (See above)
2018-12-25T11:58:58.175437799Z 62 PC: 13376 | Close file (See above)
2018-12-25T11:58:58.184106217Z 79 PC: 13305 | Find next file (See above)
2018-12-25T11:58:58.187649464Z 61 PC: 13313 | Open file (See above)
2018-12-25T11:58:58.195382614Z 63 PC: 1331f | Read file or device (See above)
2018-12-25T11:58:58.198163797Z 66 PC: 1333f | Move file pointer (See above)
2018-12-25T11:58:58.199822018Z 64 PC: 1334a | Write file or device (See above)
2018-12-25T11:58:58.203346949Z 66 PC: 13353 | Move file pointer (See above)
2018-12-25T11:58:58.204838626Z 64 PC: 1335e | Write file or device (See above)
2018-12-25T11:58:58.213594045Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:58:58.216417119Z 64 PC: 13372 | Write file or device (See above)
2018-12-25T11:58:58.219464556Z 62 PC: 13376 | Close file (See above)
2018-12-25T11:58:58.228923547Z 79 PC: 13305 | Find next file (See above)
2018-12-25T11:58:58.23237706Z 42 PC: 1329f | Get date 0x1329f: cmp dl, 0x1e
0x132a2: jne 0x132f2
0x132a4: mov ah, 0x39
0x132a6: lea dx, word ptr [bp + 0x342]
0x132aa: int 0x21
0x132ac: mov ah, 9
0x132ae: lea dx, word ptr [bp + 0x35b]
0x132b2: int 0x21
0x132b4: mov ax, 0x3521
0x132b7: int 0x21
0x132b9: mov word ptr cs:[bp + 0x2f5], bx
0x132be: mov word ptr cs:[bp + 0x2f7], es
0x132c3: mov ax, 0x2521
0x132c6: lea dx, word ptr [bp + 0x162]
0x132ca: int 0x21
0x132cc: lea dx, word ptr [bp + 0x38c]
0x132d0: int 0x27
0x132d2: pushf
0x132d3: cmp ah, 0x4b
0x132d6: jne 0x132f0
2018-12-25T11:58:58.234712962Z 26 PC: 132f9 | Set disk transfer address
2018-12-25T11:58:58.236101029Z 26 PC: 12f1d | Set disk transfer address
2018-12-25T11:58:58.237724523Z 59 PC: 12f25 | Change current directory
2018-12-25T11:58:58.239754395Z 78 PC: 12f92 | Find first file
2018-12-25T11:58:58.246789732Z 61 PC: 12fa0 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:58:58.255787663Z 63 PC: 12fac | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:58:58.25895546Z 66 PC: 12fcc | Move file pointer
2018-12-25T11:58:58.26109011Z 64 PC: 12fd7 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:58:58.264543627Z 66 PC: 12fe0 | Move file pointer
2018-12-25T11:58:58.266038412Z 64 PC: 12feb | Write file or device (Write 649 bytes on handle 5)
2018-12-25T11:58:58.274589027Z 66 PC: 12ff4 | Move file pointer
2018-12-25T11:58:58.276954346Z 64 PC: 12fff | Write file or device (Write 234 bytes on handle 5)
2018-12-25T11:58:58.279915177Z 62 PC: 13003 | Close file
2018-12-25T11:58:58.289052282Z 79 PC: 12f92 | Find next file (See above)
2018-12-25T11:58:58.293277882Z 61 PC: 12fa0 | Open file (See above)
2018-12-25T11:58:58.298458537Z 63 PC: 12fac | Read file or device (See above)
2018-12-25T11:58:58.300529985Z 66 PC: 12fcc | Move file pointer (See above)
2018-12-25T11:58:58.302636109Z 64 PC: 12fd7 | Write file or device (See above)
2018-12-25T11:58:58.305826093Z 66 PC: 12fe0 | Move file pointer (See above)
2018-12-25T11:58:58.30799997Z 64 PC: 12feb | Write file or device (See above)
2018-12-25T11:58:58.31778219Z 66 PC: 12ff4 | Move file pointer (See above)
2018-12-25T11:58:58.319560918Z 64 PC: 12fff | Write file or device (See above)
2018-12-25T11:58:58.328721022Z 62 PC: 13003 | Close file (See above)
2018-12-25T11:58:58.339010495Z 79 PC: 12f92 | Find next file (See above)
2018-12-25T11:58:58.341933202Z 61 PC: 12fa0 | Open file (See above)
2018-12-25T11:58:58.349470007Z 63 PC: 12fac | Read file or device (See above)
2018-12-25T11:58:58.353774169Z 66 PC: 12fcc | Move file pointer (See above)
2018-12-25T11:58:58.355283989Z 64 PC: 12fd7 | Write file or device (See above)
2018-12-25T11:58:58.35856589Z 66 PC: 12fe0 | Move file pointer (See above)
2018-12-25T11:58:58.361196922Z 64 PC: 12feb | Write file or device (See above)
2018-12-25T11:58:58.370730314Z 66 PC: 12ff4 | Move file pointer (See above)
2018-12-25T11:58:58.372445824Z 64 PC: 12fff | Write file or device (See above)
2018-12-25T11:58:58.379906296Z 62 PC: 13003 | Close file (See above)
2018-12-25T11:58:58.38580336Z 79 PC: 12f92 | Find next file (See above)
2018-12-25T11:58:58.388200904Z 61 PC: 12fa0 | Open file (See above)
2018-12-25T11:58:58.394489245Z 63 PC: 12fac | Read file or device (See above)
2018-12-25T11:58:58.396504461Z 66 PC: 12fcc | Move file pointer (See above)
2018-12-25T11:58:58.398001282Z 64 PC: 12fd7 | Write file or device (See above)
2018-12-25T11:58:58.400612537Z 66 PC: 12fe0 | Move file pointer (See above)
2018-12-25T11:58:58.40196426Z 64 PC: 12feb | Write file or device (See above)
2018-12-25T11:58:58.409057108Z 66 PC: 12ff4 | Move file pointer (See above)
2018-12-25T11:58:58.411380054Z 64 PC: 12fff | Write file or device (See above)
2018-12-25T11:58:58.417963117Z 62 PC: 13003 | Close file (See above)
2018-12-25T11:58:58.427709064Z 79 PC: 12f92 | Find next file (See above)
2018-12-25T11:58:58.432081087Z 61 PC: 12fa0 | Open file (See above)
2018-12-25T11:58:58.441274567Z 63 PC: 12fac | Read file or device (See above)
2018-12-25T11:58:58.444644957Z 66 PC: 12fcc | Move file pointer (See above)
2018-12-25T11:58:58.44753998Z 64 PC: 12fd7 | Write file or device (See above)
2018-12-25T11:58:58.451367473Z 66 PC: 12fe0 | Move file pointer (See above)
2018-12-25T11:58:58.453472191Z 64 PC: 12feb | Write file or device (See above)
2018-12-25T11:58:58.463231657Z 66 PC: 12ff4 | Move file pointer (See above)
2018-12-25T11:58:58.466307913Z 64 PC: 12fff | Write file or device (See above)
2018-12-25T11:58:58.477752767Z 62 PC: 13003 | Close file (See above)
2018-12-25T11:58:58.487564499Z 79 PC: 12f92 | Find next file (See above)
2018-12-25T11:58:58.492207595Z 61 PC: 12fa0 | Open file (See above)
2018-12-25T11:58:58.500148002Z 63 PC: 12fac | Read file or device (See above)
2018-12-25T11:58:58.504409359Z 66 PC: 12fcc | Move file pointer (See above)
2018-12-25T11:58:58.5076731Z 64 PC: 12fd7 | Write file or device (See above)
2018-12-25T11:58:58.511139977Z 66 PC: 12fe0 | Move file pointer (See above)
2018-12-25T11:58:58.513091989Z 64 PC: 12feb | Write file or device (See above)
2018-12-25T11:58:58.522918281Z 66 PC: 12ff4 | Move file pointer (See above)
2018-12-25T11:58:58.525035836Z 64 PC: 12fff | Write file or device (See above)
2018-12-25T11:58:58.534313093Z 62 PC: 13003 | Close file (See above)
2018-12-25T11:58:58.548116589Z 79 PC: 12f92 | Find next file (See above)
2018-12-25T11:58:58.551720559Z 61 PC: 12fa0 | Open file (See above)
2018-12-25T11:58:58.56026394Z 63 PC: 12fac | Read file or device (See above)
2018-12-25T11:58:58.564937432Z 66 PC: 12fcc | Move file pointer (See above)
2018-12-25T11:58:58.56690898Z 64 PC: 12fd7 | Write file or device (See above)
2018-12-25T11:58:58.570968046Z 66 PC: 12fe0 | Move file pointer (See above)
2018-12-25T11:58:58.57340989Z 64 PC: 12feb | Write file or device (See above)
2018-12-25T11:58:58.582290737Z 66 PC: 12ff4 | Move file pointer (See above)
2018-12-25T11:58:58.583912856Z 64 PC: 12fff | Write file or device (See above)
2018-12-25T11:58:58.593597804Z 62 PC: 13003 | Close file (See above)
2018-12-25T11:58:58.602766938Z 79 PC: 12f92 | Find next file (See above)
2018-12-25T11:58:58.605785252Z 61 PC: 12fa0 | Open file (See above)
2018-12-25T11:58:58.613865251Z 63 PC: 12fac | Read file or device (See above)
2018-12-25T11:58:58.617054988Z 66 PC: 12fcc | Move file pointer (See above)
2018-12-25T11:58:58.619020928Z 64 PC: 12fd7 | Write file or device (See above)
2018-12-25T11:58:58.623091918Z 66 PC: 12fe0 | Move file pointer (See above)
2018-12-25T11:58:58.625098615Z 64 PC: 12feb | Write file or device (See above)
2018-12-25T11:58:58.635025792Z 66 PC: 12ff4 | Move file pointer (See above)
2018-12-25T11:58:58.637977179Z 64 PC: 12fff | Write file or device (See above)
2018-12-25T11:58:58.642285349Z 62 PC: 13003 | Close file (See above)
2018-12-25T11:58:58.905001458Z 79 PC: 12f92 | Find next file (See above)
2018-12-25T11:58:58.909385939Z 42 PC: 12f2c | Get date 0x12f2c: cmp dl, 0x1e
0x12f2f: jne 0x12f7f
0x12f31: mov ah, 0x39
0x12f33: lea dx, word ptr [bp + 0x342]
0x12f37: int 0x21
0x12f39: mov ah, 9
0x12f3b: lea dx, word ptr [bp + 0x35b]
0x12f3f: int 0x21
0x12f41: mov ax, 0x3521
0x12f44: int 0x21
0x12f46: mov word ptr cs:[bp + 0x2f5], bx
0x12f4b: mov word ptr cs:[bp + 0x2f7], es
0x12f50: mov ax, 0x2521
0x12f53: lea dx, word ptr [bp + 0x162]
0x12f57: int 0x21
0x12f59: lea dx, word ptr [bp + 0x38c]
0x12f5d: int 0x27
0x12f5f: pushf
0x12f60: cmp ah, 0x4b
0x12f63: jne 0x12f7d
2018-12-25T11:58:58.912240613Z 26 PC: 12f86 | Set disk transfer address
2018-12-25T11:58:58.913998815Z 26 PC: 12baa | Set disk transfer address
2018-12-25T11:58:58.917326746Z 59 PC: 12bb2 | Change current directory
2018-12-25T11:58:58.919511107Z 78 PC: 12c1f | Find first file
2018-12-25T11:58:58.926464723Z 61 PC: 12c2d | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:58:58.935321598Z 63 PC: 12c39 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:58:58.938156831Z 66 PC: 12c59 | Move file pointer
2018-12-25T11:58:58.939394509Z 64 PC: 12c64 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:58:58.942899418Z 66 PC: 12c6d | Move file pointer
2018-12-25T11:58:58.944423062Z 64 PC: 12c78 | Write file or device (Write 649 bytes on handle 5)
2018-12-25T11:58:58.971419447Z 66 PC: 12c81 | Move file pointer
2018-12-25T11:58:58.973818547Z 64 PC: 12c8c | Write file or device (Write 234 bytes on handle 5)
2018-12-25T11:58:58.977476429Z 62 PC: 12c90 | Close file
2018-12-25T11:58:58.988504221Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:58:58.992985087Z 61 PC: 12c2d | Open file (See above)
2018-12-25T11:58:59.001875403Z 63 PC: 12c39 | Read file or device (See above)
2018-12-25T11:58:59.005085094Z 66 PC: 12c59 | Move file pointer (See above)
2018-12-25T11:58:59.007150691Z 64 PC: 12c64 | Write file or device (See above)
2018-12-25T11:58:59.010383304Z 66 PC: 12c6d | Move file pointer (See above)
2018-12-25T11:58:59.011790273Z 64 PC: 12c78 | Write file or device (See above)
2018-12-25T11:58:59.021808807Z 66 PC: 12c81 | Move file pointer (See above)
2018-12-25T11:58:59.02644806Z 64 PC: 12c8c | Write file or device (See above)
2018-12-25T11:58:59.031956985Z 62 PC: 12c90 | Close file (See above)
2018-12-25T11:58:59.041890395Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:58:59.045591303Z 61 PC: 12c2d | Open file (See above)
2018-12-25T11:58:59.05223281Z 63 PC: 12c39 | Read file or device (See above)
2018-12-25T11:58:59.054829814Z 66 PC: 12c59 | Move file pointer (See above)
2018-12-25T11:58:59.05606697Z 64 PC: 12c64 | Write file or device (See above)
2018-12-25T11:58:59.058174185Z 66 PC: 12c6d | Move file pointer (See above)
2018-12-25T11:58:59.060237138Z 64 PC: 12c78 | Write file or device (See above)
2018-12-25T11:58:59.065722317Z 66 PC: 12c81 | Move file pointer (See above)
2018-12-25T11:58:59.067057936Z 64 PC: 12c8c | Write file or device (See above)
2018-12-25T11:58:59.07306623Z 62 PC: 12c90 | Close file (See above)
2018-12-25T11:58:59.078972876Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:58:59.081329075Z 61 PC: 12c2d | Open file (See above)
2018-12-25T11:58:59.086658747Z 63 PC: 12c39 | Read file or device (See above)
2018-12-25T11:58:59.088592237Z 66 PC: 12c59 | Move file pointer (See above)
2018-12-25T11:58:59.090178937Z 64 PC: 12c64 | Write file or device (See above)
2018-12-25T11:58:59.093204047Z 66 PC: 12c6d | Move file pointer (See above)
2018-12-25T11:58:59.094449913Z 64 PC: 12c78 | Write file or device (See above)
2018-12-25T11:58:59.100471384Z 66 PC: 12c81 | Move file pointer (See above)
2018-12-25T11:58:59.102336597Z 64 PC: 12c8c | Write file or device (See above)
2018-12-25T11:58:59.104381808Z 62 PC: 12c90 | Close file (See above)
2018-12-25T11:58:59.113015865Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:58:59.116707762Z 61 PC: 12c2d | Open file (See above)
2018-12-25T11:58:59.124330638Z 63 PC: 12c39 | Read file or device (See above)
2018-12-25T11:58:59.127938323Z 66 PC: 12c59 | Move file pointer (See above)
2018-12-25T11:58:59.130674609Z 64 PC: 12c64 | Write file or device (See above)
2018-12-25T11:58:59.133278543Z 66 PC: 12c6d | Move file pointer (See above)
2018-12-25T11:58:59.135029922Z 64 PC: 12c78 | Write file or device (See above)
2018-12-25T11:58:59.144953558Z 66 PC: 12c81 | Move file pointer (See above)
2018-12-25T11:58:59.146852416Z 64 PC: 12c8c | Write file or device (See above)
2018-12-25T11:58:59.149809852Z 62 PC: 12c90 | Close file (See above)
2018-12-25T11:58:59.156345876Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:58:59.1584087Z 61 PC: 12c2d | Open file (See above)
2018-12-25T11:58:59.163915819Z 63 PC: 12c39 | Read file or device (See above)
2018-12-25T11:58:59.166282959Z 66 PC: 12c59 | Move file pointer (See above)
2018-12-25T11:58:59.167523608Z 64 PC: 12c64 | Write file or device (See above)
2018-12-25T11:58:59.172021655Z 66 PC: 12c6d | Move file pointer (See above)
2018-12-25T11:58:59.17345979Z 64 PC: 12c78 | Write file or device (See above)
2018-12-25T11:58:59.347574793Z 66 PC: 12c81 | Move file pointer (See above)
2018-12-25T11:58:59.350229961Z 64 PC: 12c8c | Write file or device (See above)
2018-12-25T11:58:59.352788116Z 62 PC: 12c90 | Close file (See above)
2018-12-25T11:58:59.526706086Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:58:59.53047289Z 61 PC: 12c2d | Open file (See above)
2018-12-25T11:58:59.53835408Z 63 PC: 12c39 | Read file or device (See above)
2018-12-25T11:58:59.541261065Z 66 PC: 12c59 | Move file pointer (See above)
2018-12-25T11:58:59.543930785Z 64 PC: 12c64 | Write file or device (See above)
2018-12-25T11:58:59.546709593Z 66 PC: 12c6d | Move file pointer (See above)
2018-12-25T11:58:59.548465921Z 64 PC: 12c78 | Write file or device (See above)
2018-12-25T11:58:59.558049172Z 66 PC: 12c81 | Move file pointer (See above)
2018-12-25T11:58:59.560102417Z 64 PC: 12c8c | Write file or device (See above)
2018-12-25T11:58:59.562991582Z 62 PC: 12c90 | Close file (See above)
2018-12-25T11:58:59.571905948Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:58:59.575624707Z 61 PC: 12c2d | Open file (See above)
2018-12-25T11:58:59.583584391Z 63 PC: 12c39 | Read file or device (See above)
2018-12-25T11:58:59.586746923Z 66 PC: 12c59 | Move file pointer (See above)
2018-12-25T11:58:59.588648825Z 64 PC: 12c64 | Write file or device (See above)
2018-12-25T11:58:59.591777661Z 66 PC: 12c6d | Move file pointer (See above)
2018-12-25T11:58:59.594648351Z 64 PC: 12c78 | Write file or device (See above)
2018-12-25T11:58:59.603179923Z 66 PC: 12c81 | Move file pointer (See above)
2018-12-25T11:58:59.605050953Z 64 PC: 12c8c | Write file or device (See above)
2018-12-25T11:58:59.613619513Z 62 PC: 12c90 | Close file (See above)
2018-12-25T11:58:59.623637565Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:58:59.626733561Z 42 PC: 12bb9 | Get date 0x12bb9: cmp dl, 0x1e
0x12bbc: jne 0x12c0c
0x12bbe: mov ah, 0x39
0x12bc0: lea dx, word ptr [bp + 0x342]
0x12bc4: int 0x21
0x12bc6: mov ah, 9
0x12bc8: lea dx, word ptr [bp + 0x35b]
0x12bcc: int 0x21
0x12bce: mov ax, 0x3521
0x12bd1: int 0x21
0x12bd3: mov word ptr cs:[bp + 0x2f5], bx
0x12bd8: mov word ptr cs:[bp + 0x2f7], es
0x12bdd: mov ax, 0x2521
0x12be0: lea dx, word ptr [bp + 0x162]
0x12be4: int 0x21
0x12be6: lea dx, word ptr [bp + 0x38c]
0x12bea: int 0x27
0x12bec: pushf
0x12bed: cmp ah, 0x4b
0x12bf0: jne 0x12c0a
2018-12-25T11:58:59.631040548Z 26 PC: 12c13 | Set disk transfer address
2018-12-25T11:58:59.632623419Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T11:58:59.638124386Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6240,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:58:57.629036776Z 26 PC: 13603 | Set disk transfer address
2018-12-25T11:58:57.630734209Z 59 PC: 1360b | Change current directory
2018-12-25T11:58:57.634586475Z 78 PC: 13678 | Find first file
2018-12-25T11:58:57.642117827Z 61 PC: 13686 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:58:57.649749021Z 63 PC: 13692 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:58:57.657724879Z 66 PC: 136b2 | Move file pointer
2018-12-25T11:58:57.659685145Z 64 PC: 136bd | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:58:57.662866594Z 66 PC: 136c6 | Move file pointer
2018-12-25T11:58:57.66516779Z 64 PC: 136d1 | Write file or device (Write 649 bytes on handle 5)
2018-12-25T11:58:57.682611379Z 66 PC: 136da | Move file pointer
2018-12-25T11:58:57.684998123Z 64 PC: 136e5 | Write file or device (Write 234 bytes on handle 5)
2018-12-25T11:58:57.688433922Z 62 PC: 136e9 | Close file
2018-12-25T11:58:57.703518617Z 79 PC: 13678 | Find next file (See above)
2018-12-25T11:58:57.706566895Z 61 PC: 13686 | Open file (See above)
2018-12-25T11:58:57.718622375Z 63 PC: 13692 | Read file or device (See above)
2018-12-25T11:58:57.726263131Z 66 PC: 136b2 | Move file pointer (See above)
2018-12-25T11:58:57.728291726Z 64 PC: 136bd | Write file or device (See above)
2018-12-25T11:58:57.732838507Z 66 PC: 136c6 | Move file pointer (See above)
2018-12-25T11:58:57.735208884Z 64 PC: 136d1 | Write file or device (See above)
2018-12-25T11:58:57.744325117Z 66 PC: 136da | Move file pointer (See above)
2018-12-25T11:58:57.745854864Z 64 PC: 136e5 | Write file or device (See above)
2018-12-25T11:58:57.748492671Z 62 PC: 136e9 | Close file (See above)
2018-12-25T11:58:57.755107293Z 79 PC: 13678 | Find next file (See above)
2018-12-25T11:58:57.759716203Z 61 PC: 13686 | Open file (See above)
2018-12-25T11:58:57.772129964Z 63 PC: 13692 | Read file or device (See above)
2018-12-25T11:58:57.779305098Z 66 PC: 136b2 | Move file pointer (See above)
2018-12-25T11:58:57.780792293Z 64 PC: 136bd | Write file or device (See above)
2018-12-25T11:58:57.787117297Z 66 PC: 136c6 | Move file pointer (See above)
2018-12-25T11:58:57.789129423Z 64 PC: 136d1 | Write file or device (See above)
2018-12-25T11:58:57.798829154Z 66 PC: 136da | Move file pointer (See above)
2018-12-25T11:58:57.802617352Z 64 PC: 136e5 | Write file or device (See above)
2018-12-25T11:58:57.806092079Z 62 PC: 136e9 | Close file (See above)
2018-12-25T11:58:57.815451055Z 79 PC: 13678 | Find next file (See above)
2018-12-25T11:58:57.819246074Z 61 PC: 13686 | Open file (See above)
2018-12-25T11:58:57.827969334Z 63 PC: 13692 | Read file or device (See above)
2018-12-25T11:58:57.836189733Z 66 PC: 136b2 | Move file pointer (See above)
2018-12-25T11:58:57.856147209Z 64 PC: 136bd | Write file or device (See above)
2018-12-25T11:58:57.859459187Z 66 PC: 136c6 | Move file pointer (See above)
2018-12-25T11:58:57.861361102Z 64 PC: 136d1 | Write file or device (See above)
2018-12-25T11:58:57.871049235Z 66 PC: 136da | Move file pointer (See above)
2018-12-25T11:58:57.873205694Z 64 PC: 136e5 | Write file or device (See above)
2018-12-25T11:58:57.876351234Z 62 PC: 136e9 | Close file (See above)
2018-12-25T11:58:57.886504786Z 79 PC: 13678 | Find next file (See above)
2018-12-25T11:58:57.890089948Z 61 PC: 13686 | Open file (See above)
2018-12-25T11:58:57.89763092Z 63 PC: 13692 | Read file or device (See above)
2018-12-25T11:58:57.904779744Z 66 PC: 136b2 | Move file pointer (See above)
2018-12-25T11:58:57.907508262Z 64 PC: 136bd | Write file or device (See above)
2018-12-25T11:58:57.910361625Z 66 PC: 136c6 | Move file pointer (See above)
2018-12-25T11:58:57.912037221Z 64 PC: 136d1 | Write file or device (See above)
2018-12-25T11:58:57.930603036Z 66 PC: 136da | Move file pointer (See above)
2018-12-25T11:58:57.932133302Z 64 PC: 136e5 | Write file or device (See above)
2018-12-25T11:58:57.93494764Z 62 PC: 136e9 | Close file (See above)
2018-12-25T11:58:57.945581053Z 79 PC: 13678 | Find next file (See above)
2018-12-25T11:58:57.948300308Z 61 PC: 13686 | Open file (See above)
2018-12-25T11:58:57.955607678Z 63 PC: 13692 | Read file or device (See above)
2018-12-25T11:58:57.964200753Z 66 PC: 136b2 | Move file pointer (See above)
2018-12-25T11:58:57.965718105Z 64 PC: 136bd | Write file or device (See above)
2018-12-25T11:58:57.967748633Z 66 PC: 136c6 | Move file pointer (See above)
2018-12-25T11:58:57.969641972Z 64 PC: 136d1 | Write file or device (See above)
2018-12-25T11:58:57.976474364Z 66 PC: 136da | Move file pointer (See above)
2018-12-25T11:58:57.978454771Z 64 PC: 136e5 | Write file or device (See above)
2018-12-25T11:58:57.980724196Z 62 PC: 136e9 | Close file (See above)
2018-12-25T11:58:57.990041734Z 79 PC: 13678 | Find next file (See above)
2018-12-25T11:58:57.993408582Z 61 PC: 13686 | Open file (See above)
2018-12-25T11:58:58.001091634Z 63 PC: 13692 | Read file or device (See above)
2018-12-25T11:58:58.009586073Z 66 PC: 136b2 | Move file pointer (See above)
2018-12-25T11:58:58.011208561Z 64 PC: 136bd | Write file or device (See above)
2018-12-25T11:58:58.016599364Z 66 PC: 136c6 | Move file pointer (See above)
2018-12-25T11:58:58.019429726Z 64 PC: 136d1 | Write file or device (See above)
2018-12-25T11:58:58.028067954Z 66 PC: 136da | Move file pointer (See above)
2018-12-25T11:58:58.029700422Z 64 PC: 136e5 | Write file or device (See above)
2018-12-25T11:58:58.03460175Z 62 PC: 136e9 | Close file (See above)
2018-12-25T11:58:58.042980858Z 79 PC: 13678 | Find next file (See above)
2018-12-25T11:58:58.04652604Z 61 PC: 13686 | Open file (See above)
2018-12-25T11:58:58.056904652Z 63 PC: 13692 | Read file or device (See above)
2018-12-25T11:58:58.06008731Z 66 PC: 136b2 | Move file pointer (See above)
2018-12-25T11:58:58.06174273Z 64 PC: 136bd | Write file or device (See above)
2018-12-25T11:58:58.063903722Z 66 PC: 136c6 | Move file pointer (See above)
2018-12-25T11:58:58.065697803Z 64 PC: 136d1 | Write file or device (See above)
2018-12-25T11:58:58.07127577Z 66 PC: 136da | Move file pointer (See above)
2018-12-25T11:58:58.073519555Z 64 PC: 136e5 | Write file or device (See above)
2018-12-25T11:58:58.082006295Z 62 PC: 136e9 | Close file (See above)
2018-12-25T11:58:58.091555177Z 79 PC: 13678 | Find next file (See above)
2018-12-25T11:58:58.094730801Z 42 PC: 13612 | Get date 0x13612: cmp dl, 0x1e
0x13615: jne 0x13665
0x13617: mov ah, 0x39
0x13619: lea dx, word ptr [bp + 0x342]
0x1361d: int 0x21
0x1361f: mov ah, 9
0x13621: lea dx, word ptr [bp + 0x35b]
0x13625: int 0x21
0x13627: mov ax, 0x3521
0x1362a: int 0x21
0x1362c: mov word ptr cs:[bp + 0x2f5], bx
0x13631: mov word ptr cs:[bp + 0x2f7], es
0x13636: mov ax, 0x2521
0x13639: lea dx, word ptr [bp + 0x162]
0x1363d: int 0x21
0x1363f: lea dx, word ptr [bp + 0x38c]
0x13643: int 0x27
0x13645: pushf
0x13646: cmp ah, 0x4b
0x13649: jne 0x13663
2018-12-25T11:58:58.099163662Z 26 PC: 1366c | Set disk transfer address
2018-12-25T11:58:58.100639546Z 26 PC: 13290 | Set disk transfer address
2018-12-25T11:58:58.101847085Z 59 PC: 13298 | Change current directory
2018-12-25T11:58:58.104411132Z 78 PC: 13305 | Find first file
2018-12-25T11:58:58.111096321Z 61 PC: 13313 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:58:58.118570767Z 63 PC: 1331f | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:58:58.127782466Z 66 PC: 1333f | Move file pointer
2018-12-25T11:58:58.12929257Z 64 PC: 1334a | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:58:58.132297843Z 66 PC: 13353 | Move file pointer
2018-12-25T11:58:58.13503043Z 64 PC: 1335e | Write file or device (Write 649 bytes on handle 5)
2018-12-25T11:58:58.143864733Z 66 PC: 13367 | Move file pointer
2018-12-25T11:58:58.145402875Z 64 PC: 13372 | Write file or device (Write 234 bytes on handle 5)
2018-12-25T11:58:58.154471343Z 62 PC: 13376 | Close file
2018-12-25T11:58:58.164642825Z 79 PC: 13305 | Find next file (See above)
2018-12-25T11:58:58.168022396Z 61 PC: 13313 | Open file (See above)
2018-12-25T11:58:58.175630645Z 63 PC: 1331f | Read file or device (See above)
2018-12-25T11:58:58.184286618Z 66 PC: 1333f | Move file pointer (See above)
2018-12-25T11:58:58.185889668Z 64 PC: 1334a | Write file or device (See above)
2018-12-25T11:58:58.189085599Z 66 PC: 13353 | Move file pointer (See above)
2018-12-25T11:58:58.193310939Z 64 PC: 1335e | Write file or device (See above)
2018-12-25T11:58:58.203094604Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:58:58.205048334Z 64 PC: 13372 | Write file or device (See above)
2018-12-25T11:58:58.209464395Z 62 PC: 13376 | Close file (See above)
2018-12-25T11:58:58.218472867Z 79 PC: 13305 | Find next file (See above)
2018-12-25T11:58:58.221319285Z 61 PC: 13313 | Open file (See above)
2018-12-25T11:58:58.229390478Z 63 PC: 1331f | Read file or device (See above)
2018-12-25T11:58:58.23676365Z 66 PC: 1333f | Move file pointer (See above)
2018-12-25T11:58:58.238584186Z 64 PC: 1334a | Write file or device (See above)
2018-12-25T11:58:58.242244285Z 66 PC: 13353 | Move file pointer (See above)
2018-12-25T11:58:58.243885674Z 64 PC: 1335e | Write file or device (See above)
2018-12-25T11:58:58.253329848Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:58:58.25597225Z 64 PC: 13372 | Write file or device (See above)
2018-12-25T11:58:58.260232703Z 62 PC: 13376 | Close file (See above)
2018-12-25T11:58:58.269856322Z 79 PC: 13305 | Find next file (See above)
2018-12-25T11:58:58.27337797Z 61 PC: 13313 | Open file (See above)
2018-12-25T11:58:58.2809288Z 63 PC: 1331f | Read file or device (See above)
2018-12-25T11:58:58.288063372Z 66 PC: 1333f | Move file pointer (See above)
2018-12-25T11:58:58.290231981Z 64 PC: 1334a | Write file or device (See above)
2018-12-25T11:58:58.293612769Z 66 PC: 13353 | Move file pointer (See above)
2018-12-25T11:58:58.295343424Z 64 PC: 1335e | Write file or device (See above)
2018-12-25T11:58:58.304989674Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:58:58.307371147Z 64 PC: 13372 | Write file or device (See above)
2018-12-25T11:58:58.310447424Z 62 PC: 13376 | Close file (See above)
2018-12-25T11:58:58.319597905Z 79 PC: 13305 | Find next file (See above)
2018-12-25T11:58:58.323376357Z 61 PC: 13313 | Open file (See above)
2018-12-25T11:58:58.331446198Z 63 PC: 1331f | Read file or device (See above)
2018-12-25T11:58:58.338727767Z 66 PC: 1333f | Move file pointer (See above)
2018-12-25T11:58:58.341198924Z 64 PC: 1334a | Write file or device (See above)
2018-12-25T11:58:58.344237197Z 66 PC: 13353 | Move file pointer (See above)
2018-12-25T11:58:58.34614789Z 64 PC: 1335e | Write file or device (See above)
2018-12-25T11:58:58.356465498Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:58:58.358266607Z 64 PC: 13372 | Write file or device (See above)
2018-12-25T11:58:58.361596232Z 62 PC: 13376 | Close file (See above)
2018-12-25T11:58:58.371290331Z 79 PC: 13305 | Find next file (See above)
2018-12-25T11:58:58.374522963Z 61 PC: 13313 | Open file (See above)
2018-12-25T11:58:58.382280206Z 63 PC: 1331f | Read file or device (See above)
2018-12-25T11:58:58.391378234Z 66 PC: 1333f | Move file pointer (See above)
2018-12-25T11:58:58.393377138Z 64 PC: 1334a | Write file or device (See above)
2018-12-25T11:58:58.396782771Z 66 PC: 13353 | Move file pointer (See above)
2018-12-25T11:58:58.399657935Z 64 PC: 1335e | Write file or device (See above)
2018-12-25T11:58:58.409460762Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:58:58.411179594Z 64 PC: 13372 | Write file or device (See above)
2018-12-25T11:58:58.420685132Z 62 PC: 13376 | Close file (See above)
2018-12-25T11:58:58.428594346Z 79 PC: 13305 | Find next file (See above)
2018-12-25T11:58:58.430761364Z 61 PC: 13313 | Open file (See above)
2018-12-25T11:58:58.440814698Z 63 PC: 1331f | Read file or device (See above)
2018-12-25T11:58:58.449839387Z 66 PC: 1333f | Move file pointer (See above)
2018-12-25T11:58:58.452027101Z 64 PC: 1334a | Write file or device (See above)
2018-12-25T11:58:58.456528001Z 66 PC: 13353 | Move file pointer (See above)
2018-12-25T11:58:58.458123075Z 64 PC: 1335e | Write file or device (See above)
2018-12-25T11:58:58.468893608Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:58:58.471526586Z 64 PC: 13372 | Write file or device (See above)
2018-12-25T11:58:58.474824638Z 62 PC: 13376 | Close file (See above)
2018-12-25T11:58:58.484467779Z 79 PC: 13305 | Find next file (See above)
2018-12-25T11:58:58.488788327Z 61 PC: 13313 | Open file (See above)
2018-12-25T11:58:58.496937088Z 63 PC: 1331f | Read file or device (See above)
2018-12-25T11:58:58.500459986Z 66 PC: 1333f | Move file pointer (See above)
2018-12-25T11:58:58.503920779Z 64 PC: 1334a | Write file or device (See above)
2018-12-25T11:58:58.507948759Z 66 PC: 13353 | Move file pointer (See above)
2018-12-25T11:58:58.509968415Z 64 PC: 1335e | Write file or device (See above)
2018-12-25T11:58:58.520512917Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:58:58.525107163Z 64 PC: 13372 | Write file or device (See above)
2018-12-25T11:58:58.53383597Z 62 PC: 13376 | Close file (See above)
2018-12-25T11:58:58.550882587Z 79 PC: 13305 | Find next file (See above)
2018-12-25T11:58:58.554420367Z 42 PC: 1329f | Get date 0x1329f: cmp dl, 0x1e
0x132a2: jne 0x132f2
0x132a4: mov ah, 0x39
0x132a6: lea dx, word ptr [bp + 0x342]
0x132aa: int 0x21
0x132ac: mov ah, 9
0x132ae: lea dx, word ptr [bp + 0x35b]
0x132b2: int 0x21
0x132b4: mov ax, 0x3521
0x132b7: int 0x21
0x132b9: mov word ptr cs:[bp + 0x2f5], bx
0x132be: mov word ptr cs:[bp + 0x2f7], es
0x132c3: mov ax, 0x2521
0x132c6: lea dx, word ptr [bp + 0x162]
0x132ca: int 0x21
0x132cc: lea dx, word ptr [bp + 0x38c]
0x132d0: int 0x27
0x132d2: pushf
0x132d3: cmp ah, 0x4b
0x132d6: jne 0x132f0
2018-12-25T11:58:58.556997176Z 26 PC: 132f9 | Set disk transfer address
2018-12-25T11:58:58.558593198Z 26 PC: 12f1d | Set disk transfer address
2018-12-25T11:58:58.560499933Z 59 PC: 12f25 | Change current directory
2018-12-25T11:58:58.562507316Z 78 PC: 12f92 | Find first file
2018-12-25T11:58:58.569406487Z 61 PC: 12fa0 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:58:58.577135361Z 63 PC: 12fac | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:58:58.58048461Z 66 PC: 12fcc | Move file pointer
2018-12-25T11:58:58.582458194Z 64 PC: 12fd7 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:58:58.58628449Z 66 PC: 12fe0 | Move file pointer
2018-12-25T11:58:58.588238654Z 64 PC: 12feb | Write file or device (Write 649 bytes on handle 5)
2018-12-25T11:58:58.597571329Z 66 PC: 12ff4 | Move file pointer
2018-12-25T11:58:58.6004586Z 64 PC: 12fff | Write file or device (Write 234 bytes on handle 5)
2018-12-25T11:58:58.603619904Z 62 PC: 13003 | Close file
2018-12-25T11:58:58.611708164Z 79 PC: 12f92 | Find next file (See above)
2018-12-25T11:58:58.61440921Z 61 PC: 12fa0 | Open file (See above)
2018-12-25T11:58:58.620120352Z 63 PC: 12fac | Read file or device (See above)
2018-12-25T11:58:58.622249766Z 66 PC: 12fcc | Move file pointer (See above)
2018-12-25T11:58:58.624421107Z 64 PC: 12fd7 | Write file or device (See above)
2018-12-25T11:58:58.627297627Z 66 PC: 12fe0 | Move file pointer (See above)
2018-12-25T11:58:58.637633642Z 64 PC: 12feb | Write file or device (See above)
2018-12-25T11:58:58.904187462Z 66 PC: 12ff4 | Move file pointer (See above)
2018-12-25T11:58:58.906522558Z 64 PC: 12fff | Write file or device (See above)
2018-12-25T11:58:58.971227413Z 62 PC: 13003 | Close file (See above)
2018-12-25T11:58:58.997219239Z 79 PC: 12f92 | Find next file (See above)
2018-12-25T11:58:59.004979425Z 61 PC: 12fa0 | Open file (See above)
2018-12-25T11:58:59.016743016Z 63 PC: 12fac | Read file or device (See above)
2018-12-25T11:58:59.020963371Z 66 PC: 12fcc | Move file pointer (See above)
2018-12-25T11:58:59.022545215Z 64 PC: 12fd7 | Write file or device (See above)
2018-12-25T11:58:59.025508861Z 66 PC: 12fe0 | Move file pointer (See above)
2018-12-25T11:58:59.028036729Z 64 PC: 12feb | Write file or device (See above)
2018-12-25T11:58:59.051288793Z 66 PC: 12ff4 | Move file pointer (See above)
2018-12-25T11:58:59.064665774Z 64 PC: 12fff | Write file or device (See above)
2018-12-25T11:58:59.07509446Z 62 PC: 13003 | Close file (See above)
2018-12-25T11:58:59.085319186Z 79 PC: 12f92 | Find next file (See above)
2018-12-25T11:58:59.088698245Z 61 PC: 12fa0 | Open file (See above)
2018-12-25T11:58:59.097913519Z 63 PC: 12fac | Read file or device (See above)
2018-12-25T11:58:59.101540451Z 66 PC: 12fcc | Move file pointer (See above)
2018-12-25T11:58:59.103606019Z 64 PC: 12fd7 | Write file or device (See above)
2018-12-25T11:58:59.109395165Z 66 PC: 12fe0 | Move file pointer (See above)
2018-12-25T11:58:59.111740653Z 64 PC: 12feb | Write file or device (See above)
2018-12-25T11:58:59.121705574Z 66 PC: 12ff4 | Move file pointer (See above)
2018-12-25T11:58:59.124164089Z 64 PC: 12fff | Write file or device (See above)
2018-12-25T11:58:59.135043114Z 62 PC: 13003 | Close file (See above)
2018-12-25T11:58:59.145090129Z 79 PC: 12f92 | Find next file (See above)
2018-12-25T11:58:59.148831896Z 61 PC: 12fa0 | Open file (See above)
2018-12-25T11:58:59.157810351Z 63 PC: 12fac | Read file or device (See above)
2018-12-25T11:58:59.161147421Z 66 PC: 12fcc | Move file pointer (See above)
2018-12-25T11:58:59.163101834Z 64 PC: 12fd7 | Write file or device (See above)
2018-12-25T11:58:59.167687234Z 66 PC: 12fe0 | Move file pointer (See above)
2018-12-25T11:58:59.169670018Z 64 PC: 12feb | Write file or device (See above)
2018-12-25T11:58:59.346923795Z 66 PC: 12ff4 | Move file pointer (See above)
2018-12-25T11:58:59.349329626Z 64 PC: 12fff | Write file or device (See above)
2018-12-25T11:58:59.526897203Z 62 PC: 13003 | Close file (See above)
2018-12-25T11:58:59.53693712Z 79 PC: 12f92 | Find next file (See above)
2018-12-25T11:58:59.541470292Z 61 PC: 12fa0 | Open file (See above)
2018-12-25T11:58:59.549233209Z 63 PC: 12fac | Read file or device (See above)
2018-12-25T11:58:59.552619281Z 66 PC: 12fcc | Move file pointer (See above)
2018-12-25T11:58:59.55587808Z 64 PC: 12fd7 | Write file or device (See above)
2018-12-25T11:58:59.558979572Z 66 PC: 12fe0 | Move file pointer (See above)
2018-12-25T11:58:59.560903289Z 64 PC: 12feb | Write file or device (See above)
2018-12-25T11:58:59.571390055Z 66 PC: 12ff4 | Move file pointer (See above)
2018-12-25T11:58:59.573779042Z 64 PC: 12fff | Write file or device (See above)
2018-12-25T11:58:59.583592792Z 62 PC: 13003 | Close file (See above)
2018-12-25T11:58:59.594074364Z 79 PC: 12f92 | Find next file (See above)
2018-12-25T11:58:59.597840074Z 61 PC: 12fa0 | Open file (See above)
2018-12-25T11:58:59.605592528Z 63 PC: 12fac | Read file or device (See above)
2018-12-25T11:58:59.609839042Z 66 PC: 12fcc | Move file pointer (See above)
2018-12-25T11:58:59.612212065Z 64 PC: 12fd7 | Write file or device (See above)
2018-12-25T11:58:59.615562143Z 66 PC: 12fe0 | Move file pointer (See above)
2018-12-25T11:58:59.61840785Z 64 PC: 12feb | Write file or device (See above)
2018-12-25T11:58:59.628275474Z 66 PC: 12ff4 | Move file pointer (See above)
2018-12-25T11:58:59.630280642Z 64 PC: 12fff | Write file or device (See above)
2018-12-25T11:58:59.639749737Z 62 PC: 13003 | Close file (See above)
2018-12-25T11:58:59.650555174Z 79 PC: 12f92 | Find next file (See above)
2018-12-25T11:58:59.653392577Z 61 PC: 12fa0 | Open file (See above)
2018-12-25T11:58:59.660646824Z 63 PC: 12fac | Read file or device (See above)
2018-12-25T11:58:59.664169617Z 66 PC: 12fcc | Move file pointer (See above)
2018-12-25T11:58:59.66559308Z 64 PC: 12fd7 | Write file or device (See above)
2018-12-25T11:58:59.668393277Z 66 PC: 12fe0 | Move file pointer (See above)
2018-12-25T11:58:59.670835007Z 64 PC: 12feb | Write file or device (See above)
2018-12-25T11:58:59.681058039Z 66 PC: 12ff4 | Move file pointer (See above)
2018-12-25T11:58:59.683065326Z 64 PC: 12fff | Write file or device (See above)
2018-12-25T11:58:59.68772901Z 62 PC: 13003 | Close file (See above)
2018-12-25T11:58:59.697209202Z 79 PC: 12f92 | Find next file (See above)
2018-12-25T11:58:59.699793961Z 42 PC: 12f2c | Get date 0x12f2c: cmp dl, 0x1e
0x12f2f: jne 0x12f7f
0x12f31: mov ah, 0x39
0x12f33: lea dx, word ptr [bp + 0x342]
0x12f37: int 0x21
0x12f39: mov ah, 9
0x12f3b: lea dx, word ptr [bp + 0x35b]
0x12f3f: int 0x21
0x12f41: mov ax, 0x3521
0x12f44: int 0x21
0x12f46: mov word ptr cs:[bp + 0x2f5], bx
0x12f4b: mov word ptr cs:[bp + 0x2f7], es
0x12f50: mov ax, 0x2521
0x12f53: lea dx, word ptr [bp + 0x162]
0x12f57: int 0x21
0x12f59: lea dx, word ptr [bp + 0x38c]
0x12f5d: int 0x27
0x12f5f: pushf
0x12f60: cmp ah, 0x4b
0x12f63: jne 0x12f7d
2018-12-25T11:58:59.703482786Z 26 PC: 12f86 | Set disk transfer address
2018-12-25T11:58:59.704878941Z 26 PC: 12baa | Set disk transfer address
2018-12-25T11:58:59.70627337Z 59 PC: 12bb2 | Change current directory
2018-12-25T11:58:59.709463153Z 78 PC: 12c1f | Find first file
2018-12-25T11:58:59.716227312Z 61 PC: 12c2d | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:58:59.724637192Z 63 PC: 12c39 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:58:59.729060878Z 66 PC: 12c59 | Move file pointer
2018-12-25T11:58:59.731409618Z 64 PC: 12c64 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:58:59.734792743Z 66 PC: 12c6d | Move file pointer
2018-12-25T11:58:59.737689679Z 64 PC: 12c78 | Write file or device (Write 649 bytes on handle 5)
2018-12-25T11:58:59.748282861Z 66 PC: 12c81 | Move file pointer
2018-12-25T11:58:59.750294427Z 64 PC: 12c8c | Write file or device (Write 234 bytes on handle 5)
2018-12-25T11:58:59.754636444Z 62 PC: 12c90 | Close file
2018-12-25T11:58:59.764610241Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:58:59.767976665Z 61 PC: 12c2d | Open file (See above)
2018-12-25T11:58:59.776638861Z 63 PC: 12c39 | Read file or device (See above)
2018-12-25T11:58:59.78039669Z 66 PC: 12c59 | Move file pointer (See above)
2018-12-25T11:58:59.782284953Z 64 PC: 12c64 | Write file or device (See above)
2018-12-25T11:58:59.786198528Z 66 PC: 12c6d | Move file pointer (See above)
2018-12-25T11:58:59.788071029Z 64 PC: 12c78 | Write file or device (See above)
2018-12-25T11:58:59.79725149Z 66 PC: 12c81 | Move file pointer (See above)
2018-12-25T11:58:59.799413492Z 64 PC: 12c8c | Write file or device (See above)
2018-12-25T11:58:59.802282947Z 62 PC: 12c90 | Close file (See above)
2018-12-25T11:58:59.810776104Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:58:59.813873312Z 61 PC: 12c2d | Open file (See above)
2018-12-25T11:58:59.82102172Z 63 PC: 12c39 | Read file or device (See above)
2018-12-25T11:58:59.824016837Z 66 PC: 12c59 | Move file pointer (See above)
2018-12-25T11:58:59.827073825Z 64 PC: 12c64 | Write file or device (See above)
2018-12-25T11:58:59.83019167Z 66 PC: 12c6d | Move file pointer (See above)
2018-12-25T11:58:59.83188048Z 64 PC: 12c78 | Write file or device (See above)
2018-12-25T11:58:59.841502235Z 66 PC: 12c81 | Move file pointer (See above)
2018-12-25T11:58:59.843834211Z 64 PC: 12c8c | Write file or device (See above)
2018-12-25T11:58:59.849602318Z 62 PC: 12c90 | Close file (See above)
2018-12-25T11:58:59.856618444Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:58:59.859386916Z 61 PC: 12c2d | Open file (See above)
2018-12-25T11:58:59.864153557Z 63 PC: 12c39 | Read file or device (See above)
2018-12-25T11:58:59.866860924Z 66 PC: 12c59 | Move file pointer (See above)
2018-12-25T11:58:59.868947009Z 64 PC: 12c64 | Write file or device (See above)
2018-12-25T11:58:59.872255818Z 66 PC: 12c6d | Move file pointer (See above)
2018-12-25T11:58:59.875329115Z 64 PC: 12c78 | Write file or device (See above)
2018-12-25T11:58:59.884291425Z 66 PC: 12c81 | Move file pointer (See above)
2018-12-25T11:58:59.886369901Z 64 PC: 12c8c | Write file or device (See above)
2018-12-25T11:58:59.890614626Z 62 PC: 12c90 | Close file (See above)
2018-12-25T11:58:59.900710995Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:58:59.904214171Z 61 PC: 12c2d | Open file (See above)
2018-12-25T11:58:59.909867374Z 63 PC: 12c39 | Read file or device (See above)
2018-12-25T11:58:59.911806166Z 66 PC: 12c59 | Move file pointer (See above)
2018-12-25T11:58:59.913050767Z 64 PC: 12c64 | Write file or device (See above)
2018-12-25T11:58:59.915742435Z 66 PC: 12c6d | Move file pointer (See above)
2018-12-25T11:58:59.916938712Z 64 PC: 12c78 | Write file or device (See above)
2018-12-25T11:58:59.924035783Z 66 PC: 12c81 | Move file pointer (See above)
2018-12-25T11:58:59.926265505Z 64 PC: 12c8c | Write file or device (See above)
2018-12-25T11:58:59.929676523Z 62 PC: 12c90 | Close file (See above)
2018-12-25T11:58:59.936604864Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:58:59.940147912Z 61 PC: 12c2d | Open file (See above)
2018-12-25T11:58:59.945074656Z 63 PC: 12c39 | Read file or device (See above)
2018-12-25T11:58:59.947251206Z 66 PC: 12c59 | Move file pointer (See above)
2018-12-25T11:58:59.94894822Z 64 PC: 12c64 | Write file or device (See above)
2018-12-25T11:58:59.951044642Z 66 PC: 12c6d | Move file pointer (See above)
2018-12-25T11:58:59.953039904Z 64 PC: 12c78 | Write file or device (See above)
2018-12-25T11:58:59.959800435Z 66 PC: 12c81 | Move file pointer (See above)
2018-12-25T11:58:59.961084408Z 64 PC: 12c8c | Write file or device (See above)
2018-12-25T11:58:59.963799376Z 62 PC: 12c90 | Close file (See above)
2018-12-25T11:58:59.970490664Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:58:59.97256349Z 61 PC: 12c2d | Open file (See above)
2018-12-25T11:58:59.9786483Z 63 PC: 12c39 | Read file or device (See above)
2018-12-25T11:58:59.981006805Z 66 PC: 12c59 | Move file pointer (See above)
2018-12-25T11:58:59.98232563Z 64 PC: 12c64 | Write file or device (See above)
2018-12-25T11:58:59.985224935Z 66 PC: 12c6d | Move file pointer (See above)
2018-12-25T11:58:59.986684015Z 64 PC: 12c78 | Write file or device (See above)
2018-12-25T11:58:59.992829523Z 66 PC: 12c81 | Move file pointer (See above)
2018-12-25T11:58:59.994898724Z 64 PC: 12c8c | Write file or device (See above)
2018-12-25T11:58:59.99716589Z 62 PC: 12c90 | Close file (See above)
2018-12-25T11:59:00.003283314Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:59:00.006504219Z 61 PC: 12c2d | Open file (See above)
2018-12-25T11:59:00.011095383Z 63 PC: 12c39 | Read file or device (See above)
2018-12-25T11:59:00.013069123Z 66 PC: 12c59 | Move file pointer (See above)
2018-12-25T11:59:00.015059008Z 64 PC: 12c64 | Write file or device (See above)
2018-12-25T11:59:00.017350171Z 66 PC: 12c6d | Move file pointer (See above)
2018-12-25T11:59:00.018814081Z 64 PC: 12c78 | Write file or device (See above)
2018-12-25T11:59:00.025623719Z 66 PC: 12c81 | Move file pointer (See above)
2018-12-25T11:59:00.027508013Z 64 PC: 12c8c | Write file or device (See above)
2018-12-25T11:59:00.033784459Z 62 PC: 12c90 | Close file (See above)
2018-12-25T11:59:00.040413181Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:59:00.042528556Z 42 PC: 12bb9 | Get date 0x12bb9: cmp dl, 0x1e
0x12bbc: jne 0x12c0c
0x12bbe: mov ah, 0x39
0x12bc0: lea dx, word ptr [bp + 0x342]
0x12bc4: int 0x21
0x12bc6: mov ah, 9
0x12bc8: lea dx, word ptr [bp + 0x35b]
0x12bcc: int 0x21
0x12bce: mov ax, 0x3521
0x12bd1: int 0x21
0x12bd3: mov word ptr cs:[bp + 0x2f5], bx
0x12bd8: mov word ptr cs:[bp + 0x2f7], es
0x12bdd: mov ax, 0x2521
0x12be0: lea dx, word ptr [bp + 0x162]
0x12be4: int 0x21
0x12be6: lea dx, word ptr [bp + 0x38c]
0x12bea: int 0x27
0x12bec: pushf
0x12bed: cmp ah, 0x4b
0x12bf0: jne 0x12c0a
2018-12-25T11:59:00.044378901Z 26 PC: 12c13 | Set disk transfer address
2018-12-25T11:59:00.046265487Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T11:59:00.050077791Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6240,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:58:57.807765313Z 26 PC: 13603 | Set disk transfer address
2018-12-25T11:58:57.810368527Z 59 PC: 1360b | Change current directory
2018-12-25T11:58:57.82065908Z 78 PC: 13678 | Find first file
2018-12-25T11:58:57.826759626Z 61 PC: 13686 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:58:57.832867787Z 63 PC: 13692 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:58:57.83717902Z 66 PC: 136b2 | Move file pointer
2018-12-25T11:58:57.838268988Z 64 PC: 136bd | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:58:57.841008748Z 66 PC: 136c6 | Move file pointer
2018-12-25T11:58:57.842114219Z 64 PC: 136d1 | Write file or device (Write 649 bytes on handle 5)
2018-12-25T11:58:57.853260224Z 66 PC: 136da | Move file pointer
2018-12-25T11:58:57.854815076Z 64 PC: 136e5 | Write file or device (Write 234 bytes on handle 5)
2018-12-25T11:58:57.857285192Z 62 PC: 136e9 | Close file
2018-12-25T11:58:57.865230613Z 79 PC: 13678 | Find next file (See above)
2018-12-25T11:58:57.868017684Z 61 PC: 13686 | Open file (See above)
2018-12-25T11:58:57.887149062Z 63 PC: 13692 | Read file or device (See above)
2018-12-25T11:58:57.893391249Z 66 PC: 136b2 | Move file pointer (See above)
2018-12-25T11:58:57.89483028Z 64 PC: 136bd | Write file or device (See above)
2018-12-25T11:58:57.897526142Z 66 PC: 136c6 | Move file pointer (See above)
2018-12-25T11:58:57.89884274Z 64 PC: 136d1 | Write file or device (See above)
2018-12-25T11:58:57.906687741Z 66 PC: 136da | Move file pointer (See above)
2018-12-25T11:58:57.90903242Z 64 PC: 136e5 | Write file or device (See above)
2018-12-25T11:58:57.911536816Z 62 PC: 136e9 | Close file (See above)
2018-12-25T11:58:57.919508302Z 79 PC: 13678 | Find next file (See above)
2018-12-25T11:58:57.922759906Z 61 PC: 13686 | Open file (See above)
2018-12-25T11:58:57.9297454Z 63 PC: 13692 | Read file or device (See above)
2018-12-25T11:58:57.935915524Z 66 PC: 136b2 | Move file pointer (See above)
2018-12-25T11:58:57.938386106Z 64 PC: 136bd | Write file or device (See above)
2018-12-25T11:58:57.941217387Z 66 PC: 136c6 | Move file pointer (See above)
2018-12-25T11:58:57.942728568Z 64 PC: 136d1 | Write file or device (See above)
2018-12-25T11:58:57.951244869Z 66 PC: 136da | Move file pointer (See above)
2018-12-25T11:58:57.952928282Z 64 PC: 136e5 | Write file or device (See above)
2018-12-25T11:58:57.955745026Z 62 PC: 136e9 | Close file (See above)
2018-12-25T11:58:57.967299634Z 79 PC: 13678 | Find next file (See above)
2018-12-25T11:58:57.971058613Z 61 PC: 13686 | Open file (See above)
2018-12-25T11:58:57.978513209Z 63 PC: 13692 | Read file or device (See above)
2018-12-25T11:58:57.986022533Z 66 PC: 136b2 | Move file pointer (See above)
2018-12-25T11:58:57.987597708Z 64 PC: 136bd | Write file or device (See above)
2018-12-25T11:58:57.990479186Z 66 PC: 136c6 | Move file pointer (See above)
2018-12-25T11:58:57.992898976Z 64 PC: 136d1 | Write file or device (See above)
2018-12-25T11:58:58.001913181Z 66 PC: 136da | Move file pointer (See above)
2018-12-25T11:58:58.003124075Z 64 PC: 136e5 | Write file or device (See above)
2018-12-25T11:58:58.006460284Z 62 PC: 136e9 | Close file (See above)
2018-12-25T11:58:58.012872527Z 79 PC: 13678 | Find next file (See above)
2018-12-25T11:58:58.015436755Z 61 PC: 13686 | Open file (See above)
2018-12-25T11:58:58.022290473Z 63 PC: 13692 | Read file or device (See above)
2018-12-25T11:58:58.035791289Z 66 PC: 136b2 | Move file pointer (See above)
2018-12-25T11:58:58.037069766Z 64 PC: 136bd | Write file or device (See above)
2018-12-25T11:58:58.039654208Z 66 PC: 136c6 | Move file pointer (See above)
2018-12-25T11:58:58.043374067Z 64 PC: 136d1 | Write file or device (See above)
2018-12-25T11:58:58.050428738Z 66 PC: 136da | Move file pointer (See above)
2018-12-25T11:58:58.051860614Z 64 PC: 136e5 | Write file or device (See above)
2018-12-25T11:58:58.054974482Z 62 PC: 136e9 | Close file (See above)
2018-12-25T11:58:58.063382703Z 79 PC: 13678 | Find next file (See above)
2018-12-25T11:58:58.066058299Z 61 PC: 13686 | Open file (See above)
2018-12-25T11:58:58.073717742Z 63 PC: 13692 | Read file or device (See above)
2018-12-25T11:58:58.080273994Z 66 PC: 136b2 | Move file pointer (See above)
2018-12-25T11:58:58.081831474Z 64 PC: 136bd | Write file or device (See above)
2018-12-25T11:58:58.085254915Z 66 PC: 136c6 | Move file pointer (See above)
2018-12-25T11:58:58.086590256Z 64 PC: 136d1 | Write file or device (See above)
2018-12-25T11:58:58.098747892Z 66 PC: 136da | Move file pointer (See above)
2018-12-25T11:58:58.10099751Z 64 PC: 136e5 | Write file or device (See above)
2018-12-25T11:58:58.103399038Z 62 PC: 136e9 | Close file (See above)
2018-12-25T11:58:58.111276649Z 79 PC: 13678 | Find next file (See above)
2018-12-25T11:58:58.114550632Z 61 PC: 13686 | Open file (See above)
2018-12-25T11:58:58.118823732Z 63 PC: 13692 | Read file or device (See above)
2018-12-25T11:58:58.125194173Z 66 PC: 136b2 | Move file pointer (See above)
2018-12-25T11:58:58.128328852Z 64 PC: 136bd | Write file or device (See above)
2018-12-25T11:58:58.131504105Z 66 PC: 136c6 | Move file pointer (See above)
2018-12-25T11:58:58.132823507Z 64 PC: 136d1 | Write file or device (See above)
2018-12-25T11:58:58.141229307Z 66 PC: 136da | Move file pointer (See above)
2018-12-25T11:58:58.142722911Z 64 PC: 136e5 | Write file or device (See above)
2018-12-25T11:58:58.145347781Z 62 PC: 136e9 | Close file (See above)
2018-12-25T11:58:58.154046376Z 79 PC: 13678 | Find next file (See above)
2018-12-25T11:58:58.157731396Z 61 PC: 13686 | Open file (See above)
2018-12-25T11:58:58.16411982Z 63 PC: 13692 | Read file or device (See above)
2018-12-25T11:58:58.167473267Z 66 PC: 136b2 | Move file pointer (See above)
2018-12-25T11:58:58.168702252Z 64 PC: 136bd | Write file or device (See above)
2018-12-25T11:58:58.171102607Z 66 PC: 136c6 | Move file pointer (See above)
2018-12-25T11:58:58.172802966Z 64 PC: 136d1 | Write file or device (See above)
2018-12-25T11:58:58.180704423Z 66 PC: 136da | Move file pointer (See above)
2018-12-25T11:58:58.181961322Z 64 PC: 136e5 | Write file or device (See above)
2018-12-25T11:58:58.19032904Z 62 PC: 136e9 | Close file (See above)
2018-12-25T11:58:58.198880546Z 79 PC: 13678 | Find next file (See above)
2018-12-25T11:58:58.201169945Z 42 PC: 13612 | Get date 0x13612: cmp dl, 0x1e
0x13615: jne 0x13665
0x13617: mov ah, 0x39
0x13619: lea dx, word ptr [bp + 0x342]
0x1361d: int 0x21
0x1361f: mov ah, 9
0x13621: lea dx, word ptr [bp + 0x35b]
0x13625: int 0x21
0x13627: mov ax, 0x3521
0x1362a: int 0x21
0x1362c: mov word ptr cs:[bp + 0x2f5], bx
0x13631: mov word ptr cs:[bp + 0x2f7], es
0x13636: mov ax, 0x2521
0x13639: lea dx, word ptr [bp + 0x162]
0x1363d: int 0x21
0x1363f: lea dx, word ptr [bp + 0x38c]
0x13643: int 0x27
0x13645: pushf
0x13646: cmp ah, 0x4b
0x13649: jne 0x13663
2018-12-25T11:58:58.203549511Z 26 PC: 1366c | Set disk transfer address
2018-12-25T11:58:58.204593668Z 26 PC: 13290 | Set disk transfer address
2018-12-25T11:58:58.205564566Z 59 PC: 13298 | Change current directory
2018-12-25T11:58:58.207955797Z 78 PC: 13305 | Find first file
2018-12-25T11:58:58.213736494Z 61 PC: 13313 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:58:58.22049465Z 63 PC: 1331f | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:58:58.228043304Z 66 PC: 1333f | Move file pointer
2018-12-25T11:58:58.229672749Z 64 PC: 1334a | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:58:58.232464532Z 66 PC: 13353 | Move file pointer
2018-12-25T11:58:58.234159496Z 64 PC: 1335e | Write file or device (Write 649 bytes on handle 5)
2018-12-25T11:58:58.242117661Z 66 PC: 13367 | Move file pointer
2018-12-25T11:58:58.243795304Z 64 PC: 13372 | Write file or device (Write 234 bytes on handle 5)
2018-12-25T11:58:58.252232591Z 62 PC: 13376 | Close file
2018-12-25T11:58:58.260503303Z 79 PC: 13305 | Find next file (See above)
2018-12-25T11:58:58.264088728Z 61 PC: 13313 | Open file (See above)
2018-12-25T11:58:58.271054731Z 63 PC: 1331f | Read file or device (See above)
2018-12-25T11:58:58.27751567Z 66 PC: 1333f | Move file pointer (See above)
2018-12-25T11:58:58.279272122Z 64 PC: 1334a | Write file or device (See above)
2018-12-25T11:58:58.282243303Z 66 PC: 13353 | Move file pointer (See above)
2018-12-25T11:58:58.283676537Z 64 PC: 1335e | Write file or device (See above)
2018-12-25T11:58:58.292670139Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:58:58.29488897Z 64 PC: 13372 | Write file or device (See above)
2018-12-25T11:58:58.297786981Z 62 PC: 13376 | Close file (See above)
2018-12-25T11:58:58.306334172Z 79 PC: 13305 | Find next file (See above)
2018-12-25T11:58:58.309322315Z 61 PC: 13313 | Open file (See above)
2018-12-25T11:58:58.314257839Z 63 PC: 1331f | Read file or device (See above)
2018-12-25T11:58:58.318834465Z 66 PC: 1333f | Move file pointer (See above)
2018-12-25T11:58:58.320640809Z 64 PC: 1334a | Write file or device (See above)
2018-12-25T11:58:58.322776837Z 66 PC: 13353 | Move file pointer (See above)
2018-12-25T11:58:58.323769869Z 64 PC: 1335e | Write file or device (See above)
2018-12-25T11:58:58.330900975Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:58:58.332221406Z 64 PC: 13372 | Write file or device (See above)
2018-12-25T11:58:58.334298436Z 62 PC: 13376 | Close file (See above)
2018-12-25T11:58:58.340428091Z 79 PC: 13305 | Find next file (See above)
2018-12-25T11:58:58.344131041Z 61 PC: 13313 | Open file (See above)
2018-12-25T11:58:58.350858912Z 63 PC: 1331f | Read file or device (See above)
2018-12-25T11:58:58.357924133Z 66 PC: 1333f | Move file pointer (See above)
2018-12-25T11:58:58.359383108Z 64 PC: 1334a | Write file or device (See above)
2018-12-25T11:58:58.362093523Z 66 PC: 13353 | Move file pointer (See above)
2018-12-25T11:58:58.363963584Z 64 PC: 1335e | Write file or device (See above)
2018-12-25T11:58:58.372366244Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:58:58.373664348Z 64 PC: 13372 | Write file or device (See above)
2018-12-25T11:58:58.376726846Z 62 PC: 13376 | Close file (See above)
2018-12-25T11:58:58.384549904Z 79 PC: 13305 | Find next file (See above)
2018-12-25T11:58:58.387132496Z 61 PC: 13313 | Open file (See above)
2018-12-25T11:58:58.393648138Z 63 PC: 1331f | Read file or device (See above)
2018-12-25T11:58:58.400061119Z 66 PC: 1333f | Move file pointer (See above)
2018-12-25T11:58:58.401086557Z 64 PC: 1334a | Write file or device (See above)
2018-12-25T11:58:58.403649465Z 66 PC: 13353 | Move file pointer (See above)
2018-12-25T11:58:58.404694901Z 64 PC: 1335e | Write file or device (See above)
2018-12-25T11:58:58.410801984Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:58:58.415360656Z 64 PC: 13372 | Write file or device (See above)
2018-12-25T11:58:58.418296789Z 62 PC: 13376 | Close file (See above)
2018-12-25T11:58:58.426031614Z 79 PC: 13305 | Find next file (See above)
2018-12-25T11:58:58.428291642Z 61 PC: 13313 | Open file (See above)
2018-12-25T11:58:58.43249914Z 63 PC: 1331f | Read file or device (See above)
2018-12-25T11:58:58.436541222Z 66 PC: 1333f | Move file pointer (See above)
2018-12-25T11:58:58.438312596Z 64 PC: 1334a | Write file or device (See above)
2018-12-25T11:58:58.44027672Z 66 PC: 13353 | Move file pointer (See above)
2018-12-25T11:58:58.441346317Z 64 PC: 1335e | Write file or device (See above)
2018-12-25T11:58:58.447661133Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:58:58.449065135Z 64 PC: 13372 | Write file or device (See above)
2018-12-25T11:58:58.456045465Z 62 PC: 13376 | Close file (See above)
2018-12-25T11:58:58.463549674Z 79 PC: 13305 | Find next file (See above)
2018-12-25T11:58:58.467842177Z 61 PC: 13313 | Open file (See above)
2018-12-25T11:58:58.476199882Z 63 PC: 1331f | Read file or device (See above)
2018-12-25T11:58:58.48346067Z 66 PC: 1333f | Move file pointer (See above)
2018-12-25T11:58:58.486593178Z 64 PC: 1334a | Write file or device (See above)
2018-12-25T11:58:58.489143365Z 66 PC: 13353 | Move file pointer (See above)
2018-12-25T11:58:58.490759447Z 64 PC: 1335e | Write file or device (See above)
2018-12-25T11:58:58.500424566Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:58:58.502134879Z 64 PC: 13372 | Write file or device (See above)
2018-12-25T11:58:58.506419191Z 62 PC: 13376 | Close file (See above)
2018-12-25T11:58:58.515711049Z 79 PC: 13305 | Find next file (See above)
2018-12-25T11:58:58.5186366Z 61 PC: 13313 | Open file (See above)
2018-12-25T11:58:58.525701591Z 63 PC: 1331f | Read file or device (See above)
2018-12-25T11:58:58.528519023Z 66 PC: 1333f | Move file pointer (See above)
2018-12-25T11:58:58.529888322Z 64 PC: 1334a | Write file or device (See above)
2018-12-25T11:58:58.533506346Z 66 PC: 13353 | Move file pointer (See above)
2018-12-25T11:58:58.534900998Z 64 PC: 1335e | Write file or device (See above)
2018-12-25T11:58:58.543049759Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:58:58.545803044Z 64 PC: 13372 | Write file or device (See above)
2018-12-25T11:58:58.548637899Z 62 PC: 13376 | Close file (See above)
2018-12-25T11:58:58.556820834Z 79 PC: 13305 | Find next file (See above)
2018-12-25T11:58:58.560571357Z 42 PC: 1329f | Get date 0x1329f: cmp dl, 0x1e
0x132a2: jne 0x132f2
0x132a4: mov ah, 0x39
0x132a6: lea dx, word ptr [bp + 0x342]
0x132aa: int 0x21
0x132ac: mov ah, 9
0x132ae: lea dx, word ptr [bp + 0x35b]
0x132b2: int 0x21
0x132b4: mov ax, 0x3521
0x132b7: int 0x21
0x132b9: mov word ptr cs:[bp + 0x2f5], bx
0x132be: mov word ptr cs:[bp + 0x2f7], es
0x132c3: mov ax, 0x2521
0x132c6: lea dx, word ptr [bp + 0x162]
0x132ca: int 0x21
0x132cc: lea dx, word ptr [bp + 0x38c]
0x132d0: int 0x27
0x132d2: pushf
0x132d3: cmp ah, 0x4b
0x132d6: jne 0x132f0
2018-12-25T11:58:58.562976105Z 26 PC: 132f9 | Set disk transfer address
2018-12-25T11:58:58.564390316Z 26 PC: 12f1d | Set disk transfer address
2018-12-25T11:58:58.566779727Z 59 PC: 12f25 | Change current directory
2018-12-25T11:58:58.568822514Z 78 PC: 12f92 | Find first file
2018-12-25T11:58:58.574821734Z 61 PC: 12fa0 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:58:58.582503928Z 63 PC: 12fac | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:58:58.58533717Z 66 PC: 12fcc | Move file pointer
2018-12-25T11:58:58.586797878Z 64 PC: 12fd7 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:58:58.589017557Z 66 PC: 12fe0 | Move file pointer
2018-12-25T11:58:58.5901214Z 64 PC: 12feb | Write file or device (Write 649 bytes on handle 5)
2018-12-25T11:58:58.805763452Z 66 PC: 12ff4 | Move file pointer
2018-12-25T11:58:58.808324588Z 64 PC: 12fff | Write file or device (Write 234 bytes on handle 5)
2018-12-25T11:58:58.812741664Z 62 PC: 13003 | Close file
2018-12-25T11:58:59.153699453Z 79 PC: 12f92 | Find next file (See above)
2018-12-25T11:58:59.157077562Z 61 PC: 12fa0 | Open file (See above)
2018-12-25T11:58:59.163801428Z 63 PC: 12fac | Read file or device (See above)
2018-12-25T11:58:59.16674743Z 66 PC: 12fcc | Move file pointer (See above)
2018-12-25T11:58:59.169057414Z 64 PC: 12fd7 | Write file or device (See above)
2018-12-25T11:58:59.172004164Z 66 PC: 12fe0 | Move file pointer (See above)
2018-12-25T11:58:59.173969657Z 64 PC: 12feb | Write file or device (See above)
2018-12-25T11:58:59.344025387Z 66 PC: 12ff4 | Move file pointer (See above)
2018-12-25T11:58:59.345853443Z 64 PC: 12fff | Write file or device (See above)
2018-12-25T11:58:59.466723836Z 62 PC: 13003 | Close file (See above)
2018-12-25T11:58:59.535298642Z 79 PC: 12f92 | Find next file (See above)
2018-12-25T11:58:59.538354953Z 61 PC: 12fa0 | Open file (See above)
2018-12-25T11:58:59.545956377Z 63 PC: 12fac | Read file or device (See above)
2018-12-25T11:58:59.549048206Z 66 PC: 12fcc | Move file pointer (See above)
2018-12-25T11:58:59.551654724Z 64 PC: 12fd7 | Write file or device (See above)
2018-12-25T11:58:59.554952824Z 66 PC: 12fe0 | Move file pointer (See above)
2018-12-25T11:58:59.556501609Z 64 PC: 12feb | Write file or device (See above)
2018-12-25T11:58:59.572977237Z 66 PC: 12ff4 | Move file pointer (See above)
2018-12-25T11:58:59.57892926Z 64 PC: 12fff | Write file or device (See above)
2018-12-25T11:58:59.61052986Z 62 PC: 13003 | Close file (See above)
2018-12-25T11:58:59.63043373Z 79 PC: 12f92 | Find next file (See above)
2018-12-25T11:58:59.633796155Z 61 PC: 12fa0 | Open file (See above)
2018-12-25T11:58:59.640270154Z 63 PC: 12fac | Read file or device (See above)
2018-12-25T11:58:59.642772562Z 66 PC: 12fcc | Move file pointer (See above)
2018-12-25T11:58:59.64484375Z 64 PC: 12fd7 | Write file or device (See above)
2018-12-25T11:58:59.647659969Z 66 PC: 12fe0 | Move file pointer (See above)
2018-12-25T11:58:59.649061511Z 64 PC: 12feb | Write file or device (See above)
2018-12-25T11:58:59.659371984Z 66 PC: 12ff4 | Move file pointer (See above)
2018-12-25T11:58:59.660721276Z 64 PC: 12fff | Write file or device (See above)
2018-12-25T11:58:59.668851589Z 62 PC: 13003 | Close file (See above)
2018-12-25T11:58:59.679794511Z 79 PC: 12f92 | Find next file (See above)
2018-12-25T11:58:59.684142663Z 61 PC: 12fa0 | Open file (See above)
2018-12-25T11:58:59.691519756Z 63 PC: 12fac | Read file or device (See above)
2018-12-25T11:58:59.695379754Z 66 PC: 12fcc | Move file pointer (See above)
2018-12-25T11:58:59.697046066Z 64 PC: 12fd7 | Write file or device (See above)
2018-12-25T11:58:59.700070636Z 66 PC: 12fe0 | Move file pointer (See above)
2018-12-25T11:58:59.702624784Z 64 PC: 12feb | Write file or device (See above)
2018-12-25T11:58:59.710788175Z 66 PC: 12ff4 | Move file pointer (See above)
2018-12-25T11:58:59.712450451Z 64 PC: 12fff | Write file or device (See above)
2018-12-25T11:58:59.720923615Z 62 PC: 13003 | Close file (See above)
2018-12-25T11:58:59.729146703Z 79 PC: 12f92 | Find next file (See above)
2018-12-25T11:58:59.732188978Z 61 PC: 12fa0 | Open file (See above)
2018-12-25T11:58:59.739764549Z 63 PC: 12fac | Read file or device (See above)
2018-12-25T11:58:59.74217031Z 66 PC: 12fcc | Move file pointer (See above)
2018-12-25T11:58:59.744337397Z 64 PC: 12fd7 | Write file or device (See above)
2018-12-25T11:58:59.747389415Z 66 PC: 12fe0 | Move file pointer (See above)
2018-12-25T11:58:59.749043529Z 64 PC: 12feb | Write file or device (See above)
2018-12-25T11:58:59.758001253Z 66 PC: 12ff4 | Move file pointer (See above)
2018-12-25T11:58:59.759630483Z 64 PC: 12fff | Write file or device (See above)
2018-12-25T11:58:59.767739976Z 62 PC: 13003 | Close file (See above)
2018-12-25T11:58:59.776859839Z 79 PC: 12f92 | Find next file (See above)
2018-12-25T11:58:59.780105215Z 61 PC: 12fa0 | Open file (See above)
2018-12-25T11:58:59.786833731Z 63 PC: 12fac | Read file or device (See above)
2018-12-25T11:58:59.790469075Z 66 PC: 12fcc | Move file pointer (See above)
2018-12-25T11:58:59.792495134Z 64 PC: 12fd7 | Write file or device (See above)
2018-12-25T11:58:59.795357551Z 66 PC: 12fe0 | Move file pointer (See above)
2018-12-25T11:58:59.79781082Z 64 PC: 12feb | Write file or device (See above)
2018-12-25T11:58:59.806471744Z 66 PC: 12ff4 | Move file pointer (See above)
2018-12-25T11:58:59.808548775Z 64 PC: 12fff | Write file or device (See above)
2018-12-25T11:58:59.815683913Z 62 PC: 13003 | Close file (See above)
2018-12-25T11:58:59.824305474Z 79 PC: 12f92 | Find next file (See above)
2018-12-25T11:58:59.826868494Z 61 PC: 12fa0 | Open file (See above)
2018-12-25T11:58:59.833430926Z 63 PC: 12fac | Read file or device (See above)
2018-12-25T11:58:59.836012126Z 66 PC: 12fcc | Move file pointer (See above)
2018-12-25T11:58:59.843636106Z 64 PC: 12fd7 | Write file or device (See above)
2018-12-25T11:58:59.847385533Z 66 PC: 12fe0 | Move file pointer (See above)
2018-12-25T11:58:59.848685568Z 64 PC: 12feb | Write file or device (See above)
2018-12-25T11:58:59.869210293Z 66 PC: 12ff4 | Move file pointer (See above)
2018-12-25T11:58:59.87147402Z 64 PC: 12fff | Write file or device (See above)
2018-12-25T11:58:59.875305069Z 62 PC: 13003 | Close file (See above)
2018-12-25T11:58:59.884388412Z 79 PC: 12f92 | Find next file (See above)
2018-12-25T11:58:59.888419379Z 42 PC: 12f2c | Get date 0x12f2c: cmp dl, 0x1e
0x12f2f: jne 0x12f7f
0x12f31: mov ah, 0x39
0x12f33: lea dx, word ptr [bp + 0x342]
0x12f37: int 0x21
0x12f39: mov ah, 9
0x12f3b: lea dx, word ptr [bp + 0x35b]
0x12f3f: int 0x21
0x12f41: mov ax, 0x3521
0x12f44: int 0x21
0x12f46: mov word ptr cs:[bp + 0x2f5], bx
0x12f4b: mov word ptr cs:[bp + 0x2f7], es
0x12f50: mov ax, 0x2521
0x12f53: lea dx, word ptr [bp + 0x162]
0x12f57: int 0x21
0x12f59: lea dx, word ptr [bp + 0x38c]
0x12f5d: int 0x27
0x12f5f: pushf
0x12f60: cmp ah, 0x4b
0x12f63: jne 0x12f7d
2018-12-25T11:58:59.89096729Z 26 PC: 12f86 | Set disk transfer address
2018-12-25T11:58:59.892806633Z 26 PC: 12baa | Set disk transfer address
2018-12-25T11:58:59.89613164Z 59 PC: 12bb2 | Change current directory
2018-12-25T11:58:59.898869088Z 78 PC: 12c1f | Find first file
2018-12-25T11:58:59.906432071Z 61 PC: 12c2d | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:58:59.916955952Z 63 PC: 12c39 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:58:59.920954334Z 66 PC: 12c59 | Move file pointer
2018-12-25T11:58:59.922752106Z 64 PC: 12c64 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:58:59.92689133Z 66 PC: 12c6d | Move file pointer
2018-12-25T11:58:59.92917676Z 64 PC: 12c78 | Write file or device (Write 649 bytes on handle 5)
2018-12-25T11:58:59.944333832Z 66 PC: 12c81 | Move file pointer
2018-12-25T11:58:59.946662562Z 64 PC: 12c8c | Write file or device (Write 234 bytes on handle 5)
2018-12-25T11:58:59.961337948Z 62 PC: 12c90 | Close file
2018-12-25T11:58:59.969487363Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:58:59.972938609Z 61 PC: 12c2d | Open file (See above)
2018-12-25T11:58:59.990910112Z 63 PC: 12c39 | Read file or device (See above)
2018-12-25T11:58:59.993727939Z 66 PC: 12c59 | Move file pointer (See above)
2018-12-25T11:58:59.995720128Z 64 PC: 12c64 | Write file or device (See above)
2018-12-25T11:58:59.998240808Z 66 PC: 12c6d | Move file pointer (See above)
2018-12-25T11:59:00.000394476Z 64 PC: 12c78 | Write file or device (See above)
2018-12-25T11:59:00.008962096Z 66 PC: 12c81 | Move file pointer (See above)
2018-12-25T11:59:00.011323805Z 64 PC: 12c8c | Write file or device (See above)
2018-12-25T11:59:00.021812182Z 62 PC: 12c90 | Close file (See above)
2018-12-25T11:59:00.029015229Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:59:00.031998288Z 61 PC: 12c2d | Open file (See above)
2018-12-25T11:59:00.038956892Z 63 PC: 12c39 | Read file or device (See above)
2018-12-25T11:59:00.043152675Z 66 PC: 12c59 | Move file pointer (See above)
2018-12-25T11:59:00.044924378Z 64 PC: 12c64 | Write file or device (See above)
2018-12-25T11:59:00.048827201Z 66 PC: 12c6d | Move file pointer (See above)
2018-12-25T11:59:00.050592531Z 64 PC: 12c78 | Write file or device (See above)
2018-12-25T11:59:00.0590387Z 66 PC: 12c81 | Move file pointer (See above)
2018-12-25T11:59:00.06137975Z 64 PC: 12c8c | Write file or device (See above)
2018-12-25T11:59:00.07000002Z 62 PC: 12c90 | Close file (See above)
2018-12-25T11:59:00.08048326Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:59:00.084096604Z 61 PC: 12c2d | Open file (See above)
2018-12-25T11:59:00.090937112Z 63 PC: 12c39 | Read file or device (See above)
2018-12-25T11:59:00.093842439Z 66 PC: 12c59 | Move file pointer (See above)
2018-12-25T11:59:00.096169179Z 64 PC: 12c64 | Write file or device (See above)
2018-12-25T11:59:00.099321466Z 66 PC: 12c6d | Move file pointer (See above)
2018-12-25T11:59:00.102689137Z 64 PC: 12c78 | Write file or device (See above)
2018-12-25T11:59:00.112252235Z 66 PC: 12c81 | Move file pointer (See above)
2018-12-25T11:59:00.113980871Z 64 PC: 12c8c | Write file or device (See above)
2018-12-25T11:59:00.118009128Z 62 PC: 12c90 | Close file (See above)
2018-12-25T11:59:00.126650511Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:59:00.129512689Z 61 PC: 12c2d | Open file (See above)
2018-12-25T11:59:00.137028281Z 63 PC: 12c39 | Read file or device (See above)
2018-12-25T11:59:00.140201521Z 66 PC: 12c59 | Move file pointer (See above)
2018-12-25T11:59:00.141833685Z 64 PC: 12c64 | Write file or device (See above)
2018-12-25T11:59:00.145629941Z 66 PC: 12c6d | Move file pointer (See above)
2018-12-25T11:59:00.147640525Z 64 PC: 12c78 | Write file or device (See above)
2018-12-25T11:59:00.1562883Z 66 PC: 12c81 | Move file pointer (See above)
2018-12-25T11:59:00.158845156Z 64 PC: 12c8c | Write file or device (See above)
2018-12-25T11:59:00.162086739Z 62 PC: 12c90 | Close file (See above)
2018-12-25T11:59:00.170219662Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:59:00.17394572Z 61 PC: 12c2d | Open file (See above)
2018-12-25T11:59:00.180963909Z 63 PC: 12c39 | Read file or device (See above)
2018-12-25T11:59:00.183804502Z 66 PC: 12c59 | Move file pointer (See above)
2018-12-25T11:59:00.186854416Z 64 PC: 12c64 | Write file or device (See above)
2018-12-25T11:59:00.190068812Z 66 PC: 12c6d | Move file pointer (See above)
2018-12-25T11:59:00.191732397Z 64 PC: 12c78 | Write file or device (See above)
2018-12-25T11:59:00.200841407Z 66 PC: 12c81 | Move file pointer (See above)
2018-12-25T11:59:00.202870233Z 64 PC: 12c8c | Write file or device (See above)
2018-12-25T11:59:00.205762818Z 62 PC: 12c90 | Close file (See above)
2018-12-25T11:59:00.214862835Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:59:00.217708241Z 61 PC: 12c2d | Open file (See above)
2018-12-25T11:59:00.225043366Z 63 PC: 12c39 | Read file or device (See above)
2018-12-25T11:59:00.228916124Z 66 PC: 12c59 | Move file pointer (See above)
2018-12-25T11:59:00.230574801Z 64 PC: 12c64 | Write file or device (See above)
2018-12-25T11:59:00.233443411Z 66 PC: 12c6d | Move file pointer (See above)
2018-12-25T11:59:00.235578037Z 64 PC: 12c78 | Write file or device (See above)
2018-12-25T11:59:00.243793053Z 66 PC: 12c81 | Move file pointer (See above)
2018-12-25T11:59:00.246522124Z 64 PC: 12c8c | Write file or device (See above)
2018-12-25T11:59:00.249290148Z 62 PC: 12c90 | Close file (See above)
2018-12-25T11:59:00.257585621Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:59:00.261034172Z 61 PC: 12c2d | Open file (See above)
2018-12-25T11:59:00.268347119Z 63 PC: 12c39 | Read file or device (See above)
2018-12-25T11:59:00.271176043Z 66 PC: 12c59 | Move file pointer (See above)
2018-12-25T11:59:00.273684121Z 64 PC: 12c64 | Write file or device (See above)
2018-12-25T11:59:00.2766621Z 66 PC: 12c6d | Move file pointer (See above)
2018-12-25T11:59:00.278332998Z 64 PC: 12c78 | Write file or device (See above)
2018-12-25T11:59:00.287154688Z 66 PC: 12c81 | Move file pointer (See above)
2018-12-25T11:59:00.288783531Z 64 PC: 12c8c | Write file or device (See above)
2018-12-25T11:59:00.297145518Z 62 PC: 12c90 | Close file (See above)
2018-12-25T11:59:00.305969427Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:59:00.308581722Z 42 PC: 12bb9 | Get date 0x12bb9: cmp dl, 0x1e
0x12bbc: jne 0x12c0c
0x12bbe: mov ah, 0x39
0x12bc0: lea dx, word ptr [bp + 0x342]
0x12bc4: int 0x21
0x12bc6: mov ah, 9
0x12bc8: lea dx, word ptr [bp + 0x35b]
0x12bcc: int 0x21
0x12bce: mov ax, 0x3521
0x12bd1: int 0x21
0x12bd3: mov word ptr cs:[bp + 0x2f5], bx
0x12bd8: mov word ptr cs:[bp + 0x2f7], es
0x12bdd: mov ax, 0x2521
0x12be0: lea dx, word ptr [bp + 0x162]
0x12be4: int 0x21
0x12be6: lea dx, word ptr [bp + 0x38c]
0x12bea: int 0x27
0x12bec: pushf
0x12bed: cmp ah, 0x4b
0x12bf0: jne 0x12c0a
2018-12-25T11:59:00.31120681Z 26 PC: 12c13 | Set disk transfer address
2018-12-25T11:59:00.313416048Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T11:59:00.318890619Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6240,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:58:57.911539119Z 26 PC: 13603 | Set disk transfer address
2018-12-25T11:58:57.913440393Z 59 PC: 1360b | Change current directory
2018-12-25T11:58:57.915061304Z 78 PC: 13678 | Find first file
2018-12-25T11:58:57.927794184Z 61 PC: 13686 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:58:57.93448588Z 63 PC: 13692 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:58:57.940880496Z 66 PC: 136b2 | Move file pointer
2018-12-25T11:58:57.942232049Z 64 PC: 136bd | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:58:57.945958709Z 66 PC: 136c6 | Move file pointer
2018-12-25T11:58:57.953972915Z 64 PC: 136d1 | Write file or device (Write 649 bytes on handle 5)
2018-12-25T11:58:57.968673407Z 66 PC: 136da | Move file pointer
2018-12-25T11:58:57.970883168Z 64 PC: 136e5 | Write file or device (Write 234 bytes on handle 5)
2018-12-25T11:58:57.973555419Z 62 PC: 136e9 | Close file
2018-12-25T11:58:57.981490802Z 79 PC: 13678 | Find next file (See above)
2018-12-25T11:58:57.985233769Z 61 PC: 13686 | Open file (See above)
2018-12-25T11:58:57.992312392Z 63 PC: 13692 | Read file or device (See above)
2018-12-25T11:58:57.998874637Z 66 PC: 136b2 | Move file pointer (See above)
2018-12-25T11:58:58.008970132Z 64 PC: 136bd | Write file or device (See above)
2018-12-25T11:58:58.011652459Z 66 PC: 136c6 | Move file pointer (See above)
2018-12-25T11:58:58.013075424Z 64 PC: 136d1 | Write file or device (See above)
2018-12-25T11:58:58.022463196Z 66 PC: 136da | Move file pointer (See above)
2018-12-25T11:58:58.023880822Z 64 PC: 136e5 | Write file or device (See above)
2018-12-25T11:58:58.026381221Z 62 PC: 136e9 | Close file (See above)
2018-12-25T11:58:58.035253643Z 79 PC: 13678 | Find next file (See above)
2018-12-25T11:58:58.03785508Z 61 PC: 13686 | Open file (See above)
2018-12-25T11:58:58.044244125Z 63 PC: 13692 | Read file or device (See above)
2018-12-25T11:58:58.050652938Z 66 PC: 136b2 | Move file pointer (See above)
2018-12-25T11:58:58.053055803Z 64 PC: 136bd | Write file or device (See above)
2018-12-25T11:58:58.055582878Z 66 PC: 136c6 | Move file pointer (See above)
2018-12-25T11:58:58.056882748Z 64 PC: 136d1 | Write file or device (See above)
2018-12-25T11:58:58.065843458Z 66 PC: 136da | Move file pointer (See above)
2018-12-25T11:58:58.06738513Z 64 PC: 136e5 | Write file or device (See above)
2018-12-25T11:58:58.069939593Z 62 PC: 136e9 | Close file (See above)
2018-12-25T11:58:58.077842317Z 79 PC: 13678 | Find next file (See above)
2018-12-25T11:58:58.080703547Z 61 PC: 13686 | Open file (See above)
2018-12-25T11:58:58.086320766Z 63 PC: 13692 | Read file or device (See above)
2018-12-25T11:58:58.091803607Z 66 PC: 136b2 | Move file pointer (See above)
2018-12-25T11:58:58.092856665Z 64 PC: 136bd | Write file or device (See above)
2018-12-25T11:58:58.095525449Z 66 PC: 136c6 | Move file pointer (See above)
2018-12-25T11:58:58.097481049Z 64 PC: 136d1 | Write file or device (See above)
2018-12-25T11:58:58.104766195Z 66 PC: 136da | Move file pointer (See above)
2018-12-25T11:58:58.106706479Z 64 PC: 136e5 | Write file or device (See above)
2018-12-25T11:58:58.109939587Z 62 PC: 136e9 | Close file (See above)
2018-12-25T11:58:58.118302294Z 79 PC: 13678 | Find next file (See above)
2018-12-25T11:58:58.121811509Z 61 PC: 13686 | Open file (See above)
2018-12-25T11:58:58.129299462Z 63 PC: 13692 | Read file or device (See above)
2018-12-25T11:58:58.13552058Z 66 PC: 136b2 | Move file pointer (See above)
2018-12-25T11:58:58.137052502Z 64 PC: 136bd | Write file or device (See above)
2018-12-25T11:58:58.140484545Z 66 PC: 136c6 | Move file pointer (See above)
2018-12-25T11:58:58.142046974Z 64 PC: 136d1 | Write file or device (See above)
2018-12-25T11:58:58.150221061Z 66 PC: 136da | Move file pointer (See above)
2018-12-25T11:58:58.15185433Z 64 PC: 136e5 | Write file or device (See above)
2018-12-25T11:58:58.15425561Z 62 PC: 136e9 | Close file (See above)
2018-12-25T11:58:58.160476173Z 79 PC: 13678 | Find next file (See above)
2018-12-25T11:58:58.163303151Z 61 PC: 13686 | Open file (See above)
2018-12-25T11:58:58.16902043Z 63 PC: 13692 | Read file or device (See above)
2018-12-25T11:58:58.17387074Z 66 PC: 136b2 | Move file pointer (See above)
2018-12-25T11:58:58.17557597Z 64 PC: 136bd | Write file or device (See above)
2018-12-25T11:58:58.177367839Z 66 PC: 136c6 | Move file pointer (See above)
2018-12-25T11:58:58.178365616Z 64 PC: 136d1 | Write file or device (See above)
2018-12-25T11:58:58.184782697Z 66 PC: 136da | Move file pointer (See above)
2018-12-25T11:58:58.185965935Z 64 PC: 136e5 | Write file or device (See above)
2018-12-25T11:58:58.187677977Z 62 PC: 136e9 | Close file (See above)
2018-12-25T11:58:58.200555384Z 79 PC: 13678 | Find next file (See above)
2018-12-25T11:58:58.202562885Z 61 PC: 13686 | Open file (See above)
2018-12-25T11:58:58.207816217Z 63 PC: 13692 | Read file or device (See above)
2018-12-25T11:58:58.212870624Z 66 PC: 136b2 | Move file pointer (See above)
2018-12-25T11:58:58.214015861Z 64 PC: 136bd | Write file or device (See above)
2018-12-25T11:58:58.215952909Z 66 PC: 136c6 | Move file pointer (See above)
2018-12-25T11:58:58.217450529Z 64 PC: 136d1 | Write file or device (See above)
2018-12-25T11:58:58.22369585Z 66 PC: 136da | Move file pointer (See above)
2018-12-25T11:58:58.224730575Z 64 PC: 136e5 | Write file or device (See above)
2018-12-25T11:58:58.227446169Z 62 PC: 136e9 | Close file (See above)
2018-12-25T11:58:58.232890253Z 79 PC: 13678 | Find next file (See above)
2018-12-25T11:58:58.235215397Z 61 PC: 13686 | Open file (See above)
2018-12-25T11:58:58.242182954Z 63 PC: 13692 | Read file or device (See above)
2018-12-25T11:58:58.24469959Z 66 PC: 136b2 | Move file pointer (See above)
2018-12-25T11:58:58.245936527Z 64 PC: 136bd | Write file or device (See above)
2018-12-25T11:58:58.248105729Z 66 PC: 136c6 | Move file pointer (See above)
2018-12-25T11:58:58.249360228Z 64 PC: 136d1 | Write file or device (See above)
2018-12-25T11:58:58.254818014Z 66 PC: 136da | Move file pointer (See above)
2018-12-25T11:58:58.256011192Z 64 PC: 136e5 | Write file or device (See above)
2018-12-25T11:58:58.263485497Z 62 PC: 136e9 | Close file (See above)
2018-12-25T11:58:58.271581806Z 79 PC: 13678 | Find next file (See above)
2018-12-25T11:58:58.274307447Z 42 PC: 13612 | Get date 0x13612: cmp dl, 0x1e
0x13615: jne 0x13665
0x13617: mov ah, 0x39
0x13619: lea dx, word ptr [bp + 0x342]
0x1361d: int 0x21
0x1361f: mov ah, 9
0x13621: lea dx, word ptr [bp + 0x35b]
0x13625: int 0x21
0x13627: mov ax, 0x3521
0x1362a: int 0x21
0x1362c: mov word ptr cs:[bp + 0x2f5], bx
0x13631: mov word ptr cs:[bp + 0x2f7], es
0x13636: mov ax, 0x2521
0x13639: lea dx, word ptr [bp + 0x162]
0x1363d: int 0x21
0x1363f: lea dx, word ptr [bp + 0x38c]
0x13643: int 0x27
0x13645: pushf
0x13646: cmp ah, 0x4b
0x13649: jne 0x13663
2018-12-25T11:58:58.276215161Z 26 PC: 1366c | Set disk transfer address
2018-12-25T11:58:58.27719965Z 26 PC: 13290 | Set disk transfer address
2018-12-25T11:58:58.278619758Z 59 PC: 13298 | Change current directory
2018-12-25T11:58:58.280627149Z 78 PC: 13305 | Find first file
2018-12-25T11:58:58.285794126Z 61 PC: 13313 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:58:58.298792346Z 63 PC: 1331f | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:58:58.305707864Z 66 PC: 1333f | Move file pointer
2018-12-25T11:58:58.307013149Z 64 PC: 1334a | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:58:58.309926811Z 66 PC: 13353 | Move file pointer
2018-12-25T11:58:58.311932531Z 64 PC: 1335e | Write file or device (Write 649 bytes on handle 5)
2018-12-25T11:58:58.320577155Z 66 PC: 13367 | Move file pointer
2018-12-25T11:58:58.322339202Z 64 PC: 13372 | Write file or device (Write 234 bytes on handle 5)
2018-12-25T11:58:58.332584075Z 62 PC: 13376 | Close file
2018-12-25T11:58:58.340667913Z 79 PC: 13305 | Find next file (See above)
2018-12-25T11:58:58.343160905Z 61 PC: 13313 | Open file (See above)
2018-12-25T11:58:58.350320625Z 63 PC: 1331f | Read file or device (See above)
2018-12-25T11:58:58.356872461Z 66 PC: 1333f | Move file pointer (See above)
2018-12-25T11:58:58.358120114Z 64 PC: 1334a | Write file or device (See above)
2018-12-25T11:58:58.361472825Z 66 PC: 13353 | Move file pointer (See above)
2018-12-25T11:58:58.362734955Z 64 PC: 1335e | Write file or device (See above)
2018-12-25T11:58:58.37147953Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:58:58.373178066Z 64 PC: 13372 | Write file or device (See above)
2018-12-25T11:58:58.375963448Z 62 PC: 13376 | Close file (See above)
2018-12-25T11:58:58.383822604Z 79 PC: 13305 | Find next file (See above)
2018-12-25T11:58:58.386651214Z 61 PC: 13313 | Open file (See above)
2018-12-25T11:58:58.392877953Z 63 PC: 1331f | Read file or device (See above)
2018-12-25T11:58:58.39971383Z 66 PC: 1333f | Move file pointer (See above)
2018-12-25T11:58:58.401444105Z 64 PC: 1334a | Write file or device (See above)
2018-12-25T11:58:58.404192294Z 66 PC: 13353 | Move file pointer (See above)
2018-12-25T11:58:58.405774045Z 64 PC: 1335e | Write file or device (See above)
2018-12-25T11:58:58.415826389Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:58:58.417444054Z 64 PC: 13372 | Write file or device (See above)
2018-12-25T11:58:58.420251754Z 62 PC: 13376 | Close file (See above)
2018-12-25T11:58:58.429454262Z 79 PC: 13305 | Find next file (See above)
2018-12-25T11:58:58.432575006Z 61 PC: 13313 | Open file (See above)
2018-12-25T11:58:58.439024028Z 63 PC: 1331f | Read file or device (See above)
2018-12-25T11:58:58.445715143Z 66 PC: 1333f | Move file pointer (See above)
2018-12-25T11:58:58.447253845Z 64 PC: 1334a | Write file or device (See above)
2018-12-25T11:58:58.449913109Z 66 PC: 13353 | Move file pointer (See above)
2018-12-25T11:58:58.452156168Z 64 PC: 1335e | Write file or device (See above)
2018-12-25T11:58:58.461753433Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:58:58.463106567Z 64 PC: 13372 | Write file or device (See above)
2018-12-25T11:58:58.466189095Z 62 PC: 13376 | Close file (See above)
2018-12-25T11:58:58.474583351Z 79 PC: 13305 | Find next file (See above)
2018-12-25T11:58:58.477524939Z 61 PC: 13313 | Open file (See above)
2018-12-25T11:58:58.484947004Z 63 PC: 1331f | Read file or device (See above)
2018-12-25T11:58:58.491961435Z 66 PC: 1333f | Move file pointer (See above)
2018-12-25T11:58:58.493631555Z 64 PC: 1334a | Write file or device (See above)
2018-12-25T11:58:58.498802679Z 66 PC: 13353 | Move file pointer (See above)
2018-12-25T11:58:58.501033421Z 64 PC: 1335e | Write file or device (See above)
2018-12-25T11:58:58.509901318Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:58:58.512363632Z 64 PC: 13372 | Write file or device (See above)
2018-12-25T11:58:58.515091149Z 62 PC: 13376 | Close file (See above)
2018-12-25T11:58:58.523122934Z 79 PC: 13305 | Find next file (See above)
2018-12-25T11:58:58.526780682Z 61 PC: 13313 | Open file (See above)
2018-12-25T11:58:58.533469238Z 63 PC: 1331f | Read file or device (See above)
2018-12-25T11:58:58.53979173Z 66 PC: 1333f | Move file pointer (See above)
2018-12-25T11:58:58.542140103Z 64 PC: 1334a | Write file or device (See above)
2018-12-25T11:58:58.545338206Z 66 PC: 13353 | Move file pointer (See above)
2018-12-25T11:58:58.546813599Z 64 PC: 1335e | Write file or device (See above)
2018-12-25T11:58:58.556751947Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:58:58.559331678Z 64 PC: 13372 | Write file or device (See above)
2018-12-25T11:58:58.567226364Z 62 PC: 13376 | Close file (See above)
2018-12-25T11:58:58.766643469Z 79 PC: 13305 | Find next file (See above)
2018-12-25T11:58:58.769243076Z 61 PC: 13313 | Open file (See above)
2018-12-25T11:58:58.775468927Z 63 PC: 1331f | Read file or device (See above)
2018-12-25T11:58:58.781927124Z 66 PC: 1333f | Move file pointer (See above)
2018-12-25T11:58:58.78325394Z 64 PC: 1334a | Write file or device (See above)
2018-12-25T11:58:58.785613659Z 66 PC: 13353 | Move file pointer (See above)
2018-12-25T11:58:58.787197857Z 64 PC: 1335e | Write file or device (See above)
2018-12-25T11:58:58.874119094Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:58:58.875406139Z 64 PC: 13372 | Write file or device (See above)
2018-12-25T11:58:58.878640625Z 62 PC: 13376 | Close file (See above)
2018-12-25T11:58:59.239098893Z 79 PC: 13305 | Find next file (See above)
2018-12-25T11:58:59.241765221Z 61 PC: 13313 | Open file (See above)
2018-12-25T11:58:59.248952653Z 63 PC: 1331f | Read file or device (See above)
2018-12-25T11:58:59.255192078Z 66 PC: 1333f | Move file pointer (See above)
2018-12-25T11:58:59.256382759Z 64 PC: 1334a | Write file or device (See above)
2018-12-25T11:58:59.259101618Z 66 PC: 13353 | Move file pointer (See above)
2018-12-25T11:58:59.260437795Z 64 PC: 1335e | Write file or device (See above)
2018-12-25T11:58:59.535289496Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:58:59.537575288Z 64 PC: 13372 | Write file or device (See above)
2018-12-25T11:58:59.541564785Z 62 PC: 13376 | Close file (See above)
2018-12-25T11:58:59.549931163Z 79 PC: 13305 | Find next file (See above)
2018-12-25T11:58:59.552757033Z 42 PC: 1329f | Get date 0x1329f: cmp dl, 0x1e
0x132a2: jne 0x132f2
0x132a4: mov ah, 0x39
0x132a6: lea dx, word ptr [bp + 0x342]
0x132aa: int 0x21
0x132ac: mov ah, 9
0x132ae: lea dx, word ptr [bp + 0x35b]
0x132b2: int 0x21
0x132b4: mov ax, 0x3521
0x132b7: int 0x21
0x132b9: mov word ptr cs:[bp + 0x2f5], bx
0x132be: mov word ptr cs:[bp + 0x2f7], es
0x132c3: mov ax, 0x2521
0x132c6: lea dx, word ptr [bp + 0x162]
0x132ca: int 0x21
0x132cc: lea dx, word ptr [bp + 0x38c]
0x132d0: int 0x27
0x132d2: pushf
0x132d3: cmp ah, 0x4b
0x132d6: jne 0x132f0
2018-12-25T11:58:59.556322234Z 26 PC: 132f9 | Set disk transfer address
2018-12-25T11:58:59.557404829Z 26 PC: 12f1d | Set disk transfer address
2018-12-25T11:58:59.55835387Z 59 PC: 12f25 | Change current directory
2018-12-25T11:58:59.560754619Z 78 PC: 12f92 | Find first file
2018-12-25T11:58:59.576127886Z 61 PC: 12fa0 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:58:59.583318269Z 63 PC: 12fac | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:58:59.586748795Z 66 PC: 12fcc | Move file pointer
2018-12-25T11:58:59.588399254Z 64 PC: 12fd7 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:58:59.591645212Z 66 PC: 12fe0 | Move file pointer
2018-12-25T11:58:59.594855724Z 64 PC: 12feb | Write file or device (Write 649 bytes on handle 5)
2018-12-25T11:58:59.603108691Z 66 PC: 12ff4 | Move file pointer
2018-12-25T11:58:59.604764433Z 64 PC: 12fff | Write file or device (Write 234 bytes on handle 5)
2018-12-25T11:58:59.608740046Z 62 PC: 13003 | Close file
2018-12-25T11:58:59.616928048Z 79 PC: 12f92 | Find next file (See above)
2018-12-25T11:58:59.619880767Z 61 PC: 12fa0 | Open file (See above)
2018-12-25T11:58:59.627632388Z 63 PC: 12fac | Read file or device (See above)
2018-12-25T11:58:59.630106487Z 66 PC: 12fcc | Move file pointer (See above)
2018-12-25T11:58:59.631651458Z 64 PC: 12fd7 | Write file or device (See above)
2018-12-25T11:58:59.63551202Z 66 PC: 12fe0 | Move file pointer (See above)
2018-12-25T11:58:59.637041438Z 64 PC: 12feb | Write file or device (See above)
2018-12-25T11:58:59.644993967Z 66 PC: 12ff4 | Move file pointer (See above)
2018-12-25T11:58:59.64732411Z 64 PC: 12fff | Write file or device (See above)
2018-12-25T11:58:59.655881885Z 62 PC: 13003 | Close file (See above)
2018-12-25T11:58:59.664280156Z 79 PC: 12f92 | Find next file (See above)
2018-12-25T11:58:59.66810026Z 61 PC: 12fa0 | Open file (See above)
2018-12-25T11:58:59.675611045Z 63 PC: 12fac | Read file or device (See above)
2018-12-25T11:58:59.680661125Z 66 PC: 12fcc | Move file pointer (See above)
2018-12-25T11:58:59.683251709Z 64 PC: 12fd7 | Write file or device (See above)
2018-12-25T11:58:59.686094825Z 66 PC: 12fe0 | Move file pointer (See above)
2018-12-25T11:58:59.687945989Z 64 PC: 12feb | Write file or device (See above)
2018-12-25T11:58:59.698689599Z 66 PC: 12ff4 | Move file pointer (See above)
2018-12-25T11:58:59.700479484Z 64 PC: 12fff | Write file or device (See above)
2018-12-25T11:58:59.710733062Z 62 PC: 13003 | Close file (See above)
2018-12-25T11:58:59.721232163Z 79 PC: 12f92 | Find next file (See above)
2018-12-25T11:58:59.724107544Z 61 PC: 12fa0 | Open file (See above)
2018-12-25T11:58:59.731050628Z 63 PC: 12fac | Read file or device (See above)
2018-12-25T11:58:59.734613195Z 66 PC: 12fcc | Move file pointer (See above)
2018-12-25T11:58:59.736255744Z 64 PC: 12fd7 | Write file or device (See above)
2018-12-25T11:58:59.739301151Z 66 PC: 12fe0 | Move file pointer (See above)
2018-12-25T11:58:59.741687374Z 64 PC: 12feb | Write file or device (See above)
2018-12-25T11:58:59.749973876Z 66 PC: 12ff4 | Move file pointer (See above)
2018-12-25T11:58:59.751859972Z 64 PC: 12fff | Write file or device (See above)
2018-12-25T11:58:59.763627489Z 62 PC: 13003 | Close file (See above)
2018-12-25T11:58:59.771666035Z 79 PC: 12f92 | Find next file (See above)
2018-12-25T11:58:59.774734326Z 61 PC: 12fa0 | Open file (See above)
2018-12-25T11:58:59.787269506Z 63 PC: 12fac | Read file or device (See above)
2018-12-25T11:58:59.790066037Z 66 PC: 12fcc | Move file pointer (See above)
2018-12-25T11:58:59.792132987Z 64 PC: 12fd7 | Write file or device (See above)
2018-12-25T11:58:59.795299499Z 66 PC: 12fe0 | Move file pointer (See above)
2018-12-25T11:58:59.796959043Z 64 PC: 12feb | Write file or device (See above)
2018-12-25T11:58:59.806004276Z 66 PC: 12ff4 | Move file pointer (See above)
2018-12-25T11:58:59.807728657Z 64 PC: 12fff | Write file or device (See above)
2018-12-25T11:58:59.815997512Z 62 PC: 13003 | Close file (See above)
2018-12-25T11:58:59.825121357Z 79 PC: 12f92 | Find next file (See above)
2018-12-25T11:58:59.828340108Z 61 PC: 12fa0 | Open file (See above)
2018-12-25T11:58:59.834954391Z 63 PC: 12fac | Read file or device (See above)
2018-12-25T11:58:59.838717988Z 66 PC: 12fcc | Move file pointer (See above)
2018-12-25T11:58:59.841977211Z 64 PC: 12fd7 | Write file or device (See above)
2018-12-25T11:58:59.844684178Z 66 PC: 12fe0 | Move file pointer (See above)
2018-12-25T11:58:59.8469805Z 64 PC: 12feb | Write file or device (See above)
2018-12-25T11:58:59.855420325Z 66 PC: 12ff4 | Move file pointer (See above)
2018-12-25T11:58:59.856859158Z 64 PC: 12fff | Write file or device (See above)
2018-12-25T11:58:59.86572632Z 62 PC: 13003 | Close file (See above)
2018-12-25T11:58:59.874517582Z 79 PC: 12f92 | Find next file (See above)
2018-12-25T11:58:59.877364599Z 61 PC: 12fa0 | Open file (See above)
2018-12-25T11:58:59.884842119Z 63 PC: 12fac | Read file or device (See above)
2018-12-25T11:58:59.888035705Z 66 PC: 12fcc | Move file pointer (See above)
2018-12-25T11:58:59.889660889Z 64 PC: 12fd7 | Write file or device (See above)
2018-12-25T11:58:59.893343161Z 66 PC: 12fe0 | Move file pointer (See above)
2018-12-25T11:58:59.895366837Z 64 PC: 12feb | Write file or device (See above)
2018-12-25T11:58:59.903671572Z 66 PC: 12ff4 | Move file pointer (See above)
2018-12-25T11:58:59.906139257Z 64 PC: 12fff | Write file or device (See above)
2018-12-25T11:58:59.914568321Z 62 PC: 13003 | Close file (See above)
2018-12-25T11:58:59.923238612Z 79 PC: 12f92 | Find next file (See above)
2018-12-25T11:58:59.926900597Z 61 PC: 12fa0 | Open file (See above)
2018-12-25T11:58:59.933925132Z 63 PC: 12fac | Read file or device (See above)
2018-12-25T11:58:59.936741997Z 66 PC: 12fcc | Move file pointer (See above)
2018-12-25T11:58:59.939071935Z 64 PC: 12fd7 | Write file or device (See above)
2018-12-25T11:58:59.941861149Z 66 PC: 12fe0 | Move file pointer (See above)
2018-12-25T11:58:59.943164462Z 64 PC: 12feb | Write file or device (See above)
2018-12-25T11:58:59.952153622Z 66 PC: 12ff4 | Move file pointer (See above)
2018-12-25T11:58:59.953615776Z 64 PC: 12fff | Write file or device (See above)
2018-12-25T11:58:59.95638617Z 62 PC: 13003 | Close file (See above)
2018-12-25T11:58:59.965698151Z 79 PC: 12f92 | Find next file (See above)
2018-12-25T11:58:59.968336651Z 42 PC: 12f2c | Get date 0x12f2c: cmp dl, 0x1e
0x12f2f: jne 0x12f7f
0x12f31: mov ah, 0x39
0x12f33: lea dx, word ptr [bp + 0x342]
0x12f37: int 0x21
0x12f39: mov ah, 9
0x12f3b: lea dx, word ptr [bp + 0x35b]
0x12f3f: int 0x21
0x12f41: mov ax, 0x3521
0x12f44: int 0x21
0x12f46: mov word ptr cs:[bp + 0x2f5], bx
0x12f4b: mov word ptr cs:[bp + 0x2f7], es
0x12f50: mov ax, 0x2521
0x12f53: lea dx, word ptr [bp + 0x162]
0x12f57: int 0x21
0x12f59: lea dx, word ptr [bp + 0x38c]
0x12f5d: int 0x27
0x12f5f: pushf
0x12f60: cmp ah, 0x4b
0x12f63: jne 0x12f7d
2018-12-25T11:58:59.970738156Z 26 PC: 12f86 | Set disk transfer address
2018-12-25T11:58:59.973257449Z 26 PC: 12baa | Set disk transfer address
2018-12-25T11:58:59.97462324Z 59 PC: 12bb2 | Change current directory
2018-12-25T11:58:59.976633693Z 78 PC: 12c1f | Find first file
2018-12-25T11:58:59.983753038Z 61 PC: 12c2d | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:58:59.990405344Z 63 PC: 12c39 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:58:59.993953851Z 66 PC: 12c59 | Move file pointer
2018-12-25T11:58:59.996687372Z 64 PC: 12c64 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:58:59.999533216Z 66 PC: 12c6d | Move file pointer
2018-12-25T11:59:00.001192958Z 64 PC: 12c78 | Write file or device (Write 649 bytes on handle 5)
2018-12-25T11:59:00.011030814Z 66 PC: 12c81 | Move file pointer
2018-12-25T11:59:00.012702224Z 64 PC: 12c8c | Write file or device (Write 234 bytes on handle 5)
2018-12-25T11:59:00.015595467Z 62 PC: 12c90 | Close file
2018-12-25T11:59:00.024914356Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:59:00.027793531Z 61 PC: 12c2d | Open file (See above)
2018-12-25T11:59:00.038550703Z 63 PC: 12c39 | Read file or device (See above)
2018-12-25T11:59:00.042557778Z 66 PC: 12c59 | Move file pointer (See above)
2018-12-25T11:59:00.044144945Z 64 PC: 12c64 | Write file or device (See above)
2018-12-25T11:59:00.046802335Z 66 PC: 12c6d | Move file pointer (See above)
2018-12-25T11:59:00.048629557Z 64 PC: 12c78 | Write file or device (See above)
2018-12-25T11:59:00.055004704Z 66 PC: 12c81 | Move file pointer (See above)
2018-12-25T11:59:00.056650187Z 64 PC: 12c8c | Write file or device (See above)
2018-12-25T11:59:00.060508071Z 62 PC: 12c90 | Close file (See above)
2018-12-25T11:59:00.067047244Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:59:00.069581139Z 61 PC: 12c2d | Open file (See above)
2018-12-25T11:59:00.077085816Z 63 PC: 12c39 | Read file or device (See above)
2018-12-25T11:59:00.080003948Z 66 PC: 12c59 | Move file pointer (See above)
2018-12-25T11:59:00.082181051Z 64 PC: 12c64 | Write file or device (See above)
2018-12-25T11:59:00.086185165Z 66 PC: 12c6d | Move file pointer (See above)
2018-12-25T11:59:00.087912593Z 64 PC: 12c78 | Write file or device (See above)
2018-12-25T11:59:00.095934854Z 66 PC: 12c81 | Move file pointer (See above)
2018-12-25T11:59:00.09771748Z 64 PC: 12c8c | Write file or device (See above)
2018-12-25T11:59:00.104778911Z 62 PC: 12c90 | Close file (See above)
2018-12-25T11:59:00.112989182Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:59:00.116924378Z 61 PC: 12c2d | Open file (See above)
2018-12-25T11:59:00.123589213Z 63 PC: 12c39 | Read file or device (See above)
2018-12-25T11:59:00.126593607Z 66 PC: 12c59 | Move file pointer (See above)
2018-12-25T11:59:00.129206597Z 64 PC: 12c64 | Write file or device (See above)
2018-12-25T11:59:00.132817626Z 66 PC: 12c6d | Move file pointer (See above)
2018-12-25T11:59:00.134661411Z 64 PC: 12c78 | Write file or device (See above)
2018-12-25T11:59:00.143858964Z 66 PC: 12c81 | Move file pointer (See above)
2018-12-25T11:59:00.145538491Z 64 PC: 12c8c | Write file or device (See above)
2018-12-25T11:59:00.148620435Z 62 PC: 12c90 | Close file (See above)
2018-12-25T11:59:00.158404888Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:59:00.16115117Z 61 PC: 12c2d | Open file (See above)
2018-12-25T11:59:00.168050106Z 63 PC: 12c39 | Read file or device (See above)
2018-12-25T11:59:00.171879543Z 66 PC: 12c59 | Move file pointer (See above)
2018-12-25T11:59:00.173512113Z 64 PC: 12c64 | Write file or device (See above)
2018-12-25T11:59:00.176571737Z 66 PC: 12c6d | Move file pointer (See above)
2018-12-25T11:59:00.179228454Z 64 PC: 12c78 | Write file or device (See above)
2018-12-25T11:59:00.1875646Z 66 PC: 12c81 | Move file pointer (See above)
2018-12-25T11:59:00.190056624Z 64 PC: 12c8c | Write file or device (See above)
2018-12-25T11:59:00.193347832Z 62 PC: 12c90 | Close file (See above)
2018-12-25T11:59:00.20202257Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:59:00.205720017Z 61 PC: 12c2d | Open file (See above)
2018-12-25T11:59:00.212787083Z 63 PC: 12c39 | Read file or device (See above)
2018-12-25T11:59:00.215614965Z 66 PC: 12c59 | Move file pointer (See above)
2018-12-25T11:59:00.218098704Z 64 PC: 12c64 | Write file or device (See above)
2018-12-25T11:59:00.221347299Z 66 PC: 12c6d | Move file pointer (See above)
2018-12-25T11:59:00.22301219Z 64 PC: 12c78 | Write file or device (See above)
2018-12-25T11:59:00.232089902Z 66 PC: 12c81 | Move file pointer (See above)
2018-12-25T11:59:00.234141251Z 64 PC: 12c8c | Write file or device (See above)
2018-12-25T11:59:00.23702693Z 62 PC: 12c90 | Close file (See above)
2018-12-25T11:59:00.246695896Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:59:00.249841721Z 61 PC: 12c2d | Open file (See above)
2018-12-25T11:59:00.256552842Z 63 PC: 12c39 | Read file or device (See above)
2018-12-25T11:59:00.260118964Z 66 PC: 12c59 | Move file pointer (See above)
2018-12-25T11:59:00.262076142Z 64 PC: 12c64 | Write file or device (See above)
2018-12-25T11:59:00.264890666Z 66 PC: 12c6d | Move file pointer (See above)
2018-12-25T11:59:00.267372008Z 64 PC: 12c78 | Write file or device (See above)
2018-12-25T11:59:00.276329108Z 66 PC: 12c81 | Move file pointer (See above)
2018-12-25T11:59:00.277935936Z 64 PC: 12c8c | Write file or device (See above)
2018-12-25T11:59:00.281718569Z 62 PC: 12c90 | Close file (See above)
2018-12-25T11:59:00.290257675Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:59:00.293043073Z 61 PC: 12c2d | Open file (See above)
2018-12-25T11:59:00.300515972Z 63 PC: 12c39 | Read file or device (See above)
2018-12-25T11:59:00.303667311Z 66 PC: 12c59 | Move file pointer (See above)
2018-12-25T11:59:00.305234244Z 64 PC: 12c64 | Write file or device (See above)
2018-12-25T11:59:00.308907841Z 66 PC: 12c6d | Move file pointer (See above)
2018-12-25T11:59:00.310903825Z 64 PC: 12c78 | Write file or device (See above)
2018-12-25T11:59:00.319092604Z 66 PC: 12c81 | Move file pointer (See above)
2018-12-25T11:59:00.321590338Z 64 PC: 12c8c | Write file or device (See above)
2018-12-25T11:59:00.330013647Z 62 PC: 12c90 | Close file (See above)
2018-12-25T11:59:00.338187925Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:59:00.342386288Z 42 PC: 12bb9 | Get date 0x12bb9: cmp dl, 0x1e
0x12bbc: jne 0x12c0c
0x12bbe: mov ah, 0x39
0x12bc0: lea dx, word ptr [bp + 0x342]
0x12bc4: int 0x21
0x12bc6: mov ah, 9
0x12bc8: lea dx, word ptr [bp + 0x35b]
0x12bcc: int 0x21
0x12bce: mov ax, 0x3521
0x12bd1: int 0x21
0x12bd3: mov word ptr cs:[bp + 0x2f5], bx
0x12bd8: mov word ptr cs:[bp + 0x2f7], es
0x12bdd: mov ax, 0x2521
0x12be0: lea dx, word ptr [bp + 0x162]
0x12be4: int 0x21
0x12be6: lea dx, word ptr [bp + 0x38c]
0x12bea: int 0x27
0x12bec: pushf
0x12bed: cmp ah, 0x4b
0x12bf0: jne 0x12c0a
2018-12-25T11:59:00.345109111Z 26 PC: 12c13 | Set disk transfer address
2018-12-25T11:59:00.346476514Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T11:59:00.352379447Z 76 PC: 12a86 | Terminate with return code (Return code = '36')