Sample viewer

vx.netlux.org/Virus.DOS.DIW.555

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:41:21.140539637Z 9 PC: 12aff | Display string (String= '')
2018-12-17T22:41:21.143568451Z 47 PC: 12b0d | Get disk transfer address
2018-12-17T22:41:21.145699746Z 26 PC: 12b1b | Set disk transfer address
2018-12-17T22:41:21.147035493Z 78 PC: 12bcf | Find first file
2018-12-17T22:41:21.153945259Z 47 PC: 12bd5 | Get disk transfer address
2018-12-17T22:41:21.159880394Z 9 PC: 12b4b | Display string (String= '')
2018-12-17T22:41:21.164377178Z 61 PC: 12b70 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:41:21.172283627Z 63 PC: 12b7e | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:41:21.181005882Z 66 PC: 12b9d | Move file pointer
2018-12-17T22:41:21.182630482Z 64 PC: 12ba6 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:41:21.185675497Z 66 PC: 12bb2 | Move file pointer
2018-12-17T22:41:21.187795686Z 64 PC: 12bbe | Write file or device (Write 555 bytes on handle 5)
2018-12-17T22:41:21.203625768Z 62 PC: 12bc5 | Close file
2018-12-17T22:41:21.213166236Z 79 PC: 12beb | Find next file
2018-12-17T22:41:21.217196034Z 9 PC: 12b4b | Display string (String= '')
2018-12-17T22:41:21.220370729Z 61 PC: 12b70 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:41:21.228211773Z 63 PC: 12b7e | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:41:21.235652807Z 66 PC: 12b9d | Move file pointer
2018-12-17T22:41:21.238534284Z 64 PC: 12ba6 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:41:21.242620216Z 66 PC: 12bb2 | Move file pointer
2018-12-17T22:41:21.244568413Z 64 PC: 12bbe | Write file or device (Write 555 bytes on handle 5)
2018-12-17T22:41:21.25428991Z 62 PC: 12bc5 | Close file
2018-12-17T22:41:21.263484175Z 79 PC: 12beb | Find next file
2018-12-17T22:41:21.266705508Z 9 PC: 12b4b | Display string (String= '')
2018-12-17T22:41:21.270308099Z 61 PC: 12b70 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:41:21.277408317Z 63 PC: 12b7e | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:41:21.284401805Z 66 PC: 12b9d | Move file pointer
2018-12-17T22:41:21.286451472Z 64 PC: 12ba6 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:41:21.290046323Z 66 PC: 12bb2 | Move file pointer
2018-12-17T22:41:21.291815443Z 64 PC: 12bbe | Write file or device (Write 555 bytes on handle 5)
2018-12-17T22:41:21.301531672Z 62 PC: 12bc5 | Close file
2018-12-17T22:41:21.308655198Z 79 PC: 12beb | Find next file
2018-12-17T22:41:21.312438334Z 9 PC: 12b4b | Display string (String= '')
2018-12-17T22:41:21.315707844Z 61 PC: 12b70 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:41:21.323915145Z 63 PC: 12b7e | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:41:21.331558347Z 66 PC: 12b9d | Move file pointer
2018-12-17T22:41:21.33375819Z 64 PC: 12ba6 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:41:21.336524617Z 66 PC: 12bb2 | Move file pointer
2018-12-17T22:41:21.341480338Z 64 PC: 12bbe | Write file or device (Write 555 bytes on handle 5)
2018-12-17T22:41:21.350662559Z 62 PC: 12bc5 | Close file
2018-12-17T22:41:21.359984894Z 79 PC: 12beb | Find next file
2018-12-17T22:41:21.362906127Z 9 PC: 12b4b | Display string (String= '')
2018-12-17T22:41:21.365555369Z 61 PC: 12b70 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:41:21.373214868Z 63 PC: 12b7e | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:41:21.380589213Z 66 PC: 12b9d | Move file pointer
2018-12-17T22:41:21.382079488Z 64 PC: 12ba6 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:41:21.385427635Z 66 PC: 12bb2 | Move file pointer
2018-12-17T22:41:21.387641605Z 64 PC: 12bbe | Write file or device (Write 555 bytes on handle 5)
2018-12-17T22:41:21.396337001Z 62 PC: 12bc5 | Close file
2018-12-17T22:41:21.40650076Z 79 PC: 12beb | Find next file
2018-12-17T22:41:21.409458146Z 9 PC: 12b4b | Display string (String= '')
2018-12-17T22:41:21.411838338Z 61 PC: 12b70 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:41:21.419563224Z 63 PC: 12b7e | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:41:21.426527717Z 66 PC: 12b9d | Move file pointer
2018-12-17T22:41:21.427812316Z 64 PC: 12ba6 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:41:21.431090656Z 66 PC: 12bb2 | Move file pointer
2018-12-17T22:41:21.432494929Z 64 PC: 12bbe | Write file or device (Write 555 bytes on handle 5)
2018-12-17T22:41:21.442616657Z 62 PC: 12bc5 | Close file
2018-12-17T22:41:21.451733853Z 79 PC: 12beb | Find next file
2018-12-17T22:41:21.454766218Z 9 PC: 12b4b | Display string (String= '')
2018-12-17T22:41:21.457131163Z 61 PC: 12b70 | Open file (Filename = 'PAH.COM')
2018-12-17T22:41:21.464385694Z 63 PC: 12b7e | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:41:21.472191902Z 66 PC: 12b9d | Move file pointer
2018-12-17T22:41:21.474116184Z 64 PC: 12ba6 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:41:21.477073156Z 66 PC: 12bb2 | Move file pointer
2018-12-17T22:41:21.479030749Z 64 PC: 12bbe | Write file or device (Write 555 bytes on handle 5)
2018-12-17T22:41:21.488520193Z 62 PC: 12bc5 | Close file
2018-12-17T22:41:21.497664037Z 79 PC: 12beb | Find next file
2018-12-17T22:41:21.501450854Z 9 PC: 12b4b | Display string (String= '')
2018-12-17T22:41:21.503784481Z 61 PC: 12b70 | Open file (Filename = 'TEST.COM')
2018-12-17T22:41:21.511566928Z 63 PC: 12b7e | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:41:21.514695957Z 62 PC: 12bc5 | Close file
2018-12-17T22:41:21.516551193Z 79 PC: 12beb | Find next file
2018-12-17T22:41:21.518993344Z 42 PC: 12bf4 | Get date 0x12bf4: cmp dh, dl
0x12bf6: je 0x12c05
0x12bf8: cmp dh, 0xb
0x12bfb: jne 0x12c02
0x12bfd: cmp dl, 0x1c
0x12c00: je 0x12c03
0x12c02: ret
0x12c03: int 0x19
0x12c05: mov ah, 0x2c
0x12c07: int 0x21
0x12c09: cmp ch, 0x12
0x12c0c: jl 0x12c37
0x12c0e: mov ah, 9
0x12c10: mov dx, di
0x12c12: add dx, 0x30
0x12c15: int 0x21
0x12c17: xor ax, ax
0x12c19: int 0x16
0x12c1b: cli
0x12c1c: mov al, 0xad
2018-12-17T22:41:21.521623175Z 78 PC: 12c88 | Find first file
2018-12-17T22:41:21.527797264Z 26 PC: 12b30 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7189,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:00:58.885736645Z 9 PC: 12aff | Display string (String= '')
2018-12-25T12:00:58.895891468Z 47 PC: 12b0d | Get disk transfer address
2018-12-25T12:00:58.897703511Z 26 PC: 12b1b | Set disk transfer address
2018-12-25T12:00:58.89991384Z 78 PC: 12bcf | Find first file
2018-12-25T12:00:58.907878623Z 47 PC: 12bd5 | Get disk transfer address
2018-12-25T12:00:58.910720225Z 9 PC: 12b4b | Display string (String= '')
2018-12-25T12:00:58.915192364Z 61 PC: 12b70 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:00:58.925052341Z 63 PC: 12b7e | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:00:58.933324934Z 66 PC: 12b9d | Move file pointer
2018-12-25T12:00:58.936002107Z 64 PC: 12ba6 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:00:58.939556677Z 66 PC: 12bb2 | Move file pointer
2018-12-25T12:00:58.942501674Z 64 PC: 12bbe | Write file or device (Write 555 bytes on handle 5)
2018-12-25T12:00:58.958258734Z 62 PC: 12bc5 | Close file
2018-12-25T12:00:58.968188551Z 79 PC: 12beb | Find next file
2018-12-25T12:00:58.977087139Z 9 PC: 12b4b | Display string (See above)
2018-12-25T12:00:58.979616271Z 61 PC: 12b70 | Open file (See above)
2018-12-25T12:00:58.987153249Z 63 PC: 12b7e | Read file or device (See above)
2018-12-25T12:00:58.995441701Z 66 PC: 12b9d | Move file pointer (See above)
2018-12-25T12:00:59.008913974Z 64 PC: 12ba6 | Write file or device (See above)
2018-12-25T12:00:59.011978842Z 66 PC: 12bb2 | Move file pointer (See above)
2018-12-25T12:00:59.014334388Z 64 PC: 12bbe | Write file or device (See above)
2018-12-25T12:00:59.023416089Z 62 PC: 12bc5 | Close file (See above)
2018-12-25T12:00:59.032616247Z 79 PC: 12beb | Find next file (See above)
2018-12-25T12:00:59.0359246Z 9 PC: 12b4b | Display string (See above)
2018-12-25T12:00:59.038842095Z 61 PC: 12b70 | Open file (See above)
2018-12-25T12:00:59.046424418Z 63 PC: 12b7e | Read file or device (See above)
2018-12-25T12:00:59.054820607Z 66 PC: 12b9d | Move file pointer (See above)
2018-12-25T12:00:59.057387525Z 64 PC: 12ba6 | Write file or device (See above)
2018-12-25T12:00:59.060707098Z 66 PC: 12bb2 | Move file pointer (See above)
2018-12-25T12:00:59.062687927Z 64 PC: 12bbe | Write file or device (See above)
2018-12-25T12:00:59.072226545Z 62 PC: 12bc5 | Close file (See above)
2018-12-25T12:00:59.081858861Z 79 PC: 12beb | Find next file (See above)
2018-12-25T12:00:59.084942429Z 9 PC: 12b4b | Display string (See above)
2018-12-25T12:00:59.088357435Z 61 PC: 12b70 | Open file (See above)
2018-12-25T12:00:59.096314744Z 63 PC: 12b7e | Read file or device (See above)
2018-12-25T12:00:59.103776023Z 66 PC: 12b9d | Move file pointer (See above)
2018-12-25T12:00:59.105810915Z 64 PC: 12ba6 | Write file or device (See above)
2018-12-25T12:00:59.107905142Z 66 PC: 12bb2 | Move file pointer (See above)
2018-12-25T12:00:59.109248561Z 64 PC: 12bbe | Write file or device (See above)
2018-12-25T12:00:59.116087711Z 62 PC: 12bc5 | Close file (See above)
2018-12-25T12:00:59.122090731Z 79 PC: 12beb | Find next file (See above)
2018-12-25T12:00:59.124809985Z 9 PC: 12b4b | Display string (See above)
2018-12-25T12:00:59.126599313Z 61 PC: 12b70 | Open file (See above)
2018-12-25T12:00:59.131992847Z 63 PC: 12b7e | Read file or device (See above)
2018-12-25T12:00:59.138321653Z 66 PC: 12b9d | Move file pointer (See above)
2018-12-25T12:00:59.139539864Z 64 PC: 12ba6 | Write file or device (See above)
2018-12-25T12:00:59.142349565Z 66 PC: 12bb2 | Move file pointer (See above)
2018-12-25T12:00:59.143802017Z 64 PC: 12bbe | Write file or device (See above)
2018-12-25T12:00:59.150175549Z 62 PC: 12bc5 | Close file (See above)
2018-12-25T12:00:59.156776375Z 79 PC: 12beb | Find next file (See above)
2018-12-25T12:00:59.159042398Z 9 PC: 12b4b | Display string (See above)
2018-12-25T12:00:59.16066574Z 61 PC: 12b70 | Open file (See above)
2018-12-25T12:00:59.166252601Z 63 PC: 12b7e | Read file or device (See above)
2018-12-25T12:00:59.171442409Z 66 PC: 12b9d | Move file pointer (See above)
2018-12-25T12:00:59.173817363Z 64 PC: 12ba6 | Write file or device (See above)
2018-12-25T12:00:59.17760312Z 66 PC: 12bb2 | Move file pointer (See above)
2018-12-25T12:00:59.179177118Z 64 PC: 12bbe | Write file or device (See above)
2018-12-25T12:00:59.186634006Z 62 PC: 12bc5 | Close file (See above)
2018-12-25T12:00:59.196608608Z 79 PC: 12beb | Find next file (See above)
2018-12-25T12:00:59.200261332Z 9 PC: 12b4b | Display string (See above)
2018-12-25T12:00:59.203026277Z 61 PC: 12b70 | Open file (See above)
2018-12-25T12:00:59.211120269Z 63 PC: 12b7e | Read file or device (See above)
2018-12-25T12:00:59.218779062Z 66 PC: 12b9d | Move file pointer (See above)
2018-12-25T12:00:59.220293203Z 64 PC: 12ba6 | Write file or device (See above)
2018-12-25T12:00:59.223205273Z 66 PC: 12bb2 | Move file pointer (See above)
2018-12-25T12:00:59.225351585Z 64 PC: 12bbe | Write file or device (See above)
2018-12-25T12:00:59.234147235Z 62 PC: 12bc5 | Close file (See above)
2018-12-25T12:00:59.243193702Z 79 PC: 12beb | Find next file (See above)
2018-12-25T12:00:59.246894541Z 9 PC: 12b4b | Display string (See above)
2018-12-25T12:00:59.249296075Z 61 PC: 12b70 | Open file (See above)
2018-12-25T12:00:59.256864134Z 63 PC: 12b7e | Read file or device (See above)
2018-12-25T12:00:59.260433332Z 62 PC: 12bc5 | Close file (See above)
2018-12-25T12:00:59.262405976Z 79 PC: 12beb | Find next file (See above)
2018-12-25T12:00:59.265048598Z 42 PC: 12bf4 | Get date 0x12bf4: cmp dh, dl
0x12bf6: je 0x12c05
0x12bf8: cmp dh, 0xb
0x12bfb: jne 0x12c02
0x12bfd: cmp dl, 0x1c
0x12c00: je 0x12c03
0x12c02: ret
0x12c03: int 0x19
0x12c05: mov ah, 0x2c
0x12c07: int 0x21
0x12c09: cmp ch, 0x12
0x12c0c: jl 0x12c37
0x12c0e: mov ah, 9
0x12c10: mov dx, di
0x12c12: add dx, 0x30
0x12c15: int 0x21
0x12c17: xor ax, ax
0x12c19: int 0x16
0x12c1b: cli
0x12c1c: mov al, 0xad
2018-12-25T12:00:59.268399189Z 78 PC: 12c88 | Find first file
2018-12-25T12:00:59.274502285Z 26 PC: 12b30 | Set disk transfer address

{"DateBased":true,"Day":28,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7189,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:00:59.153879578Z 9 PC: 12aff | Display string (String= '')
2018-12-25T12:00:59.163316324Z 47 PC: 12b0d | Get disk transfer address
2018-12-25T12:00:59.164510999Z 26 PC: 12b1b | Set disk transfer address
2018-12-25T12:00:59.165655894Z 78 PC: 12bcf | Find first file
2018-12-25T12:00:59.172208175Z 47 PC: 12bd5 | Get disk transfer address
2018-12-25T12:00:59.173520398Z 9 PC: 12b4b | Display string (String= '')
2018-12-25T12:00:59.176634763Z 61 PC: 12b70 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:00:59.183369762Z 63 PC: 12b7e | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:00:59.189781034Z 66 PC: 12b9d | Move file pointer
2018-12-25T12:00:59.191078409Z 64 PC: 12ba6 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:00:59.19382171Z 66 PC: 12bb2 | Move file pointer
2018-12-25T12:00:59.201156942Z 64 PC: 12bbe | Write file or device (Write 555 bytes on handle 5)
2018-12-25T12:00:59.214654832Z 62 PC: 12bc5 | Close file
2018-12-25T12:00:59.22244346Z 79 PC: 12beb | Find next file
2018-12-25T12:00:59.225526557Z 9 PC: 12b4b | Display string (See above)
2018-12-25T12:00:59.227885585Z 61 PC: 12b70 | Open file (See above)
2018-12-25T12:00:59.23456524Z 63 PC: 12b7e | Read file or device (See above)
2018-12-25T12:00:59.241662269Z 66 PC: 12b9d | Move file pointer (See above)
2018-12-25T12:00:59.243250061Z 64 PC: 12ba6 | Write file or device (See above)
2018-12-25T12:00:59.246005097Z 66 PC: 12bb2 | Move file pointer (See above)
2018-12-25T12:00:59.248611367Z 64 PC: 12bbe | Write file or device (See above)
2018-12-25T12:00:59.256792887Z 62 PC: 12bc5 | Close file (See above)
2018-12-25T12:00:59.264762917Z 79 PC: 12beb | Find next file (See above)
2018-12-25T12:00:59.268219497Z 9 PC: 12b4b | Display string (See above)
2018-12-25T12:00:59.270622337Z 61 PC: 12b70 | Open file (See above)
2018-12-25T12:00:59.277138326Z 63 PC: 12b7e | Read file or device (See above)
2018-12-25T12:00:59.284743659Z 66 PC: 12b9d | Move file pointer (See above)
2018-12-25T12:00:59.289505127Z 64 PC: 12ba6 | Write file or device (See above)
2018-12-25T12:00:59.292228517Z 66 PC: 12bb2 | Move file pointer (See above)
2018-12-25T12:00:59.293674615Z 64 PC: 12bbe | Write file or device (See above)
2018-12-25T12:00:59.30269599Z 62 PC: 12bc5 | Close file (See above)
2018-12-25T12:00:59.310947472Z 79 PC: 12beb | Find next file (See above)
2018-12-25T12:00:59.313622421Z 9 PC: 12b4b | Display string (See above)
2018-12-25T12:00:59.318532796Z 61 PC: 12b70 | Open file (See above)
2018-12-25T12:00:59.325111704Z 63 PC: 12b7e | Read file or device (See above)
2018-12-25T12:00:59.331813253Z 66 PC: 12b9d | Move file pointer (See above)
2018-12-25T12:00:59.334400284Z 64 PC: 12ba6 | Write file or device (See above)
2018-12-25T12:00:59.337039238Z 66 PC: 12bb2 | Move file pointer (See above)
2018-12-25T12:00:59.338746332Z 64 PC: 12bbe | Write file or device (See above)
2018-12-25T12:00:59.347224198Z 62 PC: 12bc5 | Close file (See above)
2018-12-25T12:00:59.355215988Z 79 PC: 12beb | Find next file (See above)
2018-12-25T12:00:59.358061468Z 9 PC: 12b4b | Display string (See above)
2018-12-25T12:00:59.361592294Z 61 PC: 12b70 | Open file (See above)
2018-12-25T12:00:59.368107921Z 63 PC: 12b7e | Read file or device (See above)
2018-12-25T12:00:59.374319216Z 66 PC: 12b9d | Move file pointer (See above)
2018-12-25T12:00:59.376783105Z 64 PC: 12ba6 | Write file or device (See above)
2018-12-25T12:00:59.379402423Z 66 PC: 12bb2 | Move file pointer (See above)
2018-12-25T12:00:59.38151275Z 64 PC: 12bbe | Write file or device (See above)
2018-12-25T12:00:59.403365812Z 62 PC: 12bc5 | Close file (See above)
2018-12-25T12:00:59.412461054Z 79 PC: 12beb | Find next file (See above)
2018-12-25T12:00:59.415433677Z 9 PC: 12b4b | Display string (See above)
2018-12-25T12:00:59.419045964Z 61 PC: 12b70 | Open file (See above)
2018-12-25T12:00:59.426107201Z 63 PC: 12b7e | Read file or device (See above)
2018-12-25T12:00:59.432709218Z 66 PC: 12b9d | Move file pointer (See above)
2018-12-25T12:00:59.434616852Z 64 PC: 12ba6 | Write file or device (See above)
2018-12-25T12:00:59.437687234Z 66 PC: 12bb2 | Move file pointer (See above)
2018-12-25T12:00:59.43899956Z 64 PC: 12bbe | Write file or device (See above)
2018-12-25T12:00:59.450366119Z 62 PC: 12bc5 | Close file (See above)
2018-12-25T12:00:59.458772283Z 79 PC: 12beb | Find next file (See above)
2018-12-25T12:00:59.46195587Z 9 PC: 12b4b | Display string (See above)
2018-12-25T12:00:59.464038805Z 61 PC: 12b70 | Open file (See above)
2018-12-25T12:00:59.471885874Z 63 PC: 12b7e | Read file or device (See above)
2018-12-25T12:00:59.482771058Z 66 PC: 12b9d | Move file pointer (See above)
2018-12-25T12:00:59.484284682Z 64 PC: 12ba6 | Write file or device (See above)
2018-12-25T12:00:59.487693663Z 66 PC: 12bb2 | Move file pointer (See above)
2018-12-25T12:00:59.4891811Z 64 PC: 12bbe | Write file or device (See above)
2018-12-25T12:00:59.497936243Z 62 PC: 12bc5 | Close file (See above)
2018-12-25T12:00:59.506564017Z 79 PC: 12beb | Find next file (See above)
2018-12-25T12:00:59.509264939Z 9 PC: 12b4b | Display string (See above)
2018-12-25T12:00:59.511342141Z 61 PC: 12b70 | Open file (See above)
2018-12-25T12:00:59.518041402Z 63 PC: 12b7e | Read file or device (See above)
2018-12-25T12:00:59.520510839Z 62 PC: 12bc5 | Close file (See above)
2018-12-25T12:00:59.522163471Z 79 PC: 12beb | Find next file (See above)
2018-12-25T12:00:59.525346175Z 42 PC: 12bf4 | Get date 0x12bf4: cmp dh, dl
0x12bf6: je 0x12c05
0x12bf8: cmp dh, 0xb
0x12bfb: jne 0x12c02
0x12bfd: cmp dl, 0x1c
0x12c00: je 0x12c03
0x12c02: ret
0x12c03: int 0x19
0x12c05: mov ah, 0x2c
0x12c07: int 0x21
0x12c09: cmp ch, 0x12
0x12c0c: jl 0x12c37
0x12c0e: mov ah, 9
0x12c10: mov dx, di
0x12c12: add dx, 0x30
0x12c15: int 0x21
0x12c17: xor ax, ax
0x12c19: int 0x16
0x12c1b: cli
0x12c1c: mov al, 0xad
2018-12-25T12:01:01.563265488Z 72 PC: 8f1b9 | Allocate memory
2018-12-25T12:01:01.565529847Z 72 PC: 8f1bd | Allocate memory
2018-12-25T12:01:01.568204519Z 99 PC: 90858 | Get DBCS lead byte table pointer
2018-12-25T12:01:01.571430609Z 61 PC: 91f88 | Open file (Filename = 'C:\WINDOWS\HIMEM.SYS')
2018-12-25T12:01:01.58208498Z 66 PC: 91f95 | Move file pointer
2018-12-25T12:01:01.58948306Z 62 PC: 91fc1 | Close file
2018-12-25T12:01:01.592257707Z 75 PC: 91fe0 | Execute program
2018-12-25T12:01:01.607786289Z 98 PC: 916f1 | Get current PSP
2018-12-25T12:01:01.609721925Z 9 PC: c605 | Display string (String= '6��r�&;] u')
2018-12-25T12:01:01.61906262Z 48 PC: c609 | Get DOS version
2018-12-25T12:01:01.622144894Z 9 PC: c382 | Display string (String= ' Installed A20 handler number ')
2018-12-25T12:01:01.627170779Z 2 PC: c38c | Character output (Char = '32')
2018-12-25T12:01:01.630607377Z 2 PC: c3a7 | Character output (Char = '2e')
2018-12-25T12:01:01.633894412Z 9 PC: c6d9 | Display string (String= '�����VH�VD���V@��������������_���Ku��t1��������D�����t �� ��������a1��Z�����W���� ������5���|�����(���������Nj�(��������p�^')
2018-12-25T12:01:01.645838923Z 9 PC: c6e0 | Display string (String= '�5���|�����(���������Nj�(��������p�^')
2018-12-25T12:01:01.654929291Z 61 PC: 91f88 | Open file (See above)
2018-12-25T12:01:01.664742233Z 66 PC: 91f95 | Move file pointer (See above)
2018-12-25T12:01:01.666780553Z 62 PC: 91fc1 | Close file (See above)
2018-12-25T12:01:01.66898983Z 75 PC: 91fe0 | Execute program (See above)
2018-12-25T12:01:01.692785679Z 98 PC: 916f1 | Get current PSP (See above)
2018-12-25T12:01:01.69821976Z 82 PC: 13d46 | Get DOS internal pointers (SYSVARS)
2018-12-25T12:01:01.699517338Z 53 PC: 13ac3 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:01:01.700640602Z 37 PC: 13ad6 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:01:01.702553437Z 53 PC: 13ae0 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:01:01.703602598Z 37 PC: 13af3 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:01:01.704472238Z 9 PC: 13a0d | Display string (Could not find end pointer)
2018-12-25T12:01:01.715308376Z 62 PC: 8f8eb | Close file
2018-12-25T12:01:01.717036148Z 62 PC: 8f8f2 | Close file
2018-12-25T12:01:01.718856652Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:01.720870374Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:01.722337719Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:01.723945778Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:01.727480302Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:01.730626498Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:01.732157658Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:01.73424532Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:01.736073413Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:01.737779326Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:01.740430045Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:01.742389767Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:01.743937641Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:01.745874823Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:01.747138606Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:01.748731271Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:01.750897506Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:01.752189147Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:01.753313404Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:01.755182434Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:01.757030887Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:01.758818903Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:01.761019865Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:01.762373983Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:01.763683894Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:01.765326618Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:01.766677246Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:01.767873953Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:01.769523018Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:01.771029566Z 61 PC: 8f8ff | Open file (Filename = '')
2018-12-25T12:01:01.776629234Z 62 PC: 8f90e | Close file
2018-12-25T12:01:01.779008752Z 69 PC: 8f915 | Duplicate handle
2018-12-25T12:01:01.78089161Z 69 PC: 8f919 | Duplicate handle
2018-12-25T12:01:01.782757333Z 61 PC: 9387b | Open file (Filename = '')
2018-12-25T12:01:01.788108994Z 68 PC: 9386b | I/O control for devices (Set for = '')
2018-12-25T12:01:01.78970153Z 61 PC: 9387b | Open file (See above)
2018-12-25T12:01:01.794504554Z 68 PC: 9386b | I/O control for devices (See above)
2018-12-25T12:01:01.796993983Z 74 PC: 8f9c4 | Reallocate memory
2018-12-25T12:01:01.798394159Z 72 PC: 8f9e0 | Allocate memory
2018-12-25T12:01:01.800369112Z 72 PC: 8f9e4 | Allocate memory
2018-12-25T12:01:01.802873096Z 74 PC: 8f9fb | Reallocate memory
2018-12-25T12:01:01.804766736Z 72 PC: 8fa02 | Allocate memory
2018-12-25T12:01:01.806656108Z 72 PC: 8fa06 | Allocate memory
2018-12-25T12:01:01.808557124Z 73 PC: 8fa11 | Release memory
2018-12-25T12:01:01.811132099Z 73 PC: 8efea | Release memory
2018-12-25T12:01:01.812658294Z 74 PC: 8f003 | Reallocate memory
2018-12-25T12:01:01.814459696Z 72 PC: 8f054 | Allocate memory
2018-12-25T12:01:01.816659616Z 72 PC: 8f058 | Allocate memory
2018-12-25T12:01:01.818046327Z 73 PC: 8f060 | Release memory
2018-12-25T12:01:01.819291239Z 61 PC: 8f080 | Open file (Filename = 'r,�S�������[�
2018-12-25T12:01:01.829350668Z 63 PC: 8f095 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:01:01.834928304Z 66 PC: 8f0ad | Move file pointer
2018-12-25T12:01:01.836445793Z 62 PC: 8f0d1 | Close file
2018-12-25T12:01:01.839036243Z 75 PC: 8f0f2 | Execute program
2018-12-25T12:01:01.861919098Z 80 PC: 12be9 | Set current PSP
2018-12-25T12:01:01.862734195Z 48 PC: 12bee | Get DOS version
2018-12-25T12:01:01.865761488Z 99 PC: 193d0 | Get DBCS lead byte table pointer
2018-12-25T12:01:01.868459725Z 101 PC: 12c74 | Get extended country info
2018-12-25T12:01:01.869792775Z 99 PC: 12c7a | Get DBCS lead byte table pointer
2018-12-25T12:01:01.872163009Z 74 PC: 12cdc | Reallocate memory
2018-12-25T12:01:01.873921807Z 72 PC: 1355d | Allocate memory
2018-12-25T12:01:01.875721908Z 25 PC: 13596 | Get default drive
2018-12-25T12:01:01.878216531Z 71 PC: 135ad | Get current directory
2018-12-25T12:01:01.880775132Z 59 PC: 135ba | Change current directory
2018-12-25T12:01:01.886525524Z 59 PC: 135c8 | Change current directory
2018-12-25T12:01:01.892736721Z 59 PC: 135d3 | Change current directory
2018-12-25T12:01:01.896307853Z 25 PC: 12d13 | Get default drive
2018-12-25T12:01:01.897703501Z 37 PC: 127d3 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:01:01.899492167Z 37 PC: 127da | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:01:01.900534398Z 37 PC: 127e1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:01:01.902677585Z 80 PC: 1301d | Set current PSP
2018-12-25T12:01:01.904182437Z 37 PC: 13041 | Set interrupt vector (Interrupt = '46' AKA 'Set verify flag')
2018-12-25T12:01:01.905450064Z 53 PC: 13362 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:01:01.906566496Z 37 PC: 13383 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:01:01.908621131Z 51 PC: 13417 | Get or set Ctrl-Break
2018-12-25T12:01:01.910467528Z 72 PC: 130ec | Allocate memory
2018-12-25T12:01:01.912133561Z 61 PC: 131b2 | Open file (Filename = '')
2018-12-25T12:01:01.920457984Z 62 PC: 131ba | Close file
2018-12-25T12:01:01.92308291Z 51 PC: 1344c | Get or set Ctrl-Break
2018-12-25T12:01:01.925033501Z 74 PC: 1197c | Reallocate memory
2018-12-25T12:01:01.927265063Z 72 PC: 11991 | Allocate memory
2018-12-25T12:01:01.928833681Z 73 PC: 119b2 | Release memory
2018-12-25T12:01:01.930295854Z 72 PC: 119bd | Allocate memory
2018-12-25T12:01:01.932735353Z 73 PC: 119df | Release memory
2018-12-25T12:01:01.933986932Z 72 PC: 119f5 | Allocate memory
2018-12-25T12:01:01.936331459Z 72 PC: 119fd | Allocate memory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7189,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:01:00.321511493Z 9 PC: 12aff | Display string (String= '')
2018-12-25T12:01:00.32369406Z 47 PC: 12b0d | Get disk transfer address
2018-12-25T12:01:00.325417345Z 26 PC: 12b1b | Set disk transfer address
2018-12-25T12:01:00.326745927Z 78 PC: 12bcf | Find first file
2018-12-25T12:01:00.33300972Z 47 PC: 12bd5 | Get disk transfer address
2018-12-25T12:01:00.334567296Z 9 PC: 12b4b | Display string (String= '')
2018-12-25T12:01:00.336802263Z 61 PC: 12b70 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:01:00.343550495Z 63 PC: 12b7e | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:01:00.350132902Z 66 PC: 12b9d | Move file pointer
2018-12-25T12:01:00.351637486Z 64 PC: 12ba6 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:01:00.355409401Z 66 PC: 12bb2 | Move file pointer
2018-12-25T12:01:00.357445771Z 64 PC: 12bbe | Write file or device (Write 555 bytes on handle 5)
2018-12-25T12:01:00.377615098Z 62 PC: 12bc5 | Close file
2018-12-25T12:01:00.385801294Z 79 PC: 12beb | Find next file
2018-12-25T12:01:00.388860978Z 9 PC: 12b4b | Display string (See above)
2018-12-25T12:01:00.393704909Z 61 PC: 12b70 | Open file (See above)
2018-12-25T12:01:00.400942955Z 63 PC: 12b7e | Read file or device (See above)
2018-12-25T12:01:00.407725636Z 66 PC: 12b9d | Move file pointer (See above)
2018-12-25T12:01:00.409695199Z 64 PC: 12ba6 | Write file or device (See above)
2018-12-25T12:01:00.412278696Z 66 PC: 12bb2 | Move file pointer (See above)
2018-12-25T12:01:00.413509964Z 64 PC: 12bbe | Write file or device (See above)
2018-12-25T12:01:00.422855452Z 62 PC: 12bc5 | Close file (See above)
2018-12-25T12:01:00.43254048Z 79 PC: 12beb | Find next file (See above)
2018-12-25T12:01:00.435410063Z 9 PC: 12b4b | Display string (See above)
2018-12-25T12:01:00.438628083Z 61 PC: 12b70 | Open file (See above)
2018-12-25T12:01:00.446175705Z 63 PC: 12b7e | Read file or device (See above)
2018-12-25T12:01:00.453429484Z 66 PC: 12b9d | Move file pointer (See above)
2018-12-25T12:01:00.456859676Z 64 PC: 12ba6 | Write file or device (See above)
2018-12-25T12:01:00.460057127Z 66 PC: 12bb2 | Move file pointer (See above)
2018-12-25T12:01:00.461958532Z 64 PC: 12bbe | Write file or device (See above)
2018-12-25T12:01:00.47237473Z 62 PC: 12bc5 | Close file (See above)
2018-12-25T12:01:00.482011096Z 79 PC: 12beb | Find next file (See above)
2018-12-25T12:01:00.484920269Z 9 PC: 12b4b | Display string (See above)
2018-12-25T12:01:00.48801561Z 61 PC: 12b70 | Open file (See above)
2018-12-25T12:01:00.496285245Z 63 PC: 12b7e | Read file or device (See above)
2018-12-25T12:01:00.503840902Z 66 PC: 12b9d | Move file pointer (See above)
2018-12-25T12:01:00.506896229Z 64 PC: 12ba6 | Write file or device (See above)
2018-12-25T12:01:00.510794031Z 66 PC: 12bb2 | Move file pointer (See above)
2018-12-25T12:01:00.512705356Z 64 PC: 12bbe | Write file or device (See above)
2018-12-25T12:01:00.521545921Z 62 PC: 12bc5 | Close file (See above)
2018-12-25T12:01:00.535876073Z 79 PC: 12beb | Find next file (See above)
2018-12-25T12:01:00.538873094Z 9 PC: 12b4b | Display string (See above)
2018-12-25T12:01:00.541322705Z 61 PC: 12b70 | Open file (See above)
2018-12-25T12:01:00.549774249Z 63 PC: 12b7e | Read file or device (See above)
2018-12-25T12:01:00.557644486Z 66 PC: 12b9d | Move file pointer (See above)
2018-12-25T12:01:00.559096567Z 64 PC: 12ba6 | Write file or device (See above)
2018-12-25T12:01:00.562262988Z 66 PC: 12bb2 | Move file pointer (See above)
2018-12-25T12:01:00.563431063Z 64 PC: 12bbe | Write file or device (See above)
2018-12-25T12:01:00.569121733Z 62 PC: 12bc5 | Close file (See above)
2018-12-25T12:01:00.57709301Z 79 PC: 12beb | Find next file (See above)
2018-12-25T12:01:00.580551664Z 9 PC: 12b4b | Display string (See above)
2018-12-25T12:01:00.58345904Z 61 PC: 12b70 | Open file (See above)
2018-12-25T12:01:00.592538879Z 63 PC: 12b7e | Read file or device (See above)
2018-12-25T12:01:00.59957952Z 66 PC: 12b9d | Move file pointer (See above)
2018-12-25T12:01:00.600996139Z 64 PC: 12ba6 | Write file or device (See above)
2018-12-25T12:01:00.603667018Z 66 PC: 12bb2 | Move file pointer (See above)
2018-12-25T12:01:00.605149428Z 64 PC: 12bbe | Write file or device (See above)
2018-12-25T12:01:00.614274958Z 62 PC: 12bc5 | Close file (See above)
2018-12-25T12:01:00.623237358Z 79 PC: 12beb | Find next file (See above)
2018-12-25T12:01:00.627295681Z 9 PC: 12b4b | Display string (See above)
2018-12-25T12:01:00.629577973Z 61 PC: 12b70 | Open file (See above)
2018-12-25T12:01:00.636401856Z 63 PC: 12b7e | Read file or device (See above)
2018-12-25T12:01:00.644068618Z 66 PC: 12b9d | Move file pointer (See above)
2018-12-25T12:01:00.645554912Z 64 PC: 12ba6 | Write file or device (See above)
2018-12-25T12:01:00.648409792Z 66 PC: 12bb2 | Move file pointer (See above)
2018-12-25T12:01:00.650496821Z 64 PC: 12bbe | Write file or device (See above)
2018-12-25T12:01:00.65887959Z 62 PC: 12bc5 | Close file (See above)
2018-12-25T12:01:00.675362889Z 79 PC: 12beb | Find next file (See above)
2018-12-25T12:01:00.679280602Z 9 PC: 12b4b | Display string (See above)
2018-12-25T12:01:00.681686567Z 61 PC: 12b70 | Open file (See above)
2018-12-25T12:01:00.688980803Z 63 PC: 12b7e | Read file or device (See above)
2018-12-25T12:01:00.692124215Z 62 PC: 12bc5 | Close file (See above)
2018-12-25T12:01:00.694211869Z 79 PC: 12beb | Find next file (See above)
2018-12-25T12:01:00.697379656Z 42 PC: 12bf4 | Get date 0x12bf4: cmp dh, dl
0x12bf6: je 0x12c05
0x12bf8: cmp dh, 0xb
0x12bfb: jne 0x12c02
0x12bfd: cmp dl, 0x1c
0x12c00: je 0x12c03
0x12c02: ret
0x12c03: int 0x19
0x12c05: mov ah, 0x2c
0x12c07: int 0x21
0x12c09: cmp ch, 0x12
0x12c0c: jl 0x12c37
0x12c0e: mov ah, 9
0x12c10: mov dx, di
0x12c12: add dx, 0x30
0x12c15: int 0x21
0x12c17: xor ax, ax
0x12c19: int 0x16
0x12c1b: cli
0x12c1c: mov al, 0xad
2018-12-25T12:01:00.699689685Z 44 PC: 12c09 | Get time 0x12c09: cmp ch, 0x12
0x12c0c: jl 0x12c37
0x12c0e: mov ah, 9
0x12c10: mov dx, di
0x12c12: add dx, 0x30
0x12c15: int 0x21
0x12c17: xor ax, ax
0x12c19: int 0x16
0x12c1b: cli
0x12c1c: mov al, 0xad
0x12c1e: out 0x64, al
0x12c20: jmp 0x12c22
0x12c22: sti
0x12c23: call 0x12c38
0x12c26: cli
0x12c27: mov al, 0xae
0x12c29: out 0x64, al
0x12c2b: jmp 0x12c2d
0x12c2d: sti
0x12c2e: mov ah, 9
2018-12-25T12:01:00.704182499Z 78 PC: 12c88 | Find first file
2018-12-25T12:01:00.710733866Z 26 PC: 12b30 | Set disk transfer address

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7189,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:01:00.745338358Z 9 PC: 12aff | Display string (String= '')
2018-12-25T12:01:00.747699111Z 47 PC: 12b0d | Get disk transfer address
2018-12-25T12:01:00.749223101Z 26 PC: 12b1b | Set disk transfer address
2018-12-25T12:01:00.750561294Z 78 PC: 12bcf | Find first file
2018-12-25T12:01:00.757380383Z 47 PC: 12bd5 | Get disk transfer address
2018-12-25T12:01:00.759234822Z 9 PC: 12b4b | Display string (String= '')
2018-12-25T12:01:00.761561597Z 61 PC: 12b70 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:01:00.768568344Z 63 PC: 12b7e | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:01:00.776211472Z 66 PC: 12b9d | Move file pointer
2018-12-25T12:01:00.778273304Z 64 PC: 12ba6 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:01:00.782041847Z 66 PC: 12bb2 | Move file pointer
2018-12-25T12:01:00.784552453Z 64 PC: 12bbe | Write file or device (Write 555 bytes on handle 5)
2018-12-25T12:01:00.800135176Z 62 PC: 12bc5 | Close file
2018-12-25T12:01:00.808970528Z 79 PC: 12beb | Find next file
2018-12-25T12:01:00.812522127Z 9 PC: 12b4b | Display string (See above)
2018-12-25T12:01:00.815222141Z 61 PC: 12b70 | Open file (See above)
2018-12-25T12:01:00.822426679Z 63 PC: 12b7e | Read file or device (See above)
2018-12-25T12:01:00.82908515Z 66 PC: 12b9d | Move file pointer (See above)
2018-12-25T12:01:00.83098062Z 64 PC: 12ba6 | Write file or device (See above)
2018-12-25T12:01:00.833737772Z 66 PC: 12bb2 | Move file pointer (See above)
2018-12-25T12:01:00.83511744Z 64 PC: 12bbe | Write file or device (See above)
2018-12-25T12:01:00.844359761Z 62 PC: 12bc5 | Close file (See above)
2018-12-25T12:01:00.853421969Z 79 PC: 12beb | Find next file (See above)
2018-12-25T12:01:00.8571081Z 9 PC: 12b4b | Display string (See above)
2018-12-25T12:01:00.859911196Z 61 PC: 12b70 | Open file (See above)
2018-12-25T12:01:00.868901836Z 63 PC: 12b7e | Read file or device (See above)
2018-12-25T12:01:00.875707092Z 66 PC: 12b9d | Move file pointer (See above)
2018-12-25T12:01:00.877645483Z 64 PC: 12ba6 | Write file or device (See above)
2018-12-25T12:01:00.880731834Z 66 PC: 12bb2 | Move file pointer (See above)
2018-12-25T12:01:00.882389981Z 64 PC: 12bbe | Write file or device (See above)
2018-12-25T12:01:00.892103898Z 62 PC: 12bc5 | Close file (See above)
2018-12-25T12:01:00.901712367Z 79 PC: 12beb | Find next file (See above)
2018-12-25T12:01:00.904800176Z 9 PC: 12b4b | Display string (See above)
2018-12-25T12:01:00.908297568Z 61 PC: 12b70 | Open file (See above)
2018-12-25T12:01:00.91556695Z 63 PC: 12b7e | Read file or device (See above)
2018-12-25T12:01:00.923104876Z 66 PC: 12b9d | Move file pointer (See above)
2018-12-25T12:01:00.924675241Z 64 PC: 12ba6 | Write file or device (See above)
2018-12-25T12:01:00.928101782Z 66 PC: 12bb2 | Move file pointer (See above)
2018-12-25T12:01:00.92969285Z 64 PC: 12bbe | Write file or device (See above)
2018-12-25T12:01:00.93855353Z 62 PC: 12bc5 | Close file (See above)
2018-12-25T12:01:00.947513367Z 79 PC: 12beb | Find next file (See above)
2018-12-25T12:01:00.95066232Z 9 PC: 12b4b | Display string (See above)
2018-12-25T12:01:00.952778155Z 61 PC: 12b70 | Open file (See above)
2018-12-25T12:01:00.960189879Z 63 PC: 12b7e | Read file or device (See above)
2018-12-25T12:01:00.967103023Z 66 PC: 12b9d | Move file pointer (See above)
2018-12-25T12:01:00.968426023Z 64 PC: 12ba6 | Write file or device (See above)
2018-12-25T12:01:00.971846465Z 66 PC: 12bb2 | Move file pointer (See above)
2018-12-25T12:01:00.973061937Z 64 PC: 12bbe | Write file or device (See above)
2018-12-25T12:01:00.978202645Z 62 PC: 12bc5 | Close file (See above)
2018-12-25T12:01:00.988109908Z 79 PC: 12beb | Find next file (See above)
2018-12-25T12:01:00.991286886Z 9 PC: 12b4b | Display string (See above)
2018-12-25T12:01:00.994076792Z 61 PC: 12b70 | Open file (See above)
2018-12-25T12:01:01.003129179Z 63 PC: 12b7e | Read file or device (See above)
2018-12-25T12:01:01.010348571Z 66 PC: 12b9d | Move file pointer (See above)
2018-12-25T12:01:01.011624434Z 64 PC: 12ba6 | Write file or device (See above)
2018-12-25T12:01:01.014364688Z 66 PC: 12bb2 | Move file pointer (See above)
2018-12-25T12:01:01.016371604Z 64 PC: 12bbe | Write file or device (See above)
2018-12-25T12:01:01.025814303Z 62 PC: 12bc5 | Close file (See above)
2018-12-25T12:01:01.034439279Z 79 PC: 12beb | Find next file (See above)
2018-12-25T12:01:01.03740008Z 9 PC: 12b4b | Display string (See above)
2018-12-25T12:01:01.038954867Z 61 PC: 12b70 | Open file (See above)
2018-12-25T12:01:01.043265535Z 63 PC: 12b7e | Read file or device (See above)
2018-12-25T12:01:01.047737622Z 66 PC: 12b9d | Move file pointer (See above)
2018-12-25T12:01:01.049334922Z 64 PC: 12ba6 | Write file or device (See above)
2018-12-25T12:01:01.051111846Z 66 PC: 12bb2 | Move file pointer (See above)
2018-12-25T12:01:01.052641839Z 64 PC: 12bbe | Write file or device (See above)
2018-12-25T12:01:01.057871498Z 62 PC: 12bc5 | Close file (See above)
2018-12-25T12:01:01.063077805Z 79 PC: 12beb | Find next file (See above)
2018-12-25T12:01:01.065799796Z 9 PC: 12b4b | Display string (See above)
2018-12-25T12:01:01.068330542Z 61 PC: 12b70 | Open file (See above)
2018-12-25T12:01:01.075331427Z 63 PC: 12b7e | Read file or device (See above)
2018-12-25T12:01:01.078077545Z 62 PC: 12bc5 | Close file (See above)
2018-12-25T12:01:01.080485218Z 79 PC: 12beb | Find next file (See above)
2018-12-25T12:01:01.082989237Z 42 PC: 12bf4 | Get date 0x12bf4: cmp dh, dl
0x12bf6: je 0x12c05
0x12bf8: cmp dh, 0xb
0x12bfb: jne 0x12c02
0x12bfd: cmp dl, 0x1c
0x12c00: je 0x12c03
0x12c02: ret
0x12c03: int 0x19
0x12c05: mov ah, 0x2c
0x12c07: int 0x21
0x12c09: cmp ch, 0x12
0x12c0c: jl 0x12c37
0x12c0e: mov ah, 9
0x12c10: mov dx, di
0x12c12: add dx, 0x30
0x12c15: int 0x21
0x12c17: xor ax, ax
0x12c19: int 0x16
0x12c1b: cli
0x12c1c: mov al, 0xad
2018-12-25T12:01:01.085179239Z 78 PC: 12c88 | Find first file
2018-12-25T12:01:01.09152228Z 26 PC: 12b30 | Set disk transfer address

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7189,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:01:01.383836579Z 9 PC: 12aff | Display string (String= '')
2018-12-25T12:01:01.386465741Z 47 PC: 12b0d | Get disk transfer address
2018-12-25T12:01:01.387699117Z 26 PC: 12b1b | Set disk transfer address
2018-12-25T12:01:01.388819353Z 78 PC: 12bcf | Find first file
2018-12-25T12:01:01.39543234Z 47 PC: 12bd5 | Get disk transfer address
2018-12-25T12:01:01.396768753Z 9 PC: 12b4b | Display string (String= '')
2018-12-25T12:01:01.399147398Z 61 PC: 12b70 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:01:01.406348319Z 63 PC: 12b7e | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:01:01.416779102Z 66 PC: 12b9d | Move file pointer
2018-12-25T12:01:01.418178893Z 64 PC: 12ba6 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:01:01.4209467Z 66 PC: 12bb2 | Move file pointer
2018-12-25T12:01:01.422785714Z 64 PC: 12bbe | Write file or device (Write 555 bytes on handle 5)
2018-12-25T12:01:01.437721753Z 62 PC: 12bc5 | Close file
2018-12-25T12:01:01.446759738Z 79 PC: 12beb | Find next file
2018-12-25T12:01:01.450284297Z 9 PC: 12b4b | Display string (See above)
2018-12-25T12:01:01.452786139Z 61 PC: 12b70 | Open file (See above)
2018-12-25T12:01:01.464148017Z 63 PC: 12b7e | Read file or device (See above)
2018-12-25T12:01:01.472570008Z 66 PC: 12b9d | Move file pointer (See above)
2018-12-25T12:01:01.474369297Z 64 PC: 12ba6 | Write file or device (See above)
2018-12-25T12:01:01.47741101Z 66 PC: 12bb2 | Move file pointer (See above)
2018-12-25T12:01:01.479300944Z 64 PC: 12bbe | Write file or device (See above)
2018-12-25T12:01:01.488802219Z 62 PC: 12bc5 | Close file (See above)
2018-12-25T12:01:01.495308102Z 79 PC: 12beb | Find next file (See above)
2018-12-25T12:01:01.499599141Z 9 PC: 12b4b | Display string (See above)
2018-12-25T12:01:01.503991184Z 61 PC: 12b70 | Open file (See above)
2018-12-25T12:01:01.51151381Z 63 PC: 12b7e | Read file or device (See above)
2018-12-25T12:01:01.519328Z 66 PC: 12b9d | Move file pointer (See above)
2018-12-25T12:01:01.522099425Z 64 PC: 12ba6 | Write file or device (See above)
2018-12-25T12:01:01.525348299Z 66 PC: 12bb2 | Move file pointer (See above)
2018-12-25T12:01:01.527705688Z 64 PC: 12bbe | Write file or device (See above)
2018-12-25T12:01:01.537687823Z 62 PC: 12bc5 | Close file (See above)
2018-12-25T12:01:01.54698476Z 79 PC: 12beb | Find next file (See above)
2018-12-25T12:01:01.550467741Z 9 PC: 12b4b | Display string (See above)
2018-12-25T12:01:01.554014091Z 61 PC: 12b70 | Open file (See above)
2018-12-25T12:01:01.561424584Z 63 PC: 12b7e | Read file or device (See above)
2018-12-25T12:01:01.568951194Z 66 PC: 12b9d | Move file pointer (See above)
2018-12-25T12:01:01.571417941Z 64 PC: 12ba6 | Write file or device (See above)
2018-12-25T12:01:01.574441496Z 66 PC: 12bb2 | Move file pointer (See above)
2018-12-25T12:01:01.575909127Z 64 PC: 12bbe | Write file or device (See above)
2018-12-25T12:01:01.584894365Z 62 PC: 12bc5 | Close file (See above)
2018-12-25T12:01:01.595266867Z 79 PC: 12beb | Find next file (See above)
2018-12-25T12:01:01.598659507Z 9 PC: 12b4b | Display string (See above)
2018-12-25T12:01:01.602125474Z 61 PC: 12b70 | Open file (See above)
2018-12-25T12:01:01.609802595Z 63 PC: 12b7e | Read file or device (See above)
2018-12-25T12:01:01.616705826Z 66 PC: 12b9d | Move file pointer (See above)
2018-12-25T12:01:01.61818727Z 64 PC: 12ba6 | Write file or device (See above)
2018-12-25T12:01:01.62174154Z 66 PC: 12bb2 | Move file pointer (See above)
2018-12-25T12:01:01.623163422Z 64 PC: 12bbe | Write file or device (See above)
2018-12-25T12:01:01.631634995Z 62 PC: 12bc5 | Close file (See above)
2018-12-25T12:01:01.642370073Z 79 PC: 12beb | Find next file (See above)
2018-12-25T12:01:01.645172316Z 9 PC: 12b4b | Display string (See above)
2018-12-25T12:01:01.647410195Z 61 PC: 12b70 | Open file (See above)
2018-12-25T12:01:01.655137418Z 63 PC: 12b7e | Read file or device (See above)
2018-12-25T12:01:01.65951926Z 66 PC: 12b9d | Move file pointer (See above)
2018-12-25T12:01:01.660529362Z 64 PC: 12ba6 | Write file or device (See above)
2018-12-25T12:01:01.663185956Z 66 PC: 12bb2 | Move file pointer (See above)
2018-12-25T12:01:01.664492077Z 64 PC: 12bbe | Write file or device (See above)
2018-12-25T12:01:01.671219419Z 62 PC: 12bc5 | Close file (See above)
2018-12-25T12:01:01.677745696Z 79 PC: 12beb | Find next file (See above)
2018-12-25T12:01:01.680716227Z 9 PC: 12b4b | Display string (See above)
2018-12-25T12:01:01.683327728Z 61 PC: 12b70 | Open file (See above)
2018-12-25T12:01:01.692791565Z 63 PC: 12b7e | Read file or device (See above)
2018-12-25T12:01:01.700017664Z 66 PC: 12b9d | Move file pointer (See above)
2018-12-25T12:01:01.701755247Z 64 PC: 12ba6 | Write file or device (See above)
2018-12-25T12:01:01.70396048Z 66 PC: 12bb2 | Move file pointer (See above)
2018-12-25T12:01:01.705537586Z 64 PC: 12bbe | Write file or device (See above)
2018-12-25T12:01:01.711072652Z 62 PC: 12bc5 | Close file (See above)
2018-12-25T12:01:01.717488932Z 79 PC: 12beb | Find next file (See above)
2018-12-25T12:01:01.720131749Z 9 PC: 12b4b | Display string (See above)
2018-12-25T12:01:01.722429547Z 61 PC: 12b70 | Open file (See above)
2018-12-25T12:01:01.728364402Z 63 PC: 12b7e | Read file or device (See above)
2018-12-25T12:01:01.731100754Z 62 PC: 12bc5 | Close file (See above)
2018-12-25T12:01:01.732763847Z 79 PC: 12beb | Find next file (See above)
2018-12-25T12:01:01.735201312Z 42 PC: 12bf4 | Get date 0x12bf4: cmp dh, dl
0x12bf6: je 0x12c05
0x12bf8: cmp dh, 0xb
0x12bfb: jne 0x12c02
0x12bfd: cmp dl, 0x1c
0x12c00: je 0x12c03
0x12c02: ret
0x12c03: int 0x19
0x12c05: mov ah, 0x2c
0x12c07: int 0x21
0x12c09: cmp ch, 0x12
0x12c0c: jl 0x12c37
0x12c0e: mov ah, 9
0x12c10: mov dx, di
0x12c12: add dx, 0x30
0x12c15: int 0x21
0x12c17: xor ax, ax
0x12c19: int 0x16
0x12c1b: cli
0x12c1c: mov al, 0xad
2018-12-25T12:01:01.737580141Z 78 PC: 12c88 | Find first file
2018-12-25T12:01:01.741844849Z 26 PC: 12b30 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7189,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:01:01.557046952Z 9 PC: 12aff | Display string (String= '')
2018-12-25T12:01:01.560239821Z 47 PC: 12b0d | Get disk transfer address
2018-12-25T12:01:01.561401306Z 26 PC: 12b1b | Set disk transfer address
2018-12-25T12:01:01.562565262Z 78 PC: 12bcf | Find first file
2018-12-25T12:01:01.569285866Z 47 PC: 12bd5 | Get disk transfer address
2018-12-25T12:01:01.57066985Z 9 PC: 12b4b | Display string (String= '')
2018-12-25T12:01:01.572802716Z 61 PC: 12b70 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:01:01.579723577Z 63 PC: 12b7e | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:01:01.594740392Z 66 PC: 12b9d | Move file pointer
2018-12-25T12:01:01.59608962Z 64 PC: 12ba6 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:01:01.599374293Z 66 PC: 12bb2 | Move file pointer
2018-12-25T12:01:01.601808288Z 64 PC: 12bbe | Write file or device (Write 555 bytes on handle 5)
2018-12-25T12:01:01.616663258Z 62 PC: 12bc5 | Close file
2018-12-25T12:01:01.624765779Z 79 PC: 12beb | Find next file
2018-12-25T12:01:01.628329551Z 9 PC: 12b4b | Display string (See above)
2018-12-25T12:01:01.630782323Z 61 PC: 12b70 | Open file (See above)
2018-12-25T12:01:01.638244251Z 63 PC: 12b7e | Read file or device (See above)
2018-12-25T12:01:01.645453265Z 66 PC: 12b9d | Move file pointer (See above)
2018-12-25T12:01:01.646853427Z 64 PC: 12ba6 | Write file or device (See above)
2018-12-25T12:01:01.649631849Z 66 PC: 12bb2 | Move file pointer (See above)
2018-12-25T12:01:01.65627577Z 64 PC: 12bbe | Write file or device (See above)
2018-12-25T12:01:01.664453984Z 62 PC: 12bc5 | Close file (See above)
2018-12-25T12:01:01.672464153Z 79 PC: 12beb | Find next file (See above)
2018-12-25T12:01:01.676205554Z 9 PC: 12b4b | Display string (See above)
2018-12-25T12:01:01.678527492Z 61 PC: 12b70 | Open file (See above)
2018-12-25T12:01:01.685612765Z 63 PC: 12b7e | Read file or device (See above)
2018-12-25T12:01:01.693207722Z 66 PC: 12b9d | Move file pointer (See above)
2018-12-25T12:01:01.695377928Z 64 PC: 12ba6 | Write file or device (See above)
2018-12-25T12:01:01.698145367Z 66 PC: 12bb2 | Move file pointer (See above)
2018-12-25T12:01:01.700097013Z 64 PC: 12bbe | Write file or device (See above)
2018-12-25T12:01:01.709488506Z 62 PC: 12bc5 | Close file (See above)
2018-12-25T12:01:01.71751855Z 79 PC: 12beb | Find next file (See above)
2018-12-25T12:01:01.720224196Z 9 PC: 12b4b | Display string (See above)
2018-12-25T12:01:01.723726821Z 61 PC: 12b70 | Open file (See above)
2018-12-25T12:01:01.730149834Z 63 PC: 12b7e | Read file or device (See above)
2018-12-25T12:01:01.736842021Z 66 PC: 12b9d | Move file pointer (See above)
2018-12-25T12:01:01.739898861Z 64 PC: 12ba6 | Write file or device (See above)
2018-12-25T12:01:01.743119902Z 66 PC: 12bb2 | Move file pointer (See above)
2018-12-25T12:01:01.745003237Z 64 PC: 12bbe | Write file or device (See above)
2018-12-25T12:01:01.756052069Z 62 PC: 12bc5 | Close file (See above)
2018-12-25T12:01:01.764444362Z 79 PC: 12beb | Find next file (See above)
2018-12-25T12:01:01.767390464Z 9 PC: 12b4b | Display string (See above)
2018-12-25T12:01:01.769883142Z 61 PC: 12b70 | Open file (See above)
2018-12-25T12:01:01.777028306Z 63 PC: 12b7e | Read file or device (See above)
2018-12-25T12:01:01.783583854Z 66 PC: 12b9d | Move file pointer (See above)
2018-12-25T12:01:01.785461665Z 64 PC: 12ba6 | Write file or device (See above)
2018-12-25T12:01:01.789041194Z 66 PC: 12bb2 | Move file pointer (See above)
2018-12-25T12:01:01.791431476Z 64 PC: 12bbe | Write file or device (See above)
2018-12-25T12:01:01.799596039Z 62 PC: 12bc5 | Close file (See above)
2018-12-25T12:01:01.808685231Z 79 PC: 12beb | Find next file (See above)
2018-12-25T12:01:01.812154496Z 9 PC: 12b4b | Display string (See above)
2018-12-25T12:01:01.814623876Z 61 PC: 12b70 | Open file (See above)
2018-12-25T12:01:01.822137883Z 63 PC: 12b7e | Read file or device (See above)
2018-12-25T12:01:01.829646534Z 66 PC: 12b9d | Move file pointer (See above)
2018-12-25T12:01:01.831314523Z 64 PC: 12ba6 | Write file or device (See above)
2018-12-25T12:01:01.834208919Z 66 PC: 12bb2 | Move file pointer (See above)
2018-12-25T12:01:01.837069886Z 64 PC: 12bbe | Write file or device (See above)
2018-12-25T12:01:01.844589323Z 62 PC: 12bc5 | Close file (See above)
2018-12-25T12:01:01.8496658Z 79 PC: 12beb | Find next file (See above)
2018-12-25T12:01:01.852287273Z 9 PC: 12b4b | Display string (See above)
2018-12-25T12:01:01.853904242Z 61 PC: 12b70 | Open file (See above)
2018-12-25T12:01:01.857929389Z 63 PC: 12b7e | Read file or device (See above)
2018-12-25T12:01:01.865361103Z 66 PC: 12b9d | Move file pointer (See above)
2018-12-25T12:01:01.866825217Z 64 PC: 12ba6 | Write file or device (See above)
2018-12-25T12:01:01.869438888Z 66 PC: 12bb2 | Move file pointer (See above)
2018-12-25T12:01:01.871566777Z 64 PC: 12bbe | Write file or device (See above)
2018-12-25T12:01:01.87958906Z 62 PC: 12bc5 | Close file (See above)
2018-12-25T12:01:01.888464366Z 79 PC: 12beb | Find next file (See above)
2018-12-25T12:01:01.89254839Z 9 PC: 12b4b | Display string (See above)
2018-12-25T12:01:01.895624035Z 61 PC: 12b70 | Open file (See above)
2018-12-25T12:01:01.902536134Z 63 PC: 12b7e | Read file or device (See above)
2018-12-25T12:01:01.906194634Z 62 PC: 12bc5 | Close file (See above)
2018-12-25T12:01:01.908755954Z 79 PC: 12beb | Find next file (See above)
2018-12-25T12:01:01.911462645Z 42 PC: 12bf4 | Get date 0x12bf4: cmp dh, dl
0x12bf6: je 0x12c05
0x12bf8: cmp dh, 0xb
0x12bfb: jne 0x12c02
0x12bfd: cmp dl, 0x1c
0x12c00: je 0x12c03
0x12c02: ret
0x12c03: int 0x19
0x12c05: mov ah, 0x2c
0x12c07: int 0x21
0x12c09: cmp ch, 0x12
0x12c0c: jl 0x12c37
0x12c0e: mov ah, 9
0x12c10: mov dx, di
0x12c12: add dx, 0x30
0x12c15: int 0x21
0x12c17: xor ax, ax
0x12c19: int 0x16
0x12c1b: cli
0x12c1c: mov al, 0xad
2018-12-25T12:01:01.913886207Z 78 PC: 12c88 | Find first file
2018-12-25T12:01:01.918810204Z 26 PC: 12b30 | Set disk transfer address

{"DateBased":true,"Day":28,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7189,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:01:01.700724889Z 9 PC: 12aff | Display string (String= '')
2018-12-25T12:01:01.704234247Z 47 PC: 12b0d | Get disk transfer address
2018-12-25T12:01:01.705565845Z 26 PC: 12b1b | Set disk transfer address
2018-12-25T12:01:01.707045198Z 78 PC: 12bcf | Find first file
2018-12-25T12:01:01.713215896Z 47 PC: 12bd5 | Get disk transfer address
2018-12-25T12:01:01.715396051Z 9 PC: 12b4b | Display string (String= '')
2018-12-25T12:01:01.717510237Z 61 PC: 12b70 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:01:01.724556679Z 63 PC: 12b7e | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:01:01.734964943Z 66 PC: 12b9d | Move file pointer
2018-12-25T12:01:01.736791659Z 64 PC: 12ba6 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:01:01.739686823Z 66 PC: 12bb2 | Move file pointer
2018-12-25T12:01:01.741809353Z 64 PC: 12bbe | Write file or device (Write 555 bytes on handle 5)
2018-12-25T12:01:01.756022632Z 62 PC: 12bc5 | Close file
2018-12-25T12:01:01.762957324Z 79 PC: 12beb | Find next file
2018-12-25T12:01:01.766672678Z 9 PC: 12b4b | Display string (See above)
2018-12-25T12:01:01.771961506Z 61 PC: 12b70 | Open file (See above)
2018-12-25T12:01:01.778388254Z 63 PC: 12b7e | Read file or device (See above)
2018-12-25T12:01:01.785873904Z 66 PC: 12b9d | Move file pointer (See above)
2018-12-25T12:01:01.787314019Z 64 PC: 12ba6 | Write file or device (See above)
2018-12-25T12:01:01.789870312Z 66 PC: 12bb2 | Move file pointer (See above)
2018-12-25T12:01:01.791661307Z 64 PC: 12bbe | Write file or device (See above)
2018-12-25T12:01:01.799962897Z 62 PC: 12bc5 | Close file (See above)
2018-12-25T12:01:01.807917284Z 79 PC: 12beb | Find next file (See above)
2018-12-25T12:01:01.811143207Z 9 PC: 12b4b | Display string (See above)
2018-12-25T12:01:01.813217853Z 61 PC: 12b70 | Open file (See above)
2018-12-25T12:01:01.819953255Z 63 PC: 12b7e | Read file or device (See above)
2018-12-25T12:01:01.826761563Z 66 PC: 12b9d | Move file pointer (See above)
2018-12-25T12:01:01.829230207Z 64 PC: 12ba6 | Write file or device (See above)
2018-12-25T12:01:01.832088291Z 66 PC: 12bb2 | Move file pointer (See above)
2018-12-25T12:01:01.834052884Z 64 PC: 12bbe | Write file or device (See above)
2018-12-25T12:01:01.842296361Z 62 PC: 12bc5 | Close file (See above)
2018-12-25T12:01:01.85035099Z 79 PC: 12beb | Find next file (See above)
2018-12-25T12:01:01.85418528Z 9 PC: 12b4b | Display string (See above)
2018-12-25T12:01:01.857104335Z 61 PC: 12b70 | Open file (See above)
2018-12-25T12:01:01.863638503Z 63 PC: 12b7e | Read file or device (See above)
2018-12-25T12:01:01.870634164Z 66 PC: 12b9d | Move file pointer (See above)
2018-12-25T12:01:01.872697384Z 64 PC: 12ba6 | Write file or device (See above)
2018-12-25T12:01:01.875935027Z 66 PC: 12bb2 | Move file pointer (See above)
2018-12-25T12:01:01.877936182Z 64 PC: 12bbe | Write file or device (See above)
2018-12-25T12:01:01.902221855Z 62 PC: 12bc5 | Close file (See above)
2018-12-25T12:01:01.910489369Z 79 PC: 12beb | Find next file (See above)
2018-12-25T12:01:01.913440047Z 9 PC: 12b4b | Display string (See above)
2018-12-25T12:01:01.917428475Z 61 PC: 12b70 | Open file (See above)
2018-12-25T12:01:01.924365997Z 63 PC: 12b7e | Read file or device (See above)
2018-12-25T12:01:01.930632045Z 66 PC: 12b9d | Move file pointer (See above)
2018-12-25T12:01:01.932844666Z 64 PC: 12ba6 | Write file or device (See above)
2018-12-25T12:01:01.936343363Z 66 PC: 12bb2 | Move file pointer (See above)
2018-12-25T12:01:01.938039368Z 64 PC: 12bbe | Write file or device (See above)
2018-12-25T12:01:01.947846885Z 62 PC: 12bc5 | Close file (See above)
2018-12-25T12:01:01.956582611Z 79 PC: 12beb | Find next file (See above)
2018-12-25T12:01:01.959514674Z 9 PC: 12b4b | Display string (See above)
2018-12-25T12:01:01.962654077Z 61 PC: 12b70 | Open file (See above)
2018-12-25T12:01:01.969500692Z 63 PC: 12b7e | Read file or device (See above)
2018-12-25T12:01:01.980047238Z 66 PC: 12b9d | Move file pointer (See above)
2018-12-25T12:01:01.98184121Z 64 PC: 12ba6 | Write file or device (See above)
2018-12-25T12:01:01.985494218Z 66 PC: 12bb2 | Move file pointer (See above)
2018-12-25T12:01:01.987100017Z 64 PC: 12bbe | Write file or device (See above)
2018-12-25T12:01:01.997500788Z 62 PC: 12bc5 | Close file (See above)
2018-12-25T12:01:02.006787566Z 79 PC: 12beb | Find next file (See above)
2018-12-25T12:01:02.009454424Z 9 PC: 12b4b | Display string (See above)
2018-12-25T12:01:02.011633262Z 61 PC: 12b70 | Open file (See above)
2018-12-25T12:01:02.018427252Z 63 PC: 12b7e | Read file or device (See above)
2018-12-25T12:01:02.024631443Z 66 PC: 12b9d | Move file pointer (See above)
2018-12-25T12:01:02.026470739Z 64 PC: 12ba6 | Write file or device (See above)
2018-12-25T12:01:02.029150893Z 66 PC: 12bb2 | Move file pointer (See above)
2018-12-25T12:01:02.03048339Z 64 PC: 12bbe | Write file or device (See above)
2018-12-25T12:01:02.038342643Z 62 PC: 12bc5 | Close file (See above)
2018-12-25T12:01:02.046548981Z 79 PC: 12beb | Find next file (See above)
2018-12-25T12:01:02.049313795Z 9 PC: 12b4b | Display string (See above)
2018-12-25T12:01:02.051437729Z 61 PC: 12b70 | Open file (See above)
2018-12-25T12:01:02.05851619Z 63 PC: 12b7e | Read file or device (See above)
2018-12-25T12:01:02.061568847Z 62 PC: 12bc5 | Close file (See above)
2018-12-25T12:01:02.063844117Z 79 PC: 12beb | Find next file (See above)
2018-12-25T12:01:02.067934965Z 42 PC: 12bf4 | Get date 0x12bf4: cmp dh, dl
0x12bf6: je 0x12c05
0x12bf8: cmp dh, 0xb
0x12bfb: jne 0x12c02
0x12bfd: cmp dl, 0x1c
0x12c00: je 0x12c03
0x12c02: ret
0x12c03: int 0x19
0x12c05: mov ah, 0x2c
0x12c07: int 0x21
0x12c09: cmp ch, 0x12
0x12c0c: jl 0x12c37
0x12c0e: mov ah, 9
0x12c10: mov dx, di
0x12c12: add dx, 0x30
0x12c15: int 0x21
0x12c17: xor ax, ax
0x12c19: int 0x16
0x12c1b: cli
0x12c1c: mov al, 0xad
2018-12-25T12:01:04.110602871Z 72 PC: 8f1b9 | Allocate memory
2018-12-25T12:01:04.112605147Z 72 PC: 8f1bd | Allocate memory
2018-12-25T12:01:04.116362287Z 99 PC: 90858 | Get DBCS lead byte table pointer
2018-12-25T12:01:04.11934837Z 61 PC: 91f88 | Open file (Filename = 'C:\WINDOWS\HIMEM.SYS')
2018-12-25T12:01:04.129924662Z 66 PC: 91f95 | Move file pointer
2018-12-25T12:01:04.132405368Z 62 PC: 91fc1 | Close file
2018-12-25T12:01:04.134539173Z 75 PC: 91fe0 | Execute program
2018-12-25T12:01:04.150858158Z 98 PC: 916f1 | Get current PSP
2018-12-25T12:01:04.153031972Z 9 PC: c605 | Display string (String= '6��r�&;] u')
2018-12-25T12:01:04.161752815Z 48 PC: c609 | Get DOS version
2018-12-25T12:01:04.164763783Z 9 PC: c382 | Display string (String= ' Installed A20 handler number ')
2018-12-25T12:01:04.169290416Z 2 PC: c38c | Character output (Char = '32')
2018-12-25T12:01:04.171298325Z 2 PC: c3a7 | Character output (Char = '2e')
2018-12-25T12:01:04.1745923Z 9 PC: c6d9 | Display string (String= '�����VH�VD���V@��������������_���Ku��t1��������D�����t �� ��������a1��Z�����W���� ������5���|�����(���������Nj�(��������p�^')
2018-12-25T12:01:04.181233136Z 9 PC: c6e0 | Display string (String= '�5���|�����(���������Nj�(��������p�^')
2018-12-25T12:01:04.190337919Z 61 PC: 91f88 | Open file (See above)
2018-12-25T12:01:04.200628262Z 66 PC: 91f95 | Move file pointer (See above)
2018-12-25T12:01:04.203496524Z 62 PC: 91fc1 | Close file (See above)
2018-12-25T12:01:04.206381306Z 75 PC: 91fe0 | Execute program (See above)
2018-12-25T12:01:04.225807009Z 98 PC: 916f1 | Get current PSP (See above)
2018-12-25T12:01:04.232124262Z 82 PC: 13d46 | Get DOS internal pointers (SYSVARS)
2018-12-25T12:01:04.233261205Z 53 PC: 13ac3 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:01:04.234231789Z 37 PC: 13ad6 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:01:04.235598757Z 53 PC: 13ae0 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:01:04.236633556Z 37 PC: 13af3 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:01:04.237472422Z 9 PC: 13a0d | Display string (Could not find end pointer)
2018-12-25T12:01:04.249020975Z 62 PC: 8f8eb | Close file
2018-12-25T12:01:04.251353187Z 62 PC: 8f8f2 | Close file
2018-12-25T12:01:04.253293221Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:04.258404247Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:04.260161751Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:04.261708082Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:04.264079812Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:04.26554356Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:04.266953706Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:04.268559367Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:04.270671473Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:04.272154508Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:04.273552633Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:04.275455614Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:04.276906872Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:04.278282884Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:04.280716429Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:04.282408565Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:04.283829085Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:04.286463558Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:04.288121635Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:04.289798924Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:04.292146994Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:04.293739964Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:04.295355035Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:04.297520379Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:04.298898457Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:04.300240418Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:04.30347509Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:04.304839204Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:04.306177088Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:04.308486175Z 61 PC: 8f8ff | Open file (Filename = '')
2018-12-25T12:01:04.313394244Z 62 PC: 8f90e | Close file
2018-12-25T12:01:04.315875149Z 69 PC: 8f915 | Duplicate handle
2018-12-25T12:01:04.31846309Z 69 PC: 8f919 | Duplicate handle
2018-12-25T12:01:04.320259419Z 61 PC: 9387b | Open file (Filename = '')
2018-12-25T12:01:04.324762077Z 68 PC: 9386b | I/O control for devices (Set for = '')
2018-12-25T12:01:04.326252614Z 61 PC: 9387b | Open file (See above)
2018-12-25T12:01:04.331557423Z 68 PC: 9386b | I/O control for devices (See above)
2018-12-25T12:01:04.333083082Z 74 PC: 8f9c4 | Reallocate memory
2018-12-25T12:01:04.334497293Z 72 PC: 8f9e0 | Allocate memory
2018-12-25T12:01:04.336458264Z 72 PC: 8f9e4 | Allocate memory
2018-12-25T12:01:04.338140606Z 74 PC: 8f9fb | Reallocate memory
2018-12-25T12:01:04.339828641Z 72 PC: 8fa02 | Allocate memory
2018-12-25T12:01:04.341819768Z 72 PC: 8fa06 | Allocate memory
2018-12-25T12:01:04.343182949Z 73 PC: 8fa11 | Release memory
2018-12-25T12:01:04.34518115Z 73 PC: 8efea | Release memory
2018-12-25T12:01:04.347141413Z 74 PC: 8f003 | Reallocate memory
2018-12-25T12:01:04.348587597Z 72 PC: 8f054 | Allocate memory
2018-12-25T12:01:04.35095127Z 72 PC: 8f058 | Allocate memory
2018-12-25T12:01:04.352641801Z 73 PC: 8f060 | Release memory
2018-12-25T12:01:04.353815201Z 61 PC: 8f080 | Open file (Filename = 'r,�S�������[�
2018-12-25T12:01:04.36247124Z 63 PC: 8f095 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:01:04.367871978Z 66 PC: 8f0ad | Move file pointer
2018-12-25T12:01:04.369027667Z 62 PC: 8f0d1 | Close file
2018-12-25T12:01:04.370473647Z 75 PC: 8f0f2 | Execute program
2018-12-25T12:01:04.39185822Z 80 PC: 12be9 | Set current PSP
2018-12-25T12:01:04.392837582Z 48 PC: 12bee | Get DOS version
2018-12-25T12:01:04.39453409Z 99 PC: 193d0 | Get DBCS lead byte table pointer
2018-12-25T12:01:04.39915684Z 101 PC: 12c74 | Get extended country info
2018-12-25T12:01:04.400636274Z 99 PC: 12c7a | Get DBCS lead byte table pointer
2018-12-25T12:01:04.402042884Z 74 PC: 12cdc | Reallocate memory
2018-12-25T12:01:04.405117993Z 72 PC: 1355d | Allocate memory
2018-12-25T12:01:04.406884611Z 25 PC: 13596 | Get default drive
2018-12-25T12:01:04.408104306Z 71 PC: 135ad | Get current directory
2018-12-25T12:01:04.411546099Z 59 PC: 135ba | Change current directory
2018-12-25T12:01:04.416886269Z 59 PC: 135c8 | Change current directory
2018-12-25T12:01:04.423713592Z 59 PC: 135d3 | Change current directory
2018-12-25T12:01:04.428836673Z 25 PC: 12d13 | Get default drive
2018-12-25T12:01:04.430137803Z 37 PC: 127d3 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:01:04.431644041Z 37 PC: 127da | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:01:04.434736495Z 37 PC: 127e1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:01:04.43711604Z 80 PC: 1301d | Set current PSP
2018-12-25T12:01:04.438188206Z 37 PC: 13041 | Set interrupt vector (Interrupt = '46' AKA 'Set verify flag')
2018-12-25T12:01:04.441129201Z 53 PC: 13362 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:01:04.442515011Z 37 PC: 13383 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:01:04.443866766Z 51 PC: 13417 | Get or set Ctrl-Break
2018-12-25T12:01:04.448091789Z 72 PC: 130ec | Allocate memory
2018-12-25T12:01:04.449965761Z 61 PC: 131b2 | Open file (Filename = '')
2018-12-25T12:01:04.455995874Z 62 PC: 131ba | Close file
2018-12-25T12:01:04.459116607Z 51 PC: 1344c | Get or set Ctrl-Break
2018-12-25T12:01:04.4604052Z 74 PC: 1197c | Reallocate memory
2018-12-25T12:01:04.462001103Z 72 PC: 11991 | Allocate memory
2018-12-25T12:01:04.465325792Z 73 PC: 119b2 | Release memory
2018-12-25T12:01:04.468536768Z 72 PC: 119bd | Allocate memory
2018-12-25T12:01:04.470181948Z 73 PC: 119df | Release memory
2018-12-25T12:01:04.47162137Z 72 PC: 119f5 | Allocate memory
2018-12-25T12:01:04.473097579Z 72 PC: 119fd | Allocate memory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7189,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:01:02.292381571Z 9 PC: 12aff | Display string (String= '')
2018-12-25T12:01:02.311124387Z 47 PC: 12b0d | Get disk transfer address
2018-12-25T12:01:02.312340252Z 26 PC: 12b1b | Set disk transfer address
2018-12-25T12:01:02.313764129Z 78 PC: 12bcf | Find first file
2018-12-25T12:01:02.321223887Z 47 PC: 12bd5 | Get disk transfer address
2018-12-25T12:01:02.32242543Z 9 PC: 12b4b | Display string (String= '')
2018-12-25T12:01:02.324589138Z 61 PC: 12b70 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:01:02.331696802Z 63 PC: 12b7e | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:01:02.343253101Z 66 PC: 12b9d | Move file pointer
2018-12-25T12:01:02.345227256Z 64 PC: 12ba6 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:01:02.34917258Z 66 PC: 12bb2 | Move file pointer
2018-12-25T12:01:02.355794646Z 64 PC: 12bbe | Write file or device (Write 555 bytes on handle 5)
2018-12-25T12:01:02.369736114Z 62 PC: 12bc5 | Close file
2018-12-25T12:01:02.378458277Z 79 PC: 12beb | Find next file
2018-12-25T12:01:02.384181128Z 9 PC: 12b4b | Display string (See above)
2018-12-25T12:01:02.386737325Z 61 PC: 12b70 | Open file (See above)
2018-12-25T12:01:02.393567299Z 63 PC: 12b7e | Read file or device (See above)
2018-12-25T12:01:02.400709411Z 66 PC: 12b9d | Move file pointer (See above)
2018-12-25T12:01:02.402353369Z 64 PC: 12ba6 | Write file or device (See above)
2018-12-25T12:01:02.405242514Z 66 PC: 12bb2 | Move file pointer (See above)
2018-12-25T12:01:02.407634635Z 64 PC: 12bbe | Write file or device (See above)
2018-12-25T12:01:02.415700503Z 62 PC: 12bc5 | Close file (See above)
2018-12-25T12:01:02.436867343Z 79 PC: 12beb | Find next file (See above)
2018-12-25T12:01:02.440171377Z 9 PC: 12b4b | Display string (See above)
2018-12-25T12:01:02.442617475Z 61 PC: 12b70 | Open file (See above)
2018-12-25T12:01:02.449514011Z 63 PC: 12b7e | Read file or device (See above)
2018-12-25T12:01:02.456512738Z 66 PC: 12b9d | Move file pointer (See above)
2018-12-25T12:01:02.45826646Z 64 PC: 12ba6 | Write file or device (See above)
2018-12-25T12:01:02.461201197Z 66 PC: 12bb2 | Move file pointer (See above)
2018-12-25T12:01:02.463842303Z 64 PC: 12bbe | Write file or device (See above)
2018-12-25T12:01:02.472033915Z 62 PC: 12bc5 | Close file (See above)
2018-12-25T12:01:02.480739832Z 79 PC: 12beb | Find next file (See above)
2018-12-25T12:01:02.484542802Z 9 PC: 12b4b | Display string (See above)
2018-12-25T12:01:02.487530682Z 61 PC: 12b70 | Open file (See above)
2018-12-25T12:01:02.493995684Z 63 PC: 12b7e | Read file or device (See above)
2018-12-25T12:01:02.501185569Z 66 PC: 12b9d | Move file pointer (See above)
2018-12-25T12:01:02.502961849Z 64 PC: 12ba6 | Write file or device (See above)
2018-12-25T12:01:02.505889503Z 66 PC: 12bb2 | Move file pointer (See above)
2018-12-25T12:01:02.508533598Z 64 PC: 12bbe | Write file or device (See above)
2018-12-25T12:01:02.517255589Z 62 PC: 12bc5 | Close file (See above)
2018-12-25T12:01:02.53867732Z 79 PC: 12beb | Find next file (See above)
2018-12-25T12:01:02.542953895Z 9 PC: 12b4b | Display string (See above)
2018-12-25T12:01:02.545688493Z 61 PC: 12b70 | Open file (See above)
2018-12-25T12:01:02.554792858Z 63 PC: 12b7e | Read file or device (See above)
2018-12-25T12:01:02.561303927Z 66 PC: 12b9d | Move file pointer (See above)
2018-12-25T12:01:02.563461744Z 64 PC: 12ba6 | Write file or device (See above)
2018-12-25T12:01:02.566215309Z 66 PC: 12bb2 | Move file pointer (See above)
2018-12-25T12:01:02.567808767Z 64 PC: 12bbe | Write file or device (See above)
2018-12-25T12:01:02.576326337Z 62 PC: 12bc5 | Close file (See above)
2018-12-25T12:01:02.584518263Z 79 PC: 12beb | Find next file (See above)
2018-12-25T12:01:02.587332317Z 9 PC: 12b4b | Display string (See above)
2018-12-25T12:01:02.590251842Z 61 PC: 12b70 | Open file (See above)
2018-12-25T12:01:02.596839671Z 63 PC: 12b7e | Read file or device (See above)
2018-12-25T12:01:02.60326232Z 66 PC: 12b9d | Move file pointer (See above)
2018-12-25T12:01:02.605405498Z 64 PC: 12ba6 | Write file or device (See above)
2018-12-25T12:01:02.608229645Z 66 PC: 12bb2 | Move file pointer (See above)
2018-12-25T12:01:02.609836974Z 64 PC: 12bbe | Write file or device (See above)
2018-12-25T12:01:02.619276149Z 62 PC: 12bc5 | Close file (See above)
2018-12-25T12:01:02.627719365Z 79 PC: 12beb | Find next file (See above)
2018-12-25T12:01:02.630556346Z 9 PC: 12b4b | Display string (See above)
2018-12-25T12:01:02.633930611Z 61 PC: 12b70 | Open file (See above)
2018-12-25T12:01:02.640497174Z 63 PC: 12b7e | Read file or device (See above)
2018-12-25T12:01:02.646966343Z 66 PC: 12b9d | Move file pointer (See above)
2018-12-25T12:01:02.649401217Z 64 PC: 12ba6 | Write file or device (See above)
2018-12-25T12:01:02.652564874Z 66 PC: 12bb2 | Move file pointer (See above)
2018-12-25T12:01:02.654191487Z 64 PC: 12bbe | Write file or device (See above)
2018-12-25T12:01:02.66299175Z 62 PC: 12bc5 | Close file (See above)
2018-12-25T12:01:02.671077122Z 79 PC: 12beb | Find next file (See above)
2018-12-25T12:01:02.673884338Z 9 PC: 12b4b | Display string (See above)
2018-12-25T12:01:02.67697456Z 61 PC: 12b70 | Open file (See above)
2018-12-25T12:01:02.683912149Z 63 PC: 12b7e | Read file or device (See above)
2018-12-25T12:01:02.687441277Z 62 PC: 12bc5 | Close file (See above)
2018-12-25T12:01:02.689554788Z 79 PC: 12beb | Find next file (See above)
2018-12-25T12:01:02.692620362Z 42 PC: 12bf4 | Get date 0x12bf4: cmp dh, dl
0x12bf6: je 0x12c05
0x12bf8: cmp dh, 0xb
0x12bfb: jne 0x12c02
0x12bfd: cmp dl, 0x1c
0x12c00: je 0x12c03
0x12c02: ret
0x12c03: int 0x19
0x12c05: mov ah, 0x2c
0x12c07: int 0x21
0x12c09: cmp ch, 0x12
0x12c0c: jl 0x12c37
0x12c0e: mov ah, 9
0x12c10: mov dx, di
0x12c12: add dx, 0x30
0x12c15: int 0x21
0x12c17: xor ax, ax
0x12c19: int 0x16
0x12c1b: cli
0x12c1c: mov al, 0xad
2018-12-25T12:01:02.694671076Z 44 PC: 12c09 | Get time 0x12c09: cmp ch, 0x12
0x12c0c: jl 0x12c37
0x12c0e: mov ah, 9
0x12c10: mov dx, di
0x12c12: add dx, 0x30
0x12c15: int 0x21
0x12c17: xor ax, ax
0x12c19: int 0x16
0x12c1b: cli
0x12c1c: mov al, 0xad
0x12c1e: out 0x64, al
0x12c20: jmp 0x12c22
0x12c22: sti
0x12c23: call 0x12c38
0x12c26: cli
0x12c27: mov al, 0xae
0x12c29: out 0x64, al
0x12c2b: jmp 0x12c2d
0x12c2d: sti
0x12c2e: mov ah, 9
2018-12-25T12:01:02.701757616Z 78 PC: 12c88 | Find first file
2018-12-25T12:01:02.708283907Z 26 PC: 12b30 | Set disk transfer address