Sample viewer

vx.netlux.org/Virus.DOS.Dante.306

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:41:30.260874232Z 44 PC: 12aa8 | Get time 0x12aa8: cmp ch, 0x12
0x12aab: ja 0x12aaf
0x12aad: jne 0x12ab1
0x12aaf: int 0x19
0x12ab1: mov bp, sp
0x12ab3: int3
0x12ab4: mov bp, word ptr [bp - 6]
0x12ab7: sub bp, 0x113
0x12abb: mov dl, 0
0x12abd: mov ah, 0x47
0x12abf: lea si, word ptr [bp + 0x261]
0x12ac3: int 0x21
0x12ac5: mov ah, 0x1a
0x12ac7: lea dx, word ptr [bp + 0x235]
0x12acb: int 0x21
0x12acd: mov di, 0x100
0x12ad0: push di
0x12ad1: mov cx, 3
0x12ad4: lea si, word ptr [bp + 0x15f]
0x12ad8: rep movsb byte ptr es:[di], byte ptr [si]
2018-12-17T22:41:30.264751353Z 71 PC: 12ac5 | Get current directory
2018-12-17T22:41:30.268502688Z 26 PC: 12acd | Set disk transfer address
2018-12-17T22:41:30.270185962Z 78 PC: 12b0a | Find first file
2018-12-17T22:41:30.277497735Z 67 PC: 12b15 | Get or set file attributes
2018-12-17T22:41:30.284244433Z 67 PC: 12b21 | Get or set file attributes
2018-12-17T22:41:30.304031993Z 61 PC: 12b2a | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:41:30.317594287Z 87 PC: 12b30 | Get or set file date and time
2018-12-17T22:41:30.320379402Z 63 PC: 12b3d | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:41:30.328807491Z 66 PC: 12b46 | Move file pointer
2018-12-17T22:41:30.331234682Z 64 PC: 12b84 | Write file or device (Write 306 bytes on handle 5)
2018-12-17T22:41:30.341166996Z 66 PC: 12b8d | Move file pointer
2018-12-17T22:41:30.343228667Z 64 PC: 12b98 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:41:30.350555787Z 87 PC: 12b9f | Get or set file date and time
2018-12-17T22:41:30.354144668Z 62 PC: 12ba3 | Close file
2018-12-17T22:41:30.362945157Z 67 PC: 12ba8 | Get or set file attributes
2018-12-17T22:41:30.373958814Z 79 PC: 12b0a | Find next file
2018-12-17T22:41:30.378161325Z 67 PC: 12b15 | Get or set file attributes
2018-12-17T22:41:30.387779483Z 67 PC: 12b21 | Get or set file attributes
2018-12-17T22:41:30.399359841Z 61 PC: 12b2a | Open file (Filename = 'PRINT.COM')
2018-12-17T22:41:30.407376906Z 87 PC: 12b30 | Get or set file date and time
2018-12-17T22:41:30.409874933Z 63 PC: 12b3d | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:41:30.417498239Z 66 PC: 12b46 | Move file pointer
2018-12-17T22:41:30.419660053Z 64 PC: 12b84 | Write file or device (Write 306 bytes on handle 5)
2018-12-17T22:41:30.42374379Z 66 PC: 12b8d | Move file pointer
2018-12-17T22:41:30.425675707Z 64 PC: 12b98 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:41:30.428980038Z 87 PC: 12b9f | Get or set file date and time
2018-12-17T22:41:30.431261171Z 62 PC: 12ba3 | Close file
2018-12-17T22:41:30.439634593Z 67 PC: 12ba8 | Get or set file attributes
2018-12-17T22:41:30.450692319Z 79 PC: 12b0a | Find next file
2018-12-17T22:41:30.454110895Z 67 PC: 12b15 | Get or set file attributes
2018-12-17T22:41:30.460501615Z 67 PC: 12b21 | Get or set file attributes
2018-12-17T22:41:30.470180522Z 61 PC: 12b2a | Open file (Filename = 'HELLO.COM')
2018-12-17T22:41:30.47883743Z 87 PC: 12b30 | Get or set file date and time
2018-12-17T22:41:30.481331455Z 63 PC: 12b3d | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:41:30.488685229Z 66 PC: 12b46 | Move file pointer
2018-12-17T22:41:30.490842537Z 64 PC: 12b84 | Write file or device (Write 306 bytes on handle 5)
2018-12-17T22:41:30.492879892Z 66 PC: 12b8d | Move file pointer
2018-12-17T22:41:30.493961147Z 64 PC: 12b98 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:41:30.495894366Z 87 PC: 12b9f | Get or set file date and time
2018-12-17T22:41:30.497773318Z 62 PC: 12ba3 | Close file
2018-12-17T22:41:30.504052386Z 67 PC: 12ba8 | Get or set file attributes
2018-12-17T22:41:30.510751568Z 79 PC: 12b0a | Find next file
2018-12-17T22:41:30.514647235Z 67 PC: 12b15 | Get or set file attributes
2018-12-17T22:41:30.521137322Z 67 PC: 12b21 | Get or set file attributes
2018-12-17T22:41:30.535138036Z 61 PC: 12b2a | Open file (Filename = 'PHANG.COM')
2018-12-17T22:41:30.543694576Z 87 PC: 12b30 | Get or set file date and time
2018-12-17T22:41:30.545196054Z 63 PC: 12b3d | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:41:30.553101749Z 66 PC: 12b46 | Move file pointer
2018-12-17T22:41:30.555255509Z 64 PC: 12b84 | Write file or device (Write 306 bytes on handle 5)
2018-12-17T22:41:30.558255995Z 66 PC: 12b8d | Move file pointer
2018-12-17T22:41:30.559776822Z 64 PC: 12b98 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:41:30.563517615Z 87 PC: 12b9f | Get or set file date and time
2018-12-17T22:41:30.566267945Z 62 PC: 12ba3 | Close file
2018-12-17T22:41:30.575440092Z 67 PC: 12ba8 | Get or set file attributes
2018-12-17T22:41:30.587015215Z 79 PC: 12b0a | Find next file
2018-12-17T22:41:30.590691377Z 67 PC: 12b15 | Get or set file attributes
2018-12-17T22:41:30.597771451Z 67 PC: 12b21 | Get or set file attributes
2018-12-17T22:41:30.608843227Z 61 PC: 12b2a | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:41:30.617170331Z 87 PC: 12b30 | Get or set file date and time
2018-12-17T22:41:30.618787606Z 63 PC: 12b3d | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:41:30.625948303Z 66 PC: 12b46 | Move file pointer
2018-12-17T22:41:30.630285544Z 64 PC: 12b84 | Write file or device (Write 306 bytes on handle 5)
2018-12-17T22:41:30.634079758Z 66 PC: 12b8d | Move file pointer
2018-12-17T22:41:30.635875365Z 64 PC: 12b98 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:41:30.639566774Z 87 PC: 12b9f | Get or set file date and time
2018-12-17T22:41:30.641339983Z 62 PC: 12ba3 | Close file
2018-12-17T22:41:30.64938418Z 67 PC: 12ba8 | Get or set file attributes
2018-12-17T22:41:30.661626703Z 79 PC: 12b0a | Find next file
2018-12-17T22:41:30.666003583Z 67 PC: 12b15 | Get or set file attributes
2018-12-17T22:41:30.67247848Z 67 PC: 12b21 | Get or set file attributes
2018-12-17T22:41:30.684330929Z 61 PC: 12b2a | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:41:30.691801704Z 87 PC: 12b30 | Get or set file date and time
2018-12-17T22:41:30.693475941Z 63 PC: 12b3d | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:41:30.700690889Z 66 PC: 12b46 | Move file pointer
2018-12-17T22:41:30.702553512Z 87 PC: 12b9f | Get or set file date and time
2018-12-17T22:41:30.704666636Z 62 PC: 12ba3 | Close file
2018-12-17T22:41:30.711260541Z 67 PC: 12ba8 | Get or set file attributes
2018-12-17T22:41:30.72131729Z 79 PC: 12b0a | Find next file
2018-12-17T22:41:30.724579325Z 67 PC: 12b15 | Get or set file attributes
2018-12-17T22:41:30.731945641Z 67 PC: 12b21 | Get or set file attributes
2018-12-17T22:41:30.743194911Z 61 PC: 12b2a | Open file (Filename = 'PAH.COM')
2018-12-17T22:41:30.750827047Z 87 PC: 12b30 | Get or set file date and time
2018-12-17T22:41:30.75287802Z 63 PC: 12b3d | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:41:30.76078659Z 66 PC: 12b46 | Move file pointer
2018-12-17T22:41:30.763420328Z 64 PC: 12b84 | Write file or device (Write 306 bytes on handle 5)
2018-12-17T22:41:30.766544446Z 66 PC: 12b8d | Move file pointer
2018-12-17T22:41:30.76928888Z 64 PC: 12b98 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:41:30.772306805Z 87 PC: 12b9f | Get or set file date and time
2018-12-17T22:41:30.774040626Z 62 PC: 12ba3 | Close file
2018-12-17T22:41:30.783269123Z 67 PC: 12ba8 | Get or set file attributes
2018-12-17T22:41:30.794109173Z 79 PC: 12b0a | Find next file
2018-12-17T22:41:30.797219165Z 67 PC: 12b15 | Get or set file attributes
2018-12-17T22:41:30.806213833Z 67 PC: 12b21 | Get or set file attributes
2018-12-17T22:41:30.817664127Z 61 PC: 12b2a | Open file (Filename = 'TEST.COM')
2018-12-17T22:41:30.826267273Z 87 PC: 12b30 | Get or set file date and time
2018-12-17T22:41:30.828075575Z 63 PC: 12b3d | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:41:30.835924956Z 66 PC: 12b46 | Move file pointer
2018-12-17T22:41:30.837618207Z 87 PC: 12b9f | Get or set file date and time
2018-12-17T22:41:30.839400515Z 62 PC: 12ba3 | Close file
2018-12-17T22:41:30.84778841Z 67 PC: 12ba8 | Get or set file attributes
2018-12-17T22:41:30.858678421Z 79 PC: 12b0a | Find next file
2018-12-17T22:41:30.861447352Z 59 PC: 12ae9 | Change current directory
2018-12-17T22:41:30.86858037Z 59 PC: 12af8 | Change current directory
2018-12-17T22:41:30.873030934Z 26 PC: 12aff | Set disk transfer address
2018-12-17T22:41:30.874390695Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=00000064h/0000000100d bytes. ')
2018-12-17T22:41:30.879394493Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":7229,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:01:10.083849515Z 44 PC: 12aa8 | Get time 0x12aa8: cmp ch, 0x12
0x12aab: ja 0x12aaf
0x12aad: jne 0x12ab1
0x12aaf: int 0x19
0x12ab1: mov bp, sp
0x12ab3: int3
0x12ab4: mov bp, word ptr [bp - 6]
0x12ab7: sub bp, 0x113
0x12abb: mov dl, 0
0x12abd: mov ah, 0x47
0x12abf: lea si, word ptr [bp + 0x261]
0x12ac3: int 0x21
0x12ac5: mov ah, 0x1a
0x12ac7: lea dx, word ptr [bp + 0x235]
0x12acb: int 0x21
0x12acd: mov di, 0x100
0x12ad0: push di
0x12ad1: mov cx, 3
0x12ad4: lea si, word ptr [bp + 0x15f]
0x12ad8: rep movsb byte ptr es:[di], byte ptr [si]
2018-12-25T12:01:10.086291221Z 71 PC: 12ac5 | Get current directory
2018-12-25T12:01:10.088887497Z 26 PC: 12acd | Set disk transfer address
2018-12-25T12:01:10.08981844Z 78 PC: 12b0a | Find first file
2018-12-25T12:01:10.096073484Z 67 PC: 12b15 | Get or set file attributes
2018-12-25T12:01:10.10138238Z 67 PC: 12b21 | Get or set file attributes
2018-12-25T12:01:10.116157248Z 61 PC: 12b2a | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:01:10.127226218Z 87 PC: 12b30 | Get or set file date and time
2018-12-25T12:01:10.128448181Z 63 PC: 12b3d | Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:01:10.134291901Z 66 PC: 12b46 | Move file pointer
2018-12-25T12:01:10.135735585Z 64 PC: 12b84 | Write file or device (Write 306 bytes on handle 5)
2018-12-25T12:01:10.14407468Z 66 PC: 12b8d | Move file pointer
2018-12-25T12:01:10.145252731Z 64 PC: 12b98 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:01:10.1515504Z 87 PC: 12b9f | Get or set file date and time
2018-12-25T12:01:10.153064881Z 62 PC: 12ba3 | Close file
2018-12-25T12:01:10.161345304Z 67 PC: 12ba8 | Get or set file attributes
2018-12-25T12:01:10.170804564Z 79 PC: 12b0a | Find next file (See above)
2018-12-25T12:01:10.173431476Z 67 PC: 12b15 | Get or set file attributes (See above)
2018-12-25T12:01:10.178844176Z 67 PC: 12b21 | Get or set file attributes (See above)
2018-12-25T12:01:10.187927118Z 61 PC: 12b2a | Open file (See above)
2018-12-25T12:01:10.199597066Z 87 PC: 12b30 | Get or set file date and time (See above)
2018-12-25T12:01:10.200880668Z 63 PC: 12b3d | Read file or device (See above)
2018-12-25T12:01:10.206861335Z 66 PC: 12b46 | Move file pointer (See above)
2018-12-25T12:01:10.209284887Z 64 PC: 12b84 | Write file or device (See above)
2018-12-25T12:01:10.21168087Z 66 PC: 12b8d | Move file pointer (See above)
2018-12-25T12:01:10.212827052Z 64 PC: 12b98 | Write file or device (See above)
2018-12-25T12:01:10.221052492Z 87 PC: 12b9f | Get or set file date and time (See above)
2018-12-25T12:01:10.222417387Z 62 PC: 12ba3 | Close file (See above)
2018-12-25T12:01:10.229198702Z 67 PC: 12ba8 | Get or set file attributes (See above)
2018-12-25T12:01:10.238872831Z 79 PC: 12b0a | Find next file (See above)
2018-12-25T12:01:10.241217586Z 67 PC: 12b15 | Get or set file attributes (See above)
2018-12-25T12:01:10.24640433Z 67 PC: 12b21 | Get or set file attributes (See above)
2018-12-25T12:01:10.256026114Z 61 PC: 12b2a | Open file (See above)
2018-12-25T12:01:10.267074736Z 87 PC: 12b30 | Get or set file date and time (See above)
2018-12-25T12:01:10.268216585Z 63 PC: 12b3d | Read file or device (See above)
2018-12-25T12:01:10.274488602Z 66 PC: 12b46 | Move file pointer (See above)
2018-12-25T12:01:10.275723173Z 64 PC: 12b84 | Write file or device (See above)
2018-12-25T12:01:10.278066238Z 66 PC: 12b8d | Move file pointer (See above)
2018-12-25T12:01:10.28026626Z 64 PC: 12b98 | Write file or device (See above)
2018-12-25T12:01:10.282696853Z 87 PC: 12b9f | Get or set file date and time (See above)
2018-12-25T12:01:10.284137627Z 62 PC: 12ba3 | Close file (See above)
2018-12-25T12:01:10.291352592Z 67 PC: 12ba8 | Get or set file attributes (See above)
2018-12-25T12:01:10.302846926Z 79 PC: 12b0a | Find next file (See above)
2018-12-25T12:01:10.305306003Z 67 PC: 12b15 | Get or set file attributes (See above)
2018-12-25T12:01:10.31066951Z 67 PC: 12b21 | Get or set file attributes (See above)
2018-12-25T12:01:10.320198961Z 61 PC: 12b2a | Open file (See above)
2018-12-25T12:01:10.331464919Z 87 PC: 12b30 | Get or set file date and time (See above)
2018-12-25T12:01:10.332814942Z 63 PC: 12b3d | Read file or device (See above)
2018-12-25T12:01:10.340417407Z 66 PC: 12b46 | Move file pointer (See above)
2018-12-25T12:01:10.341885163Z 64 PC: 12b84 | Write file or device (See above)
2018-12-25T12:01:10.3444325Z 66 PC: 12b8d | Move file pointer (See above)
2018-12-25T12:01:10.346975767Z 64 PC: 12b98 | Write file or device (See above)
2018-12-25T12:01:10.349534611Z 87 PC: 12b9f | Get or set file date and time (See above)
2018-12-25T12:01:10.350978769Z 62 PC: 12ba3 | Close file (See above)
2018-12-25T12:01:10.358692384Z 67 PC: 12ba8 | Get or set file attributes (See above)
2018-12-25T12:01:10.368624817Z 79 PC: 12b0a | Find next file (See above)
2018-12-25T12:01:10.371424013Z 67 PC: 12b15 | Get or set file attributes (See above)
2018-12-25T12:01:10.377758998Z 67 PC: 12b21 | Get or set file attributes (See above)
2018-12-25T12:01:10.38717547Z 61 PC: 12b2a | Open file (See above)
2018-12-25T12:01:10.399226786Z 87 PC: 12b30 | Get or set file date and time (See above)
2018-12-25T12:01:10.401705622Z 63 PC: 12b3d | Read file or device (See above)
2018-12-25T12:01:10.408002248Z 66 PC: 12b46 | Move file pointer (See above)
2018-12-25T12:01:10.40929944Z 64 PC: 12b84 | Write file or device (See above)
2018-12-25T12:01:10.412753559Z 66 PC: 12b8d | Move file pointer (See above)
2018-12-25T12:01:10.414359358Z 64 PC: 12b98 | Write file or device (See above)
2018-12-25T12:01:10.417226976Z 87 PC: 12b9f | Get or set file date and time (See above)
2018-12-25T12:01:10.419782844Z 62 PC: 12ba3 | Close file (See above)
2018-12-25T12:01:10.426781517Z 67 PC: 12ba8 | Get or set file attributes (See above)
2018-12-25T12:01:10.436338394Z 79 PC: 12b0a | Find next file (See above)
2018-12-25T12:01:10.439799092Z 67 PC: 12b15 | Get or set file attributes (See above)
2018-12-25T12:01:10.445282017Z 67 PC: 12b21 | Get or set file attributes (See above)
2018-12-25T12:01:10.455038489Z 61 PC: 12b2a | Open file (See above)
2018-12-25T12:01:10.467790254Z 87 PC: 12b30 | Get or set file date and time (See above)
2018-12-25T12:01:10.469269293Z 63 PC: 12b3d | Read file or device (See above)
2018-12-25T12:01:10.475268722Z 66 PC: 12b46 | Move file pointer (See above)
2018-12-25T12:01:10.477211842Z 87 PC: 12b9f | Get or set file date and time (See above)
2018-12-25T12:01:10.478807067Z 62 PC: 12ba3 | Close file (See above)
2018-12-25T12:01:10.485163486Z 67 PC: 12ba8 | Get or set file attributes (See above)
2018-12-25T12:01:10.495376092Z 79 PC: 12b0a | Find next file (See above)
2018-12-25T12:01:10.498388506Z 67 PC: 12b15 | Get or set file attributes (See above)
2018-12-25T12:01:10.501965488Z 67 PC: 12b21 | Get or set file attributes (See above)
2018-12-25T12:01:10.508857071Z 61 PC: 12b2a | Open file (See above)
2018-12-25T12:01:10.520093791Z 87 PC: 12b30 | Get or set file date and time (See above)
2018-12-25T12:01:10.521388276Z 63 PC: 12b3d | Read file or device (See above)
2018-12-25T12:01:10.528059661Z 66 PC: 12b46 | Move file pointer (See above)
2018-12-25T12:01:10.529669466Z 64 PC: 12b84 | Write file or device (See above)
2018-12-25T12:01:10.532813363Z 66 PC: 12b8d | Move file pointer (See above)
2018-12-25T12:01:10.53469082Z 64 PC: 12b98 | Write file or device (See above)
2018-12-25T12:01:10.537516614Z 87 PC: 12b9f | Get or set file date and time (See above)
2018-12-25T12:01:10.538989405Z 62 PC: 12ba3 | Close file (See above)
2018-12-25T12:01:10.546694382Z 67 PC: 12ba8 | Get or set file attributes (See above)
2018-12-25T12:01:10.552945896Z 79 PC: 12b0a | Find next file (See above)
2018-12-25T12:01:10.554697604Z 67 PC: 12b15 | Get or set file attributes (See above)
2018-12-25T12:01:10.558491414Z 67 PC: 12b21 | Get or set file attributes (See above)
2018-12-25T12:01:10.595128579Z 61 PC: 12b2a | Open file (See above)
2018-12-25T12:01:10.601426212Z 87 PC: 12b30 | Get or set file date and time (See above)
2018-12-25T12:01:10.602923095Z 63 PC: 12b3d | Read file or device (See above)
2018-12-25T12:01:10.609099398Z 66 PC: 12b46 | Move file pointer (See above)
2018-12-25T12:01:10.61035512Z 87 PC: 12b9f | Get or set file date and time (See above)
2018-12-25T12:01:10.612562515Z 62 PC: 12ba3 | Close file (See above)
2018-12-25T12:01:10.808666789Z 67 PC: 12ba8 | Get or set file attributes (See above)
2018-12-25T12:01:11.012125125Z 79 PC: 12b0a | Find next file (See above)
2018-12-25T12:01:11.014760075Z 59 PC: 12ae9 | Change current directory
2018-12-25T12:01:11.020203848Z 59 PC: 12af8 | Change current directory
2018-12-25T12:01:11.024414755Z 26 PC: 12aff | Set disk transfer address
2018-12-25T12:01:11.02580907Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=00000064h/0000000100d bytes. ')
2018-12-25T12:01:11.031256075Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":18,"Min":0,"Second":0,"TimeBased":true,"OriginalID":7229,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:01:12.060657764Z 44 PC: 12aa8 | Get time 0x12aa8: cmp ch, 0x12
0x12aab: ja 0x12aaf
0x12aad: jne 0x12ab1
0x12aaf: int 0x19
0x12ab1: mov bp, sp
0x12ab3: int3
0x12ab4: mov bp, word ptr [bp - 6]
0x12ab7: sub bp, 0x113
0x12abb: mov dl, 0
0x12abd: mov ah, 0x47
0x12abf: lea si, word ptr [bp + 0x261]
0x12ac3: int 0x21
0x12ac5: mov ah, 0x1a
0x12ac7: lea dx, word ptr [bp + 0x235]
0x12acb: int 0x21
0x12acd: mov di, 0x100
0x12ad0: push di
0x12ad1: mov cx, 3
0x12ad4: lea si, word ptr [bp + 0x15f]
0x12ad8: rep movsb byte ptr es:[di], byte ptr [si]
2018-12-25T12:01:14.139252234Z 72 PC: 8f1b9 | Allocate memory
2018-12-25T12:01:14.141693138Z 72 PC: 8f1bd | Allocate memory
2018-12-25T12:01:14.144179116Z 99 PC: 90858 | Get DBCS lead byte table pointer
2018-12-25T12:01:14.14827382Z 61 PC: 91f88 | Open file (Filename = 'C:\WINDOWS\HIMEM.SYS')
2018-12-25T12:01:14.163029922Z 66 PC: 91f95 | Move file pointer
2018-12-25T12:01:14.170125316Z 62 PC: 91fc1 | Close file
2018-12-25T12:01:14.172134155Z 75 PC: 91fe0 | Execute program
2018-12-25T12:01:14.208188691Z 98 PC: 916f1 | Get current PSP
2018-12-25T12:01:14.209345185Z 9 PC: c605 | Display string (String= '6��r�&;] u')
2018-12-25T12:01:14.218464334Z 48 PC: c609 | Get DOS version
2018-12-25T12:01:14.222085444Z 9 PC: c382 | Display string (String= ' Installed A20 handler number ')
2018-12-25T12:01:14.224576823Z 2 PC: c38c | Character output (Char = '32')
2018-12-25T12:01:14.226032331Z 2 PC: c3a7 | Character output (Char = '2e')
2018-12-25T12:01:14.228660197Z 9 PC: c6d9 | Display string (String= '�����VH�VD���V@��������������_���Ku��t1��������D�����t �� ��������a1��Z�����W���� ������5���|�����(���������Nj�(��������p�^')
2018-12-25T12:01:14.232841191Z 9 PC: c6e0 | Display string (String= '�5���|�����(���������Nj�(��������p�^')
2018-12-25T12:01:14.241882809Z 61 PC: 91f88 | Open file (See above)
2018-12-25T12:01:14.266361092Z 66 PC: 91f95 | Move file pointer (See above)
2018-12-25T12:01:14.268656611Z 62 PC: 91fc1 | Close file (See above)
2018-12-25T12:01:14.271363661Z 75 PC: 91fe0 | Execute program (See above)
2018-12-25T12:01:14.293270628Z 98 PC: 916f1 | Get current PSP (See above)
2018-12-25T12:01:14.297274921Z 82 PC: 13d46 | Get DOS internal pointers (SYSVARS)
2018-12-25T12:01:14.298952236Z 53 PC: 13ac3 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:01:14.301033243Z 37 PC: 13ad6 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:01:14.315007536Z 53 PC: 13ae0 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:01:14.316667186Z 37 PC: 13af3 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:01:14.318636865Z 9 PC: 13a0d | Display string (Could not find end pointer)
2018-12-25T12:01:14.329079049Z 62 PC: 8f8eb | Close file
2018-12-25T12:01:14.331133424Z 62 PC: 8f8f2 | Close file
2018-12-25T12:01:14.334370444Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:14.341700698Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:14.343608296Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:14.345750409Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:14.347477349Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:14.348904435Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:14.350631111Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:14.36311347Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:14.371132653Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:14.372828022Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:14.375514199Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:14.377265264Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:14.378996293Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:14.381562729Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:14.383336358Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:14.385040685Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:14.387153811Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:14.388840171Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:14.390501208Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:14.392840091Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:14.394567173Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:14.396217639Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:14.398868063Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:14.400613479Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:14.402136688Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:14.404650117Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:14.406185067Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:14.407693774Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:14.410773802Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:14.412576093Z 61 PC: 8f8ff | Open file (Filename = '')
2018-12-25T12:01:14.417579586Z 62 PC: 8f90e | Close file
2018-12-25T12:01:14.420308642Z 69 PC: 8f915 | Duplicate handle
2018-12-25T12:01:14.422279266Z 69 PC: 8f919 | Duplicate handle
2018-12-25T12:01:14.424122813Z 61 PC: 9387b | Open file (Filename = '')
2018-12-25T12:01:14.429110709Z 68 PC: 9386b | I/O control for devices (Set for = '')
2018-12-25T12:01:14.431287427Z 61 PC: 9387b | Open file (See above)
2018-12-25T12:01:14.435905985Z 68 PC: 9386b | I/O control for devices (See above)
2018-12-25T12:01:14.43852212Z 74 PC: 8f9c4 | Reallocate memory
2018-12-25T12:01:14.440529454Z 72 PC: 8f9e0 | Allocate memory
2018-12-25T12:01:14.442551182Z 72 PC: 8f9e4 | Allocate memory
2018-12-25T12:01:14.444335328Z 74 PC: 8f9fb | Reallocate memory
2018-12-25T12:01:14.446430323Z 72 PC: 8fa02 | Allocate memory
2018-12-25T12:01:14.448318553Z 72 PC: 8fa06 | Allocate memory
2018-12-25T12:01:14.450032063Z 73 PC: 8fa11 | Release memory
2018-12-25T12:01:14.459444689Z 73 PC: 8efea | Release memory
2018-12-25T12:01:14.460734218Z 74 PC: 8f003 | Reallocate memory
2018-12-25T12:01:14.462201221Z 72 PC: 8f054 | Allocate memory
2018-12-25T12:01:14.464273264Z 72 PC: 8f058 | Allocate memory
2018-12-25T12:01:14.466087928Z 73 PC: 8f060 | Release memory
2018-12-25T12:01:14.467691284Z 61 PC: 8f080 | Open file (Filename = 'r,�S�������[�
2018-12-25T12:01:14.477022753Z 63 PC: 8f095 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:01:14.482644637Z 66 PC: 8f0ad | Move file pointer
2018-12-25T12:01:14.484379343Z 62 PC: 8f0d1 | Close file
2018-12-25T12:01:14.486786783Z 75 PC: 8f0f2 | Execute program
2018-12-25T12:01:14.507321634Z 80 PC: 12be9 | Set current PSP
2018-12-25T12:01:14.508340429Z 48 PC: 12bee | Get DOS version
2018-12-25T12:01:14.510348447Z 99 PC: 193d0 | Get DBCS lead byte table pointer
2018-12-25T12:01:14.512838037Z 101 PC: 12c74 | Get extended country info
2018-12-25T12:01:14.514297091Z 99 PC: 12c7a | Get DBCS lead byte table pointer
2018-12-25T12:01:14.516114709Z 74 PC: 12cdc | Reallocate memory
2018-12-25T12:01:14.517758414Z 72 PC: 1355d | Allocate memory
2018-12-25T12:01:14.519554236Z 25 PC: 13596 | Get default drive
2018-12-25T12:01:14.521813704Z 71 PC: 135ad | Get current directory
2018-12-25T12:01:14.524350714Z 59 PC: 135ba | Change current directory
2018-12-25T12:01:14.529630226Z 59 PC: 135c8 | Change current directory
2018-12-25T12:01:14.536314087Z 59 PC: 135d3 | Change current directory
2018-12-25T12:01:14.540018695Z 25 PC: 12d13 | Get default drive
2018-12-25T12:01:14.541392577Z 37 PC: 127d3 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:01:14.543656383Z 37 PC: 127da | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:01:14.544978405Z 37 PC: 127e1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:01:14.547318663Z 80 PC: 1301d | Set current PSP
2018-12-25T12:01:14.549153134Z 37 PC: 13041 | Set interrupt vector (Interrupt = '46' AKA 'Set verify flag')
2018-12-25T12:01:14.55093785Z 53 PC: 13362 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:01:14.552336972Z 37 PC: 13383 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:01:14.554477922Z 51 PC: 13417 | Get or set Ctrl-Break
2018-12-25T12:01:14.556877129Z 72 PC: 130ec | Allocate memory
2018-12-25T12:01:14.558809949Z 61 PC: 131b2 | Open file (Filename = '')
2018-12-25T12:01:14.565601343Z 62 PC: 131ba | Close file
2018-12-25T12:01:14.568104359Z 51 PC: 1344c | Get or set Ctrl-Break
2018-12-25T12:01:14.569069384Z 74 PC: 1197c | Reallocate memory
2018-12-25T12:01:14.570589186Z 72 PC: 11991 | Allocate memory
2018-12-25T12:01:14.572386771Z 73 PC: 119b2 | Release memory
2018-12-25T12:01:14.573565742Z 72 PC: 119bd | Allocate memory
2018-12-25T12:01:14.575575264Z 73 PC: 119df | Release memory
2018-12-25T12:01:14.576967376Z 72 PC: 119f5 | Allocate memory
2018-12-25T12:01:14.578575465Z 72 PC: 119fd | Allocate memory

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":19,"Min":0,"Second":0,"TimeBased":true,"OriginalID":7229,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:01:12.076987761Z 44 PC: 12aa8 | Get time 0x12aa8: cmp ch, 0x12
0x12aab: ja 0x12aaf
0x12aad: jne 0x12ab1
0x12aaf: int 0x19
0x12ab1: mov bp, sp
0x12ab3: int3
0x12ab4: mov bp, word ptr [bp - 6]
0x12ab7: sub bp, 0x113
0x12abb: mov dl, 0
0x12abd: mov ah, 0x47
0x12abf: lea si, word ptr [bp + 0x261]
0x12ac3: int 0x21
0x12ac5: mov ah, 0x1a
0x12ac7: lea dx, word ptr [bp + 0x235]
0x12acb: int 0x21
0x12acd: mov di, 0x100
0x12ad0: push di
0x12ad1: mov cx, 3
0x12ad4: lea si, word ptr [bp + 0x15f]
0x12ad8: rep movsb byte ptr es:[di], byte ptr [si]
2018-12-25T12:01:14.14788193Z 72 PC: 8f1b9 | Allocate memory
2018-12-25T12:01:14.149573625Z 72 PC: 8f1bd | Allocate memory
2018-12-25T12:01:14.152022366Z 99 PC: 90858 | Get DBCS lead byte table pointer
2018-12-25T12:01:14.155529384Z 61 PC: 91f88 | Open file (Filename = 'C:\WINDOWS\HIMEM.SYS')
2018-12-25T12:01:14.168784167Z 66 PC: 91f95 | Move file pointer
2018-12-25T12:01:14.170492464Z 62 PC: 91fc1 | Close file
2018-12-25T12:01:14.17307472Z 75 PC: 91fe0 | Execute program
2018-12-25T12:01:14.189254482Z 98 PC: 916f1 | Get current PSP
2018-12-25T12:01:14.190534423Z 9 PC: c605 | Display string (String= '6��r�&;] u')
2018-12-25T12:01:14.199620208Z 48 PC: c609 | Get DOS version
2018-12-25T12:01:14.203621498Z 9 PC: c382 | Display string (String= ' Installed A20 handler number ')
2018-12-25T12:01:14.208798168Z 2 PC: c38c | Character output (Char = '32')
2018-12-25T12:01:14.211055727Z 2 PC: c3a7 | Character output (Char = '2e')
2018-12-25T12:01:14.215196746Z 9 PC: c6d9 | Display string (String= '�����VH�VD���V@��������������_���Ku��t1��������D�����t �� ��������a1��Z�����W���� ������5���|�����(���������Nj�(��������p�^')
2018-12-25T12:01:14.221974177Z 9 PC: c6e0 | Display string (String= '�5���|�����(���������Nj�(��������p�^')
2018-12-25T12:01:14.23055395Z 61 PC: 91f88 | Open file (See above)
2018-12-25T12:01:14.238515371Z 66 PC: 91f95 | Move file pointer (See above)
2018-12-25T12:01:14.242919237Z 62 PC: 91fc1 | Close file (See above)
2018-12-25T12:01:14.245338985Z 75 PC: 91fe0 | Execute program (See above)
2018-12-25T12:01:14.26586959Z 98 PC: 916f1 | Get current PSP (See above)
2018-12-25T12:01:14.270014012Z 82 PC: 13d46 | Get DOS internal pointers (SYSVARS)
2018-12-25T12:01:14.271632283Z 53 PC: 13ac3 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:01:14.273863613Z 37 PC: 13ad6 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:01:14.277138658Z 53 PC: 13ae0 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:01:14.278680851Z 37 PC: 13af3 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:01:14.280340127Z 9 PC: 13a0d | Display string (Could not find end pointer)
2018-12-25T12:01:14.296626583Z 62 PC: 8f8eb | Close file
2018-12-25T12:01:14.298391284Z 62 PC: 8f8f2 | Close file
2018-12-25T12:01:14.300524175Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:14.304550909Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:14.310051887Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:14.311894819Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:14.314441596Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:14.316260223Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:14.318129764Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:14.320927795Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:14.322760418Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:14.324601222Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:14.326987889Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:14.328419127Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:14.329799574Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:14.332109632Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:14.333729451Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:14.335375868Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:14.337513028Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:14.339088835Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:14.34072827Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:14.343053964Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:14.345015927Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:14.346741263Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:14.348392569Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:14.351419436Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:14.353114181Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:14.354742428Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:14.358018021Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:14.359692334Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:14.361324605Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:14.363737991Z 61 PC: 8f8ff | Open file (Filename = '')
2018-12-25T12:01:14.368910517Z 62 PC: 8f90e | Close file
2018-12-25T12:01:14.370842005Z 69 PC: 8f915 | Duplicate handle
2018-12-25T12:01:14.373589362Z 69 PC: 8f919 | Duplicate handle
2018-12-25T12:01:14.37549429Z 61 PC: 9387b | Open file (Filename = '')
2018-12-25T12:01:14.380261882Z 68 PC: 9386b | I/O control for devices (Set for = '')
2018-12-25T12:01:14.382589753Z 61 PC: 9387b | Open file (See above)
2018-12-25T12:01:14.38765165Z 68 PC: 9386b | I/O control for devices (See above)
2018-12-25T12:01:14.389492686Z 74 PC: 8f9c4 | Reallocate memory
2018-12-25T12:01:14.391787226Z 72 PC: 8f9e0 | Allocate memory
2018-12-25T12:01:14.393940348Z 72 PC: 8f9e4 | Allocate memory
2018-12-25T12:01:14.395613087Z 74 PC: 8f9fb | Reallocate memory
2018-12-25T12:01:14.397319292Z 72 PC: 8fa02 | Allocate memory
2018-12-25T12:01:14.399951576Z 72 PC: 8fa06 | Allocate memory
2018-12-25T12:01:14.40159827Z 73 PC: 8fa11 | Release memory
2018-12-25T12:01:14.403271545Z 73 PC: 8efea | Release memory
2018-12-25T12:01:14.405668718Z 74 PC: 8f003 | Reallocate memory
2018-12-25T12:01:14.407372662Z 72 PC: 8f054 | Allocate memory
2018-12-25T12:01:14.409204964Z 72 PC: 8f058 | Allocate memory
2018-12-25T12:01:14.411796305Z 73 PC: 8f060 | Release memory
2018-12-25T12:01:14.413292841Z 61 PC: 8f080 | Open file (Filename = 'r,�S�������[�
2018-12-25T12:01:14.42213746Z 63 PC: 8f095 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:01:14.432314262Z 66 PC: 8f0ad | Move file pointer
2018-12-25T12:01:14.433931679Z 62 PC: 8f0d1 | Close file
2018-12-25T12:01:14.436015456Z 75 PC: 8f0f2 | Execute program
2018-12-25T12:01:14.457190208Z 80 PC: 12be9 | Set current PSP
2018-12-25T12:01:14.458509339Z 48 PC: 12bee | Get DOS version
2018-12-25T12:01:14.460318276Z 99 PC: 193d0 | Get DBCS lead byte table pointer
2018-12-25T12:01:14.46375266Z 101 PC: 12c74 | Get extended country info
2018-12-25T12:01:14.46543906Z 99 PC: 12c7a | Get DBCS lead byte table pointer
2018-12-25T12:01:14.466877182Z 74 PC: 12cdc | Reallocate memory
2018-12-25T12:01:14.469247474Z 72 PC: 1355d | Allocate memory
2018-12-25T12:01:14.471285441Z 25 PC: 13596 | Get default drive
2018-12-25T12:01:14.472554659Z 71 PC: 135ad | Get current directory
2018-12-25T12:01:14.475746029Z 59 PC: 135ba | Change current directory
2018-12-25T12:01:14.48123927Z 59 PC: 135c8 | Change current directory
2018-12-25T12:01:14.486915329Z 59 PC: 135d3 | Change current directory
2018-12-25T12:01:14.490722672Z 25 PC: 12d13 | Get default drive
2018-12-25T12:01:14.492811422Z 37 PC: 127d3 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:01:14.493946015Z 37 PC: 127da | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:01:14.495025024Z 37 PC: 127e1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:01:14.497804892Z 80 PC: 1301d | Set current PSP
2018-12-25T12:01:14.498596138Z 37 PC: 13041 | Set interrupt vector (Interrupt = '46' AKA 'Set verify flag')
2018-12-25T12:01:14.499735594Z 53 PC: 13362 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:01:14.50175831Z 37 PC: 13383 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:01:14.503023672Z 51 PC: 13417 | Get or set Ctrl-Break
2018-12-25T12:01:14.505799713Z 72 PC: 130ec | Allocate memory
2018-12-25T12:01:14.508322274Z 61 PC: 131b2 | Open file (Filename = '')
2018-12-25T12:01:14.514139966Z 62 PC: 131ba | Close file
2018-12-25T12:01:14.516289734Z 51 PC: 1344c | Get or set Ctrl-Break
2018-12-25T12:01:14.518443642Z 74 PC: 1197c | Reallocate memory
2018-12-25T12:01:14.520029741Z 72 PC: 11991 | Allocate memory
2018-12-25T12:01:14.521818349Z 73 PC: 119b2 | Release memory
2018-12-25T12:01:14.524014409Z 72 PC: 119bd | Allocate memory
2018-12-25T12:01:14.525639642Z 73 PC: 119df | Release memory
2018-12-25T12:01:14.526960984Z 72 PC: 119f5 | Allocate memory
2018-12-25T12:01:14.529713117Z 72 PC: 119fd | Allocate memory

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":7229,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:01:13.129742081Z 44 PC: 12aa8 | Get time 0x12aa8: cmp ch, 0x12
0x12aab: ja 0x12aaf
0x12aad: jne 0x12ab1
0x12aaf: int 0x19
0x12ab1: mov bp, sp
0x12ab3: int3
0x12ab4: mov bp, word ptr [bp - 6]
0x12ab7: sub bp, 0x113
0x12abb: mov dl, 0
0x12abd: mov ah, 0x47
0x12abf: lea si, word ptr [bp + 0x261]
0x12ac3: int 0x21
0x12ac5: mov ah, 0x1a
0x12ac7: lea dx, word ptr [bp + 0x235]
0x12acb: int 0x21
0x12acd: mov di, 0x100
0x12ad0: push di
0x12ad1: mov cx, 3
0x12ad4: lea si, word ptr [bp + 0x15f]
0x12ad8: rep movsb byte ptr es:[di], byte ptr [si]
2018-12-25T12:01:13.132885852Z 71 PC: 12ac5 | Get current directory
2018-12-25T12:01:13.137034825Z 26 PC: 12acd | Set disk transfer address
2018-12-25T12:01:13.138694947Z 78 PC: 12b0a | Find first file
2018-12-25T12:01:13.145880669Z 67 PC: 12b15 | Get or set file attributes
2018-12-25T12:01:13.156882411Z 67 PC: 12b21 | Get or set file attributes
2018-12-25T12:01:13.178139364Z 61 PC: 12b2a | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:01:13.186306668Z 87 PC: 12b30 | Get or set file date and time
2018-12-25T12:01:13.204943805Z 63 PC: 12b3d | Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:01:13.212208228Z 66 PC: 12b46 | Move file pointer
2018-12-25T12:01:13.21408383Z 64 PC: 12b84 | Write file or device (Write 306 bytes on handle 5)
2018-12-25T12:01:13.229542964Z 66 PC: 12b8d | Move file pointer
2018-12-25T12:01:13.231582512Z 64 PC: 12b98 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:01:13.239339237Z 87 PC: 12b9f | Get or set file date and time
2018-12-25T12:01:13.242513573Z 62 PC: 12ba3 | Close file
2018-12-25T12:01:13.25124629Z 67 PC: 12ba8 | Get or set file attributes
2018-12-25T12:01:13.262249155Z 79 PC: 12b0a | Find next file (See above)
2018-12-25T12:01:13.266286037Z 67 PC: 12b15 | Get or set file attributes (See above)
2018-12-25T12:01:13.273469452Z 67 PC: 12b21 | Get or set file attributes (See above)
2018-12-25T12:01:13.285037234Z 61 PC: 12b2a | Open file (See above)
2018-12-25T12:01:13.293077409Z 87 PC: 12b30 | Get or set file date and time (See above)
2018-12-25T12:01:13.296095667Z 63 PC: 12b3d | Read file or device (See above)
2018-12-25T12:01:13.303733179Z 66 PC: 12b46 | Move file pointer (See above)
2018-12-25T12:01:13.305545933Z 64 PC: 12b84 | Write file or device (See above)
2018-12-25T12:01:13.309528021Z 66 PC: 12b8d | Move file pointer (See above)
2018-12-25T12:01:13.311530109Z 64 PC: 12b98 | Write file or device (See above)
2018-12-25T12:01:13.314876163Z 87 PC: 12b9f | Get or set file date and time (See above)
2018-12-25T12:01:13.31756608Z 62 PC: 12ba3 | Close file (See above)
2018-12-25T12:01:13.326544204Z 67 PC: 12ba8 | Get or set file attributes (See above)
2018-12-25T12:01:13.338265571Z 79 PC: 12b0a | Find next file (See above)
2018-12-25T12:01:13.342269096Z 67 PC: 12b15 | Get or set file attributes (See above)
2018-12-25T12:01:13.348696965Z 67 PC: 12b21 | Get or set file attributes (See above)
2018-12-25T12:01:13.359586463Z 61 PC: 12b2a | Open file (See above)
2018-12-25T12:01:13.368037322Z 87 PC: 12b30 | Get or set file date and time (See above)
2018-12-25T12:01:13.369758398Z 63 PC: 12b3d | Read file or device (See above)
2018-12-25T12:01:13.376836744Z 66 PC: 12b46 | Move file pointer (See above)
2018-12-25T12:01:13.378659921Z 64 PC: 12b84 | Write file or device (See above)
2018-12-25T12:01:13.381842922Z 66 PC: 12b8d | Move file pointer (See above)
2018-12-25T12:01:13.383337932Z 64 PC: 12b98 | Write file or device (See above)
2018-12-25T12:01:13.386293013Z 87 PC: 12b9f | Get or set file date and time (See above)
2018-12-25T12:01:13.388273832Z 62 PC: 12ba3 | Close file (See above)
2018-12-25T12:01:13.397398952Z 67 PC: 12ba8 | Get or set file attributes (See above)
2018-12-25T12:01:13.409215966Z 79 PC: 12b0a | Find next file (See above)
2018-12-25T12:01:13.41313571Z 67 PC: 12b15 | Get or set file attributes (See above)
2018-12-25T12:01:13.419465103Z 67 PC: 12b21 | Get or set file attributes (See above)
2018-12-25T12:01:13.430619325Z 61 PC: 12b2a | Open file (See above)
2018-12-25T12:01:13.439820438Z 87 PC: 12b30 | Get or set file date and time (See above)
2018-12-25T12:01:13.442005994Z 63 PC: 12b3d | Read file or device (See above)
2018-12-25T12:01:13.449698422Z 66 PC: 12b46 | Move file pointer (See above)
2018-12-25T12:01:13.452752054Z 64 PC: 12b84 | Write file or device (See above)
2018-12-25T12:01:13.455804363Z 66 PC: 12b8d | Move file pointer (See above)
2018-12-25T12:01:13.457370425Z 64 PC: 12b98 | Write file or device (See above)
2018-12-25T12:01:13.460993012Z 87 PC: 12b9f | Get or set file date and time (See above)
2018-12-25T12:01:13.462875507Z 62 PC: 12ba3 | Close file (See above)
2018-12-25T12:01:13.47159452Z 67 PC: 12ba8 | Get or set file attributes (See above)
2018-12-25T12:01:13.482863713Z 79 PC: 12b0a | Find next file (See above)
2018-12-25T12:01:13.48675786Z 67 PC: 12b15 | Get or set file attributes (See above)
2018-12-25T12:01:13.493421166Z 67 PC: 12b21 | Get or set file attributes (See above)
2018-12-25T12:01:13.504545352Z 61 PC: 12b2a | Open file (See above)
2018-12-25T12:01:13.513445412Z 87 PC: 12b30 | Get or set file date and time (See above)
2018-12-25T12:01:13.515410324Z 63 PC: 12b3d | Read file or device (See above)
2018-12-25T12:01:13.522784609Z 66 PC: 12b46 | Move file pointer (See above)
2018-12-25T12:01:13.525398938Z 64 PC: 12b84 | Write file or device (See above)
2018-12-25T12:01:13.528794606Z 66 PC: 12b8d | Move file pointer (See above)
2018-12-25T12:01:13.531194445Z 64 PC: 12b98 | Write file or device (See above)
2018-12-25T12:01:13.534972172Z 87 PC: 12b9f | Get or set file date and time (See above)
2018-12-25T12:01:13.536929545Z 62 PC: 12ba3 | Close file (See above)
2018-12-25T12:01:13.54513979Z 67 PC: 12ba8 | Get or set file attributes (See above)
2018-12-25T12:01:13.556525652Z 79 PC: 12b0a | Find next file (See above)
2018-12-25T12:01:13.56020079Z 67 PC: 12b15 | Get or set file attributes (See above)
2018-12-25T12:01:13.566748993Z 67 PC: 12b21 | Get or set file attributes (See above)
2018-12-25T12:01:13.578288642Z 61 PC: 12b2a | Open file (See above)
2018-12-25T12:01:13.587074554Z 87 PC: 12b30 | Get or set file date and time (See above)
2018-12-25T12:01:13.588979446Z 63 PC: 12b3d | Read file or device (See above)
2018-12-25T12:01:13.596819054Z 66 PC: 12b46 | Move file pointer (See above)
2018-12-25T12:01:13.59959829Z 87 PC: 12b9f | Get or set file date and time (See above)
2018-12-25T12:01:13.601682265Z 62 PC: 12ba3 | Close file (See above)
2018-12-25T12:01:13.609449542Z 67 PC: 12ba8 | Get or set file attributes (See above)
2018-12-25T12:01:13.621003487Z 79 PC: 12b0a | Find next file (See above)
2018-12-25T12:01:13.623999723Z 67 PC: 12b15 | Get or set file attributes (See above)
2018-12-25T12:01:13.630929825Z 67 PC: 12b21 | Get or set file attributes (See above)
2018-12-25T12:01:13.642684861Z 61 PC: 12b2a | Open file (See above)
2018-12-25T12:01:13.655703171Z 87 PC: 12b30 | Get or set file date and time (See above)
2018-12-25T12:01:13.657587595Z 63 PC: 12b3d | Read file or device (See above)
2018-12-25T12:01:13.666143213Z 66 PC: 12b46 | Move file pointer (See above)
2018-12-25T12:01:13.668702213Z 64 PC: 12b84 | Write file or device (See above)
2018-12-25T12:01:13.671938264Z 66 PC: 12b8d | Move file pointer (See above)
2018-12-25T12:01:13.673872615Z 64 PC: 12b98 | Write file or device (See above)
2018-12-25T12:01:13.678117654Z 87 PC: 12b9f | Get or set file date and time (See above)
2018-12-25T12:01:13.680113307Z 62 PC: 12ba3 | Close file (See above)
2018-12-25T12:01:14.010685823Z 67 PC: 12ba8 | Get or set file attributes (See above)
2018-12-25T12:01:14.027397245Z 79 PC: 12b0a | Find next file (See above)
2018-12-25T12:01:14.031112769Z 67 PC: 12b15 | Get or set file attributes (See above)
2018-12-25T12:01:14.037758438Z 67 PC: 12b21 | Get or set file attributes (See above)
2018-12-25T12:01:14.049943975Z 61 PC: 12b2a | Open file (See above)
2018-12-25T12:01:14.058158465Z 87 PC: 12b30 | Get or set file date and time (See above)
2018-12-25T12:01:14.060088817Z 63 PC: 12b3d | Read file or device (See above)
2018-12-25T12:01:14.06733993Z 66 PC: 12b46 | Move file pointer (See above)
2018-12-25T12:01:14.070074426Z 87 PC: 12b9f | Get or set file date and time (See above)
2018-12-25T12:01:14.071847447Z 62 PC: 12ba3 | Close file (See above)
2018-12-25T12:01:14.079644201Z 67 PC: 12ba8 | Get or set file attributes (See above)
2018-12-25T12:01:14.091563622Z 79 PC: 12b0a | Find next file (See above)
2018-12-25T12:01:14.094527723Z 59 PC: 12ae9 | Change current directory
2018-12-25T12:01:14.09936882Z 59 PC: 12af8 | Change current directory
2018-12-25T12:01:14.109855651Z 26 PC: 12aff | Set disk transfer address
2018-12-25T12:01:14.111774879Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=00000064h/0000000100d bytes. ')
2018-12-25T12:01:14.118749464Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":18,"Min":0,"Second":0,"TimeBased":true,"OriginalID":7229,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:01:13.169435566Z 44 PC: 12aa8 | Get time 0x12aa8: cmp ch, 0x12
0x12aab: ja 0x12aaf
0x12aad: jne 0x12ab1
0x12aaf: int 0x19
0x12ab1: mov bp, sp
0x12ab3: int3
0x12ab4: mov bp, word ptr [bp - 6]
0x12ab7: sub bp, 0x113
0x12abb: mov dl, 0
0x12abd: mov ah, 0x47
0x12abf: lea si, word ptr [bp + 0x261]
0x12ac3: int 0x21
0x12ac5: mov ah, 0x1a
0x12ac7: lea dx, word ptr [bp + 0x235]
0x12acb: int 0x21
0x12acd: mov di, 0x100
0x12ad0: push di
0x12ad1: mov cx, 3
0x12ad4: lea si, word ptr [bp + 0x15f]
0x12ad8: rep movsb byte ptr es:[di], byte ptr [si]
2018-12-25T12:01:15.256237504Z 72 PC: 8f1b9 | Allocate memory
2018-12-25T12:01:15.25813899Z 72 PC: 8f1bd | Allocate memory
2018-12-25T12:01:15.260636266Z 99 PC: 90858 | Get DBCS lead byte table pointer
2018-12-25T12:01:15.263967883Z 61 PC: 91f88 | Open file (Filename = 'C:\WINDOWS\HIMEM.SYS')
2018-12-25T12:01:15.276628504Z 66 PC: 91f95 | Move file pointer
2018-12-25T12:01:15.278689551Z 62 PC: 91fc1 | Close file
2018-12-25T12:01:15.281452061Z 75 PC: 91fe0 | Execute program
2018-12-25T12:01:15.30023011Z 98 PC: 916f1 | Get current PSP
2018-12-25T12:01:15.301555689Z 9 PC: c605 | Display string (String= '6��r�&;] u')
2018-12-25T12:01:15.312189841Z 48 PC: c609 | Get DOS version
2018-12-25T12:01:15.31719686Z 9 PC: c382 | Display string (String= ' Installed A20 handler number ')
2018-12-25T12:01:15.321807298Z 2 PC: c38c | Character output (Char = '32')
2018-12-25T12:01:15.324271175Z 2 PC: c3a7 | Character output (Char = '2e')
2018-12-25T12:01:15.328547351Z 9 PC: c6d9 | Display string (String= '�����VH�VD���V@��������������_���Ku��t1��������D�����t �� ��������a1��Z�����W���� ������5���|�����(���������Nj�(��������p�^')
2018-12-25T12:01:15.334655389Z 9 PC: c6e0 | Display string (String= '�5���|�����(���������Nj�(��������p�^')
2018-12-25T12:01:15.344424411Z 61 PC: 91f88 | Open file (See above)
2018-12-25T12:01:15.356313268Z 66 PC: 91f95 | Move file pointer (See above)
2018-12-25T12:01:15.358351551Z 62 PC: 91fc1 | Close file (See above)
2018-12-25T12:01:15.361061687Z 75 PC: 91fe0 | Execute program (See above)
2018-12-25T12:01:15.385867461Z 98 PC: 916f1 | Get current PSP (See above)
2018-12-25T12:01:15.39033255Z 82 PC: 13d46 | Get DOS internal pointers (SYSVARS)
2018-12-25T12:01:15.391967004Z 53 PC: 13ac3 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:01:15.393910942Z 37 PC: 13ad6 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:01:15.395343695Z 53 PC: 13ae0 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:01:15.396833748Z 37 PC: 13af3 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:01:15.398938112Z 9 PC: 13a0d | Display string (Could not find end pointer)
2018-12-25T12:01:15.411091646Z 62 PC: 8f8eb | Close file
2018-12-25T12:01:15.412896175Z 62 PC: 8f8f2 | Close file
2018-12-25T12:01:15.41494794Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:15.417130691Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:15.418581959Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:15.420196943Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:15.422696116Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:15.424148732Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:15.426051685Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:15.428594925Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:15.4313108Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:15.433898777Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:15.436585983Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:15.43914705Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:15.441190624Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:15.443467267Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:15.444906388Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:15.44633024Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:15.448848118Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:15.450486645Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:15.452121323Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:15.454400632Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:15.456327938Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:15.458185119Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:15.461546022Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:15.463335787Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:15.465230224Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:15.467924946Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:15.469800472Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:15.471909536Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:15.474692963Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:15.476896043Z 61 PC: 8f8ff | Open file (Filename = '')
2018-12-25T12:01:15.482785866Z 62 PC: 8f90e | Close file
2018-12-25T12:01:15.4855275Z 69 PC: 8f915 | Duplicate handle
2018-12-25T12:01:15.488620105Z 69 PC: 8f919 | Duplicate handle
2018-12-25T12:01:15.491988762Z 61 PC: 9387b | Open file (Filename = '')
2018-12-25T12:01:15.497525984Z 68 PC: 9386b | I/O control for devices (Set for = '')
2018-12-25T12:01:15.500610744Z 61 PC: 9387b | Open file (See above)
2018-12-25T12:01:15.506365604Z 68 PC: 9386b | I/O control for devices (See above)
2018-12-25T12:01:15.508905275Z 74 PC: 8f9c4 | Reallocate memory
2018-12-25T12:01:15.51187911Z 72 PC: 8f9e0 | Allocate memory
2018-12-25T12:01:15.514301883Z 72 PC: 8f9e4 | Allocate memory
2018-12-25T12:01:15.516058809Z 74 PC: 8f9fb | Reallocate memory
2018-12-25T12:01:15.518216076Z 72 PC: 8fa02 | Allocate memory
2018-12-25T12:01:15.520031714Z 72 PC: 8fa06 | Allocate memory
2018-12-25T12:01:15.521592813Z 73 PC: 8fa11 | Release memory
2018-12-25T12:01:15.52363909Z 73 PC: 8efea | Release memory
2018-12-25T12:01:15.525202036Z 74 PC: 8f003 | Reallocate memory
2018-12-25T12:01:15.526947673Z 72 PC: 8f054 | Allocate memory
2018-12-25T12:01:15.528817328Z 72 PC: 8f058 | Allocate memory
2018-12-25T12:01:15.530895695Z 73 PC: 8f060 | Release memory
2018-12-25T12:01:15.532407602Z 61 PC: 8f080 | Open file (Filename = 'r,�S�������[�
2018-12-25T12:01:15.543662077Z 63 PC: 8f095 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:01:15.550872799Z 66 PC: 8f0ad | Move file pointer
2018-12-25T12:01:15.552477792Z 62 PC: 8f0d1 | Close file
2018-12-25T12:01:15.554625012Z 75 PC: 8f0f2 | Execute program
2018-12-25T12:01:15.580972046Z 80 PC: 12be9 | Set current PSP
2018-12-25T12:01:15.582420459Z 48 PC: 12bee | Get DOS version
2018-12-25T12:01:15.58452857Z 99 PC: 193d0 | Get DBCS lead byte table pointer
2018-12-25T12:01:15.588290018Z 101 PC: 12c74 | Get extended country info
2018-12-25T12:01:15.59013995Z 99 PC: 12c7a | Get DBCS lead byte table pointer
2018-12-25T12:01:15.591952353Z 74 PC: 12cdc | Reallocate memory
2018-12-25T12:01:15.59457858Z 72 PC: 1355d | Allocate memory
2018-12-25T12:01:15.596559345Z 25 PC: 13596 | Get default drive
2018-12-25T12:01:15.598136562Z 71 PC: 135ad | Get current directory
2018-12-25T12:01:15.60113954Z 59 PC: 135ba | Change current directory
2018-12-25T12:01:15.607551117Z 59 PC: 135c8 | Change current directory
2018-12-25T12:01:15.614874872Z 59 PC: 135d3 | Change current directory
2018-12-25T12:01:15.619126538Z 25 PC: 12d13 | Get default drive
2018-12-25T12:01:15.621043899Z 37 PC: 127d3 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:01:15.622280187Z 37 PC: 127da | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:01:15.623518488Z 37 PC: 127e1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:01:15.62704894Z 80 PC: 1301d | Set current PSP
2018-12-25T12:01:15.628323082Z 37 PC: 13041 | Set interrupt vector (Interrupt = '46' AKA 'Set verify flag')
2018-12-25T12:01:15.629913265Z 53 PC: 13362 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:01:15.631519344Z 37 PC: 13383 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:01:15.632884597Z 51 PC: 13417 | Get or set Ctrl-Break
2018-12-25T12:01:15.634401658Z 72 PC: 130ec | Allocate memory
2018-12-25T12:01:15.636530719Z 61 PC: 131b2 | Open file (Filename = '')
2018-12-25T12:01:15.640746804Z 62 PC: 131ba | Close file
2018-12-25T12:01:15.642400101Z 51 PC: 1344c | Get or set Ctrl-Break
2018-12-25T12:01:15.643996898Z 74 PC: 1197c | Reallocate memory
2018-12-25T12:01:15.645307858Z 72 PC: 11991 | Allocate memory
2018-12-25T12:01:15.646709127Z 73 PC: 119b2 | Release memory
2018-12-25T12:01:15.648349507Z 72 PC: 119bd | Allocate memory
2018-12-25T12:01:15.656093583Z 73 PC: 119df | Release memory
2018-12-25T12:01:15.657324947Z 72 PC: 119f5 | Allocate memory
2018-12-25T12:01:15.659025676Z 72 PC: 119fd | Allocate memory

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":19,"Min":0,"Second":0,"TimeBased":true,"OriginalID":7229,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:01:13.250575621Z 44 PC: 12aa8 | Get time 0x12aa8: cmp ch, 0x12
0x12aab: ja 0x12aaf
0x12aad: jne 0x12ab1
0x12aaf: int 0x19
0x12ab1: mov bp, sp
0x12ab3: int3
0x12ab4: mov bp, word ptr [bp - 6]
0x12ab7: sub bp, 0x113
0x12abb: mov dl, 0
0x12abd: mov ah, 0x47
0x12abf: lea si, word ptr [bp + 0x261]
0x12ac3: int 0x21
0x12ac5: mov ah, 0x1a
0x12ac7: lea dx, word ptr [bp + 0x235]
0x12acb: int 0x21
0x12acd: mov di, 0x100
0x12ad0: push di
0x12ad1: mov cx, 3
0x12ad4: lea si, word ptr [bp + 0x15f]
0x12ad8: rep movsb byte ptr es:[di], byte ptr [si]
2018-12-25T12:01:15.300738445Z 72 PC: 8f1b9 | Allocate memory
2018-12-25T12:01:15.302725174Z 72 PC: 8f1bd | Allocate memory
2018-12-25T12:01:15.305052609Z 99 PC: 90858 | Get DBCS lead byte table pointer
2018-12-25T12:01:15.308202633Z 61 PC: 91f88 | Open file (Filename = 'C:\WINDOWS\HIMEM.SYS')
2018-12-25T12:01:15.320402205Z 66 PC: 91f95 | Move file pointer
2018-12-25T12:01:15.32213756Z 62 PC: 91fc1 | Close file
2018-12-25T12:01:15.324539166Z 75 PC: 91fe0 | Execute program
2018-12-25T12:01:15.350192952Z 98 PC: 916f1 | Get current PSP
2018-12-25T12:01:15.351577594Z 9 PC: c605 | Display string (String= '6��r�&;] u')
2018-12-25T12:01:15.362099042Z 48 PC: c609 | Get DOS version
2018-12-25T12:01:15.367071567Z 9 PC: c382 | Display string (String= ' Installed A20 handler number ')
2018-12-25T12:01:15.373901025Z 2 PC: c38c | Character output (Char = '32')
2018-12-25T12:01:15.376244368Z 2 PC: c3a7 | Character output (Char = '2e')
2018-12-25T12:01:15.380623637Z 9 PC: c6d9 | Display string (String= '�����VH�VD���V@��������������_���Ku��t1��������D�����t �� ��������a1��Z�����W���� ������5���|�����(���������Nj�(��������p�^')
2018-12-25T12:01:15.386661431Z 9 PC: c6e0 | Display string (String= '�5���|�����(���������Nj�(��������p�^')
2018-12-25T12:01:15.399628278Z 61 PC: 91f88 | Open file (See above)
2018-12-25T12:01:15.413500591Z 66 PC: 91f95 | Move file pointer (See above)
2018-12-25T12:01:15.417426237Z 62 PC: 91fc1 | Close file (See above)
2018-12-25T12:01:15.420018478Z 75 PC: 91fe0 | Execute program (See above)
2018-12-25T12:01:15.449855747Z 98 PC: 916f1 | Get current PSP (See above)
2018-12-25T12:01:15.455548617Z 82 PC: 13d46 | Get DOS internal pointers (SYSVARS)
2018-12-25T12:01:15.457381103Z 53 PC: 13ac3 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:01:15.45902991Z 37 PC: 13ad6 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:01:15.461755464Z 53 PC: 13ae0 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:01:15.463802114Z 37 PC: 13af3 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:01:15.465398588Z 9 PC: 13a0d | Display string (Could not find end pointer)
2018-12-25T12:01:15.478846496Z 62 PC: 8f8eb | Close file
2018-12-25T12:01:15.48409648Z 62 PC: 8f8f2 | Close file
2018-12-25T12:01:15.486157372Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:15.488182104Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:15.490665519Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:15.492992297Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:15.495345792Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:15.501374608Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:15.503171278Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:15.505015554Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:15.508224328Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:15.510923769Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:15.512783629Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:15.515680043Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:15.517678873Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:15.519644385Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:15.522926384Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:15.52479174Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:15.526633846Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:15.529656137Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:15.531760663Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:15.533746385Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:15.53542521Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:15.537389494Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:15.538941851Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:15.540530462Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:15.542831987Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:15.544809053Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:15.546748145Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:15.550096128Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:15.552064993Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:15.554004913Z 61 PC: 8f8ff | Open file (Filename = '')
2018-12-25T12:01:15.560213222Z 62 PC: 8f90e | Close file
2018-12-25T12:01:15.562340745Z 69 PC: 8f915 | Duplicate handle
2018-12-25T12:01:15.564431378Z 69 PC: 8f919 | Duplicate handle
2018-12-25T12:01:15.568045423Z 61 PC: 9387b | Open file (Filename = '')
2018-12-25T12:01:15.573620983Z 68 PC: 9386b | I/O control for devices (Set for = '')
2018-12-25T12:01:15.575467754Z 61 PC: 9387b | Open file (See above)
2018-12-25T12:01:15.581525468Z 68 PC: 9386b | I/O control for devices (See above)
2018-12-25T12:01:15.583424472Z 74 PC: 8f9c4 | Reallocate memory
2018-12-25T12:01:15.584888779Z 72 PC: 8f9e0 | Allocate memory
2018-12-25T12:01:15.587017957Z 72 PC: 8f9e4 | Allocate memory
2018-12-25T12:01:15.589073758Z 74 PC: 8f9fb | Reallocate memory
2018-12-25T12:01:15.590903816Z 72 PC: 8fa02 | Allocate memory
2018-12-25T12:01:15.593366402Z 72 PC: 8fa06 | Allocate memory
2018-12-25T12:01:15.594911652Z 73 PC: 8fa11 | Release memory
2018-12-25T12:01:15.596193873Z 73 PC: 8efea | Release memory
2018-12-25T12:01:15.597324706Z 74 PC: 8f003 | Reallocate memory
2018-12-25T12:01:15.598892902Z 72 PC: 8f054 | Allocate memory
2018-12-25T12:01:15.600284669Z 72 PC: 8f058 | Allocate memory
2018-12-25T12:01:15.601561684Z 73 PC: 8f060 | Release memory
2018-12-25T12:01:15.603127049Z 61 PC: 8f080 | Open file (Filename = 'r,�S�������[�
2018-12-25T12:01:15.609481216Z 63 PC: 8f095 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:01:15.613297489Z 66 PC: 8f0ad | Move file pointer
2018-12-25T12:01:15.614997231Z 62 PC: 8f0d1 | Close file
2018-12-25T12:01:15.616462383Z 75 PC: 8f0f2 | Execute program
2018-12-25T12:01:15.635581319Z 80 PC: 12be9 | Set current PSP
2018-12-25T12:01:15.637849765Z 48 PC: 12bee | Get DOS version
2018-12-25T12:01:15.63989141Z 99 PC: 193d0 | Get DBCS lead byte table pointer
2018-12-25T12:01:15.642524827Z 101 PC: 12c74 | Get extended country info
2018-12-25T12:01:15.644918346Z 99 PC: 12c7a | Get DBCS lead byte table pointer
2018-12-25T12:01:15.646392617Z 74 PC: 12cdc | Reallocate memory
2018-12-25T12:01:15.64805402Z 72 PC: 1355d | Allocate memory
2018-12-25T12:01:15.650278183Z 25 PC: 13596 | Get default drive
2018-12-25T12:01:15.651465118Z 71 PC: 135ad | Get current directory
2018-12-25T12:01:15.653804314Z 59 PC: 135ba | Change current directory
2018-12-25T12:01:15.65986496Z 59 PC: 135c8 | Change current directory
2018-12-25T12:01:15.66706257Z 59 PC: 135d3 | Change current directory
2018-12-25T12:01:15.671078124Z 25 PC: 12d13 | Get default drive
2018-12-25T12:01:15.672467921Z 37 PC: 127d3 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:01:15.681199101Z 37 PC: 127da | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:01:15.682780569Z 37 PC: 127e1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:01:15.685566927Z 80 PC: 1301d | Set current PSP
2018-12-25T12:01:15.6871101Z 37 PC: 13041 | Set interrupt vector (Interrupt = '46' AKA 'Set verify flag')
2018-12-25T12:01:15.688802746Z 53 PC: 13362 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:01:15.690516516Z 37 PC: 13383 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:01:15.694466068Z 51 PC: 13417 | Get or set Ctrl-Break
2018-12-25T12:01:15.697233119Z 72 PC: 130ec | Allocate memory
2018-12-25T12:01:15.699624526Z 61 PC: 131b2 | Open file (Filename = '')
2018-12-25T12:01:15.707342846Z 62 PC: 131ba | Close file
2018-12-25T12:01:15.709998699Z 51 PC: 1344c | Get or set Ctrl-Break
2018-12-25T12:01:15.711257396Z 74 PC: 1197c | Reallocate memory
2018-12-25T12:01:15.713030044Z 72 PC: 11991 | Allocate memory
2018-12-25T12:01:15.718059311Z 73 PC: 119b2 | Release memory
2018-12-25T12:01:15.719644557Z 72 PC: 119bd | Allocate memory
2018-12-25T12:01:15.721928905Z 73 PC: 119df | Release memory
2018-12-25T12:01:15.723620401Z 72 PC: 119f5 | Allocate memory
2018-12-25T12:01:15.72558698Z 72 PC: 119fd | Allocate memory