Sample viewer

vx.netlux.org/Virus.DOS.Friday13.416.b

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:59:34.604312174Z	26	PC: 12acf \| Set disk transfer address
2018-12-17T22:59:34.60609357Z	78	PC: 12ad8 \| Find first file
2018-12-17T22:59:34.611981091Z	61	PC: 12b11 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:59:34.618311437Z	63	PC: 12b2a \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:59:34.625400771Z	66	PC: 12b4d \| Move file pointer
2018-12-17T22:59:34.626765451Z	66	PC: 12b62 \| Move file pointer
2018-12-17T22:59:34.628074902Z	64	PC: 12b6e \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:59:34.631175575Z	66	PC: 12b7b \| Move file pointer
2018-12-17T22:59:34.6326594Z	64	PC: 12b87 \| Write file or device (Write 416 bytes on handle 5)
2018-12-17T22:59:34.64640633Z	62	PC: 12b98 \| Close file
2018-12-17T22:59:34.654671413Z	79	PC: 12ae1 \| Find next file
2018-12-17T22:59:34.657282479Z	61	PC: 12b11 \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:59:34.663596534Z	63	PC: 12b2a \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:59:34.670172984Z	66	PC: 12b4d \| Move file pointer
2018-12-17T22:59:34.671579111Z	66	PC: 12b62 \| Move file pointer
2018-12-17T22:59:34.673079726Z	64	PC: 12b6e \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:59:34.676003304Z	66	PC: 12b7b \| Move file pointer
2018-12-17T22:59:34.678643774Z	64	PC: 12b87 \| Write file or device (Write 416 bytes on handle 5)
2018-12-17T22:59:34.681706931Z	62	PC: 12b98 \| Close file
2018-12-17T22:59:34.789804994Z	79	PC: 12ae1 \| Find next file
2018-12-17T22:59:34.792876024Z	61	PC: 12b11 \| Open file (Filename = 'HELLO.COM')
2018-12-17T22:59:34.800091178Z	63	PC: 12b2a \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:59:34.806364817Z	66	PC: 12b4d \| Move file pointer
2018-12-17T22:59:34.808040326Z	66	PC: 12b62 \| Move file pointer
2018-12-17T22:59:34.809262161Z	64	PC: 12b6e \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:59:34.81168474Z	66	PC: 12b7b \| Move file pointer
2018-12-17T22:59:34.813701389Z	64	PC: 12b87 \| Write file or device (Write 416 bytes on handle 5)
2018-12-17T22:59:34.816379325Z	62	PC: 12b98 \| Close file
2018-12-17T22:59:34.947552889Z	79	PC: 12ae1 \| Find next file
2018-12-17T22:59:34.950798608Z	61	PC: 12b11 \| Open file (Filename = 'PHANG.COM')
2018-12-17T22:59:34.955586106Z	63	PC: 12b2a \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:59:34.960367123Z	66	PC: 12b4d \| Move file pointer
2018-12-17T22:59:34.96223915Z	66	PC: 12b62 \| Move file pointer
2018-12-17T22:59:34.963550434Z	64	PC: 12b6e \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:59:34.965399141Z	66	PC: 12b7b \| Move file pointer
2018-12-17T22:59:34.967274188Z	64	PC: 12b87 \| Write file or device (Write 416 bytes on handle 5)
2018-12-17T22:59:34.969979007Z	62	PC: 12b98 \| Close file
2018-12-17T22:59:35.016227929Z	79	PC: 12ae1 \| Find next file
2018-12-17T22:59:35.019436865Z	61	PC: 12b11 \| Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:59:35.027278118Z	63	PC: 12b2a \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:59:35.033552715Z	66	PC: 12b4d \| Move file pointer
2018-12-17T22:59:35.03478474Z	66	PC: 12b62 \| Move file pointer
2018-12-17T22:59:35.036267001Z	64	PC: 12b6e \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:59:35.038775716Z	66	PC: 12b7b \| Move file pointer
2018-12-17T22:59:35.040183363Z	64	PC: 12b87 \| Write file or device (Write 416 bytes on handle 5)
2018-12-17T22:59:35.043000694Z	62	PC: 12b98 \| Close file
2018-12-17T22:59:35.05048878Z	79	PC: 12ae1 \| Find next file
2018-12-17T22:59:35.052954608Z	61	PC: 12b11 \| Open file (Filename = 'MANDEL.COM')
2018-12-17T22:59:35.059579485Z	63	PC: 12b2a \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:59:35.065695046Z	66	PC: 12b4d \| Move file pointer
2018-12-17T22:59:35.066967094Z	66	PC: 12b62 \| Move file pointer
2018-12-17T22:59:35.068637287Z	64	PC: 12b6e \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:59:35.071261288Z	66	PC: 12b7b \| Move file pointer
2018-12-17T22:59:35.072502649Z	64	PC: 12b87 \| Write file or device (Write 416 bytes on handle 5)
2018-12-17T22:59:35.076631838Z	62	PC: 12b98 \| Close file
2018-12-17T22:59:35.08509731Z	79	PC: 12ae1 \| Find next file
2018-12-17T22:59:35.087655969Z	61	PC: 12b11 \| Open file (Filename = 'PAH.COM')
2018-12-17T22:59:35.095210308Z	63	PC: 12b2a \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:59:35.10136484Z	66	PC: 12b4d \| Move file pointer
2018-12-17T22:59:35.10262764Z	66	PC: 12b62 \| Move file pointer
2018-12-17T22:59:35.104209031Z	64	PC: 12b6e \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:59:35.106635933Z	66	PC: 12b7b \| Move file pointer
2018-12-17T22:59:35.10783886Z	64	PC: 12b87 \| Write file or device (Write 416 bytes on handle 5)
2018-12-17T22:59:35.117739113Z	62	PC: 12b98 \| Close file
2018-12-17T22:59:35.125284881Z	79	PC: 12ae1 \| Find next file
2018-12-17T22:59:35.127779283Z	61	PC: 12b11 \| Open file (Filename = 'TEST.COM')
2018-12-17T22:59:35.13461609Z	63	PC: 12b2a \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:59:35.137087154Z	66	PC: 12b4d \| Move file pointer
2018-12-17T22:59:35.138394789Z	66	PC: 12b62 \| Move file pointer
2018-12-17T22:59:35.140429364Z	64	PC: 12b6e \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:59:35.142940085Z	66	PC: 12b7b \| Move file pointer
2018-12-17T22:59:35.144133756Z	64	PC: 12b87 \| Write file or device (Write 416 bytes on handle 5)
2018-12-17T22:59:35.152755741Z	62	PC: 12b98 \| Close file
2018-12-17T22:59:35.160659335Z	79	PC: 12ae1 \| Find next file
2018-12-17T22:59:35.163643409Z	26	PC: 12aef \| Set disk transfer address
2018-12-17T22:59:35.165077483Z	42	PC: 12ba0 \| Get date 0x12ba0: cmp dl, 0xd 0x12ba3: jne 0x12bc7 0x12ba5: cmp al, 5 0x12ba7: jne 0x12bc7 0x12ba9: xor ax, ax 0x12bab: mov cx, 0x7fff 0x12bae: xor di, di 0x12bb0: mov es, word ptr es:[0x2c] 0x12bb5: cld 0x12bb6: repne scasd eax, dword ptr es:[di] 0x12bb8: jne 0x12bc7 0x12bba: add di, 2 0x12bbd: push ds 0x12bbe: push es 0x12bbf: pop ds 0x12bc0: mov ah, 0x41 0x12bc2: mov dx, di 0x12bc4: int 0x21 0x12bc6: pop ds 0x12bc7: pop es
2018-12-17T22:59:35.172667037Z	76	PC: 0 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":13,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13255,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:37:48.469912709Z	26	PC: 12acf \| Set disk transfer address
2018-12-25T12:37:48.471309922Z	78	PC: 12ad8 \| Find first file
2018-12-25T12:37:48.478047731Z	61	PC: 12b11 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:37:48.485436898Z	63	PC: 12b2a \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:37:48.491470261Z	66	PC: 12b4d \| Move file pointer
2018-12-25T12:37:48.493428577Z	66	PC: 12b62 \| Move file pointer
2018-12-25T12:37:48.494994452Z	64	PC: 12b6e \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:37:48.497624796Z	66	PC: 12b7b \| Move file pointer
2018-12-25T12:37:48.499491724Z	64	PC: 12b87 \| Write file or device (Write 416 bytes on handle 5)
2018-12-25T12:37:48.515602997Z	62	PC: 12b98 \| Close file
2018-12-25T12:37:48.524699999Z	79	PC: 12ae1 \| Find next file
2018-12-25T12:37:48.528311551Z	61	PC: 12b11 \| Open file (See above)
2018-12-25T12:37:48.535709284Z	63	PC: 12b2a \| Read file or device (See above)
2018-12-25T12:37:48.544393039Z	66	PC: 12b4d \| Move file pointer (See above)
2018-12-25T12:37:48.547053946Z	66	PC: 12b62 \| Move file pointer (See above)
2018-12-25T12:37:48.548819556Z	64	PC: 12b6e \| Write file or device (See above)
2018-12-25T12:37:48.551804193Z	66	PC: 12b7b \| Move file pointer (See above)
2018-12-25T12:37:48.553873484Z	64	PC: 12b87 \| Write file or device (See above)
2018-12-25T12:37:48.558083055Z	62	PC: 12b98 \| Close file (See above)
2018-12-25T12:37:48.566945651Z	79	PC: 12ae1 \| Find next file (See above)
2018-12-25T12:37:48.570398426Z	61	PC: 12b11 \| Open file (See above)
2018-12-25T12:37:48.578074954Z	63	PC: 12b2a \| Read file or device (See above)
2018-12-25T12:37:48.585252242Z	66	PC: 12b4d \| Move file pointer (See above)
2018-12-25T12:37:48.586879716Z	66	PC: 12b62 \| Move file pointer (See above)
2018-12-25T12:37:48.589503503Z	64	PC: 12b6e \| Write file or device (See above)
2018-12-25T12:37:48.592999232Z	66	PC: 12b7b \| Move file pointer (See above)
2018-12-25T12:37:48.59512112Z	64	PC: 12b87 \| Write file or device (See above)
2018-12-25T12:37:48.598776804Z	62	PC: 12b98 \| Close file (See above)
2018-12-25T12:37:48.607848544Z	79	PC: 12ae1 \| Find next file (See above)
2018-12-25T12:37:48.611164293Z	61	PC: 12b11 \| Open file (See above)
2018-12-25T12:37:48.619414836Z	63	PC: 12b2a \| Read file or device (See above)
2018-12-25T12:37:48.626876819Z	66	PC: 12b4d \| Move file pointer (See above)
2018-12-25T12:37:48.629072152Z	66	PC: 12b62 \| Move file pointer (See above)
2018-12-25T12:37:48.631199859Z	64	PC: 12b6e \| Write file or device (See above)
2018-12-25T12:37:48.634173977Z	66	PC: 12b7b \| Move file pointer (See above)
2018-12-25T12:37:48.63551277Z	64	PC: 12b87 \| Write file or device (See above)
2018-12-25T12:37:48.639226232Z	62	PC: 12b98 \| Close file (See above)
2018-12-25T12:37:48.644973782Z	79	PC: 12ae1 \| Find next file (See above)
2018-12-25T12:37:48.646970921Z	61	PC: 12b11 \| Open file (See above)
2018-12-25T12:37:48.65252479Z	63	PC: 12b2a \| Read file or device (See above)
2018-12-25T12:37:48.656901059Z	66	PC: 12b4d \| Move file pointer (See above)
2018-12-25T12:37:48.658474611Z	66	PC: 12b62 \| Move file pointer (See above)
2018-12-25T12:37:48.660369108Z	64	PC: 12b6e \| Write file or device (See above)
2018-12-25T12:37:48.663008579Z	66	PC: 12b7b \| Move file pointer (See above)
2018-12-25T12:37:48.664465328Z	64	PC: 12b87 \| Write file or device (See above)
2018-12-25T12:37:48.667254309Z	62	PC: 12b98 \| Close file (See above)
2018-12-25T12:37:48.675616534Z	79	PC: 12ae1 \| Find next file (See above)
2018-12-25T12:37:48.679190015Z	61	PC: 12b11 \| Open file (See above)
2018-12-25T12:37:48.686443726Z	63	PC: 12b2a \| Read file or device (See above)
2018-12-25T12:37:48.693980727Z	66	PC: 12b4d \| Move file pointer (See above)
2018-12-25T12:37:48.695299482Z	66	PC: 12b62 \| Move file pointer (See above)
2018-12-25T12:37:48.69669541Z	64	PC: 12b6e \| Write file or device (See above)
2018-12-25T12:37:48.700208735Z	66	PC: 12b7b \| Move file pointer (See above)
2018-12-25T12:37:48.701694667Z	64	PC: 12b87 \| Write file or device (See above)
2018-12-25T12:37:48.705569507Z	62	PC: 12b98 \| Close file (See above)
2018-12-25T12:37:48.714631891Z	79	PC: 12ae1 \| Find next file (See above)
2018-12-25T12:37:48.717638949Z	61	PC: 12b11 \| Open file (See above)
2018-12-25T12:37:48.724832135Z	63	PC: 12b2a \| Read file or device (See above)
2018-12-25T12:37:48.733086109Z	66	PC: 12b4d \| Move file pointer (See above)
2018-12-25T12:37:48.735263761Z	66	PC: 12b62 \| Move file pointer (See above)
2018-12-25T12:37:48.736827758Z	64	PC: 12b6e \| Write file or device (See above)
2018-12-25T12:37:48.740177074Z	66	PC: 12b7b \| Move file pointer (See above)
2018-12-25T12:37:48.742624428Z	64	PC: 12b87 \| Write file or device (See above)
2018-12-25T12:37:48.746865947Z	62	PC: 12b98 \| Close file (See above)
2018-12-25T12:37:48.755895343Z	79	PC: 12ae1 \| Find next file (See above)
2018-12-25T12:37:48.759861811Z	61	PC: 12b11 \| Open file (See above)
2018-12-25T12:37:48.767307839Z	63	PC: 12b2a \| Read file or device (See above)
2018-12-25T12:37:48.769905169Z	66	PC: 12b4d \| Move file pointer (See above)
2018-12-25T12:37:48.772128951Z	66	PC: 12b62 \| Move file pointer (See above)
2018-12-25T12:37:48.77347056Z	64	PC: 12b6e \| Write file or device (See above)
2018-12-25T12:37:48.776270417Z	66	PC: 12b7b \| Move file pointer (See above)
2018-12-25T12:37:48.778409813Z	64	PC: 12b87 \| Write file or device (See above)
2018-12-25T12:37:48.786933086Z	62	PC: 12b98 \| Close file (See above)
2018-12-25T12:37:48.795696654Z	79	PC: 12ae1 \| Find next file (See above)
2018-12-25T12:37:48.799039542Z	26	PC: 12aef \| Set disk transfer address
2018-12-25T12:37:48.800617483Z	42	PC: 12ba0 \| Get date 0x12ba0: cmp dl, 0xd 0x12ba3: jne 0x12bc7 0x12ba5: cmp al, 5 0x12ba7: jne 0x12bc7 0x12ba9: xor ax, ax 0x12bab: mov cx, 0x7fff 0x12bae: xor di, di 0x12bb0: mov es, word ptr es:[0x2c] 0x12bb5: cld 0x12bb6: repne scasd eax, dword ptr es:[di] 0x12bb8: jne 0x12bc7 0x12bba: add di, 2 0x12bbd: push ds 0x12bbe: push es 0x12bbf: pop ds 0x12bc0: mov ah, 0x41 0x12bc2: mov dx, di 0x12bc4: int 0x21 0x12bc6: pop ds 0x12bc7: pop es
2018-12-25T12:37:48.803414743Z	65	PC: 12bc6 \| Delete file (Filename = 'A:\TEST.COM')
2018-12-25T12:37:48.817134136Z	26	PC: 12acf \| Set disk transfer address (See above)
2018-12-25T12:37:48.818289011Z	78	PC: 12ad8 \| Find first file (See above)
2018-12-25T12:37:48.824974204Z	61	PC: 12b11 \| Open file (See above)
2018-12-25T12:37:48.832470018Z	63	PC: 12b2a \| Read file or device (See above)
2018-12-25T12:37:48.839600546Z	62	PC: 12b98 \| Close file (See above)
2018-12-25T12:37:48.84151411Z	79	PC: 12ae1 \| Find next file (See above)
2018-12-25T12:37:48.844646046Z	61	PC: 12b11 \| Open file (See above)
2018-12-25T12:37:48.851385636Z	63	PC: 12b2a \| Read file or device (See above)
2018-12-25T12:37:48.853218143Z	62	PC: 12b98 \| Close file (See above)
2018-12-25T12:37:48.854541641Z	79	PC: 12ae1 \| Find next file (See above)
2018-12-25T12:37:48.856496453Z	61	PC: 12b11 \| Open file (See above)
2018-12-25T12:37:48.86070345Z	63	PC: 12b2a \| Read file or device (See above)
2018-12-25T12:37:48.864964589Z	62	PC: 12b98 \| Close file (See above)
2018-12-25T12:37:48.866835143Z	79	PC: 12ae1 \| Find next file (See above)
2018-12-25T12:37:48.868709275Z	61	PC: 12b11 \| Open file (See above)
2018-12-25T12:37:48.876233456Z	63	PC: 12b2a \| Read file or device (See above)
2018-12-25T12:37:48.880604439Z	62	PC: 12b98 \| Close file (See above)
2018-12-25T12:37:48.881893184Z	79	PC: 12ae1 \| Find next file (See above)
2018-12-25T12:37:48.883711019Z	61	PC: 12b11 \| Open file (See above)
2018-12-25T12:37:48.888402071Z	63	PC: 12b2a \| Read file or device (See above)
2018-12-25T12:37:48.892712447Z	62	PC: 12b98 \| Close file (See above)
2018-12-25T12:37:48.893945446Z	79	PC: 12ae1 \| Find next file (See above)
2018-12-25T12:37:48.896175097Z	61	PC: 12b11 \| Open file (See above)
2018-12-25T12:37:48.900516642Z	63	PC: 12b2a \| Read file or device (See above)
2018-12-25T12:37:48.90469204Z	62	PC: 12b98 \| Close file (See above)
2018-12-25T12:37:48.906361343Z	79	PC: 12ae1 \| Find next file (See above)
2018-12-25T12:37:48.908291908Z	61	PC: 12b11 \| Open file (See above)
2018-12-25T12:37:48.912619079Z	63	PC: 12b2a \| Read file or device (See above)
2018-12-25T12:37:48.91716513Z	62	PC: 12b98 \| Close file (See above)
2018-12-25T12:37:48.918485562Z	79	PC: 12ae1 \| Find next file (See above)
2018-12-25T12:37:48.920151792Z	26	PC: 12aef \| Set disk transfer address (See above)
2018-12-25T12:37:48.92127029Z	42	PC: 12ba0 \| Get date (See above)
2018-12-25T12:37:48.923209085Z	65	PC: 12bc6 \| Delete file (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13255,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:37:48.530984716Z	26	PC: 12acf \| Set disk transfer address
2018-12-25T12:37:48.533422084Z	78	PC: 12ad8 \| Find first file
2018-12-25T12:37:48.540105179Z	61	PC: 12b11 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:37:48.546836578Z	63	PC: 12b2a \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:37:48.553437475Z	66	PC: 12b4d \| Move file pointer
2018-12-25T12:37:48.555429616Z	66	PC: 12b62 \| Move file pointer
2018-12-25T12:37:48.557710853Z	64	PC: 12b6e \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:37:48.560521416Z	66	PC: 12b7b \| Move file pointer
2018-12-25T12:37:48.562836543Z	64	PC: 12b87 \| Write file or device (Write 416 bytes on handle 5)
2018-12-25T12:37:48.578421672Z	62	PC: 12b98 \| Close file
2018-12-25T12:37:48.58619278Z	79	PC: 12ae1 \| Find next file
2018-12-25T12:37:48.590275038Z	61	PC: 12b11 \| Open file (See above)
2018-12-25T12:37:48.597129443Z	63	PC: 12b2a \| Read file or device (See above)
2018-12-25T12:37:48.603242867Z	66	PC: 12b4d \| Move file pointer (See above)
2018-12-25T12:37:48.606151959Z	66	PC: 12b62 \| Move file pointer (See above)
2018-12-25T12:37:48.607596122Z	64	PC: 12b6e \| Write file or device (See above)
2018-12-25T12:37:48.610026171Z	66	PC: 12b7b \| Move file pointer (See above)
2018-12-25T12:37:48.616097155Z	64	PC: 12b87 \| Write file or device (See above)
2018-12-25T12:37:48.619102087Z	62	PC: 12b98 \| Close file (See above)
2018-12-25T12:37:48.625410884Z	79	PC: 12ae1 \| Find next file (See above)
2018-12-25T12:37:48.627587802Z	61	PC: 12b11 \| Open file (See above)
2018-12-25T12:37:48.632927708Z	63	PC: 12b2a \| Read file or device (See above)
2018-12-25T12:37:48.637822655Z	66	PC: 12b4d \| Move file pointer (See above)
2018-12-25T12:37:48.638931545Z	66	PC: 12b62 \| Move file pointer (See above)
2018-12-25T12:37:48.641966505Z	64	PC: 12b6e \| Write file or device (See above)
2018-12-25T12:37:48.643956134Z	66	PC: 12b7b \| Move file pointer (See above)
2018-12-25T12:37:48.645011594Z	64	PC: 12b87 \| Write file or device (See above)
2018-12-25T12:37:48.647732962Z	62	PC: 12b98 \| Close file (See above)
2018-12-25T12:37:48.652877307Z	79	PC: 12ae1 \| Find next file (See above)
2018-12-25T12:37:48.654669438Z	61	PC: 12b11 \| Open file (See above)
2018-12-25T12:37:48.660611774Z	63	PC: 12b2a \| Read file or device (See above)
2018-12-25T12:37:48.668679167Z	66	PC: 12b4d \| Move file pointer (See above)
2018-12-25T12:37:48.670635029Z	66	PC: 12b62 \| Move file pointer (See above)
2018-12-25T12:37:48.672992891Z	64	PC: 12b6e \| Write file or device (See above)
2018-12-25T12:37:48.675695612Z	66	PC: 12b7b \| Move file pointer (See above)
2018-12-25T12:37:48.677036076Z	64	PC: 12b87 \| Write file or device (See above)
2018-12-25T12:37:48.680885366Z	62	PC: 12b98 \| Close file (See above)
2018-12-25T12:37:48.688864941Z	79	PC: 12ae1 \| Find next file (See above)
2018-12-25T12:37:48.691883596Z	61	PC: 12b11 \| Open file (See above)
2018-12-25T12:37:48.699377279Z	63	PC: 12b2a \| Read file or device (See above)
2018-12-25T12:37:48.7065197Z	66	PC: 12b4d \| Move file pointer (See above)
2018-12-25T12:37:48.708283135Z	66	PC: 12b62 \| Move file pointer (See above)
2018-12-25T12:37:48.709966767Z	64	PC: 12b6e \| Write file or device (See above)
2018-12-25T12:37:48.713298321Z	66	PC: 12b7b \| Move file pointer (See above)
2018-12-25T12:37:48.714972648Z	64	PC: 12b87 \| Write file or device (See above)
2018-12-25T12:37:48.717873348Z	62	PC: 12b98 \| Close file (See above)
2018-12-25T12:37:48.726541072Z	79	PC: 12ae1 \| Find next file (See above)
2018-12-25T12:37:48.729453305Z	61	PC: 12b11 \| Open file (See above)
2018-12-25T12:37:48.73612219Z	63	PC: 12b2a \| Read file or device (See above)
2018-12-25T12:37:48.743380954Z	66	PC: 12b4d \| Move file pointer (See above)
2018-12-25T12:37:48.745098789Z	66	PC: 12b62 \| Move file pointer (See above)
2018-12-25T12:37:48.74677258Z	64	PC: 12b6e \| Write file or device (See above)
2018-12-25T12:37:48.750505786Z	66	PC: 12b7b \| Move file pointer (See above)
2018-12-25T12:37:48.752387211Z	64	PC: 12b87 \| Write file or device (See above)
2018-12-25T12:37:48.756367058Z	62	PC: 12b98 \| Close file (See above)
2018-12-25T12:37:48.765710312Z	79	PC: 12ae1 \| Find next file (See above)
2018-12-25T12:37:48.769183956Z	61	PC: 12b11 \| Open file (See above)
2018-12-25T12:37:48.776289791Z	63	PC: 12b2a \| Read file or device (See above)
2018-12-25T12:37:48.783893993Z	66	PC: 12b4d \| Move file pointer (See above)
2018-12-25T12:37:48.785875227Z	66	PC: 12b62 \| Move file pointer (See above)
2018-12-25T12:37:48.78722555Z	64	PC: 12b6e \| Write file or device (See above)
2018-12-25T12:37:48.789909503Z	66	PC: 12b7b \| Move file pointer (See above)
2018-12-25T12:37:48.791718173Z	64	PC: 12b87 \| Write file or device (See above)
2018-12-25T12:37:48.794376443Z	62	PC: 12b98 \| Close file (See above)
2018-12-25T12:37:48.802266396Z	79	PC: 12ae1 \| Find next file (See above)
2018-12-25T12:37:48.805684345Z	61	PC: 12b11 \| Open file (See above)
2018-12-25T12:37:48.812360855Z	63	PC: 12b2a \| Read file or device (See above)
2018-12-25T12:37:48.815210304Z	66	PC: 12b4d \| Move file pointer (See above)
2018-12-25T12:37:48.818029175Z	66	PC: 12b62 \| Move file pointer (See above)
2018-12-25T12:37:48.819844813Z	64	PC: 12b6e \| Write file or device (See above)
2018-12-25T12:37:48.823333198Z	66	PC: 12b7b \| Move file pointer (See above)
2018-12-25T12:37:48.825321208Z	64	PC: 12b87 \| Write file or device (See above)
2018-12-25T12:37:48.834000832Z	62	PC: 12b98 \| Close file (See above)
2018-12-25T12:37:48.84237375Z	79	PC: 12ae1 \| Find next file (See above)
2018-12-25T12:37:48.846847512Z	26	PC: 12aef \| Set disk transfer address
2018-12-25T12:37:48.848169541Z	42	PC: 12ba0 \| Get date 0x12ba0: cmp dl, 0xd 0x12ba3: jne 0x12bc7 0x12ba5: cmp al, 5 0x12ba7: jne 0x12bc7 0x12ba9: xor ax, ax 0x12bab: mov cx, 0x7fff 0x12bae: xor di, di 0x12bb0: mov es, word ptr es:[0x2c] 0x12bb5: cld 0x12bb6: repne scasd eax, dword ptr es:[di] 0x12bb8: jne 0x12bc7 0x12bba: add di, 2 0x12bbd: push ds 0x12bbe: push es 0x12bbf: pop ds 0x12bc0: mov ah, 0x41 0x12bc2: mov dx, di 0x12bc4: int 0x21 0x12bc6: pop ds 0x12bc7: pop es
2018-12-25T12:37:48.851552353Z	26	PC: 12acf \| Set disk transfer address (See above)
2018-12-25T12:37:48.853589099Z	78	PC: 12ad8 \| Find first file (See above)
2018-12-25T12:37:48.859589283Z	61	PC: 12b11 \| Open file (See above)
2018-12-25T12:37:48.866117067Z	63	PC: 12b2a \| Read file or device (See above)
2018-12-25T12:37:48.873090385Z	62	PC: 12b98 \| Close file (See above)
2018-12-25T12:37:48.875611245Z	79	PC: 12ae1 \| Find next file (See above)
2018-12-25T12:37:48.878351733Z	61	PC: 12b11 \| Open file (See above)
2018-12-25T12:37:48.88546506Z	63	PC: 12b2a \| Read file or device (See above)
2018-12-25T12:37:48.888217448Z	62	PC: 12b98 \| Close file (See above)
2018-12-25T12:37:48.89031492Z	79	PC: 12ae1 \| Find next file (See above)
2018-12-25T12:37:48.894407269Z	61	PC: 12b11 \| Open file (See above)
2018-12-25T12:37:48.901405127Z	63	PC: 12b2a \| Read file or device (See above)
2018-12-25T12:37:48.907642861Z	62	PC: 12b98 \| Close file (See above)
2018-12-25T12:37:48.912227403Z	79	PC: 12ae1 \| Find next file (See above)
2018-12-25T12:37:48.919004854Z	61	PC: 12b11 \| Open file (See above)
2018-12-25T12:37:48.926883235Z	63	PC: 12b2a \| Read file or device (See above)
2018-12-25T12:37:48.930329864Z	62	PC: 12b98 \| Close file (See above)
2018-12-25T12:37:48.932177065Z	79	PC: 12ae1 \| Find next file (See above)
2018-12-25T12:37:48.934922384Z	61	PC: 12b11 \| Open file (See above)
2018-12-25T12:37:48.94179184Z	63	PC: 12b2a \| Read file or device (See above)
2018-12-25T12:37:48.94463179Z	62	PC: 12b98 \| Close file (See above)
2018-12-25T12:37:48.94649028Z	79	PC: 12ae1 \| Find next file (See above)
2018-12-25T12:37:48.949906276Z	61	PC: 12b11 \| Open file (See above)
2018-12-25T12:37:48.955996637Z	63	PC: 12b2a \| Read file or device (See above)
2018-12-25T12:37:48.958437256Z	62	PC: 12b98 \| Close file (See above)
2018-12-25T12:37:48.961316333Z	79	PC: 12ae1 \| Find next file (See above)
2018-12-25T12:37:48.964042514Z	61	PC: 12b11 \| Open file (See above)
2018-12-25T12:37:48.969910591Z	63	PC: 12b2a \| Read file or device (See above)
2018-12-25T12:37:48.973232432Z	62	PC: 12b98 \| Close file (See above)
2018-12-25T12:37:48.974895048Z	79	PC: 12ae1 \| Find next file (See above)
2018-12-25T12:37:48.977388046Z	61	PC: 12b11 \| Open file (See above)
2018-12-25T12:37:48.984297151Z	63	PC: 12b2a \| Read file or device (See above)
2018-12-25T12:37:48.990459002Z	62	PC: 12b98 \| Close file (See above)
2018-12-25T12:37:48.992136131Z	79	PC: 12ae1 \| Find next file (See above)
2018-12-25T12:37:48.995669418Z	26	PC: 12aef \| Set disk transfer address (See above)
2018-12-25T12:37:48.996678133Z	42	PC: 12ba0 \| Get date (See above)

{"DateBased":true,"Day":13,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13255,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:37:49.339817941Z	26	PC: 12acf \| Set disk transfer address
2018-12-25T12:37:49.341164814Z	78	PC: 12ad8 \| Find first file
2018-12-25T12:37:49.348062678Z	61	PC: 12b11 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:37:49.355382933Z	63	PC: 12b2a \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:37:49.362430969Z	66	PC: 12b4d \| Move file pointer
2018-12-25T12:37:49.365410258Z	66	PC: 12b62 \| Move file pointer
2018-12-25T12:37:49.367168523Z	64	PC: 12b6e \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:37:49.371205302Z	66	PC: 12b7b \| Move file pointer
2018-12-25T12:37:49.375150319Z	64	PC: 12b87 \| Write file or device (Write 416 bytes on handle 5)
2018-12-25T12:37:49.391242754Z	62	PC: 12b98 \| Close file
2018-12-25T12:37:49.400002684Z	79	PC: 12ae1 \| Find next file
2018-12-25T12:37:49.404634623Z	61	PC: 12b11 \| Open file (See above)
2018-12-25T12:37:49.419346629Z	63	PC: 12b2a \| Read file or device (See above)
2018-12-25T12:37:49.426860413Z	66	PC: 12b4d \| Move file pointer (See above)
2018-12-25T12:37:49.429085034Z	66	PC: 12b62 \| Move file pointer (See above)
2018-12-25T12:37:49.431184148Z	64	PC: 12b6e \| Write file or device (See above)
2018-12-25T12:37:49.434172677Z	66	PC: 12b7b \| Move file pointer (See above)
2018-12-25T12:37:49.436464886Z	64	PC: 12b87 \| Write file or device (See above)
2018-12-25T12:37:49.439645688Z	62	PC: 12b98 \| Close file (See above)
2018-12-25T12:37:49.44953169Z	79	PC: 12ae1 \| Find next file (See above)
2018-12-25T12:37:49.453578928Z	61	PC: 12b11 \| Open file (See above)
2018-12-25T12:37:49.468868873Z	63	PC: 12b2a \| Read file or device (See above)
2018-12-25T12:37:49.473239635Z	66	PC: 12b4d \| Move file pointer (See above)
2018-12-25T12:37:49.475373269Z	66	PC: 12b62 \| Move file pointer (See above)
2018-12-25T12:37:49.477650323Z	64	PC: 12b6e \| Write file or device (See above)
2018-12-25T12:37:49.479663088Z	66	PC: 12b7b \| Move file pointer (See above)
2018-12-25T12:37:49.48086199Z	64	PC: 12b87 \| Write file or device (See above)
2018-12-25T12:37:49.483426186Z	62	PC: 12b98 \| Close file (See above)
2018-12-25T12:37:49.489419891Z	79	PC: 12ae1 \| Find next file (See above)
2018-12-25T12:37:49.491700857Z	61	PC: 12b11 \| Open file (See above)
2018-12-25T12:37:49.501229315Z	63	PC: 12b2a \| Read file or device (See above)
2018-12-25T12:37:49.506356645Z	66	PC: 12b4d \| Move file pointer (See above)
2018-12-25T12:37:49.507991492Z	66	PC: 12b62 \| Move file pointer (See above)
2018-12-25T12:37:49.511841144Z	64	PC: 12b6e \| Write file or device (See above)
2018-12-25T12:37:49.519119951Z	66	PC: 12b7b \| Move file pointer (See above)
2018-12-25T12:37:49.52099281Z	64	PC: 12b87 \| Write file or device (See above)
2018-12-25T12:37:49.524680545Z	62	PC: 12b98 \| Close file (See above)
2018-12-25T12:37:49.534154257Z	79	PC: 12ae1 \| Find next file (See above)
2018-12-25T12:37:49.536928858Z	61	PC: 12b11 \| Open file (See above)
2018-12-25T12:37:49.543995755Z	63	PC: 12b2a \| Read file or device (See above)
2018-12-25T12:37:49.551213988Z	66	PC: 12b4d \| Move file pointer (See above)
2018-12-25T12:37:49.552739147Z	66	PC: 12b62 \| Move file pointer (See above)
2018-12-25T12:37:49.554141282Z	64	PC: 12b6e \| Write file or device (See above)
2018-12-25T12:37:49.557582576Z	66	PC: 12b7b \| Move file pointer (See above)
2018-12-25T12:37:49.559377077Z	64	PC: 12b87 \| Write file or device (See above)
2018-12-25T12:37:49.562551157Z	62	PC: 12b98 \| Close file (See above)
2018-12-25T12:37:49.571470961Z	79	PC: 12ae1 \| Find next file (See above)
2018-12-25T12:37:49.57467412Z	61	PC: 12b11 \| Open file (See above)
2018-12-25T12:37:49.581791662Z	63	PC: 12b2a \| Read file or device (See above)
2018-12-25T12:37:49.589352904Z	66	PC: 12b4d \| Move file pointer (See above)
2018-12-25T12:37:49.59086909Z	66	PC: 12b62 \| Move file pointer (See above)
2018-12-25T12:37:49.593193862Z	64	PC: 12b6e \| Write file or device (See above)
2018-12-25T12:37:49.596826186Z	66	PC: 12b7b \| Move file pointer (See above)
2018-12-25T12:37:49.59832369Z	64	PC: 12b87 \| Write file or device (See above)
2018-12-25T12:37:49.602315464Z	62	PC: 12b98 \| Close file (See above)
2018-12-25T12:37:49.611997807Z	79	PC: 12ae1 \| Find next file (See above)
2018-12-25T12:37:49.614871668Z	61	PC: 12b11 \| Open file (See above)
2018-12-25T12:37:49.622010335Z	63	PC: 12b2a \| Read file or device (See above)
2018-12-25T12:37:49.629053255Z	66	PC: 12b4d \| Move file pointer (See above)
2018-12-25T12:37:49.63076442Z	66	PC: 12b62 \| Move file pointer (See above)
2018-12-25T12:37:49.632451997Z	64	PC: 12b6e \| Write file or device (See above)
2018-12-25T12:37:49.635267319Z	66	PC: 12b7b \| Move file pointer (See above)
2018-12-25T12:37:49.637260871Z	64	PC: 12b87 \| Write file or device (See above)
2018-12-25T12:37:49.640110335Z	62	PC: 12b98 \| Close file (See above)
2018-12-25T12:37:49.648320281Z	79	PC: 12ae1 \| Find next file (See above)
2018-12-25T12:37:49.652013838Z	61	PC: 12b11 \| Open file (See above)
2018-12-25T12:37:49.659725734Z	63	PC: 12b2a \| Read file or device (See above)
2018-12-25T12:37:49.662419928Z	66	PC: 12b4d \| Move file pointer (See above)
2018-12-25T12:37:49.664454018Z	66	PC: 12b62 \| Move file pointer (See above)
2018-12-25T12:37:49.66586687Z	64	PC: 12b6e \| Write file or device (See above)
2018-12-25T12:37:49.668800826Z	66	PC: 12b7b \| Move file pointer (See above)
2018-12-25T12:37:49.670802543Z	64	PC: 12b87 \| Write file or device (See above)
2018-12-25T12:37:49.679421417Z	62	PC: 12b98 \| Close file (See above)
2018-12-25T12:37:49.687794056Z	79	PC: 12ae1 \| Find next file (See above)
2018-12-25T12:37:49.692527758Z	26	PC: 12aef \| Set disk transfer address
2018-12-25T12:37:49.693835759Z	42	PC: 12ba0 \| Get date 0x12ba0: cmp dl, 0xd 0x12ba3: jne 0x12bc7 0x12ba5: cmp al, 5 0x12ba7: jne 0x12bc7 0x12ba9: xor ax, ax 0x12bab: mov cx, 0x7fff 0x12bae: xor di, di 0x12bb0: mov es, word ptr es:[0x2c] 0x12bb5: cld 0x12bb6: repne scasd eax, dword ptr es:[di] 0x12bb8: jne 0x12bc7 0x12bba: add di, 2 0x12bbd: push ds 0x12bbe: push es 0x12bbf: pop ds 0x12bc0: mov ah, 0x41 0x12bc2: mov dx, di 0x12bc4: int 0x21 0x12bc6: pop ds 0x12bc7: pop es
2018-12-25T12:37:49.69696206Z	26	PC: 12acf \| Set disk transfer address (See above)
2018-12-25T12:37:49.699505077Z	78	PC: 12ad8 \| Find first file (See above)
2018-12-25T12:37:49.70577585Z	61	PC: 12b11 \| Open file (See above)
2018-12-25T12:37:49.712710985Z	63	PC: 12b2a \| Read file or device (See above)
2018-12-25T12:37:49.72079963Z	62	PC: 12b98 \| Close file (See above)
2018-12-25T12:37:49.7231086Z	79	PC: 12ae1 \| Find next file (See above)
2018-12-25T12:37:49.726774044Z	61	PC: 12b11 \| Open file (See above)
2018-12-25T12:37:49.733931735Z	63	PC: 12b2a \| Read file or device (See above)
2018-12-25T12:37:49.736753172Z	62	PC: 12b98 \| Close file (See above)
2018-12-25T12:37:49.738542972Z	79	PC: 12ae1 \| Find next file (See above)
2018-12-25T12:37:49.741611452Z	61	PC: 12b11 \| Open file (See above)
2018-12-25T12:37:49.750244099Z	63	PC: 12b2a \| Read file or device (See above)
2018-12-25T12:37:49.757138746Z	62	PC: 12b98 \| Close file (See above)
2018-12-25T12:37:49.758991641Z	79	PC: 12ae1 \| Find next file (See above)
2018-12-25T12:37:49.76250158Z	61	PC: 12b11 \| Open file (See above)
2018-12-25T12:37:49.769657545Z	63	PC: 12b2a \| Read file or device (See above)
2018-12-25T12:37:49.772343537Z	62	PC: 12b98 \| Close file (See above)
2018-12-25T12:37:49.775125364Z	79	PC: 12ae1 \| Find next file (See above)
2018-12-25T12:37:49.778380967Z	61	PC: 12b11 \| Open file (See above)
2018-12-25T12:37:49.786058735Z	63	PC: 12b2a \| Read file or device (See above)
2018-12-25T12:37:49.789624761Z	62	PC: 12b98 \| Close file (See above)
2018-12-25T12:37:49.791651946Z	79	PC: 12ae1 \| Find next file (See above)
2018-12-25T12:37:49.795964786Z	61	PC: 12b11 \| Open file (See above)
2018-12-25T12:37:49.80395716Z	63	PC: 12b2a \| Read file or device (See above)
2018-12-25T12:37:49.807216784Z	62	PC: 12b98 \| Close file (See above)
2018-12-25T12:37:49.809704393Z	79	PC: 12ae1 \| Find next file (See above)
2018-12-25T12:37:49.813349256Z	61	PC: 12b11 \| Open file (See above)
2018-12-25T12:37:49.821253804Z	63	PC: 12b2a \| Read file or device (See above)
2018-12-25T12:37:49.824334711Z	62	PC: 12b98 \| Close file (See above)
2018-12-25T12:37:49.82636942Z	79	PC: 12ae1 \| Find next file (See above)
2018-12-25T12:37:49.829812185Z	61	PC: 12b11 \| Open file (See above)
2018-12-25T12:37:49.837515253Z	63	PC: 12b2a \| Read file or device (See above)
2018-12-25T12:37:49.84471353Z	62	PC: 12b98 \| Close file (See above)
2018-12-25T12:37:49.847602219Z	79	PC: 12ae1 \| Find next file (See above)
2018-12-25T12:37:49.850416379Z	26	PC: 12aef \| Set disk transfer address (See above)
2018-12-25T12:37:49.851685301Z	42	PC: 12ba0 \| Get date (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13255,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:37:49.597467705Z	26	PC: 12acf \| Set disk transfer address
2018-12-25T12:37:49.599680953Z	78	PC: 12ad8 \| Find first file
2018-12-25T12:37:49.606248492Z	61	PC: 12b11 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:37:49.612881645Z	63	PC: 12b2a \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:37:49.619707305Z	66	PC: 12b4d \| Move file pointer
2018-12-25T12:37:49.621373749Z	66	PC: 12b62 \| Move file pointer
2018-12-25T12:37:49.622934499Z	64	PC: 12b6e \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:37:49.625934779Z	66	PC: 12b7b \| Move file pointer
2018-12-25T12:37:49.628508093Z	64	PC: 12b87 \| Write file or device (Write 416 bytes on handle 5)
2018-12-25T12:37:49.642607647Z	62	PC: 12b98 \| Close file
2018-12-25T12:37:49.651059015Z	79	PC: 12ae1 \| Find next file
2018-12-25T12:37:49.654644168Z	61	PC: 12b11 \| Open file (See above)
2018-12-25T12:37:49.661317551Z	63	PC: 12b2a \| Read file or device (See above)
2018-12-25T12:37:49.667764247Z	66	PC: 12b4d \| Move file pointer (See above)
2018-12-25T12:37:49.670051698Z	66	PC: 12b62 \| Move file pointer (See above)
2018-12-25T12:37:49.671572287Z	64	PC: 12b6e \| Write file or device (See above)
2018-12-25T12:37:49.674337441Z	66	PC: 12b7b \| Move file pointer (See above)
2018-12-25T12:37:49.677493944Z	64	PC: 12b87 \| Write file or device (See above)
2018-12-25T12:37:49.68027922Z	62	PC: 12b98 \| Close file (See above)
2018-12-25T12:37:49.688134941Z	79	PC: 12ae1 \| Find next file (See above)
2018-12-25T12:37:49.69149176Z	61	PC: 12b11 \| Open file (See above)
2018-12-25T12:37:49.69868916Z	63	PC: 12b2a \| Read file or device (See above)
2018-12-25T12:37:49.705715493Z	66	PC: 12b4d \| Move file pointer (See above)
2018-12-25T12:37:49.710689271Z	66	PC: 12b62 \| Move file pointer (See above)
2018-12-25T12:37:49.712512625Z	64	PC: 12b6e \| Write file or device (See above)
2018-12-25T12:37:49.715682626Z	66	PC: 12b7b \| Move file pointer (See above)
2018-12-25T12:37:49.718247974Z	64	PC: 12b87 \| Write file or device (See above)
2018-12-25T12:37:49.725538726Z	62	PC: 12b98 \| Close file (See above)
2018-12-25T12:37:49.73434973Z	79	PC: 12ae1 \| Find next file (See above)
2018-12-25T12:37:49.739400967Z	61	PC: 12b11 \| Open file (See above)
2018-12-25T12:37:49.74599607Z	63	PC: 12b2a \| Read file or device (See above)
2018-12-25T12:37:49.752405366Z	66	PC: 12b4d \| Move file pointer (See above)
2018-12-25T12:37:49.754918639Z	66	PC: 12b62 \| Move file pointer (See above)
2018-12-25T12:37:49.756850703Z	64	PC: 12b6e \| Write file or device (See above)
2018-12-25T12:37:49.759710532Z	66	PC: 12b7b \| Move file pointer (See above)
2018-12-25T12:37:49.764242585Z	64	PC: 12b87 \| Write file or device (See above)
2018-12-25T12:37:49.767079622Z	62	PC: 12b98 \| Close file (See above)
2018-12-25T12:37:49.774561201Z	79	PC: 12ae1 \| Find next file (See above)
2018-12-25T12:37:49.778730392Z	61	PC: 12b11 \| Open file (See above)
2018-12-25T12:37:49.785716225Z	63	PC: 12b2a \| Read file or device (See above)
2018-12-25T12:37:49.806778058Z	66	PC: 12b4d \| Move file pointer (See above)
2018-12-25T12:37:49.809118922Z	66	PC: 12b62 \| Move file pointer (See above)
2018-12-25T12:37:49.810672513Z	64	PC: 12b6e \| Write file or device (See above)
2018-12-25T12:37:49.813632926Z	66	PC: 12b7b \| Move file pointer (See above)
2018-12-25T12:37:49.815557724Z	64	PC: 12b87 \| Write file or device (See above)
2018-12-25T12:37:49.818685192Z	62	PC: 12b98 \| Close file (See above)
2018-12-25T12:37:49.826227348Z	79	PC: 12ae1 \| Find next file (See above)
2018-12-25T12:37:49.828969652Z	61	PC: 12b11 \| Open file (See above)
2018-12-25T12:37:49.836138821Z	63	PC: 12b2a \| Read file or device (See above)
2018-12-25T12:37:49.84240692Z	66	PC: 12b4d \| Move file pointer (See above)
2018-12-25T12:37:49.843781384Z	66	PC: 12b62 \| Move file pointer (See above)
2018-12-25T12:37:49.846156231Z	64	PC: 12b6e \| Write file or device (See above)
2018-12-25T12:37:49.848769974Z	66	PC: 12b7b \| Move file pointer (See above)
2018-12-25T12:37:49.850104093Z	64	PC: 12b87 \| Write file or device (See above)
2018-12-25T12:37:49.856674436Z	62	PC: 12b98 \| Close file (See above)
2018-12-25T12:37:49.865352687Z	79	PC: 12ae1 \| Find next file (See above)
2018-12-25T12:37:49.868112415Z	61	PC: 12b11 \| Open file (See above)
2018-12-25T12:37:49.875785104Z	63	PC: 12b2a \| Read file or device (See above)
2018-12-25T12:37:49.882269875Z	66	PC: 12b4d \| Move file pointer (See above)
2018-12-25T12:37:49.884382894Z	66	PC: 12b62 \| Move file pointer (See above)
2018-12-25T12:37:49.887108715Z	64	PC: 12b6e \| Write file or device (See above)
2018-12-25T12:37:49.890642213Z	66	PC: 12b7b \| Move file pointer (See above)
2018-12-25T12:37:49.893299489Z	64	PC: 12b87 \| Write file or device (See above)
2018-12-25T12:37:49.899718764Z	62	PC: 12b98 \| Close file (See above)
2018-12-25T12:37:49.914384879Z	79	PC: 12ae1 \| Find next file (See above)
2018-12-25T12:37:49.916977171Z	61	PC: 12b11 \| Open file (See above)
2018-12-25T12:37:49.924435239Z	63	PC: 12b2a \| Read file or device (See above)
2018-12-25T12:37:49.927009673Z	66	PC: 12b4d \| Move file pointer (See above)
2018-12-25T12:37:49.929092156Z	66	PC: 12b62 \| Move file pointer (See above)
2018-12-25T12:37:49.931155859Z	64	PC: 12b6e \| Write file or device (See above)
2018-12-25T12:37:49.93370951Z	66	PC: 12b7b \| Move file pointer (See above)
2018-12-25T12:37:49.935020077Z	64	PC: 12b87 \| Write file or device (See above)
2018-12-25T12:37:49.943121841Z	62	PC: 12b98 \| Close file (See above)
2018-12-25T12:37:49.952396233Z	79	PC: 12ae1 \| Find next file (See above)
2018-12-25T12:37:49.95495088Z	26	PC: 12aef \| Set disk transfer address
2018-12-25T12:37:49.956266588Z	42	PC: 12ba0 \| Get date 0x12ba0: cmp dl, 0xd 0x12ba3: jne 0x12bc7 0x12ba5: cmp al, 5 0x12ba7: jne 0x12bc7 0x12ba9: xor ax, ax 0x12bab: mov cx, 0x7fff 0x12bae: xor di, di 0x12bb0: mov es, word ptr es:[0x2c] 0x12bb5: cld 0x12bb6: repne scasd eax, dword ptr es:[di] 0x12bb8: jne 0x12bc7 0x12bba: add di, 2 0x12bbd: push ds 0x12bbe: push es 0x12bbf: pop ds 0x12bc0: mov ah, 0x41 0x12bc2: mov dx, di 0x12bc4: int 0x21 0x12bc6: pop ds 0x12bc7: pop es
2018-12-25T12:37:49.959849671Z	26	PC: 12acf \| Set disk transfer address (See above)
2018-12-25T12:37:49.960797002Z	78	PC: 12ad8 \| Find first file (See above)
2018-12-25T12:37:49.966490178Z	61	PC: 12b11 \| Open file (See above)
2018-12-25T12:37:49.973662502Z	63	PC: 12b2a \| Read file or device (See above)
2018-12-25T12:37:49.98010916Z	62	PC: 12b98 \| Close file (See above)
2018-12-25T12:37:49.98210705Z	79	PC: 12ae1 \| Find next file (See above)
2018-12-25T12:37:49.985845205Z	61	PC: 12b11 \| Open file (See above)
2018-12-25T12:37:49.992480236Z	63	PC: 12b2a \| Read file or device (See above)
2018-12-25T12:37:49.995294542Z	62	PC: 12b98 \| Close file (See above)
2018-12-25T12:37:49.997702224Z	79	PC: 12ae1 \| Find next file (See above)
2018-12-25T12:37:50.000192222Z	61	PC: 12b11 \| Open file (See above)
2018-12-25T12:37:50.004196178Z	63	PC: 12b2a \| Read file or device (See above)
2018-12-25T12:37:50.008649005Z	62	PC: 12b98 \| Close file (See above)
2018-12-25T12:37:50.009905494Z	79	PC: 12ae1 \| Find next file (See above)
2018-12-25T12:37:50.01172006Z	61	PC: 12b11 \| Open file (See above)
2018-12-25T12:37:50.016302771Z	63	PC: 12b2a \| Read file or device (See above)
2018-12-25T12:37:50.018074272Z	62	PC: 12b98 \| Close file (See above)
2018-12-25T12:37:50.019310764Z	79	PC: 12ae1 \| Find next file (See above)
2018-12-25T12:37:50.021631301Z	61	PC: 12b11 \| Open file (See above)
2018-12-25T12:37:50.025653456Z	63	PC: 12b2a \| Read file or device (See above)
2018-12-25T12:37:50.027385298Z	62	PC: 12b98 \| Close file (See above)
2018-12-25T12:37:50.029195328Z	79	PC: 12ae1 \| Find next file (See above)
2018-12-25T12:37:50.031008505Z	61	PC: 12b11 \| Open file (See above)
2018-12-25T12:37:50.035152759Z	63	PC: 12b2a \| Read file or device (See above)
2018-12-25T12:37:50.037504642Z	62	PC: 12b98 \| Close file (See above)
2018-12-25T12:37:50.038869337Z	79	PC: 12ae1 \| Find next file (See above)
2018-12-25T12:37:50.041027034Z	61	PC: 12b11 \| Open file (See above)
2018-12-25T12:37:50.04564765Z	63	PC: 12b2a \| Read file or device (See above)
2018-12-25T12:37:50.047438273Z	62	PC: 12b98 \| Close file (See above)
2018-12-25T12:37:50.048715479Z	79	PC: 12ae1 \| Find next file (See above)
2018-12-25T12:37:50.051054454Z	61	PC: 12b11 \| Open file (See above)
2018-12-25T12:37:50.057993564Z	63	PC: 12b2a \| Read file or device (See above)
2018-12-25T12:37:50.061974756Z	62	PC: 12b98 \| Close file (See above)
2018-12-25T12:37:50.064726114Z	79	PC: 12ae1 \| Find next file (See above)
2018-12-25T12:37:50.067277963Z	26	PC: 12aef \| Set disk transfer address (See above)
2018-12-25T12:37:50.069453214Z	42	PC: 12ba0 \| Get date (See above)

{"DateBased":true,"Day":13,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13255,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:37:50.488989794Z	26	PC: 12acf \| Set disk transfer address
2018-12-25T12:37:50.490327922Z	78	PC: 12ad8 \| Find first file
2018-12-25T12:37:50.496920994Z	61	PC: 12b11 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:37:50.501427721Z	63	PC: 12b2a \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:37:50.505617827Z	66	PC: 12b4d \| Move file pointer
2018-12-25T12:37:50.50742529Z	66	PC: 12b62 \| Move file pointer
2018-12-25T12:37:50.508712156Z	64	PC: 12b6e \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:37:50.51110626Z	66	PC: 12b7b \| Move file pointer
2018-12-25T12:37:50.517474152Z	64	PC: 12b87 \| Write file or device (Write 416 bytes on handle 5)
2018-12-25T12:37:50.52926328Z	62	PC: 12b98 \| Close file
2018-12-25T12:37:50.535390435Z	79	PC: 12ae1 \| Find next file
2018-12-25T12:37:50.539372007Z	61	PC: 12b11 \| Open file (See above)
2018-12-25T12:37:50.550053629Z	63	PC: 12b2a \| Read file or device (See above)
2018-12-25T12:37:50.556094167Z	66	PC: 12b4d \| Move file pointer (See above)
2018-12-25T12:37:50.558359328Z	66	PC: 12b62 \| Move file pointer (See above)
2018-12-25T12:37:50.560435675Z	64	PC: 12b6e \| Write file or device (See above)
2018-12-25T12:37:50.564724623Z	66	PC: 12b7b \| Move file pointer (See above)
2018-12-25T12:37:50.566506205Z	64	PC: 12b87 \| Write file or device (See above)
2018-12-25T12:37:50.569873065Z	62	PC: 12b98 \| Close file (See above)
2018-12-25T12:37:50.579057469Z	79	PC: 12ae1 \| Find next file (See above)
2018-12-25T12:37:50.582031561Z	61	PC: 12b11 \| Open file (See above)
2018-12-25T12:37:50.590334162Z	63	PC: 12b2a \| Read file or device (See above)
2018-12-25T12:37:50.597643005Z	66	PC: 12b4d \| Move file pointer (See above)
2018-12-25T12:37:50.599823253Z	66	PC: 12b62 \| Move file pointer (See above)
2018-12-25T12:37:50.603243744Z	64	PC: 12b6e \| Write file or device (See above)
2018-12-25T12:37:50.606800674Z	66	PC: 12b7b \| Move file pointer (See above)
2018-12-25T12:37:50.608867852Z	64	PC: 12b87 \| Write file or device (See above)
2018-12-25T12:37:50.61299468Z	62	PC: 12b98 \| Close file (See above)
2018-12-25T12:37:50.626694677Z	79	PC: 12ae1 \| Find next file (See above)
2018-12-25T12:37:50.629712494Z	61	PC: 12b11 \| Open file (See above)
2018-12-25T12:37:50.638774534Z	63	PC: 12b2a \| Read file or device (See above)
2018-12-25T12:37:50.646768218Z	66	PC: 12b4d \| Move file pointer (See above)
2018-12-25T12:37:50.648632633Z	66	PC: 12b62 \| Move file pointer (See above)
2018-12-25T12:37:50.651810051Z	64	PC: 12b6e \| Write file or device (See above)
2018-12-25T12:37:50.654693871Z	66	PC: 12b7b \| Move file pointer (See above)
2018-12-25T12:37:50.65607603Z	64	PC: 12b87 \| Write file or device (See above)
2018-12-25T12:37:50.658857722Z	62	PC: 12b98 \| Close file (See above)
2018-12-25T12:37:50.668110986Z	79	PC: 12ae1 \| Find next file (See above)
2018-12-25T12:37:50.671100442Z	61	PC: 12b11 \| Open file (See above)
2018-12-25T12:37:50.678921257Z	63	PC: 12b2a \| Read file or device (See above)
2018-12-25T12:37:50.687099589Z	66	PC: 12b4d \| Move file pointer (See above)
2018-12-25T12:37:50.689093794Z	66	PC: 12b62 \| Move file pointer (See above)
2018-12-25T12:37:50.690940632Z	64	PC: 12b6e \| Write file or device (See above)
2018-12-25T12:37:50.695436693Z	66	PC: 12b7b \| Move file pointer (See above)
2018-12-25T12:37:50.697020256Z	64	PC: 12b87 \| Write file or device (See above)
2018-12-25T12:37:50.69990087Z	62	PC: 12b98 \| Close file (See above)
2018-12-25T12:37:50.709903484Z	79	PC: 12ae1 \| Find next file (See above)
2018-12-25T12:37:50.7133376Z	61	PC: 12b11 \| Open file (See above)
2018-12-25T12:37:50.721037706Z	63	PC: 12b2a \| Read file or device (See above)
2018-12-25T12:37:50.729482053Z	66	PC: 12b4d \| Move file pointer (See above)
2018-12-25T12:37:50.731185579Z	66	PC: 12b62 \| Move file pointer (See above)
2018-12-25T12:37:50.733281443Z	64	PC: 12b6e \| Write file or device (See above)
2018-12-25T12:37:50.736469495Z	66	PC: 12b7b \| Move file pointer (See above)
2018-12-25T12:37:50.738874582Z	64	PC: 12b87 \| Write file or device (See above)
2018-12-25T12:37:50.743616828Z	62	PC: 12b98 \| Close file (See above)
2018-12-25T12:37:50.753947879Z	79	PC: 12ae1 \| Find next file (See above)
2018-12-25T12:37:50.758488798Z	61	PC: 12b11 \| Open file (See above)
2018-12-25T12:37:50.765727657Z	63	PC: 12b2a \| Read file or device (See above)
2018-12-25T12:37:50.772891886Z	66	PC: 12b4d \| Move file pointer (See above)
2018-12-25T12:37:50.775158191Z	66	PC: 12b62 \| Move file pointer (See above)
2018-12-25T12:37:50.777129426Z	64	PC: 12b6e \| Write file or device (See above)
2018-12-25T12:37:50.780467879Z	66	PC: 12b7b \| Move file pointer (See above)
2018-12-25T12:37:50.782807418Z	64	PC: 12b87 \| Write file or device (See above)
2018-12-25T12:37:50.786340631Z	62	PC: 12b98 \| Close file (See above)
2018-12-25T12:37:50.795133288Z	79	PC: 12ae1 \| Find next file (See above)
2018-12-25T12:37:50.79895724Z	61	PC: 12b11 \| Open file (See above)
2018-12-25T12:37:50.806355065Z	63	PC: 12b2a \| Read file or device (See above)
2018-12-25T12:37:50.809210632Z	66	PC: 12b4d \| Move file pointer (See above)
2018-12-25T12:37:50.811548722Z	66	PC: 12b62 \| Move file pointer (See above)
2018-12-25T12:37:50.813119861Z	64	PC: 12b6e \| Write file or device (See above)
2018-12-25T12:37:50.816116554Z	66	PC: 12b7b \| Move file pointer (See above)
2018-12-25T12:37:50.817689881Z	64	PC: 12b87 \| Write file or device (See above)
2018-12-25T12:37:50.827625088Z	62	PC: 12b98 \| Close file (See above)
2018-12-25T12:37:50.837580649Z	79	PC: 12ae1 \| Find next file (See above)
2018-12-25T12:37:50.84066714Z	26	PC: 12aef \| Set disk transfer address
2018-12-25T12:37:50.843191105Z	42	PC: 12ba0 \| Get date 0x12ba0: cmp dl, 0xd 0x12ba3: jne 0x12bc7 0x12ba5: cmp al, 5 0x12ba7: jne 0x12bc7 0x12ba9: xor ax, ax 0x12bab: mov cx, 0x7fff 0x12bae: xor di, di 0x12bb0: mov es, word ptr es:[0x2c] 0x12bb5: cld 0x12bb6: repne scasd eax, dword ptr es:[di] 0x12bb8: jne 0x12bc7 0x12bba: add di, 2 0x12bbd: push ds 0x12bbe: push es 0x12bbf: pop ds 0x12bc0: mov ah, 0x41 0x12bc2: mov dx, di 0x12bc4: int 0x21 0x12bc6: pop ds 0x12bc7: pop es
2018-12-25T12:37:50.846129353Z	26	PC: 12acf \| Set disk transfer address (See above)
2018-12-25T12:37:50.847295989Z	78	PC: 12ad8 \| Find first file (See above)
2018-12-25T12:37:50.854386644Z	61	PC: 12b11 \| Open file (See above)
2018-12-25T12:37:50.861710081Z	63	PC: 12b2a \| Read file or device (See above)
2018-12-25T12:37:50.868867135Z	62	PC: 12b98 \| Close file (See above)
2018-12-25T12:37:50.871423099Z	79	PC: 12ae1 \| Find next file (See above)
2018-12-25T12:37:50.874629578Z	61	PC: 12b11 \| Open file (See above)
2018-12-25T12:37:50.881995692Z	63	PC: 12b2a \| Read file or device (See above)
2018-12-25T12:37:50.888757571Z	62	PC: 12b98 \| Close file (See above)
2018-12-25T12:37:50.891652656Z	79	PC: 12ae1 \| Find next file (See above)
2018-12-25T12:37:50.894477429Z	61	PC: 12b11 \| Open file (See above)
2018-12-25T12:37:50.902457827Z	63	PC: 12b2a \| Read file or device (See above)
2018-12-25T12:37:50.911105049Z	62	PC: 12b98 \| Close file (See above)
2018-12-25T12:37:50.912961151Z	79	PC: 12ae1 \| Find next file (See above)
2018-12-25T12:37:50.915821855Z	61	PC: 12b11 \| Open file (See above)
2018-12-25T12:37:50.924563325Z	63	PC: 12b2a \| Read file or device (See above)
2018-12-25T12:37:50.927851127Z	62	PC: 12b98 \| Close file (See above)
2018-12-25T12:37:50.931575908Z	79	PC: 12ae1 \| Find next file (See above)
2018-12-25T12:37:50.935413835Z	61	PC: 12b11 \| Open file (See above)
2018-12-25T12:37:50.942820798Z	63	PC: 12b2a \| Read file or device (See above)
2018-12-25T12:37:50.946059736Z	62	PC: 12b98 \| Close file (See above)
2018-12-25T12:37:50.949690803Z	79	PC: 12ae1 \| Find next file (See above)
2018-12-25T12:37:50.953117172Z	61	PC: 12b11 \| Open file (See above)
2018-12-25T12:37:50.961636849Z	63	PC: 12b2a \| Read file or device (See above)
2018-12-25T12:37:50.965975501Z	62	PC: 12b98 \| Close file (See above)
2018-12-25T12:37:50.968418176Z	79	PC: 12ae1 \| Find next file (See above)
2018-12-25T12:37:50.971797222Z	61	PC: 12b11 \| Open file (See above)
2018-12-25T12:37:50.981201869Z	63	PC: 12b2a \| Read file or device (See above)
2018-12-25T12:37:50.984320679Z	62	PC: 12b98 \| Close file (See above)
2018-12-25T12:37:50.986493395Z	79	PC: 12ae1 \| Find next file (See above)
2018-12-25T12:37:50.989721928Z	61	PC: 12b11 \| Open file (See above)
2018-12-25T12:37:50.998155195Z	63	PC: 12b2a \| Read file or device (See above)
2018-12-25T12:37:51.005968512Z	62	PC: 12b98 \| Close file (See above)
2018-12-25T12:37:51.008414659Z	79	PC: 12ae1 \| Find next file (See above)
2018-12-25T12:37:51.012353807Z	26	PC: 12aef \| Set disk transfer address (See above)
2018-12-25T12:37:51.013970537Z	42	PC: 12ba0 \| Get date (See above)

{"DateBased":true,"Day":13,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13255,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:37:51.055426228Z	26	PC: 12acf \| Set disk transfer address
2018-12-25T12:37:51.057018769Z	78	PC: 12ad8 \| Find first file
2018-12-25T12:37:51.063192442Z	61	PC: 12b11 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:37:51.069841033Z	63	PC: 12b2a \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:37:51.077547587Z	66	PC: 12b4d \| Move file pointer
2018-12-25T12:37:51.079186299Z	66	PC: 12b62 \| Move file pointer
2018-12-25T12:37:51.087074438Z	64	PC: 12b6e \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:37:51.0907262Z	66	PC: 12b7b \| Move file pointer
2018-12-25T12:37:51.093156511Z	64	PC: 12b87 \| Write file or device (Write 416 bytes on handle 5)
2018-12-25T12:37:51.108082268Z	62	PC: 12b98 \| Close file
2018-12-25T12:37:51.117031922Z	79	PC: 12ae1 \| Find next file
2018-12-25T12:37:51.126736046Z	61	PC: 12b11 \| Open file (See above)
2018-12-25T12:37:51.13374493Z	63	PC: 12b2a \| Read file or device (See above)
2018-12-25T12:37:51.140928574Z	66	PC: 12b4d \| Move file pointer (See above)
2018-12-25T12:37:51.143346205Z	66	PC: 12b62 \| Move file pointer (See above)
2018-12-25T12:37:51.144813434Z	64	PC: 12b6e \| Write file or device (See above)
2018-12-25T12:37:51.147690454Z	66	PC: 12b7b \| Move file pointer (See above)
2018-12-25T12:37:51.162596443Z	64	PC: 12b87 \| Write file or device (See above)
2018-12-25T12:37:51.167373582Z	62	PC: 12b98 \| Close file (See above)
2018-12-25T12:37:51.18490504Z	79	PC: 12ae1 \| Find next file (See above)
2018-12-25T12:37:51.188015044Z	61	PC: 12b11 \| Open file (See above)
2018-12-25T12:37:51.194910247Z	63	PC: 12b2a \| Read file or device (See above)
2018-12-25T12:37:51.201720577Z	66	PC: 12b4d \| Move file pointer (See above)
2018-12-25T12:37:51.203523943Z	66	PC: 12b62 \| Move file pointer (See above)
2018-12-25T12:37:51.205603Z	64	PC: 12b6e \| Write file or device (See above)
2018-12-25T12:37:51.20826605Z	66	PC: 12b7b \| Move file pointer (See above)
2018-12-25T12:37:51.209913581Z	64	PC: 12b87 \| Write file or device (See above)
2018-12-25T12:37:51.212646038Z	62	PC: 12b98 \| Close file (See above)
2018-12-25T12:37:51.22088401Z	79	PC: 12ae1 \| Find next file (See above)
2018-12-25T12:37:51.224709417Z	61	PC: 12b11 \| Open file (See above)
2018-12-25T12:37:51.231188399Z	63	PC: 12b2a \| Read file or device (See above)
2018-12-25T12:37:51.237694713Z	66	PC: 12b4d \| Move file pointer (See above)
2018-12-25T12:37:51.239439112Z	66	PC: 12b62 \| Move file pointer (See above)
2018-12-25T12:37:51.241667773Z	64	PC: 12b6e \| Write file or device (See above)
2018-12-25T12:37:51.244439073Z	66	PC: 12b7b \| Move file pointer (See above)
2018-12-25T12:37:51.2461108Z	64	PC: 12b87 \| Write file or device (See above)
2018-12-25T12:37:51.251453205Z	62	PC: 12b98 \| Close file (See above)
2018-12-25T12:37:51.25937686Z	79	PC: 12ae1 \| Find next file (See above)
2018-12-25T12:37:51.262228325Z	61	PC: 12b11 \| Open file (See above)
2018-12-25T12:37:51.269447349Z	63	PC: 12b2a \| Read file or device (See above)
2018-12-25T12:37:51.274549255Z	66	PC: 12b4d \| Move file pointer (See above)
2018-12-25T12:37:51.275883464Z	66	PC: 12b62 \| Move file pointer (See above)
2018-12-25T12:37:51.277623397Z	64	PC: 12b6e \| Write file or device (See above)
2018-12-25T12:37:51.280435826Z	66	PC: 12b7b \| Move file pointer (See above)
2018-12-25T12:37:51.282001834Z	64	PC: 12b87 \| Write file or device (See above)
2018-12-25T12:37:51.286266117Z	62	PC: 12b98 \| Close file (See above)
2018-12-25T12:37:51.294633767Z	79	PC: 12ae1 \| Find next file (See above)
2018-12-25T12:37:51.29802584Z	61	PC: 12b11 \| Open file (See above)
2018-12-25T12:37:51.303975514Z	63	PC: 12b2a \| Read file or device (See above)
2018-12-25T12:37:51.308325002Z	66	PC: 12b4d \| Move file pointer (See above)
2018-12-25T12:37:51.309317515Z	66	PC: 12b62 \| Move file pointer (See above)
2018-12-25T12:37:51.310914658Z	64	PC: 12b6e \| Write file or device (See above)
2018-12-25T12:37:51.312733709Z	66	PC: 12b7b \| Move file pointer (See above)
2018-12-25T12:37:51.313777567Z	64	PC: 12b87 \| Write file or device (See above)
2018-12-25T12:37:51.316765071Z	62	PC: 12b98 \| Close file (See above)
2018-12-25T12:37:51.322537051Z	79	PC: 12ae1 \| Find next file (See above)
2018-12-25T12:37:51.325630047Z	61	PC: 12b11 \| Open file (See above)
2018-12-25T12:37:51.333302702Z	63	PC: 12b2a \| Read file or device (See above)
2018-12-25T12:37:51.339683411Z	66	PC: 12b4d \| Move file pointer (See above)
2018-12-25T12:37:51.341574949Z	66	PC: 12b62 \| Move file pointer (See above)
2018-12-25T12:37:51.345082469Z	64	PC: 12b6e \| Write file or device (See above)
2018-12-25T12:37:51.347939957Z	66	PC: 12b7b \| Move file pointer (See above)
2018-12-25T12:37:51.349255545Z	64	PC: 12b87 \| Write file or device (See above)
2018-12-25T12:37:51.352532082Z	62	PC: 12b98 \| Close file (See above)
2018-12-25T12:37:51.361408313Z	79	PC: 12ae1 \| Find next file (See above)
2018-12-25T12:37:51.364241669Z	61	PC: 12b11 \| Open file (See above)
2018-12-25T12:37:51.372180085Z	63	PC: 12b2a \| Read file or device (See above)
2018-12-25T12:37:51.375231598Z	66	PC: 12b4d \| Move file pointer (See above)
2018-12-25T12:37:51.376706181Z	66	PC: 12b62 \| Move file pointer (See above)
2018-12-25T12:37:51.378845554Z	64	PC: 12b6e \| Write file or device (See above)
2018-12-25T12:37:51.381907363Z	66	PC: 12b7b \| Move file pointer (See above)
2018-12-25T12:37:51.38361297Z	64	PC: 12b87 \| Write file or device (See above)
2018-12-25T12:37:51.392893648Z	62	PC: 12b98 \| Close file (See above)
2018-12-25T12:37:51.40103896Z	79	PC: 12ae1 \| Find next file (See above)
2018-12-25T12:37:51.403339368Z	26	PC: 12aef \| Set disk transfer address
2018-12-25T12:37:51.405055471Z	42	PC: 12ba0 \| Get date 0x12ba0: cmp dl, 0xd 0x12ba3: jne 0x12bc7 0x12ba5: cmp al, 5 0x12ba7: jne 0x12bc7 0x12ba9: xor ax, ax 0x12bab: mov cx, 0x7fff 0x12bae: xor di, di 0x12bb0: mov es, word ptr es:[0x2c] 0x12bb5: cld 0x12bb6: repne scasd eax, dword ptr es:[di] 0x12bb8: jne 0x12bc7 0x12bba: add di, 2 0x12bbd: push ds 0x12bbe: push es 0x12bbf: pop ds 0x12bc0: mov ah, 0x41 0x12bc2: mov dx, di 0x12bc4: int 0x21 0x12bc6: pop ds 0x12bc7: pop es
2018-12-25T12:37:51.40750333Z	65	PC: 12bc6 \| Delete file (Filename = 'A:\TEST.COM')
2018-12-25T12:37:51.419562466Z	26	PC: 12acf \| Set disk transfer address (See above)
2018-12-25T12:37:51.421506283Z	78	PC: 12ad8 \| Find first file (See above)
2018-12-25T12:37:51.42747761Z	61	PC: 12b11 \| Open file (See above)
2018-12-25T12:37:51.433875745Z	63	PC: 12b2a \| Read file or device (See above)
2018-12-25T12:37:51.441040143Z	62	PC: 12b98 \| Close file (See above)
2018-12-25T12:37:51.443496304Z	79	PC: 12ae1 \| Find next file (See above)
2018-12-25T12:37:51.44646937Z	61	PC: 12b11 \| Open file (See above)
2018-12-25T12:37:51.453421132Z	63	PC: 12b2a \| Read file or device (See above)
2018-12-25T12:37:51.456763813Z	62	PC: 12b98 \| Close file (See above)
2018-12-25T12:37:51.459105082Z	79	PC: 12ae1 \| Find next file (See above)
2018-12-25T12:37:51.46161823Z	61	PC: 12b11 \| Open file (See above)
2018-12-25T12:37:51.468353834Z	63	PC: 12b2a \| Read file or device (See above)
2018-12-25T12:37:51.475193847Z	62	PC: 12b98 \| Close file (See above)
2018-12-25T12:37:51.47716827Z	79	PC: 12ae1 \| Find next file (See above)
2018-12-25T12:37:51.481281743Z	61	PC: 12b11 \| Open file (See above)
2018-12-25T12:37:51.48767491Z	63	PC: 12b2a \| Read file or device (See above)
2018-12-25T12:37:51.49030905Z	62	PC: 12b98 \| Close file (See above)
2018-12-25T12:37:51.493315262Z	79	PC: 12ae1 \| Find next file (See above)
2018-12-25T12:37:51.495805729Z	61	PC: 12b11 \| Open file (See above)
2018-12-25T12:37:51.502127007Z	63	PC: 12b2a \| Read file or device (See above)
2018-12-25T12:37:51.505203075Z	62	PC: 12b98 \| Close file (See above)
2018-12-25T12:37:51.507147668Z	79	PC: 12ae1 \| Find next file (See above)
2018-12-25T12:37:51.509910119Z	61	PC: 12b11 \| Open file (See above)
2018-12-25T12:37:51.516669982Z	63	PC: 12b2a \| Read file or device (See above)
2018-12-25T12:37:51.519365338Z	62	PC: 12b98 \| Close file (See above)
2018-12-25T12:37:51.521296384Z	79	PC: 12ae1 \| Find next file (See above)
2018-12-25T12:37:51.525211812Z	61	PC: 12b11 \| Open file (See above)
2018-12-25T12:37:51.531599894Z	63	PC: 12b2a \| Read file or device (See above)
2018-12-25T12:37:51.534338064Z	62	PC: 12b98 \| Close file (See above)
2018-12-25T12:37:51.537109705Z	79	PC: 12ae1 \| Find next file (See above)
2018-12-25T12:37:51.543177497Z	26	PC: 12aef \| Set disk transfer address (See above)
2018-12-25T12:37:51.544203523Z	42	PC: 12ba0 \| Get date (See above)
2018-12-25T12:37:51.546825276Z	65	PC: 12bc6 \| Delete file (See above)