Sample viewer

vx.netlux.org/Virus.DOS.DVA.753

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:02:41.817941636Z	47	PC: 12a94 \| Get disk transfer address
2018-12-17T23:02:41.820548086Z	26	PC: 12aae \| Set disk transfer address
2018-12-17T23:02:41.823441635Z	78	PC: 12b52 \| Find first file
2018-12-17T23:02:41.830764397Z	61	PC: 12b5f \| Open file (Filename = 'SLEEP.COM')
2018-12-17T23:02:41.839250252Z	63	PC: 12b72 \| Read file or device (Read 5 bytes on handle 5)
2018-12-17T23:02:41.847174373Z	66	PC: 12bfd \| Move file pointer
2018-12-17T23:02:41.849198946Z	66	PC: 12bbf \| Move file pointer
2018-12-17T23:02:41.851224231Z	64	PC: 12bcc \| Write file or device (Write 5 bytes on handle 5)
2018-12-17T23:02:41.855104373Z	66	PC: 12bde \| Move file pointer
2018-12-17T23:02:41.856761464Z	64	PC: 12beb \| Write file or device (Write 753 bytes on handle 5)
2018-12-17T23:02:41.872234434Z	62	PC: 12b8b \| Close file
2018-12-17T23:02:41.881558414Z	79	PC: 12b8f \| Find next file
2018-12-17T23:02:41.884875113Z	61	PC: 12b5f \| Open file (Filename = 'PRINT.COM')
2018-12-17T23:02:41.892610508Z	63	PC: 12b72 \| Read file or device (Read 5 bytes on handle 5)
2018-12-17T23:02:41.90076898Z	66	PC: 12bfd \| Move file pointer
2018-12-17T23:02:41.902780268Z	66	PC: 12bbf \| Move file pointer
2018-12-17T23:02:41.904622614Z	64	PC: 12bcc \| Write file or device (Write 5 bytes on handle 5)
2018-12-17T23:02:41.908022609Z	66	PC: 12bde \| Move file pointer
2018-12-17T23:02:41.910900501Z	64	PC: 12beb \| Write file or device (Write 753 bytes on handle 5)
2018-12-17T23:02:41.920039403Z	62	PC: 12b8b \| Close file
2018-12-17T23:02:41.930322724Z	79	PC: 12b8f \| Find next file
2018-12-17T23:02:41.933926144Z	61	PC: 12b5f \| Open file (Filename = 'HELLO.COM')
2018-12-17T23:02:41.941313047Z	63	PC: 12b72 \| Read file or device (Read 5 bytes on handle 5)
2018-12-17T23:02:41.95556678Z	66	PC: 12bfd \| Move file pointer
2018-12-17T23:02:41.958728613Z	66	PC: 12bbf \| Move file pointer
2018-12-17T23:02:41.960378766Z	64	PC: 12bcc \| Write file or device (Write 5 bytes on handle 5)
2018-12-17T23:02:41.963360391Z	66	PC: 12bde \| Move file pointer
2018-12-17T23:02:41.96611473Z	64	PC: 12beb \| Write file or device (Write 753 bytes on handle 5)
2018-12-17T23:02:41.975094886Z	62	PC: 12b8b \| Close file
2018-12-17T23:02:41.984633688Z	79	PC: 12b8f \| Find next file
2018-12-17T23:02:41.988492355Z	61	PC: 12b5f \| Open file (Filename = 'PHANG.COM')
2018-12-17T23:02:41.9959277Z	63	PC: 12b72 \| Read file or device (Read 5 bytes on handle 5)
2018-12-17T23:02:42.003107531Z	66	PC: 12bfd \| Move file pointer
2018-12-17T23:02:42.004959529Z	66	PC: 12bbf \| Move file pointer
2018-12-17T23:02:42.008111063Z	64	PC: 12bcc \| Write file or device (Write 5 bytes on handle 5)
2018-12-17T23:02:42.01257401Z	66	PC: 12bde \| Move file pointer
2018-12-17T23:02:42.014697272Z	64	PC: 12beb \| Write file or device (Write 753 bytes on handle 5)
2018-12-17T23:02:42.025434547Z	62	PC: 12b8b \| Close file
2018-12-17T23:02:42.035185609Z	79	PC: 12b8f \| Find next file
2018-12-17T23:02:42.038523191Z	61	PC: 12b5f \| Open file (Filename = 'PRINTA~1.COM')
2018-12-17T23:02:42.047258098Z	63	PC: 12b72 \| Read file or device (Read 5 bytes on handle 5)
2018-12-17T23:02:42.054586924Z	66	PC: 12bfd \| Move file pointer
2018-12-17T23:02:42.056561012Z	66	PC: 12bbf \| Move file pointer
2018-12-17T23:02:42.059094416Z	64	PC: 12bcc \| Write file or device (Write 5 bytes on handle 5)
2018-12-17T23:02:42.062123929Z	66	PC: 12bde \| Move file pointer
2018-12-17T23:02:42.063668786Z	64	PC: 12beb \| Write file or device (Write 753 bytes on handle 5)
2018-12-17T23:02:42.073522764Z	62	PC: 12b8b \| Close file
2018-12-17T23:02:42.083032672Z	79	PC: 12b8f \| Find next file
2018-12-17T23:02:42.086532132Z	61	PC: 12b5f \| Open file (Filename = 'MANDEL.COM')
2018-12-17T23:02:42.094944142Z	63	PC: 12b72 \| Read file or device (Read 5 bytes on handle 5)
2018-12-17T23:02:42.10207885Z	66	PC: 12bfd \| Move file pointer
2018-12-17T23:02:42.104116418Z	66	PC: 12bbf \| Move file pointer
2018-12-17T23:02:42.106567273Z	64	PC: 12bcc \| Write file or device (Write 5 bytes on handle 5)
2018-12-17T23:02:42.109676872Z	66	PC: 12bde \| Move file pointer
2018-12-17T23:02:42.111268316Z	64	PC: 12beb \| Write file or device (Write 753 bytes on handle 5)
2018-12-17T23:02:42.121880335Z	62	PC: 12b8b \| Close file
2018-12-17T23:02:42.133060296Z	79	PC: 12b8f \| Find next file
2018-12-17T23:02:42.136706518Z	61	PC: 12b5f \| Open file (Filename = 'PAH.COM')
2018-12-17T23:02:42.144702356Z	63	PC: 12b72 \| Read file or device (Read 5 bytes on handle 5)
2018-12-17T23:02:42.154142816Z	66	PC: 12bfd \| Move file pointer
2018-12-17T23:02:42.156123012Z	66	PC: 12bbf \| Move file pointer
2018-12-17T23:02:42.158090405Z	64	PC: 12bcc \| Write file or device (Write 5 bytes on handle 5)
2018-12-17T23:02:42.161944559Z	66	PC: 12bde \| Move file pointer
2018-12-17T23:02:42.163680688Z	64	PC: 12beb \| Write file or device (Write 753 bytes on handle 5)
2018-12-17T23:02:42.172694526Z	62	PC: 12b8b \| Close file
2018-12-17T23:02:42.183361529Z	79	PC: 12b8f \| Find next file
2018-12-17T23:02:42.187048539Z	61	PC: 12b5f \| Open file (Filename = 'TEST.COM')
2018-12-17T23:02:42.195512609Z	63	PC: 12b72 \| Read file or device (Read 5 bytes on handle 5)
2018-12-17T23:02:42.199476167Z	62	PC: 12b8b \| Close file
2018-12-17T23:02:42.201898105Z	79	PC: 12b8f \| Find next file
2018-12-17T23:02:42.204649063Z	25	PC: 12b1c \| Get default drive
2018-12-17T23:02:42.205918938Z	71	PC: 12b2b \| Get current directory
2018-12-17T23:02:42.209776562Z	59	PC: 12b35 \| Change current directory
2018-12-17T23:02:42.214380697Z	78	PC: 12b52 \| Find first file
2018-12-17T23:02:42.22101989Z	61	PC: 12b5f \| Open file (Filename = 'SLEEP.COM')
2018-12-17T23:02:42.229697146Z	63	PC: 12b72 \| Read file or device (Read 5 bytes on handle 5)
2018-12-17T23:02:42.236949342Z	62	PC: 12b8b \| Close file
2018-12-17T23:02:42.239730977Z	79	PC: 12b8f \| Find next file
2018-12-17T23:02:42.244049758Z	61	PC: 12b5f \| Open file (Filename = 'PRINT.COM')
2018-12-17T23:02:42.251496368Z	63	PC: 12b72 \| Read file or device (Read 5 bytes on handle 5)
2018-12-17T23:02:42.2594439Z	62	PC: 12b8b \| Close file
2018-12-17T23:02:42.262908243Z	79	PC: 12b8f \| Find next file
2018-12-17T23:02:42.266419631Z	61	PC: 12b5f \| Open file (Filename = 'HELLO.COM')
2018-12-17T23:02:42.273664154Z	63	PC: 12b72 \| Read file or device (Read 5 bytes on handle 5)
2018-12-17T23:02:42.280713434Z	62	PC: 12b8b \| Close file
2018-12-17T23:02:42.283390108Z	79	PC: 12b8f \| Find next file
2018-12-17T23:02:42.286412361Z	61	PC: 12b5f \| Open file (Filename = 'PHANG.COM')
2018-12-17T23:02:42.293821567Z	63	PC: 12b72 \| Read file or device (Read 5 bytes on handle 5)
2018-12-17T23:02:42.301425881Z	62	PC: 12b8b \| Close file
2018-12-17T23:02:42.303757078Z	79	PC: 12b8f \| Find next file
2018-12-17T23:02:42.307437267Z	61	PC: 12b5f \| Open file (Filename = 'PRINTA~1.COM')
2018-12-17T23:02:42.315739375Z	63	PC: 12b72 \| Read file or device (Read 5 bytes on handle 5)
2018-12-17T23:02:42.323941476Z	62	PC: 12b8b \| Close file
2018-12-17T23:02:42.326289253Z	79	PC: 12b8f \| Find next file
2018-12-17T23:02:42.33088601Z	61	PC: 12b5f \| Open file (Filename = 'MANDEL.COM')
2018-12-17T23:02:42.338809654Z	63	PC: 12b72 \| Read file or device (Read 5 bytes on handle 5)
2018-12-17T23:02:42.346471766Z	62	PC: 12b8b \| Close file
2018-12-17T23:02:42.349553694Z	79	PC: 12b8f \| Find next file
2018-12-17T23:02:42.352959655Z	61	PC: 12b5f \| Open file (Filename = 'PAH.COM')
2018-12-17T23:02:42.360331037Z	63	PC: 12b72 \| Read file or device (Read 5 bytes on handle 5)
2018-12-17T23:02:42.36805329Z	62	PC: 12b8b \| Close file
2018-12-17T23:02:42.370519984Z	79	PC: 12b8f \| Find next file
2018-12-17T23:02:42.373722316Z	61	PC: 12b5f \| Open file (Filename = 'TEST.COM')
2018-12-17T23:02:42.38103464Z	63	PC: 12b72 \| Read file or device (Read 5 bytes on handle 5)
2018-12-17T23:02:42.385170799Z	62	PC: 12b8b \| Close file
2018-12-17T23:02:42.387187026Z	79	PC: 12b8f \| Find next file
2018-12-17T23:02:42.391152752Z	59	PC: 12b45 \| Change current directory
2018-12-17T23:02:42.393898558Z	42	PC: 12af6 \| Get date 0x12af6: cmp dh, 2 0x12af9: je 0x12afc 0x12afb: ret 0x12afc: cmp dl, 0x1c 0x12aff: je 0x12b02 0x12b01: ret 0x12b02: int 0x21 0x12b04: mov dx, 0x39c 0x12b07: add dx, si 0x12b09: mov bl, 5 0x12b0b: push si 0x12b0c: call 0x22abc 0x12b0f: pop si 0x12b10: ret 0x12b11: lea dx, word ptr [si + 0x3f8] 0x12b15: call 0x12b4b 0x12b18: mov ah, 0x19 0x12b1a: int 0x21 0x12b1c: push cs 0x12b1d: pop ds
2018-12-17T23:02:42.396581374Z	26	PC: 12c1a \| Set disk transfer address
2018-12-17T23:02:42.398455874Z	76	PC: 12a45 \| Terminate with return code (Return code = '76')

{"DateBased":true,"Day":28,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14293,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:40:17.412376969Z	47	PC: 12a94 \| Get disk transfer address
2018-12-25T12:40:17.414005852Z	26	PC: 12aae \| Set disk transfer address
2018-12-25T12:40:17.415407237Z	78	PC: 12b52 \| Find first file
2018-12-25T12:40:17.42186337Z	61	PC: 12b5f \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:40:17.428917528Z	63	PC: 12b72 \| Read file or device (Read 5 bytes on handle 5)
2018-12-25T12:40:17.435081963Z	66	PC: 12bfd \| Move file pointer
2018-12-25T12:40:17.436419473Z	66	PC: 12bbf \| Move file pointer
2018-12-25T12:40:17.43910461Z	64	PC: 12bcc \| Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:40:17.446637267Z	66	PC: 12bde \| Move file pointer
2018-12-25T12:40:17.44786562Z	64	PC: 12beb \| Write file or device (Write 753 bytes on handle 5)
2018-12-25T12:40:18.20884014Z	62	PC: 12b8b \| Close file
2018-12-25T12:40:18.219001326Z	79	PC: 12b8f \| Find next file
2018-12-25T12:40:18.222004528Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.228410531Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.236750947Z	66	PC: 12bfd \| Move file pointer (See above)
2018-12-25T12:40:18.238197673Z	66	PC: 12bbf \| Move file pointer (See above)
2018-12-25T12:40:18.239855531Z	64	PC: 12bcc \| Write file or device (See above)
2018-12-25T12:40:18.243593717Z	66	PC: 12bde \| Move file pointer (See above)
2018-12-25T12:40:18.245356244Z	64	PC: 12beb \| Write file or device (See above)
2018-12-25T12:40:18.251337619Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.261645783Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.264302493Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.271300182Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.2780432Z	66	PC: 12bfd \| Move file pointer (See above)
2018-12-25T12:40:18.279545527Z	66	PC: 12bbf \| Move file pointer (See above)
2018-12-25T12:40:18.280699631Z	64	PC: 12bcc \| Write file or device (See above)
2018-12-25T12:40:18.284667249Z	66	PC: 12bde \| Move file pointer (See above)
2018-12-25T12:40:18.286243036Z	64	PC: 12beb \| Write file or device (See above)
2018-12-25T12:40:18.292711012Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.298090623Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.300175583Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.3042982Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.308676672Z	66	PC: 12bfd \| Move file pointer (See above)
2018-12-25T12:40:18.310147021Z	66	PC: 12bbf \| Move file pointer (See above)
2018-12-25T12:40:18.311242899Z	64	PC: 12bcc \| Write file or device (See above)
2018-12-25T12:40:18.313218406Z	66	PC: 12bde \| Move file pointer (See above)
2018-12-25T12:40:18.31484364Z	64	PC: 12beb \| Write file or device (See above)
2018-12-25T12:40:18.320952348Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.331663078Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.342081735Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.348683661Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.355266529Z	66	PC: 12bfd \| Move file pointer (See above)
2018-12-25T12:40:18.357468203Z	66	PC: 12bbf \| Move file pointer (See above)
2018-12-25T12:40:18.358987695Z	64	PC: 12bcc \| Write file or device (See above)
2018-12-25T12:40:18.361843994Z	66	PC: 12bde \| Move file pointer (See above)
2018-12-25T12:40:18.363996321Z	64	PC: 12beb \| Write file or device (See above)
2018-12-25T12:40:18.372812262Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.38093992Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.384232695Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.390569099Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.397767159Z	66	PC: 12bfd \| Move file pointer (See above)
2018-12-25T12:40:18.399916056Z	66	PC: 12bbf \| Move file pointer (See above)
2018-12-25T12:40:18.401452844Z	64	PC: 12bcc \| Write file or device (See above)
2018-12-25T12:40:18.40422497Z	66	PC: 12bde \| Move file pointer (See above)
2018-12-25T12:40:18.40704881Z	64	PC: 12beb \| Write file or device (See above)
2018-12-25T12:40:18.419322978Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.430772998Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.434591942Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.441270584Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.447802095Z	66	PC: 12bfd \| Move file pointer (See above)
2018-12-25T12:40:18.4501893Z	66	PC: 12bbf \| Move file pointer (See above)
2018-12-25T12:40:18.452201302Z	64	PC: 12bcc \| Write file or device (See above)
2018-12-25T12:40:18.454810569Z	66	PC: 12bde \| Move file pointer (See above)
2018-12-25T12:40:18.456953266Z	64	PC: 12beb \| Write file or device (See above)
2018-12-25T12:40:18.464835246Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.472836161Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.476561913Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.484063567Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.486909066Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.48975511Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.492418878Z	25	PC: 12b1c \| Get default drive
2018-12-25T12:40:18.493790783Z	71	PC: 12b2b \| Get current directory
2018-12-25T12:40:18.498297533Z	59	PC: 12b35 \| Change current directory
2018-12-25T12:40:18.502286994Z	78	PC: 12b52 \| Find first file (See above)
2018-12-25T12:40:18.508292024Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.515528326Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.52271066Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.524838791Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.528254183Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.534929389Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.541407329Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.543995372Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.54743935Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.553789202Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.561709702Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.563568101Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.56651672Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.574383221Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.581186284Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.583237612Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.586578692Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.5936862Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.599938771Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.60165136Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.608811379Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.61607638Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.632180172Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.635417547Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.638454071Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.645355251Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.652645678Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.65444858Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.657019381Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.664166598Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.674987723Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.677109854Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.68072939Z	59	PC: 12b45 \| Change current directory
2018-12-25T12:40:18.686300133Z	42	PC: 12af6 \| Get date 0x12af6: cmp dh, 2 0x12af9: je 0x12afc 0x12afb: ret 0x12afc: cmp dl, 0x1c 0x12aff: je 0x12b02 0x12b01: ret 0x12b02: int 0x21 0x12b04: mov dx, 0x39c 0x12b07: add dx, si 0x12b09: mov bl, 5 0x12b0b: push si 0x12b0c: call 0x22abc 0x12b0f: pop si 0x12b10: ret 0x12b11: lea dx, word ptr [si + 0x3f8] 0x12b15: call 0x12b4b 0x12b18: mov ah, 0x19 0x12b1a: int 0x21 0x12b1c: push cs 0x12b1d: pop ds
2018-12-25T12:40:18.689324714Z	42	PC: 12b04 \| Get date 0x12b04: mov dx, 0x39c 0x12b07: add dx, si 0x12b09: mov bl, 5 0x12b0b: push si 0x12b0c: call 0x22abc 0x12b0f: pop si 0x12b10: ret 0x12b11: lea dx, word ptr [si + 0x3f8] 0x12b15: call 0x12b4b 0x12b18: mov ah, 0x19 0x12b1a: int 0x21 0x12b1c: push cs 0x12b1d: pop ds 0x12b1e: add al, 1 0x12b20: push si 0x12b21: mov ah, 0x47 0x12b23: mov dl, al 0x12b25: add si, 0x3b5 0x12b29: int 0x21 0x12b2b: pop si
2018-12-25T12:40:18.694849517Z	9	PC: 12af1 \| Display string (String= ' ')
2018-12-25T12:40:18.698920762Z	26	PC: 12c1a \| Set disk transfer address
2018-12-25T12:40:18.700386768Z	76	PC: 12a45 \| Terminate with return code (Return code = '76')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14293,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:40:17.42398535Z	47	PC: 12a94 \| Get disk transfer address
2018-12-25T12:40:17.426066076Z	26	PC: 12aae \| Set disk transfer address
2018-12-25T12:40:17.427229533Z	78	PC: 12b52 \| Find first file
2018-12-25T12:40:17.433300203Z	61	PC: 12b5f \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:40:17.441114192Z	63	PC: 12b72 \| Read file or device (Read 5 bytes on handle 5)
2018-12-25T12:40:17.450167687Z	66	PC: 12bfd \| Move file pointer
2018-12-25T12:40:17.451900455Z	66	PC: 12bbf \| Move file pointer
2018-12-25T12:40:17.453190822Z	64	PC: 12bcc \| Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:40:17.45600775Z	66	PC: 12bde \| Move file pointer
2018-12-25T12:40:17.457209339Z	64	PC: 12beb \| Write file or device (Write 753 bytes on handle 5)
2018-12-25T12:40:18.209439919Z	62	PC: 12b8b \| Close file
2018-12-25T12:40:18.218731194Z	79	PC: 12b8f \| Find next file
2018-12-25T12:40:18.222060459Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.228138785Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.234142318Z	66	PC: 12bfd \| Move file pointer (See above)
2018-12-25T12:40:18.235457302Z	66	PC: 12bbf \| Move file pointer (See above)
2018-12-25T12:40:18.236737022Z	64	PC: 12bcc \| Write file or device (See above)
2018-12-25T12:40:18.240241182Z	66	PC: 12bde \| Move file pointer (See above)
2018-12-25T12:40:18.242205927Z	64	PC: 12beb \| Write file or device (See above)
2018-12-25T12:40:18.250131766Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.258627255Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.261370886Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.267763062Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.274453735Z	66	PC: 12bfd \| Move file pointer (See above)
2018-12-25T12:40:18.277094046Z	66	PC: 12bbf \| Move file pointer (See above)
2018-12-25T12:40:18.27884312Z	64	PC: 12bcc \| Write file or device (See above)
2018-12-25T12:40:18.281834218Z	66	PC: 12bde \| Move file pointer (See above)
2018-12-25T12:40:18.283548839Z	64	PC: 12beb \| Write file or device (See above)
2018-12-25T12:40:18.294867286Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.302993737Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.306510406Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.31299925Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.319402557Z	66	PC: 12bfd \| Move file pointer (See above)
2018-12-25T12:40:18.322019336Z	66	PC: 12bbf \| Move file pointer (See above)
2018-12-25T12:40:18.324955604Z	64	PC: 12bcc \| Write file or device (See above)
2018-12-25T12:40:18.327971778Z	66	PC: 12bde \| Move file pointer (See above)
2018-12-25T12:40:18.330673417Z	64	PC: 12beb \| Write file or device (See above)
2018-12-25T12:40:18.338524625Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.348596466Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.352028157Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.359370104Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.365180393Z	66	PC: 12bfd \| Move file pointer (See above)
2018-12-25T12:40:18.370966214Z	66	PC: 12bbf \| Move file pointer (See above)
2018-12-25T12:40:18.372377439Z	64	PC: 12bcc \| Write file or device (See above)
2018-12-25T12:40:18.374439038Z	66	PC: 12bde \| Move file pointer (See above)
2018-12-25T12:40:18.3758474Z	64	PC: 12beb \| Write file or device (See above)
2018-12-25T12:40:18.38242396Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.390955126Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.393575638Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.400675994Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.407075203Z	66	PC: 12bfd \| Move file pointer (See above)
2018-12-25T12:40:18.40841499Z	66	PC: 12bbf \| Move file pointer (See above)
2018-12-25T12:40:18.410457818Z	64	PC: 12bcc \| Write file or device (See above)
2018-12-25T12:40:18.413136998Z	66	PC: 12bde \| Move file pointer (See above)
2018-12-25T12:40:18.414621028Z	64	PC: 12beb \| Write file or device (See above)
2018-12-25T12:40:18.424698052Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.432668327Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.435315547Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.444097372Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.452386069Z	66	PC: 12bfd \| Move file pointer (See above)
2018-12-25T12:40:18.454010893Z	66	PC: 12bbf \| Move file pointer (See above)
2018-12-25T12:40:18.456397303Z	64	PC: 12bcc \| Write file or device (See above)
2018-12-25T12:40:18.459539876Z	66	PC: 12bde \| Move file pointer (See above)
2018-12-25T12:40:18.461178761Z	64	PC: 12beb \| Write file or device (See above)
2018-12-25T12:40:18.470849514Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.479385925Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.481977884Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.489493376Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.493585123Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.495615695Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.499040642Z	25	PC: 12b1c \| Get default drive
2018-12-25T12:40:18.50030851Z	71	PC: 12b2b \| Get current directory
2018-12-25T12:40:18.503417822Z	59	PC: 12b35 \| Change current directory
2018-12-25T12:40:18.507784573Z	78	PC: 12b52 \| Find first file (See above)
2018-12-25T12:40:18.514521575Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.52117102Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.531309461Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.53374294Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.536463414Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.542717131Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.549556428Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.551155706Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.553754696Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.561183224Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.567116026Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.568998318Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.572106556Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.578198471Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.585079847Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.587573618Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.590357425Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.596861119Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.604550641Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.606517235Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.609780987Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.618104805Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.625268528Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.627323646Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.631004458Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.637419474Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.643769621Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.646202507Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.648866617Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.65457978Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.657946593Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.659886557Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.662450264Z	59	PC: 12b45 \| Change current directory
2018-12-25T12:40:18.665562232Z	42	PC: 12af6 \| Get date 0x12af6: cmp dh, 2 0x12af9: je 0x12afc 0x12afb: ret 0x12afc: cmp dl, 0x1c 0x12aff: je 0x12b02 0x12b01: ret 0x12b02: int 0x21 0x12b04: mov dx, 0x39c 0x12b07: add dx, si 0x12b09: mov bl, 5 0x12b0b: push si 0x12b0c: call 0x22abc 0x12b0f: pop si 0x12b10: ret 0x12b11: lea dx, word ptr [si + 0x3f8] 0x12b15: call 0x12b4b 0x12b18: mov ah, 0x19 0x12b1a: int 0x21 0x12b1c: push cs 0x12b1d: pop ds
2018-12-25T12:40:18.668205775Z	26	PC: 12c1a \| Set disk transfer address
2018-12-25T12:40:18.669487968Z	76	PC: 12a45 \| Terminate with return code (Return code = '76')

{"DateBased":true,"Day":1,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14293,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:40:17.42076709Z	47	PC: 12a94 \| Get disk transfer address
2018-12-25T12:40:17.422453271Z	26	PC: 12aae \| Set disk transfer address
2018-12-25T12:40:17.423713364Z	78	PC: 12b52 \| Find first file
2018-12-25T12:40:17.430320824Z	61	PC: 12b5f \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:40:17.437866962Z	63	PC: 12b72 \| Read file or device (Read 5 bytes on handle 5)
2018-12-25T12:40:17.444322298Z	66	PC: 12bfd \| Move file pointer
2018-12-25T12:40:17.445712401Z	66	PC: 12bbf \| Move file pointer
2018-12-25T12:40:17.447500172Z	64	PC: 12bcc \| Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:40:17.450363895Z	66	PC: 12bde \| Move file pointer
2018-12-25T12:40:17.452037102Z	64	PC: 12beb \| Write file or device (Write 753 bytes on handle 5)
2018-12-25T12:40:18.21197303Z	62	PC: 12b8b \| Close file
2018-12-25T12:40:18.220728933Z	79	PC: 12b8f \| Find next file
2018-12-25T12:40:18.223755373Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.230825642Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.237979409Z	66	PC: 12bfd \| Move file pointer (See above)
2018-12-25T12:40:18.239511256Z	66	PC: 12bbf \| Move file pointer (See above)
2018-12-25T12:40:18.24109403Z	64	PC: 12bcc \| Write file or device (See above)
2018-12-25T12:40:18.259696949Z	66	PC: 12bde \| Move file pointer (See above)
2018-12-25T12:40:18.262665819Z	64	PC: 12beb \| Write file or device (See above)
2018-12-25T12:40:18.273091676Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.282616259Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.285556396Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.29375906Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.301022562Z	66	PC: 12bfd \| Move file pointer (See above)
2018-12-25T12:40:18.302507927Z	66	PC: 12bbf \| Move file pointer (See above)
2018-12-25T12:40:18.304376669Z	64	PC: 12bcc \| Write file or device (See above)
2018-12-25T12:40:18.308540296Z	66	PC: 12bde \| Move file pointer (See above)
2018-12-25T12:40:18.309943578Z	64	PC: 12beb \| Write file or device (See above)
2018-12-25T12:40:18.317871114Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.327095459Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.329867762Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.336280121Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.343954736Z	66	PC: 12bfd \| Move file pointer (See above)
2018-12-25T12:40:18.346422948Z	66	PC: 12bbf \| Move file pointer (See above)
2018-12-25T12:40:18.35205772Z	64	PC: 12bcc \| Write file or device (See above)
2018-12-25T12:40:18.355071617Z	66	PC: 12bde \| Move file pointer (See above)
2018-12-25T12:40:18.357707942Z	64	PC: 12beb \| Write file or device (See above)
2018-12-25T12:40:18.366146748Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.374144718Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.378554441Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.384975871Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.391180784Z	66	PC: 12bfd \| Move file pointer (See above)
2018-12-25T12:40:18.393094729Z	66	PC: 12bbf \| Move file pointer (See above)
2018-12-25T12:40:18.394375273Z	64	PC: 12bcc \| Write file or device (See above)
2018-12-25T12:40:18.396977628Z	66	PC: 12bde \| Move file pointer (See above)
2018-12-25T12:40:18.399315176Z	64	PC: 12beb \| Write file or device (See above)
2018-12-25T12:40:18.407145442Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.415231622Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.419563795Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.426170493Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.432842042Z	66	PC: 12bfd \| Move file pointer (See above)
2018-12-25T12:40:18.435235427Z	66	PC: 12bbf \| Move file pointer (See above)
2018-12-25T12:40:18.436611466Z	64	PC: 12bcc \| Write file or device (See above)
2018-12-25T12:40:18.439202784Z	66	PC: 12bde \| Move file pointer (See above)
2018-12-25T12:40:18.441683375Z	64	PC: 12beb \| Write file or device (See above)
2018-12-25T12:40:18.450308758Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.458441584Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.462261529Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.468957833Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.475507325Z	66	PC: 12bfd \| Move file pointer (See above)
2018-12-25T12:40:18.478094491Z	66	PC: 12bbf \| Move file pointer (See above)
2018-12-25T12:40:18.480257296Z	64	PC: 12bcc \| Write file or device (See above)
2018-12-25T12:40:18.483145917Z	66	PC: 12bde \| Move file pointer (See above)
2018-12-25T12:40:18.485565226Z	64	PC: 12beb \| Write file or device (See above)
2018-12-25T12:40:18.494050931Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.502468084Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.505887178Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.512634024Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.515266463Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.517372345Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.5203791Z	25	PC: 12b1c \| Get default drive
2018-12-25T12:40:18.521727199Z	71	PC: 12b2b \| Get current directory
2018-12-25T12:40:18.524734896Z	59	PC: 12b35 \| Change current directory
2018-12-25T12:40:18.529518025Z	78	PC: 12b52 \| Find first file (See above)
2018-12-25T12:40:18.535447452Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.547011885Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.554485715Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.556152685Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.558764195Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.571241201Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.577455454Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.579081533Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.582196896Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.588745154Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.595159963Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.597718735Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.60041271Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.607045172Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.613900685Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.615584278Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.618688544Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.626265531Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.633007341Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.634947929Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.638749595Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.645362697Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.651809552Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.654244992Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.656899661Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.66321792Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.670020883Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.672048787Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.674806848Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.683011993Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.689237379Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.690957345Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.694077047Z	59	PC: 12b45 \| Change current directory
2018-12-25T12:40:18.697668778Z	42	PC: 12af6 \| Get date 0x12af6: cmp dh, 2 0x12af9: je 0x12afc 0x12afb: ret 0x12afc: cmp dl, 0x1c 0x12aff: je 0x12b02 0x12b01: ret 0x12b02: int 0x21 0x12b04: mov dx, 0x39c 0x12b07: add dx, si 0x12b09: mov bl, 5 0x12b0b: push si 0x12b0c: call 0x22abc 0x12b0f: pop si 0x12b10: ret 0x12b11: lea dx, word ptr [si + 0x3f8] 0x12b15: call 0x12b4b 0x12b18: mov ah, 0x19 0x12b1a: int 0x21 0x12b1c: push cs 0x12b1d: pop ds
2018-12-25T12:40:18.69984794Z	26	PC: 12c1a \| Set disk transfer address
2018-12-25T12:40:18.7016292Z	76	PC: 12a45 \| Terminate with return code (Return code = '76')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14293,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:40:17.413875291Z	47	PC: 12a94 \| Get disk transfer address
2018-12-25T12:40:17.415843857Z	26	PC: 12aae \| Set disk transfer address
2018-12-25T12:40:17.417272043Z	78	PC: 12b52 \| Find first file
2018-12-25T12:40:17.423751267Z	61	PC: 12b5f \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:40:17.430903309Z	63	PC: 12b72 \| Read file or device (Read 5 bytes on handle 5)
2018-12-25T12:40:17.438644857Z	66	PC: 12bfd \| Move file pointer
2018-12-25T12:40:17.440668619Z	66	PC: 12bbf \| Move file pointer
2018-12-25T12:40:17.44256024Z	64	PC: 12bcc \| Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:40:17.446081522Z	66	PC: 12bde \| Move file pointer
2018-12-25T12:40:17.447338209Z	64	PC: 12beb \| Write file or device (Write 753 bytes on handle 5)
2018-12-25T12:40:18.440050901Z	62	PC: 12b8b \| Close file
2018-12-25T12:40:18.450570754Z	79	PC: 12b8f \| Find next file
2018-12-25T12:40:18.454303447Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.459328755Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.468284711Z	66	PC: 12bfd \| Move file pointer (See above)
2018-12-25T12:40:18.470648121Z	66	PC: 12bbf \| Move file pointer (See above)
2018-12-25T12:40:18.472595568Z	64	PC: 12bcc \| Write file or device (See above)
2018-12-25T12:40:18.477458501Z	66	PC: 12bde \| Move file pointer (See above)
2018-12-25T12:40:18.479451215Z	64	PC: 12beb \| Write file or device (See above)
2018-12-25T12:40:18.488422459Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.497633906Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.501518963Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.508865079Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.524094551Z	66	PC: 12bfd \| Move file pointer (See above)
2018-12-25T12:40:18.527220407Z	66	PC: 12bbf \| Move file pointer (See above)
2018-12-25T12:40:18.529201891Z	64	PC: 12bcc \| Write file or device (See above)
2018-12-25T12:40:18.532543579Z	66	PC: 12bde \| Move file pointer (See above)
2018-12-25T12:40:18.535649978Z	64	PC: 12beb \| Write file or device (See above)
2018-12-25T12:40:18.544200506Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.551864132Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.557012595Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.565497032Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.570121879Z	66	PC: 12bfd \| Move file pointer (See above)
2018-12-25T12:40:18.57240777Z	66	PC: 12bbf \| Move file pointer (See above)
2018-12-25T12:40:18.574777864Z	64	PC: 12bcc \| Write file or device (See above)
2018-12-25T12:40:18.577583848Z	66	PC: 12bde \| Move file pointer (See above)
2018-12-25T12:40:18.578914077Z	64	PC: 12beb \| Write file or device (See above)
2018-12-25T12:40:18.589023505Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.595280195Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.597314595Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.603001055Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.607753083Z	66	PC: 12bfd \| Move file pointer (See above)
2018-12-25T12:40:18.609902028Z	66	PC: 12bbf \| Move file pointer (See above)
2018-12-25T12:40:18.612961331Z	64	PC: 12bcc \| Write file or device (See above)
2018-12-25T12:40:18.616638931Z	66	PC: 12bde \| Move file pointer (See above)
2018-12-25T12:40:18.618546183Z	64	PC: 12beb \| Write file or device (See above)
2018-12-25T12:40:18.628314645Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.638202825Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.641657638Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.650246753Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.658552686Z	66	PC: 12bfd \| Move file pointer (See above)
2018-12-25T12:40:18.660521908Z	66	PC: 12bbf \| Move file pointer (See above)
2018-12-25T12:40:18.662425351Z	64	PC: 12bcc \| Write file or device (See above)
2018-12-25T12:40:18.668262632Z	66	PC: 12bde \| Move file pointer (See above)
2018-12-25T12:40:18.670318922Z	64	PC: 12beb \| Write file or device (See above)
2018-12-25T12:40:18.680707415Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.691869583Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.695362516Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.703170345Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.71172781Z	66	PC: 12bfd \| Move file pointer (See above)
2018-12-25T12:40:18.714186096Z	66	PC: 12bbf \| Move file pointer (See above)
2018-12-25T12:40:18.716186629Z	64	PC: 12bcc \| Write file or device (See above)
2018-12-25T12:40:18.721216726Z	66	PC: 12bde \| Move file pointer (See above)
2018-12-25T12:40:18.723335896Z	64	PC: 12beb \| Write file or device (See above)
2018-12-25T12:40:18.732235042Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.741096689Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.744504012Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.752731339Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.75587424Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.758434044Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.761175115Z	25	PC: 12b1c \| Get default drive
2018-12-25T12:40:18.762757665Z	71	PC: 12b2b \| Get current directory
2018-12-25T12:40:18.766938039Z	59	PC: 12b35 \| Change current directory
2018-12-25T12:40:18.771743807Z	78	PC: 12b52 \| Find first file (See above)
2018-12-25T12:40:18.784803477Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.793574614Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.800847108Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.803090368Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.807110678Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.814529903Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.821777586Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.824600318Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.828560052Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.836131676Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.844229027Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.846897142Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.851148579Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.858587838Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.867253579Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.869568781Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.872858813Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.88188872Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.889214851Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.891505012Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.895396932Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.90257128Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.909532736Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.912283742Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.916086001Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.923142384Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.930534049Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.932823507Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.935888143Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.943034957Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.951759787Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.954202636Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.957676178Z	59	PC: 12b45 \| Change current directory
2018-12-25T12:40:18.961014165Z	42	PC: 12af6 \| Get date 0x12af6: cmp dh, 2 0x12af9: je 0x12afc 0x12afb: ret 0x12afc: cmp dl, 0x1c 0x12aff: je 0x12b02 0x12b01: ret 0x12b02: int 0x21 0x12b04: mov dx, 0x39c 0x12b07: add dx, si 0x12b09: mov bl, 5 0x12b0b: push si 0x12b0c: call 0x22abc 0x12b0f: pop si 0x12b10: ret 0x12b11: lea dx, word ptr [si + 0x3f8] 0x12b15: call 0x12b4b 0x12b18: mov ah, 0x19 0x12b1a: int 0x21 0x12b1c: push cs 0x12b1d: pop ds
2018-12-25T12:40:18.963733068Z	26	PC: 12c1a \| Set disk transfer address
2018-12-25T12:40:18.965293014Z	76	PC: 12a45 \| Terminate with return code (Return code = '76')

{"DateBased":true,"Day":1,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14293,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:40:17.437555909Z	47	PC: 12a94 \| Get disk transfer address
2018-12-25T12:40:17.442614625Z	26	PC: 12aae \| Set disk transfer address
2018-12-25T12:40:17.443411209Z	78	PC: 12b52 \| Find first file
2018-12-25T12:40:17.447045513Z	61	PC: 12b5f \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:40:17.451414911Z	63	PC: 12b72 \| Read file or device (Read 5 bytes on handle 5)
2018-12-25T12:40:17.457463227Z	66	PC: 12bfd \| Move file pointer
2018-12-25T12:40:17.458688717Z	66	PC: 12bbf \| Move file pointer
2018-12-25T12:40:17.460307187Z	64	PC: 12bcc \| Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:40:17.462963811Z	66	PC: 12bde \| Move file pointer
2018-12-25T12:40:17.464453086Z	64	PC: 12beb \| Write file or device (Write 753 bytes on handle 5)
2018-12-25T12:40:18.214289728Z	62	PC: 12b8b \| Close file
2018-12-25T12:40:18.223142376Z	79	PC: 12b8f \| Find next file
2018-12-25T12:40:18.226080738Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.237904076Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.245686421Z	66	PC: 12bfd \| Move file pointer (See above)
2018-12-25T12:40:18.247442584Z	66	PC: 12bbf \| Move file pointer (See above)
2018-12-25T12:40:18.249153546Z	64	PC: 12bcc \| Write file or device (See above)
2018-12-25T12:40:18.253180468Z	66	PC: 12bde \| Move file pointer (See above)
2018-12-25T12:40:18.25797557Z	64	PC: 12beb \| Write file or device (See above)
2018-12-25T12:40:18.267048795Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.276569016Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.279965093Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.287032809Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.293951233Z	66	PC: 12bfd \| Move file pointer (See above)
2018-12-25T12:40:18.297410364Z	66	PC: 12bbf \| Move file pointer (See above)
2018-12-25T12:40:18.299009048Z	64	PC: 12bcc \| Write file or device (See above)
2018-12-25T12:40:18.30281624Z	66	PC: 12bde \| Move file pointer (See above)
2018-12-25T12:40:18.304846185Z	64	PC: 12beb \| Write file or device (See above)
2018-12-25T12:40:18.313297684Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.323560623Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.327326143Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.332899253Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.33861453Z	66	PC: 12bfd \| Move file pointer (See above)
2018-12-25T12:40:18.340554755Z	66	PC: 12bbf \| Move file pointer (See above)
2018-12-25T12:40:18.342036031Z	64	PC: 12bcc \| Write file or device (See above)
2018-12-25T12:40:18.344821823Z	66	PC: 12bde \| Move file pointer (See above)
2018-12-25T12:40:18.347169295Z	64	PC: 12beb \| Write file or device (See above)
2018-12-25T12:40:18.353969282Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.360812681Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.364260578Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.370355447Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.375691364Z	66	PC: 12bfd \| Move file pointer (See above)
2018-12-25T12:40:18.378001001Z	66	PC: 12bbf \| Move file pointer (See above)
2018-12-25T12:40:18.379292135Z	64	PC: 12bcc \| Write file or device (See above)
2018-12-25T12:40:18.382009082Z	66	PC: 12bde \| Move file pointer (See above)
2018-12-25T12:40:18.384343152Z	64	PC: 12beb \| Write file or device (See above)
2018-12-25T12:40:18.391694969Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.398458989Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.401821303Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.407313078Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.412659984Z	66	PC: 12bfd \| Move file pointer (See above)
2018-12-25T12:40:18.415066426Z	66	PC: 12bbf \| Move file pointer (See above)
2018-12-25T12:40:18.416549941Z	64	PC: 12bcc \| Write file or device (See above)
2018-12-25T12:40:18.418900301Z	66	PC: 12bde \| Move file pointer (See above)
2018-12-25T12:40:18.420568705Z	64	PC: 12beb \| Write file or device (See above)
2018-12-25T12:40:18.430213437Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.438139037Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.441021899Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.447491015Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.452910021Z	66	PC: 12bfd \| Move file pointer (See above)
2018-12-25T12:40:18.454446115Z	66	PC: 12bbf \| Move file pointer (See above)
2018-12-25T12:40:18.456958649Z	64	PC: 12bcc \| Write file or device (See above)
2018-12-25T12:40:18.459494832Z	66	PC: 12bde \| Move file pointer (See above)
2018-12-25T12:40:18.460939975Z	64	PC: 12beb \| Write file or device (See above)
2018-12-25T12:40:18.469266587Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.476001518Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.478444416Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.48475978Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.490526485Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.492252033Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.495183717Z	25	PC: 12b1c \| Get default drive
2018-12-25T12:40:18.496273111Z	71	PC: 12b2b \| Get current directory
2018-12-25T12:40:18.4990446Z	59	PC: 12b35 \| Change current directory
2018-12-25T12:40:18.504523957Z	78	PC: 12b52 \| Find first file (See above)
2018-12-25T12:40:18.515748552Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.522720658Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.529165031Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.53136671Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.534045649Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.540613055Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.547442501Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.549116495Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.551681633Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.559124306Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.567230927Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.569130153Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.572483184Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.579307058Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.586046969Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.589147711Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.592084558Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.598754356Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.606185961Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.608383581Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.611253279Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.61857139Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.625049412Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.627150003Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.63068836Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.637437739Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.644408362Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.647249696Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.650567033Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.657111811Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.663949032Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.665606575Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.667323349Z	59	PC: 12b45 \| Change current directory
2018-12-25T12:40:18.669380322Z	42	PC: 12af6 \| Get date 0x12af6: cmp dh, 2 0x12af9: je 0x12afc 0x12afb: ret 0x12afc: cmp dl, 0x1c 0x12aff: je 0x12b02 0x12b01: ret 0x12b02: int 0x21 0x12b04: mov dx, 0x39c 0x12b07: add dx, si 0x12b09: mov bl, 5 0x12b0b: push si 0x12b0c: call 0x22abc 0x12b0f: pop si 0x12b10: ret 0x12b11: lea dx, word ptr [si + 0x3f8] 0x12b15: call 0x12b4b 0x12b18: mov ah, 0x19 0x12b1a: int 0x21 0x12b1c: push cs 0x12b1d: pop ds
2018-12-25T12:40:18.671005239Z	26	PC: 12c1a \| Set disk transfer address
2018-12-25T12:40:18.671905633Z	76	PC: 12a45 \| Terminate with return code (Return code = '76')

{"DateBased":true,"Day":28,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14293,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:40:17.754645268Z	47	PC: 12a94 \| Get disk transfer address
2018-12-25T12:40:17.756222812Z	26	PC: 12aae \| Set disk transfer address
2018-12-25T12:40:17.757507609Z	78	PC: 12b52 \| Find first file
2018-12-25T12:40:17.764199861Z	61	PC: 12b5f \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:40:17.771375408Z	63	PC: 12b72 \| Read file or device (Read 5 bytes on handle 5)
2018-12-25T12:40:17.778610949Z	66	PC: 12bfd \| Move file pointer
2018-12-25T12:40:17.780133419Z	66	PC: 12bbf \| Move file pointer
2018-12-25T12:40:17.781574493Z	64	PC: 12bcc \| Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:40:17.785181842Z	66	PC: 12bde \| Move file pointer
2018-12-25T12:40:17.787565252Z	64	PC: 12beb \| Write file or device (Write 753 bytes on handle 5)
2018-12-25T12:40:18.440092495Z	62	PC: 12b8b \| Close file
2018-12-25T12:40:18.449912801Z	79	PC: 12b8f \| Find next file
2018-12-25T12:40:18.453017267Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.460266278Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.476870909Z	66	PC: 12bfd \| Move file pointer (See above)
2018-12-25T12:40:18.478997428Z	66	PC: 12bbf \| Move file pointer (See above)
2018-12-25T12:40:18.480534351Z	64	PC: 12bcc \| Write file or device (See above)
2018-12-25T12:40:18.484726776Z	66	PC: 12bde \| Move file pointer (See above)
2018-12-25T12:40:18.486644452Z	64	PC: 12beb \| Write file or device (See above)
2018-12-25T12:40:18.49587339Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.506279416Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.509379266Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.516796759Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.524473967Z	66	PC: 12bfd \| Move file pointer (See above)
2018-12-25T12:40:18.526000015Z	66	PC: 12bbf \| Move file pointer (See above)
2018-12-25T12:40:18.527337679Z	64	PC: 12bcc \| Write file or device (See above)
2018-12-25T12:40:18.530407268Z	66	PC: 12bde \| Move file pointer (See above)
2018-12-25T12:40:18.532706425Z	64	PC: 12beb \| Write file or device (See above)
2018-12-25T12:40:18.54426856Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.552903749Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.556460163Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.564170914Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.572013264Z	66	PC: 12bfd \| Move file pointer (See above)
2018-12-25T12:40:18.575309894Z	66	PC: 12bbf \| Move file pointer (See above)
2018-12-25T12:40:18.577762139Z	64	PC: 12bcc \| Write file or device (See above)
2018-12-25T12:40:18.581308834Z	66	PC: 12bde \| Move file pointer (See above)
2018-12-25T12:40:18.584059293Z	64	PC: 12beb \| Write file or device (See above)
2018-12-25T12:40:18.593445991Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.602921319Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.60653722Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.614174393Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.621525948Z	66	PC: 12bfd \| Move file pointer (See above)
2018-12-25T12:40:18.623476046Z	66	PC: 12bbf \| Move file pointer (See above)
2018-12-25T12:40:18.631285686Z	64	PC: 12bcc \| Write file or device (See above)
2018-12-25T12:40:18.634681603Z	66	PC: 12bde \| Move file pointer (See above)
2018-12-25T12:40:18.637031602Z	64	PC: 12beb \| Write file or device (See above)
2018-12-25T12:40:18.647378316Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.660671267Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.664188938Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.67295512Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.680319306Z	66	PC: 12bfd \| Move file pointer (See above)
2018-12-25T12:40:18.682049321Z	66	PC: 12bbf \| Move file pointer (See above)
2018-12-25T12:40:18.684483247Z	64	PC: 12bcc \| Write file or device (See above)
2018-12-25T12:40:18.68792225Z	66	PC: 12bde \| Move file pointer (See above)
2018-12-25T12:40:18.68999949Z	64	PC: 12beb \| Write file or device (See above)
2018-12-25T12:40:18.700027943Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.709907775Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.714091107Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.72172685Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.730571134Z	66	PC: 12bfd \| Move file pointer (See above)
2018-12-25T12:40:18.73264711Z	66	PC: 12bbf \| Move file pointer (See above)
2018-12-25T12:40:18.734594146Z	64	PC: 12bcc \| Write file or device (See above)
2018-12-25T12:40:18.738866397Z	66	PC: 12bde \| Move file pointer (See above)
2018-12-25T12:40:18.741228041Z	64	PC: 12beb \| Write file or device (See above)
2018-12-25T12:40:18.750448203Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.760332803Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.763680182Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.77169241Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.775178584Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.778362268Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.782211639Z	25	PC: 12b1c \| Get default drive
2018-12-25T12:40:18.78374885Z	71	PC: 12b2b \| Get current directory
2018-12-25T12:40:18.787881871Z	59	PC: 12b35 \| Change current directory
2018-12-25T12:40:18.792638657Z	78	PC: 12b52 \| Find first file (See above)
2018-12-25T12:40:18.799575863Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.808264977Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.81625478Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.818357166Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.822555635Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.830598639Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.838073198Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.841241876Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.845033967Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.853515967Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.860976154Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.864480581Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.867871796Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.875509822Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.88331961Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.885332316Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.888305337Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.89684251Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.90398905Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.905972169Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.910015498Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.918027956Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.925074498Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.927706468Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.931612171Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.939111664Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.946568511Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.949996641Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.953351479Z	61	PC: 12b5f \| Open file (See above)
2018-12-25T12:40:18.961000603Z	63	PC: 12b72 \| Read file or device (See above)
2018-12-25T12:40:18.965339099Z	62	PC: 12b8b \| Close file (See above)
2018-12-25T12:40:18.967649538Z	79	PC: 12b8f \| Find next file (See above)
2018-12-25T12:40:18.970662285Z	59	PC: 12b45 \| Change current directory
2018-12-25T12:40:18.973785244Z	42	PC: 12af6 \| Get date 0x12af6: cmp dh, 2 0x12af9: je 0x12afc 0x12afb: ret 0x12afc: cmp dl, 0x1c 0x12aff: je 0x12b02 0x12b01: ret 0x12b02: int 0x21 0x12b04: mov dx, 0x39c 0x12b07: add dx, si 0x12b09: mov bl, 5 0x12b0b: push si 0x12b0c: call 0x22abc 0x12b0f: pop si 0x12b10: ret 0x12b11: lea dx, word ptr [si + 0x3f8] 0x12b15: call 0x12b4b 0x12b18: mov ah, 0x19 0x12b1a: int 0x21 0x12b1c: push cs 0x12b1d: pop ds
2018-12-25T12:40:18.977330849Z	42	PC: 12b04 \| Get date 0x12b04: mov dx, 0x39c 0x12b07: add dx, si 0x12b09: mov bl, 5 0x12b0b: push si 0x12b0c: call 0x22abc 0x12b0f: pop si 0x12b10: ret 0x12b11: lea dx, word ptr [si + 0x3f8] 0x12b15: call 0x12b4b 0x12b18: mov ah, 0x19 0x12b1a: int 0x21 0x12b1c: push cs 0x12b1d: pop ds 0x12b1e: add al, 1 0x12b20: push si 0x12b21: mov ah, 0x47 0x12b23: mov dl, al 0x12b25: add si, 0x3b5 0x12b29: int 0x21 0x12b2b: pop si
2018-12-25T12:40:18.981101682Z	9	PC: 12af1 \| Display string (String= ' ')
2018-12-25T12:40:18.987231608Z	26	PC: 12c1a \| Set disk transfer address
2018-12-25T12:40:18.989108988Z	76	PC: 12a45 \| Terminate with return code (Return code = '76')