Sample viewer

vx.netlux.org/Virus.DOS.PS-MPC.Soul.517

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:11:06.705343383Z 26 PC: 12ba0 | Set disk transfer address
2018-12-17T23:11:06.707165294Z 78 PC: 12ac9 | Find first file
2018-12-17T23:11:06.713445824Z 61 PC: 12ad4 | Open file (Filename = 'SLEEP.COM')
2018-12-17T23:11:06.720246259Z 63 PC: 12ae0 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:11:06.735584409Z 66 PC: 12ba8 | Move file pointer
2018-12-17T23:11:06.736974827Z 64 PC: 12b0f | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:11:06.739656881Z 66 PC: 12ba8 | Move file pointer
2018-12-17T23:11:06.748179068Z 64 PC: 12b1f | Write file or device (Write 517 bytes on handle 5)
2018-12-17T23:11:06.762663155Z 62 PC: 12b23 | Close file
2018-12-17T23:11:06.77073888Z 42 PC: 12b31 | Get date 0x12b31: cmp cx, 0x7ca
0x12b35: jge 0x12b3b
0x12b37: mov ah, 0x4f
0x12b39: jmp 0x12ac7
0x12b3b: mov ah, 0x2a
0x12b3d: int 0x21
0x12b3f: cmp dh, 5
0x12b42: jge 0x12b49
0x12b44: mov ah, 0x4f
0x12b46: jmp 0x12ac7
0x12b49: add ch, byte ptr [bp + si]
0x12b4b: int 0x21
0x12b4d: cmp dl, 0x15
0x12b50: jge 0x12b57
0x12b52: mov ah, 0x4f
0x12b54: jmp 0x12ac7
0x12b57: jmp 0x12b59
0x12b59: mov al, byte ptr cs:[0x209]
0x12b5d: call 0x12b71
0x12b60: cmp byte ptr cs:[0x209], 0x19
2018-12-17T23:11:06.773861191Z 42 PC: 12b3f | Get date 0x12b3f: cmp dh, 5
0x12b42: jge 0x12b49
0x12b44: mov ah, 0x4f
0x12b46: jmp 0x12ac7
0x12b49: add ch, byte ptr [bp + si]
0x12b4b: int 0x21
0x12b4d: cmp dl, 0x15
0x12b50: jge 0x12b57
0x12b52: mov ah, 0x4f
0x12b54: jmp 0x12ac7
0x12b57: jmp 0x12b59
0x12b59: mov al, byte ptr cs:[0x209]
0x12b5d: call 0x12b71
0x12b60: cmp byte ptr cs:[0x209], 0x19
0x12b66: mov ah, 0x4f
0x12b68: je 0x12b25
0x12b6a: inc byte ptr cs:[0x209]
0x12b6f: loop 0x12b59
0x12b71: mov ah, 5
0x12b73: mov ch, byte ptr cs:[0x208]
2018-12-17T23:11:06.775394091Z 42 PC: 12b4d | Get date 0x12b4d: cmp dl, 0x15
0x12b50: jge 0x12b57
0x12b52: mov ah, 0x4f
0x12b54: jmp 0x12ac7
0x12b57: jmp 0x12b59
0x12b59: mov al, byte ptr cs:[0x209]
0x12b5d: call 0x12b71
0x12b60: cmp byte ptr cs:[0x209], 0x19
0x12b66: mov ah, 0x4f
0x12b68: je 0x12b25
0x12b6a: inc byte ptr cs:[0x209]
0x12b6f: loop 0x12b59
0x12b71: mov ah, 5
0x12b73: mov ch, byte ptr cs:[0x208]
0x12b78: mov dh, byte ptr cs:[0x208]
0x12b7d: mov dl, byte ptr cs:[0x209]
0x12b82: int 0x13
0x12b84: inc byte ptr cs:[0x208]
0x12b89: cmp byte ptr cs:[0x208], 5
0x12b8f: je 0x12b93
2018-12-17T23:11:06.776731248Z 79 PC: 12ac9 | Find next file
2018-12-17T23:11:06.778771251Z 61 PC: 12ad4 | Open file (Filename = 'PRINT.COM')
2018-12-17T23:11:06.783237456Z 63 PC: 12ae0 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:11:06.78937617Z 66 PC: 12ba8 | Move file pointer
2018-12-17T23:11:06.79056846Z 64 PC: 12b0f | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:11:06.805648441Z 66 PC: 12ba8 | Move file pointer
2018-12-17T23:11:06.806898183Z 64 PC: 12b1f | Write file or device (Write 517 bytes on handle 5)
2018-12-17T23:11:06.814498379Z 62 PC: 12b23 | Close file
2018-12-17T23:11:06.822787569Z 42 PC: 12b31 | Get date 0x12b31: cmp cx, 0x7ca
0x12b35: jge 0x12b3b
0x12b37: mov ah, 0x4f
0x12b39: jmp 0x12ac7
0x12b3b: mov ah, 0x2a
0x12b3d: int 0x21
0x12b3f: cmp dh, 5
0x12b42: jge 0x12b49
0x12b44: mov ah, 0x4f
0x12b46: jmp 0x12ac7
0x12b49: add ch, byte ptr [bp + si]
0x12b4b: int 0x21
0x12b4d: cmp dl, 0x15
0x12b50: jge 0x12b57
0x12b52: mov ah, 0x4f
0x12b54: jmp 0x12ac7
0x12b57: jmp 0x12b59
0x12b59: mov al, byte ptr cs:[0x209]
0x12b5d: call 0x12b71
0x12b60: cmp byte ptr cs:[0x209], 0x19
2018-12-17T23:11:06.82507007Z 42 PC: 12b3f | Get date 0x12b3f: cmp dh, 5
0x12b42: jge 0x12b49
0x12b44: mov ah, 0x4f
0x12b46: jmp 0x12ac7
0x12b49: add ch, byte ptr [bp + si]
0x12b4b: int 0x21
0x12b4d: cmp dl, 0x15
0x12b50: jge 0x12b57
0x12b52: mov ah, 0x4f
0x12b54: jmp 0x12ac7
0x12b57: jmp 0x12b59
0x12b59: mov al, byte ptr cs:[0x209]
0x12b5d: call 0x12b71
0x12b60: cmp byte ptr cs:[0x209], 0x19
0x12b66: mov ah, 0x4f
0x12b68: je 0x12b25
0x12b6a: inc byte ptr cs:[0x209]
0x12b6f: loop 0x12b59
0x12b71: mov ah, 5
0x12b73: mov ch, byte ptr cs:[0x208]
2018-12-17T23:11:06.827315384Z 42 PC: 12b4d | Get date 0x12b4d: cmp dl, 0x15
0x12b50: jge 0x12b57
0x12b52: mov ah, 0x4f
0x12b54: jmp 0x12ac7
0x12b57: jmp 0x12b59
0x12b59: mov al, byte ptr cs:[0x209]
0x12b5d: call 0x12b71
0x12b60: cmp byte ptr cs:[0x209], 0x19
0x12b66: mov ah, 0x4f
0x12b68: je 0x12b25
0x12b6a: inc byte ptr cs:[0x209]
0x12b6f: loop 0x12b59
0x12b71: mov ah, 5
0x12b73: mov ch, byte ptr cs:[0x208]
0x12b78: mov dh, byte ptr cs:[0x208]
0x12b7d: mov dl, byte ptr cs:[0x209]
0x12b82: int 0x13
0x12b84: inc byte ptr cs:[0x208]
0x12b89: cmp byte ptr cs:[0x208], 5
0x12b8f: je 0x12b93
2018-12-17T23:11:06.830018705Z 79 PC: 12ac9 | Find next file
2018-12-17T23:11:06.832622098Z 61 PC: 12ad4 | Open file (Filename = 'HELLO.COM')
2018-12-17T23:11:06.838943104Z 63 PC: 12ae0 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:11:06.846375009Z 66 PC: 12ba8 | Move file pointer
2018-12-17T23:11:06.847819946Z 64 PC: 12b0f | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:11:06.850548945Z 66 PC: 12ba8 | Move file pointer
2018-12-17T23:11:06.852626645Z 64 PC: 12b1f | Write file or device (Write 517 bytes on handle 5)
2018-12-17T23:11:06.860412609Z 62 PC: 12b23 | Close file
2018-12-17T23:11:06.868221829Z 42 PC: 12b31 | Get date 0x12b31: cmp cx, 0x7ca
0x12b35: jge 0x12b3b
0x12b37: mov ah, 0x4f
0x12b39: jmp 0x12ac7
0x12b3b: mov ah, 0x2a
0x12b3d: int 0x21
0x12b3f: cmp dh, 5
0x12b42: jge 0x12b49
0x12b44: mov ah, 0x4f
0x12b46: jmp 0x12ac7
0x12b49: add ch, byte ptr [bp + si]
0x12b4b: int 0x21
0x12b4d: cmp dl, 0x15
0x12b50: jge 0x12b57
0x12b52: mov ah, 0x4f
0x12b54: jmp 0x12ac7
0x12b57: jmp 0x12b59
0x12b59: mov al, byte ptr cs:[0x209]
0x12b5d: call 0x12b71
0x12b60: cmp byte ptr cs:[0x209], 0x19
2018-12-17T23:11:06.871240835Z 42 PC: 12b3f | Get date 0x12b3f: cmp dh, 5
0x12b42: jge 0x12b49
0x12b44: mov ah, 0x4f
0x12b46: jmp 0x12ac7
0x12b49: add ch, byte ptr [bp + si]
0x12b4b: int 0x21
0x12b4d: cmp dl, 0x15
0x12b50: jge 0x12b57
0x12b52: mov ah, 0x4f
0x12b54: jmp 0x12ac7
0x12b57: jmp 0x12b59
0x12b59: mov al, byte ptr cs:[0x209]
0x12b5d: call 0x12b71
0x12b60: cmp byte ptr cs:[0x209], 0x19
0x12b66: mov ah, 0x4f
0x12b68: je 0x12b25
0x12b6a: inc byte ptr cs:[0x209]
0x12b6f: loop 0x12b59
0x12b71: mov ah, 5
0x12b73: mov ch, byte ptr cs:[0x208]
2018-12-17T23:11:06.87384423Z 42 PC: 12b4d | Get date 0x12b4d: cmp dl, 0x15
0x12b50: jge 0x12b57
0x12b52: mov ah, 0x4f
0x12b54: jmp 0x12ac7
0x12b57: jmp 0x12b59
0x12b59: mov al, byte ptr cs:[0x209]
0x12b5d: call 0x12b71
0x12b60: cmp byte ptr cs:[0x209], 0x19
0x12b66: mov ah, 0x4f
0x12b68: je 0x12b25
0x12b6a: inc byte ptr cs:[0x209]
0x12b6f: loop 0x12b59
0x12b71: mov ah, 5
0x12b73: mov ch, byte ptr cs:[0x208]
0x12b78: mov dh, byte ptr cs:[0x208]
0x12b7d: mov dl, byte ptr cs:[0x209]
0x12b82: int 0x13
0x12b84: inc byte ptr cs:[0x208]
0x12b89: cmp byte ptr cs:[0x208], 5
0x12b8f: je 0x12b93
2018-12-17T23:11:06.876311974Z 79 PC: 12ac9 | Find next file
2018-12-17T23:11:06.880164222Z 61 PC: 12ad4 | Open file (Filename = 'PHANG.COM')
2018-12-17T23:11:06.886768066Z 63 PC: 12ae0 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:11:06.893202199Z 66 PC: 12ba8 | Move file pointer
2018-12-17T23:11:06.895311919Z 64 PC: 12b0f | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:11:06.898078641Z 66 PC: 12ba8 | Move file pointer
2018-12-17T23:11:06.899587076Z 64 PC: 12b1f | Write file or device (Write 517 bytes on handle 5)
2018-12-17T23:11:06.909202068Z 62 PC: 12b23 | Close file
2018-12-17T23:11:06.917828273Z 42 PC: 12b31 | Get date 0x12b31: cmp cx, 0x7ca
0x12b35: jge 0x12b3b
0x12b37: mov ah, 0x4f
0x12b39: jmp 0x12ac7
0x12b3b: mov ah, 0x2a
0x12b3d: int 0x21
0x12b3f: cmp dh, 5
0x12b42: jge 0x12b49
0x12b44: mov ah, 0x4f
0x12b46: jmp 0x12ac7
0x12b49: add ch, byte ptr [bp + si]
0x12b4b: int 0x21
0x12b4d: cmp dl, 0x15
0x12b50: jge 0x12b57
0x12b52: mov ah, 0x4f
0x12b54: jmp 0x12ac7
0x12b57: jmp 0x12b59
0x12b59: mov al, byte ptr cs:[0x209]
0x12b5d: call 0x12b71
0x12b60: cmp byte ptr cs:[0x209], 0x19
2018-12-17T23:11:06.919802474Z 42 PC: 12b3f | Get date 0x12b3f: cmp dh, 5
0x12b42: jge 0x12b49
0x12b44: mov ah, 0x4f
0x12b46: jmp 0x12ac7
0x12b49: add ch, byte ptr [bp + si]
0x12b4b: int 0x21
0x12b4d: cmp dl, 0x15
0x12b50: jge 0x12b57
0x12b52: mov ah, 0x4f
0x12b54: jmp 0x12ac7
0x12b57: jmp 0x12b59
0x12b59: mov al, byte ptr cs:[0x209]
0x12b5d: call 0x12b71
0x12b60: cmp byte ptr cs:[0x209], 0x19
0x12b66: mov ah, 0x4f
0x12b68: je 0x12b25
0x12b6a: inc byte ptr cs:[0x209]
0x12b6f: loop 0x12b59
0x12b71: mov ah, 5
0x12b73: mov ch, byte ptr cs:[0x208]
2018-12-17T23:11:06.922514338Z 42 PC: 12b4d | Get date 0x12b4d: cmp dl, 0x15
0x12b50: jge 0x12b57
0x12b52: mov ah, 0x4f
0x12b54: jmp 0x12ac7
0x12b57: jmp 0x12b59
0x12b59: mov al, byte ptr cs:[0x209]
0x12b5d: call 0x12b71
0x12b60: cmp byte ptr cs:[0x209], 0x19
0x12b66: mov ah, 0x4f
0x12b68: je 0x12b25
0x12b6a: inc byte ptr cs:[0x209]
0x12b6f: loop 0x12b59
0x12b71: mov ah, 5
0x12b73: mov ch, byte ptr cs:[0x208]
0x12b78: mov dh, byte ptr cs:[0x208]
0x12b7d: mov dl, byte ptr cs:[0x209]
0x12b82: int 0x13
0x12b84: inc byte ptr cs:[0x208]
0x12b89: cmp byte ptr cs:[0x208], 5
0x12b8f: je 0x12b93
2018-12-17T23:11:06.924600427Z 79 PC: 12ac9 | Find next file
2018-12-17T23:11:06.927067392Z 61 PC: 12ad4 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T23:11:06.931967469Z 63 PC: 12ae0 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:11:06.935911789Z 66 PC: 12ba8 | Move file pointer
2018-12-17T23:11:06.936891274Z 64 PC: 12b0f | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:11:06.939197105Z 66 PC: 12ba8 | Move file pointer
2018-12-17T23:11:06.94022818Z 64 PC: 12b1f | Write file or device (Write 517 bytes on handle 5)
2018-12-17T23:11:06.945237414Z 62 PC: 12b23 | Close file
2018-12-17T23:11:06.950941292Z 42 PC: 12b31 | Get date 0x12b31: cmp cx, 0x7ca
0x12b35: jge 0x12b3b
0x12b37: mov ah, 0x4f
0x12b39: jmp 0x12ac7
0x12b3b: mov ah, 0x2a
0x12b3d: int 0x21
0x12b3f: cmp dh, 5
0x12b42: jge 0x12b49
0x12b44: mov ah, 0x4f
0x12b46: jmp 0x12ac7
0x12b49: add ch, byte ptr [bp + si]
0x12b4b: int 0x21
0x12b4d: cmp dl, 0x15
0x12b50: jge 0x12b57
0x12b52: mov ah, 0x4f
0x12b54: jmp 0x12ac7
0x12b57: jmp 0x12b59
0x12b59: mov al, byte ptr cs:[0x209]
0x12b5d: call 0x12b71
0x12b60: cmp byte ptr cs:[0x209], 0x19
2018-12-17T23:11:06.952526185Z 42 PC: 12b3f | Get date 0x12b3f: cmp dh, 5
0x12b42: jge 0x12b49
0x12b44: mov ah, 0x4f
0x12b46: jmp 0x12ac7
0x12b49: add ch, byte ptr [bp + si]
0x12b4b: int 0x21
0x12b4d: cmp dl, 0x15
0x12b50: jge 0x12b57
0x12b52: mov ah, 0x4f
0x12b54: jmp 0x12ac7
0x12b57: jmp 0x12b59
0x12b59: mov al, byte ptr cs:[0x209]
0x12b5d: call 0x12b71
0x12b60: cmp byte ptr cs:[0x209], 0x19
0x12b66: mov ah, 0x4f
0x12b68: je 0x12b25
0x12b6a: inc byte ptr cs:[0x209]
0x12b6f: loop 0x12b59
0x12b71: mov ah, 5
0x12b73: mov ch, byte ptr cs:[0x208]
2018-12-17T23:11:06.954081644Z 42 PC: 12b4d | Get date 0x12b4d: cmp dl, 0x15
0x12b50: jge 0x12b57
0x12b52: mov ah, 0x4f
0x12b54: jmp 0x12ac7
0x12b57: jmp 0x12b59
0x12b59: mov al, byte ptr cs:[0x209]
0x12b5d: call 0x12b71
0x12b60: cmp byte ptr cs:[0x209], 0x19
0x12b66: mov ah, 0x4f
0x12b68: je 0x12b25
0x12b6a: inc byte ptr cs:[0x209]
0x12b6f: loop 0x12b59
0x12b71: mov ah, 5
0x12b73: mov ch, byte ptr cs:[0x208]
0x12b78: mov dh, byte ptr cs:[0x208]
0x12b7d: mov dl, byte ptr cs:[0x209]
0x12b82: int 0x13
0x12b84: inc byte ptr cs:[0x208]
0x12b89: cmp byte ptr cs:[0x208], 5
0x12b8f: je 0x12b93
2018-12-17T23:11:06.955756758Z 79 PC: 12ac9 | Find next file
2018-12-17T23:11:06.958080939Z 61 PC: 12ad4 | Open file (Filename = 'MANDEL.COM')
2018-12-17T23:11:06.965024392Z 63 PC: 12ae0 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:11:06.97152185Z 66 PC: 12ba8 | Move file pointer
2018-12-17T23:11:06.973263483Z 64 PC: 12b0f | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:11:06.975813316Z 66 PC: 12ba8 | Move file pointer
2018-12-17T23:11:06.977393676Z 64 PC: 12b1f | Write file or device (Write 517 bytes on handle 5)
2018-12-17T23:11:06.985860081Z 62 PC: 12b23 | Close file
2018-12-17T23:11:06.994078842Z 42 PC: 12b31 | Get date 0x12b31: cmp cx, 0x7ca
0x12b35: jge 0x12b3b
0x12b37: mov ah, 0x4f
0x12b39: jmp 0x12ac7
0x12b3b: mov ah, 0x2a
0x12b3d: int 0x21
0x12b3f: cmp dh, 5
0x12b42: jge 0x12b49
0x12b44: mov ah, 0x4f
0x12b46: jmp 0x12ac7
0x12b49: add ch, byte ptr [bp + si]
0x12b4b: int 0x21
0x12b4d: cmp dl, 0x15
0x12b50: jge 0x12b57
0x12b52: mov ah, 0x4f
0x12b54: jmp 0x12ac7
0x12b57: jmp 0x12b59
0x12b59: mov al, byte ptr cs:[0x209]
0x12b5d: call 0x12b71
0x12b60: cmp byte ptr cs:[0x209], 0x19
2018-12-17T23:11:06.996170406Z 42 PC: 12b3f | Get date 0x12b3f: cmp dh, 5
0x12b42: jge 0x12b49
0x12b44: mov ah, 0x4f
0x12b46: jmp 0x12ac7
0x12b49: add ch, byte ptr [bp + si]
0x12b4b: int 0x21
0x12b4d: cmp dl, 0x15
0x12b50: jge 0x12b57
0x12b52: mov ah, 0x4f
0x12b54: jmp 0x12ac7
0x12b57: jmp 0x12b59
0x12b59: mov al, byte ptr cs:[0x209]
0x12b5d: call 0x12b71
0x12b60: cmp byte ptr cs:[0x209], 0x19
0x12b66: mov ah, 0x4f
0x12b68: je 0x12b25
0x12b6a: inc byte ptr cs:[0x209]
0x12b6f: loop 0x12b59
0x12b71: mov ah, 5
0x12b73: mov ch, byte ptr cs:[0x208]
2018-12-17T23:11:06.998997262Z 42 PC: 12b4d | Get date 0x12b4d: cmp dl, 0x15
0x12b50: jge 0x12b57
0x12b52: mov ah, 0x4f
0x12b54: jmp 0x12ac7
0x12b57: jmp 0x12b59
0x12b59: mov al, byte ptr cs:[0x209]
0x12b5d: call 0x12b71
0x12b60: cmp byte ptr cs:[0x209], 0x19
0x12b66: mov ah, 0x4f
0x12b68: je 0x12b25
0x12b6a: inc byte ptr cs:[0x209]
0x12b6f: loop 0x12b59
0x12b71: mov ah, 5
0x12b73: mov ch, byte ptr cs:[0x208]
0x12b78: mov dh, byte ptr cs:[0x208]
0x12b7d: mov dl, byte ptr cs:[0x209]
0x12b82: int 0x13
0x12b84: inc byte ptr cs:[0x208]
0x12b89: cmp byte ptr cs:[0x208], 5
0x12b8f: je 0x12b93
2018-12-17T23:11:07.001139303Z 79 PC: 12ac9 | Find next file
2018-12-17T23:11:07.00417863Z 61 PC: 12ad4 | Open file (Filename = 'PAH.COM')
2018-12-17T23:11:07.011948829Z 63 PC: 12ae0 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:11:07.018138259Z 66 PC: 12ba8 | Move file pointer
2018-12-17T23:11:07.019326001Z 64 PC: 12b0f | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:11:07.022335974Z 66 PC: 12ba8 | Move file pointer
2018-12-17T23:11:07.02370809Z 64 PC: 12b1f | Write file or device (Write 517 bytes on handle 5)
2018-12-17T23:11:07.031290694Z 62 PC: 12b23 | Close file
2018-12-17T23:11:07.03947762Z 42 PC: 12b31 | Get date 0x12b31: cmp cx, 0x7ca
0x12b35: jge 0x12b3b
0x12b37: mov ah, 0x4f
0x12b39: jmp 0x12ac7
0x12b3b: mov ah, 0x2a
0x12b3d: int 0x21
0x12b3f: cmp dh, 5
0x12b42: jge 0x12b49
0x12b44: mov ah, 0x4f
0x12b46: jmp 0x12ac7
0x12b49: add ch, byte ptr [bp + si]
0x12b4b: int 0x21
0x12b4d: cmp dl, 0x15
0x12b50: jge 0x12b57
0x12b52: mov ah, 0x4f
0x12b54: jmp 0x12ac7
0x12b57: jmp 0x12b59
0x12b59: mov al, byte ptr cs:[0x209]
0x12b5d: call 0x12b71
0x12b60: cmp byte ptr cs:[0x209], 0x19
2018-12-17T23:11:07.041412201Z 42 PC: 12b3f | Get date 0x12b3f: cmp dh, 5
0x12b42: jge 0x12b49
0x12b44: mov ah, 0x4f
0x12b46: jmp 0x12ac7
0x12b49: add ch, byte ptr [bp + si]
0x12b4b: int 0x21
0x12b4d: cmp dl, 0x15
0x12b50: jge 0x12b57
0x12b52: mov ah, 0x4f
0x12b54: jmp 0x12ac7
0x12b57: jmp 0x12b59
0x12b59: mov al, byte ptr cs:[0x209]
0x12b5d: call 0x12b71
0x12b60: cmp byte ptr cs:[0x209], 0x19
0x12b66: mov ah, 0x4f
0x12b68: je 0x12b25
0x12b6a: inc byte ptr cs:[0x209]
0x12b6f: loop 0x12b59
0x12b71: mov ah, 5
0x12b73: mov ch, byte ptr cs:[0x208]
2018-12-17T23:11:07.043300903Z 42 PC: 12b4d | Get date 0x12b4d: cmp dl, 0x15
0x12b50: jge 0x12b57
0x12b52: mov ah, 0x4f
0x12b54: jmp 0x12ac7
0x12b57: jmp 0x12b59
0x12b59: mov al, byte ptr cs:[0x209]
0x12b5d: call 0x12b71
0x12b60: cmp byte ptr cs:[0x209], 0x19
0x12b66: mov ah, 0x4f
0x12b68: je 0x12b25
0x12b6a: inc byte ptr cs:[0x209]
0x12b6f: loop 0x12b59
0x12b71: mov ah, 5
0x12b73: mov ch, byte ptr cs:[0x208]
0x12b78: mov dh, byte ptr cs:[0x208]
0x12b7d: mov dl, byte ptr cs:[0x209]
0x12b82: int 0x13
0x12b84: inc byte ptr cs:[0x208]
0x12b89: cmp byte ptr cs:[0x208], 5
0x12b8f: je 0x12b93
2018-12-17T23:11:07.045668876Z 79 PC: 12ac9 | Find next file
2018-12-17T23:11:07.047945262Z 61 PC: 12ad4 | Open file (Filename = 'TEST.COM')
2018-12-17T23:11:07.053973894Z 63 PC: 12ae0 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:11:07.057401868Z 62 PC: 12b23 | Close file
2018-12-17T23:11:07.058957706Z 42 PC: 12b31 | Get date 0x12b31: cmp cx, 0x7ca
0x12b35: jge 0x12b3b
0x12b37: mov ah, 0x4f
0x12b39: jmp 0x12ac7
0x12b3b: mov ah, 0x2a
0x12b3d: int 0x21
0x12b3f: cmp dh, 5
0x12b42: jge 0x12b49
0x12b44: mov ah, 0x4f
0x12b46: jmp 0x12ac7
0x12b49: add ch, byte ptr [bp + si]
0x12b4b: int 0x21
0x12b4d: cmp dl, 0x15
0x12b50: jge 0x12b57
0x12b52: mov ah, 0x4f
0x12b54: jmp 0x12ac7
0x12b57: jmp 0x12b59
0x12b59: mov al, byte ptr cs:[0x209]
0x12b5d: call 0x12b71
0x12b60: cmp byte ptr cs:[0x209], 0x19
2018-12-17T23:11:07.060841739Z 42 PC: 12b3f | Get date 0x12b3f: cmp dh, 5
0x12b42: jge 0x12b49
0x12b44: mov ah, 0x4f
0x12b46: jmp 0x12ac7
0x12b49: add ch, byte ptr [bp + si]
0x12b4b: int 0x21
0x12b4d: cmp dl, 0x15
0x12b50: jge 0x12b57
0x12b52: mov ah, 0x4f
0x12b54: jmp 0x12ac7
0x12b57: jmp 0x12b59
0x12b59: mov al, byte ptr cs:[0x209]
0x12b5d: call 0x12b71
0x12b60: cmp byte ptr cs:[0x209], 0x19
0x12b66: mov ah, 0x4f
0x12b68: je 0x12b25
0x12b6a: inc byte ptr cs:[0x209]
0x12b6f: loop 0x12b59
0x12b71: mov ah, 5
0x12b73: mov ch, byte ptr cs:[0x208]
2018-12-17T23:11:07.063330401Z 42 PC: 12b4d | Get date 0x12b4d: cmp dl, 0x15
0x12b50: jge 0x12b57
0x12b52: mov ah, 0x4f
0x12b54: jmp 0x12ac7
0x12b57: jmp 0x12b59
0x12b59: mov al, byte ptr cs:[0x209]
0x12b5d: call 0x12b71
0x12b60: cmp byte ptr cs:[0x209], 0x19
0x12b66: mov ah, 0x4f
0x12b68: je 0x12b25
0x12b6a: inc byte ptr cs:[0x209]
0x12b6f: loop 0x12b59
0x12b71: mov ah, 5
0x12b73: mov ch, byte ptr cs:[0x208]
0x12b78: mov dh, byte ptr cs:[0x208]
0x12b7d: mov dl, byte ptr cs:[0x209]
0x12b82: int 0x13
0x12b84: inc byte ptr cs:[0x208]
0x12b89: cmp byte ptr cs:[0x208], 5
0x12b8f: je 0x12b93
2018-12-17T23:11:07.065202798Z 79 PC: 12ac9 | Find next file
2018-12-17T23:11:07.067342501Z 26 PC: 12ba0 | Set disk transfer address
2018-12-17T23:11:07.0693569Z 9 PC: 12aa2 | Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17082,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:54:44.724802375Z 26 PC: 12ba0 | Set disk transfer address
2018-12-25T12:54:44.725860788Z 78 PC: 12ac9 | Find first file
2018-12-25T12:54:44.731671347Z 61 PC: 12ad4 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:54:44.737772611Z 63 PC: 12ae0 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:54:44.744005468Z 66 PC: 12ba8 | Move file pointer
2018-12-25T12:54:44.745300478Z 64 PC: 12b0f | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:54:44.747685728Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:44.748834358Z 64 PC: 12b1f | Write file or device (Write 517 bytes on handle 5)
2018-12-25T12:54:45.260725886Z 62 PC: 12b23 | Close file
2018-12-25T12:54:45.268817475Z 42 PC: 12b31 | Get date 0x12b31: cmp cx, 0x7ca
0x12b35: jge 0x12b3b
0x12b37: mov ah, 0x4f
0x12b39: jmp 0x12ac7
0x12b3b: mov ah, 0x2a
0x12b3d: int 0x21
0x12b3f: cmp dh, 5
0x12b42: jge 0x12b49
0x12b44: mov ah, 0x4f
0x12b46: jmp 0x12ac7
0x12b49: add ch, byte ptr [bp + si]
0x12b4b: int 0x21
0x12b4d: cmp dl, 0x15
0x12b50: jge 0x12b57
0x12b52: mov ah, 0x4f
0x12b54: jmp 0x12ac7
0x12b57: jmp 0x12b59
0x12b59: mov al, byte ptr cs:[0x209]
0x12b5d: call 0x12b71
0x12b60: cmp byte ptr cs:[0x209], 0x19
2018-12-25T12:54:45.270880091Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:45.273844122Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T12:54:45.280432632Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:54:45.286885171Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.288965253Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T12:54:45.292201427Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.293516747Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T12:54:45.301973474Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:54:45.310254661Z 42 PC: 12b31 | Get date (See above)
2018-12-25T12:54:45.315639122Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:45.318804985Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T12:54:45.32515227Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:54:45.33174259Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.333713698Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T12:54:45.33655258Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.338283176Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T12:54:45.347075698Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:54:45.354976048Z 42 PC: 12b31 | Get date (See above)
2018-12-25T12:54:45.357868513Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:45.361873324Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T12:54:45.368940214Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:54:45.375310796Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.376914071Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T12:54:45.380243645Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.381596869Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T12:54:45.389373931Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:54:45.397906317Z 42 PC: 12b31 | Get date (See above)
2018-12-25T12:54:45.400188151Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:45.402812944Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T12:54:45.409542649Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:54:45.415611663Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.41698327Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T12:54:45.42038815Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.42174391Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T12:54:45.429825323Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:54:45.438266551Z 42 PC: 12b31 | Get date (See above)
2018-12-25T12:54:45.440591471Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:45.443128943Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T12:54:45.450375848Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:54:45.456497804Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.457982756Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T12:54:45.461549805Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.462878826Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T12:54:45.470609484Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:54:45.479452184Z 42 PC: 12b31 | Get date (See above)
2018-12-25T12:54:45.483193372Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:45.485619748Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T12:54:45.493880774Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:54:45.504157839Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.505538945Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T12:54:45.509570678Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.511024685Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T12:54:45.518866518Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:54:45.526877903Z 42 PC: 12b31 | Get date (See above)
2018-12-25T12:54:45.528983057Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:45.531622334Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T12:54:45.538362687Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:54:45.54118488Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:54:45.542891469Z 42 PC: 12b31 | Get date (See above)
2018-12-25T12:54:45.545390306Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:45.550470307Z 26 PC: 12ba0 | Set disk transfer address (See above)
2018-12-25T12:54:45.551632788Z 9 PC: 12aa2 | Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1994,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17082,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:54:44.842666316Z 26 PC: 12ba0 | Set disk transfer address
2018-12-25T12:54:44.84464551Z 78 PC: 12ac9 | Find first file
2018-12-25T12:54:44.851236958Z 61 PC: 12ad4 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:54:44.857982175Z 63 PC: 12ae0 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:54:44.865611125Z 66 PC: 12ba8 | Move file pointer
2018-12-25T12:54:44.867123283Z 64 PC: 12b0f | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:54:44.868729437Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:44.86983274Z 64 PC: 12b1f | Write file or device (Write 517 bytes on handle 5)
2018-12-25T12:54:45.261172584Z 62 PC: 12b23 | Close file
2018-12-25T12:54:45.269290485Z 42 PC: 12b31 | Get date 0x12b31: cmp cx, 0x7ca
0x12b35: jge 0x12b3b
0x12b37: mov ah, 0x4f
0x12b39: jmp 0x12ac7
0x12b3b: mov ah, 0x2a
0x12b3d: int 0x21
0x12b3f: cmp dh, 5
0x12b42: jge 0x12b49
0x12b44: mov ah, 0x4f
0x12b46: jmp 0x12ac7
0x12b49: add ch, byte ptr [bp + si]
0x12b4b: int 0x21
0x12b4d: cmp dl, 0x15
0x12b50: jge 0x12b57
0x12b52: mov ah, 0x4f
0x12b54: jmp 0x12ac7
0x12b57: jmp 0x12b59
0x12b59: mov al, byte ptr cs:[0x209]
0x12b5d: call 0x12b71
0x12b60: cmp byte ptr cs:[0x209], 0x19
2018-12-25T12:54:45.271260459Z 42 PC: 12b3f | Get date 0x12b3f: cmp dh, 5
0x12b42: jge 0x12b49
0x12b44: mov ah, 0x4f
0x12b46: jmp 0x12ac7
0x12b49: add ch, byte ptr [bp + si]
0x12b4b: int 0x21
0x12b4d: cmp dl, 0x15
0x12b50: jge 0x12b57
0x12b52: mov ah, 0x4f
0x12b54: jmp 0x12ac7
0x12b57: jmp 0x12b59
0x12b59: mov al, byte ptr cs:[0x209]
0x12b5d: call 0x12b71
0x12b60: cmp byte ptr cs:[0x209], 0x19
0x12b66: mov ah, 0x4f
0x12b68: je 0x12b25
0x12b6a: inc byte ptr cs:[0x209]
0x12b6f: loop 0x12b59
0x12b71: mov ah, 5
0x12b73: mov ch, byte ptr cs:[0x208]
2018-12-25T12:54:45.274700823Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:45.276425549Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T12:54:45.280540663Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:54:45.285110772Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.286074187Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T12:54:45.288028143Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.290681843Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T12:54:45.298307723Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:54:45.306112183Z 42 PC: 12b31 | Get date (See above)
2018-12-25T12:54:45.314514278Z 42 PC: 12b3f | Get date (See above)
2018-12-25T12:54:45.316837871Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:45.319256878Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T12:54:45.326706846Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:54:45.333040998Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.334346335Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T12:54:45.338448708Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.339619184Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T12:54:45.347614293Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:54:45.356493683Z 42 PC: 12b31 | Get date (See above)
2018-12-25T12:54:45.358551058Z 42 PC: 12b3f | Get date (See above)
2018-12-25T12:54:45.360670535Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:45.36335798Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T12:54:45.369951959Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:54:45.376221528Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.377915563Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T12:54:45.380731432Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.382022232Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T12:54:45.390354282Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:54:45.398904152Z 42 PC: 12b31 | Get date (See above)
2018-12-25T12:54:45.401180411Z 42 PC: 12b3f | Get date (See above)
2018-12-25T12:54:45.403278317Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:45.407921726Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T12:54:45.414211705Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:54:45.420516817Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.423057629Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T12:54:45.42554417Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.427056302Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T12:54:45.435880418Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:54:45.444061031Z 42 PC: 12b31 | Get date (See above)
2018-12-25T12:54:45.4461078Z 42 PC: 12b3f | Get date (See above)
2018-12-25T12:54:45.450688833Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:45.453237293Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T12:54:45.460459942Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:54:45.467767025Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.469317765Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T12:54:45.472160768Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.474552864Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T12:54:45.48238657Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:54:45.490077156Z 42 PC: 12b31 | Get date (See above)
2018-12-25T12:54:45.493154742Z 42 PC: 12b3f | Get date (See above)
2018-12-25T12:54:45.495295087Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:45.498091532Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T12:54:45.505065959Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:54:45.511719108Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.512994735Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T12:54:45.51681712Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.518221264Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T12:54:45.526473139Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:54:45.535360572Z 42 PC: 12b31 | Get date (See above)
2018-12-25T12:54:45.537697933Z 42 PC: 12b3f | Get date (See above)
2018-12-25T12:54:45.54009537Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:45.543389545Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T12:54:45.550360997Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:54:45.553303577Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:54:45.556278491Z 42 PC: 12b31 | Get date (See above)
2018-12-25T12:54:45.558904597Z 42 PC: 12b3f | Get date (See above)
2018-12-25T12:54:45.561192042Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:45.564391537Z 26 PC: 12ba0 | Set disk transfer address (See above)
2018-12-25T12:54:45.566442758Z 9 PC: 12aa2 | Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17082,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:54:44.918399884Z 26 PC: 12ba0 | Set disk transfer address
2018-12-25T12:54:44.919773425Z 78 PC: 12ac9 | Find first file
2018-12-25T12:54:44.925481967Z 61 PC: 12ad4 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:54:44.931734427Z 63 PC: 12ae0 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:54:44.942614769Z 66 PC: 12ba8 | Move file pointer
2018-12-25T12:54:44.943834368Z 64 PC: 12b0f | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:54:44.946227411Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:44.947887215Z 64 PC: 12b1f | Write file or device (Write 517 bytes on handle 5)
2018-12-25T12:54:45.262521079Z 62 PC: 12b23 | Close file
2018-12-25T12:54:45.270307282Z 42 PC: 12b31 | Get date 0x12b31: cmp cx, 0x7ca
0x12b35: jge 0x12b3b
0x12b37: mov ah, 0x4f
0x12b39: jmp 0x12ac7
0x12b3b: mov ah, 0x2a
0x12b3d: int 0x21
0x12b3f: cmp dh, 5
0x12b42: jge 0x12b49
0x12b44: mov ah, 0x4f
0x12b46: jmp 0x12ac7
0x12b49: add ch, byte ptr [bp + si]
0x12b4b: int 0x21
0x12b4d: cmp dl, 0x15
0x12b50: jge 0x12b57
0x12b52: mov ah, 0x4f
0x12b54: jmp 0x12ac7
0x12b57: jmp 0x12b59
0x12b59: mov al, byte ptr cs:[0x209]
0x12b5d: call 0x12b71
0x12b60: cmp byte ptr cs:[0x209], 0x19
2018-12-25T12:54:45.272949963Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:45.275557602Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T12:54:45.282227222Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:54:45.288684217Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.291073672Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T12:54:45.293702223Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.295154818Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T12:54:45.303024431Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:54:45.310692819Z 42 PC: 12b31 | Get date (See above)
2018-12-25T12:54:45.313307468Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:45.316158641Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T12:54:45.322379601Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:54:45.328736118Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.330640849Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T12:54:45.333227567Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.334883922Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T12:54:45.343859324Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:54:45.352239448Z 42 PC: 12b31 | Get date (See above)
2018-12-25T12:54:45.354873296Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:45.358558607Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T12:54:45.365093165Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:54:45.371328601Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.373602784Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T12:54:45.376252836Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.377649585Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T12:54:45.386699491Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:54:45.394727821Z 42 PC: 12b31 | Get date (See above)
2018-12-25T12:54:45.397134879Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:45.400666496Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T12:54:45.407149645Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:54:45.413240313Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.415360492Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T12:54:45.417957775Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.419704366Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T12:54:45.428047648Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:54:45.436086914Z 42 PC: 12b31 | Get date (See above)
2018-12-25T12:54:45.438050842Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:45.441681428Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T12:54:45.448971073Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:54:45.45518Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.456642528Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T12:54:45.459739821Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.461264119Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T12:54:45.468859851Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:54:45.476873163Z 42 PC: 12b31 | Get date (See above)
2018-12-25T12:54:45.479149685Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:45.481585063Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T12:54:45.488513543Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:54:45.494911171Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.496331184Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T12:54:45.499632704Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.500849578Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T12:54:45.508791983Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:54:45.517964611Z 42 PC: 12b31 | Get date (See above)
2018-12-25T12:54:45.520392549Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:45.523092577Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T12:54:45.529921582Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:54:45.532659256Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:54:45.534634107Z 42 PC: 12b31 | Get date (See above)
2018-12-25T12:54:45.537406953Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:45.53970212Z 26 PC: 12ba0 | Set disk transfer address (See above)
2018-12-25T12:54:45.541305657Z 9 PC: 12aa2 | Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":true,"Day":1,"Month":5,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17082,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:54:44.950512749Z 26 PC: 12ba0 | Set disk transfer address
2018-12-25T12:54:44.952502593Z 78 PC: 12ac9 | Find first file
2018-12-25T12:54:44.959191499Z 61 PC: 12ad4 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:54:44.965799688Z 63 PC: 12ae0 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:54:44.973175833Z 66 PC: 12ba8 | Move file pointer
2018-12-25T12:54:44.975324677Z 64 PC: 12b0f | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:54:44.978203251Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:44.979575823Z 64 PC: 12b1f | Write file or device (Write 517 bytes on handle 5)
2018-12-25T12:54:45.260304453Z 62 PC: 12b23 | Close file
2018-12-25T12:54:45.268367321Z 42 PC: 12b31 | Get date 0x12b31: cmp cx, 0x7ca
0x12b35: jge 0x12b3b
0x12b37: mov ah, 0x4f
0x12b39: jmp 0x12ac7
0x12b3b: mov ah, 0x2a
0x12b3d: int 0x21
0x12b3f: cmp dh, 5
0x12b42: jge 0x12b49
0x12b44: mov ah, 0x4f
0x12b46: jmp 0x12ac7
0x12b49: add ch, byte ptr [bp + si]
0x12b4b: int 0x21
0x12b4d: cmp dl, 0x15
0x12b50: jge 0x12b57
0x12b52: mov ah, 0x4f
0x12b54: jmp 0x12ac7
0x12b57: jmp 0x12b59
0x12b59: mov al, byte ptr cs:[0x209]
0x12b5d: call 0x12b71
0x12b60: cmp byte ptr cs:[0x209], 0x19
2018-12-25T12:54:45.270117947Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:45.273212478Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T12:54:45.280454903Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:54:45.287459323Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.290526979Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T12:54:45.293020528Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.294387979Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T12:54:45.305287792Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:54:45.326958748Z 42 PC: 12b31 | Get date (See above)
2018-12-25T12:54:45.329189723Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:45.332749381Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T12:54:45.342380464Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:54:45.349318045Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.350668338Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T12:54:45.353794951Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.355357367Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T12:54:45.363813751Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:54:45.371900151Z 42 PC: 12b31 | Get date (See above)
2018-12-25T12:54:45.37389772Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:45.376432176Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T12:54:45.384403014Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:54:45.391224887Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.392857387Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T12:54:45.397482268Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.408488998Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T12:54:45.417088562Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:54:45.425909771Z 42 PC: 12b31 | Get date (See above)
2018-12-25T12:54:45.428016864Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:45.431279169Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T12:54:45.438123584Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:54:45.444373328Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.445778494Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T12:54:45.449570177Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.451001839Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T12:54:45.458767863Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:54:45.468700482Z 42 PC: 12b31 | Get date (See above)
2018-12-25T12:54:45.471002039Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:45.47342649Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T12:54:45.480318167Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:54:45.486627845Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.487853017Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T12:54:45.49054367Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.492126935Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T12:54:45.500368448Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:54:45.508401987Z 42 PC: 12b31 | Get date (See above)
2018-12-25T12:54:45.511258768Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:45.514071648Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T12:54:45.520552465Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:54:45.527632355Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.528981771Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T12:54:45.531079495Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.53281964Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T12:54:45.539642183Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:54:45.548639287Z 42 PC: 12b31 | Get date (See above)
2018-12-25T12:54:45.551848105Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:45.554452736Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T12:54:45.561165086Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:54:45.565370765Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:54:45.567305131Z 42 PC: 12b31 | Get date (See above)
2018-12-25T12:54:45.569698148Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:45.572543062Z 26 PC: 12ba0 | Set disk transfer address (See above)
2018-12-25T12:54:45.573601339Z 9 PC: 12aa2 | Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":true,"Day":21,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17082,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:54:44.964784786Z 26 PC: 12ba0 | Set disk transfer address
2018-12-25T12:54:44.966636115Z 78 PC: 12ac9 | Find first file
2018-12-25T12:54:44.974051268Z 61 PC: 12ad4 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:54:44.981015989Z 63 PC: 12ae0 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:54:44.993378855Z 66 PC: 12ba8 | Move file pointer
2018-12-25T12:54:44.995218103Z 64 PC: 12b0f | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:54:44.998024411Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.000469258Z 64 PC: 12b1f | Write file or device (Write 517 bytes on handle 5)
2018-12-25T12:54:45.017296586Z 62 PC: 12b23 | Close file
2018-12-25T12:54:45.026427814Z 42 PC: 12b31 | Get date 0x12b31: cmp cx, 0x7ca
0x12b35: jge 0x12b3b
0x12b37: mov ah, 0x4f
0x12b39: jmp 0x12ac7
0x12b3b: mov ah, 0x2a
0x12b3d: int 0x21
0x12b3f: cmp dh, 5
0x12b42: jge 0x12b49
0x12b44: mov ah, 0x4f
0x12b46: jmp 0x12ac7
0x12b49: add ch, byte ptr [bp + si]
0x12b4b: int 0x21
0x12b4d: cmp dl, 0x15
0x12b50: jge 0x12b57
0x12b52: mov ah, 0x4f
0x12b54: jmp 0x12ac7
0x12b57: jmp 0x12b59
0x12b59: mov al, byte ptr cs:[0x209]
0x12b5d: call 0x12b71
0x12b60: cmp byte ptr cs:[0x209], 0x19
2018-12-25T12:54:45.029182797Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:45.033305528Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T12:54:45.040581765Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:54:45.044932706Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.046511827Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T12:54:45.048461069Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.049639313Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T12:54:45.055109032Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:54:45.060740753Z 42 PC: 12b31 | Get date (See above)
2018-12-25T12:54:45.062403686Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:45.064640042Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T12:54:45.06917313Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:54:45.073248087Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.07422504Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T12:54:45.077509079Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.07901546Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T12:54:45.092465873Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:54:45.112340085Z 42 PC: 12b31 | Get date (See above)
2018-12-25T12:54:45.11413277Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:45.116772267Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T12:54:45.122093156Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:54:45.12787316Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.12910939Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T12:54:45.14438731Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.145550357Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T12:54:45.151331275Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:54:45.157835708Z 42 PC: 12b31 | Get date (See above)
2018-12-25T12:54:45.160236115Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:45.162312859Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T12:54:45.1673502Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:54:45.174808498Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.176469455Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T12:54:45.179441542Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.181722168Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T12:54:45.190895073Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:54:45.200830044Z 42 PC: 12b31 | Get date (See above)
2018-12-25T12:54:45.204475352Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:45.207366659Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T12:54:45.214827874Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:54:45.222921183Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.224486451Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T12:54:45.227327311Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.230411704Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T12:54:45.240194846Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:54:45.249470361Z 42 PC: 12b31 | Get date (See above)
2018-12-25T12:54:45.251910175Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:45.256335658Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T12:54:45.263608033Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:54:45.270642011Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.272714452Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T12:54:45.279369245Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.281535838Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T12:54:45.291183554Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:54:45.300371679Z 42 PC: 12b31 | Get date (See above)
2018-12-25T12:54:45.303990473Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:45.307476791Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T12:54:45.315428198Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:54:45.318562043Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:54:45.321717664Z 42 PC: 12b31 | Get date (See above)
2018-12-25T12:54:45.324473595Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:45.327402269Z 26 PC: 12ba0 | Set disk transfer address (See above)
2018-12-25T12:54:45.329662568Z 9 PC: 12aa2 | Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17082,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:54:44.997626086Z 26 PC: 12ba0 | Set disk transfer address
2018-12-25T12:54:44.999196065Z 78 PC: 12ac9 | Find first file
2018-12-25T12:54:45.004826933Z 61 PC: 12ad4 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:54:45.01099651Z 63 PC: 12ae0 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:54:45.017378957Z 66 PC: 12ba8 | Move file pointer
2018-12-25T12:54:45.01856879Z 64 PC: 12b0f | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:54:45.020941307Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.022410431Z 64 PC: 12b1f | Write file or device (Write 517 bytes on handle 5)
2018-12-25T12:54:45.261077029Z 62 PC: 12b23 | Close file
2018-12-25T12:54:45.269264153Z 42 PC: 12b31 | Get date 0x12b31: cmp cx, 0x7ca
0x12b35: jge 0x12b3b
0x12b37: mov ah, 0x4f
0x12b39: jmp 0x12ac7
0x12b3b: mov ah, 0x2a
0x12b3d: int 0x21
0x12b3f: cmp dh, 5
0x12b42: jge 0x12b49
0x12b44: mov ah, 0x4f
0x12b46: jmp 0x12ac7
0x12b49: add ch, byte ptr [bp + si]
0x12b4b: int 0x21
0x12b4d: cmp dl, 0x15
0x12b50: jge 0x12b57
0x12b52: mov ah, 0x4f
0x12b54: jmp 0x12ac7
0x12b57: jmp 0x12b59
0x12b59: mov al, byte ptr cs:[0x209]
0x12b5d: call 0x12b71
0x12b60: cmp byte ptr cs:[0x209], 0x19
2018-12-25T12:54:45.272174177Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:45.275128209Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T12:54:45.281325691Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:54:45.287771297Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.289370027Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T12:54:45.291220501Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.292255162Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T12:54:45.297783408Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:54:45.303599038Z 42 PC: 12b31 | Get date (See above)
2018-12-25T12:54:45.305518702Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:45.308058792Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T12:54:45.314501385Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:54:45.320754846Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.322811616Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T12:54:45.325453287Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.327254707Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T12:54:45.336890761Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:54:45.344845409Z 42 PC: 12b31 | Get date (See above)
2018-12-25T12:54:45.346835854Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:45.35162511Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T12:54:45.357950802Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:54:45.364210568Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.366044787Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T12:54:45.368552567Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.369959117Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T12:54:45.3782101Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:54:45.386064941Z 42 PC: 12b31 | Get date (See above)
2018-12-25T12:54:45.388272241Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:45.391452238Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T12:54:45.397907685Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:54:45.403985962Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.406483946Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T12:54:45.408980899Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.410191426Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T12:54:45.418646001Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:54:45.426843656Z 42 PC: 12b31 | Get date (See above)
2018-12-25T12:54:45.428853642Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:45.431846716Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T12:54:45.438382537Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:54:45.444541695Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.44640609Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T12:54:45.449694278Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.451063668Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T12:54:45.457711351Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:54:45.467546621Z 42 PC: 12b31 | Get date (See above)
2018-12-25T12:54:45.469502906Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:45.472321101Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T12:54:45.479229738Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:54:45.485294058Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.486860041Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T12:54:45.4893112Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.491549534Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T12:54:45.499771386Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:54:45.507749545Z 42 PC: 12b31 | Get date (See above)
2018-12-25T12:54:45.510082011Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:45.513166331Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T12:54:45.519478673Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:54:45.521905873Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:54:45.523903506Z 42 PC: 12b31 | Get date (See above)
2018-12-25T12:54:45.525859494Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:45.528118881Z 26 PC: 12ba0 | Set disk transfer address (See above)
2018-12-25T12:54:45.529887352Z 9 PC: 12aa2 | Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1994,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17082,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:54:45.027060474Z 26 PC: 12ba0 | Set disk transfer address
2018-12-25T12:54:45.028645701Z 78 PC: 12ac9 | Find first file
2018-12-25T12:54:45.034389574Z 61 PC: 12ad4 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:54:45.040668887Z 63 PC: 12ae0 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:54:45.047204688Z 66 PC: 12ba8 | Move file pointer
2018-12-25T12:54:45.04844868Z 64 PC: 12b0f | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:54:45.050920377Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.05338649Z 64 PC: 12b1f | Write file or device (Write 517 bytes on handle 5)
2018-12-25T12:54:45.260822829Z 62 PC: 12b23 | Close file
2018-12-25T12:54:45.273315634Z 42 PC: 12b31 | Get date 0x12b31: cmp cx, 0x7ca
0x12b35: jge 0x12b3b
0x12b37: mov ah, 0x4f
0x12b39: jmp 0x12ac7
0x12b3b: mov ah, 0x2a
0x12b3d: int 0x21
0x12b3f: cmp dh, 5
0x12b42: jge 0x12b49
0x12b44: mov ah, 0x4f
0x12b46: jmp 0x12ac7
0x12b49: add ch, byte ptr [bp + si]
0x12b4b: int 0x21
0x12b4d: cmp dl, 0x15
0x12b50: jge 0x12b57
0x12b52: mov ah, 0x4f
0x12b54: jmp 0x12ac7
0x12b57: jmp 0x12b59
0x12b59: mov al, byte ptr cs:[0x209]
0x12b5d: call 0x12b71
0x12b60: cmp byte ptr cs:[0x209], 0x19
2018-12-25T12:54:45.277004574Z 42 PC: 12b3f | Get date 0x12b3f: cmp dh, 5
0x12b42: jge 0x12b49
0x12b44: mov ah, 0x4f
0x12b46: jmp 0x12ac7
0x12b49: add ch, byte ptr [bp + si]
0x12b4b: int 0x21
0x12b4d: cmp dl, 0x15
0x12b50: jge 0x12b57
0x12b52: mov ah, 0x4f
0x12b54: jmp 0x12ac7
0x12b57: jmp 0x12b59
0x12b59: mov al, byte ptr cs:[0x209]
0x12b5d: call 0x12b71
0x12b60: cmp byte ptr cs:[0x209], 0x19
0x12b66: mov ah, 0x4f
0x12b68: je 0x12b25
0x12b6a: inc byte ptr cs:[0x209]
0x12b6f: loop 0x12b59
0x12b71: mov ah, 5
0x12b73: mov ch, byte ptr cs:[0x208]
2018-12-25T12:54:45.279278709Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:45.281975405Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T12:54:45.288830213Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:54:45.297013608Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.298479368Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T12:54:45.301180135Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.303531781Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T12:54:45.318658279Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:54:45.326791248Z 42 PC: 12b31 | Get date (See above)
2018-12-25T12:54:45.329345666Z 42 PC: 12b3f | Get date (See above)
2018-12-25T12:54:45.331674871Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:45.334517884Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T12:54:45.348635926Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:54:45.355161921Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.356611451Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T12:54:45.360975472Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.36277953Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T12:54:45.371574729Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:54:45.380323877Z 42 PC: 12b31 | Get date (See above)
2018-12-25T12:54:45.382913809Z 42 PC: 12b3f | Get date (See above)
2018-12-25T12:54:45.38617978Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:45.388881619Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T12:54:45.404728486Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:54:45.41105492Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.412428015Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T12:54:45.415748701Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.417156191Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T12:54:45.425211884Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:54:45.433771133Z 42 PC: 12b31 | Get date (See above)
2018-12-25T12:54:45.436728765Z 42 PC: 12b3f | Get date (See above)
2018-12-25T12:54:45.439005265Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:45.442013592Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T12:54:45.44930325Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:54:45.455592142Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.458146032Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T12:54:45.460754062Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.462074071Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T12:54:45.471199601Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:54:45.479033568Z 42 PC: 12b31 | Get date (See above)
2018-12-25T12:54:45.481040928Z 42 PC: 12b3f | Get date (See above)
2018-12-25T12:54:45.483811498Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:45.486534186Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T12:54:45.490679574Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:54:45.495221353Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.497789425Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T12:54:45.500481433Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.502367643Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T12:54:45.510586911Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:54:45.519056822Z 42 PC: 12b31 | Get date (See above)
2018-12-25T12:54:45.521398364Z 42 PC: 12b3f | Get date (See above)
2018-12-25T12:54:45.523897954Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:45.526379159Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T12:54:45.532828582Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:54:45.53918741Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.540480203Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T12:54:45.54311966Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.544942779Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T12:54:45.552849487Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:54:45.560910576Z 42 PC: 12b31 | Get date (See above)
2018-12-25T12:54:45.563763104Z 42 PC: 12b3f | Get date (See above)
2018-12-25T12:54:45.565891953Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:45.568404303Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T12:54:45.575339929Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:54:45.577757802Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:54:45.57936918Z 42 PC: 12b31 | Get date (See above)
2018-12-25T12:54:45.583450263Z 42 PC: 12b3f | Get date (See above)
2018-12-25T12:54:45.58631174Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:45.589142969Z 26 PC: 12ba0 | Set disk transfer address (See above)
2018-12-25T12:54:45.590747463Z 9 PC: 12aa2 | Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17082,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:54:45.093130869Z 26 PC: 12ba0 | Set disk transfer address
2018-12-25T12:54:45.094575115Z 78 PC: 12ac9 | Find first file
2018-12-25T12:54:45.100257062Z 61 PC: 12ad4 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:54:45.106440195Z 63 PC: 12ae0 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:54:45.11349228Z 66 PC: 12ba8 | Move file pointer
2018-12-25T12:54:45.11480628Z 64 PC: 12b0f | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:54:45.117588675Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.119268964Z 64 PC: 12b1f | Write file or device (Write 517 bytes on handle 5)
2018-12-25T12:54:45.260990126Z 62 PC: 12b23 | Close file
2018-12-25T12:54:45.268593468Z 42 PC: 12b31 | Get date 0x12b31: cmp cx, 0x7ca
0x12b35: jge 0x12b3b
0x12b37: mov ah, 0x4f
0x12b39: jmp 0x12ac7
0x12b3b: mov ah, 0x2a
0x12b3d: int 0x21
0x12b3f: cmp dh, 5
0x12b42: jge 0x12b49
0x12b44: mov ah, 0x4f
0x12b46: jmp 0x12ac7
0x12b49: add ch, byte ptr [bp + si]
0x12b4b: int 0x21
0x12b4d: cmp dl, 0x15
0x12b50: jge 0x12b57
0x12b52: mov ah, 0x4f
0x12b54: jmp 0x12ac7
0x12b57: jmp 0x12b59
0x12b59: mov al, byte ptr cs:[0x209]
0x12b5d: call 0x12b71
0x12b60: cmp byte ptr cs:[0x209], 0x19
2018-12-25T12:54:45.271328Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:45.274602906Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T12:54:45.279342151Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:54:45.286329029Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.287641368Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T12:54:45.290438543Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.294898784Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T12:54:45.303152911Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:54:45.311253173Z 42 PC: 12b31 | Get date (See above)
2018-12-25T12:54:45.313405197Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:45.316257871Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T12:54:45.323423169Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:54:45.330102848Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.331506968Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T12:54:45.334608529Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.336250622Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T12:54:45.34537352Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:54:45.353184539Z 42 PC: 12b31 | Get date (See above)
2018-12-25T12:54:45.355375535Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:45.359147189Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T12:54:45.365768332Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:54:45.372293688Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.375510108Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T12:54:45.379737511Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.381495674Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T12:54:45.390376658Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:54:45.398218107Z 42 PC: 12b31 | Get date (See above)
2018-12-25T12:54:45.400494829Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:45.404418463Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T12:54:45.411869398Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:54:45.418380674Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.420752096Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T12:54:45.423691201Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.425387661Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T12:54:45.432561341Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:54:45.438651921Z 42 PC: 12b31 | Get date (See above)
2018-12-25T12:54:45.440284865Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:45.442877215Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T12:54:45.44925676Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:54:45.455324125Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.457338159Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T12:54:45.460031391Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.461710809Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T12:54:45.470711815Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:54:45.47917699Z 42 PC: 12b31 | Get date (See above)
2018-12-25T12:54:45.481156138Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:45.483864742Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T12:54:45.490414909Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:54:45.496776479Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.498629824Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T12:54:45.501218153Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.502545687Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T12:54:45.510831047Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:54:45.518751623Z 42 PC: 12b31 | Get date (See above)
2018-12-25T12:54:45.521167089Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:45.524697144Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T12:54:45.531142112Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:54:45.534304287Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:54:45.536535805Z 42 PC: 12b31 | Get date (See above)
2018-12-25T12:54:45.539409722Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:45.541669016Z 26 PC: 12ba0 | Set disk transfer address (See above)
2018-12-25T12:54:45.54269325Z 9 PC: 12aa2 | Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":true,"Day":1,"Month":5,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17082,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:54:45.342341164Z 26 PC: 12ba0 | Set disk transfer address
2018-12-25T12:54:45.343996926Z 78 PC: 12ac9 | Find first file
2018-12-25T12:54:45.351305941Z 61 PC: 12ad4 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:54:45.358865918Z 63 PC: 12ae0 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:54:45.366613421Z 66 PC: 12ba8 | Move file pointer
2018-12-25T12:54:45.370215411Z 64 PC: 12b0f | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:54:45.373381553Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.375078505Z 64 PC: 12b1f | Write file or device (Write 517 bytes on handle 5)
2018-12-25T12:54:45.390664233Z 62 PC: 12b23 | Close file
2018-12-25T12:54:45.399741354Z 42 PC: 12b31 | Get date 0x12b31: cmp cx, 0x7ca
0x12b35: jge 0x12b3b
0x12b37: mov ah, 0x4f
0x12b39: jmp 0x12ac7
0x12b3b: mov ah, 0x2a
0x12b3d: int 0x21
0x12b3f: cmp dh, 5
0x12b42: jge 0x12b49
0x12b44: mov ah, 0x4f
0x12b46: jmp 0x12ac7
0x12b49: add ch, byte ptr [bp + si]
0x12b4b: int 0x21
0x12b4d: cmp dl, 0x15
0x12b50: jge 0x12b57
0x12b52: mov ah, 0x4f
0x12b54: jmp 0x12ac7
0x12b57: jmp 0x12b59
0x12b59: mov al, byte ptr cs:[0x209]
0x12b5d: call 0x12b71
0x12b60: cmp byte ptr cs:[0x209], 0x19
2018-12-25T12:54:45.402346773Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:45.40662164Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T12:54:45.416287437Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:54:45.423570453Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.425886999Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T12:54:45.429873991Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.431636285Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T12:54:45.441080636Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:54:45.450267135Z 42 PC: 12b31 | Get date (See above)
2018-12-25T12:54:45.451994142Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:45.454215358Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T12:54:45.470936472Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:54:45.478541698Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.480460148Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T12:54:45.484796434Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.486646239Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T12:54:45.495614407Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:54:45.505009884Z 42 PC: 12b31 | Get date (See above)
2018-12-25T12:54:45.50732312Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:45.510429443Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T12:54:45.518412104Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:54:45.526508426Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.528336548Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T12:54:45.532271491Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.5358271Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T12:54:45.544667519Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:54:45.551707326Z 42 PC: 12b31 | Get date (See above)
2018-12-25T12:54:45.553438501Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:45.555605838Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T12:54:45.560922146Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:54:45.566667489Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.567760293Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T12:54:45.569919873Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.571082792Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T12:54:45.57670676Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:54:45.582893386Z 42 PC: 12b31 | Get date (See above)
2018-12-25T12:54:45.586460951Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:45.58921252Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T12:54:45.596410332Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:54:45.61262947Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.614624841Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T12:54:45.61868965Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.621131241Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T12:54:45.63049397Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:54:45.640191061Z 42 PC: 12b31 | Get date (See above)
2018-12-25T12:54:45.644310275Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:45.647186553Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T12:54:45.654819037Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:54:45.662361322Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.663961248Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T12:54:45.666907929Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.668468653Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T12:54:45.678072336Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:54:45.68745766Z 42 PC: 12b31 | Get date (See above)
2018-12-25T12:54:45.68964715Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:45.692816201Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T12:54:45.699932786Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:54:45.702555172Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:54:45.704819607Z 42 PC: 12b31 | Get date (See above)
2018-12-25T12:54:45.707220672Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:45.709758695Z 26 PC: 12ba0 | Set disk transfer address (See above)
2018-12-25T12:54:45.711448837Z 9 PC: 12aa2 | Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17082,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:54:45.433003831Z 26 PC: 12ba0 | Set disk transfer address
2018-12-25T12:54:45.433813388Z 78 PC: 12ac9 | Find first file
2018-12-25T12:54:45.440054351Z 61 PC: 12ad4 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:54:45.44627642Z 63 PC: 12ae0 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:54:45.450476361Z 66 PC: 12ba8 | Move file pointer
2018-12-25T12:54:45.452717394Z 64 PC: 12b0f | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:54:45.45443278Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.455363929Z 64 PC: 12b1f | Write file or device (Write 517 bytes on handle 5)
2018-12-25T12:54:45.469033215Z 62 PC: 12b23 | Close file
2018-12-25T12:54:45.474895089Z 42 PC: 12b31 | Get date 0x12b31: cmp cx, 0x7ca
0x12b35: jge 0x12b3b
0x12b37: mov ah, 0x4f
0x12b39: jmp 0x12ac7
0x12b3b: mov ah, 0x2a
0x12b3d: int 0x21
0x12b3f: cmp dh, 5
0x12b42: jge 0x12b49
0x12b44: mov ah, 0x4f
0x12b46: jmp 0x12ac7
0x12b49: add ch, byte ptr [bp + si]
0x12b4b: int 0x21
0x12b4d: cmp dl, 0x15
0x12b50: jge 0x12b57
0x12b52: mov ah, 0x4f
0x12b54: jmp 0x12ac7
0x12b57: jmp 0x12b59
0x12b59: mov al, byte ptr cs:[0x209]
0x12b5d: call 0x12b71
0x12b60: cmp byte ptr cs:[0x209], 0x19
2018-12-25T12:54:45.476591612Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:45.478802435Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T12:54:45.489596684Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:54:45.496328422Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.498095981Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T12:54:45.501722898Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.502878651Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T12:54:45.508015024Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:54:45.513936542Z 42 PC: 12b31 | Get date (See above)
2018-12-25T12:54:45.515436178Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:45.51798617Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T12:54:45.522511232Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:54:45.5293994Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.530692666Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T12:54:45.534100247Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.535790947Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T12:54:45.544612008Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:54:45.554194365Z 42 PC: 12b31 | Get date (See above)
2018-12-25T12:54:45.556710684Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:45.559638131Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T12:54:45.568642524Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:54:45.575799464Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.577270954Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T12:54:45.580357102Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.581740924Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T12:54:45.58994342Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:54:45.598914193Z 42 PC: 12b31 | Get date (See above)
2018-12-25T12:54:45.601003776Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:45.603463885Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T12:54:45.610408484Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:54:45.616546148Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.617880976Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T12:54:45.621446648Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.623190792Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T12:54:45.630927961Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:54:45.639356628Z 42 PC: 12b31 | Get date (See above)
2018-12-25T12:54:45.641482351Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:45.643939967Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T12:54:45.654529158Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:54:45.661122143Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.662582531Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T12:54:45.665281128Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.6667556Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T12:54:45.674699055Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:54:45.682755208Z 42 PC: 12b31 | Get date (See above)
2018-12-25T12:54:45.684991863Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:45.687394537Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T12:54:45.693654445Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:54:45.700145071Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.70123938Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T12:54:45.703829299Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.706330024Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T12:54:45.714278704Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:54:45.722419745Z 42 PC: 12b31 | Get date (See above)
2018-12-25T12:54:45.724436804Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:45.726767804Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T12:54:45.733141084Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:54:45.737175081Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:54:45.738723943Z 42 PC: 12b31 | Get date (See above)
2018-12-25T12:54:45.740782078Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:45.743205489Z 26 PC: 12ba0 | Set disk transfer address (See above)
2018-12-25T12:54:45.744074317Z 9 PC: 12aa2 | Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":true,"Day":21,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17082,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:54:45.683743116Z 26 PC: 12ba0 | Set disk transfer address
2018-12-25T12:54:45.685243701Z 78 PC: 12ac9 | Find first file
2018-12-25T12:54:45.692535303Z 61 PC: 12ad4 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:54:45.699686967Z 63 PC: 12ae0 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:54:45.707759421Z 66 PC: 12ba8 | Move file pointer
2018-12-25T12:54:45.709382656Z 64 PC: 12b0f | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:54:45.712403178Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.714013301Z 64 PC: 12b1f | Write file or device (Write 517 bytes on handle 5)
2018-12-25T12:54:45.729638707Z 62 PC: 12b23 | Close file
2018-12-25T12:54:45.738419185Z 42 PC: 12b31 | Get date 0x12b31: cmp cx, 0x7ca
0x12b35: jge 0x12b3b
0x12b37: mov ah, 0x4f
0x12b39: jmp 0x12ac7
0x12b3b: mov ah, 0x2a
0x12b3d: int 0x21
0x12b3f: cmp dh, 5
0x12b42: jge 0x12b49
0x12b44: mov ah, 0x4f
0x12b46: jmp 0x12ac7
0x12b49: add ch, byte ptr [bp + si]
0x12b4b: int 0x21
0x12b4d: cmp dl, 0x15
0x12b50: jge 0x12b57
0x12b52: mov ah, 0x4f
0x12b54: jmp 0x12ac7
0x12b57: jmp 0x12b59
0x12b59: mov al, byte ptr cs:[0x209]
0x12b5d: call 0x12b71
0x12b60: cmp byte ptr cs:[0x209], 0x19
2018-12-25T12:54:45.740737747Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:45.743846437Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T12:54:45.751337571Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:54:45.76428276Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.766234761Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T12:54:45.769113593Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.770553936Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T12:54:45.779697319Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:54:45.804465527Z 42 PC: 12b31 | Get date (See above)
2018-12-25T12:54:45.806822832Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:45.810639012Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T12:54:45.818537467Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:54:45.825634559Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.827138392Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T12:54:45.830610529Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.832039614Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T12:54:45.840597452Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:54:45.849422499Z 42 PC: 12b31 | Get date (See above)
2018-12-25T12:54:45.8518743Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:45.854710241Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T12:54:45.862284194Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:54:45.869258313Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.87067035Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T12:54:45.873828744Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.875450304Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T12:54:45.884687339Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:54:45.89436703Z 42 PC: 12b31 | Get date (See above)
2018-12-25T12:54:45.896872338Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:45.905324497Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T12:54:45.913832875Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:54:45.920811764Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.922201168Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T12:54:45.925371955Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.927265633Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T12:54:45.935989685Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:54:45.945215339Z 42 PC: 12b31 | Get date (See above)
2018-12-25T12:54:45.947773953Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:45.950090635Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T12:54:45.954982573Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:54:45.962345884Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.963690034Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T12:54:45.966449076Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:45.968327841Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T12:54:45.977162336Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:54:45.98636508Z 42 PC: 12b31 | Get date (See above)
2018-12-25T12:54:45.989246525Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:45.991114159Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T12:54:45.998260718Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:54:46.006075461Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:46.008398613Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T12:54:46.011231106Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:46.012692144Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T12:54:46.021702117Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:54:46.03073966Z 42 PC: 12b31 | Get date (See above)
2018-12-25T12:54:46.040306557Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:46.044093246Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T12:54:46.051733317Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:54:46.055066967Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:54:46.0577966Z 42 PC: 12b31 | Get date (See above)
2018-12-25T12:54:46.060606654Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:46.063624095Z 26 PC: 12ba0 | Set disk transfer address (See above)
2018-12-25T12:54:46.065308286Z 9 PC: 12aa2 | Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17082,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:54:46.097161456Z 26 PC: 12ba0 | Set disk transfer address
2018-12-25T12:54:46.098838759Z 78 PC: 12ac9 | Find first file
2018-12-25T12:54:46.107154608Z 61 PC: 12ad4 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:54:46.115459704Z 63 PC: 12ae0 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:54:46.123483243Z 66 PC: 12ba8 | Move file pointer
2018-12-25T12:54:46.126852022Z 64 PC: 12b0f | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:54:46.129831187Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:46.131378233Z 64 PC: 12b1f | Write file or device (Write 517 bytes on handle 5)
2018-12-25T12:54:46.155052318Z 62 PC: 12b23 | Close file
2018-12-25T12:54:46.163924736Z 42 PC: 12b31 | Get date 0x12b31: cmp cx, 0x7ca
0x12b35: jge 0x12b3b
0x12b37: mov ah, 0x4f
0x12b39: jmp 0x12ac7
0x12b3b: mov ah, 0x2a
0x12b3d: int 0x21
0x12b3f: cmp dh, 5
0x12b42: jge 0x12b49
0x12b44: mov ah, 0x4f
0x12b46: jmp 0x12ac7
0x12b49: add ch, byte ptr [bp + si]
0x12b4b: int 0x21
0x12b4d: cmp dl, 0x15
0x12b50: jge 0x12b57
0x12b52: mov ah, 0x4f
0x12b54: jmp 0x12ac7
0x12b57: jmp 0x12b59
0x12b59: mov al, byte ptr cs:[0x209]
0x12b5d: call 0x12b71
0x12b60: cmp byte ptr cs:[0x209], 0x19
2018-12-25T12:54:46.166721518Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:46.170669404Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T12:54:46.178032592Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:54:46.183799271Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:46.185265909Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T12:54:46.193936765Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:46.194993085Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T12:54:46.200729568Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:54:46.210004299Z 42 PC: 12b31 | Get date (See above)
2018-12-25T12:54:46.212275676Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:46.21507637Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T12:54:46.223177784Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:54:46.230232738Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:46.231702912Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T12:54:46.234877959Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:46.236429659Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T12:54:46.247537462Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:54:46.25748868Z 42 PC: 12b31 | Get date (See above)
2018-12-25T12:54:46.260041645Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:46.26300024Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T12:54:46.272583163Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:54:46.279862749Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:46.281437107Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T12:54:46.2853761Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:46.287000225Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T12:54:46.296104635Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:54:46.305889697Z 42 PC: 12b31 | Get date (See above)
2018-12-25T12:54:46.310233639Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:46.313582515Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T12:54:46.32102397Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:54:46.340212361Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:46.343051802Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T12:54:46.346237172Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:46.349274636Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T12:54:46.357641116Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:54:46.363130454Z 42 PC: 12b31 | Get date (See above)
2018-12-25T12:54:46.366607427Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:46.369854017Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T12:54:46.377625242Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:54:46.387085978Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:46.388444741Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T12:54:46.391302419Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:46.392940403Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T12:54:46.403223847Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:54:46.413157036Z 42 PC: 12b31 | Get date (See above)
2018-12-25T12:54:46.415709565Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:46.419743379Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T12:54:46.427201239Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:54:46.43442766Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:46.436694589Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T12:54:46.439661606Z 66 PC: 12ba8 | Move file pointer (See above)
2018-12-25T12:54:46.44119491Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T12:54:46.450980256Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:54:46.460132814Z 42 PC: 12b31 | Get date (See above)
2018-12-25T12:54:46.463205229Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:46.467851044Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T12:54:46.476361972Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T12:54:46.480229052Z 62 PC: 12b23 | Close file (See above)
2018-12-25T12:54:46.482961261Z 42 PC: 12b31 | Get date (See above)
2018-12-25T12:54:46.486354285Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:54:46.489491698Z 26 PC: 12ba0 | Set disk transfer address (See above)
2018-12-25T12:54:46.491240928Z 9 PC: 12aa2 | Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')