Sample viewer

vx.netlux.org/Virus.DOS.DIW.600

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:17:42.867506157Z	47	PC: 12b57 \| Get disk transfer address
2018-12-17T22:17:42.86929874Z	26	PC: 12b65 \| Set disk transfer address
2018-12-17T22:17:42.870603691Z	78	PC: 12bff \| Find first file
2018-12-17T22:17:42.876924781Z	47	PC: 12c05 \| Get disk transfer address
2018-12-17T22:17:42.8793406Z	61	PC: 12ba3 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:17:42.885945442Z	63	PC: 12bb1 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:17:42.892217415Z	66	PC: 12bcd \| Move file pointer
2018-12-17T22:17:42.893786881Z	64	PC: 12bd6 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:17:42.896652554Z	66	PC: 12be2 \| Move file pointer
2018-12-17T22:17:42.898173228Z	64	PC: 12bee \| Write file or device (Write 600 bytes on handle 5)
2018-12-17T22:17:44.141803535Z	62	PC: 12bf5 \| Close file
2018-12-17T22:17:44.156480054Z	79	PC: 12c1b \| Find next file
2018-12-17T22:17:44.159428143Z	61	PC: 12ba3 \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:17:44.16614582Z	63	PC: 12bb1 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:17:44.173693136Z	66	PC: 12bcd \| Move file pointer
2018-12-17T22:17:44.174962423Z	64	PC: 12bd6 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:17:44.177730607Z	66	PC: 12be2 \| Move file pointer
2018-12-17T22:17:44.193568507Z	64	PC: 12bee \| Write file or device (Write 600 bytes on handle 5)
2018-12-17T22:17:44.209165896Z	62	PC: 12bf5 \| Close file
2018-12-17T22:17:44.214390071Z	79	PC: 12c1b \| Find next file
2018-12-17T22:17:44.216872191Z	61	PC: 12ba3 \| Open file (Filename = 'HELLO.COM')
2018-12-17T22:17:44.223166926Z	63	PC: 12bb1 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:17:44.229948178Z	66	PC: 12bcd \| Move file pointer
2018-12-17T22:17:44.233371744Z	64	PC: 12bd6 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:17:44.238100878Z	66	PC: 12be2 \| Move file pointer
2018-12-17T22:17:44.239844923Z	64	PC: 12bee \| Write file or device (Write 600 bytes on handle 5)
2018-12-17T22:17:44.253890784Z	62	PC: 12bf5 \| Close file
2018-12-17T22:17:44.263484403Z	79	PC: 12c1b \| Find next file
2018-12-17T22:17:44.266235801Z	61	PC: 12ba3 \| Open file (Filename = 'PHANG.COM')
2018-12-17T22:17:44.273753871Z	63	PC: 12bb1 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:17:44.280691081Z	66	PC: 12bcd \| Move file pointer
2018-12-17T22:17:44.282163564Z	64	PC: 12bd6 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:17:44.285786888Z	66	PC: 12be2 \| Move file pointer
2018-12-17T22:17:44.287359491Z	64	PC: 12bee \| Write file or device (Write 600 bytes on handle 5)
2018-12-17T22:17:44.29579862Z	62	PC: 12bf5 \| Close file
2018-12-17T22:17:44.304833293Z	79	PC: 12c1b \| Find next file
2018-12-17T22:17:44.308728014Z	61	PC: 12ba3 \| Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:17:44.315426152Z	63	PC: 12bb1 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:17:44.322179432Z	66	PC: 12bcd \| Move file pointer
2018-12-17T22:17:44.324903515Z	64	PC: 12bd6 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:17:44.327914258Z	66	PC: 12be2 \| Move file pointer
2018-12-17T22:17:44.329695302Z	64	PC: 12bee \| Write file or device (Write 600 bytes on handle 5)
2018-12-17T22:17:44.338253305Z	62	PC: 12bf5 \| Close file
2018-12-17T22:17:44.346458115Z	79	PC: 12c1b \| Find next file
2018-12-17T22:17:44.349517805Z	61	PC: 12ba3 \| Open file (Filename = 'MANDEL.COM')
2018-12-17T22:17:44.357393901Z	63	PC: 12bb1 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:17:44.364416089Z	66	PC: 12bcd \| Move file pointer
2018-12-17T22:17:44.36624702Z	64	PC: 12bd6 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:17:44.370079036Z	66	PC: 12be2 \| Move file pointer
2018-12-17T22:17:44.372919038Z	64	PC: 12bee \| Write file or device (Write 600 bytes on handle 5)
2018-12-17T22:17:44.3817434Z	62	PC: 12bf5 \| Close file
2018-12-17T22:17:44.391351916Z	79	PC: 12c1b \| Find next file
2018-12-17T22:17:44.393965598Z	61	PC: 12ba3 \| Open file (Filename = 'PAH.COM')
2018-12-17T22:17:44.415698504Z	63	PC: 12bb1 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:17:44.42385568Z	66	PC: 12bcd \| Move file pointer
2018-12-17T22:17:44.426342916Z	64	PC: 12bd6 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:17:44.430047162Z	66	PC: 12be2 \| Move file pointer
2018-12-17T22:17:44.431899074Z	64	PC: 12bee \| Write file or device (Write 600 bytes on handle 5)
2018-12-17T22:17:44.442202429Z	62	PC: 12bf5 \| Close file
2018-12-17T22:17:44.451148351Z	79	PC: 12c1b \| Find next file
2018-12-17T22:17:44.454202674Z	61	PC: 12ba3 \| Open file (Filename = 'TEST.COM')
2018-12-17T22:17:44.462087445Z	63	PC: 12bb1 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:17:44.464962555Z	62	PC: 12bf5 \| Close file
2018-12-17T22:17:44.467095041Z	79	PC: 12c1b \| Find next file
2018-12-17T22:17:44.470900727Z	78	PC: 12c7e \| Find first file
2018-12-17T22:17:44.476814265Z	78	PC: 12c7e \| Find first file
2018-12-17T22:17:44.482746386Z	42	PC: 12c3a \| Get date 0x12c3a: cmp dl, 0xd 0x12c3d: jne 0x12c47 0x12c3f: mov dx, di 0x12c41: add dx, 0xe 0x12c44: call 0x12c76 0x12c47: cmp dh, 0xb 0x12c4a: jne 0x12c6f 0x12c4c: cmp dl, 0x1c 0x12c4f: jne 0x12c6c 0x12c51: mov ah, 2 0x12c53: mov bx, 0x21 0x12c56: mov dl, byte ptr cs:[bx + di] 0x12c59: sub dl, 0x60 0x12c5c: int 0x21 0x12c5e: inc bx 0x12c5f: mov cx, 0x20 0x12c62: add cx, 0x45 0x12c65: cmp bx, cx 0x12c67: jb 0x12c56 0x12c69: call 0x12c8e
2018-12-17T22:17:44.486124331Z	78	PC: 12cff \| Find first file
2018-12-17T22:17:44.497016619Z	26	PC: 12b7a \| Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3081,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:48:11.822808324Z	47	PC: 12b57 \| Get disk transfer address
2018-12-25T11:48:11.824488792Z	26	PC: 12b65 \| Set disk transfer address
2018-12-25T11:48:11.826409172Z	78	PC: 12bff \| Find first file
2018-12-25T11:48:11.833421671Z	47	PC: 12c05 \| Get disk transfer address
2018-12-25T11:48:11.834995303Z	61	PC: 12ba3 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:48:11.842876556Z	63	PC: 12bb1 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:48:11.850511044Z	66	PC: 12bcd \| Move file pointer
2018-12-25T11:48:11.851921411Z	64	PC: 12bd6 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:48:11.854712097Z	66	PC: 12be2 \| Move file pointer
2018-12-25T11:48:11.864671953Z	64	PC: 12bee \| Write file or device (Write 600 bytes on handle 5)
2018-12-25T11:48:12.295917112Z	62	PC: 12bf5 \| Close file
2018-12-25T11:48:12.304694178Z	79	PC: 12c1b \| Find next file
2018-12-25T11:48:12.308265284Z	61	PC: 12ba3 \| Open file (See above)
2018-12-25T11:48:12.314718964Z	63	PC: 12bb1 \| Read file or device (See above)
2018-12-25T11:48:12.321297412Z	66	PC: 12bcd \| Move file pointer (See above)
2018-12-25T11:48:12.323974829Z	64	PC: 12bd6 \| Write file or device (See above)
2018-12-25T11:48:12.327386224Z	66	PC: 12be2 \| Move file pointer (See above)
2018-12-25T11:48:12.329288467Z	64	PC: 12bee \| Write file or device (See above)
2018-12-25T11:48:12.343136059Z	62	PC: 12bf5 \| Close file (See above)
2018-12-25T11:48:12.357568383Z	79	PC: 12c1b \| Find next file (See above)
2018-12-25T11:48:12.361902649Z	61	PC: 12ba3 \| Open file (See above)
2018-12-25T11:48:12.371795042Z	63	PC: 12bb1 \| Read file or device (See above)
2018-12-25T11:48:12.379256858Z	66	PC: 12bcd \| Move file pointer (See above)
2018-12-25T11:48:12.380819678Z	64	PC: 12bd6 \| Write file or device (See above)
2018-12-25T11:48:12.384004946Z	66	PC: 12be2 \| Move file pointer (See above)
2018-12-25T11:48:12.386448085Z	64	PC: 12bee \| Write file or device (See above)
2018-12-25T11:48:12.399060356Z	62	PC: 12bf5 \| Close file (See above)
2018-12-25T11:48:12.421734909Z	79	PC: 12c1b \| Find next file (See above)
2018-12-25T11:48:12.427901659Z	61	PC: 12ba3 \| Open file (See above)
2018-12-25T11:48:12.43962866Z	63	PC: 12bb1 \| Read file or device (See above)
2018-12-25T11:48:12.446795308Z	66	PC: 12bcd \| Move file pointer (See above)
2018-12-25T11:48:12.451180608Z	64	PC: 12bd6 \| Write file or device (See above)
2018-12-25T11:48:12.457842384Z	66	PC: 12be2 \| Move file pointer (See above)
2018-12-25T11:48:12.459759646Z	64	PC: 12bee \| Write file or device (See above)
2018-12-25T11:48:12.469413023Z	62	PC: 12bf5 \| Close file (See above)
2018-12-25T11:48:12.478629801Z	79	PC: 12c1b \| Find next file (See above)
2018-12-25T11:48:12.481792924Z	61	PC: 12ba3 \| Open file (See above)
2018-12-25T11:48:12.491047357Z	63	PC: 12bb1 \| Read file or device (See above)
2018-12-25T11:48:12.498448376Z	66	PC: 12bcd \| Move file pointer (See above)
2018-12-25T11:48:12.500495109Z	64	PC: 12bd6 \| Write file or device (See above)
2018-12-25T11:48:12.504230118Z	66	PC: 12be2 \| Move file pointer (See above)
2018-12-25T11:48:12.505861436Z	64	PC: 12bee \| Write file or device (See above)
2018-12-25T11:48:12.510959987Z	62	PC: 12bf5 \| Close file (See above)
2018-12-25T11:48:12.516789202Z	79	PC: 12c1b \| Find next file (See above)
2018-12-25T11:48:12.519670265Z	61	PC: 12ba3 \| Open file (See above)
2018-12-25T11:48:12.526785981Z	63	PC: 12bb1 \| Read file or device (See above)
2018-12-25T11:48:12.534045155Z	66	PC: 12bcd \| Move file pointer (See above)
2018-12-25T11:48:12.535588495Z	64	PC: 12bd6 \| Write file or device (See above)
2018-12-25T11:48:12.538850286Z	66	PC: 12be2 \| Move file pointer (See above)
2018-12-25T11:48:12.540278636Z	64	PC: 12bee \| Write file or device (See above)
2018-12-25T11:48:12.550203249Z	62	PC: 12bf5 \| Close file (See above)
2018-12-25T11:48:12.560838223Z	79	PC: 12c1b \| Find next file (See above)
2018-12-25T11:48:12.563225688Z	61	PC: 12ba3 \| Open file (See above)
2018-12-25T11:48:12.567989521Z	63	PC: 12bb1 \| Read file or device (See above)
2018-12-25T11:48:12.572078634Z	66	PC: 12bcd \| Move file pointer (See above)
2018-12-25T11:48:12.573072566Z	64	PC: 12bd6 \| Write file or device (See above)
2018-12-25T11:48:12.575278228Z	66	PC: 12be2 \| Move file pointer (See above)
2018-12-25T11:48:12.576342532Z	64	PC: 12bee \| Write file or device (See above)
2018-12-25T11:48:12.581859135Z	62	PC: 12bf5 \| Close file (See above)
2018-12-25T11:48:12.587741216Z	79	PC: 12c1b \| Find next file (See above)
2018-12-25T11:48:12.5895423Z	61	PC: 12ba3 \| Open file (See above)
2018-12-25T11:48:12.594647983Z	63	PC: 12bb1 \| Read file or device (See above)
2018-12-25T11:48:12.597052805Z	62	PC: 12bf5 \| Close file (See above)
2018-12-25T11:48:12.598235298Z	79	PC: 12c1b \| Find next file (See above)
2018-12-25T11:48:12.600170535Z	78	PC: 12c7e \| Find first file
2018-12-25T11:48:12.604709416Z	78	PC: 12c7e \| Find first file (See above)
2018-12-25T11:48:12.611849662Z	42	PC: 12c3a \| Get date 0x12c3a: cmp dl, 0xd 0x12c3d: jne 0x12c47 0x12c3f: mov dx, di 0x12c41: add dx, 0xe 0x12c44: call 0x12c76 0x12c47: cmp dh, 0xb 0x12c4a: jne 0x12c6f 0x12c4c: cmp dl, 0x1c 0x12c4f: jne 0x12c6c 0x12c51: mov ah, 2 0x12c53: mov bx, 0x21 0x12c56: mov dl, byte ptr cs:[bx + di] 0x12c59: sub dl, 0x60 0x12c5c: int 0x21 0x12c5e: inc bx 0x12c5f: mov cx, 0x20 0x12c62: add cx, 0x45 0x12c65: cmp bx, cx 0x12c67: jb 0x12c56 0x12c69: call 0x12c8e
2018-12-25T11:48:12.613737347Z	78	PC: 12cff \| Find first file
2018-12-25T11:48:12.62188802Z	26	PC: 12b7a \| Set disk transfer address

{"DateBased":true,"Day":13,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3081,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:48:11.94618804Z	47	PC: 12b57 \| Get disk transfer address
2018-12-25T11:48:11.947644613Z	26	PC: 12b65 \| Set disk transfer address
2018-12-25T11:48:11.948650536Z	78	PC: 12bff \| Find first file
2018-12-25T11:48:11.954291656Z	47	PC: 12c05 \| Get disk transfer address
2018-12-25T11:48:11.956027007Z	61	PC: 12ba3 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:48:11.96226415Z	63	PC: 12bb1 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:48:11.968644331Z	66	PC: 12bcd \| Move file pointer
2018-12-25T11:48:11.970462458Z	64	PC: 12bd6 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:48:11.973054486Z	66	PC: 12be2 \| Move file pointer
2018-12-25T11:48:11.974295297Z	64	PC: 12bee \| Write file or device (Write 600 bytes on handle 5)
2018-12-25T11:48:11.99496232Z	62	PC: 12bf5 \| Close file
2018-12-25T11:48:12.003263093Z	79	PC: 12c1b \| Find next file
2018-12-25T11:48:12.005791334Z	61	PC: 12ba3 \| Open file (See above)
2018-12-25T11:48:12.012822057Z	63	PC: 12bb1 \| Read file or device (See above)
2018-12-25T11:48:12.019126799Z	66	PC: 12bcd \| Move file pointer (See above)
2018-12-25T11:48:12.020360053Z	64	PC: 12bd6 \| Write file or device (See above)
2018-12-25T11:48:12.022805418Z	66	PC: 12be2 \| Move file pointer (See above)
2018-12-25T11:48:12.025451564Z	64	PC: 12bee \| Write file or device (See above)
2018-12-25T11:48:12.033643485Z	62	PC: 12bf5 \| Close file (See above)
2018-12-25T11:48:12.041951755Z	79	PC: 12c1b \| Find next file (See above)
2018-12-25T11:48:12.045203461Z	61	PC: 12ba3 \| Open file (See above)
2018-12-25T11:48:12.051437505Z	63	PC: 12bb1 \| Read file or device (See above)
2018-12-25T11:48:12.057483448Z	66	PC: 12bcd \| Move file pointer (See above)
2018-12-25T11:48:12.059394973Z	64	PC: 12bd6 \| Write file or device (See above)
2018-12-25T11:48:12.061865342Z	66	PC: 12be2 \| Move file pointer (See above)
2018-12-25T11:48:12.063084658Z	64	PC: 12bee \| Write file or device (See above)
2018-12-25T11:48:12.071346692Z	62	PC: 12bf5 \| Close file (See above)
2018-12-25T11:48:12.079609794Z	79	PC: 12c1b \| Find next file (See above)
2018-12-25T11:48:12.082070187Z	61	PC: 12ba3 \| Open file (See above)
2018-12-25T11:48:12.088706262Z	63	PC: 12bb1 \| Read file or device (See above)
2018-12-25T11:48:12.094830813Z	66	PC: 12bcd \| Move file pointer (See above)
2018-12-25T11:48:12.09605011Z	64	PC: 12bd6 \| Write file or device (See above)
2018-12-25T11:48:12.100349396Z	66	PC: 12be2 \| Move file pointer (See above)
2018-12-25T11:48:12.101877818Z	64	PC: 12bee \| Write file or device (See above)
2018-12-25T11:48:12.109608744Z	62	PC: 12bf5 \| Close file (See above)
2018-12-25T11:48:12.11825757Z	79	PC: 12c1b \| Find next file (See above)
2018-12-25T11:48:12.120700082Z	61	PC: 12ba3 \| Open file (See above)
2018-12-25T11:48:12.127492489Z	63	PC: 12bb1 \| Read file or device (See above)
2018-12-25T11:48:12.134130405Z	66	PC: 12bcd \| Move file pointer (See above)
2018-12-25T11:48:12.135347455Z	64	PC: 12bd6 \| Write file or device (See above)
2018-12-25T11:48:12.137736446Z	66	PC: 12be2 \| Move file pointer (See above)
2018-12-25T11:48:12.13935333Z	64	PC: 12bee \| Write file or device (See above)
2018-12-25T11:48:12.146871938Z	62	PC: 12bf5 \| Close file (See above)
2018-12-25T11:48:12.154522134Z	79	PC: 12c1b \| Find next file (See above)
2018-12-25T11:48:12.157315865Z	61	PC: 12ba3 \| Open file (See above)
2018-12-25T11:48:12.164162912Z	63	PC: 12bb1 \| Read file or device (See above)
2018-12-25T11:48:12.170431784Z	66	PC: 12bcd \| Move file pointer (See above)
2018-12-25T11:48:12.172627616Z	64	PC: 12bd6 \| Write file or device (See above)
2018-12-25T11:48:12.175124703Z	66	PC: 12be2 \| Move file pointer (See above)
2018-12-25T11:48:12.176406071Z	64	PC: 12bee \| Write file or device (See above)
2018-12-25T11:48:12.185766453Z	62	PC: 12bf5 \| Close file (See above)
2018-12-25T11:48:12.193984607Z	79	PC: 12c1b \| Find next file (See above)
2018-12-25T11:48:12.196836901Z	61	PC: 12ba3 \| Open file (See above)
2018-12-25T11:48:12.204172569Z	63	PC: 12bb1 \| Read file or device (See above)
2018-12-25T11:48:12.211356669Z	66	PC: 12bcd \| Move file pointer (See above)
2018-12-25T11:48:12.216847236Z	64	PC: 12bd6 \| Write file or device (See above)
2018-12-25T11:48:12.219503183Z	66	PC: 12be2 \| Move file pointer (See above)
2018-12-25T11:48:12.221357562Z	64	PC: 12bee \| Write file or device (See above)
2018-12-25T11:48:12.229175816Z	62	PC: 12bf5 \| Close file (See above)
2018-12-25T11:48:12.237648423Z	79	PC: 12c1b \| Find next file (See above)
2018-12-25T11:48:12.24153944Z	61	PC: 12ba3 \| Open file (See above)
2018-12-25T11:48:12.248143666Z	63	PC: 12bb1 \| Read file or device (See above)
2018-12-25T11:48:12.250924989Z	62	PC: 12bf5 \| Close file (See above)
2018-12-25T11:48:12.253370613Z	79	PC: 12c1b \| Find next file (See above)
2018-12-25T11:48:12.255789125Z	78	PC: 12c7e \| Find first file
2018-12-25T11:48:12.261314641Z	78	PC: 12c7e \| Find first file (See above)
2018-12-25T11:48:12.267387201Z	42	PC: 12c3a \| Get date 0x12c3a: cmp dl, 0xd 0x12c3d: jne 0x12c47 0x12c3f: mov dx, di 0x12c41: add dx, 0xe 0x12c44: call 0x12c76 0x12c47: cmp dh, 0xb 0x12c4a: jne 0x12c6f 0x12c4c: cmp dl, 0x1c 0x12c4f: jne 0x12c6c 0x12c51: mov ah, 2 0x12c53: mov bx, 0x21 0x12c56: mov dl, byte ptr cs:[bx + di] 0x12c59: sub dl, 0x60 0x12c5c: int 0x21 0x12c5e: inc bx 0x12c5f: mov cx, 0x20 0x12c62: add cx, 0x45 0x12c65: cmp bx, cx 0x12c67: jb 0x12c56 0x12c69: call 0x12c8e
2018-12-25T11:48:12.269479982Z	78	PC: 12c7e \| Find first file (See above)
2018-12-25T11:48:12.275141803Z	78	PC: 12cff \| Find first file
2018-12-25T11:48:12.285745791Z	26	PC: 12b7a \| Set disk transfer address

{"DateBased":true,"Day":1,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3081,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:48:12.033058472Z	47	PC: 12b57 \| Get disk transfer address
2018-12-25T11:48:12.045311993Z	26	PC: 12b65 \| Set disk transfer address
2018-12-25T11:48:12.04695265Z	78	PC: 12bff \| Find first file
2018-12-25T11:48:12.05317441Z	47	PC: 12c05 \| Get disk transfer address
2018-12-25T11:48:12.055631963Z	61	PC: 12ba3 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:48:12.061813102Z	63	PC: 12bb1 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:48:12.067872549Z	66	PC: 12bcd \| Move file pointer
2018-12-25T11:48:12.06986948Z	64	PC: 12bd6 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:48:12.0769081Z	66	PC: 12be2 \| Move file pointer
2018-12-25T11:48:12.078109797Z	64	PC: 12bee \| Write file or device (Write 600 bytes on handle 5)
2018-12-25T11:48:12.092149235Z	62	PC: 12bf5 \| Close file
2018-12-25T11:48:12.100062015Z	79	PC: 12c1b \| Find next file
2018-12-25T11:48:12.102480213Z	61	PC: 12ba3 \| Open file (See above)
2018-12-25T11:48:12.109362957Z	63	PC: 12bb1 \| Read file or device (See above)
2018-12-25T11:48:12.115855025Z	66	PC: 12bcd \| Move file pointer (See above)
2018-12-25T11:48:12.117151644Z	64	PC: 12bd6 \| Write file or device (See above)
2018-12-25T11:48:12.119634848Z	66	PC: 12be2 \| Move file pointer (See above)
2018-12-25T11:48:12.121611584Z	64	PC: 12bee \| Write file or device (See above)
2018-12-25T11:48:12.129154305Z	62	PC: 12bf5 \| Close file (See above)
2018-12-25T11:48:12.136839822Z	79	PC: 12c1b \| Find next file (See above)
2018-12-25T11:48:12.139992076Z	61	PC: 12ba3 \| Open file (See above)
2018-12-25T11:48:12.146143698Z	63	PC: 12bb1 \| Read file or device (See above)
2018-12-25T11:48:12.152179792Z	66	PC: 12bcd \| Move file pointer (See above)
2018-12-25T11:48:12.154416653Z	64	PC: 12bd6 \| Write file or device (See above)
2018-12-25T11:48:12.156857178Z	66	PC: 12be2 \| Move file pointer (See above)
2018-12-25T11:48:12.158089634Z	64	PC: 12bee \| Write file or device (See above)
2018-12-25T11:48:12.166360561Z	62	PC: 12bf5 \| Close file (See above)
2018-12-25T11:48:12.174486562Z	79	PC: 12c1b \| Find next file (See above)
2018-12-25T11:48:12.177038434Z	61	PC: 12ba3 \| Open file (See above)
2018-12-25T11:48:12.190434257Z	63	PC: 12bb1 \| Read file or device (See above)
2018-12-25T11:48:12.196801147Z	66	PC: 12bcd \| Move file pointer (See above)
2018-12-25T11:48:12.198168695Z	64	PC: 12bd6 \| Write file or device (See above)
2018-12-25T11:48:12.201017877Z	66	PC: 12be2 \| Move file pointer (See above)
2018-12-25T11:48:12.202371726Z	64	PC: 12bee \| Write file or device (See above)
2018-12-25T11:48:12.209838029Z	62	PC: 12bf5 \| Close file (See above)
2018-12-25T11:48:12.217818128Z	79	PC: 12c1b \| Find next file (See above)
2018-12-25T11:48:12.220234637Z	61	PC: 12ba3 \| Open file (See above)
2018-12-25T11:48:12.226504104Z	63	PC: 12bb1 \| Read file or device (See above)
2018-12-25T11:48:12.232901256Z	66	PC: 12bcd \| Move file pointer (See above)
2018-12-25T11:48:12.233921695Z	64	PC: 12bd6 \| Write file or device (See above)
2018-12-25T11:48:12.235749155Z	66	PC: 12be2 \| Move file pointer (See above)
2018-12-25T11:48:12.237136934Z	64	PC: 12bee \| Write file or device (See above)
2018-12-25T11:48:12.246105018Z	62	PC: 12bf5 \| Close file (See above)
2018-12-25T11:48:12.253855259Z	79	PC: 12c1b \| Find next file (See above)
2018-12-25T11:48:12.256866342Z	61	PC: 12ba3 \| Open file (See above)
2018-12-25T11:48:12.26448701Z	63	PC: 12bb1 \| Read file or device (See above)
2018-12-25T11:48:12.270569194Z	66	PC: 12bcd \| Move file pointer (See above)
2018-12-25T11:48:12.271755951Z	64	PC: 12bd6 \| Write file or device (See above)
2018-12-25T11:48:12.274702669Z	66	PC: 12be2 \| Move file pointer (See above)
2018-12-25T11:48:12.276030774Z	64	PC: 12bee \| Write file or device (See above)
2018-12-25T11:48:12.284383498Z	62	PC: 12bf5 \| Close file (See above)
2018-12-25T11:48:12.292786089Z	79	PC: 12c1b \| Find next file (See above)
2018-12-25T11:48:12.29527949Z	61	PC: 12ba3 \| Open file (See above)
2018-12-25T11:48:12.301866423Z	63	PC: 12bb1 \| Read file or device (See above)
2018-12-25T11:48:12.309065319Z	66	PC: 12bcd \| Move file pointer (See above)
2018-12-25T11:48:12.310412083Z	64	PC: 12bd6 \| Write file or device (See above)
2018-12-25T11:48:12.312910716Z	66	PC: 12be2 \| Move file pointer (See above)
2018-12-25T11:48:12.314755983Z	64	PC: 12bee \| Write file or device (See above)
2018-12-25T11:48:12.328389778Z	62	PC: 12bf5 \| Close file (See above)
2018-12-25T11:48:12.337569886Z	79	PC: 12c1b \| Find next file (See above)
2018-12-25T11:48:12.341865197Z	61	PC: 12ba3 \| Open file (See above)
2018-12-25T11:48:12.348209396Z	63	PC: 12bb1 \| Read file or device (See above)
2018-12-25T11:48:12.350945443Z	62	PC: 12bf5 \| Close file (See above)
2018-12-25T11:48:12.353710372Z	79	PC: 12c1b \| Find next file (See above)
2018-12-25T11:48:12.356157309Z	78	PC: 12c7e \| Find first file
2018-12-25T11:48:12.361768552Z	78	PC: 12c7e \| Find first file (See above)
2018-12-25T11:48:12.368366502Z	42	PC: 12c3a \| Get date 0x12c3a: cmp dl, 0xd 0x12c3d: jne 0x12c47 0x12c3f: mov dx, di 0x12c41: add dx, 0xe 0x12c44: call 0x12c76 0x12c47: cmp dh, 0xb 0x12c4a: jne 0x12c6f 0x12c4c: cmp dl, 0x1c 0x12c4f: jne 0x12c6c 0x12c51: mov ah, 2 0x12c53: mov bx, 0x21 0x12c56: mov dl, byte ptr cs:[bx + di] 0x12c59: sub dl, 0x60 0x12c5c: int 0x21 0x12c5e: inc bx 0x12c5f: mov cx, 0x20 0x12c62: add cx, 0x45 0x12c65: cmp bx, cx 0x12c67: jb 0x12c56 0x12c69: call 0x12c8e
2018-12-25T11:48:12.372420733Z	78	PC: 12cff \| Find first file
2018-12-25T11:48:12.383107477Z	26	PC: 12b7a \| Set disk transfer address

{"DateBased":true,"Day":28,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3081,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:48:12.081922557Z	47	PC: 12b57 \| Get disk transfer address
2018-12-25T11:48:12.083531183Z	26	PC: 12b65 \| Set disk transfer address
2018-12-25T11:48:12.084697237Z	78	PC: 12bff \| Find first file
2018-12-25T11:48:12.090743547Z	47	PC: 12c05 \| Get disk transfer address
2018-12-25T11:48:12.092702885Z	61	PC: 12ba3 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:48:12.096794092Z	63	PC: 12bb1 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:48:12.101703425Z	66	PC: 12bcd \| Move file pointer
2018-12-25T11:48:12.103040574Z	64	PC: 12bd6 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:48:12.105242084Z	66	PC: 12be2 \| Move file pointer
2018-12-25T11:48:12.110353095Z	64	PC: 12bee \| Write file or device (Write 600 bytes on handle 5)
2018-12-25T11:48:12.123600561Z	62	PC: 12bf5 \| Close file
2018-12-25T11:48:12.132032659Z	79	PC: 12c1b \| Find next file
2018-12-25T11:48:12.134700924Z	61	PC: 12ba3 \| Open file (See above)
2018-12-25T11:48:12.14131019Z	63	PC: 12bb1 \| Read file or device (See above)
2018-12-25T11:48:12.147898347Z	66	PC: 12bcd \| Move file pointer (See above)
2018-12-25T11:48:12.149098977Z	64	PC: 12bd6 \| Write file or device (See above)
2018-12-25T11:48:12.151485547Z	66	PC: 12be2 \| Move file pointer (See above)
2018-12-25T11:48:12.153176305Z	64	PC: 12bee \| Write file or device (See above)
2018-12-25T11:48:12.160776098Z	62	PC: 12bf5 \| Close file (See above)
2018-12-25T11:48:12.168547165Z	79	PC: 12c1b \| Find next file (See above)
2018-12-25T11:48:12.172062566Z	61	PC: 12ba3 \| Open file (See above)
2018-12-25T11:48:12.176675978Z	63	PC: 12bb1 \| Read file or device (See above)
2018-12-25T11:48:12.182924545Z	66	PC: 12bcd \| Move file pointer (See above)
2018-12-25T11:48:12.185049296Z	64	PC: 12bd6 \| Write file or device (See above)
2018-12-25T11:48:12.187720776Z	66	PC: 12be2 \| Move file pointer (See above)
2018-12-25T11:48:12.189063051Z	64	PC: 12bee \| Write file or device (See above)
2018-12-25T11:48:12.198086187Z	62	PC: 12bf5 \| Close file (See above)
2018-12-25T11:48:12.205992496Z	79	PC: 12c1b \| Find next file (See above)
2018-12-25T11:48:12.208535839Z	61	PC: 12ba3 \| Open file (See above)
2018-12-25T11:48:12.217592359Z	63	PC: 12bb1 \| Read file or device (See above)
2018-12-25T11:48:12.224757574Z	66	PC: 12bcd \| Move file pointer (See above)
2018-12-25T11:48:12.226339324Z	64	PC: 12bd6 \| Write file or device (See above)
2018-12-25T11:48:12.230396667Z	66	PC: 12be2 \| Move file pointer (See above)
2018-12-25T11:48:12.231798173Z	64	PC: 12bee \| Write file or device (See above)
2018-12-25T11:48:12.240079578Z	62	PC: 12bf5 \| Close file (See above)
2018-12-25T11:48:12.248965488Z	79	PC: 12c1b \| Find next file (See above)
2018-12-25T11:48:12.251516856Z	61	PC: 12ba3 \| Open file (See above)
2018-12-25T11:48:12.257832432Z	63	PC: 12bb1 \| Read file or device (See above)
2018-12-25T11:48:12.264573152Z	66	PC: 12bcd \| Move file pointer (See above)
2018-12-25T11:48:12.266334201Z	64	PC: 12bd6 \| Write file or device (See above)
2018-12-25T11:48:12.268928315Z	66	PC: 12be2 \| Move file pointer (See above)
2018-12-25T11:48:12.270418559Z	64	PC: 12bee \| Write file or device (See above)
2018-12-25T11:48:12.278589424Z	62	PC: 12bf5 \| Close file (See above)
2018-12-25T11:48:12.28669983Z	79	PC: 12c1b \| Find next file (See above)
2018-12-25T11:48:12.289010123Z	61	PC: 12ba3 \| Open file (See above)
2018-12-25T11:48:12.296221826Z	63	PC: 12bb1 \| Read file or device (See above)
2018-12-25T11:48:12.30336907Z	66	PC: 12bcd \| Move file pointer (See above)
2018-12-25T11:48:12.305086162Z	64	PC: 12bd6 \| Write file or device (See above)
2018-12-25T11:48:12.309246524Z	66	PC: 12be2 \| Move file pointer (See above)
2018-12-25T11:48:12.310918301Z	64	PC: 12bee \| Write file or device (See above)
2018-12-25T11:48:12.320583562Z	62	PC: 12bf5 \| Close file (See above)
2018-12-25T11:48:12.329060337Z	79	PC: 12c1b \| Find next file (See above)
2018-12-25T11:48:12.331695922Z	61	PC: 12ba3 \| Open file (See above)
2018-12-25T11:48:12.338753203Z	63	PC: 12bb1 \| Read file or device (See above)
2018-12-25T11:48:12.346402796Z	66	PC: 12bcd \| Move file pointer (See above)
2018-12-25T11:48:12.348093669Z	64	PC: 12bd6 \| Write file or device (See above)
2018-12-25T11:48:12.351009792Z	66	PC: 12be2 \| Move file pointer (See above)
2018-12-25T11:48:12.353595272Z	64	PC: 12bee \| Write file or device (See above)
2018-12-25T11:48:12.361726487Z	62	PC: 12bf5 \| Close file (See above)
2018-12-25T11:48:12.36985504Z	79	PC: 12c1b \| Find next file (See above)
2018-12-25T11:48:12.372974587Z	61	PC: 12ba3 \| Open file (See above)
2018-12-25T11:48:12.379361119Z	63	PC: 12bb1 \| Read file or device (See above)
2018-12-25T11:48:12.381918294Z	62	PC: 12bf5 \| Close file (See above)
2018-12-25T11:48:12.38459826Z	79	PC: 12c1b \| Find next file (See above)
2018-12-25T11:48:12.387157262Z	78	PC: 12c7e \| Find first file
2018-12-25T11:48:12.392922002Z	78	PC: 12c7e \| Find first file (See above)
2018-12-25T11:48:12.399778777Z	42	PC: 12c3a \| Get date 0x12c3a: cmp dl, 0xd 0x12c3d: jne 0x12c47 0x12c3f: mov dx, di 0x12c41: add dx, 0xe 0x12c44: call 0x12c76 0x12c47: cmp dh, 0xb 0x12c4a: jne 0x12c6f 0x12c4c: cmp dl, 0x1c 0x12c4f: jne 0x12c6c 0x12c51: mov ah, 2 0x12c53: mov bx, 0x21 0x12c56: mov dl, byte ptr cs:[bx + di] 0x12c59: sub dl, 0x60 0x12c5c: int 0x21 0x12c5e: inc bx 0x12c5f: mov cx, 0x20 0x12c62: add cx, 0x45 0x12c65: cmp bx, cx 0x12c67: jb 0x12c56 0x12c69: call 0x12c8e
2018-12-25T11:48:12.4028081Z	2	PC: 12c5e \| Character output (Char = '0a')
2018-12-25T11:48:12.406671084Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.408899904Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.410470728Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.412194588Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.415404189Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.418668706Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.420989618Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.423513558Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.426419221Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.428458203Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.430393939Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.432445905Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.434450557Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.436506892Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.439320396Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.441485219Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.443839084Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.446748537Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.448761288Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.450703214Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.453053125Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.45498923Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.456996572Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.459380424Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.461333624Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.463277997Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.466339905Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.468260875Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.470157053Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.4729714Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.475018574Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.478363926Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.484128811Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.486401858Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.488633648Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.492917015Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.495576631Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.497800477Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.500721263Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.502835618Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.511622881Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.51436727Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.516393822Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.518373186Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.520942571Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.522824664Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.524776099Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.527411594Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.531209365Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.533326045Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.536226935Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.538903181Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.541251249Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.543808469Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.546788881Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.549101269Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.551447685Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.55554052Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.557885572Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.56024261Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.563567563Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.565797846Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.568145373Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.571587187Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.573965813Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.576359423Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.579698478Z	2	PC: 12c5e \| Character output (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3081,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:48:12.123726125Z	47	PC: 12b57 \| Get disk transfer address
2018-12-25T11:48:12.125544802Z	26	PC: 12b65 \| Set disk transfer address
2018-12-25T11:48:12.126764998Z	78	PC: 12bff \| Find first file
2018-12-25T11:48:12.13411244Z	47	PC: 12c05 \| Get disk transfer address
2018-12-25T11:48:12.135413877Z	61	PC: 12ba3 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:48:12.151208513Z	63	PC: 12bb1 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:48:12.157942104Z	66	PC: 12bcd \| Move file pointer
2018-12-25T11:48:12.159359756Z	64	PC: 12bd6 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:48:12.184744538Z	66	PC: 12be2 \| Move file pointer
2018-12-25T11:48:12.185898241Z	64	PC: 12bee \| Write file or device (Write 600 bytes on handle 5)
2018-12-25T11:48:12.297187392Z	62	PC: 12bf5 \| Close file
2018-12-25T11:48:12.312045856Z	79	PC: 12c1b \| Find next file
2018-12-25T11:48:12.315605855Z	61	PC: 12ba3 \| Open file (See above)
2018-12-25T11:48:12.324221739Z	63	PC: 12bb1 \| Read file or device (See above)
2018-12-25T11:48:12.332134632Z	66	PC: 12bcd \| Move file pointer (See above)
2018-12-25T11:48:12.334044214Z	64	PC: 12bd6 \| Write file or device (See above)
2018-12-25T11:48:12.337335455Z	66	PC: 12be2 \| Move file pointer (See above)
2018-12-25T11:48:12.344067315Z	64	PC: 12bee \| Write file or device (See above)
2018-12-25T11:48:12.352970917Z	62	PC: 12bf5 \| Close file (See above)
2018-12-25T11:48:12.364274588Z	79	PC: 12c1b \| Find next file (See above)
2018-12-25T11:48:12.368160196Z	61	PC: 12ba3 \| Open file (See above)
2018-12-25T11:48:12.375908258Z	63	PC: 12bb1 \| Read file or device (See above)
2018-12-25T11:48:12.383379445Z	66	PC: 12bcd \| Move file pointer (See above)
2018-12-25T11:48:12.385627012Z	64	PC: 12bd6 \| Write file or device (See above)
2018-12-25T11:48:12.390248853Z	66	PC: 12be2 \| Move file pointer (See above)
2018-12-25T11:48:12.393126548Z	64	PC: 12bee \| Write file or device (See above)
2018-12-25T11:48:12.409939009Z	62	PC: 12bf5 \| Close file (See above)
2018-12-25T11:48:12.429028763Z	79	PC: 12c1b \| Find next file (See above)
2018-12-25T11:48:12.432857762Z	61	PC: 12ba3 \| Open file (See above)
2018-12-25T11:48:12.441261781Z	63	PC: 12bb1 \| Read file or device (See above)
2018-12-25T11:48:12.454588446Z	66	PC: 12bcd \| Move file pointer (See above)
2018-12-25T11:48:12.457604491Z	64	PC: 12bd6 \| Write file or device (See above)
2018-12-25T11:48:12.461015438Z	66	PC: 12be2 \| Move file pointer (See above)
2018-12-25T11:48:12.463652714Z	64	PC: 12bee \| Write file or device (See above)
2018-12-25T11:48:12.474704636Z	62	PC: 12bf5 \| Close file (See above)
2018-12-25T11:48:12.485352453Z	79	PC: 12c1b \| Find next file (See above)
2018-12-25T11:48:12.489366214Z	61	PC: 12ba3 \| Open file (See above)
2018-12-25T11:48:12.498035202Z	63	PC: 12bb1 \| Read file or device (See above)
2018-12-25T11:48:12.505839472Z	66	PC: 12bcd \| Move file pointer (See above)
2018-12-25T11:48:12.50822059Z	64	PC: 12bd6 \| Write file or device (See above)
2018-12-25T11:48:12.511642842Z	66	PC: 12be2 \| Move file pointer (See above)
2018-12-25T11:48:12.513590361Z	64	PC: 12bee \| Write file or device (See above)
2018-12-25T11:48:12.5241674Z	62	PC: 12bf5 \| Close file (See above)
2018-12-25T11:48:12.534501796Z	79	PC: 12c1b \| Find next file (See above)
2018-12-25T11:48:12.537678603Z	61	PC: 12ba3 \| Open file (See above)
2018-12-25T11:48:12.54489922Z	63	PC: 12bb1 \| Read file or device (See above)
2018-12-25T11:48:12.552387004Z	66	PC: 12bcd \| Move file pointer (See above)
2018-12-25T11:48:12.554136437Z	64	PC: 12bd6 \| Write file or device (See above)
2018-12-25T11:48:12.55747517Z	66	PC: 12be2 \| Move file pointer (See above)
2018-12-25T11:48:12.559709375Z	64	PC: 12bee \| Write file or device (See above)
2018-12-25T11:48:12.569256762Z	62	PC: 12bf5 \| Close file (See above)
2018-12-25T11:48:12.578023598Z	79	PC: 12c1b \| Find next file (See above)
2018-12-25T11:48:12.581429851Z	61	PC: 12ba3 \| Open file (See above)
2018-12-25T11:48:12.58976652Z	63	PC: 12bb1 \| Read file or device (See above)
2018-12-25T11:48:12.597295389Z	66	PC: 12bcd \| Move file pointer (See above)
2018-12-25T11:48:12.599409855Z	64	PC: 12bd6 \| Write file or device (See above)
2018-12-25T11:48:12.602539631Z	66	PC: 12be2 \| Move file pointer (See above)
2018-12-25T11:48:12.604169637Z	64	PC: 12bee \| Write file or device (See above)
2018-12-25T11:48:12.613971476Z	62	PC: 12bf5 \| Close file (See above)
2018-12-25T11:48:12.623646429Z	79	PC: 12c1b \| Find next file (See above)
2018-12-25T11:48:12.626886647Z	61	PC: 12ba3 \| Open file (See above)
2018-12-25T11:48:12.634510102Z	63	PC: 12bb1 \| Read file or device (See above)
2018-12-25T11:48:12.637403916Z	62	PC: 12bf5 \| Close file (See above)
2018-12-25T11:48:12.639037765Z	79	PC: 12c1b \| Find next file (See above)
2018-12-25T11:48:12.642043781Z	78	PC: 12c7e \| Find first file
2018-12-25T11:48:12.649120065Z	78	PC: 12c7e \| Find first file (See above)
2018-12-25T11:48:12.654702681Z	42	PC: 12c3a \| Get date 0x12c3a: cmp dl, 0xd 0x12c3d: jne 0x12c47 0x12c3f: mov dx, di 0x12c41: add dx, 0xe 0x12c44: call 0x12c76 0x12c47: cmp dh, 0xb 0x12c4a: jne 0x12c6f 0x12c4c: cmp dl, 0x1c 0x12c4f: jne 0x12c6c 0x12c51: mov ah, 2 0x12c53: mov bx, 0x21 0x12c56: mov dl, byte ptr cs:[bx + di] 0x12c59: sub dl, 0x60 0x12c5c: int 0x21 0x12c5e: inc bx 0x12c5f: mov cx, 0x20 0x12c62: add cx, 0x45 0x12c65: cmp bx, cx 0x12c67: jb 0x12c56 0x12c69: call 0x12c8e
2018-12-25T11:48:12.65639955Z	78	PC: 12cff \| Find first file
2018-12-25T11:48:12.661016462Z	26	PC: 12b7a \| Set disk transfer address

{"DateBased":true,"Day":13,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3081,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:48:12.244981894Z	47	PC: 12b57 \| Get disk transfer address
2018-12-25T11:48:12.246424987Z	26	PC: 12b65 \| Set disk transfer address
2018-12-25T11:48:12.248127373Z	78	PC: 12bff \| Find first file
2018-12-25T11:48:12.255020697Z	47	PC: 12c05 \| Get disk transfer address
2018-12-25T11:48:12.256230579Z	61	PC: 12ba3 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:48:12.263179504Z	63	PC: 12bb1 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:48:12.270413527Z	66	PC: 12bcd \| Move file pointer
2018-12-25T11:48:12.272155091Z	64	PC: 12bd6 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:48:12.274892061Z	66	PC: 12be2 \| Move file pointer
2018-12-25T11:48:12.276593956Z	64	PC: 12bee \| Write file or device (Write 600 bytes on handle 5)
2018-12-25T11:48:12.303269357Z	62	PC: 12bf5 \| Close file
2018-12-25T11:48:12.312193532Z	79	PC: 12c1b \| Find next file
2018-12-25T11:48:12.315813265Z	61	PC: 12ba3 \| Open file (See above)
2018-12-25T11:48:12.335548378Z	63	PC: 12bb1 \| Read file or device (See above)
2018-12-25T11:48:12.343851942Z	66	PC: 12bcd \| Move file pointer (See above)
2018-12-25T11:48:12.345378256Z	64	PC: 12bd6 \| Write file or device (See above)
2018-12-25T11:48:12.349426565Z	66	PC: 12be2 \| Move file pointer (See above)
2018-12-25T11:48:12.351044767Z	64	PC: 12bee \| Write file or device (See above)
2018-12-25T11:48:12.364071346Z	62	PC: 12bf5 \| Close file (See above)
2018-12-25T11:48:12.373961247Z	79	PC: 12c1b \| Find next file (See above)
2018-12-25T11:48:12.377750504Z	61	PC: 12ba3 \| Open file (See above)
2018-12-25T11:48:12.385947289Z	63	PC: 12bb1 \| Read file or device (See above)
2018-12-25T11:48:12.393845281Z	66	PC: 12bcd \| Move file pointer (See above)
2018-12-25T11:48:12.395392985Z	64	PC: 12bd6 \| Write file or device (See above)
2018-12-25T11:48:12.398275188Z	66	PC: 12be2 \| Move file pointer (See above)
2018-12-25T11:48:12.400649198Z	64	PC: 12bee \| Write file or device (See above)
2018-12-25T11:48:12.409619372Z	62	PC: 12bf5 \| Close file (See above)
2018-12-25T11:48:12.418882084Z	79	PC: 12c1b \| Find next file (See above)
2018-12-25T11:48:12.42276066Z	61	PC: 12ba3 \| Open file (See above)
2018-12-25T11:48:12.430010674Z	63	PC: 12bb1 \| Read file or device (See above)
2018-12-25T11:48:12.437776216Z	66	PC: 12bcd \| Move file pointer (See above)
2018-12-25T11:48:12.439938867Z	64	PC: 12bd6 \| Write file or device (See above)
2018-12-25T11:48:12.44326258Z	66	PC: 12be2 \| Move file pointer (See above)
2018-12-25T11:48:12.445377265Z	64	PC: 12bee \| Write file or device (See above)
2018-12-25T11:48:12.454990557Z	62	PC: 12bf5 \| Close file (See above)
2018-12-25T11:48:12.467659147Z	79	PC: 12c1b \| Find next file (See above)
2018-12-25T11:48:12.471841113Z	61	PC: 12ba3 \| Open file (See above)
2018-12-25T11:48:12.479287405Z	63	PC: 12bb1 \| Read file or device (See above)
2018-12-25T11:48:12.48770781Z	66	PC: 12bcd \| Move file pointer (See above)
2018-12-25T11:48:12.489740485Z	64	PC: 12bd6 \| Write file or device (See above)
2018-12-25T11:48:12.493224908Z	66	PC: 12be2 \| Move file pointer (See above)
2018-12-25T11:48:12.496139391Z	64	PC: 12bee \| Write file or device (See above)
2018-12-25T11:48:12.50542091Z	62	PC: 12bf5 \| Close file (See above)
2018-12-25T11:48:12.513620991Z	79	PC: 12c1b \| Find next file (See above)
2018-12-25T11:48:12.517647236Z	61	PC: 12ba3 \| Open file (See above)
2018-12-25T11:48:12.522236699Z	63	PC: 12bb1 \| Read file or device (See above)
2018-12-25T11:48:12.52949301Z	66	PC: 12bcd \| Move file pointer (See above)
2018-12-25T11:48:12.531424064Z	64	PC: 12bd6 \| Write file or device (See above)
2018-12-25T11:48:12.534210396Z	66	PC: 12be2 \| Move file pointer (See above)
2018-12-25T11:48:12.535410592Z	64	PC: 12bee \| Write file or device (See above)
2018-12-25T11:48:12.54095232Z	62	PC: 12bf5 \| Close file (See above)
2018-12-25T11:48:12.546502786Z	79	PC: 12c1b \| Find next file (See above)
2018-12-25T11:48:12.548305439Z	61	PC: 12ba3 \| Open file (See above)
2018-12-25T11:48:12.552584479Z	63	PC: 12bb1 \| Read file or device (See above)
2018-12-25T11:48:12.55708649Z	66	PC: 12bcd \| Move file pointer (See above)
2018-12-25T11:48:12.558280276Z	64	PC: 12bd6 \| Write file or device (See above)
2018-12-25T11:48:12.560131708Z	66	PC: 12be2 \| Move file pointer (See above)
2018-12-25T11:48:12.562119366Z	64	PC: 12bee \| Write file or device (See above)
2018-12-25T11:48:12.567749187Z	62	PC: 12bf5 \| Close file (See above)
2018-12-25T11:48:12.589145401Z	79	PC: 12c1b \| Find next file (See above)
2018-12-25T11:48:12.59269582Z	61	PC: 12ba3 \| Open file (See above)
2018-12-25T11:48:12.597076071Z	63	PC: 12bb1 \| Read file or device (See above)
2018-12-25T11:48:12.599847824Z	62	PC: 12bf5 \| Close file (See above)
2018-12-25T11:48:12.602091963Z	79	PC: 12c1b \| Find next file (See above)
2018-12-25T11:48:12.604766906Z	78	PC: 12c7e \| Find first file
2018-12-25T11:48:12.610814236Z	78	PC: 12c7e \| Find first file (See above)
2018-12-25T11:48:12.61741574Z	42	PC: 12c3a \| Get date 0x12c3a: cmp dl, 0xd 0x12c3d: jne 0x12c47 0x12c3f: mov dx, di 0x12c41: add dx, 0xe 0x12c44: call 0x12c76 0x12c47: cmp dh, 0xb 0x12c4a: jne 0x12c6f 0x12c4c: cmp dl, 0x1c 0x12c4f: jne 0x12c6c 0x12c51: mov ah, 2 0x12c53: mov bx, 0x21 0x12c56: mov dl, byte ptr cs:[bx + di] 0x12c59: sub dl, 0x60 0x12c5c: int 0x21 0x12c5e: inc bx 0x12c5f: mov cx, 0x20 0x12c62: add cx, 0x45 0x12c65: cmp bx, cx 0x12c67: jb 0x12c56 0x12c69: call 0x12c8e
2018-12-25T11:48:12.619848781Z	78	PC: 12c7e \| Find first file (See above)
2018-12-25T11:48:12.626256593Z	78	PC: 12cff \| Find first file
2018-12-25T11:48:12.638295493Z	26	PC: 12b7a \| Set disk transfer address

{"DateBased":true,"Day":1,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3081,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:48:12.269801985Z	47	PC: 12b57 \| Get disk transfer address
2018-12-25T11:48:12.271738306Z	26	PC: 12b65 \| Set disk transfer address
2018-12-25T11:48:12.2728143Z	78	PC: 12bff \| Find first file
2018-12-25T11:48:12.278651973Z	47	PC: 12c05 \| Get disk transfer address
2018-12-25T11:48:12.280886871Z	61	PC: 12ba3 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:48:12.287297114Z	63	PC: 12bb1 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:48:12.293359588Z	66	PC: 12bcd \| Move file pointer
2018-12-25T11:48:12.295497909Z	64	PC: 12bd6 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:48:12.306273256Z	66	PC: 12be2 \| Move file pointer
2018-12-25T11:48:12.307611117Z	64	PC: 12bee \| Write file or device (Write 600 bytes on handle 5)
2018-12-25T11:48:12.322114555Z	62	PC: 12bf5 \| Close file
2018-12-25T11:48:12.331580724Z	79	PC: 12c1b \| Find next file
2018-12-25T11:48:12.334116745Z	61	PC: 12ba3 \| Open file (See above)
2018-12-25T11:48:12.340548918Z	63	PC: 12bb1 \| Read file or device (See above)
2018-12-25T11:48:12.351128412Z	66	PC: 12bcd \| Move file pointer (See above)
2018-12-25T11:48:12.352837276Z	64	PC: 12bd6 \| Write file or device (See above)
2018-12-25T11:48:12.355347017Z	66	PC: 12be2 \| Move file pointer (See above)
2018-12-25T11:48:12.356862689Z	64	PC: 12bee \| Write file or device (See above)
2018-12-25T11:48:12.364413043Z	62	PC: 12bf5 \| Close file (See above)
2018-12-25T11:48:12.371991301Z	79	PC: 12c1b \| Find next file (See above)
2018-12-25T11:48:12.374878209Z	61	PC: 12ba3 \| Open file (See above)
2018-12-25T11:48:12.381105906Z	63	PC: 12bb1 \| Read file or device (See above)
2018-12-25T11:48:12.387618523Z	66	PC: 12bcd \| Move file pointer (See above)
2018-12-25T11:48:12.389414445Z	64	PC: 12bd6 \| Write file or device (See above)
2018-12-25T11:48:12.392094586Z	66	PC: 12be2 \| Move file pointer (See above)
2018-12-25T11:48:12.393279865Z	64	PC: 12bee \| Write file or device (See above)
2018-12-25T11:48:12.401264536Z	62	PC: 12bf5 \| Close file (See above)
2018-12-25T11:48:12.409121167Z	79	PC: 12c1b \| Find next file (See above)
2018-12-25T11:48:12.41154572Z	61	PC: 12ba3 \| Open file (See above)
2018-12-25T11:48:12.418086152Z	63	PC: 12bb1 \| Read file or device (See above)
2018-12-25T11:48:12.42399017Z	66	PC: 12bcd \| Move file pointer (See above)
2018-12-25T11:48:12.425108803Z	64	PC: 12bd6 \| Write file or device (See above)
2018-12-25T11:48:12.4288948Z	66	PC: 12be2 \| Move file pointer (See above)
2018-12-25T11:48:12.430534232Z	64	PC: 12bee \| Write file or device (See above)
2018-12-25T11:48:12.4381946Z	62	PC: 12bf5 \| Close file (See above)
2018-12-25T11:48:12.447486368Z	79	PC: 12c1b \| Find next file (See above)
2018-12-25T11:48:12.459559464Z	61	PC: 12ba3 \| Open file (See above)
2018-12-25T11:48:12.466788656Z	63	PC: 12bb1 \| Read file or device (See above)
2018-12-25T11:48:12.473427236Z	66	PC: 12bcd \| Move file pointer (See above)
2018-12-25T11:48:12.47541627Z	64	PC: 12bd6 \| Write file or device (See above)
2018-12-25T11:48:12.477990705Z	66	PC: 12be2 \| Move file pointer (See above)
2018-12-25T11:48:12.479374529Z	64	PC: 12bee \| Write file or device (See above)
2018-12-25T11:48:12.487810252Z	62	PC: 12bf5 \| Close file (See above)
2018-12-25T11:48:12.496186291Z	79	PC: 12c1b \| Find next file (See above)
2018-12-25T11:48:12.498756189Z	61	PC: 12ba3 \| Open file (See above)
2018-12-25T11:48:12.506820708Z	63	PC: 12bb1 \| Read file or device (See above)
2018-12-25T11:48:12.513723848Z	66	PC: 12bcd \| Move file pointer (See above)
2018-12-25T11:48:12.515375464Z	64	PC: 12bd6 \| Write file or device (See above)
2018-12-25T11:48:12.518959362Z	66	PC: 12be2 \| Move file pointer (See above)
2018-12-25T11:48:12.520701622Z	64	PC: 12bee \| Write file or device (See above)
2018-12-25T11:48:12.533066567Z	62	PC: 12bf5 \| Close file (See above)
2018-12-25T11:48:12.54199545Z	79	PC: 12c1b \| Find next file (See above)
2018-12-25T11:48:12.544937926Z	61	PC: 12ba3 \| Open file (See above)
2018-12-25T11:48:12.551466457Z	63	PC: 12bb1 \| Read file or device (See above)
2018-12-25T11:48:12.558910658Z	66	PC: 12bcd \| Move file pointer (See above)
2018-12-25T11:48:12.560921369Z	64	PC: 12bd6 \| Write file or device (See above)
2018-12-25T11:48:12.563835085Z	66	PC: 12be2 \| Move file pointer (See above)
2018-12-25T11:48:12.566262162Z	64	PC: 12bee \| Write file or device (See above)
2018-12-25T11:48:12.573932126Z	62	PC: 12bf5 \| Close file (See above)
2018-12-25T11:48:12.582086195Z	79	PC: 12c1b \| Find next file (See above)
2018-12-25T11:48:12.58541116Z	61	PC: 12ba3 \| Open file (See above)
2018-12-25T11:48:12.592528709Z	63	PC: 12bb1 \| Read file or device (See above)
2018-12-25T11:48:12.596564757Z	62	PC: 12bf5 \| Close file (See above)
2018-12-25T11:48:12.598911494Z	79	PC: 12c1b \| Find next file (See above)
2018-12-25T11:48:12.602870953Z	78	PC: 12c7e \| Find first file
2018-12-25T11:48:12.608497022Z	78	PC: 12c7e \| Find first file (See above)
2018-12-25T11:48:12.614916965Z	42	PC: 12c3a \| Get date 0x12c3a: cmp dl, 0xd 0x12c3d: jne 0x12c47 0x12c3f: mov dx, di 0x12c41: add dx, 0xe 0x12c44: call 0x12c76 0x12c47: cmp dh, 0xb 0x12c4a: jne 0x12c6f 0x12c4c: cmp dl, 0x1c 0x12c4f: jne 0x12c6c 0x12c51: mov ah, 2 0x12c53: mov bx, 0x21 0x12c56: mov dl, byte ptr cs:[bx + di] 0x12c59: sub dl, 0x60 0x12c5c: int 0x21 0x12c5e: inc bx 0x12c5f: mov cx, 0x20 0x12c62: add cx, 0x45 0x12c65: cmp bx, cx 0x12c67: jb 0x12c56 0x12c69: call 0x12c8e
2018-12-25T11:48:12.623043881Z	78	PC: 12cff \| Find first file
2018-12-25T11:48:12.628965232Z	26	PC: 12b7a \| Set disk transfer address

{"DateBased":true,"Day":28,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3081,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:48:12.285097245Z	47	PC: 12b57 \| Get disk transfer address
2018-12-25T11:48:12.286863866Z	26	PC: 12b65 \| Set disk transfer address
2018-12-25T11:48:12.287953035Z	78	PC: 12bff \| Find first file
2018-12-25T11:48:12.293771255Z	47	PC: 12c05 \| Get disk transfer address
2018-12-25T11:48:12.295558172Z	61	PC: 12ba3 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:48:12.301838725Z	63	PC: 12bb1 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:48:12.307907207Z	66	PC: 12bcd \| Move file pointer
2018-12-25T11:48:12.309470147Z	64	PC: 12bd6 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:48:12.312130988Z	66	PC: 12be2 \| Move file pointer
2018-12-25T11:48:12.313406604Z	64	PC: 12bee \| Write file or device (Write 600 bytes on handle 5)
2018-12-25T11:48:12.328707678Z	62	PC: 12bf5 \| Close file
2018-12-25T11:48:12.337962715Z	79	PC: 12c1b \| Find next file
2018-12-25T11:48:12.340779536Z	61	PC: 12ba3 \| Open file (See above)
2018-12-25T11:48:12.347394032Z	63	PC: 12bb1 \| Read file or device (See above)
2018-12-25T11:48:12.354335474Z	66	PC: 12bcd \| Move file pointer (See above)
2018-12-25T11:48:12.35553294Z	64	PC: 12bd6 \| Write file or device (See above)
2018-12-25T11:48:12.358809927Z	66	PC: 12be2 \| Move file pointer (See above)
2018-12-25T11:48:12.362158057Z	64	PC: 12bee \| Write file or device (See above)
2018-12-25T11:48:12.369857547Z	62	PC: 12bf5 \| Close file (See above)
2018-12-25T11:48:12.377575569Z	79	PC: 12c1b \| Find next file (See above)
2018-12-25T11:48:12.380665401Z	61	PC: 12ba3 \| Open file (See above)
2018-12-25T11:48:12.386974171Z	63	PC: 12bb1 \| Read file or device (See above)
2018-12-25T11:48:12.393827969Z	66	PC: 12bcd \| Move file pointer (See above)
2018-12-25T11:48:12.396131045Z	64	PC: 12bd6 \| Write file or device (See above)
2018-12-25T11:48:12.39864055Z	66	PC: 12be2 \| Move file pointer (See above)
2018-12-25T11:48:12.399933387Z	64	PC: 12bee \| Write file or device (See above)
2018-12-25T11:48:12.412293558Z	62	PC: 12bf5 \| Close file (See above)
2018-12-25T11:48:12.420536046Z	79	PC: 12c1b \| Find next file (See above)
2018-12-25T11:48:12.427014929Z	61	PC: 12ba3 \| Open file (See above)
2018-12-25T11:48:12.434682593Z	63	PC: 12bb1 \| Read file or device (See above)
2018-12-25T11:48:12.440999766Z	66	PC: 12bcd \| Move file pointer (See above)
2018-12-25T11:48:12.442376814Z	64	PC: 12bd6 \| Write file or device (See above)
2018-12-25T11:48:12.445776932Z	66	PC: 12be2 \| Move file pointer (See above)
2018-12-25T11:48:12.448527418Z	64	PC: 12bee \| Write file or device (See above)
2018-12-25T11:48:12.457037593Z	62	PC: 12bf5 \| Close file (See above)
2018-12-25T11:48:12.465041197Z	79	PC: 12c1b \| Find next file (See above)
2018-12-25T11:48:12.468168991Z	61	PC: 12ba3 \| Open file (See above)
2018-12-25T11:48:12.474499385Z	63	PC: 12bb1 \| Read file or device (See above)
2018-12-25T11:48:12.480431142Z	66	PC: 12bcd \| Move file pointer (See above)
2018-12-25T11:48:12.482300897Z	64	PC: 12bd6 \| Write file or device (See above)
2018-12-25T11:48:12.484895319Z	66	PC: 12be2 \| Move file pointer (See above)
2018-12-25T11:48:12.486183877Z	64	PC: 12bee \| Write file or device (See above)
2018-12-25T11:48:12.494417264Z	62	PC: 12bf5 \| Close file (See above)
2018-12-25T11:48:12.502369451Z	79	PC: 12c1b \| Find next file (See above)
2018-12-25T11:48:12.504866111Z	61	PC: 12ba3 \| Open file (See above)
2018-12-25T11:48:12.512095548Z	63	PC: 12bb1 \| Read file or device (See above)
2018-12-25T11:48:12.518514648Z	66	PC: 12bcd \| Move file pointer (See above)
2018-12-25T11:48:12.520847277Z	64	PC: 12bd6 \| Write file or device (See above)
2018-12-25T11:48:12.524182952Z	66	PC: 12be2 \| Move file pointer (See above)
2018-12-25T11:48:12.525567382Z	64	PC: 12bee \| Write file or device (See above)
2018-12-25T11:48:12.533985631Z	62	PC: 12bf5 \| Close file (See above)
2018-12-25T11:48:12.542717672Z	79	PC: 12c1b \| Find next file (See above)
2018-12-25T11:48:12.54547771Z	61	PC: 12ba3 \| Open file (See above)
2018-12-25T11:48:12.552168871Z	63	PC: 12bb1 \| Read file or device (See above)
2018-12-25T11:48:12.559365738Z	66	PC: 12bcd \| Move file pointer (See above)
2018-12-25T11:48:12.560798637Z	64	PC: 12bd6 \| Write file or device (See above)
2018-12-25T11:48:12.563535Z	66	PC: 12be2 \| Move file pointer (See above)
2018-12-25T11:48:12.56540812Z	64	PC: 12bee \| Write file or device (See above)
2018-12-25T11:48:12.573348128Z	62	PC: 12bf5 \| Close file (See above)
2018-12-25T11:48:12.581019122Z	79	PC: 12c1b \| Find next file (See above)
2018-12-25T11:48:12.584234645Z	61	PC: 12ba3 \| Open file (See above)
2018-12-25T11:48:12.591019711Z	63	PC: 12bb1 \| Read file or device (See above)
2018-12-25T11:48:12.593320438Z	62	PC: 12bf5 \| Close file (See above)
2018-12-25T11:48:12.595383467Z	79	PC: 12c1b \| Find next file (See above)
2018-12-25T11:48:12.598475349Z	78	PC: 12c7e \| Find first file
2018-12-25T11:48:12.603991694Z	78	PC: 12c7e \| Find first file (See above)
2018-12-25T11:48:12.609655813Z	42	PC: 12c3a \| Get date 0x12c3a: cmp dl, 0xd 0x12c3d: jne 0x12c47 0x12c3f: mov dx, di 0x12c41: add dx, 0xe 0x12c44: call 0x12c76 0x12c47: cmp dh, 0xb 0x12c4a: jne 0x12c6f 0x12c4c: cmp dl, 0x1c 0x12c4f: jne 0x12c6c 0x12c51: mov ah, 2 0x12c53: mov bx, 0x21 0x12c56: mov dl, byte ptr cs:[bx + di] 0x12c59: sub dl, 0x60 0x12c5c: int 0x21 0x12c5e: inc bx 0x12c5f: mov cx, 0x20 0x12c62: add cx, 0x45 0x12c65: cmp bx, cx 0x12c67: jb 0x12c56 0x12c69: call 0x12c8e
2018-12-25T11:48:12.612258583Z	2	PC: 12c5e \| Character output (Char = '0a')
2018-12-25T11:48:12.615751601Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.617575456Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.620146202Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.622049874Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.623892434Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.626468456Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.628393646Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.630306272Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.632901856Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.634985454Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.636985109Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.639599257Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.64180718Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.644009312Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.646703784Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.648833022Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.651074927Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.653885349Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.656123132Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.658405252Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.661338064Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.664268686Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.666912523Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.670379989Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.672516151Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.67455228Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.677148428Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.679374112Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.68151191Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.684766154Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.687946452Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.691917139Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.695199687Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.69775129Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.700232805Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.705952345Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.708441942Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.710908606Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.713973195Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.71609229Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.718420818Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.721448896Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.725092337Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.727192915Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.730077373Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.73254888Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.73473562Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.737314466Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.742112602Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.743958396Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.746188849Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.748647555Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.750528219Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.752578171Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.755329526Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.757317183Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.758874749Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.762232059Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.763844816Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.765482744Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.767528749Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.769044628Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.77044139Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.772544803Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.774538255Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.776426722Z	2	PC: 12c5e \| Character output (See above)
2018-12-25T11:48:12.779191632Z	2	PC: 12c5e \| Character output (See above)