Sample viewer

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":4599,"SideJobID":0}

.

GIF

Syscalls:

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":4599,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:52:22.876069493Z	71	PC: 12b32 | Get current directory
2018-12-25T11:52:22.879569092Z	59	PC: 12b3e | Change current directory
2018-12-25T11:52:22.883946319Z	26	PC: 12bf3 | Set disk transfer address
2018-12-25T11:52:22.884948949Z	78	PC: 12c01 | Find first file
2018-12-25T11:52:22.897415726Z	61	PC: 12c2c | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:52:22.904837496Z	63	PC: 12c3e | Read file or device (Read 8 bytes on handle 5)
2018-12-25T11:52:22.91182157Z	44	PC: 12c74 | Get time 0x12c74: add dl, dh 0x12c76: je 0x12c70 0x12c78: mov si, 0x115 0x12c7b: add si, word ptr [0x106] 0x12c7f: mov byte ptr [si], dl 0x12c81: mov ax, 0x4301 0x12c84: xor cx, cx 0x12c86: mov dx, si 0x12c88: add dx, 0xb7 0x12c8c: int 0x21 0x12c8e: mov ah, 0x3e 0x12c90: int 0x21 0x12c92: mov ax, 0x3d02 0x12c95: int 0x21 0x12c97: jb 0x12c4d 0x12c99: mov di, dx 0x12c9b: add di, 0x62 0x12c9f: stosw word ptr es:[di], ax 0x12ca0: xchg ax, bx 0x12ca1: mov ah, 0x40
2018-12-25T11:52:22.914073465Z	67	PC: 12c8e | Get or set file attributes
2018-12-25T11:52:22.930848652Z	62	PC: 12c92 | Close file
2018-12-25T11:52:22.932685326Z	61	PC: 12c97 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:52:22.939912893Z	64	PC: 12cab | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:52:22.943371021Z	64	PC: 12cbe | Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:52:22.946165792Z	64	PC: 12cd3 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:52:22.948898148Z	66	PC: 12cdc | Move file pointer
2018-12-25T11:52:22.951719658Z	64	PC: 12a7f | Write file or device (Write 1133 bytes on handle 5)
2018-12-25T11:52:22.962466771Z	87	PC: 12cf6 | Get or set file date and time
2018-12-25T11:52:22.964081748Z	62	PC: 12cfa | Close file
2018-12-25T11:52:22.972909761Z	67	PC: 12d0d | Get or set file attributes
2018-12-25T11:52:22.979776617Z	79	PC: 12c14 | Find next file
2018-12-25T11:52:22.981730974Z	61	PC: 12c2c | Open file (See above)
2018-12-25T11:52:22.986464938Z	63	PC: 12c3e | Read file or device (See above)
2018-12-25T11:52:22.990705838Z	44	PC: 12c74 | Get time (See above)
2018-12-25T11:52:22.992256534Z	67	PC: 12c8e | Get or set file attributes (See above)
2018-12-25T11:52:23.003856837Z	62	PC: 12c92 | Close file (See above)
2018-12-25T11:52:23.005689502Z	61	PC: 12c97 | Open file (See above)
2018-12-25T11:52:23.016749053Z	64	PC: 12cab | Write file or device (See above)
2018-12-25T11:52:23.021352106Z	64	PC: 12cbe | Write file or device (See above)
2018-12-25T11:52:23.02537353Z	64	PC: 12cd3 | Write file or device (See above)
2018-12-25T11:52:23.028308116Z	66	PC: 12cdc | Move file pointer (See above)
2018-12-25T11:52:23.0304353Z	64	PC: 12a7f | Write file or device (See above)
2018-12-25T11:52:23.04060492Z	87	PC: 12cf6 | Get or set file date and time (See above)
2018-12-25T11:52:23.042268541Z	62	PC: 12cfa | Close file (See above)
2018-12-25T11:52:23.050652691Z	67	PC: 12d0d | Get or set file attributes (See above)
2018-12-25T11:52:23.061402071Z	79	PC: 12c14 | Find next file (See above)
2018-12-25T11:52:23.064060658Z	61	PC: 12c2c | Open file (See above)
2018-12-25T11:52:23.071087829Z	63	PC: 12c3e | Read file or device (See above)
2018-12-25T11:52:23.078466239Z	44	PC: 12c74 | Get time (See above)
2018-12-25T11:52:23.080885953Z	67	PC: 12c8e | Get or set file attributes (See above)
2018-12-25T11:52:23.098498493Z	62	PC: 12c92 | Close file (See above)
2018-12-25T11:52:23.100635457Z	61	PC: 12c97 | Open file (See above)
2018-12-25T11:52:23.106110558Z	64	PC: 12cab | Write file or device (See above)
2018-12-25T11:52:23.108053971Z	64	PC: 12cbe | Write file or device (See above)
2018-12-25T11:52:23.11043947Z	64	PC: 12cd3 | Write file or device (See above)
2018-12-25T11:52:23.112261133Z	66	PC: 12cdc | Move file pointer (See above)
2018-12-25T11:52:23.113529715Z	64	PC: 12a7f | Write file or device (See above)
2018-12-25T11:52:23.120218732Z	87	PC: 12cf6 | Get or set file date and time (See above)
2018-12-25T11:52:23.121769258Z	62	PC: 12cfa | Close file (See above)
2018-12-25T11:52:23.129996477Z	67	PC: 12d0d | Get or set file attributes (See above)
2018-12-25T11:52:23.141132446Z	42	PC: 12b5b | Get date 0x12b5b: cmp dx, 0x709 0x12b5f: je 0x12b64 0x12b61: jmp 0x12d7d 0x12b64: jmp 0x12d12 0x12b67: and ah, bh 0x12b69: movsw word ptr es:[di], word ptr [si] 0x12b6a: mov ax, 0x5c4c 0x12b6d: add word ptr [di], ax 0x12b6f: add byte ptr [di - 0x75], dl 0x12b72: in al, dx 0x12b73: sub sp, 0x2c 0x12b76: push si 0x12b77: jmp 0x12be8 0x12b79: mov ah, 0x1a 0x12b7b: lea dx, word ptr [bp - 0x2c] 0x12b7e: int 0x21 0x12b80: mov ah, 0x4e 0x12b82: mov cx, 0x10 0x12b85: mov dx, 0x1a5 0x12b88: add dx, word ptr [0x106]
2018-12-25T11:52:23.143998579Z	59	PC: 12d88 | Change current directory
2018-12-25T11:52:23.148080825Z	59	PC: 12d90 | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":4599,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:52:23.046303147Z	71	PC: 12b32 | Get current directory
2018-12-25T11:52:23.049454335Z	59	PC: 12b3e | Change current directory
2018-12-25T11:52:23.052371309Z	26	PC: 12bf3 | Set disk transfer address
2018-12-25T11:52:23.053663459Z	78	PC: 12c01 | Find first file
2018-12-25T11:52:23.058994124Z	61	PC: 12c2c | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:52:23.067118037Z	63	PC: 12c3e | Read file or device (Read 8 bytes on handle 5)
2018-12-25T11:52:23.074658259Z	44	PC: 12c74 | Get time 0x12c74: add dl, dh 0x12c76: je 0x12c70 0x12c78: mov si, 0x115 0x12c7b: add si, word ptr [0x106] 0x12c7f: mov byte ptr [si], dl 0x12c81: mov ax, 0x4301 0x12c84: xor cx, cx 0x12c86: mov dx, si 0x12c88: add dx, 0xb7 0x12c8c: int 0x21 0x12c8e: mov ah, 0x3e 0x12c90: int 0x21 0x12c92: mov ax, 0x3d02 0x12c95: int 0x21 0x12c97: jb 0x12c4d 0x12c99: mov di, dx 0x12c9b: add di, 0x62 0x12c9f: stosw word ptr es:[di], ax 0x12ca0: xchg ax, bx 0x12ca1: mov ah, 0x40
2018-12-25T11:52:23.077926647Z	67	PC: 12c8e | Get or set file attributes
2018-12-25T11:52:23.099242649Z	62	PC: 12c92 | Close file
2018-12-25T11:52:23.101234606Z	61	PC: 12c97 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:52:23.114542291Z	64	PC: 12cab | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:52:23.121776372Z	64	PC: 12cbe | Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:52:23.124615823Z	64	PC: 12cd3 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:52:23.127832896Z	66	PC: 12cdc | Move file pointer
2018-12-25T11:52:23.130868848Z	64	PC: 12a7f | Write file or device (Write 1133 bytes on handle 5)
2018-12-25T11:52:23.141118476Z	87	PC: 12cf6 | Get or set file date and time
2018-12-25T11:52:23.142650906Z	62	PC: 12cfa | Close file
2018-12-25T11:52:23.150119767Z	67	PC: 12d0d | Get or set file attributes
2018-12-25T11:52:23.156634263Z	79	PC: 12c14 | Find next file
2018-12-25T11:52:23.161218826Z	61	PC: 12c2c | Open file (See above)
2018-12-25T11:52:23.169256954Z	63	PC: 12c3e | Read file or device (See above)
2018-12-25T11:52:23.176872613Z	44	PC: 12c74 | Get time (See above)
2018-12-25T11:52:23.179288276Z	67	PC: 12c8e | Get or set file attributes (See above)
2018-12-25T11:52:23.192800592Z	62	PC: 12c92 | Close file (See above)
2018-12-25T11:52:23.194913868Z	61	PC: 12c97 | Open file (See above)
2018-12-25T11:52:23.202430548Z	64	PC: 12cab | Write file or device (See above)
2018-12-25T11:52:23.206201619Z	64	PC: 12cbe | Write file or device (See above)
2018-12-25T11:52:23.209526074Z	64	PC: 12cd3 | Write file or device (See above)
2018-12-25T11:52:23.219586627Z	66	PC: 12cdc | Move file pointer (See above)
2018-12-25T11:52:23.222667698Z	64	PC: 12a7f | Write file or device (See above)
2018-12-25T11:52:23.232658407Z	87	PC: 12cf6 | Get or set file date and time (See above)
2018-12-25T11:52:23.234284333Z	62	PC: 12cfa | Close file (See above)
2018-12-25T11:52:23.243664172Z	67	PC: 12d0d | Get or set file attributes (See above)
2018-12-25T11:52:23.252236777Z	79	PC: 12c14 | Find next file (See above)
2018-12-25T11:52:23.255327264Z	61	PC: 12c2c | Open file (See above)
2018-12-25T11:52:23.262824202Z	63	PC: 12c3e | Read file or device (See above)
2018-12-25T11:52:23.271176539Z	44	PC: 12c74 | Get time (See above)
2018-12-25T11:52:23.273959237Z	67	PC: 12c8e | Get or set file attributes (See above)
2018-12-25T11:52:23.285116913Z	62	PC: 12c92 | Close file (See above)
2018-12-25T11:52:23.288250294Z	61	PC: 12c97 | Open file (See above)
2018-12-25T11:52:23.295788627Z	64	PC: 12cab | Write file or device (See above)
2018-12-25T11:52:23.299203408Z	64	PC: 12cbe | Write file or device (See above)
2018-12-25T11:52:23.303179677Z	64	PC: 12cd3 | Write file or device (See above)
2018-12-25T11:52:23.307234168Z	66	PC: 12cdc | Move file pointer (See above)
2018-12-25T11:52:23.309175056Z	64	PC: 12a7f | Write file or device (See above)
2018-12-25T11:52:23.320500473Z	87	PC: 12cf6 | Get or set file date and time (See above)
2018-12-25T11:52:23.322198882Z	62	PC: 12cfa | Close file (See above)
2018-12-25T11:52:23.330638969Z	67	PC: 12d0d | Get or set file attributes (See above)
2018-12-25T11:52:23.34223744Z	42	PC: 12b5b | Get date 0x12b5b: cmp dx, 0x709 0x12b5f: je 0x12b64 0x12b61: jmp 0x12d7d 0x12b64: jmp 0x12d12 0x12b67: and ah, bh 0x12b69: movsw word ptr es:[di], word ptr [si] 0x12b6a: mov ax, 0x5c4c 0x12b6d: add word ptr [di], ax 0x12b6f: add byte ptr [di - 0x75], dl 0x12b72: in al, dx 0x12b73: sub sp, 0x2c 0x12b76: push si 0x12b77: jmp 0x12be8 0x12b79: mov ah, 0x1a 0x12b7b: lea dx, word ptr [bp - 0x2c] 0x12b7e: int 0x21 0x12b80: mov ah, 0x4e 0x12b82: mov cx, 0x10 0x12b85: mov dx, 0x1a5 0x12b88: add dx, word ptr [0x106]
2018-12-25T11:52:23.345685538Z	59	PC: 12d88 | Change current directory
2018-12-25T11:52:23.351173439Z	59	PC: 12d90 | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":4599,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:52:23.10189922Z	71	PC: 12b32 | Get current directory
2018-12-25T11:52:23.105467447Z	59	PC: 12b3e | Change current directory
2018-12-25T11:52:23.110717436Z	26	PC: 12bf3 | Set disk transfer address
2018-12-25T11:52:23.111676985Z	78	PC: 12c01 | Find first file
2018-12-25T11:52:23.118214149Z	61	PC: 12c2c | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:52:23.12602106Z	63	PC: 12c3e | Read file or device (Read 8 bytes on handle 5)
2018-12-25T11:52:23.13365449Z	44	PC: 12c74 | Get time 0x12c74: add dl, dh 0x12c76: je 0x12c70 0x12c78: mov si, 0x115 0x12c7b: add si, word ptr [0x106] 0x12c7f: mov byte ptr [si], dl 0x12c81: mov ax, 0x4301 0x12c84: xor cx, cx 0x12c86: mov dx, si 0x12c88: add dx, 0xb7 0x12c8c: int 0x21 0x12c8e: mov ah, 0x3e 0x12c90: int 0x21 0x12c92: mov ax, 0x3d02 0x12c95: int 0x21 0x12c97: jb 0x12c4d 0x12c99: mov di, dx 0x12c9b: add di, 0x62 0x12c9f: stosw word ptr es:[di], ax 0x12ca0: xchg ax, bx 0x12ca1: mov ah, 0x40
2018-12-25T11:52:23.136503218Z	67	PC: 12c8e | Get or set file attributes
2018-12-25T11:52:23.158197247Z	62	PC: 12c92 | Close file
2018-12-25T11:52:23.161232698Z	61	PC: 12c97 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:52:23.169960797Z	64	PC: 12cab | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:52:23.188979722Z	64	PC: 12cbe | Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:52:23.191984871Z	64	PC: 12cd3 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:52:23.195247738Z	66	PC: 12cdc | Move file pointer
2018-12-25T11:52:23.198249787Z	64	PC: 12a7f | Write file or device (Write 1133 bytes on handle 5)
2018-12-25T11:52:23.208688653Z	87	PC: 12cf6 | Get or set file date and time
2018-12-25T11:52:23.21040317Z	62	PC: 12cfa | Close file
2018-12-25T11:52:23.220586173Z	67	PC: 12d0d | Get or set file attributes
2018-12-25T11:52:23.232276701Z	79	PC: 12c14 | Find next file
2018-12-25T11:52:23.235252877Z	61	PC: 12c2c | Open file (See above)
2018-12-25T11:52:23.242499898Z	63	PC: 12c3e | Read file or device (See above)
2018-12-25T11:52:23.249983297Z	44	PC: 12c74 | Get time (See above)
2018-12-25T11:52:23.258006706Z	67	PC: 12c8e | Get or set file attributes (See above)
2018-12-25T11:52:23.269019392Z	62	PC: 12c92 | Close file (See above)
2018-12-25T11:52:23.272180368Z	61	PC: 12c97 | Open file (See above)
2018-12-25T11:52:23.279877075Z	64	PC: 12cab | Write file or device (See above)
2018-12-25T11:52:23.283359523Z	64	PC: 12cbe | Write file or device (See above)
2018-12-25T11:52:23.2886353Z	64	PC: 12cd3 | Write file or device (See above)
2018-12-25T11:52:23.291410134Z	66	PC: 12cdc | Move file pointer (See above)
2018-12-25T11:52:23.293017757Z	64	PC: 12a7f | Write file or device (See above)
2018-12-25T11:52:23.299316008Z	87	PC: 12cf6 | Get or set file date and time (See above)
2018-12-25T11:52:23.300556572Z	62	PC: 12cfa | Close file (See above)
2018-12-25T11:52:23.306227411Z	67	PC: 12d0d | Get or set file attributes (See above)
2018-12-25T11:52:23.317251599Z	79	PC: 12c14 | Find next file (See above)
2018-12-25T11:52:23.319163007Z	61	PC: 12c2c | Open file (See above)
2018-12-25T11:52:23.323552778Z	63	PC: 12c3e | Read file or device (See above)
2018-12-25T11:52:23.327860855Z	44	PC: 12c74 | Get time (See above)
2018-12-25T11:52:23.329832333Z	67	PC: 12c8e | Get or set file attributes (See above)
2018-12-25T11:52:23.336437955Z	62	PC: 12c92 | Close file (See above)
2018-12-25T11:52:23.338337737Z	61	PC: 12c97 | Open file (See above)
2018-12-25T11:52:23.352016964Z	64	PC: 12cab | Write file or device (See above)
2018-12-25T11:52:23.35952439Z	64	PC: 12cbe | Write file or device (See above)
2018-12-25T11:52:23.362724811Z	64	PC: 12cd3 | Write file or device (See above)
2018-12-25T11:52:23.366921409Z	66	PC: 12cdc | Move file pointer (See above)
2018-12-25T11:52:23.369463215Z	64	PC: 12a7f | Write file or device (See above)
2018-12-25T11:52:23.380059702Z	87	PC: 12cf6 | Get or set file date and time (See above)
2018-12-25T11:52:23.382673888Z	62	PC: 12cfa | Close file (See above)
2018-12-25T11:52:23.391596941Z	67	PC: 12d0d | Get or set file attributes (See above)
2018-12-25T11:52:23.402224578Z	42	PC: 12b5b | Get date 0x12b5b: cmp dx, 0x709 0x12b5f: je 0x12b64 0x12b61: jmp 0x12d7d 0x12b64: jmp 0x12d12 0x12b67: and ah, bh 0x12b69: movsw word ptr es:[di], word ptr [si] 0x12b6a: mov ax, 0x5c4c 0x12b6d: add word ptr [di], ax 0x12b6f: add byte ptr [di - 0x75], dl 0x12b72: in al, dx 0x12b73: sub sp, 0x2c 0x12b76: push si 0x12b77: jmp 0x12be8 0x12b79: mov ah, 0x1a 0x12b7b: lea dx, word ptr [bp - 0x2c] 0x12b7e: int 0x21 0x12b80: mov ah, 0x4e 0x12b82: mov cx, 0x10 0x12b85: mov dx, 0x1a5 0x12b88: add dx, word ptr [0x106]
2018-12-25T11:52:23.404534173Z	59	PC: 12d88 | Change current directory
2018-12-25T11:52:23.407686873Z	59	PC: 12d90 | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":4599,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:52:23.806545712Z	71	PC: 12b32 | Get current directory
2018-12-25T11:52:23.811089806Z	59	PC: 12b3e | Change current directory
2018-12-25T11:52:23.815530717Z	26	PC: 12bf3 | Set disk transfer address
2018-12-25T11:52:23.816682362Z	78	PC: 12c01 | Find first file
2018-12-25T11:52:23.824583017Z	61	PC: 12c2c | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:52:23.831924514Z	63	PC: 12c3e | Read file or device (Read 8 bytes on handle 5)
2018-12-25T11:52:23.83885965Z	44	PC: 12c74 | Get time 0x12c74: add dl, dh 0x12c76: je 0x12c70 0x12c78: mov si, 0x115 0x12c7b: add si, word ptr [0x106] 0x12c7f: mov byte ptr [si], dl 0x12c81: mov ax, 0x4301 0x12c84: xor cx, cx 0x12c86: mov dx, si 0x12c88: add dx, 0xb7 0x12c8c: int 0x21 0x12c8e: mov ah, 0x3e 0x12c90: int 0x21 0x12c92: mov ax, 0x3d02 0x12c95: int 0x21 0x12c97: jb 0x12c4d 0x12c99: mov di, dx 0x12c9b: add di, 0x62 0x12c9f: stosw word ptr es:[di], ax 0x12ca0: xchg ax, bx 0x12ca1: mov ah, 0x40
2018-12-25T11:52:23.841096195Z	67	PC: 12c8e | Get or set file attributes
2018-12-25T11:52:23.861913548Z	62	PC: 12c92 | Close file
2018-12-25T11:52:23.864147477Z	61	PC: 12c97 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:52:23.871303224Z	64	PC: 12cab | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:52:23.888896965Z	64	PC: 12cbe | Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:52:23.892697771Z	64	PC: 12cd3 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:52:23.896409846Z	66	PC: 12cdc | Move file pointer
2018-12-25T11:52:23.899426853Z	64	PC: 12a7f | Write file or device (Write 1133 bytes on handle 5)
2018-12-25T11:52:23.911235808Z	87	PC: 12cf6 | Get or set file date and time
2018-12-25T11:52:23.912667143Z	62	PC: 12cfa | Close file
2018-12-25T11:52:23.92015593Z	67	PC: 12d0d | Get or set file attributes
2018-12-25T11:52:23.92672731Z	79	PC: 12c14 | Find next file
2018-12-25T11:52:23.928556783Z	61	PC: 12c2c | Open file (See above)
2018-12-25T11:52:23.933499002Z	63	PC: 12c3e | Read file or device (See above)
2018-12-25T11:52:23.938239121Z	44	PC: 12c74 | Get time (See above)
2018-12-25T11:52:23.93987474Z	67	PC: 12c8e | Get or set file attributes (See above)
2018-12-25T11:52:23.946554004Z	62	PC: 12c92 | Close file (See above)
2018-12-25T11:52:23.947974006Z	61	PC: 12c97 | Open file (See above)
2018-12-25T11:52:23.952184722Z	64	PC: 12cab | Write file or device (See above)
2018-12-25T11:52:23.954023167Z	64	PC: 12cbe | Write file or device (See above)
2018-12-25T11:52:23.956487073Z	64	PC: 12cd3 | Write file or device (See above)
2018-12-25T11:52:23.958594181Z	66	PC: 12cdc | Move file pointer (See above)
2018-12-25T11:52:23.960100427Z	64	PC: 12a7f | Write file or device (See above)
2018-12-25T11:52:23.966596518Z	87	PC: 12cf6 | Get or set file date and time (See above)
2018-12-25T11:52:23.967752002Z	62	PC: 12cfa | Close file (See above)
2018-12-25T11:52:23.972961414Z	67	PC: 12d0d | Get or set file attributes (See above)
2018-12-25T11:52:23.981454978Z	79	PC: 12c14 | Find next file (See above)
2018-12-25T11:52:23.983957503Z	61	PC: 12c2c | Open file (See above)
2018-12-25T11:52:23.99688054Z	63	PC: 12c3e | Read file or device (See above)
2018-12-25T11:52:24.005278158Z	44	PC: 12c74 | Get time (See above)
2018-12-25T11:52:24.00796969Z	67	PC: 12c8e | Get or set file attributes (See above)
2018-12-25T11:52:24.015412899Z	62	PC: 12c92 | Close file (See above)
2018-12-25T11:52:24.017237416Z	61	PC: 12c97 | Open file (See above)
2018-12-25T11:52:24.021687255Z	64	PC: 12cab | Write file or device (See above)
2018-12-25T11:52:24.023615397Z	64	PC: 12cbe | Write file or device (See above)
2018-12-25T11:52:24.025898961Z	64	PC: 12cd3 | Write file or device (See above)
2018-12-25T11:52:24.028781214Z	66	PC: 12cdc | Move file pointer (See above)
2018-12-25T11:52:24.030084124Z	64	PC: 12a7f | Write file or device (See above)
2018-12-25T11:52:24.036268643Z	87	PC: 12cf6 | Get or set file date and time (See above)
2018-12-25T11:52:24.040827332Z	62	PC: 12cfa | Close file (See above)
2018-12-25T11:52:24.050641739Z	67	PC: 12d0d | Get or set file attributes (See above)
2018-12-25T11:52:24.060702469Z	42	PC: 12b5b | Get date 0x12b5b: cmp dx, 0x709 0x12b5f: je 0x12b64 0x12b61: jmp 0x12d7d 0x12b64: jmp 0x12d12 0x12b67: and ah, bh 0x12b69: movsw word ptr es:[di], word ptr [si] 0x12b6a: mov ax, 0x5c4c 0x12b6d: add word ptr [di], ax 0x12b6f: add byte ptr [di - 0x75], dl 0x12b72: in al, dx 0x12b73: sub sp, 0x2c 0x12b76: push si 0x12b77: jmp 0x12be8 0x12b79: mov ah, 0x1a 0x12b7b: lea dx, word ptr [bp - 0x2c] 0x12b7e: int 0x21 0x12b80: mov ah, 0x4e 0x12b82: mov cx, 0x10 0x12b85: mov dx, 0x1a5 0x12b88: add dx, word ptr [0x106]
2018-12-25T11:52:24.06353799Z	59	PC: 12d88 | Change current directory
2018-12-25T11:52:24.070818507Z	59	PC: 12d90 | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":4599,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:52:24.017987367Z	71	PC: 12b32 | Get current directory
2018-12-25T11:52:24.021443318Z	59	PC: 12b3e | Change current directory
2018-12-25T11:52:24.025488516Z	26	PC: 12bf3 | Set disk transfer address
2018-12-25T11:52:24.026577678Z	78	PC: 12c01 | Find first file
2018-12-25T11:52:24.038131068Z	61	PC: 12c2c | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:52:24.049569099Z	63	PC: 12c3e | Read file or device (Read 8 bytes on handle 5)
2018-12-25T11:52:24.055796064Z	44	PC: 12c74 | Get time 0x12c74: add dl, dh 0x12c76: je 0x12c70 0x12c78: mov si, 0x115 0x12c7b: add si, word ptr [0x106] 0x12c7f: mov byte ptr [si], dl 0x12c81: mov ax, 0x4301 0x12c84: xor cx, cx 0x12c86: mov dx, si 0x12c88: add dx, 0xb7 0x12c8c: int 0x21 0x12c8e: mov ah, 0x3e 0x12c90: int 0x21 0x12c92: mov ax, 0x3d02 0x12c95: int 0x21 0x12c97: jb 0x12c4d 0x12c99: mov di, dx 0x12c9b: add di, 0x62 0x12c9f: stosw word ptr es:[di], ax 0x12ca0: xchg ax, bx 0x12ca1: mov ah, 0x40
2018-12-25T11:52:24.058726657Z	67	PC: 12c8e | Get or set file attributes
2018-12-25T11:52:24.074579336Z	62	PC: 12c92 | Close file
2018-12-25T11:52:24.07652787Z	61	PC: 12c97 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:52:24.083199065Z	64	PC: 12cab | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:52:24.086557393Z	64	PC: 12cbe | Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:52:24.089277298Z	64	PC: 12cd3 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:52:24.091674898Z	66	PC: 12cdc | Move file pointer
2018-12-25T11:52:24.095198626Z	64	PC: 12a7f | Write file or device (Write 1133 bytes on handle 5)
2018-12-25T11:52:24.104142552Z	87	PC: 12cf6 | Get or set file date and time
2018-12-25T11:52:24.10563109Z	62	PC: 12cfa | Close file
2018-12-25T11:52:24.113726958Z	67	PC: 12d0d | Get or set file attributes
2018-12-25T11:52:24.123797148Z	79	PC: 12c14 | Find next file
2018-12-25T11:52:24.126197926Z	61	PC: 12c2c | Open file (See above)
2018-12-25T11:52:24.133071723Z	63	PC: 12c3e | Read file or device (See above)
2018-12-25T11:52:24.139238067Z	44	PC: 12c74 | Get time (See above)
2018-12-25T11:52:24.141245041Z	67	PC: 12c8e | Get or set file attributes (See above)
2018-12-25T11:52:24.151437223Z	62	PC: 12c92 | Close file (See above)
2018-12-25T11:52:24.153387131Z	61	PC: 12c97 | Open file (See above)
2018-12-25T11:52:24.159802847Z	64	PC: 12cab | Write file or device (See above)
2018-12-25T11:52:24.163270946Z	64	PC: 12cbe | Write file or device (See above)
2018-12-25T11:52:24.166262758Z	64	PC: 12cd3 | Write file or device (See above)
2018-12-25T11:52:24.168767524Z	66	PC: 12cdc | Move file pointer (See above)
2018-12-25T11:52:24.170986904Z	64	PC: 12a7f | Write file or device (See above)
2018-12-25T11:52:24.180151918Z	87	PC: 12cf6 | Get or set file date and time (See above)
2018-12-25T11:52:24.181739762Z	62	PC: 12cfa | Close file (See above)
2018-12-25T11:52:24.191622081Z	67	PC: 12d0d | Get or set file attributes (See above)
2018-12-25T11:52:24.203616351Z	79	PC: 12c14 | Find next file (See above)
2018-12-25T11:52:24.207067464Z	61	PC: 12c2c | Open file (See above)
2018-12-25T11:52:24.213594255Z	63	PC: 12c3e | Read file or device (See above)
2018-12-25T11:52:24.220042568Z	44	PC: 12c74 | Get time (See above)
2018-12-25T11:52:24.222160979Z	67	PC: 12c8e | Get or set file attributes (See above)
2018-12-25T11:52:24.231855571Z	62	PC: 12c92 | Close file (See above)
2018-12-25T11:52:24.234400291Z	61	PC: 12c97 | Open file (See above)
2018-12-25T11:52:24.240935697Z	64	PC: 12cab | Write file or device (See above)
2018-12-25T11:52:24.243519218Z	64	PC: 12cbe | Write file or device (See above)
2018-12-25T11:52:24.24747607Z	64	PC: 12cd3 | Write file or device (See above)
2018-12-25T11:52:24.250054665Z	66	PC: 12cdc | Move file pointer (See above)
2018-12-25T11:52:24.251817049Z	64	PC: 12a7f | Write file or device (See above)
2018-12-25T11:52:24.265526545Z	87	PC: 12cf6 | Get or set file date and time (See above)
2018-12-25T11:52:24.267033766Z	62	PC: 12cfa | Close file (See above)
2018-12-25T11:52:24.274628854Z	67	PC: 12d0d | Get or set file attributes (See above)
2018-12-25T11:52:24.284878889Z	42	PC: 12b5b | Get date 0x12b5b: cmp dx, 0x709 0x12b5f: je 0x12b64 0x12b61: jmp 0x12d7d 0x12b64: jmp 0x12d12 0x12b67: and ah, bh 0x12b69: movsw word ptr es:[di], word ptr [si] 0x12b6a: mov ax, 0x5c4c 0x12b6d: add word ptr [di], ax 0x12b6f: add byte ptr [di - 0x75], dl 0x12b72: in al, dx 0x12b73: sub sp, 0x2c 0x12b76: push si 0x12b77: jmp 0x12be8 0x12b79: mov ah, 0x1a 0x12b7b: lea dx, word ptr [bp - 0x2c] 0x12b7e: int 0x21 0x12b80: mov ah, 0x4e 0x12b82: mov cx, 0x10 0x12b85: mov dx, 0x1a5 0x12b88: add dx, word ptr [0x106]
2018-12-25T11:52:24.287161079Z	59	PC: 12d88 | Change current directory
2018-12-25T11:52:24.291243647Z	59	PC: 12d90 | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":4599,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:52:24.816861826Z	71	PC: 12b32 | Get current directory
2018-12-25T11:52:24.819896596Z	59	PC: 12b3e | Change current directory
2018-12-25T11:52:24.823676446Z	26	PC: 12bf3 | Set disk transfer address
2018-12-25T11:52:24.830803181Z	78	PC: 12c01 | Find first file
2018-12-25T11:52:24.849213946Z	61	PC: 12c2c | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:52:24.856154856Z	63	PC: 12c3e | Read file or device (Read 8 bytes on handle 5)
2018-12-25T11:52:24.862705859Z	44	PC: 12c74 | Get time 0x12c74: add dl, dh 0x12c76: je 0x12c70 0x12c78: mov si, 0x115 0x12c7b: add si, word ptr [0x106] 0x12c7f: mov byte ptr [si], dl 0x12c81: mov ax, 0x4301 0x12c84: xor cx, cx 0x12c86: mov dx, si 0x12c88: add dx, 0xb7 0x12c8c: int 0x21 0x12c8e: mov ah, 0x3e 0x12c90: int 0x21 0x12c92: mov ax, 0x3d02 0x12c95: int 0x21 0x12c97: jb 0x12c4d 0x12c99: mov di, dx 0x12c9b: add di, 0x62 0x12c9f: stosw word ptr es:[di], ax 0x12ca0: xchg ax, bx 0x12ca1: mov ah, 0x40
2018-12-25T11:52:24.865156932Z	67	PC: 12c8e | Get or set file attributes
2018-12-25T11:52:24.880084591Z	62	PC: 12c92 | Close file
2018-12-25T11:52:24.8817658Z	61	PC: 12c97 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:52:24.892581753Z	64	PC: 12cab | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:52:24.895334474Z	64	PC: 12cbe | Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:52:24.8977604Z	64	PC: 12cd3 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:52:24.900669305Z	66	PC: 12cdc | Move file pointer
2018-12-25T11:52:24.90337391Z	64	PC: 12a7f | Write file or device (Write 1133 bytes on handle 5)
2018-12-25T11:52:24.913089294Z	87	PC: 12cf6 | Get or set file date and time
2018-12-25T11:52:24.9154354Z	62	PC: 12cfa | Close file
2018-12-25T11:52:24.928623867Z	67	PC: 12d0d | Get or set file attributes
2018-12-25T11:52:24.938503869Z	79	PC: 12c14 | Find next file
2018-12-25T11:52:24.941259326Z	61	PC: 12c2c | Open file (See above)
2018-12-25T11:52:24.949057513Z	63	PC: 12c3e | Read file or device (See above)
2018-12-25T11:52:24.955416112Z	44	PC: 12c74 | Get time (See above)
2018-12-25T11:52:24.957480487Z	67	PC: 12c8e | Get or set file attributes (See above)
2018-12-25T11:52:24.968555819Z	62	PC: 12c92 | Close file (See above)
2018-12-25T11:52:24.982890046Z	61	PC: 12c97 | Open file (See above)
2018-12-25T11:52:24.991114196Z	64	PC: 12cab | Write file or device (See above)
2018-12-25T11:52:24.999871018Z	64	PC: 12cbe | Write file or device (See above)
2018-12-25T11:52:25.002640823Z	64	PC: 12cd3 | Write file or device (See above)
2018-12-25T11:52:25.005058384Z	66	PC: 12cdc | Move file pointer (See above)
2018-12-25T11:52:25.008014032Z	64	PC: 12a7f | Write file or device (See above)
2018-12-25T11:52:25.093777496Z	87	PC: 12cf6 | Get or set file date and time (See above)
2018-12-25T11:52:25.09515912Z	62	PC: 12cfa | Close file (See above)
2018-12-25T11:52:25.151094628Z	67	PC: 12d0d | Get or set file attributes (See above)
2018-12-25T11:52:25.244677823Z	79	PC: 12c14 | Find next file (See above)
2018-12-25T11:52:25.247214193Z	61	PC: 12c2c | Open file (See above)
2018-12-25T11:52:25.254177066Z	63	PC: 12c3e | Read file or device (See above)
2018-12-25T11:52:25.26110067Z	44	PC: 12c74 | Get time (See above)
2018-12-25T11:52:25.263495971Z	67	PC: 12c8e | Get or set file attributes (See above)
2018-12-25T11:52:25.361585611Z	62	PC: 12c92 | Close file (See above)
2018-12-25T11:52:25.36436188Z	61	PC: 12c97 | Open file (See above)
2018-12-25T11:52:25.371169284Z	64	PC: 12cab | Write file or device (See above)
2018-12-25T11:52:25.37403648Z	64	PC: 12cbe | Write file or device (See above)
2018-12-25T11:52:25.377149972Z	64	PC: 12cd3 | Write file or device (See above)
2018-12-25T11:52:25.379542541Z	66	PC: 12cdc | Move file pointer (See above)
2018-12-25T11:52:25.38160053Z	64	PC: 12a7f | Write file or device (See above)
2018-12-25T11:52:25.557293207Z	87	PC: 12cf6 | Get or set file date and time (See above)
2018-12-25T11:52:25.558351029Z	62	PC: 12cfa | Close file (See above)
2018-12-25T11:52:25.572890397Z	67	PC: 12d0d | Get or set file attributes (See above)
2018-12-25T11:52:25.611911007Z	42	PC: 12b5b | Get date 0x12b5b: cmp dx, 0x709 0x12b5f: je 0x12b64 0x12b61: jmp 0x12d7d 0x12b64: jmp 0x12d12 0x12b67: and ah, bh 0x12b69: movsw word ptr es:[di], word ptr [si] 0x12b6a: mov ax, 0x5c4c 0x12b6d: add word ptr [di], ax 0x12b6f: add byte ptr [di - 0x75], dl 0x12b72: in al, dx 0x12b73: sub sp, 0x2c 0x12b76: push si 0x12b77: jmp 0x12be8 0x12b79: mov ah, 0x1a 0x12b7b: lea dx, word ptr [bp - 0x2c] 0x12b7e: int 0x21 0x12b80: mov ah, 0x4e 0x12b82: mov cx, 0x10 0x12b85: mov dx, 0x1a5 0x12b88: add dx, word ptr [0x106]
2018-12-25T11:52:25.613943229Z	59	PC: 12d88 | Change current directory
2018-12-25T11:52:25.622558568Z	59	PC: 12d90 | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":4599,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:52:26.091499218Z	71	PC: 12b32 | Get current directory
2018-12-25T11:52:26.094846762Z	59	PC: 12b3e | Change current directory
2018-12-25T11:52:26.099258106Z	26	PC: 12bf3 | Set disk transfer address
2018-12-25T11:52:26.100355876Z	78	PC: 12c01 | Find first file
2018-12-25T11:52:26.112536812Z	61	PC: 12c2c | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:52:26.126482147Z	63	PC: 12c3e | Read file or device (Read 8 bytes on handle 5)
2018-12-25T11:52:26.133408024Z	44	PC: 12c74 | Get time 0x12c74: add dl, dh 0x12c76: je 0x12c70 0x12c78: mov si, 0x115 0x12c7b: add si, word ptr [0x106] 0x12c7f: mov byte ptr [si], dl 0x12c81: mov ax, 0x4301 0x12c84: xor cx, cx 0x12c86: mov dx, si 0x12c88: add dx, 0xb7 0x12c8c: int 0x21 0x12c8e: mov ah, 0x3e 0x12c90: int 0x21 0x12c92: mov ax, 0x3d02 0x12c95: int 0x21 0x12c97: jb 0x12c4d 0x12c99: mov di, dx 0x12c9b: add di, 0x62 0x12c9f: stosw word ptr es:[di], ax 0x12ca0: xchg ax, bx 0x12ca1: mov ah, 0x40
2018-12-25T11:52:26.13570738Z	67	PC: 12c8e | Get or set file attributes
2018-12-25T11:52:27.060749273Z	62	PC: 12c92 | Close file
2018-12-25T11:52:27.062944517Z	61	PC: 12c97 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:52:27.070447226Z	64	PC: 12cab | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:52:27.075700813Z	64	PC: 12cbe | Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:52:27.07862295Z	64	PC: 12cd3 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:52:27.081367421Z	66	PC: 12cdc | Move file pointer
2018-12-25T11:52:27.084049878Z	64	PC: 12a7f | Write file or device (Write 1133 bytes on handle 5)
2018-12-25T11:52:27.657157005Z	87	PC: 12cf6 | Get or set file date and time
2018-12-25T11:52:27.659012993Z	62	PC: 12cfa | Close file
2018-12-25T11:52:27.727697901Z	67	PC: 12d0d | Get or set file attributes
2018-12-25T11:52:27.78274709Z	79	PC: 12c14 | Find next file
2018-12-25T11:52:27.785810357Z	61	PC: 12c2c | Open file (See above)
2018-12-25T11:52:27.793451646Z	63	PC: 12c3e | Read file or device (See above)
2018-12-25T11:52:27.80115518Z	44	PC: 12c74 | Get time (See above)
2018-12-25T11:52:27.803463407Z	67	PC: 12c8e | Get or set file attributes (See above)
2018-12-25T11:52:27.82436404Z	62	PC: 12c92 | Close file (See above)
2018-12-25T11:52:27.82662627Z	61	PC: 12c97 | Open file (See above)
2018-12-25T11:52:27.833965373Z	64	PC: 12cab | Write file or device (See above)
2018-12-25T11:52:27.837003642Z	64	PC: 12cbe | Write file or device (See above)
2018-12-25T11:52:27.839938089Z	64	PC: 12cd3 | Write file or device (See above)
2018-12-25T11:52:27.842859595Z	66	PC: 12cdc | Move file pointer (See above)
2018-12-25T11:52:27.844900368Z	64	PC: 12a7f | Write file or device (See above)
2018-12-25T11:52:28.318802945Z	87	PC: 12cf6 | Get or set file date and time (See above)
2018-12-25T11:52:28.320426577Z	62	PC: 12cfa | Close file (See above)
2018-12-25T11:52:28.338965774Z	67	PC: 12d0d | Get or set file attributes (See above)
2018-12-25T11:52:28.36097981Z	79	PC: 12c14 | Find next file (See above)
2018-12-25T11:52:28.363880379Z	61	PC: 12c2c | Open file (See above)
2018-12-25T11:52:28.371767583Z	63	PC: 12c3e | Read file or device (See above)
2018-12-25T11:52:28.379962946Z	44	PC: 12c74 | Get time (See above)
2018-12-25T11:52:28.382291638Z	67	PC: 12c8e | Get or set file attributes (See above)
2018-12-25T11:52:28.401490236Z	62	PC: 12c92 | Close file (See above)
2018-12-25T11:52:28.404000106Z	61	PC: 12c97 | Open file (See above)
2018-12-25T11:52:28.411474483Z	64	PC: 12cab | Write file or device (See above)
2018-12-25T11:52:28.414588454Z	64	PC: 12cbe | Write file or device (See above)
2018-12-25T11:52:28.418545326Z	64	PC: 12cd3 | Write file or device (See above)
2018-12-25T11:52:28.421345609Z	66	PC: 12cdc | Move file pointer (See above)
2018-12-25T11:52:28.423326956Z	64	PC: 12a7f | Write file or device (See above)
2018-12-25T11:52:28.904189684Z	87	PC: 12cf6 | Get or set file date and time (See above)
2018-12-25T11:52:28.906416435Z	62	PC: 12cfa | Close file (See above)
2018-12-25T11:52:29.016780207Z	67	PC: 12d0d | Get or set file attributes (See above)
2018-12-25T11:52:29.155802072Z	42	PC: 12b5b | Get date 0x12b5b: cmp dx, 0x709 0x12b5f: je 0x12b64 0x12b61: jmp 0x12d7d 0x12b64: jmp 0x12d12 0x12b67: and ah, bh 0x12b69: movsw word ptr es:[di], word ptr [si] 0x12b6a: mov ax, 0x5c4c 0x12b6d: add word ptr [di], ax 0x12b6f: add byte ptr [di - 0x75], dl 0x12b72: in al, dx 0x12b73: sub sp, 0x2c 0x12b76: push si 0x12b77: jmp 0x12be8 0x12b79: mov ah, 0x1a 0x12b7b: lea dx, word ptr [bp - 0x2c] 0x12b7e: int 0x21 0x12b80: mov ah, 0x4e 0x12b82: mov cx, 0x10 0x12b85: mov dx, 0x1a5 0x12b88: add dx, word ptr [0x106]
2018-12-25T11:52:29.158583789Z	59	PC: 12d88 | Change current directory
2018-12-25T11:52:29.163014595Z	59	PC: 12d90 | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":4599,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:52:26.116257949Z	71	PC: 12b32 | Get current directory
2018-12-25T11:52:26.119952528Z	59	PC: 12b3e | Change current directory
2018-12-25T11:52:26.123835358Z	26	PC: 12bf3 | Set disk transfer address
2018-12-25T11:52:26.124868141Z	78	PC: 12c01 | Find first file
2018-12-25T11:52:26.136180859Z	61	PC: 12c2c | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:52:26.14803773Z	63	PC: 12c3e | Read file or device (Read 8 bytes on handle 5)
2018-12-25T11:52:26.154318098Z	44	PC: 12c74 | Get time 0x12c74: add dl, dh 0x12c76: je 0x12c70 0x12c78: mov si, 0x115 0x12c7b: add si, word ptr [0x106] 0x12c7f: mov byte ptr [si], dl 0x12c81: mov ax, 0x4301 0x12c84: xor cx, cx 0x12c86: mov dx, si 0x12c88: add dx, 0xb7 0x12c8c: int 0x21 0x12c8e: mov ah, 0x3e 0x12c90: int 0x21 0x12c92: mov ax, 0x3d02 0x12c95: int 0x21 0x12c97: jb 0x12c4d 0x12c99: mov di, dx 0x12c9b: add di, 0x62 0x12c9f: stosw word ptr es:[di], ax 0x12ca0: xchg ax, bx 0x12ca1: mov ah, 0x40
2018-12-25T11:52:26.156823374Z	67	PC: 12c8e | Get or set file attributes
2018-12-25T11:52:27.223999296Z	62	PC: 12c92 | Close file
2018-12-25T11:52:27.22606447Z	61	PC: 12c97 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:52:27.232573639Z	64	PC: 12cab | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:52:27.236274608Z	64	PC: 12cbe | Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:52:27.238834913Z	64	PC: 12cd3 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:52:27.241197855Z	66	PC: 12cdc | Move file pointer
2018-12-25T11:52:27.243424873Z	64	PC: 12a7f | Write file or device (Write 1133 bytes on handle 5)
2018-12-25T11:52:27.9806904Z	87	PC: 12cf6 | Get or set file date and time
2018-12-25T11:52:27.982084564Z	62	PC: 12cfa | Close file
2018-12-25T11:52:28.615527668Z	67	PC: 12d0d | Get or set file attributes
2018-12-25T11:52:28.625452716Z	79	PC: 12c14 | Find next file
2018-12-25T11:52:28.627855652Z	61	PC: 12c2c | Open file (See above)
2018-12-25T11:52:28.634302015Z	63	PC: 12c3e | Read file or device (See above)
2018-12-25T11:52:28.640475588Z	44	PC: 12c74 | Get time (See above)
2018-12-25T11:52:28.642469895Z	67	PC: 12c8e | Get or set file attributes (See above)
2018-12-25T11:52:28.687405247Z	62	PC: 12c92 | Close file (See above)
2018-12-25T11:52:28.691134498Z	61	PC: 12c97 | Open file (See above)
2018-12-25T11:52:28.697361283Z	64	PC: 12cab | Write file or device (See above)
2018-12-25T11:52:28.699871562Z	64	PC: 12cbe | Write file or device (See above)
2018-12-25T11:52:28.702675585Z	64	PC: 12cd3 | Write file or device (See above)
2018-12-25T11:52:28.70509759Z	66	PC: 12cdc | Move file pointer (See above)
2018-12-25T11:52:28.706812897Z	64	PC: 12a7f | Write file or device (See above)
2018-12-25T11:52:28.775250246Z	87	PC: 12cf6 | Get or set file date and time (See above)
2018-12-25T11:52:28.77742886Z	62	PC: 12cfa | Close file (See above)
2018-12-25T11:52:28.876977749Z	67	PC: 12d0d | Get or set file attributes (See above)
2018-12-25T11:52:28.913131288Z	79	PC: 12c14 | Find next file (See above)
2018-12-25T11:52:28.915666632Z	61	PC: 12c2c | Open file (See above)
2018-12-25T11:52:28.921882368Z	63	PC: 12c3e | Read file or device (See above)
2018-12-25T11:52:28.928519353Z	44	PC: 12c74 | Get time (See above)
2018-12-25T11:52:28.930473975Z	67	PC: 12c8e | Get or set file attributes (See above)
2018-12-25T11:52:28.974219505Z	62	PC: 12c92 | Close file (See above)
2018-12-25T11:52:28.976898687Z	61	PC: 12c97 | Open file (See above)
2018-12-25T11:52:28.983256943Z	64	PC: 12cab | Write file or device (See above)
2018-12-25T11:52:28.985881231Z	64	PC: 12cbe | Write file or device (See above)
2018-12-25T11:52:28.988928167Z	64	PC: 12cd3 | Write file or device (See above)
2018-12-25T11:52:28.991342983Z	66	PC: 12cdc | Move file pointer (See above)
2018-12-25T11:52:28.993688709Z	64	PC: 12a7f | Write file or device (See above)
2018-12-25T11:52:29.090579325Z	87	PC: 12cf6 | Get or set file date and time (See above)
2018-12-25T11:52:29.092188742Z	62	PC: 12cfa | Close file (See above)
2018-12-25T11:52:29.14188185Z	67	PC: 12d0d | Get or set file attributes (See above)
2018-12-25T11:52:29.157142621Z	42	PC: 12b5b | Get date 0x12b5b: cmp dx, 0x709 0x12b5f: je 0x12b64 0x12b61: jmp 0x12d7d 0x12b64: jmp 0x12d12 0x12b67: and ah, bh 0x12b69: movsw word ptr es:[di], word ptr [si] 0x12b6a: mov ax, 0x5c4c 0x12b6d: add word ptr [di], ax 0x12b6f: add byte ptr [di - 0x75], dl 0x12b72: in al, dx 0x12b73: sub sp, 0x2c 0x12b76: push si 0x12b77: jmp 0x12be8 0x12b79: mov ah, 0x1a 0x12b7b: lea dx, word ptr [bp - 0x2c] 0x12b7e: int 0x21 0x12b80: mov ah, 0x4e 0x12b82: mov cx, 0x10 0x12b85: mov dx, 0x1a5 0x12b88: add dx, word ptr [0x106]
2018-12-25T11:52:29.159254028Z	59	PC: 12d88 | Change current directory
2018-12-25T11:52:29.16287159Z	59	PC: 12d90 | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":4599,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:52:26.319179139Z	71	PC: 12b32 | Get current directory
2018-12-25T11:52:26.32284818Z	59	PC: 12b3e | Change current directory
2018-12-25T11:52:26.327226537Z	26	PC: 12bf3 | Set disk transfer address
2018-12-25T11:52:26.328301118Z	78	PC: 12c01 | Find first file
2018-12-25T11:52:26.33475366Z	61	PC: 12c2c | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:52:26.342181299Z	63	PC: 12c3e | Read file or device (Read 8 bytes on handle 5)
2018-12-25T11:52:26.348987792Z	44	PC: 12c74 | Get time 0x12c74: add dl, dh 0x12c76: je 0x12c70 0x12c78: mov si, 0x115 0x12c7b: add si, word ptr [0x106] 0x12c7f: mov byte ptr [si], dl 0x12c81: mov ax, 0x4301 0x12c84: xor cx, cx 0x12c86: mov dx, si 0x12c88: add dx, 0xb7 0x12c8c: int 0x21 0x12c8e: mov ah, 0x3e 0x12c90: int 0x21 0x12c92: mov ax, 0x3d02 0x12c95: int 0x21 0x12c97: jb 0x12c4d 0x12c99: mov di, dx 0x12c9b: add di, 0x62 0x12c9f: stosw word ptr es:[di], ax 0x12ca0: xchg ax, bx 0x12ca1: mov ah, 0x40
2018-12-25T11:52:26.351149381Z	67	PC: 12c8e | Get or set file attributes
2018-12-25T11:52:29.156267993Z	62	PC: 12c92 | Close file
2018-12-25T11:52:29.158369297Z	61	PC: 12c97 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:52:29.166255356Z	64	PC: 12cab | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:52:29.173955062Z	64	PC: 12cbe | Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:52:29.17722135Z	64	PC: 12cd3 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:52:29.180528655Z	66	PC: 12cdc | Move file pointer
2018-12-25T11:52:29.183597409Z	64	PC: 12a7f | Write file or device (Write 1133 bytes on handle 5)
2018-12-25T11:52:29.194201826Z	87	PC: 12cf6 | Get or set file date and time
2018-12-25T11:52:29.196016104Z	62	PC: 12cfa | Close file
2018-12-25T11:52:29.205108761Z	67	PC: 12d0d | Get or set file attributes
2018-12-25T11:52:29.215937736Z	79	PC: 12c14 | Find next file
2018-12-25T11:52:29.218979628Z	61	PC: 12c2c | Open file (See above)
2018-12-25T11:52:29.228012066Z	63	PC: 12c3e | Read file or device (See above)
2018-12-25T11:52:29.248727822Z	44	PC: 12c74 | Get time (See above)
2018-12-25T11:52:29.262389292Z	67	PC: 12c8e | Get or set file attributes (See above)
2018-12-25T11:52:29.287435069Z	62	PC: 12c92 | Close file (See above)
2018-12-25T11:52:29.28954118Z	61	PC: 12c97 | Open file (See above)
2018-12-25T11:52:29.304241491Z	64	PC: 12cab | Write file or device (See above)
2018-12-25T11:52:29.308240141Z	64	PC: 12cbe | Write file or device (See above)
2018-12-25T11:52:29.312336624Z	64	PC: 12cd3 | Write file or device (See above)
2018-12-25T11:52:29.315377553Z	66	PC: 12cdc | Move file pointer (See above)
2018-12-25T11:52:29.317759835Z	64	PC: 12a7f | Write file or device (See above)
2018-12-25T11:52:29.337171121Z	87	PC: 12cf6 | Get or set file date and time (See above)
2018-12-25T11:52:29.339068152Z	62	PC: 12cfa | Close file (See above)
2018-12-25T11:52:29.347831328Z	67	PC: 12d0d | Get or set file attributes (See above)
2018-12-25T11:52:29.360210306Z	79	PC: 12c14 | Find next file (See above)
2018-12-25T11:52:29.363547362Z	61	PC: 12c2c | Open file (See above)
2018-12-25T11:52:29.371856845Z	63	PC: 12c3e | Read file or device (See above)
2018-12-25T11:52:29.380476478Z	44	PC: 12c74 | Get time (See above)
2018-12-25T11:52:29.383008632Z	67	PC: 12c8e | Get or set file attributes (See above)
2018-12-25T11:52:29.395301775Z	62	PC: 12c92 | Close file (See above)
2018-12-25T11:52:29.398679045Z	61	PC: 12c97 | Open file (See above)
2018-12-25T11:52:29.407454723Z	64	PC: 12cab | Write file or device (See above)
2018-12-25T11:52:29.410534147Z	64	PC: 12cbe | Write file or device (See above)
2018-12-25T11:52:29.414326902Z	64	PC: 12cd3 | Write file or device (See above)
2018-12-25T11:52:29.418261587Z	66	PC: 12cdc | Move file pointer (See above)
2018-12-25T11:52:29.420687165Z	64	PC: 12a7f | Write file or device (See above)
2018-12-25T11:52:29.431114504Z	87	PC: 12cf6 | Get or set file date and time (See above)
2018-12-25T11:52:29.433353817Z	62	PC: 12cfa | Close file (See above)
2018-12-25T11:52:29.441788586Z	67	PC: 12d0d | Get or set file attributes (See above)
2018-12-25T11:52:29.452977908Z	42	PC: 12b5b | Get date 0x12b5b: cmp dx, 0x709 0x12b5f: je 0x12b64 0x12b61: jmp 0x12d7d 0x12b64: jmp 0x12d12 0x12b67: and ah, bh 0x12b69: movsw word ptr es:[di], word ptr [si] 0x12b6a: mov ax, 0x5c4c 0x12b6d: add word ptr [di], ax 0x12b6f: add byte ptr [di - 0x75], dl 0x12b72: in al, dx 0x12b73: sub sp, 0x2c 0x12b76: push si 0x12b77: jmp 0x12be8 0x12b79: mov ah, 0x1a 0x12b7b: lea dx, word ptr [bp - 0x2c] 0x12b7e: int 0x21 0x12b80: mov ah, 0x4e 0x12b82: mov cx, 0x10 0x12b85: mov dx, 0x1a5 0x12b88: add dx, word ptr [0x106]
2018-12-25T11:52:29.456262744Z	59	PC: 12d88 | Change current directory
2018-12-25T11:52:29.461069822Z	59	PC: 12d90 | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":4599,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T13:06:55.688624186Z	71	PC: 12b32 | Get current directory
2018-12-25T13:06:55.692319024Z	59	PC: 12b3e | Change current directory
2018-12-25T13:06:55.697575318Z	26	PC: 12bf3 | Set disk transfer address
2018-12-25T13:06:55.699321565Z	78	PC: 12c01 | Find first file
2018-12-25T13:06:55.706684167Z	61	PC: 12c2c | Open file (Filename = 'SLEEP.COM')
2018-12-25T13:06:55.718736626Z	63	PC: 12c3e | Read file or device (Read 8 bytes on handle 5)
2018-12-25T13:06:55.725864393Z	44	PC: 12c74 | Get time 0x12c74: add dl, dh 0x12c76: je 0x12c70 0x12c78: mov si, 0x115 0x12c7b: add si, word ptr [0x106] 0x12c7f: mov byte ptr [si], dl 0x12c81: mov ax, 0x4301 0x12c84: xor cx, cx 0x12c86: mov dx, si 0x12c88: add dx, 0xb7 0x12c8c: int 0x21 0x12c8e: mov ah, 0x3e 0x12c90: int 0x21 0x12c92: mov ax, 0x3d02 0x12c95: int 0x21 0x12c97: jb 0x12c4d 0x12c99: mov di, dx 0x12c9b: add di, 0x62 0x12c9f: stosw word ptr es:[di], ax 0x12ca0: xchg ax, bx 0x12ca1: mov ah, 0x40
2018-12-25T13:06:55.728104331Z	67	PC: 12c8e | Get or set file attributes
2018-12-25T13:06:55.750010348Z	62	PC: 12c92 | Close file
2018-12-25T13:06:55.75293503Z	61	PC: 12c97 | Open file (Filename = 'SLEEP.COM')
2018-12-25T13:06:55.760390243Z	64	PC: 12cab | Write file or device (Write 4 bytes on handle 5)
2018-12-25T13:06:55.76886346Z	64	PC: 12cbe | Write file or device (Write 2 bytes on handle 5)
2018-12-25T13:06:55.772057881Z	64	PC: 12cd3 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T13:06:55.77497043Z	66	PC: 12cdc | Move file pointer
2018-12-25T13:06:55.777278358Z	64	PC: 12a7f | Write file or device (Write 1133 bytes on handle 5)
2018-12-25T13:06:55.78903695Z	87	PC: 12cf6 | Get or set file date and time
2018-12-25T13:06:55.790988509Z	62	PC: 12cfa | Close file
2018-12-25T13:06:55.799842617Z	67	PC: 12d0d | Get or set file attributes
2018-12-25T13:06:55.816833549Z	79	PC: 12c14 | Find next file
2018-12-25T13:06:55.820868831Z	61	PC: 12c2c | Open file (See above)
2018-12-25T13:06:55.828627712Z	63	PC: 12c3e | Read file or device (See above)
2018-12-25T13:06:55.837193498Z	44	PC: 12c74 | Get time (See above)
2018-12-25T13:06:55.839686916Z	67	PC: 12c8e | Get or set file attributes (See above)
2018-12-25T13:06:55.850794513Z	62	PC: 12c92 | Close file (See above)
2018-12-25T13:06:55.853303147Z	61	PC: 12c97 | Open file (See above)
2018-12-25T13:06:55.860717321Z	64	PC: 12cab | Write file or device (See above)
2018-12-25T13:06:55.863764678Z	64	PC: 12cbe | Write file or device (See above)
2018-12-25T13:06:55.867658314Z	64	PC: 12cd3 | Write file or device (See above)
2018-12-25T13:06:55.870626345Z	66	PC: 12cdc | Move file pointer (See above)
2018-12-25T13:06:55.872675852Z	64	PC: 12a7f | Write file or device (See above)
2018-12-25T13:06:55.895043568Z	87	PC: 12cf6 | Get or set file date and time (See above)
2018-12-25T13:06:55.904936032Z	62	PC: 12cfa | Close file (See above)
2018-12-25T13:06:55.924505405Z	67	PC: 12d0d | Get or set file attributes (See above)
2018-12-25T13:06:55.960495236Z	79	PC: 12c14 | Find next file (See above)
2018-12-25T13:06:55.964591249Z	61	PC: 12c2c | Open file (See above)
2018-12-25T13:06:55.972257092Z	63	PC: 12c3e | Read file or device (See above)
2018-12-25T13:06:55.979802118Z	44	PC: 12c74 | Get time (See above)
2018-12-25T13:06:55.983080376Z	67	PC: 12c8e | Get or set file attributes (See above)
2018-12-25T13:06:55.994569273Z	62	PC: 12c92 | Close file (See above)
2018-12-25T13:06:55.99698089Z	61	PC: 12c97 | Open file (See above)
2018-12-25T13:06:56.006953463Z	64	PC: 12cab | Write file or device (See above)
2018-12-25T13:06:56.010968052Z	64	PC: 12cbe | Write file or device (See above)
2018-12-25T13:06:56.014451984Z	64	PC: 12cd3 | Write file or device (See above)
2018-12-25T13:06:56.037102413Z	66	PC: 12cdc | Move file pointer (See above)
2018-12-25T13:06:56.040093209Z	64	PC: 12a7f | Write file or device (See above)
2018-12-25T13:06:56.061668452Z	87	PC: 12cf6 | Get or set file date and time (See above)
2018-12-25T13:06:56.063823573Z	62	PC: 12cfa | Close file (See above)
2018-12-25T13:06:56.082079809Z	67	PC: 12d0d | Get or set file attributes (See above)
2018-12-25T13:06:56.093879998Z	42	PC: 12b5b | Get date 0x12b5b: cmp dx, 0x709 0x12b5f: je 0x12b64 0x12b61: jmp 0x12d7d 0x12b64: jmp 0x12d12 0x12b67: and ah, bh 0x12b69: movsw word ptr es:[di], word ptr [si] 0x12b6a: mov ax, 0x5c4c 0x12b6d: add word ptr [di], ax 0x12b6f: add byte ptr [di - 0x75], dl 0x12b72: in al, dx 0x12b73: sub sp, 0x2c 0x12b76: push si 0x12b77: jmp 0x12be8 0x12b79: mov ah, 0x1a 0x12b7b: lea dx, word ptr [bp - 0x2c] 0x12b7e: int 0x21 0x12b80: mov ah, 0x4e 0x12b82: mov cx, 0x10 0x12b85: mov dx, 0x1a5 0x12b88: add dx, word ptr [0x106]
2018-12-25T13:06:56.096678667Z	59	PC: 12d88 | Change current directory
2018-12-25T13:06:56.10194844Z	59	PC: 12d90 | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":4599,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:52:26.399036396Z	71	PC: 12b32 | Get current directory
2018-12-25T11:52:26.410954782Z	59	PC: 12b3e | Change current directory
2018-12-25T11:52:26.415481556Z	26	PC: 12bf3 | Set disk transfer address
2018-12-25T11:52:26.416599648Z	78	PC: 12c01 | Find first file
2018-12-25T11:52:26.429817303Z	61	PC: 12c2c | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:52:26.437193911Z	63	PC: 12c3e | Read file or device (Read 8 bytes on handle 5)
2018-12-25T11:52:26.444506838Z	44	PC: 12c74 | Get time 0x12c74: add dl, dh 0x12c76: je 0x12c70 0x12c78: mov si, 0x115 0x12c7b: add si, word ptr [0x106] 0x12c7f: mov byte ptr [si], dl 0x12c81: mov ax, 0x4301 0x12c84: xor cx, cx 0x12c86: mov dx, si 0x12c88: add dx, 0xb7 0x12c8c: int 0x21 0x12c8e: mov ah, 0x3e 0x12c90: int 0x21 0x12c92: mov ax, 0x3d02 0x12c95: int 0x21 0x12c97: jb 0x12c4d 0x12c99: mov di, dx 0x12c9b: add di, 0x62 0x12c9f: stosw word ptr es:[di], ax 0x12ca0: xchg ax, bx 0x12ca1: mov ah, 0x40
2018-12-25T11:52:26.446928048Z	67	PC: 12c8e | Get or set file attributes
2018-12-25T11:52:29.156538454Z	62	PC: 12c92 | Close file
2018-12-25T11:52:29.1618622Z	61	PC: 12c97 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:52:29.175245809Z	64	PC: 12cab | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:52:29.179624052Z	64	PC: 12cbe | Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:52:29.183001234Z	64	PC: 12cd3 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:52:29.186772973Z	66	PC: 12cdc | Move file pointer
2018-12-25T11:52:29.19216665Z	64	PC: 12a7f | Write file or device (Write 1133 bytes on handle 5)
2018-12-25T11:52:29.207223953Z	87	PC: 12cf6 | Get or set file date and time
2018-12-25T11:52:29.20933151Z	62	PC: 12cfa | Close file
2018-12-25T11:52:29.218577749Z	67	PC: 12d0d | Get or set file attributes
2018-12-25T11:52:29.229937654Z	79	PC: 12c14 | Find next file
2018-12-25T11:52:29.233188912Z	61	PC: 12c2c | Open file (See above)
2018-12-25T11:52:29.241525434Z	63	PC: 12c3e | Read file or device (See above)
2018-12-25T11:52:29.261469606Z	44	PC: 12c74 | Get time (See above)
2018-12-25T11:52:29.263887225Z	67	PC: 12c8e | Get or set file attributes (See above)
2018-12-25T11:52:29.275701508Z	62	PC: 12c92 | Close file (See above)
2018-12-25T11:52:29.280999441Z	61	PC: 12c97 | Open file (See above)
2018-12-25T11:52:29.295314247Z	64	PC: 12cab | Write file or device (See above)
2018-12-25T11:52:29.324697601Z	64	PC: 12cbe | Write file or device (See above)
2018-12-25T11:52:29.328940681Z	64	PC: 12cd3 | Write file or device (See above)
2018-12-25T11:52:29.331922054Z	66	PC: 12cdc | Move file pointer (See above)
2018-12-25T11:52:29.334058437Z	64	PC: 12a7f | Write file or device (See above)
2018-12-25T11:52:29.349706543Z	87	PC: 12cf6 | Get or set file date and time (See above)
2018-12-25T11:52:29.351769411Z	62	PC: 12cfa | Close file (See above)
2018-12-25T11:52:29.360825373Z	67	PC: 12d0d | Get or set file attributes (See above)
2018-12-25T11:52:29.373548946Z	79	PC: 12c14 | Find next file (See above)
2018-12-25T11:52:29.377343851Z	61	PC: 12c2c | Open file (See above)
2018-12-25T11:52:29.38581169Z	63	PC: 12c3e | Read file or device (See above)
2018-12-25T11:52:29.408008343Z	44	PC: 12c74 | Get time (See above)
2018-12-25T11:52:29.411782674Z	67	PC: 12c8e | Get or set file attributes (See above)
2018-12-25T11:52:29.423161371Z	62	PC: 12c92 | Close file (See above)
2018-12-25T11:52:29.426295704Z	61	PC: 12c97 | Open file (See above)
2018-12-25T11:52:29.433625498Z	64	PC: 12cab | Write file or device (See above)
2018-12-25T11:52:29.43849939Z	64	PC: 12cbe | Write file or device (See above)
2018-12-25T11:52:29.4415327Z	64	PC: 12cd3 | Write file or device (See above)
2018-12-25T11:52:29.444922586Z	66	PC: 12cdc | Move file pointer (See above)
2018-12-25T11:52:29.447231068Z	64	PC: 12a7f | Write file or device (See above)
2018-12-25T11:52:29.45769736Z	87	PC: 12cf6 | Get or set file date and time (See above)
2018-12-25T11:52:29.460739Z	62	PC: 12cfa | Close file (See above)
2018-12-25T11:52:29.470024753Z	67	PC: 12d0d | Get or set file attributes (See above)
2018-12-25T11:52:29.481706486Z	42	PC: 12b5b | Get date 0x12b5b: cmp dx, 0x709 0x12b5f: je 0x12b64 0x12b61: jmp 0x12d7d 0x12b64: jmp 0x12d12 0x12b67: and ah, bh 0x12b69: movsw word ptr es:[di], word ptr [si] 0x12b6a: mov ax, 0x5c4c 0x12b6d: add word ptr [di], ax 0x12b6f: add byte ptr [di - 0x75], dl 0x12b72: in al, dx 0x12b73: sub sp, 0x2c 0x12b76: push si 0x12b77: jmp 0x12be8 0x12b79: mov ah, 0x1a 0x12b7b: lea dx, word ptr [bp - 0x2c] 0x12b7e: int 0x21 0x12b80: mov ah, 0x4e 0x12b82: mov cx, 0x10 0x12b85: mov dx, 0x1a5 0x12b88: add dx, word ptr [0x106]
2018-12-25T11:52:29.485562474Z	59	PC: 12d88 | Change current directory
2018-12-25T11:52:29.490410062Z	59	PC: 12d90 | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":4599,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:52:26.404445894Z	71	PC: 12b32 | Get current directory
2018-12-25T11:52:26.406808404Z	59	PC: 12b3e | Change current directory
2018-12-25T11:52:26.40952387Z	26	PC: 12bf3 | Set disk transfer address
2018-12-25T11:52:26.410478885Z	78	PC: 12c01 | Find first file
2018-12-25T11:52:26.41667845Z	61	PC: 12c2c | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:52:26.42295814Z	63	PC: 12c3e | Read file or device (Read 8 bytes on handle 5)
2018-12-25T11:52:26.429071402Z	44	PC: 12c74 | Get time 0x12c74: add dl, dh 0x12c76: je 0x12c70 0x12c78: mov si, 0x115 0x12c7b: add si, word ptr [0x106] 0x12c7f: mov byte ptr [si], dl 0x12c81: mov ax, 0x4301 0x12c84: xor cx, cx 0x12c86: mov dx, si 0x12c88: add dx, 0xb7 0x12c8c: int 0x21 0x12c8e: mov ah, 0x3e 0x12c90: int 0x21 0x12c92: mov ax, 0x3d02 0x12c95: int 0x21 0x12c97: jb 0x12c4d 0x12c99: mov di, dx 0x12c9b: add di, 0x62 0x12c9f: stosw word ptr es:[di], ax 0x12ca0: xchg ax, bx 0x12ca1: mov ah, 0x40
2018-12-25T11:52:26.431417554Z	67	PC: 12c8e | Get or set file attributes
2018-12-25T11:52:30.682929684Z	62	PC: 12c92 | Close file
2018-12-25T11:52:30.684559918Z	61	PC: 12c97 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:52:30.691135954Z	64	PC: 12cab | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:52:30.716070107Z	64	PC: 12cbe | Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:52:30.71896991Z	64	PC: 12cd3 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:52:30.721846153Z	66	PC: 12cdc | Move file pointer
2018-12-25T11:52:30.724498394Z	64	PC: 12a7f | Write file or device (Write 1133 bytes on handle 5)
2018-12-25T11:52:30.864436764Z	87	PC: 12cf6 | Get or set file date and time
2018-12-25T11:52:30.866282245Z	62	PC: 12cfa | Close file
2018-12-25T11:52:30.904191461Z	67	PC: 12d0d | Get or set file attributes
2018-12-25T11:52:30.930294104Z	79	PC: 12c14 | Find next file
2018-12-25T11:52:30.933294719Z	61	PC: 12c2c | Open file (See above)
2018-12-25T11:52:30.938285163Z	63	PC: 12c3e | Read file or device (See above)
2018-12-25T11:52:30.947426341Z	44	PC: 12c74 | Get time (See above)
2018-12-25T11:52:30.949062989Z	67	PC: 12c8e | Get or set file attributes (See above)
2018-12-25T11:52:31.368621017Z	62	PC: 12c92 | Close file (See above)
2018-12-25T11:52:31.370381771Z	61	PC: 12c97 | Open file (See above)
2018-12-25T11:52:31.374556086Z	64	PC: 12cab | Write file or device (See above)
2018-12-25T11:52:31.376845951Z	64	PC: 12cbe | Write file or device (See above)
2018-12-25T11:52:31.378648199Z	64	PC: 12cd3 | Write file or device (See above)
2018-12-25T11:52:31.380303235Z	66	PC: 12cdc | Move file pointer (See above)
2018-12-25T11:52:31.381963019Z	64	PC: 12a7f | Write file or device (See above)
2018-12-25T11:52:31.548580663Z	87	PC: 12cf6 | Get or set file date and time (See above)
2018-12-25T11:52:31.549926277Z	62	PC: 12cfa | Close file (See above)
2018-12-25T11:52:31.568695968Z	67	PC: 12d0d | Get or set file attributes (See above)
2018-12-25T11:52:31.628355134Z	79	PC: 12c14 | Find next file (See above)
2018-12-25T11:52:31.630888819Z	61	PC: 12c2c | Open file (See above)
2018-12-25T11:52:31.637747469Z	63	PC: 12c3e | Read file or device (See above)
2018-12-25T11:52:31.644097107Z	44	PC: 12c74 | Get time (See above)
2018-12-25T11:52:31.646176231Z	67	PC: 12c8e | Get or set file attributes (See above)
2018-12-25T11:52:31.835616093Z	62	PC: 12c92 | Close file (See above)
2018-12-25T11:52:31.837769183Z	61	PC: 12c97 | Open file (See above)
2018-12-25T11:52:31.844835498Z	64	PC: 12cab | Write file or device (See above)
2018-12-25T11:52:31.848635504Z	64	PC: 12cbe | Write file or device (See above)
2018-12-25T11:52:31.851804665Z	64	PC: 12cd3 | Write file or device (See above)
2018-12-25T11:52:31.854878461Z	66	PC: 12cdc | Move file pointer (See above)
2018-12-25T11:52:31.857852495Z	64	PC: 12a7f | Write file or device (See above)
2018-12-25T11:52:32.04915263Z	87	PC: 12cf6 | Get or set file date and time (See above)
2018-12-25T11:52:32.050972997Z	62	PC: 12cfa | Close file (See above)
2018-12-25T11:52:32.315320535Z	67	PC: 12d0d | Get or set file attributes (See above)
2018-12-25T11:52:32.478333771Z	42	PC: 12b5b | Get date 0x12b5b: cmp dx, 0x709 0x12b5f: je 0x12b64 0x12b61: jmp 0x12d7d 0x12b64: jmp 0x12d12 0x12b67: and ah, bh 0x12b69: movsw word ptr es:[di], word ptr [si] 0x12b6a: mov ax, 0x5c4c 0x12b6d: add word ptr [di], ax 0x12b6f: add byte ptr [di - 0x75], dl 0x12b72: in al, dx 0x12b73: sub sp, 0x2c 0x12b76: push si 0x12b77: jmp 0x12be8 0x12b79: mov ah, 0x1a 0x12b7b: lea dx, word ptr [bp - 0x2c] 0x12b7e: int 0x21 0x12b80: mov ah, 0x4e 0x12b82: mov cx, 0x10 0x12b85: mov dx, 0x1a5 0x12b88: add dx, word ptr [0x106]
2018-12-25T11:52:32.481144029Z	59	PC: 12d88 | Change current directory
2018-12-25T11:52:32.485576287Z	59	PC: 12d90 | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":4599,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:52:26.495245872Z	71	PC: 12b32 | Get current directory
2018-12-25T11:52:26.498592997Z	59	PC: 12b3e | Change current directory
2018-12-25T11:52:26.502944255Z	26	PC: 12bf3 | Set disk transfer address
2018-12-25T11:52:26.504445017Z	78	PC: 12c01 | Find first file
2018-12-25T11:52:26.516799318Z	61	PC: 12c2c | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:52:26.524561882Z	63	PC: 12c3e | Read file or device (Read 8 bytes on handle 5)
2018-12-25T11:52:26.529330168Z	44	PC: 12c74 | Get time 0x12c74: add dl, dh 0x12c76: je 0x12c70 0x12c78: mov si, 0x115 0x12c7b: add si, word ptr [0x106] 0x12c7f: mov byte ptr [si], dl 0x12c81: mov ax, 0x4301 0x12c84: xor cx, cx 0x12c86: mov dx, si 0x12c88: add dx, 0xb7 0x12c8c: int 0x21 0x12c8e: mov ah, 0x3e 0x12c90: int 0x21 0x12c92: mov ax, 0x3d02 0x12c95: int 0x21 0x12c97: jb 0x12c4d 0x12c99: mov di, dx 0x12c9b: add di, 0x62 0x12c9f: stosw word ptr es:[di], ax 0x12ca0: xchg ax, bx 0x12ca1: mov ah, 0x40
2018-12-25T11:52:26.531879181Z	67	PC: 12c8e | Get or set file attributes
2018-12-25T11:52:29.158061118Z	62	PC: 12c92 | Close file
2018-12-25T11:52:29.160658963Z	61	PC: 12c97 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:52:29.168232778Z	64	PC: 12cab | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:52:29.172350527Z	64	PC: 12cbe | Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:52:29.180771774Z	64	PC: 12cd3 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:52:29.184093005Z	66	PC: 12cdc | Move file pointer
2018-12-25T11:52:29.187713897Z	64	PC: 12a7f | Write file or device (Write 1133 bytes on handle 5)
2018-12-25T11:52:29.197973327Z	87	PC: 12cf6 | Get or set file date and time
2018-12-25T11:52:29.199691735Z	62	PC: 12cfa | Close file
2018-12-25T11:52:29.209420168Z	67	PC: 12d0d | Get or set file attributes
2018-12-25T11:52:29.220331168Z	79	PC: 12c14 | Find next file
2018-12-25T11:52:29.223279141Z	61	PC: 12c2c | Open file (See above)
2018-12-25T11:52:29.231279834Z	63	PC: 12c3e | Read file or device (See above)
2018-12-25T11:52:29.239993208Z	44	PC: 12c74 | Get time (See above)
2018-12-25T11:52:29.242747135Z	67	PC: 12c8e | Get or set file attributes (See above)
2018-12-25T11:52:29.262035014Z	62	PC: 12c92 | Close file (See above)
2018-12-25T11:52:29.264702715Z	61	PC: 12c97 | Open file (See above)
2018-12-25T11:52:29.27483537Z	64	PC: 12cab | Write file or device (See above)
2018-12-25T11:52:29.27829017Z	64	PC: 12cbe | Write file or device (See above)
2018-12-25T11:52:29.283426439Z	64	PC: 12cd3 | Write file or device (See above)
2018-12-25T11:52:29.28739389Z	66	PC: 12cdc | Move file pointer (See above)
2018-12-25T11:52:29.29008653Z	64	PC: 12a7f | Write file or device (See above)
2018-12-25T11:52:29.302601424Z	87	PC: 12cf6 | Get or set file date and time (See above)
2018-12-25T11:52:29.304695619Z	62	PC: 12cfa | Close file (See above)
2018-12-25T11:52:29.31379318Z	67	PC: 12d0d | Get or set file attributes (See above)
2018-12-25T11:52:29.326254314Z	79	PC: 12c14 | Find next file (See above)
2018-12-25T11:52:29.32953969Z	61	PC: 12c2c | Open file (See above)
2018-12-25T11:52:29.337708365Z	63	PC: 12c3e | Read file or device (See above)
2018-12-25T11:52:29.345711237Z	44	PC: 12c74 | Get time (See above)
2018-12-25T11:52:29.348444458Z	67	PC: 12c8e | Get or set file attributes (See above)
2018-12-25T11:52:29.359769648Z	62	PC: 12c92 | Close file (See above)
2018-12-25T11:52:29.362377866Z	61	PC: 12c97 | Open file (See above)
2018-12-25T11:52:29.369864395Z	64	PC: 12cab | Write file or device (See above)
2018-12-25T11:52:29.372994226Z	64	PC: 12cbe | Write file or device (See above)
2018-12-25T11:52:29.376094761Z	64	PC: 12cd3 | Write file or device (See above)
2018-12-25T11:52:29.379409928Z	66	PC: 12cdc | Move file pointer (See above)
2018-12-25T11:52:29.381411825Z	64	PC: 12a7f | Write file or device (See above)
2018-12-25T11:52:29.391657231Z	87	PC: 12cf6 | Get or set file date and time (See above)
2018-12-25T11:52:29.394834155Z	62	PC: 12cfa | Close file (See above)
2018-12-25T11:52:29.404494277Z	67	PC: 12d0d | Get or set file attributes (See above)
2018-12-25T11:52:29.419878277Z	42	PC: 12b5b | Get date 0x12b5b: cmp dx, 0x709 0x12b5f: je 0x12b64 0x12b61: jmp 0x12d7d 0x12b64: jmp 0x12d12 0x12b67: and ah, bh 0x12b69: movsw word ptr es:[di], word ptr [si] 0x12b6a: mov ax, 0x5c4c 0x12b6d: add word ptr [di], ax 0x12b6f: add byte ptr [di - 0x75], dl 0x12b72: in al, dx 0x12b73: sub sp, 0x2c 0x12b76: push si 0x12b77: jmp 0x12be8 0x12b79: mov ah, 0x1a 0x12b7b: lea dx, word ptr [bp - 0x2c] 0x12b7e: int 0x21 0x12b80: mov ah, 0x4e 0x12b82: mov cx, 0x10 0x12b85: mov dx, 0x1a5 0x12b88: add dx, word ptr [0x106]
2018-12-25T11:52:29.423847997Z	59	PC: 12d88 | Change current directory
2018-12-25T11:52:29.429113712Z	59	PC: 12d90 | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":4599,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:52:26.516109693Z	71	PC: 12b32 | Get current directory
2018-12-25T11:52:26.526479764Z	59	PC: 12b3e | Change current directory
2018-12-25T11:52:26.529188939Z	26	PC: 12bf3 | Set disk transfer address
2018-12-25T11:52:26.530020923Z	78	PC: 12c01 | Find first file
2018-12-25T11:52:26.534422109Z	61	PC: 12c2c | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:52:26.538556195Z	63	PC: 12c3e | Read file or device (Read 8 bytes on handle 5)
2018-12-25T11:52:26.542601892Z	44	PC: 12c74 | Get time 0x12c74: add dl, dh 0x12c76: je 0x12c70 0x12c78: mov si, 0x115 0x12c7b: add si, word ptr [0x106] 0x12c7f: mov byte ptr [si], dl 0x12c81: mov ax, 0x4301 0x12c84: xor cx, cx 0x12c86: mov dx, si 0x12c88: add dx, 0xb7 0x12c8c: int 0x21 0x12c8e: mov ah, 0x3e 0x12c90: int 0x21 0x12c92: mov ax, 0x3d02 0x12c95: int 0x21 0x12c97: jb 0x12c4d 0x12c99: mov di, dx 0x12c9b: add di, 0x62 0x12c9f: stosw word ptr es:[di], ax 0x12ca0: xchg ax, bx 0x12ca1: mov ah, 0x40
2018-12-25T11:52:26.544230814Z	67	PC: 12c8e | Get or set file attributes
2018-12-25T11:52:29.157970587Z	62	PC: 12c92 | Close file
2018-12-25T11:52:29.160615871Z	61	PC: 12c97 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:52:29.17721867Z	64	PC: 12cab | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:52:29.196352979Z	64	PC: 12cbe | Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:52:29.200346144Z	64	PC: 12cd3 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:52:29.206882118Z	66	PC: 12cdc | Move file pointer
2018-12-25T11:52:29.212018997Z	64	PC: 12a7f | Write file or device (Write 1133 bytes on handle 5)
2018-12-25T11:52:29.231105758Z	87	PC: 12cf6 | Get or set file date and time
2018-12-25T11:52:29.237706997Z	62	PC: 12cfa | Close file
2018-12-25T11:52:29.248238857Z	67	PC: 12d0d | Get or set file attributes
2018-12-25T11:52:29.259241599Z	79	PC: 12c14 | Find next file
2018-12-25T11:52:29.26289395Z	61	PC: 12c2c | Open file (See above)
2018-12-25T11:52:29.27167068Z	63	PC: 12c3e | Read file or device (See above)
2018-12-25T11:52:29.279427821Z	44	PC: 12c74 | Get time (See above)
2018-12-25T11:52:29.282252527Z	67	PC: 12c8e | Get or set file attributes (See above)
2018-12-25T11:52:29.294522455Z	62	PC: 12c92 | Close file (See above)
2018-12-25T11:52:29.297175266Z	61	PC: 12c97 | Open file (See above)
2018-12-25T11:52:29.304954876Z	64	PC: 12cab | Write file or device (See above)
2018-12-25T11:52:29.309469981Z	64	PC: 12cbe | Write file or device (See above)
2018-12-25T11:52:29.31268435Z	64	PC: 12cd3 | Write file or device (See above)
2018-12-25T11:52:29.315626587Z	66	PC: 12cdc | Move file pointer (See above)
2018-12-25T11:52:29.318012094Z	64	PC: 12a7f | Write file or device (See above)
2018-12-25T11:52:29.331151101Z	87	PC: 12cf6 | Get or set file date and time (See above)
2018-12-25T11:52:29.333303893Z	62	PC: 12cfa | Close file (See above)
2018-12-25T11:52:29.342037759Z	67	PC: 12d0d | Get or set file attributes (See above)
2018-12-25T11:52:29.354369857Z	79	PC: 12c14 | Find next file (See above)
2018-12-25T11:52:29.357764705Z	61	PC: 12c2c | Open file (See above)
2018-12-25T11:52:29.365322226Z	63	PC: 12c3e | Read file or device (See above)
2018-12-25T11:52:29.374060131Z	44	PC: 12c74 | Get time (See above)
2018-12-25T11:52:29.377278525Z	67	PC: 12c8e | Get or set file attributes (See above)
2018-12-25T11:52:29.3883927Z	62	PC: 12c92 | Close file (See above)
2018-12-25T11:52:29.391068146Z	61	PC: 12c97 | Open file (See above)
2018-12-25T11:52:29.399107251Z	64	PC: 12cab | Write file or device (See above)
2018-12-25T11:52:29.402503234Z	64	PC: 12cbe | Write file or device (See above)
2018-12-25T11:52:29.405740297Z	64	PC: 12cd3 | Write file or device (See above)
2018-12-25T11:52:29.409345765Z	66	PC: 12cdc | Move file pointer (See above)
2018-12-25T11:52:29.411706166Z	64	PC: 12a7f | Write file or device (See above)
2018-12-25T11:52:29.421852122Z	87	PC: 12cf6 | Get or set file date and time (See above)
2018-12-25T11:52:29.424581706Z	62	PC: 12cfa | Close file (See above)
2018-12-25T11:52:29.43292093Z	67	PC: 12d0d | Get or set file attributes (See above)
2018-12-25T11:52:29.444124869Z	42	PC: 12b5b | Get date 0x12b5b: cmp dx, 0x709 0x12b5f: je 0x12b64 0x12b61: jmp 0x12d7d 0x12b64: jmp 0x12d12 0x12b67: and ah, bh 0x12b69: movsw word ptr es:[di], word ptr [si] 0x12b6a: mov ax, 0x5c4c 0x12b6d: add word ptr [di], ax 0x12b6f: add byte ptr [di - 0x75], dl 0x12b72: in al, dx 0x12b73: sub sp, 0x2c 0x12b76: push si 0x12b77: jmp 0x12be8 0x12b79: mov ah, 0x1a 0x12b7b: lea dx, word ptr [bp - 0x2c] 0x12b7e: int 0x21 0x12b80: mov ah, 0x4e 0x12b82: mov cx, 0x10 0x12b85: mov dx, 0x1a5 0x12b88: add dx, word ptr [0x106]
2018-12-25T11:52:29.447627242Z	59	PC: 12d88 | Change current directory
2018-12-25T11:52:29.451978755Z	59	PC: 12d90 | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":4599,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:52:26.64320724Z	71	PC: 12b32 | Get current directory
2018-12-25T11:52:26.646448877Z	59	PC: 12b3e | Change current directory
2018-12-25T11:52:26.649126734Z	26	PC: 12bf3 | Set disk transfer address
2018-12-25T11:52:26.649920989Z	78	PC: 12c01 | Find first file
2018-12-25T11:52:26.657235234Z	61	PC: 12c2c | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:52:26.664752528Z	63	PC: 12c3e | Read file or device (Read 8 bytes on handle 5)
2018-12-25T11:52:26.668879463Z	44	PC: 12c74 | Get time 0x12c74: add dl, dh 0x12c76: je 0x12c70 0x12c78: mov si, 0x115 0x12c7b: add si, word ptr [0x106] 0x12c7f: mov byte ptr [si], dl 0x12c81: mov ax, 0x4301 0x12c84: xor cx, cx 0x12c86: mov dx, si 0x12c88: add dx, 0xb7 0x12c8c: int 0x21 0x12c8e: mov ah, 0x3e 0x12c90: int 0x21 0x12c92: mov ax, 0x3d02 0x12c95: int 0x21 0x12c97: jb 0x12c4d 0x12c99: mov di, dx 0x12c9b: add di, 0x62 0x12c9f: stosw word ptr es:[di], ax 0x12ca0: xchg ax, bx 0x12ca1: mov ah, 0x40
2018-12-25T11:52:26.670825681Z	67	PC: 12c8e | Get or set file attributes
2018-12-25T11:52:29.158087842Z	62	PC: 12c92 | Close file
2018-12-25T11:52:29.160996935Z	61	PC: 12c97 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:52:29.170423911Z	64	PC: 12cab | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:52:29.187505515Z	64	PC: 12cbe | Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:52:29.190516363Z	64	PC: 12cd3 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:52:29.193709196Z	66	PC: 12cdc | Move file pointer
2018-12-25T11:52:29.196027624Z	64	PC: 12a7f | Write file or device (Write 1133 bytes on handle 5)
2018-12-25T11:52:29.206742273Z	87	PC: 12cf6 | Get or set file date and time
2018-12-25T11:52:29.208603973Z	62	PC: 12cfa | Close file
2018-12-25T11:52:29.217863873Z	67	PC: 12d0d | Get or set file attributes
2018-12-25T11:52:29.229603592Z	79	PC: 12c14 | Find next file
2018-12-25T11:52:29.232964683Z	61	PC: 12c2c | Open file (See above)
2018-12-25T11:52:29.241596051Z	63	PC: 12c3e | Read file or device (See above)
2018-12-25T11:52:29.248811348Z	44	PC: 12c74 | Get time (See above)
2018-12-25T11:52:29.251121239Z	67	PC: 12c8e | Get or set file attributes (See above)
2018-12-25T11:52:29.263340622Z	62	PC: 12c92 | Close file (See above)
2018-12-25T11:52:29.286383194Z	61	PC: 12c97 | Open file (See above)
2018-12-25T11:52:29.299505579Z	64	PC: 12cab | Write file or device (See above)
2018-12-25T11:52:29.303991916Z	64	PC: 12cbe | Write file or device (See above)
2018-12-25T11:52:29.306784011Z	64	PC: 12cd3 | Write file or device (See above)
2018-12-25T11:52:29.324871307Z	66	PC: 12cdc | Move file pointer (See above)
2018-12-25T11:52:29.327884908Z	64	PC: 12a7f | Write file or device (See above)
2018-12-25T11:52:29.338524567Z	87	PC: 12cf6 | Get or set file date and time (See above)
2018-12-25T11:52:29.340278809Z	62	PC: 12cfa | Close file (See above)
2018-12-25T11:52:29.349943848Z	67	PC: 12d0d | Get or set file attributes (See above)
2018-12-25T11:52:29.362545305Z	79	PC: 12c14 | Find next file (See above)
2018-12-25T11:52:29.365770784Z	61	PC: 12c2c | Open file (See above)
2018-12-25T11:52:29.373459469Z	63	PC: 12c3e | Read file or device (See above)
2018-12-25T11:52:29.381775063Z	44	PC: 12c74 | Get time (See above)
2018-12-25T11:52:29.384653434Z	67	PC: 12c8e | Get or set file attributes (See above)
2018-12-25T11:52:29.400297481Z	62	PC: 12c92 | Close file (See above)
2018-12-25T11:52:29.403892492Z	61	PC: 12c97 | Open file (See above)
2018-12-25T11:52:29.412209848Z	64	PC: 12cab | Write file or device (See above)
2018-12-25T11:52:29.415755295Z	64	PC: 12cbe | Write file or device (See above)
2018-12-25T11:52:29.419700398Z	64	PC: 12cd3 | Write file or device (See above)
2018-12-25T11:52:29.423390122Z	66	PC: 12cdc | Move file pointer (See above)
2018-12-25T11:52:29.425444118Z	64	PC: 12a7f | Write file or device (See above)
2018-12-25T11:52:29.436323789Z	87	PC: 12cf6 | Get or set file date and time (See above)
2018-12-25T11:52:29.438766491Z	62	PC: 12cfa | Close file (See above)
2018-12-25T11:52:29.447519087Z	67	PC: 12d0d | Get or set file attributes (See above)
2018-12-25T11:52:29.459056192Z	42	PC: 12b5b | Get date 0x12b5b: cmp dx, 0x709 0x12b5f: je 0x12b64 0x12b61: jmp 0x12d7d 0x12b64: jmp 0x12d12 0x12b67: and ah, bh 0x12b69: movsw word ptr es:[di], word ptr [si] 0x12b6a: mov ax, 0x5c4c 0x12b6d: add word ptr [di], ax 0x12b6f: add byte ptr [di - 0x75], dl 0x12b72: in al, dx 0x12b73: sub sp, 0x2c 0x12b76: push si 0x12b77: jmp 0x12be8 0x12b79: mov ah, 0x1a 0x12b7b: lea dx, word ptr [bp - 0x2c] 0x12b7e: int 0x21 0x12b80: mov ah, 0x4e 0x12b82: mov cx, 0x10 0x12b85: mov dx, 0x1a5 0x12b88: add dx, word ptr [0x106]
2018-12-25T11:52:29.462152215Z	59	PC: 12d88 | Change current directory
2018-12-25T11:52:29.466893784Z	59	PC: 12d90 | Change current directory