Sample viewer

vx.netlux.org/Virus.DOS.DVA.749

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:26:02.962384515Z	47	PC: 12a94 \| Get disk transfer address
2018-12-17T22:26:02.964075094Z	26	PC: 12aae \| Set disk transfer address
2018-12-17T22:26:02.965357885Z	78	PC: 12b6d \| Find first file
2018-12-17T22:26:02.97135833Z	61	PC: 12b7a \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:26:02.97822799Z	63	PC: 12b8d \| Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:26:02.985440768Z	66	PC: 12c18 \| Move file pointer
2018-12-17T22:26:02.987208158Z	66	PC: 12bda \| Move file pointer
2018-12-17T22:26:02.988922437Z	64	PC: 12be7 \| Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:26:02.992498327Z	66	PC: 12bf9 \| Move file pointer
2018-12-17T22:26:02.993885229Z	64	PC: 12c06 \| Write file or device (Write 749 bytes on handle 5)
2018-12-17T22:26:03.008204817Z	62	PC: 12ba6 \| Close file
2018-12-17T22:26:03.01674462Z	79	PC: 12baa \| Find next file
2018-12-17T22:26:03.019373341Z	61	PC: 12b7a \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:26:03.026479899Z	63	PC: 12b8d \| Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:26:03.034255256Z	66	PC: 12c18 \| Move file pointer
2018-12-17T22:26:03.035791281Z	66	PC: 12bda \| Move file pointer
2018-12-17T22:26:03.037430789Z	64	PC: 12be7 \| Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:26:03.040779772Z	66	PC: 12bf9 \| Move file pointer
2018-12-17T22:26:03.04243666Z	64	PC: 12c06 \| Write file or device (Write 749 bytes on handle 5)
2018-12-17T22:26:03.050568155Z	62	PC: 12ba6 \| Close file
2018-12-17T22:26:03.059839294Z	79	PC: 12baa \| Find next file
2018-12-17T22:26:03.062419296Z	61	PC: 12b7a \| Open file (Filename = 'HELLO.COM')
2018-12-17T22:26:03.069918065Z	63	PC: 12b8d \| Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:26:03.077022415Z	66	PC: 12c18 \| Move file pointer
2018-12-17T22:26:03.078474878Z	66	PC: 12bda \| Move file pointer
2018-12-17T22:26:03.079792782Z	64	PC: 12be7 \| Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:26:03.083037929Z	66	PC: 12bf9 \| Move file pointer
2018-12-17T22:26:03.084587451Z	64	PC: 12c06 \| Write file or device (Write 749 bytes on handle 5)
2018-12-17T22:26:03.092895934Z	62	PC: 12ba6 \| Close file
2018-12-17T22:26:03.100984835Z	79	PC: 12baa \| Find next file
2018-12-17T22:26:03.104737392Z	61	PC: 12b7a \| Open file (Filename = 'PHANG.COM')
2018-12-17T22:26:03.111194219Z	63	PC: 12b8d \| Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:26:03.123027099Z	66	PC: 12c18 \| Move file pointer
2018-12-17T22:26:03.125173387Z	66	PC: 12bda \| Move file pointer
2018-12-17T22:26:03.128302054Z	64	PC: 12be7 \| Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:26:03.131370618Z	66	PC: 12bf9 \| Move file pointer
2018-12-17T22:26:03.135363632Z	64	PC: 12c06 \| Write file or device (Write 749 bytes on handle 5)
2018-12-17T22:26:03.143214571Z	62	PC: 12ba6 \| Close file
2018-12-17T22:26:03.151351087Z	79	PC: 12baa \| Find next file
2018-12-17T22:26:03.154794875Z	61	PC: 12b7a \| Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:26:03.161602492Z	63	PC: 12b8d \| Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:26:03.168242274Z	66	PC: 12c18 \| Move file pointer
2018-12-17T22:26:03.170193078Z	66	PC: 12bda \| Move file pointer
2018-12-17T22:26:03.171609927Z	64	PC: 12be7 \| Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:26:03.174105721Z	66	PC: 12bf9 \| Move file pointer
2018-12-17T22:26:03.176477041Z	64	PC: 12c06 \| Write file or device (Write 749 bytes on handle 5)
2018-12-17T22:26:03.185568912Z	62	PC: 12ba6 \| Close file
2018-12-17T22:26:03.194841511Z	79	PC: 12baa \| Find next file
2018-12-17T22:26:03.198312523Z	61	PC: 12b7a \| Open file (Filename = 'MANDEL.COM')
2018-12-17T22:26:03.205042994Z	63	PC: 12b8d \| Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:26:03.212087583Z	66	PC: 12c18 \| Move file pointer
2018-12-17T22:26:03.214206618Z	66	PC: 12bda \| Move file pointer
2018-12-17T22:26:03.216735903Z	64	PC: 12be7 \| Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:26:03.219470052Z	66	PC: 12bf9 \| Move file pointer
2018-12-17T22:26:03.221902165Z	64	PC: 12c06 \| Write file or device (Write 749 bytes on handle 5)
2018-12-17T22:26:03.230955592Z	62	PC: 12ba6 \| Close file
2018-12-17T22:26:03.238849665Z	79	PC: 12baa \| Find next file
2018-12-17T22:26:03.24138809Z	61	PC: 12b7a \| Open file (Filename = 'PAH.COM')
2018-12-17T22:26:03.248639657Z	63	PC: 12b8d \| Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:26:03.254822722Z	66	PC: 12c18 \| Move file pointer
2018-12-17T22:26:03.256187928Z	66	PC: 12bda \| Move file pointer
2018-12-17T22:26:03.258543915Z	64	PC: 12be7 \| Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:26:03.26107199Z	66	PC: 12bf9 \| Move file pointer
2018-12-17T22:26:03.262366Z	64	PC: 12c06 \| Write file or device (Write 749 bytes on handle 5)
2018-12-17T22:26:03.273752252Z	62	PC: 12ba6 \| Close file
2018-12-17T22:26:03.282031519Z	79	PC: 12baa \| Find next file
2018-12-17T22:26:03.284944619Z	61	PC: 12b7a \| Open file (Filename = 'TEST.COM')
2018-12-17T22:26:03.292904081Z	63	PC: 12b8d \| Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:26:03.295776572Z	62	PC: 12ba6 \| Close file
2018-12-17T22:26:03.298577786Z	79	PC: 12baa \| Find next file
2018-12-17T22:26:03.302022238Z	25	PC: 12b1c \| Get default drive
2018-12-17T22:26:03.303668479Z	71	PC: 12b2b \| Get current directory
2018-12-17T22:26:03.306717026Z	78	PC: 12b6d \| Find first file
2018-12-17T22:26:03.313388397Z	61	PC: 12b7a \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:26:03.320098574Z	63	PC: 12b8d \| Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:26:03.326442187Z	62	PC: 12ba6 \| Close file
2018-12-17T22:26:03.32847231Z	79	PC: 12baa \| Find next file
2018-12-17T22:26:03.331069446Z	61	PC: 12b7a \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:26:03.33733018Z	63	PC: 12b8d \| Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:26:03.341660002Z	62	PC: 12ba6 \| Close file
2018-12-17T22:26:03.343383142Z	79	PC: 12baa \| Find next file
2018-12-17T22:26:03.345931685Z	61	PC: 12b7a \| Open file (Filename = 'HELLO.COM')
2018-12-17T22:26:03.352771049Z	63	PC: 12b8d \| Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:26:03.360922683Z	62	PC: 12ba6 \| Close file
2018-12-17T22:26:03.362626011Z	79	PC: 12baa \| Find next file
2018-12-17T22:26:03.367090915Z	61	PC: 12b7a \| Open file (Filename = 'PHANG.COM')
2018-12-17T22:26:03.373455132Z	63	PC: 12b8d \| Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:26:03.379581677Z	62	PC: 12ba6 \| Close file
2018-12-17T22:26:03.382386975Z	79	PC: 12baa \| Find next file
2018-12-17T22:26:03.385353281Z	61	PC: 12b7a \| Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:26:03.392006924Z	63	PC: 12b8d \| Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:26:03.398844279Z	62	PC: 12ba6 \| Close file
2018-12-17T22:26:03.40182192Z	79	PC: 12baa \| Find next file
2018-12-17T22:26:03.404782128Z	61	PC: 12b7a \| Open file (Filename = 'MANDEL.COM')
2018-12-17T22:26:03.411463134Z	63	PC: 12b8d \| Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:26:03.419021826Z	62	PC: 12ba6 \| Close file
2018-12-17T22:26:03.421043407Z	79	PC: 12baa \| Find next file
2018-12-17T22:26:03.423910144Z	61	PC: 12b7a \| Open file (Filename = 'PAH.COM')
2018-12-17T22:26:03.431196056Z	63	PC: 12b8d \| Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:26:03.438056597Z	62	PC: 12ba6 \| Close file
2018-12-17T22:26:03.440008327Z	79	PC: 12baa \| Find next file
2018-12-17T22:26:03.44358489Z	61	PC: 12b7a \| Open file (Filename = 'TEST.COM')
2018-12-17T22:26:03.450064027Z	63	PC: 12b8d \| Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:26:03.452598543Z	62	PC: 12ba6 \| Close file
2018-12-17T22:26:03.455036778Z	79	PC: 12baa \| Find next file
2018-12-17T22:26:03.457658057Z	59	PC: 12b3c \| Change current directory
2018-12-17T22:26:03.461831678Z	71	PC: 12b47 \| Get current directory
2018-12-17T22:26:03.465626725Z	59	PC: 12b60 \| Change current directory
2018-12-17T22:26:03.467542305Z	42	PC: 12af6 \| Get date 0x12af6: cmp dh, 2 0x12af9: je 0x12afc 0x12afb: ret 0x12afc: cmp dl, 0x1c 0x12aff: je 0x12b02 0x12b01: ret 0x12b02: int 0x21 0x12b04: mov dx, 0x396 0x12b07: add dx, si 0x12b09: mov bl, 5 0x12b0b: push si 0x12b0c: call 0x22abc 0x12b0f: pop si 0x12b10: ret 0x12b11: lea dx, word ptr [si + 0x3b3] 0x12b15: call 0x12b66 0x12b18: mov ah, 0x19 0x12b1a: int 0x21 0x12b1c: push cs 0x12b1d: pop ds
2018-12-17T22:26:03.469824327Z	26	PC: 12c35 \| Set disk transfer address
2018-12-17T22:26:03.474233399Z	76	PC: 12a45 \| Terminate with return code (Return code = '76')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4616,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:52:25.527395835Z	47	PC: 12a94 \| Get disk transfer address
2018-12-25T11:52:25.529220296Z	26	PC: 12aae \| Set disk transfer address
2018-12-25T11:52:25.530331656Z	78	PC: 12b6d \| Find first file
2018-12-25T11:52:25.540010217Z	61	PC: 12b7a \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:52:25.548534071Z	63	PC: 12b8d \| Read file or device (Read 5 bytes on handle 5)
2018-12-25T11:52:25.555430823Z	66	PC: 12c18 \| Move file pointer
2018-12-25T11:52:25.559583956Z	66	PC: 12bda \| Move file pointer
2018-12-25T11:52:25.564499045Z	64	PC: 12be7 \| Write file or device (Write 5 bytes on handle 5)
2018-12-25T11:52:25.570598951Z	66	PC: 12bf9 \| Move file pointer
2018-12-25T11:52:25.572377732Z	64	PC: 12c06 \| Write file or device (Write 749 bytes on handle 5)
2018-12-25T11:52:27.223477292Z	62	PC: 12ba6 \| Close file
2018-12-25T11:52:28.284798191Z	79	PC: 12baa \| Find next file
2018-12-25T11:52:28.287378635Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:28.294090675Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:28.300436634Z	66	PC: 12c18 \| Move file pointer (See above)
2018-12-25T11:52:28.302433187Z	66	PC: 12bda \| Move file pointer (See above)
2018-12-25T11:52:28.303633175Z	64	PC: 12be7 \| Write file or device (See above)
2018-12-25T11:52:28.305762429Z	66	PC: 12bf9 \| Move file pointer (See above)
2018-12-25T11:52:28.30667269Z	64	PC: 12c06 \| Write file or device (See above)
2018-12-25T11:52:29.227562768Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:29.805810066Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:29.808322675Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:29.814457165Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:29.821199514Z	66	PC: 12c18 \| Move file pointer (See above)
2018-12-25T11:52:29.822883833Z	66	PC: 12bda \| Move file pointer (See above)
2018-12-25T11:52:29.824464605Z	64	PC: 12be7 \| Write file or device (See above)
2018-12-25T11:52:29.827998321Z	66	PC: 12bf9 \| Move file pointer (See above)
2018-12-25T11:52:29.829519515Z	64	PC: 12c06 \| Write file or device (See above)
2018-12-25T11:52:29.858796855Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:30.0331221Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:30.035806902Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:30.042649308Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:30.049200562Z	66	PC: 12c18 \| Move file pointer (See above)
2018-12-25T11:52:30.050526742Z	66	PC: 12bda \| Move file pointer (See above)
2018-12-25T11:52:30.051845713Z	64	PC: 12be7 \| Write file or device (See above)
2018-12-25T11:52:30.054802758Z	66	PC: 12bf9 \| Move file pointer (See above)
2018-12-25T11:52:30.056166694Z	64	PC: 12c06 \| Write file or device (See above)
2018-12-25T11:52:30.260301157Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:30.672838257Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:30.675413314Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:30.681642815Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:30.717341307Z	66	PC: 12c18 \| Move file pointer (See above)
2018-12-25T11:52:30.71860586Z	66	PC: 12bda \| Move file pointer (See above)
2018-12-25T11:52:30.719762197Z	64	PC: 12be7 \| Write file or device (See above)
2018-12-25T11:52:30.723007578Z	66	PC: 12bf9 \| Move file pointer (See above)
2018-12-25T11:52:30.724315083Z	64	PC: 12c06 \| Write file or device (See above)
2018-12-25T11:52:30.755805523Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:30.821091855Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:30.823843917Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:30.83009099Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:30.836384585Z	66	PC: 12c18 \| Move file pointer (See above)
2018-12-25T11:52:30.838452108Z	66	PC: 12bda \| Move file pointer (See above)
2018-12-25T11:52:30.839829378Z	64	PC: 12be7 \| Write file or device (See above)
2018-12-25T11:52:30.842334429Z	66	PC: 12bf9 \| Move file pointer (See above)
2018-12-25T11:52:30.844664274Z	64	PC: 12c06 \| Write file or device (See above)
2018-12-25T11:52:30.864269744Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:30.893819175Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:30.896989148Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:30.904180127Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:30.910985838Z	66	PC: 12c18 \| Move file pointer (See above)
2018-12-25T11:52:30.91357205Z	66	PC: 12bda \| Move file pointer (See above)
2018-12-25T11:52:30.915710051Z	64	PC: 12be7 \| Write file or device (See above)
2018-12-25T11:52:30.918659284Z	66	PC: 12bf9 \| Move file pointer (See above)
2018-12-25T11:52:30.921132036Z	64	PC: 12c06 \| Write file or device (See above)
2018-12-25T11:52:31.115603555Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:31.549204044Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:31.552741418Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:31.559604329Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:31.562807988Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:31.564995624Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:31.566829624Z	25	PC: 12b1c \| Get default drive
2018-12-25T11:52:31.568062489Z	71	PC: 12b2b \| Get current directory
2018-12-25T11:52:31.5711778Z	78	PC: 12b6d \| Find first file (See above)
2018-12-25T11:52:31.577328403Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:31.583774056Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:31.590641996Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:31.592497111Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:31.595060467Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:31.601856683Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:31.608067582Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:31.610164033Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:31.613242094Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:31.619497617Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:31.625525462Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:31.627468443Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:31.631121123Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:31.637512469Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:31.644066059Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:31.645752643Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:31.648677618Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:31.65578632Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:31.661901457Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:31.663510623Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:31.66630254Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:31.672548218Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:31.67857514Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:31.680315527Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:31.682987052Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:31.689196252Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:31.696436934Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:31.698202576Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:31.701267039Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:31.70878187Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:31.711629785Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:31.713567095Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:31.716349415Z	59	PC: 12b3c \| Change current directory
2018-12-25T11:52:31.72139108Z	71	PC: 12b47 \| Get current directory
2018-12-25T11:52:31.724379418Z	59	PC: 12b60 \| Change current directory
2018-12-25T11:52:31.72597738Z	42	PC: 12af6 \| Get date 0x12af6: cmp dh, 2 0x12af9: je 0x12afc 0x12afb: ret 0x12afc: cmp dl, 0x1c 0x12aff: je 0x12b02 0x12b01: ret 0x12b02: int 0x21 0x12b04: mov dx, 0x396 0x12b07: add dx, si 0x12b09: mov bl, 5 0x12b0b: push si 0x12b0c: call 0x22abc 0x12b0f: pop si 0x12b10: ret 0x12b11: lea dx, word ptr [si + 0x3b3] 0x12b15: call 0x12b66 0x12b18: mov ah, 0x19 0x12b1a: int 0x21 0x12b1c: push cs 0x12b1d: pop ds
2018-12-25T11:52:31.728601144Z	26	PC: 12c35 \| Set disk transfer address
2018-12-25T11:52:31.729555071Z	76	PC: 12a45 \| Terminate with return code (Return code = '76')

{"DateBased":true,"Day":1,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4616,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:52:25.499448605Z	47	PC: 12a94 \| Get disk transfer address
2018-12-25T11:52:25.500646788Z	26	PC: 12aae \| Set disk transfer address
2018-12-25T11:52:25.501439194Z	78	PC: 12b6d \| Find first file
2018-12-25T11:52:25.506320911Z	61	PC: 12b7a \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:52:25.511032995Z	63	PC: 12b8d \| Read file or device (Read 5 bytes on handle 5)
2018-12-25T11:52:25.515318119Z	66	PC: 12c18 \| Move file pointer
2018-12-25T11:52:25.516188733Z	66	PC: 12bda \| Move file pointer
2018-12-25T11:52:25.517218184Z	64	PC: 12be7 \| Write file or device (Write 5 bytes on handle 5)
2018-12-25T11:52:25.519798143Z	66	PC: 12bf9 \| Move file pointer
2018-12-25T11:52:25.520945769Z	64	PC: 12c06 \| Write file or device (Write 749 bytes on handle 5)
2018-12-25T11:52:26.396849303Z	62	PC: 12ba6 \| Close file
2018-12-25T11:52:26.478127749Z	79	PC: 12baa \| Find next file
2018-12-25T11:52:26.480086335Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:26.484725888Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:26.489157389Z	66	PC: 12c18 \| Move file pointer (See above)
2018-12-25T11:52:26.490132651Z	66	PC: 12bda \| Move file pointer (See above)
2018-12-25T11:52:26.491051112Z	64	PC: 12be7 \| Write file or device (See above)
2018-12-25T11:52:26.493304483Z	66	PC: 12bf9 \| Move file pointer (See above)
2018-12-25T11:52:26.494196409Z	64	PC: 12c06 \| Write file or device (See above)
2018-12-25T11:52:26.546861319Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:26.617046988Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:26.619595405Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:26.626311609Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:26.632886911Z	66	PC: 12c18 \| Move file pointer (See above)
2018-12-25T11:52:26.634402323Z	66	PC: 12bda \| Move file pointer (See above)
2018-12-25T11:52:26.635994201Z	64	PC: 12be7 \| Write file or device (See above)
2018-12-25T11:52:26.639825263Z	66	PC: 12bf9 \| Move file pointer (See above)
2018-12-25T11:52:26.641919838Z	64	PC: 12c06 \| Write file or device (See above)
2018-12-25T11:52:27.438473985Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:28.383768557Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:28.386378842Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:28.392527959Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:28.398670459Z	66	PC: 12c18 \| Move file pointer (See above)
2018-12-25T11:52:28.400238051Z	66	PC: 12bda \| Move file pointer (See above)
2018-12-25T11:52:28.401435113Z	64	PC: 12be7 \| Write file or device (See above)
2018-12-25T11:52:28.403941233Z	66	PC: 12bf9 \| Move file pointer (See above)
2018-12-25T11:52:28.405339135Z	64	PC: 12c06 \| Write file or device (See above)
2018-12-25T11:52:28.488927656Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:29.443348118Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:29.446344607Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:29.452690607Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:29.458997004Z	66	PC: 12c18 \| Move file pointer (See above)
2018-12-25T11:52:29.460678827Z	66	PC: 12bda \| Move file pointer (See above)
2018-12-25T11:52:29.461855987Z	64	PC: 12be7 \| Write file or device (See above)
2018-12-25T11:52:29.464281818Z	66	PC: 12bf9 \| Move file pointer (See above)
2018-12-25T11:52:29.465831651Z	64	PC: 12c06 \| Write file or device (See above)
2018-12-25T11:52:29.616280819Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:29.657477536Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:29.660640792Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:29.666891877Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:29.672970711Z	66	PC: 12c18 \| Move file pointer (See above)
2018-12-25T11:52:29.674838312Z	66	PC: 12bda \| Move file pointer (See above)
2018-12-25T11:52:29.676026534Z	64	PC: 12be7 \| Write file or device (See above)
2018-12-25T11:52:29.678442846Z	66	PC: 12bf9 \| Move file pointer (See above)
2018-12-25T11:52:29.680147992Z	64	PC: 12c06 \| Write file or device (See above)
2018-12-25T11:52:29.712491475Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:29.732776203Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:29.735972553Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:29.7424358Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:29.748811617Z	66	PC: 12c18 \| Move file pointer (See above)
2018-12-25T11:52:29.750976894Z	66	PC: 12bda \| Move file pointer (See above)
2018-12-25T11:52:29.752193278Z	64	PC: 12be7 \| Write file or device (See above)
2018-12-25T11:52:29.754533208Z	66	PC: 12bf9 \| Move file pointer (See above)
2018-12-25T11:52:29.756169858Z	64	PC: 12c06 \| Write file or device (See above)
2018-12-25T11:52:29.800850608Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:29.820504695Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:29.823554607Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:29.829841105Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:29.832242275Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:29.834535207Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:29.836263572Z	25	PC: 12b1c \| Get default drive
2018-12-25T11:52:29.837181742Z	71	PC: 12b2b \| Get current directory
2018-12-25T11:52:29.84057143Z	78	PC: 12b6d \| Find first file (See above)
2018-12-25T11:52:29.846294602Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:29.857018128Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:29.86375148Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:29.865443427Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:29.867943501Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:29.87482876Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:29.880913785Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:29.882727096Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:29.886290214Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:29.892815021Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:29.89928351Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:29.901674901Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:29.90343847Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:29.907661176Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:29.912251905Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:29.913339808Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:29.914980112Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:29.91955443Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:29.923741005Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:29.925356717Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:29.927547148Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:29.931498407Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:29.935407815Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:29.93700636Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:29.939478719Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:29.945565514Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:29.952083409Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:29.953175023Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:29.954777899Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:29.961529665Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:29.96772239Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:29.969312573Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:29.971976805Z	59	PC: 12b3c \| Change current directory
2018-12-25T11:52:29.975744389Z	71	PC: 12b47 \| Get current directory
2018-12-25T11:52:29.978443743Z	59	PC: 12b60 \| Change current directory
2018-12-25T11:52:29.980333812Z	42	PC: 12af6 \| Get date 0x12af6: cmp dh, 2 0x12af9: je 0x12afc 0x12afb: ret 0x12afc: cmp dl, 0x1c 0x12aff: je 0x12b02 0x12b01: ret 0x12b02: int 0x21 0x12b04: mov dx, 0x396 0x12b07: add dx, si 0x12b09: mov bl, 5 0x12b0b: push si 0x12b0c: call 0x22abc 0x12b0f: pop si 0x12b10: ret 0x12b11: lea dx, word ptr [si + 0x3b3] 0x12b15: call 0x12b66 0x12b18: mov ah, 0x19 0x12b1a: int 0x21 0x12b1c: push cs 0x12b1d: pop ds
2018-12-25T11:52:29.98239492Z	26	PC: 12c35 \| Set disk transfer address
2018-12-25T11:52:29.983179929Z	76	PC: 12a45 \| Terminate with return code (Return code = '76')

{"DateBased":true,"Day":28,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4616,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:52:25.926841429Z	47	PC: 12a94 \| Get disk transfer address
2018-12-25T11:52:25.928397208Z	26	PC: 12aae \| Set disk transfer address
2018-12-25T11:52:25.929715785Z	78	PC: 12b6d \| Find first file
2018-12-25T11:52:25.936455545Z	61	PC: 12b7a \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:52:25.944083233Z	63	PC: 12b8d \| Read file or device (Read 5 bytes on handle 5)
2018-12-25T11:52:25.951573453Z	66	PC: 12c18 \| Move file pointer
2018-12-25T11:52:25.952976777Z	66	PC: 12bda \| Move file pointer
2018-12-25T11:52:25.955285457Z	64	PC: 12be7 \| Write file or device (Write 5 bytes on handle 5)
2018-12-25T11:52:25.958187533Z	66	PC: 12bf9 \| Move file pointer
2018-12-25T11:52:25.959553664Z	64	PC: 12c06 \| Write file or device (Write 749 bytes on handle 5)
2018-12-25T11:52:27.061044011Z	62	PC: 12ba6 \| Close file
2018-12-25T11:52:27.657443156Z	79	PC: 12baa \| Find next file
2018-12-25T11:52:27.660307819Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:27.669055587Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:27.676880231Z	66	PC: 12c18 \| Move file pointer (See above)
2018-12-25T11:52:27.678416438Z	66	PC: 12bda \| Move file pointer (See above)
2018-12-25T11:52:27.679978568Z	64	PC: 12be7 \| Write file or device (See above)
2018-12-25T11:52:27.683274631Z	66	PC: 12bf9 \| Move file pointer (See above)
2018-12-25T11:52:27.684285601Z	64	PC: 12c06 \| Write file or device (See above)
2018-12-25T11:52:27.727088296Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:27.808940111Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:27.812083312Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:27.818925452Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:27.826308851Z	66	PC: 12c18 \| Move file pointer (See above)
2018-12-25T11:52:27.828255219Z	66	PC: 12bda \| Move file pointer (See above)
2018-12-25T11:52:27.829849384Z	64	PC: 12be7 \| Write file or device (See above)
2018-12-25T11:52:27.833542262Z	66	PC: 12bf9 \| Move file pointer (See above)
2018-12-25T11:52:27.835055674Z	64	PC: 12c06 \| Write file or device (See above)
2018-12-25T11:52:28.29867556Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:28.39185826Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:28.394928037Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:28.402255959Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:28.409969432Z	66	PC: 12c18 \| Move file pointer (See above)
2018-12-25T11:52:28.411709041Z	66	PC: 12bda \| Move file pointer (See above)
2018-12-25T11:52:28.41329949Z	64	PC: 12be7 \| Write file or device (See above)
2018-12-25T11:52:28.41624958Z	66	PC: 12bf9 \| Move file pointer (See above)
2018-12-25T11:52:28.417974653Z	64	PC: 12c06 \| Write file or device (See above)
2018-12-25T11:52:28.447815937Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:28.643162977Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:28.647919024Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:28.65512567Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:28.66191513Z	66	PC: 12c18 \| Move file pointer (See above)
2018-12-25T11:52:28.663739366Z	66	PC: 12bda \| Move file pointer (See above)
2018-12-25T11:52:28.66525427Z	64	PC: 12be7 \| Write file or device (See above)
2018-12-25T11:52:28.668084151Z	66	PC: 12bf9 \| Move file pointer (See above)
2018-12-25T11:52:28.669878255Z	64	PC: 12c06 \| Write file or device (See above)
2018-12-25T11:52:28.762285345Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:28.903792362Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:28.907209523Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:28.914353253Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:28.92127471Z	66	PC: 12c18 \| Move file pointer (See above)
2018-12-25T11:52:28.9236227Z	66	PC: 12bda \| Move file pointer (See above)
2018-12-25T11:52:28.92508586Z	64	PC: 12be7 \| Write file or device (See above)
2018-12-25T11:52:28.929182937Z	66	PC: 12bf9 \| Move file pointer (See above)
2018-12-25T11:52:28.931237947Z	64	PC: 12c06 \| Write file or device (See above)
2018-12-25T11:52:29.156088303Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:29.165394365Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:29.169721895Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:29.178716084Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:29.186401999Z	66	PC: 12c18 \| Move file pointer (See above)
2018-12-25T11:52:29.189358186Z	66	PC: 12bda \| Move file pointer (See above)
2018-12-25T11:52:29.192776541Z	64	PC: 12be7 \| Write file or device (See above)
2018-12-25T11:52:29.196781535Z	66	PC: 12bf9 \| Move file pointer (See above)
2018-12-25T11:52:29.200537794Z	64	PC: 12c06 \| Write file or device (See above)
2018-12-25T11:52:29.213648651Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:29.222885607Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:29.226323738Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:29.23585336Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:29.239512041Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:29.241758786Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:29.245177167Z	25	PC: 12b1c \| Get default drive
2018-12-25T11:52:29.246529853Z	71	PC: 12b2b \| Get current directory
2018-12-25T11:52:29.249827107Z	78	PC: 12b6d \| Find first file (See above)
2018-12-25T11:52:29.256995766Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:29.272384801Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:29.280544243Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:29.282897233Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:29.286253982Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:29.29363977Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:29.300818931Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:29.303950093Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:29.306894256Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:29.314052289Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:29.321616859Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:29.323440201Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:29.326452582Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:29.334472865Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:29.342428959Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:29.344472328Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:29.348129333Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:29.355881277Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:29.362928251Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:29.365240781Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:29.36876085Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:29.376172951Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:29.383345999Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:29.385836364Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:29.388642959Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:29.395670317Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:29.403412965Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:29.405751603Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:29.408778745Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:29.416462741Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:29.423622662Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:29.425900751Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:29.429889386Z	59	PC: 12b3c \| Change current directory
2018-12-25T11:52:29.434686576Z	71	PC: 12b47 \| Get current directory
2018-12-25T11:52:29.438127282Z	59	PC: 12b60 \| Change current directory
2018-12-25T11:52:29.441153393Z	42	PC: 12af6 \| Get date 0x12af6: cmp dh, 2 0x12af9: je 0x12afc 0x12afb: ret 0x12afc: cmp dl, 0x1c 0x12aff: je 0x12b02 0x12b01: ret 0x12b02: int 0x21 0x12b04: mov dx, 0x396 0x12b07: add dx, si 0x12b09: mov bl, 5 0x12b0b: push si 0x12b0c: call 0x22abc 0x12b0f: pop si 0x12b10: ret 0x12b11: lea dx, word ptr [si + 0x3b3] 0x12b15: call 0x12b66 0x12b18: mov ah, 0x19 0x12b1a: int 0x21 0x12b1c: push cs 0x12b1d: pop ds
2018-12-25T11:52:29.443977449Z	42	PC: 12b04 \| Get date 0x12b04: mov dx, 0x396 0x12b07: add dx, si 0x12b09: mov bl, 5 0x12b0b: push si 0x12b0c: call 0x22abc 0x12b0f: pop si 0x12b10: ret 0x12b11: lea dx, word ptr [si + 0x3b3] 0x12b15: call 0x12b66 0x12b18: mov ah, 0x19 0x12b1a: int 0x21 0x12b1c: push cs 0x12b1d: pop ds 0x12b1e: add al, 1 0x12b20: push si 0x12b21: mov ah, 0x47 0x12b23: mov dl, al 0x12b25: add si, 0x3dc 0x12b29: int 0x21 0x12b2b: pop si
2018-12-25T11:52:29.447612403Z	9	PC: 12af1 \| Display string (String= ' ')
2018-12-25T11:52:29.462863818Z	26	PC: 12c35 \| Set disk transfer address
2018-12-25T11:52:29.464472757Z	76	PC: 12a45 \| Terminate with return code (Return code = '76')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4616,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:52:26.044373439Z	47	PC: 12a94 \| Get disk transfer address
2018-12-25T11:52:26.045544321Z	26	PC: 12aae \| Set disk transfer address
2018-12-25T11:52:26.046333118Z	78	PC: 12b6d \| Find first file
2018-12-25T11:52:26.050321304Z	61	PC: 12b7a \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:52:26.05465364Z	63	PC: 12b8d \| Read file or device (Read 5 bytes on handle 5)
2018-12-25T11:52:26.058781243Z	66	PC: 12c18 \| Move file pointer
2018-12-25T11:52:26.059702547Z	66	PC: 12bda \| Move file pointer
2018-12-25T11:52:26.060889467Z	64	PC: 12be7 \| Write file or device (Write 5 bytes on handle 5)
2018-12-25T11:52:26.062685269Z	66	PC: 12bf9 \| Move file pointer
2018-12-25T11:52:26.063599899Z	64	PC: 12c06 \| Write file or device (Write 749 bytes on handle 5)
2018-12-25T11:52:27.224067523Z	62	PC: 12ba6 \| Close file
2018-12-25T11:52:28.284899255Z	79	PC: 12baa \| Find next file
2018-12-25T11:52:28.287565029Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:28.293876672Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:28.300744432Z	66	PC: 12c18 \| Move file pointer (See above)
2018-12-25T11:52:28.301977724Z	66	PC: 12bda \| Move file pointer (See above)
2018-12-25T11:52:28.303231792Z	64	PC: 12be7 \| Write file or device (See above)
2018-12-25T11:52:28.306191904Z	66	PC: 12bf9 \| Move file pointer (See above)
2018-12-25T11:52:28.307401903Z	64	PC: 12c06 \| Write file or device (See above)
2018-12-25T11:52:28.629866028Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:28.687367768Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:28.690140454Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:28.696580715Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:28.703552876Z	66	PC: 12c18 \| Move file pointer (See above)
2018-12-25T11:52:28.704836232Z	66	PC: 12bda \| Move file pointer (See above)
2018-12-25T11:52:28.706085541Z	64	PC: 12be7 \| Write file or device (See above)
2018-12-25T11:52:28.708936174Z	66	PC: 12bf9 \| Move file pointer (See above)
2018-12-25T11:52:28.710203905Z	64	PC: 12c06 \| Write file or device (See above)
2018-12-25T11:52:28.727208383Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:28.754955741Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:28.757591161Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:28.764070113Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:28.770627067Z	66	PC: 12c18 \| Move file pointer (See above)
2018-12-25T11:52:28.771946301Z	66	PC: 12bda \| Move file pointer (See above)
2018-12-25T11:52:28.773204676Z	64	PC: 12be7 \| Write file or device (See above)
2018-12-25T11:52:28.776233062Z	66	PC: 12bf9 \| Move file pointer (See above)
2018-12-25T11:52:28.777620088Z	64	PC: 12c06 \| Write file or device (See above)
2018-12-25T11:52:28.810592685Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:28.867502859Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:28.870690333Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:28.877477537Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:28.884248639Z	66	PC: 12c18 \| Move file pointer (See above)
2018-12-25T11:52:28.885602282Z	66	PC: 12bda \| Move file pointer (See above)
2018-12-25T11:52:28.886830255Z	64	PC: 12be7 \| Write file or device (See above)
2018-12-25T11:52:28.889831102Z	66	PC: 12bf9 \| Move file pointer (See above)
2018-12-25T11:52:28.891194756Z	64	PC: 12c06 \| Write file or device (See above)
2018-12-25T11:52:28.953023598Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:28.985624025Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:28.988141878Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:28.994423437Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:28.998876443Z	66	PC: 12c18 \| Move file pointer (See above)
2018-12-25T11:52:29.000243422Z	66	PC: 12bda \| Move file pointer (See above)
2018-12-25T11:52:29.001435437Z	64	PC: 12be7 \| Write file or device (See above)
2018-12-25T11:52:29.004401796Z	66	PC: 12bf9 \| Move file pointer (See above)
2018-12-25T11:52:29.005592118Z	64	PC: 12c06 \| Write file or device (See above)
2018-12-25T11:52:29.090438421Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:29.19838575Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:29.201120361Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:29.20746807Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:29.214562978Z	66	PC: 12c18 \| Move file pointer (See above)
2018-12-25T11:52:29.216003434Z	66	PC: 12bda \| Move file pointer (See above)
2018-12-25T11:52:29.217768942Z	64	PC: 12be7 \| Write file or device (See above)
2018-12-25T11:52:29.221360692Z	66	PC: 12bf9 \| Move file pointer (See above)
2018-12-25T11:52:29.222757624Z	64	PC: 12c06 \| Write file or device (See above)
2018-12-25T11:52:29.638062847Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:29.682525226Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:29.68502499Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:29.691279831Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:29.69838074Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:29.700027909Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:29.702210944Z	25	PC: 12b1c \| Get default drive
2018-12-25T11:52:29.703687474Z	71	PC: 12b2b \| Get current directory
2018-12-25T11:52:29.706340386Z	78	PC: 12b6d \| Find first file (See above)
2018-12-25T11:52:29.712336512Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:29.724198062Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:29.730920637Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:29.732499091Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:29.736225382Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:29.742506133Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:29.748535386Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:29.750494307Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:29.753015692Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:29.759183583Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:29.765488999Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:29.767134283Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:29.769600859Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:29.776158882Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:29.782175987Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:29.783743964Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:29.786651986Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:29.793876439Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:29.800389187Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:29.803345795Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:29.806011398Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:29.81220763Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:29.818747444Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:29.820554512Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:29.823258757Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:29.829917473Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:29.836010177Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:29.837574224Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:29.840670207Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:29.844918066Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:29.84976538Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:29.851236665Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:29.852757237Z	59	PC: 12b3c \| Change current directory
2018-12-25T11:52:29.856008965Z	71	PC: 12b47 \| Get current directory
2018-12-25T11:52:29.85845739Z	59	PC: 12b60 \| Change current directory
2018-12-25T11:52:29.859648137Z	42	PC: 12af6 \| Get date 0x12af6: cmp dh, 2 0x12af9: je 0x12afc 0x12afb: ret 0x12afc: cmp dl, 0x1c 0x12aff: je 0x12b02 0x12b01: ret 0x12b02: int 0x21 0x12b04: mov dx, 0x396 0x12b07: add dx, si 0x12b09: mov bl, 5 0x12b0b: push si 0x12b0c: call 0x22abc 0x12b0f: pop si 0x12b10: ret 0x12b11: lea dx, word ptr [si + 0x3b3] 0x12b15: call 0x12b66 0x12b18: mov ah, 0x19 0x12b1a: int 0x21 0x12b1c: push cs 0x12b1d: pop ds
2018-12-25T11:52:29.860961638Z	26	PC: 12c35 \| Set disk transfer address
2018-12-25T11:52:29.862069247Z	76	PC: 12a45 \| Terminate with return code (Return code = '76')

{"DateBased":true,"Day":1,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4616,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:52:26.173621238Z	47	PC: 12a94 \| Get disk transfer address
2018-12-25T11:52:26.175149223Z	26	PC: 12aae \| Set disk transfer address
2018-12-25T11:52:26.176190745Z	78	PC: 12b6d \| Find first file
2018-12-25T11:52:26.182056758Z	61	PC: 12b7a \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:52:26.187361298Z	63	PC: 12b8d \| Read file or device (Read 5 bytes on handle 5)
2018-12-25T11:52:26.191295935Z	66	PC: 12c18 \| Move file pointer
2018-12-25T11:52:26.192353087Z	66	PC: 12bda \| Move file pointer
2018-12-25T11:52:26.193443792Z	64	PC: 12be7 \| Write file or device (Write 5 bytes on handle 5)
2018-12-25T11:52:26.196195244Z	66	PC: 12bf9 \| Move file pointer
2018-12-25T11:52:26.197347001Z	64	PC: 12c06 \| Write file or device (Write 749 bytes on handle 5)
2018-12-25T11:52:27.224948282Z	62	PC: 12ba6 \| Close file
2018-12-25T11:52:28.060582624Z	79	PC: 12baa \| Find next file
2018-12-25T11:52:28.063231344Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:28.069542552Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:28.076844379Z	66	PC: 12c18 \| Move file pointer (See above)
2018-12-25T11:52:28.078205495Z	66	PC: 12bda \| Move file pointer (See above)
2018-12-25T11:52:28.07954382Z	64	PC: 12be7 \| Write file or device (See above)
2018-12-25T11:52:28.083129897Z	66	PC: 12bf9 \| Move file pointer (See above)
2018-12-25T11:52:28.08435592Z	64	PC: 12c06 \| Write file or device (See above)
2018-12-25T11:52:28.620612756Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:28.656622024Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:28.660127138Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:28.666437749Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:28.672979577Z	66	PC: 12c18 \| Move file pointer (See above)
2018-12-25T11:52:28.674364589Z	66	PC: 12bda \| Move file pointer (See above)
2018-12-25T11:52:28.675871089Z	64	PC: 12be7 \| Write file or device (See above)
2018-12-25T11:52:28.679094748Z	66	PC: 12bf9 \| Move file pointer (See above)
2018-12-25T11:52:28.680466882Z	64	PC: 12c06 \| Write file or device (See above)
2018-12-25T11:52:28.810503468Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:28.836043094Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:28.838756565Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:28.845166074Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:28.851292098Z	66	PC: 12c18 \| Move file pointer (See above)
2018-12-25T11:52:28.855915158Z	66	PC: 12bda \| Move file pointer (See above)
2018-12-25T11:52:28.85727695Z	64	PC: 12be7 \| Write file or device (See above)
2018-12-25T11:52:28.859812998Z	66	PC: 12bf9 \| Move file pointer (See above)
2018-12-25T11:52:28.862271187Z	64	PC: 12c06 \| Write file or device (See above)
2018-12-25T11:52:28.887171252Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:28.922418125Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:28.925604533Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:28.932545868Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:28.938506892Z	66	PC: 12c18 \| Move file pointer (See above)
2018-12-25T11:52:28.940345632Z	66	PC: 12bda \| Move file pointer (See above)
2018-12-25T11:52:28.941561209Z	64	PC: 12be7 \| Write file or device (See above)
2018-12-25T11:52:28.94394795Z	66	PC: 12bf9 \| Move file pointer (See above)
2018-12-25T11:52:28.945464801Z	64	PC: 12c06 \| Write file or device (See above)
2018-12-25T11:52:28.980046051Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:29.000332317Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:29.003428863Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:29.010409113Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:29.016457528Z	66	PC: 12c18 \| Move file pointer (See above)
2018-12-25T11:52:29.018156682Z	66	PC: 12bda \| Move file pointer (See above)
2018-12-25T11:52:29.019182593Z	64	PC: 12be7 \| Write file or device (See above)
2018-12-25T11:52:29.020993833Z	66	PC: 12bf9 \| Move file pointer (See above)
2018-12-25T11:52:29.0225365Z	64	PC: 12c06 \| Write file or device (See above)
2018-12-25T11:52:29.043670005Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:29.063918931Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:29.067069993Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:29.073539721Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:29.079632811Z	66	PC: 12c18 \| Move file pointer (See above)
2018-12-25T11:52:29.081448133Z	66	PC: 12bda \| Move file pointer (See above)
2018-12-25T11:52:29.082795127Z	64	PC: 12be7 \| Write file or device (See above)
2018-12-25T11:52:29.085253594Z	66	PC: 12bf9 \| Move file pointer (See above)
2018-12-25T11:52:29.086899066Z	64	PC: 12c06 \| Write file or device (See above)
2018-12-25T11:52:29.12034337Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:29.167074116Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:29.16975498Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:29.175117273Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:29.177404158Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:29.179614474Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:29.181591242Z	25	PC: 12b1c \| Get default drive
2018-12-25T11:52:29.182644879Z	71	PC: 12b2b \| Get current directory
2018-12-25T11:52:29.186138551Z	78	PC: 12b6d \| Find first file (See above)
2018-12-25T11:52:29.191943141Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:29.198639598Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:29.20554087Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:29.207333297Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:29.210035345Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:29.222366369Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:29.22850453Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:29.230214142Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:29.234051609Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:29.240431455Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:29.246550428Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:29.248685095Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:29.251280579Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:29.257532404Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:29.263999354Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:29.265817209Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:29.268596736Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:29.275340797Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:29.281743088Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:29.28333404Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:29.286520428Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:29.293061686Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:29.299483395Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:29.301393249Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:29.303838325Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:29.309889009Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:29.316187882Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:29.317750228Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:29.320155047Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:29.326659647Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:29.33254575Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:29.334044837Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:29.336564852Z	59	PC: 12b3c \| Change current directory
2018-12-25T11:52:29.340389671Z	71	PC: 12b47 \| Get current directory
2018-12-25T11:52:29.342998191Z	59	PC: 12b60 \| Change current directory
2018-12-25T11:52:29.34565613Z	42	PC: 12af6 \| Get date 0x12af6: cmp dh, 2 0x12af9: je 0x12afc 0x12afb: ret 0x12afc: cmp dl, 0x1c 0x12aff: je 0x12b02 0x12b01: ret 0x12b02: int 0x21 0x12b04: mov dx, 0x396 0x12b07: add dx, si 0x12b09: mov bl, 5 0x12b0b: push si 0x12b0c: call 0x22abc 0x12b0f: pop si 0x12b10: ret 0x12b11: lea dx, word ptr [si + 0x3b3] 0x12b15: call 0x12b66 0x12b18: mov ah, 0x19 0x12b1a: int 0x21 0x12b1c: push cs 0x12b1d: pop ds
2018-12-25T11:52:29.347644066Z	26	PC: 12c35 \| Set disk transfer address
2018-12-25T11:52:29.348548635Z	76	PC: 12a45 \| Terminate with return code (Return code = '76')

{"DateBased":true,"Day":28,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4616,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:52:26.171066282Z	47	PC: 12a94 \| Get disk transfer address
2018-12-25T11:52:26.172688745Z	26	PC: 12aae \| Set disk transfer address
2018-12-25T11:52:26.173714935Z	78	PC: 12b6d \| Find first file
2018-12-25T11:52:26.181147199Z	61	PC: 12b7a \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:52:26.189957298Z	63	PC: 12b8d \| Read file or device (Read 5 bytes on handle 5)
2018-12-25T11:52:26.196112666Z	66	PC: 12c18 \| Move file pointer
2018-12-25T11:52:26.197487429Z	66	PC: 12bda \| Move file pointer
2018-12-25T11:52:26.199336547Z	64	PC: 12be7 \| Write file or device (Write 5 bytes on handle 5)
2018-12-25T11:52:26.201854266Z	66	PC: 12bf9 \| Move file pointer
2018-12-25T11:52:26.203548669Z	64	PC: 12c06 \| Write file or device (Write 749 bytes on handle 5)
2018-12-25T11:52:27.22569817Z	62	PC: 12ba6 \| Close file
2018-12-25T11:52:28.060464212Z	79	PC: 12baa \| Find next file
2018-12-25T11:52:28.063025911Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:28.069627511Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:28.086838948Z	66	PC: 12c18 \| Move file pointer (See above)
2018-12-25T11:52:28.088103932Z	66	PC: 12bda \| Move file pointer (See above)
2018-12-25T11:52:28.089794154Z	64	PC: 12be7 \| Write file or device (See above)
2018-12-25T11:52:28.092216446Z	66	PC: 12bf9 \| Move file pointer (See above)
2018-12-25T11:52:28.093389871Z	64	PC: 12c06 \| Write file or device (See above)
2018-12-25T11:52:28.620320854Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:28.646091033Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:28.648585052Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:28.654853708Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:28.661149071Z	66	PC: 12c18 \| Move file pointer (See above)
2018-12-25T11:52:28.662496195Z	66	PC: 12bda \| Move file pointer (See above)
2018-12-25T11:52:28.663784854Z	64	PC: 12be7 \| Write file or device (See above)
2018-12-25T11:52:28.666709948Z	66	PC: 12bf9 \| Move file pointer (See above)
2018-12-25T11:52:28.668036729Z	64	PC: 12c06 \| Write file or device (See above)
2018-12-25T11:52:28.681803164Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:28.707028489Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:28.709725229Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:28.716193554Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:28.723437587Z	66	PC: 12c18 \| Move file pointer (See above)
2018-12-25T11:52:28.724725723Z	66	PC: 12bda \| Move file pointer (See above)
2018-12-25T11:52:28.725915113Z	64	PC: 12be7 \| Write file or device (See above)
2018-12-25T11:52:28.728972769Z	66	PC: 12bf9 \| Move file pointer (See above)
2018-12-25T11:52:28.730179379Z	64	PC: 12c06 \| Write file or device (See above)
2018-12-25T11:52:28.774864292Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:28.897310642Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:28.899900771Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:28.906181489Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:28.912654564Z	66	PC: 12c18 \| Move file pointer (See above)
2018-12-25T11:52:28.913897147Z	66	PC: 12bda \| Move file pointer (See above)
2018-12-25T11:52:28.915086113Z	64	PC: 12be7 \| Write file or device (See above)
2018-12-25T11:52:28.91795143Z	66	PC: 12bf9 \| Move file pointer (See above)
2018-12-25T11:52:28.919147814Z	64	PC: 12c06 \| Write file or device (See above)
2018-12-25T11:52:28.938085571Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:29.198605264Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:29.203903003Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:29.210254495Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:29.217598248Z	66	PC: 12c18 \| Move file pointer (See above)
2018-12-25T11:52:29.218903056Z	66	PC: 12bda \| Move file pointer (See above)
2018-12-25T11:52:29.220387317Z	64	PC: 12be7 \| Write file or device (See above)
2018-12-25T11:52:29.223733429Z	66	PC: 12bf9 \| Move file pointer (See above)
2018-12-25T11:52:29.225010503Z	64	PC: 12c06 \| Write file or device (See above)
2018-12-25T11:52:29.686783516Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:29.718156411Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:29.720731621Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:29.725049843Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:29.729475318Z	66	PC: 12c18 \| Move file pointer (See above)
2018-12-25T11:52:29.73088116Z	66	PC: 12bda \| Move file pointer (See above)
2018-12-25T11:52:29.732014372Z	64	PC: 12be7 \| Write file or device (See above)
2018-12-25T11:52:29.735171085Z	66	PC: 12bf9 \| Move file pointer (See above)
2018-12-25T11:52:29.736901456Z	64	PC: 12c06 \| Write file or device (See above)
2018-12-25T11:52:29.751533747Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:29.777106158Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:29.779579011Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:29.785623292Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:29.788794804Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:29.790382515Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:29.792548149Z	25	PC: 12b1c \| Get default drive
2018-12-25T11:52:29.794332728Z	71	PC: 12b2b \| Get current directory
2018-12-25T11:52:29.797058198Z	78	PC: 12b6d \| Find first file (See above)
2018-12-25T11:52:29.802485585Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:29.808640118Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:29.814635218Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:29.816129048Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:29.818826928Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:29.830049933Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:29.83659407Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:29.838480916Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:29.842175011Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:29.848288851Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:29.854257533Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:29.856294246Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:29.858653073Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:29.864766018Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:29.870896359Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:29.87250682Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:29.875077913Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:29.881581822Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:29.885923655Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:29.88712379Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:29.88952123Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:29.895677039Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:29.901798859Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:29.903501304Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:29.905157516Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:29.910744606Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:29.916949115Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:29.918610495Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:29.921036535Z	61	PC: 12b7a \| Open file (See above)
2018-12-25T11:52:29.927387261Z	63	PC: 12b8d \| Read file or device (See above)
2018-12-25T11:52:29.93363728Z	62	PC: 12ba6 \| Close file (See above)
2018-12-25T11:52:29.935333641Z	79	PC: 12baa \| Find next file (See above)
2018-12-25T11:52:29.937864665Z	59	PC: 12b3c \| Change current directory
2018-12-25T11:52:29.941680674Z	71	PC: 12b47 \| Get current directory
2018-12-25T11:52:29.944173314Z	59	PC: 12b60 \| Change current directory
2018-12-25T11:52:29.945839597Z	42	PC: 12af6 \| Get date 0x12af6: cmp dh, 2 0x12af9: je 0x12afc 0x12afb: ret 0x12afc: cmp dl, 0x1c 0x12aff: je 0x12b02 0x12b01: ret 0x12b02: int 0x21 0x12b04: mov dx, 0x396 0x12b07: add dx, si 0x12b09: mov bl, 5 0x12b0b: push si 0x12b0c: call 0x22abc 0x12b0f: pop si 0x12b10: ret 0x12b11: lea dx, word ptr [si + 0x3b3] 0x12b15: call 0x12b66 0x12b18: mov ah, 0x19 0x12b1a: int 0x21 0x12b1c: push cs 0x12b1d: pop ds
2018-12-25T11:52:29.947772138Z	42	PC: 12b04 \| Get date 0x12b04: mov dx, 0x396 0x12b07: add dx, si 0x12b09: mov bl, 5 0x12b0b: push si 0x12b0c: call 0x22abc 0x12b0f: pop si 0x12b10: ret 0x12b11: lea dx, word ptr [si + 0x3b3] 0x12b15: call 0x12b66 0x12b18: mov ah, 0x19 0x12b1a: int 0x21 0x12b1c: push cs 0x12b1d: pop ds 0x12b1e: add al, 1 0x12b20: push si 0x12b21: mov ah, 0x47 0x12b23: mov dl, al 0x12b25: add si, 0x3dc 0x12b29: int 0x21 0x12b2b: pop si
2018-12-25T11:52:29.950529578Z	9	PC: 12af1 \| Display string (String= ' ')
2018-12-25T11:52:29.954259559Z	26	PC: 12c35 \| Set disk transfer address
2018-12-25T11:52:29.955086017Z	76	PC: 12a45 \| Terminate with return code (Return code = '76')