Sample viewer

vx.netlux.org/Virus.DOS.Hider.2143

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:45:17.347333191Z	26	PC: 133fa \| Set disk transfer address
2018-12-17T22:45:17.348871634Z	71	PC: 13408 \| Get current directory
2018-12-17T22:45:17.350863713Z	78	PC: 138ff \| Find first file
2018-12-17T22:45:17.356572958Z	78	PC: 138ff \| Find first file
2018-12-17T22:45:17.362853098Z	78	PC: 138ff \| Find first file
2018-12-17T22:45:17.368324409Z	78	PC: 13423 \| Find first file
2018-12-17T22:45:17.378690171Z	67	PC: 138b2 \| Get or set file attributes
2018-12-17T22:45:17.38917371Z	67	PC: 138be \| Get or set file attributes
2018-12-17T22:45:17.422887593Z	61	PC: 13726 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:45:17.429586328Z	66	PC: 13730 \| Move file pointer
2018-12-17T22:45:17.43156651Z	66	PC: 13766 \| Move file pointer
2018-12-17T22:45:17.433523397Z	63	PC: 13773 \| Read file or device (Read 2 bytes on handle 5)
2018-12-17T22:45:17.439882947Z	87	PC: 138d2 \| Get or set file date and time
2018-12-17T22:45:17.441952329Z	66	PC: 13710 \| Move file pointer
2018-12-17T22:45:17.443252144Z	63	PC: 1371a \| Read file or device (Read 256 bytes on handle 5)
2018-12-17T22:45:17.445558582Z	66	PC: 13456 \| Move file pointer
2018-12-17T22:45:17.447116179Z	63	PC: 13460 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:45:17.449921069Z	66	PC: 13469 \| Move file pointer
2018-12-17T22:45:17.451207937Z	64	PC: 13479 \| Write file or device (Write 1 bytes on handle 5)
2018-12-17T22:45:17.462065227Z	64	PC: 13484 \| Write file or device (Write 2 bytes on handle 5)
2018-12-17T22:45:17.465087197Z	66	PC: 13498 \| Move file pointer
2018-12-17T22:45:17.466551856Z	64	PC: 134ac \| Write file or device (Write 2141 bytes on handle 5)
2018-12-17T22:45:17.475064294Z	64	PC: 13934 \| Write file or device (Write 2 bytes on handle 5)
2018-12-17T22:45:17.477902989Z	87	PC: 138ec \| Get or set file date and time
2018-12-17T22:45:17.479583903Z	62	PC: 134b6 \| Close file
2018-12-17T22:45:17.487231145Z	67	PC: 138cc \| Get or set file attributes
2018-12-17T22:45:17.497559909Z	79	PC: 13423 \| Find next file
2018-12-17T22:45:17.500150448Z	67	PC: 138b2 \| Get or set file attributes
2018-12-17T22:45:17.505634273Z	67	PC: 138be \| Get or set file attributes
2018-12-17T22:45:17.515712042Z	61	PC: 13726 \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:45:17.522169657Z	66	PC: 13730 \| Move file pointer
2018-12-17T22:45:17.523426186Z	62	PC: 13783 \| Close file
2018-12-17T22:45:17.525512667Z	67	PC: 138cc \| Get or set file attributes
2018-12-17T22:45:17.535002541Z	79	PC: 13423 \| Find next file
2018-12-17T22:45:17.537734803Z	67	PC: 138b2 \| Get or set file attributes
2018-12-17T22:45:17.548388941Z	67	PC: 138be \| Get or set file attributes
2018-12-17T22:45:17.560817974Z	61	PC: 13726 \| Open file (Filename = 'HELLO.COM')
2018-12-17T22:45:17.567264559Z	66	PC: 13730 \| Move file pointer
2018-12-17T22:45:17.5696263Z	62	PC: 13783 \| Close file
2018-12-17T22:45:17.571254245Z	67	PC: 138cc \| Get or set file attributes
2018-12-17T22:45:17.580694202Z	79	PC: 13423 \| Find next file
2018-12-17T22:45:17.583809582Z	67	PC: 138b2 \| Get or set file attributes
2018-12-17T22:45:17.589345313Z	67	PC: 138be \| Get or set file attributes
2018-12-17T22:45:17.601478363Z	61	PC: 13726 \| Open file (Filename = 'PHANG.COM')
2018-12-17T22:45:17.613291399Z	66	PC: 13730 \| Move file pointer
2018-12-17T22:45:17.614686394Z	62	PC: 13783 \| Close file
2018-12-17T22:45:17.617059185Z	67	PC: 138cc \| Get or set file attributes
2018-12-17T22:45:17.627554651Z	79	PC: 13423 \| Find next file
2018-12-17T22:45:17.630102818Z	67	PC: 138b2 \| Get or set file attributes
2018-12-17T22:45:17.635771946Z	67	PC: 138be \| Get or set file attributes
2018-12-17T22:45:17.646308037Z	61	PC: 13726 \| Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:45:17.653062723Z	66	PC: 13730 \| Move file pointer
2018-12-17T22:45:17.65453704Z	62	PC: 13783 \| Close file
2018-12-17T22:45:17.657196715Z	67	PC: 138cc \| Get or set file attributes
2018-12-17T22:45:17.666626803Z	79	PC: 13423 \| Find next file
2018-12-17T22:45:17.66933995Z	67	PC: 138b2 \| Get or set file attributes
2018-12-17T22:45:17.680165456Z	67	PC: 138be \| Get or set file attributes
2018-12-17T22:45:17.690270395Z	61	PC: 13726 \| Open file (Filename = 'MANDEL.COM')
2018-12-17T22:45:17.697008245Z	66	PC: 13730 \| Move file pointer
2018-12-17T22:45:17.698443373Z	66	PC: 13766 \| Move file pointer
2018-12-17T22:45:17.700764133Z	63	PC: 13773 \| Read file or device (Read 2 bytes on handle 5)
2018-12-17T22:45:17.707363033Z	87	PC: 138d2 \| Get or set file date and time
2018-12-17T22:45:17.708888992Z	66	PC: 13710 \| Move file pointer
2018-12-17T22:45:17.711155149Z	63	PC: 1371a \| Read file or device (Read 256 bytes on handle 5)
2018-12-17T22:45:17.713506743Z	66	PC: 13456 \| Move file pointer
2018-12-17T22:45:17.71480017Z	63	PC: 13460 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:45:17.717931371Z	66	PC: 13469 \| Move file pointer
2018-12-17T22:45:17.719254343Z	64	PC: 13479 \| Write file or device (Write 1 bytes on handle 5)
2018-12-17T22:45:17.721756986Z	64	PC: 13484 \| Write file or device (Write 2 bytes on handle 5)
2018-12-17T22:45:17.725034183Z	66	PC: 13498 \| Move file pointer
2018-12-17T22:45:17.726457755Z	64	PC: 134ac \| Write file or device (Write 2141 bytes on handle 5)
2018-12-17T22:45:17.734789233Z	64	PC: 13934 \| Write file or device (Write 2 bytes on handle 5)
2018-12-17T22:45:17.737954048Z	87	PC: 138ec \| Get or set file date and time
2018-12-17T22:45:17.739738182Z	62	PC: 134b6 \| Close file
2018-12-17T22:45:17.747232636Z	67	PC: 138cc \| Get or set file attributes
2018-12-17T22:45:17.757570671Z	79	PC: 13423 \| Find next file
2018-12-17T22:45:17.760292579Z	67	PC: 138b2 \| Get or set file attributes
2018-12-17T22:45:17.765992071Z	67	PC: 138be \| Get or set file attributes
2018-12-17T22:45:17.776125155Z	61	PC: 13726 \| Open file (Filename = 'PAH.COM')
2018-12-17T22:45:17.782389751Z	66	PC: 13730 \| Move file pointer
2018-12-17T22:45:17.783649829Z	62	PC: 13783 \| Close file
2018-12-17T22:45:17.786738964Z	67	PC: 138cc \| Get or set file attributes
2018-12-17T22:45:17.796536153Z	79	PC: 13423 \| Find next file
2018-12-17T22:45:17.799370185Z	67	PC: 138b2 \| Get or set file attributes
2018-12-17T22:45:17.811011318Z	67	PC: 138be \| Get or set file attributes
2018-12-17T22:45:17.823563129Z	61	PC: 13726 \| Open file (Filename = 'TEST.COM')
2018-12-17T22:45:17.829973327Z	66	PC: 13730 \| Move file pointer
2018-12-17T22:45:17.832309132Z	66	PC: 13766 \| Move file pointer
2018-12-17T22:45:17.833669232Z	63	PC: 13773 \| Read file or device (Read 2 bytes on handle 5)
2018-12-17T22:45:17.840179746Z	62	PC: 13783 \| Close file
2018-12-17T22:45:17.842457557Z	67	PC: 138cc \| Get or set file attributes
2018-12-17T22:45:17.852158955Z	79	PC: 13423 \| Find next file
2018-12-17T22:45:17.854457955Z	78	PC: 134db \| Find first file
2018-12-17T22:45:17.861236276Z	59	PC: 137db \| Change current directory
2018-12-17T22:45:17.865461224Z	78	PC: 138ff \| Find first file
2018-12-17T22:45:17.876191446Z	78	PC: 138ff \| Find first file
2018-12-17T22:45:17.884159399Z	78	PC: 138ff \| Find first file
2018-12-17T22:45:17.890142199Z	78	PC: 13423 \| Find first file
2018-12-17T22:45:17.896192431Z	67	PC: 138b2 \| Get or set file attributes
2018-12-17T22:45:17.90302028Z	67	PC: 138be \| Get or set file attributes
2018-12-17T22:45:17.912728734Z	61	PC: 13726 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:45:17.919756914Z	66	PC: 13730 \| Move file pointer
2018-12-17T22:45:17.922718664Z	66	PC: 13766 \| Move file pointer
2018-12-17T22:45:17.924339008Z	63	PC: 13773 \| Read file or device (Read 2 bytes on handle 5)
2018-12-17T22:45:17.931785649Z	62	PC: 13783 \| Close file
2018-12-17T22:45:17.934712737Z	67	PC: 138cc \| Get or set file attributes
2018-12-17T22:45:17.944955934Z	79	PC: 13423 \| Find next file
2018-12-17T22:45:17.948641073Z	67	PC: 138b2 \| Get or set file attributes
2018-12-17T22:45:17.955621281Z	67	PC: 138be \| Get or set file attributes
2018-12-17T22:45:17.963589531Z	61	PC: 13726 \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:45:17.967920572Z	66	PC: 13730 \| Move file pointer
2018-12-17T22:45:17.970358039Z	62	PC: 13783 \| Close file
2018-12-17T22:45:17.971710156Z	67	PC: 138cc \| Get or set file attributes
2018-12-17T22:45:17.97804142Z	79	PC: 13423 \| Find next file
2018-12-17T22:45:17.981474909Z	67	PC: 138b2 \| Get or set file attributes
2018-12-17T22:45:17.985562212Z	67	PC: 138be \| Get or set file attributes
2018-12-17T22:45:17.99185495Z	61	PC: 13726 \| Open file (Filename = 'HELLO.COM')
2018-12-17T22:45:17.999693571Z	66	PC: 13730 \| Move file pointer
2018-12-17T22:45:18.000923578Z	62	PC: 13783 \| Close file
2018-12-17T22:45:18.002351958Z	67	PC: 138cc \| Get or set file attributes
2018-12-17T22:45:18.011259776Z	79	PC: 13423 \| Find next file
2018-12-17T22:45:18.013080147Z	67	PC: 138b2 \| Get or set file attributes
2018-12-17T22:45:18.02385285Z	67	PC: 138be \| Get or set file attributes
2018-12-17T22:45:18.033743107Z	61	PC: 13726 \| Open file (Filename = 'PHANG.COM')
2018-12-17T22:45:18.040115055Z	66	PC: 13730 \| Move file pointer
2018-12-17T22:45:18.041361616Z	62	PC: 13783 \| Close file
2018-12-17T22:45:18.043240533Z	67	PC: 138cc \| Get or set file attributes
2018-12-17T22:45:18.052664632Z	79	PC: 13423 \| Find next file
2018-12-17T22:45:18.055079284Z	67	PC: 138b2 \| Get or set file attributes
2018-12-17T22:45:18.061025551Z	67	PC: 138be \| Get or set file attributes
2018-12-17T22:45:18.073198547Z	61	PC: 13726 \| Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:45:18.084760055Z	66	PC: 13730 \| Move file pointer
2018-12-17T22:45:18.087178617Z	62	PC: 13783 \| Close file
2018-12-17T22:45:18.088870007Z	67	PC: 138cc \| Get or set file attributes
2018-12-17T22:45:18.098418978Z	79	PC: 13423 \| Find next file
2018-12-17T22:45:18.101605537Z	67	PC: 138b2 \| Get or set file attributes
2018-12-17T22:45:18.106981981Z	67	PC: 138be \| Get or set file attributes
2018-12-17T22:45:18.116035595Z	61	PC: 13726 \| Open file (Filename = 'MANDEL.COM')
2018-12-17T22:45:18.132859699Z	66	PC: 13730 \| Move file pointer
2018-12-17T22:45:18.134363083Z	66	PC: 13766 \| Move file pointer
2018-12-17T22:45:18.135626107Z	63	PC: 13773 \| Read file or device (Read 2 bytes on handle 5)
2018-12-17T22:45:18.142911596Z	62	PC: 13783 \| Close file
2018-12-17T22:45:18.144675616Z	67	PC: 138cc \| Get or set file attributes
2018-12-17T22:45:18.15718892Z	79	PC: 13423 \| Find next file
2018-12-17T22:45:18.160101715Z	67	PC: 138b2 \| Get or set file attributes
2018-12-17T22:45:18.165478507Z	67	PC: 138be \| Get or set file attributes
2018-12-17T22:45:18.174736989Z	61	PC: 13726 \| Open file (Filename = 'PAH.COM')
2018-12-17T22:45:18.181480042Z	66	PC: 13730 \| Move file pointer
2018-12-17T22:45:18.182930289Z	62	PC: 13783 \| Close file
2018-12-17T22:45:18.184527585Z	67	PC: 138cc \| Get or set file attributes
2018-12-17T22:45:18.194270613Z	79	PC: 13423 \| Find next file
2018-12-17T22:45:18.197322788Z	67	PC: 138b2 \| Get or set file attributes
2018-12-17T22:45:18.207408606Z	67	PC: 138be \| Get or set file attributes
2018-12-17T22:45:18.220161938Z	61	PC: 13726 \| Open file (Filename = 'TEST.COM')
2018-12-17T22:45:18.226854201Z	66	PC: 13730 \| Move file pointer
2018-12-17T22:45:18.2282764Z	66	PC: 13766 \| Move file pointer
2018-12-17T22:45:18.23099727Z	63	PC: 13773 \| Read file or device (Read 2 bytes on handle 5)
2018-12-17T22:45:18.237506161Z	62	PC: 13783 \| Close file
2018-12-17T22:45:18.239154317Z	67	PC: 138cc \| Get or set file attributes
2018-12-17T22:45:18.250166235Z	79	PC: 13423 \| Find next file
2018-12-17T22:45:18.25245733Z	78	PC: 134db \| Find first file
2018-12-17T22:45:18.257976533Z	78	PC: 13812 \| Find first file
2018-12-17T22:45:18.264146181Z	67	PC: 1382a \| Get or set file attributes
2018-12-17T22:45:18.274406459Z	79	PC: 13812 \| Find next file
2018-12-17T22:45:18.276801013Z	67	PC: 1382a \| Get or set file attributes
2018-12-17T22:45:18.28781077Z	79	PC: 13812 \| Find next file
2018-12-17T22:45:18.290281352Z	67	PC: 1382a \| Get or set file attributes
2018-12-17T22:45:18.295808721Z	79	PC: 13812 \| Find next file
2018-12-17T22:45:18.298869155Z	67	PC: 1382a \| Get or set file attributes
2018-12-17T22:45:18.304296075Z	79	PC: 13812 \| Find next file
2018-12-17T22:45:18.306718837Z	67	PC: 1382a \| Get or set file attributes
2018-12-17T22:45:18.313397643Z	79	PC: 13812 \| Find next file
2018-12-17T22:45:18.315745007Z	67	PC: 1382a \| Get or set file attributes
2018-12-17T22:45:18.321127707Z	79	PC: 13812 \| Find next file
2018-12-17T22:45:18.323955197Z	67	PC: 1382a \| Get or set file attributes
2018-12-17T22:45:18.334081359Z	79	PC: 13812 \| Find next file
2018-12-17T22:45:18.336416384Z	67	PC: 1382a \| Get or set file attributes
2018-12-17T22:45:18.347167981Z	79	PC: 13812 \| Find next file
2018-12-17T22:45:18.349529704Z	67	PC: 1382a \| Get or set file attributes
2018-12-17T22:45:18.355054522Z	79	PC: 13812 \| Find next file
2018-12-17T22:45:18.357394237Z	59	PC: 1385e \| Change current directory
2018-12-17T22:45:18.361584357Z	59	PC: 13697 \| Change current directory
2018-12-17T22:45:18.365397563Z	42	PC: 1391e \| Get date 0x1391e: cmp dl, 0xd 0x13921: je 0x13925 0x13923: clc 0x13924: ret 0x13925: stc 0x13926: ret 0x13927: push cs 0x13928: pop ds 0x13929: lea dx, word ptr [di + 0x85b] 0x1392d: mov cx, 2 0x13930: mov ah, 0x40 0x13932: int 0x21 0x13934: push es 0x13935: pop ds 0x13936: ret 0x13937: push si 0x13938: push di 0x13939: mov ax, di 0x1393b: mov cx, 8 0x1393e: lea si, word ptr [di + 0x5f6]
2018-12-17T22:45:18.367560441Z	26	PC: 136bb \| Set disk transfer address
2018-12-17T22:45:18.368704894Z	9	PC: 13296 \| Display string (String= 'Goat file (COM/b9jr). Size=0000092Eh/0000002350d bytes. ')
2018-12-17T22:45:18.374118838Z	48	PC: 1329f \| Get DOS version
2018-12-17T22:45:18.376428159Z	61	PC: 1336c \| Open file (Filename = '')
2018-12-17T22:45:18.38302918Z	93	PC: 1330e \| File sharing functions
2018-12-17T22:45:18.384987607Z	9	PC: 13296 \| Display string (String= 'Size change=085Fh/02143d. ')
2018-12-17T22:45:18.390088066Z	76	PC: 132f3 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8489,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:04:47.05131685Z	26	PC: 133fa \| Set disk transfer address
2018-12-25T12:04:47.053218415Z	71	PC: 13408 \| Get current directory
2018-12-25T12:04:47.056004695Z	78	PC: 138ff \| Find first file
2018-12-25T12:04:47.061630011Z	78	PC: 138ff \| Find first file (See above)
2018-12-25T12:04:47.068377197Z	78	PC: 138ff \| Find first file (See above)
2018-12-25T12:04:47.073875871Z	78	PC: 13423 \| Find first file
2018-12-25T12:04:47.084309082Z	67	PC: 138b2 \| Get or set file attributes
2018-12-25T12:04:47.094899531Z	67	PC: 138be \| Get or set file attributes
2018-12-25T12:04:47.111303878Z	61	PC: 13726 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:04:47.118247134Z	66	PC: 13730 \| Move file pointer
2018-12-25T12:04:47.128757055Z	66	PC: 13766 \| Move file pointer
2018-12-25T12:04:47.130145279Z	63	PC: 13773 \| Read file or device (Read 2 bytes on handle 5)
2018-12-25T12:04:47.136346237Z	87	PC: 138d2 \| Get or set file date and time
2018-12-25T12:04:47.138418978Z	66	PC: 13710 \| Move file pointer
2018-12-25T12:04:47.146363772Z	63	PC: 1371a \| Read file or device (Read 256 bytes on handle 5)
2018-12-25T12:04:47.149015423Z	66	PC: 13456 \| Move file pointer
2018-12-25T12:04:47.150646096Z	63	PC: 13460 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:04:47.152934818Z	66	PC: 13469 \| Move file pointer
2018-12-25T12:04:47.154173235Z	64	PC: 13479 \| Write file or device (Write 1 bytes on handle 5)
2018-12-25T12:04:47.156936258Z	64	PC: 13484 \| Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:04:47.160515292Z	66	PC: 13498 \| Move file pointer
2018-12-25T12:04:47.162397395Z	64	PC: 134ac \| Write file or device (Write 2141 bytes on handle 5)
2018-12-25T12:04:47.171004202Z	64	PC: 13934 \| Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:04:47.176628312Z	87	PC: 138ec \| Get or set file date and time
2018-12-25T12:04:47.178133674Z	62	PC: 134b6 \| Close file
2018-12-25T12:04:47.185870619Z	67	PC: 138cc \| Get or set file attributes
2018-12-25T12:04:47.19686919Z	79	PC: 13423 \| Find next file (See above)
2018-12-25T12:04:47.1999465Z	67	PC: 138b2 \| Get or set file attributes (See above)
2018-12-25T12:04:47.205597362Z	67	PC: 138be \| Get or set file attributes (See above)
2018-12-25T12:04:47.217824948Z	61	PC: 13726 \| Open file (See above)
2018-12-25T12:04:47.224622Z	66	PC: 13730 \| Move file pointer (See above)
2018-12-25T12:04:47.226400251Z	62	PC: 13783 \| Close file
2018-12-25T12:04:47.229870363Z	67	PC: 138cc \| Get or set file attributes (See above)
2018-12-25T12:04:47.239692589Z	79	PC: 13423 \| Find next file (See above)
2018-12-25T12:04:47.242135314Z	67	PC: 138b2 \| Get or set file attributes (See above)
2018-12-25T12:04:47.253616255Z	67	PC: 138be \| Get or set file attributes (See above)
2018-12-25T12:04:47.263797649Z	61	PC: 13726 \| Open file (See above)
2018-12-25T12:04:47.270690811Z	66	PC: 13730 \| Move file pointer (See above)
2018-12-25T12:04:47.27353416Z	62	PC: 13783 \| Close file (See above)
2018-12-25T12:04:47.277146896Z	67	PC: 138cc \| Get or set file attributes (See above)
2018-12-25T12:04:47.287083031Z	79	PC: 13423 \| Find next file (See above)
2018-12-25T12:04:47.290765983Z	67	PC: 138b2 \| Get or set file attributes (See above)
2018-12-25T12:04:47.29664244Z	67	PC: 138be \| Get or set file attributes (See above)
2018-12-25T12:04:47.306468237Z	61	PC: 13726 \| Open file (See above)
2018-12-25T12:04:47.319242037Z	66	PC: 13730 \| Move file pointer (See above)
2018-12-25T12:04:47.321067367Z	62	PC: 13783 \| Close file (See above)
2018-12-25T12:04:47.32379826Z	67	PC: 138cc \| Get or set file attributes (See above)
2018-12-25T12:04:47.335049627Z	79	PC: 13423 \| Find next file (See above)
2018-12-25T12:04:47.338175016Z	67	PC: 138b2 \| Get or set file attributes (See above)
2018-12-25T12:04:47.344473785Z	67	PC: 138be \| Get or set file attributes (See above)
2018-12-25T12:04:47.355193381Z	61	PC: 13726 \| Open file (See above)
2018-12-25T12:04:47.361775381Z	66	PC: 13730 \| Move file pointer (See above)
2018-12-25T12:04:47.363086766Z	62	PC: 13783 \| Close file (See above)
2018-12-25T12:04:47.365846369Z	67	PC: 138cc \| Get or set file attributes (See above)
2018-12-25T12:04:47.376216199Z	79	PC: 13423 \| Find next file (See above)
2018-12-25T12:04:47.378847067Z	67	PC: 138b2 \| Get or set file attributes (See above)
2018-12-25T12:04:47.390314799Z	67	PC: 138be \| Get or set file attributes (See above)
2018-12-25T12:04:47.482346535Z	61	PC: 13726 \| Open file (See above)
2018-12-25T12:04:47.489071244Z	66	PC: 13730 \| Move file pointer (See above)
2018-12-25T12:04:47.490987032Z	66	PC: 13766 \| Move file pointer (See above)
2018-12-25T12:04:47.492266154Z	63	PC: 13773 \| Read file or device (See above)
2018-12-25T12:04:47.498495932Z	87	PC: 138d2 \| Get or set file date and time (See above)
2018-12-25T12:04:47.500471837Z	66	PC: 13710 \| Move file pointer (See above)
2018-12-25T12:04:47.501753924Z	63	PC: 1371a \| Read file or device (See above)
2018-12-25T12:04:47.504031601Z	66	PC: 13456 \| Move file pointer (See above)
2018-12-25T12:04:47.505464613Z	63	PC: 13460 \| Read file or device (See above)
2018-12-25T12:04:47.508135845Z	66	PC: 13469 \| Move file pointer (See above)
2018-12-25T12:04:47.509291605Z	64	PC: 13479 \| Write file or device (See above)
2018-12-25T12:04:47.511782201Z	64	PC: 13484 \| Write file or device (See above)
2018-12-25T12:04:47.51453417Z	66	PC: 13498 \| Move file pointer (See above)
2018-12-25T12:04:47.515633899Z	64	PC: 134ac \| Write file or device (See above)
2018-12-25T12:04:47.60535865Z	64	PC: 13934 \| Write file or device (See above)
2018-12-25T12:04:47.608261913Z	87	PC: 138ec \| Get or set file date and time (See above)
2018-12-25T12:04:47.609624545Z	62	PC: 134b6 \| Close file (See above)
2018-12-25T12:04:47.68591265Z	67	PC: 138cc \| Get or set file attributes (See above)
2018-12-25T12:04:47.80756634Z	79	PC: 13423 \| Find next file (See above)
2018-12-25T12:04:47.810035918Z	67	PC: 138b2 \| Get or set file attributes (See above)
2018-12-25T12:04:47.815341098Z	67	PC: 138be \| Get or set file attributes (See above)
2018-12-25T12:04:47.92283181Z	61	PC: 13726 \| Open file (See above)
2018-12-25T12:04:47.929182924Z	66	PC: 13730 \| Move file pointer (See above)
2018-12-25T12:04:47.930601985Z	62	PC: 13783 \| Close file (See above)
2018-12-25T12:04:47.93373892Z	67	PC: 138cc \| Get or set file attributes (See above)
2018-12-25T12:04:48.028990969Z	79	PC: 13423 \| Find next file (See above)
2018-12-25T12:04:48.031529948Z	67	PC: 138b2 \| Get or set file attributes (See above)
2018-12-25T12:04:48.04249693Z	67	PC: 138be \| Get or set file attributes (See above)
2018-12-25T12:04:48.208236424Z	61	PC: 13726 \| Open file (See above)
2018-12-25T12:04:48.214714817Z	66	PC: 13730 \| Move file pointer (See above)
2018-12-25T12:04:48.216850222Z	66	PC: 13766 \| Move file pointer (See above)
2018-12-25T12:04:48.218138735Z	63	PC: 13773 \| Read file or device (See above)
2018-12-25T12:04:48.224810254Z	62	PC: 13783 \| Close file (See above)
2018-12-25T12:04:48.227052654Z	67	PC: 138cc \| Get or set file attributes (See above)
2018-12-25T12:04:48.395954312Z	79	PC: 13423 \| Find next file (See above)
2018-12-25T12:04:48.398628511Z	78	PC: 134db \| Find first file
2018-12-25T12:04:48.403027835Z	59	PC: 137db \| Change current directory
2018-12-25T12:04:48.405732821Z	78	PC: 138ff \| Find first file (See above)
2018-12-25T12:04:48.414601327Z	78	PC: 138ff \| Find first file (See above)
2018-12-25T12:04:48.422380548Z	78	PC: 138ff \| Find first file (See above)
2018-12-25T12:04:48.429726128Z	78	PC: 13423 \| Find first file (See above)
2018-12-25T12:04:48.433534129Z	67	PC: 138b2 \| Get or set file attributes (See above)
2018-12-25T12:04:48.437785456Z	67	PC: 138be \| Get or set file attributes (See above)
2018-12-25T12:04:48.532686037Z	61	PC: 13726 \| Open file (See above)
2018-12-25T12:04:48.536895235Z	66	PC: 13730 \| Move file pointer (See above)
2018-12-25T12:04:48.53838873Z	66	PC: 13766 \| Move file pointer (See above)
2018-12-25T12:04:48.539715239Z	63	PC: 13773 \| Read file or device (See above)
2018-12-25T12:04:48.546389601Z	62	PC: 13783 \| Close file (See above)
2018-12-25T12:04:48.548531133Z	67	PC: 138cc \| Get or set file attributes (See above)
2018-12-25T12:04:48.741899281Z	79	PC: 13423 \| Find next file (See above)
2018-12-25T12:04:48.744428568Z	67	PC: 138b2 \| Get or set file attributes (See above)
2018-12-25T12:04:48.755821682Z	67	PC: 138be \| Get or set file attributes (See above)
2018-12-25T12:04:48.948237987Z	61	PC: 13726 \| Open file (See above)
2018-12-25T12:04:48.954700706Z	66	PC: 13730 \| Move file pointer (See above)
2018-12-25T12:04:48.956414354Z	62	PC: 13783 \| Close file (See above)
2018-12-25T12:04:48.957995125Z	67	PC: 138cc \| Get or set file attributes (See above)
2018-12-25T12:04:49.149451761Z	79	PC: 13423 \| Find next file (See above)
2018-12-25T12:04:49.152794257Z	67	PC: 138b2 \| Get or set file attributes (See above)
2018-12-25T12:04:49.157207467Z	67	PC: 138be \| Get or set file attributes (See above)
2018-12-25T12:04:49.269149411Z	61	PC: 13726 \| Open file (See above)
2018-12-25T12:04:49.282007954Z	66	PC: 13730 \| Move file pointer (See above)
2018-12-25T12:04:49.284360894Z	62	PC: 13783 \| Close file (See above)
2018-12-25T12:04:49.286424586Z	67	PC: 138cc \| Get or set file attributes (See above)
2018-12-25T12:04:49.424076011Z	79	PC: 13423 \| Find next file (See above)
2018-12-25T12:04:49.426706887Z	67	PC: 138b2 \| Get or set file attributes (See above)
2018-12-25T12:04:49.432148068Z	67	PC: 138be \| Get or set file attributes (See above)
2018-12-25T12:04:49.535943706Z	61	PC: 13726 \| Open file (See above)
2018-12-25T12:04:49.542581408Z	66	PC: 13730 \| Move file pointer (See above)
2018-12-25T12:04:49.544397824Z	62	PC: 13783 \| Close file (See above)
2018-12-25T12:04:49.547034649Z	67	PC: 138cc \| Get or set file attributes (See above)
2018-12-25T12:04:49.646402391Z	79	PC: 13423 \| Find next file (See above)
2018-12-25T12:04:49.649438025Z	67	PC: 138b2 \| Get or set file attributes (See above)
2018-12-25T12:04:49.660801584Z	67	PC: 138be \| Get or set file attributes (See above)
2018-12-25T12:04:49.812695901Z	61	PC: 13726 \| Open file (See above)
2018-12-25T12:04:49.820030319Z	66	PC: 13730 \| Move file pointer (See above)
2018-12-25T12:04:49.822763505Z	62	PC: 13783 \| Close file (See above)
2018-12-25T12:04:49.825218087Z	67	PC: 138cc \| Get or set file attributes (See above)
2018-12-25T12:04:50.009654319Z	79	PC: 13423 \| Find next file (See above)
2018-12-25T12:04:50.013024515Z	67	PC: 138b2 \| Get or set file attributes (See above)
2018-12-25T12:04:50.018508593Z	67	PC: 138be \| Get or set file attributes (See above)
2018-12-25T12:04:50.114193817Z	61	PC: 13726 \| Open file (See above)
2018-12-25T12:04:50.126672438Z	66	PC: 13730 \| Move file pointer (See above)
2018-12-25T12:04:50.128181792Z	66	PC: 13766 \| Move file pointer (See above)
2018-12-25T12:04:50.130187127Z	63	PC: 13773 \| Read file or device (See above)
2018-12-25T12:04:50.137209663Z	62	PC: 13783 \| Close file (See above)
2018-12-25T12:04:50.139708281Z	67	PC: 138cc \| Get or set file attributes (See above)
2018-12-25T12:04:50.335530159Z	79	PC: 13423 \| Find next file (See above)
2018-12-25T12:04:50.339408865Z	67	PC: 138b2 \| Get or set file attributes (See above)
2018-12-25T12:04:50.345764466Z	67	PC: 138be \| Get or set file attributes (See above)
2018-12-25T12:04:50.507310799Z	61	PC: 13726 \| Open file (See above)
2018-12-25T12:04:50.514668579Z	66	PC: 13730 \| Move file pointer (See above)
2018-12-25T12:04:50.516584686Z	62	PC: 13783 \| Close file (See above)
2018-12-25T12:04:50.518364697Z	67	PC: 138cc \| Get or set file attributes (See above)
2018-12-25T12:04:50.655686465Z	79	PC: 13423 \| Find next file (See above)
2018-12-25T12:04:50.658406327Z	67	PC: 138b2 \| Get or set file attributes (See above)
2018-12-25T12:04:50.664539424Z	67	PC: 138be \| Get or set file attributes (See above)
2018-12-25T12:04:50.675780121Z	61	PC: 13726 \| Open file (See above)
2018-12-25T12:04:50.682106999Z	66	PC: 13730 \| Move file pointer (See above)
2018-12-25T12:04:50.683510658Z	66	PC: 13766 \| Move file pointer (See above)
2018-12-25T12:04:50.685370382Z	63	PC: 13773 \| Read file or device (See above)
2018-12-25T12:04:50.692040016Z	62	PC: 13783 \| Close file (See above)
2018-12-25T12:04:50.693641607Z	67	PC: 138cc \| Get or set file attributes (See above)
2018-12-25T12:04:50.703874689Z	79	PC: 13423 \| Find next file (See above)
2018-12-25T12:04:50.706172143Z	78	PC: 134db \| Find first file (See above)
2018-12-25T12:04:50.711730607Z	78	PC: 13812 \| Find first file
2018-12-25T12:04:50.718010525Z	67	PC: 1382a \| Get or set file attributes
2018-12-25T12:04:50.724155301Z	79	PC: 13812 \| Find next file (See above)
2018-12-25T12:04:50.726684887Z	67	PC: 1382a \| Get or set file attributes (See above)
2018-12-25T12:04:50.733027675Z	79	PC: 13812 \| Find next file (See above)
2018-12-25T12:04:50.735451526Z	67	PC: 1382a \| Get or set file attributes (See above)
2018-12-25T12:04:50.740875796Z	79	PC: 13812 \| Find next file (See above)
2018-12-25T12:04:50.743948984Z	67	PC: 1382a \| Get or set file attributes (See above)
2018-12-25T12:04:50.747539289Z	79	PC: 13812 \| Find next file (See above)
2018-12-25T12:04:50.74992533Z	67	PC: 1382a \| Get or set file attributes (See above)
2018-12-25T12:04:50.755838538Z	79	PC: 13812 \| Find next file (See above)
2018-12-25T12:04:50.758193041Z	67	PC: 1382a \| Get or set file attributes (See above)
2018-12-25T12:04:50.770783574Z	79	PC: 13812 \| Find next file (See above)
2018-12-25T12:04:50.774335477Z	67	PC: 1382a \| Get or set file attributes (See above)
2018-12-25T12:04:50.77785779Z	79	PC: 13812 \| Find next file (See above)
2018-12-25T12:04:50.77951649Z	67	PC: 1382a \| Get or set file attributes (See above)
2018-12-25T12:04:50.785397744Z	79	PC: 13812 \| Find next file (See above)
2018-12-25T12:04:50.787698652Z	67	PC: 1382a \| Get or set file attributes (See above)
2018-12-25T12:04:50.793695405Z	79	PC: 13812 \| Find next file (See above)
2018-12-25T12:04:50.796385135Z	59	PC: 1385e \| Change current directory
2018-12-25T12:04:50.800331144Z	59	PC: 13697 \| Change current directory
2018-12-25T12:04:50.804044986Z	42	PC: 1391e \| Get date 0x1391e: cmp dl, 0xd 0x13921: je 0x13925 0x13923: clc 0x13924: ret 0x13925: stc 0x13926: ret 0x13927: push cs 0x13928: pop ds 0x13929: lea dx, word ptr [di + 0x85b] 0x1392d: mov cx, 2 0x13930: mov ah, 0x40 0x13932: int 0x21 0x13934: push es 0x13935: pop ds 0x13936: ret 0x13937: push si 0x13938: push di 0x13939: mov ax, di 0x1393b: mov cx, 8 0x1393e: lea si, word ptr [di + 0x5f6]
2018-12-25T12:04:50.806415099Z	26	PC: 136bb \| Set disk transfer address
2018-12-25T12:04:50.807535574Z	9	PC: 13296 \| Display string (String= 'Goat file (COM/b9jr). Size=0000092Eh/0000002350d bytes. ')
2018-12-25T12:04:50.812659005Z	48	PC: 1329f \| Get DOS version
2018-12-25T12:04:50.814022991Z	61	PC: 1336c \| Open file (Filename = '')
2018-12-25T12:04:50.820251879Z	93	PC: 1330e \| File sharing functions
2018-12-25T12:04:50.821893929Z	9	PC: 13296 \| Display string (See above)
2018-12-25T12:04:50.826008235Z	76	PC: 132f3 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":13,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8489,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:04:48.149881425Z	26	PC: 133fa \| Set disk transfer address
2018-12-25T12:04:48.151617524Z	71	PC: 13408 \| Get current directory
2018-12-25T12:04:48.154269955Z	78	PC: 138ff \| Find first file
2018-12-25T12:04:48.159878278Z	78	PC: 138ff \| Find first file (See above)
2018-12-25T12:04:48.17109824Z	78	PC: 138ff \| Find first file (See above)
2018-12-25T12:04:48.176557435Z	78	PC: 13423 \| Find first file
2018-12-25T12:04:48.182100691Z	67	PC: 138b2 \| Get or set file attributes
2018-12-25T12:04:48.187971027Z	67	PC: 138be \| Get or set file attributes
2018-12-25T12:04:49.448902914Z	61	PC: 13726 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:04:49.455310716Z	66	PC: 13730 \| Move file pointer
2018-12-25T12:04:49.457404289Z	66	PC: 13766 \| Move file pointer
2018-12-25T12:04:49.459147065Z	63	PC: 13773 \| Read file or device (Read 2 bytes on handle 5)
2018-12-25T12:04:49.463117853Z	87	PC: 138d2 \| Get or set file date and time
2018-12-25T12:04:49.464568815Z	66	PC: 13710 \| Move file pointer
2018-12-25T12:04:49.465516745Z	63	PC: 1371a \| Read file or device (Read 256 bytes on handle 5)
2018-12-25T12:04:49.467097346Z	66	PC: 13456 \| Move file pointer
2018-12-25T12:04:49.468788302Z	63	PC: 13460 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:04:49.471044341Z	66	PC: 13469 \| Move file pointer
2018-12-25T12:04:49.472217894Z	64	PC: 13479 \| Write file or device (Write 1 bytes on handle 5)
2018-12-25T12:04:49.4749007Z	64	PC: 13484 \| Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:04:49.480287889Z	66	PC: 13498 \| Move file pointer
2018-12-25T12:04:49.481691906Z	64	PC: 134ac \| Write file or device (Write 2141 bytes on handle 5)
2018-12-25T12:04:49.63425433Z	64	PC: 13934 \| Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:04:49.637323267Z	87	PC: 138ec \| Get or set file date and time
2018-12-25T12:04:49.638711588Z	62	PC: 134b6 \| Close file
2018-12-25T12:04:49.732945523Z	67	PC: 138cc \| Get or set file attributes
2018-12-25T12:04:49.91199812Z	79	PC: 13423 \| Find next file (See above)
2018-12-25T12:04:49.914593586Z	67	PC: 138b2 \| Get or set file attributes (See above)
2018-12-25T12:04:49.920237815Z	67	PC: 138be \| Get or set file attributes (See above)
2018-12-25T12:04:50.020331873Z	61	PC: 13726 \| Open file (See above)
2018-12-25T12:04:50.026959267Z	66	PC: 13730 \| Move file pointer (See above)
2018-12-25T12:04:50.028289289Z	62	PC: 13783 \| Close file
2018-12-25T12:04:50.030273083Z	67	PC: 138cc \| Get or set file attributes (See above)
2018-12-25T12:04:50.211388631Z	79	PC: 13423 \| Find next file (See above)
2018-12-25T12:04:50.214127222Z	67	PC: 138b2 \| Get or set file attributes (See above)
2018-12-25T12:04:50.220475054Z	67	PC: 138be \| Get or set file attributes (See above)
2018-12-25T12:04:50.335325676Z	61	PC: 13726 \| Open file (See above)
2018-12-25T12:04:50.347500549Z	66	PC: 13730 \| Move file pointer (See above)
2018-12-25T12:04:50.350803023Z	62	PC: 13783 \| Close file (See above)
2018-12-25T12:04:50.35347427Z	67	PC: 138cc \| Get or set file attributes (See above)
2018-12-25T12:04:50.50712602Z	79	PC: 13423 \| Find next file (See above)
2018-12-25T12:04:50.510412445Z	67	PC: 138b2 \| Get or set file attributes (See above)
2018-12-25T12:04:50.516002935Z	67	PC: 138be \| Get or set file attributes (See above)
2018-12-25T12:04:50.654811103Z	61	PC: 13726 \| Open file (See above)
2018-12-25T12:04:50.661103205Z	66	PC: 13730 \| Move file pointer (See above)
2018-12-25T12:04:50.662646824Z	62	PC: 13783 \| Close file (See above)
2018-12-25T12:04:50.663999455Z	67	PC: 138cc \| Get or set file attributes (See above)
2018-12-25T12:04:50.671258084Z	79	PC: 13423 \| Find next file (See above)
2018-12-25T12:04:50.673655Z	67	PC: 138b2 \| Get or set file attributes (See above)
2018-12-25T12:04:50.680355849Z	67	PC: 138be \| Get or set file attributes (See above)
2018-12-25T12:04:50.688800276Z	61	PC: 13726 \| Open file (See above)
2018-12-25T12:04:50.693904931Z	66	PC: 13730 \| Move file pointer (See above)
2018-12-25T12:04:50.695231543Z	62	PC: 13783 \| Close file (See above)
2018-12-25T12:04:50.697206772Z	67	PC: 138cc \| Get or set file attributes (See above)
2018-12-25T12:04:50.703667765Z	79	PC: 13423 \| Find next file (See above)
2018-12-25T12:04:50.706083995Z	67	PC: 138b2 \| Get or set file attributes (See above)
2018-12-25T12:04:50.711979328Z	67	PC: 138be \| Get or set file attributes (See above)
2018-12-25T12:04:50.721427458Z	61	PC: 13726 \| Open file (See above)
2018-12-25T12:04:50.727645605Z	66	PC: 13730 \| Move file pointer (See above)
2018-12-25T12:04:50.729369459Z	66	PC: 13766 \| Move file pointer (See above)
2018-12-25T12:04:50.730715871Z	63	PC: 13773 \| Read file or device (See above)
2018-12-25T12:04:50.734659243Z	87	PC: 138d2 \| Get or set file date and time (See above)
2018-12-25T12:04:50.735935581Z	66	PC: 13710 \| Move file pointer (See above)
2018-12-25T12:04:50.737108627Z	63	PC: 1371a \| Read file or device (See above)
2018-12-25T12:04:50.739039032Z	66	PC: 13456 \| Move file pointer (See above)
2018-12-25T12:04:50.74063269Z	63	PC: 13460 \| Read file or device (See above)
2018-12-25T12:04:50.742339074Z	66	PC: 13469 \| Move file pointer (See above)
2018-12-25T12:04:50.743436099Z	64	PC: 13479 \| Write file or device (See above)
2018-12-25T12:04:50.745478792Z	64	PC: 13484 \| Write file or device (See above)
2018-12-25T12:04:50.747467132Z	66	PC: 13498 \| Move file pointer (See above)
2018-12-25T12:04:50.748778513Z	64	PC: 134ac \| Write file or device (See above)
2018-12-25T12:04:50.757393847Z	64	PC: 13934 \| Write file or device (See above)
2018-12-25T12:04:50.760385046Z	87	PC: 138ec \| Get or set file date and time (See above)
2018-12-25T12:04:50.761666605Z	62	PC: 134b6 \| Close file (See above)
2018-12-25T12:04:50.768638978Z	67	PC: 138cc \| Get or set file attributes (See above)
2018-12-25T12:04:50.778158613Z	79	PC: 13423 \| Find next file (See above)
2018-12-25T12:04:50.780433188Z	67	PC: 138b2 \| Get or set file attributes (See above)
2018-12-25T12:04:50.785761981Z	67	PC: 138be \| Get or set file attributes (See above)
2018-12-25T12:04:50.795129886Z	61	PC: 13726 \| Open file (See above)
2018-12-25T12:04:50.806007155Z	66	PC: 13730 \| Move file pointer (See above)
2018-12-25T12:04:50.807485094Z	62	PC: 13783 \| Close file (See above)
2018-12-25T12:04:50.809105544Z	67	PC: 138cc \| Get or set file attributes (See above)
2018-12-25T12:04:50.821345031Z	79	PC: 13423 \| Find next file (See above)
2018-12-25T12:04:50.823735778Z	67	PC: 138b2 \| Get or set file attributes (See above)
2018-12-25T12:04:50.829663932Z	67	PC: 138be \| Get or set file attributes (See above)
2018-12-25T12:04:50.838987498Z	61	PC: 13726 \| Open file (See above)
2018-12-25T12:04:50.84530244Z	66	PC: 13730 \| Move file pointer (See above)
2018-12-25T12:04:50.84771503Z	66	PC: 13766 \| Move file pointer (See above)
2018-12-25T12:04:50.848925221Z	63	PC: 13773 \| Read file or device (See above)
2018-12-25T12:04:50.855377782Z	62	PC: 13783 \| Close file (See above)
2018-12-25T12:04:50.86246684Z	67	PC: 138cc \| Get or set file attributes (See above)
2018-12-25T12:04:50.87231142Z	79	PC: 13423 \| Find next file (See above)
2018-12-25T12:04:50.874569086Z	78	PC: 134db \| Find first file
2018-12-25T12:04:50.885440728Z	59	PC: 137db \| Change current directory
2018-12-25T12:04:50.889338169Z	78	PC: 138ff \| Find first file (See above)
2018-12-25T12:04:50.894978088Z	78	PC: 138ff \| Find first file (See above)
2018-12-25T12:04:50.901288778Z	78	PC: 138ff \| Find first file (See above)
2018-12-25T12:04:50.907028304Z	78	PC: 13423 \| Find first file (See above)
2018-12-25T12:04:50.912807332Z	67	PC: 138b2 \| Get or set file attributes (See above)
2018-12-25T12:04:50.927370635Z	67	PC: 138be \| Get or set file attributes (See above)
2018-12-25T12:04:50.937469933Z	61	PC: 13726 \| Open file (See above)
2018-12-25T12:04:50.943801062Z	66	PC: 13730 \| Move file pointer (See above)
2018-12-25T12:04:50.9460747Z	66	PC: 13766 \| Move file pointer (See above)
2018-12-25T12:04:50.947627692Z	63	PC: 13773 \| Read file or device (See above)
2018-12-25T12:04:50.953985333Z	62	PC: 13783 \| Close file (See above)
2018-12-25T12:04:50.956194719Z	67	PC: 138cc \| Get or set file attributes (See above)
2018-12-25T12:04:50.966080885Z	79	PC: 13423 \| Find next file (See above)
2018-12-25T12:04:50.96951793Z	67	PC: 138b2 \| Get or set file attributes (See above)
2018-12-25T12:04:50.97585722Z	67	PC: 138be \| Get or set file attributes (See above)
2018-12-25T12:04:50.985484314Z	61	PC: 13726 \| Open file (See above)
2018-12-25T12:04:50.992597416Z	66	PC: 13730 \| Move file pointer (See above)
2018-12-25T12:04:50.995681944Z	62	PC: 13783 \| Close file (See above)
2018-12-25T12:04:50.997572844Z	67	PC: 138cc \| Get or set file attributes (See above)
2018-12-25T12:04:51.007348663Z	79	PC: 13423 \| Find next file (See above)
2018-12-25T12:04:51.010885522Z	67	PC: 138b2 \| Get or set file attributes (See above)
2018-12-25T12:04:51.022956248Z	67	PC: 138be \| Get or set file attributes (See above)
2018-12-25T12:04:51.032570791Z	61	PC: 13726 \| Open file (See above)
2018-12-25T12:04:51.03977757Z	66	PC: 13730 \| Move file pointer (See above)
2018-12-25T12:04:51.041349885Z	62	PC: 13783 \| Close file (See above)
2018-12-25T12:04:51.043112678Z	67	PC: 138cc \| Get or set file attributes (See above)
2018-12-25T12:04:51.054724049Z	79	PC: 13423 \| Find next file (See above)
2018-12-25T12:04:51.058241611Z	67	PC: 138b2 \| Get or set file attributes (See above)
2018-12-25T12:04:51.064127003Z	67	PC: 138be \| Get or set file attributes (See above)
2018-12-25T12:04:51.077323056Z	61	PC: 13726 \| Open file (See above)
2018-12-25T12:04:51.089003839Z	66	PC: 13730 \| Move file pointer (See above)
2018-12-25T12:04:51.090387545Z	62	PC: 13783 \| Close file (See above)
2018-12-25T12:04:51.092855963Z	67	PC: 138cc \| Get or set file attributes (See above)
2018-12-25T12:04:51.102711773Z	79	PC: 13423 \| Find next file (See above)
2018-12-25T12:04:51.105277914Z	67	PC: 138b2 \| Get or set file attributes (See above)
2018-12-25T12:04:51.11149604Z	67	PC: 138be \| Get or set file attributes (See above)
2018-12-25T12:04:51.12136178Z	61	PC: 13726 \| Open file (See above)
2018-12-25T12:04:51.127821298Z	66	PC: 13730 \| Move file pointer (See above)
2018-12-25T12:04:51.129691318Z	62	PC: 13783 \| Close file (See above)
2018-12-25T12:04:51.131401135Z	67	PC: 138cc \| Get or set file attributes (See above)
2018-12-25T12:04:51.140997322Z	79	PC: 13423 \| Find next file (See above)
2018-12-25T12:04:51.143764593Z	67	PC: 138b2 \| Get or set file attributes (See above)
2018-12-25T12:04:51.154682232Z	67	PC: 138be \| Get or set file attributes (See above)
2018-12-25T12:04:51.164011241Z	61	PC: 13726 \| Open file (See above)
2018-12-25T12:04:51.17062067Z	66	PC: 13730 \| Move file pointer (See above)
2018-12-25T12:04:51.173073693Z	66	PC: 13766 \| Move file pointer (See above)
2018-12-25T12:04:51.174429401Z	63	PC: 13773 \| Read file or device (See above)
2018-12-25T12:04:51.18144456Z	62	PC: 13783 \| Close file (See above)
2018-12-25T12:04:51.183050168Z	67	PC: 138cc \| Get or set file attributes (See above)
2018-12-25T12:04:51.193911948Z	79	PC: 13423 \| Find next file (See above)
2018-12-25T12:04:51.202428235Z	67	PC: 138b2 \| Get or set file attributes (See above)
2018-12-25T12:04:51.20803083Z	67	PC: 138be \| Get or set file attributes (See above)
2018-12-25T12:04:51.220217813Z	61	PC: 13726 \| Open file (See above)
2018-12-25T12:04:51.227781255Z	66	PC: 13730 \| Move file pointer (See above)
2018-12-25T12:04:51.229218777Z	62	PC: 13783 \| Close file (See above)
2018-12-25T12:04:51.230842595Z	67	PC: 138cc \| Get or set file attributes (See above)
2018-12-25T12:04:51.241122393Z	79	PC: 13423 \| Find next file (See above)
2018-12-25T12:04:51.243642298Z	67	PC: 138b2 \| Get or set file attributes (See above)
2018-12-25T12:04:51.249014119Z	67	PC: 138be \| Get or set file attributes (See above)
2018-12-25T12:04:51.2591687Z	61	PC: 13726 \| Open file (See above)
2018-12-25T12:04:51.265673265Z	66	PC: 13730 \| Move file pointer (See above)
2018-12-25T12:04:51.267046109Z	66	PC: 13766 \| Move file pointer (See above)
2018-12-25T12:04:51.268888854Z	63	PC: 13773 \| Read file or device (See above)
2018-12-25T12:04:51.275565224Z	62	PC: 13783 \| Close file (See above)
2018-12-25T12:04:51.277302501Z	67	PC: 138cc \| Get or set file attributes (See above)
2018-12-25T12:04:51.288066681Z	79	PC: 13423 \| Find next file (See above)
2018-12-25T12:04:51.290515349Z	78	PC: 134db \| Find first file (See above)
2018-12-25T12:04:51.296278481Z	78	PC: 13812 \| Find first file
2018-12-25T12:04:51.302599966Z	67	PC: 1382a \| Get or set file attributes
2018-12-25T12:04:51.30628296Z	79	PC: 13812 \| Find next file (See above)
2018-12-25T12:04:51.308659724Z	67	PC: 1382a \| Get or set file attributes (See above)
2018-12-25T12:04:51.316486016Z	79	PC: 13812 \| Find next file (See above)
2018-12-25T12:04:51.318905415Z	67	PC: 1382a \| Get or set file attributes (See above)
2018-12-25T12:04:51.329199688Z	79	PC: 13812 \| Find next file (See above)
2018-12-25T12:04:51.33198929Z	67	PC: 1382a \| Get or set file attributes (See above)
2018-12-25T12:04:51.338694365Z	79	PC: 13812 \| Find next file (See above)
2018-12-25T12:04:51.341218023Z	67	PC: 1382a \| Get or set file attributes (See above)
2018-12-25T12:04:51.352359471Z	79	PC: 13812 \| Find next file (See above)
2018-12-25T12:04:51.354718534Z	67	PC: 1382a \| Get or set file attributes (See above)
2018-12-25T12:04:51.360177997Z	79	PC: 13812 \| Find next file (See above)
2018-12-25T12:04:51.362773416Z	67	PC: 1382a \| Get or set file attributes (See above)
2018-12-25T12:04:51.368219145Z	79	PC: 13812 \| Find next file (See above)
2018-12-25T12:04:51.370687188Z	67	PC: 1382a \| Get or set file attributes (See above)
2018-12-25T12:04:51.376415774Z	79	PC: 13812 \| Find next file (See above)
2018-12-25T12:04:51.379637487Z	67	PC: 1382a \| Get or set file attributes (See above)
2018-12-25T12:04:51.385607183Z	79	PC: 13812 \| Find next file (See above)
2018-12-25T12:04:51.387715174Z	59	PC: 1385e \| Change current directory
2018-12-25T12:04:51.396334692Z	59	PC: 13697 \| Change current directory
2018-12-25T12:04:51.405184247Z	42	PC: 1391e \| Get date 0x1391e: cmp dl, 0xd 0x13921: je 0x13925 0x13923: clc 0x13924: ret 0x13925: stc 0x13926: ret 0x13927: push cs 0x13928: pop ds 0x13929: lea dx, word ptr [di + 0x85b] 0x1392d: mov cx, 2 0x13930: mov ah, 0x40 0x13932: int 0x21 0x13934: push es 0x13935: pop ds 0x13936: ret 0x13937: push si 0x13938: push di 0x13939: mov ax, di 0x1393b: mov cx, 8 0x1393e: lea si, word ptr [di + 0x5f6]
2018-12-25T12:04:51.407295714Z	64	PC: 136ac \| Write file or device (Write 113 bytes on handle 1)