Sample viewer

vx.netlux.org/Virus.DOS.Kasiunia.3773

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:50:07.35233101Z	53	PC: 17e84 \| Get interrupt vector (Interrupt = '254' AKA 'UNKNOWN!')
2018-12-17T22:50:07.354975859Z	88	PC: 17ea0 \| case 0xGet or set allocation strateg:
2018-12-17T22:50:07.356873804Z	42	PC: 17ec0 \| Get date 0x17ec0: cmp cx, 0x7cb 0x17ec4: jb 0x17ef4 0x17ec6: ja 0x17ed6 0x17ec8: cmp dh, 9 0x17ecb: jb 0x17ef4 0x17ecd: ja 0x17ed6 0x17ecf: cmp dl, 0x13 0x17ed2: jb 0x17ef4 0x17ed4: jmp 0x17eef 0x17ed6: mov dx, 0x173 0x17ed9: mov ah, 0x3c 0x17edb: mov cx, 1 0x17ede: int 0x21 0x17ee0: xchg ax, bx 0x17ee1: mov dx, 0x220 0x17ee4: mov cx, 0x5d3 0x17ee7: mov ah, 0x40 0x17ee9: int 0x21 0x17eeb: mov ah, 0x3e 0x17eed: int 0x21
2018-12-17T22:50:07.359569819Z	60	PC: 17ee0 \| Create or truncate file
2018-12-17T22:50:07.702171212Z	64	PC: 17eeb \| Write file or device (Write 1491 bytes on handle 5)
2018-12-17T22:50:07.712685075Z	62	PC: 17eef \| Close file
2018-12-17T22:50:07.721215641Z	61	PC: 9e59b \| Open file
2018-12-17T22:50:07.734051436Z	25	PC: 9e625 \| Get default drive
2018-12-17T22:50:07.735702187Z	9	PC: 12a54 \| Display string (Could not find end pointer)
2018-12-17T22:50:07.738633344Z	25	PC: 9e625 \| Get default drive
2018-12-17T22:50:07.740412246Z	76	PC: 12a59 \| Terminate with return code (Return code = '0')
2018-12-17T22:50:07.744780383Z	25	PC: 9e625 \| Get default drive
2018-12-17T22:50:07.746303424Z	77	PC: 11fe0 \| Get program return code
2018-12-17T22:50:07.74779686Z	25	PC: 9e625 \| Get default drive
2018-12-17T22:50:07.750689384Z	72	PC: 12174 \| Allocate memory
2018-12-17T22:50:07.753050239Z	25	PC: 9e625 \| Get default drive
2018-12-17T22:50:07.754496657Z	72	PC: 1218d \| Allocate memory
2018-12-17T22:50:07.760833522Z	25	PC: 9e625 \| Get default drive
2018-12-17T22:50:07.762493952Z	37	PC: 123c4 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:50:07.763878152Z	25	PC: 9e625 \| Get default drive
2018-12-17T22:50:07.766001061Z	37	PC: 123cb \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:50:07.767471383Z	25	PC: 9e625 \| Get default drive
2018-12-17T22:50:07.76886931Z	37	PC: 123d2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:50:07.771501304Z	25	PC: 9e625 \| Get default drive
2018-12-17T22:50:07.772701559Z	68	PC: 9e811 \| I/O control for devices (Set for = 'mfyW�Wv W�Wj W�WcW�W�W W5W')
2018-12-17T22:50:07.774382236Z	87	PC: 9e59b \| Get or set file date and time
2018-12-17T22:50:07.776219759Z	53	PC: 9e538 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:50:07.778464225Z	87	PC: 9e59b \| Get or set file date and time
2018-12-17T22:50:07.780587865Z	66	PC: 9e59b \| Move file pointer
2018-12-17T22:50:07.782810231Z	66	PC: 9e59b \| Move file pointer
2018-12-17T22:50:07.786505874Z	63	PC: 9e59b \| Read file or device (Read 768 bytes on handle 5)
2018-12-17T22:50:07.788582976Z	87	PC: 9e59b \| Get or set file date and time
2018-12-17T22:50:07.790759655Z	62	PC: 122ab \| Close file
2018-12-17T22:50:07.793475157Z	25	PC: 9e625 \| Get default drive
2018-12-17T22:50:07.795126459Z	68	PC: 9e811 \| I/O control for devices (Set for = 'mfyW�Wv W�Wj W�WcW�W�W W5W')
2018-12-17T22:50:07.797193362Z	87	PC: 9e59b \| Get or set file date and time
2018-12-17T22:50:07.800909765Z	62	PC: 122ab \| Close file
2018-12-17T22:50:07.802855199Z	25	PC: 9e625 \| Get default drive
2018-12-17T22:50:07.804318669Z	68	PC: 9e811 \| I/O control for devices (Set for = 'mfyW�Wv W�Wj W�WcW�W�W W5W')
2018-12-17T22:50:07.807250366Z	87	PC: 9e59b \| Get or set file date and time
2018-12-17T22:50:07.808995214Z	62	PC: 122ab \| Close file
2018-12-17T22:50:07.810755912Z	25	PC: 9e625 \| Get default drive
2018-12-17T22:50:07.812970152Z	68	PC: 9e811 \| I/O control for devices (Set for = 'mfyW�Wv W�Wj W�WcW�W�W W5W')
2018-12-17T22:50:07.814734958Z	87	PC: 9e59b \| Get or set file date and time
2018-12-17T22:50:07.816435182Z	62	PC: 122ab \| Close file
2018-12-17T22:50:07.818142881Z	25	PC: 9e625 \| Get default drive
2018-12-17T22:50:07.820363071Z	68	PC: 9e811 \| I/O control for devices (Set for = 'mfyW�Wv W�Wj W�WcW�W�W W5W')
2018-12-17T22:50:07.822157392Z	87	PC: 9e59b \| Get or set file date and time
2018-12-17T22:50:07.82401397Z	62	PC: 122ab \| Close file
2018-12-17T22:50:07.826868013Z	25	PC: 9e625 \| Get default drive
2018-12-17T22:50:07.828057267Z	68	PC: 9e811 \| I/O control for devices (Set for = 'mfyW�Wv W�Wj W�WcW�W�W W5W')
2018-12-17T22:50:07.829814148Z	87	PC: 9e59b \| Get or set file date and time
2018-12-17T22:50:07.833015372Z	62	PC: 122ab \| Close file
2018-12-17T22:50:07.834832275Z	25	PC: 9e625 \| Get default drive
2018-12-17T22:50:07.83604865Z	68	PC: 9e811 \| I/O control for devices (Set for = 'mfyW�Wv W�Wj W�WcW�W�W W5W')
2018-12-17T22:50:07.838359852Z	87	PC: 9e59b \| Get or set file date and time
2018-12-17T22:50:07.840111363Z	62	PC: 122ab \| Close file
2018-12-17T22:50:07.842391326Z	25	PC: 9e625 \| Get default drive
2018-12-17T22:50:07.844371336Z	68	PC: 9e811 \| I/O control for devices (Set for = 'mfyW�Wv W�Wj W�WcW�W�W W5W')
2018-12-17T22:50:07.846828393Z	87	PC: 9e59b \| Get or set file date and time
2018-12-17T22:50:07.849092376Z	62	PC: 122ab \| Close file
2018-12-17T22:50:07.851546026Z	25	PC: 9e625 \| Get default drive
2018-12-17T22:50:07.853484257Z	68	PC: 9e811 \| I/O control for devices (Set for = 'mfyW�Wv W�Wj W�WcW�W�W W5W')
2018-12-17T22:50:07.855357346Z	87	PC: 9e59b \| Get or set file date and time
2018-12-17T22:50:07.857249821Z	62	PC: 122ab \| Close file
2018-12-17T22:50:07.860627106Z	25	PC: 9e625 \| Get default drive
2018-12-17T22:50:07.862251498Z	68	PC: 9e811 \| I/O control for devices (Set for = 'mfyW�Wv W�Wj W�WcW�W�W W5W')
2018-12-17T22:50:07.864324333Z	87	PC: 9e59b \| Get or set file date and time
2018-12-17T22:50:07.866946058Z	62	PC: 122ab \| Close file
2018-12-17T22:50:07.868716273Z	25	PC: 9e625 \| Get default drive
2018-12-17T22:50:07.870708186Z	68	PC: 9e811 \| I/O control for devices (Set for = 'mfyW�Wv W�Wj W�WcW�W�W W5W')
2018-12-17T22:50:07.873487487Z	87	PC: 9e59b \| Get or set file date and time
2018-12-17T22:50:07.875968168Z	62	PC: 122ab \| Close file
2018-12-17T22:50:07.878175215Z	25	PC: 9e625 \| Get default drive
2018-12-17T22:50:07.880945189Z	68	PC: 9e811 \| I/O control for devices (Set for = 'mfyW�Wv W�Wj W�WcW�W�W W5W')
2018-12-17T22:50:07.883072956Z	87	PC: 9e59b \| Get or set file date and time
2018-12-17T22:50:07.885207967Z	62	PC: 122ab \| Close file
2018-12-17T22:50:07.888178608Z	25	PC: 9e625 \| Get default drive
2018-12-17T22:50:07.889670601Z	68	PC: 9e811 \| I/O control for devices (Set for = 'mfyW�Wv W�Wj W�WcW�W�W W5W')
2018-12-17T22:50:07.891665369Z	87	PC: 9e59b \| Get or set file date and time
2018-12-17T22:50:07.894521194Z	62	PC: 122ab \| Close file
2018-12-17T22:50:07.896633973Z	25	PC: 9e625 \| Get default drive
2018-12-17T22:50:07.898228098Z	68	PC: 9e811 \| I/O control for devices (Set for = 'mfyW�Wv W�Wj W�WcW�W�W W5W')
2018-12-17T22:50:07.90116691Z	87	PC: 9e59b \| Get or set file date and time
2018-12-17T22:50:07.904243199Z	62	PC: 122ab \| Close file
2018-12-17T22:50:07.906368612Z	25	PC: 9e625 \| Get default drive
2018-12-17T22:50:07.907946576Z	68	PC: 9e811 \| I/O control for devices (Set for = 'mfyW�Wv W�Wj W�WcW�W�W W5W')
2018-12-17T22:50:07.911347225Z	87	PC: 9e59b \| Get or set file date and time
2018-12-17T22:50:07.913505671Z	62	PC: 122ab \| Close file
2018-12-17T22:50:07.916464359Z	25	PC: 9e625 \| Get default drive
2018-12-17T22:50:07.918647892Z	61	PC: 12354 \| Open file (Filename = 'C:\COMMAND.COM')
2018-12-17T22:50:07.925511336Z	25	PC: 9e625 \| Get default drive
2018-12-17T22:50:07.926863256Z	66	PC: 12372 \| Move file pointer
2018-12-17T22:50:07.928697221Z	25	PC: 9e625 \| Get default drive
2018-12-17T22:50:07.930667743Z	63	PC: 12383 \| Read file or device (Read 44693 bytes on handle 5)
2018-12-17T22:50:07.946164027Z	25	PC: 9e625 \| Get default drive
2018-12-17T22:50:07.947452868Z	68	PC: 9e811 \| I/O control for devices (Set for = '�mfyW�Wv W�Wj W�WcW�W�W W5W')
2018-12-17T22:50:07.949824464Z	87	PC: 9e59b \| Get or set file date and time
2018-12-17T22:50:07.951724954Z	62	PC: 1238a \| Close file
2018-12-17T22:50:07.955771165Z	25	PC: 9e625 \| Get default drive
2018-12-17T22:50:07.958577177Z	99	PC: 98717 \| Get DBCS lead byte table pointer
2018-12-17T22:50:07.960206619Z	25	PC: 9e625 \| Get default drive
2018-12-17T22:50:07.961578957Z	56	PC: 92f39 \| Get or set country info
2018-12-17T22:50:07.964088812Z	25	PC: 9e625 \| Get default drive
2018-12-17T22:50:07.965481379Z	64	PC: 98988 \| Write file or device (Write 2 bytes on handle 1)
2018-12-17T22:50:07.970252452Z	25	PC: 9e625 \| Get default drive
2018-12-17T22:50:07.972277987Z	25	PC: 92fa2 \| Get default drive
2018-12-17T22:50:07.974215698Z	25	PC: 9e625 \| Get default drive
2018-12-17T22:50:07.975501022Z	71	PC: 9521d \| Get current directory
2018-12-17T22:50:07.981531643Z	25	PC: 9e625 \| Get default drive
2018-12-17T22:50:07.983110909Z	64	PC: 98988 \| Write file or device (Write 3 bytes on handle 1)
2018-12-17T22:50:07.986915687Z	25	PC: 9e625 \| Get default drive
2018-12-17T22:50:07.989453595Z	2	PC: 951f2 \| Character output (Char = '3e')
2018-12-17T22:50:07.992706326Z	25	PC: 9e625 \| Get default drive
2018-12-17T22:50:07.994327402Z	93	PC: 93060 \| File sharing functions
2018-12-17T22:50:07.997372373Z	25	PC: 9e625 \| Get default drive
2018-12-17T22:50:07.99882422Z	93	PC: 93067 \| File sharing functions
2018-12-17T22:50:08.000848683Z	25	PC: 9e625 \| Get default drive
2018-12-17T22:50:08.00270465Z	10	PC: 93079 \| Buffered keyboard input

{"DateBased":true,"Day":1,"Month":9,"Year":1995,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10118,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:27:14.312667569Z	53	PC: 17e84 \| Get interrupt vector (Interrupt = '254' AKA 'UNKNOWN!')
2018-12-25T12:27:14.314481708Z	88	PC: 17ea0 \| case 0xGet or set allocation strateg:
2018-12-25T12:27:14.316925565Z	42	PC: 17ec0 \| Get date 0x17ec0: cmp cx, 0x7cb 0x17ec4: jb 0x17ef4 0x17ec6: ja 0x17ed6 0x17ec8: cmp dh, 9 0x17ecb: jb 0x17ef4 0x17ecd: ja 0x17ed6 0x17ecf: cmp dl, 0x13 0x17ed2: jb 0x17ef4 0x17ed4: jmp 0x17eef 0x17ed6: mov dx, 0x173 0x17ed9: mov ah, 0x3c 0x17edb: mov cx, 1 0x17ede: int 0x21 0x17ee0: xchg ax, bx 0x17ee1: mov dx, 0x220 0x17ee4: mov cx, 0x5d3 0x17ee7: mov ah, 0x40 0x17ee9: int 0x21 0x17eeb: mov ah, 0x3e 0x17eed: int 0x21
2018-12-25T12:27:14.320779897Z	61	PC: 9e59b \| Open file
2018-12-25T12:27:14.327691163Z	25	PC: 9e625 \| Get default drive
2018-12-25T12:27:14.330623917Z	9	PC: 12a54 \| Display string (Could not find end pointer)
2018-12-25T12:27:14.333660702Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:14.335347952Z	76	PC: 12a59 \| Terminate with return code (Return code = '0')
2018-12-25T12:27:14.340047944Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:14.341712125Z	77	PC: 11fe0 \| Get program return code
2018-12-25T12:27:14.343557088Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:14.346370613Z	72	PC: 12174 \| Allocate memory
2018-12-25T12:27:14.348814021Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:14.35041925Z	72	PC: 1218d \| Allocate memory
2018-12-25T12:27:14.353695145Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:14.358083898Z	37	PC: 123c4 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:27:14.359973032Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:14.362194443Z	37	PC: 123cb \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:27:14.376733677Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:14.378137485Z	37	PC: 123d2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:27:14.379640576Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:14.382451312Z	68	PC: 9e811 \| I/O control for devices (Set for = 'mfyW�Wv W�Wj W�WcW�W�W W5W')
2018-12-25T12:27:14.385277514Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:14.388028332Z	53	PC: 9e538 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:27:14.390776948Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:14.392706399Z	66	PC: 9e59b \| Move file pointer (See above)
2018-12-25T12:27:14.401690263Z	66	PC: 9e59b \| Move file pointer (See above)
2018-12-25T12:27:14.403817317Z	63	PC: 9e59b \| Read file or device (See above)
2018-12-25T12:27:14.405615478Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:14.407458337Z	62	PC: 122ab \| Close file
2018-12-25T12:27:14.40981691Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:14.411376011Z	68	PC: 9e811 \| I/O control for devices (See above)
2018-12-25T12:27:14.413263701Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:14.415543598Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:27:14.418786119Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:14.42009942Z	68	PC: 9e811 \| I/O control for devices (See above)
2018-12-25T12:27:14.423538082Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:14.42611916Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:27:14.428110256Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:14.429105542Z	68	PC: 9e811 \| I/O control for devices (See above)
2018-12-25T12:27:14.438793797Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:14.443551195Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:27:14.447637746Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:14.451554525Z	68	PC: 9e811 \| I/O control for devices (See above)
2018-12-25T12:27:14.453720111Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:14.455861433Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:27:14.458866379Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:14.460521631Z	68	PC: 9e811 \| I/O control for devices (See above)
2018-12-25T12:27:14.462231576Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:14.475550663Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:27:14.479757807Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:14.485749528Z	68	PC: 9e811 \| I/O control for devices (See above)
2018-12-25T12:27:14.489818758Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:14.493579087Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:27:14.495462917Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:14.496941418Z	68	PC: 9e811 \| I/O control for devices (See above)
2018-12-25T12:27:14.499175923Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:14.50116083Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:27:14.50334465Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:14.508640209Z	68	PC: 9e811 \| I/O control for devices (See above)
2018-12-25T12:27:14.510916903Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:14.513865269Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:27:14.517891652Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:14.519545724Z	68	PC: 9e811 \| I/O control for devices (See above)
2018-12-25T12:27:14.521655003Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:14.524732224Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:27:14.527237161Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:14.528817189Z	68	PC: 9e811 \| I/O control for devices (See above)
2018-12-25T12:27:14.530882808Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:14.534231351Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:27:14.536418866Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:14.53809652Z	68	PC: 9e811 \| I/O control for devices (See above)
2018-12-25T12:27:14.541421919Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:14.543632193Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:27:14.545822921Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:14.548488986Z	68	PC: 9e811 \| I/O control for devices (See above)
2018-12-25T12:27:14.559000541Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:14.561349415Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:27:14.564302075Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:14.565541532Z	68	PC: 9e811 \| I/O control for devices (See above)
2018-12-25T12:27:14.567338392Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:14.569936986Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:27:14.571792253Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:14.573065263Z	68	PC: 9e811 \| I/O control for devices (See above)
2018-12-25T12:27:14.574806878Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:14.578075688Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:27:14.581147081Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:14.582587139Z	61	PC: 12354 \| Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T12:27:14.590145212Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:14.591519206Z	66	PC: 12372 \| Move file pointer
2018-12-25T12:27:14.593233182Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:14.595374741Z	63	PC: 12383 \| Read file or device (Read 44693 bytes on handle 5)
2018-12-25T12:27:14.612107656Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:14.613697951Z	68	PC: 9e811 \| I/O control for devices (See above)
2018-12-25T12:27:14.619396438Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:14.621001994Z	62	PC: 1238a \| Close file
2018-12-25T12:27:14.62478669Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:14.627045465Z	99	PC: 98717 \| Get DBCS lead byte table pointer
2018-12-25T12:27:14.628932514Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:14.630523109Z	56	PC: 92f39 \| Get or set country info
2018-12-25T12:27:14.634006136Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:14.635679717Z	64	PC: 98988 \| Write file or device (Write 2 bytes on handle 1)
2018-12-25T12:27:14.641458009Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:14.644927655Z	25	PC: 92fa2 \| Get default drive
2018-12-25T12:27:14.647479851Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:14.649164265Z	71	PC: 9521d \| Get current directory
2018-12-25T12:27:14.658448695Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:14.660304508Z	64	PC: 98988 \| Write file or device (See above)
2018-12-25T12:27:14.664426593Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:14.667856051Z	2	PC: 951f2 \| Character output (Char = '3e')
2018-12-25T12:27:14.670754516Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:14.672462543Z	93	PC: 93060 \| File sharing functions
2018-12-25T12:27:14.675749012Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:14.677349048Z	93	PC: 93067 \| File sharing functions
2018-12-25T12:27:14.679893331Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:14.682619198Z	10	PC: 93079 \| Buffered keyboard input

{"DateBased":true,"Day":19,"Month":9,"Year":1995,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10118,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:27:14.426717632Z	64	PC: 0 \| Write file or device (Write 2 bytes on handle 1)
2018-12-25T12:27:14.433293571Z	41	PC: 94fae \| Parse filename
2018-12-25T12:27:14.439023202Z	41	PC: 9502f \| Parse filename
2018-12-25T12:27:14.441235737Z	41	PC: 9504c \| Parse filename
2018-12-25T12:27:14.443597643Z	26	PC: 984f7 \| Set disk transfer address
2018-12-25T12:27:14.446048666Z	71	PC: 986f3 \| Get current directory
2018-12-25T12:27:14.449898592Z	78	PC: 986fe \| Find first file
2018-12-25T12:27:14.472644584Z	71	PC: 986f3 \| Get current directory (See above)
2018-12-25T12:27:14.477119671Z	78	PC: 986fe \| Find first file (See above)
2018-12-25T12:27:14.489426543Z	64	PC: 9a848 \| Write file or device (Write 26 bytes on handle 2)
2018-12-25T12:27:14.49530813Z	37	PC: 123c4 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:27:14.498110114Z	37	PC: 123cb \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:27:14.499828556Z	37	PC: 123d2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:27:14.501512133Z	62	PC: 122ab \| Close file
2018-12-25T12:27:14.506294912Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:27:14.508030059Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:27:14.509977147Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:27:14.511954559Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:27:14.514456284Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:27:14.516363538Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:27:14.518074081Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:27:14.520370559Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:27:14.522042748Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:27:14.52360218Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:27:14.54043794Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:27:14.542162778Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:27:14.543819072Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:27:14.546391809Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:27:14.548981015Z	99	PC: 9a5d7 \| Get DBCS lead byte table pointer
2018-12-25T12:27:14.550768824Z	56	PC: 94df9 \| Get or set country info
2018-12-25T12:27:14.553755868Z	64	PC: 9a848 \| Write file or device (See above)
2018-12-25T12:27:14.559479359Z	25	PC: 94e62 \| Get default drive
2018-12-25T12:27:14.561115969Z	71	PC: 970dd \| Get current directory
2018-12-25T12:27:14.565617247Z	64	PC: 9a848 \| Write file or device (See above)
2018-12-25T12:27:14.569387583Z	2	PC: 970b2 \| Character output (Char = '3e')
2018-12-25T12:27:14.57272104Z	93	PC: 94f20 \| File sharing functions
2018-12-25T12:27:14.57468694Z	93	PC: 94f27 \| File sharing functions
2018-12-25T12:27:14.577154478Z	10	PC: 94f39 \| Buffered keyboard input
2018-12-25T12:27:29.473339054Z	0	PC: 0 \| Program terminate (See above)
2018-12-25T12:27:30.828235494Z	0	PC: 0 \| Program terminate (See above)
2018-12-25T12:27:30.931018213Z	64	PC: 9a848 \| Write file or device (See above)
2018-12-25T12:27:30.938883135Z	41	PC: 94fae \| Parse filename (See above)
2018-12-25T12:27:30.941847951Z	41	PC: 9502f \| Parse filename (See above)
2018-12-25T12:27:30.94557869Z	41	PC: 9504c \| Parse filename (See above)
2018-12-25T12:27:30.948414891Z	26	PC: 984f7 \| Set disk transfer address (See above)
2018-12-25T12:27:30.951540718Z	71	PC: 986f3 \| Get current directory (See above)
2018-12-25T12:27:30.974880104Z	78	PC: 986fe \| Find first file (See above)
2018-12-25T12:27:30.985408914Z	71	PC: 9856c \| Get current directory
2018-12-25T12:27:30.990407331Z	73	PC: 97c09 \| Release memory
2018-12-25T12:27:30.992138318Z	75	PC: 11821 \| Execute program
2018-12-25T12:27:31.009070862Z	9	PC: 12a47 \| Display string (String= 'Hello, World! ')
2018-12-25T12:27:31.014147033Z	76	PC: 12a4b \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":10,"Year":1995,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10118,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:27:14.50656383Z	53	PC: 17e84 \| Get interrupt vector (Interrupt = '254' AKA 'UNKNOWN!')
2018-12-25T12:27:14.509186305Z	88	PC: 17ea0 \| case 0xGet or set allocation strateg:
2018-12-25T12:27:14.510948786Z	42	PC: 17ec0 \| Get date 0x17ec0: cmp cx, 0x7cb 0x17ec4: jb 0x17ef4 0x17ec6: ja 0x17ed6 0x17ec8: cmp dh, 9 0x17ecb: jb 0x17ef4 0x17ecd: ja 0x17ed6 0x17ecf: cmp dl, 0x13 0x17ed2: jb 0x17ef4 0x17ed4: jmp 0x17eef 0x17ed6: mov dx, 0x173 0x17ed9: mov ah, 0x3c 0x17edb: mov cx, 1 0x17ede: int 0x21 0x17ee0: xchg ax, bx 0x17ee1: mov dx, 0x220 0x17ee4: mov cx, 0x5d3 0x17ee7: mov ah, 0x40 0x17ee9: int 0x21 0x17eeb: mov ah, 0x3e 0x17eed: int 0x21
2018-12-25T12:27:14.513489276Z	60	PC: 17ee0 \| Create or truncate file
2018-12-25T12:27:15.209682071Z	64	PC: 17eeb \| Write file or device (Write 1491 bytes on handle 5)
2018-12-25T12:27:15.220767022Z	62	PC: 17eef \| Close file
2018-12-25T12:27:15.226176032Z	61	PC: 9e59b \| Open file
2018-12-25T12:27:15.231115813Z	25	PC: 9e625 \| Get default drive
2018-12-25T12:27:15.233369904Z	9	PC: 12a54 \| Display string (Could not find end pointer)
2018-12-25T12:27:15.235434228Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.236635027Z	76	PC: 12a59 \| Terminate with return code (Return code = '0')
2018-12-25T12:27:15.239363367Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.2405773Z	77	PC: 11fe0 \| Get program return code
2018-12-25T12:27:15.241649659Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.243423358Z	72	PC: 12174 \| Allocate memory
2018-12-25T12:27:15.24503186Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.246013016Z	72	PC: 1218d \| Allocate memory
2018-12-25T12:27:15.24926267Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.25099753Z	37	PC: 123c4 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:27:15.252422963Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.254519839Z	37	PC: 123cb \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:27:15.256551247Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.258192454Z	37	PC: 123d2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:27:15.259552502Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.261559717Z	68	PC: 9e811 \| I/O control for devices (Set for = 'mfyW�Wv W�Wj W�WcW�W�W W5W')
2018-12-25T12:27:15.263294894Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:15.265081847Z	53	PC: 9e538 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:27:15.26703154Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:15.268427044Z	66	PC: 9e59b \| Move file pointer (See above)
2018-12-25T12:27:15.269810374Z	66	PC: 9e59b \| Move file pointer (See above)
2018-12-25T12:27:15.277547604Z	63	PC: 9e59b \| Read file or device (See above)
2018-12-25T12:27:15.279741484Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:15.281945579Z	62	PC: 122ab \| Close file
2018-12-25T12:27:15.2889034Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.290354429Z	68	PC: 9e811 \| I/O control for devices (See above)
2018-12-25T12:27:15.291938082Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:15.293596877Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:27:15.295405716Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.297165414Z	68	PC: 9e811 \| I/O control for devices (See above)
2018-12-25T12:27:15.300602786Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:15.302389199Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:27:15.304150254Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.30522512Z	68	PC: 9e811 \| I/O control for devices (See above)
2018-12-25T12:27:15.307302839Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:15.309091913Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:27:15.31081597Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.312650159Z	68	PC: 9e811 \| I/O control for devices (See above)
2018-12-25T12:27:15.314221998Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:15.31599367Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:27:15.318448677Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.319610011Z	68	PC: 9e811 \| I/O control for devices (See above)
2018-12-25T12:27:15.32141791Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:15.324010365Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:27:15.3257893Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.326873461Z	68	PC: 9e811 \| I/O control for devices (See above)
2018-12-25T12:27:15.32941976Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:15.331593931Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:27:15.333510409Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.343986132Z	68	PC: 9e811 \| I/O control for devices (See above)
2018-12-25T12:27:15.345857184Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:15.347584654Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:27:15.350052133Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.351202216Z	68	PC: 9e811 \| I/O control for devices (See above)
2018-12-25T12:27:15.353081923Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:15.355246944Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:27:15.357047514Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.358111218Z	68	PC: 9e811 \| I/O control for devices (See above)
2018-12-25T12:27:15.360042027Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:15.361938343Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:27:15.363813876Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.365480528Z	68	PC: 9e811 \| I/O control for devices (See above)
2018-12-25T12:27:15.36745393Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:15.369212269Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:27:15.371176721Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.372504384Z	68	PC: 9e811 \| I/O control for devices (See above)
2018-12-25T12:27:15.373886127Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:15.375895194Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:27:15.378147641Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.380518571Z	68	PC: 9e811 \| I/O control for devices (See above)
2018-12-25T12:27:15.382804951Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:15.391813689Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:27:15.39385661Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.395318701Z	68	PC: 9e811 \| I/O control for devices (See above)
2018-12-25T12:27:15.397321519Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:15.399199836Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:27:15.401310744Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.403669304Z	68	PC: 9e811 \| I/O control for devices (See above)
2018-12-25T12:27:15.405308618Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:15.407210667Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:27:15.410888234Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.41233748Z	61	PC: 12354 \| Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T12:27:15.419846998Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.422923314Z	66	PC: 12372 \| Move file pointer
2018-12-25T12:27:15.424628132Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.426695757Z	63	PC: 12383 \| Read file or device (Read 44693 bytes on handle 5)
2018-12-25T12:27:15.439606048Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.440995831Z	68	PC: 9e811 \| I/O control for devices (See above)
2018-12-25T12:27:15.442801228Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:15.447841865Z	62	PC: 1238a \| Close file
2018-12-25T12:27:15.450658969Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.45224517Z	99	PC: 98717 \| Get DBCS lead byte table pointer
2018-12-25T12:27:15.454852676Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.45653372Z	56	PC: 92f39 \| Get or set country info
2018-12-25T12:27:15.458107023Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.45969442Z	64	PC: 98988 \| Write file or device (Write 2 bytes on handle 1)
2018-12-25T12:27:15.464701527Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.46618605Z	25	PC: 92fa2 \| Get default drive
2018-12-25T12:27:15.470098991Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.471773029Z	71	PC: 9521d \| Get current directory
2018-12-25T12:27:15.475726742Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.477473034Z	64	PC: 98988 \| Write file or device (See above)
2018-12-25T12:27:15.481387202Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.482483797Z	2	PC: 951f2 \| Character output (Char = '3e')
2018-12-25T12:27:15.485758371Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.487103586Z	93	PC: 93060 \| File sharing functions
2018-12-25T12:27:15.489164819Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.490800266Z	93	PC: 93067 \| File sharing functions
2018-12-25T12:27:15.493105321Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.494777819Z	10	PC: 93079 \| Buffered keyboard input

{"DateBased":true,"Day":1,"Month":1,"Year":1996,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10118,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:27:14.529782589Z	53	PC: 17e84 \| Get interrupt vector (Interrupt = '254' AKA 'UNKNOWN!')
2018-12-25T12:27:14.537555779Z	88	PC: 17ea0 \| case 0xGet or set allocation strateg:
2018-12-25T12:27:14.540052666Z	42	PC: 17ec0 \| Get date 0x17ec0: cmp cx, 0x7cb 0x17ec4: jb 0x17ef4 0x17ec6: ja 0x17ed6 0x17ec8: cmp dh, 9 0x17ecb: jb 0x17ef4 0x17ecd: ja 0x17ed6 0x17ecf: cmp dl, 0x13 0x17ed2: jb 0x17ef4 0x17ed4: jmp 0x17eef 0x17ed6: mov dx, 0x173 0x17ed9: mov ah, 0x3c 0x17edb: mov cx, 1 0x17ede: int 0x21 0x17ee0: xchg ax, bx 0x17ee1: mov dx, 0x220 0x17ee4: mov cx, 0x5d3 0x17ee7: mov ah, 0x40 0x17ee9: int 0x21 0x17eeb: mov ah, 0x3e 0x17eed: int 0x21
2018-12-25T12:27:14.543388257Z	60	PC: 17ee0 \| Create or truncate file
2018-12-25T12:27:15.21062692Z	64	PC: 17eeb \| Write file or device (Write 1491 bytes on handle 5)
2018-12-25T12:27:15.221970552Z	62	PC: 17eef \| Close file
2018-12-25T12:27:15.231439165Z	61	PC: 9e59b \| Open file
2018-12-25T12:27:15.238858647Z	25	PC: 9e625 \| Get default drive
2018-12-25T12:27:15.241731349Z	9	PC: 12a54 \| Display string (Could not find end pointer)
2018-12-25T12:27:15.244578761Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.246047067Z	76	PC: 12a59 \| Terminate with return code (Return code = '0')
2018-12-25T12:27:15.250223801Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.251635416Z	77	PC: 11fe0 \| Get program return code
2018-12-25T12:27:15.253488553Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.255595157Z	72	PC: 12174 \| Allocate memory
2018-12-25T12:27:15.257979466Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.259840348Z	72	PC: 1218d \| Allocate memory
2018-12-25T12:27:15.264041115Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.266320142Z	37	PC: 123c4 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:27:15.26810336Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.271067154Z	37	PC: 123cb \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:27:15.273468554Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.274807473Z	37	PC: 123d2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:27:15.276474735Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.278771262Z	68	PC: 9e811 \| I/O control for devices (Set for = 'mfyW�Wv W�Wj W�WcW�W�W W5W')
2018-12-25T12:27:15.281088331Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:15.283125733Z	53	PC: 9e538 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:27:15.288248467Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:15.291686384Z	66	PC: 9e59b \| Move file pointer (See above)
2018-12-25T12:27:15.293929979Z	66	PC: 9e59b \| Move file pointer (See above)
2018-12-25T12:27:15.297367692Z	63	PC: 9e59b \| Read file or device (See above)
2018-12-25T12:27:15.299264213Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:15.303242891Z	62	PC: 122ab \| Close file
2018-12-25T12:27:15.306104679Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.308322887Z	68	PC: 9e811 \| I/O control for devices (See above)
2018-12-25T12:27:15.310560585Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:15.313473114Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:27:15.316088736Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.317342006Z	68	PC: 9e811 \| I/O control for devices (See above)
2018-12-25T12:27:15.31989475Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:15.32191858Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:27:15.323737921Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.325270761Z	68	PC: 9e811 \| I/O control for devices (See above)
2018-12-25T12:27:15.32788441Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:15.329688747Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:27:15.33149079Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.333960168Z	68	PC: 9e811 \| I/O control for devices (See above)
2018-12-25T12:27:15.33568566Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:15.33743998Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:27:15.340500017Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.343286359Z	68	PC: 9e811 \| I/O control for devices (See above)
2018-12-25T12:27:15.345201509Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:15.348311427Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:27:15.350115921Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.351407425Z	68	PC: 9e811 \| I/O control for devices (See above)
2018-12-25T12:27:15.353715768Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:15.356694853Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:27:15.358642227Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.361410729Z	68	PC: 9e811 \| I/O control for devices (See above)
2018-12-25T12:27:15.36326493Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:15.365073287Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:27:15.367185581Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.368777599Z	68	PC: 9e811 \| I/O control for devices (See above)
2018-12-25T12:27:15.370424995Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:15.373254377Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:27:15.375403508Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.376933561Z	68	PC: 9e811 \| I/O control for devices (See above)
2018-12-25T12:27:15.379739555Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:15.382417645Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:27:15.384658346Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.386465049Z	68	PC: 9e811 \| I/O control for devices (See above)
2018-12-25T12:27:15.388888161Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:15.391448236Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:27:15.393407432Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.396972539Z	68	PC: 9e811 \| I/O control for devices (See above)
2018-12-25T12:27:15.399146172Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:15.401367794Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:27:15.404391685Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.405652944Z	68	PC: 9e811 \| I/O control for devices (See above)
2018-12-25T12:27:15.407590228Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:15.411325641Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:27:15.413552089Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.415251769Z	68	PC: 9e811 \| I/O control for devices (See above)
2018-12-25T12:27:15.419673732Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:15.422980278Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:27:15.425302306Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.43184621Z	68	PC: 9e811 \| I/O control for devices (See above)
2018-12-25T12:27:15.433963577Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:15.436073333Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:27:15.44016839Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.441918409Z	61	PC: 12354 \| Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T12:27:15.449715732Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.452925245Z	66	PC: 12372 \| Move file pointer
2018-12-25T12:27:15.455124567Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.456882351Z	63	PC: 12383 \| Read file or device (Read 44693 bytes on handle 5)
2018-12-25T12:27:15.478918336Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.4810079Z	68	PC: 9e811 \| I/O control for devices (See above)
2018-12-25T12:27:15.483204778Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:15.486355364Z	62	PC: 1238a \| Close file
2018-12-25T12:27:15.4929414Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.495906213Z	99	PC: 98717 \| Get DBCS lead byte table pointer
2018-12-25T12:27:15.501790836Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.503457461Z	56	PC: 92f39 \| Get or set country info
2018-12-25T12:27:15.507887304Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.511167654Z	64	PC: 98988 \| Write file or device (Write 2 bytes on handle 1)
2018-12-25T12:27:15.518881565Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.520628114Z	25	PC: 92fa2 \| Get default drive
2018-12-25T12:27:15.52341006Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.524923483Z	71	PC: 9521d \| Get current directory
2018-12-25T12:27:15.529459526Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.531959408Z	64	PC: 98988 \| Write file or device (See above)
2018-12-25T12:27:15.535833448Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.538152322Z	2	PC: 951f2 \| Character output (Char = '3e')
2018-12-25T12:27:15.541912702Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.545006147Z	93	PC: 93060 \| File sharing functions
2018-12-25T12:27:15.547024863Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.548620084Z	93	PC: 93067 \| File sharing functions
2018-12-25T12:27:15.551358629Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.552803881Z	10	PC: 93079 \| Buffered keyboard input

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10118,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:27:14.948643403Z	53	PC: 17e84 \| Get interrupt vector (Interrupt = '254' AKA 'UNKNOWN!')
2018-12-25T12:27:14.950828518Z	88	PC: 17ea0 \| case 0xGet or set allocation strateg:
2018-12-25T12:27:14.952437924Z	42	PC: 17ec0 \| Get date 0x17ec0: cmp cx, 0x7cb 0x17ec4: jb 0x17ef4 0x17ec6: ja 0x17ed6 0x17ec8: cmp dh, 9 0x17ecb: jb 0x17ef4 0x17ecd: ja 0x17ed6 0x17ecf: cmp dl, 0x13 0x17ed2: jb 0x17ef4 0x17ed4: jmp 0x17eef 0x17ed6: mov dx, 0x173 0x17ed9: mov ah, 0x3c 0x17edb: mov cx, 1 0x17ede: int 0x21 0x17ee0: xchg ax, bx 0x17ee1: mov dx, 0x220 0x17ee4: mov cx, 0x5d3 0x17ee7: mov ah, 0x40 0x17ee9: int 0x21 0x17eeb: mov ah, 0x3e 0x17eed: int 0x21
2018-12-25T12:27:14.955040796Z	61	PC: 9e59b \| Open file
2018-12-25T12:27:14.962072835Z	25	PC: 9e625 \| Get default drive
2018-12-25T12:27:14.96334473Z	9	PC: 12a54 \| Display string (Could not find end pointer)
2018-12-25T12:27:14.966682578Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:14.969704049Z	76	PC: 12a59 \| Terminate with return code (Return code = '0')
2018-12-25T12:27:14.973040938Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:14.974457211Z	77	PC: 11fe0 \| Get program return code
2018-12-25T12:27:14.977189975Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:14.979189298Z	72	PC: 12174 \| Allocate memory
2018-12-25T12:27:14.981365627Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:14.984068409Z	72	PC: 1218d \| Allocate memory
2018-12-25T12:27:14.98666055Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:14.98797216Z	37	PC: 123c4 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:27:14.989437877Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:14.990928682Z	37	PC: 123cb \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:27:14.992264691Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:14.993617356Z	37	PC: 123d2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:27:14.995380167Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:14.99642266Z	68	PC: 9e811 \| I/O control for devices (Set for = 'mfyW�Wv W�Wj W�WcW�W�W W5W')
2018-12-25T12:27:14.998995661Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:15.000832908Z	53	PC: 9e538 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:27:15.001986896Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:15.003516731Z	66	PC: 9e59b \| Move file pointer (See above)
2018-12-25T12:27:15.005585872Z	66	PC: 9e59b \| Move file pointer (See above)
2018-12-25T12:27:15.007262647Z	63	PC: 9e59b \| Read file or device (See above)
2018-12-25T12:27:15.008984715Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:15.011292918Z	62	PC: 122ab \| Close file
2018-12-25T12:27:15.012803369Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.014062966Z	68	PC: 9e811 \| I/O control for devices (See above)
2018-12-25T12:27:15.016858005Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:15.01834297Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:27:15.019831623Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.021922481Z	68	PC: 9e811 \| I/O control for devices (See above)
2018-12-25T12:27:15.023482351Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:15.02532206Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:27:15.028096283Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.029220608Z	68	PC: 9e811 \| I/O control for devices (See above)
2018-12-25T12:27:15.030777878Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:15.034547514Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:27:15.036102845Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.037198057Z	68	PC: 9e811 \| I/O control for devices (See above)
2018-12-25T12:27:15.039772053Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:15.041394383Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:27:15.043179408Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.045507842Z	68	PC: 9e811 \| I/O control for devices (See above)
2018-12-25T12:27:15.047208796Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:15.048776498Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:27:15.05087017Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.052381394Z	68	PC: 9e811 \| I/O control for devices (See above)
2018-12-25T12:27:15.054141387Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:15.06151829Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:27:15.063210224Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.064273124Z	68	PC: 9e811 \| I/O control for devices (See above)
2018-12-25T12:27:15.066132526Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:15.068396779Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:27:15.069922727Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.071310787Z	68	PC: 9e811 \| I/O control for devices (See above)
2018-12-25T12:27:15.074148769Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:15.075495679Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:27:15.0772148Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.082671018Z	68	PC: 9e811 \| I/O control for devices (See above)
2018-12-25T12:27:15.084618105Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:15.092308342Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:27:15.094530391Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.095959587Z	68	PC: 9e811 \| I/O control for devices (See above)
2018-12-25T12:27:15.09773476Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:15.100146468Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:27:15.101581017Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.106512638Z	68	PC: 9e811 \| I/O control for devices (See above)
2018-12-25T12:27:15.108260635Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:15.109821127Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:27:15.114597721Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.115872339Z	68	PC: 9e811 \| I/O control for devices (See above)
2018-12-25T12:27:15.117675633Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:15.121080333Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:27:15.122996587Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.124859845Z	68	PC: 9e811 \| I/O control for devices (See above)
2018-12-25T12:27:15.127096486Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:15.129042536Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:27:15.131126434Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.132236265Z	68	PC: 9e811 \| I/O control for devices (See above)
2018-12-25T12:27:15.13413782Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:15.137312335Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:27:15.14060405Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.143031251Z	61	PC: 12354 \| Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T12:27:15.150469149Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.152252992Z	66	PC: 12372 \| Move file pointer
2018-12-25T12:27:15.154566902Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.156190002Z	63	PC: 12383 \| Read file or device (Read 44693 bytes on handle 5)
2018-12-25T12:27:15.1710251Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.173401765Z	68	PC: 9e811 \| I/O control for devices (See above)
2018-12-25T12:27:15.175260847Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:15.177790621Z	62	PC: 1238a \| Close file
2018-12-25T12:27:15.181517152Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.182871974Z	99	PC: 98717 \| Get DBCS lead byte table pointer
2018-12-25T12:27:15.184410487Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.186488325Z	56	PC: 92f39 \| Get or set country info
2018-12-25T12:27:15.189347942Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.191153254Z	64	PC: 98988 \| Write file or device (Write 2 bytes on handle 1)
2018-12-25T12:27:15.195806893Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.196953552Z	25	PC: 92fa2 \| Get default drive
2018-12-25T12:27:15.198706532Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.200465223Z	71	PC: 9521d \| Get current directory
2018-12-25T12:27:15.20447884Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.205719657Z	64	PC: 98988 \| Write file or device (See above)
2018-12-25T12:27:15.210306044Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.211749985Z	2	PC: 951f2 \| Character output (Char = '3e')
2018-12-25T12:27:15.214279125Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.217779027Z	93	PC: 93060 \| File sharing functions
2018-12-25T12:27:15.219557606Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.220823154Z	93	PC: 93067 \| File sharing functions
2018-12-25T12:27:15.223950008Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.224999781Z	10	PC: 93079 \| Buffered keyboard input

{"DateBased":true,"Day":1,"Month":1,"Year":1995,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10118,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:27:15.404685689Z	53	PC: 17e84 \| Get interrupt vector (Interrupt = '254' AKA 'UNKNOWN!')
2018-12-25T12:27:15.406565649Z	88	PC: 17ea0 \| case 0xGet or set allocation strateg:
2018-12-25T12:27:15.408100336Z	42	PC: 17ec0 \| Get date 0x17ec0: cmp cx, 0x7cb 0x17ec4: jb 0x17ef4 0x17ec6: ja 0x17ed6 0x17ec8: cmp dh, 9 0x17ecb: jb 0x17ef4 0x17ecd: ja 0x17ed6 0x17ecf: cmp dl, 0x13 0x17ed2: jb 0x17ef4 0x17ed4: jmp 0x17eef 0x17ed6: mov dx, 0x173 0x17ed9: mov ah, 0x3c 0x17edb: mov cx, 1 0x17ede: int 0x21 0x17ee0: xchg ax, bx 0x17ee1: mov dx, 0x220 0x17ee4: mov cx, 0x5d3 0x17ee7: mov ah, 0x40 0x17ee9: int 0x21 0x17eeb: mov ah, 0x3e 0x17eed: int 0x21
2018-12-25T12:27:15.41006875Z	61	PC: 9e59b \| Open file
2018-12-25T12:27:15.414959258Z	25	PC: 9e625 \| Get default drive
2018-12-25T12:27:15.417211143Z	9	PC: 12a54 \| Display string (Could not find end pointer)
2018-12-25T12:27:15.419272354Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.420868182Z	76	PC: 12a59 \| Terminate with return code (Return code = '0')
2018-12-25T12:27:15.424029288Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.425205024Z	77	PC: 11fe0 \| Get program return code
2018-12-25T12:27:15.426963179Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.428154314Z	72	PC: 12174 \| Allocate memory
2018-12-25T12:27:15.430296362Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.432087744Z	72	PC: 1218d \| Allocate memory
2018-12-25T12:27:15.435089928Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.436601429Z	37	PC: 123c4 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:27:15.438159293Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.441674566Z	37	PC: 123cb \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:27:15.443717079Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.446764117Z	37	PC: 123d2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:27:15.4495574Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.451996555Z	68	PC: 9e811 \| I/O control for devices (Set for = 'mfyW�Wv W�Wj W�WcW�W�W W5W')
2018-12-25T12:27:15.454093754Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:15.456702702Z	53	PC: 9e538 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:27:15.459013896Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:15.461521339Z	66	PC: 9e59b \| Move file pointer (See above)
2018-12-25T12:27:15.463383539Z	66	PC: 9e59b \| Move file pointer (See above)
2018-12-25T12:27:15.465116302Z	63	PC: 9e59b \| Read file or device (See above)
2018-12-25T12:27:15.467979601Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:15.469613398Z	62	PC: 122ab \| Close file
2018-12-25T12:27:15.471186754Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.472509142Z	68	PC: 9e811 \| I/O control for devices (See above)
2018-12-25T12:27:15.474554853Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:15.47676385Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:27:15.478638108Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.480172831Z	68	PC: 9e811 \| I/O control for devices (See above)
2018-12-25T12:27:15.481749727Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:15.483512363Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:27:15.485851769Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.487659384Z	68	PC: 9e811 \| I/O control for devices (See above)
2018-12-25T12:27:15.490054161Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:15.49240506Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:27:15.494212713Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.495721909Z	68	PC: 9e811 \| I/O control for devices (See above)
2018-12-25T12:27:15.498226474Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:15.50015136Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:27:15.502054113Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.50350036Z	68	PC: 9e811 \| I/O control for devices (See above)
2018-12-25T12:27:15.504801827Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:15.506264026Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:27:15.508200776Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.509500413Z	68	PC: 9e811 \| I/O control for devices (See above)
2018-12-25T12:27:15.511236529Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:15.513354121Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:27:15.51484253Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.515826564Z	68	PC: 9e811 \| I/O control for devices (See above)
2018-12-25T12:27:15.517922804Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:15.519375476Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:27:15.520813146Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.522860122Z	68	PC: 9e811 \| I/O control for devices (See above)
2018-12-25T12:27:15.524219436Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:15.525587793Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:27:15.527762405Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.528970651Z	68	PC: 9e811 \| I/O control for devices (See above)
2018-12-25T12:27:15.530666682Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:15.532679217Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:27:15.53437821Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.535610992Z	68	PC: 9e811 \| I/O control for devices (See above)
2018-12-25T12:27:15.538020928Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:15.540009054Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:27:15.541440093Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.543461635Z	68	PC: 9e811 \| I/O control for devices (See above)
2018-12-25T12:27:15.544914871Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:15.547115078Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:27:15.549667865Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.550709223Z	68	PC: 9e811 \| I/O control for devices (See above)
2018-12-25T12:27:15.552075373Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:15.554099289Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:27:15.555734145Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.557003952Z	68	PC: 9e811 \| I/O control for devices (See above)
2018-12-25T12:27:15.559197882Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:15.560810035Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:27:15.562434523Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.564258107Z	68	PC: 9e811 \| I/O control for devices (See above)
2018-12-25T12:27:15.565854584Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:15.567461926Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:27:15.571316792Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.572590351Z	61	PC: 12354 \| Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T12:27:15.578865527Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.580892685Z	66	PC: 12372 \| Move file pointer
2018-12-25T12:27:15.582433924Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.583615885Z	63	PC: 12383 \| Read file or device (Read 44693 bytes on handle 5)
2018-12-25T12:27:15.59676226Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.597797436Z	68	PC: 9e811 \| I/O control for devices (See above)
2018-12-25T12:27:15.599117075Z	87	PC: 9e59b \| Get or set file date and time (See above)
2018-12-25T12:27:15.602304196Z	62	PC: 1238a \| Close file
2018-12-25T12:27:15.605667515Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.607190445Z	99	PC: 98717 \| Get DBCS lead byte table pointer
2018-12-25T12:27:15.608862151Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.609988361Z	56	PC: 92f39 \| Get or set country info
2018-12-25T12:27:15.611786162Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.613305041Z	64	PC: 98988 \| Write file or device (Write 2 bytes on handle 1)
2018-12-25T12:27:15.617700739Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.61897048Z	25	PC: 92fa2 \| Get default drive
2018-12-25T12:27:15.621231766Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.625416673Z	71	PC: 9521d \| Get current directory
2018-12-25T12:27:15.630198247Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.631900141Z	64	PC: 98988 \| Write file or device (See above)
2018-12-25T12:27:15.635408148Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.636763624Z	2	PC: 951f2 \| Character output (Char = '3e')
2018-12-25T12:27:15.640069614Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.641447984Z	93	PC: 93060 \| File sharing functions
2018-12-25T12:27:15.643356711Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.645535595Z	93	PC: 93067 \| File sharing functions
2018-12-25T12:27:15.647852458Z	25	PC: 9e625 \| Get default drive (See above)
2018-12-25T12:27:15.649217301Z	10	PC: 93079 \| Buffered keyboard input