Sample viewer

vx.netlux.org/Virus.DOS.MtE.Ultra.2932

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:52:07.427832929Z 26 PC: 12c1b | Set disk transfer address
2018-12-17T22:52:07.429520669Z 53 PC: 12c20 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:07.436294112Z 37 PC: 12c2a | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:07.438658855Z 78 PC: 12c43 | Find first file
2018-12-17T22:52:07.445743203Z 67 PC: 12ca2 | Get or set file attributes
2018-12-17T22:52:07.469883802Z 61 PC: 12ca9 | Open file (Filename = '')
2018-12-17T22:52:07.477728919Z 63 PC: 12cb6 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:52:07.485195976Z 66 PC: 12cce | Move file pointer
2018-12-17T22:52:07.488654953Z 87 PC: 12ce4 | Get or set file date and time
2018-12-17T22:52:07.497044484Z 64 PC: 12d17 | Write file or device (Write 3177 bytes on handle 5)
2018-12-17T22:52:07.506163003Z 66 PC: 12d26 | Move file pointer
2018-12-17T22:52:07.509036Z 64 PC: 12d30 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:52:07.512393187Z 87 PC: 12d37 | Get or set file date and time
2018-12-17T22:52:07.514357326Z 62 PC: 12d3b | Close file
2018-12-17T22:52:07.523284887Z 44 PC: 12c58 | Get time 0x12c58: cmp ch, 0x12
0x12c5b: je 0x12c7a
0x12c5d: pop cx
0x12c5e: loop 0x12c4c
0x12c60: jae 0x12c84
0x12c62: call 0x12d6a
0x12c65: test al, 1
0x12c67: je 0x12c84
0x12c69: xchg ax, dx
0x12c6a: mov ah, 0x19
0x12c6c: int 0x21
0x12c6e: mov cx, 1
0x12c71: mov bx, 0x100
0x12c74: int 0x26
0x12c76: popf
0x12c77: jmp 0x12c84
0x12c79: nop
0x12c7a: ljmp 0xffff:0
0x12c7f: mov ax, 0x4c00
0x12c82: int 0x21
2018-12-17T22:52:07.527301082Z 79 PC: 12c43 | Find next file
2018-12-17T22:52:07.531326072Z 67 PC: 12ca2 | Get or set file attributes
2018-12-17T22:52:07.543486766Z 61 PC: 12ca9 | Open file (Filename = ' �!�P;��38��c�ů�Bģ������b`V��8?��N����அL<��5�a\�����(����p��T�{�-�J���JK61�1�(�B�+w�T� KS�')
2018-12-17T22:52:07.551858593Z 63 PC: 12cb6 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:52:07.560445103Z 66 PC: 12cce | Move file pointer
2018-12-17T22:52:07.562359429Z 87 PC: 12ce4 | Get or set file date and time
2018-12-17T22:52:07.569217653Z 64 PC: 12d17 | Write file or device (Write 3045 bytes on handle 5)
2018-12-17T22:52:07.578397006Z 66 PC: 12d26 | Move file pointer
2018-12-17T22:52:07.580349834Z 64 PC: 12d30 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:52:07.58401521Z 87 PC: 12d37 | Get or set file date and time
2018-12-17T22:52:07.587548407Z 62 PC: 12d3b | Close file
2018-12-17T22:52:07.596187846Z 44 PC: 12c58 | Get time 0x12c58: cmp ch, 0x12
0x12c5b: je 0x12c7a
0x12c5d: pop cx
0x12c5e: loop 0x12c4c
0x12c60: jae 0x12c84
0x12c62: call 0x12d6a
0x12c65: test al, 1
0x12c67: je 0x12c84
0x12c69: xchg ax, dx
0x12c6a: mov ah, 0x19
0x12c6c: int 0x21
0x12c6e: mov cx, 1
0x12c71: mov bx, 0x100
0x12c74: int 0x26
0x12c76: popf
0x12c77: jmp 0x12c84
0x12c79: nop
0x12c7a: ljmp 0xffff:0
0x12c7f: mov ax, 0x4c00
0x12c82: int 0x21
2018-12-17T22:52:07.598996523Z 79 PC: 12c43 | Find next file
2018-12-17T22:52:07.60291313Z 67 PC: 12ca2 | Get or set file attributes
2018-12-17T22:52:07.613731403Z 61 PC: 12ca9 | Open file (Filename = 'yJ����A��\u �����2��H�P�m �y�4�U��D ��X �y�X�������$�����0����Ys#PM2Ҋ��l��6�RW���')
2018-12-17T22:52:07.621269684Z 63 PC: 12cb6 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:52:07.629587358Z 66 PC: 12cce | Move file pointer
2018-12-17T22:52:07.631277823Z 87 PC: 12ce4 | Get or set file date and time
2018-12-17T22:52:07.638817387Z 64 PC: 12d17 | Write file or device (Write 3236 bytes on handle 5)
2018-12-17T22:52:07.648804979Z 66 PC: 12d26 | Move file pointer
2018-12-17T22:52:07.650826787Z 64 PC: 12d30 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:52:07.658268196Z 87 PC: 12d37 | Get or set file date and time
2018-12-17T22:52:07.661160149Z 62 PC: 12d3b | Close file
2018-12-17T22:52:07.670239434Z 44 PC: 12c58 | Get time 0x12c58: cmp ch, 0x12
0x12c5b: je 0x12c7a
0x12c5d: pop cx
0x12c5e: loop 0x12c4c
0x12c60: jae 0x12c84
0x12c62: call 0x12d6a
0x12c65: test al, 1
0x12c67: je 0x12c84
0x12c69: xchg ax, dx
0x12c6a: mov ah, 0x19
0x12c6c: int 0x21
0x12c6e: mov cx, 1
0x12c71: mov bx, 0x100
0x12c74: int 0x26
0x12c76: popf
0x12c77: jmp 0x12c84
0x12c79: nop
0x12c7a: ljmp 0xffff:0
0x12c7f: mov ax, 0x4c00
0x12c82: int 0x21
2018-12-17T22:52:07.672622812Z 79 PC: 12c43 | Find next file
2018-12-17T22:52:07.676032076Z 67 PC: 12ca2 | Get or set file attributes
2018-12-17T22:52:07.68693142Z 61 PC: 12ca9 | Open file (Filename = 'e�����')
2018-12-17T22:52:07.69514543Z 63 PC: 12cb6 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:52:07.702383928Z 66 PC: 12cce | Move file pointer
2018-12-17T22:52:07.704655676Z 87 PC: 12ce4 | Get or set file date and time
2018-12-17T22:52:07.712113846Z 64 PC: 12d17 | Write file or device (Write 3043 bytes on handle 5)
2018-12-17T22:52:07.72061189Z 66 PC: 12d26 | Move file pointer
2018-12-17T22:52:07.723172661Z 64 PC: 12d30 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:52:07.726064042Z 87 PC: 12d37 | Get or set file date and time
2018-12-17T22:52:07.72771866Z 62 PC: 12d3b | Close file
2018-12-17T22:52:07.736953407Z 44 PC: 12c58 | Get time 0x12c58: cmp ch, 0x12
0x12c5b: je 0x12c7a
0x12c5d: pop cx
0x12c5e: loop 0x12c4c
0x12c60: jae 0x12c84
0x12c62: call 0x12d6a
0x12c65: test al, 1
0x12c67: je 0x12c84
0x12c69: xchg ax, dx
0x12c6a: mov ah, 0x19
0x12c6c: int 0x21
0x12c6e: mov cx, 1
0x12c71: mov bx, 0x100
0x12c74: int 0x26
0x12c76: popf
0x12c77: jmp 0x12c84
0x12c79: nop
0x12c7a: ljmp 0xffff:0
0x12c7f: mov ax, 0x4c00
0x12c82: int 0x21
2018-12-17T22:52:07.739514539Z 37 PC: 12c8b | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:07.740863372Z 26 PC: 12c94 | Set disk transfer address
2018-12-17T22:52:07.742855014Z 9 PC: 12a47 | Display string (String= '(C) 1993 American Eagle Poblications Inc., All Rights Reserved. Unauthorized use will be prosecuted under applicable copyright and software piracy laws. HOST #1 - You have just released a virus!')
2018-12-17T22:52:07.751073643Z 76 PC: 12a4c | Terminate with return code (Return code = '0')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10785,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:29:14.820845777Z 26 PC: 12c1b | Set disk transfer address
2018-12-25T12:29:14.822704979Z 53 PC: 12c20 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:29:14.823925859Z 37 PC: 12c2a | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:29:14.825868202Z 78 PC: 12c43 | Find first file
2018-12-25T12:29:14.832537892Z 67 PC: 12ca2 | Get or set file attributes
2018-12-25T12:29:15.244765343Z 61 PC: 12ca9 | Open file (Filename = '')
2018-12-25T12:29:15.254068387Z 63 PC: 12cb6 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:29:15.263253524Z 66 PC: 12cce | Move file pointer
2018-12-25T12:29:15.266399898Z 87 PC: 12ce4 | Get or set file date and time
2018-12-25T12:29:15.274414773Z 64 PC: 12d17 | Write file or device (Write 3177 bytes on handle 5)
2018-12-25T12:29:15.285322189Z 66 PC: 12d26 | Move file pointer
2018-12-25T12:29:15.288133808Z 64 PC: 12d30 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:29:15.293230693Z 87 PC: 12d37 | Get or set file date and time
2018-12-25T12:29:15.295303215Z 62 PC: 12d3b | Close file
2018-12-25T12:29:15.306796522Z 44 PC: 12c58 | Get time 0x12c58: cmp ch, 0x12
0x12c5b: je 0x12c7a
0x12c5d: pop cx
0x12c5e: loop 0x12c4c
0x12c60: jae 0x12c84
0x12c62: call 0x12d6a
0x12c65: test al, 1
0x12c67: je 0x12c84
0x12c69: xchg ax, dx
0x12c6a: mov ah, 0x19
0x12c6c: int 0x21
0x12c6e: mov cx, 1
0x12c71: mov bx, 0x100
0x12c74: int 0x26
0x12c76: popf
0x12c77: jmp 0x12c84
0x12c79: nop
0x12c7a: ljmp 0xffff:0
0x12c7f: mov ax, 0x4c00
0x12c82: int 0x21
2018-12-25T12:29:15.310367395Z 79 PC: 12c43 | Find next file (See above)
2018-12-25T12:29:15.313434099Z 67 PC: 12ca2 | Get or set file attributes (See above)
2018-12-25T12:29:15.322058123Z 61 PC: 12ca9 | Open file (See above)
2018-12-25T12:29:15.327158423Z 63 PC: 12cb6 | Read file or device (See above)
2018-12-25T12:29:15.332404705Z 66 PC: 12cce | Move file pointer (See above)
2018-12-25T12:29:15.344070392Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T12:29:15.349667114Z 64 PC: 12d17 | Write file or device (See above)
2018-12-25T12:29:15.359297335Z 66 PC: 12d26 | Move file pointer (See above)
2018-12-25T12:29:15.362858634Z 64 PC: 12d30 | Write file or device (See above)
2018-12-25T12:29:15.37010958Z 87 PC: 12d37 | Get or set file date and time (See above)
2018-12-25T12:29:15.371680599Z 62 PC: 12d3b | Close file (See above)
2018-12-25T12:29:15.381190747Z 44 PC: 12c58 | Get time (See above)
2018-12-25T12:29:15.384138948Z 79 PC: 12c43 | Find next file (See above)
2018-12-25T12:29:15.38721521Z 67 PC: 12ca2 | Get or set file attributes (See above)
2018-12-25T12:29:15.398251516Z 61 PC: 12ca9 | Open file (See above)
2018-12-25T12:29:15.405650796Z 63 PC: 12cb6 | Read file or device (See above)
2018-12-25T12:29:15.412619256Z 66 PC: 12cce | Move file pointer (See above)
2018-12-25T12:29:15.414038678Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T12:29:15.422233894Z 64 PC: 12d17 | Write file or device (See above)
2018-12-25T12:29:15.431973506Z 66 PC: 12d26 | Move file pointer (See above)
2018-12-25T12:29:15.433805592Z 64 PC: 12d30 | Write file or device (See above)
2018-12-25T12:29:15.443038012Z 87 PC: 12d37 | Get or set file date and time (See above)
2018-12-25T12:29:15.444898855Z 62 PC: 12d3b | Close file (See above)
2018-12-25T12:29:15.45448358Z 44 PC: 12c58 | Get time (See above)
2018-12-25T12:29:15.45812576Z 79 PC: 12c43 | Find next file (See above)
2018-12-25T12:29:15.460990854Z 67 PC: 12ca2 | Get or set file attributes (See above)
2018-12-25T12:29:15.473209638Z 61 PC: 12ca9 | Open file (See above)
2018-12-25T12:29:15.482784629Z 63 PC: 12cb6 | Read file or device (See above)
2018-12-25T12:29:15.491418098Z 66 PC: 12cce | Move file pointer (See above)
2018-12-25T12:29:15.493084573Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T12:29:15.501789239Z 64 PC: 12d17 | Write file or device (See above)
2018-12-25T12:29:15.513659445Z 66 PC: 12d26 | Move file pointer (See above)
2018-12-25T12:29:15.515192615Z 64 PC: 12d30 | Write file or device (See above)
2018-12-25T12:29:15.522533513Z 87 PC: 12d37 | Get or set file date and time (See above)
2018-12-25T12:29:15.524739129Z 62 PC: 12d3b | Close file (See above)
2018-12-25T12:29:15.533503997Z 44 PC: 12c58 | Get time (See above)
2018-12-25T12:29:15.536392848Z 37 PC: 12c8b | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:29:15.538321642Z 26 PC: 12c94 | Set disk transfer address
2018-12-25T12:29:15.539613008Z 9 PC: 12a47 | Display string (String= '(C) 1993 American Eagle Poblications Inc., All Rights Reserved. Unauthorized use will be prosecuted under applicable copyright and software piracy laws. HOST #1 - You have just released a virus!')
2018-12-25T12:29:15.547787366Z 76 PC: 12a4c | Terminate with return code (Return code = '0')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":18,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10785,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:29:15.43397502Z 26 PC: 12c1b | Set disk transfer address
2018-12-25T12:29:15.435512609Z 53 PC: 12c20 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:29:15.436897208Z 37 PC: 12c2a | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:29:15.438832899Z 78 PC: 12c43 | Find first file
2018-12-25T12:29:15.445268066Z 67 PC: 12ca2 | Get or set file attributes
2018-12-25T12:29:15.461542165Z 61 PC: 12ca9 | Open file (Filename = '')
2018-12-25T12:29:15.46847502Z 63 PC: 12cb6 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:29:15.475054777Z 66 PC: 12cce | Move file pointer
2018-12-25T12:29:15.477607924Z 87 PC: 12ce4 | Get or set file date and time
2018-12-25T12:29:15.484835193Z 64 PC: 12d17 | Write file or device (Write 3177 bytes on handle 5)
2018-12-25T12:29:15.493586446Z 66 PC: 12d26 | Move file pointer
2018-12-25T12:29:15.49573708Z 64 PC: 12d30 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:29:15.498663477Z 87 PC: 12d37 | Get or set file date and time
2018-12-25T12:29:15.500334907Z 62 PC: 12d3b | Close file
2018-12-25T12:29:15.509890519Z 44 PC: 12c58 | Get time 0x12c58: cmp ch, 0x12
0x12c5b: je 0x12c7a
0x12c5d: pop cx
0x12c5e: loop 0x12c4c
0x12c60: jae 0x12c84
0x12c62: call 0x12d6a
0x12c65: test al, 1
0x12c67: je 0x12c84
0x12c69: xchg ax, dx
0x12c6a: mov ah, 0x19
0x12c6c: int 0x21
0x12c6e: mov cx, 1
0x12c71: mov bx, 0x100
0x12c74: int 0x26
0x12c76: popf
0x12c77: jmp 0x12c84
0x12c79: nop
0x12c7a: ljmp 0xffff:0
0x12c7f: mov ax, 0x4c00
0x12c82: int 0x21
2018-12-25T12:29:17.70564676Z 72 PC: 8f1b9 | Allocate memory
2018-12-25T12:29:17.707347442Z 72 PC: 8f1bd | Allocate memory
2018-12-25T12:29:17.710615099Z 99 PC: 90858 | Get DBCS lead byte table pointer
2018-12-25T12:29:17.713342363Z 61 PC: 91f88 | Open file (Filename = 'C:\WINDOWS\HIMEM.SYS')
2018-12-25T12:29:17.723799484Z 66 PC: 91f95 | Move file pointer
2018-12-25T12:29:17.726457716Z 62 PC: 91fc1 | Close file
2018-12-25T12:29:17.728374894Z 75 PC: 91fe0 | Execute program
2018-12-25T12:29:17.743949206Z 98 PC: 916f1 | Get current PSP
2018-12-25T12:29:17.74555902Z 9 PC: c605 | Display string (String= '6��r�&;] u')
2018-12-25T12:29:17.749538519Z 48 PC: c609 | Get DOS version
2018-12-25T12:29:17.752960806Z 9 PC: c382 | Display string (String= ' Installed A20 handler number ')
2018-12-25T12:29:17.755846662Z 2 PC: c38c | Character output (Char = '32')
2018-12-25T12:29:17.758137835Z 2 PC: c3a7 | Character output (Char = '2e')
2018-12-25T12:29:17.761283264Z 9 PC: c6d9 | Display string (String= '�����VH�VD���V@��������������_���Ku��t1��������D�����t �� ��������a1��Z�����W���� ������5���|�����(���������Nj�(��������p�^')
2018-12-25T12:29:17.765058829Z 9 PC: c6e0 | Display string (String= '�5���|�����(���������Nj�(��������p�^')
2018-12-25T12:29:17.770513225Z 61 PC: 91f88 | Open file (See above)
2018-12-25T12:29:17.780170426Z 66 PC: 91f95 | Move file pointer (See above)
2018-12-25T12:29:17.781576094Z 62 PC: 91fc1 | Close file (See above)
2018-12-25T12:29:17.784218993Z 75 PC: 91fe0 | Execute program (See above)
2018-12-25T12:29:17.804426327Z 98 PC: 916f1 | Get current PSP (See above)
2018-12-25T12:29:17.80790158Z 82 PC: 13d46 | Get DOS internal pointers (SYSVARS)
2018-12-25T12:29:17.809341339Z 53 PC: 13ac3 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:29:17.810314921Z 37 PC: 13ad6 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:29:17.811227713Z 53 PC: 13ae0 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:29:17.812589566Z 37 PC: 13af3 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:29:17.813608157Z 9 PC: 13a0d | Display string (Could not find end pointer)
2018-12-25T12:29:17.820952228Z 62 PC: 8f8eb | Close file
2018-12-25T12:29:17.822987888Z 62 PC: 8f8f2 | Close file
2018-12-25T12:29:17.824684964Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:29:17.826102999Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:29:17.829330271Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:29:17.830960423Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:29:17.832545828Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:29:17.846970289Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:29:17.849100725Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:29:17.850543772Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:29:17.852335172Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:29:17.853768665Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:29:17.855517293Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:29:17.858872421Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:29:17.86019779Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:29:17.861606433Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:29:17.863484911Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:29:17.864839537Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:29:17.866241771Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:29:17.868343779Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:29:17.869643663Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:29:17.870996529Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:29:17.872832424Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:29:17.874271158Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:29:17.875622393Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:29:17.877437977Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:29:17.878756022Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:29:17.880145882Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:29:17.882031426Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:29:17.883398675Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:29:17.884680137Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:29:17.886510745Z 61 PC: 8f8ff | Open file (Filename = '')
2018-12-25T12:29:17.890595887Z 62 PC: 8f90e | Close file
2018-12-25T12:29:17.891812432Z 69 PC: 8f915 | Duplicate handle
2018-12-25T12:29:17.893436266Z 69 PC: 8f919 | Duplicate handle
2018-12-25T12:29:17.894489817Z 61 PC: 9387b | Open file (Filename = '')
2018-12-25T12:29:17.897252868Z 68 PC: 9386b | I/O control for devices (Set for = '')
2018-12-25T12:29:17.898708153Z 61 PC: 9387b | Open file (See above)
2018-12-25T12:29:17.901681571Z 68 PC: 9386b | I/O control for devices (See above)
2018-12-25T12:29:17.903219812Z 74 PC: 8f9c4 | Reallocate memory
2018-12-25T12:29:17.904914855Z 72 PC: 8f9e0 | Allocate memory
2018-12-25T12:29:17.906409526Z 72 PC: 8f9e4 | Allocate memory
2018-12-25T12:29:17.907696401Z 74 PC: 8f9fb | Reallocate memory
2018-12-25T12:29:17.911244085Z 72 PC: 8fa02 | Allocate memory
2018-12-25T12:29:17.912703596Z 72 PC: 8fa06 | Allocate memory
2018-12-25T12:29:17.913975914Z 73 PC: 8fa11 | Release memory
2018-12-25T12:29:17.915832545Z 73 PC: 8efea | Release memory
2018-12-25T12:29:17.917007647Z 74 PC: 8f003 | Reallocate memory
2018-12-25T12:29:17.918386027Z 72 PC: 8f054 | Allocate memory
2018-12-25T12:29:17.920515236Z 72 PC: 8f058 | Allocate memory
2018-12-25T12:29:17.921826813Z 73 PC: 8f060 | Release memory
2018-12-25T12:29:17.922957317Z 61 PC: 8f080 | Open file (Filename = '')
2018-12-25T12:29:17.931743719Z 63 PC: 8f095 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:29:17.937640993Z 66 PC: 8f0ad | Move file pointer
2018-12-25T12:29:17.938873422Z 62 PC: 8f0d1 | Close file
2018-12-25T12:29:17.940899517Z 75 PC: 8f0f2 | Execute program
2018-12-25T12:29:17.958613103Z 80 PC: 12be9 | Set current PSP
2018-12-25T12:29:17.959267882Z 48 PC: 12bee | Get DOS version
2018-12-25T12:29:17.960961597Z 99 PC: 193d0 | Get DBCS lead byte table pointer
2018-12-25T12:29:17.962587167Z 101 PC: 12c74 | Get extended country info
2018-12-25T12:29:17.963657701Z 99 PC: 12c7a | Get DBCS lead byte table pointer
2018-12-25T12:29:17.964934371Z 74 PC: 12cdc | Reallocate memory
2018-12-25T12:29:17.9661837Z 72 PC: 1355d | Allocate memory
2018-12-25T12:29:17.967551771Z 25 PC: 13596 | Get default drive
2018-12-25T12:29:17.968802571Z 71 PC: 135ad | Get current directory
2018-12-25T12:29:17.971157236Z 59 PC: 135ba | Change current directory
2018-12-25T12:29:17.976051843Z 59 PC: 135c8 | Change current directory
2018-12-25T12:29:17.981711558Z 59 PC: 135d3 | Change current directory
2018-12-25T12:29:17.984979236Z 25 PC: 12d13 | Get default drive
2018-12-25T12:29:17.985972435Z 37 PC: 127d3 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:29:17.987393418Z 37 PC: 127da | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:29:17.988359341Z 37 PC: 127e1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:29:17.990316742Z 80 PC: 1301d | Set current PSP
2018-12-25T12:29:17.991237013Z 37 PC: 13041 | Set interrupt vector (Interrupt = '46' AKA 'Set verify flag')
2018-12-25T12:29:17.992739807Z 53 PC: 13362 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:29:17.993787552Z 37 PC: 13383 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:29:17.995396351Z 51 PC: 13417 | Get or set Ctrl-Break
2018-12-25T12:29:17.997287725Z 72 PC: 130ec | Allocate memory
2018-12-25T12:29:17.998940859Z 61 PC: 131b2 | Open file (Filename = '')
2018-12-25T12:29:18.006118745Z 62 PC: 131ba | Close file
2018-12-25T12:29:18.008005025Z 51 PC: 1344c | Get or set Ctrl-Break
2018-12-25T12:29:18.008965557Z 74 PC: 1197c | Reallocate memory
2018-12-25T12:29:18.01049056Z 72 PC: 11991 | Allocate memory
2018-12-25T12:29:18.012165284Z 73 PC: 119b2 | Release memory
2018-12-25T12:29:18.013301447Z 72 PC: 119bd | Allocate memory
2018-12-25T12:29:18.015177365Z 73 PC: 119df | Release memory
2018-12-25T12:29:18.016456215Z 72 PC: 119f5 | Allocate memory
2018-12-25T12:29:18.017981872Z 72 PC: 119fd | Allocate memory

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":18,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10785,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:29:16.08044746Z 26 PC: 12c1b | Set disk transfer address
2018-12-25T12:29:16.082335789Z 53 PC: 12c20 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:29:16.096606084Z 37 PC: 12c2a | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:29:16.099088428Z 78 PC: 12c43 | Find first file
2018-12-25T12:29:16.105992604Z 67 PC: 12ca2 | Get or set file attributes
2018-12-25T12:29:16.125113736Z 61 PC: 12ca9 | Open file (Filename = '')
2018-12-25T12:29:16.132558845Z 63 PC: 12cb6 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:29:16.142033656Z 66 PC: 12cce | Move file pointer
2018-12-25T12:29:16.144639284Z 87 PC: 12ce4 | Get or set file date and time
2018-12-25T12:29:16.15276053Z 64 PC: 12d17 | Write file or device (Write 3177 bytes on handle 5)
2018-12-25T12:29:16.162513336Z 66 PC: 12d26 | Move file pointer
2018-12-25T12:29:16.165063207Z 64 PC: 12d30 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:29:16.169124528Z 87 PC: 12d37 | Get or set file date and time
2018-12-25T12:29:16.171778103Z 62 PC: 12d3b | Close file
2018-12-25T12:29:16.18143546Z 44 PC: 12c58 | Get time 0x12c58: cmp ch, 0x12
0x12c5b: je 0x12c7a
0x12c5d: pop cx
0x12c5e: loop 0x12c4c
0x12c60: jae 0x12c84
0x12c62: call 0x12d6a
0x12c65: test al, 1
0x12c67: je 0x12c84
0x12c69: xchg ax, dx
0x12c6a: mov ah, 0x19
0x12c6c: int 0x21
0x12c6e: mov cx, 1
0x12c71: mov bx, 0x100
0x12c74: int 0x26
0x12c76: popf
0x12c77: jmp 0x12c84
0x12c79: nop
0x12c7a: ljmp 0xffff:0
0x12c7f: mov ax, 0x4c00
0x12c82: int 0x21
2018-12-25T12:29:18.387937822Z 72 PC: 8f1b9 | Allocate memory
2018-12-25T12:29:18.389770297Z 72 PC: 8f1bd | Allocate memory
2018-12-25T12:29:18.392305061Z 99 PC: 90858 | Get DBCS lead byte table pointer
2018-12-25T12:29:18.395607557Z 61 PC: 91f88 | Open file (Filename = 'C:\WINDOWS\HIMEM.SYS')
2018-12-25T12:29:18.407388343Z 66 PC: 91f95 | Move file pointer
2018-12-25T12:29:18.40882779Z 62 PC: 91fc1 | Close file
2018-12-25T12:29:18.411975094Z 75 PC: 91fe0 | Execute program
2018-12-25T12:29:18.430138585Z 98 PC: 916f1 | Get current PSP
2018-12-25T12:29:18.431898643Z 9 PC: c605 | Display string (String= '6��r�&;] u')
2018-12-25T12:29:18.437544956Z 48 PC: c609 | Get DOS version
2018-12-25T12:29:18.441667533Z 9 PC: c382 | Display string (String= ' Installed A20 handler number ')
2018-12-25T12:29:18.444456229Z 2 PC: c38c | Character output (Char = '32')
2018-12-25T12:29:18.447888541Z 2 PC: c3a7 | Character output (Char = '2e')
2018-12-25T12:29:18.452467508Z 9 PC: c6d9 | Display string (String= '�����VH�VD���V@��������������_���Ku��t1��������D�����t �� ��������a1��Z�����W���� ������5���|�����(���������Nj�(��������p�^')
2018-12-25T12:29:18.456908605Z 9 PC: c6e0 | Display string (String= '�5���|�����(���������Nj�(��������p�^')
2018-12-25T12:29:18.463009264Z 61 PC: 91f88 | Open file (See above)
2018-12-25T12:29:18.474970955Z 66 PC: 91f95 | Move file pointer (See above)
2018-12-25T12:29:18.476431171Z 62 PC: 91fc1 | Close file (See above)
2018-12-25T12:29:18.478556311Z 75 PC: 91fe0 | Execute program (See above)
2018-12-25T12:29:18.508707338Z 98 PC: 916f1 | Get current PSP (See above)
2018-12-25T12:29:18.512676776Z 82 PC: 13d46 | Get DOS internal pointers (SYSVARS)
2018-12-25T12:29:18.514129137Z 53 PC: 13ac3 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:29:18.51630411Z 37 PC: 13ad6 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:29:18.517700834Z 53 PC: 13ae0 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:29:18.518991728Z 37 PC: 13af3 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:29:18.52136586Z 9 PC: 13a0d | Display string (Could not find end pointer)
2018-12-25T12:29:18.536583342Z 62 PC: 8f8eb | Close file
2018-12-25T12:29:18.53842494Z 62 PC: 8f8f2 | Close file
2018-12-25T12:29:18.540711667Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:29:18.542420504Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:29:18.543769963Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:29:18.545624759Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:29:18.547144884Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:29:18.548575147Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:29:18.550407361Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:29:18.552823396Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:29:18.554584964Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:29:18.55611594Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:29:18.557998933Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:29:18.559567004Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:29:18.561091968Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:29:18.563038271Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:29:18.564980318Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:29:18.566528059Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:29:18.56857913Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:29:18.570125903Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:29:18.571633926Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:29:18.573818417Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:29:18.575328513Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:29:18.576798744Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:29:18.578863348Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:29:18.580384805Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:29:18.581875283Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:29:18.584775935Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:29:18.586312318Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:29:18.58781147Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:29:18.589853392Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:29:18.591400162Z 61 PC: 8f8ff | Open file (Filename = '')
2018-12-25T12:29:18.597011409Z 62 PC: 8f90e | Close file
2018-12-25T12:29:18.599651439Z 69 PC: 8f915 | Duplicate handle
2018-12-25T12:29:18.601703827Z 69 PC: 8f919 | Duplicate handle
2018-12-25T12:29:18.603825597Z 61 PC: 9387b | Open file (Filename = '')
2018-12-25T12:29:18.609344573Z 68 PC: 9386b | I/O control for devices (Set for = '')
2018-12-25T12:29:18.611636253Z 61 PC: 9387b | Open file (See above)
2018-12-25T12:29:18.617086958Z 68 PC: 9386b | I/O control for devices (See above)
2018-12-25T12:29:18.619223648Z 74 PC: 8f9c4 | Reallocate memory
2018-12-25T12:29:18.621346461Z 72 PC: 8f9e0 | Allocate memory
2018-12-25T12:29:18.623193006Z 72 PC: 8f9e4 | Allocate memory
2018-12-25T12:29:18.624753527Z 74 PC: 8f9fb | Reallocate memory
2018-12-25T12:29:18.6269031Z 72 PC: 8fa02 | Allocate memory
2018-12-25T12:29:18.628961001Z 72 PC: 8fa06 | Allocate memory
2018-12-25T12:29:18.630902689Z 73 PC: 8fa11 | Release memory
2018-12-25T12:29:18.633456983Z 73 PC: 8efea | Release memory
2018-12-25T12:29:18.634926054Z 74 PC: 8f003 | Reallocate memory
2018-12-25T12:29:18.636612578Z 72 PC: 8f054 | Allocate memory
2018-12-25T12:29:18.639176086Z 72 PC: 8f058 | Allocate memory
2018-12-25T12:29:18.64092152Z 73 PC: 8f060 | Release memory
2018-12-25T12:29:18.642338303Z 61 PC: 8f080 | Open file (Filename = '')
2018-12-25T12:29:18.652520064Z 63 PC: 8f095 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:29:18.661001465Z 66 PC: 8f0ad | Move file pointer
2018-12-25T12:29:18.662909359Z 62 PC: 8f0d1 | Close file
2018-12-25T12:29:18.665204791Z 75 PC: 8f0f2 | Execute program
2018-12-25T12:29:18.689075543Z 80 PC: 12be9 | Set current PSP
2018-12-25T12:29:18.690282559Z 48 PC: 12bee | Get DOS version
2018-12-25T12:29:18.692267519Z 99 PC: 193d0 | Get DBCS lead byte table pointer
2018-12-25T12:29:18.695403631Z 101 PC: 12c74 | Get extended country info
2018-12-25T12:29:18.697052364Z 99 PC: 12c7a | Get DBCS lead byte table pointer
2018-12-25T12:29:18.698588404Z 74 PC: 12cdc | Reallocate memory
2018-12-25T12:29:18.700762105Z 72 PC: 1355d | Allocate memory
2018-12-25T12:29:18.702638171Z 25 PC: 13596 | Get default drive
2018-12-25T12:29:18.703952801Z 71 PC: 135ad | Get current directory
2018-12-25T12:29:18.71049659Z 59 PC: 135ba | Change current directory
2018-12-25T12:29:18.717218126Z 59 PC: 135c8 | Change current directory
2018-12-25T12:29:18.724378862Z 59 PC: 135d3 | Change current directory
2018-12-25T12:29:18.730634433Z 25 PC: 12d13 | Get default drive
2018-12-25T12:29:18.731978785Z 37 PC: 127d3 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:29:18.733166495Z 37 PC: 127da | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:29:18.735004631Z 37 PC: 127e1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:29:18.73757166Z 80 PC: 1301d | Set current PSP
2018-12-25T12:29:18.738558912Z 37 PC: 13041 | Set interrupt vector (Interrupt = '46' AKA 'Set verify flag')
2018-12-25T12:29:18.740973711Z 53 PC: 13362 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:29:18.742378512Z 37 PC: 13383 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:29:18.743767363Z 51 PC: 13417 | Get or set Ctrl-Break
2018-12-25T12:29:18.746235301Z 72 PC: 130ec | Allocate memory
2018-12-25T12:29:18.748609424Z 61 PC: 131b2 | Open file (Filename = '')
2018-12-25T12:29:18.755799229Z 62 PC: 131ba | Close file
2018-12-25T12:29:18.758212368Z 51 PC: 1344c | Get or set Ctrl-Break
2018-12-25T12:29:18.76020002Z 74 PC: 1197c | Reallocate memory
2018-12-25T12:29:18.76204949Z 72 PC: 11991 | Allocate memory
2018-12-25T12:29:18.763856768Z 73 PC: 119b2 | Release memory
2018-12-25T12:29:18.766343697Z 72 PC: 119bd | Allocate memory
2018-12-25T12:29:18.768252187Z 73 PC: 119df | Release memory
2018-12-25T12:29:18.770886072Z 72 PC: 119f5 | Allocate memory
2018-12-25T12:29:18.773705412Z 72 PC: 119fd | Allocate memory

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10785,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:29:16.435398866Z 26 PC: 12c1b | Set disk transfer address
2018-12-25T12:29:16.439083841Z 53 PC: 12c20 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:29:16.440768906Z 37 PC: 12c2a | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:29:16.44290161Z 78 PC: 12c43 | Find first file
2018-12-25T12:29:16.454174892Z 67 PC: 12ca2 | Get or set file attributes
2018-12-25T12:29:16.471758452Z 61 PC: 12ca9 | Open file (Filename = '')
2018-12-25T12:29:16.479258151Z 63 PC: 12cb6 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:29:16.486513527Z 66 PC: 12cce | Move file pointer
2018-12-25T12:29:16.488910944Z 87 PC: 12ce4 | Get or set file date and time
2018-12-25T12:29:16.497448593Z 64 PC: 12d17 | Write file or device (Write 3177 bytes on handle 5)
2018-12-25T12:29:16.506865647Z 66 PC: 12d26 | Move file pointer
2018-12-25T12:29:16.509357706Z 64 PC: 12d30 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:29:16.512746006Z 87 PC: 12d37 | Get or set file date and time
2018-12-25T12:29:16.514921656Z 62 PC: 12d3b | Close file
2018-12-25T12:29:16.525196933Z 44 PC: 12c58 | Get time 0x12c58: cmp ch, 0x12
0x12c5b: je 0x12c7a
0x12c5d: pop cx
0x12c5e: loop 0x12c4c
0x12c60: jae 0x12c84
0x12c62: call 0x12d6a
0x12c65: test al, 1
0x12c67: je 0x12c84
0x12c69: xchg ax, dx
0x12c6a: mov ah, 0x19
0x12c6c: int 0x21
0x12c6e: mov cx, 1
0x12c71: mov bx, 0x100
0x12c74: int 0x26
0x12c76: popf
0x12c77: jmp 0x12c84
0x12c79: nop
0x12c7a: ljmp 0xffff:0
0x12c7f: mov ax, 0x4c00
0x12c82: int 0x21
2018-12-25T12:29:16.527675879Z 79 PC: 12c43 | Find next file (See above)
2018-12-25T12:29:16.530702188Z 67 PC: 12ca2 | Get or set file attributes (See above)
2018-12-25T12:29:16.543588188Z 61 PC: 12ca9 | Open file (See above)
2018-12-25T12:29:16.551340852Z 63 PC: 12cb6 | Read file or device (See above)
2018-12-25T12:29:16.558924632Z 66 PC: 12cce | Move file pointer (See above)
2018-12-25T12:29:16.562937283Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T12:29:16.568163131Z 64 PC: 12d17 | Write file or device (See above)
2018-12-25T12:29:16.577097228Z 66 PC: 12d26 | Move file pointer (See above)
2018-12-25T12:29:16.578680018Z 64 PC: 12d30 | Write file or device (See above)
2018-12-25T12:29:16.582689197Z 87 PC: 12d37 | Get or set file date and time (See above)
2018-12-25T12:29:16.584701851Z 62 PC: 12d3b | Close file (See above)
2018-12-25T12:29:16.593658267Z 44 PC: 12c58 | Get time (See above)
2018-12-25T12:29:16.602649919Z 79 PC: 12c43 | Find next file (See above)
2018-12-25T12:29:16.605840908Z 67 PC: 12ca2 | Get or set file attributes (See above)
2018-12-25T12:29:16.617594615Z 61 PC: 12ca9 | Open file (See above)
2018-12-25T12:29:16.641385509Z 63 PC: 12cb6 | Read file or device (See above)
2018-12-25T12:29:16.647850603Z 66 PC: 12cce | Move file pointer (See above)
2018-12-25T12:29:16.649451932Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T12:29:16.65830326Z 64 PC: 12d17 | Write file or device (See above)
2018-12-25T12:29:16.669437084Z 66 PC: 12d26 | Move file pointer (See above)
2018-12-25T12:29:16.673250886Z 64 PC: 12d30 | Write file or device (See above)
2018-12-25T12:29:16.682115465Z 87 PC: 12d37 | Get or set file date and time (See above)
2018-12-25T12:29:16.686346959Z 62 PC: 12d3b | Close file (See above)
2018-12-25T12:29:16.697428954Z 44 PC: 12c58 | Get time (See above)
2018-12-25T12:29:16.701690341Z 79 PC: 12c43 | Find next file (See above)
2018-12-25T12:29:16.708377042Z 67 PC: 12ca2 | Get or set file attributes (See above)
2018-12-25T12:29:16.71982706Z 61 PC: 12ca9 | Open file (See above)
2018-12-25T12:29:16.729330827Z 63 PC: 12cb6 | Read file or device (See above)
2018-12-25T12:29:16.738843526Z 66 PC: 12cce | Move file pointer (See above)
2018-12-25T12:29:16.740849811Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T12:29:16.751036384Z 64 PC: 12d17 | Write file or device (See above)
2018-12-25T12:29:16.761178187Z 66 PC: 12d26 | Move file pointer (See above)
2018-12-25T12:29:16.763157769Z 64 PC: 12d30 | Write file or device (See above)
2018-12-25T12:29:16.767903997Z 87 PC: 12d37 | Get or set file date and time (See above)
2018-12-25T12:29:16.770660585Z 62 PC: 12d3b | Close file (See above)
2018-12-25T12:29:16.780890387Z 44 PC: 12c58 | Get time (See above)
2018-12-25T12:29:16.78386222Z 37 PC: 12c8b | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:29:16.786695896Z 26 PC: 12c94 | Set disk transfer address
2018-12-25T12:29:16.788191896Z 9 PC: 12a47 | Display string (String= '(C) 1993 American Eagle Poblications Inc., All Rights Reserved. Unauthorized use will be prosecuted under applicable copyright and software piracy laws. HOST #1 - You have just released a virus!')
2018-12-25T12:29:16.797515012Z 76 PC: 12a4c | Terminate with return code (Return code = '0')