Sample viewer

vx.netlux.org/Virus.DOS.HLLP.12048

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:53:28.958445151Z	53	PC: 1451a \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:53:28.960728696Z	53	PC: 1451a \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:53:28.962091256Z	53	PC: 1451a \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:53:28.963448253Z	53	PC: 1451a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:53:28.965643748Z	53	PC: 1451a \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:53:28.967077918Z	53	PC: 1451a \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:53:28.968430888Z	53	PC: 1451a \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:53:28.969765406Z	53	PC: 1451a \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:53:28.97152755Z	53	PC: 1451a \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:53:28.972916708Z	53	PC: 1451a \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:53:28.974306311Z	53	PC: 1451a \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:53:28.9761289Z	53	PC: 1451a \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:53:28.977429159Z	53	PC: 1451a \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:53:28.978699262Z	53	PC: 1451a \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:53:28.980473071Z	53	PC: 1451a \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:53:28.982257936Z	53	PC: 1451a \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:53:28.983657897Z	53	PC: 1451a \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:53:28.993160102Z	53	PC: 1451a \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:53:28.994779328Z	53	PC: 1451a \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:53:28.996374413Z	37	PC: 1452f \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:53:28.998853962Z	37	PC: 14537 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:53:29.000391082Z	37	PC: 1453f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:53:29.001781994Z	37	PC: 14547 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:53:29.003876725Z	68	PC: 15277 \| I/O control for devices (Set for = '')
2018-12-17T22:53:29.037949644Z	37	PC: 13f41 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:53:29.040103473Z	48	PC: 14da2 \| Get DOS version
2018-12-17T22:53:29.042146116Z	61	PC: 14be0 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:53:29.050633534Z	63	PC: 14cb3 \| Read file or device (Read 12048 bytes on handle 5)
2018-12-17T22:53:29.059947632Z	62	PC: 14c30 \| Close file
2018-12-17T22:53:29.064566924Z	67	PC: 13d1c \| Get or set file attributes
2018-12-17T22:53:29.075792435Z	67	PC: 13c68 \| Get or set file attributes
2018-12-17T22:53:29.417592326Z	61	PC: 14be0 \| Open file (Filename = 'C:\COMMAND.COM')
2018-12-17T22:53:29.4247414Z	63	PC: 14cb3 \| Read file or device (Read 1001 bytes on handle 5)
2018-12-17T22:53:29.43276081Z	62	PC: 14c30 \| Close file
2018-12-17T22:53:29.435228035Z	48	PC: 14da2 \| Get DOS version
2018-12-17T22:53:29.436896524Z	61	PC: 14be0 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:53:29.452419476Z	63	PC: 14cb3 \| Read file or device (Read 120 bytes on handle 5)
2018-12-17T22:53:29.461445509Z	62	PC: 14c30 \| Close file
2018-12-17T22:53:29.465077159Z	61	PC: 14be0 \| Open file (Filename = 'C:\COMMAND.COM')
2018-12-17T22:53:29.473795432Z	63	PC: 14cb3 \| Read file or device (Read 120 bytes on handle 5)
2018-12-17T22:53:29.478307221Z	62	PC: 14c30 \| Close file
2018-12-17T22:53:29.480497265Z	44	PC: 153ae \| Get time 0x153ae: mov word ptr [0x3e], cx 0x153b2: mov word ptr [0x40], dx 0x153b6: retf 0x153b7: call 0x153fe 0x153ba: jb 0x153cb 0x153bc: mov cx, word ptr es:[di + 4] 0x153c0: cmp cx, 1 0x153c3: je 0x153cb 0x153c5: xor bx, bx 0x153c7: push cs 0x153c8: call 0x24f3a 0x153cb: retf 4 0x153ce: call 0x153fe 0x153d1: jb 0x153e6 0x153d3: mov ax, cx 0x153d5: mov dx, bx 0x153d7: mov cx, word ptr es:[di + 4] 0x153db: cmp cx, 1 0x153de: je 0x153e6 0x153e0: xor bx, bx
2018-12-17T22:53:29.484611271Z	60	PC: 14be0 \| Create or truncate file
2018-12-17T22:53:29.503880724Z	61	PC: 14be0 \| Open file (Filename = 'C:\COMMAND.COM')
2018-12-17T22:53:29.510938005Z	64	PC: 14cb3 \| Write file or device (Write 12048 bytes on handle 5)
2018-12-17T22:53:29.521894842Z	63	PC: 14cb3 \| Read file or device (Read 4000 bytes on handle 6)
2018-12-17T22:53:29.530176268Z	64	PC: 14cb3 \| Write file or device (Write 4000 bytes on handle 5)
2018-12-17T22:53:29.540569211Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:29.542859362Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:29.545587614Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:29.547081182Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:29.548453621Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:29.555980828Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:29.557844355Z	63	PC: 14cb3 \| Read file or device (Read 4000 bytes on handle 6)
2018-12-17T22:53:29.56609927Z	64	PC: 14cb3 \| Write file or device (Write 4000 bytes on handle 5)
2018-12-17T22:53:29.577764362Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:29.579677406Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:29.58157076Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:29.584437959Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:29.586750513Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:29.588688474Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:29.5913195Z	63	PC: 14cb3 \| Read file or device (Read 4000 bytes on handle 6)
2018-12-17T22:53:29.599641573Z	64	PC: 14cb3 \| Write file or device (Write 4000 bytes on handle 5)
2018-12-17T22:53:29.610535886Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:29.613351214Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:29.615458782Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:29.617526522Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:29.620137279Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:29.622117563Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:29.624258642Z	63	PC: 14cb3 \| Read file or device (Read 4000 bytes on handle 6)
2018-12-17T22:53:29.633830478Z	64	PC: 14cb3 \| Write file or device (Write 4000 bytes on handle 5)
2018-12-17T22:53:29.645156178Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:29.647489501Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:29.64921572Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:29.652327775Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:29.65401743Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:29.655163748Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:29.657052646Z	63	PC: 14cb3 \| Read file or device (Read 4000 bytes on handle 6)
2018-12-17T22:53:29.662328903Z	64	PC: 14cb3 \| Write file or device (Write 4000 bytes on handle 5)
2018-12-17T22:53:29.672884197Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:29.675029204Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:29.676718961Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:29.678634871Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:29.68069656Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:29.682358234Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:29.68395311Z	63	PC: 14cb3 \| Read file or device (Read 4000 bytes on handle 6)
2018-12-17T22:53:29.692813425Z	64	PC: 14cb3 \| Write file or device (Write 4000 bytes on handle 5)
2018-12-17T22:53:29.704299876Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:29.706011875Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:29.708055563Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:29.71078079Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:29.712877305Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:29.715182793Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:29.718313051Z	63	PC: 14cb3 \| Read file or device (Read 4000 bytes on handle 6)
2018-12-17T22:53:29.726642451Z	64	PC: 14cb3 \| Write file or device (Write 4000 bytes on handle 5)
2018-12-17T22:53:29.737347167Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:29.739685181Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:29.74167624Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:29.743825483Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:29.748856472Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:29.750829542Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:29.753095638Z	63	PC: 14cb3 \| Read file or device (Read 4000 bytes on handle 6)
2018-12-17T22:53:29.76245507Z	64	PC: 14cb3 \| Write file or device (Write 4000 bytes on handle 5)
2018-12-17T22:53:29.789281292Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:29.790396346Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:29.791920648Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:29.793367202Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:29.795301196Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:29.798002522Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:29.799968023Z	63	PC: 14cb3 \| Read file or device (Read 4000 bytes on handle 6)
2018-12-17T22:53:29.808188565Z	64	PC: 14cb3 \| Write file or device (Write 4000 bytes on handle 5)
2018-12-17T22:53:29.818756745Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:29.82089813Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:29.822910095Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:29.825280261Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:29.828097321Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:29.830060027Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:29.83217541Z	63	PC: 14cb3 \| Read file or device (Read 4000 bytes on handle 6)
2018-12-17T22:53:29.842461438Z	64	PC: 14cb3 \| Write file or device (Write 4000 bytes on handle 5)
2018-12-17T22:53:29.852968419Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:29.85494647Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:29.858076097Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:29.860327099Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:29.862203203Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:29.865155216Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:29.867078303Z	63	PC: 14cb3 \| Read file or device (Read 4000 bytes on handle 6)
2018-12-17T22:53:29.875226454Z	64	PC: 14cb3 \| Write file or device (Write 4000 bytes on handle 5)
2018-12-17T22:53:29.885907822Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:29.887565667Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:29.889179851Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:29.891545541Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:29.893155154Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:29.894766658Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:29.897284328Z	63	PC: 14cb3 \| Read file or device (Read 4000 bytes on handle 6)
2018-12-17T22:53:29.905491694Z	64	PC: 14cb3 \| Write file or device (Write 4000 bytes on handle 5)
2018-12-17T22:53:29.915877488Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:29.918178661Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:29.919902227Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:29.921591024Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:29.923931075Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:29.925723937Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:29.927533097Z	63	PC: 14cb3 \| Read file or device (Read 4000 bytes on handle 6)
2018-12-17T22:53:29.935956816Z	64	PC: 14cb3 \| Write file or device (Write 4000 bytes on handle 5)
2018-12-17T22:53:29.945695498Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:29.947154872Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:29.949012395Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:29.95089006Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:29.952256785Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:29.953840017Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:29.955698767Z	63	PC: 14cb3 \| Read file or device (Read 4000 bytes on handle 6)
2018-12-17T22:53:29.96325146Z	64	PC: 14cb3 \| Write file or device (Write 2645 bytes on handle 5)
2018-12-17T22:53:29.973441853Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:29.975052911Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:29.976583286Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:29.978887569Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:29.980459297Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:29.982786948Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:29.984656497Z	62	PC: 14c30 \| Close file
2018-12-17T22:53:29.994777086Z	60	PC: 14be0 \| Create or truncate file
2018-12-17T22:53:30.007878165Z	61	PC: 14be0 \| Open file (Filename = 'CRSVirus')
2018-12-17T22:53:30.015657619Z	63	PC: 14cb3 \| Read file or device (Read 4000 bytes on handle 7)
2018-12-17T22:53:30.025261766Z	64	PC: 14cb3 \| Write file or device (Write 4000 bytes on handle 5)
2018-12-17T22:53:30.034179991Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:30.036135296Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:30.039124192Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:30.041148121Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:30.04305924Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:30.046005213Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:30.04893397Z	63	PC: 14cb3 \| Read file or device (Read 4000 bytes on handle 7)
2018-12-17T22:53:30.057747802Z	64	PC: 14cb3 \| Write file or device (Write 4000 bytes on handle 5)
2018-12-17T22:53:30.068501149Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:30.070770648Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:30.072714407Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:30.075436577Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:30.077200959Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:30.079131461Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:30.082356104Z	63	PC: 14cb3 \| Read file or device (Read 4000 bytes on handle 7)
2018-12-17T22:53:30.09103093Z	64	PC: 14cb3 \| Write file or device (Write 4000 bytes on handle 5)
2018-12-17T22:53:30.10029419Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:30.102951612Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:30.104780822Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:30.106551951Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:30.109289817Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:30.127817291Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:30.134075688Z	63	PC: 14cb3 \| Read file or device (Read 4000 bytes on handle 7)
2018-12-17T22:53:30.152752435Z	64	PC: 14cb3 \| Write file or device (Write 4000 bytes on handle 5)
2018-12-17T22:53:30.162400625Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:30.164479713Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:30.166473983Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:30.168963514Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:30.170804018Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:30.172662319Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:30.175106039Z	63	PC: 14cb3 \| Read file or device (Read 4000 bytes on handle 7)
2018-12-17T22:53:30.185091124Z	64	PC: 14cb3 \| Write file or device (Write 4000 bytes on handle 5)
2018-12-17T22:53:30.194584383Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:30.197756285Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:30.199709627Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:30.201728127Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:30.20471546Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:30.206643054Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:30.208723699Z	63	PC: 14cb3 \| Read file or device (Read 4000 bytes on handle 7)
2018-12-17T22:53:30.21850281Z	64	PC: 14cb3 \| Write file or device (Write 4000 bytes on handle 5)
2018-12-17T22:53:30.227883092Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:30.229822793Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:30.233154792Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:30.235525987Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:30.237440034Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:30.240174153Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:30.242549871Z	63	PC: 14cb3 \| Read file or device (Read 4000 bytes on handle 7)
2018-12-17T22:53:30.251439603Z	64	PC: 14cb3 \| Write file or device (Write 4000 bytes on handle 5)
2018-12-17T22:53:30.262444219Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:30.264696729Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:30.267000026Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:30.269796904Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:30.272018665Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:30.27393697Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:30.276245191Z	63	PC: 14cb3 \| Read file or device (Read 4000 bytes on handle 7)
2018-12-17T22:53:30.285917009Z	64	PC: 14cb3 \| Write file or device (Write 4000 bytes on handle 5)
2018-12-17T22:53:30.295251626Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:30.297209586Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:30.300217194Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:30.302238382Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:30.304154244Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:30.307173983Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:30.309352165Z	63	PC: 14cb3 \| Read file or device (Read 4000 bytes on handle 7)
2018-12-17T22:53:30.3191465Z	64	PC: 14cb3 \| Write file or device (Write 4000 bytes on handle 5)
2018-12-17T22:53:30.330724601Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:30.332728377Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:30.334727464Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:30.337718288Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:30.340057636Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:30.342019357Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:30.344974229Z	63	PC: 14cb3 \| Read file or device (Read 4000 bytes on handle 7)
2018-12-17T22:53:30.354578319Z	64	PC: 14cb3 \| Write file or device (Write 4000 bytes on handle 5)
2018-12-17T22:53:30.369802313Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:30.372753167Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:30.388932529Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:30.39111793Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:30.394919889Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:30.397293675Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:30.399962459Z	63	PC: 14cb3 \| Read file or device (Read 4000 bytes on handle 7)
2018-12-17T22:53:30.409157805Z	64	PC: 14cb3 \| Write file or device (Write 4000 bytes on handle 5)
2018-12-17T22:53:30.419671755Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:30.421662656Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:30.423613261Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:30.426730777Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:30.428645274Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:30.4305329Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:30.43411891Z	63	PC: 14cb3 \| Read file or device (Read 4000 bytes on handle 7)
2018-12-17T22:53:30.443091499Z	64	PC: 14cb3 \| Write file or device (Write 4000 bytes on handle 5)
2018-12-17T22:53:30.452429591Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:30.455394797Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:30.457292263Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:30.459261459Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:30.461998884Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:30.464181877Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:30.467002022Z	63	PC: 14cb3 \| Read file or device (Read 4000 bytes on handle 7)
2018-12-17T22:53:30.476609572Z	64	PC: 14cb3 \| Write file or device (Write 4000 bytes on handle 5)
2018-12-17T22:53:30.486871715Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:30.488760364Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:30.491478827Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:30.493761105Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:30.495599091Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:30.498248394Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:30.500568752Z	63	PC: 14cb3 \| Read file or device (Read 4000 bytes on handle 7)
2018-12-17T22:53:30.509519224Z	64	PC: 14cb3 \| Write file or device (Write 4000 bytes on handle 5)
2018-12-17T22:53:30.52154632Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:30.524363268Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:30.526269207Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:30.528218662Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:30.531339394Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:30.533176033Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:30.535435348Z	63	PC: 14cb3 \| Read file or device (Read 4000 bytes on handle 7)
2018-12-17T22:53:30.545518033Z	64	PC: 14cb3 \| Write file or device (Write 4000 bytes on handle 5)
2018-12-17T22:53:30.555905747Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:30.558037612Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:30.5609002Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:30.562839685Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:30.564890283Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:30.567644095Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:30.569652465Z	63	PC: 14cb3 \| Read file or device (Read 4000 bytes on handle 7)
2018-12-17T22:53:30.578222803Z	64	PC: 14cb3 \| Write file or device (Write 4000 bytes on handle 5)
2018-12-17T22:53:30.592297999Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:30.594220419Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:30.596311654Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:30.599177504Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:30.601010325Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:30.603575117Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:30.60731209Z	63	PC: 14cb3 \| Read file or device (Read 4000 bytes on handle 7)
2018-12-17T22:53:30.615339234Z	64	PC: 14cb3 \| Write file or device (Write 2693 bytes on handle 5)
2018-12-17T22:53:30.624740396Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:30.627573863Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:30.630891078Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:30.632834516Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:30.635086585Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:30.636939811Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:30.640642303Z	62	PC: 14c30 \| Close file
2018-12-17T22:53:30.651033939Z	65	PC: 14d29 \| Delete file (Filename = 'CRSVirus')
2018-12-17T22:53:30.668191076Z	67	PC: 13d1c \| Get or set file attributes
2018-12-17T22:53:30.683095797Z	67	PC: 13c68 \| Get or set file attributes
2018-12-17T22:53:30.69483983Z	61	PC: 14be0 \| Open file (Filename = 'C:\WINDOWS\WIN.COM')
2018-12-17T22:53:30.703119233Z	63	PC: 14cb3 \| Read file or device (Read 1001 bytes on handle 5)
2018-12-17T22:53:30.71084303Z	62	PC: 14c30 \| Close file
2018-12-17T22:53:30.714592322Z	48	PC: 14da2 \| Get DOS version
2018-12-17T22:53:30.71660864Z	61	PC: 14be0 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:53:30.72483132Z	63	PC: 14cb3 \| Read file or device (Read 120 bytes on handle 5)
2018-12-17T22:53:30.729128978Z	62	PC: 14c30 \| Close file
2018-12-17T22:53:30.731744306Z	61	PC: 14be0 \| Open file (Filename = 'C:\WINDOWS\WIN.COM')
2018-12-17T22:53:30.741092957Z	63	PC: 14cb3 \| Read file or device (Read 120 bytes on handle 5)
2018-12-17T22:53:30.74866531Z	62	PC: 14c30 \| Close file
2018-12-17T22:53:30.751175399Z	44	PC: 153ae \| Get time 0x153ae: mov word ptr [0x3e], cx 0x153b2: mov word ptr [0x40], dx 0x153b6: retf 0x153b7: call 0x153fe 0x153ba: jb 0x153cb 0x153bc: mov cx, word ptr es:[di + 4] 0x153c0: cmp cx, 1 0x153c3: je 0x153cb 0x153c5: xor bx, bx 0x153c7: push cs 0x153c8: call 0x24f3a 0x153cb: retf 4 0x153ce: call 0x153fe 0x153d1: jb 0x153e6 0x153d3: mov ax, cx 0x153d5: mov dx, bx 0x153d7: mov cx, word ptr es:[di + 4] 0x153db: cmp cx, 1 0x153de: je 0x153e6 0x153e0: xor bx, bx
2018-12-17T22:53:30.754545514Z	60	PC: 14be0 \| Create or truncate file
2018-12-17T22:53:30.768086696Z	61	PC: 14be0 \| Open file (Filename = 'C:\WINDOWS\WIN.COM')
2018-12-17T22:53:30.776451467Z	64	PC: 14cb3 \| Write file or device (Write 12048 bytes on handle 5)
2018-12-17T22:53:30.786839096Z	63	PC: 14cb3 \| Read file or device (Read 4000 bytes on handle 8)
2018-12-17T22:53:30.795275361Z	64	PC: 14cb3 \| Write file or device (Write 4000 bytes on handle 5)
2018-12-17T22:53:30.805998271Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:30.80818889Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:30.810429028Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:30.812485428Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:30.815116102Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:30.817051473Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:30.819213878Z	63	PC: 14cb3 \| Read file or device (Read 4000 bytes on handle 8)
2018-12-17T22:53:30.828648111Z	64	PC: 14cb3 \| Write file or device (Write 4000 bytes on handle 5)
2018-12-17T22:53:30.838996388Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:30.841036584Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:30.843783567Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:30.846182772Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:30.84843309Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:30.851252834Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:30.85355598Z	63	PC: 14cb3 \| Read file or device (Read 4000 bytes on handle 8)
2018-12-17T22:53:30.862268323Z	64	PC: 14cb3 \| Write file or device (Write 4000 bytes on handle 5)
2018-12-17T22:53:30.873317007Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:30.875480686Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:30.878375899Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:30.881195967Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:30.883135162Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:30.885068905Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:30.887626941Z	63	PC: 14cb3 \| Read file or device (Read 4000 bytes on handle 8)
2018-12-17T22:53:30.895993637Z	64	PC: 14cb3 \| Write file or device (Write 4000 bytes on handle 5)
2018-12-17T22:53:30.906191042Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:30.909087923Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:30.911085092Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:30.91313462Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:30.915452588Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:30.917402028Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:30.919516211Z	63	PC: 14cb3 \| Read file or device (Read 4000 bytes on handle 8)
2018-12-17T22:53:30.928773287Z	64	PC: 14cb3 \| Write file or device (Write 4000 bytes on handle 5)
2018-12-17T22:53:30.938784007Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:30.94078141Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:30.942908114Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:30.944592266Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:30.946340595Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:30.949116093Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:30.951138581Z	63	PC: 14cb3 \| Read file or device (Read 4000 bytes on handle 8)
2018-12-17T22:53:30.960211841Z	64	PC: 14cb3 \| Write file or device (Write 4000 bytes on handle 5)
2018-12-17T22:53:30.97027046Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:30.971992272Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:30.974681923Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:30.976483174Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:30.978146623Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:30.980659795Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:30.982441406Z	63	PC: 14cb3 \| Read file or device (Read 4000 bytes on handle 8)
2018-12-17T22:53:30.99366755Z	64	PC: 14cb3 \| Write file or device (Write 4000 bytes on handle 5)
2018-12-17T22:53:31.003895082Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:31.005569937Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:31.007198496Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:31.009489189Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:31.011102954Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:31.012898572Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:31.015852461Z	63	PC: 14cb3 \| Read file or device (Read 4000 bytes on handle 8)
2018-12-17T22:53:31.025269476Z	64	PC: 14cb3 \| Write file or device (Write 4000 bytes on handle 5)
2018-12-17T22:53:31.036472531Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:31.038802835Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:31.040771772Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:31.043655182Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:31.0459269Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:31.047870953Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:31.050800236Z	63	PC: 14cb3 \| Read file or device (Read 4000 bytes on handle 8)
2018-12-17T22:53:31.059480363Z	64	PC: 14cb3 \| Write file or device (Write 4000 bytes on handle 5)
2018-12-17T22:53:31.069623988Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:31.072479762Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:31.074806179Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:31.076863195Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:31.07962185Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:31.081899485Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:31.084008188Z	63	PC: 14cb3 \| Read file or device (Read 4000 bytes on handle 8)
2018-12-17T22:53:31.093938003Z	64	PC: 14cb3 \| Write file or device (Write 4000 bytes on handle 5)
2018-12-17T22:53:31.105071045Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:31.107059899Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:31.109874414Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:31.122858745Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:31.124831146Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:31.12763023Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:31.13014687Z	63	PC: 14cb3 \| Read file or device (Read 4000 bytes on handle 8)
2018-12-17T22:53:31.138484403Z	64	PC: 14cb3 \| Write file or device (Write 4000 bytes on handle 5)
2018-12-17T22:53:31.149379834Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:31.15176684Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:31.153780526Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:31.156733237Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:31.159936469Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:31.161922415Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:31.164916551Z	63	PC: 14cb3 \| Read file or device (Read 4000 bytes on handle 8)
2018-12-17T22:53:31.172236669Z	64	PC: 14cb3 \| Write file or device (Write 170 bytes on handle 5)
2018-12-17T22:53:31.17589761Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:31.179131012Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:31.181501656Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:31.183588737Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:31.18642058Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:31.188771387Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:31.190766681Z	62	PC: 14c30 \| Close file
2018-12-17T22:53:31.200949648Z	60	PC: 14be0 \| Create or truncate file
2018-12-17T22:53:31.214742542Z	61	PC: 14be0 \| Open file (Filename = 'CRSVirus')
2018-12-17T22:53:31.222779976Z	63	PC: 14cb3 \| Read file or device (Read 4000 bytes on handle 9)
2018-12-17T22:53:31.233012031Z	64	PC: 14cb3 \| Write file or device (Write 4000 bytes on handle 5)
2018-12-17T22:53:31.246272374Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:31.248290499Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:31.251206059Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:31.253662347Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:31.25563786Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:31.258688585Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:31.260764762Z	63	PC: 14cb3 \| Read file or device (Read 4000 bytes on handle 9)
2018-12-17T22:53:31.270228391Z	64	PC: 14cb3 \| Write file or device (Write 4000 bytes on handle 5)
2018-12-17T22:53:31.280849235Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:31.282838966Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:31.284808833Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:31.287975723Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:31.289916548Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:31.291870814Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:31.295080869Z	63	PC: 14cb3 \| Read file or device (Read 4000 bytes on handle 9)
2018-12-17T22:53:31.304501237Z	64	PC: 14cb3 \| Write file or device (Write 4000 bytes on handle 5)
2018-12-17T22:53:31.314134161Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:31.317027657Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:31.319018253Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:31.321889721Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:31.324166828Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:31.32612093Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:31.329090385Z	63	PC: 14cb3 \| Read file or device (Read 4000 bytes on handle 9)
2018-12-17T22:53:31.338363967Z	64	PC: 14cb3 \| Write file or device (Write 4000 bytes on handle 5)
2018-12-17T22:53:31.348217405Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:31.351044238Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:31.353344628Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:31.355409459Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:31.358244385Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:31.360522381Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:31.362564371Z	63	PC: 14cb3 \| Read file or device (Read 4000 bytes on handle 9)
2018-12-17T22:53:31.372905995Z	64	PC: 14cb3 \| Write file or device (Write 4000 bytes on handle 5)
2018-12-17T22:53:31.382323669Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:31.384299964Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:31.387468291Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:31.389536574Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:31.391480997Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:31.394536936Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:31.396647641Z	63	PC: 14cb3 \| Read file or device (Read 4000 bytes on handle 9)
2018-12-17T22:53:31.405798023Z	64	PC: 14cb3 \| Write file or device (Write 4000 bytes on handle 5)
2018-12-17T22:53:31.415605819Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:31.417571663Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:31.420386107Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:31.423443717Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:31.425398246Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:31.428209433Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:31.430483586Z	63	PC: 14cb3 \| Read file or device (Read 4000 bytes on handle 9)
2018-12-17T22:53:31.439282824Z	64	PC: 14cb3 \| Write file or device (Write 4000 bytes on handle 5)
2018-12-17T22:53:31.450001505Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:31.452083528Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:31.454076119Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:31.457010589Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:31.458928816Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:31.460881596Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:31.463700077Z	63	PC: 14cb3 \| Read file or device (Read 4000 bytes on handle 9)
2018-12-17T22:53:31.472550164Z	64	PC: 14cb3 \| Write file or device (Write 4000 bytes on handle 5)
2018-12-17T22:53:31.482165044Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:31.484924301Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:31.486902419Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:31.489769665Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:31.491651936Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:31.493596256Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:31.496325305Z	63	PC: 14cb3 \| Read file or device (Read 4000 bytes on handle 9)
2018-12-17T22:53:31.505412225Z	64	PC: 14cb3 \| Write file or device (Write 4000 bytes on handle 5)
2018-12-17T22:53:31.515615142Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:31.518151077Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:31.519877499Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:31.521844063Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:31.524819456Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:31.526699138Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:31.528727864Z	63	PC: 14cb3 \| Read file or device (Read 4000 bytes on handle 9)
2018-12-17T22:53:31.537942273Z	64	PC: 14cb3 \| Write file or device (Write 4000 bytes on handle 5)
2018-12-17T22:53:31.547400494Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:31.550211514Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:31.552359604Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:31.554179163Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:31.556931429Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:31.558801218Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:31.560823897Z	63	PC: 14cb3 \| Read file or device (Read 4000 bytes on handle 9)
2018-12-17T22:53:31.570832208Z	64	PC: 14cb3 \| Write file or device (Write 4000 bytes on handle 5)
2018-12-17T22:53:31.580070706Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:31.581946503Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:31.58476652Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:31.588349029Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:31.590206597Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:31.598618342Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:31.600414435Z	63	PC: 14cb3 \| Read file or device (Read 4000 bytes on handle 9)
2018-12-17T22:53:31.611262692Z	64	PC: 14cb3 \| Write file or device (Write 4000 bytes on handle 5)
2018-12-17T22:53:31.621001912Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:31.622982139Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:31.625829909Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:31.62784181Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:31.629683712Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:31.632213922Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:31.63427634Z	63	PC: 14cb3 \| Read file or device (Read 4000 bytes on handle 9)
2018-12-17T22:53:31.64373748Z	64	PC: 14cb3 \| Write file or device (Write 4000 bytes on handle 5)
2018-12-17T22:53:31.653519681Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:31.656030342Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:31.657920856Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:31.66034155Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:31.661913159Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:31.664274581Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:31.666885165Z	63	PC: 14cb3 \| Read file or device (Read 4000 bytes on handle 9)
2018-12-17T22:53:31.67527385Z	64	PC: 14cb3 \| Write file or device (Write 4000 bytes on handle 5)
2018-12-17T22:53:31.685751858Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:31.687416655Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:31.689088463Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:31.692329222Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:31.694269516Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:31.696198624Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:31.699268569Z	63	PC: 14cb3 \| Read file or device (Read 4000 bytes on handle 9)
2018-12-17T22:53:31.702443653Z	64	PC: 14cb3 \| Write file or device (Write 218 bytes on handle 5)
2018-12-17T22:53:31.705882105Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:31.708844602Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:31.710476008Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:31.712805083Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:31.715361001Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:31.717754627Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:31.720956634Z	62	PC: 14c30 \| Close file
2018-12-17T22:53:31.73343942Z	65	PC: 14d29 \| Delete file (Filename = 'CRSVirus')
2018-12-17T22:53:31.750099124Z	67	PC: 13d1c \| Get or set file attributes
2018-12-17T22:53:31.762673759Z	67	PC: 13d1c \| Get or set file attributes
2018-12-17T22:53:31.767517734Z	25	PC: 14e2f \| Get default drive
2018-12-17T22:53:31.769096591Z	71	PC: 14e42 \| Get current directory
2018-12-17T22:53:31.774642617Z	26	PC: 13c99 \| Set disk transfer address
2018-12-17T22:53:31.775910917Z	78	PC: 13ca5 \| Find first file
2018-12-17T22:53:31.783345497Z	67	PC: 13c68 \| Get or set file attributes
2018-12-17T22:53:31.794587637Z	61	PC: 14be0 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:53:31.802043967Z	63	PC: 14cb3 \| Read file or device (Read 1001 bytes on handle 5)
2018-12-17T22:53:31.811616138Z	62	PC: 14c30 \| Close file
2018-12-17T22:53:31.814677873Z	48	PC: 14da2 \| Get DOS version
2018-12-17T22:53:31.816347705Z	61	PC: 14be0 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:53:31.825447203Z	63	PC: 14cb3 \| Read file or device (Read 120 bytes on handle 5)
2018-12-17T22:53:31.828645611Z	62	PC: 14c30 \| Close file
2018-12-17T22:53:31.830993884Z	61	PC: 14be0 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:53:31.841019908Z	63	PC: 14cb3 \| Read file or device (Read 120 bytes on handle 5)
2018-12-17T22:53:31.844462482Z	62	PC: 14c30 \| Close file
2018-12-17T22:53:31.847858346Z	26	PC: 13cbd \| Set disk transfer address
2018-12-17T22:53:31.849156317Z	79	PC: 13cc2 \| Find next file
2018-12-17T22:53:31.853387313Z	26	PC: 13c99 \| Set disk transfer address
2018-12-17T22:53:31.855591277Z	78	PC: 13ca5 \| Find first file
2018-12-17T22:53:31.863313545Z	67	PC: 13c68 \| Get or set file attributes
2018-12-17T22:53:31.875330274Z	61	PC: 14be0 \| Open file (Filename = 'A:\SLEEP.COM')
2018-12-17T22:53:31.884458641Z	63	PC: 14cb3 \| Read file or device (Read 1001 bytes on handle 5)
2018-12-17T22:53:31.891975366Z	62	PC: 14c30 \| Close file
2018-12-17T22:53:31.894714714Z	48	PC: 14da2 \| Get DOS version
2018-12-17T22:53:31.898319325Z	61	PC: 14be0 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:53:31.906343493Z	63	PC: 14cb3 \| Read file or device (Read 120 bytes on handle 5)
2018-12-17T22:53:31.910424656Z	62	PC: 14c30 \| Close file
2018-12-17T22:53:31.912793874Z	61	PC: 14be0 \| Open file (Filename = 'A:\SLEEP.COM')
2018-12-17T22:53:31.921538008Z	63	PC: 14cb3 \| Read file or device (Read 120 bytes on handle 5)
2018-12-17T22:53:31.925304682Z	62	PC: 14c30 \| Close file
2018-12-17T22:53:31.927555832Z	44	PC: 153ae \| Get time 0x153ae: mov word ptr [0x3e], cx 0x153b2: mov word ptr [0x40], dx 0x153b6: retf 0x153b7: call 0x153fe 0x153ba: jb 0x153cb 0x153bc: mov cx, word ptr es:[di + 4] 0x153c0: cmp cx, 1 0x153c3: je 0x153cb 0x153c5: xor bx, bx 0x153c7: push cs 0x153c8: call 0x24f3a 0x153cb: retf 4 0x153ce: call 0x153fe 0x153d1: jb 0x153e6 0x153d3: mov ax, cx 0x153d5: mov dx, bx 0x153d7: mov cx, word ptr es:[di + 4] 0x153db: cmp cx, 1 0x153de: je 0x153e6 0x153e0: xor bx, bx
2018-12-17T22:53:31.930570271Z	60	PC: 14be0 \| Create or truncate file
2018-12-17T22:53:31.945113127Z	61	PC: 14be0 \| Open file (Filename = 'A:\SLEEP.COM')
2018-12-17T22:53:31.953080419Z	64	PC: 14cb3 \| Write file or device (Write 12048 bytes on handle 5)
2018-12-17T22:53:31.964144344Z	63	PC: 14cb3 \| Read file or device (Read 4000 bytes on handle 10)
2018-12-17T22:53:31.968096916Z	64	PC: 14cb3 \| Write file or device (Write 407 bytes on handle 5)
2018-12-17T22:53:31.977866907Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:31.981428394Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:31.983813922Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:31.985867907Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:31.988973204Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:31.990930103Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:31.992977837Z	62	PC: 14c30 \| Close file
2018-12-17T22:53:32.003222321Z	60	PC: 14be0 \| Create or truncate file
2018-12-17T22:53:32.017475727Z	61	PC: 14be0 \| Open file (Filename = 'CRSVirus')
2018-12-17T22:53:32.026015176Z	63	PC: 14cb3 \| Read file or device (Read 4000 bytes on handle 11)
2018-12-17T22:53:32.036361349Z	64	PC: 14cb3 \| Write file or device (Write 4000 bytes on handle 5)
2018-12-17T22:53:32.045934732Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:32.048270452Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:32.050021332Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:32.051994235Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:32.055041786Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:32.056941133Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:32.059201877Z	63	PC: 14cb3 \| Read file or device (Read 4000 bytes on handle 11)
2018-12-17T22:53:32.06889614Z	64	PC: 14cb3 \| Write file or device (Write 4000 bytes on handle 5)
2018-12-17T22:53:32.080250099Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:32.083072278Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:32.085354674Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:32.087348916Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:32.090158037Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:32.092454141Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:32.09450438Z	63	PC: 14cb3 \| Read file or device (Read 4000 bytes on handle 11)
2018-12-17T22:53:32.104205449Z	64	PC: 14cb3 \| Write file or device (Write 4000 bytes on handle 5)
2018-12-17T22:53:32.115001845Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:32.117137634Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:32.119523572Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:32.121245724Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:32.123769577Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:32.125561193Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:32.127888907Z	63	PC: 14cb3 \| Read file or device (Read 4000 bytes on handle 11)
2018-12-17T22:53:32.13256707Z	64	PC: 14cb3 \| Write file or device (Write 455 bytes on handle 5)
2018-12-17T22:53:32.142704161Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:32.144628699Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:32.147262704Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:32.149165024Z	66	PC: 15418 \| Move file pointer
2018-12-17T22:53:32.152035238Z	66	PC: 15426 \| Move file pointer
2018-12-17T22:53:32.154139682Z	66	PC: 15434 \| Move file pointer
2018-12-17T22:53:32.156132492Z	62	PC: 14c30 \| Close file
2018-12-17T22:53:32.167761591Z	65	PC: 14d29 \| Delete file (Filename = 'CRSVirus')
2018-12-17T22:53:32.180079696Z	26	PC: 13cbd \| Set disk transfer address
2018-12-17T22:53:32.181370645Z	79	PC: 13cc2 \| Find next file
2018-12-17T22:53:32.18605507Z	67	PC: 13c68 \| Get or set file attributes
2018-12-17T22:53:32.197209662Z	61	PC: 14be0 \| Open file (Filename = 'A:\PRINT.COM')
2018-12-17T22:53:32.205307318Z	63	PC: 14cb3 \| Read file or device (Read 1001 bytes on handle 5)
2018-12-17T22:53:32.212888718Z	62	PC: 14c30 \| Close file
2018-12-17T22:53:32.215605983Z	48	PC: 14da2 \| Get DOS version
2018-12-17T22:53:32.217880882Z	61	PC: 14be0 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:53:32.226243748Z	63	PC: 14cb3 \| Read file or device (Read 120 bytes on handle 5)
2018-12-17T22:53:32.229094049Z	62	PC: 14c30 \| Close file
2018-12-17T22:53:32.23088167Z	61	PC: 14be0 \| Open file (Filename = 'A:\PRINT.COM')
2018-12-17T22:53:32.235333759Z	63	PC: 14cb3 \| Read file or device (Read 120 bytes on handle 5)
2018-12-17T22:53:32.238833435Z	37	PC: 14671 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:53:32.240490763Z	37	PC: 14671 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:53:32.24162446Z	37	PC: 14671 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:53:32.244086275Z	37	PC: 14671 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:53:32.245475996Z	37	PC: 14671 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:53:32.248566142Z	37	PC: 14671 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:53:32.250060894Z	37	PC: 14671 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:53:32.251346146Z	37	PC: 14671 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:53:32.253456758Z	37	PC: 14671 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:53:32.25502079Z	37	PC: 14671 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:53:32.256623203Z	37	PC: 14671 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:53:32.258699488Z	37	PC: 14671 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:53:32.260286207Z	37	PC: 14671 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:53:32.262647231Z	37	PC: 14671 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:53:32.264368338Z	37	PC: 14671 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:53:32.265973242Z	37	PC: 14671 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:53:32.268518368Z	37	PC: 14671 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:53:32.270156294Z	37	PC: 14671 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:53:32.271924621Z	37	PC: 14671 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:53:32.273582555Z	6	PC: 146f8 \| Direct console I/O
2018-12-17T22:53:32.276331245Z	6	PC: 146f8 \| Direct console I/O
2018-12-17T22:53:32.279762484Z	6	PC: 146f8 \| Direct console I/O
2018-12-17T22:53:32.282611724Z	6	PC: 146f8 \| Direct console I/O
2018-12-17T22:53:32.285993431Z	6	PC: 146f8 \| Direct console I/O
2018-12-17T22:53:32.289781985Z	6	PC: 146f8 \| Direct console I/O
2018-12-17T22:53:32.292545781Z	6	PC: 146f8 \| Direct console I/O
2018-12-17T22:53:32.296079528Z	6	PC: 146f8 \| Direct console I/O
2018-12-17T22:53:32.299168527Z	6	PC: 146f8 \| Direct console I/O
2018-12-17T22:53:32.301942148Z	6	PC: 146f8 \| Direct console I/O
2018-12-17T22:53:32.305395694Z	6	PC: 146f8 \| Direct console I/O
2018-12-17T22:53:32.30867609Z	6	PC: 146f8 \| Direct console I/O
2018-12-17T22:53:32.311912756Z	6	PC: 146f8 \| Direct console I/O
2018-12-17T22:53:32.314354577Z	6	PC: 146f8 \| Direct console I/O
2018-12-17T22:53:32.317638454Z	6	PC: 146f8 \| Direct console I/O
2018-12-17T22:53:32.321292797Z	6	PC: 146f8 \| Direct console I/O
2018-12-17T22:53:32.326694605Z	6	PC: 146f8 \| Direct console I/O
2018-12-17T22:53:32.338549251Z	6	PC: 146f8 \| Direct console I/O
2018-12-17T22:53:32.342655264Z	6	PC: 146f8 \| Direct console I/O
2018-12-17T22:53:32.345486544Z	6	PC: 146f8 \| Direct console I/O
2018-12-17T22:53:32.356258343Z	6	PC: 146f8 \| Direct console I/O
2018-12-17T22:53:32.359686703Z	6	PC: 146f8 \| Direct console I/O
2018-12-17T22:53:32.375194211Z	6	PC: 146f8 \| Direct console I/O
2018-12-17T22:53:32.379490729Z	6	PC: 146f8 \| Direct console I/O
2018-12-17T22:53:32.382344949Z	6	PC: 146f8 \| Direct console I/O
2018-12-17T22:53:32.385652322Z	6	PC: 146f8 \| Direct console I/O
2018-12-17T22:53:32.388089137Z	6	PC: 146f8 \| Direct console I/O
2018-12-17T22:53:32.390983876Z	6	PC: 146f8 \| Direct console I/O
2018-12-17T22:53:32.394899768Z	6	PC: 146f8 \| Direct console I/O
2018-12-17T22:53:32.397457121Z	6	PC: 146f8 \| Direct console I/O
2018-12-17T22:53:32.402006942Z	6	PC: 146f8 \| Direct console I/O
2018-12-17T22:53:32.404648841Z	6	PC: 146f8 \| Direct console I/O
2018-12-17T22:53:32.407159378Z	6	PC: 146f8 \| Direct console I/O
2018-12-17T22:53:32.412721087Z	76	PC: 146b0 \| Terminate with return code (Return code = '100')