Sample viewer

vx.netlux.org/Trojan.DOS.KissThis

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:04:33.664374507Z 53 PC: 1321a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:04:33.665813825Z 53 PC: 1321a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:04:33.667210739Z 53 PC: 1321a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:04:33.66875781Z 53 PC: 1321a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:04:33.670156099Z 53 PC: 1321a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:04:33.671354184Z 53 PC: 1321a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:33.67246487Z 53 PC: 1321a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:04:33.673532927Z 53 PC: 1321a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:04:33.675538544Z 53 PC: 1321a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:04:33.676674594Z 53 PC: 1321a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:04:33.677686289Z 53 PC: 1321a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:04:33.679196762Z 53 PC: 1321a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:04:33.680228438Z 53 PC: 1321a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:04:33.681235813Z 53 PC: 1321a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:04:33.683202228Z 53 PC: 1321a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:04:33.684543184Z 53 PC: 1321a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:04:33.685630311Z 53 PC: 1321a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:04:33.687582872Z 53 PC: 1321a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:04:33.688615673Z 53 PC: 1321a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:04:33.689758164Z 37 PC: 1322f | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:04:33.691218757Z 37 PC: 13237 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:04:33.692691481Z 37 PC: 1323f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:33.693976533Z 37 PC: 13247 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:04:33.696253925Z 68 PC: 13d7c | I/O control for devices (Set for = '')
2018-12-17T23:04:33.697612826Z 44 PC: 13eb3 | Get time 0x13eb3: mov word ptr [0x84], cx
0x13eb7: mov word ptr [0x86], dx
0x13ebb: retf
0x13ebc: mov di, 0x98
0x13ebf: push ds
0x13ec0: pop es
0x13ec1: mov cx, 0x243e
0x13ec4: sub cx, di
0x13ec6: shr cx, 1
0x13ec8: xor ax, ax
0x13eca: cld
0x13ecb: rep stosd dword ptr es:[di], eax
0x13ecd: ret
0x13ece: add byte ptr [bx + si], al
0x13ed0: add byte ptr [bx + si], al
0x13ed2: or al, 0x41
0x13ed4: outsb dx, byte ptr [si]
0x13ed5: je 0x13f40
0x13ed7: sub ax, 0x6956
0x13eda: jb 0x13f0a
2018-12-17T23:04:33.700922216Z 48 PC: 13aa2 | Get DOS version
2018-12-17T23:04:33.702710026Z 67 PC: 13096 | Get or set file attributes
2018-12-17T23:04:33.722449937Z 67 PC: 13096 | Get or set file attributes
2018-12-17T23:04:33.726566418Z 65 PC: 13a29 | Delete file (Filename = 'Anti-Vir.Dat')
2018-12-17T23:04:33.734824342Z 67 PC: 13096 | Get or set file attributes
2018-12-17T23:04:33.741196188Z 65 PC: 13a29 | Delete file (Filename = 'Chklist.Ms')
2018-12-17T23:04:33.747939838Z 67 PC: 13096 | Get or set file attributes
2018-12-17T23:04:33.755604278Z 65 PC: 13a29 | Delete file (Filename = 'Chklist.Cps')
2018-12-17T23:04:33.764705428Z 67 PC: 13096 | Get or set file attributes
2018-12-17T23:04:33.772662999Z 65 PC: 13a29 | Delete file (Filename = 'Tbdriver.Exe')
2018-12-17T23:04:33.777326758Z 67 PC: 13096 | Get or set file attributes
2018-12-17T23:04:33.782713436Z 65 PC: 13a29 | Delete file (Filename = 'Files.Lst')
2018-12-17T23:04:33.787858483Z 41 PC: 1317f | Parse filename
2018-12-17T23:04:33.789592109Z 41 PC: 1318d | Parse filename
2018-12-17T23:04:33.791489097Z 75 PC: 13198 | Execute program
2018-12-17T23:04:33.802634186Z 53 PC: 1759a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:04:33.803719561Z 53 PC: 1759a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:04:33.805461601Z 53 PC: 1759a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:04:33.806471008Z 53 PC: 1759a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:04:33.807628685Z 53 PC: 1759a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:04:33.809032427Z 53 PC: 1759a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:33.810378356Z 53 PC: 1759a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:04:33.811469511Z 53 PC: 1759a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:04:33.812680481Z 53 PC: 1759a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:04:33.814214998Z 53 PC: 1759a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:04:33.815463086Z 53 PC: 1759a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:04:33.81669308Z 53 PC: 1759a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:04:33.818320786Z 53 PC: 1759a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:04:33.819423384Z 53 PC: 1759a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:04:33.820481385Z 53 PC: 1759a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:04:33.822255073Z 53 PC: 1759a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:04:33.823384119Z 53 PC: 1759a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:04:33.824485922Z 53 PC: 1759a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:04:33.826180231Z 53 PC: 1759a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:04:33.827237445Z 37 PC: 175af | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:04:33.828252965Z 37 PC: 175b7 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:04:33.829995847Z 37 PC: 175bf | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:33.83115523Z 37 PC: 175c7 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:04:33.832413215Z 68 PC: 180fc | I/O control for devices (Set for = '')
2018-12-17T23:04:33.834398129Z 44 PC: 18233 | Get time 0x18233: mov word ptr [0x84], cx
0x18237: mov word ptr [0x86], dx
0x1823b: retf
0x1823c: mov di, 0x98
0x1823f: push ds
0x18240: pop es
0x18241: mov cx, 0x243e
0x18244: sub cx, di
0x18246: shr cx, 1
0x18248: xor ax, ax
0x1824a: cld
0x1824b: rep stosd dword ptr es:[di], eax
0x1824d: ret
0x1824e: add byte ptr [bx + si], al
0x18250: add byte ptr [bx + si], al
0x18252: or al, 0x41
0x18254: outsb dx, byte ptr [si]
0x18255: je 0x182c0
0x18257: sub ax, 0x6956
0x1825a: jb 0x1828a
2018-12-17T23:04:33.836193725Z 48 PC: 17e22 | Get DOS version
2018-12-17T23:04:33.837441325Z 67 PC: 17416 | Get or set file attributes
2018-12-17T23:04:33.846573167Z 67 PC: 17416 | Get or set file attributes
2018-12-17T23:04:33.852941134Z 65 PC: 17da9 | Delete file (Filename = 'Anti-Vir.Dat')
2018-12-17T23:04:33.857009546Z 67 PC: 17416 | Get or set file attributes
2018-12-17T23:04:33.863529694Z 65 PC: 17da9 | Delete file (Filename = 'Chklist.Ms')
2018-12-17T23:04:33.871056882Z 67 PC: 17416 | Get or set file attributes
2018-12-17T23:04:33.877602622Z 65 PC: 17da9 | Delete file (Filename = 'Chklist.Cps')
2018-12-17T23:04:33.884434372Z 67 PC: 17416 | Get or set file attributes
2018-12-17T23:04:33.892034243Z 65 PC: 17da9 | Delete file (Filename = 'Tbdriver.Exe')
2018-12-17T23:04:33.89905135Z 67 PC: 17416 | Get or set file attributes
2018-12-17T23:04:33.905863551Z 65 PC: 17da9 | Delete file (Filename = 'Files.Lst')
2018-12-17T23:04:33.915071849Z 41 PC: 174ff | Parse filename
2018-12-17T23:04:33.917246131Z 41 PC: 1750d | Parse filename
2018-12-17T23:04:33.919159713Z 75 PC: 17518 | Execute program
2018-12-17T23:04:33.937736216Z 53 PC: 1b91a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:04:33.939078324Z 53 PC: 1b91a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:04:33.940211838Z 53 PC: 1b91a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:04:33.941601097Z 53 PC: 1b91a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:04:33.943008768Z 53 PC: 1b91a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:04:33.944101131Z 53 PC: 1b91a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:33.945201936Z 53 PC: 1b91a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:04:33.94689565Z 53 PC: 1b91a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:04:33.948033158Z 53 PC: 1b91a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:04:33.949149978Z 53 PC: 1b91a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:04:33.954431053Z 53 PC: 1b91a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:04:33.955623688Z 53 PC: 1b91a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:04:33.95673933Z 53 PC: 1b91a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:04:33.959104343Z 53 PC: 1b91a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:04:33.961354301Z 53 PC: 1b91a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:04:33.963455052Z 53 PC: 1b91a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:04:33.966363555Z 53 PC: 1b91a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:04:33.968029861Z 53 PC: 1b91a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:04:33.969738655Z 53 PC: 1b91a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:04:33.972268339Z 37 PC: 1b92f | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:04:33.973874757Z 37 PC: 1b937 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:04:33.975495002Z 37 PC: 1b93f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:33.977328332Z 37 PC: 1b947 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:04:33.980228408Z 68 PC: 1c47c | I/O control for devices (Set for = '')
2018-12-17T23:04:33.981955341Z 44 PC: 1c5b3 | Get time 0x1c5b3: mov word ptr [0x84], cx
0x1c5b7: mov word ptr [0x86], dx
0x1c5bb: retf
0x1c5bc: mov di, 0x98
0x1c5bf: push ds
0x1c5c0: pop es
0x1c5c1: mov cx, 0x243e
0x1c5c4: sub cx, di
0x1c5c6: shr cx, 1
0x1c5c8: xor ax, ax
0x1c5ca: cld
0x1c5cb: rep stosd dword ptr es:[di], eax
0x1c5cd: ret
0x1c5ce: add byte ptr [bx + si], al
0x1c5d0: add byte ptr [bx + si], al
0x1c5d2: or al, 0x41
0x1c5d4: outsb dx, byte ptr [si]
0x1c5d5: je 0x1c640
0x1c5d7: sub ax, 0x6956
0x1c5da: jb 0x1c60a
2018-12-17T23:04:33.984600188Z 48 PC: 1c1a2 | Get DOS version
2018-12-17T23:04:33.988751981Z 67 PC: 1b796 | Get or set file attributes
2018-12-17T23:04:34.001032559Z 67 PC: 1b796 | Get or set file attributes
2018-12-17T23:04:34.007754168Z 65 PC: 1c129 | Delete file (Filename = 'Anti-Vir.Dat')
2018-12-17T23:04:34.01617681Z 67 PC: 1b796 | Get or set file attributes
2018-12-17T23:04:34.023468834Z 65 PC: 1c129 | Delete file (Filename = 'Chklist.Ms')
2018-12-17T23:04:34.030432033Z 67 PC: 1b796 | Get or set file attributes
2018-12-17T23:04:34.043657254Z 65 PC: 1c129 | Delete file (Filename = 'Chklist.Cps')
2018-12-17T23:04:34.056022725Z 67 PC: 1b796 | Get or set file attributes
2018-12-17T23:04:34.069033681Z 65 PC: 1c129 | Delete file (Filename = 'Tbdriver.Exe')
2018-12-17T23:04:34.076996339Z 67 PC: 1b796 | Get or set file attributes
2018-12-17T23:04:34.083788018Z 65 PC: 1c129 | Delete file (Filename = 'Files.Lst')
2018-12-17T23:04:34.09144689Z 41 PC: 1b87f | Parse filename
2018-12-17T23:04:34.094026128Z 41 PC: 1b88d | Parse filename
2018-12-17T23:04:34.096032935Z 75 PC: 1b898 | Execute program
2018-12-17T23:04:34.116203498Z 53 PC: 1fc9a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:04:34.118958988Z 53 PC: 1fc9a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:04:34.121207137Z 53 PC: 1fc9a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:04:34.123001697Z 53 PC: 1fc9a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:04:34.124774134Z 53 PC: 1fc9a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:04:34.128418669Z 53 PC: 1fc9a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:34.130181374Z 53 PC: 1fc9a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:04:34.131944092Z 53 PC: 1fc9a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:04:34.1348009Z 53 PC: 1fc9a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:04:34.136573095Z 53 PC: 1fc9a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:04:34.138349207Z 53 PC: 1fc9a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:04:34.140991691Z 53 PC: 1fc9a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:04:34.142727307Z 53 PC: 1fc9a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:04:34.14439949Z 53 PC: 1fc9a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:04:34.146679003Z 53 PC: 1fc9a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:04:34.147953967Z 53 PC: 1fc9a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:04:34.149405267Z 53 PC: 1fc9a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:04:34.151928404Z 53 PC: 1fc9a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:04:34.153760172Z 53 PC: 1fc9a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:04:34.155463667Z 37 PC: 1fcaf | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:04:34.157828506Z 37 PC: 1fcb7 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:04:34.159465677Z 37 PC: 1fcbf | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:34.161071597Z 37 PC: 1fcc7 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:04:34.163905806Z 68 PC: 207fc | I/O control for devices (Set for = '')
2018-12-17T23:04:34.1658897Z 44 PC: 20933 | Get time 0x20933: mov word ptr [0x84], cx
0x20937: mov word ptr [0x86], dx
0x2093b: retf
0x2093c: mov di, 0x98
0x2093f: push ds
0x20940: pop es
0x20941: mov cx, 0x243e
0x20944: sub cx, di
0x20946: shr cx, 1
0x20948: xor ax, ax
0x2094a: cld
0x2094b: rep stosd dword ptr es:[di], eax
0x2094d: ret
0x2094e: add byte ptr [bx + si], al
0x20950: add byte ptr [bx + si], al
0x20952: or al, 0x41
0x20954: outsb dx, byte ptr [si]
0x20955: je 0x209c0
0x20957: sub ax, 0x6956
0x2095a: jb 0x2098a
2018-12-17T23:04:34.168809604Z 48 PC: 20522 | Get DOS version
2018-12-17T23:04:34.171710357Z 67 PC: 1fb16 | Get or set file attributes
2018-12-17T23:04:34.184144544Z 67 PC: 1fb16 | Get or set file attributes
2018-12-17T23:04:34.191283648Z 65 PC: 204a9 | Delete file (Filename = 'Anti-Vir.Dat')
2018-12-17T23:04:34.200090355Z 67 PC: 1fb16 | Get or set file attributes
2018-12-17T23:04:34.212368688Z 65 PC: 204a9 | Delete file (Filename = 'Chklist.Ms')
2018-12-17T23:04:34.220818607Z 67 PC: 1fb16 | Get or set file attributes
2018-12-17T23:04:34.229317144Z 65 PC: 204a9 | Delete file (Filename = 'Chklist.Cps')
2018-12-17T23:04:34.237304696Z 67 PC: 1fb16 | Get or set file attributes
2018-12-17T23:04:34.244557477Z 65 PC: 204a9 | Delete file (Filename = 'Tbdriver.Exe')
2018-12-17T23:04:34.253249432Z 67 PC: 1fb16 | Get or set file attributes
2018-12-17T23:04:34.260736395Z 65 PC: 204a9 | Delete file (Filename = 'Files.Lst')
2018-12-17T23:04:34.268915722Z 41 PC: 1fbff | Parse filename
2018-12-17T23:04:34.27283728Z 41 PC: 1fc0d | Parse filename
2018-12-17T23:04:34.275739569Z 75 PC: 1fc18 | Execute program
2018-12-17T23:04:34.29354924Z 53 PC: 2401a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:04:34.295423712Z 53 PC: 2401a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:04:34.298503193Z 53 PC: 2401a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:04:34.300381517Z 53 PC: 2401a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:04:34.302140007Z 53 PC: 2401a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:04:34.305053902Z 53 PC: 2401a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:34.306941881Z 53 PC: 2401a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:04:34.308792214Z 53 PC: 2401a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:04:34.311641949Z 53 PC: 2401a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:04:34.313547169Z 53 PC: 2401a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:04:34.315382594Z 53 PC: 2401a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:04:34.317229609Z 53 PC: 2401a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:04:34.318609069Z 53 PC: 2401a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:04:34.319960462Z 53 PC: 2401a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:04:34.322283024Z 53 PC: 2401a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:04:34.324392249Z 53 PC: 2401a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:04:34.32612636Z 53 PC: 2401a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:04:34.32866233Z 53 PC: 2401a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:04:34.330698192Z 53 PC: 2401a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:04:34.332403417Z 37 PC: 2402f | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:04:34.335123518Z 37 PC: 24037 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:04:34.336540145Z 37 PC: 2403f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:34.338207851Z 37 PC: 24047 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:04:34.340706146Z 68 PC: 24b7c | I/O control for devices (Set for = 'p')
2018-12-17T23:04:34.342774843Z 44 PC: 24cb3 | Get time 0x24cb3: mov word ptr [0x84], cx
0x24cb7: mov word ptr [0x86], dx
0x24cbb: retf
0x24cbc: mov di, 0x98
0x24cbf: push ds
0x24cc0: pop es
0x24cc1: mov cx, 0x243e
0x24cc4: sub cx, di
0x24cc6: shr cx, 1
0x24cc8: xor ax, ax
0x24cca: cld
0x24ccb: rep stosd dword ptr es:[di], eax
0x24ccd: ret
0x24cce: add byte ptr [bx + si], al
0x24cd0: add byte ptr [bx + si], al
0x24cd2: or al, 0x41
0x24cd4: outsb dx, byte ptr [si]
0x24cd5: je 0x24d40
0x24cd7: sub ax, 0x6956
0x24cda: jb 0x24d0a
2018-12-17T23:04:34.345617473Z 48 PC: 248a2 | Get DOS version
2018-12-17T23:04:34.348000139Z 67 PC: 23e96 | Get or set file attributes
2018-12-17T23:04:34.36128419Z 67 PC: 23e96 | Get or set file attributes
2018-12-17T23:04:34.368213072Z 65 PC: 24829 | Delete file (Filename = 'Anti-Vir.Dat')
2018-12-17T23:04:34.376065116Z 67 PC: 23e96 | Get or set file attributes
2018-12-17T23:04:34.383292447Z 65 PC: 24829 | Delete file (Filename = 'Chklist.Ms')
2018-12-17T23:04:34.3903324Z 67 PC: 23e96 | Get or set file attributes
2018-12-17T23:04:34.402816725Z 65 PC: 24829 | Delete file (Filename = 'Chklist.Cps')
2018-12-17T23:04:34.416767985Z 67 PC: 23e96 | Get or set file attributes
2018-12-17T23:04:34.423719611Z 65 PC: 24829 | Delete file (Filename = 'Tbdriver.Exe')
2018-12-17T23:04:34.430763748Z 67 PC: 23e96 | Get or set file attributes
2018-12-17T23:04:34.439263633Z 65 PC: 24829 | Delete file (Filename = 'Files.Lst')
2018-12-17T23:04:34.446996694Z 41 PC: 23f7f | Parse filename
2018-12-17T23:04:34.448970198Z 41 PC: 23f8d | Parse filename
2018-12-17T23:04:34.452001685Z 75 PC: 23f98 | Execute program
2018-12-17T23:04:34.470575576Z 53 PC: 2839a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:04:34.472557862Z 53 PC: 2839a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:04:34.474988969Z 53 PC: 2839a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:04:34.476838008Z 53 PC: 2839a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:04:34.478843458Z 53 PC: 2839a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:04:34.481194133Z 53 PC: 2839a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:34.483233801Z 53 PC: 2839a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:04:34.486078677Z 53 PC: 2839a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:04:34.488319455Z 53 PC: 2839a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:04:34.490391968Z 53 PC: 2839a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:04:34.492477429Z 53 PC: 2839a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:04:34.494913595Z 53 PC: 2839a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:04:34.496710204Z 53 PC: 2839a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:04:34.498432457Z 53 PC: 2839a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:04:34.501075221Z 53 PC: 2839a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:04:34.50266235Z 53 PC: 2839a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:04:34.504537449Z 53 PC: 2839a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:04:34.507078705Z 53 PC: 2839a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:04:34.508702051Z 53 PC: 2839a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:04:34.510466013Z 37 PC: 283af | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:04:34.513066634Z 37 PC: 283b7 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:04:34.514621642Z 37 PC: 283bf | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:34.516136409Z 37 PC: 283c7 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:04:34.519523351Z 68 PC: 28efc | I/O control for devices (Set for = '')
2018-12-17T23:04:34.521644947Z 44 PC: 29033 | Get time 0x29033: mov word ptr [0x84], cx
0x29037: mov word ptr [0x86], dx
0x2903b: retf
0x2903c: mov di, 0x98
0x2903f: push ds
0x29040: pop es
0x29041: mov cx, 0x243e
0x29044: sub cx, di
0x29046: shr cx, 1
0x29048: xor ax, ax
0x2904a: cld
0x2904b: rep stosd dword ptr es:[di], eax
0x2904d: ret
0x2904e: add byte ptr [bx + si], al
0x29050: add byte ptr [bx + si], al
0x29052: or al, 0x41
0x29054: outsb dx, byte ptr [si]
0x29055: je 0x290c0
0x29057: sub ax, 0x6956
0x2905a: jb 0x2908a
2018-12-17T23:04:34.524823696Z 48 PC: 28c22 | Get DOS version
2018-12-17T23:04:34.527649478Z 67 PC: 28216 | Get or set file attributes
2018-12-17T23:04:34.539629937Z 67 PC: 28216 | Get or set file attributes
2018-12-17T23:04:34.547243941Z 65 PC: 28ba9 | Delete file (Filename = 'Anti-Vir.Dat')
2018-12-17T23:04:34.554603422Z 67 PC: 28216 | Get or set file attributes
2018-12-17T23:04:34.562006736Z 65 PC: 28ba9 | Delete file (Filename = 'Chklist.Ms')
2018-12-17T23:04:34.569937519Z 67 PC: 28216 | Get or set file attributes
2018-12-17T23:04:34.576916687Z 65 PC: 28ba9 | Delete file (Filename = 'Chklist.Cps')
2018-12-17T23:04:34.585352119Z 67 PC: 28216 | Get or set file attributes
2018-12-17T23:04:34.592446753Z 65 PC: 28ba9 | Delete file (Filename = 'Tbdriver.Exe')
2018-12-17T23:04:34.59982728Z 67 PC: 28216 | Get or set file attributes
2018-12-17T23:04:34.60808368Z 65 PC: 28ba9 | Delete file (Filename = 'Files.Lst')
2018-12-17T23:04:34.616118868Z 41 PC: 282ff | Parse filename
2018-12-17T23:04:34.618385458Z 41 PC: 2830d | Parse filename
2018-12-17T23:04:34.621696875Z 75 PC: 28318 | Execute program
2018-12-17T23:04:34.640067066Z 53 PC: 2c71a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:04:34.642073074Z 53 PC: 2c71a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:04:34.644644627Z 53 PC: 2c71a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:04:34.646859066Z 53 PC: 2c71a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:04:34.64856284Z 53 PC: 2c71a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:04:34.65109986Z 53 PC: 2c71a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:34.65311464Z 53 PC: 2c71a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:04:34.654826497Z 53 PC: 2c71a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:04:34.657314129Z 53 PC: 2c71a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:04:34.661251897Z 53 PC: 2c71a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:04:34.662759441Z 53 PC: 2c71a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:04:34.671407425Z 53 PC: 2c71a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:04:34.672785329Z 53 PC: 2c71a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:04:34.679094028Z 53 PC: 2c71a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:04:34.68124124Z 53 PC: 2c71a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:04:34.682637807Z 53 PC: 2c71a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:04:34.683964552Z 53 PC: 2c71a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:04:34.685499866Z 53 PC: 2c71a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:04:34.687402676Z 53 PC: 2c71a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:04:34.688750646Z 37 PC: 2c72f | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:04:34.690266843Z 37 PC: 2c737 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:04:34.692942785Z 37 PC: 2c73f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:34.694570817Z 37 PC: 2c747 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:04:34.696649022Z 68 PC: 2d27c | I/O control for devices (Set for = '')
2018-12-17T23:04:34.699684445Z 44 PC: 2d3b3 | Get time 0x2d3b3: mov word ptr [0x84], cx
0x2d3b7: mov word ptr [0x86], dx
0x2d3bb: retf
0x2d3bc: mov di, 0x98
0x2d3bf: push ds
0x2d3c0: pop es
0x2d3c1: mov cx, 0x243e
0x2d3c4: sub cx, di
0x2d3c6: shr cx, 1
0x2d3c8: xor ax, ax
0x2d3ca: cld
0x2d3cb: rep stosd dword ptr es:[di], eax
0x2d3cd: ret
0x2d3ce: add byte ptr [bx + si], al
0x2d3d0: add byte ptr [bx + si], al
0x2d3d2: or al, 0x41
0x2d3d4: outsb dx, byte ptr [si]
0x2d3d5: je 0x2d440
0x2d3d7: sub ax, 0x6956
0x2d3da: jb 0x2d40a
2018-12-17T23:04:34.702608658Z 48 PC: 2cfa2 | Get DOS version
2018-12-17T23:04:34.704690508Z 67 PC: 2c596 | Get or set file attributes
2018-12-17T23:04:34.71876748Z 67 PC: 2c596 | Get or set file attributes
2018-12-17T23:04:34.725634252Z 65 PC: 2cf29 | Delete file (Filename = 'Anti-Vir.Dat')
2018-12-17T23:04:34.732632946Z 67 PC: 2c596 | Get or set file attributes
2018-12-17T23:04:34.740518892Z 65 PC: 2cf29 | Delete file (Filename = 'Chklist.Ms')
2018-12-17T23:04:34.747219337Z 67 PC: 2c596 | Get or set file attributes
2018-12-17T23:04:34.771366151Z 65 PC: 2cf29 | Delete file (Filename = 'Chklist.Cps')
2018-12-17T23:04:34.786572765Z 67 PC: 2c596 | Get or set file attributes
2018-12-17T23:04:34.793411Z 65 PC: 2cf29 | Delete file (Filename = 'Tbdriver.Exe')
2018-12-17T23:04:34.800462184Z 67 PC: 2c596 | Get or set file attributes
2018-12-17T23:04:34.808394451Z 65 PC: 2cf29 | Delete file (Filename = 'Files.Lst')
2018-12-17T23:04:34.816168507Z 41 PC: 2c67f | Parse filename
2018-12-17T23:04:34.818157367Z 41 PC: 2c68d | Parse filename
2018-12-17T23:04:34.82126794Z 75 PC: 2c698 | Execute program
2018-12-17T23:04:34.854387623Z 53 PC: 30a9a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:04:34.856270211Z 53 PC: 30a9a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:04:34.859135793Z 53 PC: 30a9a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:04:34.860969785Z 53 PC: 30a9a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:04:34.862800374Z 53 PC: 30a9a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:04:34.865315858Z 53 PC: 30a9a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:34.867085752Z 53 PC: 30a9a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:04:34.868812351Z 53 PC: 30a9a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:04:34.871022377Z 53 PC: 30a9a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:04:34.872858318Z 53 PC: 30a9a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:04:34.874941272Z 53 PC: 30a9a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:04:34.876958224Z 53 PC: 30a9a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:04:34.878791304Z 53 PC: 30a9a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:04:34.881230614Z 53 PC: 30a9a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:04:34.883010129Z 53 PC: 30a9a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:04:34.884826739Z 53 PC: 30a9a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:04:34.887240615Z 53 PC: 30a9a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:04:34.889072227Z 53 PC: 30a9a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:04:34.89086633Z 53 PC: 30a9a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:04:34.893256127Z 37 PC: 30aaf | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:04:34.895060346Z 37 PC: 30ab7 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:04:34.897200675Z 37 PC: 30abf | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:34.899616771Z 37 PC: 30ac7 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:04:34.901757683Z 68 PC: 315fc | I/O control for devices (Set for = '')
2018-12-17T23:04:34.903839145Z 44 PC: 31733 | Get time 0x31733: mov word ptr [0x84], cx
0x31737: mov word ptr [0x86], dx
0x3173b: retf
0x3173c: mov di, 0x98
0x3173f: push ds
0x31740: pop es
0x31741: mov cx, 0x243e
0x31744: sub cx, di
0x31746: shr cx, 1
0x31748: xor ax, ax
0x3174a: cld
0x3174b: rep stosd dword ptr es:[di], eax
0x3174d: ret
0x3174e: add byte ptr [bx + si], al
0x31750: add byte ptr [bx + si], al
0x31752: or al, 0x41
0x31754: outsb dx, byte ptr [si]
0x31755: je 0x317c0
0x31757: sub ax, 0x6956
0x3175a: jb 0x3178a
2018-12-17T23:04:34.907382503Z 48 PC: 31322 | Get DOS version
2018-12-17T23:04:34.909516927Z 67 PC: 30916 | Get or set file attributes
2018-12-17T23:04:34.921843908Z 67 PC: 30916 | Get or set file attributes
2018-12-17T23:04:34.929410406Z 65 PC: 312a9 | Delete file (Filename = 'Anti-Vir.Dat')
2018-12-17T23:04:34.936468572Z 67 PC: 30916 | Get or set file attributes
2018-12-17T23:04:34.943323613Z 65 PC: 312a9 | Delete file (Filename = 'Chklist.Ms')
2018-12-17T23:04:34.951615307Z 67 PC: 30916 | Get or set file attributes
2018-12-17T23:04:34.963635741Z 65 PC: 312a9 | Delete file (Filename = 'Chklist.Cps')
2018-12-17T23:04:34.975919504Z 67 PC: 30916 | Get or set file attributes
2018-12-17T23:04:34.989839867Z 65 PC: 312a9 | Delete file (Filename = 'Tbdriver.Exe')
2018-12-17T23:04:34.997311694Z 67 PC: 30916 | Get or set file attributes
2018-12-17T23:04:35.004649795Z 65 PC: 312a9 | Delete file (Filename = 'Files.Lst')
2018-12-17T23:04:35.013207165Z 41 PC: 309ff | Parse filename
2018-12-17T23:04:35.015519632Z 41 PC: 30a0d | Parse filename
2018-12-17T23:04:35.018431815Z 75 PC: 30a18 | Execute program
2018-12-17T23:04:35.037296146Z 53 PC: 34e1a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:04:35.039067108Z 53 PC: 34e1a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:04:35.041502274Z 53 PC: 34e1a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:04:35.043248404Z 53 PC: 34e1a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:04:35.04497017Z 53 PC: 34e1a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:04:35.047341537Z 53 PC: 34e1a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:35.050007797Z 53 PC: 34e1a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:04:35.051622842Z 53 PC: 34e1a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:04:35.053661489Z 53 PC: 34e1a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:04:35.055279444Z 53 PC: 34e1a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:04:35.056929565Z 53 PC: 34e1a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:04:35.059414354Z 53 PC: 34e1a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:04:35.061249238Z 53 PC: 34e1a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:04:35.062987656Z 53 PC: 34e1a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:04:35.065606052Z 53 PC: 34e1a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:04:35.067315044Z 53 PC: 34e1a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:04:35.068701474Z 53 PC: 34e1a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:04:35.07103636Z 53 PC: 34e1a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:04:35.072436215Z 53 PC: 34e1a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:04:35.073802578Z 37 PC: 34e2f | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:04:35.080459521Z 37 PC: 34e37 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:04:35.081781289Z 37 PC: 34e3f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:35.083087195Z 37 PC: 34e47 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:04:35.086124965Z 68 PC: 3597c | I/O control for devices (Set for = '')
2018-12-17T23:04:35.088470881Z 44 PC: 35ab3 | Get time 0x35ab3: mov word ptr [0x84], cx
0x35ab7: mov word ptr [0x86], dx
0x35abb: retf
0x35abc: mov di, 0x98
0x35abf: push ds
0x35ac0: pop es
0x35ac1: mov cx, 0x243e
0x35ac4: sub cx, di
0x35ac6: shr cx, 1
0x35ac8: xor ax, ax
0x35aca: cld
0x35acb: rep stosd dword ptr es:[di], eax
0x35acd: ret
0x35ace: add byte ptr [bx + si], al
0x35ad0: add byte ptr [bx + si], al
0x35ad2: or al, 0x41
0x35ad4: outsb dx, byte ptr [si]
0x35ad5: je 0x35b40
0x35ad7: sub ax, 0x6956
0x35ada: jb 0x35b0a
2018-12-17T23:04:35.091426394Z 48 PC: 356a2 | Get DOS version
2018-12-17T23:04:35.094387649Z 67 PC: 34c96 | Get or set file attributes
2018-12-17T23:04:35.106165036Z 67 PC: 34c96 | Get or set file attributes
2018-12-17T23:04:35.113161936Z 65 PC: 35629 | Delete file (Filename = 'Anti-Vir.Dat')
2018-12-17T23:04:35.121134046Z 67 PC: 34c96 | Get or set file attributes
2018-12-17T23:04:35.127770984Z 65 PC: 35629 | Delete file (Filename = 'Chklist.Ms')
2018-12-17T23:04:35.135612105Z 67 PC: 34c96 | Get or set file attributes
2018-12-17T23:04:35.143685611Z 65 PC: 35629 | Delete file (Filename = 'Chklist.Cps')
2018-12-17T23:04:35.151278083Z 67 PC: 34c96 | Get or set file attributes
2018-12-17T23:04:35.157954Z 65 PC: 35629 | Delete file (Filename = 'Tbdriver.Exe')
2018-12-17T23:04:35.166410265Z 67 PC: 34c96 | Get or set file attributes
2018-12-17T23:04:35.17398455Z 65 PC: 35629 | Delete file (Filename = 'Files.Lst')
2018-12-17T23:04:35.182323127Z 41 PC: 34d7f | Parse filename
2018-12-17T23:04:35.185730599Z 41 PC: 34d8d | Parse filename
2018-12-17T23:04:35.188031409Z 75 PC: 34d98 | Execute program
2018-12-17T23:04:35.207121001Z 53 PC: 3919a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:04:35.210075307Z 53 PC: 3919a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:04:35.212427539Z 53 PC: 3919a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:04:35.214467955Z 53 PC: 3919a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:04:35.21735127Z 53 PC: 3919a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:04:35.219711602Z 53 PC: 3919a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:35.221698461Z 53 PC: 3919a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:04:35.224664904Z 53 PC: 3919a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:04:35.226737331Z 53 PC: 3919a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:04:35.228721636Z 53 PC: 3919a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:04:35.231963252Z 53 PC: 3919a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:04:35.233988746Z 53 PC: 3919a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:04:35.236036399Z 53 PC: 3919a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:04:35.238669171Z 53 PC: 3919a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:04:35.240207823Z 53 PC: 3919a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:04:35.241700387Z 53 PC: 3919a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:04:35.243825925Z 53 PC: 3919a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:04:35.24555204Z 53 PC: 3919a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:04:35.247277213Z 53 PC: 3919a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:04:35.250067023Z 37 PC: 391af | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:04:35.251725934Z 37 PC: 391b7 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:04:35.253368359Z 37 PC: 391bf | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:35.255644601Z 37 PC: 391c7 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:04:35.257749089Z 68 PC: 39cfc | I/O control for devices (Set for = '')
2018-12-17T23:04:35.259763415Z 44 PC: 39e33 | Get time 0x39e33: mov word ptr [0x84], cx
0x39e37: mov word ptr [0x86], dx
0x39e3b: retf
0x39e3c: mov di, 0x98
0x39e3f: push ds
0x39e40: pop es
0x39e41: mov cx, 0x243e
0x39e44: sub cx, di
0x39e46: shr cx, 1
0x39e48: xor ax, ax
0x39e4a: cld
0x39e4b: rep stosd dword ptr es:[di], eax
0x39e4d: ret
0x39e4e: add byte ptr [bx + si], al
0x39e50: add byte ptr [bx + si], al
0x39e52: or al, 0x41
0x39e54: outsb dx, byte ptr [si]
0x39e55: je 0x39ec0
0x39e57: sub ax, 0x6956
0x39e5a: jb 0x39e8a
2018-12-17T23:04:35.263106399Z 48 PC: 39a22 | Get DOS version
2018-12-17T23:04:35.265226438Z 67 PC: 39016 | Get or set file attributes
2018-12-17T23:04:35.277203077Z 67 PC: 39016 | Get or set file attributes
2018-12-17T23:04:35.286086447Z 65 PC: 399a9 | Delete file (Filename = 'Anti-Vir.Dat')
2018-12-17T23:04:35.293238332Z 67 PC: 39016 | Get or set file attributes
2018-12-17T23:04:35.300336033Z 65 PC: 399a9 | Delete file (Filename = 'Chklist.Ms')
2018-12-17T23:04:35.308241024Z 67 PC: 39016 | Get or set file attributes
2018-12-17T23:04:35.315193926Z 65 PC: 399a9 | Delete file (Filename = 'Chklist.Cps')
2018-12-17T23:04:35.32312448Z 67 PC: 39016 | Get or set file attributes
2018-12-17T23:04:35.329880427Z 65 PC: 399a9 | Delete file (Filename = 'Tbdriver.Exe')
2018-12-17T23:04:35.336939426Z 67 PC: 39016 | Get or set file attributes
2018-12-17T23:04:35.344580401Z 65 PC: 399a9 | Delete file (Filename = 'Files.Lst')
2018-12-17T23:04:35.353322461Z 41 PC: 390ff | Parse filename
2018-12-17T23:04:35.35531509Z 41 PC: 3910d | Parse filename
2018-12-17T23:04:35.3581664Z 75 PC: 39118 | Execute program
2018-12-17T23:04:35.376181508Z 53 PC: 3d51a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:04:35.377928678Z 53 PC: 3d51a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:04:35.380540798Z 53 PC: 3d51a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:04:35.382577818Z 53 PC: 3d51a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:04:35.38429778Z 53 PC: 3d51a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:04:35.386880897Z 53 PC: 3d51a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:35.38870211Z 53 PC: 3d51a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:04:35.390445428Z 53 PC: 3d51a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:04:35.39302236Z 53 PC: 3d51a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:04:35.395619704Z 53 PC: 3d51a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:04:35.397329008Z 53 PC: 3d51a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:04:35.399918881Z 53 PC: 3d51a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:04:35.401781206Z 53 PC: 3d51a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:04:35.40349754Z 53 PC: 3d51a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:04:35.406093947Z 53 PC: 3d51a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:04:35.407513463Z 53 PC: 3d51a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:04:35.4089056Z 53 PC: 3d51a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:04:35.411125045Z 53 PC: 3d51a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:04:35.412499732Z 53 PC: 3d51a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:04:35.413844644Z 37 PC: 3d52f | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:04:35.416226499Z 37 PC: 3d537 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:04:35.41750279Z 37 PC: 3d53f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:35.418778374Z 37 PC: 3d547 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:04:35.421593498Z 68 PC: 3e07c | I/O control for devices (Set for = '')
2018-12-17T23:04:35.423427586Z 44 PC: 3e1b3 | Get time 0x3e1b3: mov word ptr [0x84], cx
0x3e1b7: mov word ptr [0x86], dx
0x3e1bb: retf
0x3e1bc: mov di, 0x98
0x3e1bf: push ds
0x3e1c0: pop es
0x3e1c1: mov cx, 0x243e
0x3e1c4: sub cx, di
0x3e1c6: shr cx, 1
0x3e1c8: xor ax, ax
0x3e1ca: cld
0x3e1cb: rep stosd dword ptr es:[di], eax
0x3e1cd: ret
0x3e1ce: add byte ptr [bx + si], al
0x3e1d0: add byte ptr [bx + si], al
0x3e1d2: or al, 0x41
0x3e1d4: outsb dx, byte ptr [si]
0x3e1d5: je 0x3e240
0x3e1d7: sub ax, 0x6956
0x3e1da: jb 0x3e20a
2018-12-17T23:04:35.426021036Z 48 PC: 3dda2 | Get DOS version
2018-12-17T23:04:35.429333976Z 67 PC: 3d396 | Get or set file attributes
2018-12-17T23:04:35.441525601Z 67 PC: 3d396 | Get or set file attributes
2018-12-17T23:04:35.448669359Z 65 PC: 3dd29 | Delete file (Filename = 'Anti-Vir.Dat')
2018-12-17T23:04:35.456645934Z 67 PC: 3d396 | Get or set file attributes
2018-12-17T23:04:35.463243756Z 65 PC: 3dd29 | Delete file (Filename = 'Chklist.Ms')
2018-12-17T23:04:35.470099261Z 67 PC: 3d396 | Get or set file attributes
2018-12-17T23:04:35.483666765Z 65 PC: 3dd29 | Delete file (Filename = 'Chklist.Cps')
2018-12-17T23:04:35.497616296Z 67 PC: 3d396 | Get or set file attributes
2018-12-17T23:04:35.50446802Z 65 PC: 3dd29 | Delete file (Filename = 'Tbdriver.Exe')
2018-12-17T23:04:35.513333901Z 67 PC: 3d396 | Get or set file attributes
2018-12-17T23:04:35.520130634Z 65 PC: 3dd29 | Delete file (Filename = 'Files.Lst')
2018-12-17T23:04:35.52809Z 41 PC: 3d47f | Parse filename
2018-12-17T23:04:35.530391674Z 41 PC: 3d48d | Parse filename
2018-12-17T23:04:35.532346622Z 75 PC: 3d498 | Execute program
2018-12-17T23:04:35.552974012Z 53 PC: 4189a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:04:35.554717439Z 53 PC: 4189a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:04:35.556431881Z 53 PC: 4189a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:04:35.559939331Z 53 PC: 4189a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:04:35.561656065Z 53 PC: 4189a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:04:35.563368606Z 53 PC: 4189a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:35.566011902Z 53 PC: 4189a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:04:35.567691903Z 53 PC: 4189a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:04:35.569393335Z 53 PC: 4189a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:04:35.571830572Z 53 PC: 4189a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:04:35.57353405Z 53 PC: 4189a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:04:35.575930377Z 53 PC: 4189a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:04:35.577738617Z 53 PC: 4189a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:04:35.579276383Z 53 PC: 4189a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:04:35.581928894Z 53 PC: 4189a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:04:35.58379848Z 53 PC: 4189a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:04:35.585493534Z 53 PC: 4189a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:04:35.588090836Z 53 PC: 4189a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:04:35.590070645Z 53 PC: 4189a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:04:35.591776435Z 37 PC: 418af | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:04:35.594863251Z 37 PC: 418b7 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:04:35.596496462Z 37 PC: 418bf | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:35.598121355Z 37 PC: 418c7 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:04:35.600691121Z 68 PC: 423fc | I/O control for devices (Set for = '')
2018-12-17T23:04:35.602693836Z 44 PC: 42533 | Get time 0x42533: mov word ptr [0x84], cx
0x42537: mov word ptr [0x86], dx
0x4253b: retf
0x4253c: mov di, 0x98
0x4253f: push ds
0x42540: pop es
0x42541: mov cx, 0x243e
0x42544: sub cx, di
0x42546: shr cx, 1
0x42548: xor ax, ax
0x4254a: cld
0x4254b: rep stosd dword ptr es:[di], eax
0x4254d: ret
0x4254e: add byte ptr [bx + si], al
0x42550: add byte ptr [bx + si], al
0x42552: or al, 0x41
0x42554: outsb dx, byte ptr [si]
0x42555: je 0x425c0
0x42557: sub ax, 0x6956
0x4255a: jb 0x4258a
2018-12-17T23:04:35.605817384Z 48 PC: 42122 | Get DOS version
2018-12-17T23:04:35.608172657Z 67 PC: 41716 | Get or set file attributes
2018-12-17T23:04:35.619985432Z 67 PC: 41716 | Get or set file attributes
2018-12-17T23:04:35.627895957Z 65 PC: 420a9 | Delete file (Filename = 'Anti-Vir.Dat')
2018-12-17T23:04:35.635210223Z 67 PC: 41716 | Get or set file attributes
2018-12-17T23:04:35.64346621Z 65 PC: 420a9 | Delete file (Filename = 'Chklist.Ms')
2018-12-17T23:04:35.651638602Z 67 PC: 41716 | Get or set file attributes
2018-12-17T23:04:35.659100056Z 65 PC: 420a9 | Delete file (Filename = 'Chklist.Cps')
2018-12-17T23:04:35.666233141Z 67 PC: 41716 | Get or set file attributes
2018-12-17T23:04:35.674087106Z 65 PC: 420a9 | Delete file (Filename = 'Tbdriver.Exe')
2018-12-17T23:04:35.68201652Z 67 PC: 41716 | Get or set file attributes
2018-12-17T23:04:35.688991233Z 65 PC: 420a9 | Delete file (Filename = 'Files.Lst')
2018-12-17T23:04:35.697455602Z 41 PC: 417ff | Parse filename
2018-12-17T23:04:35.699469017Z 41 PC: 4180d | Parse filename
2018-12-17T23:04:35.701474227Z 75 PC: 41818 | Execute program
2018-12-17T23:04:35.720314574Z 53 PC: 45c1a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:04:35.722401422Z 53 PC: 45c1a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:04:35.725038784Z 53 PC: 45c1a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:04:35.727049416Z 53 PC: 45c1a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:04:35.728932174Z 53 PC: 45c1a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:04:35.731388295Z 53 PC: 45c1a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:35.746456964Z 53 PC: 45c1a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:04:35.747817489Z 53 PC: 45c1a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:04:35.750549695Z 53 PC: 45c1a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:04:35.752635747Z 53 PC: 45c1a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:04:35.754051945Z 53 PC: 45c1a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:04:35.756220074Z 53 PC: 45c1a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:04:35.757623841Z 53 PC: 45c1a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:04:35.759047701Z 53 PC: 45c1a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:04:35.761434556Z 53 PC: 45c1a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:04:35.763453992Z 53 PC: 45c1a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:04:35.76489263Z 53 PC: 45c1a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:04:35.766563736Z 53 PC: 45c1a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:04:35.768476881Z 53 PC: 45c1a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:04:35.770714692Z 37 PC: 45c2f | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:04:35.772298601Z 37 PC: 45c37 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:04:35.773670113Z 37 PC: 45c3f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:35.77610748Z 37 PC: 45c47 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:04:35.778500811Z 68 PC: 4677c | I/O control for devices (Set for = '')
2018-12-17T23:04:35.780883103Z 44 PC: 468b3 | Get time 0x468b3: mov word ptr [0x84], cx
0x468b7: mov word ptr [0x86], dx
0x468bb: retf
0x468bc: mov di, 0x98
0x468bf: push ds
0x468c0: pop es
0x468c1: mov cx, 0x243e
0x468c4: sub cx, di
0x468c6: shr cx, 1
0x468c8: xor ax, ax
0x468ca: cld
0x468cb: rep stosd dword ptr es:[di], eax
0x468cd: ret
0x468ce: add byte ptr [bx + si], al
0x468d0: add byte ptr [bx + si], al
0x468d2: or al, 0x41
0x468d4: outsb dx, byte ptr [si]
0x468d5: je 0x46940
0x468d7: sub ax, 0x6956
0x468da: jb 0x4690a
2018-12-17T23:04:35.784697533Z 48 PC: 464a2 | Get DOS version
2018-12-17T23:04:35.787617909Z 67 PC: 45a96 | Get or set file attributes
2018-12-17T23:04:35.799632958Z 67 PC: 45a96 | Get or set file attributes
2018-12-17T23:04:35.807191762Z 65 PC: 46429 | Delete file (Filename = 'Anti-Vir.Dat')
2018-12-17T23:04:35.814372193Z 67 PC: 45a96 | Get or set file attributes
2018-12-17T23:04:35.821984407Z 65 PC: 46429 | Delete file (Filename = 'Chklist.Ms')
2018-12-17T23:04:35.829234433Z 67 PC: 45a96 | Get or set file attributes
2018-12-17T23:04:35.841538114Z 65 PC: 46429 | Delete file (Filename = 'Chklist.Cps')
2018-12-17T23:04:35.855451543Z 67 PC: 45a96 | Get or set file attributes
2018-12-17T23:04:35.862087889Z 65 PC: 46429 | Delete file (Filename = 'Tbdriver.Exe')
2018-12-17T23:04:35.869063943Z 67 PC: 45a96 | Get or set file attributes
2018-12-17T23:04:35.876210458Z 65 PC: 46429 | Delete file (Filename = 'Files.Lst')
2018-12-17T23:04:35.883957899Z 41 PC: 45b7f | Parse filename
2018-12-17T23:04:35.885874933Z 41 PC: 45b8d | Parse filename
2018-12-17T23:04:35.888421906Z 75 PC: 45b98 | Execute program
2018-12-17T23:04:35.907605586Z 53 PC: 49f9a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:04:35.90933816Z 53 PC: 49f9a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:04:35.911992299Z 53 PC: 49f9a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:04:35.913643408Z 53 PC: 49f9a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:04:35.916206572Z 53 PC: 49f9a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:04:35.918022183Z 53 PC: 49f9a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:35.919663718Z 53 PC: 49f9a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:04:35.922219204Z 53 PC: 49f9a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:04:35.924043285Z 53 PC: 49f9a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:04:35.925676976Z 53 PC: 49f9a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:04:35.928761065Z 53 PC: 49f9a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:04:35.934393131Z 53 PC: 49f9a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:04:35.936015446Z 53 PC: 49f9a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:04:35.938071413Z 53 PC: 49f9a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:04:35.939733771Z 53 PC: 49f9a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:04:35.941620564Z 53 PC: 49f9a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:04:35.944056274Z 53 PC: 49f9a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:04:35.945708979Z 53 PC: 49f9a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:04:35.948193498Z 53 PC: 49f9a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:04:35.950034706Z 37 PC: 49faf | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:04:35.951602122Z 37 PC: 49fb7 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:04:35.954051942Z 37 PC: 49fbf | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:35.955347032Z 37 PC: 49fc7 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:04:35.957118843Z 68 PC: 4aafc | I/O control for devices (Set for = '')
2018-12-17T23:04:35.959666971Z 44 PC: 4ac33 | Get time 0x4ac33: mov word ptr [0x84], cx
0x4ac37: mov word ptr [0x86], dx
0x4ac3b: retf
0x4ac3c: mov di, 0x98
0x4ac3f: push ds
0x4ac40: pop es
0x4ac41: mov cx, 0x243e
0x4ac44: sub cx, di
0x4ac46: shr cx, 1
0x4ac48: xor ax, ax
0x4ac4a: cld
0x4ac4b: rep stosd dword ptr es:[di], eax
0x4ac4d: ret
0x4ac4e: add byte ptr [bx + si], al
0x4ac50: add byte ptr [bx + si], al
0x4ac52: or al, 0x41
0x4ac54: outsb dx, byte ptr [si]
0x4ac55: je 0x4acc0
0x4ac57: sub ax, 0x6956
0x4ac5a: jb 0x4ac8a
2018-12-17T23:04:35.962306778Z 48 PC: 4a822 | Get DOS version
2018-12-17T23:04:35.964084538Z 67 PC: 49e16 | Get or set file attributes
2018-12-17T23:04:35.977865562Z 67 PC: 49e16 | Get or set file attributes
2018-12-17T23:04:35.98493637Z 65 PC: 4a7a9 | Delete file (Filename = 'Anti-Vir.Dat')
2018-12-17T23:04:35.992134264Z 67 PC: 49e16 | Get or set file attributes
2018-12-17T23:04:36.000321135Z 65 PC: 4a7a9 | Delete file (Filename = 'Chklist.Ms')
2018-12-17T23:04:36.00850245Z 67 PC: 49e16 | Get or set file attributes
2018-12-17T23:04:36.016615061Z 65 PC: 4a7a9 | Delete file (Filename = 'Chklist.Cps')
2018-12-17T23:04:36.023991383Z 67 PC: 49e16 | Get or set file attributes
2018-12-17T23:04:36.031204252Z 65 PC: 4a7a9 | Delete file (Filename = 'Tbdriver.Exe')
2018-12-17T23:04:36.039484475Z 67 PC: 49e16 | Get or set file attributes
2018-12-17T23:04:36.046737579Z 65 PC: 4a7a9 | Delete file (Filename = 'Files.Lst')
2018-12-17T23:04:36.0545706Z 41 PC: 49eff | Parse filename
2018-12-17T23:04:36.058313444Z 41 PC: 49f0d | Parse filename
2018-12-17T23:04:36.061033519Z 75 PC: 49f18 | Execute program
2018-12-17T23:04:36.078311554Z 53 PC: 4e31a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:04:36.081024553Z 53 PC: 4e31a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:04:36.082620261Z 53 PC: 4e31a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:04:36.085241546Z 53 PC: 4e31a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:04:36.087320263Z 53 PC: 4e31a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:04:36.089014209Z 53 PC: 4e31a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:36.091680571Z 53 PC: 4e31a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:04:36.093690255Z 53 PC: 4e31a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:04:36.095353731Z 53 PC: 4e31a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:04:36.098238074Z 53 PC: 4e31a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:04:36.099951763Z 53 PC: 4e31a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:04:36.101817694Z 53 PC: 4e31a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:04:36.103590746Z 53 PC: 4e31a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:04:36.104944492Z 53 PC: 4e31a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:04:36.107234594Z 53 PC: 4e31a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:04:36.108629153Z 53 PC: 4e31a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:04:36.109992838Z 53 PC: 4e31a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:04:36.112328125Z 53 PC: 4e31a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:04:36.11369114Z 53 PC: 4e31a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:04:36.115303281Z 37 PC: 4e32f | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:04:36.117870208Z 37 PC: 4e337 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:04:36.119166393Z 37 PC: 4e33f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:36.120670274Z 37 PC: 4e347 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:04:36.123492903Z 68 PC: 4ee7c | I/O control for devices (Set for = '')
2018-12-17T23:04:36.125003933Z 44 PC: 4efb3 | Get time 0x4efb3: mov word ptr [0x84], cx
0x4efb7: mov word ptr [0x86], dx
0x4efbb: retf
0x4efbc: mov di, 0x98
0x4efbf: push ds
0x4efc0: pop es
0x4efc1: mov cx, 0x243e
0x4efc4: sub cx, di
0x4efc6: shr cx, 1
0x4efc8: xor ax, ax
0x4efca: cld
0x4efcb: rep stosd dword ptr es:[di], eax
0x4efcd: ret
0x4efce: add byte ptr [bx + si], al
0x4efd0: add byte ptr [bx + si], al
0x4efd2: or al, 0x41
0x4efd4: outsb dx, byte ptr [si]
0x4efd5: je 0x4f040
0x4efd7: sub ax, 0x6956
0x4efda: jb 0x4f00a
2018-12-17T23:04:36.128196943Z 48 PC: 4eba2 | Get DOS version
2018-12-17T23:04:36.130254285Z 67 PC: 4e196 | Get or set file attributes
2018-12-17T23:04:36.143885859Z 67 PC: 4e196 | Get or set file attributes
2018-12-17T23:04:36.152178783Z 65 PC: 4eb29 | Delete file (Filename = 'Anti-Vir.Dat')
2018-12-17T23:04:36.159265852Z 67 PC: 4e196 | Get or set file attributes
2018-12-17T23:04:36.166332881Z 65 PC: 4eb29 | Delete file (Filename = 'Chklist.Ms')
2018-12-17T23:04:36.17443666Z 67 PC: 4e196 | Get or set file attributes
2018-12-17T23:04:36.18138441Z 65 PC: 4eb29 | Delete file (Filename = 'Chklist.Cps')
2018-12-17T23:04:36.189654647Z 67 PC: 4e196 | Get or set file attributes
2018-12-17T23:04:36.19675389Z 65 PC: 4eb29 | Delete file (Filename = 'Tbdriver.Exe')
2018-12-17T23:04:36.2038266Z 67 PC: 4e196 | Get or set file attributes
2018-12-17T23:04:36.212103972Z 65 PC: 4eb29 | Delete file (Filename = 'Files.Lst')
2018-12-17T23:04:36.217292285Z 41 PC: 4e27f | Parse filename
2018-12-17T23:04:36.218874473Z 41 PC: 4e28d | Parse filename
2018-12-17T23:04:36.222116878Z 75 PC: 4e298 | Execute program
2018-12-17T23:04:36.233184184Z 53 PC: 5269a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:04:36.23425593Z 53 PC: 5269a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:04:36.235755937Z 53 PC: 5269a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:04:36.236954053Z 53 PC: 5269a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:04:36.239456578Z 53 PC: 5269a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:04:36.240939892Z 53 PC: 5269a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:36.241962445Z 53 PC: 5269a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:04:36.243742794Z 53 PC: 5269a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:04:36.244683689Z 53 PC: 5269a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:04:36.245880734Z 53 PC: 5269a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:04:36.247438378Z 53 PC: 5269a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:04:36.248925925Z 53 PC: 5269a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:04:36.250670146Z 53 PC: 5269a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:04:36.251970264Z 53 PC: 5269a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:04:36.2530038Z 53 PC: 5269a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:04:36.254597549Z 53 PC: 5269a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:04:36.255634398Z 53 PC: 5269a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:04:36.257086386Z 53 PC: 5269a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:04:36.258555856Z 53 PC: 5269a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:04:36.259581818Z 37 PC: 526af | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:04:36.261582601Z 37 PC: 526b7 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:04:36.26260136Z 37 PC: 526bf | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:36.263595928Z 37 PC: 526c7 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:04:36.265455036Z 68 PC: 531fc | I/O control for devices (Set for = '')
2018-12-17T23:04:36.266691982Z 44 PC: 53333 | Get time 0x53333: mov word ptr [0x84], cx
0x53337: mov word ptr [0x86], dx
0x5333b: retf
0x5333c: mov di, 0x98
0x5333f: push ds
0x53340: pop es
0x53341: mov cx, 0x243e
0x53344: sub cx, di
0x53346: shr cx, 1
0x53348: xor ax, ax
0x5334a: cld
0x5334b: rep stosd dword ptr es:[di], eax
0x5334d: ret
0x5334e: add byte ptr [bx + si], al
0x53350: add byte ptr [bx + si], al
0x53352: or al, 0x41
0x53354: outsb dx, byte ptr [si]
0x53355: je 0x533c0
0x53357: sub ax, 0x6956
0x5335a: jb 0x5338a
2018-12-17T23:04:36.268591939Z 48 PC: 52f22 | Get DOS version
2018-12-17T23:04:36.270360496Z 67 PC: 52516 | Get or set file attributes
2018-12-17T23:04:36.27809847Z 67 PC: 52516 | Get or set file attributes
2018-12-17T23:04:36.282836733Z 65 PC: 52ea9 | Delete file (Filename = 'Anti-Vir.Dat')
2018-12-17T23:04:36.289095777Z 67 PC: 52516 | Get or set file attributes
2018-12-17T23:04:36.293427369Z 65 PC: 52ea9 | Delete file (Filename = 'Chklist.Ms')
2018-12-17T23:04:36.298417892Z 67 PC: 52516 | Get or set file attributes
2018-12-17T23:04:36.304912451Z 65 PC: 52ea9 | Delete file (Filename = 'Chklist.Cps')
2018-12-17T23:04:36.312538663Z 67 PC: 52516 | Get or set file attributes
2018-12-17T23:04:36.319034825Z 65 PC: 52ea9 | Delete file (Filename = 'Tbdriver.Exe')
2018-12-17T23:04:36.32564353Z 67 PC: 52516 | Get or set file attributes
2018-12-17T23:04:36.333203148Z 65 PC: 52ea9 | Delete file (Filename = 'Files.Lst')
2018-12-17T23:04:36.342624479Z 41 PC: 525ff | Parse filename
2018-12-17T23:04:36.344588537Z 41 PC: 5260d | Parse filename
2018-12-17T23:04:36.347597478Z 75 PC: 52618 | Execute program
2018-12-17T23:04:36.365453741Z 53 PC: 56a1a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:04:36.368138703Z 53 PC: 56a1a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:04:36.36968456Z 53 PC: 56a1a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:04:36.371355919Z 53 PC: 56a1a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:04:36.374288076Z 53 PC: 56a1a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:04:36.376193968Z 53 PC: 56a1a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:36.378240179Z 53 PC: 56a1a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:04:36.381032156Z 53 PC: 56a1a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:04:36.382908392Z 53 PC: 56a1a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:04:36.385804648Z 53 PC: 56a1a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:04:36.387737057Z 53 PC: 56a1a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:04:36.389565026Z 53 PC: 56a1a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:04:36.392488092Z 53 PC: 56a1a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:04:36.394355144Z 53 PC: 56a1a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:04:36.396183814Z 53 PC: 56a1a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:04:36.399223784Z 53 PC: 56a1a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:04:36.401563679Z 53 PC: 56a1a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:04:36.404365216Z 53 PC: 56a1a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:04:36.406678278Z 53 PC: 56a1a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:04:36.408266276Z 37 PC: 56a2f | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:04:36.410569831Z 37 PC: 56a37 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:04:36.417742917Z 37 PC: 56a3f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:36.419678089Z 37 PC: 56a47 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:04:36.422425374Z 68 PC: 5757c | I/O control for devices (Set for = '')
2018-12-17T23:04:36.426464198Z 44 PC: 576b3 | Get time 0x576b3: mov word ptr [0x84], cx
0x576b7: mov word ptr [0x86], dx
0x576bb: retf
0x576bc: mov di, 0x98
0x576bf: push ds
0x576c0: pop es
0x576c1: mov cx, 0x243e
0x576c4: sub cx, di
0x576c6: shr cx, 1
0x576c8: xor ax, ax
0x576ca: cld
0x576cb: rep stosd dword ptr es:[di], eax
0x576cd: ret
0x576ce: add byte ptr [bx + si], al
0x576d0: add byte ptr [bx + si], al
0x576d2: or al, 0x41
0x576d4: outsb dx, byte ptr [si]
0x576d5: je 0x57740
0x576d7: sub ax, 0x6956
0x576da: jb 0x5770a
2018-12-17T23:04:36.430303482Z 48 PC: 572a2 | Get DOS version
2018-12-17T23:04:36.432364058Z 67 PC: 56896 | Get or set file attributes
2018-12-17T23:04:36.444143879Z 67 PC: 56896 | Get or set file attributes
2018-12-17T23:04:36.453247047Z 65 PC: 57229 | Delete file (Filename = 'Anti-Vir.Dat')
2018-12-17T23:04:36.461510454Z 67 PC: 56896 | Get or set file attributes
2018-12-17T23:04:36.46856901Z 65 PC: 57229 | Delete file (Filename = 'Chklist.Ms')
2018-12-17T23:04:36.477076597Z 67 PC: 56896 | Get or set file attributes
2018-12-17T23:04:36.484038025Z 65 PC: 57229 | Delete file (Filename = 'Chklist.Cps')
2018-12-17T23:04:36.49260504Z 67 PC: 56896 | Get or set file attributes
2018-12-17T23:04:36.501558522Z 65 PC: 57229 | Delete file (Filename = 'Tbdriver.Exe')
2018-12-17T23:04:36.508770775Z 67 PC: 56896 | Get or set file attributes
2018-12-17T23:04:36.517382366Z 65 PC: 57229 | Delete file (Filename = 'Files.Lst')
2018-12-17T23:04:36.52516821Z 41 PC: 5697f | Parse filename
2018-12-17T23:04:36.540284061Z 41 PC: 5698d | Parse filename
2018-12-17T23:04:36.543233981Z 75 PC: 56998 | Execute program
2018-12-17T23:04:36.560997509Z 53 PC: 5ad9a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:04:36.563213054Z 53 PC: 5ad9a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:04:36.564993576Z 53 PC: 5ad9a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:04:36.566764927Z 53 PC: 5ad9a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:04:36.56951172Z 53 PC: 5ad9a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:04:36.571371487Z 53 PC: 5ad9a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:36.57349714Z 53 PC: 5ad9a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:04:36.575011055Z 53 PC: 5ad9a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:04:36.576369392Z 53 PC: 5ad9a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:04:36.578442871Z 53 PC: 5ad9a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:04:36.579905529Z 53 PC: 5ad9a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:04:36.581749851Z 53 PC: 5ad9a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:04:36.582903744Z 53 PC: 5ad9a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:04:36.58422164Z 53 PC: 5ad9a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:04:36.585743377Z 53 PC: 5ad9a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:04:36.587352665Z 53 PC: 5ad9a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:04:36.588921003Z 53 PC: 5ad9a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:04:36.59009083Z 53 PC: 5ad9a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:04:36.591149439Z 53 PC: 5ad9a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:04:36.592748943Z 37 PC: 5adaf | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:04:36.59376348Z 37 PC: 5adb7 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:04:36.595163818Z 37 PC: 5adbf | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:36.596471093Z 37 PC: 5adc7 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:04:36.597736883Z 68 PC: 5b8fc | I/O control for devices (Set for = '')
2018-12-17T23:04:36.599629121Z 44 PC: 5ba33 | Get time 0x5ba33: mov word ptr [0x84], cx
0x5ba37: mov word ptr [0x86], dx
0x5ba3b: retf
0x5ba3c: mov di, 0x98
0x5ba3f: push ds
0x5ba40: pop es
0x5ba41: mov cx, 0x243e
0x5ba44: sub cx, di
0x5ba46: shr cx, 1
0x5ba48: xor ax, ax
0x5ba4a: cld
0x5ba4b: rep stosd dword ptr es:[di], eax
0x5ba4d: ret
0x5ba4e: add byte ptr [bx + si], al
0x5ba50: add byte ptr [bx + si], al
0x5ba52: or al, 0x41
0x5ba54: outsb dx, byte ptr [si]
0x5ba55: je 0x5bac0
0x5ba57: sub ax, 0x6956
0x5ba5a: jb 0x5ba8a
2018-12-17T23:04:36.601367709Z 48 PC: 5b622 | Get DOS version
2018-12-17T23:04:36.603374288Z 67 PC: 5ac16 | Get or set file attributes
2018-12-17T23:04:36.610424693Z 67 PC: 5ac16 | Get or set file attributes
2018-12-17T23:04:36.614462983Z 65 PC: 5b5a9 | Delete file (Filename = 'Anti-Vir.Dat')
2018-12-17T23:04:36.619253567Z 67 PC: 5ac16 | Get or set file attributes
2018-12-17T23:04:36.623161943Z 65 PC: 5b5a9 | Delete file (Filename = 'Chklist.Ms')
2018-12-17T23:04:36.627586755Z 67 PC: 5ac16 | Get or set file attributes
2018-12-17T23:04:36.635406951Z 65 PC: 5b5a9 | Delete file (Filename = 'Chklist.Cps')
2018-12-17T23:04:36.645717745Z 67 PC: 5ac16 | Get or set file attributes
2018-12-17T23:04:36.659053101Z 65 PC: 5b5a9 | Delete file (Filename = 'Tbdriver.Exe')
2018-12-17T23:04:36.666142771Z 67 PC: 5ac16 | Get or set file attributes
2018-12-17T23:04:36.67319174Z 65 PC: 5b5a9 | Delete file (Filename = 'Files.Lst')
2018-12-17T23:04:36.681633831Z 41 PC: 5acff | Parse filename
2018-12-17T23:04:36.683498956Z 41 PC: 5ad0d | Parse filename
2018-12-17T23:04:36.686429807Z 75 PC: 5ad18 | Execute program
2018-12-17T23:04:36.704283325Z 53 PC: 5f11a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:04:36.706064057Z 53 PC: 5f11a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:04:36.709058809Z 53 PC: 5f11a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:04:36.710455467Z 53 PC: 5f11a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:04:36.712718986Z 53 PC: 5f11a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:04:36.714285647Z 53 PC: 5f11a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:36.715951147Z 53 PC: 5f11a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:04:36.71851865Z 53 PC: 5f11a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:04:36.720529933Z 53 PC: 5f11a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:04:36.722831519Z 53 PC: 5f11a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:04:36.724339842Z 53 PC: 5f11a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:04:36.725289052Z 53 PC: 5f11a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:04:36.727127783Z 53 PC: 5f11a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:04:36.728140122Z 53 PC: 5f11a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:04:36.729005344Z 53 PC: 5f11a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:04:36.730599616Z 53 PC: 5f11a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:04:36.731570493Z 53 PC: 5f11a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:04:36.733107837Z 53 PC: 5f11a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:04:36.734468726Z 53 PC: 5f11a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:04:36.735748974Z 37 PC: 5f12f | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:04:36.737598377Z 37 PC: 5f137 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:04:36.738906981Z 37 PC: 5f13f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:36.740214344Z 37 PC: 5f147 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:04:36.742231847Z 68 PC: 5fc7c | I/O control for devices (Set for = '')
2018-12-17T23:04:36.743574788Z 44 PC: 5fdb3 | Get time 0x5fdb3: mov word ptr [0x84], cx
0x5fdb7: mov word ptr [0x86], dx
0x5fdbb: retf
0x5fdbc: mov di, 0x98
0x5fdbf: push ds
0x5fdc0: pop es
0x5fdc1: mov cx, 0x243e
0x5fdc4: sub cx, di
0x5fdc6: shr cx, 1
0x5fdc8: xor ax, ax
0x5fdca: cld
0x5fdcb: rep stosd dword ptr es:[di], eax
0x5fdcd: ret
0x5fdce: add byte ptr [bx + si], al
0x5fdd0: add byte ptr [bx + si], al
0x5fdd2: or al, 0x41
0x5fdd4: outsb dx, byte ptr [si]
0x5fdd5: je 0x5fe40
0x5fdd7: sub ax, 0x6956
0x5fdda: jb 0x5fe0a
2018-12-17T23:04:36.749966789Z 48 PC: 5f9a2 | Get DOS version
2018-12-17T23:04:36.753219089Z 67 PC: 5ef96 | Get or set file attributes
2018-12-17T23:04:36.765971285Z 67 PC: 5ef96 | Get or set file attributes
2018-12-17T23:04:36.773607535Z 65 PC: 5f929 | Delete file (Filename = 'Anti-Vir.Dat')
2018-12-17T23:04:36.780786047Z 67 PC: 5ef96 | Get or set file attributes
2018-12-17T23:04:36.788323978Z 65 PC: 5f929 | Delete file (Filename = 'Chklist.Ms')
2018-12-17T23:04:36.795094907Z 67 PC: 5ef96 | Get or set file attributes
2018-12-17T23:04:36.807698329Z 65 PC: 5f929 | Delete file (Filename = 'Chklist.Cps')
2018-12-17T23:04:36.815148237Z 67 PC: 5ef96 | Get or set file attributes
2018-12-17T23:04:36.821932563Z 65 PC: 5f929 | Delete file (Filename = 'Tbdriver.Exe')
2018-12-17T23:04:36.829942345Z 67 PC: 5ef96 | Get or set file attributes
2018-12-17T23:04:36.836528248Z 65 PC: 5f929 | Delete file (Filename = 'Files.Lst')
2018-12-17T23:04:36.849249188Z 41 PC: 5f07f | Parse filename
2018-12-17T23:04:36.851611114Z 41 PC: 5f08d | Parse filename
2018-12-17T23:04:36.853074905Z 75 PC: 5f098 | Execute program
2018-12-17T23:04:36.874272433Z 53 PC: 6349a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:04:36.875918894Z 53 PC: 6349a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:04:36.877646051Z 53 PC: 6349a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:04:36.880376051Z 53 PC: 6349a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:04:36.882092988Z 53 PC: 6349a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:04:36.88393232Z 53 PC: 6349a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:36.886533769Z 53 PC: 6349a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:04:36.88818291Z 53 PC: 6349a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:04:36.890562081Z 53 PC: 6349a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:04:36.892104554Z 53 PC: 6349a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:04:36.893662011Z 53 PC: 6349a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:04:36.895709302Z 53 PC: 6349a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:04:36.897423904Z 53 PC: 6349a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:04:36.899526005Z 53 PC: 6349a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:04:36.900920726Z 53 PC: 6349a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:04:36.902787393Z 53 PC: 6349a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:04:36.905131655Z 53 PC: 6349a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:04:36.906695572Z 53 PC: 6349a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:04:36.90918494Z 53 PC: 6349a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:04:36.910868588Z 37 PC: 634af | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:04:36.912435795Z 37 PC: 634b7 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:04:36.91479821Z 37 PC: 634bf | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:36.916247745Z 37 PC: 634c7 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:04:36.918682678Z 68 PC: 63ffc | I/O control for devices (Set for = '')
2018-12-17T23:04:36.920738865Z 44 PC: 64133 | Get time 0x64133: mov word ptr [0x84], cx
0x64137: mov word ptr [0x86], dx
0x6413b: retf
0x6413c: mov di, 0x98
0x6413f: push ds
0x64140: pop es
0x64141: mov cx, 0x243e
0x64144: sub cx, di
0x64146: shr cx, 1
0x64148: xor ax, ax
0x6414a: cld
0x6414b: rep stosd dword ptr es:[di], eax
0x6414d: ret
0x6414e: add byte ptr [bx + si], al
0x64150: add byte ptr [bx + si], al
0x64152: or al, 0x41
0x64154: outsb dx, byte ptr [si]
0x64155: je 0x641c0
0x64157: sub ax, 0x6956
0x6415a: jb 0x6418a
2018-12-17T23:04:36.923595234Z 48 PC: 63d22 | Get DOS version
2018-12-17T23:04:36.926699676Z 67 PC: 63316 | Get or set file attributes
2018-12-17T23:04:36.93926727Z 67 PC: 63316 | Get or set file attributes
2018-12-17T23:04:36.94719334Z 65 PC: 63ca9 | Delete file (Filename = 'Anti-Vir.Dat')
2018-12-17T23:04:36.954239704Z 67 PC: 63316 | Get or set file attributes
2018-12-17T23:04:36.960998714Z 65 PC: 63ca9 | Delete file (Filename = 'Chklist.Ms')
2018-12-17T23:04:36.968459538Z 67 PC: 63316 | Get or set file attributes
2018-12-17T23:04:36.975016153Z 65 PC: 63ca9 | Delete file (Filename = 'Chklist.Cps')
2018-12-17T23:04:36.981956916Z 67 PC: 63316 | Get or set file attributes
2018-12-17T23:04:36.989913585Z 65 PC: 63ca9 | Delete file (Filename = 'Tbdriver.Exe')
2018-12-17T23:04:36.996420473Z 67 PC: 63316 | Get or set file attributes
2018-12-17T23:04:37.001169438Z 65 PC: 63ca9 | Delete file (Filename = 'Files.Lst')
2018-12-17T23:04:37.011419767Z 41 PC: 633ff | Parse filename
2018-12-17T23:04:37.013137843Z 41 PC: 6340d | Parse filename
2018-12-17T23:04:37.015582563Z 75 PC: 63418 | Execute program
2018-12-17T23:04:37.033529126Z 53 PC: 6781a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:04:37.035944186Z 53 PC: 6781a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:04:37.037306291Z 53 PC: 6781a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:04:37.038716337Z 53 PC: 6781a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:04:37.041271426Z 53 PC: 6781a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:04:37.042691545Z 53 PC: 6781a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:37.044362595Z 53 PC: 6781a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:04:37.046767449Z 53 PC: 6781a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:04:37.048155154Z 53 PC: 6781a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:04:37.050678145Z 53 PC: 6781a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:04:37.052022534Z 53 PC: 6781a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:04:37.054184263Z 53 PC: 6781a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:04:37.05702981Z 53 PC: 6781a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:04:37.058375719Z 53 PC: 6781a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:04:37.060287047Z 53 PC: 6781a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:04:37.062358395Z 53 PC: 6781a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:04:37.063904538Z 53 PC: 6781a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:04:37.066564509Z 53 PC: 6781a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:04:37.068348314Z 53 PC: 6781a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:04:37.071626493Z 37 PC: 6782f | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:04:37.07309146Z 37 PC: 67837 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:04:37.074437372Z 37 PC: 6783f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:37.076344912Z 37 PC: 67847 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:04:37.078059435Z 68 PC: 6837c | I/O control for devices (Set for = '')
2018-12-17T23:04:37.080850451Z 44 PC: 684b3 | Get time 0x684b3: mov word ptr [0x84], cx
0x684b7: mov word ptr [0x86], dx
0x684bb: retf
0x684bc: mov di, 0x98
0x684bf: push ds
0x684c0: pop es
0x684c1: mov cx, 0x243e
0x684c4: sub cx, di
0x684c6: shr cx, 1
0x684c8: xor ax, ax
0x684ca: cld
0x684cb: rep stosd dword ptr es:[di], eax
0x684cd: ret
0x684ce: add byte ptr [bx + si], al
0x684d0: add byte ptr [bx + si], al
0x684d2: or al, 0x41
0x684d4: outsb dx, byte ptr [si]
0x684d5: je 0x68540
0x684d7: sub ax, 0x6956
0x684da: jb 0x6850a
2018-12-17T23:04:37.083564645Z 48 PC: 680a2 | Get DOS version
2018-12-17T23:04:37.085557453Z 67 PC: 67696 | Get or set file attributes
2018-12-17T23:04:37.098615213Z 67 PC: 67696 | Get or set file attributes
2018-12-17T23:04:37.105253017Z 65 PC: 68029 | Delete file (Filename = 'Anti-Vir.Dat')
2018-12-17T23:04:37.114114692Z 67 PC: 67696 | Get or set file attributes
2018-12-17T23:04:37.120604549Z 65 PC: 68029 | Delete file (Filename = 'Chklist.Ms')
2018-12-17T23:04:37.127803842Z 67 PC: 67696 | Get or set file attributes
2018-12-17T23:04:37.135256099Z 65 PC: 68029 | Delete file (Filename = 'Chklist.Cps')
2018-12-17T23:04:37.143851554Z 67 PC: 67696 | Get or set file attributes
2018-12-17T23:04:37.151300514Z 65 PC: 68029 | Delete file (Filename = 'Tbdriver.Exe')
2018-12-17T23:04:37.158065146Z 67 PC: 67696 | Get or set file attributes
2018-12-17T23:04:37.165469046Z 65 PC: 68029 | Delete file (Filename = 'Files.Lst')
2018-12-17T23:04:37.173747035Z 41 PC: 6777f | Parse filename
2018-12-17T23:04:37.175778088Z 41 PC: 6778d | Parse filename
2018-12-17T23:04:37.178977709Z 75 PC: 67798 | Execute program
2018-12-17T23:04:37.203864187Z 53 PC: 6bb9a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:04:37.205488159Z 53 PC: 6bb9a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:04:37.20865217Z 53 PC: 6bb9a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:04:37.210154143Z 53 PC: 6bb9a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:04:37.21272805Z 53 PC: 6bb9a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:04:37.214230929Z 53 PC: 6bb9a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:37.215611663Z 53 PC: 6bb9a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:04:37.218682763Z 53 PC: 6bb9a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:04:37.220372882Z 53 PC: 6bb9a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:04:37.224313567Z 53 PC: 6bb9a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:04:37.225753779Z 53 PC: 6bb9a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:04:37.227161827Z 53 PC: 6bb9a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:04:37.229749533Z 53 PC: 6bb9a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:04:37.231283305Z 53 PC: 6bb9a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:04:37.237456626Z 53 PC: 6bb9a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:04:37.238953268Z 53 PC: 6bb9a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:04:37.242090084Z 53 PC: 6bb9a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:04:37.243461098Z 53 PC: 6bb9a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:04:37.244668183Z 53 PC: 6bb9a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:04:37.247755481Z 37 PC: 6bbaf | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:04:37.249353014Z 37 PC: 6bbb7 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:04:37.251812547Z 37 PC: 6bbbf | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:37.253322574Z 37 PC: 6bbc7 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:04:37.256315497Z 68 PC: 6c6fc | I/O control for devices (Set for = '')
2018-12-17T23:04:37.258895354Z 44 PC: 6c833 | Get time 0x6c833: mov word ptr [0x84], cx
0x6c837: mov word ptr [0x86], dx
0x6c83b: retf
0x6c83c: mov di, 0x98
0x6c83f: push ds
0x6c840: pop es
0x6c841: mov cx, 0x243e
0x6c844: sub cx, di
0x6c846: shr cx, 1
0x6c848: xor ax, ax
0x6c84a: cld
0x6c84b: rep stosd dword ptr es:[di], eax
0x6c84d: ret
0x6c84e: add byte ptr [bx + si], al
0x6c850: add byte ptr [bx + si], al
0x6c852: or al, 0x41
0x6c854: outsb dx, byte ptr [si]
0x6c855: je 0x6c8c0
0x6c857: sub ax, 0x6956
0x6c85a: jb 0x6c88a
2018-12-17T23:04:37.261521908Z 48 PC: 6c422 | Get DOS version
2018-12-17T23:04:37.264706259Z 67 PC: 6ba16 | Get or set file attributes
2018-12-17T23:04:37.276450904Z 67 PC: 6ba16 | Get or set file attributes
2018-12-17T23:04:37.283457724Z 65 PC: 6c3a9 | Delete file (Filename = 'Anti-Vir.Dat')
2018-12-17T23:04:37.290465125Z 67 PC: 6ba16 | Get or set file attributes
2018-12-17T23:04:37.296965934Z 65 PC: 6c3a9 | Delete file (Filename = 'Chklist.Ms')
2018-12-17T23:04:37.304905066Z 67 PC: 6ba16 | Get or set file attributes
2018-12-17T23:04:37.317041733Z 65 PC: 6c3a9 | Delete file (Filename = 'Chklist.Cps')
2018-12-17T23:04:37.325676502Z 67 PC: 6ba16 | Get or set file attributes
2018-12-17T23:04:37.332600649Z 65 PC: 6c3a9 | Delete file (Filename = 'Tbdriver.Exe')
2018-12-17T23:04:37.339688724Z 67 PC: 6ba16 | Get or set file attributes
2018-12-17T23:04:37.347775422Z 65 PC: 6c3a9 | Delete file (Filename = 'Files.Lst')
2018-12-17T23:04:37.355586926Z 41 PC: 6baff | Parse filename
2018-12-17T23:04:37.358597376Z 41 PC: 6bb0d | Parse filename
2018-12-17T23:04:37.360962741Z 75 PC: 6bb18 | Execute program
2018-12-17T23:04:37.379788085Z 53 PC: 6ff1a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:04:37.382466822Z 53 PC: 6ff1a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:04:37.383851517Z 53 PC: 6ff1a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:04:37.386210761Z 53 PC: 6ff1a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:04:37.387603817Z 53 PC: 6ff1a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:04:37.395201146Z 53 PC: 6ff1a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:37.397626418Z 53 PC: 6ff1a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:04:37.39931015Z 53 PC: 6ff1a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:04:37.402183061Z 53 PC: 6ff1a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:04:37.403678756Z 53 PC: 6ff1a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:04:37.405141979Z 53 PC: 6ff1a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:04:37.407836131Z 53 PC: 6ff1a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:04:37.409093233Z 53 PC: 6ff1a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:04:37.410789438Z 53 PC: 6ff1a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:04:37.412126767Z 53 PC: 6ff1a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:04:37.414863576Z 53 PC: 6ff1a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:04:37.416295903Z 53 PC: 6ff1a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:04:37.417681922Z 53 PC: 6ff1a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:04:37.420424828Z 53 PC: 6ff1a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:04:37.421805187Z 37 PC: 6ff2f | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:04:37.423307367Z 37 PC: 6ff37 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:04:37.425345334Z 37 PC: 6ff3f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:37.426652901Z 37 PC: 6ff47 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:04:37.42964415Z 68 PC: 70a7c | I/O control for devices (Set for = '')
2018-12-17T23:04:37.431624778Z 44 PC: 70bb3 | Get time 0x70bb3: mov word ptr [0x84], cx
0x70bb7: mov word ptr [0x86], dx
0x70bbb: retf
0x70bbc: mov di, 0x98
0x70bbf: push ds
0x70bc0: pop es
0x70bc1: mov cx, 0x243e
0x70bc4: sub cx, di
0x70bc6: shr cx, 1
0x70bc8: xor ax, ax
0x70bca: cld
0x70bcb: rep stosd dword ptr es:[di], eax
0x70bcd: ret
0x70bce: add byte ptr [bx + si], al
0x70bd0: add byte ptr [bx + si], al
0x70bd2: or al, 0x41
0x70bd4: outsb dx, byte ptr [si]
0x70bd5: je 0x70c40
0x70bd7: sub ax, 0x6956
0x70bda: jb 0x70c0a
2018-12-17T23:04:37.434829507Z 48 PC: 707a2 | Get DOS version
2018-12-17T23:04:37.43808008Z 67 PC: 6fd96 | Get or set file attributes
2018-12-17T23:04:37.449824611Z 67 PC: 6fd96 | Get or set file attributes
2018-12-17T23:04:37.457800971Z 65 PC: 70729 | Delete file (Filename = 'Anti-Vir.Dat')
2018-12-17T23:04:37.464436693Z 67 PC: 6fd96 | Get or set file attributes
2018-12-17T23:04:37.471778286Z 65 PC: 70729 | Delete file (Filename = 'Chklist.Ms')
2018-12-17T23:04:37.479564578Z 67 PC: 6fd96 | Get or set file attributes
2018-12-17T23:04:37.486350586Z 65 PC: 70729 | Delete file (Filename = 'Chklist.Cps')
2018-12-17T23:04:37.493638463Z 67 PC: 6fd96 | Get or set file attributes
2018-12-17T23:04:37.500062788Z 65 PC: 70729 | Delete file (Filename = 'Tbdriver.Exe')
2018-12-17T23:04:37.506959462Z 67 PC: 6fd96 | Get or set file attributes
2018-12-17T23:04:37.513304991Z 65 PC: 70729 | Delete file (Filename = 'Files.Lst')
2018-12-17T23:04:37.518200246Z 41 PC: 6fe7f | Parse filename
2018-12-17T23:04:37.520510969Z 41 PC: 6fe8d | Parse filename
2018-12-17T23:04:37.521540217Z 75 PC: 6fe98 | Execute program
2018-12-17T23:04:37.534656918Z 53 PC: 7429a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:04:37.535944053Z 53 PC: 7429a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:04:37.538230103Z 53 PC: 7429a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:04:37.539609266Z 53 PC: 7429a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:04:37.541083064Z 53 PC: 7429a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:04:37.542977596Z 53 PC: 7429a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:37.544166243Z 53 PC: 7429a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:04:37.545375109Z 53 PC: 7429a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:04:37.547031849Z 53 PC: 7429a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:04:37.548284859Z 53 PC: 7429a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:04:37.55022118Z 53 PC: 7429a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:04:37.551399576Z 53 PC: 7429a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:04:37.553597461Z 53 PC: 7429a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:04:37.554930607Z 53 PC: 7429a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:04:37.556234146Z 53 PC: 7429a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:04:37.558291124Z 53 PC: 7429a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:04:37.55956776Z 53 PC: 7429a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:04:37.561239499Z 53 PC: 7429a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:04:37.562693055Z 53 PC: 7429a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:04:37.56396706Z 37 PC: 742af | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:04:37.565618431Z 37 PC: 742b7 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:04:37.566879608Z 37 PC: 742bf | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:37.568757549Z 37 PC: 742c7 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:04:37.570435351Z 68 PC: 74dfc | I/O control for devices (Set for = '')
2018-12-17T23:04:37.572587073Z 44 PC: 74f33 | Get time 0x74f33: mov word ptr [0x84], cx
0x74f37: mov word ptr [0x86], dx
0x74f3b: retf
0x74f3c: mov di, 0x98
0x74f3f: push ds
0x74f40: pop es
0x74f41: mov cx, 0x243e
0x74f44: sub cx, di
0x74f46: shr cx, 1
0x74f48: xor ax, ax
0x74f4a: cld
0x74f4b: rep stosd dword ptr es:[di], eax
0x74f4d: ret
0x74f4e: add byte ptr [bx + si], al
0x74f50: add byte ptr [bx + si], al
0x74f52: or al, 0x41
0x74f54: outsb dx, byte ptr [si]
0x74f55: je 0x74fc0
0x74f57: sub ax, 0x6956
0x74f5a: jb 0x74f8a
2018-12-17T23:04:37.575133344Z 48 PC: 74b22 | Get DOS version
2018-12-17T23:04:37.576751623Z 67 PC: 74116 | Get or set file attributes
2018-12-17T23:04:37.589909193Z 67 PC: 74116 | Get or set file attributes
2018-12-17T23:04:37.596687798Z 65 PC: 74aa9 | Delete file (Filename = 'Anti-Vir.Dat')
2018-12-17T23:04:37.604554335Z 67 PC: 74116 | Get or set file attributes
2018-12-17T23:04:37.611471534Z 65 PC: 74aa9 | Delete file (Filename = 'Chklist.Ms')
2018-12-17T23:04:37.619434022Z 67 PC: 74116 | Get or set file attributes
2018-12-17T23:04:37.627136289Z 65 PC: 74aa9 | Delete file (Filename = 'Chklist.Cps')
2018-12-17T23:04:37.63430162Z 67 PC: 74116 | Get or set file attributes
2018-12-17T23:04:37.643299809Z 65 PC: 74aa9 | Delete file (Filename = 'Tbdriver.Exe')
2018-12-17T23:04:37.650123748Z 67 PC: 74116 | Get or set file attributes
2018-12-17T23:04:37.657227204Z 65 PC: 74aa9 | Delete file (Filename = 'Files.Lst')
2018-12-17T23:04:37.665222281Z 41 PC: 741ff | Parse filename
2018-12-17T23:04:37.667153539Z 41 PC: 7420d | Parse filename
2018-12-17T23:04:37.669810459Z 75 PC: 74218 | Execute program
2018-12-17T23:04:37.688581563Z 53 PC: 7861a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:04:37.691205849Z 53 PC: 7861a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:04:37.692906724Z 53 PC: 7861a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:04:37.694547123Z 53 PC: 7861a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:04:37.696849954Z 53 PC: 7861a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:04:37.698678064Z 53 PC: 7861a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:37.701662858Z 53 PC: 7861a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:04:37.703624801Z 53 PC: 7861a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:04:37.707090994Z 53 PC: 7861a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:04:37.709146279Z 53 PC: 7861a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:04:37.711158379Z 53 PC: 7861a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:04:37.714264524Z 53 PC: 7861a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:04:37.716363881Z 53 PC: 7861a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:04:37.719606984Z 53 PC: 7861a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:04:37.721549723Z 53 PC: 7861a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:04:37.72366858Z 53 PC: 7861a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:04:37.726273334Z 53 PC: 7861a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:04:37.727676472Z 53 PC: 7861a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:04:37.730133614Z 53 PC: 7861a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:04:37.731640343Z 37 PC: 7862f | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:04:37.736831348Z 37 PC: 78637 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:04:37.738212005Z 37 PC: 7863f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:37.739552288Z 37 PC: 78647 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:04:37.742593939Z 68 PC: 7917c | I/O control for devices (Set for = '')
2018-12-17T23:04:37.744531446Z 44 PC: 792b3 | Get time 0x792b3: mov word ptr [0x84], cx
0x792b7: mov word ptr [0x86], dx
0x792bb: retf
0x792bc: mov di, 0x98
0x792bf: push ds
0x792c0: pop es
0x792c1: mov cx, 0x243e
0x792c4: sub cx, di
0x792c6: shr cx, 1
0x792c8: xor ax, ax
0x792ca: cld
0x792cb: rep stosd dword ptr es:[di], eax
0x792cd: ret
0x792ce: add byte ptr [bx + si], al
0x792d0: add byte ptr [bx + si], al
0x792d2: or al, 0x41
0x792d4: outsb dx, byte ptr [si]
0x792d5: je 0x79340
0x792d7: sub ax, 0x6956
0x792da: jb 0x7930a
2018-12-17T23:04:37.748425415Z 48 PC: 78ea2 | Get DOS version
2018-12-17T23:04:37.750478173Z 67 PC: 78496 | Get or set file attributes
2018-12-17T23:04:37.762452254Z 67 PC: 78496 | Get or set file attributes
2018-12-17T23:04:37.770231005Z 65 PC: 78e29 | Delete file (Filename = 'Anti-Vir.Dat')
2018-12-17T23:04:37.778061117Z 67 PC: 78496 | Get or set file attributes
2018-12-17T23:04:37.785970728Z 65 PC: 78e29 | Delete file (Filename = 'Chklist.Ms')
2018-12-17T23:04:37.793274949Z 67 PC: 78496 | Get or set file attributes
2018-12-17T23:04:37.800240049Z 65 PC: 78e29 | Delete file (Filename = 'Chklist.Cps')
2018-12-17T23:04:37.80706144Z 67 PC: 78496 | Get or set file attributes
2018-12-17T23:04:37.813430502Z 65 PC: 78e29 | Delete file (Filename = 'Tbdriver.Exe')
2018-12-17T23:04:37.820986441Z 67 PC: 78496 | Get or set file attributes
2018-12-17T23:04:37.827527165Z 65 PC: 78e29 | Delete file (Filename = 'Files.Lst')
2018-12-17T23:04:37.836417221Z 41 PC: 7857f | Parse filename
2018-12-17T23:04:37.839463536Z 41 PC: 7858d | Parse filename
2018-12-17T23:04:37.84108417Z 75 PC: 78598 | Execute program
2018-12-17T23:04:37.858777594Z 53 PC: 7c99a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:04:37.860167194Z 53 PC: 7c99a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:04:37.862772126Z 53 PC: 7c99a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:04:37.864198747Z 53 PC: 7c99a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:04:37.866729087Z 53 PC: 7c99a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:04:37.868236975Z 53 PC: 7c99a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:37.869606472Z 53 PC: 7c99a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:04:37.873123936Z 53 PC: 7c99a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:04:37.874684097Z 53 PC: 7c99a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:04:37.878214221Z 53 PC: 7c99a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:04:37.879841017Z 53 PC: 7c99a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:04:37.882427063Z 53 PC: 7c99a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:04:37.886440879Z 53 PC: 7c99a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:04:37.887925597Z 53 PC: 7c99a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:04:37.890577827Z 53 PC: 7c99a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:04:37.892978081Z 53 PC: 7c99a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:04:37.895237572Z 53 PC: 7c99a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:04:37.897772602Z 53 PC: 7c99a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:04:37.900141914Z 53 PC: 7c99a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:04:37.90410127Z 37 PC: 7c9af | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:04:37.90548065Z 37 PC: 7c9b7 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:04:37.908171156Z 37 PC: 7c9bf | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:37.911689499Z 37 PC: 7c9c7 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:04:37.919929592Z 68 PC: 7d4fc | I/O control for devices (Set for = '')
2018-12-17T23:04:37.922897379Z 44 PC: 7d633 | Get time 0x7d633: mov word ptr [0x84], cx
0x7d637: mov word ptr [0x86], dx
0x7d63b: retf
0x7d63c: mov di, 0x98
0x7d63f: push ds
0x7d640: pop es
0x7d641: mov cx, 0x243e
0x7d644: sub cx, di
0x7d646: shr cx, 1
0x7d648: xor ax, ax
0x7d64a: cld
0x7d64b: rep stosd dword ptr es:[di], eax
0x7d64d: ret
0x7d64e: add byte ptr [bx + si], al
0x7d650: add byte ptr [bx + si], al
0x7d652: or al, 0x41
0x7d654: outsb dx, byte ptr [si]
0x7d655: je 0x7d6c0
0x7d657: sub ax, 0x6956
0x7d65a: jb 0x7d68a
2018-12-17T23:04:37.926448064Z 48 PC: 7d222 | Get DOS version
2018-12-17T23:04:37.929590911Z 67 PC: 7c816 | Get or set file attributes
2018-12-17T23:04:37.941686282Z 67 PC: 7c816 | Get or set file attributes
2018-12-17T23:04:37.949989357Z 65 PC: 7d1a9 | Delete file (Filename = 'Anti-Vir.Dat')
2018-12-17T23:04:37.954076295Z 67 PC: 7c816 | Get or set file attributes
2018-12-17T23:04:37.960874045Z 65 PC: 7d1a9 | Delete file (Filename = 'Chklist.Ms')
2018-12-17T23:04:37.968826057Z 67 PC: 7c816 | Get or set file attributes
2018-12-17T23:04:37.980757361Z 65 PC: 7d1a9 | Delete file (Filename = 'Chklist.Cps')
2018-12-17T23:04:37.995020415Z 67 PC: 7c816 | Get or set file attributes
2018-12-17T23:04:38.002146685Z 65 PC: 7d1a9 | Delete file (Filename = 'Tbdriver.Exe')
2018-12-17T23:04:38.009107407Z 67 PC: 7c816 | Get or set file attributes
2018-12-17T23:04:38.016475354Z 65 PC: 7d1a9 | Delete file (Filename = 'Files.Lst')
2018-12-17T23:04:38.024311588Z 41 PC: 7c8ff | Parse filename
2018-12-17T23:04:38.026822293Z 41 PC: 7c90d | Parse filename
2018-12-17T23:04:38.028556243Z 75 PC: 7c918 | Execute program
2018-12-17T23:04:38.049324647Z 53 PC: 80d1a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:04:38.051193464Z 53 PC: 80d1a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:04:38.053094238Z 53 PC: 80d1a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:04:38.055595828Z 53 PC: 80d1a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:04:38.058086159Z 53 PC: 80d1a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:04:38.061027862Z 53 PC: 80d1a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:38.062563885Z 53 PC: 80d1a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:04:38.065328451Z 53 PC: 80d1a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:04:38.066742184Z 53 PC: 80d1a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:04:38.068131905Z 53 PC: 80d1a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:04:38.083169697Z 53 PC: 80d1a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:04:38.084501804Z 53 PC: 80d1a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:04:38.08646588Z 53 PC: 80d1a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:04:38.087993356Z 53 PC: 80d1a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:04:38.090020637Z 53 PC: 80d1a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:04:38.092612372Z 53 PC: 80d1a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:04:38.094205755Z 53 PC: 80d1a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:04:38.097072755Z 53 PC: 80d1a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:04:38.098547641Z 53 PC: 80d1a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:04:38.101437561Z 37 PC: 80d2f | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:04:38.102859173Z 37 PC: 80d37 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:04:38.105826783Z 37 PC: 80d3f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:38.107253452Z 37 PC: 80d47 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:04:38.109071557Z 68 PC: 8187c | I/O control for devices (Set for = '')
2018-12-17T23:04:38.112681048Z 44 PC: 819b3 | Get time 0x819b3: mov word ptr [0x84], cx
0x819b7: mov word ptr [0x86], dx
0x819bb: retf
0x819bc: mov di, 0x98
0x819bf: push ds
0x819c0: pop es
0x819c1: mov cx, 0x243e
0x819c4: sub cx, di
0x819c6: shr cx, 1
0x819c8: xor ax, ax
0x819ca: cld
0x819cb: rep stosd dword ptr es:[di], eax
0x819cd: ret
0x819ce: add byte ptr [bx + si], al
0x819d0: add byte ptr [bx + si], al
0x819d2: or al, 0x41
0x819d4: outsb dx, byte ptr [si]
0x819d5: je 0x81a40
0x819d7: sub ax, 0x6956
0x819da: jb 0x81a0a
2018-12-17T23:04:38.115693596Z 48 PC: 815a2 | Get DOS version
2018-12-17T23:04:38.119165765Z 67 PC: 80b96 | Get or set file attributes
2018-12-17T23:04:38.131111501Z 67 PC: 80b96 | Get or set file attributes
2018-12-17T23:04:38.139104398Z 65 PC: 81529 | Delete file (Filename = 'Anti-Vir.Dat')
2018-12-17T23:04:38.14739059Z 67 PC: 80b96 | Get or set file attributes
2018-12-17T23:04:38.154242089Z 65 PC: 81529 | Delete file (Filename = 'Chklist.Ms')
2018-12-17T23:04:38.162611252Z 67 PC: 80b96 | Get or set file attributes
2018-12-17T23:04:38.169069397Z 65 PC: 81529 | Delete file (Filename = 'Chklist.Cps')
2018-12-17T23:04:38.176628776Z 67 PC: 80b96 | Get or set file attributes
2018-12-17T23:04:38.183084173Z 65 PC: 81529 | Delete file (Filename = 'Tbdriver.Exe')
2018-12-17T23:04:38.189985565Z 67 PC: 80b96 | Get or set file attributes
2018-12-17T23:04:38.196437242Z 65 PC: 81529 | Delete file (Filename = 'Files.Lst')
2018-12-17T23:04:38.204303489Z 41 PC: 80c7f | Parse filename
2018-12-17T23:04:38.205955385Z 41 PC: 80c8d | Parse filename
2018-12-17T23:04:38.207443317Z 75 PC: 80c98 | Execute program
2018-12-17T23:04:38.226055805Z 53 PC: 8509a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:04:38.227373311Z 53 PC: 8509a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:04:38.22929013Z 53 PC: 8509a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:04:38.230782586Z 53 PC: 8509a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:04:38.23240849Z 53 PC: 8509a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:04:38.234399826Z 53 PC: 8509a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:38.23575864Z 53 PC: 8509a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:04:38.23787256Z 53 PC: 8509a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:04:38.23925843Z 53 PC: 8509a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:04:38.241408661Z 53 PC: 8509a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:04:38.242924253Z 53 PC: 8509a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:04:38.245248336Z 53 PC: 8509a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:04:38.246671571Z 53 PC: 8509a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:04:38.247973272Z 53 PC: 8509a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:04:38.250369641Z 53 PC: 8509a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:04:38.251697833Z 53 PC: 8509a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:04:38.254625064Z 53 PC: 8509a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:04:38.2559465Z 53 PC: 8509a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:04:38.258942178Z 53 PC: 8509a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:04:38.260607581Z 37 PC: 850af | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:04:38.261979252Z 37 PC: 850b7 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:04:38.264206144Z 37 PC: 850bf | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:38.265801193Z 37 PC: 850c7 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:04:38.268592237Z 68 PC: 85bfc | I/O control for devices (Set for = '')
2018-12-17T23:04:38.270438058Z 44 PC: 85d33 | Get time 0x85d33: mov word ptr [0x84], cx
0x85d37: mov word ptr [0x86], dx
0x85d3b: retf
0x85d3c: mov di, 0x98
0x85d3f: push ds
0x85d40: pop es
0x85d41: mov cx, 0x243e
0x85d44: sub cx, di
0x85d46: shr cx, 1
0x85d48: xor ax, ax
0x85d4a: cld
0x85d4b: rep stosd dword ptr es:[di], eax
0x85d4d: ret
0x85d4e: add byte ptr [bx + si], al
0x85d50: add byte ptr [bx + si], al
0x85d52: or al, 0x41
0x85d54: outsb dx, byte ptr [si]
0x85d55: je 0x85dc0
0x85d57: sub ax, 0x6956
0x85d5a: jb 0x85d8a
2018-12-17T23:04:38.274252713Z 48 PC: 85922 | Get DOS version
2018-12-17T23:04:38.276095388Z 67 PC: 84f16 | Get or set file attributes
2018-12-17T23:04:38.289077147Z 67 PC: 84f16 | Get or set file attributes
2018-12-17T23:04:38.296622889Z 65 PC: 858a9 | Delete file (Filename = 'Anti-Vir.Dat')
2018-12-17T23:04:38.30402597Z 67 PC: 84f16 | Get or set file attributes
2018-12-17T23:04:38.31046839Z 65 PC: 858a9 | Delete file (Filename = 'Chklist.Ms')
2018-12-17T23:04:38.318356051Z 67 PC: 84f16 | Get or set file attributes
2018-12-17T23:04:38.324818452Z 65 PC: 858a9 | Delete file (Filename = 'Chklist.Cps')
2018-12-17T23:04:38.331443025Z 67 PC: 84f16 | Get or set file attributes
2018-12-17T23:04:38.338428561Z 65 PC: 858a9 | Delete file (Filename = 'Tbdriver.Exe')
2018-12-17T23:04:38.344960715Z 67 PC: 84f16 | Get or set file attributes
2018-12-17T23:04:38.351782128Z 65 PC: 858a9 | Delete file (Filename = 'Files.Lst')
2018-12-17T23:04:38.360282421Z 41 PC: 84fff | Parse filename
2018-12-17T23:04:38.363102292Z 41 PC: 8500d | Parse filename
2018-12-17T23:04:38.364841101Z 75 PC: 85018 | Execute program
2018-12-17T23:04:38.393535772Z 53 PC: 8941a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:04:38.395478129Z 53 PC: 8941a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:04:38.396778815Z 53 PC: 8941a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:04:38.399055868Z 53 PC: 8941a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:04:38.400907492Z 53 PC: 8941a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:04:38.404089628Z 53 PC: 8941a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:38.405825916Z 53 PC: 8941a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:04:38.408969977Z 53 PC: 8941a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:04:38.410447923Z 53 PC: 8941a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:04:38.414030299Z 53 PC: 8941a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:04:38.416033646Z 53 PC: 8941a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:04:38.419007161Z 53 PC: 8941a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:04:38.420837026Z 53 PC: 8941a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:04:38.422498079Z 53 PC: 8941a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:04:38.42491186Z 53 PC: 8941a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:04:38.426173656Z 53 PC: 8941a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:04:38.428456815Z 53 PC: 8941a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:04:38.429722212Z 53 PC: 8941a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:04:38.433307203Z 53 PC: 8941a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:04:38.43523585Z 37 PC: 8942f | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:04:38.437201288Z 37 PC: 89437 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:04:38.440203973Z 37 PC: 8943f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:38.442033404Z 37 PC: 89447 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:04:38.450359575Z 68 PC: 89f7c | I/O control for devices (Set for = 'NA.�>TYtb.�>TDt4.�>TIt,.�>TWt$.�>TSt.�>T1t�')
2018-12-17T23:04:38.452324769Z 44 PC: 8a0b3 | Get time 0x8a0b3: mov word ptr [0x84], cx
0x8a0b7: mov word ptr [0x86], dx
0x8a0bb: retf
0x8a0bc: mov di, 0x98
0x8a0bf: push ds
0x8a0c0: pop es
0x8a0c1: mov cx, 0x243e
0x8a0c4: sub cx, di
0x8a0c6: shr cx, 1
0x8a0c8: xor ax, ax
0x8a0ca: cld
0x8a0cb: rep stosd dword ptr es:[di], eax
0x8a0cd: ret
0x8a0ce: add byte ptr [bx + si], al
0x8a0d0: add byte ptr [bx + si], al
0x8a0d2: or al, 0x41
0x8a0d4: outsb dx, byte ptr [si]
0x8a0d5: je 0x8a140
0x8a0d7: sub ax, 0x6956
0x8a0da: jb 0x8a10a
2018-12-17T23:04:38.456125951Z 48 PC: 89ca2 | Get DOS version
2018-12-17T23:04:38.458032616Z 67 PC: 89296 | Get or set file attributes
2018-12-17T23:04:38.471134348Z 67 PC: 89296 | Get or set file attributes
2018-12-17T23:04:38.477910332Z 65 PC: 89c29 | Delete file (Filename = 'Anti-Vir.Dat')
2018-12-17T23:04:38.485960995Z 67 PC: 89296 | Get or set file attributes
2018-12-17T23:04:38.494016472Z 65 PC: 89c29 | Delete file (Filename = 'Chklist.Ms')
2018-12-17T23:04:38.500837272Z 67 PC: 89296 | Get or set file attributes
2018-12-17T23:04:38.521219209Z 65 PC: 89c29 | Delete file (Filename = 'Chklist.Cps')
2018-12-17T23:04:38.527540127Z 67 PC: 89296 | Get or set file attributes
2018-12-17T23:04:38.534336623Z 65 PC: 89c29 | Delete file (Filename = 'Tbdriver.Exe')
2018-12-17T23:04:38.540787093Z 67 PC: 89296 | Get or set file attributes
2018-12-17T23:04:38.547467809Z 65 PC: 89c29 | Delete file (Filename = 'Files.Lst')
2018-12-17T23:04:38.560356809Z 41 PC: 8937f | Parse filename
2018-12-17T23:04:38.562315078Z 41 PC: 8938d | Parse filename
2018-12-17T23:04:38.563400169Z 75 PC: 89398 | Execute program
2018-12-17T23:04:38.575684356Z 53 PC: 8d79a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:04:38.577110675Z 53 PC: 8d79a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:04:38.578873447Z 53 PC: 8d79a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:04:38.580193228Z 53 PC: 8d79a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:04:38.583172751Z 53 PC: 8d79a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:04:38.58435692Z 53 PC: 8d79a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:38.586080789Z 53 PC: 8d79a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:04:38.587285466Z 53 PC: 8d79a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:04:38.588467608Z 53 PC: 8d79a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:04:38.590325968Z 53 PC: 8d79a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:04:38.591327823Z 53 PC: 8d79a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:04:38.593034277Z 53 PC: 8d79a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:04:38.59420533Z 53 PC: 8d79a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:04:38.595861294Z 53 PC: 8d79a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:04:38.597014166Z 53 PC: 8d79a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:04:38.599353383Z 53 PC: 8d79a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:04:38.600748432Z 53 PC: 8d79a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:04:38.602686517Z 53 PC: 8d79a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:04:38.603858228Z 53 PC: 8d79a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:04:38.605836112Z 37 PC: 8d7af | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:04:38.606949853Z 37 PC: 8d7b7 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:04:38.6085176Z 37 PC: 8d7bf | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:38.609882019Z 37 PC: 8d7c7 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:04:38.611743599Z 68 PC: 8e2fc | I/O control for devices (Set for = '�')
2018-12-17T23:04:38.613516382Z 44 PC: 8e433 | Get time 0x8e433: mov word ptr [0x84], cx
0x8e437: mov word ptr [0x86], dx
0x8e43b: retf
0x8e43c: mov di, 0x98
0x8e43f: push ds
0x8e440: pop es
0x8e441: mov cx, 0x243e
0x8e444: sub cx, di
0x8e446: shr cx, 1
0x8e448: xor ax, ax
0x8e44a: cld
0x8e44b: rep stosd dword ptr es:[di], eax
0x8e44d: ret
0x8e44e: add byte ptr [bx + si], al
0x8e450: add byte ptr [bx + si], al
0x8e452: or al, 0x41
0x8e454: outsb dx, byte ptr [si]
0x8e455: je 0x8e4c0
0x8e457: sub ax, 0x6956
0x8e45a: jb 0x8e48a
2018-12-17T23:04:38.616285621Z 48 PC: 8e022 | Get DOS version
2018-12-17T23:04:38.619718308Z 67 PC: 8d616 | Get or set file attributes
2018-12-17T23:04:38.631525678Z 67 PC: 8d616 | Get or set file attributes
2018-12-17T23:04:38.639735977Z 65 PC: 8dfa9 | Delete file (Filename = 'Anti-Vir.Dat')
2018-12-17T23:04:38.64669996Z 67 PC: 8d616 | Get or set file attributes
2018-12-17T23:04:38.653127668Z 65 PC: 8dfa9 | Delete file (Filename = 'Chklist.Ms')
2018-12-17T23:04:38.657253224Z 67 PC: 8d616 | Get or set file attributes
2018-12-17T23:04:38.667263466Z 65 PC: 8dfa9 | Delete file (Filename = 'Chklist.Cps')
2018-12-17T23:04:38.674062137Z 67 PC: 8d616 | Get or set file attributes
2018-12-17T23:04:38.680507002Z 65 PC: 8dfa9 | Delete file (Filename = 'Tbdriver.Exe')
2018-12-17T23:04:38.687887639Z 67 PC: 8d616 | Get or set file attributes
2018-12-17T23:04:38.694224631Z 65 PC: 8dfa9 | Delete file (Filename = 'Files.Lst')
2018-12-17T23:04:38.705295649Z 41 PC: 8d6ff | Parse filename
2018-12-17T23:04:38.707182952Z 41 PC: 8d70d | Parse filename
2018-12-17T23:04:38.710139904Z 75 PC: 8d718 | Execute program
2018-12-17T23:04:38.730451835Z 53 PC: 91b1a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:04:38.733488243Z 53 PC: 91b1a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:04:38.735345699Z 53 PC: 91b1a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:04:38.736804154Z 53 PC: 91b1a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:04:38.738709182Z 53 PC: 91b1a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:04:38.740074871Z 53 PC: 91b1a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:38.742199404Z 53 PC: 91b1a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:04:38.743518943Z 53 PC: 91b1a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:04:38.746043111Z 53 PC: 91b1a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:04:38.747358632Z 53 PC: 91b1a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:04:38.749339337Z 53 PC: 91b1a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:04:38.75065208Z 53 PC: 91b1a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:04:38.752396391Z 53 PC: 91b1a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:04:38.754181847Z 53 PC: 91b1a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:04:38.756526261Z 53 PC: 91b1a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:04:38.759126666Z 53 PC: 91b1a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:04:38.760874898Z 53 PC: 91b1a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:04:38.76389278Z 53 PC: 91b1a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:04:38.76559754Z 53 PC: 91b1a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:04:38.768565212Z 37 PC: 91b2f | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:04:38.770185894Z 37 PC: 91b37 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:04:38.772805447Z 37 PC: 91b3f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:38.77442493Z 37 PC: 91b47 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:04:38.777317968Z 68 PC: 9267c | I/O control for devices
2018-12-17T23:04:38.779505037Z 44 PC: 927b3 | Get time 0x927b3: mov word ptr [0x84], cx
0x927b7: mov word ptr [0x86], dx
0x927bb: retf
0x927bc: mov di, 0x98
0x927bf: push ds
0x927c0: pop es
0x927c1: mov cx, 0x243e
0x927c4: sub cx, di
0x927c6: shr cx, 1
0x927c8: xor ax, ax
0x927ca: cld
0x927cb: rep stosd dword ptr es:[di], eax
0x927cd: ret
0x927ce: add byte ptr [bx + si], al
0x927d0: add byte ptr [bx + si], al
0x927d2: or al, 0x41
0x927d4: outsb dx, byte ptr [si]
0x927d5: je 0x92840
0x927d7: sub ax, 0x6956
0x927da: jb 0x9280a
2018-12-17T23:04:38.782001525Z 48 PC: 923a2 | Get DOS version
2018-12-17T23:04:38.784294739Z 67 PC: 91996 | Get or set file attributes
2018-12-17T23:04:38.79579493Z 67 PC: 91996 | Get or set file attributes
2018-12-17T23:04:38.802898211Z 65 PC: 92329 | Delete file (Filename = 'Anti-Vir.Dat')
2018-12-17T23:04:38.809532137Z 67 PC: 91996 | Get or set file attributes
2018-12-17T23:04:38.817228643Z 65 PC: 92329 | Delete file (Filename = 'Chklist.Ms')
2018-12-17T23:04:38.824143242Z 67 PC: 91996 | Get or set file attributes
2018-12-17T23:04:38.831304494Z 65 PC: 92329 | Delete file (Filename = 'Chklist.Cps')
2018-12-17T23:04:38.837946494Z 67 PC: 91996 | Get or set file attributes
2018-12-17T23:04:38.845662927Z 65 PC: 92329 | Delete file (Filename = 'Tbdriver.Exe')
2018-12-17T23:04:38.852248054Z 67 PC: 91996 | Get or set file attributes
2018-12-17T23:04:38.858540305Z 65 PC: 92329 | Delete file (Filename = 'Files.Lst')
2018-12-17T23:04:38.867325195Z 41 PC: 91a7f | Parse filename
2018-12-17T23:04:38.869315711Z 41 PC: 91a8d | Parse filename
2018-12-17T23:04:38.872469579Z 75 PC: 91a98 | Execute program
2018-12-17T23:04:38.890818657Z 53 PC: 95e9a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:04:38.892993958Z 53 PC: 95e9a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:04:38.894608562Z 53 PC: 95e9a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:04:38.897057124Z 53 PC: 95e9a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:04:38.899233632Z 53 PC: 95e9a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:04:38.901674787Z 53 PC: 95e9a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:38.903325052Z 53 PC: 95e9a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:04:38.904950568Z 53 PC: 95e9a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:04:38.907101127Z 53 PC: 95e9a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:04:38.908785899Z 53 PC: 95e9a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:04:38.911137087Z 53 PC: 95e9a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:04:38.912689513Z 53 PC: 95e9a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:04:38.915929081Z 53 PC: 95e9a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:04:38.917651864Z 53 PC: 95e9a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:04:38.92077472Z 53 PC: 95e9a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:04:38.922579774Z 53 PC: 95e9a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:04:38.925287367Z 53 PC: 95e9a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:04:38.927269368Z 53 PC: 95e9a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:04:38.929703701Z 53 PC: 95e9a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:04:38.93165377Z 37 PC: 95eaf | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:04:38.933554003Z 37 PC: 95eb7 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:04:38.936074351Z 37 PC: 95ebf | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:38.937531218Z 37 PC: 95ec7 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:04:38.941376852Z 68 PC: 969fc | I/O control for devices
2018-12-17T23:04:38.943467521Z 44 PC: 96b33 | Get time 0x96b33: mov word ptr [0x84], cx
0x96b37: mov word ptr [0x86], dx
0x96b3b: retf
0x96b3c: mov di, 0x98
0x96b3f: push ds
0x96b40: pop es
0x96b41: mov cx, 0x243e
0x96b44: sub cx, di
0x96b46: shr cx, 1
0x96b48: xor ax, ax
0x96b4a: cld
0x96b4b: rep stosd dword ptr es:[di], eax
0x96b4d: ret
0x96b4e: add byte ptr [bx + si], al
0x96b50: add byte ptr [bx + si], al
0x96b52: or al, 0x41
0x96b54: outsb dx, byte ptr [si]
0x96b55: je 0x96bc0
0x96b57: sub ax, 0x6956
0x96b5a: jb 0x96b8a
2018-12-17T23:04:38.947558855Z 48 PC: 96722 | Get DOS version
2018-12-17T23:04:38.94964669Z 67 PC: 95d16 | Get or set file attributes
2018-12-17T23:04:38.963017153Z 67 PC: 95d16 | Get or set file attributes
2018-12-17T23:04:38.970336056Z 65 PC: 966a9 | Delete file (Filename = 'Anti-Vir.Dat')
2018-12-17T23:04:38.978223487Z 67 PC: 95d16 | Get or set file attributes
2018-12-17T23:04:38.985203637Z 65 PC: 966a9 | Delete file (Filename = 'Chklist.Ms')
2018-12-17T23:04:38.992268504Z 67 PC: 95d16 | Get or set file attributes
2018-12-17T23:04:39.000188787Z 65 PC: 966a9 | Delete file (Filename = 'Chklist.Cps')
2018-12-17T23:04:39.006851076Z 67 PC: 95d16 | Get or set file attributes
2018-12-17T23:04:39.013414375Z 65 PC: 966a9 | Delete file (Filename = 'Tbdriver.Exe')
2018-12-17T23:04:39.020061335Z 67 PC: 95d16 | Get or set file attributes
2018-12-17T23:04:39.027097521Z 65 PC: 966a9 | Delete file (Filename = 'Files.Lst')
2018-12-17T23:04:39.035971259Z 41 PC: 95dff | Parse filename
2018-12-17T23:04:39.042636987Z 41 PC: 95e0d | Parse filename
2018-12-17T23:04:39.044162506Z 75 PC: 95e18 | Execute program
2018-12-17T23:04:39.06305651Z 53 PC: 9a21a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:04:39.064863202Z 53 PC: 9a21a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:04:39.067854788Z 53 PC: 9a21a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:04:39.06953036Z 53 PC: 9a21a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:04:39.071213629Z 53 PC: 9a21a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:04:39.072943147Z 53 PC: 9a21a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:39.074111539Z 53 PC: 9a21a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:04:39.076513703Z 53 PC: 9a21a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:04:39.07818366Z 53 PC: 9a21a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:04:39.081743066Z 53 PC: 9a21a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:04:39.083053448Z 53 PC: 9a21a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:04:39.084903498Z 53 PC: 9a21a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:04:39.086301647Z 53 PC: 9a21a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:04:39.088105449Z 53 PC: 9a21a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:04:39.089607921Z 53 PC: 9a21a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:04:39.091783294Z 53 PC: 9a21a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:04:39.093232904Z 53 PC: 9a21a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:04:39.094837397Z 53 PC: 9a21a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:04:39.096542757Z 53 PC: 9a21a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:04:39.098086169Z 37 PC: 9a22f | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:04:39.108348679Z 37 PC: 9a237 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:04:39.110287254Z 37 PC: 9a23f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:39.111603035Z 37 PC: 9a247 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:04:39.113274551Z 68 PC: 9ad7c | I/O control for devices
2018-12-17T23:04:39.115199785Z 44 PC: 9aeb3 | Get time 0x9aeb3: mov word ptr [0x84], cx
0x9aeb7: mov word ptr [0x86], dx
0x9aebb: retf
0x9aebc: mov di, 0x98
0x9aebf: push ds
0x9aec0: pop es
0x9aec1: mov cx, 0x243e
0x9aec4: sub cx, di
0x9aec6: shr cx, 1
0x9aec8: xor ax, ax
0x9aeca: cld
0x9aecb: rep stosd dword ptr es:[di], eax
0x9aecd: ret
0x9aece: add byte ptr [bx + si], al
0x9aed0: add byte ptr [bx + si], al
0x9aed2: or al, 0x41
0x9aed4: outsb dx, byte ptr [si]
0x9aed5: je 0x9af40
0x9aed7: sub ax, 0x6956
0x9aeda: jb 0x9af0a
2018-12-17T23:04:39.118004413Z 48 PC: 9aaa2 | Get DOS version
2018-12-17T23:04:39.120412556Z 67 PC: 9a096 | Get or set file attributes
2018-12-17T23:04:39.132590884Z 67 PC: 9a096 | Get or set file attributes
2018-12-17T23:04:39.139804052Z 65 PC: 9aa29 | Delete file (Filename = 'Anti-Vir.Dat')
2018-12-17T23:04:39.146520644Z 67 PC: 9a096 | Get or set file attributes
2018-12-17T23:04:39.153707924Z 65 PC: 9aa29 | Delete file (Filename = 'Chklist.Ms')
2018-12-17T23:04:39.160794913Z 67 PC: 9a096 | Get or set file attributes
2018-12-17T23:04:39.174880238Z 65 PC: 9aa29 | Delete file (Filename = 'Chklist.Cps')
2018-12-17T23:04:39.188108294Z 67 PC: 9a096 | Get or set file attributes
2018-12-17T23:04:39.195638814Z 65 PC: 9aa29 | Delete file (Filename = 'Tbdriver.Exe')
2018-12-17T23:04:39.203268763Z 67 PC: 9a096 | Get or set file attributes
2018-12-17T23:04:39.210936676Z 65 PC: 9aa29 | Delete file (Filename = 'Files.Lst')
2018-12-17T23:04:39.21822187Z 41 PC: 9a17f | Parse filename
2018-12-17T23:04:39.220882693Z 41 PC: 9a18d | Parse filename
2018-12-17T23:04:39.222929292Z 75 PC: 9a198 | Execute program
2018-12-17T23:04:39.240624374Z 26 PC: 9a0c7 | Set disk transfer address
2018-12-17T23:04:39.241748675Z 78 PC: 9a0d3 | Find first file
2018-12-17T23:04:39.255865643Z 26 PC: 9a0eb | Set disk transfer address
2018-12-17T23:04:39.257018933Z 79 PC: 9a0f0 | Find next file
2018-12-17T23:04:39.260566307Z 26 PC: 9a0eb | Set disk transfer address
2018-12-17T23:04:39.262498292Z 79 PC: 9a0f0 | Find next file
2018-12-17T23:04:39.266068096Z 26 PC: 9a0eb | Set disk transfer address
2018-12-17T23:04:39.267772688Z 79 PC: 9a0f0 | Find next file
2018-12-17T23:04:39.271058314Z 26 PC: 9a0eb | Set disk transfer address
2018-12-17T23:04:39.272911412Z 79 PC: 9a0f0 | Find next file
2018-12-17T23:04:39.276598128Z 26 PC: 9a0eb | Set disk transfer address
2018-12-17T23:04:39.279339602Z 79 PC: 9a0f0 | Find next file
2018-12-17T23:04:39.282898777Z 26 PC: 9a0eb | Set disk transfer address
2018-12-17T23:04:39.286635825Z 79 PC: 9a0f0 | Find next file
2018-12-17T23:04:39.290047476Z 26 PC: 9a0eb | Set disk transfer address
2018-12-17T23:04:39.291675825Z 79 PC: 9a0f0 | Find next file
2018-12-17T23:04:39.295736549Z 26 PC: 9a0eb | Set disk transfer address
2018-12-17T23:04:39.299025231Z 79 PC: 9a0f0 | Find next file
2018-12-17T23:04:39.302615107Z 26 PC: 9a0eb | Set disk transfer address
2018-12-17T23:04:39.305151223Z 79 PC: 9a0f0 | Find next file
2018-12-17T23:04:39.308668024Z 26 PC: 9a0eb | Set disk transfer address
2018-12-17T23:04:39.310650656Z 79 PC: 9a0f0 | Find next file
2018-12-17T23:04:39.313801318Z 26 PC: 9a0eb | Set disk transfer address
2018-12-17T23:04:39.315623967Z 79 PC: 9a0f0 | Find next file
2018-12-17T23:04:39.318985977Z 26 PC: 9a0eb | Set disk transfer address
2018-12-17T23:04:39.320861646Z 79 PC: 9a0f0 | Find next file
2018-12-17T23:04:39.324315997Z 26 PC: 9a0eb | Set disk transfer address
2018-12-17T23:04:39.326697987Z 79 PC: 9a0f0 | Find next file
2018-12-17T23:04:39.331239399Z 26 PC: 9a0eb | Set disk transfer address
2018-12-17T23:04:39.332888563Z 79 PC: 9a0f0 | Find next file
2018-12-17T23:04:39.335128362Z 26 PC: 9a0eb | Set disk transfer address
2018-12-17T23:04:39.337338924Z 79 PC: 9a0f0 | Find next file