Sample viewer

vx.netlux.org/Virus.DOS.Mephisto.921

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:20:08.498474155Z	26	PC: 12c2e \| Set disk transfer address
2018-12-17T22:20:08.501555777Z	67	PC: 12cd0 \| Get or set file attributes
2018-12-17T22:20:08.514627703Z	61	PC: 12cd5 \| Open file (Filename = 'c:\dos\doskey.com')
2018-12-17T22:20:08.521653583Z	67	PC: 12cd0 \| Get or set file attributes
2018-12-17T22:20:08.864580654Z	61	PC: 12cd5 \| Open file (Filename = 'c:\dos\edit.com')
2018-12-17T22:20:08.872373083Z	87	PC: 12cdd \| Get or set file date and time
2018-12-17T22:20:08.874097819Z	63	PC: 12cea \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:20:08.880602025Z	66	PC: 12cfa \| Move file pointer
2018-12-17T22:20:08.88347803Z	64	PC: 12c00 \| Write file or device (Write 921 bytes on handle 5)
2018-12-17T22:20:08.891233721Z	66	PC: 12d2a \| Move file pointer
2018-12-17T22:20:08.892902896Z	64	PC: 12d35 \| Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:20:08.899289953Z	87	PC: 12d3c \| Get or set file date and time
2018-12-17T22:20:08.900810038Z	62	PC: 12d40 \| Close file
2018-12-17T22:20:08.908049096Z	78	PC: 12c44 \| Find first file
2018-12-17T22:20:08.915253241Z	67	PC: 12cd0 \| Get or set file attributes
2018-12-17T22:20:08.931304895Z	61	PC: 12cd5 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:20:08.937839995Z	87	PC: 12cdd \| Get or set file date and time
2018-12-17T22:20:08.940347008Z	63	PC: 12cea \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:20:08.946840359Z	66	PC: 12cfa \| Move file pointer
2018-12-17T22:20:08.949145226Z	64	PC: 12c00 \| Write file or device (Write 921 bytes on handle 5)
2018-12-17T22:20:08.95929539Z	66	PC: 12d2a \| Move file pointer
2018-12-17T22:20:08.960936832Z	64	PC: 12d35 \| Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:20:08.967671303Z	87	PC: 12d3c \| Get or set file date and time
2018-12-17T22:20:08.969667095Z	62	PC: 12d40 \| Close file
2018-12-17T22:20:08.977618369Z	79	PC: 12c44 \| Find next file
2018-12-17T22:20:08.980264265Z	67	PC: 12cd0 \| Get or set file attributes
2018-12-17T22:20:08.990659354Z	61	PC: 12cd5 \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:20:08.998364377Z	87	PC: 12cdd \| Get or set file date and time
2018-12-17T22:20:09.000320111Z	63	PC: 12cea \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:20:09.007001879Z	66	PC: 12cfa \| Move file pointer
2018-12-17T22:20:09.009532947Z	87	PC: 12d3c \| Get or set file date and time
2018-12-17T22:20:09.011252702Z	62	PC: 12d40 \| Close file
2018-12-17T22:20:09.018835272Z	79	PC: 12c44 \| Find next file
2018-12-17T22:20:09.022812685Z	67	PC: 12cd0 \| Get or set file attributes
2018-12-17T22:20:09.032665225Z	61	PC: 12cd5 \| Open file (Filename = 'HELLO.COM')
2018-12-17T22:20:09.039601025Z	87	PC: 12cdd \| Get or set file date and time
2018-12-17T22:20:09.041878376Z	63	PC: 12cea \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:20:09.048213576Z	66	PC: 12cfa \| Move file pointer
2018-12-17T22:20:09.049495299Z	87	PC: 12d3c \| Get or set file date and time
2018-12-17T22:20:09.051495516Z	62	PC: 12d40 \| Close file
2018-12-17T22:20:09.058493186Z	79	PC: 12c44 \| Find next file
2018-12-17T22:20:09.061000648Z	67	PC: 12cd0 \| Get or set file attributes
2018-12-17T22:20:09.071230892Z	61	PC: 12cd5 \| Open file (Filename = 'PHANG.COM')
2018-12-17T22:20:09.077911838Z	87	PC: 12cdd \| Get or set file date and time
2018-12-17T22:20:09.079326916Z	63	PC: 12cea \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:20:09.086669276Z	66	PC: 12cfa \| Move file pointer
2018-12-17T22:20:09.088023259Z	87	PC: 12d3c \| Get or set file date and time
2018-12-17T22:20:09.089372495Z	62	PC: 12d40 \| Close file
2018-12-17T22:20:09.103096144Z	79	PC: 12c44 \| Find next file
2018-12-17T22:20:09.106604368Z	67	PC: 12cd0 \| Get or set file attributes
2018-12-17T22:20:09.116309842Z	61	PC: 12cd5 \| Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:20:09.123394605Z	87	PC: 12cdd \| Get or set file date and time
2018-12-17T22:20:09.125789279Z	63	PC: 12cea \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:20:09.132317196Z	66	PC: 12cfa \| Move file pointer
2018-12-17T22:20:09.134051174Z	87	PC: 12d3c \| Get or set file date and time
2018-12-17T22:20:09.136100864Z	62	PC: 12d40 \| Close file
2018-12-17T22:20:09.143236734Z	79	PC: 12c44 \| Find next file
2018-12-17T22:20:09.146355452Z	67	PC: 12cd0 \| Get or set file attributes
2018-12-17T22:20:09.160418261Z	61	PC: 12cd5 \| Open file (Filename = 'MANDEL.COM')
2018-12-17T22:20:09.167224088Z	87	PC: 12cdd \| Get or set file date and time
2018-12-17T22:20:09.168978498Z	63	PC: 12cea \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:20:09.176503092Z	66	PC: 12cfa \| Move file pointer
2018-12-17T22:20:09.178790774Z	64	PC: 12c00 \| Write file or device (Write 921 bytes on handle 5)
2018-12-17T22:20:09.188053727Z	66	PC: 12d2a \| Move file pointer
2018-12-17T22:20:09.190540028Z	64	PC: 12d35 \| Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:20:09.197321857Z	87	PC: 12d3c \| Get or set file date and time
2018-12-17T22:20:09.199115285Z	62	PC: 12d40 \| Close file
2018-12-17T22:20:09.207839687Z	79	PC: 12c44 \| Find next file
2018-12-17T22:20:09.210505816Z	67	PC: 12cd0 \| Get or set file attributes
2018-12-17T22:20:09.220119723Z	61	PC: 12cd5 \| Open file (Filename = 'PAH.COM')
2018-12-17T22:20:09.228572777Z	87	PC: 12cdd \| Get or set file date and time
2018-12-17T22:20:09.230190474Z	63	PC: 12cea \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:20:09.236889044Z	66	PC: 12cfa \| Move file pointer
2018-12-17T22:20:09.23945439Z	87	PC: 12d3c \| Get or set file date and time
2018-12-17T22:20:09.241738429Z	62	PC: 12d40 \| Close file
2018-12-17T22:20:09.249063414Z	79	PC: 12c44 \| Find next file
2018-12-17T22:20:09.252688766Z	67	PC: 12cd0 \| Get or set file attributes
2018-12-17T22:20:09.262896097Z	61	PC: 12cd5 \| Open file (Filename = 'TEST.COM')
2018-12-17T22:20:09.269665179Z	87	PC: 12cdd \| Get or set file date and time
2018-12-17T22:20:09.271520853Z	63	PC: 12cea \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:20:09.278847532Z	87	PC: 12d3c \| Get or set file date and time
2018-12-17T22:20:09.280576043Z	62	PC: 12d40 \| Close file
2018-12-17T22:20:09.287792817Z	79	PC: 12c44 \| Find next file
2018-12-17T22:20:09.29135076Z	44	PC: 12c56 \| Get time 0x12c56: cmp dl, 1 0x12c59: ja 0x12c63 0x12c5b: cmp dh, 0x10 0x12c5e: ja 0x12c63 0x12c60: call 0x12c6b 0x12c63: mov dx, 0x80 0x12c66: mov ah, 0x1a 0x12c68: int 0x21 0x12c6a: ret 0x12c6b: lea bx, word ptr [bp + 0x499] 0x12c6f: mov cx, 1 0x12c72: mov dx, 0x80 0x12c75: mov ax, 0x201 0x12c78: int 0x13 0x12c7a: jb 0x12c6a 0x12c7c: mov ax, 0x301 0x12c7f: mov dx, 0x80 0x12c82: mov cx, 2 0x12c85: lea bx, word ptr [bp + 0x499] 0x12c89: int 0x13
2018-12-17T22:20:09.294327333Z	26	PC: 12c6a \| Set disk transfer address
2018-12-17T22:20:09.295655707Z	74	PC: 12a54 \| Reallocate memory
2018-12-17T22:20:09.29808198Z	48	PC: 12ab6 \| Get DOS version
2018-12-17T22:20:09.29946198Z	75	PC: 12af4 \| Execute program
2018-12-17T22:20:09.305846651Z	75	PC: 12af4 \| Execute program
2018-12-17T22:20:09.31261925Z	75	PC: 12af4 \| Execute program
2018-12-17T22:20:09.411994402Z	48	PC: 38dc4 \| Get DOS version
2018-12-17T22:20:09.413394022Z	74	PC: 38e14 \| Reallocate memory
2018-12-17T22:20:09.416498803Z	48	PC: 38e78 \| Get DOS version
2018-12-17T22:20:09.417855025Z	53	PC: 38e80 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:20:09.419398308Z	37	PC: 38e92 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:20:09.421508961Z	53	PC: 3fb7f \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:20:09.422896774Z	53	PC: 3fb7f \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:20:09.424671606Z	53	PC: 3fb7f \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:20:09.427068475Z	53	PC: 3fb7f \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:20:09.429240588Z	53	PC: 3fb7f \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:20:09.430535985Z	53	PC: 3fb7f \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:20:09.432574413Z	53	PC: 3fb7f \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:20:09.433887729Z	53	PC: 3fb7f \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:20:09.435168817Z	53	PC: 3fb7f \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:20:09.437322221Z	53	PC: 3fb7f \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:20:09.438592673Z	53	PC: 3fb7f \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:20:09.439844519Z	37	PC: 3fbae \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:20:09.44204797Z	37	PC: 3fbae \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:20:09.44326387Z	37	PC: 3fbae \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:20:09.444463594Z	37	PC: 3fbae \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:20:09.446663378Z	37	PC: 3fbae \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:20:09.448070309Z	37	PC: 3fbae \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:20:09.449446889Z	37	PC: 3fbae \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:20:09.451115352Z	37	PC: 3fbae \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:20:09.453309029Z	37	PC: 3fbb5 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:20:09.454507584Z	37	PC: 3fbba \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:20:09.455941533Z	68	PC: 38f23 \| I/O control for devices (Set for = '�r��R')
2018-12-17T22:20:09.458442715Z	68	PC: 38f23 \| I/O control for devices (Set for = '@�')
2018-12-17T22:20:09.459923676Z	68	PC: 38f23 \| I/O control for devices (Set for = 'B�N;�tC��vb�F u\� �W� �� ')
2018-12-17T22:20:09.461357157Z	68	PC: 38f23 \| I/O control for devices (Set for = '� �W� �� ')
2018-12-17T22:20:09.464204035Z	68	PC: 38f23 \| I/O control for devices (Set for = '� �W� �� ')
2018-12-17T22:20:09.466668771Z	53	PC: 29eb3 \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:20:09.468069224Z	37	PC: 29ec5 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:20:09.469731876Z	53	PC: 2f8fe \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:20:09.470685339Z	53	PC: 2f90b \| Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:20:09.471529255Z	53	PC: 2f918 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:20:09.473218875Z	37	PC: 2f92d \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:20:09.474205208Z	37	PC: 2f935 \| Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:20:09.475148869Z	37	PC: 2f93d \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:20:09.476497573Z	53	PC: 33660 \| Get interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:20:09.477440535Z	53	PC: 3366d \| Get interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:20:09.478373849Z	53	PC: 3367c \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:20:09.47986752Z	37	PC: 33689 \| Set interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:20:09.480852451Z	53	PC: 33690 \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:20:09.481820537Z	37	PC: 3369d \| Set interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:20:09.48323038Z	53	PC: 336a9 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:20:09.489314613Z	48	PC: 3376e \| Get DOS version
2018-12-17T22:20:09.490645942Z	74	PC: 3441b \| Reallocate memory
2018-12-17T22:20:09.492369305Z	74	PC: 3441b \| Reallocate memory
2018-12-17T22:20:09.493757495Z	68	PC: 33575 \| I/O control for devices (Set for = 'pt��n~�:4* P')
2018-12-17T22:20:09.495064542Z	68	PC: 33575 \| I/O control for devices (Set for = '')
2018-12-17T22:20:09.496657632Z	51	PC: 33593 \| Get or set Ctrl-Break
2018-12-17T22:20:09.497475219Z	51	PC: 3359f \| Get or set Ctrl-Break
2018-12-17T22:20:09.498647624Z	72	PC: 33bd6 \| Allocate memory
2018-12-17T22:20:09.500956097Z	74	PC: 3441b \| Reallocate memory
2018-12-17T22:20:09.502264667Z	72	PC: 33bd6 \| Allocate memory
2018-12-17T22:20:09.504377952Z	37	PC: 2ef81 \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:20:09.514621808Z	48	PC: 23cef \| Get DOS version
2018-12-17T22:20:09.515878328Z	61	PC: 23afc \| Open file (Filename = 'C:\DOS\qbasic.ini')
2018-12-17T22:20:09.522851617Z	63	PC: 23afc \| Read file or device (Read 120 bytes on handle 5)
2018-12-17T22:20:09.529102321Z	63	PC: 23afc \| Read file or device (Read 2 bytes on handle 5)
2018-12-17T22:20:09.531524056Z	63	PC: 23afc \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T22:20:09.534807818Z	63	PC: 23afc \| Read file or device (Read 2 bytes on handle 5)
2018-12-17T22:20:09.537516868Z	63	PC: 23afc \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T22:20:09.540321754Z	63	PC: 23afc \| Read file or device (Read 2 bytes on handle 5)
2018-12-17T22:20:09.544064196Z	63	PC: 23afc \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T22:20:09.546904682Z	63	PC: 23afc \| Read file or device (Read 2 bytes on handle 5)
2018-12-17T22:20:09.549695969Z	63	PC: 23afc \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T22:20:09.553611135Z	62	PC: 23afc \| Close file
2018-12-17T22:20:09.555768565Z	53	PC: 2f20a \| Get interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:20:09.55739042Z	37	PC: 2f217 \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:20:09.563074598Z	53	PC: 4c438 \| Get interrupt vector (Interrupt = '16' AKA 'Close file')
2018-12-17T22:20:09.565278228Z	37	PC: 4c444 \| Set interrupt vector (Interrupt = '16' AKA 'Close file')
2018-12-17T22:20:09.57078503Z	53	PC: 41eb5 \| Get interrupt vector (Interrupt = '51' AKA 'Get or set Ctrl-Break')
2018-12-17T22:20:09.57924712Z	37	PC: 2ef81 \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:20:09.581571859Z	53	PC: 2f20a \| Get interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:20:09.583111699Z	37	PC: 2f217 \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:20:09.586821798Z	53	PC: 41eb5 \| Get interrupt vector (Interrupt = '51' AKA 'Get or set Ctrl-Break')
2018-12-17T22:20:09.588794822Z	53	PC: 4cd29 \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:20:09.590192705Z	37	PC: 4cd3c \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:20:09.593812876Z	53	PC: 4cd29 \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:20:09.595109328Z	37	PC: 4cd3c \| Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:20:09.596221257Z	53	PC: 4cd29 \| Get interrupt vector (Interrupt = '22' AKA 'Create or truncate file')
2018-12-17T22:20:09.599476038Z	37	PC: 4cd3c \| Set interrupt vector (Interrupt = '22' AKA 'Create or truncate file')
2018-12-17T22:20:09.601010275Z	53	PC: 4cd29 \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:20:09.602691454Z	37	PC: 4cd3c \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:20:09.605960589Z	48	PC: 4ccea \| Get DOS version
2018-12-17T22:20:09.607914014Z	53	PC: 4cd08 \| Get interrupt vector (Interrupt = '21' AKA 'Sequential write')
2018-12-17T22:20:09.609498409Z	37	PC: 4cd1d \| Set interrupt vector (Interrupt = '21' AKA 'Sequential write')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":17,"TimeBased":true,"OriginalID":3486,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:49:18.740248526Z	26	PC: 12c2e \| Set disk transfer address
2018-12-25T11:49:18.741644453Z	67	PC: 12cd0 \| Get or set file attributes
2018-12-25T11:49:18.750863589Z	61	PC: 12cd5 \| Open file (Filename = 'c:\dos\doskey.com')
2018-12-25T11:49:18.757294296Z	67	PC: 12cd0 \| Get or set file attributes (See above)
2018-12-25T11:49:19.428876072Z	61	PC: 12cd5 \| Open file (See above)
2018-12-25T11:49:19.436098044Z	87	PC: 12cdd \| Get or set file date and time
2018-12-25T11:49:19.437814494Z	63	PC: 12cea \| Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:49:19.450368624Z	66	PC: 12cfa \| Move file pointer
2018-12-25T11:49:19.452402766Z	64	PC: 12c00 \| Write file or device (Write 921 bytes on handle 5)
2018-12-25T11:49:19.460734192Z	66	PC: 12d2a \| Move file pointer
2018-12-25T11:49:19.462974836Z	64	PC: 12d35 \| Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:49:19.469851496Z	87	PC: 12d3c \| Get or set file date and time
2018-12-25T11:49:19.471289488Z	62	PC: 12d40 \| Close file
2018-12-25T11:49:19.478323677Z	78	PC: 12c44 \| Find first file
2018-12-25T11:49:19.490853762Z	67	PC: 12cd0 \| Get or set file attributes (See above)
2018-12-25T11:49:19.506938773Z	61	PC: 12cd5 \| Open file (See above)
2018-12-25T11:49:19.513891491Z	87	PC: 12cdd \| Get or set file date and time (See above)
2018-12-25T11:49:19.516419645Z	63	PC: 12cea \| Read file or device (See above)
2018-12-25T11:49:19.522825076Z	66	PC: 12cfa \| Move file pointer (See above)
2018-12-25T11:49:19.527767196Z	64	PC: 12c00 \| Write file or device (See above)
2018-12-25T11:49:19.538477713Z	66	PC: 12d2a \| Move file pointer (See above)
2018-12-25T11:49:19.54184711Z	64	PC: 12d35 \| Write file or device (See above)
2018-12-25T11:49:19.553062283Z	87	PC: 12d3c \| Get or set file date and time (See above)
2018-12-25T11:49:19.559541505Z	62	PC: 12d40 \| Close file (See above)
2018-12-25T11:49:19.567573794Z	79	PC: 12c44 \| Find next file (See above)
2018-12-25T11:49:19.570198699Z	67	PC: 12cd0 \| Get or set file attributes (See above)
2018-12-25T11:49:19.580397068Z	61	PC: 12cd5 \| Open file (See above)
2018-12-25T11:49:19.587072058Z	87	PC: 12cdd \| Get or set file date and time (See above)
2018-12-25T11:49:19.588342956Z	63	PC: 12cea \| Read file or device (See above)
2018-12-25T11:49:19.59547876Z	66	PC: 12cfa \| Move file pointer (See above)
2018-12-25T11:49:19.596929292Z	87	PC: 12d3c \| Get or set file date and time (See above)
2018-12-25T11:49:19.598417329Z	62	PC: 12d40 \| Close file (See above)
2018-12-25T11:49:19.60661535Z	79	PC: 12c44 \| Find next file (See above)
2018-12-25T11:49:19.609456272Z	67	PC: 12cd0 \| Get or set file attributes (See above)
2018-12-25T11:49:19.619058611Z	61	PC: 12cd5 \| Open file (See above)
2018-12-25T11:49:19.625588778Z	87	PC: 12cdd \| Get or set file date and time (See above)
2018-12-25T11:49:19.627257608Z	63	PC: 12cea \| Read file or device (See above)
2018-12-25T11:49:19.63334686Z	66	PC: 12cfa \| Move file pointer (See above)
2018-12-25T11:49:19.635077633Z	87	PC: 12d3c \| Get or set file date and time (See above)
2018-12-25T11:49:19.637582646Z	62	PC: 12d40 \| Close file (See above)
2018-12-25T11:49:19.644420464Z	79	PC: 12c44 \| Find next file (See above)
2018-12-25T11:49:19.64693819Z	67	PC: 12cd0 \| Get or set file attributes (See above)
2018-12-25T11:49:19.663565173Z	61	PC: 12cd5 \| Open file (See above)
2018-12-25T11:49:19.669918425Z	87	PC: 12cdd \| Get or set file date and time (See above)
2018-12-25T11:49:19.671200074Z	63	PC: 12cea \| Read file or device (See above)
2018-12-25T11:49:19.678120743Z	66	PC: 12cfa \| Move file pointer (See above)
2018-12-25T11:49:19.679837494Z	87	PC: 12d3c \| Get or set file date and time (See above)
2018-12-25T11:49:19.681593148Z	62	PC: 12d40 \| Close file (See above)
2018-12-25T11:49:19.689223754Z	79	PC: 12c44 \| Find next file (See above)
2018-12-25T11:49:19.691654139Z	67	PC: 12cd0 \| Get or set file attributes (See above)
2018-12-25T11:49:19.701342395Z	61	PC: 12cd5 \| Open file (See above)
2018-12-25T11:49:19.709181743Z	87	PC: 12cdd \| Get or set file date and time (See above)
2018-12-25T11:49:19.710434955Z	63	PC: 12cea \| Read file or device (See above)
2018-12-25T11:49:19.71643436Z	66	PC: 12cfa \| Move file pointer (See above)
2018-12-25T11:49:19.718367045Z	87	PC: 12d3c \| Get or set file date and time (See above)
2018-12-25T11:49:19.71973354Z	62	PC: 12d40 \| Close file (See above)
2018-12-25T11:49:19.729425667Z	79	PC: 12c44 \| Find next file (See above)
2018-12-25T11:49:19.732638646Z	67	PC: 12cd0 \| Get or set file attributes (See above)
2018-12-25T11:49:19.742091513Z	61	PC: 12cd5 \| Open file (See above)
2018-12-25T11:49:19.748374625Z	87	PC: 12cdd \| Get or set file date and time (See above)
2018-12-25T11:49:19.750150649Z	63	PC: 12cea \| Read file or device (See above)
2018-12-25T11:49:19.756272022Z	66	PC: 12cfa \| Move file pointer (See above)
2018-12-25T11:49:19.758222204Z	64	PC: 12c00 \| Write file or device (See above)
2018-12-25T11:49:19.767861369Z	66	PC: 12d2a \| Move file pointer (See above)
2018-12-25T11:49:19.769154271Z	64	PC: 12d35 \| Write file or device (See above)
2018-12-25T11:49:19.7753767Z	87	PC: 12d3c \| Get or set file date and time (See above)
2018-12-25T11:49:19.777322424Z	62	PC: 12d40 \| Close file (See above)
2018-12-25T11:49:19.784944475Z	79	PC: 12c44 \| Find next file (See above)
2018-12-25T11:49:19.787378846Z	67	PC: 12cd0 \| Get or set file attributes (See above)
2018-12-25T11:49:19.79759463Z	61	PC: 12cd5 \| Open file (See above)
2018-12-25T11:49:19.805329266Z	87	PC: 12cdd \| Get or set file date and time (See above)
2018-12-25T11:49:19.806936748Z	63	PC: 12cea \| Read file or device (See above)
2018-12-25T11:49:19.813994856Z	66	PC: 12cfa \| Move file pointer (See above)
2018-12-25T11:49:19.815311518Z	87	PC: 12d3c \| Get or set file date and time (See above)
2018-12-25T11:49:19.816746788Z	62	PC: 12d40 \| Close file (See above)
2018-12-25T11:49:19.824053973Z	79	PC: 12c44 \| Find next file (See above)
2018-12-25T11:49:19.826759001Z	67	PC: 12cd0 \| Get or set file attributes (See above)
2018-12-25T11:49:19.837098342Z	61	PC: 12cd5 \| Open file (See above)
2018-12-25T11:49:19.84493117Z	87	PC: 12cdd \| Get or set file date and time (See above)
2018-12-25T11:49:19.846735706Z	63	PC: 12cea \| Read file or device (See above)
2018-12-25T11:49:19.853249411Z	87	PC: 12d3c \| Get or set file date and time (See above)
2018-12-25T11:49:19.855704609Z	62	PC: 12d40 \| Close file (See above)
2018-12-25T11:49:19.863642416Z	79	PC: 12c44 \| Find next file (See above)
2018-12-25T11:49:19.866257717Z	44	PC: 12c56 \| Get time 0x12c56: cmp dl, 1 0x12c59: ja 0x12c63 0x12c5b: cmp dh, 0x10 0x12c5e: ja 0x12c63 0x12c60: call 0x12c6b 0x12c63: mov dx, 0x80 0x12c66: mov ah, 0x1a 0x12c68: int 0x21 0x12c6a: ret 0x12c6b: lea bx, word ptr [bp + 0x499] 0x12c6f: mov cx, 1 0x12c72: mov dx, 0x80 0x12c75: mov ax, 0x201 0x12c78: int 0x13 0x12c7a: jb 0x12c6a 0x12c7c: mov ax, 0x301 0x12c7f: mov dx, 0x80 0x12c82: mov cx, 2 0x12c85: lea bx, word ptr [bp + 0x499] 0x12c89: int 0x13
2018-12-25T11:49:19.868800814Z	26	PC: 12c6a \| Set disk transfer address
2018-12-25T11:49:19.870828793Z	74	PC: 12a54 \| Reallocate memory
2018-12-25T11:49:19.872268473Z	48	PC: 12ab6 \| Get DOS version
2018-12-25T11:49:19.873581564Z	75	PC: 12af4 \| Execute program
2018-12-25T11:49:19.880192791Z	75	PC: 12af4 \| Execute program (See above)
2018-12-25T11:49:19.886367853Z	75	PC: 12af4 \| Execute program (See above)
2018-12-25T11:49:19.987639006Z	48	PC: 38dc4 \| Get DOS version
2018-12-25T11:49:19.989848241Z	74	PC: 38e14 \| Reallocate memory
2018-12-25T11:49:19.991660252Z	48	PC: 38e78 \| Get DOS version
2018-12-25T11:49:19.992638478Z	53	PC: 38e80 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T11:49:19.994211576Z	37	PC: 38e92 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T11:49:19.995209969Z	53	PC: 3fb7f \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-25T11:49:19.996196147Z	53	PC: 3fb7f \| Get interrupt vector (See above)
2018-12-25T11:49:19.997859474Z	53	PC: 3fb7f \| Get interrupt vector (See above)
2018-12-25T11:49:19.99916457Z	53	PC: 3fb7f \| Get interrupt vector (See above)
2018-12-25T11:49:20.000539511Z	53	PC: 3fb7f \| Get interrupt vector (See above)
2018-12-25T11:49:20.003167085Z	53	PC: 3fb7f \| Get interrupt vector (See above)
2018-12-25T11:49:20.004488305Z	53	PC: 3fb7f \| Get interrupt vector (See above)
2018-12-25T11:49:20.00578245Z	53	PC: 3fb7f \| Get interrupt vector (See above)
2018-12-25T11:49:20.007994071Z	53	PC: 3fb7f \| Get interrupt vector (See above)
2018-12-25T11:49:20.009285852Z	53	PC: 3fb7f \| Get interrupt vector (See above)
2018-12-25T11:49:20.010561182Z	53	PC: 3fb7f \| Get interrupt vector (See above)
2018-12-25T11:49:20.012764437Z	37	PC: 3fbae \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-25T11:49:20.014007005Z	37	PC: 3fbae \| Set interrupt vector (See above)
2018-12-25T11:49:20.0152324Z	37	PC: 3fbae \| Set interrupt vector (See above)
2018-12-25T11:49:20.017681092Z	37	PC: 3fbae \| Set interrupt vector (See above)
2018-12-25T11:49:20.018783444Z	37	PC: 3fbae \| Set interrupt vector (See above)
2018-12-25T11:49:20.019756726Z	37	PC: 3fbae \| Set interrupt vector (See above)
2018-12-25T11:49:20.02133199Z	37	PC: 3fbae \| Set interrupt vector (See above)
2018-12-25T11:49:20.022515979Z	37	PC: 3fbae \| Set interrupt vector (See above)
2018-12-25T11:49:20.023764323Z	37	PC: 3fbb5 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-25T11:49:20.025374238Z	37	PC: 3fbba \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-25T11:49:20.026653883Z	68	PC: 38f23 \| I/O control for devices (Set for = '�r��R')
2018-12-25T11:49:20.027831833Z	68	PC: 38f23 \| I/O control for devices (See above)
2018-12-25T11:49:20.029470208Z	68	PC: 38f23 \| I/O control for devices (See above)
2018-12-25T11:49:20.030997918Z	68	PC: 38f23 \| I/O control for devices (See above)
2018-12-25T11:49:20.032456998Z	68	PC: 38f23 \| I/O control for devices (See above)
2018-12-25T11:49:20.035185895Z	53	PC: 29eb3 \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-25T11:49:20.036193464Z	37	PC: 29ec5 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-25T11:49:20.054187659Z	53	PC: 2f8fe \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T11:49:20.05605815Z	53	PC: 2f90b \| Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-25T11:49:20.057295733Z	53	PC: 2f918 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:49:20.058298537Z	37	PC: 2f92d \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T11:49:20.059812686Z	37	PC: 2f935 \| Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-25T11:49:20.06087671Z	37	PC: 2f93d \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:49:20.061861712Z	53	PC: 33660 \| Get interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-25T11:49:20.063695925Z	53	PC: 3366d \| Get interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-25T11:49:20.064811874Z	53	PC: 3367c \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T11:49:20.065659186Z	37	PC: 33689 \| Set interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-25T11:49:20.067134535Z	53	PC: 33690 \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T11:49:20.068082535Z	37	PC: 3369d \| Set interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-25T11:49:20.068983912Z	53	PC: 336a9 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T11:49:20.075294163Z	48	PC: 3376e \| Get DOS version
2018-12-25T11:49:20.076515069Z	74	PC: 3441b \| Reallocate memory
2018-12-25T11:49:20.077810894Z	74	PC: 3441b \| Reallocate memory (See above)
2018-12-25T11:49:20.079607639Z	68	PC: 33575 \| I/O control for devices (Set for = 'pt��n~�:4* P')
2018-12-25T11:49:20.080878512Z	68	PC: 33575 \| I/O control for devices (See above)
2018-12-25T11:49:20.081988132Z	51	PC: 33593 \| Get or set Ctrl-Break
2018-12-25T11:49:20.08310042Z	51	PC: 3359f \| Get or set Ctrl-Break
2018-12-25T11:49:20.083998119Z	72	PC: 33bd6 \| Allocate memory
2018-12-25T11:49:20.086034129Z	74	PC: 3441b \| Reallocate memory (See above)
2018-12-25T11:49:20.087736024Z	72	PC: 33bd6 \| Allocate memory (See above)
2018-12-25T11:49:20.089112232Z	37	PC: 2ef81 \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T11:49:20.099065108Z	48	PC: 23cef \| Get DOS version
2018-12-25T11:49:20.100695881Z	61	PC: 23afc \| Open file (Filename = 'C:\DOS\qbasic.ini')
2018-12-25T11:49:20.107257216Z	63	PC: 23afc \| Read file or device (See above)
2018-12-25T11:49:20.112868926Z	63	PC: 23afc \| Read file or device (See above)
2018-12-25T11:49:20.115514604Z	63	PC: 23afc \| Read file or device (See above)
2018-12-25T11:49:20.117749203Z	63	PC: 23afc \| Read file or device (See above)
2018-12-25T11:49:20.120024063Z	63	PC: 23afc \| Read file or device (See above)
2018-12-25T11:49:20.123021173Z	63	PC: 23afc \| Read file or device (See above)
2018-12-25T11:49:20.125495962Z	63	PC: 23afc \| Read file or device (See above)
2018-12-25T11:49:20.127731977Z	63	PC: 23afc \| Read file or device (See above)
2018-12-25T11:49:20.130360207Z	63	PC: 23afc \| Read file or device (See above)
2018-12-25T11:49:20.132577484Z	62	PC: 23afc \| Close file (See above)
2018-12-25T11:49:20.133988094Z	53	PC: 2f20a \| Get interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-25T11:49:20.135359154Z	37	PC: 2f217 \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T11:49:20.139091732Z	53	PC: 4c438 \| Get interrupt vector (Interrupt = '16' AKA 'Close file')
2018-12-25T11:49:20.140085208Z	37	PC: 4c444 \| Set interrupt vector (Interrupt = '16' AKA 'Close file')
2018-12-25T11:49:20.146826571Z	53	PC: 41eb5 \| Get interrupt vector (Interrupt = '51' AKA 'Get or set Ctrl-Break')
2018-12-25T11:49:20.152495411Z	37	PC: 2ef81 \| Set interrupt vector (See above)
2018-12-25T11:49:20.154497933Z	53	PC: 2f20a \| Get interrupt vector (See above)
2018-12-25T11:49:20.155856774Z	37	PC: 2f217 \| Set interrupt vector (See above)
2018-12-25T11:49:20.158323967Z	53	PC: 41eb5 \| Get interrupt vector (See above)
2018-12-25T11:49:20.159731266Z	53	PC: 4cd29 \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-25T11:49:20.161178861Z	37	PC: 4cd3c \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-25T11:49:20.162096345Z	53	PC: 4cd29 \| Get interrupt vector (See above)
2018-12-25T11:49:20.162952201Z	37	PC: 4cd3c \| Set interrupt vector (See above)
2018-12-25T11:49:20.163968745Z	53	PC: 4cd29 \| Get interrupt vector (See above)
2018-12-25T11:49:20.164816038Z	37	PC: 4cd3c \| Set interrupt vector (See above)
2018-12-25T11:49:20.165773492Z	53	PC: 4cd29 \| Get interrupt vector (See above)
2018-12-25T11:49:20.166901983Z	37	PC: 4cd3c \| Set interrupt vector (See above)
2018-12-25T11:49:20.167795826Z	48	PC: 4ccea \| Get DOS version
2018-12-25T11:49:20.169201393Z	53	PC: 4cd08 \| Get interrupt vector (Interrupt = '21' AKA 'Sequential write')
2018-12-25T11:49:20.17020916Z	37	PC: 4cd1d \| Set interrupt vector (Interrupt = '21' AKA 'Sequential write')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":3486,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:49:19.031693717Z	26	PC: 12c2e \| Set disk transfer address
2018-12-25T11:49:19.033135153Z	67	PC: 12cd0 \| Get or set file attributes
2018-12-25T11:49:19.040009246Z	61	PC: 12cd5 \| Open file (Filename = 'c:\dos\doskey.com')
2018-12-25T11:49:19.04422049Z	67	PC: 12cd0 \| Get or set file attributes (See above)
2018-12-25T11:49:19.420158521Z	61	PC: 12cd5 \| Open file (See above)
2018-12-25T11:49:19.429617399Z	87	PC: 12cdd \| Get or set file date and time
2018-12-25T11:49:19.431307279Z	63	PC: 12cea \| Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:49:19.437149877Z	66	PC: 12cfa \| Move file pointer
2018-12-25T11:49:19.440277308Z	64	PC: 12c00 \| Write file or device (Write 921 bytes on handle 5)
2018-12-25T11:49:19.448417938Z	66	PC: 12d2a \| Move file pointer
2018-12-25T11:49:19.4497546Z	64	PC: 12d35 \| Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:49:19.466100496Z	87	PC: 12d3c \| Get or set file date and time
2018-12-25T11:49:19.467951606Z	62	PC: 12d40 \| Close file
2018-12-25T11:49:19.474510657Z	78	PC: 12c44 \| Find first file
2018-12-25T11:49:19.481957287Z	67	PC: 12cd0 \| Get or set file attributes (See above)
2018-12-25T11:49:19.498086494Z	61	PC: 12cd5 \| Open file (See above)
2018-12-25T11:49:19.504934648Z	87	PC: 12cdd \| Get or set file date and time (See above)
2018-12-25T11:49:19.506834135Z	63	PC: 12cea \| Read file or device (See above)
2018-12-25T11:49:19.513308775Z	66	PC: 12cfa \| Move file pointer (See above)
2018-12-25T11:49:19.515196006Z	64	PC: 12c00 \| Write file or device (See above)
2018-12-25T11:49:19.525002089Z	66	PC: 12d2a \| Move file pointer (See above)
2018-12-25T11:49:19.526500633Z	64	PC: 12d35 \| Write file or device (See above)
2018-12-25T11:49:19.53312011Z	87	PC: 12d3c \| Get or set file date and time (See above)
2018-12-25T11:49:19.535133984Z	62	PC: 12d40 \| Close file (See above)
2018-12-25T11:49:19.544744341Z	79	PC: 12c44 \| Find next file (See above)
2018-12-25T11:49:19.547640698Z	67	PC: 12cd0 \| Get or set file attributes (See above)
2018-12-25T11:49:19.557255457Z	61	PC: 12cd5 \| Open file (See above)
2018-12-25T11:49:19.564237337Z	87	PC: 12cdd \| Get or set file date and time (See above)
2018-12-25T11:49:19.565612841Z	63	PC: 12cea \| Read file or device (See above)
2018-12-25T11:49:19.575564083Z	66	PC: 12cfa \| Move file pointer (See above)
2018-12-25T11:49:19.57815241Z	87	PC: 12d3c \| Get or set file date and time (See above)
2018-12-25T11:49:19.580016576Z	62	PC: 12d40 \| Close file (See above)
2018-12-25T11:49:19.6008577Z	79	PC: 12c44 \| Find next file (See above)
2018-12-25T11:49:19.604933604Z	67	PC: 12cd0 \| Get or set file attributes (See above)
2018-12-25T11:49:19.614659067Z	61	PC: 12cd5 \| Open file (See above)
2018-12-25T11:49:19.621340028Z	87	PC: 12cdd \| Get or set file date and time (See above)
2018-12-25T11:49:19.623434093Z	63	PC: 12cea \| Read file or device (See above)
2018-12-25T11:49:19.63012029Z	66	PC: 12cfa \| Move file pointer (See above)
2018-12-25T11:49:19.631753772Z	87	PC: 12d3c \| Get or set file date and time (See above)
2018-12-25T11:49:19.634150558Z	62	PC: 12d40 \| Close file (See above)
2018-12-25T11:49:19.640970385Z	79	PC: 12c44 \| Find next file (See above)
2018-12-25T11:49:19.643513627Z	67	PC: 12cd0 \| Get or set file attributes (See above)
2018-12-25T11:49:19.653470525Z	61	PC: 12cd5 \| Open file (See above)
2018-12-25T11:49:19.659791642Z	87	PC: 12cdd \| Get or set file date and time (See above)
2018-12-25T11:49:19.66099721Z	63	PC: 12cea \| Read file or device (See above)
2018-12-25T11:49:19.668041816Z	66	PC: 12cfa \| Move file pointer (See above)
2018-12-25T11:49:19.669444581Z	87	PC: 12d3c \| Get or set file date and time (See above)
2018-12-25T11:49:19.672153799Z	62	PC: 12d40 \| Close file (See above)
2018-12-25T11:49:19.679984888Z	79	PC: 12c44 \| Find next file (See above)
2018-12-25T11:49:19.682532986Z	67	PC: 12cd0 \| Get or set file attributes (See above)
2018-12-25T11:49:19.692055757Z	61	PC: 12cd5 \| Open file (See above)
2018-12-25T11:49:19.699552663Z	87	PC: 12cdd \| Get or set file date and time (See above)
2018-12-25T11:49:19.700956362Z	63	PC: 12cea \| Read file or device (See above)
2018-12-25T11:49:19.707231058Z	66	PC: 12cfa \| Move file pointer (See above)
2018-12-25T11:49:19.709897172Z	87	PC: 12d3c \| Get or set file date and time (See above)
2018-12-25T11:49:19.711665162Z	62	PC: 12d40 \| Close file (See above)
2018-12-25T11:49:19.718863442Z	79	PC: 12c44 \| Find next file (See above)
2018-12-25T11:49:19.722039171Z	67	PC: 12cd0 \| Get or set file attributes (See above)
2018-12-25T11:49:19.734150467Z	61	PC: 12cd5 \| Open file (See above)
2018-12-25T11:49:19.74044114Z	87	PC: 12cdd \| Get or set file date and time (See above)
2018-12-25T11:49:19.742410405Z	63	PC: 12cea \| Read file or device (See above)
2018-12-25T11:49:19.748467636Z	66	PC: 12cfa \| Move file pointer (See above)
2018-12-25T11:49:19.750337712Z	64	PC: 12c00 \| Write file or device (See above)
2018-12-25T11:49:19.760065967Z	66	PC: 12d2a \| Move file pointer (See above)
2018-12-25T11:49:19.762074451Z	64	PC: 12d35 \| Write file or device (See above)
2018-12-25T11:49:19.768339365Z	87	PC: 12d3c \| Get or set file date and time (See above)
2018-12-25T11:49:19.770345793Z	62	PC: 12d40 \| Close file (See above)
2018-12-25T11:49:19.77838359Z	79	PC: 12c44 \| Find next file (See above)
2018-12-25T11:49:19.780985255Z	67	PC: 12cd0 \| Get or set file attributes (See above)
2018-12-25T11:49:19.790932834Z	61	PC: 12cd5 \| Open file (See above)
2018-12-25T11:49:19.798243478Z	87	PC: 12cdd \| Get or set file date and time (See above)
2018-12-25T11:49:19.799975901Z	63	PC: 12cea \| Read file or device (See above)
2018-12-25T11:49:19.807584526Z	66	PC: 12cfa \| Move file pointer (See above)
2018-12-25T11:49:19.809582797Z	87	PC: 12d3c \| Get or set file date and time (See above)
2018-12-25T11:49:19.811268309Z	62	PC: 12d40 \| Close file (See above)
2018-12-25T11:49:19.818866169Z	79	PC: 12c44 \| Find next file (See above)
2018-12-25T11:49:19.821392039Z	67	PC: 12cd0 \| Get or set file attributes (See above)
2018-12-25T11:49:19.831163995Z	61	PC: 12cd5 \| Open file (See above)
2018-12-25T11:49:19.838438351Z	87	PC: 12cdd \| Get or set file date and time (See above)
2018-12-25T11:49:19.839860623Z	63	PC: 12cea \| Read file or device (See above)
2018-12-25T11:49:19.847190162Z	87	PC: 12d3c \| Get or set file date and time (See above)
2018-12-25T11:49:19.849647413Z	62	PC: 12d40 \| Close file (See above)
2018-12-25T11:49:19.857143516Z	79	PC: 12c44 \| Find next file (See above)
2018-12-25T11:49:19.859755036Z	44	PC: 12c56 \| Get time 0x12c56: cmp dl, 1 0x12c59: ja 0x12c63 0x12c5b: cmp dh, 0x10 0x12c5e: ja 0x12c63 0x12c60: call 0x12c6b 0x12c63: mov dx, 0x80 0x12c66: mov ah, 0x1a 0x12c68: int 0x21 0x12c6a: ret 0x12c6b: lea bx, word ptr [bp + 0x499] 0x12c6f: mov cx, 1 0x12c72: mov dx, 0x80 0x12c75: mov ax, 0x201 0x12c78: int 0x13 0x12c7a: jb 0x12c6a 0x12c7c: mov ax, 0x301 0x12c7f: mov dx, 0x80 0x12c82: mov cx, 2 0x12c85: lea bx, word ptr [bp + 0x499] 0x12c89: int 0x13
2018-12-25T11:49:19.862679472Z	26	PC: 12c6a \| Set disk transfer address
2018-12-25T11:49:19.864644532Z	74	PC: 12a54 \| Reallocate memory
2018-12-25T11:49:19.866283254Z	48	PC: 12ab6 \| Get DOS version
2018-12-25T11:49:19.868183443Z	75	PC: 12af4 \| Execute program
2018-12-25T11:49:19.875009286Z	75	PC: 12af4 \| Execute program (See above)
2018-12-25T11:49:19.881145977Z	75	PC: 12af4 \| Execute program (See above)
2018-12-25T11:49:19.984910298Z	48	PC: 38dc4 \| Get DOS version
2018-12-25T11:49:19.98676656Z	74	PC: 38e14 \| Reallocate memory
2018-12-25T11:49:19.990042901Z	48	PC: 38e78 \| Get DOS version
2018-12-25T11:49:19.991342071Z	53	PC: 38e80 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T11:49:19.993669289Z	37	PC: 38e92 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T11:49:19.995064497Z	53	PC: 3fb7f \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-25T11:49:19.996452272Z	53	PC: 3fb7f \| Get interrupt vector (See above)
2018-12-25T11:49:19.998635731Z	53	PC: 3fb7f \| Get interrupt vector (See above)
2018-12-25T11:49:19.99977322Z	53	PC: 3fb7f \| Get interrupt vector (See above)
2018-12-25T11:49:20.000830576Z	53	PC: 3fb7f \| Get interrupt vector (See above)
2018-12-25T11:49:20.00267191Z	53	PC: 3fb7f \| Get interrupt vector (See above)
2018-12-25T11:49:20.003734157Z	53	PC: 3fb7f \| Get interrupt vector (See above)
2018-12-25T11:49:20.004770992Z	53	PC: 3fb7f \| Get interrupt vector (See above)
2018-12-25T11:49:20.006858728Z	53	PC: 3fb7f \| Get interrupt vector (See above)
2018-12-25T11:49:20.008149102Z	53	PC: 3fb7f \| Get interrupt vector (See above)
2018-12-25T11:49:20.009775987Z	53	PC: 3fb7f \| Get interrupt vector (See above)
2018-12-25T11:49:20.011945732Z	37	PC: 3fbae \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-25T11:49:20.012964231Z	37	PC: 3fbae \| Set interrupt vector (See above)
2018-12-25T11:49:20.013956721Z	37	PC: 3fbae \| Set interrupt vector (See above)
2018-12-25T11:49:20.015595228Z	37	PC: 3fbae \| Set interrupt vector (See above)
2018-12-25T11:49:20.016756613Z	37	PC: 3fbae \| Set interrupt vector (See above)
2018-12-25T11:49:20.018008959Z	37	PC: 3fbae \| Set interrupt vector (See above)
2018-12-25T11:49:20.019546647Z	37	PC: 3fbae \| Set interrupt vector (See above)
2018-12-25T11:49:20.020798602Z	37	PC: 3fbae \| Set interrupt vector (See above)
2018-12-25T11:49:20.022013602Z	37	PC: 3fbb5 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-25T11:49:20.023649022Z	37	PC: 3fbba \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-25T11:49:20.024996375Z	68	PC: 38f23 \| I/O control for devices (Set for = '�r��R')
2018-12-25T11:49:20.026324364Z	68	PC: 38f23 \| I/O control for devices (See above)
2018-12-25T11:49:20.028540604Z	68	PC: 38f23 \| I/O control for devices (See above)
2018-12-25T11:49:20.029920688Z	68	PC: 38f23 \| I/O control for devices (See above)
2018-12-25T11:49:20.031351676Z	68	PC: 38f23 \| I/O control for devices (See above)
2018-12-25T11:49:20.034072093Z	53	PC: 29eb3 \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-25T11:49:20.035251067Z	37	PC: 29ec5 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-25T11:49:20.036502621Z	53	PC: 2f8fe \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T11:49:20.038550351Z	53	PC: 2f90b \| Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-25T11:49:20.039833407Z	53	PC: 2f918 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:49:20.040995745Z	37	PC: 2f92d \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T11:49:20.044677032Z	37	PC: 2f935 \| Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-25T11:49:20.045685144Z	37	PC: 2f93d \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:49:20.047019244Z	53	PC: 33660 \| Get interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-25T11:49:20.049390711Z	53	PC: 3366d \| Get interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-25T11:49:20.050755273Z	53	PC: 3367c \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T11:49:20.052110374Z	37	PC: 33689 \| Set interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-25T11:49:20.0542865Z	53	PC: 33690 \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T11:49:20.055737365Z	37	PC: 3369d \| Set interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-25T11:49:20.057071868Z	53	PC: 336a9 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T11:49:20.063392882Z	48	PC: 3376e \| Get DOS version
2018-12-25T11:49:20.065073364Z	74	PC: 3441b \| Reallocate memory
2018-12-25T11:49:20.06687068Z	74	PC: 3441b \| Reallocate memory (See above)
2018-12-25T11:49:20.068608403Z	68	PC: 33575 \| I/O control for devices (Set for = 'pt��n~�:4* P')
2018-12-25T11:49:20.070550873Z	68	PC: 33575 \| I/O control for devices (See above)
2018-12-25T11:49:20.072008041Z	51	PC: 33593 \| Get or set Ctrl-Break
2018-12-25T11:49:20.07310679Z	51	PC: 3359f \| Get or set Ctrl-Break
2018-12-25T11:49:20.074728746Z	72	PC: 33bd6 \| Allocate memory
2018-12-25T11:49:20.077102429Z	74	PC: 3441b \| Reallocate memory (See above)
2018-12-25T11:49:20.07955377Z	72	PC: 33bd6 \| Allocate memory (See above)
2018-12-25T11:49:20.082197243Z	37	PC: 2ef81 \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T11:49:20.092491523Z	48	PC: 23cef \| Get DOS version
2018-12-25T11:49:20.093767159Z	61	PC: 23afc \| Open file (Filename = 'C:\DOS\qbasic.ini')
2018-12-25T11:49:20.101042147Z	63	PC: 23afc \| Read file or device (See above)
2018-12-25T11:49:20.106888078Z	63	PC: 23afc \| Read file or device (See above)
2018-12-25T11:49:20.109279377Z	63	PC: 23afc \| Read file or device (See above)
2018-12-25T11:49:20.11238345Z	63	PC: 23afc \| Read file or device (See above)
2018-12-25T11:49:20.114805308Z	63	PC: 23afc \| Read file or device (See above)
2018-12-25T11:49:20.117107473Z	63	PC: 23afc \| Read file or device (See above)
2018-12-25T11:49:20.119992232Z	63	PC: 23afc \| Read file or device (See above)
2018-12-25T11:49:20.122270722Z	63	PC: 23afc \| Read file or device (See above)
2018-12-25T11:49:20.124515113Z	63	PC: 23afc \| Read file or device (See above)
2018-12-25T11:49:20.127275472Z	62	PC: 23afc \| Close file (See above)
2018-12-25T11:49:20.129089006Z	53	PC: 2f20a \| Get interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-25T11:49:20.130182733Z	37	PC: 2f217 \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T11:49:20.134420493Z	53	PC: 4c438 \| Get interrupt vector (Interrupt = '16' AKA 'Close file')
2018-12-25T11:49:20.135678539Z	37	PC: 4c444 \| Set interrupt vector (Interrupt = '16' AKA 'Close file')
2018-12-25T11:49:20.140734941Z	53	PC: 41eb5 \| Get interrupt vector (Interrupt = '51' AKA 'Get or set Ctrl-Break')
2018-12-25T11:49:20.148603188Z	37	PC: 2ef81 \| Set interrupt vector (See above)
2018-12-25T11:49:20.15177987Z	53	PC: 2f20a \| Get interrupt vector (See above)
2018-12-25T11:49:20.153195096Z	37	PC: 2f217 \| Set interrupt vector (See above)
2018-12-25T11:49:20.157037704Z	53	PC: 41eb5 \| Get interrupt vector (See above)
2018-12-25T11:49:20.158984499Z	53	PC: 4cd29 \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-25T11:49:20.160424085Z	37	PC: 4cd3c \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-25T11:49:20.16291609Z	53	PC: 4cd29 \| Get interrupt vector (See above)
2018-12-25T11:49:20.164332698Z	37	PC: 4cd3c \| Set interrupt vector (See above)
2018-12-25T11:49:20.165695415Z	53	PC: 4cd29 \| Get interrupt vector (See above)
2018-12-25T11:49:20.168192769Z	37	PC: 4cd3c \| Set interrupt vector (See above)
2018-12-25T11:49:20.169569578Z	53	PC: 4cd29 \| Get interrupt vector (See above)
2018-12-25T11:49:20.170980753Z	37	PC: 4cd3c \| Set interrupt vector (See above)
2018-12-25T11:49:20.173382316Z	48	PC: 4ccea \| Get DOS version
2018-12-25T11:49:20.175061532Z	53	PC: 4cd08 \| Get interrupt vector (Interrupt = '21' AKA 'Sequential write')
2018-12-25T11:49:20.176503029Z	37	PC: 4cd1d \| Set interrupt vector (Interrupt = '21' AKA 'Sequential write')