Sample viewer

vx.netlux.org/Virus.DOS.Gotcha.1781

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:20:46.89412282Z 48 PC: 12a70 | Get DOS version
2018-12-17T22:20:46.896529585Z 218 PC: 12a7c | UNKNOWN!
2018-12-17T22:20:46.897505277Z 37 PC: 12abd | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:20:46.898886625Z 42 PC: 12ac1 | Get date 0x12ac1: cmp al, 5
0x12ac3: jne 0x12afa
0x12ac5: call 0x12cb3
0x12ac8: push cs
0x12ac9: pop es
0x12aca: mov si, 0x383
0x12acd: pop ax
0x12ace: add ax, 0x6f5
0x12ad1: and ax, 0xfff0
0x12ad4: add ax, 0x10
0x12ad7: mov di, ax
0x12ad9: mov cx, 0x472
0x12adc: push ax
0x12add: lodsb al, byte ptr [si]
0x12ade: xor ax, 0xf
0x12ae1: stosb byte ptr es:[di], al
0x12ae2: loop 0x12add
0x12ae4: pop ax
0x12ae5: mov cl, 4
0x12ae7: shr ax, cl
2018-12-17T22:20:46.904441872Z 77 PC: 11fe0 | Get program return code
2018-12-17T22:20:46.905620208Z 72 PC: 12174 | Allocate memory
2018-12-17T22:20:46.90736888Z 72 PC: 1218d | Allocate memory
2018-12-17T22:20:46.9101735Z 37 PC: 123c4 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:20:46.912119216Z 37 PC: 123cb | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:20:46.913227574Z 37 PC: 123d2 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:20:46.914860131Z 69 PC: 9f5fa | Duplicate handle
2018-12-17T22:20:46.916796094Z 62 PC: 122ab | Close file
2018-12-17T22:20:46.918303945Z 69 PC: 9f5fa | Duplicate handle
2018-12-17T22:20:46.920439279Z 62 PC: 122ab | Close file
2018-12-17T22:20:46.922096816Z 69 PC: 9f5fa | Duplicate handle
2018-12-17T22:20:46.923742862Z 62 PC: 122ab | Close file
2018-12-17T22:20:46.925257983Z 69 PC: 9f5fa | Duplicate handle
2018-12-17T22:20:46.92812577Z 62 PC: 122ab | Close file
2018-12-17T22:20:46.930441727Z 69 PC: 9f5fa | Duplicate handle
2018-12-17T22:20:46.932964845Z 62 PC: 122ab | Close file
2018-12-17T22:20:46.937579098Z 69 PC: 9f5fa | Duplicate handle
2018-12-17T22:20:46.94081075Z 62 PC: 122ab | Close file
2018-12-17T22:20:46.942747798Z 69 PC: 9f5fa | Duplicate handle
2018-12-17T22:20:46.944645588Z 62 PC: 122ab | Close file
2018-12-17T22:20:46.947189996Z 69 PC: 9f5fa | Duplicate handle
2018-12-17T22:20:46.949005977Z 62 PC: 122ab | Close file
2018-12-17T22:20:46.950776209Z 69 PC: 9f5fa | Duplicate handle
2018-12-17T22:20:46.953149726Z 62 PC: 122ab | Close file
2018-12-17T22:20:46.954818641Z 69 PC: 9f5fa | Duplicate handle
2018-12-17T22:20:46.95654176Z 62 PC: 122ab | Close file
2018-12-17T22:20:46.959345749Z 69 PC: 9f5fa | Duplicate handle
2018-12-17T22:20:46.960928973Z 62 PC: 122ab | Close file
2018-12-17T22:20:46.962476024Z 69 PC: 9f5fa | Duplicate handle
2018-12-17T22:20:46.964555758Z 62 PC: 122ab | Close file
2018-12-17T22:20:46.966410295Z 69 PC: 9f5fa | Duplicate handle
2018-12-17T22:20:46.968235364Z 62 PC: 122ab | Close file
2018-12-17T22:20:46.969870818Z 69 PC: 9f5fa | Duplicate handle
2018-12-17T22:20:46.972168425Z 62 PC: 122ab | Close file
2018-12-17T22:20:46.974044227Z 69 PC: 9f5fa | Duplicate handle
2018-12-17T22:20:46.975996395Z 62 PC: 122ab | Close file
2018-12-17T22:20:46.979692335Z 99 PC: 99dc7 | Get DBCS lead byte table pointer
2018-12-17T22:20:46.981331426Z 56 PC: 945e9 | Get or set country info
2018-12-17T22:20:46.984237994Z 64 PC: 9a038 | Write file or device (Write 2 bytes on handle 1)
2018-12-17T22:20:46.989295224Z 25 PC: 94652 | Get default drive
2018-12-17T22:20:46.991327386Z 71 PC: 968cd | Get current directory
2018-12-17T22:20:46.99557787Z 64 PC: 9a038 | Write file or device (Write 3 bytes on handle 1)
2018-12-17T22:20:47.003086184Z 2 PC: 968a2 | Character output (Char = '3e')
2018-12-17T22:20:47.005400097Z 93 PC: 94710 | File sharing functions
2018-12-17T22:20:47.007397083Z 93 PC: 94717 | File sharing functions
2018-12-17T22:20:47.010356558Z 10 PC: 94729 | Buffered keyboard input
2018-12-17T22:21:01.872433455Z 0 PC: 0 | Program terminate
2018-12-17T22:21:03.232017619Z 0 PC: 0 | Program terminate
2018-12-17T22:21:03.334398638Z 64 PC: 9a038 | Write file or device (Write 2 bytes on handle 1)
2018-12-17T22:21:03.340379408Z 41 PC: 9479e | Parse filename
2018-12-17T22:21:03.342995164Z 41 PC: 9481f | Parse filename
2018-12-17T22:21:03.344417355Z 41 PC: 9483c | Parse filename
2018-12-17T22:21:03.347624804Z 26 PC: 97ce7 | Set disk transfer address
2018-12-17T22:21:03.349927995Z 71 PC: 97ee3 | Get current directory
2018-12-17T22:21:03.357657972Z 78 PC: 97eee | Find first file
2018-12-17T22:21:03.36716721Z 71 PC: 97d5c | Get current directory
2018-12-17T22:21:03.370692499Z 73 PC: 973f9 | Release memory
2018-12-17T22:21:03.372031233Z 61 PC: 9f5fa | Open file (Filename = 'A:\PRINT.COM')
2018-12-17T22:21:03.378723196Z 51 PC: 9f619 | Get or set Ctrl-Break
2018-12-17T22:21:03.380685089Z 51 PC: 9f61f | Get or set Ctrl-Break
2018-12-17T22:21:03.381600303Z 53 PC: 9f626 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:21:03.383472745Z 37 PC: 9f634 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:21:03.385822356Z 63 PC: 9f68a | Read file or device (Read 24 bytes on handle 5)
2018-12-17T22:21:03.389954606Z 62 PC: 9f71b | Close file
2018-12-17T22:21:03.391247244Z 37 PC: 9f72a | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:21:03.392593668Z 51 PC: 9f72e | Get or set Ctrl-Break
2018-12-17T22:21:03.393570546Z 75 PC: 11821 | Execute program
2018-12-17T22:21:03.400232031Z 9 PC: 12a47 | Display string (String= 'Hello, World! ')
2018-12-17T22:21:03.403044695Z 76 PC: 12a4b | Terminate with return code (Return code = '36')
2018-12-17T22:21:03.406111836Z 77 PC: 11fe0 | Get program return code
2018-12-17T22:21:03.40732422Z 72 PC: 12174 | Allocate memory
2018-12-17T22:21:03.409485508Z 72 PC: 1218d | Allocate memory
2018-12-17T22:21:03.411046997Z 37 PC: 123c4 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:21:03.412163431Z 37 PC: 123cb | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:21:03.414034117Z 37 PC: 123d2 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:21:03.430762731Z 69 PC: 9f5fa | Duplicate handle
2018-12-17T22:21:03.432800113Z 62 PC: 122ab | Close file
2018-12-17T22:21:03.435971404Z 69 PC: 9f5fa | Duplicate handle
2018-12-17T22:21:03.437922586Z 62 PC: 122ab | Close file
2018-12-17T22:21:03.439817726Z 69 PC: 9f5fa | Duplicate handle
2018-12-17T22:21:03.443587503Z 62 PC: 122ab | Close file
2018-12-17T22:21:03.445474524Z 69 PC: 9f5fa | Duplicate handle
2018-12-17T22:21:03.44737293Z 62 PC: 122ab | Close file
2018-12-17T22:21:03.450260634Z 69 PC: 9f5fa | Duplicate handle
2018-12-17T22:21:03.451830687Z 62 PC: 122ab | Close file
2018-12-17T22:21:03.453644853Z 69 PC: 9f5fa | Duplicate handle
2018-12-17T22:21:03.456609016Z 62 PC: 122ab | Close file
2018-12-17T22:21:03.45856675Z 69 PC: 9f5fa | Duplicate handle
2018-12-17T22:21:03.460434957Z 62 PC: 122ab | Close file
2018-12-17T22:21:03.463227371Z 69 PC: 9f5fa | Duplicate handle
2018-12-17T22:21:03.465285029Z 62 PC: 122ab | Close file
2018-12-17T22:21:03.467190452Z 69 PC: 9f5fa | Duplicate handle
2018-12-17T22:21:03.470081082Z 62 PC: 122ab | Close file
2018-12-17T22:21:03.471919458Z 69 PC: 9f5fa | Duplicate handle
2018-12-17T22:21:03.473792375Z 62 PC: 122ab | Close file
2018-12-17T22:21:03.476114031Z 69 PC: 9f5fa | Duplicate handle
2018-12-17T22:21:03.479117435Z 62 PC: 122ab | Close file
2018-12-17T22:21:03.481009986Z 69 PC: 9f5fa | Duplicate handle
2018-12-17T22:21:03.482923689Z 62 PC: 122ab | Close file
2018-12-17T22:21:03.485475229Z 69 PC: 9f5fa | Duplicate handle
2018-12-17T22:21:03.487236095Z 62 PC: 122ab | Close file
2018-12-17T22:21:03.489242647Z 69 PC: 9f5fa | Duplicate handle
2018-12-17T22:21:03.491414789Z 62 PC: 122ab | Close file
2018-12-17T22:21:03.492841824Z 69 PC: 9f5fa | Duplicate handle
2018-12-17T22:21:03.494487562Z 62 PC: 122ab | Close file
2018-12-17T22:21:03.498149741Z 99 PC: 99dc7 | Get DBCS lead byte table pointer
2018-12-17T22:21:03.499684666Z 56 PC: 945e9 | Get or set country info
2018-12-17T22:21:03.501764301Z 64 PC: 9a038 | Write file or device (Write 2 bytes on handle 1)
2018-12-17T22:21:03.507379673Z 25 PC: 94652 | Get default drive
2018-12-17T22:21:03.509195299Z 71 PC: 968cd | Get current directory
2018-12-17T22:21:03.513249735Z 64 PC: 9a038 | Write file or device (Write 3 bytes on handle 1)
2018-12-17T22:21:03.517479658Z 2 PC: 968a2 | Character output (Char = '3e')
2018-12-17T22:21:03.519908297Z 93 PC: 94710 | File sharing functions
2018-12-17T22:21:03.528656674Z 93 PC: 94717 | File sharing functions
2018-12-17T22:21:03.531016422Z 10 PC: 94729 | Buffered keyboard input

{"DateBased":true,"Day":4,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3608,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:49:33.647912775Z 48 PC: 12a70 | Get DOS version
2018-12-25T11:49:33.649680157Z 218 PC: 12a7c | UNKNOWN!
2018-12-25T11:49:33.6506209Z 37 PC: 12abd | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:49:33.651741936Z 42 PC: 12ac1 | Get date 0x12ac1: cmp al, 5
0x12ac3: jne 0x12afa
0x12ac5: call 0x12cb3
0x12ac8: push cs
0x12ac9: pop es
0x12aca: mov si, 0x383
0x12acd: pop ax
0x12ace: add ax, 0x6f5
0x12ad1: and ax, 0xfff0
0x12ad4: add ax, 0x10
0x12ad7: mov di, ax
0x12ad9: mov cx, 0x472
0x12adc: push ax
0x12add: lodsb al, byte ptr [si]
0x12ade: xor ax, 0xf
0x12ae1: stosb byte ptr es:[di], al
0x12ae2: loop 0x12add
0x12ae4: pop ax
0x12ae5: mov cl, 4
0x12ae7: shr ax, cl
2018-12-25T11:49:33.663682169Z 12 PC: 1408e | Flush input buffer and input

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3608,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:49:34.623726973Z 48 PC: 12a70 | Get DOS version
2018-12-25T11:49:34.625864177Z 218 PC: 12a7c | UNKNOWN!
2018-12-25T11:49:34.626747431Z 37 PC: 12abd | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:49:34.627772722Z 42 PC: 12ac1 | Get date 0x12ac1: cmp al, 5
0x12ac3: jne 0x12afa
0x12ac5: call 0x12cb3
0x12ac8: push cs
0x12ac9: pop es
0x12aca: mov si, 0x383
0x12acd: pop ax
0x12ace: add ax, 0x6f5
0x12ad1: and ax, 0xfff0
0x12ad4: add ax, 0x10
0x12ad7: mov di, ax
0x12ad9: mov cx, 0x472
0x12adc: push ax
0x12add: lodsb al, byte ptr [si]
0x12ade: xor ax, 0xf
0x12ae1: stosb byte ptr es:[di], al
0x12ae2: loop 0x12add
0x12ae4: pop ax
0x12ae5: mov cl, 4
0x12ae7: shr ax, cl
2018-12-25T11:49:34.633662786Z 77 PC: 11fe0 | Get program return code
2018-12-25T11:49:34.647437326Z 72 PC: 12174 | Allocate memory
2018-12-25T11:49:34.649153489Z 72 PC: 1218d | Allocate memory
2018-12-25T11:49:34.651586341Z 37 PC: 123c4 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T11:49:34.652647442Z 37 PC: 123cb | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T11:49:34.65365277Z 37 PC: 123d2 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:49:34.655078641Z 69 PC: 9f5fa | Duplicate handle
2018-12-25T11:49:34.656491328Z 62 PC: 122ab | Close file
2018-12-25T11:49:34.657829075Z 69 PC: 9f5fa | Duplicate handle (See above)
2018-12-25T11:49:34.659511388Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:49:34.660887677Z 69 PC: 9f5fa | Duplicate handle (See above)
2018-12-25T11:49:34.662265748Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:49:34.66375394Z 69 PC: 9f5fa | Duplicate handle (See above)
2018-12-25T11:49:34.665336099Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:49:34.666657481Z 69 PC: 9f5fa | Duplicate handle (See above)
2018-12-25T11:49:34.667987249Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:49:34.669569399Z 69 PC: 9f5fa | Duplicate handle (See above)
2018-12-25T11:49:34.670940103Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:49:34.672219098Z 69 PC: 9f5fa | Duplicate handle (See above)
2018-12-25T11:49:34.674088938Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:49:34.675438547Z 69 PC: 9f5fa | Duplicate handle (See above)
2018-12-25T11:49:34.676782687Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:49:34.685436324Z 69 PC: 9f5fa | Duplicate handle (See above)
2018-12-25T11:49:34.687155166Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:49:34.688998304Z 69 PC: 9f5fa | Duplicate handle (See above)
2018-12-25T11:49:34.693907252Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:49:34.69647029Z 69 PC: 9f5fa | Duplicate handle (See above)
2018-12-25T11:49:34.698205239Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:49:34.702710407Z 69 PC: 9f5fa | Duplicate handle (See above)
2018-12-25T11:49:34.705399672Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:49:34.706752535Z 69 PC: 9f5fa | Duplicate handle (See above)
2018-12-25T11:49:34.708678793Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:49:34.710024218Z 69 PC: 9f5fa | Duplicate handle (See above)
2018-12-25T11:49:34.711385534Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:49:34.713192877Z 69 PC: 9f5fa | Duplicate handle (See above)
2018-12-25T11:49:34.714588098Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:49:34.717242742Z 99 PC: 99dc7 | Get DBCS lead byte table pointer
2018-12-25T11:49:34.718616703Z 56 PC: 945e9 | Get or set country info
2018-12-25T11:49:34.72045818Z 64 PC: 9a038 | Write file or device (Write 2 bytes on handle 1)
2018-12-25T11:49:34.724716248Z 25 PC: 94652 | Get default drive
2018-12-25T11:49:34.726868738Z 71 PC: 968cd | Get current directory
2018-12-25T11:49:34.730812089Z 64 PC: 9a038 | Write file or device (See above)
2018-12-25T11:49:34.733851136Z 2 PC: 968a2 | Character output (Char = '3e')
2018-12-25T11:49:34.736051296Z 93 PC: 94710 | File sharing functions
2018-12-25T11:49:34.739852015Z 93 PC: 94717 | File sharing functions
2018-12-25T11:49:34.741485759Z 10 PC: 94729 | Buffered keyboard input
2018-12-25T11:49:49.612711045Z 0 PC: 0 | Program terminate
2018-12-25T11:49:50.966504744Z 0 PC: 0 | Program terminate (See above)
2018-12-25T11:49:51.06955326Z 64 PC: 9a038 | Write file or device (See above)
2018-12-25T11:49:51.076039944Z 41 PC: 9479e | Parse filename
2018-12-25T11:49:51.078142027Z 41 PC: 9481f | Parse filename
2018-12-25T11:49:51.079844427Z 41 PC: 9483c | Parse filename
2018-12-25T11:49:51.083288576Z 26 PC: 97ce7 | Set disk transfer address
2018-12-25T11:49:51.084851844Z 71 PC: 97ee3 | Get current directory
2018-12-25T11:49:51.092957321Z 78 PC: 97eee | Find first file
2018-12-25T11:49:51.107136774Z 71 PC: 97d5c | Get current directory
2018-12-25T11:49:51.110228552Z 73 PC: 973f9 | Release memory
2018-12-25T11:49:51.111652968Z 61 PC: 9f5fa | Open file (See above)
2018-12-25T11:49:51.121735072Z 51 PC: 9f619 | Get or set Ctrl-Break
2018-12-25T11:49:51.12281955Z 51 PC: 9f61f | Get or set Ctrl-Break
2018-12-25T11:49:51.123887549Z 53 PC: 9f626 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:49:51.125652901Z 37 PC: 9f634 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:49:51.127267217Z 63 PC: 9f68a | Read file or device (Read 24 bytes on handle 5)
2018-12-25T11:49:51.133460287Z 62 PC: 9f71b | Close file
2018-12-25T11:49:51.13532805Z 37 PC: 9f72a | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:49:51.137195947Z 51 PC: 9f72e | Get or set Ctrl-Break
2018-12-25T11:49:51.138012739Z 75 PC: 11821 | Execute program
2018-12-25T11:49:51.149411406Z 9 PC: 12a47 | Display string (String= 'Hello, World! ')
2018-12-25T11:49:51.153335687Z 76 PC: 12a4b | Terminate with return code (Return code = '36')
2018-12-25T11:49:51.156583102Z 77 PC: 11fe0 | Get program return code (See above)
2018-12-25T11:49:51.159474943Z 72 PC: 12174 | Allocate memory (See above)
2018-12-25T11:49:51.161284325Z 72 PC: 1218d | Allocate memory (See above)
2018-12-25T11:49:51.168617022Z 37 PC: 123c4 | Set interrupt vector (See above)
2018-12-25T11:49:51.170811267Z 37 PC: 123cb | Set interrupt vector (See above)
2018-12-25T11:49:51.17225682Z 37 PC: 123d2 | Set interrupt vector (See above)
2018-12-25T11:49:51.173763051Z 69 PC: 9f5fa | Duplicate handle (See above)
2018-12-25T11:49:51.176418857Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:49:51.178580958Z 69 PC: 9f5fa | Duplicate handle (See above)
2018-12-25T11:49:51.180151533Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:49:51.183020796Z 69 PC: 9f5fa | Duplicate handle (See above)
2018-12-25T11:49:51.18447803Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:49:51.18588054Z 69 PC: 9f5fa | Duplicate handle (See above)
2018-12-25T11:49:51.188341636Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:49:51.189884677Z 69 PC: 9f5fa | Duplicate handle (See above)
2018-12-25T11:49:51.191470895Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:49:51.193798315Z 69 PC: 9f5fa | Duplicate handle (See above)
2018-12-25T11:49:51.195432275Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:49:51.197073545Z 69 PC: 9f5fa | Duplicate handle (See above)
2018-12-25T11:49:51.19934428Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:49:51.200854771Z 69 PC: 9f5fa | Duplicate handle (See above)
2018-12-25T11:49:51.202539086Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:49:51.205035889Z 69 PC: 9f5fa | Duplicate handle (See above)
2018-12-25T11:49:51.206600994Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:49:51.20815393Z 69 PC: 9f5fa | Duplicate handle (See above)
2018-12-25T11:49:51.210343613Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:49:51.2203654Z 69 PC: 9f5fa | Duplicate handle (See above)
2018-12-25T11:49:51.222087589Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:49:51.224859248Z 69 PC: 9f5fa | Duplicate handle (See above)
2018-12-25T11:49:51.2266627Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:49:51.229102086Z 69 PC: 9f5fa | Duplicate handle (See above)
2018-12-25T11:49:51.232634942Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:49:51.234101707Z 69 PC: 9f5fa | Duplicate handle (See above)
2018-12-25T11:49:51.235843637Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:49:51.237956539Z 69 PC: 9f5fa | Duplicate handle (See above)
2018-12-25T11:49:51.23961781Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:49:51.242310258Z 99 PC: 99dc7 | Get DBCS lead byte table pointer (See above)
2018-12-25T11:49:51.244185817Z 56 PC: 945e9 | Get or set country info (See above)
2018-12-25T11:49:51.246011162Z 64 PC: 9a038 | Write file or device (See above)
2018-12-25T11:49:51.250354538Z 25 PC: 94652 | Get default drive (See above)
2018-12-25T11:49:51.261204344Z 71 PC: 968cd | Get current directory (See above)
2018-12-25T11:49:51.265219145Z 64 PC: 9a038 | Write file or device (See above)
2018-12-25T11:49:51.273976847Z 2 PC: 968a2 | Character output (See above)
2018-12-25T11:49:51.279500981Z 93 PC: 94710 | File sharing functions (See above)
2018-12-25T11:49:51.281589386Z 93 PC: 94717 | File sharing functions (See above)
2018-12-25T11:49:51.283544044Z 10 PC: 94729 | Buffered keyboard input (See above)