Sample viewer

vx.netlux.org/Virus.DOS.Taek.2129

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:26:42.60783817Z	47	PC: 1be41 \| Get disk transfer address
2018-12-17T22:26:42.610190952Z	26	PC: 1be53 \| Set disk transfer address
2018-12-17T22:26:42.61139561Z	78	PC: 1be5e \| Find first file
2018-12-17T22:26:42.617969564Z	255	PC: 1be6e \| UNKNOWN!
2018-12-17T22:26:42.619750465Z	79	PC: 1be5e \| Find next file
2018-12-17T22:26:42.622115406Z	26	PC: 1be78 \| Set disk transfer address
2018-12-17T22:26:42.623497547Z	255	PC: 1be7e \| UNKNOWN!
2018-12-17T22:26:42.625398583Z	74	PC: 1bea4 \| Reallocate memory
2018-12-17T22:26:42.626819006Z	72	PC: 1beae \| Allocate memory
2018-12-17T22:26:42.628384254Z	72	PC: 1bec3 \| Allocate memory
2018-12-17T22:26:42.630674762Z	74	PC: 9ed03 \| Reallocate memory
2018-12-17T22:26:42.632337908Z	75	PC: 9ed43 \| Execute program
2018-12-17T22:26:42.652281275Z	47	PC: 1bfa1 \| Get disk transfer address
2018-12-17T22:26:42.654433862Z	26	PC: 1bfb3 \| Set disk transfer address
2018-12-17T22:26:42.658476888Z	78	PC: 1bfbe \| Find first file
2018-12-17T22:26:42.664735973Z	67	PC: 9ed43 \| Get or set file attributes
2018-12-17T22:26:42.672695433Z	67	PC: 9ed43 \| Get or set file attributes
2018-12-17T22:26:42.688735944Z	61	PC: 9ed43 \| Open file (Filename = 'fit in memory No free file handlesBad Command or file name Access denied Memory allocation error& Cannot load COMMAND, system halted ! Cannot start COMMAND, exiting . Top level process aborted, cannot continue � ')
2018-12-17T22:26:42.696172554Z	87	PC: 9ed43 \| Get or set file date and time
2018-12-17T22:26:42.698934684Z	66	PC: 9ed43 \| Move file pointer
2018-12-17T22:26:42.701293562Z	66	PC: 9ed43 \| Move file pointer
2018-12-17T22:26:42.703580238Z	63	PC: 9ed43 \| Read file or device (Read 64 bytes on handle 5)
2018-12-17T22:26:42.707449597Z	66	PC: 9ed43 \| Move file pointer
2018-12-17T22:26:42.709549246Z	63	PC: 9ed43 \| Read file or device (Read 2 bytes on handle 5)
2018-12-17T22:26:42.711881684Z	66	PC: 9ed43 \| Move file pointer
2018-12-17T22:26:42.714343972Z	64	PC: 9ed43 \| Write file or device (Write 32 bytes on handle 5)
2018-12-17T22:26:42.717933568Z	66	PC: 9ed43 \| Move file pointer
2018-12-17T22:26:42.719378331Z	64	PC: 9ed43 \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T22:26:42.723696363Z	64	PC: 9ed43 \| Write file or device (Write 2129 bytes on handle 5)
2018-12-17T22:26:42.73249191Z	64	PC: 9ed43 \| Write file or device (Write 53 bytes on handle 5)
2018-12-17T22:26:42.735189108Z	64	PC: 9ed43 \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T22:26:42.738832099Z	87	PC: 9ed43 \| Get or set file date and time
2018-12-17T22:26:42.741525436Z	44	PC: 9f165 \| Get time 0x9f165: cmp ch, 0x17 0x9f168: jb 0x9f1cb 0x9f16a: mov es, word ptr cs:[0x73f] 0x9f16f: mov ax, 0xb800 0x9f172: mov ds, ax 0x9f174: xor si, si 0x9f176: xor di, di 0x9f178: mov cx, 0x50 0x9f17b: cld 0x9f17c: rep movsd dword ptr es:[di], dword ptr [si] 0x9f17e: push cs 0x9f17f: pop ds 0x9f180: mov ax, 0xb800 0x9f183: mov es, ax 0x9f185: mov si, 0x6dc 0x9f188: xor di, di 0x9f18a: mov cx, 0x50 0x9f18d: mov ah, 0x4f 0x9f18f: cld 0x9f190: lodsb al, byte ptr [si]
2018-12-17T22:26:42.743975437Z	62	PC: 9ed43 \| Close file
2018-12-17T22:26:42.759119916Z	67	PC: 9ed43 \| Get or set file attributes
2018-12-17T22:26:42.779584875Z	255	PC: 1bfce \| UNKNOWN!
2018-12-17T22:26:42.780820083Z	79	PC: 1bfbe \| Find next file
2018-12-17T22:26:42.78429766Z	26	PC: 1bfd8 \| Set disk transfer address
2018-12-17T22:26:42.787425879Z	48	PC: 2ac5e \| Get DOS version
2018-12-17T22:26:42.788893712Z	53	PC: 2ad67 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:26:42.797481955Z	48	PC: 2ac5e \| Get DOS version
2018-12-17T22:26:42.799007618Z	53	PC: 2ad67 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:26:42.803790918Z	48	PC: 2ac5e \| Get DOS version
2018-12-17T22:26:42.805893298Z	53	PC: 2ad67 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:26:42.811339412Z	48	PC: 2ac5e \| Get DOS version
2018-12-17T22:26:42.812587327Z	53	PC: 2ad67 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:26:42.819977318Z	48	PC: 2ac5e \| Get DOS version
2018-12-17T22:26:42.821116257Z	53	PC: 2ad67 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:26:42.827403456Z	48	PC: 2ac5e \| Get DOS version
2018-12-17T22:26:42.829848292Z	53	PC: 2ad67 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:26:42.837537337Z	48	PC: 2ac5e \| Get DOS version
2018-12-17T22:26:42.838986585Z	53	PC: 2ad67 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:26:42.848513505Z	48	PC: 2ac5e \| Get DOS version
2018-12-17T22:26:42.850755191Z	53	PC: 2ad67 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:26:42.858540448Z	48	PC: 2ac5e \| Get DOS version
2018-12-17T22:26:42.860545055Z	53	PC: 2ad67 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:26:42.867747763Z	48	PC: 2ac5e \| Get DOS version
2018-12-17T22:26:42.869405564Z	53	PC: 2ad67 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:26:42.876587283Z	48	PC: 2ac5e \| Get DOS version
2018-12-17T22:26:42.87821812Z	53	PC: 2ad67 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:26:42.884970341Z	48	PC: 2ac5e \| Get DOS version
2018-12-17T22:26:42.88726908Z	53	PC: 2ad67 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:26:42.892143759Z	48	PC: 2ac5e \| Get DOS version
2018-12-17T22:26:42.893470773Z	53	PC: 2ad67 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:26:42.897450925Z	48	PC: 12bac \| Get DOS version
2018-12-17T22:26:42.898794593Z	53	PC: 12d0e \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:26:42.90017544Z	53	PC: 12d1b \| Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:26:42.902459635Z	53	PC: 12d28 \| Get interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-17T22:26:42.903705715Z	53	PC: 12d35 \| Get interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-17T22:26:42.904933303Z	37	PC: 12d49 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:26:42.907259282Z	74	PC: 12c36 \| Reallocate memory
2018-12-17T22:26:42.909434323Z	68	PC: 131f2 \| I/O control for devices (Set for = '')
2018-12-17T22:26:42.91162746Z	74	PC: 1526d \| Reallocate memory
2018-12-17T22:26:42.913871925Z	74	PC: 1526d \| Reallocate memory
2018-12-17T22:26:42.916585422Z	68	PC: 131f2 \| I/O control for devices (Set for = 'Borland C++ - Copyright 1991 Borland Intl.')
2018-12-17T22:26:42.920699398Z	53	PC: 1300e \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:26:42.922147722Z	37	PC: 13028 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:26:42.924232934Z	37	PC: 13028 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:26:42.947985668Z	67	PC: 1550a \| Get or set file attributes
2018-12-17T22:26:42.954041923Z	67	PC: 9ed43 \| Get or set file attributes
2018-12-17T22:26:42.960915797Z	67	PC: 9ed43 \| Get or set file attributes
2018-12-17T22:26:42.967844143Z	67	PC: 9ed43 \| Get or set file attributes
2018-12-17T22:26:42.973908066Z	61	PC: 162fd \| Open file (Filename = '!�R�')
2018-12-17T22:26:42.982091247Z	64	PC: 16d56 \| Write file or device (Write 48 bytes on handle 1)
2018-12-17T22:26:42.989358794Z	64	PC: 16d56 \| Write file or device (Write 63 bytes on handle 1)
2018-12-17T22:26:42.994096105Z	62	PC: 15636 \| Close file
2018-12-17T22:26:42.998358152Z	37	PC: 12d5b \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:26:43.000143441Z	37	PC: 12d66 \| Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:26:43.001588139Z	37	PC: 12d71 \| Set interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-17T22:26:43.003765638Z	37	PC: 12d7b \| Set interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-17T22:26:43.005972668Z	74	PC: 1526d \| Reallocate memory
2018-12-17T22:26:43.007880703Z	62	PC: 15636 \| Close file
2018-12-17T22:26:43.010681138Z	62	PC: 15636 \| Close file
2018-12-17T22:26:43.013294689Z	62	PC: 15636 \| Close file
2018-12-17T22:26:43.015602986Z	62	PC: 15636 \| Close file
2018-12-17T22:26:43.018627507Z	62	PC: 15636 \| Close file
2018-12-17T22:26:43.021167694Z	76	PC: 12cff \| Terminate with return code (Return code = '1')
2018-12-17T22:26:43.023885096Z	73	PC: 9ed32 \| Release memory
2018-12-17T22:26:43.025630895Z	77	PC: 9ed36 \| Get program return code
2018-12-17T22:26:43.027813993Z	76	PC: 9ed3a \| Terminate with return code (Return code = '1')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":4740,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:52:44.147470849Z	47	PC: 1be41 \| Get disk transfer address
2018-12-25T11:52:44.148887962Z	26	PC: 1be53 \| Set disk transfer address
2018-12-25T11:52:44.14973194Z	78	PC: 1be5e \| Find first file
2018-12-25T11:52:44.153630624Z	255	PC: 1be6e \| UNKNOWN!
2018-12-25T11:52:44.154535469Z	79	PC: 1be5e \| Find next file (See above)
2018-12-25T11:52:44.156155631Z	26	PC: 1be78 \| Set disk transfer address
2018-12-25T11:52:44.156950064Z	255	PC: 1be7e \| UNKNOWN!
2018-12-25T11:52:44.158332648Z	74	PC: 1bea4 \| Reallocate memory
2018-12-25T11:52:44.159357062Z	72	PC: 1beae \| Allocate memory
2018-12-25T11:52:44.160477264Z	72	PC: 1bec3 \| Allocate memory
2018-12-25T11:52:44.162545923Z	74	PC: 9ed03 \| Reallocate memory
2018-12-25T11:52:44.163894589Z	75	PC: 9ed43 \| Execute program
2018-12-25T11:52:44.175473317Z	47	PC: 1bfa1 \| Get disk transfer address
2018-12-25T11:52:44.176838573Z	26	PC: 1bfb3 \| Set disk transfer address
2018-12-25T11:52:44.178329803Z	78	PC: 1bfbe \| Find first file
2018-12-25T11:52:44.183904394Z	67	PC: 9ed43 \| Get or set file attributes (See above)
2018-12-25T11:52:44.189835419Z	67	PC: 9ed43 \| Get or set file attributes (See above)
2018-12-25T11:52:44.210812155Z	61	PC: 9ed43 \| Open file (See above)
2018-12-25T11:52:44.217952998Z	87	PC: 9ed43 \| Get or set file date and time (See above)
2018-12-25T11:52:44.219942959Z	66	PC: 9ed43 \| Move file pointer (See above)
2018-12-25T11:52:44.221646238Z	66	PC: 9ed43 \| Move file pointer (See above)
2018-12-25T11:52:44.223331304Z	63	PC: 9ed43 \| Read file or device (See above)
2018-12-25T11:52:44.226722205Z	66	PC: 9ed43 \| Move file pointer (See above)
2018-12-25T11:52:44.228562954Z	63	PC: 9ed43 \| Read file or device (See above)
2018-12-25T11:52:44.231256257Z	66	PC: 9ed43 \| Move file pointer (See above)
2018-12-25T11:52:44.23754506Z	64	PC: 9ed43 \| Write file or device (See above)
2018-12-25T11:52:44.242169061Z	66	PC: 9ed43 \| Move file pointer (See above)
2018-12-25T11:52:44.243499149Z	64	PC: 9ed43 \| Write file or device (See above)
2018-12-25T11:52:44.247769771Z	64	PC: 9ed43 \| Write file or device (See above)
2018-12-25T11:52:44.257012162Z	64	PC: 9ed43 \| Write file or device (See above)
2018-12-25T11:52:44.259893709Z	64	PC: 9ed43 \| Write file or device (See above)
2018-12-25T11:52:44.263292157Z	87	PC: 9ed43 \| Get or set file date and time (See above)
2018-12-25T11:52:44.265376142Z	44	PC: 9f165 \| Get time 0x9f165: cmp ch, 0x17 0x9f168: jb 0x9f1cb 0x9f16a: mov es, word ptr cs:[0x73f] 0x9f16f: mov ax, 0xb800 0x9f172: mov ds, ax 0x9f174: xor si, si 0x9f176: xor di, di 0x9f178: mov cx, 0x50 0x9f17b: cld 0x9f17c: rep movsd dword ptr es:[di], dword ptr [si] 0x9f17e: push cs 0x9f17f: pop ds 0x9f180: mov ax, 0xb800 0x9f183: mov es, ax 0x9f185: mov si, 0x6dc 0x9f188: xor di, di 0x9f18a: mov cx, 0x50 0x9f18d: mov ah, 0x4f 0x9f18f: cld 0x9f190: lodsb al, byte ptr [si]
2018-12-25T11:52:44.267473008Z	62	PC: 9ed43 \| Close file (See above)
2018-12-25T11:52:44.276072424Z	67	PC: 9ed43 \| Get or set file attributes (See above)
2018-12-25T11:52:44.292627287Z	255	PC: 1bfce \| UNKNOWN!
2018-12-25T11:52:44.293815333Z	79	PC: 1bfbe \| Find next file (See above)
2018-12-25T11:52:44.297536668Z	26	PC: 1bfd8 \| Set disk transfer address
2018-12-25T11:52:44.300682731Z	48	PC: 2ac5e \| Get DOS version
2018-12-25T11:52:44.302102963Z	53	PC: 2ad67 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T11:52:44.3069631Z	48	PC: 2ac5e \| Get DOS version (See above)
2018-12-25T11:52:44.308103455Z	53	PC: 2ad67 \| Get interrupt vector (See above)
2018-12-25T11:52:44.312444688Z	48	PC: 2ac5e \| Get DOS version (See above)
2018-12-25T11:52:44.314127662Z	53	PC: 2ad67 \| Get interrupt vector (See above)
2018-12-25T11:52:44.319312284Z	48	PC: 2ac5e \| Get DOS version (See above)
2018-12-25T11:52:44.321516248Z	53	PC: 2ad67 \| Get interrupt vector (See above)
2018-12-25T11:52:44.328066786Z	48	PC: 2ac5e \| Get DOS version (See above)
2018-12-25T11:52:44.329482499Z	53	PC: 2ad67 \| Get interrupt vector (See above)
2018-12-25T11:52:44.335871561Z	48	PC: 2ac5e \| Get DOS version (See above)
2018-12-25T11:52:44.336812828Z	53	PC: 2ad67 \| Get interrupt vector (See above)
2018-12-25T11:52:44.344154452Z	48	PC: 2ac5e \| Get DOS version (See above)
2018-12-25T11:52:44.345192764Z	53	PC: 2ad67 \| Get interrupt vector (See above)
2018-12-25T11:52:44.352552254Z	48	PC: 2ac5e \| Get DOS version (See above)
2018-12-25T11:52:44.354660165Z	53	PC: 2ad67 \| Get interrupt vector (See above)
2018-12-25T11:52:44.362007718Z	48	PC: 2ac5e \| Get DOS version (See above)
2018-12-25T11:52:44.363413144Z	53	PC: 2ad67 \| Get interrupt vector (See above)
2018-12-25T11:52:44.371528414Z	48	PC: 2ac5e \| Get DOS version (See above)
2018-12-25T11:52:44.372943023Z	53	PC: 2ad67 \| Get interrupt vector (See above)
2018-12-25T11:52:44.379242965Z	48	PC: 2ac5e \| Get DOS version (See above)
2018-12-25T11:52:44.381511444Z	53	PC: 2ad67 \| Get interrupt vector (See above)
2018-12-25T11:52:44.388014216Z	48	PC: 2ac5e \| Get DOS version (See above)
2018-12-25T11:52:44.390007651Z	53	PC: 2ad67 \| Get interrupt vector (See above)
2018-12-25T11:52:44.395485172Z	48	PC: 2ac5e \| Get DOS version (See above)
2018-12-25T11:52:44.396718175Z	53	PC: 2ad67 \| Get interrupt vector (See above)
2018-12-25T11:52:44.399472947Z	48	PC: 12bac \| Get DOS version
2018-12-25T11:52:44.40157726Z	53	PC: 12d0e \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T11:52:44.403297411Z	53	PC: 12d1b \| Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-25T11:52:44.404398425Z	53	PC: 12d28 \| Get interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-25T11:52:44.406100431Z	53	PC: 12d35 \| Get interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-25T11:52:44.407957079Z	37	PC: 12d49 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T11:52:44.409159083Z	74	PC: 12c36 \| Reallocate memory
2018-12-25T11:52:44.412101798Z	68	PC: 131f2 \| I/O control for devices (Set for = '')
2018-12-25T11:52:44.414596594Z	74	PC: 1526d \| Reallocate memory
2018-12-25T11:52:44.41688987Z	74	PC: 1526d \| Reallocate memory (See above)
2018-12-25T11:52:44.419843126Z	68	PC: 131f2 \| I/O control for devices (See above)
2018-12-25T11:52:44.424882987Z	53	PC: 1300e \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T11:52:44.426954796Z	37	PC: 13028 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T11:52:44.428711214Z	37	PC: 13028 \| Set interrupt vector (See above)
2018-12-25T11:52:44.453173963Z	67	PC: 1550a \| Get or set file attributes
2018-12-25T11:52:44.460256453Z	67	PC: 9ed43 \| Get or set file attributes (See above)
2018-12-25T11:52:44.466668717Z	67	PC: 9ed43 \| Get or set file attributes (See above)
2018-12-25T11:52:44.474851222Z	67	PC: 9ed43 \| Get or set file attributes (See above)
2018-12-25T11:52:44.481113229Z	61	PC: 162fd \| Open file (Filename = '!�R�')
2018-12-25T11:52:44.488737067Z	64	PC: 16d56 \| Write file or device (Write 48 bytes on handle 1)
2018-12-25T11:52:44.497161708Z	64	PC: 16d56 \| Write file or device (See above)
2018-12-25T11:52:44.502411597Z	62	PC: 15636 \| Close file
2018-12-25T11:52:44.505787865Z	37	PC: 12d5b \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T11:52:44.508691624Z	37	PC: 12d66 \| Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-25T11:52:44.510124075Z	37	PC: 12d71 \| Set interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-25T11:52:44.511505524Z	37	PC: 12d7b \| Set interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-25T11:52:44.514149449Z	74	PC: 1526d \| Reallocate memory (See above)
2018-12-25T11:52:44.516315132Z	62	PC: 15636 \| Close file (See above)
2018-12-25T11:52:44.518348399Z	62	PC: 15636 \| Close file (See above)
2018-12-25T11:52:44.521318387Z	62	PC: 15636 \| Close file (See above)
2018-12-25T11:52:44.52410261Z	62	PC: 15636 \| Close file (See above)
2018-12-25T11:52:44.526978687Z	62	PC: 15636 \| Close file (See above)
2018-12-25T11:52:44.529499614Z	76	PC: 12cff \| Terminate with return code (Return code = '1')
2018-12-25T11:52:44.532090603Z	73	PC: 9ed32 \| Release memory
2018-12-25T11:52:44.533265596Z	77	PC: 9ed36 \| Get program return code
2018-12-25T11:52:44.534910613Z	76	PC: 9ed3a \| Terminate with return code (Return code = '1')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":23,"Min":0,"Second":0,"TimeBased":true,"OriginalID":4740,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:52:44.304909839Z	47	PC: 1be41 \| Get disk transfer address
2018-12-25T11:52:44.30677397Z	26	PC: 1be53 \| Set disk transfer address
2018-12-25T11:52:44.307738488Z	78	PC: 1be5e \| Find first file
2018-12-25T11:52:44.313587641Z	255	PC: 1be6e \| UNKNOWN!
2018-12-25T11:52:44.315635572Z	79	PC: 1be5e \| Find next file (See above)
2018-12-25T11:52:44.318067219Z	26	PC: 1be78 \| Set disk transfer address
2018-12-25T11:52:44.319341465Z	255	PC: 1be7e \| UNKNOWN!
2018-12-25T11:52:44.326542623Z	74	PC: 1bea4 \| Reallocate memory
2018-12-25T11:52:44.327776583Z	72	PC: 1beae \| Allocate memory
2018-12-25T11:52:44.329363064Z	72	PC: 1bec3 \| Allocate memory
2018-12-25T11:52:44.331521916Z	74	PC: 9ed03 \| Reallocate memory
2018-12-25T11:52:44.332915597Z	75	PC: 9ed43 \| Execute program
2018-12-25T11:52:44.351046535Z	47	PC: 1bfa1 \| Get disk transfer address
2018-12-25T11:52:44.359553756Z	26	PC: 1bfb3 \| Set disk transfer address
2018-12-25T11:52:44.360362864Z	78	PC: 1bfbe \| Find first file
2018-12-25T11:52:44.363972624Z	67	PC: 9ed43 \| Get or set file attributes (See above)
2018-12-25T11:52:44.368211665Z	67	PC: 9ed43 \| Get or set file attributes (See above)
2018-12-25T11:52:44.380706972Z	61	PC: 9ed43 \| Open file (See above)
2018-12-25T11:52:44.38500825Z	87	PC: 9ed43 \| Get or set file date and time (See above)
2018-12-25T11:52:44.386492482Z	66	PC: 9ed43 \| Move file pointer (See above)
2018-12-25T11:52:44.387425329Z	66	PC: 9ed43 \| Move file pointer (See above)
2018-12-25T11:52:44.388307396Z	63	PC: 9ed43 \| Read file or device (See above)
2018-12-25T11:52:44.390346068Z	66	PC: 9ed43 \| Move file pointer (See above)
2018-12-25T11:52:44.391622332Z	63	PC: 9ed43 \| Read file or device (See above)
2018-12-25T11:52:44.393101486Z	66	PC: 9ed43 \| Move file pointer (See above)
2018-12-25T11:52:44.394927947Z	64	PC: 9ed43 \| Write file or device (See above)
2018-12-25T11:52:44.398264331Z	66	PC: 9ed43 \| Move file pointer (See above)
2018-12-25T11:52:44.39947525Z	64	PC: 9ed43 \| Write file or device (See above)
2018-12-25T11:52:44.40301348Z	64	PC: 9ed43 \| Write file or device (See above)
2018-12-25T11:52:44.412206999Z	64	PC: 9ed43 \| Write file or device (See above)
2018-12-25T11:52:44.414917831Z	64	PC: 9ed43 \| Write file or device (See above)
2018-12-25T11:52:44.418060099Z	87	PC: 9ed43 \| Get or set file date and time (See above)
2018-12-25T11:52:44.420089227Z	44	PC: 9f165 \| Get time 0x9f165: cmp ch, 0x17 0x9f168: jb 0x9f1cb 0x9f16a: mov es, word ptr cs:[0x73f] 0x9f16f: mov ax, 0xb800 0x9f172: mov ds, ax 0x9f174: xor si, si 0x9f176: xor di, di 0x9f178: mov cx, 0x50 0x9f17b: cld 0x9f17c: rep movsd dword ptr es:[di], dword ptr [si] 0x9f17e: push cs 0x9f17f: pop ds 0x9f180: mov ax, 0xb800 0x9f183: mov es, ax 0x9f185: mov si, 0x6dc 0x9f188: xor di, di 0x9f18a: mov cx, 0x50 0x9f18d: mov ah, 0x4f 0x9f18f: cld 0x9f190: lodsb al, byte ptr [si]
2018-12-25T11:52:44.422909246Z	62	PC: 9ed43 \| Close file (See above)
2018-12-25T11:52:44.43143659Z	67	PC: 9ed43 \| Get or set file attributes (See above)
2018-12-25T11:52:44.44156891Z	255	PC: 1bfce \| UNKNOWN!
2018-12-25T11:52:44.442295846Z	79	PC: 1bfbe \| Find next file (See above)
2018-12-25T11:52:44.445163904Z	26	PC: 1bfd8 \| Set disk transfer address
2018-12-25T11:52:44.447780344Z	48	PC: 2ac5e \| Get DOS version
2018-12-25T11:52:44.448809897Z	53	PC: 2ad67 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T11:52:44.453286916Z	48	PC: 2ac5e \| Get DOS version (See above)
2018-12-25T11:52:44.454332756Z	53	PC: 2ad67 \| Get interrupt vector (See above)
2018-12-25T11:52:44.458675001Z	48	PC: 2ac5e \| Get DOS version (See above)
2018-12-25T11:52:44.460167164Z	53	PC: 2ad67 \| Get interrupt vector (See above)
2018-12-25T11:52:44.465216565Z	48	PC: 2ac5e \| Get DOS version (See above)
2018-12-25T11:52:44.466241599Z	53	PC: 2ad67 \| Get interrupt vector (See above)
2018-12-25T11:52:44.473240763Z	48	PC: 2ac5e \| Get DOS version (See above)
2018-12-25T11:52:44.474723552Z	53	PC: 2ad67 \| Get interrupt vector (See above)
2018-12-25T11:52:44.480802158Z	48	PC: 2ac5e \| Get DOS version (See above)
2018-12-25T11:52:44.482240406Z	53	PC: 2ad67 \| Get interrupt vector (See above)
2018-12-25T11:52:44.489909839Z	48	PC: 2ac5e \| Get DOS version (See above)
2018-12-25T11:52:44.490922804Z	53	PC: 2ad67 \| Get interrupt vector (See above)
2018-12-25T11:52:44.498743653Z	48	PC: 2ac5e \| Get DOS version (See above)
2018-12-25T11:52:44.499869821Z	53	PC: 2ad67 \| Get interrupt vector (See above)
2018-12-25T11:52:44.506922124Z	48	PC: 2ac5e \| Get DOS version (See above)
2018-12-25T11:52:44.509181172Z	53	PC: 2ad67 \| Get interrupt vector (See above)
2018-12-25T11:52:44.515962286Z	48	PC: 2ac5e \| Get DOS version (See above)
2018-12-25T11:52:44.517031612Z	53	PC: 2ad67 \| Get interrupt vector (See above)
2018-12-25T11:52:44.523352362Z	48	PC: 2ac5e \| Get DOS version (See above)
2018-12-25T11:52:44.524511878Z	53	PC: 2ad67 \| Get interrupt vector (See above)
2018-12-25T11:52:44.530315037Z	48	PC: 2ac5e \| Get DOS version (See above)
2018-12-25T11:52:44.531980778Z	53	PC: 2ad67 \| Get interrupt vector (See above)
2018-12-25T11:52:44.536382094Z	48	PC: 2ac5e \| Get DOS version (See above)
2018-12-25T11:52:44.537550971Z	53	PC: 2ad67 \| Get interrupt vector (See above)
2018-12-25T11:52:44.540983164Z	48	PC: 12bac \| Get DOS version
2018-12-25T11:52:44.542353197Z	53	PC: 12d0e \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T11:52:44.543907003Z	53	PC: 12d1b \| Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-25T11:52:44.546314957Z	53	PC: 12d28 \| Get interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-25T11:52:44.547719915Z	53	PC: 12d35 \| Get interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-25T11:52:44.549095062Z	37	PC: 12d49 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T11:52:44.551496096Z	74	PC: 12c36 \| Reallocate memory
2018-12-25T11:52:44.553575315Z	68	PC: 131f2 \| I/O control for devices (Set for = '')
2018-12-25T11:52:44.555596836Z	74	PC: 1526d \| Reallocate memory
2018-12-25T11:52:44.55788349Z	74	PC: 1526d \| Reallocate memory (See above)
2018-12-25T11:52:44.559804541Z	68	PC: 131f2 \| I/O control for devices (See above)
2018-12-25T11:52:44.563848565Z	53	PC: 1300e \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T11:52:44.573145454Z	37	PC: 13028 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T11:52:44.574144141Z	37	PC: 13028 \| Set interrupt vector (See above)
2018-12-25T11:52:44.597298956Z	67	PC: 1550a \| Get or set file attributes
2018-12-25T11:52:44.603966737Z	67	PC: 9ed43 \| Get or set file attributes (See above)
2018-12-25T11:52:44.609455581Z	67	PC: 9ed43 \| Get or set file attributes (See above)
2018-12-25T11:52:44.614838499Z	67	PC: 9ed43 \| Get or set file attributes (See above)
2018-12-25T11:52:44.622055193Z	61	PC: 162fd \| Open file (Filename = '!�R�')
2018-12-25T11:52:44.629664385Z	64	PC: 16d56 \| Write file or device (Write 48 bytes on handle 1)
2018-12-25T11:52:44.636003031Z	64	PC: 16d56 \| Write file or device (See above)
2018-12-25T11:52:44.640585043Z	62	PC: 15636 \| Close file
2018-12-25T11:52:44.644305585Z	37	PC: 12d5b \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T11:52:44.645283699Z	37	PC: 12d66 \| Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-25T11:52:44.646824065Z	37	PC: 12d71 \| Set interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-25T11:52:44.647907022Z	37	PC: 12d7b \| Set interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-25T11:52:44.649381713Z	74	PC: 1526d \| Reallocate memory (See above)
2018-12-25T11:52:44.651237996Z	62	PC: 15636 \| Close file (See above)
2018-12-25T11:52:44.652938642Z	62	PC: 15636 \| Close file (See above)
2018-12-25T11:52:44.654789616Z	62	PC: 15636 \| Close file (See above)
2018-12-25T11:52:44.656950403Z	62	PC: 15636 \| Close file (See above)
2018-12-25T11:52:44.658780245Z	62	PC: 15636 \| Close file (See above)
2018-12-25T11:52:44.660561804Z	76	PC: 12cff \| Terminate with return code (Return code = '1')
2018-12-25T11:52:44.663229014Z	73	PC: 9ed32 \| Release memory
2018-12-25T11:52:44.664292159Z	77	PC: 9ed36 \| Get program return code
2018-12-25T11:52:44.665395746Z	76	PC: 9ed3a \| Terminate with return code (Return code = '1')