Sample viewer

vx.netlux.org/Virus.DOS.IVP.Ping.1556

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T21:50:50.699818836Z 26 PC: 130c7 | Set disk transfer address
2018-12-17T21:50:50.701661445Z 53 PC: 12b8b | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:50:50.70270322Z 37 PC: 12b9d | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:50:50.703686249Z 71 PC: 12ba9 | Get current directory
2018-12-17T21:50:50.707811978Z 78 PC: 12c1f | Find first file
2018-12-17T21:50:50.711600235Z 78 PC: 12c1f | Find first file
2018-12-17T21:50:50.715424825Z 59 PC: 12bbf | Change current directory
2018-12-17T21:50:50.717485311Z 44 PC: 12d5b | Get time 0x12d5b: cmp cl, 0xa
0x12d5e: ja 0x12d68
0x12d60: mov ah, 9
0x12d62: lea dx, word ptr [bp + 0x6b8]
0x12d66: int 0x21
0x12d68: jmp 0x12f19
0x12d6b: jmp 0x13069
0x12d6e: arpl word ptr [bp + si], di
0x12d70: pop sp
0x12d71: insw word ptr es:[di], dx
0x12d72: imul si, word ptr [bp + si + 0x63], 0x725c
0x12d77: insw word ptr es:[di], dx
0x12d79: outsw dx, word ptr [si]
0x12d7a: je 0x12de1
0x12d7c: imul bp, word ptr cs:[bp + 0x69], 0x7400
0x12d82: jb 0x12df7
0x12d85: outsw dx, word ptr [si]
0x12d86: jb 0x12db6
0x12d88: outsw dx, word ptr [esi]
0x12d8a: bound ax, dword ptr [bx + si]
2018-12-17T21:50:50.719920142Z 9 PC: 12d68 | Display string (String= '[IVP] ')
2018-12-17T21:50:50.729756703Z 37 PC: 12bce | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:50:50.730777228Z 59 PC: 12bd8 | Change current directory
2018-12-17T21:50:50.733274153Z 26 PC: 130c7 | Set disk transfer address
2018-12-17T21:50:50.736260081Z 26 PC: 130c7 | Set disk transfer address
2018-12-17T21:50:50.737540655Z 53 PC: 12b8b | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:50:50.74762426Z 37 PC: 12b9d | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:50:50.748696159Z 71 PC: 12ba9 | Get current directory
2018-12-17T21:50:50.751424127Z 78 PC: 12c1f | Find first file
2018-12-17T21:50:50.765005226Z 61 PC: 130d0 | Open file (Filename = 'TEST.EXE')
2018-12-17T21:50:50.771209491Z 63 PC: 12c3a | Read file or device (Read 26 bytes on handle 5)
2018-12-17T21:50:50.777221649Z 62 PC: 12c3e | Close file
2018-12-17T21:50:50.779450057Z 67 PC: 130db | Get or set file attributes
2018-12-17T21:50:50.795383575Z 61 PC: 130d0 | Open file (Filename = 'TEST.EXE')
2018-12-17T21:50:50.801676574Z 64 PC: 12d1c | Write file or device (Write 26 bytes on handle 5)
2018-12-17T21:50:50.804994507Z 66 PC: 130c2 | Move file pointer
2018-12-17T21:50:50.806658306Z 44 PC: 12d27 | Get time 0x12d27: cmp dh, 0
0x12d2a: je 0x12d23
0x12d2c: mov byte ptr cs:[bp + 0x718], dh
0x12d31: call 0x13114
0x12d34: inc byte ptr cs:[bp + 0x719]
0x12d39: mov ax, 0x5701
0x12d3c: mov cx, word ptr cs:[bp + 0x78c]
0x12d41: mov dx, word ptr cs:[bp + 0x78e]
0x12d46: int 0x21
0x12d48: mov ah, 0x3e
0x12d4a: int 0x21
0x12d4c: xor cx, cx
0x12d4e: mov cl, byte ptr cs:[bp + 0x78b]
0x12d53: call 0x130d2
0x12d56: ret
0x12d57: mov ah, 0x2c
0x12d59: int 0x21
0x12d5b: cmp cl, 0xa
0x12d5e: ja 0x12d68
0x12d60: mov ah, 9
2018-12-17T21:50:50.809311841Z 64 PC: 1316d | Write file or device (Write 1556 bytes on handle 5)
2018-12-17T21:50:50.818645003Z 87 PC: 12d48 | Get or set file date and time
2018-12-17T21:50:50.820196982Z 62 PC: 12d4c | Close file
2018-12-17T21:50:50.82792372Z 67 PC: 130db | Get or set file attributes
2018-12-17T21:50:50.837507036Z 79 PC: 12c1f | Find next file
2018-12-17T21:50:50.839728104Z 78 PC: 12c1f | Find first file
2018-12-17T21:50:50.843578902Z 61 PC: 130d0 | Open file (Filename = 'SLEEP.COM')
2018-12-17T21:50:50.848627952Z 63 PC: 12c3a | Read file or device (Read 26 bytes on handle 5)
2018-12-17T21:50:50.853617126Z 62 PC: 12c3e | Close file
2018-12-17T21:50:50.854797876Z 67 PC: 130db | Get or set file attributes
2018-12-17T21:50:50.861222968Z 61 PC: 130d0 | Open file (Filename = 'SLEEP.COM')
2018-12-17T21:50:50.88694307Z 64 PC: 12d1c | Write file or device (Write 5 bytes on handle 5)
2018-12-17T21:50:50.89552388Z 66 PC: 130c2 | Move file pointer
2018-12-17T21:50:50.896968559Z 44 PC: 12d27 | Get time 0x12d27: cmp dh, 0
0x12d2a: je 0x12d23
0x12d2c: mov byte ptr cs:[bp + 0x718], dh
0x12d31: call 0x13114
0x12d34: inc byte ptr cs:[bp + 0x719]
0x12d39: mov ax, 0x5701
0x12d3c: mov cx, word ptr cs:[bp + 0x78c]
0x12d41: mov dx, word ptr cs:[bp + 0x78e]
0x12d46: int 0x21
0x12d48: mov ah, 0x3e
0x12d4a: int 0x21
0x12d4c: xor cx, cx
0x12d4e: mov cl, byte ptr cs:[bp + 0x78b]
0x12d53: call 0x130d2
0x12d56: ret
0x12d57: mov ah, 0x2c
0x12d59: int 0x21
0x12d5b: cmp cl, 0xa
0x12d5e: ja 0x12d68
0x12d60: mov ah, 9
2018-12-17T21:50:50.899477315Z 64 PC: 1316d | Write file or device (Write 1556 bytes on handle 5)
2018-12-17T21:50:50.908073867Z 87 PC: 12d48 | Get or set file date and time
2018-12-17T21:50:50.909434782Z 62 PC: 12d4c | Close file
2018-12-17T21:50:50.917035564Z 67 PC: 130db | Get or set file attributes
2018-12-17T21:50:50.92655351Z 79 PC: 12c1f | Find next file
2018-12-17T21:50:50.929187069Z 61 PC: 130d0 | Open file (Filename = 'PRINT.COM')
2018-12-17T21:50:50.936056019Z 63 PC: 12c3a | Read file or device (Read 26 bytes on handle 5)
2018-12-17T21:50:50.942209672Z 62 PC: 12c3e | Close file
2018-12-17T21:50:50.943830458Z 67 PC: 130db | Get or set file attributes
2018-12-17T21:50:50.954325556Z 61 PC: 130d0 | Open file (Filename = 'PRINT.COM')
2018-12-17T21:50:50.960768585Z 64 PC: 12d1c | Write file or device (Write 5 bytes on handle 5)
2018-12-17T21:50:50.963449133Z 66 PC: 130c2 | Move file pointer
2018-12-17T21:50:50.965202069Z 44 PC: 12d27 | Get time 0x12d27: cmp dh, 0
0x12d2a: je 0x12d23
0x12d2c: mov byte ptr cs:[bp + 0x718], dh
0x12d31: call 0x13114
0x12d34: inc byte ptr cs:[bp + 0x719]
0x12d39: mov ax, 0x5701
0x12d3c: mov cx, word ptr cs:[bp + 0x78c]
0x12d41: mov dx, word ptr cs:[bp + 0x78e]
0x12d46: int 0x21
0x12d48: mov ah, 0x3e
0x12d4a: int 0x21
0x12d4c: xor cx, cx
0x12d4e: mov cl, byte ptr cs:[bp + 0x78b]
0x12d53: call 0x130d2
0x12d56: ret
0x12d57: mov ah, 0x2c
0x12d59: int 0x21
0x12d5b: cmp cl, 0xa
0x12d5e: ja 0x12d68
0x12d60: mov ah, 9
2018-12-17T21:50:50.967636038Z 64 PC: 1316d | Write file or device (Write 1556 bytes on handle 5)
2018-12-17T21:50:50.976163792Z 87 PC: 12d48 | Get or set file date and time
2018-12-17T21:50:50.978177645Z 62 PC: 12d4c | Close file
2018-12-17T21:50:50.985635215Z 67 PC: 130db | Get or set file attributes
2018-12-17T21:50:50.995329928Z 79 PC: 12c1f | Find next file
2018-12-17T21:50:50.999093945Z 61 PC: 130d0 | Open file (Filename = 'HELLO.COM')
2018-12-17T21:50:51.005450612Z 63 PC: 12c3a | Read file or device (Read 26 bytes on handle 5)
2018-12-17T21:50:51.010703287Z 62 PC: 12c3e | Close file
2018-12-17T21:50:51.012587057Z 67 PC: 130db | Get or set file attributes
2018-12-17T21:50:51.02271953Z 61 PC: 130d0 | Open file (Filename = 'HELLO.COM')
2018-12-17T21:50:51.02905107Z 64 PC: 12d1c | Write file or device (Write 5 bytes on handle 5)
2018-12-17T21:50:51.032198316Z 66 PC: 130c2 | Move file pointer
2018-12-17T21:50:51.033406579Z 44 PC: 12d27 | Get time 0x12d27: cmp dh, 0
0x12d2a: je 0x12d23
0x12d2c: mov byte ptr cs:[bp + 0x718], dh
0x12d31: call 0x13114
0x12d34: inc byte ptr cs:[bp + 0x719]
0x12d39: mov ax, 0x5701
0x12d3c: mov cx, word ptr cs:[bp + 0x78c]
0x12d41: mov dx, word ptr cs:[bp + 0x78e]
0x12d46: int 0x21
0x12d48: mov ah, 0x3e
0x12d4a: int 0x21
0x12d4c: xor cx, cx
0x12d4e: mov cl, byte ptr cs:[bp + 0x78b]
0x12d53: call 0x130d2
0x12d56: ret
0x12d57: mov ah, 0x2c
0x12d59: int 0x21
0x12d5b: cmp cl, 0xa
0x12d5e: ja 0x12d68
0x12d60: mov ah, 9
2018-12-17T21:50:51.035735771Z 64 PC: 1316d | Write file or device (Write 1556 bytes on handle 5)
2018-12-17T21:50:51.044874792Z 87 PC: 12d48 | Get or set file date and time
2018-12-17T21:50:51.046188343Z 62 PC: 12d4c | Close file
2018-12-17T21:50:51.053545162Z 67 PC: 130db | Get or set file attributes
2018-12-17T21:50:51.063520486Z 79 PC: 12c1f | Find next file
2018-12-17T21:50:51.066215446Z 61 PC: 130d0 | Open file (Filename = 'PHANG.COM')
2018-12-17T21:50:51.072776403Z 63 PC: 12c3a | Read file or device (Read 26 bytes on handle 5)
2018-12-17T21:50:51.07989765Z 62 PC: 12c3e | Close file
2018-12-17T21:50:51.081178033Z 67 PC: 130db | Get or set file attributes
2018-12-17T21:50:51.087536597Z 61 PC: 130d0 | Open file (Filename = 'PHANG.COM')
2018-12-17T21:50:51.092046736Z 64 PC: 12d1c | Write file or device (Write 5 bytes on handle 5)
2018-12-17T21:50:51.093975405Z 66 PC: 130c2 | Move file pointer
2018-12-17T21:50:51.095007788Z 44 PC: 12d27 | Get time 0x12d27: cmp dh, 0
0x12d2a: je 0x12d23
0x12d2c: mov byte ptr cs:[bp + 0x718], dh
0x12d31: call 0x13114
0x12d34: inc byte ptr cs:[bp + 0x719]
0x12d39: mov ax, 0x5701
0x12d3c: mov cx, word ptr cs:[bp + 0x78c]
0x12d41: mov dx, word ptr cs:[bp + 0x78e]
0x12d46: int 0x21
0x12d48: mov ah, 0x3e
0x12d4a: int 0x21
0x12d4c: xor cx, cx
0x12d4e: mov cl, byte ptr cs:[bp + 0x78b]
0x12d53: call 0x130d2
0x12d56: ret
0x12d57: mov ah, 0x2c
0x12d59: int 0x21
0x12d5b: cmp cl, 0xa
0x12d5e: ja 0x12d68
0x12d60: mov ah, 9
2018-12-17T21:50:51.097306058Z 64 PC: 1316d | Write file or device (Write 1556 bytes on handle 5)
2018-12-17T21:50:51.103136093Z 87 PC: 12d48 | Get or set file date and time
2018-12-17T21:50:51.104450919Z 62 PC: 12d4c | Close file
2018-12-17T21:50:51.110066128Z 67 PC: 130db | Get or set file attributes
2018-12-17T21:50:51.119138406Z 79 PC: 12c1f | Find next file
2018-12-17T21:50:51.121591869Z 61 PC: 130d0 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T21:50:51.131314067Z 63 PC: 12c3a | Read file or device (Read 26 bytes on handle 5)
2018-12-17T21:50:51.135166573Z 62 PC: 12c3e | Close file
2018-12-17T21:50:51.136874371Z 67 PC: 130db | Get or set file attributes
2018-12-17T21:50:51.147733999Z 61 PC: 130d0 | Open file (Filename = 'PRINTA~1.COM�')
2018-12-17T21:50:51.152279474Z 64 PC: 12d1c | Write file or device (Write 5 bytes on handle 2)
2018-12-17T21:50:51.155268913Z 66 PC: 130c2 | Move file pointer
2018-12-17T21:50:51.157339881Z 44 PC: 12d27 | Get time 0x12d27: cmp dh, 0
0x12d2a: je 0x12d23
0x12d2c: mov byte ptr cs:[bp + 0x718], dh
0x12d31: call 0x13114
0x12d34: inc byte ptr cs:[bp + 0x719]
0x12d39: mov ax, 0x5701
0x12d3c: mov cx, word ptr cs:[bp + 0x78c]
0x12d41: mov dx, word ptr cs:[bp + 0x78e]
0x12d46: int 0x21
0x12d48: mov ah, 0x3e
0x12d4a: int 0x21
0x12d4c: xor cx, cx
0x12d4e: mov cl, byte ptr cs:[bp + 0x78b]
0x12d53: call 0x130d2
0x12d56: ret
0x12d57: mov ah, 0x2c
0x12d59: int 0x21
0x12d5b: cmp cl, 0xa
0x12d5e: ja 0x12d68
0x12d60: mov ah, 9
2018-12-17T21:50:51.160278919Z 64 PC: 1316d | Write file or device (Write 1556 bytes on handle 2)
2018-12-17T21:50:51.168110872Z 87 PC: 12d48 | Get or set file date and time
2018-12-17T21:50:51.171050145Z 62 PC: 12d4c | Close file
2018-12-17T21:50:51.17280414Z 67 PC: 130db | Get or set file attributes
2018-12-17T21:50:51.176946088Z 79 PC: 12c1f | Find next file
2018-12-17T21:50:51.183558269Z 61 PC: 130d0 | Open file (Filename = 'MANDEL.COM')
2018-12-17T21:50:51.189810525Z 63 PC: 12c3a | Read file or device (Read 26 bytes on handle 2)
2018-12-17T21:50:51.195818112Z 62 PC: 12c3e | Close file
2018-12-17T21:50:51.198136874Z 67 PC: 130db | Get or set file attributes
2018-12-17T21:50:51.208100349Z 61 PC: 130d0 | Open file (Filename = 'MANDEL.COM')
2018-12-17T21:50:51.214513701Z 64 PC: 12d1c | Write file or device (Write 5 bytes on handle 2)
2018-12-17T21:50:51.217615581Z 66 PC: 130c2 | Move file pointer
2018-12-17T21:50:51.218988773Z 44 PC: 12d27 | Get time 0x12d27: cmp dh, 0
0x12d2a: je 0x12d23
0x12d2c: mov byte ptr cs:[bp + 0x718], dh
0x12d31: call 0x13114
0x12d34: inc byte ptr cs:[bp + 0x719]
0x12d39: mov ax, 0x5701
0x12d3c: mov cx, word ptr cs:[bp + 0x78c]
0x12d41: mov dx, word ptr cs:[bp + 0x78e]
0x12d46: int 0x21
0x12d48: mov ah, 0x3e
0x12d4a: int 0x21
0x12d4c: xor cx, cx
0x12d4e: mov cl, byte ptr cs:[bp + 0x78b]
0x12d53: call 0x130d2
0x12d56: ret
0x12d57: mov ah, 0x2c
0x12d59: int 0x21
0x12d5b: cmp cl, 0xa
0x12d5e: ja 0x12d68
0x12d60: mov ah, 9
2018-12-17T21:50:51.221381396Z 64 PC: 1316d | Write file or device (Write 1556 bytes on handle 2)
2018-12-17T21:50:51.230224007Z 87 PC: 12d48 | Get or set file date and time
2018-12-17T21:50:51.231756697Z 62 PC: 12d4c | Close file
2018-12-17T21:50:51.23896643Z 67 PC: 130db | Get or set file attributes
2018-12-17T21:50:51.249733418Z 79 PC: 12c1f | Find next file
2018-12-17T21:50:51.252273652Z 61 PC: 130d0 | Open file (Filename = 'PAH.COM')
2018-12-17T21:50:51.258749587Z 63 PC: 12c3a | Read file or device (Read 26 bytes on handle 2)
2018-12-17T21:50:51.266474822Z 62 PC: 12c3e | Close file
2018-12-17T21:50:51.269517421Z 67 PC: 130db | Get or set file attributes
2018-12-17T21:50:51.27911909Z 61 PC: 130d0 | Open file (Filename = 'PAH.COM')
2018-12-17T21:50:51.285624864Z 64 PC: 12d1c | Write file or device (Write 5 bytes on handle 2)
2018-12-17T21:50:51.288424361Z 66 PC: 130c2 | Move file pointer
2018-12-17T21:50:51.289651028Z 44 PC: 12d27 | Get time 0x12d27: cmp dh, 0
0x12d2a: je 0x12d23
0x12d2c: mov byte ptr cs:[bp + 0x718], dh
0x12d31: call 0x13114
0x12d34: inc byte ptr cs:[bp + 0x719]
0x12d39: mov ax, 0x5701
0x12d3c: mov cx, word ptr cs:[bp + 0x78c]
0x12d41: mov dx, word ptr cs:[bp + 0x78e]
0x12d46: int 0x21
0x12d48: mov ah, 0x3e
0x12d4a: int 0x21
0x12d4c: xor cx, cx
0x12d4e: mov cl, byte ptr cs:[bp + 0x78b]
0x12d53: call 0x130d2
0x12d56: ret
0x12d57: mov ah, 0x2c
0x12d59: int 0x21
0x12d5b: cmp cl, 0xa
0x12d5e: ja 0x12d68
0x12d60: mov ah, 9
2018-12-17T21:50:51.292223004Z 64 PC: 1316d | Write file or device (Write 1556 bytes on handle 2)
2018-12-17T21:50:51.301214862Z 87 PC: 12d48 | Get or set file date and time
2018-12-17T21:50:51.304554884Z 62 PC: 12d4c | Close file
2018-12-17T21:50:51.313775537Z 67 PC: 130db | Get or set file attributes
2018-12-17T21:50:51.323607332Z 79 PC: 12c1f | Find next file
2018-12-17T21:50:51.325940556Z 59 PC: 12bbf | Change current directory
2018-12-17T21:50:51.330632591Z 44 PC: 12d5b | Get time 0x12d5b: cmp cl, 0xa
0x12d5e: ja 0x12d68
0x12d60: mov ah, 9
0x12d62: lea dx, word ptr [bp + 0x6b8]
0x12d66: int 0x21
0x12d68: jmp 0x12f19
0x12d6b: jmp 0x13069
0x12d6e: arpl word ptr [bp + si], di
0x12d70: pop sp
0x12d71: insw word ptr es:[di], dx
0x12d72: imul si, word ptr [bp + si + 0x63], 0x725c
0x12d77: insw word ptr es:[di], dx
0x12d79: outsw dx, word ptr [si]
0x12d7a: je 0x12de1
0x12d7c: imul bp, word ptr cs:[bp + 0x69], 0x7400
0x12d82: jb 0x12df7
0x12d85: outsw dx, word ptr [si]
0x12d86: jb 0x12db6
0x12d88: outsw dx, word ptr [esi]
0x12d8a: bound ax, dword ptr [bx + si]
2018-12-17T21:50:51.332746668Z 9 PC: 12d68 | Display string (String= '[IVP] ')
2018-12-17T21:50:51.338368743Z 37 PC: 12bce | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:50:51.340236191Z 59 PC: 12bd8 | Change current directory
2018-12-17T21:50:51.342481118Z 26 PC: 130c7 | Set disk transfer address

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":11,"Second":0,"TimeBased":true,"OriginalID":58,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:39:48.112283954Z 26 PC: 130c7 | Set disk transfer address
2018-12-25T11:39:48.113845088Z 53 PC: 12b8b | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:39:48.115226537Z 37 PC: 12b9d | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:39:48.116374582Z 71 PC: 12ba9 | Get current directory
2018-12-25T11:39:48.119573215Z 78 PC: 12c1f | Find first file
2018-12-25T11:39:48.123974406Z 78 PC: 12c1f | Find first file (See above)
2018-12-25T11:39:48.128091516Z 59 PC: 12bbf | Change current directory
2018-12-25T11:39:48.129864363Z 44 PC: 12d5b | Get time 0x12d5b: cmp cl, 0xa
0x12d5e: ja 0x12d68
0x12d60: mov ah, 9
0x12d62: lea dx, word ptr [bp + 0x6b8]
0x12d66: int 0x21
0x12d68: jmp 0x12f19
0x12d6b: jmp 0x13069
0x12d6e: arpl word ptr [bp + si], di
0x12d70: pop sp
0x12d71: insw word ptr es:[di], dx
0x12d72: imul si, word ptr [bp + si + 0x63], 0x725c
0x12d77: insw word ptr es:[di], dx
0x12d79: outsw dx, word ptr [si]
0x12d7a: je 0x12de1
0x12d7c: imul bp, word ptr cs:[bp + 0x69], 0x7400
0x12d82: jb 0x12df7
0x12d85: outsw dx, word ptr [si]
0x12d86: jb 0x12db6
0x12d88: outsw dx, word ptr [esi]
0x12d8a: bound ax, dword ptr [bx + si]
2018-12-25T11:39:48.132684653Z 37 PC: 12bce | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:39:48.133777441Z 59 PC: 12bd8 | Change current directory
2018-12-25T11:39:48.135494451Z 26 PC: 130c7 | Set disk transfer address (See above)
2018-12-25T11:39:48.137978045Z 26 PC: 130c7 | Set disk transfer address (See above)
2018-12-25T11:39:48.139242682Z 53 PC: 12b8b | Get interrupt vector (See above)
2018-12-25T11:39:48.140583973Z 37 PC: 12b9d | Set interrupt vector (See above)
2018-12-25T11:39:48.14227492Z 71 PC: 12ba9 | Get current directory (See above)
2018-12-25T11:39:48.145247086Z 78 PC: 12c1f | Find first file (See above)
2018-12-25T11:39:48.156825591Z 61 PC: 130d0 | Open file (Filename = 'TEST.EXE')
2018-12-25T11:39:48.169941483Z 63 PC: 12c3a | Read file or device (Read 26 bytes on handle 5)
2018-12-25T11:39:48.17725924Z 62 PC: 12c3e | Close file
2018-12-25T11:39:48.179349947Z 67 PC: 130db | Get or set file attributes
2018-12-25T11:39:48.915733617Z 61 PC: 130d0 | Open file (See above)
2018-12-25T11:39:48.923514165Z 64 PC: 12d1c | Write file or device (Write 26 bytes on handle 5)
2018-12-25T11:39:48.927351148Z 66 PC: 130c2 | Move file pointer
2018-12-25T11:39:48.929794114Z 44 PC: 12d27 | Get time 0x12d27: cmp dh, 0
0x12d2a: je 0x12d23
0x12d2c: mov byte ptr cs:[bp + 0x718], dh
0x12d31: call 0x13114
0x12d34: inc byte ptr cs:[bp + 0x719]
0x12d39: mov ax, 0x5701
0x12d3c: mov cx, word ptr cs:[bp + 0x78c]
0x12d41: mov dx, word ptr cs:[bp + 0x78e]
0x12d46: int 0x21
0x12d48: mov ah, 0x3e
0x12d4a: int 0x21
0x12d4c: xor cx, cx
0x12d4e: mov cl, byte ptr cs:[bp + 0x78b]
0x12d53: call 0x130d2
0x12d56: ret
0x12d57: mov ah, 0x2c
0x12d59: int 0x21
0x12d5b: cmp cl, 0xa
0x12d5e: ja 0x12d68
0x12d60: mov ah, 9
2018-12-25T11:39:48.933956233Z 64 PC: 1316d | Write file or device (Write 1556 bytes on handle 5)
2018-12-25T11:39:48.988084436Z 87 PC: 12d48 | Get or set file date and time
2018-12-25T11:39:48.989447956Z 62 PC: 12d4c | Close file
2018-12-25T11:39:49.039404498Z 67 PC: 130db | Get or set file attributes (See above)
2018-12-25T11:39:49.077172322Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:39:49.080064718Z 78 PC: 12c1f | Find first file (See above)
2018-12-25T11:39:49.0870542Z 61 PC: 130d0 | Open file (See above)
2018-12-25T11:39:49.09412461Z 63 PC: 12c3a | Read file or device (See above)
2018-12-25T11:39:49.101206075Z 62 PC: 12c3e | Close file (See above)
2018-12-25T11:39:49.103889884Z 67 PC: 130db | Get or set file attributes (See above)
2018-12-25T11:39:49.128268044Z 61 PC: 130d0 | Open file (See above)
2018-12-25T11:39:49.135968812Z 64 PC: 12d1c | Write file or device (See above)
2018-12-25T11:39:49.139833229Z 66 PC: 130c2 | Move file pointer (See above)
2018-12-25T11:39:49.14149535Z 44 PC: 12d27 | Get time (See above)
2018-12-25T11:39:49.144363198Z 64 PC: 1316d | Write file or device (See above)
2018-12-25T11:39:49.203503118Z 87 PC: 12d48 | Get or set file date and time (See above)
2018-12-25T11:39:49.205334492Z 62 PC: 12d4c | Close file (See above)
2018-12-25T11:39:49.234616246Z 67 PC: 130db | Get or set file attributes (See above)
2018-12-25T11:39:49.25456897Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:39:49.258006472Z 61 PC: 130d0 | Open file (See above)
2018-12-25T11:39:49.265281317Z 63 PC: 12c3a | Read file or device (See above)
2018-12-25T11:39:49.272691545Z 62 PC: 12c3e | Close file (See above)
2018-12-25T11:39:49.275129621Z 67 PC: 130db | Get or set file attributes (See above)
2018-12-25T11:39:49.307134163Z 61 PC: 130d0 | Open file (See above)
2018-12-25T11:39:49.315633544Z 64 PC: 12d1c | Write file or device (See above)
2018-12-25T11:39:49.320230341Z 66 PC: 130c2 | Move file pointer (See above)
2018-12-25T11:39:49.321836433Z 44 PC: 12d27 | Get time (See above)
2018-12-25T11:39:49.324852091Z 64 PC: 1316d | Write file or device (See above)
2018-12-25T11:39:49.357427887Z 87 PC: 12d48 | Get or set file date and time (See above)
2018-12-25T11:39:49.358921743Z 62 PC: 12d4c | Close file (See above)
2018-12-25T11:39:49.401083809Z 67 PC: 130db | Get or set file attributes (See above)
2018-12-25T11:39:49.432957844Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:39:49.436019084Z 61 PC: 130d0 | Open file (See above)
2018-12-25T11:39:49.444029069Z 63 PC: 12c3a | Read file or device (See above)
2018-12-25T11:39:49.452122998Z 62 PC: 12c3e | Close file (See above)
2018-12-25T11:39:49.454235125Z 67 PC: 130db | Get or set file attributes (See above)
2018-12-25T11:39:49.488453198Z 61 PC: 130d0 | Open file (See above)
2018-12-25T11:39:49.496423156Z 64 PC: 12d1c | Write file or device (See above)
2018-12-25T11:39:49.499435745Z 66 PC: 130c2 | Move file pointer (See above)
2018-12-25T11:39:49.501531649Z 44 PC: 12d27 | Get time (See above)
2018-12-25T11:39:49.504446254Z 64 PC: 1316d | Write file or device (See above)
2018-12-25T11:39:49.563151879Z 87 PC: 12d48 | Get or set file date and time (See above)
2018-12-25T11:39:49.565002342Z 62 PC: 12d4c | Close file (See above)
2018-12-25T11:39:49.627173429Z 67 PC: 130db | Get or set file attributes (See above)
2018-12-25T11:39:49.6892699Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:39:49.692215661Z 61 PC: 130d0 | Open file (See above)
2018-12-25T11:39:49.700179529Z 63 PC: 12c3a | Read file or device (See above)
2018-12-25T11:39:49.707833742Z 62 PC: 12c3e | Close file (See above)
2018-12-25T11:39:49.709772416Z 67 PC: 130db | Get or set file attributes (See above)
2018-12-25T11:39:49.756185722Z 61 PC: 130d0 | Open file (See above)
2018-12-25T11:39:49.76500015Z 64 PC: 12d1c | Write file or device (See above)
2018-12-25T11:39:49.768153031Z 66 PC: 130c2 | Move file pointer (See above)
2018-12-25T11:39:49.770115631Z 44 PC: 12d27 | Get time (See above)
2018-12-25T11:39:49.774103962Z 64 PC: 1316d | Write file or device (See above)
2018-12-25T11:39:49.928443792Z 87 PC: 12d48 | Get or set file date and time (See above)
2018-12-25T11:39:49.930144478Z 62 PC: 12d4c | Close file (See above)
2018-12-25T11:39:50.003979433Z 67 PC: 130db | Get or set file attributes (See above)
2018-12-25T11:39:50.034155016Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:39:50.03607188Z 61 PC: 130d0 | Open file (See above)
2018-12-25T11:39:50.041283921Z 63 PC: 12c3a | Read file or device (See above)
2018-12-25T11:39:50.04774845Z 62 PC: 12c3e | Close file (See above)
2018-12-25T11:39:50.049115455Z 67 PC: 130db | Get or set file attributes (See above)
2018-12-25T11:39:50.052014054Z 61 PC: 130d0 | Open file (See above)
2018-12-25T11:39:50.057197269Z 64 PC: 12d1c | Write file or device (See above)
2018-12-25T11:39:50.060497475Z 66 PC: 130c2 | Move file pointer (See above)
2018-12-25T11:39:50.062570474Z 44 PC: 12d27 | Get time (See above)
2018-12-25T11:39:50.066099285Z 64 PC: 1316d | Write file or device (See above)
2018-12-25T11:39:50.081918084Z 87 PC: 12d48 | Get or set file date and time (See above)
2018-12-25T11:39:50.083884206Z 62 PC: 12d4c | Close file (See above)
2018-12-25T11:39:50.086084784Z 67 PC: 130db | Get or set file attributes (See above)
2018-12-25T11:39:50.091568795Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:39:50.094278432Z 61 PC: 130d0 | Open file (See above)
2018-12-25T11:39:50.102318009Z 63 PC: 12c3a | Read file or device (See above)
2018-12-25T11:39:50.106847573Z 62 PC: 12c3e | Close file (See above)
2018-12-25T11:39:50.108338411Z 67 PC: 130db | Get or set file attributes (See above)
2018-12-25T11:39:50.282315862Z 61 PC: 130d0 | Open file (See above)
2018-12-25T11:39:50.290413361Z 64 PC: 12d1c | Write file or device (See above)
2018-12-25T11:39:50.293427474Z 66 PC: 130c2 | Move file pointer (See above)
2018-12-25T11:39:50.295263014Z 44 PC: 12d27 | Get time (See above)
2018-12-25T11:39:50.297976101Z 64 PC: 1316d | Write file or device (See above)
2018-12-25T11:39:50.331023676Z 87 PC: 12d48 | Get or set file date and time (See above)
2018-12-25T11:39:50.334878526Z 62 PC: 12d4c | Close file (See above)
2018-12-25T11:39:50.394731163Z 67 PC: 130db | Get or set file attributes (See above)
2018-12-25T11:39:50.413451061Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:39:50.417768027Z 61 PC: 130d0 | Open file (See above)
2018-12-25T11:39:50.425173316Z 63 PC: 12c3a | Read file or device (See above)
2018-12-25T11:39:50.432222608Z 62 PC: 12c3e | Close file (See above)
2018-12-25T11:39:50.434381441Z 67 PC: 130db | Get or set file attributes (See above)
2018-12-25T11:39:52.533377448Z 61 PC: 130d0 | Open file (See above)
2018-12-25T11:39:52.540829758Z 64 PC: 12d1c | Write file or device (See above)
2018-12-25T11:39:52.543862921Z 66 PC: 130c2 | Move file pointer (See above)
2018-12-25T11:39:52.54595379Z 44 PC: 12d27 | Get time (See above)
2018-12-25T11:39:52.547743075Z 64 PC: 1316d | Write file or device (See above)
2018-12-25T11:39:53.265830268Z 87 PC: 12d48 | Get or set file date and time (See above)
2018-12-25T11:39:53.268226084Z 62 PC: 12d4c | Close file (See above)
2018-12-25T11:39:53.529710101Z 67 PC: 130db | Get or set file attributes (See above)
2018-12-25T11:39:53.679681434Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:39:53.688117455Z 59 PC: 12bbf | Change current directory (See above)
2018-12-25T11:39:53.692990134Z 44 PC: 12d5b | Get time (See above)
2018-12-25T11:39:53.695948374Z 37 PC: 12bce | Set interrupt vector (See above)
2018-12-25T11:39:53.698562643Z 59 PC: 12bd8 | Change current directory (See above)
2018-12-25T11:39:53.70105403Z 26 PC: 130c7 | Set disk transfer address (See above)

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":58,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:39:48.308029033Z 26 PC: 130c7 | Set disk transfer address
2018-12-25T11:39:48.309301615Z 53 PC: 12b8b | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:39:48.311129912Z 37 PC: 12b9d | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:39:48.312297596Z 71 PC: 12ba9 | Get current directory
2018-12-25T11:39:48.315375192Z 78 PC: 12c1f | Find first file
2018-12-25T11:39:48.31991229Z 78 PC: 12c1f | Find first file (See above)
2018-12-25T11:39:48.324215317Z 59 PC: 12bbf | Change current directory
2018-12-25T11:39:48.325872221Z 44 PC: 12d5b | Get time 0x12d5b: cmp cl, 0xa
0x12d5e: ja 0x12d68
0x12d60: mov ah, 9
0x12d62: lea dx, word ptr [bp + 0x6b8]
0x12d66: int 0x21
0x12d68: jmp 0x12f19
0x12d6b: jmp 0x13069
0x12d6e: arpl word ptr [bp + si], di
0x12d70: pop sp
0x12d71: insw word ptr es:[di], dx
0x12d72: imul si, word ptr [bp + si + 0x63], 0x725c
0x12d77: insw word ptr es:[di], dx
0x12d79: outsw dx, word ptr [si]
0x12d7a: je 0x12de1
0x12d7c: imul bp, word ptr cs:[bp + 0x69], 0x7400
0x12d82: jb 0x12df7
0x12d85: outsw dx, word ptr [si]
0x12d86: jb 0x12db6
0x12d88: outsw dx, word ptr [esi]
0x12d8a: bound ax, dword ptr [bx + si]
2018-12-25T11:39:48.328686285Z 9 PC: 12d68 | Display string (String= '[IVP] ')
2018-12-25T11:39:48.339934723Z 37 PC: 12bce | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:39:48.341198499Z 59 PC: 12bd8 | Change current directory
2018-12-25T11:39:48.343653115Z 26 PC: 130c7 | Set disk transfer address (See above)
2018-12-25T11:39:48.345862953Z 26 PC: 130c7 | Set disk transfer address (See above)
2018-12-25T11:39:48.347270121Z 53 PC: 12b8b | Get interrupt vector (See above)
2018-12-25T11:39:48.349271387Z 37 PC: 12b9d | Set interrupt vector (See above)
2018-12-25T11:39:48.350708714Z 71 PC: 12ba9 | Get current directory (See above)
2018-12-25T11:39:48.35448457Z 78 PC: 12c1f | Find first file (See above)
2018-12-25T11:39:48.361242562Z 61 PC: 130d0 | Open file (Filename = 'TEST.EXE')
2018-12-25T11:39:48.368454235Z 63 PC: 12c3a | Read file or device (Read 26 bytes on handle 5)
2018-12-25T11:39:48.371268004Z 62 PC: 12c3e | Close file
2018-12-25T11:39:48.373323542Z 67 PC: 130db | Get or set file attributes
2018-12-25T11:39:48.91563185Z 61 PC: 130d0 | Open file (See above)
2018-12-25T11:39:48.92181384Z 64 PC: 12d1c | Write file or device (Write 26 bytes on handle 5)
2018-12-25T11:39:48.924902706Z 66 PC: 130c2 | Move file pointer
2018-12-25T11:39:48.927370775Z 44 PC: 12d27 | Get time 0x12d27: cmp dh, 0
0x12d2a: je 0x12d23
0x12d2c: mov byte ptr cs:[bp + 0x718], dh
0x12d31: call 0x13114
0x12d34: inc byte ptr cs:[bp + 0x719]
0x12d39: mov ax, 0x5701
0x12d3c: mov cx, word ptr cs:[bp + 0x78c]
0x12d41: mov dx, word ptr cs:[bp + 0x78e]
0x12d46: int 0x21
0x12d48: mov ah, 0x3e
0x12d4a: int 0x21
0x12d4c: xor cx, cx
0x12d4e: mov cl, byte ptr cs:[bp + 0x78b]
0x12d53: call 0x130d2
0x12d56: ret
0x12d57: mov ah, 0x2c
0x12d59: int 0x21
0x12d5b: cmp cl, 0xa
0x12d5e: ja 0x12d68
0x12d60: mov ah, 9
2018-12-25T11:39:48.929380314Z 64 PC: 1316d | Write file or device (Write 1556 bytes on handle 5)
2018-12-25T11:39:48.98800494Z 87 PC: 12d48 | Get or set file date and time
2018-12-25T11:39:48.991101462Z 62 PC: 12d4c | Close file
2018-12-25T11:39:49.072214349Z 67 PC: 130db | Get or set file attributes (See above)
2018-12-25T11:39:49.108713992Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:39:49.112004297Z 78 PC: 12c1f | Find first file (See above)
2018-12-25T11:39:49.119209709Z 61 PC: 130d0 | Open file (See above)
2018-12-25T11:39:49.126461765Z 63 PC: 12c3a | Read file or device (See above)
2018-12-25T11:39:49.134366177Z 62 PC: 12c3e | Close file (See above)
2018-12-25T11:39:49.136684993Z 67 PC: 130db | Get or set file attributes (See above)
2018-12-25T11:39:49.203201701Z 61 PC: 130d0 | Open file (See above)
2018-12-25T11:39:49.209274517Z 64 PC: 12d1c | Write file or device (See above)
2018-12-25T11:39:49.211589635Z 66 PC: 130c2 | Move file pointer (See above)
2018-12-25T11:39:49.212765586Z 44 PC: 12d27 | Get time (See above)
2018-12-25T11:39:49.215714523Z 64 PC: 1316d | Write file or device (See above)
2018-12-25T11:39:49.240637377Z 87 PC: 12d48 | Get or set file date and time (See above)
2018-12-25T11:39:49.242621238Z 62 PC: 12d4c | Close file (See above)
2018-12-25T11:39:49.259975611Z 67 PC: 130db | Get or set file attributes (See above)
2018-12-25T11:39:49.278897317Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:39:49.282283073Z 61 PC: 130d0 | Open file (See above)
2018-12-25T11:39:49.289511538Z 63 PC: 12c3a | Read file or device (See above)
2018-12-25T11:39:49.296968279Z 62 PC: 12c3e | Close file (See above)
2018-12-25T11:39:49.298442326Z 67 PC: 130db | Get or set file attributes (See above)
2018-12-25T11:39:49.313139545Z 61 PC: 130d0 | Open file (See above)
2018-12-25T11:39:49.319802599Z 64 PC: 12d1c | Write file or device (See above)
2018-12-25T11:39:49.32247796Z 66 PC: 130c2 | Move file pointer (See above)
2018-12-25T11:39:49.323716116Z 44 PC: 12d27 | Get time (See above)
2018-12-25T11:39:49.326579938Z 64 PC: 1316d | Write file or device (See above)
2018-12-25T11:39:49.356795541Z 87 PC: 12d48 | Get or set file date and time (See above)
2018-12-25T11:39:49.358695851Z 62 PC: 12d4c | Close file (See above)
2018-12-25T11:39:49.401755319Z 67 PC: 130db | Get or set file attributes (See above)
2018-12-25T11:39:49.432306957Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:39:49.435304324Z 61 PC: 130d0 | Open file (See above)
2018-12-25T11:39:49.443067579Z 63 PC: 12c3a | Read file or device (See above)
2018-12-25T11:39:49.450549495Z 62 PC: 12c3e | Close file (See above)
2018-12-25T11:39:49.452701501Z 67 PC: 130db | Get or set file attributes (See above)
2018-12-25T11:39:49.488297467Z 61 PC: 130d0 | Open file (See above)
2018-12-25T11:39:49.496455355Z 64 PC: 12d1c | Write file or device (See above)
2018-12-25T11:39:49.4996267Z 66 PC: 130c2 | Move file pointer (See above)
2018-12-25T11:39:49.501829373Z 44 PC: 12d27 | Get time (See above)
2018-12-25T11:39:49.505330748Z 64 PC: 1316d | Write file or device (See above)
2018-12-25T11:39:49.563612407Z 87 PC: 12d48 | Get or set file date and time (See above)
2018-12-25T11:39:49.565793954Z 62 PC: 12d4c | Close file (See above)
2018-12-25T11:39:49.628631306Z 67 PC: 130db | Get or set file attributes (See above)
2018-12-25T11:39:49.68933011Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:39:49.69280329Z 61 PC: 130d0 | Open file (See above)
2018-12-25T11:39:49.701593189Z 63 PC: 12c3a | Read file or device (See above)
2018-12-25T11:39:49.709045303Z 62 PC: 12c3e | Close file (See above)
2018-12-25T11:39:49.710948348Z 67 PC: 130db | Get or set file attributes (See above)
2018-12-25T11:39:49.748700995Z 61 PC: 130d0 | Open file (See above)
2018-12-25T11:39:49.756149407Z 64 PC: 12d1c | Write file or device (See above)
2018-12-25T11:39:49.759439647Z 66 PC: 130c2 | Move file pointer (See above)
2018-12-25T11:39:49.76113001Z 44 PC: 12d27 | Get time (See above)
2018-12-25T11:39:49.764667342Z 64 PC: 1316d | Write file or device (See above)
2018-12-25T11:39:49.922500987Z 87 PC: 12d48 | Get or set file date and time (See above)
2018-12-25T11:39:49.92413151Z 62 PC: 12d4c | Close file (See above)
2018-12-25T11:39:50.299586206Z 67 PC: 130db | Get or set file attributes (See above)
2018-12-25T11:39:50.349282908Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:39:50.352019966Z 61 PC: 130d0 | Open file (See above)
2018-12-25T11:39:50.359836397Z 63 PC: 12c3a | Read file or device (See above)
2018-12-25T11:39:50.364335536Z 62 PC: 12c3e | Close file (See above)
2018-12-25T11:39:50.365691189Z 67 PC: 130db | Get or set file attributes (See above)
2018-12-25T11:39:50.369300195Z 61 PC: 130d0 | Open file (See above)
2018-12-25T11:39:50.37246961Z 64 PC: 12d1c | Write file or device (See above)
2018-12-25T11:39:50.374231946Z 66 PC: 130c2 | Move file pointer (See above)
2018-12-25T11:39:50.375653944Z 44 PC: 12d27 | Get time (See above)
2018-12-25T11:39:50.37752146Z 64 PC: 1316d | Write file or device (See above)
2018-12-25T11:39:50.385767109Z 87 PC: 12d48 | Get or set file date and time (See above)
2018-12-25T11:39:50.387295998Z 62 PC: 12d4c | Close file (See above)
2018-12-25T11:39:50.388613605Z 67 PC: 130db | Get or set file attributes (See above)
2018-12-25T11:39:50.394653943Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:39:50.40265516Z 61 PC: 130d0 | Open file (See above)
2018-12-25T11:39:50.409985355Z 63 PC: 12c3a | Read file or device (See above)
2018-12-25T11:39:50.414142607Z 62 PC: 12c3e | Close file (See above)
2018-12-25T11:39:50.415484533Z 67 PC: 130db | Get or set file attributes (See above)
2018-12-25T11:39:51.012210049Z 61 PC: 130d0 | Open file (See above)
2018-12-25T11:39:51.020159068Z 64 PC: 12d1c | Write file or device (See above)
2018-12-25T11:39:51.023580796Z 66 PC: 130c2 | Move file pointer (See above)
2018-12-25T11:39:51.025952629Z 44 PC: 12d27 | Get time (See above)
2018-12-25T11:39:51.028893748Z 64 PC: 1316d | Write file or device (See above)
2018-12-25T11:39:52.744629698Z 87 PC: 12d48 | Get or set file date and time (See above)
2018-12-25T11:39:52.746821635Z 62 PC: 12d4c | Close file (See above)
2018-12-25T11:39:53.529599486Z 67 PC: 130db | Get or set file attributes (See above)
2018-12-25T11:39:53.679715956Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:39:53.693703219Z 61 PC: 130d0 | Open file (See above)
2018-12-25T11:39:53.70195954Z 63 PC: 12c3a | Read file or device (See above)
2018-12-25T11:39:53.709896191Z 62 PC: 12c3e | Close file (See above)
2018-12-25T11:39:53.713653708Z 67 PC: 130db | Get or set file attributes (See above)
2018-12-25T11:39:53.725375476Z 61 PC: 130d0 | Open file (See above)
2018-12-25T11:39:53.733835825Z 64 PC: 12d1c | Write file or device (See above)
2018-12-25T11:39:53.738401803Z 66 PC: 130c2 | Move file pointer (See above)
2018-12-25T11:39:53.74060157Z 44 PC: 12d27 | Get time (See above)
2018-12-25T11:39:53.744023011Z 64 PC: 1316d | Write file or device (See above)
2018-12-25T11:39:53.756238894Z 87 PC: 12d48 | Get or set file date and time (See above)
2018-12-25T11:39:53.757999624Z 62 PC: 12d4c | Close file (See above)
2018-12-25T11:39:53.766669745Z 67 PC: 130db | Get or set file attributes (See above)
2018-12-25T11:39:53.7789521Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:39:53.782217773Z 59 PC: 12bbf | Change current directory (See above)
2018-12-25T11:39:53.787552601Z 44 PC: 12d5b | Get time (See above)
2018-12-25T11:39:53.79151928Z 9 PC: 12d68 | Display string (See above)
2018-12-25T11:39:53.797771799Z 37 PC: 12bce | Set interrupt vector (See above)
2018-12-25T11:39:53.798947967Z 59 PC: 12bd8 | Change current directory (See above)
2018-12-25T11:39:53.801137996Z 26 PC: 130c7 | Set disk transfer address (See above)

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":58,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:39:48.532550884Z 26 PC: 130c7 | Set disk transfer address
2018-12-25T11:39:48.534712956Z 53 PC: 12b8b | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:39:48.536715228Z 37 PC: 12b9d | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:39:48.538312879Z 71 PC: 12ba9 | Get current directory
2018-12-25T11:39:48.541712806Z 78 PC: 12c1f | Find first file
2018-12-25T11:39:48.546538722Z 78 PC: 12c1f | Find first file (See above)
2018-12-25T11:39:48.556301755Z 59 PC: 12bbf | Change current directory
2018-12-25T11:39:48.558202583Z 44 PC: 12d5b | Get time 0x12d5b: cmp cl, 0xa
0x12d5e: ja 0x12d68
0x12d60: mov ah, 9
0x12d62: lea dx, word ptr [bp + 0x6b8]
0x12d66: int 0x21
0x12d68: jmp 0x12f19
0x12d6b: jmp 0x13069
0x12d6e: arpl word ptr [bp + si], di
0x12d70: pop sp
0x12d71: insw word ptr es:[di], dx
0x12d72: imul si, word ptr [bp + si + 0x63], 0x725c
0x12d77: insw word ptr es:[di], dx
0x12d79: outsw dx, word ptr [si]
0x12d7a: je 0x12de1
0x12d7c: imul bp, word ptr cs:[bp + 0x69], 0x7400
0x12d82: jb 0x12df7
0x12d85: outsw dx, word ptr [si]
0x12d86: jb 0x12db6
0x12d88: outsw dx, word ptr [esi]
0x12d8a: bound ax, dword ptr [bx + si]
2018-12-25T11:39:48.561565027Z 9 PC: 12d68 | Display string (String= '[IVP] ')
2018-12-25T11:39:48.574016806Z 37 PC: 12bce | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:39:48.575295217Z 59 PC: 12bd8 | Change current directory
2018-12-25T11:39:48.578606069Z 26 PC: 130c7 | Set disk transfer address (See above)
2018-12-25T11:39:48.580878324Z 26 PC: 130c7 | Set disk transfer address (See above)
2018-12-25T11:39:48.582264985Z 53 PC: 12b8b | Get interrupt vector (See above)
2018-12-25T11:39:48.584430944Z 37 PC: 12b9d | Set interrupt vector (See above)
2018-12-25T11:39:48.585800471Z 71 PC: 12ba9 | Get current directory (See above)
2018-12-25T11:39:48.588890695Z 78 PC: 12c1f | Find first file (See above)
2018-12-25T11:39:48.600322462Z 61 PC: 130d0 | Open file (Filename = 'TEST.EXE')
2018-12-25T11:39:48.607467361Z 63 PC: 12c3a | Read file or device (Read 26 bytes on handle 5)
2018-12-25T11:39:48.614893006Z 62 PC: 12c3e | Close file
2018-12-25T11:39:48.617641374Z 67 PC: 130db | Get or set file attributes
2018-12-25T11:39:48.914940162Z 61 PC: 130d0 | Open file (See above)
2018-12-25T11:39:48.923439579Z 64 PC: 12d1c | Write file or device (Write 26 bytes on handle 5)
2018-12-25T11:39:48.926754579Z 66 PC: 130c2 | Move file pointer
2018-12-25T11:39:48.928818403Z 44 PC: 12d27 | Get time 0x12d27: cmp dh, 0
0x12d2a: je 0x12d23
0x12d2c: mov byte ptr cs:[bp + 0x718], dh
0x12d31: call 0x13114
0x12d34: inc byte ptr cs:[bp + 0x719]
0x12d39: mov ax, 0x5701
0x12d3c: mov cx, word ptr cs:[bp + 0x78c]
0x12d41: mov dx, word ptr cs:[bp + 0x78e]
0x12d46: int 0x21
0x12d48: mov ah, 0x3e
0x12d4a: int 0x21
0x12d4c: xor cx, cx
0x12d4e: mov cl, byte ptr cs:[bp + 0x78b]
0x12d53: call 0x130d2
0x12d56: ret
0x12d57: mov ah, 0x2c
0x12d59: int 0x21
0x12d5b: cmp cl, 0xa
0x12d5e: ja 0x12d68
0x12d60: mov ah, 9
2018-12-25T11:39:48.931757394Z 64 PC: 1316d | Write file or device (Write 1556 bytes on handle 5)
2018-12-25T11:39:49.10959082Z 87 PC: 12d48 | Get or set file date and time
2018-12-25T11:39:49.115644407Z 62 PC: 12d4c | Close file
2018-12-25T11:39:49.134708235Z 67 PC: 130db | Get or set file attributes (See above)
2018-12-25T11:39:49.159339421Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:39:49.163618757Z 78 PC: 12c1f | Find first file (See above)
2018-12-25T11:39:49.171529396Z 61 PC: 130d0 | Open file (See above)
2018-12-25T11:39:49.180425759Z 63 PC: 12c3a | Read file or device (See above)
2018-12-25T11:39:49.189718135Z 62 PC: 12c3e | Close file (See above)
2018-12-25T11:39:49.192412608Z 67 PC: 130db | Get or set file attributes (See above)
2018-12-25T11:39:49.234450076Z 61 PC: 130d0 | Open file (See above)
2018-12-25T11:39:49.243528781Z 64 PC: 12d1c | Write file or device (See above)
2018-12-25T11:39:49.247012678Z 66 PC: 130c2 | Move file pointer (See above)
2018-12-25T11:39:49.248489637Z 44 PC: 12d27 | Get time (See above)
2018-12-25T11:39:49.251474648Z 64 PC: 1316d | Write file or device (See above)
2018-12-25T11:39:49.272365535Z 87 PC: 12d48 | Get or set file date and time (See above)
2018-12-25T11:39:49.273974733Z 62 PC: 12d4c | Close file (See above)
2018-12-25T11:39:49.307071329Z 67 PC: 130db | Get or set file attributes (See above)
2018-12-25T11:39:49.332377952Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:39:49.335215398Z 61 PC: 130d0 | Open file (See above)
2018-12-25T11:39:49.342326646Z 63 PC: 12c3a | Read file or device (See above)
2018-12-25T11:39:49.349415494Z 62 PC: 12c3e | Close file (See above)
2018-12-25T11:39:49.351234695Z 67 PC: 130db | Get or set file attributes (See above)
2018-12-25T11:39:49.400993424Z 61 PC: 130d0 | Open file (See above)
2018-12-25T11:39:49.416175085Z 64 PC: 12d1c | Write file or device (See above)
2018-12-25T11:39:49.423657682Z 66 PC: 130c2 | Move file pointer (See above)
2018-12-25T11:39:49.425848343Z 44 PC: 12d27 | Get time (See above)
2018-12-25T11:39:49.429425309Z 64 PC: 1316d | Write file or device (See above)
2018-12-25T11:39:49.475993662Z 87 PC: 12d48 | Get or set file date and time (See above)
2018-12-25T11:39:49.477561199Z 62 PC: 12d4c | Close file (See above)
2018-12-25T11:39:49.505375132Z 67 PC: 130db | Get or set file attributes (See above)
2018-12-25T11:39:49.563446185Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:39:49.565730814Z 61 PC: 130d0 | Open file (See above)
2018-12-25T11:39:49.573604808Z 63 PC: 12c3a | Read file or device (See above)
2018-12-25T11:39:49.581518511Z 62 PC: 12c3e | Close file (See above)
2018-12-25T11:39:49.583482604Z 67 PC: 130db | Get or set file attributes (See above)
2018-12-25T11:39:49.627190116Z 61 PC: 130d0 | Open file (See above)
2018-12-25T11:39:49.634940406Z 64 PC: 12d1c | Write file or device (See above)
2018-12-25T11:39:49.638167568Z 66 PC: 130c2 | Move file pointer (See above)
2018-12-25T11:39:49.639996961Z 44 PC: 12d27 | Get time (See above)
2018-12-25T11:39:49.64376375Z 64 PC: 1316d | Write file or device (See above)
2018-12-25T11:39:49.689069133Z 87 PC: 12d48 | Get or set file date and time (See above)
2018-12-25T11:39:49.690522449Z 62 PC: 12d4c | Close file (See above)
2018-12-25T11:39:49.748873633Z 67 PC: 130db | Get or set file attributes (See above)
2018-12-25T11:39:49.922494698Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:39:49.925495849Z 61 PC: 130d0 | Open file (See above)
2018-12-25T11:39:49.933960569Z 63 PC: 12c3a | Read file or device (See above)
2018-12-25T11:39:49.947445739Z 62 PC: 12c3e | Close file (See above)
2018-12-25T11:39:49.949676171Z 67 PC: 130db | Get or set file attributes (See above)
2018-12-25T11:39:49.970559386Z 61 PC: 130d0 | Open file (See above)
2018-12-25T11:39:49.975161109Z 64 PC: 12d1c | Write file or device (See above)
2018-12-25T11:39:49.977030964Z 66 PC: 130c2 | Move file pointer (See above)
2018-12-25T11:39:49.977997663Z 44 PC: 12d27 | Get time (See above)
2018-12-25T11:39:49.979919733Z 64 PC: 1316d | Write file or device (See above)
2018-12-25T11:39:50.002973305Z 87 PC: 12d48 | Get or set file date and time (See above)
2018-12-25T11:39:50.004522099Z 62 PC: 12d4c | Close file (See above)
2018-12-25T11:39:50.280473393Z 67 PC: 130db | Get or set file attributes (See above)
2018-12-25T11:39:50.299391757Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:39:50.302274786Z 61 PC: 130d0 | Open file (See above)
2018-12-25T11:39:50.309817291Z 63 PC: 12c3a | Read file or device (See above)
2018-12-25T11:39:50.315272907Z 62 PC: 12c3e | Close file (See above)
2018-12-25T11:39:50.317212947Z 67 PC: 130db | Get or set file attributes (See above)
2018-12-25T11:39:50.322445758Z 61 PC: 130d0 | Open file (See above)
2018-12-25T11:39:50.327481442Z 64 PC: 12d1c | Write file or device (See above)
2018-12-25T11:39:50.330272745Z 66 PC: 130c2 | Move file pointer (See above)
2018-12-25T11:39:50.33211022Z 44 PC: 12d27 | Get time (See above)
2018-12-25T11:39:50.334852735Z 64 PC: 1316d | Write file or device (See above)
2018-12-25T11:39:50.343411073Z 87 PC: 12d48 | Get or set file date and time (See above)
2018-12-25T11:39:50.344995271Z 62 PC: 12d4c | Close file (See above)
2018-12-25T11:39:50.346823457Z 67 PC: 130db | Get or set file attributes (See above)
2018-12-25T11:39:50.352079066Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:39:50.355216701Z 61 PC: 130d0 | Open file (See above)
2018-12-25T11:39:50.362295655Z 63 PC: 12c3a | Read file or device (See above)
2018-12-25T11:39:50.36921644Z 62 PC: 12c3e | Close file (See above)
2018-12-25T11:39:50.371709986Z 67 PC: 130db | Get or set file attributes (See above)
2018-12-25T11:39:50.39444849Z 61 PC: 130d0 | Open file (See above)
2018-12-25T11:39:50.398991917Z 64 PC: 12d1c | Write file or device (See above)
2018-12-25T11:39:50.401490219Z 66 PC: 130c2 | Move file pointer (See above)
2018-12-25T11:39:50.403127814Z 44 PC: 12d27 | Get time (See above)
2018-12-25T11:39:50.404979731Z 64 PC: 1316d | Write file or device (See above)
2018-12-25T11:39:51.876172714Z 87 PC: 12d48 | Get or set file date and time (See above)
2018-12-25T11:39:51.87763125Z 62 PC: 12d4c | Close file (See above)
2018-12-25T11:39:52.974375383Z 67 PC: 130db | Get or set file attributes (See above)
2018-12-25T11:39:53.06867602Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:39:53.07206999Z 61 PC: 130d0 | Open file (See above)
2018-12-25T11:39:53.079742641Z 63 PC: 12c3a | Read file or device (See above)
2018-12-25T11:39:53.08705718Z 62 PC: 12c3e | Close file (See above)
2018-12-25T11:39:53.089065137Z 67 PC: 130db | Get or set file attributes (See above)
2018-12-25T11:39:53.266024971Z 61 PC: 130d0 | Open file (See above)
2018-12-25T11:39:53.274122002Z 64 PC: 12d1c | Write file or device (See above)
2018-12-25T11:39:53.277253036Z 66 PC: 130c2 | Move file pointer (See above)
2018-12-25T11:39:53.278717194Z 44 PC: 12d27 | Get time (See above)
2018-12-25T11:39:53.281966406Z 64 PC: 1316d | Write file or device (See above)
2018-12-25T11:39:53.529483344Z 87 PC: 12d48 | Get or set file date and time (See above)
2018-12-25T11:39:53.531609424Z 62 PC: 12d4c | Close file (See above)
2018-12-25T11:39:53.683384521Z 67 PC: 130db | Get or set file attributes (See above)
2018-12-25T11:39:53.6958311Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:39:53.699139115Z 59 PC: 12bbf | Change current directory (See above)
2018-12-25T11:39:53.710243864Z 44 PC: 12d5b | Get time (See above)
2018-12-25T11:39:53.714913788Z 9 PC: 12d68 | Display string (See above)
2018-12-25T11:39:53.719674308Z 37 PC: 12bce | Set interrupt vector (See above)
2018-12-25T11:39:53.721887053Z 59 PC: 12bd8 | Change current directory (See above)
2018-12-25T11:39:53.723901968Z 26 PC: 130c7 | Set disk transfer address (See above)

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":58,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:39:48.735116181Z 26 PC: 130c7 | Set disk transfer address
2018-12-25T11:39:48.736862615Z 53 PC: 12b8b | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:39:48.738226449Z 37 PC: 12b9d | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:39:48.739539387Z 71 PC: 12ba9 | Get current directory
2018-12-25T11:39:48.742975923Z 78 PC: 12c1f | Find first file
2018-12-25T11:39:48.747430548Z 78 PC: 12c1f | Find first file (See above)
2018-12-25T11:39:48.751859869Z 59 PC: 12bbf | Change current directory
2018-12-25T11:39:48.753980093Z 44 PC: 12d5b | Get time 0x12d5b: cmp cl, 0xa
0x12d5e: ja 0x12d68
0x12d60: mov ah, 9
0x12d62: lea dx, word ptr [bp + 0x6b8]
0x12d66: int 0x21
0x12d68: jmp 0x12f19
0x12d6b: jmp 0x13069
0x12d6e: arpl word ptr [bp + si], di
0x12d70: pop sp
0x12d71: insw word ptr es:[di], dx
0x12d72: imul si, word ptr [bp + si + 0x63], 0x725c
0x12d77: insw word ptr es:[di], dx
0x12d79: outsw dx, word ptr [si]
0x12d7a: je 0x12de1
0x12d7c: imul bp, word ptr cs:[bp + 0x69], 0x7400
0x12d82: jb 0x12df7
0x12d85: outsw dx, word ptr [si]
0x12d86: jb 0x12db6
0x12d88: outsw dx, word ptr [esi]
0x12d8a: bound ax, dword ptr [bx + si]
2018-12-25T11:39:48.756978081Z 9 PC: 12d68 | Display string (String= '[IVP] ')
2018-12-25T11:39:48.767418195Z 37 PC: 12bce | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:39:48.768389337Z 59 PC: 12bd8 | Change current directory
2018-12-25T11:39:48.770663217Z 26 PC: 130c7 | Set disk transfer address (See above)
2018-12-25T11:39:48.771950674Z 26 PC: 130c7 | Set disk transfer address (See above)
2018-12-25T11:39:48.772821711Z 53 PC: 12b8b | Get interrupt vector (See above)
2018-12-25T11:39:48.774392815Z 37 PC: 12b9d | Set interrupt vector (See above)
2018-12-25T11:39:48.775294918Z 71 PC: 12ba9 | Get current directory (See above)
2018-12-25T11:39:48.777356786Z 78 PC: 12c1f | Find first file (See above)
2018-12-25T11:39:48.792557631Z 61 PC: 130d0 | Open file (Filename = 'TEST.EXE')
2018-12-25T11:39:48.799866375Z 63 PC: 12c3a | Read file or device (Read 26 bytes on handle 5)
2018-12-25T11:39:48.806827206Z 62 PC: 12c3e | Close file
2018-12-25T11:39:48.809254405Z 67 PC: 130db | Get or set file attributes
2018-12-25T11:39:49.785460055Z 61 PC: 130d0 | Open file (See above)
2018-12-25T11:39:49.793016969Z 64 PC: 12d1c | Write file or device (Write 26 bytes on handle 5)
2018-12-25T11:39:49.796193474Z 66 PC: 130c2 | Move file pointer
2018-12-25T11:39:49.797802304Z 44 PC: 12d27 | Get time 0x12d27: cmp dh, 0
0x12d2a: je 0x12d23
0x12d2c: mov byte ptr cs:[bp + 0x718], dh
0x12d31: call 0x13114
0x12d34: inc byte ptr cs:[bp + 0x719]
0x12d39: mov ax, 0x5701
0x12d3c: mov cx, word ptr cs:[bp + 0x78c]
0x12d41: mov dx, word ptr cs:[bp + 0x78e]
0x12d46: int 0x21
0x12d48: mov ah, 0x3e
0x12d4a: int 0x21
0x12d4c: xor cx, cx
0x12d4e: mov cl, byte ptr cs:[bp + 0x78b]
0x12d53: call 0x130d2
0x12d56: ret
0x12d57: mov ah, 0x2c
0x12d59: int 0x21
0x12d5b: cmp cl, 0xa
0x12d5e: ja 0x12d68
0x12d60: mov ah, 9
2018-12-25T11:39:49.8009022Z 64 PC: 1316d | Write file or device (Write 1556 bytes on handle 5)
2018-12-25T11:39:50.413530719Z 87 PC: 12d48 | Get or set file date and time
2018-12-25T11:39:50.415493677Z 62 PC: 12d4c | Close file
2018-12-25T11:39:51.874260089Z 67 PC: 130db | Get or set file attributes (See above)
2018-12-25T11:39:52.974097244Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:39:52.977191053Z 78 PC: 12c1f | Find first file (See above)
2018-12-25T11:39:52.983706603Z 61 PC: 130d0 | Open file (See above)
2018-12-25T11:39:52.990863927Z 63 PC: 12c3a | Read file or device (See above)
2018-12-25T11:39:52.998391419Z 62 PC: 12c3e | Close file (See above)
2018-12-25T11:39:52.999955798Z 67 PC: 130db | Get or set file attributes (See above)
2018-12-25T11:39:53.160206877Z 61 PC: 130d0 | Open file (See above)
2018-12-25T11:39:53.173836782Z 64 PC: 12d1c | Write file or device (See above)
2018-12-25T11:39:53.181057102Z 66 PC: 130c2 | Move file pointer (See above)
2018-12-25T11:39:53.182493779Z 44 PC: 12d27 | Get time (See above)
2018-12-25T11:39:53.185681553Z 64 PC: 1316d | Write file or device (See above)
2018-12-25T11:39:53.300141168Z 87 PC: 12d48 | Get or set file date and time (See above)
2018-12-25T11:39:53.301723531Z 62 PC: 12d4c | Close file (See above)
2018-12-25T11:39:53.529901679Z 67 PC: 130db | Get or set file attributes (See above)
2018-12-25T11:39:53.681281756Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:39:53.709732075Z 61 PC: 130d0 | Open file (See above)
2018-12-25T11:39:53.726356415Z 63 PC: 12c3a | Read file or device (See above)
2018-12-25T11:39:53.735067857Z 62 PC: 12c3e | Close file (See above)
2018-12-25T11:39:53.737317489Z 67 PC: 130db | Get or set file attributes (See above)
2018-12-25T11:39:53.74939959Z 61 PC: 130d0 | Open file (See above)
2018-12-25T11:39:53.759739842Z 64 PC: 12d1c | Write file or device (See above)
2018-12-25T11:39:53.763456225Z 66 PC: 130c2 | Move file pointer (See above)
2018-12-25T11:39:53.766524475Z 44 PC: 12d27 | Get time (See above)
2018-12-25T11:39:53.770533946Z 64 PC: 1316d | Write file or device (See above)
2018-12-25T11:39:53.78276219Z 87 PC: 12d48 | Get or set file date and time (See above)
2018-12-25T11:39:53.785117054Z 62 PC: 12d4c | Close file (See above)
2018-12-25T11:39:53.79570159Z 67 PC: 130db | Get or set file attributes (See above)
2018-12-25T11:39:53.807019359Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:39:53.810480855Z 61 PC: 130d0 | Open file (See above)
2018-12-25T11:39:53.819019512Z 63 PC: 12c3a | Read file or device (See above)
2018-12-25T11:39:53.826614919Z 62 PC: 12c3e | Close file (See above)
2018-12-25T11:39:53.828851701Z 67 PC: 130db | Get or set file attributes (See above)
2018-12-25T11:39:53.846451854Z 61 PC: 130d0 | Open file (See above)
2018-12-25T11:39:53.856220512Z 64 PC: 12d1c | Write file or device (See above)
2018-12-25T11:39:53.861837992Z 66 PC: 130c2 | Move file pointer (See above)
2018-12-25T11:39:53.864669962Z 44 PC: 12d27 | Get time (See above)
2018-12-25T11:39:53.867502646Z 64 PC: 1316d | Write file or device (See above)
2018-12-25T11:39:53.877239Z 87 PC: 12d48 | Get or set file date and time (See above)
2018-12-25T11:39:53.879125897Z 62 PC: 12d4c | Close file (See above)
2018-12-25T11:39:53.890844664Z 67 PC: 130db | Get or set file attributes (See above)
2018-12-25T11:39:53.902295939Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:39:53.905120567Z 61 PC: 130d0 | Open file (See above)
2018-12-25T11:39:53.912671721Z 63 PC: 12c3a | Read file or device (See above)
2018-12-25T11:39:53.919728356Z 62 PC: 12c3e | Close file (See above)
2018-12-25T11:39:53.922392581Z 67 PC: 130db | Get or set file attributes (See above)
2018-12-25T11:39:53.935151702Z 61 PC: 130d0 | Open file (See above)
2018-12-25T11:39:53.941020353Z 64 PC: 12d1c | Write file or device (See above)
2018-12-25T11:39:53.94482603Z 66 PC: 130c2 | Move file pointer (See above)
2018-12-25T11:39:53.947676768Z 44 PC: 12d27 | Get time (See above)
2018-12-25T11:39:53.951553598Z 64 PC: 1316d | Write file or device (See above)
2018-12-25T11:39:53.960916436Z 87 PC: 12d48 | Get or set file date and time (See above)
2018-12-25T11:39:53.963816519Z 62 PC: 12d4c | Close file (See above)
2018-12-25T11:39:53.972875038Z 67 PC: 130db | Get or set file attributes (See above)
2018-12-25T11:39:53.983814931Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:39:53.986950416Z 61 PC: 130d0 | Open file (See above)
2018-12-25T11:39:53.995776901Z 63 PC: 12c3a | Read file or device (See above)
2018-12-25T11:39:54.003090325Z 62 PC: 12c3e | Close file (See above)
2018-12-25T11:39:54.005359742Z 67 PC: 130db | Get or set file attributes (See above)
2018-12-25T11:39:54.010980169Z 61 PC: 130d0 | Open file (See above)
2018-12-25T11:39:54.016303837Z 64 PC: 12d1c | Write file or device (See above)
2018-12-25T11:39:54.019214312Z 66 PC: 130c2 | Move file pointer (See above)
2018-12-25T11:39:54.02171237Z 44 PC: 12d27 | Get time (See above)
2018-12-25T11:39:54.024548462Z 64 PC: 1316d | Write file or device (See above)
2018-12-25T11:39:54.03029247Z 87 PC: 12d48 | Get or set file date and time (See above)
2018-12-25T11:39:54.033620725Z 62 PC: 12d4c | Close file (See above)
2018-12-25T11:39:54.035561067Z 67 PC: 130db | Get or set file attributes (See above)
2018-12-25T11:39:54.040599772Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:39:54.043997791Z 61 PC: 130d0 | Open file (See above)
2018-12-25T11:39:54.051440282Z 63 PC: 12c3a | Read file or device (See above)
2018-12-25T11:39:54.058823179Z 62 PC: 12c3e | Close file (See above)
2018-12-25T11:39:54.061327092Z 67 PC: 130db | Get or set file attributes (See above)
2018-12-25T11:39:54.072634493Z 61 PC: 130d0 | Open file (See above)
2018-12-25T11:39:54.080370505Z 64 PC: 12d1c | Write file or device (See above)
2018-12-25T11:39:54.083738655Z 66 PC: 130c2 | Move file pointer (See above)
2018-12-25T11:39:54.085856633Z 44 PC: 12d27 | Get time (See above)
2018-12-25T11:39:54.088720044Z 64 PC: 1316d | Write file or device (See above)
2018-12-25T11:39:54.099438449Z 87 PC: 12d48 | Get or set file date and time (See above)
2018-12-25T11:39:54.102706949Z 62 PC: 12d4c | Close file (See above)
2018-12-25T11:39:54.111195642Z 67 PC: 130db | Get or set file attributes (See above)
2018-12-25T11:39:54.122070119Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:39:54.125576551Z 61 PC: 130d0 | Open file (See above)
2018-12-25T11:39:54.132774425Z 63 PC: 12c3a | Read file or device (See above)
2018-12-25T11:39:54.139776946Z 62 PC: 12c3e | Close file (See above)
2018-12-25T11:39:54.142240223Z 67 PC: 130db | Get or set file attributes (See above)
2018-12-25T11:39:54.153686668Z 61 PC: 130d0 | Open file (See above)
2018-12-25T11:39:54.161066561Z 64 PC: 12d1c | Write file or device (See above)
2018-12-25T11:39:54.166549098Z 66 PC: 130c2 | Move file pointer (See above)
2018-12-25T11:39:54.168403718Z 44 PC: 12d27 | Get time (See above)
2018-12-25T11:39:54.171505478Z 64 PC: 1316d | Write file or device (See above)
2018-12-25T11:39:54.182257873Z 87 PC: 12d48 | Get or set file date and time (See above)
2018-12-25T11:39:54.184285565Z 62 PC: 12d4c | Close file (See above)
2018-12-25T11:39:54.193012692Z 67 PC: 130db | Get or set file attributes (See above)
2018-12-25T11:39:54.204699657Z 79 PC: 12c1f | Find next file (See above)
2018-12-25T11:39:54.207911549Z 59 PC: 12bbf | Change current directory (See above)
2018-12-25T11:39:54.21269045Z 44 PC: 12d5b | Get time (See above)
2018-12-25T11:39:54.216153303Z 9 PC: 12d68 | Display string (See above)
2018-12-25T11:39:54.222077624Z 37 PC: 12bce | Set interrupt vector (See above)
2018-12-25T11:39:54.223713154Z 59 PC: 12bd8 | Change current directory (See above)
2018-12-25T11:39:54.23175734Z 26 PC: 130c7 | Set disk transfer address (See above)