Sample viewer

vx.netlux.org/Virus.DOS.VCM.336

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T21:56:13.806484136Z 26 PC: 12a72 | Set disk transfer address
2018-12-17T21:56:13.808317624Z 78 PC: 12a7d | Find first file
2018-12-17T21:56:13.814818554Z 61 PC: 12b81 | Open file (Filename = 'SLEEP.COM')
2018-12-17T21:56:13.821203557Z 63 PC: 12a8f | Read file or device (Read 26 bytes on handle 5)
2018-12-17T21:56:13.827870372Z 62 PC: 12a93 | Close file
2018-12-17T21:56:13.829706376Z 67 PC: 12b8c | Get or set file attributes
2018-12-17T21:56:13.846018865Z 61 PC: 12b81 | Open file (Filename = 'SLEEP.COM')
2018-12-17T21:56:13.852975739Z 64 PC: 12b49 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T21:56:13.856944789Z 66 PC: 12b51 | Move file pointer
2018-12-17T21:56:13.858395046Z 64 PC: 12b5c | Write file or device (Write 336 bytes on handle 5)
2018-12-17T21:56:13.866583101Z 87 PC: 12b69 | Get or set file date and time
2018-12-17T21:56:13.86841056Z 62 PC: 12b6d | Close file
2018-12-17T21:56:13.875695107Z 67 PC: 12b8c | Get or set file attributes
2018-12-17T21:56:13.885247861Z 79 PC: 12a7d | Find next file
2018-12-17T21:56:13.888655626Z 61 PC: 12b81 | Open file (Filename = 'PRINT.COM')
2018-12-17T21:56:13.894910559Z 63 PC: 12a8f | Read file or device (Read 26 bytes on handle 5)
2018-12-17T21:56:13.901151767Z 62 PC: 12a93 | Close file
2018-12-17T21:56:13.903204781Z 79 PC: 12a7d | Find next file
2018-12-17T21:56:13.905758828Z 61 PC: 12b81 | Open file (Filename = 'HELLO.COM')
2018-12-17T21:56:13.912072525Z 63 PC: 12a8f | Read file or device (Read 26 bytes on handle 5)
2018-12-17T21:56:13.918948012Z 62 PC: 12a93 | Close file
2018-12-17T21:56:13.921409705Z 79 PC: 12a7d | Find next file
2018-12-17T21:56:13.923874426Z 61 PC: 12b81 | Open file (Filename = 'PHANG.COM')
2018-12-17T21:56:13.930550493Z 63 PC: 12a8f | Read file or device (Read 26 bytes on handle 5)
2018-12-17T21:56:13.936606306Z 62 PC: 12a93 | Close file
2018-12-17T21:56:13.938352462Z 79 PC: 12a7d | Find next file
2018-12-17T21:56:13.941327157Z 61 PC: 12b81 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T21:56:13.947653642Z 63 PC: 12a8f | Read file or device (Read 26 bytes on handle 5)
2018-12-17T21:56:13.953953652Z 62 PC: 12a93 | Close file
2018-12-17T21:56:13.956401457Z 79 PC: 12a7d | Find next file
2018-12-17T21:56:13.959019775Z 61 PC: 12b81 | Open file (Filename = 'MANDEL.COM')
2018-12-17T21:56:13.965220682Z 63 PC: 12a8f | Read file or device (Read 26 bytes on handle 5)
2018-12-17T21:56:13.971424317Z 62 PC: 12a93 | Close file
2018-12-17T21:56:13.973778637Z 67 PC: 12b8c | Get or set file attributes
2018-12-17T21:56:13.984511451Z 61 PC: 12b81 | Open file (Filename = 'MANDEL.COM')
2018-12-17T21:56:13.990988363Z 64 PC: 12b49 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T21:56:13.993733697Z 66 PC: 12b51 | Move file pointer
2018-12-17T21:56:13.994983588Z 64 PC: 12b5c | Write file or device (Write 336 bytes on handle 5)
2018-12-17T21:56:14.003020036Z 87 PC: 12b69 | Get or set file date and time
2018-12-17T21:56:14.004958641Z 62 PC: 12b6d | Close file
2018-12-17T21:56:14.012634342Z 67 PC: 12b8c | Get or set file attributes
2018-12-17T21:56:14.022792992Z 79 PC: 12a7d | Find next file
2018-12-17T21:56:14.025858069Z 61 PC: 12b81 | Open file (Filename = 'PAH.COM')
2018-12-17T21:56:14.032965035Z 63 PC: 12a8f | Read file or device (Read 26 bytes on handle 5)
2018-12-17T21:56:14.039584447Z 62 PC: 12a93 | Close file
2018-12-17T21:56:14.042015231Z 79 PC: 12a7d | Find next file
2018-12-17T21:56:14.04460077Z 61 PC: 12b81 | Open file (Filename = 'TEST.COM')
2018-12-17T21:56:14.056272717Z 63 PC: 12a8f | Read file or device (Read 26 bytes on handle 5)
2018-12-17T21:56:14.062917285Z 62 PC: 12a93 | Close file
2018-12-17T21:56:14.06481561Z 79 PC: 12a7d | Find next file
2018-12-17T21:56:14.067189849Z 42 PC: 12ac1 | Get date 0x12ac1: cmp dh, 0xa
0x12ac4: jne 0x12ae8
0x12ac6: cmp dl, 0x19
0x12ac9: jne 0x12ae8
0x12acb: cmp cx, 0x7d0
0x12acf: jae 0x12ad4
0x12ad1: fninit
0x12ad3: mov ah, 0x33
0x12ad5: sal byte ptr [bp + di], 0xdb
0x12ad8: xor cx, cx
0x12ada: xor dx, dx
0x12adc: mov ax, 0xffff
0x12adf: push ax
0x12ae0: mov ax, 0
0x12ae3: push ax
0x12ae4: retf
0x12ae5: jmp 0x12ae8
0x12ae7: nop
0x12ae8: mov ah, 0x1a
0x12aea: mov dx, 0x80
2018-12-17T21:56:14.070484154Z 26 PC: 12aef | Set disk transfer address

{"DateBased":true,"Day":25,"Month":10,"Year":2001,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":678,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:41:25.798459516Z 26 PC: 12a72 | Set disk transfer address
2018-12-25T11:41:25.79941985Z 78 PC: 12a7d | Find first file
2018-12-25T11:41:25.805624315Z 61 PC: 12b81 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:41:25.811856417Z 63 PC: 12a8f | Read file or device (Read 26 bytes on handle 5)
2018-12-25T11:41:25.817880711Z 62 PC: 12a93 | Close file
2018-12-25T11:41:25.820253272Z 67 PC: 12b8c | Get or set file attributes
2018-12-25T11:41:25.843401175Z 61 PC: 12b81 | Open file (See above)
2018-12-25T11:41:25.849881517Z 64 PC: 12b49 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:41:25.856872773Z 66 PC: 12b51 | Move file pointer
2018-12-25T11:41:25.858133441Z 64 PC: 12b5c | Write file or device (Write 336 bytes on handle 5)
2018-12-25T11:41:25.865812866Z 87 PC: 12b69 | Get or set file date and time
2018-12-25T11:41:25.867699862Z 62 PC: 12b6d | Close file
2018-12-25T11:41:25.874879171Z 67 PC: 12b8c | Get or set file attributes (See above)
2018-12-25T11:41:25.884498744Z 79 PC: 12a7d | Find next file (See above)
2018-12-25T11:41:25.887136392Z 61 PC: 12b81 | Open file (See above)
2018-12-25T11:41:25.893781124Z 63 PC: 12a8f | Read file or device (See above)
2018-12-25T11:41:25.900402693Z 62 PC: 12a93 | Close file (See above)
2018-12-25T11:41:25.901992729Z 79 PC: 12a7d | Find next file (See above)
2018-12-25T11:41:25.905836197Z 61 PC: 12b81 | Open file (See above)
2018-12-25T11:41:25.912123304Z 63 PC: 12a8f | Read file or device (See above)
2018-12-25T11:41:25.91803786Z 62 PC: 12a93 | Close file (See above)
2018-12-25T11:41:25.920009553Z 79 PC: 12a7d | Find next file (See above)
2018-12-25T11:41:25.922565049Z 61 PC: 12b81 | Open file (See above)
2018-12-25T11:41:25.928975124Z 63 PC: 12a8f | Read file or device (See above)
2018-12-25T11:41:25.93539558Z 62 PC: 12a93 | Close file (See above)
2018-12-25T11:41:25.937007218Z 79 PC: 12a7d | Find next file (See above)
2018-12-25T11:41:25.939428909Z 61 PC: 12b81 | Open file (See above)
2018-12-25T11:41:25.946526002Z 63 PC: 12a8f | Read file or device (See above)
2018-12-25T11:41:25.952634893Z 62 PC: 12a93 | Close file (See above)
2018-12-25T11:41:25.954220617Z 79 PC: 12a7d | Find next file (See above)
2018-12-25T11:41:25.95695969Z 61 PC: 12b81 | Open file (See above)
2018-12-25T11:41:25.963872187Z 63 PC: 12a8f | Read file or device (See above)
2018-12-25T11:41:25.969806301Z 62 PC: 12a93 | Close file (See above)
2018-12-25T11:41:25.971811552Z 67 PC: 12b8c | Get or set file attributes (See above)
2018-12-25T11:41:25.981435587Z 61 PC: 12b81 | Open file (See above)
2018-12-25T11:41:25.98802654Z 64 PC: 12b49 | Write file or device (See above)
2018-12-25T11:41:25.998784625Z 66 PC: 12b51 | Move file pointer (See above)
2018-12-25T11:41:26.000461159Z 64 PC: 12b5c | Write file or device (See above)
2018-12-25T11:41:26.00844209Z 87 PC: 12b69 | Get or set file date and time (See above)
2018-12-25T11:41:26.010664242Z 62 PC: 12b6d | Close file (See above)
2018-12-25T11:41:26.017983334Z 67 PC: 12b8c | Get or set file attributes (See above)
2018-12-25T11:41:26.027918518Z 79 PC: 12a7d | Find next file (See above)
2018-12-25T11:41:26.031091531Z 61 PC: 12b81 | Open file (See above)
2018-12-25T11:41:26.037377888Z 63 PC: 12a8f | Read file or device (See above)
2018-12-25T11:41:26.043419713Z 62 PC: 12a93 | Close file (See above)
2018-12-25T11:41:26.045185751Z 79 PC: 12a7d | Find next file (See above)
2018-12-25T11:41:26.048018756Z 61 PC: 12b81 | Open file (See above)
2018-12-25T11:41:26.054148008Z 63 PC: 12a8f | Read file or device (See above)
2018-12-25T11:41:26.060068323Z 62 PC: 12a93 | Close file (See above)
2018-12-25T11:41:26.061899529Z 79 PC: 12a7d | Find next file (See above)
2018-12-25T11:41:26.064071076Z 42 PC: 12ac1 | Get date 0x12ac1: cmp dh, 0xa
0x12ac4: jne 0x12ae8
0x12ac6: cmp dl, 0x19
0x12ac9: jne 0x12ae8
0x12acb: cmp cx, 0x7d0
0x12acf: jae 0x12ad4
0x12ad1: fninit
0x12ad3: mov ah, 0x33
0x12ad5: sal byte ptr [bp + di], 0xdb
0x12ad8: xor cx, cx
0x12ada: xor dx, dx
0x12adc: mov ax, 0xffff
0x12adf: push ax
0x12ae0: mov ax, 0
0x12ae3: push ax
0x12ae4: retf
0x12ae5: jmp 0x12ae8
0x12ae7: nop
0x12ae8: mov ah, 0x1a
0x12aea: mov dx, 0x80
2018-12-25T11:41:28.270395453Z 72 PC: 8f1b9 | Allocate memory
2018-12-25T11:41:28.27258689Z 72 PC: 8f1bd | Allocate memory
2018-12-25T11:41:28.274662699Z 99 PC: 90858 | Get DBCS lead byte table pointer
2018-12-25T11:41:28.277298419Z 61 PC: 91f88 | Open file (Filename = 'C:\WINDOWS\HIMEM.SYS')
2018-12-25T11:41:28.288050819Z 66 PC: 91f95 | Move file pointer
2018-12-25T11:41:28.289323189Z 62 PC: 91fc1 | Close file
2018-12-25T11:41:28.291169971Z 75 PC: 91fe0 | Execute program
2018-12-25T11:41:28.307303471Z 98 PC: 916f1 | Get current PSP
2018-12-25T11:41:28.308417184Z 9 PC: c605 | Display string (String= '6��r�&;] u')
2018-12-25T11:41:28.31248735Z 48 PC: c609 | Get DOS version
2018-12-25T11:41:28.31569264Z 9 PC: c382 | Display string (String= ' Installed A20 handler number ')
2018-12-25T11:41:28.317864393Z 2 PC: c38c | Character output (Char = '32')
2018-12-25T11:41:28.319762008Z 2 PC: c3a7 | Character output (Char = '2e')
2018-12-25T11:41:28.323975101Z 9 PC: c6d9 | Display string (String= '�����VH�VD���V@��������������_���Ku��t1��������D�����t �� ��������a1��Z�����W���� ������5���|�����(���������Nj�(��������p�^')
2018-12-25T11:41:28.327478168Z 9 PC: c6e0 | Display string (String= '�5���|�����(���������Nj�(��������p�^')
2018-12-25T11:41:28.332317089Z 61 PC: 91f88 | Open file (See above)
2018-12-25T11:41:28.342522513Z 66 PC: 91f95 | Move file pointer (See above)
2018-12-25T11:41:28.344371803Z 62 PC: 91fc1 | Close file (See above)
2018-12-25T11:41:28.346515205Z 75 PC: 91fe0 | Execute program (See above)
2018-12-25T11:41:28.368158014Z 98 PC: 916f1 | Get current PSP (See above)
2018-12-25T11:41:28.371753943Z 82 PC: 13d46 | Get DOS internal pointers (SYSVARS)
2018-12-25T11:41:28.372936852Z 53 PC: 13ac3 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:41:28.375011966Z 37 PC: 13ad6 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:41:28.375868731Z 53 PC: 13ae0 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T11:41:28.376697467Z 37 PC: 13af3 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T11:41:28.377998279Z 9 PC: 13a0d | Display string (Could not find end pointer)
2018-12-25T11:41:28.385167657Z 62 PC: 8f8eb | Close file
2018-12-25T11:41:28.386701905Z 62 PC: 8f8f2 | Close file
2018-12-25T11:41:28.388587376Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:41:28.389838962Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:41:28.391235131Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:41:28.393366969Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:41:28.394869819Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:41:28.396869949Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:41:28.398649905Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:41:28.39988893Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:41:28.401630243Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:41:28.404033478Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:41:28.405822726Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:41:28.407179459Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:41:28.408837118Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:41:28.410107433Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:41:28.411395569Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:41:28.413103926Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:41:28.41443385Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:41:28.415791941Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:41:28.418976888Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:41:28.420253039Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:41:28.421628142Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:41:28.423793135Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:41:28.42533486Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:41:28.426747946Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:41:28.428640595Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:41:28.429958043Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:41:28.431129544Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:41:28.433339873Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:41:28.434734719Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:41:28.435969355Z 61 PC: 8f8ff | Open file (Filename = '')
2018-12-25T11:41:28.440938177Z 62 PC: 8f90e | Close file
2018-12-25T11:41:28.442525468Z 69 PC: 8f915 | Duplicate handle
2018-12-25T11:41:28.443907941Z 69 PC: 8f919 | Duplicate handle
2018-12-25T11:41:28.445929882Z 61 PC: 9387b | Open file (Filename = '')
2018-12-25T11:41:28.450391501Z 68 PC: 9386b | I/O control for devices (Set for = '')
2018-12-25T11:41:28.451740671Z 61 PC: 9387b | Open file (See above)
2018-12-25T11:41:28.456772683Z 68 PC: 9386b | I/O control for devices (See above)
2018-12-25T11:41:28.45812302Z 74 PC: 8f9c4 | Reallocate memory
2018-12-25T11:41:28.459120177Z 72 PC: 8f9e0 | Allocate memory
2018-12-25T11:41:28.460611414Z 72 PC: 8f9e4 | Allocate memory
2018-12-25T11:41:28.461803414Z 74 PC: 8f9fb | Reallocate memory
2018-12-25T11:41:28.462831118Z 72 PC: 8fa02 | Allocate memory
2018-12-25T11:41:28.464684567Z 72 PC: 8fa06 | Allocate memory
2018-12-25T11:41:28.465886011Z 73 PC: 8fa11 | Release memory
2018-12-25T11:41:28.467362823Z 73 PC: 8efea | Release memory
2018-12-25T11:41:28.469259428Z 74 PC: 8f003 | Reallocate memory
2018-12-25T11:41:28.470614638Z 72 PC: 8f054 | Allocate memory
2018-12-25T11:41:28.472010207Z 72 PC: 8f058 | Allocate memory
2018-12-25T11:41:28.473719786Z 73 PC: 8f060 | Release memory
2018-12-25T11:41:28.47487644Z 61 PC: 8f080 | Open file (Filename = '')
2018-12-25T11:41:28.481038594Z 63 PC: 8f095 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:41:28.485997968Z 66 PC: 8f0ad | Move file pointer
2018-12-25T11:41:28.487133168Z 62 PC: 8f0d1 | Close file
2018-12-25T11:41:28.488388133Z 75 PC: 8f0f2 | Execute program
2018-12-25T11:41:28.503354751Z 80 PC: 12be9 | Set current PSP
2018-12-25T11:41:28.504053064Z 48 PC: 12bee | Get DOS version
2018-12-25T11:41:28.505388708Z 99 PC: 193d0 | Get DBCS lead byte table pointer
2018-12-25T11:41:28.508381474Z 101 PC: 12c74 | Get extended country info
2018-12-25T11:41:28.509614301Z 99 PC: 12c7a | Get DBCS lead byte table pointer
2018-12-25T11:41:28.510677061Z 74 PC: 12cdc | Reallocate memory
2018-12-25T11:41:28.512643967Z 72 PC: 1355d | Allocate memory
2018-12-25T11:41:28.514108546Z 25 PC: 13596 | Get default drive
2018-12-25T11:41:28.514861933Z 71 PC: 135ad | Get current directory
2018-12-25T11:41:28.517475349Z 59 PC: 135ba | Change current directory
2018-12-25T11:41:28.522367352Z 59 PC: 135c8 | Change current directory
2018-12-25T11:41:28.527650855Z 59 PC: 135d3 | Change current directory
2018-12-25T11:41:28.531214117Z 25 PC: 12d13 | Get default drive
2018-12-25T11:41:28.532215642Z 37 PC: 127d3 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T11:41:28.533011277Z 37 PC: 127da | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T11:41:28.534854636Z 37 PC: 127e1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:41:28.536795028Z 80 PC: 1301d | Set current PSP
2018-12-25T11:41:28.53746852Z 37 PC: 13041 | Set interrupt vector (Interrupt = '46' AKA 'Set verify flag')
2018-12-25T11:41:28.538963565Z 53 PC: 13362 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T11:41:28.539946724Z 37 PC: 13383 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T11:41:28.541183876Z 51 PC: 13417 | Get or set Ctrl-Break
2018-12-25T11:41:28.543331587Z 72 PC: 130ec | Allocate memory
2018-12-25T11:41:28.544915437Z 61 PC: 131b2 | Open file (Filename = '')
2018-12-25T11:41:28.551402746Z 62 PC: 131ba | Close file
2018-12-25T11:41:28.554063945Z 51 PC: 1344c | Get or set Ctrl-Break
2018-12-25T11:41:28.555001848Z 74 PC: 1197c | Reallocate memory
2018-12-25T11:41:28.55635154Z 72 PC: 11991 | Allocate memory
2018-12-25T11:41:28.558362524Z 73 PC: 119b2 | Release memory
2018-12-25T11:41:28.559483113Z 72 PC: 119bd | Allocate memory
2018-12-25T11:41:28.561032289Z 73 PC: 119df | Release memory
2018-12-25T11:41:28.562617424Z 72 PC: 119f5 | Allocate memory
2018-12-25T11:41:28.563784872Z 72 PC: 119fd | Allocate memory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":678,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:41:26.304898716Z 26 PC: 12a72 | Set disk transfer address
2018-12-25T11:41:26.306856577Z 78 PC: 12a7d | Find first file
2018-12-25T11:41:26.31286613Z 61 PC: 12b81 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:41:26.319431962Z 63 PC: 12a8f | Read file or device (Read 26 bytes on handle 5)
2018-12-25T11:41:26.325767202Z 62 PC: 12a93 | Close file
2018-12-25T11:41:26.328460154Z 67 PC: 12b8c | Get or set file attributes
2018-12-25T11:41:26.34486776Z 61 PC: 12b81 | Open file (See above)
2018-12-25T11:41:26.351658649Z 64 PC: 12b49 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:41:26.355205526Z 66 PC: 12b51 | Move file pointer
2018-12-25T11:41:26.356570347Z 64 PC: 12b5c | Write file or device (Write 336 bytes on handle 5)
2018-12-25T11:41:26.364418649Z 87 PC: 12b69 | Get or set file date and time
2018-12-25T11:41:26.367076075Z 62 PC: 12b6d | Close file
2018-12-25T11:41:26.374480798Z 67 PC: 12b8c | Get or set file attributes (See above)
2018-12-25T11:41:26.384203489Z 79 PC: 12a7d | Find next file (See above)
2018-12-25T11:41:26.387651878Z 61 PC: 12b81 | Open file (See above)
2018-12-25T11:41:26.393881859Z 63 PC: 12a8f | Read file or device (See above)
2018-12-25T11:41:26.400363325Z 62 PC: 12a93 | Close file (See above)
2018-12-25T11:41:26.402957432Z 79 PC: 12a7d | Find next file (See above)
2018-12-25T11:41:26.405659219Z 61 PC: 12b81 | Open file (See above)
2018-12-25T11:41:26.412067442Z 63 PC: 12a8f | Read file or device (See above)
2018-12-25T11:41:26.419585027Z 62 PC: 12a93 | Close file (See above)
2018-12-25T11:41:26.42144629Z 79 PC: 12a7d | Find next file (See above)
2018-12-25T11:41:26.424366904Z 61 PC: 12b81 | Open file (See above)
2018-12-25T11:41:26.433449377Z 63 PC: 12a8f | Read file or device (See above)
2018-12-25T11:41:26.439747197Z 62 PC: 12a93 | Close file (See above)
2018-12-25T11:41:26.441662316Z 79 PC: 12a7d | Find next file (See above)
2018-12-25T11:41:26.445215834Z 61 PC: 12b81 | Open file (See above)
2018-12-25T11:41:26.452129466Z 63 PC: 12a8f | Read file or device (See above)
2018-12-25T11:41:26.458527656Z 62 PC: 12a93 | Close file (See above)
2018-12-25T11:41:26.460510521Z 79 PC: 12a7d | Find next file (See above)
2018-12-25T11:41:26.464430727Z 61 PC: 12b81 | Open file (See above)
2018-12-25T11:41:26.471792298Z 63 PC: 12a8f | Read file or device (See above)
2018-12-25T11:41:26.478007716Z 62 PC: 12a93 | Close file (See above)
2018-12-25T11:41:26.480423626Z 67 PC: 12b8c | Get or set file attributes (See above)
2018-12-25T11:41:26.48994835Z 61 PC: 12b81 | Open file (See above)
2018-12-25T11:41:26.496171241Z 64 PC: 12b49 | Write file or device (See above)
2018-12-25T11:41:26.499460748Z 66 PC: 12b51 | Move file pointer (See above)
2018-12-25T11:41:26.500711959Z 64 PC: 12b5c | Write file or device (See above)
2018-12-25T11:41:26.508350716Z 87 PC: 12b69 | Get or set file date and time (See above)
2018-12-25T11:41:26.510132968Z 62 PC: 12b6d | Close file (See above)
2018-12-25T11:41:26.517721387Z 67 PC: 12b8c | Get or set file attributes (See above)
2018-12-25T11:41:26.527381228Z 79 PC: 12a7d | Find next file (See above)
2018-12-25T11:41:26.530497107Z 61 PC: 12b81 | Open file (See above)
2018-12-25T11:41:26.5389116Z 63 PC: 12a8f | Read file or device (See above)
2018-12-25T11:41:26.545017351Z 62 PC: 12a93 | Close file (See above)
2018-12-25T11:41:26.547402952Z 79 PC: 12a7d | Find next file (See above)
2018-12-25T11:41:26.549816366Z 61 PC: 12b81 | Open file (See above)
2018-12-25T11:41:26.556053835Z 63 PC: 12a8f | Read file or device (See above)
2018-12-25T11:41:26.559041869Z 62 PC: 12a93 | Close file (See above)
2018-12-25T11:41:26.560934533Z 79 PC: 12a7d | Find next file (See above)
2018-12-25T11:41:26.563554825Z 42 PC: 12ac1 | Get date 0x12ac1: cmp dh, 0xa
0x12ac4: jne 0x12ae8
0x12ac6: cmp dl, 0x19
0x12ac9: jne 0x12ae8
0x12acb: cmp cx, 0x7d0
0x12acf: jae 0x12ad4
0x12ad1: fninit
0x12ad3: mov ah, 0x33
0x12ad5: sal byte ptr [bp + di], 0xdb
0x12ad8: xor cx, cx
0x12ada: xor dx, dx
0x12adc: mov ax, 0xffff
0x12adf: push ax
0x12ae0: mov ax, 0
0x12ae3: push ax
0x12ae4: retf
0x12ae5: jmp 0x12ae8
0x12ae7: nop
0x12ae8: mov ah, 0x1a
0x12aea: mov dx, 0x80
2018-12-25T11:41:26.565625876Z 26 PC: 12aef | Set disk transfer address

{"DateBased":true,"Day":1,"Month":10,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":678,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:41:25.779053586Z 64 PC: 0 | Write file or device (Write 2 bytes on handle 1)
2018-12-25T11:41:25.784935927Z 41 PC: 94fae | Parse filename
2018-12-25T11:41:25.789054739Z 41 PC: 9502f | Parse filename
2018-12-25T11:41:25.792317316Z 41 PC: 9504c | Parse filename
2018-12-25T11:41:25.794353184Z 26 PC: 984f7 | Set disk transfer address
2018-12-25T11:41:25.799335094Z 71 PC: 986f3 | Get current directory
2018-12-25T11:41:25.802841524Z 78 PC: 986fe | Find first file
2018-12-25T11:41:25.824543051Z 71 PC: 986f3 | Get current directory (See above)
2018-12-25T11:41:25.827329131Z 78 PC: 986fe | Find first file (See above)
2018-12-25T11:41:25.837484947Z 64 PC: 9a848 | Write file or device (Write 26 bytes on handle 2)
2018-12-25T11:41:25.842657938Z 37 PC: 123c4 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T11:41:25.844590123Z 37 PC: 123cb | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T11:41:25.845774923Z 37 PC: 123d2 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:41:25.846922186Z 62 PC: 122ab | Close file
2018-12-25T11:41:25.848366004Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:41:25.851084636Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:41:25.852719526Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:41:25.85439825Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:41:25.856163221Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:41:25.857537011Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:41:25.858824522Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:41:25.860587346Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:41:25.862146445Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:41:25.8637807Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:41:25.865915736Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:41:25.867585939Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:41:25.869260198Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:41:25.871415921Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:41:25.873270903Z 99 PC: 9a5d7 | Get DBCS lead byte table pointer
2018-12-25T11:41:25.874450526Z 56 PC: 94df9 | Get or set country info
2018-12-25T11:41:25.893265506Z 64 PC: 9a848 | Write file or device (See above)
2018-12-25T11:41:25.897577739Z 25 PC: 94e62 | Get default drive
2018-12-25T11:41:25.898964535Z 71 PC: 970dd | Get current directory
2018-12-25T11:41:25.903169438Z 64 PC: 9a848 | Write file or device (See above)
2018-12-25T11:41:25.906187303Z 2 PC: 970b2 | Character output (Char = '3e')
2018-12-25T11:41:25.908434062Z 93 PC: 94f20 | File sharing functions
2018-12-25T11:41:25.910706352Z 93 PC: 94f27 | File sharing functions
2018-12-25T11:41:25.912537011Z 10 PC: 94f39 | Buffered keyboard input
2018-12-25T11:41:40.82608457Z 0 PC: 0 | Program terminate (See above)
2018-12-25T11:41:42.180359288Z 0 PC: 0 | Program terminate (See above)
2018-12-25T11:41:42.282533224Z 64 PC: 9a848 | Write file or device (See above)
2018-12-25T11:41:42.288821821Z 41 PC: 94fae | Parse filename (See above)
2018-12-25T11:41:42.290673687Z 41 PC: 9502f | Parse filename (See above)
2018-12-25T11:41:42.292098748Z 41 PC: 9504c | Parse filename (See above)
2018-12-25T11:41:42.294599911Z 26 PC: 984f7 | Set disk transfer address (See above)
2018-12-25T11:41:42.297356247Z 71 PC: 986f3 | Get current directory (See above)
2018-12-25T11:41:42.305206839Z 78 PC: 986fe | Find first file (See above)
2018-12-25T11:41:42.314959898Z 71 PC: 9856c | Get current directory
2018-12-25T11:41:42.31792653Z 73 PC: 97c09 | Release memory
2018-12-25T11:41:42.319245511Z 75 PC: 11821 | Execute program
2018-12-25T11:41:42.333248205Z 9 PC: 12a47 | Display string (String= 'Hello, World! ')
2018-12-25T11:41:42.337507314Z 76 PC: 12a4b | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":25,"Month":10,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":678,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:41:25.971606679Z 26 PC: 12a72 | Set disk transfer address
2018-12-25T11:41:25.973125389Z 78 PC: 12a7d | Find first file
2018-12-25T11:41:25.980375305Z 61 PC: 12b81 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:41:25.987960829Z 63 PC: 12a8f | Read file or device (Read 26 bytes on handle 5)
2018-12-25T11:41:25.99552473Z 62 PC: 12a93 | Close file
2018-12-25T11:41:25.998809168Z 67 PC: 12b8c | Get or set file attributes
2018-12-25T11:41:26.01765888Z 61 PC: 12b81 | Open file (See above)
2018-12-25T11:41:26.032745929Z 64 PC: 12b49 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:41:26.049183869Z 66 PC: 12b51 | Move file pointer
2018-12-25T11:41:26.050990525Z 64 PC: 12b5c | Write file or device (Write 336 bytes on handle 5)
2018-12-25T11:41:26.073300141Z 87 PC: 12b69 | Get or set file date and time
2018-12-25T11:41:26.076346944Z 62 PC: 12b6d | Close file
2018-12-25T11:41:26.085558279Z 67 PC: 12b8c | Get or set file attributes (See above)
2018-12-25T11:41:26.097110019Z 79 PC: 12a7d | Find next file (See above)
2018-12-25T11:41:26.101659251Z 61 PC: 12b81 | Open file (See above)
2018-12-25T11:41:26.109523281Z 63 PC: 12a8f | Read file or device (See above)
2018-12-25T11:41:26.117076448Z 62 PC: 12a93 | Close file (See above)
2018-12-25T11:41:26.119798526Z 79 PC: 12a7d | Find next file (See above)
2018-12-25T11:41:26.122797321Z 61 PC: 12b81 | Open file (See above)
2018-12-25T11:41:26.128823846Z 63 PC: 12a8f | Read file or device (See above)
2018-12-25T11:41:26.135008328Z 62 PC: 12a93 | Close file (See above)
2018-12-25T11:41:26.137425022Z 79 PC: 12a7d | Find next file (See above)
2018-12-25T11:41:26.140445218Z 61 PC: 12b81 | Open file (See above)
2018-12-25T11:41:26.148475768Z 63 PC: 12a8f | Read file or device (See above)
2018-12-25T11:41:26.156863019Z 62 PC: 12a93 | Close file (See above)
2018-12-25T11:41:26.159356794Z 79 PC: 12a7d | Find next file (See above)
2018-12-25T11:41:26.162459544Z 61 PC: 12b81 | Open file (See above)
2018-12-25T11:41:26.184889453Z 63 PC: 12a8f | Read file or device (See above)
2018-12-25T11:41:26.192336477Z 62 PC: 12a93 | Close file (See above)
2018-12-25T11:41:26.194662672Z 79 PC: 12a7d | Find next file (See above)
2018-12-25T11:41:26.204146963Z 61 PC: 12b81 | Open file (See above)
2018-12-25T11:41:26.212349163Z 63 PC: 12a8f | Read file or device (See above)
2018-12-25T11:41:26.219395751Z 62 PC: 12a93 | Close file (See above)
2018-12-25T11:41:26.222136395Z 67 PC: 12b8c | Get or set file attributes (See above)
2018-12-25T11:41:26.233878336Z 61 PC: 12b81 | Open file (See above)
2018-12-25T11:41:26.241551716Z 64 PC: 12b49 | Write file or device (See above)
2018-12-25T11:41:26.244936897Z 66 PC: 12b51 | Move file pointer (See above)
2018-12-25T11:41:26.250030129Z 64 PC: 12b5c | Write file or device (See above)
2018-12-25T11:41:26.258932751Z 87 PC: 12b69 | Get or set file date and time (See above)
2018-12-25T11:41:26.260525275Z 62 PC: 12b6d | Close file (See above)
2018-12-25T11:41:26.269121982Z 67 PC: 12b8c | Get or set file attributes (See above)
2018-12-25T11:41:26.280472377Z 79 PC: 12a7d | Find next file (See above)
2018-12-25T11:41:26.283340638Z 61 PC: 12b81 | Open file (See above)
2018-12-25T11:41:26.29119257Z 63 PC: 12a8f | Read file or device (See above)
2018-12-25T11:41:26.298411198Z 62 PC: 12a93 | Close file (See above)
2018-12-25T11:41:26.300779575Z 79 PC: 12a7d | Find next file (See above)
2018-12-25T11:41:26.304854314Z 61 PC: 12b81 | Open file (See above)
2018-12-25T11:41:26.312515432Z 63 PC: 12a8f | Read file or device (See above)
2018-12-25T11:41:26.315793713Z 62 PC: 12a93 | Close file (See above)
2018-12-25T11:41:26.319260099Z 79 PC: 12a7d | Find next file (See above)
2018-12-25T11:41:26.322072979Z 42 PC: 12ac1 | Get date 0x12ac1: cmp dh, 0xa
0x12ac4: jne 0x12ae8
0x12ac6: cmp dl, 0x19
0x12ac9: jne 0x12ae8
0x12acb: cmp cx, 0x7d0
0x12acf: jae 0x12ad4
0x12ad1: fninit
0x12ad3: mov ah, 0x33
0x12ad5: sal byte ptr [bp + di], 0xdb
0x12ad8: xor cx, cx
0x12ada: xor dx, dx
0x12adc: mov ax, 0xffff
0x12adf: push ax
0x12ae0: mov ax, 0
0x12ae3: push ax
0x12ae4: retf
0x12ae5: jmp 0x12ae8
0x12ae7: nop
0x12ae8: mov ah, 0x1a
0x12aea: mov dx, 0x80
2018-12-25T11:41:28.529692237Z 72 PC: 8f1b9 | Allocate memory
2018-12-25T11:41:28.532593167Z 72 PC: 8f1bd | Allocate memory
2018-12-25T11:41:28.535732011Z 99 PC: 90858 | Get DBCS lead byte table pointer
2018-12-25T11:41:28.539103001Z 61 PC: 91f88 | Open file (Filename = 'C:\WINDOWS\HIMEM.SYS')
2018-12-25T11:41:28.551446819Z 66 PC: 91f95 | Move file pointer
2018-12-25T11:41:28.554741337Z 62 PC: 91fc1 | Close file
2018-12-25T11:41:28.557458558Z 75 PC: 91fe0 | Execute program
2018-12-25T11:41:28.576009407Z 98 PC: 916f1 | Get current PSP
2018-12-25T11:41:28.578834207Z 9 PC: c605 | Display string (String= '6��r�&;] u')
2018-12-25T11:41:28.583750329Z 48 PC: c609 | Get DOS version
2018-12-25T11:41:28.587415779Z 9 PC: c382 | Display string (String= ' Installed A20 handler number ')
2018-12-25T11:41:28.591231817Z 2 PC: c38c | Character output (Char = '32')
2018-12-25T11:41:28.594649365Z 2 PC: c3a7 | Character output (Char = '2e')
2018-12-25T11:41:28.599003915Z 9 PC: c6d9 | Display string (String= '�����VH�VD���V@��������������_���Ku��t1��������D�����t �� ��������a1��Z�����W���� ������5���|�����(���������Nj�(��������p�^')
2018-12-25T11:41:28.604342499Z 9 PC: c6e0 | Display string (String= '�5���|�����(���������Nj�(��������p�^')
2018-12-25T11:41:28.610615584Z 61 PC: 91f88 | Open file (See above)
2018-12-25T11:41:28.62263544Z 66 PC: 91f95 | Move file pointer (See above)
2018-12-25T11:41:28.625008003Z 62 PC: 91fc1 | Close file (See above)
2018-12-25T11:41:28.634498487Z 75 PC: 91fe0 | Execute program (See above)
2018-12-25T11:41:28.65908665Z 98 PC: 916f1 | Get current PSP (See above)
2018-12-25T11:41:28.663869892Z 82 PC: 13d46 | Get DOS internal pointers (SYSVARS)
2018-12-25T11:41:28.666388871Z 53 PC: 13ac3 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:41:28.668242698Z 37 PC: 13ad6 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:41:28.670082866Z 53 PC: 13ae0 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T11:41:28.672551268Z 37 PC: 13af3 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T11:41:28.674425733Z 9 PC: 13a0d | Display string (Could not find end pointer)
2018-12-25T11:41:28.683433834Z 62 PC: 8f8eb | Close file
2018-12-25T11:41:28.686307503Z 62 PC: 8f8f2 | Close file
2018-12-25T11:41:28.688834783Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:41:28.691012911Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:41:28.693772387Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:41:28.695816766Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:41:28.697926383Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:41:28.700644795Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:41:28.702578139Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:41:28.704675415Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:41:28.707372549Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:41:28.709480194Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:41:28.711552891Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:41:28.714343279Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:41:28.716991836Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:41:28.719045027Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:41:28.721091483Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:41:28.723741556Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:41:28.72637912Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:41:28.728469454Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:41:28.731444574Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:41:28.733483513Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:41:28.735550598Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:41:28.738861616Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:41:28.741925503Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:41:28.74401051Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:41:28.746848276Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:41:28.749081397Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:41:28.75114107Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:41:28.753407644Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:41:28.756364876Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:41:28.758417904Z 61 PC: 8f8ff | Open file (Filename = '')
2018-12-25T11:41:28.764227467Z 62 PC: 8f90e | Close file
2018-12-25T11:41:28.767273452Z 69 PC: 8f915 | Duplicate handle
2018-12-25T11:41:28.769504423Z 69 PC: 8f919 | Duplicate handle
2018-12-25T11:41:28.771693062Z 61 PC: 9387b | Open file (Filename = '')
2018-12-25T11:41:28.787822653Z 68 PC: 9386b | I/O control for devices (Set for = '')
2018-12-25T11:41:28.789341947Z 61 PC: 9387b | Open file (See above)
2018-12-25T11:41:28.794927072Z 68 PC: 9386b | I/O control for devices (See above)
2018-12-25T11:41:28.797879199Z 74 PC: 8f9c4 | Reallocate memory
2018-12-25T11:41:28.799821524Z 72 PC: 8f9e0 | Allocate memory
2018-12-25T11:41:28.802079269Z 72 PC: 8f9e4 | Allocate memory
2018-12-25T11:41:28.804914374Z 74 PC: 8f9fb | Reallocate memory
2018-12-25T11:41:28.80709572Z 72 PC: 8fa02 | Allocate memory
2018-12-25T11:41:28.810755649Z 72 PC: 8fa06 | Allocate memory
2018-12-25T11:41:28.813554026Z 73 PC: 8fa11 | Release memory
2018-12-25T11:41:28.815898354Z 73 PC: 8efea | Release memory
2018-12-25T11:41:28.817754514Z 74 PC: 8f003 | Reallocate memory
2018-12-25T11:41:28.820273725Z 72 PC: 8f054 | Allocate memory
2018-12-25T11:41:28.823549035Z 72 PC: 8f058 | Allocate memory
2018-12-25T11:41:28.825599539Z 73 PC: 8f060 | Release memory
2018-12-25T11:41:28.827426917Z 61 PC: 8f080 | Open file (Filename = '')
2018-12-25T11:41:28.839565606Z 63 PC: 8f095 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:41:28.846143898Z 66 PC: 8f0ad | Move file pointer
2018-12-25T11:41:28.848148819Z 62 PC: 8f0d1 | Close file
2018-12-25T11:41:28.851548909Z 75 PC: 8f0f2 | Execute program
2018-12-25T11:41:28.8750509Z 80 PC: 12be9 | Set current PSP
2018-12-25T11:41:28.876422296Z 48 PC: 12bee | Get DOS version
2018-12-25T11:41:28.879185349Z 99 PC: 193d0 | Get DBCS lead byte table pointer
2018-12-25T11:41:28.882361007Z 101 PC: 12c74 | Get extended country info
2018-12-25T11:41:28.88433707Z 99 PC: 12c7a | Get DBCS lead byte table pointer
2018-12-25T11:41:28.88677905Z 74 PC: 12cdc | Reallocate memory
2018-12-25T11:41:28.88896001Z 72 PC: 1355d | Allocate memory
2018-12-25T11:41:28.891235787Z 25 PC: 13596 | Get default drive
2018-12-25T11:41:28.893767517Z 71 PC: 135ad | Get current directory
2018-12-25T11:41:28.897080977Z 59 PC: 135ba | Change current directory
2018-12-25T11:41:28.904222684Z 59 PC: 135c8 | Change current directory
2018-12-25T11:41:28.911829524Z 59 PC: 135d3 | Change current directory
2018-12-25T11:41:28.916571049Z 25 PC: 12d13 | Get default drive
2018-12-25T11:41:28.918417716Z 37 PC: 127d3 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T11:41:28.920408549Z 37 PC: 127da | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T11:41:28.923008832Z 37 PC: 127e1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:41:28.925985437Z 80 PC: 1301d | Set current PSP
2018-12-25T11:41:28.927472925Z 37 PC: 13041 | Set interrupt vector (Interrupt = '46' AKA 'Set verify flag')
2018-12-25T11:41:28.93040625Z 53 PC: 13362 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T11:41:28.932236241Z 37 PC: 13383 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T11:41:28.934097719Z 51 PC: 13417 | Get or set Ctrl-Break
2018-12-25T11:41:28.937917963Z 72 PC: 130ec | Allocate memory
2018-12-25T11:41:28.940427666Z 61 PC: 131b2 | Open file (Filename = '')
2018-12-25T11:41:28.947656679Z 62 PC: 131ba | Close file
2018-12-25T11:41:28.950800656Z 51 PC: 1344c | Get or set Ctrl-Break
2018-12-25T11:41:28.952546602Z 74 PC: 1197c | Reallocate memory
2018-12-25T11:41:28.954650606Z 72 PC: 11991 | Allocate memory
2018-12-25T11:41:28.957490849Z 73 PC: 119b2 | Release memory
2018-12-25T11:41:28.959043633Z 72 PC: 119bd | Allocate memory
2018-12-25T11:41:28.960966598Z 73 PC: 119df | Release memory
2018-12-25T11:41:28.963242883Z 72 PC: 119f5 | Allocate memory
2018-12-25T11:41:28.965506623Z 72 PC: 119fd | Allocate memory