Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Roxy.4400

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T21:56:27.63833171Z	53	PC: 1354a \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T21:56:27.64019541Z	53	PC: 1354a \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T21:56:27.641576702Z	53	PC: 1354a \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T21:56:27.642835191Z	53	PC: 1354a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:56:27.645016661Z	53	PC: 1354a \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T21:56:27.646870824Z	53	PC: 1354a \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:56:27.648272147Z	53	PC: 1354a \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T21:56:27.649701956Z	53	PC: 1354a \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T21:56:27.651434651Z	53	PC: 1354a \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T21:56:27.65264303Z	53	PC: 1354a \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T21:56:27.65390128Z	53	PC: 1354a \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T21:56:27.656120974Z	53	PC: 1354a \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T21:56:27.657627037Z	53	PC: 1354a \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T21:56:27.658712484Z	53	PC: 1354a \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T21:56:27.664773112Z	53	PC: 1354a \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T21:56:27.666666506Z	53	PC: 1354a \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T21:56:27.667940241Z	53	PC: 1354a \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T21:56:27.669977494Z	53	PC: 1354a \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T21:56:27.671138113Z	53	PC: 1354a \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T21:56:27.672273528Z	37	PC: 1355f \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T21:56:27.674823475Z	37	PC: 13567 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T21:56:27.675890272Z	37	PC: 1356f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:56:27.676815407Z	37	PC: 13577 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T21:56:27.678711722Z	68	PC: 13f2f \| I/O control for devices (Set for = '')
2018-12-17T21:56:27.679870346Z	67	PC: 132d6 \| Get or set file attributes
2018-12-17T21:56:27.683552508Z	65	PC: 13afb \| Delete file (Filename = 'anti-vir.dat')
2018-12-17T21:56:27.687845295Z	67	PC: 132d6 \| Get or set file attributes
2018-12-17T21:56:27.693542734Z	65	PC: 13afb \| Delete file (Filename = 'chklist.ms')
2018-12-17T21:56:27.699448099Z	25	PC: 13c01 \| Get default drive
2018-12-17T21:56:27.701388213Z	71	PC: 13c14 \| Get current directory
2018-12-17T21:56:27.704198721Z	26	PC: 1334d \| Set disk transfer address
2018-12-17T21:56:27.705170547Z	78	PC: 13359 \| Find first file
2018-12-17T21:56:27.711564416Z	67	PC: 132d6 \| Get or set file attributes
2018-12-17T21:56:27.972856363Z	61	PC: 139b2 \| Open file (Filename = 'TEST.EXE')
2018-12-17T21:56:27.982447495Z	63	PC: 13a85 \| Read file or device (Read 35 bytes on handle 5)
2018-12-17T21:56:27.987557752Z	62	PC: 13a02 \| Close file
2018-12-17T21:56:27.990341701Z	60	PC: 139b2 \| Create or truncate file
2018-12-17T21:56:28.002903571Z	48	PC: 13b74 \| Get DOS version
2018-12-17T21:56:28.005229132Z	61	PC: 139b2 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T21:56:28.011706346Z	63	PC: 13a85 \| Read file or device (Read 4400 bytes on handle 6)
2018-12-17T21:56:28.019703648Z	64	PC: 13a85 \| Write file or device (Write 4400 bytes on handle 5)
2018-12-17T21:56:28.028478675Z	62	PC: 13a02 \| Close file
2018-12-17T21:56:28.031010576Z	61	PC: 139b2 \| Open file (Filename = 'TEST.EXE')
2018-12-17T21:56:28.037832861Z	87	PC: 132f0 \| Get or set file date and time
2018-12-17T21:56:28.040200126Z	63	PC: 13a85 \| Read file or device (Read 63000 bytes on handle 6)
2018-12-17T21:56:28.048119665Z	64	PC: 13a85 \| Write file or device (Write 6016 bytes on handle 5)
2018-12-17T21:56:28.057722085Z	63	PC: 13a85 \| Read file or device (Read 63000 bytes on handle 6)
2018-12-17T21:56:28.061118891Z	62	PC: 13a02 \| Close file
2018-12-17T21:56:28.063086327Z	65	PC: 13afb \| Delete file (Filename = 'TEST.EXE')
2018-12-17T21:56:28.075975501Z	87	PC: 1331d \| Get or set file date and time
2018-12-17T21:56:28.078113676Z	62	PC: 13a02 \| Close file
2018-12-17T21:56:28.086619012Z	86	PC: 13b3f \| Rename file
2018-12-17T21:56:28.098796925Z	26	PC: 13371 \| Set disk transfer address
2018-12-17T21:56:28.100218468Z	79	PC: 13376 \| Find next file
2018-12-17T21:56:28.104625817Z	67	PC: 132d6 \| Get or set file attributes
2018-12-17T21:56:28.116942571Z	61	PC: 139b2 \| Open file (Filename = 'TEST.EXE')
2018-12-17T21:56:28.124188285Z	63	PC: 13a85 \| Read file or device (Read 35 bytes on handle 5)
2018-12-17T21:56:28.131454982Z	62	PC: 13a02 \| Close file
2018-12-17T21:56:28.133764759Z	60	PC: 139b2 \| Create or truncate file
2018-12-17T21:56:28.145513041Z	48	PC: 13b74 \| Get DOS version
2018-12-17T21:56:28.148196614Z	61	PC: 139b2 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T21:56:28.155028484Z	63	PC: 13a85 \| Read file or device (Read 4400 bytes on handle 6)
2018-12-17T21:56:28.162761861Z	64	PC: 13a85 \| Write file or device (Write 4400 bytes on handle 5)
2018-12-17T21:56:28.172338837Z	62	PC: 13a02 \| Close file
2018-12-17T21:56:28.174862024Z	61	PC: 139b2 \| Open file (Filename = 'TEST.EXE')
2018-12-17T21:56:28.182710919Z	87	PC: 132f0 \| Get or set file date and time
2018-12-17T21:56:28.185086035Z	63	PC: 13a85 \| Read file or device (Read 63000 bytes on handle 6)
2018-12-17T21:56:28.19328661Z	64	PC: 13a85 \| Write file or device (Write 10416 bytes on handle 5)
2018-12-17T21:56:28.202457324Z	63	PC: 13a85 \| Read file or device (Read 63000 bytes on handle 6)
2018-12-17T21:56:28.205853147Z	62	PC: 13a02 \| Close file
2018-12-17T21:56:28.207920568Z	65	PC: 13afb \| Delete file (Filename = 'TEST.EXE')
2018-12-17T21:56:28.219176498Z	87	PC: 1331d \| Get or set file date and time
2018-12-17T21:56:28.221244531Z	62	PC: 13a02 \| Close file
2018-12-17T21:56:28.228856602Z	86	PC: 13b3f \| Rename file
2018-12-17T21:56:28.240241441Z	26	PC: 13371 \| Set disk transfer address
2018-12-17T21:56:28.242630258Z	79	PC: 13376 \| Find next file
2018-12-17T21:56:28.255824608Z	14	PC: 13c5a \| Set default drive (Drive = 'C')
2018-12-17T21:56:28.258989726Z	25	PC: 13c5e \| Get default drive
2018-12-17T21:56:28.261097554Z	59	PC: 13cc8 \| Change current directory
2018-12-17T21:56:28.267404215Z	26	PC: 1334d \| Set disk transfer address
2018-12-17T21:56:28.269034293Z	78	PC: 13359 \| Find first file
2018-12-17T21:56:28.279442772Z	67	PC: 132d6 \| Get or set file attributes
2018-12-17T21:56:28.628019703Z	61	PC: 139b2 \| Open file (Filename = 'ATTRIB.EXE')
2018-12-17T21:56:28.634970325Z	63	PC: 13a85 \| Read file or device (Read 35 bytes on handle 5)
2018-12-17T21:56:28.640244504Z	62	PC: 13a02 \| Close file
2018-12-17T21:56:28.642376319Z	60	PC: 139b2 \| Create or truncate file
2018-12-17T21:56:28.654200519Z	48	PC: 13b74 \| Get DOS version
2018-12-17T21:56:28.656017444Z	61	PC: 139b2 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T21:56:28.6632932Z	63	PC: 13a85 \| Read file or device (Read 4400 bytes on handle 6)
2018-12-17T21:56:28.673488807Z	64	PC: 13a85 \| Write file or device (Write 4400 bytes on handle 5)
2018-12-17T21:56:28.686350883Z	62	PC: 13a02 \| Close file
2018-12-17T21:56:28.690356901Z	61	PC: 139b2 \| Open file (Filename = 'ATTRIB.EXE')
2018-12-17T21:56:28.698559477Z	87	PC: 132f0 \| Get or set file date and time
2018-12-17T21:56:28.700459173Z	63	PC: 13a85 \| Read file or device (Read 63000 bytes on handle 6)
2018-12-17T21:56:28.711420043Z	64	PC: 13a85 \| Write file or device (Write 11208 bytes on handle 5)
2018-12-17T21:56:28.728504723Z	63	PC: 13a85 \| Read file or device (Read 63000 bytes on handle 6)
2018-12-17T21:56:28.732797579Z	62	PC: 13a02 \| Close file
2018-12-17T21:56:28.736058981Z	65	PC: 13afb \| Delete file (Filename = 'ATTRIB.EXE')
2018-12-17T21:56:28.748788826Z	87	PC: 1331d \| Get or set file date and time
2018-12-17T21:56:28.750867847Z	62	PC: 13a02 \| Close file
2018-12-17T21:56:28.759675982Z	86	PC: 13b3f \| Rename file
2018-12-17T21:56:28.773182612Z	26	PC: 13371 \| Set disk transfer address
2018-12-17T21:56:28.774773769Z	79	PC: 13376 \| Find next file
2018-12-17T21:56:28.780269416Z	14	PC: 13c5a \| Set default drive (Drive = 'A')
2018-12-17T21:56:28.782478719Z	25	PC: 13c5e \| Get default drive
2018-12-17T21:56:28.784048682Z	59	PC: 13cc8 \| Change current directory
2018-12-17T21:56:28.78972928Z	42	PC: 12a50 \| Get date 0x12a50: cmp dl, 0x16 0x12a53: je 0x12a5a 0x12a55: mov ax, 0 0x12a58: jmp 0x12a67 0x12a5a: cmp dh, 5 0x12a5d: je 0x12a64 0x12a5f: mov ax, 1 0x12a62: jmp 0x12a67 0x12a64: mov ax, 2 0x12a67: ret 0x12a68: add cx, word ptr [di + 0x4d] 0x12a6b: xor ax, word ptr [bp + di] 0x12a6d: push bx 0x12a6e: xor al, 0x47 0x12a70: add dx, word ptr [bp + si + 0x45] 0x12a73: push dx 0x12a74: add dx, word ptr [bp + si + 0x54] 0x12a77: inc sp 0x12a78: add ax, word ptr [di + 0x54] 0x12a7b: push si
2018-12-17T21:56:28.792899209Z	42	PC: 12a50 \| Get date 0x12a50: cmp dl, 0x16 0x12a53: je 0x12a5a 0x12a55: mov ax, 0 0x12a58: jmp 0x12a67 0x12a5a: cmp dh, 5 0x12a5d: je 0x12a64 0x12a5f: mov ax, 1 0x12a62: jmp 0x12a67 0x12a64: mov ax, 2 0x12a67: ret 0x12a68: add cx, word ptr [di + 0x4d] 0x12a6b: xor ax, word ptr [bp + di] 0x12a6d: push bx 0x12a6e: xor al, 0x47 0x12a70: add dx, word ptr [bp + si + 0x45] 0x12a73: push dx 0x12a74: add dx, word ptr [bp + si + 0x54] 0x12a77: inc sp 0x12a78: add ax, word ptr [di + 0x54] 0x12a7b: push si
2018-12-17T21:56:28.795563233Z	48	PC: 13b74 \| Get DOS version
2018-12-17T21:56:28.797755788Z	48	PC: 13b74 \| Get DOS version
2018-12-17T21:56:28.800505361Z	48	PC: 13b74 \| Get DOS version
2018-12-17T21:56:28.802729636Z	86	PC: 13b3f \| Rename file
2018-12-17T21:56:28.816460224Z	61	PC: 139b2 \| Open file (Filename = 'A:\TEST.dat')
2018-12-17T21:56:28.82545129Z	48	PC: 13b74 \| Get DOS version
2018-12-17T21:56:28.827213477Z	60	PC: 139b2 \| Create or truncate file
2018-12-17T21:56:28.839428768Z	66	PC: 13ae4 \| Move file pointer
2018-12-17T21:56:28.842914724Z	63	PC: 13a85 \| Read file or device (Read 63000 bytes on handle 5)
2018-12-17T21:56:28.852200158Z	64	PC: 13a85 \| Write file or device (Write 10416 bytes on handle 6)
2018-12-17T21:56:28.861117332Z	63	PC: 13a85 \| Read file or device (Read 63000 bytes on handle 5)
2018-12-17T21:56:28.864616291Z	62	PC: 13a02 \| Close file
2018-12-17T21:56:28.866722424Z	62	PC: 13a02 \| Close file
2018-12-17T21:56:28.874980055Z	53	PC: 134bc \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T21:56:28.876834547Z	37	PC: 134c5 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T21:56:28.878340629Z	53	PC: 134bc \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T21:56:28.879871882Z	37	PC: 134c5 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T21:56:28.882227444Z	53	PC: 134bc \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T21:56:28.883882672Z	37	PC: 134c5 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T21:56:28.885335513Z	53	PC: 134bc \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:56:28.888097322Z	37	PC: 134c5 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:56:28.889702468Z	53	PC: 134bc \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T21:56:28.891181079Z	37	PC: 134c5 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T21:56:28.893268768Z	53	PC: 134bc \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:56:28.89475623Z	37	PC: 134c5 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:56:28.896197335Z	53	PC: 134bc \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T21:56:28.898484066Z	37	PC: 134c5 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T21:56:28.90006717Z	53	PC: 134bc \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T21:56:28.901526702Z	37	PC: 134c5 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T21:56:28.903743235Z	53	PC: 134bc \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T21:56:28.905367738Z	37	PC: 134c5 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T21:56:28.906818868Z	53	PC: 134bc \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T21:56:28.908876235Z	37	PC: 134c5 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T21:56:28.910228232Z	53	PC: 134bc \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T21:56:28.911668374Z	37	PC: 134c5 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T21:56:28.913566138Z	53	PC: 134bc \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T21:56:28.914713329Z	37	PC: 134c5 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T21:56:28.915740729Z	53	PC: 134bc \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T21:56:28.917072838Z	37	PC: 134c5 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T21:56:28.918335336Z	53	PC: 134bc \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T21:56:28.9194725Z	37	PC: 134c5 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T21:56:28.920799843Z	53	PC: 134bc \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T21:56:28.922997224Z	37	PC: 134c5 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T21:56:28.924343738Z	53	PC: 134bc \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T21:56:28.926326761Z	37	PC: 134c5 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T21:56:28.928081974Z	53	PC: 134bc \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T21:56:28.92949558Z	37	PC: 134c5 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T21:56:28.931101086Z	53	PC: 134bc \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T21:56:28.932829603Z	37	PC: 134c5 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T21:56:28.934229218Z	53	PC: 134bc \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T21:56:28.937163597Z	37	PC: 134c5 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T21:56:28.938950971Z	48	PC: 13b74 \| Get DOS version
2018-12-17T21:56:28.940635877Z	41	PC: 13473 \| Parse filename
2018-12-17T21:56:28.94253442Z	41	PC: 13481 \| Parse filename
2018-12-17T21:56:28.945022682Z	75	PC: 1348c \| Execute program

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":706,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:41:27.385981619Z	53	PC: 1354a \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T11:41:27.389089843Z	53	PC: 1354a \| Get interrupt vector (See above)
2018-12-25T11:41:27.392037477Z	53	PC: 1354a \| Get interrupt vector (See above)
2018-12-25T11:41:27.393411312Z	53	PC: 1354a \| Get interrupt vector (See above)
2018-12-25T11:41:27.395864921Z	53	PC: 1354a \| Get interrupt vector (See above)
2018-12-25T11:41:27.397058059Z	53	PC: 1354a \| Get interrupt vector (See above)
2018-12-25T11:41:27.398231479Z	53	PC: 1354a \| Get interrupt vector (See above)
2018-12-25T11:41:27.401693417Z	53	PC: 1354a \| Get interrupt vector (See above)
2018-12-25T11:41:27.402994866Z	53	PC: 1354a \| Get interrupt vector (See above)
2018-12-25T11:41:27.404356139Z	53	PC: 1354a \| Get interrupt vector (See above)
2018-12-25T11:41:27.405647779Z	53	PC: 1354a \| Get interrupt vector (See above)
2018-12-25T11:41:27.407676714Z	53	PC: 1354a \| Get interrupt vector (See above)
2018-12-25T11:41:27.410203551Z	53	PC: 1354a \| Get interrupt vector (See above)
2018-12-25T11:41:27.412283031Z	53	PC: 1354a \| Get interrupt vector (See above)
2018-12-25T11:41:27.416293765Z	53	PC: 1354a \| Get interrupt vector (See above)
2018-12-25T11:41:27.418899168Z	53	PC: 1354a \| Get interrupt vector (See above)
2018-12-25T11:41:27.420142204Z	53	PC: 1354a \| Get interrupt vector (See above)
2018-12-25T11:41:27.421875251Z	53	PC: 1354a \| Get interrupt vector (See above)
2018-12-25T11:41:27.423296726Z	53	PC: 1354a \| Get interrupt vector (See above)
2018-12-25T11:41:27.424938685Z	37	PC: 1355f \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T11:41:27.426889639Z	37	PC: 13567 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T11:41:27.428816615Z	37	PC: 1356f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:41:27.430367Z	37	PC: 13577 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-25T11:41:27.433088159Z	68	PC: 13f2f \| I/O control for devices (Set for = '')
2018-12-25T11:41:27.435185587Z	67	PC: 132d6 \| Get or set file attributes
2018-12-25T11:41:27.441230116Z	65	PC: 13afb \| Delete file (Filename = 'anti-vir.dat')
2018-12-25T11:41:27.447806563Z	67	PC: 132d6 \| Get or set file attributes (See above)
2018-12-25T11:41:27.453508377Z	65	PC: 13afb \| Delete file (See above)
2018-12-25T11:41:27.460120935Z	25	PC: 13c01 \| Get default drive
2018-12-25T11:41:27.461956042Z	71	PC: 13c14 \| Get current directory
2018-12-25T11:41:27.465174807Z	26	PC: 1334d \| Set disk transfer address
2018-12-25T11:41:27.466228319Z	78	PC: 13359 \| Find first file
2018-12-25T11:41:27.473524634Z	67	PC: 132d6 \| Get or set file attributes (See above)
2018-12-25T11:41:27.491691746Z	61	PC: 139b2 \| Open file (Filename = 'TEST.EXE')
2018-12-25T11:41:27.500003474Z	63	PC: 13a85 \| Read file or device (Read 35 bytes on handle 5)
2018-12-25T11:41:27.508314637Z	62	PC: 13a02 \| Close file
2018-12-25T11:41:27.510613203Z	60	PC: 139b2 \| Create or truncate file (See above)
2018-12-25T11:41:27.521746747Z	48	PC: 13b74 \| Get DOS version
2018-12-25T11:41:27.523600299Z	61	PC: 139b2 \| Open file (See above)
2018-12-25T11:41:27.531665095Z	63	PC: 13a85 \| Read file or device (See above)
2018-12-25T11:41:27.539581049Z	64	PC: 13a85 \| Write file or device (See above)
2018-12-25T11:41:27.550458582Z	62	PC: 13a02 \| Close file (See above)
2018-12-25T11:41:27.552439891Z	61	PC: 139b2 \| Open file (See above)
2018-12-25T11:41:27.559144083Z	87	PC: 132f0 \| Get or set file date and time
2018-12-25T11:41:27.561265108Z	63	PC: 13a85 \| Read file or device (See above)
2018-12-25T11:41:27.569033471Z	64	PC: 13a85 \| Write file or device (See above)
2018-12-25T11:41:27.578096059Z	63	PC: 13a85 \| Read file or device (See above)
2018-12-25T11:41:27.581067898Z	62	PC: 13a02 \| Close file (See above)
2018-12-25T11:41:27.582775414Z	65	PC: 13afb \| Delete file (See above)
2018-12-25T11:41:27.59511255Z	87	PC: 1331d \| Get or set file date and time
2018-12-25T11:41:27.596967629Z	62	PC: 13a02 \| Close file (See above)
2018-12-25T11:41:27.604627295Z	86	PC: 13b3f \| Rename file
2018-12-25T11:41:27.615711242Z	26	PC: 13371 \| Set disk transfer address
2018-12-25T11:41:27.61727208Z	79	PC: 13376 \| Find next file
2018-12-25T11:41:27.620175764Z	67	PC: 132d6 \| Get or set file attributes (See above)
2018-12-25T11:41:27.629776729Z	61	PC: 139b2 \| Open file (See above)
2018-12-25T11:41:27.63699429Z	63	PC: 13a85 \| Read file or device (See above)
2018-12-25T11:41:27.643606068Z	62	PC: 13a02 \| Close file (See above)
2018-12-25T11:41:27.645536157Z	60	PC: 139b2 \| Create or truncate file (See above)
2018-12-25T11:41:27.659528022Z	48	PC: 13b74 \| Get DOS version (See above)
2018-12-25T11:41:27.661672923Z	61	PC: 139b2 \| Open file (See above)
2018-12-25T11:41:27.669029325Z	63	PC: 13a85 \| Read file or device (See above)
2018-12-25T11:41:27.676580123Z	64	PC: 13a85 \| Write file or device (See above)
2018-12-25T11:41:27.685447731Z	62	PC: 13a02 \| Close file (See above)
2018-12-25T11:41:27.687657531Z	61	PC: 139b2 \| Open file (See above)
2018-12-25T11:41:27.694450032Z	87	PC: 132f0 \| Get or set file date and time (See above)
2018-12-25T11:41:27.696457198Z	63	PC: 13a85 \| Read file or device (See above)
2018-12-25T11:41:27.704463779Z	64	PC: 13a85 \| Write file or device (See above)
2018-12-25T11:41:27.713504957Z	63	PC: 13a85 \| Read file or device (See above)
2018-12-25T11:41:27.71629121Z	62	PC: 13a02 \| Close file (See above)
2018-12-25T11:41:27.718318209Z	65	PC: 13afb \| Delete file (See above)
2018-12-25T11:41:27.73019042Z	87	PC: 1331d \| Get or set file date and time (See above)
2018-12-25T11:41:27.732875518Z	62	PC: 13a02 \| Close file (See above)
2018-12-25T11:41:27.739791712Z	86	PC: 13b3f \| Rename file (See above)
2018-12-25T11:41:27.750835659Z	26	PC: 13371 \| Set disk transfer address (See above)
2018-12-25T11:41:27.753326797Z	79	PC: 13376 \| Find next file (See above)
2018-12-25T11:41:27.75676855Z	14	PC: 13c5a \| Set default drive (Drive = 'C')
2018-12-25T11:41:27.757889219Z	25	PC: 13c5e \| Get default drive
2018-12-25T11:41:27.759411805Z	59	PC: 13cc8 \| Change current directory
2018-12-25T11:41:27.765293548Z	26	PC: 1334d \| Set disk transfer address (See above)
2018-12-25T11:41:27.766462865Z	78	PC: 13359 \| Find first file (See above)
2018-12-25T11:41:27.775838281Z	67	PC: 132d6 \| Get or set file attributes (See above)
2018-12-25T11:41:28.764658746Z	61	PC: 139b2 \| Open file (See above)
2018-12-25T11:41:28.772586625Z	63	PC: 13a85 \| Read file or device (See above)
2018-12-25T11:41:28.779873942Z	62	PC: 13a02 \| Close file (See above)
2018-12-25T11:41:28.782223544Z	60	PC: 139b2 \| Create or truncate file (See above)
2018-12-25T11:41:28.793933197Z	48	PC: 13b74 \| Get DOS version (See above)
2018-12-25T11:41:28.796612433Z	61	PC: 139b2 \| Open file (See above)
2018-12-25T11:41:28.803322201Z	63	PC: 13a85 \| Read file or device (See above)
2018-12-25T11:41:28.812139103Z	64	PC: 13a85 \| Write file or device (See above)
2018-12-25T11:41:28.823567982Z	62	PC: 13a02 \| Close file (See above)
2018-12-25T11:41:28.825585351Z	61	PC: 139b2 \| Open file (See above)
2018-12-25T11:41:28.833451393Z	87	PC: 132f0 \| Get or set file date and time (See above)
2018-12-25T11:41:28.837503429Z	63	PC: 13a85 \| Read file or device (See above)
2018-12-25T11:41:28.847981313Z	64	PC: 13a85 \| Write file or device (See above)
2018-12-25T11:41:28.862136753Z	63	PC: 13a85 \| Read file or device (See above)
2018-12-25T11:41:28.865678911Z	62	PC: 13a02 \| Close file (See above)
2018-12-25T11:41:28.868487423Z	65	PC: 13afb \| Delete file (See above)
2018-12-25T11:41:28.879941881Z	87	PC: 1331d \| Get or set file date and time (See above)
2018-12-25T11:41:28.881723847Z	62	PC: 13a02 \| Close file (See above)
2018-12-25T11:41:28.888746798Z	86	PC: 13b3f \| Rename file (See above)
2018-12-25T11:41:28.897802985Z	26	PC: 13371 \| Set disk transfer address (See above)
2018-12-25T11:41:28.899191362Z	79	PC: 13376 \| Find next file (See above)
2018-12-25T11:41:28.903767421Z	14	PC: 13c5a \| Set default drive (See above)
2018-12-25T11:41:28.905022969Z	25	PC: 13c5e \| Get default drive (See above)
2018-12-25T11:41:28.906133944Z	59	PC: 13cc8 \| Change current directory (See above)
2018-12-25T11:41:28.911272441Z	42	PC: 12a50 \| Get date 0x12a50: cmp dl, 0x16 0x12a53: je 0x12a5a 0x12a55: mov ax, 0 0x12a58: jmp 0x12a67 0x12a5a: cmp dh, 5 0x12a5d: je 0x12a64 0x12a5f: mov ax, 1 0x12a62: jmp 0x12a67 0x12a64: mov ax, 2 0x12a67: ret 0x12a68: add cx, word ptr [di + 0x4d] 0x12a6b: xor ax, word ptr [bp + di] 0x12a6d: push bx 0x12a6e: xor al, 0x47 0x12a70: add dx, word ptr [bp + si + 0x45] 0x12a73: push dx 0x12a74: add dx, word ptr [bp + si + 0x54] 0x12a77: inc sp 0x12a78: add ax, word ptr [di + 0x54] 0x12a7b: push si
2018-12-25T11:41:28.913357505Z	42	PC: 12a50 \| Get date (See above)
2018-12-25T11:41:28.915401082Z	48	PC: 13b74 \| Get DOS version (See above)
2018-12-25T11:41:28.917630098Z	48	PC: 13b74 \| Get DOS version (See above)
2018-12-25T11:41:28.918857538Z	48	PC: 13b74 \| Get DOS version (See above)
2018-12-25T11:41:28.920348433Z	86	PC: 13b3f \| Rename file (See above)
2018-12-25T11:41:28.932911699Z	61	PC: 139b2 \| Open file (See above)
2018-12-25T11:41:28.9395294Z	48	PC: 13b74 \| Get DOS version (See above)
2018-12-25T11:41:28.940981689Z	60	PC: 139b2 \| Create or truncate file (See above)
2018-12-25T11:41:28.952189471Z	66	PC: 13ae4 \| Move file pointer
2018-12-25T11:41:28.953572314Z	63	PC: 13a85 \| Read file or device (See above)
2018-12-25T11:41:28.962061892Z	64	PC: 13a85 \| Write file or device (See above)
2018-12-25T11:41:28.971650191Z	63	PC: 13a85 \| Read file or device (See above)
2018-12-25T11:41:28.974153426Z	62	PC: 13a02 \| Close file (See above)
2018-12-25T11:41:28.9762405Z	62	PC: 13a02 \| Close file (See above)
2018-12-25T11:41:28.984596381Z	53	PC: 134bc \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T11:41:28.985784155Z	37	PC: 134c5 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T11:41:28.986892569Z	53	PC: 134bc \| Get interrupt vector (See above)
2018-12-25T11:41:28.989054355Z	37	PC: 134c5 \| Set interrupt vector (See above)
2018-12-25T11:41:28.990471279Z	53	PC: 134bc \| Get interrupt vector (See above)
2018-12-25T11:41:28.991919638Z	37	PC: 134c5 \| Set interrupt vector (See above)
2018-12-25T11:41:28.994311841Z	53	PC: 134bc \| Get interrupt vector (See above)
2018-12-25T11:41:28.995719627Z	37	PC: 134c5 \| Set interrupt vector (See above)
2018-12-25T11:41:28.997092743Z	53	PC: 134bc \| Get interrupt vector (See above)
2018-12-25T11:41:28.999366319Z	37	PC: 134c5 \| Set interrupt vector (See above)
2018-12-25T11:41:29.001053133Z	53	PC: 134bc \| Get interrupt vector (See above)
2018-12-25T11:41:29.002198764Z	37	PC: 134c5 \| Set interrupt vector (See above)
2018-12-25T11:41:29.004016871Z	53	PC: 134bc \| Get interrupt vector (See above)
2018-12-25T11:41:29.005184056Z	37	PC: 134c5 \| Set interrupt vector (See above)
2018-12-25T11:41:29.006610564Z	53	PC: 134bc \| Get interrupt vector (See above)
2018-12-25T11:41:29.008716155Z	37	PC: 134c5 \| Set interrupt vector (See above)
2018-12-25T11:41:29.009874444Z	53	PC: 134bc \| Get interrupt vector (See above)
2018-12-25T11:41:29.012233491Z	37	PC: 134c5 \| Set interrupt vector (See above)
2018-12-25T11:41:29.01435431Z	53	PC: 134bc \| Get interrupt vector (See above)
2018-12-25T11:41:29.015691625Z	37	PC: 134c5 \| Set interrupt vector (See above)
2018-12-25T11:41:29.017416417Z	53	PC: 134bc \| Get interrupt vector (See above)
2018-12-25T11:41:29.02051875Z	37	PC: 134c5 \| Set interrupt vector (See above)
2018-12-25T11:41:29.022807874Z	53	PC: 134bc \| Get interrupt vector (See above)
2018-12-25T11:41:29.02385725Z	37	PC: 134c5 \| Set interrupt vector (See above)
2018-12-25T11:41:29.0257832Z	53	PC: 134bc \| Get interrupt vector (See above)
2018-12-25T11:41:29.027645321Z	37	PC: 134c5 \| Set interrupt vector (See above)
2018-12-25T11:41:29.0291132Z	53	PC: 134bc \| Get interrupt vector (See above)
2018-12-25T11:41:29.031740872Z	37	PC: 134c5 \| Set interrupt vector (See above)
2018-12-25T11:41:29.033154337Z	53	PC: 134bc \| Get interrupt vector (See above)
2018-12-25T11:41:29.034923922Z	37	PC: 134c5 \| Set interrupt vector (See above)
2018-12-25T11:41:29.037921639Z	53	PC: 134bc \| Get interrupt vector (See above)
2018-12-25T11:41:29.039580184Z	37	PC: 134c5 \| Set interrupt vector (See above)
2018-12-25T11:41:29.041075255Z	53	PC: 134bc \| Get interrupt vector (See above)
2018-12-25T11:41:29.042723075Z	37	PC: 134c5 \| Set interrupt vector (See above)
2018-12-25T11:41:29.044666872Z	53	PC: 134bc \| Get interrupt vector (See above)
2018-12-25T11:41:29.046184296Z	37	PC: 134c5 \| Set interrupt vector (See above)
2018-12-25T11:41:29.047881389Z	53	PC: 134bc \| Get interrupt vector (See above)
2018-12-25T11:41:29.050173363Z	37	PC: 134c5 \| Set interrupt vector (See above)
2018-12-25T11:41:29.051609808Z	48	PC: 13b74 \| Get DOS version (See above)
2018-12-25T11:41:29.0532997Z	41	PC: 13473 \| Parse filename
2018-12-25T11:41:29.055846754Z	41	PC: 13481 \| Parse filename
2018-12-25T11:41:29.05759935Z	75	PC: 1348c \| Execute program

{"DateBased":true,"Day":22,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":706,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:41:27.424702302Z	53	PC: 1354a \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T11:41:27.426821093Z	53	PC: 1354a \| Get interrupt vector (See above)
2018-12-25T11:41:27.428035412Z	53	PC: 1354a \| Get interrupt vector (See above)
2018-12-25T11:41:27.429234253Z	53	PC: 1354a \| Get interrupt vector (See above)
2018-12-25T11:41:27.434632651Z	53	PC: 1354a \| Get interrupt vector (See above)
2018-12-25T11:41:27.435791427Z	53	PC: 1354a \| Get interrupt vector (See above)
2018-12-25T11:41:27.436908121Z	53	PC: 1354a \| Get interrupt vector (See above)
2018-12-25T11:41:27.438179659Z	53	PC: 1354a \| Get interrupt vector (See above)
2018-12-25T11:41:27.439756868Z	53	PC: 1354a \| Get interrupt vector (See above)
2018-12-25T11:41:27.44204338Z	53	PC: 1354a \| Get interrupt vector (See above)
2018-12-25T11:41:27.444299231Z	53	PC: 1354a \| Get interrupt vector (See above)
2018-12-25T11:41:27.447123456Z	53	PC: 1354a \| Get interrupt vector (See above)
2018-12-25T11:41:27.449209916Z	53	PC: 1354a \| Get interrupt vector (See above)
2018-12-25T11:41:27.451764379Z	53	PC: 1354a \| Get interrupt vector (See above)
2018-12-25T11:41:27.460117317Z	53	PC: 1354a \| Get interrupt vector (See above)
2018-12-25T11:41:27.461761606Z	53	PC: 1354a \| Get interrupt vector (See above)
2018-12-25T11:41:27.463251291Z	53	PC: 1354a \| Get interrupt vector (See above)
2018-12-25T11:41:27.465867022Z	53	PC: 1354a \| Get interrupt vector (See above)
2018-12-25T11:41:27.467040579Z	53	PC: 1354a \| Get interrupt vector (See above)
2018-12-25T11:41:27.468162056Z	37	PC: 1355f \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T11:41:27.470004767Z	37	PC: 13567 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T11:41:27.47136373Z	37	PC: 1356f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:41:27.472778311Z	37	PC: 13577 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-25T11:41:27.478331227Z	68	PC: 13f2f \| I/O control for devices (Set for = '')
2018-12-25T11:41:27.480043497Z	67	PC: 132d6 \| Get or set file attributes
2018-12-25T11:41:27.485690152Z	65	PC: 13afb \| Delete file (Filename = 'anti-vir.dat')
2018-12-25T11:41:27.493021029Z	67	PC: 132d6 \| Get or set file attributes (See above)
2018-12-25T11:41:27.49889093Z	65	PC: 13afb \| Delete file (See above)
2018-12-25T11:41:27.504917392Z	25	PC: 13c01 \| Get default drive
2018-12-25T11:41:27.506610651Z	71	PC: 13c14 \| Get current directory
2018-12-25T11:41:27.510123035Z	26	PC: 1334d \| Set disk transfer address
2018-12-25T11:41:27.511478565Z	78	PC: 13359 \| Find first file
2018-12-25T11:41:27.517815493Z	67	PC: 132d6 \| Get or set file attributes (See above)
2018-12-25T11:41:27.539379652Z	61	PC: 139b2 \| Open file (Filename = 'TEST.EXE')
2018-12-25T11:41:27.556551969Z	63	PC: 13a85 \| Read file or device (Read 35 bytes on handle 5)
2018-12-25T11:41:27.559807413Z	62	PC: 13a02 \| Close file
2018-12-25T11:41:27.563149978Z	60	PC: 139b2 \| Create or truncate file (See above)
2018-12-25T11:41:27.574424493Z	48	PC: 13b74 \| Get DOS version
2018-12-25T11:41:27.576446173Z	61	PC: 139b2 \| Open file (See above)
2018-12-25T11:41:27.583436212Z	63	PC: 13a85 \| Read file or device (See above)
2018-12-25T11:41:27.591078392Z	64	PC: 13a85 \| Write file or device (See above)
2018-12-25T11:41:27.599441331Z	62	PC: 13a02 \| Close file (See above)
2018-12-25T11:41:27.602724548Z	61	PC: 139b2 \| Open file (See above)
2018-12-25T11:41:27.609215921Z	87	PC: 132f0 \| Get or set file date and time
2018-12-25T11:41:27.610680941Z	63	PC: 13a85 \| Read file or device (See above)
2018-12-25T11:41:27.618735793Z	64	PC: 13a85 \| Write file or device (See above)
2018-12-25T11:41:27.627581214Z	63	PC: 13a85 \| Read file or device (See above)
2018-12-25T11:41:27.630008106Z	62	PC: 13a02 \| Close file (See above)
2018-12-25T11:41:27.632610879Z	65	PC: 13afb \| Delete file (See above)
2018-12-25T11:41:27.644394423Z	87	PC: 1331d \| Get or set file date and time
2018-12-25T11:41:27.646196208Z	62	PC: 13a02 \| Close file (See above)
2018-12-25T11:41:27.653929909Z	86	PC: 13b3f \| Rename file
2018-12-25T11:41:27.665970151Z	26	PC: 13371 \| Set disk transfer address
2018-12-25T11:41:27.667097598Z	79	PC: 13376 \| Find next file
2018-12-25T11:41:27.670803407Z	67	PC: 132d6 \| Get or set file attributes (See above)
2018-12-25T11:41:27.680524457Z	61	PC: 139b2 \| Open file (See above)
2018-12-25T11:41:27.687037347Z	63	PC: 13a85 \| Read file or device (See above)
2018-12-25T11:41:27.69418598Z	62	PC: 13a02 \| Close file (See above)
2018-12-25T11:41:27.696498841Z	60	PC: 139b2 \| Create or truncate file (See above)
2018-12-25T11:41:27.707336942Z	48	PC: 13b74 \| Get DOS version (See above)
2018-12-25T11:41:27.709472138Z	61	PC: 139b2 \| Open file (See above)
2018-12-25T11:41:27.716122951Z	63	PC: 13a85 \| Read file or device (See above)
2018-12-25T11:41:27.723597692Z	64	PC: 13a85 \| Write file or device (See above)
2018-12-25T11:41:27.732662158Z	62	PC: 13a02 \| Close file (See above)
2018-12-25T11:41:27.734421709Z	61	PC: 139b2 \| Open file (See above)
2018-12-25T11:41:27.741005599Z	87	PC: 132f0 \| Get or set file date and time (See above)
2018-12-25T11:41:27.743425931Z	63	PC: 13a85 \| Read file or device (See above)
2018-12-25T11:41:27.751455747Z	64	PC: 13a85 \| Write file or device (See above)
2018-12-25T11:41:27.760318884Z	63	PC: 13a85 \| Read file or device (See above)
2018-12-25T11:41:27.763319466Z	62	PC: 13a02 \| Close file (See above)
2018-12-25T11:41:27.765338743Z	65	PC: 13afb \| Delete file (See above)
2018-12-25T11:41:27.776967531Z	87	PC: 1331d \| Get or set file date and time (See above)
2018-12-25T11:41:27.779837045Z	62	PC: 13a02 \| Close file (See above)
2018-12-25T11:41:27.787217718Z	86	PC: 13b3f \| Rename file (See above)
2018-12-25T11:41:28.114971998Z	26	PC: 13371 \| Set disk transfer address (See above)
2018-12-25T11:41:28.116783551Z	79	PC: 13376 \| Find next file (See above)
2018-12-25T11:41:28.121860471Z	14	PC: 13c5a \| Set default drive (Drive = 'C')
2018-12-25T11:41:28.123445178Z	25	PC: 13c5e \| Get default drive
2018-12-25T11:41:28.125857394Z	59	PC: 13cc8 \| Change current directory
2018-12-25T11:41:28.130892355Z	26	PC: 1334d \| Set disk transfer address (See above)
2018-12-25T11:41:28.13177986Z	78	PC: 13359 \| Find first file (See above)
2018-12-25T11:41:28.142498829Z	67	PC: 132d6 \| Get or set file attributes (See above)
2018-12-25T11:41:28.765063737Z	61	PC: 139b2 \| Open file (See above)
2018-12-25T11:41:28.772677234Z	63	PC: 13a85 \| Read file or device (See above)
2018-12-25T11:41:28.77976722Z	62	PC: 13a02 \| Close file (See above)
2018-12-25T11:41:28.78316864Z	60	PC: 139b2 \| Create or truncate file (See above)
2018-12-25T11:41:28.796514058Z	48	PC: 13b74 \| Get DOS version (See above)
2018-12-25T11:41:28.799380945Z	61	PC: 139b2 \| Open file (See above)
2018-12-25T11:41:28.806847071Z	63	PC: 13a85 \| Read file or device (See above)
2018-12-25T11:41:28.814571831Z	64	PC: 13a85 \| Write file or device (See above)
2018-12-25T11:41:28.824847964Z	62	PC: 13a02 \| Close file (See above)
2018-12-25T11:41:28.828267988Z	61	PC: 139b2 \| Open file (See above)
2018-12-25T11:41:28.835414434Z	87	PC: 132f0 \| Get or set file date and time (See above)
2018-12-25T11:41:28.837348704Z	63	PC: 13a85 \| Read file or device (See above)
2018-12-25T11:41:28.847230554Z	64	PC: 13a85 \| Write file or device (See above)
2018-12-25T11:41:28.861797254Z	63	PC: 13a85 \| Read file or device (See above)
2018-12-25T11:41:28.864851575Z	62	PC: 13a02 \| Close file (See above)
2018-12-25T11:41:28.868026228Z	65	PC: 13afb \| Delete file (See above)
2018-12-25T11:41:28.879831778Z	87	PC: 1331d \| Get or set file date and time (See above)
2018-12-25T11:41:28.882078336Z	62	PC: 13a02 \| Close file (See above)
2018-12-25T11:41:28.889559819Z	86	PC: 13b3f \| Rename file (See above)
2018-12-25T11:41:28.901006061Z	26	PC: 13371 \| Set disk transfer address (See above)
2018-12-25T11:41:28.902425969Z	79	PC: 13376 \| Find next file (See above)
2018-12-25T11:41:28.907041213Z	14	PC: 13c5a \| Set default drive (See above)
2018-12-25T11:41:28.908642851Z	25	PC: 13c5e \| Get default drive (See above)
2018-12-25T11:41:28.910117041Z	59	PC: 13cc8 \| Change current directory (See above)
2018-12-25T11:41:28.915377795Z	42	PC: 12a50 \| Get date 0x12a50: cmp dl, 0x16 0x12a53: je 0x12a5a 0x12a55: mov ax, 0 0x12a58: jmp 0x12a67 0x12a5a: cmp dh, 5 0x12a5d: je 0x12a64 0x12a5f: mov ax, 1 0x12a62: jmp 0x12a67 0x12a64: mov ax, 2 0x12a67: ret 0x12a68: add cx, word ptr [di + 0x4d] 0x12a6b: xor ax, word ptr [bp + di] 0x12a6d: push bx 0x12a6e: xor al, 0x47 0x12a70: add dx, word ptr [bp + si + 0x45] 0x12a73: push dx 0x12a74: add dx, word ptr [bp + si + 0x54] 0x12a77: inc sp 0x12a78: add ax, word ptr [di + 0x54] 0x12a7b: push si
2018-12-25T11:41:28.926719133Z	42	PC: 12a50 \| Get date (See above)
2018-12-25T11:41:28.929254837Z	48	PC: 13b74 \| Get DOS version (See above)
2018-12-25T11:41:28.931893404Z	48	PC: 13b74 \| Get DOS version (See above)
2018-12-25T11:41:28.933961119Z	48	PC: 13b74 \| Get DOS version (See above)
2018-12-25T11:41:28.935894773Z	86	PC: 13b3f \| Rename file (See above)
2018-12-25T11:41:28.948852271Z	61	PC: 139b2 \| Open file (See above)
2018-12-25T11:41:28.95613578Z	48	PC: 13b74 \| Get DOS version (See above)
2018-12-25T11:41:28.957888591Z	60	PC: 139b2 \| Create or truncate file (See above)
2018-12-25T11:41:28.96981983Z	66	PC: 13ae4 \| Move file pointer
2018-12-25T11:41:28.972016245Z	63	PC: 13a85 \| Read file or device (See above)
2018-12-25T11:41:28.980407158Z	64	PC: 13a85 \| Write file or device (See above)
2018-12-25T11:41:28.990309069Z	63	PC: 13a85 \| Read file or device (See above)
2018-12-25T11:41:28.993242012Z	62	PC: 13a02 \| Close file (See above)
2018-12-25T11:41:28.994879128Z	62	PC: 13a02 \| Close file (See above)
2018-12-25T11:41:29.000223737Z	53	PC: 134bc \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T11:41:29.00248494Z	37	PC: 134c5 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T11:41:29.004198471Z	53	PC: 134bc \| Get interrupt vector (See above)
2018-12-25T11:41:29.005610466Z	37	PC: 134c5 \| Set interrupt vector (See above)
2018-12-25T11:41:29.00741729Z	53	PC: 134bc \| Get interrupt vector (See above)
2018-12-25T11:41:29.009217506Z	37	PC: 134c5 \| Set interrupt vector (See above)
2018-12-25T11:41:29.010458449Z	53	PC: 134bc \| Get interrupt vector (See above)
2018-12-25T11:41:29.012011065Z	37	PC: 134c5 \| Set interrupt vector (See above)
2018-12-25T11:41:29.013028844Z	53	PC: 134bc \| Get interrupt vector (See above)
2018-12-25T11:41:29.014329832Z	37	PC: 134c5 \| Set interrupt vector (See above)
2018-12-25T11:41:29.016042474Z	53	PC: 134bc \| Get interrupt vector (See above)
2018-12-25T11:41:29.016980231Z	37	PC: 134c5 \| Set interrupt vector (See above)
2018-12-25T11:41:29.017885826Z	53	PC: 134bc \| Get interrupt vector (See above)
2018-12-25T11:41:29.019278894Z	37	PC: 134c5 \| Set interrupt vector (See above)
2018-12-25T11:41:29.020566435Z	53	PC: 134bc \| Get interrupt vector (See above)
2018-12-25T11:41:29.021644004Z	37	PC: 134c5 \| Set interrupt vector (See above)
2018-12-25T11:41:29.022826444Z	53	PC: 134bc \| Get interrupt vector (See above)
2018-12-25T11:41:29.02382209Z	37	PC: 134c5 \| Set interrupt vector (See above)
2018-12-25T11:41:29.032744244Z	53	PC: 134bc \| Get interrupt vector (See above)
2018-12-25T11:41:29.034006864Z	37	PC: 134c5 \| Set interrupt vector (See above)
2018-12-25T11:41:29.034899636Z	53	PC: 134bc \| Get interrupt vector (See above)
2018-12-25T11:41:29.035944577Z	37	PC: 134c5 \| Set interrupt vector (See above)
2018-12-25T11:41:29.037388664Z	53	PC: 134bc \| Get interrupt vector (See above)
2018-12-25T11:41:29.038377091Z	37	PC: 134c5 \| Set interrupt vector (See above)
2018-12-25T11:41:29.039758239Z	53	PC: 134bc \| Get interrupt vector (See above)
2018-12-25T11:41:29.040651812Z	37	PC: 134c5 \| Set interrupt vector (See above)
2018-12-25T11:41:29.041522128Z	53	PC: 134bc \| Get interrupt vector (See above)
2018-12-25T11:41:29.043162904Z	37	PC: 134c5 \| Set interrupt vector (See above)
2018-12-25T11:41:29.044123421Z	53	PC: 134bc \| Get interrupt vector (See above)
2018-12-25T11:41:29.045110216Z	37	PC: 134c5 \| Set interrupt vector (See above)
2018-12-25T11:41:29.046904235Z	53	PC: 134bc \| Get interrupt vector (See above)
2018-12-25T11:41:29.047818915Z	37	PC: 134c5 \| Set interrupt vector (See above)
2018-12-25T11:41:29.048712138Z	53	PC: 134bc \| Get interrupt vector (See above)
2018-12-25T11:41:29.049952983Z	37	PC: 134c5 \| Set interrupt vector (See above)
2018-12-25T11:41:29.051165569Z	53	PC: 134bc \| Get interrupt vector (See above)
2018-12-25T11:41:29.052052796Z	37	PC: 134c5 \| Set interrupt vector (See above)
2018-12-25T11:41:29.053413435Z	53	PC: 134bc \| Get interrupt vector (See above)
2018-12-25T11:41:29.05437706Z	37	PC: 134c5 \| Set interrupt vector (See above)
2018-12-25T11:41:29.055254425Z	48	PC: 13b74 \| Get DOS version (See above)
2018-12-25T11:41:29.056932267Z	41	PC: 13473 \| Parse filename
2018-12-25T11:41:29.057979579Z	41	PC: 13481 \| Parse filename
2018-12-25T11:41:29.058994042Z	75	PC: 1348c \| Execute program

{"DateBased":true,"Day":22,"Month":5,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":706,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:41:27.432447689Z	53	PC: 1354a \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T11:41:27.43381914Z	53	PC: 1354a \| Get interrupt vector (See above)
2018-12-25T11:41:27.436310752Z	53	PC: 1354a \| Get interrupt vector (See above)
2018-12-25T11:41:27.437378251Z	53	PC: 1354a \| Get interrupt vector (See above)
2018-12-25T11:41:27.438285274Z	53	PC: 1354a \| Get interrupt vector (See above)
2018-12-25T11:41:27.43979962Z	53	PC: 1354a \| Get interrupt vector (See above)
2018-12-25T11:41:27.440691007Z	53	PC: 1354a \| Get interrupt vector (See above)
2018-12-25T11:41:27.443369749Z	53	PC: 1354a \| Get interrupt vector (See above)
2018-12-25T11:41:27.446271093Z	53	PC: 1354a \| Get interrupt vector (See above)
2018-12-25T11:41:27.44833672Z	53	PC: 1354a \| Get interrupt vector (See above)
2018-12-25T11:41:27.450911677Z	53	PC: 1354a \| Get interrupt vector (See above)
2018-12-25T11:41:27.452674106Z	53	PC: 1354a \| Get interrupt vector (See above)
2018-12-25T11:41:27.453935397Z	53	PC: 1354a \| Get interrupt vector (See above)
2018-12-25T11:41:27.455240784Z	53	PC: 1354a \| Get interrupt vector (See above)
2018-12-25T11:41:27.456886982Z	53	PC: 1354a \| Get interrupt vector (See above)
2018-12-25T11:41:27.457939627Z	53	PC: 1354a \| Get interrupt vector (See above)
2018-12-25T11:41:27.458896732Z	53	PC: 1354a \| Get interrupt vector (See above)
2018-12-25T11:41:27.464490109Z	53	PC: 1354a \| Get interrupt vector (See above)
2018-12-25T11:41:27.465631638Z	53	PC: 1354a \| Get interrupt vector (See above)
2018-12-25T11:41:27.467546126Z	37	PC: 1355f \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T11:41:27.469790165Z	37	PC: 13567 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T11:41:27.470980219Z	37	PC: 1356f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:41:27.472162455Z	37	PC: 13577 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-25T11:41:27.474174885Z	68	PC: 13f2f \| I/O control for devices (Set for = '')
2018-12-25T11:41:27.475912183Z	67	PC: 132d6 \| Get or set file attributes
2018-12-25T11:41:27.481712676Z	65	PC: 13afb \| Delete file (Filename = 'anti-vir.dat')
2018-12-25T11:41:27.488178777Z	67	PC: 132d6 \| Get or set file attributes (See above)
2018-12-25T11:41:27.491964501Z	65	PC: 13afb \| Delete file (See above)
2018-12-25T11:41:27.497689672Z	25	PC: 13c01 \| Get default drive
2018-12-25T11:41:27.499016946Z	71	PC: 13c14 \| Get current directory
2018-12-25T11:41:27.503426398Z	26	PC: 1334d \| Set disk transfer address
2018-12-25T11:41:27.504740294Z	78	PC: 13359 \| Find first file
2018-12-25T11:41:27.512387768Z	67	PC: 132d6 \| Get or set file attributes (See above)
2018-12-25T11:41:27.535099426Z	61	PC: 139b2 \| Open file (Filename = 'TEST.EXE')
2018-12-25T11:41:27.541925101Z	63	PC: 13a85 \| Read file or device (Read 35 bytes on handle 5)
2018-12-25T11:41:27.545110775Z	62	PC: 13a02 \| Close file
2018-12-25T11:41:27.550683009Z	60	PC: 139b2 \| Create or truncate file (See above)
2018-12-25T11:41:27.561366222Z	48	PC: 13b74 \| Get DOS version
2018-12-25T11:41:27.562812412Z	61	PC: 139b2 \| Open file (See above)
2018-12-25T11:41:27.570452729Z	63	PC: 13a85 \| Read file or device (See above)
2018-12-25T11:41:27.57813417Z	64	PC: 13a85 \| Write file or device (See above)
2018-12-25T11:41:27.586651256Z	62	PC: 13a02 \| Close file (See above)
2018-12-25T11:41:27.58973245Z	61	PC: 139b2 \| Open file (See above)
2018-12-25T11:41:27.59712224Z	87	PC: 132f0 \| Get or set file date and time
2018-12-25T11:41:27.598645982Z	63	PC: 13a85 \| Read file or device (See above)
2018-12-25T11:41:27.607364274Z	64	PC: 13a85 \| Write file or device (See above)
2018-12-25T11:41:27.616296364Z	63	PC: 13a85 \| Read file or device (See above)
2018-12-25T11:41:27.618839435Z	62	PC: 13a02 \| Close file (See above)
2018-12-25T11:41:27.622339675Z	65	PC: 13afb \| Delete file (See above)
2018-12-25T11:41:27.634347421Z	87	PC: 1331d \| Get or set file date and time
2018-12-25T11:41:27.635929495Z	62	PC: 13a02 \| Close file (See above)
2018-12-25T11:41:27.643650291Z	86	PC: 13b3f \| Rename file
2018-12-25T11:41:27.655140053Z	26	PC: 13371 \| Set disk transfer address
2018-12-25T11:41:27.657005026Z	79	PC: 13376 \| Find next file
2018-12-25T11:41:27.661506708Z	67	PC: 132d6 \| Get or set file attributes (See above)
2018-12-25T11:41:27.671237318Z	61	PC: 139b2 \| Open file (See above)
2018-12-25T11:41:27.677975035Z	63	PC: 13a85 \| Read file or device (See above)
2018-12-25T11:41:27.68551707Z	62	PC: 13a02 \| Close file (See above)
2018-12-25T11:41:27.687840509Z	60	PC: 139b2 \| Create or truncate file (See above)
2018-12-25T11:41:27.698895776Z	48	PC: 13b74 \| Get DOS version (See above)
2018-12-25T11:41:27.700869362Z	61	PC: 139b2 \| Open file (See above)
2018-12-25T11:41:27.708119672Z	63	PC: 13a85 \| Read file or device (See above)
2018-12-25T11:41:27.715722313Z	64	PC: 13a85 \| Write file or device (See above)
2018-12-25T11:41:27.724672266Z	62	PC: 13a02 \| Close file (See above)
2018-12-25T11:41:27.727237432Z	61	PC: 139b2 \| Open file (See above)
2018-12-25T11:41:27.734421683Z	87	PC: 132f0 \| Get or set file date and time (See above)
2018-12-25T11:41:27.736364339Z	63	PC: 13a85 \| Read file or device (See above)
2018-12-25T11:41:27.746717426Z	64	PC: 13a85 \| Write file or device (See above)
2018-12-25T11:41:27.757423552Z	63	PC: 13a85 \| Read file or device (See above)
2018-12-25T11:41:27.760007873Z	62	PC: 13a02 \| Close file (See above)
2018-12-25T11:41:27.762827757Z	65	PC: 13afb \| Delete file (See above)
2018-12-25T11:41:27.774113956Z	87	PC: 1331d \| Get or set file date and time (See above)
2018-12-25T11:41:27.775945492Z	62	PC: 13a02 \| Close file (See above)
2018-12-25T11:41:27.783579475Z	86	PC: 13b3f \| Rename file (See above)
2018-12-25T11:41:28.071065635Z	26	PC: 13371 \| Set disk transfer address (See above)
2018-12-25T11:41:28.072519215Z	79	PC: 13376 \| Find next file (See above)
2018-12-25T11:41:28.076705436Z	14	PC: 13c5a \| Set default drive (Drive = 'C')
2018-12-25T11:41:28.078211206Z	25	PC: 13c5e \| Get default drive
2018-12-25T11:41:28.079575513Z	59	PC: 13cc8 \| Change current directory
2018-12-25T11:41:28.086619823Z	26	PC: 1334d \| Set disk transfer address (See above)
2018-12-25T11:41:28.08791106Z	78	PC: 13359 \| Find first file (See above)
2018-12-25T11:41:28.095831875Z	67	PC: 132d6 \| Get or set file attributes (See above)
2018-12-25T11:41:28.76486614Z	61	PC: 139b2 \| Open file (See above)
2018-12-25T11:41:28.772288252Z	63	PC: 13a85 \| Read file or device (See above)
2018-12-25T11:41:28.778555386Z	62	PC: 13a02 \| Close file (See above)
2018-12-25T11:41:28.783356596Z	60	PC: 139b2 \| Create or truncate file (See above)
2018-12-25T11:41:28.795405308Z	48	PC: 13b74 \| Get DOS version (See above)
2018-12-25T11:41:28.797129092Z	61	PC: 139b2 \| Open file (See above)
2018-12-25T11:41:28.805006824Z	63	PC: 13a85 \| Read file or device (See above)
2018-12-25T11:41:28.813061724Z	64	PC: 13a85 \| Write file or device (See above)
2018-12-25T11:41:28.822968939Z	62	PC: 13a02 \| Close file (See above)
2018-12-25T11:41:28.826011756Z	61	PC: 139b2 \| Open file (See above)
2018-12-25T11:41:28.833235652Z	87	PC: 132f0 \| Get or set file date and time (See above)
2018-12-25T11:41:28.834954718Z	63	PC: 13a85 \| Read file or device (See above)
2018-12-25T11:41:28.848593327Z	64	PC: 13a85 \| Write file or device (See above)
2018-12-25T11:41:28.863966998Z	63	PC: 13a85 \| Read file or device (See above)
2018-12-25T11:41:28.866476017Z	62	PC: 13a02 \| Close file (See above)
2018-12-25T11:41:28.869581022Z	65	PC: 13afb \| Delete file (See above)
2018-12-25T11:41:28.881417291Z	87	PC: 1331d \| Get or set file date and time (See above)
2018-12-25T11:41:28.88286044Z	62	PC: 13a02 \| Close file (See above)
2018-12-25T11:41:28.887517844Z	86	PC: 13b3f \| Rename file (See above)
2018-12-25T11:41:28.912270179Z	26	PC: 13371 \| Set disk transfer address (See above)
2018-12-25T11:41:28.922851903Z	79	PC: 13376 \| Find next file (See above)
2018-12-25T11:41:28.927590265Z	14	PC: 13c5a \| Set default drive (See above)
2018-12-25T11:41:28.929377068Z	25	PC: 13c5e \| Get default drive (See above)
2018-12-25T11:41:28.930867497Z	59	PC: 13cc8 \| Change current directory (See above)
2018-12-25T11:41:28.942335443Z	42	PC: 12a50 \| Get date 0x12a50: cmp dl, 0x16 0x12a53: je 0x12a5a 0x12a55: mov ax, 0 0x12a58: jmp 0x12a67 0x12a5a: cmp dh, 5 0x12a5d: je 0x12a64 0x12a5f: mov ax, 1 0x12a62: jmp 0x12a67 0x12a64: mov ax, 2 0x12a67: ret 0x12a68: add cx, word ptr [di + 0x4d] 0x12a6b: xor ax, word ptr [bp + di] 0x12a6d: push bx 0x12a6e: xor al, 0x47 0x12a70: add dx, word ptr [bp + si + 0x45] 0x12a73: push dx 0x12a74: add dx, word ptr [bp + si + 0x54] 0x12a77: inc sp 0x12a78: add ax, word ptr [di + 0x54] 0x12a7b: push si
2018-12-25T11:41:28.944959466Z	42	PC: 12a50 \| Get date (See above)