Sample viewer

vx.netlux.org/Virus.DOS.HLLC.FindMe.12736

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:45:36.828172851Z 48 PC: 12d74 | Get DOS version
2018-12-17T22:45:36.830263969Z 74 PC: 12dcf | Reallocate memory
2018-12-17T22:45:36.832109655Z 48 PC: 12e28 | Get DOS version
2018-12-17T22:45:36.833696886Z 53 PC: 12e30 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:45:36.83557873Z 37 PC: 12e42 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:45:36.837594305Z 68 PC: 12ec6 | I/O control for devices (Set for = '^��l�P+�P�F�P�?)��� ��l�P�()���� �uh��f�P�F�P��f�P��f�P�F�P�_"�� ��f�P��f�P���P��^�P�F�P�A"�� �4P�F�P���P��^�P�F�P�s#�� +�P�F�P�(�� �t���d��:P�^�7�s���F��>P�F�P�b���� ��')
2018-12-17T22:45:36.839424884Z 68 PC: 12ec6 | I/O control for devices
2018-12-17T22:45:36.841228061Z 68 PC: 12ec6 | I/O control for devices
2018-12-17T22:45:36.844032588Z 68 PC: 12ec6 | I/O control for devices
2018-12-17T22:45:36.845627353Z 68 PC: 12ec6 | I/O control for devices
2018-12-17T22:45:36.847864565Z 42 PC: 149c6 | Get date 0x149c6: mov bx, dx
0x149c8: mov word ptr [bp - 2], cx
0x149cb: mov ah, 0x2c
0x149cd: int 0x21
0x149cf: xor ah, ah
0x149d1: mov al, dh
0x149d3: push ax
0x149d4: mov al, cl
0x149d6: push ax
0x149d7: mov al, ch
0x149d9: push ax
0x149da: push ax
0x149db: mov ah, 0x2a
0x149dd: int 0x21
0x149df: cmp bx, dx
0x149e1: pop ax
0x149e2: je 0x149ed
0x149e4: cmp al, 0x17
0x149e6: jne 0x149ed
0x149e8: mov dx, bx
2018-12-17T22:45:36.851347546Z 44 PC: 149cf | Get time 0x149cf: xor ah, ah
0x149d1: mov al, dh
0x149d3: push ax
0x149d4: mov al, cl
0x149d6: push ax
0x149d7: mov al, ch
0x149d9: push ax
0x149da: push ax
0x149db: mov ah, 0x2a
0x149dd: int 0x21
0x149df: cmp bx, dx
0x149e1: pop ax
0x149e2: je 0x149ed
0x149e4: cmp al, 0x17
0x149e6: jne 0x149ed
0x149e8: mov dx, bx
0x149ea: mov cx, word ptr [bp - 2]
0x149ed: xor ah, ah
0x149ef: mov al, dl
0x149f1: push ax
2018-12-17T22:45:36.854010638Z 42 PC: 149df | Get date 0x149df: cmp bx, dx
0x149e1: pop ax
0x149e2: je 0x149ed
0x149e4: cmp al, 0x17
0x149e6: jne 0x149ed
0x149e8: mov dx, bx
0x149ea: mov cx, word ptr [bp - 2]
0x149ed: xor ah, ah
0x149ef: mov al, dl
0x149f1: push ax
0x149f2: mov al, dh
0x149f4: push ax
0x149f5: mov ax, cx
0x149f7: sub ax, 0x7bc
0x149fa: push ax
0x149fb: call 0x14b98
0x149fe: add sp, 0xc
0x14a01: cmp word ptr [bp + 4], 0
0x14a05: je 0x14a0f
0x14a07: mov bx, word ptr [bp + 4]
2018-12-17T22:45:36.859124392Z 26 PC: 15500 | Set disk transfer address
2018-12-17T22:45:36.861800027Z 78 PC: 1550f | Find first file
2018-12-17T22:45:36.869130455Z 67 PC: 154c7 | Get or set file attributes
2018-12-17T22:45:36.876675276Z 61 PC: 13d32 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:45:36.884693044Z 68 PC: 13d63 | I/O control for devices (Set for = 'A:\TEST.EXE')
2018-12-17T22:45:36.8866451Z 67 PC: 13e58 | Get or set file attributes
2018-12-17T22:45:36.893457866Z 61 PC: 13d32 | Open file (Filename = 'TEST.com')
2018-12-17T22:45:36.900491115Z 60 PC: 13e07 | Create or truncate file
2018-12-17T22:45:36.918904568Z 62 PC: 13e1e | Close file
2018-12-17T22:45:36.921154453Z 61 PC: 13e2d | Open file (Filename = 'TEST.com')
2018-12-17T22:45:36.928490402Z 67 PC: 13e58 | Get or set file attributes
2018-12-17T22:45:36.935864201Z 66 PC: 13cf4 | Move file pointer
2018-12-17T22:45:36.937862184Z 66 PC: 13cf4 | Move file pointer
2018-12-17T22:45:36.939805954Z 66 PC: 13cf4 | Move file pointer
2018-12-17T22:45:36.942834261Z 66 PC: 13cf4 | Move file pointer
2018-12-17T22:45:36.944756081Z 63 PC: 13ecd | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:45:36.949225646Z 66 PC: 13cf4 | Move file pointer
2018-12-17T22:45:36.966186741Z 66 PC: 13cf4 | Move file pointer
2018-12-17T22:45:36.968139769Z 66 PC: 13cf4 | Move file pointer
2018-12-17T22:45:36.970018016Z 63 PC: 13ecd | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:45:36.979597157Z 63 PC: 13ecd | Read file or device (Read 11776 bytes on handle 5)
2018-12-17T22:45:36.993518954Z 63 PC: 13ecd | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:45:36.997980824Z 64 PC: 14085 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:37.006733553Z 64 PC: 14085 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:37.016548658Z 64 PC: 14085 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:37.025295405Z 64 PC: 14085 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:37.039191264Z 64 PC: 14085 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:37.049428631Z 64 PC: 14085 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:37.058505669Z 64 PC: 14085 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:37.067196271Z 64 PC: 14085 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:37.077059526Z 64 PC: 14085 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:37.086722084Z 64 PC: 14085 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:37.095951598Z 64 PC: 14085 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:37.105801587Z 64 PC: 14085 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:37.114866342Z 64 PC: 14085 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:37.123612659Z 64 PC: 14085 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:37.133457119Z 64 PC: 14085 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:37.142561227Z 64 PC: 14085 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:37.152744122Z 64 PC: 14085 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:37.162129449Z 64 PC: 14085 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:37.171092724Z 64 PC: 14085 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:37.179404124Z 64 PC: 14085 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:37.187630774Z 64 PC: 14085 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:37.197172315Z 64 PC: 14085 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:37.205819015Z 64 PC: 14085 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:37.214568728Z 64 PC: 14085 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:37.224202912Z 62 PC: 13c7a | Close file
2018-12-17T22:45:37.226440414Z 64 PC: 14085 | Write file or device (Write 448 bytes on handle 6)
2018-12-17T22:45:37.231079919Z 62 PC: 13c7a | Close file
2018-12-17T22:45:37.243022709Z 41 PC: 152a1 | Parse filename
2018-12-17T22:45:37.244736908Z 41 PC: 152a9 | Parse filename
2018-12-17T22:45:37.246727807Z 11 PC: 152eb | Get input status
2018-12-17T22:45:37.249986728Z 75 PC: 152f9 | Execute program
2018-12-17T22:45:37.266752998Z 48 PC: 25b44 | Get DOS version
2018-12-17T22:45:37.268380454Z 74 PC: 25b9f | Reallocate memory
2018-12-17T22:45:37.27019914Z 48 PC: 25bf8 | Get DOS version
2018-12-17T22:45:37.272808891Z 53 PC: 25c00 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:45:37.274207608Z 37 PC: 25c12 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:45:37.275533318Z 68 PC: 25c96 | I/O control for devices (Set for = '')
2018-12-17T22:45:37.27786107Z 68 PC: 25c96 | I/O control for devices (Set for = '')
2018-12-17T22:45:37.27918122Z 68 PC: 25c96 | I/O control for devices (Set for = '')
2018-12-17T22:45:37.280423753Z 68 PC: 25c96 | I/O control for devices (Set for = '')
2018-12-17T22:45:37.282459697Z 68 PC: 25c96 | I/O control for devices (Set for = '')
2018-12-17T22:45:37.284189466Z 42 PC: 27796 | Get date 0x27796: mov bx, dx
0x27798: mov word ptr [bp - 2], cx
0x2779b: mov ah, 0x2c
0x2779d: int 0x21
0x2779f: xor ah, ah
0x277a1: mov al, dh
0x277a3: push ax
0x277a4: mov al, cl
0x277a6: push ax
0x277a7: mov al, ch
0x277a9: push ax
0x277aa: push ax
0x277ab: mov ah, 0x2a
0x277ad: int 0x21
0x277af: cmp bx, dx
0x277b1: pop ax
0x277b2: je 0x277bd
0x277b4: cmp al, 0x17
0x277b6: jne 0x277bd
0x277b8: mov dx, bx
2018-12-17T22:45:37.286080858Z 44 PC: 2779f | Get time 0x2779f: xor ah, ah
0x277a1: mov al, dh
0x277a3: push ax
0x277a4: mov al, cl
0x277a6: push ax
0x277a7: mov al, ch
0x277a9: push ax
0x277aa: push ax
0x277ab: mov ah, 0x2a
0x277ad: int 0x21
0x277af: cmp bx, dx
0x277b1: pop ax
0x277b2: je 0x277bd
0x277b4: cmp al, 0x17
0x277b6: jne 0x277bd
0x277b8: mov dx, bx
0x277ba: mov cx, word ptr [bp - 2]
0x277bd: xor ah, ah
0x277bf: mov al, dl
0x277c1: push ax
2018-12-17T22:45:37.289066666Z 42 PC: 277af | Get date 0x277af: cmp bx, dx
0x277b1: pop ax
0x277b2: je 0x277bd
0x277b4: cmp al, 0x17
0x277b6: jne 0x277bd
0x277b8: mov dx, bx
0x277ba: mov cx, word ptr [bp - 2]
0x277bd: xor ah, ah
0x277bf: mov al, dl
0x277c1: push ax
0x277c2: mov al, dh
0x277c4: push ax
0x277c5: mov ax, cx
0x277c7: sub ax, 0x7bc
0x277ca: push ax
0x277cb: call 0x27968
0x277ce: add sp, 0xc
0x277d1: cmp word ptr [bp + 4], 0
0x277d5: je 0x277df
0x277d7: mov bx, word ptr [bp + 4]
2018-12-17T22:45:37.292591967Z 26 PC: 282d0 | Set disk transfer address
2018-12-17T22:45:37.293849859Z 78 PC: 282df | Find first file
2018-12-17T22:45:37.299591283Z 67 PC: 28297 | Get or set file attributes
2018-12-17T22:45:37.304388162Z 26 PC: 282d0 | Set disk transfer address
2018-12-17T22:45:37.305527231Z 79 PC: 282df | Find next file
2018-12-17T22:45:37.310923516Z 61 PC: 26b02 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:45:37.31639912Z 68 PC: 26b33 | I/O control for devices (Set for = 'A:\TEST.EXE')
2018-12-17T22:45:37.317743365Z 67 PC: 26c28 | Get or set file attributes
2018-12-17T22:45:37.322492374Z 61 PC: 26b02 | Open file (Filename = 'TEST.com')
2018-12-17T22:45:37.328188192Z 68 PC: 26b33 | I/O control for devices (Set for = 'TEST.com')
2018-12-17T22:45:37.329481881Z 64 PC: 26b58 | Write file or device (Write 0 bytes on handle 6)
2018-12-17T22:45:37.335374529Z 67 PC: 26c28 | Get or set file attributes
2018-12-17T22:45:37.340950862Z 66 PC: 26ac4 | Move file pointer
2018-12-17T22:45:37.342383032Z 66 PC: 26ac4 | Move file pointer
2018-12-17T22:45:37.343836491Z 66 PC: 26ac4 | Move file pointer
2018-12-17T22:45:37.346014372Z 66 PC: 26ac4 | Move file pointer
2018-12-17T22:45:37.347486757Z 63 PC: 26c9d | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:45:37.350028902Z 66 PC: 26ac4 | Move file pointer
2018-12-17T22:45:37.352246136Z 66 PC: 26ac4 | Move file pointer
2018-12-17T22:45:37.353802429Z 66 PC: 26ac4 | Move file pointer
2018-12-17T22:45:37.355248294Z 63 PC: 26c9d | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:45:37.361721993Z 63 PC: 26c9d | Read file or device (Read 11776 bytes on handle 5)
2018-12-17T22:45:37.36767861Z 63 PC: 26c9d | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:45:37.370741964Z 64 PC: 26e55 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:37.377902122Z 64 PC: 26e55 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:37.384183169Z 64 PC: 26e55 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:37.390280109Z 64 PC: 26e55 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:37.397141596Z 64 PC: 26e55 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:37.405824343Z 64 PC: 26e55 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:37.414535064Z 64 PC: 26e55 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:37.424309782Z 64 PC: 26e55 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:37.433522856Z 64 PC: 26e55 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:37.442303917Z 64 PC: 26e55 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:37.451914037Z 64 PC: 26e55 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:37.461152498Z 64 PC: 26e55 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:37.467621437Z 64 PC: 26e55 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:37.473908876Z 64 PC: 26e55 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:37.481234945Z 64 PC: 26e55 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:37.488860638Z 64 PC: 26e55 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:37.496319476Z 64 PC: 26e55 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:37.505157395Z 64 PC: 26e55 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:37.513941393Z 64 PC: 26e55 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:37.524731879Z 64 PC: 26e55 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:37.533191588Z 64 PC: 26e55 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:37.540994783Z 64 PC: 26e55 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:37.548641495Z 64 PC: 26e55 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:37.556495556Z 64 PC: 26e55 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:37.564026329Z 62 PC: 26a4a | Close file
2018-12-17T22:45:37.56606055Z 64 PC: 26e55 | Write file or device (Write 448 bytes on handle 6)
2018-12-17T22:45:37.5714276Z 62 PC: 26a4a | Close file
2018-12-17T22:45:37.582401732Z 41 PC: 28071 | Parse filename
2018-12-17T22:45:37.584059134Z 41 PC: 28079 | Parse filename
2018-12-17T22:45:37.586107852Z 11 PC: 280bb | Get input status
2018-12-17T22:45:37.589115661Z 75 PC: 280c9 | Execute program
2018-12-17T22:45:37.60554586Z 48 PC: 38914 | Get DOS version
2018-12-17T22:45:37.608186589Z 74 PC: 3896f | Reallocate memory
2018-12-17T22:45:37.610051972Z 48 PC: 389c8 | Get DOS version
2018-12-17T22:45:37.611573219Z 53 PC: 389d0 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:45:37.613133259Z 37 PC: 389e2 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:45:37.615260845Z 68 PC: 38a66 | I/O control for devices (Set for = '')
2018-12-17T22:45:37.616698896Z 68 PC: 38a66 | I/O control for devices (Set for = '')
2018-12-17T22:45:37.618309612Z 68 PC: 38a66 | I/O control for devices (Set for = '')
2018-12-17T22:45:37.619954711Z 68 PC: 38a66 | I/O control for devices (Set for = '')
2018-12-17T22:45:37.621618406Z 68 PC: 38a66 | I/O control for devices (Set for = '')
2018-12-17T22:45:37.62394189Z 42 PC: 3a566 | Get date 0x3a566: mov bx, dx
0x3a568: mov word ptr [bp - 2], cx
0x3a56b: mov ah, 0x2c
0x3a56d: int 0x21
0x3a56f: xor ah, ah
0x3a571: mov al, dh
0x3a573: push ax
0x3a574: mov al, cl
0x3a576: push ax
0x3a577: mov al, ch
0x3a579: push ax
0x3a57a: push ax
0x3a57b: mov ah, 0x2a
0x3a57d: int 0x21
0x3a57f: cmp bx, dx
0x3a581: pop ax
0x3a582: je 0x3a58d
0x3a584: cmp al, 0x17
0x3a586: jne 0x3a58d
0x3a588: mov dx, bx
2018-12-17T22:45:37.626590133Z 44 PC: 3a56f | Get time 0x3a56f: xor ah, ah
0x3a571: mov al, dh
0x3a573: push ax
0x3a574: mov al, cl
0x3a576: push ax
0x3a577: mov al, ch
0x3a579: push ax
0x3a57a: push ax
0x3a57b: mov ah, 0x2a
0x3a57d: int 0x21
0x3a57f: cmp bx, dx
0x3a581: pop ax
0x3a582: je 0x3a58d
0x3a584: cmp al, 0x17
0x3a586: jne 0x3a58d
0x3a588: mov dx, bx
0x3a58a: mov cx, word ptr [bp - 2]
0x3a58d: xor ah, ah
0x3a58f: mov al, dl
0x3a591: push ax
2018-12-17T22:45:37.629435448Z 42 PC: 3a57f | Get date 0x3a57f: cmp bx, dx
0x3a581: pop ax
0x3a582: je 0x3a58d
0x3a584: cmp al, 0x17
0x3a586: jne 0x3a58d
0x3a588: mov dx, bx
0x3a58a: mov cx, word ptr [bp - 2]
0x3a58d: xor ah, ah
0x3a58f: mov al, dl
0x3a591: push ax
0x3a592: mov al, dh
0x3a594: push ax
0x3a595: mov ax, cx
0x3a597: sub ax, 0x7bc
0x3a59a: push ax
0x3a59b: call 0x3a738
0x3a59e: add sp, 0xc
0x3a5a1: cmp word ptr [bp + 4], 0
0x3a5a5: je 0x3a5af
0x3a5a7: mov bx, word ptr [bp + 4]
2018-12-17T22:45:37.634479831Z 26 PC: 3b0a0 | Set disk transfer address
2018-12-17T22:45:37.636765684Z 78 PC: 3b0af | Find first file
2018-12-17T22:45:37.648016124Z 67 PC: 3b067 | Get or set file attributes
2018-12-17T22:45:37.658318985Z 61 PC: 398d2 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:45:37.666848936Z 68 PC: 39903 | I/O control for devices (Set for = 'A:\TEST.EXE')
2018-12-17T22:45:37.668595816Z 67 PC: 399f8 | Get or set file attributes
2018-12-17T22:45:37.675208506Z 61 PC: 398d2 | Open file (Filename = 'C:\DOS\ATTRIB.com')
2018-12-17T22:45:37.682850549Z 60 PC: 399a7 | Create or truncate file
2018-12-17T22:45:38.027246955Z 62 PC: 399be | Close file
2018-12-17T22:45:38.029776005Z 61 PC: 399cd | Open file (Filename = 'C:\DOS\ATTRIB.com')
2018-12-17T22:45:38.036479845Z 67 PC: 399f8 | Get or set file attributes
2018-12-17T22:45:38.042267145Z 66 PC: 39894 | Move file pointer
2018-12-17T22:45:38.043699265Z 66 PC: 39894 | Move file pointer
2018-12-17T22:45:38.046256718Z 66 PC: 39894 | Move file pointer
2018-12-17T22:45:38.050202338Z 66 PC: 39894 | Move file pointer
2018-12-17T22:45:38.052427778Z 63 PC: 39a6d | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:45:38.05809914Z 66 PC: 39894 | Move file pointer
2018-12-17T22:45:38.060144922Z 66 PC: 39894 | Move file pointer
2018-12-17T22:45:38.062205161Z 66 PC: 39894 | Move file pointer
2018-12-17T22:45:38.065151355Z 63 PC: 39a6d | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:45:38.074172908Z 63 PC: 39a6d | Read file or device (Read 11776 bytes on handle 5)
2018-12-17T22:45:38.082503384Z 63 PC: 39a6d | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:45:38.087941458Z 64 PC: 39c25 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:38.354665474Z 64 PC: 39c25 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:38.37733476Z 64 PC: 39c25 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:38.394557737Z 64 PC: 39c25 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:38.402719426Z 64 PC: 39c25 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:38.411575379Z 64 PC: 39c25 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:38.419540479Z 64 PC: 39c25 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:38.428478015Z 64 PC: 39c25 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:38.436189728Z 64 PC: 39c25 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:38.445355202Z 64 PC: 39c25 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:38.454985049Z 64 PC: 39c25 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:38.462748038Z 64 PC: 39c25 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:38.470429966Z 64 PC: 39c25 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:38.479823268Z 64 PC: 39c25 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:38.488567672Z 64 PC: 39c25 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:38.496387819Z 64 PC: 39c25 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:38.505061579Z 64 PC: 39c25 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:38.518629682Z 64 PC: 39c25 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:38.526371483Z 64 PC: 39c25 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:38.535564168Z 64 PC: 39c25 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:38.543291631Z 64 PC: 39c25 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:38.551470623Z 64 PC: 39c25 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:38.559944488Z 64 PC: 39c25 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:38.568030033Z 64 PC: 39c25 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:38.583494177Z 62 PC: 3981a | Close file
2018-12-17T22:45:38.587247998Z 64 PC: 39c25 | Write file or device (Write 448 bytes on handle 6)
2018-12-17T22:45:38.591882842Z 62 PC: 3981a | Close file
2018-12-17T22:45:38.602866471Z 41 PC: 3ae41 | Parse filename
2018-12-17T22:45:38.604908206Z 41 PC: 3ae49 | Parse filename
2018-12-17T22:45:38.607736568Z 11 PC: 3ae8b | Get input status
2018-12-17T22:45:38.61077751Z 75 PC: 3ae99 | Execute program
2018-12-17T22:45:38.627289291Z 48 PC: 4b6e4 | Get DOS version
2018-12-17T22:45:38.629672497Z 74 PC: 4b73f | Reallocate memory
2018-12-17T22:45:38.631334779Z 48 PC: 4b798 | Get DOS version
2018-12-17T22:45:38.632978186Z 53 PC: 4b7a0 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:45:38.635645645Z 37 PC: 4b7b2 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:45:38.637279865Z 68 PC: 4b836 | I/O control for devices (Set for = '')
2018-12-17T22:45:38.63900265Z 68 PC: 4b836 | I/O control for devices (Set for = '')
2018-12-17T22:45:38.641765789Z 68 PC: 4b836 | I/O control for devices (Set for = '')
2018-12-17T22:45:38.643402333Z 68 PC: 4b836 | I/O control for devices (Set for = '')
2018-12-17T22:45:38.645285691Z 68 PC: 4b836 | I/O control for devices (Set for = '')
2018-12-17T22:45:38.648688932Z 42 PC: 4d336 | Get date 0x4d336: mov bx, dx
0x4d338: mov word ptr [bp - 2], cx
0x4d33b: mov ah, 0x2c
0x4d33d: int 0x21
0x4d33f: xor ah, ah
0x4d341: mov al, dh
0x4d343: push ax
0x4d344: mov al, cl
0x4d346: push ax
0x4d347: mov al, ch
0x4d349: push ax
0x4d34a: push ax
0x4d34b: mov ah, 0x2a
0x4d34d: int 0x21
0x4d34f: cmp bx, dx
0x4d351: pop ax
0x4d352: je 0x4d35d
0x4d354: cmp al, 0x17
0x4d356: jne 0x4d35d
0x4d358: mov dx, bx
2018-12-17T22:45:38.651192775Z 44 PC: 4d33f | Get time 0x4d33f: xor ah, ah
0x4d341: mov al, dh
0x4d343: push ax
0x4d344: mov al, cl
0x4d346: push ax
0x4d347: mov al, ch
0x4d349: push ax
0x4d34a: push ax
0x4d34b: mov ah, 0x2a
0x4d34d: int 0x21
0x4d34f: cmp bx, dx
0x4d351: pop ax
0x4d352: je 0x4d35d
0x4d354: cmp al, 0x17
0x4d356: jne 0x4d35d
0x4d358: mov dx, bx
0x4d35a: mov cx, word ptr [bp - 2]
0x4d35d: xor ah, ah
0x4d35f: mov al, dl
0x4d361: push ax
2018-12-17T22:45:38.653718228Z 42 PC: 4d34f | Get date 0x4d34f: cmp bx, dx
0x4d351: pop ax
0x4d352: je 0x4d35d
0x4d354: cmp al, 0x17
0x4d356: jne 0x4d35d
0x4d358: mov dx, bx
0x4d35a: mov cx, word ptr [bp - 2]
0x4d35d: xor ah, ah
0x4d35f: mov al, dl
0x4d361: push ax
0x4d362: mov al, dh
0x4d364: push ax
0x4d365: mov ax, cx
0x4d367: sub ax, 0x7bc
0x4d36a: push ax
0x4d36b: call 0x4d508
0x4d36e: add sp, 0xc
0x4d371: cmp word ptr [bp + 4], 0
0x4d375: je 0x4d37f
0x4d377: mov bx, word ptr [bp + 4]
2018-12-17T22:45:38.660763661Z 26 PC: 4de70 | Set disk transfer address
2018-12-17T22:45:38.66234502Z 78 PC: 4de7f | Find first file
2018-12-17T22:45:38.670434424Z 67 PC: 4de37 | Get or set file attributes
2018-12-17T22:45:38.678570314Z 26 PC: 4de70 | Set disk transfer address
2018-12-17T22:45:38.679990191Z 79 PC: 4de7f | Find next file
2018-12-17T22:45:38.684146998Z 67 PC: 4de37 | Get or set file attributes
2018-12-17T22:45:38.693692005Z 61 PC: 4c6a2 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:45:38.701331803Z 68 PC: 4c6d3 | I/O control for devices (Set for = 'A:\TEST.EXE')
2018-12-17T22:45:38.703411549Z 67 PC: 4c7c8 | Get or set file attributes
2018-12-17T22:45:38.711393661Z 61 PC: 4c6a2 | Open file (Filename = 'C:\DOS\CHKDSK.com')
2018-12-17T22:45:38.719215942Z 60 PC: 4c777 | Create or truncate file
2018-12-17T22:45:38.733793912Z 62 PC: 4c78e | Close file
2018-12-17T22:45:38.736759451Z 61 PC: 4c79d | Open file (Filename = 'C:\DOS\CHKDSK.com')
2018-12-17T22:45:38.74492073Z 67 PC: 4c7c8 | Get or set file attributes
2018-12-17T22:45:38.75223694Z 66 PC: 4c664 | Move file pointer
2018-12-17T22:45:38.754949926Z 66 PC: 4c664 | Move file pointer
2018-12-17T22:45:38.756930916Z 66 PC: 4c664 | Move file pointer
2018-12-17T22:45:38.759189829Z 66 PC: 4c664 | Move file pointer
2018-12-17T22:45:38.761855656Z 63 PC: 4c83d | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:45:38.765824259Z 66 PC: 4c664 | Move file pointer
2018-12-17T22:45:38.767918863Z 66 PC: 4c664 | Move file pointer
2018-12-17T22:45:38.77138873Z 66 PC: 4c664 | Move file pointer
2018-12-17T22:45:38.777817274Z 63 PC: 4c83d | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:45:38.79977825Z 63 PC: 4c83d | Read file or device (Read 11776 bytes on handle 5)
2018-12-17T22:45:38.808459434Z 63 PC: 4c83d | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:45:38.813737547Z 64 PC: 4c9f5 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:38.821313817Z 64 PC: 4c9f5 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:38.828284819Z 64 PC: 4c9f5 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:38.833743902Z 64 PC: 4c9f5 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:38.839154785Z 64 PC: 4c9f5 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:38.844808744Z 64 PC: 4c9f5 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:38.850514179Z 64 PC: 4c9f5 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:38.855803934Z 64 PC: 4c9f5 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:38.862064823Z 64 PC: 4c9f5 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:38.867979722Z 64 PC: 4c9f5 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:38.873500581Z 64 PC: 4c9f5 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:38.878942582Z 64 PC: 4c9f5 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:38.884593345Z 64 PC: 4c9f5 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:38.890167725Z 64 PC: 4c9f5 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:38.896163635Z 64 PC: 4c9f5 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:38.904038967Z 64 PC: 4c9f5 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:38.911176211Z 64 PC: 4c9f5 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:38.918862016Z 64 PC: 4c9f5 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:38.927808549Z 64 PC: 4c9f5 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:38.934972274Z 64 PC: 4c9f5 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:38.942120279Z 64 PC: 4c9f5 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:38.950375664Z 64 PC: 4c9f5 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:38.957803534Z 64 PC: 4c9f5 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:38.96481901Z 64 PC: 4c9f5 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:38.973160838Z 62 PC: 4c5ea | Close file
2018-12-17T22:45:38.975585501Z 64 PC: 4c9f5 | Write file or device (Write 448 bytes on handle 6)
2018-12-17T22:45:38.980160644Z 62 PC: 4c5ea | Close file
2018-12-17T22:45:38.991665411Z 41 PC: 4dc11 | Parse filename
2018-12-17T22:45:38.993199723Z 41 PC: 4dc19 | Parse filename
2018-12-17T22:45:38.994730969Z 11 PC: 4dc5b | Get input status
2018-12-17T22:45:38.998221756Z 75 PC: 4dc69 | Execute program
2018-12-17T22:45:39.01589064Z 48 PC: 5e4b4 | Get DOS version
2018-12-17T22:45:39.017756985Z 74 PC: 5e50f | Reallocate memory
2018-12-17T22:45:39.019951778Z 48 PC: 5e568 | Get DOS version
2018-12-17T22:45:39.021037777Z 53 PC: 5e570 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:45:39.022258871Z 37 PC: 5e582 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:45:39.02438828Z 68 PC: 5e606 | I/O control for devices (Set for = '')
2018-12-17T22:45:39.025968618Z 68 PC: 5e606 | I/O control for devices (Set for = '')
2018-12-17T22:45:39.027804085Z 68 PC: 5e606 | I/O control for devices (Set for = '')
2018-12-17T22:45:39.030740691Z 68 PC: 5e606 | I/O control for devices (Set for = '')
2018-12-17T22:45:39.03258275Z 68 PC: 5e606 | I/O control for devices (Set for = '')
2018-12-17T22:45:39.035089258Z 42 PC: 60106 | Get date 0x60106: mov bx, dx
0x60108: mov word ptr [bp - 2], cx
0x6010b: mov ah, 0x2c
0x6010d: int 0x21
0x6010f: xor ah, ah
0x60111: mov al, dh
0x60113: push ax
0x60114: mov al, cl
0x60116: push ax
0x60117: mov al, ch
0x60119: push ax
0x6011a: push ax
0x6011b: mov ah, 0x2a
0x6011d: int 0x21
0x6011f: cmp bx, dx
0x60121: pop ax
0x60122: je 0x6012d
0x60124: cmp al, 0x17
0x60126: jne 0x6012d
0x60128: mov dx, bx
2018-12-17T22:45:39.038747789Z 44 PC: 6010f | Get time 0x6010f: xor ah, ah
0x60111: mov al, dh
0x60113: push ax
0x60114: mov al, cl
0x60116: push ax
0x60117: mov al, ch
0x60119: push ax
0x6011a: push ax
0x6011b: mov ah, 0x2a
0x6011d: int 0x21
0x6011f: cmp bx, dx
0x60121: pop ax
0x60122: je 0x6012d
0x60124: cmp al, 0x17
0x60126: jne 0x6012d
0x60128: mov dx, bx
0x6012a: mov cx, word ptr [bp - 2]
0x6012d: xor ah, ah
0x6012f: mov al, dl
0x60131: push ax
2018-12-17T22:45:39.04171421Z 42 PC: 6011f | Get date 0x6011f: cmp bx, dx
0x60121: pop ax
0x60122: je 0x6012d
0x60124: cmp al, 0x17
0x60126: jne 0x6012d
0x60128: mov dx, bx
0x6012a: mov cx, word ptr [bp - 2]
0x6012d: xor ah, ah
0x6012f: mov al, dl
0x60131: push ax
0x60132: mov al, dh
0x60134: push ax
0x60135: mov ax, cx
0x60137: sub ax, 0x7bc
0x6013a: push ax
0x6013b: call 0x602d8
0x6013e: add sp, 0xc
0x60141: cmp word ptr [bp + 4], 0
0x60145: je 0x6014f
0x60147: mov bx, word ptr [bp + 4]
2018-12-17T22:45:39.047189404Z 26 PC: 60c40 | Set disk transfer address
2018-12-17T22:45:39.049996816Z 78 PC: 60c4f | Find first file
2018-12-17T22:45:39.058227555Z 67 PC: 60c07 | Get or set file attributes
2018-12-17T22:45:39.066225316Z 26 PC: 60c40 | Set disk transfer address
2018-12-17T22:45:39.069009215Z 79 PC: 60c4f | Find next file
2018-12-17T22:45:39.081721249Z 67 PC: 60c07 | Get or set file attributes
2018-12-17T22:45:39.104741514Z 26 PC: 60c40 | Set disk transfer address
2018-12-17T22:45:39.107637454Z 79 PC: 60c4f | Find next file
2018-12-17T22:45:39.110536118Z 61 PC: 5f472 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:45:39.118158754Z 68 PC: 5f4a3 | I/O control for devices (Set for = 'A:\TEST.EXE')
2018-12-17T22:45:39.121155493Z 67 PC: 5f598 | Get or set file attributes
2018-12-17T22:45:39.128175757Z 61 PC: 5f472 | Open file (Filename = 'C:\DOS\CHKDSK.com')
2018-12-17T22:45:39.135920303Z 68 PC: 5f4a3 | I/O control for devices (Set for = 'C:\DOS\CHKDSK.com')
2018-12-17T22:45:39.138738195Z 64 PC: 5f4c8 | Write file or device (Write 0 bytes on handle 6)
2018-12-17T22:45:39.147484102Z 67 PC: 5f598 | Get or set file attributes
2018-12-17T22:45:39.15519862Z 66 PC: 5f434 | Move file pointer
2018-12-17T22:45:39.157721659Z 66 PC: 5f434 | Move file pointer
2018-12-17T22:45:39.15953239Z 66 PC: 5f434 | Move file pointer
2018-12-17T22:45:39.161579885Z 66 PC: 5f434 | Move file pointer
2018-12-17T22:45:39.163942933Z 63 PC: 5f60d | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:45:39.167377404Z 66 PC: 5f434 | Move file pointer
2018-12-17T22:45:39.169497857Z 66 PC: 5f434 | Move file pointer
2018-12-17T22:45:39.172512428Z 66 PC: 5f434 | Move file pointer
2018-12-17T22:45:39.174330162Z 63 PC: 5f60d | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:45:39.182670306Z 63 PC: 5f60d | Read file or device (Read 11776 bytes on handle 5)
2018-12-17T22:45:39.19154809Z 63 PC: 5f60d | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:45:39.196103035Z 64 PC: 5f7c5 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:39.204160829Z 64 PC: 5f7c5 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:39.21377767Z 64 PC: 5f7c5 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:39.221596595Z 64 PC: 5f7c5 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:39.229196349Z 64 PC: 5f7c5 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:39.238257607Z 64 PC: 5f7c5 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:39.245734259Z 64 PC: 5f7c5 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:39.253133246Z 64 PC: 5f7c5 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:39.26171879Z 64 PC: 5f7c5 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:39.269627184Z 64 PC: 5f7c5 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:39.278664908Z 64 PC: 5f7c5 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:39.286374808Z 64 PC: 5f7c5 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:39.294194645Z 64 PC: 5f7c5 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:39.302058134Z 64 PC: 5f7c5 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:39.309929728Z 64 PC: 5f7c5 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:39.316915278Z 64 PC: 5f7c5 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:39.324800768Z 64 PC: 5f7c5 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:39.333098772Z 64 PC: 5f7c5 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:39.340613096Z 64 PC: 5f7c5 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:39.349616035Z 64 PC: 5f7c5 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:39.358467358Z 64 PC: 5f7c5 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:39.366482602Z 64 PC: 5f7c5 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:39.374268836Z 64 PC: 5f7c5 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:39.382129549Z 64 PC: 5f7c5 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:39.389568691Z 62 PC: 5f3ba | Close file
2018-12-17T22:45:39.39242201Z 64 PC: 5f7c5 | Write file or device (Write 448 bytes on handle 6)
2018-12-17T22:45:39.396469091Z 62 PC: 5f3ba | Close file
2018-12-17T22:45:39.406157728Z 41 PC: 609e1 | Parse filename
2018-12-17T22:45:39.408254075Z 41 PC: 609e9 | Parse filename
2018-12-17T22:45:39.409658734Z 11 PC: 60a2b | Get input status
2018-12-17T22:45:39.412194917Z 75 PC: 60a39 | Execute program
2018-12-17T22:45:39.424420808Z 48 PC: 71284 | Get DOS version
2018-12-17T22:45:39.425659946Z 74 PC: 712df | Reallocate memory
2018-12-17T22:45:39.426958815Z 48 PC: 71338 | Get DOS version
2018-12-17T22:45:39.428996302Z 53 PC: 71340 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:45:39.430167762Z 37 PC: 71352 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:45:39.431688057Z 68 PC: 713d6 | I/O control for devices (Set for = '')
2018-12-17T22:45:39.433519507Z 68 PC: 713d6 | I/O control for devices (Set for = '')
2018-12-17T22:45:39.434816473Z 68 PC: 713d6 | I/O control for devices (Set for = '')
2018-12-17T22:45:39.436251318Z 68 PC: 713d6 | I/O control for devices (Set for = '')
2018-12-17T22:45:39.438038835Z 68 PC: 713d6 | I/O control for devices (Set for = '')
2018-12-17T22:45:39.439930979Z 42 PC: 72ed6 | Get date 0x72ed6: mov bx, dx
0x72ed8: mov word ptr [bp - 2], cx
0x72edb: mov ah, 0x2c
0x72edd: int 0x21
0x72edf: xor ah, ah
0x72ee1: mov al, dh
0x72ee3: push ax
0x72ee4: mov al, cl
0x72ee6: push ax
0x72ee7: mov al, ch
0x72ee9: push ax
0x72eea: push ax
0x72eeb: mov ah, 0x2a
0x72eed: int 0x21
0x72eef: cmp bx, dx
0x72ef1: pop ax
0x72ef2: je 0x72efd
0x72ef4: cmp al, 0x17
0x72ef6: jne 0x72efd
0x72ef8: mov dx, bx
2018-12-17T22:45:39.441884568Z 44 PC: 72edf | Get time 0x72edf: xor ah, ah
0x72ee1: mov al, dh
0x72ee3: push ax
0x72ee4: mov al, cl
0x72ee6: push ax
0x72ee7: mov al, ch
0x72ee9: push ax
0x72eea: push ax
0x72eeb: mov ah, 0x2a
0x72eed: int 0x21
0x72eef: cmp bx, dx
0x72ef1: pop ax
0x72ef2: je 0x72efd
0x72ef4: cmp al, 0x17
0x72ef6: jne 0x72efd
0x72ef8: mov dx, bx
0x72efa: mov cx, word ptr [bp - 2]
0x72efd: xor ah, ah
0x72eff: mov al, dl
0x72f01: push ax
2018-12-17T22:45:39.449283584Z 42 PC: 72eef | Get date 0x72eef: cmp bx, dx
0x72ef1: pop ax
0x72ef2: je 0x72efd
0x72ef4: cmp al, 0x17
0x72ef6: jne 0x72efd
0x72ef8: mov dx, bx
0x72efa: mov cx, word ptr [bp - 2]
0x72efd: xor ah, ah
0x72eff: mov al, dl
0x72f01: push ax
0x72f02: mov al, dh
0x72f04: push ax
0x72f05: mov ax, cx
0x72f07: sub ax, 0x7bc
0x72f0a: push ax
0x72f0b: call 0x730a8
0x72f0e: add sp, 0xc
0x72f11: cmp word ptr [bp + 4], 0
0x72f15: je 0x72f1f
0x72f17: mov bx, word ptr [bp + 4]
2018-12-17T22:45:39.452852187Z 26 PC: 73a10 | Set disk transfer address
2018-12-17T22:45:39.45445113Z 78 PC: 73a1f | Find first file
2018-12-17T22:45:39.460080482Z 67 PC: 739d7 | Get or set file attributes
2018-12-17T22:45:39.464839611Z 26 PC: 73a10 | Set disk transfer address
2018-12-17T22:45:39.466504067Z 79 PC: 73a1f | Find next file
2018-12-17T22:45:39.472950204Z 61 PC: 72242 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:45:39.478212998Z 68 PC: 72273 | I/O control for devices (Set for = 'A:\TEST.EXE')
2018-12-17T22:45:39.479911698Z 67 PC: 72368 | Get or set file attributes
2018-12-17T22:45:39.485180474Z 61 PC: 72242 | Open file (Filename = 'TEST.com')
2018-12-17T22:45:39.494725851Z 68 PC: 72273 | I/O control for devices (Set for = 'TEST.com')
2018-12-17T22:45:39.506035522Z 64 PC: 72298 | Write file or device (Write 0 bytes on handle 6)
2018-12-17T22:45:39.514080001Z 67 PC: 72368 | Get or set file attributes
2018-12-17T22:45:39.520890603Z 66 PC: 72204 | Move file pointer
2018-12-17T22:45:39.52373779Z 66 PC: 72204 | Move file pointer
2018-12-17T22:45:39.525444546Z 66 PC: 72204 | Move file pointer
2018-12-17T22:45:39.527411069Z 66 PC: 72204 | Move file pointer
2018-12-17T22:45:39.529948124Z 63 PC: 723dd | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:45:39.537451426Z 66 PC: 72204 | Move file pointer
2018-12-17T22:45:39.539324794Z 66 PC: 72204 | Move file pointer
2018-12-17T22:45:39.542075551Z 66 PC: 72204 | Move file pointer
2018-12-17T22:45:39.543823514Z 63 PC: 723dd | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:45:39.551679949Z 63 PC: 723dd | Read file or device (Read 11776 bytes on handle 5)
2018-12-17T22:45:39.560542785Z 63 PC: 723dd | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:45:39.564630432Z 64 PC: 72595 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:39.573232047Z 64 PC: 72595 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:39.582580085Z 64 PC: 72595 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:39.590880223Z 64 PC: 72595 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:39.599557951Z 64 PC: 72595 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:39.608676928Z 64 PC: 72595 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:39.617171693Z 64 PC: 72595 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:39.625734334Z 64 PC: 72595 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:39.635894967Z 64 PC: 72595 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:39.645765005Z 64 PC: 72595 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:39.65391908Z 64 PC: 72595 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:39.66348717Z 64 PC: 72595 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:39.67189494Z 64 PC: 72595 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:39.680149334Z 64 PC: 72595 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:39.689125883Z 64 PC: 72595 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:39.697791828Z 64 PC: 72595 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:39.706073272Z 64 PC: 72595 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:39.714695827Z 64 PC: 72595 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:39.723247348Z 64 PC: 72595 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:39.732728835Z 64 PC: 72595 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:39.741949523Z 64 PC: 72595 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:39.750718823Z 64 PC: 72595 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:39.760299747Z 64 PC: 72595 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:39.767232158Z 64 PC: 72595 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:39.773696909Z 62 PC: 7218a | Close file
2018-12-17T22:45:39.775905407Z 64 PC: 72595 | Write file or device (Write 448 bytes on handle 6)
2018-12-17T22:45:39.779406403Z 62 PC: 7218a | Close file
2018-12-17T22:45:39.787154675Z 41 PC: 737b1 | Parse filename
2018-12-17T22:45:39.789078528Z 41 PC: 737b9 | Parse filename
2018-12-17T22:45:39.790284523Z 11 PC: 737fb | Get input status
2018-12-17T22:45:39.792350323Z 75 PC: 73809 | Execute program
2018-12-17T22:45:39.808478935Z 48 PC: 84054 | Get DOS version
2018-12-17T22:45:39.810724813Z 74 PC: 840af | Reallocate memory
2018-12-17T22:45:39.812632356Z 48 PC: 84108 | Get DOS version
2018-12-17T22:45:39.815101283Z 53 PC: 84110 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:45:39.817049321Z 37 PC: 84122 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:45:39.818727974Z 68 PC: 841a6 | I/O control for devices (Set for = '')
2018-12-17T22:45:39.821303731Z 68 PC: 841a6 | I/O control for devices (Set for = '/F')
2018-12-17T22:45:39.826114948Z 68 PC: 841a6 | I/O control for devices (Set for = '�Xt��p')
2018-12-17T22:45:39.834090216Z 68 PC: 841a6 | I/O control for devices (Set for = '������  Internal stack overflow System halted $�')
2018-12-17T22:45:39.836085193Z 68 PC: 841a6 | I/O control for devices (Set for = '������  Internal stack overflow System halted $�')
2018-12-17T22:45:39.838036929Z 42 PC: 85ca6 | Get date 0x85ca6: mov bx, dx
0x85ca8: mov word ptr [bp - 2], cx
0x85cab: mov ah, 0x2c
0x85cad: int 0x21
0x85caf: xor ah, ah
0x85cb1: mov al, dh
0x85cb3: push ax
0x85cb4: mov al, cl
0x85cb6: push ax
0x85cb7: mov al, ch
0x85cb9: push ax
0x85cba: push ax
0x85cbb: mov ah, 0x2a
0x85cbd: int 0x21
0x85cbf: cmp bx, dx
0x85cc1: pop ax
0x85cc2: je 0x85ccd
0x85cc4: cmp al, 0x17
0x85cc6: jne 0x85ccd
0x85cc8: mov dx, bx
2018-12-17T22:45:39.840290692Z 44 PC: 85caf | Get time 0x85caf: xor ah, ah
0x85cb1: mov al, dh
0x85cb3: push ax
0x85cb4: mov al, cl
0x85cb6: push ax
0x85cb7: mov al, ch
0x85cb9: push ax
0x85cba: push ax
0x85cbb: mov ah, 0x2a
0x85cbd: int 0x21
0x85cbf: cmp bx, dx
0x85cc1: pop ax
0x85cc2: je 0x85ccd
0x85cc4: cmp al, 0x17
0x85cc6: jne 0x85ccd
0x85cc8: mov dx, bx
0x85cca: mov cx, word ptr [bp - 2]
0x85ccd: xor ah, ah
0x85ccf: mov al, dl
0x85cd1: push ax
2018-12-17T22:45:39.843836972Z 42 PC: 85cbf | Get date 0x85cbf: cmp bx, dx
0x85cc1: pop ax
0x85cc2: je 0x85ccd
0x85cc4: cmp al, 0x17
0x85cc6: jne 0x85ccd
0x85cc8: mov dx, bx
0x85cca: mov cx, word ptr [bp - 2]
0x85ccd: xor ah, ah
0x85ccf: mov al, dl
0x85cd1: push ax
0x85cd2: mov al, dh
0x85cd4: push ax
0x85cd5: mov ax, cx
0x85cd7: sub ax, 0x7bc
0x85cda: push ax
0x85cdb: call 0x85e78
0x85cde: add sp, 0xc
0x85ce1: cmp word ptr [bp + 4], 0
0x85ce5: je 0x85cef
0x85ce7: mov bx, word ptr [bp + 4]
2018-12-17T22:45:39.848766721Z 26 PC: 867e0 | Set disk transfer address
2018-12-17T22:45:39.850204331Z 78 PC: 867ef | Find first file
2018-12-17T22:45:39.858411225Z 67 PC: 867a7 | Get or set file attributes
2018-12-17T22:45:39.864596051Z 26 PC: 867e0 | Set disk transfer address
2018-12-17T22:45:39.866275335Z 79 PC: 867ef | Find next file
2018-12-17T22:45:39.874174801Z 61 PC: 85012 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:45:39.881411923Z 68 PC: 85043 | I/O control for devices (Set for = 'A:\TEST.EXE')
2018-12-17T22:45:39.88357705Z 67 PC: 85138 | Get or set file attributes
2018-12-17T22:45:39.890157709Z 61 PC: 85012 | Open file (Filename = 'TEST.com')
2018-12-17T22:45:39.897617831Z 68 PC: 85043 | I/O control for devices (Set for = 'TEST.com')
2018-12-17T22:45:39.900098019Z 64 PC: 85068 | Write file or device (Write 0 bytes on handle 6)
2018-12-17T22:45:40.151727104Z 67 PC: 85138 | Get or set file attributes
2018-12-17T22:45:40.159095353Z 66 PC: 84fd4 | Move file pointer
2018-12-17T22:45:40.162095467Z 66 PC: 84fd4 | Move file pointer
2018-12-17T22:45:40.164572971Z 66 PC: 84fd4 | Move file pointer
2018-12-17T22:45:40.166926842Z 66 PC: 84fd4 | Move file pointer
2018-12-17T22:45:40.17031225Z 63 PC: 851ad | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:45:40.17406641Z 66 PC: 84fd4 | Move file pointer
2018-12-17T22:45:40.176330383Z 66 PC: 84fd4 | Move file pointer
2018-12-17T22:45:40.182529105Z 66 PC: 84fd4 | Move file pointer
2018-12-17T22:45:40.184732252Z 63 PC: 851ad | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:45:40.193419859Z 63 PC: 851ad | Read file or device (Read 11776 bytes on handle 5)
2018-12-17T22:45:40.202548765Z 63 PC: 851ad | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:45:40.206993132Z 64 PC: 85365 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:40.216155029Z 64 PC: 85365 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:40.225468161Z 64 PC: 85365 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:40.233973264Z 64 PC: 85365 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:40.242521639Z 64 PC: 85365 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:40.252130466Z 64 PC: 85365 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:40.260921247Z 64 PC: 85365 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:40.27049655Z 64 PC: 85365 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:40.282985026Z 64 PC: 85365 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:40.291653737Z 64 PC: 85365 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:40.301241284Z 64 PC: 85365 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:40.310118006Z 64 PC: 85365 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:40.318704752Z 64 PC: 85365 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:40.328190167Z 64 PC: 85365 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:40.337033777Z 64 PC: 85365 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:40.346077483Z 64 PC: 85365 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:40.355588926Z 64 PC: 85365 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:40.364458544Z 64 PC: 85365 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:40.373176598Z 64 PC: 85365 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:40.382815391Z 64 PC: 85365 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:40.391398101Z 64 PC: 85365 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:40.400053667Z 64 PC: 85365 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:40.410295102Z 64 PC: 85365 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:40.422813413Z 64 PC: 85365 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:45:40.431455835Z 62 PC: 84f5a | Close file
2018-12-17T22:45:40.435012355Z 64 PC: 85365 | Write file or device (Write 448 bytes on handle 6)
2018-12-17T22:45:40.43945074Z 62 PC: 84f5a | Close file
2018-12-17T22:45:40.450574503Z 41 PC: 86581 | Parse filename
2018-12-17T22:45:40.453252532Z 41 PC: 86589 | Parse filename
2018-12-17T22:45:40.455082539Z 11 PC: 865cb | Get input status
2018-12-17T22:45:40.458834396Z 75 PC: 865d9 | Execute program
2018-12-17T22:45:40.469187721Z 48 PC: 865e0 | Get DOS version
2018-12-17T22:45:40.471876912Z 64 PC: 85314 | Write file or device (Write 12 bytes on handle 2)
2018-12-17T22:45:40.479589076Z 65 PC: 867c6 | Delete file (Filename = 'A:\TEST.EXE')
2018-12-17T22:45:40.492146371Z 37 PC: 8423b | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:45:40.493753489Z 76 PC: 84224 | Terminate with return code (Return code = '255')
2018-12-17T22:45:40.498039228Z 48 PC: 73810 | Get DOS version
2018-12-17T22:45:40.499979602Z 77 PC: 7384a | Get program return code
2018-12-17T22:45:40.502861034Z 64 PC: 72544 | Write file or device (Write 12 bytes on handle 2)
2018-12-17T22:45:40.509911526Z 65 PC: 739f6 | Delete file (Filename = 'A:\TEST.EXE')
2018-12-17T22:45:40.517369984Z 37 PC: 7146b | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:45:40.518971993Z 76 PC: 71454 | Terminate with return code (Return code = '255')
2018-12-17T22:45:40.523406011Z 48 PC: 60a40 | Get DOS version
2018-12-17T22:45:40.52502442Z 77 PC: 60a7a | Get program return code
2018-12-17T22:45:40.527275528Z 37 PC: 5e69b | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:45:40.529854622Z 76 PC: 5e684 | Terminate with return code (Return code = '255')
2018-12-17T22:45:40.533272842Z 48 PC: 4dc70 | Get DOS version
2018-12-17T22:45:40.534896732Z 77 PC: 4dcaa | Get program return code
2018-12-17T22:45:40.5381062Z 37 PC: 4b8cb | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:45:40.539652584Z 76 PC: 4b8b4 | Terminate with return code (Return code = '255')
2018-12-17T22:45:40.543290617Z 48 PC: 3aea0 | Get DOS version
2018-12-17T22:45:40.54567242Z 77 PC: 3aeda | Get program return code
2018-12-17T22:45:40.54871808Z 37 PC: 38afb | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:45:40.550736491Z 76 PC: 38ae4 | Terminate with return code (Return code = '255')
2018-12-17T22:45:40.553930971Z 48 PC: 280d0 | Get DOS version
2018-12-17T22:45:40.555502863Z 77 PC: 2810a | Get program return code
2018-12-17T22:45:40.558597846Z 37 PC: 25d2b | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:45:40.560311454Z 76 PC: 25d14 | Terminate with return code (Return code = '255')
2018-12-17T22:45:40.563759691Z 48 PC: 15300 | Get DOS version
2018-12-17T22:45:40.565991903Z 77 PC: 1533a | Get program return code
2018-12-17T22:45:40.568088521Z 37 PC: 12f5b | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:45:40.569694357Z 76 PC: 12f44 | Terminate with return code (Return code = '255')