Sample viewer

vx.netlux.org/Virus.DOS.Verwolf.3502

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:46:25.05553147Z 44 PC: 1c6d6 | Get time 0x1c6d6: xor al, al
0x1c6d8: mov ah, ch
0x1c6da: add ah, cl
0x1c6dc: add ah, dh
0x1c6de: add ah, dl
0x1c6e0: mov word ptr [0xdd5], ax
0x1c6e3: xor ax, ax
0x1c6e5: mov es, ax
0x1c6e7: mov ax, word ptr es:[0x90]
0x1c6eb: mov word ptr [0xe67], ax
0x1c6ee: mov ax, word ptr es:[0x92]
0x1c6f2: mov word ptr [0xe69], ax
0x1c6f5: mov word ptr es:[0x92], cs
0x1c6fa: mov word ptr es:[0x90], 0x907
0x1c701: mov word ptr [0xe90], 0
0x1c707: mov ah, 0x19
0x1c709: int 0x21
0x1c70b: mov byte ptr [0xe76], al
0x1c70e: mov dl, al
0x1c710: call 0x1ced2
2018-12-17T22:46:25.059542013Z 25 PC: 1c70b | Get default drive
2018-12-17T22:46:25.06627104Z 82 PC: 1c734 | Get DOS internal pointers (SYSVARS)
2018-12-17T22:46:25.071486646Z 14 PC: 1c74d | Set default drive (Drive = 'C')
2018-12-17T22:46:25.085661328Z 54 PC: 1c7fb | Get free disk space
2018-12-17T22:46:25.147606911Z 42 PC: 1c814 | Get date 0x1c814: mov word ptr [0xdd3], cx
0x1c818: sub dx, 0x101
0x1c81c: mov cl, dl
0x1c81e: mov al, dh
0x1c820: mov bl, 0x1f
0x1c822: mul bl
0x1c824: xor ch, ch
0x1c826: add ax, cx
0x1c828: add ax, word ptr [0xd09]
0x1c82c: xor dx, dx
0x1c82e: mov bx, 0x174
0x1c831: div bx
0x1c833: add word ptr [0xdd3], ax
0x1c837: mov ax, dx
0x1c839: mov bl, 0x1f
0x1c83b: div bl
0x1c83d: xchg al, ah
0x1c83f: add ax, 0x101
0x1c842: mov word ptr [0xdd1], ax
0x1c845: mov ah, 0x1a
2018-12-17T22:46:25.150469196Z 26 PC: 1c84c | Set disk transfer address
2018-12-17T22:46:25.158237346Z 71 PC: 1c85d | Get current directory
2018-12-17T22:46:25.161817109Z 59 PC: 1c869 | Change current directory
2018-12-17T22:46:25.166781683Z 78 PC: 1cf1e | Find first file
2018-12-17T22:46:25.17956937Z 79 PC: 1cf2e | Find next file
2018-12-17T22:46:25.193895427Z 79 PC: 1cf2e | Find next file
2018-12-17T22:46:25.196882637Z 78 PC: 1cf1e | Find first file
2018-12-17T22:46:25.203267088Z 78 PC: 1cf1e | Find first file
2018-12-17T22:46:25.210671274Z 79 PC: 1cf2e | Find next file
2018-12-17T22:46:25.213726633Z 71 PC: 1c89d | Get current directory
2018-12-17T22:46:25.216666274Z 59 PC: 1c8bf | Change current directory
2018-12-17T22:46:25.227546679Z 78 PC: 1cf1e | Find first file
2018-12-17T22:46:25.236675875Z 79 PC: 1cf2e | Find next file
2018-12-17T22:46:25.240163605Z 79 PC: 1cf2e | Find next file
2018-12-17T22:46:25.244660681Z 79 PC: 1cf2e | Find next file
2018-12-17T22:46:25.252826478Z 79 PC: 1cf2e | Find next file
2018-12-17T22:46:25.259508076Z 78 PC: 1cf1e | Find first file
2018-12-17T22:46:25.266429306Z 79 PC: 1cf2e | Find next file
2018-12-17T22:46:25.270838637Z 79 PC: 1cf2e | Find next file
2018-12-17T22:46:25.274300318Z 79 PC: 1cf2e | Find next file
2018-12-17T22:46:25.27816152Z 79 PC: 1cf2e | Find next file
2018-12-17T22:46:25.281855348Z 79 PC: 1cf2e | Find next file
2018-12-17T22:46:25.285165344Z 79 PC: 1cf2e | Find next file
2018-12-17T22:46:25.289417099Z 79 PC: 1cf2e | Find next file
2018-12-17T22:46:25.29299544Z 79 PC: 1cf2e | Find next file
2018-12-17T22:46:25.296501505Z 79 PC: 1cf2e | Find next file
2018-12-17T22:46:25.299974427Z 79 PC: 1cf2e | Find next file
2018-12-17T22:46:25.304173033Z 79 PC: 1cf2e | Find next file
2018-12-17T22:46:25.30782392Z 79 PC: 1cf2e | Find next file
2018-12-17T22:46:25.31199287Z 79 PC: 1cf2e | Find next file
2018-12-17T22:46:25.316466062Z 79 PC: 1cf2e | Find next file
2018-12-17T22:46:25.3201657Z 79 PC: 1cf2e | Find next file
2018-12-17T22:46:25.323885797Z 79 PC: 1cf2e | Find next file
2018-12-17T22:46:25.328694468Z 79 PC: 1cf2e | Find next file
2018-12-17T22:46:25.332373758Z 79 PC: 1cf2e | Find next file
2018-12-17T22:46:25.335993146Z 79 PC: 1cf2e | Find next file
2018-12-17T22:46:25.340472809Z 79 PC: 1cf2e | Find next file
2018-12-17T22:46:25.34479138Z 79 PC: 1cf2e | Find next file
2018-12-17T22:46:25.34806559Z 79 PC: 1cf2e | Find next file
2018-12-17T22:46:25.352343313Z 79 PC: 1cf2e | Find next file
2018-12-17T22:46:25.355672957Z 79 PC: 1cf2e | Find next file
2018-12-17T22:46:25.359209269Z 79 PC: 1cf2e | Find next file
2018-12-17T22:46:25.362849556Z 79 PC: 1cf2e | Find next file
2018-12-17T22:46:25.367975784Z 79 PC: 1cf2e | Find next file
2018-12-17T22:46:25.371644504Z 79 PC: 1cf2e | Find next file
2018-12-17T22:46:25.375275163Z 79 PC: 1cf2e | Find next file
2018-12-17T22:46:25.380009214Z 79 PC: 1cf2e | Find next file
2018-12-17T22:46:25.384116899Z 79 PC: 1cf2e | Find next file
2018-12-17T22:46:25.387654453Z 79 PC: 1cf2e | Find next file
2018-12-17T22:46:25.392585273Z 78 PC: 1cf1e | Find first file
2018-12-17T22:46:25.399132981Z 79 PC: 1cf2e | Find next file
2018-12-17T22:46:25.402525743Z 79 PC: 1cf2e | Find next file
2018-12-17T22:46:25.406904046Z 79 PC: 1cf2e | Find next file
2018-12-17T22:46:25.410415191Z 79 PC: 1cf2e | Find next file
2018-12-17T22:46:25.41377971Z 78 PC: 1cf1e | Find first file
2018-12-17T22:46:25.421391105Z 79 PC: 1cf2e | Find next file
2018-12-17T22:46:25.42597289Z 79 PC: 1cf2e | Find next file
2018-12-17T22:46:25.429559596Z 67 PC: 1c8f6 | Get or set file attributes
2018-12-17T22:46:25.780560124Z 61 PC: 1c901 | Open file (Filename = 'MSD.EXE')
2018-12-17T22:46:25.791605358Z 63 PC: 1c915 | Read file or device (Read 24 bytes on handle 5)
2018-12-17T22:46:25.797959081Z 66 PC: 1c980 | Move file pointer
2018-12-17T22:46:25.799956443Z 66 PC: 1ca76 | Move file pointer
2018-12-17T22:46:25.803852951Z 64 PC: 1ccb7 | Write file or device (Write 3745 bytes on handle 5)
2018-12-17T22:46:25.815551012Z 66 PC: 1ccc3 | Move file pointer
2018-12-17T22:46:25.816991958Z 64 PC: 1cccd | Write file or device (Write 24 bytes on handle 5)
2018-12-17T22:46:25.82113554Z 87 PC: 1ccdd | Get or set file date and time
2018-12-17T22:46:25.822755022Z 62 PC: 1cce9 | Close file
2018-12-17T22:46:25.829195919Z 67 PC: 1ccf7 | Get or set file attributes
2018-12-17T22:46:25.838529268Z 79 PC: 1cd04 | Find next file
2018-12-17T22:46:25.84125653Z 67 PC: 1c8f6 | Get or set file attributes
2018-12-17T22:46:25.848793786Z 61 PC: 1c901 | Open file (Filename = 'PACKAGER.EXE')
2018-12-17T22:46:25.855858946Z 63 PC: 1c915 | Read file or device (Read 24 bytes on handle 5)
2018-12-17T22:46:25.860724995Z 62 PC: 1cce9 | Close file
2018-12-17T22:46:25.862627959Z 67 PC: 1ccf7 | Get or set file attributes
2018-12-17T22:46:25.871089912Z 79 PC: 1cd04 | Find next file
2018-12-17T22:46:25.874534501Z 67 PC: 1c8f6 | Get or set file attributes
2018-12-17T22:46:25.883886906Z 61 PC: 1c901 | Open file (Filename = 'PBRUSH.EXE')
2018-12-17T22:46:25.891495987Z 63 PC: 1c915 | Read file or device (Read 24 bytes on handle 5)
2018-12-17T22:46:25.898271693Z 62 PC: 1cce9 | Close file
2018-12-17T22:46:25.900474981Z 67 PC: 1ccf7 | Get or set file attributes
2018-12-17T22:46:25.911280335Z 79 PC: 1cd04 | Find next file
2018-12-17T22:46:25.915988467Z 67 PC: 1c8f6 | Get or set file attributes
2018-12-17T22:46:25.926066335Z 61 PC: 1c901 | Open file (Filename = 'SOL.EXE')
2018-12-17T22:46:25.933179173Z 63 PC: 1c915 | Read file or device (Read 24 bytes on handle 5)
2018-12-17T22:46:25.940481749Z 62 PC: 1cce9 | Close file
2018-12-17T22:46:25.942724711Z 67 PC: 1ccf7 | Get or set file attributes
2018-12-17T22:46:25.952870727Z 42 PC: 1cd15 | Get date 0x1cd15: cmp cx, 0x7bc
0x1cd19: jne 0x1cd1f
0x1cd1b: mov bl, 0xf
0x1cd1d: jmp 0x1cd35
0x1cd1f: cmp cx, word ptr [0xd0d]
0x1cd23: je 0x1cd2a
0x1cd25: jae 0x1cd33
0x1cd27: jmp 0x1ce7e
0x1cd2a: cmp dx, word ptr [0xd0b]
0x1cd2e: jae 0x1cd33
0x1cd30: jmp 0x1ce7e
0x1cd33: mov bl, 0
0x1cd35: call 0x1ced2
0x1cd38: dec ax
0x1cd39: and al, bl
0x1cd3b: je 0x1cd40
0x1cd3d: jmp 0x1ce7e
0x1cd40: jmp 0x1ce46
0x1cd43: pop dx
0x1cd44: push sp
2018-12-17T22:46:25.956074254Z 59 PC: 1ce85 | Change current directory
2018-12-17T22:46:25.959794661Z 13 PC: 1ce89 | Disk reset
2018-12-17T22:46:25.961394526Z 14 PC: 1ce91 | Set default drive (Drive = 'A')
2018-12-17T22:46:25.964025127Z 98 PC: 1d39f | Get current PSP
2018-12-17T22:46:25.96526236Z 26 PC: 1d3aa | Set disk transfer address
2018-12-17T22:46:25.980808037Z 74 PC: 12add | Reallocate memory
2018-12-17T22:46:25.983761033Z 48 PC: 12af9 | Get DOS version
2018-12-17T22:46:25.985358553Z 55 PC: 12b08 | Get or set switch character
2018-12-17T22:46:25.986801063Z 48 PC: 12b21 | Get DOS version
2018-12-17T22:46:25.989103297Z 56 PC: 1f6ab | Get or set country info
2018-12-17T22:46:25.990598816Z 102 PC: 1f6b7 | Get or set code page
2018-12-17T22:46:25.992766276Z 2 PC: 1f0d7 | Character output (Char = '41')
2018-12-17T22:46:25.995992425Z 2 PC: 1f0d7 | Character output (Char = '44')
2018-12-17T22:46:25.9983162Z 2 PC: 1f0d7 | Character output (Char = '2d')
2018-12-17T22:46:26.000591363Z 2 PC: 1f0d7 | Character output (Char = '41')
2018-12-17T22:46:26.004169824Z 2 PC: 1f0d7 | Character output (Char = '63')
2018-12-17T22:46:26.006805674Z 2 PC: 1f0d7 | Character output (Char = '65')
2018-12-17T22:46:26.009547784Z 2 PC: 1f0d7 | Character output (Char = '6c')
2018-12-17T22:46:26.012486444Z 2 PC: 1f0d7 | Character output (Char = '65')
2018-12-17T22:46:26.015706031Z 2 PC: 1f0d7 | Character output (Char = '72')
2018-12-17T22:46:26.018052818Z 2 PC: 1f0d7 | Character output (Char = '61')
2018-12-17T22:46:26.020324324Z 2 PC: 1f0d7 | Character output (Char = '72')
2018-12-17T22:46:26.02389516Z 2 PC: 1f0d7 | Character output (Char = '20')
2018-12-17T22:46:26.026512386Z 2 PC: 1f0d7 | Character output (Char = '44')
2018-12-17T22:46:26.029127548Z 2 PC: 1f0d7 | Character output (Char = '69')
2018-12-17T22:46:26.032400535Z 2 PC: 1f0d7 | Character output (Char = '73')
2018-12-17T22:46:26.034702057Z 2 PC: 1f0d7 | Character output (Char = '63')
2018-12-17T22:46:26.036852727Z 2 PC: 1f0d7 | Character output (Char = '6f')
2018-12-17T22:46:26.039543761Z 2 PC: 1f0d7 | Character output (Char = '2c')
2018-12-17T22:46:26.041717965Z 2 PC: 1f0d7 | Character output (Char = '20')
2018-12-17T22:46:26.04414323Z 2 PC: 1f0d7 | Character output (Char = '45')
2018-12-17T22:46:26.047842377Z 2 PC: 1f0d7 | Character output (Char = '64')
2018-12-17T22:46:26.0509589Z 2 PC: 1f0d7 | Character output (Char = '69')
2018-12-17T22:46:26.05322167Z 2 PC: 1f0d7 | Character output (Char = '63')
2018-12-17T22:46:26.056094456Z 2 PC: 1f0d7 | Character output (Char = '69')
2018-12-17T22:46:26.058401629Z 2 PC: 1f0d7 | Character output (Char = 'a2')
2018-12-17T22:46:26.060619243Z 2 PC: 1f0d7 | Character output (Char = '6e')
2018-12-17T22:46:26.063763689Z 2 PC: 1f0d7 | Character output (Char = '20')
2018-12-17T22:46:26.066297478Z 2 PC: 1f0d7 | Character output (Char = '41')
2018-12-17T22:46:26.069734133Z 2 PC: 1f0d7 | Character output (Char = '76')
2018-12-17T22:46:26.073324756Z 2 PC: 1f0d7 | Character output (Char = '61')
2018-12-17T22:46:26.075865819Z 2 PC: 1f0d7 | Character output (Char = '6e')
2018-12-17T22:46:26.078365553Z 2 PC: 1f0d7 | Character output (Char = '7a')
2018-12-17T22:46:26.082078467Z 2 PC: 1f0d7 | Character output (Char = '61')
2018-12-17T22:46:26.084473195Z 2 PC: 1f0d7 | Character output (Char = '64')
2018-12-17T22:46:26.086782782Z 2 PC: 1f0d7 | Character output (Char = '61')
2018-12-17T22:46:26.09056749Z 2 PC: 1f0d7 | Character output (Char = '20')
2018-12-17T22:46:26.092830952Z 2 PC: 1f0d7 | Character output (Char = '34')
2018-12-17T22:46:26.095131002Z 2 PC: 1f0d7 | Character output (Char = '2e')
2018-12-17T22:46:26.098626787Z 2 PC: 1f0d7 | Character output (Char = '35')
2018-12-17T22:46:26.101001517Z 2 PC: 1f0d7 | Character output (Char = '30')
2018-12-17T22:46:26.103415531Z 2 PC: 1f0d7 | Character output (Char = '2c')
2018-12-17T22:46:26.106898572Z 2 PC: 1f0d7 | Character output (Char = '20')
2018-12-17T22:46:26.109366478Z 2 PC: 1f0d7 | Character output (Char = '28')
2018-12-17T22:46:26.111973654Z 2 PC: 1f0d7 | Character output (Char = '43')
2018-12-17T22:46:26.115438622Z 2 PC: 1f0d7 | Character output (Char = '29')
2018-12-17T22:46:26.117983411Z 2 PC: 1f0d7 | Character output (Char = '20')
2018-12-17T22:46:26.120631184Z 2 PC: 1f0d7 | Character output (Char = '43')
2018-12-17T22:46:26.124373954Z 2 PC: 1f0d7 | Character output (Char = '6f')
2018-12-17T22:46:26.127206153Z 2 PC: 1f0d7 | Character output (Char = '70')
2018-12-17T22:46:26.130003767Z 2 PC: 1f0d7 | Character output (Char = '72')
2018-12-17T22:46:26.134729112Z 2 PC: 1f0d7 | Character output (Char = '20')
2018-12-17T22:46:26.138668902Z 2 PC: 1f0d7 | Character output (Char = '31')
2018-12-17T22:46:26.141775356Z 2 PC: 1f0d7 | Character output (Char = '39')
2018-12-17T22:46:26.144506195Z 2 PC: 1f0d7 | Character output (Char = '38')
2018-12-17T22:46:26.148389498Z 2 PC: 1f0d7 | Character output (Char = '37')
2018-12-17T22:46:26.150974403Z 2 PC: 1f0d7 | Character output (Char = '2d')
2018-12-17T22:46:26.153555711Z 2 PC: 1f0d7 | Character output (Char = '38')
2018-12-17T22:46:26.158447388Z 2 PC: 1f0d7 | Character output (Char = '38')
2018-12-17T22:46:26.161059344Z 2 PC: 1f0d7 | Character output (Char = '2c')
2018-12-17T22:46:26.163610225Z 2 PC: 1f0d7 | Character output (Char = '20')
2018-12-17T22:46:26.167170151Z 2 PC: 1f0d7 | Character output (Char = '50')
2018-12-17T22:46:26.169609181Z 2 PC: 1f0d7 | Character output (Char = '65')
2018-12-17T22:46:26.172081996Z 2 PC: 1f0d7 | Character output (Char = '74')
2018-12-17T22:46:26.175354893Z 2 PC: 1f0d7 | Character output (Char = '65')
2018-12-17T22:46:26.177812709Z 2 PC: 1f0d7 | Character output (Char = '72')
2018-12-17T22:46:26.180237313Z 2 PC: 1f0d7 | Character output (Char = '20')
2018-12-17T22:46:26.183357503Z 2 PC: 1f0d7 | Character output (Char = '4e')
2018-12-17T22:46:26.185768532Z 2 PC: 1f0d7 | Character output (Char = '6f')
2018-12-17T22:46:26.188076346Z 2 PC: 1f0d7 | Character output (Char = '72')
2018-12-17T22:46:26.191195734Z 2 PC: 1f0d7 | Character output (Char = '74')
2018-12-17T22:46:26.193524077Z 2 PC: 1f0d7 | Character output (Char = '6f')
2018-12-17T22:46:26.196105425Z 2 PC: 1f0d7 | Character output (Char = '6e')
2018-12-17T22:46:26.199382871Z 2 PC: 1f0d0 | Character output (Char = '0d')
2018-12-17T22:46:26.202023681Z 2 PC: 1f0d7 | Character output (Char = '0a')
2018-12-17T22:46:26.20633606Z 2 PC: 1f0d0 | Character output (Char = '0d')
2018-12-17T22:46:26.209415734Z 2 PC: 1f0d7 | Character output (Char = '0a')
2018-12-17T22:46:26.213799788Z 13 PC: 1b649 | Disk reset
2018-12-17T22:46:26.215569552Z 25 PC: 1b61a | Get default drive
2018-12-17T22:46:26.217773351Z 37 PC: 1b4e9 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:46:26.220159211Z 53 PC: 1b45f | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:46:26.221522642Z 53 PC: 1b46c | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:46:26.223977383Z 37 PC: 1b47e | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:46:26.225339782Z 37 PC: 1b488 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:46:26.236718733Z 25 PC: 1b61a | Get default drive
2018-12-17T22:46:26.240121374Z 14 PC: 1b657 | Set default drive (Drive = 'A')
2018-12-17T22:46:26.242683886Z 14 PC: 1b657 | Set default drive (Drive = 'A')
2018-12-17T22:46:26.244506068Z 25 PC: 1b61a | Get default drive
2018-12-17T22:46:26.247400945Z 41 PC: 1b63e | Parse filename
2018-12-17T22:46:26.249222576Z 96 PC: 1e852 | Qualify filename
2018-12-17T22:46:26.252001205Z 68 PC: 1b6a6 | I/O control for devices (Set for = 'W�')
2018-12-17T22:46:26.255198711Z 14 PC: 1b657 | Set default drive (Drive = 'C')
2018-12-17T22:46:26.257007037Z 25 PC: 1b61a | Get default drive
2018-12-17T22:46:26.258865627Z 41 PC: 1b63e | Parse filename
2018-12-17T22:46:26.26349914Z 96 PC: 1e852 | Qualify filename
2018-12-17T22:46:26.267903612Z 68 PC: 1b6a6 | I/O control for devices (Set for = 'W�')
2018-12-17T22:46:26.270233438Z 14 PC: 1b657 | Set default drive (Drive = 'D')
2018-12-17T22:46:26.272704038Z 25 PC: 1b61a | Get default drive
2018-12-17T22:46:26.274309774Z 41 PC: 1b63e | Parse filename
2018-12-17T22:46:26.27649603Z 14 PC: 1b657 | Set default drive (Drive = 'E')
2018-12-17T22:46:26.279238261Z 25 PC: 1b61a | Get default drive
2018-12-17T22:46:26.280582876Z 41 PC: 1b63e | Parse filename
2018-12-17T22:46:26.282722013Z 14 PC: 1b657 | Set default drive (Drive = 'A')
2018-12-17T22:46:26.507145171Z 12 PC: 1e7a8 | Flush input buffer and input
2018-12-17T22:46:26.511413597Z 7 PC: 1e789 | Direct console input without echo

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8874,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:22:08.477624971Z 44 PC: 1c6d6 | Get time 0x1c6d6: xor al, al
0x1c6d8: mov ah, ch
0x1c6da: add ah, cl
0x1c6dc: add ah, dh
0x1c6de: add ah, dl
0x1c6e0: mov word ptr [0xdd5], ax
0x1c6e3: xor ax, ax
0x1c6e5: mov es, ax
0x1c6e7: mov ax, word ptr es:[0x90]
0x1c6eb: mov word ptr [0xe67], ax
0x1c6ee: mov ax, word ptr es:[0x92]
0x1c6f2: mov word ptr [0xe69], ax
0x1c6f5: mov word ptr es:[0x92], cs
0x1c6fa: mov word ptr es:[0x90], 0x907
0x1c701: mov word ptr [0xe90], 0
0x1c707: mov ah, 0x19
0x1c709: int 0x21
0x1c70b: mov byte ptr [0xe76], al
0x1c70e: mov dl, al
0x1c710: call 0x1ced2
2018-12-25T12:22:08.480614747Z 25 PC: 1c70b | Get default drive
2018-12-25T12:22:08.481755979Z 82 PC: 1c734 | Get DOS internal pointers (SYSVARS)
2018-12-25T12:22:08.482839201Z 14 PC: 1c74d | Set default drive (Drive = 'C')
2018-12-25T12:22:08.490030355Z 54 PC: 1c7fb | Get free disk space
2018-12-25T12:22:08.535631934Z 42 PC: 1c814 | Get date 0x1c814: mov word ptr [0xdd3], cx
0x1c818: sub dx, 0x101
0x1c81c: mov cl, dl
0x1c81e: mov al, dh
0x1c820: mov bl, 0x1f
0x1c822: mul bl
0x1c824: xor ch, ch
0x1c826: add ax, cx
0x1c828: add ax, word ptr [0xd09]
0x1c82c: xor dx, dx
0x1c82e: mov bx, 0x174
0x1c831: div bx
0x1c833: add word ptr [0xdd3], ax
0x1c837: mov ax, dx
0x1c839: mov bl, 0x1f
0x1c83b: div bl
0x1c83d: xchg al, ah
0x1c83f: add ax, 0x101
0x1c842: mov word ptr [0xdd1], ax
0x1c845: mov ah, 0x1a
2018-12-25T12:22:08.537641365Z 26 PC: 1c84c | Set disk transfer address
2018-12-25T12:22:08.53896511Z 71 PC: 1c85d | Get current directory
2018-12-25T12:22:08.541067122Z 59 PC: 1c869 | Change current directory
2018-12-25T12:22:08.544336476Z 78 PC: 1cf1e | Find first file
2018-12-25T12:22:08.552171754Z 79 PC: 1cf2e | Find next file
2018-12-25T12:22:08.554485231Z 79 PC: 1cf2e | Find next file (See above)
2018-12-25T12:22:08.557374191Z 78 PC: 1cf1e | Find first file (See above)
2018-12-25T12:22:08.562946472Z 78 PC: 1cf1e | Find first file (See above)
2018-12-25T12:22:08.568133495Z 71 PC: 1c89d | Get current directory
2018-12-25T12:22:08.570373136Z 59 PC: 1c8bf | Change current directory
2018-12-25T12:22:08.579493535Z 78 PC: 1cf1e | Find first file (See above)
2018-12-25T12:22:08.587540799Z 79 PC: 1cf2e | Find next file (See above)
2018-12-25T12:22:08.59026368Z 79 PC: 1cf2e | Find next file (See above)
2018-12-25T12:22:08.602445821Z 78 PC: 1cf1e | Find first file (See above)
2018-12-25T12:22:08.608101212Z 79 PC: 1cf2e | Find next file (See above)
2018-12-25T12:22:08.61094203Z 79 PC: 1cf2e | Find next file (See above)
2018-12-25T12:22:08.614107277Z 79 PC: 1cf2e | Find next file (See above)
2018-12-25T12:22:08.617448392Z 79 PC: 1cf2e | Find next file (See above)
2018-12-25T12:22:08.620323805Z 79 PC: 1cf2e | Find next file (See above)
2018-12-25T12:22:08.624375271Z 79 PC: 1cf2e | Find next file (See above)
2018-12-25T12:22:08.62726335Z 79 PC: 1cf2e | Find next file (See above)
2018-12-25T12:22:08.630066033Z 79 PC: 1cf2e | Find next file (See above)
2018-12-25T12:22:08.633248027Z 79 PC: 1cf2e | Find next file (See above)
2018-12-25T12:22:08.636072634Z 79 PC: 1cf2e | Find next file (See above)
2018-12-25T12:22:08.638898217Z 79 PC: 1cf2e | Find next file (See above)
2018-12-25T12:22:08.642194284Z 79 PC: 1cf2e | Find next file (See above)
2018-12-25T12:22:08.64509925Z 79 PC: 1cf2e | Find next file (See above)
2018-12-25T12:22:08.647775872Z 79 PC: 1cf2e | Find next file (See above)
2018-12-25T12:22:08.652618953Z 79 PC: 1cf2e | Find next file (See above)
2018-12-25T12:22:08.655503406Z 79 PC: 1cf2e | Find next file (See above)
2018-12-25T12:22:08.65831639Z 78 PC: 1cf1e | Find first file (See above)
2018-12-25T12:22:08.669690638Z 79 PC: 1cf2e | Find next file (See above)
2018-12-25T12:22:08.672813065Z 79 PC: 1cf2e | Find next file (See above)
2018-12-25T12:22:08.675585724Z 78 PC: 1cf1e | Find first file (See above)
2018-12-25T12:22:08.681970201Z 67 PC: 1c8f6 | Get or set file attributes
2018-12-25T12:22:09.649715374Z 61 PC: 1c901 | Open file (Filename = 'ATTRIB.EXE')
2018-12-25T12:22:09.657319329Z 63 PC: 1c915 | Read file or device (Read 24 bytes on handle 5)
2018-12-25T12:22:09.663642924Z 66 PC: 1c980 | Move file pointer
2018-12-25T12:22:09.66541566Z 66 PC: 1ca76 | Move file pointer
2018-12-25T12:22:09.667868821Z 64 PC: 1ccb7 | Write file or device (Write 3577 bytes on handle 5)
2018-12-25T12:22:09.67889965Z 66 PC: 1ccc3 | Move file pointer
2018-12-25T12:22:09.68053571Z 64 PC: 1cccd | Write file or device (Write 24 bytes on handle 5)
2018-12-25T12:22:09.683592038Z 87 PC: 1ccdd | Get or set file date and time
2018-12-25T12:22:09.686026421Z 62 PC: 1cce9 | Close file
2018-12-25T12:22:09.692961801Z 67 PC: 1ccf7 | Get or set file attributes
2018-12-25T12:22:09.702220094Z 79 PC: 1cd04 | Find next file
2018-12-25T12:22:09.706340809Z 67 PC: 1c8f6 | Get or set file attributes (See above)
2018-12-25T12:22:09.716055542Z 61 PC: 1c901 | Open file (See above)
2018-12-25T12:22:09.723301501Z 63 PC: 1c915 | Read file or device (See above)
2018-12-25T12:22:09.72939444Z 66 PC: 1c980 | Move file pointer (See above)
2018-12-25T12:22:09.731624119Z 66 PC: 1ca76 | Move file pointer (See above)
2018-12-25T12:22:09.734439527Z 64 PC: 1ccb7 | Write file or device (See above)
2018-12-25T12:22:09.744240219Z 66 PC: 1ccc3 | Move file pointer (See above)
2018-12-25T12:22:09.746271229Z 64 PC: 1cccd | Write file or device (See above)
2018-12-25T12:22:09.749186259Z 87 PC: 1ccdd | Get or set file date and time (See above)
2018-12-25T12:22:09.751622197Z 62 PC: 1cce9 | Close file (See above)
2018-12-25T12:22:09.75873183Z 67 PC: 1ccf7 | Get or set file attributes (See above)
2018-12-25T12:22:09.768129317Z 79 PC: 1cd04 | Find next file (See above)
2018-12-25T12:22:09.771380087Z 67 PC: 1c8f6 | Get or set file attributes (See above)
2018-12-25T12:22:09.780764015Z 61 PC: 1c901 | Open file (See above)
2018-12-25T12:22:09.787920683Z 63 PC: 1c915 | Read file or device (See above)
2018-12-25T12:22:09.793789662Z 66 PC: 1c980 | Move file pointer (See above)
2018-12-25T12:22:09.795494413Z 66 PC: 1ca76 | Move file pointer (See above)
2018-12-25T12:22:09.797739298Z 64 PC: 1ccb7 | Write file or device (See above)
2018-12-25T12:22:09.810487843Z 66 PC: 1ccc3 | Move file pointer (See above)
2018-12-25T12:22:09.813855361Z 64 PC: 1cccd | Write file or device (See above)
2018-12-25T12:22:09.820062892Z 87 PC: 1ccdd | Get or set file date and time (See above)
2018-12-25T12:22:09.822811365Z 62 PC: 1cce9 | Close file (See above)
2018-12-25T12:22:09.830529731Z 67 PC: 1ccf7 | Get or set file attributes (See above)
2018-12-25T12:22:09.840025324Z 79 PC: 1cd04 | Find next file (See above)
2018-12-25T12:22:09.845013897Z 67 PC: 1c8f6 | Get or set file attributes (See above)
2018-12-25T12:22:09.856383157Z 61 PC: 1c901 | Open file (See above)
2018-12-25T12:22:09.863344266Z 63 PC: 1c915 | Read file or device (See above)
2018-12-25T12:22:09.868772604Z 66 PC: 1c980 | Move file pointer (See above)
2018-12-25T12:22:09.871185511Z 66 PC: 1ca76 | Move file pointer (See above)
2018-12-25T12:22:09.873672028Z 64 PC: 1ccb7 | Write file or device (See above)
2018-12-25T12:22:09.882213476Z 66 PC: 1ccc3 | Move file pointer (See above)
2018-12-25T12:22:09.884723858Z 64 PC: 1cccd | Write file or device (See above)
2018-12-25T12:22:09.887512951Z 87 PC: 1ccdd | Get or set file date and time (See above)
2018-12-25T12:22:09.888922725Z 62 PC: 1cce9 | Close file (See above)
2018-12-25T12:22:09.911227135Z 67 PC: 1ccf7 | Get or set file attributes (See above)
2018-12-25T12:22:09.921175696Z 42 PC: 1cd15 | Get date 0x1cd15: cmp cx, 0x7bc
0x1cd19: jne 0x1cd1f
0x1cd1b: mov bl, 0xf
0x1cd1d: jmp 0x1cd35
0x1cd1f: cmp cx, word ptr [0xd0d]
0x1cd23: je 0x1cd2a
0x1cd25: jae 0x1cd33
0x1cd27: jmp 0x1ce7e
0x1cd2a: cmp dx, word ptr [0xd0b]
0x1cd2e: jae 0x1cd33
0x1cd30: jmp 0x1ce7e
0x1cd33: mov bl, 0
0x1cd35: call 0x1ced2
0x1cd38: dec ax
0x1cd39: and al, bl
0x1cd3b: je 0x1cd40
0x1cd3d: jmp 0x1ce7e
0x1cd40: jmp 0x1ce46
0x1cd43: pop dx
0x1cd44: push sp
2018-12-25T12:22:09.923329081Z 59 PC: 1ce85 | Change current directory
2018-12-25T12:22:09.927748184Z 13 PC: 1ce89 | Disk reset
2018-12-25T12:22:09.929402851Z 14 PC: 1ce91 | Set default drive (Drive = 'A')
2018-12-25T12:22:09.931183732Z 98 PC: 1d39f | Get current PSP
2018-12-25T12:22:09.932752489Z 26 PC: 1d3aa | Set disk transfer address
2018-12-25T12:22:09.949103387Z 74 PC: 12add | Reallocate memory
2018-12-25T12:22:09.950742366Z 48 PC: 12af9 | Get DOS version
2018-12-25T12:22:09.952908777Z 55 PC: 12b08 | Get or set switch character
2018-12-25T12:22:09.954094249Z 48 PC: 12b21 | Get DOS version
2018-12-25T12:22:09.955614614Z 56 PC: 1f6ab | Get or set country info
2018-12-25T12:22:09.958350844Z 102 PC: 1f6b7 | Get or set code page
2018-12-25T12:22:09.960583285Z 2 PC: 1f0d7 | Character output (Char = '41')
2018-12-25T12:22:09.962933923Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:09.966109752Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:09.968468818Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:09.970792026Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:09.974560006Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:09.977267678Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:09.979600231Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:09.982526534Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:09.984523935Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:09.986418388Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:09.989289579Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:09.99226551Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:09.994675665Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:09.997764453Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:10.000236789Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:10.002540237Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:10.006447596Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:10.008777443Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:10.011041645Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:10.013742862Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:10.016050768Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:10.01834545Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:10.022765647Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:10.025619914Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:10.027996511Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:10.030594434Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:10.03280881Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:10.035101189Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:10.037691508Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:10.039973204Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:10.042252315Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:10.04490393Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:10.046878892Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:10.048856961Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:10.051460703Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:10.055188995Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:10.057192931Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:10.060162476Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:10.062303807Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:10.064433736Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:10.067189404Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:10.06936255Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:10.073093056Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:10.076406577Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:10.078737203Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:10.081031692Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:10.084338187Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:10.086688824Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:10.089004893Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:10.092328528Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:10.094666972Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:10.096958466Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:10.100264346Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:10.102567028Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:10.104869755Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:10.108182559Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:10.110521877Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:10.11284922Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:10.116191197Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:10.118487443Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:10.120813704Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:10.124117583Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:10.126535069Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:10.129046509Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:10.132355461Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:10.134676178Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:10.136982303Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:10.140209752Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:10.142415507Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:10.145043993Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:10.147968704Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:10.150954414Z 2 PC: 1f0d0 | Character output (Char = '0d')
2018-12-25T12:22:10.152830451Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:10.157452074Z 2 PC: 1f0d0 | Character output (See above)
2018-12-25T12:22:10.159296214Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:10.163395823Z 13 PC: 1b649 | Disk reset
2018-12-25T12:22:10.165544345Z 25 PC: 1b61a | Get default drive
2018-12-25T12:22:10.166655592Z 37 PC: 1b4e9 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:22:10.16804722Z 53 PC: 1b45f | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:22:10.169622492Z 53 PC: 1b46c | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-25T12:22:10.170687284Z 37 PC: 1b47e | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-25T12:22:10.171953875Z 37 PC: 1b488 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:22:10.181251928Z 25 PC: 1b61a | Get default drive (See above)
2018-12-25T12:22:10.182274788Z 14 PC: 1b657 | Set default drive (Drive = 'A')
2018-12-25T12:22:10.183445594Z 14 PC: 1b657 | Set default drive (See above)
2018-12-25T12:22:10.184847173Z 25 PC: 1b61a | Get default drive (See above)
2018-12-25T12:22:10.185720431Z 41 PC: 1b63e | Parse filename
2018-12-25T12:22:10.186992408Z 96 PC: 1e852 | Qualify filename
2018-12-25T12:22:10.189170129Z 68 PC: 1b6a6 | I/O control for devices (Set for = 'W�')
2018-12-25T12:22:10.190251376Z 14 PC: 1b657 | Set default drive (See above)
2018-12-25T12:22:10.191256747Z 25 PC: 1b61a | Get default drive (See above)
2018-12-25T12:22:10.192435876Z 41 PC: 1b63e | Parse filename (See above)
2018-12-25T12:22:10.19354518Z 96 PC: 1e852 | Qualify filename (See above)
2018-12-25T12:22:10.195712427Z 68 PC: 1b6a6 | I/O control for devices (See above)
2018-12-25T12:22:10.196912585Z 14 PC: 1b657 | Set default drive (See above)
2018-12-25T12:22:10.197743487Z 25 PC: 1b61a | Get default drive (See above)
2018-12-25T12:22:10.199219894Z 41 PC: 1b63e | Parse filename (See above)
2018-12-25T12:22:10.200437558Z 14 PC: 1b657 | Set default drive (See above)
2018-12-25T12:22:10.20137949Z 25 PC: 1b61a | Get default drive (See above)
2018-12-25T12:22:10.202756352Z 41 PC: 1b63e | Parse filename (See above)
2018-12-25T12:22:10.203999575Z 14 PC: 1b657 | Set default drive (See above)
2018-12-25T12:22:10.336699027Z 12 PC: 1e7a8 | Flush input buffer and input
2018-12-25T12:22:10.341099925Z 7 PC: 1e789 | Direct console input without echo

{"DateBased":true,"Day":1,"Month":1,"Year":1981,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8874,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:22:08.940047088Z 44 PC: 1c6d6 | Get time 0x1c6d6: xor al, al
0x1c6d8: mov ah, ch
0x1c6da: add ah, cl
0x1c6dc: add ah, dh
0x1c6de: add ah, dl
0x1c6e0: mov word ptr [0xdd5], ax
0x1c6e3: xor ax, ax
0x1c6e5: mov es, ax
0x1c6e7: mov ax, word ptr es:[0x90]
0x1c6eb: mov word ptr [0xe67], ax
0x1c6ee: mov ax, word ptr es:[0x92]
0x1c6f2: mov word ptr [0xe69], ax
0x1c6f5: mov word ptr es:[0x92], cs
0x1c6fa: mov word ptr es:[0x90], 0x907
0x1c701: mov word ptr [0xe90], 0
0x1c707: mov ah, 0x19
0x1c709: int 0x21
0x1c70b: mov byte ptr [0xe76], al
0x1c70e: mov dl, al
0x1c710: call 0x1ced2
2018-12-25T12:22:08.942503016Z 25 PC: 1c70b | Get default drive
2018-12-25T12:22:08.943864239Z 82 PC: 1c734 | Get DOS internal pointers (SYSVARS)
2018-12-25T12:22:08.945137985Z 14 PC: 1c74d | Set default drive (Drive = 'C')
2018-12-25T12:22:08.951183872Z 54 PC: 1c7fb | Get free disk space
2018-12-25T12:22:08.996735825Z 42 PC: 1c814 | Get date 0x1c814: mov word ptr [0xdd3], cx
0x1c818: sub dx, 0x101
0x1c81c: mov cl, dl
0x1c81e: mov al, dh
0x1c820: mov bl, 0x1f
0x1c822: mul bl
0x1c824: xor ch, ch
0x1c826: add ax, cx
0x1c828: add ax, word ptr [0xd09]
0x1c82c: xor dx, dx
0x1c82e: mov bx, 0x174
0x1c831: div bx
0x1c833: add word ptr [0xdd3], ax
0x1c837: mov ax, dx
0x1c839: mov bl, 0x1f
0x1c83b: div bl
0x1c83d: xchg al, ah
0x1c83f: add ax, 0x101
0x1c842: mov word ptr [0xdd1], ax
0x1c845: mov ah, 0x1a
2018-12-25T12:22:08.998809661Z 26 PC: 1c84c | Set disk transfer address
2018-12-25T12:22:09.015026592Z 71 PC: 1c85d | Get current directory
2018-12-25T12:22:09.017306616Z 59 PC: 1c869 | Change current directory
2018-12-25T12:22:09.020588069Z 78 PC: 1cf1e | Find first file
2018-12-25T12:22:09.029537808Z 79 PC: 1cf2e | Find next file
2018-12-25T12:22:09.031945611Z 79 PC: 1cf2e | Find next file (See above)
2018-12-25T12:22:09.034261278Z 78 PC: 1cf1e | Find first file (See above)
2018-12-25T12:22:09.040029461Z 78 PC: 1cf1e | Find first file (See above)
2018-12-25T12:22:09.045056706Z 71 PC: 1c89d | Get current directory
2018-12-25T12:22:09.04742394Z 59 PC: 1c8bf | Change current directory
2018-12-25T12:22:09.057486275Z 78 PC: 1cf1e | Find first file (See above)
2018-12-25T12:22:09.065569512Z 79 PC: 1cf2e | Find next file (See above)
2018-12-25T12:22:09.068240681Z 79 PC: 1cf2e | Find next file (See above)
2018-12-25T12:22:09.074551236Z 78 PC: 1cf1e | Find first file (See above)
2018-12-25T12:22:09.080617498Z 79 PC: 1cf2e | Find next file (See above)
2018-12-25T12:22:09.083620331Z 79 PC: 1cf2e | Find next file (See above)
2018-12-25T12:22:09.089249337Z 79 PC: 1cf2e | Find next file (See above)
2018-12-25T12:22:09.093203571Z 79 PC: 1cf2e | Find next file (See above)
2018-12-25T12:22:09.097697469Z 79 PC: 1cf2e | Find next file (See above)
2018-12-25T12:22:09.102794557Z 79 PC: 1cf2e | Find next file (See above)
2018-12-25T12:22:09.105912446Z 79 PC: 1cf2e | Find next file (See above)
2018-12-25T12:22:09.108883421Z 79 PC: 1cf2e | Find next file (See above)
2018-12-25T12:22:09.112493912Z 79 PC: 1cf2e | Find next file (See above)
2018-12-25T12:22:09.11577317Z 79 PC: 1cf2e | Find next file (See above)
2018-12-25T12:22:09.118791346Z 79 PC: 1cf2e | Find next file (See above)
2018-12-25T12:22:09.122356824Z 79 PC: 1cf2e | Find next file (See above)
2018-12-25T12:22:09.125363363Z 79 PC: 1cf2e | Find next file (See above)
2018-12-25T12:22:09.128148014Z 79 PC: 1cf2e | Find next file (See above)
2018-12-25T12:22:09.131452867Z 79 PC: 1cf2e | Find next file (See above)
2018-12-25T12:22:09.134201337Z 79 PC: 1cf2e | Find next file (See above)
2018-12-25T12:22:09.136972407Z 78 PC: 1cf1e | Find first file (See above)
2018-12-25T12:22:09.143246033Z 79 PC: 1cf2e | Find next file (See above)
2018-12-25T12:22:09.14610691Z 79 PC: 1cf2e | Find next file (See above)
2018-12-25T12:22:09.148937874Z 78 PC: 1cf1e | Find first file (See above)
2018-12-25T12:22:09.155533326Z 79 PC: 1cf2e | Find next file (See above)
2018-12-25T12:22:09.158767052Z 79 PC: 1cf2e | Find next file (See above)
2018-12-25T12:22:09.16152522Z 79 PC: 1cf2e | Find next file (See above)
2018-12-25T12:22:09.165664755Z 79 PC: 1cf2e | Find next file (See above)
2018-12-25T12:22:09.168364956Z 79 PC: 1cf2e | Find next file (See above)
2018-12-25T12:22:09.171536999Z 79 PC: 1cf2e | Find next file (See above)
2018-12-25T12:22:09.174913503Z 67 PC: 1c8f6 | Get or set file attributes
2018-12-25T12:22:09.650377763Z 61 PC: 1c901 | Open file (Filename = 'NLSFUNC.EXE')
2018-12-25T12:22:09.657472341Z 63 PC: 1c915 | Read file or device (Read 24 bytes on handle 5)
2018-12-25T12:22:09.663884555Z 62 PC: 1cce9 | Close file
2018-12-25T12:22:09.665944387Z 67 PC: 1ccf7 | Get or set file attributes
2018-12-25T12:22:09.67528498Z 79 PC: 1cd04 | Find next file
2018-12-25T12:22:09.678125078Z 67 PC: 1c8f6 | Get or set file attributes (See above)
2018-12-25T12:22:09.684543223Z 61 PC: 1c901 | Open file (See above)
2018-12-25T12:22:09.6887449Z 63 PC: 1c915 | Read file or device (See above)
2018-12-25T12:22:09.694693054Z 66 PC: 1c980 | Move file pointer
2018-12-25T12:22:09.696056483Z 66 PC: 1ca76 | Move file pointer
2018-12-25T12:22:09.698122428Z 64 PC: 1ccb7 | Write file or device (Write 3505 bytes on handle 5)
2018-12-25T12:22:09.712859762Z 66 PC: 1ccc3 | Move file pointer
2018-12-25T12:22:09.714123563Z 64 PC: 1cccd | Write file or device (Write 24 bytes on handle 5)
2018-12-25T12:22:09.716933992Z 87 PC: 1ccdd | Get or set file date and time
2018-12-25T12:22:09.719231716Z 62 PC: 1cce9 | Close file (See above)
2018-12-25T12:22:09.725962081Z 67 PC: 1ccf7 | Get or set file attributes (See above)
2018-12-25T12:22:09.735007125Z 79 PC: 1cd04 | Find next file (See above)
2018-12-25T12:22:09.739205408Z 67 PC: 1c8f6 | Get or set file attributes (See above)
2018-12-25T12:22:09.748281154Z 61 PC: 1c901 | Open file (See above)
2018-12-25T12:22:09.754946544Z 63 PC: 1c915 | Read file or device (See above)
2018-12-25T12:22:09.761582204Z 62 PC: 1cce9 | Close file (See above)
2018-12-25T12:22:09.763937438Z 67 PC: 1ccf7 | Get or set file attributes (See above)
2018-12-25T12:22:09.773301161Z 79 PC: 1cd04 | Find next file (See above)
2018-12-25T12:22:09.776639933Z 67 PC: 1c8f6 | Get or set file attributes (See above)
2018-12-25T12:22:09.783035665Z 61 PC: 1c901 | Open file (See above)
2018-12-25T12:22:09.789370925Z 63 PC: 1c915 | Read file or device (See above)
2018-12-25T12:22:09.795404793Z 62 PC: 1cce9 | Close file (See above)
2018-12-25T12:22:09.797037738Z 67 PC: 1ccf7 | Get or set file attributes (See above)
2018-12-25T12:22:09.80657129Z 42 PC: 1cd15 | Get date 0x1cd15: cmp cx, 0x7bc
0x1cd19: jne 0x1cd1f
0x1cd1b: mov bl, 0xf
0x1cd1d: jmp 0x1cd35
0x1cd1f: cmp cx, word ptr [0xd0d]
0x1cd23: je 0x1cd2a
0x1cd25: jae 0x1cd33
0x1cd27: jmp 0x1ce7e
0x1cd2a: cmp dx, word ptr [0xd0b]
0x1cd2e: jae 0x1cd33
0x1cd30: jmp 0x1ce7e
0x1cd33: mov bl, 0
0x1cd35: call 0x1ced2
0x1cd38: dec ax
0x1cd39: and al, bl
0x1cd3b: je 0x1cd40
0x1cd3d: jmp 0x1ce7e
0x1cd40: jmp 0x1ce46
0x1cd43: pop dx
0x1cd44: push sp
2018-12-25T12:22:09.809746585Z 59 PC: 1ce85 | Change current directory
2018-12-25T12:22:09.813295912Z 13 PC: 1ce89 | Disk reset
2018-12-25T12:22:09.815020748Z 14 PC: 1ce91 | Set default drive (Drive = 'A')
2018-12-25T12:22:09.81711983Z 98 PC: 1d39f | Get current PSP
2018-12-25T12:22:09.81779749Z 26 PC: 1d3aa | Set disk transfer address
2018-12-25T12:22:09.833561052Z 74 PC: 12add | Reallocate memory
2018-12-25T12:22:09.835780458Z 48 PC: 12af9 | Get DOS version
2018-12-25T12:22:09.836866492Z 55 PC: 12b08 | Get or set switch character
2018-12-25T12:22:09.83790882Z 48 PC: 12b21 | Get DOS version
2018-12-25T12:22:09.840029298Z 56 PC: 1f6ab | Get or set country info
2018-12-25T12:22:09.841237285Z 102 PC: 1f6b7 | Get or set code page
2018-12-25T12:22:09.843067409Z 2 PC: 1f0d7 | Character output (Char = '41')
2018-12-25T12:22:09.845910794Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:09.847976837Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:09.849942036Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:09.852107349Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:09.854573126Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:09.85656086Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:09.858666214Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:09.861269644Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:09.863336565Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:09.865382337Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:09.868153245Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:09.870306538Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:09.872439537Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:09.874895887Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:09.877994425Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:09.880382947Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:09.883787947Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:09.885759759Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:09.887758292Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:09.89016561Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:09.892197132Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:09.894198021Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:09.896758307Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:09.898818759Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:09.900822114Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:09.903845483Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:09.905799116Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:09.907766917Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:09.910685502Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:09.912650524Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:09.914611073Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:09.917501361Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:09.919465886Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:09.921414749Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:09.92430398Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:09.927824156Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:09.93012943Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:09.935151964Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:09.937342897Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:09.939552104Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:09.942534475Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:09.944449605Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:09.946566439Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:09.949713572Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:09.952815293Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:09.954925244Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:09.95821832Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:09.960174065Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:09.96400165Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:09.966993763Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:09.96890745Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:09.970831691Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:09.973148824Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:09.975292631Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:09.977283398Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:09.979527167Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:09.981464894Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:09.983475708Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:09.985947649Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:09.988223509Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:09.990141101Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:09.99277585Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:09.99507342Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:09.997065964Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:10.000288892Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:10.002593783Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:10.004873954Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:10.008726696Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:10.010740523Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:10.012940932Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:10.015785293Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:10.018119619Z 2 PC: 1f0d0 | Character output (Char = '0d')
2018-12-25T12:22:10.020003101Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:10.024374037Z 2 PC: 1f0d0 | Character output (See above)
2018-12-25T12:22:10.026175383Z 2 PC: 1f0d7 | Character output (See above)
2018-12-25T12:22:10.029827909Z 13 PC: 1b649 | Disk reset
2018-12-25T12:22:10.032504297Z 25 PC: 1b61a | Get default drive
2018-12-25T12:22:10.03384506Z 37 PC: 1b4e9 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:22:10.035616958Z 53 PC: 1b45f | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:22:10.03657661Z 53 PC: 1b46c | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-25T12:22:10.037568978Z 37 PC: 1b47e | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-25T12:22:10.039078107Z 37 PC: 1b488 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:22:10.047337486Z 25 PC: 1b61a | Get default drive (See above)
2018-12-25T12:22:10.048155672Z 14 PC: 1b657 | Set default drive (Drive = 'A')
2018-12-25T12:22:10.049875276Z 14 PC: 1b657 | Set default drive (See above)
2018-12-25T12:22:10.054834966Z 25 PC: 1b61a | Get default drive (See above)
2018-12-25T12:22:10.055823274Z 41 PC: 1b63e | Parse filename
2018-12-25T12:22:10.058212008Z 96 PC: 1e852 | Qualify filename
2018-12-25T12:22:10.060829759Z 68 PC: 1b6a6 | I/O control for devices (Set for = 'W�')
2018-12-25T12:22:10.062626692Z 14 PC: 1b657 | Set default drive (See above)
2018-12-25T12:22:10.064558807Z 25 PC: 1b61a | Get default drive (See above)
2018-12-25T12:22:10.065711059Z 41 PC: 1b63e | Parse filename (See above)
2018-12-25T12:22:10.067567592Z 96 PC: 1e852 | Qualify filename (See above)
2018-12-25T12:22:10.070565023Z 68 PC: 1b6a6 | I/O control for devices (See above)
2018-12-25T12:22:10.072126239Z 14 PC: 1b657 | Set default drive (See above)
2018-12-25T12:22:10.073350844Z 25 PC: 1b61a | Get default drive (See above)
2018-12-25T12:22:10.074749883Z 41 PC: 1b63e | Parse filename (See above)
2018-12-25T12:22:10.076393955Z 14 PC: 1b657 | Set default drive (See above)
2018-12-25T12:22:10.077767733Z 25 PC: 1b61a | Get default drive (See above)
2018-12-25T12:22:10.079525435Z 41 PC: 1b63e | Parse filename (See above)
2018-12-25T12:22:10.081360262Z 14 PC: 1b657 | Set default drive (See above)
2018-12-25T12:22:10.232461902Z 12 PC: 1e7a8 | Flush input buffer and input
2018-12-25T12:22:10.236491497Z 7 PC: 1e789 | Direct console input without echo