Sample viewer

vx.netlux.org/Trojan.DOS.Matreshka

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:51:44.915426732Z 53 PC: 1364a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:51:44.917781959Z 53 PC: 1364a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:51:44.919333766Z 53 PC: 1364a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:51:44.920848406Z 53 PC: 1364a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:51:44.923398614Z 53 PC: 1364a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:51:44.924568752Z 53 PC: 1364a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:51:44.925734742Z 53 PC: 1364a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:51:44.927646362Z 53 PC: 1364a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:51:44.92913409Z 53 PC: 1364a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:51:44.930634345Z 53 PC: 1364a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:51:44.9320681Z 53 PC: 1364a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:51:44.933804946Z 53 PC: 1364a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:51:44.935182742Z 53 PC: 1364a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:51:44.936599306Z 53 PC: 1364a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:51:44.93842094Z 53 PC: 1364a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:51:44.93977982Z 53 PC: 1364a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:51:44.941143919Z 53 PC: 1364a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:51:44.943392338Z 53 PC: 1364a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:51:44.944531424Z 53 PC: 1364a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:51:44.945671477Z 37 PC: 1365f | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:51:44.959418366Z 37 PC: 13667 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:51:44.960555931Z 37 PC: 1366f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:51:44.961641977Z 37 PC: 13677 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:51:44.963860574Z 68 PC: 14333 | I/O control for devices (Set for = '���G t�[�����G t�]�� ')
2018-12-17T22:51:44.965770401Z 64 PC: 13a68 | Write file or device (Write 15 bytes on handle 1)
2018-12-17T22:51:44.970544225Z 26 PC: 134bd | Set disk transfer address
2018-12-17T22:51:44.980258838Z 78 PC: 134c9 | Find first file
2018-12-17T22:51:44.9866701Z 67 PC: 1341f | Get or set file attributes
2018-12-17T22:51:44.992972447Z 67 PC: 13446 | Get or set file attributes
2018-12-17T22:51:45.008535331Z 61 PC: 13d10 | Open file (Filename = 'TEST.EXE')
2018-12-17T22:51:45.016007348Z 87 PC: 13460 | Get or set file date and time
2018-12-17T22:51:45.017205697Z 48 PC: 13e5e | Get DOS version
2018-12-17T22:51:45.018790215Z 61 PC: 13d10 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:51:45.023111615Z 66 PC: 14432 | Move file pointer
2018-12-17T22:51:45.024251042Z 66 PC: 14440 | Move file pointer
2018-12-17T22:51:45.025388089Z 66 PC: 1444e | Move file pointer
2018-12-17T22:51:45.027255266Z 66 PC: 14432 | Move file pointer
2018-12-17T22:51:45.029195311Z 66 PC: 14440 | Move file pointer
2018-12-17T22:51:45.031025342Z 66 PC: 1444e | Move file pointer
2018-12-17T22:51:45.033385127Z 63 PC: 13de3 | Read file or device (Read 4282 bytes on handle 6)
2018-12-17T22:51:45.04265063Z 64 PC: 13de3 | Write file or device (Write 4282 bytes on handle 5)
2018-12-17T22:51:45.051420099Z 62 PC: 13d60 | Close file
2018-12-17T22:51:45.054401764Z 87 PC: 1348d | Get or set file date and time
2018-12-17T22:51:45.056249723Z 62 PC: 13d60 | Close file
2018-12-17T22:51:45.064092096Z 67 PC: 13446 | Get or set file attributes
2018-12-17T22:51:45.075446171Z 26 PC: 134e1 | Set disk transfer address
2018-12-17T22:51:45.076558101Z 79 PC: 134e6 | Find next file
2018-12-17T22:51:45.078962966Z 25 PC: 13eeb | Get default drive
2018-12-17T22:51:45.080616781Z 71 PC: 13efe | Get current directory
2018-12-17T22:51:45.084873855Z 14 PC: 13f44 | Set default drive (Drive = 'C')
2018-12-17T22:51:45.086005513Z 25 PC: 13f48 | Get default drive
2018-12-17T22:51:45.087971927Z 59 PC: 13fb2 | Change current directory
2018-12-17T22:51:45.093906029Z 26 PC: 134bd | Set disk transfer address
2018-12-17T22:51:45.095114702Z 78 PC: 134c9 | Find first file
2018-12-17T22:51:45.108161526Z 67 PC: 1341f | Get or set file attributes
2018-12-17T22:51:45.113948682Z 67 PC: 13446 | Get or set file attributes
2018-12-17T22:51:45.462902398Z 61 PC: 13d10 | Open file (Filename = 'ATTRIB.EXE')
2018-12-17T22:51:45.471469207Z 87 PC: 13460 | Get or set file date and time
2018-12-17T22:51:45.473272946Z 48 PC: 13e5e | Get DOS version
2018-12-17T22:51:45.475172546Z 61 PC: 13d10 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:51:45.483263588Z 66 PC: 14432 | Move file pointer
2018-12-17T22:51:45.485474125Z 66 PC: 14440 | Move file pointer
2018-12-17T22:51:45.487194964Z 66 PC: 1444e | Move file pointer
2018-12-17T22:51:45.489795177Z 66 PC: 14432 | Move file pointer
2018-12-17T22:51:45.491464953Z 66 PC: 14440 | Move file pointer
2018-12-17T22:51:45.49327166Z 66 PC: 1444e | Move file pointer
2018-12-17T22:51:45.495848372Z 63 PC: 13de3 | Read file or device (Read 4282 bytes on handle 6)
2018-12-17T22:51:45.503509896Z 64 PC: 13de3 | Write file or device (Write 4282 bytes on handle 5)
2018-12-17T22:51:45.511629498Z 62 PC: 13d60 | Close file
2018-12-17T22:51:45.514604821Z 87 PC: 1348d | Get or set file date and time
2018-12-17T22:51:45.51676777Z 62 PC: 13d60 | Close file
2018-12-17T22:51:45.523224961Z 67 PC: 13446 | Get or set file attributes
2018-12-17T22:51:45.532870666Z 26 PC: 134e1 | Set disk transfer address
2018-12-17T22:51:45.534868279Z 79 PC: 134e6 | Find next file
2018-12-17T22:51:45.538709216Z 67 PC: 1341f | Get or set file attributes
2018-12-17T22:51:45.545548637Z 67 PC: 13446 | Get or set file attributes
2018-12-17T22:51:45.555539802Z 61 PC: 13d10 | Open file (Filename = 'CHKDSK.EXE')
2018-12-17T22:51:45.562195649Z 87 PC: 13460 | Get or set file date and time
2018-12-17T22:51:45.563718404Z 48 PC: 13e5e | Get DOS version
2018-12-17T22:51:45.566258637Z 61 PC: 13d10 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:51:45.573320185Z 66 PC: 14432 | Move file pointer
2018-12-17T22:51:45.575120273Z 66 PC: 14440 | Move file pointer
2018-12-17T22:51:45.577396182Z 66 PC: 1444e | Move file pointer
2018-12-17T22:51:45.578972328Z 66 PC: 14432 | Move file pointer
2018-12-17T22:51:45.580424361Z 66 PC: 14440 | Move file pointer
2018-12-17T22:51:45.58252462Z 66 PC: 1444e | Move file pointer
2018-12-17T22:51:45.583943607Z 63 PC: 13de3 | Read file or device (Read 4282 bytes on handle 6)
2018-12-17T22:51:45.591688822Z 64 PC: 13de3 | Write file or device (Write 4282 bytes on handle 5)
2018-12-17T22:51:45.600106307Z 62 PC: 13d60 | Close file
2018-12-17T22:51:45.601947933Z 87 PC: 1348d | Get or set file date and time
2018-12-17T22:51:45.60383862Z 62 PC: 13d60 | Close file
2018-12-17T22:51:45.611355085Z 67 PC: 13446 | Get or set file attributes
2018-12-17T22:51:45.621345085Z 26 PC: 134e1 | Set disk transfer address
2018-12-17T22:51:45.622416708Z 79 PC: 134e6 | Find next file
2018-12-17T22:51:45.626715388Z 67 PC: 1341f | Get or set file attributes
2018-12-17T22:51:45.632798274Z 67 PC: 13446 | Get or set file attributes
2018-12-17T22:51:45.642429227Z 61 PC: 13d10 | Open file (Filename = 'DEBUG.EXE')
2018-12-17T22:51:45.650236588Z 87 PC: 13460 | Get or set file date and time
2018-12-17T22:51:45.652565816Z 48 PC: 13e5e | Get DOS version
2018-12-17T22:51:45.654035677Z 61 PC: 13d10 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:51:45.661468726Z 66 PC: 14432 | Move file pointer
2018-12-17T22:51:45.663708662Z 66 PC: 14440 | Move file pointer
2018-12-17T22:51:45.665468379Z 66 PC: 1444e | Move file pointer
2018-12-17T22:51:45.667977768Z 66 PC: 14432 | Move file pointer
2018-12-17T22:51:45.670051244Z 66 PC: 14440 | Move file pointer
2018-12-17T22:51:45.67140104Z 66 PC: 1444e | Move file pointer
2018-12-17T22:51:45.673268813Z 63 PC: 13de3 | Read file or device (Read 4282 bytes on handle 6)
2018-12-17T22:51:45.680641739Z 64 PC: 13de3 | Write file or device (Write 4282 bytes on handle 5)
2018-12-17T22:51:45.689179661Z 62 PC: 13d60 | Close file
2018-12-17T22:51:45.691217793Z 87 PC: 1348d | Get or set file date and time
2018-12-17T22:51:45.693012264Z 62 PC: 13d60 | Close file
2018-12-17T22:51:45.699330386Z 67 PC: 13446 | Get or set file attributes
2018-12-17T22:51:45.708687537Z 26 PC: 134e1 | Set disk transfer address
2018-12-17T22:51:45.71102598Z 79 PC: 134e6 | Find next file
2018-12-17T22:51:45.714800934Z 67 PC: 1341f | Get or set file attributes
2018-12-17T22:51:45.720845938Z 67 PC: 13446 | Get or set file attributes
2018-12-17T22:51:45.730780376Z 61 PC: 13d10 | Open file (Filename = 'EXPAND.EXE')
2018-12-17T22:51:45.737676337Z 87 PC: 13460 | Get or set file date and time
2018-12-17T22:51:45.739241803Z 48 PC: 13e5e | Get DOS version
2018-12-17T22:51:45.74213271Z 61 PC: 13d10 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:51:45.749808942Z 66 PC: 14432 | Move file pointer
2018-12-17T22:51:45.751534668Z 66 PC: 14440 | Move file pointer
2018-12-17T22:51:45.754046177Z 66 PC: 1444e | Move file pointer
2018-12-17T22:51:45.755867959Z 66 PC: 14432 | Move file pointer
2018-12-17T22:51:45.757555632Z 66 PC: 14440 | Move file pointer
2018-12-17T22:51:45.7600446Z 66 PC: 1444e | Move file pointer
2018-12-17T22:51:45.761622286Z 63 PC: 13de3 | Read file or device (Read 4282 bytes on handle 6)
2018-12-17T22:51:45.768978082Z 64 PC: 13de3 | Write file or device (Write 4282 bytes on handle 5)
2018-12-17T22:51:45.777458863Z 62 PC: 13d60 | Close file
2018-12-17T22:51:45.779444703Z 87 PC: 1348d | Get or set file date and time
2018-12-17T22:51:45.78109203Z 62 PC: 13d60 | Close file
2018-12-17T22:51:45.788094863Z 67 PC: 13446 | Get or set file attributes
2018-12-17T22:51:45.797255499Z 26 PC: 134e1 | Set disk transfer address
2018-12-17T22:51:45.798309882Z 79 PC: 134e6 | Find next file
2018-12-17T22:51:45.803258064Z 67 PC: 1341f | Get or set file attributes
2018-12-17T22:51:45.807062603Z 67 PC: 13446 | Get or set file attributes
2018-12-17T22:51:45.816638408Z 61 PC: 13d10 | Open file (Filename = 'FDISK.EXE')
2018-12-17T22:51:45.840718229Z 87 PC: 13460 | Get or set file date and time
2018-12-17T22:51:45.842959172Z 48 PC: 13e5e | Get DOS version
2018-12-17T22:51:45.844741215Z 61 PC: 13d10 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:51:45.853168805Z 66 PC: 14432 | Move file pointer
2018-12-17T22:51:45.854908701Z 66 PC: 14440 | Move file pointer
2018-12-17T22:51:45.856593313Z 66 PC: 1444e | Move file pointer
2018-12-17T22:51:45.859227273Z 66 PC: 14432 | Move file pointer
2018-12-17T22:51:45.861376842Z 66 PC: 14440 | Move file pointer
2018-12-17T22:51:45.863056679Z 66 PC: 1444e | Move file pointer
2018-12-17T22:51:45.865079236Z 63 PC: 13de3 | Read file or device (Read 4282 bytes on handle 6)
2018-12-17T22:51:45.873408369Z 64 PC: 13de3 | Write file or device (Write 4282 bytes on handle 5)
2018-12-17T22:51:45.880979331Z 62 PC: 13d60 | Close file
2018-12-17T22:51:45.883107453Z 87 PC: 1348d | Get or set file date and time
2018-12-17T22:51:45.886776531Z 62 PC: 13d60 | Close file
2018-12-17T22:51:45.893309236Z 67 PC: 13446 | Get or set file attributes
2018-12-17T22:51:45.902798696Z 26 PC: 134e1 | Set disk transfer address
2018-12-17T22:51:45.905278384Z 79 PC: 134e6 | Find next file
2018-12-17T22:51:45.909032526Z 67 PC: 1341f | Get or set file attributes
2018-12-17T22:51:45.91506118Z 67 PC: 13446 | Get or set file attributes
2018-12-17T22:51:45.938805108Z 61 PC: 13d10 | Open file (Filename = 'MEM.EXE')
2018-12-17T22:51:45.945763222Z 87 PC: 13460 | Get or set file date and time
2018-12-17T22:51:45.947528397Z 48 PC: 13e5e | Get DOS version
2018-12-17T22:51:45.951063346Z 61 PC: 13d10 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:51:45.958843083Z 66 PC: 14432 | Move file pointer
2018-12-17T22:51:45.96079162Z 66 PC: 14440 | Move file pointer
2018-12-17T22:51:45.963819288Z 66 PC: 1444e | Move file pointer
2018-12-17T22:51:45.965315953Z 66 PC: 14432 | Move file pointer
2018-12-17T22:51:45.966700674Z 66 PC: 14440 | Move file pointer
2018-12-17T22:51:45.968797304Z 66 PC: 1444e | Move file pointer
2018-12-17T22:51:45.971416343Z 63 PC: 13de3 | Read file or device (Read 4282 bytes on handle 6)
2018-12-17T22:51:45.979329336Z 64 PC: 13de3 | Write file or device (Write 4282 bytes on handle 5)
2018-12-17T22:51:45.988336192Z 62 PC: 13d60 | Close file
2018-12-17T22:51:45.990229813Z 87 PC: 1348d | Get or set file date and time
2018-12-17T22:51:45.993501533Z 62 PC: 13d60 | Close file
2018-12-17T22:51:46.000836284Z 67 PC: 13446 | Get or set file attributes
2018-12-17T22:51:46.012367076Z 26 PC: 134e1 | Set disk transfer address
2018-12-17T22:51:46.013413982Z 79 PC: 134e6 | Find next file
2018-12-17T22:51:46.020708716Z 67 PC: 1341f | Get or set file attributes
2018-12-17T22:51:46.027018994Z 67 PC: 13446 | Get or set file attributes
2018-12-17T22:51:46.036824316Z 61 PC: 13d10 | Open file (Filename = 'NLSFUNC.EXE')
2018-12-17T22:51:46.043896443Z 87 PC: 13460 | Get or set file date and time
2018-12-17T22:51:46.047342627Z 48 PC: 13e5e | Get DOS version
2018-12-17T22:51:46.049102871Z 61 PC: 13d10 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:51:46.056583937Z 66 PC: 14432 | Move file pointer
2018-12-17T22:51:46.059404824Z 66 PC: 14440 | Move file pointer
2018-12-17T22:51:46.061201829Z 66 PC: 1444e | Move file pointer
2018-12-17T22:51:46.063026603Z 66 PC: 14432 | Move file pointer
2018-12-17T22:51:46.065805112Z 66 PC: 14440 | Move file pointer
2018-12-17T22:51:46.067500565Z 66 PC: 1444e | Move file pointer
2018-12-17T22:51:46.069325472Z 63 PC: 13de3 | Read file or device (Read 4282 bytes on handle 6)
2018-12-17T22:51:46.07833693Z 64 PC: 13de3 | Write file or device (Write 4282 bytes on handle 5)
2018-12-17T22:51:46.095311027Z 62 PC: 13d60 | Close file
2018-12-17T22:51:46.097741035Z 87 PC: 1348d | Get or set file date and time
2018-12-17T22:51:46.099619729Z 62 PC: 13d60 | Close file
2018-12-17T22:51:46.109126009Z 67 PC: 13446 | Get or set file attributes
2018-12-17T22:51:46.119679538Z 26 PC: 134e1 | Set disk transfer address
2018-12-17T22:51:46.121169003Z 79 PC: 134e6 | Find next file
2018-12-17T22:51:46.125001535Z 67 PC: 1341f | Get or set file attributes
2018-12-17T22:51:46.132454457Z 67 PC: 13446 | Get or set file attributes
2018-12-17T22:51:46.143277061Z 61 PC: 13d10 | Open file (Filename = 'QBASIC.EXE')
2018-12-17T22:51:46.151073665Z 87 PC: 13460 | Get or set file date and time
2018-12-17T22:51:46.15376804Z 48 PC: 13e5e | Get DOS version
2018-12-17T22:51:46.15592909Z 61 PC: 13d10 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:51:46.163528901Z 66 PC: 14432 | Move file pointer
2018-12-17T22:51:46.16647856Z 66 PC: 14440 | Move file pointer
2018-12-17T22:51:46.168631144Z 66 PC: 1444e | Move file pointer
2018-12-17T22:51:46.170451053Z 66 PC: 14432 | Move file pointer
2018-12-17T22:51:46.172983302Z 66 PC: 14440 | Move file pointer
2018-12-17T22:51:46.175265166Z 66 PC: 1444e | Move file pointer
2018-12-17T22:51:46.177036407Z 62 PC: 13d60 | Close file
2018-12-17T22:51:46.180011205Z 87 PC: 1348d | Get or set file date and time
2018-12-17T22:51:46.182267254Z 62 PC: 13d60 | Close file
2018-12-17T22:51:46.188620677Z 67 PC: 13446 | Get or set file attributes
2018-12-17T22:51:46.199393637Z 26 PC: 134e1 | Set disk transfer address
2018-12-17T22:51:46.201236731Z 79 PC: 134e6 | Find next file
2018-12-17T22:51:46.204939507Z 67 PC: 1341f | Get or set file attributes
2018-12-17T22:51:46.212238964Z 67 PC: 13446 | Get or set file attributes
2018-12-17T22:51:46.223264481Z 61 PC: 13d10 | Open file (Filename = 'REPLACE.EXE')
2018-12-17T22:51:46.230199188Z 87 PC: 13460 | Get or set file date and time
2018-12-17T22:51:46.232882475Z 48 PC: 13e5e | Get DOS version
2018-12-17T22:51:46.234769146Z 61 PC: 13d10 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:51:46.241806509Z 66 PC: 14432 | Move file pointer
2018-12-17T22:51:46.24396021Z 66 PC: 14440 | Move file pointer
2018-12-17T22:51:46.245440021Z 66 PC: 1444e | Move file pointer
2018-12-17T22:51:46.246854695Z 66 PC: 14432 | Move file pointer
2018-12-17T22:51:46.249067855Z 66 PC: 14440 | Move file pointer
2018-12-17T22:51:46.250467756Z 66 PC: 1444e | Move file pointer
2018-12-17T22:51:46.251994841Z 63 PC: 13de3 | Read file or device (Read 4282 bytes on handle 6)
2018-12-17T22:51:46.259824164Z 64 PC: 13de3 | Write file or device (Write 4282 bytes on handle 5)
2018-12-17T22:51:46.268412043Z 62 PC: 13d60 | Close file
2018-12-17T22:51:46.27067362Z 87 PC: 1348d | Get or set file date and time
2018-12-17T22:51:46.273244444Z 62 PC: 13d60 | Close file
2018-12-17T22:51:46.279985916Z 67 PC: 13446 | Get or set file attributes
2018-12-17T22:51:46.289975442Z 26 PC: 134e1 | Set disk transfer address
2018-12-17T22:51:46.292800189Z 79 PC: 134e6 | Find next file
2018-12-17T22:51:46.297491826Z 67 PC: 1341f | Get or set file attributes
2018-12-17T22:51:46.303758467Z 67 PC: 13446 | Get or set file attributes
2018-12-17T22:51:46.31459161Z 61 PC: 13d10 | Open file (Filename = 'RESTORE.EXE')
2018-12-17T22:51:46.322009709Z 87 PC: 13460 | Get or set file date and time
2018-12-17T22:51:46.323777489Z 48 PC: 13e5e | Get DOS version
2018-12-17T22:51:46.326569657Z 61 PC: 13d10 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:51:46.333457496Z 66 PC: 14432 | Move file pointer
2018-12-17T22:51:46.335171136Z 66 PC: 14440 | Move file pointer
2018-12-17T22:51:46.337973615Z 66 PC: 1444e | Move file pointer
2018-12-17T22:51:46.339699247Z 66 PC: 14432 | Move file pointer
2018-12-17T22:51:46.341395622Z 66 PC: 14440 | Move file pointer
2018-12-17T22:51:46.344151232Z 66 PC: 1444e | Move file pointer
2018-12-17T22:51:46.345948854Z 63 PC: 13de3 | Read file or device (Read 4282 bytes on handle 6)
2018-12-17T22:51:46.353435496Z 64 PC: 13de3 | Write file or device (Write 4282 bytes on handle 5)
2018-12-17T22:51:46.362646384Z 62 PC: 13d60 | Close file
2018-12-17T22:51:46.36550193Z 87 PC: 1348d | Get or set file date and time
2018-12-17T22:51:46.367935616Z 62 PC: 13d60 | Close file
2018-12-17T22:51:46.375156538Z 67 PC: 13446 | Get or set file attributes
2018-12-17T22:51:46.384702251Z 26 PC: 134e1 | Set disk transfer address
2018-12-17T22:51:46.386115544Z 79 PC: 134e6 | Find next file
2018-12-17T22:51:46.390178408Z 67 PC: 1341f | Get or set file attributes
2018-12-17T22:51:46.396672912Z 67 PC: 13446 | Get or set file attributes
2018-12-17T22:51:46.406135123Z 61 PC: 13d10 | Open file (Filename = 'SCANDISK.EXE')
2018-12-17T22:51:46.413030977Z 87 PC: 13460 | Get or set file date and time
2018-12-17T22:51:46.414702701Z 48 PC: 13e5e | Get DOS version
2018-12-17T22:51:46.417411688Z 61 PC: 13d10 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:51:46.425587942Z 66 PC: 14432 | Move file pointer
2018-12-17T22:51:46.426980855Z 66 PC: 14440 | Move file pointer
2018-12-17T22:51:46.429119881Z 66 PC: 1444e | Move file pointer
2018-12-17T22:51:46.430587768Z 66 PC: 14432 | Move file pointer
2018-12-17T22:51:46.431923426Z 66 PC: 14440 | Move file pointer
2018-12-17T22:51:46.434016048Z 66 PC: 1444e | Move file pointer
2018-12-17T22:51:46.435776184Z 63 PC: 13de3 | Read file or device (Read 4282 bytes on handle 6)
2018-12-17T22:51:46.443415541Z 64 PC: 13de3 | Write file or device (Write 4282 bytes on handle 5)
2018-12-17T22:51:46.452158613Z 62 PC: 13d60 | Close file
2018-12-17T22:51:46.454031156Z 87 PC: 1348d | Get or set file date and time
2018-12-17T22:51:46.455558467Z 62 PC: 13d60 | Close file
2018-12-17T22:51:46.463087114Z 67 PC: 13446 | Get or set file attributes
2018-12-17T22:51:46.472567487Z 26 PC: 134e1 | Set disk transfer address
2018-12-17T22:51:46.47370962Z 79 PC: 134e6 | Find next file
2018-12-17T22:51:46.478748754Z 67 PC: 1341f | Get or set file attributes
2018-12-17T22:51:46.485023785Z 67 PC: 13446 | Get or set file attributes
2018-12-17T22:51:46.49464185Z 61 PC: 13d10 | Open file (Filename = 'SETUP.EXE')
2018-12-17T22:51:46.502448788Z 87 PC: 13460 | Get or set file date and time
2018-12-17T22:51:46.50417619Z 48 PC: 13e5e | Get DOS version
2018-12-17T22:51:46.506725008Z 61 PC: 13d10 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:51:46.515003701Z 66 PC: 14432 | Move file pointer
2018-12-17T22:51:46.516739367Z 66 PC: 14440 | Move file pointer
2018-12-17T22:51:46.518459342Z 66 PC: 1444e | Move file pointer
2018-12-17T22:51:46.521382113Z 66 PC: 14432 | Move file pointer
2018-12-17T22:51:46.523093636Z 66 PC: 14440 | Move file pointer
2018-12-17T22:51:46.524774231Z 66 PC: 1444e | Move file pointer
2018-12-17T22:51:46.527704217Z 63 PC: 13de3 | Read file or device (Read 4282 bytes on handle 6)
2018-12-17T22:51:46.535107Z 64 PC: 13de3 | Write file or device (Write 4282 bytes on handle 5)
2018-12-17T22:51:46.543084984Z 62 PC: 13d60 | Close file
2018-12-17T22:51:46.546496871Z 87 PC: 1348d | Get or set file date and time
2018-12-17T22:51:46.548358854Z 62 PC: 13d60 | Close file
2018-12-17T22:51:46.55485184Z 67 PC: 13446 | Get or set file attributes
2018-12-17T22:51:46.564979462Z 26 PC: 134e1 | Set disk transfer address
2018-12-17T22:51:46.565943381Z 79 PC: 134e6 | Find next file
2018-12-17T22:51:46.569388086Z 67 PC: 1341f | Get or set file attributes
2018-12-17T22:51:46.574795888Z 67 PC: 13446 | Get or set file attributes
2018-12-17T22:51:46.581294902Z 61 PC: 13d10 | Open file (Filename = 'XCOPY.EXE')
2018-12-17T22:51:46.585949027Z 87 PC: 13460 | Get or set file date and time
2018-12-17T22:51:46.588173632Z 48 PC: 13e5e | Get DOS version
2018-12-17T22:51:46.58959566Z 61 PC: 13d10 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:51:46.597259191Z 66 PC: 14432 | Move file pointer
2018-12-17T22:51:46.598719835Z 66 PC: 14440 | Move file pointer
2018-12-17T22:51:46.600146435Z 66 PC: 1444e | Move file pointer
2018-12-17T22:51:46.605393459Z 66 PC: 14432 | Move file pointer
2018-12-17T22:51:46.611626833Z 66 PC: 14440 | Move file pointer
2018-12-17T22:51:46.613185225Z 66 PC: 1444e | Move file pointer
2018-12-17T22:51:46.61586815Z 63 PC: 13de3 | Read file or device (Read 4282 bytes on handle 6)
2018-12-17T22:51:46.623573716Z 64 PC: 13de3 | Write file or device (Write 4282 bytes on handle 5)
2018-12-17T22:51:46.63261429Z 62 PC: 13d60 | Close file
2018-12-17T22:51:46.636493746Z 87 PC: 1348d | Get or set file date and time
2018-12-17T22:51:46.638900185Z 62 PC: 13d60 | Close file
2018-12-17T22:51:46.645518819Z 67 PC: 13446 | Get or set file attributes
2018-12-17T22:51:46.656183367Z 26 PC: 134e1 | Set disk transfer address
2018-12-17T22:51:46.658298675Z 79 PC: 134e6 | Find next file
2018-12-17T22:51:46.662082015Z 67 PC: 1341f | Get or set file attributes
2018-12-17T22:51:46.669021717Z 67 PC: 13446 | Get or set file attributes
2018-12-17T22:51:46.679219717Z 61 PC: 13d10 | Open file (Filename = 'DEFRAG.EXE')
2018-12-17T22:51:46.686683864Z 87 PC: 13460 | Get or set file date and time
2018-12-17T22:51:46.689423555Z 48 PC: 13e5e | Get DOS version
2018-12-17T22:51:46.691547778Z 61 PC: 13d10 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:51:46.699749681Z 66 PC: 14432 | Move file pointer
2018-12-17T22:51:46.701448882Z 66 PC: 14440 | Move file pointer
2018-12-17T22:51:46.702905524Z 66 PC: 1444e | Move file pointer
2018-12-17T22:51:46.705172673Z 66 PC: 14432 | Move file pointer
2018-12-17T22:51:46.70698394Z 66 PC: 14440 | Move file pointer
2018-12-17T22:51:46.70836608Z 66 PC: 1444e | Move file pointer
2018-12-17T22:51:46.710699427Z 63 PC: 13de3 | Read file or device (Read 4282 bytes on handle 6)
2018-12-17T22:51:46.718319059Z 64 PC: 13de3 | Write file or device (Write 4282 bytes on handle 5)
2018-12-17T22:51:46.727270648Z 62 PC: 13d60 | Close file
2018-12-17T22:51:46.73003508Z 87 PC: 1348d | Get or set file date and time
2018-12-17T22:51:46.731827071Z 62 PC: 13d60 | Close file
2018-12-17T22:51:46.738412791Z 67 PC: 13446 | Get or set file attributes
2018-12-17T22:51:46.748375749Z 26 PC: 134e1 | Set disk transfer address
2018-12-17T22:51:46.749811013Z 79 PC: 134e6 | Find next file
2018-12-17T22:51:46.757315946Z 67 PC: 1341f | Get or set file attributes
2018-12-17T22:51:46.76337595Z 67 PC: 13446 | Get or set file attributes
2018-12-17T22:51:46.77316295Z 61 PC: 13d10 | Open file (Filename = 'EMM386.EXE')
2018-12-17T22:51:46.781058566Z 87 PC: 13460 | Get or set file date and time
2018-12-17T22:51:46.78288196Z 48 PC: 13e5e | Get DOS version
2018-12-17T22:51:46.784699521Z 61 PC: 13d10 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:51:46.793674891Z 66 PC: 14432 | Move file pointer
2018-12-17T22:51:46.795122203Z 66 PC: 14440 | Move file pointer
2018-12-17T22:51:46.796493125Z 66 PC: 1444e | Move file pointer
2018-12-17T22:51:46.798827708Z 66 PC: 14432 | Move file pointer
2018-12-17T22:51:46.800616491Z 66 PC: 14440 | Move file pointer
2018-12-17T22:51:46.802457835Z 66 PC: 1444e | Move file pointer
2018-12-17T22:51:46.804822481Z 63 PC: 13de3 | Read file or device (Read 4282 bytes on handle 6)
2018-12-17T22:51:46.812328476Z 64 PC: 13de3 | Write file or device (Write 4282 bytes on handle 5)
2018-12-17T22:51:46.82128031Z 62 PC: 13d60 | Close file
2018-12-17T22:51:46.823622982Z 87 PC: 1348d | Get or set file date and time
2018-12-17T22:51:46.825570915Z 62 PC: 13d60 | Close file
2018-12-17T22:51:46.832980576Z 67 PC: 13446 | Get or set file attributes
2018-12-17T22:51:46.842828581Z 26 PC: 134e1 | Set disk transfer address
2018-12-17T22:51:46.844296764Z 79 PC: 134e6 | Find next file
2018-12-17T22:51:46.848800799Z 67 PC: 1341f | Get or set file attributes
2018-12-17T22:51:46.855921075Z 67 PC: 13446 | Get or set file attributes
2018-12-17T22:51:46.866128286Z 61 PC: 13d10 | Open file (Filename = 'MSCDEX.EXE')
2018-12-17T22:51:46.876158287Z 87 PC: 13460 | Get or set file date and time
2018-12-17T22:51:46.879034579Z 48 PC: 13e5e | Get DOS version
2018-12-17T22:51:46.880613877Z 61 PC: 13d10 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:51:46.887953507Z 66 PC: 14432 | Move file pointer
2018-12-17T22:51:46.889392206Z 66 PC: 14440 | Move file pointer
2018-12-17T22:51:46.890980507Z 66 PC: 1444e | Move file pointer
2018-12-17T22:51:46.892954338Z 66 PC: 14432 | Move file pointer
2018-12-17T22:51:46.894292889Z 66 PC: 14440 | Move file pointer
2018-12-17T22:51:46.896445696Z 66 PC: 1444e | Move file pointer
2018-12-17T22:51:46.898106562Z 63 PC: 13de3 | Read file or device (Read 4282 bytes on handle 6)
2018-12-17T22:51:46.905382477Z 64 PC: 13de3 | Write file or device (Write 4282 bytes on handle 5)
2018-12-17T22:51:46.913812314Z 62 PC: 13d60 | Close file
2018-12-17T22:51:46.915851241Z 87 PC: 1348d | Get or set file date and time
2018-12-17T22:51:46.917427236Z 62 PC: 13d60 | Close file
2018-12-17T22:51:46.951213322Z 67 PC: 13446 | Get or set file attributes
2018-12-17T22:51:46.960666726Z 26 PC: 134e1 | Set disk transfer address
2018-12-17T22:51:46.962095828Z 79 PC: 134e6 | Find next file
2018-12-17T22:51:46.965282341Z 14 PC: 13f44 | Set default drive (Drive = 'A')
2018-12-17T22:51:46.967474289Z 25 PC: 13f48 | Get default drive
2018-12-17T22:51:46.96893493Z 59 PC: 13fb2 | Change current directory
2018-12-17T22:51:46.974129674Z 64 PC: 13a68 | Write file or device (Write 20 bytes on handle 1)
2018-12-17T22:51:46.978987736Z 60 PC: 14317 | Create or truncate file
2018-12-17T22:51:46.99800763Z 68 PC: 14333 | I/O control for devices (Set for = '')
2018-12-17T22:51:47.002614459Z 64 PC: 13a43 | Write file or device (Write 128 bytes on handle 5)
2018-12-17T22:51:47.006694136Z 64 PC: 13a43 | Write file or device (Write 128 bytes on handle 5)
2018-12-17T22:51:47.010592563Z 64 PC: 13a43 | Write file or device (Write 128 bytes on handle 5)
2018-12-17T22:51:47.013669481Z 64 PC: 13a43 | Write file or device (Write 128 bytes on handle 5)
2018-12-17T22:51:47.016660302Z 64 PC: 13a43 | Write file or device (Write 128 bytes on handle 5)
2018-12-17T22:51:47.025648362Z 64 PC: 13a43 | Write file or device (Write 128 bytes on handle 5)
2018-12-17T22:51:47.028694209Z 64 PC: 13a43 | Write file or device (Write 128 bytes on handle 5)
2018-12-17T22:51:47.032123546Z 64 PC: 13a43 | Write file or device (Write 96 bytes on handle 5)
2018-12-17T22:51:47.03760786Z 62 PC: 13a82 | Close file
2018-12-17T22:51:47.051572871Z 64 PC: 13a68 | Write file or device (Write 14 bytes on handle 1)
2018-12-17T22:51:47.056164427Z 64 PC: 13a68 | Write file or device (Write 0 bytes on handle 1)
2018-12-17T22:51:47.058416383Z 37 PC: 137a1 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:51:47.059389799Z 37 PC: 137a1 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:51:47.060497045Z 37 PC: 137a1 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:51:47.061847303Z 37 PC: 137a1 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:51:47.062834649Z 37 PC: 137a1 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:51:47.06436781Z 37 PC: 137a1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:51:47.065367105Z 37 PC: 137a1 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:51:47.066425391Z 37 PC: 137a1 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:51:47.06866055Z 37 PC: 137a1 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:51:47.069765344Z 37 PC: 137a1 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:51:47.070836961Z 37 PC: 137a1 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:51:47.072323954Z 37 PC: 137a1 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:51:47.073345092Z 37 PC: 137a1 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:51:47.075269065Z 37 PC: 137a1 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:51:47.076452135Z 37 PC: 137a1 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:51:47.077453414Z 37 PC: 137a1 | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:51:47.07953348Z 37 PC: 137a1 | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:51:47.080993027Z 37 PC: 137a1 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:51:47.082728542Z 37 PC: 137a1 | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:51:47.08514623Z 76 PC: 137e0 | Terminate with return code (Return code = '0')