Sample viewer

vx.netlux.org/Trojan.DOS.Matreshka

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:51:44.915426732Z	53	PC: 1364a \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:51:44.917781959Z	53	PC: 1364a \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:51:44.919333766Z	53	PC: 1364a \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:51:44.920848406Z	53	PC: 1364a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:51:44.923398614Z	53	PC: 1364a \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:51:44.924568752Z	53	PC: 1364a \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:51:44.925734742Z	53	PC: 1364a \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:51:44.927646362Z	53	PC: 1364a \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:51:44.92913409Z	53	PC: 1364a \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:51:44.930634345Z	53	PC: 1364a \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:51:44.9320681Z	53	PC: 1364a \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:51:44.933804946Z	53	PC: 1364a \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:51:44.935182742Z	53	PC: 1364a \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:51:44.936599306Z	53	PC: 1364a \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:51:44.93842094Z	53	PC: 1364a \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:51:44.93977982Z	53	PC: 1364a \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:51:44.941143919Z	53	PC: 1364a \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:51:44.943392338Z	53	PC: 1364a \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:51:44.944531424Z	53	PC: 1364a \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:51:44.945671477Z	37	PC: 1365f \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:51:44.959418366Z	37	PC: 13667 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:51:44.960555931Z	37	PC: 1366f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:51:44.961641977Z	37	PC: 13677 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:51:44.963860574Z	68	PC: 14333 \| I/O control for devices (Set for = '��G t�[��G t�]�� ')
2018-12-17T22:51:44.965770401Z	64	PC: 13a68 \| Write file or device (Write 15 bytes on handle 1)
2018-12-17T22:51:44.970544225Z	26	PC: 134bd \| Set disk transfer address
2018-12-17T22:51:44.980258838Z	78	PC: 134c9 \| Find first file
2018-12-17T22:51:44.9866701Z	67	PC: 1341f \| Get or set file attributes
2018-12-17T22:51:44.992972447Z	67	PC: 13446 \| Get or set file attributes
2018-12-17T22:51:45.008535331Z	61	PC: 13d10 \| Open file (Filename = 'TEST.EXE')
2018-12-17T22:51:45.016007348Z	87	PC: 13460 \| Get or set file date and time
2018-12-17T22:51:45.017205697Z	48	PC: 13e5e \| Get DOS version
2018-12-17T22:51:45.018790215Z	61	PC: 13d10 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:51:45.023111615Z	66	PC: 14432 \| Move file pointer
2018-12-17T22:51:45.024251042Z	66	PC: 14440 \| Move file pointer
2018-12-17T22:51:45.025388089Z	66	PC: 1444e \| Move file pointer
2018-12-17T22:51:45.027255266Z	66	PC: 14432 \| Move file pointer
2018-12-17T22:51:45.029195311Z	66	PC: 14440 \| Move file pointer
2018-12-17T22:51:45.031025342Z	66	PC: 1444e \| Move file pointer
2018-12-17T22:51:45.033385127Z	63	PC: 13de3 \| Read file or device (Read 4282 bytes on handle 6)
2018-12-17T22:51:45.04265063Z	64	PC: 13de3 \| Write file or device (Write 4282 bytes on handle 5)
2018-12-17T22:51:45.051420099Z	62	PC: 13d60 \| Close file
2018-12-17T22:51:45.054401764Z	87	PC: 1348d \| Get or set file date and time
2018-12-17T22:51:45.056249723Z	62	PC: 13d60 \| Close file
2018-12-17T22:51:45.064092096Z	67	PC: 13446 \| Get or set file attributes
2018-12-17T22:51:45.075446171Z	26	PC: 134e1 \| Set disk transfer address
2018-12-17T22:51:45.076558101Z	79	PC: 134e6 \| Find next file
2018-12-17T22:51:45.078962966Z	25	PC: 13eeb \| Get default drive
2018-12-17T22:51:45.080616781Z	71	PC: 13efe \| Get current directory
2018-12-17T22:51:45.084873855Z	14	PC: 13f44 \| Set default drive (Drive = 'C')
2018-12-17T22:51:45.086005513Z	25	PC: 13f48 \| Get default drive
2018-12-17T22:51:45.087971927Z	59	PC: 13fb2 \| Change current directory
2018-12-17T22:51:45.093906029Z	26	PC: 134bd \| Set disk transfer address
2018-12-17T22:51:45.095114702Z	78	PC: 134c9 \| Find first file
2018-12-17T22:51:45.108161526Z	67	PC: 1341f \| Get or set file attributes
2018-12-17T22:51:45.113948682Z	67	PC: 13446 \| Get or set file attributes
2018-12-17T22:51:45.462902398Z	61	PC: 13d10 \| Open file (Filename = 'ATTRIB.EXE')
2018-12-17T22:51:45.471469207Z	87	PC: 13460 \| Get or set file date and time
2018-12-17T22:51:45.473272946Z	48	PC: 13e5e \| Get DOS version
2018-12-17T22:51:45.475172546Z	61	PC: 13d10 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:51:45.483263588Z	66	PC: 14432 \| Move file pointer
2018-12-17T22:51:45.485474125Z	66	PC: 14440 \| Move file pointer
2018-12-17T22:51:45.487194964Z	66	PC: 1444e \| Move file pointer
2018-12-17T22:51:45.489795177Z	66	PC: 14432 \| Move file pointer
2018-12-17T22:51:45.491464953Z	66	PC: 14440 \| Move file pointer
2018-12-17T22:51:45.49327166Z	66	PC: 1444e \| Move file pointer
2018-12-17T22:51:45.495848372Z	63	PC: 13de3 \| Read file or device (Read 4282 bytes on handle 6)
2018-12-17T22:51:45.503509896Z	64	PC: 13de3 \| Write file or device (Write 4282 bytes on handle 5)
2018-12-17T22:51:45.511629498Z	62	PC: 13d60 \| Close file
2018-12-17T22:51:45.514604821Z	87	PC: 1348d \| Get or set file date and time
2018-12-17T22:51:45.51676777Z	62	PC: 13d60 \| Close file
2018-12-17T22:51:45.523224961Z	67	PC: 13446 \| Get or set file attributes
2018-12-17T22:51:45.532870666Z	26	PC: 134e1 \| Set disk transfer address
2018-12-17T22:51:45.534868279Z	79	PC: 134e6 \| Find next file
2018-12-17T22:51:45.538709216Z	67	PC: 1341f \| Get or set file attributes
2018-12-17T22:51:45.545548637Z	67	PC: 13446 \| Get or set file attributes
2018-12-17T22:51:45.555539802Z	61	PC: 13d10 \| Open file (Filename = 'CHKDSK.EXE')
2018-12-17T22:51:45.562195649Z	87	PC: 13460 \| Get or set file date and time
2018-12-17T22:51:45.563718404Z	48	PC: 13e5e \| Get DOS version
2018-12-17T22:51:45.566258637Z	61	PC: 13d10 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:51:45.573320185Z	66	PC: 14432 \| Move file pointer
2018-12-17T22:51:45.575120273Z	66	PC: 14440 \| Move file pointer
2018-12-17T22:51:45.577396182Z	66	PC: 1444e \| Move file pointer
2018-12-17T22:51:45.578972328Z	66	PC: 14432 \| Move file pointer
2018-12-17T22:51:45.580424361Z	66	PC: 14440 \| Move file pointer
2018-12-17T22:51:45.58252462Z	66	PC: 1444e \| Move file pointer
2018-12-17T22:51:45.583943607Z	63	PC: 13de3 \| Read file or device (Read 4282 bytes on handle 6)
2018-12-17T22:51:45.591688822Z	64	PC: 13de3 \| Write file or device (Write 4282 bytes on handle 5)
2018-12-17T22:51:45.600106307Z	62	PC: 13d60 \| Close file
2018-12-17T22:51:45.601947933Z	87	PC: 1348d \| Get or set file date and time
2018-12-17T22:51:45.60383862Z	62	PC: 13d60 \| Close file
2018-12-17T22:51:45.611355085Z	67	PC: 13446 \| Get or set file attributes
2018-12-17T22:51:45.621345085Z	26	PC: 134e1 \| Set disk transfer address
2018-12-17T22:51:45.622416708Z	79	PC: 134e6 \| Find next file
2018-12-17T22:51:45.626715388Z	67	PC: 1341f \| Get or set file attributes
2018-12-17T22:51:45.632798274Z	67	PC: 13446 \| Get or set file attributes
2018-12-17T22:51:45.642429227Z	61	PC: 13d10 \| Open file (Filename = 'DEBUG.EXE')
2018-12-17T22:51:45.650236588Z	87	PC: 13460 \| Get or set file date and time
2018-12-17T22:51:45.652565816Z	48	PC: 13e5e \| Get DOS version
2018-12-17T22:51:45.654035677Z	61	PC: 13d10 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:51:45.661468726Z	66	PC: 14432 \| Move file pointer
2018-12-17T22:51:45.663708662Z	66	PC: 14440 \| Move file pointer
2018-12-17T22:51:45.665468379Z	66	PC: 1444e \| Move file pointer
2018-12-17T22:51:45.667977768Z	66	PC: 14432 \| Move file pointer
2018-12-17T22:51:45.670051244Z	66	PC: 14440 \| Move file pointer
2018-12-17T22:51:45.67140104Z	66	PC: 1444e \| Move file pointer
2018-12-17T22:51:45.673268813Z	63	PC: 13de3 \| Read file or device (Read 4282 bytes on handle 6)
2018-12-17T22:51:45.680641739Z	64	PC: 13de3 \| Write file or device (Write 4282 bytes on handle 5)
2018-12-17T22:51:45.689179661Z	62	PC: 13d60 \| Close file
2018-12-17T22:51:45.691217793Z	87	PC: 1348d \| Get or set file date and time
2018-12-17T22:51:45.693012264Z	62	PC: 13d60 \| Close file
2018-12-17T22:51:45.699330386Z	67	PC: 13446 \| Get or set file attributes
2018-12-17T22:51:45.708687537Z	26	PC: 134e1 \| Set disk transfer address
2018-12-17T22:51:45.71102598Z	79	PC: 134e6 \| Find next file
2018-12-17T22:51:45.714800934Z	67	PC: 1341f \| Get or set file attributes
2018-12-17T22:51:45.720845938Z	67	PC: 13446 \| Get or set file attributes
2018-12-17T22:51:45.730780376Z	61	PC: 13d10 \| Open file (Filename = 'EXPAND.EXE')
2018-12-17T22:51:45.737676337Z	87	PC: 13460 \| Get or set file date and time
2018-12-17T22:51:45.739241803Z	48	PC: 13e5e \| Get DOS version
2018-12-17T22:51:45.74213271Z	61	PC: 13d10 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:51:45.749808942Z	66	PC: 14432 \| Move file pointer
2018-12-17T22:51:45.751534668Z	66	PC: 14440 \| Move file pointer
2018-12-17T22:51:45.754046177Z	66	PC: 1444e \| Move file pointer
2018-12-17T22:51:45.755867959Z	66	PC: 14432 \| Move file pointer
2018-12-17T22:51:45.757555632Z	66	PC: 14440 \| Move file pointer
2018-12-17T22:51:45.7600446Z	66	PC: 1444e \| Move file pointer
2018-12-17T22:51:45.761622286Z	63	PC: 13de3 \| Read file or device (Read 4282 bytes on handle 6)
2018-12-17T22:51:45.768978082Z	64	PC: 13de3 \| Write file or device (Write 4282 bytes on handle 5)
2018-12-17T22:51:45.777458863Z	62	PC: 13d60 \| Close file
2018-12-17T22:51:45.779444703Z	87	PC: 1348d \| Get or set file date and time
2018-12-17T22:51:45.78109203Z	62	PC: 13d60 \| Close file
2018-12-17T22:51:45.788094863Z	67	PC: 13446 \| Get or set file attributes
2018-12-17T22:51:45.797255499Z	26	PC: 134e1 \| Set disk transfer address
2018-12-17T22:51:45.798309882Z	79	PC: 134e6 \| Find next file
2018-12-17T22:51:45.803258064Z	67	PC: 1341f \| Get or set file attributes
2018-12-17T22:51:45.807062603Z	67	PC: 13446 \| Get or set file attributes
2018-12-17T22:51:45.816638408Z	61	PC: 13d10 \| Open file (Filename = 'FDISK.EXE')
2018-12-17T22:51:45.840718229Z	87	PC: 13460 \| Get or set file date and time
2018-12-17T22:51:45.842959172Z	48	PC: 13e5e \| Get DOS version
2018-12-17T22:51:45.844741215Z	61	PC: 13d10 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:51:45.853168805Z	66	PC: 14432 \| Move file pointer
2018-12-17T22:51:45.854908701Z	66	PC: 14440 \| Move file pointer
2018-12-17T22:51:45.856593313Z	66	PC: 1444e \| Move file pointer
2018-12-17T22:51:45.859227273Z	66	PC: 14432 \| Move file pointer
2018-12-17T22:51:45.861376842Z	66	PC: 14440 \| Move file pointer
2018-12-17T22:51:45.863056679Z	66	PC: 1444e \| Move file pointer
2018-12-17T22:51:45.865079236Z	63	PC: 13de3 \| Read file or device (Read 4282 bytes on handle 6)
2018-12-17T22:51:45.873408369Z	64	PC: 13de3 \| Write file or device (Write 4282 bytes on handle 5)
2018-12-17T22:51:45.880979331Z	62	PC: 13d60 \| Close file
2018-12-17T22:51:45.883107453Z	87	PC: 1348d \| Get or set file date and time
2018-12-17T22:51:45.886776531Z	62	PC: 13d60 \| Close file
2018-12-17T22:51:45.893309236Z	67	PC: 13446 \| Get or set file attributes
2018-12-17T22:51:45.902798696Z	26	PC: 134e1 \| Set disk transfer address
2018-12-17T22:51:45.905278384Z	79	PC: 134e6 \| Find next file
2018-12-17T22:51:45.909032526Z	67	PC: 1341f \| Get or set file attributes
2018-12-17T22:51:45.91506118Z	67	PC: 13446 \| Get or set file attributes
2018-12-17T22:51:45.938805108Z	61	PC: 13d10 \| Open file (Filename = 'MEM.EXE')
2018-12-17T22:51:45.945763222Z	87	PC: 13460 \| Get or set file date and time
2018-12-17T22:51:45.947528397Z	48	PC: 13e5e \| Get DOS version
2018-12-17T22:51:45.951063346Z	61	PC: 13d10 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:51:45.958843083Z	66	PC: 14432 \| Move file pointer
2018-12-17T22:51:45.96079162Z	66	PC: 14440 \| Move file pointer
2018-12-17T22:51:45.963819288Z	66	PC: 1444e \| Move file pointer
2018-12-17T22:51:45.965315953Z	66	PC: 14432 \| Move file pointer
2018-12-17T22:51:45.966700674Z	66	PC: 14440 \| Move file pointer
2018-12-17T22:51:45.968797304Z	66	PC: 1444e \| Move file pointer
2018-12-17T22:51:45.971416343Z	63	PC: 13de3 \| Read file or device (Read 4282 bytes on handle 6)
2018-12-17T22:51:45.979329336Z	64	PC: 13de3 \| Write file or device (Write 4282 bytes on handle 5)
2018-12-17T22:51:45.988336192Z	62	PC: 13d60 \| Close file
2018-12-17T22:51:45.990229813Z	87	PC: 1348d \| Get or set file date and time
2018-12-17T22:51:45.993501533Z	62	PC: 13d60 \| Close file
2018-12-17T22:51:46.000836284Z	67	PC: 13446 \| Get or set file attributes
2018-12-17T22:51:46.012367076Z	26	PC: 134e1 \| Set disk transfer address
2018-12-17T22:51:46.013413982Z	79	PC: 134e6 \| Find next file
2018-12-17T22:51:46.020708716Z	67	PC: 1341f \| Get or set file attributes
2018-12-17T22:51:46.027018994Z	67	PC: 13446 \| Get or set file attributes
2018-12-17T22:51:46.036824316Z	61	PC: 13d10 \| Open file (Filename = 'NLSFUNC.EXE')
2018-12-17T22:51:46.043896443Z	87	PC: 13460 \| Get or set file date and time
2018-12-17T22:51:46.047342627Z	48	PC: 13e5e \| Get DOS version
2018-12-17T22:51:46.049102871Z	61	PC: 13d10 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:51:46.056583937Z	66	PC: 14432 \| Move file pointer
2018-12-17T22:51:46.059404824Z	66	PC: 14440 \| Move file pointer
2018-12-17T22:51:46.061201829Z	66	PC: 1444e \| Move file pointer
2018-12-17T22:51:46.063026603Z	66	PC: 14432 \| Move file pointer
2018-12-17T22:51:46.065805112Z	66	PC: 14440 \| Move file pointer
2018-12-17T22:51:46.067500565Z	66	PC: 1444e \| Move file pointer
2018-12-17T22:51:46.069325472Z	63	PC: 13de3 \| Read file or device (Read 4282 bytes on handle 6)
2018-12-17T22:51:46.07833693Z	64	PC: 13de3 \| Write file or device (Write 4282 bytes on handle 5)
2018-12-17T22:51:46.095311027Z	62	PC: 13d60 \| Close file
2018-12-17T22:51:46.097741035Z	87	PC: 1348d \| Get or set file date and time
2018-12-17T22:51:46.099619729Z	62	PC: 13d60 \| Close file
2018-12-17T22:51:46.109126009Z	67	PC: 13446 \| Get or set file attributes
2018-12-17T22:51:46.119679538Z	26	PC: 134e1 \| Set disk transfer address
2018-12-17T22:51:46.121169003Z	79	PC: 134e6 \| Find next file
2018-12-17T22:51:46.125001535Z	67	PC: 1341f \| Get or set file attributes
2018-12-17T22:51:46.132454457Z	67	PC: 13446 \| Get or set file attributes
2018-12-17T22:51:46.143277061Z	61	PC: 13d10 \| Open file (Filename = 'QBASIC.EXE')
2018-12-17T22:51:46.151073665Z	87	PC: 13460 \| Get or set file date and time
2018-12-17T22:51:46.15376804Z	48	PC: 13e5e \| Get DOS version
2018-12-17T22:51:46.15592909Z	61	PC: 13d10 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:51:46.163528901Z	66	PC: 14432 \| Move file pointer
2018-12-17T22:51:46.16647856Z	66	PC: 14440 \| Move file pointer
2018-12-17T22:51:46.168631144Z	66	PC: 1444e \| Move file pointer
2018-12-17T22:51:46.170451053Z	66	PC: 14432 \| Move file pointer
2018-12-17T22:51:46.172983302Z	66	PC: 14440 \| Move file pointer
2018-12-17T22:51:46.175265166Z	66	PC: 1444e \| Move file pointer
2018-12-17T22:51:46.177036407Z	62	PC: 13d60 \| Close file
2018-12-17T22:51:46.180011205Z	87	PC: 1348d \| Get or set file date and time
2018-12-17T22:51:46.182267254Z	62	PC: 13d60 \| Close file
2018-12-17T22:51:46.188620677Z	67	PC: 13446 \| Get or set file attributes
2018-12-17T22:51:46.199393637Z	26	PC: 134e1 \| Set disk transfer address
2018-12-17T22:51:46.201236731Z	79	PC: 134e6 \| Find next file
2018-12-17T22:51:46.204939507Z	67	PC: 1341f \| Get or set file attributes
2018-12-17T22:51:46.212238964Z	67	PC: 13446 \| Get or set file attributes
2018-12-17T22:51:46.223264481Z	61	PC: 13d10 \| Open file (Filename = 'REPLACE.EXE')
2018-12-17T22:51:46.230199188Z	87	PC: 13460 \| Get or set file date and time
2018-12-17T22:51:46.232882475Z	48	PC: 13e5e \| Get DOS version
2018-12-17T22:51:46.234769146Z	61	PC: 13d10 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:51:46.241806509Z	66	PC: 14432 \| Move file pointer
2018-12-17T22:51:46.24396021Z	66	PC: 14440 \| Move file pointer
2018-12-17T22:51:46.245440021Z	66	PC: 1444e \| Move file pointer
2018-12-17T22:51:46.246854695Z	66	PC: 14432 \| Move file pointer
2018-12-17T22:51:46.249067855Z	66	PC: 14440 \| Move file pointer
2018-12-17T22:51:46.250467756Z	66	PC: 1444e \| Move file pointer
2018-12-17T22:51:46.251994841Z	63	PC: 13de3 \| Read file or device (Read 4282 bytes on handle 6)
2018-12-17T22:51:46.259824164Z	64	PC: 13de3 \| Write file or device (Write 4282 bytes on handle 5)
2018-12-17T22:51:46.268412043Z	62	PC: 13d60 \| Close file
2018-12-17T22:51:46.27067362Z	87	PC: 1348d \| Get or set file date and time
2018-12-17T22:51:46.273244444Z	62	PC: 13d60 \| Close file
2018-12-17T22:51:46.279985916Z	67	PC: 13446 \| Get or set file attributes
2018-12-17T22:51:46.289975442Z	26	PC: 134e1 \| Set disk transfer address
2018-12-17T22:51:46.292800189Z	79	PC: 134e6 \| Find next file
2018-12-17T22:51:46.297491826Z	67	PC: 1341f \| Get or set file attributes
2018-12-17T22:51:46.303758467Z	67	PC: 13446 \| Get or set file attributes
2018-12-17T22:51:46.31459161Z	61	PC: 13d10 \| Open file (Filename = 'RESTORE.EXE')
2018-12-17T22:51:46.322009709Z	87	PC: 13460 \| Get or set file date and time
2018-12-17T22:51:46.323777489Z	48	PC: 13e5e \| Get DOS version
2018-12-17T22:51:46.326569657Z	61	PC: 13d10 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:51:46.333457496Z	66	PC: 14432 \| Move file pointer
2018-12-17T22:51:46.335171136Z	66	PC: 14440 \| Move file pointer
2018-12-17T22:51:46.337973615Z	66	PC: 1444e \| Move file pointer
2018-12-17T22:51:46.339699247Z	66	PC: 14432 \| Move file pointer
2018-12-17T22:51:46.341395622Z	66	PC: 14440 \| Move file pointer
2018-12-17T22:51:46.344151232Z	66	PC: 1444e \| Move file pointer
2018-12-17T22:51:46.345948854Z	63	PC: 13de3 \| Read file or device (Read 4282 bytes on handle 6)
2018-12-17T22:51:46.353435496Z	64	PC: 13de3 \| Write file or device (Write 4282 bytes on handle 5)
2018-12-17T22:51:46.362646384Z	62	PC: 13d60 \| Close file
2018-12-17T22:51:46.36550193Z	87	PC: 1348d \| Get or set file date and time
2018-12-17T22:51:46.367935616Z	62	PC: 13d60 \| Close file
2018-12-17T22:51:46.375156538Z	67	PC: 13446 \| Get or set file attributes
2018-12-17T22:51:46.384702251Z	26	PC: 134e1 \| Set disk transfer address
2018-12-17T22:51:46.386115544Z	79	PC: 134e6 \| Find next file
2018-12-17T22:51:46.390178408Z	67	PC: 1341f \| Get or set file attributes
2018-12-17T22:51:46.396672912Z	67	PC: 13446 \| Get or set file attributes
2018-12-17T22:51:46.406135123Z	61	PC: 13d10 \| Open file (Filename = 'SCANDISK.EXE')
2018-12-17T22:51:46.413030977Z	87	PC: 13460 \| Get or set file date and time
2018-12-17T22:51:46.414702701Z	48	PC: 13e5e \| Get DOS version
2018-12-17T22:51:46.417411688Z	61	PC: 13d10 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:51:46.425587942Z	66	PC: 14432 \| Move file pointer
2018-12-17T22:51:46.426980855Z	66	PC: 14440 \| Move file pointer
2018-12-17T22:51:46.429119881Z	66	PC: 1444e \| Move file pointer
2018-12-17T22:51:46.430587768Z	66	PC: 14432 \| Move file pointer
2018-12-17T22:51:46.431923426Z	66	PC: 14440 \| Move file pointer
2018-12-17T22:51:46.434016048Z	66	PC: 1444e \| Move file pointer
2018-12-17T22:51:46.435776184Z	63	PC: 13de3 \| Read file or device (Read 4282 bytes on handle 6)
2018-12-17T22:51:46.443415541Z	64	PC: 13de3 \| Write file or device (Write 4282 bytes on handle 5)
2018-12-17T22:51:46.452158613Z	62	PC: 13d60 \| Close file
2018-12-17T22:51:46.454031156Z	87	PC: 1348d \| Get or set file date and time
2018-12-17T22:51:46.455558467Z	62	PC: 13d60 \| Close file
2018-12-17T22:51:46.463087114Z	67	PC: 13446 \| Get or set file attributes
2018-12-17T22:51:46.472567487Z	26	PC: 134e1 \| Set disk transfer address
2018-12-17T22:51:46.47370962Z	79	PC: 134e6 \| Find next file
2018-12-17T22:51:46.478748754Z	67	PC: 1341f \| Get or set file attributes
2018-12-17T22:51:46.485023785Z	67	PC: 13446 \| Get or set file attributes
2018-12-17T22:51:46.49464185Z	61	PC: 13d10 \| Open file (Filename = 'SETUP.EXE')
2018-12-17T22:51:46.502448788Z	87	PC: 13460 \| Get or set file date and time
2018-12-17T22:51:46.50417619Z	48	PC: 13e5e \| Get DOS version
2018-12-17T22:51:46.506725008Z	61	PC: 13d10 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:51:46.515003701Z	66	PC: 14432 \| Move file pointer
2018-12-17T22:51:46.516739367Z	66	PC: 14440 \| Move file pointer
2018-12-17T22:51:46.518459342Z	66	PC: 1444e \| Move file pointer
2018-12-17T22:51:46.521382113Z	66	PC: 14432 \| Move file pointer
2018-12-17T22:51:46.523093636Z	66	PC: 14440 \| Move file pointer
2018-12-17T22:51:46.524774231Z	66	PC: 1444e \| Move file pointer
2018-12-17T22:51:46.527704217Z	63	PC: 13de3 \| Read file or device (Read 4282 bytes on handle 6)
2018-12-17T22:51:46.535107Z	64	PC: 13de3 \| Write file or device (Write 4282 bytes on handle 5)
2018-12-17T22:51:46.543084984Z	62	PC: 13d60 \| Close file
2018-12-17T22:51:46.546496871Z	87	PC: 1348d \| Get or set file date and time
2018-12-17T22:51:46.548358854Z	62	PC: 13d60 \| Close file
2018-12-17T22:51:46.55485184Z	67	PC: 13446 \| Get or set file attributes
2018-12-17T22:51:46.564979462Z	26	PC: 134e1 \| Set disk transfer address
2018-12-17T22:51:46.565943381Z	79	PC: 134e6 \| Find next file
2018-12-17T22:51:46.569388086Z	67	PC: 1341f \| Get or set file attributes
2018-12-17T22:51:46.574795888Z	67	PC: 13446 \| Get or set file attributes
2018-12-17T22:51:46.581294902Z	61	PC: 13d10 \| Open file (Filename = 'XCOPY.EXE')
2018-12-17T22:51:46.585949027Z	87	PC: 13460 \| Get or set file date and time
2018-12-17T22:51:46.588173632Z	48	PC: 13e5e \| Get DOS version
2018-12-17T22:51:46.58959566Z	61	PC: 13d10 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:51:46.597259191Z	66	PC: 14432 \| Move file pointer
2018-12-17T22:51:46.598719835Z	66	PC: 14440 \| Move file pointer
2018-12-17T22:51:46.600146435Z	66	PC: 1444e \| Move file pointer
2018-12-17T22:51:46.605393459Z	66	PC: 14432 \| Move file pointer
2018-12-17T22:51:46.611626833Z	66	PC: 14440 \| Move file pointer
2018-12-17T22:51:46.613185225Z	66	PC: 1444e \| Move file pointer
2018-12-17T22:51:46.61586815Z	63	PC: 13de3 \| Read file or device (Read 4282 bytes on handle 6)
2018-12-17T22:51:46.623573716Z	64	PC: 13de3 \| Write file or device (Write 4282 bytes on handle 5)
2018-12-17T22:51:46.63261429Z	62	PC: 13d60 \| Close file
2018-12-17T22:51:46.636493746Z	87	PC: 1348d \| Get or set file date and time
2018-12-17T22:51:46.638900185Z	62	PC: 13d60 \| Close file
2018-12-17T22:51:46.645518819Z	67	PC: 13446 \| Get or set file attributes
2018-12-17T22:51:46.656183367Z	26	PC: 134e1 \| Set disk transfer address
2018-12-17T22:51:46.658298675Z	79	PC: 134e6 \| Find next file
2018-12-17T22:51:46.662082015Z	67	PC: 1341f \| Get or set file attributes
2018-12-17T22:51:46.669021717Z	67	PC: 13446 \| Get or set file attributes
2018-12-17T22:51:46.679219717Z	61	PC: 13d10 \| Open file (Filename = 'DEFRAG.EXE')
2018-12-17T22:51:46.686683864Z	87	PC: 13460 \| Get or set file date and time
2018-12-17T22:51:46.689423555Z	48	PC: 13e5e \| Get DOS version
2018-12-17T22:51:46.691547778Z	61	PC: 13d10 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:51:46.699749681Z	66	PC: 14432 \| Move file pointer
2018-12-17T22:51:46.701448882Z	66	PC: 14440 \| Move file pointer
2018-12-17T22:51:46.702905524Z	66	PC: 1444e \| Move file pointer
2018-12-17T22:51:46.705172673Z	66	PC: 14432 \| Move file pointer
2018-12-17T22:51:46.70698394Z	66	PC: 14440 \| Move file pointer
2018-12-17T22:51:46.70836608Z	66	PC: 1444e \| Move file pointer
2018-12-17T22:51:46.710699427Z	63	PC: 13de3 \| Read file or device (Read 4282 bytes on handle 6)
2018-12-17T22:51:46.718319059Z	64	PC: 13de3 \| Write file or device (Write 4282 bytes on handle 5)
2018-12-17T22:51:46.727270648Z	62	PC: 13d60 \| Close file
2018-12-17T22:51:46.73003508Z	87	PC: 1348d \| Get or set file date and time
2018-12-17T22:51:46.731827071Z	62	PC: 13d60 \| Close file
2018-12-17T22:51:46.738412791Z	67	PC: 13446 \| Get or set file attributes
2018-12-17T22:51:46.748375749Z	26	PC: 134e1 \| Set disk transfer address
2018-12-17T22:51:46.749811013Z	79	PC: 134e6 \| Find next file
2018-12-17T22:51:46.757315946Z	67	PC: 1341f \| Get or set file attributes
2018-12-17T22:51:46.76337595Z	67	PC: 13446 \| Get or set file attributes
2018-12-17T22:51:46.77316295Z	61	PC: 13d10 \| Open file (Filename = 'EMM386.EXE')
2018-12-17T22:51:46.781058566Z	87	PC: 13460 \| Get or set file date and time
2018-12-17T22:51:46.78288196Z	48	PC: 13e5e \| Get DOS version
2018-12-17T22:51:46.784699521Z	61	PC: 13d10 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:51:46.793674891Z	66	PC: 14432 \| Move file pointer
2018-12-17T22:51:46.795122203Z	66	PC: 14440 \| Move file pointer
2018-12-17T22:51:46.796493125Z	66	PC: 1444e \| Move file pointer
2018-12-17T22:51:46.798827708Z	66	PC: 14432 \| Move file pointer
2018-12-17T22:51:46.800616491Z	66	PC: 14440 \| Move file pointer
2018-12-17T22:51:46.802457835Z	66	PC: 1444e \| Move file pointer
2018-12-17T22:51:46.804822481Z	63	PC: 13de3 \| Read file or device (Read 4282 bytes on handle 6)
2018-12-17T22:51:46.812328476Z	64	PC: 13de3 \| Write file or device (Write 4282 bytes on handle 5)
2018-12-17T22:51:46.82128031Z	62	PC: 13d60 \| Close file
2018-12-17T22:51:46.823622982Z	87	PC: 1348d \| Get or set file date and time
2018-12-17T22:51:46.825570915Z	62	PC: 13d60 \| Close file
2018-12-17T22:51:46.832980576Z	67	PC: 13446 \| Get or set file attributes
2018-12-17T22:51:46.842828581Z	26	PC: 134e1 \| Set disk transfer address
2018-12-17T22:51:46.844296764Z	79	PC: 134e6 \| Find next file
2018-12-17T22:51:46.848800799Z	67	PC: 1341f \| Get or set file attributes
2018-12-17T22:51:46.855921075Z	67	PC: 13446 \| Get or set file attributes
2018-12-17T22:51:46.866128286Z	61	PC: 13d10 \| Open file (Filename = 'MSCDEX.EXE')
2018-12-17T22:51:46.876158287Z	87	PC: 13460 \| Get or set file date and time
2018-12-17T22:51:46.879034579Z	48	PC: 13e5e \| Get DOS version
2018-12-17T22:51:46.880613877Z	61	PC: 13d10 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:51:46.887953507Z	66	PC: 14432 \| Move file pointer
2018-12-17T22:51:46.889392206Z	66	PC: 14440 \| Move file pointer
2018-12-17T22:51:46.890980507Z	66	PC: 1444e \| Move file pointer
2018-12-17T22:51:46.892954338Z	66	PC: 14432 \| Move file pointer
2018-12-17T22:51:46.894292889Z	66	PC: 14440 \| Move file pointer
2018-12-17T22:51:46.896445696Z	66	PC: 1444e \| Move file pointer
2018-12-17T22:51:46.898106562Z	63	PC: 13de3 \| Read file or device (Read 4282 bytes on handle 6)
2018-12-17T22:51:46.905382477Z	64	PC: 13de3 \| Write file or device (Write 4282 bytes on handle 5)
2018-12-17T22:51:46.913812314Z	62	PC: 13d60 \| Close file
2018-12-17T22:51:46.915851241Z	87	PC: 1348d \| Get or set file date and time
2018-12-17T22:51:46.917427236Z	62	PC: 13d60 \| Close file
2018-12-17T22:51:46.951213322Z	67	PC: 13446 \| Get or set file attributes
2018-12-17T22:51:46.960666726Z	26	PC: 134e1 \| Set disk transfer address
2018-12-17T22:51:46.962095828Z	79	PC: 134e6 \| Find next file
2018-12-17T22:51:46.965282341Z	14	PC: 13f44 \| Set default drive (Drive = 'A')
2018-12-17T22:51:46.967474289Z	25	PC: 13f48 \| Get default drive
2018-12-17T22:51:46.96893493Z	59	PC: 13fb2 \| Change current directory
2018-12-17T22:51:46.974129674Z	64	PC: 13a68 \| Write file or device (Write 20 bytes on handle 1)
2018-12-17T22:51:46.978987736Z	60	PC: 14317 \| Create or truncate file
2018-12-17T22:51:46.99800763Z	68	PC: 14333 \| I/O control for devices (Set for = '')
2018-12-17T22:51:47.002614459Z	64	PC: 13a43 \| Write file or device (Write 128 bytes on handle 5)
2018-12-17T22:51:47.006694136Z	64	PC: 13a43 \| Write file or device (Write 128 bytes on handle 5)
2018-12-17T22:51:47.010592563Z	64	PC: 13a43 \| Write file or device (Write 128 bytes on handle 5)
2018-12-17T22:51:47.013669481Z	64	PC: 13a43 \| Write file or device (Write 128 bytes on handle 5)
2018-12-17T22:51:47.016660302Z	64	PC: 13a43 \| Write file or device (Write 128 bytes on handle 5)
2018-12-17T22:51:47.025648362Z	64	PC: 13a43 \| Write file or device (Write 128 bytes on handle 5)
2018-12-17T22:51:47.028694209Z	64	PC: 13a43 \| Write file or device (Write 128 bytes on handle 5)
2018-12-17T22:51:47.032123546Z	64	PC: 13a43 \| Write file or device (Write 96 bytes on handle 5)
2018-12-17T22:51:47.03760786Z	62	PC: 13a82 \| Close file
2018-12-17T22:51:47.051572871Z	64	PC: 13a68 \| Write file or device (Write 14 bytes on handle 1)
2018-12-17T22:51:47.056164427Z	64	PC: 13a68 \| Write file or device (Write 0 bytes on handle 1)
2018-12-17T22:51:47.058416383Z	37	PC: 137a1 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:51:47.059389799Z	37	PC: 137a1 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:51:47.060497045Z	37	PC: 137a1 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:51:47.061847303Z	37	PC: 137a1 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:51:47.062834649Z	37	PC: 137a1 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:51:47.06436781Z	37	PC: 137a1 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:51:47.065367105Z	37	PC: 137a1 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:51:47.066425391Z	37	PC: 137a1 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:51:47.06866055Z	37	PC: 137a1 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:51:47.069765344Z	37	PC: 137a1 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:51:47.070836961Z	37	PC: 137a1 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:51:47.072323954Z	37	PC: 137a1 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:51:47.073345092Z	37	PC: 137a1 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:51:47.075269065Z	37	PC: 137a1 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:51:47.076452135Z	37	PC: 137a1 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:51:47.077453414Z	37	PC: 137a1 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:51:47.07953348Z	37	PC: 137a1 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:51:47.080993027Z	37	PC: 137a1 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:51:47.082728542Z	37	PC: 137a1 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:51:47.08514623Z	76	PC: 137e0 \| Terminate with return code (Return code = '0')