Sample viewer

vx.netlux.org/Virus.DOS.HLLP.FidoSpy.15000

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:54:43.019260422Z	53	PC: 16aba \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:54:43.021065687Z	53	PC: 16aba \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:54:43.022903157Z	53	PC: 16aba \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:54:43.024779565Z	53	PC: 16aba \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:54:43.027199549Z	53	PC: 16aba \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:54:43.028344034Z	53	PC: 16aba \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:54:43.029453018Z	53	PC: 16aba \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:54:43.031504698Z	53	PC: 16aba \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:54:43.032638174Z	53	PC: 16aba \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:54:43.033796916Z	53	PC: 16aba \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:54:43.035545673Z	53	PC: 16aba \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:54:43.036979458Z	53	PC: 16aba \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:54:43.038210147Z	53	PC: 16aba \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:54:43.049258202Z	53	PC: 16aba \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:54:43.050679474Z	53	PC: 16aba \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:54:43.051966992Z	53	PC: 16aba \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:54:43.053694733Z	53	PC: 16aba \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:54:43.055019761Z	53	PC: 16aba \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:54:43.056512637Z	53	PC: 16aba \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:54:43.058522427Z	37	PC: 16acf \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:54:43.059710961Z	37	PC: 16ad7 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:54:43.060902597Z	37	PC: 16adf \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:54:43.071159517Z	37	PC: 16ae7 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:54:43.07273442Z	68	PC: 17a6f \| I/O control for devices (Set for = '3��޸')
2018-12-17T22:54:43.074785406Z	48	PC: 17680 \| Get DOS version
2018-12-17T22:54:43.083002892Z	61	PC: 174be \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:54:43.090562322Z	61	PC: 174be \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:54:43.09752656Z	63	PC: 17591 \| Read file or device (Read 15000 bytes on handle 6)
2018-12-17T22:54:43.108437335Z	62	PC: 1750e \| Close file
2018-12-17T22:54:43.110667079Z	63	PC: 17591 \| Read file or device (Read 15000 bytes on handle 5)
2018-12-17T22:54:43.118288844Z	62	PC: 1750e \| Close file
2018-12-17T22:54:43.121929583Z	67	PC: 168ae \| Get or set file attributes
2018-12-17T22:54:43.129032594Z	67	PC: 168ae \| Get or set file attributes
2018-12-17T22:54:43.138635052Z	41	PC: 12b41 \| Parse filename
2018-12-17T22:54:43.141243066Z	41	PC: 12b41 \| Parse filename
2018-12-17T22:54:43.144217402Z	41	PC: 12b41 \| Parse filename
2018-12-17T22:54:43.145843353Z	41	PC: 12b41 \| Parse filename
2018-12-17T22:54:43.148149721Z	41	PC: 12b41 \| Parse filename
2018-12-17T22:54:43.149942941Z	41	PC: 12b41 \| Parse filename
2018-12-17T22:54:43.15211788Z	41	PC: 12b41 \| Parse filename
2018-12-17T22:54:43.155326194Z	41	PC: 12b41 \| Parse filename
2018-12-17T22:54:43.156968935Z	41	PC: 12b41 \| Parse filename
2018-12-17T22:54:43.158557154Z	41	PC: 12b41 \| Parse filename
2018-12-17T22:54:43.161155338Z	41	PC: 12b41 \| Parse filename
2018-12-17T22:54:43.162949273Z	41	PC: 12b41 \| Parse filename
2018-12-17T22:54:43.164703903Z	41	PC: 12b41 \| Parse filename
2018-12-17T22:54:43.166864212Z	41	PC: 12b41 \| Parse filename
2018-12-17T22:54:43.168585958Z	41	PC: 12b41 \| Parse filename
2018-12-17T22:54:43.170202176Z	41	PC: 12b41 \| Parse filename
2018-12-17T22:54:43.172194825Z	41	PC: 12b41 \| Parse filename
2018-12-17T22:54:43.173851976Z	41	PC: 12b41 \| Parse filename
2018-12-17T22:54:43.175668933Z	41	PC: 12b41 \| Parse filename
2018-12-17T22:54:43.17813529Z	41	PC: 12b41 \| Parse filename
2018-12-17T22:54:43.17970681Z	41	PC: 12b41 \| Parse filename
2018-12-17T22:54:43.18125541Z	41	PC: 12b41 \| Parse filename
2018-12-17T22:54:43.183183752Z	41	PC: 12b41 \| Parse filename
2018-12-17T22:54:43.18486894Z	41	PC: 12b41 \| Parse filename
2018-12-17T22:54:43.186540519Z	41	PC: 12b41 \| Parse filename
2018-12-17T22:54:43.188702572Z	41	PC: 12b41 \| Parse filename
2018-12-17T22:54:43.191481063Z	68	PC: 169f9 \| I/O control for devices (Set for = '')
2018-12-17T22:54:43.194537222Z	68	PC: 169f9 \| I/O control for devices (Set for = '')
2018-12-17T22:54:43.19791314Z	68	PC: 169f9 \| I/O control for devices (Set for = '')
2018-12-17T22:54:43.20026834Z	26	PC: 1682b \| Set disk transfer address
2018-12-17T22:54:43.201261651Z	78	PC: 16837 \| Find first file
2018-12-17T22:54:43.207426169Z	26	PC: 1684f \| Set disk transfer address
2018-12-17T22:54:43.208682453Z	79	PC: 16854 \| Find next file
2018-12-17T22:54:43.211947372Z	26	PC: 1684f \| Set disk transfer address
2018-12-17T22:54:43.214253844Z	79	PC: 16854 \| Find next file
2018-12-17T22:54:43.217464011Z	26	PC: 1682b \| Set disk transfer address
2018-12-17T22:54:43.218807679Z	78	PC: 16837 \| Find first file
2018-12-17T22:54:43.226478634Z	26	PC: 1684f \| Set disk transfer address
2018-12-17T22:54:43.227773934Z	79	PC: 16854 \| Find next file
2018-12-17T22:54:43.231431221Z	26	PC: 1684f \| Set disk transfer address
2018-12-17T22:54:43.232875235Z	79	PC: 16854 \| Find next file
2018-12-17T22:54:43.23745252Z	61	PC: 174be \| Open file (Filename = 'C:\DOS\ATTRIB.EXE')
2018-12-17T22:54:43.244757458Z	63	PC: 17591 \| Read file or device (Read 15000 bytes on handle 5)
2018-12-17T22:54:43.252995439Z	62	PC: 1750e \| Close file
2018-12-17T22:54:43.255785789Z	26	PC: 1684f \| Set disk transfer address
2018-12-17T22:54:43.257070917Z	79	PC: 16854 \| Find next file
2018-12-17T22:54:43.261065502Z	61	PC: 174be \| Open file (Filename = 'C:\DOS\CHKDSK.EXE')
2018-12-17T22:54:43.269129775Z	63	PC: 17591 \| Read file or device (Read 15000 bytes on handle 5)
2018-12-17T22:54:43.276848507Z	62	PC: 1750e \| Close file
2018-12-17T22:54:43.278513622Z	26	PC: 1684f \| Set disk transfer address
2018-12-17T22:54:43.280396984Z	79	PC: 16854 \| Find next file
2018-12-17T22:54:43.283524332Z	26	PC: 1684f \| Set disk transfer address
2018-12-17T22:54:43.284469411Z	79	PC: 16854 \| Find next file
2018-12-17T22:54:43.288379278Z	26	PC: 1684f \| Set disk transfer address
2018-12-17T22:54:43.289351027Z	79	PC: 16854 \| Find next file
2018-12-17T22:54:43.293545142Z	61	PC: 174be \| Open file (Filename = 'C:\DOS\DEBUG.EXE')
2018-12-17T22:54:43.300858508Z	63	PC: 17591 \| Read file or device (Read 15000 bytes on handle 5)
2018-12-17T22:54:43.309990445Z	62	PC: 1750e \| Close file
2018-12-17T22:54:43.312029663Z	61	PC: 174be \| Open file (Filename = 'C:\DOS\DEBUG.EXE')
2018-12-17T22:54:43.319384054Z	63	PC: 17591 \| Read file or device (Read 15000 bytes on handle 5)
2018-12-17T22:54:43.326994454Z	66	PC: 17ccd \| Move file pointer
2018-12-17T22:54:43.328222003Z	66	PC: 17cdb \| Move file pointer
2018-12-17T22:54:43.330267021Z	66	PC: 17ce9 \| Move file pointer
2018-12-17T22:54:43.331566397Z	66	PC: 175f0 \| Move file pointer
2018-12-17T22:54:43.333005593Z	64	PC: 17591 \| Write file or device (Write 15000 bytes on handle 5)
2018-12-17T22:54:43.694359456Z	66	PC: 175f0 \| Move file pointer
2018-12-17T22:54:43.696864411Z	64	PC: 17591 \| Write file or device (Write 15000 bytes on handle 5)
2018-12-17T22:54:43.706958263Z	62	PC: 1750e \| Close file
2018-12-17T22:54:43.718428717Z	26	PC: 1684f \| Set disk transfer address
2018-12-17T22:54:43.719789607Z	79	PC: 16854 \| Find next file
2018-12-17T22:54:43.723169501Z	26	PC: 1684f \| Set disk transfer address
2018-12-17T22:54:43.725067259Z	79	PC: 16854 \| Find next file
2018-12-17T22:54:43.734587365Z	26	PC: 1684f \| Set disk transfer address
2018-12-17T22:54:43.735961078Z	79	PC: 16854 \| Find next file
2018-12-17T22:54:43.73969857Z	26	PC: 1684f \| Set disk transfer address
2018-12-17T22:54:43.741675145Z	79	PC: 16854 \| Find next file
2018-12-17T22:54:43.745801424Z	61	PC: 174be \| Open file (Filename = 'C:\DOS\EXPAND.EXE')
2018-12-17T22:54:43.753168052Z	63	PC: 17591 \| Read file or device (Read 15000 bytes on handle 5)
2018-12-17T22:54:43.763490898Z	62	PC: 1750e \| Close file
2018-12-17T22:54:43.766100688Z	61	PC: 174be \| Open file (Filename = 'C:\DOS\EXPAND.EXE')
2018-12-17T22:54:43.779856881Z	63	PC: 17591 \| Read file or device (Read 15000 bytes on handle 5)
2018-12-17T22:54:43.795793948Z	66	PC: 17ccd \| Move file pointer
2018-12-17T22:54:43.79753581Z	66	PC: 17cdb \| Move file pointer
2018-12-17T22:54:43.799277203Z	66	PC: 17ce9 \| Move file pointer
2018-12-17T22:54:43.802248899Z	66	PC: 175f0 \| Move file pointer
2018-12-17T22:54:43.804070206Z	64	PC: 17591 \| Write file or device (Write 15000 bytes on handle 5)
2018-12-17T22:54:43.81455877Z	66	PC: 175f0 \| Move file pointer
2018-12-17T22:54:43.816876622Z	64	PC: 17591 \| Write file or device (Write 15000 bytes on handle 5)
2018-12-17T22:54:43.826388424Z	62	PC: 1750e \| Close file
2018-12-17T22:54:43.836655963Z	26	PC: 1684f \| Set disk transfer address
2018-12-17T22:54:43.838430457Z	79	PC: 16854 \| Find next file
2018-12-17T22:54:43.843070961Z	61	PC: 174be \| Open file (Filename = 'C:\DOS\FDISK.EXE')
2018-12-17T22:54:43.850463605Z	63	PC: 17591 \| Read file or device (Read 15000 bytes on handle 5)
2018-12-17T22:54:43.866037689Z	62	PC: 1750e \| Close file
2018-12-17T22:54:43.86862153Z	61	PC: 174be \| Open file (Filename = 'C:\DOS\FDISK.EXE')
2018-12-17T22:54:43.876378556Z	63	PC: 17591 \| Read file or device (Read 15000 bytes on handle 5)
2018-12-17T22:54:43.886287222Z	66	PC: 17ccd \| Move file pointer
2018-12-17T22:54:43.888143801Z	66	PC: 17cdb \| Move file pointer
2018-12-17T22:54:43.88951686Z	66	PC: 17ce9 \| Move file pointer
2018-12-17T22:54:43.891796733Z	66	PC: 175f0 \| Move file pointer
2018-12-17T22:54:43.893326715Z	64	PC: 17591 \| Write file or device (Write 15000 bytes on handle 5)
2018-12-17T22:54:44.156899972Z	66	PC: 175f0 \| Move file pointer
2018-12-17T22:54:44.160195744Z	64	PC: 17591 \| Write file or device (Write 15000 bytes on handle 5)
2018-12-17T22:54:44.430782016Z	62	PC: 1750e \| Close file
2018-12-17T22:54:44.502055035Z	26	PC: 1684f \| Set disk transfer address
2018-12-17T22:54:44.504340583Z	79	PC: 16854 \| Find next file
2018-12-17T22:54:44.508022078Z	26	PC: 1684f \| Set disk transfer address
2018-12-17T22:54:44.509474237Z	79	PC: 16854 \| Find next file
2018-12-17T22:54:44.513667651Z	61	PC: 174be \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:54:44.524014594Z	66	PC: 17ccd \| Move file pointer
2018-12-17T22:54:44.525727704Z	66	PC: 17cdb \| Move file pointer
2018-12-17T22:54:44.528206626Z	66	PC: 17ce9 \| Move file pointer
2018-12-17T22:54:44.530358422Z	66	PC: 175f0 \| Move file pointer
2018-12-17T22:54:44.532131919Z	63	PC: 17591 \| Read file or device (Read 15000 bytes on handle 5)
2018-12-17T22:54:44.54112988Z	66	PC: 175f0 \| Move file pointer
2018-12-17T22:54:44.543228047Z	64	PC: 17591 \| Write file or device (Write 15000 bytes on handle 5)
2018-12-17T22:54:44.559077605Z	66	PC: 17ccd \| Move file pointer
2018-12-17T22:54:44.566467151Z	66	PC: 17cdb \| Move file pointer
2018-12-17T22:54:44.568468235Z	66	PC: 17ce9 \| Move file pointer
2018-12-17T22:54:44.570218818Z	66	PC: 175f0 \| Move file pointer
2018-12-17T22:54:44.574177494Z	64	PC: 174ef \| Write file or device (Write 0 bytes on handle 5)
2018-12-17T22:54:44.602580533Z	62	PC: 1750e \| Close file
2018-12-17T22:54:44.613913672Z	53	PC: 16a36 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:54:44.616389481Z	37	PC: 16a3f \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:54:44.618435145Z	53	PC: 16a36 \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:54:44.620810038Z	37	PC: 16a3f \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:54:44.626576814Z	53	PC: 16a36 \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:54:44.62849168Z	37	PC: 16a3f \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:54:44.630029722Z	53	PC: 16a36 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:54:44.632424846Z	37	PC: 16a3f \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:54:44.634259348Z	53	PC: 16a36 \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:54:44.63575661Z	37	PC: 16a3f \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:54:44.63810034Z	53	PC: 16a36 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:54:44.639902044Z	37	PC: 16a3f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:54:44.641333727Z	53	PC: 16a36 \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:54:44.643630546Z	37	PC: 16a3f \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:54:44.645364005Z	53	PC: 16a36 \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:54:44.64679025Z	37	PC: 16a3f \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:54:44.648932583Z	53	PC: 16a36 \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:54:44.650558407Z	37	PC: 16a3f \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:54:44.651850578Z	53	PC: 16a36 \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:54:44.653762307Z	37	PC: 16a3f \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:54:44.654889997Z	53	PC: 16a36 \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:54:44.655989986Z	37	PC: 16a3f \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:54:44.657822715Z	53	PC: 16a36 \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:54:44.6589308Z	37	PC: 16a3f \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:54:44.659980198Z	53	PC: 16a36 \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:54:44.662195462Z	37	PC: 16a3f \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:54:44.663516292Z	53	PC: 16a36 \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:54:44.664844356Z	37	PC: 16a3f \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:54:44.66678791Z	53	PC: 16a36 \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:54:44.668239246Z	37	PC: 16a3f \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:54:44.669543884Z	53	PC: 16a36 \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:54:44.671169713Z	37	PC: 16a3f \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:54:44.672605227Z	53	PC: 16a36 \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:54:44.673884271Z	37	PC: 16a3f \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:54:44.676022818Z	53	PC: 16a36 \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:54:44.67768847Z	37	PC: 16a3f \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:54:44.678990645Z	53	PC: 16a36 \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:54:44.681381869Z	37	PC: 16a3f \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:54:44.682954036Z	61	PC: 1655b \| Open file (Filename = '')
2018-12-17T22:54:44.689422196Z	25	PC: 15e40 \| Get default drive
2018-12-17T22:54:44.691573281Z	28	PC: 169f9 \| Get allocation info for specified drive
2018-12-17T22:54:44.701048825Z	50	PC: 169f9 \| Get disk parameter block for specified drive
2018-12-17T22:54:44.704214337Z	64	PC: 1713b \| Write file or device (Write 12 bytes on handle 1)
2018-12-17T22:54:44.710491872Z	53	PC: 16a36 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:54:44.711840926Z	37	PC: 16a3f \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:54:44.713159185Z	53	PC: 16a36 \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:54:44.715023485Z	37	PC: 16a3f \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:54:44.716329952Z	53	PC: 16a36 \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:54:44.71767948Z	37	PC: 16a3f \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:54:44.719637972Z	53	PC: 16a36 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:54:44.720944908Z	37	PC: 16a3f \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:54:44.722809172Z	53	PC: 16a36 \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:54:44.724034215Z	37	PC: 16a3f \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:54:44.725099312Z	53	PC: 16a36 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:54:44.726564786Z	37	PC: 16a3f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:54:44.728546224Z	53	PC: 16a36 \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:54:44.729752438Z	37	PC: 16a3f \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:54:44.731879022Z	53	PC: 16a36 \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:54:44.733154744Z	37	PC: 16a3f \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:54:44.734368722Z	53	PC: 16a36 \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:54:44.736375688Z	37	PC: 16a3f \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:54:44.737721692Z	53	PC: 16a36 \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:54:44.738977443Z	37	PC: 16a3f \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:54:44.740944759Z	53	PC: 16a36 \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:54:44.742554784Z	37	PC: 16a3f \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:54:44.743799831Z	53	PC: 16a36 \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:54:44.745786407Z	37	PC: 16a3f \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:54:44.746999341Z	53	PC: 16a36 \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:54:44.748218367Z	37	PC: 16a3f \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:54:44.750236179Z	53	PC: 16a36 \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:54:44.751471069Z	37	PC: 16a3f \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:54:44.752671936Z	53	PC: 16a36 \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:54:44.754952328Z	37	PC: 16a3f \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:54:44.756155451Z	53	PC: 16a36 \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:54:44.757397712Z	37	PC: 16a3f \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:54:44.759635901Z	53	PC: 16a36 \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:54:44.76086693Z	37	PC: 16a3f \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:54:44.762068411Z	53	PC: 16a36 \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:54:44.764582959Z	37	PC: 16a3f \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:54:44.765942887Z	53	PC: 16a36 \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:54:44.767345725Z	37	PC: 16a3f \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:54:44.769749432Z	61	PC: 174be \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:54:44.776467734Z	66	PC: 17ccd \| Move file pointer
2018-12-17T22:54:44.778893639Z	66	PC: 17cdb \| Move file pointer
2018-12-17T22:54:44.781066969Z	66	PC: 17ce9 \| Move file pointer
2018-12-17T22:54:44.782610885Z	66	PC: 175f0 \| Move file pointer
2018-12-17T22:54:44.783863178Z	64	PC: 17591 \| Write file or device (Write 15000 bytes on handle 5)
2018-12-17T22:54:44.793835916Z	66	PC: 175f0 \| Move file pointer
2018-12-17T22:54:44.795109864Z	64	PC: 17591 \| Write file or device (Write 15000 bytes on handle 5)
2018-12-17T22:54:44.803766014Z	62	PC: 1750e \| Close file
2018-12-17T22:54:44.813808429Z	42	PC: 16767 \| Get date 0x16767: xor ah, ah 0x16769: les di, ptr [bp + 6] 0x1676c: stosw word ptr es:[di], ax 0x1676d: mov al, dl 0x1676f: les di, ptr [bp + 0xa] 0x16772: stosw word ptr es:[di], ax 0x16773: mov al, dh 0x16775: les di, ptr [bp + 0xe] 0x16778: stosw word ptr es:[di], ax 0x16779: xchg ax, cx 0x1677a: les di, ptr [bp + 0x12] 0x1677d: stosw word ptr es:[di], ax 0x1677e: pop bp 0x1677f: retf 0x10 0x16782: push bp 0x16783: mov bp, sp 0x16785: mov cx, word ptr [bp + 0xa] 0x16788: mov dh, byte ptr [bp + 8] 0x1678b: mov dl, byte ptr [bp + 6] 0x1678e: mov ah, 0x2b
2018-12-17T22:54:44.816183259Z	44	PC: 1679d \| Get time 0x1679d: xor ah, ah 0x1679f: mov al, dl 0x167a1: les di, ptr [bp + 6] 0x167a4: stosw word ptr es:[di], ax 0x167a5: mov al, dh 0x167a7: les di, ptr [bp + 0xa] 0x167aa: stosw word ptr es:[di], ax 0x167ab: mov al, cl 0x167ad: les di, ptr [bp + 0xe] 0x167b0: stosw word ptr es:[di], ax 0x167b1: mov al, ch 0x167b3: les di, ptr [bp + 0x12] 0x167b6: stosw word ptr es:[di], ax 0x167b7: pop bp 0x167b8: retf 0x10 0x167bb: push bp 0x167bc: mov bp, sp 0x167be: mov ch, byte ptr [bp + 0xc] 0x167c1: mov cl, byte ptr [bp + 0xa] 0x167c4: mov dh, byte ptr [bp + 8]
2018-12-17T22:54:44.818705453Z	65	PC: 17607 \| Delete file (Filename = 'c:\a.tmp')
2018-12-17T22:54:44.82579165Z	64	PC: 1713b \| Write file or device (Write 0 bytes on handle 1)
2018-12-17T22:54:44.827668353Z	37	PC: 16c11 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:54:44.828987228Z	37	PC: 16c11 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:54:44.831316742Z	37	PC: 16c11 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:54:44.832627434Z	37	PC: 16c11 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:54:44.833949812Z	37	PC: 16c11 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:54:44.836270375Z	37	PC: 16c11 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:54:44.837579519Z	37	PC: 16c11 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:54:44.838877218Z	37	PC: 16c11 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:54:44.841167624Z	37	PC: 16c11 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:54:44.842475929Z	37	PC: 16c11 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:54:44.843768634Z	37	PC: 16c11 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:54:44.84605177Z	37	PC: 16c11 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:54:44.847356201Z	37	PC: 16c11 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:54:44.84863709Z	37	PC: 16c11 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:54:44.85090519Z	37	PC: 16c11 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:54:44.852253909Z	37	PC: 16c11 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:54:44.853552768Z	37	PC: 16c11 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:54:44.855816667Z	37	PC: 16c11 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:54:44.857137016Z	37	PC: 16c11 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:54:44.858437428Z	76	PC: 16c50 \| Terminate with return code (Return code = '0')