Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Teterin.7897

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:12:04.527728405Z 53 PC: 13e1a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:12:04.529986762Z 53 PC: 13e1a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:12:04.531319027Z 53 PC: 13e1a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:12:04.532592532Z 53 PC: 13e1a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:12:04.535078657Z 53 PC: 13e1a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:12:04.536851812Z 53 PC: 13e1a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:12:04.538484753Z 53 PC: 13e1a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:12:04.540687946Z 53 PC: 13e1a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:12:04.54245054Z 53 PC: 13e1a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:12:04.544815337Z 53 PC: 13e1a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:12:04.547520845Z 53 PC: 13e1a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:12:04.552136395Z 53 PC: 13e1a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:12:04.554423696Z 53 PC: 13e1a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:12:04.556876189Z 53 PC: 13e1a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:12:04.5589028Z 53 PC: 13e1a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:12:04.561675984Z 53 PC: 13e1a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:12:04.563599722Z 53 PC: 13e1a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:12:04.566637505Z 53 PC: 13e1a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:12:04.568147104Z 53 PC: 13e1a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:12:04.569970122Z 37 PC: 13e2f | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:12:04.57272913Z 37 PC: 13e37 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:12:04.574706949Z 37 PC: 13e3f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:12:04.57658985Z 37 PC: 13e47 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:12:04.579686744Z 68 PC: 14dda | I/O control for devices (Set for = 'S�2�[����')
2018-12-17T23:12:04.582023288Z 44 PC: 15272 | Get time 0x15272: mov word ptr [0x46], cx
0x15276: mov word ptr [0x48], dx
0x1527a: retf
0x1527b: call 0x152c2
0x1527e: jb 0x1528f
0x15280: mov cx, word ptr es:[di + 4]
0x15284: cmp cx, 1
0x15287: je 0x1528f
0x15289: xor bx, bx
0x1528b: push cs
0x1528c: call 0x24a9d
0x1528f: retf 4
0x15292: call 0x152c2
0x15295: jb 0x152aa
0x15297: mov ax, cx
0x15299: mov dx, bx
0x1529b: mov cx, word ptr es:[di + 4]
0x1529f: cmp cx, 1
0x152a2: je 0x152aa
0x152a4: xor bx, bx
2018-12-17T23:12:04.585082511Z 48 PC: 14905 | Get DOS version
2018-12-17T23:12:04.586807946Z 61 PC: 14743 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T23:12:04.595478571Z 66 PC: 14875 | Move file pointer
2018-12-17T23:12:04.597388032Z 63 PC: 14816 | Read file or device (Read 6 bytes on handle 5)
2018-12-17T23:12:04.600748511Z 62 PC: 14793 | Close file
2018-12-17T23:12:04.612471987Z 25 PC: 14992 | Get default drive
2018-12-17T23:12:04.614354928Z 71 PC: 149a5 | Get current directory
2018-12-17T23:12:04.61848733Z 26 PC: 13b4f | Set disk transfer address
2018-12-17T23:12:04.620826298Z 78 PC: 13b5b | Find first file
2018-12-17T23:12:04.628817085Z 48 PC: 14905 | Get DOS version
2018-12-17T23:12:04.631761311Z 61 PC: 14743 | Open file (Filename = 'TEST.EXE')
2018-12-17T23:12:04.641041694Z 66 PC: 14875 | Move file pointer
2018-12-17T23:12:04.643247241Z 63 PC: 14816 | Read file or device (Read 6 bytes on handle 5)
2018-12-17T23:12:04.646840608Z 62 PC: 14793 | Close file
2018-12-17T23:12:04.650295876Z 26 PC: 13b73 | Set disk transfer address
2018-12-17T23:12:04.652253507Z 79 PC: 13b78 | Find next file
2018-12-17T23:12:04.655755824Z 59 PC: 14a59 | Change current directory
2018-12-17T23:12:04.661195543Z 14 PC: 149eb | Set default drive (Drive = 'A')
2018-12-17T23:12:04.670984161Z 25 PC: 149ef | Get default drive
2018-12-17T23:12:04.672738681Z 59 PC: 14a59 | Change current directory
2018-12-17T23:12:04.677661909Z 48 PC: 14905 | Get DOS version
2018-12-17T23:12:04.680667671Z 67 PC: 13ab1 | Get or set file attributes
2018-12-17T23:12:04.687424938Z 67 PC: 13ad8 | Get or set file attributes
2018-12-17T23:12:04.706173194Z 61 PC: 14743 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T23:12:04.714589742Z 66 PC: 14875 | Move file pointer
2018-12-17T23:12:04.719274091Z 63 PC: 14816 | Read file or device (Read 1 bytes on handle 5)
2018-12-17T23:12:04.72258627Z 66 PC: 152dc | Move file pointer
2018-12-17T23:12:04.725345509Z 66 PC: 152ea | Move file pointer
2018-12-17T23:12:04.727660582Z 66 PC: 152f8 | Move file pointer
2018-12-17T23:12:04.729755161Z 62 PC: 14793 | Close file
2018-12-17T23:12:04.732960088Z 67 PC: 13ad8 | Get or set file attributes
2018-12-17T23:12:04.744546647Z 42 PC: 13a37 | Get date 0x13a37: xor ah, ah
0x13a39: les di, ptr [bp + 6]
0x13a3c: stosw word ptr es:[di], ax
0x13a3d: mov al, dl
0x13a3f: les di, ptr [bp + 0xa]
0x13a42: stosw word ptr es:[di], ax
0x13a43: mov al, dh
0x13a45: les di, ptr [bp + 0xe]
0x13a48: stosw word ptr es:[di], ax
0x13a49: xchg ax, cx
0x13a4a: les di, ptr [bp + 0x12]
0x13a4d: stosw word ptr es:[di], ax
0x13a4e: pop bp
0x13a4f: retf 0x10
0x13a52: push bp
0x13a53: mov bp, sp
0x13a55: mov cx, word ptr [bp + 0xa]
0x13a58: mov dh, byte ptr [bp + 8]
0x13a5b: mov dl, byte ptr [bp + 6]
0x13a5e: mov ah, 0x2b
2018-12-17T23:12:04.747379725Z 44 PC: 13a6d | Get time 0x13a6d: xor ah, ah
0x13a6f: mov al, dl
0x13a71: les di, ptr [bp + 6]
0x13a74: stosw word ptr es:[di], ax
0x13a75: mov al, dh
0x13a77: les di, ptr [bp + 0xa]
0x13a7a: stosw word ptr es:[di], ax
0x13a7b: mov al, cl
0x13a7d: les di, ptr [bp + 0xe]
0x13a80: stosw word ptr es:[di], ax
0x13a81: mov al, ch
0x13a83: les di, ptr [bp + 0x12]
0x13a86: stosw word ptr es:[di], ax
0x13a87: pop bp
0x13a88: retf 0x10
0x13a8b: push bp
0x13a8c: mov bp, sp
0x13a8e: mov ch, byte ptr [bp + 0xc]
0x13a91: mov cl, byte ptr [bp + 0xa]
0x13a94: mov dh, byte ptr [bp + 8]
2018-12-17T23:12:04.752182145Z 48 PC: 14905 | Get DOS version
2018-12-17T23:12:04.754137112Z 26 PC: 13b4f | Set disk transfer address
2018-12-17T23:12:04.755933169Z 78 PC: 13b5b | Find first file
2018-12-17T23:12:04.764000129Z 48 PC: 14905 | Get DOS version
2018-12-17T23:12:04.766442011Z 67 PC: 13ab1 | Get or set file attributes
2018-12-17T23:12:04.773770433Z 67 PC: 13ad8 | Get or set file attributes
2018-12-17T23:12:04.784931802Z 61 PC: 14743 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T23:12:04.796159376Z 63 PC: 14816 | Read file or device (Read 3953 bytes on handle 5)
2018-12-17T23:12:04.805703303Z 63 PC: 14816 | Read file or device (Read 3953 bytes on handle 5)
2018-12-17T23:12:04.815039551Z 66 PC: 152dc | Move file pointer
2018-12-17T23:12:04.817713539Z 66 PC: 152ea | Move file pointer
2018-12-17T23:12:04.819744718Z 66 PC: 152f8 | Move file pointer
2018-12-17T23:12:04.821900793Z 66 PC: 14875 | Move file pointer
2018-12-17T23:12:04.825258478Z 66 PC: 152dc | Move file pointer
2018-12-17T23:12:04.827602515Z 66 PC: 152ea | Move file pointer
2018-12-17T23:12:04.829618987Z 66 PC: 152f8 | Move file pointer
2018-12-17T23:12:04.832693449Z 66 PC: 14875 | Move file pointer
2018-12-17T23:12:04.834583243Z 63 PC: 14816 | Read file or device (Read 3953 bytes on handle 5)
2018-12-17T23:12:04.844040287Z 63 PC: 14816 | Read file or device (Read 3953 bytes on handle 5)
2018-12-17T23:12:04.854286385Z 66 PC: 14875 | Move file pointer
2018-12-17T23:12:04.856451947Z 64 PC: 14816 | Write file or device (Write 3953 bytes on handle 5)
2018-12-17T23:12:04.866981749Z 64 PC: 14816 | Write file or device (Write 3953 bytes on handle 5)
2018-12-17T23:12:04.876637547Z 66 PC: 152dc | Move file pointer
2018-12-17T23:12:04.878550835Z 66 PC: 152ea | Move file pointer
2018-12-17T23:12:04.880437262Z 66 PC: 152f8 | Move file pointer
2018-12-17T23:12:04.882892008Z 66 PC: 14875 | Move file pointer
2018-12-17T23:12:04.884680031Z 64 PC: 14816 | Write file or device (Write 3953 bytes on handle 5)
2018-12-17T23:12:04.894943792Z 64 PC: 14816 | Write file or device (Write 3953 bytes on handle 5)
2018-12-17T23:12:04.904032273Z 66 PC: 152dc | Move file pointer
2018-12-17T23:12:04.906387052Z 66 PC: 152ea | Move file pointer
2018-12-17T23:12:04.907904716Z 66 PC: 152f8 | Move file pointer
2018-12-17T23:12:04.91082128Z 66 PC: 14875 | Move file pointer
2018-12-17T23:12:04.913281546Z 87 PC: 13b1f | Get or set file date and time
2018-12-17T23:12:04.915594106Z 62 PC: 14793 | Close file
2018-12-17T23:12:04.925070125Z 67 PC: 13ad8 | Get or set file attributes
2018-12-17T23:12:04.936195547Z 53 PC: 13d8b | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:12:04.938065493Z 37 PC: 13d94 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:12:04.941314353Z 53 PC: 13d8b | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:12:04.943085233Z 37 PC: 13d94 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:12:04.944830175Z 53 PC: 13d8b | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:12:04.947257209Z 37 PC: 13d94 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:12:04.948882595Z 53 PC: 13d8b | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:12:04.950385331Z 37 PC: 13d94 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:12:04.952710814Z 53 PC: 13d8b | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:12:04.954594637Z 37 PC: 13d94 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:12:04.95631912Z 53 PC: 13d8b | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:12:04.958793964Z 37 PC: 13d94 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:12:04.960900234Z 53 PC: 13d8b | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:12:04.962579633Z 37 PC: 13d94 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:12:04.964328311Z 53 PC: 13d8b | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:12:04.966126924Z 37 PC: 13d94 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:12:04.967535963Z 53 PC: 13d8b | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:12:04.97018262Z 37 PC: 13d94 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:12:04.972076912Z 53 PC: 13d8b | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:12:04.973633019Z 37 PC: 13d94 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:12:04.97631897Z 53 PC: 13d8b | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:12:04.977912777Z 37 PC: 13d94 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:12:04.979492398Z 53 PC: 13d8b | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:12:04.981124306Z 37 PC: 13d94 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:12:04.98372663Z 53 PC: 13d8b | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:12:04.985342699Z 37 PC: 13d94 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:12:04.986930014Z 53 PC: 13d8b | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:12:04.989606387Z 37 PC: 13d94 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:12:04.991255098Z 53 PC: 13d8b | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:12:04.992964432Z 37 PC: 13d94 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:12:04.995601401Z 53 PC: 13d8b | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:12:04.997251774Z 37 PC: 13d94 | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:12:04.998926924Z 53 PC: 13d8b | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:12:05.001405316Z 37 PC: 13d94 | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:12:05.004094573Z 53 PC: 13d8b | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:12:05.005778589Z 37 PC: 13d94 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:12:05.008492984Z 53 PC: 13d8b | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:12:05.010485231Z 37 PC: 13d94 | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:12:05.012346741Z 48 PC: 14905 | Get DOS version
2018-12-17T23:12:05.014974222Z 41 PC: 13d42 | Parse filename
2018-12-17T23:12:05.017000783Z 41 PC: 13d50 | Parse filename
2018-12-17T23:12:05.018478241Z 75 PC: 13d5b | Execute program
2018-12-17T23:12:05.038140677Z 9 PC: 21f3c | Display string (Could not find end pointer)
2018-12-17T23:12:05.044179022Z 76 PC: 21f41 | Terminate with return code (Return code = '0')
2018-12-17T23:12:05.047577092Z 53 PC: 13d8b | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:12:05.050108974Z 37 PC: 13d94 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:12:05.052261431Z 53 PC: 13d8b | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:12:05.054085101Z 37 PC: 13d94 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:12:05.056932355Z 53 PC: 13d8b | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:12:05.058755553Z 37 PC: 13d94 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:12:05.060512257Z 53 PC: 13d8b | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:12:05.063230299Z 37 PC: 13d94 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:12:05.065021457Z 53 PC: 13d8b | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:12:05.066802225Z 37 PC: 13d94 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:12:05.069509136Z 53 PC: 13d8b | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:12:05.071369003Z 37 PC: 13d94 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:12:05.073079761Z 53 PC: 13d8b | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:12:05.075816146Z 37 PC: 13d94 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:12:05.077644815Z 53 PC: 13d8b | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:12:05.079392241Z 37 PC: 13d94 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:12:05.082531034Z 53 PC: 13d8b | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:12:05.084419235Z 37 PC: 13d94 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:12:05.086141373Z 53 PC: 13d8b | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:12:05.088833806Z 37 PC: 13d94 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:12:05.090649521Z 53 PC: 13d8b | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:12:05.093259859Z 37 PC: 13d94 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:12:05.095930472Z 53 PC: 13d8b | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:12:05.098264211Z 37 PC: 13d94 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:12:05.099991419Z 53 PC: 13d8b | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:12:05.102777277Z 37 PC: 13d94 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:12:05.104531005Z 53 PC: 13d8b | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:12:05.106298018Z 37 PC: 13d94 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:12:05.108005098Z 53 PC: 13d8b | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:12:05.110771721Z 37 PC: 13d94 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:12:05.112514759Z 53 PC: 13d8b | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:12:05.114262525Z 37 PC: 13d94 | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:12:05.116995254Z 53 PC: 13d8b | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:12:05.118773899Z 37 PC: 13d94 | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:12:05.120502038Z 53 PC: 13d8b | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:12:05.122717284Z 37 PC: 13d94 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:12:05.124125262Z 53 PC: 13d8b | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:12:05.125372478Z 37 PC: 13d94 | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:12:05.127405301Z 48 PC: 14905 | Get DOS version
2018-12-17T23:12:05.129044152Z 26 PC: 13b4f | Set disk transfer address
2018-12-17T23:12:05.130227337Z 78 PC: 13b5b | Find first file
2018-12-17T23:12:05.137936294Z 48 PC: 14905 | Get DOS version
2018-12-17T23:12:05.139914324Z 67 PC: 13ab1 | Get or set file attributes
2018-12-17T23:12:05.146976424Z 67 PC: 13ad8 | Get or set file attributes
2018-12-17T23:12:05.158474006Z 61 PC: 14743 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T23:12:05.166355898Z 63 PC: 14816 | Read file or device (Read 3953 bytes on handle 5)
2018-12-17T23:12:05.175334432Z 63 PC: 14816 | Read file or device (Read 3953 bytes on handle 5)
2018-12-17T23:12:05.184162904Z 66 PC: 152dc | Move file pointer
2018-12-17T23:12:05.186041107Z 66 PC: 152ea | Move file pointer
2018-12-17T23:12:05.18788801Z 66 PC: 152f8 | Move file pointer
2018-12-17T23:12:05.190105069Z 66 PC: 14875 | Move file pointer
2018-12-17T23:12:05.191798884Z 66 PC: 152dc | Move file pointer
2018-12-17T23:12:05.196596536Z 66 PC: 152ea | Move file pointer
2018-12-17T23:12:05.198628026Z 66 PC: 152f8 | Move file pointer
2018-12-17T23:12:05.200625432Z 66 PC: 14875 | Move file pointer
2018-12-17T23:12:05.203550693Z 63 PC: 14816 | Read file or device (Read 3953 bytes on handle 5)
2018-12-17T23:12:05.212935782Z 63 PC: 14816 | Read file or device (Read 3953 bytes on handle 5)
2018-12-17T23:12:05.22207051Z 66 PC: 14875 | Move file pointer
2018-12-17T23:12:05.224350918Z 64 PC: 14816 | Write file or device (Write 3953 bytes on handle 5)
2018-12-17T23:12:05.236337339Z 64 PC: 14816 | Write file or device (Write 3953 bytes on handle 5)
2018-12-17T23:12:05.246109836Z 66 PC: 152dc | Move file pointer
2018-12-17T23:12:05.248184889Z 66 PC: 152ea | Move file pointer
2018-12-17T23:12:05.251037894Z 66 PC: 152f8 | Move file pointer
2018-12-17T23:12:05.253031683Z 66 PC: 14875 | Move file pointer
2018-12-17T23:12:05.255199269Z 64 PC: 14816 | Write file or device (Write 3953 bytes on handle 5)
2018-12-17T23:12:05.265389693Z 64 PC: 14816 | Write file or device (Write 3953 bytes on handle 5)
2018-12-17T23:12:05.274367185Z 66 PC: 152dc | Move file pointer
2018-12-17T23:12:05.276450733Z 66 PC: 152ea | Move file pointer
2018-12-17T23:12:05.279204111Z 66 PC: 152f8 | Move file pointer
2018-12-17T23:12:05.28117144Z 66 PC: 14875 | Move file pointer
2018-12-17T23:12:05.283930068Z 87 PC: 13b1f | Get or set file date and time
2018-12-17T23:12:05.286833148Z 62 PC: 14793 | Close file
2018-12-17T23:12:05.295960952Z 67 PC: 13ad8 | Get or set file attributes
2018-12-17T23:12:05.307771162Z 64 PC: 1449b | Write file or device (Write 0 bytes on handle 1)
2018-12-17T23:12:05.310740346Z 37 PC: 13f71 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:12:05.312234135Z 37 PC: 13f71 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:12:05.313958627Z 37 PC: 13f71 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:12:05.315856737Z 37 PC: 13f71 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:12:05.317299229Z 37 PC: 13f71 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:12:05.320319298Z 37 PC: 13f71 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:12:05.321902215Z 37 PC: 13f71 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:12:05.323345299Z 37 PC: 13f71 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:12:05.325587285Z 37 PC: 13f71 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:12:05.32737645Z 37 PC: 13f71 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:12:05.328719024Z 37 PC: 13f71 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:12:05.331168971Z 37 PC: 13f71 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:12:05.332558715Z 37 PC: 13f71 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:12:05.333916598Z 37 PC: 13f71 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:12:05.336249075Z 37 PC: 13f71 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:12:05.337630543Z 37 PC: 13f71 | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:12:05.338941939Z 37 PC: 13f71 | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:12:05.341095959Z 37 PC: 13f71 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:12:05.342605097Z 37 PC: 13f71 | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:12:05.344141426Z 76 PC: 13fb0 | Terminate with return code (Return code = '0')