Sample viewer

vx.netlux.org/Virus.DOS.HLLP.5175

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:12:33.067370516Z 53 PC: 137d2 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:12:33.069077393Z 53 PC: 137d2 | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:12:33.070103759Z 53 PC: 137d2 | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:12:33.071618406Z 53 PC: 137d2 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:12:33.073071762Z 53 PC: 137d2 | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:12:33.074664032Z 53 PC: 137d2 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:12:33.07574608Z 53 PC: 137d2 | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:12:33.077473841Z 53 PC: 137d2 | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:12:33.090981661Z 53 PC: 137d2 | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:12:33.09221377Z 53 PC: 137d2 | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:12:33.096981645Z 53 PC: 137d2 | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:12:33.099139029Z 53 PC: 137d2 | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:12:33.100929746Z 53 PC: 137d2 | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:12:33.10312106Z 53 PC: 137d2 | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:12:33.105692291Z 53 PC: 137d2 | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:12:33.107837213Z 53 PC: 137d2 | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:12:33.117370154Z 53 PC: 137d2 | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:12:33.119267337Z 53 PC: 137d2 | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:12:33.120876647Z 53 PC: 137d2 | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:12:33.123164281Z 37 PC: 137e7 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:12:33.124480165Z 37 PC: 137ef | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:12:33.125549118Z 37 PC: 137f7 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:12:33.146321959Z 37 PC: 137ff | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:12:33.148629804Z 68 PC: 13d7f | I/O control for devices (Set for = '')
2018-12-17T23:12:33.15060724Z 44 PC: 1346d | Get time 0x1346d: xor ah, ah
0x1346f: mov al, dl
0x13471: les di, ptr [bp + 6]
0x13474: stosw word ptr es:[di], ax
0x13475: mov al, dh
0x13477: les di, ptr [bp + 0xa]
0x1347a: stosw word ptr es:[di], ax
0x1347b: mov al, cl
0x1347d: les di, ptr [bp + 0xe]
0x13480: stosw word ptr es:[di], ax
0x13481: mov al, ch
0x13483: les di, ptr [bp + 0x12]
0x13486: stosw word ptr es:[di], ax
0x13487: pop bp
0x13488: retf 0x10
0x1348b: push bp
0x1348c: mov bp, sp
0x1348e: mov ch, byte ptr [bp + 0xc]
0x13491: mov cl, byte ptr [bp + 0xa]
0x13494: mov dh, byte ptr [bp + 8]
2018-12-17T23:12:33.153531178Z 48 PC: 14517 | Get DOS version
2018-12-17T23:12:33.155728309Z 48 PC: 14517 | Get DOS version
2018-12-17T23:12:33.157184705Z 67 PC: 1350c | Get or set file attributes
2018-12-17T23:12:33.174480213Z 61 PC: 1433d | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T23:12:33.181231862Z 63 PC: 14410 | Read file or device (Read 5175 bytes on handle 5)
2018-12-17T23:12:33.189239735Z 62 PC: 1438d | Close file
2018-12-17T23:12:33.192238968Z 26 PC: 13583 | Set disk transfer address
2018-12-17T23:12:33.19358679Z 78 PC: 1358f | Find first file
2018-12-17T23:12:33.199680112Z 25 PC: 136da | Get default drive
2018-12-17T23:12:33.201617233Z 71 PC: 136f9 | Get current directory
2018-12-17T23:12:33.20478883Z 48 PC: 14517 | Get DOS version
2018-12-17T23:12:33.206311432Z 26 PC: 135a7 | Set disk transfer address
2018-12-17T23:12:33.208177802Z 79 PC: 135ac | Find next file
2018-12-17T23:12:33.210849506Z 26 PC: 13583 | Set disk transfer address
2018-12-17T23:12:33.211897941Z 78 PC: 1358f | Find first file
2018-12-17T23:12:33.217803663Z 25 PC: 136da | Get default drive
2018-12-17T23:12:33.21912674Z 71 PC: 136f9 | Get current directory
2018-12-17T23:12:33.22681098Z 48 PC: 14517 | Get DOS version
2018-12-17T23:12:33.22820834Z 26 PC: 135a7 | Set disk transfer address
2018-12-17T23:12:33.230015612Z 79 PC: 135ac | Find next file
2018-12-17T23:12:33.236426687Z 25 PC: 136da | Get default drive
2018-12-17T23:12:33.237728573Z 71 PC: 136f9 | Get current directory
2018-12-17T23:12:33.242267133Z 48 PC: 14517 | Get DOS version
2018-12-17T23:12:33.243931561Z 26 PC: 135a7 | Set disk transfer address
2018-12-17T23:12:33.245252139Z 79 PC: 135ac | Find next file
2018-12-17T23:12:33.248619347Z 25 PC: 136da | Get default drive
2018-12-17T23:12:33.249989842Z 71 PC: 136f9 | Get current directory
2018-12-17T23:12:33.253210166Z 48 PC: 14517 | Get DOS version
2018-12-17T23:12:33.255339689Z 26 PC: 135a7 | Set disk transfer address
2018-12-17T23:12:33.256208727Z 79 PC: 135ac | Find next file
2018-12-17T23:12:33.258163426Z 25 PC: 136da | Get default drive
2018-12-17T23:12:33.259723806Z 71 PC: 136f9 | Get current directory
2018-12-17T23:12:33.261773246Z 48 PC: 14517 | Get DOS version
2018-12-17T23:12:33.262850983Z 26 PC: 135a7 | Set disk transfer address
2018-12-17T23:12:33.264296073Z 79 PC: 135ac | Find next file
2018-12-17T23:12:33.266157693Z 25 PC: 136da | Get default drive
2018-12-17T23:12:33.267064331Z 71 PC: 136f9 | Get current directory
2018-12-17T23:12:33.269701464Z 48 PC: 14517 | Get DOS version
2018-12-17T23:12:33.270842567Z 26 PC: 135a7 | Set disk transfer address
2018-12-17T23:12:33.27173041Z 79 PC: 135ac | Find next file
2018-12-17T23:12:33.273991376Z 25 PC: 136da | Get default drive
2018-12-17T23:12:33.274962309Z 71 PC: 136f9 | Get current directory
2018-12-17T23:12:33.27764807Z 48 PC: 14517 | Get DOS version
2018-12-17T23:12:33.27926311Z 26 PC: 135a7 | Set disk transfer address
2018-12-17T23:12:33.280223359Z 79 PC: 135ac | Find next file
2018-12-17T23:12:33.282041009Z 25 PC: 136da | Get default drive
2018-12-17T23:12:33.283082251Z 71 PC: 136f9 | Get current directory
2018-12-17T23:12:33.285500005Z 48 PC: 14517 | Get DOS version
2018-12-17T23:12:33.286589064Z 26 PC: 135a7 | Set disk transfer address
2018-12-17T23:12:33.287445275Z 79 PC: 135ac | Find next file
2018-12-17T23:12:33.289888037Z 26 PC: 13583 | Set disk transfer address
2018-12-17T23:12:33.291262384Z 78 PC: 1358f | Find first file
2018-12-17T23:12:33.296332804Z 26 PC: 135a7 | Set disk transfer address
2018-12-17T23:12:33.298037394Z 79 PC: 135ac | Find next file
2018-12-17T23:12:33.301133169Z 26 PC: 13583 | Set disk transfer address
2018-12-17T23:12:33.302152056Z 78 PC: 1358f | Find first file
2018-12-17T23:12:33.308271745Z 25 PC: 136da | Get default drive
2018-12-17T23:12:33.309248694Z 71 PC: 136f9 | Get current directory
2018-12-17T23:12:33.311882872Z 48 PC: 14517 | Get DOS version
2018-12-17T23:12:33.314358294Z 26 PC: 13583 | Set disk transfer address
2018-12-17T23:12:33.31529819Z 78 PC: 1358f | Find first file
2018-12-17T23:12:33.320178444Z 25 PC: 136da | Get default drive
2018-12-17T23:12:33.321954689Z 71 PC: 136f9 | Get current directory
2018-12-17T23:12:33.324368005Z 48 PC: 14517 | Get DOS version
2018-12-17T23:12:33.326098355Z 26 PC: 13583 | Set disk transfer address
2018-12-17T23:12:33.327816725Z 78 PC: 1358f | Find first file
2018-12-17T23:12:33.332045136Z 26 PC: 135a7 | Set disk transfer address
2018-12-17T23:12:33.332930477Z 79 PC: 135ac | Find next file
2018-12-17T23:12:33.335605741Z 26 PC: 135a7 | Set disk transfer address
2018-12-17T23:12:33.336605146Z 79 PC: 135ac | Find next file
2018-12-17T23:12:33.339015786Z 26 PC: 13583 | Set disk transfer address
2018-12-17T23:12:33.340657719Z 78 PC: 1358f | Find first file
2018-12-17T23:12:33.347519062Z 25 PC: 136da | Get default drive
2018-12-17T23:12:33.348549439Z 71 PC: 136f9 | Get current directory
2018-12-17T23:12:33.351522189Z 48 PC: 14517 | Get DOS version
2018-12-17T23:12:33.353048475Z 67 PC: 1350c | Get or set file attributes
2018-12-17T23:12:33.690983127Z 48 PC: 14517 | Get DOS version
2018-12-17T23:12:33.69361952Z 61 PC: 1433d | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T23:12:33.702654345Z 66 PC: 1446f | Move file pointer
2018-12-17T23:12:33.704186733Z 63 PC: 143cf | Read file or device (Read 1 bytes on handle 5)
2018-12-17T23:12:33.711119586Z 66 PC: 1446f | Move file pointer
2018-12-17T23:12:33.712638431Z 63 PC: 143cf | Read file or device (Read 1 bytes on handle 5)
2018-12-17T23:12:33.715141223Z 66 PC: 1446f | Move file pointer
2018-12-17T23:12:33.717343375Z 63 PC: 143cf | Read file or device (Read 1 bytes on handle 5)
2018-12-17T23:12:33.719790078Z 66 PC: 1446f | Move file pointer
2018-12-17T23:12:33.721304235Z 63 PC: 143cf | Read file or device (Read 1 bytes on handle 5)
2018-12-17T23:12:33.724919567Z 66 PC: 1446f | Move file pointer
2018-12-17T23:12:33.727581962Z 63 PC: 143cf | Read file or device (Read 1 bytes on handle 5)
2018-12-17T23:12:33.730052855Z 61 PC: 1433d | Open file (Filename = 'C:\DOS\ATTRIB.EXE')
2018-12-17T23:12:33.737316492Z 66 PC: 1446f | Move file pointer
2018-12-17T23:12:33.738904033Z 63 PC: 143cf | Read file or device (Read 1 bytes on handle 6)
2018-12-17T23:12:33.744502824Z 66 PC: 1446f | Move file pointer
2018-12-17T23:12:33.74611676Z 63 PC: 143cf | Read file or device (Read 1 bytes on handle 6)
2018-12-17T23:12:33.748935291Z 66 PC: 1446f | Move file pointer
2018-12-17T23:12:33.750220883Z 63 PC: 143cf | Read file or device (Read 1 bytes on handle 6)
2018-12-17T23:12:33.753006475Z 66 PC: 1446f | Move file pointer
2018-12-17T23:12:33.7547004Z 63 PC: 143cf | Read file or device (Read 1 bytes on handle 6)
2018-12-17T23:12:33.764869214Z 66 PC: 1446f | Move file pointer
2018-12-17T23:12:33.766861548Z 63 PC: 143cf | Read file or device (Read 1 bytes on handle 6)
2018-12-17T23:12:33.769273959Z 62 PC: 1438d | Close file
2018-12-17T23:12:33.77097759Z 62 PC: 1438d | Close file
2018-12-17T23:12:33.773311378Z 67 PC: 1350c | Get or set file attributes
2018-12-17T23:12:33.784133231Z 61 PC: 1433d | Open file (Filename = 'C:\DOS\ATTRIB.EXE')
2018-12-17T23:12:33.790963415Z 66 PC: 144d9 | Move file pointer
2018-12-17T23:12:33.792279229Z 66 PC: 144e7 | Move file pointer
2018-12-17T23:12:33.794999147Z 66 PC: 144f5 | Move file pointer
2018-12-17T23:12:33.796470469Z 54 PC: 134ac | Get free disk space
2018-12-17T23:12:33.805544048Z 62 PC: 1438d | Close file
2018-12-17T23:12:33.808114755Z 61 PC: 1433d | Open file (Filename = 'C:\DOS\ATTRIB.EXE')
2018-12-17T23:12:33.815129061Z 63 PC: 14410 | Read file or device (Read 5175 bytes on handle 5)
2018-12-17T23:12:33.822129104Z 66 PC: 144d9 | Move file pointer
2018-12-17T23:12:33.824732766Z 66 PC: 144e7 | Move file pointer
2018-12-17T23:12:33.826327277Z 66 PC: 144f5 | Move file pointer
2018-12-17T23:12:33.827936349Z 66 PC: 1446f | Move file pointer
2018-12-17T23:12:33.830348064Z 64 PC: 14410 | Write file or device (Write 5175 bytes on handle 5)
2018-12-17T23:12:33.840518005Z 62 PC: 1438d | Close file
2018-12-17T23:12:33.848186164Z 61 PC: 1433d | Open file (Filename = 'C:\DOS\ATTRIB.EXE')
2018-12-17T23:12:33.858249882Z 64 PC: 14410 | Write file or device (Write 5175 bytes on handle 5)
2018-12-17T23:12:33.865816721Z 87 PC: 13553 | Get or set file date and time
2018-12-17T23:12:33.867526762Z 62 PC: 1438d | Close file
2018-12-17T23:12:33.875833148Z 26 PC: 135a7 | Set disk transfer address
2018-12-17T23:12:33.877221966Z 79 PC: 135ac | Find next file
2018-12-17T23:12:33.880980409Z 25 PC: 136da | Get default drive
2018-12-17T23:12:33.886009399Z 71 PC: 136f9 | Get current directory
2018-12-17T23:12:33.88979851Z 48 PC: 14517 | Get DOS version
2018-12-17T23:12:33.891813949Z 67 PC: 1350c | Get or set file attributes
2018-12-17T23:12:33.90192904Z 48 PC: 14517 | Get DOS version
2018-12-17T23:12:33.903477488Z 61 PC: 1433d | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T23:12:33.910198025Z 66 PC: 1446f | Move file pointer
2018-12-17T23:12:33.912708107Z 63 PC: 143cf | Read file or device (Read 1 bytes on handle 5)
2018-12-17T23:12:33.91546331Z 66 PC: 1446f | Move file pointer
2018-12-17T23:12:33.917040767Z 63 PC: 143cf | Read file or device (Read 1 bytes on handle 5)
2018-12-17T23:12:33.920557112Z 66 PC: 1446f | Move file pointer
2018-12-17T23:12:33.922202859Z 63 PC: 143cf | Read file or device (Read 1 bytes on handle 5)
2018-12-17T23:12:33.92516834Z 66 PC: 1446f | Move file pointer
2018-12-17T23:12:33.930796011Z 63 PC: 143cf | Read file or device (Read 1 bytes on handle 5)
2018-12-17T23:12:33.933717834Z 66 PC: 1446f | Move file pointer
2018-12-17T23:12:33.935489378Z 63 PC: 143cf | Read file or device (Read 1 bytes on handle 5)
2018-12-17T23:12:33.93876539Z 61 PC: 1433d | Open file (Filename = 'C:\DOS\CHKDSK.EXE')
2018-12-17T23:12:33.945906268Z 66 PC: 1446f | Move file pointer
2018-12-17T23:12:33.947665739Z 63 PC: 143cf | Read file or device (Read 1 bytes on handle 6)
2018-12-17T23:12:33.953731257Z 66 PC: 1446f | Move file pointer
2018-12-17T23:12:33.955284607Z 63 PC: 143cf | Read file or device (Read 1 bytes on handle 6)
2018-12-17T23:12:33.958780879Z 66 PC: 1446f | Move file pointer
2018-12-17T23:12:33.960585715Z 63 PC: 143cf | Read file or device (Read 1 bytes on handle 6)
2018-12-17T23:12:33.963085865Z 66 PC: 1446f | Move file pointer
2018-12-17T23:12:33.964637355Z 63 PC: 143cf | Read file or device (Read 1 bytes on handle 6)
2018-12-17T23:12:33.96794118Z 66 PC: 1446f | Move file pointer
2018-12-17T23:12:33.96931002Z 63 PC: 143cf | Read file or device (Read 1 bytes on handle 6)
2018-12-17T23:12:33.971943283Z 62 PC: 1438d | Close file
2018-12-17T23:12:33.974364418Z 62 PC: 1438d | Close file
2018-12-17T23:12:33.976477876Z 67 PC: 1350c | Get or set file attributes
2018-12-17T23:12:33.986961218Z 61 PC: 1433d | Open file (Filename = 'C:\DOS\CHKDSK.EXE')
2018-12-17T23:12:33.993999977Z 66 PC: 144d9 | Move file pointer
2018-12-17T23:12:33.995353507Z 66 PC: 144e7 | Move file pointer
2018-12-17T23:12:33.997194885Z 66 PC: 144f5 | Move file pointer
2018-12-17T23:12:33.998880736Z 54 PC: 134ac | Get free disk space
2018-12-17T23:12:34.002614973Z 62 PC: 1438d | Close file
2018-12-17T23:12:34.004779465Z 61 PC: 1433d | Open file (Filename = 'C:\DOS\CHKDSK.EXE')
2018-12-17T23:12:34.011835512Z 63 PC: 14410 | Read file or device (Read 5175 bytes on handle 5)
2018-12-17T23:12:34.018867807Z 66 PC: 144d9 | Move file pointer
2018-12-17T23:12:34.020556419Z 66 PC: 144e7 | Move file pointer
2018-12-17T23:12:34.021937696Z 66 PC: 144f5 | Move file pointer
2018-12-17T23:12:34.023442543Z 66 PC: 1446f | Move file pointer
2018-12-17T23:12:34.025395751Z 64 PC: 14410 | Write file or device (Write 5175 bytes on handle 5)
2018-12-17T23:12:34.040027826Z 62 PC: 1438d | Close file
2018-12-17T23:12:34.048506924Z 61 PC: 1433d | Open file (Filename = 'C:\DOS\CHKDSK.EXE')
2018-12-17T23:12:34.056585773Z 64 PC: 14410 | Write file or device (Write 5175 bytes on handle 5)
2018-12-17T23:12:34.064934689Z 87 PC: 13553 | Get or set file date and time
2018-12-17T23:12:34.066695212Z 62 PC: 1438d | Close file
2018-12-17T23:12:34.074073963Z 26 PC: 135a7 | Set disk transfer address
2018-12-17T23:12:34.075633778Z 79 PC: 135ac | Find next file
2018-12-17T23:12:34.079024863Z 25 PC: 136da | Get default drive
2018-12-17T23:12:34.081201639Z 71 PC: 136f9 | Get current directory
2018-12-17T23:12:34.084869398Z 48 PC: 14517 | Get DOS version
2018-12-17T23:12:34.086915872Z 67 PC: 1350c | Get or set file attributes
2018-12-17T23:12:34.098499967Z 48 PC: 14517 | Get DOS version
2018-12-17T23:12:34.100570386Z 61 PC: 1433d | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T23:12:34.107482795Z 66 PC: 1446f | Move file pointer
2018-12-17T23:12:34.110082205Z 63 PC: 143cf | Read file or device (Read 1 bytes on handle 5)
2018-12-17T23:12:34.112960456Z 66 PC: 1446f | Move file pointer
2018-12-17T23:12:34.114713812Z 63 PC: 143cf | Read file or device (Read 1 bytes on handle 5)
2018-12-17T23:12:34.118057443Z 66 PC: 1446f | Move file pointer
2018-12-17T23:12:34.119193553Z 63 PC: 143cf | Read file or device (Read 1 bytes on handle 5)
2018-12-17T23:12:34.120903192Z 66 PC: 1446f | Move file pointer
2018-12-17T23:12:34.122924204Z 63 PC: 143cf | Read file or device (Read 1 bytes on handle 5)
2018-12-17T23:12:34.125450322Z 66 PC: 1446f | Move file pointer
2018-12-17T23:12:34.126981691Z 63 PC: 143cf | Read file or device (Read 1 bytes on handle 5)
2018-12-17T23:12:34.130452455Z 61 PC: 1433d | Open file (Filename = 'C:\DOS\DEBUG.EXE')
2018-12-17T23:12:34.137515151Z 66 PC: 1446f | Move file pointer
2018-12-17T23:12:34.13927964Z 63 PC: 143cf | Read file or device (Read 1 bytes on handle 6)
2018-12-17T23:12:34.150345889Z 66 PC: 1446f | Move file pointer
2018-12-17T23:12:34.152097803Z 63 PC: 143cf | Read file or device (Read 1 bytes on handle 6)
2018-12-17T23:12:34.154994619Z 66 PC: 1446f | Move file pointer
2018-12-17T23:12:34.157356223Z 63 PC: 143cf | Read file or device (Read 1 bytes on handle 6)
2018-12-17T23:12:34.159996822Z 66 PC: 1446f | Move file pointer
2018-12-17T23:12:34.161409701Z 63 PC: 143cf | Read file or device (Read 1 bytes on handle 6)
2018-12-17T23:12:34.163975506Z 66 PC: 1446f | Move file pointer
2018-12-17T23:12:34.165043501Z 63 PC: 143cf | Read file or device (Read 1 bytes on handle 6)
2018-12-17T23:12:34.166749851Z 62 PC: 1438d | Close file
2018-12-17T23:12:34.168636935Z 62 PC: 1438d | Close file
2018-12-17T23:12:34.170578287Z 67 PC: 1350c | Get or set file attributes
2018-12-17T23:12:34.176886531Z 61 PC: 1433d | Open file (Filename = 'C:\DOS\DEBUG.EXE')
2018-12-17T23:12:34.182110463Z 66 PC: 144d9 | Move file pointer
2018-12-17T23:12:34.183137855Z 66 PC: 144e7 | Move file pointer
2018-12-17T23:12:34.184151979Z 66 PC: 144f5 | Move file pointer
2018-12-17T23:12:34.186403134Z 54 PC: 134ac | Get free disk space
2018-12-17T23:12:34.188483771Z 62 PC: 1438d | Close file
2018-12-17T23:12:34.189963559Z 61 PC: 1433d | Open file (Filename = 'C:\DOS\DEBUG.EXE')
2018-12-17T23:12:34.196151157Z 63 PC: 14410 | Read file or device (Read 5175 bytes on handle 5)
2018-12-17T23:12:34.20327929Z 66 PC: 144d9 | Move file pointer
2018-12-17T23:12:34.205702159Z 66 PC: 144e7 | Move file pointer
2018-12-17T23:12:34.207286017Z 66 PC: 144f5 | Move file pointer
2018-12-17T23:12:34.208821046Z 66 PC: 1446f | Move file pointer
2018-12-17T23:12:34.211184269Z 64 PC: 14410 | Write file or device (Write 5175 bytes on handle 5)
2018-12-17T23:12:34.219858677Z 62 PC: 1438d | Close file
2018-12-17T23:12:34.227573766Z 61 PC: 1433d | Open file (Filename = 'C:\DOS\DEBUG.EXE')
2018-12-17T23:12:34.235223073Z 64 PC: 14410 | Write file or device (Write 5175 bytes on handle 5)
2018-12-17T23:12:34.243332584Z 87 PC: 13553 | Get or set file date and time
2018-12-17T23:12:34.245114723Z 62 PC: 1438d | Close file
2018-12-17T23:12:34.253098366Z 48 PC: 14517 | Get DOS version
2018-12-17T23:12:34.255148771Z 48 PC: 14517 | Get DOS version
2018-12-17T23:12:34.256595248Z 26 PC: 13583 | Set disk transfer address
2018-12-17T23:12:34.25832862Z 78 PC: 1358f | Find first file
2018-12-17T23:12:34.264419553Z 61 PC: 1433d | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T23:12:34.271016883Z 66 PC: 144d9 | Move file pointer
2018-12-17T23:12:34.273453246Z 66 PC: 144e7 | Move file pointer
2018-12-17T23:12:34.274384249Z 66 PC: 144f5 | Move file pointer
2018-12-17T23:12:34.275370031Z 62 PC: 1438d | Close file
2018-12-17T23:12:34.27699178Z 61 PC: 1433d | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T23:12:34.281039949Z 66 PC: 144d9 | Move file pointer
2018-12-17T23:12:34.282191115Z 66 PC: 144e7 | Move file pointer
2018-12-17T23:12:34.284205272Z 66 PC: 144f5 | Move file pointer
2018-12-17T23:12:34.285565093Z 66 PC: 1446f | Move file pointer
2018-12-17T23:12:34.286927258Z 63 PC: 14410 | Read file or device (Read 5175 bytes on handle 5)
2018-12-17T23:12:34.294719174Z 62 PC: 1438d | Close file
2018-12-17T23:12:34.296430841Z 61 PC: 1433d | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T23:12:34.302873974Z 64 PC: 14410 | Write file or device (Write 5175 bytes on handle 5)
2018-12-17T23:12:34.311759666Z 62 PC: 1438d | Close file
2018-12-17T23:12:34.319182011Z 61 PC: 1433d | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T23:12:34.325664141Z 66 PC: 1446f | Move file pointer
2018-12-17T23:12:34.32699156Z 64 PC: 1436e | Write file or device (Write 0 bytes on handle 5)
2018-12-17T23:12:34.333948899Z 62 PC: 1438d | Close file
2018-12-17T23:12:34.341352691Z 53 PC: 135ea | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:12:34.342379207Z 37 PC: 135f3 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:12:34.343402333Z 53 PC: 135ea | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:12:34.345049802Z 37 PC: 135f3 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:12:34.346124866Z 53 PC: 135ea | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:12:34.347202419Z 37 PC: 135f3 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:12:34.348719098Z 53 PC: 135ea | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:12:34.349826514Z 37 PC: 135f3 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:12:34.350842242Z 53 PC: 135ea | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:12:34.352407114Z 37 PC: 135f3 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:12:34.353459155Z 53 PC: 135ea | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:12:34.354554785Z 37 PC: 135f3 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:12:34.356023438Z 53 PC: 135ea | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:12:34.357542059Z 37 PC: 135f3 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:12:34.359061511Z 53 PC: 135ea | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:12:34.360101852Z 37 PC: 135f3 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:12:34.361077424Z 53 PC: 135ea | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:12:34.362619137Z 37 PC: 135f3 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:12:34.363656428Z 53 PC: 135ea | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:12:34.364748128Z 37 PC: 135f3 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:12:34.376390893Z 53 PC: 135ea | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:12:34.377570231Z 37 PC: 135f3 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:12:34.378572471Z 53 PC: 135ea | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:12:34.380954149Z 37 PC: 135f3 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:12:34.382483888Z 53 PC: 135ea | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:12:34.384560445Z 37 PC: 135f3 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:12:34.38635547Z 53 PC: 135ea | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:12:34.387995106Z 37 PC: 135f3 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:12:34.389693471Z 53 PC: 135ea | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:12:34.391131609Z 37 PC: 135f3 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:12:34.392433529Z 53 PC: 135ea | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:12:34.394120342Z 37 PC: 135f3 | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:12:34.395317306Z 53 PC: 135ea | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:12:34.396247074Z 37 PC: 135f3 | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:12:34.399022315Z 53 PC: 135ea | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:12:34.400185272Z 37 PC: 135f3 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:12:34.401314419Z 53 PC: 135ea | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:12:34.403101095Z 37 PC: 135f3 | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:12:34.404429345Z 48 PC: 14517 | Get DOS version
2018-12-17T23:12:34.407434219Z 41 PC: 13673 | Parse filename
2018-12-17T23:12:34.40929026Z 41 PC: 13681 | Parse filename
2018-12-17T23:12:34.411096901Z 75 PC: 1368c | Execute program
2018-12-17T23:12:34.427125521Z 9 PC: 20e32 | Display string (String= 'Goat file (COM). Size=00001F40h/0000008000d bytes. ')
2018-12-17T23:12:34.430829626Z 76 PC: 20e36 | Terminate with return code (Return code = '36')
2018-12-17T23:12:34.433581299Z 53 PC: 135ea | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:12:34.435694641Z 37 PC: 135f3 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:12:34.436829459Z 53 PC: 135ea | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:12:34.438039201Z 37 PC: 135f3 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:12:34.439715349Z 53 PC: 135ea | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:12:34.440886159Z 37 PC: 135f3 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:12:34.441821312Z 53 PC: 135ea | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:12:34.443545149Z 37 PC: 135f3 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:12:34.444448087Z 53 PC: 135ea | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:12:34.44552856Z 37 PC: 135f3 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:12:34.446716626Z 53 PC: 135ea | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:12:34.447991474Z 37 PC: 135f3 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:12:34.449578074Z 53 PC: 135ea | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:12:34.450682754Z 37 PC: 135f3 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:12:34.451689028Z 53 PC: 135ea | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:12:34.453145222Z 37 PC: 135f3 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:12:34.454181267Z 53 PC: 135ea | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:12:34.455200311Z 37 PC: 135f3 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:12:34.456774662Z 53 PC: 135ea | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:12:34.458369716Z 37 PC: 135f3 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:12:34.460041974Z 53 PC: 135ea | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:12:34.46154282Z 37 PC: 135f3 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:12:34.462999356Z 53 PC: 135ea | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:12:34.464485708Z 37 PC: 135f3 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:12:34.466484718Z 53 PC: 135ea | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:12:34.467887665Z 37 PC: 135f3 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:12:34.469093618Z 53 PC: 135ea | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:12:34.470421815Z 37 PC: 135f3 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:12:34.471876355Z 53 PC: 135ea | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:12:34.472897116Z 37 PC: 135f3 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:12:34.475171587Z 53 PC: 135ea | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:12:34.476261294Z 37 PC: 135f3 | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:12:34.477518123Z 53 PC: 135ea | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:12:34.479683209Z 37 PC: 135f3 | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:12:34.480775142Z 53 PC: 135ea | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:12:34.481947917Z 37 PC: 135f3 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:12:34.483818697Z 53 PC: 135ea | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:12:34.48487956Z 37 PC: 135f3 | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:12:34.486271629Z 61 PC: 1433d | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T23:12:34.493426371Z 64 PC: 14410 | Write file or device (Write 5175 bytes on handle 5)
2018-12-17T23:12:34.502211432Z 66 PC: 1446f | Move file pointer
2018-12-17T23:12:34.503860463Z 64 PC: 14410 | Write file or device (Write 5175 bytes on handle 5)
2018-12-17T23:12:34.512904429Z 87 PC: 13553 | Get or set file date and time
2018-12-17T23:12:34.514534667Z 62 PC: 1438d | Close file
2018-12-17T23:12:34.524434319Z 64 PC: 13e82 | Write file or device (Write 0 bytes on handle 1)
2018-12-17T23:12:34.526693032Z 37 PC: 138e6 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:12:34.527897788Z 37 PC: 138e6 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:12:34.530404055Z 37 PC: 138e6 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:12:34.531534369Z 37 PC: 138e6 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:12:34.532583405Z 37 PC: 138e6 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:12:34.534301957Z 37 PC: 138e6 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:12:34.535814801Z 37 PC: 138e6 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:12:34.536868184Z 37 PC: 138e6 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:12:34.538445828Z 37 PC: 138e6 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:12:34.539849496Z 37 PC: 138e6 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:12:34.541122018Z 37 PC: 138e6 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:12:34.543047786Z 37 PC: 138e6 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:12:34.545159109Z 37 PC: 138e6 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:12:34.546579321Z 37 PC: 138e6 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:12:34.54791893Z 37 PC: 138e6 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:12:34.54897809Z 37 PC: 138e6 | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:12:34.550798539Z 37 PC: 138e6 | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:12:34.552294199Z 37 PC: 138e6 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:12:34.55349539Z 37 PC: 138e6 | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:12:34.555222589Z 76 PC: 13925 | Terminate with return code (Return code = '0')