Sample viewer

vx.netlux.org/Virus.DOS.HLLP.8016

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T21:54:00.369077442Z 53 PC: 1382a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T21:54:00.370453796Z 53 PC: 1382a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T21:54:00.371793896Z 53 PC: 1382a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T21:54:00.373411201Z 53 PC: 1382a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:54:00.374521046Z 53 PC: 1382a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T21:54:00.375477367Z 53 PC: 1382a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:54:00.376969651Z 53 PC: 1382a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T21:54:00.378248495Z 53 PC: 1382a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T21:54:00.379505683Z 53 PC: 1382a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T21:54:00.381509695Z 53 PC: 1382a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T21:54:00.38269337Z 53 PC: 1382a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T21:54:00.38364594Z 53 PC: 1382a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T21:54:00.3857418Z 53 PC: 1382a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T21:54:00.387097884Z 53 PC: 1382a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T21:54:00.388735553Z 53 PC: 1382a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T21:54:00.391332165Z 53 PC: 1382a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T21:54:00.392645824Z 53 PC: 1382a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T21:54:00.393583989Z 53 PC: 1382a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T21:54:00.394723142Z 53 PC: 1382a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T21:54:00.397713095Z 37 PC: 1383f | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T21:54:00.402251897Z 37 PC: 13847 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T21:54:00.404027165Z 37 PC: 1384f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:54:00.40565164Z 37 PC: 13857 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T21:54:00.40767227Z 68 PC: 14428 | I/O control for devices (Set for = '')
2018-12-17T21:54:00.409022979Z 44 PC: 1455f | Get time 0x1455f: mov word ptr [0x3e], cx
0x14563: mov word ptr [0x40], dx
0x14567: retf
0x14568: call 0x145af
0x1456b: jb 0x1457c
0x1456d: mov cx, word ptr es:[di + 4]
0x14571: cmp cx, 1
0x14574: je 0x1457c
0x14576: xor bx, bx
0x14578: push cs
0x14579: call 0x240f0
0x1457c: retf 4
0x1457f: call 0x145af
0x14582: jb 0x14597
0x14584: mov ax, cx
0x14586: mov dx, bx
0x14588: mov cx, word ptr es:[di + 4]
0x1458c: cmp cx, 1
0x1458f: je 0x14597
0x14591: xor bx, bx
2018-12-17T21:54:00.411431616Z 48 PC: 1403e | Get DOS version
2018-12-17T21:54:00.413021867Z 26 PC: 1362d | Set disk transfer address
2018-12-17T21:54:00.413994107Z 78 PC: 13639 | Find first file
2018-12-17T21:54:00.420200555Z 26 PC: 13651 | Set disk transfer address
2018-12-17T21:54:00.42109357Z 79 PC: 13656 | Find next file
2018-12-17T21:54:00.42398522Z 26 PC: 13651 | Set disk transfer address
2018-12-17T21:54:00.425035675Z 79 PC: 13656 | Find next file
2018-12-17T21:54:00.428305088Z 61 PC: 13ef0 | Open file (Filename = 'c:\COMMAND.COM')
2018-12-17T21:54:00.434139629Z 62 PC: 13f40 | Close file
2018-12-17T21:54:00.436608232Z 67 PC: 1358f | Get or set file attributes
2018-12-17T21:54:00.442292118Z 67 PC: 135b6 | Get or set file attributes
2018-12-17T21:54:01.070953984Z 67 PC: 135b6 | Get or set file attributes
2018-12-17T21:54:01.081185174Z 61 PC: 13ef0 | Open file (Filename = 'c:\COMMAND.COM')
2018-12-17T21:54:01.087642254Z 66 PC: 145c9 | Move file pointer
2018-12-17T21:54:01.08932296Z 66 PC: 145d7 | Move file pointer
2018-12-17T21:54:01.091735885Z 66 PC: 145e5 | Move file pointer
2018-12-17T21:54:01.093557798Z 66 PC: 14022 | Move file pointer
2018-12-17T21:54:01.095297933Z 63 PC: 13f82 | Read file or device (Read 1 bytes on handle 5)
2018-12-17T21:54:01.103576296Z 87 PC: 135fd | Get or set file date and time
2018-12-17T21:54:01.105375249Z 67 PC: 135b6 | Get or set file attributes
2018-12-17T21:54:01.115604933Z 62 PC: 13f40 | Close file
2018-12-17T21:54:01.122666643Z 26 PC: 1362d | Set disk transfer address
2018-12-17T21:54:01.124032377Z 78 PC: 13639 | Find first file
2018-12-17T21:54:01.130700205Z 67 PC: 1358f | Get or set file attributes
2018-12-17T21:54:01.137443504Z 67 PC: 135b6 | Get or set file attributes
2018-12-17T21:54:01.155139565Z 61 PC: 13ef0 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T21:54:01.162146875Z 63 PC: 13fc3 | Read file or device (Read 8016 bytes on handle 5)
2018-12-17T21:54:01.170597351Z 87 PC: 135fd | Get or set file date and time
2018-12-17T21:54:01.172623542Z 67 PC: 135b6 | Get or set file attributes
2018-12-17T21:54:01.183148706Z 62 PC: 13f40 | Close file
2018-12-17T21:54:01.1935611Z 26 PC: 1362d | Set disk transfer address
2018-12-17T21:54:01.194784837Z 78 PC: 13639 | Find first file
2018-12-17T21:54:01.200439766Z 67 PC: 1358f | Get or set file attributes
2018-12-17T21:54:01.206487448Z 67 PC: 135b6 | Get or set file attributes
2018-12-17T21:54:01.215309772Z 61 PC: 13ef0 | Open file (Filename = 'c:\COMMAND.COM')
2018-12-17T21:54:01.222174032Z 63 PC: 13fc3 | Read file or device (Read 8016 bytes on handle 5)
2018-12-17T21:54:01.230538904Z 66 PC: 14022 | Move file pointer
2018-12-17T21:54:01.232373002Z 64 PC: 13fc3 | Write file or device (Write 8016 bytes on handle 5)
2018-12-17T21:54:01.240169571Z 66 PC: 145c9 | Move file pointer
2018-12-17T21:54:01.242985364Z 66 PC: 145d7 | Move file pointer
2018-12-17T21:54:01.244704341Z 66 PC: 145e5 | Move file pointer
2018-12-17T21:54:01.246523735Z 66 PC: 14022 | Move file pointer
2018-12-17T21:54:01.249330723Z 64 PC: 13fc3 | Write file or device (Write 8016 bytes on handle 5)
2018-12-17T21:54:01.260213243Z 87 PC: 135fd | Get or set file date and time
2018-12-17T21:54:01.261865604Z 67 PC: 135b6 | Get or set file attributes
2018-12-17T21:54:01.273044813Z 62 PC: 13f40 | Close file
2018-12-17T21:54:01.279342296Z 26 PC: 1362d | Set disk transfer address
2018-12-17T21:54:01.280716516Z 78 PC: 13639 | Find first file
2018-12-17T21:54:01.288792948Z 67 PC: 1358f | Get or set file attributes
2018-12-17T21:54:01.294537726Z 67 PC: 135b6 | Get or set file attributes
2018-12-17T21:54:01.30526576Z 61 PC: 13ef0 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T21:54:01.312920606Z 63 PC: 13fc3 | Read file or device (Read 8016 bytes on handle 5)
2018-12-17T21:54:01.320629361Z 66 PC: 145c9 | Move file pointer
2018-12-17T21:54:01.322524627Z 66 PC: 145d7 | Move file pointer
2018-12-17T21:54:01.325450578Z 66 PC: 145e5 | Move file pointer
2018-12-17T21:54:01.327399093Z 66 PC: 14022 | Move file pointer
2018-12-17T21:54:01.329359836Z 63 PC: 13fc3 | Read file or device (Read 8016 bytes on handle 5)
2018-12-17T21:54:01.338410563Z 66 PC: 145c9 | Move file pointer
2018-12-17T21:54:01.340259173Z 66 PC: 145d7 | Move file pointer
2018-12-17T21:54:01.342109195Z 66 PC: 145e5 | Move file pointer
2018-12-17T21:54:01.344806682Z 66 PC: 14022 | Move file pointer
2018-12-17T21:54:01.346425751Z 64 PC: 13f21 | Write file or device (Write 0 bytes on handle 5)
2018-12-17T21:54:01.3542051Z 66 PC: 14022 | Move file pointer
2018-12-17T21:54:01.356788612Z 64 PC: 13fc3 | Write file or device (Write 8016 bytes on handle 5)
2018-12-17T21:54:01.375795555Z 62 PC: 13f40 | Close file
2018-12-17T21:54:01.383569623Z 53 PC: 1379c | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T21:54:01.385730709Z 37 PC: 137a5 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T21:54:01.386915952Z 53 PC: 1379c | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T21:54:01.388124698Z 37 PC: 137a5 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T21:54:01.390310524Z 53 PC: 1379c | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T21:54:01.39156404Z 37 PC: 137a5 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T21:54:01.3927937Z 53 PC: 1379c | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:54:01.395072797Z 37 PC: 137a5 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:54:01.396291353Z 53 PC: 1379c | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T21:54:01.397558681Z 37 PC: 137a5 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T21:54:01.400210225Z 53 PC: 1379c | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:54:01.401480451Z 37 PC: 137a5 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:54:01.402703737Z 53 PC: 1379c | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T21:54:01.405416274Z 37 PC: 137a5 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T21:54:01.406692337Z 53 PC: 1379c | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T21:54:01.407937293Z 37 PC: 137a5 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T21:54:01.410563155Z 53 PC: 1379c | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T21:54:01.411981608Z 37 PC: 137a5 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T21:54:01.413549661Z 53 PC: 1379c | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T21:54:01.415525561Z 37 PC: 137a5 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T21:54:01.416733586Z 53 PC: 1379c | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T21:54:01.419315796Z 37 PC: 137a5 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T21:54:01.420593268Z 53 PC: 1379c | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T21:54:01.421862759Z 37 PC: 137a5 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T21:54:01.424301457Z 53 PC: 1379c | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T21:54:01.425577433Z 37 PC: 137a5 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T21:54:01.426916063Z 53 PC: 1379c | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T21:54:01.429164638Z 37 PC: 137a5 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T21:54:01.43072877Z 53 PC: 1379c | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T21:54:01.432060039Z 37 PC: 137a5 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T21:54:01.435050942Z 53 PC: 1379c | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T21:54:01.436411803Z 37 PC: 137a5 | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T21:54:01.437695411Z 53 PC: 1379c | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T21:54:01.439968122Z 37 PC: 137a5 | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T21:54:01.441172036Z 53 PC: 1379c | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T21:54:01.442366297Z 37 PC: 137a5 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T21:54:01.444330086Z 53 PC: 1379c | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T21:54:01.445886208Z 37 PC: 137a5 | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T21:54:01.447730174Z 41 PC: 13753 | Parse filename
2018-12-17T21:54:01.449981262Z 41 PC: 13761 | Parse filename
2018-12-17T21:54:01.451705001Z 75 PC: 1376c | Execute program
2018-12-17T21:54:01.468044099Z 53 PC: 1e31a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T21:54:01.470109145Z 53 PC: 1e31a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T21:54:01.471552432Z 53 PC: 1e31a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T21:54:01.472927516Z 53 PC: 1e31a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:54:01.475328499Z 53 PC: 1e31a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T21:54:01.476722957Z 53 PC: 1e31a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:54:01.47809891Z 53 PC: 1e31a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T21:54:01.480408933Z 53 PC: 1e31a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T21:54:01.481815963Z 53 PC: 1e31a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T21:54:01.483190663Z 53 PC: 1e31a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T21:54:01.485539669Z 53 PC: 1e31a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T21:54:01.486918555Z 53 PC: 1e31a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T21:54:01.488288704Z 53 PC: 1e31a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T21:54:01.490583477Z 53 PC: 1e31a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T21:54:01.491970191Z 53 PC: 1e31a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T21:54:01.493338093Z 53 PC: 1e31a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T21:54:01.495721583Z 53 PC: 1e31a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T21:54:01.497129345Z 53 PC: 1e31a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T21:54:01.498514302Z 53 PC: 1e31a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T21:54:01.500886521Z 37 PC: 1e32f | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T21:54:01.502762974Z 37 PC: 1e337 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T21:54:01.504303667Z 37 PC: 1e33f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:54:01.506751007Z 37 PC: 1e347 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T21:54:01.508649274Z 68 PC: 1ef18 | I/O control for devices (Set for = '')
2018-12-17T21:54:01.510476917Z 44 PC: 1f04f | Get time 0x1f04f: mov word ptr [0x3e], cx
0x1f053: mov word ptr [0x40], dx
0x1f057: retf
0x1f058: call 0x1f09f
0x1f05b: jb 0x1f06c
0x1f05d: mov cx, word ptr es:[di + 4]
0x1f061: cmp cx, 1
0x1f064: je 0x1f06c
0x1f066: xor bx, bx
0x1f068: push cs
0x1f069: call 0x2ebe0
0x1f06c: retf 4
0x1f06f: call 0x1f09f
0x1f072: jb 0x1f087
0x1f074: mov ax, cx
0x1f076: mov dx, bx
0x1f078: mov cx, word ptr es:[di + 4]
0x1f07c: cmp cx, 1
0x1f07f: je 0x1f087
0x1f081: xor bx, bx
2018-12-17T21:54:01.514412614Z 48 PC: 1eb2e | Get DOS version
2018-12-17T21:54:01.516616223Z 26 PC: 1e11d | Set disk transfer address
2018-12-17T21:54:01.517958727Z 78 PC: 1e129 | Find first file
2018-12-17T21:54:01.524579611Z 26 PC: 1e141 | Set disk transfer address
2018-12-17T21:54:01.525765514Z 79 PC: 1e146 | Find next file
2018-12-17T21:54:01.528965698Z 26 PC: 1e141 | Set disk transfer address
2018-12-17T21:54:01.531050128Z 79 PC: 1e146 | Find next file
2018-12-17T21:54:01.534570427Z 61 PC: 1e9e0 | Open file (Filename = 'c:\COMMAND.COM')
2018-12-17T21:54:01.541217512Z 62 PC: 1ea30 | Close file
2018-12-17T21:54:01.543922615Z 67 PC: 1e07f | Get or set file attributes
2018-12-17T21:54:01.549072965Z 67 PC: 1e0a6 | Get or set file attributes
2018-12-17T21:54:01.558469787Z 67 PC: 1e0a6 | Get or set file attributes
2018-12-17T21:54:01.568768601Z 61 PC: 1e9e0 | Open file (Filename = 'c:\COMMAND.COM')
2018-12-17T21:54:01.575025921Z 66 PC: 1f0b9 | Move file pointer
2018-12-17T21:54:01.577545551Z 66 PC: 1f0c7 | Move file pointer
2018-12-17T21:54:01.581670433Z 66 PC: 1f0d5 | Move file pointer
2018-12-17T21:54:01.584178964Z 66 PC: 1eb12 | Move file pointer
2018-12-17T21:54:01.586130259Z 63 PC: 1ea72 | Read file or device (Read 1 bytes on handle 5)
2018-12-17T21:54:01.592996811Z 87 PC: 1e0ed | Get or set file date and time
2018-12-17T21:54:01.594347437Z 67 PC: 1e0a6 | Get or set file attributes
2018-12-17T21:54:01.605025826Z 62 PC: 1ea30 | Close file
2018-12-17T21:54:01.614554676Z 26 PC: 1e141 | Set disk transfer address
2018-12-17T21:54:01.615468336Z 79 PC: 1e146 | Find next file
2018-12-17T21:54:01.618884419Z 26 PC: 1e141 | Set disk transfer address
2018-12-17T21:54:01.619846159Z 79 PC: 1e146 | Find next file
2018-12-17T21:54:01.622903399Z 26 PC: 1e141 | Set disk transfer address
2018-12-17T21:54:01.624197493Z 79 PC: 1e146 | Find next file
2018-12-17T21:54:01.626811782Z 26 PC: 1e11d | Set disk transfer address
2018-12-17T21:54:01.628158184Z 78 PC: 1e129 | Find first file
2018-12-17T21:54:01.634270899Z 26 PC: 1e141 | Set disk transfer address
2018-12-17T21:54:01.635461741Z 79 PC: 1e146 | Find next file
2018-12-17T21:54:01.638378282Z 26 PC: 1e141 | Set disk transfer address
2018-12-17T21:54:01.640191884Z 79 PC: 1e146 | Find next file
2018-12-17T21:54:01.643435817Z 26 PC: 1e11d | Set disk transfer address
2018-12-17T21:54:01.644617461Z 78 PC: 1e129 | Find first file
2018-12-17T21:54:01.658067432Z 61 PC: 1e9e0 | Open file (Filename = 'c:\DOS\ATTRIB.EXE')
2018-12-17T21:54:01.66458766Z 62 PC: 1ea30 | Close file
2018-12-17T21:54:01.66647691Z 67 PC: 1e07f | Get or set file attributes
2018-12-17T21:54:01.672517985Z 67 PC: 1e0a6 | Get or set file attributes
2018-12-17T21:54:01.679015169Z 67 PC: 1e0a6 | Get or set file attributes
2018-12-17T21:54:01.684951076Z 61 PC: 1e9e0 | Open file (Filename = 'c:\DOS\ATTRIB.EXE')
2018-12-17T21:54:01.693628379Z 66 PC: 1f0b9 | Move file pointer
2018-12-17T21:54:01.694556479Z 66 PC: 1f0c7 | Move file pointer
2018-12-17T21:54:01.696006422Z 66 PC: 1f0d5 | Move file pointer
2018-12-17T21:54:01.697344077Z 66 PC: 1eb12 | Move file pointer
2018-12-17T21:54:01.698320426Z 63 PC: 1ea72 | Read file or device (Read 1 bytes on handle 5)
2018-12-17T21:54:01.702527603Z 87 PC: 1e0ed | Get or set file date and time
2018-12-17T21:54:01.703630234Z 67 PC: 1e0a6 | Get or set file attributes
2018-12-17T21:54:01.709801457Z 62 PC: 1ea30 | Close file
2018-12-17T21:54:01.714721568Z 26 PC: 1e11d | Set disk transfer address
2018-12-17T21:54:01.715965611Z 78 PC: 1e129 | Find first file
2018-12-17T21:54:01.72197633Z 67 PC: 1e07f | Get or set file attributes
2018-12-17T21:54:01.734858379Z 67 PC: 1e0a6 | Get or set file attributes
2018-12-17T21:54:01.747526655Z 61 PC: 1e9e0 | Open file (Filename = 'C:\COMMAND.COM')
2018-12-17T21:54:01.755108481Z 63 PC: 1eab3 | Read file or device (Read 8016 bytes on handle 5)
2018-12-17T21:54:01.765394555Z 87 PC: 1e0ed | Get or set file date and time
2018-12-17T21:54:01.767188713Z 67 PC: 1e0a6 | Get or set file attributes
2018-12-17T21:54:01.777030749Z 62 PC: 1ea30 | Close file
2018-12-17T21:54:01.784512097Z 26 PC: 1e11d | Set disk transfer address
2018-12-17T21:54:01.785570181Z 78 PC: 1e129 | Find first file
2018-12-17T21:54:01.792061576Z 67 PC: 1e07f | Get or set file attributes
2018-12-17T21:54:01.799556105Z 67 PC: 1e0a6 | Get or set file attributes
2018-12-17T21:54:01.80914253Z 61 PC: 1e9e0 | Open file (Filename = 'c:\DOS\ATTRIB.EXE')
2018-12-17T21:54:01.8167292Z 63 PC: 1eab3 | Read file or device (Read 8016 bytes on handle 5)
2018-12-17T21:54:01.825373062Z 66 PC: 1eb12 | Move file pointer
2018-12-17T21:54:01.827073859Z 64 PC: 1eab3 | Write file or device (Write 8016 bytes on handle 5)
2018-12-17T21:54:01.835822351Z 66 PC: 1f0b9 | Move file pointer
2018-12-17T21:54:01.838261716Z 66 PC: 1f0c7 | Move file pointer
2018-12-17T21:54:01.839908502Z 66 PC: 1f0d5 | Move file pointer
2018-12-17T21:54:01.842424698Z 66 PC: 1eb12 | Move file pointer
2018-12-17T21:54:01.844509706Z 64 PC: 1eab3 | Write file or device (Write 8016 bytes on handle 5)
2018-12-17T21:54:01.857396018Z 87 PC: 1e0ed | Get or set file date and time
2018-12-17T21:54:01.859706686Z 67 PC: 1e0a6 | Get or set file attributes
2018-12-17T21:54:01.870421385Z 62 PC: 1ea30 | Close file
2018-12-17T21:54:01.876255693Z 26 PC: 1e141 | Set disk transfer address
2018-12-17T21:54:01.877926457Z 79 PC: 1e146 | Find next file
2018-12-17T21:54:01.880610686Z 26 PC: 1e11d | Set disk transfer address
2018-12-17T21:54:01.88166193Z 78 PC: 1e129 | Find first file
2018-12-17T21:54:01.888421553Z 67 PC: 1e07f | Get or set file attributes
2018-12-17T21:54:01.893778604Z 67 PC: 1e0a6 | Get or set file attributes
2018-12-17T21:54:01.902734016Z 61 PC: 1e9e0 | Open file (Filename = 'C:\COMMAND.COM')
2018-12-17T21:54:01.909005902Z 63 PC: 1eab3 | Read file or device (Read 8016 bytes on handle 5)
2018-12-17T21:54:01.916236233Z 66 PC: 1f0b9 | Move file pointer
2018-12-17T21:54:01.918363217Z 66 PC: 1f0c7 | Move file pointer
2018-12-17T21:54:01.920323108Z 66 PC: 1f0d5 | Move file pointer
2018-12-17T21:54:01.921888106Z 66 PC: 1eb12 | Move file pointer
2018-12-17T21:54:01.924425485Z 63 PC: 1eab3 | Read file or device (Read 8016 bytes on handle 5)
2018-12-17T21:54:01.933016807Z 66 PC: 1f0b9 | Move file pointer
2018-12-17T21:54:01.934567872Z 66 PC: 1f0c7 | Move file pointer
2018-12-17T21:54:01.937099113Z 66 PC: 1f0d5 | Move file pointer
2018-12-17T21:54:01.938566493Z 66 PC: 1eb12 | Move file pointer
2018-12-17T21:54:01.939964173Z 64 PC: 1ea11 | Write file or device (Write 0 bytes on handle 5)
2018-12-17T21:54:01.94795205Z 66 PC: 1eb12 | Move file pointer
2018-12-17T21:54:01.950286439Z 64 PC: 1eab3 | Write file or device (Write 8016 bytes on handle 5)
2018-12-17T21:54:01.958891641Z 62 PC: 1ea30 | Close file
2018-12-17T21:54:01.965126717Z 53 PC: 1e28c | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T21:54:01.96628099Z 37 PC: 1e295 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T21:54:01.967460171Z 53 PC: 1e28c | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T21:54:01.969338789Z 37 PC: 1e295 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T21:54:01.971435697Z 53 PC: 1e28c | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T21:54:01.972574965Z 37 PC: 1e295 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T21:54:01.973813412Z 53 PC: 1e28c | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:54:01.974754194Z 37 PC: 1e295 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:54:01.976229114Z 53 PC: 1e28c | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T21:54:01.977209379Z 37 PC: 1e295 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T21:54:01.978053466Z 53 PC: 1e28c | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:54:01.979502685Z 37 PC: 1e295 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:54:01.980523287Z 53 PC: 1e28c | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T21:54:01.981408839Z 37 PC: 1e295 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T21:54:01.983012533Z 53 PC: 1e28c | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T21:54:01.983927503Z 37 PC: 1e295 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T21:54:01.984858575Z 53 PC: 1e28c | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T21:54:01.986213046Z 37 PC: 1e295 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T21:54:01.987152742Z 53 PC: 1e28c | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T21:54:01.988702408Z 37 PC: 1e295 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T21:54:01.989639691Z 53 PC: 1e28c | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T21:54:01.990839332Z 37 PC: 1e295 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T21:54:01.992442223Z 53 PC: 1e28c | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T21:54:01.993425633Z 37 PC: 1e295 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T21:54:01.994336312Z 53 PC: 1e28c | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T21:54:01.995866047Z 37 PC: 1e295 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T21:54:01.996823866Z 53 PC: 1e28c | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T21:54:01.997812041Z 37 PC: 1e295 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T21:54:01.999211018Z 53 PC: 1e28c | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T21:54:02.000100657Z 37 PC: 1e295 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T21:54:02.001625022Z 53 PC: 1e28c | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T21:54:02.002584726Z 37 PC: 1e295 | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T21:54:02.003504758Z 53 PC: 1e28c | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T21:54:02.004979183Z 37 PC: 1e295 | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T21:54:02.005921441Z 53 PC: 1e28c | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T21:54:02.006947598Z 37 PC: 1e295 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T21:54:02.008758326Z 53 PC: 1e28c | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T21:54:02.010446646Z 37 PC: 1e295 | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T21:54:02.012527685Z 41 PC: 1e243 | Parse filename
2018-12-17T21:54:02.01504783Z 41 PC: 1e251 | Parse filename
2018-12-17T21:54:02.016879087Z 75 PC: 1e25c | Execute program
2018-12-17T21:54:02.040969994Z 80 PC: 29599 | Set current PSP
2018-12-17T21:54:02.042259794Z 48 PC: 2959e | Get DOS version
2018-12-17T21:54:02.043801658Z 99 PC: 2fd80 | Get DBCS lead byte table pointer
2018-12-17T21:54:02.046998093Z 101 PC: 29624 | Get extended country info
2018-12-17T21:54:02.04878209Z 99 PC: 2962a | Get DBCS lead byte table pointer
2018-12-17T21:54:02.050111464Z 74 PC: 2968c | Reallocate memory
2018-12-17T21:54:02.052336281Z 25 PC: 296c3 | Get default drive
2018-12-17T21:54:02.054003176Z 37 PC: 29183 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T21:54:02.055747283Z 37 PC: 2918a | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T21:54:02.057933592Z 37 PC: 29191 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:54:02.062358267Z 74 PC: 2832c | Reallocate memory
2018-12-17T21:54:02.064348892Z 72 PC: 2836d | Allocate memory
2018-12-17T21:54:02.065881243Z 72 PC: 283a5 | Allocate memory
2018-12-17T21:54:02.067424353Z 72 PC: 283ad | Allocate memory