Sample viewer

vx.netlux.org/Virus.DOS.HLLP.DG.6424

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:32:57.348747084Z 53 PC: 13a1a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:32:57.349867457Z 53 PC: 13a1a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:32:57.350929105Z 53 PC: 13a1a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:32:57.352917088Z 53 PC: 13a1a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:32:57.354085907Z 53 PC: 13a1a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:32:57.355202289Z 53 PC: 13a1a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:32:57.35680792Z 53 PC: 13a1a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:32:57.358244039Z 53 PC: 13a1a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:32:57.359616304Z 53 PC: 13a1a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:32:57.361674958Z 53 PC: 13a1a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:32:57.362983191Z 53 PC: 13a1a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:32:57.364299442Z 53 PC: 13a1a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:32:57.365920665Z 53 PC: 13a1a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:32:57.367993975Z 53 PC: 13a1a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:32:57.369428234Z 53 PC: 13a1a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:32:57.370879879Z 53 PC: 13a1a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:32:57.373092198Z 53 PC: 13a1a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:32:57.37455199Z 53 PC: 13a1a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:32:57.375994869Z 53 PC: 13a1a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:32:57.383302741Z 37 PC: 13a2f | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:32:57.385041465Z 37 PC: 13a37 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:32:57.386428436Z 37 PC: 13a3f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:32:57.388940711Z 37 PC: 13a47 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:32:57.39044033Z 68 PC: 1444b | I/O control for devices (Set for = 'VgS')
2018-12-17T22:32:57.392365636Z 48 PC: 14044 | Get DOS version
2018-12-17T22:32:57.394538185Z 67 PC: 13616 | Get or set file attributes
2018-12-17T22:32:57.411233103Z 61 PC: 13e82 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:32:57.433802023Z 63 PC: 13f55 | Read file or device (Read 6424 bytes on handle 5)
2018-12-17T22:32:57.442789376Z 62 PC: 13ed2 | Close file
2018-12-17T22:32:57.445032795Z 26 PC: 1368d | Set disk transfer address
2018-12-17T22:32:57.450127957Z 78 PC: 13699 | Find first file
2018-12-17T22:32:57.461038239Z 67 PC: 13616 | Get or set file attributes
2018-12-17T22:32:57.805806721Z 61 PC: 13e82 | Open file (Filename = 'C:\DOS\ATTRIB.EXE')
2018-12-17T22:32:57.814661777Z 66 PC: 13fb4 | Move file pointer
2018-12-17T22:32:57.817231354Z 63 PC: 13f55 | Read file or device (Read 1 bytes on handle 5)
2018-12-17T22:32:57.822858998Z 66 PC: 13fb4 | Move file pointer
2018-12-17T22:32:57.824674998Z 63 PC: 13f55 | Read file or device (Read 11208 bytes on handle 5)
2018-12-17T22:32:57.836198601Z 62 PC: 13ed2 | Close file
2018-12-17T22:32:57.837962574Z 65 PC: 13fcb | Delete file (Filename = 'C:\DOS\ATTRIB.EXE')
2018-12-17T22:32:57.849359795Z 60 PC: 13e82 | Create or truncate file
2018-12-17T22:32:57.860821067Z 64 PC: 13f55 | Write file or device (Write 6424 bytes on handle 5)
2018-12-17T22:32:57.872038202Z 64 PC: 13f55 | Write file or device (Write 11208 bytes on handle 5)
2018-12-17T22:32:57.883266278Z 66 PC: 13fb4 | Move file pointer
2018-12-17T22:32:57.885741223Z 64 PC: 13f55 | Write file or device (Write 2 bytes on handle 5)
2018-12-17T22:32:57.893024041Z 87 PC: 1365d | Get or set file date and time
2018-12-17T22:32:57.894553871Z 62 PC: 13ed2 | Close file
2018-12-17T22:32:57.903521195Z 26 PC: 136b1 | Set disk transfer address
2018-12-17T22:32:57.904539278Z 79 PC: 136b6 | Find next file
2018-12-17T22:32:57.908002723Z 67 PC: 13616 | Get or set file attributes
2018-12-17T22:32:57.917958024Z 61 PC: 13e82 | Open file (Filename = 'C:\DOS\CHKDSK.EXE')
2018-12-17T22:32:57.924820582Z 66 PC: 13fb4 | Move file pointer
2018-12-17T22:32:57.926421098Z 63 PC: 13f55 | Read file or device (Read 1 bytes on handle 5)
2018-12-17T22:32:57.936811636Z 66 PC: 13fb4 | Move file pointer
2018-12-17T22:32:57.938572156Z 63 PC: 13f55 | Read file or device (Read 12241 bytes on handle 5)
2018-12-17T22:32:57.94703159Z 62 PC: 13ed2 | Close file
2018-12-17T22:32:57.951073696Z 65 PC: 13fcb | Delete file (Filename = 'C:\DOS\CHKDSK.EXE')
2018-12-17T22:32:57.961818448Z 60 PC: 13e82 | Create or truncate file
2018-12-17T22:32:57.973538162Z 64 PC: 13f55 | Write file or device (Write 6424 bytes on handle 5)
2018-12-17T22:32:57.987086582Z 64 PC: 13f55 | Write file or device (Write 12241 bytes on handle 5)
2018-12-17T22:32:57.996769987Z 66 PC: 13fb4 | Move file pointer
2018-12-17T22:32:58.000189356Z 64 PC: 13f55 | Write file or device (Write 2 bytes on handle 5)
2018-12-17T22:32:58.00715313Z 87 PC: 1365d | Get or set file date and time
2018-12-17T22:32:58.008575389Z 62 PC: 13ed2 | Close file
2018-12-17T22:32:58.056610962Z 26 PC: 136b1 | Set disk transfer address
2018-12-17T22:32:58.058426222Z 79 PC: 136b6 | Find next file
2018-12-17T22:32:58.062001543Z 67 PC: 13616 | Get or set file attributes
2018-12-17T22:32:58.085437293Z 61 PC: 13e82 | Open file (Filename = 'C:\DOS\DEBUG.EXE')
2018-12-17T22:32:58.093672547Z 66 PC: 13fb4 | Move file pointer
2018-12-17T22:32:58.095037065Z 63 PC: 13f55 | Read file or device (Read 1 bytes on handle 5)
2018-12-17T22:32:58.100439993Z 66 PC: 13fb4 | Move file pointer
2018-12-17T22:32:58.102917284Z 63 PC: 13f55 | Read file or device (Read 15718 bytes on handle 5)
2018-12-17T22:32:58.112603383Z 62 PC: 13ed2 | Close file
2018-12-17T22:32:58.114864951Z 65 PC: 13fcb | Delete file (Filename = 'C:\DOS\DEBUG.EXE')
2018-12-17T22:32:58.173482139Z 60 PC: 13e82 | Create or truncate file
2018-12-17T22:32:58.200945329Z 64 PC: 13f55 | Write file or device (Write 6424 bytes on handle 5)
2018-12-17T22:32:58.23129856Z 64 PC: 13f55 | Write file or device (Write 15718 bytes on handle 5)
2018-12-17T22:32:58.258241941Z 66 PC: 13fb4 | Move file pointer
2018-12-17T22:32:58.260243498Z 64 PC: 13f55 | Write file or device (Write 2 bytes on handle 5)
2018-12-17T22:32:58.26633399Z 87 PC: 1365d | Get or set file date and time
2018-12-17T22:32:58.268191166Z 62 PC: 13ed2 | Close file
2018-12-17T22:32:58.335054901Z 26 PC: 136b1 | Set disk transfer address
2018-12-17T22:32:58.336049113Z 79 PC: 136b6 | Find next file
2018-12-17T22:32:58.340254194Z 67 PC: 13616 | Get or set file attributes
2018-12-17T22:32:58.374008864Z 61 PC: 13e82 | Open file (Filename = 'C:\DOS\EXPAND.EXE')
2018-12-17T22:32:58.38071157Z 66 PC: 13fb4 | Move file pointer
2018-12-17T22:32:58.382796984Z 63 PC: 13f55 | Read file or device (Read 1 bytes on handle 5)
2018-12-17T22:32:58.388086504Z 66 PC: 13fb4 | Move file pointer
2018-12-17T22:32:58.389692268Z 63 PC: 13f55 | Read file or device (Read 16129 bytes on handle 5)
2018-12-17T22:32:58.398592381Z 62 PC: 13ed2 | Close file
2018-12-17T22:32:58.400409361Z 65 PC: 13fcb | Delete file (Filename = 'C:\DOS\EXPAND.EXE')
2018-12-17T22:32:58.447107709Z 60 PC: 13e82 | Create or truncate file
2018-12-17T22:32:58.487251111Z 64 PC: 13f55 | Write file or device (Write 6424 bytes on handle 5)
2018-12-17T22:32:58.527207182Z 64 PC: 13f55 | Write file or device (Write 16129 bytes on handle 5)
2018-12-17T22:32:58.571584634Z 66 PC: 13fb4 | Move file pointer
2018-12-17T22:32:58.573368177Z 64 PC: 13f55 | Write file or device (Write 2 bytes on handle 5)
2018-12-17T22:32:58.577856475Z 87 PC: 1365d | Get or set file date and time
2018-12-17T22:32:58.579385246Z 62 PC: 13ed2 | Close file
2018-12-17T22:32:58.636221621Z 26 PC: 136b1 | Set disk transfer address
2018-12-17T22:32:58.637272189Z 79 PC: 136b6 | Find next file
2018-12-17T22:32:58.641075282Z 67 PC: 13616 | Get or set file attributes
2018-12-17T22:32:58.661550365Z 61 PC: 13e82 | Open file (Filename = 'C:\DOS\FDISK.EXE')
2018-12-17T22:32:58.668256972Z 66 PC: 13fb4 | Move file pointer
2018-12-17T22:32:58.669879309Z 63 PC: 13f55 | Read file or device (Read 1 bytes on handle 5)
2018-12-17T22:32:58.675933268Z 66 PC: 13fb4 | Move file pointer
2018-12-17T22:32:58.677792921Z 63 PC: 13f55 | Read file or device (Read 29336 bytes on handle 5)
2018-12-17T22:32:58.688422619Z 62 PC: 13ed2 | Close file
2018-12-17T22:32:58.690949641Z 65 PC: 13fcb | Delete file (Filename = 'C:\DOS\FDISK.EXE')
2018-12-17T22:32:58.701496431Z 60 PC: 13e82 | Create or truncate file
2018-12-17T22:32:58.712608567Z 64 PC: 13f55 | Write file or device (Write 6424 bytes on handle 5)
2018-12-17T22:32:58.718679156Z 64 PC: 13f55 | Write file or device (Write 29336 bytes on handle 5)
2018-12-17T22:32:58.730279377Z 66 PC: 13fb4 | Move file pointer
2018-12-17T22:32:58.732222422Z 64 PC: 13f55 | Write file or device (Write 2 bytes on handle 5)
2018-12-17T22:32:58.737993497Z 87 PC: 1365d | Get or set file date and time
2018-12-17T22:32:58.739360624Z 62 PC: 13ed2 | Close file
2018-12-17T22:32:58.746402433Z 26 PC: 136b1 | Set disk transfer address
2018-12-17T22:32:58.747298587Z 79 PC: 136b6 | Find next file
2018-12-17T22:32:58.750765789Z 67 PC: 13616 | Get or set file attributes
2018-12-17T22:32:58.760313127Z 61 PC: 13e82 | Open file (Filename = 'C:\DOS\MEM.EXE')
2018-12-17T22:32:58.767172038Z 66 PC: 13fb4 | Move file pointer
2018-12-17T22:32:58.768754598Z 63 PC: 13f55 | Read file or device (Read 1 bytes on handle 5)
2018-12-17T22:32:58.77453985Z 66 PC: 13fb4 | Move file pointer
2018-12-17T22:32:58.776089633Z 63 PC: 13f55 | Read file or device (Read 32502 bytes on handle 5)
2018-12-17T22:32:58.787495022Z 62 PC: 13ed2 | Close file
2018-12-17T22:32:58.789623868Z 65 PC: 13fcb | Delete file (Filename = 'C:\DOS\MEM.EXE')
2018-12-17T22:32:58.799693626Z 60 PC: 13e82 | Create or truncate file
2018-12-17T22:32:58.810208835Z 64 PC: 13f55 | Write file or device (Write 6424 bytes on handle 5)
2018-12-17T22:32:58.818433677Z 64 PC: 13f55 | Write file or device (Write 32502 bytes on handle 5)
2018-12-17T22:32:58.830402991Z 66 PC: 13fb4 | Move file pointer
2018-12-17T22:32:58.832055017Z 64 PC: 13f55 | Write file or device (Write 2 bytes on handle 5)
2018-12-17T22:32:58.839307272Z 87 PC: 1365d | Get or set file date and time
2018-12-17T22:32:58.841042033Z 62 PC: 13ed2 | Close file
2018-12-17T22:32:58.848541134Z 26 PC: 136b1 | Set disk transfer address
2018-12-17T22:32:58.850767808Z 79 PC: 136b6 | Find next file
2018-12-17T22:32:58.854342712Z 26 PC: 136b1 | Set disk transfer address
2018-12-17T22:32:58.855605378Z 79 PC: 136b6 | Find next file
2018-12-17T22:32:58.860035885Z 26 PC: 136b1 | Set disk transfer address
2018-12-17T22:32:58.861315498Z 79 PC: 136b6 | Find next file
2018-12-17T22:32:58.86508635Z 67 PC: 13616 | Get or set file attributes
2018-12-17T22:32:58.886105931Z 61 PC: 13e82 | Open file (Filename = 'C:\DOS\REPLACE.EXE')
2018-12-17T22:32:58.893127024Z 66 PC: 13fb4 | Move file pointer
2018-12-17T22:32:58.89484513Z 63 PC: 13f55 | Read file or device (Read 1 bytes on handle 5)
2018-12-17T22:32:58.901453779Z 66 PC: 13fb4 | Move file pointer
2018-12-17T22:32:58.903449859Z 63 PC: 13f55 | Read file or device (Read 20274 bytes on handle 5)
2018-12-17T22:32:58.912463805Z 62 PC: 13ed2 | Close file
2018-12-17T22:32:58.914638393Z 65 PC: 13fcb | Delete file (Filename = 'C:\DOS\REPLACE.EXE')
2018-12-17T22:32:58.92568012Z 60 PC: 13e82 | Create or truncate file
2018-12-17T22:32:58.936525508Z 64 PC: 13f55 | Write file or device (Write 6424 bytes on handle 5)
2018-12-17T22:32:58.944785346Z 64 PC: 13f55 | Write file or device (Write 20274 bytes on handle 5)
2018-12-17T22:32:58.955364991Z 66 PC: 13fb4 | Move file pointer
2018-12-17T22:32:58.956508316Z 64 PC: 13f55 | Write file or device (Write 2 bytes on handle 5)
2018-12-17T22:32:58.96237799Z 87 PC: 1365d | Get or set file date and time
2018-12-17T22:32:58.96370573Z 62 PC: 13ed2 | Close file
2018-12-17T22:32:58.970256151Z 26 PC: 136b1 | Set disk transfer address
2018-12-17T22:32:58.9711426Z 79 PC: 136b6 | Find next file
2018-12-17T22:32:58.974489162Z 67 PC: 13616 | Get or set file attributes
2018-12-17T22:32:58.984812074Z 61 PC: 13e82 | Open file (Filename = 'C:\DOS\RESTORE.EXE')
2018-12-17T22:32:58.991627592Z 66 PC: 13fb4 | Move file pointer
2018-12-17T22:32:58.992918202Z 63 PC: 13f55 | Read file or device (Read 1 bytes on handle 5)
2018-12-17T22:32:58.998505297Z 66 PC: 13fb4 | Move file pointer
2018-12-17T22:32:59.00003064Z 63 PC: 13f55 | Read file or device (Read 38342 bytes on handle 5)
2018-12-17T22:32:59.011541102Z 62 PC: 13ed2 | Close file
2018-12-17T22:32:59.01434318Z 65 PC: 13fcb | Delete file (Filename = 'C:\DOS\RESTORE.EXE')
2018-12-17T22:32:59.024757334Z 60 PC: 13e82 | Create or truncate file
2018-12-17T22:32:59.031646808Z 64 PC: 13f55 | Write file or device (Write 6424 bytes on handle 5)
2018-12-17T22:32:59.03723685Z 64 PC: 13f55 | Write file or device (Write 38342 bytes on handle 5)
2018-12-17T22:32:59.04724048Z 66 PC: 13fb4 | Move file pointer
2018-12-17T22:32:59.048548412Z 64 PC: 13f55 | Write file or device (Write 2 bytes on handle 5)
2018-12-17T22:32:59.054746528Z 87 PC: 1365d | Get or set file date and time
2018-12-17T22:32:59.056214942Z 62 PC: 13ed2 | Close file
2018-12-17T22:32:59.062792392Z 26 PC: 136b1 | Set disk transfer address
2018-12-17T22:32:59.063927821Z 79 PC: 136b6 | Find next file
2018-12-17T22:32:59.067093922Z 26 PC: 136b1 | Set disk transfer address
2018-12-17T22:32:59.068125887Z 79 PC: 136b6 | Find next file
2018-12-17T22:32:59.071620201Z 26 PC: 136b1 | Set disk transfer address
2018-12-17T22:32:59.072503245Z 79 PC: 136b6 | Find next file
2018-12-17T22:32:59.076528879Z 67 PC: 13616 | Get or set file attributes
2018-12-17T22:32:59.085835094Z 61 PC: 13e82 | Open file (Filename = 'C:\DOS\XCOPY.EXE')
2018-12-17T22:32:59.092502844Z 66 PC: 13fb4 | Move file pointer
2018-12-17T22:32:59.094308966Z 63 PC: 13f55 | Read file or device (Read 1 bytes on handle 5)
2018-12-17T22:32:59.099529789Z 66 PC: 13fb4 | Move file pointer
2018-12-17T22:32:59.100923648Z 63 PC: 13f55 | Read file or device (Read 16930 bytes on handle 5)
2018-12-17T22:32:59.111135133Z 62 PC: 13ed2 | Close file
2018-12-17T22:32:59.112941857Z 65 PC: 13fcb | Delete file (Filename = 'C:\DOS\XCOPY.EXE')
2018-12-17T22:32:59.123419408Z 60 PC: 13e82 | Create or truncate file
2018-12-17T22:32:59.134826094Z 64 PC: 13f55 | Write file or device (Write 6424 bytes on handle 5)
2018-12-17T22:32:59.140065353Z 64 PC: 13f55 | Write file or device (Write 16930 bytes on handle 5)
2018-12-17T22:32:59.146608386Z 66 PC: 13fb4 | Move file pointer
2018-12-17T22:32:59.14851055Z 64 PC: 13f55 | Write file or device (Write 2 bytes on handle 5)
2018-12-17T22:32:59.154794456Z 87 PC: 1365d | Get or set file date and time
2018-12-17T22:32:59.156173478Z 62 PC: 13ed2 | Close file
2018-12-17T22:32:59.163242846Z 26 PC: 136b1 | Set disk transfer address
2018-12-17T22:32:59.164210169Z 79 PC: 136b6 | Find next file
2018-12-17T22:32:59.167409898Z 26 PC: 136b1 | Set disk transfer address
2018-12-17T22:32:59.168741793Z 79 PC: 136b6 | Find next file
2018-12-17T22:32:59.173127854Z 26 PC: 136b1 | Set disk transfer address
2018-12-17T22:32:59.174411891Z 79 PC: 136b6 | Find next file
2018-12-17T22:32:59.179010924Z 67 PC: 13616 | Get or set file attributes
2018-12-17T22:32:59.18886491Z 61 PC: 13e82 | Open file (Filename = 'C:\DOS\MSCDEX.EXE')
2018-12-17T22:32:59.196172117Z 66 PC: 13fb4 | Move file pointer
2018-12-17T22:32:59.197961246Z 63 PC: 13f55 | Read file or device (Read 1 bytes on handle 5)
2018-12-17T22:32:59.203508137Z 66 PC: 13fb4 | Move file pointer
2018-12-17T22:32:59.205622142Z 63 PC: 13f55 | Read file or device (Read 25361 bytes on handle 5)
2018-12-17T22:32:59.216758067Z 62 PC: 13ed2 | Close file
2018-12-17T22:32:59.218789015Z 65 PC: 13fcb | Delete file (Filename = 'C:\DOS\MSCDEX.EXE')
2018-12-17T22:32:59.230483818Z 60 PC: 13e82 | Create or truncate file
2018-12-17T22:32:59.242033212Z 64 PC: 13f55 | Write file or device (Write 6424 bytes on handle 5)
2018-12-17T22:32:59.247202066Z 64 PC: 13f55 | Write file or device (Write 25361 bytes on handle 5)
2018-12-17T22:32:59.255412268Z 66 PC: 13fb4 | Move file pointer
2018-12-17T22:32:59.256823627Z 64 PC: 13f55 | Write file or device (Write 2 bytes on handle 5)
2018-12-17T22:32:59.262718522Z 87 PC: 1365d | Get or set file date and time
2018-12-17T22:32:59.264595734Z 62 PC: 13ed2 | Close file
2018-12-17T22:32:59.271276626Z 26 PC: 136b1 | Set disk transfer address
2018-12-17T22:32:59.272208928Z 79 PC: 136b6 | Find next file
2018-12-17T22:32:59.276141718Z 26 PC: 1368d | Set disk transfer address
2018-12-17T22:32:59.27738415Z 78 PC: 13699 | Find first file
2018-12-17T22:32:59.286645116Z 26 PC: 136b1 | Set disk transfer address
2018-12-17T22:32:59.287955324Z 79 PC: 136b6 | Find next file
2018-12-17T22:32:59.290401361Z 48 PC: 14044 | Get DOS version
2018-12-17T22:32:59.293081319Z 48 PC: 14044 | Get DOS version
2018-12-17T22:32:59.294389328Z 67 PC: 13616 | Get or set file attributes
2018-12-17T22:32:59.304288577Z 61 PC: 13e82 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:32:59.311317677Z 66 PC: 145ec | Move file pointer
2018-12-17T22:32:59.312936584Z 66 PC: 145fa | Move file pointer
2018-12-17T22:32:59.314152995Z 66 PC: 14608 | Move file pointer
2018-12-17T22:32:59.316392947Z 66 PC: 13fb4 | Move file pointer
2018-12-17T22:32:59.317772955Z 63 PC: 13f55 | Read file or device (Read 62464 bytes on handle 5)
2018-12-17T22:32:59.327342961Z 62 PC: 13ed2 | Close file
2018-12-17T22:32:59.329738735Z 86 PC: 1400f | Rename file
2018-12-17T22:32:59.341291161Z 48 PC: 14044 | Get DOS version
2018-12-17T22:32:59.342872111Z 60 PC: 13e82 | Create or truncate file
2018-12-17T22:32:59.354177756Z 64 PC: 13f55 | Write file or device (Write 62464 bytes on handle 5)
2018-12-17T22:32:59.363909833Z 62 PC: 13ed2 | Close file
2018-12-17T22:32:59.371823774Z 53 PC: 13989 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:32:59.373820848Z 37 PC: 13992 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:32:59.374833478Z 53 PC: 13989 | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:32:59.375800865Z 37 PC: 13992 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:32:59.377667051Z 53 PC: 13989 | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:32:59.378677779Z 37 PC: 13992 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:32:59.379672198Z 53 PC: 13989 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:32:59.381996906Z 37 PC: 13992 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:32:59.383248938Z 53 PC: 13989 | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:32:59.384511595Z 37 PC: 13992 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:32:59.386549916Z 53 PC: 13989 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:32:59.388017937Z 37 PC: 13992 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:32:59.389486571Z 53 PC: 13989 | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:32:59.391253667Z 37 PC: 13992 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:32:59.392528569Z 53 PC: 13989 | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:32:59.394430933Z 37 PC: 13992 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:32:59.395459746Z 53 PC: 13989 | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:32:59.39648955Z 37 PC: 13992 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:32:59.398521381Z 53 PC: 13989 | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:32:59.399910234Z 37 PC: 13992 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:32:59.401164318Z 53 PC: 13989 | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:32:59.403234848Z 37 PC: 13992 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:32:59.404602852Z 53 PC: 13989 | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:32:59.405886894Z 37 PC: 13992 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:32:59.40804743Z 53 PC: 13989 | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:32:59.409315774Z 37 PC: 13992 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:32:59.410658908Z 53 PC: 13989 | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:32:59.412666095Z 37 PC: 13992 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:32:59.413836636Z 53 PC: 13989 | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:32:59.414958337Z 37 PC: 13992 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:32:59.416734615Z 53 PC: 13989 | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:32:59.417722313Z 37 PC: 13992 | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:32:59.419233555Z 53 PC: 13989 | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:32:59.420626991Z 37 PC: 13992 | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:32:59.421983533Z 53 PC: 13989 | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:32:59.423792487Z 37 PC: 13992 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:32:59.42557336Z 53 PC: 13989 | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:32:59.426946899Z 37 PC: 13992 | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:32:59.428612082Z 48 PC: 14044 | Get DOS version
2018-12-17T22:32:59.429892549Z 41 PC: 138d8 | Parse filename
2018-12-17T22:32:59.431178951Z 41 PC: 138e6 | Parse filename
2018-12-17T22:32:59.432624876Z 75 PC: 138f1 | Execute program
2018-12-17T22:32:59.449908637Z 9 PC: 15cec | Display string (String= '����^JWUW������������������b������!� �')
2018-12-17T22:32:59.45629232Z 76 PC: 15cf1 | Terminate with return code (Return code = '0')
2018-12-17T22:32:59.459698041Z 53 PC: 13989 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:32:59.460769691Z 37 PC: 13992 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:32:59.462178531Z 53 PC: 13989 | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:32:59.463901156Z 37 PC: 13992 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:32:59.465014841Z 53 PC: 13989 | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:32:59.466712108Z 37 PC: 13992 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:32:59.467832051Z 53 PC: 13989 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:32:59.468963613Z 37 PC: 13992 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:32:59.470575052Z 53 PC: 13989 | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:32:59.471651995Z 37 PC: 13992 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:32:59.472707416Z 53 PC: 13989 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:32:59.474276187Z 37 PC: 13992 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:32:59.47529569Z 53 PC: 13989 | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:32:59.476739302Z 37 PC: 13992 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:32:59.47779005Z 53 PC: 13989 | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:32:59.47884885Z 37 PC: 13992 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:32:59.480610335Z 53 PC: 13989 | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:32:59.482371192Z 37 PC: 13992 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:32:59.483844616Z 53 PC: 13989 | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:32:59.485905685Z 37 PC: 13992 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:32:59.487497881Z 53 PC: 13989 | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:32:59.489001994Z 37 PC: 13992 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:32:59.490840269Z 53 PC: 13989 | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:32:59.492163754Z 37 PC: 13992 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:32:59.493706155Z 53 PC: 13989 | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:32:59.494837073Z 37 PC: 13992 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:32:59.496008722Z 53 PC: 13989 | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:32:59.497881753Z 37 PC: 13992 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:32:59.498851907Z 53 PC: 13989 | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:32:59.499835491Z 37 PC: 13992 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:32:59.501501209Z 53 PC: 13989 | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:32:59.50289835Z 37 PC: 13992 | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:32:59.504509995Z 53 PC: 13989 | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:32:59.506212082Z 37 PC: 13992 | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:32:59.507644392Z 53 PC: 13989 | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:32:59.509786528Z 37 PC: 13992 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:32:59.511141657Z 53 PC: 13989 | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:32:59.51255861Z 37 PC: 13992 | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:32:59.518367795Z 77 PC: 1390f | Get program return code
2018-12-17T22:32:59.519730733Z 65 PC: 13fcb | Delete file (Filename = '��ƒ�1��}�')
2018-12-17T22:32:59.53141272Z 48 PC: 14044 | Get DOS version
2018-12-17T22:32:59.533155114Z 86 PC: 1400f | Rename file
2018-12-17T22:32:59.544041592Z 42 PC: 13424 | Get date 0x13424: mov byte ptr [0xceb], al
0x13427: mov word ptr [0xcf4], 0x1234
0x1342d: mov word ptr [0xcf6], 0x4321
0x13433: push 8
0x13435: mov di, 0xcf4
0x13438: push ds
0x13439: push di
0x1343a: lcall 0x135e:0x33b
0x1343f: cmp word ptr [0xcf4], 0
0x13444: je 0x1344d
0x13446: mov al, byte ptr [0xceb]
0x13449: shr al, 1
0x1344b: jb 0x13455
0x1344d: mov ax, word ptr [0xd0c]
0x13450: lcall 0x139c:0x116
0x13455: mov ax, 0x32
0x13458: mov dx, ds
0x1345a: mov word ptr [0xbe2], ax
0x1345d: mov word ptr [0xbe4], dx
0x13461: mov di, 0xbe2
2018-12-17T22:32:59.547635804Z 44 PC: 14582 | Get time 0x14582: mov word ptr [0x722], cx
0x14586: mov word ptr [0x724], dx
0x1458a: retf
0x1458b: call 0x145d2
0x1458e: jb 0x1459f
0x14590: mov cx, word ptr es:[di + 4]
0x14594: cmp cx, 1
0x14597: je 0x1459f
0x14599: xor bx, bx
0x1459b: push cs
0x1459c: call 0x2410e
0x1459f: retf 4
0x145a2: call 0x145d2
0x145a5: jb 0x145ba
0x145a7: mov ax, cx
0x145a9: mov dx, bx
0x145ab: mov cx, word ptr es:[di + 4]
0x145af: cmp cx, 1
0x145b2: je 0x145ba
0x145b4: xor bx, bx
2018-12-17T22:32:59.549678724Z 53 PC: 1376a | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:32:59.550775513Z 37 PC: 13786 | Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:32:59.552296464Z 49 PC: 13873 | Terminate and stay resident (Return code = '0' | Memory size = '803')