Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Tools.7384

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T21:56:39.067394308Z	53	PC: 142ba \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T21:56:39.069194986Z	53	PC: 142ba \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T21:56:39.070314561Z	53	PC: 142ba \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T21:56:39.071430931Z	53	PC: 142ba \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:56:39.073268444Z	53	PC: 142ba \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T21:56:39.074772081Z	53	PC: 142ba \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:56:39.076258796Z	53	PC: 142ba \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T21:56:39.078307376Z	53	PC: 142ba \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T21:56:39.079710845Z	53	PC: 142ba \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T21:56:39.08099076Z	53	PC: 142ba \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T21:56:39.083054938Z	53	PC: 142ba \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T21:56:39.084165399Z	53	PC: 142ba \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T21:56:39.085263206Z	53	PC: 142ba \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T21:56:39.091112948Z	53	PC: 142ba \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T21:56:39.092256986Z	53	PC: 142ba \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T21:56:39.093414624Z	53	PC: 142ba \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T21:56:39.095667678Z	53	PC: 142ba \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T21:56:39.09680781Z	53	PC: 142ba \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T21:56:39.098135323Z	53	PC: 142ba \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T21:56:39.100104021Z	37	PC: 142cf \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T21:56:39.101178685Z	37	PC: 142d7 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T21:56:39.102223683Z	37	PC: 142df \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:56:39.104263286Z	37	PC: 142e7 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T21:56:39.105987365Z	68	PC: 151de \| I/O control for devices (Set for = '��=')
2018-12-17T21:56:39.107485618Z	53	PC: 14030 \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T21:56:39.109876553Z	37	PC: 1404c \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T21:56:39.111267352Z	42	PC: 13eb7 \| Get date 0x13eb7: xor ah, ah 0x13eb9: les di, ptr [bp + 6] 0x13ebc: stosw word ptr es:[di], ax 0x13ebd: mov al, dl 0x13ebf: les di, ptr [bp + 0xa] 0x13ec2: stosw word ptr es:[di], ax 0x13ec3: mov al, dh 0x13ec5: les di, ptr [bp + 0xe] 0x13ec8: stosw word ptr es:[di], ax 0x13ec9: xchg ax, cx 0x13eca: les di, ptr [bp + 0x12] 0x13ecd: stosw word ptr es:[di], ax 0x13ece: pop bp 0x13ecf: retf 0x10 0x13ed2: push bp 0x13ed3: mov bp, sp 0x13ed5: mov cx, word ptr [bp + 0xa] 0x13ed8: mov dh, byte ptr [bp + 8] 0x13edb: mov dl, byte ptr [bp + 6] 0x13ede: mov ah, 0x2b
2018-12-17T21:56:39.113522782Z	48	PC: 14def \| Get DOS version
2018-12-17T21:56:39.115914454Z	26	PC: 13fcf \| Set disk transfer address
2018-12-17T21:56:39.116895386Z	78	PC: 13fdb \| Find first file
2018-12-17T21:56:39.122986599Z	67	PC: 13f58 \| Get or set file attributes
2018-12-17T21:56:39.388013838Z	61	PC: 14c2d \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T21:56:39.396230873Z	66	PC: 1537f \| Move file pointer
2018-12-17T21:56:39.397924856Z	66	PC: 1538d \| Move file pointer
2018-12-17T21:56:39.400362204Z	66	PC: 1539b \| Move file pointer
2018-12-17T21:56:39.402108461Z	63	PC: 14d00 \| Read file or device (Read 7384 bytes on handle 5)
2018-12-17T21:56:39.410513166Z	62	PC: 14c7d \| Close file
2018-12-17T21:56:39.413635071Z	60	PC: 14c2d \| Create or truncate file
2018-12-17T21:56:39.424496058Z	65	PC: 14d76 \| Delete file (Filename = '\�')
2018-12-17T21:56:39.435159728Z	61	PC: 14c2d \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T21:56:39.44319178Z	66	PC: 14d5f \| Move file pointer
2018-12-17T21:56:39.444970359Z	63	PC: 14d00 \| Read file or device (Read 7384 bytes on handle 6)
2018-12-17T21:56:39.452530802Z	66	PC: 14d5f \| Move file pointer
2018-12-17T21:56:39.454053864Z	64	PC: 14d00 \| Write file or device (Write 7384 bytes on handle 6)
2018-12-17T21:56:39.46306112Z	66	PC: 14d5f \| Move file pointer
2018-12-17T21:56:39.464317865Z	64	PC: 14c5e \| Write file or device (Write 0 bytes on handle 6)
2018-12-17T21:56:39.472029319Z	87	PC: 13f9f \| Get or set file date and time
2018-12-17T21:56:39.473826125Z	62	PC: 14c7d \| Close file
2018-12-17T21:56:39.48063504Z	67	PC: 13f58 \| Get or set file attributes
2018-12-17T21:56:39.490371316Z	53	PC: 14235 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T21:56:39.492094749Z	37	PC: 1423e \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T21:56:39.493643887Z	53	PC: 14235 \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T21:56:39.495265749Z	37	PC: 1423e \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T21:56:39.496976114Z	53	PC: 14235 \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T21:56:39.498123467Z	37	PC: 1423e \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T21:56:39.499211259Z	53	PC: 14235 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:56:39.501061051Z	37	PC: 1423e \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:56:39.502078736Z	53	PC: 14235 \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T21:56:39.503163015Z	37	PC: 1423e \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T21:56:39.504912124Z	53	PC: 14235 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:56:39.506516574Z	37	PC: 1423e \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:56:39.508012342Z	53	PC: 14235 \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T21:56:39.510346971Z	37	PC: 1423e \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T21:56:39.511609522Z	53	PC: 14235 \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T21:56:39.51301564Z	37	PC: 1423e \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T21:56:39.515231072Z	53	PC: 14235 \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T21:56:39.516570588Z	37	PC: 1423e \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T21:56:39.518019974Z	53	PC: 14235 \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T21:56:39.520282356Z	37	PC: 1423e \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T21:56:39.521595189Z	53	PC: 14235 \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T21:56:39.522910432Z	37	PC: 1423e \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T21:56:39.525113579Z	53	PC: 14235 \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T21:56:39.526300178Z	37	PC: 1423e \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T21:56:39.527339654Z	53	PC: 14235 \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T21:56:39.528978031Z	37	PC: 1423e \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T21:56:39.530448828Z	53	PC: 14235 \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T21:56:39.531828317Z	37	PC: 1423e \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T21:56:39.533930573Z	53	PC: 14235 \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T21:56:39.535289826Z	37	PC: 1423e \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T21:56:39.536556272Z	53	PC: 14235 \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T21:56:39.538672299Z	37	PC: 1423e \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T21:56:39.539994463Z	53	PC: 14235 \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T21:56:39.541357235Z	37	PC: 1423e \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T21:56:39.543678094Z	53	PC: 14235 \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T21:56:39.544928703Z	37	PC: 1423e \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T21:56:39.546159956Z	53	PC: 14235 \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T21:56:39.548456103Z	37	PC: 1423e \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T21:56:39.549717167Z	41	PC: 14184 \| Parse filename
2018-12-17T21:56:39.551421799Z	41	PC: 14192 \| Parse filename
2018-12-17T21:56:39.554535246Z	75	PC: 1419d \| Execute program
2018-12-17T21:56:39.570834888Z	9	PC: 1ef8c \| Display string (Could not find end pointer)
2018-12-17T21:56:39.576100521Z	76	PC: 1ef91 \| Terminate with return code (Return code = '0')
2018-12-17T21:56:39.580339095Z	53	PC: 14235 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T21:56:39.581558383Z	37	PC: 1423e \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T21:56:39.582859623Z	53	PC: 14235 \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T21:56:39.584720515Z	37	PC: 1423e \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T21:56:39.585947177Z	53	PC: 14235 \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T21:56:39.587227184Z	37	PC: 1423e \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T21:56:39.589716848Z	53	PC: 14235 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:56:39.590895953Z	37	PC: 1423e \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:56:39.592180501Z	53	PC: 14235 \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T21:56:39.59407583Z	37	PC: 1423e \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T21:56:39.595941735Z	53	PC: 14235 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:56:39.597430605Z	37	PC: 1423e \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:56:39.599152703Z	53	PC: 14235 \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T21:56:39.60088128Z	37	PC: 1423e \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T21:56:39.602275264Z	53	PC: 14235 \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T21:56:39.603875679Z	37	PC: 1423e \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T21:56:39.605837903Z	53	PC: 14235 \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T21:56:39.607270592Z	37	PC: 1423e \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T21:56:39.608860689Z	53	PC: 14235 \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T21:56:39.610170054Z	37	PC: 1423e \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T21:56:39.611226651Z	53	PC: 14235 \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T21:56:39.612599491Z	37	PC: 1423e \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T21:56:39.614195755Z	53	PC: 14235 \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T21:56:39.615709254Z	37	PC: 1423e \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T21:56:39.617658699Z	53	PC: 14235 \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T21:56:39.619069324Z	37	PC: 1423e \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T21:56:39.62042121Z	53	PC: 14235 \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T21:56:39.622365642Z	37	PC: 1423e \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T21:56:39.62337807Z	53	PC: 14235 \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T21:56:39.624806739Z	37	PC: 1423e \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T21:56:39.62720771Z	53	PC: 14235 \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T21:56:39.628652024Z	37	PC: 1423e \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T21:56:39.630054498Z	53	PC: 14235 \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T21:56:39.632459352Z	37	PC: 1423e \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T21:56:39.633399303Z	53	PC: 14235 \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T21:56:39.634389369Z	37	PC: 1423e \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T21:56:39.636025974Z	53	PC: 14235 \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T21:56:39.637150304Z	37	PC: 1423e \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T21:56:39.638186091Z	67	PC: 13f58 \| Get or set file attributes
2018-12-17T21:56:39.649386703Z	61	PC: 14c2d \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T21:56:39.657700549Z	64	PC: 14d00 \| Write file or device (Write 7384 bytes on handle 6)
2018-12-17T21:56:39.665710004Z	66	PC: 14d5f \| Move file pointer
2018-12-17T21:56:39.667965306Z	64	PC: 14d00 \| Write file or device (Write 7384 bytes on handle 6)
2018-12-17T21:56:39.676532678Z	87	PC: 13f9f \| Get or set file date and time
2018-12-17T21:56:39.678215163Z	62	PC: 14c7d \| Close file
2018-12-17T21:56:39.687252896Z	67	PC: 13f58 \| Get or set file attributes
2018-12-17T21:56:39.697893554Z	26	PC: 13fcf \| Set disk transfer address
2018-12-17T21:56:39.70169842Z	78	PC: 13fdb \| Find first file
2018-12-17T21:56:39.709045242Z	67	PC: 13f58 \| Get or set file attributes
2018-12-17T21:56:40.05743306Z	61	PC: 151c2 \| Open file (Filename = 'c:\config.sys')
2018-12-17T21:56:40.063644427Z	63	PC: 148e4 \| Read file or device (Read 128 bytes on handle 6)
2018-12-17T21:56:40.070157233Z	63	PC: 148e4 \| Read file or device (Read 128 bytes on handle 6)
2018-12-17T21:56:40.071955215Z	62	PC: 14955 \| Close file
2018-12-17T21:56:40.07451392Z	26	PC: 13fcf \| Set disk transfer address
2018-12-17T21:56:40.0764564Z	78	PC: 13fdb \| Find first file
2018-12-17T21:56:40.082338157Z	60	PC: 14c2d \| Create or truncate file
2018-12-17T21:56:40.092993675Z	64	PC: 14d00 \| Write file or device (Write 7384 bytes on handle 6)
2018-12-17T21:56:40.101773039Z	62	PC: 14c7d \| Close file
2018-12-17T21:56:40.110175002Z	61	PC: 151c2 \| Open file (Filename = 'c:\config.sys')
2018-12-17T21:56:40.116187742Z	68	PC: 151de \| I/O control for devices (Set for = ',�(��(��?~��)�3'1��$��yA���O��x�0;+�5=C�W��\|�nŪ�-�\�o��.?�V!U�Z/�_ Z"{ �t.!�\9�$e(/�� #zg��c#�!+�')
2018-12-17T21:56:40.118052508Z	66	PC: 1522d \| Move file pointer
2018-12-17T21:56:40.119365317Z	66	PC: 15244 \| Move file pointer
2018-12-17T21:56:40.12084442Z	63	PC: 15251 \| Read file or device (Read 128 bytes on handle 6)
2018-12-17T21:56:40.12421151Z	87	PC: 13f9f \| Get or set file date and time
2018-12-17T21:56:40.125816245Z	64	PC: 14916 \| Write file or device (Write 21 bytes on handle 6)
2018-12-17T21:56:40.12882653Z	62	PC: 14955 \| Close file
2018-12-17T21:56:40.136602387Z	67	PC: 13f58 \| Get or set file attributes
2018-12-17T21:56:40.145515411Z	44	PC: 15315 \| Get time 0x15315: mov word ptr [0x3e], cx 0x15319: mov word ptr [0x40], dx 0x1531d: retf 0x1531e: call 0x15365 0x15321: jb 0x15332 0x15323: mov cx, word ptr es:[di + 4] 0x15327: cmp cx, 1 0x1532a: je 0x15332 0x1532c: xor bx, bx 0x1532e: push cs 0x1532f: call 0x24ea1 0x15332: retf 4 0x15335: call 0x15365 0x15338: jb 0x1534d 0x1533a: mov ax, cx 0x1533c: mov dx, bx 0x1533e: mov cx, word ptr es:[di + 4] 0x15342: cmp cx, 1 0x15345: je 0x1534d 0x15347: xor bx, bx
2018-12-17T21:56:40.148443377Z	26	PC: 13fcf \| Set disk transfer address
2018-12-17T21:56:40.149373802Z	78	PC: 13fdb \| Find first file
2018-12-17T21:56:40.155172527Z	26	PC: 13fcf \| Set disk transfer address
2018-12-17T21:56:40.156371496Z	78	PC: 13fdb \| Find first file
2018-12-17T21:56:40.162877527Z	67	PC: 13f58 \| Get or set file attributes
2018-12-17T21:56:40.172105367Z	61	PC: 14c2d \| Open file (Filename = 'TEST.EXE')
2018-12-17T21:56:40.17977408Z	66	PC: 14d5f \| Move file pointer
2018-12-17T21:56:40.181145891Z	63	PC: 14d00 \| Read file or device (Read 4 bytes on handle 6)
2018-12-17T21:56:40.183934514Z	87	PC: 13f9f \| Get or set file date and time
2018-12-17T21:56:40.186224728Z	62	PC: 14c7d \| Close file
2018-12-17T21:56:40.192943291Z	67	PC: 13f58 \| Get or set file attributes
2018-12-17T21:56:40.20239058Z	26	PC: 13ff3 \| Set disk transfer address
2018-12-17T21:56:40.204624889Z	79	PC: 13ff8 \| Find next file
2018-12-17T21:56:40.207462455Z	26	PC: 13fcf \| Set disk transfer address
2018-12-17T21:56:40.208516793Z	78	PC: 13fdb \| Find first file
2018-12-17T21:56:40.21377336Z	60	PC: 14c2d \| Create or truncate file
2018-12-17T21:56:40.226252556Z	62	PC: 14c7d \| Close file
2018-12-17T21:56:40.227857854Z	65	PC: 14d76 \| Delete file (Filename = 'C:\�')
2018-12-17T21:56:40.241934852Z	60	PC: 14c2d \| Create or truncate file
2018-12-17T21:56:40.244369692Z	60	PC: 14c2d \| Create or truncate file
2018-12-17T21:56:40.24678317Z	60	PC: 14c2d \| Create or truncate file
2018-12-17T21:56:40.250320457Z	60	PC: 14c2d \| Create or truncate file
2018-12-17T21:56:40.252773967Z	60	PC: 14c2d \| Create or truncate file
2018-12-17T21:56:40.255092367Z	60	PC: 14c2d \| Create or truncate file
2018-12-17T21:56:40.257782265Z	60	PC: 14c2d \| Create or truncate file
2018-12-17T21:56:40.260084982Z	60	PC: 14c2d \| Create or truncate file
2018-12-17T21:56:40.262404879Z	60	PC: 14c2d \| Create or truncate file
2018-12-17T21:56:40.265060532Z	60	PC: 14c2d \| Create or truncate file
2018-12-17T21:56:40.267406122Z	60	PC: 14c2d \| Create or truncate file
2018-12-17T21:56:40.269785583Z	60	PC: 14c2d \| Create or truncate file
2018-12-17T21:56:40.272246473Z	60	PC: 14c2d \| Create or truncate file
2018-12-17T21:56:40.274535273Z	60	PC: 14c2d \| Create or truncate file
2018-12-17T21:56:40.276952868Z	60	PC: 14c2d \| Create or truncate file
2018-12-17T21:56:40.279451328Z	60	PC: 14c2d \| Create or truncate file
2018-12-17T21:56:40.282206212Z	60	PC: 14c2d \| Create or truncate file
2018-12-17T21:56:40.284912463Z	60	PC: 14c2d \| Create or truncate file
2018-12-17T21:56:40.287310721Z	60	PC: 14c2d \| Create or truncate file
2018-12-17T21:56:40.288969691Z	60	PC: 14c2d \| Create or truncate file
2018-12-17T21:56:40.291192311Z	60	PC: 14c2d \| Create or truncate file
2018-12-17T21:56:40.292841678Z	60	PC: 14c2d \| Create or truncate file
2018-12-17T21:56:40.294441465Z	60	PC: 14c2d \| Create or truncate file
2018-12-17T21:56:40.297279051Z	26	PC: 13fcf \| Set disk transfer address
2018-12-17T21:56:40.298280489Z	78	PC: 13fdb \| Find first file
2018-12-17T21:56:40.30352125Z	26	PC: 13ff3 \| Set disk transfer address
2018-12-17T21:56:40.304962703Z	79	PC: 13ff8 \| Find next file
2018-12-17T21:56:40.307414812Z	26	PC: 13ff3 \| Set disk transfer address
2018-12-17T21:56:40.308278079Z	79	PC: 13ff8 \| Find next file
2018-12-17T21:56:40.31165043Z	26	PC: 13ff3 \| Set disk transfer address
2018-12-17T21:56:40.312448474Z	79	PC: 13ff8 \| Find next file
2018-12-17T21:56:40.314870181Z	26	PC: 13ff3 \| Set disk transfer address
2018-12-17T21:56:40.316312486Z	79	PC: 13ff8 \| Find next file
2018-12-17T21:56:40.318729546Z	26	PC: 13ff3 \| Set disk transfer address
2018-12-17T21:56:40.319611771Z	79	PC: 13ff8 \| Find next file
2018-12-17T21:56:40.323122673Z	26	PC: 13ff3 \| Set disk transfer address
2018-12-17T21:56:40.324107372Z	79	PC: 13ff8 \| Find next file
2018-12-17T21:56:40.3266017Z	26	PC: 13ff3 \| Set disk transfer address
2018-12-17T21:56:40.328241792Z	79	PC: 13ff8 \| Find next file
2018-12-17T21:56:40.330839988Z	26	PC: 13fcf \| Set disk transfer address
2018-12-17T21:56:40.331648685Z	78	PC: 13fdb \| Find first file
2018-12-17T21:56:40.33719602Z	26	PC: 13fcf \| Set disk transfer address
2018-12-17T21:56:40.338137742Z	78	PC: 13fdb \| Find first file
2018-12-17T21:56:40.343380485Z	26	PC: 13ff3 \| Set disk transfer address
2018-12-17T21:56:40.344463633Z	79	PC: 13ff8 \| Find next file
2018-12-17T21:56:40.347340494Z	26	PC: 13ff3 \| Set disk transfer address
2018-12-17T21:56:40.34857913Z	79	PC: 13ff8 \| Find next file
2018-12-17T21:56:40.351319878Z	26	PC: 13ff3 \| Set disk transfer address
2018-12-17T21:56:40.352549867Z	79	PC: 13ff8 \| Find next file
2018-12-17T21:56:40.355973687Z	26	PC: 13ff3 \| Set disk transfer address
2018-12-17T21:56:40.356849725Z	79	PC: 13ff8 \| Find next file
2018-12-17T21:56:40.359280222Z	26	PC: 13ff3 \| Set disk transfer address
2018-12-17T21:56:40.360838768Z	79	PC: 13ff8 \| Find next file
2018-12-17T21:56:40.363296481Z	26	PC: 13ff3 \| Set disk transfer address
2018-12-17T21:56:40.364235909Z	79	PC: 13ff8 \| Find next file
2018-12-17T21:56:40.367158373Z	26	PC: 13ff3 \| Set disk transfer address
2018-12-17T21:56:40.368161431Z	79	PC: 13ff8 \| Find next file
2018-12-17T21:56:40.370859688Z	26	PC: 13fcf \| Set disk transfer address
2018-12-17T21:56:40.372501197Z	78	PC: 13fdb \| Find first file
2018-12-17T21:56:40.378777066Z	26	PC: 13fcf \| Set disk transfer address
2018-12-17T21:56:40.380111339Z	78	PC: 13fdb \| Find first file
2018-12-17T21:56:40.38701839Z	67	PC: 13f58 \| Get or set file attributes
2018-12-17T21:56:40.408899313Z	61	PC: 14c2d \| Open file (Filename = 'C:\DOS\ATTRIB.EXE')
2018-12-17T21:56:40.415720934Z	66	PC: 14d5f \| Move file pointer
2018-12-17T21:56:40.417199993Z	63	PC: 14d00 \| Read file or device (Read 4 bytes on handle 6)
2018-12-17T21:56:40.42278176Z	87	PC: 13f9f \| Get or set file date and time
2018-12-17T21:56:40.424682377Z	62	PC: 14c7d \| Close file
2018-12-17T21:56:40.444982124Z	67	PC: 13f58 \| Get or set file attributes
2018-12-17T21:56:40.460380684Z	67	PC: 13f58 \| Get or set file attributes
2018-12-17T21:56:40.48831861Z	61	PC: 14c2d \| Open file (Filename = 'C:\DOS\ATTRIB.EXE')
2018-12-17T21:56:40.495199652Z	66	PC: 14d5f \| Move file pointer
2018-12-17T21:56:40.496539545Z	63	PC: 14d00 \| Read file or device (Read 7384 bytes on handle 6)
2018-12-17T21:56:40.504352993Z	66	PC: 14d5f \| Move file pointer
2018-12-17T21:56:40.505674249Z	64	PC: 14d00 \| Write file or device (Write 7384 bytes on handle 6)
2018-12-17T21:56:40.52906572Z	66	PC: 14d5f \| Move file pointer
2018-12-17T21:56:40.530522765Z	64	PC: 14d00 \| Write file or device (Write 7384 bytes on handle 6)
2018-12-17T21:56:40.569473241Z	87	PC: 13f9f \| Get or set file date and time
2018-12-17T21:56:40.571085672Z	62	PC: 14c7d \| Close file
2018-12-17T21:56:40.613251633Z	67	PC: 13f58 \| Get or set file attributes
2018-12-17T21:56:40.649572613Z	26	PC: 13ff3 \| Set disk transfer address
2018-12-17T21:56:40.652012122Z	79	PC: 13ff8 \| Find next file
2018-12-17T21:56:40.655579054Z	67	PC: 13f58 \| Get or set file attributes
2018-12-17T21:56:40.697242671Z	61	PC: 14c2d \| Open file (Filename = 'C:\DOS\CHKDSK.EXE')
2018-12-17T21:56:40.705388352Z	66	PC: 14d5f \| Move file pointer
2018-12-17T21:56:40.706842586Z	63	PC: 14d00 \| Read file or device (Read 4 bytes on handle 6)
2018-12-17T21:56:40.725489795Z	87	PC: 13f9f \| Get or set file date and time
2018-12-17T21:56:40.727483124Z	62	PC: 14c7d \| Close file
2018-12-17T21:56:40.749331875Z	67	PC: 13f58 \| Get or set file attributes
2018-12-17T21:56:40.793707714Z	67	PC: 13f58 \| Get or set file attributes
2018-12-17T21:56:40.839709202Z	61	PC: 14c2d \| Open file (Filename = 'C:\DOS\CHKDSK.EXE')
2018-12-17T21:56:40.848497612Z	66	PC: 14d5f \| Move file pointer
2018-12-17T21:56:40.850617431Z	63	PC: 14d00 \| Read file or device (Read 7384 bytes on handle 6)
2018-12-17T21:56:40.85834973Z	66	PC: 14d5f \| Move file pointer
2018-12-17T21:56:40.860050861Z	64	PC: 14d00 \| Write file or device (Write 7384 bytes on handle 6)
2018-12-17T21:56:40.909960964Z	66	PC: 14d5f \| Move file pointer
2018-12-17T21:56:40.912323909Z	64	PC: 14d00 \| Write file or device (Write 7384 bytes on handle 6)
2018-12-17T21:56:40.960209723Z	87	PC: 13f9f \| Get or set file date and time
2018-12-17T21:56:40.963094706Z	62	PC: 14c7d \| Close file
2018-12-17T21:56:41.013119884Z	67	PC: 13f58 \| Get or set file attributes
2018-12-17T21:56:41.070633714Z	26	PC: 13ff3 \| Set disk transfer address
2018-12-17T21:56:41.072758781Z	79	PC: 13ff8 \| Find next file
2018-12-17T21:56:41.076426069Z	67	PC: 13f58 \| Get or set file attributes
2018-12-17T21:56:41.135814075Z	61	PC: 14c2d \| Open file (Filename = 'C:\DOS\DEBUG.EXE')
2018-12-17T21:56:41.143016285Z	66	PC: 14d5f \| Move file pointer
2018-12-17T21:56:41.144447753Z	63	PC: 14d00 \| Read file or device (Read 4 bytes on handle 6)
2018-12-17T21:56:41.150165118Z	87	PC: 13f9f \| Get or set file date and time
2018-12-17T21:56:41.152099468Z	62	PC: 14c7d \| Close file
2018-12-17T21:56:41.213303461Z	67	PC: 13f58 \| Get or set file attributes
2018-12-17T21:56:41.281905413Z	67	PC: 13f58 \| Get or set file attributes
2018-12-17T21:56:41.600428171Z	61	PC: 14c2d \| Open file (Filename = 'C:\DOS\DEBUG.EXE')
2018-12-17T21:56:41.607100571Z	66	PC: 14d5f \| Move file pointer
2018-12-17T21:56:41.609139594Z	63	PC: 14d00 \| Read file or device (Read 7384 bytes on handle 6)
2018-12-17T21:56:41.616669056Z	66	PC: 14d5f \| Move file pointer
2018-12-17T21:56:41.618274077Z	64	PC: 14d00 \| Write file or device (Write 7384 bytes on handle 6)
2018-12-17T21:56:41.913700535Z	66	PC: 14d5f \| Move file pointer
2018-12-17T21:56:41.91537728Z	64	PC: 14d00 \| Write file or device (Write 7384 bytes on handle 6)
2018-12-17T21:56:41.925335725Z	87	PC: 13f9f \| Get or set file date and time
2018-12-17T21:56:41.927709009Z	62	PC: 14c7d \| Close file
2018-12-17T21:56:41.935430205Z	67	PC: 13f58 \| Get or set file attributes
2018-12-17T21:56:41.946342846Z	26	PC: 13ff3 \| Set disk transfer address
2018-12-17T21:56:41.947460193Z	79	PC: 13ff8 \| Find next file
2018-12-17T21:56:41.950433499Z	26	PC: 13fcf \| Set disk transfer address
2018-12-17T21:56:41.951512692Z	78	PC: 13fdb \| Find first file
2018-12-17T21:56:41.956107647Z	67	PC: 13f58 \| Get or set file attributes
2018-12-17T21:56:41.962611455Z	61	PC: 14c2d \| Open file (Filename = 'C:\DOS\ATTRIB.EXE')
2018-12-17T21:56:41.969145456Z	66	PC: 14d5f \| Move file pointer
2018-12-17T21:56:41.970825638Z	63	PC: 14d00 \| Read file or device (Read 4 bytes on handle 6)
2018-12-17T21:56:41.972885439Z	87	PC: 13f9f \| Get or set file date and time
2018-12-17T21:56:41.974699519Z	62	PC: 14c7d \| Close file
2018-12-17T21:56:42.301474069Z	67	PC: 13f58 \| Get or set file attributes
2018-12-17T21:56:42.308586889Z	26	PC: 13ff3 \| Set disk transfer address
2018-12-17T21:56:42.31005566Z	79	PC: 13ff8 \| Find next file
2018-12-17T21:56:42.312625035Z	67	PC: 13f58 \| Get or set file attributes
2018-12-17T21:56:42.323817729Z	61	PC: 14c2d \| Open file (Filename = 'C:\DOS\CHKDSK.EXE')
2018-12-17T21:56:42.331040029Z	66	PC: 14d5f \| Move file pointer
2018-12-17T21:56:42.33504239Z	63	PC: 14d00 \| Read file or device (Read 4 bytes on handle 6)
2018-12-17T21:56:42.338946751Z	87	PC: 13f9f \| Get or set file date and time
2018-12-17T21:56:42.34093135Z	62	PC: 14c7d \| Close file
2018-12-17T21:56:42.346716426Z	67	PC: 13f58 \| Get or set file attributes
2018-12-17T21:56:42.356385508Z	26	PC: 13ff3 \| Set disk transfer address
2018-12-17T21:56:42.357429234Z	79	PC: 13ff8 \| Find next file
2018-12-17T21:56:42.361543881Z	67	PC: 13f58 \| Get or set file attributes
2018-12-17T21:56:42.371287775Z	61	PC: 14c2d \| Open file (Filename = 'C:\DOS\DEBUG.EXE')
2018-12-17T21:56:42.378154954Z	66	PC: 14d5f \| Move file pointer
2018-12-17T21:56:42.380158719Z	63	PC: 14d00 \| Read file or device (Read 4 bytes on handle 6)
2018-12-17T21:56:42.383126012Z	87	PC: 13f9f \| Get or set file date and time
2018-12-17T21:56:42.384693518Z	62	PC: 14c7d \| Close file
2018-12-17T21:56:42.390395566Z	67	PC: 13f58 \| Get or set file attributes
2018-12-17T21:56:42.396829758Z	26	PC: 13ff3 \| Set disk transfer address
2018-12-17T21:56:42.397716293Z	79	PC: 13ff8 \| Find next file
2018-12-17T21:56:42.401022753Z	67	PC: 13f58 \| Get or set file attributes
2018-12-17T21:56:42.41040524Z	61	PC: 14c2d \| Open file (Filename = 'C:\DOS\EXPAND.EXE')
2018-12-17T21:56:42.417657411Z	66	PC: 14d5f \| Move file pointer
2018-12-17T21:56:42.419147046Z	63	PC: 14d00 \| Read file or device (Read 4 bytes on handle 6)
2018-12-17T21:56:42.425608949Z	87	PC: 13f9f \| Get or set file date and time
2018-12-17T21:56:42.428059944Z	62	PC: 14c7d \| Close file
2018-12-17T21:56:42.435652116Z	67	PC: 13f58 \| Get or set file attributes
2018-12-17T21:56:42.446370462Z	67	PC: 13f58 \| Get or set file attributes
2018-12-17T21:56:42.45720133Z	61	PC: 14c2d \| Open file (Filename = 'C:\DOS\EXPAND.EXE')
2018-12-17T21:56:42.464467225Z	66	PC: 14d5f \| Move file pointer
2018-12-17T21:56:42.465854557Z	63	PC: 14d00 \| Read file or device (Read 7384 bytes on handle 6)
2018-12-17T21:56:42.472912848Z	66	PC: 14d5f \| Move file pointer
2018-12-17T21:56:42.474308143Z	64	PC: 14d00 \| Write file or device (Write 7384 bytes on handle 6)
2018-12-17T21:56:42.482652027Z	66	PC: 14d5f \| Move file pointer
2018-12-17T21:56:42.484639415Z	64	PC: 14d00 \| Write file or device (Write 7384 bytes on handle 6)
2018-12-17T21:56:42.491592348Z	87	PC: 13f9f \| Get or set file date and time
2018-12-17T21:56:42.493470184Z	62	PC: 14c7d \| Close file
2018-12-17T21:56:42.499113553Z	67	PC: 13f58 \| Get or set file attributes
2018-12-17T21:56:42.50858874Z	26	PC: 13ff3 \| Set disk transfer address
2018-12-17T21:56:42.51046842Z	79	PC: 13ff8 \| Find next file
2018-12-17T21:56:42.514136237Z	67	PC: 13f58 \| Get or set file attributes
2018-12-17T21:56:42.523573821Z	61	PC: 14c2d \| Open file (Filename = 'C:\DOS\FDISK.EXE')
2018-12-17T21:56:42.530885251Z	66	PC: 14d5f \| Move file pointer
2018-12-17T21:56:42.532332964Z	63	PC: 14d00 \| Read file or device (Read 4 bytes on handle 6)
2018-12-17T21:56:42.537956858Z	87	PC: 13f9f \| Get or set file date and time
2018-12-17T21:56:42.539607627Z	62	PC: 14c7d \| Close file
2018-12-17T21:56:42.545836834Z	67	PC: 13f58 \| Get or set file attributes
2018-12-17T21:56:42.556843222Z	67	PC: 13f58 \| Get or set file attributes
2018-12-17T21:56:42.566548174Z	61	PC: 14c2d \| Open file (Filename = 'C:\DOS\FDISK.EXE')
2018-12-17T21:56:42.573556973Z	66	PC: 14d5f \| Move file pointer
2018-12-17T21:56:42.575456302Z	63	PC: 14d00 \| Read file or device (Read 7384 bytes on handle 6)
2018-12-17T21:56:42.582281321Z	66	PC: 14d5f \| Move file pointer
2018-12-17T21:56:42.583576952Z	64	PC: 14d00 \| Write file or device (Write 7384 bytes on handle 6)
2018-12-17T21:56:42.591257906Z	66	PC: 14d5f \| Move file pointer
2018-12-17T21:56:42.592419112Z	64	PC: 14d00 \| Write file or device (Write 7384 bytes on handle 6)
2018-12-17T21:56:42.598590688Z	87	PC: 13f9f \| Get or set file date and time
2018-12-17T21:56:42.599960095Z	62	PC: 14c7d \| Close file
2018-12-17T21:56:42.604720402Z	67	PC: 13f58 \| Get or set file attributes
2018-12-17T21:56:42.615331109Z	26	PC: 13ff3 \| Set disk transfer address
2018-12-17T21:56:42.616567856Z	79	PC: 13ff8 \| Find next file
2018-12-17T21:56:42.620998372Z	67	PC: 13f58 \| Get or set file attributes
2018-12-17T21:56:42.631741303Z	61	PC: 14c2d \| Open file (Filename = 'C:\DOS\MEM.EXE')
2018-12-17T21:56:42.638686964Z	66	PC: 14d5f \| Move file pointer
2018-12-17T21:56:42.640028932Z	63	PC: 14d00 \| Read file or device (Read 4 bytes on handle 6)
2018-12-17T21:56:42.646381033Z	87	PC: 13f9f \| Get or set file date and time
2018-12-17T21:56:42.647909378Z	62	PC: 14c7d \| Close file
2018-12-17T21:56:42.65449449Z	67	PC: 13f58 \| Get or set file attributes
2018-12-17T21:56:42.664675928Z	67	PC: 13f58 \| Get or set file attributes
2018-12-17T21:56:42.674778264Z	61	PC: 14c2d \| Open file (Filename = 'C:\DOS\MEM.EXE')
2018-12-17T21:56:42.67964732Z	66	PC: 14d5f \| Move file pointer
2018-12-17T21:56:42.680685556Z	63	PC: 14d00 \| Read file or device (Read 7384 bytes on handle 6)
2018-12-17T21:56:42.68560544Z	66	PC: 14d5f \| Move file pointer
2018-12-17T21:56:42.68684624Z	64	PC: 14d00 \| Write file or device (Write 7384 bytes on handle 6)
2018-12-17T21:56:42.694529059Z	66	PC: 14d5f \| Move file pointer
2018-12-17T21:56:42.69604134Z	64	PC: 14d00 \| Write file or device (Write 7384 bytes on handle 6)
2018-12-17T21:56:42.704633491Z	87	PC: 13f9f \| Get or set file date and time
2018-12-17T21:56:42.706188999Z	62	PC: 14c7d \| Close file
2018-12-17T21:56:42.713506335Z	67	PC: 13f58 \| Get or set file attributes
2018-12-17T21:56:42.722800885Z	26	PC: 13ff3 \| Set disk transfer address
2018-12-17T21:56:42.723764308Z	79	PC: 13ff8 \| Find next file
2018-12-17T21:56:42.730917879Z	26	PC: 13fcf \| Set disk transfer address
2018-12-17T21:56:42.731837335Z	78	PC: 13fdb \| Find first file
2018-12-17T21:56:42.73900383Z	67	PC: 13f58 \| Get or set file attributes
2018-12-17T21:56:42.749033652Z	61	PC: 14c2d \| Open file (Filename = 'C:\DOS\ATTRIB.EXE')
2018-12-17T21:56:42.755679292Z	66	PC: 14d5f \| Move file pointer
2018-12-17T21:56:42.757472274Z	63	PC: 14d00 \| Read file or device (Read 4 bytes on handle 6)
2018-12-17T21:56:42.760304508Z	87	PC: 13f9f \| Get or set file date and time
2018-12-17T21:56:42.761696721Z	62	PC: 14c7d \| Close file
2018-12-17T21:56:42.767550366Z	67	PC: 13f58 \| Get or set file attributes
2018-12-17T21:56:42.776798806Z	26	PC: 13ff3 \| Set disk transfer address
2018-12-17T21:56:42.778180655Z	79	PC: 13ff8 \| Find next file
2018-12-17T21:56:42.781612834Z	67	PC: 13f58 \| Get or set file attributes
2018-12-17T21:56:42.790773065Z	61	PC: 14c2d \| Open file (Filename = 'C:\DOS\CHKDSK.EXE')
2018-12-17T21:56:42.798168266Z	66	PC: 14d5f \| Move file pointer
2018-12-17T21:56:42.799463025Z	63	PC: 14d00 \| Read file or device (Read 4 bytes on handle 6)
2018-12-17T21:56:42.802211263Z	87	PC: 13f9f \| Get or set file date and time
2018-12-17T21:56:42.803733282Z	62	PC: 14c7d \| Close file
2018-12-17T21:56:42.809443091Z	67	PC: 13f58 \| Get or set file attributes
2018-12-17T21:56:42.819677674Z	26	PC: 13ff3 \| Set disk transfer address
2018-12-17T21:56:42.820592247Z	79	PC: 13ff8 \| Find next file
2018-12-17T21:56:42.823957763Z	67	PC: 13f58 \| Get or set file attributes
2018-12-17T21:56:42.833425066Z	61	PC: 14c2d \| Open file (Filename = 'C:\DOS\DEBUG.EXE')
2018-12-17T21:56:42.839995812Z	66	PC: 14d5f \| Move file pointer
2018-12-17T21:56:42.841431622Z	63	PC: 14d00 \| Read file or device (Read 4 bytes on handle 6)
2018-12-17T21:56:42.844406088Z	87	PC: 13f9f \| Get or set file date and time
2018-12-17T21:56:42.846072829Z	62	PC: 14c7d \| Close file
2018-12-17T21:56:42.852304218Z	67	PC: 13f58 \| Get or set file attributes
2018-12-17T21:56:42.861500168Z	26	PC: 13ff3 \| Set disk transfer address
2018-12-17T21:56:42.862357218Z	79	PC: 13ff8 \| Find next file
2018-12-17T21:56:42.866008181Z	67	PC: 13f58 \| Get or set file attributes
2018-12-17T21:56:42.875905798Z	61	PC: 14c2d \| Open file (Filename = 'C:\DOS\EXPAND.EXE')
2018-12-17T21:56:42.882695477Z	66	PC: 14d5f \| Move file pointer
2018-12-17T21:56:42.884218054Z	63	PC: 14d00 \| Read file or device (Read 4 bytes on handle 6)
2018-12-17T21:56:42.886978699Z	87	PC: 13f9f \| Get or set file date and time
2018-12-17T21:56:42.888707477Z	62	PC: 14c7d \| Close file
2018-12-17T21:56:42.894912989Z	67	PC: 13f58 \| Get or set file attributes
2018-12-17T21:56:42.904312279Z	26	PC: 13ff3 \| Set disk transfer address
2018-12-17T21:56:42.905472812Z	79	PC: 13ff8 \| Find next file
2018-12-17T21:56:42.90884439Z	67	PC: 13f58 \| Get or set file attributes
2018-12-17T21:56:42.918846736Z	61	PC: 14c2d \| Open file (Filename = 'C:\DOS\FDISK.EXE')
2018-12-17T21:56:42.925840235Z	66	PC: 14d5f \| Move file pointer
2018-12-17T21:56:42.927603704Z	63	PC: 14d00 \| Read file or device (Read 4 bytes on handle 6)
2018-12-17T21:56:42.931026716Z	87	PC: 13f9f \| Get or set file date and time
2018-12-17T21:56:42.932456157Z	62	PC: 14c7d \| Close file
2018-12-17T21:56:42.939064858Z	67	PC: 13f58 \| Get or set file attributes
2018-12-17T21:56:42.948826612Z	26	PC: 13ff3 \| Set disk transfer address
2018-12-17T21:56:42.94976152Z	79	PC: 13ff8 \| Find next file
2018-12-17T21:56:42.953644797Z	67	PC: 13f58 \| Get or set file attributes
2018-12-17T21:56:42.963283091Z	61	PC: 14c2d \| Open file (Filename = 'C:\DOS\MEM.EXE')
2018-12-17T21:56:42.969941744Z	66	PC: 14d5f \| Move file pointer
2018-12-17T21:56:42.971917812Z	63	PC: 14d00 \| Read file or device (Read 4 bytes on handle 6)
2018-12-17T21:56:42.97478202Z	87	PC: 13f9f \| Get or set file date and time
2018-12-17T21:56:42.976471569Z	62	PC: 14c7d \| Close file
2018-12-17T21:56:42.982231208Z	67	PC: 13f58 \| Get or set file attributes
2018-12-17T21:56:42.991583935Z	26	PC: 13ff3 \| Set disk transfer address
2018-12-17T21:56:42.993136517Z	79	PC: 13ff8 \| Find next file
2018-12-17T21:56:42.996242873Z	26	PC: 13ff3 \| Set disk transfer address
2018-12-17T21:56:42.997584273Z	79	PC: 13ff8 \| Find next file
2018-12-17T21:56:43.002855958Z	67	PC: 13f58 \| Get or set file attributes
2018-12-17T21:56:43.01262055Z	61	PC: 14c2d \| Open file (Filename = 'C:\DOS\QBASIC.EXE')
2018-12-17T21:56:43.02020525Z	66	PC: 14d5f \| Move file pointer
2018-12-17T21:56:43.021818139Z	63	PC: 14d00 \| Read file or device (Read 4 bytes on handle 6)
2018-12-17T21:56:43.027707476Z	87	PC: 13f9f \| Get or set file date and time
2018-12-17T21:56:43.029974808Z	62	PC: 14c7d \| Close file
2018-12-17T21:56:43.035828924Z	67	PC: 13f58 \| Get or set file attributes
2018-12-17T21:56:43.046105871Z	67	PC: 13f58 \| Get or set file attributes
2018-12-17T21:56:43.055800104Z	61	PC: 14c2d \| Open file (Filename = 'C:\DOS\QBASIC.EXE')
2018-12-17T21:56:43.060398016Z	66	PC: 14d5f \| Move file pointer
2018-12-17T21:56:43.061844627Z	63	PC: 14d00 \| Read file or device (Read 7384 bytes on handle 6)
2018-12-17T21:56:43.06710151Z	66	PC: 14d5f \| Move file pointer
2018-12-17T21:56:43.068585001Z	64	PC: 14d00 \| Write file or device (Write 7384 bytes on handle 6)
2018-12-17T21:56:43.077123395Z	66	PC: 14d5f \| Move file pointer
2018-12-17T21:56:43.078420077Z	64	PC: 14d00 \| Write file or device (Write 7384 bytes on handle 6)
2018-12-17T21:56:43.087941436Z	87	PC: 13f9f \| Get or set file date and time
2018-12-17T21:56:43.090352557Z	62	PC: 14c7d \| Close file
2018-12-17T21:56:43.0972286Z	67	PC: 13f58 \| Get or set file attributes
2018-12-17T21:56:43.107931412Z	26	PC: 13ff3 \| Set disk transfer address
2018-12-17T21:56:43.109029027Z	79	PC: 13ff8 \| Find next file
2018-12-17T21:56:43.112857539Z	67	PC: 13f58 \| Get or set file attributes
2018-12-17T21:56:43.123407435Z	61	PC: 14c2d \| Open file (Filename = 'C:\DOS\REPLACE.EXE')
2018-12-17T21:56:43.1314247Z	66	PC: 14d5f \| Move file pointer
2018-12-17T21:56:43.132817599Z	63	PC: 14d00 \| Read file or device (Read 4 bytes on handle 6)
2018-12-17T21:56:43.139054139Z	87	PC: 13f9f \| Get or set file date and time
2018-12-17T21:56:43.140140349Z	62	PC: 14c7d \| Close file
2018-12-17T21:56:43.144550787Z	67	PC: 13f58 \| Get or set file attributes
2018-12-17T21:56:43.151255233Z	67	PC: 13f58 \| Get or set file attributes
2018-12-17T21:56:43.15754922Z	61	PC: 14c2d \| Open file (Filename = 'C:\DOS\REPLACE.EXE')
2018-12-17T21:56:43.1624714Z	66	PC: 14d5f \| Move file pointer
2018-12-17T21:56:43.16353213Z	63	PC: 14d00 \| Read file or device (Read 7384 bytes on handle 6)
2018-12-17T21:56:43.167902467Z	66	PC: 14d5f \| Move file pointer
2018-12-17T21:56:43.169210596Z	64	PC: 14d00 \| Write file or device (Write 7384 bytes on handle 6)
2018-12-17T21:56:43.174083803Z	66	PC: 14d5f \| Move file pointer
2018-12-17T21:56:43.175678244Z	64	PC: 14d00 \| Write file or device (Write 7384 bytes on handle 6)
2018-12-17T21:56:43.184163634Z	87	PC: 13f9f \| Get or set file date and time
2018-12-17T21:56:43.185859333Z	62	PC: 14c7d \| Close file
2018-12-17T21:56:43.19357774Z	67	PC: 13f58 \| Get or set file attributes
2018-12-17T21:56:43.203820331Z	26	PC: 13ff3 \| Set disk transfer address
2018-12-17T21:56:43.204763124Z	79	PC: 13ff8 \| Find next file
2018-12-17T21:56:43.208445936Z	67	PC: 13f58 \| Get or set file attributes
2018-12-17T21:56:43.217870807Z	61	PC: 14c2d \| Open file (Filename = 'C:\DOS\RESTORE.EXE')
2018-12-17T21:56:43.225021961Z	66	PC: 14d5f \| Move file pointer
2018-12-17T21:56:43.226396235Z	63	PC: 14d00 \| Read file or device (Read 4 bytes on handle 6)
2018-12-17T21:56:43.232004389Z	87	PC: 13f9f \| Get or set file date and time
2018-12-17T21:56:43.234137648Z	62	PC: 14c7d \| Close file
2018-12-17T21:56:43.239910559Z	67	PC: 13f58 \| Get or set file attributes
2018-12-17T21:56:43.250273038Z	67	PC: 13f58 \| Get or set file attributes
2018-12-17T21:56:43.260577572Z	61	PC: 14c2d \| Open file (Filename = 'C:\DOS\RESTORE.EXE')
2018-12-17T21:56:43.267575547Z	66	PC: 14d5f \| Move file pointer
2018-12-17T21:56:43.269866207Z	63	PC: 14d00 \| Read file or device (Read 7384 bytes on handle 6)
2018-12-17T21:56:43.27684024Z	66	PC: 14d5f \| Move file pointer
2018-12-17T21:56:43.278453069Z	64	PC: 14d00 \| Write file or device (Write 7384 bytes on handle 6)
2018-12-17T21:56:43.286329683Z	66	PC: 14d5f \| Move file pointer
2018-12-17T21:56:43.287836071Z	64	PC: 14d00 \| Write file or device (Write 7384 bytes on handle 6)
2018-12-17T21:56:43.297892303Z	87	PC: 13f9f \| Get or set file date and time
2018-12-17T21:56:43.299555493Z	62	PC: 14c7d \| Close file
2018-12-17T21:56:43.30637641Z	67	PC: 13f58 \| Get or set file attributes
2018-12-17T21:56:43.316120828Z	26	PC: 13ff3 \| Set disk transfer address
2018-12-17T21:56:43.317061142Z	79	PC: 13ff8 \| Find next file
2018-12-17T21:56:43.320057262Z	37	PC: 1404c \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T21:56:43.321821695Z	64	PC: 1493b \| Write file or device (Write 0 bytes on handle 1)
2018-12-17T21:56:43.323339087Z	37	PC: 14411 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T21:56:43.325451331Z	37	PC: 14411 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T21:56:43.326473323Z	37	PC: 14411 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T21:56:43.327421272Z	37	PC: 14411 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:56:43.328936294Z	37	PC: 14411 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T21:56:43.329896607Z	37	PC: 14411 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:56:43.33090296Z	37	PC: 14411 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T21:56:43.332405368Z	37	PC: 14411 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T21:56:43.333997293Z	37	PC: 14411 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T21:56:43.337951197Z	37	PC: 14411 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T21:56:43.339383902Z	37	PC: 14411 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T21:56:43.340475158Z	37	PC: 14411 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T21:56:43.342524086Z	37	PC: 14411 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T21:56:43.343947997Z	37	PC: 14411 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T21:56:43.346345565Z	37	PC: 14411 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T21:56:43.348048676Z	37	PC: 14411 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T21:56:43.34908529Z	37	PC: 14411 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T21:56:43.351402947Z	37	PC: 14411 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T21:56:43.352393847Z	37	PC: 14411 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T21:56:43.35332964Z	76	PC: 14450 \| Terminate with return code (Return code = '0')