Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Usepass.11096

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:09:44.189712034Z	53	PC: 140fa \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:09:44.191591135Z	53	PC: 140fa \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:09:44.192736768Z	53	PC: 140fa \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:09:44.193760952Z	53	PC: 140fa \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:09:44.195067339Z	53	PC: 140fa \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:09:44.19687555Z	53	PC: 140fa \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:09:44.198598878Z	53	PC: 140fa \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:09:44.200773166Z	53	PC: 140fa \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:09:44.202549617Z	53	PC: 140fa \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:09:44.204257156Z	53	PC: 140fa \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:09:44.205620353Z	53	PC: 140fa \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:09:44.206693239Z	53	PC: 140fa \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:09:44.20858902Z	53	PC: 140fa \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:09:44.209794501Z	53	PC: 140fa \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:09:44.210983148Z	53	PC: 140fa \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:09:44.212539152Z	53	PC: 140fa \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:09:44.214119373Z	53	PC: 140fa \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:09:44.215290221Z	53	PC: 140fa \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:09:44.216784884Z	53	PC: 140fa \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:09:44.219074159Z	37	PC: 1410f \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:09:44.22046849Z	37	PC: 14117 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:09:44.221682198Z	37	PC: 1411f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:09:44.22389727Z	37	PC: 14127 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:09:44.225286718Z	68	PC: 14e52 \| I/O control for devices (Set for = '��&�&�')
2018-12-17T23:09:44.22660129Z	48	PC: 14982 \| Get DOS version
2018-12-17T23:09:44.228038029Z	44	PC: 14f89 \| Get time 0x14f89: mov word ptr [0x66], cx 0x14f8d: mov word ptr [0x68], dx 0x14f91: retf 0x14f92: call 0x14fd9 0x14f95: jb 0x14fa6 0x14f97: mov cx, word ptr es:[di + 4] 0x14f9b: cmp cx, 1 0x14f9e: je 0x14fa6 0x14fa0: xor bx, bx 0x14fa2: push cs 0x14fa3: call 0x24b1a 0x14fa6: retf 4 0x14fa9: call 0x14fd9 0x14fac: jb 0x14fc1 0x14fae: mov ax, cx 0x14fb0: mov dx, bx 0x14fb2: mov cx, word ptr es:[di + 4] 0x14fb6: cmp cx, 1 0x14fb9: je 0x14fc1 0x14fbb: xor bx, bx
2018-12-17T23:09:44.229662362Z	25	PC: 14a0f \| Get default drive
2018-12-17T23:09:44.230760665Z	71	PC: 14a22 \| Get current directory
2018-12-17T23:09:44.233949295Z	61	PC: 147c0 \| Open file (Filename = 'resour08.rsc')
2018-12-17T23:09:44.238278946Z	25	PC: 14a0f \| Get default drive
2018-12-17T23:09:44.239143626Z	71	PC: 14a22 \| Get current directory
2018-12-17T23:09:44.241891013Z	26	PC: 13f07 \| Set disk transfer address
2018-12-17T23:09:44.243018931Z	78	PC: 13f13 \| Find first file
2018-12-17T23:09:44.247401389Z	61	PC: 147c0 \| Open file (Filename = 'TEST.EXE')
2018-12-17T23:09:44.252292179Z	66	PC: 14ff3 \| Move file pointer
2018-12-17T23:09:44.253648107Z	66	PC: 15001 \| Move file pointer
2018-12-17T23:09:44.254831815Z	66	PC: 1500f \| Move file pointer
2018-12-17T23:09:44.256458381Z	66	PC: 148f2 \| Move file pointer
2018-12-17T23:09:44.257974964Z	63	PC: 14893 \| Read file or device (Read 20 bytes on handle 5)
2018-12-17T23:09:44.263339238Z	62	PC: 14810 \| Close file
2018-12-17T23:09:44.266143142Z	61	PC: 147c0 \| Open file (Filename = 'TEST.EXE')
2018-12-17T23:09:44.271179069Z	66	PC: 14ff3 \| Move file pointer
2018-12-17T23:09:44.272634373Z	66	PC: 15001 \| Move file pointer
2018-12-17T23:09:44.273893164Z	66	PC: 1500f \| Move file pointer
2018-12-17T23:09:44.275471558Z	66	PC: 148f2 \| Move file pointer
2018-12-17T23:09:44.276629371Z	63	PC: 14893 \| Read file or device (Read 20 bytes on handle 5)
2018-12-17T23:09:44.279426478Z	62	PC: 14810 \| Close file
2018-12-17T23:09:44.28148199Z	26	PC: 13f2b \| Set disk transfer address
2018-12-17T23:09:44.282384878Z	79	PC: 13f30 \| Find next file
2018-12-17T23:09:44.284651065Z	14	PC: 14a68 \| Set default drive (Drive = 'C')
2018-12-17T23:09:44.286048342Z	25	PC: 14a6c \| Get default drive
2018-12-17T23:09:44.287110842Z	61	PC: 147c0 \| Open file (Filename = 'resour08.rsc')
2018-12-17T23:09:44.291118693Z	26	PC: 13f07 \| Set disk transfer address
2018-12-17T23:09:44.292876103Z	78	PC: 13f13 \| Find first file
2018-12-17T23:09:44.296575772Z	59	PC: 14ad6 \| Change current directory
2018-12-17T23:09:44.300559099Z	61	PC: 147c0 \| Open file (Filename = 'resour08.rsc')
2018-12-17T23:09:44.307945809Z	25	PC: 14a0f \| Get default drive
2018-12-17T23:09:44.30891085Z	71	PC: 14a22 \| Get current directory
2018-12-17T23:09:44.311116368Z	26	PC: 13f07 \| Set disk transfer address
2018-12-17T23:09:44.312595501Z	78	PC: 13f13 \| Find first file
2018-12-17T23:09:44.317247359Z	61	PC: 147c0 \| Open file (Filename = 'ATTRIB.EXE')
2018-12-17T23:09:44.32177869Z	66	PC: 14ff3 \| Move file pointer
2018-12-17T23:09:44.324167197Z	66	PC: 15001 \| Move file pointer
2018-12-17T23:09:44.32565207Z	66	PC: 1500f \| Move file pointer
2018-12-17T23:09:44.327069678Z	66	PC: 148f2 \| Move file pointer
2018-12-17T23:09:44.330246626Z	63	PC: 14893 \| Read file or device (Read 20 bytes on handle 5)
2018-12-17T23:09:44.337072126Z	62	PC: 14810 \| Close file
2018-12-17T23:09:44.339894603Z	61	PC: 147c0 \| Open file (Filename = 'ATTRIB.EXE')
2018-12-17T23:09:44.348083126Z	66	PC: 14ff3 \| Move file pointer
2018-12-17T23:09:44.350111774Z	66	PC: 15001 \| Move file pointer
2018-12-17T23:09:44.352464944Z	66	PC: 1500f \| Move file pointer
2018-12-17T23:09:44.354371604Z	63	PC: 14893 \| Read file or device (Read 11056 bytes on handle 5)
2018-12-17T23:09:44.363881056Z	62	PC: 14810 \| Close file
2018-12-17T23:09:44.365752305Z	48	PC: 14982 \| Get DOS version
2018-12-17T23:09:44.367800094Z	61	PC: 147c0 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T23:09:44.375433478Z	61	PC: 147c0 \| Open file (Filename = 'ATTRIB.EXE')
2018-12-17T23:09:44.382871828Z	63	PC: 14893 \| Read file or device (Read 11056 bytes on handle 5)
2018-12-17T23:09:44.391783574Z	66	PC: 148f2 \| Move file pointer
2018-12-17T23:09:44.393443508Z	64	PC: 14893 \| Write file or device (Write 11056 bytes on handle 6)
2018-12-17T23:09:44.737738117Z	66	PC: 14ff3 \| Move file pointer
2018-12-17T23:09:44.739785584Z	66	PC: 15001 \| Move file pointer
2018-12-17T23:09:44.742478555Z	66	PC: 1500f \| Move file pointer
2018-12-17T23:09:44.744335215Z	66	PC: 148f2 \| Move file pointer
2018-12-17T23:09:44.745624839Z	64	PC: 14893 \| Write file or device (Write 11056 bytes on handle 6)
2018-12-17T23:09:44.762308605Z	64	PC: 14893 \| Write file or device (Write 40 bytes on handle 6)
2018-12-17T23:09:44.766151176Z	62	PC: 14810 \| Close file
2018-12-17T23:09:44.775633729Z	62	PC: 14810 \| Close file
2018-12-17T23:09:44.778843316Z	25	PC: 14a0f \| Get default drive
2018-12-17T23:09:44.780702428Z	71	PC: 14a22 \| Get current directory
2018-12-17T23:09:44.784221699Z	59	PC: 14ad6 \| Change current directory
2018-12-17T23:09:44.790147037Z	14	PC: 14a68 \| Set default drive (Drive = 'A')
2018-12-17T23:09:44.792385128Z	25	PC: 14a6c \| Get default drive
2018-12-17T23:09:44.794381409Z	14	PC: 14a68 \| Set default drive (Drive = 'C')
2018-12-17T23:09:44.796896879Z	25	PC: 14a6c \| Get default drive
2018-12-17T23:09:44.798580656Z	25	PC: 14a0f \| Get default drive
2018-12-17T23:09:44.799851462Z	71	PC: 14a22 \| Get current directory
2018-12-17T23:09:44.804228565Z	59	PC: 14ad6 \| Change current directory
2018-12-17T23:09:44.808412501Z	14	PC: 14a68 \| Set default drive (Drive = 'A')
2018-12-17T23:09:44.810167474Z	25	PC: 14a6c \| Get default drive
2018-12-17T23:09:44.812870995Z	48	PC: 14982 \| Get DOS version
2018-12-17T23:09:44.814753247Z	61	PC: 147c0 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T23:09:44.822576805Z	66	PC: 14ff3 \| Move file pointer
2018-12-17T23:09:44.825330499Z	66	PC: 15001 \| Move file pointer
2018-12-17T23:09:44.828069275Z	66	PC: 1500f \| Move file pointer
2018-12-17T23:09:44.829871734Z	62	PC: 14810 \| Close file
2018-12-17T23:09:44.833336694Z	48	PC: 14982 \| Get DOS version
2018-12-17T23:09:44.83544903Z	61	PC: 147c0 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T23:09:44.843145567Z	66	PC: 14ff3 \| Move file pointer
2018-12-17T23:09:44.845646683Z	66	PC: 15001 \| Move file pointer
2018-12-17T23:09:44.847874092Z	66	PC: 1500f \| Move file pointer
2018-12-17T23:09:44.850161409Z	63	PC: 14893 \| Read file or device (Read 11056 bytes on handle 5)
2018-12-17T23:09:44.861625051Z	66	PC: 148f2 \| Move file pointer
2018-12-17T23:09:44.863926757Z	63	PC: 14893 \| Read file or device (Read 11056 bytes on handle 5)
2018-12-17T23:09:44.873627215Z	66	PC: 148f2 \| Move file pointer
2018-12-17T23:09:44.876060189Z	64	PC: 14893 \| Write file or device (Write 11056 bytes on handle 5)
2018-12-17T23:09:44.893057368Z	66	PC: 148f2 \| Move file pointer
2018-12-17T23:09:44.894716707Z	64	PC: 14893 \| Write file or device (Write 11056 bytes on handle 5)
2018-12-17T23:09:44.904342892Z	62	PC: 14810 \| Close file
2018-12-17T23:09:44.913600116Z	53	PC: 14076 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:09:44.914986754Z	37	PC: 1407f \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:09:44.91630558Z	53	PC: 14076 \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:09:44.917939291Z	37	PC: 1407f \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:09:44.919237516Z	53	PC: 14076 \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:09:44.920568667Z	37	PC: 1407f \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:09:44.922166258Z	53	PC: 14076 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:09:44.923470266Z	37	PC: 1407f \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:09:44.924612292Z	53	PC: 14076 \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:09:44.92648333Z	37	PC: 1407f \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:09:44.92774361Z	53	PC: 14076 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:09:44.929301799Z	37	PC: 1407f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:09:44.931797104Z	53	PC: 14076 \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:09:44.933193767Z	37	PC: 1407f \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:09:44.934619406Z	53	PC: 14076 \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:09:44.936481889Z	37	PC: 1407f \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:09:44.937629039Z	53	PC: 14076 \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:09:44.939053587Z	37	PC: 1407f \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:09:44.941951951Z	53	PC: 14076 \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:09:44.94331608Z	37	PC: 1407f \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:09:44.944460958Z	53	PC: 14076 \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:09:44.946247447Z	37	PC: 1407f \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:09:44.947481343Z	53	PC: 14076 \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:09:44.948866329Z	37	PC: 1407f \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:09:44.951001655Z	53	PC: 14076 \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:09:44.952593491Z	37	PC: 1407f \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:09:44.95417345Z	53	PC: 14076 \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:09:44.956757185Z	37	PC: 1407f \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:09:44.958333917Z	53	PC: 14076 \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:09:44.959917786Z	37	PC: 1407f \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:09:44.962461181Z	53	PC: 14076 \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:09:44.964050277Z	37	PC: 1407f \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:09:44.965363809Z	53	PC: 14076 \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:09:44.967065059Z	37	PC: 1407f \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:09:44.968428644Z	53	PC: 14076 \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:09:44.969587099Z	37	PC: 1407f \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:09:44.971195781Z	53	PC: 14076 \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:09:44.972504128Z	37	PC: 1407f \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:09:44.973651513Z	48	PC: 14982 \| Get DOS version
2018-12-17T23:09:44.975626491Z	41	PC: 1402d \| Parse filename
2018-12-17T23:09:44.97725693Z	41	PC: 1403b \| Parse filename
2018-12-17T23:09:44.9787984Z	75	PC: 14046 \| Execute program
2018-12-17T23:09:44.996497744Z	9	PC: 1b9ac \| Display string (String= '��JWUW��[v��!� ��A:\TEST.EXE��]��BV�&Bٞў�Z>�]x^�^��')
2018-12-17T23:09:45.002598209Z	76	PC: 1b9b1 \| Terminate with return code (Return code = '0')
2018-12-17T23:09:45.00483562Z	53	PC: 14076 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:09:45.006332633Z	37	PC: 1407f \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:09:45.007370464Z	53	PC: 14076 \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:09:45.00843692Z	37	PC: 1407f \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:09:45.010291233Z	53	PC: 14076 \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:09:45.012010433Z	37	PC: 1407f \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:09:45.013689471Z	53	PC: 14076 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:09:45.016434383Z	37	PC: 1407f \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:09:45.018135877Z	53	PC: 14076 \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:09:45.019798144Z	37	PC: 1407f \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:09:45.02267317Z	53	PC: 14076 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:09:45.024348347Z	37	PC: 1407f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:09:45.025642019Z	53	PC: 14076 \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:09:45.02746829Z	37	PC: 1407f \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:09:45.029056571Z	53	PC: 14076 \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:09:45.030747442Z	37	PC: 1407f \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:09:45.033451625Z	53	PC: 14076 \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:09:45.035211882Z	37	PC: 1407f \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:09:45.036909262Z	53	PC: 14076 \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:09:45.039327601Z	37	PC: 1407f \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:09:45.040699686Z	53	PC: 14076 \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:09:45.042086236Z	37	PC: 1407f \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:09:45.043891586Z	53	PC: 14076 \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:09:45.045046091Z	37	PC: 1407f \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:09:45.047033607Z	53	PC: 14076 \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:09:45.049766884Z	37	PC: 1407f \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:09:45.051562215Z	53	PC: 14076 \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:09:45.05331462Z	37	PC: 1407f \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:09:45.05608743Z	53	PC: 14076 \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:09:45.05782062Z	37	PC: 1407f \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:09:45.059534747Z	53	PC: 14076 \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:09:45.061461569Z	37	PC: 1407f \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:09:45.063502889Z	53	PC: 14076 \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:09:45.064868621Z	37	PC: 1407f \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:09:45.066190707Z	53	PC: 14076 \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:09:45.068513552Z	37	PC: 1407f \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:09:45.06981083Z	53	PC: 14076 \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:09:45.071207531Z	37	PC: 1407f \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:09:45.074085468Z	48	PC: 14982 \| Get DOS version
2018-12-17T23:09:45.076170493Z	61	PC: 147c0 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T23:09:45.084915839Z	66	PC: 14ff3 \| Move file pointer
2018-12-17T23:09:45.087102008Z	66	PC: 15001 \| Move file pointer
2018-12-17T23:09:45.099964902Z	66	PC: 1500f \| Move file pointer
2018-12-17T23:09:45.101633793Z	63	PC: 14893 \| Read file or device (Read 11056 bytes on handle 5)
2018-12-17T23:09:45.112534281Z	66	PC: 148f2 \| Move file pointer
2018-12-17T23:09:45.114491272Z	63	PC: 14893 \| Read file or device (Read 11056 bytes on handle 5)
2018-12-17T23:09:45.123180488Z	66	PC: 148f2 \| Move file pointer
2018-12-17T23:09:45.125533544Z	64	PC: 14893 \| Write file or device (Write 11056 bytes on handle 5)
2018-12-17T23:09:45.337239179Z	66	PC: 148f2 \| Move file pointer
2018-12-17T23:09:45.339009529Z	64	PC: 14893 \| Write file or device (Write 11056 bytes on handle 5)
2018-12-17T23:09:45.376453968Z	62	PC: 14810 \| Close file
2018-12-17T23:09:45.386406017Z	61	PC: 147c0 \| Open file (Filename = 'c:\autoexec.bat')
2018-12-17T23:09:45.391242392Z	62	PC: 14810 \| Close file
2018-12-17T23:09:45.393598942Z	61	PC: 14e36 \| Open file (Filename = 'c:\autoexec.bat')
2018-12-17T23:09:45.398491645Z	63	PC: 144c1 \| Read file or device (Read 128 bytes on handle 5)
2018-12-17T23:09:45.403099342Z	62	PC: 14532 \| Close file
2018-12-17T23:09:45.405822125Z	60	PC: 14e36 \| Create or truncate file
2018-12-17T23:09:45.412963444Z	68	PC: 14e52 \| I/O control for devices (Set for = 'c:\autoexec.bat @echo OFFc:\virauto.bat D-/C copy c:\autoexec.bat c:\autoexec.old > nul;/C copy c:\virauto.bat+c:\autoexec.old c:\autoexec.bat >nul/C del c:\virauto.bat > nul/C del c:\autoexec.old > nulU��')
2018-12-17T23:09:45.414840062Z	64	PC: 144f3 \| Write file or device (Write 36 bytes on handle 5)
2018-12-17T23:09:45.418416746Z	62	PC: 14532 \| Close file
2018-12-17T23:09:45.424114234Z	53	PC: 14076 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:09:45.425250016Z	37	PC: 1407f \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:09:45.427113841Z	53	PC: 14076 \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:09:45.428450688Z	37	PC: 1407f \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:09:45.429728114Z	53	PC: 14076 \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:09:45.431526992Z	37	PC: 1407f \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:09:45.433272299Z	53	PC: 14076 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:09:45.434992763Z	37	PC: 1407f \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:09:45.439009485Z	53	PC: 14076 \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:09:45.440182779Z	37	PC: 1407f \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:09:45.441899184Z	53	PC: 14076 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:09:45.444260033Z	37	PC: 1407f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:09:45.446354117Z	53	PC: 14076 \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:09:45.447426501Z	37	PC: 1407f \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:09:45.44912396Z	53	PC: 14076 \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:09:45.450364727Z	37	PC: 1407f \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:09:45.451532721Z	53	PC: 14076 \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:09:45.453170368Z	37	PC: 1407f \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:09:45.454421897Z	53	PC: 14076 \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:09:45.456594853Z	37	PC: 1407f \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:09:45.45848656Z	53	PC: 14076 \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:09:45.460974092Z	37	PC: 1407f \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:09:45.462761857Z	53	PC: 14076 \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:09:45.46470788Z	37	PC: 1407f \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:09:45.466013784Z	53	PC: 14076 \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:09:45.467806237Z	37	PC: 1407f \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:09:45.469128281Z	53	PC: 14076 \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:09:45.470364891Z	37	PC: 1407f \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:09:45.472498899Z	53	PC: 14076 \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:09:45.473801241Z	37	PC: 1407f \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:09:45.47608742Z	53	PC: 14076 \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:09:45.478296036Z	37	PC: 1407f \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:09:45.481961732Z	53	PC: 14076 \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:09:45.483482593Z	37	PC: 1407f \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:09:45.485612705Z	53	PC: 14076 \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:09:45.487954192Z	37	PC: 1407f \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:09:45.489181758Z	53	PC: 14076 \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:09:45.490801783Z	37	PC: 1407f \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:09:45.491907912Z	41	PC: 1402d \| Parse filename
2018-12-17T23:09:45.493064302Z	41	PC: 1403b \| Parse filename
2018-12-17T23:09:45.494891607Z	75	PC: 14046 \| Execute program
2018-12-17T23:09:45.511359966Z	80	PC: 1cf19 \| Set current PSP
2018-12-17T23:09:45.512264237Z	48	PC: 1cf1e \| Get DOS version
2018-12-17T23:09:45.514119412Z	99	PC: 23700 \| Get DBCS lead byte table pointer
2018-12-17T23:09:45.516171564Z	101	PC: 1cfa4 \| Get extended country info
2018-12-17T23:09:45.517138305Z	99	PC: 1cfaa \| Get DBCS lead byte table pointer
2018-12-17T23:09:45.5186234Z	74	PC: 1d00c \| Reallocate memory
2018-12-17T23:09:45.519761163Z	25	PC: 1d043 \| Get default drive
2018-12-17T23:09:45.520632643Z	37	PC: 1cb03 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T23:09:45.52207934Z	37	PC: 1cb0a \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:09:45.523166889Z	37	PC: 1cb11 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:09:45.525993033Z	74	PC: 1bcac \| Reallocate memory
2018-12-17T23:09:45.527232107Z	72	PC: 1bced \| Allocate memory
2018-12-17T23:09:45.528289287Z	72	PC: 1bd25 \| Allocate memory
2018-12-17T23:09:45.530793171Z	72	PC: 1bd2d \| Allocate memory