Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Voodoo.4415

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:32:03.373902496Z	53	PC: 13282 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:32:03.375825517Z	53	PC: 13282 \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:32:03.377402637Z	53	PC: 13282 \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:32:03.378736991Z	53	PC: 13282 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:32:03.380245215Z	53	PC: 13282 \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:32:03.382159106Z	53	PC: 13282 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:32:03.383444125Z	53	PC: 13282 \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:32:03.384819237Z	53	PC: 13282 \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:32:03.390734113Z	53	PC: 13282 \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:32:03.392192882Z	53	PC: 13282 \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:32:03.39370876Z	53	PC: 13282 \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:32:03.396481222Z	53	PC: 13282 \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:32:03.398410624Z	53	PC: 13282 \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:32:03.401270412Z	53	PC: 13282 \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:32:03.404407465Z	53	PC: 13282 \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:32:03.406594038Z	53	PC: 13282 \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:32:03.40870016Z	53	PC: 13282 \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:32:03.411596884Z	53	PC: 13282 \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:32:03.413803904Z	53	PC: 13282 \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:32:03.415314168Z	37	PC: 13297 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:32:03.417105463Z	37	PC: 1329f \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:32:03.418866232Z	37	PC: 132a7 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:32:03.420692708Z	37	PC: 132af \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:32:03.422960963Z	68	PC: 1382f \| I/O control for devices (Set for = '')
2018-12-17T22:32:03.425872723Z	42	PC: 130a7 \| Get date 0x130a7: xor ah, ah 0x130a9: les di, ptr [bp + 6] 0x130ac: stosw word ptr es:[di], ax 0x130ad: mov al, dl 0x130af: les di, ptr [bp + 0xa] 0x130b2: stosw word ptr es:[di], ax 0x130b3: mov al, dh 0x130b5: les di, ptr [bp + 0xe] 0x130b8: stosw word ptr es:[di], ax 0x130b9: xchg ax, cx 0x130ba: les di, ptr [bp + 0x12] 0x130bd: stosw word ptr es:[di], ax 0x130be: pop bp 0x130bf: retf 0x10 0x130c2: push bp 0x130c3: mov bp, sp 0x130c5: mov cx, word ptr [bp + 0xa] 0x130c8: mov dh, byte ptr [bp + 8] 0x130cb: mov dl, byte ptr [bp + 6] 0x130ce: mov ah, 0x2b
2018-12-17T22:32:03.428775465Z	26	PC: 13137 \| Set disk transfer address
2018-12-17T22:32:03.430012809Z	78	PC: 13143 \| Find first file
2018-12-17T22:32:03.437469038Z	26	PC: 1315b \| Set disk transfer address
2018-12-17T22:32:03.438757125Z	79	PC: 13160 \| Find next file
2018-12-17T22:32:03.442046094Z	61	PC: 13e1a \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:32:03.451498064Z	63	PC: 13eed \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:32:03.4605875Z	66	PC: 13fb6 \| Move file pointer
2018-12-17T22:32:03.462122435Z	66	PC: 13fc4 \| Move file pointer
2018-12-17T22:32:03.464423176Z	66	PC: 13fd2 \| Move file pointer
2018-12-17T22:32:03.466170043Z	62	PC: 13e6a \| Close file
2018-12-17T22:32:03.468307674Z	26	PC: 1315b \| Set disk transfer address
2018-12-17T22:32:03.470141997Z	79	PC: 13160 \| Find next file
2018-12-17T22:32:03.47397934Z	61	PC: 13e1a \| Open file (Filename = 'HELLO.COM')
2018-12-17T22:32:03.481445656Z	63	PC: 13eed \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:32:03.495917827Z	66	PC: 13fb6 \| Move file pointer
2018-12-17T22:32:03.497876276Z	66	PC: 13fc4 \| Move file pointer
2018-12-17T22:32:03.499974241Z	66	PC: 13fd2 \| Move file pointer
2018-12-17T22:32:03.502003763Z	62	PC: 13e6a \| Close file
2018-12-17T22:32:03.50420543Z	26	PC: 1315b \| Set disk transfer address
2018-12-17T22:32:03.505538087Z	79	PC: 13160 \| Find next file
2018-12-17T22:32:03.509270935Z	61	PC: 13e1a \| Open file (Filename = 'PHANG.COM')
2018-12-17T22:32:03.518631866Z	63	PC: 13eed \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:32:03.526195872Z	66	PC: 13fb6 \| Move file pointer
2018-12-17T22:32:03.52824557Z	66	PC: 13fc4 \| Move file pointer
2018-12-17T22:32:03.530723799Z	66	PC: 13fd2 \| Move file pointer
2018-12-17T22:32:03.532626076Z	62	PC: 13e6a \| Close file
2018-12-17T22:32:03.5348847Z	26	PC: 1315b \| Set disk transfer address
2018-12-17T22:32:03.537230272Z	79	PC: 13160 \| Find next file
2018-12-17T22:32:03.540982771Z	61	PC: 13e1a \| Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:32:03.548678089Z	63	PC: 13eed \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:32:03.556980441Z	66	PC: 13fb6 \| Move file pointer
2018-12-17T22:32:03.5590534Z	66	PC: 13fc4 \| Move file pointer
2018-12-17T22:32:03.560959159Z	66	PC: 13fd2 \| Move file pointer
2018-12-17T22:32:03.563667614Z	62	PC: 13e6a \| Close file
2018-12-17T22:32:03.56591841Z	26	PC: 1315b \| Set disk transfer address
2018-12-17T22:32:03.567206553Z	79	PC: 13160 \| Find next file
2018-12-17T22:32:03.571663117Z	61	PC: 13e1a \| Open file (Filename = 'MANDEL.COM')
2018-12-17T22:32:03.579437215Z	63	PC: 13eed \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:32:03.586960121Z	66	PC: 13fb6 \| Move file pointer
2018-12-17T22:32:03.589777395Z	66	PC: 13fc4 \| Move file pointer
2018-12-17T22:32:03.592455077Z	66	PC: 13fd2 \| Move file pointer
2018-12-17T22:32:03.594434171Z	62	PC: 13e6a \| Close file
2018-12-17T22:32:03.596751018Z	26	PC: 1315b \| Set disk transfer address
2018-12-17T22:32:03.598845891Z	79	PC: 13160 \| Find next file
2018-12-17T22:32:03.602164045Z	61	PC: 13e1a \| Open file (Filename = 'PAH.COM')
2018-12-17T22:32:03.610020383Z	63	PC: 13eed \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:32:03.617986953Z	66	PC: 13fb6 \| Move file pointer
2018-12-17T22:32:03.619702202Z	66	PC: 13fc4 \| Move file pointer
2018-12-17T22:32:03.621333913Z	66	PC: 13fd2 \| Move file pointer
2018-12-17T22:32:03.623791317Z	62	PC: 13e6a \| Close file
2018-12-17T22:32:03.626197528Z	26	PC: 1315b \| Set disk transfer address
2018-12-17T22:32:03.627955709Z	79	PC: 13160 \| Find next file
2018-12-17T22:32:03.632362444Z	61	PC: 13e1a \| Open file (Filename = 'PAH.COM')
2018-12-17T22:32:03.64029127Z	63	PC: 13eed \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:32:03.643907411Z	66	PC: 13fb6 \| Move file pointer
2018-12-17T22:32:03.646347847Z	66	PC: 13fc4 \| Move file pointer
2018-12-17T22:32:03.648665186Z	66	PC: 13fd2 \| Move file pointer
2018-12-17T22:32:03.650516472Z	62	PC: 13e6a \| Close file
2018-12-17T22:32:03.652770067Z	26	PC: 13137 \| Set disk transfer address
2018-12-17T22:32:03.654954232Z	78	PC: 13143 \| Find first file
2018-12-17T22:32:03.663742594Z	26	PC: 1315b \| Set disk transfer address
2018-12-17T22:32:03.665784832Z	79	PC: 13160 \| Find next file
2018-12-17T22:32:03.679641419Z	61	PC: 13e1a \| Open file (Filename = 'TEST.EXE')
2018-12-17T22:32:03.687648691Z	63	PC: 13eed \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:32:03.692103378Z	62	PC: 13e6a \| Close file
2018-12-17T22:32:03.696158856Z	48	PC: 1405a \| Get DOS version
2018-12-17T22:32:03.697988788Z	61	PC: 13e1a \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:32:03.705821815Z	63	PC: 13eed \| Read file or device (Read 4415 bytes on handle 5)
2018-12-17T22:32:03.715250387Z	62	PC: 13e6a \| Close file
2018-12-17T22:32:03.717542437Z	61	PC: 13e1a \| Open file (Filename = 'TEST.EXE')
2018-12-17T22:32:03.724972104Z	66	PC: 13fb6 \| Move file pointer
2018-12-17T22:32:03.727566809Z	66	PC: 13fc4 \| Move file pointer
2018-12-17T22:32:03.729067599Z	66	PC: 13fd2 \| Move file pointer
2018-12-17T22:32:03.730655546Z	63	PC: 13eed \| Read file or device (Read 6224 bytes on handle 5)
2018-12-17T22:32:03.738831247Z	66	PC: 13f4c \| Move file pointer
2018-12-17T22:32:03.740914124Z	64	PC: 13eed \| Write file or device (Write 4415 bytes on handle 5)
2018-12-17T22:32:03.756679624Z	64	PC: 13eed \| Write file or device (Write 6224 bytes on handle 5)
2018-12-17T22:32:03.766208413Z	62	PC: 13e6a \| Close file
2018-12-17T22:32:03.776712607Z	48	PC: 1405a \| Get DOS version
2018-12-17T22:32:03.779048814Z	61	PC: 13e1a \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:32:03.786982506Z	66	PC: 13fb6 \| Move file pointer
2018-12-17T22:32:03.789466749Z	66	PC: 13fc4 \| Move file pointer
2018-12-17T22:32:03.791129049Z	66	PC: 13fd2 \| Move file pointer
2018-12-17T22:32:03.792857678Z	63	PC: 13eed \| Read file or device (Read 4415 bytes on handle 5)
2018-12-17T22:32:03.801690344Z	63	PC: 13eed \| Read file or device (Read 6224 bytes on handle 5)
2018-12-17T22:32:03.810024146Z	62	PC: 13e6a \| Close file
2018-12-17T22:32:03.813010016Z	60	PC: 13e1a \| Create or truncate file
2018-12-17T22:32:03.82706087Z	64	PC: 13eed \| Write file or device (Write 6224 bytes on handle 5)
2018-12-17T22:32:03.836728307Z	62	PC: 13e6a \| Close file
2018-12-17T22:32:03.847191583Z	41	PC: 131ee \| Parse filename
2018-12-17T22:32:03.850284828Z	41	PC: 131fc \| Parse filename
2018-12-17T22:32:03.852669668Z	75	PC: 13207 \| Execute program
2018-12-17T22:32:03.869988096Z	53	PC: 2d802 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:32:03.872750198Z	53	PC: 2d802 \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:32:03.875116842Z	53	PC: 2d802 \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:32:03.87696265Z	53	PC: 2d802 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:32:03.879864814Z	53	PC: 2d802 \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:32:03.881339589Z	53	PC: 2d802 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:32:03.882990359Z	53	PC: 2d802 \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:32:03.884681837Z	53	PC: 2d802 \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:32:03.88738735Z	53	PC: 2d802 \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:32:03.889724905Z	53	PC: 2d802 \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:32:03.891249555Z	53	PC: 2d802 \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:32:03.894202227Z	53	PC: 2d802 \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:32:03.895692868Z	53	PC: 2d802 \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:32:03.897295047Z	53	PC: 2d802 \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:32:03.899920533Z	53	PC: 2d802 \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:32:03.901342787Z	53	PC: 2d802 \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:32:03.90308757Z	53	PC: 2d802 \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:32:03.905711547Z	53	PC: 2d802 \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:32:03.907298481Z	53	PC: 2d802 \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:32:03.908788692Z	37	PC: 2d817 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:32:03.912675193Z	37	PC: 2d81f \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:32:03.914134828Z	37	PC: 2d827 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:32:03.915827819Z	37	PC: 2d82f \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:32:03.918726664Z	68	PC: 2ddaf \| I/O control for devices (Set for = '')
2018-12-17T22:32:03.920750404Z	42	PC: 2d627 \| Get date 0x2d627: xor ah, ah 0x2d629: les di, ptr [bp + 6] 0x2d62c: stosw word ptr es:[di], ax 0x2d62d: mov al, dl 0x2d62f: les di, ptr [bp + 0xa] 0x2d632: stosw word ptr es:[di], ax 0x2d633: mov al, dh 0x2d635: les di, ptr [bp + 0xe] 0x2d638: stosw word ptr es:[di], ax 0x2d639: xchg ax, cx 0x2d63a: les di, ptr [bp + 0x12] 0x2d63d: stosw word ptr es:[di], ax 0x2d63e: pop bp 0x2d63f: retf 0x10 0x2d642: push bp 0x2d643: mov bp, sp 0x2d645: mov cx, word ptr [bp + 0xa] 0x2d648: mov dh, byte ptr [bp + 8] 0x2d64b: mov dl, byte ptr [bp + 6] 0x2d64e: mov ah, 0x2b
2018-12-17T22:32:03.92367001Z	26	PC: 2d6b7 \| Set disk transfer address
2018-12-17T22:32:03.925724928Z	78	PC: 2d6c3 \| Find first file
2018-12-17T22:32:03.932691962Z	26	PC: 2d6db \| Set disk transfer address
2018-12-17T22:32:03.933883368Z	79	PC: 2d6e0 \| Find next file
2018-12-17T22:32:03.937559432Z	61	PC: 2e39a \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:32:03.944946772Z	63	PC: 2e46d \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:32:03.948466248Z	66	PC: 2e536 \| Move file pointer
2018-12-17T22:32:03.951248435Z	66	PC: 2e544 \| Move file pointer
2018-12-17T22:32:03.952848159Z	66	PC: 2e552 \| Move file pointer
2018-12-17T22:32:03.955810626Z	62	PC: 2e3ea \| Close file
2018-12-17T22:32:03.960010818Z	26	PC: 2d6db \| Set disk transfer address
2018-12-17T22:32:03.96157188Z	79	PC: 2d6e0 \| Find next file
2018-12-17T22:32:03.966273677Z	61	PC: 2e39a \| Open file (Filename = 'HELLO.COM')
2018-12-17T22:32:03.974441182Z	63	PC: 2e46d \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:32:03.979233277Z	66	PC: 2e536 \| Move file pointer
2018-12-17T22:32:03.980883365Z	66	PC: 2e544 \| Move file pointer
2018-12-17T22:32:03.982994885Z	66	PC: 2e552 \| Move file pointer
2018-12-17T22:32:03.985671133Z	62	PC: 2e3ea \| Close file
2018-12-17T22:32:03.988091069Z	26	PC: 2d6db \| Set disk transfer address
2018-12-17T22:32:03.99006111Z	79	PC: 2d6e0 \| Find next file
2018-12-17T22:32:03.99396461Z	61	PC: 2e39a \| Open file (Filename = 'PHANG.COM')
2018-12-17T22:32:04.001743881Z	63	PC: 2e46d \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:32:04.006048774Z	66	PC: 2e536 \| Move file pointer
2018-12-17T22:32:04.00816665Z	66	PC: 2e544 \| Move file pointer
2018-12-17T22:32:04.010392271Z	66	PC: 2e552 \| Move file pointer
2018-12-17T22:32:04.012650395Z	62	PC: 2e3ea \| Close file
2018-12-17T22:32:04.01586247Z	26	PC: 2d6db \| Set disk transfer address
2018-12-17T22:32:04.017447624Z	79	PC: 2d6e0 \| Find next file
2018-12-17T22:32:04.021177817Z	61	PC: 2e39a \| Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:32:04.032304113Z	63	PC: 2e46d \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:32:04.035315034Z	66	PC: 2e536 \| Move file pointer
2018-12-17T22:32:04.036955641Z	66	PC: 2e544 \| Move file pointer
2018-12-17T22:32:04.040459668Z	66	PC: 2e552 \| Move file pointer
2018-12-17T22:32:04.042032231Z	62	PC: 2e3ea \| Close file
2018-12-17T22:32:04.043937535Z	26	PC: 2d6db \| Set disk transfer address
2018-12-17T22:32:04.045229009Z	79	PC: 2d6e0 \| Find next file
2018-12-17T22:32:04.048528893Z	61	PC: 2e39a \| Open file (Filename = 'MANDEL.COM')
2018-12-17T22:32:04.057003162Z	63	PC: 2e46d \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:32:04.060441572Z	66	PC: 2e536 \| Move file pointer
2018-12-17T22:32:04.061840233Z	66	PC: 2e544 \| Move file pointer
2018-12-17T22:32:04.063275592Z	66	PC: 2e552 \| Move file pointer
2018-12-17T22:32:04.064817255Z	62	PC: 2e3ea \| Close file
2018-12-17T22:32:04.066685955Z	26	PC: 2d6db \| Set disk transfer address
2018-12-17T22:32:04.067780729Z	79	PC: 2d6e0 \| Find next file
2018-12-17T22:32:04.071046856Z	61	PC: 2e39a \| Open file (Filename = 'PAH.COM')
2018-12-17T22:32:04.078977398Z	63	PC: 2e46d \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:32:04.081761502Z	66	PC: 2e536 \| Move file pointer
2018-12-17T22:32:04.084426784Z	66	PC: 2e544 \| Move file pointer
2018-12-17T22:32:04.086017105Z	66	PC: 2e552 \| Move file pointer
2018-12-17T22:32:04.087635533Z	62	PC: 2e3ea \| Close file
2018-12-17T22:32:04.090076005Z	26	PC: 2d6db \| Set disk transfer address
2018-12-17T22:32:04.091332009Z	79	PC: 2d6e0 \| Find next file
2018-12-17T22:32:04.094819727Z	61	PC: 2e39a \| Open file (Filename = 'TEMP.COM')
2018-12-17T22:32:04.102909089Z	63	PC: 2e46d \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:32:04.105937769Z	62	PC: 2e3ea \| Close file
2018-12-17T22:32:04.108103928Z	26	PC: 2d6db \| Set disk transfer address
2018-12-17T22:32:04.109781329Z	79	PC: 2d6e0 \| Find next file
2018-12-17T22:32:04.117809833Z	61	PC: 2e39a \| Open file (Filename = 'TEMP.COM')
2018-12-17T22:32:04.126389013Z	63	PC: 2e46d \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:32:04.130453787Z	62	PC: 2e3ea \| Close file
2018-12-17T22:32:04.132678105Z	26	PC: 2d6b7 \| Set disk transfer address
2018-12-17T22:32:04.133876665Z	78	PC: 2d6c3 \| Find first file
2018-12-17T22:32:04.141570099Z	26	PC: 2d6db \| Set disk transfer address
2018-12-17T22:32:04.14312848Z	79	PC: 2d6e0 \| Find next file
2018-12-17T22:32:04.146249765Z	61	PC: 2e39a \| Open file (Filename = 'TEST.EXE')
2018-12-17T22:32:04.154235305Z	63	PC: 2e46d \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:32:04.161727448Z	62	PC: 2e3ea \| Close file
2018-12-17T22:32:04.164549158Z	48	PC: 2e5da \| Get DOS version
2018-12-17T22:32:04.16766391Z	61	PC: 2e39a \| Open file (Filename = 'temp.com')
2018-12-17T22:32:04.175601721Z	63	PC: 2e46d \| Read file or device (Read 4415 bytes on handle 5)
2018-12-17T22:32:04.184077637Z	62	PC: 2e3ea \| Close file
2018-12-17T22:32:04.187712077Z	61	PC: 2e39a \| Open file (Filename = 'TEST.EXE')
2018-12-17T22:32:04.196266697Z	66	PC: 2e536 \| Move file pointer
2018-12-17T22:32:04.198208545Z	66	PC: 2e544 \| Move file pointer
2018-12-17T22:32:04.200683341Z	66	PC: 2e552 \| Move file pointer
2018-12-17T22:32:04.202608282Z	63	PC: 2e46d \| Read file or device (Read 10639 bytes on handle 5)
2018-12-17T22:32:04.212163147Z	66	PC: 2e4cc \| Move file pointer
2018-12-17T22:32:04.21450315Z	64	PC: 2e46d \| Write file or device (Write 4415 bytes on handle 5)
2018-12-17T22:32:04.22413908Z	64	PC: 2e46d \| Write file or device (Write 10639 bytes on handle 5)
2018-12-17T22:32:04.234490532Z	62	PC: 2e3ea \| Close file
2018-12-17T22:32:04.244996882Z	48	PC: 2e5da \| Get DOS version
2018-12-17T22:32:04.246707479Z	61	PC: 2e39a \| Open file (Filename = 'temp.com')
2018-12-17T22:32:04.253944932Z	66	PC: 2e536 \| Move file pointer
2018-12-17T22:32:04.256422884Z	66	PC: 2e544 \| Move file pointer
2018-12-17T22:32:04.258883184Z	66	PC: 2e552 \| Move file pointer
2018-12-17T22:32:04.26061812Z	63	PC: 2e46d \| Read file or device (Read 4415 bytes on handle 5)
2018-12-17T22:32:04.26918302Z	63	PC: 2e46d \| Read file or device (Read 1809 bytes on handle 5)
2018-12-17T22:32:04.277318658Z	62	PC: 2e3ea \| Close file
2018-12-17T22:32:04.279700876Z	60	PC: 2e39a \| Create or truncate file
2018-12-17T22:32:04.295221767Z	64	PC: 2e46d \| Write file or device (Write 1809 bytes on handle 5)
2018-12-17T22:32:04.304478683Z	62	PC: 2e3ea \| Close file
2018-12-17T22:32:04.314319721Z	41	PC: 2d76e \| Parse filename
2018-12-17T22:32:04.31729819Z	41	PC: 2d77c \| Parse filename
2018-12-17T22:32:04.319032445Z	75	PC: 2d787 \| Execute program