Sample viewer

vx.netlux.org/Virus.DOS.Zlodic.666

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:51:34.337684059Z 53 PC: 12e60 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:51:34.33941875Z 37 PC: 12e69 | Set interrupt vector (Interrupt = '102' AKA 'Get or set code page')
2018-12-17T22:51:34.342284193Z 71 PC: 12e77 | Get current directory
2018-12-17T22:51:34.346575878Z 47 PC: 12e7b | Get disk transfer address
2018-12-17T22:51:34.34812745Z 26 PC: 12e8d | Set disk transfer address
2018-12-17T22:51:34.350437987Z 78 PC: 12eac | Find first file
2018-12-17T22:51:34.357782762Z 61 PC: 12eb7 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:51:34.366178583Z 63 PC: 12ec3 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:51:34.374084864Z 87 PC: 12ec8 | Get or set file date and time
2018-12-17T22:51:34.376732911Z 66 PC: 12edb | Move file pointer
2018-12-17T22:51:34.378774244Z 62 PC: 12ee0 | Close file
2018-12-17T22:51:34.381237769Z 79 PC: 12eac | Find next file
2018-12-17T22:51:34.385090326Z 61 PC: 12eb7 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:51:34.392708708Z 63 PC: 12ec3 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:51:34.399686774Z 87 PC: 12ec8 | Get or set file date and time
2018-12-17T22:51:34.401919611Z 66 PC: 12edb | Move file pointer
2018-12-17T22:51:34.403779863Z 62 PC: 12ee0 | Close file
2018-12-17T22:51:34.406072742Z 79 PC: 12eac | Find next file
2018-12-17T22:51:34.410031381Z 61 PC: 12eb7 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:51:34.418118134Z 63 PC: 12ec3 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:51:34.422407742Z 87 PC: 12ec8 | Get or set file date and time
2018-12-17T22:51:34.424229304Z 66 PC: 12edb | Move file pointer
2018-12-17T22:51:34.425473018Z 62 PC: 12ee0 | Close file
2018-12-17T22:51:34.426985429Z 79 PC: 12eac | Find next file
2018-12-17T22:51:34.429412226Z 61 PC: 12eb7 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:51:34.433871991Z 63 PC: 12ec3 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:51:34.438157136Z 87 PC: 12ec8 | Get or set file date and time
2018-12-17T22:51:34.43957265Z 66 PC: 12edb | Move file pointer
2018-12-17T22:51:34.4412943Z 62 PC: 12ee0 | Close file
2018-12-17T22:51:34.442954532Z 79 PC: 12eac | Find next file
2018-12-17T22:51:34.445030808Z 61 PC: 12eb7 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:51:34.450367316Z 63 PC: 12ec3 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:51:34.454889671Z 87 PC: 12ec8 | Get or set file date and time
2018-12-17T22:51:34.456383103Z 66 PC: 12edb | Move file pointer
2018-12-17T22:51:34.458315678Z 62 PC: 12ee0 | Close file
2018-12-17T22:51:34.460262559Z 79 PC: 12eac | Find next file
2018-12-17T22:51:34.46311135Z 61 PC: 12eb7 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:51:34.483708208Z 63 PC: 12ec3 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:51:34.49148242Z 87 PC: 12ec8 | Get or set file date and time
2018-12-17T22:51:34.493501118Z 66 PC: 12edb | Move file pointer
2018-12-17T22:51:34.495743935Z 62 PC: 12ee0 | Close file
2018-12-17T22:51:34.498526993Z 79 PC: 12eac | Find next file
2018-12-17T22:51:34.501474613Z 61 PC: 12eb7 | Open file (Filename = 'PAH.COM')
2018-12-17T22:51:34.510161458Z 63 PC: 12ec3 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:51:34.517707174Z 87 PC: 12ec8 | Get or set file date and time
2018-12-17T22:51:34.519507976Z 66 PC: 12edb | Move file pointer
2018-12-17T22:51:34.522335491Z 62 PC: 12ee0 | Close file
2018-12-17T22:51:34.524568957Z 79 PC: 12eac | Find next file
2018-12-17T22:51:34.527401575Z 59 PC: 12f18 | Change current directory
2018-12-17T22:51:34.532641976Z 67 PC: 12f23 | Get or set file attributes
2018-12-17T22:51:34.539594565Z 67 PC: 12f2f | Get or set file attributes
2018-12-17T22:51:34.545981025Z 61 PC: 12f3a | Open file (Filename = 'PAH.COM')
2018-12-17T22:51:34.553933949Z 66 PC: 12f46 | Move file pointer
2018-12-17T22:51:34.556807503Z 64 PC: 12f60 | Write file or device (Write 666 bytes on handle 5)
2018-12-17T22:51:34.640898756Z 66 PC: 12f69 | Move file pointer
2018-12-17T22:51:34.646325276Z 64 PC: 12f74 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:51:34.662772806Z 87 PC: 12f83 | Get or set file date and time
2018-12-17T22:51:34.664640175Z 62 PC: 12f87 | Close file
2018-12-17T22:51:34.673534383Z 67 PC: 12f95 | Get or set file attributes
2018-12-17T22:51:34.687032888Z 59 PC: 12f9d | Change current directory
2018-12-17T22:51:34.689615966Z 26 PC: 12fab | Set disk transfer address
2018-12-17T22:51:34.691594186Z 42 PC: 12faf | Get date 0x12faf: cmp dh, 3
0x12fb2: jne 0x12fbc
0x12fb4: cmp dl, 0x13
0x12fb7: jne 0x12fbc
0x12fb9: call 0x12fcf
0x12fbc: mov ax, cs
0x12fbe: mov ds, ax
0x12fc0: mov es, ax
0x12fc2: xor bx, bx
0x12fc4: xor dx, dx
0x12fc6: xor cx, cx
0x12fc8: mov ax, 0x100
0x12fcb: jmp ax
0x12fcd: int 0x20
0x12fcf: mov ax, 3
0x12fd2: int 0x10
0x12fd4: mov ah, 1
0x12fd6: mov ch, 0x20
0x12fd8: int 0x10
0x12fda: mov ax, 0x1003
2018-12-17T22:51:34.695413072Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=000003E8h/0000001000d bytes. ')
2018-12-17T22:51:34.699116012Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10602,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:28:34.443148095Z 53 PC: 12e60 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:28:34.447120852Z 37 PC: 12e69 | Set interrupt vector (Interrupt = '102' AKA 'Get or set code page')
2018-12-25T12:28:34.448401429Z 71 PC: 12e77 | Get current directory
2018-12-25T12:28:34.451406873Z 47 PC: 12e7b | Get disk transfer address
2018-12-25T12:28:34.452956361Z 26 PC: 12e8d | Set disk transfer address
2018-12-25T12:28:34.453871422Z 78 PC: 12eac | Find first file
2018-12-25T12:28:34.459552083Z 61 PC: 12eb7 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:28:34.471933582Z 63 PC: 12ec3 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:28:34.478716438Z 87 PC: 12ec8 | Get or set file date and time
2018-12-25T12:28:34.480086562Z 66 PC: 12edb | Move file pointer
2018-12-25T12:28:34.482018746Z 62 PC: 12ee0 | Close file
2018-12-25T12:28:34.48380409Z 79 PC: 12eac | Find next file (See above)
2018-12-25T12:28:34.486417928Z 61 PC: 12eb7 | Open file (See above)
2018-12-25T12:28:34.493511742Z 63 PC: 12ec3 | Read file or device (See above)
2018-12-25T12:28:34.499735835Z 87 PC: 12ec8 | Get or set file date and time (See above)
2018-12-25T12:28:34.50106466Z 66 PC: 12edb | Move file pointer (See above)
2018-12-25T12:28:34.502809015Z 62 PC: 12ee0 | Close file (See above)
2018-12-25T12:28:34.504660543Z 79 PC: 12eac | Find next file (See above)
2018-12-25T12:28:34.507246387Z 61 PC: 12eb7 | Open file (See above)
2018-12-25T12:28:34.514138978Z 63 PC: 12ec3 | Read file or device (See above)
2018-12-25T12:28:34.520330099Z 87 PC: 12ec8 | Get or set file date and time (See above)
2018-12-25T12:28:34.521938107Z 66 PC: 12edb | Move file pointer (See above)
2018-12-25T12:28:34.534663846Z 62 PC: 12ee0 | Close file (See above)
2018-12-25T12:28:34.536454623Z 79 PC: 12eac | Find next file (See above)
2018-12-25T12:28:34.53909621Z 61 PC: 12eb7 | Open file (See above)
2018-12-25T12:28:34.54575215Z 63 PC: 12ec3 | Read file or device (See above)
2018-12-25T12:28:34.55283741Z 87 PC: 12ec8 | Get or set file date and time (See above)
2018-12-25T12:28:34.554333483Z 66 PC: 12edb | Move file pointer (See above)
2018-12-25T12:28:34.555846158Z 62 PC: 12ee0 | Close file (See above)
2018-12-25T12:28:34.558442236Z 79 PC: 12eac | Find next file (See above)
2018-12-25T12:28:34.56171728Z 61 PC: 12eb7 | Open file (See above)
2018-12-25T12:28:34.567980694Z 63 PC: 12ec3 | Read file or device (See above)
2018-12-25T12:28:34.574688843Z 87 PC: 12ec8 | Get or set file date and time (See above)
2018-12-25T12:28:34.576045892Z 66 PC: 12edb | Move file pointer (See above)
2018-12-25T12:28:34.577367097Z 62 PC: 12ee0 | Close file (See above)
2018-12-25T12:28:34.580534113Z 79 PC: 12eac | Find next file (See above)
2018-12-25T12:28:34.583182202Z 61 PC: 12eb7 | Open file (See above)
2018-12-25T12:28:34.589616523Z 63 PC: 12ec3 | Read file or device (See above)
2018-12-25T12:28:34.596716392Z 87 PC: 12ec8 | Get or set file date and time (See above)
2018-12-25T12:28:34.598417671Z 66 PC: 12edb | Move file pointer (See above)
2018-12-25T12:28:34.600080497Z 62 PC: 12ee0 | Close file (See above)
2018-12-25T12:28:34.603311716Z 79 PC: 12eac | Find next file (See above)
2018-12-25T12:28:34.606155674Z 61 PC: 12eb7 | Open file (See above)
2018-12-25T12:28:34.612801886Z 63 PC: 12ec3 | Read file or device (See above)
2018-12-25T12:28:34.620465887Z 87 PC: 12ec8 | Get or set file date and time (See above)
2018-12-25T12:28:34.622018025Z 66 PC: 12edb | Move file pointer (See above)
2018-12-25T12:28:34.623455555Z 62 PC: 12ee0 | Close file (See above)
2018-12-25T12:28:34.625560289Z 79 PC: 12eac | Find next file (See above)
2018-12-25T12:28:34.627865154Z 59 PC: 12f18 | Change current directory
2018-12-25T12:28:34.63240077Z 67 PC: 12f23 | Get or set file attributes
2018-12-25T12:28:34.638326901Z 67 PC: 12f2f | Get or set file attributes
2018-12-25T12:28:34.643705402Z 61 PC: 12f3a | Open file (Filename = 'PAH.COM')
2018-12-25T12:28:34.650000335Z 66 PC: 12f46 | Move file pointer
2018-12-25T12:28:34.651610667Z 64 PC: 12f60 | Write file or device (Write 666 bytes on handle 5)
2018-12-25T12:28:34.67468294Z 66 PC: 12f69 | Move file pointer
2018-12-25T12:28:34.679523545Z 64 PC: 12f74 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:28:34.686271841Z 87 PC: 12f83 | Get or set file date and time
2018-12-25T12:28:34.687979631Z 62 PC: 12f87 | Close file
2018-12-25T12:28:34.695572105Z 67 PC: 12f95 | Get or set file attributes
2018-12-25T12:28:34.706030275Z 59 PC: 12f9d | Change current directory
2018-12-25T12:28:34.707701598Z 26 PC: 12fab | Set disk transfer address
2018-12-25T12:28:34.708625092Z 42 PC: 12faf | Get date 0x12faf: cmp dh, 3
0x12fb2: jne 0x12fbc
0x12fb4: cmp dl, 0x13
0x12fb7: jne 0x12fbc
0x12fb9: call 0x12fcf
0x12fbc: mov ax, cs
0x12fbe: mov ds, ax
0x12fc0: mov es, ax
0x12fc2: xor bx, bx
0x12fc4: xor dx, dx
0x12fc6: xor cx, cx
0x12fc8: mov ax, 0x100
0x12fcb: jmp ax
0x12fcd: int 0x20
0x12fcf: mov ax, 3
0x12fd2: int 0x10
0x12fd4: mov ah, 1
0x12fd6: mov ch, 0x20
0x12fd8: int 0x10
0x12fda: mov ax, 0x1003
2018-12-25T12:28:34.711130523Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=000003E8h/0000001000d bytes. ')
2018-12-25T12:28:34.716344782Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":19,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10602,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:28:34.466204034Z 53 PC: 12e60 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:28:34.467452729Z 37 PC: 12e69 | Set interrupt vector (Interrupt = '102' AKA 'Get or set code page')
2018-12-25T12:28:34.469092281Z 71 PC: 12e77 | Get current directory
2018-12-25T12:28:34.473081904Z 47 PC: 12e7b | Get disk transfer address
2018-12-25T12:28:34.474729005Z 26 PC: 12e8d | Set disk transfer address
2018-12-25T12:28:34.477304025Z 78 PC: 12eac | Find first file
2018-12-25T12:28:34.484447399Z 61 PC: 12eb7 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:28:34.492114553Z 63 PC: 12ec3 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:28:34.500214051Z 87 PC: 12ec8 | Get or set file date and time
2018-12-25T12:28:34.501845258Z 66 PC: 12edb | Move file pointer
2018-12-25T12:28:34.503510889Z 62 PC: 12ee0 | Close file
2018-12-25T12:28:34.506599194Z 79 PC: 12eac | Find next file (See above)
2018-12-25T12:28:34.509676049Z 61 PC: 12eb7 | Open file (See above)
2018-12-25T12:28:34.516972864Z 63 PC: 12ec3 | Read file or device (See above)
2018-12-25T12:28:34.523828545Z 87 PC: 12ec8 | Get or set file date and time (See above)
2018-12-25T12:28:34.525977794Z 66 PC: 12edb | Move file pointer (See above)
2018-12-25T12:28:34.527356416Z 62 PC: 12ee0 | Close file (See above)
2018-12-25T12:28:34.529315108Z 79 PC: 12eac | Find next file (See above)
2018-12-25T12:28:34.532849721Z 61 PC: 12eb7 | Open file (See above)
2018-12-25T12:28:34.5404633Z 63 PC: 12ec3 | Read file or device (See above)
2018-12-25T12:28:34.547761768Z 87 PC: 12ec8 | Get or set file date and time (See above)
2018-12-25T12:28:34.551061406Z 66 PC: 12edb | Move file pointer (See above)
2018-12-25T12:28:34.565167974Z 62 PC: 12ee0 | Close file (See above)
2018-12-25T12:28:34.567331861Z 79 PC: 12eac | Find next file (See above)
2018-12-25T12:28:34.57170874Z 61 PC: 12eb7 | Open file (See above)
2018-12-25T12:28:34.58023722Z 63 PC: 12ec3 | Read file or device (See above)
2018-12-25T12:28:34.587313975Z 87 PC: 12ec8 | Get or set file date and time (See above)
2018-12-25T12:28:34.589106074Z 66 PC: 12edb | Move file pointer (See above)
2018-12-25T12:28:34.591302698Z 62 PC: 12ee0 | Close file (See above)
2018-12-25T12:28:34.59345175Z 79 PC: 12eac | Find next file (See above)
2018-12-25T12:28:34.596480668Z 61 PC: 12eb7 | Open file (See above)
2018-12-25T12:28:34.605023398Z 63 PC: 12ec3 | Read file or device (See above)
2018-12-25T12:28:34.612264995Z 87 PC: 12ec8 | Get or set file date and time (See above)
2018-12-25T12:28:34.613722754Z 66 PC: 12edb | Move file pointer (See above)
2018-12-25T12:28:34.616436326Z 62 PC: 12ee0 | Close file (See above)
2018-12-25T12:28:34.618308026Z 79 PC: 12eac | Find next file (See above)
2018-12-25T12:28:34.621767072Z 61 PC: 12eb7 | Open file (See above)
2018-12-25T12:28:34.634286496Z 63 PC: 12ec3 | Read file or device (See above)
2018-12-25T12:28:34.641611839Z 87 PC: 12ec8 | Get or set file date and time (See above)
2018-12-25T12:28:34.644400802Z 66 PC: 12edb | Move file pointer (See above)
2018-12-25T12:28:34.646965783Z 62 PC: 12ee0 | Close file (See above)
2018-12-25T12:28:34.649364177Z 79 PC: 12eac | Find next file (See above)
2018-12-25T12:28:34.652718037Z 61 PC: 12eb7 | Open file (See above)
2018-12-25T12:28:34.661592155Z 63 PC: 12ec3 | Read file or device (See above)
2018-12-25T12:28:34.669502302Z 87 PC: 12ec8 | Get or set file date and time (See above)
2018-12-25T12:28:34.67136381Z 66 PC: 12edb | Move file pointer (See above)
2018-12-25T12:28:34.673223797Z 62 PC: 12ee0 | Close file (See above)
2018-12-25T12:28:34.676045453Z 79 PC: 12eac | Find next file (See above)
2018-12-25T12:28:34.679703295Z 59 PC: 12f18 | Change current directory
2018-12-25T12:28:34.684351582Z 67 PC: 12f23 | Get or set file attributes
2018-12-25T12:28:34.692051721Z 67 PC: 12f2f | Get or set file attributes
2018-12-25T12:28:34.699290737Z 61 PC: 12f3a | Open file (Filename = 'PAH.COM')
2018-12-25T12:28:34.706804948Z 66 PC: 12f46 | Move file pointer
2018-12-25T12:28:34.70976919Z 64 PC: 12f60 | Write file or device (Write 666 bytes on handle 5)
2018-12-25T12:28:34.726823753Z 66 PC: 12f69 | Move file pointer
2018-12-25T12:28:34.728390924Z 64 PC: 12f74 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:28:34.736584603Z 87 PC: 12f83 | Get or set file date and time
2018-12-25T12:28:34.73848478Z 62 PC: 12f87 | Close file
2018-12-25T12:28:34.7474119Z 67 PC: 12f95 | Get or set file attributes
2018-12-25T12:28:34.758974359Z 59 PC: 12f9d | Change current directory
2018-12-25T12:28:34.761417121Z 26 PC: 12fab | Set disk transfer address
2018-12-25T12:28:34.762925221Z 42 PC: 12faf | Get date 0x12faf: cmp dh, 3
0x12fb2: jne 0x12fbc
0x12fb4: cmp dl, 0x13
0x12fb7: jne 0x12fbc
0x12fb9: call 0x12fcf
0x12fbc: mov ax, cs
0x12fbe: mov ds, ax
0x12fc0: mov es, ax
0x12fc2: xor bx, bx
0x12fc4: xor dx, dx
0x12fc6: xor cx, cx
0x12fc8: mov ax, 0x100
0x12fcb: jmp ax
0x12fcd: int 0x20
0x12fcf: mov ax, 3
0x12fd2: int 0x10
0x12fd4: mov ah, 1
0x12fd6: mov ch, 0x20
0x12fd8: int 0x10
0x12fda: mov ax, 0x1003
2018-12-25T12:28:34.775656956Z 9 PC: 13012 | Display string (String= '-=SPARTAK(MOSCOW) - CHAMPION FOREVER!=-=������ ����� � �������=-')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10602,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:28:34.493320496Z 53 PC: 12e60 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:28:34.496121564Z 37 PC: 12e69 | Set interrupt vector (Interrupt = '102' AKA 'Get or set code page')
2018-12-25T12:28:34.498106119Z 71 PC: 12e77 | Get current directory
2018-12-25T12:28:34.50180373Z 47 PC: 12e7b | Get disk transfer address
2018-12-25T12:28:34.503873908Z 26 PC: 12e8d | Set disk transfer address
2018-12-25T12:28:34.510618414Z 78 PC: 12eac | Find first file
2018-12-25T12:28:34.521959135Z 61 PC: 12eb7 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:28:34.529631439Z 63 PC: 12ec3 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:28:34.53848942Z 87 PC: 12ec8 | Get or set file date and time
2018-12-25T12:28:34.54009679Z 66 PC: 12edb | Move file pointer
2018-12-25T12:28:34.541777668Z 62 PC: 12ee0 | Close file
2018-12-25T12:28:34.544719932Z 79 PC: 12eac | Find next file (See above)
2018-12-25T12:28:34.548132316Z 61 PC: 12eb7 | Open file (See above)
2018-12-25T12:28:34.556393647Z 63 PC: 12ec3 | Read file or device (See above)
2018-12-25T12:28:34.564806469Z 87 PC: 12ec8 | Get or set file date and time (See above)
2018-12-25T12:28:34.566448839Z 66 PC: 12edb | Move file pointer (See above)
2018-12-25T12:28:34.57251458Z 62 PC: 12ee0 | Close file (See above)
2018-12-25T12:28:34.577244642Z 79 PC: 12eac | Find next file (See above)
2018-12-25T12:28:34.582553039Z 61 PC: 12eb7 | Open file (See above)
2018-12-25T12:28:34.589842686Z 63 PC: 12ec3 | Read file or device (See above)
2018-12-25T12:28:34.597122337Z 87 PC: 12ec8 | Get or set file date and time (See above)
2018-12-25T12:28:34.599404775Z 66 PC: 12edb | Move file pointer (See above)
2018-12-25T12:28:34.600961075Z 62 PC: 12ee0 | Close file (See above)
2018-12-25T12:28:34.602973796Z 79 PC: 12eac | Find next file (See above)
2018-12-25T12:28:34.607411633Z 61 PC: 12eb7 | Open file (See above)
2018-12-25T12:28:34.614647779Z 63 PC: 12ec3 | Read file or device (See above)
2018-12-25T12:28:34.621610171Z 87 PC: 12ec8 | Get or set file date and time (See above)
2018-12-25T12:28:34.624155333Z 66 PC: 12edb | Move file pointer (See above)
2018-12-25T12:28:34.625775127Z 62 PC: 12ee0 | Close file (See above)
2018-12-25T12:28:34.627814521Z 79 PC: 12eac | Find next file (See above)
2018-12-25T12:28:34.631506491Z 61 PC: 12eb7 | Open file (See above)
2018-12-25T12:28:34.639817905Z 63 PC: 12ec3 | Read file or device (See above)
2018-12-25T12:28:34.647409224Z 87 PC: 12ec8 | Get or set file date and time (See above)
2018-12-25T12:28:34.650311679Z 66 PC: 12edb | Move file pointer (See above)
2018-12-25T12:28:34.651961547Z 62 PC: 12ee0 | Close file (See above)
2018-12-25T12:28:34.653961159Z 79 PC: 12eac | Find next file (See above)
2018-12-25T12:28:34.657375336Z 61 PC: 12eb7 | Open file (See above)
2018-12-25T12:28:34.66484908Z 63 PC: 12ec3 | Read file or device (See above)
2018-12-25T12:28:34.672484929Z 87 PC: 12ec8 | Get or set file date and time (See above)
2018-12-25T12:28:34.674565291Z 66 PC: 12edb | Move file pointer (See above)
2018-12-25T12:28:34.676685383Z 62 PC: 12ee0 | Close file (See above)
2018-12-25T12:28:34.678971154Z 79 PC: 12eac | Find next file (See above)
2018-12-25T12:28:34.682408399Z 61 PC: 12eb7 | Open file (See above)
2018-12-25T12:28:34.690085403Z 63 PC: 12ec3 | Read file or device (See above)
2018-12-25T12:28:34.69724096Z 87 PC: 12ec8 | Get or set file date and time (See above)
2018-12-25T12:28:34.698740308Z 66 PC: 12edb | Move file pointer (See above)
2018-12-25T12:28:34.701681519Z 62 PC: 12ee0 | Close file (See above)
2018-12-25T12:28:34.704062282Z 79 PC: 12eac | Find next file (See above)
2018-12-25T12:28:34.707280551Z 59 PC: 12f18 | Change current directory
2018-12-25T12:28:34.713165375Z 67 PC: 12f23 | Get or set file attributes
2018-12-25T12:28:34.720004949Z 67 PC: 12f2f | Get or set file attributes
2018-12-25T12:28:34.727165428Z 61 PC: 12f3a | Open file (Filename = 'PAH.COM')
2018-12-25T12:28:34.741352572Z 66 PC: 12f46 | Move file pointer
2018-12-25T12:28:34.74327997Z 64 PC: 12f60 | Write file or device (Write 666 bytes on handle 5)
2018-12-25T12:28:34.759138455Z 66 PC: 12f69 | Move file pointer
2018-12-25T12:28:34.761262565Z 64 PC: 12f74 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:28:34.769253889Z 87 PC: 12f83 | Get or set file date and time
2018-12-25T12:28:34.771290534Z 62 PC: 12f87 | Close file
2018-12-25T12:28:34.781097512Z 67 PC: 12f95 | Get or set file attributes
2018-12-25T12:28:34.791528586Z 59 PC: 12f9d | Change current directory
2018-12-25T12:28:34.793471482Z 26 PC: 12fab | Set disk transfer address
2018-12-25T12:28:34.794509093Z 42 PC: 12faf | Get date 0x12faf: cmp dh, 3
0x12fb2: jne 0x12fbc
0x12fb4: cmp dl, 0x13
0x12fb7: jne 0x12fbc
0x12fb9: call 0x12fcf
0x12fbc: mov ax, cs
0x12fbe: mov ds, ax
0x12fc0: mov es, ax
0x12fc2: xor bx, bx
0x12fc4: xor dx, dx
0x12fc6: xor cx, cx
0x12fc8: mov ax, 0x100
0x12fcb: jmp ax
0x12fcd: int 0x20
0x12fcf: mov ax, 3
0x12fd2: int 0x10
0x12fd4: mov ah, 1
0x12fd6: mov ch, 0x20
0x12fd8: int 0x10
0x12fda: mov ax, 0x1003
2018-12-25T12:28:34.796643062Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=000003E8h/0000001000d bytes. ')
2018-12-25T12:28:34.800277521Z 76 PC: 12a86 | Terminate with return code (Return code = '36')