Sample viewer

vx.netlux.org/Virus.DOS.Morgana.1624

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:05:02.863489358Z	23	PC: 1331c \| Rename file
2018-12-17T23:05:02.866170808Z	42	PC: 13332 \| Get date 0x13332: cmp dx, 0x905 0x13336: je 0x13346 0x13338: cmp dx, 0x701 0x1333c: je 0x13346 0x1333e: mov word ptr cs:[si + 0x36], 0 0x13344: jmp 0x1334c 0x13346: mov word ptr cs:[si + 0x36], 0xff00 0x1334c: mov ax, es 0x1334e: dec ax 0x1334f: mov es, ax 0x13351: cmp byte ptr es:[0], 0x5a 0x13357: jne 0x13321 0x13359: mov ax, word ptr es:[3] 0x1335d: sub ax, 0xd0 0x13360: jb 0x13321 0x13362: mov word ptr es:[3], ax 0x13366: sub word ptr es:[0x12], 0xd0 0x1336d: mov es, word ptr es:[0x12] 0x13372: push es 0x13373: push si
2018-12-17T23:05:02.868737822Z	47	PC: 13396 \| Get disk transfer address
2018-12-17T23:05:02.87013497Z	53	PC: 133a3 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:05:02.87473027Z	37	PC: 133b7 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:05:02.876233319Z	53	PC: 9f7ee \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:05:02.877721645Z	37	PC: 9f802 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:05:02.880234206Z	53	PC: 9f807 \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:05:02.881783581Z	37	PC: 9f819 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:05:02.883148151Z	67	PC: 9f82c \| Get or set file attributes
2018-12-17T23:05:02.889312298Z	67	PC: 9f841 \| Get or set file attributes
2018-12-17T23:05:03.236270843Z	61	PC: 9f84f \| Open file
2018-12-17T23:05:03.243820758Z	87	PC: 9f867 \| Get or set file date and time
2018-12-17T23:05:03.245573395Z	66	PC: 9faf1 \| Move file pointer
2018-12-17T23:05:03.247793477Z	66	PC: 9faf1 \| Move file pointer
2018-12-17T23:05:03.250151292Z	63	PC: 9f8a4 \| Read file or device (Read 2 bytes on handle 5)
2018-12-17T23:05:03.256023908Z	66	PC: 9fafb \| Move file pointer
2018-12-17T23:05:03.259624308Z	63	PC: 9f8f3 \| Read file or device (Read 28 bytes on handle 5)
2018-12-17T23:05:03.262549555Z	66	PC: 9fafb \| Move file pointer
2018-12-17T23:05:03.264920286Z	66	PC: 9fafb \| Move file pointer
2018-12-17T23:05:03.267195768Z	64	PC: 9fa05 \| Write file or device (Write 28 bytes on handle 5)
2018-12-17T23:05:03.270083645Z	66	PC: 9faf1 \| Move file pointer
2018-12-17T23:05:03.272032485Z	42	PC: 9fa32 \| Get date 0x9fa32: mov word ptr cs:[0x169], dx 0x9fa37: mov word ptr cs:[0x16b], cx 0x9fa3c: mov cx, 0x658 0x9fa3f: mov bx, word ptr cs:[0x133] 0x9fa44: mov dx, 0x100 0x9fa47: mov ah, 0x40 0x9fa49: int 0x21 0x9fa4b: mov ah, byte ptr cs:[0x137] 0x9fa50: mov bx, 0x16d 0x9fa53: mov cx, 0x658 0x9fa56: sub cx, 0x6d 0x9fa5a: sub cx, 0x1e 0x9fa5e: xor byte ptr cs:[bx], ah 0x9fa61: inc bx 0x9fa62: loop 0x9fa5e 0x9fa64: mov byte ptr cs:[0x13c], 1 0x9fa6a: jmp 0x9fa72 0x9fa6c: mov byte ptr cs:[0x13c], 0 0x9fa72: mov bx, word ptr [0x133] 0x9fa76: mov cx, word ptr [0x135]
2018-12-17T23:05:03.27533807Z	64	PC: 9fa4b \| Write file or device (Write 1624 bytes on handle 5)
2018-12-17T23:05:03.286098478Z	87	PC: 9fa93 \| Get or set file date and time
2018-12-17T23:05:03.287714909Z	62	PC: 9fa9b \| Close file
2018-12-17T23:05:03.296840369Z	67	PC: 9fab2 \| Get or set file attributes
2018-12-17T23:05:03.307091723Z	37	PC: 9fac2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:05:03.308452954Z	37	PC: 9fad2 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:05:03.311589946Z	9	PC: 12a86 \| Display string (String= 'Goat file (COM/....). Size=00000834h/0000002100d bytes. ')
2018-12-17T23:05:03.317717576Z	48	PC: 12a8f \| Get DOS version
2018-12-17T23:05:03.319226612Z	53	PC: 9f7ee \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:05:03.320612557Z	37	PC: 9f802 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:05:03.323151554Z	53	PC: 9f807 \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:05:03.324847739Z	37	PC: 9f819 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:05:03.326535975Z	67	PC: 9f82c \| Get or set file attributes
2018-12-17T23:05:03.343586292Z	67	PC: 9f841 \| Get or set file attributes
2018-12-17T23:05:03.358730514Z	61	PC: 9f84f \| Open file (Filename = '')
2018-12-17T23:05:03.366382636Z	87	PC: 9f867 \| Get or set file date and time
2018-12-17T23:05:03.370981481Z	66	PC: 9faf1 \| Move file pointer
2018-12-17T23:05:03.372457971Z	66	PC: 9faf1 \| Move file pointer
2018-12-17T23:05:03.373970607Z	63	PC: 9f8a4 \| Read file or device (Read 2 bytes on handle 5)
2018-12-17T23:05:03.378280068Z	87	PC: 9f8bb \| Get or set file date and time
2018-12-17T23:05:03.37958166Z	87	PC: 9f8d6 \| Get or set file date and time
2018-12-17T23:05:03.381054837Z	62	PC: 9fa9b \| Close file
2018-12-17T23:05:03.391885452Z	67	PC: 9fab2 \| Get or set file attributes
2018-12-17T23:05:03.402028801Z	37	PC: 9fac2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:05:03.403445236Z	37	PC: 9fad2 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:05:03.405452968Z	61	PC: 12b5c \| Open file (Filename = '')
2018-12-17T23:05:03.412044985Z	93	PC: 12afe \| File sharing functions
2018-12-17T23:05:03.414132291Z	9	PC: 12a86 \| Display string (String= 'Size change=0658h/01624d. ')
2018-12-17T23:05:03.420731739Z	76	PC: 12ae3 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":7,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15078,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:42:30.955633884Z	23	PC: 1331c \| Rename file
2018-12-25T12:42:30.958677903Z	42	PC: 13332 \| Get date 0x13332: cmp dx, 0x905 0x13336: je 0x13346 0x13338: cmp dx, 0x701 0x1333c: je 0x13346 0x1333e: mov word ptr cs:[si + 0x36], 0 0x13344: jmp 0x1334c 0x13346: mov word ptr cs:[si + 0x36], 0xff00 0x1334c: mov ax, es 0x1334e: dec ax 0x1334f: mov es, ax 0x13351: cmp byte ptr es:[0], 0x5a 0x13357: jne 0x13321 0x13359: mov ax, word ptr es:[3] 0x1335d: sub ax, 0xd0 0x13360: jb 0x13321 0x13362: mov word ptr es:[3], ax 0x13366: sub word ptr es:[0x12], 0xd0 0x1336d: mov es, word ptr es:[0x12] 0x13372: push es 0x13373: push si
2018-12-25T12:42:30.961369694Z	47	PC: 13396 \| Get disk transfer address
2018-12-25T12:42:30.962772646Z	53	PC: 133a3 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:42:30.965365168Z	37	PC: 133b7 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:42:30.966970725Z	53	PC: 9f7ee \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:42:30.968212174Z	37	PC: 9f802 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:42:30.97021627Z	53	PC: 9f807 \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:42:30.972093709Z	37	PC: 9f819 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:42:30.973110396Z	67	PC: 9f82c \| Get or set file attributes
2018-12-25T12:42:30.978840108Z	67	PC: 9f841 \| Get or set file attributes
2018-12-25T12:42:31.310563786Z	61	PC: 9f84f \| Open file
2018-12-25T12:42:31.317103259Z	87	PC: 9f867 \| Get or set file date and time
2018-12-25T12:42:31.318844669Z	66	PC: 9faf1 \| Move file pointer
2018-12-25T12:42:31.321974863Z	66	PC: 9faf1 \| Move file pointer (See above)
2018-12-25T12:42:31.323803465Z	63	PC: 9f8a4 \| Read file or device (Read 2 bytes on handle 5)
2018-12-25T12:42:31.327129692Z	66	PC: 9fafb \| Move file pointer
2018-12-25T12:42:31.329985569Z	63	PC: 9f8f3 \| Read file or device (Read 28 bytes on handle 5)
2018-12-25T12:42:31.33283072Z	66	PC: 9fafb \| Move file pointer (See above)
2018-12-25T12:42:31.334406675Z	66	PC: 9fafb \| Move file pointer (See above)
2018-12-25T12:42:31.336306894Z	64	PC: 9fa05 \| Write file or device (Write 28 bytes on handle 5)
2018-12-25T12:42:31.339013486Z	66	PC: 9faf1 \| Move file pointer (See above)
2018-12-25T12:42:31.341125256Z	42	PC: 9fa32 \| Get date 0x9fa32: mov word ptr cs:[0x169], dx 0x9fa37: mov word ptr cs:[0x16b], cx 0x9fa3c: mov cx, 0x658 0x9fa3f: mov bx, word ptr cs:[0x133] 0x9fa44: mov dx, 0x100 0x9fa47: mov ah, 0x40 0x9fa49: int 0x21 0x9fa4b: mov ah, byte ptr cs:[0x137] 0x9fa50: mov bx, 0x16d 0x9fa53: mov cx, 0x658 0x9fa56: sub cx, 0x6d 0x9fa5a: sub cx, 0x1e 0x9fa5e: xor byte ptr cs:[bx], ah 0x9fa61: inc bx 0x9fa62: loop 0x9fa5e 0x9fa64: mov byte ptr cs:[0x13c], 1 0x9fa6a: jmp 0x9fa72 0x9fa6c: mov byte ptr cs:[0x13c], 0 0x9fa72: mov bx, word ptr [0x133] 0x9fa76: mov cx, word ptr [0x135]
2018-12-25T12:42:31.344277468Z	64	PC: 9fa4b \| Write file or device (Write 1624 bytes on handle 5)
2018-12-25T12:42:31.560903445Z	87	PC: 9fa93 \| Get or set file date and time
2018-12-25T12:42:31.562878244Z	62	PC: 9fa9b \| Close file
2018-12-25T12:42:31.632360728Z	67	PC: 9fab2 \| Get or set file attributes
2018-12-25T12:42:31.641942495Z	37	PC: 9fac2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:42:31.643516945Z	37	PC: 9fad2 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:42:31.646105832Z	9	PC: 12a86 \| Display string (String= 'Goat file (COM/....). Size=00000834h/0000002100d bytes. ')
2018-12-25T12:42:31.652495406Z	48	PC: 12a8f \| Get DOS version
2018-12-25T12:42:31.654248354Z	53	PC: 9f7ee \| Get interrupt vector (See above)
2018-12-25T12:42:31.655884724Z	37	PC: 9f802 \| Set interrupt vector (See above)
2018-12-25T12:42:31.657985402Z	53	PC: 9f807 \| Get interrupt vector (See above)
2018-12-25T12:42:31.65941502Z	37	PC: 9f819 \| Set interrupt vector (See above)
2018-12-25T12:42:31.660585772Z	67	PC: 9f82c \| Get or set file attributes (See above)
2018-12-25T12:42:31.667241574Z	67	PC: 9f841 \| Get or set file attributes (See above)
2018-12-25T12:42:31.682807742Z	61	PC: 9f84f \| Open file (See above)
2018-12-25T12:42:31.689320666Z	87	PC: 9f867 \| Get or set file date and time (See above)
2018-12-25T12:42:31.691358831Z	66	PC: 9faf1 \| Move file pointer (See above)
2018-12-25T12:42:31.693004832Z	66	PC: 9faf1 \| Move file pointer (See above)
2018-12-25T12:42:31.695305519Z	63	PC: 9f8a4 \| Read file or device (See above)
2018-12-25T12:42:31.699518574Z	87	PC: 9f8bb \| Get or set file date and time
2018-12-25T12:42:31.701170239Z	87	PC: 9f8d6 \| Get or set file date and time
2018-12-25T12:42:31.702992126Z	62	PC: 9fa9b \| Close file (See above)
2018-12-25T12:42:31.710873026Z	67	PC: 9fab2 \| Get or set file attributes (See above)
2018-12-25T12:42:31.7212635Z	37	PC: 9fac2 \| Set interrupt vector (See above)
2018-12-25T12:42:31.722762417Z	37	PC: 9fad2 \| Set interrupt vector (See above)
2018-12-25T12:42:31.724386558Z	61	PC: 12b5c \| Open file (Filename = '')
2018-12-25T12:42:31.729801691Z	93	PC: 12afe \| File sharing functions
2018-12-25T12:42:31.732165053Z	9	PC: 12a86 \| Display string (See above)
2018-12-25T12:42:31.734815456Z	76	PC: 12ae3 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":5,"Month":9,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15078,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:42:31.178332738Z	23	PC: 1331c \| Rename file
2018-12-25T12:42:31.180258101Z	42	PC: 13332 \| Get date 0x13332: cmp dx, 0x905 0x13336: je 0x13346 0x13338: cmp dx, 0x701 0x1333c: je 0x13346 0x1333e: mov word ptr cs:[si + 0x36], 0 0x13344: jmp 0x1334c 0x13346: mov word ptr cs:[si + 0x36], 0xff00 0x1334c: mov ax, es 0x1334e: dec ax 0x1334f: mov es, ax 0x13351: cmp byte ptr es:[0], 0x5a 0x13357: jne 0x13321 0x13359: mov ax, word ptr es:[3] 0x1335d: sub ax, 0xd0 0x13360: jb 0x13321 0x13362: mov word ptr es:[3], ax 0x13366: sub word ptr es:[0x12], 0xd0 0x1336d: mov es, word ptr es:[0x12] 0x13372: push es 0x13373: push si
2018-12-25T12:42:31.183046187Z	47	PC: 13396 \| Get disk transfer address
2018-12-25T12:42:31.184115381Z	53	PC: 133a3 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:42:31.185339759Z	37	PC: 133b7 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:42:31.187128939Z	53	PC: 9f7ee \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:42:31.188409333Z	37	PC: 9f802 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:42:31.189636743Z	53	PC: 9f807 \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:42:31.191557533Z	37	PC: 9f819 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:42:31.192505149Z	67	PC: 9f82c \| Get or set file attributes
2018-12-25T12:42:31.204240532Z	67	PC: 9f841 \| Get or set file attributes
2018-12-25T12:42:31.576528188Z	61	PC: 9f84f \| Open file
2018-12-25T12:42:31.583972418Z	87	PC: 9f867 \| Get or set file date and time
2018-12-25T12:42:31.586069462Z	66	PC: 9faf1 \| Move file pointer
2018-12-25T12:42:31.589173152Z	66	PC: 9faf1 \| Move file pointer (See above)
2018-12-25T12:42:31.591199889Z	63	PC: 9f8a4 \| Read file or device (Read 2 bytes on handle 5)
2018-12-25T12:42:31.594900081Z	66	PC: 9fafb \| Move file pointer
2018-12-25T12:42:31.597818276Z	63	PC: 9f8f3 \| Read file or device (Read 28 bytes on handle 5)
2018-12-25T12:42:31.601344112Z	66	PC: 9fafb \| Move file pointer (See above)
2018-12-25T12:42:31.603345894Z	66	PC: 9fafb \| Move file pointer (See above)
2018-12-25T12:42:31.605340519Z	64	PC: 9fa05 \| Write file or device (Write 28 bytes on handle 5)
2018-12-25T12:42:31.610602838Z	66	PC: 9faf1 \| Move file pointer (See above)
2018-12-25T12:42:31.613185225Z	42	PC: 9fa32 \| Get date 0x9fa32: mov word ptr cs:[0x169], dx 0x9fa37: mov word ptr cs:[0x16b], cx 0x9fa3c: mov cx, 0x658 0x9fa3f: mov bx, word ptr cs:[0x133] 0x9fa44: mov dx, 0x100 0x9fa47: mov ah, 0x40 0x9fa49: int 0x21 0x9fa4b: mov ah, byte ptr cs:[0x137] 0x9fa50: mov bx, 0x16d 0x9fa53: mov cx, 0x658 0x9fa56: sub cx, 0x6d 0x9fa5a: sub cx, 0x1e 0x9fa5e: xor byte ptr cs:[bx], ah 0x9fa61: inc bx 0x9fa62: loop 0x9fa5e 0x9fa64: mov byte ptr cs:[0x13c], 1 0x9fa6a: jmp 0x9fa72 0x9fa6c: mov byte ptr cs:[0x13c], 0 0x9fa72: mov bx, word ptr [0x133] 0x9fa76: mov cx, word ptr [0x135]
2018-12-25T12:42:31.615948506Z	64	PC: 9fa4b \| Write file or device (Write 1624 bytes on handle 5)
2018-12-25T12:42:31.628325254Z	87	PC: 9fa93 \| Get or set file date and time
2018-12-25T12:42:31.630352084Z	62	PC: 9fa9b \| Close file
2018-12-25T12:42:31.63845113Z	67	PC: 9fab2 \| Get or set file attributes
2018-12-25T12:42:31.649153471Z	37	PC: 9fac2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:42:31.651184177Z	37	PC: 9fad2 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:42:31.652759549Z	9	PC: 12a86 \| Display string (String= 'Goat file (COM/....). Size=00000834h/0000002100d bytes. ')
2018-12-25T12:42:31.659615618Z	48	PC: 12a8f \| Get DOS version
2018-12-25T12:42:31.661298346Z	53	PC: 9f7ee \| Get interrupt vector (See above)
2018-12-25T12:42:31.662790821Z	37	PC: 9f802 \| Set interrupt vector (See above)
2018-12-25T12:42:31.665189606Z	53	PC: 9f807 \| Get interrupt vector (See above)
2018-12-25T12:42:31.666682604Z	37	PC: 9f819 \| Set interrupt vector (See above)
2018-12-25T12:42:31.667963325Z	67	PC: 9f82c \| Get or set file attributes (See above)
2018-12-25T12:42:31.674679381Z	67	PC: 9f841 \| Get or set file attributes (See above)
2018-12-25T12:42:31.692638154Z	61	PC: 9f84f \| Open file (See above)
2018-12-25T12:42:31.701589144Z	87	PC: 9f867 \| Get or set file date and time (See above)
2018-12-25T12:42:31.703967454Z	66	PC: 9faf1 \| Move file pointer (See above)
2018-12-25T12:42:31.709893908Z	66	PC: 9faf1 \| Move file pointer (See above)
2018-12-25T12:42:31.712551498Z	63	PC: 9f8a4 \| Read file or device (See above)
2018-12-25T12:42:31.715819863Z	87	PC: 9f8bb \| Get or set file date and time
2018-12-25T12:42:31.717867609Z	87	PC: 9f8d6 \| Get or set file date and time
2018-12-25T12:42:31.720164773Z	62	PC: 9fa9b \| Close file (See above)
2018-12-25T12:42:31.728733236Z	67	PC: 9fab2 \| Get or set file attributes (See above)
2018-12-25T12:42:31.741300212Z	37	PC: 9fac2 \| Set interrupt vector (See above)
2018-12-25T12:42:31.743076149Z	37	PC: 9fad2 \| Set interrupt vector (See above)
2018-12-25T12:42:31.744784674Z	61	PC: 12b5c \| Open file (Filename = '')
2018-12-25T12:42:31.754936616Z	93	PC: 12afe \| File sharing functions
2018-12-25T12:42:31.757482167Z	9	PC: 12a86 \| Display string (See above)
2018-12-25T12:42:31.762906176Z	76	PC: 12ae3 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15078,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:42:31.283916118Z	23	PC: 1331c \| Rename file
2018-12-25T12:42:31.28622525Z	42	PC: 13332 \| Get date 0x13332: cmp dx, 0x905 0x13336: je 0x13346 0x13338: cmp dx, 0x701 0x1333c: je 0x13346 0x1333e: mov word ptr cs:[si + 0x36], 0 0x13344: jmp 0x1334c 0x13346: mov word ptr cs:[si + 0x36], 0xff00 0x1334c: mov ax, es 0x1334e: dec ax 0x1334f: mov es, ax 0x13351: cmp byte ptr es:[0], 0x5a 0x13357: jne 0x13321 0x13359: mov ax, word ptr es:[3] 0x1335d: sub ax, 0xd0 0x13360: jb 0x13321 0x13362: mov word ptr es:[3], ax 0x13366: sub word ptr es:[0x12], 0xd0 0x1336d: mov es, word ptr es:[0x12] 0x13372: push es 0x13373: push si
2018-12-25T12:42:31.288300652Z	47	PC: 13396 \| Get disk transfer address
2018-12-25T12:42:31.28922467Z	53	PC: 133a3 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:42:31.291120427Z	37	PC: 133b7 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:42:31.292204116Z	53	PC: 9f7ee \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:42:31.293422528Z	37	PC: 9f802 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:42:31.294584267Z	53	PC: 9f807 \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:42:31.298331878Z	37	PC: 9f819 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:42:31.299891927Z	67	PC: 9f82c \| Get or set file attributes
2018-12-25T12:42:31.305678343Z	67	PC: 9f841 \| Get or set file attributes
2018-12-25T12:42:31.632224666Z	61	PC: 9f84f \| Open file
2018-12-25T12:42:31.63982832Z	87	PC: 9f867 \| Get or set file date and time
2018-12-25T12:42:31.64160349Z	66	PC: 9faf1 \| Move file pointer
2018-12-25T12:42:31.644262744Z	66	PC: 9faf1 \| Move file pointer (See above)
2018-12-25T12:42:31.64602065Z	63	PC: 9f8a4 \| Read file or device (Read 2 bytes on handle 5)
2018-12-25T12:42:31.649346685Z	66	PC: 9fafb \| Move file pointer
2018-12-25T12:42:31.653655408Z	63	PC: 9f8f3 \| Read file or device (Read 28 bytes on handle 5)
2018-12-25T12:42:31.658635133Z	66	PC: 9fafb \| Move file pointer (See above)
2018-12-25T12:42:31.660018061Z	66	PC: 9fafb \| Move file pointer (See above)
2018-12-25T12:42:31.666275826Z	64	PC: 9fa05 \| Write file or device (Write 28 bytes on handle 5)
2018-12-25T12:42:31.669426044Z	66	PC: 9faf1 \| Move file pointer (See above)
2018-12-25T12:42:31.671833998Z	42	PC: 9fa32 \| Get date 0x9fa32: mov word ptr cs:[0x169], dx 0x9fa37: mov word ptr cs:[0x16b], cx 0x9fa3c: mov cx, 0x658 0x9fa3f: mov bx, word ptr cs:[0x133] 0x9fa44: mov dx, 0x100 0x9fa47: mov ah, 0x40 0x9fa49: int 0x21 0x9fa4b: mov ah, byte ptr cs:[0x137] 0x9fa50: mov bx, 0x16d 0x9fa53: mov cx, 0x658 0x9fa56: sub cx, 0x6d 0x9fa5a: sub cx, 0x1e 0x9fa5e: xor byte ptr cs:[bx], ah 0x9fa61: inc bx 0x9fa62: loop 0x9fa5e 0x9fa64: mov byte ptr cs:[0x13c], 1 0x9fa6a: jmp 0x9fa72 0x9fa6c: mov byte ptr cs:[0x13c], 0 0x9fa72: mov bx, word ptr [0x133] 0x9fa76: mov cx, word ptr [0x135]
2018-12-25T12:42:31.675744442Z	64	PC: 9fa4b \| Write file or device (Write 1624 bytes on handle 5)
2018-12-25T12:42:31.687095204Z	87	PC: 9fa93 \| Get or set file date and time
2018-12-25T12:42:31.688769444Z	62	PC: 9fa9b \| Close file
2018-12-25T12:42:31.696466914Z	67	PC: 9fab2 \| Get or set file attributes
2018-12-25T12:42:31.706581328Z	37	PC: 9fac2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:42:31.708102869Z	37	PC: 9fad2 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:42:31.710068823Z	9	PC: 12a86 \| Display string (String= 'Goat file (COM/....). Size=00000834h/0000002100d bytes. ')
2018-12-25T12:42:31.717134392Z	48	PC: 12a8f \| Get DOS version
2018-12-25T12:42:31.718785674Z	53	PC: 9f7ee \| Get interrupt vector (See above)
2018-12-25T12:42:31.720760614Z	37	PC: 9f802 \| Set interrupt vector (See above)
2018-12-25T12:42:31.722643067Z	53	PC: 9f807 \| Get interrupt vector (See above)
2018-12-25T12:42:31.723978046Z	37	PC: 9f819 \| Set interrupt vector (See above)
2018-12-25T12:42:31.725077835Z	67	PC: 9f82c \| Get or set file attributes (See above)
2018-12-25T12:42:31.732345224Z	67	PC: 9f841 \| Get or set file attributes (See above)
2018-12-25T12:42:31.74789867Z	61	PC: 9f84f \| Open file (See above)
2018-12-25T12:42:31.754286312Z	87	PC: 9f867 \| Get or set file date and time (See above)
2018-12-25T12:42:31.756418319Z	66	PC: 9faf1 \| Move file pointer (See above)
2018-12-25T12:42:31.757815825Z	66	PC: 9faf1 \| Move file pointer (See above)
2018-12-25T12:42:31.759028306Z	63	PC: 9f8a4 \| Read file or device (See above)
2018-12-25T12:42:31.762028097Z	87	PC: 9f8bb \| Get or set file date and time
2018-12-25T12:42:31.763212572Z	87	PC: 9f8d6 \| Get or set file date and time
2018-12-25T12:42:31.764833443Z	62	PC: 9fa9b \| Close file (See above)
2018-12-25T12:42:31.773231622Z	67	PC: 9fab2 \| Get or set file attributes (See above)
2018-12-25T12:42:31.782935858Z	37	PC: 9fac2 \| Set interrupt vector (See above)
2018-12-25T12:42:31.783889844Z	37	PC: 9fad2 \| Set interrupt vector (See above)
2018-12-25T12:42:31.785157735Z	61	PC: 12b5c \| Open file (Filename = '')
2018-12-25T12:42:31.791594846Z	93	PC: 12afe \| File sharing functions
2018-12-25T12:42:31.793360236Z	9	PC: 12a86 \| Display string (See above)
2018-12-25T12:42:31.798437116Z	76	PC: 12ae3 \| Terminate with return code (Return code = '1')