Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Yarik.17194

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:41:20.559416084Z 53 PC: 1421a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:41:20.56160762Z 53 PC: 1421a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:41:20.563007129Z 53 PC: 1421a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:41:20.564688997Z 53 PC: 1421a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:41:20.567610545Z 53 PC: 1421a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:41:20.569076799Z 53 PC: 1421a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:41:20.570583428Z 53 PC: 1421a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:41:20.572430988Z 53 PC: 1421a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:41:20.574462945Z 53 PC: 1421a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:41:20.576148471Z 53 PC: 1421a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:41:20.577897876Z 53 PC: 1421a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:41:20.580656508Z 53 PC: 1421a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:41:20.582062759Z 53 PC: 1421a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:41:20.583448943Z 53 PC: 1421a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:41:20.58671661Z 53 PC: 1421a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:41:20.587934928Z 53 PC: 1421a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:41:20.589201748Z 53 PC: 1421a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:41:20.591291192Z 53 PC: 1421a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:41:20.592750392Z 53 PC: 1421a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:41:20.594970803Z 37 PC: 1422f | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:41:20.598023547Z 37 PC: 14237 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:41:20.599529515Z 37 PC: 1423f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:41:20.603836615Z 37 PC: 14247 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:41:20.608723223Z 68 PC: 17ee1 | I/O control for devices (Set for = '�>1�u�l������&���t�ݺ��� �#��%��%��6�S�')
2018-12-17T22:41:20.610693734Z 37 PC: 1721e | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:41:20.612069037Z 37 PC: 1721e | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:41:20.613770943Z 37 PC: 1721e | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:41:20.616485802Z 37 PC: 1721e | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:41:20.61828923Z 37 PC: 1721e | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:41:20.620226729Z 37 PC: 1721e | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:41:20.622173786Z 37 PC: 1721e | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:41:20.623665568Z 37 PC: 1721e | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:41:20.625120981Z 37 PC: 1721e | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:41:20.627207109Z 37 PC: 1721e | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:41:20.628558117Z 37 PC: 17225 | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:41:20.630625089Z 37 PC: 1722c | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:41:20.6327236Z 37 PC: 17233 | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:41:20.712391623Z 37 PC: 13991 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:41:20.714482601Z 44 PC: 18018 | Get time 0x18018: mov word ptr [0x24a], cx
0x1801c: mov word ptr [0x24c], dx
0x18020: retf
0x18021: call 0x18068
0x18024: jb 0x18035
0x18026: mov cx, word ptr es:[di + 4]
0x1802a: cmp cx, 1
0x1802d: je 0x18035
0x1802f: xor bx, bx
0x18031: push cs
0x18032: call 0x27ba4
0x18035: retf 4
0x18038: call 0x18068
0x1803b: jb 0x18050
0x1803d: mov ax, cx
0x1803f: mov dx, bx
0x18041: mov cx, word ptr es:[di + 4]
0x18045: cmp cx, 1
0x18048: je 0x18050
0x1804a: xor bx, bx
2018-12-17T22:41:20.71770836Z 48 PC: 17a0c | Get DOS version
2018-12-17T22:41:20.71943345Z 61 PC: 178be | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:41:20.726383543Z 66 PC: 179f0 | Move file pointer
2018-12-17T22:41:20.728586631Z 63 PC: 17991 | Read file or device (Read 6 bytes on handle 5)
2018-12-17T22:41:20.731742238Z 62 PC: 1790e | Close file
2018-12-17T22:41:20.733790034Z 25 PC: 17a99 | Get default drive
2018-12-17T22:41:20.73537419Z 71 PC: 17aac | Get current directory
2018-12-17T22:41:20.738762343Z 14 PC: 17af2 | Set default drive (Drive = 'C')
2018-12-17T22:41:20.740199613Z 25 PC: 17af6 | Get default drive
2018-12-17T22:41:20.742358608Z 59 PC: 17b60 | Change current directory
2018-12-17T22:41:20.746999494Z 14 PC: 17af2 | Set default drive (Drive = 'D')
2018-12-17T22:41:20.748364258Z 25 PC: 17af6 | Get default drive
2018-12-17T22:41:20.74992011Z 14 PC: 17af2 | Set default drive (Drive = 'E')
2018-12-17T22:41:20.751768051Z 25 PC: 17af6 | Get default drive
2018-12-17T22:41:20.753508339Z 14 PC: 17af2 | Set default drive (Drive = 'F')
2018-12-17T22:41:20.755152778Z 25 PC: 17af6 | Get default drive
2018-12-17T22:41:20.757889318Z 14 PC: 17af2 | Set default drive (Drive = 'G')
2018-12-17T22:41:20.759500444Z 25 PC: 17af6 | Get default drive
2018-12-17T22:41:20.761287711Z 14 PC: 17af2 | Set default drive (Drive = 'H')
2018-12-17T22:41:20.763564798Z 25 PC: 17af6 | Get default drive
2018-12-17T22:41:20.765418539Z 14 PC: 17af2 | Set default drive (Drive = 'I')
2018-12-17T22:41:20.767083156Z 25 PC: 17af6 | Get default drive
2018-12-17T22:41:20.769309247Z 14 PC: 17af2 | Set default drive (Drive = 'J')
2018-12-17T22:41:20.77071666Z 25 PC: 17af6 | Get default drive
2018-12-17T22:41:20.772203352Z 14 PC: 17af2 | Set default drive (Drive = 'C')
2018-12-17T22:41:20.7742305Z 25 PC: 17af6 | Get default drive
2018-12-17T22:41:20.775461702Z 59 PC: 17b60 | Change current directory
2018-12-17T22:41:20.779574858Z 59 PC: 17b60 | Change current directory
2018-12-17T22:41:20.783564692Z 26 PC: 1402f | Set disk transfer address
2018-12-17T22:41:20.785167802Z 78 PC: 1403b | Find first file
2018-12-17T22:41:20.791803716Z 26 PC: 14053 | Set disk transfer address
2018-12-17T22:41:20.79313192Z 79 PC: 14058 | Find next file
2018-12-17T22:41:20.796207267Z 26 PC: 14053 | Set disk transfer address
2018-12-17T22:41:20.797375792Z 79 PC: 14058 | Find next file
2018-12-17T22:41:20.800355919Z 26 PC: 1402f | Set disk transfer address
2018-12-17T22:41:20.803601996Z 78 PC: 1403b | Find first file
2018-12-17T22:41:20.809337699Z 59 PC: 17b60 | Change current directory
2018-12-17T22:41:20.815490625Z 26 PC: 1402f | Set disk transfer address
2018-12-17T22:41:20.817701598Z 78 PC: 1403b | Find first file
2018-12-17T22:41:20.827187254Z 26 PC: 14053 | Set disk transfer address
2018-12-17T22:41:20.828964782Z 79 PC: 14058 | Find next file
2018-12-17T22:41:20.833451579Z 26 PC: 14053 | Set disk transfer address
2018-12-17T22:41:20.83487899Z 79 PC: 14058 | Find next file
2018-12-17T22:41:20.841456474Z 26 PC: 1402f | Set disk transfer address
2018-12-17T22:41:20.842954798Z 78 PC: 1403b | Find first file
2018-12-17T22:41:20.850155703Z 26 PC: 14053 | Set disk transfer address
2018-12-17T22:41:20.851897665Z 79 PC: 14058 | Find next file
2018-12-17T22:41:20.858344894Z 26 PC: 14053 | Set disk transfer address
2018-12-17T22:41:20.860142791Z 79 PC: 14058 | Find next file
2018-12-17T22:41:20.864059918Z 26 PC: 14053 | Set disk transfer address
2018-12-17T22:41:20.866615117Z 79 PC: 14058 | Find next file
2018-12-17T22:41:20.871720356Z 26 PC: 14053 | Set disk transfer address
2018-12-17T22:41:20.873463019Z 79 PC: 14058 | Find next file
2018-12-17T22:41:20.87827103Z 61 PC: 178be | Open file (Filename = 'FDISK.EXE')
2018-12-17T22:41:20.887385879Z 66 PC: 179f0 | Move file pointer
2018-12-17T22:41:20.889316666Z 63 PC: 17991 | Read file or device (Read 6 bytes on handle 5)
2018-12-17T22:41:20.89604341Z 62 PC: 1790e | Close file
2018-12-17T22:41:20.899933566Z 48 PC: 17a0c | Get DOS version
2018-12-17T22:41:20.90285845Z 25 PC: 17a99 | Get default drive
2018-12-17T22:41:20.904589281Z 71 PC: 17aac | Get current directory
2018-12-17T22:41:20.909057293Z 26 PC: 14053 | Set disk transfer address
2018-12-17T22:41:20.911154462Z 79 PC: 14058 | Find next file
2018-12-17T22:41:20.915188739Z 26 PC: 1402f | Set disk transfer address
2018-12-17T22:41:20.917939535Z 78 PC: 1403b | Find first file
2018-12-17T22:41:20.925196866Z 26 PC: 1402f | Set disk transfer address
2018-12-17T22:41:20.926923239Z 78 PC: 1403b | Find first file
2018-12-17T22:41:20.933980053Z 48 PC: 17a0c | Get DOS version
2018-12-17T22:41:20.937365411Z 61 PC: 178be | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:41:20.945731154Z 61 PC: 178be | Open file (Filename = 'C:\DOS\FDISK.EXE')
2018-12-17T22:41:20.953367416Z 66 PC: 18082 | Move file pointer
2018-12-17T22:41:20.956114806Z 66 PC: 18090 | Move file pointer
2018-12-17T22:41:20.958218478Z 66 PC: 1809e | Move file pointer
2018-12-17T22:41:20.960723893Z 63 PC: 17991 | Read file or device (Read 17194 bytes on handle 6)
2018-12-17T22:41:20.971284989Z 63 PC: 17991 | Read file or device (Read 17194 bytes on handle 5)
2018-12-17T22:41:20.980637525Z 66 PC: 179f0 | Move file pointer
2018-12-17T22:41:20.982807881Z 64 PC: 17991 | Write file or device (Write 17194 bytes on handle 6)
2018-12-17T22:41:21.323858485Z 66 PC: 18082 | Move file pointer
2018-12-17T22:41:21.326041506Z 66 PC: 18090 | Move file pointer
2018-12-17T22:41:21.328073562Z 66 PC: 1809e | Move file pointer
2018-12-17T22:41:21.330885483Z 66 PC: 179f0 | Move file pointer
2018-12-17T22:41:21.332572131Z 64 PC: 17991 | Write file or device (Write 17194 bytes on handle 6)
2018-12-17T22:41:21.350175103Z 87 PC: 13fff | Get or set file date and time
2018-12-17T22:41:21.353860465Z 62 PC: 1790e | Close file
2018-12-17T22:41:21.362094951Z 62 PC: 1790e | Close file
2018-12-17T22:41:21.364247284Z 59 PC: 17b60 | Change current directory
2018-12-17T22:41:21.368460757Z 26 PC: 1402f | Set disk transfer address
2018-12-17T22:41:21.370395251Z 78 PC: 1403b | Find first file
2018-12-17T22:41:21.376324417Z 26 PC: 14053 | Set disk transfer address
2018-12-17T22:41:21.37764114Z 79 PC: 14058 | Find next file
2018-12-17T22:41:21.380993687Z 26 PC: 14053 | Set disk transfer address
2018-12-17T22:41:21.382552074Z 79 PC: 14058 | Find next file
2018-12-17T22:41:21.385936922Z 26 PC: 1402f | Set disk transfer address
2018-12-17T22:41:21.388135721Z 78 PC: 1403b | Find first file
2018-12-17T22:41:21.394344863Z 59 PC: 17b60 | Change current directory
2018-12-17T22:41:21.398198801Z 26 PC: 1402f | Set disk transfer address
2018-12-17T22:41:21.400243823Z 78 PC: 1403b | Find first file
2018-12-17T22:41:21.40626928Z 26 PC: 14053 | Set disk transfer address
2018-12-17T22:41:21.407870387Z 79 PC: 14058 | Find next file
2018-12-17T22:41:21.412056059Z 26 PC: 14053 | Set disk transfer address
2018-12-17T22:41:21.413662616Z 79 PC: 14058 | Find next file
2018-12-17T22:41:21.416849551Z 26 PC: 1402f | Set disk transfer address
2018-12-17T22:41:21.419173296Z 78 PC: 1403b | Find first file
2018-12-17T22:41:21.426310502Z 26 PC: 14053 | Set disk transfer address
2018-12-17T22:41:21.42757697Z 79 PC: 14058 | Find next file
2018-12-17T22:41:21.431317756Z 59 PC: 17b60 | Change current directory
2018-12-17T22:41:21.437798037Z 26 PC: 1402f | Set disk transfer address
2018-12-17T22:41:21.439384928Z 78 PC: 1403b | Find first file
2018-12-17T22:41:21.449964969Z 26 PC: 14053 | Set disk transfer address
2018-12-17T22:41:21.451919781Z 79 PC: 14058 | Find next file
2018-12-17T22:41:21.455618708Z 26 PC: 14053 | Set disk transfer address
2018-12-17T22:41:21.457766141Z 79 PC: 14058 | Find next file
2018-12-17T22:41:21.462336386Z 26 PC: 14053 | Set disk transfer address
2018-12-17T22:41:21.463837074Z 79 PC: 14058 | Find next file
2018-12-17T22:41:21.474742346Z 26 PC: 14053 | Set disk transfer address
2018-12-17T22:41:21.476531186Z 79 PC: 14058 | Find next file
2018-12-17T22:41:21.485202764Z 26 PC: 1402f | Set disk transfer address
2018-12-17T22:41:21.487018604Z 78 PC: 1403b | Find first file
2018-12-17T22:41:21.49431097Z 26 PC: 14053 | Set disk transfer address
2018-12-17T22:41:21.495385709Z 79 PC: 14058 | Find next file
2018-12-17T22:41:21.499733535Z 26 PC: 14053 | Set disk transfer address
2018-12-17T22:41:21.501025472Z 79 PC: 14058 | Find next file
2018-12-17T22:41:21.504473518Z 59 PC: 17b60 | Change current directory
2018-12-17T22:41:21.511593982Z 26 PC: 1402f | Set disk transfer address
2018-12-17T22:41:21.513133213Z 78 PC: 1403b | Find first file
2018-12-17T22:41:21.521912973Z 26 PC: 14053 | Set disk transfer address
2018-12-17T22:41:21.523851173Z 79 PC: 14058 | Find next file
2018-12-17T22:41:21.527204211Z 26 PC: 14053 | Set disk transfer address
2018-12-17T22:41:21.528602437Z 79 PC: 14058 | Find next file
2018-12-17T22:41:21.536467379Z 26 PC: 1402f | Set disk transfer address
2018-12-17T22:41:21.537953169Z 78 PC: 1403b | Find first file
2018-12-17T22:41:21.544626253Z 61 PC: 178be | Open file (Filename = 'GDI.EXE')
2018-12-17T22:41:21.552667366Z 66 PC: 179f0 | Move file pointer
2018-12-17T22:41:21.554201798Z 63 PC: 17991 | Read file or device (Read 6 bytes on handle 5)
2018-12-17T22:41:21.560702497Z 62 PC: 1790e | Close file
2018-12-17T22:41:21.563411025Z 48 PC: 17a0c | Get DOS version
2018-12-17T22:41:21.565275166Z 25 PC: 17a99 | Get default drive
2018-12-17T22:41:21.56635782Z 71 PC: 17aac | Get current directory
2018-12-17T22:41:21.569967228Z 26 PC: 14053 | Set disk transfer address
2018-12-17T22:41:21.571268623Z 79 PC: 14058 | Find next file
2018-12-17T22:41:21.573826537Z 26 PC: 1402f | Set disk transfer address
2018-12-17T22:41:21.575291849Z 78 PC: 1403b | Find first file
2018-12-17T22:41:21.580007687Z 26 PC: 1402f | Set disk transfer address
2018-12-17T22:41:21.58133518Z 78 PC: 1403b | Find first file
2018-12-17T22:41:21.588840296Z 26 PC: 1402f | Set disk transfer address
2018-12-17T22:41:21.590188408Z 78 PC: 1403b | Find first file
2018-12-17T22:41:21.595072381Z 48 PC: 17a0c | Get DOS version
2018-12-17T22:41:21.596766693Z 61 PC: 178be | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:41:21.604177011Z 61 PC: 178be | Open file (Filename = 'C:\WINDOWS\SYSTEM\GDI.EXE')
2018-12-17T22:41:21.609148499Z 66 PC: 18082 | Move file pointer
2018-12-17T22:41:21.611210432Z 66 PC: 18090 | Move file pointer
2018-12-17T22:41:21.612571048Z 66 PC: 1809e | Move file pointer
2018-12-17T22:41:21.614083769Z 63 PC: 17991 | Read file or device (Read 17194 bytes on handle 6)
2018-12-17T22:41:21.622601056Z 63 PC: 17991 | Read file or device (Read 17194 bytes on handle 5)
2018-12-17T22:41:21.631646595Z 66 PC: 179f0 | Move file pointer
2018-12-17T22:41:21.63345937Z 64 PC: 17991 | Write file or device (Write 17194 bytes on handle 6)
2018-12-17T22:41:21.644474027Z 66 PC: 18082 | Move file pointer
2018-12-17T22:41:21.645985236Z 66 PC: 18090 | Move file pointer
2018-12-17T22:41:21.647308261Z 66 PC: 1809e | Move file pointer
2018-12-17T22:41:21.648909569Z 66 PC: 179f0 | Move file pointer
2018-12-17T22:41:21.650654296Z 64 PC: 17991 | Write file or device (Write 17194 bytes on handle 6)
2018-12-17T22:41:21.665091712Z 87 PC: 13fff | Get or set file date and time
2018-12-17T22:41:21.667751217Z 62 PC: 1790e | Close file
2018-12-17T22:41:21.67565361Z 62 PC: 1790e | Close file
2018-12-17T22:41:21.678697156Z 14 PC: 17af2 | Set default drive (Drive = 'A')
2018-12-17T22:41:21.68104175Z 25 PC: 17af6 | Get default drive
2018-12-17T22:41:21.684505795Z 59 PC: 17b60 | Change current directory
2018-12-17T22:41:21.690259653Z 48 PC: 17a0c | Get DOS version
2018-12-17T22:41:21.691706861Z 26 PC: 1402f | Set disk transfer address
2018-12-17T22:41:21.694842791Z 78 PC: 1403b | Find first file
2018-12-17T22:41:21.701419463Z 42 PC: 13f17 | Get date 0x13f17: xor ah, ah
0x13f19: les di, ptr [bp + 6]
0x13f1c: stosw word ptr es:[di], ax
0x13f1d: mov al, dl
0x13f1f: les di, ptr [bp + 0xa]
0x13f22: stosw word ptr es:[di], ax
0x13f23: mov al, dh
0x13f25: les di, ptr [bp + 0xe]
0x13f28: stosw word ptr es:[di], ax
0x13f29: xchg ax, cx
0x13f2a: les di, ptr [bp + 0x12]
0x13f2d: stosw word ptr es:[di], ax
0x13f2e: pop bp
0x13f2f: retf 0x10
0x13f32: push bp
0x13f33: mov bp, sp
0x13f35: mov cx, word ptr [bp + 0xa]
0x13f38: mov dh, byte ptr [bp + 8]
0x13f3b: mov dl, byte ptr [bp + 6]
0x13f3e: mov ah, 0x2b
2018-12-17T22:41:21.704168416Z 44 PC: 13f4d | Get time 0x13f4d: xor ah, ah
0x13f4f: mov al, dl
0x13f51: les di, ptr [bp + 6]
0x13f54: stosw word ptr es:[di], ax
0x13f55: mov al, dh
0x13f57: les di, ptr [bp + 0xa]
0x13f5a: stosw word ptr es:[di], ax
0x13f5b: mov al, cl
0x13f5d: les di, ptr [bp + 0xe]
0x13f60: stosw word ptr es:[di], ax
0x13f61: mov al, ch
0x13f63: les di, ptr [bp + 0x12]
0x13f66: stosw word ptr es:[di], ax
0x13f67: pop bp
0x13f68: retf 0x10
0x13f6b: push bp
0x13f6c: mov bp, sp
0x13f6e: mov ch, byte ptr [bp + 0xc]
0x13f71: mov cl, byte ptr [bp + 0xa]
0x13f74: mov dh, byte ptr [bp + 8]
2018-12-17T22:41:21.709635104Z 48 PC: 17a0c | Get DOS version
2018-12-17T22:41:21.711485519Z 26 PC: 1402f | Set disk transfer address
2018-12-17T22:41:21.713056761Z 78 PC: 1403b | Find first file
2018-12-17T22:41:21.720796477Z 48 PC: 17a0c | Get DOS version
2018-12-17T22:41:21.722728005Z 67 PC: 13f91 | Get or set file attributes
2018-12-17T22:41:21.729243462Z 67 PC: 13fb8 | Get or set file attributes
2018-12-17T22:41:21.746640087Z 61 PC: 178be | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:41:21.754667835Z 63 PC: 17991 | Read file or device (Read 17194 bytes on handle 5)
2018-12-17T22:41:21.76335461Z 66 PC: 18082 | Move file pointer
2018-12-17T22:41:21.766331701Z 66 PC: 18090 | Move file pointer
2018-12-17T22:41:21.768099572Z 66 PC: 1809e | Move file pointer
2018-12-17T22:41:21.769943856Z 66 PC: 179f0 | Move file pointer
2018-12-17T22:41:21.772244367Z 63 PC: 17991 | Read file or device (Read 17194 bytes on handle 5)
2018-12-17T22:41:21.781789595Z 66 PC: 179f0 | Move file pointer
2018-12-17T22:41:21.783765496Z 64 PC: 17991 | Write file or device (Write 17194 bytes on handle 5)
2018-12-17T22:41:21.794056174Z 66 PC: 179f0 | Move file pointer
2018-12-17T22:41:21.795489657Z 64 PC: 17991 | Write file or device (Write 2 bytes on handle 5)
2018-12-17T22:41:21.800747131Z 66 PC: 18082 | Move file pointer
2018-12-17T22:41:21.802668891Z 66 PC: 18090 | Move file pointer
2018-12-17T22:41:21.803947973Z 66 PC: 1809e | Move file pointer
2018-12-17T22:41:21.805244207Z 66 PC: 179f0 | Move file pointer
2018-12-17T22:41:21.807207274Z 64 PC: 17991 | Write file or device (Write 17194 bytes on handle 5)
2018-12-17T22:41:21.814572077Z 66 PC: 18082 | Move file pointer
2018-12-17T22:41:21.815874744Z 66 PC: 18090 | Move file pointer
2018-12-17T22:41:21.817792345Z 66 PC: 1809e | Move file pointer
2018-12-17T22:41:21.819336195Z 66 PC: 179f0 | Move file pointer
2018-12-17T22:41:21.82059523Z 64 PC: 17991 | Write file or device (Write 2 bytes on handle 5)
2018-12-17T22:41:21.824063374Z 87 PC: 13fff | Get or set file date and time
2018-12-17T22:41:21.825425642Z 62 PC: 1790e | Close file
2018-12-17T22:41:21.831692302Z 67 PC: 13fb8 | Get or set file attributes
2018-12-17T22:41:21.839982403Z 53 PC: 14194 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:41:21.841167559Z 37 PC: 1419d | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:41:21.842322238Z 53 PC: 14194 | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:41:21.844002203Z 37 PC: 1419d | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:41:21.845131083Z 53 PC: 14194 | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:41:21.846292535Z 37 PC: 1419d | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:41:21.8480843Z 53 PC: 14194 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:41:21.849307237Z 37 PC: 1419d | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:41:21.850727575Z 53 PC: 14194 | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:41:21.853208504Z 37 PC: 1419d | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:41:21.854763254Z 53 PC: 14194 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:41:21.857257489Z 37 PC: 1419d | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:41:21.859621039Z 53 PC: 14194 | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:41:21.861198622Z 37 PC: 1419d | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:41:21.862733004Z 53 PC: 14194 | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:41:21.865061086Z 37 PC: 1419d | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:41:21.865935749Z 53 PC: 14194 | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:41:21.866882837Z 37 PC: 1419d | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:41:21.868707555Z 53 PC: 14194 | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:41:21.869880578Z 37 PC: 1419d | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:41:21.870914941Z 53 PC: 14194 | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:41:21.872640622Z 37 PC: 1419d | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:41:21.873632755Z 53 PC: 14194 | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:41:21.874628245Z 37 PC: 1419d | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:41:21.87627632Z 53 PC: 14194 | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:41:21.877378641Z 37 PC: 1419d | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:41:21.87843772Z 53 PC: 14194 | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:41:21.884133328Z 37 PC: 1419d | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:41:21.885288146Z 53 PC: 14194 | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:41:21.886591104Z 37 PC: 1419d | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:41:21.888272933Z 53 PC: 14194 | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:41:21.889372999Z 37 PC: 1419d | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:41:21.891108739Z 53 PC: 14194 | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:41:21.892242668Z 37 PC: 1419d | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:41:21.89332425Z 53 PC: 14194 | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:41:21.895076852Z 37 PC: 1419d | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:41:21.896349692Z 53 PC: 14194 | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:41:21.897378094Z 37 PC: 1419d | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:41:21.899050696Z 48 PC: 17a0c | Get DOS version
2018-12-17T22:41:21.900530285Z 41 PC: 1414b | Parse filename
2018-12-17T22:41:21.901779231Z 41 PC: 14159 | Parse filename
2018-12-17T22:41:21.903779607Z 75 PC: 14164 | Execute program
2018-12-17T22:41:21.918222424Z 9 PC: 29a86 | Display string (String= 'Goat file (EXE/....). Size=000044C0h/0000017600d bytes. ')
2018-12-17T22:41:21.922014637Z 48 PC: 29a8f | Get DOS version
2018-12-17T22:41:21.923746439Z 61 PC: 29b5c | Open file (Filename = '')
2018-12-17T22:41:21.942431284Z 93 PC: 29afe | File sharing functions
2018-12-17T22:41:21.945090498Z 9 PC: 29a86 | Display string (String= 'Size change=432Ah/17194d. ')
2018-12-17T22:41:21.948829491Z 76 PC: 29ae3 | Terminate with return code (Return code = '1')
2018-12-17T22:41:21.951364963Z 53 PC: 14194 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:41:21.952545389Z 37 PC: 1419d | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:41:21.954425581Z 53 PC: 14194 | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:41:21.955490822Z 37 PC: 1419d | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:41:21.956468508Z 53 PC: 14194 | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:41:21.958607846Z 37 PC: 1419d | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:41:21.960077667Z 53 PC: 14194 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:41:21.96152737Z 37 PC: 1419d | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:41:21.964154534Z 53 PC: 14194 | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:41:21.965585181Z 37 PC: 1419d | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:41:21.96695315Z 53 PC: 14194 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:41:21.969653012Z 37 PC: 1419d | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:41:21.971006704Z 53 PC: 14194 | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:41:21.972476164Z 37 PC: 1419d | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:41:21.974157081Z 53 PC: 14194 | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:41:21.975410926Z 37 PC: 1419d | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:41:21.977165331Z 53 PC: 14194 | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:41:21.978605366Z 37 PC: 1419d | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:41:21.979871604Z 53 PC: 14194 | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:41:21.98212148Z 37 PC: 1419d | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:41:21.983603363Z 53 PC: 14194 | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:41:21.984981441Z 37 PC: 1419d | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:41:21.987582507Z 53 PC: 14194 | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:41:21.989468529Z 37 PC: 1419d | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:41:21.990878106Z 53 PC: 14194 | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:41:21.992805687Z 37 PC: 1419d | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:41:21.994350017Z 53 PC: 14194 | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:41:21.995803056Z 37 PC: 1419d | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:41:21.99796132Z 53 PC: 14194 | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:41:21.99951062Z 37 PC: 1419d | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:41:22.000681089Z 53 PC: 14194 | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:41:22.002364561Z 37 PC: 1419d | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:41:22.003526303Z 53 PC: 14194 | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:41:22.004693685Z 37 PC: 1419d | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:41:22.006633769Z 53 PC: 14194 | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:41:22.007823924Z 37 PC: 1419d | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:41:22.008976589Z 53 PC: 14194 | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:41:22.010868553Z 37 PC: 1419d | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:41:22.012216574Z 48 PC: 17a0c | Get DOS version
2018-12-17T22:41:22.013573112Z 26 PC: 1402f | Set disk transfer address
2018-12-17T22:41:22.015245213Z 78 PC: 1403b | Find first file
2018-12-17T22:41:22.020220588Z 48 PC: 17a0c | Get DOS version
2018-12-17T22:41:22.021867401Z 67 PC: 13f91 | Get or set file attributes
2018-12-17T22:41:22.026321196Z 67 PC: 13fb8 | Get or set file attributes
2018-12-17T22:41:22.03377725Z 61 PC: 178be | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:41:22.042475767Z 63 PC: 17991 | Read file or device (Read 17194 bytes on handle 5)
2018-12-17T22:41:22.050522501Z 66 PC: 18082 | Move file pointer
2018-12-17T22:41:22.051749205Z 66 PC: 18090 | Move file pointer
2018-12-17T22:41:22.05379097Z 66 PC: 1809e | Move file pointer
2018-12-17T22:41:22.055012805Z 66 PC: 179f0 | Move file pointer
2018-12-17T22:41:22.056175769Z 63 PC: 17991 | Read file or device (Read 17194 bytes on handle 5)
2018-12-17T22:41:22.062562474Z 66 PC: 179f0 | Move file pointer
2018-12-17T22:41:22.063939451Z 64 PC: 17991 | Write file or device (Write 17194 bytes on handle 5)
2018-12-17T22:41:22.071455818Z 66 PC: 179f0 | Move file pointer
2018-12-17T22:41:22.073570129Z 64 PC: 17991 | Write file or device (Write 2 bytes on handle 5)
2018-12-17T22:41:22.080334344Z 66 PC: 18082 | Move file pointer
2018-12-17T22:41:22.081804244Z 66 PC: 18090 | Move file pointer
2018-12-17T22:41:22.08386785Z 66 PC: 1809e | Move file pointer
2018-12-17T22:41:22.085411239Z 66 PC: 179f0 | Move file pointer
2018-12-17T22:41:22.088341764Z 64 PC: 17991 | Write file or device (Write 17194 bytes on handle 5)
2018-12-17T22:41:22.097285822Z 66 PC: 18082 | Move file pointer
2018-12-17T22:41:22.09857844Z 66 PC: 18090 | Move file pointer
2018-12-17T22:41:22.099792741Z 66 PC: 1809e | Move file pointer
2018-12-17T22:41:22.10174655Z 66 PC: 179f0 | Move file pointer
2018-12-17T22:41:22.10304042Z 64 PC: 17991 | Write file or device (Write 2 bytes on handle 5)
2018-12-17T22:41:22.106800242Z 87 PC: 13fff | Get or set file date and time
2018-12-17T22:41:22.108070568Z 62 PC: 1790e | Close file
2018-12-17T22:41:22.113909705Z 67 PC: 13fb8 | Get or set file attributes
2018-12-17T22:41:22.122185869Z 37 PC: 14371 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:41:22.123211576Z 37 PC: 14371 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:41:22.124658874Z 37 PC: 14371 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:41:22.126364548Z 37 PC: 14371 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:41:22.127458242Z 37 PC: 14371 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:41:22.128604626Z 37 PC: 14371 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:41:22.130170837Z 37 PC: 14371 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:41:22.131295139Z 37 PC: 14371 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:41:22.13243544Z 37 PC: 14371 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:41:22.134045324Z 37 PC: 14371 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:41:22.135144278Z 37 PC: 14371 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:41:22.136365863Z 37 PC: 14371 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:41:22.137679039Z 37 PC: 14371 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:41:22.138784786Z 37 PC: 14371 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:41:22.14036831Z 37 PC: 14371 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:41:22.141416158Z 37 PC: 14371 | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:41:22.142464697Z 37 PC: 14371 | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:41:22.144262805Z 37 PC: 14371 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:41:22.14534103Z 37 PC: 14371 | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:41:22.146563095Z 76 PC: 143b0 | Terminate with return code (Return code = '0')