Sample viewer

vx.netlux.org/Virus.DOS.IVP.RedPlague.1615

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:57:11.184784734Z	26	PC: 13671 \| Set disk transfer address
2018-12-17T22:57:11.186860677Z	53	PC: 13478 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:57:11.189619774Z	37	PC: 1348a \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:57:11.19133555Z	71	PC: 13496 \| Get current directory
2018-12-17T22:57:11.194913296Z	78	PC: 1350c \| Find first file
2018-12-17T22:57:11.202891806Z	78	PC: 1350c \| Find first file
2018-12-17T22:57:11.209574359Z	61	PC: 1367a \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:57:11.216854205Z	63	PC: 13527 \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:57:11.225109625Z	62	PC: 1352b \| Close file
2018-12-17T22:57:11.227174778Z	79	PC: 1350c \| Find next file
2018-12-17T22:57:11.230226916Z	61	PC: 1367a \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:57:11.238970363Z	63	PC: 13527 \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:57:11.246178856Z	62	PC: 1352b \| Close file
2018-12-17T22:57:11.248470033Z	79	PC: 1350c \| Find next file
2018-12-17T22:57:11.253099176Z	61	PC: 1367a \| Open file (Filename = 'HELLO.COM')
2018-12-17T22:57:11.260721936Z	63	PC: 13527 \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:57:11.267740451Z	62	PC: 1352b \| Close file
2018-12-17T22:57:11.270028303Z	79	PC: 1350c \| Find next file
2018-12-17T22:57:11.274103845Z	61	PC: 1367a \| Open file (Filename = 'PHANG.COM')
2018-12-17T22:57:11.281162114Z	63	PC: 13527 \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:57:11.287929667Z	62	PC: 1352b \| Close file
2018-12-17T22:57:11.296950427Z	79	PC: 1350c \| Find next file
2018-12-17T22:57:11.30254277Z	61	PC: 1367a \| Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:57:11.31056937Z	63	PC: 13527 \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:57:11.320909099Z	62	PC: 1352b \| Close file
2018-12-17T22:57:11.324094778Z	79	PC: 1350c \| Find next file
2018-12-17T22:57:11.327225804Z	61	PC: 1367a \| Open file (Filename = 'MANDEL.COM')
2018-12-17T22:57:11.33532486Z	63	PC: 13527 \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:57:11.343053981Z	62	PC: 1352b \| Close file
2018-12-17T22:57:11.345565834Z	67	PC: 13685 \| Get or set file attributes
2018-12-17T22:57:11.363754528Z	61	PC: 1367a \| Open file (Filename = 'MANDEL.COM')
2018-12-17T22:57:11.371400102Z	64	PC: 13618 \| Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:57:11.375139863Z	66	PC: 1366c \| Move file pointer
2018-12-17T22:57:11.377721506Z	44	PC: 13623 \| Get time 0x13623: cmp dh, 0 0x13626: je 0x1361f 0x13628: mov byte ptr cs:[bp + 0x6ca], dh 0x1362d: call 0x137d6 0x13630: inc byte ptr cs:[bp + 0x773] 0x13635: mov ax, 0x5701 0x13638: mov cx, word ptr cs:[bp + 0x7e6] 0x1363d: mov dx, word ptr cs:[bp + 0x7e8] 0x13642: int 0x21 0x13644: mov ah, 0x3e 0x13646: int 0x21 0x13648: xor cx, cx 0x1364a: mov cl, byte ptr cs:[bp + 0x7e5] 0x1364f: call 0x1367c 0x13652: ret 0x13653: mov ah, 0x2a 0x13655: int 0x21 0x13657: cmp al, 5 0x13659: jb 0x13663 0x1365b: mov ah, 9
2018-12-17T22:57:11.389890393Z	64	PC: 138d7 \| Write file or device (Write 1615 bytes on handle 5)
2018-12-17T22:57:11.400095169Z	87	PC: 13644 \| Get or set file date and time
2018-12-17T22:57:11.402069711Z	62	PC: 13648 \| Close file
2018-12-17T22:57:11.416267462Z	67	PC: 13685 \| Get or set file attributes
2018-12-17T22:57:11.431688665Z	79	PC: 1350c \| Find next file
2018-12-17T22:57:11.436578117Z	61	PC: 1367a \| Open file (Filename = 'PAH.COM')
2018-12-17T22:57:11.449050726Z	63	PC: 13527 \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:57:11.456549363Z	62	PC: 1352b \| Close file
2018-12-17T22:57:11.458791859Z	79	PC: 1350c \| Find next file
2018-12-17T22:57:11.462942572Z	61	PC: 1367a \| Open file (Filename = 'TEST.COM')
2018-12-17T22:57:11.470318569Z	63	PC: 13527 \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:57:11.473344859Z	62	PC: 1352b \| Close file
2018-12-17T22:57:11.476365868Z	79	PC: 1350c \| Find next file
2018-12-17T22:57:11.479314592Z	59	PC: 134ac \| Change current directory
2018-12-17T22:57:11.484003907Z	42	PC: 13657 \| Get date 0x13657: cmp al, 5 0x13659: jb 0x13663 0x1365b: mov ah, 9 0x1365d: lea dx, word ptr [bp + 0x56f] 0x13661: int 0x21 0x13663: ret 0x13664: mov ah, 0x42 0x13666: xor cx, cx 0x13668: xor dx, dx 0x1366a: int 0x21 0x1366c: ret 0x1366d: mov ah, 0x1a 0x1366f: int 0x21 0x13671: ret 0x13672: mov ah, 0x3d 0x13674: lea dx, word ptr [bp + 0x7ee] 0x13678: int 0x21 0x1367a: xchg ax, bx 0x1367b: ret 0x1367c: mov ax, 0x4301
2018-12-17T22:57:11.488206278Z	37	PC: 134bb \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:57:11.489806576Z	59	PC: 134c5 \| Change current directory
2018-12-17T22:57:11.491985402Z	26	PC: 13671 \| Set disk transfer address
2018-12-17T22:57:11.493591141Z	9	PC: 12a86 \| Display string (String= 'Goat file (COM/....). Size=00000834h/0000002100d bytes. ')
2018-12-17T22:57:11.502019908Z	48	PC: 12a8f \| Get DOS version
2018-12-17T22:57:11.503589899Z	61	PC: 12b5c \| Open file (Filename = '')
2018-12-17T22:57:11.510772302Z	93	PC: 12afe \| File sharing functions
2018-12-17T22:57:11.516906905Z	9	PC: 12a86 \| Display string (String= 'Size change=064Fh/01615d. ')
2018-12-17T22:57:11.522451049Z	76	PC: 12ae3 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":12466,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:33:01.87228261Z	26	PC: 13671 \| Set disk transfer address
2018-12-25T12:33:01.873668072Z	53	PC: 13478 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:33:01.874843547Z	37	PC: 1348a \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:33:01.882789205Z	71	PC: 13496 \| Get current directory
2018-12-25T12:33:01.886227778Z	78	PC: 1350c \| Find first file
2018-12-25T12:33:01.89068491Z	78	PC: 1350c \| Find first file (See above)
2018-12-25T12:33:01.894732893Z	61	PC: 1367a \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:33:01.899133459Z	63	PC: 13527 \| Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:33:01.905876802Z	62	PC: 1352b \| Close file
2018-12-25T12:33:01.907961099Z	79	PC: 1350c \| Find next file (See above)
2018-12-25T12:33:01.910669804Z	61	PC: 1367a \| Open file (See above)
2018-12-25T12:33:01.925244288Z	63	PC: 13527 \| Read file or device (See above)
2018-12-25T12:33:01.931509582Z	62	PC: 1352b \| Close file (See above)
2018-12-25T12:33:01.933543769Z	79	PC: 1350c \| Find next file (See above)
2018-12-25T12:33:01.936762954Z	61	PC: 1367a \| Open file (See above)
2018-12-25T12:33:01.943989881Z	63	PC: 13527 \| Read file or device (See above)
2018-12-25T12:33:01.950519597Z	62	PC: 1352b \| Close file (See above)
2018-12-25T12:33:01.953430767Z	79	PC: 1350c \| Find next file (See above)
2018-12-25T12:33:01.957074953Z	61	PC: 1367a \| Open file (See above)
2018-12-25T12:33:01.963751336Z	63	PC: 13527 \| Read file or device (See above)
2018-12-25T12:33:01.971926257Z	62	PC: 1352b \| Close file (See above)
2018-12-25T12:33:01.973837387Z	79	PC: 1350c \| Find next file (See above)
2018-12-25T12:33:01.976928286Z	61	PC: 1367a \| Open file (See above)
2018-12-25T12:33:01.998070608Z	63	PC: 13527 \| Read file or device (See above)
2018-12-25T12:33:02.002604918Z	62	PC: 1352b \| Close file (See above)
2018-12-25T12:33:02.004049662Z	79	PC: 1350c \| Find next file (See above)
2018-12-25T12:33:02.007043324Z	61	PC: 1367a \| Open file (See above)
2018-12-25T12:33:02.011686456Z	63	PC: 13527 \| Read file or device (See above)
2018-12-25T12:33:02.016981241Z	62	PC: 1352b \| Close file (See above)
2018-12-25T12:33:02.018930566Z	67	PC: 13685 \| Get or set file attributes
2018-12-25T12:33:02.033570101Z	61	PC: 1367a \| Open file (See above)
2018-12-25T12:33:02.038108662Z	64	PC: 13618 \| Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:33:02.042326779Z	66	PC: 1366c \| Move file pointer
2018-12-25T12:33:02.04399727Z	44	PC: 13623 \| Get time 0x13623: cmp dh, 0 0x13626: je 0x1361f 0x13628: mov byte ptr cs:[bp + 0x6ca], dh 0x1362d: call 0x137d6 0x13630: inc byte ptr cs:[bp + 0x773] 0x13635: mov ax, 0x5701 0x13638: mov cx, word ptr cs:[bp + 0x7e6] 0x1363d: mov dx, word ptr cs:[bp + 0x7e8] 0x13642: int 0x21 0x13644: mov ah, 0x3e 0x13646: int 0x21 0x13648: xor cx, cx 0x1364a: mov cl, byte ptr cs:[bp + 0x7e5] 0x1364f: call 0x1367c 0x13652: ret 0x13653: mov ah, 0x2a 0x13655: int 0x21 0x13657: cmp al, 5 0x13659: jb 0x13663 0x1365b: mov ah, 9
2018-12-25T12:33:02.047270259Z	64	PC: 138d7 \| Write file or device (Write 1615 bytes on handle 5)
2018-12-25T12:33:02.057847025Z	87	PC: 13644 \| Get or set file date and time
2018-12-25T12:33:02.087679949Z	62	PC: 13648 \| Close file
2018-12-25T12:33:02.095991856Z	67	PC: 13685 \| Get or set file attributes (See above)
2018-12-25T12:33:02.12309967Z	79	PC: 1350c \| Find next file (See above)
2018-12-25T12:33:02.126075774Z	61	PC: 1367a \| Open file (See above)
2018-12-25T12:33:02.132477781Z	63	PC: 13527 \| Read file or device (See above)
2018-12-25T12:33:02.145993324Z	62	PC: 1352b \| Close file (See above)
2018-12-25T12:33:02.14877725Z	79	PC: 1350c \| Find next file (See above)
2018-12-25T12:33:02.152102029Z	61	PC: 1367a \| Open file (See above)
2018-12-25T12:33:02.160271353Z	63	PC: 13527 \| Read file or device (See above)
2018-12-25T12:33:02.16342245Z	62	PC: 1352b \| Close file (See above)
2018-12-25T12:33:02.165575566Z	79	PC: 1350c \| Find next file (See above)
2018-12-25T12:33:02.169017692Z	59	PC: 134ac \| Change current directory
2018-12-25T12:33:02.173658797Z	42	PC: 13657 \| Get date 0x13657: cmp al, 5 0x13659: jb 0x13663 0x1365b: mov ah, 9 0x1365d: lea dx, word ptr [bp + 0x56f] 0x13661: int 0x21 0x13663: ret 0x13664: mov ah, 0x42 0x13666: xor cx, cx 0x13668: xor dx, dx 0x1366a: int 0x21 0x1366c: ret 0x1366d: mov ah, 0x1a 0x1366f: int 0x21 0x13671: ret 0x13672: mov ah, 0x3d 0x13674: lea dx, word ptr [bp + 0x7ee] 0x13678: int 0x21 0x1367a: xchg ax, bx 0x1367b: ret 0x1367c: mov ax, 0x4301
2018-12-25T12:33:02.176089093Z	37	PC: 134bb \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:33:02.177498432Z	59	PC: 134c5 \| Change current directory
2018-12-25T12:33:02.180557176Z	26	PC: 13671 \| Set disk transfer address (See above)
2018-12-25T12:33:02.18194328Z	9	PC: 12a86 \| Display string (String= 'Goat file (COM/....). Size=00000834h/0000002100d bytes. ')
2018-12-25T12:33:02.187588676Z	48	PC: 12a8f \| Get DOS version
2018-12-25T12:33:02.19017433Z	61	PC: 12b5c \| Open file (Filename = '')
2018-12-25T12:33:02.194339458Z	93	PC: 12afe \| File sharing functions
2018-12-25T12:33:02.196210473Z	9	PC: 12a86 \| Display string (See above)
2018-12-25T12:33:02.201131687Z	76	PC: 12ae3 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":12466,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:33:01.874906678Z	26	PC: 13671 \| Set disk transfer address
2018-12-25T12:33:01.876360688Z	53	PC: 13478 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:33:01.877384806Z	37	PC: 1348a \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:33:01.878753531Z	71	PC: 13496 \| Get current directory
2018-12-25T12:33:01.881472006Z	78	PC: 1350c \| Find first file
2018-12-25T12:33:01.885568816Z	78	PC: 1350c \| Find first file (See above)
2018-12-25T12:33:01.889810135Z	61	PC: 1367a \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:33:01.894706734Z	63	PC: 13527 \| Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:33:01.899197136Z	62	PC: 1352b \| Close file
2018-12-25T12:33:01.900597132Z	79	PC: 1350c \| Find next file (See above)
2018-12-25T12:33:01.902641164Z	61	PC: 1367a \| Open file (See above)
2018-12-25T12:33:01.910838288Z	63	PC: 13527 \| Read file or device (See above)
2018-12-25T12:33:01.915619129Z	62	PC: 1352b \| Close file (See above)
2018-12-25T12:33:01.918247152Z	79	PC: 1350c \| Find next file (See above)
2018-12-25T12:33:01.921017569Z	61	PC: 1367a \| Open file (See above)
2018-12-25T12:33:01.928298213Z	63	PC: 13527 \| Read file or device (See above)
2018-12-25T12:33:01.934811019Z	62	PC: 1352b \| Close file (See above)
2018-12-25T12:33:01.936988421Z	79	PC: 1350c \| Find next file (See above)
2018-12-25T12:33:01.938894421Z	61	PC: 1367a \| Open file (See above)
2018-12-25T12:33:01.944815604Z	63	PC: 13527 \| Read file or device (See above)
2018-12-25T12:33:01.952869603Z	62	PC: 1352b \| Close file (See above)
2018-12-25T12:33:01.971828034Z	79	PC: 1350c \| Find next file (See above)
2018-12-25T12:33:01.974843918Z	61	PC: 1367a \| Open file (See above)
2018-12-25T12:33:01.98389536Z	63	PC: 13527 \| Read file or device (See above)
2018-12-25T12:33:02.005018504Z	62	PC: 1352b \| Close file (See above)
2018-12-25T12:33:02.008393445Z	79	PC: 1350c \| Find next file (See above)
2018-12-25T12:33:02.020802992Z	61	PC: 1367a \| Open file (See above)
2018-12-25T12:33:02.032268689Z	63	PC: 13527 \| Read file or device (See above)
2018-12-25T12:33:02.04951311Z	62	PC: 1352b \| Close file (See above)
2018-12-25T12:33:02.051991976Z	67	PC: 13685 \| Get or set file attributes
2018-12-25T12:33:02.06893083Z	61	PC: 1367a \| Open file (See above)
2018-12-25T12:33:02.076616028Z	64	PC: 13618 \| Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:33:02.079925303Z	66	PC: 1366c \| Move file pointer
2018-12-25T12:33:02.08537782Z	44	PC: 13623 \| Get time 0x13623: cmp dh, 0 0x13626: je 0x1361f 0x13628: mov byte ptr cs:[bp + 0x6ca], dh 0x1362d: call 0x137d6 0x13630: inc byte ptr cs:[bp + 0x773] 0x13635: mov ax, 0x5701 0x13638: mov cx, word ptr cs:[bp + 0x7e6] 0x1363d: mov dx, word ptr cs:[bp + 0x7e8] 0x13642: int 0x21 0x13644: mov ah, 0x3e 0x13646: int 0x21 0x13648: xor cx, cx 0x1364a: mov cl, byte ptr cs:[bp + 0x7e5] 0x1364f: call 0x1367c 0x13652: ret 0x13653: mov ah, 0x2a 0x13655: int 0x21 0x13657: cmp al, 5 0x13659: jb 0x13663 0x1365b: mov ah, 9
2018-12-25T12:33:02.088249456Z	64	PC: 138d7 \| Write file or device (Write 1615 bytes on handle 5)
2018-12-25T12:33:02.097956331Z	87	PC: 13644 \| Get or set file date and time
2018-12-25T12:33:02.10046633Z	62	PC: 13648 \| Close file
2018-12-25T12:33:02.115327195Z	67	PC: 13685 \| Get or set file attributes (See above)
2018-12-25T12:33:02.144971646Z	79	PC: 1350c \| Find next file (See above)
2018-12-25T12:33:02.149263122Z	61	PC: 1367a \| Open file (See above)
2018-12-25T12:33:02.156390885Z	63	PC: 13527 \| Read file or device (See above)
2018-12-25T12:33:02.163028391Z	62	PC: 1352b \| Close file (See above)
2018-12-25T12:33:02.1662684Z	79	PC: 1350c \| Find next file (See above)
2018-12-25T12:33:02.169174723Z	61	PC: 1367a \| Open file (See above)
2018-12-25T12:33:02.176183985Z	63	PC: 13527 \| Read file or device (See above)
2018-12-25T12:33:02.185400474Z	62	PC: 1352b \| Close file (See above)
2018-12-25T12:33:02.187902842Z	79	PC: 1350c \| Find next file (See above)
2018-12-25T12:33:02.19043938Z	59	PC: 134ac \| Change current directory
2018-12-25T12:33:02.194885981Z	42	PC: 13657 \| Get date 0x13657: cmp al, 5 0x13659: jb 0x13663 0x1365b: mov ah, 9 0x1365d: lea dx, word ptr [bp + 0x56f] 0x13661: int 0x21 0x13663: ret 0x13664: mov ah, 0x42 0x13666: xor cx, cx 0x13668: xor dx, dx 0x1366a: int 0x21 0x1366c: ret 0x1366d: mov ah, 0x1a 0x1366f: int 0x21 0x13671: ret 0x13672: mov ah, 0x3d 0x13674: lea dx, word ptr [bp + 0x7ee] 0x13678: int 0x21 0x1367a: xchg ax, bx 0x1367b: ret 0x1367c: mov ax, 0x4301
2018-12-25T12:33:02.198552349Z	37	PC: 134bb \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:33:02.199650183Z	59	PC: 134c5 \| Change current directory
2018-12-25T12:33:02.201389831Z	26	PC: 13671 \| Set disk transfer address (See above)
2018-12-25T12:33:02.203439934Z	9	PC: 12a86 \| Display string (String= 'Goat file (COM/....). Size=00000834h/0000002100d bytes. ')
2018-12-25T12:33:02.209148902Z	48	PC: 12a8f \| Get DOS version
2018-12-25T12:33:02.210655513Z	61	PC: 12b5c \| Open file (Filename = '')
2018-12-25T12:33:02.219011155Z	93	PC: 12afe \| File sharing functions
2018-12-25T12:33:02.222595568Z	9	PC: 12a86 \| Display string (See above)
2018-12-25T12:33:02.231010467Z	76	PC: 12ae3 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":12466,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:33:02.564224637Z	26	PC: 13671 \| Set disk transfer address
2018-12-25T12:33:02.566251451Z	53	PC: 13478 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:33:02.572014515Z	37	PC: 1348a \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:33:02.57318671Z	71	PC: 13496 \| Get current directory
2018-12-25T12:33:02.576473117Z	78	PC: 1350c \| Find first file
2018-12-25T12:33:02.596492536Z	78	PC: 1350c \| Find first file (See above)
2018-12-25T12:33:02.603343139Z	61	PC: 1367a \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:33:02.610036803Z	63	PC: 13527 \| Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:33:02.628541341Z	62	PC: 1352b \| Close file
2018-12-25T12:33:02.631814285Z	79	PC: 1350c \| Find next file (See above)
2018-12-25T12:33:02.634740727Z	61	PC: 1367a \| Open file (See above)
2018-12-25T12:33:02.641890015Z	63	PC: 13527 \| Read file or device (See above)
2018-12-25T12:33:02.648271506Z	62	PC: 1352b \| Close file (See above)
2018-12-25T12:33:02.650289653Z	79	PC: 1350c \| Find next file (See above)
2018-12-25T12:33:02.653735851Z	61	PC: 1367a \| Open file (See above)
2018-12-25T12:33:02.675034203Z	63	PC: 13527 \| Read file or device (See above)
2018-12-25T12:33:02.688614582Z	62	PC: 1352b \| Close file (See above)
2018-12-25T12:33:02.691043898Z	79	PC: 1350c \| Find next file (See above)
2018-12-25T12:33:02.693857558Z	61	PC: 1367a \| Open file (See above)
2018-12-25T12:33:02.700473164Z	63	PC: 13527 \| Read file or device (See above)
2018-12-25T12:33:02.707907751Z	62	PC: 1352b \| Close file (See above)
2018-12-25T12:33:02.709766839Z	79	PC: 1350c \| Find next file (See above)
2018-12-25T12:33:02.712816929Z	61	PC: 1367a \| Open file (See above)
2018-12-25T12:33:02.720356525Z	63	PC: 13527 \| Read file or device (See above)
2018-12-25T12:33:02.72739712Z	62	PC: 1352b \| Close file (See above)
2018-12-25T12:33:02.72947173Z	79	PC: 1350c \| Find next file (See above)
2018-12-25T12:33:02.73278565Z	61	PC: 1367a \| Open file (See above)
2018-12-25T12:33:02.73942777Z	63	PC: 13527 \| Read file or device (See above)
2018-12-25T12:33:02.745547605Z	62	PC: 1352b \| Close file (See above)
2018-12-25T12:33:02.748619224Z	67	PC: 13685 \| Get or set file attributes
2018-12-25T12:33:02.766695919Z	61	PC: 1367a \| Open file (See above)
2018-12-25T12:33:02.773193292Z	64	PC: 13618 \| Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:33:02.776777604Z	66	PC: 1366c \| Move file pointer
2018-12-25T12:33:02.778528467Z	44	PC: 13623 \| Get time 0x13623: cmp dh, 0 0x13626: je 0x1361f 0x13628: mov byte ptr cs:[bp + 0x6ca], dh 0x1362d: call 0x137d6 0x13630: inc byte ptr cs:[bp + 0x773] 0x13635: mov ax, 0x5701 0x13638: mov cx, word ptr cs:[bp + 0x7e6] 0x1363d: mov dx, word ptr cs:[bp + 0x7e8] 0x13642: int 0x21 0x13644: mov ah, 0x3e 0x13646: int 0x21 0x13648: xor cx, cx 0x1364a: mov cl, byte ptr cs:[bp + 0x7e5] 0x1364f: call 0x1367c 0x13652: ret 0x13653: mov ah, 0x2a 0x13655: int 0x21 0x13657: cmp al, 5 0x13659: jb 0x13663 0x1365b: mov ah, 9
2018-12-25T12:33:02.781110248Z	64	PC: 138d7 \| Write file or device (Write 1615 bytes on handle 5)
2018-12-25T12:33:02.790327595Z	87	PC: 13644 \| Get or set file date and time
2018-12-25T12:33:02.792021264Z	62	PC: 13648 \| Close file
2018-12-25T12:33:02.800514647Z	67	PC: 13685 \| Get or set file attributes (See above)
2018-12-25T12:33:02.810787848Z	79	PC: 1350c \| Find next file (See above)
2018-12-25T12:33:02.813937063Z	61	PC: 1367a \| Open file (See above)
2018-12-25T12:33:02.821265802Z	63	PC: 13527 \| Read file or device (See above)
2018-12-25T12:33:02.83179826Z	62	PC: 1352b \| Close file (See above)
2018-12-25T12:33:02.834705261Z	79	PC: 1350c \| Find next file (See above)
2018-12-25T12:33:02.837690839Z	61	PC: 1367a \| Open file (See above)
2018-12-25T12:33:02.844322414Z	63	PC: 13527 \| Read file or device (See above)
2018-12-25T12:33:02.848067516Z	62	PC: 1352b \| Close file (See above)
2018-12-25T12:33:02.850377823Z	79	PC: 1350c \| Find next file (See above)
2018-12-25T12:33:02.853024844Z	59	PC: 134ac \| Change current directory
2018-12-25T12:33:02.858084296Z	42	PC: 13657 \| Get date 0x13657: cmp al, 5 0x13659: jb 0x13663 0x1365b: mov ah, 9 0x1365d: lea dx, word ptr [bp + 0x56f] 0x13661: int 0x21 0x13663: ret 0x13664: mov ah, 0x42 0x13666: xor cx, cx 0x13668: xor dx, dx 0x1366a: int 0x21 0x1366c: ret 0x1366d: mov ah, 0x1a 0x1366f: int 0x21 0x13671: ret 0x13672: mov ah, 0x3d 0x13674: lea dx, word ptr [bp + 0x7ee] 0x13678: int 0x21 0x1367a: xchg ax, bx 0x1367b: ret 0x1367c: mov ax, 0x4301
2018-12-25T12:33:02.860763852Z	37	PC: 134bb \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:33:02.862139431Z	59	PC: 134c5 \| Change current directory
2018-12-25T12:33:02.864845Z	26	PC: 13671 \| Set disk transfer address (See above)
2018-12-25T12:33:02.866402961Z	9	PC: 12a86 \| Display string (String= 'Goat file (COM/....). Size=00000834h/0000002100d bytes. ')
2018-12-25T12:33:02.87198139Z	48	PC: 12a8f \| Get DOS version
2018-12-25T12:33:02.873589483Z	61	PC: 12b5c \| Open file (Filename = '')
2018-12-25T12:33:02.880483662Z	93	PC: 12afe \| File sharing functions
2018-12-25T12:33:02.882556104Z	9	PC: 12a86 \| Display string (See above)
2018-12-25T12:33:02.88666245Z	76	PC: 12ae3 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":12466,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:33:03.063897726Z	26	PC: 13671 \| Set disk transfer address
2018-12-25T12:33:03.066002169Z	53	PC: 13478 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:33:03.067171467Z	37	PC: 1348a \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:33:03.068276098Z	71	PC: 13496 \| Get current directory
2018-12-25T12:33:03.071610143Z	78	PC: 1350c \| Find first file
2018-12-25T12:33:03.078010426Z	78	PC: 1350c \| Find first file (See above)
2018-12-25T12:33:03.08365902Z	61	PC: 1367a \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:33:03.091012932Z	63	PC: 13527 \| Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:33:03.097116387Z	62	PC: 1352b \| Close file
2018-12-25T12:33:03.098813686Z	79	PC: 1350c \| Find next file (See above)
2018-12-25T12:33:03.101588214Z	61	PC: 1367a \| Open file (See above)
2018-12-25T12:33:03.113011134Z	63	PC: 13527 \| Read file or device (See above)
2018-12-25T12:33:03.130958261Z	62	PC: 1352b \| Close file (See above)
2018-12-25T12:33:03.133094785Z	79	PC: 1350c \| Find next file (See above)
2018-12-25T12:33:03.136540497Z	61	PC: 1367a \| Open file (See above)
2018-12-25T12:33:03.151593614Z	63	PC: 13527 \| Read file or device (See above)
2018-12-25T12:33:03.158520175Z	62	PC: 1352b \| Close file (See above)
2018-12-25T12:33:03.161659077Z	79	PC: 1350c \| Find next file (See above)
2018-12-25T12:33:03.170998467Z	61	PC: 1367a \| Open file (See above)
2018-12-25T12:33:03.185751299Z	63	PC: 13527 \| Read file or device (See above)
2018-12-25T12:33:03.192817251Z	62	PC: 1352b \| Close file (See above)
2018-12-25T12:33:03.206882137Z	79	PC: 1350c \| Find next file (See above)
2018-12-25T12:33:03.210167957Z	61	PC: 1367a \| Open file (See above)
2018-12-25T12:33:03.217889308Z	63	PC: 13527 \| Read file or device (See above)
2018-12-25T12:33:03.232724315Z	62	PC: 1352b \| Close file (See above)
2018-12-25T12:33:03.239763921Z	79	PC: 1350c \| Find next file (See above)
2018-12-25T12:33:03.24713947Z	61	PC: 1367a \| Open file (See above)
2018-12-25T12:33:03.253998234Z	63	PC: 13527 \| Read file or device (See above)
2018-12-25T12:33:03.260522341Z	62	PC: 1352b \| Close file (See above)
2018-12-25T12:33:03.26354124Z	67	PC: 13685 \| Get or set file attributes
2018-12-25T12:33:03.294867977Z	61	PC: 1367a \| Open file (See above)
2018-12-25T12:33:03.302537028Z	64	PC: 13618 \| Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:33:03.306264303Z	66	PC: 1366c \| Move file pointer
2018-12-25T12:33:03.30845134Z	44	PC: 13623 \| Get time 0x13623: cmp dh, 0 0x13626: je 0x1361f 0x13628: mov byte ptr cs:[bp + 0x6ca], dh 0x1362d: call 0x137d6 0x13630: inc byte ptr cs:[bp + 0x773] 0x13635: mov ax, 0x5701 0x13638: mov cx, word ptr cs:[bp + 0x7e6] 0x1363d: mov dx, word ptr cs:[bp + 0x7e8] 0x13642: int 0x21 0x13644: mov ah, 0x3e 0x13646: int 0x21 0x13648: xor cx, cx 0x1364a: mov cl, byte ptr cs:[bp + 0x7e5] 0x1364f: call 0x1367c 0x13652: ret 0x13653: mov ah, 0x2a 0x13655: int 0x21 0x13657: cmp al, 5 0x13659: jb 0x13663 0x1365b: mov ah, 9
2018-12-25T12:33:03.311418578Z	64	PC: 138d7 \| Write file or device (Write 1615 bytes on handle 5)
2018-12-25T12:33:03.321213617Z	87	PC: 13644 \| Get or set file date and time
2018-12-25T12:33:03.323519744Z	62	PC: 13648 \| Close file
2018-12-25T12:33:03.331271291Z	67	PC: 13685 \| Get or set file attributes (See above)
2018-12-25T12:33:03.342196697Z	79	PC: 1350c \| Find next file (See above)
2018-12-25T12:33:03.34559735Z	61	PC: 1367a \| Open file (See above)
2018-12-25T12:33:03.352394232Z	63	PC: 13527 \| Read file or device (See above)
2018-12-25T12:33:03.3592109Z	62	PC: 1352b \| Close file (See above)
2018-12-25T12:33:03.361535282Z	79	PC: 1350c \| Find next file (See above)
2018-12-25T12:33:03.364418308Z	61	PC: 1367a \| Open file (See above)
2018-12-25T12:33:03.371283972Z	63	PC: 13527 \| Read file or device (See above)
2018-12-25T12:33:03.375083352Z	62	PC: 1352b \| Close file (See above)
2018-12-25T12:33:03.377059139Z	79	PC: 1350c \| Find next file (See above)
2018-12-25T12:33:03.390484352Z	59	PC: 134ac \| Change current directory
2018-12-25T12:33:03.4003551Z	42	PC: 13657 \| Get date 0x13657: cmp al, 5 0x13659: jb 0x13663 0x1365b: mov ah, 9 0x1365d: lea dx, word ptr [bp + 0x56f] 0x13661: int 0x21 0x13663: ret 0x13664: mov ah, 0x42 0x13666: xor cx, cx 0x13668: xor dx, dx 0x1366a: int 0x21 0x1366c: ret 0x1366d: mov ah, 0x1a 0x1366f: int 0x21 0x13671: ret 0x13672: mov ah, 0x3d 0x13674: lea dx, word ptr [bp + 0x7ee] 0x13678: int 0x21 0x1367a: xchg ax, bx 0x1367b: ret 0x1367c: mov ax, 0x4301
2018-12-25T12:33:03.402768235Z	37	PC: 134bb \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:33:03.404395918Z	59	PC: 134c5 \| Change current directory
2018-12-25T12:33:03.407254397Z	26	PC: 13671 \| Set disk transfer address (See above)
2018-12-25T12:33:03.40864235Z	9	PC: 12a86 \| Display string (String= 'Goat file (COM/....). Size=00000834h/0000002100d bytes. ')
2018-12-25T12:33:03.41425783Z	48	PC: 12a8f \| Get DOS version
2018-12-25T12:33:03.416242253Z	61	PC: 12b5c \| Open file (Filename = '')
2018-12-25T12:33:03.423530447Z	93	PC: 12afe \| File sharing functions
2018-12-25T12:33:03.425573918Z	9	PC: 12a86 \| Display string (See above)
2018-12-25T12:33:03.43059615Z	76	PC: 12ae3 \| Terminate with return code (Return code = '1')