Sample viewer

vx.netlux.org/Virus.DOS.Guevara.1918

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:08:27.424855718Z	254	PC: 14ac0 \| UNKNOWN!
2018-12-17T23:08:27.426505281Z	98	PC: 14aa6 \| Get current PSP
2018-12-17T23:08:27.427879141Z	53	PC: 14ec3 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:08:27.429122593Z	37	PC: 14edc \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:08:27.431217676Z	42	PC: 14ee0 \| Get date 0x14ee0: sub dl, 0xa 0x14ee3: cmp dl, 0 0x14ee6: je 0x14eef 0x14ee8: jg 0x14ee0 0x14eea: jmp 0x14ac7 0x14eed: jmp 0x14e83 0x14eef: mov ax, 0x1110 0x14ef2: mov bh, 0x10 0x14ef4: xor bl, bl 0x14ef6: mov cx, 1 0x14ef9: mov dx, 0xe7 0x14efc: mov bp, 0x65a 0x14eff: int 0x10 0x14f01: mov dx, 0xe8 0x14f04: mov bp, 0x66a 0x14f07: int 0x10 0x14f09: mov dx, 0xe9 0x14f0c: mov bp, 0x67a 0x14f0f: int 0x10 0x14f11: mov dx, 0xea
2018-12-17T23:08:27.434376239Z	9	PC: 12a86 \| Display string (String= 'Goat file (COM/....). Size=00001FA4h/0000008100d bytes. ')
2018-12-17T23:08:27.43987141Z	48	PC: 12a8f \| Get DOS version
2018-12-17T23:08:27.441208194Z	61	PC: 12b5c \| Open file (Filename = '')
2018-12-17T23:08:27.44828846Z	93	PC: 12afe \| File sharing functions
2018-12-17T23:08:27.450631341Z	9	PC: 12a86 \| Display string (String= 'Size change=077Eh/01918d. ')
2018-12-17T23:08:27.455251967Z	76	PC: 12ae3 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16195,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:45:43.393553946Z	254	PC: 14ac0 \| UNKNOWN!
2018-12-25T12:45:43.394856627Z	98	PC: 14aa6 \| Get current PSP
2018-12-25T12:45:43.395659765Z	53	PC: 14ec3 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:45:43.39670003Z	37	PC: 14edc \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:45:43.398000194Z	42	PC: 14ee0 \| Get date 0x14ee0: sub dl, 0xa 0x14ee3: cmp dl, 0 0x14ee6: je 0x14eef 0x14ee8: jg 0x14ee0 0x14eea: jmp 0x14ac7 0x14eed: jmp 0x14e83 0x14eef: mov ax, 0x1110 0x14ef2: mov bh, 0x10 0x14ef4: xor bl, bl 0x14ef6: mov cx, 1 0x14ef9: mov dx, 0xe7 0x14efc: mov bp, 0x65a 0x14eff: int 0x10 0x14f01: mov dx, 0xe8 0x14f04: mov bp, 0x66a 0x14f07: int 0x10 0x14f09: mov dx, 0xe9 0x14f0c: mov bp, 0x67a 0x14f0f: int 0x10 0x14f11: mov dx, 0xea
2018-12-25T12:45:43.400299988Z	9	PC: 12a86 \| Display string (String= 'Goat file (COM/....). Size=00001FA4h/0000008100d bytes. ')
2018-12-25T12:45:43.406117661Z	48	PC: 12a8f \| Get DOS version
2018-12-25T12:45:43.408038873Z	61	PC: 12b5c \| Open file (Filename = '')
2018-12-25T12:45:43.414577565Z	93	PC: 12afe \| File sharing functions
2018-12-25T12:45:43.416368773Z	9	PC: 12a86 \| Display string (See above)
2018-12-25T12:45:43.420689273Z	76	PC: 12ae3 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":14,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16195,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:45:43.754138773Z	254	PC: 14ac0 \| UNKNOWN!
2018-12-25T12:45:43.755127465Z	98	PC: 14aa6 \| Get current PSP
2018-12-25T12:45:43.755781316Z	53	PC: 14ec3 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:45:43.757092555Z	37	PC: 14edc \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:45:43.758444281Z	42	PC: 14ee0 \| Get date 0x14ee0: sub dl, 0xa 0x14ee3: cmp dl, 0 0x14ee6: je 0x14eef 0x14ee8: jg 0x14ee0 0x14eea: jmp 0x14ac7 0x14eed: jmp 0x14e83 0x14eef: mov ax, 0x1110 0x14ef2: mov bh, 0x10 0x14ef4: xor bl, bl 0x14ef6: mov cx, 1 0x14ef9: mov dx, 0xe7 0x14efc: mov bp, 0x65a 0x14eff: int 0x10 0x14f01: mov dx, 0xe8 0x14f04: mov bp, 0x66a 0x14f07: int 0x10 0x14f09: mov dx, 0xe9 0x14f0c: mov bp, 0x67a 0x14f0f: int 0x10 0x14f11: mov dx, 0xea
2018-12-25T12:45:43.760028304Z	9	PC: 12a86 \| Display string (String= 'Goat file (COM/....). Size=00001FA4h/0000008100d bytes. ')
2018-12-25T12:45:43.765241607Z	48	PC: 12a8f \| Get DOS version
2018-12-25T12:45:43.766677051Z	61	PC: 12b5c \| Open file (Filename = '')
2018-12-25T12:45:43.773130675Z	93	PC: 12afe \| File sharing functions
2018-12-25T12:45:43.774805253Z	9	PC: 12a86 \| Display string (See above)
2018-12-25T12:45:43.779071115Z	76	PC: 12ae3 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":20,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16195,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:45:44.550428967Z	254	PC: 14ac0 \| UNKNOWN!
2018-12-25T12:45:44.551669296Z	98	PC: 14aa6 \| Get current PSP
2018-12-25T12:45:44.552333841Z	53	PC: 14ec3 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:45:44.553315678Z	37	PC: 14edc \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:45:44.555031994Z	42	PC: 14ee0 \| Get date 0x14ee0: sub dl, 0xa 0x14ee3: cmp dl, 0 0x14ee6: je 0x14eef 0x14ee8: jg 0x14ee0 0x14eea: jmp 0x14ac7 0x14eed: jmp 0x14e83 0x14eef: mov ax, 0x1110 0x14ef2: mov bh, 0x10 0x14ef4: xor bl, bl 0x14ef6: mov cx, 1 0x14ef9: mov dx, 0xe7 0x14efc: mov bp, 0x65a 0x14eff: int 0x10 0x14f01: mov dx, 0xe8 0x14f04: mov bp, 0x66a 0x14f07: int 0x10 0x14f09: mov dx, 0xe9 0x14f0c: mov bp, 0x67a 0x14f0f: int 0x10 0x14f11: mov dx, 0xea
2018-12-25T12:45:44.557383597Z	37	PC: 14fa1 \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:45:44.558136719Z	76	PC: 14fa5 \| Terminate with return code (Return code = '28')

{"DateBased":true,"Day":28,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16195,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:45:44.599043298Z	254	PC: 14ac0 \| UNKNOWN!
2018-12-25T12:45:44.600222751Z	98	PC: 14aa6 \| Get current PSP
2018-12-25T12:45:44.600956747Z	53	PC: 14ec3 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:45:44.601972114Z	37	PC: 14edc \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:45:44.603500799Z	42	PC: 14ee0 \| Get date 0x14ee0: sub dl, 0xa 0x14ee3: cmp dl, 0 0x14ee6: je 0x14eef 0x14ee8: jg 0x14ee0 0x14eea: jmp 0x14ac7 0x14eed: jmp 0x14e83 0x14eef: mov ax, 0x1110 0x14ef2: mov bh, 0x10 0x14ef4: xor bl, bl 0x14ef6: mov cx, 1 0x14ef9: mov dx, 0xe7 0x14efc: mov bp, 0x65a 0x14eff: int 0x10 0x14f01: mov dx, 0xe8 0x14f04: mov bp, 0x66a 0x14f07: int 0x10 0x14f09: mov dx, 0xe9 0x14f0c: mov bp, 0x67a 0x14f0f: int 0x10 0x14f11: mov dx, 0xea
2018-12-25T12:45:44.605588409Z	9	PC: 12a86 \| Display string (String= 'Goat file (COM/....). Size=00001FA4h/0000008100d bytes. ')
2018-12-25T12:45:44.611207963Z	48	PC: 12a8f \| Get DOS version
2018-12-25T12:45:44.61299598Z	61	PC: 12b5c \| Open file (Filename = '')
2018-12-25T12:45:44.617749854Z	93	PC: 12afe \| File sharing functions
2018-12-25T12:45:44.619108068Z	9	PC: 12a86 \| Display string (See above)
2018-12-25T12:45:44.629856728Z	76	PC: 12ae3 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":30,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16195,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:45:44.636157225Z	254	PC: 14ac0 \| UNKNOWN!
2018-12-25T12:45:44.637711015Z	98	PC: 14aa6 \| Get current PSP
2018-12-25T12:45:44.63859825Z	53	PC: 14ec3 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:45:44.639692151Z	37	PC: 14edc \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:45:44.64413324Z	42	PC: 14ee0 \| Get date 0x14ee0: sub dl, 0xa 0x14ee3: cmp dl, 0 0x14ee6: je 0x14eef 0x14ee8: jg 0x14ee0 0x14eea: jmp 0x14ac7 0x14eed: jmp 0x14e83 0x14eef: mov ax, 0x1110 0x14ef2: mov bh, 0x10 0x14ef4: xor bl, bl 0x14ef6: mov cx, 1 0x14ef9: mov dx, 0xe7 0x14efc: mov bp, 0x65a 0x14eff: int 0x10 0x14f01: mov dx, 0xe8 0x14f04: mov bp, 0x66a 0x14f07: int 0x10 0x14f09: mov dx, 0xe9 0x14f0c: mov bp, 0x67a 0x14f0f: int 0x10 0x14f11: mov dx, 0xea
2018-12-25T12:45:44.647851511Z	37	PC: 14fa1 \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:45:44.648953151Z	76	PC: 14fa5 \| Terminate with return code (Return code = '28')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16195,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:45:45.43305577Z	254	PC: 14ac0 \| UNKNOWN!
2018-12-25T12:45:45.434344281Z	98	PC: 14aa6 \| Get current PSP
2018-12-25T12:45:45.435211137Z	53	PC: 14ec3 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:45:45.436408597Z	37	PC: 14edc \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:45:45.437931838Z	42	PC: 14ee0 \| Get date 0x14ee0: sub dl, 0xa 0x14ee3: cmp dl, 0 0x14ee6: je 0x14eef 0x14ee8: jg 0x14ee0 0x14eea: jmp 0x14ac7 0x14eed: jmp 0x14e83 0x14eef: mov ax, 0x1110 0x14ef2: mov bh, 0x10 0x14ef4: xor bl, bl 0x14ef6: mov cx, 1 0x14ef9: mov dx, 0xe7 0x14efc: mov bp, 0x65a 0x14eff: int 0x10 0x14f01: mov dx, 0xe8 0x14f04: mov bp, 0x66a 0x14f07: int 0x10 0x14f09: mov dx, 0xe9 0x14f0c: mov bp, 0x67a 0x14f0f: int 0x10 0x14f11: mov dx, 0xea
2018-12-25T12:45:45.440051726Z	9	PC: 12a86 \| Display string (String= 'Goat file (COM/....). Size=00001FA4h/0000008100d bytes. ')
2018-12-25T12:45:45.445164817Z	48	PC: 12a8f \| Get DOS version
2018-12-25T12:45:45.446854726Z	61	PC: 12b5c \| Open file (Filename = '')
2018-12-25T12:45:45.456310768Z	93	PC: 12afe \| File sharing functions
2018-12-25T12:45:45.458091546Z	9	PC: 12a86 \| Display string (See above)
2018-12-25T12:45:45.463204978Z	76	PC: 12ae3 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":4,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16195,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:45:45.483336485Z	254	PC: 14ac0 \| UNKNOWN!
2018-12-25T12:45:45.484932035Z	98	PC: 14aa6 \| Get current PSP
2018-12-25T12:45:45.485808475Z	53	PC: 14ec3 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:45:45.487095106Z	37	PC: 14edc \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:45:45.489059162Z	42	PC: 14ee0 \| Get date 0x14ee0: sub dl, 0xa 0x14ee3: cmp dl, 0 0x14ee6: je 0x14eef 0x14ee8: jg 0x14ee0 0x14eea: jmp 0x14ac7 0x14eed: jmp 0x14e83 0x14eef: mov ax, 0x1110 0x14ef2: mov bh, 0x10 0x14ef4: xor bl, bl 0x14ef6: mov cx, 1 0x14ef9: mov dx, 0xe7 0x14efc: mov bp, 0x65a 0x14eff: int 0x10 0x14f01: mov dx, 0xe8 0x14f04: mov bp, 0x66a 0x14f07: int 0x10 0x14f09: mov dx, 0xe9 0x14f0c: mov bp, 0x67a 0x14f0f: int 0x10 0x14f11: mov dx, 0xea
2018-12-25T12:45:45.491564974Z	9	PC: 12a86 \| Display string (String= 'Goat file (COM/....). Size=00001FA4h/0000008100d bytes. ')
2018-12-25T12:45:45.496963122Z	48	PC: 12a8f \| Get DOS version
2018-12-25T12:45:45.498686099Z	61	PC: 12b5c \| Open file (Filename = '')
2018-12-25T12:45:45.50609106Z	93	PC: 12afe \| File sharing functions
2018-12-25T12:45:45.50789253Z	9	PC: 12a86 \| Display string (See above)
2018-12-25T12:45:45.512760519Z	76	PC: 12ae3 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":6,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16195,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:45:46.410250508Z	254	PC: 14ac0 \| UNKNOWN!
2018-12-25T12:45:46.411450461Z	98	PC: 14aa6 \| Get current PSP
2018-12-25T12:45:46.4121892Z	53	PC: 14ec3 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:45:46.413211563Z	37	PC: 14edc \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:45:46.414562835Z	42	PC: 14ee0 \| Get date 0x14ee0: sub dl, 0xa 0x14ee3: cmp dl, 0 0x14ee6: je 0x14eef 0x14ee8: jg 0x14ee0 0x14eea: jmp 0x14ac7 0x14eed: jmp 0x14e83 0x14eef: mov ax, 0x1110 0x14ef2: mov bh, 0x10 0x14ef4: xor bl, bl 0x14ef6: mov cx, 1 0x14ef9: mov dx, 0xe7 0x14efc: mov bp, 0x65a 0x14eff: int 0x10 0x14f01: mov dx, 0xe8 0x14f04: mov bp, 0x66a 0x14f07: int 0x10 0x14f09: mov dx, 0xe9 0x14f0c: mov bp, 0x67a 0x14f0f: int 0x10 0x14f11: mov dx, 0xea
2018-12-25T12:45:46.416426686Z	9	PC: 12a86 \| Display string (String= 'Goat file (COM/....). Size=00001FA4h/0000008100d bytes. ')
2018-12-25T12:45:46.4203748Z	48	PC: 12a8f \| Get DOS version
2018-12-25T12:45:46.421737775Z	61	PC: 12b5c \| Open file (Filename = '')
2018-12-25T12:45:46.429156601Z	93	PC: 12afe \| File sharing functions
2018-12-25T12:45:46.430580596Z	9	PC: 12a86 \| Display string (See above)
2018-12-25T12:45:46.434118077Z	76	PC: 12ae3 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":10,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16195,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:45:47.466636057Z	254	PC: 14ac0 \| UNKNOWN!
2018-12-25T12:45:47.467865253Z	98	PC: 14aa6 \| Get current PSP
2018-12-25T12:45:47.468610614Z	53	PC: 14ec3 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:45:47.469595036Z	37	PC: 14edc \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:45:47.471218968Z	42	PC: 14ee0 \| Get date 0x14ee0: sub dl, 0xa 0x14ee3: cmp dl, 0 0x14ee6: je 0x14eef 0x14ee8: jg 0x14ee0 0x14eea: jmp 0x14ac7 0x14eed: jmp 0x14e83 0x14eef: mov ax, 0x1110 0x14ef2: mov bh, 0x10 0x14ef4: xor bl, bl 0x14ef6: mov cx, 1 0x14ef9: mov dx, 0xe7 0x14efc: mov bp, 0x65a 0x14eff: int 0x10 0x14f01: mov dx, 0xe8 0x14f04: mov bp, 0x66a 0x14f07: int 0x10 0x14f09: mov dx, 0xe9 0x14f0c: mov bp, 0x67a 0x14f0f: int 0x10 0x14f11: mov dx, 0xea
2018-12-25T12:45:47.47494469Z	37	PC: 14fa1 \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:45:47.475972426Z	76	PC: 14fa5 \| Terminate with return code (Return code = '28')

{"DateBased":true,"Day":16,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16195,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:45:47.498879372Z	254	PC: 14ac0 \| UNKNOWN!
2018-12-25T12:45:47.500031759Z	98	PC: 14aa6 \| Get current PSP
2018-12-25T12:45:47.500753566Z	53	PC: 14ec3 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:45:47.501906824Z	37	PC: 14edc \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:45:47.503541998Z	42	PC: 14ee0 \| Get date 0x14ee0: sub dl, 0xa 0x14ee3: cmp dl, 0 0x14ee6: je 0x14eef 0x14ee8: jg 0x14ee0 0x14eea: jmp 0x14ac7 0x14eed: jmp 0x14e83 0x14eef: mov ax, 0x1110 0x14ef2: mov bh, 0x10 0x14ef4: xor bl, bl 0x14ef6: mov cx, 1 0x14ef9: mov dx, 0xe7 0x14efc: mov bp, 0x65a 0x14eff: int 0x10 0x14f01: mov dx, 0xe8 0x14f04: mov bp, 0x66a 0x14f07: int 0x10 0x14f09: mov dx, 0xe9 0x14f0c: mov bp, 0x67a 0x14f0f: int 0x10 0x14f11: mov dx, 0xea
2018-12-25T12:45:47.50565282Z	9	PC: 12a86 \| Display string (String= 'Goat file (COM/....). Size=00001FA4h/0000008100d bytes. ')
2018-12-25T12:45:47.510901099Z	48	PC: 12a8f \| Get DOS version
2018-12-25T12:45:47.512372506Z	61	PC: 12b5c \| Open file (Filename = '')
2018-12-25T12:45:47.518858335Z	93	PC: 12afe \| File sharing functions
2018-12-25T12:45:47.520932024Z	9	PC: 12a86 \| Display string (See above)
2018-12-25T12:45:47.525153964Z	76	PC: 12ae3 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":18,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16195,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:45:48.487829571Z	254	PC: 14ac0 \| UNKNOWN!
2018-12-25T12:45:48.488618263Z	98	PC: 14aa6 \| Get current PSP
2018-12-25T12:45:48.489468949Z	53	PC: 14ec3 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:45:48.490923966Z	37	PC: 14edc \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:45:48.491937151Z	42	PC: 14ee0 \| Get date 0x14ee0: sub dl, 0xa 0x14ee3: cmp dl, 0 0x14ee6: je 0x14eef 0x14ee8: jg 0x14ee0 0x14eea: jmp 0x14ac7 0x14eed: jmp 0x14e83 0x14eef: mov ax, 0x1110 0x14ef2: mov bh, 0x10 0x14ef4: xor bl, bl 0x14ef6: mov cx, 1 0x14ef9: mov dx, 0xe7 0x14efc: mov bp, 0x65a 0x14eff: int 0x10 0x14f01: mov dx, 0xe8 0x14f04: mov bp, 0x66a 0x14f07: int 0x10 0x14f09: mov dx, 0xe9 0x14f0c: mov bp, 0x67a 0x14f0f: int 0x10 0x14f11: mov dx, 0xea
2018-12-25T12:45:48.494001192Z	9	PC: 12a86 \| Display string (String= 'Goat file (COM/....). Size=00001FA4h/0000008100d bytes. ')
2018-12-25T12:45:48.511413476Z	48	PC: 12a8f \| Get DOS version
2018-12-25T12:45:48.512486929Z	61	PC: 12b5c \| Open file (Filename = '')
2018-12-25T12:45:48.518929822Z	93	PC: 12afe \| File sharing functions
2018-12-25T12:45:48.520903108Z	9	PC: 12a86 \| Display string (See above)
2018-12-25T12:45:48.524732835Z	76	PC: 12ae3 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":12,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16195,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:45:48.614116312Z	254	PC: 14ac0 \| UNKNOWN!
2018-12-25T12:45:48.614724848Z	98	PC: 14aa6 \| Get current PSP
2018-12-25T12:45:48.615668721Z	53	PC: 14ec3 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:45:48.616577365Z	37	PC: 14edc \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:45:48.617542408Z	42	PC: 14ee0 \| Get date 0x14ee0: sub dl, 0xa 0x14ee3: cmp dl, 0 0x14ee6: je 0x14eef 0x14ee8: jg 0x14ee0 0x14eea: jmp 0x14ac7 0x14eed: jmp 0x14e83 0x14eef: mov ax, 0x1110 0x14ef2: mov bh, 0x10 0x14ef4: xor bl, bl 0x14ef6: mov cx, 1 0x14ef9: mov dx, 0xe7 0x14efc: mov bp, 0x65a 0x14eff: int 0x10 0x14f01: mov dx, 0xe8 0x14f04: mov bp, 0x66a 0x14f07: int 0x10 0x14f09: mov dx, 0xe9 0x14f0c: mov bp, 0x67a 0x14f0f: int 0x10 0x14f11: mov dx, 0xea
2018-12-25T12:45:48.619988893Z	9	PC: 12a86 \| Display string (String= 'Goat file (COM/....). Size=00001FA4h/0000008100d bytes. ')
2018-12-25T12:45:48.626378433Z	48	PC: 12a8f \| Get DOS version
2018-12-25T12:45:48.627417902Z	61	PC: 12b5c \| Open file (Filename = '')
2018-12-25T12:45:48.643370378Z	93	PC: 12afe \| File sharing functions
2018-12-25T12:45:48.645066975Z	9	PC: 12a86 \| Display string (See above)
2018-12-25T12:45:48.64877206Z	76	PC: 12ae3 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":22,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16195,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:45:48.793608177Z	254	PC: 14ac0 \| UNKNOWN!
2018-12-25T12:45:48.794840686Z	98	PC: 14aa6 \| Get current PSP
2018-12-25T12:45:48.795575145Z	53	PC: 14ec3 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:45:48.79658697Z	37	PC: 14edc \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:45:48.798031133Z	42	PC: 14ee0 \| Get date 0x14ee0: sub dl, 0xa 0x14ee3: cmp dl, 0 0x14ee6: je 0x14eef 0x14ee8: jg 0x14ee0 0x14eea: jmp 0x14ac7 0x14eed: jmp 0x14e83 0x14eef: mov ax, 0x1110 0x14ef2: mov bh, 0x10 0x14ef4: xor bl, bl 0x14ef6: mov cx, 1 0x14ef9: mov dx, 0xe7 0x14efc: mov bp, 0x65a 0x14eff: int 0x10 0x14f01: mov dx, 0xe8 0x14f04: mov bp, 0x66a 0x14f07: int 0x10 0x14f09: mov dx, 0xe9 0x14f0c: mov bp, 0x67a 0x14f0f: int 0x10 0x14f11: mov dx, 0xea
2018-12-25T12:45:48.800413106Z	9	PC: 12a86 \| Display string (String= 'Goat file (COM/....). Size=00001FA4h/0000008100d bytes. ')
2018-12-25T12:45:48.805583366Z	48	PC: 12a8f \| Get DOS version
2018-12-25T12:45:48.807281261Z	61	PC: 12b5c \| Open file (Filename = '')
2018-12-25T12:45:48.813966699Z	93	PC: 12afe \| File sharing functions
2018-12-25T12:45:48.816197105Z	9	PC: 12a86 \| Display string (See above)
2018-12-25T12:45:48.820092758Z	76	PC: 12ae3 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":24,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16195,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:45:48.905555749Z	254	PC: 14ac0 \| UNKNOWN!
2018-12-25T12:45:48.906680925Z	98	PC: 14aa6 \| Get current PSP
2018-12-25T12:45:48.907227681Z	53	PC: 14ec3 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:45:48.908094027Z	37	PC: 14edc \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:45:48.909405048Z	42	PC: 14ee0 \| Get date 0x14ee0: sub dl, 0xa 0x14ee3: cmp dl, 0 0x14ee6: je 0x14eef 0x14ee8: jg 0x14ee0 0x14eea: jmp 0x14ac7 0x14eed: jmp 0x14e83 0x14eef: mov ax, 0x1110 0x14ef2: mov bh, 0x10 0x14ef4: xor bl, bl 0x14ef6: mov cx, 1 0x14ef9: mov dx, 0xe7 0x14efc: mov bp, 0x65a 0x14eff: int 0x10 0x14f01: mov dx, 0xe8 0x14f04: mov bp, 0x66a 0x14f07: int 0x10 0x14f09: mov dx, 0xe9 0x14f0c: mov bp, 0x67a 0x14f0f: int 0x10 0x14f11: mov dx, 0xea
2018-12-25T12:45:48.910971987Z	9	PC: 12a86 \| Display string (String= 'Goat file (COM/....). Size=00001FA4h/0000008100d bytes. ')
2018-12-25T12:45:48.914053014Z	48	PC: 12a8f \| Get DOS version
2018-12-25T12:45:48.915409038Z	61	PC: 12b5c \| Open file (Filename = '')
2018-12-25T12:45:48.91950773Z	93	PC: 12afe \| File sharing functions
2018-12-25T12:45:48.920749406Z	9	PC: 12a86 \| Display string (See above)
2018-12-25T12:45:48.923560743Z	76	PC: 12ae3 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":8,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16195,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:45:50.908196795Z	254	PC: 14ac0 \| UNKNOWN!
2018-12-25T12:45:50.910930027Z	98	PC: 14aa6 \| Get current PSP
2018-12-25T12:45:50.911684123Z	53	PC: 14ec3 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:45:50.912759111Z	37	PC: 14edc \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:45:50.91604358Z	42	PC: 14ee0 \| Get date 0x14ee0: sub dl, 0xa 0x14ee3: cmp dl, 0 0x14ee6: je 0x14eef 0x14ee8: jg 0x14ee0 0x14eea: jmp 0x14ac7 0x14eed: jmp 0x14e83 0x14eef: mov ax, 0x1110 0x14ef2: mov bh, 0x10 0x14ef4: xor bl, bl 0x14ef6: mov cx, 1 0x14ef9: mov dx, 0xe7 0x14efc: mov bp, 0x65a 0x14eff: int 0x10 0x14f01: mov dx, 0xe8 0x14f04: mov bp, 0x66a 0x14f07: int 0x10 0x14f09: mov dx, 0xe9 0x14f0c: mov bp, 0x67a 0x14f0f: int 0x10 0x14f11: mov dx, 0xea
2018-12-25T12:45:50.918157164Z	9	PC: 12a86 \| Display string (String= 'Goat file (COM/....). Size=00001FA4h/0000008100d bytes. ')
2018-12-25T12:45:50.923325103Z	48	PC: 12a8f \| Get DOS version
2018-12-25T12:45:50.924918183Z	61	PC: 12b5c \| Open file (Filename = '')
2018-12-25T12:45:50.931415182Z	93	PC: 12afe \| File sharing functions
2018-12-25T12:45:50.933217761Z	9	PC: 12a86 \| Display string (See above)
2018-12-25T12:45:50.937671181Z	76	PC: 12ae3 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":26,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16195,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:45:52.007594166Z	254	PC: 14ac0 \| UNKNOWN!
2018-12-25T12:45:52.008623416Z	98	PC: 14aa6 \| Get current PSP
2018-12-25T12:45:52.009272314Z	53	PC: 14ec3 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:45:52.010239243Z	37	PC: 14edc \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:45:52.011588485Z	42	PC: 14ee0 \| Get date 0x14ee0: sub dl, 0xa 0x14ee3: cmp dl, 0 0x14ee6: je 0x14eef 0x14ee8: jg 0x14ee0 0x14eea: jmp 0x14ac7 0x14eed: jmp 0x14e83 0x14eef: mov ax, 0x1110 0x14ef2: mov bh, 0x10 0x14ef4: xor bl, bl 0x14ef6: mov cx, 1 0x14ef9: mov dx, 0xe7 0x14efc: mov bp, 0x65a 0x14eff: int 0x10 0x14f01: mov dx, 0xe8 0x14f04: mov bp, 0x66a 0x14f07: int 0x10 0x14f09: mov dx, 0xe9 0x14f0c: mov bp, 0x67a 0x14f0f: int 0x10 0x14f11: mov dx, 0xea
2018-12-25T12:45:52.013671563Z	9	PC: 12a86 \| Display string (String= 'Goat file (COM/....). Size=00001FA4h/0000008100d bytes. ')
2018-12-25T12:45:52.018847505Z	48	PC: 12a8f \| Get DOS version
2018-12-25T12:45:52.020303689Z	61	PC: 12b5c \| Open file (Filename = '')
2018-12-25T12:45:52.026682912Z	93	PC: 12afe \| File sharing functions
2018-12-25T12:45:52.028330802Z	9	PC: 12a86 \| Display string (See above)
2018-12-25T12:45:52.032397039Z	76	PC: 12ae3 \| Terminate with return code (Return code = '1')