Sample viewer

vx.netlux.org/Virus.DOS.StealthBomber

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:23:29.662727567Z	37	PC: 131df \| Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:23:29.672510086Z	255	PC: 131e5 \| UNKNOWN!
2018-12-17T22:23:29.673430359Z	82	PC: 131fb \| Get DOS internal pointers (SYSVARS)
2018-12-17T22:23:29.674457859Z	53	PC: 13208 \| Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:23:29.676352442Z	53	PC: 13217 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:23:29.677475944Z	37	PC: 1322b \| Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:23:29.679142766Z	48	PC: 1323f \| Get DOS version
2018-12-17T22:23:29.681543227Z	37	PC: 13259 \| Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:23:29.706143816Z	9	PC: 28a44 \| Display string (String= 'Generic triage goat. ')
2018-12-17T22:23:29.707364237Z	42	PC: 9f4f9 \| Get date 0x9f4f9: cmp dh, 8 0x9f4fc: jne 0x9f514 0x9f4fe: cmp dl, 0x1f 0x9f501: jne 0x9f514 0x9f503: cmp byte ptr cs:[0x19], 0 0x9f509: jne 0x9f514 0x9f50b: call 0xaf1a0 0x9f50e: mov byte ptr cs:[0x19], 0xff 0x9f514: pop dx 0x9f515: pop cx 0x9f516: pop bx 0x9f517: pop ax 0x9f518: cmp ax, 0x4b00 0x9f51b: jne 0x9f520 0x9f51d: jmp 0x9f6bb 0x9f520: cmp ah, 0x11 0x9f523: je 0x9f54d 0x9f525: cmp ah, 0x12 0x9f528: je 0x9f54d 0x9f52a: cmp ah, 0x4e
2018-12-17T22:23:29.710054258Z	9	PC: 9f6cf \| Display string (String= 'Generic triage goat. ')
2018-12-17T22:23:29.714325368Z	76	PC: 2cd00 \| Terminate with return code (Return code = '0')
2018-12-17T22:23:29.715324163Z	76	PC: 9f4ed \| Terminate with return code (Return code = '0')
2018-12-17T22:23:29.71882126Z	77	PC: f401 \| Get program return code
2018-12-17T22:23:29.720150599Z	42	PC: 9f4f9 \| Get date 0x9f4f9: cmp dh, 8 0x9f4fc: jne 0x9f514 0x9f4fe: cmp dl, 0x1f 0x9f501: jne 0x9f514 0x9f503: cmp byte ptr cs:[0x19], 0 0x9f509: jne 0x9f514 0x9f50b: call 0xaf1a0 0x9f50e: mov byte ptr cs:[0x19], 0xff 0x9f514: pop dx 0x9f515: pop cx 0x9f516: pop bx 0x9f517: pop ax 0x9f518: cmp ax, 0x4b00 0x9f51b: jne 0x9f520 0x9f51d: jmp 0x9f6bb 0x9f520: cmp ah, 0x11 0x9f523: je 0x9f54d 0x9f525: cmp ah, 0x12 0x9f528: je 0x9f54d 0x9f52a: cmp ah, 0x4e
2018-12-17T22:23:29.722224403Z	77	PC: 9f6cf \| Get program return code
2018-12-17T22:23:29.723525682Z	72	PC: 10840 \| Allocate memory
2018-12-17T22:23:29.724960401Z	42	PC: 9f4f9 \| Get date 0x9f4f9: cmp dh, 8 0x9f4fc: jne 0x9f514 0x9f4fe: cmp dl, 0x1f 0x9f501: jne 0x9f514 0x9f503: cmp byte ptr cs:[0x19], 0 0x9f509: jne 0x9f514 0x9f50b: call 0xaf1a0 0x9f50e: mov byte ptr cs:[0x19], 0xff 0x9f514: pop dx 0x9f515: pop cx 0x9f516: pop bx 0x9f517: pop ax 0x9f518: cmp ax, 0x4b00 0x9f51b: jne 0x9f520 0x9f51d: jmp 0x9f6bb 0x9f520: cmp ah, 0x11 0x9f523: je 0x9f54d 0x9f525: cmp ah, 0x12 0x9f528: je 0x9f54d 0x9f52a: cmp ah, 0x4e
2018-12-17T22:23:29.728032743Z	72	PC: 9f6ad \| Allocate memory
2018-12-17T22:23:29.730041173Z	72	PC: 109ea \| Allocate memory
2018-12-17T22:23:29.731773091Z	42	PC: 9f4f9 \| Get date 0x9f4f9: cmp dh, 8 0x9f4fc: jne 0x9f514 0x9f4fe: cmp dl, 0x1f 0x9f501: jne 0x9f514 0x9f503: cmp byte ptr cs:[0x19], 0 0x9f509: jne 0x9f514 0x9f50b: call 0xaf1a0 0x9f50e: mov byte ptr cs:[0x19], 0xff 0x9f514: pop dx 0x9f515: pop cx 0x9f516: pop bx 0x9f517: pop ax 0x9f518: cmp ax, 0x4b00 0x9f51b: jne 0x9f520 0x9f51d: jmp 0x9f6bb 0x9f520: cmp ah, 0x11 0x9f523: je 0x9f54d 0x9f525: cmp ah, 0x12 0x9f528: je 0x9f54d 0x9f52a: cmp ah, 0x4e
2018-12-17T22:23:29.73394523Z	72	PC: 9f6ad \| Allocate memory
2018-12-17T22:23:29.73634225Z	37	PC: 10a62 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:23:29.737735704Z	42	PC: 9f4f9 \| Get date 0x9f4f9: cmp dh, 8 0x9f4fc: jne 0x9f514 0x9f4fe: cmp dl, 0x1f 0x9f501: jne 0x9f514 0x9f503: cmp byte ptr cs:[0x19], 0 0x9f509: jne 0x9f514 0x9f50b: call 0xaf1a0 0x9f50e: mov byte ptr cs:[0x19], 0xff 0x9f514: pop dx 0x9f515: pop cx 0x9f516: pop bx 0x9f517: pop ax 0x9f518: cmp ax, 0x4b00 0x9f51b: jne 0x9f520 0x9f51d: jmp 0x9f6bb 0x9f520: cmp ah, 0x11 0x9f523: je 0x9f54d 0x9f525: cmp ah, 0x12 0x9f528: je 0x9f54d 0x9f52a: cmp ah, 0x4e
2018-12-17T22:23:29.739890383Z	37	PC: 9f6cf \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:23:29.741096255Z	37	PC: 10ad3 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:23:29.74260904Z	42	PC: 9f4f9 \| Get date 0x9f4f9: cmp dh, 8 0x9f4fc: jne 0x9f514 0x9f4fe: cmp dl, 0x1f 0x9f501: jne 0x9f514 0x9f503: cmp byte ptr cs:[0x19], 0 0x9f509: jne 0x9f514 0x9f50b: call 0xaf1a0 0x9f50e: mov byte ptr cs:[0x19], 0xff 0x9f514: pop dx 0x9f515: pop cx 0x9f516: pop bx 0x9f517: pop ax 0x9f518: cmp ax, 0x4b00 0x9f51b: jne 0x9f520 0x9f51d: jmp 0x9f6bb 0x9f520: cmp ah, 0x11 0x9f523: je 0x9f54d 0x9f525: cmp ah, 0x12 0x9f528: je 0x9f54d 0x9f52a: cmp ah, 0x4e
2018-12-17T22:23:29.744928644Z	37	PC: 9f6cf \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:23:29.7460824Z	37	PC: 10b44 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:23:29.747414381Z	42	PC: 9f4f9 \| Get date 0x9f4f9: cmp dh, 8 0x9f4fc: jne 0x9f514 0x9f4fe: cmp dl, 0x1f 0x9f501: jne 0x9f514 0x9f503: cmp byte ptr cs:[0x19], 0 0x9f509: jne 0x9f514 0x9f50b: call 0xaf1a0 0x9f50e: mov byte ptr cs:[0x19], 0xff 0x9f514: pop dx 0x9f515: pop cx 0x9f516: pop bx 0x9f517: pop ax 0x9f518: cmp ax, 0x4b00 0x9f51b: jne 0x9f520 0x9f51d: jmp 0x9f6bb 0x9f520: cmp ah, 0x11 0x9f523: je 0x9f54d 0x9f525: cmp ah, 0x12 0x9f528: je 0x9f54d 0x9f52a: cmp ah, 0x4e
2018-12-17T22:23:29.749628572Z	37	PC: 9f6cf \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:23:29.750811103Z	62	PC: 111d4 \| Close file
2018-12-17T22:23:29.756650883Z	42	PC: 9f4f9 \| Get date 0x9f4f9: cmp dh, 8 0x9f4fc: jne 0x9f514 0x9f4fe: cmp dl, 0x1f 0x9f501: jne 0x9f514 0x9f503: cmp byte ptr cs:[0x19], 0 0x9f509: jne 0x9f514 0x9f50b: call 0xaf1a0 0x9f50e: mov byte ptr cs:[0x19], 0xff 0x9f514: pop dx 0x9f515: pop cx 0x9f516: pop bx 0x9f517: pop ax 0x9f518: cmp ax, 0x4b00 0x9f51b: jne 0x9f520 0x9f51d: jmp 0x9f6bb 0x9f520: cmp ah, 0x11 0x9f523: je 0x9f54d 0x9f525: cmp ah, 0x12 0x9f528: je 0x9f54d 0x9f52a: cmp ah, 0x4e
2018-12-17T22:23:29.759289134Z	62	PC: 9f6cf \| Close file
2018-12-17T22:23:29.760840437Z	62	PC: 111b6 \| Close file
2018-12-17T22:23:29.762904009Z	42	PC: 9f4f9 \| Get date 0x9f4f9: cmp dh, 8 0x9f4fc: jne 0x9f514 0x9f4fe: cmp dl, 0x1f 0x9f501: jne 0x9f514 0x9f503: cmp byte ptr cs:[0x19], 0 0x9f509: jne 0x9f514 0x9f50b: call 0xaf1a0 0x9f50e: mov byte ptr cs:[0x19], 0xff 0x9f514: pop dx 0x9f515: pop cx 0x9f516: pop bx 0x9f517: pop ax 0x9f518: cmp ax, 0x4b00 0x9f51b: jne 0x9f520 0x9f51d: jmp 0x9f6bb 0x9f520: cmp ah, 0x11 0x9f523: je 0x9f54d 0x9f525: cmp ah, 0x12 0x9f528: je 0x9f54d 0x9f52a: cmp ah, 0x4e
2018-12-17T22:23:29.765194392Z	62	PC: 9f6cf \| Close file
2018-12-17T22:23:29.766850143Z	62	PC: 111b6 \| Close file
2018-12-17T22:23:29.768363139Z	42	PC: 9f4f9 \| Get date 0x9f4f9: cmp dh, 8 0x9f4fc: jne 0x9f514 0x9f4fe: cmp dl, 0x1f 0x9f501: jne 0x9f514 0x9f503: cmp byte ptr cs:[0x19], 0 0x9f509: jne 0x9f514 0x9f50b: call 0xaf1a0 0x9f50e: mov byte ptr cs:[0x19], 0xff 0x9f514: pop dx 0x9f515: pop cx 0x9f516: pop bx 0x9f517: pop ax 0x9f518: cmp ax, 0x4b00 0x9f51b: jne 0x9f520 0x9f51d: jmp 0x9f6bb 0x9f520: cmp ah, 0x11 0x9f523: je 0x9f54d 0x9f525: cmp ah, 0x12 0x9f528: je 0x9f54d 0x9f52a: cmp ah, 0x4e
2018-12-17T22:23:29.771428145Z	62	PC: 9f6cf \| Close file
2018-12-17T22:23:29.776991181Z	62	PC: 111b6 \| Close file
2018-12-17T22:23:29.778964084Z	42	PC: 9f4f9 \| Get date 0x9f4f9: cmp dh, 8 0x9f4fc: jne 0x9f514 0x9f4fe: cmp dl, 0x1f 0x9f501: jne 0x9f514 0x9f503: cmp byte ptr cs:[0x19], 0 0x9f509: jne 0x9f514 0x9f50b: call 0xaf1a0 0x9f50e: mov byte ptr cs:[0x19], 0xff 0x9f514: pop dx 0x9f515: pop cx 0x9f516: pop bx 0x9f517: pop ax 0x9f518: cmp ax, 0x4b00 0x9f51b: jne 0x9f520 0x9f51d: jmp 0x9f6bb 0x9f520: cmp ah, 0x11 0x9f523: je 0x9f54d 0x9f525: cmp ah, 0x12 0x9f528: je 0x9f54d 0x9f52a: cmp ah, 0x4e
2018-12-17T22:23:29.782252033Z	62	PC: 9f6cf \| Close file
2018-12-17T22:23:29.784364758Z	62	PC: 111b6 \| Close file
2018-12-17T22:23:29.787147332Z	42	PC: 9f4f9 \| Get date 0x9f4f9: cmp dh, 8 0x9f4fc: jne 0x9f514 0x9f4fe: cmp dl, 0x1f 0x9f501: jne 0x9f514 0x9f503: cmp byte ptr cs:[0x19], 0 0x9f509: jne 0x9f514 0x9f50b: call 0xaf1a0 0x9f50e: mov byte ptr cs:[0x19], 0xff 0x9f514: pop dx 0x9f515: pop cx 0x9f516: pop bx 0x9f517: pop ax 0x9f518: cmp ax, 0x4b00 0x9f51b: jne 0x9f520 0x9f51d: jmp 0x9f6bb 0x9f520: cmp ah, 0x11 0x9f523: je 0x9f54d 0x9f525: cmp ah, 0x12 0x9f528: je 0x9f54d 0x9f52a: cmp ah, 0x4e
2018-12-17T22:23:29.789613419Z	62	PC: 9f6cf \| Close file
2018-12-17T22:23:29.791140884Z	62	PC: 111b6 \| Close file
2018-12-17T22:23:29.792825912Z	42	PC: 9f4f9 \| Get date 0x9f4f9: cmp dh, 8 0x9f4fc: jne 0x9f514 0x9f4fe: cmp dl, 0x1f 0x9f501: jne 0x9f514 0x9f503: cmp byte ptr cs:[0x19], 0 0x9f509: jne 0x9f514 0x9f50b: call 0xaf1a0 0x9f50e: mov byte ptr cs:[0x19], 0xff 0x9f514: pop dx 0x9f515: pop cx 0x9f516: pop bx 0x9f517: pop ax 0x9f518: cmp ax, 0x4b00 0x9f51b: jne 0x9f520 0x9f51d: jmp 0x9f6bb 0x9f520: cmp ah, 0x11 0x9f523: je 0x9f54d 0x9f525: cmp ah, 0x12 0x9f528: je 0x9f54d 0x9f52a: cmp ah, 0x4e
2018-12-17T22:23:29.795126197Z	62	PC: 9f6cf \| Close file
2018-12-17T22:23:29.796837506Z	62	PC: 111b6 \| Close file
2018-12-17T22:23:29.799500896Z	42	PC: 9f4f9 \| Get date 0x9f4f9: cmp dh, 8 0x9f4fc: jne 0x9f514 0x9f4fe: cmp dl, 0x1f 0x9f501: jne 0x9f514 0x9f503: cmp byte ptr cs:[0x19], 0 0x9f509: jne 0x9f514 0x9f50b: call 0xaf1a0 0x9f50e: mov byte ptr cs:[0x19], 0xff 0x9f514: pop dx 0x9f515: pop cx 0x9f516: pop bx 0x9f517: pop ax 0x9f518: cmp ax, 0x4b00 0x9f51b: jne 0x9f520 0x9f51d: jmp 0x9f6bb 0x9f520: cmp ah, 0x11 0x9f523: je 0x9f54d 0x9f525: cmp ah, 0x12 0x9f528: je 0x9f54d 0x9f52a: cmp ah, 0x4e
2018-12-17T22:23:29.801954451Z	62	PC: 9f6cf \| Close file
2018-12-17T22:23:29.803449684Z	62	PC: 111b6 \| Close file
2018-12-17T22:23:29.804683592Z	42	PC: 9f4f9 \| Get date 0x9f4f9: cmp dh, 8 0x9f4fc: jne 0x9f514 0x9f4fe: cmp dl, 0x1f 0x9f501: jne 0x9f514 0x9f503: cmp byte ptr cs:[0x19], 0 0x9f509: jne 0x9f514 0x9f50b: call 0xaf1a0 0x9f50e: mov byte ptr cs:[0x19], 0xff 0x9f514: pop dx 0x9f515: pop cx 0x9f516: pop bx 0x9f517: pop ax 0x9f518: cmp ax, 0x4b00 0x9f51b: jne 0x9f520 0x9f51d: jmp 0x9f6bb 0x9f520: cmp ah, 0x11 0x9f523: je 0x9f54d 0x9f525: cmp ah, 0x12 0x9f528: je 0x9f54d 0x9f52a: cmp ah, 0x4e
2018-12-17T22:23:29.807228403Z	62	PC: 9f6cf \| Close file
2018-12-17T22:23:29.808816975Z	62	PC: 111b6 \| Close file
2018-12-17T22:23:29.809899007Z	42	PC: 9f4f9 \| Get date 0x9f4f9: cmp dh, 8 0x9f4fc: jne 0x9f514 0x9f4fe: cmp dl, 0x1f 0x9f501: jne 0x9f514 0x9f503: cmp byte ptr cs:[0x19], 0 0x9f509: jne 0x9f514 0x9f50b: call 0xaf1a0 0x9f50e: mov byte ptr cs:[0x19], 0xff 0x9f514: pop dx 0x9f515: pop cx 0x9f516: pop bx 0x9f517: pop ax 0x9f518: cmp ax, 0x4b00 0x9f51b: jne 0x9f520 0x9f51d: jmp 0x9f6bb 0x9f520: cmp ah, 0x11 0x9f523: je 0x9f54d 0x9f525: cmp ah, 0x12 0x9f528: je 0x9f54d 0x9f52a: cmp ah, 0x4e
2018-12-17T22:23:29.812559484Z	62	PC: 9f6cf \| Close file
2018-12-17T22:23:29.814180777Z	62	PC: 111b6 \| Close file
2018-12-17T22:23:29.815052684Z	42	PC: 9f4f9 \| Get date 0x9f4f9: cmp dh, 8 0x9f4fc: jne 0x9f514 0x9f4fe: cmp dl, 0x1f 0x9f501: jne 0x9f514 0x9f503: cmp byte ptr cs:[0x19], 0 0x9f509: jne 0x9f514 0x9f50b: call 0xaf1a0 0x9f50e: mov byte ptr cs:[0x19], 0xff 0x9f514: pop dx 0x9f515: pop cx 0x9f516: pop bx 0x9f517: pop ax 0x9f518: cmp ax, 0x4b00 0x9f51b: jne 0x9f520 0x9f51d: jmp 0x9f6bb 0x9f520: cmp ah, 0x11 0x9f523: je 0x9f54d 0x9f525: cmp ah, 0x12 0x9f528: je 0x9f54d 0x9f52a: cmp ah, 0x4e
2018-12-17T22:23:29.817522803Z	62	PC: 9f6cf \| Close file
2018-12-17T22:23:29.81934447Z	62	PC: 111b6 \| Close file
2018-12-17T22:23:29.820555056Z	42	PC: 9f4f9 \| Get date 0x9f4f9: cmp dh, 8 0x9f4fc: jne 0x9f514 0x9f4fe: cmp dl, 0x1f 0x9f501: jne 0x9f514 0x9f503: cmp byte ptr cs:[0x19], 0 0x9f509: jne 0x9f514 0x9f50b: call 0xaf1a0 0x9f50e: mov byte ptr cs:[0x19], 0xff 0x9f514: pop dx 0x9f515: pop cx 0x9f516: pop bx 0x9f517: pop ax 0x9f518: cmp ax, 0x4b00 0x9f51b: jne 0x9f520 0x9f51d: jmp 0x9f6bb 0x9f520: cmp ah, 0x11 0x9f523: je 0x9f54d 0x9f525: cmp ah, 0x12 0x9f528: je 0x9f54d 0x9f52a: cmp ah, 0x4e
2018-12-17T22:23:29.823484542Z	62	PC: 9f6cf \| Close file
2018-12-17T22:23:29.824948743Z	62	PC: 111b6 \| Close file
2018-12-17T22:23:29.825840938Z	42	PC: 9f4f9 \| Get date 0x9f4f9: cmp dh, 8 0x9f4fc: jne 0x9f514 0x9f4fe: cmp dl, 0x1f 0x9f501: jne 0x9f514 0x9f503: cmp byte ptr cs:[0x19], 0 0x9f509: jne 0x9f514 0x9f50b: call 0xaf1a0 0x9f50e: mov byte ptr cs:[0x19], 0xff 0x9f514: pop dx 0x9f515: pop cx 0x9f516: pop bx 0x9f517: pop ax 0x9f518: cmp ax, 0x4b00 0x9f51b: jne 0x9f520 0x9f51d: jmp 0x9f6bb 0x9f520: cmp ah, 0x11 0x9f523: je 0x9f54d 0x9f525: cmp ah, 0x12 0x9f528: je 0x9f54d 0x9f52a: cmp ah, 0x4e
2018-12-17T22:23:29.829507708Z	62	PC: 9f6cf \| Close file
2018-12-17T22:23:29.830962804Z	62	PC: 111b6 \| Close file
2018-12-17T22:23:29.831782344Z	42	PC: 9f4f9 \| Get date 0x9f4f9: cmp dh, 8 0x9f4fc: jne 0x9f514 0x9f4fe: cmp dl, 0x1f 0x9f501: jne 0x9f514 0x9f503: cmp byte ptr cs:[0x19], 0 0x9f509: jne 0x9f514 0x9f50b: call 0xaf1a0 0x9f50e: mov byte ptr cs:[0x19], 0xff 0x9f514: pop dx 0x9f515: pop cx 0x9f516: pop bx 0x9f517: pop ax 0x9f518: cmp ax, 0x4b00 0x9f51b: jne 0x9f520 0x9f51d: jmp 0x9f6bb 0x9f520: cmp ah, 0x11 0x9f523: je 0x9f54d 0x9f525: cmp ah, 0x12 0x9f528: je 0x9f54d 0x9f52a: cmp ah, 0x4e
2018-12-17T22:23:29.834642916Z	62	PC: 9f6cf \| Close file
2018-12-17T22:23:29.836425755Z	62	PC: 111b6 \| Close file
2018-12-17T22:23:29.837413938Z	42	PC: 9f4f9 \| Get date 0x9f4f9: cmp dh, 8 0x9f4fc: jne 0x9f514 0x9f4fe: cmp dl, 0x1f 0x9f501: jne 0x9f514 0x9f503: cmp byte ptr cs:[0x19], 0 0x9f509: jne 0x9f514 0x9f50b: call 0xaf1a0 0x9f50e: mov byte ptr cs:[0x19], 0xff 0x9f514: pop dx 0x9f515: pop cx 0x9f516: pop bx 0x9f517: pop ax 0x9f518: cmp ax, 0x4b00 0x9f51b: jne 0x9f520 0x9f51d: jmp 0x9f6bb 0x9f520: cmp ah, 0x11 0x9f523: je 0x9f54d 0x9f525: cmp ah, 0x12 0x9f528: je 0x9f54d 0x9f52a: cmp ah, 0x4e
2018-12-17T22:23:29.840627154Z	62	PC: 9f6cf \| Close file
2018-12-17T22:23:29.842142332Z	62	PC: 111b6 \| Close file
2018-12-17T22:23:29.842960709Z	42	PC: 9f4f9 \| Get date 0x9f4f9: cmp dh, 8 0x9f4fc: jne 0x9f514 0x9f4fe: cmp dl, 0x1f 0x9f501: jne 0x9f514 0x9f503: cmp byte ptr cs:[0x19], 0 0x9f509: jne 0x9f514 0x9f50b: call 0xaf1a0 0x9f50e: mov byte ptr cs:[0x19], 0xff 0x9f514: pop dx 0x9f515: pop cx 0x9f516: pop bx 0x9f517: pop ax 0x9f518: cmp ax, 0x4b00 0x9f51b: jne 0x9f520 0x9f51d: jmp 0x9f6bb 0x9f520: cmp ah, 0x11 0x9f523: je 0x9f54d 0x9f525: cmp ah, 0x12 0x9f528: je 0x9f54d 0x9f52a: cmp ah, 0x4e
2018-12-17T22:23:29.845572888Z	62	PC: 9f6cf \| Close file
2018-12-17T22:23:29.848084372Z	61	PC: 11b40 \| Open file (Filename = 'C:\COMMAND.COM')
2018-12-17T22:23:29.848967714Z	42	PC: 9f4f9 \| Get date 0x9f4f9: cmp dh, 8 0x9f4fc: jne 0x9f514 0x9f4fe: cmp dl, 0x1f 0x9f501: jne 0x9f514 0x9f503: cmp byte ptr cs:[0x19], 0 0x9f509: jne 0x9f514 0x9f50b: call 0xaf1a0 0x9f50e: mov byte ptr cs:[0x19], 0xff 0x9f514: pop dx 0x9f515: pop cx 0x9f516: pop bx 0x9f517: pop ax 0x9f518: cmp ax, 0x4b00 0x9f51b: jne 0x9f520 0x9f51d: jmp 0x9f6bb 0x9f520: cmp ah, 0x11 0x9f523: je 0x9f54d 0x9f525: cmp ah, 0x12 0x9f528: je 0x9f54d 0x9f52a: cmp ah, 0x4e
2018-12-17T22:23:29.852000607Z	67	PC: 9f381 \| Get or set file attributes
2018-12-17T22:23:29.857385537Z	67	PC: 9f38d \| Get or set file attributes
2018-12-17T22:23:30.310303769Z	61	PC: 9f396 \| Open file (Filename = 'C:\COMMAND.COM')
2018-12-17T22:23:30.318107005Z	87	PC: 9f314 \| Get or set file date and time
2018-12-17T22:23:30.320228052Z	44	PC: 9f3c1 \| Get time 0x9f3c1: mov di, 3 0x9f3c4: mov byte ptr es:[di], dl 0x9f3c7: mov di, 8 0x9f3ca: mov cx, 0x75e 0x9f3cd: xor byte ptr es:[di], dl 0x9f3d0: inc di 0x9f3d1: loop 0x9f3cd 0x9f3d3: mov cx, 0xc4 0x9f3d6: mov di, 0x78d 0x9f3d9: xor byte ptr es:[di], dl 0x9f3dc: inc di 0x9f3dd: loop 0x9f3d9 0x9f3df: pop cx 0x9f3e0: mov ah, 0x3f 0x9f3e2: mov dx, cx 0x9f3e4: mov cx, 0xffff 0x9f3e7: push es 0x9f3e8: pop ds 0x9f3e9: pushf 0x9f3ea: lcall ptr cs:[8]
2018-12-17T22:23:30.322430108Z	63	PC: 9f3ef \| Read file or device (Read 65535 bytes on handle 5)
2018-12-17T22:23:30.336908388Z	87	PC: 9f3f9 \| Get or set file date and time
2018-12-17T22:23:30.33874015Z	66	PC: 9f408 \| Move file pointer
2018-12-17T22:23:30.340133788Z	64	PC: 9f41d \| Write file or device (Write 56800 bytes on handle 5)
2018-12-17T22:23:30.359660809Z	87	PC: 9f42d \| Get or set file date and time
2018-12-17T22:23:30.362684156Z	62	PC: 9f435 \| Close file
2018-12-17T22:23:30.370330937Z	67	PC: 9f443 \| Get or set file attributes
2018-12-17T22:23:30.38095717Z	61	PC: 9f643 \| Open file (Filename = 'C:\COMMAND.COM')
2018-12-17T22:23:30.387408191Z	87	PC: 9f314 \| Get or set file date and time
2018-12-17T22:23:30.388906102Z	66	PC: 9f662 \| Move file pointer
2018-12-17T22:23:30.391536958Z	66	PC: 12220 \| Move file pointer
2018-12-17T22:23:30.393193332Z	42	PC: 9f4f9 \| Get date 0x9f4f9: cmp dh, 8 0x9f4fc: jne 0x9f514 0x9f4fe: cmp dl, 0x1f 0x9f501: jne 0x9f514 0x9f503: cmp byte ptr cs:[0x19], 0 0x9f509: jne 0x9f514 0x9f50b: call 0xaf1a0 0x9f50e: mov byte ptr cs:[0x19], 0xff 0x9f514: pop dx 0x9f515: pop cx 0x9f516: pop bx 0x9f517: pop ax 0x9f518: cmp ax, 0x4b00 0x9f51b: jne 0x9f520 0x9f51d: jmp 0x9f6bb 0x9f520: cmp ah, 0x11 0x9f523: je 0x9f54d 0x9f525: cmp ah, 0x12 0x9f528: je 0x9f54d 0x9f52a: cmp ah, 0x4e
2018-12-17T22:23:30.395706428Z	87	PC: 9f314 \| Get or set file date and time
2018-12-17T22:23:30.398150053Z	66	PC: 9f6cf \| Move file pointer
2018-12-17T22:23:30.400286403Z	63	PC: 1207b \| Read file or device (Read 44693 bytes on handle 5)
2018-12-17T22:23:30.401577516Z	42	PC: 9f4f9 \| Get date 0x9f4f9: cmp dh, 8 0x9f4fc: jne 0x9f514 0x9f4fe: cmp dl, 0x1f 0x9f501: jne 0x9f514 0x9f503: cmp byte ptr cs:[0x19], 0 0x9f509: jne 0x9f514 0x9f50b: call 0xaf1a0 0x9f50e: mov byte ptr cs:[0x19], 0xff 0x9f514: pop dx 0x9f515: pop cx 0x9f516: pop bx 0x9f517: pop ax 0x9f518: cmp ax, 0x4b00 0x9f51b: jne 0x9f520 0x9f51d: jmp 0x9f6bb 0x9f520: cmp ah, 0x11 0x9f523: je 0x9f54d 0x9f525: cmp ah, 0x12 0x9f528: je 0x9f54d 0x9f52a: cmp ah, 0x4e
2018-12-17T22:23:30.404357299Z	63	PC: 9f6cf \| Read file or device (Read 44693 bytes on handle 5)
2018-12-17T22:23:30.417573835Z	62	PC: 12035 \| Close file
2018-12-17T22:23:30.418854025Z	42	PC: 9f4f9 \| Get date 0x9f4f9: cmp dh, 8 0x9f4fc: jne 0x9f514 0x9f4fe: cmp dl, 0x1f 0x9f501: jne 0x9f514 0x9f503: cmp byte ptr cs:[0x19], 0 0x9f509: jne 0x9f514 0x9f50b: call 0xaf1a0 0x9f50e: mov byte ptr cs:[0x19], 0xff 0x9f514: pop dx 0x9f515: pop cx 0x9f516: pop bx 0x9f517: pop ax 0x9f518: cmp ax, 0x4b00 0x9f51b: jne 0x9f520 0x9f51d: jmp 0x9f6bb 0x9f520: cmp ah, 0x11 0x9f523: je 0x9f54d 0x9f525: cmp ah, 0x12 0x9f528: je 0x9f54d 0x9f52a: cmp ah, 0x4e
2018-12-17T22:23:30.421580763Z	62	PC: 9f6cf \| Close file
2018-12-17T22:23:30.425439856Z	99	PC: 5fa70 \| Get DBCS lead byte table pointer
2018-12-17T22:23:30.426403583Z	42	PC: 9f4f9 \| Get date 0x9f4f9: cmp dh, 8 0x9f4fc: jne 0x9f514 0x9f4fe: cmp dl, 0x1f 0x9f501: jne 0x9f514 0x9f503: cmp byte ptr cs:[0x19], 0 0x9f509: jne 0x9f514 0x9f50b: call 0xaf1a0 0x9f50e: mov byte ptr cs:[0x19], 0xff 0x9f514: pop dx 0x9f515: pop cx 0x9f516: pop bx 0x9f517: pop ax 0x9f518: cmp ax, 0x4b00 0x9f51b: jne 0x9f520 0x9f51d: jmp 0x9f6bb 0x9f520: cmp ah, 0x11 0x9f523: je 0x9f54d 0x9f525: cmp ah, 0x12 0x9f528: je 0x9f54d 0x9f52a: cmp ah, 0x4e
2018-12-17T22:23:30.428766597Z	99	PC: 9f6cf \| Get DBCS lead byte table pointer
2018-12-17T22:23:30.430368391Z	56	PC: 5190 \| Get or set country info
2018-12-17T22:23:30.431872643Z	42	PC: 9f4f9 \| Get date 0x9f4f9: cmp dh, 8 0x9f4fc: jne 0x9f514 0x9f4fe: cmp dl, 0x1f 0x9f501: jne 0x9f514 0x9f503: cmp byte ptr cs:[0x19], 0 0x9f509: jne 0x9f514 0x9f50b: call 0xaf1a0 0x9f50e: mov byte ptr cs:[0x19], 0xff 0x9f514: pop dx 0x9f515: pop cx 0x9f516: pop bx 0x9f517: pop ax 0x9f518: cmp ax, 0x4b00 0x9f51b: jne 0x9f520 0x9f51d: jmp 0x9f6bb 0x9f520: cmp ah, 0x11 0x9f523: je 0x9f54d 0x9f525: cmp ah, 0x12 0x9f528: je 0x9f54d 0x9f52a: cmp ah, 0x4e
2018-12-17T22:23:30.434724237Z	56	PC: 9f6cf \| Get or set country info
2018-12-17T22:23:30.438043324Z	64	PC: 5fe80 \| Write file or device (Write 2 bytes on handle 1)
2018-12-17T22:23:30.439405029Z	42	PC: 9f4f9 \| Get date 0x9f4f9: cmp dh, 8 0x9f4fc: jne 0x9f514 0x9f4fe: cmp dl, 0x1f 0x9f501: jne 0x9f514 0x9f503: cmp byte ptr cs:[0x19], 0 0x9f509: jne 0x9f514 0x9f50b: call 0xaf1a0 0x9f50e: mov byte ptr cs:[0x19], 0xff 0x9f514: pop dx 0x9f515: pop cx 0x9f516: pop bx 0x9f517: pop ax 0x9f518: cmp ax, 0x4b00 0x9f51b: jne 0x9f520 0x9f51d: jmp 0x9f6bb 0x9f520: cmp ah, 0x11 0x9f523: je 0x9f54d 0x9f525: cmp ah, 0x12 0x9f528: je 0x9f54d 0x9f52a: cmp ah, 0x4e
2018-12-17T22:23:30.442017799Z	64	PC: 9f6cf \| Write file or device (Write 2 bytes on handle 1)
2018-12-17T22:23:30.447417411Z	25	PC: 3920 \| Get default drive
2018-12-17T22:23:30.450993802Z	42	PC: 9f4f9 \| Get date 0x9f4f9: cmp dh, 8 0x9f4fc: jne 0x9f514 0x9f4fe: cmp dl, 0x1f 0x9f501: jne 0x9f514 0x9f503: cmp byte ptr cs:[0x19], 0 0x9f509: jne 0x9f514 0x9f50b: call 0xaf1a0 0x9f50e: mov byte ptr cs:[0x19], 0xff 0x9f514: pop dx 0x9f515: pop cx 0x9f516: pop bx 0x9f517: pop ax 0x9f518: cmp ax, 0x4b00 0x9f51b: jne 0x9f520 0x9f51d: jmp 0x9f6bb 0x9f520: cmp ah, 0x11 0x9f523: je 0x9f54d 0x9f525: cmp ah, 0x12 0x9f528: je 0x9f54d 0x9f52a: cmp ah, 0x4e
2018-12-17T22:23:30.453551059Z	25	PC: 9f6cf \| Get default drive
2018-12-17T22:23:30.456410523Z	71	PC: 28f2c \| Get current directory
2018-12-17T22:23:30.457465558Z	42	PC: 9f4f9 \| Get date 0x9f4f9: cmp dh, 8 0x9f4fc: jne 0x9f514 0x9f4fe: cmp dl, 0x1f 0x9f501: jne 0x9f514 0x9f503: cmp byte ptr cs:[0x19], 0 0x9f509: jne 0x9f514 0x9f50b: call 0xaf1a0 0x9f50e: mov byte ptr cs:[0x19], 0xff 0x9f514: pop dx 0x9f515: pop cx 0x9f516: pop bx 0x9f517: pop ax 0x9f518: cmp ax, 0x4b00 0x9f51b: jne 0x9f520 0x9f51d: jmp 0x9f6bb 0x9f520: cmp ah, 0x11 0x9f523: je 0x9f54d 0x9f525: cmp ah, 0x12 0x9f528: je 0x9f54d 0x9f52a: cmp ah, 0x4e
2018-12-17T22:23:30.459532779Z	71	PC: 9f6cf \| Get current directory
2018-12-17T22:23:30.464026952Z	64	PC: 5fe80 \| Write file or device (Write 3 bytes on handle 1)
2018-12-17T22:23:30.464972574Z	42	PC: 9f4f9 \| Get date 0x9f4f9: cmp dh, 8 0x9f4fc: jne 0x9f514 0x9f4fe: cmp dl, 0x1f 0x9f501: jne 0x9f514 0x9f503: cmp byte ptr cs:[0x19], 0 0x9f509: jne 0x9f514 0x9f50b: call 0xaf1a0 0x9f50e: mov byte ptr cs:[0x19], 0xff 0x9f514: pop dx 0x9f515: pop cx 0x9f516: pop bx 0x9f517: pop ax 0x9f518: cmp ax, 0x4b00 0x9f51b: jne 0x9f520 0x9f51d: jmp 0x9f6bb 0x9f520: cmp ah, 0x11 0x9f523: je 0x9f54d 0x9f525: cmp ah, 0x12 0x9f528: je 0x9f54d 0x9f52a: cmp ah, 0x4e
2018-12-17T22:23:30.467095649Z	64	PC: 9f6cf \| Write file or device (Write 3 bytes on handle 1)
2018-12-17T22:23:30.470848255Z	2	PC: 2475e \| Character output (Char = '3e')
2018-12-17T22:23:30.471880667Z	42	PC: 9f4f9 \| Get date 0x9f4f9: cmp dh, 8 0x9f4fc: jne 0x9f514 0x9f4fe: cmp dl, 0x1f 0x9f501: jne 0x9f514 0x9f503: cmp byte ptr cs:[0x19], 0 0x9f509: jne 0x9f514 0x9f50b: call 0xaf1a0 0x9f50e: mov byte ptr cs:[0x19], 0xff 0x9f514: pop dx 0x9f515: pop cx 0x9f516: pop bx 0x9f517: pop ax 0x9f518: cmp ax, 0x4b00 0x9f51b: jne 0x9f520 0x9f51d: jmp 0x9f6bb 0x9f520: cmp ah, 0x11 0x9f523: je 0x9f54d 0x9f525: cmp ah, 0x12 0x9f528: je 0x9f54d 0x9f52a: cmp ah, 0x4e
2018-12-17T22:23:30.473930994Z	2	PC: 9f6cf \| Character output (Char = '3e')
2018-12-17T22:23:30.476539044Z	93	PC: 8909 \| File sharing functions
2018-12-17T22:23:30.477894638Z	42	PC: 9f4f9 \| Get date 0x9f4f9: cmp dh, 8 0x9f4fc: jne 0x9f514 0x9f4fe: cmp dl, 0x1f 0x9f501: jne 0x9f514 0x9f503: cmp byte ptr cs:[0x19], 0 0x9f509: jne 0x9f514 0x9f50b: call 0xaf1a0 0x9f50e: mov byte ptr cs:[0x19], 0xff 0x9f514: pop dx 0x9f515: pop cx 0x9f516: pop bx 0x9f517: pop ax 0x9f518: cmp ax, 0x4b00 0x9f51b: jne 0x9f520 0x9f51d: jmp 0x9f6bb 0x9f520: cmp ah, 0x11 0x9f523: je 0x9f54d 0x9f525: cmp ah, 0x12 0x9f528: je 0x9f54d 0x9f52a: cmp ah, 0x4e
2018-12-17T22:23:30.480238725Z	93	PC: 9f6cf \| File sharing functions
2018-12-17T22:23:30.482474831Z	93	PC: 8978 \| File sharing functions
2018-12-17T22:23:30.48343537Z	42	PC: 9f4f9 \| Get date 0x9f4f9: cmp dh, 8 0x9f4fc: jne 0x9f514 0x9f4fe: cmp dl, 0x1f 0x9f501: jne 0x9f514 0x9f503: cmp byte ptr cs:[0x19], 0 0x9f509: jne 0x9f514 0x9f50b: call 0xaf1a0 0x9f50e: mov byte ptr cs:[0x19], 0xff 0x9f514: pop dx 0x9f515: pop cx 0x9f516: pop bx 0x9f517: pop ax 0x9f518: cmp ax, 0x4b00 0x9f51b: jne 0x9f520 0x9f51d: jmp 0x9f6bb 0x9f520: cmp ah, 0x11 0x9f523: je 0x9f54d 0x9f525: cmp ah, 0x12 0x9f528: je 0x9f54d 0x9f52a: cmp ah, 0x4e
2018-12-17T22:23:30.485565553Z	93	PC: 9f6cf \| File sharing functions
2018-12-17T22:23:30.48778857Z	10	PC: 37a0 \| Buffered keyboard input
2018-12-17T22:23:30.488887715Z	42	PC: 9f4f9 \| Get date 0x9f4f9: cmp dh, 8 0x9f4fc: jne 0x9f514 0x9f4fe: cmp dl, 0x1f 0x9f501: jne 0x9f514 0x9f503: cmp byte ptr cs:[0x19], 0 0x9f509: jne 0x9f514 0x9f50b: call 0xaf1a0 0x9f50e: mov byte ptr cs:[0x19], 0xff 0x9f514: pop dx 0x9f515: pop cx 0x9f516: pop bx 0x9f517: pop ax 0x9f518: cmp ax, 0x4b00 0x9f51b: jne 0x9f520 0x9f51d: jmp 0x9f6bb 0x9f520: cmp ah, 0x11 0x9f523: je 0x9f54d 0x9f525: cmp ah, 0x12 0x9f528: je 0x9f54d 0x9f52a: cmp ah, 0x4e
2018-12-17T22:23:30.490984297Z	10	PC: 9f6cf \| Buffered keyboard input

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4120,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:51:01.74466781Z	37	PC: 131df \| Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T11:51:01.746547349Z	255	PC: 131e5 \| UNKNOWN!
2018-12-25T11:51:01.747145784Z	82	PC: 131fb \| Get DOS internal pointers (SYSVARS)
2018-12-25T11:51:01.748038014Z	53	PC: 13208 \| Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T11:51:01.750088907Z	53	PC: 13217 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:51:01.751221031Z	37	PC: 1322b \| Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T11:51:01.75277933Z	48	PC: 1323f \| Get DOS version
2018-12-25T11:51:01.75522494Z	37	PC: 13259 \| Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T11:51:01.77657595Z	9	PC: 28a44 \| Display string (String= 'Generic triage goat. ')
2018-12-25T11:51:01.778251715Z	42	PC: 9f4f9 \| Get date 0x9f4f9: cmp dh, 8 0x9f4fc: jne 0x9f514 0x9f4fe: cmp dl, 0x1f 0x9f501: jne 0x9f514 0x9f503: cmp byte ptr cs:[0x19], 0 0x9f509: jne 0x9f514 0x9f50b: call 0xaf1a0 0x9f50e: mov byte ptr cs:[0x19], 0xff 0x9f514: pop dx 0x9f515: pop cx 0x9f516: pop bx 0x9f517: pop ax 0x9f518: cmp ax, 0x4b00 0x9f51b: jne 0x9f520 0x9f51d: jmp 0x9f6bb 0x9f520: cmp ah, 0x11 0x9f523: je 0x9f54d 0x9f525: cmp ah, 0x12 0x9f528: je 0x9f54d 0x9f52a: cmp ah, 0x4e
2018-12-25T11:51:01.781614921Z	9	PC: 9f6cf \| Display string (String= 'Generic triage goat. ')
2018-12-25T11:51:01.785837561Z	76	PC: 2cd00 \| Terminate with return code (Return code = '0')
2018-12-25T11:51:01.78724093Z	76	PC: 9f4ed \| Terminate with return code (Return code = '0')
2018-12-25T11:51:01.791745242Z	77	PC: f401 \| Get program return code
2018-12-25T11:51:01.792725505Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:01.794803944Z	77	PC: 9f6cf \| Get program return code (See above)
2018-12-25T11:51:01.796284226Z	72	PC: 10840 \| Allocate memory
2018-12-25T11:51:01.797322245Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:01.800050855Z	72	PC: 9f6ad \| Allocate memory
2018-12-25T11:51:01.801983407Z	72	PC: 109ea \| Allocate memory
2018-12-25T11:51:01.803450323Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:01.805387385Z	72	PC: 9f6ad \| Allocate memory (See above)
2018-12-25T11:51:01.807505555Z	37	PC: 10a62 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T11:51:01.809170384Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:01.811254768Z	37	PC: 9f6cf \| Set interrupt vector (See above)
2018-12-25T11:51:01.812620684Z	37	PC: 10ad3 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T11:51:01.815455148Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:01.817529892Z	37	PC: 9f6cf \| Set interrupt vector (See above)
2018-12-25T11:51:01.818813414Z	37	PC: 10b44 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:51:01.820842434Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:01.822967855Z	37	PC: 9f6cf \| Set interrupt vector (See above)
2018-12-25T11:51:01.824380593Z	62	PC: 111d4 \| Close file
2018-12-25T11:51:01.826456409Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:01.829086708Z	62	PC: 9f6cf \| Close file (See above)
2018-12-25T11:51:01.830812843Z	62	PC: 111b6 \| Close file
2018-12-25T11:51:01.83258066Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:01.834907695Z	62	PC: 9f6cf \| Close file (See above)
2018-12-25T11:51:01.836569867Z	62	PC: 111b6 \| Close file (See above)
2018-12-25T11:51:01.838735853Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:01.840947343Z	62	PC: 9f6cf \| Close file (See above)
2018-12-25T11:51:01.842603818Z	62	PC: 111b6 \| Close file (See above)
2018-12-25T11:51:01.844102408Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:01.852661594Z	62	PC: 9f6cf \| Close file (See above)
2018-12-25T11:51:01.854303425Z	62	PC: 111b6 \| Close file (See above)
2018-12-25T11:51:01.856271728Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:01.858222886Z	62	PC: 9f6cf \| Close file (See above)
2018-12-25T11:51:01.859723768Z	62	PC: 111b6 \| Close file (See above)
2018-12-25T11:51:01.860845518Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:01.863466019Z	62	PC: 9f6cf \| Close file (See above)
2018-12-25T11:51:01.864847738Z	62	PC: 111b6 \| Close file (See above)
2018-12-25T11:51:01.865679929Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:01.868427852Z	62	PC: 9f6cf \| Close file (See above)
2018-12-25T11:51:01.870121458Z	62	PC: 111b6 \| Close file (See above)
2018-12-25T11:51:01.871225701Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:01.874163923Z	62	PC: 9f6cf \| Close file (See above)
2018-12-25T11:51:01.875857608Z	62	PC: 111b6 \| Close file (See above)
2018-12-25T11:51:01.876940551Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:01.880020862Z	62	PC: 9f6cf \| Close file (See above)
2018-12-25T11:51:01.881694299Z	62	PC: 111b6 \| Close file (See above)
2018-12-25T11:51:01.882784489Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:01.885855427Z	62	PC: 9f6cf \| Close file (See above)
2018-12-25T11:51:01.887523281Z	62	PC: 111b6 \| Close file (See above)
2018-12-25T11:51:01.888600697Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:01.892270148Z	62	PC: 9f6cf \| Close file (See above)
2018-12-25T11:51:01.894001217Z	62	PC: 111b6 \| Close file (See above)
2018-12-25T11:51:01.895094643Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:01.898169309Z	62	PC: 9f6cf \| Close file (See above)
2018-12-25T11:51:01.899864903Z	62	PC: 111b6 \| Close file (See above)
2018-12-25T11:51:01.900948713Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:01.903572603Z	62	PC: 9f6cf \| Close file (See above)
2018-12-25T11:51:01.905049751Z	62	PC: 111b6 \| Close file (See above)
2018-12-25T11:51:01.90588406Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:01.908561314Z	62	PC: 9f6cf \| Close file (See above)
2018-12-25T11:51:01.910027398Z	62	PC: 111b6 \| Close file (See above)
2018-12-25T11:51:01.91103284Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:01.914076061Z	62	PC: 9f6cf \| Close file (See above)
2018-12-25T11:51:01.916595383Z	61	PC: 11b40 \| Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T11:51:01.91766784Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:01.920605922Z	67	PC: 9f381 \| Get or set file attributes
2018-12-25T11:51:01.925432463Z	67	PC: 9f38d \| Get or set file attributes
2018-12-25T11:51:02.243552481Z	61	PC: 9f396 \| Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T11:51:02.250330671Z	87	PC: 9f314 \| Get or set file date and time
2018-12-25T11:51:02.25258058Z	44	PC: 9f3c1 \| Get time 0x9f3c1: mov di, 3 0x9f3c4: mov byte ptr es:[di], dl 0x9f3c7: mov di, 8 0x9f3ca: mov cx, 0x75e 0x9f3cd: xor byte ptr es:[di], dl 0x9f3d0: inc di 0x9f3d1: loop 0x9f3cd 0x9f3d3: mov cx, 0xc4 0x9f3d6: mov di, 0x78d 0x9f3d9: xor byte ptr es:[di], dl 0x9f3dc: inc di 0x9f3dd: loop 0x9f3d9 0x9f3df: pop cx 0x9f3e0: mov ah, 0x3f 0x9f3e2: mov dx, cx 0x9f3e4: mov cx, 0xffff 0x9f3e7: push es 0x9f3e8: pop ds 0x9f3e9: pushf 0x9f3ea: lcall ptr cs:[8]
2018-12-25T11:51:02.255061421Z	63	PC: 9f3ef \| Read file or device (Read 65535 bytes on handle 5)
2018-12-25T11:51:02.270624173Z	87	PC: 9f3f9 \| Get or set file date and time
2018-12-25T11:51:02.272636468Z	66	PC: 9f408 \| Move file pointer
2018-12-25T11:51:02.274732497Z	64	PC: 9f41d \| Write file or device (Write 56800 bytes on handle 5)
2018-12-25T11:51:02.291027915Z	87	PC: 9f42d \| Get or set file date and time
2018-12-25T11:51:02.293632571Z	62	PC: 9f435 \| Close file
2018-12-25T11:51:02.300284562Z	67	PC: 9f443 \| Get or set file attributes
2018-12-25T11:51:02.59017263Z	61	PC: 9f643 \| Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T11:51:02.59766525Z	87	PC: 9f314 \| Get or set file date and time (See above)
2018-12-25T11:51:02.599608004Z	66	PC: 9f662 \| Move file pointer
2018-12-25T11:51:02.601886306Z	66	PC: 12220 \| Move file pointer
2018-12-25T11:51:02.604242624Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:02.6068215Z	87	PC: 9f314 \| Get or set file date and time (See above)
2018-12-25T11:51:02.608467785Z	66	PC: 9f6cf \| Move file pointer (See above)
2018-12-25T11:51:02.610923621Z	63	PC: 1207b \| Read file or device (Read 44693 bytes on handle 5)
2018-12-25T11:51:02.612253207Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:02.614709658Z	63	PC: 9f6cf \| Read file or device (See above)
2018-12-25T11:51:02.628483845Z	62	PC: 12035 \| Close file
2018-12-25T11:51:02.629782266Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:02.632322101Z	62	PC: 9f6cf \| Close file (See above)
2018-12-25T11:51:02.636953147Z	99	PC: 5fa70 \| Get DBCS lead byte table pointer
2018-12-25T11:51:02.638307579Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:02.640778287Z	99	PC: 9f6cf \| Get DBCS lead byte table pointer (See above)
2018-12-25T11:51:02.643271195Z	56	PC: 5190 \| Get or set country info
2018-12-25T11:51:02.644995069Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:02.647469476Z	56	PC: 9f6cf \| Get or set country info (See above)
2018-12-25T11:51:02.650476796Z	64	PC: 5fe80 \| Write file or device (Write 2 bytes on handle 1)
2018-12-25T11:51:02.652282986Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:02.65482438Z	64	PC: 9f6cf \| Write file or device (See above)
2018-12-25T11:51:02.660950824Z	25	PC: 3920 \| Get default drive
2018-12-25T11:51:02.662279559Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:02.664764524Z	25	PC: 9f6cf \| Get default drive (See above)
2018-12-25T11:51:02.667459247Z	71	PC: 28f2c \| Get current directory
2018-12-25T11:51:02.669075197Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:02.674387823Z	71	PC: 9f6cf \| Get current directory (See above)
2018-12-25T11:51:02.678987863Z	64	PC: 5fe80 \| Write file or device (See above)
2018-12-25T11:51:02.680476167Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:02.682653742Z	64	PC: 9f6cf \| Write file or device (See above)
2018-12-25T11:51:02.686152141Z	2	PC: 2475e \| Character output (Char = '3e')
2018-12-25T11:51:02.68823033Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:02.690791308Z	2	PC: 9f6cf \| Character output (See above)
2018-12-25T11:51:02.693444339Z	93	PC: 8909 \| File sharing functions
2018-12-25T11:51:02.695303416Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:02.697889681Z	93	PC: 9f6cf \| File sharing functions (See above)
2018-12-25T11:51:02.70005326Z	93	PC: 8978 \| File sharing functions
2018-12-25T11:51:02.702019979Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:02.704550047Z	93	PC: 9f6cf \| File sharing functions (See above)
2018-12-25T11:51:02.706872655Z	10	PC: 37a0 \| Buffered keyboard input
2018-12-25T11:51:02.710072937Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:02.712335094Z	10	PC: 9f6cf \| Buffered keyboard input (See above)

{"DateBased":true,"Day":1,"Month":8,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4120,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:51:02.108903701Z	37	PC: 131df \| Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T11:51:02.110703683Z	255	PC: 131e5 \| UNKNOWN!
2018-12-25T11:51:02.111912986Z	82	PC: 131fb \| Get DOS internal pointers (SYSVARS)
2018-12-25T11:51:02.113578825Z	53	PC: 13208 \| Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T11:51:02.115167219Z	53	PC: 13217 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:51:02.117231003Z	37	PC: 1322b \| Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T11:51:02.119479628Z	48	PC: 1323f \| Get DOS version
2018-12-25T11:51:02.122226058Z	37	PC: 13259 \| Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T11:51:02.151389135Z	9	PC: 28a44 \| Display string (String= 'Generic triage goat. ')
2018-12-25T11:51:02.152551734Z	42	PC: 9f4f9 \| Get date 0x9f4f9: cmp dh, 8 0x9f4fc: jne 0x9f514 0x9f4fe: cmp dl, 0x1f 0x9f501: jne 0x9f514 0x9f503: cmp byte ptr cs:[0x19], 0 0x9f509: jne 0x9f514 0x9f50b: call 0xaf1a0 0x9f50e: mov byte ptr cs:[0x19], 0xff 0x9f514: pop dx 0x9f515: pop cx 0x9f516: pop bx 0x9f517: pop ax 0x9f518: cmp ax, 0x4b00 0x9f51b: jne 0x9f520 0x9f51d: jmp 0x9f6bb 0x9f520: cmp ah, 0x11 0x9f523: je 0x9f54d 0x9f525: cmp ah, 0x12 0x9f528: je 0x9f54d 0x9f52a: cmp ah, 0x4e
2018-12-25T11:51:02.154937655Z	9	PC: 9f6cf \| Display string (String= 'Generic triage goat. ')
2018-12-25T11:51:02.159856309Z	76	PC: 2cd00 \| Terminate with return code (Return code = '0')
2018-12-25T11:51:02.160914413Z	76	PC: 9f4ed \| Terminate with return code (Return code = '0')
2018-12-25T11:51:02.165105916Z	77	PC: f401 \| Get program return code
2018-12-25T11:51:02.167551292Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:02.170127231Z	77	PC: 9f6cf \| Get program return code (See above)
2018-12-25T11:51:02.171693385Z	72	PC: 10840 \| Allocate memory
2018-12-25T11:51:02.173549575Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:02.176184562Z	72	PC: 9f6ad \| Allocate memory
2018-12-25T11:51:02.179114957Z	72	PC: 109ea \| Allocate memory
2018-12-25T11:51:02.18159775Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:02.19717119Z	72	PC: 9f6ad \| Allocate memory (See above)
2018-12-25T11:51:02.202335626Z	37	PC: 10a62 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T11:51:02.204710594Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:02.207443013Z	37	PC: 9f6cf \| Set interrupt vector (See above)
2018-12-25T11:51:02.208928675Z	37	PC: 10ad3 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T11:51:02.21008598Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:02.213559167Z	37	PC: 9f6cf \| Set interrupt vector (See above)
2018-12-25T11:51:02.215394409Z	37	PC: 10b44 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:51:02.216923525Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:02.22081637Z	37	PC: 9f6cf \| Set interrupt vector (See above)
2018-12-25T11:51:02.222576015Z	62	PC: 111d4 \| Close file
2018-12-25T11:51:02.223998543Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:02.227691995Z	62	PC: 9f6cf \| Close file (See above)
2018-12-25T11:51:02.229496515Z	62	PC: 111b6 \| Close file
2018-12-25T11:51:02.230627395Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:02.2333612Z	62	PC: 9f6cf \| Close file (See above)
2018-12-25T11:51:02.235574048Z	62	PC: 111b6 \| Close file (See above)
2018-12-25T11:51:02.237064921Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:02.24012654Z	62	PC: 9f6cf \| Close file (See above)
2018-12-25T11:51:02.242303524Z	62	PC: 111b6 \| Close file (See above)
2018-12-25T11:51:02.243700548Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:02.24642956Z	62	PC: 9f6cf \| Close file (See above)
2018-12-25T11:51:02.248808576Z	62	PC: 111b6 \| Close file (See above)
2018-12-25T11:51:02.250027922Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:02.252485303Z	62	PC: 9f6cf \| Close file (See above)
2018-12-25T11:51:02.254815832Z	62	PC: 111b6 \| Close file (See above)
2018-12-25T11:51:02.255814351Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:02.258189484Z	62	PC: 9f6cf \| Close file (See above)
2018-12-25T11:51:02.260562063Z	62	PC: 111b6 \| Close file (See above)
2018-12-25T11:51:02.262299114Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:02.264871234Z	62	PC: 9f6cf \| Close file (See above)
2018-12-25T11:51:02.267503091Z	62	PC: 111b6 \| Close file (See above)
2018-12-25T11:51:02.268623395Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:02.271064729Z	62	PC: 9f6cf \| Close file (See above)
2018-12-25T11:51:02.273483713Z	62	PC: 111b6 \| Close file (See above)
2018-12-25T11:51:02.274796432Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:02.278128634Z	62	PC: 9f6cf \| Close file (See above)
2018-12-25T11:51:02.281502777Z	62	PC: 111b6 \| Close file (See above)
2018-12-25T11:51:02.282693564Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:02.285207869Z	62	PC: 9f6cf \| Close file (See above)
2018-12-25T11:51:02.287970481Z	62	PC: 111b6 \| Close file (See above)
2018-12-25T11:51:02.288930902Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:02.291281838Z	62	PC: 9f6cf \| Close file (See above)
2018-12-25T11:51:02.293674883Z	62	PC: 111b6 \| Close file (See above)
2018-12-25T11:51:02.295393539Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:02.298318862Z	62	PC: 9f6cf \| Close file (See above)
2018-12-25T11:51:02.300593786Z	62	PC: 111b6 \| Close file (See above)
2018-12-25T11:51:02.303863758Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:02.306777975Z	62	PC: 9f6cf \| Close file (See above)
2018-12-25T11:51:02.309063402Z	62	PC: 111b6 \| Close file (See above)
2018-12-25T11:51:02.311821135Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:02.314621986Z	62	PC: 9f6cf \| Close file (See above)
2018-12-25T11:51:02.316907192Z	62	PC: 111b6 \| Close file (See above)
2018-12-25T11:51:02.319588019Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:02.322674469Z	62	PC: 9f6cf \| Close file (See above)
2018-12-25T11:51:02.328656533Z	61	PC: 11b40 \| Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T11:51:02.330758573Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:02.334129622Z	67	PC: 9f381 \| Get or set file attributes
2018-12-25T11:51:02.340238128Z	67	PC: 9f38d \| Get or set file attributes
2018-12-25T11:51:02.696874546Z	61	PC: 9f396 \| Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T11:51:02.704481446Z	87	PC: 9f314 \| Get or set file date and time
2018-12-25T11:51:02.707318076Z	44	PC: 9f3c1 \| Get time 0x9f3c1: mov di, 3 0x9f3c4: mov byte ptr es:[di], dl 0x9f3c7: mov di, 8 0x9f3ca: mov cx, 0x75e 0x9f3cd: xor byte ptr es:[di], dl 0x9f3d0: inc di 0x9f3d1: loop 0x9f3cd 0x9f3d3: mov cx, 0xc4 0x9f3d6: mov di, 0x78d 0x9f3d9: xor byte ptr es:[di], dl 0x9f3dc: inc di 0x9f3dd: loop 0x9f3d9 0x9f3df: pop cx 0x9f3e0: mov ah, 0x3f 0x9f3e2: mov dx, cx 0x9f3e4: mov cx, 0xffff 0x9f3e7: push es 0x9f3e8: pop ds 0x9f3e9: pushf 0x9f3ea: lcall ptr cs:[8]
2018-12-25T11:51:02.710294029Z	63	PC: 9f3ef \| Read file or device (Read 65535 bytes on handle 5)
2018-12-25T11:51:02.734009398Z	87	PC: 9f3f9 \| Get or set file date and time
2018-12-25T11:51:02.736030657Z	66	PC: 9f408 \| Move file pointer
2018-12-25T11:51:02.73811317Z	64	PC: 9f41d \| Write file or device (Write 56800 bytes on handle 5)
2018-12-25T11:51:02.758703806Z	87	PC: 9f42d \| Get or set file date and time
2018-12-25T11:51:02.76064361Z	62	PC: 9f435 \| Close file
2018-12-25T11:51:02.769431338Z	67	PC: 9f443 \| Get or set file attributes
2018-12-25T11:51:02.780618075Z	61	PC: 9f643 \| Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T11:51:02.787971045Z	87	PC: 9f314 \| Get or set file date and time (See above)
2018-12-25T11:51:02.790063034Z	66	PC: 9f662 \| Move file pointer
2018-12-25T11:51:02.793280877Z	66	PC: 12220 \| Move file pointer
2018-12-25T11:51:02.795282835Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:02.79820136Z	87	PC: 9f314 \| Get or set file date and time (See above)
2018-12-25T11:51:02.801037961Z	66	PC: 9f6cf \| Move file pointer (See above)
2018-12-25T11:51:02.803541013Z	63	PC: 1207b \| Read file or device (Read 44693 bytes on handle 5)
2018-12-25T11:51:02.805084821Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:02.808028763Z	63	PC: 9f6cf \| Read file or device (See above)
2018-12-25T11:51:02.823796579Z	62	PC: 12035 \| Close file
2018-12-25T11:51:02.825359174Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:02.828301731Z	62	PC: 9f6cf \| Close file (See above)
2018-12-25T11:51:02.833298603Z	99	PC: 5fa70 \| Get DBCS lead byte table pointer
2018-12-25T11:51:02.835849113Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:02.838746154Z	99	PC: 9f6cf \| Get DBCS lead byte table pointer (See above)
2018-12-25T11:51:02.841469253Z	56	PC: 5190 \| Get or set country info
2018-12-25T11:51:02.842738311Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:02.845296685Z	56	PC: 9f6cf \| Get or set country info (See above)
2018-12-25T11:51:02.848325551Z	64	PC: 5fe80 \| Write file or device (Write 2 bytes on handle 1)
2018-12-25T11:51:02.849637059Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:02.852057717Z	64	PC: 9f6cf \| Write file or device (See above)
2018-12-25T11:51:02.857516137Z	25	PC: 3920 \| Get default drive
2018-12-25T11:51:02.859122338Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:02.86186987Z	25	PC: 9f6cf \| Get default drive (See above)
2018-12-25T11:51:02.864247168Z	71	PC: 28f2c \| Get current directory
2018-12-25T11:51:02.866942136Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:02.869835261Z	71	PC: 9f6cf \| Get current directory (See above)
2018-12-25T11:51:02.874787099Z	64	PC: 5fe80 \| Write file or device (See above)
2018-12-25T11:51:02.87696686Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:02.87965923Z	64	PC: 9f6cf \| Write file or device (See above)
2018-12-25T11:51:02.882546994Z	2	PC: 2475e \| Character output (Char = '3e')
2018-12-25T11:51:02.884116551Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:02.887840126Z	2	PC: 9f6cf \| Character output (See above)
2018-12-25T11:51:02.890349572Z	93	PC: 8909 \| File sharing functions
2018-12-25T11:51:02.89236782Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:02.894728449Z	93	PC: 9f6cf \| File sharing functions (See above)
2018-12-25T11:51:02.896645973Z	93	PC: 8978 \| File sharing functions
2018-12-25T11:51:02.898390124Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:02.901054295Z	93	PC: 9f6cf \| File sharing functions (See above)
2018-12-25T11:51:02.903456251Z	10	PC: 37a0 \| Buffered keyboard input
2018-12-25T11:51:02.905342888Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:02.907805767Z	10	PC: 9f6cf \| Buffered keyboard input (See above)

{"DateBased":true,"Day":31,"Month":8,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4120,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:51:02.098547893Z	37	PC: 131df \| Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T11:51:02.099905899Z	255	PC: 131e5 \| UNKNOWN!
2018-12-25T11:51:02.100779339Z	82	PC: 131fb \| Get DOS internal pointers (SYSVARS)
2018-12-25T11:51:02.101957895Z	53	PC: 13208 \| Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T11:51:02.103698122Z	53	PC: 13217 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:51:02.104670259Z	37	PC: 1322b \| Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T11:51:02.106186953Z	48	PC: 1323f \| Get DOS version
2018-12-25T11:51:02.108402232Z	37	PC: 13259 \| Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T11:51:02.135853099Z	9	PC: 28a44 \| Display string (String= 'Generic triage goat. ')
2018-12-25T11:51:02.136785761Z	42	PC: 9f4f9 \| Get date 0x9f4f9: cmp dh, 8 0x9f4fc: jne 0x9f514 0x9f4fe: cmp dl, 0x1f 0x9f501: jne 0x9f514 0x9f503: cmp byte ptr cs:[0x19], 0 0x9f509: jne 0x9f514 0x9f50b: call 0xaf1a0 0x9f50e: mov byte ptr cs:[0x19], 0xff 0x9f514: pop dx 0x9f515: pop cx 0x9f516: pop bx 0x9f517: pop ax 0x9f518: cmp ax, 0x4b00 0x9f51b: jne 0x9f520 0x9f51d: jmp 0x9f6bb 0x9f520: cmp ah, 0x11 0x9f523: je 0x9f54d 0x9f525: cmp ah, 0x12 0x9f528: je 0x9f54d 0x9f52a: cmp ah, 0x4e
2018-12-25T11:51:02.141835822Z	9	PC: 9f1d7 \| Display string (Could not find end pointer)
2018-12-25T11:51:02.143873317Z	9	PC: 9f6cf \| Display string (String= 'Generic triage goat. ')
2018-12-25T11:51:02.14852686Z	76	PC: 2cd00 \| Terminate with return code (Return code = '0')
2018-12-25T11:51:02.149921143Z	76	PC: 9f4ed \| Terminate with return code (Return code = '0')
2018-12-25T11:51:02.153711519Z	77	PC: f401 \| Get program return code
2018-12-25T11:51:02.154857058Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:02.157419624Z	77	PC: 9f6cf \| Get program return code (See above)
2018-12-25T11:51:02.158844016Z	72	PC: 10840 \| Allocate memory
2018-12-25T11:51:02.159613713Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:02.161627789Z	72	PC: 9f6ad \| Allocate memory
2018-12-25T11:51:02.163064988Z	72	PC: 109ea \| Allocate memory
2018-12-25T11:51:02.16371925Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:02.165337238Z	72	PC: 9f6ad \| Allocate memory (See above)
2018-12-25T11:51:02.167187768Z	37	PC: 10a62 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T11:51:02.168069372Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:02.169773167Z	37	PC: 9f6cf \| Set interrupt vector (See above)
2018-12-25T11:51:02.17132867Z	37	PC: 10ad3 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T11:51:02.17206844Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:02.173533299Z	37	PC: 9f6cf \| Set interrupt vector (See above)
2018-12-25T11:51:02.174858176Z	37	PC: 10b44 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:51:02.175637025Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:02.177587988Z	37	PC: 9f6cf \| Set interrupt vector (See above)
2018-12-25T11:51:02.179007075Z	62	PC: 111d4 \| Close file
2018-12-25T11:51:02.179770213Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:02.181242972Z	62	PC: 9f6cf \| Close file (See above)
2018-12-25T11:51:02.183387764Z	62	PC: 111b6 \| Close file
2018-12-25T11:51:02.184967168Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:02.188905856Z	62	PC: 9f6cf \| Close file (See above)
2018-12-25T11:51:02.191376628Z	62	PC: 111b6 \| Close file (See above)
2018-12-25T11:51:02.193067266Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:02.195978449Z	62	PC: 9f6cf \| Close file (See above)
2018-12-25T11:51:02.198203829Z	62	PC: 111b6 \| Close file (See above)
2018-12-25T11:51:02.199405663Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:02.201986182Z	62	PC: 9f6cf \| Close file (See above)
2018-12-25T11:51:02.203541278Z	62	PC: 111b6 \| Close file (See above)
2018-12-25T11:51:02.204800719Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:02.206770494Z	62	PC: 9f6cf \| Close file (See above)
2018-12-25T11:51:02.208025279Z	62	PC: 111b6 \| Close file (See above)
2018-12-25T11:51:02.208964744Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:02.210818608Z	62	PC: 9f6cf \| Close file (See above)
2018-12-25T11:51:02.212124805Z	62	PC: 111b6 \| Close file (See above)
2018-12-25T11:51:02.213105983Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:02.215083233Z	62	PC: 9f6cf \| Close file (See above)
2018-12-25T11:51:02.216597509Z	62	PC: 111b6 \| Close file (See above)
2018-12-25T11:51:02.217995308Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:02.220199031Z	62	PC: 9f6cf \| Close file (See above)
2018-12-25T11:51:02.221752564Z	62	PC: 111b6 \| Close file (See above)
2018-12-25T11:51:02.222968067Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:02.225030066Z	62	PC: 9f6cf \| Close file (See above)
2018-12-25T11:51:02.22654492Z	62	PC: 111b6 \| Close file (See above)
2018-12-25T11:51:02.238538179Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:02.244942921Z	62	PC: 9f6cf \| Close file (See above)
2018-12-25T11:51:02.246550593Z	62	PC: 111b6 \| Close file (See above)
2018-12-25T11:51:02.251759326Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:02.253890562Z	62	PC: 9f6cf \| Close file (See above)
2018-12-25T11:51:02.255634519Z	62	PC: 111b6 \| Close file (See above)
2018-12-25T11:51:02.257643485Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:02.260447396Z	62	PC: 9f6cf \| Close file (See above)
2018-12-25T11:51:02.262003718Z	62	PC: 111b6 \| Close file (See above)
2018-12-25T11:51:02.26382386Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:02.265947596Z	62	PC: 9f6cf \| Close file (See above)
2018-12-25T11:51:02.267499189Z	62	PC: 111b6 \| Close file (See above)
2018-12-25T11:51:02.269445369Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:02.271589529Z	62	PC: 9f6cf \| Close file (See above)
2018-12-25T11:51:02.273244108Z	62	PC: 111b6 \| Close file (See above)
2018-12-25T11:51:02.274870474Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:02.277219471Z	62	PC: 9f6cf \| Close file (See above)
2018-12-25T11:51:02.280244001Z	61	PC: 11b40 \| Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T11:51:02.281853253Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:02.284365878Z	67	PC: 9f381 \| Get or set file attributes
2018-12-25T11:51:02.289734133Z	67	PC: 9f38d \| Get or set file attributes
2018-12-25T11:51:02.61637031Z	61	PC: 9f396 \| Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T11:51:02.623096616Z	87	PC: 9f314 \| Get or set file date and time
2018-12-25T11:51:02.625544Z	44	PC: 9f3c1 \| Get time 0x9f3c1: mov di, 3 0x9f3c4: mov byte ptr es:[di], dl 0x9f3c7: mov di, 8 0x9f3ca: mov cx, 0x75e 0x9f3cd: xor byte ptr es:[di], dl 0x9f3d0: inc di 0x9f3d1: loop 0x9f3cd 0x9f3d3: mov cx, 0xc4 0x9f3d6: mov di, 0x78d 0x9f3d9: xor byte ptr es:[di], dl 0x9f3dc: inc di 0x9f3dd: loop 0x9f3d9 0x9f3df: pop cx 0x9f3e0: mov ah, 0x3f 0x9f3e2: mov dx, cx 0x9f3e4: mov cx, 0xffff 0x9f3e7: push es 0x9f3e8: pop ds 0x9f3e9: pushf 0x9f3ea: lcall ptr cs:[8]
2018-12-25T11:51:02.628234732Z	63	PC: 9f3ef \| Read file or device (Read 65535 bytes on handle 5)
2018-12-25T11:51:02.653563192Z	87	PC: 9f3f9 \| Get or set file date and time
2018-12-25T11:51:02.656155727Z	66	PC: 9f408 \| Move file pointer
2018-12-25T11:51:02.658005012Z	64	PC: 9f41d \| Write file or device (Write 56800 bytes on handle 5)
2018-12-25T11:51:02.709088191Z	87	PC: 9f42d \| Get or set file date and time
2018-12-25T11:51:02.710912048Z	62	PC: 9f435 \| Close file
2018-12-25T11:51:02.717962542Z	67	PC: 9f443 \| Get or set file attributes
2018-12-25T11:51:02.727872631Z	61	PC: 9f643 \| Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T11:51:02.734217122Z	87	PC: 9f314 \| Get or set file date and time (See above)
2018-12-25T11:51:02.735910288Z	66	PC: 9f662 \| Move file pointer
2018-12-25T11:51:02.738886416Z	66	PC: 12220 \| Move file pointer
2018-12-25T11:51:02.740152827Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:02.742644175Z	87	PC: 9f314 \| Get or set file date and time (See above)
2018-12-25T11:51:02.745395262Z	66	PC: 9f6cf \| Move file pointer (See above)
2018-12-25T11:51:02.747962098Z	63	PC: 1207b \| Read file or device (Read 44693 bytes on handle 5)
2018-12-25T11:51:02.749221826Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:02.752755479Z	63	PC: 9f6cf \| Read file or device (See above)
2018-12-25T11:51:02.761611939Z	62	PC: 12035 \| Close file
2018-12-25T11:51:02.762445003Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:02.764620524Z	62	PC: 9f6cf \| Close file (See above)
2018-12-25T11:51:02.766758177Z	99	PC: 5fa70 \| Get DBCS lead byte table pointer
2018-12-25T11:51:02.767613876Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:02.769755709Z	99	PC: 9f6cf \| Get DBCS lead byte table pointer (See above)
2018-12-25T11:51:02.770811652Z	56	PC: 5190 \| Get or set country info
2018-12-25T11:51:02.771671542Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:02.774023434Z	56	PC: 9f6cf \| Get or set country info (See above)
2018-12-25T11:51:02.77554823Z	64	PC: 5fe80 \| Write file or device (Write 2 bytes on handle 1)
2018-12-25T11:51:02.776403218Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:02.778581689Z	64	PC: 9f6cf \| Write file or device (See above)
2018-12-25T11:51:02.781489249Z	25	PC: 3920 \| Get default drive
2018-12-25T11:51:02.782376388Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:02.784525884Z	25	PC: 9f6cf \| Get default drive (See above)
2018-12-25T11:51:02.78695886Z	71	PC: 28f2c \| Get current directory
2018-12-25T11:51:02.787798149Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:02.789992334Z	71	PC: 9f6cf \| Get current directory (See above)
2018-12-25T11:51:02.792716449Z	64	PC: 5fe80 \| Write file or device (See above)
2018-12-25T11:51:02.79352289Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:02.796003328Z	64	PC: 9f6cf \| Write file or device (See above)
2018-12-25T11:51:02.798433668Z	2	PC: 2475e \| Character output (Char = '3e')
2018-12-25T11:51:02.799370969Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:02.801568137Z	2	PC: 9f6cf \| Character output (See above)
2018-12-25T11:51:02.803304063Z	93	PC: 8909 \| File sharing functions
2018-12-25T11:51:02.804268516Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:02.806817554Z	93	PC: 9f6cf \| File sharing functions (See above)
2018-12-25T11:51:02.808353119Z	93	PC: 8978 \| File sharing functions
2018-12-25T11:51:02.809344154Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:02.811565438Z	93	PC: 9f6cf \| File sharing functions (See above)
2018-12-25T11:51:02.813001599Z	10	PC: 37a0 \| Buffered keyboard input
2018-12-25T11:51:02.813981525Z	42	PC: 9f4f9 \| Get date (See above)
2018-12-25T11:51:02.817422683Z	10	PC: 9f6cf \| Buffered keyboard input (See above)