Sample viewer

vx.netlux.org/Virus.DOS.Rael.3211.b

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:39:21.679795628Z 187 PC: 152f3 | UNKNOWN!
2018-12-17T22:39:21.681218761Z 53 PC: 12c68 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:39:21.682634332Z 37 PC: 12c85 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:39:21.684259471Z 74 PC: 12cd6 | Reallocate memory
2018-12-17T22:39:21.686252838Z 75 PC: 12d23 | Execute program
2018-12-17T22:39:21.703866852Z 9 PC: 13972 | Display string (String= 'Goat file (COM). Size=00002710h/0000010000d bytes. ')
2018-12-17T22:39:21.709133454Z 76 PC: 13976 | Terminate with return code (Return code = '36')
2018-12-17T22:39:21.713880312Z 73 PC: 12d3c | Release memory
2018-12-17T22:39:21.716119568Z 61 PC: 12e99 | Open file (Filename = 'c:\gmouse.com')
2018-12-17T22:39:21.72439276Z 61 PC: 12e99 | Open file (Filename = 'c:\mmouse.com')
2018-12-17T22:39:21.731255189Z 61 PC: 12e99 | Open file (Filename = 'c:\dos\format.com')
2018-12-17T22:39:21.743657339Z 63 PC: 12eb5 | Read file or device (Read 6 bytes on handle 5)
2018-12-17T22:39:21.751140378Z 62 PC: 12ebd | Close file
2018-12-17T22:39:21.755558242Z 67 PC: 12f16 | Get or set file attributes
2018-12-17T22:39:21.763350438Z 61 PC: 12f43 | Open file (Filename = 'c:\dos\format.com')
2018-12-17T22:39:21.771568525Z 87 PC: 12f5a | Get or set file date and time
2018-12-17T22:39:21.773655529Z 62 PC: 12f72 | Close file
2018-12-17T22:39:21.776504192Z 53 PC: 13015 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:39:21.778283543Z 37 PC: 13032 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:39:21.780034235Z 67 PC: 13053 | Get or set file attributes
2018-12-17T22:39:22.119244683Z 37 PC: 13071 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:39:22.121043622Z 72 PC: 1308e | Allocate memory
2018-12-17T22:39:22.123221379Z 61 PC: 130b0 | Open file (Filename = '&�')
2018-12-17T22:39:22.131684594Z 63 PC: 130d9 | Read file or device (Read 65535 bytes on handle 5)
2018-12-17T22:39:22.143494838Z 62 PC: 1311a | Close file
2018-12-17T22:39:22.145707884Z 60 PC: 131ae | Create or truncate file
2018-12-17T22:39:22.160899345Z 64 PC: 131d6 | Write file or device (Write 22976 bytes on handle 5)
2018-12-17T22:39:22.176010444Z 64 PC: 132a0 | Write file or device (Write 3211 bytes on handle 5)
2018-12-17T22:39:22.187251805Z 62 PC: 132b2 | Close file
2018-12-17T22:39:22.196769708Z 73 PC: 132c0 | Release memory
2018-12-17T22:39:22.198228881Z 61 PC: 12f94 | Open file (Filename = 'p�O�|�O�|�~�g�p�~�p�O�|�O�v�q�p�~�p�~�\�^�]�p�~�r�wh�z�,D�m“Ї�OЇ�Ї›/sΛ&���ћ/�ШX�2�kf��&=^�X����X���כ/5sћ/=[Tқ/5s�=[Tԛ/5sћ/X�ϛ/rƛ&ϛ/{�X�=^�X�oћ&�.ϛ&�X�i�ܛ&�t�&X�')
2018-12-17T22:39:22.206692804Z 87 PC: 12fb7 | Get or set file date and time
2018-12-17T22:39:22.208652318Z 62 PC: 12fc5 | Close file
2018-12-17T22:39:22.215657804Z 67 PC: 12fe6 | Get or set file attributes
2018-12-17T22:39:22.231352196Z 61 PC: 12e99 | Open file (Filename = 'c:\dos\keyb.com')
2018-12-17T22:39:22.239860733Z 63 PC: 12eb5 | Read file or device (Read 6 bytes on handle 5)
2018-12-17T22:39:22.246343688Z 62 PC: 12ebd | Close file
2018-12-17T22:39:22.248401525Z 67 PC: 12f16 | Get or set file attributes
2018-12-17T22:39:22.255252373Z 61 PC: 12f43 | Open file (Filename = 'c:\dos\keyb.com')
2018-12-17T22:39:22.26370551Z 87 PC: 12f5a | Get or set file date and time
2018-12-17T22:39:22.265194248Z 62 PC: 12f72 | Close file
2018-12-17T22:39:22.267979896Z 53 PC: 13015 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:39:22.269952754Z 37 PC: 13032 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:39:22.271383644Z 67 PC: 13053 | Get or set file attributes
2018-12-17T22:39:22.283348207Z 37 PC: 13071 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:39:22.286102691Z 72 PC: 1308e | Allocate memory
2018-12-17T22:39:22.288347655Z 61 PC: 130b0 | Open file (Filename = '&� ')
2018-12-17T22:39:22.296880375Z 63 PC: 130d9 | Read file or device (Read 65535 bytes on handle 5)
2018-12-17T22:39:22.307505419Z 62 PC: 1311a | Close file
2018-12-17T22:39:22.30981279Z 60 PC: 131ae | Create or truncate file
2018-12-17T22:39:22.324804465Z 64 PC: 131d6 | Write file or device (Write 15760 bytes on handle 5)
2018-12-17T22:39:22.343784685Z 64 PC: 132a0 | Write file or device (Write 3211 bytes on handle 5)
2018-12-17T22:39:22.352865856Z 62 PC: 132b2 | Close file
2018-12-17T22:39:22.361835567Z 73 PC: 132c0 | Release memory
2018-12-17T22:39:22.363953426Z 61 PC: 12f94 | Open file (Filename = 'u�J�y�J�s�t�u�{�u�{�Y�[�X�u�{�w�r9����h–Ђ�JЂ�zЂž/vΞ/���ў/�ЭX�7�kc��&8^�X����X���מ/0sў/8[QҞ/0s�8[QԞ/0sў/X�Ϟ/wƞ&')
2018-12-17T22:39:22.372531986Z 87 PC: 12fb7 | Get or set file date and time
2018-12-17T22:39:22.374736146Z 62 PC: 12fc5 | Close file
2018-12-17T22:39:22.38183873Z 67 PC: 12fe6 | Get or set file attributes
2018-12-17T22:39:22.393984527Z 49 PC: 12d51 | Terminate and stay resident (Return code = '1' | Memory size = '233')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6753,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:00:17.313944537Z 187 PC: 152f3 | UNKNOWN!
2018-12-25T12:00:17.31525755Z 53 PC: 12c68 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:00:17.316442502Z 37 PC: 12c85 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:00:17.317662139Z 74 PC: 12cd6 | Reallocate memory
2018-12-25T12:00:17.320091534Z 75 PC: 12d23 | Execute program
2018-12-25T12:00:17.33628495Z 9 PC: 13972 | Display string (String= 'Goat file (COM). Size=00002710h/0000010000d bytes. ')
2018-12-25T12:00:17.342374419Z 76 PC: 13976 | Terminate with return code (Return code = '36')
2018-12-25T12:00:17.345826715Z 73 PC: 12d3c | Release memory
2018-12-25T12:00:17.347859145Z 61 PC: 12e99 | Open file (Filename = 'c:\gmouse.com')
2018-12-25T12:00:17.355551232Z 61 PC: 12e99 | Open file (See above)
2018-12-25T12:00:17.359805305Z 61 PC: 12e99 | Open file (See above)
2018-12-25T12:00:17.366693078Z 63 PC: 12eb5 | Read file or device (Read 6 bytes on handle 5)
2018-12-25T12:00:17.37284211Z 62 PC: 12ebd | Close file
2018-12-25T12:00:17.374784375Z 67 PC: 12f16 | Get or set file attributes
2018-12-25T12:00:17.381643366Z 61 PC: 12f43 | Open file (Filename = 'c:\dos\format.com')
2018-12-25T12:00:17.389279404Z 87 PC: 12f5a | Get or set file date and time
2018-12-25T12:00:17.390699867Z 62 PC: 12f72 | Close file
2018-12-25T12:00:17.392820619Z 53 PC: 13015 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:00:17.394028629Z 37 PC: 13032 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:00:17.39575084Z 67 PC: 13053 | Get or set file attributes
2018-12-25T12:00:17.742077669Z 37 PC: 13071 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:00:17.743382487Z 72 PC: 1308e | Allocate memory
2018-12-25T12:00:17.745101889Z 61 PC: 130b0 | Open file (Filename = '&�')
2018-12-25T12:00:17.754157333Z 63 PC: 130d9 | Read file or device (Read 65535 bytes on handle 5)
2018-12-25T12:00:17.765425883Z 62 PC: 1311a | Close file
2018-12-25T12:00:17.767388404Z 60 PC: 131ae | Create or truncate file
2018-12-25T12:00:17.780854521Z 64 PC: 131d6 | Write file or device (Write 22976 bytes on handle 5)
2018-12-25T12:00:17.794361478Z 64 PC: 132a0 | Write file or device (Write 3211 bytes on handle 5)
2018-12-25T12:00:17.805663296Z 62 PC: 132b2 | Close file
2018-12-25T12:00:17.81484676Z 73 PC: 132c0 | Release memory
2018-12-25T12:00:17.816592538Z 61 PC: 12f94 | Open file (Filename = ';%er%gs` /n;%er%jx/nnB6L4@7Enlo�ګ��.��%������/�n')
2018-12-25T12:00:17.824672456Z 87 PC: 12fb7 | Get or set file date and time
2018-12-25T12:00:17.826254386Z 62 PC: 12fc5 | Close file
2018-12-25T12:00:17.83389865Z 67 PC: 12fe6 | Get or set file attributes
2018-12-25T12:00:17.845150262Z 61 PC: 12e99 | Open file (See above)
2018-12-25T12:00:17.853147773Z 63 PC: 12eb5 | Read file or device (See above)
2018-12-25T12:00:17.860063718Z 62 PC: 12ebd | Close file (See above)
2018-12-25T12:00:17.862099912Z 67 PC: 12f16 | Get or set file attributes (See above)
2018-12-25T12:00:17.868922192Z 61 PC: 12f43 | Open file (See above)
2018-12-25T12:00:17.878274438Z 87 PC: 12f5a | Get or set file date and time (See above)
2018-12-25T12:00:17.880355746Z 62 PC: 12f72 | Close file (See above)
2018-12-25T12:00:17.882680682Z 53 PC: 13015 | Get interrupt vector (See above)
2018-12-25T12:00:17.884367641Z 37 PC: 13032 | Set interrupt vector (See above)
2018-12-25T12:00:17.885397697Z 67 PC: 13053 | Get or set file attributes (See above)
2018-12-25T12:00:17.896285702Z 37 PC: 13071 | Set interrupt vector (See above)
2018-12-25T12:00:17.897992076Z 72 PC: 1308e | Allocate memory (See above)
2018-12-25T12:00:17.899883825Z 61 PC: 130b0 | Open file (See above)
2018-12-25T12:00:17.907925648Z 63 PC: 130d9 | Read file or device (See above)
2018-12-25T12:00:17.918507124Z 62 PC: 1311a | Close file (See above)
2018-12-25T12:00:17.920866436Z 60 PC: 131ae | Create or truncate file (See above)
2018-12-25T12:00:17.935671907Z 64 PC: 131d6 | Write file or device (See above)
2018-12-25T12:00:17.954599559Z 64 PC: 132a0 | Write file or device (See above)
2018-12-25T12:00:17.963931357Z 62 PC: 132b2 | Close file (See above)
2018-12-25T12:00:17.972922012Z 73 PC: 132c0 | Release memory (See above)
2018-12-25T12:00:17.97481133Z 61 PC: 12f94 | Open file (See above)
2018-12-25T12:00:17.992927807Z 87 PC: 12fb7 | Get or set file date and time (See above)
2018-12-25T12:00:17.995068432Z 62 PC: 12fc5 | Close file (See above)
2018-12-25T12:00:18.00191008Z 67 PC: 12fe6 | Get or set file attributes (See above)
2018-12-25T12:00:18.014046761Z 49 PC: 12d51 | Terminate and stay resident (Return code = '1' | Memory size = '233')

{"DateBased":true,"Day":1,"Month":1,"Year":1993,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6753,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:00:17.428424281Z 187 PC: 152f3 | UNKNOWN!
2018-12-25T12:00:17.429682329Z 53 PC: 12c68 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:00:17.430760207Z 37 PC: 12c85 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:00:17.431862881Z 74 PC: 12cd6 | Reallocate memory
2018-12-25T12:00:17.433521998Z 75 PC: 12d23 | Execute program
2018-12-25T12:00:17.448723621Z 9 PC: 13972 | Display string (String= 'Goat file (COM). Size=00002710h/0000010000d bytes. ')
2018-12-25T12:00:17.454340854Z 76 PC: 13976 | Terminate with return code (Return code = '36')
2018-12-25T12:00:17.458577308Z 73 PC: 12d3c | Release memory
2018-12-25T12:00:17.459867678Z 61 PC: 12e99 | Open file (Filename = 'c:\gmouse.com')
2018-12-25T12:00:17.464516723Z 61 PC: 12e99 | Open file (See above)
2018-12-25T12:00:17.471179491Z 61 PC: 12e99 | Open file (See above)
2018-12-25T12:00:17.481153076Z 63 PC: 12eb5 | Read file or device (Read 6 bytes on handle 5)
2018-12-25T12:00:17.486515757Z 62 PC: 12ebd | Close file
2018-12-25T12:00:17.488714326Z 67 PC: 12f16 | Get or set file attributes
2018-12-25T12:00:17.495466206Z 61 PC: 12f43 | Open file (Filename = 'c:\dos\format.com')
2018-12-25T12:00:17.50206253Z 87 PC: 12f5a | Get or set file date and time
2018-12-25T12:00:17.508010176Z 62 PC: 12f72 | Close file
2018-12-25T12:00:17.50982085Z 53 PC: 13015 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:00:17.510994216Z 37 PC: 13032 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:00:17.514127216Z 67 PC: 13053 | Get or set file attributes
2018-12-25T12:00:18.517285454Z 37 PC: 13071 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:00:18.518971384Z 72 PC: 1308e | Allocate memory
2018-12-25T12:00:18.521213683Z 61 PC: 130b0 | Open file (Filename = '&�')
2018-12-25T12:00:18.533148861Z 63 PC: 130d9 | Read file or device (Read 65535 bytes on handle 5)
2018-12-25T12:00:18.54347429Z 62 PC: 1311a | Close file
2018-12-25T12:00:18.545709253Z 60 PC: 131ae | Create or truncate file
2018-12-25T12:00:18.71576366Z 64 PC: 131d6 | Write file or device (Write 22976 bytes on handle 5)
2018-12-25T12:00:18.949329515Z 64 PC: 132a0 | Write file or device (Write 3211 bytes on handle 5)
2018-12-25T12:00:19.230842842Z 62 PC: 132b2 | Close file
2018-12-25T12:00:19.238949491Z 73 PC: 132c0 | Release memory
2018-12-25T12:00:19.240626501Z 61 PC: 12f94 | Open file (Filename = ';%er%gs` /n;%er%jx/nnB6L4@7Enlo�ګ��.��%������/�n')
2018-12-25T12:00:19.248695789Z 87 PC: 12fb7 | Get or set file date and time
2018-12-25T12:00:19.250904582Z 62 PC: 12fc5 | Close file
2018-12-25T12:00:19.256787774Z 67 PC: 12fe6 | Get or set file attributes
2018-12-25T12:00:19.271037589Z 61 PC: 12e99 | Open file (See above)
2018-12-25T12:00:19.27997356Z 63 PC: 12eb5 | Read file or device (See above)
2018-12-25T12:00:19.285755553Z 62 PC: 12ebd | Close file (See above)
2018-12-25T12:00:19.287981679Z 67 PC: 12f16 | Get or set file attributes (See above)
2018-12-25T12:00:19.295402345Z 61 PC: 12f43 | Open file (See above)
2018-12-25T12:00:19.302592068Z 87 PC: 12f5a | Get or set file date and time (See above)
2018-12-25T12:00:19.304361319Z 62 PC: 12f72 | Close file (See above)
2018-12-25T12:00:19.307715906Z 53 PC: 13015 | Get interrupt vector (See above)
2018-12-25T12:00:19.309281376Z 37 PC: 13032 | Set interrupt vector (See above)
2018-12-25T12:00:19.310783214Z 67 PC: 13053 | Get or set file attributes (See above)
2018-12-25T12:00:19.322007743Z 37 PC: 13071 | Set interrupt vector (See above)
2018-12-25T12:00:19.323547843Z 72 PC: 1308e | Allocate memory (See above)
2018-12-25T12:00:19.325487836Z 61 PC: 130b0 | Open file (See above)
2018-12-25T12:00:19.333658262Z 63 PC: 130d9 | Read file or device (See above)
2018-12-25T12:00:19.343633935Z 62 PC: 1311a | Close file (See above)
2018-12-25T12:00:19.345723135Z 60 PC: 131ae | Create or truncate file (See above)
2018-12-25T12:00:19.358704379Z 64 PC: 131d6 | Write file or device (See above)
2018-12-25T12:00:19.720566649Z 64 PC: 132a0 | Write file or device (See above)
2018-12-25T12:00:19.863816742Z 62 PC: 132b2 | Close file (See above)
2018-12-25T12:00:19.959435028Z 73 PC: 132c0 | Release memory (See above)
2018-12-25T12:00:19.961849681Z 61 PC: 12f94 | Open file (See above)
2018-12-25T12:00:19.968766972Z 87 PC: 12fb7 | Get or set file date and time (See above)
2018-12-25T12:00:19.971288556Z 62 PC: 12fc5 | Close file (See above)
2018-12-25T12:00:19.998020681Z 67 PC: 12fe6 | Get or set file attributes (See above)
2018-12-25T12:00:20.017143778Z 49 PC: 12d51 | Terminate and stay resident (Return code = '1' | Memory size = '233')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6753,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:00:17.45350518Z 187 PC: 152f3 | UNKNOWN!
2018-12-25T12:00:17.455353504Z 53 PC: 12c68 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:00:17.456760111Z 37 PC: 12c85 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:00:17.458228819Z 74 PC: 12cd6 | Reallocate memory
2018-12-25T12:00:17.460802677Z 75 PC: 12d23 | Execute program
2018-12-25T12:00:17.475780533Z 9 PC: 13972 | Display string (String= 'Goat file (COM). Size=00002710h/0000010000d bytes. ')
2018-12-25T12:00:17.48170378Z 76 PC: 13976 | Terminate with return code (Return code = '36')
2018-12-25T12:00:17.484959586Z 73 PC: 12d3c | Release memory
2018-12-25T12:00:17.486500872Z 61 PC: 12e99 | Open file (Filename = 'c:\gmouse.com')
2018-12-25T12:00:17.492749735Z 61 PC: 12e99 | Open file (See above)
2018-12-25T12:00:17.498886261Z 61 PC: 12e99 | Open file (See above)
2018-12-25T12:00:17.508633622Z 63 PC: 12eb5 | Read file or device (Read 6 bytes on handle 5)
2018-12-25T12:00:17.514469894Z 62 PC: 12ebd | Close file
2018-12-25T12:00:17.519151161Z 67 PC: 12f16 | Get or set file attributes
2018-12-25T12:00:17.526434581Z 61 PC: 12f43 | Open file (Filename = 'c:\dos\format.com')
2018-12-25T12:00:17.532539073Z 87 PC: 12f5a | Get or set file date and time
2018-12-25T12:00:17.533991773Z 62 PC: 12f72 | Close file
2018-12-25T12:00:17.536222036Z 53 PC: 13015 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:00:17.537232933Z 37 PC: 13032 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:00:17.538057055Z 67 PC: 13053 | Get or set file attributes
2018-12-25T12:00:18.515882688Z 37 PC: 13071 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:00:18.517339607Z 72 PC: 1308e | Allocate memory
2018-12-25T12:00:18.519140699Z 61 PC: 130b0 | Open file (Filename = '&�')
2018-12-25T12:00:18.544202642Z 63 PC: 130d9 | Read file or device (Read 65535 bytes on handle 5)
2018-12-25T12:00:18.555341602Z 62 PC: 1311a | Close file
2018-12-25T12:00:18.557759481Z 60 PC: 131ae | Create or truncate file
2018-12-25T12:00:18.715601588Z 64 PC: 131d6 | Write file or device (Write 22976 bytes on handle 5)
2018-12-25T12:00:18.949058355Z 64 PC: 132a0 | Write file or device (Write 3211 bytes on handle 5)
2018-12-25T12:00:19.22947439Z 62 PC: 132b2 | Close file
2018-12-25T12:00:19.239811627Z 73 PC: 132c0 | Release memory
2018-12-25T12:00:19.241641048Z 61 PC: 12f94 | Open file (Filename = ';%er%gs` /n;%er%jx/nnB6L4@7Enlo�ګ��.��%������/�n')
2018-12-25T12:00:19.248870008Z 87 PC: 12fb7 | Get or set file date and time
2018-12-25T12:00:19.26200802Z 62 PC: 12fc5 | Close file
2018-12-25T12:00:19.271748679Z 67 PC: 12fe6 | Get or set file attributes
2018-12-25T12:00:19.282441167Z 61 PC: 12e99 | Open file (See above)
2018-12-25T12:00:19.290645369Z 63 PC: 12eb5 | Read file or device (See above)
2018-12-25T12:00:19.296447873Z 62 PC: 12ebd | Close file (See above)
2018-12-25T12:00:19.29845063Z 67 PC: 12f16 | Get or set file attributes (See above)
2018-12-25T12:00:19.305908908Z 61 PC: 12f43 | Open file (See above)
2018-12-25T12:00:19.313106222Z 87 PC: 12f5a | Get or set file date and time (See above)
2018-12-25T12:00:19.314889734Z 62 PC: 12f72 | Close file (See above)
2018-12-25T12:00:19.318196156Z 53 PC: 13015 | Get interrupt vector (See above)
2018-12-25T12:00:19.319900828Z 37 PC: 13032 | Set interrupt vector (See above)
2018-12-25T12:00:19.321432207Z 67 PC: 13053 | Get or set file attributes (See above)
2018-12-25T12:00:19.333557336Z 37 PC: 13071 | Set interrupt vector (See above)
2018-12-25T12:00:19.335580639Z 72 PC: 1308e | Allocate memory (See above)
2018-12-25T12:00:19.338146952Z 61 PC: 130b0 | Open file (See above)
2018-12-25T12:00:19.344600871Z 63 PC: 130d9 | Read file or device (See above)
2018-12-25T12:00:19.355804198Z 62 PC: 1311a | Close file (See above)
2018-12-25T12:00:19.358342391Z 60 PC: 131ae | Create or truncate file (See above)
2018-12-25T12:00:19.380158032Z 64 PC: 131d6 | Write file or device (See above)
2018-12-25T12:00:19.438433295Z 64 PC: 132a0 | Write file or device (See above)
2018-12-25T12:00:19.457193402Z 62 PC: 132b2 | Close file (See above)
2018-12-25T12:00:19.506041034Z 73 PC: 132c0 | Release memory (See above)
2018-12-25T12:00:19.507763238Z 61 PC: 12f94 | Open file (See above)
2018-12-25T12:00:19.514461324Z 87 PC: 12fb7 | Get or set file date and time (See above)
2018-12-25T12:00:19.51698706Z 62 PC: 12fc5 | Close file (See above)
2018-12-25T12:00:19.530122333Z 67 PC: 12fe6 | Get or set file attributes (See above)
2018-12-25T12:00:19.555824619Z 49 PC: 12d51 | Terminate and stay resident (Return code = '1' | Memory size = '233')

{"DateBased":true,"Day":14,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6753,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:00:17.508181939Z 187 PC: 152f3 | UNKNOWN!
2018-12-25T12:00:17.509349301Z 53 PC: 12c68 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:00:17.510401877Z 37 PC: 12c85 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:00:17.511418517Z 74 PC: 12cd6 | Reallocate memory
2018-12-25T12:00:17.514164677Z 75 PC: 12d23 | Execute program
2018-12-25T12:00:17.530159179Z 9 PC: 13972 | Display string (String= 'Goat file (COM). Size=00002710h/0000010000d bytes. ')
2018-12-25T12:00:17.535999145Z 76 PC: 13976 | Terminate with return code (Return code = '36')
2018-12-25T12:00:17.539943699Z 73 PC: 12d3c | Release memory
2018-12-25T12:00:17.54168983Z 61 PC: 12e99 | Open file (Filename = 'c:\gmouse.com')
2018-12-25T12:00:17.547631294Z 61 PC: 12e99 | Open file (See above)
2018-12-25T12:00:17.55396152Z 61 PC: 12e99 | Open file (See above)
2018-12-25T12:00:17.563852361Z 63 PC: 12eb5 | Read file or device (Read 6 bytes on handle 5)
2018-12-25T12:00:17.569095959Z 62 PC: 12ebd | Close file
2018-12-25T12:00:17.571284973Z 67 PC: 12f16 | Get or set file attributes
2018-12-25T12:00:17.577949535Z 61 PC: 12f43 | Open file (Filename = 'c:\dos\format.com')
2018-12-25T12:00:17.584519555Z 87 PC: 12f5a | Get or set file date and time
2018-12-25T12:00:17.586227506Z 62 PC: 12f72 | Close file
2018-12-25T12:00:17.589003194Z 53 PC: 13015 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:00:17.590097876Z 37 PC: 13032 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:00:17.591716569Z 67 PC: 13053 | Get or set file attributes
2018-12-25T12:00:18.515681201Z 37 PC: 13071 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:00:18.516880215Z 72 PC: 1308e | Allocate memory
2018-12-25T12:00:18.518583705Z 61 PC: 130b0 | Open file (Filename = '&�')
2018-12-25T12:00:18.528836282Z 63 PC: 130d9 | Read file or device (Read 65535 bytes on handle 5)
2018-12-25T12:00:18.545445936Z 62 PC: 1311a | Close file
2018-12-25T12:00:18.548753388Z 60 PC: 131ae | Create or truncate file
2018-12-25T12:00:18.715716051Z 64 PC: 131d6 | Write file or device (Write 22976 bytes on handle 5)
2018-12-25T12:00:18.948874698Z 64 PC: 132a0 | Write file or device (Write 3211 bytes on handle 5)
2018-12-25T12:00:19.229403291Z 62 PC: 132b2 | Close file
2018-12-25T12:00:19.238165029Z 73 PC: 132c0 | Release memory
2018-12-25T12:00:19.239592177Z 61 PC: 12f94 | Open file (Filename = ';%er%gs` /n;%er%jx/nnB6L4@7Enlo�ګ��.��%������/�n')
2018-12-25T12:00:19.246493123Z 87 PC: 12fb7 | Get or set file date and time
2018-12-25T12:00:19.248687031Z 62 PC: 12fc5 | Close file
2018-12-25T12:00:19.255035075Z 67 PC: 12fe6 | Get or set file attributes
2018-12-25T12:00:19.274858163Z 61 PC: 12e99 | Open file (See above)
2018-12-25T12:00:19.282998146Z 63 PC: 12eb5 | Read file or device (See above)
2018-12-25T12:00:19.288647756Z 62 PC: 12ebd | Close file (See above)
2018-12-25T12:00:19.290776228Z 67 PC: 12f16 | Get or set file attributes (See above)
2018-12-25T12:00:19.298040694Z 61 PC: 12f43 | Open file (See above)
2018-12-25T12:00:19.305043339Z 87 PC: 12f5a | Get or set file date and time (See above)
2018-12-25T12:00:19.30681591Z 62 PC: 12f72 | Close file (See above)
2018-12-25T12:00:19.309929385Z 53 PC: 13015 | Get interrupt vector (See above)
2018-12-25T12:00:19.311913002Z 37 PC: 13032 | Set interrupt vector (See above)
2018-12-25T12:00:19.31340399Z 67 PC: 13053 | Get or set file attributes (See above)
2018-12-25T12:00:19.324084024Z 37 PC: 13071 | Set interrupt vector (See above)
2018-12-25T12:00:19.325966528Z 72 PC: 1308e | Allocate memory (See above)
2018-12-25T12:00:19.327887578Z 61 PC: 130b0 | Open file (See above)
2018-12-25T12:00:19.336605059Z 63 PC: 130d9 | Read file or device (See above)
2018-12-25T12:00:19.345710452Z 62 PC: 1311a | Close file (See above)
2018-12-25T12:00:19.347887697Z 60 PC: 131ae | Create or truncate file (See above)
2018-12-25T12:00:19.359679312Z 64 PC: 131d6 | Write file or device (See above)
2018-12-25T12:00:19.561369098Z 64 PC: 132a0 | Write file or device (See above)
2018-12-25T12:00:19.604448685Z 62 PC: 132b2 | Close file (See above)
2018-12-25T12:00:19.649527957Z 73 PC: 132c0 | Release memory (See above)
2018-12-25T12:00:19.651916593Z 61 PC: 12f94 | Open file (See above)
2018-12-25T12:00:19.658690648Z 87 PC: 12fb7 | Get or set file date and time (See above)
2018-12-25T12:00:19.660017838Z 62 PC: 12fc5 | Close file (See above)
2018-12-25T12:00:19.674560916Z 67 PC: 12fe6 | Get or set file attributes (See above)
2018-12-25T12:00:19.688401538Z 49 PC: 12d51 | Terminate and stay resident (Return code = '1' | Memory size = '233')