Sample viewer

vx.netlux.org/Virus.DOS.Fatec.500

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:49:14.172473353Z 42 PC: 12bb6 | Get date 0x12bb6: cmp dx, 0x61b
0x12bba: jne 0x12bcd
0x12bbc: mov ax, 0x900
0x12bbf: lea dx, word ptr [bp + 0x2c4]
0x12bc3: int 0x21
0x12bc5: call 0x12cc7
0x12bc8: mov ax, 0x4c00
0x12bcb: int 0x21
0x12bcd: lea dx, word ptr [bp + 0x332]
0x12bd1: call 0x12c83
0x12bd4: inc byte ptr cs:[bp + 0x20d]
0x12bd9: mov byte ptr cs:[bp + 0x35c], 2
0x12bdf: call 0x12c90
0x12be2: mov ah, 0x4e
0x12be4: lea dx, word ptr [bp + 0x2bb]
0x12be8: xor cx, cx
0x12bea: call 0x12c8d
0x12bed: jb 0x12c65
0x12bef: mov ax, 0x3d02
0x12bf2: lea dx, word ptr [bp + 0x350]
2018-12-17T22:49:14.175123914Z 26 PC: 12c87 | Set disk transfer address
2018-12-17T22:49:14.176205588Z 71 PC: 12c9a | Get current directory
2018-12-17T22:49:14.178954363Z 78 PC: 12c8f | Find first file
2018-12-17T22:49:14.191673935Z 61 PC: 12c8f | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:49:14.198234912Z 63 PC: 12c8f | Read file or device (Read 6 bytes on handle 5)
2018-12-17T22:49:14.204719618Z 87 PC: 12c8f | Get or set file date and time
2018-12-17T22:49:14.206603488Z 66 PC: 12c8f | Move file pointer
2018-12-17T22:49:14.208625817Z 64 PC: 12c8f | Write file or device (Write 6 bytes on handle 5)
2018-12-17T22:49:14.211499629Z 66 PC: 12c8f | Move file pointer
2018-12-17T22:49:14.212970409Z 64 PC: 12c51 | Write file or device (Write 500 bytes on handle 5)
2018-12-17T22:49:14.863979633Z 87 PC: 12c8f | Get or set file date and time
2018-12-17T22:49:14.866294415Z 62 PC: 12c8f | Close file
2018-12-17T22:49:15.087390331Z 79 PC: 12c8f | Find next file
2018-12-17T22:49:15.091237832Z 61 PC: 12c8f | Open file (Filename = 'PRINT.COM')
2018-12-17T22:49:15.097823574Z 63 PC: 12c8f | Read file or device (Read 6 bytes on handle 5)
2018-12-17T22:49:15.102213143Z 87 PC: 12c8f | Get or set file date and time
2018-12-17T22:49:15.103921582Z 66 PC: 12c8f | Move file pointer
2018-12-17T22:49:15.105067958Z 64 PC: 12c8f | Write file or device (Write 6 bytes on handle 5)
2018-12-17T22:49:15.106969651Z 66 PC: 12c8f | Move file pointer
2018-12-17T22:49:15.11115547Z 64 PC: 12c51 | Write file or device (Write 500 bytes on handle 5)
2018-12-17T22:49:15.210417538Z 87 PC: 12c8f | Get or set file date and time
2018-12-17T22:49:15.212242541Z 62 PC: 12c8f | Close file
2018-12-17T22:49:15.223901375Z 79 PC: 12c8f | Find next file
2018-12-17T22:49:15.227057314Z 61 PC: 12c8f | Open file (Filename = 'HELLO.COM')
2018-12-17T22:49:15.233761428Z 63 PC: 12c8f | Read file or device (Read 6 bytes on handle 5)
2018-12-17T22:49:15.240834078Z 87 PC: 12c8f | Get or set file date and time
2018-12-17T22:49:15.242747975Z 66 PC: 12c8f | Move file pointer
2018-12-17T22:49:15.244448609Z 64 PC: 12c8f | Write file or device (Write 6 bytes on handle 5)
2018-12-17T22:49:15.248266528Z 66 PC: 12c8f | Move file pointer
2018-12-17T22:49:15.250137197Z 64 PC: 12c51 | Write file or device (Write 500 bytes on handle 5)
2018-12-17T22:49:15.258912641Z 87 PC: 12c8f | Get or set file date and time
2018-12-17T22:49:15.260973963Z 62 PC: 12c8f | Close file
2018-12-17T22:49:15.269026708Z 79 PC: 12c8f | Find next file
2018-12-17T22:49:15.27164099Z 61 PC: 12c8f | Open file (Filename = 'PHANG.COM')
2018-12-17T22:49:15.278182096Z 63 PC: 12c8f | Read file or device (Read 6 bytes on handle 5)
2018-12-17T22:49:15.28504239Z 87 PC: 12c8f | Get or set file date and time
2018-12-17T22:49:15.286770285Z 66 PC: 12c8f | Move file pointer
2018-12-17T22:49:15.288991342Z 64 PC: 12c8f | Write file or device (Write 6 bytes on handle 5)
2018-12-17T22:49:15.292413152Z 66 PC: 12c8f | Move file pointer
2018-12-17T22:49:15.295489083Z 64 PC: 12c51 | Write file or device (Write 500 bytes on handle 5)
2018-12-17T22:49:15.303857458Z 87 PC: 12c8f | Get or set file date and time
2018-12-17T22:49:15.306577182Z 62 PC: 12c8f | Close file
2018-12-17T22:49:15.314818835Z 79 PC: 12c8f | Find next file
2018-12-17T22:49:15.317786879Z 61 PC: 12c8f | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:49:15.327859661Z 63 PC: 12c8f | Read file or device (Read 6 bytes on handle 5)
2018-12-17T22:49:15.334431912Z 87 PC: 12c8f | Get or set file date and time
2018-12-17T22:49:15.335925796Z 66 PC: 12c8f | Move file pointer
2018-12-17T22:49:15.338454225Z 64 PC: 12c8f | Write file or device (Write 6 bytes on handle 5)
2018-12-17T22:49:15.341474768Z 66 PC: 12c8f | Move file pointer
2018-12-17T22:49:15.343282107Z 64 PC: 12c51 | Write file or device (Write 500 bytes on handle 5)
2018-12-17T22:49:15.353889777Z 87 PC: 12c8f | Get or set file date and time
2018-12-17T22:49:15.369811563Z 62 PC: 12c8f | Close file
2018-12-17T22:49:15.380056713Z 79 PC: 12c8f | Find next file
2018-12-17T22:49:15.384394135Z 61 PC: 12c8f | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:49:15.395040394Z 63 PC: 12c8f | Read file or device (Read 6 bytes on handle 5)
2018-12-17T22:49:15.401738871Z 87 PC: 12c8f | Get or set file date and time
2018-12-17T22:49:15.404216827Z 66 PC: 12c8f | Move file pointer
2018-12-17T22:49:15.405700847Z 64 PC: 12c8f | Write file or device (Write 6 bytes on handle 5)
2018-12-17T22:49:15.4085678Z 66 PC: 12c8f | Move file pointer
2018-12-17T22:49:15.410708231Z 64 PC: 12c51 | Write file or device (Write 500 bytes on handle 5)
2018-12-17T22:49:15.419516346Z 87 PC: 12c8f | Get or set file date and time
2018-12-17T22:49:15.421031403Z 62 PC: 12c8f | Close file
2018-12-17T22:49:15.429727552Z 79 PC: 12c8f | Find next file
2018-12-17T22:49:15.432415795Z 61 PC: 12c8f | Open file (Filename = 'PAH.COM')
2018-12-17T22:49:15.43929761Z 63 PC: 12c8f | Read file or device (Read 6 bytes on handle 5)
2018-12-17T22:49:15.447245838Z 87 PC: 12c8f | Get or set file date and time
2018-12-17T22:49:15.44915863Z 66 PC: 12c8f | Move file pointer
2018-12-17T22:49:15.450854649Z 64 PC: 12c8f | Write file or device (Write 6 bytes on handle 5)
2018-12-17T22:49:15.45425562Z 66 PC: 12c8f | Move file pointer
2018-12-17T22:49:15.455955942Z 64 PC: 12c51 | Write file or device (Write 500 bytes on handle 5)
2018-12-17T22:49:15.464191499Z 87 PC: 12c8f | Get or set file date and time
2018-12-17T22:49:15.466770534Z 62 PC: 12c8f | Close file
2018-12-17T22:49:15.47431612Z 79 PC: 12c8f | Find next file
2018-12-17T22:49:15.477307092Z 61 PC: 12c8f | Open file (Filename = 'TEST.COM')
2018-12-17T22:49:15.484320529Z 63 PC: 12c8f | Read file or device (Read 6 bytes on handle 5)
2018-12-17T22:49:15.487431251Z 62 PC: 12c8f | Close file
2018-12-17T22:49:15.489505483Z 79 PC: 12c8f | Find next file
2018-12-17T22:49:15.492444132Z 59 PC: 12c7b | Change current directory
2018-12-17T22:49:15.49715367Z 59 PC: 12ca3 | Change current directory
2018-12-17T22:49:15.516376878Z 26 PC: 12c87 | Set disk transfer address
2018-12-17T22:49:15.517774295Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-17T22:49:15.523306977Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9821,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:23:50.141294814Z 42 PC: 12bb6 | Get date 0x12bb6: cmp dx, 0x61b
0x12bba: jne 0x12bcd
0x12bbc: mov ax, 0x900
0x12bbf: lea dx, word ptr [bp + 0x2c4]
0x12bc3: int 0x21
0x12bc5: call 0x12cc7
0x12bc8: mov ax, 0x4c00
0x12bcb: int 0x21
0x12bcd: lea dx, word ptr [bp + 0x332]
0x12bd1: call 0x12c83
0x12bd4: inc byte ptr cs:[bp + 0x20d]
0x12bd9: mov byte ptr cs:[bp + 0x35c], 2
0x12bdf: call 0x12c90
0x12be2: mov ah, 0x4e
0x12be4: lea dx, word ptr [bp + 0x2bb]
0x12be8: xor cx, cx
0x12bea: call 0x12c8d
0x12bed: jb 0x12c65
0x12bef: mov ax, 0x3d02
0x12bf2: lea dx, word ptr [bp + 0x350]
2018-12-25T12:23:50.143797913Z 26 PC: 12c87 | Set disk transfer address
2018-12-25T12:23:50.156472906Z 71 PC: 12c9a | Get current directory
2018-12-25T12:23:50.159512618Z 78 PC: 12c8f | Find first file
2018-12-25T12:23:50.166583678Z 61 PC: 12c8f | Open file (See above)
2018-12-25T12:23:50.173751974Z 63 PC: 12c8f | Read file or device (See above)
2018-12-25T12:23:50.180609167Z 87 PC: 12c8f | Get or set file date and time (See above)
2018-12-25T12:23:50.182053163Z 66 PC: 12c8f | Move file pointer (See above)
2018-12-25T12:23:50.183472627Z 64 PC: 12c8f | Write file or device (See above)
2018-12-25T12:23:50.186092407Z 66 PC: 12c8f | Move file pointer (See above)
2018-12-25T12:23:50.187575503Z 64 PC: 12c51 | Write file or device (Write 500 bytes on handle 5)
2018-12-25T12:23:50.205288031Z 87 PC: 12c8f | Get or set file date and time (See above)
2018-12-25T12:23:50.206848002Z 62 PC: 12c8f | Close file (See above)
2018-12-25T12:23:50.216097256Z 79 PC: 12c8f | Find next file (See above)
2018-12-25T12:23:50.219035411Z 61 PC: 12c8f | Open file (See above)
2018-12-25T12:23:50.22367776Z 63 PC: 12c8f | Read file or device (See above)
2018-12-25T12:23:50.230424619Z 87 PC: 12c8f | Get or set file date and time (See above)
2018-12-25T12:23:50.232852285Z 66 PC: 12c8f | Move file pointer (See above)
2018-12-25T12:23:50.234354252Z 64 PC: 12c8f | Write file or device (See above)
2018-12-25T12:23:50.237083015Z 66 PC: 12c8f | Move file pointer (See above)
2018-12-25T12:23:50.239091187Z 64 PC: 12c51 | Write file or device (See above)
2018-12-25T12:23:50.247558411Z 87 PC: 12c8f | Get or set file date and time (See above)
2018-12-25T12:23:50.249044113Z 62 PC: 12c8f | Close file (See above)
2018-12-25T12:23:50.263865991Z 79 PC: 12c8f | Find next file (See above)
2018-12-25T12:23:50.266772169Z 61 PC: 12c8f | Open file (See above)
2018-12-25T12:23:50.273927807Z 63 PC: 12c8f | Read file or device (See above)
2018-12-25T12:23:50.280806825Z 87 PC: 12c8f | Get or set file date and time (See above)
2018-12-25T12:23:50.282595747Z 66 PC: 12c8f | Move file pointer (See above)
2018-12-25T12:23:50.284168237Z 64 PC: 12c8f | Write file or device (See above)
2018-12-25T12:23:50.287597213Z 66 PC: 12c8f | Move file pointer (See above)
2018-12-25T12:23:50.289819307Z 64 PC: 12c51 | Write file or device (See above)
2018-12-25T12:23:50.298919486Z 87 PC: 12c8f | Get or set file date and time (See above)
2018-12-25T12:23:50.300428081Z 62 PC: 12c8f | Close file (See above)
2018-12-25T12:23:50.308869964Z 79 PC: 12c8f | Find next file (See above)
2018-12-25T12:23:50.311697231Z 61 PC: 12c8f | Open file (See above)
2018-12-25T12:23:50.318623561Z 63 PC: 12c8f | Read file or device (See above)
2018-12-25T12:23:50.32611768Z 87 PC: 12c8f | Get or set file date and time (See above)
2018-12-25T12:23:50.327784653Z 66 PC: 12c8f | Move file pointer (See above)
2018-12-25T12:23:50.329402491Z 64 PC: 12c8f | Write file or device (See above)
2018-12-25T12:23:50.332837033Z 66 PC: 12c8f | Move file pointer (See above)
2018-12-25T12:23:50.33439653Z 64 PC: 12c51 | Write file or device (See above)
2018-12-25T12:23:50.343700329Z 87 PC: 12c8f | Get or set file date and time (See above)
2018-12-25T12:23:50.346398204Z 62 PC: 12c8f | Close file (See above)
2018-12-25T12:23:50.355216947Z 79 PC: 12c8f | Find next file (See above)
2018-12-25T12:23:50.358160817Z 61 PC: 12c8f | Open file (See above)
2018-12-25T12:23:50.366627007Z 63 PC: 12c8f | Read file or device (See above)
2018-12-25T12:23:50.373566521Z 87 PC: 12c8f | Get or set file date and time (See above)
2018-12-25T12:23:50.374886898Z 66 PC: 12c8f | Move file pointer (See above)
2018-12-25T12:23:50.381253086Z 64 PC: 12c8f | Write file or device (See above)
2018-12-25T12:23:50.384156613Z 66 PC: 12c8f | Move file pointer (See above)
2018-12-25T12:23:50.385536567Z 64 PC: 12c51 | Write file or device (See above)
2018-12-25T12:23:50.394369133Z 87 PC: 12c8f | Get or set file date and time (See above)
2018-12-25T12:23:50.396163966Z 62 PC: 12c8f | Close file (See above)
2018-12-25T12:23:50.40494427Z 79 PC: 12c8f | Find next file (See above)
2018-12-25T12:23:50.407637554Z 61 PC: 12c8f | Open file (See above)
2018-12-25T12:23:50.415201289Z 63 PC: 12c8f | Read file or device (See above)
2018-12-25T12:23:50.422233249Z 87 PC: 12c8f | Get or set file date and time (See above)
2018-12-25T12:23:50.423665001Z 66 PC: 12c8f | Move file pointer (See above)
2018-12-25T12:23:50.425629469Z 64 PC: 12c8f | Write file or device (See above)
2018-12-25T12:23:50.429308551Z 66 PC: 12c8f | Move file pointer (See above)
2018-12-25T12:23:50.430911453Z 64 PC: 12c51 | Write file or device (See above)
2018-12-25T12:23:50.440616135Z 87 PC: 12c8f | Get or set file date and time (See above)
2018-12-25T12:23:50.442296689Z 62 PC: 12c8f | Close file (See above)
2018-12-25T12:23:50.451081559Z 79 PC: 12c8f | Find next file (See above)
2018-12-25T12:23:50.454304826Z 61 PC: 12c8f | Open file (See above)
2018-12-25T12:23:50.462117777Z 63 PC: 12c8f | Read file or device (See above)
2018-12-25T12:23:50.469589072Z 87 PC: 12c8f | Get or set file date and time (See above)
2018-12-25T12:23:50.471533919Z 66 PC: 12c8f | Move file pointer (See above)
2018-12-25T12:23:50.47290273Z 64 PC: 12c8f | Write file or device (See above)
2018-12-25T12:23:50.475190656Z 66 PC: 12c8f | Move file pointer (See above)
2018-12-25T12:23:50.476670664Z 64 PC: 12c51 | Write file or device (See above)
2018-12-25T12:23:50.484276349Z 87 PC: 12c8f | Get or set file date and time (See above)
2018-12-25T12:23:50.485778161Z 62 PC: 12c8f | Close file (See above)
2018-12-25T12:23:50.49498889Z 79 PC: 12c8f | Find next file (See above)
2018-12-25T12:23:50.497729758Z 61 PC: 12c8f | Open file (See above)
2018-12-25T12:23:50.503602461Z 63 PC: 12c8f | Read file or device (See above)
2018-12-25T12:23:50.505981234Z 62 PC: 12c8f | Close file (See above)
2018-12-25T12:23:50.508530898Z 79 PC: 12c8f | Find next file (See above)
2018-12-25T12:23:50.511295951Z 59 PC: 12c7b | Change current directory
2018-12-25T12:23:50.515074963Z 59 PC: 12ca3 | Change current directory
2018-12-25T12:23:50.519196117Z 26 PC: 12c87 | Set disk transfer address (See above)
2018-12-25T12:23:50.520377372Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:23:50.525365731Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":27,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9821,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:23:50.685312915Z 42 PC: 12bb6 | Get date 0x12bb6: cmp dx, 0x61b
0x12bba: jne 0x12bcd
0x12bbc: mov ax, 0x900
0x12bbf: lea dx, word ptr [bp + 0x2c4]
0x12bc3: int 0x21
0x12bc5: call 0x12cc7
0x12bc8: mov ax, 0x4c00
0x12bcb: int 0x21
0x12bcd: lea dx, word ptr [bp + 0x332]
0x12bd1: call 0x12c83
0x12bd4: inc byte ptr cs:[bp + 0x20d]
0x12bd9: mov byte ptr cs:[bp + 0x35c], 2
0x12bdf: call 0x12c90
0x12be2: mov ah, 0x4e
0x12be4: lea dx, word ptr [bp + 0x2bb]
0x12be8: xor cx, cx
0x12bea: call 0x12c8d
0x12bed: jb 0x12c65
0x12bef: mov ax, 0x3d02
0x12bf2: lea dx, word ptr [bp + 0x350]
2018-12-25T12:23:50.688573107Z 9 PC: 12bc5 | Display string (String= 'FATEC-SP Brasil 1996')
2018-12-25T12:23:50.691242381Z 76 PC: 12bcd | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9821,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:23:50.733259049Z 42 PC: 12bb6 | Get date 0x12bb6: cmp dx, 0x61b
0x12bba: jne 0x12bcd
0x12bbc: mov ax, 0x900
0x12bbf: lea dx, word ptr [bp + 0x2c4]
0x12bc3: int 0x21
0x12bc5: call 0x12cc7
0x12bc8: mov ax, 0x4c00
0x12bcb: int 0x21
0x12bcd: lea dx, word ptr [bp + 0x332]
0x12bd1: call 0x12c83
0x12bd4: inc byte ptr cs:[bp + 0x20d]
0x12bd9: mov byte ptr cs:[bp + 0x35c], 2
0x12bdf: call 0x12c90
0x12be2: mov ah, 0x4e
0x12be4: lea dx, word ptr [bp + 0x2bb]
0x12be8: xor cx, cx
0x12bea: call 0x12c8d
0x12bed: jb 0x12c65
0x12bef: mov ax, 0x3d02
0x12bf2: lea dx, word ptr [bp + 0x350]
2018-12-25T12:23:50.735805495Z 26 PC: 12c87 | Set disk transfer address
2018-12-25T12:23:50.737632354Z 71 PC: 12c9a | Get current directory
2018-12-25T12:23:50.741167772Z 78 PC: 12c8f | Find first file
2018-12-25T12:23:50.748161772Z 61 PC: 12c8f | Open file (See above)
2018-12-25T12:23:50.75647338Z 63 PC: 12c8f | Read file or device (See above)
2018-12-25T12:23:50.763484917Z 87 PC: 12c8f | Get or set file date and time (See above)
2018-12-25T12:23:50.765323554Z 66 PC: 12c8f | Move file pointer (See above)
2018-12-25T12:23:50.76911496Z 64 PC: 12c8f | Write file or device (See above)
2018-12-25T12:23:50.772192948Z 66 PC: 12c8f | Move file pointer (See above)
2018-12-25T12:23:50.774117838Z 64 PC: 12c51 | Write file or device (Write 500 bytes on handle 5)
2018-12-25T12:23:50.791122573Z 87 PC: 12c8f | Get or set file date and time (See above)
2018-12-25T12:23:50.792792746Z 62 PC: 12c8f | Close file (See above)
2018-12-25T12:23:50.801243023Z 79 PC: 12c8f | Find next file (See above)
2018-12-25T12:23:50.822330221Z 61 PC: 12c8f | Open file (See above)
2018-12-25T12:23:50.829646637Z 63 PC: 12c8f | Read file or device (See above)
2018-12-25T12:23:50.836788279Z 87 PC: 12c8f | Get or set file date and time (See above)
2018-12-25T12:23:50.839001977Z 66 PC: 12c8f | Move file pointer (See above)
2018-12-25T12:23:50.840847596Z 64 PC: 12c8f | Write file or device (See above)
2018-12-25T12:23:50.843753942Z 66 PC: 12c8f | Move file pointer (See above)
2018-12-25T12:23:50.846521939Z 64 PC: 12c51 | Write file or device (See above)
2018-12-25T12:23:50.85637821Z 87 PC: 12c8f | Get or set file date and time (See above)
2018-12-25T12:23:50.858719431Z 62 PC: 12c8f | Close file (See above)
2018-12-25T12:23:50.86770633Z 79 PC: 12c8f | Find next file (See above)
2018-12-25T12:23:50.87089553Z 61 PC: 12c8f | Open file (See above)
2018-12-25T12:23:50.878241347Z 63 PC: 12c8f | Read file or device (See above)
2018-12-25T12:23:50.885321085Z 87 PC: 12c8f | Get or set file date and time (See above)
2018-12-25T12:23:50.888160279Z 66 PC: 12c8f | Move file pointer (See above)
2018-12-25T12:23:50.890502005Z 64 PC: 12c8f | Write file or device (See above)
2018-12-25T12:23:50.893434949Z 66 PC: 12c8f | Move file pointer (See above)
2018-12-25T12:23:50.895819335Z 64 PC: 12c51 | Write file or device (See above)
2018-12-25T12:23:50.905632106Z 87 PC: 12c8f | Get or set file date and time (See above)
2018-12-25T12:23:50.907859502Z 62 PC: 12c8f | Close file (See above)
2018-12-25T12:23:50.918060736Z 79 PC: 12c8f | Find next file (See above)
2018-12-25T12:23:50.921755325Z 61 PC: 12c8f | Open file (See above)
2018-12-25T12:23:50.929517441Z 63 PC: 12c8f | Read file or device (See above)
2018-12-25T12:23:50.937984542Z 87 PC: 12c8f | Get or set file date and time (See above)
2018-12-25T12:23:50.939690213Z 66 PC: 12c8f | Move file pointer (See above)
2018-12-25T12:23:50.941332969Z 64 PC: 12c8f | Write file or device (See above)
2018-12-25T12:23:50.944649712Z 66 PC: 12c8f | Move file pointer (See above)
2018-12-25T12:23:50.946864151Z 64 PC: 12c51 | Write file or device (See above)
2018-12-25T12:23:50.95596564Z 87 PC: 12c8f | Get or set file date and time (See above)
2018-12-25T12:23:50.957731678Z 62 PC: 12c8f | Close file (See above)
2018-12-25T12:23:50.967763053Z 79 PC: 12c8f | Find next file (See above)
2018-12-25T12:23:50.970746307Z 61 PC: 12c8f | Open file (See above)
2018-12-25T12:23:50.978093116Z 63 PC: 12c8f | Read file or device (See above)
2018-12-25T12:23:50.987715737Z 87 PC: 12c8f | Get or set file date and time (See above)
2018-12-25T12:23:51.00158082Z 66 PC: 12c8f | Move file pointer (See above)
2018-12-25T12:23:51.003173806Z 64 PC: 12c8f | Write file or device (See above)
2018-12-25T12:23:51.007224508Z 66 PC: 12c8f | Move file pointer (See above)
2018-12-25T12:23:51.009182086Z 64 PC: 12c51 | Write file or device (See above)
2018-12-25T12:23:51.01819216Z 87 PC: 12c8f | Get or set file date and time (See above)
2018-12-25T12:23:51.020489803Z 62 PC: 12c8f | Close file (See above)
2018-12-25T12:23:51.030993077Z 79 PC: 12c8f | Find next file (See above)
2018-12-25T12:23:51.03485259Z 61 PC: 12c8f | Open file (See above)
2018-12-25T12:23:51.043011033Z 63 PC: 12c8f | Read file or device (See above)
2018-12-25T12:23:51.055052247Z 87 PC: 12c8f | Get or set file date and time (See above)
2018-12-25T12:23:51.057350248Z 66 PC: 12c8f | Move file pointer (See above)
2018-12-25T12:23:51.059550145Z 64 PC: 12c8f | Write file or device (See above)
2018-12-25T12:23:51.063974569Z 66 PC: 12c8f | Move file pointer (See above)
2018-12-25T12:23:51.066554594Z 64 PC: 12c51 | Write file or device (See above)
2018-12-25T12:23:51.076025094Z 87 PC: 12c8f | Get or set file date and time (See above)
2018-12-25T12:23:51.079232399Z 62 PC: 12c8f | Close file (See above)
2018-12-25T12:23:51.088428471Z 79 PC: 12c8f | Find next file (See above)
2018-12-25T12:23:51.091735589Z 61 PC: 12c8f | Open file (See above)
2018-12-25T12:23:51.101071464Z 63 PC: 12c8f | Read file or device (See above)
2018-12-25T12:23:51.108615907Z 87 PC: 12c8f | Get or set file date and time (See above)
2018-12-25T12:23:51.110667565Z 66 PC: 12c8f | Move file pointer (See above)
2018-12-25T12:23:51.11245341Z 64 PC: 12c8f | Write file or device (See above)
2018-12-25T12:23:51.115909892Z 66 PC: 12c8f | Move file pointer (See above)
2018-12-25T12:23:51.117577908Z 64 PC: 12c51 | Write file or device (See above)
2018-12-25T12:23:51.127033362Z 87 PC: 12c8f | Get or set file date and time (See above)
2018-12-25T12:23:51.129943151Z 62 PC: 12c8f | Close file (See above)
2018-12-25T12:23:51.466665158Z 79 PC: 12c8f | Find next file (See above)
2018-12-25T12:23:51.472369153Z 61 PC: 12c8f | Open file (See above)
2018-12-25T12:23:51.480743053Z 63 PC: 12c8f | Read file or device (See above)
2018-12-25T12:23:51.48395098Z 62 PC: 12c8f | Close file (See above)
2018-12-25T12:23:51.486877182Z 79 PC: 12c8f | Find next file (See above)
2018-12-25T12:23:51.491084371Z 59 PC: 12c7b | Change current directory
2018-12-25T12:23:51.496180239Z 59 PC: 12ca3 | Change current directory
2018-12-25T12:23:51.50170703Z 26 PC: 12c87 | Set disk transfer address (See above)
2018-12-25T12:23:51.504295776Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:23:51.511713027Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":27,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9821,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:23:51.130205824Z 42 PC: 12bb6 | Get date 0x12bb6: cmp dx, 0x61b
0x12bba: jne 0x12bcd
0x12bbc: mov ax, 0x900
0x12bbf: lea dx, word ptr [bp + 0x2c4]
0x12bc3: int 0x21
0x12bc5: call 0x12cc7
0x12bc8: mov ax, 0x4c00
0x12bcb: int 0x21
0x12bcd: lea dx, word ptr [bp + 0x332]
0x12bd1: call 0x12c83
0x12bd4: inc byte ptr cs:[bp + 0x20d]
0x12bd9: mov byte ptr cs:[bp + 0x35c], 2
0x12bdf: call 0x12c90
0x12be2: mov ah, 0x4e
0x12be4: lea dx, word ptr [bp + 0x2bb]
0x12be8: xor cx, cx
0x12bea: call 0x12c8d
0x12bed: jb 0x12c65
0x12bef: mov ax, 0x3d02
0x12bf2: lea dx, word ptr [bp + 0x350]
2018-12-25T12:23:51.13320154Z 9 PC: 12bc5 | Display string (String= 'FATEC-SP Brasil 1996')
2018-12-25T12:23:51.136535308Z 76 PC: 12bcd | Terminate with return code (Return code = '0')