{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15500,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:43:38.635727003Z | 42 | PC: 12ba1 | Get date 0x12ba1: cmp dl, 0xb 0x12ba4: jne 0x12fcb 0x12ba8: mov ah, 0x3b 0x12baa: mov dx, 0x499 0x12bad: int 0x21 0x12baf: jb 0x12bd6 0x12bb1: nop 0x12bb2: nop 0x12bb3: mov ah, 0x3c 0x12bb5: mov dx, 0x4a1 0x12bb8: xor cx, cx 0x12bba: int 0x21 0x12bbc: xchg ax, bx 0x12bbd: mov ah, 0x40 0x12bbf: mov dx, 0x120 0x12bc2: mov cx, 0x890 0x12bc5: int 0x21 0x12bc7: mov ah, 0x3e 0x12bc9: int 0x21 0x12bcb: mov ah, 0x4e |
| 2018-12-25T12:43:38.638847264Z | 42 | PC: 12fd5 | Get date 0x12fd5: cmp dl, 0xe 0x12fd8: jne 0x13007 0x12fda: nop 0x12fdb: nop 0x12fdc: mov ah, 5 0x12fde: mov al, 0xa 0x12fe0: int 0x10 0x12fe2: mov ah, 9 0x12fe4: lea dx, word ptr [bp + 0x8c6] 0x12fe8: int 0x21 0x12fea: mov bl, 0 0x12fec: push bx 0x12fed: mov al, 3 0x12fef: mov cx, 0xa 0x12ff2: mov dx, 1 0x12ff5: int 0x26 0x12ff7: pop bx 0x12ff8: mov ah, 0xb 0x12ffa: xor bh, bh 0x12ffc: int 0x10 |
| 2018-12-25T12:43:38.641707857Z | 53 | PC: 13028 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:43:38.64366557Z | 9 | PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ') |
| 2018-12-25T12:43:38.650157721Z | 76 | PC: 12a86 | Terminate with return code (Return code = '36') |
{"DateBased":true,"Day":11,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15500,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:43:38.864951811Z | 42 | PC: 12ba1 | Get date 0x12ba1: cmp dl, 0xb 0x12ba4: jne 0x12fcb 0x12ba8: mov ah, 0x3b 0x12baa: mov dx, 0x499 0x12bad: int 0x21 0x12baf: jb 0x12bd6 0x12bb1: nop 0x12bb2: nop 0x12bb3: mov ah, 0x3c 0x12bb5: mov dx, 0x4a1 0x12bb8: xor cx, cx 0x12bba: int 0x21 0x12bbc: xchg ax, bx 0x12bbd: mov ah, 0x40 0x12bbf: mov dx, 0x120 0x12bc2: mov cx, 0x890 0x12bc5: int 0x21 0x12bc7: mov ah, 0x3e 0x12bc9: int 0x21 0x12bcb: mov ah, 0x4e |
| 2018-12-25T12:43:38.867565083Z | 59 | PC: 12baf | Change current directory |
| 2018-12-25T12:43:38.872239966Z | 76 | PC: 12bda | Terminate with return code (Return code = '3') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15500,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:43:39.07545182Z | 42 | PC: 12ba1 | Get date 0x12ba1: cmp dl, 0xb 0x12ba4: jne 0x12fcb 0x12ba8: mov ah, 0x3b 0x12baa: mov dx, 0x499 0x12bad: int 0x21 0x12baf: jb 0x12bd6 0x12bb1: nop 0x12bb2: nop 0x12bb3: mov ah, 0x3c 0x12bb5: mov dx, 0x4a1 0x12bb8: xor cx, cx 0x12bba: int 0x21 0x12bbc: xchg ax, bx 0x12bbd: mov ah, 0x40 0x12bbf: mov dx, 0x120 0x12bc2: mov cx, 0x890 0x12bc5: int 0x21 0x12bc7: mov ah, 0x3e 0x12bc9: int 0x21 0x12bcb: mov ah, 0x4e |
| 2018-12-25T12:43:39.077967982Z | 42 | PC: 12fd5 | Get date 0x12fd5: cmp dl, 0xe 0x12fd8: jne 0x13007 0x12fda: nop 0x12fdb: nop 0x12fdc: mov ah, 5 0x12fde: mov al, 0xa 0x12fe0: int 0x10 0x12fe2: mov ah, 9 0x12fe4: lea dx, word ptr [bp + 0x8c6] 0x12fe8: int 0x21 0x12fea: mov bl, 0 0x12fec: push bx 0x12fed: mov al, 3 0x12fef: mov cx, 0xa 0x12ff2: mov dx, 1 0x12ff5: int 0x26 0x12ff7: pop bx 0x12ff8: mov ah, 0xb 0x12ffa: xor bh, bh 0x12ffc: int 0x10 |
| 2018-12-25T12:43:39.080090291Z | 53 | PC: 13028 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:43:39.081737489Z | 9 | PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ') |
| 2018-12-25T12:43:39.08895639Z | 76 | PC: 12a86 | Terminate with return code (Return code = '36') |
{"DateBased":true,"Day":14,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15500,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:43:39.269610461Z | 42 | PC: 12ba1 | Get date 0x12ba1: cmp dl, 0xb 0x12ba4: jne 0x12fcb 0x12ba8: mov ah, 0x3b 0x12baa: mov dx, 0x499 0x12bad: int 0x21 0x12baf: jb 0x12bd6 0x12bb1: nop 0x12bb2: nop 0x12bb3: mov ah, 0x3c 0x12bb5: mov dx, 0x4a1 0x12bb8: xor cx, cx 0x12bba: int 0x21 0x12bbc: xchg ax, bx 0x12bbd: mov ah, 0x40 0x12bbf: mov dx, 0x120 0x12bc2: mov cx, 0x890 0x12bc5: int 0x21 0x12bc7: mov ah, 0x3e 0x12bc9: int 0x21 0x12bcb: mov ah, 0x4e |
| 2018-12-25T12:43:39.272649384Z | 42 | PC: 12fd5 | Get date 0x12fd5: cmp dl, 0xe 0x12fd8: jne 0x13007 0x12fda: nop 0x12fdb: nop 0x12fdc: mov ah, 5 0x12fde: mov al, 0xa 0x12fe0: int 0x10 0x12fe2: mov ah, 9 0x12fe4: lea dx, word ptr [bp + 0x8c6] 0x12fe8: int 0x21 0x12fea: mov bl, 0 0x12fec: push bx 0x12fed: mov al, 3 0x12fef: mov cx, 0xa 0x12ff2: mov dx, 1 0x12ff5: int 0x26 0x12ff7: pop bx 0x12ff8: mov ah, 0xb 0x12ffa: xor bh, bh 0x12ffc: int 0x10 |
| 2018-12-25T12:43:39.276964402Z | 9 | PC: 12fea | Display string (String= ' Although two days ago, And I have made a New Vir Still you didn't listen And thought it was nothing. Nothing happens..Now THE WULF, under the shining sun Shall proceed and make you run. HeHeHe - said the poet. ') |
| 2018-12-25T12:43:39.639718296Z | 66 | PC: 12f7a | Move file pointer |
| 2018-12-25T12:43:39.641685635Z | 63 | PC: 12f85 | Read file or device (Read 14 bytes on handle 59905) |
| 2018-12-25T12:43:39.643546321Z | 66 | PC: 12f7a | Move file pointer (See above) |
| 2018-12-25T12:43:39.645450101Z | 63 | PC: 12f85 | Read file or device (See above) |
| 2018-12-25T12:43:39.647748878Z | 66 | PC: 12f7a | Move file pointer (See above) |
| 2018-12-25T12:43:39.64931074Z | 63 | PC: 12f85 | Read file or device (See above) |
| 2018-12-25T12:43:39.650883013Z | 66 | PC: 12f7a | Move file pointer (See above) |
| 2018-12-25T12:43:39.661840971Z | 63 | PC: 12f85 | Read file or device (See above) |
| 2018-12-25T12:43:39.663658853Z | 66 | PC: 12f7a | Move file pointer (See above) |
| 2018-12-25T12:43:39.665481337Z | 63 | PC: 12f85 | Read file or device (See above) |
| 2018-12-25T12:43:39.668395271Z | 66 | PC: 12f7a | Move file pointer (See above) |
| 2018-12-25T12:43:39.669817948Z | 63 | PC: 12f85 | Read file or device (See above) |
| 2018-12-25T12:43:39.671357363Z | 66 | PC: 12f7a | Move file pointer (See above) |
| 2018-12-25T12:43:39.673032886Z | 63 | PC: 12f85 | Read file or device (See above) |
| 2018-12-25T12:43:39.675437653Z | 66 | PC: 12f7a | Move file pointer (See above) |
| 2018-12-25T12:43:39.676839429Z | 63 | PC: 12f85 | Read file or device (See above) |
| 2018-12-25T12:43:39.678279217Z | 66 | PC: 12f7a | Move file pointer (See above) |
| 2018-12-25T12:43:39.680599395Z | 63 | PC: 12f85 | Read file or device (See above) |
| 2018-12-25T12:43:39.682336428Z | 66 | PC: 12f7a | Move file pointer (See above) |
| 2018-12-25T12:43:39.684078281Z | 63 | PC: 12f85 | Read file or device (See above) |
| 2018-12-25T12:43:39.686424778Z | 66 | PC: 12f7a | Move file pointer (See above) |
| 2018-12-25T12:43:39.687781341Z | 63 | PC: 12f85 | Read file or device (See above) |
| 2018-12-25T12:43:39.689197928Z | 66 | PC: 12f7a | Move file pointer (See above) |
| 2018-12-25T12:43:39.691518184Z | 63 | PC: 12f85 | Read file or device (See above) |
| 2018-12-25T12:43:39.692904243Z | 66 | PC: 12f7a | Move file pointer (See above) |
| 2018-12-25T12:43:39.694271659Z | 63 | PC: 12f85 | Read file or device (See above) |
| 2018-12-25T12:43:39.69649075Z | 66 | PC: 12f7a | Move file pointer (See above) |
| 2018-12-25T12:43:39.69804785Z | 63 | PC: 12f85 | Read file or device (See above) |
| 2018-12-25T12:43:39.699521862Z | 66 | PC: 12f7a | Move file pointer (See above) |
| 2018-12-25T12:43:39.701760506Z | 63 | PC: 12f85 | Read file or device (See above) |
| 2018-12-25T12:43:39.703802897Z | 66 | PC: 12f7a | Move file pointer (See above) |
| 2018-12-25T12:43:39.705314113Z | 63 | PC: 12f85 | Read file or device (See above) |
| 2018-12-25T12:43:39.707954655Z | 66 | PC: 12f7a | Move file pointer (See above) |
| 2018-12-25T12:43:39.70944197Z | 63 | PC: 12f85 | Read file or device (See above) |
| 2018-12-25T12:43:39.710951235Z | 66 | PC: 12f7a | Move file pointer (See above) |
| 2018-12-25T12:43:39.713975586Z | 63 | PC: 12f85 | Read file or device (See above) |
| 2018-12-25T12:43:39.715755316Z | 66 | PC: 12f7a | Move file pointer (See above) |
| 2018-12-25T12:43:39.717488282Z | 63 | PC: 12f85 | Read file or device (See above) |
| 2018-12-25T12:43:39.720127867Z | 66 | PC: 12fb1 | Move file pointer |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15500,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:43:39.337664991Z | 42 | PC: 12ba1 | Get date 0x12ba1: cmp dl, 0xb 0x12ba4: jne 0x12fcb 0x12ba8: mov ah, 0x3b 0x12baa: mov dx, 0x499 0x12bad: int 0x21 0x12baf: jb 0x12bd6 0x12bb1: nop 0x12bb2: nop 0x12bb3: mov ah, 0x3c 0x12bb5: mov dx, 0x4a1 0x12bb8: xor cx, cx 0x12bba: int 0x21 0x12bbc: xchg ax, bx 0x12bbd: mov ah, 0x40 0x12bbf: mov dx, 0x120 0x12bc2: mov cx, 0x890 0x12bc5: int 0x21 0x12bc7: mov ah, 0x3e 0x12bc9: int 0x21 0x12bcb: mov ah, 0x4e |
| 2018-12-25T12:43:39.340971445Z | 42 | PC: 12fd5 | Get date 0x12fd5: cmp dl, 0xe 0x12fd8: jne 0x13007 0x12fda: nop 0x12fdb: nop 0x12fdc: mov ah, 5 0x12fde: mov al, 0xa 0x12fe0: int 0x10 0x12fe2: mov ah, 9 0x12fe4: lea dx, word ptr [bp + 0x8c6] 0x12fe8: int 0x21 0x12fea: mov bl, 0 0x12fec: push bx 0x12fed: mov al, 3 0x12fef: mov cx, 0xa 0x12ff2: mov dx, 1 0x12ff5: int 0x26 0x12ff7: pop bx 0x12ff8: mov ah, 0xb 0x12ffa: xor bh, bh 0x12ffc: int 0x10 |
| 2018-12-25T12:43:39.343436704Z | 53 | PC: 13028 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:43:39.345209134Z | 9 | PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ') |
| 2018-12-25T12:43:39.351557229Z | 76 | PC: 12a86 | Terminate with return code (Return code = '36') |
{"DateBased":true,"Day":11,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15500,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:43:39.703122983Z | 42 | PC: 12ba1 | Get date 0x12ba1: cmp dl, 0xb 0x12ba4: jne 0x12fcb 0x12ba8: mov ah, 0x3b 0x12baa: mov dx, 0x499 0x12bad: int 0x21 0x12baf: jb 0x12bd6 0x12bb1: nop 0x12bb2: nop 0x12bb3: mov ah, 0x3c 0x12bb5: mov dx, 0x4a1 0x12bb8: xor cx, cx 0x12bba: int 0x21 0x12bbc: xchg ax, bx 0x12bbd: mov ah, 0x40 0x12bbf: mov dx, 0x120 0x12bc2: mov cx, 0x890 0x12bc5: int 0x21 0x12bc7: mov ah, 0x3e 0x12bc9: int 0x21 0x12bcb: mov ah, 0x4e |
| 2018-12-25T12:43:39.706198284Z | 59 | PC: 12baf | Change current directory |
| 2018-12-25T12:43:39.710914296Z | 76 | PC: 12bda | Terminate with return code (Return code = '3') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15500,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:43:39.854261921Z | 42 | PC: 12ba1 | Get date 0x12ba1: cmp dl, 0xb 0x12ba4: jne 0x12fcb 0x12ba8: mov ah, 0x3b 0x12baa: mov dx, 0x499 0x12bad: int 0x21 0x12baf: jb 0x12bd6 0x12bb1: nop 0x12bb2: nop 0x12bb3: mov ah, 0x3c 0x12bb5: mov dx, 0x4a1 0x12bb8: xor cx, cx 0x12bba: int 0x21 0x12bbc: xchg ax, bx 0x12bbd: mov ah, 0x40 0x12bbf: mov dx, 0x120 0x12bc2: mov cx, 0x890 0x12bc5: int 0x21 0x12bc7: mov ah, 0x3e 0x12bc9: int 0x21 0x12bcb: mov ah, 0x4e |
| 2018-12-25T12:43:39.857025391Z | 42 | PC: 12fd5 | Get date 0x12fd5: cmp dl, 0xe 0x12fd8: jne 0x13007 0x12fda: nop 0x12fdb: nop 0x12fdc: mov ah, 5 0x12fde: mov al, 0xa 0x12fe0: int 0x10 0x12fe2: mov ah, 9 0x12fe4: lea dx, word ptr [bp + 0x8c6] 0x12fe8: int 0x21 0x12fea: mov bl, 0 0x12fec: push bx 0x12fed: mov al, 3 0x12fef: mov cx, 0xa 0x12ff2: mov dx, 1 0x12ff5: int 0x26 0x12ff7: pop bx 0x12ff8: mov ah, 0xb 0x12ffa: xor bh, bh 0x12ffc: int 0x10 |
| 2018-12-25T12:43:39.859239215Z | 53 | PC: 13028 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:43:39.860627404Z | 9 | PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ') |
| 2018-12-25T12:43:39.866948988Z | 76 | PC: 12a86 | Terminate with return code (Return code = '36') |
{"DateBased":true,"Day":14,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15500,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:43:40.148176104Z | 42 | PC: 12ba1 | Get date 0x12ba1: cmp dl, 0xb 0x12ba4: jne 0x12fcb 0x12ba8: mov ah, 0x3b 0x12baa: mov dx, 0x499 0x12bad: int 0x21 0x12baf: jb 0x12bd6 0x12bb1: nop 0x12bb2: nop 0x12bb3: mov ah, 0x3c 0x12bb5: mov dx, 0x4a1 0x12bb8: xor cx, cx 0x12bba: int 0x21 0x12bbc: xchg ax, bx 0x12bbd: mov ah, 0x40 0x12bbf: mov dx, 0x120 0x12bc2: mov cx, 0x890 0x12bc5: int 0x21 0x12bc7: mov ah, 0x3e 0x12bc9: int 0x21 0x12bcb: mov ah, 0x4e |
| 2018-12-25T12:43:40.152150262Z | 42 | PC: 12fd5 | Get date 0x12fd5: cmp dl, 0xe 0x12fd8: jne 0x13007 0x12fda: nop 0x12fdb: nop 0x12fdc: mov ah, 5 0x12fde: mov al, 0xa 0x12fe0: int 0x10 0x12fe2: mov ah, 9 0x12fe4: lea dx, word ptr [bp + 0x8c6] 0x12fe8: int 0x21 0x12fea: mov bl, 0 0x12fec: push bx 0x12fed: mov al, 3 0x12fef: mov cx, 0xa 0x12ff2: mov dx, 1 0x12ff5: int 0x26 0x12ff7: pop bx 0x12ff8: mov ah, 0xb 0x12ffa: xor bh, bh 0x12ffc: int 0x10 |
| 2018-12-25T12:43:40.15459293Z | 9 | PC: 12fea | Display string (String= ' Although two days ago, And I have made a New Vir Still you didn't listen And thought it was nothing. Nothing happens..Now THE WULF, under the shining sun Shall proceed and make you run. HeHeHe - said the poet. ') |