Sample viewer

vx.netlux.org/Virus.DOS.Jerusalem.Hack.2064.b

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:12:04.002293742Z	251	PC: 13088 \| UNKNOWN!
2018-12-17T23:12:04.004112841Z	251	PC: 12b1f \| UNKNOWN!
2018-12-17T23:12:04.006000113Z	74	PC: 12b6e \| Reallocate memory
2018-12-17T23:12:04.008009378Z	53	PC: 130a9 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:12:04.010157063Z	37	PC: 130be \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:12:04.013086689Z	42	PC: 12bc1 \| Get date 0x12bc1: cmp cx, 0x7c8 0x12bc5: jne 0x12bd4 0x12bc7: cmp dh, 7 0x12bca: jne 0x12bd4 0x12bcc: cmp dl, 0x14 0x12bcf: jae 0x12bd4 0x12bd1: jmp 0x12be6 0x12bd3: nop 0x12bd4: cmp dl, 4 0x12bd7: jne 0x12bde 0x12bd9: inc byte ptr cs:[0xe] 0x12bde: cmp al, 1 0x12be0: je 0x12c26 0x12be2: cmp al, 5 0x12be4: je 0x12c26 0x12be6: pop dx 0x12be7: pop cx 0x12be8: pop bx 0x12be9: pop ax 0x12bea: pop es
2018-12-17T23:12:04.015795467Z	53	PC: 12c2c \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T23:12:04.017337018Z	37	PC: 12c41 \| Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T23:12:04.02050887Z	75	PC: 12bf2 \| Execute program
2018-12-17T23:12:04.036754875Z	9	PC: 133c2 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-17T23:12:04.041573866Z	76	PC: 133c6 \| Terminate with return code (Return code = '36')
2018-12-17T23:12:04.045596936Z	73	PC: 12bf8 \| Release memory
2018-12-17T23:12:04.047201365Z	77	PC: 12bfc \| Get program return code
2018-12-17T23:12:04.049139579Z	49	PC: 12c26 \| Terminate and stay resident (Return code = '2' \| Memory size = '146')

{"DateBased":true,"Day":1,"Month":1,"Year":1992,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17393,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:55:42.016917801Z	251	PC: 13088 \| UNKNOWN!
2018-12-25T12:55:42.018914354Z	251	PC: 12b1f \| UNKNOWN!
2018-12-25T12:55:42.020306663Z	74	PC: 12b6e \| Reallocate memory
2018-12-25T12:55:42.02187095Z	53	PC: 130a9 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:55:42.024047284Z	37	PC: 130be \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:55:42.02588412Z	42	PC: 12bc1 \| Get date 0x12bc1: cmp cx, 0x7c8 0x12bc5: jne 0x12bd4 0x12bc7: cmp dh, 7 0x12bca: jne 0x12bd4 0x12bcc: cmp dl, 0x14 0x12bcf: jae 0x12bd4 0x12bd1: jmp 0x12be6 0x12bd3: nop 0x12bd4: cmp dl, 4 0x12bd7: jne 0x12bde 0x12bd9: inc byte ptr cs:[0xe] 0x12bde: cmp al, 1 0x12be0: je 0x12c26 0x12be2: cmp al, 5 0x12be4: je 0x12c26 0x12be6: pop dx 0x12be7: pop cx 0x12be8: pop bx 0x12be9: pop ax 0x12bea: pop es
2018-12-25T12:55:42.028334256Z	75	PC: 12bf2 \| Execute program
2018-12-25T12:55:42.045163411Z	9	PC: 133c2 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:55:42.052928315Z	76	PC: 133c6 \| Terminate with return code (Return code = '36')
2018-12-25T12:55:42.056587196Z	73	PC: 12bf8 \| Release memory
2018-12-25T12:55:42.05848084Z	77	PC: 12bfc \| Get program return code
2018-12-25T12:55:42.06152831Z	49	PC: 12c26 \| Terminate and stay resident (Return code = '2' \| Memory size = '146')

{"DateBased":true,"Day":4,"Month":1,"Year":1992,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17393,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:55:42.180484265Z	251	PC: 13088 \| UNKNOWN!
2018-12-25T12:55:42.181543254Z	251	PC: 12b1f \| UNKNOWN!
2018-12-25T12:55:42.182562438Z	74	PC: 12b6e \| Reallocate memory
2018-12-25T12:55:42.183742564Z	53	PC: 130a9 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:55:42.188035104Z	37	PC: 130be \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:55:42.203628055Z	42	PC: 12bc1 \| Get date 0x12bc1: cmp cx, 0x7c8 0x12bc5: jne 0x12bd4 0x12bc7: cmp dh, 7 0x12bca: jne 0x12bd4 0x12bcc: cmp dl, 0x14 0x12bcf: jae 0x12bd4 0x12bd1: jmp 0x12be6 0x12bd3: nop 0x12bd4: cmp dl, 4 0x12bd7: jne 0x12bde 0x12bd9: inc byte ptr cs:[0xe] 0x12bde: cmp al, 1 0x12be0: je 0x12c26 0x12be2: cmp al, 5 0x12be4: je 0x12c26 0x12be6: pop dx 0x12be7: pop cx 0x12be8: pop bx 0x12be9: pop ax 0x12bea: pop es
2018-12-25T12:55:42.206567508Z	75	PC: 12bf2 \| Execute program
2018-12-25T12:55:42.221465721Z	9	PC: 133c2 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:55:42.225133229Z	76	PC: 133c6 \| Terminate with return code (Return code = '36')
2018-12-25T12:55:42.22708387Z	73	PC: 12bf8 \| Release memory
2018-12-25T12:55:42.228497336Z	77	PC: 12bfc \| Get program return code
2018-12-25T12:55:42.229715874Z	49	PC: 12c26 \| Terminate and stay resident (Return code = '2' \| Memory size = '146')

{"DateBased":true,"Day":6,"Month":1,"Year":1992,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17393,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:55:42.338478909Z	251	PC: 13088 \| UNKNOWN!
2018-12-25T12:55:42.34047071Z	251	PC: 12b1f \| UNKNOWN!
2018-12-25T12:55:42.341618609Z	74	PC: 12b6e \| Reallocate memory
2018-12-25T12:55:42.342891964Z	53	PC: 130a9 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:55:42.34437702Z	37	PC: 130be \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:55:42.346001771Z	42	PC: 12bc1 \| Get date 0x12bc1: cmp cx, 0x7c8 0x12bc5: jne 0x12bd4 0x12bc7: cmp dh, 7 0x12bca: jne 0x12bd4 0x12bcc: cmp dl, 0x14 0x12bcf: jae 0x12bd4 0x12bd1: jmp 0x12be6 0x12bd3: nop 0x12bd4: cmp dl, 4 0x12bd7: jne 0x12bde 0x12bd9: inc byte ptr cs:[0xe] 0x12bde: cmp al, 1 0x12be0: je 0x12c26 0x12be2: cmp al, 5 0x12be4: je 0x12c26 0x12be6: pop dx 0x12be7: pop cx 0x12be8: pop bx 0x12be9: pop ax 0x12bea: pop es
2018-12-25T12:55:42.348291845Z	53	PC: 12c2c \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:55:42.349921757Z	37	PC: 12c41 \| Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:55:42.351337646Z	75	PC: 12bf2 \| Execute program
2018-12-25T12:55:42.36525525Z	9	PC: 133c2 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:55:42.370596447Z	76	PC: 133c6 \| Terminate with return code (Return code = '36')
2018-12-25T12:55:42.373674603Z	73	PC: 12bf8 \| Release memory
2018-12-25T12:55:42.374855527Z	77	PC: 12bfc \| Get program return code
2018-12-25T12:55:42.376397071Z	49	PC: 12c26 \| Terminate and stay resident (Return code = '2' \| Memory size = '146')

{"DateBased":true,"Day":3,"Month":7,"Year":1992,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17393,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:55:42.505235069Z	251	PC: 13088 \| UNKNOWN!
2018-12-25T12:55:42.506722675Z	251	PC: 12b1f \| UNKNOWN!
2018-12-25T12:55:42.507900063Z	74	PC: 12b6e \| Reallocate memory
2018-12-25T12:55:42.509192144Z	53	PC: 130a9 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:55:42.510794567Z	37	PC: 130be \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:55:42.52276596Z	42	PC: 12bc1 \| Get date 0x12bc1: cmp cx, 0x7c8 0x12bc5: jne 0x12bd4 0x12bc7: cmp dh, 7 0x12bca: jne 0x12bd4 0x12bcc: cmp dl, 0x14 0x12bcf: jae 0x12bd4 0x12bd1: jmp 0x12be6 0x12bd3: nop 0x12bd4: cmp dl, 4 0x12bd7: jne 0x12bde 0x12bd9: inc byte ptr cs:[0xe] 0x12bde: cmp al, 1 0x12be0: je 0x12c26 0x12be2: cmp al, 5 0x12be4: je 0x12c26 0x12be6: pop dx 0x12be7: pop cx 0x12be8: pop bx 0x12be9: pop ax 0x12bea: pop es
2018-12-25T12:55:42.525083334Z	75	PC: 12bf2 \| Execute program
2018-12-25T12:55:42.542257489Z	9	PC: 133c2 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:55:42.547621206Z	76	PC: 133c6 \| Terminate with return code (Return code = '36')
2018-12-25T12:55:42.550457065Z	73	PC: 12bf8 \| Release memory
2018-12-25T12:55:42.551694117Z	77	PC: 12bfc \| Get program return code
2018-12-25T12:55:42.553526127Z	49	PC: 12c26 \| Terminate and stay resident (Return code = '2' \| Memory size = '146')

{"DateBased":true,"Day":21,"Month":7,"Year":1992,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17393,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:55:42.526699006Z	251	PC: 13088 \| UNKNOWN!
2018-12-25T12:55:42.52793459Z	251	PC: 12b1f \| UNKNOWN!
2018-12-25T12:55:42.52895124Z	74	PC: 12b6e \| Reallocate memory
2018-12-25T12:55:42.530078985Z	53	PC: 130a9 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:55:42.531450767Z	37	PC: 130be \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:55:42.532494801Z	42	PC: 12bc1 \| Get date 0x12bc1: cmp cx, 0x7c8 0x12bc5: jne 0x12bd4 0x12bc7: cmp dh, 7 0x12bca: jne 0x12bd4 0x12bcc: cmp dl, 0x14 0x12bcf: jae 0x12bd4 0x12bd1: jmp 0x12be6 0x12bd3: nop 0x12bd4: cmp dl, 4 0x12bd7: jne 0x12bde 0x12bd9: inc byte ptr cs:[0xe] 0x12bde: cmp al, 1 0x12be0: je 0x12c26 0x12be2: cmp al, 5 0x12be4: je 0x12c26 0x12be6: pop dx 0x12be7: pop cx 0x12be8: pop bx 0x12be9: pop ax 0x12bea: pop es
2018-12-25T12:55:42.533816799Z	75	PC: 12bf2 \| Execute program
2018-12-25T12:55:42.542579654Z	9	PC: 133c2 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:55:42.55096691Z	76	PC: 133c6 \| Terminate with return code (Return code = '36')
2018-12-25T12:55:42.552740669Z	73	PC: 12bf8 \| Release memory
2018-12-25T12:55:42.553711557Z	77	PC: 12bfc \| Get program return code
2018-12-25T12:55:42.555602598Z	49	PC: 12c26 \| Terminate and stay resident (Return code = '2' \| Memory size = '146')

{"DateBased":true,"Day":6,"Month":7,"Year":1992,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17393,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:55:42.599101299Z	251	PC: 13088 \| UNKNOWN!
2018-12-25T12:55:42.600739157Z	251	PC: 12b1f \| UNKNOWN!
2018-12-25T12:55:42.602749398Z	74	PC: 12b6e \| Reallocate memory
2018-12-25T12:55:42.604555213Z	53	PC: 130a9 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:55:42.606151255Z	37	PC: 130be \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:55:42.60891345Z	42	PC: 12bc1 \| Get date 0x12bc1: cmp cx, 0x7c8 0x12bc5: jne 0x12bd4 0x12bc7: cmp dh, 7 0x12bca: jne 0x12bd4 0x12bcc: cmp dl, 0x14 0x12bcf: jae 0x12bd4 0x12bd1: jmp 0x12be6 0x12bd3: nop 0x12bd4: cmp dl, 4 0x12bd7: jne 0x12bde 0x12bd9: inc byte ptr cs:[0xe] 0x12bde: cmp al, 1 0x12be0: je 0x12c26 0x12be2: cmp al, 5 0x12be4: je 0x12c26 0x12be6: pop dx 0x12be7: pop cx 0x12be8: pop bx 0x12be9: pop ax 0x12bea: pop es
2018-12-25T12:55:42.611459421Z	75	PC: 12bf2 \| Execute program
2018-12-25T12:55:42.627160374Z	9	PC: 133c2 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:55:42.633850423Z	76	PC: 133c6 \| Terminate with return code (Return code = '36')
2018-12-25T12:55:42.637217303Z	73	PC: 12bf8 \| Release memory
2018-12-25T12:55:42.638744161Z	77	PC: 12bfc \| Get program return code
2018-12-25T12:55:42.642094438Z	49	PC: 12c26 \| Terminate and stay resident (Return code = '2' \| Memory size = '146')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17393,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:55:42.918550385Z	251	PC: 13088 \| UNKNOWN!
2018-12-25T12:55:42.919807233Z	251	PC: 12b1f \| UNKNOWN!
2018-12-25T12:55:42.921898972Z	74	PC: 12b6e \| Reallocate memory
2018-12-25T12:55:42.927029262Z	53	PC: 130a9 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:55:42.928065675Z	37	PC: 130be \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:55:42.930096616Z	42	PC: 12bc1 \| Get date 0x12bc1: cmp cx, 0x7c8 0x12bc5: jne 0x12bd4 0x12bc7: cmp dh, 7 0x12bca: jne 0x12bd4 0x12bcc: cmp dl, 0x14 0x12bcf: jae 0x12bd4 0x12bd1: jmp 0x12be6 0x12bd3: nop 0x12bd4: cmp dl, 4 0x12bd7: jne 0x12bde 0x12bd9: inc byte ptr cs:[0xe] 0x12bde: cmp al, 1 0x12be0: je 0x12c26 0x12be2: cmp al, 5 0x12be4: je 0x12c26 0x12be6: pop dx 0x12be7: pop cx 0x12be8: pop bx 0x12be9: pop ax 0x12bea: pop es
2018-12-25T12:55:42.931909069Z	75	PC: 12bf2 \| Execute program
2018-12-25T12:55:42.941951221Z	9	PC: 133c2 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:55:42.945784706Z	76	PC: 133c6 \| Terminate with return code (Return code = '36')
2018-12-25T12:55:42.947775038Z	73	PC: 12bf8 \| Release memory
2018-12-25T12:55:42.948836545Z	77	PC: 12bfc \| Get program return code
2018-12-25T12:55:42.950407874Z	49	PC: 12c26 \| Terminate and stay resident (Return code = '2' \| Memory size = '146')

{"DateBased":true,"Day":4,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17393,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:55:43.307052692Z	251	PC: 13088 \| UNKNOWN!
2018-12-25T12:55:43.308120095Z	251	PC: 12b1f \| UNKNOWN!
2018-12-25T12:55:43.3096942Z	74	PC: 12b6e \| Reallocate memory
2018-12-25T12:55:43.310796914Z	53	PC: 130a9 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:55:43.311766083Z	37	PC: 130be \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:55:43.313279174Z	42	PC: 12bc1 \| Get date 0x12bc1: cmp cx, 0x7c8 0x12bc5: jne 0x12bd4 0x12bc7: cmp dh, 7 0x12bca: jne 0x12bd4 0x12bcc: cmp dl, 0x14 0x12bcf: jae 0x12bd4 0x12bd1: jmp 0x12be6 0x12bd3: nop 0x12bd4: cmp dl, 4 0x12bd7: jne 0x12bde 0x12bd9: inc byte ptr cs:[0xe] 0x12bde: cmp al, 1 0x12be0: je 0x12c26 0x12be2: cmp al, 5 0x12be4: je 0x12c26 0x12be6: pop dx 0x12be7: pop cx 0x12be8: pop bx 0x12be9: pop ax 0x12bea: pop es
2018-12-25T12:55:43.314828645Z	53	PC: 12c2c \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:55:43.315761409Z	37	PC: 12c41 \| Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:55:43.317447377Z	75	PC: 12bf2 \| Execute program
2018-12-25T12:55:43.327079693Z	9	PC: 133c2 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:55:43.330784173Z	76	PC: 133c6 \| Terminate with return code (Return code = '36')
2018-12-25T12:55:43.333670262Z	73	PC: 12bf8 \| Release memory
2018-12-25T12:55:43.33503646Z	77	PC: 12bfc \| Get program return code
2018-12-25T12:55:43.336852518Z	49	PC: 12c26 \| Terminate and stay resident (Return code = '2' \| Memory size = '146')

{"DateBased":true,"Day":7,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17393,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:55:43.474328928Z	251	PC: 13088 \| UNKNOWN!
2018-12-25T12:55:43.475502692Z	251	PC: 12b1f \| UNKNOWN!
2018-12-25T12:55:43.47662715Z	74	PC: 12b6e \| Reallocate memory
2018-12-25T12:55:43.477825126Z	53	PC: 130a9 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:55:43.479423367Z	37	PC: 130be \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:55:43.48078898Z	42	PC: 12bc1 \| Get date 0x12bc1: cmp cx, 0x7c8 0x12bc5: jne 0x12bd4 0x12bc7: cmp dh, 7 0x12bca: jne 0x12bd4 0x12bcc: cmp dl, 0x14 0x12bcf: jae 0x12bd4 0x12bd1: jmp 0x12be6 0x12bd3: nop 0x12bd4: cmp dl, 4 0x12bd7: jne 0x12bde 0x12bd9: inc byte ptr cs:[0xe] 0x12bde: cmp al, 1 0x12be0: je 0x12c26 0x12be2: cmp al, 5 0x12be4: je 0x12c26 0x12be6: pop dx 0x12be7: pop cx 0x12be8: pop bx 0x12be9: pop ax 0x12bea: pop es
2018-12-25T12:55:43.482813468Z	53	PC: 12c2c \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:55:43.484452991Z	37	PC: 12c41 \| Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:55:43.485389988Z	75	PC: 12bf2 \| Execute program
2018-12-25T12:55:43.498897258Z	9	PC: 133c2 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:55:43.50521659Z	76	PC: 133c6 \| Terminate with return code (Return code = '36')
2018-12-25T12:55:43.508072957Z	73	PC: 12bf8 \| Release memory
2018-12-25T12:55:43.509295093Z	77	PC: 12bfc \| Get program return code
2018-12-25T12:55:43.511322337Z	49	PC: 12c26 \| Terminate and stay resident (Return code = '2' \| Memory size = '146')

{"DateBased":true,"Day":11,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17393,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:55:43.775376861Z	251	PC: 13088 \| UNKNOWN!
2018-12-25T12:55:43.776996594Z	251	PC: 12b1f \| UNKNOWN!
2018-12-25T12:55:43.779179003Z	74	PC: 12b6e \| Reallocate memory
2018-12-25T12:55:43.780770872Z	53	PC: 130a9 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:55:43.782244971Z	37	PC: 130be \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:55:43.785275427Z	42	PC: 12bc1 \| Get date 0x12bc1: cmp cx, 0x7c8 0x12bc5: jne 0x12bd4 0x12bc7: cmp dh, 7 0x12bca: jne 0x12bd4 0x12bcc: cmp dl, 0x14 0x12bcf: jae 0x12bd4 0x12bd1: jmp 0x12be6 0x12bd3: nop 0x12bd4: cmp dl, 4 0x12bd7: jne 0x12bde 0x12bd9: inc byte ptr cs:[0xe] 0x12bde: cmp al, 1 0x12be0: je 0x12c26 0x12be2: cmp al, 5 0x12be4: je 0x12c26 0x12be6: pop dx 0x12be7: pop cx 0x12be8: pop bx 0x12be9: pop ax 0x12bea: pop es
2018-12-25T12:55:43.788453671Z	53	PC: 12c2c \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:55:43.790484772Z	37	PC: 12c41 \| Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:55:43.793489993Z	75	PC: 12bf2 \| Execute program
2018-12-25T12:55:43.82510472Z	9	PC: 133c2 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:55:43.833850046Z	76	PC: 133c6 \| Terminate with return code (Return code = '36')
2018-12-25T12:55:43.839018942Z	73	PC: 12bf8 \| Release memory
2018-12-25T12:55:43.841382273Z	77	PC: 12bfc \| Get program return code
2018-12-25T12:55:43.843814956Z	49	PC: 12c26 \| Terminate and stay resident (Return code = '2' \| Memory size = '146')

{"DateBased":true,"Day":3,"Month":1,"Year":1992,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17393,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:55:43.805816228Z	251	PC: 13088 \| UNKNOWN!
2018-12-25T12:55:43.806950788Z	251	PC: 12b1f \| UNKNOWN!
2018-12-25T12:55:43.809195101Z	74	PC: 12b6e \| Reallocate memory
2018-12-25T12:55:43.810775123Z	53	PC: 130a9 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:55:43.81219517Z	37	PC: 130be \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:55:43.816477187Z	42	PC: 12bc1 \| Get date 0x12bc1: cmp cx, 0x7c8 0x12bc5: jne 0x12bd4 0x12bc7: cmp dh, 7 0x12bca: jne 0x12bd4 0x12bcc: cmp dl, 0x14 0x12bcf: jae 0x12bd4 0x12bd1: jmp 0x12be6 0x12bd3: nop 0x12bd4: cmp dl, 4 0x12bd7: jne 0x12bde 0x12bd9: inc byte ptr cs:[0xe] 0x12bde: cmp al, 1 0x12be0: je 0x12c26 0x12be2: cmp al, 5 0x12be4: je 0x12c26 0x12be6: pop dx 0x12be7: pop cx 0x12be8: pop bx 0x12be9: pop ax 0x12bea: pop es
2018-12-25T12:55:43.819348323Z	53	PC: 12c2c \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:55:43.820672912Z	37	PC: 12c41 \| Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:55:43.822598155Z	75	PC: 12bf2 \| Execute program
2018-12-25T12:55:43.844496851Z	9	PC: 133c2 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:55:43.850790496Z	76	PC: 133c6 \| Terminate with return code (Return code = '36')
2018-12-25T12:55:43.85510694Z	73	PC: 12bf8 \| Release memory
2018-12-25T12:55:43.858982356Z	77	PC: 12bfc \| Get program return code
2018-12-25T12:55:43.8613822Z	49	PC: 12c26 \| Terminate and stay resident (Return code = '2' \| Memory size = '146')

{"DateBased":true,"Day":1,"Month":7,"Year":1992,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17393,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:55:43.944421579Z	251	PC: 13088 \| UNKNOWN!
2018-12-25T12:55:43.945937656Z	251	PC: 12b1f \| UNKNOWN!
2018-12-25T12:55:43.948603455Z	74	PC: 12b6e \| Reallocate memory
2018-12-25T12:55:43.950039054Z	53	PC: 130a9 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:55:43.951203619Z	37	PC: 130be \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:55:43.953423458Z	42	PC: 12bc1 \| Get date 0x12bc1: cmp cx, 0x7c8 0x12bc5: jne 0x12bd4 0x12bc7: cmp dh, 7 0x12bca: jne 0x12bd4 0x12bcc: cmp dl, 0x14 0x12bcf: jae 0x12bd4 0x12bd1: jmp 0x12be6 0x12bd3: nop 0x12bd4: cmp dl, 4 0x12bd7: jne 0x12bde 0x12bd9: inc byte ptr cs:[0xe] 0x12bde: cmp al, 1 0x12be0: je 0x12c26 0x12be2: cmp al, 5 0x12be4: je 0x12c26 0x12be6: pop dx 0x12be7: pop cx 0x12be8: pop bx 0x12be9: pop ax 0x12bea: pop es
2018-12-25T12:55:43.955895811Z	75	PC: 12bf2 \| Execute program
2018-12-25T12:55:43.972950996Z	9	PC: 133c2 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:55:43.979876823Z	76	PC: 133c6 \| Terminate with return code (Return code = '36')
2018-12-25T12:55:43.983445571Z	73	PC: 12bf8 \| Release memory
2018-12-25T12:55:43.985036933Z	77	PC: 12bfc \| Get program return code
2018-12-25T12:55:43.987710552Z	49	PC: 12c26 \| Terminate and stay resident (Return code = '2' \| Memory size = '146')

{"DateBased":true,"Day":4,"Month":7,"Year":1992,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17393,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:55:43.945003937Z	251	PC: 13088 \| UNKNOWN!
2018-12-25T12:55:43.946370448Z	251	PC: 12b1f \| UNKNOWN!
2018-12-25T12:55:43.947488379Z	74	PC: 12b6e \| Reallocate memory
2018-12-25T12:55:43.948780743Z	53	PC: 130a9 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:55:43.950710748Z	37	PC: 130be \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:55:43.952139661Z	42	PC: 12bc1 \| Get date 0x12bc1: cmp cx, 0x7c8 0x12bc5: jne 0x12bd4 0x12bc7: cmp dh, 7 0x12bca: jne 0x12bd4 0x12bcc: cmp dl, 0x14 0x12bcf: jae 0x12bd4 0x12bd1: jmp 0x12be6 0x12bd3: nop 0x12bd4: cmp dl, 4 0x12bd7: jne 0x12bde 0x12bd9: inc byte ptr cs:[0xe] 0x12bde: cmp al, 1 0x12be0: je 0x12c26 0x12be2: cmp al, 5 0x12be4: je 0x12c26 0x12be6: pop dx 0x12be7: pop cx 0x12be8: pop bx 0x12be9: pop ax 0x12bea: pop es
2018-12-25T12:55:43.954184979Z	75	PC: 12bf2 \| Execute program
2018-12-25T12:55:43.967983777Z	9	PC: 133c2 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:55:43.973953326Z	76	PC: 133c6 \| Terminate with return code (Return code = '36')
2018-12-25T12:55:43.976803298Z	73	PC: 12bf8 \| Release memory
2018-12-25T12:55:43.978083042Z	77	PC: 12bfc \| Get program return code
2018-12-25T12:55:43.980758304Z	49	PC: 12c26 \| Terminate and stay resident (Return code = '2' \| Memory size = '146')