Sample viewer

vx.netlux.org/Virus.DOS.FSN.1279.b

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:58:30.151267607Z 25 PC: 12dcd | Get default drive
2018-12-17T22:58:30.153383894Z 42 PC: 12dd7 | Get date 0x12dd7: mov al, 1
0x12dd9: cmp dh, 0xc
0x12ddc: jne 0x12de0
0x12dde: mov al, 3
0x12de0: mov byte ptr [si + 0x10], al
0x12de3: mov ah, 0x35
0x12de5: mov al, 0x24
0x12de7: int 0x21
0x12de9: mov word ptr [si + 0xc], bx
0x12dec: mov word ptr [si + 0xe], es
0x12def: push cs
0x12df0: pop es
0x12df1: mov ah, 0x25
0x12df3: mov al, 0x24
0x12df5: nop
0x12df6: lea dx, word ptr [si + 0x9d]
0x12dfa: int 0x21
0x12dfc: mov ah, 0x4a
0x12dfe: mov bx, word ptr [0x103]
0x12e02: add bx, 0x4fa
2018-12-17T22:58:30.156119899Z 53 PC: 12de9 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:58:30.158012666Z 37 PC: 12dfc | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:58:30.160344631Z 74 PC: 12e0d | Reallocate memory
2018-12-17T22:58:30.162278895Z 72 PC: 12e14 | Allocate memory
2018-12-17T22:58:30.1643644Z 26 PC: 12e31 | Set disk transfer address
2018-12-17T22:58:30.165973083Z 53 PC: 12e38 | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:58:30.168098068Z 37 PC: 12e53 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:58:30.172688823Z 14 PC: 12e70 | Set default drive (Drive = 'A')
2018-12-17T22:58:30.174475892Z 78 PC: 12f4a | Find first file
2018-12-17T22:58:30.182214315Z 61 PC: 12f82 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:58:30.189674697Z 66 PC: 12f95 | Move file pointer
2018-12-17T22:58:30.191297808Z 63 PC: 12fa3 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:58:30.200587045Z 66 PC: 12fcf | Move file pointer
2018-12-17T22:58:30.202290525Z 63 PC: 12fdd | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:58:30.205182011Z 66 PC: 13008 | Move file pointer
2018-12-17T22:58:30.212962709Z 64 PC: 13016 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:58:30.216247582Z 66 PC: 13026 | Move file pointer
2018-12-17T22:58:30.217890823Z 64 PC: 13034 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:58:30.221004877Z 64 PC: 1304d | Write file or device (Write 1271 bytes on handle 5)
2018-12-17T22:58:30.237566161Z 64 PC: 13060 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:58:30.240592216Z 62 PC: 13069 | Close file
2018-12-17T22:58:30.249903216Z 79 PC: 13083 | Find next file
2018-12-17T22:58:30.253906781Z 61 PC: 12f82 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:58:30.262180997Z 66 PC: 12f95 | Move file pointer
2018-12-17T22:58:30.264107537Z 63 PC: 12fa3 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:58:30.272189973Z 66 PC: 12fcf | Move file pointer
2018-12-17T22:58:30.274071913Z 63 PC: 12fdd | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:58:30.277122121Z 66 PC: 13008 | Move file pointer
2018-12-17T22:58:30.28004883Z 64 PC: 13016 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:58:30.283129498Z 66 PC: 13026 | Move file pointer
2018-12-17T22:58:30.284756868Z 64 PC: 13034 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:58:30.288921758Z 64 PC: 1304d | Write file or device (Write 1271 bytes on handle 5)
2018-12-17T22:58:30.298921872Z 64 PC: 13060 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:58:30.303243566Z 62 PC: 13069 | Close file
2018-12-17T22:58:30.313611398Z 79 PC: 13083 | Find next file
2018-12-17T22:58:30.317204224Z 61 PC: 12f82 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:58:30.325244456Z 66 PC: 12f95 | Move file pointer
2018-12-17T22:58:30.328232157Z 63 PC: 12fa3 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:58:30.335765963Z 66 PC: 12fcf | Move file pointer
2018-12-17T22:58:30.337561437Z 63 PC: 12fdd | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:58:30.340440659Z 66 PC: 13008 | Move file pointer
2018-12-17T22:58:30.342456713Z 64 PC: 13016 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:58:30.345689429Z 66 PC: 13026 | Move file pointer
2018-12-17T22:58:30.347544668Z 64 PC: 13034 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:58:30.351590424Z 64 PC: 1304d | Write file or device (Write 1271 bytes on handle 5)
2018-12-17T22:58:30.361734083Z 64 PC: 13060 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:58:30.364851969Z 62 PC: 13069 | Close file
2018-12-17T22:58:30.37499202Z 79 PC: 13083 | Find next file
2018-12-17T22:58:30.37851526Z 61 PC: 12f82 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:58:30.386237345Z 66 PC: 12f95 | Move file pointer
2018-12-17T22:58:30.389293524Z 63 PC: 12fa3 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:58:30.396632345Z 66 PC: 12fcf | Move file pointer
2018-12-17T22:58:30.398646478Z 63 PC: 12fdd | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:58:30.403137684Z 66 PC: 13008 | Move file pointer
2018-12-17T22:58:30.404743356Z 64 PC: 13016 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:58:30.407775849Z 66 PC: 13026 | Move file pointer
2018-12-17T22:58:30.409605644Z 64 PC: 13034 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:58:30.41326748Z 64 PC: 1304d | Write file or device (Write 1271 bytes on handle 5)
2018-12-17T22:58:30.42362649Z 64 PC: 13060 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:58:30.426606061Z 62 PC: 13069 | Close file
2018-12-17T22:58:30.43626694Z 79 PC: 13083 | Find next file
2018-12-17T22:58:30.439543116Z 61 PC: 12f82 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:58:30.447520172Z 66 PC: 12f95 | Move file pointer
2018-12-17T22:58:30.449800322Z 63 PC: 12fa3 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:58:30.457007429Z 66 PC: 12fcf | Move file pointer
2018-12-17T22:58:30.458575554Z 63 PC: 12fdd | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:58:30.462619575Z 66 PC: 13008 | Move file pointer
2018-12-17T22:58:30.464136337Z 64 PC: 13016 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:58:30.466929639Z 66 PC: 13026 | Move file pointer
2018-12-17T22:58:30.468955099Z 64 PC: 13034 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:58:30.47191221Z 64 PC: 1304d | Write file or device (Write 1271 bytes on handle 5)
2018-12-17T22:58:30.481725931Z 64 PC: 13060 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:58:30.484705063Z 62 PC: 13069 | Close file
2018-12-17T22:58:30.49522661Z 79 PC: 13083 | Find next file
2018-12-17T22:58:30.498402526Z 61 PC: 12f82 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:58:30.506220471Z 66 PC: 12f95 | Move file pointer
2018-12-17T22:58:30.508280138Z 63 PC: 12fa3 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:58:30.5166915Z 66 PC: 12fcf | Move file pointer
2018-12-17T22:58:30.518629735Z 63 PC: 12fdd | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:58:30.523432109Z 66 PC: 13008 | Move file pointer
2018-12-17T22:58:30.52489671Z 64 PC: 13016 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:58:30.527536697Z 66 PC: 13026 | Move file pointer
2018-12-17T22:58:30.529466558Z 64 PC: 13034 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:58:30.53139874Z 64 PC: 1304d | Write file or device (Write 1271 bytes on handle 5)
2018-12-17T22:58:30.537062442Z 64 PC: 13060 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:58:30.539271023Z 62 PC: 13069 | Close file
2018-12-17T22:58:30.548156746Z 79 PC: 13083 | Find next file
2018-12-17T22:58:30.550933951Z 61 PC: 12f82 | Open file (Filename = 'PAH.COM')
2018-12-17T22:58:30.558797518Z 66 PC: 12f95 | Move file pointer
2018-12-17T22:58:30.560448138Z 63 PC: 12fa3 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:58:30.567835933Z 66 PC: 12fcf | Move file pointer
2018-12-17T22:58:30.569729625Z 63 PC: 12fdd | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:58:30.572642429Z 66 PC: 13008 | Move file pointer
2018-12-17T22:58:30.57410779Z 64 PC: 13016 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:58:30.57749783Z 66 PC: 13026 | Move file pointer
2018-12-17T22:58:30.579852779Z 64 PC: 13034 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:58:30.582981045Z 64 PC: 1304d | Write file or device (Write 1271 bytes on handle 5)
2018-12-17T22:58:30.593267139Z 64 PC: 13060 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:58:30.596269497Z 62 PC: 13069 | Close file
2018-12-17T22:58:30.605956253Z 79 PC: 13083 | Find next file
2018-12-17T22:58:30.609393875Z 14 PC: 12e9f | Set default drive (Drive = 'C')
2018-12-17T22:58:30.610848973Z 25 PC: 12ea3 | Get default drive
2018-12-17T22:58:30.612258193Z 78 PC: 12f4a | Find first file
2018-12-17T22:58:30.619271677Z 61 PC: 12f82 | Open file (Filename = 'COMMAND.COM')
2018-12-17T22:58:30.626730916Z 66 PC: 12f95 | Move file pointer
2018-12-17T22:58:30.628687204Z 63 PC: 12fa3 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:58:30.632861076Z 66 PC: 12fcf | Move file pointer
2018-12-17T22:58:30.635765211Z 63 PC: 12fdd | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:58:30.638737566Z 66 PC: 13008 | Move file pointer
2018-12-17T22:58:30.640507301Z 64 PC: 13016 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:58:30.644565641Z 66 PC: 13026 | Move file pointer
2018-12-17T22:58:30.646165253Z 64 PC: 13034 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:58:30.651197154Z 64 PC: 1304d | Write file or device (Write 1271 bytes on handle 5)
2018-12-17T22:58:30.991371698Z 64 PC: 13060 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:58:30.995405102Z 62 PC: 13069 | Close file
2018-12-17T22:58:31.004079763Z 79 PC: 13083 | Find next file
2018-12-17T22:58:31.008428838Z 14 PC: 12e9f | Set default drive (Drive = 'D')
2018-12-17T22:58:31.01092809Z 25 PC: 12ea3 | Get default drive
2018-12-17T22:58:31.012471356Z 14 PC: 12e9f | Set default drive (Drive = 'E')
2018-12-17T22:58:31.014365429Z 25 PC: 12ea3 | Get default drive
2018-12-17T22:58:31.016004024Z 14 PC: 12e9f | Set default drive (Drive = 'F')
2018-12-17T22:58:31.017445307Z 25 PC: 12ea3 | Get default drive
2018-12-17T22:58:31.019492438Z 14 PC: 12e9f | Set default drive (Drive = 'G')
2018-12-17T22:58:31.021374737Z 25 PC: 12ea3 | Get default drive
2018-12-17T22:58:31.022776195Z 14 PC: 12e9f | Set default drive (Drive = 'H')
2018-12-17T22:58:31.024229206Z 25 PC: 12ea3 | Get default drive
2018-12-17T22:58:31.026685299Z 14 PC: 12e9f | Set default drive (Drive = 'I')
2018-12-17T22:58:31.028360285Z 25 PC: 12ea3 | Get default drive
2018-12-17T22:58:31.029978517Z 14 PC: 12e9f | Set default drive (Drive = 'J')
2018-12-17T22:58:31.032939714Z 25 PC: 12ea3 | Get default drive
2018-12-17T22:58:31.034326704Z 14 PC: 12e9f | Set default drive (Drive = 'K')
2018-12-17T22:58:31.035763752Z 25 PC: 12ea3 | Get default drive
2018-12-17T22:58:31.0381512Z 14 PC: 12e9f | Set default drive (Drive = 'L')
2018-12-17T22:58:31.039895885Z 25 PC: 12ea3 | Get default drive
2018-12-17T22:58:31.041229694Z 14 PC: 12e9f | Set default drive (Drive = 'M')
2018-12-17T22:58:31.043550841Z 25 PC: 12ea3 | Get default drive
2018-12-17T22:58:31.044967093Z 14 PC: 12e9f | Set default drive (Drive = 'N')
2018-12-17T22:58:31.047176907Z 25 PC: 12ea3 | Get default drive
2018-12-17T22:58:31.049277806Z 14 PC: 12e9f | Set default drive (Drive = 'O')
2018-12-17T22:58:31.0511891Z 25 PC: 12ea3 | Get default drive
2018-12-17T22:58:31.052484954Z 14 PC: 12e9f | Set default drive (Drive = 'P')
2018-12-17T22:58:31.055344453Z 25 PC: 12ea3 | Get default drive
2018-12-17T22:58:31.056968091Z 14 PC: 12e9f | Set default drive (Drive = 'Q')
2018-12-17T22:58:31.058379513Z 25 PC: 12ea3 | Get default drive
2018-12-17T22:58:31.060285719Z 14 PC: 12e9f | Set default drive (Drive = 'R')
2018-12-17T22:58:31.0623229Z 25 PC: 12ea3 | Get default drive
2018-12-17T22:58:31.06399379Z 14 PC: 12e9f | Set default drive (Drive = 'S')
2018-12-17T22:58:31.066678516Z 25 PC: 12ea3 | Get default drive
2018-12-17T22:58:31.068257561Z 14 PC: 12e9f | Set default drive (Drive = 'T')
2018-12-17T22:58:31.06990237Z 25 PC: 12ea3 | Get default drive
2018-12-17T22:58:31.073796829Z 14 PC: 12e9f | Set default drive (Drive = 'U')
2018-12-17T22:58:31.075151618Z 25 PC: 12ea3 | Get default drive
2018-12-17T22:58:31.076382048Z 14 PC: 12e9f | Set default drive (Drive = 'V')
2018-12-17T22:58:31.078832298Z 25 PC: 12ea3 | Get default drive
2018-12-17T22:58:31.080125305Z 14 PC: 12e9f | Set default drive (Drive = 'W')
2018-12-17T22:58:31.081460157Z 25 PC: 12ea3 | Get default drive
2018-12-17T22:58:31.082949647Z 14 PC: 12e9f | Set default drive (Drive = 'X')
2018-12-17T22:58:31.084342377Z 25 PC: 12ea3 | Get default drive
2018-12-17T22:58:31.086109581Z 14 PC: 12e9f | Set default drive (Drive = 'Y')
2018-12-17T22:58:31.088405644Z 25 PC: 12ea3 | Get default drive
2018-12-17T22:58:31.0906858Z 14 PC: 12e9f | Set default drive (Drive = 'Z')
2018-12-17T22:58:31.092764908Z 25 PC: 12ea3 | Get default drive
2018-12-17T22:58:31.097061159Z 26 PC: 12ee6 | Set disk transfer address
2018-12-17T22:58:31.099116769Z 37 PC: 12ef7 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:58:31.100861936Z 73 PC: 12f13 | Release memory
2018-12-17T22:58:31.102919116Z 14 PC: 12f23 | Set default drive (Drive = 'A')
2018-12-17T22:58:31.105112918Z 37 PC: 12f2d | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:58:31.106913952Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-17T22:58:31.110326Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12902,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:36:54.238791891Z 25 PC: 12dcd | Get default drive
2018-12-25T12:36:54.240631235Z 42 PC: 12dd7 | Get date 0x12dd7: mov al, 1
0x12dd9: cmp dh, 0xc
0x12ddc: jne 0x12de0
0x12dde: mov al, 3
0x12de0: mov byte ptr [si + 0x10], al
0x12de3: mov ah, 0x35
0x12de5: mov al, 0x24
0x12de7: int 0x21
0x12de9: mov word ptr [si + 0xc], bx
0x12dec: mov word ptr [si + 0xe], es
0x12def: push cs
0x12df0: pop es
0x12df1: mov ah, 0x25
0x12df3: mov al, 0x24
0x12df5: nop
0x12df6: lea dx, word ptr [si + 0x9d]
0x12dfa: int 0x21
0x12dfc: mov ah, 0x4a
0x12dfe: mov bx, word ptr [0x103]
0x12e02: add bx, 0x4fa
2018-12-25T12:36:54.242728541Z 53 PC: 12de9 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:36:54.243815061Z 37 PC: 12dfc | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:36:54.245406913Z 74 PC: 12e0d | Reallocate memory
2018-12-25T12:36:54.246832298Z 72 PC: 12e14 | Allocate memory
2018-12-25T12:36:54.248598897Z 26 PC: 12e31 | Set disk transfer address
2018-12-25T12:36:54.250322661Z 53 PC: 12e38 | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:36:54.251598948Z 37 PC: 12e53 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:36:54.252642738Z 14 PC: 12e70 | Set default drive (Drive = 'A')
2018-12-25T12:36:54.253747023Z 78 PC: 12f4a | Find first file
2018-12-25T12:36:54.25976315Z 61 PC: 12f82 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:36:54.266569632Z 66 PC: 12f95 | Move file pointer
2018-12-25T12:36:54.268345904Z 63 PC: 12fa3 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:36:54.275720166Z 66 PC: 12fcf | Move file pointer
2018-12-25T12:36:54.277137276Z 63 PC: 12fdd | Read file or device (Read 5 bytes on handle 5)
2018-12-25T12:36:54.279450136Z 66 PC: 13008 | Move file pointer
2018-12-25T12:36:54.289910396Z 64 PC: 13016 | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:36:54.292820631Z 66 PC: 13026 | Move file pointer
2018-12-25T12:36:54.29451752Z 64 PC: 13034 | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:36:54.298122052Z 64 PC: 1304d | Write file or device (Write 1271 bytes on handle 5)
2018-12-25T12:36:54.31319797Z 64 PC: 13060 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:36:54.316437068Z 62 PC: 13069 | Close file
2018-12-25T12:36:54.325019531Z 79 PC: 13083 | Find next file
2018-12-25T12:36:54.327966376Z 61 PC: 12f82 | Open file (See above)
2018-12-25T12:36:54.334363634Z 66 PC: 12f95 | Move file pointer (See above)
2018-12-25T12:36:54.336248402Z 63 PC: 12fa3 | Read file or device (See above)
2018-12-25T12:36:54.342485039Z 66 PC: 12fcf | Move file pointer (See above)
2018-12-25T12:36:54.344303253Z 63 PC: 12fdd | Read file or device (See above)
2018-12-25T12:36:54.34750358Z 66 PC: 13008 | Move file pointer (See above)
2018-12-25T12:36:54.348981537Z 64 PC: 13016 | Write file or device (See above)
2018-12-25T12:36:54.351650572Z 66 PC: 13026 | Move file pointer (See above)
2018-12-25T12:36:54.353421505Z 64 PC: 13034 | Write file or device (See above)
2018-12-25T12:36:54.356529278Z 64 PC: 1304d | Write file or device (See above)
2018-12-25T12:36:54.364829949Z 64 PC: 13060 | Write file or device (See above)
2018-12-25T12:36:54.368406821Z 62 PC: 13069 | Close file (See above)
2018-12-25T12:36:54.376516634Z 79 PC: 13083 | Find next file (See above)
2018-12-25T12:36:54.379058698Z 61 PC: 12f82 | Open file (See above)
2018-12-25T12:36:54.386664121Z 66 PC: 12f95 | Move file pointer (See above)
2018-12-25T12:36:54.387980856Z 63 PC: 12fa3 | Read file or device (See above)
2018-12-25T12:36:54.394225434Z 66 PC: 12fcf | Move file pointer (See above)
2018-12-25T12:36:54.39597334Z 63 PC: 12fdd | Read file or device (See above)
2018-12-25T12:36:54.398340994Z 66 PC: 13008 | Move file pointer (See above)
2018-12-25T12:36:54.39953091Z 64 PC: 13016 | Write file or device (See above)
2018-12-25T12:36:54.402448421Z 66 PC: 13026 | Move file pointer (See above)
2018-12-25T12:36:54.403835094Z 64 PC: 13034 | Write file or device (See above)
2018-12-25T12:36:54.406361962Z 64 PC: 1304d | Write file or device (See above)
2018-12-25T12:36:54.414928368Z 64 PC: 13060 | Write file or device (See above)
2018-12-25T12:36:54.417761883Z 62 PC: 13069 | Close file (See above)
2018-12-25T12:36:54.425512487Z 79 PC: 13083 | Find next file (See above)
2018-12-25T12:36:54.428681659Z 61 PC: 12f82 | Open file (See above)
2018-12-25T12:36:54.435255097Z 66 PC: 12f95 | Move file pointer (See above)
2018-12-25T12:36:54.437012811Z 63 PC: 12fa3 | Read file or device (See above)
2018-12-25T12:36:54.44384487Z 66 PC: 12fcf | Move file pointer (See above)
2018-12-25T12:36:54.445622764Z 63 PC: 12fdd | Read file or device (See above)
2018-12-25T12:36:54.448069597Z 66 PC: 13008 | Move file pointer (See above)
2018-12-25T12:36:54.449704069Z 64 PC: 13016 | Write file or device (See above)
2018-12-25T12:36:54.452523012Z 66 PC: 13026 | Move file pointer (See above)
2018-12-25T12:36:54.453933401Z 64 PC: 13034 | Write file or device (See above)
2018-12-25T12:36:54.458395101Z 64 PC: 1304d | Write file or device (See above)
2018-12-25T12:36:54.466244594Z 64 PC: 13060 | Write file or device (See above)
2018-12-25T12:36:54.468032578Z 62 PC: 13069 | Close file (See above)
2018-12-25T12:36:54.473357072Z 79 PC: 13083 | Find next file (See above)
2018-12-25T12:36:54.47631086Z 61 PC: 12f82 | Open file (See above)
2018-12-25T12:36:54.48253012Z 66 PC: 12f95 | Move file pointer (See above)
2018-12-25T12:36:54.484316177Z 63 PC: 12fa3 | Read file or device (See above)
2018-12-25T12:36:54.490610278Z 66 PC: 12fcf | Move file pointer (See above)
2018-12-25T12:36:54.491766631Z 63 PC: 12fdd | Read file or device (See above)
2018-12-25T12:36:54.494162517Z 66 PC: 13008 | Move file pointer (See above)
2018-12-25T12:36:54.495910704Z 64 PC: 13016 | Write file or device (See above)
2018-12-25T12:36:54.498828932Z 66 PC: 13026 | Move file pointer (See above)
2018-12-25T12:36:54.500689106Z 64 PC: 13034 | Write file or device (See above)
2018-12-25T12:36:54.503683608Z 64 PC: 1304d | Write file or device (See above)
2018-12-25T12:36:54.511960247Z 64 PC: 13060 | Write file or device (See above)
2018-12-25T12:36:54.51467931Z 62 PC: 13069 | Close file (See above)
2018-12-25T12:36:54.525888128Z 79 PC: 13083 | Find next file (See above)
2018-12-25T12:36:54.529084501Z 61 PC: 12f82 | Open file (See above)
2018-12-25T12:36:54.535498627Z 66 PC: 12f95 | Move file pointer (See above)
2018-12-25T12:36:54.537346411Z 63 PC: 12fa3 | Read file or device (See above)
2018-12-25T12:36:54.543406971Z 66 PC: 12fcf | Move file pointer (See above)
2018-12-25T12:36:54.544771881Z 63 PC: 12fdd | Read file or device (See above)
2018-12-25T12:36:54.547428741Z 66 PC: 13008 | Move file pointer (See above)
2018-12-25T12:36:54.548987735Z 64 PC: 13016 | Write file or device (See above)
2018-12-25T12:36:54.55161877Z 66 PC: 13026 | Move file pointer (See above)
2018-12-25T12:36:54.554087921Z 64 PC: 13034 | Write file or device (See above)
2018-12-25T12:36:54.556633835Z 64 PC: 1304d | Write file or device (See above)
2018-12-25T12:36:54.564966468Z 64 PC: 13060 | Write file or device (See above)
2018-12-25T12:36:54.568493612Z 62 PC: 13069 | Close file (See above)
2018-12-25T12:36:54.576561745Z 79 PC: 13083 | Find next file (See above)
2018-12-25T12:36:54.57923253Z 61 PC: 12f82 | Open file (See above)
2018-12-25T12:36:54.590025358Z 66 PC: 12f95 | Move file pointer (See above)
2018-12-25T12:36:54.591577431Z 63 PC: 12fa3 | Read file or device (See above)
2018-12-25T12:36:54.598069812Z 66 PC: 12fcf | Move file pointer (See above)
2018-12-25T12:36:54.600496286Z 63 PC: 12fdd | Read file or device (See above)
2018-12-25T12:36:54.602886034Z 66 PC: 13008 | Move file pointer (See above)
2018-12-25T12:36:54.604181658Z 64 PC: 13016 | Write file or device (See above)
2018-12-25T12:36:54.60790064Z 66 PC: 13026 | Move file pointer (See above)
2018-12-25T12:36:54.620275055Z 64 PC: 13034 | Write file or device (See above)
2018-12-25T12:36:54.623050402Z 64 PC: 1304d | Write file or device (See above)
2018-12-25T12:36:54.632980522Z 64 PC: 13060 | Write file or device (See above)
2018-12-25T12:36:54.63623258Z 62 PC: 13069 | Close file (See above)
2018-12-25T12:36:54.644637474Z 79 PC: 13083 | Find next file (See above)
2018-12-25T12:36:54.648840283Z 14 PC: 12e9f | Set default drive (Drive = 'C')
2018-12-25T12:36:54.650490665Z 25 PC: 12ea3 | Get default drive
2018-12-25T12:36:54.652428996Z 78 PC: 12f4a | Find first file (See above)
2018-12-25T12:36:54.659345184Z 61 PC: 12f82 | Open file (See above)
2018-12-25T12:36:54.666193364Z 66 PC: 12f95 | Move file pointer (See above)
2018-12-25T12:36:54.667730114Z 63 PC: 12fa3 | Read file or device (See above)
2018-12-25T12:36:54.670715902Z 66 PC: 12fcf | Move file pointer (See above)
2018-12-25T12:36:54.672115906Z 63 PC: 12fdd | Read file or device (See above)
2018-12-25T12:36:54.674479773Z 66 PC: 13008 | Move file pointer (See above)
2018-12-25T12:36:54.675996369Z 64 PC: 13016 | Write file or device (See above)
2018-12-25T12:36:54.687979055Z 66 PC: 13026 | Move file pointer (See above)
2018-12-25T12:36:54.689775406Z 64 PC: 13034 | Write file or device (See above)
2018-12-25T12:36:54.692958438Z 64 PC: 1304d | Write file or device (See above)
2018-12-25T12:36:55.027571106Z 64 PC: 13060 | Write file or device (See above)
2018-12-25T12:36:55.030199044Z 62 PC: 13069 | Close file (See above)
2018-12-25T12:36:55.035864938Z 79 PC: 13083 | Find next file (See above)
2018-12-25T12:36:55.038229854Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:55.039389453Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:55.0407998Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:55.042107013Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:55.050981438Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:55.052787636Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:55.053794468Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:55.055023538Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:55.056648916Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:55.05797307Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:55.05897206Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:55.06049174Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:55.061544573Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:55.06295262Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:55.065021577Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:55.067175691Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:55.06861346Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:55.07051388Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:55.071867716Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:55.07303873Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:55.074592519Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:55.076051431Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:55.077047776Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:55.078996373Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:55.0803338Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:55.081629018Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:55.082940174Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:55.084421249Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:55.085352987Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:55.086538642Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:55.088421023Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:55.089779353Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:55.091036213Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:55.092601508Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:55.093480691Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:55.094452766Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:55.095740857Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:55.096773283Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:55.097890505Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:55.100182312Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:55.101227609Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:55.102222882Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:55.103673417Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:55.105025044Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:55.10626543Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:55.108017862Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:55.109559727Z 26 PC: 12ee6 | Set disk transfer address
2018-12-25T12:36:55.110776328Z 37 PC: 12ef7 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:36:55.112375554Z 73 PC: 12f13 | Release memory
2018-12-25T12:36:55.113504833Z 14 PC: 12f23 | Set default drive (Drive = 'A')
2018-12-25T12:36:55.114594215Z 37 PC: 12f2d | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:36:55.116432447Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:36:55.121718955Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12902,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:36:55.081012805Z 25 PC: 12dcd | Get default drive
2018-12-25T12:36:55.083093193Z 42 PC: 12dd7 | Get date 0x12dd7: mov al, 1
0x12dd9: cmp dh, 0xc
0x12ddc: jne 0x12de0
0x12dde: mov al, 3
0x12de0: mov byte ptr [si + 0x10], al
0x12de3: mov ah, 0x35
0x12de5: mov al, 0x24
0x12de7: int 0x21
0x12de9: mov word ptr [si + 0xc], bx
0x12dec: mov word ptr [si + 0xe], es
0x12def: push cs
0x12df0: pop es
0x12df1: mov ah, 0x25
0x12df3: mov al, 0x24
0x12df5: nop
0x12df6: lea dx, word ptr [si + 0x9d]
0x12dfa: int 0x21
0x12dfc: mov ah, 0x4a
0x12dfe: mov bx, word ptr [0x103]
0x12e02: add bx, 0x4fa
2018-12-25T12:36:55.085468445Z 53 PC: 12de9 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:36:55.086897174Z 37 PC: 12dfc | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:36:55.088903699Z 74 PC: 12e0d | Reallocate memory
2018-12-25T12:36:55.09026563Z 72 PC: 12e14 | Allocate memory
2018-12-25T12:36:55.091707805Z 26 PC: 12e31 | Set disk transfer address
2018-12-25T12:36:55.093627752Z 53 PC: 12e38 | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:36:55.094718364Z 37 PC: 12e53 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:36:55.09855524Z 14 PC: 12e70 | Set default drive (Drive = 'A')
2018-12-25T12:36:55.099729632Z 78 PC: 12f4a | Find first file
2018-12-25T12:36:55.105486267Z 61 PC: 12f82 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:36:55.111877473Z 66 PC: 12f95 | Move file pointer
2018-12-25T12:36:55.113225485Z 63 PC: 12fa3 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:36:55.120833203Z 66 PC: 12fcf | Move file pointer
2018-12-25T12:36:55.122317995Z 63 PC: 12fdd | Read file or device (Read 5 bytes on handle 5)
2018-12-25T12:36:55.124648782Z 66 PC: 13008 | Move file pointer
2018-12-25T12:36:55.12685642Z 64 PC: 13016 | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:36:55.129385738Z 66 PC: 13026 | Move file pointer
2018-12-25T12:36:55.13101333Z 64 PC: 13034 | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:36:55.134713606Z 64 PC: 1304d | Write file or device (Write 1271 bytes on handle 5)
2018-12-25T12:36:55.149260524Z 64 PC: 13060 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:36:55.153473554Z 62 PC: 13069 | Close file
2018-12-25T12:36:55.162107012Z 79 PC: 13083 | Find next file
2018-12-25T12:36:55.164694795Z 61 PC: 12f82 | Open file (See above)
2018-12-25T12:36:55.171280128Z 66 PC: 12f95 | Move file pointer (See above)
2018-12-25T12:36:55.173682239Z 63 PC: 12fa3 | Read file or device (See above)
2018-12-25T12:36:55.180055201Z 66 PC: 12fcf | Move file pointer (See above)
2018-12-25T12:36:55.182126247Z 63 PC: 12fdd | Read file or device (See above)
2018-12-25T12:36:55.185255694Z 66 PC: 13008 | Move file pointer (See above)
2018-12-25T12:36:55.186824361Z 64 PC: 13016 | Write file or device (See above)
2018-12-25T12:36:55.189606028Z 66 PC: 13026 | Move file pointer (See above)
2018-12-25T12:36:55.191866225Z 64 PC: 13034 | Write file or device (See above)
2018-12-25T12:36:55.19443446Z 64 PC: 1304d | Write file or device (See above)
2018-12-25T12:36:55.202467792Z 64 PC: 13060 | Write file or device (See above)
2018-12-25T12:36:55.205758046Z 62 PC: 13069 | Close file (See above)
2018-12-25T12:36:55.213455728Z 79 PC: 13083 | Find next file (See above)
2018-12-25T12:36:55.215943178Z 61 PC: 12f82 | Open file (See above)
2018-12-25T12:36:55.223180956Z 66 PC: 12f95 | Move file pointer (See above)
2018-12-25T12:36:55.224415104Z 63 PC: 12fa3 | Read file or device (See above)
2018-12-25T12:36:55.230423888Z 66 PC: 12fcf | Move file pointer (See above)
2018-12-25T12:36:55.232361802Z 63 PC: 12fdd | Read file or device (See above)
2018-12-25T12:36:55.235226054Z 66 PC: 13008 | Move file pointer (See above)
2018-12-25T12:36:55.236420541Z 64 PC: 13016 | Write file or device (See above)
2018-12-25T12:36:55.238944177Z 66 PC: 13026 | Move file pointer (See above)
2018-12-25T12:36:55.241138196Z 64 PC: 13034 | Write file or device (See above)
2018-12-25T12:36:55.243918709Z 64 PC: 1304d | Write file or device (See above)
2018-12-25T12:36:55.251914418Z 64 PC: 13060 | Write file or device (See above)
2018-12-25T12:36:55.255165617Z 62 PC: 13069 | Close file (See above)
2018-12-25T12:36:55.262926475Z 79 PC: 13083 | Find next file (See above)
2018-12-25T12:36:55.26546381Z 61 PC: 12f82 | Open file (See above)
2018-12-25T12:36:55.272463703Z 66 PC: 12f95 | Move file pointer (See above)
2018-12-25T12:36:55.273733445Z 63 PC: 12fa3 | Read file or device (See above)
2018-12-25T12:36:55.27983898Z 66 PC: 12fcf | Move file pointer (See above)
2018-12-25T12:36:55.281483778Z 63 PC: 12fdd | Read file or device (See above)
2018-12-25T12:36:55.283972415Z 66 PC: 13008 | Move file pointer (See above)
2018-12-25T12:36:55.285375839Z 64 PC: 13016 | Write file or device (See above)
2018-12-25T12:36:55.28909156Z 66 PC: 13026 | Move file pointer (See above)
2018-12-25T12:36:55.291329051Z 64 PC: 13034 | Write file or device (See above)
2018-12-25T12:36:55.293877362Z 64 PC: 1304d | Write file or device (See above)
2018-12-25T12:36:55.312629785Z 64 PC: 13060 | Write file or device (See above)
2018-12-25T12:36:55.315085962Z 62 PC: 13069 | Close file (See above)
2018-12-25T12:36:55.322791358Z 79 PC: 13083 | Find next file (See above)
2018-12-25T12:36:55.334652321Z 61 PC: 12f82 | Open file (See above)
2018-12-25T12:36:55.340809389Z 66 PC: 12f95 | Move file pointer (See above)
2018-12-25T12:36:55.342086571Z 63 PC: 12fa3 | Read file or device (See above)
2018-12-25T12:36:55.348464535Z 66 PC: 12fcf | Move file pointer (See above)
2018-12-25T12:36:55.349678912Z 63 PC: 12fdd | Read file or device (See above)
2018-12-25T12:36:55.351937655Z 66 PC: 13008 | Move file pointer (See above)
2018-12-25T12:36:55.353442912Z 64 PC: 13016 | Write file or device (See above)
2018-12-25T12:36:55.355836795Z 66 PC: 13026 | Move file pointer (See above)
2018-12-25T12:36:55.356983921Z 64 PC: 13034 | Write file or device (See above)
2018-12-25T12:36:55.360563707Z 64 PC: 1304d | Write file or device (See above)
2018-12-25T12:36:55.368837188Z 64 PC: 13060 | Write file or device (See above)
2018-12-25T12:36:55.37127706Z 62 PC: 13069 | Close file (See above)
2018-12-25T12:36:55.379191412Z 79 PC: 13083 | Find next file (See above)
2018-12-25T12:36:55.381514815Z 61 PC: 12f82 | Open file (See above)
2018-12-25T12:36:55.387613847Z 66 PC: 12f95 | Move file pointer (See above)
2018-12-25T12:36:55.389224279Z 63 PC: 12fa3 | Read file or device (See above)
2018-12-25T12:36:55.395221729Z 66 PC: 12fcf | Move file pointer (See above)
2018-12-25T12:36:55.396383103Z 63 PC: 12fdd | Read file or device (See above)
2018-12-25T12:36:55.399001903Z 66 PC: 13008 | Move file pointer (See above)
2018-12-25T12:36:55.400132228Z 64 PC: 13016 | Write file or device (See above)
2018-12-25T12:36:55.402571316Z 66 PC: 13026 | Move file pointer (See above)
2018-12-25T12:36:55.404728043Z 64 PC: 13034 | Write file or device (See above)
2018-12-25T12:36:55.407253656Z 64 PC: 1304d | Write file or device (See above)
2018-12-25T12:36:55.415610818Z 64 PC: 13060 | Write file or device (See above)
2018-12-25T12:36:55.418676342Z 62 PC: 13069 | Close file (See above)
2018-12-25T12:36:55.426845531Z 79 PC: 13083 | Find next file (See above)
2018-12-25T12:36:55.42924818Z 61 PC: 12f82 | Open file (See above)
2018-12-25T12:36:55.436769183Z 66 PC: 12f95 | Move file pointer (See above)
2018-12-25T12:36:55.437950238Z 63 PC: 12fa3 | Read file or device (See above)
2018-12-25T12:36:55.44447434Z 66 PC: 12fcf | Move file pointer (See above)
2018-12-25T12:36:55.446113353Z 63 PC: 12fdd | Read file or device (See above)
2018-12-25T12:36:55.448546594Z 66 PC: 13008 | Move file pointer (See above)
2018-12-25T12:36:55.449815942Z 64 PC: 13016 | Write file or device (See above)
2018-12-25T12:36:55.452741493Z 66 PC: 13026 | Move file pointer (See above)
2018-12-25T12:36:55.45397474Z 64 PC: 13034 | Write file or device (See above)
2018-12-25T12:36:55.456393738Z 64 PC: 1304d | Write file or device (See above)
2018-12-25T12:36:55.465492661Z 64 PC: 13060 | Write file or device (See above)
2018-12-25T12:36:55.467957962Z 62 PC: 13069 | Close file (See above)
2018-12-25T12:36:55.475616309Z 79 PC: 13083 | Find next file (See above)
2018-12-25T12:36:55.478647525Z 14 PC: 12e9f | Set default drive (Drive = 'C')
2018-12-25T12:36:55.479659634Z 25 PC: 12ea3 | Get default drive
2018-12-25T12:36:55.480453178Z 78 PC: 12f4a | Find first file (See above)
2018-12-25T12:36:55.486053163Z 61 PC: 12f82 | Open file (See above)
2018-12-25T12:36:55.49258318Z 66 PC: 12f95 | Move file pointer (See above)
2018-12-25T12:36:55.493753294Z 63 PC: 12fa3 | Read file or device (See above)
2018-12-25T12:36:55.497285042Z 66 PC: 12fcf | Move file pointer (See above)
2018-12-25T12:36:55.498790974Z 63 PC: 12fdd | Read file or device (See above)
2018-12-25T12:36:55.501634474Z 66 PC: 13008 | Move file pointer (See above)
2018-12-25T12:36:55.504067703Z 64 PC: 13016 | Write file or device (See above)
2018-12-25T12:36:55.506867693Z 66 PC: 13026 | Move file pointer (See above)
2018-12-25T12:36:55.508364756Z 64 PC: 13034 | Write file or device (See above)
2018-12-25T12:36:55.512562796Z 64 PC: 1304d | Write file or device (See above)
2018-12-25T12:36:55.844279971Z 64 PC: 13060 | Write file or device (See above)
2018-12-25T12:36:55.847343166Z 62 PC: 13069 | Close file (See above)
2018-12-25T12:36:55.855263383Z 79 PC: 13083 | Find next file (See above)
2018-12-25T12:36:55.859071638Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:55.860631245Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:55.86206244Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:55.864695763Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:55.866124685Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:55.867640439Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:55.870011864Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:55.871541162Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:55.87277243Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:55.874888014Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:55.875958664Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:55.877062796Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:55.878894648Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:55.879990268Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:55.880987155Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:55.882986741Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:55.883979275Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:55.885040325Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:55.886698137Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:55.887793758Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:55.88877512Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:55.890548121Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:55.892413079Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:55.893482576Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:55.895333395Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:55.896700677Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:55.89860706Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:55.90006899Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:55.901853433Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:55.902925787Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:55.903966403Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:55.906395976Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:55.90738062Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:55.908429929Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:55.910678385Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:55.911743608Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:55.912728266Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:55.915493305Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:55.916792181Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:55.91816839Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:55.919978372Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:55.921287097Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:55.922513711Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:55.924488952Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:55.926129221Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:55.927449981Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:55.931253787Z 26 PC: 12ee6 | Set disk transfer address
2018-12-25T12:36:55.932539261Z 37 PC: 12ef7 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:36:55.93412713Z 73 PC: 12f13 | Release memory
2018-12-25T12:36:55.936958555Z 14 PC: 12f23 | Set default drive (Drive = 'A')
2018-12-25T12:36:55.938446295Z 37 PC: 12f2d | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:36:55.939800645Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:36:55.944383828Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12902,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:36:55.194353755Z 25 PC: 12dcd | Get default drive
2018-12-25T12:36:55.195409541Z 42 PC: 12dd7 | Get date 0x12dd7: mov al, 1
0x12dd9: cmp dh, 0xc
0x12ddc: jne 0x12de0
0x12dde: mov al, 3
0x12de0: mov byte ptr [si + 0x10], al
0x12de3: mov ah, 0x35
0x12de5: mov al, 0x24
0x12de7: int 0x21
0x12de9: mov word ptr [si + 0xc], bx
0x12dec: mov word ptr [si + 0xe], es
0x12def: push cs
0x12df0: pop es
0x12df1: mov ah, 0x25
0x12df3: mov al, 0x24
0x12df5: nop
0x12df6: lea dx, word ptr [si + 0x9d]
0x12dfa: int 0x21
0x12dfc: mov ah, 0x4a
0x12dfe: mov bx, word ptr [0x103]
0x12e02: add bx, 0x4fa
2018-12-25T12:36:55.197738505Z 53 PC: 12de9 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:36:55.198900747Z 37 PC: 12dfc | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:36:55.200045851Z 74 PC: 12e0d | Reallocate memory
2018-12-25T12:36:55.201742258Z 72 PC: 12e14 | Allocate memory
2018-12-25T12:36:55.203271882Z 26 PC: 12e31 | Set disk transfer address
2018-12-25T12:36:55.204319664Z 53 PC: 12e38 | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:36:55.220506233Z 37 PC: 12e53 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:36:55.222722523Z 14 PC: 12e70 | Set default drive (Drive = 'A')
2018-12-25T12:36:55.22395044Z 78 PC: 12f4a | Find first file
2018-12-25T12:36:55.231035974Z 61 PC: 12f82 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:36:55.238253559Z 66 PC: 12f95 | Move file pointer
2018-12-25T12:36:55.239693891Z 63 PC: 12fa3 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:36:55.246936079Z 66 PC: 12fcf | Move file pointer
2018-12-25T12:36:55.248396182Z 63 PC: 12fdd | Read file or device (Read 5 bytes on handle 5)
2018-12-25T12:36:55.250891499Z 66 PC: 13008 | Move file pointer
2018-12-25T12:36:55.25217536Z 64 PC: 13016 | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:36:55.25501319Z 66 PC: 13026 | Move file pointer
2018-12-25T12:36:55.256220145Z 64 PC: 13034 | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:36:55.259686907Z 64 PC: 1304d | Write file or device (Write 1271 bytes on handle 5)
2018-12-25T12:36:55.274758556Z 64 PC: 13060 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:36:55.27754727Z 62 PC: 13069 | Close file
2018-12-25T12:36:55.286080064Z 79 PC: 13083 | Find next file
2018-12-25T12:36:55.289182788Z 61 PC: 12f82 | Open file (See above)
2018-12-25T12:36:55.296172455Z 66 PC: 12f95 | Move file pointer (See above)
2018-12-25T12:36:55.297562358Z 63 PC: 12fa3 | Read file or device (See above)
2018-12-25T12:36:55.308976781Z 66 PC: 12fcf | Move file pointer (See above)
2018-12-25T12:36:55.310377544Z 63 PC: 12fdd | Read file or device (See above)
2018-12-25T12:36:55.31291742Z 66 PC: 13008 | Move file pointer (See above)
2018-12-25T12:36:55.314533676Z 64 PC: 13016 | Write file or device (See above)
2018-12-25T12:36:55.317326013Z 66 PC: 13026 | Move file pointer (See above)
2018-12-25T12:36:55.318704813Z 64 PC: 13034 | Write file or device (See above)
2018-12-25T12:36:55.328036377Z 64 PC: 1304d | Write file or device (See above)
2018-12-25T12:36:55.338100596Z 64 PC: 13060 | Write file or device (See above)
2018-12-25T12:36:55.341175734Z 62 PC: 13069 | Close file (See above)
2018-12-25T12:36:55.351315165Z 79 PC: 13083 | Find next file (See above)
2018-12-25T12:36:55.353839033Z 61 PC: 12f82 | Open file (See above)
2018-12-25T12:36:55.360926528Z 66 PC: 12f95 | Move file pointer (See above)
2018-12-25T12:36:55.362328664Z 63 PC: 12fa3 | Read file or device (See above)
2018-12-25T12:36:55.369696456Z 66 PC: 12fcf | Move file pointer (See above)
2018-12-25T12:36:55.37152901Z 63 PC: 12fdd | Read file or device (See above)
2018-12-25T12:36:55.374495536Z 66 PC: 13008 | Move file pointer (See above)
2018-12-25T12:36:55.376333182Z 64 PC: 13016 | Write file or device (See above)
2018-12-25T12:36:55.379104475Z 66 PC: 13026 | Move file pointer (See above)
2018-12-25T12:36:55.380396855Z 64 PC: 13034 | Write file or device (See above)
2018-12-25T12:36:55.383705458Z 64 PC: 1304d | Write file or device (See above)
2018-12-25T12:36:55.39293648Z 64 PC: 13060 | Write file or device (See above)
2018-12-25T12:36:55.395994282Z 62 PC: 13069 | Close file (See above)
2018-12-25T12:36:55.406067814Z 79 PC: 13083 | Find next file (See above)
2018-12-25T12:36:55.409236042Z 61 PC: 12f82 | Open file (See above)
2018-12-25T12:36:55.416702954Z 66 PC: 12f95 | Move file pointer (See above)
2018-12-25T12:36:55.420176141Z 63 PC: 12fa3 | Read file or device (See above)
2018-12-25T12:36:55.427566139Z 66 PC: 12fcf | Move file pointer (See above)
2018-12-25T12:36:55.429244656Z 63 PC: 12fdd | Read file or device (See above)
2018-12-25T12:36:55.433627413Z 66 PC: 13008 | Move file pointer (See above)
2018-12-25T12:36:55.436033072Z 64 PC: 13016 | Write file or device (See above)
2018-12-25T12:36:55.439409393Z 66 PC: 13026 | Move file pointer (See above)
2018-12-25T12:36:55.444042164Z 64 PC: 13034 | Write file or device (See above)
2018-12-25T12:36:55.447244861Z 64 PC: 1304d | Write file or device (See above)
2018-12-25T12:36:55.457087877Z 64 PC: 13060 | Write file or device (See above)
2018-12-25T12:36:55.459928226Z 62 PC: 13069 | Close file (See above)
2018-12-25T12:36:55.474952816Z 79 PC: 13083 | Find next file (See above)
2018-12-25T12:36:55.477341449Z 61 PC: 12f82 | Open file (See above)
2018-12-25T12:36:55.482254856Z 66 PC: 12f95 | Move file pointer (See above)
2018-12-25T12:36:55.484554294Z 63 PC: 12fa3 | Read file or device (See above)
2018-12-25T12:36:55.489081545Z 66 PC: 12fcf | Move file pointer (See above)
2018-12-25T12:36:55.490589561Z 63 PC: 12fdd | Read file or device (See above)
2018-12-25T12:36:55.494681422Z 66 PC: 13008 | Move file pointer (See above)
2018-12-25T12:36:55.496623962Z 64 PC: 13016 | Write file or device (See above)
2018-12-25T12:36:55.49997952Z 66 PC: 13026 | Move file pointer (See above)
2018-12-25T12:36:55.502801482Z 64 PC: 13034 | Write file or device (See above)
2018-12-25T12:36:55.506701922Z 64 PC: 1304d | Write file or device (See above)
2018-12-25T12:36:55.519457042Z 64 PC: 13060 | Write file or device (See above)
2018-12-25T12:36:55.523397045Z 62 PC: 13069 | Close file (See above)
2018-12-25T12:36:55.533456803Z 79 PC: 13083 | Find next file (See above)
2018-12-25T12:36:55.537338382Z 61 PC: 12f82 | Open file (See above)
2018-12-25T12:36:55.545142567Z 66 PC: 12f95 | Move file pointer (See above)
2018-12-25T12:36:55.548751603Z 63 PC: 12fa3 | Read file or device (See above)
2018-12-25T12:36:55.556445679Z 66 PC: 12fcf | Move file pointer (See above)
2018-12-25T12:36:55.558074631Z 63 PC: 12fdd | Read file or device (See above)
2018-12-25T12:36:55.562093035Z 66 PC: 13008 | Move file pointer (See above)
2018-12-25T12:36:55.56376669Z 64 PC: 13016 | Write file or device (See above)
2018-12-25T12:36:55.56673046Z 66 PC: 13026 | Move file pointer (See above)
2018-12-25T12:36:55.569421319Z 64 PC: 13034 | Write file or device (See above)
2018-12-25T12:36:55.572642686Z 64 PC: 1304d | Write file or device (See above)
2018-12-25T12:36:55.582722077Z 64 PC: 13060 | Write file or device (See above)
2018-12-25T12:36:55.586540347Z 62 PC: 13069 | Close file (See above)
2018-12-25T12:36:55.596584179Z 79 PC: 13083 | Find next file (See above)
2018-12-25T12:36:55.600072676Z 61 PC: 12f82 | Open file (See above)
2018-12-25T12:36:55.608039419Z 66 PC: 12f95 | Move file pointer (See above)
2018-12-25T12:36:55.610307471Z 63 PC: 12fa3 | Read file or device (See above)
2018-12-25T12:36:55.618399148Z 66 PC: 12fcf | Move file pointer (See above)
2018-12-25T12:36:55.620328009Z 63 PC: 12fdd | Read file or device (See above)
2018-12-25T12:36:55.625234527Z 66 PC: 13008 | Move file pointer (See above)
2018-12-25T12:36:55.627188194Z 64 PC: 13016 | Write file or device (See above)
2018-12-25T12:36:55.631088129Z 66 PC: 13026 | Move file pointer (See above)
2018-12-25T12:36:55.634217093Z 64 PC: 13034 | Write file or device (See above)
2018-12-25T12:36:55.637642754Z 64 PC: 1304d | Write file or device (See above)
2018-12-25T12:36:55.647536826Z 64 PC: 13060 | Write file or device (See above)
2018-12-25T12:36:55.652013457Z 62 PC: 13069 | Close file (See above)
2018-12-25T12:36:55.661884794Z 79 PC: 13083 | Find next file (See above)
2018-12-25T12:36:55.665572631Z 14 PC: 12e9f | Set default drive (Drive = 'C')
2018-12-25T12:36:55.66790846Z 25 PC: 12ea3 | Get default drive
2018-12-25T12:36:55.670185495Z 78 PC: 12f4a | Find first file (See above)
2018-12-25T12:36:55.676632878Z 61 PC: 12f82 | Open file (See above)
2018-12-25T12:36:55.684468298Z 66 PC: 12f95 | Move file pointer (See above)
2018-12-25T12:36:55.686387961Z 63 PC: 12fa3 | Read file or device (See above)
2018-12-25T12:36:55.690096737Z 66 PC: 12fcf | Move file pointer (See above)
2018-12-25T12:36:55.692291982Z 63 PC: 12fdd | Read file or device (See above)
2018-12-25T12:36:55.695790137Z 66 PC: 13008 | Move file pointer (See above)
2018-12-25T12:36:55.698352592Z 64 PC: 13016 | Write file or device (See above)
2018-12-25T12:36:55.702285958Z 66 PC: 13026 | Move file pointer (See above)
2018-12-25T12:36:55.705443331Z 64 PC: 13034 | Write file or device (See above)
2018-12-25T12:36:55.709504822Z 64 PC: 1304d | Write file or device (See above)
2018-12-25T12:36:56.413551317Z 64 PC: 13060 | Write file or device (See above)
2018-12-25T12:36:56.417262507Z 62 PC: 13069 | Close file (See above)
2018-12-25T12:36:56.426756985Z 79 PC: 13083 | Find next file (See above)
2018-12-25T12:36:56.430735199Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:56.432844489Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:56.434047129Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:56.435098805Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:56.436689574Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:56.437977925Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:56.438966834Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:56.441005594Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:56.444270447Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:56.445490428Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:56.446991872Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:56.448447235Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:56.450296199Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:56.453182187Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:56.455374699Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:56.457155865Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:56.459733112Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:56.461965422Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:56.463696612Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:56.466365801Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:56.468480747Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:56.470269339Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:56.47216781Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:56.475853463Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:56.477575578Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:56.479880023Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:56.483457038Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:56.485286023Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:56.487076902Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:56.488802183Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:56.48998019Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:56.491106324Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:56.49409315Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:56.496023258Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:56.497373899Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:56.499539952Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:56.500934278Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:56.502635334Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:56.505223556Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:56.506853297Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:56.508393368Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:56.511101993Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:56.512661842Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:56.514261671Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:56.516590891Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:56.518541489Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:56.520371074Z 26 PC: 12ee6 | Set disk transfer address
2018-12-25T12:36:56.522847713Z 37 PC: 12ef7 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:36:56.525043785Z 73 PC: 12f13 | Release memory
2018-12-25T12:36:56.531926186Z 14 PC: 12f23 | Set default drive (Drive = 'A')
2018-12-25T12:36:56.534176357Z 37 PC: 12f2d | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:36:56.536145211Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:36:56.54156718Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12902,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:36:55.298097168Z 25 PC: 12dcd | Get default drive
2018-12-25T12:36:55.300011615Z 42 PC: 12dd7 | Get date 0x12dd7: mov al, 1
0x12dd9: cmp dh, 0xc
0x12ddc: jne 0x12de0
0x12dde: mov al, 3
0x12de0: mov byte ptr [si + 0x10], al
0x12de3: mov ah, 0x35
0x12de5: mov al, 0x24
0x12de7: int 0x21
0x12de9: mov word ptr [si + 0xc], bx
0x12dec: mov word ptr [si + 0xe], es
0x12def: push cs
0x12df0: pop es
0x12df1: mov ah, 0x25
0x12df3: mov al, 0x24
0x12df5: nop
0x12df6: lea dx, word ptr [si + 0x9d]
0x12dfa: int 0x21
0x12dfc: mov ah, 0x4a
0x12dfe: mov bx, word ptr [0x103]
0x12e02: add bx, 0x4fa
2018-12-25T12:36:55.302242464Z 53 PC: 12de9 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:36:55.303519985Z 37 PC: 12dfc | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:36:55.305072318Z 74 PC: 12e0d | Reallocate memory
2018-12-25T12:36:55.30702862Z 72 PC: 12e14 | Allocate memory
2018-12-25T12:36:55.308599445Z 26 PC: 12e31 | Set disk transfer address
2018-12-25T12:36:55.30986757Z 53 PC: 12e38 | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:36:55.321238914Z 37 PC: 12e53 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:36:55.326113052Z 14 PC: 12e70 | Set default drive (Drive = 'A')
2018-12-25T12:36:55.327914832Z 78 PC: 12f4a | Find first file
2018-12-25T12:36:55.335132064Z 61 PC: 12f82 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:36:55.342377734Z 66 PC: 12f95 | Move file pointer
2018-12-25T12:36:55.343824348Z 63 PC: 12fa3 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:36:55.351709666Z 66 PC: 12fcf | Move file pointer
2018-12-25T12:36:55.353172141Z 63 PC: 12fdd | Read file or device (Read 5 bytes on handle 5)
2018-12-25T12:36:55.355621293Z 66 PC: 13008 | Move file pointer
2018-12-25T12:36:55.357116679Z 64 PC: 13016 | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:36:55.36343379Z 66 PC: 13026 | Move file pointer
2018-12-25T12:36:55.364837358Z 64 PC: 13034 | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:36:55.368930066Z 64 PC: 1304d | Write file or device (Write 1271 bytes on handle 5)
2018-12-25T12:36:55.385930152Z 64 PC: 13060 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:36:55.389084237Z 62 PC: 13069 | Close file
2018-12-25T12:36:55.398330136Z 79 PC: 13083 | Find next file
2018-12-25T12:36:55.402250048Z 61 PC: 12f82 | Open file (See above)
2018-12-25T12:36:55.410290339Z 66 PC: 12f95 | Move file pointer (See above)
2018-12-25T12:36:55.412257786Z 63 PC: 12fa3 | Read file or device (See above)
2018-12-25T12:36:55.421101447Z 66 PC: 12fcf | Move file pointer (See above)
2018-12-25T12:36:55.423047257Z 63 PC: 12fdd | Read file or device (See above)
2018-12-25T12:36:55.426260246Z 66 PC: 13008 | Move file pointer (See above)
2018-12-25T12:36:55.430149245Z 64 PC: 13016 | Write file or device (See above)
2018-12-25T12:36:55.433957061Z 66 PC: 13026 | Move file pointer (See above)
2018-12-25T12:36:55.436274137Z 64 PC: 13034 | Write file or device (See above)
2018-12-25T12:36:55.447849931Z 64 PC: 1304d | Write file or device (See above)
2018-12-25T12:36:55.457799115Z 64 PC: 13060 | Write file or device (See above)
2018-12-25T12:36:55.460850034Z 62 PC: 13069 | Close file (See above)
2018-12-25T12:36:55.475770233Z 79 PC: 13083 | Find next file (See above)
2018-12-25T12:36:55.480412985Z 61 PC: 12f82 | Open file (See above)
2018-12-25T12:36:55.487804794Z 66 PC: 12f95 | Move file pointer (See above)
2018-12-25T12:36:55.489728887Z 63 PC: 12fa3 | Read file or device (See above)
2018-12-25T12:36:55.496832695Z 66 PC: 12fcf | Move file pointer (See above)
2018-12-25T12:36:55.49837341Z 63 PC: 12fdd | Read file or device (See above)
2018-12-25T12:36:55.501226676Z 66 PC: 13008 | Move file pointer (See above)
2018-12-25T12:36:55.503092977Z 64 PC: 13016 | Write file or device (See above)
2018-12-25T12:36:55.506377782Z 66 PC: 13026 | Move file pointer (See above)
2018-12-25T12:36:55.508317755Z 64 PC: 13034 | Write file or device (See above)
2018-12-25T12:36:55.512189525Z 64 PC: 1304d | Write file or device (See above)
2018-12-25T12:36:55.522026194Z 64 PC: 13060 | Write file or device (See above)
2018-12-25T12:36:55.525524009Z 62 PC: 13069 | Close file (See above)
2018-12-25T12:36:55.534679586Z 79 PC: 13083 | Find next file (See above)
2018-12-25T12:36:55.536579312Z 61 PC: 12f82 | Open file (See above)
2018-12-25T12:36:55.541324403Z 66 PC: 12f95 | Move file pointer (See above)
2018-12-25T12:36:55.543208456Z 63 PC: 12fa3 | Read file or device (See above)
2018-12-25T12:36:55.548476743Z 66 PC: 12fcf | Move file pointer (See above)
2018-12-25T12:36:55.550509768Z 63 PC: 12fdd | Read file or device (See above)
2018-12-25T12:36:55.554534221Z 66 PC: 13008 | Move file pointer (See above)
2018-12-25T12:36:55.556741114Z 64 PC: 13016 | Write file or device (See above)
2018-12-25T12:36:55.560050069Z 66 PC: 13026 | Move file pointer (See above)
2018-12-25T12:36:55.562252893Z 64 PC: 13034 | Write file or device (See above)
2018-12-25T12:36:55.565998078Z 64 PC: 1304d | Write file or device (See above)
2018-12-25T12:36:55.575342615Z 64 PC: 13060 | Write file or device (See above)
2018-12-25T12:36:55.57781587Z 62 PC: 13069 | Close file (See above)
2018-12-25T12:36:55.58398314Z 79 PC: 13083 | Find next file (See above)
2018-12-25T12:36:55.586033002Z 61 PC: 12f82 | Open file (See above)
2018-12-25T12:36:55.590680444Z 66 PC: 12f95 | Move file pointer (See above)
2018-12-25T12:36:55.593084219Z 63 PC: 12fa3 | Read file or device (See above)
2018-12-25T12:36:55.597796194Z 66 PC: 12fcf | Move file pointer (See above)
2018-12-25T12:36:55.598952928Z 63 PC: 12fdd | Read file or device (See above)
2018-12-25T12:36:55.601199733Z 66 PC: 13008 | Move file pointer (See above)
2018-12-25T12:36:55.602326804Z 64 PC: 13016 | Write file or device (See above)
2018-12-25T12:36:55.604335733Z 66 PC: 13026 | Move file pointer (See above)
2018-12-25T12:36:55.606055427Z 64 PC: 13034 | Write file or device (See above)
2018-12-25T12:36:55.60820824Z 64 PC: 1304d | Write file or device (See above)
2018-12-25T12:36:55.61441209Z 64 PC: 13060 | Write file or device (See above)
2018-12-25T12:36:55.617023277Z 62 PC: 13069 | Close file (See above)
2018-12-25T12:36:55.624992112Z 79 PC: 13083 | Find next file (See above)
2018-12-25T12:36:55.627992138Z 61 PC: 12f82 | Open file (See above)
2018-12-25T12:36:55.635399559Z 66 PC: 12f95 | Move file pointer (See above)
2018-12-25T12:36:55.636677069Z 63 PC: 12fa3 | Read file or device (See above)
2018-12-25T12:36:55.641000195Z 66 PC: 12fcf | Move file pointer (See above)
2018-12-25T12:36:55.642848556Z 63 PC: 12fdd | Read file or device (See above)
2018-12-25T12:36:55.644762753Z 66 PC: 13008 | Move file pointer (See above)
2018-12-25T12:36:55.645929228Z 64 PC: 13016 | Write file or device (See above)
2018-12-25T12:36:55.648622719Z 66 PC: 13026 | Move file pointer (See above)
2018-12-25T12:36:55.649824869Z 64 PC: 13034 | Write file or device (See above)
2018-12-25T12:36:55.651966571Z 64 PC: 1304d | Write file or device (See above)
2018-12-25T12:36:55.658510061Z 64 PC: 13060 | Write file or device (See above)
2018-12-25T12:36:55.661738954Z 62 PC: 13069 | Close file (See above)
2018-12-25T12:36:55.672854816Z 79 PC: 13083 | Find next file (See above)
2018-12-25T12:36:55.683061317Z 61 PC: 12f82 | Open file (See above)
2018-12-25T12:36:55.689753334Z 66 PC: 12f95 | Move file pointer (See above)
2018-12-25T12:36:55.691436337Z 63 PC: 12fa3 | Read file or device (See above)
2018-12-25T12:36:55.697453894Z 66 PC: 12fcf | Move file pointer (See above)
2018-12-25T12:36:55.699692765Z 63 PC: 12fdd | Read file or device (See above)
2018-12-25T12:36:55.702291729Z 66 PC: 13008 | Move file pointer (See above)
2018-12-25T12:36:55.703583108Z 64 PC: 13016 | Write file or device (See above)
2018-12-25T12:36:55.706509989Z 66 PC: 13026 | Move file pointer (See above)
2018-12-25T12:36:55.707902135Z 64 PC: 13034 | Write file or device (See above)
2018-12-25T12:36:55.71001988Z 64 PC: 1304d | Write file or device (See above)
2018-12-25T12:36:55.716907194Z 64 PC: 13060 | Write file or device (See above)
2018-12-25T12:36:55.71993345Z 62 PC: 13069 | Close file (See above)
2018-12-25T12:36:55.914941765Z 79 PC: 13083 | Find next file (See above)
2018-12-25T12:36:55.923273815Z 14 PC: 12e9f | Set default drive (Drive = 'C')
2018-12-25T12:36:55.925444486Z 25 PC: 12ea3 | Get default drive
2018-12-25T12:36:55.92655153Z 78 PC: 12f4a | Find first file (See above)
2018-12-25T12:36:55.933409602Z 61 PC: 12f82 | Open file (See above)
2018-12-25T12:36:55.940568844Z 66 PC: 12f95 | Move file pointer (See above)
2018-12-25T12:36:55.941950768Z 63 PC: 12fa3 | Read file or device (See above)
2018-12-25T12:36:55.946212366Z 66 PC: 12fcf | Move file pointer (See above)
2018-12-25T12:36:55.94852863Z 63 PC: 12fdd | Read file or device (See above)
2018-12-25T12:36:55.951676752Z 66 PC: 13008 | Move file pointer (See above)
2018-12-25T12:36:55.953453129Z 64 PC: 13016 | Write file or device (See above)
2018-12-25T12:36:55.956913477Z 66 PC: 13026 | Move file pointer (See above)
2018-12-25T12:36:55.958429566Z 64 PC: 13034 | Write file or device (See above)
2018-12-25T12:36:55.961937606Z 64 PC: 1304d | Write file or device (See above)
2018-12-25T12:36:56.414339531Z 64 PC: 13060 | Write file or device (See above)
2018-12-25T12:36:56.418164036Z 62 PC: 13069 | Close file (See above)
2018-12-25T12:36:56.42752505Z 79 PC: 13083 | Find next file (See above)
2018-12-25T12:36:56.431715538Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:56.433903262Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:56.435570726Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:56.438192109Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:56.44013327Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:56.441857308Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:56.443481768Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:56.445866496Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:56.447225276Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:56.450793046Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:56.453021836Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:56.454504626Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:56.455933358Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:56.458339824Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:56.460825713Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:56.464136033Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:56.466807248Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:56.468381862Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:56.470101603Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:56.472667855Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:56.474238649Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:56.475847881Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:56.478024965Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:56.47970437Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:56.481283269Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:56.483505831Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:56.485083308Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:56.486722352Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:56.489405494Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:56.491073494Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:56.492628867Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:56.495055526Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:56.496898898Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:56.498525978Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:56.500831736Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:56.50235708Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:56.503899181Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:56.505740296Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:56.507835199Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:56.509552126Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:56.51137241Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:56.51394376Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:56.515568841Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:56.517335013Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:56.520132929Z 14 PC: 12e9f | Set default drive (See above)
2018-12-25T12:36:56.521894795Z 25 PC: 12ea3 | Get default drive (See above)
2018-12-25T12:36:56.525408626Z 26 PC: 12ee6 | Set disk transfer address
2018-12-25T12:36:56.527740966Z 37 PC: 12ef7 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:36:56.529162103Z 73 PC: 12f13 | Release memory
2018-12-25T12:36:56.530630906Z 14 PC: 12f23 | Set default drive (Drive = 'A')
2018-12-25T12:36:56.533051338Z 37 PC: 12f2d | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:36:56.534290241Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:36:56.538636772Z 76 PC: 12a86 | Terminate with return code (Return code = '36')