Sample viewer

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16071,"SideJobID":0}

.

GIF

Syscalls:

{"DateBased":true,"Day":3,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16071,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:45:16.511517637Z	171	PC: 12b9a | UNKNOWN!
2018-12-25T12:45:16.513261633Z	53	PC: 12c15 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:45:16.520619188Z	53	PC: 9f609 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:45:16.521790065Z	37	PC: 9f620 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:45:16.52432365Z	47	PC: 9f625 | Get disk transfer address
2018-12-25T12:45:16.525334993Z	26	PC: 9f63c | Set disk transfer address
2018-12-25T12:45:16.526310154Z	78	PC: 9f647 | Find first file
2018-12-25T12:45:16.533105677Z	67	PC: 9f64e | Get or set file attributes
2018-12-25T12:45:17.51223573Z	61	PC: 9f658 | Open file (Filename = '�;�7ۅ��Z�¸��,a�Cs��i���vm(u��0�g�H���,�� b�y���Y{v��T_���<�E�)��<�)L[#Z���1�5/��O���6ٯV�~`Tи�� �')
2018-12-25T12:45:17.519212138Z	63	PC: 9f66b | Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:45:17.525471543Z	66	PC: 9f78d | Move file pointer
2018-12-25T12:45:17.527219376Z	64	PC: 9f796 | Write file or device (Write 1853 bytes on handle 5)
2018-12-25T12:45:17.537490468Z	66	PC: 9f79f | Move file pointer
2018-12-25T12:45:17.540385658Z	64	PC: 9f7b7 | Write file or device (Write 26 bytes on handle 5)
2018-12-25T12:45:17.544245054Z	87	PC: 9f7c4 | Get or set file date and time
2018-12-25T12:45:17.546746008Z	62	PC: 9f7c8 | Close file
2018-12-25T12:45:17.554632688Z	67	PC: 9f7d6 | Get or set file attributes
2018-12-25T12:45:17.564769294Z	26	PC: 9f7e4 | Set disk transfer address
2018-12-25T12:45:17.565997404Z	37	PC: 9f7f3 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:45:17.567240025Z	171	PC: 12c94 | UNKNOWN!
2018-12-25T12:45:17.56843041Z	42	PC: 12ba7 | Get date 0x12ba7: cmp dx, 0x203 0x12bab: jne 0x12bda 0x12bad: mov ah, 0x2b 0x12baf: inc dl 0x12bb1: int 0x21 0x12bb3: push es 0x12bb4: push cs 0x12bb5: pop ax 0x12bb6: mov ds, ax 0x12bb8: mov es, ax 0x12bba: mov ah, 9 0x12bbc: lea dx, word ptr [bp + 0x49c] 0x12bc0: int 0x21 0x12bc2: mov ax, 0x1100 0x12bc5: mov bx, 0x1000 0x12bc8: mov cx, 1 0x12bcb: mov dx, 0x64 0x12bce: lea bp, word ptr [bp + 0x677] 0x12bd2: int 0x10 0x12bd4: pop es
2018-12-25T12:45:17.571106621Z	43	PC: 12bb3 | Set date
2018-12-25T12:45:17.574556756Z	9	PC: 12bc2 | Display string (Could not find end pointer)
2018-12-25T12:45:17.595411416Z	76	PC: 12bda | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16071,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:45:16.592693349Z	171	PC: 12b9a | UNKNOWN!
2018-12-25T12:45:16.593882056Z	53	PC: 12c15 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:45:16.595357116Z	53	PC: 9f609 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:45:16.59653149Z	37	PC: 9f620 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:45:16.598037935Z	47	PC: 9f625 | Get disk transfer address
2018-12-25T12:45:16.599314473Z	26	PC: 9f63c | Set disk transfer address
2018-12-25T12:45:16.600846611Z	78	PC: 9f647 | Find first file
2018-12-25T12:45:16.60737678Z	67	PC: 9f64e | Get or set file attributes
2018-12-25T12:45:17.453917021Z	61	PC: 9f658 | Open file (Filename = '�;�7ۅ��Z�¸��,a�Cs��i���vm(u��0�g�H���,�� b�y���Y{v��T_���<�E�)��<�)L[#Z���1�5/��O���6ٯV�~`Tи�� �')
2018-12-25T12:45:17.458592787Z	63	PC: 9f66b | Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:45:17.461458183Z	66	PC: 9f78d | Move file pointer
2018-12-25T12:45:17.463127122Z	64	PC: 9f796 | Write file or device (Write 1853 bytes on handle 5)
2018-12-25T12:45:17.474168375Z	66	PC: 9f79f | Move file pointer
2018-12-25T12:45:17.475567622Z	64	PC: 9f7b7 | Write file or device (Write 26 bytes on handle 5)
2018-12-25T12:45:17.479435919Z	87	PC: 9f7c4 | Get or set file date and time
2018-12-25T12:45:17.480958653Z	62	PC: 9f7c8 | Close file
2018-12-25T12:45:17.489092258Z	67	PC: 9f7d6 | Get or set file attributes
2018-12-25T12:45:17.499816949Z	26	PC: 9f7e4 | Set disk transfer address
2018-12-25T12:45:17.501052971Z	37	PC: 9f7f3 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:45:17.502075658Z	171	PC: 12c94 | UNKNOWN!
2018-12-25T12:45:17.50317185Z	42	PC: 12ba7 | Get date 0x12ba7: cmp dx, 0x203 0x12bab: jne 0x12bda 0x12bad: mov ah, 0x2b 0x12baf: inc dl 0x12bb1: int 0x21 0x12bb3: push es 0x12bb4: push cs 0x12bb5: pop ax 0x12bb6: mov ds, ax 0x12bb8: mov es, ax 0x12bba: mov ah, 9 0x12bbc: lea dx, word ptr [bp + 0x49c] 0x12bc0: int 0x21 0x12bc2: mov ax, 0x1100 0x12bc5: mov bx, 0x1000 0x12bc8: mov cx, 1 0x12bcb: mov dx, 0x64 0x12bce: lea bp, word ptr [bp + 0x677] 0x12bd2: int 0x10 0x12bd4: pop es
2018-12-25T12:45:17.50562024Z	9	PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:45:17.511575669Z	76	PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":3,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16071,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:45:16.741787665Z	171	PC: 12b9a | UNKNOWN!
2018-12-25T12:45:16.743253583Z	53	PC: 12c15 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:45:16.744220529Z	53	PC: 9f609 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:45:16.745009608Z	37	PC: 9f620 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:45:16.745964158Z	47	PC: 9f625 | Get disk transfer address
2018-12-25T12:45:16.747570352Z	26	PC: 9f63c | Set disk transfer address
2018-12-25T12:45:16.748547605Z	78	PC: 9f647 | Find first file
2018-12-25T12:45:16.752208791Z	67	PC: 9f64e | Get or set file attributes
2018-12-25T12:45:17.513231518Z	61	PC: 9f658 | Open file (Filename = '�;�7ۅ��Z�¸��,a�Cs��i���vm(u��0�g�H���,�� b�y���Y{v��T_���<�E�)��<�)L[#Z���1�5/��O���6ٯV�~`Tи�� �')
2018-12-25T12:45:17.520163483Z	63	PC: 9f66b | Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:45:17.5230445Z	66	PC: 9f78d | Move file pointer
2018-12-25T12:45:17.525416948Z	64	PC: 9f796 | Write file or device (Write 1853 bytes on handle 5)
2018-12-25T12:45:17.535327077Z	66	PC: 9f79f | Move file pointer
2018-12-25T12:45:17.537051118Z	64	PC: 9f7b7 | Write file or device (Write 26 bytes on handle 5)
2018-12-25T12:45:17.542093745Z	87	PC: 9f7c4 | Get or set file date and time
2018-12-25T12:45:17.543694226Z	62	PC: 9f7c8 | Close file
2018-12-25T12:45:17.550665113Z	67	PC: 9f7d6 | Get or set file attributes
2018-12-25T12:45:17.561288659Z	26	PC: 9f7e4 | Set disk transfer address
2018-12-25T12:45:17.562749156Z	37	PC: 9f7f3 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:45:17.564140091Z	171	PC: 12c94 | UNKNOWN!
2018-12-25T12:45:17.565845218Z	42	PC: 12ba7 | Get date 0x12ba7: cmp dx, 0x203 0x12bab: jne 0x12bda 0x12bad: mov ah, 0x2b 0x12baf: inc dl 0x12bb1: int 0x21 0x12bb3: push es 0x12bb4: push cs 0x12bb5: pop ax 0x12bb6: mov ds, ax 0x12bb8: mov es, ax 0x12bba: mov ah, 9 0x12bbc: lea dx, word ptr [bp + 0x49c] 0x12bc0: int 0x21 0x12bc2: mov ax, 0x1100 0x12bc5: mov bx, 0x1000 0x12bc8: mov cx, 1 0x12bcb: mov dx, 0x64 0x12bce: lea bp, word ptr [bp + 0x677] 0x12bd2: int 0x10 0x12bd4: pop es
2018-12-25T12:45:17.568787633Z	43	PC: 12bb3 | Set date
2018-12-25T12:45:17.572274342Z	9	PC: 12bc2 | Display string (Could not find end pointer)
2018-12-25T12:45:17.59103727Z	76	PC: 12bda | Terminate with return code (Return code = '0')