Sample viewer

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":16246,"SideJobID":0}

.

GIF

Syscalls:

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":16246,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:45:59.295253035Z	221	PC: 12b96 | UNKNOWN!
2018-12-25T12:45:59.296388508Z	53	PC: 12ba5 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:45:59.297404711Z	53	PC: 12bb2 | Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:45:59.29834516Z	53	PC: 12bbf | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:45:59.299695356Z	37	PC: 12bfc | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:45:59.300732609Z	44	PC: 9ec97 | Get time 0x9ec97: cmp ch, 0 0x9ec9a: jne 0x9eca1 0x9ec9c: mov dx, 0x236 0x9ec9f: jmp dx 0x9eca1: cmp cl, 0 0x9eca4: jne 0x9ecab 0x9eca6: mov ax, 0x2a1 0x9eca9: jmp ax 0x9ecab: mov ah, 0x2a 0x9ecad: int 0x21 0x9ecaf: cmp al, 6 0x9ecb1: je 0x9ec3a 0x9ecb3: pop dx 0x9ecb4: pop cx 0x9ecb5: pop ax 0x9ecb6: popf 0x9ecb7: ljmp 0x19:0x40f8 0x9ecbc: ljmp ptr cs:[0x378] 0x9ecc1: ret 0x9ecc2: push bp

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":16246,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:45:59.509404771Z	221	PC: 12b96 | UNKNOWN!
2018-12-25T12:45:59.510682607Z	53	PC: 12ba5 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:45:59.511722388Z	53	PC: 12bb2 | Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:45:59.512742675Z	53	PC: 12bbf | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:45:59.514178991Z	37	PC: 12bfc | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:45:59.515095182Z	44	PC: 9ec97 | Get time 0x9ec97: cmp ch, 0 0x9ec9a: jne 0x9eca1 0x9ec9c: mov dx, 0x236 0x9ec9f: jmp dx 0x9eca1: cmp cl, 0 0x9eca4: jne 0x9ecab 0x9eca6: mov ax, 0x2a1 0x9eca9: jmp ax 0x9ecab: mov ah, 0x2a 0x9ecad: int 0x21 0x9ecaf: cmp al, 6 0x9ecb1: je 0x9ec3a 0x9ecb3: pop dx 0x9ecb4: pop cx 0x9ecb5: pop ax 0x9ecb6: popf 0x9ecb7: ljmp 0x19:0x40f8 0x9ecbc: ljmp ptr cs:[0x378] 0x9ecc1: ret 0x9ecc2: push bp

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":1,"Min":0,"Second":0,"TimeBased":true,"OriginalID":16246,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:45:59.898191026Z	221	PC: 12b96 | UNKNOWN!
2018-12-25T12:45:59.899169355Z	53	PC: 12ba5 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:45:59.900124401Z	53	PC: 12bb2 | Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:45:59.901022148Z	53	PC: 12bbf | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:45:59.902447271Z	37	PC: 12bfc | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:45:59.903436497Z	44	PC: 9ec97 | Get time 0x9ec97: cmp ch, 0 0x9ec9a: jne 0x9eca1 0x9ec9c: mov dx, 0x236 0x9ec9f: jmp dx 0x9eca1: cmp cl, 0 0x9eca4: jne 0x9ecab 0x9eca6: mov ax, 0x2a1 0x9eca9: jmp ax 0x9ecab: mov ah, 0x2a 0x9ecad: int 0x21 0x9ecaf: cmp al, 6 0x9ecb1: je 0x9ec3a 0x9ecb3: pop dx 0x9ecb4: pop cx 0x9ecb5: pop ax 0x9ecb6: popf 0x9ecb7: ljmp 0x19:0x40f8 0x9ecbc: ljmp ptr cs:[0x378] 0x9ecc1: ret 0x9ecc2: push bp
2018-12-25T12:45:59.905333206Z	37	PC: 12c04 | Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:45:59.906660254Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:45:59.908568063Z	37	PC: 12c0c | Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:45:59.909473294Z	9	PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:45:59.914853061Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:45:59.916756327Z	76	PC: 12a86 | Terminate with return code (Return code = '36')
2018-12-25T12:45:59.919503118Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:45:59.92173458Z	77	PC: 11fe0 | Get program return code
2018-12-25T12:45:59.922817464Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:45:59.924593848Z	72	PC: 12174 | Allocate memory
2018-12-25T12:45:59.926455296Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:45:59.928355323Z	72	PC: 1218d | Allocate memory
2018-12-25T12:45:59.930204729Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:45:59.932346779Z	37	PC: 123c4 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:45:59.93340525Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:45:59.935268609Z	37	PC: 123cb | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:45:59.936409148Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:45:59.938543339Z	37	PC: 123d2 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:45:59.939464817Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:45:59.941428474Z	62	PC: 122ab | Close file
2018-12-25T12:45:59.942926015Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:45:59.944854514Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:45:59.946286188Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:45:59.948413933Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:45:59.94963619Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:45:59.951573591Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:45:59.953156884Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:45:59.955063749Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:45:59.956543448Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:45:59.958650221Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:45:59.960636858Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:45:59.962672162Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:45:59.964040366Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:45:59.965942226Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:45:59.967297109Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:45:59.969311063Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:45:59.970638726Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:45:59.972761853Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:45:59.974467945Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:45:59.976865846Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:45:59.978197761Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:45:59.982410724Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:45:59.983720565Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:45:59.985679274Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:45:59.988090175Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:45:59.990101612Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:45:59.991372123Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:45:59.99379294Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:45:59.996305417Z	61	PC: 9ef04 | Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T12:46:00.002231593Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:00.004373326Z	87	PC: 9ef0d | Get or set file date and time
2018-12-25T12:46:00.00555636Z	62	PC: 9ee86 | Close file
2018-12-25T12:46:00.007004766Z	61	PC: 9ee95 | Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T12:46:00.01272915Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:00.014694023Z	66	PC: 12372 | Move file pointer
2018-12-25T12:46:00.015818024Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:00.017907091Z	63	PC: 12383 | Read file or device (Read 44693 bytes on handle 5)
2018-12-25T12:46:00.030916147Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:00.032745951Z	62	PC: 1238a | Close file
2018-12-25T12:46:00.035912978Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:00.037877789Z	99	PC: 99317 | Get DBCS lead byte table pointer
2018-12-25T12:46:00.039069078Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:00.041173331Z	56	PC: 93b39 | Get or set country info
2018-12-25T12:46:00.042801381Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:00.044673947Z	64	PC: 99588 | Write file or device (Write 2 bytes on handle 1)
2018-12-25T12:46:00.04924354Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:00.051193416Z	25	PC: 93ba2 | Get default drive
2018-12-25T12:46:00.052575634Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:00.054790252Z	71	PC: 95e1d | Get current directory
2018-12-25T12:46:00.058372543Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:00.060190077Z	64	PC: 99588 | Write file or device (See above)
2018-12-25T12:46:00.063343123Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:00.065296574Z	2	PC: 95df2 | Character output (Char = '3e')
2018-12-25T12:46:00.067311497Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:00.06965868Z	93	PC: 93c60 | File sharing functions
2018-12-25T12:46:00.071074415Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:00.072883737Z	93	PC: 93c67 | File sharing functions
2018-12-25T12:46:00.074820736Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:00.07660288Z	10	PC: 93c79 | Buffered keyboard input

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":1,"Min":0,"Second":0,"TimeBased":true,"OriginalID":16246,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:46:02.678552115Z	221	PC: 12b96 | UNKNOWN!
2018-12-25T12:46:02.679529285Z	53	PC: 12ba5 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:46:02.680503973Z	53	PC: 12bb2 | Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:46:02.681416256Z	53	PC: 12bbf | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:46:02.682764182Z	37	PC: 12bfc | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:46:02.683738048Z	44	PC: 9ec97 | Get time 0x9ec97: cmp ch, 0 0x9ec9a: jne 0x9eca1 0x9ec9c: mov dx, 0x236 0x9ec9f: jmp dx 0x9eca1: cmp cl, 0 0x9eca4: jne 0x9ecab 0x9eca6: mov ax, 0x2a1 0x9eca9: jmp ax 0x9ecab: mov ah, 0x2a 0x9ecad: int 0x21 0x9ecaf: cmp al, 6 0x9ecb1: je 0x9ec3a 0x9ecb3: pop dx 0x9ecb4: pop cx 0x9ecb5: pop ax 0x9ecb6: popf 0x9ecb7: ljmp 0x19:0x40f8 0x9ecbc: ljmp ptr cs:[0x378] 0x9ecc1: ret 0x9ecc2: push bp
2018-12-25T12:46:02.685622371Z	37	PC: 12c04 | Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:46:02.686902408Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:02.688863494Z	37	PC: 12c0c | Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:46:02.689918609Z	9	PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:46:02.695367559Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:02.697309721Z	76	PC: 12a86 | Terminate with return code (Return code = '36')
2018-12-25T12:46:02.700195904Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:02.702426751Z	77	PC: 11fe0 | Get program return code
2018-12-25T12:46:02.703488598Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:02.705279552Z	72	PC: 12174 | Allocate memory
2018-12-25T12:46:02.707073106Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:02.708992459Z	72	PC: 1218d | Allocate memory
2018-12-25T12:46:02.710873011Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:02.712981562Z	37	PC: 123c4 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:46:02.713970255Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:02.71570024Z	37	PC: 123cb | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:46:02.716816868Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:02.718713615Z	37	PC: 123d2 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:46:02.719654897Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:02.721755491Z	62	PC: 122ab | Close file
2018-12-25T12:46:02.722800204Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:02.724107905Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:46:02.725391215Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:02.726936624Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:46:02.727885795Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:02.729482496Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:46:02.730464687Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:02.731745955Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:46:02.733052817Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:02.734409228Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:46:02.735334495Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:02.736917393Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:46:02.737901583Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:02.739510039Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:46:02.740705832Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:02.742046168Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:46:02.742953366Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:02.744290188Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:46:02.745637402Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:02.747103736Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:46:02.748177135Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:02.74990419Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:46:02.750931927Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:02.75251768Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:46:02.753768154Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:02.755365016Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:46:02.756528293Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:02.758924746Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:46:02.760925483Z	61	PC: 9ef04 | Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T12:46:02.76581839Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:02.767603514Z	87	PC: 9ef0d | Get or set file date and time
2018-12-25T12:46:02.768583176Z	62	PC: 9ee86 | Close file
2018-12-25T12:46:02.770041865Z	61	PC: 9ee95 | Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T12:46:02.773886735Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:02.775172056Z	66	PC: 12372 | Move file pointer
2018-12-25T12:46:02.776155359Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:02.778243035Z	63	PC: 12383 | Read file or device (Read 44693 bytes on handle 5)
2018-12-25T12:46:02.790073921Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:02.792104902Z	62	PC: 1238a | Close file
2018-12-25T12:46:02.795135528Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:02.796990359Z	99	PC: 99317 | Get DBCS lead byte table pointer
2018-12-25T12:46:02.798324009Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:02.800343118Z	56	PC: 93b39 | Get or set country info
2018-12-25T12:46:02.801967176Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:02.803990433Z	64	PC: 99588 | Write file or device (Write 2 bytes on handle 1)
2018-12-25T12:46:02.81235116Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:02.814295293Z	25	PC: 93ba2 | Get default drive
2018-12-25T12:46:02.815905768Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:02.818019618Z	71	PC: 95e1d | Get current directory
2018-12-25T12:46:02.821531245Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:02.824381044Z	64	PC: 99588 | Write file or device (See above)
2018-12-25T12:46:02.827529803Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:02.82944217Z	2	PC: 95df2 | Character output (Char = '3e')
2018-12-25T12:46:02.83157426Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:02.833499783Z	93	PC: 93c60 | File sharing functions
2018-12-25T12:46:02.834833002Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:02.836636764Z	93	PC: 93c67 | File sharing functions
2018-12-25T12:46:02.838187865Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:02.839914066Z	10	PC: 93c79 | Buffered keyboard input

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":1,"Min":0,"Second":0,"TimeBased":true,"OriginalID":16246,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:46:02.944533043Z	221	PC: 12b96 | UNKNOWN!
2018-12-25T12:46:02.945469763Z	53	PC: 12ba5 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:46:02.94641213Z	53	PC: 12bb2 | Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:46:02.947361316Z	53	PC: 12bbf | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:46:02.948703456Z	37	PC: 12bfc | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:46:02.949664429Z	44	PC: 9ec97 | Get time 0x9ec97: cmp ch, 0 0x9ec9a: jne 0x9eca1 0x9ec9c: mov dx, 0x236 0x9ec9f: jmp dx 0x9eca1: cmp cl, 0 0x9eca4: jne 0x9ecab 0x9eca6: mov ax, 0x2a1 0x9eca9: jmp ax 0x9ecab: mov ah, 0x2a 0x9ecad: int 0x21 0x9ecaf: cmp al, 6 0x9ecb1: je 0x9ec3a 0x9ecb3: pop dx 0x9ecb4: pop cx 0x9ecb5: pop ax 0x9ecb6: popf 0x9ecb7: ljmp 0x19:0x40f8 0x9ecbc: ljmp ptr cs:[0x378] 0x9ecc1: ret 0x9ecc2: push bp
2018-12-25T12:46:02.951439591Z	37	PC: 12c04 | Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:46:02.952719898Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:02.954625568Z	37	PC: 12c0c | Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:46:02.955617537Z	9	PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:46:02.961025091Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:02.962939924Z	76	PC: 12a86 | Terminate with return code (Return code = '36')
2018-12-25T12:46:02.965695099Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:02.96783861Z	77	PC: 11fe0 | Get program return code
2018-12-25T12:46:02.968919563Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:02.970715921Z	72	PC: 12174 | Allocate memory
2018-12-25T12:46:02.972530676Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:02.973944282Z	72	PC: 1218d | Allocate memory
2018-12-25T12:46:02.975282422Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:02.976883108Z	37	PC: 123c4 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:46:02.977702624Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:02.978980644Z	37	PC: 123cb | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:46:02.980072613Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:02.981405842Z	37	PC: 123d2 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:46:02.982163501Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:02.983852996Z	62	PC: 122ab | Close file
2018-12-25T12:46:02.984838427Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:02.986111805Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:46:02.987399489Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:02.989361364Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:46:02.990541132Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:02.99271598Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:46:02.994099179Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:02.995908435Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:46:02.997212057Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:02.999379791Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:46:03.000725344Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:03.003279003Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:46:03.004648378Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:03.006170863Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:46:03.007429252Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:03.009219506Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:46:03.010251018Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:03.011912812Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:46:03.013192558Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:03.014752027Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:46:03.015934353Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:03.017707228Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:46:03.018827359Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:03.020466862Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:46:03.021935205Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:03.023824674Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:46:03.025206265Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:03.027825546Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:46:03.030288461Z	61	PC: 9ef04 | Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T12:46:03.03630905Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:03.03788878Z	87	PC: 9ef0d | Get or set file date and time
2018-12-25T12:46:03.038731501Z	62	PC: 9ee86 | Close file
2018-12-25T12:46:03.039906458Z	61	PC: 9ee95 | Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T12:46:03.043671859Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:03.045015993Z	66	PC: 12372 | Move file pointer
2018-12-25T12:46:03.046039473Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:03.047561983Z	63	PC: 12383 | Read file or device (Read 44693 bytes on handle 5)
2018-12-25T12:46:03.055581213Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:03.056970366Z	62	PC: 1238a | Close file
2018-12-25T12:46:03.060090252Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:03.062027942Z	99	PC: 99317 | Get DBCS lead byte table pointer
2018-12-25T12:46:03.063214889Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:03.065379073Z	56	PC: 93b39 | Get or set country info
2018-12-25T12:46:03.06714912Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:03.069215361Z	64	PC: 99588 | Write file or device (Write 2 bytes on handle 1)
2018-12-25T12:46:03.074410839Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:03.076328504Z	25	PC: 93ba2 | Get default drive
2018-12-25T12:46:03.077834328Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:03.079966804Z	71	PC: 95e1d | Get current directory
2018-12-25T12:46:03.083561377Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:03.085538885Z	64	PC: 99588 | Write file or device (See above)
2018-12-25T12:46:03.088656964Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:03.090582471Z	2	PC: 95df2 | Character output (Char = '3e')
2018-12-25T12:46:03.093368355Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:03.095469128Z	93	PC: 93c60 | File sharing functions
2018-12-25T12:46:03.096854465Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:03.09874587Z	93	PC: 93c67 | File sharing functions
2018-12-25T12:46:03.100446357Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:03.102220153Z	10	PC: 93c79 | Buffered keyboard input

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":1,"Min":1,"Second":0,"TimeBased":true,"OriginalID":16246,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:46:03.854267173Z	221	PC: 12b96 | UNKNOWN!
2018-12-25T12:46:03.855219145Z	53	PC: 12ba5 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:46:03.856222221Z	53	PC: 12bb2 | Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:46:03.857202132Z	53	PC: 12bbf | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:46:03.858678033Z	37	PC: 12bfc | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:46:03.859666028Z	44	PC: 9ec97 | Get time 0x9ec97: cmp ch, 0 0x9ec9a: jne 0x9eca1 0x9ec9c: mov dx, 0x236 0x9ec9f: jmp dx 0x9eca1: cmp cl, 0 0x9eca4: jne 0x9ecab 0x9eca6: mov ax, 0x2a1 0x9eca9: jmp ax 0x9ecab: mov ah, 0x2a 0x9ecad: int 0x21 0x9ecaf: cmp al, 6 0x9ecb1: je 0x9ec3a 0x9ecb3: pop dx 0x9ecb4: pop cx 0x9ecb5: pop ax 0x9ecb6: popf 0x9ecb7: ljmp 0x19:0x40f8 0x9ecbc: ljmp ptr cs:[0x378] 0x9ecc1: ret 0x9ecc2: push bp
2018-12-25T12:46:03.861513588Z	42	PC: 9ecaf | Get date 0x9ecaf: cmp al, 6 0x9ecb1: je 0x9ec3a 0x9ecb3: pop dx 0x9ecb4: pop cx 0x9ecb5: pop ax 0x9ecb6: popf 0x9ecb7: ljmp 0x19:0x40f8 0x9ecbc: ljmp ptr cs:[0x378] 0x9ecc1: ret 0x9ecc2: push bp 0x9ecc3: mov bp, 0x585 0x9ecc6: jmp bp 0x9ecc8: push bp 0x9ecc9: mov bp, 0x3fa 0x9eccc: jmp bp 0x9ecce: popf 0x9eccf: mov ax, 0x3d33 0x9ecd2: iret 0x9ecd3: popf 0x9ecd4: pushf
2018-12-25T12:46:03.863681155Z	37	PC: 12c04 | Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:46:03.864730037Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:03.866622676Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:03.868809064Z	37	PC: 12c0c | Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:46:03.86983127Z	9	PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:46:03.874945337Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:03.876978435Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:03.879052829Z	76	PC: 12a86 | Terminate with return code (Return code = '36')
2018-12-25T12:46:03.881794177Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:03.883587121Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:03.885563581Z	77	PC: 11fe0 | Get program return code
2018-12-25T12:46:03.886460306Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:03.888250288Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:03.890498582Z	72	PC: 12174 | Allocate memory
2018-12-25T12:46:03.891981198Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:03.893791896Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:03.896001646Z	72	PC: 1218d | Allocate memory
2018-12-25T12:46:03.89727716Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:03.898543886Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:03.90021188Z	37	PC: 123c4 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:46:03.900925688Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:03.90217576Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:03.903826793Z	37	PC: 123cb | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:46:03.90484576Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:03.906071812Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:03.907708683Z	37	PC: 123d2 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:46:03.908442905Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:03.909687524Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:03.911429707Z	62	PC: 122ab | Close file
2018-12-25T12:46:03.912371351Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:03.913644659Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:03.915405598Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:46:03.91634707Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:03.918017243Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:03.919742319Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:46:03.920702378Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:03.92197297Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:03.923656262Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:46:03.924573339Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:03.92586975Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:03.927638607Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:46:03.928662585Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:03.929955766Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:03.931584185Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:46:03.932568313Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:03.933921582Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:03.936247372Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:46:03.937852958Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:03.939254319Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:03.940924878Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:46:03.942122157Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:03.943531953Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:03.945169093Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:46:03.946163212Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:03.947453975Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:03.949125822Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:46:03.95013212Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:03.951418531Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:03.953123956Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:46:03.95409515Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:03.955408295Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:03.957040967Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:46:03.957983164Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:03.959268824Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:03.960835113Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:46:03.961925343Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:03.963222028Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:03.964806025Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:46:03.965845739Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:03.967096192Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:03.968746744Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:46:03.970404961Z	61	PC: 9ef04 | Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T12:46:03.974189637Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:03.97593413Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:03.977403247Z	87	PC: 9ef0d | Get or set file date and time
2018-12-25T12:46:03.978325262Z	62	PC: 9ee86 | Close file
2018-12-25T12:46:03.97982638Z	61	PC: 9ee95 | Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T12:46:03.983511343Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:03.984829743Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:03.986462892Z	66	PC: 12372 | Move file pointer
2018-12-25T12:46:03.987401014Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:03.988725719Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:03.990352318Z	63	PC: 12383 | Read file or device (Read 44693 bytes on handle 5)
2018-12-25T12:46:03.998991307Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:04.000307864Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:04.001909771Z	62	PC: 1238a | Close file
2018-12-25T12:46:04.003781048Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:04.005051899Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:04.006658947Z	99	PC: 99317 | Get DBCS lead byte table pointer
2018-12-25T12:46:04.007519735Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:04.008783045Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:04.010328261Z	56	PC: 93b39 | Get or set country info
2018-12-25T12:46:04.011511564Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:04.012753494Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:04.014291627Z	64	PC: 99588 | Write file or device (Write 2 bytes on handle 1)
2018-12-25T12:46:04.01673239Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:04.017969792Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:04.01947441Z	25	PC: 93ba2 | Get default drive
2018-12-25T12:46:04.020448153Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:04.02158863Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:04.023131471Z	71	PC: 95e1d | Get current directory
2018-12-25T12:46:04.025527512Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:04.026811914Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:04.028343224Z	64	PC: 99588 | Write file or device (See above)
2018-12-25T12:46:04.030319244Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:04.031612753Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:04.033255152Z	2	PC: 95df2 | Character output (Char = '3e')
2018-12-25T12:46:04.03464831Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:04.03580474Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:04.037342601Z	93	PC: 93c60 | File sharing functions
2018-12-25T12:46:04.038470057Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:04.039736614Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:04.041293611Z	93	PC: 93c67 | File sharing functions
2018-12-25T12:46:04.042438388Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:04.043725101Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:04.045353638Z	10	PC: 93c79 | Buffered keyboard input

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":1,"Min":1,"Second":0,"TimeBased":true,"OriginalID":16246,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:46:07.905408136Z	221	PC: 12b96 | UNKNOWN!
2018-12-25T12:46:07.906306553Z	53	PC: 12ba5 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:46:07.907033838Z	53	PC: 12bb2 | Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:46:07.907712973Z	53	PC: 12bbf | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:46:07.908731199Z	37	PC: 12bfc | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:46:07.909476711Z	44	PC: 9ec97 | Get time 0x9ec97: cmp ch, 0 0x9ec9a: jne 0x9eca1 0x9ec9c: mov dx, 0x236 0x9ec9f: jmp dx 0x9eca1: cmp cl, 0 0x9eca4: jne 0x9ecab 0x9eca6: mov ax, 0x2a1 0x9eca9: jmp ax 0x9ecab: mov ah, 0x2a 0x9ecad: int 0x21 0x9ecaf: cmp al, 6 0x9ecb1: je 0x9ec3a 0x9ecb3: pop dx 0x9ecb4: pop cx 0x9ecb5: pop ax 0x9ecb6: popf 0x9ecb7: ljmp 0x19:0x40f8 0x9ecbc: ljmp ptr cs:[0x378] 0x9ecc1: ret 0x9ecc2: push bp
2018-12-25T12:46:07.910798012Z	42	PC: 9ecaf | Get date 0x9ecaf: cmp al, 6 0x9ecb1: je 0x9ec3a 0x9ecb3: pop dx 0x9ecb4: pop cx 0x9ecb5: pop ax 0x9ecb6: popf 0x9ecb7: ljmp 0x19:0x40f8 0x9ecbc: ljmp ptr cs:[0x378] 0x9ecc1: ret 0x9ecc2: push bp 0x9ecc3: mov bp, 0x585 0x9ecc6: jmp bp 0x9ecc8: push bp 0x9ecc9: mov bp, 0x3fa 0x9eccc: jmp bp 0x9ecce: popf 0x9eccf: mov ax, 0x3d33 0x9ecd2: iret 0x9ecd3: popf 0x9ecd4: pushf
2018-12-25T12:46:07.912391117Z	37	PC: 12c04 | Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:46:07.913185938Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:07.914507927Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:07.916555665Z	37	PC: 12c0c | Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:46:07.917350441Z	9	PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:46:07.920317617Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:07.921895216Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:07.923159839Z	76	PC: 12a86 | Terminate with return code (Return code = '36')
2018-12-25T12:46:07.924951548Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:07.926558334Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:07.927797955Z	77	PC: 11fe0 | Get program return code
2018-12-25T12:46:07.928538453Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:07.930082324Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:07.931396325Z	72	PC: 12174 | Allocate memory
2018-12-25T12:46:07.932447199Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:07.933753754Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:07.935142716Z	72	PC: 1218d | Allocate memory
2018-12-25T12:46:07.936405387Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:07.937782929Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:07.939115103Z	37	PC: 123c4 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:46:07.939789465Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:07.941099647Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:07.942570254Z	37	PC: 123cb | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:46:07.943290156Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:07.94488547Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:07.94633725Z	37	PC: 123d2 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:46:07.947063836Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:07.948454023Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:07.9498827Z	62	PC: 122ab | Close file
2018-12-25T12:46:07.950782568Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:07.952076487Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:07.954119326Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:46:07.955268463Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:07.957079107Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:07.958985709Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:46:07.960135602Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:07.962002215Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:07.96390482Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:46:07.965049974Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:07.966888919Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:07.968870734Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:46:07.970007453Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:07.971911551Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:07.973821995Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:46:07.974982485Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:07.976869378Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:07.978784004Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:46:07.980028347Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:07.981826388Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:07.983740772Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:46:07.98497053Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:07.986811875Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:07.988685234Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:46:07.990657259Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:07.992540147Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:07.994525622Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:46:07.995707052Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:07.997556291Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:07.999535228Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:46:08.000735559Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:08.003041363Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:08.00512328Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:46:08.006258279Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:08.008091556Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:08.010054053Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:46:08.011218498Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:08.013054376Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:08.014974162Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:46:08.016129442Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:08.017932786Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:08.019966962Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:46:08.02229187Z	61	PC: 9ef04 | Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T12:46:08.027730971Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:08.029209529Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:08.030432322Z	87	PC: 9ef0d | Get or set file date and time
2018-12-25T12:46:08.031257419Z	62	PC: 9ee86 | Close file
2018-12-25T12:46:08.032504036Z	61	PC: 9ee95 | Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T12:46:08.035989218Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:08.037284029Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:08.038685324Z	66	PC: 12372 | Move file pointer
2018-12-25T12:46:08.039524234Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:08.040896174Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:08.042247036Z	63	PC: 12383 | Read file or device (Read 44693 bytes on handle 5)
2018-12-25T12:46:08.050157803Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:08.051521497Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:08.052866384Z	62	PC: 1238a | Close file
2018-12-25T12:46:08.054636105Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:08.056357988Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:08.057743493Z	99	PC: 99317 | Get DBCS lead byte table pointer
2018-12-25T12:46:08.058610447Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:08.05999457Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:08.061454859Z	56	PC: 93b39 | Get or set country info
2018-12-25T12:46:08.062565472Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:08.063842676Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:08.065182882Z	64	PC: 99588 | Write file or device (Write 2 bytes on handle 1)
2018-12-25T12:46:08.067636644Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:08.068953396Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:08.070319954Z	25	PC: 93ba2 | Get default drive
2018-12-25T12:46:08.0712714Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:08.072618555Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:08.074016648Z	71	PC: 95e1d | Get current directory
2018-12-25T12:46:08.076288241Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:08.077613108Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:08.079133565Z	64	PC: 99588 | Write file or device (See above)
2018-12-25T12:46:08.080987342Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:08.082366726Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:08.083805028Z	2	PC: 95df2 | Character output (Char = '3e')
2018-12-25T12:46:08.085134186Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:08.086540691Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:08.087917965Z	93	PC: 93c60 | File sharing functions
2018-12-25T12:46:08.088916737Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:08.090309871Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:08.09172094Z	93	PC: 93c67 | File sharing functions
2018-12-25T12:46:08.092774922Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:08.094149468Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:08.095511818Z	10	PC: 93c79 | Buffered keyboard input

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":1,"Min":1,"Second":0,"TimeBased":true,"OriginalID":16246,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:46:08.231317408Z	221	PC: 12b96 | UNKNOWN!
2018-12-25T12:46:08.23209128Z	53	PC: 12ba5 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:46:08.232910194Z	53	PC: 12bb2 | Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:46:08.233656071Z	53	PC: 12bbf | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:46:08.234788648Z	37	PC: 12bfc | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:46:08.235576255Z	44	PC: 9ec97 | Get time 0x9ec97: cmp ch, 0 0x9ec9a: jne 0x9eca1 0x9ec9c: mov dx, 0x236 0x9ec9f: jmp dx 0x9eca1: cmp cl, 0 0x9eca4: jne 0x9ecab 0x9eca6: mov ax, 0x2a1 0x9eca9: jmp ax 0x9ecab: mov ah, 0x2a 0x9ecad: int 0x21 0x9ecaf: cmp al, 6 0x9ecb1: je 0x9ec3a 0x9ecb3: pop dx 0x9ecb4: pop cx 0x9ecb5: pop ax 0x9ecb6: popf 0x9ecb7: ljmp 0x19:0x40f8 0x9ecbc: ljmp ptr cs:[0x378] 0x9ecc1: ret 0x9ecc2: push bp
2018-12-25T12:46:08.236897369Z	42	PC: 9ecaf | Get date 0x9ecaf: cmp al, 6 0x9ecb1: je 0x9ec3a 0x9ecb3: pop dx 0x9ecb4: pop cx 0x9ecb5: pop ax 0x9ecb6: popf 0x9ecb7: ljmp 0x19:0x40f8 0x9ecbc: ljmp ptr cs:[0x378] 0x9ecc1: ret 0x9ecc2: push bp 0x9ecc3: mov bp, 0x585 0x9ecc6: jmp bp 0x9ecc8: push bp 0x9ecc9: mov bp, 0x3fa 0x9eccc: jmp bp 0x9ecce: popf 0x9eccf: mov ax, 0x3d33 0x9ecd2: iret 0x9ecd3: popf 0x9ecd4: pushf
2018-12-25T12:46:08.238568425Z	37	PC: 12c04 | Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:46:08.23930119Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:08.2404522Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:08.241979173Z	37	PC: 12c0c | Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:46:08.242762346Z	9	PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:46:08.245681741Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:08.247120954Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:08.248465319Z	76	PC: 12a86 | Terminate with return code (Return code = '36')
2018-12-25T12:46:08.250260375Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:08.251880107Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:08.253128656Z	77	PC: 11fe0 | Get program return code
2018-12-25T12:46:08.253820825Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:08.255338495Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:08.256690982Z	72	PC: 12174 | Allocate memory
2018-12-25T12:46:08.257821047Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:08.259440107Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:08.26070926Z	72	PC: 1218d | Allocate memory
2018-12-25T12:46:08.261944806Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:08.263466362Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:08.264762151Z	37	PC: 123c4 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:46:08.265490575Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:08.267081094Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:08.268411246Z	37	PC: 123cb | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:46:08.269141446Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:08.270671981Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:08.271932519Z	37	PC: 123d2 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:46:08.272610162Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:08.27413685Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:08.275420291Z	62	PC: 122ab | Close file
2018-12-25T12:46:08.27628499Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:08.27778448Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:08.279058967Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:46:08.279938325Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:08.28145547Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:08.282727932Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:46:08.283616448Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:08.285082521Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:08.286362386Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:46:08.287270842Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:08.288816534Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:08.2901062Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:46:08.291025244Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:08.292570884Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:08.29384074Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:46:08.294748936Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:08.296318001Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:08.298054954Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:46:08.29887689Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:08.300435732Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:08.301810866Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:46:08.302692266Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:08.30421352Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:08.305539618Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:46:08.306453229Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:08.307972738Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:08.309256822Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:46:08.310082798Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:08.31154536Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:08.312816274Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:46:08.313693293Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:08.315120957Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:08.316370965Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:46:08.3171612Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:08.318688234Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:08.319917977Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:46:08.32071367Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:08.322206638Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:08.323513185Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:46:08.324422037Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:08.325976848Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:08.327238281Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:46:08.329165919Z	61	PC: 9ef04 | Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T12:46:08.333102982Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:08.334491824Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:08.335739807Z	87	PC: 9ef0d | Get or set file date and time
2018-12-25T12:46:08.33685618Z	62	PC: 9ee86 | Close file
2018-12-25T12:46:08.337935296Z	61	PC: 9ee95 | Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T12:46:08.341472529Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:08.343047732Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:08.344327752Z	66	PC: 12372 | Move file pointer
2018-12-25T12:46:08.345185874Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:08.34672518Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:08.347991796Z	63	PC: 12383 | Read file or device (Read 44693 bytes on handle 5)
2018-12-25T12:46:08.355981758Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:08.357572651Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:08.358935262Z	62	PC: 1238a | Close file
2018-12-25T12:46:08.360688914Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:08.362215945Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:08.363581877Z	99	PC: 99317 | Get DBCS lead byte table pointer
2018-12-25T12:46:08.364373592Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:08.365877274Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:08.367129783Z	56	PC: 93b39 | Get or set country info
2018-12-25T12:46:08.368153538Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:08.370055993Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:08.371358814Z	64	PC: 99588 | Write file or device (Write 2 bytes on handle 1)
2018-12-25T12:46:08.373776527Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:08.375174296Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:08.376566075Z	25	PC: 93ba2 | Get default drive
2018-12-25T12:46:08.377492898Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:08.378896276Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:08.380218416Z	71	PC: 95e1d | Get current directory
2018-12-25T12:46:08.382478179Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:08.383992441Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:08.385281065Z	64	PC: 99588 | Write file or device (See above)
2018-12-25T12:46:08.387213607Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:08.388815469Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:08.390118301Z	2	PC: 95df2 | Character output (Char = '3e')
2018-12-25T12:46:08.391404283Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:08.393301639Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:08.394622424Z	93	PC: 93c60 | File sharing functions
2018-12-25T12:46:08.395994166Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:08.397472266Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:08.398790525Z	93	PC: 93c67 | File sharing functions
2018-12-25T12:46:08.399833172Z	44	PC: 9ec97 | Get time (See above)
2018-12-25T12:46:08.401358166Z	42	PC: 9ecaf | Get date (See above)
2018-12-25T12:46:08.402644536Z	10	PC: 93c79 | Buffered keyboard input