{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10485,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:28:11.456120275Z | 42 | PC: 13b0f | Get date 0x13b0f: cmp dh, 5 0x13b12: jb 0x13b3e 0x13b14: cmp dl, 9 0x13b17: jb 0x13b3e 0x13b19: cmp cx, 0x7cb 0x13b1d: jb 0x13b3e 0x13b1f: cmp al, 0 0x13b21: jne 0x13b3e 0x13b23: mov ah, 0x2c 0x13b25: int 0x21 0x13b27: cmp ch, 0xc 0x13b2a: jne 0x13b3e 0x13b2c: cmp cl, 0x1e 0x13b2f: jb 0x13b3e 0x13b31: cmp dh, 0x1e 0x13b34: jb 0x13b3e 0x13b36: cmp dl, 0x32 0x13b39: jb 0x13b3e 0x13b3b: call 0x13b41 0x13b3e: ret |
| 2018-12-25T12:28:11.45883067Z | 26 | PC: 13a10 | Set disk transfer address |
| 2018-12-25T12:28:11.460078635Z | 25 | PC: 13a21 | Get default drive |
| 2018-12-25T12:28:11.461459206Z | 14 | PC: 13a2b | Set default drive (Drive = 'C') |
| 2018-12-25T12:28:11.474576313Z | 26 | PC: 13afe | Set disk transfer address |
| 2018-12-25T12:28:11.475779054Z | 14 | PC: 13b06 | Set default drive (Drive = 'D') |
| 2018-12-25T12:28:11.476896877Z | 9 | PC: 12a82 | Display string (String= 'Goat file (COM). Size=00000FA0h/0000004000d bytes. ') |
| 2018-12-25T12:28:11.480868484Z | 76 | PC: 12a86 | Terminate with return code (Return code = '36') |
{"DateBased":true,"Day":1,"Month":5,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10485,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:28:11.849227048Z | 42 | PC: 13b0f | Get date 0x13b0f: cmp dh, 5 0x13b12: jb 0x13b3e 0x13b14: cmp dl, 9 0x13b17: jb 0x13b3e 0x13b19: cmp cx, 0x7cb 0x13b1d: jb 0x13b3e 0x13b1f: cmp al, 0 0x13b21: jne 0x13b3e 0x13b23: mov ah, 0x2c 0x13b25: int 0x21 0x13b27: cmp ch, 0xc 0x13b2a: jne 0x13b3e 0x13b2c: cmp cl, 0x1e 0x13b2f: jb 0x13b3e 0x13b31: cmp dh, 0x1e 0x13b34: jb 0x13b3e 0x13b36: cmp dl, 0x32 0x13b39: jb 0x13b3e 0x13b3b: call 0x13b41 0x13b3e: ret |
| 2018-12-25T12:28:11.86523923Z | 26 | PC: 13a10 | Set disk transfer address |
| 2018-12-25T12:28:11.866317605Z | 25 | PC: 13a21 | Get default drive |
| 2018-12-25T12:28:11.867402958Z | 14 | PC: 13a2b | Set default drive (Drive = 'C') |
| 2018-12-25T12:28:11.869089928Z | 26 | PC: 13afe | Set disk transfer address |
| 2018-12-25T12:28:11.870120641Z | 14 | PC: 13b06 | Set default drive (Drive = 'D') |
| 2018-12-25T12:28:11.871146647Z | 9 | PC: 12a82 | Display string (String= 'Goat file (COM). Size=00000FA0h/0000004000d bytes. ') |
| 2018-12-25T12:28:11.876394006Z | 76 | PC: 12a86 | Terminate with return code (Return code = '36') |
{"DateBased":true,"Day":9,"Month":5,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10485,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:28:12.180627809Z | 42 | PC: 13b0f | Get date 0x13b0f: cmp dh, 5 0x13b12: jb 0x13b3e 0x13b14: cmp dl, 9 0x13b17: jb 0x13b3e 0x13b19: cmp cx, 0x7cb 0x13b1d: jb 0x13b3e 0x13b1f: cmp al, 0 0x13b21: jne 0x13b3e 0x13b23: mov ah, 0x2c 0x13b25: int 0x21 0x13b27: cmp ch, 0xc 0x13b2a: jne 0x13b3e 0x13b2c: cmp cl, 0x1e 0x13b2f: jb 0x13b3e 0x13b31: cmp dh, 0x1e 0x13b34: jb 0x13b3e 0x13b36: cmp dl, 0x32 0x13b39: jb 0x13b3e 0x13b3b: call 0x13b41 0x13b3e: ret |
| 2018-12-25T12:28:12.183292476Z | 26 | PC: 13a10 | Set disk transfer address |
| 2018-12-25T12:28:12.184360092Z | 25 | PC: 13a21 | Get default drive |
| 2018-12-25T12:28:12.18536622Z | 14 | PC: 13a2b | Set default drive (Drive = 'C') |
| 2018-12-25T12:28:12.188018764Z | 26 | PC: 13afe | Set disk transfer address |
| 2018-12-25T12:28:12.189085067Z | 14 | PC: 13b06 | Set default drive (Drive = 'D') |
| 2018-12-25T12:28:12.190280721Z | 9 | PC: 12a82 | Display string (String= 'Goat file (COM). Size=00000FA0h/0000004000d bytes. ') |
| 2018-12-25T12:28:12.196168203Z | 76 | PC: 12a86 | Terminate with return code (Return code = '36') |
{"DateBased":true,"Day":9,"Month":5,"Year":1995,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10485,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:28:12.205737214Z | 42 | PC: 13b0f | Get date 0x13b0f: cmp dh, 5 0x13b12: jb 0x13b3e 0x13b14: cmp dl, 9 0x13b17: jb 0x13b3e 0x13b19: cmp cx, 0x7cb 0x13b1d: jb 0x13b3e 0x13b1f: cmp al, 0 0x13b21: jne 0x13b3e 0x13b23: mov ah, 0x2c 0x13b25: int 0x21 0x13b27: cmp ch, 0xc 0x13b2a: jne 0x13b3e 0x13b2c: cmp cl, 0x1e 0x13b2f: jb 0x13b3e 0x13b31: cmp dh, 0x1e 0x13b34: jb 0x13b3e 0x13b36: cmp dl, 0x32 0x13b39: jb 0x13b3e 0x13b3b: call 0x13b41 0x13b3e: ret |
| 2018-12-25T12:28:12.209035105Z | 26 | PC: 13a10 | Set disk transfer address |
| 2018-12-25T12:28:12.210793001Z | 25 | PC: 13a21 | Get default drive |
| 2018-12-25T12:28:12.212471263Z | 14 | PC: 13a2b | Set default drive (Drive = 'C') |
| 2018-12-25T12:28:12.217938746Z | 78 | PC: 13a35 | Find first file |
| 2018-12-25T12:28:12.224039187Z | 61 | PC: 13a46 | Open file (Filename = 'COMMAND.COM') |
| 2018-12-25T12:28:12.23100859Z | 66 | PC: 13bc9 | Move file pointer |
| 2018-12-25T12:28:12.233562822Z | 62 | PC: 13a6c | Close file |
| 2018-12-25T12:28:12.235447586Z | 79 | PC: 13a35 | Find next file (See above) |
| 2018-12-25T12:28:12.23823Z | 26 | PC: 13afe | Set disk transfer address |
| 2018-12-25T12:28:12.239759259Z | 14 | PC: 13b06 | Set default drive (Drive = 'D') |
| 2018-12-25T12:28:12.24160834Z | 9 | PC: 12a82 | Display string (String= 'Goat file (COM). Size=00000FA0h/0000004000d bytes. ') |
| 2018-12-25T12:28:12.24844057Z | 76 | PC: 12a86 | Terminate with return code (Return code = '36') |
{"DateBased":true,"Day":14,"Month":5,"Year":1995,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10485,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:28:12.443309283Z | 42 | PC: 13b0f | Get date 0x13b0f: cmp dh, 5 0x13b12: jb 0x13b3e 0x13b14: cmp dl, 9 0x13b17: jb 0x13b3e 0x13b19: cmp cx, 0x7cb 0x13b1d: jb 0x13b3e 0x13b1f: cmp al, 0 0x13b21: jne 0x13b3e 0x13b23: mov ah, 0x2c 0x13b25: int 0x21 0x13b27: cmp ch, 0xc 0x13b2a: jne 0x13b3e 0x13b2c: cmp cl, 0x1e 0x13b2f: jb 0x13b3e 0x13b31: cmp dh, 0x1e 0x13b34: jb 0x13b3e 0x13b36: cmp dl, 0x32 0x13b39: jb 0x13b3e 0x13b3b: call 0x13b41 0x13b3e: ret |
| 2018-12-25T12:28:12.445812684Z | 44 | PC: 13b27 | Get time 0x13b27: cmp ch, 0xc 0x13b2a: jne 0x13b3e 0x13b2c: cmp cl, 0x1e 0x13b2f: jb 0x13b3e 0x13b31: cmp dh, 0x1e 0x13b34: jb 0x13b3e 0x13b36: cmp dl, 0x32 0x13b39: jb 0x13b3e 0x13b3b: call 0x13b41 0x13b3e: ret 0x13b3f: sbb byte ptr [bx + si], al 0x13b41: mov cx, 0xb800 0x13b44: mov ah, 0xf 0x13b46: int 0x10 0x13b48: cmp al, 2 0x13b4a: je 0x13b59 0x13b4c: cmp al, 3 0x13b4e: je 0x13b59 0x13b50: cmp al, 7 0x13b52: je 0x13b56 |
| 2018-12-25T12:28:12.448000049Z | 26 | PC: 13a10 | Set disk transfer address |
| 2018-12-25T12:28:12.448964677Z | 25 | PC: 13a21 | Get default drive |
| 2018-12-25T12:28:12.450763761Z | 14 | PC: 13a2b | Set default drive (Drive = 'C') |
| 2018-12-25T12:28:12.452254207Z | 26 | PC: 13afe | Set disk transfer address |
| 2018-12-25T12:28:12.453570287Z | 14 | PC: 13b06 | Set default drive (Drive = 'D') |
| 2018-12-25T12:28:12.45549622Z | 9 | PC: 12a82 | Display string (String= 'Goat file (COM). Size=00000FA0h/0000004000d bytes. ') |
| 2018-12-25T12:28:12.460769447Z | 76 | PC: 12a86 | Terminate with return code (Return code = '36') |