{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":11113,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:29:57.515193211Z | 26 | PC: 12ba8 | Set disk transfer address |
| 2018-12-25T12:29:57.516705564Z | 78 | PC: 12bc4 | Find first file |
| 2018-12-25T12:29:57.522652931Z | 61 | PC: 12c13 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:29:57.529161166Z | 63 | PC: 12c2a | Read file or device (Read 5 bytes on handle 5) |
| 2018-12-25T12:29:57.536077299Z | 44 | PC: 12c53 | Get time 0x12c53: cmp dh, 0xd 0x12c56: jne 0x12c6f 0x12c58: call 0x12d08 0x12c5b: mov dx, 0x363 0x12c5e: mov cx, 5 0x12c61: mov bx, word ptr [0x36c] 0x12c65: mov ah, 0x40 0x12c67: int 0x21 0x12c69: call 0x12ced 0x12c6c: jmp 0x12d17 0x12c6f: call 0x12d08 0x12c72: jae 0x12c77 0x12c74: jmp 0x12ce0 0x12c76: nop 0x12c77: mov ax, word ptr es:[0x1a] 0x12c7b: and al, 0xf0 0x12c7d: add ax, 0x110 0x12c80: mov word ptr [0x37a], ax 0x12c83: mov dx, 0x379 0x12c86: mov cx, 5 |
| 2018-12-25T12:29:57.538252878Z | 66 | PC: 12d16 | Move file pointer |
| 2018-12-25T12:29:57.540408007Z | 64 | PC: 12c91 | Write file or device (Write 5 bytes on handle 5) |
| 2018-12-25T12:29:57.544466234Z | 66 | PC: 12cb6 | Move file pointer |
| 2018-12-25T12:29:57.546964346Z | 64 | PC: 12cca | Write file or device (Write 638 bytes on handle 5) |
| 2018-12-25T12:29:57.562487479Z | 62 | PC: 12cf5 | Close file |
| 2018-12-25T12:29:57.56959211Z | 67 | PC: 12d06 | Get or set file attributes |
| 2018-12-25T12:29:57.579904779Z | 26 | PC: 12cdc | Set disk transfer address |
| 2018-12-25T12:29:57.581448297Z | 9 | PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ') |
| 2018-12-25T12:29:57.58833506Z | 76 | PC: 12a86 | Terminate with return code (Return code = '36') |
{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":13,"TimeBased":true,"OriginalID":11113,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:29:57.563179171Z | 26 | PC: 12ba8 | Set disk transfer address |
| 2018-12-25T12:29:57.564507729Z | 78 | PC: 12bc4 | Find first file |
| 2018-12-25T12:29:57.571543254Z | 61 | PC: 12c13 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:29:57.58050457Z | 63 | PC: 12c2a | Read file or device (Read 5 bytes on handle 5) |
| 2018-12-25T12:29:57.598780538Z | 44 | PC: 12c53 | Get time 0x12c53: cmp dh, 0xd 0x12c56: jne 0x12c6f 0x12c58: call 0x12d08 0x12c5b: mov dx, 0x363 0x12c5e: mov cx, 5 0x12c61: mov bx, word ptr [0x36c] 0x12c65: mov ah, 0x40 0x12c67: int 0x21 0x12c69: call 0x12ced 0x12c6c: jmp 0x12d17 0x12c6f: call 0x12d08 0x12c72: jae 0x12c77 0x12c74: jmp 0x12ce0 0x12c76: nop 0x12c77: mov ax, word ptr es:[0x1a] 0x12c7b: and al, 0xf0 0x12c7d: add ax, 0x110 0x12c80: mov word ptr [0x37a], ax 0x12c83: mov dx, 0x379 0x12c86: mov cx, 5 |
| 2018-12-25T12:29:57.60150787Z | 66 | PC: 12d16 | Move file pointer |
| 2018-12-25T12:29:57.608247682Z | 64 | PC: 12c91 | Write file or device (Write 5 bytes on handle 5) |
| 2018-12-25T12:29:57.611328451Z | 66 | PC: 12cb6 | Move file pointer |
| 2018-12-25T12:29:57.613279339Z | 64 | PC: 12cca | Write file or device (Write 638 bytes on handle 5) |
| 2018-12-25T12:29:57.632229795Z | 62 | PC: 12cf5 | Close file |
| 2018-12-25T12:29:57.641318072Z | 67 | PC: 12d06 | Get or set file attributes |
| 2018-12-25T12:29:57.650107159Z | 26 | PC: 12cdc | Set disk transfer address |
| 2018-12-25T12:29:57.651426069Z | 9 | PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ') |
| 2018-12-25T12:29:57.656090115Z | 76 | PC: 12a86 | Terminate with return code (Return code = '36') |