{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":11564,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:30:51.178295109Z | 26 | PC: 12d87 | Set disk transfer address |
| 2018-12-25T12:30:51.179907993Z | 78 | PC: 12d92 | Find first file |
| 2018-12-25T12:30:51.186606731Z | 67 | PC: 12e07 | Get or set file attributes |
| 2018-12-25T12:30:52.06474518Z | 61 | PC: 12e10 | Open file |
| 2018-12-25T12:30:52.072188514Z | 63 | PC: 12e1c | Read file or device (Read 28 bytes on handle 5) |
| 2018-12-25T12:30:52.074648528Z | 62 | PC: 12e28 | Close file |
| 2018-12-25T12:30:52.076508347Z | 67 | PC: 12e35 | Get or set file attributes |
| 2018-12-25T12:30:52.081744876Z | 79 | PC: 12d92 | Find next file (See above) |
| 2018-12-25T12:30:52.084984916Z | 44 | PC: 12d98 | Get time 0x12d98: cmp cl, 0 0x12d9b: jne 0x12dab 0x12d9d: mov ah, 0x40 0x12d9f: mov bx, 1 0x12da2: mov cx, 0x22 0x12da5: lea dx, word ptr [bp + 0x30b] 0x12da9: int 0x21 0x12dab: pop word ptr [bp + 0x338] 0x12daf: pop word ptr [bp + 0x336] 0x12db3: pop word ptr [bp + 0x334] 0x12db7: pop word ptr [bp + 0x332] 0x12dbb: mov ah, 0x1a 0x12dbd: mov dx, 0x80 0x12dc0: int 0x21 0x12dc2: pop ds 0x12dc3: pop es 0x12dc4: mov ax, es 0x12dc6: add ax, 0x10 0x12dc9: add word ptr [bp + 0x1d5], ax 0x12dcd: mov bx, word ptr [bp + 0x336] |
| 2018-12-25T12:30:52.087388897Z | 64 | PC: 12dab | Write file or device (Write 34 bytes on handle 1) |
| 2018-12-25T12:30:52.090551606Z | 26 | PC: 12dc2 | Set disk transfer address |
| 2018-12-25T12:30:52.092597254Z | 9 | PC: 12a47 | Display string (String= 'GOAT File Generator 2.13 = (c) 1994-2001 by ROSE SWE (02.08.2001) File: ROSE026.EXE - 1.250 (04E2h) bytes length! Hint: Delete or edit the file ROSEGOAT.MSG to suit your needs! Greetings from ROSE SWE! http://come.to/rose_swe ') |
{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":1,"Second":0,"TimeBased":true,"OriginalID":11564,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:30:51.290813192Z | 26 | PC: 12d87 | Set disk transfer address |
| 2018-12-25T12:30:51.292973206Z | 78 | PC: 12d92 | Find first file |
| 2018-12-25T12:30:51.300166018Z | 67 | PC: 12e07 | Get or set file attributes |
| 2018-12-25T12:30:51.318741652Z | 61 | PC: 12e10 | Open file |
| 2018-12-25T12:30:51.332545306Z | 63 | PC: 12e1c | Read file or device (Read 28 bytes on handle 5) |
| 2018-12-25T12:30:51.342533447Z | 62 | PC: 12e28 | Close file |
| 2018-12-25T12:30:51.344878694Z | 67 | PC: 12e35 | Get or set file attributes |
| 2018-12-25T12:30:51.350527181Z | 79 | PC: 12d92 | Find next file (See above) |
| 2018-12-25T12:30:51.35454189Z | 44 | PC: 12d98 | Get time 0x12d98: cmp cl, 0 0x12d9b: jne 0x12dab 0x12d9d: mov ah, 0x40 0x12d9f: mov bx, 1 0x12da2: mov cx, 0x22 0x12da5: lea dx, word ptr [bp + 0x30b] 0x12da9: int 0x21 0x12dab: pop word ptr [bp + 0x338] 0x12daf: pop word ptr [bp + 0x336] 0x12db3: pop word ptr [bp + 0x334] 0x12db7: pop word ptr [bp + 0x332] 0x12dbb: mov ah, 0x1a 0x12dbd: mov dx, 0x80 0x12dc0: int 0x21 0x12dc2: pop ds 0x12dc3: pop es 0x12dc4: mov ax, es 0x12dc6: add ax, 0x10 0x12dc9: add word ptr [bp + 0x1d5], ax 0x12dcd: mov bx, word ptr [bp + 0x336] |
| 2018-12-25T12:30:51.357930783Z | 26 | PC: 12dc2 | Set disk transfer address |
| 2018-12-25T12:30:51.359571075Z | 9 | PC: 12a47 | Display string (String= 'GOAT File Generator 2.13 = (c) 1994-2001 by ROSE SWE (02.08.2001) File: ROSE026.EXE - 1.250 (04E2h) bytes length! Hint: Delete or edit the file ROSEGOAT.MSG to suit your needs! Greetings from ROSE SWE! http://come.to/rose_swe ') |