{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12724,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:36:05.844045107Z | 26 | PC: 12ba3 | Set disk transfer address |
| 2018-12-25T12:36:05.846629686Z | 71 | PC: 12bc5 | Get current directory |
| 2018-12-25T12:36:05.85098325Z | 42 | PC: 12bd1 | Get date 0x12bd1: cmp dx, 0x505 0x12bd5: jne 0x12c14 0x12bd7: mov word ptr [bp + 0x448], dx 0x12bdb: lea bx, word ptr [bp + 0x38e] 0x12bdf: mov word ptr [bx], 0x2a 0x12be3: mov ax, 3 0x12be6: int 0x10 0x12be8: push es 0x12be9: mov ax, 0xb800 0x12bec: mov es, ax 0x12bee: mov di, 0x18 0x12bf1: lea bx, word ptr [bp + 0x39b] 0x12bf5: mov dl, 0xac 0x12bf7: mov dh, 7 0x12bf9: mov cx, 8 0x12bfc: mov al, byte ptr [bx] 0x12bfe: shl al, 1 0x12c00: jb 0x12c08 0x12c02: push ax 0x12c03: mov ax, 0x920 |
| 2018-12-25T12:36:05.853895378Z | 78 | PC: 12ccf | Find first file |
| 2018-12-25T12:36:05.859923379Z | 61 | PC: 12cf2 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:36:05.871154343Z | 63 | PC: 12cfe | Read file or device (Read 7 bytes on handle 5) |
| 2018-12-25T12:36:05.877379589Z | 62 | PC: 12d02 | Close file |
| 2018-12-25T12:36:05.88020969Z | 61 | PC: 12d1d | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:36:05.887331243Z | 87 | PC: 12d23 | Get or set file date and time |
| 2018-12-25T12:36:05.888920315Z | 64 | PC: 12d4f | Write file or device (Write 7 bytes on handle 5) |
| 2018-12-25T12:36:05.891931061Z | 66 | PC: 12d5a | Move file pointer |
| 2018-12-25T12:36:05.89404849Z | 64 | PC: 12d65 | Write file or device (Write 831 bytes on handle 5) |
| 2018-12-25T12:36:05.909217146Z | 87 | PC: 12d6c | Get or set file date and time |
| 2018-12-25T12:36:05.910993943Z | 62 | PC: 12d70 | Close file |
| 2018-12-25T12:36:05.920844209Z | 59 | PC: 12daa | Change current directory |
| 2018-12-25T12:36:05.924699187Z | 59 | PC: 12db2 | Change current directory |
| 2018-12-25T12:36:05.926934464Z | 26 | PC: 12dc7 | Set disk transfer address |
| 2018-12-25T12:36:05.929037992Z | 9 | PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ') |
| 2018-12-25T12:36:05.934499287Z | 76 | PC: 12a86 | Terminate with return code (Return code = '36') |
{"DateBased":true,"Day":5,"Month":5,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12724,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:36:06.142155239Z | 26 | PC: 12ba3 | Set disk transfer address |
| 2018-12-25T12:36:06.144637481Z | 71 | PC: 12bc5 | Get current directory |
| 2018-12-25T12:36:06.148338025Z | 42 | PC: 12bd1 | Get date 0x12bd1: cmp dx, 0x505 0x12bd5: jne 0x12c14 0x12bd7: mov word ptr [bp + 0x448], dx 0x12bdb: lea bx, word ptr [bp + 0x38e] 0x12bdf: mov word ptr [bx], 0x2a 0x12be3: mov ax, 3 0x12be6: int 0x10 0x12be8: push es 0x12be9: mov ax, 0xb800 0x12bec: mov es, ax 0x12bee: mov di, 0x18 0x12bf1: lea bx, word ptr [bp + 0x39b] 0x12bf5: mov dl, 0xac 0x12bf7: mov dh, 7 0x12bf9: mov cx, 8 0x12bfc: mov al, byte ptr [bx] 0x12bfe: shl al, 1 0x12c00: jb 0x12c08 0x12c02: push ax 0x12c03: mov ax, 0x920 |
| 2018-12-25T12:36:06.158932099Z | 9 | PC: 12c4b | Display string (String= 'Mercury Power Make Up !') |
| 2018-12-25T12:36:06.162576572Z | 78 | PC: 12ccf | Find first file |
| 2018-12-25T12:36:06.168756543Z | 86 | PC: 12c6f | Rename file |
| 2018-12-25T12:36:06.186125214Z | 79 | PC: 12cd6 | Find next file |
| 2018-12-25T12:36:06.190502262Z | 86 | PC: 12c6f | Rename file (See above) |
| 2018-12-25T12:36:06.201942487Z | 79 | PC: 12cd6 | Find next file (See above) |
| 2018-12-25T12:36:06.204831875Z | 86 | PC: 12c6f | Rename file (See above) |
| 2018-12-25T12:36:06.218320894Z | 79 | PC: 12cd6 | Find next file (See above) |
| 2018-12-25T12:36:06.221206829Z | 86 | PC: 12c6f | Rename file (See above) |
| 2018-12-25T12:36:06.23195435Z | 79 | PC: 12cd6 | Find next file (See above) |
| 2018-12-25T12:36:06.240405116Z | 86 | PC: 12c6f | Rename file (See above) |
| 2018-12-25T12:36:06.252553966Z | 79 | PC: 12cd6 | Find next file (See above) |
| 2018-12-25T12:36:06.255208993Z | 86 | PC: 12c6f | Rename file (See above) |
| 2018-12-25T12:36:06.266414935Z | 79 | PC: 12cd6 | Find next file (See above) |
| 2018-12-25T12:36:06.270143948Z | 86 | PC: 12c6f | Rename file (See above) |
| 2018-12-25T12:36:06.281107223Z | 79 | PC: 12cd6 | Find next file (See above) |
| 2018-12-25T12:36:06.283926234Z | 86 | PC: 12c6f | Rename file (See above) |
| 2018-12-25T12:36:06.2951377Z | 79 | PC: 12cd6 | Find next file (See above) |
| 2018-12-25T12:36:06.297784506Z | 86 | PC: 12c6f | Rename file (See above) |
| 2018-12-25T12:36:06.311893598Z | 79 | PC: 12cd6 | Find next file (See above) |
| 2018-12-25T12:36:06.314906308Z | 59 | PC: 12c9b | Change current directory |
| 2018-12-25T12:36:06.342884929Z | 78 | PC: 12ca6 | Find first file |
| 2018-12-25T12:36:06.351218053Z | 9 | PC: 12d86 | Display string (String= ' Sailor Mercury ') |
| 2018-12-25T12:36:06.355609519Z | 9 | PC: 12d95 | Display string (String= 'Made in Hong Kong 1994') |
| 2018-12-25T12:36:08.519502353Z | 59 | PC: 12daa | Change current directory |
| 2018-12-25T12:36:08.529397674Z | 59 | PC: 12db2 | Change current directory |
| 2018-12-25T12:36:08.532433708Z | 26 | PC: 12dc7 | Set disk transfer address |
| 2018-12-25T12:36:08.534412238Z | 9 | PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ') |
| 2018-12-25T12:36:08.538112315Z | 76 | PC: 12a86 | Terminate with return code (Return code = '36') |