{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":13263,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:37:51.761642399Z | 48 | PC: 12ba5 | Get DOS version |
| 2018-12-25T12:37:51.764168707Z | 47 | PC: 12bb1 | Get disk transfer address |
| 2018-12-25T12:37:51.76547255Z | 26 | PC: 12bc0 | Set disk transfer address |
| 2018-12-25T12:37:51.76694797Z | 78 | PC: 12c2a | Find first file |
| 2018-12-25T12:37:51.774434295Z | 67 | PC: 12c6b | Get or set file attributes |
| 2018-12-25T12:37:51.780501095Z | 67 | PC: 12c76 | Get or set file attributes |
| 2018-12-25T12:37:51.796440369Z | 61 | PC: 12c7b | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:37:51.804044193Z | 87 | PC: 12c87 | Get or set file date and time |
| 2018-12-25T12:37:51.805884461Z | 44 | PC: 12c91 | Get time 0x12c91: and dh, 7 0x12c94: jne 0x12ca5 0x12c96: mov cx, 5 0x12c99: mov dx, si 0x12c9b: add dx, 0x8a 0x12c9f: mov ah, 0x40 0x12ca1: int 0x21 0x12ca3: jmp 0x12cfe 0x12ca5: mov cx, 3 0x12ca8: mov dx, si 0x12caa: add dx, 0x84 0x12cae: mov ah, 0x3f 0x12cb0: int 0x21 0x12cb2: jb 0x12cfe 0x12cb4: cmp ax, 3 0x12cb7: jne 0x12cfe 0x12cb9: xor cx, cx 0x12cbb: xor dx, dx 0x12cbd: mov ax, 0x4202 0x12cc0: int 0x21 |
| 2018-12-25T12:37:51.807947592Z | 63 | PC: 12cb2 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:37:51.814745637Z | 66 | PC: 12cc2 | Move file pointer |
| 2018-12-25T12:37:51.81613827Z | 64 | PC: 12cdf | Write file or device (Write 566 bytes on handle 5) |
| 2018-12-25T12:37:51.824471534Z | 66 | PC: 12cef | Move file pointer |
| 2018-12-25T12:37:51.826078432Z | 64 | PC: 12cfe | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:37:51.832789521Z | 87 | PC: 12d0c | Get or set file date and time |
| 2018-12-25T12:37:51.834512437Z | 62 | PC: 12d10 | Close file |
| 2018-12-25T12:37:51.842683685Z | 67 | PC: 12d1d | Get or set file attributes |
| 2018-12-25T12:37:51.853364291Z | 26 | PC: 12d27 | Set disk transfer address |
| 2018-12-25T12:37:51.854404766Z | 9 | PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ') |
| 2018-12-25T12:37:51.85959634Z | 76 | PC: 12a86 | Terminate with return code (Return code = '36') |
{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":7,"TimeBased":true,"OriginalID":13263,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:37:51.973637331Z | 48 | PC: 12ba5 | Get DOS version |
| 2018-12-25T12:37:51.975857269Z | 47 | PC: 12bb1 | Get disk transfer address |
| 2018-12-25T12:37:51.978058094Z | 26 | PC: 12bc0 | Set disk transfer address |
| 2018-12-25T12:37:51.980561394Z | 78 | PC: 12c2a | Find first file |
| 2018-12-25T12:37:51.988405436Z | 67 | PC: 12c6b | Get or set file attributes |
| 2018-12-25T12:37:51.997701812Z | 67 | PC: 12c76 | Get or set file attributes |
| 2018-12-25T12:37:52.011492367Z | 61 | PC: 12c7b | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:37:52.020094894Z | 87 | PC: 12c87 | Get or set file date and time |
| 2018-12-25T12:37:52.021800344Z | 44 | PC: 12c91 | Get time 0x12c91: and dh, 7 0x12c94: jne 0x12ca5 0x12c96: mov cx, 5 0x12c99: mov dx, si 0x12c9b: add dx, 0x8a 0x12c9f: mov ah, 0x40 0x12ca1: int 0x21 0x12ca3: jmp 0x12cfe 0x12ca5: mov cx, 3 0x12ca8: mov dx, si 0x12caa: add dx, 0x84 0x12cae: mov ah, 0x3f 0x12cb0: int 0x21 0x12cb2: jb 0x12cfe 0x12cb4: cmp ax, 3 0x12cb7: jne 0x12cfe 0x12cb9: xor cx, cx 0x12cbb: xor dx, dx 0x12cbd: mov ax, 0x4202 0x12cc0: int 0x21 |
| 2018-12-25T12:37:52.024208226Z | 63 | PC: 12cb2 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:37:52.031989985Z | 66 | PC: 12cc2 | Move file pointer |
| 2018-12-25T12:37:52.034304863Z | 64 | PC: 12cdf | Write file or device (Write 566 bytes on handle 5) |
| 2018-12-25T12:37:52.043540891Z | 66 | PC: 12cef | Move file pointer |
| 2018-12-25T12:37:52.04554837Z | 64 | PC: 12cfe | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:37:52.054097541Z | 87 | PC: 12d0c | Get or set file date and time |
| 2018-12-25T12:37:52.055752745Z | 62 | PC: 12d10 | Close file |
| 2018-12-25T12:37:52.065099886Z | 67 | PC: 12d1d | Get or set file attributes |
| 2018-12-25T12:37:52.077395489Z | 26 | PC: 12d27 | Set disk transfer address |
| 2018-12-25T12:37:52.079228066Z | 9 | PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ') |
| 2018-12-25T12:37:52.085826628Z | 76 | PC: 12a86 | Terminate with return code (Return code = '36') |