{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14422,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:40:40.618611543Z | 26 | PC: 12bb7 | Set disk transfer address |
| 2018-12-25T12:40:40.620500842Z | 71 | PC: 12d16 | Get current directory |
| 2018-12-25T12:40:40.625041497Z | 42 | PC: 12bbe | Get date 0x12bbe: cmp al, 0 0x12bc0: jne 0x12c05 0x12bc2: push es 0x12bc3: mov di, 0x140 0x12bc6: mov ax, 0xb800 0x12bc9: mov es, ax 0x12bcb: mov ah, 2 0x12bcd: mov al, 0xff 0x12bcf: mov cx, 0x4b0 0x12bd2: rep stosd dword ptr es:[di], eax 0x12bd4: mov di, 0x140 0x12bd7: mov al, 0x79 0x12bd9: mov cx, 7 0x12bdc: mov ah, 0x82 0x12bde: stosw word ptr es:[di], ax 0x12bdf: add di, 0xa0 0x12be3: loop 0x12bde 0x12be5: mov cx, 7 0x12be8: sub di, 0xa0 0x12bec: stosw word ptr es:[di], ax |
| 2018-12-25T12:40:40.627819372Z | 78 | PC: 12c88 | Find first file |
| 2018-12-25T12:40:40.63485393Z | 61 | PC: 12c9b | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:40:40.643358457Z | 63 | PC: 12ca7 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:40:40.650741318Z | 66 | PC: 12cc7 | Move file pointer |
| 2018-12-25T12:40:40.652237389Z | 64 | PC: 12cd4 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:40:40.65577214Z | 66 | PC: 12cdf | Move file pointer |
| 2018-12-25T12:40:40.668816695Z | 64 | PC: 12cec | Write file or device (Write 407 bytes on handle 5) |
| 2018-12-25T12:40:40.68497891Z | 62 | PC: 12cf0 | Close file |
| 2018-12-25T12:40:40.694825021Z | 59 | PC: 12cf8 | Change current directory |
| 2018-12-25T12:40:40.70049144Z | 59 | PC: 12d02 | Change current directory |
| 2018-12-25T12:40:40.702774771Z | 26 | PC: 12d0b | Set disk transfer address |
| 2018-12-25T12:40:40.705391958Z | 9 | PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ') |
| 2018-12-25T12:40:40.712285585Z | 76 | PC: 12a86 | Terminate with return code (Return code = '36') |
{"DateBased":true,"Day":6,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14422,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:40:41.184864921Z | 26 | PC: 12bb7 | Set disk transfer address |
| 2018-12-25T12:40:41.186776702Z | 71 | PC: 12d16 | Get current directory |
| 2018-12-25T12:40:41.189793354Z | 42 | PC: 12bbe | Get date 0x12bbe: cmp al, 0 0x12bc0: jne 0x12c05 0x12bc2: push es 0x12bc3: mov di, 0x140 0x12bc6: mov ax, 0xb800 0x12bc9: mov es, ax 0x12bcb: mov ah, 2 0x12bcd: mov al, 0xff 0x12bcf: mov cx, 0x4b0 0x12bd2: rep stosd dword ptr es:[di], eax 0x12bd4: mov di, 0x140 0x12bd7: mov al, 0x79 0x12bd9: mov cx, 7 0x12bdc: mov ah, 0x82 0x12bde: stosw word ptr es:[di], ax 0x12bdf: add di, 0xa0 0x12be3: loop 0x12bde 0x12be5: mov cx, 7 0x12be8: sub di, 0xa0 0x12bec: stosw word ptr es:[di], ax |