{"DateBased":true,"Day":7,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14667,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:41:21.153088655Z | 82 | PC: 12ce0 | Get DOS internal pointers (SYSVARS) |
| 2018-12-25T12:41:21.169589448Z | 42 | PC: 9f51c | Get date 0x9f51c: cmp cx, 0x7c9 0x9f520: je 0x9f530 0x9f522: cmp al, 1 0x9f524: jne 0x9f530 0x9f526: cmp dl, 0x17 0x9f529: jne 0x9f530 0x9f52b: inc byte ptr cs:[0x36] 0x9f530: mov ax, word ptr es:[0x84] 0x9f534: mov word ptr cs:[0x5c], ax 0x9f538: mov ax, word ptr es:[0x86] 0x9f53c: mov word ptr cs:[0x5e], ax 0x9f540: push cs 0x9f541: pop ds 0x9f542: mov dx, 0x1a5 0x9f545: mov ax, 0x2521 0x9f548: int 0x21 0x9f54a: mov ax, word ptr es:[0x5c] 0x9f54e: mov word ptr cs:[0x60], ax 0x9f552: mov ax, word ptr es:[0x5e] 0x9f556: mov word ptr cs:[0x62], ax |
| 2018-12-25T12:41:21.173023047Z | 37 | PC: 9f54a | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:41:21.176033539Z | 37 | PC: 9f562 | Set interrupt vector (Interrupt = '23' AKA 'Rename file') |
| 2018-12-25T12:41:21.177371176Z | 37 | PC: 9f57a | Set interrupt vector (Interrupt = '20' AKA 'Sequential read') |
| 2018-12-25T12:41:21.178898501Z | 9 | PC: 12a82 | Display string (String= 'Goat file (EXE). Size=000003E8h/0000001000d bytes. ') |
| 2018-12-25T12:41:21.185679175Z | 76 | PC: 12a86 | Terminate with return code (Return code = '36') |
{"DateBased":true,"Day":23,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14667,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:41:21.181999006Z | 82 | PC: 12ce0 | Get DOS internal pointers (SYSVARS) |
| 2018-12-25T12:41:21.183637464Z | 42 | PC: 9f51c | Get date 0x9f51c: cmp cx, 0x7c9 0x9f520: je 0x9f530 0x9f522: cmp al, 1 0x9f524: jne 0x9f530 0x9f526: cmp dl, 0x17 0x9f529: jne 0x9f530 0x9f52b: inc byte ptr cs:[0x36] 0x9f530: mov ax, word ptr es:[0x84] 0x9f534: mov word ptr cs:[0x5c], ax 0x9f538: mov ax, word ptr es:[0x86] 0x9f53c: mov word ptr cs:[0x5e], ax 0x9f540: push cs 0x9f541: pop ds 0x9f542: mov dx, 0x1a5 0x9f545: mov ax, 0x2521 0x9f548: int 0x21 0x9f54a: mov ax, word ptr es:[0x5c] 0x9f54e: mov word ptr cs:[0x60], ax 0x9f552: mov ax, word ptr es:[0x5e] 0x9f556: mov word ptr cs:[0x62], ax |
| 2018-12-25T12:41:21.185778437Z | 37 | PC: 9f54a | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:41:21.18692216Z | 37 | PC: 9f562 | Set interrupt vector (Interrupt = '23' AKA 'Rename file') |
| 2018-12-25T12:41:21.188492655Z | 37 | PC: 9f57a | Set interrupt vector (Interrupt = '20' AKA 'Sequential read') |
| 2018-12-25T12:41:21.189699594Z | 37 | PC: 9f5aa | Set interrupt vector (Interrupt = '9' AKA 'Display string') |
| 2018-12-25T12:41:21.191312611Z | 37 | PC: 9f5b2 | Set interrupt vector (Interrupt = '8' AKA 'Console input without echo') |
| 2018-12-25T12:41:21.192717271Z | 9 | PC: 12a82 | Display string (String= 'Goat file (EXE). Size=000003E8h/0000001000d bytes. ') |
| 2018-12-25T12:41:21.198691605Z | 76 | PC: 12a86 | Terminate with return code (Return code = '36') |
{"DateBased":true,"Day":1,"Month":1,"Year":1993,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14667,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:41:21.237771684Z | 82 | PC: 12ce0 | Get DOS internal pointers (SYSVARS) |
| 2018-12-25T12:41:21.24030741Z | 42 | PC: 9f51c | Get date 0x9f51c: cmp cx, 0x7c9 0x9f520: je 0x9f530 0x9f522: cmp al, 1 0x9f524: jne 0x9f530 0x9f526: cmp dl, 0x17 0x9f529: jne 0x9f530 0x9f52b: inc byte ptr cs:[0x36] 0x9f530: mov ax, word ptr es:[0x84] 0x9f534: mov word ptr cs:[0x5c], ax 0x9f538: mov ax, word ptr es:[0x86] 0x9f53c: mov word ptr cs:[0x5e], ax 0x9f540: push cs 0x9f541: pop ds 0x9f542: mov dx, 0x1a5 0x9f545: mov ax, 0x2521 0x9f548: int 0x21 0x9f54a: mov ax, word ptr es:[0x5c] 0x9f54e: mov word ptr cs:[0x60], ax 0x9f552: mov ax, word ptr es:[0x5e] 0x9f556: mov word ptr cs:[0x62], ax |
| 2018-12-25T12:41:21.242851592Z | 37 | PC: 9f54a | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:41:21.245496463Z | 37 | PC: 9f562 | Set interrupt vector (Interrupt = '23' AKA 'Rename file') |
| 2018-12-25T12:41:21.254138246Z | 37 | PC: 9f57a | Set interrupt vector (Interrupt = '20' AKA 'Sequential read') |
| 2018-12-25T12:41:21.267067134Z | 9 | PC: 12a82 | Display string (String= 'Goat file (EXE). Size=000003E8h/0000001000d bytes. ') |
| 2018-12-25T12:41:21.272419429Z | 76 | PC: 12a86 | Terminate with return code (Return code = '36') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14667,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:41:21.346001114Z | 82 | PC: 12ce0 | Get DOS internal pointers (SYSVARS) |
| 2018-12-25T12:41:21.350533396Z | 42 | PC: 9f51c | Get date 0x9f51c: cmp cx, 0x7c9 0x9f520: je 0x9f530 0x9f522: cmp al, 1 0x9f524: jne 0x9f530 0x9f526: cmp dl, 0x17 0x9f529: jne 0x9f530 0x9f52b: inc byte ptr cs:[0x36] 0x9f530: mov ax, word ptr es:[0x84] 0x9f534: mov word ptr cs:[0x5c], ax 0x9f538: mov ax, word ptr es:[0x86] 0x9f53c: mov word ptr cs:[0x5e], ax 0x9f540: push cs 0x9f541: pop ds 0x9f542: mov dx, 0x1a5 0x9f545: mov ax, 0x2521 0x9f548: int 0x21 0x9f54a: mov ax, word ptr es:[0x5c] 0x9f54e: mov word ptr cs:[0x60], ax 0x9f552: mov ax, word ptr es:[0x5e] 0x9f556: mov word ptr cs:[0x62], ax |
| 2018-12-25T12:41:21.352556168Z | 37 | PC: 9f54a | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:41:21.353538354Z | 37 | PC: 9f562 | Set interrupt vector (Interrupt = '23' AKA 'Rename file') |
| 2018-12-25T12:41:21.354990674Z | 37 | PC: 9f57a | Set interrupt vector (Interrupt = '20' AKA 'Sequential read') |
| 2018-12-25T12:41:21.356164463Z | 9 | PC: 12a82 | Display string (String= 'Goat file (EXE). Size=000003E8h/0000001000d bytes. ') |
| 2018-12-25T12:41:21.36132205Z | 76 | PC: 12a86 | Terminate with return code (Return code = '36') |