{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15365,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:43:15.622204796Z | 26 | PC: 12bc3 | Set disk transfer address |
| 2018-12-25T12:43:15.624053491Z | 42 | PC: 12bc7 | Get date 0x12bc7: add al, dl 0x12bc9: cmp al, 0x14 0x12bcb: jne 0x12bd0 0x12bcd: jmp 0x12caa 0x12bd0: mov ah, 0x4e 0x12bd2: add si, 0x138 0x12bd6: mov dx, si 0x12bd8: sub si, 0x138 0x12bdc: mov cx, 0 0x12bdf: int 0x21 0x12be1: jae 0x12be6 0x12be3: jmp 0x12cb8 0x12be6: jmp 0x12bf4 0x12be8: nop 0x12be9: mov dx, bx 0x12beb: mov ah, 0x4f 0x12bed: int 0x21 0x12bef: jae 0x12bf4 0x12bf1: jmp 0x12cb8 0x12bf4: mov ah, 0x2f |
| 2018-12-25T12:43:15.626358786Z | 78 | PC: 12be1 | Find first file |
| 2018-12-25T12:43:15.633740773Z | 47 | PC: 12bf8 | Get disk transfer address |
| 2018-12-25T12:43:15.635461141Z | 61 | PC: 12c06 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:43:15.641822217Z | 87 | PC: 12c0d | Get or set file date and time |
| 2018-12-25T12:43:15.643172274Z | 66 | PC: 12c21 | Move file pointer |
| 2018-12-25T12:43:15.645458649Z | 66 | PC: 12c3b | Move file pointer |
| 2018-12-25T12:43:15.646757334Z | 63 | PC: 12c4c | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T12:43:15.653145029Z | 66 | PC: 12c66 | Move file pointer |
| 2018-12-25T12:43:15.654714954Z | 64 | PC: 12c6f | Write file or device (Write 330 bytes on handle 5) |
| 2018-12-25T12:43:15.669564112Z | 66 | PC: 12c79 | Move file pointer |
| 2018-12-25T12:43:15.67092325Z | 64 | PC: 12c96 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:43:15.677839883Z | 87 | PC: 12ca3 | Get or set file date and time |
| 2018-12-25T12:43:15.686917581Z | 62 | PC: 12ca7 | Close file |
| 2018-12-25T12:43:15.694968549Z | 26 | PC: 12cbf | Set disk transfer address |
| 2018-12-25T12:43:15.696298831Z | 9 | PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ') |
| 2018-12-25T12:43:15.70216357Z | 76 | PC: 12a86 | Terminate with return code (Return code = '36') |
{"DateBased":true,"Day":20,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15365,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:43:15.676969473Z | 26 | PC: 12bc3 | Set disk transfer address |
| 2018-12-25T12:43:15.678824942Z | 42 | PC: 12bc7 | Get date 0x12bc7: add al, dl 0x12bc9: cmp al, 0x14 0x12bcb: jne 0x12bd0 0x12bcd: jmp 0x12caa 0x12bd0: mov ah, 0x4e 0x12bd2: add si, 0x138 0x12bd6: mov dx, si 0x12bd8: sub si, 0x138 0x12bdc: mov cx, 0 0x12bdf: int 0x21 0x12be1: jae 0x12be6 0x12be3: jmp 0x12cb8 0x12be6: jmp 0x12bf4 0x12be8: nop 0x12be9: mov dx, bx 0x12beb: mov ah, 0x4f 0x12bed: int 0x21 0x12bef: jae 0x12bf4 0x12bf1: jmp 0x12cb8 0x12bf4: mov ah, 0x2f |
| 2018-12-25T12:43:15.680835105Z | 25 | PC: 12cae | Get default drive |
| 2018-12-25T12:43:15.692999109Z | 26 | PC: 12cbf | Set disk transfer address |
| 2018-12-25T12:43:15.693928217Z | 9 | PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ') |
| 2018-12-25T12:43:15.699736661Z | 76 | PC: 12a86 | Terminate with return code (Return code = '36') |