{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":16025,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:45:03.755517265Z | 48 | PC: 12ba5 | Get DOS version |
| 2018-12-25T12:45:03.757753395Z | 47 | PC: 12bb1 | Get disk transfer address |
| 2018-12-25T12:45:03.759147811Z | 26 | PC: 12bc0 | Set disk transfer address |
| 2018-12-25T12:45:03.760569015Z | 78 | PC: 12c41 | Find first file |
| 2018-12-25T12:45:03.767767383Z | 67 | PC: 12c79 | Get or set file attributes |
| 2018-12-25T12:45:03.774038627Z | 67 | PC: 12c89 | Get or set file attributes |
| 2018-12-25T12:45:03.793893285Z | 61 | PC: 12c93 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:45:03.801761636Z | 87 | PC: 12c9f | Get or set file date and time |
| 2018-12-25T12:45:03.803191279Z | 44 | PC: 12ca9 | Get time 0x12ca9: and dh, 7 0x12cac: jne 0x12cbd 0x12cae: mov ah, 0x40 0x12cb0: mov cx, 5 0x12cb3: mov dx, si 0x12cb5: add dx, 0x8a 0x12cb9: int 0x21 0x12cbb: jmp 0x12d1e 0x12cbd: mov ah, 0x3f 0x12cbf: mov cx, 3 0x12cc2: mov dx, 0xa 0x12cc5: add dx, si 0x12cc7: int 0x21 0x12cc9: jb 0x12d1e 0x12ccb: cmp ax, 3 0x12cce: jne 0x12d1e 0x12cd0: mov ax, 0x4202 0x12cd3: mov cx, 0 0x12cd6: mov dx, 0 0x12cd9: int 0x21 |
| 2018-12-25T12:45:03.806046424Z | 63 | PC: 12cc9 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:45:03.813825051Z | 66 | PC: 12cdb | Move file pointer |
| 2018-12-25T12:45:03.815322363Z | 64 | PC: 12cfe | Write file or device (Write 604 bytes on handle 5) |
| 2018-12-25T12:45:03.871849378Z | 66 | PC: 12d10 | Move file pointer |
| 2018-12-25T12:45:03.87353661Z | 64 | PC: 12d1e | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:45:03.881666581Z | 87 | PC: 12d2c | Get or set file date and time |
| 2018-12-25T12:45:03.883204026Z | 62 | PC: 12d30 | Close file |
| 2018-12-25T12:45:03.981579228Z | 67 | PC: 12d3d | Get or set file attributes |
| 2018-12-25T12:45:04.07093585Z | 26 | PC: 12d47 | Set disk transfer address |
| 2018-12-25T12:45:04.072293765Z | 9 | PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ') |
| 2018-12-25T12:45:04.078846265Z | 76 | PC: 12a86 | Terminate with return code (Return code = '36') |
{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":7,"TimeBased":true,"OriginalID":16025,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:45:04.160308733Z | 48 | PC: 12ba5 | Get DOS version |
| 2018-12-25T12:45:04.162207351Z | 47 | PC: 12bb1 | Get disk transfer address |
| 2018-12-25T12:45:04.163617131Z | 26 | PC: 12bc0 | Set disk transfer address |
| 2018-12-25T12:45:04.165124562Z | 78 | PC: 12c41 | Find first file |
| 2018-12-25T12:45:04.171965908Z | 67 | PC: 12c79 | Get or set file attributes |
| 2018-12-25T12:45:04.178268021Z | 67 | PC: 12c89 | Get or set file attributes |
| 2018-12-25T12:45:04.196400068Z | 61 | PC: 12c93 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:45:04.202856087Z | 87 | PC: 12c9f | Get or set file date and time |
| 2018-12-25T12:45:04.205299406Z | 44 | PC: 12ca9 | Get time 0x12ca9: and dh, 7 0x12cac: jne 0x12cbd 0x12cae: mov ah, 0x40 0x12cb0: mov cx, 5 0x12cb3: mov dx, si 0x12cb5: add dx, 0x8a 0x12cb9: int 0x21 0x12cbb: jmp 0x12d1e 0x12cbd: mov ah, 0x3f 0x12cbf: mov cx, 3 0x12cc2: mov dx, 0xa 0x12cc5: add dx, si 0x12cc7: int 0x21 0x12cc9: jb 0x12d1e 0x12ccb: cmp ax, 3 0x12cce: jne 0x12d1e 0x12cd0: mov ax, 0x4202 0x12cd3: mov cx, 0 0x12cd6: mov dx, 0 0x12cd9: int 0x21 |
| 2018-12-25T12:45:04.20766632Z | 63 | PC: 12cc9 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:45:04.214205895Z | 66 | PC: 12cdb | Move file pointer |
| 2018-12-25T12:45:04.216930031Z | 64 | PC: 12cfe | Write file or device (Write 604 bytes on handle 5) |
| 2018-12-25T12:45:04.224882511Z | 66 | PC: 12d10 | Move file pointer |
| 2018-12-25T12:45:04.226644858Z | 64 | PC: 12d1e | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:45:04.23393589Z | 87 | PC: 12d2c | Get or set file date and time |
| 2018-12-25T12:45:04.235591865Z | 62 | PC: 12d30 | Close file |
| 2018-12-25T12:45:04.243656066Z | 67 | PC: 12d3d | Get or set file attributes |
| 2018-12-25T12:45:04.253753725Z | 26 | PC: 12d47 | Set disk transfer address |
| 2018-12-25T12:45:04.254677061Z | 9 | PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ') |
| 2018-12-25T12:45:04.260576405Z | 76 | PC: 12a86 | Terminate with return code (Return code = '36') |