{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":16115,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:45:24.098474172Z | 48 | PC: 12ba6 | Get DOS version |
| 2018-12-25T12:45:24.099477163Z | 47 | PC: 12bb2 | Get disk transfer address |
| 2018-12-25T12:45:24.105151825Z | 26 | PC: 12bc5 | Set disk transfer address |
| 2018-12-25T12:45:24.106302403Z | 78 | PC: 12c52 | Find first file |
| 2018-12-25T12:45:24.112103417Z | 67 | PC: 12c90 | Get or set file attributes |
| 2018-12-25T12:45:24.118064455Z | 67 | PC: 12ca3 | Get or set file attributes |
| 2018-12-25T12:45:24.136784924Z | 61 | PC: 12cae | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:45:24.148701325Z | 87 | PC: 12cba | Get or set file date and time |
| 2018-12-25T12:45:24.151383113Z | 44 | PC: 12cc6 | Get time 0x12cc6: and dh, 7 0x12cc9: jne 0x12cdb 0x12ccb: mov ah, 0x40 0x12ccd: mov cx, 5 0x12cd0: mov dx, si 0x12cd2: add dx, 0x8a 0x12cd6: int 0x21 0x12cd8: jmp 0x12d3f 0x12cda: nop 0x12cdb: mov ah, 0x3f 0x12cdd: mov cx, 3 0x12ce0: mov dx, 0xa 0x12ce3: nop 0x12ce4: add dx, si 0x12ce6: int 0x21 0x12ce8: jb 0x12d3f 0x12cea: cmp ax, 3 0x12ced: jne 0x12d3f 0x12cef: mov ax, 0x4202 0x12cf2: mov cx, 0 |
| 2018-12-25T12:45:24.153635118Z | 63 | PC: 12ce8 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:45:24.160241563Z | 66 | PC: 12cfa | Move file pointer |
| 2018-12-25T12:45:24.161914479Z | 64 | PC: 12d1e | Write file or device (Write 1239 bytes on handle 5) |
| 2018-12-25T12:45:24.173205844Z | 66 | PC: 12d30 | Move file pointer |
| 2018-12-25T12:45:24.17451109Z | 64 | PC: 12d3f | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:45:24.180877167Z | 87 | PC: 12d54 | Get or set file date and time |
| 2018-12-25T12:45:24.182531791Z | 62 | PC: 12d58 | Close file |
| 2018-12-25T12:45:24.190301691Z | 67 | PC: 12d67 | Get or set file attributes |
| 2018-12-25T12:45:24.200219654Z | 26 | PC: 12d74 | Set disk transfer address |
| 2018-12-25T12:45:24.20190835Z | 44 | PC: 12d8e | Get time 0x12d8e: cmp ch, 0xa 0x12d91: je 0x12d9b 0x12d93: cmp ch, 0x10 0x12d96: je 0x12d9b 0x12d98: jmp 0x12fcc 0x12d9b: jmp 0x12f9e 0x12d9e: add byte ptr [bx + si], al 0x12da0: add byte ptr [bx + si], al 0x12da2: add byte ptr [bx + si], al 0x12da4: add byte ptr [bx + si], al 0x12da6: add byte ptr [bx + si], al 0x12da8: add byte ptr [bx + si], al 0x12daa: add byte ptr [bx + si], al 0x12dac: add byte ptr [bx + si], al 0x12dae: add byte ptr [bx + si], al 0x12db0: add byte ptr [bx + si], al 0x12db2: add byte ptr [bx + si], al 0x12db4: add byte ptr [bx + si], al 0x12db6: add byte ptr [bx + si], al 0x12db8: add byte ptr [bx + si], al |
| 2018-12-25T12:45:24.203950003Z | 9 | PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ') |
| 2018-12-25T12:45:24.209090622Z | 76 | PC: 12a86 | Terminate with return code (Return code = '36') |
{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":7,"TimeBased":true,"OriginalID":16115,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T13:07:33.608938883Z | 48 | PC: 12ba6 | Get DOS version |
| 2018-12-25T13:07:33.610560107Z | 47 | PC: 12bb2 | Get disk transfer address |
| 2018-12-25T13:07:33.611574698Z | 26 | PC: 12bc5 | Set disk transfer address |
| 2018-12-25T13:07:33.612617665Z | 78 | PC: 12c52 | Find first file |
| 2018-12-25T13:07:33.618917797Z | 67 | PC: 12c90 | Get or set file attributes |
| 2018-12-25T13:07:33.624222521Z | 67 | PC: 12ca3 | Get or set file attributes |
| 2018-12-25T13:07:33.641533686Z | 61 | PC: 12cae | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T13:07:33.648561097Z | 87 | PC: 12cba | Get or set file date and time |
| 2018-12-25T13:07:33.650579851Z | 44 | PC: 12cc6 | Get time 0x12cc6: and dh, 7 0x12cc9: jne 0x12cdb 0x12ccb: mov ah, 0x40 0x12ccd: mov cx, 5 0x12cd0: mov dx, si 0x12cd2: add dx, 0x8a 0x12cd6: int 0x21 0x12cd8: jmp 0x12d3f 0x12cda: nop 0x12cdb: mov ah, 0x3f 0x12cdd: mov cx, 3 0x12ce0: mov dx, 0xa 0x12ce3: nop 0x12ce4: add dx, si 0x12ce6: int 0x21 0x12ce8: jb 0x12d3f 0x12cea: cmp ax, 3 0x12ced: jne 0x12d3f 0x12cef: mov ax, 0x4202 0x12cf2: mov cx, 0 |
| 2018-12-25T13:07:33.652478632Z | 63 | PC: 12ce8 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T13:07:33.658490345Z | 66 | PC: 12cfa | Move file pointer |
| 2018-12-25T13:07:33.660695485Z | 64 | PC: 12d1e | Write file or device (Write 1239 bytes on handle 5) |
| 2018-12-25T13:07:33.668831326Z | 66 | PC: 12d30 | Move file pointer |
| 2018-12-25T13:07:33.67003837Z | 64 | PC: 12d3f | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T13:07:33.676952798Z | 87 | PC: 12d54 | Get or set file date and time |
| 2018-12-25T13:07:33.67828405Z | 62 | PC: 12d58 | Close file |
| 2018-12-25T13:07:33.686971792Z | 67 | PC: 12d67 | Get or set file attributes |
| 2018-12-25T13:07:33.696717222Z | 26 | PC: 12d74 | Set disk transfer address |
| 2018-12-25T13:07:33.697610457Z | 44 | PC: 12d8e | Get time 0x12d8e: cmp ch, 0xa 0x12d91: je 0x12d9b 0x12d93: cmp ch, 0x10 0x12d96: je 0x12d9b 0x12d98: jmp 0x12fcc 0x12d9b: jmp 0x12f9e 0x12d9e: add byte ptr [bx + si], al 0x12da0: add byte ptr [bx + si], al 0x12da2: add byte ptr [bx + si], al 0x12da4: add byte ptr [bx + si], al 0x12da6: add byte ptr [bx + si], al 0x12da8: add byte ptr [bx + si], al 0x12daa: add byte ptr [bx + si], al 0x12dac: add byte ptr [bx + si], al 0x12dae: add byte ptr [bx + si], al 0x12db0: add byte ptr [bx + si], al 0x12db2: add byte ptr [bx + si], al 0x12db4: add byte ptr [bx + si], al 0x12db6: add byte ptr [bx + si], al 0x12db8: add byte ptr [bx + si], al |
| 2018-12-25T13:07:33.699539225Z | 9 | PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ') |
| 2018-12-25T13:07:33.705108732Z | 76 | PC: 12a86 | Terminate with return code (Return code = '36') |
{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":16115,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:45:24.628054922Z | 48 | PC: 12ba6 | Get DOS version |
| 2018-12-25T12:45:24.630164038Z | 47 | PC: 12bb2 | Get disk transfer address |
| 2018-12-25T12:45:24.632365459Z | 26 | PC: 12bc5 | Set disk transfer address |
| 2018-12-25T12:45:24.634460929Z | 78 | PC: 12c52 | Find first file |
| 2018-12-25T12:45:24.644466235Z | 67 | PC: 12c90 | Get or set file attributes |
| 2018-12-25T12:45:24.65084385Z | 67 | PC: 12ca3 | Get or set file attributes |
| 2018-12-25T12:45:24.670697164Z | 61 | PC: 12cae | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:45:24.677512103Z | 87 | PC: 12cba | Get or set file date and time |
| 2018-12-25T12:45:24.680202541Z | 44 | PC: 12cc6 | Get time 0x12cc6: and dh, 7 0x12cc9: jne 0x12cdb 0x12ccb: mov ah, 0x40 0x12ccd: mov cx, 5 0x12cd0: mov dx, si 0x12cd2: add dx, 0x8a 0x12cd6: int 0x21 0x12cd8: jmp 0x12d3f 0x12cda: nop 0x12cdb: mov ah, 0x3f 0x12cdd: mov cx, 3 0x12ce0: mov dx, 0xa 0x12ce3: nop 0x12ce4: add dx, si 0x12ce6: int 0x21 0x12ce8: jb 0x12d3f 0x12cea: cmp ax, 3 0x12ced: jne 0x12d3f 0x12cef: mov ax, 0x4202 0x12cf2: mov cx, 0 |
| 2018-12-25T12:45:24.682516148Z | 63 | PC: 12ce8 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:45:24.688687251Z | 66 | PC: 12cfa | Move file pointer |
| 2018-12-25T12:45:24.690728593Z | 64 | PC: 12d1e | Write file or device (Write 1239 bytes on handle 5) |
| 2018-12-25T12:45:24.698984644Z | 66 | PC: 12d30 | Move file pointer |
| 2018-12-25T12:45:24.700408768Z | 64 | PC: 12d3f | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:45:24.70740932Z | 87 | PC: 12d54 | Get or set file date and time |
| 2018-12-25T12:45:24.708835216Z | 62 | PC: 12d58 | Close file |
| 2018-12-25T12:45:24.71637719Z | 67 | PC: 12d67 | Get or set file attributes |
| 2018-12-25T12:45:24.727135068Z | 26 | PC: 12d74 | Set disk transfer address |
| 2018-12-25T12:45:24.728090313Z | 44 | PC: 12d8e | Get time 0x12d8e: cmp ch, 0xa 0x12d91: je 0x12d9b 0x12d93: cmp ch, 0x10 0x12d96: je 0x12d9b 0x12d98: jmp 0x12fcc 0x12d9b: jmp 0x12f9e 0x12d9e: add byte ptr [bx + si], al 0x12da0: add byte ptr [bx + si], al 0x12da2: add byte ptr [bx + si], al 0x12da4: add byte ptr [bx + si], al 0x12da6: add byte ptr [bx + si], al 0x12da8: add byte ptr [bx + si], al 0x12daa: add byte ptr [bx + si], al 0x12dac: add byte ptr [bx + si], al 0x12dae: add byte ptr [bx + si], al 0x12db0: add byte ptr [bx + si], al 0x12db2: add byte ptr [bx + si], al 0x12db4: add byte ptr [bx + si], al 0x12db6: add byte ptr [bx + si], al 0x12db8: add byte ptr [bx + si], al |
| 2018-12-25T12:45:24.730158218Z | 9 | PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ') |
| 2018-12-25T12:45:24.747196353Z | 76 | PC: 12a86 | Terminate with return code (Return code = '36') |
{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":10,"Min":0,"Second":0,"TimeBased":true,"OriginalID":16115,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:45:24.935247758Z | 48 | PC: 12ba6 | Get DOS version |
| 2018-12-25T12:45:24.936821943Z | 47 | PC: 12bb2 | Get disk transfer address |
| 2018-12-25T12:45:24.937868364Z | 26 | PC: 12bc5 | Set disk transfer address |
| 2018-12-25T12:45:24.939025892Z | 78 | PC: 12c52 | Find first file |
| 2018-12-25T12:45:24.945254458Z | 67 | PC: 12c90 | Get or set file attributes |
| 2018-12-25T12:45:24.950767273Z | 67 | PC: 12ca3 | Get or set file attributes |
| 2018-12-25T12:45:24.968881374Z | 61 | PC: 12cae | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:45:24.976330752Z | 87 | PC: 12cba | Get or set file date and time |
| 2018-12-25T12:45:24.977619088Z | 44 | PC: 12cc6 | Get time 0x12cc6: and dh, 7 0x12cc9: jne 0x12cdb 0x12ccb: mov ah, 0x40 0x12ccd: mov cx, 5 0x12cd0: mov dx, si 0x12cd2: add dx, 0x8a 0x12cd6: int 0x21 0x12cd8: jmp 0x12d3f 0x12cda: nop 0x12cdb: mov ah, 0x3f 0x12cdd: mov cx, 3 0x12ce0: mov dx, 0xa 0x12ce3: nop 0x12ce4: add dx, si 0x12ce6: int 0x21 0x12ce8: jb 0x12d3f 0x12cea: cmp ax, 3 0x12ced: jne 0x12d3f 0x12cef: mov ax, 0x4202 0x12cf2: mov cx, 0 |
| 2018-12-25T12:45:24.979561977Z | 63 | PC: 12ce8 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:45:24.98608254Z | 66 | PC: 12cfa | Move file pointer |
| 2018-12-25T12:45:24.987329546Z | 64 | PC: 12d1e | Write file or device (Write 1239 bytes on handle 5) |
| 2018-12-25T12:45:24.996023504Z | 66 | PC: 12d30 | Move file pointer |
| 2018-12-25T12:45:24.99764393Z | 64 | PC: 12d3f | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:45:25.001632328Z | 87 | PC: 12d54 | Get or set file date and time |
| 2018-12-25T12:45:25.00257423Z | 62 | PC: 12d58 | Close file |
| 2018-12-25T12:45:25.007806257Z | 67 | PC: 12d67 | Get or set file attributes |
| 2018-12-25T12:45:25.014444978Z | 26 | PC: 12d74 | Set disk transfer address |
| 2018-12-25T12:45:25.015369184Z | 44 | PC: 12d8e | Get time 0x12d8e: cmp ch, 0xa 0x12d91: je 0x12d9b 0x12d93: cmp ch, 0x10 0x12d96: je 0x12d9b 0x12d98: jmp 0x12fcc 0x12d9b: jmp 0x12f9e 0x12d9e: add byte ptr [bx + si], al 0x12da0: add byte ptr [bx + si], al 0x12da2: add byte ptr [bx + si], al 0x12da4: add byte ptr [bx + si], al 0x12da6: add byte ptr [bx + si], al 0x12da8: add byte ptr [bx + si], al 0x12daa: add byte ptr [bx + si], al 0x12dac: add byte ptr [bx + si], al 0x12dae: add byte ptr [bx + si], al 0x12db0: add byte ptr [bx + si], al 0x12db2: add byte ptr [bx + si], al 0x12db4: add byte ptr [bx + si], al 0x12db6: add byte ptr [bx + si], al 0x12db8: add byte ptr [bx + si], al |
| 2018-12-25T12:45:25.341510297Z | 9 | PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ') |
| 2018-12-25T12:45:25.351657412Z | 76 | PC: 12a86 | Terminate with return code (Return code = '36') |
{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":16,"Min":0,"Second":0,"TimeBased":true,"OriginalID":16115,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:45:25.169487925Z | 48 | PC: 12ba6 | Get DOS version |
| 2018-12-25T12:45:25.172092218Z | 47 | PC: 12bb2 | Get disk transfer address |
| 2018-12-25T12:45:25.17321027Z | 26 | PC: 12bc5 | Set disk transfer address |
| 2018-12-25T12:45:25.174342689Z | 78 | PC: 12c52 | Find first file |
| 2018-12-25T12:45:25.180746525Z | 67 | PC: 12c90 | Get or set file attributes |
| 2018-12-25T12:45:25.18644837Z | 67 | PC: 12ca3 | Get or set file attributes |
| 2018-12-25T12:45:25.341588183Z | 61 | PC: 12cae | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:45:25.353806288Z | 87 | PC: 12cba | Get or set file date and time |
| 2018-12-25T12:45:25.355391957Z | 44 | PC: 12cc6 | Get time 0x12cc6: and dh, 7 0x12cc9: jne 0x12cdb 0x12ccb: mov ah, 0x40 0x12ccd: mov cx, 5 0x12cd0: mov dx, si 0x12cd2: add dx, 0x8a 0x12cd6: int 0x21 0x12cd8: jmp 0x12d3f 0x12cda: nop 0x12cdb: mov ah, 0x3f 0x12cdd: mov cx, 3 0x12ce0: mov dx, 0xa 0x12ce3: nop 0x12ce4: add dx, si 0x12ce6: int 0x21 0x12ce8: jb 0x12d3f 0x12cea: cmp ax, 3 0x12ced: jne 0x12d3f 0x12cef: mov ax, 0x4202 0x12cf2: mov cx, 0 |
| 2018-12-25T12:45:25.358071502Z | 63 | PC: 12ce8 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:45:25.364792741Z | 66 | PC: 12cfa | Move file pointer |
| 2018-12-25T12:45:25.368077052Z | 64 | PC: 12d1e | Write file or device (Write 1239 bytes on handle 5) |
| 2018-12-25T12:45:25.376642817Z | 66 | PC: 12d30 | Move file pointer |
| 2018-12-25T12:45:25.378362172Z | 64 | PC: 12d3f | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:45:25.385571759Z | 87 | PC: 12d54 | Get or set file date and time |
| 2018-12-25T12:45:25.387160167Z | 62 | PC: 12d58 | Close file |
| 2018-12-25T12:45:25.395215708Z | 67 | PC: 12d67 | Get or set file attributes |
| 2018-12-25T12:45:25.409333255Z | 26 | PC: 12d74 | Set disk transfer address |
| 2018-12-25T12:45:25.410301217Z | 44 | PC: 12d8e | Get time 0x12d8e: cmp ch, 0xa 0x12d91: je 0x12d9b 0x12d93: cmp ch, 0x10 0x12d96: je 0x12d9b 0x12d98: jmp 0x12fcc 0x12d9b: jmp 0x12f9e 0x12d9e: add byte ptr [bx + si], al 0x12da0: add byte ptr [bx + si], al 0x12da2: add byte ptr [bx + si], al 0x12da4: add byte ptr [bx + si], al 0x12da6: add byte ptr [bx + si], al 0x12da8: add byte ptr [bx + si], al 0x12daa: add byte ptr [bx + si], al 0x12dac: add byte ptr [bx + si], al 0x12dae: add byte ptr [bx + si], al 0x12db0: add byte ptr [bx + si], al 0x12db2: add byte ptr [bx + si], al 0x12db4: add byte ptr [bx + si], al 0x12db6: add byte ptr [bx + si], al 0x12db8: add byte ptr [bx + si], al |
| 2018-12-25T12:45:25.734259152Z | 9 | PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ') |
| 2018-12-25T12:45:25.740296528Z | 76 | PC: 12a86 | Terminate with return code (Return code = '36') |