{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":7,"TimeBased":true,"OriginalID":17271,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:55:18.100544188Z | 48 | PC: 15169 | Get DOS version |
| 2018-12-25T12:55:18.102878902Z | 47 | PC: 15175 | Get disk transfer address |
| 2018-12-25T12:55:18.103955548Z | 26 | PC: 15188 | Set disk transfer address |
| 2018-12-25T12:55:18.104969622Z | 78 | PC: 15214 | Find first file |
| 2018-12-25T12:55:18.117877542Z | 67 | PC: 15252 | Get or set file attributes |
| 2018-12-25T12:55:18.123235891Z | 67 | PC: 15265 | Get or set file attributes |
| 2018-12-25T12:55:18.139740822Z | 61 | PC: 15270 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:55:18.14636557Z | 87 | PC: 1527c | Get or set file date and time |
| 2018-12-25T12:55:18.147781593Z | 44 | PC: 15288 | Get time 0x15288: and dh, 7 0x1528b: jne 0x1529d 0x1528d: mov ah, 0x40 0x1528f: mov cx, 5 0x15292: mov dx, si 0x15294: add dx, 0x8a 0x15298: nop 0x15299: int 0x21 0x1529b: jmp 0x15301 0x1529d: mov ah, 0x3f 0x1529f: mov cx, 3 0x152a2: mov dx, 0xa 0x152a5: nop 0x152a6: add dx, si 0x152a8: int 0x21 0x152aa: jb 0x15301 0x152ac: cmp ax, 3 0x152af: jne 0x15301 0x152b1: mov ax, 0x4202 0x152b4: mov cx, 0 |
| 2018-12-25T12:55:18.149572332Z | 63 | PC: 152aa | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:55:18.155672677Z | 66 | PC: 152bc | Move file pointer |
| 2018-12-25T12:55:18.156962453Z | 64 | PC: 152e0 | Write file or device (Write 648 bytes on handle 5) |
| 2018-12-25T12:55:18.164967825Z | 66 | PC: 152f2 | Move file pointer |
| 2018-12-25T12:55:18.16612628Z | 64 | PC: 15301 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:55:18.172826519Z | 87 | PC: 15316 | Get or set file date and time |
| 2018-12-25T12:55:18.174085048Z | 62 | PC: 1531a | Close file |
| 2018-12-25T12:55:18.181565603Z | 67 | PC: 15329 | Get or set file attributes |
| 2018-12-25T12:55:18.191152688Z | 26 | PC: 15336 | Set disk transfer address |
| 2018-12-25T12:55:18.192125738Z | 9 | PC: 12a82 | Display string (String= 'Goat file (COM). Size=00002710h/0000010000d bytes. ') |
| 2018-12-25T12:55:18.197185383Z | 76 | PC: 12a86 | Terminate with return code (Return code = '36') |
{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":17271,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:55:18.199462543Z | 48 | PC: 15169 | Get DOS version |
| 2018-12-25T12:55:18.207740854Z | 47 | PC: 15175 | Get disk transfer address |
| 2018-12-25T12:55:18.20872559Z | 26 | PC: 15188 | Set disk transfer address |
| 2018-12-25T12:55:18.209761849Z | 78 | PC: 15214 | Find first file |
| 2018-12-25T12:55:18.215887625Z | 67 | PC: 15252 | Get or set file attributes |
| 2018-12-25T12:55:18.221232242Z | 67 | PC: 15265 | Get or set file attributes |
| 2018-12-25T12:55:18.239983659Z | 61 | PC: 15270 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:55:18.251688808Z | 87 | PC: 1527c | Get or set file date and time |
| 2018-12-25T12:55:18.252886939Z | 44 | PC: 15288 | Get time 0x15288: and dh, 7 0x1528b: jne 0x1529d 0x1528d: mov ah, 0x40 0x1528f: mov cx, 5 0x15292: mov dx, si 0x15294: add dx, 0x8a 0x15298: nop 0x15299: int 0x21 0x1529b: jmp 0x15301 0x1529d: mov ah, 0x3f 0x1529f: mov cx, 3 0x152a2: mov dx, 0xa 0x152a5: nop 0x152a6: add dx, si 0x152a8: int 0x21 0x152aa: jb 0x15301 0x152ac: cmp ax, 3 0x152af: jne 0x15301 0x152b1: mov ax, 0x4202 0x152b4: mov cx, 0 |
| 2018-12-25T12:55:18.254718288Z | 63 | PC: 152aa | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:55:18.261008207Z | 66 | PC: 152bc | Move file pointer |
| 2018-12-25T12:55:18.262297943Z | 64 | PC: 152e0 | Write file or device (Write 648 bytes on handle 5) |
| 2018-12-25T12:55:18.27022486Z | 66 | PC: 152f2 | Move file pointer |
| 2018-12-25T12:55:18.271660392Z | 64 | PC: 15301 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:55:18.278936642Z | 87 | PC: 15316 | Get or set file date and time |
| 2018-12-25T12:55:18.280221026Z | 62 | PC: 1531a | Close file |
| 2018-12-25T12:55:18.28756344Z | 67 | PC: 15329 | Get or set file attributes |
| 2018-12-25T12:55:18.297154218Z | 26 | PC: 15336 | Set disk transfer address |
| 2018-12-25T12:55:18.297945651Z | 9 | PC: 12a82 | Display string (String= 'Goat file (COM). Size=00002710h/0000010000d bytes. ') |
| 2018-12-25T12:55:18.302944599Z | 76 | PC: 12a86 | Terminate with return code (Return code = '36') |