{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17308,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:55:29.432625004Z | 48 | PC: 12ba6 | Get DOS version |
| 2018-12-25T12:55:29.434252498Z | 25 | PC: 12bb1 | Get default drive |
| 2018-12-25T12:55:29.435144536Z | 42 | PC: 12bb8 | Get date 0x12bb8: cmp dh, 1 0x12bbb: jne 0x12bc5 0x12bbd: cmp dl, 0xa 0x12bc0: jb 0x12bc5 0x12bc2: call 0x12d1e 0x12bc5: mov dx, 0x1c 0x12bc8: add dx, di 0x12bca: mov bx, dx 0x12bcc: mov ah, 0x1a 0x12bce: int 0x21 0x12bd0: xor bp, bp 0x12bd2: mov dx, di 0x12bd4: add dx, 7 0x12bd7: nop 0x12bd8: mov cx, 3 0x12bdb: mov ah, 0x4e 0x12bdd: int 0x21 0x12bdf: jmp 0x12be6 0x12be1: nop 0x12be2: mov ah, 0x4f |
| 2018-12-25T12:55:29.43705814Z | 26 | PC: 12bd0 | Set disk transfer address |
| 2018-12-25T12:55:29.438521164Z | 78 | PC: 12bdf | Find first file |
| 2018-12-25T12:55:29.444301023Z | 67 | PC: 12c3d | Get or set file attributes |
| 2018-12-25T12:55:29.448325832Z | 67 | PC: 12c4e | Get or set file attributes |
| 2018-12-25T12:55:29.466390157Z | 61 | PC: 12c5a | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:55:29.472674363Z | 87 | PC: 12c66 | Get or set file date and time |
| 2018-12-25T12:55:29.473896964Z | 63 | PC: 12c76 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:55:29.480104782Z | 66 | PC: 12c8a | Move file pointer |
| 2018-12-25T12:55:29.481494222Z | 64 | PC: 12cb3 | Write file or device (Write 539 bytes on handle 5) |
| 2018-12-25T12:55:29.488943599Z | 66 | PC: 12cc7 | Move file pointer |
| 2018-12-25T12:55:29.490283323Z | 64 | PC: 12cd6 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:55:29.496651903Z | 87 | PC: 12cea | Get or set file date and time |
| 2018-12-25T12:55:29.497963332Z | 62 | PC: 12cee | Close file |
| 2018-12-25T12:55:29.506274457Z | 67 | PC: 12cf6 | Get or set file attributes |
| 2018-12-25T12:55:29.512163203Z | 14 | PC: 12cfd | Set default drive (Drive = 'A') |
| 2018-12-25T12:55:29.513640691Z | 26 | PC: 12d04 | Set disk transfer address |
| 2018-12-25T12:55:29.514970008Z | 9 | PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ') |
| 2018-12-25T12:55:29.521291308Z | 76 | PC: 12a86 | Terminate with return code (Return code = '36') |
{"DateBased":true,"Day":10,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17308,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:55:29.852280928Z | 48 | PC: 12ba6 | Get DOS version |
| 2018-12-25T12:55:29.853780152Z | 25 | PC: 12bb1 | Get default drive |
| 2018-12-25T12:55:29.855232895Z | 42 | PC: 12bb8 | Get date 0x12bb8: cmp dh, 1 0x12bbb: jne 0x12bc5 0x12bbd: cmp dl, 0xa 0x12bc0: jb 0x12bc5 0x12bc2: call 0x12d1e 0x12bc5: mov dx, 0x1c 0x12bc8: add dx, di 0x12bca: mov bx, dx 0x12bcc: mov ah, 0x1a 0x12bce: int 0x21 0x12bd0: xor bp, bp 0x12bd2: mov dx, di 0x12bd4: add dx, 7 0x12bd7: nop 0x12bd8: mov cx, 3 0x12bdb: mov ah, 0x4e 0x12bdd: int 0x21 0x12bdf: jmp 0x12be6 0x12be1: nop 0x12be2: mov ah, 0x4f |
| 2018-12-25T12:55:29.857559896Z | 72 | PC: 12d40 | Allocate memory |
| 2018-12-25T12:55:29.859247533Z | 26 | PC: 12bd0 | Set disk transfer address |
| 2018-12-25T12:55:29.860612973Z | 78 | PC: 12bdf | Find first file |
| 2018-12-25T12:55:29.867474545Z | 67 | PC: 12c3d | Get or set file attributes |
| 2018-12-25T12:55:29.87406153Z | 67 | PC: 12c4e | Get or set file attributes |
| 2018-12-25T12:55:29.892676356Z | 61 | PC: 12c5a | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:55:29.900231478Z | 87 | PC: 12c66 | Get or set file date and time |
| 2018-12-25T12:55:29.901879955Z | 63 | PC: 12c76 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:55:29.91007835Z | 66 | PC: 12c8a | Move file pointer |
| 2018-12-25T12:55:29.91720172Z | 64 | PC: 12cb3 | Write file or device (Write 539 bytes on handle 5) |
| 2018-12-25T12:55:29.926125141Z | 66 | PC: 12cc7 | Move file pointer |
| 2018-12-25T12:55:29.928288694Z | 64 | PC: 12cd6 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:55:29.935851912Z | 87 | PC: 12cea | Get or set file date and time |
| 2018-12-25T12:55:29.937638174Z | 62 | PC: 12cee | Close file |
| 2018-12-25T12:55:29.947489814Z | 67 | PC: 12cf6 | Get or set file attributes |
| 2018-12-25T12:55:29.954103224Z | 14 | PC: 12cfd | Set default drive (Drive = 'A') |
| 2018-12-25T12:55:29.955761184Z | 26 | PC: 12d04 | Set disk transfer address |
| 2018-12-25T12:55:29.956976989Z | 9 | PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ') |
| 2018-12-25T12:55:29.963084361Z | 76 | PC: 12a86 | Terminate with return code (Return code = '36') |
{"DateBased":true,"Day":1,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17308,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:55:29.885861595Z | 48 | PC: 12ba6 | Get DOS version |
| 2018-12-25T12:55:29.887038989Z | 25 | PC: 12bb1 | Get default drive |
| 2018-12-25T12:55:29.888240485Z | 42 | PC: 12bb8 | Get date 0x12bb8: cmp dh, 1 0x12bbb: jne 0x12bc5 0x12bbd: cmp dl, 0xa 0x12bc0: jb 0x12bc5 0x12bc2: call 0x12d1e 0x12bc5: mov dx, 0x1c 0x12bc8: add dx, di 0x12bca: mov bx, dx 0x12bcc: mov ah, 0x1a 0x12bce: int 0x21 0x12bd0: xor bp, bp 0x12bd2: mov dx, di 0x12bd4: add dx, 7 0x12bd7: nop 0x12bd8: mov cx, 3 0x12bdb: mov ah, 0x4e 0x12bdd: int 0x21 0x12bdf: jmp 0x12be6 0x12be1: nop 0x12be2: mov ah, 0x4f |
| 2018-12-25T12:55:29.890239615Z | 26 | PC: 12bd0 | Set disk transfer address |
| 2018-12-25T12:55:29.891092407Z | 78 | PC: 12bdf | Find first file |
| 2018-12-25T12:55:29.897393619Z | 67 | PC: 12c3d | Get or set file attributes |
| 2018-12-25T12:55:29.903387717Z | 67 | PC: 12c4e | Get or set file attributes |
| 2018-12-25T12:55:29.91554924Z | 61 | PC: 12c5a | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:55:29.923818089Z | 87 | PC: 12c66 | Get or set file date and time |
| 2018-12-25T12:55:29.925704845Z | 63 | PC: 12c76 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:55:29.932848311Z | 66 | PC: 12c8a | Move file pointer |
| 2018-12-25T12:55:29.934753006Z | 64 | PC: 12cb3 | Write file or device (Write 539 bytes on handle 5) |
| 2018-12-25T12:55:29.943765717Z | 66 | PC: 12cc7 | Move file pointer |
| 2018-12-25T12:55:29.945280966Z | 64 | PC: 12cd6 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:55:29.952941232Z | 87 | PC: 12cea | Get or set file date and time |
| 2018-12-25T12:55:29.95458201Z | 62 | PC: 12cee | Close file |
| 2018-12-25T12:55:29.96313708Z | 67 | PC: 12cf6 | Get or set file attributes |
| 2018-12-25T12:55:29.970556061Z | 14 | PC: 12cfd | Set default drive (Drive = 'A') |
| 2018-12-25T12:55:29.971910183Z | 26 | PC: 12d04 | Set disk transfer address |
| 2018-12-25T12:55:29.972952135Z | 9 | PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ') |
| 2018-12-25T12:55:29.979434757Z | 76 | PC: 12a86 | Terminate with return code (Return code = '36') |