{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2460,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:45:53.419868487Z | 42 | PC: 12ba6 | Get date 0x12ba6: cmp dl, 0x12 0x12ba9: jne 0x12bb2 0x12bab: mov cx, 0xffff 0x12bae: mov al, 2 0x12bb0: int 0x26 0x12bb2: popaw 0x12bb3: mov cx, 4 0x12bb6: mov di, 0x100 0x12bb9: lea si, word ptr [bp + 0x1ae] 0x12bbd: rep movsb byte ptr es:[di], byte ptr [si] 0x12bbf: mov cx, 0x2b 0x12bc2: lea di, word ptr [bp + 0x308] 0x12bc6: mov si, 0x80 0x12bc9: rep movsb byte ptr es:[di], byte ptr [si] 0x12bcb: jmp 0x12bcd 0x12bcd: mov ax, 0x4e00 0x12bd0: mov cx, 0 0x12bd3: lea dx, word ptr [bp + 0x1a8] 0x12bd7: int 0x21 0x12bd9: jae 0x12bde |
| 2018-12-25T11:45:53.430692302Z | 78 | PC: 12bd9 | Find first file |
| 2018-12-25T11:45:53.437348528Z | 67 | PC: 12be7 | Get or set file attributes |
| 2018-12-25T11:45:53.443441648Z | 67 | PC: 12bf4 | Get or set file attributes |
| 2018-12-25T11:45:53.46255584Z | 61 | PC: 12bfc | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:45:53.476261195Z | 63 | PC: 12c0b | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T11:45:53.483197715Z | 87 | PC: 12c55 | Get or set file date and time |
| 2018-12-25T11:45:53.484721599Z | 66 | PC: 12c68 | Move file pointer |
| 2018-12-25T11:45:53.487067896Z | 64 | PC: 12c75 | Write file or device (Write 1 bytes on handle 5) |
| 2018-12-25T11:45:53.48983648Z | 64 | PC: 12c94 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T11:45:53.49238608Z | 64 | PC: 12ca1 | Write file or device (Write 1 bytes on handle 5) |
| 2018-12-25T11:45:53.495438525Z | 66 | PC: 12cac | Move file pointer |
| 2018-12-25T11:45:53.496862191Z | 64 | PC: 12cb9 | Write file or device (Write 999 bytes on handle 5) |
| 2018-12-25T11:45:53.505964513Z | 87 | PC: 12cca | Get or set file date and time |
| 2018-12-25T11:45:53.508300541Z | 62 | PC: 12ccf | Close file |
| 2018-12-25T11:45:53.517128127Z | 67 | PC: 12cdd | Get or set file attributes |
| 2018-12-25T11:45:53.528047022Z | 9 | PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ') |
| 2018-12-25T11:45:53.535028442Z | 76 | PC: 12a86 | Terminate with return code (Return code = '36') |
{"DateBased":true,"Day":18,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2460,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:45:53.750099125Z | 42 | PC: 12ba6 | Get date 0x12ba6: cmp dl, 0x12 0x12ba9: jne 0x12bb2 0x12bab: mov cx, 0xffff 0x12bae: mov al, 2 0x12bb0: int 0x26 0x12bb2: popaw 0x12bb3: mov cx, 4 0x12bb6: mov di, 0x100 0x12bb9: lea si, word ptr [bp + 0x1ae] 0x12bbd: rep movsb byte ptr es:[di], byte ptr [si] 0x12bbf: mov cx, 0x2b 0x12bc2: lea di, word ptr [bp + 0x308] 0x12bc6: mov si, 0x80 0x12bc9: rep movsb byte ptr es:[di], byte ptr [si] 0x12bcb: jmp 0x12bcd 0x12bcd: mov ax, 0x4e00 0x12bd0: mov cx, 0 0x12bd3: lea dx, word ptr [bp + 0x1a8] 0x12bd7: int 0x21 0x12bd9: jae 0x12bde |
| 2018-12-25T11:45:53.753991097Z | 78 | PC: 12bd9 | Find first file |