{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2590,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:46:03.630319214Z | 254 | PC: 12bb3 | UNKNOWN! |
| 2018-12-25T11:46:03.631831386Z | 42 | PC: 12bf5 | Get date 0x12bf5: cmp dh, dl 0x12bf7: jne 0x12c01 0x12bf9: mov byte ptr es:[0x43b], 1 0x12bff: jmp 0x12c07 0x12c01: mov byte ptr es:[0x43b], 0 0x12c07: xor ax, ax 0x12c09: mov ds, ax 0x12c0b: mov ax, word ptr [0x84] 0x12c0e: mov word ptr es:[0x42f], ax 0x12c12: mov ax, word ptr [0x86] 0x12c15: mov word ptr es:[0x431], ax 0x12c19: mov ax, word ptr [0x20] 0x12c1c: mov word ptr es:[0x437], ax 0x12c20: mov ax, word ptr [0x22] 0x12c23: mov word ptr es:[0x439], ax 0x12c27: cli 0x12c28: mov word ptr [0x84], 0x19d 0x12c2e: mov word ptr [0x86], es 0x12c32: mov word ptr [0x20], 0x129 0x12c38: mov word ptr [0x22], es |
| 2018-12-25T11:46:03.634609105Z | 67 | PC: 9ee48 | Get or set file attributes |
| 2018-12-25T11:46:03.640261626Z | 61 | PC: 9ee6d | Open file (Filename = 'c:\command.com') |
| 2018-12-25T11:46:03.646993528Z | 87 | PC: 9ee7e | Get or set file date and time |
| 2018-12-25T11:46:03.649397552Z | 63 | PC: 9ee9b | Read file or device (Read 28 bytes on handle 5) |
| 2018-12-25T11:46:03.652419654Z | 66 | PC: 9eecb | Move file pointer |
| 2018-12-25T11:46:03.654446174Z | 64 | PC: 9eede | Write file or device (Write 1071 bytes on handle 5) |
| 2018-12-25T11:46:04.32514943Z | 66 | PC: 9eeef | Move file pointer |
| 2018-12-25T11:46:04.327974733Z | 64 | PC: 9ef0a | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T11:46:04.331766359Z | 87 | PC: 9efdd | Get or set file date and time |
| 2018-12-25T11:46:04.335312118Z | 87 | PC: 9efec | Get or set file date and time |
| 2018-12-25T11:46:04.337533035Z | 62 | PC: 9eff3 | Close file |
| 2018-12-25T11:46:04.347279577Z | 61 | PC: 12c48 | Open file (Filename = '') |
| 2018-12-25T11:46:04.35532574Z | 62 | PC: 12c50 | Close file |
| 2018-12-25T11:46:04.358536744Z | 9 | PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ') |
| 2018-12-25T11:46:04.365242595Z | 76 | PC: 12a86 | Terminate with return code (Return code = '36') |
{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2590,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:46:03.659853921Z | 254 | PC: 12bb3 | UNKNOWN! |
| 2018-12-25T11:46:03.661176854Z | 42 | PC: 12bf5 | Get date 0x12bf5: cmp dh, dl 0x12bf7: jne 0x12c01 0x12bf9: mov byte ptr es:[0x43b], 1 0x12bff: jmp 0x12c07 0x12c01: mov byte ptr es:[0x43b], 0 0x12c07: xor ax, ax 0x12c09: mov ds, ax 0x12c0b: mov ax, word ptr [0x84] 0x12c0e: mov word ptr es:[0x42f], ax 0x12c12: mov ax, word ptr [0x86] 0x12c15: mov word ptr es:[0x431], ax 0x12c19: mov ax, word ptr [0x20] 0x12c1c: mov word ptr es:[0x437], ax 0x12c20: mov ax, word ptr [0x22] 0x12c23: mov word ptr es:[0x439], ax 0x12c27: cli 0x12c28: mov word ptr [0x84], 0x19d 0x12c2e: mov word ptr [0x86], es 0x12c32: mov word ptr [0x20], 0x129 0x12c38: mov word ptr [0x22], es |
| 2018-12-25T11:46:03.664884335Z | 67 | PC: 9ee48 | Get or set file attributes |
| 2018-12-25T11:46:03.671230614Z | 61 | PC: 9ee6d | Open file (Filename = 'c:\command.com') |
| 2018-12-25T11:46:03.678428316Z | 87 | PC: 9ee7e | Get or set file date and time |
| 2018-12-25T11:46:03.681466849Z | 63 | PC: 9ee9b | Read file or device (Read 28 bytes on handle 5) |
| 2018-12-25T11:46:03.684780879Z | 66 | PC: 9eecb | Move file pointer |
| 2018-12-25T11:46:03.687001476Z | 64 | PC: 9eede | Write file or device (Write 1071 bytes on handle 5) |
| 2018-12-25T11:46:04.325223637Z | 66 | PC: 9eeef | Move file pointer |
| 2018-12-25T11:46:04.327274046Z | 64 | PC: 9ef0a | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T11:46:04.330907416Z | 87 | PC: 9efdd | Get or set file date and time |
| 2018-12-25T11:46:04.333852092Z | 87 | PC: 9efec | Get or set file date and time |
| 2018-12-25T11:46:04.348920898Z | 62 | PC: 9eff3 | Close file |
| 2018-12-25T11:46:04.357172822Z | 61 | PC: 12c48 | Open file (Filename = '') |
| 2018-12-25T11:46:04.364425014Z | 62 | PC: 12c50 | Close file |
| 2018-12-25T11:46:04.367231168Z | 9 | PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ') |
| 2018-12-25T11:46:04.37626344Z | 76 | PC: 12a86 | Terminate with return code (Return code = '36') |