{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4855,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:53:02.638285366Z | 47 | PC: 14b21 | Get disk transfer address |
| 2018-12-25T11:53:02.642012676Z | 26 | PC: 14b29 | Set disk transfer address |
| 2018-12-25T11:53:02.67675635Z | 37 | PC: 14b3e | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input') |
| 2018-12-25T11:53:02.678186947Z | 37 | PC: 14b42 | Set interrupt vector (Interrupt = '1' AKA 'Character input') |
| 2018-12-25T11:53:02.685209208Z | 71 | PC: 14ccc | Get current directory |
| 2018-12-25T11:53:02.688645192Z | 59 | PC: 14cd4 | Change current directory |
| 2018-12-25T11:53:02.693166215Z | 47 | PC: 14d5a | Get disk transfer address |
| 2018-12-25T11:53:02.694679013Z | 26 | PC: 14d69 | Set disk transfer address |
| 2018-12-25T11:53:02.697164119Z | 78 | PC: 14d71 | Find first file |
| 2018-12-25T11:53:02.707089182Z | 26 | PC: 14d83 | Set disk transfer address |
| 2018-12-25T11:53:02.708691009Z | 47 | PC: 14cf0 | Get disk transfer address |
| 2018-12-25T11:53:02.711917188Z | 26 | PC: 14cfe | Set disk transfer address |
| 2018-12-25T11:53:02.714265555Z | 78 | PC: 14d09 | Find first file |
| 2018-12-25T11:53:02.721561306Z | 79 | PC: 14d31 | Find next file |
| 2018-12-25T11:53:02.72538384Z | 79 | PC: 14d31 | Find next file (See above) |
| 2018-12-25T11:53:02.728291369Z | 79 | PC: 14d31 | Find next file (See above) |
| 2018-12-25T11:53:02.731145508Z | 79 | PC: 14d31 | Find next file (See above) |
| 2018-12-25T11:53:02.734336219Z | 79 | PC: 14d31 | Find next file (See above) |
| 2018-12-25T11:53:02.737356365Z | 79 | PC: 14d31 | Find next file (See above) |
| 2018-12-25T11:53:02.740227066Z | 79 | PC: 14d31 | Find next file (See above) |
| 2018-12-25T11:53:02.749517617Z | 79 | PC: 14d31 | Find next file (See above) |
| 2018-12-25T11:53:02.75332913Z | 79 | PC: 14d31 | Find next file (See above) |
| 2018-12-25T11:53:02.75605758Z | 47 | PC: 14d5a | Get disk transfer address (See above) |
| 2018-12-25T11:53:02.757740922Z | 26 | PC: 14d69 | Set disk transfer address (See above) |
| 2018-12-25T11:53:02.759319572Z | 78 | PC: 14d71 | Find first file (See above) |
| 2018-12-25T11:53:02.766049071Z | 47 | PC: 14d8e | Get disk transfer address |
| 2018-12-25T11:53:02.76736105Z | 65 | PC: 14da7 | Delete file (Filename = 'CHKLIST.MS') |
| 2018-12-25T11:53:02.775108529Z | 61 | PC: 14daf | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:53:02.782710346Z | 63 | PC: 14dbb | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T11:53:02.787692285Z | 66 | PC: 14dc3 | Move file pointer |
| 2018-12-25T11:53:02.789768705Z | 62 | PC: 14dc8 | Close file |
| 2018-12-25T11:53:02.791686015Z | 67 | PC: 14de8 | Get or set file attributes |
| 2018-12-25T11:53:02.809401673Z | 61 | PC: 14ded | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:53:02.824568488Z | 64 | PC: 14df9 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T11:53:02.82806482Z | 66 | PC: 14e01 | Move file pointer |
| 2018-12-25T11:53:02.831273474Z | 64 | PC: 151a2 | Write file or device (Write 1681 bytes on handle 5) |
| 2018-12-25T11:53:02.842839527Z | 87 | PC: 14e11 | Get or set file date and time |
| 2018-12-25T11:53:02.844822837Z | 62 | PC: 14e15 | Close file |
| 2018-12-25T11:53:02.854150161Z | 67 | PC: 14e22 | Get or set file attributes |
| 2018-12-25T11:53:02.866668856Z | 26 | PC: 14d83 | Set disk transfer address (See above) |
| 2018-12-25T11:53:02.868062107Z | 26 | PC: 14d41 | Set disk transfer address |
| 2018-12-25T11:53:02.871994276Z | 59 | PC: 14ce5 | Change current directory |
| 2018-12-25T11:53:02.875706521Z | 42 | PC: 14e44 | Get date 0x14e44: mov al, dl 0x14e46: cwde 0x14e47: ret 0x14e48: insb byte ptr es:[di], dx 0x14e49: sub ax, 0x5945 0x14e4c: or al, 0xb4 0x14e4e: sub cl, ch 0x14e50: and word ptr [bp + si - 0x673a], cx 0x14e54: ret 0x14e55: push ss 0x14e56: int 0xee 0x14e58: fstp dword ptr [bx - 0x4c] 0x14e5b: sub cl, ch 0x14e5d: and word ptr [bx + si - 0x783d], bx 0x14e61: iret 0x14e62: or ax, 0x4944 0x14e65: mov al, byte ptr [di + 0x42e] 0x14e69: cwde 0x14e6a: ret 0x14e6b: inc bx |
| 2018-12-25T11:53:02.87839202Z | 42 | PC: 14e5e | Get date 0x14e5e: cwde 0x14e5f: ret 0x14e60: xchg di, cx 0x14e62: or ax, 0x4944 0x14e65: mov al, byte ptr [di + 0x42e] 0x14e69: cwde 0x14e6a: ret 0x14e6b: inc bx 0x14e6c: dec ax 0x14e6d: dec bx 0x14e6e: dec sp 0x14e6f: dec cx 0x14e70: push bx 0x14e71: push sp 0x14e72: dec bp 0x14e74: push bx 0x14e75: add byte ptr [0xc911], cl 0x14e79: sbb cl, byte ptr [di - 0x33] 0x14e7c: mov bx, 0xba18 0x14e7f: or al, 0xdf |
| 2018-12-25T11:53:02.880992642Z | 26 | PC: 14ca7 | Set disk transfer address |
| 2018-12-25T11:53:02.882615588Z | 74 | PC: 12c01 | Reallocate memory |
| 2018-12-25T11:53:02.885160449Z | 72 | PC: 12c0a | Allocate memory |
| 2018-12-25T11:53:02.887284629Z | 82 | PC: 12c16 | Get DOS internal pointers (SYSVARS) |
| 2018-12-25T11:53:02.889236409Z | 53 | PC: 9e3e0 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:53:02.891197678Z | 53 | PC: 9e3f1 | Get interrupt vector (Interrupt = '19' AKA 'Delete file') |
| 2018-12-25T11:53:02.892988989Z | 37 | PC: 9e407 | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:53:02.894690805Z | 42 | PC: 9e40b | Get date 0x9e40b: cmp dh, 1 0x9e40e: jne 0x9e441 0x9e410: mov ax, 0x3508 0x9e413: int 0x21 0x9e415: mov word ptr cs:[0x7c0], bx 0x9e41a: mov bx, es 0x9e41c: mov word ptr cs:[0x7c2], bx 0x9e421: mov ax, 0x2508 0x9e424: push cs 0x9e425: pop ds 0x9e426: mov dx, 0x7d0 0x9e429: int 0x21 0x9e42b: mov ah, 0x2c 0x9e42d: int 0x21 0x9e42f: mov ax, 0x800 0x9e432: mov dh, 0 0x9e434: mov cl, 5 0x9e436: shl dx, cl 0x9e438: add ax, dx 0x9e43a: mov word ptr cs:[0x7cc], ax |
| 2018-12-25T11:53:02.898515809Z | 53 | PC: 9e415 | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo') |
| 2018-12-25T11:53:02.900269959Z | 37 | PC: 9e42b | Set interrupt vector (Interrupt = '8' AKA 'Console input without echo') |
| 2018-12-25T11:53:02.901948734Z | 44 | PC: 9e42f | Get time 0x9e42f: mov ax, 0x800 0x9e432: mov dh, 0 0x9e434: mov cl, 5 0x9e436: shl dx, cl 0x9e438: add ax, dx 0x9e43a: mov word ptr cs:[0x7cc], ax 0x9e43e: call 0x9e511 0x9e441: jmp 0x9dd56 0x9e444: add al, byte ptr [0x13f6] 0x9e448: clc 0x9e449: inc ax 0x9e44a: sbb word ptr [bx + si], ax 0x9e44c: sbb al, byte ptr [bx + di] 0x9e44e: mov word ptr [bp + di], cs 0x9e450: cmp al, 0 0x9e452: lcall 0x5018:0xc510 0x9e457: or ax, 0 0x9e45a: add byte ptr [bx + si], al 0x9e45c: add word ptr [di], cx 0x9e45e: leave |
| 2018-12-25T11:53:02.906063728Z | 9 | PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ') |
| 2018-12-25T11:53:02.91355015Z | 76 | PC: 12a86 | Terminate with return code (Return code = '36') |
{"DateBased":true,"Day":1,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4855,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:53:03.241895545Z | 47 | PC: 14b21 | Get disk transfer address |
| 2018-12-25T11:53:03.244418127Z | 26 | PC: 14b29 | Set disk transfer address |
| 2018-12-25T11:53:03.252719528Z | 37 | PC: 14b3e | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input') |
| 2018-12-25T11:53:03.25393615Z | 37 | PC: 14b42 | Set interrupt vector (Interrupt = '1' AKA 'Character input') |
| 2018-12-25T11:53:03.255234454Z | 71 | PC: 14ccc | Get current directory |
| 2018-12-25T11:53:03.259034138Z | 59 | PC: 14cd4 | Change current directory |
| 2018-12-25T11:53:03.264118414Z | 47 | PC: 14d5a | Get disk transfer address |
| 2018-12-25T11:53:03.26560706Z | 26 | PC: 14d69 | Set disk transfer address |
| 2018-12-25T11:53:03.267574662Z | 78 | PC: 14d71 | Find first file |
| 2018-12-25T11:53:03.274129155Z | 26 | PC: 14d83 | Set disk transfer address |
| 2018-12-25T11:53:03.275190357Z | 47 | PC: 14cf0 | Get disk transfer address |
| 2018-12-25T11:53:03.277857411Z | 26 | PC: 14cfe | Set disk transfer address |
| 2018-12-25T11:53:03.279093661Z | 78 | PC: 14d09 | Find first file |
| 2018-12-25T11:53:03.286284596Z | 79 | PC: 14d31 | Find next file |
| 2018-12-25T11:53:03.293357074Z | 79 | PC: 14d31 | Find next file (See above) |
| 2018-12-25T11:53:03.298501798Z | 79 | PC: 14d31 | Find next file (See above) |
| 2018-12-25T11:53:03.302211551Z | 79 | PC: 14d31 | Find next file (See above) |
| 2018-12-25T11:53:03.306731099Z | 79 | PC: 14d31 | Find next file (See above) |
| 2018-12-25T11:53:03.3100641Z | 79 | PC: 14d31 | Find next file (See above) |
| 2018-12-25T11:53:03.313306734Z | 79 | PC: 14d31 | Find next file (See above) |
| 2018-12-25T11:53:03.316767344Z | 79 | PC: 14d31 | Find next file (See above) |
| 2018-12-25T11:53:03.319973937Z | 79 | PC: 14d31 | Find next file (See above) |
| 2018-12-25T11:53:03.322998415Z | 47 | PC: 14d5a | Get disk transfer address (See above) |
| 2018-12-25T11:53:03.324882505Z | 26 | PC: 14d69 | Set disk transfer address (See above) |
| 2018-12-25T11:53:03.326321757Z | 78 | PC: 14d71 | Find first file (See above) |
| 2018-12-25T11:53:03.333630536Z | 47 | PC: 14d8e | Get disk transfer address |
| 2018-12-25T11:53:03.33490346Z | 65 | PC: 14da7 | Delete file (Filename = 'CHKLIST.MS') |
| 2018-12-25T11:53:03.342499213Z | 61 | PC: 14daf | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:53:03.350471704Z | 63 | PC: 14dbb | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T11:53:03.358098101Z | 66 | PC: 14dc3 | Move file pointer |
| 2018-12-25T11:53:03.361399888Z | 62 | PC: 14dc8 | Close file |
| 2018-12-25T11:53:03.364204861Z | 67 | PC: 14de8 | Get or set file attributes |
| 2018-12-25T11:53:03.384263258Z | 61 | PC: 14ded | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:53:03.39274543Z | 64 | PC: 14df9 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T11:53:03.396119843Z | 66 | PC: 14e01 | Move file pointer |
| 2018-12-25T11:53:03.398937365Z | 64 | PC: 151a2 | Write file or device (Write 1681 bytes on handle 5) |
| 2018-12-25T11:53:03.410861726Z | 87 | PC: 14e11 | Get or set file date and time |
| 2018-12-25T11:53:03.412756027Z | 62 | PC: 14e15 | Close file |
| 2018-12-25T11:53:03.421313789Z | 67 | PC: 14e22 | Get or set file attributes |
| 2018-12-25T11:53:03.432969169Z | 26 | PC: 14d83 | Set disk transfer address (See above) |
| 2018-12-25T11:53:03.434717511Z | 26 | PC: 14d41 | Set disk transfer address |
| 2018-12-25T11:53:03.436463475Z | 59 | PC: 14ce5 | Change current directory |
| 2018-12-25T11:53:03.438944214Z | 42 | PC: 14e44 | Get date 0x14e44: mov al, dl 0x14e46: cwde 0x14e47: ret 0x14e48: insb byte ptr es:[di], dx 0x14e49: sub ax, 0x5945 0x14e4c: or al, 0xb4 0x14e4e: sub cl, ch 0x14e50: and word ptr [bp + si - 0x673a], cx 0x14e54: ret 0x14e55: push ss 0x14e56: int 0xee 0x14e58: fstp dword ptr [bx - 0x4c] 0x14e5b: sub cl, ch 0x14e5d: and word ptr [bx + si - 0x783d], bx 0x14e61: iret 0x14e62: or ax, 0x4944 0x14e65: mov al, byte ptr [di + 0x42e] 0x14e69: cwde 0x14e6a: ret 0x14e6b: inc bx |
| 2018-12-25T11:53:03.442095987Z | 42 | PC: 14e5e | Get date 0x14e5e: cwde 0x14e5f: ret 0x14e60: xchg di, cx 0x14e62: or ax, 0x4944 0x14e65: mov al, byte ptr [di + 0x42e] 0x14e69: cwde 0x14e6a: ret 0x14e6b: inc bx 0x14e6c: dec ax 0x14e6d: dec bx 0x14e6e: dec sp 0x14e6f: dec cx 0x14e70: push bx 0x14e71: push sp 0x14e72: dec bp 0x14e74: push bx 0x14e75: add byte ptr [0xc911], cl 0x14e79: sbb cl, byte ptr [di - 0x33] 0x14e7c: mov bx, 0xba18 0x14e7f: or al, 0xdf |
| 2018-12-25T11:53:03.444795881Z | 26 | PC: 14ca7 | Set disk transfer address |
| 2018-12-25T11:53:03.446707017Z | 74 | PC: 12c01 | Reallocate memory |
| 2018-12-25T11:53:03.449636556Z | 72 | PC: 12c0a | Allocate memory |
| 2018-12-25T11:53:03.451858347Z | 82 | PC: 12c16 | Get DOS internal pointers (SYSVARS) |
| 2018-12-25T11:53:03.453758686Z | 53 | PC: 9e3e0 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:53:03.456543804Z | 53 | PC: 9e3f1 | Get interrupt vector (Interrupt = '19' AKA 'Delete file') |
| 2018-12-25T11:53:03.458185291Z | 37 | PC: 9e407 | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:53:03.459793958Z | 42 | PC: 9e40b | Get date 0x9e40b: cmp dh, 1 0x9e40e: jne 0x9e441 0x9e410: mov ax, 0x3508 0x9e413: int 0x21 0x9e415: mov word ptr cs:[0x7c0], bx 0x9e41a: mov bx, es 0x9e41c: mov word ptr cs:[0x7c2], bx 0x9e421: mov ax, 0x2508 0x9e424: push cs 0x9e425: pop ds 0x9e426: mov dx, 0x7d0 0x9e429: int 0x21 0x9e42b: mov ah, 0x2c 0x9e42d: int 0x21 0x9e42f: mov ax, 0x800 0x9e432: mov dh, 0 0x9e434: mov cl, 5 0x9e436: shl dx, cl 0x9e438: add ax, dx 0x9e43a: mov word ptr cs:[0x7cc], ax |
| 2018-12-25T11:53:03.46308471Z | 9 | PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ') |
| 2018-12-25T11:53:03.470658846Z | 76 | PC: 12a86 | Terminate with return code (Return code = '36') |