{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7033,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:00:49.6114604Z | 37 | PC: 12bef | Set interrupt vector (Interrupt = '1' AKA 'Character input') |
| 2018-12-25T12:00:49.613051458Z | 37 | PC: 12bf3 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input') |
| 2018-12-25T12:00:49.614016271Z | 26 | PC: 12bfb | Set disk transfer address |
| 2018-12-25T12:00:49.614978269Z | 71 | PC: 12c08 | Get current directory |
| 2018-12-25T12:00:49.617965414Z | 42 | PC: 12c0d | Get date 0x12c0d: cmp dl, 6 0x12c10: jne 0x12c34 0x12c12: mov ax, 0x500 0x12c15: mov cx, 0 0x12c18: mov dh, 0 0x12c1a: mov dl, 0x80 0x12c1c: int 0x13 0x12c1e: jb 0x12be1 0x12c20: mov ah, 9 0x12c22: lea dx, word ptr [si + 0x27d] 0x12c26: int 0x21 0x12c28: nop 0x12c29: jmp 0x12c28 0x12c2b: mov cx, 0x4eb 0x12c2e: jmp 0x12c2c 0x12c30: cli 0x12c31: jmp 0x12c27 0x12c33: iret 0x12c34: lea dx, word ptr [si + 0x25c] 0x12c38: xor cx, cx |
| 2018-12-25T12:00:49.619923962Z | 78 | PC: 12c3e | Find first file |
| 2018-12-25T12:00:49.625524125Z | 61 | PC: 12c49 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:00:49.63696931Z | 63 | PC: 12c58 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:00:49.643403579Z | 79 | PC: 12c3e | Find next file (See above) |
| 2018-12-25T12:00:49.645818056Z | 61 | PC: 12c49 | Open file (See above) |
| 2018-12-25T12:00:49.652510037Z | 63 | PC: 12c58 | Read file or device (See above) |
| 2018-12-25T12:00:49.658476873Z | 79 | PC: 12c3e | Find next file (See above) |
| 2018-12-25T12:00:49.660934533Z | 61 | PC: 12c49 | Open file (See above) |
| 2018-12-25T12:00:49.667779201Z | 63 | PC: 12c58 | Read file or device (See above) |
| 2018-12-25T12:00:49.673931043Z | 79 | PC: 12c3e | Find next file (See above) |
| 2018-12-25T12:00:49.676661669Z | 61 | PC: 12c49 | Open file (See above) |
| 2018-12-25T12:00:49.687531396Z | 63 | PC: 12c58 | Read file or device (See above) |
| 2018-12-25T12:00:49.693922486Z | 79 | PC: 12c3e | Find next file (See above) |
| 2018-12-25T12:00:49.69630903Z | 61 | PC: 12c49 | Open file (See above) |
| 2018-12-25T12:00:49.703011831Z | 63 | PC: 12c58 | Read file or device (See above) |
| 2018-12-25T12:00:49.709430159Z | 79 | PC: 12c3e | Find next file (See above) |
| 2018-12-25T12:00:49.711830879Z | 61 | PC: 12c49 | Open file (See above) |
| 2018-12-25T12:00:49.718466831Z | 63 | PC: 12c58 | Read file or device (See above) |
| 2018-12-25T12:00:49.724502055Z | 79 | PC: 12c3e | Find next file (See above) |
| 2018-12-25T12:00:49.726829835Z | 61 | PC: 12c49 | Open file (See above) |
| 2018-12-25T12:00:49.733328429Z | 63 | PC: 12c58 | Read file or device (See above) |
| 2018-12-25T12:00:49.739404686Z | 79 | PC: 12c3e | Find next file (See above) |
| 2018-12-25T12:00:49.741731861Z | 61 | PC: 12c49 | Open file (See above) |
| 2018-12-25T12:00:49.748297611Z | 63 | PC: 12c58 | Read file or device (See above) |
| 2018-12-25T12:00:49.754309083Z | 87 | PC: 12c73 | Get or set file date and time |
| 2018-12-25T12:00:49.75549735Z | 66 | PC: 12c83 | Move file pointer |
| 2018-12-25T12:00:49.75714802Z | 63 | PC: 12c8c | Read file or device (Read 2 bytes on handle 12) |
| 2018-12-25T12:00:49.758791954Z | 79 | PC: 12c3e | Find next file (See above) |
| 2018-12-25T12:00:49.760262033Z | 59 | PC: 12c69 | Change current directory |
| 2018-12-25T12:00:49.763096347Z | 62 | PC: 12cd3 | Close file |
| 2018-12-25T12:00:49.764255785Z | 59 | PC: 12cdb | Change current directory |
| 2018-12-25T12:00:49.765300367Z | 26 | PC: 12ce2 | Set disk transfer address |
| 2018-12-25T12:00:49.76651951Z | 9 | PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ') |
| 2018-12-25T12:00:49.770252958Z | 76 | PC: 12a86 | Terminate with return code (Return code = '36') |
{"DateBased":true,"Day":6,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7033,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:00:49.605083827Z | 37 | PC: 12bef | Set interrupt vector (Interrupt = '1' AKA 'Character input') |
| 2018-12-25T12:00:49.606549855Z | 37 | PC: 12bf3 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input') |
| 2018-12-25T12:00:49.607862637Z | 26 | PC: 12bfb | Set disk transfer address |
| 2018-12-25T12:00:49.608968491Z | 71 | PC: 12c08 | Get current directory |
| 2018-12-25T12:00:49.612220822Z | 42 | PC: 12c0d | Get date 0x12c0d: cmp dl, 6 0x12c10: jne 0x12c34 0x12c12: mov ax, 0x500 0x12c15: mov cx, 0 0x12c18: mov dh, 0 0x12c1a: mov dl, 0x80 0x12c1c: int 0x13 0x12c1e: jb 0x12be1 0x12c20: mov ah, 9 0x12c22: lea dx, word ptr [si + 0x27d] 0x12c26: int 0x21 0x12c28: nop 0x12c29: jmp 0x12c28 0x12c2b: mov cx, 0x4eb 0x12c2e: jmp 0x12c2c 0x12c30: cli 0x12c31: jmp 0x12c27 0x12c33: iret 0x12c34: lea dx, word ptr [si + 0x25c] 0x12c38: xor cx, cx |
| 2018-12-25T12:00:49.616545498Z | 62 | PC: 12cd3 | Close file |
| 2018-12-25T12:00:49.618286719Z | 59 | PC: 12cdb | Change current directory |
| 2018-12-25T12:00:49.620286143Z | 26 | PC: 12ce2 | Set disk transfer address |
| 2018-12-25T12:00:49.621844395Z | 9 | PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ') |
| 2018-12-25T12:00:49.627798168Z | 76 | PC: 12a86 | Terminate with return code (Return code = '36') |