{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10810,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:29:18.924311751Z | 48 | PC: 12a99 | Get DOS version |
| 2018-12-25T12:29:18.926053123Z | 42 | PC: 12aa4 | Get date 0x12aa4: cmp cx, 0x7ca 0x12aa8: jae 0x12aad 0x12aaa: jmp 0x12b5a 0x12aad: mov ah, 0x1a 0x12aaf: mov dx, 0xfd00 0x12ab2: int 0x21 0x12ab4: mov ax, word ptr cs:[0x2c] 0x12ab8: mov ds, ax 0x12aba: mov si, 0 0x12abd: mov cx, 0x4000 0x12ac0: lodsb al, byte ptr [si] 0x12ac1: cmp al, 1 0x12ac3: je 0x12ac7 0x12ac5: loop 0x12ac0 0x12ac7: inc si 0x12ac8: push cs 0x12ac9: pop es 0x12aca: mov di, 0xfd80 0x12acd: mov cx, 0x80 0x12ad0: lodsb al, byte ptr [si] |
| 2018-12-25T12:29:18.928204203Z | 26 | PC: 12b61 | Set disk transfer address |
| 2018-12-25T12:29:18.929362687Z | 78 | PC: 12b6b | Find first file |
| 2018-12-25T12:29:18.935883536Z | 67 | PC: 12b78 | Get or set file attributes |
| 2018-12-25T12:29:18.941996442Z | 67 | PC: 12b80 | Get or set file attributes |
| 2018-12-25T12:29:19.022292668Z | 61 | PC: 12b85 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:29:19.029342775Z | 87 | PC: 12b8b | Get or set file date and time |
| 2018-12-25T12:29:19.031018424Z | 63 | PC: 12b98 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T12:29:19.037042332Z | 66 | PC: 12bbe | Move file pointer |
| 2018-12-25T12:29:19.038555537Z | 66 | PC: 12c5d | Move file pointer |
| 2018-12-25T12:29:19.040229384Z | 63 | PC: 12c67 | Read file or device (Read 52 bytes on handle 5) |
| 2018-12-25T12:29:19.042444744Z | 66 | PC: 12bbe | Move file pointer (See above) |
| 2018-12-25T12:29:19.04371977Z | 44 | PC: 12cb4 | Get time 0x12cb4: cmp dl, 0 0x12cb7: jne 0x12cc3 0x12cb9: mov ah, 9 0x12cbb: lea dx, word ptr [bp + 0x473] 0x12cbf: int 0x21 0x12cc1: jmp 0x12cb0 0x12cc3: mov byte ptr cs:[bp + 0x18], dl 0x12cc8: lea si, word ptr [bp + 4] 0x12ccc: mov di, 0xfb00 0x12ccf: mov cx, 0x18 0x12cd2: rep movsb byte ptr es:[di], byte ptr [si] 0x12cd4: lea si, word ptr [bp + 0x1c] 0x12cd8: mov cx, 0x4b8 0x12cdb: lodsb al, byte ptr [si] 0x12cdc: xor al, dl 0x12cde: stosb byte ptr es:[di], al 0x12cdf: loop 0x12cdb 0x12ce1: mov ah, 0x40 0x12ce3: mov dx, 0xfb00 0x12ce6: mov cx, 0x4d0 |
| 2018-12-25T12:29:19.046456698Z | 64 | PC: 12ceb | Write file or device (Write 1232 bytes on handle 5) |
| 2018-12-25T12:29:19.055044151Z | 66 | PC: 12bbe | Move file pointer (See above) |
| 2018-12-25T12:29:19.056439862Z | 64 | PC: 12cfc | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:29:19.063558332Z | 87 | PC: 12d2c | Get or set file date and time |
| 2018-12-25T12:29:19.065581875Z | 62 | PC: 12d30 | Close file |
| 2018-12-25T12:29:19.073264543Z | 67 | PC: 12d39 | Get or set file attributes |
| 2018-12-25T12:29:19.078653275Z | 65 | PC: 12d41 | Delete file (Filename = 'chklist.cps') |
| 2018-12-25T12:29:19.084315065Z | 26 | PC: 12d06 | Set disk transfer address |
{"DateBased":true,"Day":1,"Month":1,"Year":1995,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10810,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:29:19.256845984Z | 48 | PC: 12a99 | Get DOS version |
| 2018-12-25T12:29:19.259377408Z | 42 | PC: 12aa4 | Get date 0x12aa4: cmp cx, 0x7ca 0x12aa8: jae 0x12aad 0x12aaa: jmp 0x12b5a 0x12aad: mov ah, 0x1a 0x12aaf: mov dx, 0xfd00 0x12ab2: int 0x21 0x12ab4: mov ax, word ptr cs:[0x2c] 0x12ab8: mov ds, ax 0x12aba: mov si, 0 0x12abd: mov cx, 0x4000 0x12ac0: lodsb al, byte ptr [si] 0x12ac1: cmp al, 1 0x12ac3: je 0x12ac7 0x12ac5: loop 0x12ac0 0x12ac7: inc si 0x12ac8: push cs 0x12ac9: pop es 0x12aca: mov di, 0xfd80 0x12acd: mov cx, 0x80 0x12ad0: lodsb al, byte ptr [si] |
| 2018-12-25T12:29:19.261931203Z | 26 | PC: 12ab4 | Set disk transfer address |
| 2018-12-25T12:29:19.263105326Z | 67 | PC: 12b02 | Get or set file attributes |
| 2018-12-25T12:29:19.26482065Z | 26 | PC: 12d06 | Set disk transfer address |