{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":11429,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:30:33.996742126Z | 53 | PC: 12ad1 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:30:33.998583321Z | 37 | PC: 12ae4 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:30:34.002196897Z | 26 | PC: 12aec | Set disk transfer address |
| 2018-12-25T12:30:34.003527788Z | 78 | PC: 12b37 | Find first file |
| 2018-12-25T12:30:34.010337162Z | 67 | PC: 12bfc | Get or set file attributes |
| 2018-12-25T12:30:34.028610095Z | 61 | PC: 12b8c | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:30:34.036491768Z | 44 | PC: 12b94 | Get time 0x12b94: and dh, 7 0x12b97: jne 0x12ba1 0x12b99: mov cx, 5 0x12b9c: lea dx, word ptr [si + 0xb] 0x12b9f: jmp 0x12bca 0x12ba1: mov ah, 0x3f 0x12ba3: mov cx, 3 0x12ba6: lea dx, word ptr [si - 6] 0x12ba9: call 0x12bfa 0x12bac: jb 0x12bcd 0x12bae: mov ax, 0x4202 0x12bb1: call 0x12bf3 0x12bb4: mov word ptr [bp - 0x7a], ax 0x12bb7: mov cx, 0x161 0x12bba: lea dx, word ptr [si - 6] 0x12bbd: call 0x12bf8 0x12bc0: jb 0x12bcd 0x12bc2: call 0x12bf0 0x12bc5: mov cl, 3 0x12bc7: lea dx, word ptr [bp - 0x7b] |
| 2018-12-25T12:30:34.038838243Z | 63 | PC: 12bfc | Read file or device (See above) |
| 2018-12-25T12:30:34.047186178Z | 66 | PC: 12bfc | Move file pointer (See above) |
| 2018-12-25T12:30:34.04876591Z | 64 | PC: 12bfc | Write file or device (See above) |
| 2018-12-25T12:30:34.058191057Z | 66 | PC: 12bfc | Move file pointer (See above) |
| 2018-12-25T12:30:34.06091055Z | 64 | PC: 12bfc | Write file or device (See above) |
| 2018-12-25T12:30:34.068747507Z | 87 | PC: 12bdb | Get or set file date and time |
| 2018-12-25T12:30:34.070302329Z | 62 | PC: 12bdf | Close file |
| 2018-12-25T12:30:34.079259205Z | 67 | PC: 12bed | Get or set file attributes |
| 2018-12-25T12:30:34.09053495Z | 37 | PC: 12b50 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:30:34.091864583Z | 26 | PC: 12b59 | Set disk transfer address |
| 2018-12-25T12:30:34.093147005Z | 9 | PC: 12aa2 | Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ') |
{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":7,"TimeBased":true,"OriginalID":11429,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:30:34.585135648Z | 53 | PC: 12ad1 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:30:34.587571017Z | 37 | PC: 12ae4 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:30:34.593927648Z | 26 | PC: 12aec | Set disk transfer address |
| 2018-12-25T12:30:34.595460309Z | 78 | PC: 12b37 | Find first file |
| 2018-12-25T12:30:34.602817232Z | 67 | PC: 12bfc | Get or set file attributes |
| 2018-12-25T12:30:34.620490349Z | 61 | PC: 12b8c | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:30:34.627169977Z | 44 | PC: 12b94 | Get time 0x12b94: and dh, 7 0x12b97: jne 0x12ba1 0x12b99: mov cx, 5 0x12b9c: lea dx, word ptr [si + 0xb] 0x12b9f: jmp 0x12bca 0x12ba1: mov ah, 0x3f 0x12ba3: mov cx, 3 0x12ba6: lea dx, word ptr [si - 6] 0x12ba9: call 0x12bfa 0x12bac: jb 0x12bcd 0x12bae: mov ax, 0x4202 0x12bb1: call 0x12bf3 0x12bb4: mov word ptr [bp - 0x7a], ax 0x12bb7: mov cx, 0x161 0x12bba: lea dx, word ptr [si - 6] 0x12bbd: call 0x12bf8 0x12bc0: jb 0x12bcd 0x12bc2: call 0x12bf0 0x12bc5: mov cl, 3 0x12bc7: lea dx, word ptr [bp - 0x7b] |
| 2018-12-25T12:30:34.629856761Z | 63 | PC: 12bfc | Read file or device (See above) |
| 2018-12-25T12:30:34.636913419Z | 66 | PC: 12bfc | Move file pointer (See above) |
| 2018-12-25T12:30:34.638588354Z | 64 | PC: 12bfc | Write file or device (See above) |
| 2018-12-25T12:30:34.658937939Z | 66 | PC: 12bfc | Move file pointer (See above) |
| 2018-12-25T12:30:34.66115007Z | 64 | PC: 12bfc | Write file or device (See above) |
| 2018-12-25T12:30:34.668010257Z | 87 | PC: 12bdb | Get or set file date and time |
| 2018-12-25T12:30:34.670524789Z | 62 | PC: 12bdf | Close file |
| 2018-12-25T12:30:34.679627384Z | 67 | PC: 12bed | Get or set file attributes |
| 2018-12-25T12:30:34.689698866Z | 37 | PC: 12b50 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:30:34.691278897Z | 26 | PC: 12b59 | Set disk transfer address |
| 2018-12-25T12:30:34.693384986Z | 9 | PC: 12aa2 | Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ') |