{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11861,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:31:25.122444372Z | 42 | PC: 12a52 | Get date 0x12a52: cmp dh, 8 0x12a55: jb 0x12a74 0x12a57: cmp dh, 8 0x12a5a: jg 0x12a74 0x12a5c: cmp dl, 3 0x12a5f: jb 0x12a74 0x12a61: cmp dl, 0x12 0x12a64: jg 0x12a74 0x12a66: int 0x20 0x12a68: mov al, 2 0x12a6a: mov cx, 0x50 0x12a6d: mov dx, 0 0x12a70: int 0x26 0x12a72: jmp 0x12a72 0x12a74: mov ax, word ptr [0x240] 0x12a77: mov word ptr [0x23c], ax 0x12a7a: mov bx, word ptr [0x242] 0x12a7e: mov word ptr [0x23e], bx 0x12a82: mov ah, 0x1a 0x12a84: mov dx, 0x244 |
| 2018-12-25T12:31:25.124726949Z | 26 | PC: 12a89 | Set disk transfer address |
| 2018-12-25T12:31:25.125642847Z | 78 | PC: 12a93 | Find first file |
| 2018-12-25T12:31:25.129987986Z | 61 | PC: 12ab3 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:31:25.134472306Z | 63 | PC: 12ac2 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T12:31:25.139430809Z | 62 | PC: 12ac6 | Close file |
| 2018-12-25T12:31:25.140821264Z | 67 | PC: 12ae4 | Get or set file attributes |
| 2018-12-25T12:31:25.144652963Z | 67 | PC: 12aee | Get or set file attributes |
| 2018-12-25T12:31:25.157732171Z | 61 | PC: 12af7 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:31:25.162124199Z | 87 | PC: 12b02 | Get or set file date and time |
| 2018-12-25T12:31:25.163312659Z | 63 | PC: 12b0e | Read file or device (Read 482 bytes on handle 5) |
| 2018-12-25T12:31:25.16587432Z | 66 | PC: 12b18 | Move file pointer |
| 2018-12-25T12:31:25.176320109Z | 64 | PC: 12b30 | Write file or device (Write 28 bytes on handle 5) |
| 2018-12-25T12:31:25.17828773Z | 64 | PC: 12b3a | Write file or device (Write 480 bytes on handle 5) |
| 2018-12-25T12:31:25.18432893Z | 66 | PC: 12b44 | Move file pointer |
| 2018-12-25T12:31:25.18558522Z | 64 | PC: 12b4e | Write file or device (Write 480 bytes on handle 5) |
| 2018-12-25T12:31:25.192753676Z | 87 | PC: 12b56 | Get or set file date and time |
| 2018-12-25T12:31:25.194533873Z | 62 | PC: 12b5a | Close file |
| 2018-12-25T12:31:25.200329302Z | 26 | PC: 12b6f | Set disk transfer address |
{"DateBased":true,"Day":1,"Month":8,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11861,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:31:25.124992442Z | 42 | PC: 12a52 | Get date 0x12a52: cmp dh, 8 0x12a55: jb 0x12a74 0x12a57: cmp dh, 8 0x12a5a: jg 0x12a74 0x12a5c: cmp dl, 3 0x12a5f: jb 0x12a74 0x12a61: cmp dl, 0x12 0x12a64: jg 0x12a74 0x12a66: int 0x20 0x12a68: mov al, 2 0x12a6a: mov cx, 0x50 0x12a6d: mov dx, 0 0x12a70: int 0x26 0x12a72: jmp 0x12a72 0x12a74: mov ax, word ptr [0x240] 0x12a77: mov word ptr [0x23c], ax 0x12a7a: mov bx, word ptr [0x242] 0x12a7e: mov word ptr [0x23e], bx 0x12a82: mov ah, 0x1a 0x12a84: mov dx, 0x244 |
| 2018-12-25T12:31:25.127825242Z | 26 | PC: 12a89 | Set disk transfer address |
| 2018-12-25T12:31:25.129187449Z | 78 | PC: 12a93 | Find first file |
| 2018-12-25T12:31:25.133155957Z | 61 | PC: 12ab3 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:31:25.137665437Z | 63 | PC: 12ac2 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T12:31:25.141951546Z | 62 | PC: 12ac6 | Close file |
| 2018-12-25T12:31:25.143702331Z | 67 | PC: 12ae4 | Get or set file attributes |
| 2018-12-25T12:31:25.152660452Z | 67 | PC: 12aee | Get or set file attributes |
| 2018-12-25T12:31:25.165851947Z | 61 | PC: 12af7 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:31:25.180719935Z | 87 | PC: 12b02 | Get or set file date and time |
| 2018-12-25T12:31:25.182340675Z | 63 | PC: 12b0e | Read file or device (Read 482 bytes on handle 5) |
| 2018-12-25T12:31:25.191035491Z | 66 | PC: 12b18 | Move file pointer |
| 2018-12-25T12:31:25.192677352Z | 64 | PC: 12b30 | Write file or device (Write 28 bytes on handle 5) |
| 2018-12-25T12:31:25.195603019Z | 64 | PC: 12b3a | Write file or device (Write 480 bytes on handle 5) |
| 2018-12-25T12:31:25.204379505Z | 66 | PC: 12b44 | Move file pointer |
| 2018-12-25T12:31:25.205709146Z | 64 | PC: 12b4e | Write file or device (Write 480 bytes on handle 5) |
| 2018-12-25T12:31:25.212204196Z | 87 | PC: 12b56 | Get or set file date and time |
| 2018-12-25T12:31:25.214730577Z | 62 | PC: 12b5a | Close file |
| 2018-12-25T12:31:25.223311975Z | 26 | PC: 12b6f | Set disk transfer address |
{"DateBased":true,"Day":3,"Month":8,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11861,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:31:25.152037011Z | 42 | PC: 12a52 | Get date 0x12a52: cmp dh, 8 0x12a55: jb 0x12a74 0x12a57: cmp dh, 8 0x12a5a: jg 0x12a74 0x12a5c: cmp dl, 3 0x12a5f: jb 0x12a74 0x12a61: cmp dl, 0x12 0x12a64: jg 0x12a74 0x12a66: int 0x20 0x12a68: mov al, 2 0x12a6a: mov cx, 0x50 0x12a6d: mov dx, 0 0x12a70: int 0x26 0x12a72: jmp 0x12a72 0x12a74: mov ax, word ptr [0x240] 0x12a77: mov word ptr [0x23c], ax 0x12a7a: mov bx, word ptr [0x242] 0x12a7e: mov word ptr [0x23e], bx 0x12a82: mov ah, 0x1a 0x12a84: mov dx, 0x244 |
{"DateBased":true,"Day":19,"Month":8,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11861,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:31:25.183717184Z | 42 | PC: 12a52 | Get date 0x12a52: cmp dh, 8 0x12a55: jb 0x12a74 0x12a57: cmp dh, 8 0x12a5a: jg 0x12a74 0x12a5c: cmp dl, 3 0x12a5f: jb 0x12a74 0x12a61: cmp dl, 0x12 0x12a64: jg 0x12a74 0x12a66: int 0x20 0x12a68: mov al, 2 0x12a6a: mov cx, 0x50 0x12a6d: mov dx, 0 0x12a70: int 0x26 0x12a72: jmp 0x12a72 0x12a74: mov ax, word ptr [0x240] 0x12a77: mov word ptr [0x23c], ax 0x12a7a: mov bx, word ptr [0x242] 0x12a7e: mov word ptr [0x23e], bx 0x12a82: mov ah, 0x1a 0x12a84: mov dx, 0x244 |
| 2018-12-25T12:31:25.187198383Z | 26 | PC: 12a89 | Set disk transfer address |
| 2018-12-25T12:31:25.188599278Z | 78 | PC: 12a93 | Find first file |
| 2018-12-25T12:31:25.194800538Z | 61 | PC: 12ab3 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:31:25.202008812Z | 63 | PC: 12ac2 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T12:31:25.208582729Z | 62 | PC: 12ac6 | Close file |
| 2018-12-25T12:31:25.210168352Z | 67 | PC: 12ae4 | Get or set file attributes |
| 2018-12-25T12:31:25.215890657Z | 67 | PC: 12aee | Get or set file attributes |
| 2018-12-25T12:31:25.232074305Z | 61 | PC: 12af7 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:31:25.249006391Z | 87 | PC: 12b02 | Get or set file date and time |
| 2018-12-25T12:31:25.257430899Z | 63 | PC: 12b0e | Read file or device (Read 482 bytes on handle 5) |
| 2018-12-25T12:31:25.265063557Z | 66 | PC: 12b18 | Move file pointer |
| 2018-12-25T12:31:25.266961609Z | 64 | PC: 12b30 | Write file or device (Write 28 bytes on handle 5) |
| 2018-12-25T12:31:25.270112497Z | 64 | PC: 12b3a | Write file or device (Write 480 bytes on handle 5) |
| 2018-12-25T12:31:25.282907712Z | 66 | PC: 12b44 | Move file pointer |
| 2018-12-25T12:31:25.284306184Z | 64 | PC: 12b4e | Write file or device (Write 480 bytes on handle 5) |
| 2018-12-25T12:31:25.290724352Z | 87 | PC: 12b56 | Get or set file date and time |
| 2018-12-25T12:31:25.296315872Z | 62 | PC: 12b5a | Close file |
| 2018-12-25T12:31:25.304213179Z | 26 | PC: 12b6f | Set disk transfer address |
{"DateBased":true,"Day":1,"Month":9,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11861,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:31:25.489985256Z | 42 | PC: 12a52 | Get date 0x12a52: cmp dh, 8 0x12a55: jb 0x12a74 0x12a57: cmp dh, 8 0x12a5a: jg 0x12a74 0x12a5c: cmp dl, 3 0x12a5f: jb 0x12a74 0x12a61: cmp dl, 0x12 0x12a64: jg 0x12a74 0x12a66: int 0x20 0x12a68: mov al, 2 0x12a6a: mov cx, 0x50 0x12a6d: mov dx, 0 0x12a70: int 0x26 0x12a72: jmp 0x12a72 0x12a74: mov ax, word ptr [0x240] 0x12a77: mov word ptr [0x23c], ax 0x12a7a: mov bx, word ptr [0x242] 0x12a7e: mov word ptr [0x23e], bx 0x12a82: mov ah, 0x1a 0x12a84: mov dx, 0x244 |
| 2018-12-25T12:31:25.49666332Z | 26 | PC: 12a89 | Set disk transfer address |
| 2018-12-25T12:31:25.497812567Z | 78 | PC: 12a93 | Find first file |
| 2018-12-25T12:31:25.501704152Z | 61 | PC: 12ab3 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:31:25.5062753Z | 63 | PC: 12ac2 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T12:31:25.525381382Z | 62 | PC: 12ac6 | Close file |
| 2018-12-25T12:31:25.527523334Z | 67 | PC: 12ae4 | Get or set file attributes |
| 2018-12-25T12:31:25.534000665Z | 67 | PC: 12aee | Get or set file attributes |
| 2018-12-25T12:31:25.556162572Z | 61 | PC: 12af7 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:31:25.572858233Z | 87 | PC: 12b02 | Get or set file date and time |
| 2018-12-25T12:31:25.574688201Z | 63 | PC: 12b0e | Read file or device (Read 482 bytes on handle 5) |
| 2018-12-25T12:31:25.580593255Z | 66 | PC: 12b18 | Move file pointer |
| 2018-12-25T12:31:25.582328386Z | 64 | PC: 12b30 | Write file or device (Write 28 bytes on handle 5) |
| 2018-12-25T12:31:25.585281128Z | 64 | PC: 12b3a | Write file or device (Write 480 bytes on handle 5) |
| 2018-12-25T12:31:25.594413267Z | 66 | PC: 12b44 | Move file pointer |
| 2018-12-25T12:31:25.596097311Z | 64 | PC: 12b4e | Write file or device (Write 480 bytes on handle 5) |
| 2018-12-25T12:31:25.61867358Z | 87 | PC: 12b56 | Get or set file date and time |
| 2018-12-25T12:31:25.621046092Z | 62 | PC: 12b5a | Close file |
| 2018-12-25T12:31:25.629594072Z | 26 | PC: 12b6f | Set disk transfer address |