{"DateBased":true,"Day":27,"Month":8,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12018,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:31:49.426204719Z | 42 | PC: 21e6f | Get date 0x21e6f: cmp dh, 8 0x21e72: jb 0x21e88 0x21e74: cmp dl, 0x16 0x21e77: jb 0x21e88 0x21e79: cmp al, 3 0x21e7b: jne 0x21e88 0x21e7d: mov ah, 9 0x21e7f: lea dx, word ptr [bp + 0x12c] 0x21e83: int 0x21 0x21e85: cli 0x21e86: jmp 0x21e85 0x21e88: mov ah, 0x1a 0x21e8a: mov dx, 0xfc00 0x21e8d: int 0x21 0x21e8f: mov ah, 0x4e 0x21e91: lea dx, word ptr [bp + 0x126] 0x21e95: xor cx, cx 0x21e97: int 0x21 0x21e99: jae 0x21e9e 0x21e9b: jmp 0x21f3b |
| 2018-12-25T12:31:49.429275555Z | 9 | PC: 21e85 | Display string (Could not find end pointer) |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12018,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:31:50.297348248Z | 42 | PC: 21e6f | Get date 0x21e6f: cmp dh, 8 0x21e72: jb 0x21e88 0x21e74: cmp dl, 0x16 0x21e77: jb 0x21e88 0x21e79: cmp al, 3 0x21e7b: jne 0x21e88 0x21e7d: mov ah, 9 0x21e7f: lea dx, word ptr [bp + 0x12c] 0x21e83: int 0x21 0x21e85: cli 0x21e86: jmp 0x21e85 0x21e88: mov ah, 0x1a 0x21e8a: mov dx, 0xfc00 0x21e8d: int 0x21 0x21e8f: mov ah, 0x4e 0x21e91: lea dx, word ptr [bp + 0x126] 0x21e95: xor cx, cx 0x21e97: int 0x21 0x21e99: jae 0x21e9e 0x21e9b: jmp 0x21f3b |
| 2018-12-25T12:31:50.300074053Z | 26 | PC: 21e8f | Set disk transfer address |
| 2018-12-25T12:31:50.30096408Z | 78 | PC: 21e99 | Find first file |
| 2018-12-25T12:31:50.305955298Z | 67 | PC: 21ea6 | Get or set file attributes |
| 2018-12-25T12:31:50.310271016Z | 67 | PC: 21eae | Get or set file attributes |
| 2018-12-25T12:31:50.564986385Z | 61 | PC: 21eb3 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:31:50.572751178Z | 87 | PC: 21eb9 | Get or set file date and time |
| 2018-12-25T12:31:50.575069782Z | 63 | PC: 21ec6 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T12:31:50.582638685Z | 66 | PC: 21eec | Move file pointer |
| 2018-12-25T12:31:50.584522352Z | 44 | PC: 21eff | Get time 0x21eff: mov byte ptr cs:[bp + 0x17], dl 0x21f04: lea si, word ptr [bp + 3] 0x21f08: mov di, 0xfd00 0x21f0b: mov cx, 0x18 0x21f0e: rep movsb byte ptr es:[di], byte ptr [si] 0x21f10: lea si, word ptr [bp + 0x1b] 0x21f14: mov cx, 0x22a 0x21f17: lodsb al, byte ptr [si] 0x21f18: xor al, dl 0x21f1a: stosb byte ptr es:[di], al 0x21f1b: loop 0x21f17 0x21f1d: mov ah, 0x40 0x21f1f: mov dx, 0xfd00 0x21f22: mov cx, 0x242 0x21f25: int 0x21 0x21f27: mov ax, 0x4200 0x21f2a: call 0x31ee6 0x21f2d: mov ah, 0x40 0x21f2f: lea dx, word ptr [bp + 0x123] 0x21f33: mov cx, 4 |
| 2018-12-25T12:31:50.587453754Z | 64 | PC: 21f27 | Write file or device (Write 578 bytes on handle 5) |
| 2018-12-25T12:31:50.680416101Z | 66 | PC: 21eec | Move file pointer (See above) |
| 2018-12-25T12:31:50.682553875Z | 64 | PC: 21f38 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:31:50.691285778Z | 87 | PC: 21f51 | Get or set file date and time |
| 2018-12-25T12:31:50.693482994Z | 62 | PC: 21f55 | Close file |
| 2018-12-25T12:31:50.74200441Z | 67 | PC: 21f5e | Get or set file attributes |
| 2018-12-25T12:31:50.765153756Z | 26 | PC: 21f42 | Set disk transfer address |
| 2018-12-25T12:31:50.766303067Z | 9 | PC: 12a85 | Display string (String= 'S ') |
| 2018-12-25T12:31:50.770049209Z | 0 | PC: 12a89 | Program terminate |
{"DateBased":true,"Day":1,"Month":8,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12018,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:31:50.744859266Z | 42 | PC: 21e6f | Get date 0x21e6f: cmp dh, 8 0x21e72: jb 0x21e88 0x21e74: cmp dl, 0x16 0x21e77: jb 0x21e88 0x21e79: cmp al, 3 0x21e7b: jne 0x21e88 0x21e7d: mov ah, 9 0x21e7f: lea dx, word ptr [bp + 0x12c] 0x21e83: int 0x21 0x21e85: cli 0x21e86: jmp 0x21e85 0x21e88: mov ah, 0x1a 0x21e8a: mov dx, 0xfc00 0x21e8d: int 0x21 0x21e8f: mov ah, 0x4e 0x21e91: lea dx, word ptr [bp + 0x126] 0x21e95: xor cx, cx 0x21e97: int 0x21 0x21e99: jae 0x21e9e 0x21e9b: jmp 0x21f3b |
| 2018-12-25T12:31:50.746804612Z | 26 | PC: 21e8f | Set disk transfer address |
| 2018-12-25T12:31:50.748168856Z | 78 | PC: 21e99 | Find first file |
| 2018-12-25T12:31:50.752544205Z | 67 | PC: 21ea6 | Get or set file attributes |
| 2018-12-25T12:31:50.762443555Z | 67 | PC: 21eae | Get or set file attributes |
| 2018-12-25T12:31:51.271897417Z | 61 | PC: 21eb3 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:31:51.279601681Z | 87 | PC: 21eb9 | Get or set file date and time |
| 2018-12-25T12:31:51.282424868Z | 63 | PC: 21ec6 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T12:31:51.289677186Z | 66 | PC: 21eec | Move file pointer |
| 2018-12-25T12:31:51.291133625Z | 44 | PC: 21eff | Get time 0x21eff: mov byte ptr cs:[bp + 0x17], dl 0x21f04: lea si, word ptr [bp + 3] 0x21f08: mov di, 0xfd00 0x21f0b: mov cx, 0x18 0x21f0e: rep movsb byte ptr es:[di], byte ptr [si] 0x21f10: lea si, word ptr [bp + 0x1b] 0x21f14: mov cx, 0x22a 0x21f17: lodsb al, byte ptr [si] 0x21f18: xor al, dl 0x21f1a: stosb byte ptr es:[di], al 0x21f1b: loop 0x21f17 0x21f1d: mov ah, 0x40 0x21f1f: mov dx, 0xfd00 0x21f22: mov cx, 0x242 0x21f25: int 0x21 0x21f27: mov ax, 0x4200 0x21f2a: call 0x31ee6 0x21f2d: mov ah, 0x40 0x21f2f: lea dx, word ptr [bp + 0x123] 0x21f33: mov cx, 4 |
| 2018-12-25T12:31:51.294554235Z | 64 | PC: 21f27 | Write file or device (Write 578 bytes on handle 5) |
| 2018-12-25T12:31:51.303790561Z | 66 | PC: 21eec | Move file pointer (See above) |
| 2018-12-25T12:31:51.30573225Z | 64 | PC: 21f38 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:31:51.315778456Z | 87 | PC: 21f51 | Get or set file date and time |
| 2018-12-25T12:31:51.318354702Z | 62 | PC: 21f55 | Close file |
| 2018-12-25T12:31:51.327228356Z | 67 | PC: 21f5e | Get or set file attributes |
| 2018-12-25T12:31:51.339095444Z | 26 | PC: 21f42 | Set disk transfer address |
| 2018-12-25T12:31:51.341259361Z | 9 | PC: 12a85 | Display string (String= 'S ') |
| 2018-12-25T12:31:51.347387928Z | 0 | PC: 12a89 | Program terminate |
{"DateBased":true,"Day":22,"Month":8,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12018,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:31:50.880049266Z | 42 | PC: 21e6f | Get date 0x21e6f: cmp dh, 8 0x21e72: jb 0x21e88 0x21e74: cmp dl, 0x16 0x21e77: jb 0x21e88 0x21e79: cmp al, 3 0x21e7b: jne 0x21e88 0x21e7d: mov ah, 9 0x21e7f: lea dx, word ptr [bp + 0x12c] 0x21e83: int 0x21 0x21e85: cli 0x21e86: jmp 0x21e85 0x21e88: mov ah, 0x1a 0x21e8a: mov dx, 0xfc00 0x21e8d: int 0x21 0x21e8f: mov ah, 0x4e 0x21e91: lea dx, word ptr [bp + 0x126] 0x21e95: xor cx, cx 0x21e97: int 0x21 0x21e99: jae 0x21e9e 0x21e9b: jmp 0x21f3b |
| 2018-12-25T12:31:50.882294834Z | 26 | PC: 21e8f | Set disk transfer address |
| 2018-12-25T12:31:50.883198986Z | 78 | PC: 21e99 | Find first file |
| 2018-12-25T12:31:50.887434453Z | 67 | PC: 21ea6 | Get or set file attributes |
| 2018-12-25T12:31:50.892268478Z | 67 | PC: 21eae | Get or set file attributes |
| 2018-12-25T12:31:51.271571345Z | 61 | PC: 21eb3 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:31:51.279609055Z | 87 | PC: 21eb9 | Get or set file date and time |
| 2018-12-25T12:31:51.282766734Z | 63 | PC: 21ec6 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T12:31:51.289925226Z | 66 | PC: 21eec | Move file pointer |
| 2018-12-25T12:31:51.291345996Z | 44 | PC: 21eff | Get time 0x21eff: mov byte ptr cs:[bp + 0x17], dl 0x21f04: lea si, word ptr [bp + 3] 0x21f08: mov di, 0xfd00 0x21f0b: mov cx, 0x18 0x21f0e: rep movsb byte ptr es:[di], byte ptr [si] 0x21f10: lea si, word ptr [bp + 0x1b] 0x21f14: mov cx, 0x22a 0x21f17: lodsb al, byte ptr [si] 0x21f18: xor al, dl 0x21f1a: stosb byte ptr es:[di], al 0x21f1b: loop 0x21f17 0x21f1d: mov ah, 0x40 0x21f1f: mov dx, 0xfd00 0x21f22: mov cx, 0x242 0x21f25: int 0x21 0x21f27: mov ax, 0x4200 0x21f2a: call 0x31ee6 0x21f2d: mov ah, 0x40 0x21f2f: lea dx, word ptr [bp + 0x123] 0x21f33: mov cx, 4 |
| 2018-12-25T12:31:51.294355423Z | 64 | PC: 21f27 | Write file or device (Write 578 bytes on handle 5) |
| 2018-12-25T12:31:51.303247342Z | 66 | PC: 21eec | Move file pointer (See above) |
| 2018-12-25T12:31:51.304848257Z | 64 | PC: 21f38 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:31:51.313974534Z | 87 | PC: 21f51 | Get or set file date and time |
| 2018-12-25T12:31:51.31569722Z | 62 | PC: 21f55 | Close file |
| 2018-12-25T12:31:51.324363401Z | 67 | PC: 21f5e | Get or set file attributes |
| 2018-12-25T12:31:51.335555069Z | 26 | PC: 21f42 | Set disk transfer address |
| 2018-12-25T12:31:51.337660934Z | 9 | PC: 12a85 | Display string (String= 'S ') |
| 2018-12-25T12:31:51.345486651Z | 0 | PC: 12a89 | Program terminate |