{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12421,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:32:54.47401436Z | 47 | PC: 12a68 | Get disk transfer address |
| 2018-12-25T12:32:54.476058687Z | 26 | PC: 12a70 | Set disk transfer address |
| 2018-12-25T12:32:54.477976552Z | 42 | PC: 12a80 | Get date 0x12a80: cmp dx, 0x314 0x12a84: jne 0x12aa8 0x12a86: cmp cx, 0x7c9 0x12a8a: jl 0x12aa8 0x12a8c: lea si, word ptr [di + 0x275] 0x12a90: mov ah, 0xe 0x12a92: lodsb al, byte ptr [si] 0x12a93: or al, al 0x12a95: je 0x12aa8 0x12a97: int 0x10 0x12a99: jmp 0x12a90 0x12a9b: sub ax, 0x5b3d 0x12a9e: push si 0x12a9f: inc bx 0x12aa0: dec sp 0x12aa1: das 0x12aa2: inc dx 0x12aa3: inc bp 0x12aa4: jbe 0x12b03 0x12aa6: cmp ax, 0x5a2d |
| 2018-12-25T12:32:54.480355263Z | 26 | PC: 12aad | Set disk transfer address |
{"DateBased":true,"Day":20,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12421,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:32:54.593535912Z | 47 | PC: 12a68 | Get disk transfer address |
| 2018-12-25T12:32:54.59535225Z | 26 | PC: 12a70 | Set disk transfer address |
| 2018-12-25T12:32:54.596726309Z | 71 | PC: 12abf | Get current directory |
| 2018-12-25T12:32:54.598868519Z | 47 | PC: 12ae9 | Get disk transfer address |
| 2018-12-25T12:32:54.600145817Z | 26 | PC: 12af8 | Set disk transfer address |
| 2018-12-25T12:32:54.602480258Z | 78 | PC: 12b00 | Find first file |
| 2018-12-25T12:32:54.606417523Z | 47 | PC: 12b18 | Get disk transfer address |
| 2018-12-25T12:32:54.607264177Z | 61 | PC: 12b31 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:32:54.615745526Z | 63 | PC: 12b3d | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:32:54.620578273Z | 66 | PC: 12b47 | Move file pointer |
| 2018-12-25T12:32:54.621718312Z | 62 | PC: 12b4c | Close file |
| 2018-12-25T12:32:54.623669847Z | 67 | PC: 12b6c | Get or set file attributes |
| 2018-12-25T12:32:54.640311143Z | 61 | PC: 12b71 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:32:54.652382141Z | 64 | PC: 12b7d | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:32:54.660028777Z | 66 | PC: 12b87 | Move file pointer |
| 2018-12-25T12:32:54.662485046Z | 64 | PC: 12cd9 | Write file or device (Write 640 bytes on handle 5) |
| 2018-12-25T12:32:54.673236081Z | 87 | PC: 12b97 | Get or set file date and time |
| 2018-12-25T12:32:54.675732722Z | 62 | PC: 12b9b | Close file |
| 2018-12-25T12:32:54.684837691Z | 67 | PC: 12ba8 | Get or set file attributes |
| 2018-12-25T12:32:54.696405124Z | 26 | PC: 12b12 | Set disk transfer address |
| 2018-12-25T12:32:54.69913886Z | 59 | PC: 12ace | Change current directory |
| 2018-12-25T12:32:54.704616349Z | 59 | PC: 12ad7 | Change current directory |
| 2018-12-25T12:32:54.707021887Z | 42 | PC: 12a80 | Get date 0x12a80: cmp dx, 0x314 0x12a84: jne 0x12aa8 0x12a86: cmp cx, 0x7c9 0x12a8a: jl 0x12aa8 0x12a8c: lea si, word ptr [di + 0x275] 0x12a90: mov ah, 0xe 0x12a92: lodsb al, byte ptr [si] 0x12a93: or al, al 0x12a95: je 0x12aa8 0x12a97: int 0x10 0x12a99: jmp 0x12a90 0x12a9b: sub ax, 0x5b3d 0x12a9e: push si 0x12a9f: inc bx 0x12aa0: dec sp 0x12aa1: das 0x12aa2: inc dx 0x12aa3: inc bp 0x12aa4: jbe 0x12b03 0x12aa6: cmp ax, 0x5a2d |
| 2018-12-25T12:32:54.709658402Z | 26 | PC: 12aad | Set disk transfer address |
{"DateBased":true,"Day":20,"Month":3,"Year":1993,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12421,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:32:55.056273262Z | 47 | PC: 12a68 | Get disk transfer address |
| 2018-12-25T12:32:55.058110752Z | 26 | PC: 12a70 | Set disk transfer address |
| 2018-12-25T12:32:55.059547173Z | 71 | PC: 12abf | Get current directory |
| 2018-12-25T12:32:55.062312377Z | 47 | PC: 12ae9 | Get disk transfer address |
| 2018-12-25T12:32:55.064347947Z | 26 | PC: 12af8 | Set disk transfer address |
| 2018-12-25T12:32:55.06545038Z | 78 | PC: 12b00 | Find first file |
| 2018-12-25T12:32:55.071319762Z | 47 | PC: 12b18 | Get disk transfer address |
| 2018-12-25T12:32:55.072735034Z | 61 | PC: 12b31 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:32:55.079404033Z | 63 | PC: 12b3d | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:32:55.085996262Z | 66 | PC: 12b47 | Move file pointer |
| 2018-12-25T12:32:55.08774183Z | 62 | PC: 12b4c | Close file |
| 2018-12-25T12:32:55.090308459Z | 67 | PC: 12b6c | Get or set file attributes |
| 2018-12-25T12:32:55.106451222Z | 61 | PC: 12b71 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:32:55.117964009Z | 64 | PC: 12b7d | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:32:55.125349702Z | 66 | PC: 12b87 | Move file pointer |
| 2018-12-25T12:32:55.127500384Z | 64 | PC: 12cd9 | Write file or device (Write 640 bytes on handle 5) |
| 2018-12-25T12:32:55.137604738Z | 87 | PC: 12b97 | Get or set file date and time |
| 2018-12-25T12:32:55.141872459Z | 62 | PC: 12b9b | Close file |
| 2018-12-25T12:32:55.154643555Z | 67 | PC: 12ba8 | Get or set file attributes |
| 2018-12-25T12:32:55.164546798Z | 26 | PC: 12b12 | Set disk transfer address |
| 2018-12-25T12:32:55.16653423Z | 59 | PC: 12ace | Change current directory |
| 2018-12-25T12:32:55.170709937Z | 59 | PC: 12ad7 | Change current directory |
| 2018-12-25T12:32:55.172640612Z | 42 | PC: 12a80 | Get date 0x12a80: cmp dx, 0x314 0x12a84: jne 0x12aa8 0x12a86: cmp cx, 0x7c9 0x12a8a: jl 0x12aa8 0x12a8c: lea si, word ptr [di + 0x275] 0x12a90: mov ah, 0xe 0x12a92: lodsb al, byte ptr [si] 0x12a93: or al, al 0x12a95: je 0x12aa8 0x12a97: int 0x10 0x12a99: jmp 0x12a90 0x12a9b: sub ax, 0x5b3d 0x12a9e: push si 0x12a9f: inc bx 0x12aa0: dec sp 0x12aa1: das 0x12aa2: inc dx 0x12aa3: inc bp 0x12aa4: jbe 0x12b03 0x12aa6: cmp ax, 0x5a2d |
| 2018-12-25T12:32:55.181918816Z | 26 | PC: 12aad | Set disk transfer address |