{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13092,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:37:27.737077286Z | 42 | PC: 12a49 | Get date 0x12a49: cmp dh, 9 0x12a4c: jne 0x12a70 0x12a4e: cmp dl, 0x1e 0x12a51: jne 0x12a70 0x12a53: mov ah, 0x2c 0x12a55: int 0x21 0x12a57: cmp dl, 0x10 0x12a5a: ja 0x12a70 0x12a5c: mov cx, 0x39 0x12a5f: mov si, 0 0x12a62: mov dl, byte ptr [si + 0x1ef] 0x12a66: xor dl, 0xc6 0x12a69: inc si 0x12a6a: mov ah, 2 0x12a6c: int 0x21 0x12a6e: loop 0x12a62 0x12a70: mov ah, 0x4e 0x12a72: xor cx, cx 0x12a74: mov dx, 0x1e7 0x12a77: int 0x21 |
| 2018-12-25T12:37:27.740448618Z | 78 | PC: 12a79 | Find first file |
| 2018-12-25T12:37:27.746991284Z | 61 | PC: 12aac | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:37:27.75407231Z | 63 | PC: 12ab8 | Read file or device (Read 5 bytes on handle 5) |
| 2018-12-25T12:37:27.761498851Z | 63 | PC: 12ae3 | Read file or device (Read 33230 bytes on handle 5) |
| 2018-12-25T12:37:27.764938434Z | 66 | PC: 12aec | Move file pointer |
| 2018-12-25T12:37:27.766559602Z | 64 | PC: 12af6 | Write file or device (Write 299 bytes on handle 5) |
| 2018-12-25T12:37:27.770240643Z | 64 | PC: 12b01 | Write file or device (Write 407 bytes on handle 5) |
| 2018-12-25T12:37:28.047163443Z | 59 | PC: 12acf | Change current directory |
| 2018-12-25T12:37:28.051909524Z | 62 | PC: 12b13 | Close file |
| 2018-12-25T12:37:28.061790258Z | 9 | PC: 12a54 | Display string (String= 'Sup? ') |
| 2018-12-25T12:37:28.067046347Z | 8 | PC: 12a5b | Console input without echo |
{"DateBased":true,"Day":1,"Month":9,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13092,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:37:28.042384564Z | 42 | PC: 12a49 | Get date 0x12a49: cmp dh, 9 0x12a4c: jne 0x12a70 0x12a4e: cmp dl, 0x1e 0x12a51: jne 0x12a70 0x12a53: mov ah, 0x2c 0x12a55: int 0x21 0x12a57: cmp dl, 0x10 0x12a5a: ja 0x12a70 0x12a5c: mov cx, 0x39 0x12a5f: mov si, 0 0x12a62: mov dl, byte ptr [si + 0x1ef] 0x12a66: xor dl, 0xc6 0x12a69: inc si 0x12a6a: mov ah, 2 0x12a6c: int 0x21 0x12a6e: loop 0x12a62 0x12a70: mov ah, 0x4e 0x12a72: xor cx, cx 0x12a74: mov dx, 0x1e7 0x12a77: int 0x21 |
| 2018-12-25T12:37:28.046575928Z | 78 | PC: 12a79 | Find first file |
| 2018-12-25T12:37:28.052243433Z | 61 | PC: 12aac | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:37:28.05850707Z | 63 | PC: 12ab8 | Read file or device (Read 5 bytes on handle 5) |
| 2018-12-25T12:37:28.070487047Z | 63 | PC: 12ae3 | Read file or device (Read 33230 bytes on handle 5) |
| 2018-12-25T12:37:28.072985804Z | 66 | PC: 12aec | Move file pointer |
| 2018-12-25T12:37:28.074355957Z | 64 | PC: 12af6 | Write file or device (Write 299 bytes on handle 5) |
| 2018-12-25T12:37:28.077409347Z | 64 | PC: 12b01 | Write file or device (Write 407 bytes on handle 5) |
| 2018-12-25T12:37:28.091289623Z | 59 | PC: 12acf | Change current directory |
| 2018-12-25T12:37:28.095432241Z | 62 | PC: 12b13 | Close file |
| 2018-12-25T12:37:28.104876664Z | 9 | PC: 12a54 | Display string (String= 'Sup? ') |
| 2018-12-25T12:37:28.109814333Z | 8 | PC: 12a5b | Console input without echo |
{"DateBased":true,"Day":30,"Month":9,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13092,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:37:28.048224643Z | 42 | PC: 12a49 | Get date 0x12a49: cmp dh, 9 0x12a4c: jne 0x12a70 0x12a4e: cmp dl, 0x1e 0x12a51: jne 0x12a70 0x12a53: mov ah, 0x2c 0x12a55: int 0x21 0x12a57: cmp dl, 0x10 0x12a5a: ja 0x12a70 0x12a5c: mov cx, 0x39 0x12a5f: mov si, 0 0x12a62: mov dl, byte ptr [si + 0x1ef] 0x12a66: xor dl, 0xc6 0x12a69: inc si 0x12a6a: mov ah, 2 0x12a6c: int 0x21 0x12a6e: loop 0x12a62 0x12a70: mov ah, 0x4e 0x12a72: xor cx, cx 0x12a74: mov dx, 0x1e7 0x12a77: int 0x21 |
| 2018-12-25T12:37:28.053471813Z | 44 | PC: 12a57 | Get time 0x12a57: cmp dl, 0x10 0x12a5a: ja 0x12a70 0x12a5c: mov cx, 0x39 0x12a5f: mov si, 0 0x12a62: mov dl, byte ptr [si + 0x1ef] 0x12a66: xor dl, 0xc6 0x12a69: inc si 0x12a6a: mov ah, 2 0x12a6c: int 0x21 0x12a6e: loop 0x12a62 0x12a70: mov ah, 0x4e 0x12a72: xor cx, cx 0x12a74: mov dx, 0x1e7 0x12a77: int 0x21 0x12a79: jae 0x12a9e 0x12a7b: jmp 0x12a92 0x12a7e: mov ah, 0x4f 0x12a80: int 0x21 0x12a82: jae 0x12a9e 0x12a84: mov ah, 0x47 |
| 2018-12-25T12:37:28.055596425Z | 78 | PC: 12a79 | Find first file |
| 2018-12-25T12:37:28.060997838Z | 61 | PC: 12aac | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:37:28.068292991Z | 63 | PC: 12ab8 | Read file or device (Read 5 bytes on handle 5) |
| 2018-12-25T12:37:28.072730791Z | 63 | PC: 12ae3 | Read file or device (Read 33230 bytes on handle 5) |
| 2018-12-25T12:37:28.074555456Z | 66 | PC: 12aec | Move file pointer |
| 2018-12-25T12:37:28.076393382Z | 64 | PC: 12af6 | Write file or device (Write 299 bytes on handle 5) |
| 2018-12-25T12:37:28.079304596Z | 64 | PC: 12b01 | Write file or device (Write 407 bytes on handle 5) |
| 2018-12-25T12:37:28.094674337Z | 59 | PC: 12acf | Change current directory |
| 2018-12-25T12:37:28.100348874Z | 62 | PC: 12b13 | Close file |
| 2018-12-25T12:37:28.110029915Z | 9 | PC: 12a54 | Display string (String= 'Sup? ') |
| 2018-12-25T12:37:28.115345546Z | 8 | PC: 12a5b | Console input without echo |