{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":14022,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:39:44.650315669Z | 53 | PC: 13239 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:39:44.651825615Z | 37 | PC: 1324b | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:39:44.652727805Z | 78 | PC: 132a9 | Find first file |
| 2018-12-25T12:39:44.65836011Z | 61 | PC: 132c3 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:39:44.664934731Z | 87 | PC: 132cc | Get or set file date and time |
| 2018-12-25T12:39:44.666123405Z | 63 | PC: 132df | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T12:39:44.671930545Z | 66 | PC: 132ff | Move file pointer |
| 2018-12-25T12:39:44.673652731Z | 64 | PC: 1331e | Write file or device (Write 400 bytes on handle 5) |
| 2018-12-25T12:39:44.688570256Z | 66 | PC: 1332c | Move file pointer |
| 2018-12-25T12:39:44.689808905Z | 64 | PC: 13338 | Write file or device (Write 8 bytes on handle 5) |
| 2018-12-25T12:39:44.696446988Z | 44 | PC: 1333c | Get time 0x1333c: cmp dh, 3 0x1333f: jge 0x1334b 0x13341: mov ah, 9 0x13343: lea dx, word ptr [si + 0x50] 0x13346: int 0x21 0x13348: call 0x13380 0x1334b: push ds 0x1334c: mov dx, word ptr [si + 0x194] 0x13350: mov ds, word ptr [si + 0x196] 0x13354: mov ax, 0x2524 0x13357: int 0x21 0x13359: pop ds 0x1335a: cld 0x1335b: mov di, 0x80 0x1335e: mov cx, di 0x13360: add si, 0x198 0x13364: rep movsb byte ptr es:[di], byte ptr [si] 0x13366: mov cx, 0x100 0x13369: pop ax 0x1336a: jmp cx |
| 2018-12-25T12:39:44.698526854Z | 9 | PC: 13348 | Display string (String= 'I like to travel... ') |
| 2018-12-25T12:39:44.702300026Z | 62 | PC: 13393 | Close file |
| 2018-12-25T12:39:44.710811671Z | 37 | PC: 13359 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":3,"TimeBased":true,"OriginalID":14022,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:39:44.760797745Z | 53 | PC: 13239 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:39:44.762505352Z | 37 | PC: 1324b | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:39:44.766091098Z | 78 | PC: 132a9 | Find first file |
| 2018-12-25T12:39:44.773425474Z | 61 | PC: 132c3 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:39:44.779707872Z | 87 | PC: 132cc | Get or set file date and time |
| 2018-12-25T12:39:44.782319161Z | 63 | PC: 132df | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T12:39:44.788163848Z | 66 | PC: 132ff | Move file pointer |
| 2018-12-25T12:39:44.789268511Z | 64 | PC: 1331e | Write file or device (Write 400 bytes on handle 5) |
| 2018-12-25T12:39:44.801639344Z | 66 | PC: 1332c | Move file pointer |
| 2018-12-25T12:39:44.80297719Z | 64 | PC: 13338 | Write file or device (Write 8 bytes on handle 5) |
| 2018-12-25T12:39:44.807350087Z | 44 | PC: 1333c | Get time 0x1333c: cmp dh, 3 0x1333f: jge 0x1334b 0x13341: mov ah, 9 0x13343: lea dx, word ptr [si + 0x50] 0x13346: int 0x21 0x13348: call 0x13380 0x1334b: push ds 0x1334c: mov dx, word ptr [si + 0x194] 0x13350: mov ds, word ptr [si + 0x196] 0x13354: mov ax, 0x2524 0x13357: int 0x21 0x13359: pop ds 0x1335a: cld 0x1335b: mov di, 0x80 0x1335e: mov cx, di 0x13360: add si, 0x198 0x13364: rep movsb byte ptr es:[di], byte ptr [si] 0x13366: mov cx, 0x100 0x13369: pop ax 0x1336a: jmp cx |
| 2018-12-25T12:39:44.809913123Z | 37 | PC: 13359 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |