{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14128,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T13:07:26.557543442Z | 26 | PC: 12f43 | Set disk transfer address |
| 2018-12-25T13:07:26.55979672Z | 42 | PC: 12f47 | Get date 0x12f47: cmp cx, 0x7c8 0x12f4b: jb 0x12f50 0x12f4d: jmp 0x130e6 0x12f50: mov ah, 0x4e 0x12f52: mov dx, 0x74 0x12f55: mov cx, 0x21 0x12f58: int 0x21 0x12f5a: jae 0x12f5f 0x12f5c: jmp 0x13071 0x12f5f: cmp word ptr [0x50], 0 0x12f64: jne 0x12f6e 0x12f66: cmp word ptr [0x4e], 0xea60 0x12f6c: jbe 0x12f71 0x12f6e: jmp 0x1305b 0x12f71: mov ax, word ptr [0x4e] 0x12f74: mov word ptr [0x7c], ax 0x12f77: and ax, 0xf 0x12f7a: mov dx, 0x10 0x12f7d: sub dx, ax 0x12f7f: and dx, 0xf |
| 2018-12-25T13:07:26.561968814Z | 78 | PC: 12f5a | Find first file |
| 2018-12-25T13:07:26.567948279Z | 67 | PC: 12f13 | Get or set file attributes |
| 2018-12-25T13:07:26.573590044Z | 67 | PC: 12f13 | Get or set file attributes (See above) |
| 2018-12-25T13:07:26.590128136Z | 61 | PC: 12fa5 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T13:07:26.596479737Z | 63 | PC: 12fb9 | Read file or device (Read 5 bytes on handle 5) |
| 2018-12-25T13:07:26.602739269Z | 87 | PC: 12fce | Get or set file date and time |
| 2018-12-25T13:07:26.604190648Z | 66 | PC: 12fe4 | Move file pointer |
| 2018-12-25T13:07:26.605514465Z | 64 | PC: 1300d | Write file or device (Write 5 bytes on handle 5) |
| 2018-12-25T13:07:26.608052836Z | 66 | PC: 13026 | Move file pointer |
| 2018-12-25T13:07:26.610274125Z | 64 | PC: 13035 | Write file or device (Write 9 bytes on handle 5) |
| 2018-12-25T13:07:26.612910259Z | 64 | PC: 13043 | Write file or device (Write 836 bytes on handle 5) |
| 2018-12-25T13:07:26.62162571Z | 87 | PC: 13055 | Get or set file date and time |
| 2018-12-25T13:07:26.623752066Z | 62 | PC: 12f1d | Close file |
| 2018-12-25T13:07:26.631764008Z | 67 | PC: 12f13 | Get or set file attributes (See above) |
| 2018-12-25T13:07:26.642503328Z | 42 | PC: 13075 | Get date 0x13075: cmp dl, 3 0x13078: jne 0x130e6 0x1307a: mov ah, 0x52 0x1307c: int 0x21 0x1307e: dec bx 0x1307f: dec bx 0x13080: mov ax, word ptr es:[bx] 0x13083: mov es, ax 0x13085: xor bx, bx 0x13087: cmp byte ptr es:[bx], 0x5a 0x1308b: je 0x13098 0x1308d: mov ax, es 0x1308f: add ax, word ptr es:[bx + 3] 0x13093: inc ax 0x13094: mov es, ax 0x13096: jmp 0x13087 0x13098: mov dx, 0xc 0x1309b: mov ax, word ptr es:[bx + 3] 0x1309f: mov cx, es 0x130a1: inc cx |
| 2018-12-25T13:07:26.645115521Z | 26 | PC: 130f5 | Set disk transfer address |
| 2018-12-25T13:07:26.646193072Z | 9 | PC: 12e26 | Display string (String= 'Hello - Copyright S & S International, 1990 ') |
{"DateBased":true,"Day":1,"Month":1,"Year":1992,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14128,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:39:48.417298032Z | 26 | PC: 12f43 | Set disk transfer address |
| 2018-12-25T12:39:48.418842487Z | 42 | PC: 12f47 | Get date 0x12f47: cmp cx, 0x7c8 0x12f4b: jb 0x12f50 0x12f4d: jmp 0x130e6 0x12f50: mov ah, 0x4e 0x12f52: mov dx, 0x74 0x12f55: mov cx, 0x21 0x12f58: int 0x21 0x12f5a: jae 0x12f5f 0x12f5c: jmp 0x13071 0x12f5f: cmp word ptr [0x50], 0 0x12f64: jne 0x12f6e 0x12f66: cmp word ptr [0x4e], 0xea60 0x12f6c: jbe 0x12f71 0x12f6e: jmp 0x1305b 0x12f71: mov ax, word ptr [0x4e] 0x12f74: mov word ptr [0x7c], ax 0x12f77: and ax, 0xf 0x12f7a: mov dx, 0x10 0x12f7d: sub dx, ax 0x12f7f: and dx, 0xf |
| 2018-12-25T12:39:48.420952259Z | 26 | PC: 130f5 | Set disk transfer address |
| 2018-12-25T12:39:48.422632542Z | 9 | PC: 12e26 | Display string (String= 'Hello - Copyright S & S International, 1990 ') |