{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14141,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:39:48.598059038Z | 48 | PC: 12a99 | Get DOS version |
| 2018-12-25T12:39:48.600032662Z | 54 | PC: 12aa7 | Get free disk space |
| 2018-12-25T12:39:48.608989065Z | 42 | PC: 12ab3 | Get date 0x12ab3: cmp cx, 0x7ca 0x12ab7: jae 0x12abc 0x12ab9: jmp 0x12b4d 0x12abc: push cs 0x12abd: pop ds 0x12abe: mov ah, 9 0x12ac0: lea dx, word ptr [bp + 0x278] 0x12ac4: int 0x21 0x12ac6: mov ah, 0x1a 0x12ac8: mov dx, 0xfd00 0x12acb: int 0x21 0x12acd: mov ax, word ptr cs:[0x2c] 0x12ad1: mov ds, ax 0x12ad3: mov si, 0 0x12ad6: mov cx, 0x4000 0x12ad9: lodsb al, byte ptr [si] 0x12ada: cmp al, 1 0x12adc: je 0x12ae0 0x12ade: loop 0x12ad9 0x12ae0: inc si |
| 2018-12-25T12:39:48.611076444Z | 26 | PC: 12b54 | Set disk transfer address |
| 2018-12-25T12:39:48.613000464Z | 78 | PC: 12b5e | Find first file |
| 2018-12-25T12:39:48.619931028Z | 67 | PC: 12b6b | Get or set file attributes |
| 2018-12-25T12:39:48.630713766Z | 67 | PC: 12b73 | Get or set file attributes |
| 2018-12-25T12:39:48.984758954Z | 61 | PC: 12b78 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:39:48.992443319Z | 87 | PC: 12b7e | Get or set file date and time |
| 2018-12-25T12:39:48.993709182Z | 63 | PC: 12b8b | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T12:39:49.038496791Z | 66 | PC: 12bb1 | Move file pointer |
| 2018-12-25T12:39:49.040426404Z | 66 | PC: 12bd2 | Move file pointer |
| 2018-12-25T12:39:49.041899796Z | 63 | PC: 12bdc | Read file or device (Read 52 bytes on handle 5) |
| 2018-12-25T12:39:49.044289242Z | 66 | PC: 12bb1 | Move file pointer (See above) |
| 2018-12-25T12:39:49.046778825Z | 44 | PC: 12c29 | Get time 0x12c29: cmp dl, 0 0x12c2c: jne 0x12c38 0x12c2e: mov ah, 9 0x12c30: lea dx, word ptr [bp + 0x3d1] 0x12c34: int 0x21 0x12c36: jmp 0x12c25 0x12c38: mov byte ptr cs:[bp + 0x18], dl 0x12c3d: lea si, word ptr [bp + 4] 0x12c41: mov di, 0xfb00 0x12c44: mov cx, 0x18 0x12c47: rep movsb byte ptr es:[di], byte ptr [si] 0x12c49: lea si, word ptr [bp + 0x1c] 0x12c4d: mov cx, 0x416 0x12c50: lodsb al, byte ptr [si] 0x12c51: xor al, dl 0x12c53: stosb byte ptr es:[di], al 0x12c54: loop 0x12c50 0x12c56: mov ah, 0x40 0x12c58: mov dx, 0xfb00 0x12c5b: mov cx, 0x42e |
| 2018-12-25T12:39:49.048931756Z | 64 | PC: 12c60 | Write file or device (Write 1070 bytes on handle 5) |
| 2018-12-25T12:39:49.073645069Z | 66 | PC: 12bb1 | Move file pointer (See above) |
| 2018-12-25T12:39:49.07633751Z | 64 | PC: 12c71 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:39:49.083317487Z | 87 | PC: 12ca1 | Get or set file date and time |
| 2018-12-25T12:39:49.084914102Z | 62 | PC: 12ca5 | Close file |
| 2018-12-25T12:39:49.115878071Z | 67 | PC: 12cae | Get or set file attributes |
| 2018-12-25T12:39:49.120949224Z | 65 | PC: 12cb6 | Delete file (Filename = 'chklist.cps') |
| 2018-12-25T12:39:49.126940397Z | 26 | PC: 12c7b | Set disk transfer address |
{"DateBased":true,"Day":1,"Month":1,"Year":1995,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14141,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:39:48.615867617Z | 48 | PC: 12a99 | Get DOS version |
| 2018-12-25T12:39:48.617965839Z | 54 | PC: 12aa7 | Get free disk space |
| 2018-12-25T12:39:48.626846576Z | 42 | PC: 12ab3 | Get date 0x12ab3: cmp cx, 0x7ca 0x12ab7: jae 0x12abc 0x12ab9: jmp 0x12b4d 0x12abc: push cs 0x12abd: pop ds 0x12abe: mov ah, 9 0x12ac0: lea dx, word ptr [bp + 0x278] 0x12ac4: int 0x21 0x12ac6: mov ah, 0x1a 0x12ac8: mov dx, 0xfd00 0x12acb: int 0x21 0x12acd: mov ax, word ptr cs:[0x2c] 0x12ad1: mov ds, ax 0x12ad3: mov si, 0 0x12ad6: mov cx, 0x4000 0x12ad9: lodsb al, byte ptr [si] 0x12ada: cmp al, 1 0x12adc: je 0x12ae0 0x12ade: loop 0x12ad9 0x12ae0: inc si |
| 2018-12-25T12:39:48.629286051Z | 9 | PC: 12ac6 | Display string (Could not find end pointer) |
| 2018-12-25T12:39:48.649798472Z | 26 | PC: 12acd | Set disk transfer address |
| 2018-12-25T12:39:48.651152986Z | 67 | PC: 12afd | Get or set file attributes |
| 2018-12-25T12:39:48.656971462Z | 67 | PC: 12b0a | Get or set file attributes |
| 2018-12-25T12:39:49.962521246Z | 61 | PC: 12b0f | Open file (Filename = 'A:\TEST.COM') |
| 2018-12-25T12:39:49.969494058Z | 87 | PC: 12b16 | Get or set file date and time |
| 2018-12-25T12:39:49.971136632Z | 62 | PC: 12b1c | Close file |
| 2018-12-25T12:39:49.974000994Z | 60 | PC: 12b25 | Create or truncate file |
| 2018-12-25T12:39:49.987552014Z | 64 | PC: 12b34 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:39:49.991007501Z | 87 | PC: 12b3b | Get or set file date and time |
| 2018-12-25T12:39:49.992443381Z | 62 | PC: 12b3f | Close file |
| 2018-12-25T12:39:50.012281002Z | 67 | PC: 12b48 | Get or set file attributes |
| 2018-12-25T12:39:50.022117248Z | 26 | PC: 12c7b | Set disk transfer address |