{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":14554,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:40:53.783069671Z | 48 | PC: 12edc | Get DOS version |
| 2018-12-25T12:40:53.785590812Z | 47 | PC: 12ee8 | Get disk transfer address |
| 2018-12-25T12:40:53.786965996Z | 26 | PC: 12ef7 | Set disk transfer address |
| 2018-12-25T12:40:53.788327641Z | 78 | PC: 12f73 | Find first file |
| 2018-12-25T12:40:53.795007033Z | 67 | PC: 12fbe | Get or set file attributes |
| 2018-12-25T12:40:53.801638013Z | 67 | PC: 12fcb | Get or set file attributes |
| 2018-12-25T12:40:53.819721667Z | 61 | PC: 12fd2 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:40:53.827214627Z | 87 | PC: 12fde | Get or set file date and time |
| 2018-12-25T12:40:53.833433818Z | 44 | PC: 12fe8 | Get time 0x12fe8: and dh, 7 0x12feb: jne 0x13055 0x12fed: mov ah, 0x19 0x12fef: int 0x21 0x12ff1: push bx 0x12ff2: mov dl, al 0x12ff4: mov dh, 0 0x12ff6: mov cx, 0x10 0x12ff9: mov bx, si 0x12ffb: add bx, 0xc1 0x12fff: xor byte ptr [bx], 0x27 0x13002: inc bx 0x13003: loop 0x12fff 0x13005: mov cx, 1 0x13008: mov ax, 0x309 0x1300b: mov bx, si 0x1300d: add bx, 0xc1 0x13011: int 0x13 0x13013: jb 0x13052 0x13015: push es |
| 2018-12-25T12:40:53.836167765Z | 63 | PC: 1307a | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:40:53.843272146Z | 66 | PC: 1308a | Move file pointer |
| 2018-12-25T12:40:53.846029137Z | 64 | PC: 130ad | Write file or device (Write 833 bytes on handle 5) |
| 2018-12-25T12:40:53.856040359Z | 66 | PC: 130bd | Move file pointer |
| 2018-12-25T12:40:53.857596422Z | 64 | PC: 130cb | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:40:53.866155177Z | 87 | PC: 130ea | Get or set file date and time |
| 2018-12-25T12:40:53.868049538Z | 62 | PC: 130ee | Close file |
| 2018-12-25T12:40:53.877426099Z | 67 | PC: 130fb | Get or set file attributes |
| 2018-12-25T12:40:53.889125064Z | 26 | PC: 13105 | Set disk transfer address |
| 2018-12-25T12:40:53.890472685Z | 74 | PC: 12a60 | Reallocate memory |
| 2018-12-25T12:40:53.892208324Z | 9 | PC: 12a9c | Display string (String= 'Error: No program name given') |
| 2018-12-25T12:40:53.895213753Z | 76 | PC: 12a84 | Terminate with return code (Return code = '1') |
{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":7,"TimeBased":true,"OriginalID":14554,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:40:54.413551736Z | 48 | PC: 12edc | Get DOS version |
| 2018-12-25T12:40:54.415143655Z | 47 | PC: 12ee8 | Get disk transfer address |
| 2018-12-25T12:40:54.416970536Z | 26 | PC: 12ef7 | Set disk transfer address |
| 2018-12-25T12:40:54.418259618Z | 78 | PC: 12f73 | Find first file |
| 2018-12-25T12:40:54.424715859Z | 67 | PC: 12fbe | Get or set file attributes |
| 2018-12-25T12:40:54.43395769Z | 67 | PC: 12fcb | Get or set file attributes |
| 2018-12-25T12:40:54.450591415Z | 61 | PC: 12fd2 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:40:54.458238245Z | 87 | PC: 12fde | Get or set file date and time |
| 2018-12-25T12:40:54.46006016Z | 44 | PC: 12fe8 | Get time 0x12fe8: and dh, 7 0x12feb: jne 0x13055 0x12fed: mov ah, 0x19 0x12fef: int 0x21 0x12ff1: push bx 0x12ff2: mov dl, al 0x12ff4: mov dh, 0 0x12ff6: mov cx, 0x10 0x12ff9: mov bx, si 0x12ffb: add bx, 0xc1 0x12fff: xor byte ptr [bx], 0x27 0x13002: inc bx 0x13003: loop 0x12fff 0x13005: mov cx, 1 0x13008: mov ax, 0x309 0x1300b: mov bx, si 0x1300d: add bx, 0xc1 0x13011: int 0x13 0x13013: jb 0x13052 0x13015: push es |
| 2018-12-25T12:40:54.461839866Z | 63 | PC: 1307a | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:40:54.466880403Z | 66 | PC: 1308a | Move file pointer |
| 2018-12-25T12:40:54.468896071Z | 64 | PC: 130ad | Write file or device (Write 833 bytes on handle 5) |
| 2018-12-25T12:40:54.488211817Z | 66 | PC: 130bd | Move file pointer |
| 2018-12-25T12:40:54.48975528Z | 64 | PC: 130cb | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:40:54.497472456Z | 87 | PC: 130ea | Get or set file date and time |
| 2018-12-25T12:40:54.499028463Z | 62 | PC: 130ee | Close file |
| 2018-12-25T12:40:54.507474531Z | 67 | PC: 130fb | Get or set file attributes |
| 2018-12-25T12:40:54.519644777Z | 26 | PC: 13105 | Set disk transfer address |
| 2018-12-25T12:40:54.521786791Z | 74 | PC: 12a60 | Reallocate memory |
| 2018-12-25T12:40:54.523411245Z | 9 | PC: 12a9c | Display string (String= 'Error: No program name given') |
| 2018-12-25T12:40:54.526253509Z | 76 | PC: 12a84 | Terminate with return code (Return code = '1') |