{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14719,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:41:25.344327743Z | 37 | PC: 145b1 | Set interrupt vector (Interrupt = '1' AKA 'Character input') |
| 2018-12-25T12:41:25.345622642Z | 37 | PC: 145bf | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input') |
| 2018-12-25T12:41:25.348008916Z | 42 | PC: 145dd | Get date 0x145dd: cmp al, 0 0x145df: jne 0x145fc 0x145e1: mov ah, 3 0x145e3: mov dl, 0x80 0x145e5: mov dh, 1 0x145e7: mov ch, 0 0x145e9: mov cl, 1 0x145eb: mov al, 1 0x145ed: int 0x13 0x145ef: pop si 0x145f0: push word ptr [si + 0xa] 0x145f3: push word ptr [si + 0xc] 0x145f6: push word ptr [si + 0xe] 0x145f9: jmp 0x14845 0x145fc: pop dx 0x145fd: mov si, dx 0x145ff: push es 0x14600: mov ah, 0x2f 0x14602: int 0x21 0x14604: mov word ptr [si], bx |
| 2018-12-25T12:41:25.349981132Z | 47 | PC: 14604 | Get disk transfer address |
| 2018-12-25T12:41:25.351477549Z | 26 | PC: 14617 | Set disk transfer address |
| 2018-12-25T12:41:25.356368803Z | 78 | PC: 146c7 | Find first file |
| 2018-12-25T12:41:25.360461376Z | 67 | PC: 14703 | Get or set file attributes |
| 2018-12-25T12:41:25.364201635Z | 67 | PC: 14714 | Get or set file attributes |
| 2018-12-25T12:41:25.378206255Z | 61 | PC: 1471f | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:41:25.38633069Z | 87 | PC: 1472e | Get or set file date and time |
| 2018-12-25T12:41:25.388603023Z | 63 | PC: 1474a | Read file or device (Read 6 bytes on handle 5) |
| 2018-12-25T12:41:25.406830203Z | 66 | PC: 1475b | Move file pointer |
| 2018-12-25T12:41:25.409285922Z | 44 | PC: 1477c | Get time 0x1477c: add dl, 0x20 0x1477f: mov bx, 0x100 0x14782: mov si, word ptr [bx + 4] 0x14785: add si, 0x106 0x14789: add si, 0x3c 0x1478d: mov di, si 0x1478f: mov bx, si 0x14791: add bx, 0x2af 0x14795: mov byte ptr [bx], dl 0x14797: mov cx, 0x1a4 0x1479a: lodsb al, byte ptr [si] 0x1479b: xor al, dl 0x1479d: stosb byte ptr es:[di], al 0x1479e: loop 0x1479a 0x147a0: mov ah, 0x40 0x147a2: mov cx, 0x1e0 0x147a5: mov bx, 0x100 0x147a8: mov dx, word ptr [bx + 4] 0x147ab: add dx, 0x106 0x147af: pop si |
| 2018-12-25T12:41:25.412019379Z | 64 | PC: 147b5 | Write file or device (Write 480 bytes on handle 5) |
| 2018-12-25T12:41:25.421869938Z | 64 | PC: 147f2 | Write file or device (Write 416 bytes on handle 5) |
| 2018-12-25T12:41:25.432122911Z | 66 | PC: 147ff | Move file pointer |
| 2018-12-25T12:41:25.434763211Z | 64 | PC: 14814 | Write file or device (Write 6 bytes on handle 5) |
| 2018-12-25T12:41:25.443187259Z | 87 | PC: 14828 | Get or set file date and time |
| 2018-12-25T12:41:25.448733239Z | 62 | PC: 1482c | Close file |
| 2018-12-25T12:41:25.45868505Z | 67 | PC: 1483a | Get or set file attributes |
| 2018-12-25T12:41:25.470347119Z | 26 | PC: 14844 | Set disk transfer address |
| 2018-12-25T12:41:25.472971262Z | 76 | PC: 14595 | Terminate with return code (Return code = '0') |
{"DateBased":true,"Day":6,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14719,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:41:25.335885364Z | 37 | PC: 145b1 | Set interrupt vector (Interrupt = '1' AKA 'Character input') |
| 2018-12-25T12:41:25.337846362Z | 37 | PC: 145bf | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input') |
| 2018-12-25T12:41:25.339300208Z | 42 | PC: 145dd | Get date 0x145dd: cmp al, 0 0x145df: jne 0x145fc 0x145e1: mov ah, 3 0x145e3: mov dl, 0x80 0x145e5: mov dh, 1 0x145e7: mov ch, 0 0x145e9: mov cl, 1 0x145eb: mov al, 1 0x145ed: int 0x13 0x145ef: pop si 0x145f0: push word ptr [si + 0xa] 0x145f3: push word ptr [si + 0xc] 0x145f6: push word ptr [si + 0xe] 0x145f9: jmp 0x14845 0x145fc: pop dx 0x145fd: mov si, dx 0x145ff: push es 0x14600: mov ah, 0x2f 0x14602: int 0x21 0x14604: mov word ptr [si], bx |
| 2018-12-25T12:41:25.669641392Z | 76 | PC: 14595 | Terminate with return code (Return code = '0') |