{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16256,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:46:23.944744932Z | 65 | PC: 12ade | Delete file (Filename = 'chklist.ms') |
| 2018-12-25T12:46:23.948512572Z | 42 | PC: 12ae2 | Get date 0x12ae2: cmp dh, 5 0x12ae5: jne 0x12aef 0x12ae7: cmp dl, 0x11 0x12aea: jne 0x12aef 0x12aec: call 0x12c2a 0x12aef: mov ah, 0x1a 0x12af1: lea dx, word ptr [bp + 0x542] 0x12af5: int 0x21 0x12af7: inc word ptr [0x2fa] 0x12afb: cmp word ptr [0x2fa], 1 0x12b00: je 0x12b16 0x12b02: call 0x12c25 0x12b05: cmp dl, 0xa 0x12b08: ja 0x12b16 0x12b0a: jmp 0x12c07 0x12b0d: mov ah, 0x4f 0x12b0f: int 0x21 0x12b11: jae 0x12b26 0x12b13: jmp 0x12c07 0x12b16: mov ah, 0x4e |
| 2018-12-25T12:46:23.949784878Z | 26 | PC: 12af7 | Set disk transfer address |
| 2018-12-25T12:46:23.950421223Z | 44 | PC: 12c29 | Get time 0x12c29: ret 0x12c2a: mov ax, 3 0x12c2d: int 0x10 0x12c2f: push es 0x12c30: push 0xb800 0x12c33: pop es 0x12c34: lea si, word ptr [bp + 0x214] 0x12c38: mov bx, 0x660 0x12c3b: mov cx, 0x3e8 0x12c3e: mov di, 0x498 0x12c41: mov ax, 0 0x12c44: mov al, byte ptr [si] 0x12c46: inc si 0x12c47: cmp al, 0xff 0x12c49: je 0x12c88 0x12c4b: cmp al, 0xf 0x12c4d: jbe 0x12c5e 0x12c4f: cmp al, 0x17 0x12c51: jbe 0x12c65 0x12c53: cmp al, 0x18 |
| 2018-12-25T12:46:23.952069498Z | 78 | PC: 12b21 | Find first file |
| 2018-12-25T12:46:23.955421269Z | 67 | PC: 12b4a | Get or set file attributes |
| 2018-12-25T12:46:23.968735891Z | 61 | PC: 12b55 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:46:23.97518796Z | 63 | PC: 12b63 | Read file or device (Read 5 bytes on handle 5) |
| 2018-12-25T12:46:23.978707289Z | 66 | PC: 12b79 | Move file pointer |
| 2018-12-25T12:46:23.979495796Z | 44 | PC: 12c29 | Get time (See above) |
| 2018-12-25T12:46:23.9811372Z | 64 | PC: 12baf | Write file or device (Write 30 bytes on handle 5) |
| 2018-12-25T12:46:23.982706567Z | 64 | PC: 12bba | Write file or device (Write 643 bytes on handle 5) |
| 2018-12-25T12:46:23.987699327Z | 66 | PC: 12bc3 | Move file pointer |
| 2018-12-25T12:46:23.988633103Z | 64 | PC: 12bdd | Write file or device (Write 5 bytes on handle 5) |
| 2018-12-25T12:46:23.9924547Z | 87 | PC: 12bea | Get or set file date and time |
| 2018-12-25T12:46:23.993220576Z | 62 | PC: 12c24 | Close file |
| 2018-12-25T12:46:23.997756527Z | 67 | PC: 12bfc | Get or set file attributes |
| 2018-12-25T12:46:24.003362811Z | 26 | PC: 12c03 | Set disk transfer address |
{"DateBased":true,"Day":1,"Month":5,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16256,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:52:23.46326748Z | 65 | PC: 12ade | Delete file (Filename = 'chklist.ms') |
| 2018-12-25T12:52:23.472074655Z | 42 | PC: 12ae2 | Get date 0x12ae2: cmp dh, 5 0x12ae5: jne 0x12aef 0x12ae7: cmp dl, 0x11 0x12aea: jne 0x12aef 0x12aec: call 0x12c2a 0x12aef: mov ah, 0x1a 0x12af1: lea dx, word ptr [bp + 0x542] 0x12af5: int 0x21 0x12af7: inc word ptr [0x2fa] 0x12afb: cmp word ptr [0x2fa], 1 0x12b00: je 0x12b16 0x12b02: call 0x12c25 0x12b05: cmp dl, 0xa 0x12b08: ja 0x12b16 0x12b0a: jmp 0x12c07 0x12b0d: mov ah, 0x4f 0x12b0f: int 0x21 0x12b11: jae 0x12b26 0x12b13: jmp 0x12c07 0x12b16: mov ah, 0x4e |
| 2018-12-25T12:52:23.474399582Z | 26 | PC: 12af7 | Set disk transfer address |
| 2018-12-25T12:52:23.475331717Z | 44 | PC: 12c29 | Get time 0x12c29: ret 0x12c2a: mov ax, 3 0x12c2d: int 0x10 0x12c2f: push es 0x12c30: push 0xb800 0x12c33: pop es 0x12c34: lea si, word ptr [bp + 0x214] 0x12c38: mov bx, 0x660 0x12c3b: mov cx, 0x3e8 0x12c3e: mov di, 0x498 0x12c41: mov ax, 0 0x12c44: mov al, byte ptr [si] 0x12c46: inc si 0x12c47: cmp al, 0xff 0x12c49: je 0x12c88 0x12c4b: cmp al, 0xf 0x12c4d: jbe 0x12c5e 0x12c4f: cmp al, 0x17 0x12c51: jbe 0x12c65 0x12c53: cmp al, 0x18 |
| 2018-12-25T12:52:23.477616704Z | 78 | PC: 12b21 | Find first file |
| 2018-12-25T12:52:23.484841487Z | 67 | PC: 12b4a | Get or set file attributes |
| 2018-12-25T12:52:23.703949625Z | 61 | PC: 12b55 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:52:23.711418214Z | 63 | PC: 12b63 | Read file or device (Read 5 bytes on handle 5) |
| 2018-12-25T12:52:23.719732176Z | 66 | PC: 12b79 | Move file pointer |
| 2018-12-25T12:52:23.72171498Z | 44 | PC: 12c29 | Get time (See above) |
| 2018-12-25T12:52:23.724865361Z | 64 | PC: 12baf | Write file or device (Write 30 bytes on handle 5) |
| 2018-12-25T12:52:23.729010678Z | 64 | PC: 12bba | Write file or device (Write 643 bytes on handle 5) |
| 2018-12-25T12:52:23.746165799Z | 66 | PC: 12bc3 | Move file pointer |
| 2018-12-25T12:52:23.747781764Z | 64 | PC: 12bdd | Write file or device (Write 5 bytes on handle 5) |
| 2018-12-25T12:52:23.764244484Z | 87 | PC: 12bea | Get or set file date and time |
| 2018-12-25T12:52:23.766023372Z | 62 | PC: 12c24 | Close file |
| 2018-12-25T12:52:23.788690938Z | 67 | PC: 12bfc | Get or set file attributes |
| 2018-12-25T12:52:23.810181117Z | 26 | PC: 12c03 | Set disk transfer address |
{"DateBased":true,"Day":17,"Month":5,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16256,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:52:23.663977482Z | 65 | PC: 12ade | Delete file (Filename = 'chklist.ms') |
| 2018-12-25T12:52:23.671499722Z | 42 | PC: 12ae2 | Get date 0x12ae2: cmp dh, 5 0x12ae5: jne 0x12aef 0x12ae7: cmp dl, 0x11 0x12aea: jne 0x12aef 0x12aec: call 0x12c2a 0x12aef: mov ah, 0x1a 0x12af1: lea dx, word ptr [bp + 0x542] 0x12af5: int 0x21 0x12af7: inc word ptr [0x2fa] 0x12afb: cmp word ptr [0x2fa], 1 0x12b00: je 0x12b16 0x12b02: call 0x12c25 0x12b05: cmp dl, 0xa 0x12b08: ja 0x12b16 0x12b0a: jmp 0x12c07 0x12b0d: mov ah, 0x4f 0x12b0f: int 0x21 0x12b11: jae 0x12b26 0x12b13: jmp 0x12c07 0x12b16: mov ah, 0x4e |