{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17336,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:55:31.022896685Z | 37 | PC: 12a79 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:55:31.024087029Z | 47 | PC: 12a7e | Get disk transfer address |
| 2018-12-25T12:55:31.025721836Z | 26 | PC: 12a8c | Set disk transfer address |
| 2018-12-25T12:55:31.026620687Z | 78 | PC: 12a9c | Find first file |
| 2018-12-25T12:55:31.030718633Z | 61 | PC: 12ac7 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:55:31.035709775Z | 63 | PC: 12ada | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:55:31.039971239Z | 66 | PC: 12afb | Move file pointer |
| 2018-12-25T12:55:31.04106946Z | 64 | PC: 12b0d | Write file or device (Write 9 bytes on handle 5) |
| 2018-12-25T12:55:31.043409292Z | 64 | PC: 12b3b | Write file or device (Write 308 bytes on handle 5) |
| 2018-12-25T12:55:32.137707038Z | 64 | PC: 12b44 | Write file or device (Write 2870 bytes on handle 5) |
| 2018-12-25T12:55:32.382898999Z | 64 | PC: 12b4b | Write file or device (Write 2870 bytes on handle 5) |
| 2018-12-25T12:55:32.509956181Z | 66 | PC: 12b53 | Move file pointer |
| 2018-12-25T12:55:32.51192278Z | 64 | PC: 12b5c | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:55:32.519652727Z | 87 | PC: 12b67 | Get or set file date and time |
| 2018-12-25T12:55:32.522418326Z | 62 | PC: 12b6b | Close file |
| 2018-12-25T12:55:32.768084125Z | 67 | PC: 12b7d | Get or set file attributes |
| 2018-12-25T12:55:32.834096848Z | 42 | PC: 12b81 | Get date 0x12b81: cmp al, 5 0x12b83: jne 0x12bc2 0x12b85: cmp dl, 0xd 0x12b88: jne 0x12bc2 0x12b8a: call 0x12bb8 0x12b8d: push sp 0x12b8e: push 0x7369 0x12b91: and byte ptr [bx + si + 0x72], dh 0x12b94: outsw dx, word ptr [si] 0x12b95: jb 0x12bf9 0x12b98: insw word ptr es:[di], dx 0x12b99: and byte ptr [bp + si + 0x65], dh 0x12b9c: jno 0x12c13 0x12b9e: imul si, word ptr [bp + si + 0x65], 0x2073 0x12ba3: dec bp 0x12ba4: imul sp, word ptr [bp + di + 0x72], 0x736f 0x12ba9: outsw dx, word ptr [si] 0x12baa: je 0x12bcd 0x12bad: push di 0x12bae: imul bp, word ptr [bp + 0x64], 0x776f |
| 2018-12-25T12:55:32.837351267Z | 26 | PC: 12bc8 | Set disk transfer address |
| 2018-12-25T12:55:32.84037497Z | 63 | PC: 12ada | Read file or device (See above) |
| 2018-12-25T12:55:32.84269384Z | 62 | PC: 12ae0 | Close file |
| 2018-12-25T12:55:32.844807054Z | 42 | PC: 12b81 | Get date (See above) |
| 2018-12-25T12:55:32.849265026Z | 26 | PC: 12bc8 | Set disk transfer address (See above) |
{"DateBased":true,"Day":4,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17336,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:55:31.248858646Z | 37 | PC: 12a79 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:55:31.250678614Z | 47 | PC: 12a7e | Get disk transfer address |
| 2018-12-25T12:55:31.252216836Z | 26 | PC: 12a8c | Set disk transfer address |
| 2018-12-25T12:55:31.253781101Z | 78 | PC: 12a9c | Find first file |
| 2018-12-25T12:55:31.274483293Z | 61 | PC: 12ac7 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:55:31.282571946Z | 63 | PC: 12ada | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:55:31.290219793Z | 66 | PC: 12afb | Move file pointer |
| 2018-12-25T12:55:31.292193981Z | 64 | PC: 12b0d | Write file or device (Write 9 bytes on handle 5) |
| 2018-12-25T12:55:31.305976453Z | 64 | PC: 12b3b | Write file or device (Write 308 bytes on handle 5) |
| 2018-12-25T12:55:33.018406617Z | 64 | PC: 12b44 | Write file or device (Write 2870 bytes on handle 5) |
| 2018-12-25T12:55:33.040378449Z | 64 | PC: 12b4b | Write file or device (Write 2870 bytes on handle 5) |
| 2018-12-25T12:55:33.060298573Z | 66 | PC: 12b53 | Move file pointer |
| 2018-12-25T12:55:33.061884786Z | 64 | PC: 12b5c | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:55:33.069427629Z | 87 | PC: 12b67 | Get or set file date and time |
| 2018-12-25T12:55:33.072358845Z | 62 | PC: 12b6b | Close file |
| 2018-12-25T12:55:33.089717886Z | 67 | PC: 12b7d | Get or set file attributes |
| 2018-12-25T12:55:33.112189Z | 42 | PC: 12b81 | Get date 0x12b81: cmp al, 5 0x12b83: jne 0x12bc2 0x12b85: cmp dl, 0xd 0x12b88: jne 0x12bc2 0x12b8a: call 0x12bb8 0x12b8d: push sp 0x12b8e: push 0x7369 0x12b91: and byte ptr [bx + si + 0x72], dh 0x12b94: outsw dx, word ptr [si] 0x12b95: jb 0x12bf9 0x12b98: insw word ptr es:[di], dx 0x12b99: and byte ptr [bp + si + 0x65], dh 0x12b9c: jno 0x12c13 0x12b9e: imul si, word ptr [bp + si + 0x65], 0x2073 0x12ba3: dec bp 0x12ba4: imul sp, word ptr [bp + di + 0x72], 0x736f 0x12ba9: outsw dx, word ptr [si] 0x12baa: je 0x12bcd 0x12bad: push di 0x12bae: imul bp, word ptr [bp + 0x64], 0x776f |
| 2018-12-25T12:55:33.115577974Z | 26 | PC: 12bc8 | Set disk transfer address |
| 2018-12-25T12:55:33.117104273Z | 63 | PC: 12ada | Read file or device (See above) |
| 2018-12-25T12:55:33.118754878Z | 62 | PC: 12ae0 | Close file |
| 2018-12-25T12:55:33.121324835Z | 42 | PC: 12b81 | Get date (See above) |
| 2018-12-25T12:55:33.12489931Z | 26 | PC: 12bc8 | Set disk transfer address (See above) |
{"DateBased":true,"Day":13,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17336,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:55:32.646806084Z | 37 | PC: 12a79 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:55:32.648021456Z | 47 | PC: 12a7e | Get disk transfer address |
| 2018-12-25T12:55:32.651043227Z | 26 | PC: 12a8c | Set disk transfer address |
| 2018-12-25T12:55:32.653356049Z | 78 | PC: 12a9c | Find first file |
| 2018-12-25T12:55:32.66120961Z | 61 | PC: 12ac7 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:55:32.669770043Z | 63 | PC: 12ada | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:55:32.676874903Z | 66 | PC: 12afb | Move file pointer |
| 2018-12-25T12:55:32.678699555Z | 64 | PC: 12b0d | Write file or device (Write 9 bytes on handle 5) |
| 2018-12-25T12:55:32.682489679Z | 64 | PC: 12b3b | Write file or device (Write 308 bytes on handle 5) |
| 2018-12-25T12:55:33.34035437Z | 64 | PC: 12b44 | Write file or device (Write 2870 bytes on handle 5) |
| 2018-12-25T12:55:33.350704774Z | 64 | PC: 12b4b | Write file or device (Write 2870 bytes on handle 5) |
| 2018-12-25T12:55:33.361629013Z | 66 | PC: 12b53 | Move file pointer |
| 2018-12-25T12:55:33.363701489Z | 64 | PC: 12b5c | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:55:33.37089677Z | 87 | PC: 12b67 | Get or set file date and time |
| 2018-12-25T12:55:33.372160268Z | 62 | PC: 12b6b | Close file |
| 2018-12-25T12:55:33.377730011Z | 67 | PC: 12b7d | Get or set file attributes |
| 2018-12-25T12:55:33.388483806Z | 42 | PC: 12b81 | Get date 0x12b81: cmp al, 5 0x12b83: jne 0x12bc2 0x12b85: cmp dl, 0xd 0x12b88: jne 0x12bc2 0x12b8a: call 0x12bb8 0x12b8d: push sp 0x12b8e: push 0x7369 0x12b91: and byte ptr [bx + si + 0x72], dh 0x12b94: outsw dx, word ptr [si] 0x12b95: jb 0x12bf9 0x12b98: insw word ptr es:[di], dx 0x12b99: and byte ptr [bp + si + 0x65], dh 0x12b9c: jno 0x12c13 0x12b9e: imul si, word ptr [bp + si + 0x65], 0x2073 0x12ba3: dec bp 0x12ba4: imul sp, word ptr [bp + di + 0x72], 0x736f 0x12ba9: outsw dx, word ptr [si] 0x12baa: je 0x12bcd 0x12bad: push di 0x12bae: imul bp, word ptr [bp + 0x64], 0x776f |
| 2018-12-25T12:55:33.391097135Z | 9 | PC: 12bbd | Display string (String= 'This program requires Microsoft Windows. ') |
| 2018-12-25T12:55:33.397454773Z | 76 | PC: 12bc2 | Terminate with return code (Return code = '0') |