{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":17460,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:55:50.244038389Z | 47 | PC: 12a90 | Get disk transfer address |
| 2018-12-25T12:55:50.245369911Z | 26 | PC: 12a9f | Set disk transfer address |
| 2018-12-25T12:55:50.246402985Z | 78 | PC: 12b1d | Find first file |
| 2018-12-25T12:55:50.252158464Z | 67 | PC: 12b55 | Get or set file attributes |
| 2018-12-25T12:55:50.257934597Z | 67 | PC: 12b65 | Get or set file attributes |
| 2018-12-25T12:55:50.277560089Z | 61 | PC: 12b6f | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:55:50.288999725Z | 87 | PC: 12b7b | Get or set file date and time |
| 2018-12-25T12:55:50.290951939Z | 44 | PC: 12b85 | Get time 0x12b85: and dh, 7 0x12b88: jne 0x12b9a 0x12b8a: mov ah, 0x40 0x12b8c: mov cx, 5 0x12b8f: mov dx, si 0x12b91: add dx, 0x8a 0x12b95: int 0x21 0x12b97: jmp 0x12c1a 0x12b9a: mov ah, 0x3f 0x12b9c: mov cx, 3 0x12b9f: mov dx, 0xa 0x12ba2: add dx, si 0x12ba4: int 0x21 0x12ba6: jb 0x12c1a 0x12ba8: cmp ax, 3 0x12bab: jne 0x12c1a 0x12bad: mov ax, 0x4202 0x12bb0: mov cx, 0 0x12bb3: mov dx, 0 0x12bb6: int 0x21 |
| 2018-12-25T12:55:50.292416138Z | 63 | PC: 12ba6 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:55:50.297801369Z | 66 | PC: 12bb8 | Move file pointer |
| 2018-12-25T12:55:50.299412587Z | 64 | PC: 12bdb | Write file or device (Write 593 bytes on handle 5) |
| 2018-12-25T12:55:50.307032033Z | 66 | PC: 12bed | Move file pointer |
| 2018-12-25T12:55:50.308206513Z | 64 | PC: 12bfb | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:55:50.314521902Z | 87 | PC: 12c09 | Get or set file date and time |
| 2018-12-25T12:55:50.3158603Z | 62 | PC: 12c0d | Close file |
| 2018-12-25T12:55:50.323417427Z | 67 | PC: 12c1a | Get or set file attributes |
| 2018-12-25T12:55:50.332736539Z | 26 | PC: 12c25 | Set disk transfer address |
{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":7,"TimeBased":true,"OriginalID":17460,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:55:50.258468073Z | 47 | PC: 12a90 | Get disk transfer address |
| 2018-12-25T12:55:50.25980189Z | 26 | PC: 12a9f | Set disk transfer address |
| 2018-12-25T12:55:50.260878658Z | 78 | PC: 12b1d | Find first file |
| 2018-12-25T12:55:50.266903342Z | 67 | PC: 12b55 | Get or set file attributes |
| 2018-12-25T12:55:50.273132632Z | 67 | PC: 12b65 | Get or set file attributes |
| 2018-12-25T12:55:50.289729381Z | 61 | PC: 12b6f | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:55:50.296177892Z | 87 | PC: 12b7b | Get or set file date and time |
| 2018-12-25T12:55:50.298737929Z | 44 | PC: 12b85 | Get time 0x12b85: and dh, 7 0x12b88: jne 0x12b9a 0x12b8a: mov ah, 0x40 0x12b8c: mov cx, 5 0x12b8f: mov dx, si 0x12b91: add dx, 0x8a 0x12b95: int 0x21 0x12b97: jmp 0x12c1a 0x12b9a: mov ah, 0x3f 0x12b9c: mov cx, 3 0x12b9f: mov dx, 0xa 0x12ba2: add dx, si 0x12ba4: int 0x21 0x12ba6: jb 0x12c1a 0x12ba8: cmp ax, 3 0x12bab: jne 0x12c1a 0x12bad: mov ax, 0x4202 0x12bb0: mov cx, 0 0x12bb3: mov dx, 0 0x12bb6: int 0x21 |
| 2018-12-25T12:55:50.300736441Z | 63 | PC: 12ba6 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:55:50.306783507Z | 66 | PC: 12bb8 | Move file pointer |
| 2018-12-25T12:55:50.308137339Z | 64 | PC: 12bdb | Write file or device (Write 593 bytes on handle 5) |
| 2018-12-25T12:55:50.31581152Z | 66 | PC: 12bed | Move file pointer |
| 2018-12-25T12:55:50.317030812Z | 64 | PC: 12bfb | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:55:50.323708835Z | 87 | PC: 12c09 | Get or set file date and time |
| 2018-12-25T12:55:50.325270868Z | 62 | PC: 12c0d | Close file |
| 2018-12-25T12:55:50.332666145Z | 67 | PC: 12c1a | Get or set file attributes |
| 2018-12-25T12:55:50.342190983Z | 26 | PC: 12c25 | Set disk transfer address |