{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1956,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:44:36.8261781Z | 48 | PC: 16d6b | Get DOS version |
| 2018-12-25T11:44:36.828185891Z | 42 | PC: 16d76 | Get date 0x16d76: cmp cx, 0x7ca 0x16d7a: jae 0x16d7f 0x16d7c: jmp 0x16e2c 0x16d7f: mov ah, 0x1a 0x16d81: mov dx, 0xfd00 0x16d84: int 0x21 0x16d86: mov ax, word ptr cs:[0x2c] 0x16d8a: mov ds, ax 0x16d8c: mov si, 0 0x16d8f: mov cx, 0x4000 0x16d92: lodsb al, byte ptr [si] 0x16d93: cmp al, 1 0x16d95: je 0x16d99 0x16d97: loop 0x16d92 0x16d99: inc si 0x16d9a: push cs 0x16d9b: pop es 0x16d9c: mov di, 0xfd80 0x16d9f: mov cx, 0x80 0x16da2: lodsb al, byte ptr [si] |
| 2018-12-25T11:44:36.83172599Z | 26 | PC: 16e33 | Set disk transfer address |
| 2018-12-25T11:44:36.833299346Z | 78 | PC: 16e3d | Find first file |
| 2018-12-25T11:44:36.840296871Z | 67 | PC: 16e4a | Get or set file attributes |
| 2018-12-25T11:44:36.848028086Z | 67 | PC: 16e52 | Get or set file attributes |
| 2018-12-25T11:44:36.870065627Z | 61 | PC: 16e57 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:44:36.877823159Z | 87 | PC: 16e5d | Get or set file date and time |
| 2018-12-25T11:44:36.880794535Z | 63 | PC: 16e6a | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T11:44:36.888399243Z | 66 | PC: 16e90 | Move file pointer |
| 2018-12-25T11:44:36.890393414Z | 66 | PC: 16f2f | Move file pointer |
| 2018-12-25T11:44:36.893287227Z | 63 | PC: 16f39 | Read file or device (Read 52 bytes on handle 5) |
| 2018-12-25T11:44:36.896215261Z | 66 | PC: 16e90 | Move file pointer (See above) |
| 2018-12-25T11:44:36.897831084Z | 44 | PC: 16f86 | Get time 0x16f86: cmp dl, 0 0x16f89: jne 0x16f8d 0x16f8b: jmp 0x16f82 0x16f8d: mov byte ptr cs:[bp + 0x17], dl 0x16f91: lea si, word ptr [bp + 4] 0x16f94: mov di, 0xfb00 0x16f97: mov cx, 0x17 0x16f9a: rep movsb byte ptr es:[di], byte ptr [si] 0x16f9c: lea si, word ptr [bp + 0x1b] 0x16f9f: mov cx, 0x456 0x16fa2: lodsb al, byte ptr [si] 0x16fa3: xor al, dl 0x16fa5: stosb byte ptr es:[di], al 0x16fa6: loop 0x16fa2 0x16fa8: int3 0x16fa9: inc ax 0x16faa: mov dx, 0xfb00 0x16fad: mov cx, 0x46d 0x16fb0: int 0x21 0x16fb2: mov ax, 0x4200 |
| 2018-12-25T11:44:36.900741909Z | 44 | PC: 16fb2 | Get time 0x16fb2: mov ax, 0x4200 0x16fb5: call 0x26e8a 0x16fb8: mov ah, 0x40 0x16fba: lea dx, word ptr [bp + 0x466] 0x16fbe: mov cx, 4 0x16fc1: int 0x21 0x16fc3: call 0x16feb 0x16fc6: mov ah, 0x1a 0x16fc8: mov dx, 0x80 0x16fcb: int 0x21 0x16fcd: mov ax, word ptr cs:[bp + 0x462] 0x16fd2: mov dx, word ptr cs:[bp + 0x464] 0x16fd7: xor bx, bx 0x16fd9: push bx 0x16fda: pop ds 0x16fdb: mov word ptr [0x90], dx 0x16fdf: mov word ptr [0x92], ax 0x16fe2: push cs 0x16fe3: pop ds 0x16fe4: pop ax |
| 2018-12-25T11:44:36.903873695Z | 66 | PC: 16e90 | Move file pointer (See above) |
| 2018-12-25T11:44:36.905480851Z | 64 | PC: 16fc3 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:44:36.908557109Z | 87 | PC: 16ff3 | Get or set file date and time |
| 2018-12-25T11:44:36.911413534Z | 62 | PC: 16ff7 | Close file |
| 2018-12-25T11:44:36.91946723Z | 67 | PC: 17000 | Get or set file attributes |
| 2018-12-25T11:44:36.924296875Z | 26 | PC: 16fcd | Set disk transfer address |
{"DateBased":true,"Day":1,"Month":1,"Year":1995,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1956,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:44:36.847760547Z | 48 | PC: 16d6b | Get DOS version |
| 2018-12-25T11:44:36.849711086Z | 42 | PC: 16d76 | Get date 0x16d76: cmp cx, 0x7ca 0x16d7a: jae 0x16d7f 0x16d7c: jmp 0x16e2c 0x16d7f: mov ah, 0x1a 0x16d81: mov dx, 0xfd00 0x16d84: int 0x21 0x16d86: mov ax, word ptr cs:[0x2c] 0x16d8a: mov ds, ax 0x16d8c: mov si, 0 0x16d8f: mov cx, 0x4000 0x16d92: lodsb al, byte ptr [si] 0x16d93: cmp al, 1 0x16d95: je 0x16d99 0x16d97: loop 0x16d92 0x16d99: inc si 0x16d9a: push cs 0x16d9b: pop es 0x16d9c: mov di, 0xfd80 0x16d9f: mov cx, 0x80 0x16da2: lodsb al, byte ptr [si] |
| 2018-12-25T11:44:36.851775691Z | 26 | PC: 16d86 | Set disk transfer address |
| 2018-12-25T11:44:36.852860221Z | 67 | PC: 16dd4 | Get or set file attributes |
| 2018-12-25T11:44:36.858808475Z | 67 | PC: 16de1 | Get or set file attributes |
| 2018-12-25T11:44:36.874118559Z | 61 | PC: 16de6 | Open file (Filename = 'A:\TEST.COM') |
| 2018-12-25T11:44:36.880752221Z | 87 | PC: 16ded | Get or set file date and time |
| 2018-12-25T11:44:36.886052336Z | 62 | PC: 16df3 | Close file |
| 2018-12-25T11:44:36.887560239Z | 60 | PC: 16dfc | Create or truncate file |
| 2018-12-25T11:44:36.895011147Z | 64 | PC: 16e0b | Write file or device (Write 17111 bytes on handle 5) |
| 2018-12-25T11:44:36.904653009Z | 87 | PC: 16e12 | Get or set file date and time |
| 2018-12-25T11:44:36.906023015Z | 62 | PC: 16e16 | Close file |
| 2018-12-25T11:44:36.915651156Z | 67 | PC: 16e1f | Get or set file attributes |
| 2018-12-25T11:44:36.930136315Z | 9 | PC: 16e29 | Display string (Could not find end pointer) |
| 2018-12-25T11:44:36.94489906Z | 26 | PC: 16fcd | Set disk transfer address |
| 2018-12-25T11:44:37.025029271Z | 84 | PC: 17a14 | Get verify flag |