{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2187,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:45:05.57659618Z | 42 | PC: 13214 | Get date 0x13214: cmp al, 5 0x13216: jne 0x1323b 0x13218: cmp dl, 0xd 0x1321b: jne 0x1323b 0x1321d: mov ax, 3 0x13220: int 0x10 0x13222: add di, 0xd3 0x13226: mov si, di 0x13228: mov cx, 0xa 0x1322b: lodsb al, byte ptr [si] 0x1322c: mov bx, 0x18f 0x1322f: mov ah, 0xe 0x13231: xor al, 0x55 0x13233: int 0xbf 0x13235: loop 0x1322b 0x13237: int 0x10 0x13239: jmp 0x13237 0x1323b: push di 0x1323c: add di, 0xe3 0x13240: mov si, di |
| 2018-12-25T11:45:05.580247295Z | 47 | PC: 1324f | Get disk transfer address |
| 2018-12-25T11:45:05.581746573Z | 78 | PC: 1325a | Find first file |
| 2018-12-25T11:45:05.588084529Z | 61 | PC: 13279 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:45:05.594926752Z | 66 | PC: 13286 | Move file pointer |
| 2018-12-25T11:45:05.597419052Z | 63 | PC: 13292 | Read file or device (Read 6 bytes on handle 5) |
| 2018-12-25T11:45:05.610619759Z | 66 | PC: 1329b | Move file pointer |
| 2018-12-25T11:45:05.612392489Z | 64 | PC: 132a5 | Write file or device (Write 233 bytes on handle 5) |
| 2018-12-25T11:45:05.625630073Z | 66 | PC: 132c5 | Move file pointer |
| 2018-12-25T11:45:05.627076435Z | 64 | PC: 132ce | Write file or device (Write 6 bytes on handle 5) |
| 2018-12-25T11:45:05.633779988Z | 87 | PC: 132d5 | Get or set file date and time |
| 2018-12-25T11:45:05.636791307Z | 62 | PC: 132d9 | Close file |
{"DateBased":true,"Day":4,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2187,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:45:05.644165661Z | 42 | PC: 13214 | Get date 0x13214: cmp al, 5 0x13216: jne 0x1323b 0x13218: cmp dl, 0xd 0x1321b: jne 0x1323b 0x1321d: mov ax, 3 0x13220: int 0x10 0x13222: add di, 0xd3 0x13226: mov si, di 0x13228: mov cx, 0xa 0x1322b: lodsb al, byte ptr [si] 0x1322c: mov bx, 0x18f 0x1322f: mov ah, 0xe 0x13231: xor al, 0x55 0x13233: int 0xbf 0x13235: loop 0x1322b 0x13237: int 0x10 0x13239: jmp 0x13237 0x1323b: push di 0x1323c: add di, 0xe3 0x13240: mov si, di |
| 2018-12-25T11:45:05.648598077Z | 47 | PC: 1324f | Get disk transfer address |
| 2018-12-25T11:45:05.649668918Z | 78 | PC: 1325a | Find first file |
| 2018-12-25T11:45:05.655544187Z | 61 | PC: 13279 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:45:05.663346346Z | 66 | PC: 13286 | Move file pointer |
| 2018-12-25T11:45:05.66544964Z | 63 | PC: 13292 | Read file or device (Read 6 bytes on handle 5) |
| 2018-12-25T11:45:05.672045609Z | 66 | PC: 1329b | Move file pointer |
| 2018-12-25T11:45:05.678957626Z | 64 | PC: 132a5 | Write file or device (Write 233 bytes on handle 5) |
| 2018-12-25T11:45:05.692434821Z | 66 | PC: 132c5 | Move file pointer |
| 2018-12-25T11:45:05.693927769Z | 64 | PC: 132ce | Write file or device (Write 6 bytes on handle 5) |
| 2018-12-25T11:45:05.701184935Z | 87 | PC: 132d5 | Get or set file date and time |
| 2018-12-25T11:45:05.707802945Z | 62 | PC: 132d9 | Close file |
{"DateBased":true,"Day":13,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2187,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:45:06.873448829Z | 42 | PC: 13214 | Get date 0x13214: cmp al, 5 0x13216: jne 0x1323b 0x13218: cmp dl, 0xd 0x1321b: jne 0x1323b 0x1321d: mov ax, 3 0x13220: int 0x10 0x13222: add di, 0xd3 0x13226: mov si, di 0x13228: mov cx, 0xa 0x1322b: lodsb al, byte ptr [si] 0x1322c: mov bx, 0x18f 0x1322f: mov ah, 0xe 0x13231: xor al, 0x55 0x13233: int 0xbf 0x13235: loop 0x1322b 0x13237: int 0x10 0x13239: jmp 0x13237 0x1323b: push di 0x1323c: add di, 0xe3 0x13240: mov si, di |