{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2252,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:45:19.371448956Z | 78 | PC: 12a88 | Find first file |
| 2018-12-25T11:45:19.389581763Z | 67 | PC: 12ad1 | Get or set file attributes |
| 2018-12-25T11:45:19.395990039Z | 67 | PC: 12ae5 | Get or set file attributes |
| 2018-12-25T11:45:19.611058566Z | 61 | PC: 12af2 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:45:19.617564138Z | 63 | PC: 12b08 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T11:45:19.624658211Z | 66 | PC: 12b33 | Move file pointer |
| 2018-12-25T11:45:19.626053211Z | 66 | PC: 12b6c | Move file pointer |
| 2018-12-25T11:45:19.627400858Z | 63 | PC: 12b7f | Read file or device (Read 1 bytes on handle 5) |
| 2018-12-25T11:45:19.63041894Z | 66 | PC: 12bab | Move file pointer |
| 2018-12-25T11:45:19.633018323Z | 64 | PC: 12bbc | Write file or device (Write 692 bytes on handle 5) |
| 2018-12-25T11:45:19.641657057Z | 66 | PC: 12bce | Move file pointer |
| 2018-12-25T11:45:19.643359801Z | 64 | PC: 12bde | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T11:45:19.650290349Z | 42 | PC: 12be4 | Get date 0x12be4: cmp dh, 3 0x12be7: je 0x12bec 0x12be9: jmp 0x12c0e 0x12beb: nop 0x12bec: cmp dl, 0xa 0x12bef: je 0x12bf4 0x12bf1: jmp 0x12c0e 0x12bf3: nop 0x12bf4: mov byte ptr [0x3c2], 0 0x12bf9: nop 0x12bfa: mov al, byte ptr [0x3c2] 0x12bfd: out 0x70, al 0x12bff: mov al, 0 0x12c01: out 0x71, al 0x12c03: inc byte ptr [0x3c2] 0x12c07: cmp byte ptr [0x3c2], 0x40 0x12c0c: jne 0x12bfa 0x12c0e: cmp word ptr [0x329], -1 0x12c13: je 0x12c29 0x12c15: mov bx, word ptr [0x329] |
| 2018-12-25T11:45:19.652342875Z | 62 | PC: 12c1d | Close file |
| 2018-12-25T11:45:19.660513056Z | 67 | PC: 12c29 | Get or set file attributes |
{"DateBased":true,"Day":1,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2252,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:45:19.464487868Z | 78 | PC: 12a88 | Find first file |
| 2018-12-25T11:45:19.470548787Z | 67 | PC: 12ad1 | Get or set file attributes |
| 2018-12-25T11:45:19.475780557Z | 67 | PC: 12ae5 | Get or set file attributes |
| 2018-12-25T11:45:19.610958101Z | 61 | PC: 12af2 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:45:19.62334517Z | 63 | PC: 12b08 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T11:45:19.62946288Z | 66 | PC: 12b33 | Move file pointer |
| 2018-12-25T11:45:19.631042987Z | 66 | PC: 12b6c | Move file pointer |
| 2018-12-25T11:45:19.633018702Z | 63 | PC: 12b7f | Read file or device (Read 1 bytes on handle 5) |
| 2018-12-25T11:45:19.635322074Z | 66 | PC: 12bab | Move file pointer |
| 2018-12-25T11:45:19.636539868Z | 64 | PC: 12bbc | Write file or device (Write 692 bytes on handle 5) |
| 2018-12-25T11:45:19.645490883Z | 66 | PC: 12bce | Move file pointer |
| 2018-12-25T11:45:19.646838092Z | 64 | PC: 12bde | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T11:45:19.653179765Z | 42 | PC: 12be4 | Get date 0x12be4: cmp dh, 3 0x12be7: je 0x12bec 0x12be9: jmp 0x12c0e 0x12beb: nop 0x12bec: cmp dl, 0xa 0x12bef: je 0x12bf4 0x12bf1: jmp 0x12c0e 0x12bf3: nop 0x12bf4: mov byte ptr [0x3c2], 0 0x12bf9: nop 0x12bfa: mov al, byte ptr [0x3c2] 0x12bfd: out 0x70, al 0x12bff: mov al, 0 0x12c01: out 0x71, al 0x12c03: inc byte ptr [0x3c2] 0x12c07: cmp byte ptr [0x3c2], 0x40 0x12c0c: jne 0x12bfa 0x12c0e: cmp word ptr [0x329], -1 0x12c13: je 0x12c29 0x12c15: mov bx, word ptr [0x329] |
| 2018-12-25T11:45:19.655375785Z | 62 | PC: 12c1d | Close file |
| 2018-12-25T11:45:19.66584864Z | 67 | PC: 12c29 | Get or set file attributes |
{"DateBased":true,"Day":10,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2252,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:45:20.001405481Z | 78 | PC: 12a88 | Find first file |
| 2018-12-25T11:45:20.010645493Z | 67 | PC: 12ad1 | Get or set file attributes |
| 2018-12-25T11:45:20.016876815Z | 67 | PC: 12ae5 | Get or set file attributes |
| 2018-12-25T11:45:20.032415769Z | 61 | PC: 12af2 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:45:20.039469085Z | 63 | PC: 12b08 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T11:45:20.046864521Z | 66 | PC: 12b33 | Move file pointer |
| 2018-12-25T11:45:20.048386966Z | 66 | PC: 12b6c | Move file pointer |
| 2018-12-25T11:45:20.049753691Z | 63 | PC: 12b7f | Read file or device (Read 1 bytes on handle 5) |
| 2018-12-25T11:45:20.052998945Z | 66 | PC: 12bab | Move file pointer |
| 2018-12-25T11:45:20.054432343Z | 64 | PC: 12bbc | Write file or device (Write 692 bytes on handle 5) |
| 2018-12-25T11:45:20.062802977Z | 66 | PC: 12bce | Move file pointer |
| 2018-12-25T11:45:20.065705697Z | 64 | PC: 12bde | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T11:45:20.072752233Z | 42 | PC: 12be4 | Get date 0x12be4: cmp dh, 3 0x12be7: je 0x12bec 0x12be9: jmp 0x12c0e 0x12beb: nop 0x12bec: cmp dl, 0xa 0x12bef: je 0x12bf4 0x12bf1: jmp 0x12c0e 0x12bf3: nop 0x12bf4: mov byte ptr [0x3c2], 0 0x12bf9: nop 0x12bfa: mov al, byte ptr [0x3c2] 0x12bfd: out 0x70, al 0x12bff: mov al, 0 0x12c01: out 0x71, al 0x12c03: inc byte ptr [0x3c2] 0x12c07: cmp byte ptr [0x3c2], 0x40 0x12c0c: jne 0x12bfa 0x12c0e: cmp word ptr [0x329], -1 0x12c13: je 0x12c29 0x12c15: mov bx, word ptr [0x329] |
| 2018-12-25T11:45:20.075445378Z | 62 | PC: 12c1d | Close file |
| 2018-12-25T11:45:20.084049485Z | 67 | PC: 12c29 | Get or set file attributes |