{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2684,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:46:15.348470272Z | 47 | PC: 12a68 | Get disk transfer address |
| 2018-12-25T11:46:15.349593554Z | 26 | PC: 12a70 | Set disk transfer address |
| 2018-12-25T11:46:15.351460401Z | 71 | PC: 12ab9 | Get current directory |
| 2018-12-25T11:46:15.353666745Z | 47 | PC: 12ae3 | Get disk transfer address |
| 2018-12-25T11:46:15.354844092Z | 26 | PC: 12af2 | Set disk transfer address |
| 2018-12-25T11:46:15.356875645Z | 78 | PC: 12afa | Find first file |
| 2018-12-25T11:46:15.360854265Z | 47 | PC: 12b12 | Get disk transfer address |
| 2018-12-25T11:46:15.362016521Z | 61 | PC: 12b2b | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:46:15.370021073Z | 63 | PC: 12b37 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T11:46:15.376928349Z | 66 | PC: 12b41 | Move file pointer |
| 2018-12-25T11:46:15.37815578Z | 62 | PC: 12b46 | Close file |
| 2018-12-25T11:46:15.384278877Z | 67 | PC: 12b66 | Get or set file attributes |
| 2018-12-25T11:46:15.397293296Z | 61 | PC: 12b6b | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:46:15.404797072Z | 64 | PC: 12b77 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T11:46:15.408943298Z | 66 | PC: 12b81 | Move file pointer |
| 2018-12-25T11:46:15.411313925Z | 64 | PC: 12c69 | Write file or device (Write 528 bytes on handle 5) |
| 2018-12-25T11:46:15.420922063Z | 87 | PC: 12b91 | Get or set file date and time |
| 2018-12-25T11:46:15.423058272Z | 62 | PC: 12b95 | Close file |
| 2018-12-25T11:46:15.432623212Z | 67 | PC: 12ba2 | Get or set file attributes |
| 2018-12-25T11:46:15.443569635Z | 26 | PC: 12b0c | Set disk transfer address |
| 2018-12-25T11:46:15.444757914Z | 59 | PC: 12ac8 | Change current directory |
| 2018-12-25T11:46:15.449799967Z | 59 | PC: 12ad1 | Change current directory |
| 2018-12-25T11:46:15.452458284Z | 42 | PC: 12a80 | Get date 0x12a80: cmp dx, 0x101 0x12a84: jne 0x12aa2 0x12a86: lea si, word ptr [di + 0x26f] 0x12a8a: mov ah, 0xe 0x12a8c: lodsb al, byte ptr [si] 0x12a8d: or al, al 0x12a8f: je 0x12aa2 0x12a91: int 0x10 0x12a93: jmp 0x12a8a 0x12a95: sub ax, 0x5b3d 0x12a98: push si 0x12a99: inc bx 0x12a9a: dec sp 0x12a9b: das 0x12a9c: inc dx 0x12a9d: inc bp 0x12a9e: jbe 0x12afd 0x12aa0: cmp ax, 0x5a2d 0x12aa3: mov ah, 0x1a 0x12aa5: int 0x21 |
| 2018-12-25T11:46:15.461204424Z | 26 | PC: 12aa7 | Set disk transfer address |
{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2684,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:46:15.357497445Z | 47 | PC: 12a68 | Get disk transfer address |
| 2018-12-25T11:46:15.367003668Z | 26 | PC: 12a70 | Set disk transfer address |
| 2018-12-25T11:46:15.379566915Z | 42 | PC: 12a80 | Get date 0x12a80: cmp dx, 0x101 0x12a84: jne 0x12aa2 0x12a86: lea si, word ptr [di + 0x26f] 0x12a8a: mov ah, 0xe 0x12a8c: lodsb al, byte ptr [si] 0x12a8d: or al, al 0x12a8f: je 0x12aa2 0x12a91: int 0x10 0x12a93: jmp 0x12a8a 0x12a95: sub ax, 0x5b3d 0x12a98: push si 0x12a99: inc bx 0x12a9a: dec sp 0x12a9b: das 0x12a9c: inc dx 0x12a9d: inc bp 0x12a9e: jbe 0x12afd 0x12aa0: cmp ax, 0x5a2d 0x12aa3: mov ah, 0x1a 0x12aa5: int 0x21 |
| 2018-12-25T11:46:15.381635506Z | 26 | PC: 12aa7 | Set disk transfer address |