{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":3652,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:49:47.034768074Z | 47 | PC: 12ade | Get disk transfer address |
| 2018-12-25T11:49:47.040481892Z | 26 | PC: 12aec | Set disk transfer address |
| 2018-12-25T11:49:47.041677321Z | 42 | PC: 12af0 | Get date 0x12af0: mov word ptr cs:[di + 0x33], cx 0x12af4: mov word ptr cs:[di + 0x35], dx 0x12af8: sub cx, 1 0x12afb: mov dh, 0xb 0x12afd: mov dl, 0x1c 0x12aff: mov ah, 0x2b 0x12b01: int 0x21 0x12b03: pop dx 0x12b04: add dx, 3 0x12b07: call 0x12bc1 0x12b0a: call 0x12bf5 0x12b0d: call 0x12c70 0x12b10: mov ah, 0x1a 0x12b12: mov dx, word ptr cs:[di + 0xc] 0x12b16: int 0x21 0x12b18: mov cx, word ptr cs:[di + 0x33] 0x12b1c: mov dx, word ptr cs:[di + 0x35] 0x12b20: mov ah, 0x2b 0x12b22: int 0x21 0x12b24: mov bx, 0x100 |
| 2018-12-25T11:49:47.043829762Z | 43 | PC: 12b03 | Set date |
| 2018-12-25T11:49:47.047863532Z | 44 | PC: 12bc7 | Get time 0x12bc7: pop dx 0x12bc8: cmp ch, 0xd 0x12bcb: jl 0x12bf4 0x12bcd: mov ah, 0x4e 0x12bcf: mov cx, 0xef 0x12bd2: int 0x21 0x12bd4: jb 0x12bf4 0x12bd6: mov ah, 0x2f 0x12bd8: int 0x21 0x12bda: mov dx, bx 0x12bdc: mov bx, dx 0x12bde: mov ax, word ptr es:[bx + 0x1a] 0x12be2: sub ax, 3 0x12be5: mov word ptr cs:[di + 1], ax 0x12be9: call 0x22b42 0x12bec: mov ah, 0x4f 0x12bee: int 0x21 0x12bf0: jb 0x12bf4 0x12bf2: loop 0x12bdc 0x12bf4: ret |
| 2018-12-25T11:49:47.049978115Z | 44 | PC: 12bf9 | Get time 0x12bf9: cmp ch, 0x10 0x12bfc: jl 0x12c26 0x12bfe: mov dx, di 0x12c00: add dx, 0xe 0x12c03: call 0x12c53 0x12c06: mov dx, di 0x12c08: add dx, 0x14 0x12c0b: call 0x12c53 0x12c0e: mov dx, di 0x12c10: add dx, 0x1f 0x12c13: call 0x12c53 0x12c16: mov dx, di 0x12c18: add dx, 0x27 0x12c1b: call 0x12c53 0x12c1e: mov dx, di 0x12c20: add dx, 0x2d 0x12c23: call 0x12c53 0x12c26: ret 0x12c27: or cl, byte ptr [di] |
| 2018-12-25T11:49:47.05205888Z | 78 | PC: 12c95 | Find first file |
| 2018-12-25T11:49:47.0625992Z | 26 | PC: 12b18 | Set disk transfer address |
| 2018-12-25T11:49:47.063878746Z | 43 | PC: 12b24 | Set date |
{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":16,"Min":0,"Second":0,"TimeBased":true,"OriginalID":3652,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:49:47.074683488Z | 47 | PC: 12ade | Get disk transfer address |
| 2018-12-25T11:49:47.076632315Z | 26 | PC: 12aec | Set disk transfer address |
| 2018-12-25T11:49:47.077920672Z | 42 | PC: 12af0 | Get date 0x12af0: mov word ptr cs:[di + 0x33], cx 0x12af4: mov word ptr cs:[di + 0x35], dx 0x12af8: sub cx, 1 0x12afb: mov dh, 0xb 0x12afd: mov dl, 0x1c 0x12aff: mov ah, 0x2b 0x12b01: int 0x21 0x12b03: pop dx 0x12b04: add dx, 3 0x12b07: call 0x12bc1 0x12b0a: call 0x12bf5 0x12b0d: call 0x12c70 0x12b10: mov ah, 0x1a 0x12b12: mov dx, word ptr cs:[di + 0xc] 0x12b16: int 0x21 0x12b18: mov cx, word ptr cs:[di + 0x33] 0x12b1c: mov dx, word ptr cs:[di + 0x35] 0x12b20: mov ah, 0x2b 0x12b22: int 0x21 0x12b24: mov bx, 0x100 |
| 2018-12-25T11:49:47.080154018Z | 43 | PC: 12b03 | Set date |
| 2018-12-25T11:49:47.083831Z | 44 | PC: 12bc7 | Get time 0x12bc7: pop dx 0x12bc8: cmp ch, 0xd 0x12bcb: jl 0x12bf4 0x12bcd: mov ah, 0x4e 0x12bcf: mov cx, 0xef 0x12bd2: int 0x21 0x12bd4: jb 0x12bf4 0x12bd6: mov ah, 0x2f 0x12bd8: int 0x21 0x12bda: mov dx, bx 0x12bdc: mov bx, dx 0x12bde: mov ax, word ptr es:[bx + 0x1a] 0x12be2: sub ax, 3 0x12be5: mov word ptr cs:[di + 1], ax 0x12be9: call 0x22b42 0x12bec: mov ah, 0x4f 0x12bee: int 0x21 0x12bf0: jb 0x12bf4 0x12bf2: loop 0x12bdc 0x12bf4: ret |
| 2018-12-25T11:49:47.085977484Z | 78 | PC: 12bd4 | Find first file |
| 2018-12-25T11:49:47.10057467Z | 47 | PC: 12bda | Get disk transfer address |
| 2018-12-25T11:49:47.101856126Z | 61 | PC: 12b59 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:49:47.108291351Z | 63 | PC: 12b67 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T11:49:47.114173313Z | 66 | PC: 12b97 | Move file pointer |
| 2018-12-25T11:49:47.115708397Z | 64 | PC: 12ba0 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T11:49:47.12057412Z | 66 | PC: 12bac | Move file pointer |
| 2018-12-25T11:49:47.121767724Z | 64 | PC: 12bb8 | Write file or device (Write 565 bytes on handle 5) |
| 2018-12-25T11:49:47.132387766Z | 62 | PC: 12bbf | Close file |
| 2018-12-25T11:49:47.138210276Z | 79 | PC: 12bf0 | Find next file |
| 2018-12-25T11:49:47.140668434Z | 61 | PC: 12b59 | Open file (See above) |
| 2018-12-25T11:49:47.144634823Z | 63 | PC: 12b67 | Read file or device (See above) |
| 2018-12-25T11:49:47.149214023Z | 66 | PC: 12b97 | Move file pointer (See above) |
| 2018-12-25T11:49:47.150499473Z | 64 | PC: 12ba0 | Write file or device (See above) |
| 2018-12-25T11:49:47.152991206Z | 66 | PC: 12bac | Move file pointer (See above) |
| 2018-12-25T11:49:47.154979085Z | 64 | PC: 12bb8 | Write file or device (See above) |
| 2018-12-25T11:49:47.160117452Z | 62 | PC: 12bbf | Close file (See above) |
| 2018-12-25T11:49:47.165485094Z | 79 | PC: 12bf0 | Find next file (See above) |
| 2018-12-25T11:49:47.168389096Z | 61 | PC: 12b59 | Open file (See above) |
| 2018-12-25T11:49:47.175459568Z | 63 | PC: 12b67 | Read file or device (See above) |
| 2018-12-25T11:49:47.181831967Z | 66 | PC: 12b97 | Move file pointer (See above) |
| 2018-12-25T11:49:47.184254432Z | 64 | PC: 12ba0 | Write file or device (See above) |
| 2018-12-25T11:49:47.187321903Z | 66 | PC: 12bac | Move file pointer (See above) |
| 2018-12-25T11:49:47.188338695Z | 64 | PC: 12bb8 | Write file or device (See above) |
| 2018-12-25T11:49:47.194107131Z | 62 | PC: 12bbf | Close file (See above) |
| 2018-12-25T11:49:47.202405803Z | 79 | PC: 12bf0 | Find next file (See above) |
| 2018-12-25T11:49:47.204309918Z | 61 | PC: 12b59 | Open file (See above) |
| 2018-12-25T11:49:47.209293152Z | 63 | PC: 12b67 | Read file or device (See above) |
| 2018-12-25T11:49:47.213668145Z | 66 | PC: 12b97 | Move file pointer (See above) |
| 2018-12-25T11:49:47.21463733Z | 64 | PC: 12ba0 | Write file or device (See above) |
| 2018-12-25T11:49:47.216712426Z | 66 | PC: 12bac | Move file pointer (See above) |
| 2018-12-25T11:49:47.217742687Z | 64 | PC: 12bb8 | Write file or device (See above) |
| 2018-12-25T11:49:47.235026011Z | 62 | PC: 12bbf | Close file (See above) |
| 2018-12-25T11:49:47.251059981Z | 79 | PC: 12bf0 | Find next file (See above) |
| 2018-12-25T11:49:47.253772342Z | 61 | PC: 12b59 | Open file (See above) |
| 2018-12-25T11:49:47.259971027Z | 63 | PC: 12b67 | Read file or device (See above) |
| 2018-12-25T11:49:47.266111441Z | 66 | PC: 12b97 | Move file pointer (See above) |
| 2018-12-25T11:49:47.267617651Z | 64 | PC: 12ba0 | Write file or device (See above) |
| 2018-12-25T11:49:47.2707315Z | 66 | PC: 12bac | Move file pointer (See above) |
| 2018-12-25T11:49:47.272070632Z | 64 | PC: 12bb8 | Write file or device (See above) |
| 2018-12-25T11:49:47.27984767Z | 62 | PC: 12bbf | Close file (See above) |
| 2018-12-25T11:49:47.288070663Z | 79 | PC: 12bf0 | Find next file (See above) |
| 2018-12-25T11:49:47.290805581Z | 61 | PC: 12b59 | Open file (See above) |
| 2018-12-25T11:49:47.297088109Z | 63 | PC: 12b67 | Read file or device (See above) |
| 2018-12-25T11:49:47.303346924Z | 66 | PC: 12b97 | Move file pointer (See above) |
| 2018-12-25T11:49:47.304659549Z | 64 | PC: 12ba0 | Write file or device (See above) |
| 2018-12-25T11:49:47.307489708Z | 66 | PC: 12bac | Move file pointer (See above) |
| 2018-12-25T11:49:47.308646003Z | 64 | PC: 12bb8 | Write file or device (See above) |
| 2018-12-25T11:49:47.316691613Z | 62 | PC: 12bbf | Close file (See above) |
| 2018-12-25T11:49:47.338040213Z | 79 | PC: 12bf0 | Find next file (See above) |
| 2018-12-25T11:49:47.341184516Z | 61 | PC: 12b59 | Open file (See above) |
| 2018-12-25T11:49:47.347346188Z | 63 | PC: 12b67 | Read file or device (See above) |
| 2018-12-25T11:49:47.354165309Z | 66 | PC: 12b97 | Move file pointer (See above) |
| 2018-12-25T11:49:47.3554739Z | 64 | PC: 12ba0 | Write file or device (See above) |
| 2018-12-25T11:49:47.364776357Z | 66 | PC: 12bac | Move file pointer (See above) |
| 2018-12-25T11:49:47.366959748Z | 64 | PC: 12bb8 | Write file or device (See above) |
| 2018-12-25T11:49:47.374771587Z | 62 | PC: 12bbf | Close file (See above) |
| 2018-12-25T11:49:47.382473496Z | 79 | PC: 12bf0 | Find next file (See above) |
| 2018-12-25T11:49:47.385193571Z | 61 | PC: 12b59 | Open file (See above) |
| 2018-12-25T11:49:47.391440283Z | 63 | PC: 12b67 | Read file or device (See above) |
| 2018-12-25T11:49:47.397950179Z | 62 | PC: 12bbf | Close file (See above) |
| 2018-12-25T11:49:47.400430887Z | 79 | PC: 12bf0 | Find next file (See above) |
| 2018-12-25T11:49:47.4030067Z | 44 | PC: 12bf9 | Get time 0x12bf9: cmp ch, 0x10 0x12bfc: jl 0x12c26 0x12bfe: mov dx, di 0x12c00: add dx, 0xe 0x12c03: call 0x12c53 0x12c06: mov dx, di 0x12c08: add dx, 0x14 0x12c0b: call 0x12c53 0x12c0e: mov dx, di 0x12c10: add dx, 0x1f 0x12c13: call 0x12c53 0x12c16: mov dx, di 0x12c18: add dx, 0x27 0x12c1b: call 0x12c53 0x12c1e: mov dx, di 0x12c20: add dx, 0x2d 0x12c23: call 0x12c53 0x12c26: ret 0x12c27: or cl, byte ptr [di] |
| 2018-12-25T11:49:47.405005591Z | 78 | PC: 12c5a | Find first file |
| 2018-12-25T11:49:47.410650056Z | 78 | PC: 12c5a | Find first file (See above) |
| 2018-12-25T11:49:47.416537944Z | 78 | PC: 12c5a | Find first file (See above) |
| 2018-12-25T11:49:47.422309091Z | 78 | PC: 12c5a | Find first file (See above) |
| 2018-12-25T11:49:47.428551103Z | 78 | PC: 12c5a | Find first file (See above) |
| 2018-12-25T11:49:47.43903272Z | 78 | PC: 12c95 | Find first file |
| 2018-12-25T11:49:47.44916952Z | 26 | PC: 12b18 | Set disk transfer address |
| 2018-12-25T11:49:47.451137168Z | 43 | PC: 12b24 | Set date |