{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":7707,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:02:24.201775942Z | 26 | PC: 12f49 | Set disk transfer address |
| 2018-12-25T12:02:24.203961445Z | 71 | PC: 12e58 | Get current directory |
| 2018-12-25T12:02:24.20743756Z | 78 | PC: 12e9b | Find first file |
| 2018-12-25T12:02:24.214020799Z | 61 | PC: 12f52 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:02:24.22157832Z | 63 | PC: 12eb6 | Read file or device (Read 26 bytes on handle 5) |
| 2018-12-25T12:02:24.235336728Z | 62 | PC: 12eba | Close file |
| 2018-12-25T12:02:24.237341418Z | 67 | PC: 12f5d | Get or set file attributes |
| 2018-12-25T12:02:24.250935454Z | 61 | PC: 12f52 | Open file (See above) |
| 2018-12-25T12:02:24.266026465Z | 64 | PC: 12f06 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:02:24.273699927Z | 66 | PC: 12f44 | Move file pointer |
| 2018-12-25T12:02:24.275540582Z | 44 | PC: 12f11 | Get time 0x12f11: cmp dh, 0 0x12f14: je 0x12f0d 0x12f16: mov byte ptr cs:[bp + 0x2b0], dh 0x12f1b: call 0x12f85 0x12f1e: mov ax, 0x5701 0x12f21: mov cx, word ptr cs:[bp + 0x323] 0x12f26: mov dx, word ptr cs:[bp + 0x325] 0x12f2b: int 0x21 0x12f2d: mov ah, 0x3e 0x12f2f: int 0x21 0x12f31: xor cx, cx 0x12f33: mov cl, byte ptr cs:[bp + 0x322] 0x12f38: call 0x12f54 0x12f3b: ret 0x12f3c: mov ah, 0x42 0x12f3e: xor cx, cx 0x12f40: xor dx, dx 0x12f42: int 0x21 0x12f44: ret 0x12f45: mov ah, 0x1a |
| 2018-12-25T12:02:24.279432319Z | 64 | PC: 12fe9 | Write file or device (Write 430 bytes on handle 5) |
| 2018-12-25T12:02:24.289587847Z | 73 | PC: 14678 | Release memory |
| 2018-12-25T12:02:24.301480282Z | 76 | PC: 0 | Terminate with return code (Return code = '0') |
{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":7707,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:02:25.017319784Z | 26 | PC: 12f49 | Set disk transfer address |
| 2018-12-25T12:02:25.018493995Z | 71 | PC: 12e58 | Get current directory |
| 2018-12-25T12:02:25.022017902Z | 78 | PC: 12e9b | Find first file |
| 2018-12-25T12:02:25.028771119Z | 61 | PC: 12f52 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:02:25.036107005Z | 63 | PC: 12eb6 | Read file or device (Read 26 bytes on handle 5) |
| 2018-12-25T12:02:25.043948707Z | 62 | PC: 12eba | Close file |
| 2018-12-25T12:02:25.046065946Z | 67 | PC: 12f5d | Get or set file attributes |
| 2018-12-25T12:02:25.063936523Z | 61 | PC: 12f52 | Open file (See above) |
| 2018-12-25T12:02:25.075578767Z | 64 | PC: 12f06 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:02:25.078788463Z | 66 | PC: 12f44 | Move file pointer |
| 2018-12-25T12:02:25.080385759Z | 44 | PC: 12f11 | Get time 0x12f11: cmp dh, 0 0x12f14: je 0x12f0d 0x12f16: mov byte ptr cs:[bp + 0x2b0], dh 0x12f1b: call 0x12f85 0x12f1e: mov ax, 0x5701 0x12f21: mov cx, word ptr cs:[bp + 0x323] 0x12f26: mov dx, word ptr cs:[bp + 0x325] 0x12f2b: int 0x21 0x12f2d: mov ah, 0x3e 0x12f2f: int 0x21 0x12f31: xor cx, cx 0x12f33: mov cl, byte ptr cs:[bp + 0x322] 0x12f38: call 0x12f54 0x12f3b: ret 0x12f3c: mov ah, 0x42 0x12f3e: xor cx, cx 0x12f40: xor dx, dx 0x12f42: int 0x21 0x12f44: ret 0x12f45: mov ah, 0x1a |
| 2018-12-25T12:02:25.084097096Z | 64 | PC: 12fe9 | Write file or device (Write 430 bytes on handle 5) |