{"DateBased":true,"Day":27,"Month":8,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7738,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:02:29.968268484Z | 42 | PC: 12e58 | Get date 0x12e58: cmp dh, 8 0x12e5b: jb 0x12e71 0x12e5d: cmp dl, 0x16 0x12e60: jb 0x12e71 0x12e62: cmp al, 3 0x12e64: jne 0x12e71 0x12e66: mov ah, 9 0x12e68: lea dx, word ptr [bp + 0x130] 0x12e6c: int 0x21 0x12e6e: cli 0x12e6f: jmp 0x12e6e 0x12e71: mov ah, 0x1a 0x12e73: mov dx, 0xfc00 0x12e76: int 0x21 0x12e78: mov ah, 0x4e 0x12e7a: lea dx, word ptr [bp + 0x12a] 0x12e7e: xor cx, cx 0x12e80: int 0x21 0x12e82: jae 0x12e87 0x12e84: jmp 0x12f26 |
| 2018-12-25T12:02:29.970940356Z | 9 | PC: 12e6e | Display string (Could not find end pointer) |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7738,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:02:30.231815452Z | 42 | PC: 12e58 | Get date 0x12e58: cmp dh, 8 0x12e5b: jb 0x12e71 0x12e5d: cmp dl, 0x16 0x12e60: jb 0x12e71 0x12e62: cmp al, 3 0x12e64: jne 0x12e71 0x12e66: mov ah, 9 0x12e68: lea dx, word ptr [bp + 0x130] 0x12e6c: int 0x21 0x12e6e: cli 0x12e6f: jmp 0x12e6e 0x12e71: mov ah, 0x1a 0x12e73: mov dx, 0xfc00 0x12e76: int 0x21 0x12e78: mov ah, 0x4e 0x12e7a: lea dx, word ptr [bp + 0x12a] 0x12e7e: xor cx, cx 0x12e80: int 0x21 0x12e82: jae 0x12e87 0x12e84: jmp 0x12f26 |
| 2018-12-25T12:02:30.234823915Z | 26 | PC: 12e78 | Set disk transfer address |
| 2018-12-25T12:02:30.236112107Z | 78 | PC: 12e82 | Find first file |
| 2018-12-25T12:02:30.242110346Z | 67 | PC: 12e8f | Get or set file attributes |
| 2018-12-25T12:02:30.248058779Z | 67 | PC: 12e97 | Get or set file attributes |
| 2018-12-25T12:02:30.263837033Z | 61 | PC: 12e9c | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:02:30.267884491Z | 87 | PC: 12ea2 | Get or set file date and time |
| 2018-12-25T12:02:30.268816545Z | 63 | PC: 12eaf | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T12:02:30.281137815Z | 66 | PC: 12ed5 | Move file pointer |
| 2018-12-25T12:02:30.282904841Z | 44 | PC: 12ee8 | Get time 0x12ee8: mov byte ptr cs:[bp + 0x19], dl 0x12eed: lea si, word ptr [bp + 4] 0x12ef1: mov di, 0xfd00 0x12ef4: mov cx, 0x19 0x12ef7: rep movsb byte ptr es:[di], byte ptr [si] 0x12ef9: lea si, word ptr [bp + 0x1d] 0x12efd: mov cx, 0x22c 0x12f00: nop 0x12f01: lodsb al, byte ptr [si] 0x12f02: xor al, dl 0x12f04: stosb byte ptr es:[di], al 0x12f05: loop 0x12f01 0x12f07: mov ah, 0x40 0x12f09: mov dx, 0xfd00 0x12f0c: mov cx, 0x245 0x12f0f: nop 0x12f10: int 0x21 0x12f12: mov ax, 0x4200 0x12f15: call 0x22ecf 0x12f18: mov ah, 0x40 |
| 2018-12-25T12:02:30.285409158Z | 64 | PC: 12f12 | Write file or device (Write 581 bytes on handle 5) |
| 2018-12-25T12:02:30.295272328Z | 66 | PC: 12ed5 | Move file pointer (See above) |
| 2018-12-25T12:02:30.298680442Z | 64 | PC: 12f23 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:02:30.309520977Z | 87 | PC: 12f3c | Get or set file date and time |
| 2018-12-25T12:02:30.313881871Z | 62 | PC: 12f40 | Close file |
| 2018-12-25T12:02:30.330998112Z | 67 | PC: 12f49 | Get or set file attributes |
| 2018-12-25T12:02:30.341292529Z | 26 | PC: 12f2d | Set disk transfer address |
{"DateBased":true,"Day":1,"Month":8,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7738,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:02:30.584020914Z | 42 | PC: 12e58 | Get date 0x12e58: cmp dh, 8 0x12e5b: jb 0x12e71 0x12e5d: cmp dl, 0x16 0x12e60: jb 0x12e71 0x12e62: cmp al, 3 0x12e64: jne 0x12e71 0x12e66: mov ah, 9 0x12e68: lea dx, word ptr [bp + 0x130] 0x12e6c: int 0x21 0x12e6e: cli 0x12e6f: jmp 0x12e6e 0x12e71: mov ah, 0x1a 0x12e73: mov dx, 0xfc00 0x12e76: int 0x21 0x12e78: mov ah, 0x4e 0x12e7a: lea dx, word ptr [bp + 0x12a] 0x12e7e: xor cx, cx 0x12e80: int 0x21 0x12e82: jae 0x12e87 0x12e84: jmp 0x12f26 |
| 2018-12-25T12:02:30.587147782Z | 26 | PC: 12e78 | Set disk transfer address |
| 2018-12-25T12:02:30.589019947Z | 78 | PC: 12e82 | Find first file |
| 2018-12-25T12:02:30.595084472Z | 67 | PC: 12e8f | Get or set file attributes |
| 2018-12-25T12:02:30.601448682Z | 67 | PC: 12e97 | Get or set file attributes |
| 2018-12-25T12:02:30.619528305Z | 61 | PC: 12e9c | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:02:30.630358696Z | 87 | PC: 12ea2 | Get or set file date and time |
| 2018-12-25T12:02:30.632822731Z | 63 | PC: 12eaf | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T12:02:30.652468512Z | 66 | PC: 12ed5 | Move file pointer |
| 2018-12-25T12:02:30.654086829Z | 44 | PC: 12ee8 | Get time 0x12ee8: mov byte ptr cs:[bp + 0x19], dl 0x12eed: lea si, word ptr [bp + 4] 0x12ef1: mov di, 0xfd00 0x12ef4: mov cx, 0x19 0x12ef7: rep movsb byte ptr es:[di], byte ptr [si] 0x12ef9: lea si, word ptr [bp + 0x1d] 0x12efd: mov cx, 0x22c 0x12f00: nop 0x12f01: lodsb al, byte ptr [si] 0x12f02: xor al, dl 0x12f04: stosb byte ptr es:[di], al 0x12f05: loop 0x12f01 0x12f07: mov ah, 0x40 0x12f09: mov dx, 0xfd00 0x12f0c: mov cx, 0x245 0x12f0f: nop 0x12f10: int 0x21 0x12f12: mov ax, 0x4200 0x12f15: call 0x22ecf 0x12f18: mov ah, 0x40 |
| 2018-12-25T12:02:30.657246979Z | 64 | PC: 12f12 | Write file or device (Write 581 bytes on handle 5) |
| 2018-12-25T12:02:30.665261661Z | 66 | PC: 12ed5 | Move file pointer (See above) |
| 2018-12-25T12:02:30.666868048Z | 64 | PC: 12f23 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:02:30.673604393Z | 87 | PC: 12f3c | Get or set file date and time |
| 2018-12-25T12:02:30.675597527Z | 62 | PC: 12f40 | Close file |
| 2018-12-25T12:02:30.683341964Z | 67 | PC: 12f49 | Get or set file attributes |
| 2018-12-25T12:02:30.693770969Z | 26 | PC: 12f2d | Set disk transfer address |
{"DateBased":true,"Day":22,"Month":8,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7738,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:02:30.815354068Z | 42 | PC: 12e58 | Get date 0x12e58: cmp dh, 8 0x12e5b: jb 0x12e71 0x12e5d: cmp dl, 0x16 0x12e60: jb 0x12e71 0x12e62: cmp al, 3 0x12e64: jne 0x12e71 0x12e66: mov ah, 9 0x12e68: lea dx, word ptr [bp + 0x130] 0x12e6c: int 0x21 0x12e6e: cli 0x12e6f: jmp 0x12e6e 0x12e71: mov ah, 0x1a 0x12e73: mov dx, 0xfc00 0x12e76: int 0x21 0x12e78: mov ah, 0x4e 0x12e7a: lea dx, word ptr [bp + 0x12a] 0x12e7e: xor cx, cx 0x12e80: int 0x21 0x12e82: jae 0x12e87 0x12e84: jmp 0x12f26 |
| 2018-12-25T12:02:30.817210098Z | 26 | PC: 12e78 | Set disk transfer address |
| 2018-12-25T12:02:30.818635692Z | 78 | PC: 12e82 | Find first file |
| 2018-12-25T12:02:30.822918362Z | 67 | PC: 12e8f | Get or set file attributes |
| 2018-12-25T12:02:30.826657245Z | 67 | PC: 12e97 | Get or set file attributes |
| 2018-12-25T12:02:30.841126196Z | 61 | PC: 12e9c | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:02:30.845757644Z | 87 | PC: 12ea2 | Get or set file date and time |
| 2018-12-25T12:02:30.847207528Z | 63 | PC: 12eaf | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T12:02:30.85242692Z | 66 | PC: 12ed5 | Move file pointer |
| 2018-12-25T12:02:30.854485072Z | 44 | PC: 12ee8 | Get time 0x12ee8: mov byte ptr cs:[bp + 0x19], dl 0x12eed: lea si, word ptr [bp + 4] 0x12ef1: mov di, 0xfd00 0x12ef4: mov cx, 0x19 0x12ef7: rep movsb byte ptr es:[di], byte ptr [si] 0x12ef9: lea si, word ptr [bp + 0x1d] 0x12efd: mov cx, 0x22c 0x12f00: nop 0x12f01: lodsb al, byte ptr [si] 0x12f02: xor al, dl 0x12f04: stosb byte ptr es:[di], al 0x12f05: loop 0x12f01 0x12f07: mov ah, 0x40 0x12f09: mov dx, 0xfd00 0x12f0c: mov cx, 0x245 0x12f0f: nop 0x12f10: int 0x21 0x12f12: mov ax, 0x4200 0x12f15: call 0x22ecf 0x12f18: mov ah, 0x40 |
| 2018-12-25T12:02:30.8574091Z | 64 | PC: 12f12 | Write file or device (Write 581 bytes on handle 5) |
| 2018-12-25T12:02:30.867147863Z | 66 | PC: 12ed5 | Move file pointer (See above) |
| 2018-12-25T12:02:30.868903948Z | 64 | PC: 12f23 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:02:30.876369679Z | 87 | PC: 12f3c | Get or set file date and time |
| 2018-12-25T12:02:30.879726589Z | 62 | PC: 12f40 | Close file |
| 2018-12-25T12:02:30.89071696Z | 67 | PC: 12f49 | Get or set file attributes |
| 2018-12-25T12:02:30.902471478Z | 26 | PC: 12f2d | Set disk transfer address |