{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8192,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:03:38.48245365Z | 25 | PC: 12a50 | Get default drive |
| 2018-12-25T12:03:38.484264973Z | 71 | PC: 12a62 | Get current directory |
| 2018-12-25T12:03:38.487295788Z | 59 | PC: 12a86 | Change current directory |
| 2018-12-25T12:03:38.491531225Z | 78 | PC: 12ae2 | Find first file |
| 2018-12-25T12:03:38.498843352Z | 61 | PC: 12af6 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:03:38.505528074Z | 63 | PC: 12b04 | Read file or device (Read 463 bytes on handle 5) |
| 2018-12-25T12:03:38.512985484Z | 66 | PC: 12b10 | Move file pointer |
| 2018-12-25T12:03:38.514516963Z | 62 | PC: 12b18 | Close file |
| 2018-12-25T12:03:38.516572012Z | 67 | PC: 12b2c | Get or set file attributes |
| 2018-12-25T12:03:38.525737965Z | 67 | PC: 12b36 | Get or set file attributes |
| 2018-12-25T12:03:38.545099388Z | 61 | PC: 12b3f | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:03:38.552322388Z | 87 | PC: 12b47 | Get or set file date and time |
| 2018-12-25T12:03:38.553584165Z | 64 | PC: 12b55 | Write file or device (Write 463 bytes on handle 5) |
| 2018-12-25T12:03:38.560800219Z | 66 | PC: 12b61 | Move file pointer |
| 2018-12-25T12:03:38.563161846Z | 64 | PC: 12b6d | Write file or device (Write 463 bytes on handle 5) |
| 2018-12-25T12:03:38.575182708Z | 87 | PC: 12b75 | Get or set file date and time |
| 2018-12-25T12:03:38.576633484Z | 62 | PC: 12b79 | Close file |
| 2018-12-25T12:03:38.590477137Z | 14 | PC: 12b82 | Set default drive (Drive = 'A') |
| 2018-12-25T12:03:38.592332143Z | 59 | PC: 12b8a | Change current directory |
| 2018-12-25T12:03:38.596168466Z | 42 | PC: 12b9f | Get date 0x12b9f: cmp al, 5 0x12ba1: jne 0x12bb3 0x12ba3: cmp dl, 0xd 0x12ba6: jne 0x12bb3 0x12ba8: mov ax, 0x50c 0x12bab: mov dx, 2 0x12bae: mov cx, 1 0x12bb1: int 0x13 0x12bb3: lea si, word ptr [0x296] 0x12bb7: mov di, word ptr cs:[0x2cd] 0x12bbc: add di, 0x1cf 0x12bc0: mov ax, di 0x12bc2: mov cx, 7 0x12bc5: rep movsb byte ptr es:[di], byte ptr [si] 0x12bc7: mov si, word ptr cs:[0x2cd] 0x12bcc: lea di, word ptr [0x100] 0x12bd0: mov cx, 0x1cf 0x12bd3: nop 0x12bd4: jmp ax 0x12bd6: rep movsb byte ptr es:[di], byte ptr [si] |
| 2018-12-25T12:03:38.599894189Z | 76 | PC: 1514d | Terminate with return code (Return code = '0') |
{"DateBased":true,"Day":4,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8192,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:03:38.663173471Z | 25 | PC: 12a50 | Get default drive |
| 2018-12-25T12:03:38.664313254Z | 71 | PC: 12a62 | Get current directory |
| 2018-12-25T12:03:38.66634192Z | 59 | PC: 12a86 | Change current directory |
| 2018-12-25T12:03:38.668869094Z | 78 | PC: 12ae2 | Find first file |
| 2018-12-25T12:03:38.675783826Z | 61 | PC: 12af6 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:03:38.682739819Z | 63 | PC: 12b04 | Read file or device (Read 463 bytes on handle 5) |
| 2018-12-25T12:03:38.688435421Z | 66 | PC: 12b10 | Move file pointer |
| 2018-12-25T12:03:38.690086854Z | 62 | PC: 12b18 | Close file |
| 2018-12-25T12:03:38.697448177Z | 67 | PC: 12b2c | Get or set file attributes |
| 2018-12-25T12:03:38.701163917Z | 67 | PC: 12b36 | Get or set file attributes |
| 2018-12-25T12:03:39.588175346Z | 61 | PC: 12b3f | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:03:39.595001817Z | 87 | PC: 12b47 | Get or set file date and time |
| 2018-12-25T12:03:39.596575124Z | 64 | PC: 12b55 | Write file or device (Write 463 bytes on handle 5) |
| 2018-12-25T12:03:39.599969735Z | 66 | PC: 12b61 | Move file pointer |
| 2018-12-25T12:03:39.602274817Z | 64 | PC: 12b6d | Write file or device (Write 463 bytes on handle 5) |
| 2018-12-25T12:03:39.625169391Z | 87 | PC: 12b75 | Get or set file date and time |
| 2018-12-25T12:03:39.626910796Z | 62 | PC: 12b79 | Close file |
| 2018-12-25T12:03:39.632788212Z | 14 | PC: 12b82 | Set default drive (Drive = 'A') |
| 2018-12-25T12:03:39.634387552Z | 59 | PC: 12b8a | Change current directory |
| 2018-12-25T12:03:39.640378854Z | 42 | PC: 12b9f | Get date 0x12b9f: cmp al, 5 0x12ba1: jne 0x12bb3 0x12ba3: cmp dl, 0xd 0x12ba6: jne 0x12bb3 0x12ba8: mov ax, 0x50c 0x12bab: mov dx, 2 0x12bae: mov cx, 1 0x12bb1: int 0x13 0x12bb3: lea si, word ptr [0x296] 0x12bb7: mov di, word ptr cs:[0x2cd] 0x12bbc: add di, 0x1cf 0x12bc0: mov ax, di 0x12bc2: mov cx, 7 0x12bc5: rep movsb byte ptr es:[di], byte ptr [si] 0x12bc7: mov si, word ptr cs:[0x2cd] 0x12bcc: lea di, word ptr [0x100] 0x12bd0: mov cx, 0x1cf 0x12bd3: nop 0x12bd4: jmp ax 0x12bd6: rep movsb byte ptr es:[di], byte ptr [si] |
| 2018-12-25T12:03:39.647209864Z | 76 | PC: 1514d | Terminate with return code (Return code = '0') |
{"DateBased":true,"Day":13,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8192,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:03:38.614310722Z | 25 | PC: 12a50 | Get default drive |
| 2018-12-25T12:03:38.616049642Z | 71 | PC: 12a62 | Get current directory |
| 2018-12-25T12:03:38.619302408Z | 59 | PC: 12a86 | Change current directory |
| 2018-12-25T12:03:38.623783108Z | 78 | PC: 12ae2 | Find first file |
| 2018-12-25T12:03:38.630817668Z | 61 | PC: 12af6 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:03:38.638686551Z | 63 | PC: 12b04 | Read file or device (Read 463 bytes on handle 5) |
| 2018-12-25T12:03:38.645602182Z | 66 | PC: 12b10 | Move file pointer |
| 2018-12-25T12:03:38.647109517Z | 62 | PC: 12b18 | Close file |
| 2018-12-25T12:03:38.650177879Z | 67 | PC: 12b2c | Get or set file attributes |
| 2018-12-25T12:03:38.662438922Z | 67 | PC: 12b36 | Get or set file attributes |
| 2018-12-25T12:03:38.978107282Z | 61 | PC: 12b3f | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:03:38.986429365Z | 87 | PC: 12b47 | Get or set file date and time |
| 2018-12-25T12:03:38.988109422Z | 64 | PC: 12b55 | Write file or device (Write 463 bytes on handle 5) |
| 2018-12-25T12:03:38.996470793Z | 66 | PC: 12b61 | Move file pointer |
| 2018-12-25T12:03:39.000017238Z | 64 | PC: 12b6d | Write file or device (Write 463 bytes on handle 5) |
| 2018-12-25T12:03:39.011230979Z | 87 | PC: 12b75 | Get or set file date and time |
| 2018-12-25T12:03:39.013486467Z | 62 | PC: 12b79 | Close file |
| 2018-12-25T12:03:39.023764874Z | 14 | PC: 12b82 | Set default drive (Drive = 'A') |
| 2018-12-25T12:03:39.025363637Z | 59 | PC: 12b8a | Change current directory |
| 2018-12-25T12:03:39.030549058Z | 42 | PC: 12b9f | Get date 0x12b9f: cmp al, 5 0x12ba1: jne 0x12bb3 0x12ba3: cmp dl, 0xd 0x12ba6: jne 0x12bb3 0x12ba8: mov ax, 0x50c 0x12bab: mov dx, 2 0x12bae: mov cx, 1 0x12bb1: int 0x13 0x12bb3: lea si, word ptr [0x296] 0x12bb7: mov di, word ptr cs:[0x2cd] 0x12bbc: add di, 0x1cf 0x12bc0: mov ax, di 0x12bc2: mov cx, 7 0x12bc5: rep movsb byte ptr es:[di], byte ptr [si] 0x12bc7: mov si, word ptr cs:[0x2cd] 0x12bcc: lea di, word ptr [0x100] 0x12bd0: mov cx, 0x1cf 0x12bd3: nop 0x12bd4: jmp ax 0x12bd6: rep movsb byte ptr es:[di], byte ptr [si] |
| 2018-12-25T12:03:39.034369166Z | 76 | PC: 1514d | Terminate with return code (Return code = '0') |