{"DateBased":true,"Day":22,"Month":8,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8516,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:05:04.05467622Z | 42 | PC: 12e56 | Get date 0x12e56: cmp dh, 8 0x12e59: jb 0x12e6f 0x12e5b: cmp dl, 0x16 0x12e5e: jb 0x12e6f 0x12e60: cmp al, 3 0x12e62: jne 0x12e6f 0x12e64: mov ah, 9 0x12e66: lea dx, word ptr [bp + 0x129] 0x12e6a: int 0x21 0x12e6c: cli 0x12e6d: jmp 0x12e6c 0x12e6f: mov ah, 0x1a 0x12e71: mov dx, 0xfc00 0x12e74: int 0x21 0x12e76: mov ah, 0x4e 0x12e78: lea dx, word ptr [bp + 0x123] 0x12e7c: xor cx, cx 0x12e7e: int 0x21 0x12e80: jae 0x12e85 0x12e82: jmp 0x12f1f |
| 2018-12-25T12:05:04.056505507Z | 26 | PC: 12e76 | Set disk transfer address |
| 2018-12-25T12:05:04.057251501Z | 78 | PC: 12e80 | Find first file |
| 2018-12-25T12:05:04.060723512Z | 67 | PC: 12e8d | Get or set file attributes |
| 2018-12-25T12:05:04.065658476Z | 67 | PC: 12e95 | Get or set file attributes |
| 2018-12-25T12:05:04.080721878Z | 61 | PC: 12e9a | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:05:04.084692471Z | 87 | PC: 12ea0 | Get or set file date and time |
| 2018-12-25T12:05:04.086208194Z | 63 | PC: 12ead | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T12:05:04.092200651Z | 66 | PC: 12ed3 | Move file pointer |
| 2018-12-25T12:05:04.093450543Z | 44 | PC: 12ee6 | Get time 0x12ee6: mov byte ptr cs:[bp + 0x17], dl 0x12eea: lea si, word ptr [bp + 4] 0x12eed: mov di, 0xfd00 0x12ef0: mov cx, 0x17 0x12ef3: rep movsb byte ptr es:[di], byte ptr [si] 0x12ef5: lea si, word ptr [bp + 0x1b] 0x12ef8: mov cx, 0x227 0x12efb: lodsb al, byte ptr [si] 0x12efc: xor al, dl 0x12efe: stosb byte ptr es:[di], al 0x12eff: loop 0x12efb 0x12f01: mov ah, 0x40 0x12f03: mov dx, 0xfd00 0x12f06: mov cx, 0x23e 0x12f09: int 0x21 0x12f0b: mov ax, 0x4200 0x12f0e: call 0x22ecd 0x12f11: mov ah, 0x40 0x12f13: lea dx, word ptr [bp + 0x120] 0x12f17: mov cx, 4 |
| 2018-12-25T12:05:04.095682144Z | 64 | PC: 12f0b | Write file or device (Write 574 bytes on handle 5) |
| 2018-12-25T12:05:04.103088953Z | 66 | PC: 12ed3 | Move file pointer (See above) |
| 2018-12-25T12:05:04.104232912Z | 64 | PC: 12f1c | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:05:04.109782156Z | 87 | PC: 12f35 | Get or set file date and time |
| 2018-12-25T12:05:04.111036597Z | 62 | PC: 12f39 | Close file |
| 2018-12-25T12:05:04.115896147Z | 67 | PC: 12f42 | Get or set file attributes |
| 2018-12-25T12:05:04.122012984Z | 26 | PC: 12f26 | Set disk transfer address |
{"DateBased":true,"Day":27,"Month":8,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8516,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:05:04.454629325Z | 42 | PC: 12e56 | Get date 0x12e56: cmp dh, 8 0x12e59: jb 0x12e6f 0x12e5b: cmp dl, 0x16 0x12e5e: jb 0x12e6f 0x12e60: cmp al, 3 0x12e62: jne 0x12e6f 0x12e64: mov ah, 9 0x12e66: lea dx, word ptr [bp + 0x129] 0x12e6a: int 0x21 0x12e6c: cli 0x12e6d: jmp 0x12e6c 0x12e6f: mov ah, 0x1a 0x12e71: mov dx, 0xfc00 0x12e74: int 0x21 0x12e76: mov ah, 0x4e 0x12e78: lea dx, word ptr [bp + 0x123] 0x12e7c: xor cx, cx 0x12e7e: int 0x21 0x12e80: jae 0x12e85 0x12e82: jmp 0x12f1f |
| 2018-12-25T12:05:04.456349454Z | 9 | PC: 12e6c | Display string (Could not find end pointer) |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8516,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:05:05.049188501Z | 42 | PC: 12e56 | Get date 0x12e56: cmp dh, 8 0x12e59: jb 0x12e6f 0x12e5b: cmp dl, 0x16 0x12e5e: jb 0x12e6f 0x12e60: cmp al, 3 0x12e62: jne 0x12e6f 0x12e64: mov ah, 9 0x12e66: lea dx, word ptr [bp + 0x129] 0x12e6a: int 0x21 0x12e6c: cli 0x12e6d: jmp 0x12e6c 0x12e6f: mov ah, 0x1a 0x12e71: mov dx, 0xfc00 0x12e74: int 0x21 0x12e76: mov ah, 0x4e 0x12e78: lea dx, word ptr [bp + 0x123] 0x12e7c: xor cx, cx 0x12e7e: int 0x21 0x12e80: jae 0x12e85 0x12e82: jmp 0x12f1f |
| 2018-12-25T12:05:05.051529788Z | 26 | PC: 12e76 | Set disk transfer address |
| 2018-12-25T12:05:05.05248019Z | 78 | PC: 12e80 | Find first file |
| 2018-12-25T12:05:05.058074811Z | 67 | PC: 12e8d | Get or set file attributes |
| 2018-12-25T12:05:05.063767204Z | 67 | PC: 12e95 | Get or set file attributes |
| 2018-12-25T12:05:05.082300952Z | 61 | PC: 12e9a | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:05:05.088494425Z | 87 | PC: 12ea0 | Get or set file date and time |
| 2018-12-25T12:05:05.089974463Z | 63 | PC: 12ead | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T12:05:05.093821179Z | 66 | PC: 12ed3 | Move file pointer |
| 2018-12-25T12:05:05.094695401Z | 44 | PC: 12ee6 | Get time 0x12ee6: mov byte ptr cs:[bp + 0x17], dl 0x12eea: lea si, word ptr [bp + 4] 0x12eed: mov di, 0xfd00 0x12ef0: mov cx, 0x17 0x12ef3: rep movsb byte ptr es:[di], byte ptr [si] 0x12ef5: lea si, word ptr [bp + 0x1b] 0x12ef8: mov cx, 0x227 0x12efb: lodsb al, byte ptr [si] 0x12efc: xor al, dl 0x12efe: stosb byte ptr es:[di], al 0x12eff: loop 0x12efb 0x12f01: mov ah, 0x40 0x12f03: mov dx, 0xfd00 0x12f06: mov cx, 0x23e 0x12f09: int 0x21 0x12f0b: mov ax, 0x4200 0x12f0e: call 0x22ecd 0x12f11: mov ah, 0x40 0x12f13: lea dx, word ptr [bp + 0x120] 0x12f17: mov cx, 4 |
| 2018-12-25T12:05:05.096343346Z | 64 | PC: 12f0b | Write file or device (Write 574 bytes on handle 5) |
| 2018-12-25T12:05:05.101120018Z | 66 | PC: 12ed3 | Move file pointer (See above) |
| 2018-12-25T12:05:05.101946049Z | 64 | PC: 12f1c | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:05:05.106116197Z | 87 | PC: 12f35 | Get or set file date and time |
| 2018-12-25T12:05:05.10705148Z | 62 | PC: 12f39 | Close file |
| 2018-12-25T12:05:05.111811764Z | 67 | PC: 12f42 | Get or set file attributes |
| 2018-12-25T12:05:05.118200253Z | 26 | PC: 12f26 | Set disk transfer address |
{"DateBased":true,"Day":1,"Month":8,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8516,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:05:05.268987103Z | 42 | PC: 12e56 | Get date 0x12e56: cmp dh, 8 0x12e59: jb 0x12e6f 0x12e5b: cmp dl, 0x16 0x12e5e: jb 0x12e6f 0x12e60: cmp al, 3 0x12e62: jne 0x12e6f 0x12e64: mov ah, 9 0x12e66: lea dx, word ptr [bp + 0x129] 0x12e6a: int 0x21 0x12e6c: cli 0x12e6d: jmp 0x12e6c 0x12e6f: mov ah, 0x1a 0x12e71: mov dx, 0xfc00 0x12e74: int 0x21 0x12e76: mov ah, 0x4e 0x12e78: lea dx, word ptr [bp + 0x123] 0x12e7c: xor cx, cx 0x12e7e: int 0x21 0x12e80: jae 0x12e85 0x12e82: jmp 0x12f1f |
| 2018-12-25T12:05:05.271436156Z | 26 | PC: 12e76 | Set disk transfer address |
| 2018-12-25T12:05:05.272302323Z | 78 | PC: 12e80 | Find first file |
| 2018-12-25T12:05:05.277947862Z | 67 | PC: 12e8d | Get or set file attributes |
| 2018-12-25T12:05:05.283872546Z | 67 | PC: 12e95 | Get or set file attributes |
| 2018-12-25T12:05:05.299549691Z | 61 | PC: 12e9a | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:05:05.305864332Z | 87 | PC: 12ea0 | Get or set file date and time |
| 2018-12-25T12:05:05.307548943Z | 63 | PC: 12ead | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T12:05:05.31345025Z | 66 | PC: 12ed3 | Move file pointer |
| 2018-12-25T12:05:05.314672316Z | 44 | PC: 12ee6 | Get time 0x12ee6: mov byte ptr cs:[bp + 0x17], dl 0x12eea: lea si, word ptr [bp + 4] 0x12eed: mov di, 0xfd00 0x12ef0: mov cx, 0x17 0x12ef3: rep movsb byte ptr es:[di], byte ptr [si] 0x12ef5: lea si, word ptr [bp + 0x1b] 0x12ef8: mov cx, 0x227 0x12efb: lodsb al, byte ptr [si] 0x12efc: xor al, dl 0x12efe: stosb byte ptr es:[di], al 0x12eff: loop 0x12efb 0x12f01: mov ah, 0x40 0x12f03: mov dx, 0xfd00 0x12f06: mov cx, 0x23e 0x12f09: int 0x21 0x12f0b: mov ax, 0x4200 0x12f0e: call 0x22ecd 0x12f11: mov ah, 0x40 0x12f13: lea dx, word ptr [bp + 0x120] 0x12f17: mov cx, 4 |
| 2018-12-25T12:05:05.316819521Z | 64 | PC: 12f0b | Write file or device (Write 574 bytes on handle 5) |
| 2018-12-25T12:05:05.325169819Z | 66 | PC: 12ed3 | Move file pointer (See above) |
| 2018-12-25T12:05:05.326316126Z | 64 | PC: 12f1c | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:05:05.332639338Z | 87 | PC: 12f35 | Get or set file date and time |
| 2018-12-25T12:05:05.334136059Z | 62 | PC: 12f39 | Close file |
| 2018-12-25T12:05:05.341512952Z | 67 | PC: 12f42 | Get or set file attributes |
| 2018-12-25T12:05:05.351889385Z | 26 | PC: 12f26 | Set disk transfer address |