{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":7,"TimeBased":true,"OriginalID":8954,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:22:16.431025433Z | 48 | PC: 12af0 | Get DOS version |
| 2018-12-25T12:22:16.44084615Z | 47 | PC: 12afc | Get disk transfer address |
| 2018-12-25T12:22:16.442216543Z | 53 | PC: 12b06 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:22:16.443792237Z | 37 | PC: 12b1a | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:22:16.445549753Z | 26 | PC: 12b23 | Set disk transfer address |
| 2018-12-25T12:22:16.447599947Z | 78 | PC: 12b9b | Find first file |
| 2018-12-25T12:22:16.454743124Z | 67 | PC: 12bd3 | Get or set file attributes |
| 2018-12-25T12:22:16.461442434Z | 67 | PC: 12bde | Get or set file attributes |
| 2018-12-25T12:22:16.483735198Z | 61 | PC: 12be3 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:22:16.491262684Z | 87 | PC: 12bef | Get or set file date and time |
| 2018-12-25T12:22:16.492744405Z | 44 | PC: 12bf9 | Get time 0x12bf9: and dh, 7 0x12bfc: jne 0x12c0d 0x12bfe: mov ah, 0x40 0x12c00: mov cx, 5 0x12c03: mov dx, si 0x12c05: add dx, 0x8a 0x12c09: int 0x21 0x12c0b: jmp 0x12c65 0x12c0d: mov ah, 0x3f 0x12c0f: mov cx, 3 0x12c12: mov dx, 0xa 0x12c15: add dx, si 0x12c17: int 0x21 0x12c19: jb 0x12c65 0x12c1b: cmp ax, 3 0x12c1e: jne 0x12c65 0x12c20: mov ax, 0x4202 0x12c23: xor cx, cx 0x12c25: xor dx, dx 0x12c27: int 0x21 |
| 2018-12-25T12:22:16.496714191Z | 63 | PC: 12c19 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:22:16.50449772Z | 66 | PC: 12c29 | Move file pointer |
| 2018-12-25T12:22:16.506519618Z | 64 | PC: 12c47 | Write file or device (Write 623 bytes on handle 5) |
| 2018-12-25T12:22:16.517181006Z | 66 | PC: 12c58 | Move file pointer |
| 2018-12-25T12:22:16.519244433Z | 64 | PC: 12c65 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:22:16.526896762Z | 87 | PC: 12c76 | Get or set file date and time |
| 2018-12-25T12:22:16.529351799Z | 62 | PC: 12c7a | Close file |
| 2018-12-25T12:22:16.539383003Z | 67 | PC: 12c87 | Get or set file attributes |
| 2018-12-25T12:22:16.551123088Z | 26 | PC: 12c91 | Set disk transfer address |
| 2018-12-25T12:22:16.552785398Z | 37 | PC: 12c9e | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":8954,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:22:16.555080054Z | 48 | PC: 12af0 | Get DOS version |
| 2018-12-25T12:22:16.557520632Z | 47 | PC: 12afc | Get disk transfer address |
| 2018-12-25T12:22:16.558914488Z | 53 | PC: 12b06 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:22:16.560413831Z | 37 | PC: 12b1a | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:22:16.564408794Z | 26 | PC: 12b23 | Set disk transfer address |
| 2018-12-25T12:22:16.567705747Z | 78 | PC: 12b9b | Find first file |
| 2018-12-25T12:22:16.580528564Z | 67 | PC: 12bd3 | Get or set file attributes |
| 2018-12-25T12:22:16.593047439Z | 67 | PC: 12bde | Get or set file attributes |
| 2018-12-25T12:22:16.617888624Z | 61 | PC: 12be3 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:22:16.625787842Z | 87 | PC: 12bef | Get or set file date and time |
| 2018-12-25T12:22:16.627826015Z | 44 | PC: 12bf9 | Get time 0x12bf9: and dh, 7 0x12bfc: jne 0x12c0d 0x12bfe: mov ah, 0x40 0x12c00: mov cx, 5 0x12c03: mov dx, si 0x12c05: add dx, 0x8a 0x12c09: int 0x21 0x12c0b: jmp 0x12c65 0x12c0d: mov ah, 0x3f 0x12c0f: mov cx, 3 0x12c12: mov dx, 0xa 0x12c15: add dx, si 0x12c17: int 0x21 0x12c19: jb 0x12c65 0x12c1b: cmp ax, 3 0x12c1e: jne 0x12c65 0x12c20: mov ax, 0x4202 0x12c23: xor cx, cx 0x12c25: xor dx, dx 0x12c27: int 0x21 |
| 2018-12-25T12:22:16.633367068Z | 63 | PC: 12c19 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:22:16.64338975Z | 66 | PC: 12c29 | Move file pointer |
| 2018-12-25T12:22:16.64507474Z | 64 | PC: 12c47 | Write file or device (Write 623 bytes on handle 5) |
| 2018-12-25T12:22:16.655291103Z | 66 | PC: 12c58 | Move file pointer |
| 2018-12-25T12:22:16.658701252Z | 64 | PC: 12c65 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:22:16.666299165Z | 87 | PC: 12c76 | Get or set file date and time |
| 2018-12-25T12:22:16.669924099Z | 62 | PC: 12c7a | Close file |
| 2018-12-25T12:22:16.679205084Z | 67 | PC: 12c87 | Get or set file attributes |
| 2018-12-25T12:22:16.690537113Z | 26 | PC: 12c91 | Set disk transfer address |
| 2018-12-25T12:22:16.692586477Z | 37 | PC: 12c9e | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |