{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":9404,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:23:06.953052121Z | 48 | PC: 12ab9 | Get DOS version |
| 2018-12-25T12:23:06.95514178Z | 47 | PC: 12ac5 | Get disk transfer address |
| 2018-12-25T12:23:06.956262362Z | 26 | PC: 12ad8 | Set disk transfer address |
| 2018-12-25T12:23:06.957440468Z | 78 | PC: 12b64 | Find first file |
| 2018-12-25T12:23:06.964138247Z | 67 | PC: 12ba2 | Get or set file attributes |
| 2018-12-25T12:23:06.970243568Z | 67 | PC: 12bb5 | Get or set file attributes |
| 2018-12-25T12:23:06.987598217Z | 61 | PC: 12bc0 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:23:06.995122565Z | 87 | PC: 12bcc | Get or set file date and time |
| 2018-12-25T12:23:06.996452746Z | 44 | PC: 12bd8 | Get time 0x12bd8: and dh, 7 0x12bdb: jne 0x12bed 0x12bdd: mov ah, 0x40 0x12bdf: mov cx, 5 0x12be2: mov dx, si 0x12be4: add dx, 0x8a 0x12be8: int 0x21 0x12bea: jmp 0x12c51 0x12bed: mov ah, 0x3f 0x12bef: mov cx, 3 0x12bf2: mov dx, 0xa 0x12bf5: nop 0x12bf6: add dx, si 0x12bf8: int 0x21 0x12bfa: jb 0x12c51 0x12bfc: cmp ax, 3 0x12bff: jne 0x12c51 0x12c01: mov ax, 0x4202 0x12c04: mov cx, 0 0x12c07: mov dx, 0 |
| 2018-12-25T12:23:06.998488472Z | 63 | PC: 12bfa | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:23:07.005053198Z | 66 | PC: 12c0c | Move file pointer |
| 2018-12-25T12:23:07.007234343Z | 64 | PC: 12c30 | Write file or device (Write 648 bytes on handle 5) |
| 2018-12-25T12:23:07.016026001Z | 66 | PC: 12c42 | Move file pointer |
| 2018-12-25T12:23:07.017652598Z | 64 | PC: 12c51 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:23:07.024869972Z | 87 | PC: 12c66 | Get or set file date and time |
| 2018-12-25T12:23:07.02638982Z | 62 | PC: 12c6a | Close file |
| 2018-12-25T12:23:07.046321346Z | 67 | PC: 12c79 | Get or set file attributes |
| 2018-12-25T12:23:07.053090808Z | 26 | PC: 12c86 | Set disk transfer address |
| 2018-12-25T12:23:07.054369831Z | 74 | PC: 12a4c | Reallocate memory |
| 2018-12-25T12:23:07.055831563Z | 74 | PC: 12a53 | Reallocate memory |
| 2018-12-25T12:23:07.057462251Z | 9 | PC: 12a7d | Display string (String= 'RAM bytes available: 578240 ') |
| 2018-12-25T12:23:07.060232461Z | 76 | PC: 12a82 | Terminate with return code (Return code = '0') |
{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":7,"TimeBased":true,"OriginalID":9404,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:23:07.445925414Z | 48 | PC: 12ab9 | Get DOS version |
| 2018-12-25T12:23:07.447479187Z | 47 | PC: 12ac5 | Get disk transfer address |
| 2018-12-25T12:23:07.461597673Z | 26 | PC: 12ad8 | Set disk transfer address |
| 2018-12-25T12:23:07.462922609Z | 78 | PC: 12b64 | Find first file |
| 2018-12-25T12:23:07.469298789Z | 67 | PC: 12ba2 | Get or set file attributes |
| 2018-12-25T12:23:07.475065959Z | 67 | PC: 12bb5 | Get or set file attributes |
| 2018-12-25T12:23:07.49317306Z | 61 | PC: 12bc0 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:23:07.50607169Z | 87 | PC: 12bcc | Get or set file date and time |
| 2018-12-25T12:23:07.507935485Z | 44 | PC: 12bd8 | Get time 0x12bd8: and dh, 7 0x12bdb: jne 0x12bed 0x12bdd: mov ah, 0x40 0x12bdf: mov cx, 5 0x12be2: mov dx, si 0x12be4: add dx, 0x8a 0x12be8: int 0x21 0x12bea: jmp 0x12c51 0x12bed: mov ah, 0x3f 0x12bef: mov cx, 3 0x12bf2: mov dx, 0xa 0x12bf5: nop 0x12bf6: add dx, si 0x12bf8: int 0x21 0x12bfa: jb 0x12c51 0x12bfc: cmp ax, 3 0x12bff: jne 0x12c51 0x12c01: mov ax, 0x4202 0x12c04: mov cx, 0 0x12c07: mov dx, 0 |
| 2018-12-25T12:23:07.510040703Z | 63 | PC: 12bfa | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:23:07.516467309Z | 66 | PC: 12c0c | Move file pointer |
| 2018-12-25T12:23:07.518245022Z | 64 | PC: 12c30 | Write file or device (Write 648 bytes on handle 5) |
| 2018-12-25T12:23:07.526536777Z | 66 | PC: 12c42 | Move file pointer |
| 2018-12-25T12:23:07.527823956Z | 64 | PC: 12c51 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:23:07.535430504Z | 87 | PC: 12c66 | Get or set file date and time |
| 2018-12-25T12:23:07.536881913Z | 62 | PC: 12c6a | Close file |
| 2018-12-25T12:23:07.544458171Z | 67 | PC: 12c79 | Get or set file attributes |
| 2018-12-25T12:23:07.55512741Z | 26 | PC: 12c86 | Set disk transfer address |
| 2018-12-25T12:23:07.556273263Z | 74 | PC: 12a4c | Reallocate memory |
| 2018-12-25T12:23:07.557536978Z | 74 | PC: 12a53 | Reallocate memory |
| 2018-12-25T12:23:07.559640814Z | 9 | PC: 12a7d | Display string (String= 'RAM bytes available: 578240 ') |
| 2018-12-25T12:23:07.563135722Z | 76 | PC: 12a82 | Terminate with return code (Return code = '0') |