{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9665,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:23:27.560763294Z | 26 | PC: 12a5b | Set disk transfer address |
| 2018-12-25T12:23:27.562594186Z | 78 | PC: 12a65 | Find first file |
| 2018-12-25T12:23:27.568632531Z | 67 | PC: 12a70 | Get or set file attributes |
| 2018-12-25T12:23:27.57470381Z | 67 | PC: 12a78 | Get or set file attributes |
| 2018-12-25T12:23:27.593495838Z | 61 | PC: 12a81 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:23:27.600374491Z | 66 | PC: 12a8d | Move file pointer |
| 2018-12-25T12:23:27.602520641Z | 66 | PC: 12a9a | Move file pointer |
| 2018-12-25T12:23:27.604394729Z | 63 | PC: 12aa5 | Read file or device (Read 1 bytes on handle 5) |
| 2018-12-25T12:23:27.618870762Z | 66 | PC: 12ad0 | Move file pointer |
| 2018-12-25T12:23:27.620215006Z | 63 | PC: 12adc | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:23:27.622558437Z | 66 | PC: 12ae7 | Move file pointer |
| 2018-12-25T12:23:27.625166351Z | 64 | PC: 12af7 | Write file or device (Write 457 bytes on handle 5) |
| 2018-12-25T12:23:27.633631156Z | 66 | PC: 12b02 | Move file pointer |
| 2018-12-25T12:23:27.635063633Z | 64 | PC: 12b0d | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:23:27.642214218Z | 62 | PC: 12b11 | Close file |
| 2018-12-25T12:23:27.650117435Z | 42 | PC: 12b27 | Get date 0x12b27: cmp dh, 5 0x12b2a: jne 0x12b34 0x12b2c: cmp dl, 0xc 0x12b2f: jne 0x12b34 0x12b31: jmp 0x12b3e 0x12b33: nop 0x12b34: cmp dh, 2 0x12b37: jne 0x12b4e 0x12b39: cmp dl, 0x19 0x12b3c: jne 0x12b4e 0x12b3e: mov al, 2 0x12b40: mov cx, 0xc8 0x12b43: mov dx, 0 0x12b46: int 0x26 0x12b48: inc al 0x12b4a: cmp al, 4 0x12b4c: jne 0x12b40 0x12b4e: pop cx 0x12b4f: lea dx, word ptr [si + 0x2e6] 0x12b53: mov ax, 0x4301 |
| 2018-12-25T12:23:27.654658086Z | 67 | PC: 12b58 | Get or set file attributes |
{"DateBased":true,"Day":1,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9665,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:23:27.699318117Z | 26 | PC: 12a5b | Set disk transfer address |
| 2018-12-25T12:23:27.701378248Z | 78 | PC: 12a65 | Find first file |
| 2018-12-25T12:23:27.707158982Z | 67 | PC: 12a70 | Get or set file attributes |
| 2018-12-25T12:23:27.712703669Z | 67 | PC: 12a78 | Get or set file attributes |
| 2018-12-25T12:23:27.734478344Z | 61 | PC: 12a81 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:23:27.746168626Z | 66 | PC: 12a8d | Move file pointer |
| 2018-12-25T12:23:27.747433506Z | 66 | PC: 12a9a | Move file pointer |
| 2018-12-25T12:23:27.748791172Z | 63 | PC: 12aa5 | Read file or device (Read 1 bytes on handle 5) |
| 2018-12-25T12:23:27.755232945Z | 66 | PC: 12ad0 | Move file pointer |
| 2018-12-25T12:23:27.75639907Z | 63 | PC: 12adc | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:23:27.758607466Z | 66 | PC: 12ae7 | Move file pointer |
| 2018-12-25T12:23:27.760038191Z | 64 | PC: 12af7 | Write file or device (Write 457 bytes on handle 5) |
| 2018-12-25T12:23:27.767652252Z | 66 | PC: 12b02 | Move file pointer |
| 2018-12-25T12:23:27.768794261Z | 64 | PC: 12b0d | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:23:27.775526843Z | 62 | PC: 12b11 | Close file |
| 2018-12-25T12:23:27.78361663Z | 42 | PC: 12b27 | Get date 0x12b27: cmp dh, 5 0x12b2a: jne 0x12b34 0x12b2c: cmp dl, 0xc 0x12b2f: jne 0x12b34 0x12b31: jmp 0x12b3e 0x12b33: nop 0x12b34: cmp dh, 2 0x12b37: jne 0x12b4e 0x12b39: cmp dl, 0x19 0x12b3c: jne 0x12b4e 0x12b3e: mov al, 2 0x12b40: mov cx, 0xc8 0x12b43: mov dx, 0 0x12b46: int 0x26 0x12b48: inc al 0x12b4a: cmp al, 4 0x12b4c: jne 0x12b40 0x12b4e: pop cx 0x12b4f: lea dx, word ptr [si + 0x2e6] 0x12b53: mov ax, 0x4301 |
| 2018-12-25T12:23:27.785567318Z | 67 | PC: 12b58 | Get or set file attributes |
{"DateBased":true,"Day":25,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9665,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:23:28.299271599Z | 26 | PC: 12a5b | Set disk transfer address |
| 2018-12-25T12:23:28.300669509Z | 78 | PC: 12a65 | Find first file |
| 2018-12-25T12:23:28.306425071Z | 67 | PC: 12a70 | Get or set file attributes |
| 2018-12-25T12:23:28.311777431Z | 67 | PC: 12a78 | Get or set file attributes |
| 2018-12-25T12:23:28.328530452Z | 61 | PC: 12a81 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:23:28.334937069Z | 66 | PC: 12a8d | Move file pointer |
| 2018-12-25T12:23:28.336179084Z | 66 | PC: 12a9a | Move file pointer |
| 2018-12-25T12:23:28.337816323Z | 63 | PC: 12aa5 | Read file or device (Read 1 bytes on handle 5) |
| 2018-12-25T12:23:28.344314251Z | 66 | PC: 12ad0 | Move file pointer |
| 2018-12-25T12:23:28.345504986Z | 63 | PC: 12adc | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:23:28.348212968Z | 66 | PC: 12ae7 | Move file pointer |
| 2018-12-25T12:23:28.349482605Z | 64 | PC: 12af7 | Write file or device (Write 457 bytes on handle 5) |
| 2018-12-25T12:23:28.35793949Z | 66 | PC: 12b02 | Move file pointer |
| 2018-12-25T12:23:28.360590288Z | 64 | PC: 12b0d | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:23:28.367405356Z | 62 | PC: 12b11 | Close file |
| 2018-12-25T12:23:28.375139192Z | 42 | PC: 12b27 | Get date 0x12b27: cmp dh, 5 0x12b2a: jne 0x12b34 0x12b2c: cmp dl, 0xc 0x12b2f: jne 0x12b34 0x12b31: jmp 0x12b3e 0x12b33: nop 0x12b34: cmp dh, 2 0x12b37: jne 0x12b4e 0x12b39: cmp dl, 0x19 0x12b3c: jne 0x12b4e 0x12b3e: mov al, 2 0x12b40: mov cx, 0xc8 0x12b43: mov dx, 0 0x12b46: int 0x26 0x12b48: inc al 0x12b4a: cmp al, 4 0x12b4c: jne 0x12b40 0x12b4e: pop cx 0x12b4f: lea dx, word ptr [si + 0x2e6] 0x12b53: mov ax, 0x4301 |
| 2018-12-25T12:23:35.446777416Z | 156 | PC: 12af7 | UNKNOWN! (See above) |
| 2018-12-25T12:23:35.447591933Z | 66 | PC: 12b02 | Move file pointer (See above) |
| 2018-12-25T12:23:35.44905642Z | 64 | PC: 12b0d | Write file or device (See above) |
| 2018-12-25T12:23:35.451277947Z | 62 | PC: 12b11 | Close file (See above) |
{"DateBased":true,"Day":1,"Month":5,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9665,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:23:28.929532942Z | 26 | PC: 12a5b | Set disk transfer address |
| 2018-12-25T12:23:28.930882046Z | 78 | PC: 12a65 | Find first file |
| 2018-12-25T12:23:28.936807888Z | 67 | PC: 12a70 | Get or set file attributes |
| 2018-12-25T12:23:28.942105922Z | 67 | PC: 12a78 | Get or set file attributes |
| 2018-12-25T12:23:28.957463224Z | 61 | PC: 12a81 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:23:28.963911584Z | 66 | PC: 12a8d | Move file pointer |
| 2018-12-25T12:23:28.965160437Z | 66 | PC: 12a9a | Move file pointer |
| 2018-12-25T12:23:28.966392664Z | 63 | PC: 12aa5 | Read file or device (Read 1 bytes on handle 5) |
| 2018-12-25T12:23:28.976775761Z | 66 | PC: 12ad0 | Move file pointer |
| 2018-12-25T12:23:28.978062713Z | 63 | PC: 12adc | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:23:28.980475954Z | 66 | PC: 12ae7 | Move file pointer |
| 2018-12-25T12:23:28.982671477Z | 64 | PC: 12af7 | Write file or device (Write 457 bytes on handle 5) |
| 2018-12-25T12:23:28.991127186Z | 66 | PC: 12b02 | Move file pointer |
| 2018-12-25T12:23:28.992391168Z | 64 | PC: 12b0d | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:23:28.99942471Z | 62 | PC: 12b11 | Close file |
| 2018-12-25T12:23:29.008368781Z | 42 | PC: 12b27 | Get date 0x12b27: cmp dh, 5 0x12b2a: jne 0x12b34 0x12b2c: cmp dl, 0xc 0x12b2f: jne 0x12b34 0x12b31: jmp 0x12b3e 0x12b33: nop 0x12b34: cmp dh, 2 0x12b37: jne 0x12b4e 0x12b39: cmp dl, 0x19 0x12b3c: jne 0x12b4e 0x12b3e: mov al, 2 0x12b40: mov cx, 0xc8 0x12b43: mov dx, 0 0x12b46: int 0x26 0x12b48: inc al 0x12b4a: cmp al, 4 0x12b4c: jne 0x12b40 0x12b4e: pop cx 0x12b4f: lea dx, word ptr [si + 0x2e6] 0x12b53: mov ax, 0x4301 |
| 2018-12-25T12:23:29.010301139Z | 67 | PC: 12b58 | Get or set file attributes |
{"DateBased":true,"Day":12,"Month":5,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9665,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:23:29.027753377Z | 26 | PC: 12a5b | Set disk transfer address |
| 2018-12-25T12:23:29.030473143Z | 78 | PC: 12a65 | Find first file |
| 2018-12-25T12:23:29.036484799Z | 67 | PC: 12a70 | Get or set file attributes |
| 2018-12-25T12:23:29.042204154Z | 67 | PC: 12a78 | Get or set file attributes |
| 2018-12-25T12:23:29.0639431Z | 61 | PC: 12a81 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:23:29.077233584Z | 66 | PC: 12a8d | Move file pointer |
| 2018-12-25T12:23:29.078673694Z | 66 | PC: 12a9a | Move file pointer |
| 2018-12-25T12:23:29.080039293Z | 63 | PC: 12aa5 | Read file or device (Read 1 bytes on handle 5) |
| 2018-12-25T12:23:29.086621209Z | 66 | PC: 12ad0 | Move file pointer |
| 2018-12-25T12:23:29.088166884Z | 63 | PC: 12adc | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:23:29.090687436Z | 66 | PC: 12ae7 | Move file pointer |
| 2018-12-25T12:23:29.092798212Z | 64 | PC: 12af7 | Write file or device (Write 457 bytes on handle 5) |
| 2018-12-25T12:23:29.097922138Z | 66 | PC: 12b02 | Move file pointer |
| 2018-12-25T12:23:29.099179714Z | 64 | PC: 12b0d | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:23:29.105859976Z | 62 | PC: 12b11 | Close file |
| 2018-12-25T12:23:29.114241873Z | 42 | PC: 12b27 | Get date 0x12b27: cmp dh, 5 0x12b2a: jne 0x12b34 0x12b2c: cmp dl, 0xc 0x12b2f: jne 0x12b34 0x12b31: jmp 0x12b3e 0x12b33: nop 0x12b34: cmp dh, 2 0x12b37: jne 0x12b4e 0x12b39: cmp dl, 0x19 0x12b3c: jne 0x12b4e 0x12b3e: mov al, 2 0x12b40: mov cx, 0xc8 0x12b43: mov dx, 0 0x12b46: int 0x26 0x12b48: inc al 0x12b4a: cmp al, 4 0x12b4c: jne 0x12b40 0x12b4e: pop cx 0x12b4f: lea dx, word ptr [si + 0x2e6] 0x12b53: mov ax, 0x4301 |