{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10570,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:28:26.580931626Z | 53 | PC: 12efc | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:28:26.583544381Z | 37 | PC: 12f06 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:28:26.585775709Z | 78 | PC: 12f10 | Find first file |
| 2018-12-25T12:28:26.593630529Z | 67 | PC: 12f8c | Get or set file attributes |
| 2018-12-25T12:28:26.600445356Z | 67 | PC: 12f97 | Get or set file attributes |
| 2018-12-25T12:28:26.61871979Z | 61 | PC: 12fb5 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:28:26.62611165Z | 66 | PC: 13036 | Move file pointer |
| 2018-12-25T12:28:26.628075407Z | 63 | PC: 12fc6 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:28:26.639236074Z | 87 | PC: 12fcb | Get or set file date and time |
| 2018-12-25T12:28:26.640740432Z | 66 | PC: 13036 | Move file pointer (See above) |
| 2018-12-25T12:28:26.642108327Z | 64 | PC: 12ff0 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:28:26.645448311Z | 66 | PC: 13036 | Move file pointer (See above) |
| 2018-12-25T12:28:26.646988837Z | 44 | PC: 13076 | Get time 0x13076: and dl, 7 0x13079: xor byte ptr [bp + 0x103], dl 0x1307d: xor byte ptr [bp + 0x105], dl 0x13081: shl dl, 3 0x13084: xor byte ptr [bp + 0x109], dl 0x13088: mov ah, 0x2c 0x1308a: int 0x21 0x1308c: and dl, 1 0x1308f: xor byte ptr [bp + 0x11c], dl 0x13093: xor byte ptr [bp + 0x120], dl 0x13097: xor byte ptr [bp + 0x121], dl 0x1309b: shl dl, 3 0x1309e: xor byte ptr [bp + 0x10b], dl 0x130a2: xor byte ptr [bp + 0x316], dl 0x130a6: mov ah, 0x2c 0x130a8: int 0x21 0x130aa: mov byte ptr [bp + 0x125], dl 0x130ae: lea si, word ptr [bp + 0x100] 0x130b2: lea di, word ptr [bp + 0x38e] 0x130b6: mov cx, 0x28e |
| 2018-12-25T12:28:26.649511514Z | 44 | PC: 1308c | Get time 0x1308c: and dl, 1 0x1308f: xor byte ptr [bp + 0x11c], dl 0x13093: xor byte ptr [bp + 0x120], dl 0x13097: xor byte ptr [bp + 0x121], dl 0x1309b: shl dl, 3 0x1309e: xor byte ptr [bp + 0x10b], dl 0x130a2: xor byte ptr [bp + 0x316], dl 0x130a6: mov ah, 0x2c 0x130a8: int 0x21 0x130aa: mov byte ptr [bp + 0x125], dl 0x130ae: lea si, word ptr [bp + 0x100] 0x130b2: lea di, word ptr [bp + 0x38e] 0x130b6: mov cx, 0x28e 0x130b9: rep movsb byte ptr es:[di], byte ptr [si] 0x130bb: lea si, word ptr [bp + 0x3b4] 0x130bf: call 0x22eba 0x130c2: ret 0x130c3: jmp 0x1192c 0x130c6: cmp cl, ch 0x130c8: xchg ax, sp |
| 2018-12-25T12:28:26.652778596Z | 44 | PC: 130aa | Get time 0x130aa: mov byte ptr [bp + 0x125], dl 0x130ae: lea si, word ptr [bp + 0x100] 0x130b2: lea di, word ptr [bp + 0x38e] 0x130b6: mov cx, 0x28e 0x130b9: rep movsb byte ptr es:[di], byte ptr [si] 0x130bb: lea di, word ptr [bp + 0x3b4] 0x130bf: call 0x22eba 0x130c2: ret 0x130c3: jmp 0x1192c 0x130c6: cmp cl, ch 0x130c8: xchg ax, sp 0x130c9: add word ptr [bp + si], bp 0x130cb: inc bx 0x130cd: dec di 0x130ce: dec bp 0x130cf: add byte ptr [bp + si + 0x45], dl 0x130d2: inc sp 0x130d3: push dx 0x130d4: push bp 0x130d5: dec bp |
| 2018-12-25T12:28:26.655680749Z | 64 | PC: 13007 | Write file or device (Write 654 bytes on handle 5) |
| 2018-12-25T12:28:26.664721013Z | 87 | PC: 13021 | Get or set file date and time |
| 2018-12-25T12:28:26.666752165Z | 87 | PC: 1302c | Get or set file date and time |
| 2018-12-25T12:28:26.668623617Z | 62 | PC: 1300e | Close file |
| 2018-12-25T12:28:26.677223281Z | 67 | PC: 1301a | Get or set file attributes |
| 2018-12-25T12:28:26.691829455Z | 79 | PC: 12f19 | Find next file |
| 2018-12-25T12:28:26.694887501Z | 67 | PC: 12f8c | Get or set file attributes (See above) |
| 2018-12-25T12:28:26.701257285Z | 67 | PC: 12f97 | Get or set file attributes (See above) |
| 2018-12-25T12:28:26.712628407Z | 67 | PC: 1301a | Get or set file attributes (See above) |
| 2018-12-25T12:28:26.724176824Z | 79 | PC: 12f19 | Find next file (See above) |
| 2018-12-25T12:28:26.72703597Z | 67 | PC: 12f8c | Get or set file attributes (See above) |
| 2018-12-25T12:28:26.733083783Z | 67 | PC: 12f97 | Get or set file attributes (See above) |
| 2018-12-25T12:28:26.744586919Z | 67 | PC: 1301a | Get or set file attributes (See above) |
| 2018-12-25T12:28:26.757574091Z | 79 | PC: 12f19 | Find next file (See above) |
| 2018-12-25T12:28:26.76099195Z | 67 | PC: 12f8c | Get or set file attributes (See above) |
| 2018-12-25T12:28:26.775499513Z | 67 | PC: 12f97 | Get or set file attributes (See above) |
| 2018-12-25T12:28:26.788040527Z | 67 | PC: 1301a | Get or set file attributes (See above) |
| 2018-12-25T12:28:26.799626682Z | 79 | PC: 12f19 | Find next file (See above) |
| 2018-12-25T12:28:26.804100918Z | 67 | PC: 12f8c | Get or set file attributes (See above) |
| 2018-12-25T12:28:26.811914272Z | 67 | PC: 12f97 | Get or set file attributes (See above) |
| 2018-12-25T12:28:26.823267265Z | 67 | PC: 1301a | Get or set file attributes (See above) |
| 2018-12-25T12:28:26.838670512Z | 79 | PC: 12f19 | Find next file (See above) |
| 2018-12-25T12:28:26.84247974Z | 67 | PC: 12f8c | Get or set file attributes (See above) |
| 2018-12-25T12:28:26.849166156Z | 67 | PC: 12f97 | Get or set file attributes (See above) |
| 2018-12-25T12:28:26.856514428Z | 61 | PC: 12fb5 | Open file (See above) |
| 2018-12-25T12:28:26.86183104Z | 66 | PC: 13036 | Move file pointer (See above) |
| 2018-12-25T12:28:26.863017606Z | 63 | PC: 12fc6 | Read file or device (See above) |
| 2018-12-25T12:28:26.869196157Z | 87 | PC: 12fcb | Get or set file date and time (See above) |
| 2018-12-25T12:28:26.871223871Z | 66 | PC: 13036 | Move file pointer (See above) |
| 2018-12-25T12:28:26.872847271Z | 64 | PC: 12ff0 | Write file or device (See above) |
| 2018-12-25T12:28:26.876267557Z | 66 | PC: 13036 | Move file pointer (See above) |
| 2018-12-25T12:28:26.878432145Z | 44 | PC: 13076 | Get time (See above) |
| 2018-12-25T12:28:26.880779955Z | 44 | PC: 1308c | Get time (See above) |
| 2018-12-25T12:28:26.883039946Z | 44 | PC: 130aa | Get time (See above) |
| 2018-12-25T12:28:26.886852791Z | 64 | PC: 13007 | Write file or device (See above) |
| 2018-12-25T12:28:26.897233822Z | 87 | PC: 13021 | Get or set file date and time (See above) |
| 2018-12-25T12:28:26.899350642Z | 87 | PC: 1302c | Get or set file date and time (See above) |
| 2018-12-25T12:28:26.902054605Z | 62 | PC: 1300e | Close file (See above) |
| 2018-12-25T12:28:26.911792576Z | 67 | PC: 1301a | Get or set file attributes (See above) |
| 2018-12-25T12:28:26.923063685Z | 79 | PC: 12f19 | Find next file (See above) |
| 2018-12-25T12:28:26.927343197Z | 67 | PC: 12f8c | Get or set file attributes (See above) |
| 2018-12-25T12:28:26.934364843Z | 67 | PC: 12f97 | Get or set file attributes (See above) |
| 2018-12-25T12:28:26.945636538Z | 67 | PC: 1301a | Get or set file attributes (See above) |
| 2018-12-25T12:28:26.95802501Z | 79 | PC: 12f19 | Find next file (See above) |
| 2018-12-25T12:28:26.961544791Z | 42 | PC: 12f25 | Get date 0x12f25: cmp dh, 4 0x12f28: jne 0x12f32 0x12f2a: cmp dl, 1 0x12f2d: jne 0x12f32 0x12f2f: call 0x13109 0x12f32: cmp al, 5 0x12f34: jne 0x12f3e 0x12f36: cmp dl, 0xd 0x12f39: jne 0x12f3e 0x12f3b: call 0x13126 0x12f3e: mov ah, 0x2c 0x12f40: int 0x21 0x12f42: cmp ch, 1 0x12f45: jne 0x12f4f 0x12f47: cmp cl, 0x1e 0x12f4a: ja 0x12f4f 0x12f4c: call 0x13116 0x12f4f: mov ah, 0x41 0x12f51: lea dx, word ptr [bp + 0x296] 0x12f55: int 0x21 |
| 2018-12-25T12:28:26.964132488Z | 44 | PC: 12f42 | Get time 0x12f42: cmp ch, 1 0x12f45: jne 0x12f4f 0x12f47: cmp cl, 0x1e 0x12f4a: ja 0x12f4f 0x12f4c: call 0x13116 0x12f4f: mov ah, 0x41 0x12f51: lea dx, word ptr [bp + 0x296] 0x12f55: int 0x21 0x12f57: mov ah, 0x41 0x12f59: lea dx, word ptr [bp + 0x2a1] 0x12f5d: int 0x21 0x12f5f: push ds 0x12f60: mov ax, 0x2524 0x12f63: mov ds, word ptr [bp + 0x360] 0x12f67: mov dx, word ptr [bp + 0x35e] 0x12f6b: int 0x21 0x12f6d: pop ds 0x12f6e: mov di, 0x80 0x12f71: lea si, word ptr [bp + 0x61c] 0x12f75: mov cx, 0x80 |
| 2018-12-25T12:28:26.966692858Z | 65 | PC: 12f57 | Delete file (Filename = 'CHKLIST.MS') |
| 2018-12-25T12:28:26.97416903Z | 65 | PC: 12f5f | Delete file (Filename = 'CHKLIST.CPS') |
| 2018-12-25T12:28:26.981448933Z | 37 | PC: 12f6d | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10570,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:28:26.622284453Z | 53 | PC: 12efc | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:28:26.624065054Z | 37 | PC: 12f06 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:28:26.625285707Z | 78 | PC: 12f10 | Find first file |
| 2018-12-25T12:28:26.631140494Z | 67 | PC: 12f8c | Get or set file attributes |
| 2018-12-25T12:28:26.636906577Z | 67 | PC: 12f97 | Get or set file attributes |
| 2018-12-25T12:28:26.652586943Z | 61 | PC: 12fb5 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:28:26.659159299Z | 66 | PC: 13036 | Move file pointer |
| 2018-12-25T12:28:26.660422715Z | 63 | PC: 12fc6 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:28:26.667332558Z | 87 | PC: 12fcb | Get or set file date and time |
| 2018-12-25T12:28:26.668635445Z | 66 | PC: 13036 | Move file pointer (See above) |
| 2018-12-25T12:28:26.67003476Z | 64 | PC: 12ff0 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:28:26.673133246Z | 66 | PC: 13036 | Move file pointer (See above) |
| 2018-12-25T12:28:26.674399007Z | 44 | PC: 13076 | Get time 0x13076: and dl, 7 0x13079: xor byte ptr [bp + 0x103], dl 0x1307d: xor byte ptr [bp + 0x105], dl 0x13081: shl dl, 3 0x13084: xor byte ptr [bp + 0x109], dl 0x13088: mov ah, 0x2c 0x1308a: int 0x21 0x1308c: and dl, 1 0x1308f: xor byte ptr [bp + 0x11c], dl 0x13093: xor byte ptr [bp + 0x120], dl 0x13097: xor byte ptr [bp + 0x121], dl 0x1309b: shl dl, 3 0x1309e: xor byte ptr [bp + 0x10b], dl 0x130a2: xor byte ptr [bp + 0x316], dl 0x130a6: mov ah, 0x2c 0x130a8: int 0x21 0x130aa: mov byte ptr [bp + 0x125], dl 0x130ae: lea si, word ptr [bp + 0x100] 0x130b2: lea di, word ptr [bp + 0x38e] 0x130b6: mov cx, 0x28e |
| 2018-12-25T12:28:26.676433713Z | 44 | PC: 1308c | Get time 0x1308c: and dl, 1 0x1308f: xor byte ptr [bp + 0x11c], dl 0x13093: xor byte ptr [bp + 0x120], dl 0x13097: xor byte ptr [bp + 0x121], dl 0x1309b: shl dl, 3 0x1309e: xor byte ptr [bp + 0x10b], dl 0x130a2: xor byte ptr [bp + 0x316], dl 0x130a6: mov ah, 0x2c 0x130a8: int 0x21 0x130aa: mov byte ptr [bp + 0x125], dl 0x130ae: lea si, word ptr [bp + 0x100] 0x130b2: lea di, word ptr [bp + 0x38e] 0x130b6: mov cx, 0x28e 0x130b9: rep movsb byte ptr es:[di], byte ptr [si] 0x130bb: lea si, word ptr [bp + 0x3b4] 0x130bf: call 0x22eba 0x130c2: ret 0x130c3: jmp 0x1192c 0x130c6: cmp cl, ch 0x130c8: xchg ax, sp |
| 2018-12-25T12:28:26.679735341Z | 44 | PC: 130aa | Get time 0x130aa: mov byte ptr [bp + 0x125], dl 0x130ae: lea si, word ptr [bp + 0x100] 0x130b2: lea di, word ptr [bp + 0x38e] 0x130b6: mov cx, 0x28e 0x130b9: rep movsb byte ptr es:[di], byte ptr [si] 0x130bb: lea di, word ptr [bp + 0x3b4] 0x130bf: call 0x22eba 0x130c2: ret 0x130c3: jmp 0x1192c 0x130c6: cmp cl, ch 0x130c8: xchg ax, sp 0x130c9: add word ptr [bp + si], bp 0x130cb: inc bx 0x130cd: dec di 0x130ce: dec bp 0x130cf: add byte ptr [bp + si + 0x45], dl 0x130d2: inc sp 0x130d3: push dx 0x130d4: push bp 0x130d5: dec bp |
| 2018-12-25T12:28:26.682214286Z | 64 | PC: 13007 | Write file or device (Write 654 bytes on handle 5) |
| 2018-12-25T12:28:26.690651177Z | 87 | PC: 13021 | Get or set file date and time |
| 2018-12-25T12:28:26.692724428Z | 87 | PC: 1302c | Get or set file date and time |
| 2018-12-25T12:28:26.694154569Z | 62 | PC: 1300e | Close file |
| 2018-12-25T12:28:26.701674736Z | 67 | PC: 1301a | Get or set file attributes |
| 2018-12-25T12:28:26.7119221Z | 79 | PC: 12f19 | Find next file |
| 2018-12-25T12:28:26.715257578Z | 67 | PC: 12f8c | Get or set file attributes (See above) |
| 2018-12-25T12:28:26.72061104Z | 67 | PC: 12f97 | Get or set file attributes (See above) |
| 2018-12-25T12:28:26.739077113Z | 67 | PC: 1301a | Get or set file attributes (See above) |
| 2018-12-25T12:28:26.75244822Z | 79 | PC: 12f19 | Find next file (See above) |
| 2018-12-25T12:28:26.755467585Z | 67 | PC: 12f8c | Get or set file attributes (See above) |
| 2018-12-25T12:28:26.761900292Z | 67 | PC: 12f97 | Get or set file attributes (See above) |
| 2018-12-25T12:28:26.771867612Z | 67 | PC: 1301a | Get or set file attributes (See above) |
| 2018-12-25T12:28:26.782457473Z | 79 | PC: 12f19 | Find next file (See above) |
| 2018-12-25T12:28:26.793711336Z | 67 | PC: 12f8c | Get or set file attributes (See above) |
| 2018-12-25T12:28:26.800635802Z | 67 | PC: 12f97 | Get or set file attributes (See above) |
| 2018-12-25T12:28:26.81131758Z | 67 | PC: 1301a | Get or set file attributes (See above) |
| 2018-12-25T12:28:26.821435607Z | 79 | PC: 12f19 | Find next file (See above) |
| 2018-12-25T12:28:26.824490037Z | 67 | PC: 12f8c | Get or set file attributes (See above) |
| 2018-12-25T12:28:26.8289862Z | 67 | PC: 12f97 | Get or set file attributes (See above) |
| 2018-12-25T12:28:26.839530701Z | 67 | PC: 1301a | Get or set file attributes (See above) |
| 2018-12-25T12:28:26.846316881Z | 79 | PC: 12f19 | Find next file (See above) |
| 2018-12-25T12:28:26.848137191Z | 67 | PC: 12f8c | Get or set file attributes (See above) |
| 2018-12-25T12:28:26.852683105Z | 67 | PC: 12f97 | Get or set file attributes (See above) |
| 2018-12-25T12:28:26.865109045Z | 61 | PC: 12fb5 | Open file (See above) |
| 2018-12-25T12:28:26.876745866Z | 66 | PC: 13036 | Move file pointer (See above) |
| 2018-12-25T12:28:26.879220128Z | 63 | PC: 12fc6 | Read file or device (See above) |
| 2018-12-25T12:28:26.885818823Z | 87 | PC: 12fcb | Get or set file date and time (See above) |
| 2018-12-25T12:28:26.887521517Z | 66 | PC: 13036 | Move file pointer (See above) |
| 2018-12-25T12:28:26.889374843Z | 64 | PC: 12ff0 | Write file or device (See above) |
| 2018-12-25T12:28:26.893920637Z | 66 | PC: 13036 | Move file pointer (See above) |
| 2018-12-25T12:28:26.895539244Z | 44 | PC: 13076 | Get time (See above) |
| 2018-12-25T12:28:26.897878798Z | 44 | PC: 1308c | Get time (See above) |
| 2018-12-25T12:28:26.90069522Z | 44 | PC: 130aa | Get time (See above) |
| 2018-12-25T12:28:26.903569786Z | 64 | PC: 13007 | Write file or device (See above) |
| 2018-12-25T12:28:26.91219281Z | 87 | PC: 13021 | Get or set file date and time (See above) |
| 2018-12-25T12:28:26.914883388Z | 87 | PC: 1302c | Get or set file date and time (See above) |
| 2018-12-25T12:28:26.9166269Z | 62 | PC: 1300e | Close file (See above) |
| 2018-12-25T12:28:26.965290158Z | 67 | PC: 1301a | Get or set file attributes (See above) |
| 2018-12-25T12:28:26.982689885Z | 79 | PC: 12f19 | Find next file (See above) |
| 2018-12-25T12:28:26.984448965Z | 67 | PC: 12f8c | Get or set file attributes (See above) |
| 2018-12-25T12:28:26.988056589Z | 67 | PC: 12f97 | Get or set file attributes (See above) |
| 2018-12-25T12:28:27.053874053Z | 67 | PC: 1301a | Get or set file attributes (See above) |
| 2018-12-25T12:28:27.082682999Z | 79 | PC: 12f19 | Find next file (See above) |
| 2018-12-25T12:28:27.084978759Z | 42 | PC: 12f25 | Get date 0x12f25: cmp dh, 4 0x12f28: jne 0x12f32 0x12f2a: cmp dl, 1 0x12f2d: jne 0x12f32 0x12f2f: call 0x13109 0x12f32: cmp al, 5 0x12f34: jne 0x12f3e 0x12f36: cmp dl, 0xd 0x12f39: jne 0x12f3e 0x12f3b: call 0x13126 0x12f3e: mov ah, 0x2c 0x12f40: int 0x21 0x12f42: cmp ch, 1 0x12f45: jne 0x12f4f 0x12f47: cmp cl, 0x1e 0x12f4a: ja 0x12f4f 0x12f4c: call 0x13116 0x12f4f: mov ah, 0x41 0x12f51: lea dx, word ptr [bp + 0x296] 0x12f55: int 0x21 |
| 2018-12-25T12:28:27.0876597Z | 44 | PC: 12f42 | Get time 0x12f42: cmp ch, 1 0x12f45: jne 0x12f4f 0x12f47: cmp cl, 0x1e 0x12f4a: ja 0x12f4f 0x12f4c: call 0x13116 0x12f4f: mov ah, 0x41 0x12f51: lea dx, word ptr [bp + 0x296] 0x12f55: int 0x21 0x12f57: mov ah, 0x41 0x12f59: lea dx, word ptr [bp + 0x2a1] 0x12f5d: int 0x21 0x12f5f: push ds 0x12f60: mov ax, 0x2524 0x12f63: mov ds, word ptr [bp + 0x360] 0x12f67: mov dx, word ptr [bp + 0x35e] 0x12f6b: int 0x21 0x12f6d: pop ds 0x12f6e: mov di, 0x80 0x12f71: lea si, word ptr [bp + 0x61c] 0x12f75: mov cx, 0x80 |
| 2018-12-25T12:28:27.089568003Z | 65 | PC: 12f57 | Delete file (Filename = 'CHKLIST.MS') |
| 2018-12-25T12:28:27.094892247Z | 65 | PC: 12f5f | Delete file (Filename = 'CHKLIST.CPS') |
| 2018-12-25T12:28:27.100457821Z | 37 | PC: 12f6d | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10570,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:28:26.656078629Z | 53 | PC: 12efc | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:28:26.658736952Z | 37 | PC: 12f06 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:28:26.660188939Z | 78 | PC: 12f10 | Find first file |
| 2018-12-25T12:28:26.667421979Z | 67 | PC: 12f8c | Get or set file attributes |
| 2018-12-25T12:28:26.673959619Z | 67 | PC: 12f97 | Get or set file attributes |
| 2018-12-25T12:28:26.700349379Z | 61 | PC: 12fb5 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:28:26.707896924Z | 66 | PC: 13036 | Move file pointer |
| 2018-12-25T12:28:26.709635053Z | 63 | PC: 12fc6 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:28:26.717381191Z | 87 | PC: 12fcb | Get or set file date and time |
| 2018-12-25T12:28:26.719397932Z | 66 | PC: 13036 | Move file pointer (See above) |
| 2018-12-25T12:28:26.720992783Z | 64 | PC: 12ff0 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:28:26.724321634Z | 66 | PC: 13036 | Move file pointer (See above) |
| 2018-12-25T12:28:26.725795836Z | 44 | PC: 13076 | Get time 0x13076: and dl, 7 0x13079: xor byte ptr [bp + 0x103], dl 0x1307d: xor byte ptr [bp + 0x105], dl 0x13081: shl dl, 3 0x13084: xor byte ptr [bp + 0x109], dl 0x13088: mov ah, 0x2c 0x1308a: int 0x21 0x1308c: and dl, 1 0x1308f: xor byte ptr [bp + 0x11c], dl 0x13093: xor byte ptr [bp + 0x120], dl 0x13097: xor byte ptr [bp + 0x121], dl 0x1309b: shl dl, 3 0x1309e: xor byte ptr [bp + 0x10b], dl 0x130a2: xor byte ptr [bp + 0x316], dl 0x130a6: mov ah, 0x2c 0x130a8: int 0x21 0x130aa: mov byte ptr [bp + 0x125], dl 0x130ae: lea si, word ptr [bp + 0x100] 0x130b2: lea di, word ptr [bp + 0x38e] 0x130b6: mov cx, 0x28e |
| 2018-12-25T12:28:26.728808623Z | 44 | PC: 1308c | Get time 0x1308c: and dl, 1 0x1308f: xor byte ptr [bp + 0x11c], dl 0x13093: xor byte ptr [bp + 0x120], dl 0x13097: xor byte ptr [bp + 0x121], dl 0x1309b: shl dl, 3 0x1309e: xor byte ptr [bp + 0x10b], dl 0x130a2: xor byte ptr [bp + 0x316], dl 0x130a6: mov ah, 0x2c 0x130a8: int 0x21 0x130aa: mov byte ptr [bp + 0x125], dl 0x130ae: lea si, word ptr [bp + 0x100] 0x130b2: lea di, word ptr [bp + 0x38e] 0x130b6: mov cx, 0x28e 0x130b9: rep movsb byte ptr es:[di], byte ptr [si] 0x130bb: lea si, word ptr [bp + 0x3b4] 0x130bf: call 0x22eba 0x130c2: ret 0x130c3: jmp 0x1192c 0x130c6: cmp cl, ch 0x130c8: xchg ax, sp |
| 2018-12-25T12:28:26.731734706Z | 44 | PC: 130aa | Get time 0x130aa: mov byte ptr [bp + 0x125], dl 0x130ae: lea si, word ptr [bp + 0x100] 0x130b2: lea di, word ptr [bp + 0x38e] 0x130b6: mov cx, 0x28e 0x130b9: rep movsb byte ptr es:[di], byte ptr [si] 0x130bb: lea di, word ptr [bp + 0x3b4] 0x130bf: call 0x22eba 0x130c2: ret 0x130c3: jmp 0x1192c 0x130c6: cmp cl, ch 0x130c8: xchg ax, sp 0x130c9: add word ptr [bp + si], bp 0x130cb: inc bx 0x130cd: dec di 0x130ce: dec bp 0x130cf: add byte ptr [bp + si + 0x45], dl 0x130d2: inc sp 0x130d3: push dx 0x130d4: push bp 0x130d5: dec bp |
| 2018-12-25T12:28:26.734617361Z | 64 | PC: 13007 | Write file or device (Write 654 bytes on handle 5) |
| 2018-12-25T12:28:26.744186848Z | 87 | PC: 13021 | Get or set file date and time |
| 2018-12-25T12:28:26.746436257Z | 87 | PC: 1302c | Get or set file date and time |
| 2018-12-25T12:28:26.748062475Z | 62 | PC: 1300e | Close file |
| 2018-12-25T12:28:26.756928556Z | 67 | PC: 1301a | Get or set file attributes |
| 2018-12-25T12:28:26.768234656Z | 79 | PC: 12f19 | Find next file |
| 2018-12-25T12:28:26.771148613Z | 67 | PC: 12f8c | Get or set file attributes (See above) |
| 2018-12-25T12:28:26.777876567Z | 67 | PC: 12f97 | Get or set file attributes (See above) |
| 2018-12-25T12:28:26.789140571Z | 67 | PC: 1301a | Get or set file attributes (See above) |
| 2018-12-25T12:28:26.796854429Z | 79 | PC: 12f19 | Find next file (See above) |
| 2018-12-25T12:28:26.799310551Z | 67 | PC: 12f8c | Get or set file attributes (See above) |
| 2018-12-25T12:28:26.806627306Z | 67 | PC: 12f97 | Get or set file attributes (See above) |
| 2018-12-25T12:28:26.819146281Z | 67 | PC: 1301a | Get or set file attributes (See above) |
| 2018-12-25T12:28:26.827083419Z | 79 | PC: 12f19 | Find next file (See above) |
| 2018-12-25T12:28:26.830134136Z | 67 | PC: 12f8c | Get or set file attributes (See above) |
| 2018-12-25T12:28:26.837392122Z | 67 | PC: 12f97 | Get or set file attributes (See above) |
| 2018-12-25T12:28:26.849111635Z | 67 | PC: 1301a | Get or set file attributes (See above) |
| 2018-12-25T12:28:26.861103867Z | 79 | PC: 12f19 | Find next file (See above) |
| 2018-12-25T12:28:26.864962005Z | 67 | PC: 12f8c | Get or set file attributes (See above) |
| 2018-12-25T12:28:26.87685751Z | 67 | PC: 12f97 | Get or set file attributes (See above) |
| 2018-12-25T12:28:26.89082403Z | 67 | PC: 1301a | Get or set file attributes (See above) |
| 2018-12-25T12:28:26.902200268Z | 79 | PC: 12f19 | Find next file (See above) |
| 2018-12-25T12:28:26.905056863Z | 67 | PC: 12f8c | Get or set file attributes (See above) |
| 2018-12-25T12:28:26.911471237Z | 67 | PC: 12f97 | Get or set file attributes (See above) |
| 2018-12-25T12:28:26.923374315Z | 61 | PC: 12fb5 | Open file (See above) |
| 2018-12-25T12:28:26.931189344Z | 66 | PC: 13036 | Move file pointer (See above) |
| 2018-12-25T12:28:26.9327684Z | 63 | PC: 12fc6 | Read file or device (See above) |
| 2018-12-25T12:28:26.940869095Z | 87 | PC: 12fcb | Get or set file date and time (See above) |
| 2018-12-25T12:28:26.942517589Z | 66 | PC: 13036 | Move file pointer (See above) |
| 2018-12-25T12:28:26.944043806Z | 64 | PC: 12ff0 | Write file or device (See above) |
| 2018-12-25T12:28:26.947718512Z | 66 | PC: 13036 | Move file pointer (See above) |
| 2018-12-25T12:28:26.949414538Z | 44 | PC: 13076 | Get time (See above) |
| 2018-12-25T12:28:26.952008838Z | 44 | PC: 1308c | Get time (See above) |
| 2018-12-25T12:28:26.954731246Z | 44 | PC: 130aa | Get time (See above) |
| 2018-12-25T12:28:26.95834933Z | 64 | PC: 13007 | Write file or device (See above) |
| 2018-12-25T12:28:26.968310922Z | 87 | PC: 13021 | Get or set file date and time (See above) |
| 2018-12-25T12:28:26.970250105Z | 87 | PC: 1302c | Get or set file date and time (See above) |
| 2018-12-25T12:28:26.97343675Z | 62 | PC: 1300e | Close file (See above) |
| 2018-12-25T12:28:26.982321028Z | 67 | PC: 1301a | Get or set file attributes (See above) |
| 2018-12-25T12:28:26.993420797Z | 79 | PC: 12f19 | Find next file (See above) |
| 2018-12-25T12:28:26.996968939Z | 67 | PC: 12f8c | Get or set file attributes (See above) |
| 2018-12-25T12:28:27.003322803Z | 67 | PC: 12f97 | Get or set file attributes (See above) |
| 2018-12-25T12:28:27.01513Z | 67 | PC: 1301a | Get or set file attributes (See above) |
| 2018-12-25T12:28:27.028118415Z | 79 | PC: 12f19 | Find next file (See above) |
| 2018-12-25T12:28:27.031311518Z | 42 | PC: 12f25 | Get date 0x12f25: cmp dh, 4 0x12f28: jne 0x12f32 0x12f2a: cmp dl, 1 0x12f2d: jne 0x12f32 0x12f2f: call 0x13109 0x12f32: cmp al, 5 0x12f34: jne 0x12f3e 0x12f36: cmp dl, 0xd 0x12f39: jne 0x12f3e 0x12f3b: call 0x13126 0x12f3e: mov ah, 0x2c 0x12f40: int 0x21 0x12f42: cmp ch, 1 0x12f45: jne 0x12f4f 0x12f47: cmp cl, 0x1e 0x12f4a: ja 0x12f4f 0x12f4c: call 0x13116 0x12f4f: mov ah, 0x41 0x12f51: lea dx, word ptr [bp + 0x296] 0x12f55: int 0x21 |
| 2018-12-25T12:28:27.034243954Z | 44 | PC: 12f42 | Get time 0x12f42: cmp ch, 1 0x12f45: jne 0x12f4f 0x12f47: cmp cl, 0x1e 0x12f4a: ja 0x12f4f 0x12f4c: call 0x13116 0x12f4f: mov ah, 0x41 0x12f51: lea dx, word ptr [bp + 0x296] 0x12f55: int 0x21 0x12f57: mov ah, 0x41 0x12f59: lea dx, word ptr [bp + 0x2a1] 0x12f5d: int 0x21 0x12f5f: push ds 0x12f60: mov ax, 0x2524 0x12f63: mov ds, word ptr [bp + 0x360] 0x12f67: mov dx, word ptr [bp + 0x35e] 0x12f6b: int 0x21 0x12f6d: pop ds 0x12f6e: mov di, 0x80 0x12f71: lea si, word ptr [bp + 0x61c] 0x12f75: mov cx, 0x80 |
| 2018-12-25T12:28:27.038053539Z | 65 | PC: 12f57 | Delete file (Filename = 'CHKLIST.MS') |
| 2018-12-25T12:28:27.04549707Z | 65 | PC: 12f5f | Delete file (Filename = 'CHKLIST.CPS') |
| 2018-12-25T12:28:27.052465053Z | 37 | PC: 12f6d | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":1,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10570,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:28:26.667533405Z | 53 | PC: 12efc | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:28:26.669713923Z | 37 | PC: 12f06 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:28:26.671055454Z | 78 | PC: 12f10 | Find first file |
| 2018-12-25T12:28:26.67792031Z | 67 | PC: 12f8c | Get or set file attributes |
| 2018-12-25T12:28:26.684321665Z | 67 | PC: 12f97 | Get or set file attributes |
| 2018-12-25T12:28:26.700185469Z | 61 | PC: 12fb5 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:28:26.713833496Z | 66 | PC: 13036 | Move file pointer |
| 2018-12-25T12:28:26.715900785Z | 63 | PC: 12fc6 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:28:26.724770146Z | 87 | PC: 12fcb | Get or set file date and time |
| 2018-12-25T12:28:26.726286178Z | 66 | PC: 13036 | Move file pointer (See above) |
| 2018-12-25T12:28:26.727763366Z | 64 | PC: 12ff0 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:28:26.731158912Z | 66 | PC: 13036 | Move file pointer (See above) |
| 2018-12-25T12:28:26.733145592Z | 44 | PC: 13076 | Get time 0x13076: and dl, 7 0x13079: xor byte ptr [bp + 0x103], dl 0x1307d: xor byte ptr [bp + 0x105], dl 0x13081: shl dl, 3 0x13084: xor byte ptr [bp + 0x109], dl 0x13088: mov ah, 0x2c 0x1308a: int 0x21 0x1308c: and dl, 1 0x1308f: xor byte ptr [bp + 0x11c], dl 0x13093: xor byte ptr [bp + 0x120], dl 0x13097: xor byte ptr [bp + 0x121], dl 0x1309b: shl dl, 3 0x1309e: xor byte ptr [bp + 0x10b], dl 0x130a2: xor byte ptr [bp + 0x316], dl 0x130a6: mov ah, 0x2c 0x130a8: int 0x21 0x130aa: mov byte ptr [bp + 0x125], dl 0x130ae: lea si, word ptr [bp + 0x100] 0x130b2: lea di, word ptr [bp + 0x38e] 0x130b6: mov cx, 0x28e |
| 2018-12-25T12:28:26.735802007Z | 44 | PC: 1308c | Get time 0x1308c: and dl, 1 0x1308f: xor byte ptr [bp + 0x11c], dl 0x13093: xor byte ptr [bp + 0x120], dl 0x13097: xor byte ptr [bp + 0x121], dl 0x1309b: shl dl, 3 0x1309e: xor byte ptr [bp + 0x10b], dl 0x130a2: xor byte ptr [bp + 0x316], dl 0x130a6: mov ah, 0x2c 0x130a8: int 0x21 0x130aa: mov byte ptr [bp + 0x125], dl 0x130ae: lea si, word ptr [bp + 0x100] 0x130b2: lea di, word ptr [bp + 0x38e] 0x130b6: mov cx, 0x28e 0x130b9: rep movsb byte ptr es:[di], byte ptr [si] 0x130bb: lea si, word ptr [bp + 0x3b4] 0x130bf: call 0x22eba 0x130c2: ret 0x130c3: jmp 0x1192c 0x130c6: cmp cl, ch 0x130c8: xchg ax, sp |
| 2018-12-25T12:28:26.738786091Z | 44 | PC: 130aa | Get time 0x130aa: mov byte ptr [bp + 0x125], dl 0x130ae: lea si, word ptr [bp + 0x100] 0x130b2: lea di, word ptr [bp + 0x38e] 0x130b6: mov cx, 0x28e 0x130b9: rep movsb byte ptr es:[di], byte ptr [si] 0x130bb: lea di, word ptr [bp + 0x3b4] 0x130bf: call 0x22eba 0x130c2: ret 0x130c3: jmp 0x1192c 0x130c6: cmp cl, ch 0x130c8: xchg ax, sp 0x130c9: add word ptr [bp + si], bp 0x130cb: inc bx 0x130cd: dec di 0x130ce: dec bp 0x130cf: add byte ptr [bp + si + 0x45], dl 0x130d2: inc sp 0x130d3: push dx 0x130d4: push bp 0x130d5: dec bp |
| 2018-12-25T12:28:26.741591046Z | 64 | PC: 13007 | Write file or device (Write 654 bytes on handle 5) |
| 2018-12-25T12:28:26.751933065Z | 87 | PC: 13021 | Get or set file date and time |
| 2018-12-25T12:28:26.753991579Z | 87 | PC: 1302c | Get or set file date and time |
| 2018-12-25T12:28:26.756238021Z | 62 | PC: 1300e | Close file |
| 2018-12-25T12:28:26.764800799Z | 67 | PC: 1301a | Get or set file attributes |
| 2018-12-25T12:28:26.777729416Z | 79 | PC: 12f19 | Find next file |
| 2018-12-25T12:28:26.781051131Z | 67 | PC: 12f8c | Get or set file attributes (See above) |
| 2018-12-25T12:28:26.788249703Z | 67 | PC: 12f97 | Get or set file attributes (See above) |
| 2018-12-25T12:28:26.799049429Z | 67 | PC: 1301a | Get or set file attributes (See above) |
| 2018-12-25T12:28:26.81026763Z | 79 | PC: 12f19 | Find next file (See above) |
| 2018-12-25T12:28:26.813196061Z | 67 | PC: 12f8c | Get or set file attributes (See above) |
| 2018-12-25T12:28:26.819734318Z | 67 | PC: 12f97 | Get or set file attributes (See above) |
| 2018-12-25T12:28:26.839763006Z | 67 | PC: 1301a | Get or set file attributes (See above) |
| 2018-12-25T12:28:26.856549962Z | 79 | PC: 12f19 | Find next file (See above) |
| 2018-12-25T12:28:26.860569874Z | 67 | PC: 12f8c | Get or set file attributes (See above) |
| 2018-12-25T12:28:26.867749395Z | 67 | PC: 12f97 | Get or set file attributes (See above) |
| 2018-12-25T12:28:26.878803192Z | 67 | PC: 1301a | Get or set file attributes (See above) |
| 2018-12-25T12:28:26.889893189Z | 79 | PC: 12f19 | Find next file (See above) |
| 2018-12-25T12:28:26.89335458Z | 67 | PC: 12f8c | Get or set file attributes (See above) |
| 2018-12-25T12:28:26.899601515Z | 67 | PC: 12f97 | Get or set file attributes (See above) |
| 2018-12-25T12:28:26.91321961Z | 67 | PC: 1301a | Get or set file attributes (See above) |
| 2018-12-25T12:28:26.928749596Z | 79 | PC: 12f19 | Find next file (See above) |
| 2018-12-25T12:28:26.932344872Z | 67 | PC: 12f8c | Get or set file attributes (See above) |
| 2018-12-25T12:28:26.937029022Z | 67 | PC: 12f97 | Get or set file attributes (See above) |
| 2018-12-25T12:28:26.945155101Z | 61 | PC: 12fb5 | Open file (See above) |
| 2018-12-25T12:28:26.950789542Z | 66 | PC: 13036 | Move file pointer (See above) |
| 2018-12-25T12:28:26.952023608Z | 63 | PC: 12fc6 | Read file or device (See above) |
| 2018-12-25T12:28:26.956310648Z | 87 | PC: 12fcb | Get or set file date and time (See above) |
| 2018-12-25T12:28:26.958369107Z | 66 | PC: 13036 | Move file pointer (See above) |
| 2018-12-25T12:28:26.959551214Z | 64 | PC: 12ff0 | Write file or device (See above) |
| 2018-12-25T12:28:26.962714724Z | 66 | PC: 13036 | Move file pointer (See above) |
| 2018-12-25T12:28:26.965084148Z | 44 | PC: 13076 | Get time (See above) |
| 2018-12-25T12:28:26.967537137Z | 44 | PC: 1308c | Get time (See above) |
| 2018-12-25T12:28:26.96992775Z | 44 | PC: 130aa | Get time (See above) |
| 2018-12-25T12:28:26.974510304Z | 64 | PC: 13007 | Write file or device (See above) |
| 2018-12-25T12:28:26.98418168Z | 87 | PC: 13021 | Get or set file date and time (See above) |
| 2018-12-25T12:28:26.986440473Z | 87 | PC: 1302c | Get or set file date and time (See above) |
| 2018-12-25T12:28:26.989069484Z | 62 | PC: 1300e | Close file (See above) |
| 2018-12-25T12:28:26.997540437Z | 67 | PC: 1301a | Get or set file attributes (See above) |
| 2018-12-25T12:28:27.008584447Z | 79 | PC: 12f19 | Find next file (See above) |
| 2018-12-25T12:28:27.012051299Z | 67 | PC: 12f8c | Get or set file attributes (See above) |
| 2018-12-25T12:28:27.018503577Z | 67 | PC: 12f97 | Get or set file attributes (See above) |
| 2018-12-25T12:28:27.029141762Z | 67 | PC: 1301a | Get or set file attributes (See above) |
| 2018-12-25T12:28:27.040367332Z | 79 | PC: 12f19 | Find next file (See above) |
| 2018-12-25T12:28:27.04329273Z | 42 | PC: 12f25 | Get date 0x12f25: cmp dh, 4 0x12f28: jne 0x12f32 0x12f2a: cmp dl, 1 0x12f2d: jne 0x12f32 0x12f2f: call 0x13109 0x12f32: cmp al, 5 0x12f34: jne 0x12f3e 0x12f36: cmp dl, 0xd 0x12f39: jne 0x12f3e 0x12f3b: call 0x13126 0x12f3e: mov ah, 0x2c 0x12f40: int 0x21 0x12f42: cmp ch, 1 0x12f45: jne 0x12f4f 0x12f47: cmp cl, 0x1e 0x12f4a: ja 0x12f4f 0x12f4c: call 0x13116 0x12f4f: mov ah, 0x41 0x12f51: lea dx, word ptr [bp + 0x296] 0x12f55: int 0x21 |
| 2018-12-25T12:28:27.045665114Z | 44 | PC: 12f42 | Get time 0x12f42: cmp ch, 1 0x12f45: jne 0x12f4f 0x12f47: cmp cl, 0x1e 0x12f4a: ja 0x12f4f 0x12f4c: call 0x13116 0x12f4f: mov ah, 0x41 0x12f51: lea dx, word ptr [bp + 0x296] 0x12f55: int 0x21 0x12f57: mov ah, 0x41 0x12f59: lea dx, word ptr [bp + 0x2a1] 0x12f5d: int 0x21 0x12f5f: push ds 0x12f60: mov ax, 0x2524 0x12f63: mov ds, word ptr [bp + 0x360] 0x12f67: mov dx, word ptr [bp + 0x35e] 0x12f6b: int 0x21 0x12f6d: pop ds 0x12f6e: mov di, 0x80 0x12f71: lea si, word ptr [bp + 0x61c] 0x12f75: mov cx, 0x80 |
| 2018-12-25T12:28:27.048099808Z | 64 | PC: 13124 | Write file or device (Write 8 bytes on handle 4) |
| 2018-12-25T12:28:27.053856484Z | 65 | PC: 12f57 | Delete file (Filename = 'CHKLIST.MS') |
| 2018-12-25T12:28:27.060440236Z | 65 | PC: 12f5f | Delete file (Filename = 'CHKLIST.CPS') |
| 2018-12-25T12:28:27.064712309Z | 37 | PC: 12f6d | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":1,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10570,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:28:27.001883632Z | 53 | PC: 12efc | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:28:27.005026509Z | 37 | PC: 12f06 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:28:27.006029683Z | 78 | PC: 12f10 | Find first file |
| 2018-12-25T12:28:27.011098599Z | 67 | PC: 12f8c | Get or set file attributes |
| 2018-12-25T12:28:27.018977121Z | 67 | PC: 12f97 | Get or set file attributes |
| 2018-12-25T12:28:27.036556675Z | 61 | PC: 12fb5 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:28:27.044540758Z | 66 | PC: 13036 | Move file pointer |
| 2018-12-25T12:28:27.047653864Z | 63 | PC: 12fc6 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:28:27.055712348Z | 87 | PC: 12fcb | Get or set file date and time |
| 2018-12-25T12:28:27.057516252Z | 66 | PC: 13036 | Move file pointer (See above) |
| 2018-12-25T12:28:27.059913345Z | 64 | PC: 12ff0 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:28:27.063322501Z | 66 | PC: 13036 | Move file pointer (See above) |
| 2018-12-25T12:28:27.064957599Z | 44 | PC: 13076 | Get time 0x13076: and dl, 7 0x13079: xor byte ptr [bp + 0x103], dl 0x1307d: xor byte ptr [bp + 0x105], dl 0x13081: shl dl, 3 0x13084: xor byte ptr [bp + 0x109], dl 0x13088: mov ah, 0x2c 0x1308a: int 0x21 0x1308c: and dl, 1 0x1308f: xor byte ptr [bp + 0x11c], dl 0x13093: xor byte ptr [bp + 0x120], dl 0x13097: xor byte ptr [bp + 0x121], dl 0x1309b: shl dl, 3 0x1309e: xor byte ptr [bp + 0x10b], dl 0x130a2: xor byte ptr [bp + 0x316], dl 0x130a6: mov ah, 0x2c 0x130a8: int 0x21 0x130aa: mov byte ptr [bp + 0x125], dl 0x130ae: lea si, word ptr [bp + 0x100] 0x130b2: lea di, word ptr [bp + 0x38e] 0x130b6: mov cx, 0x28e |
| 2018-12-25T12:28:27.06791748Z | 44 | PC: 1308c | Get time 0x1308c: and dl, 1 0x1308f: xor byte ptr [bp + 0x11c], dl 0x13093: xor byte ptr [bp + 0x120], dl 0x13097: xor byte ptr [bp + 0x121], dl 0x1309b: shl dl, 3 0x1309e: xor byte ptr [bp + 0x10b], dl 0x130a2: xor byte ptr [bp + 0x316], dl 0x130a6: mov ah, 0x2c 0x130a8: int 0x21 0x130aa: mov byte ptr [bp + 0x125], dl 0x130ae: lea si, word ptr [bp + 0x100] 0x130b2: lea di, word ptr [bp + 0x38e] 0x130b6: mov cx, 0x28e 0x130b9: rep movsb byte ptr es:[di], byte ptr [si] 0x130bb: lea si, word ptr [bp + 0x3b4] 0x130bf: call 0x22eba 0x130c2: ret 0x130c3: jmp 0x1192c 0x130c6: cmp cl, ch 0x130c8: xchg ax, sp |
| 2018-12-25T12:28:27.071345507Z | 44 | PC: 130aa | Get time 0x130aa: mov byte ptr [bp + 0x125], dl 0x130ae: lea si, word ptr [bp + 0x100] 0x130b2: lea di, word ptr [bp + 0x38e] 0x130b6: mov cx, 0x28e 0x130b9: rep movsb byte ptr es:[di], byte ptr [si] 0x130bb: lea di, word ptr [bp + 0x3b4] 0x130bf: call 0x22eba 0x130c2: ret 0x130c3: jmp 0x1192c 0x130c6: cmp cl, ch 0x130c8: xchg ax, sp 0x130c9: add word ptr [bp + si], bp 0x130cb: inc bx 0x130cd: dec di 0x130ce: dec bp 0x130cf: add byte ptr [bp + si + 0x45], dl 0x130d2: inc sp 0x130d3: push dx 0x130d4: push bp 0x130d5: dec bp |
| 2018-12-25T12:28:27.074286589Z | 64 | PC: 13007 | Write file or device (Write 654 bytes on handle 5) |
| 2018-12-25T12:28:27.084207667Z | 87 | PC: 13021 | Get or set file date and time |
| 2018-12-25T12:28:27.086756732Z | 87 | PC: 1302c | Get or set file date and time |
| 2018-12-25T12:28:27.088514061Z | 62 | PC: 1300e | Close file |
| 2018-12-25T12:28:27.097503972Z | 67 | PC: 1301a | Get or set file attributes |
| 2018-12-25T12:28:27.107748611Z | 79 | PC: 12f19 | Find next file |
| 2018-12-25T12:28:27.109891817Z | 67 | PC: 12f8c | Get or set file attributes (See above) |
| 2018-12-25T12:28:27.115403927Z | 67 | PC: 12f97 | Get or set file attributes (See above) |
| 2018-12-25T12:28:27.125555155Z | 67 | PC: 1301a | Get or set file attributes (See above) |
| 2018-12-25T12:28:27.136848229Z | 79 | PC: 12f19 | Find next file (See above) |
| 2018-12-25T12:28:27.139851257Z | 67 | PC: 12f8c | Get or set file attributes (See above) |
| 2018-12-25T12:28:27.14728565Z | 67 | PC: 12f97 | Get or set file attributes (See above) |
| 2018-12-25T12:28:27.158369561Z | 67 | PC: 1301a | Get or set file attributes (See above) |
| 2018-12-25T12:28:27.169327005Z | 79 | PC: 12f19 | Find next file (See above) |
| 2018-12-25T12:28:27.176647138Z | 67 | PC: 12f8c | Get or set file attributes (See above) |
| 2018-12-25T12:28:27.19103589Z | 67 | PC: 12f97 | Get or set file attributes (See above) |
| 2018-12-25T12:28:27.20270311Z | 67 | PC: 1301a | Get or set file attributes (See above) |
| 2018-12-25T12:28:27.219780267Z | 79 | PC: 12f19 | Find next file (See above) |
| 2018-12-25T12:28:27.224879391Z | 67 | PC: 12f8c | Get or set file attributes (See above) |
| 2018-12-25T12:28:27.231283137Z | 67 | PC: 12f97 | Get or set file attributes (See above) |
| 2018-12-25T12:28:27.242515844Z | 67 | PC: 1301a | Get or set file attributes (See above) |
| 2018-12-25T12:28:27.258026025Z | 79 | PC: 12f19 | Find next file (See above) |
| 2018-12-25T12:28:27.261440259Z | 67 | PC: 12f8c | Get or set file attributes (See above) |
| 2018-12-25T12:28:27.268298777Z | 67 | PC: 12f97 | Get or set file attributes (See above) |
| 2018-12-25T12:28:27.280646585Z | 61 | PC: 12fb5 | Open file (See above) |
| 2018-12-25T12:28:27.288405039Z | 66 | PC: 13036 | Move file pointer (See above) |
| 2018-12-25T12:28:27.290467574Z | 63 | PC: 12fc6 | Read file or device (See above) |
| 2018-12-25T12:28:27.298822871Z | 87 | PC: 12fcb | Get or set file date and time (See above) |
| 2018-12-25T12:28:27.300875573Z | 66 | PC: 13036 | Move file pointer (See above) |
| 2018-12-25T12:28:27.30250387Z | 64 | PC: 12ff0 | Write file or device (See above) |
| 2018-12-25T12:28:27.306762727Z | 66 | PC: 13036 | Move file pointer (See above) |
| 2018-12-25T12:28:27.308455516Z | 44 | PC: 13076 | Get time (See above) |
| 2018-12-25T12:28:27.31647984Z | 44 | PC: 1308c | Get time (See above) |
| 2018-12-25T12:28:27.320820461Z | 44 | PC: 130aa | Get time (See above) |
| 2018-12-25T12:28:27.323921181Z | 64 | PC: 13007 | Write file or device (See above) |
| 2018-12-25T12:28:27.333896338Z | 87 | PC: 13021 | Get or set file date and time (See above) |
| 2018-12-25T12:28:27.336665621Z | 87 | PC: 1302c | Get or set file date and time (See above) |
| 2018-12-25T12:28:27.338395249Z | 62 | PC: 1300e | Close file (See above) |
| 2018-12-25T12:28:27.347002967Z | 67 | PC: 1301a | Get or set file attributes (See above) |
| 2018-12-25T12:28:27.359479158Z | 79 | PC: 12f19 | Find next file (See above) |
| 2018-12-25T12:28:27.362494265Z | 67 | PC: 12f8c | Get or set file attributes (See above) |
| 2018-12-25T12:28:27.368870463Z | 67 | PC: 12f97 | Get or set file attributes (See above) |
| 2018-12-25T12:28:27.380123315Z | 67 | PC: 1301a | Get or set file attributes (See above) |
| 2018-12-25T12:28:27.391862418Z | 79 | PC: 12f19 | Find next file (See above) |
| 2018-12-25T12:28:27.394667247Z | 42 | PC: 12f25 | Get date 0x12f25: cmp dh, 4 0x12f28: jne 0x12f32 0x12f2a: cmp dl, 1 0x12f2d: jne 0x12f32 0x12f2f: call 0x13109 0x12f32: cmp al, 5 0x12f34: jne 0x12f3e 0x12f36: cmp dl, 0xd 0x12f39: jne 0x12f3e 0x12f3b: call 0x13126 0x12f3e: mov ah, 0x2c 0x12f40: int 0x21 0x12f42: cmp ch, 1 0x12f45: jne 0x12f4f 0x12f47: cmp cl, 0x1e 0x12f4a: ja 0x12f4f 0x12f4c: call 0x13116 0x12f4f: mov ah, 0x41 0x12f51: lea dx, word ptr [bp + 0x296] 0x12f55: int 0x21 |
| 2018-12-25T12:28:27.397365555Z | 44 | PC: 12f42 | Get time 0x12f42: cmp ch, 1 0x12f45: jne 0x12f4f 0x12f47: cmp cl, 0x1e 0x12f4a: ja 0x12f4f 0x12f4c: call 0x13116 0x12f4f: mov ah, 0x41 0x12f51: lea dx, word ptr [bp + 0x296] 0x12f55: int 0x21 0x12f57: mov ah, 0x41 0x12f59: lea dx, word ptr [bp + 0x2a1] 0x12f5d: int 0x21 0x12f5f: push ds 0x12f60: mov ax, 0x2524 0x12f63: mov ds, word ptr [bp + 0x360] 0x12f67: mov dx, word ptr [bp + 0x35e] 0x12f6b: int 0x21 0x12f6d: pop ds 0x12f6e: mov di, 0x80 0x12f71: lea si, word ptr [bp + 0x61c] 0x12f75: mov cx, 0x80 |
| 2018-12-25T12:28:27.401144867Z | 64 | PC: 13124 | Write file or device (Write 8 bytes on handle 4) |
| 2018-12-25T12:28:27.405440503Z | 65 | PC: 12f57 | Delete file (Filename = 'CHKLIST.MS') |
| 2018-12-25T12:28:27.412026089Z | 65 | PC: 12f5f | Delete file (Filename = 'CHKLIST.CPS') |
| 2018-12-25T12:28:27.418945003Z | 37 | PC: 12f6d | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":1,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10570,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:28:26.992847252Z | 53 | PC: 12efc | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:28:26.995620645Z | 37 | PC: 12f06 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:28:26.996618932Z | 78 | PC: 12f10 | Find first file |
| 2018-12-25T12:28:27.002273221Z | 67 | PC: 12f8c | Get or set file attributes |
| 2018-12-25T12:28:27.008758554Z | 67 | PC: 12f97 | Get or set file attributes |
| 2018-12-25T12:28:28.246654084Z | 61 | PC: 12fb5 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:28:28.253375126Z | 66 | PC: 13036 | Move file pointer |
| 2018-12-25T12:28:28.255895508Z | 63 | PC: 12fc6 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:28:28.26747684Z | 87 | PC: 12fcb | Get or set file date and time |
| 2018-12-25T12:28:28.27018567Z | 66 | PC: 13036 | Move file pointer (See above) |
| 2018-12-25T12:28:28.272231845Z | 64 | PC: 12ff0 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:28:28.275279978Z | 66 | PC: 13036 | Move file pointer (See above) |
| 2018-12-25T12:28:28.27668713Z | 44 | PC: 13076 | Get time 0x13076: and dl, 7 0x13079: xor byte ptr [bp + 0x103], dl 0x1307d: xor byte ptr [bp + 0x105], dl 0x13081: shl dl, 3 0x13084: xor byte ptr [bp + 0x109], dl 0x13088: mov ah, 0x2c 0x1308a: int 0x21 0x1308c: and dl, 1 0x1308f: xor byte ptr [bp + 0x11c], dl 0x13093: xor byte ptr [bp + 0x120], dl 0x13097: xor byte ptr [bp + 0x121], dl 0x1309b: shl dl, 3 0x1309e: xor byte ptr [bp + 0x10b], dl 0x130a2: xor byte ptr [bp + 0x316], dl 0x130a6: mov ah, 0x2c 0x130a8: int 0x21 0x130aa: mov byte ptr [bp + 0x125], dl 0x130ae: lea si, word ptr [bp + 0x100] 0x130b2: lea di, word ptr [bp + 0x38e] 0x130b6: mov cx, 0x28e |
| 2018-12-25T12:28:28.279100607Z | 44 | PC: 1308c | Get time 0x1308c: and dl, 1 0x1308f: xor byte ptr [bp + 0x11c], dl 0x13093: xor byte ptr [bp + 0x120], dl 0x13097: xor byte ptr [bp + 0x121], dl 0x1309b: shl dl, 3 0x1309e: xor byte ptr [bp + 0x10b], dl 0x130a2: xor byte ptr [bp + 0x316], dl 0x130a6: mov ah, 0x2c 0x130a8: int 0x21 0x130aa: mov byte ptr [bp + 0x125], dl 0x130ae: lea si, word ptr [bp + 0x100] 0x130b2: lea di, word ptr [bp + 0x38e] 0x130b6: mov cx, 0x28e 0x130b9: rep movsb byte ptr es:[di], byte ptr [si] 0x130bb: lea si, word ptr [bp + 0x3b4] 0x130bf: call 0x22eba 0x130c2: ret 0x130c3: jmp 0x1192c 0x130c6: cmp cl, ch 0x130c8: xchg ax, sp |
| 2018-12-25T12:28:28.281905893Z | 44 | PC: 130aa | Get time 0x130aa: mov byte ptr [bp + 0x125], dl 0x130ae: lea si, word ptr [bp + 0x100] 0x130b2: lea di, word ptr [bp + 0x38e] 0x130b6: mov cx, 0x28e 0x130b9: rep movsb byte ptr es:[di], byte ptr [si] 0x130bb: lea di, word ptr [bp + 0x3b4] 0x130bf: call 0x22eba 0x130c2: ret 0x130c3: jmp 0x1192c 0x130c6: cmp cl, ch 0x130c8: xchg ax, sp 0x130c9: add word ptr [bp + si], bp 0x130cb: inc bx 0x130cd: dec di 0x130ce: dec bp 0x130cf: add byte ptr [bp + si + 0x45], dl 0x130d2: inc sp 0x130d3: push dx 0x130d4: push bp 0x130d5: dec bp |
| 2018-12-25T12:28:28.284748729Z | 64 | PC: 13007 | Write file or device (Write 654 bytes on handle 5) |
| 2018-12-25T12:28:28.29643204Z | 87 | PC: 13021 | Get or set file date and time |
| 2018-12-25T12:28:28.299447323Z | 87 | PC: 1302c | Get or set file date and time |
| 2018-12-25T12:28:28.301170983Z | 62 | PC: 1300e | Close file |
| 2018-12-25T12:28:28.309013121Z | 67 | PC: 1301a | Get or set file attributes |
| 2018-12-25T12:28:28.320696029Z | 79 | PC: 12f19 | Find next file |
| 2018-12-25T12:28:28.32381886Z | 67 | PC: 12f8c | Get or set file attributes (See above) |
| 2018-12-25T12:28:28.329839146Z | 67 | PC: 12f97 | Get or set file attributes (See above) |
| 2018-12-25T12:28:28.341296569Z | 67 | PC: 1301a | Get or set file attributes (See above) |
| 2018-12-25T12:28:28.351386449Z | 79 | PC: 12f19 | Find next file (See above) |
| 2018-12-25T12:28:28.354547388Z | 67 | PC: 12f8c | Get or set file attributes (See above) |
| 2018-12-25T12:28:28.3660875Z | 67 | PC: 12f97 | Get or set file attributes (See above) |
| 2018-12-25T12:28:28.376052326Z | 67 | PC: 1301a | Get or set file attributes (See above) |
| 2018-12-25T12:28:28.385850805Z | 79 | PC: 12f19 | Find next file (See above) |
| 2018-12-25T12:28:28.389495835Z | 67 | PC: 12f8c | Get or set file attributes (See above) |
| 2018-12-25T12:28:28.395496739Z | 67 | PC: 12f97 | Get or set file attributes (See above) |
| 2018-12-25T12:28:28.405627958Z | 67 | PC: 1301a | Get or set file attributes (See above) |
| 2018-12-25T12:28:28.419271109Z | 79 | PC: 12f19 | Find next file (See above) |
| 2018-12-25T12:28:28.422271857Z | 67 | PC: 12f8c | Get or set file attributes (See above) |
| 2018-12-25T12:28:28.428913138Z | 67 | PC: 12f97 | Get or set file attributes (See above) |
| 2018-12-25T12:28:28.439696896Z | 67 | PC: 1301a | Get or set file attributes (See above) |
| 2018-12-25T12:28:28.450449372Z | 79 | PC: 12f19 | Find next file (See above) |
| 2018-12-25T12:28:28.452962907Z | 67 | PC: 12f8c | Get or set file attributes (See above) |
| 2018-12-25T12:28:28.458627282Z | 67 | PC: 12f97 | Get or set file attributes (See above) |
| 2018-12-25T12:28:28.469320023Z | 61 | PC: 12fb5 | Open file (See above) |
| 2018-12-25T12:28:28.476360403Z | 66 | PC: 13036 | Move file pointer (See above) |
| 2018-12-25T12:28:28.478150603Z | 63 | PC: 12fc6 | Read file or device (See above) |
| 2018-12-25T12:28:28.485341604Z | 87 | PC: 12fcb | Get or set file date and time (See above) |
| 2018-12-25T12:28:28.486711405Z | 66 | PC: 13036 | Move file pointer (See above) |
| 2018-12-25T12:28:28.487980607Z | 64 | PC: 12ff0 | Write file or device (See above) |
| 2018-12-25T12:28:28.492120878Z | 66 | PC: 13036 | Move file pointer (See above) |
| 2018-12-25T12:28:28.493426781Z | 44 | PC: 13076 | Get time (See above) |
| 2018-12-25T12:28:28.495456405Z | 44 | PC: 1308c | Get time (See above) |
| 2018-12-25T12:28:28.498194783Z | 44 | PC: 130aa | Get time (See above) |
| 2018-12-25T12:28:28.500950606Z | 64 | PC: 13007 | Write file or device (See above) |
| 2018-12-25T12:28:28.509416371Z | 87 | PC: 13021 | Get or set file date and time (See above) |
| 2018-12-25T12:28:28.511787946Z | 87 | PC: 1302c | Get or set file date and time (See above) |
| 2018-12-25T12:28:28.513425586Z | 62 | PC: 1300e | Close file (See above) |
| 2018-12-25T12:28:28.530296272Z | 67 | PC: 1301a | Get or set file attributes (See above) |
| 2018-12-25T12:28:28.542284335Z | 79 | PC: 12f19 | Find next file (See above) |
| 2018-12-25T12:28:28.545170996Z | 67 | PC: 12f8c | Get or set file attributes (See above) |
| 2018-12-25T12:28:28.550670183Z | 67 | PC: 12f97 | Get or set file attributes (See above) |
| 2018-12-25T12:28:28.5607403Z | 67 | PC: 1301a | Get or set file attributes (See above) |
| 2018-12-25T12:28:28.570460102Z | 79 | PC: 12f19 | Find next file (See above) |
| 2018-12-25T12:28:28.572970893Z | 42 | PC: 12f25 | Get date 0x12f25: cmp dh, 4 0x12f28: jne 0x12f32 0x12f2a: cmp dl, 1 0x12f2d: jne 0x12f32 0x12f2f: call 0x13109 0x12f32: cmp al, 5 0x12f34: jne 0x12f3e 0x12f36: cmp dl, 0xd 0x12f39: jne 0x12f3e 0x12f3b: call 0x13126 0x12f3e: mov ah, 0x2c 0x12f40: int 0x21 0x12f42: cmp ch, 1 0x12f45: jne 0x12f4f 0x12f47: cmp cl, 0x1e 0x12f4a: ja 0x12f4f 0x12f4c: call 0x13116 0x12f4f: mov ah, 0x41 0x12f51: lea dx, word ptr [bp + 0x296] 0x12f55: int 0x21 |
| 2018-12-25T12:28:28.575312089Z | 44 | PC: 12f42 | Get time 0x12f42: cmp ch, 1 0x12f45: jne 0x12f4f 0x12f47: cmp cl, 0x1e 0x12f4a: ja 0x12f4f 0x12f4c: call 0x13116 0x12f4f: mov ah, 0x41 0x12f51: lea dx, word ptr [bp + 0x296] 0x12f55: int 0x21 0x12f57: mov ah, 0x41 0x12f59: lea dx, word ptr [bp + 0x2a1] 0x12f5d: int 0x21 0x12f5f: push ds 0x12f60: mov ax, 0x2524 0x12f63: mov ds, word ptr [bp + 0x360] 0x12f67: mov dx, word ptr [bp + 0x35e] 0x12f6b: int 0x21 0x12f6d: pop ds 0x12f6e: mov di, 0x80 0x12f71: lea si, word ptr [bp + 0x61c] 0x12f75: mov cx, 0x80 |
| 2018-12-25T12:28:28.578751139Z | 64 | PC: 13124 | Write file or device (Write 8 bytes on handle 4) |
| 2018-12-25T12:28:28.584801156Z | 65 | PC: 12f57 | Delete file (Filename = 'CHKLIST.MS') |
| 2018-12-25T12:28:28.588394271Z | 65 | PC: 12f5f | Delete file (Filename = 'CHKLIST.CPS') |
| 2018-12-25T12:28:28.592851366Z | 37 | PC: 12f6d | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":1,"Min":31,"Second":0,"TimeBased":true,"OriginalID":10570,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:28:27.253206676Z | 53 | PC: 12efc | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:28:27.256216917Z | 37 | PC: 12f06 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:28:27.257508605Z | 78 | PC: 12f10 | Find first file |
| 2018-12-25T12:28:27.279732749Z | 67 | PC: 12f8c | Get or set file attributes |
| 2018-12-25T12:28:27.28715183Z | 67 | PC: 12f97 | Get or set file attributes |
| 2018-12-25T12:28:27.304598056Z | 61 | PC: 12fb5 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:28:27.317371821Z | 66 | PC: 13036 | Move file pointer |
| 2018-12-25T12:28:27.3206241Z | 63 | PC: 12fc6 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:28:27.328993627Z | 87 | PC: 12fcb | Get or set file date and time |
| 2018-12-25T12:28:27.330542795Z | 66 | PC: 13036 | Move file pointer (See above) |
| 2018-12-25T12:28:27.332178807Z | 64 | PC: 12ff0 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:28:27.337190553Z | 66 | PC: 13036 | Move file pointer (See above) |
| 2018-12-25T12:28:27.339167915Z | 44 | PC: 13076 | Get time 0x13076: and dl, 7 0x13079: xor byte ptr [bp + 0x103], dl 0x1307d: xor byte ptr [bp + 0x105], dl 0x13081: shl dl, 3 0x13084: xor byte ptr [bp + 0x109], dl 0x13088: mov ah, 0x2c 0x1308a: int 0x21 0x1308c: and dl, 1 0x1308f: xor byte ptr [bp + 0x11c], dl 0x13093: xor byte ptr [bp + 0x120], dl 0x13097: xor byte ptr [bp + 0x121], dl 0x1309b: shl dl, 3 0x1309e: xor byte ptr [bp + 0x10b], dl 0x130a2: xor byte ptr [bp + 0x316], dl 0x130a6: mov ah, 0x2c 0x130a8: int 0x21 0x130aa: mov byte ptr [bp + 0x125], dl 0x130ae: lea si, word ptr [bp + 0x100] 0x130b2: lea di, word ptr [bp + 0x38e] 0x130b6: mov cx, 0x28e |
| 2018-12-25T12:28:27.341711534Z | 44 | PC: 1308c | Get time 0x1308c: and dl, 1 0x1308f: xor byte ptr [bp + 0x11c], dl 0x13093: xor byte ptr [bp + 0x120], dl 0x13097: xor byte ptr [bp + 0x121], dl 0x1309b: shl dl, 3 0x1309e: xor byte ptr [bp + 0x10b], dl 0x130a2: xor byte ptr [bp + 0x316], dl 0x130a6: mov ah, 0x2c 0x130a8: int 0x21 0x130aa: mov byte ptr [bp + 0x125], dl 0x130ae: lea si, word ptr [bp + 0x100] 0x130b2: lea di, word ptr [bp + 0x38e] 0x130b6: mov cx, 0x28e 0x130b9: rep movsb byte ptr es:[di], byte ptr [si] 0x130bb: lea si, word ptr [bp + 0x3b4] 0x130bf: call 0x22eba 0x130c2: ret 0x130c3: jmp 0x1192c 0x130c6: cmp cl, ch 0x130c8: xchg ax, sp |
| 2018-12-25T12:28:27.344700282Z | 44 | PC: 130aa | Get time 0x130aa: mov byte ptr [bp + 0x125], dl 0x130ae: lea si, word ptr [bp + 0x100] 0x130b2: lea di, word ptr [bp + 0x38e] 0x130b6: mov cx, 0x28e 0x130b9: rep movsb byte ptr es:[di], byte ptr [si] 0x130bb: lea di, word ptr [bp + 0x3b4] 0x130bf: call 0x22eba 0x130c2: ret 0x130c3: jmp 0x1192c 0x130c6: cmp cl, ch 0x130c8: xchg ax, sp 0x130c9: add word ptr [bp + si], bp 0x130cb: inc bx 0x130cd: dec di 0x130ce: dec bp 0x130cf: add byte ptr [bp + si + 0x45], dl 0x130d2: inc sp 0x130d3: push dx 0x130d4: push bp 0x130d5: dec bp |
| 2018-12-25T12:28:27.348013946Z | 64 | PC: 13007 | Write file or device (Write 654 bytes on handle 5) |
| 2018-12-25T12:28:27.35834656Z | 87 | PC: 13021 | Get or set file date and time |
| 2018-12-25T12:28:27.361674754Z | 87 | PC: 1302c | Get or set file date and time |
| 2018-12-25T12:28:27.363728459Z | 62 | PC: 1300e | Close file |
| 2018-12-25T12:28:27.372137425Z | 67 | PC: 1301a | Get or set file attributes |
| 2018-12-25T12:28:27.383887232Z | 79 | PC: 12f19 | Find next file |
| 2018-12-25T12:28:27.387128316Z | 67 | PC: 12f8c | Get or set file attributes (See above) |
| 2018-12-25T12:28:27.39374579Z | 67 | PC: 12f97 | Get or set file attributes (See above) |
| 2018-12-25T12:28:27.404857609Z | 67 | PC: 1301a | Get or set file attributes (See above) |
| 2018-12-25T12:28:27.418897353Z | 79 | PC: 12f19 | Find next file (See above) |
| 2018-12-25T12:28:27.422718826Z | 67 | PC: 12f8c | Get or set file attributes (See above) |
| 2018-12-25T12:28:27.429201518Z | 67 | PC: 12f97 | Get or set file attributes (See above) |
| 2018-12-25T12:28:27.440340929Z | 67 | PC: 1301a | Get or set file attributes (See above) |
| 2018-12-25T12:28:27.451396339Z | 79 | PC: 12f19 | Find next file (See above) |
| 2018-12-25T12:28:27.454893332Z | 67 | PC: 12f8c | Get or set file attributes (See above) |
| 2018-12-25T12:28:27.461744319Z | 67 | PC: 12f97 | Get or set file attributes (See above) |
| 2018-12-25T12:28:27.472792172Z | 67 | PC: 1301a | Get or set file attributes (See above) |
| 2018-12-25T12:28:27.484712305Z | 79 | PC: 12f19 | Find next file (See above) |
| 2018-12-25T12:28:27.488841439Z | 67 | PC: 12f8c | Get or set file attributes (See above) |
| 2018-12-25T12:28:27.495683776Z | 67 | PC: 12f97 | Get or set file attributes (See above) |
| 2018-12-25T12:28:27.506795642Z | 67 | PC: 1301a | Get or set file attributes (See above) |
| 2018-12-25T12:28:27.518582438Z | 79 | PC: 12f19 | Find next file (See above) |
| 2018-12-25T12:28:27.521471012Z | 67 | PC: 12f8c | Get or set file attributes (See above) |
| 2018-12-25T12:28:27.527738808Z | 67 | PC: 12f97 | Get or set file attributes (See above) |
| 2018-12-25T12:28:27.54359102Z | 61 | PC: 12fb5 | Open file (See above) |
| 2018-12-25T12:28:27.552341864Z | 66 | PC: 13036 | Move file pointer (See above) |
| 2018-12-25T12:28:27.553780725Z | 63 | PC: 12fc6 | Read file or device (See above) |
| 2018-12-25T12:28:27.562067275Z | 87 | PC: 12fcb | Get or set file date and time (See above) |
| 2018-12-25T12:28:27.5646804Z | 66 | PC: 13036 | Move file pointer (See above) |
| 2018-12-25T12:28:27.566508643Z | 64 | PC: 12ff0 | Write file or device (See above) |
| 2018-12-25T12:28:27.569490006Z | 66 | PC: 13036 | Move file pointer (See above) |
| 2018-12-25T12:28:27.571838808Z | 44 | PC: 13076 | Get time (See above) |
| 2018-12-25T12:28:27.574693821Z | 44 | PC: 1308c | Get time (See above) |
| 2018-12-25T12:28:27.57742477Z | 44 | PC: 130aa | Get time (See above) |
| 2018-12-25T12:28:27.581428239Z | 64 | PC: 13007 | Write file or device (See above) |
| 2018-12-25T12:28:27.591370086Z | 87 | PC: 13021 | Get or set file date and time (See above) |
| 2018-12-25T12:28:27.593424604Z | 87 | PC: 1302c | Get or set file date and time (See above) |
| 2018-12-25T12:28:27.596222592Z | 62 | PC: 1300e | Close file (See above) |
| 2018-12-25T12:28:27.60510139Z | 67 | PC: 1301a | Get or set file attributes (See above) |
| 2018-12-25T12:28:27.616817625Z | 79 | PC: 12f19 | Find next file (See above) |
| 2018-12-25T12:28:27.621904859Z | 67 | PC: 12f8c | Get or set file attributes (See above) |
| 2018-12-25T12:28:27.629678916Z | 67 | PC: 12f97 | Get or set file attributes (See above) |
| 2018-12-25T12:28:27.641272093Z | 67 | PC: 1301a | Get or set file attributes (See above) |
| 2018-12-25T12:28:27.653248348Z | 79 | PC: 12f19 | Find next file (See above) |
| 2018-12-25T12:28:27.656156362Z | 42 | PC: 12f25 | Get date 0x12f25: cmp dh, 4 0x12f28: jne 0x12f32 0x12f2a: cmp dl, 1 0x12f2d: jne 0x12f32 0x12f2f: call 0x13109 0x12f32: cmp al, 5 0x12f34: jne 0x12f3e 0x12f36: cmp dl, 0xd 0x12f39: jne 0x12f3e 0x12f3b: call 0x13126 0x12f3e: mov ah, 0x2c 0x12f40: int 0x21 0x12f42: cmp ch, 1 0x12f45: jne 0x12f4f 0x12f47: cmp cl, 0x1e 0x12f4a: ja 0x12f4f 0x12f4c: call 0x13116 0x12f4f: mov ah, 0x41 0x12f51: lea dx, word ptr [bp + 0x296] 0x12f55: int 0x21 |
| 2018-12-25T12:28:27.658615809Z | 44 | PC: 12f42 | Get time 0x12f42: cmp ch, 1 0x12f45: jne 0x12f4f 0x12f47: cmp cl, 0x1e 0x12f4a: ja 0x12f4f 0x12f4c: call 0x13116 0x12f4f: mov ah, 0x41 0x12f51: lea dx, word ptr [bp + 0x296] 0x12f55: int 0x21 0x12f57: mov ah, 0x41 0x12f59: lea dx, word ptr [bp + 0x2a1] 0x12f5d: int 0x21 0x12f5f: push ds 0x12f60: mov ax, 0x2524 0x12f63: mov ds, word ptr [bp + 0x360] 0x12f67: mov dx, word ptr [bp + 0x35e] 0x12f6b: int 0x21 0x12f6d: pop ds 0x12f6e: mov di, 0x80 0x12f71: lea si, word ptr [bp + 0x61c] 0x12f75: mov cx, 0x80 |
| 2018-12-25T12:28:27.662056743Z | 65 | PC: 12f57 | Delete file (Filename = 'CHKLIST.MS') |
| 2018-12-25T12:28:27.668598419Z | 65 | PC: 12f5f | Delete file (Filename = 'CHKLIST.CPS') |
| 2018-12-25T12:28:27.681238008Z | 37 | PC: 12f6d | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":1,"Min":31,"Second":0,"TimeBased":true,"OriginalID":10570,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:28:27.273743256Z | 53 | PC: 12efc | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:28:27.275331692Z | 37 | PC: 12f06 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:28:27.276452202Z | 78 | PC: 12f10 | Find first file |
| 2018-12-25T12:28:27.282293732Z | 67 | PC: 12f8c | Get or set file attributes |
| 2018-12-25T12:28:27.288375622Z | 67 | PC: 12f97 | Get or set file attributes |
| 2018-12-25T12:28:28.247572707Z | 61 | PC: 12fb5 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:28:28.259710422Z | 66 | PC: 13036 | Move file pointer |
| 2018-12-25T12:28:28.261933106Z | 63 | PC: 12fc6 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:28:28.268876244Z | 87 | PC: 12fcb | Get or set file date and time |
| 2018-12-25T12:28:28.270692615Z | 66 | PC: 13036 | Move file pointer (See above) |
| 2018-12-25T12:28:28.276776944Z | 64 | PC: 12ff0 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:28:28.280471541Z | 66 | PC: 13036 | Move file pointer (See above) |
| 2018-12-25T12:28:28.281963914Z | 44 | PC: 13076 | Get time 0x13076: and dl, 7 0x13079: xor byte ptr [bp + 0x103], dl 0x1307d: xor byte ptr [bp + 0x105], dl 0x13081: shl dl, 3 0x13084: xor byte ptr [bp + 0x109], dl 0x13088: mov ah, 0x2c 0x1308a: int 0x21 0x1308c: and dl, 1 0x1308f: xor byte ptr [bp + 0x11c], dl 0x13093: xor byte ptr [bp + 0x120], dl 0x13097: xor byte ptr [bp + 0x121], dl 0x1309b: shl dl, 3 0x1309e: xor byte ptr [bp + 0x10b], dl 0x130a2: xor byte ptr [bp + 0x316], dl 0x130a6: mov ah, 0x2c 0x130a8: int 0x21 0x130aa: mov byte ptr [bp + 0x125], dl 0x130ae: lea si, word ptr [bp + 0x100] 0x130b2: lea di, word ptr [bp + 0x38e] 0x130b6: mov cx, 0x28e |
| 2018-12-25T12:28:28.284069682Z | 44 | PC: 1308c | Get time 0x1308c: and dl, 1 0x1308f: xor byte ptr [bp + 0x11c], dl 0x13093: xor byte ptr [bp + 0x120], dl 0x13097: xor byte ptr [bp + 0x121], dl 0x1309b: shl dl, 3 0x1309e: xor byte ptr [bp + 0x10b], dl 0x130a2: xor byte ptr [bp + 0x316], dl 0x130a6: mov ah, 0x2c 0x130a8: int 0x21 0x130aa: mov byte ptr [bp + 0x125], dl 0x130ae: lea si, word ptr [bp + 0x100] 0x130b2: lea di, word ptr [bp + 0x38e] 0x130b6: mov cx, 0x28e 0x130b9: rep movsb byte ptr es:[di], byte ptr [si] 0x130bb: lea si, word ptr [bp + 0x3b4] 0x130bf: call 0x22eba 0x130c2: ret 0x130c3: jmp 0x1192c 0x130c6: cmp cl, ch 0x130c8: xchg ax, sp |
| 2018-12-25T12:28:28.297670825Z | 44 | PC: 130aa | Get time 0x130aa: mov byte ptr [bp + 0x125], dl 0x130ae: lea si, word ptr [bp + 0x100] 0x130b2: lea di, word ptr [bp + 0x38e] 0x130b6: mov cx, 0x28e 0x130b9: rep movsb byte ptr es:[di], byte ptr [si] 0x130bb: lea di, word ptr [bp + 0x3b4] 0x130bf: call 0x22eba 0x130c2: ret 0x130c3: jmp 0x1192c 0x130c6: cmp cl, ch 0x130c8: xchg ax, sp 0x130c9: add word ptr [bp + si], bp 0x130cb: inc bx 0x130cd: dec di 0x130ce: dec bp 0x130cf: add byte ptr [bp + si + 0x45], dl 0x130d2: inc sp 0x130d3: push dx 0x130d4: push bp 0x130d5: dec bp |
| 2018-12-25T12:28:28.300768712Z | 64 | PC: 13007 | Write file or device (Write 654 bytes on handle 5) |
| 2018-12-25T12:28:28.31708292Z | 87 | PC: 13021 | Get or set file date and time |
| 2018-12-25T12:28:28.321260359Z | 87 | PC: 1302c | Get or set file date and time |
| 2018-12-25T12:28:28.323066334Z | 62 | PC: 1300e | Close file |
| 2018-12-25T12:28:28.338663978Z | 67 | PC: 1301a | Get or set file attributes |
| 2018-12-25T12:28:28.349180373Z | 79 | PC: 12f19 | Find next file |
| 2018-12-25T12:28:28.352106312Z | 67 | PC: 12f8c | Get or set file attributes (See above) |
| 2018-12-25T12:28:28.359050423Z | 67 | PC: 12f97 | Get or set file attributes (See above) |
| 2018-12-25T12:28:28.369571087Z | 67 | PC: 1301a | Get or set file attributes (See above) |
| 2018-12-25T12:28:28.379582317Z | 79 | PC: 12f19 | Find next file (See above) |
| 2018-12-25T12:28:28.382216479Z | 67 | PC: 12f8c | Get or set file attributes (See above) |
| 2018-12-25T12:28:28.393754192Z | 67 | PC: 12f97 | Get or set file attributes (See above) |
| 2018-12-25T12:28:28.403919967Z | 67 | PC: 1301a | Get or set file attributes (See above) |
| 2018-12-25T12:28:28.414465408Z | 79 | PC: 12f19 | Find next file (See above) |
| 2018-12-25T12:28:28.418204583Z | 67 | PC: 12f8c | Get or set file attributes (See above) |
| 2018-12-25T12:28:28.42417864Z | 67 | PC: 12f97 | Get or set file attributes (See above) |
| 2018-12-25T12:28:28.434592264Z | 67 | PC: 1301a | Get or set file attributes (See above) |
| 2018-12-25T12:28:28.454196154Z | 79 | PC: 12f19 | Find next file (See above) |
| 2018-12-25T12:28:28.457631903Z | 67 | PC: 12f8c | Get or set file attributes (See above) |
| 2018-12-25T12:28:28.463556623Z | 67 | PC: 12f97 | Get or set file attributes (See above) |
| 2018-12-25T12:28:28.473993247Z | 67 | PC: 1301a | Get or set file attributes (See above) |
| 2018-12-25T12:28:28.483943074Z | 79 | PC: 12f19 | Find next file (See above) |
| 2018-12-25T12:28:28.486472518Z | 67 | PC: 12f8c | Get or set file attributes (See above) |
| 2018-12-25T12:28:28.491932827Z | 67 | PC: 12f97 | Get or set file attributes (See above) |
| 2018-12-25T12:28:28.504393474Z | 61 | PC: 12fb5 | Open file (See above) |
| 2018-12-25T12:28:28.515758065Z | 66 | PC: 13036 | Move file pointer (See above) |
| 2018-12-25T12:28:28.517077929Z | 63 | PC: 12fc6 | Read file or device (See above) |
| 2018-12-25T12:28:28.524206535Z | 87 | PC: 12fcb | Get or set file date and time (See above) |
| 2018-12-25T12:28:28.525639316Z | 66 | PC: 13036 | Move file pointer (See above) |
| 2018-12-25T12:28:28.527236876Z | 64 | PC: 12ff0 | Write file or device (See above) |
| 2018-12-25T12:28:28.530662072Z | 66 | PC: 13036 | Move file pointer (See above) |
| 2018-12-25T12:28:28.53210142Z | 44 | PC: 13076 | Get time (See above) |
| 2018-12-25T12:28:28.534176979Z | 44 | PC: 1308c | Get time (See above) |
| 2018-12-25T12:28:28.536955534Z | 44 | PC: 130aa | Get time (See above) |
| 2018-12-25T12:28:28.539437616Z | 64 | PC: 13007 | Write file or device (See above) |
| 2018-12-25T12:28:28.5475558Z | 87 | PC: 13021 | Get or set file date and time (See above) |
| 2018-12-25T12:28:28.548917931Z | 87 | PC: 1302c | Get or set file date and time (See above) |
| 2018-12-25T12:28:28.551055163Z | 62 | PC: 1300e | Close file (See above) |
| 2018-12-25T12:28:28.558134567Z | 67 | PC: 1301a | Get or set file attributes (See above) |
| 2018-12-25T12:28:28.567362913Z | 79 | PC: 12f19 | Find next file (See above) |
| 2018-12-25T12:28:28.569951536Z | 67 | PC: 12f8c | Get or set file attributes (See above) |
| 2018-12-25T12:28:28.575492632Z | 67 | PC: 12f97 | Get or set file attributes (See above) |
| 2018-12-25T12:28:28.585308817Z | 67 | PC: 1301a | Get or set file attributes (See above) |
| 2018-12-25T12:28:28.596083211Z | 79 | PC: 12f19 | Find next file (See above) |
| 2018-12-25T12:28:28.598706808Z | 42 | PC: 12f25 | Get date 0x12f25: cmp dh, 4 0x12f28: jne 0x12f32 0x12f2a: cmp dl, 1 0x12f2d: jne 0x12f32 0x12f2f: call 0x13109 0x12f32: cmp al, 5 0x12f34: jne 0x12f3e 0x12f36: cmp dl, 0xd 0x12f39: jne 0x12f3e 0x12f3b: call 0x13126 0x12f3e: mov ah, 0x2c 0x12f40: int 0x21 0x12f42: cmp ch, 1 0x12f45: jne 0x12f4f 0x12f47: cmp cl, 0x1e 0x12f4a: ja 0x12f4f 0x12f4c: call 0x13116 0x12f4f: mov ah, 0x41 0x12f51: lea dx, word ptr [bp + 0x296] 0x12f55: int 0x21 |
| 2018-12-25T12:28:28.601041638Z | 44 | PC: 12f42 | Get time 0x12f42: cmp ch, 1 0x12f45: jne 0x12f4f 0x12f47: cmp cl, 0x1e 0x12f4a: ja 0x12f4f 0x12f4c: call 0x13116 0x12f4f: mov ah, 0x41 0x12f51: lea dx, word ptr [bp + 0x296] 0x12f55: int 0x21 0x12f57: mov ah, 0x41 0x12f59: lea dx, word ptr [bp + 0x2a1] 0x12f5d: int 0x21 0x12f5f: push ds 0x12f60: mov ax, 0x2524 0x12f63: mov ds, word ptr [bp + 0x360] 0x12f67: mov dx, word ptr [bp + 0x35e] 0x12f6b: int 0x21 0x12f6d: pop ds 0x12f6e: mov di, 0x80 0x12f71: lea si, word ptr [bp + 0x61c] 0x12f75: mov cx, 0x80 |
| 2018-12-25T12:28:28.604177215Z | 65 | PC: 12f57 | Delete file (Filename = 'CHKLIST.MS') |
| 2018-12-25T12:28:28.610008263Z | 65 | PC: 12f5f | Delete file (Filename = 'CHKLIST.CPS') |
| 2018-12-25T12:28:28.615663189Z | 37 | PC: 12f6d | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":1,"Min":31,"Second":0,"TimeBased":true,"OriginalID":10570,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:28:27.627494879Z | 53 | PC: 12efc | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:28:27.629088773Z | 37 | PC: 12f06 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:28:27.630007046Z | 78 | PC: 12f10 | Find first file |
| 2018-12-25T12:28:27.633678735Z | 67 | PC: 12f8c | Get or set file attributes |
| 2018-12-25T12:28:27.639800377Z | 67 | PC: 12f97 | Get or set file attributes |
| 2018-12-25T12:28:28.246910923Z | 61 | PC: 12fb5 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:28:28.254124544Z | 66 | PC: 13036 | Move file pointer |
| 2018-12-25T12:28:28.256539068Z | 63 | PC: 12fc6 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:28:28.265661695Z | 87 | PC: 12fcb | Get or set file date and time |
| 2018-12-25T12:28:28.267352713Z | 66 | PC: 13036 | Move file pointer (See above) |
| 2018-12-25T12:28:28.26997195Z | 64 | PC: 12ff0 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:28:28.276851801Z | 66 | PC: 13036 | Move file pointer (See above) |
| 2018-12-25T12:28:28.280198419Z | 44 | PC: 13076 | Get time 0x13076: and dl, 7 0x13079: xor byte ptr [bp + 0x103], dl 0x1307d: xor byte ptr [bp + 0x105], dl 0x13081: shl dl, 3 0x13084: xor byte ptr [bp + 0x109], dl 0x13088: mov ah, 0x2c 0x1308a: int 0x21 0x1308c: and dl, 1 0x1308f: xor byte ptr [bp + 0x11c], dl 0x13093: xor byte ptr [bp + 0x120], dl 0x13097: xor byte ptr [bp + 0x121], dl 0x1309b: shl dl, 3 0x1309e: xor byte ptr [bp + 0x10b], dl 0x130a2: xor byte ptr [bp + 0x316], dl 0x130a6: mov ah, 0x2c 0x130a8: int 0x21 0x130aa: mov byte ptr [bp + 0x125], dl 0x130ae: lea si, word ptr [bp + 0x100] 0x130b2: lea di, word ptr [bp + 0x38e] 0x130b6: mov cx, 0x28e |
| 2018-12-25T12:28:28.282813487Z | 44 | PC: 1308c | Get time 0x1308c: and dl, 1 0x1308f: xor byte ptr [bp + 0x11c], dl 0x13093: xor byte ptr [bp + 0x120], dl 0x13097: xor byte ptr [bp + 0x121], dl 0x1309b: shl dl, 3 0x1309e: xor byte ptr [bp + 0x10b], dl 0x130a2: xor byte ptr [bp + 0x316], dl 0x130a6: mov ah, 0x2c 0x130a8: int 0x21 0x130aa: mov byte ptr [bp + 0x125], dl 0x130ae: lea si, word ptr [bp + 0x100] 0x130b2: lea di, word ptr [bp + 0x38e] 0x130b6: mov cx, 0x28e 0x130b9: rep movsb byte ptr es:[di], byte ptr [si] 0x130bb: lea si, word ptr [bp + 0x3b4] 0x130bf: call 0x22eba 0x130c2: ret 0x130c3: jmp 0x1192c 0x130c6: cmp cl, ch 0x130c8: xchg ax, sp |
| 2018-12-25T12:28:28.285996493Z | 44 | PC: 130aa | Get time 0x130aa: mov byte ptr [bp + 0x125], dl 0x130ae: lea si, word ptr [bp + 0x100] 0x130b2: lea di, word ptr [bp + 0x38e] 0x130b6: mov cx, 0x28e 0x130b9: rep movsb byte ptr es:[di], byte ptr [si] 0x130bb: lea di, word ptr [bp + 0x3b4] 0x130bf: call 0x22eba 0x130c2: ret 0x130c3: jmp 0x1192c 0x130c6: cmp cl, ch 0x130c8: xchg ax, sp 0x130c9: add word ptr [bp + si], bp 0x130cb: inc bx 0x130cd: dec di 0x130ce: dec bp 0x130cf: add byte ptr [bp + si + 0x45], dl 0x130d2: inc sp 0x130d3: push dx 0x130d4: push bp 0x130d5: dec bp |
| 2018-12-25T12:28:28.289225428Z | 64 | PC: 13007 | Write file or device (Write 654 bytes on handle 5) |
| 2018-12-25T12:28:28.297694212Z | 87 | PC: 13021 | Get or set file date and time |
| 2018-12-25T12:28:28.309536974Z | 87 | PC: 1302c | Get or set file date and time |
| 2018-12-25T12:28:28.311461895Z | 62 | PC: 1300e | Close file |
| 2018-12-25T12:28:28.320095072Z | 67 | PC: 1301a | Get or set file attributes |
| 2018-12-25T12:28:28.331309506Z | 79 | PC: 12f19 | Find next file |
| 2018-12-25T12:28:28.334348929Z | 67 | PC: 12f8c | Get or set file attributes (See above) |
| 2018-12-25T12:28:28.340426027Z | 67 | PC: 12f97 | Get or set file attributes (See above) |
| 2018-12-25T12:28:28.35134023Z | 67 | PC: 1301a | Get or set file attributes (See above) |
| 2018-12-25T12:28:28.362911577Z | 79 | PC: 12f19 | Find next file (See above) |
| 2018-12-25T12:28:28.365806487Z | 67 | PC: 12f8c | Get or set file attributes (See above) |
| 2018-12-25T12:28:28.373137691Z | 67 | PC: 12f97 | Get or set file attributes (See above) |
| 2018-12-25T12:28:28.3961506Z | 67 | PC: 1301a | Get or set file attributes (See above) |
| 2018-12-25T12:28:28.4058108Z | 79 | PC: 12f19 | Find next file (See above) |
| 2018-12-25T12:28:28.408821175Z | 67 | PC: 12f8c | Get or set file attributes (See above) |
| 2018-12-25T12:28:28.415330112Z | 67 | PC: 12f97 | Get or set file attributes (See above) |
| 2018-12-25T12:28:28.425127985Z | 67 | PC: 1301a | Get or set file attributes (See above) |
| 2018-12-25T12:28:28.435456296Z | 79 | PC: 12f19 | Find next file (See above) |
| 2018-12-25T12:28:28.438279392Z | 67 | PC: 12f8c | Get or set file attributes (See above) |
| 2018-12-25T12:28:28.44713334Z | 67 | PC: 12f97 | Get or set file attributes (See above) |
| 2018-12-25T12:28:28.457527068Z | 67 | PC: 1301a | Get or set file attributes (See above) |
| 2018-12-25T12:28:28.468277621Z | 79 | PC: 12f19 | Find next file (See above) |
| 2018-12-25T12:28:28.471197364Z | 67 | PC: 12f8c | Get or set file attributes (See above) |
| 2018-12-25T12:28:28.477646959Z | 67 | PC: 12f97 | Get or set file attributes (See above) |
| 2018-12-25T12:28:28.488300662Z | 61 | PC: 12fb5 | Open file (See above) |
| 2018-12-25T12:28:28.494980479Z | 66 | PC: 13036 | Move file pointer (See above) |
| 2018-12-25T12:28:28.496642724Z | 63 | PC: 12fc6 | Read file or device (See above) |
| 2018-12-25T12:28:28.503992635Z | 87 | PC: 12fcb | Get or set file date and time (See above) |
| 2018-12-25T12:28:28.505688265Z | 66 | PC: 13036 | Move file pointer (See above) |
| 2018-12-25T12:28:28.507291736Z | 64 | PC: 12ff0 | Write file or device (See above) |
| 2018-12-25T12:28:28.511233543Z | 66 | PC: 13036 | Move file pointer (See above) |
| 2018-12-25T12:28:28.512637264Z | 44 | PC: 13076 | Get time (See above) |
| 2018-12-25T12:28:28.514821683Z | 44 | PC: 1308c | Get time (See above) |
| 2018-12-25T12:28:28.519521659Z | 44 | PC: 130aa | Get time (See above) |
| 2018-12-25T12:28:28.522254368Z | 64 | PC: 13007 | Write file or device (See above) |
| 2018-12-25T12:28:28.530837218Z | 87 | PC: 13021 | Get or set file date and time (See above) |
| 2018-12-25T12:28:28.533334137Z | 87 | PC: 1302c | Get or set file date and time (See above) |
| 2018-12-25T12:28:28.535523191Z | 62 | PC: 1300e | Close file (See above) |
| 2018-12-25T12:28:28.54383221Z | 67 | PC: 1301a | Get or set file attributes (See above) |
| 2018-12-25T12:28:28.553936262Z | 79 | PC: 12f19 | Find next file (See above) |
| 2018-12-25T12:28:28.556367305Z | 67 | PC: 12f8c | Get or set file attributes (See above) |
| 2018-12-25T12:28:28.561869755Z | 67 | PC: 12f97 | Get or set file attributes (See above) |
| 2018-12-25T12:28:28.571633228Z | 67 | PC: 1301a | Get or set file attributes (See above) |
| 2018-12-25T12:28:28.581311615Z | 79 | PC: 12f19 | Find next file (See above) |
| 2018-12-25T12:28:28.583992069Z | 42 | PC: 12f25 | Get date 0x12f25: cmp dh, 4 0x12f28: jne 0x12f32 0x12f2a: cmp dl, 1 0x12f2d: jne 0x12f32 0x12f2f: call 0x13109 0x12f32: cmp al, 5 0x12f34: jne 0x12f3e 0x12f36: cmp dl, 0xd 0x12f39: jne 0x12f3e 0x12f3b: call 0x13126 0x12f3e: mov ah, 0x2c 0x12f40: int 0x21 0x12f42: cmp ch, 1 0x12f45: jne 0x12f4f 0x12f47: cmp cl, 0x1e 0x12f4a: ja 0x12f4f 0x12f4c: call 0x13116 0x12f4f: mov ah, 0x41 0x12f51: lea dx, word ptr [bp + 0x296] 0x12f55: int 0x21 |
| 2018-12-25T12:28:28.587182209Z | 44 | PC: 12f42 | Get time 0x12f42: cmp ch, 1 0x12f45: jne 0x12f4f 0x12f47: cmp cl, 0x1e 0x12f4a: ja 0x12f4f 0x12f4c: call 0x13116 0x12f4f: mov ah, 0x41 0x12f51: lea dx, word ptr [bp + 0x296] 0x12f55: int 0x21 0x12f57: mov ah, 0x41 0x12f59: lea dx, word ptr [bp + 0x2a1] 0x12f5d: int 0x21 0x12f5f: push ds 0x12f60: mov ax, 0x2524 0x12f63: mov ds, word ptr [bp + 0x360] 0x12f67: mov dx, word ptr [bp + 0x35e] 0x12f6b: int 0x21 0x12f6d: pop ds 0x12f6e: mov di, 0x80 0x12f71: lea si, word ptr [bp + 0x61c] 0x12f75: mov cx, 0x80 |
| 2018-12-25T12:28:28.589788189Z | 65 | PC: 12f57 | Delete file (Filename = 'CHKLIST.MS') |
| 2018-12-25T12:28:28.595642709Z | 65 | PC: 12f5f | Delete file (Filename = 'CHKLIST.CPS') |
| 2018-12-25T12:28:28.607199442Z | 37 | PC: 12f6d | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |