{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":11420,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:30:32.136727981Z | 53 | PC: 12ab5 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:30:32.138094223Z | 37 | PC: 12ac7 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:30:32.139366079Z | 71 | PC: 12ad2 | Get current directory |
| 2018-12-25T12:30:32.142164781Z | 25 | PC: 12ad7 | Get default drive |
| 2018-12-25T12:30:32.143303531Z | 26 | PC: 12afe | Set disk transfer address |
| 2018-12-25T12:30:32.144806526Z | 42 | PC: 12b02 | Get date 0x12b02: cmp dx, 0x202 0x12b06: jne 0x12b0b 0x12b08: jmp 0x12cc4 0x12b0b: mov ah, 0x4e 0x12b0d: lea dx, word ptr [si + 0x3d4] 0x12b11: mov cx, 7 0x12b14: int 0x21 0x12b16: jae 0x12b5a 0x12b18: mov ah, 0x1a 0x12b1a: lea dx, word ptr [si + 0x4b4] 0x12b1e: int 0x21 0x12b20: mov ah, 0x3b 0x12b22: lea dx, word ptr [si + 0x3de] 0x12b26: int 0x21 0x12b28: jb 0x12b2c 0x12b2a: jmp 0x12af6 0x12b2c: cmp byte ptr [si + 0x3f9], 1 0x12b31: je 0x12b4a 0x12b33: mov al, 1 0x12b35: mov byte ptr [si + 0x3f9], al |
| 2018-12-25T12:30:32.158762292Z | 78 | PC: 12b16 | Find first file |
| 2018-12-25T12:30:32.164899759Z | 67 | PC: 12b6d | Get or set file attributes |
| 2018-12-25T12:30:32.181185728Z | 61 | PC: 12d12 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:30:32.18808843Z | 63 | PC: 12b94 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T12:30:32.194674678Z | 66 | PC: 12d08 | Move file pointer |
| 2018-12-25T12:30:32.197537074Z | 44 | PC: 12bfe | Get time 0x12bfe: cmp dx, 0 0x12c01: je 0x12bfa 0x12c03: mov word ptr [si + 0x117], dx 0x12c07: mov cl, 8 0x12c09: ror dx, cl 0x12c0b: mov word ptr [si + 0x3f7], dx 0x12c0f: cmp dl, 0x1e 0x12c12: jle 0x12c16 0x12c14: jmp 0x12c34 0x12c16: lea si, word ptr [bp + 0x141] 0x12c1a: lea di, word ptr [bp + 0x119] 0x12c1e: mov cx, 0x10 0x12c21: call 0x12cdb 0x12c24: lea si, word ptr [bp + 0x151] 0x12c28: lea di, word ptr [bp + 0x131] 0x12c2c: mov cx, 6 0x12c2f: call 0x12cdb 0x12c32: jmp 0x12c50 0x12c34: lea si, word ptr [bp + 0x157] 0x12c38: lea di, word ptr [bp + 0x119] |
| 2018-12-25T12:30:32.200287173Z | 64 | PC: 12a7d | Write file or device (Write 761 bytes on handle 5) |
| 2018-12-25T12:30:32.209050461Z | 66 | PC: 12cfe | Move file pointer |
| 2018-12-25T12:30:32.211786543Z | 64 | PC: 12c74 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:30:32.218284904Z | 87 | PC: 12c85 | Get or set file date and time |
| 2018-12-25T12:30:32.219921094Z | 62 | PC: 12c89 | Close file |
| 2018-12-25T12:30:32.233639553Z | 67 | PC: 12c98 | Get or set file attributes |
| 2018-12-25T12:30:32.243547898Z | 59 | PC: 12ca0 | Change current directory |
| 2018-12-25T12:30:32.247745129Z | 26 | PC: 12ca7 | Set disk transfer address |
| 2018-12-25T12:30:32.249453551Z | 37 | PC: 12cb2 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":11420,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:30:33.047880572Z | 53 | PC: 12ab5 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:30:33.050204926Z | 37 | PC: 12ac7 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:30:33.054324912Z | 71 | PC: 12ad2 | Get current directory |
| 2018-12-25T12:30:33.05886649Z | 25 | PC: 12ad7 | Get default drive |
| 2018-12-25T12:30:33.061219178Z | 26 | PC: 12afe | Set disk transfer address |
| 2018-12-25T12:30:33.062396594Z | 42 | PC: 12b02 | Get date 0x12b02: cmp dx, 0x202 0x12b06: jne 0x12b0b 0x12b08: jmp 0x12cc4 0x12b0b: mov ah, 0x4e 0x12b0d: lea dx, word ptr [si + 0x3d4] 0x12b11: mov cx, 7 0x12b14: int 0x21 0x12b16: jae 0x12b5a 0x12b18: mov ah, 0x1a 0x12b1a: lea dx, word ptr [si + 0x4b4] 0x12b1e: int 0x21 0x12b20: mov ah, 0x3b 0x12b22: lea dx, word ptr [si + 0x3de] 0x12b26: int 0x21 0x12b28: jb 0x12b2c 0x12b2a: jmp 0x12af6 0x12b2c: cmp byte ptr [si + 0x3f9], 1 0x12b31: je 0x12b4a 0x12b33: mov al, 1 0x12b35: mov byte ptr [si + 0x3f9], al |
| 2018-12-25T12:30:33.06408677Z | 78 | PC: 12b16 | Find first file |
| 2018-12-25T12:30:33.068014343Z | 67 | PC: 12b6d | Get or set file attributes |
| 2018-12-25T12:30:33.09055925Z | 61 | PC: 12d12 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:30:33.0971932Z | 63 | PC: 12b94 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T12:30:33.103661238Z | 66 | PC: 12d08 | Move file pointer |
| 2018-12-25T12:30:33.11322741Z | 44 | PC: 12bfe | Get time 0x12bfe: cmp dx, 0 0x12c01: je 0x12bfa 0x12c03: mov word ptr [si + 0x117], dx 0x12c07: mov cl, 8 0x12c09: ror dx, cl 0x12c0b: mov word ptr [si + 0x3f7], dx 0x12c0f: cmp dl, 0x1e 0x12c12: jle 0x12c16 0x12c14: jmp 0x12c34 0x12c16: lea si, word ptr [bp + 0x141] 0x12c1a: lea di, word ptr [bp + 0x119] 0x12c1e: mov cx, 0x10 0x12c21: call 0x12cdb 0x12c24: lea si, word ptr [bp + 0x151] 0x12c28: lea di, word ptr [bp + 0x131] 0x12c2c: mov cx, 6 0x12c2f: call 0x12cdb 0x12c32: jmp 0x12c50 0x12c34: lea si, word ptr [bp + 0x157] 0x12c38: lea di, word ptr [bp + 0x119] |
| 2018-12-25T12:30:33.116173974Z | 64 | PC: 12a7d | Write file or device (Write 761 bytes on handle 5) |
| 2018-12-25T12:30:33.12769847Z | 66 | PC: 12cfe | Move file pointer |
| 2018-12-25T12:30:33.129859205Z | 64 | PC: 12c74 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:30:33.13713721Z | 87 | PC: 12c85 | Get or set file date and time |
| 2018-12-25T12:30:33.14560344Z | 62 | PC: 12c89 | Close file |
| 2018-12-25T12:30:33.155476734Z | 67 | PC: 12c98 | Get or set file attributes |
| 2018-12-25T12:30:33.16652242Z | 59 | PC: 12ca0 | Change current directory |
| 2018-12-25T12:30:33.170600381Z | 26 | PC: 12ca7 | Set disk transfer address |
| 2018-12-25T12:30:33.17243129Z | 37 | PC: 12cb2 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":11420,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:30:33.094391872Z | 53 | PC: 12ab5 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:30:33.095620581Z | 37 | PC: 12ac7 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:30:33.096617566Z | 71 | PC: 12ad2 | Get current directory |
| 2018-12-25T12:30:33.100016229Z | 25 | PC: 12ad7 | Get default drive |
| 2018-12-25T12:30:33.101002888Z | 26 | PC: 12afe | Set disk transfer address |
| 2018-12-25T12:30:33.101926895Z | 42 | PC: 12b02 | Get date 0x12b02: cmp dx, 0x202 0x12b06: jne 0x12b0b 0x12b08: jmp 0x12cc4 0x12b0b: mov ah, 0x4e 0x12b0d: lea dx, word ptr [si + 0x3d4] 0x12b11: mov cx, 7 0x12b14: int 0x21 0x12b16: jae 0x12b5a 0x12b18: mov ah, 0x1a 0x12b1a: lea dx, word ptr [si + 0x4b4] 0x12b1e: int 0x21 0x12b20: mov ah, 0x3b 0x12b22: lea dx, word ptr [si + 0x3de] 0x12b26: int 0x21 0x12b28: jb 0x12b2c 0x12b2a: jmp 0x12af6 0x12b2c: cmp byte ptr [si + 0x3f9], 1 0x12b31: je 0x12b4a 0x12b33: mov al, 1 0x12b35: mov byte ptr [si + 0x3f9], al |
| 2018-12-25T12:30:33.105255948Z | 78 | PC: 12b16 | Find first file |
| 2018-12-25T12:30:33.111267152Z | 67 | PC: 12b6d | Get or set file attributes |
| 2018-12-25T12:30:33.128336214Z | 61 | PC: 12d12 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:30:33.140806424Z | 63 | PC: 12b94 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T12:30:33.150716366Z | 66 | PC: 12d08 | Move file pointer |
| 2018-12-25T12:30:33.152199637Z | 44 | PC: 12bfe | Get time 0x12bfe: cmp dx, 0 0x12c01: je 0x12bfa 0x12c03: mov word ptr [si + 0x117], dx 0x12c07: mov cl, 8 0x12c09: ror dx, cl 0x12c0b: mov word ptr [si + 0x3f7], dx 0x12c0f: cmp dl, 0x1e 0x12c12: jle 0x12c16 0x12c14: jmp 0x12c34 0x12c16: lea si, word ptr [bp + 0x141] 0x12c1a: lea di, word ptr [bp + 0x119] 0x12c1e: mov cx, 0x10 0x12c21: call 0x12cdb 0x12c24: lea si, word ptr [bp + 0x151] 0x12c28: lea di, word ptr [bp + 0x131] 0x12c2c: mov cx, 6 0x12c2f: call 0x12cdb 0x12c32: jmp 0x12c50 0x12c34: lea si, word ptr [bp + 0x157] 0x12c38: lea di, word ptr [bp + 0x119] |
| 2018-12-25T12:30:33.15522764Z | 64 | PC: 12a7d | Write file or device (Write 761 bytes on handle 5) |
| 2018-12-25T12:30:33.164221321Z | 66 | PC: 12cfe | Move file pointer |
| 2018-12-25T12:30:33.165821998Z | 64 | PC: 12c74 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:30:33.173335575Z | 87 | PC: 12c85 | Get or set file date and time |
| 2018-12-25T12:30:33.175389321Z | 62 | PC: 12c89 | Close file |
| 2018-12-25T12:30:33.186208432Z | 67 | PC: 12c98 | Get or set file attributes |
| 2018-12-25T12:30:33.196166522Z | 59 | PC: 12ca0 | Change current directory |
| 2018-12-25T12:30:33.209170043Z | 26 | PC: 12ca7 | Set disk transfer address |
| 2018-12-25T12:30:33.210645273Z | 37 | PC: 12cb2 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":11420,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:30:33.370396144Z | 53 | PC: 12ab5 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:30:33.372274847Z | 37 | PC: 12ac7 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:30:33.373524092Z | 71 | PC: 12ad2 | Get current directory |
| 2018-12-25T12:30:33.376401456Z | 25 | PC: 12ad7 | Get default drive |
| 2018-12-25T12:30:33.3782034Z | 26 | PC: 12afe | Set disk transfer address |
| 2018-12-25T12:30:33.379698335Z | 42 | PC: 12b02 | Get date 0x12b02: cmp dx, 0x202 0x12b06: jne 0x12b0b 0x12b08: jmp 0x12cc4 0x12b0b: mov ah, 0x4e 0x12b0d: lea dx, word ptr [si + 0x3d4] 0x12b11: mov cx, 7 0x12b14: int 0x21 0x12b16: jae 0x12b5a 0x12b18: mov ah, 0x1a 0x12b1a: lea dx, word ptr [si + 0x4b4] 0x12b1e: int 0x21 0x12b20: mov ah, 0x3b 0x12b22: lea dx, word ptr [si + 0x3de] 0x12b26: int 0x21 0x12b28: jb 0x12b2c 0x12b2a: jmp 0x12af6 0x12b2c: cmp byte ptr [si + 0x3f9], 1 0x12b31: je 0x12b4a 0x12b33: mov al, 1 0x12b35: mov byte ptr [si + 0x3f9], al |
| 2018-12-25T12:30:33.382185138Z | 78 | PC: 12b16 | Find first file |
| 2018-12-25T12:30:33.389371225Z | 67 | PC: 12b6d | Get or set file attributes |
| 2018-12-25T12:30:33.406115389Z | 61 | PC: 12d12 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:30:33.412644857Z | 63 | PC: 12b94 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T12:30:33.41893022Z | 66 | PC: 12d08 | Move file pointer |
| 2018-12-25T12:30:33.424779126Z | 44 | PC: 12bfe | Get time 0x12bfe: cmp dx, 0 0x12c01: je 0x12bfa 0x12c03: mov word ptr [si + 0x117], dx 0x12c07: mov cl, 8 0x12c09: ror dx, cl 0x12c0b: mov word ptr [si + 0x3f7], dx 0x12c0f: cmp dl, 0x1e 0x12c12: jle 0x12c16 0x12c14: jmp 0x12c34 0x12c16: lea si, word ptr [bp + 0x141] 0x12c1a: lea di, word ptr [bp + 0x119] 0x12c1e: mov cx, 0x10 0x12c21: call 0x12cdb 0x12c24: lea si, word ptr [bp + 0x151] 0x12c28: lea di, word ptr [bp + 0x131] 0x12c2c: mov cx, 6 0x12c2f: call 0x12cdb 0x12c32: jmp 0x12c50 0x12c34: lea si, word ptr [bp + 0x157] 0x12c38: lea di, word ptr [bp + 0x119] |
| 2018-12-25T12:30:33.427641739Z | 64 | PC: 12a7d | Write file or device (Write 761 bytes on handle 5) |
| 2018-12-25T12:30:33.43689626Z | 66 | PC: 12cfe | Move file pointer |
| 2018-12-25T12:30:33.439933138Z | 64 | PC: 12c74 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:30:33.44657334Z | 87 | PC: 12c85 | Get or set file date and time |
| 2018-12-25T12:30:33.448324832Z | 62 | PC: 12c89 | Close file |
| 2018-12-25T12:30:33.459978599Z | 67 | PC: 12c98 | Get or set file attributes |
| 2018-12-25T12:30:33.471977758Z | 59 | PC: 12ca0 | Change current directory |
| 2018-12-25T12:30:33.476327683Z | 26 | PC: 12ca7 | Set disk transfer address |
| 2018-12-25T12:30:33.478892862Z | 37 | PC: 12cb2 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |