{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":13617,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:38:37.075494099Z | 71 | PC: 12b28 | Get current directory |
| 2018-12-25T12:38:37.079060002Z | 59 | PC: 12b33 | Change current directory |
| 2018-12-25T12:38:37.08305202Z | 26 | PC: 12be6 | Set disk transfer address |
| 2018-12-25T12:38:37.083966532Z | 78 | PC: 12bf4 | Find first file |
| 2018-12-25T12:38:37.089850937Z | 61 | PC: 12c1f | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:38:37.096271072Z | 63 | PC: 12c31 | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T12:38:37.102221547Z | 44 | PC: 12c64 | Get time 0x12c64: add dl, dh 0x12c66: je 0x12c60 0x12c68: mov si, 0x115 0x12c6b: add si, word ptr [0x106] 0x12c6f: mov byte ptr [si], dl 0x12c71: mov ax, 0x4301 0x12c74: xor cx, cx 0x12c76: mov dx, si 0x12c78: add dx, 0xaf 0x12c7c: int 0x21 0x12c7e: mov ah, 0x3e 0x12c80: int 0x21 0x12c82: mov ax, 0x3d02 0x12c85: int 0x21 0x12c87: jb 0x12c40 0x12c89: mov di, dx 0x12c8b: add di, 0x5d 0x12c8e: stosw word ptr es:[di], ax 0x12c8f: xchg ax, bx 0x12c90: mov ah, 0x40 |
| 2018-12-25T12:38:37.104170622Z | 67 | PC: 12c7e | Get or set file attributes |
| 2018-12-25T12:38:37.123283727Z | 62 | PC: 12c82 | Close file |
| 2018-12-25T12:38:37.12523721Z | 61 | PC: 12c87 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:38:37.14376526Z | 64 | PC: 12c9a | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:38:37.151154901Z | 64 | PC: 12cac | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:38:37.154116888Z | 64 | PC: 12cc1 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:38:37.156989913Z | 66 | PC: 12cca | Move file pointer |
| 2018-12-25T12:38:37.159224139Z | 64 | PC: 12a7d | Write file or device (Write 942 bytes on handle 5) |
| 2018-12-25T12:38:37.167685724Z | 87 | PC: 12ce3 | Get or set file date and time |
| 2018-12-25T12:38:37.168941553Z | 62 | PC: 12ce7 | Close file |
| 2018-12-25T12:38:37.176821405Z | 67 | PC: 12cf8 | Get or set file attributes |
| 2018-12-25T12:38:37.186847703Z | 79 | PC: 12c07 | Find next file |
| 2018-12-25T12:38:37.189282513Z | 61 | PC: 12c1f | Open file (See above) |
| 2018-12-25T12:38:37.196126545Z | 63 | PC: 12c31 | Read file or device (See above) |
| 2018-12-25T12:38:37.202381179Z | 44 | PC: 12c64 | Get time (See above) |
| 2018-12-25T12:38:37.204368572Z | 67 | PC: 12c7e | Get or set file attributes (See above) |
| 2018-12-25T12:38:37.214528157Z | 62 | PC: 12c82 | Close file (See above) |
| 2018-12-25T12:38:37.216386815Z | 61 | PC: 12c87 | Open file (See above) |
| 2018-12-25T12:38:37.222829653Z | 64 | PC: 12c9a | Write file or device (See above) |
| 2018-12-25T12:38:37.226454381Z | 64 | PC: 12cac | Write file or device (See above) |
| 2018-12-25T12:38:37.229097698Z | 64 | PC: 12cc1 | Write file or device (See above) |
| 2018-12-25T12:38:37.231649318Z | 66 | PC: 12cca | Move file pointer (See above) |
| 2018-12-25T12:38:37.233727195Z | 64 | PC: 12a7d | Write file or device (See above) |
| 2018-12-25T12:38:37.242140276Z | 87 | PC: 12ce3 | Get or set file date and time (See above) |
| 2018-12-25T12:38:37.243601326Z | 62 | PC: 12ce7 | Close file (See above) |
| 2018-12-25T12:38:37.251491178Z | 67 | PC: 12cf8 | Get or set file attributes (See above) |
| 2018-12-25T12:38:37.261198361Z | 79 | PC: 12c07 | Find next file (See above) |
| 2018-12-25T12:38:37.263733715Z | 61 | PC: 12c1f | Open file (See above) |
| 2018-12-25T12:38:37.270092916Z | 63 | PC: 12c31 | Read file or device (See above) |
| 2018-12-25T12:38:37.285766105Z | 44 | PC: 12c64 | Get time (See above) |
| 2018-12-25T12:38:37.288569923Z | 67 | PC: 12c7e | Get or set file attributes (See above) |
| 2018-12-25T12:38:37.29834279Z | 62 | PC: 12c82 | Close file (See above) |
| 2018-12-25T12:38:37.300426303Z | 61 | PC: 12c87 | Open file (See above) |
| 2018-12-25T12:38:37.30694549Z | 64 | PC: 12c9a | Write file or device (See above) |
| 2018-12-25T12:38:37.309530297Z | 64 | PC: 12cac | Write file or device (See above) |
| 2018-12-25T12:38:37.312540381Z | 64 | PC: 12cc1 | Write file or device (See above) |
| 2018-12-25T12:38:37.31524066Z | 66 | PC: 12cca | Move file pointer (See above) |
| 2018-12-25T12:38:37.317151672Z | 64 | PC: 12a7d | Write file or device (See above) |
| 2018-12-25T12:38:37.327026199Z | 87 | PC: 12ce3 | Get or set file date and time (See above) |
| 2018-12-25T12:38:37.328117918Z | 62 | PC: 12ce7 | Close file (See above) |
| 2018-12-25T12:38:37.333360704Z | 67 | PC: 12cf8 | Get or set file attributes (See above) |
| 2018-12-25T12:38:37.343324093Z | 42 | PC: 12b4e | Get date 0x12b4e: cmp dx, 0x709 0x12b52: je 0x12b57 0x12b54: jmp 0x12d68 0x12b57: jmp 0x12cfd 0x12b5a: and ah, bh 0x12b5c: movsw word ptr es:[di], word ptr [si] 0x12b5d: mov ax, 0x5c4c 0x12b60: add word ptr [di], ax 0x12b62: add byte ptr [di - 0x75], dl 0x12b65: in al, dx 0x12b66: sub sp, 0x2c 0x12b69: push si 0x12b6a: jmp 0x12bdb 0x12b6c: mov ah, 0x1a 0x12b6e: lea dx, word ptr [bp - 0x2c] 0x12b71: int 0x21 0x12b73: mov ah, 0x4e 0x12b75: mov cx, 0x10 0x12b78: mov dx, 0x19d 0x12b7b: add dx, word ptr [0x106] |
| 2018-12-25T12:38:37.345431956Z | 59 | PC: 12d73 | Change current directory |
| 2018-12-25T12:38:37.349243822Z | 59 | PC: 12d7a | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":13617,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:38:38.440018889Z | 71 | PC: 12b28 | Get current directory |
| 2018-12-25T12:38:38.443268031Z | 59 | PC: 12b33 | Change current directory |
| 2018-12-25T12:38:38.447079479Z | 26 | PC: 12be6 | Set disk transfer address |
| 2018-12-25T12:38:38.44797681Z | 78 | PC: 12bf4 | Find first file |
| 2018-12-25T12:38:38.454126708Z | 61 | PC: 12c1f | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:38:38.460348723Z | 63 | PC: 12c31 | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T12:38:38.466310812Z | 44 | PC: 12c64 | Get time 0x12c64: add dl, dh 0x12c66: je 0x12c60 0x12c68: mov si, 0x115 0x12c6b: add si, word ptr [0x106] 0x12c6f: mov byte ptr [si], dl 0x12c71: mov ax, 0x4301 0x12c74: xor cx, cx 0x12c76: mov dx, si 0x12c78: add dx, 0xaf 0x12c7c: int 0x21 0x12c7e: mov ah, 0x3e 0x12c80: int 0x21 0x12c82: mov ax, 0x3d02 0x12c85: int 0x21 0x12c87: jb 0x12c40 0x12c89: mov di, dx 0x12c8b: add di, 0x5d 0x12c8e: stosw word ptr es:[di], ax 0x12c8f: xchg ax, bx 0x12c90: mov ah, 0x40 |
| 2018-12-25T12:38:38.468586313Z | 67 | PC: 12c7e | Get or set file attributes |
| 2018-12-25T12:38:38.486053816Z | 62 | PC: 12c82 | Close file |
| 2018-12-25T12:38:38.487648744Z | 61 | PC: 12c87 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:38:38.494906333Z | 64 | PC: 12c9a | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:38:38.501267766Z | 64 | PC: 12cac | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:38:38.503599704Z | 64 | PC: 12cc1 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:38:38.506191905Z | 66 | PC: 12cca | Move file pointer |
| 2018-12-25T12:38:38.508527414Z | 64 | PC: 12a7d | Write file or device (Write 942 bytes on handle 5) |
| 2018-12-25T12:38:38.517787792Z | 87 | PC: 12ce3 | Get or set file date and time |
| 2018-12-25T12:38:38.519194748Z | 62 | PC: 12ce7 | Close file |
| 2018-12-25T12:38:38.52670208Z | 67 | PC: 12cf8 | Get or set file attributes |
| 2018-12-25T12:38:38.536422087Z | 79 | PC: 12c07 | Find next file |
| 2018-12-25T12:38:38.538904279Z | 61 | PC: 12c1f | Open file (See above) |
| 2018-12-25T12:38:38.546261989Z | 63 | PC: 12c31 | Read file or device (See above) |
| 2018-12-25T12:38:38.552972933Z | 44 | PC: 12c64 | Get time (See above) |
| 2018-12-25T12:38:38.555029056Z | 67 | PC: 12c7e | Get or set file attributes (See above) |
| 2018-12-25T12:38:38.565498033Z | 62 | PC: 12c82 | Close file (See above) |
| 2018-12-25T12:38:38.567648375Z | 61 | PC: 12c87 | Open file (See above) |
| 2018-12-25T12:38:38.574443485Z | 64 | PC: 12c9a | Write file or device (See above) |
| 2018-12-25T12:38:38.577831514Z | 64 | PC: 12cac | Write file or device (See above) |
| 2018-12-25T12:38:38.580390747Z | 64 | PC: 12cc1 | Write file or device (See above) |
| 2018-12-25T12:38:38.582837159Z | 66 | PC: 12cca | Move file pointer (See above) |
| 2018-12-25T12:38:38.585271351Z | 64 | PC: 12a7d | Write file or device (See above) |
| 2018-12-25T12:38:38.593549462Z | 87 | PC: 12ce3 | Get or set file date and time (See above) |
| 2018-12-25T12:38:38.594877794Z | 62 | PC: 12ce7 | Close file (See above) |
| 2018-12-25T12:38:38.602880904Z | 67 | PC: 12cf8 | Get or set file attributes (See above) |
| 2018-12-25T12:38:38.612125005Z | 79 | PC: 12c07 | Find next file (See above) |
| 2018-12-25T12:38:38.614686325Z | 61 | PC: 12c1f | Open file (See above) |
| 2018-12-25T12:38:38.626606397Z | 63 | PC: 12c31 | Read file or device (See above) |
| 2018-12-25T12:38:38.632632261Z | 44 | PC: 12c64 | Get time (See above) |
| 2018-12-25T12:38:38.63463628Z | 67 | PC: 12c7e | Get or set file attributes (See above) |
| 2018-12-25T12:38:38.644632688Z | 62 | PC: 12c82 | Close file (See above) |
| 2018-12-25T12:38:38.64622261Z | 61 | PC: 12c87 | Open file (See above) |
| 2018-12-25T12:38:38.652401458Z | 64 | PC: 12c9a | Write file or device (See above) |
| 2018-12-25T12:38:38.661684391Z | 64 | PC: 12cac | Write file or device (See above) |
| 2018-12-25T12:38:38.664267126Z | 64 | PC: 12cc1 | Write file or device (See above) |
| 2018-12-25T12:38:38.666713486Z | 66 | PC: 12cca | Move file pointer (See above) |
| 2018-12-25T12:38:38.669269462Z | 64 | PC: 12a7d | Write file or device (See above) |
| 2018-12-25T12:38:38.678977692Z | 87 | PC: 12ce3 | Get or set file date and time (See above) |
| 2018-12-25T12:38:38.680741417Z | 62 | PC: 12ce7 | Close file (See above) |
| 2018-12-25T12:38:38.689754176Z | 67 | PC: 12cf8 | Get or set file attributes (See above) |
| 2018-12-25T12:38:38.700311292Z | 42 | PC: 12b4e | Get date 0x12b4e: cmp dx, 0x709 0x12b52: je 0x12b57 0x12b54: jmp 0x12d68 0x12b57: jmp 0x12cfd 0x12b5a: and ah, bh 0x12b5c: movsw word ptr es:[di], word ptr [si] 0x12b5d: mov ax, 0x5c4c 0x12b60: add word ptr [di], ax 0x12b62: add byte ptr [di - 0x75], dl 0x12b65: in al, dx 0x12b66: sub sp, 0x2c 0x12b69: push si 0x12b6a: jmp 0x12bdb 0x12b6c: mov ah, 0x1a 0x12b6e: lea dx, word ptr [bp - 0x2c] 0x12b71: int 0x21 0x12b73: mov ah, 0x4e 0x12b75: mov cx, 0x10 0x12b78: mov dx, 0x19d 0x12b7b: add dx, word ptr [0x106] |
| 2018-12-25T12:38:38.702694093Z | 59 | PC: 12d73 | Change current directory |
| 2018-12-25T12:38:38.708460054Z | 59 | PC: 12d7a | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":13617,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:38:39.333798373Z | 71 | PC: 12b28 | Get current directory |
| 2018-12-25T12:38:39.337962938Z | 59 | PC: 12b33 | Change current directory |
| 2018-12-25T12:38:39.342607098Z | 26 | PC: 12be6 | Set disk transfer address |
| 2018-12-25T12:38:39.343959009Z | 78 | PC: 12bf4 | Find first file |
| 2018-12-25T12:38:39.35501259Z | 61 | PC: 12c1f | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:38:39.367507381Z | 63 | PC: 12c31 | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T12:38:39.374050446Z | 44 | PC: 12c64 | Get time 0x12c64: add dl, dh 0x12c66: je 0x12c60 0x12c68: mov si, 0x115 0x12c6b: add si, word ptr [0x106] 0x12c6f: mov byte ptr [si], dl 0x12c71: mov ax, 0x4301 0x12c74: xor cx, cx 0x12c76: mov dx, si 0x12c78: add dx, 0xaf 0x12c7c: int 0x21 0x12c7e: mov ah, 0x3e 0x12c80: int 0x21 0x12c82: mov ax, 0x3d02 0x12c85: int 0x21 0x12c87: jb 0x12c40 0x12c89: mov di, dx 0x12c8b: add di, 0x5d 0x12c8e: stosw word ptr es:[di], ax 0x12c8f: xchg ax, bx 0x12c90: mov ah, 0x40 |
| 2018-12-25T12:38:39.376464319Z | 67 | PC: 12c7e | Get or set file attributes |
| 2018-12-25T12:38:39.392723931Z | 62 | PC: 12c82 | Close file |
| 2018-12-25T12:38:39.394784237Z | 61 | PC: 12c87 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:38:39.403980175Z | 64 | PC: 12c9a | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:38:39.4075797Z | 64 | PC: 12cac | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:38:39.410147576Z | 64 | PC: 12cc1 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:38:39.412702603Z | 66 | PC: 12cca | Move file pointer |
| 2018-12-25T12:38:39.415756109Z | 64 | PC: 12a7d | Write file or device (Write 942 bytes on handle 5) |
| 2018-12-25T12:38:39.425170935Z | 87 | PC: 12ce3 | Get or set file date and time |
| 2018-12-25T12:38:39.42705868Z | 62 | PC: 12ce7 | Close file |
| 2018-12-25T12:38:39.436326597Z | 67 | PC: 12cf8 | Get or set file attributes |
| 2018-12-25T12:38:39.454924242Z | 79 | PC: 12c07 | Find next file |
| 2018-12-25T12:38:39.457768017Z | 61 | PC: 12c1f | Open file (See above) |
| 2018-12-25T12:38:39.465556369Z | 63 | PC: 12c31 | Read file or device (See above) |
| 2018-12-25T12:38:39.472223997Z | 44 | PC: 12c64 | Get time (See above) |
| 2018-12-25T12:38:39.474198011Z | 67 | PC: 12c7e | Get or set file attributes (See above) |
| 2018-12-25T12:38:39.484320394Z | 62 | PC: 12c82 | Close file (See above) |
| 2018-12-25T12:38:39.486217192Z | 61 | PC: 12c87 | Open file (See above) |
| 2018-12-25T12:38:39.49269199Z | 64 | PC: 12c9a | Write file or device (See above) |
| 2018-12-25T12:38:39.495793571Z | 64 | PC: 12cac | Write file or device (See above) |
| 2018-12-25T12:38:39.499483504Z | 64 | PC: 12cc1 | Write file or device (See above) |
| 2018-12-25T12:38:39.502418422Z | 66 | PC: 12cca | Move file pointer (See above) |
| 2018-12-25T12:38:39.505089342Z | 64 | PC: 12a7d | Write file or device (See above) |
| 2018-12-25T12:38:39.513356128Z | 87 | PC: 12ce3 | Get or set file date and time (See above) |
| 2018-12-25T12:38:39.514594981Z | 62 | PC: 12ce7 | Close file (See above) |
| 2018-12-25T12:38:39.522293258Z | 67 | PC: 12cf8 | Get or set file attributes (See above) |
| 2018-12-25T12:38:39.532182773Z | 79 | PC: 12c07 | Find next file (See above) |
| 2018-12-25T12:38:39.534727181Z | 61 | PC: 12c1f | Open file (See above) |
| 2018-12-25T12:38:39.541140268Z | 63 | PC: 12c31 | Read file or device (See above) |
| 2018-12-25T12:38:39.547982736Z | 44 | PC: 12c64 | Get time (See above) |
| 2018-12-25T12:38:39.550021168Z | 67 | PC: 12c7e | Get or set file attributes (See above) |
| 2018-12-25T12:38:39.561446896Z | 62 | PC: 12c82 | Close file (See above) |
| 2018-12-25T12:38:39.564198273Z | 61 | PC: 12c87 | Open file (See above) |
| 2018-12-25T12:38:39.57106156Z | 64 | PC: 12c9a | Write file or device (See above) |
| 2018-12-25T12:38:39.574073669Z | 64 | PC: 12cac | Write file or device (See above) |
| 2018-12-25T12:38:39.577067792Z | 64 | PC: 12cc1 | Write file or device (See above) |
| 2018-12-25T12:38:39.579642098Z | 66 | PC: 12cca | Move file pointer (See above) |
| 2018-12-25T12:38:39.581278799Z | 64 | PC: 12a7d | Write file or device (See above) |
| 2018-12-25T12:38:39.590657272Z | 87 | PC: 12ce3 | Get or set file date and time (See above) |
| 2018-12-25T12:38:39.592054763Z | 62 | PC: 12ce7 | Close file (See above) |
| 2018-12-25T12:38:39.599533017Z | 67 | PC: 12cf8 | Get or set file attributes (See above) |
| 2018-12-25T12:38:39.610119153Z | 42 | PC: 12b4e | Get date 0x12b4e: cmp dx, 0x709 0x12b52: je 0x12b57 0x12b54: jmp 0x12d68 0x12b57: jmp 0x12cfd 0x12b5a: and ah, bh 0x12b5c: movsw word ptr es:[di], word ptr [si] 0x12b5d: mov ax, 0x5c4c 0x12b60: add word ptr [di], ax 0x12b62: add byte ptr [di - 0x75], dl 0x12b65: in al, dx 0x12b66: sub sp, 0x2c 0x12b69: push si 0x12b6a: jmp 0x12bdb 0x12b6c: mov ah, 0x1a 0x12b6e: lea dx, word ptr [bp - 0x2c] 0x12b71: int 0x21 0x12b73: mov ah, 0x4e 0x12b75: mov cx, 0x10 0x12b78: mov dx, 0x19d 0x12b7b: add dx, word ptr [0x106] |
| 2018-12-25T12:38:39.613370029Z | 59 | PC: 12d73 | Change current directory |
| 2018-12-25T12:38:39.617447856Z | 59 | PC: 12d7a | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":13617,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:38:40.574102125Z | 71 | PC: 12b28 | Get current directory |
| 2018-12-25T12:38:40.577655264Z | 59 | PC: 12b33 | Change current directory |
| 2018-12-25T12:38:40.590432785Z | 26 | PC: 12be6 | Set disk transfer address |
| 2018-12-25T12:38:40.591797425Z | 78 | PC: 12bf4 | Find first file |
| 2018-12-25T12:38:40.59907296Z | 61 | PC: 12c1f | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:38:40.607173013Z | 63 | PC: 12c31 | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T12:38:40.614599413Z | 44 | PC: 12c64 | Get time 0x12c64: add dl, dh 0x12c66: je 0x12c60 0x12c68: mov si, 0x115 0x12c6b: add si, word ptr [0x106] 0x12c6f: mov byte ptr [si], dl 0x12c71: mov ax, 0x4301 0x12c74: xor cx, cx 0x12c76: mov dx, si 0x12c78: add dx, 0xaf 0x12c7c: int 0x21 0x12c7e: mov ah, 0x3e 0x12c80: int 0x21 0x12c82: mov ax, 0x3d02 0x12c85: int 0x21 0x12c87: jb 0x12c40 0x12c89: mov di, dx 0x12c8b: add di, 0x5d 0x12c8e: stosw word ptr es:[di], ax 0x12c8f: xchg ax, bx 0x12c90: mov ah, 0x40 |
| 2018-12-25T12:38:40.61742225Z | 67 | PC: 12c7e | Get or set file attributes |
| 2018-12-25T12:38:40.636853365Z | 62 | PC: 12c82 | Close file |
| 2018-12-25T12:38:40.638795838Z | 61 | PC: 12c87 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:38:40.644786221Z | 64 | PC: 12c9a | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:38:40.64744881Z | 64 | PC: 12cac | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:38:40.649520389Z | 64 | PC: 12cc1 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:38:40.651503056Z | 66 | PC: 12cca | Move file pointer |
| 2018-12-25T12:38:40.653085783Z | 64 | PC: 12a7d | Write file or device (Write 942 bytes on handle 5) |
| 2018-12-25T12:38:40.66379616Z | 87 | PC: 12ce3 | Get or set file date and time |
| 2018-12-25T12:38:40.665559575Z | 62 | PC: 12ce7 | Close file |
| 2018-12-25T12:38:40.674552Z | 67 | PC: 12cf8 | Get or set file attributes |
| 2018-12-25T12:38:40.686351906Z | 79 | PC: 12c07 | Find next file |
| 2018-12-25T12:38:40.689347667Z | 61 | PC: 12c1f | Open file (See above) |
| 2018-12-25T12:38:40.696664532Z | 63 | PC: 12c31 | Read file or device (See above) |
| 2018-12-25T12:38:40.718229148Z | 44 | PC: 12c64 | Get time (See above) |
| 2018-12-25T12:38:40.720694748Z | 67 | PC: 12c7e | Get or set file attributes (See above) |
| 2018-12-25T12:38:40.736176209Z | 62 | PC: 12c82 | Close file (See above) |
| 2018-12-25T12:38:40.744394963Z | 61 | PC: 12c87 | Open file (See above) |
| 2018-12-25T12:38:40.752378294Z | 64 | PC: 12c9a | Write file or device (See above) |
| 2018-12-25T12:38:40.755948783Z | 64 | PC: 12cac | Write file or device (See above) |
| 2018-12-25T12:38:40.761005874Z | 64 | PC: 12cc1 | Write file or device (See above) |
| 2018-12-25T12:38:40.764844639Z | 66 | PC: 12cca | Move file pointer (See above) |
| 2018-12-25T12:38:40.767364399Z | 64 | PC: 12a7d | Write file or device (See above) |
| 2018-12-25T12:38:40.778450455Z | 87 | PC: 12ce3 | Get or set file date and time (See above) |
| 2018-12-25T12:38:40.780102549Z | 62 | PC: 12ce7 | Close file (See above) |
| 2018-12-25T12:38:40.788866429Z | 67 | PC: 12cf8 | Get or set file attributes (See above) |
| 2018-12-25T12:38:40.800199741Z | 79 | PC: 12c07 | Find next file (See above) |
| 2018-12-25T12:38:40.804732242Z | 61 | PC: 12c1f | Open file (See above) |
| 2018-12-25T12:38:40.812373406Z | 63 | PC: 12c31 | Read file or device (See above) |
| 2018-12-25T12:38:40.819537018Z | 44 | PC: 12c64 | Get time (See above) |
| 2018-12-25T12:38:40.823028034Z | 67 | PC: 12c7e | Get or set file attributes (See above) |
| 2018-12-25T12:38:40.834430774Z | 62 | PC: 12c82 | Close file (See above) |
| 2018-12-25T12:38:40.836483572Z | 61 | PC: 12c87 | Open file (See above) |
| 2018-12-25T12:38:40.845260338Z | 64 | PC: 12c9a | Write file or device (See above) |
| 2018-12-25T12:38:40.84864848Z | 64 | PC: 12cac | Write file or device (See above) |
| 2018-12-25T12:38:40.851667451Z | 64 | PC: 12cc1 | Write file or device (See above) |
| 2018-12-25T12:38:40.854485303Z | 66 | PC: 12cca | Move file pointer (See above) |
| 2018-12-25T12:38:40.856292404Z | 64 | PC: 12a7d | Write file or device (See above) |
| 2018-12-25T12:38:40.866478744Z | 87 | PC: 12ce3 | Get or set file date and time (See above) |
| 2018-12-25T12:38:40.868881115Z | 62 | PC: 12ce7 | Close file (See above) |
| 2018-12-25T12:38:40.880357339Z | 67 | PC: 12cf8 | Get or set file attributes (See above) |
| 2018-12-25T12:38:40.893454937Z | 42 | PC: 12b4e | Get date 0x12b4e: cmp dx, 0x709 0x12b52: je 0x12b57 0x12b54: jmp 0x12d68 0x12b57: jmp 0x12cfd 0x12b5a: and ah, bh 0x12b5c: movsw word ptr es:[di], word ptr [si] 0x12b5d: mov ax, 0x5c4c 0x12b60: add word ptr [di], ax 0x12b62: add byte ptr [di - 0x75], dl 0x12b65: in al, dx 0x12b66: sub sp, 0x2c 0x12b69: push si 0x12b6a: jmp 0x12bdb 0x12b6c: mov ah, 0x1a 0x12b6e: lea dx, word ptr [bp - 0x2c] 0x12b71: int 0x21 0x12b73: mov ah, 0x4e 0x12b75: mov cx, 0x10 0x12b78: mov dx, 0x19d 0x12b7b: add dx, word ptr [0x106] |
| 2018-12-25T12:38:40.89660064Z | 59 | PC: 12d73 | Change current directory |
| 2018-12-25T12:38:40.900821307Z | 59 | PC: 12d7a | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":13617,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:38:40.605351537Z | 71 | PC: 12b28 | Get current directory |
| 2018-12-25T12:38:40.613140114Z | 59 | PC: 12b33 | Change current directory |
| 2018-12-25T12:38:40.615811074Z | 26 | PC: 12be6 | Set disk transfer address |
| 2018-12-25T12:38:40.616695109Z | 78 | PC: 12bf4 | Find first file |
| 2018-12-25T12:38:40.62772729Z | 61 | PC: 12c1f | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:38:40.639109088Z | 63 | PC: 12c31 | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T12:38:40.645527201Z | 44 | PC: 12c64 | Get time 0x12c64: add dl, dh 0x12c66: je 0x12c60 0x12c68: mov si, 0x115 0x12c6b: add si, word ptr [0x106] 0x12c6f: mov byte ptr [si], dl 0x12c71: mov ax, 0x4301 0x12c74: xor cx, cx 0x12c76: mov dx, si 0x12c78: add dx, 0xaf 0x12c7c: int 0x21 0x12c7e: mov ah, 0x3e 0x12c80: int 0x21 0x12c82: mov ax, 0x3d02 0x12c85: int 0x21 0x12c87: jb 0x12c40 0x12c89: mov di, dx 0x12c8b: add di, 0x5d 0x12c8e: stosw word ptr es:[di], ax 0x12c8f: xchg ax, bx 0x12c90: mov ah, 0x40 |
| 2018-12-25T12:38:40.648208892Z | 67 | PC: 12c7e | Get or set file attributes |
| 2018-12-25T12:38:41.239661487Z | 62 | PC: 12c82 | Close file |
| 2018-12-25T12:38:41.241751993Z | 61 | PC: 12c87 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:38:41.248684687Z | 64 | PC: 12c9a | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:38:41.252922063Z | 64 | PC: 12cac | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:38:41.256021726Z | 64 | PC: 12cc1 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:38:41.258840392Z | 66 | PC: 12cca | Move file pointer |
| 2018-12-25T12:38:41.261893826Z | 64 | PC: 12a7d | Write file or device (Write 942 bytes on handle 5) |
| 2018-12-25T12:38:41.272202543Z | 87 | PC: 12ce3 | Get or set file date and time |
| 2018-12-25T12:38:41.276510962Z | 62 | PC: 12ce7 | Close file |
| 2018-12-25T12:38:41.29536909Z | 67 | PC: 12cf8 | Get or set file attributes |
| 2018-12-25T12:38:41.304146978Z | 79 | PC: 12c07 | Find next file |
| 2018-12-25T12:38:41.306855378Z | 61 | PC: 12c1f | Open file (See above) |
| 2018-12-25T12:38:41.313992595Z | 63 | PC: 12c31 | Read file or device (See above) |
| 2018-12-25T12:38:41.320468519Z | 44 | PC: 12c64 | Get time (See above) |
| 2018-12-25T12:38:41.323002289Z | 67 | PC: 12c7e | Get or set file attributes (See above) |
| 2018-12-25T12:38:41.34644191Z | 62 | PC: 12c82 | Close file (See above) |
| 2018-12-25T12:38:41.350253836Z | 61 | PC: 12c87 | Open file (See above) |
| 2018-12-25T12:38:41.357691826Z | 64 | PC: 12c9a | Write file or device (See above) |
| 2018-12-25T12:38:41.362435719Z | 64 | PC: 12cac | Write file or device (See above) |
| 2018-12-25T12:38:41.365489174Z | 64 | PC: 12cc1 | Write file or device (See above) |
| 2018-12-25T12:38:41.368353262Z | 66 | PC: 12cca | Move file pointer (See above) |
| 2018-12-25T12:38:41.370544659Z | 64 | PC: 12a7d | Write file or device (See above) |
| 2018-12-25T12:38:41.383858715Z | 87 | PC: 12ce3 | Get or set file date and time (See above) |
| 2018-12-25T12:38:41.385831413Z | 62 | PC: 12ce7 | Close file (See above) |
| 2018-12-25T12:38:41.394297317Z | 67 | PC: 12cf8 | Get or set file attributes (See above) |
| 2018-12-25T12:38:41.404713552Z | 79 | PC: 12c07 | Find next file (See above) |
| 2018-12-25T12:38:41.407347915Z | 61 | PC: 12c1f | Open file (See above) |
| 2018-12-25T12:38:41.414343436Z | 63 | PC: 12c31 | Read file or device (See above) |
| 2018-12-25T12:38:41.42212989Z | 44 | PC: 12c64 | Get time (See above) |
| 2018-12-25T12:38:41.425575532Z | 67 | PC: 12c7e | Get or set file attributes (See above) |
| 2018-12-25T12:38:41.436428208Z | 62 | PC: 12c82 | Close file (See above) |
| 2018-12-25T12:38:41.439351296Z | 61 | PC: 12c87 | Open file (See above) |
| 2018-12-25T12:38:41.446172089Z | 64 | PC: 12c9a | Write file or device (See above) |
| 2018-12-25T12:38:41.449167913Z | 64 | PC: 12cac | Write file or device (See above) |
| 2018-12-25T12:38:41.452572115Z | 64 | PC: 12cc1 | Write file or device (See above) |
| 2018-12-25T12:38:41.455448784Z | 66 | PC: 12cca | Move file pointer (See above) |
| 2018-12-25T12:38:41.457423087Z | 64 | PC: 12a7d | Write file or device (See above) |
| 2018-12-25T12:38:41.466855045Z | 87 | PC: 12ce3 | Get or set file date and time (See above) |
| 2018-12-25T12:38:41.468323956Z | 62 | PC: 12ce7 | Close file (See above) |
| 2018-12-25T12:38:41.475779101Z | 67 | PC: 12cf8 | Get or set file attributes (See above) |
| 2018-12-25T12:38:41.486281066Z | 42 | PC: 12b4e | Get date 0x12b4e: cmp dx, 0x709 0x12b52: je 0x12b57 0x12b54: jmp 0x12d68 0x12b57: jmp 0x12cfd 0x12b5a: and ah, bh 0x12b5c: movsw word ptr es:[di], word ptr [si] 0x12b5d: mov ax, 0x5c4c 0x12b60: add word ptr [di], ax 0x12b62: add byte ptr [di - 0x75], dl 0x12b65: in al, dx 0x12b66: sub sp, 0x2c 0x12b69: push si 0x12b6a: jmp 0x12bdb 0x12b6c: mov ah, 0x1a 0x12b6e: lea dx, word ptr [bp - 0x2c] 0x12b71: int 0x21 0x12b73: mov ah, 0x4e 0x12b75: mov cx, 0x10 0x12b78: mov dx, 0x19d 0x12b7b: add dx, word ptr [0x106] |
| 2018-12-25T12:38:41.488915Z | 59 | PC: 12d73 | Change current directory |
| 2018-12-25T12:38:41.492856042Z | 59 | PC: 12d7a | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":13617,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:38:40.686359356Z | 71 | PC: 12b28 | Get current directory |
| 2018-12-25T12:38:40.689969036Z | 59 | PC: 12b33 | Change current directory |
| 2018-12-25T12:38:40.693839123Z | 26 | PC: 12be6 | Set disk transfer address |
| 2018-12-25T12:38:40.694758822Z | 78 | PC: 12bf4 | Find first file |
| 2018-12-25T12:38:40.70561896Z | 61 | PC: 12c1f | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:38:40.716888218Z | 63 | PC: 12c31 | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T12:38:40.722965343Z | 44 | PC: 12c64 | Get time 0x12c64: add dl, dh 0x12c66: je 0x12c60 0x12c68: mov si, 0x115 0x12c6b: add si, word ptr [0x106] 0x12c6f: mov byte ptr [si], dl 0x12c71: mov ax, 0x4301 0x12c74: xor cx, cx 0x12c76: mov dx, si 0x12c78: add dx, 0xaf 0x12c7c: int 0x21 0x12c7e: mov ah, 0x3e 0x12c80: int 0x21 0x12c82: mov ax, 0x3d02 0x12c85: int 0x21 0x12c87: jb 0x12c40 0x12c89: mov di, dx 0x12c8b: add di, 0x5d 0x12c8e: stosw word ptr es:[di], ax 0x12c8f: xchg ax, bx 0x12c90: mov ah, 0x40 |
| 2018-12-25T12:38:40.72535941Z | 67 | PC: 12c7e | Get or set file attributes |
| 2018-12-25T12:38:41.241522154Z | 62 | PC: 12c82 | Close file |
| 2018-12-25T12:38:41.247188887Z | 61 | PC: 12c87 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:38:41.255640861Z | 64 | PC: 12c9a | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:38:41.258394799Z | 64 | PC: 12cac | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:38:41.260918382Z | 64 | PC: 12cc1 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:38:41.280323898Z | 66 | PC: 12cca | Move file pointer |
| 2018-12-25T12:38:41.282481006Z | 64 | PC: 12a7d | Write file or device (Write 942 bytes on handle 5) |
| 2018-12-25T12:38:41.292012446Z | 87 | PC: 12ce3 | Get or set file date and time |
| 2018-12-25T12:38:41.294869751Z | 62 | PC: 12ce7 | Close file |
| 2018-12-25T12:38:41.302929533Z | 67 | PC: 12cf8 | Get or set file attributes |
| 2018-12-25T12:38:41.312726876Z | 79 | PC: 12c07 | Find next file |
| 2018-12-25T12:38:41.316059865Z | 61 | PC: 12c1f | Open file (See above) |
| 2018-12-25T12:38:41.322633199Z | 63 | PC: 12c31 | Read file or device (See above) |
| 2018-12-25T12:38:41.329281867Z | 44 | PC: 12c64 | Get time (See above) |
| 2018-12-25T12:38:41.331841316Z | 67 | PC: 12c7e | Get or set file attributes (See above) |
| 2018-12-25T12:38:41.352394476Z | 62 | PC: 12c82 | Close file (See above) |
| 2018-12-25T12:38:41.354843498Z | 61 | PC: 12c87 | Open file (See above) |
| 2018-12-25T12:38:41.361629771Z | 64 | PC: 12c9a | Write file or device (See above) |
| 2018-12-25T12:38:41.365164057Z | 64 | PC: 12cac | Write file or device (See above) |
| 2018-12-25T12:38:41.368006697Z | 64 | PC: 12cc1 | Write file or device (See above) |
| 2018-12-25T12:38:41.370799239Z | 66 | PC: 12cca | Move file pointer (See above) |
| 2018-12-25T12:38:41.37369426Z | 64 | PC: 12a7d | Write file or device (See above) |
| 2018-12-25T12:38:41.39923933Z | 87 | PC: 12ce3 | Get or set file date and time (See above) |
| 2018-12-25T12:38:41.400741224Z | 62 | PC: 12ce7 | Close file (See above) |
| 2018-12-25T12:38:41.409648695Z | 67 | PC: 12cf8 | Get or set file attributes (See above) |
| 2018-12-25T12:38:41.429904396Z | 79 | PC: 12c07 | Find next file (See above) |
| 2018-12-25T12:38:41.432860419Z | 61 | PC: 12c1f | Open file (See above) |
| 2018-12-25T12:38:41.440149593Z | 63 | PC: 12c31 | Read file or device (See above) |
| 2018-12-25T12:38:41.44698043Z | 44 | PC: 12c64 | Get time (See above) |
| 2018-12-25T12:38:41.449045812Z | 67 | PC: 12c7e | Get or set file attributes (See above) |
| 2018-12-25T12:38:41.460462891Z | 62 | PC: 12c82 | Close file (See above) |
| 2018-12-25T12:38:41.462757849Z | 61 | PC: 12c87 | Open file (See above) |
| 2018-12-25T12:38:41.469507131Z | 64 | PC: 12c9a | Write file or device (See above) |
| 2018-12-25T12:38:41.472841932Z | 64 | PC: 12cac | Write file or device (See above) |
| 2018-12-25T12:38:41.475831447Z | 64 | PC: 12cc1 | Write file or device (See above) |
| 2018-12-25T12:38:41.47866955Z | 66 | PC: 12cca | Move file pointer (See above) |
| 2018-12-25T12:38:41.481640156Z | 64 | PC: 12a7d | Write file or device (See above) |
| 2018-12-25T12:38:41.501604635Z | 87 | PC: 12ce3 | Get or set file date and time (See above) |
| 2018-12-25T12:38:41.503493681Z | 62 | PC: 12ce7 | Close file (See above) |
| 2018-12-25T12:38:41.51528269Z | 67 | PC: 12cf8 | Get or set file attributes (See above) |
| 2018-12-25T12:38:41.532585494Z | 42 | PC: 12b4e | Get date 0x12b4e: cmp dx, 0x709 0x12b52: je 0x12b57 0x12b54: jmp 0x12d68 0x12b57: jmp 0x12cfd 0x12b5a: and ah, bh 0x12b5c: movsw word ptr es:[di], word ptr [si] 0x12b5d: mov ax, 0x5c4c 0x12b60: add word ptr [di], ax 0x12b62: add byte ptr [di - 0x75], dl 0x12b65: in al, dx 0x12b66: sub sp, 0x2c 0x12b69: push si 0x12b6a: jmp 0x12bdb 0x12b6c: mov ah, 0x1a 0x12b6e: lea dx, word ptr [bp - 0x2c] 0x12b71: int 0x21 0x12b73: mov ah, 0x4e 0x12b75: mov cx, 0x10 0x12b78: mov dx, 0x19d 0x12b7b: add dx, word ptr [0x106] |
| 2018-12-25T12:38:41.535101309Z | 59 | PC: 12d73 | Change current directory |
| 2018-12-25T12:38:41.53955176Z | 59 | PC: 12d7a | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":13617,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:38:40.80376929Z | 71 | PC: 12b28 | Get current directory |
| 2018-12-25T12:38:40.80790227Z | 59 | PC: 12b33 | Change current directory |
| 2018-12-25T12:38:40.813719092Z | 26 | PC: 12be6 | Set disk transfer address |
| 2018-12-25T12:38:40.815314383Z | 78 | PC: 12bf4 | Find first file |
| 2018-12-25T12:38:40.828955204Z | 61 | PC: 12c1f | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:38:40.83713866Z | 63 | PC: 12c31 | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T12:38:40.844141966Z | 44 | PC: 12c64 | Get time 0x12c64: add dl, dh 0x12c66: je 0x12c60 0x12c68: mov si, 0x115 0x12c6b: add si, word ptr [0x106] 0x12c6f: mov byte ptr [si], dl 0x12c71: mov ax, 0x4301 0x12c74: xor cx, cx 0x12c76: mov dx, si 0x12c78: add dx, 0xaf 0x12c7c: int 0x21 0x12c7e: mov ah, 0x3e 0x12c80: int 0x21 0x12c82: mov ax, 0x3d02 0x12c85: int 0x21 0x12c87: jb 0x12c40 0x12c89: mov di, dx 0x12c8b: add di, 0x5d 0x12c8e: stosw word ptr es:[di], ax 0x12c8f: xchg ax, bx 0x12c90: mov ah, 0x40 |
| 2018-12-25T12:38:40.847062469Z | 67 | PC: 12c7e | Get or set file attributes |
| 2018-12-25T12:38:40.867108499Z | 62 | PC: 12c82 | Close file |
| 2018-12-25T12:38:40.869805496Z | 61 | PC: 12c87 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:38:40.877090693Z | 64 | PC: 12c9a | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:38:40.881630948Z | 64 | PC: 12cac | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:38:40.884939118Z | 64 | PC: 12cc1 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:38:40.888224765Z | 66 | PC: 12cca | Move file pointer |
| 2018-12-25T12:38:40.891721919Z | 64 | PC: 12a7d | Write file or device (Write 942 bytes on handle 5) |
| 2018-12-25T12:38:40.902252437Z | 87 | PC: 12ce3 | Get or set file date and time |
| 2018-12-25T12:38:40.903781565Z | 62 | PC: 12ce7 | Close file |
| 2018-12-25T12:38:40.912988095Z | 67 | PC: 12cf8 | Get or set file attributes |
| 2018-12-25T12:38:40.924200843Z | 79 | PC: 12c07 | Find next file |
| 2018-12-25T12:38:40.92728256Z | 61 | PC: 12c1f | Open file (See above) |
| 2018-12-25T12:38:40.935108247Z | 63 | PC: 12c31 | Read file or device (See above) |
| 2018-12-25T12:38:40.943359367Z | 44 | PC: 12c64 | Get time (See above) |
| 2018-12-25T12:38:40.945651838Z | 67 | PC: 12c7e | Get or set file attributes (See above) |
| 2018-12-25T12:38:40.954875333Z | 62 | PC: 12c82 | Close file (See above) |
| 2018-12-25T12:38:40.957563341Z | 61 | PC: 12c87 | Open file (See above) |
| 2018-12-25T12:38:40.966074927Z | 64 | PC: 12c9a | Write file or device (See above) |
| 2018-12-25T12:38:40.969018265Z | 64 | PC: 12cac | Write file or device (See above) |
| 2018-12-25T12:38:40.972380696Z | 64 | PC: 12cc1 | Write file or device (See above) |
| 2018-12-25T12:38:40.976894254Z | 66 | PC: 12cca | Move file pointer (See above) |
| 2018-12-25T12:38:40.980910183Z | 64 | PC: 12a7d | Write file or device (See above) |
| 2018-12-25T12:38:40.9893394Z | 87 | PC: 12ce3 | Get or set file date and time (See above) |
| 2018-12-25T12:38:40.990687832Z | 62 | PC: 12ce7 | Close file (See above) |
| 2018-12-25T12:38:40.997742748Z | 67 | PC: 12cf8 | Get or set file attributes (See above) |
| 2018-12-25T12:38:41.007342148Z | 79 | PC: 12c07 | Find next file (See above) |
| 2018-12-25T12:38:41.010466316Z | 61 | PC: 12c1f | Open file (See above) |
| 2018-12-25T12:38:41.016240049Z | 63 | PC: 12c31 | Read file or device (See above) |
| 2018-12-25T12:38:41.02237907Z | 44 | PC: 12c64 | Get time (See above) |
| 2018-12-25T12:38:41.025164954Z | 67 | PC: 12c7e | Get or set file attributes (See above) |
| 2018-12-25T12:38:41.034374791Z | 62 | PC: 12c82 | Close file (See above) |
| 2018-12-25T12:38:41.036795993Z | 61 | PC: 12c87 | Open file (See above) |
| 2018-12-25T12:38:41.042779144Z | 64 | PC: 12c9a | Write file or device (See above) |
| 2018-12-25T12:38:41.045337721Z | 64 | PC: 12cac | Write file or device (See above) |
| 2018-12-25T12:38:41.047888619Z | 64 | PC: 12cc1 | Write file or device (See above) |
| 2018-12-25T12:38:41.051174023Z | 66 | PC: 12cca | Move file pointer (See above) |
| 2018-12-25T12:38:41.053110046Z | 64 | PC: 12a7d | Write file or device (See above) |
| 2018-12-25T12:38:41.062848312Z | 87 | PC: 12ce3 | Get or set file date and time (See above) |
| 2018-12-25T12:38:41.065037379Z | 62 | PC: 12ce7 | Close file (See above) |
| 2018-12-25T12:38:41.07359387Z | 67 | PC: 12cf8 | Get or set file attributes (See above) |
| 2018-12-25T12:38:41.084585814Z | 42 | PC: 12b4e | Get date 0x12b4e: cmp dx, 0x709 0x12b52: je 0x12b57 0x12b54: jmp 0x12d68 0x12b57: jmp 0x12cfd 0x12b5a: and ah, bh 0x12b5c: movsw word ptr es:[di], word ptr [si] 0x12b5d: mov ax, 0x5c4c 0x12b60: add word ptr [di], ax 0x12b62: add byte ptr [di - 0x75], dl 0x12b65: in al, dx 0x12b66: sub sp, 0x2c 0x12b69: push si 0x12b6a: jmp 0x12bdb 0x12b6c: mov ah, 0x1a 0x12b6e: lea dx, word ptr [bp - 0x2c] 0x12b71: int 0x21 0x12b73: mov ah, 0x4e 0x12b75: mov cx, 0x10 0x12b78: mov dx, 0x19d 0x12b7b: add dx, word ptr [0x106] |
| 2018-12-25T12:38:41.088739508Z | 59 | PC: 12d73 | Change current directory |
| 2018-12-25T12:38:41.093985863Z | 59 | PC: 12d7a | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":13617,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:38:40.949321482Z | 71 | PC: 12b28 | Get current directory |
| 2018-12-25T12:38:40.953173549Z | 59 | PC: 12b33 | Change current directory |
| 2018-12-25T12:38:40.95755257Z | 26 | PC: 12be6 | Set disk transfer address |
| 2018-12-25T12:38:40.958875214Z | 78 | PC: 12bf4 | Find first file |
| 2018-12-25T12:38:40.970411788Z | 61 | PC: 12c1f | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:38:40.97704339Z | 63 | PC: 12c31 | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T12:38:40.983172041Z | 44 | PC: 12c64 | Get time 0x12c64: add dl, dh 0x12c66: je 0x12c60 0x12c68: mov si, 0x115 0x12c6b: add si, word ptr [0x106] 0x12c6f: mov byte ptr [si], dl 0x12c71: mov ax, 0x4301 0x12c74: xor cx, cx 0x12c76: mov dx, si 0x12c78: add dx, 0xaf 0x12c7c: int 0x21 0x12c7e: mov ah, 0x3e 0x12c80: int 0x21 0x12c82: mov ax, 0x3d02 0x12c85: int 0x21 0x12c87: jb 0x12c40 0x12c89: mov di, dx 0x12c8b: add di, 0x5d 0x12c8e: stosw word ptr es:[di], ax 0x12c8f: xchg ax, bx 0x12c90: mov ah, 0x40 |
| 2018-12-25T12:38:40.985104367Z | 67 | PC: 12c7e | Get or set file attributes |
| 2018-12-25T12:38:41.242498148Z | 62 | PC: 12c82 | Close file |
| 2018-12-25T12:38:41.247397546Z | 61 | PC: 12c87 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:38:41.25420978Z | 64 | PC: 12c9a | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:38:41.257259751Z | 64 | PC: 12cac | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:38:41.260811566Z | 64 | PC: 12cc1 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:38:41.263677843Z | 66 | PC: 12cca | Move file pointer |
| 2018-12-25T12:38:41.26574031Z | 64 | PC: 12a7d | Write file or device (Write 942 bytes on handle 5) |
| 2018-12-25T12:38:41.276275672Z | 87 | PC: 12ce3 | Get or set file date and time |
| 2018-12-25T12:38:41.278110197Z | 62 | PC: 12ce7 | Close file |
| 2018-12-25T12:38:41.285862449Z | 67 | PC: 12cf8 | Get or set file attributes |
| 2018-12-25T12:38:41.299879466Z | 79 | PC: 12c07 | Find next file |
| 2018-12-25T12:38:41.302779999Z | 61 | PC: 12c1f | Open file (See above) |
| 2018-12-25T12:38:41.309463809Z | 63 | PC: 12c31 | Read file or device (See above) |
| 2018-12-25T12:38:41.319666455Z | 44 | PC: 12c64 | Get time (See above) |
| 2018-12-25T12:38:41.322128Z | 67 | PC: 12c7e | Get or set file attributes (See above) |
| 2018-12-25T12:38:41.334679788Z | 62 | PC: 12c82 | Close file (See above) |
| 2018-12-25T12:38:41.337477147Z | 61 | PC: 12c87 | Open file (See above) |
| 2018-12-25T12:38:41.359150701Z | 64 | PC: 12c9a | Write file or device (See above) |
| 2018-12-25T12:38:41.3806605Z | 64 | PC: 12cac | Write file or device (See above) |
| 2018-12-25T12:38:41.384407195Z | 64 | PC: 12cc1 | Write file or device (See above) |
| 2018-12-25T12:38:41.387344931Z | 66 | PC: 12cca | Move file pointer (See above) |
| 2018-12-25T12:38:41.389120592Z | 64 | PC: 12a7d | Write file or device (See above) |
| 2018-12-25T12:38:41.399666605Z | 87 | PC: 12ce3 | Get or set file date and time (See above) |
| 2018-12-25T12:38:41.401900217Z | 62 | PC: 12ce7 | Close file (See above) |
| 2018-12-25T12:38:41.411165685Z | 67 | PC: 12cf8 | Get or set file attributes (See above) |
| 2018-12-25T12:38:41.421419787Z | 79 | PC: 12c07 | Find next file (See above) |
| 2018-12-25T12:38:41.425599854Z | 61 | PC: 12c1f | Open file (See above) |
| 2018-12-25T12:38:41.432300091Z | 63 | PC: 12c31 | Read file or device (See above) |
| 2018-12-25T12:38:41.436849298Z | 44 | PC: 12c64 | Get time (See above) |
| 2018-12-25T12:38:41.43908568Z | 67 | PC: 12c7e | Get or set file attributes (See above) |
| 2018-12-25T12:38:41.451260802Z | 62 | PC: 12c82 | Close file (See above) |
| 2018-12-25T12:38:41.453295372Z | 61 | PC: 12c87 | Open file (See above) |
| 2018-12-25T12:38:41.461208247Z | 64 | PC: 12c9a | Write file or device (See above) |
| 2018-12-25T12:38:41.464203122Z | 64 | PC: 12cac | Write file or device (See above) |
| 2018-12-25T12:38:41.467045428Z | 64 | PC: 12cc1 | Write file or device (See above) |
| 2018-12-25T12:38:41.470184626Z | 66 | PC: 12cca | Move file pointer (See above) |
| 2018-12-25T12:38:41.471928485Z | 64 | PC: 12a7d | Write file or device (See above) |
| 2018-12-25T12:38:41.481374382Z | 87 | PC: 12ce3 | Get or set file date and time (See above) |
| 2018-12-25T12:38:41.483899906Z | 62 | PC: 12ce7 | Close file (See above) |
| 2018-12-25T12:38:41.501058504Z | 67 | PC: 12cf8 | Get or set file attributes (See above) |
| 2018-12-25T12:38:41.522217218Z | 42 | PC: 12b4e | Get date 0x12b4e: cmp dx, 0x709 0x12b52: je 0x12b57 0x12b54: jmp 0x12d68 0x12b57: jmp 0x12cfd 0x12b5a: and ah, bh 0x12b5c: movsw word ptr es:[di], word ptr [si] 0x12b5d: mov ax, 0x5c4c 0x12b60: add word ptr [di], ax 0x12b62: add byte ptr [di - 0x75], dl 0x12b65: in al, dx 0x12b66: sub sp, 0x2c 0x12b69: push si 0x12b6a: jmp 0x12bdb 0x12b6c: mov ah, 0x1a 0x12b6e: lea dx, word ptr [bp - 0x2c] 0x12b71: int 0x21 0x12b73: mov ah, 0x4e 0x12b75: mov cx, 0x10 0x12b78: mov dx, 0x19d 0x12b7b: add dx, word ptr [0x106] |
| 2018-12-25T12:38:41.539251845Z | 59 | PC: 12d73 | Change current directory |
| 2018-12-25T12:38:41.544165502Z | 59 | PC: 12d7a | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":13617,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:38:41.009748166Z | 71 | PC: 12b28 | Get current directory |
| 2018-12-25T12:38:41.013148091Z | 59 | PC: 12b33 | Change current directory |
| 2018-12-25T12:38:41.016987162Z | 26 | PC: 12be6 | Set disk transfer address |
| 2018-12-25T12:38:41.017947168Z | 78 | PC: 12bf4 | Find first file |
| 2018-12-25T12:38:41.029350067Z | 61 | PC: 12c1f | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:38:41.036414384Z | 63 | PC: 12c31 | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T12:38:41.042810375Z | 44 | PC: 12c64 | Get time 0x12c64: add dl, dh 0x12c66: je 0x12c60 0x12c68: mov si, 0x115 0x12c6b: add si, word ptr [0x106] 0x12c6f: mov byte ptr [si], dl 0x12c71: mov ax, 0x4301 0x12c74: xor cx, cx 0x12c76: mov dx, si 0x12c78: add dx, 0xaf 0x12c7c: int 0x21 0x12c7e: mov ah, 0x3e 0x12c80: int 0x21 0x12c82: mov ax, 0x3d02 0x12c85: int 0x21 0x12c87: jb 0x12c40 0x12c89: mov di, dx 0x12c8b: add di, 0x5d 0x12c8e: stosw word ptr es:[di], ax 0x12c8f: xchg ax, bx 0x12c90: mov ah, 0x40 |
| 2018-12-25T12:38:41.045456824Z | 67 | PC: 12c7e | Get or set file attributes |
| 2018-12-25T12:38:41.240589537Z | 62 | PC: 12c82 | Close file |
| 2018-12-25T12:38:41.242736325Z | 61 | PC: 12c87 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:38:41.25144759Z | 64 | PC: 12c9a | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:38:41.256372391Z | 64 | PC: 12cac | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:38:41.262330934Z | 64 | PC: 12cc1 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:38:41.268949373Z | 66 | PC: 12cca | Move file pointer |
| 2018-12-25T12:38:41.282351574Z | 64 | PC: 12a7d | Write file or device (Write 942 bytes on handle 5) |
| 2018-12-25T12:38:41.29156469Z | 87 | PC: 12ce3 | Get or set file date and time |
| 2018-12-25T12:38:41.295151899Z | 62 | PC: 12ce7 | Close file |
| 2018-12-25T12:38:41.303158774Z | 67 | PC: 12cf8 | Get or set file attributes |
| 2018-12-25T12:38:41.31316175Z | 79 | PC: 12c07 | Find next file |
| 2018-12-25T12:38:41.316458512Z | 61 | PC: 12c1f | Open file (See above) |
| 2018-12-25T12:38:41.323792994Z | 63 | PC: 12c31 | Read file or device (See above) |
| 2018-12-25T12:38:41.330965438Z | 44 | PC: 12c64 | Get time (See above) |
| 2018-12-25T12:38:41.333456328Z | 67 | PC: 12c7e | Get or set file attributes (See above) |
| 2018-12-25T12:38:41.344887404Z | 62 | PC: 12c82 | Close file (See above) |
| 2018-12-25T12:38:41.347006775Z | 61 | PC: 12c87 | Open file (See above) |
| 2018-12-25T12:38:41.354518229Z | 64 | PC: 12c9a | Write file or device (See above) |
| 2018-12-25T12:38:41.359060751Z | 64 | PC: 12cac | Write file or device (See above) |
| 2018-12-25T12:38:41.361773078Z | 64 | PC: 12cc1 | Write file or device (See above) |
| 2018-12-25T12:38:41.372207475Z | 66 | PC: 12cca | Move file pointer (See above) |
| 2018-12-25T12:38:41.375215329Z | 64 | PC: 12a7d | Write file or device (See above) |
| 2018-12-25T12:38:41.384139353Z | 87 | PC: 12ce3 | Get or set file date and time (See above) |
| 2018-12-25T12:38:41.385911104Z | 62 | PC: 12ce7 | Close file (See above) |
| 2018-12-25T12:38:41.394349229Z | 67 | PC: 12cf8 | Get or set file attributes (See above) |
| 2018-12-25T12:38:41.411467107Z | 79 | PC: 12c07 | Find next file (See above) |
| 2018-12-25T12:38:41.415154497Z | 61 | PC: 12c1f | Open file (See above) |
| 2018-12-25T12:38:41.423050379Z | 63 | PC: 12c31 | Read file or device (See above) |
| 2018-12-25T12:38:41.429664703Z | 44 | PC: 12c64 | Get time (See above) |
| 2018-12-25T12:38:41.43188844Z | 67 | PC: 12c7e | Get or set file attributes (See above) |
| 2018-12-25T12:38:41.44310248Z | 62 | PC: 12c82 | Close file (See above) |
| 2018-12-25T12:38:41.444981769Z | 61 | PC: 12c87 | Open file (See above) |
| 2018-12-25T12:38:41.452422001Z | 64 | PC: 12c9a | Write file or device (See above) |
| 2018-12-25T12:38:41.455422387Z | 64 | PC: 12cac | Write file or device (See above) |
| 2018-12-25T12:38:41.459410819Z | 64 | PC: 12cc1 | Write file or device (See above) |
| 2018-12-25T12:38:41.462193916Z | 66 | PC: 12cca | Move file pointer (See above) |
| 2018-12-25T12:38:41.464279958Z | 64 | PC: 12a7d | Write file or device (See above) |
| 2018-12-25T12:38:41.474164536Z | 87 | PC: 12ce3 | Get or set file date and time (See above) |
| 2018-12-25T12:38:41.475259858Z | 62 | PC: 12ce7 | Close file (See above) |
| 2018-12-25T12:38:41.481014854Z | 67 | PC: 12cf8 | Get or set file attributes (See above) |
| 2018-12-25T12:38:41.501554758Z | 42 | PC: 12b4e | Get date 0x12b4e: cmp dx, 0x709 0x12b52: je 0x12b57 0x12b54: jmp 0x12d68 0x12b57: jmp 0x12cfd 0x12b5a: and ah, bh 0x12b5c: movsw word ptr es:[di], word ptr [si] 0x12b5d: mov ax, 0x5c4c 0x12b60: add word ptr [di], ax 0x12b62: add byte ptr [di - 0x75], dl 0x12b65: in al, dx 0x12b66: sub sp, 0x2c 0x12b69: push si 0x12b6a: jmp 0x12bdb 0x12b6c: mov ah, 0x1a 0x12b6e: lea dx, word ptr [bp - 0x2c] 0x12b71: int 0x21 0x12b73: mov ah, 0x4e 0x12b75: mov cx, 0x10 0x12b78: mov dx, 0x19d 0x12b7b: add dx, word ptr [0x106] |
| 2018-12-25T12:38:41.504039351Z | 59 | PC: 12d73 | Change current directory |
| 2018-12-25T12:38:41.508305171Z | 59 | PC: 12d7a | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":13617,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:38:41.084841939Z | 71 | PC: 12b28 | Get current directory |
| 2018-12-25T12:38:41.088202557Z | 59 | PC: 12b33 | Change current directory |
| 2018-12-25T12:38:41.093131721Z | 26 | PC: 12be6 | Set disk transfer address |
| 2018-12-25T12:38:41.094180122Z | 78 | PC: 12bf4 | Find first file |
| 2018-12-25T12:38:41.106693441Z | 61 | PC: 12c1f | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:38:41.114308275Z | 63 | PC: 12c31 | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T12:38:41.122876261Z | 44 | PC: 12c64 | Get time 0x12c64: add dl, dh 0x12c66: je 0x12c60 0x12c68: mov si, 0x115 0x12c6b: add si, word ptr [0x106] 0x12c6f: mov byte ptr [si], dl 0x12c71: mov ax, 0x4301 0x12c74: xor cx, cx 0x12c76: mov dx, si 0x12c78: add dx, 0xaf 0x12c7c: int 0x21 0x12c7e: mov ah, 0x3e 0x12c80: int 0x21 0x12c82: mov ax, 0x3d02 0x12c85: int 0x21 0x12c87: jb 0x12c40 0x12c89: mov di, dx 0x12c8b: add di, 0x5d 0x12c8e: stosw word ptr es:[di], ax 0x12c8f: xchg ax, bx 0x12c90: mov ah, 0x40 |
| 2018-12-25T12:38:41.125176673Z | 67 | PC: 12c7e | Get or set file attributes |
| 2018-12-25T12:38:41.141820926Z | 62 | PC: 12c82 | Close file |
| 2018-12-25T12:38:41.143647127Z | 61 | PC: 12c87 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:38:41.155987914Z | 64 | PC: 12c9a | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:38:41.165180328Z | 64 | PC: 12cac | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:38:41.168002636Z | 64 | PC: 12cc1 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:38:41.170944419Z | 66 | PC: 12cca | Move file pointer |
| 2018-12-25T12:38:41.173995055Z | 64 | PC: 12a7d | Write file or device (Write 942 bytes on handle 5) |
| 2018-12-25T12:38:41.188525383Z | 87 | PC: 12ce3 | Get or set file date and time |
| 2018-12-25T12:38:41.191543445Z | 62 | PC: 12ce7 | Close file |
| 2018-12-25T12:38:41.201585139Z | 67 | PC: 12cf8 | Get or set file attributes |
| 2018-12-25T12:38:41.212942783Z | 79 | PC: 12c07 | Find next file |
| 2018-12-25T12:38:41.217214773Z | 61 | PC: 12c1f | Open file (See above) |
| 2018-12-25T12:38:41.226185658Z | 63 | PC: 12c31 | Read file or device (See above) |
| 2018-12-25T12:38:41.235512895Z | 44 | PC: 12c64 | Get time (See above) |
| 2018-12-25T12:38:41.237918583Z | 67 | PC: 12c7e | Get or set file attributes (See above) |
| 2018-12-25T12:38:41.249162857Z | 62 | PC: 12c82 | Close file (See above) |
| 2018-12-25T12:38:41.251785566Z | 61 | PC: 12c87 | Open file (See above) |
| 2018-12-25T12:38:41.259778042Z | 64 | PC: 12c9a | Write file or device (See above) |
| 2018-12-25T12:38:41.262745476Z | 64 | PC: 12cac | Write file or device (See above) |
| 2018-12-25T12:38:41.26601934Z | 64 | PC: 12cc1 | Write file or device (See above) |
| 2018-12-25T12:38:41.268784404Z | 66 | PC: 12cca | Move file pointer (See above) |
| 2018-12-25T12:38:41.270648595Z | 64 | PC: 12a7d | Write file or device (See above) |
| 2018-12-25T12:38:41.280933109Z | 87 | PC: 12ce3 | Get or set file date and time (See above) |
| 2018-12-25T12:38:41.282535211Z | 62 | PC: 12ce7 | Close file (See above) |
| 2018-12-25T12:38:41.290994719Z | 67 | PC: 12cf8 | Get or set file attributes (See above) |
| 2018-12-25T12:38:41.30235264Z | 79 | PC: 12c07 | Find next file (See above) |
| 2018-12-25T12:38:41.305228775Z | 61 | PC: 12c1f | Open file (See above) |
| 2018-12-25T12:38:41.312857184Z | 63 | PC: 12c31 | Read file or device (See above) |
| 2018-12-25T12:38:41.321261609Z | 44 | PC: 12c64 | Get time (See above) |
| 2018-12-25T12:38:41.323668917Z | 67 | PC: 12c7e | Get or set file attributes (See above) |
| 2018-12-25T12:38:41.334973541Z | 62 | PC: 12c82 | Close file (See above) |
| 2018-12-25T12:38:41.337072935Z | 61 | PC: 12c87 | Open file (See above) |
| 2018-12-25T12:38:41.34466257Z | 64 | PC: 12c9a | Write file or device (See above) |
| 2018-12-25T12:38:41.34740628Z | 64 | PC: 12cac | Write file or device (See above) |
| 2018-12-25T12:38:41.350281678Z | 64 | PC: 12cc1 | Write file or device (See above) |
| 2018-12-25T12:38:41.353207497Z | 66 | PC: 12cca | Move file pointer (See above) |
| 2018-12-25T12:38:41.355121169Z | 64 | PC: 12a7d | Write file or device (See above) |
| 2018-12-25T12:38:41.367654741Z | 87 | PC: 12ce3 | Get or set file date and time (See above) |
| 2018-12-25T12:38:41.3699916Z | 62 | PC: 12ce7 | Close file (See above) |
| 2018-12-25T12:38:41.378725535Z | 67 | PC: 12cf8 | Get or set file attributes (See above) |
| 2018-12-25T12:38:41.390084245Z | 42 | PC: 12b4e | Get date 0x12b4e: cmp dx, 0x709 0x12b52: je 0x12b57 0x12b54: jmp 0x12d68 0x12b57: jmp 0x12cfd 0x12b5a: and ah, bh 0x12b5c: movsw word ptr es:[di], word ptr [si] 0x12b5d: mov ax, 0x5c4c 0x12b60: add word ptr [di], ax 0x12b62: add byte ptr [di - 0x75], dl 0x12b65: in al, dx 0x12b66: sub sp, 0x2c 0x12b69: push si 0x12b6a: jmp 0x12bdb 0x12b6c: mov ah, 0x1a 0x12b6e: lea dx, word ptr [bp - 0x2c] 0x12b71: int 0x21 0x12b73: mov ah, 0x4e 0x12b75: mov cx, 0x10 0x12b78: mov dx, 0x19d 0x12b7b: add dx, word ptr [0x106] |
| 2018-12-25T12:38:41.393609786Z | 59 | PC: 12d73 | Change current directory |
| 2018-12-25T12:38:41.3980452Z | 59 | PC: 12d7a | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":13617,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:38:41.209139711Z | 71 | PC: 12b28 | Get current directory |
| 2018-12-25T12:38:41.212412167Z | 59 | PC: 12b33 | Change current directory |
| 2018-12-25T12:38:41.216503429Z | 26 | PC: 12be6 | Set disk transfer address |
| 2018-12-25T12:38:41.217608106Z | 78 | PC: 12bf4 | Find first file |
| 2018-12-25T12:38:41.228932399Z | 61 | PC: 12c1f | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:38:41.241090101Z | 63 | PC: 12c31 | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T12:38:41.247371158Z | 44 | PC: 12c64 | Get time 0x12c64: add dl, dh 0x12c66: je 0x12c60 0x12c68: mov si, 0x115 0x12c6b: add si, word ptr [0x106] 0x12c6f: mov byte ptr [si], dl 0x12c71: mov ax, 0x4301 0x12c74: xor cx, cx 0x12c76: mov dx, si 0x12c78: add dx, 0xaf 0x12c7c: int 0x21 0x12c7e: mov ah, 0x3e 0x12c80: int 0x21 0x12c82: mov ax, 0x3d02 0x12c85: int 0x21 0x12c87: jb 0x12c40 0x12c89: mov di, dx 0x12c8b: add di, 0x5d 0x12c8e: stosw word ptr es:[di], ax 0x12c8f: xchg ax, bx 0x12c90: mov ah, 0x40 |
| 2018-12-25T12:38:41.250290163Z | 67 | PC: 12c7e | Get or set file attributes |
| 2018-12-25T12:38:41.26581786Z | 62 | PC: 12c82 | Close file |
| 2018-12-25T12:38:41.267828533Z | 61 | PC: 12c87 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:38:41.275262428Z | 64 | PC: 12c9a | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:38:41.280778096Z | 64 | PC: 12cac | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:38:41.284827278Z | 64 | PC: 12cc1 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:38:41.288002854Z | 66 | PC: 12cca | Move file pointer |
| 2018-12-25T12:38:41.291274539Z | 64 | PC: 12a7d | Write file or device (Write 942 bytes on handle 5) |
| 2018-12-25T12:38:41.301355918Z | 87 | PC: 12ce3 | Get or set file date and time |
| 2018-12-25T12:38:41.309434057Z | 62 | PC: 12ce7 | Close file |
| 2018-12-25T12:38:41.333012253Z | 67 | PC: 12cf8 | Get or set file attributes |
| 2018-12-25T12:38:41.343086391Z | 79 | PC: 12c07 | Find next file |
| 2018-12-25T12:38:41.346031724Z | 61 | PC: 12c1f | Open file (See above) |
| 2018-12-25T12:38:41.354047469Z | 63 | PC: 12c31 | Read file or device (See above) |
| 2018-12-25T12:38:41.360595048Z | 44 | PC: 12c64 | Get time (See above) |
| 2018-12-25T12:38:41.362916726Z | 67 | PC: 12c7e | Get or set file attributes (See above) |
| 2018-12-25T12:38:41.373407252Z | 62 | PC: 12c82 | Close file (See above) |
| 2018-12-25T12:38:41.376577762Z | 61 | PC: 12c87 | Open file (See above) |
| 2018-12-25T12:38:41.383187359Z | 64 | PC: 12c9a | Write file or device (See above) |
| 2018-12-25T12:38:41.385757127Z | 64 | PC: 12cac | Write file or device (See above) |
| 2018-12-25T12:38:41.387931972Z | 64 | PC: 12cc1 | Write file or device (See above) |
| 2018-12-25T12:38:41.389968335Z | 66 | PC: 12cca | Move file pointer (See above) |
| 2018-12-25T12:38:41.391474401Z | 64 | PC: 12a7d | Write file or device (See above) |
| 2018-12-25T12:38:41.398882859Z | 87 | PC: 12ce3 | Get or set file date and time (See above) |
| 2018-12-25T12:38:41.400649795Z | 62 | PC: 12ce7 | Close file (See above) |
| 2018-12-25T12:38:41.409051766Z | 67 | PC: 12cf8 | Get or set file attributes (See above) |
| 2018-12-25T12:38:41.423431326Z | 79 | PC: 12c07 | Find next file (See above) |
| 2018-12-25T12:38:41.426345097Z | 61 | PC: 12c1f | Open file (See above) |
| 2018-12-25T12:38:41.445143997Z | 63 | PC: 12c31 | Read file or device (See above) |
| 2018-12-25T12:38:41.452443945Z | 44 | PC: 12c64 | Get time (See above) |
| 2018-12-25T12:38:41.454864633Z | 67 | PC: 12c7e | Get or set file attributes (See above) |
| 2018-12-25T12:38:41.464885672Z | 62 | PC: 12c82 | Close file (See above) |
| 2018-12-25T12:38:41.467917894Z | 61 | PC: 12c87 | Open file (See above) |
| 2018-12-25T12:38:41.474545282Z | 64 | PC: 12c9a | Write file or device (See above) |
| 2018-12-25T12:38:41.477567907Z | 64 | PC: 12cac | Write file or device (See above) |
| 2018-12-25T12:38:41.481095978Z | 64 | PC: 12cc1 | Write file or device (See above) |
| 2018-12-25T12:38:41.483979724Z | 66 | PC: 12cca | Move file pointer (See above) |
| 2018-12-25T12:38:41.486033689Z | 64 | PC: 12a7d | Write file or device (See above) |
| 2018-12-25T12:38:41.501550472Z | 87 | PC: 12ce3 | Get or set file date and time (See above) |
| 2018-12-25T12:38:41.503066456Z | 62 | PC: 12ce7 | Close file (See above) |
| 2018-12-25T12:38:41.510920272Z | 67 | PC: 12cf8 | Get or set file attributes (See above) |
| 2018-12-25T12:38:41.522155062Z | 42 | PC: 12b4e | Get date 0x12b4e: cmp dx, 0x709 0x12b52: je 0x12b57 0x12b54: jmp 0x12d68 0x12b57: jmp 0x12cfd 0x12b5a: and ah, bh 0x12b5c: movsw word ptr es:[di], word ptr [si] 0x12b5d: mov ax, 0x5c4c 0x12b60: add word ptr [di], ax 0x12b62: add byte ptr [di - 0x75], dl 0x12b65: in al, dx 0x12b66: sub sp, 0x2c 0x12b69: push si 0x12b6a: jmp 0x12bdb 0x12b6c: mov ah, 0x1a 0x12b6e: lea dx, word ptr [bp - 0x2c] 0x12b71: int 0x21 0x12b73: mov ah, 0x4e 0x12b75: mov cx, 0x10 0x12b78: mov dx, 0x19d 0x12b7b: add dx, word ptr [0x106] |
| 2018-12-25T12:38:41.524946496Z | 59 | PC: 12d73 | Change current directory |
| 2018-12-25T12:38:41.529247529Z | 59 | PC: 12d7a | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":13617,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:38:41.350588476Z | 71 | PC: 12b28 | Get current directory |
| 2018-12-25T12:38:41.354252388Z | 59 | PC: 12b33 | Change current directory |
| 2018-12-25T12:38:41.359576138Z | 26 | PC: 12be6 | Set disk transfer address |
| 2018-12-25T12:38:41.360881083Z | 78 | PC: 12bf4 | Find first file |
| 2018-12-25T12:38:41.367950684Z | 61 | PC: 12c1f | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:38:41.376075218Z | 63 | PC: 12c31 | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T12:38:41.383617032Z | 44 | PC: 12c64 | Get time 0x12c64: add dl, dh 0x12c66: je 0x12c60 0x12c68: mov si, 0x115 0x12c6b: add si, word ptr [0x106] 0x12c6f: mov byte ptr [si], dl 0x12c71: mov ax, 0x4301 0x12c74: xor cx, cx 0x12c76: mov dx, si 0x12c78: add dx, 0xaf 0x12c7c: int 0x21 0x12c7e: mov ah, 0x3e 0x12c80: int 0x21 0x12c82: mov ax, 0x3d02 0x12c85: int 0x21 0x12c87: jb 0x12c40 0x12c89: mov di, dx 0x12c8b: add di, 0x5d 0x12c8e: stosw word ptr es:[di], ax 0x12c8f: xchg ax, bx 0x12c90: mov ah, 0x40 |
| 2018-12-25T12:38:41.385996173Z | 67 | PC: 12c7e | Get or set file attributes |
| 2018-12-25T12:38:41.409214062Z | 62 | PC: 12c82 | Close file |
| 2018-12-25T12:38:41.413513311Z | 61 | PC: 12c87 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:38:41.420674688Z | 64 | PC: 12c9a | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:38:41.430922788Z | 64 | PC: 12cac | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:38:41.436938331Z | 64 | PC: 12cc1 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:38:41.440791159Z | 66 | PC: 12cca | Move file pointer |
| 2018-12-25T12:38:41.443163293Z | 64 | PC: 12a7d | Write file or device (Write 942 bytes on handle 5) |
| 2018-12-25T12:38:41.453106385Z | 87 | PC: 12ce3 | Get or set file date and time |
| 2018-12-25T12:38:41.455241071Z | 62 | PC: 12ce7 | Close file |
| 2018-12-25T12:38:41.464286056Z | 67 | PC: 12cf8 | Get or set file attributes |
| 2018-12-25T12:38:41.476087654Z | 79 | PC: 12c07 | Find next file |
| 2018-12-25T12:38:41.479015098Z | 61 | PC: 12c1f | Open file (See above) |
| 2018-12-25T12:38:41.486113748Z | 63 | PC: 12c31 | Read file or device (See above) |
| 2018-12-25T12:38:41.494454843Z | 44 | PC: 12c64 | Get time (See above) |
| 2018-12-25T12:38:41.496867481Z | 67 | PC: 12c7e | Get or set file attributes (See above) |
| 2018-12-25T12:38:41.508005358Z | 62 | PC: 12c82 | Close file (See above) |
| 2018-12-25T12:38:41.511005372Z | 61 | PC: 12c87 | Open file (See above) |
| 2018-12-25T12:38:41.518535361Z | 64 | PC: 12c9a | Write file or device (See above) |
| 2018-12-25T12:38:41.521977848Z | 64 | PC: 12cac | Write file or device (See above) |
| 2018-12-25T12:38:41.528737812Z | 64 | PC: 12cc1 | Write file or device (See above) |
| 2018-12-25T12:38:41.534027033Z | 66 | PC: 12cca | Move file pointer (See above) |
| 2018-12-25T12:38:41.536120324Z | 64 | PC: 12a7d | Write file or device (See above) |
| 2018-12-25T12:38:41.546111277Z | 87 | PC: 12ce3 | Get or set file date and time (See above) |
| 2018-12-25T12:38:41.54780916Z | 62 | PC: 12ce7 | Close file (See above) |
| 2018-12-25T12:38:41.556375846Z | 67 | PC: 12cf8 | Get or set file attributes (See above) |
| 2018-12-25T12:38:41.567410982Z | 79 | PC: 12c07 | Find next file (See above) |
| 2018-12-25T12:38:41.57099926Z | 61 | PC: 12c1f | Open file (See above) |
| 2018-12-25T12:38:41.578156467Z | 63 | PC: 12c31 | Read file or device (See above) |
| 2018-12-25T12:38:41.585523164Z | 44 | PC: 12c64 | Get time (See above) |
| 2018-12-25T12:38:41.589404704Z | 67 | PC: 12c7e | Get or set file attributes (See above) |
| 2018-12-25T12:38:41.600458696Z | 62 | PC: 12c82 | Close file (See above) |
| 2018-12-25T12:38:41.602569308Z | 61 | PC: 12c87 | Open file (See above) |
| 2018-12-25T12:38:41.61636961Z | 64 | PC: 12c9a | Write file or device (See above) |
| 2018-12-25T12:38:41.62082971Z | 64 | PC: 12cac | Write file or device (See above) |
| 2018-12-25T12:38:41.622970358Z | 64 | PC: 12cc1 | Write file or device (See above) |
| 2018-12-25T12:38:41.625410823Z | 66 | PC: 12cca | Move file pointer (See above) |
| 2018-12-25T12:38:41.62685396Z | 64 | PC: 12a7d | Write file or device (See above) |
| 2018-12-25T12:38:41.633993616Z | 87 | PC: 12ce3 | Get or set file date and time (See above) |
| 2018-12-25T12:38:41.635933309Z | 62 | PC: 12ce7 | Close file (See above) |
| 2018-12-25T12:38:41.642304434Z | 67 | PC: 12cf8 | Get or set file attributes (See above) |
| 2018-12-25T12:38:41.663658681Z | 42 | PC: 12b4e | Get date 0x12b4e: cmp dx, 0x709 0x12b52: je 0x12b57 0x12b54: jmp 0x12d68 0x12b57: jmp 0x12cfd 0x12b5a: and ah, bh 0x12b5c: movsw word ptr es:[di], word ptr [si] 0x12b5d: mov ax, 0x5c4c 0x12b60: add word ptr [di], ax 0x12b62: add byte ptr [di - 0x75], dl 0x12b65: in al, dx 0x12b66: sub sp, 0x2c 0x12b69: push si 0x12b6a: jmp 0x12bdb 0x12b6c: mov ah, 0x1a 0x12b6e: lea dx, word ptr [bp - 0x2c] 0x12b71: int 0x21 0x12b73: mov ah, 0x4e 0x12b75: mov cx, 0x10 0x12b78: mov dx, 0x19d 0x12b7b: add dx, word ptr [0x106] |
| 2018-12-25T12:38:41.667731203Z | 59 | PC: 12d73 | Change current directory |
| 2018-12-25T12:38:41.67306735Z | 59 | PC: 12d7a | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":13617,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:38:41.422618065Z | 71 | PC: 12b28 | Get current directory |
| 2018-12-25T12:38:41.437212205Z | 59 | PC: 12b33 | Change current directory |
| 2018-12-25T12:38:41.441453027Z | 26 | PC: 12be6 | Set disk transfer address |
| 2018-12-25T12:38:41.443460625Z | 78 | PC: 12bf4 | Find first file |
| 2018-12-25T12:38:41.46415859Z | 61 | PC: 12c1f | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:38:41.470838219Z | 63 | PC: 12c31 | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T12:38:41.477270268Z | 44 | PC: 12c64 | Get time 0x12c64: add dl, dh 0x12c66: je 0x12c60 0x12c68: mov si, 0x115 0x12c6b: add si, word ptr [0x106] 0x12c6f: mov byte ptr [si], dl 0x12c71: mov ax, 0x4301 0x12c74: xor cx, cx 0x12c76: mov dx, si 0x12c78: add dx, 0xaf 0x12c7c: int 0x21 0x12c7e: mov ah, 0x3e 0x12c80: int 0x21 0x12c82: mov ax, 0x3d02 0x12c85: int 0x21 0x12c87: jb 0x12c40 0x12c89: mov di, dx 0x12c8b: add di, 0x5d 0x12c8e: stosw word ptr es:[di], ax 0x12c8f: xchg ax, bx 0x12c90: mov ah, 0x40 |
| 2018-12-25T12:38:41.480568131Z | 67 | PC: 12c7e | Get or set file attributes |
| 2018-12-25T12:38:41.500664109Z | 62 | PC: 12c82 | Close file |
| 2018-12-25T12:38:41.502483944Z | 61 | PC: 12c87 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:38:41.509565279Z | 64 | PC: 12c9a | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:38:41.513043341Z | 64 | PC: 12cac | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:38:41.516603628Z | 64 | PC: 12cc1 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:38:41.519252297Z | 66 | PC: 12cca | Move file pointer |
| 2018-12-25T12:38:41.522340612Z | 64 | PC: 12a7d | Write file or device (Write 942 bytes on handle 5) |
| 2018-12-25T12:38:41.531787904Z | 87 | PC: 12ce3 | Get or set file date and time |
| 2018-12-25T12:38:41.533582887Z | 62 | PC: 12ce7 | Close file |
| 2018-12-25T12:38:41.543121737Z | 67 | PC: 12cf8 | Get or set file attributes |
| 2018-12-25T12:38:41.553334446Z | 79 | PC: 12c07 | Find next file |
| 2018-12-25T12:38:41.55589692Z | 61 | PC: 12c1f | Open file (See above) |
| 2018-12-25T12:38:41.564296387Z | 63 | PC: 12c31 | Read file or device (See above) |
| 2018-12-25T12:38:41.570783294Z | 44 | PC: 12c64 | Get time (See above) |
| 2018-12-25T12:38:41.572868954Z | 67 | PC: 12c7e | Get or set file attributes (See above) |
| 2018-12-25T12:38:41.583956568Z | 62 | PC: 12c82 | Close file (See above) |
| 2018-12-25T12:38:41.585743269Z | 61 | PC: 12c87 | Open file (See above) |
| 2018-12-25T12:38:41.592364232Z | 64 | PC: 12c9a | Write file or device (See above) |
| 2018-12-25T12:38:41.599554021Z | 64 | PC: 12cac | Write file or device (See above) |
| 2018-12-25T12:38:41.602219879Z | 64 | PC: 12cc1 | Write file or device (See above) |
| 2018-12-25T12:38:41.604973418Z | 66 | PC: 12cca | Move file pointer (See above) |
| 2018-12-25T12:38:41.607357984Z | 64 | PC: 12a7d | Write file or device (See above) |
| 2018-12-25T12:38:41.619516898Z | 87 | PC: 12ce3 | Get or set file date and time (See above) |
| 2018-12-25T12:38:41.621134619Z | 62 | PC: 12ce7 | Close file (See above) |
| 2018-12-25T12:38:41.628806258Z | 67 | PC: 12cf8 | Get or set file attributes (See above) |
| 2018-12-25T12:38:41.639950744Z | 79 | PC: 12c07 | Find next file (See above) |
| 2018-12-25T12:38:41.642656651Z | 61 | PC: 12c1f | Open file (See above) |
| 2018-12-25T12:38:41.649155957Z | 63 | PC: 12c31 | Read file or device (See above) |
| 2018-12-25T12:38:41.656180969Z | 44 | PC: 12c64 | Get time (See above) |
| 2018-12-25T12:38:41.658167223Z | 67 | PC: 12c7e | Get or set file attributes (See above) |
| 2018-12-25T12:38:41.667937552Z | 62 | PC: 12c82 | Close file (See above) |
| 2018-12-25T12:38:41.672019048Z | 61 | PC: 12c87 | Open file (See above) |
| 2018-12-25T12:38:41.678786343Z | 64 | PC: 12c9a | Write file or device (See above) |
| 2018-12-25T12:38:41.681824173Z | 64 | PC: 12cac | Write file or device (See above) |
| 2018-12-25T12:38:41.685665102Z | 64 | PC: 12cc1 | Write file or device (See above) |
| 2018-12-25T12:38:41.688512833Z | 66 | PC: 12cca | Move file pointer (See above) |
| 2018-12-25T12:38:41.691025755Z | 64 | PC: 12a7d | Write file or device (See above) |
| 2018-12-25T12:38:41.700882613Z | 87 | PC: 12ce3 | Get or set file date and time (See above) |
| 2018-12-25T12:38:41.703064016Z | 62 | PC: 12ce7 | Close file (See above) |
| 2018-12-25T12:38:41.710736929Z | 67 | PC: 12cf8 | Get or set file attributes (See above) |
| 2018-12-25T12:38:41.722244858Z | 42 | PC: 12b4e | Get date 0x12b4e: cmp dx, 0x709 0x12b52: je 0x12b57 0x12b54: jmp 0x12d68 0x12b57: jmp 0x12cfd 0x12b5a: and ah, bh 0x12b5c: movsw word ptr es:[di], word ptr [si] 0x12b5d: mov ax, 0x5c4c 0x12b60: add word ptr [di], ax 0x12b62: add byte ptr [di - 0x75], dl 0x12b65: in al, dx 0x12b66: sub sp, 0x2c 0x12b69: push si 0x12b6a: jmp 0x12bdb 0x12b6c: mov ah, 0x1a 0x12b6e: lea dx, word ptr [bp - 0x2c] 0x12b71: int 0x21 0x12b73: mov ah, 0x4e 0x12b75: mov cx, 0x10 0x12b78: mov dx, 0x19d 0x12b7b: add dx, word ptr [0x106] |
| 2018-12-25T12:38:41.724867955Z | 59 | PC: 12d73 | Change current directory |
| 2018-12-25T12:38:41.728983015Z | 59 | PC: 12d7a | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":13617,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:38:41.575818441Z | 71 | PC: 12b28 | Get current directory |
| 2018-12-25T12:38:41.580074069Z | 59 | PC: 12b33 | Change current directory |
| 2018-12-25T12:38:41.585117297Z | 26 | PC: 12be6 | Set disk transfer address |
| 2018-12-25T12:38:41.586738679Z | 78 | PC: 12bf4 | Find first file |
| 2018-12-25T12:38:41.59425397Z | 61 | PC: 12c1f | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:38:41.60372942Z | 63 | PC: 12c31 | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T12:38:41.611230346Z | 44 | PC: 12c64 | Get time 0x12c64: add dl, dh 0x12c66: je 0x12c60 0x12c68: mov si, 0x115 0x12c6b: add si, word ptr [0x106] 0x12c6f: mov byte ptr [si], dl 0x12c71: mov ax, 0x4301 0x12c74: xor cx, cx 0x12c76: mov dx, si 0x12c78: add dx, 0xaf 0x12c7c: int 0x21 0x12c7e: mov ah, 0x3e 0x12c80: int 0x21 0x12c82: mov ax, 0x3d02 0x12c85: int 0x21 0x12c87: jb 0x12c40 0x12c89: mov di, dx 0x12c8b: add di, 0x5d 0x12c8e: stosw word ptr es:[di], ax 0x12c8f: xchg ax, bx 0x12c90: mov ah, 0x40 |
| 2018-12-25T12:38:41.613505778Z | 67 | PC: 12c7e | Get or set file attributes |
| 2018-12-25T12:38:41.635169823Z | 62 | PC: 12c82 | Close file |
| 2018-12-25T12:38:41.637167272Z | 61 | PC: 12c87 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:38:41.650315918Z | 64 | PC: 12c9a | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:38:41.659189647Z | 64 | PC: 12cac | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:38:41.662492213Z | 64 | PC: 12cc1 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:38:41.665748791Z | 66 | PC: 12cca | Move file pointer |
| 2018-12-25T12:38:41.669308189Z | 64 | PC: 12a7d | Write file or device (Write 942 bytes on handle 5) |
| 2018-12-25T12:38:41.67939285Z | 87 | PC: 12ce3 | Get or set file date and time |
| 2018-12-25T12:38:41.681133217Z | 62 | PC: 12ce7 | Close file |
| 2018-12-25T12:38:41.689896417Z | 67 | PC: 12cf8 | Get or set file attributes |
| 2018-12-25T12:38:41.701571208Z | 79 | PC: 12c07 | Find next file |
| 2018-12-25T12:38:41.704437438Z | 61 | PC: 12c1f | Open file (See above) |
| 2018-12-25T12:38:41.71227371Z | 63 | PC: 12c31 | Read file or device (See above) |
| 2018-12-25T12:38:41.719999406Z | 44 | PC: 12c64 | Get time (See above) |
| 2018-12-25T12:38:41.722469379Z | 67 | PC: 12c7e | Get or set file attributes (See above) |
| 2018-12-25T12:38:41.733795845Z | 62 | PC: 12c82 | Close file (See above) |
| 2018-12-25T12:38:41.737108785Z | 61 | PC: 12c87 | Open file (See above) |
| 2018-12-25T12:38:41.744932726Z | 64 | PC: 12c9a | Write file or device (See above) |
| 2018-12-25T12:38:41.748476972Z | 64 | PC: 12cac | Write file or device (See above) |
| 2018-12-25T12:38:41.752589503Z | 64 | PC: 12cc1 | Write file or device (See above) |
| 2018-12-25T12:38:41.755884869Z | 66 | PC: 12cca | Move file pointer (See above) |
| 2018-12-25T12:38:41.758363067Z | 64 | PC: 12a7d | Write file or device (See above) |
| 2018-12-25T12:38:41.76882635Z | 87 | PC: 12ce3 | Get or set file date and time (See above) |
| 2018-12-25T12:38:41.774894194Z | 62 | PC: 12ce7 | Close file (See above) |
| 2018-12-25T12:38:41.784115751Z | 67 | PC: 12cf8 | Get or set file attributes (See above) |
| 2018-12-25T12:38:41.79598504Z | 79 | PC: 12c07 | Find next file (See above) |
| 2018-12-25T12:38:41.799586906Z | 61 | PC: 12c1f | Open file (See above) |
| 2018-12-25T12:38:41.807333922Z | 63 | PC: 12c31 | Read file or device (See above) |
| 2018-12-25T12:38:41.811798152Z | 44 | PC: 12c64 | Get time (See above) |
| 2018-12-25T12:38:41.814041695Z | 67 | PC: 12c7e | Get or set file attributes (See above) |
| 2018-12-25T12:38:41.821121209Z | 62 | PC: 12c82 | Close file (See above) |
| 2018-12-25T12:38:41.822497744Z | 61 | PC: 12c87 | Open file (See above) |
| 2018-12-25T12:38:41.827742014Z | 64 | PC: 12c9a | Write file or device (See above) |
| 2018-12-25T12:38:41.830191773Z | 64 | PC: 12cac | Write file or device (See above) |
| 2018-12-25T12:38:41.832131871Z | 64 | PC: 12cc1 | Write file or device (See above) |
| 2018-12-25T12:38:41.835129924Z | 66 | PC: 12cca | Move file pointer (See above) |
| 2018-12-25T12:38:41.836593825Z | 64 | PC: 12a7d | Write file or device (See above) |
| 2018-12-25T12:38:41.843021935Z | 87 | PC: 12ce3 | Get or set file date and time (See above) |
| 2018-12-25T12:38:41.845518054Z | 62 | PC: 12ce7 | Close file (See above) |
| 2018-12-25T12:38:41.851480463Z | 67 | PC: 12cf8 | Get or set file attributes (See above) |
| 2018-12-25T12:38:41.862549273Z | 42 | PC: 12b4e | Get date 0x12b4e: cmp dx, 0x709 0x12b52: je 0x12b57 0x12b54: jmp 0x12d68 0x12b57: jmp 0x12cfd 0x12b5a: and ah, bh 0x12b5c: movsw word ptr es:[di], word ptr [si] 0x12b5d: mov ax, 0x5c4c 0x12b60: add word ptr [di], ax 0x12b62: add byte ptr [di - 0x75], dl 0x12b65: in al, dx 0x12b66: sub sp, 0x2c 0x12b69: push si 0x12b6a: jmp 0x12bdb 0x12b6c: mov ah, 0x1a 0x12b6e: lea dx, word ptr [bp - 0x2c] 0x12b71: int 0x21 0x12b73: mov ah, 0x4e 0x12b75: mov cx, 0x10 0x12b78: mov dx, 0x19d 0x12b7b: add dx, word ptr [0x106] |
| 2018-12-25T12:38:41.866055445Z | 59 | PC: 12d73 | Change current directory |
| 2018-12-25T12:38:41.871143878Z | 59 | PC: 12d7a | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":13617,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:38:41.643079122Z | 71 | PC: 12b28 | Get current directory |
| 2018-12-25T12:38:41.646688835Z | 59 | PC: 12b33 | Change current directory |
| 2018-12-25T12:38:41.651256779Z | 26 | PC: 12be6 | Set disk transfer address |
| 2018-12-25T12:38:41.652624694Z | 78 | PC: 12bf4 | Find first file |
| 2018-12-25T12:38:41.665638068Z | 61 | PC: 12c1f | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:38:41.678904911Z | 63 | PC: 12c31 | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T12:38:41.686490425Z | 44 | PC: 12c64 | Get time 0x12c64: add dl, dh 0x12c66: je 0x12c60 0x12c68: mov si, 0x115 0x12c6b: add si, word ptr [0x106] 0x12c6f: mov byte ptr [si], dl 0x12c71: mov ax, 0x4301 0x12c74: xor cx, cx 0x12c76: mov dx, si 0x12c78: add dx, 0xaf 0x12c7c: int 0x21 0x12c7e: mov ah, 0x3e 0x12c80: int 0x21 0x12c82: mov ax, 0x3d02 0x12c85: int 0x21 0x12c87: jb 0x12c40 0x12c89: mov di, dx 0x12c8b: add di, 0x5d 0x12c8e: stosw word ptr es:[di], ax 0x12c8f: xchg ax, bx 0x12c90: mov ah, 0x40 |
| 2018-12-25T12:38:41.689208795Z | 67 | PC: 12c7e | Get or set file attributes |
| 2018-12-25T12:38:41.71650322Z | 62 | PC: 12c82 | Close file |
| 2018-12-25T12:38:41.719647161Z | 61 | PC: 12c87 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:38:41.728255487Z | 64 | PC: 12c9a | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:38:41.733579583Z | 64 | PC: 12cac | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:38:41.737084477Z | 64 | PC: 12cc1 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:38:41.740051543Z | 66 | PC: 12cca | Move file pointer |
| 2018-12-25T12:38:41.743372255Z | 64 | PC: 12a7d | Write file or device (Write 942 bytes on handle 5) |
| 2018-12-25T12:38:41.753946001Z | 87 | PC: 12ce3 | Get or set file date and time |
| 2018-12-25T12:38:41.755830281Z | 62 | PC: 12ce7 | Close file |
| 2018-12-25T12:38:41.76664586Z | 67 | PC: 12cf8 | Get or set file attributes |
| 2018-12-25T12:38:41.778314938Z | 79 | PC: 12c07 | Find next file |
| 2018-12-25T12:38:41.781661217Z | 61 | PC: 12c1f | Open file (See above) |
| 2018-12-25T12:38:41.789647868Z | 63 | PC: 12c31 | Read file or device (See above) |
| 2018-12-25T12:38:41.7972721Z | 44 | PC: 12c64 | Get time (See above) |
| 2018-12-25T12:38:41.799632901Z | 67 | PC: 12c7e | Get or set file attributes (See above) |
| 2018-12-25T12:38:41.810959635Z | 62 | PC: 12c82 | Close file (See above) |
| 2018-12-25T12:38:41.813339183Z | 61 | PC: 12c87 | Open file (See above) |
| 2018-12-25T12:38:41.821463178Z | 64 | PC: 12c9a | Write file or device (See above) |
| 2018-12-25T12:38:41.828675556Z | 64 | PC: 12cac | Write file or device (See above) |
| 2018-12-25T12:38:41.831721384Z | 64 | PC: 12cc1 | Write file or device (See above) |
| 2018-12-25T12:38:41.841816648Z | 66 | PC: 12cca | Move file pointer (See above) |
| 2018-12-25T12:38:41.843850086Z | 64 | PC: 12a7d | Write file or device (See above) |
| 2018-12-25T12:38:41.857976828Z | 87 | PC: 12ce3 | Get or set file date and time (See above) |
| 2018-12-25T12:38:41.859777158Z | 62 | PC: 12ce7 | Close file (See above) |
| 2018-12-25T12:38:41.868757834Z | 67 | PC: 12cf8 | Get or set file attributes (See above) |
| 2018-12-25T12:38:41.881137753Z | 79 | PC: 12c07 | Find next file (See above) |
| 2018-12-25T12:38:41.88873846Z | 61 | PC: 12c1f | Open file (See above) |
| 2018-12-25T12:38:41.897306704Z | 63 | PC: 12c31 | Read file or device (See above) |
| 2018-12-25T12:38:41.908150691Z | 44 | PC: 12c64 | Get time (See above) |
| 2018-12-25T12:38:41.911314516Z | 67 | PC: 12c7e | Get or set file attributes (See above) |
| 2018-12-25T12:38:41.922572891Z | 62 | PC: 12c82 | Close file (See above) |
| 2018-12-25T12:38:41.925028736Z | 61 | PC: 12c87 | Open file (See above) |
| 2018-12-25T12:38:41.934092175Z | 64 | PC: 12c9a | Write file or device (See above) |
| 2018-12-25T12:38:41.937195133Z | 64 | PC: 12cac | Write file or device (See above) |
| 2018-12-25T12:38:41.940158536Z | 64 | PC: 12cc1 | Write file or device (See above) |
| 2018-12-25T12:38:41.943967531Z | 66 | PC: 12cca | Move file pointer (See above) |
| 2018-12-25T12:38:41.946431899Z | 64 | PC: 12a7d | Write file or device (See above) |
| 2018-12-25T12:38:41.957157996Z | 87 | PC: 12ce3 | Get or set file date and time (See above) |
| 2018-12-25T12:38:41.959969833Z | 62 | PC: 12ce7 | Close file (See above) |
| 2018-12-25T12:38:41.968640473Z | 67 | PC: 12cf8 | Get or set file attributes (See above) |
| 2018-12-25T12:38:41.980079835Z | 42 | PC: 12b4e | Get date 0x12b4e: cmp dx, 0x709 0x12b52: je 0x12b57 0x12b54: jmp 0x12d68 0x12b57: jmp 0x12cfd 0x12b5a: and ah, bh 0x12b5c: movsw word ptr es:[di], word ptr [si] 0x12b5d: mov ax, 0x5c4c 0x12b60: add word ptr [di], ax 0x12b62: add byte ptr [di - 0x75], dl 0x12b65: in al, dx 0x12b66: sub sp, 0x2c 0x12b69: push si 0x12b6a: jmp 0x12bdb 0x12b6c: mov ah, 0x1a 0x12b6e: lea dx, word ptr [bp - 0x2c] 0x12b71: int 0x21 0x12b73: mov ah, 0x4e 0x12b75: mov cx, 0x10 0x12b78: mov dx, 0x19d 0x12b7b: add dx, word ptr [0x106] |
| 2018-12-25T12:38:41.983467384Z | 59 | PC: 12d73 | Change current directory |
| 2018-12-25T12:38:41.98880173Z | 59 | PC: 12d7a | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":13617,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:38:41.645421851Z | 71 | PC: 12b28 | Get current directory |
| 2018-12-25T12:38:41.648750295Z | 59 | PC: 12b33 | Change current directory |
| 2018-12-25T12:38:41.653349842Z | 26 | PC: 12be6 | Set disk transfer address |
| 2018-12-25T12:38:41.654601829Z | 78 | PC: 12bf4 | Find first file |
| 2018-12-25T12:38:41.661234239Z | 61 | PC: 12c1f | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:38:41.684575413Z | 63 | PC: 12c31 | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T12:38:41.702453294Z | 44 | PC: 12c64 | Get time 0x12c64: add dl, dh 0x12c66: je 0x12c60 0x12c68: mov si, 0x115 0x12c6b: add si, word ptr [0x106] 0x12c6f: mov byte ptr [si], dl 0x12c71: mov ax, 0x4301 0x12c74: xor cx, cx 0x12c76: mov dx, si 0x12c78: add dx, 0xaf 0x12c7c: int 0x21 0x12c7e: mov ah, 0x3e 0x12c80: int 0x21 0x12c82: mov ax, 0x3d02 0x12c85: int 0x21 0x12c87: jb 0x12c40 0x12c89: mov di, dx 0x12c8b: add di, 0x5d 0x12c8e: stosw word ptr es:[di], ax 0x12c8f: xchg ax, bx 0x12c90: mov ah, 0x40 |
| 2018-12-25T12:38:41.70637811Z | 67 | PC: 12c7e | Get or set file attributes |
| 2018-12-25T12:38:41.725650021Z | 62 | PC: 12c82 | Close file |
| 2018-12-25T12:38:41.730126742Z | 61 | PC: 12c87 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:38:41.739055314Z | 64 | PC: 12c9a | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:38:41.743804235Z | 64 | PC: 12cac | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:38:41.748641251Z | 64 | PC: 12cc1 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:38:41.751749039Z | 66 | PC: 12cca | Move file pointer |
| 2018-12-25T12:38:41.75406691Z | 64 | PC: 12a7d | Write file or device (Write 942 bytes on handle 5) |
| 2018-12-25T12:38:41.765292314Z | 87 | PC: 12ce3 | Get or set file date and time |
| 2018-12-25T12:38:41.767515862Z | 62 | PC: 12ce7 | Close file |
| 2018-12-25T12:38:41.776944422Z | 67 | PC: 12cf8 | Get or set file attributes |
| 2018-12-25T12:38:41.794517777Z | 79 | PC: 12c07 | Find next file |
| 2018-12-25T12:38:41.797768153Z | 61 | PC: 12c1f | Open file (See above) |
| 2018-12-25T12:38:41.80676018Z | 63 | PC: 12c31 | Read file or device (See above) |
| 2018-12-25T12:38:41.815652135Z | 44 | PC: 12c64 | Get time (See above) |
| 2018-12-25T12:38:41.818094732Z | 67 | PC: 12c7e | Get or set file attributes (See above) |
| 2018-12-25T12:38:41.829449695Z | 62 | PC: 12c82 | Close file (See above) |
| 2018-12-25T12:38:41.832567435Z | 61 | PC: 12c87 | Open file (See above) |
| 2018-12-25T12:38:41.839968166Z | 64 | PC: 12c9a | Write file or device (See above) |
| 2018-12-25T12:38:41.842965466Z | 64 | PC: 12cac | Write file or device (See above) |
| 2018-12-25T12:38:41.847767428Z | 64 | PC: 12cc1 | Write file or device (See above) |
| 2018-12-25T12:38:41.852598332Z | 66 | PC: 12cca | Move file pointer (See above) |
| 2018-12-25T12:38:41.854890665Z | 64 | PC: 12a7d | Write file or device (See above) |
| 2018-12-25T12:38:41.864488065Z | 87 | PC: 12ce3 | Get or set file date and time (See above) |
| 2018-12-25T12:38:41.866213757Z | 62 | PC: 12ce7 | Close file (See above) |
| 2018-12-25T12:38:41.876135319Z | 67 | PC: 12cf8 | Get or set file attributes (See above) |
| 2018-12-25T12:38:41.887542868Z | 79 | PC: 12c07 | Find next file (See above) |
| 2018-12-25T12:38:41.890941173Z | 61 | PC: 12c1f | Open file (See above) |
| 2018-12-25T12:38:41.89882939Z | 63 | PC: 12c31 | Read file or device (See above) |
| 2018-12-25T12:38:41.906233089Z | 44 | PC: 12c64 | Get time (See above) |
| 2018-12-25T12:38:41.909124151Z | 67 | PC: 12c7e | Get or set file attributes (See above) |
| 2018-12-25T12:38:41.920819215Z | 62 | PC: 12c82 | Close file (See above) |
| 2018-12-25T12:38:41.923266769Z | 61 | PC: 12c87 | Open file (See above) |
| 2018-12-25T12:38:41.932036773Z | 64 | PC: 12c9a | Write file or device (See above) |
| 2018-12-25T12:38:41.935390997Z | 64 | PC: 12cac | Write file or device (See above) |
| 2018-12-25T12:38:41.939440444Z | 64 | PC: 12cc1 | Write file or device (See above) |
| 2018-12-25T12:38:41.943652631Z | 66 | PC: 12cca | Move file pointer (See above) |
| 2018-12-25T12:38:41.946127742Z | 64 | PC: 12a7d | Write file or device (See above) |
| 2018-12-25T12:38:41.956159697Z | 87 | PC: 12ce3 | Get or set file date and time (See above) |
| 2018-12-25T12:38:41.958307083Z | 62 | PC: 12ce7 | Close file (See above) |
| 2018-12-25T12:38:41.966757167Z | 67 | PC: 12cf8 | Get or set file attributes (See above) |
| 2018-12-25T12:38:41.978035969Z | 42 | PC: 12b4e | Get date 0x12b4e: cmp dx, 0x709 0x12b52: je 0x12b57 0x12b54: jmp 0x12d68 0x12b57: jmp 0x12cfd 0x12b5a: and ah, bh 0x12b5c: movsw word ptr es:[di], word ptr [si] 0x12b5d: mov ax, 0x5c4c 0x12b60: add word ptr [di], ax 0x12b62: add byte ptr [di - 0x75], dl 0x12b65: in al, dx 0x12b66: sub sp, 0x2c 0x12b69: push si 0x12b6a: jmp 0x12bdb 0x12b6c: mov ah, 0x1a 0x12b6e: lea dx, word ptr [bp - 0x2c] 0x12b71: int 0x21 0x12b73: mov ah, 0x4e 0x12b75: mov cx, 0x10 0x12b78: mov dx, 0x19d 0x12b7b: add dx, word ptr [0x106] |
| 2018-12-25T12:38:41.981654046Z | 59 | PC: 12d73 | Change current directory |
| 2018-12-25T12:38:41.986209771Z | 59 | PC: 12d7a | Change current directory |