{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15633,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:44:02.19062046Z | 26 | PC: 12ae3 | Set disk transfer address |
| 2018-12-25T12:44:02.193118691Z | 78 | PC: 12b45 | Find first file |
| 2018-12-25T12:44:02.202802916Z | 67 | PC: 12bc2 | Get or set file attributes |
| 2018-12-25T12:44:02.543807552Z | 61 | PC: 12bca | Open file (Filename = 'C:\DOS\EDIT.COM') |
| 2018-12-25T12:44:02.551318935Z | 63 | PC: 12bde | Read file or device (Read 20 bytes on handle 5) |
| 2018-12-25T12:44:02.55673187Z | 66 | PC: 12c04 | Move file pointer |
| 2018-12-25T12:44:02.558530142Z | 64 | PC: 12c21 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:44:02.562163223Z | 44 | PC: 12c36 | Get time 0x12c36: mov al, ch 0x12c38: add al, cl 0x12c3a: add al, dh 0x12c3c: add al, dl 0x12c3e: mov byte ptr [0x42d], al 0x12c41: mov ax, word ptr [0x18] 0x12c44: xchg word ptr [0x1c], ax 0x12c48: mov word ptr [0x18], ax 0x12c4b: mov ax, word ptr [0x1a] 0x12c4e: xchg word ptr [0x1e], ax 0x12c52: mov word ptr [0x1a], ax 0x12c55: mov cx, 0x17 0x12c58: push ds 0x12c59: pop es 0x12c5a: mov si, 0x15 0x12c5d: mov di, 0x42e 0x12c60: rep movsb byte ptr es:[di], byte ptr [si] 0x12c62: mov ah, byte ptr [0x42d] 0x12c66: mov cx, 0x3b8 0x12c69: lodsb al, byte ptr [si] |
| 2018-12-25T12:44:02.564452393Z | 64 | PC: 12c7e | Write file or device (Write 996 bytes on handle 5) |
| 2018-12-25T12:44:02.571387474Z | 66 | PC: 12c9c | Move file pointer |
| 2018-12-25T12:44:02.572871481Z | 64 | PC: 12cca | Write file or device (Write 20 bytes on handle 5) |
| 2018-12-25T12:44:02.578359385Z | 87 | PC: 12cde | Get or set file date and time |
| 2018-12-25T12:44:02.57967036Z | 62 | PC: 12ce6 | Close file |
| 2018-12-25T12:44:02.585833876Z | 67 | PC: 12cfa | Get or set file attributes |
| 2018-12-25T12:44:02.598476908Z | 65 | PC: 12cfe | Delete file (Filename = 'C:\DOS\CHKLIST.MS') |
| 2018-12-25T12:44:02.605073217Z | 78 | PC: 12b45 | Find first file (See above) |
| 2018-12-25T12:44:02.611301937Z | 67 | PC: 12ba0 | Get or set file attributes |
| 2018-12-25T12:44:02.633840497Z | 61 | PC: 12ba8 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:44:02.64293371Z | 63 | PC: 12bde | Read file or device (See above) |
| 2018-12-25T12:44:02.649444094Z | 66 | PC: 12c04 | Move file pointer (See above) |
| 2018-12-25T12:44:02.65263995Z | 64 | PC: 12c21 | Write file or device (See above) |
| 2018-12-25T12:44:02.655860266Z | 44 | PC: 12c36 | Get time (See above) |
| 2018-12-25T12:44:02.658830697Z | 64 | PC: 12c7e | Write file or device (See above) |
| 2018-12-25T12:44:02.670481487Z | 66 | PC: 12c9c | Move file pointer (See above) |
| 2018-12-25T12:44:02.671959492Z | 64 | PC: 12cca | Write file or device (See above) |
| 2018-12-25T12:44:02.678557802Z | 87 | PC: 12cde | Get or set file date and time (See above) |
| 2018-12-25T12:44:02.680989027Z | 62 | PC: 12ce6 | Close file (See above) |
| 2018-12-25T12:44:02.688639629Z | 67 | PC: 12cfa | Get or set file attributes (See above) |
| 2018-12-25T12:44:02.694564755Z | 65 | PC: 12cfe | Delete file (See above) |
| 2018-12-25T12:44:02.70115592Z | 42 | PC: 12aff | Get date 0x12aff: cmp dx, 0x301 0x12b03: jne 0x12b0b 0x12b05: call 0x12d2d 0x12b08: jmp 0x12b1d 0x12b0a: nop 0x12b0b: cmp al, 1 0x12b0d: jne 0x12b1d 0x12b0f: cmp cx, 0x7ca 0x12b13: jae 0x12b1a 0x12b15: cmp dh, 9 0x12b18: jb 0x12b1d 0x12b1a: call 0x12cff 0x12b1d: pop es 0x12b1e: mov di, 0x100 0x12b21: mov word ptr [0x411], di 0x12b25: xor si, si 0x12b27: mov cx, 0x14 0x12b2a: rep movsb byte ptr es:[di], byte ptr [si] 0x12b2c: mov word ptr [0x413], es 0x12b30: push es |
| 2018-12-25T12:44:02.70347016Z | 26 | PC: 12b39 | Set disk transfer address |
{"DateBased":true,"Day":7,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15633,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:44:02.442307559Z | 26 | PC: 12ae3 | Set disk transfer address |
| 2018-12-25T12:44:02.443850304Z | 78 | PC: 12b45 | Find first file |
| 2018-12-25T12:44:02.454306199Z | 67 | PC: 12bc2 | Get or set file attributes |
| 2018-12-25T12:44:02.80678851Z | 61 | PC: 12bca | Open file (Filename = 'C:\DOS\EDIT.COM') |
| 2018-12-25T12:44:02.811486389Z | 63 | PC: 12bde | Read file or device (Read 20 bytes on handle 5) |
| 2018-12-25T12:44:02.818198884Z | 66 | PC: 12c04 | Move file pointer |
| 2018-12-25T12:44:02.820519319Z | 64 | PC: 12c21 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:44:02.823818712Z | 44 | PC: 12c36 | Get time 0x12c36: mov al, ch 0x12c38: add al, cl 0x12c3a: add al, dh 0x12c3c: add al, dl 0x12c3e: mov byte ptr [0x42d], al 0x12c41: mov ax, word ptr [0x18] 0x12c44: xchg word ptr [0x1c], ax 0x12c48: mov word ptr [0x18], ax 0x12c4b: mov ax, word ptr [0x1a] 0x12c4e: xchg word ptr [0x1e], ax 0x12c52: mov word ptr [0x1a], ax 0x12c55: mov cx, 0x17 0x12c58: push ds 0x12c59: pop es 0x12c5a: mov si, 0x15 0x12c5d: mov di, 0x42e 0x12c60: rep movsb byte ptr es:[di], byte ptr [si] 0x12c62: mov ah, byte ptr [0x42d] 0x12c66: mov cx, 0x3b8 0x12c69: lodsb al, byte ptr [si] |
| 2018-12-25T12:44:02.826576518Z | 64 | PC: 12c7e | Write file or device (Write 996 bytes on handle 5) |
| 2018-12-25T12:44:02.83232602Z | 66 | PC: 12c9c | Move file pointer |
| 2018-12-25T12:44:02.833854563Z | 64 | PC: 12cca | Write file or device (Write 20 bytes on handle 5) |
| 2018-12-25T12:44:02.840850083Z | 87 | PC: 12cde | Get or set file date and time |
| 2018-12-25T12:44:02.84269578Z | 62 | PC: 12ce6 | Close file |
| 2018-12-25T12:44:02.849917962Z | 67 | PC: 12cfa | Get or set file attributes |
| 2018-12-25T12:44:02.860673904Z | 65 | PC: 12cfe | Delete file (Filename = 'C:\DOS\CHKLIST.MS') |
| 2018-12-25T12:44:02.868117548Z | 78 | PC: 12b45 | Find first file (See above) |
| 2018-12-25T12:44:02.875243256Z | 67 | PC: 12ba0 | Get or set file attributes |
| 2018-12-25T12:44:02.89259284Z | 61 | PC: 12ba8 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:44:02.901940549Z | 63 | PC: 12bde | Read file or device (See above) |
| 2018-12-25T12:44:02.909427024Z | 66 | PC: 12c04 | Move file pointer (See above) |
| 2018-12-25T12:44:02.911861033Z | 64 | PC: 12c21 | Write file or device (See above) |
| 2018-12-25T12:44:02.920827435Z | 44 | PC: 12c36 | Get time (See above) |
| 2018-12-25T12:44:02.923574894Z | 64 | PC: 12c7e | Write file or device (See above) |
| 2018-12-25T12:44:02.937840089Z | 66 | PC: 12c9c | Move file pointer (See above) |
| 2018-12-25T12:44:02.940735888Z | 64 | PC: 12cca | Write file or device (See above) |
| 2018-12-25T12:44:02.948308545Z | 87 | PC: 12cde | Get or set file date and time (See above) |
| 2018-12-25T12:44:02.950354496Z | 62 | PC: 12ce6 | Close file (See above) |
| 2018-12-25T12:44:02.960418005Z | 67 | PC: 12cfa | Get or set file attributes (See above) |
| 2018-12-25T12:44:02.966807383Z | 65 | PC: 12cfe | Delete file (See above) |
| 2018-12-25T12:44:02.97399786Z | 42 | PC: 12aff | Get date 0x12aff: cmp dx, 0x301 0x12b03: jne 0x12b0b 0x12b05: call 0x12d2d 0x12b08: jmp 0x12b1d 0x12b0a: nop 0x12b0b: cmp al, 1 0x12b0d: jne 0x12b1d 0x12b0f: cmp cx, 0x7ca 0x12b13: jae 0x12b1a 0x12b15: cmp dh, 9 0x12b18: jb 0x12b1d 0x12b1a: call 0x12cff 0x12b1d: pop es 0x12b1e: mov di, 0x100 0x12b21: mov word ptr [0x411], di 0x12b25: xor si, si 0x12b27: mov cx, 0x14 0x12b2a: rep movsb byte ptr es:[di], byte ptr [si] 0x12b2c: mov word ptr [0x413], es 0x12b30: push es |
| 2018-12-25T12:44:02.977599985Z | 26 | PC: 12b39 | Set disk transfer address |
{"DateBased":true,"Day":1,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15633,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:44:03.032054584Z | 26 | PC: 12ae3 | Set disk transfer address |
| 2018-12-25T12:44:03.034638037Z | 78 | PC: 12b45 | Find first file |
| 2018-12-25T12:44:03.044705964Z | 67 | PC: 12bc2 | Get or set file attributes |
| 2018-12-25T12:44:03.388697892Z | 61 | PC: 12bca | Open file (Filename = 'C:\DOS\EDIT.COM') |
| 2018-12-25T12:44:03.396943518Z | 63 | PC: 12bde | Read file or device (Read 20 bytes on handle 5) |
| 2018-12-25T12:44:03.404198624Z | 66 | PC: 12c04 | Move file pointer |
| 2018-12-25T12:44:03.405992938Z | 64 | PC: 12c21 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:44:03.409358131Z | 44 | PC: 12c36 | Get time 0x12c36: mov al, ch 0x12c38: add al, cl 0x12c3a: add al, dh 0x12c3c: add al, dl 0x12c3e: mov byte ptr [0x42d], al 0x12c41: mov ax, word ptr [0x18] 0x12c44: xchg word ptr [0x1c], ax 0x12c48: mov word ptr [0x18], ax 0x12c4b: mov ax, word ptr [0x1a] 0x12c4e: xchg word ptr [0x1e], ax 0x12c52: mov word ptr [0x1a], ax 0x12c55: mov cx, 0x17 0x12c58: push ds 0x12c59: pop es 0x12c5a: mov si, 0x15 0x12c5d: mov di, 0x42e 0x12c60: rep movsb byte ptr es:[di], byte ptr [si] 0x12c62: mov ah, byte ptr [0x42d] 0x12c66: mov cx, 0x3b8 0x12c69: lodsb al, byte ptr [si] |
| 2018-12-25T12:44:03.413105694Z | 64 | PC: 12c7e | Write file or device (Write 996 bytes on handle 5) |
| 2018-12-25T12:44:03.422065372Z | 66 | PC: 12c9c | Move file pointer |
| 2018-12-25T12:44:03.425843421Z | 64 | PC: 12cca | Write file or device (Write 20 bytes on handle 5) |
| 2018-12-25T12:44:03.43675308Z | 87 | PC: 12cde | Get or set file date and time |
| 2018-12-25T12:44:03.438580051Z | 62 | PC: 12ce6 | Close file |
| 2018-12-25T12:44:03.446232671Z | 67 | PC: 12cfa | Get or set file attributes |
| 2018-12-25T12:44:03.45747279Z | 65 | PC: 12cfe | Delete file (Filename = 'C:\DOS\CHKLIST.MS') |
| 2018-12-25T12:44:03.46530068Z | 78 | PC: 12b45 | Find first file (See above) |
| 2018-12-25T12:44:03.473196999Z | 67 | PC: 12ba0 | Get or set file attributes |
| 2018-12-25T12:44:03.492867264Z | 61 | PC: 12ba8 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:44:03.502328715Z | 63 | PC: 12bde | Read file or device (See above) |
| 2018-12-25T12:44:03.51040637Z | 66 | PC: 12c04 | Move file pointer (See above) |
| 2018-12-25T12:44:03.512694864Z | 64 | PC: 12c21 | Write file or device (See above) |
| 2018-12-25T12:44:03.516705997Z | 44 | PC: 12c36 | Get time (See above) |
| 2018-12-25T12:44:03.519667827Z | 64 | PC: 12c7e | Write file or device (See above) |
| 2018-12-25T12:44:03.529577045Z | 66 | PC: 12c9c | Move file pointer (See above) |
| 2018-12-25T12:44:03.532942316Z | 64 | PC: 12cca | Write file or device (See above) |
| 2018-12-25T12:44:03.540527952Z | 87 | PC: 12cde | Get or set file date and time (See above) |
| 2018-12-25T12:44:03.542279075Z | 62 | PC: 12ce6 | Close file (See above) |
| 2018-12-25T12:44:03.552797728Z | 67 | PC: 12cfa | Get or set file attributes (See above) |
| 2018-12-25T12:44:03.559783429Z | 65 | PC: 12cfe | Delete file (See above) |
| 2018-12-25T12:44:03.567611538Z | 42 | PC: 12aff | Get date 0x12aff: cmp dx, 0x301 0x12b03: jne 0x12b0b 0x12b05: call 0x12d2d 0x12b08: jmp 0x12b1d 0x12b0a: nop 0x12b0b: cmp al, 1 0x12b0d: jne 0x12b1d 0x12b0f: cmp cx, 0x7ca 0x12b13: jae 0x12b1a 0x12b15: cmp dh, 9 0x12b18: jb 0x12b1d 0x12b1a: call 0x12cff 0x12b1d: pop es 0x12b1e: mov di, 0x100 0x12b21: mov word ptr [0x411], di 0x12b25: xor si, si 0x12b27: mov cx, 0x14 0x12b2a: rep movsb byte ptr es:[di], byte ptr [si] 0x12b2c: mov word ptr [0x413], es 0x12b30: push es |
| 2018-12-25T12:44:03.571544045Z | 9 | PC: 12d41 | Display string (String= ' I'm sorry, you lost something because of AUREA ') |
{"DateBased":true,"Day":2,"Month":1,"Year":1995,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15633,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:44:03.861153111Z | 26 | PC: 12ae3 | Set disk transfer address |
| 2018-12-25T12:44:03.862908575Z | 78 | PC: 12b45 | Find first file |
| 2018-12-25T12:44:03.871894501Z | 67 | PC: 12bc2 | Get or set file attributes |
| 2018-12-25T12:44:04.202059784Z | 61 | PC: 12bca | Open file (Filename = 'C:\DOS\EDIT.COM') |
| 2018-12-25T12:44:04.210931626Z | 63 | PC: 12bde | Read file or device (Read 20 bytes on handle 5) |
| 2018-12-25T12:44:04.216474856Z | 66 | PC: 12c04 | Move file pointer |
| 2018-12-25T12:44:04.217852231Z | 64 | PC: 12c21 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:44:04.220879249Z | 44 | PC: 12c36 | Get time 0x12c36: mov al, ch 0x12c38: add al, cl 0x12c3a: add al, dh 0x12c3c: add al, dl 0x12c3e: mov byte ptr [0x42d], al 0x12c41: mov ax, word ptr [0x18] 0x12c44: xchg word ptr [0x1c], ax 0x12c48: mov word ptr [0x18], ax 0x12c4b: mov ax, word ptr [0x1a] 0x12c4e: xchg word ptr [0x1e], ax 0x12c52: mov word ptr [0x1a], ax 0x12c55: mov cx, 0x17 0x12c58: push ds 0x12c59: pop es 0x12c5a: mov si, 0x15 0x12c5d: mov di, 0x42e 0x12c60: rep movsb byte ptr es:[di], byte ptr [si] 0x12c62: mov ah, byte ptr [0x42d] 0x12c66: mov cx, 0x3b8 0x12c69: lodsb al, byte ptr [si] |
| 2018-12-25T12:44:04.223731879Z | 64 | PC: 12c7e | Write file or device (Write 996 bytes on handle 5) |
| 2018-12-25T12:44:04.230999581Z | 66 | PC: 12c9c | Move file pointer |
| 2018-12-25T12:44:04.232314214Z | 64 | PC: 12cca | Write file or device (Write 20 bytes on handle 5) |
| 2018-12-25T12:44:04.237947489Z | 87 | PC: 12cde | Get or set file date and time |
| 2018-12-25T12:44:04.239251867Z | 62 | PC: 12ce6 | Close file |
| 2018-12-25T12:44:04.245528237Z | 67 | PC: 12cfa | Get or set file attributes |
| 2018-12-25T12:44:04.254989559Z | 65 | PC: 12cfe | Delete file (Filename = 'C:\DOS\CHKLIST.MS') |
| 2018-12-25T12:44:04.261166172Z | 78 | PC: 12b45 | Find first file (See above) |
| 2018-12-25T12:44:04.266899131Z | 67 | PC: 12ba0 | Get or set file attributes |
| 2018-12-25T12:44:04.282250722Z | 61 | PC: 12ba8 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:44:04.288598311Z | 63 | PC: 12bde | Read file or device (See above) |
| 2018-12-25T12:44:04.294758374Z | 66 | PC: 12c04 | Move file pointer (See above) |
| 2018-12-25T12:44:04.296919596Z | 64 | PC: 12c21 | Write file or device (See above) |
| 2018-12-25T12:44:04.299457979Z | 44 | PC: 12c36 | Get time (See above) |
| 2018-12-25T12:44:04.301889184Z | 64 | PC: 12c7e | Write file or device (See above) |
| 2018-12-25T12:44:04.310632942Z | 66 | PC: 12c9c | Move file pointer (See above) |
| 2018-12-25T12:44:04.311824833Z | 64 | PC: 12cca | Write file or device (See above) |
| 2018-12-25T12:44:04.318177179Z | 87 | PC: 12cde | Get or set file date and time (See above) |
| 2018-12-25T12:44:04.320251546Z | 62 | PC: 12ce6 | Close file (See above) |
| 2018-12-25T12:44:04.327827589Z | 67 | PC: 12cfa | Get or set file attributes (See above) |
| 2018-12-25T12:44:04.333414435Z | 65 | PC: 12cfe | Delete file (See above) |
| 2018-12-25T12:44:04.340649991Z | 42 | PC: 12aff | Get date 0x12aff: cmp dx, 0x301 0x12b03: jne 0x12b0b 0x12b05: call 0x12d2d 0x12b08: jmp 0x12b1d 0x12b0a: nop 0x12b0b: cmp al, 1 0x12b0d: jne 0x12b1d 0x12b0f: cmp cx, 0x7ca 0x12b13: jae 0x12b1a 0x12b15: cmp dh, 9 0x12b18: jb 0x12b1d 0x12b1a: call 0x12cff 0x12b1d: pop es 0x12b1e: mov di, 0x100 0x12b21: mov word ptr [0x411], di 0x12b25: xor si, si 0x12b27: mov cx, 0x14 0x12b2a: rep movsb byte ptr es:[di], byte ptr [si] 0x12b2c: mov word ptr [0x413], es 0x12b30: push es |
| 2018-12-25T12:44:04.342654481Z | 67 | PC: 12d0d | Get or set file attributes |
| 2018-12-25T12:44:04.34892769Z | 65 | PC: 12d11 | Delete file (Filename = 'C:\DOS\CHKLIST.MS') |
| 2018-12-25T12:44:04.355437555Z | 67 | PC: 12d0d | Get or set file attributes (See above) |
| 2018-12-25T12:44:04.36145099Z | 65 | PC: 12d11 | Delete file (See above) |
| 2018-12-25T12:44:04.367520101Z | 67 | PC: 12d0d | Get or set file attributes (See above) |
| 2018-12-25T12:44:04.373951044Z | 65 | PC: 12d11 | Delete file (See above) |
| 2018-12-25T12:44:04.380140479Z | 67 | PC: 12d0d | Get or set file attributes (See above) |
| 2018-12-25T12:44:04.386267054Z | 65 | PC: 12d11 | Delete file (See above) |
| 2018-12-25T12:44:04.392936735Z | 67 | PC: 12d0d | Get or set file attributes (See above) |
| 2018-12-25T12:44:04.398906069Z | 65 | PC: 12d11 | Delete file (See above) |
| 2018-12-25T12:44:04.405647426Z | 67 | PC: 12d0d | Get or set file attributes (See above) |
| 2018-12-25T12:44:04.412102453Z | 65 | PC: 12d11 | Delete file (See above) |
| 2018-12-25T12:44:04.41816495Z | 67 | PC: 12d0d | Get or set file attributes (See above) |
| 2018-12-25T12:44:04.424531972Z | 65 | PC: 12d11 | Delete file (See above) |
| 2018-12-25T12:44:04.431594439Z | 67 | PC: 12d0d | Get or set file attributes (See above) |
| 2018-12-25T12:44:04.438123229Z | 65 | PC: 12d11 | Delete file (See above) |
| 2018-12-25T12:44:04.444929604Z | 26 | PC: 12b39 | Set disk transfer address |
{"DateBased":true,"Day":4,"Month":9,"Year":1995,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15633,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:44:04.407032863Z | 26 | PC: 12ae3 | Set disk transfer address |
| 2018-12-25T12:44:04.40886714Z | 78 | PC: 12b45 | Find first file |
| 2018-12-25T12:44:04.420164377Z | 67 | PC: 12bc2 | Get or set file attributes |
| 2018-12-25T12:44:04.766202114Z | 61 | PC: 12bca | Open file (Filename = 'C:\DOS\EDIT.COM') |
| 2018-12-25T12:44:04.774786451Z | 63 | PC: 12bde | Read file or device (Read 20 bytes on handle 5) |
| 2018-12-25T12:44:04.781731803Z | 66 | PC: 12c04 | Move file pointer |
| 2018-12-25T12:44:04.782941422Z | 64 | PC: 12c21 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:44:04.784915773Z | 44 | PC: 12c36 | Get time 0x12c36: mov al, ch 0x12c38: add al, cl 0x12c3a: add al, dh 0x12c3c: add al, dl 0x12c3e: mov byte ptr [0x42d], al 0x12c41: mov ax, word ptr [0x18] 0x12c44: xchg word ptr [0x1c], ax 0x12c48: mov word ptr [0x18], ax 0x12c4b: mov ax, word ptr [0x1a] 0x12c4e: xchg word ptr [0x1e], ax 0x12c52: mov word ptr [0x1a], ax 0x12c55: mov cx, 0x17 0x12c58: push ds 0x12c59: pop es 0x12c5a: mov si, 0x15 0x12c5d: mov di, 0x42e 0x12c60: rep movsb byte ptr es:[di], byte ptr [si] 0x12c62: mov ah, byte ptr [0x42d] 0x12c66: mov cx, 0x3b8 0x12c69: lodsb al, byte ptr [si] |
| 2018-12-25T12:44:04.788248952Z | 64 | PC: 12c7e | Write file or device (Write 996 bytes on handle 5) |
| 2018-12-25T12:44:04.793352431Z | 66 | PC: 12c9c | Move file pointer |
| 2018-12-25T12:44:04.794822136Z | 64 | PC: 12cca | Write file or device (Write 20 bytes on handle 5) |
| 2018-12-25T12:44:04.801491841Z | 87 | PC: 12cde | Get or set file date and time |
| 2018-12-25T12:44:04.80300356Z | 62 | PC: 12ce6 | Close file |
| 2018-12-25T12:44:04.810237702Z | 67 | PC: 12cfa | Get or set file attributes |
| 2018-12-25T12:44:04.824820808Z | 65 | PC: 12cfe | Delete file (Filename = 'C:\DOS\CHKLIST.MS') |
| 2018-12-25T12:44:04.831812751Z | 78 | PC: 12b45 | Find first file (See above) |
| 2018-12-25T12:44:04.83824196Z | 67 | PC: 12ba0 | Get or set file attributes |
| 2018-12-25T12:44:04.856461867Z | 61 | PC: 12ba8 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:44:04.863687989Z | 63 | PC: 12bde | Read file or device (See above) |
| 2018-12-25T12:44:04.870686974Z | 66 | PC: 12c04 | Move file pointer (See above) |
| 2018-12-25T12:44:04.872734306Z | 64 | PC: 12c21 | Write file or device (See above) |
| 2018-12-25T12:44:04.875563193Z | 44 | PC: 12c36 | Get time (See above) |
| 2018-12-25T12:44:04.877956896Z | 64 | PC: 12c7e | Write file or device (See above) |
| 2018-12-25T12:44:04.888442081Z | 66 | PC: 12c9c | Move file pointer (See above) |
| 2018-12-25T12:44:04.890019971Z | 64 | PC: 12cca | Write file or device (See above) |
| 2018-12-25T12:44:04.89723181Z | 87 | PC: 12cde | Get or set file date and time (See above) |
| 2018-12-25T12:44:04.898726032Z | 62 | PC: 12ce6 | Close file (See above) |
| 2018-12-25T12:44:04.907645845Z | 67 | PC: 12cfa | Get or set file attributes (See above) |
| 2018-12-25T12:44:04.914240263Z | 65 | PC: 12cfe | Delete file (See above) |
| 2018-12-25T12:44:04.920873Z | 42 | PC: 12aff | Get date 0x12aff: cmp dx, 0x301 0x12b03: jne 0x12b0b 0x12b05: call 0x12d2d 0x12b08: jmp 0x12b1d 0x12b0a: nop 0x12b0b: cmp al, 1 0x12b0d: jne 0x12b1d 0x12b0f: cmp cx, 0x7ca 0x12b13: jae 0x12b1a 0x12b15: cmp dh, 9 0x12b18: jb 0x12b1d 0x12b1a: call 0x12cff 0x12b1d: pop es 0x12b1e: mov di, 0x100 0x12b21: mov word ptr [0x411], di 0x12b25: xor si, si 0x12b27: mov cx, 0x14 0x12b2a: rep movsb byte ptr es:[di], byte ptr [si] 0x12b2c: mov word ptr [0x413], es 0x12b30: push es |
| 2018-12-25T12:44:04.92367945Z | 67 | PC: 12d0d | Get or set file attributes |
| 2018-12-25T12:44:04.93061907Z | 65 | PC: 12d11 | Delete file (Filename = 'C:\DOS\CHKLIST.MS') |
| 2018-12-25T12:44:04.937628552Z | 67 | PC: 12d0d | Get or set file attributes (See above) |
| 2018-12-25T12:44:04.945086271Z | 65 | PC: 12d11 | Delete file (See above) |
| 2018-12-25T12:44:04.952918075Z | 67 | PC: 12d0d | Get or set file attributes (See above) |
| 2018-12-25T12:44:04.959757023Z | 65 | PC: 12d11 | Delete file (See above) |
| 2018-12-25T12:44:04.967153903Z | 67 | PC: 12d0d | Get or set file attributes (See above) |
| 2018-12-25T12:44:04.974491242Z | 65 | PC: 12d11 | Delete file (See above) |
| 2018-12-25T12:44:04.979222122Z | 67 | PC: 12d0d | Get or set file attributes (See above) |
| 2018-12-25T12:44:04.984123607Z | 65 | PC: 12d11 | Delete file (See above) |
| 2018-12-25T12:44:04.988274477Z | 67 | PC: 12d0d | Get or set file attributes (See above) |
| 2018-12-25T12:44:04.992213253Z | 65 | PC: 12d11 | Delete file (See above) |
| 2018-12-25T12:44:04.996879276Z | 67 | PC: 12d0d | Get or set file attributes (See above) |
| 2018-12-25T12:44:05.001032854Z | 65 | PC: 12d11 | Delete file (See above) |
| 2018-12-25T12:44:05.005058648Z | 67 | PC: 12d0d | Get or set file attributes (See above) |
| 2018-12-25T12:44:05.009606068Z | 65 | PC: 12d11 | Delete file (See above) |
| 2018-12-25T12:44:05.015313541Z | 26 | PC: 12b39 | Set disk transfer address |