{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":1657,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:44:04.84194253Z | 53 | PC: 12ae4 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T11:44:04.850116782Z | 37 | PC: 12af6 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T11:44:04.851096925Z | 71 | PC: 12b01 | Get current directory |
| 2018-12-25T11:44:04.853689525Z | 25 | PC: 12b06 | Get default drive |
| 2018-12-25T11:44:04.85523316Z | 26 | PC: 12b2d | Set disk transfer address |
| 2018-12-25T11:44:04.856381177Z | 42 | PC: 12b31 | Get date 0x12b31: cmp dx, 0x202 0x12b35: jne 0x12b3a 0x12b37: jmp 0x12cf8 0x12b3a: mov ah, 0x4e 0x12b3c: lea dx, word ptr [si + 0x438] 0x12b40: mov cx, 7 0x12b43: int 0x21 0x12b45: jae 0x12b8b 0x12b47: mov ah, 0x1a 0x12b49: lea dx, word ptr [si + 0x518] 0x12b4d: int 0x21 0x12b4f: mov ah, 0x3b 0x12b51: lea dx, word ptr [si + 0x442] 0x12b55: int 0x21 0x12b57: jb 0x12b5b 0x12b59: jmp 0x12b25 0x12b5b: cmp byte ptr [si + 0x45d], 1 0x12b60: je 0x12b7b 0x12b62: mov al, 1 0x12b64: mov byte ptr [si + 0x45d], al |
| 2018-12-25T11:44:04.858301333Z | 78 | PC: 12b45 | Find first file |
| 2018-12-25T11:44:04.864598644Z | 67 | PC: 12b9e | Get or set file attributes |
| 2018-12-25T11:44:06.041484394Z | 61 | PC: 12d46 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:44:06.048472207Z | 63 | PC: 12bc5 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T11:44:06.063300161Z | 66 | PC: 12d3c | Move file pointer |
| 2018-12-25T11:44:06.064942456Z | 44 | PC: 12c30 | Get time 0x12c30: cmp dx, 0 0x12c33: je 0x12c2c 0x12c35: mov word ptr [si + 0x119], dx 0x12c39: mov cl, 8 0x12c3b: ror dx, cl 0x12c3d: mov word ptr [si + 0x45b], dx 0x12c41: cmp dl, 0x1e 0x12c44: jle 0x12c49 0x12c46: jmp 0x12c68 0x12c48: nop 0x12c49: lea si, word ptr [bp + 0x143] 0x12c4d: lea di, word ptr [bp + 0x11b] 0x12c51: mov cx, 0x10 0x12c54: call 0x12d0f 0x12c57: lea si, word ptr [bp + 0x153] 0x12c5b: lea di, word ptr [bp + 0x133] 0x12c5f: mov cx, 6 0x12c62: call 0x12d0f 0x12c65: jmp 0x12c84 0x12c67: nop |
| 2018-12-25T11:44:06.067552431Z | 64 | PC: 12a7f | Write file or device (Write 860 bytes on handle 5) |
| 2018-12-25T11:44:06.265043875Z | 66 | PC: 12d32 | Move file pointer |
| 2018-12-25T11:44:06.266788784Z | 64 | PC: 12ca8 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:44:06.272919793Z | 87 | PC: 12cb9 | Get or set file date and time |
| 2018-12-25T11:44:06.274295487Z | 62 | PC: 12cbd | Close file |
| 2018-12-25T11:44:06.339359948Z | 67 | PC: 12ccc | Get or set file attributes |
| 2018-12-25T11:44:06.37397037Z | 59 | PC: 12cd4 | Change current directory |
| 2018-12-25T11:44:06.378421877Z | 26 | PC: 12cdb | Set disk transfer address |
| 2018-12-25T11:44:06.380903564Z | 37 | PC: 12ce6 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":1657,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:44:04.990402089Z | 53 | PC: 12ae4 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T11:44:04.993555601Z | 37 | PC: 12af6 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T11:44:04.994865838Z | 71 | PC: 12b01 | Get current directory |
| 2018-12-25T11:44:04.997969959Z | 25 | PC: 12b06 | Get default drive |
| 2018-12-25T11:44:04.999163466Z | 26 | PC: 12b2d | Set disk transfer address |
| 2018-12-25T11:44:05.00055424Z | 42 | PC: 12b31 | Get date 0x12b31: cmp dx, 0x202 0x12b35: jne 0x12b3a 0x12b37: jmp 0x12cf8 0x12b3a: mov ah, 0x4e 0x12b3c: lea dx, word ptr [si + 0x438] 0x12b40: mov cx, 7 0x12b43: int 0x21 0x12b45: jae 0x12b8b 0x12b47: mov ah, 0x1a 0x12b49: lea dx, word ptr [si + 0x518] 0x12b4d: int 0x21 0x12b4f: mov ah, 0x3b 0x12b51: lea dx, word ptr [si + 0x442] 0x12b55: int 0x21 0x12b57: jb 0x12b5b 0x12b59: jmp 0x12b25 0x12b5b: cmp byte ptr [si + 0x45d], 1 0x12b60: je 0x12b7b 0x12b62: mov al, 1 0x12b64: mov byte ptr [si + 0x45d], al |
| 2018-12-25T11:44:05.003242825Z | 78 | PC: 12b45 | Find first file |
| 2018-12-25T11:44:05.009867956Z | 67 | PC: 12b9e | Get or set file attributes |
| 2018-12-25T11:44:05.072898834Z | 61 | PC: 12d46 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:44:05.081406219Z | 63 | PC: 12bc5 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T11:44:05.090119003Z | 66 | PC: 12d3c | Move file pointer |
| 2018-12-25T11:44:05.095981719Z | 44 | PC: 12c30 | Get time 0x12c30: cmp dx, 0 0x12c33: je 0x12c2c 0x12c35: mov word ptr [si + 0x119], dx 0x12c39: mov cl, 8 0x12c3b: ror dx, cl 0x12c3d: mov word ptr [si + 0x45b], dx 0x12c41: cmp dl, 0x1e 0x12c44: jle 0x12c49 0x12c46: jmp 0x12c68 0x12c48: nop 0x12c49: lea si, word ptr [bp + 0x143] 0x12c4d: lea di, word ptr [bp + 0x11b] 0x12c51: mov cx, 0x10 0x12c54: call 0x12d0f 0x12c57: lea si, word ptr [bp + 0x153] 0x12c5b: lea di, word ptr [bp + 0x133] 0x12c5f: mov cx, 6 0x12c62: call 0x12d0f 0x12c65: jmp 0x12c84 0x12c67: nop |
| 2018-12-25T11:44:05.09948276Z | 64 | PC: 12a7f | Write file or device (Write 860 bytes on handle 5) |
| 2018-12-25T11:44:05.110133161Z | 66 | PC: 12d32 | Move file pointer |
| 2018-12-25T11:44:05.11262456Z | 64 | PC: 12ca8 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:44:05.123961844Z | 87 | PC: 12cb9 | Get or set file date and time |
| 2018-12-25T11:44:05.125675685Z | 62 | PC: 12cbd | Close file |
| 2018-12-25T11:44:05.135447052Z | 67 | PC: 12ccc | Get or set file attributes |
| 2018-12-25T11:44:05.146868288Z | 59 | PC: 12cd4 | Change current directory |
| 2018-12-25T11:44:05.151557144Z | 26 | PC: 12cdb | Set disk transfer address |
| 2018-12-25T11:44:05.152942876Z | 37 | PC: 12ce6 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":1657,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:44:05.293681812Z | 53 | PC: 12ae4 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T11:44:05.295232929Z | 37 | PC: 12af6 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T11:44:05.296243623Z | 71 | PC: 12b01 | Get current directory |
| 2018-12-25T11:44:05.29881698Z | 25 | PC: 12b06 | Get default drive |
| 2018-12-25T11:44:05.300531089Z | 26 | PC: 12b2d | Set disk transfer address |
| 2018-12-25T11:44:05.301522407Z | 42 | PC: 12b31 | Get date 0x12b31: cmp dx, 0x202 0x12b35: jne 0x12b3a 0x12b37: jmp 0x12cf8 0x12b3a: mov ah, 0x4e 0x12b3c: lea dx, word ptr [si + 0x438] 0x12b40: mov cx, 7 0x12b43: int 0x21 0x12b45: jae 0x12b8b 0x12b47: mov ah, 0x1a 0x12b49: lea dx, word ptr [si + 0x518] 0x12b4d: int 0x21 0x12b4f: mov ah, 0x3b 0x12b51: lea dx, word ptr [si + 0x442] 0x12b55: int 0x21 0x12b57: jb 0x12b5b 0x12b59: jmp 0x12b25 0x12b5b: cmp byte ptr [si + 0x45d], 1 0x12b60: je 0x12b7b 0x12b62: mov al, 1 0x12b64: mov byte ptr [si + 0x45d], al |
| 2018-12-25T11:44:05.305569217Z | 78 | PC: 12b45 | Find first file |
| 2018-12-25T11:44:05.311895359Z | 67 | PC: 12b9e | Get or set file attributes |
| 2018-12-25T11:44:06.978219512Z | 61 | PC: 12d46 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:44:06.988554197Z | 63 | PC: 12bc5 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T11:44:06.996445344Z | 66 | PC: 12d3c | Move file pointer |
| 2018-12-25T11:44:06.998926153Z | 44 | PC: 12c30 | Get time 0x12c30: cmp dx, 0 0x12c33: je 0x12c2c 0x12c35: mov word ptr [si + 0x119], dx 0x12c39: mov cl, 8 0x12c3b: ror dx, cl 0x12c3d: mov word ptr [si + 0x45b], dx 0x12c41: cmp dl, 0x1e 0x12c44: jle 0x12c49 0x12c46: jmp 0x12c68 0x12c48: nop 0x12c49: lea si, word ptr [bp + 0x143] 0x12c4d: lea di, word ptr [bp + 0x11b] 0x12c51: mov cx, 0x10 0x12c54: call 0x12d0f 0x12c57: lea si, word ptr [bp + 0x153] 0x12c5b: lea di, word ptr [bp + 0x133] 0x12c5f: mov cx, 6 0x12c62: call 0x12d0f 0x12c65: jmp 0x12c84 0x12c67: nop |
| 2018-12-25T11:44:07.00168869Z | 64 | PC: 12a7f | Write file or device (Write 860 bytes on handle 5) |
| 2018-12-25T11:44:07.011983238Z | 66 | PC: 12d32 | Move file pointer |
| 2018-12-25T11:44:07.014087606Z | 64 | PC: 12ca8 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:44:07.021214632Z | 87 | PC: 12cb9 | Get or set file date and time |
| 2018-12-25T11:44:07.033680229Z | 62 | PC: 12cbd | Close file |
| 2018-12-25T11:44:07.041827162Z | 67 | PC: 12ccc | Get or set file attributes |
| 2018-12-25T11:44:07.051963251Z | 59 | PC: 12cd4 | Change current directory |
| 2018-12-25T11:44:07.066530905Z | 26 | PC: 12cdb | Set disk transfer address |
| 2018-12-25T11:44:07.06947Z | 37 | PC: 12ce6 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":1657,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:44:05.385844607Z | 53 | PC: 12ae4 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T11:44:05.392441064Z | 37 | PC: 12af6 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T11:44:05.393497925Z | 71 | PC: 12b01 | Get current directory |
| 2018-12-25T11:44:05.397202829Z | 25 | PC: 12b06 | Get default drive |
| 2018-12-25T11:44:05.398821893Z | 26 | PC: 12b2d | Set disk transfer address |
| 2018-12-25T11:44:05.399842344Z | 42 | PC: 12b31 | Get date 0x12b31: cmp dx, 0x202 0x12b35: jne 0x12b3a 0x12b37: jmp 0x12cf8 0x12b3a: mov ah, 0x4e 0x12b3c: lea dx, word ptr [si + 0x438] 0x12b40: mov cx, 7 0x12b43: int 0x21 0x12b45: jae 0x12b8b 0x12b47: mov ah, 0x1a 0x12b49: lea dx, word ptr [si + 0x518] 0x12b4d: int 0x21 0x12b4f: mov ah, 0x3b 0x12b51: lea dx, word ptr [si + 0x442] 0x12b55: int 0x21 0x12b57: jb 0x12b5b 0x12b59: jmp 0x12b25 0x12b5b: cmp byte ptr [si + 0x45d], 1 0x12b60: je 0x12b7b 0x12b62: mov al, 1 0x12b64: mov byte ptr [si + 0x45d], al |
| 2018-12-25T11:44:05.401848912Z | 78 | PC: 12b45 | Find first file |
| 2018-12-25T11:44:05.408157164Z | 67 | PC: 12b9e | Get or set file attributes |
| 2018-12-25T11:44:06.973453176Z | 61 | PC: 12d46 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:44:06.983632584Z | 63 | PC: 12bc5 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T11:44:06.990254487Z | 66 | PC: 12d3c | Move file pointer |
| 2018-12-25T11:44:06.997165403Z | 44 | PC: 12c30 | Get time 0x12c30: cmp dx, 0 0x12c33: je 0x12c2c 0x12c35: mov word ptr [si + 0x119], dx 0x12c39: mov cl, 8 0x12c3b: ror dx, cl 0x12c3d: mov word ptr [si + 0x45b], dx 0x12c41: cmp dl, 0x1e 0x12c44: jle 0x12c49 0x12c46: jmp 0x12c68 0x12c48: nop 0x12c49: lea si, word ptr [bp + 0x143] 0x12c4d: lea di, word ptr [bp + 0x11b] 0x12c51: mov cx, 0x10 0x12c54: call 0x12d0f 0x12c57: lea si, word ptr [bp + 0x153] 0x12c5b: lea di, word ptr [bp + 0x133] 0x12c5f: mov cx, 6 0x12c62: call 0x12d0f 0x12c65: jmp 0x12c84 0x12c67: nop |
| 2018-12-25T11:44:07.000249215Z | 64 | PC: 12a7f | Write file or device (Write 860 bytes on handle 5) |
| 2018-12-25T11:44:07.009620664Z | 66 | PC: 12d32 | Move file pointer |
| 2018-12-25T11:44:07.011798601Z | 64 | PC: 12ca8 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:44:07.018108688Z | 87 | PC: 12cb9 | Get or set file date and time |
| 2018-12-25T11:44:07.019489838Z | 62 | PC: 12cbd | Close file |
| 2018-12-25T11:44:07.027313589Z | 67 | PC: 12ccc | Get or set file attributes |
| 2018-12-25T11:44:07.037246166Z | 59 | PC: 12cd4 | Change current directory |
| 2018-12-25T11:44:07.041454521Z | 26 | PC: 12cdb | Set disk transfer address |
| 2018-12-25T11:44:07.043371999Z | 37 | PC: 12ce6 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |