{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":16897,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:54:12.958879077Z | 71 | PC: 12b2f | Get current directory |
| 2018-12-25T12:54:12.96146085Z | 59 | PC: 12b3a | Change current directory |
| 2018-12-25T12:54:12.96519167Z | 26 | PC: 12bee | Set disk transfer address |
| 2018-12-25T12:54:12.966078744Z | 78 | PC: 12bfc | Find first file |
| 2018-12-25T12:54:12.975667591Z | 61 | PC: 12c28 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:54:12.99457855Z | 63 | PC: 12c3a | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T12:54:13.001759381Z | 44 | PC: 12ca3 | Get time 0x12ca3: add dl, dh 0x12ca5: je 0x12c9f 0x12ca7: mov si, 0x115 0x12caa: add si, word ptr [0x106] 0x12cae: mov byte ptr [si], dl 0x12cb0: mov ax, 0x4301 0x12cb3: xor cx, cx 0x12cb5: mov dx, si 0x12cb7: add dx, 0xb6 0x12cbb: int 0x21 0x12cbd: mov ah, 0x3e 0x12cbf: int 0x21 0x12cc1: mov ax, 0x3d02 0x12cc4: int 0x21 0x12cc6: jb 0x12c49 0x12cc8: mov di, dx 0x12cca: add di, 0x5d 0x12ccd: stosw word ptr es:[di], ax 0x12cce: xchg ax, bx 0x12ccf: mov ah, 0x40 |
| 2018-12-25T12:54:13.004305411Z | 67 | PC: 12cbd | Get or set file attributes |
| 2018-12-25T12:54:13.023677769Z | 62 | PC: 12cc1 | Close file |
| 2018-12-25T12:54:13.02586497Z | 61 | PC: 12cc6 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:54:13.034332317Z | 64 | PC: 12cd9 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:54:13.038141251Z | 64 | PC: 12ceb | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:54:13.041664563Z | 64 | PC: 12d00 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:54:13.044945893Z | 66 | PC: 12d09 | Move file pointer |
| 2018-12-25T12:54:13.047451269Z | 64 | PC: 12a84 | Write file or device (Write 1202 bytes on handle 5) |
| 2018-12-25T12:54:13.058296792Z | 87 | PC: 12d22 | Get or set file date and time |
| 2018-12-25T12:54:13.059927764Z | 62 | PC: 12d26 | Close file |
| 2018-12-25T12:54:13.069288596Z | 67 | PC: 12d37 | Get or set file attributes |
| 2018-12-25T12:54:13.081377233Z | 79 | PC: 12c10 | Find next file |
| 2018-12-25T12:54:13.084825935Z | 61 | PC: 12c28 | Open file (See above) |
| 2018-12-25T12:54:13.092685348Z | 63 | PC: 12c3a | Read file or device (See above) |
| 2018-12-25T12:54:13.101770902Z | 44 | PC: 12ca3 | Get time (See above) |
| 2018-12-25T12:54:13.104782683Z | 67 | PC: 12cbd | Get or set file attributes (See above) |
| 2018-12-25T12:54:13.116328477Z | 62 | PC: 12cc1 | Close file (See above) |
| 2018-12-25T12:54:13.119011816Z | 61 | PC: 12cc6 | Open file (See above) |
| 2018-12-25T12:54:13.126567715Z | 64 | PC: 12cd9 | Write file or device (See above) |
| 2018-12-25T12:54:13.130589775Z | 64 | PC: 12ceb | Write file or device (See above) |
| 2018-12-25T12:54:13.134775541Z | 64 | PC: 12d00 | Write file or device (See above) |
| 2018-12-25T12:54:13.138647514Z | 66 | PC: 12d09 | Move file pointer (See above) |
| 2018-12-25T12:54:13.141305111Z | 64 | PC: 12a84 | Write file or device (See above) |
| 2018-12-25T12:54:13.152432932Z | 87 | PC: 12d22 | Get or set file date and time (See above) |
| 2018-12-25T12:54:13.154787425Z | 62 | PC: 12d26 | Close file (See above) |
| 2018-12-25T12:54:13.163904521Z | 67 | PC: 12d37 | Get or set file attributes (See above) |
| 2018-12-25T12:54:13.176645851Z | 79 | PC: 12c10 | Find next file (See above) |
| 2018-12-25T12:54:13.18086333Z | 61 | PC: 12c28 | Open file (See above) |
| 2018-12-25T12:54:13.18841775Z | 63 | PC: 12c3a | Read file or device (See above) |
| 2018-12-25T12:54:13.196533488Z | 44 | PC: 12ca3 | Get time (See above) |
| 2018-12-25T12:54:13.200526776Z | 67 | PC: 12cbd | Get or set file attributes (See above) |
| 2018-12-25T12:54:13.212433908Z | 62 | PC: 12cc1 | Close file (See above) |
| 2018-12-25T12:54:13.214917476Z | 61 | PC: 12cc6 | Open file (See above) |
| 2018-12-25T12:54:13.224064222Z | 64 | PC: 12cd9 | Write file or device (See above) |
| 2018-12-25T12:54:13.228046753Z | 64 | PC: 12ceb | Write file or device (See above) |
| 2018-12-25T12:54:13.231372791Z | 64 | PC: 12d00 | Write file or device (See above) |
| 2018-12-25T12:54:13.235461002Z | 66 | PC: 12d09 | Move file pointer (See above) |
| 2018-12-25T12:54:13.238258644Z | 64 | PC: 12a84 | Write file or device (See above) |
| 2018-12-25T12:54:13.251866438Z | 87 | PC: 12d22 | Get or set file date and time (See above) |
| 2018-12-25T12:54:13.253967927Z | 62 | PC: 12d26 | Close file (See above) |
| 2018-12-25T12:54:13.265828798Z | 67 | PC: 12d37 | Get or set file attributes (See above) |
| 2018-12-25T12:54:13.287115242Z | 42 | PC: 12b55 | Get date 0x12b55: cmp dx, 0x606 0x12b59: je 0x12b5e 0x12b5b: jmp 0x12da9 0x12b5e: jmp 0x12d3d 0x12b61: and ah, bh 0x12b63: movsw word ptr es:[di], word ptr [si] 0x12b64: mov ax, 0x5c4c 0x12b67: add word ptr [di], ax 0x12b69: add byte ptr [di - 0x75], dl 0x12b6c: in al, dx 0x12b6d: sub sp, 0x2c 0x12b70: push si 0x12b71: jmp 0x12be3 0x12b73: nop 0x12b74: mov ah, 0x1a 0x12b76: lea dx, word ptr [bp - 0x2c] 0x12b79: int 0x21 0x12b7b: mov ah, 0x4e 0x12b7d: mov cx, 0x10 0x12b80: mov dx, 0x1a4 |
| 2018-12-25T12:54:13.29000086Z | 59 | PC: 12db4 | Change current directory |
| 2018-12-25T12:54:13.295368425Z | 59 | PC: 12dbb | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":16897,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:54:12.99386612Z | 71 | PC: 12b2f | Get current directory |
| 2018-12-25T12:54:12.99704604Z | 59 | PC: 12b3a | Change current directory |
| 2018-12-25T12:54:13.00082719Z | 26 | PC: 12bee | Set disk transfer address |
| 2018-12-25T12:54:13.001796474Z | 78 | PC: 12bfc | Find first file |
| 2018-12-25T12:54:13.008532749Z | 61 | PC: 12c28 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:54:13.014758129Z | 63 | PC: 12c3a | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T12:54:13.020906064Z | 44 | PC: 12ca3 | Get time 0x12ca3: add dl, dh 0x12ca5: je 0x12c9f 0x12ca7: mov si, 0x115 0x12caa: add si, word ptr [0x106] 0x12cae: mov byte ptr [si], dl 0x12cb0: mov ax, 0x4301 0x12cb3: xor cx, cx 0x12cb5: mov dx, si 0x12cb7: add dx, 0xb6 0x12cbb: int 0x21 0x12cbd: mov ah, 0x3e 0x12cbf: int 0x21 0x12cc1: mov ax, 0x3d02 0x12cc4: int 0x21 0x12cc6: jb 0x12c49 0x12cc8: mov di, dx 0x12cca: add di, 0x5d 0x12ccd: stosw word ptr es:[di], ax 0x12cce: xchg ax, bx 0x12ccf: mov ah, 0x40 |
| 2018-12-25T12:54:13.023831502Z | 67 | PC: 12cbd | Get or set file attributes |
| 2018-12-25T12:54:13.042691224Z | 62 | PC: 12cc1 | Close file |
| 2018-12-25T12:54:13.044324081Z | 61 | PC: 12cc6 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:54:13.06681779Z | 64 | PC: 12cd9 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:54:13.080535909Z | 64 | PC: 12ceb | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:54:13.083176578Z | 64 | PC: 12d00 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:54:13.086325488Z | 66 | PC: 12d09 | Move file pointer |
| 2018-12-25T12:54:13.088491715Z | 64 | PC: 12a84 | Write file or device (Write 1202 bytes on handle 5) |
| 2018-12-25T12:54:13.097749586Z | 87 | PC: 12d22 | Get or set file date and time |
| 2018-12-25T12:54:13.0999775Z | 62 | PC: 12d26 | Close file |
| 2018-12-25T12:54:13.107560657Z | 67 | PC: 12d37 | Get or set file attributes |
| 2018-12-25T12:54:13.1171909Z | 79 | PC: 12c10 | Find next file |
| 2018-12-25T12:54:13.120307118Z | 61 | PC: 12c28 | Open file (See above) |
| 2018-12-25T12:54:13.127275663Z | 63 | PC: 12c3a | Read file or device (See above) |
| 2018-12-25T12:54:13.133833763Z | 44 | PC: 12ca3 | Get time (See above) |
| 2018-12-25T12:54:13.136649191Z | 67 | PC: 12cbd | Get or set file attributes (See above) |
| 2018-12-25T12:54:13.147012253Z | 62 | PC: 12cc1 | Close file (See above) |
| 2018-12-25T12:54:13.149466245Z | 61 | PC: 12cc6 | Open file (See above) |
| 2018-12-25T12:54:13.156906236Z | 64 | PC: 12cd9 | Write file or device (See above) |
| 2018-12-25T12:54:13.159733055Z | 64 | PC: 12ceb | Write file or device (See above) |
| 2018-12-25T12:54:13.16235797Z | 64 | PC: 12d00 | Write file or device (See above) |
| 2018-12-25T12:54:13.166129056Z | 66 | PC: 12d09 | Move file pointer (See above) |
| 2018-12-25T12:54:13.167946718Z | 64 | PC: 12a84 | Write file or device (See above) |
| 2018-12-25T12:54:13.17675913Z | 87 | PC: 12d22 | Get or set file date and time (See above) |
| 2018-12-25T12:54:13.178309844Z | 62 | PC: 12d26 | Close file (See above) |
| 2018-12-25T12:54:13.186494815Z | 67 | PC: 12d37 | Get or set file attributes (See above) |
| 2018-12-25T12:54:13.196639166Z | 79 | PC: 12c10 | Find next file (See above) |
| 2018-12-25T12:54:13.19929796Z | 61 | PC: 12c28 | Open file (See above) |
| 2018-12-25T12:54:13.206346901Z | 63 | PC: 12c3a | Read file or device (See above) |
| 2018-12-25T12:54:13.21253875Z | 44 | PC: 12ca3 | Get time (See above) |
| 2018-12-25T12:54:13.214550498Z | 67 | PC: 12cbd | Get or set file attributes (See above) |
| 2018-12-25T12:54:13.224554416Z | 62 | PC: 12cc1 | Close file (See above) |
| 2018-12-25T12:54:13.22644355Z | 61 | PC: 12cc6 | Open file (See above) |
| 2018-12-25T12:54:13.233540281Z | 64 | PC: 12cd9 | Write file or device (See above) |
| 2018-12-25T12:54:13.237703917Z | 64 | PC: 12ceb | Write file or device (See above) |
| 2018-12-25T12:54:13.240660514Z | 64 | PC: 12d00 | Write file or device (See above) |
| 2018-12-25T12:54:13.243473837Z | 66 | PC: 12d09 | Move file pointer (See above) |
| 2018-12-25T12:54:13.246635505Z | 64 | PC: 12a84 | Write file or device (See above) |
| 2018-12-25T12:54:13.257235672Z | 87 | PC: 12d22 | Get or set file date and time (See above) |
| 2018-12-25T12:54:13.258759968Z | 62 | PC: 12d26 | Close file (See above) |
| 2018-12-25T12:54:13.266967679Z | 67 | PC: 12d37 | Get or set file attributes (See above) |
| 2018-12-25T12:54:13.276913478Z | 42 | PC: 12b55 | Get date 0x12b55: cmp dx, 0x606 0x12b59: je 0x12b5e 0x12b5b: jmp 0x12da9 0x12b5e: jmp 0x12d3d 0x12b61: and ah, bh 0x12b63: movsw word ptr es:[di], word ptr [si] 0x12b64: mov ax, 0x5c4c 0x12b67: add word ptr [di], ax 0x12b69: add byte ptr [di - 0x75], dl 0x12b6c: in al, dx 0x12b6d: sub sp, 0x2c 0x12b70: push si 0x12b71: jmp 0x12be3 0x12b73: nop 0x12b74: mov ah, 0x1a 0x12b76: lea dx, word ptr [bp - 0x2c] 0x12b79: int 0x21 0x12b7b: mov ah, 0x4e 0x12b7d: mov cx, 0x10 0x12b80: mov dx, 0x1a4 |
| 2018-12-25T12:54:13.27918163Z | 59 | PC: 12db4 | Change current directory |
| 2018-12-25T12:54:13.283879216Z | 59 | PC: 12dbb | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":16897,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:54:13.037313518Z | 71 | PC: 12b2f | Get current directory |
| 2018-12-25T12:54:13.048026386Z | 59 | PC: 12b3a | Change current directory |
| 2018-12-25T12:54:13.052515952Z | 26 | PC: 12bee | Set disk transfer address |
| 2018-12-25T12:54:13.053707436Z | 78 | PC: 12bfc | Find first file |
| 2018-12-25T12:54:13.061374317Z | 61 | PC: 12c28 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:54:13.068581707Z | 63 | PC: 12c3a | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T12:54:13.075857451Z | 44 | PC: 12ca3 | Get time 0x12ca3: add dl, dh 0x12ca5: je 0x12c9f 0x12ca7: mov si, 0x115 0x12caa: add si, word ptr [0x106] 0x12cae: mov byte ptr [si], dl 0x12cb0: mov ax, 0x4301 0x12cb3: xor cx, cx 0x12cb5: mov dx, si 0x12cb7: add dx, 0xb6 0x12cbb: int 0x21 0x12cbd: mov ah, 0x3e 0x12cbf: int 0x21 0x12cc1: mov ax, 0x3d02 0x12cc4: int 0x21 0x12cc6: jb 0x12c49 0x12cc8: mov di, dx 0x12cca: add di, 0x5d 0x12ccd: stosw word ptr es:[di], ax 0x12cce: xchg ax, bx 0x12ccf: mov ah, 0x40 |
| 2018-12-25T12:54:13.078018739Z | 67 | PC: 12cbd | Get or set file attributes |
| 2018-12-25T12:54:13.102743992Z | 62 | PC: 12cc1 | Close file |
| 2018-12-25T12:54:13.105335862Z | 61 | PC: 12cc6 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:54:13.112331734Z | 64 | PC: 12cd9 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:54:13.121730953Z | 64 | PC: 12ceb | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:54:13.124511011Z | 64 | PC: 12d00 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:54:13.127277067Z | 66 | PC: 12d09 | Move file pointer |
| 2018-12-25T12:54:13.131926156Z | 64 | PC: 12a84 | Write file or device (Write 1202 bytes on handle 5) |
| 2018-12-25T12:54:13.142971862Z | 87 | PC: 12d22 | Get or set file date and time |
| 2018-12-25T12:54:13.146600165Z | 62 | PC: 12d26 | Close file |
| 2018-12-25T12:54:13.156147013Z | 67 | PC: 12d37 | Get or set file attributes |
| 2018-12-25T12:54:13.168114789Z | 79 | PC: 12c10 | Find next file |
| 2018-12-25T12:54:13.171531639Z | 61 | PC: 12c28 | Open file (See above) |
| 2018-12-25T12:54:13.179797647Z | 63 | PC: 12c3a | Read file or device (See above) |
| 2018-12-25T12:54:13.187671921Z | 44 | PC: 12ca3 | Get time (See above) |
| 2018-12-25T12:54:13.189960341Z | 67 | PC: 12cbd | Get or set file attributes (See above) |
| 2018-12-25T12:54:13.201364635Z | 62 | PC: 12cc1 | Close file (See above) |
| 2018-12-25T12:54:13.203688271Z | 61 | PC: 12cc6 | Open file (See above) |
| 2018-12-25T12:54:13.210973389Z | 64 | PC: 12cd9 | Write file or device (See above) |
| 2018-12-25T12:54:13.213934979Z | 64 | PC: 12ceb | Write file or device (See above) |
| 2018-12-25T12:54:13.21699599Z | 64 | PC: 12d00 | Write file or device (See above) |
| 2018-12-25T12:54:13.219115403Z | 66 | PC: 12d09 | Move file pointer (See above) |
| 2018-12-25T12:54:13.221811248Z | 64 | PC: 12a84 | Write file or device (See above) |
| 2018-12-25T12:54:13.232576152Z | 87 | PC: 12d22 | Get or set file date and time (See above) |
| 2018-12-25T12:54:13.234075661Z | 62 | PC: 12d26 | Close file (See above) |
| 2018-12-25T12:54:13.242413822Z | 67 | PC: 12d37 | Get or set file attributes (See above) |
| 2018-12-25T12:54:13.254617658Z | 79 | PC: 12c10 | Find next file (See above) |
| 2018-12-25T12:54:13.257601301Z | 61 | PC: 12c28 | Open file (See above) |
| 2018-12-25T12:54:13.264633619Z | 63 | PC: 12c3a | Read file or device (See above) |
| 2018-12-25T12:54:13.272908856Z | 44 | PC: 12ca3 | Get time (See above) |
| 2018-12-25T12:54:13.275183019Z | 67 | PC: 12cbd | Get or set file attributes (See above) |
| 2018-12-25T12:54:13.285872478Z | 62 | PC: 12cc1 | Close file (See above) |
| 2018-12-25T12:54:13.288450506Z | 61 | PC: 12cc6 | Open file (See above) |
| 2018-12-25T12:54:13.297028863Z | 64 | PC: 12cd9 | Write file or device (See above) |
| 2018-12-25T12:54:13.300049638Z | 64 | PC: 12ceb | Write file or device (See above) |
| 2018-12-25T12:54:13.303167626Z | 64 | PC: 12d00 | Write file or device (See above) |
| 2018-12-25T12:54:13.306803749Z | 66 | PC: 12d09 | Move file pointer (See above) |
| 2018-12-25T12:54:13.308799839Z | 64 | PC: 12a84 | Write file or device (See above) |
| 2018-12-25T12:54:13.318973199Z | 87 | PC: 12d22 | Get or set file date and time (See above) |
| 2018-12-25T12:54:13.321210706Z | 62 | PC: 12d26 | Close file (See above) |
| 2018-12-25T12:54:13.329516598Z | 67 | PC: 12d37 | Get or set file attributes (See above) |
| 2018-12-25T12:54:13.340873919Z | 42 | PC: 12b55 | Get date 0x12b55: cmp dx, 0x606 0x12b59: je 0x12b5e 0x12b5b: jmp 0x12da9 0x12b5e: jmp 0x12d3d 0x12b61: and ah, bh 0x12b63: movsw word ptr es:[di], word ptr [si] 0x12b64: mov ax, 0x5c4c 0x12b67: add word ptr [di], ax 0x12b69: add byte ptr [di - 0x75], dl 0x12b6c: in al, dx 0x12b6d: sub sp, 0x2c 0x12b70: push si 0x12b71: jmp 0x12be3 0x12b73: nop 0x12b74: mov ah, 0x1a 0x12b76: lea dx, word ptr [bp - 0x2c] 0x12b79: int 0x21 0x12b7b: mov ah, 0x4e 0x12b7d: mov cx, 0x10 0x12b80: mov dx, 0x1a4 |
| 2018-12-25T12:54:13.344259203Z | 59 | PC: 12db4 | Change current directory |
| 2018-12-25T12:54:13.349173154Z | 59 | PC: 12dbb | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":16897,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:54:13.113242531Z | 71 | PC: 12b2f | Get current directory |
| 2018-12-25T12:54:13.116547898Z | 59 | PC: 12b3a | Change current directory |
| 2018-12-25T12:54:13.12061346Z | 26 | PC: 12bee | Set disk transfer address |
| 2018-12-25T12:54:13.121676374Z | 78 | PC: 12bfc | Find first file |
| 2018-12-25T12:54:13.144357857Z | 61 | PC: 12c28 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:54:13.152812207Z | 63 | PC: 12c3a | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T12:54:13.156653875Z | 44 | PC: 12ca3 | Get time 0x12ca3: add dl, dh 0x12ca5: je 0x12c9f 0x12ca7: mov si, 0x115 0x12caa: add si, word ptr [0x106] 0x12cae: mov byte ptr [si], dl 0x12cb0: mov ax, 0x4301 0x12cb3: xor cx, cx 0x12cb5: mov dx, si 0x12cb7: add dx, 0xb6 0x12cbb: int 0x21 0x12cbd: mov ah, 0x3e 0x12cbf: int 0x21 0x12cc1: mov ax, 0x3d02 0x12cc4: int 0x21 0x12cc6: jb 0x12c49 0x12cc8: mov di, dx 0x12cca: add di, 0x5d 0x12ccd: stosw word ptr es:[di], ax 0x12cce: xchg ax, bx 0x12ccf: mov ah, 0x40 |
| 2018-12-25T12:54:13.158685499Z | 67 | PC: 12cbd | Get or set file attributes |
| 2018-12-25T12:54:13.171764897Z | 62 | PC: 12cc1 | Close file |
| 2018-12-25T12:54:13.174186677Z | 61 | PC: 12cc6 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:54:13.194367847Z | 64 | PC: 12cd9 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:54:13.197148321Z | 64 | PC: 12ceb | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:54:13.199650089Z | 64 | PC: 12d00 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:54:13.202036961Z | 66 | PC: 12d09 | Move file pointer |
| 2018-12-25T12:54:13.204577376Z | 64 | PC: 12a84 | Write file or device (Write 1202 bytes on handle 5) |
| 2018-12-25T12:54:13.214524436Z | 87 | PC: 12d22 | Get or set file date and time |
| 2018-12-25T12:54:13.215941858Z | 62 | PC: 12d26 | Close file |
| 2018-12-25T12:54:13.223458088Z | 67 | PC: 12d37 | Get or set file attributes |
| 2018-12-25T12:54:13.233293454Z | 79 | PC: 12c10 | Find next file |
| 2018-12-25T12:54:13.236441937Z | 61 | PC: 12c28 | Open file (See above) |
| 2018-12-25T12:54:13.243232831Z | 63 | PC: 12c3a | Read file or device (See above) |
| 2018-12-25T12:54:13.2590501Z | 44 | PC: 12ca3 | Get time (See above) |
| 2018-12-25T12:54:13.261204612Z | 67 | PC: 12cbd | Get or set file attributes (See above) |
| 2018-12-25T12:54:13.271638144Z | 62 | PC: 12cc1 | Close file (See above) |
| 2018-12-25T12:54:13.273304414Z | 61 | PC: 12cc6 | Open file (See above) |
| 2018-12-25T12:54:13.280117788Z | 64 | PC: 12cd9 | Write file or device (See above) |
| 2018-12-25T12:54:13.283883365Z | 64 | PC: 12ceb | Write file or device (See above) |
| 2018-12-25T12:54:13.286426506Z | 64 | PC: 12d00 | Write file or device (See above) |
| 2018-12-25T12:54:13.289107871Z | 66 | PC: 12d09 | Move file pointer (See above) |
| 2018-12-25T12:54:13.292629939Z | 64 | PC: 12a84 | Write file or device (See above) |
| 2018-12-25T12:54:13.301488041Z | 87 | PC: 12d22 | Get or set file date and time (See above) |
| 2018-12-25T12:54:13.302964813Z | 62 | PC: 12d26 | Close file (See above) |
| 2018-12-25T12:54:13.3110486Z | 67 | PC: 12d37 | Get or set file attributes (See above) |
| 2018-12-25T12:54:13.323049342Z | 79 | PC: 12c10 | Find next file (See above) |
| 2018-12-25T12:54:13.325615809Z | 61 | PC: 12c28 | Open file (See above) |
| 2018-12-25T12:54:13.332501587Z | 63 | PC: 12c3a | Read file or device (See above) |
| 2018-12-25T12:54:13.338836296Z | 44 | PC: 12ca3 | Get time (See above) |
| 2018-12-25T12:54:13.34092245Z | 67 | PC: 12cbd | Get or set file attributes (See above) |
| 2018-12-25T12:54:13.350968559Z | 62 | PC: 12cc1 | Close file (See above) |
| 2018-12-25T12:54:13.353221776Z | 61 | PC: 12cc6 | Open file (See above) |
| 2018-12-25T12:54:13.36031661Z | 64 | PC: 12cd9 | Write file or device (See above) |
| 2018-12-25T12:54:13.363696364Z | 64 | PC: 12ceb | Write file or device (See above) |
| 2018-12-25T12:54:13.365602253Z | 64 | PC: 12d00 | Write file or device (See above) |
| 2018-12-25T12:54:13.367422247Z | 66 | PC: 12d09 | Move file pointer (See above) |
| 2018-12-25T12:54:13.369365129Z | 64 | PC: 12a84 | Write file or device (See above) |
| 2018-12-25T12:54:13.378378415Z | 87 | PC: 12d22 | Get or set file date and time (See above) |
| 2018-12-25T12:54:13.379668874Z | 62 | PC: 12d26 | Close file (See above) |
| 2018-12-25T12:54:13.387118213Z | 67 | PC: 12d37 | Get or set file attributes (See above) |
| 2018-12-25T12:54:13.398398385Z | 42 | PC: 12b55 | Get date 0x12b55: cmp dx, 0x606 0x12b59: je 0x12b5e 0x12b5b: jmp 0x12da9 0x12b5e: jmp 0x12d3d 0x12b61: and ah, bh 0x12b63: movsw word ptr es:[di], word ptr [si] 0x12b64: mov ax, 0x5c4c 0x12b67: add word ptr [di], ax 0x12b69: add byte ptr [di - 0x75], dl 0x12b6c: in al, dx 0x12b6d: sub sp, 0x2c 0x12b70: push si 0x12b71: jmp 0x12be3 0x12b73: nop 0x12b74: mov ah, 0x1a 0x12b76: lea dx, word ptr [bp - 0x2c] 0x12b79: int 0x21 0x12b7b: mov ah, 0x4e 0x12b7d: mov cx, 0x10 0x12b80: mov dx, 0x1a4 |
| 2018-12-25T12:54:13.400289429Z | 59 | PC: 12db4 | Change current directory |
| 2018-12-25T12:54:13.404555741Z | 59 | PC: 12dbb | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":16897,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:54:13.127537701Z | 71 | PC: 12b2f | Get current directory |
| 2018-12-25T12:54:13.130693343Z | 59 | PC: 12b3a | Change current directory |
| 2018-12-25T12:54:13.13453906Z | 26 | PC: 12bee | Set disk transfer address |
| 2018-12-25T12:54:13.13570771Z | 78 | PC: 12bfc | Find first file |
| 2018-12-25T12:54:13.147550007Z | 61 | PC: 12c28 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:54:13.158717884Z | 63 | PC: 12c3a | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T12:54:13.165341408Z | 44 | PC: 12ca3 | Get time 0x12ca3: add dl, dh 0x12ca5: je 0x12c9f 0x12ca7: mov si, 0x115 0x12caa: add si, word ptr [0x106] 0x12cae: mov byte ptr [si], dl 0x12cb0: mov ax, 0x4301 0x12cb3: xor cx, cx 0x12cb5: mov dx, si 0x12cb7: add dx, 0xb6 0x12cbb: int 0x21 0x12cbd: mov ah, 0x3e 0x12cbf: int 0x21 0x12cc1: mov ax, 0x3d02 0x12cc4: int 0x21 0x12cc6: jb 0x12c49 0x12cc8: mov di, dx 0x12cca: add di, 0x5d 0x12ccd: stosw word ptr es:[di], ax 0x12cce: xchg ax, bx 0x12ccf: mov ah, 0x40 |
| 2018-12-25T12:54:13.168341723Z | 67 | PC: 12cbd | Get or set file attributes |
| 2018-12-25T12:54:13.185537622Z | 62 | PC: 12cc1 | Close file |
| 2018-12-25T12:54:13.187419877Z | 61 | PC: 12cc6 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:54:13.204570445Z | 64 | PC: 12cd9 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:54:13.207374901Z | 64 | PC: 12ceb | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:54:13.21169317Z | 64 | PC: 12d00 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:54:13.21478795Z | 66 | PC: 12d09 | Move file pointer |
| 2018-12-25T12:54:13.216822223Z | 64 | PC: 12a84 | Write file or device (Write 1202 bytes on handle 5) |
| 2018-12-25T12:54:13.226097918Z | 87 | PC: 12d22 | Get or set file date and time |
| 2018-12-25T12:54:13.227532249Z | 62 | PC: 12d26 | Close file |
| 2018-12-25T12:54:13.23569005Z | 67 | PC: 12d37 | Get or set file attributes |
| 2018-12-25T12:54:13.245869102Z | 79 | PC: 12c10 | Find next file |
| 2018-12-25T12:54:13.248857597Z | 61 | PC: 12c28 | Open file (See above) |
| 2018-12-25T12:54:13.256811304Z | 63 | PC: 12c3a | Read file or device (See above) |
| 2018-12-25T12:54:13.2632912Z | 44 | PC: 12ca3 | Get time (See above) |
| 2018-12-25T12:54:13.265403403Z | 67 | PC: 12cbd | Get or set file attributes (See above) |
| 2018-12-25T12:54:13.275743853Z | 62 | PC: 12cc1 | Close file (See above) |
| 2018-12-25T12:54:13.27785306Z | 61 | PC: 12cc6 | Open file (See above) |
| 2018-12-25T12:54:13.285364727Z | 64 | PC: 12cd9 | Write file or device (See above) |
| 2018-12-25T12:54:13.288491005Z | 64 | PC: 12ceb | Write file or device (See above) |
| 2018-12-25T12:54:13.292092873Z | 64 | PC: 12d00 | Write file or device (See above) |
| 2018-12-25T12:54:13.295205995Z | 66 | PC: 12d09 | Move file pointer (See above) |
| 2018-12-25T12:54:13.297598853Z | 64 | PC: 12a84 | Write file or device (See above) |
| 2018-12-25T12:54:13.307235796Z | 87 | PC: 12d22 | Get or set file date and time (See above) |
| 2018-12-25T12:54:13.309794408Z | 62 | PC: 12d26 | Close file (See above) |
| 2018-12-25T12:54:13.3228445Z | 67 | PC: 12d37 | Get or set file attributes (See above) |
| 2018-12-25T12:54:13.337576412Z | 79 | PC: 12c10 | Find next file (See above) |
| 2018-12-25T12:54:13.340523103Z | 61 | PC: 12c28 | Open file (See above) |
| 2018-12-25T12:54:13.346909599Z | 63 | PC: 12c3a | Read file or device (See above) |
| 2018-12-25T12:54:13.353808394Z | 44 | PC: 12ca3 | Get time (See above) |
| 2018-12-25T12:54:13.355879181Z | 67 | PC: 12cbd | Get or set file attributes (See above) |
| 2018-12-25T12:54:13.365915876Z | 62 | PC: 12cc1 | Close file (See above) |
| 2018-12-25T12:54:13.368088827Z | 61 | PC: 12cc6 | Open file (See above) |
| 2018-12-25T12:54:13.374751052Z | 64 | PC: 12cd9 | Write file or device (See above) |
| 2018-12-25T12:54:13.377490888Z | 64 | PC: 12ceb | Write file or device (See above) |
| 2018-12-25T12:54:13.380238937Z | 64 | PC: 12d00 | Write file or device (See above) |
| 2018-12-25T12:54:13.384035647Z | 66 | PC: 12d09 | Move file pointer (See above) |
| 2018-12-25T12:54:13.385959176Z | 64 | PC: 12a84 | Write file or device (See above) |
| 2018-12-25T12:54:13.394853275Z | 87 | PC: 12d22 | Get or set file date and time (See above) |
| 2018-12-25T12:54:13.396744917Z | 62 | PC: 12d26 | Close file (See above) |
| 2018-12-25T12:54:13.408726593Z | 67 | PC: 12d37 | Get or set file attributes (See above) |
| 2018-12-25T12:54:13.416661739Z | 42 | PC: 12b55 | Get date 0x12b55: cmp dx, 0x606 0x12b59: je 0x12b5e 0x12b5b: jmp 0x12da9 0x12b5e: jmp 0x12d3d 0x12b61: and ah, bh 0x12b63: movsw word ptr es:[di], word ptr [si] 0x12b64: mov ax, 0x5c4c 0x12b67: add word ptr [di], ax 0x12b69: add byte ptr [di - 0x75], dl 0x12b6c: in al, dx 0x12b6d: sub sp, 0x2c 0x12b70: push si 0x12b71: jmp 0x12be3 0x12b73: nop 0x12b74: mov ah, 0x1a 0x12b76: lea dx, word ptr [bp - 0x2c] 0x12b79: int 0x21 0x12b7b: mov ah, 0x4e 0x12b7d: mov cx, 0x10 0x12b80: mov dx, 0x1a4 |
| 2018-12-25T12:54:13.420301649Z | 59 | PC: 12db4 | Change current directory |
| 2018-12-25T12:54:13.424851407Z | 59 | PC: 12dbb | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":16897,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:54:13.139774759Z | 71 | PC: 12b2f | Get current directory |
| 2018-12-25T12:54:13.144402447Z | 59 | PC: 12b3a | Change current directory |
| 2018-12-25T12:54:13.148935864Z | 26 | PC: 12bee | Set disk transfer address |
| 2018-12-25T12:54:13.150166974Z | 78 | PC: 12bfc | Find first file |
| 2018-12-25T12:54:13.157230064Z | 61 | PC: 12c28 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:54:13.166136135Z | 63 | PC: 12c3a | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T12:54:13.176926771Z | 44 | PC: 12ca3 | Get time 0x12ca3: add dl, dh 0x12ca5: je 0x12c9f 0x12ca7: mov si, 0x115 0x12caa: add si, word ptr [0x106] 0x12cae: mov byte ptr [si], dl 0x12cb0: mov ax, 0x4301 0x12cb3: xor cx, cx 0x12cb5: mov dx, si 0x12cb7: add dx, 0xb6 0x12cbb: int 0x21 0x12cbd: mov ah, 0x3e 0x12cbf: int 0x21 0x12cc1: mov ax, 0x3d02 0x12cc4: int 0x21 0x12cc6: jb 0x12c49 0x12cc8: mov di, dx 0x12cca: add di, 0x5d 0x12ccd: stosw word ptr es:[di], ax 0x12cce: xchg ax, bx 0x12ccf: mov ah, 0x40 |
| 2018-12-25T12:54:13.190344491Z | 67 | PC: 12cbd | Get or set file attributes |
| 2018-12-25T12:54:13.209654151Z | 62 | PC: 12cc1 | Close file |
| 2018-12-25T12:54:13.212077257Z | 61 | PC: 12cc6 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:54:13.219831518Z | 64 | PC: 12cd9 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:54:13.22407347Z | 64 | PC: 12ceb | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:54:13.227157394Z | 64 | PC: 12d00 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:54:13.230216035Z | 66 | PC: 12d09 | Move file pointer |
| 2018-12-25T12:54:13.232906561Z | 64 | PC: 12a84 | Write file or device (Write 1202 bytes on handle 5) |
| 2018-12-25T12:54:13.244341988Z | 87 | PC: 12d22 | Get or set file date and time |
| 2018-12-25T12:54:13.246756007Z | 62 | PC: 12d26 | Close file |
| 2018-12-25T12:54:13.256770284Z | 67 | PC: 12d37 | Get or set file attributes |
| 2018-12-25T12:54:13.268652628Z | 79 | PC: 12c10 | Find next file |
| 2018-12-25T12:54:13.271997703Z | 61 | PC: 12c28 | Open file (See above) |
| 2018-12-25T12:54:13.279238361Z | 63 | PC: 12c3a | Read file or device (See above) |
| 2018-12-25T12:54:13.287473514Z | 44 | PC: 12ca3 | Get time (See above) |
| 2018-12-25T12:54:13.290593553Z | 67 | PC: 12cbd | Get or set file attributes (See above) |
| 2018-12-25T12:54:13.30190378Z | 62 | PC: 12cc1 | Close file (See above) |
| 2018-12-25T12:54:13.304970048Z | 61 | PC: 12cc6 | Open file (See above) |
| 2018-12-25T12:54:13.312470341Z | 64 | PC: 12cd9 | Write file or device (See above) |
| 2018-12-25T12:54:13.315539693Z | 64 | PC: 12ceb | Write file or device (See above) |
| 2018-12-25T12:54:13.32027341Z | 64 | PC: 12d00 | Write file or device (See above) |
| 2018-12-25T12:54:13.324421286Z | 66 | PC: 12d09 | Move file pointer (See above) |
| 2018-12-25T12:54:13.32661148Z | 64 | PC: 12a84 | Write file or device (See above) |
| 2018-12-25T12:54:13.337646482Z | 87 | PC: 12d22 | Get or set file date and time (See above) |
| 2018-12-25T12:54:13.33981469Z | 62 | PC: 12d26 | Close file (See above) |
| 2018-12-25T12:54:13.349336331Z | 67 | PC: 12d37 | Get or set file attributes (See above) |
| 2018-12-25T12:54:13.362871774Z | 79 | PC: 12c10 | Find next file (See above) |
| 2018-12-25T12:54:13.366194091Z | 61 | PC: 12c28 | Open file (See above) |
| 2018-12-25T12:54:13.375822625Z | 63 | PC: 12c3a | Read file or device (See above) |
| 2018-12-25T12:54:13.385953204Z | 44 | PC: 12ca3 | Get time (See above) |
| 2018-12-25T12:54:13.389298846Z | 67 | PC: 12cbd | Get or set file attributes (See above) |
| 2018-12-25T12:54:13.404331422Z | 62 | PC: 12cc1 | Close file (See above) |
| 2018-12-25T12:54:13.406746627Z | 61 | PC: 12cc6 | Open file (See above) |
| 2018-12-25T12:54:13.415440773Z | 64 | PC: 12cd9 | Write file or device (See above) |
| 2018-12-25T12:54:13.419008031Z | 64 | PC: 12ceb | Write file or device (See above) |
| 2018-12-25T12:54:13.422255778Z | 64 | PC: 12d00 | Write file or device (See above) |
| 2018-12-25T12:54:13.426399034Z | 66 | PC: 12d09 | Move file pointer (See above) |
| 2018-12-25T12:54:13.429386674Z | 64 | PC: 12a84 | Write file or device (See above) |
| 2018-12-25T12:54:13.482252564Z | 87 | PC: 12d22 | Get or set file date and time (See above) |
| 2018-12-25T12:54:13.484588942Z | 62 | PC: 12d26 | Close file (See above) |
| 2018-12-25T12:54:13.538924251Z | 67 | PC: 12d37 | Get or set file attributes (See above) |
| 2018-12-25T12:54:13.595232591Z | 42 | PC: 12b55 | Get date 0x12b55: cmp dx, 0x606 0x12b59: je 0x12b5e 0x12b5b: jmp 0x12da9 0x12b5e: jmp 0x12d3d 0x12b61: and ah, bh 0x12b63: movsw word ptr es:[di], word ptr [si] 0x12b64: mov ax, 0x5c4c 0x12b67: add word ptr [di], ax 0x12b69: add byte ptr [di - 0x75], dl 0x12b6c: in al, dx 0x12b6d: sub sp, 0x2c 0x12b70: push si 0x12b71: jmp 0x12be3 0x12b73: nop 0x12b74: mov ah, 0x1a 0x12b76: lea dx, word ptr [bp - 0x2c] 0x12b79: int 0x21 0x12b7b: mov ah, 0x4e 0x12b7d: mov cx, 0x10 0x12b80: mov dx, 0x1a4 |
| 2018-12-25T12:54:13.598378169Z | 59 | PC: 12db4 | Change current directory |
| 2018-12-25T12:54:13.602703269Z | 59 | PC: 12dbb | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":16897,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:54:13.158929311Z | 71 | PC: 12b2f | Get current directory |
| 2018-12-25T12:54:13.162499828Z | 59 | PC: 12b3a | Change current directory |
| 2018-12-25T12:54:13.16677786Z | 26 | PC: 12bee | Set disk transfer address |
| 2018-12-25T12:54:13.167618998Z | 78 | PC: 12bfc | Find first file |
| 2018-12-25T12:54:13.172155183Z | 61 | PC: 12c28 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:54:13.178734864Z | 63 | PC: 12c3a | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T12:54:13.185015727Z | 44 | PC: 12ca3 | Get time 0x12ca3: add dl, dh 0x12ca5: je 0x12c9f 0x12ca7: mov si, 0x115 0x12caa: add si, word ptr [0x106] 0x12cae: mov byte ptr [si], dl 0x12cb0: mov ax, 0x4301 0x12cb3: xor cx, cx 0x12cb5: mov dx, si 0x12cb7: add dx, 0xb6 0x12cbb: int 0x21 0x12cbd: mov ah, 0x3e 0x12cbf: int 0x21 0x12cc1: mov ax, 0x3d02 0x12cc4: int 0x21 0x12cc6: jb 0x12c49 0x12cc8: mov di, dx 0x12cca: add di, 0x5d 0x12ccd: stosw word ptr es:[di], ax 0x12cce: xchg ax, bx 0x12ccf: mov ah, 0x40 |
| 2018-12-25T12:54:13.187396097Z | 67 | PC: 12cbd | Get or set file attributes |
| 2018-12-25T12:54:13.204686078Z | 62 | PC: 12cc1 | Close file |
| 2018-12-25T12:54:13.206504036Z | 61 | PC: 12cc6 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:54:13.21801379Z | 64 | PC: 12cd9 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:54:13.224770416Z | 64 | PC: 12ceb | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:54:13.228224353Z | 64 | PC: 12d00 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:54:13.230806512Z | 66 | PC: 12d09 | Move file pointer |
| 2018-12-25T12:54:13.232656241Z | 64 | PC: 12a84 | Write file or device (Write 1202 bytes on handle 5) |
| 2018-12-25T12:54:13.241463349Z | 87 | PC: 12d22 | Get or set file date and time |
| 2018-12-25T12:54:13.242918976Z | 62 | PC: 12d26 | Close file |
| 2018-12-25T12:54:13.25055167Z | 67 | PC: 12d37 | Get or set file attributes |
| 2018-12-25T12:54:13.260014991Z | 79 | PC: 12c10 | Find next file |
| 2018-12-25T12:54:13.262454982Z | 61 | PC: 12c28 | Open file (See above) |
| 2018-12-25T12:54:13.269238326Z | 63 | PC: 12c3a | Read file or device (See above) |
| 2018-12-25T12:54:13.275490298Z | 44 | PC: 12ca3 | Get time (See above) |
| 2018-12-25T12:54:13.277467524Z | 67 | PC: 12cbd | Get or set file attributes (See above) |
| 2018-12-25T12:54:13.287809248Z | 62 | PC: 12cc1 | Close file (See above) |
| 2018-12-25T12:54:13.289375324Z | 61 | PC: 12cc6 | Open file (See above) |
| 2018-12-25T12:54:13.295674854Z | 64 | PC: 12cd9 | Write file or device (See above) |
| 2018-12-25T12:54:13.298904534Z | 64 | PC: 12ceb | Write file or device (See above) |
| 2018-12-25T12:54:13.301497253Z | 64 | PC: 12d00 | Write file or device (See above) |
| 2018-12-25T12:54:13.304040128Z | 66 | PC: 12d09 | Move file pointer (See above) |
| 2018-12-25T12:54:13.306324209Z | 64 | PC: 12a84 | Write file or device (See above) |
| 2018-12-25T12:54:13.315758293Z | 87 | PC: 12d22 | Get or set file date and time (See above) |
| 2018-12-25T12:54:13.317378606Z | 62 | PC: 12d26 | Close file (See above) |
| 2018-12-25T12:54:13.32573279Z | 67 | PC: 12d37 | Get or set file attributes (See above) |
| 2018-12-25T12:54:13.341117642Z | 79 | PC: 12c10 | Find next file (See above) |
| 2018-12-25T12:54:13.342993988Z | 61 | PC: 12c28 | Open file (See above) |
| 2018-12-25T12:54:13.348221337Z | 63 | PC: 12c3a | Read file or device (See above) |
| 2018-12-25T12:54:13.35321551Z | 44 | PC: 12ca3 | Get time (See above) |
| 2018-12-25T12:54:13.355515963Z | 67 | PC: 12cbd | Get or set file attributes (See above) |
| 2018-12-25T12:54:13.365731299Z | 62 | PC: 12cc1 | Close file (See above) |
| 2018-12-25T12:54:13.367583643Z | 61 | PC: 12cc6 | Open file (See above) |
| 2018-12-25T12:54:13.374012462Z | 64 | PC: 12cd9 | Write file or device (See above) |
| 2018-12-25T12:54:13.377132427Z | 64 | PC: 12ceb | Write file or device (See above) |
| 2018-12-25T12:54:13.379617108Z | 64 | PC: 12d00 | Write file or device (See above) |
| 2018-12-25T12:54:13.382028504Z | 66 | PC: 12d09 | Move file pointer (See above) |
| 2018-12-25T12:54:13.384219718Z | 64 | PC: 12a84 | Write file or device (See above) |
| 2018-12-25T12:54:13.393161694Z | 87 | PC: 12d22 | Get or set file date and time (See above) |
| 2018-12-25T12:54:13.394479241Z | 62 | PC: 12d26 | Close file (See above) |
| 2018-12-25T12:54:13.402177794Z | 67 | PC: 12d37 | Get or set file attributes (See above) |
| 2018-12-25T12:54:13.412293267Z | 42 | PC: 12b55 | Get date 0x12b55: cmp dx, 0x606 0x12b59: je 0x12b5e 0x12b5b: jmp 0x12da9 0x12b5e: jmp 0x12d3d 0x12b61: and ah, bh 0x12b63: movsw word ptr es:[di], word ptr [si] 0x12b64: mov ax, 0x5c4c 0x12b67: add word ptr [di], ax 0x12b69: add byte ptr [di - 0x75], dl 0x12b6c: in al, dx 0x12b6d: sub sp, 0x2c 0x12b70: push si 0x12b71: jmp 0x12be3 0x12b73: nop 0x12b74: mov ah, 0x1a 0x12b76: lea dx, word ptr [bp - 0x2c] 0x12b79: int 0x21 0x12b7b: mov ah, 0x4e 0x12b7d: mov cx, 0x10 0x12b80: mov dx, 0x1a4 |
| 2018-12-25T12:54:13.414314326Z | 59 | PC: 12db4 | Change current directory |
| 2018-12-25T12:54:13.418896013Z | 59 | PC: 12dbb | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":16897,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:54:13.182095514Z | 71 | PC: 12b2f | Get current directory |
| 2018-12-25T12:54:13.185015254Z | 59 | PC: 12b3a | Change current directory |
| 2018-12-25T12:54:13.188492703Z | 26 | PC: 12bee | Set disk transfer address |
| 2018-12-25T12:54:13.190326609Z | 78 | PC: 12bfc | Find first file |
| 2018-12-25T12:54:13.204252304Z | 61 | PC: 12c28 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:54:13.234083304Z | 63 | PC: 12c3a | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T12:54:13.241704902Z | 44 | PC: 12ca3 | Get time 0x12ca3: add dl, dh 0x12ca5: je 0x12c9f 0x12ca7: mov si, 0x115 0x12caa: add si, word ptr [0x106] 0x12cae: mov byte ptr [si], dl 0x12cb0: mov ax, 0x4301 0x12cb3: xor cx, cx 0x12cb5: mov dx, si 0x12cb7: add dx, 0xb6 0x12cbb: int 0x21 0x12cbd: mov ah, 0x3e 0x12cbf: int 0x21 0x12cc1: mov ax, 0x3d02 0x12cc4: int 0x21 0x12cc6: jb 0x12c49 0x12cc8: mov di, dx 0x12cca: add di, 0x5d 0x12ccd: stosw word ptr es:[di], ax 0x12cce: xchg ax, bx 0x12ccf: mov ah, 0x40 |
| 2018-12-25T12:54:13.245632386Z | 67 | PC: 12cbd | Get or set file attributes |
| 2018-12-25T12:54:13.26643777Z | 62 | PC: 12cc1 | Close file |
| 2018-12-25T12:54:13.269490817Z | 61 | PC: 12cc6 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:54:13.277414471Z | 64 | PC: 12cd9 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:54:13.281000422Z | 64 | PC: 12ceb | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:54:13.284217532Z | 64 | PC: 12d00 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:54:13.287436211Z | 66 | PC: 12d09 | Move file pointer |
| 2018-12-25T12:54:13.290601768Z | 64 | PC: 12a84 | Write file or device (Write 1202 bytes on handle 5) |
| 2018-12-25T12:54:13.30897988Z | 87 | PC: 12d22 | Get or set file date and time |
| 2018-12-25T12:54:13.311085408Z | 62 | PC: 12d26 | Close file |
| 2018-12-25T12:54:13.321018777Z | 67 | PC: 12d37 | Get or set file attributes |
| 2018-12-25T12:54:13.332169254Z | 79 | PC: 12c10 | Find next file |
| 2018-12-25T12:54:13.33513827Z | 61 | PC: 12c28 | Open file (See above) |
| 2018-12-25T12:54:13.343458368Z | 63 | PC: 12c3a | Read file or device (See above) |
| 2018-12-25T12:54:13.35109619Z | 44 | PC: 12ca3 | Get time (See above) |
| 2018-12-25T12:54:13.353918207Z | 67 | PC: 12cbd | Get or set file attributes (See above) |
| 2018-12-25T12:54:13.366238541Z | 62 | PC: 12cc1 | Close file (See above) |
| 2018-12-25T12:54:13.368233675Z | 61 | PC: 12cc6 | Open file (See above) |
| 2018-12-25T12:54:13.375700945Z | 64 | PC: 12cd9 | Write file or device (See above) |
| 2018-12-25T12:54:13.379220717Z | 64 | PC: 12ceb | Write file or device (See above) |
| 2018-12-25T12:54:13.382846474Z | 64 | PC: 12d00 | Write file or device (See above) |
| 2018-12-25T12:54:13.385813338Z | 66 | PC: 12d09 | Move file pointer (See above) |
| 2018-12-25T12:54:13.388076921Z | 64 | PC: 12a84 | Write file or device (See above) |
| 2018-12-25T12:54:13.398769282Z | 87 | PC: 12d22 | Get or set file date and time (See above) |
| 2018-12-25T12:54:13.400911348Z | 62 | PC: 12d26 | Close file (See above) |
| 2018-12-25T12:54:13.410171849Z | 67 | PC: 12d37 | Get or set file attributes (See above) |
| 2018-12-25T12:54:13.423135027Z | 79 | PC: 12c10 | Find next file (See above) |
| 2018-12-25T12:54:13.426210131Z | 61 | PC: 12c28 | Open file (See above) |
| 2018-12-25T12:54:13.43545882Z | 63 | PC: 12c3a | Read file or device (See above) |
| 2018-12-25T12:54:13.443263221Z | 44 | PC: 12ca3 | Get time (See above) |
| 2018-12-25T12:54:13.445732492Z | 67 | PC: 12cbd | Get or set file attributes (See above) |
| 2018-12-25T12:54:13.509583691Z | 62 | PC: 12cc1 | Close file (See above) |
| 2018-12-25T12:54:13.512987475Z | 61 | PC: 12cc6 | Open file (See above) |
| 2018-12-25T12:54:13.520554849Z | 64 | PC: 12cd9 | Write file or device (See above) |
| 2018-12-25T12:54:13.52361685Z | 64 | PC: 12ceb | Write file or device (See above) |
| 2018-12-25T12:54:13.527220299Z | 64 | PC: 12d00 | Write file or device (See above) |
| 2018-12-25T12:54:13.530319627Z | 66 | PC: 12d09 | Move file pointer (See above) |
| 2018-12-25T12:54:13.532458269Z | 64 | PC: 12a84 | Write file or device (See above) |
| 2018-12-25T12:54:13.560711805Z | 87 | PC: 12d22 | Get or set file date and time (See above) |
| 2018-12-25T12:54:13.563044646Z | 62 | PC: 12d26 | Close file (See above) |
| 2018-12-25T12:54:13.625015899Z | 67 | PC: 12d37 | Get or set file attributes (See above) |
| 2018-12-25T12:54:13.717759987Z | 42 | PC: 12b55 | Get date 0x12b55: cmp dx, 0x606 0x12b59: je 0x12b5e 0x12b5b: jmp 0x12da9 0x12b5e: jmp 0x12d3d 0x12b61: and ah, bh 0x12b63: movsw word ptr es:[di], word ptr [si] 0x12b64: mov ax, 0x5c4c 0x12b67: add word ptr [di], ax 0x12b69: add byte ptr [di - 0x75], dl 0x12b6c: in al, dx 0x12b6d: sub sp, 0x2c 0x12b70: push si 0x12b71: jmp 0x12be3 0x12b73: nop 0x12b74: mov ah, 0x1a 0x12b76: lea dx, word ptr [bp - 0x2c] 0x12b79: int 0x21 0x12b7b: mov ah, 0x4e 0x12b7d: mov cx, 0x10 0x12b80: mov dx, 0x1a4 |
| 2018-12-25T12:54:13.720761974Z | 59 | PC: 12db4 | Change current directory |
| 2018-12-25T12:54:13.72520226Z | 59 | PC: 12dbb | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":16897,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:54:13.197786925Z | 71 | PC: 12b2f | Get current directory |
| 2018-12-25T12:54:13.2011492Z | 59 | PC: 12b3a | Change current directory |
| 2018-12-25T12:54:13.205540974Z | 26 | PC: 12bee | Set disk transfer address |
| 2018-12-25T12:54:13.206587609Z | 78 | PC: 12bfc | Find first file |
| 2018-12-25T12:54:13.219004966Z | 61 | PC: 12c28 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:54:13.225860483Z | 63 | PC: 12c3a | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T12:54:13.232969668Z | 44 | PC: 12ca3 | Get time 0x12ca3: add dl, dh 0x12ca5: je 0x12c9f 0x12ca7: mov si, 0x115 0x12caa: add si, word ptr [0x106] 0x12cae: mov byte ptr [si], dl 0x12cb0: mov ax, 0x4301 0x12cb3: xor cx, cx 0x12cb5: mov dx, si 0x12cb7: add dx, 0xb6 0x12cbb: int 0x21 0x12cbd: mov ah, 0x3e 0x12cbf: int 0x21 0x12cc1: mov ax, 0x3d02 0x12cc4: int 0x21 0x12cc6: jb 0x12c49 0x12cc8: mov di, dx 0x12cca: add di, 0x5d 0x12ccd: stosw word ptr es:[di], ax 0x12cce: xchg ax, bx 0x12ccf: mov ah, 0x40 |
| 2018-12-25T12:54:13.235371483Z | 67 | PC: 12cbd | Get or set file attributes |
| 2018-12-25T12:54:13.251816008Z | 62 | PC: 12cc1 | Close file |
| 2018-12-25T12:54:13.253819766Z | 61 | PC: 12cc6 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:54:13.261083637Z | 64 | PC: 12cd9 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:54:13.264034511Z | 64 | PC: 12ceb | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:54:13.266722455Z | 64 | PC: 12d00 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:54:13.269240085Z | 66 | PC: 12d09 | Move file pointer |
| 2018-12-25T12:54:13.271700185Z | 64 | PC: 12a84 | Write file or device (Write 1202 bytes on handle 5) |
| 2018-12-25T12:54:13.281770909Z | 87 | PC: 12d22 | Get or set file date and time |
| 2018-12-25T12:54:13.283203259Z | 62 | PC: 12d26 | Close file |
| 2018-12-25T12:54:13.292178575Z | 67 | PC: 12d37 | Get or set file attributes |
| 2018-12-25T12:54:13.303128638Z | 79 | PC: 12c10 | Find next file |
| 2018-12-25T12:54:13.306383489Z | 61 | PC: 12c28 | Open file (See above) |
| 2018-12-25T12:54:13.313994481Z | 63 | PC: 12c3a | Read file or device (See above) |
| 2018-12-25T12:54:13.321907462Z | 44 | PC: 12ca3 | Get time (See above) |
| 2018-12-25T12:54:13.324160031Z | 67 | PC: 12cbd | Get or set file attributes (See above) |
| 2018-12-25T12:54:13.335794958Z | 62 | PC: 12cc1 | Close file (See above) |
| 2018-12-25T12:54:13.337948994Z | 61 | PC: 12cc6 | Open file (See above) |
| 2018-12-25T12:54:13.345780305Z | 64 | PC: 12cd9 | Write file or device (See above) |
| 2018-12-25T12:54:13.350668245Z | 64 | PC: 12ceb | Write file or device (See above) |
| 2018-12-25T12:54:13.354036567Z | 64 | PC: 12d00 | Write file or device (See above) |
| 2018-12-25T12:54:13.357206071Z | 66 | PC: 12d09 | Move file pointer (See above) |
| 2018-12-25T12:54:13.359717948Z | 64 | PC: 12a84 | Write file or device (See above) |
| 2018-12-25T12:54:13.370100762Z | 87 | PC: 12d22 | Get or set file date and time (See above) |
| 2018-12-25T12:54:13.371894928Z | 62 | PC: 12d26 | Close file (See above) |
| 2018-12-25T12:54:13.380640665Z | 67 | PC: 12d37 | Get or set file attributes (See above) |
| 2018-12-25T12:54:13.392044284Z | 79 | PC: 12c10 | Find next file (See above) |
| 2018-12-25T12:54:13.395009127Z | 61 | PC: 12c28 | Open file (See above) |
| 2018-12-25T12:54:13.402624082Z | 63 | PC: 12c3a | Read file or device (See above) |
| 2018-12-25T12:54:13.410861705Z | 44 | PC: 12ca3 | Get time (See above) |
| 2018-12-25T12:54:13.414325491Z | 67 | PC: 12cbd | Get or set file attributes (See above) |
| 2018-12-25T12:54:13.425980819Z | 62 | PC: 12cc1 | Close file (See above) |
| 2018-12-25T12:54:13.428899236Z | 61 | PC: 12cc6 | Open file (See above) |
| 2018-12-25T12:54:13.440413496Z | 64 | PC: 12cd9 | Write file or device (See above) |
| 2018-12-25T12:54:13.443426654Z | 64 | PC: 12ceb | Write file or device (See above) |
| 2018-12-25T12:54:13.446907372Z | 64 | PC: 12d00 | Write file or device (See above) |
| 2018-12-25T12:54:13.449924093Z | 66 | PC: 12d09 | Move file pointer (See above) |
| 2018-12-25T12:54:13.452017681Z | 64 | PC: 12a84 | Write file or device (See above) |
| 2018-12-25T12:54:13.509960765Z | 87 | PC: 12d22 | Get or set file date and time (See above) |
| 2018-12-25T12:54:13.511184191Z | 62 | PC: 12d26 | Close file (See above) |
| 2018-12-25T12:54:13.560923471Z | 67 | PC: 12d37 | Get or set file attributes (See above) |
| 2018-12-25T12:54:13.625546731Z | 42 | PC: 12b55 | Get date 0x12b55: cmp dx, 0x606 0x12b59: je 0x12b5e 0x12b5b: jmp 0x12da9 0x12b5e: jmp 0x12d3d 0x12b61: and ah, bh 0x12b63: movsw word ptr es:[di], word ptr [si] 0x12b64: mov ax, 0x5c4c 0x12b67: add word ptr [di], ax 0x12b69: add byte ptr [di - 0x75], dl 0x12b6c: in al, dx 0x12b6d: sub sp, 0x2c 0x12b70: push si 0x12b71: jmp 0x12be3 0x12b73: nop 0x12b74: mov ah, 0x1a 0x12b76: lea dx, word ptr [bp - 0x2c] 0x12b79: int 0x21 0x12b7b: mov ah, 0x4e 0x12b7d: mov cx, 0x10 0x12b80: mov dx, 0x1a4 |
| 2018-12-25T12:54:13.628830257Z | 59 | PC: 12db4 | Change current directory |
| 2018-12-25T12:54:13.633246012Z | 59 | PC: 12dbb | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":16897,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:54:13.26428206Z | 71 | PC: 12b2f | Get current directory |
| 2018-12-25T12:54:13.267914849Z | 59 | PC: 12b3a | Change current directory |
| 2018-12-25T12:54:13.272228242Z | 26 | PC: 12bee | Set disk transfer address |
| 2018-12-25T12:54:13.2735899Z | 78 | PC: 12bfc | Find first file |
| 2018-12-25T12:54:13.284734444Z | 61 | PC: 12c28 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:54:13.297014522Z | 63 | PC: 12c3a | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T12:54:13.30364421Z | 44 | PC: 12ca3 | Get time 0x12ca3: add dl, dh 0x12ca5: je 0x12c9f 0x12ca7: mov si, 0x115 0x12caa: add si, word ptr [0x106] 0x12cae: mov byte ptr [si], dl 0x12cb0: mov ax, 0x4301 0x12cb3: xor cx, cx 0x12cb5: mov dx, si 0x12cb7: add dx, 0xb6 0x12cbb: int 0x21 0x12cbd: mov ah, 0x3e 0x12cbf: int 0x21 0x12cc1: mov ax, 0x3d02 0x12cc4: int 0x21 0x12cc6: jb 0x12c49 0x12cc8: mov di, dx 0x12cca: add di, 0x5d 0x12ccd: stosw word ptr es:[di], ax 0x12cce: xchg ax, bx 0x12ccf: mov ah, 0x40 |
| 2018-12-25T12:54:13.306095609Z | 67 | PC: 12cbd | Get or set file attributes |
| 2018-12-25T12:54:13.325629474Z | 62 | PC: 12cc1 | Close file |
| 2018-12-25T12:54:13.327662658Z | 61 | PC: 12cc6 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:54:13.334465055Z | 64 | PC: 12cd9 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:54:13.338571992Z | 64 | PC: 12ceb | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:54:13.341413331Z | 64 | PC: 12d00 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:54:13.343862895Z | 66 | PC: 12d09 | Move file pointer |
| 2018-12-25T12:54:13.345996606Z | 64 | PC: 12a84 | Write file or device (Write 1202 bytes on handle 5) |
| 2018-12-25T12:54:13.355281531Z | 87 | PC: 12d22 | Get or set file date and time |
| 2018-12-25T12:54:13.356908318Z | 62 | PC: 12d26 | Close file |
| 2018-12-25T12:54:13.367681493Z | 67 | PC: 12d37 | Get or set file attributes |
| 2018-12-25T12:54:13.37500561Z | 79 | PC: 12c10 | Find next file |
| 2018-12-25T12:54:13.377252458Z | 61 | PC: 12c28 | Open file (See above) |
| 2018-12-25T12:54:13.383567561Z | 63 | PC: 12c3a | Read file or device (See above) |
| 2018-12-25T12:54:13.388197644Z | 44 | PC: 12ca3 | Get time (See above) |
| 2018-12-25T12:54:13.389658995Z | 67 | PC: 12cbd | Get or set file attributes (See above) |
| 2018-12-25T12:54:13.396657639Z | 62 | PC: 12cc1 | Close file (See above) |
| 2018-12-25T12:54:13.397941689Z | 61 | PC: 12cc6 | Open file (See above) |
| 2018-12-25T12:54:13.403979069Z | 64 | PC: 12cd9 | Write file or device (See above) |
| 2018-12-25T12:54:13.408025108Z | 64 | PC: 12ceb | Write file or device (See above) |
| 2018-12-25T12:54:13.410162809Z | 64 | PC: 12d00 | Write file or device (See above) |
| 2018-12-25T12:54:13.413157667Z | 66 | PC: 12d09 | Move file pointer (See above) |
| 2018-12-25T12:54:13.416232375Z | 64 | PC: 12a84 | Write file or device (See above) |
| 2018-12-25T12:54:13.425416985Z | 87 | PC: 12d22 | Get or set file date and time (See above) |
| 2018-12-25T12:54:13.426835538Z | 62 | PC: 12d26 | Close file (See above) |
| 2018-12-25T12:54:13.441531998Z | 67 | PC: 12d37 | Get or set file attributes (See above) |
| 2018-12-25T12:54:13.451210912Z | 79 | PC: 12c10 | Find next file (See above) |
| 2018-12-25T12:54:13.453843145Z | 61 | PC: 12c28 | Open file (See above) |
| 2018-12-25T12:54:13.462421306Z | 63 | PC: 12c3a | Read file or device (See above) |
| 2018-12-25T12:54:13.468858069Z | 44 | PC: 12ca3 | Get time (See above) |
| 2018-12-25T12:54:13.470873899Z | 67 | PC: 12cbd | Get or set file attributes (See above) |
| 2018-12-25T12:54:13.478323169Z | 62 | PC: 12cc1 | Close file (See above) |
| 2018-12-25T12:54:13.479692878Z | 61 | PC: 12cc6 | Open file (See above) |
| 2018-12-25T12:54:13.483782795Z | 64 | PC: 12cd9 | Write file or device (See above) |
| 2018-12-25T12:54:13.485794084Z | 64 | PC: 12ceb | Write file or device (See above) |
| 2018-12-25T12:54:13.487814134Z | 64 | PC: 12d00 | Write file or device (See above) |
| 2018-12-25T12:54:13.489412658Z | 66 | PC: 12d09 | Move file pointer (See above) |
| 2018-12-25T12:54:13.490605988Z | 64 | PC: 12a84 | Write file or device (See above) |
| 2018-12-25T12:54:13.506910843Z | 87 | PC: 12d22 | Get or set file date and time (See above) |
| 2018-12-25T12:54:13.508305829Z | 62 | PC: 12d26 | Close file (See above) |
| 2018-12-25T12:54:13.516208886Z | 67 | PC: 12d37 | Get or set file attributes (See above) |
| 2018-12-25T12:54:13.525907259Z | 42 | PC: 12b55 | Get date 0x12b55: cmp dx, 0x606 0x12b59: je 0x12b5e 0x12b5b: jmp 0x12da9 0x12b5e: jmp 0x12d3d 0x12b61: and ah, bh 0x12b63: movsw word ptr es:[di], word ptr [si] 0x12b64: mov ax, 0x5c4c 0x12b67: add word ptr [di], ax 0x12b69: add byte ptr [di - 0x75], dl 0x12b6c: in al, dx 0x12b6d: sub sp, 0x2c 0x12b70: push si 0x12b71: jmp 0x12be3 0x12b73: nop 0x12b74: mov ah, 0x1a 0x12b76: lea dx, word ptr [bp - 0x2c] 0x12b79: int 0x21 0x12b7b: mov ah, 0x4e 0x12b7d: mov cx, 0x10 0x12b80: mov dx, 0x1a4 |
| 2018-12-25T12:54:13.527901971Z | 59 | PC: 12db4 | Change current directory |
| 2018-12-25T12:54:13.531808663Z | 59 | PC: 12dbb | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":16897,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:54:13.286086821Z | 71 | PC: 12b2f | Get current directory |
| 2018-12-25T12:54:13.290321523Z | 59 | PC: 12b3a | Change current directory |
| 2018-12-25T12:54:13.29431753Z | 26 | PC: 12bee | Set disk transfer address |
| 2018-12-25T12:54:13.295360837Z | 78 | PC: 12bfc | Find first file |
| 2018-12-25T12:54:13.302198848Z | 61 | PC: 12c28 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:54:13.308551152Z | 63 | PC: 12c3a | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T12:54:13.314732014Z | 44 | PC: 12ca3 | Get time 0x12ca3: add dl, dh 0x12ca5: je 0x12c9f 0x12ca7: mov si, 0x115 0x12caa: add si, word ptr [0x106] 0x12cae: mov byte ptr [si], dl 0x12cb0: mov ax, 0x4301 0x12cb3: xor cx, cx 0x12cb5: mov dx, si 0x12cb7: add dx, 0xb6 0x12cbb: int 0x21 0x12cbd: mov ah, 0x3e 0x12cbf: int 0x21 0x12cc1: mov ax, 0x3d02 0x12cc4: int 0x21 0x12cc6: jb 0x12c49 0x12cc8: mov di, dx 0x12cca: add di, 0x5d 0x12ccd: stosw word ptr es:[di], ax 0x12cce: xchg ax, bx 0x12ccf: mov ah, 0x40 |
| 2018-12-25T12:54:13.317081518Z | 67 | PC: 12cbd | Get or set file attributes |
| 2018-12-25T12:54:13.33673006Z | 62 | PC: 12cc1 | Close file |
| 2018-12-25T12:54:13.338486274Z | 61 | PC: 12cc6 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:54:13.350412057Z | 64 | PC: 12cd9 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:54:13.357330676Z | 64 | PC: 12ceb | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:54:13.360649543Z | 64 | PC: 12d00 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:54:13.364720612Z | 66 | PC: 12d09 | Move file pointer |
| 2018-12-25T12:54:13.367029393Z | 64 | PC: 12a84 | Write file or device (Write 1202 bytes on handle 5) |
| 2018-12-25T12:54:13.375870839Z | 87 | PC: 12d22 | Get or set file date and time |
| 2018-12-25T12:54:13.377178189Z | 62 | PC: 12d26 | Close file |
| 2018-12-25T12:54:13.393285008Z | 67 | PC: 12d37 | Get or set file attributes |
| 2018-12-25T12:54:13.402930397Z | 79 | PC: 12c10 | Find next file |
| 2018-12-25T12:54:13.405739365Z | 61 | PC: 12c28 | Open file (See above) |
| 2018-12-25T12:54:13.413354301Z | 63 | PC: 12c3a | Read file or device (See above) |
| 2018-12-25T12:54:13.42056718Z | 44 | PC: 12ca3 | Get time (See above) |
| 2018-12-25T12:54:13.422823975Z | 67 | PC: 12cbd | Get or set file attributes (See above) |
| 2018-12-25T12:54:13.445010142Z | 62 | PC: 12cc1 | Close file (See above) |
| 2018-12-25T12:54:13.446902347Z | 61 | PC: 12cc6 | Open file (See above) |
| 2018-12-25T12:54:13.453819939Z | 64 | PC: 12cd9 | Write file or device (See above) |
| 2018-12-25T12:54:13.456077703Z | 64 | PC: 12ceb | Write file or device (See above) |
| 2018-12-25T12:54:13.458833061Z | 64 | PC: 12d00 | Write file or device (See above) |
| 2018-12-25T12:54:13.461223686Z | 66 | PC: 12d09 | Move file pointer (See above) |
| 2018-12-25T12:54:13.46556958Z | 64 | PC: 12a84 | Write file or device (See above) |
| 2018-12-25T12:54:13.474566Z | 87 | PC: 12d22 | Get or set file date and time (See above) |
| 2018-12-25T12:54:13.475681555Z | 62 | PC: 12d26 | Close file (See above) |
| 2018-12-25T12:54:13.482418297Z | 67 | PC: 12d37 | Get or set file attributes (See above) |
| 2018-12-25T12:54:13.492204951Z | 79 | PC: 12c10 | Find next file (See above) |
| 2018-12-25T12:54:13.495393992Z | 61 | PC: 12c28 | Open file (See above) |
| 2018-12-25T12:54:13.501807371Z | 63 | PC: 12c3a | Read file or device (See above) |
| 2018-12-25T12:54:13.508187124Z | 44 | PC: 12ca3 | Get time (See above) |
| 2018-12-25T12:54:13.510080907Z | 67 | PC: 12cbd | Get or set file attributes (See above) |
| 2018-12-25T12:54:13.519785799Z | 62 | PC: 12cc1 | Close file (See above) |
| 2018-12-25T12:54:13.521682037Z | 61 | PC: 12cc6 | Open file (See above) |
| 2018-12-25T12:54:13.528146404Z | 64 | PC: 12cd9 | Write file or device (See above) |
| 2018-12-25T12:54:13.531347637Z | 64 | PC: 12ceb | Write file or device (See above) |
| 2018-12-25T12:54:13.533814127Z | 64 | PC: 12d00 | Write file or device (See above) |
| 2018-12-25T12:54:13.536203227Z | 66 | PC: 12d09 | Move file pointer (See above) |
| 2018-12-25T12:54:13.53804482Z | 64 | PC: 12a84 | Write file or device (See above) |
| 2018-12-25T12:54:13.547006237Z | 87 | PC: 12d22 | Get or set file date and time (See above) |
| 2018-12-25T12:54:13.548307913Z | 62 | PC: 12d26 | Close file (See above) |
| 2018-12-25T12:54:13.555825561Z | 67 | PC: 12d37 | Get or set file attributes (See above) |
| 2018-12-25T12:54:13.56593227Z | 42 | PC: 12b55 | Get date 0x12b55: cmp dx, 0x606 0x12b59: je 0x12b5e 0x12b5b: jmp 0x12da9 0x12b5e: jmp 0x12d3d 0x12b61: and ah, bh 0x12b63: movsw word ptr es:[di], word ptr [si] 0x12b64: mov ax, 0x5c4c 0x12b67: add word ptr [di], ax 0x12b69: add byte ptr [di - 0x75], dl 0x12b6c: in al, dx 0x12b6d: sub sp, 0x2c 0x12b70: push si 0x12b71: jmp 0x12be3 0x12b73: nop 0x12b74: mov ah, 0x1a 0x12b76: lea dx, word ptr [bp - 0x2c] 0x12b79: int 0x21 0x12b7b: mov ah, 0x4e 0x12b7d: mov cx, 0x10 0x12b80: mov dx, 0x1a4 |
| 2018-12-25T12:54:13.567887607Z | 59 | PC: 12db4 | Change current directory |
| 2018-12-25T12:54:13.571840488Z | 59 | PC: 12dbb | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":16897,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:54:13.668691639Z | 71 | PC: 12b2f | Get current directory |
| 2018-12-25T12:54:13.672633105Z | 59 | PC: 12b3a | Change current directory |
| 2018-12-25T12:54:13.676439113Z | 26 | PC: 12bee | Set disk transfer address |
| 2018-12-25T12:54:13.677387022Z | 78 | PC: 12bfc | Find first file |
| 2018-12-25T12:54:13.683695512Z | 61 | PC: 12c28 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:54:13.689980835Z | 63 | PC: 12c3a | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T12:54:13.696685891Z | 44 | PC: 12ca3 | Get time 0x12ca3: add dl, dh 0x12ca5: je 0x12c9f 0x12ca7: mov si, 0x115 0x12caa: add si, word ptr [0x106] 0x12cae: mov byte ptr [si], dl 0x12cb0: mov ax, 0x4301 0x12cb3: xor cx, cx 0x12cb5: mov dx, si 0x12cb7: add dx, 0xb6 0x12cbb: int 0x21 0x12cbd: mov ah, 0x3e 0x12cbf: int 0x21 0x12cc1: mov ax, 0x3d02 0x12cc4: int 0x21 0x12cc6: jb 0x12c49 0x12cc8: mov di, dx 0x12cca: add di, 0x5d 0x12ccd: stosw word ptr es:[di], ax 0x12cce: xchg ax, bx 0x12ccf: mov ah, 0x40 |
| 2018-12-25T12:54:13.699502181Z | 67 | PC: 12cbd | Get or set file attributes |
| 2018-12-25T12:54:13.716278603Z | 62 | PC: 12cc1 | Close file |
| 2018-12-25T12:54:13.717911896Z | 61 | PC: 12cc6 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:54:13.724521964Z | 64 | PC: 12cd9 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:54:13.727093035Z | 64 | PC: 12ceb | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:54:13.729396264Z | 64 | PC: 12d00 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:54:13.732107611Z | 66 | PC: 12d09 | Move file pointer |
| 2018-12-25T12:54:13.733962045Z | 64 | PC: 12a84 | Write file or device (Write 1202 bytes on handle 5) |
| 2018-12-25T12:54:13.743227223Z | 87 | PC: 12d22 | Get or set file date and time |
| 2018-12-25T12:54:13.74470394Z | 62 | PC: 12d26 | Close file |
| 2018-12-25T12:54:13.752745102Z | 67 | PC: 12d37 | Get or set file attributes |
| 2018-12-25T12:54:13.762335312Z | 79 | PC: 12c10 | Find next file |
| 2018-12-25T12:54:13.765412109Z | 61 | PC: 12c28 | Open file (See above) |
| 2018-12-25T12:54:13.771698747Z | 63 | PC: 12c3a | Read file or device (See above) |
| 2018-12-25T12:54:13.777821155Z | 44 | PC: 12ca3 | Get time (See above) |
| 2018-12-25T12:54:13.77972823Z | 67 | PC: 12cbd | Get or set file attributes (See above) |
| 2018-12-25T12:54:13.790273125Z | 62 | PC: 12cc1 | Close file (See above) |
| 2018-12-25T12:54:13.792372063Z | 61 | PC: 12cc6 | Open file (See above) |
| 2018-12-25T12:54:13.804168886Z | 64 | PC: 12cd9 | Write file or device (See above) |
| 2018-12-25T12:54:13.811337418Z | 64 | PC: 12ceb | Write file or device (See above) |
| 2018-12-25T12:54:13.81411617Z | 64 | PC: 12d00 | Write file or device (See above) |
| 2018-12-25T12:54:13.817035251Z | 66 | PC: 12d09 | Move file pointer (See above) |
| 2018-12-25T12:54:13.820284162Z | 64 | PC: 12a84 | Write file or device (See above) |
| 2018-12-25T12:54:13.829138471Z | 87 | PC: 12d22 | Get or set file date and time (See above) |
| 2018-12-25T12:54:13.830547288Z | 62 | PC: 12d26 | Close file (See above) |
| 2018-12-25T12:54:13.838608546Z | 67 | PC: 12d37 | Get or set file attributes (See above) |
| 2018-12-25T12:54:13.848502854Z | 79 | PC: 12c10 | Find next file (See above) |
| 2018-12-25T12:54:13.850980711Z | 61 | PC: 12c28 | Open file (See above) |
| 2018-12-25T12:54:13.857800892Z | 63 | PC: 12c3a | Read file or device (See above) |
| 2018-12-25T12:54:13.864049502Z | 44 | PC: 12ca3 | Get time (See above) |
| 2018-12-25T12:54:13.866492087Z | 67 | PC: 12cbd | Get or set file attributes (See above) |
| 2018-12-25T12:54:13.877102867Z | 62 | PC: 12cc1 | Close file (See above) |
| 2018-12-25T12:54:13.878831262Z | 61 | PC: 12cc6 | Open file (See above) |
| 2018-12-25T12:54:13.885267367Z | 64 | PC: 12cd9 | Write file or device (See above) |
| 2018-12-25T12:54:13.888404522Z | 64 | PC: 12ceb | Write file or device (See above) |
| 2018-12-25T12:54:13.890843017Z | 64 | PC: 12d00 | Write file or device (See above) |
| 2018-12-25T12:54:13.89319554Z | 66 | PC: 12d09 | Move file pointer (See above) |
| 2018-12-25T12:54:13.895237438Z | 64 | PC: 12a84 | Write file or device (See above) |
| 2018-12-25T12:54:13.904262291Z | 87 | PC: 12d22 | Get or set file date and time (See above) |
| 2018-12-25T12:54:13.90564505Z | 62 | PC: 12d26 | Close file (See above) |
| 2018-12-25T12:54:13.913100441Z | 67 | PC: 12d37 | Get or set file attributes (See above) |
| 2018-12-25T12:54:13.923142708Z | 42 | PC: 12b55 | Get date 0x12b55: cmp dx, 0x606 0x12b59: je 0x12b5e 0x12b5b: jmp 0x12da9 0x12b5e: jmp 0x12d3d 0x12b61: and ah, bh 0x12b63: movsw word ptr es:[di], word ptr [si] 0x12b64: mov ax, 0x5c4c 0x12b67: add word ptr [di], ax 0x12b69: add byte ptr [di - 0x75], dl 0x12b6c: in al, dx 0x12b6d: sub sp, 0x2c 0x12b70: push si 0x12b71: jmp 0x12be3 0x12b73: nop 0x12b74: mov ah, 0x1a 0x12b76: lea dx, word ptr [bp - 0x2c] 0x12b79: int 0x21 0x12b7b: mov ah, 0x4e 0x12b7d: mov cx, 0x10 0x12b80: mov dx, 0x1a4 |
| 2018-12-25T12:54:13.925264407Z | 59 | PC: 12db4 | Change current directory |
| 2018-12-25T12:54:13.929395333Z | 59 | PC: 12dbb | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":16897,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:54:13.880930695Z | 71 | PC: 12b2f | Get current directory |
| 2018-12-25T12:54:13.885187469Z | 59 | PC: 12b3a | Change current directory |
| 2018-12-25T12:54:13.893892848Z | 26 | PC: 12bee | Set disk transfer address |
| 2018-12-25T12:54:13.895631357Z | 78 | PC: 12bfc | Find first file |
| 2018-12-25T12:54:13.903776018Z | 61 | PC: 12c28 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:54:13.915053296Z | 63 | PC: 12c3a | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T12:54:13.922526868Z | 44 | PC: 12ca3 | Get time 0x12ca3: add dl, dh 0x12ca5: je 0x12c9f 0x12ca7: mov si, 0x115 0x12caa: add si, word ptr [0x106] 0x12cae: mov byte ptr [si], dl 0x12cb0: mov ax, 0x4301 0x12cb3: xor cx, cx 0x12cb5: mov dx, si 0x12cb7: add dx, 0xb6 0x12cbb: int 0x21 0x12cbd: mov ah, 0x3e 0x12cbf: int 0x21 0x12cc1: mov ax, 0x3d02 0x12cc4: int 0x21 0x12cc6: jb 0x12c49 0x12cc8: mov di, dx 0x12cca: add di, 0x5d 0x12ccd: stosw word ptr es:[di], ax 0x12cce: xchg ax, bx 0x12ccf: mov ah, 0x40 |
| 2018-12-25T12:54:13.925332066Z | 67 | PC: 12cbd | Get or set file attributes |
| 2018-12-25T12:54:14.469393916Z | 62 | PC: 12cc1 | Close file |
| 2018-12-25T12:54:14.472330826Z | 61 | PC: 12cc6 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:54:14.480614144Z | 64 | PC: 12cd9 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:54:14.484925713Z | 64 | PC: 12ceb | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:54:14.488246286Z | 64 | PC: 12d00 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:54:14.490747794Z | 66 | PC: 12d09 | Move file pointer |
| 2018-12-25T12:54:14.492623763Z | 64 | PC: 12a84 | Write file or device (Write 1202 bytes on handle 5) |
| 2018-12-25T12:54:14.502354636Z | 87 | PC: 12d22 | Get or set file date and time |
| 2018-12-25T12:54:14.503835431Z | 62 | PC: 12d26 | Close file |
| 2018-12-25T12:54:14.511102236Z | 67 | PC: 12d37 | Get or set file attributes |
| 2018-12-25T12:54:14.521054087Z | 79 | PC: 12c10 | Find next file |
| 2018-12-25T12:54:14.524121088Z | 61 | PC: 12c28 | Open file (See above) |
| 2018-12-25T12:54:14.531613416Z | 63 | PC: 12c3a | Read file or device (See above) |
| 2018-12-25T12:54:14.538519655Z | 44 | PC: 12ca3 | Get time (See above) |
| 2018-12-25T12:54:14.54110764Z | 67 | PC: 12cbd | Get or set file attributes (See above) |
| 2018-12-25T12:54:14.550276003Z | 62 | PC: 12cc1 | Close file (See above) |
| 2018-12-25T12:54:14.552948092Z | 61 | PC: 12cc6 | Open file (See above) |
| 2018-12-25T12:54:14.559107049Z | 64 | PC: 12cd9 | Write file or device (See above) |
| 2018-12-25T12:54:14.562467853Z | 64 | PC: 12ceb | Write file or device (See above) |
| 2018-12-25T12:54:14.566202589Z | 64 | PC: 12d00 | Write file or device (See above) |
| 2018-12-25T12:54:14.569622102Z | 66 | PC: 12d09 | Move file pointer (See above) |
| 2018-12-25T12:54:14.571757703Z | 64 | PC: 12a84 | Write file or device (See above) |
| 2018-12-25T12:54:14.580438134Z | 87 | PC: 12d22 | Get or set file date and time (See above) |
| 2018-12-25T12:54:14.583084338Z | 62 | PC: 12d26 | Close file (See above) |
| 2018-12-25T12:54:14.590742567Z | 67 | PC: 12d37 | Get or set file attributes (See above) |
| 2018-12-25T12:54:14.603002028Z | 79 | PC: 12c10 | Find next file (See above) |
| 2018-12-25T12:54:14.607103645Z | 61 | PC: 12c28 | Open file (See above) |
| 2018-12-25T12:54:14.614680758Z | 63 | PC: 12c3a | Read file or device (See above) |
| 2018-12-25T12:54:14.622011294Z | 44 | PC: 12ca3 | Get time (See above) |
| 2018-12-25T12:54:14.625551585Z | 67 | PC: 12cbd | Get or set file attributes (See above) |
| 2018-12-25T12:54:14.637314388Z | 62 | PC: 12cc1 | Close file (See above) |
| 2018-12-25T12:54:14.639295312Z | 61 | PC: 12cc6 | Open file (See above) |
| 2018-12-25T12:54:14.647714784Z | 64 | PC: 12cd9 | Write file or device (See above) |
| 2018-12-25T12:54:14.651311304Z | 64 | PC: 12ceb | Write file or device (See above) |
| 2018-12-25T12:54:14.654970808Z | 64 | PC: 12d00 | Write file or device (See above) |
| 2018-12-25T12:54:14.659041471Z | 66 | PC: 12d09 | Move file pointer (See above) |
| 2018-12-25T12:54:14.661572257Z | 64 | PC: 12a84 | Write file or device (See above) |
| 2018-12-25T12:54:14.672230309Z | 87 | PC: 12d22 | Get or set file date and time (See above) |
| 2018-12-25T12:54:14.674644501Z | 62 | PC: 12d26 | Close file (See above) |
| 2018-12-25T12:54:14.683951957Z | 67 | PC: 12d37 | Get or set file attributes (See above) |
| 2018-12-25T12:54:14.696905304Z | 42 | PC: 12b55 | Get date 0x12b55: cmp dx, 0x606 0x12b59: je 0x12b5e 0x12b5b: jmp 0x12da9 0x12b5e: jmp 0x12d3d 0x12b61: and ah, bh 0x12b63: movsw word ptr es:[di], word ptr [si] 0x12b64: mov ax, 0x5c4c 0x12b67: add word ptr [di], ax 0x12b69: add byte ptr [di - 0x75], dl 0x12b6c: in al, dx 0x12b6d: sub sp, 0x2c 0x12b70: push si 0x12b71: jmp 0x12be3 0x12b73: nop 0x12b74: mov ah, 0x1a 0x12b76: lea dx, word ptr [bp - 0x2c] 0x12b79: int 0x21 0x12b7b: mov ah, 0x4e 0x12b7d: mov cx, 0x10 0x12b80: mov dx, 0x1a4 |
| 2018-12-25T12:54:14.700008414Z | 59 | PC: 12db4 | Change current directory |
| 2018-12-25T12:54:14.713721315Z | 59 | PC: 12dbb | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":16897,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:54:14.042111672Z | 71 | PC: 12b2f | Get current directory |
| 2018-12-25T12:54:14.04569421Z | 59 | PC: 12b3a | Change current directory |
| 2018-12-25T12:54:14.048588452Z | 26 | PC: 12bee | Set disk transfer address |
| 2018-12-25T12:54:14.049549106Z | 78 | PC: 12bfc | Find first file |
| 2018-12-25T12:54:14.053531585Z | 61 | PC: 12c28 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:54:14.058064486Z | 63 | PC: 12c3a | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T12:54:14.065469806Z | 44 | PC: 12ca3 | Get time 0x12ca3: add dl, dh 0x12ca5: je 0x12c9f 0x12ca7: mov si, 0x115 0x12caa: add si, word ptr [0x106] 0x12cae: mov byte ptr [si], dl 0x12cb0: mov ax, 0x4301 0x12cb3: xor cx, cx 0x12cb5: mov dx, si 0x12cb7: add dx, 0xb6 0x12cbb: int 0x21 0x12cbd: mov ah, 0x3e 0x12cbf: int 0x21 0x12cc1: mov ax, 0x3d02 0x12cc4: int 0x21 0x12cc6: jb 0x12c49 0x12cc8: mov di, dx 0x12cca: add di, 0x5d 0x12ccd: stosw word ptr es:[di], ax 0x12cce: xchg ax, bx 0x12ccf: mov ah, 0x40 |
| 2018-12-25T12:54:14.067683697Z | 67 | PC: 12cbd | Get or set file attributes |
| 2018-12-25T12:54:14.46894884Z | 62 | PC: 12cc1 | Close file |
| 2018-12-25T12:54:14.471519324Z | 61 | PC: 12cc6 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:54:14.47923898Z | 64 | PC: 12cd9 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:54:14.487299207Z | 64 | PC: 12ceb | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:54:14.490226736Z | 64 | PC: 12d00 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:54:14.49309947Z | 66 | PC: 12d09 | Move file pointer |
| 2018-12-25T12:54:14.496505435Z | 64 | PC: 12a84 | Write file or device (Write 1202 bytes on handle 5) |
| 2018-12-25T12:54:14.507161342Z | 87 | PC: 12d22 | Get or set file date and time |
| 2018-12-25T12:54:14.508783617Z | 62 | PC: 12d26 | Close file |
| 2018-12-25T12:54:14.517870075Z | 67 | PC: 12d37 | Get or set file attributes |
| 2018-12-25T12:54:14.528958174Z | 79 | PC: 12c10 | Find next file |
| 2018-12-25T12:54:14.531980953Z | 61 | PC: 12c28 | Open file (See above) |
| 2018-12-25T12:54:14.540161435Z | 63 | PC: 12c3a | Read file or device (See above) |
| 2018-12-25T12:54:14.547581025Z | 44 | PC: 12ca3 | Get time (See above) |
| 2018-12-25T12:54:14.550103567Z | 67 | PC: 12cbd | Get or set file attributes (See above) |
| 2018-12-25T12:54:14.562305957Z | 62 | PC: 12cc1 | Close file (See above) |
| 2018-12-25T12:54:14.564443157Z | 61 | PC: 12cc6 | Open file (See above) |
| 2018-12-25T12:54:14.571781671Z | 64 | PC: 12cd9 | Write file or device (See above) |
| 2018-12-25T12:54:14.574754938Z | 64 | PC: 12ceb | Write file or device (See above) |
| 2018-12-25T12:54:14.577963604Z | 64 | PC: 12d00 | Write file or device (See above) |
| 2018-12-25T12:54:14.580716978Z | 66 | PC: 12d09 | Move file pointer (See above) |
| 2018-12-25T12:54:14.58269486Z | 64 | PC: 12a84 | Write file or device (See above) |
| 2018-12-25T12:54:14.59347221Z | 87 | PC: 12d22 | Get or set file date and time (See above) |
| 2018-12-25T12:54:14.595076118Z | 62 | PC: 12d26 | Close file (See above) |
| 2018-12-25T12:54:14.603568655Z | 67 | PC: 12d37 | Get or set file attributes (See above) |
| 2018-12-25T12:54:14.614676327Z | 79 | PC: 12c10 | Find next file (See above) |
| 2018-12-25T12:54:14.617515928Z | 61 | PC: 12c28 | Open file (See above) |
| 2018-12-25T12:54:14.6255078Z | 63 | PC: 12c3a | Read file or device (See above) |
| 2018-12-25T12:54:14.633038074Z | 44 | PC: 12ca3 | Get time (See above) |
| 2018-12-25T12:54:14.635339668Z | 67 | PC: 12cbd | Get or set file attributes (See above) |
| 2018-12-25T12:54:14.646146772Z | 62 | PC: 12cc1 | Close file (See above) |
| 2018-12-25T12:54:14.648732942Z | 61 | PC: 12cc6 | Open file (See above) |
| 2018-12-25T12:54:14.655995034Z | 64 | PC: 12cd9 | Write file or device (See above) |
| 2018-12-25T12:54:14.674142137Z | 64 | PC: 12ceb | Write file or device (See above) |
| 2018-12-25T12:54:14.678847072Z | 64 | PC: 12d00 | Write file or device (See above) |
| 2018-12-25T12:54:14.682519987Z | 66 | PC: 12d09 | Move file pointer (See above) |
| 2018-12-25T12:54:14.684640306Z | 64 | PC: 12a84 | Write file or device (See above) |
| 2018-12-25T12:54:14.697966723Z | 87 | PC: 12d22 | Get or set file date and time (See above) |
| 2018-12-25T12:54:14.699888975Z | 62 | PC: 12d26 | Close file (See above) |
| 2018-12-25T12:54:14.70820906Z | 67 | PC: 12d37 | Get or set file attributes (See above) |
| 2018-12-25T12:54:14.7194784Z | 42 | PC: 12b55 | Get date 0x12b55: cmp dx, 0x606 0x12b59: je 0x12b5e 0x12b5b: jmp 0x12da9 0x12b5e: jmp 0x12d3d 0x12b61: and ah, bh 0x12b63: movsw word ptr es:[di], word ptr [si] 0x12b64: mov ax, 0x5c4c 0x12b67: add word ptr [di], ax 0x12b69: add byte ptr [di - 0x75], dl 0x12b6c: in al, dx 0x12b6d: sub sp, 0x2c 0x12b70: push si 0x12b71: jmp 0x12be3 0x12b73: nop 0x12b74: mov ah, 0x1a 0x12b76: lea dx, word ptr [bp - 0x2c] 0x12b79: int 0x21 0x12b7b: mov ah, 0x4e 0x12b7d: mov cx, 0x10 0x12b80: mov dx, 0x1a4 |
| 2018-12-25T12:54:14.723156799Z | 59 | PC: 12db4 | Change current directory |
| 2018-12-25T12:54:14.728595785Z | 59 | PC: 12dbb | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":16897,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:54:14.290583994Z | 71 | PC: 12b2f | Get current directory |
| 2018-12-25T12:54:14.293082198Z | 59 | PC: 12b3a | Change current directory |
| 2018-12-25T12:54:14.297188271Z | 26 | PC: 12bee | Set disk transfer address |
| 2018-12-25T12:54:14.298170393Z | 78 | PC: 12bfc | Find first file |
| 2018-12-25T12:54:14.308268954Z | 61 | PC: 12c28 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:54:14.318390562Z | 63 | PC: 12c3a | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T12:54:14.323819293Z | 44 | PC: 12ca3 | Get time 0x12ca3: add dl, dh 0x12ca5: je 0x12c9f 0x12ca7: mov si, 0x115 0x12caa: add si, word ptr [0x106] 0x12cae: mov byte ptr [si], dl 0x12cb0: mov ax, 0x4301 0x12cb3: xor cx, cx 0x12cb5: mov dx, si 0x12cb7: add dx, 0xb6 0x12cbb: int 0x21 0x12cbd: mov ah, 0x3e 0x12cbf: int 0x21 0x12cc1: mov ax, 0x3d02 0x12cc4: int 0x21 0x12cc6: jb 0x12c49 0x12cc8: mov di, dx 0x12cca: add di, 0x5d 0x12ccd: stosw word ptr es:[di], ax 0x12cce: xchg ax, bx 0x12ccf: mov ah, 0x40 |
| 2018-12-25T12:54:14.32613154Z | 67 | PC: 12cbd | Get or set file attributes |
| 2018-12-25T12:54:14.341914007Z | 62 | PC: 12cc1 | Close file |
| 2018-12-25T12:54:14.343497374Z | 61 | PC: 12cc6 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:54:14.349491926Z | 64 | PC: 12cd9 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:54:14.352283918Z | 64 | PC: 12ceb | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:54:14.354749949Z | 64 | PC: 12d00 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:54:14.357590195Z | 66 | PC: 12d09 | Move file pointer |
| 2018-12-25T12:54:14.359348247Z | 64 | PC: 12a84 | Write file or device (Write 1202 bytes on handle 5) |
| 2018-12-25T12:54:14.368540154Z | 87 | PC: 12d22 | Get or set file date and time |
| 2018-12-25T12:54:14.370243719Z | 62 | PC: 12d26 | Close file |
| 2018-12-25T12:54:14.375382453Z | 67 | PC: 12d37 | Get or set file attributes |
| 2018-12-25T12:54:14.381523798Z | 79 | PC: 12c10 | Find next file |
| 2018-12-25T12:54:14.383676794Z | 61 | PC: 12c28 | Open file (See above) |
| 2018-12-25T12:54:14.390745913Z | 63 | PC: 12c3a | Read file or device (See above) |
| 2018-12-25T12:54:14.394864551Z | 44 | PC: 12ca3 | Get time (See above) |
| 2018-12-25T12:54:14.396238969Z | 67 | PC: 12cbd | Get or set file attributes (See above) |
| 2018-12-25T12:54:14.402627801Z | 62 | PC: 12cc1 | Close file (See above) |
| 2018-12-25T12:54:14.404507311Z | 61 | PC: 12cc6 | Open file (See above) |
| 2018-12-25T12:54:14.410910504Z | 64 | PC: 12cd9 | Write file or device (See above) |
| 2018-12-25T12:54:14.413683136Z | 64 | PC: 12ceb | Write file or device (See above) |
| 2018-12-25T12:54:14.416150985Z | 64 | PC: 12d00 | Write file or device (See above) |
| 2018-12-25T12:54:14.418537851Z | 66 | PC: 12d09 | Move file pointer (See above) |
| 2018-12-25T12:54:14.420863106Z | 64 | PC: 12a84 | Write file or device (See above) |
| 2018-12-25T12:54:14.428823364Z | 87 | PC: 12d22 | Get or set file date and time (See above) |
| 2018-12-25T12:54:14.429898858Z | 62 | PC: 12d26 | Close file (See above) |
| 2018-12-25T12:54:14.435168775Z | 67 | PC: 12d37 | Get or set file attributes (See above) |
| 2018-12-25T12:54:14.441511533Z | 79 | PC: 12c10 | Find next file (See above) |
| 2018-12-25T12:54:14.444153067Z | 61 | PC: 12c28 | Open file (See above) |
| 2018-12-25T12:54:14.456578522Z | 63 | PC: 12c3a | Read file or device (See above) |
| 2018-12-25T12:54:14.463404657Z | 44 | PC: 12ca3 | Get time (See above) |
| 2018-12-25T12:54:14.465492485Z | 67 | PC: 12cbd | Get or set file attributes (See above) |
| 2018-12-25T12:54:14.476545642Z | 62 | PC: 12cc1 | Close file (See above) |
| 2018-12-25T12:54:14.478294177Z | 61 | PC: 12cc6 | Open file (See above) |
| 2018-12-25T12:54:14.484573688Z | 64 | PC: 12cd9 | Write file or device (See above) |
| 2018-12-25T12:54:14.487631278Z | 64 | PC: 12ceb | Write file or device (See above) |
| 2018-12-25T12:54:14.490014732Z | 64 | PC: 12d00 | Write file or device (See above) |
| 2018-12-25T12:54:14.492384207Z | 66 | PC: 12d09 | Move file pointer (See above) |
| 2018-12-25T12:54:14.494564757Z | 64 | PC: 12a84 | Write file or device (See above) |
| 2018-12-25T12:54:14.503391963Z | 87 | PC: 12d22 | Get or set file date and time (See above) |
| 2018-12-25T12:54:14.504864549Z | 62 | PC: 12d26 | Close file (See above) |
| 2018-12-25T12:54:14.513347246Z | 67 | PC: 12d37 | Get or set file attributes (See above) |
| 2018-12-25T12:54:14.523180337Z | 42 | PC: 12b55 | Get date 0x12b55: cmp dx, 0x606 0x12b59: je 0x12b5e 0x12b5b: jmp 0x12da9 0x12b5e: jmp 0x12d3d 0x12b61: and ah, bh 0x12b63: movsw word ptr es:[di], word ptr [si] 0x12b64: mov ax, 0x5c4c 0x12b67: add word ptr [di], ax 0x12b69: add byte ptr [di - 0x75], dl 0x12b6c: in al, dx 0x12b6d: sub sp, 0x2c 0x12b70: push si 0x12b71: jmp 0x12be3 0x12b73: nop 0x12b74: mov ah, 0x1a 0x12b76: lea dx, word ptr [bp - 0x2c] 0x12b79: int 0x21 0x12b7b: mov ah, 0x4e 0x12b7d: mov cx, 0x10 0x12b80: mov dx, 0x1a4 |
| 2018-12-25T12:54:14.525244684Z | 59 | PC: 12db4 | Change current directory |
| 2018-12-25T12:54:14.529042667Z | 59 | PC: 12dbb | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":16897,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:54:14.484693138Z | 71 | PC: 12b2f | Get current directory |
| 2018-12-25T12:54:14.48792872Z | 59 | PC: 12b3a | Change current directory |
| 2018-12-25T12:54:14.491677293Z | 26 | PC: 12bee | Set disk transfer address |
| 2018-12-25T12:54:14.492627345Z | 78 | PC: 12bfc | Find first file |
| 2018-12-25T12:54:14.503486224Z | 61 | PC: 12c28 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:54:14.514784023Z | 63 | PC: 12c3a | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T12:54:14.520829753Z | 44 | PC: 12ca3 | Get time 0x12ca3: add dl, dh 0x12ca5: je 0x12c9f 0x12ca7: mov si, 0x115 0x12caa: add si, word ptr [0x106] 0x12cae: mov byte ptr [si], dl 0x12cb0: mov ax, 0x4301 0x12cb3: xor cx, cx 0x12cb5: mov dx, si 0x12cb7: add dx, 0xb6 0x12cbb: int 0x21 0x12cbd: mov ah, 0x3e 0x12cbf: int 0x21 0x12cc1: mov ax, 0x3d02 0x12cc4: int 0x21 0x12cc6: jb 0x12c49 0x12cc8: mov di, dx 0x12cca: add di, 0x5d 0x12ccd: stosw word ptr es:[di], ax 0x12cce: xchg ax, bx 0x12ccf: mov ah, 0x40 |
| 2018-12-25T12:54:14.522919493Z | 67 | PC: 12cbd | Get or set file attributes |
| 2018-12-25T12:54:14.53931892Z | 62 | PC: 12cc1 | Close file |
| 2018-12-25T12:54:14.540929637Z | 61 | PC: 12cc6 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:54:14.547432426Z | 64 | PC: 12cd9 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:54:14.550643994Z | 64 | PC: 12ceb | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:54:14.553093479Z | 64 | PC: 12d00 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:54:14.556009394Z | 66 | PC: 12d09 | Move file pointer |
| 2018-12-25T12:54:14.558440666Z | 64 | PC: 12a84 | Write file or device (Write 1202 bytes on handle 5) |
| 2018-12-25T12:54:14.567508633Z | 87 | PC: 12d22 | Get or set file date and time |
| 2018-12-25T12:54:14.568951312Z | 62 | PC: 12d26 | Close file |
| 2018-12-25T12:54:14.576871462Z | 67 | PC: 12d37 | Get or set file attributes |
| 2018-12-25T12:54:14.587004939Z | 79 | PC: 12c10 | Find next file |
| 2018-12-25T12:54:14.589491004Z | 61 | PC: 12c28 | Open file (See above) |
| 2018-12-25T12:54:14.596156312Z | 63 | PC: 12c3a | Read file or device (See above) |
| 2018-12-25T12:54:14.602729446Z | 44 | PC: 12ca3 | Get time (See above) |
| 2018-12-25T12:54:14.605089914Z | 67 | PC: 12cbd | Get or set file attributes (See above) |
| 2018-12-25T12:54:14.61548772Z | 62 | PC: 12cc1 | Close file (See above) |
| 2018-12-25T12:54:14.617278384Z | 61 | PC: 12cc6 | Open file (See above) |
| 2018-12-25T12:54:14.623626462Z | 64 | PC: 12cd9 | Write file or device (See above) |
| 2018-12-25T12:54:14.634657737Z | 64 | PC: 12ceb | Write file or device (See above) |
| 2018-12-25T12:54:14.637142269Z | 64 | PC: 12d00 | Write file or device (See above) |
| 2018-12-25T12:54:14.639506934Z | 66 | PC: 12d09 | Move file pointer (See above) |
| 2018-12-25T12:54:14.641909855Z | 64 | PC: 12a84 | Write file or device (See above) |
| 2018-12-25T12:54:14.650706901Z | 87 | PC: 12d22 | Get or set file date and time (See above) |
| 2018-12-25T12:54:14.65207649Z | 62 | PC: 12d26 | Close file (See above) |
| 2018-12-25T12:54:14.660667167Z | 67 | PC: 12d37 | Get or set file attributes (See above) |
| 2018-12-25T12:54:14.67020669Z | 79 | PC: 12c10 | Find next file (See above) |
| 2018-12-25T12:54:14.672639213Z | 61 | PC: 12c28 | Open file (See above) |
| 2018-12-25T12:54:14.6793614Z | 63 | PC: 12c3a | Read file or device (See above) |
| 2018-12-25T12:54:14.685685953Z | 44 | PC: 12ca3 | Get time (See above) |
| 2018-12-25T12:54:14.687748Z | 67 | PC: 12cbd | Get or set file attributes (See above) |
| 2018-12-25T12:54:14.697937836Z | 62 | PC: 12cc1 | Close file (See above) |
| 2018-12-25T12:54:14.699690369Z | 61 | PC: 12cc6 | Open file (See above) |
| 2018-12-25T12:54:14.705984635Z | 64 | PC: 12cd9 | Write file or device (See above) |
| 2018-12-25T12:54:14.709017176Z | 64 | PC: 12ceb | Write file or device (See above) |
| 2018-12-25T12:54:14.711487086Z | 64 | PC: 12d00 | Write file or device (See above) |
| 2018-12-25T12:54:14.714017925Z | 66 | PC: 12d09 | Move file pointer (See above) |
| 2018-12-25T12:54:14.716241455Z | 64 | PC: 12a84 | Write file or device (See above) |
| 2018-12-25T12:54:14.725470487Z | 87 | PC: 12d22 | Get or set file date and time (See above) |
| 2018-12-25T12:54:14.72683094Z | 62 | PC: 12d26 | Close file (See above) |
| 2018-12-25T12:54:14.735140466Z | 67 | PC: 12d37 | Get or set file attributes (See above) |
| 2018-12-25T12:54:14.744982408Z | 42 | PC: 12b55 | Get date 0x12b55: cmp dx, 0x606 0x12b59: je 0x12b5e 0x12b5b: jmp 0x12da9 0x12b5e: jmp 0x12d3d 0x12b61: and ah, bh 0x12b63: movsw word ptr es:[di], word ptr [si] 0x12b64: mov ax, 0x5c4c 0x12b67: add word ptr [di], ax 0x12b69: add byte ptr [di - 0x75], dl 0x12b6c: in al, dx 0x12b6d: sub sp, 0x2c 0x12b70: push si 0x12b71: jmp 0x12be3 0x12b73: nop 0x12b74: mov ah, 0x1a 0x12b76: lea dx, word ptr [bp - 0x2c] 0x12b79: int 0x21 0x12b7b: mov ah, 0x4e 0x12b7d: mov cx, 0x10 0x12b80: mov dx, 0x1a4 |
| 2018-12-25T12:54:14.746974006Z | 59 | PC: 12db4 | Change current directory |
| 2018-12-25T12:54:14.751164017Z | 59 | PC: 12dbb | Change current directory |