{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":3610,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:49:44.161690151Z | 53 | PC: 12ae3 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T11:49:44.162946273Z | 37 | PC: 12af5 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T11:49:44.167771864Z | 71 | PC: 12b00 | Get current directory |
| 2018-12-25T11:49:44.171036003Z | 25 | PC: 12b05 | Get default drive |
| 2018-12-25T11:49:44.172328696Z | 26 | PC: 12b2c | Set disk transfer address |
| 2018-12-25T11:49:44.175171339Z | 42 | PC: 12b30 | Get date 0x12b30: cmp dx, 0x202 0x12b34: jne 0x12b39 0x12b36: jmp 0x12cf2 0x12b39: mov ah, 0x4e 0x12b3b: lea dx, word ptr [si + 0x432] 0x12b3f: mov cx, 7 0x12b42: int 0x21 0x12b44: jae 0x12b88 0x12b46: mov ah, 0x1a 0x12b48: lea dx, word ptr [si + 0x512] 0x12b4c: int 0x21 0x12b4e: mov ah, 0x3b 0x12b50: lea dx, word ptr [si + 0x43c] 0x12b54: int 0x21 0x12b56: jb 0x12b5a 0x12b58: jmp 0x12b24 0x12b5a: cmp byte ptr [si + 0x457], 1 0x12b5f: je 0x12b78 0x12b61: mov al, 1 0x12b63: mov byte ptr [si + 0x457], al |
| 2018-12-25T11:49:44.177993396Z | 78 | PC: 12b44 | Find first file |
| 2018-12-25T11:49:44.185050903Z | 67 | PC: 12b9b | Get or set file attributes |
| 2018-12-25T11:49:44.204230638Z | 61 | PC: 12d40 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:49:44.208779709Z | 63 | PC: 12bc2 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T11:49:44.213187955Z | 66 | PC: 12d36 | Move file pointer |
| 2018-12-25T11:49:44.214680956Z | 44 | PC: 12c2c | Get time 0x12c2c: cmp dx, 0 0x12c2f: je 0x12c28 0x12c31: mov word ptr [si + 0x118], dx 0x12c35: mov cl, 8 0x12c37: ror dx, cl 0x12c39: mov word ptr [si + 0x455], dx 0x12c3d: cmp dl, 0x1e 0x12c40: jle 0x12c44 0x12c42: jmp 0x12c62 0x12c44: lea si, word ptr [bp + 0x142] 0x12c48: lea di, word ptr [bp + 0x11a] 0x12c4c: mov cx, 0x10 0x12c4f: call 0x12d09 0x12c52: lea si, word ptr [bp + 0x152] 0x12c56: lea di, word ptr [bp + 0x132] 0x12c5a: mov cx, 6 0x12c5d: call 0x12d09 0x12c60: jmp 0x12c7e 0x12c62: lea si, word ptr [bp + 0x158] 0x12c66: lea di, word ptr [bp + 0x11a] |
| 2018-12-25T11:49:44.217483793Z | 64 | PC: 12a7e | Write file or device (Write 855 bytes on handle 5) |
| 2018-12-25T11:49:44.227475323Z | 66 | PC: 12d2c | Move file pointer |
| 2018-12-25T11:49:44.229039337Z | 64 | PC: 12ca2 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:49:44.236797713Z | 87 | PC: 12cb3 | Get or set file date and time |
| 2018-12-25T11:49:44.238696968Z | 62 | PC: 12cb7 | Close file |
| 2018-12-25T11:49:44.247613604Z | 67 | PC: 12cc6 | Get or set file attributes |
| 2018-12-25T11:49:44.258848885Z | 59 | PC: 12cce | Change current directory |
| 2018-12-25T11:49:44.263172959Z | 26 | PC: 12cd5 | Set disk transfer address |
| 2018-12-25T11:49:44.26442104Z | 37 | PC: 12ce0 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":3610,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:49:44.776498535Z | 53 | PC: 12ae3 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T11:49:44.778641618Z | 37 | PC: 12af5 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T11:49:44.779696343Z | 71 | PC: 12b00 | Get current directory |
| 2018-12-25T11:49:44.782465973Z | 25 | PC: 12b05 | Get default drive |
| 2018-12-25T11:49:44.784029876Z | 26 | PC: 12b2c | Set disk transfer address |
| 2018-12-25T11:49:44.785100099Z | 42 | PC: 12b30 | Get date 0x12b30: cmp dx, 0x202 0x12b34: jne 0x12b39 0x12b36: jmp 0x12cf2 0x12b39: mov ah, 0x4e 0x12b3b: lea dx, word ptr [si + 0x432] 0x12b3f: mov cx, 7 0x12b42: int 0x21 0x12b44: jae 0x12b88 0x12b46: mov ah, 0x1a 0x12b48: lea dx, word ptr [si + 0x512] 0x12b4c: int 0x21 0x12b4e: mov ah, 0x3b 0x12b50: lea dx, word ptr [si + 0x43c] 0x12b54: int 0x21 0x12b56: jb 0x12b5a 0x12b58: jmp 0x12b24 0x12b5a: cmp byte ptr [si + 0x457], 1 0x12b5f: je 0x12b78 0x12b61: mov al, 1 0x12b63: mov byte ptr [si + 0x457], al |
| 2018-12-25T11:49:44.78719827Z | 78 | PC: 12b44 | Find first file |
| 2018-12-25T11:49:44.793715515Z | 67 | PC: 12b9b | Get or set file attributes |
| 2018-12-25T11:49:44.813248261Z | 61 | PC: 12d40 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:49:44.819708849Z | 63 | PC: 12bc2 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T11:49:44.838957791Z | 66 | PC: 12d36 | Move file pointer |
| 2018-12-25T11:49:44.840325663Z | 44 | PC: 12c2c | Get time 0x12c2c: cmp dx, 0 0x12c2f: je 0x12c28 0x12c31: mov word ptr [si + 0x118], dx 0x12c35: mov cl, 8 0x12c37: ror dx, cl 0x12c39: mov word ptr [si + 0x455], dx 0x12c3d: cmp dl, 0x1e 0x12c40: jle 0x12c44 0x12c42: jmp 0x12c62 0x12c44: lea si, word ptr [bp + 0x142] 0x12c48: lea di, word ptr [bp + 0x11a] 0x12c4c: mov cx, 0x10 0x12c4f: call 0x12d09 0x12c52: lea si, word ptr [bp + 0x152] 0x12c56: lea di, word ptr [bp + 0x132] 0x12c5a: mov cx, 6 0x12c5d: call 0x12d09 0x12c60: jmp 0x12c7e 0x12c62: lea si, word ptr [bp + 0x158] 0x12c66: lea di, word ptr [bp + 0x11a] |
| 2018-12-25T11:49:44.842814472Z | 64 | PC: 12a7e | Write file or device (Write 855 bytes on handle 5) |
| 2018-12-25T11:49:44.850411824Z | 66 | PC: 12d2c | Move file pointer |
| 2018-12-25T11:49:44.852080801Z | 64 | PC: 12ca2 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:49:44.858053393Z | 87 | PC: 12cb3 | Get or set file date and time |
| 2018-12-25T11:49:44.869959192Z | 62 | PC: 12cb7 | Close file |
| 2018-12-25T11:49:44.878777941Z | 67 | PC: 12cc6 | Get or set file attributes |
| 2018-12-25T11:49:44.888167976Z | 59 | PC: 12cce | Change current directory |
| 2018-12-25T11:49:44.891839775Z | 26 | PC: 12cd5 | Set disk transfer address |
| 2018-12-25T11:49:44.893307133Z | 37 | PC: 12ce0 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":3610,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:49:45.048617606Z | 53 | PC: 12ae3 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T11:49:45.050052804Z | 37 | PC: 12af5 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T11:49:45.051061823Z | 71 | PC: 12b00 | Get current directory |
| 2018-12-25T11:49:45.05371305Z | 25 | PC: 12b05 | Get default drive |
| 2018-12-25T11:49:45.056062465Z | 26 | PC: 12b2c | Set disk transfer address |
| 2018-12-25T11:49:45.057888727Z | 42 | PC: 12b30 | Get date 0x12b30: cmp dx, 0x202 0x12b34: jne 0x12b39 0x12b36: jmp 0x12cf2 0x12b39: mov ah, 0x4e 0x12b3b: lea dx, word ptr [si + 0x432] 0x12b3f: mov cx, 7 0x12b42: int 0x21 0x12b44: jae 0x12b88 0x12b46: mov ah, 0x1a 0x12b48: lea dx, word ptr [si + 0x512] 0x12b4c: int 0x21 0x12b4e: mov ah, 0x3b 0x12b50: lea dx, word ptr [si + 0x43c] 0x12b54: int 0x21 0x12b56: jb 0x12b5a 0x12b58: jmp 0x12b24 0x12b5a: cmp byte ptr [si + 0x457], 1 0x12b5f: je 0x12b78 0x12b61: mov al, 1 0x12b63: mov byte ptr [si + 0x457], al |
| 2018-12-25T11:49:45.060235437Z | 78 | PC: 12b44 | Find first file |
| 2018-12-25T11:49:45.066288536Z | 67 | PC: 12b9b | Get or set file attributes |
| 2018-12-25T11:49:45.084365543Z | 61 | PC: 12d40 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:49:45.095422011Z | 63 | PC: 12bc2 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T11:49:45.111136394Z | 66 | PC: 12d36 | Move file pointer |
| 2018-12-25T11:49:45.11266619Z | 44 | PC: 12c2c | Get time 0x12c2c: cmp dx, 0 0x12c2f: je 0x12c28 0x12c31: mov word ptr [si + 0x118], dx 0x12c35: mov cl, 8 0x12c37: ror dx, cl 0x12c39: mov word ptr [si + 0x455], dx 0x12c3d: cmp dl, 0x1e 0x12c40: jle 0x12c44 0x12c42: jmp 0x12c62 0x12c44: lea si, word ptr [bp + 0x142] 0x12c48: lea di, word ptr [bp + 0x11a] 0x12c4c: mov cx, 0x10 0x12c4f: call 0x12d09 0x12c52: lea si, word ptr [bp + 0x152] 0x12c56: lea di, word ptr [bp + 0x132] 0x12c5a: mov cx, 6 0x12c5d: call 0x12d09 0x12c60: jmp 0x12c7e 0x12c62: lea si, word ptr [bp + 0x158] 0x12c66: lea di, word ptr [bp + 0x11a] |
| 2018-12-25T11:49:45.115033273Z | 64 | PC: 12a7e | Write file or device (Write 855 bytes on handle 5) |
| 2018-12-25T11:49:45.123284102Z | 66 | PC: 12d2c | Move file pointer |
| 2018-12-25T11:49:45.125194622Z | 64 | PC: 12ca2 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:49:45.13144218Z | 87 | PC: 12cb3 | Get or set file date and time |
| 2018-12-25T11:49:45.132897226Z | 62 | PC: 12cb7 | Close file |
| 2018-12-25T11:49:45.147718886Z | 67 | PC: 12cc6 | Get or set file attributes |
| 2018-12-25T11:49:45.157196399Z | 59 | PC: 12cce | Change current directory |
| 2018-12-25T11:49:45.160954436Z | 26 | PC: 12cd5 | Set disk transfer address |
| 2018-12-25T11:49:45.163963595Z | 37 | PC: 12ce0 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":3610,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:49:45.097805648Z | 53 | PC: 12ae3 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T11:49:45.09937111Z | 37 | PC: 12af5 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T11:49:45.100493442Z | 71 | PC: 12b00 | Get current directory |
| 2018-12-25T11:49:45.103463052Z | 25 | PC: 12b05 | Get default drive |
| 2018-12-25T11:49:45.105107721Z | 26 | PC: 12b2c | Set disk transfer address |
| 2018-12-25T11:49:45.106203616Z | 42 | PC: 12b30 | Get date 0x12b30: cmp dx, 0x202 0x12b34: jne 0x12b39 0x12b36: jmp 0x12cf2 0x12b39: mov ah, 0x4e 0x12b3b: lea dx, word ptr [si + 0x432] 0x12b3f: mov cx, 7 0x12b42: int 0x21 0x12b44: jae 0x12b88 0x12b46: mov ah, 0x1a 0x12b48: lea dx, word ptr [si + 0x512] 0x12b4c: int 0x21 0x12b4e: mov ah, 0x3b 0x12b50: lea dx, word ptr [si + 0x43c] 0x12b54: int 0x21 0x12b56: jb 0x12b5a 0x12b58: jmp 0x12b24 0x12b5a: cmp byte ptr [si + 0x457], 1 0x12b5f: je 0x12b78 0x12b61: mov al, 1 0x12b63: mov byte ptr [si + 0x457], al |
| 2018-12-25T11:49:45.108438553Z | 78 | PC: 12b44 | Find first file |
| 2018-12-25T11:49:45.115319154Z | 67 | PC: 12b9b | Get or set file attributes |
| 2018-12-25T11:49:45.70973191Z | 61 | PC: 12d40 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:49:45.717303434Z | 63 | PC: 12bc2 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T11:49:45.724656039Z | 66 | PC: 12d36 | Move file pointer |
| 2018-12-25T11:49:45.726858907Z | 44 | PC: 12c2c | Get time 0x12c2c: cmp dx, 0 0x12c2f: je 0x12c28 0x12c31: mov word ptr [si + 0x118], dx 0x12c35: mov cl, 8 0x12c37: ror dx, cl 0x12c39: mov word ptr [si + 0x455], dx 0x12c3d: cmp dl, 0x1e 0x12c40: jle 0x12c44 0x12c42: jmp 0x12c62 0x12c44: lea si, word ptr [bp + 0x142] 0x12c48: lea di, word ptr [bp + 0x11a] 0x12c4c: mov cx, 0x10 0x12c4f: call 0x12d09 0x12c52: lea si, word ptr [bp + 0x152] 0x12c56: lea di, word ptr [bp + 0x132] 0x12c5a: mov cx, 6 0x12c5d: call 0x12d09 0x12c60: jmp 0x12c7e 0x12c62: lea si, word ptr [bp + 0x158] 0x12c66: lea di, word ptr [bp + 0x11a] |
| 2018-12-25T11:49:45.730337111Z | 64 | PC: 12a7e | Write file or device (Write 855 bytes on handle 5) |
| 2018-12-25T11:49:45.740177331Z | 66 | PC: 12d2c | Move file pointer |
| 2018-12-25T11:49:45.742988435Z | 64 | PC: 12ca2 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:49:45.751446542Z | 87 | PC: 12cb3 | Get or set file date and time |
| 2018-12-25T11:49:45.754191518Z | 62 | PC: 12cb7 | Close file |
| 2018-12-25T11:49:45.763350388Z | 67 | PC: 12cc6 | Get or set file attributes |
| 2018-12-25T11:49:45.774671957Z | 59 | PC: 12cce | Change current directory |
| 2018-12-25T11:49:45.77910727Z | 26 | PC: 12cd5 | Set disk transfer address |
| 2018-12-25T11:49:45.788405558Z | 37 | PC: 12ce0 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |