{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3681,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:49:48.989746083Z | 26 | PC: 12a73 | Set disk transfer address |
| 2018-12-25T11:49:48.998773475Z | 37 | PC: 12a81 | Set interrupt vector (Interrupt = '1' AKA 'Character input') |
| 2018-12-25T11:49:48.999796303Z | 37 | PC: 12a85 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input') |
| 2018-12-25T11:49:49.000787755Z | 78 | PC: 12ad1 | Find first file |
| 2018-12-25T11:49:49.006926079Z | 61 | PC: 12d4a | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:49:49.013167819Z | 63 | PC: 12d59 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T11:49:49.019287965Z | 66 | PC: 12d68 | Move file pointer |
| 2018-12-25T11:49:49.021038102Z | 66 | PC: 12d77 | Move file pointer |
| 2018-12-25T11:49:49.022253451Z | 64 | PC: 12d83 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:49:49.024695355Z | 66 | PC: 12d8f | Move file pointer |
| 2018-12-25T11:49:49.026302716Z | 44 | PC: 12d93 | Get time 0x12d93: mov byte ptr [bp + 0x376], dl 0x12d97: call 0x12dad 0x12d9a: mov ah, 0x40 0x12d9c: mov cx, 0x376 0x12d9f: lea dx, word ptr [bp + 6] 0x12da3: int 0x21 0x12da5: call 0x12dad 0x12da8: mov ah, 0x3e 0x12daa: int 0x21 0x12dac: ret 0x12dad: lea si, word ptr [bp + 0x20] 0x12db1: mov cx, 0x337 0x12db4: xor byte ptr [si], 0 0x12db7: inc si 0x12db8: dec cx 0x12db9: jne 0x12db4 0x12dbb: ret 0x12dbc: add word ptr [bx], di 0x12dbe: aas 0x12dbf: aas |
| 2018-12-25T11:49:49.02865486Z | 64 | PC: 12da5 | Write file or device (Write 886 bytes on handle 5) |
| 2018-12-25T11:49:49.042646432Z | 62 | PC: 12dac | Close file |
| 2018-12-25T11:49:49.050861574Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:49:49.053593916Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:49:49.059845364Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:49:49.06582858Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:49:49.067305489Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:49:49.068520983Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:49:49.070885584Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:49:49.072615128Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:49:49.074825347Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:49:49.082716209Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:49:49.090975556Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:49:49.093983465Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:49:49.100785192Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:49:49.107996635Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:49:49.109756087Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:49:49.111398074Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:49:49.115245276Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:49:49.116859117Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:49:49.119540371Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:49:49.128545628Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:49:49.136637266Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:49:49.139203919Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:49:49.147830125Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:49:49.154280593Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:49:49.15567522Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:49:49.158015386Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:49:49.160663568Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:49:49.161881167Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:49:49.164878452Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:49:49.173122675Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:49:49.182085595Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:49:49.186515504Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:49:49.193424669Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:49:49.199569893Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:49:49.201570717Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:49:49.202975541Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:49:49.205470647Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:49:49.207228075Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:49:49.210626183Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:49:49.218920499Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:49:49.227086991Z | 26 | PC: 12aeb | Set disk transfer address |
| 2018-12-25T11:49:49.228468506Z | 42 | PC: 12af7 | Get date 0x12af7: cmp dh, 7 0x12afa: jne 0x12b04 0x12afc: cmp dl, 0xe 0x12aff: jne 0x12b04 0x12b01: call 0x12b2e 0x12b04: mov ah, 0x2a 0x12b06: int 0x21 0x12b08: cmp dh, 0xb 0x12b0b: jl 0x12b15 0x12b0d: cmp dl, 8 0x12b10: jl 0x12b15 0x12b12: call 0x12b3b 0x12b15: mov ah, 0x2a 0x12b17: int 0x21 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 |
| 2018-12-25T11:49:49.230539088Z | 42 | PC: 12b08 | Get date 0x12b08: cmp dh, 0xb 0x12b0b: jl 0x12b15 0x12b0d: cmp dl, 8 0x12b10: jl 0x12b15 0x12b12: call 0x12b3b 0x12b15: mov ah, 0x2a 0x12b17: int 0x21 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al |
| 2018-12-25T11:49:49.232572323Z | 42 | PC: 12b19 | Get date 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al 0x12b36: cmp al, 0 0x12b38: jne 0x12b30 0x12b3a: ret 0x12b3b: mov ah, 0x19 0x12b3d: int 0x21 0x12b3f: mov cx, 0x1111 0x12b42: mov dx, 0 |
| 2018-12-25T11:49:49.235374653Z | 44 | PC: 12b25 | Get time 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al 0x12b36: cmp al, 0 0x12b38: jne 0x12b30 0x12b3a: ret 0x12b3b: mov ah, 0x19 0x12b3d: int 0x21 0x12b3f: mov cx, 0x1111 0x12b42: mov dx, 0 0x12b45: int 0x26 0x12b47: add sp, 2 0x12b4a: ret 0x12b4b: mov ah, 0x13 0x12b4d: push cs |
{"DateBased":true,"Day":1,"Month":7,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3681,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:49:49.300140153Z | 26 | PC: 12a73 | Set disk transfer address |
| 2018-12-25T11:49:49.301831371Z | 37 | PC: 12a81 | Set interrupt vector (Interrupt = '1' AKA 'Character input') |
| 2018-12-25T11:49:49.302796207Z | 37 | PC: 12a85 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input') |
| 2018-12-25T11:49:49.303749564Z | 78 | PC: 12ad1 | Find first file |
| 2018-12-25T11:49:49.309852373Z | 61 | PC: 12d4a | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:49:49.316550433Z | 63 | PC: 12d59 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T11:49:49.330895764Z | 66 | PC: 12d68 | Move file pointer |
| 2018-12-25T11:49:49.333451976Z | 66 | PC: 12d77 | Move file pointer |
| 2018-12-25T11:49:49.334686026Z | 64 | PC: 12d83 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:49:49.33706528Z | 66 | PC: 12d8f | Move file pointer |
| 2018-12-25T11:49:49.338606572Z | 44 | PC: 12d93 | Get time 0x12d93: mov byte ptr [bp + 0x376], dl 0x12d97: call 0x12dad 0x12d9a: mov ah, 0x40 0x12d9c: mov cx, 0x376 0x12d9f: lea dx, word ptr [bp + 6] 0x12da3: int 0x21 0x12da5: call 0x12dad 0x12da8: mov ah, 0x3e 0x12daa: int 0x21 0x12dac: ret 0x12dad: lea si, word ptr [bp + 0x20] 0x12db1: mov cx, 0x337 0x12db4: xor byte ptr [si], 0 0x12db7: inc si 0x12db8: dec cx 0x12db9: jne 0x12db4 0x12dbb: ret 0x12dbc: add word ptr [bx], di 0x12dbe: aas 0x12dbf: aas |
| 2018-12-25T11:49:49.341000415Z | 64 | PC: 12da5 | Write file or device (Write 886 bytes on handle 5) |
| 2018-12-25T11:49:49.355682841Z | 62 | PC: 12dac | Close file |
| 2018-12-25T11:49:49.363652526Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:49:49.366709834Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:49:49.37353742Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:49:49.380190022Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:49:49.381813461Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:49:49.38300061Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:49:49.3854073Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:49:49.387019932Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:49:49.389165964Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:49:49.397797379Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:49:49.409325417Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:49:49.411987576Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:49:49.418550817Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:49:49.425781984Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:49:49.427441697Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:49:49.429147887Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:49:49.432605321Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:49:49.43400081Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:49:49.43630409Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:49:49.446362993Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:49:49.454294516Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:49:49.456902379Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:49:49.464018531Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:49:49.470295387Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:49:49.471590002Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:49:49.473380446Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:49:49.476339878Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:49:49.47756845Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:49:49.480010619Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:49:49.488346272Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:49:49.49650756Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:49:49.500028614Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:49:49.506860343Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:49:49.513398256Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:49:49.514880548Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:49:49.516187492Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:49:49.518690622Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:49:49.520194229Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:49:49.522738972Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:49:49.530737655Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:49:49.540071299Z | 26 | PC: 12aeb | Set disk transfer address |
| 2018-12-25T11:49:49.542142289Z | 42 | PC: 12af7 | Get date 0x12af7: cmp dh, 7 0x12afa: jne 0x12b04 0x12afc: cmp dl, 0xe 0x12aff: jne 0x12b04 0x12b01: call 0x12b2e 0x12b04: mov ah, 0x2a 0x12b06: int 0x21 0x12b08: cmp dh, 0xb 0x12b0b: jl 0x12b15 0x12b0d: cmp dl, 8 0x12b10: jl 0x12b15 0x12b12: call 0x12b3b 0x12b15: mov ah, 0x2a 0x12b17: int 0x21 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 |
| 2018-12-25T11:49:49.54506743Z | 42 | PC: 12b08 | Get date 0x12b08: cmp dh, 0xb 0x12b0b: jl 0x12b15 0x12b0d: cmp dl, 8 0x12b10: jl 0x12b15 0x12b12: call 0x12b3b 0x12b15: mov ah, 0x2a 0x12b17: int 0x21 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al |
| 2018-12-25T11:49:49.547266311Z | 42 | PC: 12b19 | Get date 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al 0x12b36: cmp al, 0 0x12b38: jne 0x12b30 0x12b3a: ret 0x12b3b: mov ah, 0x19 0x12b3d: int 0x21 0x12b3f: mov cx, 0x1111 0x12b42: mov dx, 0 |
| 2018-12-25T11:49:49.550312828Z | 19 | PC: 12b55 | Delete file |
| 2018-12-25T11:49:49.555995064Z | 44 | PC: 12b25 | Get time 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al 0x12b36: cmp al, 0 0x12b38: jne 0x12b30 0x12b3a: ret 0x12b3b: mov ah, 0x19 0x12b3d: int 0x21 0x12b3f: mov cx, 0x1111 0x12b42: mov dx, 0 0x12b45: int 0x26 0x12b47: add sp, 2 0x12b4a: ret 0x12b4b: mov ah, 0x13 0x12b4d: push cs |
{"DateBased":true,"Day":14,"Month":7,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3681,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:49:49.632710934Z | 26 | PC: 12a73 | Set disk transfer address |
| 2018-12-25T11:49:49.634378245Z | 37 | PC: 12a81 | Set interrupt vector (Interrupt = '1' AKA 'Character input') |
| 2018-12-25T11:49:49.636082426Z | 37 | PC: 12a85 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input') |
| 2018-12-25T11:49:49.637182404Z | 78 | PC: 12ad1 | Find first file |
| 2018-12-25T11:49:49.643503555Z | 61 | PC: 12d4a | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:49:49.650093376Z | 63 | PC: 12d59 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T11:49:49.656569277Z | 66 | PC: 12d68 | Move file pointer |
| 2018-12-25T11:49:49.659335252Z | 66 | PC: 12d77 | Move file pointer |
| 2018-12-25T11:49:49.660748314Z | 64 | PC: 12d83 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:49:49.663268177Z | 66 | PC: 12d8f | Move file pointer |
| 2018-12-25T11:49:49.66482273Z | 44 | PC: 12d93 | Get time 0x12d93: mov byte ptr [bp + 0x376], dl 0x12d97: call 0x12dad 0x12d9a: mov ah, 0x40 0x12d9c: mov cx, 0x376 0x12d9f: lea dx, word ptr [bp + 6] 0x12da3: int 0x21 0x12da5: call 0x12dad 0x12da8: mov ah, 0x3e 0x12daa: int 0x21 0x12dac: ret 0x12dad: lea si, word ptr [bp + 0x20] 0x12db1: mov cx, 0x337 0x12db4: xor byte ptr [si], 0 0x12db7: inc si 0x12db8: dec cx 0x12db9: jne 0x12db4 0x12dbb: ret 0x12dbc: add word ptr [bx], di 0x12dbe: aas 0x12dbf: aas |
| 2018-12-25T11:49:49.667787341Z | 64 | PC: 12da5 | Write file or device (Write 886 bytes on handle 5) |
| 2018-12-25T11:49:49.683493948Z | 62 | PC: 12dac | Close file |
| 2018-12-25T11:49:49.691194367Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:49:49.698506685Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:49:49.704840184Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:49:49.711410153Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:49:49.713787103Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:49:49.715059704Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:49:49.717523833Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:49:49.722503414Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:49:49.724811416Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:49:49.732932663Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:49:49.742692192Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:49:49.745266648Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:49:49.752235424Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:49:49.758611005Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:49:49.760331185Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:49:49.761659149Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:49:49.764503117Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:49:49.766023553Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:49:49.768416769Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:49:49.77691271Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:49:49.78564087Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:49:49.788736089Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:49:49.795603406Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:49:49.802341292Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:49:49.803928757Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:49:49.80529963Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:49:49.808793282Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:49:49.810756902Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:49:49.813166126Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:49:49.823095803Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:49:49.831208032Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:49:49.833750233Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:49:49.840537449Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:49:49.846886881Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:49:49.848164045Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:49:49.849917954Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:49:49.852326068Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:49:49.853487885Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:49:49.85621522Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:49:49.864776579Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:49:49.872662229Z | 26 | PC: 12aeb | Set disk transfer address |
| 2018-12-25T11:49:49.874079386Z | 42 | PC: 12af7 | Get date 0x12af7: cmp dh, 7 0x12afa: jne 0x12b04 0x12afc: cmp dl, 0xe 0x12aff: jne 0x12b04 0x12b01: call 0x12b2e 0x12b04: mov ah, 0x2a 0x12b06: int 0x21 0x12b08: cmp dh, 0xb 0x12b0b: jl 0x12b15 0x12b0d: cmp dl, 8 0x12b10: jl 0x12b15 0x12b12: call 0x12b3b 0x12b15: mov ah, 0x2a 0x12b17: int 0x21 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 |
| 2018-12-25T11:49:49.876373334Z | 42 | PC: 12b08 | Get date 0x12b08: cmp dh, 0xb 0x12b0b: jl 0x12b15 0x12b0d: cmp dl, 8 0x12b10: jl 0x12b15 0x12b12: call 0x12b3b 0x12b15: mov ah, 0x2a 0x12b17: int 0x21 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al |
| 2018-12-25T11:49:49.878359842Z | 42 | PC: 12b19 | Get date 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al 0x12b36: cmp al, 0 0x12b38: jne 0x12b30 0x12b3a: ret 0x12b3b: mov ah, 0x19 0x12b3d: int 0x21 0x12b3f: mov cx, 0x1111 0x12b42: mov dx, 0 |
| 2018-12-25T11:49:49.880789164Z | 19 | PC: 12b55 | Delete file |
| 2018-12-25T11:49:49.88536841Z | 44 | PC: 12b25 | Get time 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al 0x12b36: cmp al, 0 0x12b38: jne 0x12b30 0x12b3a: ret 0x12b3b: mov ah, 0x19 0x12b3d: int 0x21 0x12b3f: mov cx, 0x1111 0x12b42: mov dx, 0 0x12b45: int 0x26 0x12b47: add sp, 2 0x12b4a: ret 0x12b4b: mov ah, 0x13 0x12b4d: push cs |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3681,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:49:50.625433755Z | 26 | PC: 12a73 | Set disk transfer address |
| 2018-12-25T11:49:50.627596889Z | 37 | PC: 12a81 | Set interrupt vector (Interrupt = '1' AKA 'Character input') |
| 2018-12-25T11:49:50.629325335Z | 37 | PC: 12a85 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input') |
| 2018-12-25T11:49:50.630995975Z | 78 | PC: 12ad1 | Find first file |
| 2018-12-25T11:49:50.638910337Z | 61 | PC: 12d4a | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:49:50.647468231Z | 63 | PC: 12d59 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T11:49:50.654591893Z | 66 | PC: 12d68 | Move file pointer |
| 2018-12-25T11:49:50.656278665Z | 66 | PC: 12d77 | Move file pointer |
| 2018-12-25T11:49:50.658717629Z | 64 | PC: 12d83 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:49:50.662392693Z | 66 | PC: 12d8f | Move file pointer |
| 2018-12-25T11:49:50.663932073Z | 44 | PC: 12d93 | Get time 0x12d93: mov byte ptr [bp + 0x376], dl 0x12d97: call 0x12dad 0x12d9a: mov ah, 0x40 0x12d9c: mov cx, 0x376 0x12d9f: lea dx, word ptr [bp + 6] 0x12da3: int 0x21 0x12da5: call 0x12dad 0x12da8: mov ah, 0x3e 0x12daa: int 0x21 0x12dac: ret 0x12dad: lea si, word ptr [bp + 0x20] 0x12db1: mov cx, 0x337 0x12db4: xor byte ptr [si], 0 0x12db7: inc si 0x12db8: dec cx 0x12db9: jne 0x12db4 0x12dbb: ret 0x12dbc: add word ptr [bx], di 0x12dbe: aas 0x12dbf: aas |
| 2018-12-25T11:49:50.67750164Z | 64 | PC: 12da5 | Write file or device (Write 886 bytes on handle 5) |
| 2018-12-25T11:49:50.694951022Z | 62 | PC: 12dac | Close file |
| 2018-12-25T11:49:50.704054819Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:49:50.707849284Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:49:50.715415775Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:49:50.723022101Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:49:50.725688238Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:49:50.733515682Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:49:50.736533956Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:49:50.738088575Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:49:50.741244108Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:49:50.750676375Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:49:50.760180099Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:49:50.764169906Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:49:50.772497578Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:49:50.779774944Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:49:50.782656325Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:49:50.78429171Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:49:50.788081102Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:49:50.791377945Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:49:50.804997892Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:49:50.814307052Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:49:50.824186957Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:49:50.828162076Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:49:50.835596583Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:49:50.843118546Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:49:50.845685758Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:49:50.848009544Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:49:50.852528786Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:49:50.855311987Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:49:50.857568927Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:49:50.863101615Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:49:50.870148841Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:49:50.872134118Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:49:50.876504373Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:49:50.882650266Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:49:50.883939183Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:49:50.885216214Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:49:50.888050992Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:49:50.889303295Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:49:50.891416104Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:49:50.899077865Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:49:50.916402612Z | 26 | PC: 12aeb | Set disk transfer address |
| 2018-12-25T11:49:50.91772578Z | 42 | PC: 12af7 | Get date 0x12af7: cmp dh, 7 0x12afa: jne 0x12b04 0x12afc: cmp dl, 0xe 0x12aff: jne 0x12b04 0x12b01: call 0x12b2e 0x12b04: mov ah, 0x2a 0x12b06: int 0x21 0x12b08: cmp dh, 0xb 0x12b0b: jl 0x12b15 0x12b0d: cmp dl, 8 0x12b10: jl 0x12b15 0x12b12: call 0x12b3b 0x12b15: mov ah, 0x2a 0x12b17: int 0x21 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 |
| 2018-12-25T11:49:50.921350137Z | 42 | PC: 12b08 | Get date 0x12b08: cmp dh, 0xb 0x12b0b: jl 0x12b15 0x12b0d: cmp dl, 8 0x12b10: jl 0x12b15 0x12b12: call 0x12b3b 0x12b15: mov ah, 0x2a 0x12b17: int 0x21 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al |
| 2018-12-25T11:49:50.923700158Z | 42 | PC: 12b19 | Get date 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al 0x12b36: cmp al, 0 0x12b38: jne 0x12b30 0x12b3a: ret 0x12b3b: mov ah, 0x19 0x12b3d: int 0x21 0x12b3f: mov cx, 0x1111 0x12b42: mov dx, 0 |
| 2018-12-25T11:49:50.926259846Z | 44 | PC: 12b25 | Get time 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al 0x12b36: cmp al, 0 0x12b38: jne 0x12b30 0x12b3a: ret 0x12b3b: mov ah, 0x19 0x12b3d: int 0x21 0x12b3f: mov cx, 0x1111 0x12b42: mov dx, 0 0x12b45: int 0x26 0x12b47: add sp, 2 0x12b4a: ret 0x12b4b: mov ah, 0x13 0x12b4d: push cs |
{"DateBased":true,"Day":1,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3681,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:49:51.321864087Z | 26 | PC: 12a73 | Set disk transfer address |
| 2018-12-25T11:49:51.323939034Z | 37 | PC: 12a81 | Set interrupt vector (Interrupt = '1' AKA 'Character input') |
| 2018-12-25T11:49:51.325066729Z | 37 | PC: 12a85 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input') |
| 2018-12-25T11:49:51.326177024Z | 78 | PC: 12ad1 | Find first file |
| 2018-12-25T11:49:51.333235549Z | 61 | PC: 12d4a | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:49:51.339519793Z | 63 | PC: 12d59 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T11:49:51.346263017Z | 66 | PC: 12d68 | Move file pointer |
| 2018-12-25T11:49:51.347778376Z | 66 | PC: 12d77 | Move file pointer |
| 2018-12-25T11:49:51.355671583Z | 64 | PC: 12d83 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:49:51.358610823Z | 66 | PC: 12d8f | Move file pointer |
| 2018-12-25T11:49:51.359972819Z | 44 | PC: 12d93 | Get time 0x12d93: mov byte ptr [bp + 0x376], dl 0x12d97: call 0x12dad 0x12d9a: mov ah, 0x40 0x12d9c: mov cx, 0x376 0x12d9f: lea dx, word ptr [bp + 6] 0x12da3: int 0x21 0x12da5: call 0x12dad 0x12da8: mov ah, 0x3e 0x12daa: int 0x21 0x12dac: ret 0x12dad: lea si, word ptr [bp + 0x20] 0x12db1: mov cx, 0x337 0x12db4: xor byte ptr [si], 0 0x12db7: inc si 0x12db8: dec cx 0x12db9: jne 0x12db4 0x12dbb: ret 0x12dbc: add word ptr [bx], di 0x12dbe: aas 0x12dbf: aas |
| 2018-12-25T11:49:51.363133827Z | 64 | PC: 12da5 | Write file or device (Write 886 bytes on handle 5) |
| 2018-12-25T11:49:51.380410758Z | 62 | PC: 12dac | Close file |
| 2018-12-25T11:49:51.388696423Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:49:51.392611869Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:49:51.399998849Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:49:51.406488211Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:49:51.408861161Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:49:51.410532477Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:49:51.413471093Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:49:51.416218656Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:49:51.418888832Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:49:51.427355266Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:49:51.435735683Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:49:51.43960015Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:49:51.446053311Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:49:51.452319499Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:49:51.453868084Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:49:51.455174949Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:49:51.45776082Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:49:51.459933753Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:49:51.462291317Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:49:51.470839325Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:49:51.479721552Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:49:51.482829961Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:49:51.489457101Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:49:51.496815978Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:49:51.498459132Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:49:51.499811509Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:49:51.502935437Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:49:51.504349698Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:49:51.506734348Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:49:51.515559964Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:49:51.523912577Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:49:51.526772026Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:49:51.53477104Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:49:51.540911209Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:49:51.542907084Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:49:51.545490309Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:49:51.548387519Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:49:51.550030188Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:49:51.553346719Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:49:51.561414557Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:49:51.569633424Z | 26 | PC: 12aeb | Set disk transfer address |
| 2018-12-25T11:49:51.5711814Z | 42 | PC: 12af7 | Get date 0x12af7: cmp dh, 7 0x12afa: jne 0x12b04 0x12afc: cmp dl, 0xe 0x12aff: jne 0x12b04 0x12b01: call 0x12b2e 0x12b04: mov ah, 0x2a 0x12b06: int 0x21 0x12b08: cmp dh, 0xb 0x12b0b: jl 0x12b15 0x12b0d: cmp dl, 8 0x12b10: jl 0x12b15 0x12b12: call 0x12b3b 0x12b15: mov ah, 0x2a 0x12b17: int 0x21 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 |
| 2018-12-25T11:49:51.573345915Z | 42 | PC: 12b08 | Get date 0x12b08: cmp dh, 0xb 0x12b0b: jl 0x12b15 0x12b0d: cmp dl, 8 0x12b10: jl 0x12b15 0x12b12: call 0x12b3b 0x12b15: mov ah, 0x2a 0x12b17: int 0x21 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al |
| 2018-12-25T11:49:51.575319223Z | 42 | PC: 12b19 | Get date 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al 0x12b36: cmp al, 0 0x12b38: jne 0x12b30 0x12b3a: ret 0x12b3b: mov ah, 0x19 0x12b3d: int 0x21 0x12b3f: mov cx, 0x1111 0x12b42: mov dx, 0 |
| 2018-12-25T11:49:51.578281617Z | 19 | PC: 12b55 | Delete file |
| 2018-12-25T11:49:51.584442755Z | 44 | PC: 12b25 | Get time 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al 0x12b36: cmp al, 0 0x12b38: jne 0x12b30 0x12b3a: ret 0x12b3b: mov ah, 0x19 0x12b3d: int 0x21 0x12b3f: mov cx, 0x1111 0x12b42: mov dx, 0 0x12b45: int 0x26 0x12b47: add sp, 2 0x12b4a: ret 0x12b4b: mov ah, 0x13 0x12b4d: push cs |
{"DateBased":true,"Day":8,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3681,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:49:52.45774632Z | 26 | PC: 12a73 | Set disk transfer address |
| 2018-12-25T11:49:52.459358245Z | 37 | PC: 12a81 | Set interrupt vector (Interrupt = '1' AKA 'Character input') |
| 2018-12-25T11:49:52.461088705Z | 37 | PC: 12a85 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input') |
| 2018-12-25T11:49:52.462805468Z | 78 | PC: 12ad1 | Find first file |
| 2018-12-25T11:49:52.469991175Z | 61 | PC: 12d4a | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:49:52.478227168Z | 63 | PC: 12d59 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T11:49:52.485203973Z | 66 | PC: 12d68 | Move file pointer |
| 2018-12-25T11:49:52.486814809Z | 66 | PC: 12d77 | Move file pointer |
| 2018-12-25T11:49:52.489359418Z | 64 | PC: 12d83 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:49:52.492212795Z | 66 | PC: 12d8f | Move file pointer |
| 2018-12-25T11:49:52.493813208Z | 44 | PC: 12d93 | Get time 0x12d93: mov byte ptr [bp + 0x376], dl 0x12d97: call 0x12dad 0x12d9a: mov ah, 0x40 0x12d9c: mov cx, 0x376 0x12d9f: lea dx, word ptr [bp + 6] 0x12da3: int 0x21 0x12da5: call 0x12dad 0x12da8: mov ah, 0x3e 0x12daa: int 0x21 0x12dac: ret 0x12dad: lea si, word ptr [bp + 0x20] 0x12db1: mov cx, 0x337 0x12db4: xor byte ptr [si], 0 0x12db7: inc si 0x12db8: dec cx 0x12db9: jne 0x12db4 0x12dbb: ret 0x12dbc: add word ptr [bx], di 0x12dbe: aas 0x12dbf: aas |
| 2018-12-25T11:49:52.496877014Z | 64 | PC: 12da5 | Write file or device (Write 886 bytes on handle 5) |
| 2018-12-25T11:49:52.514553383Z | 62 | PC: 12dac | Close file |
| 2018-12-25T11:49:52.52440976Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:49:52.527417059Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:49:52.534913721Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:49:52.540623794Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:49:52.542065732Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:49:52.544325314Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:49:52.546752637Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:49:52.548162106Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:49:52.550987998Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:49:52.558645975Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:49:52.566018184Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:49:52.570032528Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:49:52.57621036Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:49:52.582587557Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:49:52.584888231Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:49:52.586552015Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:49:52.589312486Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:49:52.590864813Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:49:52.593955983Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:49:52.602947628Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:49:52.611854271Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:49:52.615498739Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:49:52.623092182Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:49:52.630614809Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:49:52.633093248Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:49:52.634719607Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:49:52.637722987Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:49:52.639856742Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:49:52.642373729Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:49:52.649952752Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:49:52.659104143Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:49:52.662119327Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:49:52.66860172Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:49:52.674878026Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:49:52.677169586Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:49:52.680599651Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:49:52.683607024Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:49:52.685590991Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:49:52.687930012Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:49:52.695455134Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:49:52.70430553Z | 26 | PC: 12aeb | Set disk transfer address |
| 2018-12-25T11:49:52.70561478Z | 42 | PC: 12af7 | Get date 0x12af7: cmp dh, 7 0x12afa: jne 0x12b04 0x12afc: cmp dl, 0xe 0x12aff: jne 0x12b04 0x12b01: call 0x12b2e 0x12b04: mov ah, 0x2a 0x12b06: int 0x21 0x12b08: cmp dh, 0xb 0x12b0b: jl 0x12b15 0x12b0d: cmp dl, 8 0x12b10: jl 0x12b15 0x12b12: call 0x12b3b 0x12b15: mov ah, 0x2a 0x12b17: int 0x21 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 |
| 2018-12-25T11:49:52.707826695Z | 42 | PC: 12b08 | Get date 0x12b08: cmp dh, 0xb 0x12b0b: jl 0x12b15 0x12b0d: cmp dl, 8 0x12b10: jl 0x12b15 0x12b12: call 0x12b3b 0x12b15: mov ah, 0x2a 0x12b17: int 0x21 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al |
| 2018-12-25T11:49:52.711184217Z | 25 | PC: 12b3f | Get default drive |
| 2018-12-25T11:49:52.714727802Z | 42 | PC: 12b19 | Get date 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al 0x12b36: cmp al, 0 0x12b38: jne 0x12b30 0x12b3a: ret 0x12b3b: mov ah, 0x19 0x12b3d: int 0x21 0x12b3f: mov cx, 0x1111 0x12b42: mov dx, 0 |
| 2018-12-25T11:49:52.717513871Z | 19 | PC: 12b55 | Delete file |
| 2018-12-25T11:49:52.72672126Z | 44 | PC: 12b25 | Get time 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al 0x12b36: cmp al, 0 0x12b38: jne 0x12b30 0x12b3a: ret 0x12b3b: mov ah, 0x19 0x12b3d: int 0x21 0x12b3f: mov cx, 0x1111 0x12b42: mov dx, 0 0x12b45: int 0x26 0x12b47: add sp, 2 0x12b4a: ret 0x12b4b: mov ah, 0x13 0x12b4d: push cs |
| 2018-12-25T11:49:52.729365792Z | 9 | PC: 12b88 | Display string (Could not find end pointer) |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3681,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:49:52.416372447Z | 26 | PC: 12a73 | Set disk transfer address |
| 2018-12-25T11:49:52.419716853Z | 37 | PC: 12a81 | Set interrupt vector (Interrupt = '1' AKA 'Character input') |
| 2018-12-25T11:49:52.420927749Z | 37 | PC: 12a85 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input') |
| 2018-12-25T11:49:52.422214461Z | 78 | PC: 12ad1 | Find first file |
| 2018-12-25T11:49:52.428908785Z | 61 | PC: 12d4a | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:49:52.436364606Z | 63 | PC: 12d59 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T11:49:52.453455466Z | 66 | PC: 12d68 | Move file pointer |
| 2018-12-25T11:49:52.45612909Z | 66 | PC: 12d77 | Move file pointer |
| 2018-12-25T11:49:52.457495897Z | 64 | PC: 12d83 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:49:52.460009682Z | 66 | PC: 12d8f | Move file pointer |
| 2018-12-25T11:49:52.461551676Z | 44 | PC: 12d93 | Get time 0x12d93: mov byte ptr [bp + 0x376], dl 0x12d97: call 0x12dad 0x12d9a: mov ah, 0x40 0x12d9c: mov cx, 0x376 0x12d9f: lea dx, word ptr [bp + 6] 0x12da3: int 0x21 0x12da5: call 0x12dad 0x12da8: mov ah, 0x3e 0x12daa: int 0x21 0x12dac: ret 0x12dad: lea si, word ptr [bp + 0x20] 0x12db1: mov cx, 0x337 0x12db4: xor byte ptr [si], 0 0x12db7: inc si 0x12db8: dec cx 0x12db9: jne 0x12db4 0x12dbb: ret 0x12dbc: add word ptr [bx], di 0x12dbe: aas 0x12dbf: aas |
| 2018-12-25T11:49:52.465062823Z | 64 | PC: 12da5 | Write file or device (Write 886 bytes on handle 5) |
| 2018-12-25T11:49:52.48043044Z | 62 | PC: 12dac | Close file |
| 2018-12-25T11:49:52.488500327Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:49:52.491973341Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:49:52.498552525Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:49:52.505060775Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:49:52.507218118Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:49:52.508714733Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:49:52.511299302Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:49:52.513466096Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:49:52.516047403Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:49:52.524485552Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:49:52.534754789Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:49:52.5374652Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:49:52.5437871Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:49:52.550439581Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:49:52.552063614Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:49:52.553644182Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:49:52.556951295Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:49:52.558468234Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:49:52.561095604Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:49:52.574382472Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:49:52.582845337Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:49:52.585732779Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:49:52.592755134Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:49:52.599598545Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:49:52.602024494Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:49:52.603816737Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:49:52.607417195Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:49:52.609009884Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:49:52.61158152Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:49:52.620966134Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:49:52.632913681Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:49:52.635738106Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:49:52.642890906Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:49:52.649185255Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:49:52.650496228Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:49:52.652375896Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:49:52.655032806Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:49:52.656400809Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:49:52.659716859Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:49:52.668061943Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:49:52.676777154Z | 26 | PC: 12aeb | Set disk transfer address |
| 2018-12-25T11:49:52.679083422Z | 42 | PC: 12af7 | Get date 0x12af7: cmp dh, 7 0x12afa: jne 0x12b04 0x12afc: cmp dl, 0xe 0x12aff: jne 0x12b04 0x12b01: call 0x12b2e 0x12b04: mov ah, 0x2a 0x12b06: int 0x21 0x12b08: cmp dh, 0xb 0x12b0b: jl 0x12b15 0x12b0d: cmp dl, 8 0x12b10: jl 0x12b15 0x12b12: call 0x12b3b 0x12b15: mov ah, 0x2a 0x12b17: int 0x21 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 |
| 2018-12-25T11:49:52.681371498Z | 42 | PC: 12b08 | Get date 0x12b08: cmp dh, 0xb 0x12b0b: jl 0x12b15 0x12b0d: cmp dl, 8 0x12b10: jl 0x12b15 0x12b12: call 0x12b3b 0x12b15: mov ah, 0x2a 0x12b17: int 0x21 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al |
| 2018-12-25T11:49:52.683478069Z | 42 | PC: 12b19 | Get date 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al 0x12b36: cmp al, 0 0x12b38: jne 0x12b30 0x12b3a: ret 0x12b3b: mov ah, 0x19 0x12b3d: int 0x21 0x12b3f: mov cx, 0x1111 0x12b42: mov dx, 0 |
| 2018-12-25T11:49:52.686246487Z | 44 | PC: 12b25 | Get time 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al 0x12b36: cmp al, 0 0x12b38: jne 0x12b30 0x12b3a: ret 0x12b3b: mov ah, 0x19 0x12b3d: int 0x21 0x12b3f: mov cx, 0x1111 0x12b42: mov dx, 0 0x12b45: int 0x26 0x12b47: add sp, 2 0x12b4a: ret 0x12b4b: mov ah, 0x13 0x12b4d: push cs |
{"DateBased":true,"Day":1,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3681,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:49:52.799390846Z | 26 | PC: 12a73 | Set disk transfer address |
| 2018-12-25T11:49:52.802366083Z | 37 | PC: 12a81 | Set interrupt vector (Interrupt = '1' AKA 'Character input') |
| 2018-12-25T11:49:52.804195478Z | 37 | PC: 12a85 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input') |
| 2018-12-25T11:49:52.805909298Z | 78 | PC: 12ad1 | Find first file |
| 2018-12-25T11:49:52.814530398Z | 61 | PC: 12d4a | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:49:52.825262338Z | 63 | PC: 12d59 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T11:49:52.832862957Z | 66 | PC: 12d68 | Move file pointer |
| 2018-12-25T11:49:52.834666363Z | 66 | PC: 12d77 | Move file pointer |
| 2018-12-25T11:49:52.836746527Z | 64 | PC: 12d83 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:49:52.839523218Z | 66 | PC: 12d8f | Move file pointer |
| 2018-12-25T11:49:52.841029227Z | 44 | PC: 12d93 | Get time 0x12d93: mov byte ptr [bp + 0x376], dl 0x12d97: call 0x12dad 0x12d9a: mov ah, 0x40 0x12d9c: mov cx, 0x376 0x12d9f: lea dx, word ptr [bp + 6] 0x12da3: int 0x21 0x12da5: call 0x12dad 0x12da8: mov ah, 0x3e 0x12daa: int 0x21 0x12dac: ret 0x12dad: lea si, word ptr [bp + 0x20] 0x12db1: mov cx, 0x337 0x12db4: xor byte ptr [si], 0 0x12db7: inc si 0x12db8: dec cx 0x12db9: jne 0x12db4 0x12dbb: ret 0x12dbc: add word ptr [bx], di 0x12dbe: aas 0x12dbf: aas |
| 2018-12-25T11:49:52.843598868Z | 64 | PC: 12da5 | Write file or device (Write 886 bytes on handle 5) |
| 2018-12-25T11:49:52.859498557Z | 62 | PC: 12dac | Close file |
| 2018-12-25T11:49:52.866939731Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:49:52.870420134Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:49:52.876507653Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:49:52.892663283Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:49:52.895317023Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:49:52.896882147Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:49:52.899816366Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:49:52.90510426Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:49:52.908019096Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:49:52.917377337Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:49:52.928063468Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:49:52.931108422Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:49:52.938368532Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:49:52.945558503Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:49:52.947426666Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:49:52.949051054Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:49:52.952255847Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:49:52.954804657Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:49:52.957726327Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:49:52.96779734Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:49:52.978012371Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:49:52.981542253Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:49:52.98938839Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:49:52.997721967Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:49:52.999604675Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:49:53.00130666Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:49:53.005627536Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:49:53.007390595Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:49:53.010466495Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:49:53.018588127Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:49:53.024821816Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:49:53.026678321Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:49:53.031835461Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:49:53.036702904Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:49:53.037911216Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:49:53.039070333Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:49:53.041720479Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:49:53.045658514Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:49:53.048854172Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:49:53.058813677Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:49:53.068009206Z | 26 | PC: 12aeb | Set disk transfer address |
| 2018-12-25T11:49:53.069224545Z | 42 | PC: 12af7 | Get date 0x12af7: cmp dh, 7 0x12afa: jne 0x12b04 0x12afc: cmp dl, 0xe 0x12aff: jne 0x12b04 0x12b01: call 0x12b2e 0x12b04: mov ah, 0x2a 0x12b06: int 0x21 0x12b08: cmp dh, 0xb 0x12b0b: jl 0x12b15 0x12b0d: cmp dl, 8 0x12b10: jl 0x12b15 0x12b12: call 0x12b3b 0x12b15: mov ah, 0x2a 0x12b17: int 0x21 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 |
| 2018-12-25T11:49:53.072395653Z | 42 | PC: 12b08 | Get date 0x12b08: cmp dh, 0xb 0x12b0b: jl 0x12b15 0x12b0d: cmp dl, 8 0x12b10: jl 0x12b15 0x12b12: call 0x12b3b 0x12b15: mov ah, 0x2a 0x12b17: int 0x21 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al |
| 2018-12-25T11:49:53.074884844Z | 42 | PC: 12b19 | Get date 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al 0x12b36: cmp al, 0 0x12b38: jne 0x12b30 0x12b3a: ret 0x12b3b: mov ah, 0x19 0x12b3d: int 0x21 0x12b3f: mov cx, 0x1111 0x12b42: mov dx, 0 |
| 2018-12-25T11:49:53.077307087Z | 19 | PC: 12b55 | Delete file |
| 2018-12-25T11:49:53.084421528Z | 44 | PC: 12b25 | Get time 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al 0x12b36: cmp al, 0 0x12b38: jne 0x12b30 0x12b3a: ret 0x12b3b: mov ah, 0x19 0x12b3d: int 0x21 0x12b3f: mov cx, 0x1111 0x12b42: mov dx, 0 0x12b45: int 0x26 0x12b47: add sp, 2 0x12b4a: ret 0x12b4b: mov ah, 0x13 0x12b4d: push cs |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3681,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:49:53.352086737Z | 26 | PC: 12a73 | Set disk transfer address |
| 2018-12-25T11:49:53.353578289Z | 37 | PC: 12a81 | Set interrupt vector (Interrupt = '1' AKA 'Character input') |
| 2018-12-25T11:49:53.355797311Z | 37 | PC: 12a85 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input') |
| 2018-12-25T11:49:53.357269451Z | 78 | PC: 12ad1 | Find first file |
| 2018-12-25T11:49:53.363950002Z | 61 | PC: 12d4a | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:49:53.372119671Z | 63 | PC: 12d59 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T11:49:53.37910769Z | 66 | PC: 12d68 | Move file pointer |
| 2018-12-25T11:49:53.38066419Z | 66 | PC: 12d77 | Move file pointer |
| 2018-12-25T11:49:53.382683491Z | 64 | PC: 12d83 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:49:53.385850367Z | 66 | PC: 12d8f | Move file pointer |
| 2018-12-25T11:49:53.387338343Z | 44 | PC: 12d93 | Get time 0x12d93: mov byte ptr [bp + 0x376], dl 0x12d97: call 0x12dad 0x12d9a: mov ah, 0x40 0x12d9c: mov cx, 0x376 0x12d9f: lea dx, word ptr [bp + 6] 0x12da3: int 0x21 0x12da5: call 0x12dad 0x12da8: mov ah, 0x3e 0x12daa: int 0x21 0x12dac: ret 0x12dad: lea si, word ptr [bp + 0x20] 0x12db1: mov cx, 0x337 0x12db4: xor byte ptr [si], 0 0x12db7: inc si 0x12db8: dec cx 0x12db9: jne 0x12db4 0x12dbb: ret 0x12dbc: add word ptr [bx], di 0x12dbe: aas 0x12dbf: aas |
| 2018-12-25T11:49:53.39019408Z | 64 | PC: 12da5 | Write file or device (Write 886 bytes on handle 5) |
| 2018-12-25T11:49:53.406428284Z | 62 | PC: 12dac | Close file |
| 2018-12-25T11:49:53.415269709Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:49:53.418241248Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:49:53.425706976Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:49:53.432866178Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:49:53.434419009Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:49:53.436732671Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:49:53.440440334Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:49:53.442832689Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:49:53.446670205Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:49:53.457346396Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:49:53.467405884Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:49:53.471954565Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:49:53.480162311Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:49:53.48807478Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:49:53.49114954Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:49:53.493017619Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:49:53.496195129Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:49:53.497937328Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:49:53.501123404Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:49:53.510419414Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:49:53.520401248Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:49:53.524963069Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:49:53.532922993Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:49:53.541118769Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:49:53.543802991Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:49:53.545577255Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:49:53.548717504Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:49:53.553409272Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:49:53.556756653Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:49:53.567101078Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:49:53.577657042Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:49:53.580879108Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:49:53.588206276Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:49:53.595316002Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:49:53.597337709Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:49:53.598944231Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:49:53.601772304Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:49:53.604138529Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:49:53.607453538Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:49:53.617277099Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:49:53.627175989Z | 26 | PC: 12aeb | Set disk transfer address |
| 2018-12-25T11:49:53.628446817Z | 42 | PC: 12af7 | Get date 0x12af7: cmp dh, 7 0x12afa: jne 0x12b04 0x12afc: cmp dl, 0xe 0x12aff: jne 0x12b04 0x12b01: call 0x12b2e 0x12b04: mov ah, 0x2a 0x12b06: int 0x21 0x12b08: cmp dh, 0xb 0x12b0b: jl 0x12b15 0x12b0d: cmp dl, 8 0x12b10: jl 0x12b15 0x12b12: call 0x12b3b 0x12b15: mov ah, 0x2a 0x12b17: int 0x21 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 |
| 2018-12-25T11:49:53.630811174Z | 42 | PC: 12b08 | Get date 0x12b08: cmp dh, 0xb 0x12b0b: jl 0x12b15 0x12b0d: cmp dl, 8 0x12b10: jl 0x12b15 0x12b12: call 0x12b3b 0x12b15: mov ah, 0x2a 0x12b17: int 0x21 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al |
| 2018-12-25T11:49:53.6344085Z | 42 | PC: 12b19 | Get date 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al 0x12b36: cmp al, 0 0x12b38: jne 0x12b30 0x12b3a: ret 0x12b3b: mov ah, 0x19 0x12b3d: int 0x21 0x12b3f: mov cx, 0x1111 0x12b42: mov dx, 0 |
| 2018-12-25T11:49:53.636849705Z | 44 | PC: 12b25 | Get time 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al 0x12b36: cmp al, 0 0x12b38: jne 0x12b30 0x12b3a: ret 0x12b3b: mov ah, 0x19 0x12b3d: int 0x21 0x12b3f: mov cx, 0x1111 0x12b42: mov dx, 0 0x12b45: int 0x26 0x12b47: add sp, 2 0x12b4a: ret 0x12b4b: mov ah, 0x13 0x12b4d: push cs |
{"DateBased":true,"Day":1,"Month":7,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3681,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:49:53.902605854Z | 26 | PC: 12a73 | Set disk transfer address |
| 2018-12-25T11:49:53.904266223Z | 37 | PC: 12a81 | Set interrupt vector (Interrupt = '1' AKA 'Character input') |
| 2018-12-25T11:49:53.918211037Z | 37 | PC: 12a85 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input') |
| 2018-12-25T11:49:53.92005389Z | 78 | PC: 12ad1 | Find first file |
| 2018-12-25T11:49:53.927222369Z | 61 | PC: 12d4a | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:49:53.934777721Z | 63 | PC: 12d59 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T11:49:53.942006105Z | 66 | PC: 12d68 | Move file pointer |
| 2018-12-25T11:49:53.943937727Z | 66 | PC: 12d77 | Move file pointer |
| 2018-12-25T11:49:53.946679781Z | 64 | PC: 12d83 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:49:53.950164096Z | 66 | PC: 12d8f | Move file pointer |
| 2018-12-25T11:49:53.952109064Z | 44 | PC: 12d93 | Get time 0x12d93: mov byte ptr [bp + 0x376], dl 0x12d97: call 0x12dad 0x12d9a: mov ah, 0x40 0x12d9c: mov cx, 0x376 0x12d9f: lea dx, word ptr [bp + 6] 0x12da3: int 0x21 0x12da5: call 0x12dad 0x12da8: mov ah, 0x3e 0x12daa: int 0x21 0x12dac: ret 0x12dad: lea si, word ptr [bp + 0x20] 0x12db1: mov cx, 0x337 0x12db4: xor byte ptr [si], 0 0x12db7: inc si 0x12db8: dec cx 0x12db9: jne 0x12db4 0x12dbb: ret 0x12dbc: add word ptr [bx], di 0x12dbe: aas 0x12dbf: aas |
| 2018-12-25T11:49:53.967425327Z | 64 | PC: 12da5 | Write file or device (Write 886 bytes on handle 5) |
| 2018-12-25T11:49:53.984840408Z | 62 | PC: 12dac | Close file |
| 2018-12-25T11:49:53.994144619Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:49:53.999346596Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:49:54.007349388Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:49:54.014839637Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:49:54.01655862Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:49:54.018988209Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:49:54.022346557Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:49:54.024314713Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:49:54.027795767Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:49:54.037431468Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:49:54.047389773Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:49:54.060321969Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:49:54.078687753Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:49:54.086195766Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:49:54.089017027Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:49:54.097754184Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:49:54.101564013Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:49:54.103796093Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:49:54.106923034Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:49:54.116391021Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:49:54.136303735Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:49:54.139495854Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:49:54.146790721Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:49:54.154482336Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:49:54.157281147Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:49:54.159372234Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:49:54.16277196Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:49:54.16510377Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:49:54.168553052Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:49:54.177848997Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:49:54.187240835Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:49:54.19078092Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:49:54.198103355Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:49:54.206090539Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:49:54.207469572Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:49:54.208569949Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:49:54.211281827Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:49:54.212527423Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:49:54.214564144Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:49:54.220427506Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:49:54.226166425Z | 26 | PC: 12aeb | Set disk transfer address |
| 2018-12-25T11:49:54.227161676Z | 42 | PC: 12af7 | Get date 0x12af7: cmp dh, 7 0x12afa: jne 0x12b04 0x12afc: cmp dl, 0xe 0x12aff: jne 0x12b04 0x12b01: call 0x12b2e 0x12b04: mov ah, 0x2a 0x12b06: int 0x21 0x12b08: cmp dh, 0xb 0x12b0b: jl 0x12b15 0x12b0d: cmp dl, 8 0x12b10: jl 0x12b15 0x12b12: call 0x12b3b 0x12b15: mov ah, 0x2a 0x12b17: int 0x21 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 |
| 2018-12-25T11:49:54.229063478Z | 42 | PC: 12b08 | Get date 0x12b08: cmp dh, 0xb 0x12b0b: jl 0x12b15 0x12b0d: cmp dl, 8 0x12b10: jl 0x12b15 0x12b12: call 0x12b3b 0x12b15: mov ah, 0x2a 0x12b17: int 0x21 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al |
| 2018-12-25T11:49:54.230904219Z | 42 | PC: 12b19 | Get date 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al 0x12b36: cmp al, 0 0x12b38: jne 0x12b30 0x12b3a: ret 0x12b3b: mov ah, 0x19 0x12b3d: int 0x21 0x12b3f: mov cx, 0x1111 0x12b42: mov dx, 0 |
| 2018-12-25T11:49:54.232674255Z | 19 | PC: 12b55 | Delete file |
| 2018-12-25T11:49:54.23678886Z | 44 | PC: 12b25 | Get time 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al 0x12b36: cmp al, 0 0x12b38: jne 0x12b30 0x12b3a: ret 0x12b3b: mov ah, 0x19 0x12b3d: int 0x21 0x12b3f: mov cx, 0x1111 0x12b42: mov dx, 0 0x12b45: int 0x26 0x12b47: add sp, 2 0x12b4a: ret 0x12b4b: mov ah, 0x13 0x12b4d: push cs |
{"DateBased":true,"Day":14,"Month":7,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3681,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:49:54.715900474Z | 26 | PC: 12a73 | Set disk transfer address |
| 2018-12-25T11:49:54.718440186Z | 37 | PC: 12a81 | Set interrupt vector (Interrupt = '1' AKA 'Character input') |
| 2018-12-25T11:49:54.719866069Z | 37 | PC: 12a85 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input') |
| 2018-12-25T11:49:54.721386079Z | 78 | PC: 12ad1 | Find first file |
| 2018-12-25T11:49:54.727838191Z | 61 | PC: 12d4a | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:49:54.734895304Z | 63 | PC: 12d59 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T11:49:54.741131502Z | 66 | PC: 12d68 | Move file pointer |
| 2018-12-25T11:49:54.742546817Z | 66 | PC: 12d77 | Move file pointer |
| 2018-12-25T11:49:54.744488777Z | 64 | PC: 12d83 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:49:54.747458559Z | 66 | PC: 12d8f | Move file pointer |
| 2018-12-25T11:49:54.749166334Z | 44 | PC: 12d93 | Get time 0x12d93: mov byte ptr [bp + 0x376], dl 0x12d97: call 0x12dad 0x12d9a: mov ah, 0x40 0x12d9c: mov cx, 0x376 0x12d9f: lea dx, word ptr [bp + 6] 0x12da3: int 0x21 0x12da5: call 0x12dad 0x12da8: mov ah, 0x3e 0x12daa: int 0x21 0x12dac: ret 0x12dad: lea si, word ptr [bp + 0x20] 0x12db1: mov cx, 0x337 0x12db4: xor byte ptr [si], 0 0x12db7: inc si 0x12db8: dec cx 0x12db9: jne 0x12db4 0x12dbb: ret 0x12dbc: add word ptr [bx], di 0x12dbe: aas 0x12dbf: aas |
| 2018-12-25T11:49:54.752439255Z | 64 | PC: 12da5 | Write file or device (Write 886 bytes on handle 5) |
| 2018-12-25T11:49:54.766762319Z | 62 | PC: 12dac | Close file |
| 2018-12-25T11:49:54.775578749Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:49:54.779109734Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:49:54.7857541Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:49:54.791994125Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:49:54.799529111Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:49:54.800864304Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:49:54.803420361Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:49:54.805365649Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:49:54.808204861Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:49:54.816398318Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:49:54.82565532Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:49:54.828231014Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:49:54.834557454Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:49:54.841116275Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:49:54.843093471Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:49:54.844735446Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:49:54.848463843Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:49:54.850664342Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:49:54.853488756Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:49:54.861723722Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:49:54.870475138Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:49:54.873051769Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:49:54.879387955Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:49:54.887142626Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:49:54.888571351Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:49:54.889907704Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:49:54.893153998Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:49:54.894697776Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:49:54.89711889Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:49:54.906756438Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:49:54.924405309Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:49:54.927421247Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:49:54.935057263Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:49:54.941252739Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:49:54.942807319Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:49:54.94512127Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:49:54.947633649Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:49:54.948949647Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:49:54.951892455Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:49:54.959924749Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:49:54.967919026Z | 26 | PC: 12aeb | Set disk transfer address |
| 2018-12-25T11:49:54.969667558Z | 42 | PC: 12af7 | Get date 0x12af7: cmp dh, 7 0x12afa: jne 0x12b04 0x12afc: cmp dl, 0xe 0x12aff: jne 0x12b04 0x12b01: call 0x12b2e 0x12b04: mov ah, 0x2a 0x12b06: int 0x21 0x12b08: cmp dh, 0xb 0x12b0b: jl 0x12b15 0x12b0d: cmp dl, 8 0x12b10: jl 0x12b15 0x12b12: call 0x12b3b 0x12b15: mov ah, 0x2a 0x12b17: int 0x21 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 |
| 2018-12-25T11:49:54.972218743Z | 42 | PC: 12b08 | Get date 0x12b08: cmp dh, 0xb 0x12b0b: jl 0x12b15 0x12b0d: cmp dl, 8 0x12b10: jl 0x12b15 0x12b12: call 0x12b3b 0x12b15: mov ah, 0x2a 0x12b17: int 0x21 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al |
| 2018-12-25T11:49:54.974990725Z | 42 | PC: 12b19 | Get date 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al 0x12b36: cmp al, 0 0x12b38: jne 0x12b30 0x12b3a: ret 0x12b3b: mov ah, 0x19 0x12b3d: int 0x21 0x12b3f: mov cx, 0x1111 0x12b42: mov dx, 0 |
| 2018-12-25T11:49:54.977583256Z | 19 | PC: 12b55 | Delete file |
| 2018-12-25T11:49:54.98322252Z | 44 | PC: 12b25 | Get time 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al 0x12b36: cmp al, 0 0x12b38: jne 0x12b30 0x12b3a: ret 0x12b3b: mov ah, 0x19 0x12b3d: int 0x21 0x12b3f: mov cx, 0x1111 0x12b42: mov dx, 0 0x12b45: int 0x26 0x12b47: add sp, 2 0x12b4a: ret 0x12b4b: mov ah, 0x13 0x12b4d: push cs |
{"DateBased":true,"Day":8,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3681,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:49:55.042977283Z | 26 | PC: 12a73 | Set disk transfer address |
| 2018-12-25T11:49:55.044945826Z | 37 | PC: 12a81 | Set interrupt vector (Interrupt = '1' AKA 'Character input') |
| 2018-12-25T11:49:55.04609922Z | 37 | PC: 12a85 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input') |
| 2018-12-25T11:49:55.04734547Z | 78 | PC: 12ad1 | Find first file |
| 2018-12-25T11:49:55.05633231Z | 61 | PC: 12d4a | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:49:55.062912619Z | 63 | PC: 12d59 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T11:49:55.069435744Z | 66 | PC: 12d68 | Move file pointer |
| 2018-12-25T11:49:55.071741605Z | 66 | PC: 12d77 | Move file pointer |
| 2018-12-25T11:49:55.083809296Z | 64 | PC: 12d83 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:49:55.0864421Z | 66 | PC: 12d8f | Move file pointer |
| 2018-12-25T11:49:55.088744896Z | 44 | PC: 12d93 | Get time 0x12d93: mov byte ptr [bp + 0x376], dl 0x12d97: call 0x12dad 0x12d9a: mov ah, 0x40 0x12d9c: mov cx, 0x376 0x12d9f: lea dx, word ptr [bp + 6] 0x12da3: int 0x21 0x12da5: call 0x12dad 0x12da8: mov ah, 0x3e 0x12daa: int 0x21 0x12dac: ret 0x12dad: lea si, word ptr [bp + 0x20] 0x12db1: mov cx, 0x337 0x12db4: xor byte ptr [si], 0 0x12db7: inc si 0x12db8: dec cx 0x12db9: jne 0x12db4 0x12dbb: ret 0x12dbc: add word ptr [bx], di 0x12dbe: aas 0x12dbf: aas |
| 2018-12-25T11:49:55.091716052Z | 64 | PC: 12da5 | Write file or device (Write 886 bytes on handle 5) |
| 2018-12-25T11:49:55.105788086Z | 62 | PC: 12dac | Close file |
| 2018-12-25T11:49:55.115882645Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:49:55.119396854Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:49:55.125905735Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:49:55.132363912Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:49:55.134350012Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:49:55.135750341Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:49:55.138386794Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:49:55.140415147Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:49:55.142821832Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:49:55.151160936Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:49:55.160465416Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:49:55.164099027Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:49:55.170756446Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:49:55.181874186Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:49:55.183401193Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:49:55.185038903Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:49:55.188684643Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:49:55.190289048Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:49:55.192927737Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:49:55.201932792Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:49:55.21011932Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:49:55.213003672Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:49:55.220268282Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:49:55.226908115Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:49:55.228557614Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:49:55.231299835Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:49:55.234402875Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:49:55.236003504Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:49:55.238790036Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:49:55.247753837Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:49:55.255882051Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:49:55.258688012Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:49:55.266193128Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:49:55.272547334Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:49:55.27410734Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:49:55.276382683Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:49:55.279194886Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:49:55.280750618Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:49:55.28414295Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:49:55.292416883Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:49:55.300805701Z | 26 | PC: 12aeb | Set disk transfer address |
| 2018-12-25T11:49:55.302940582Z | 42 | PC: 12af7 | Get date 0x12af7: cmp dh, 7 0x12afa: jne 0x12b04 0x12afc: cmp dl, 0xe 0x12aff: jne 0x12b04 0x12b01: call 0x12b2e 0x12b04: mov ah, 0x2a 0x12b06: int 0x21 0x12b08: cmp dh, 0xb 0x12b0b: jl 0x12b15 0x12b0d: cmp dl, 8 0x12b10: jl 0x12b15 0x12b12: call 0x12b3b 0x12b15: mov ah, 0x2a 0x12b17: int 0x21 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 |
| 2018-12-25T11:49:55.305286799Z | 42 | PC: 12b08 | Get date 0x12b08: cmp dh, 0xb 0x12b0b: jl 0x12b15 0x12b0d: cmp dl, 8 0x12b10: jl 0x12b15 0x12b12: call 0x12b3b 0x12b15: mov ah, 0x2a 0x12b17: int 0x21 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al |
| 2018-12-25T11:49:55.307622714Z | 25 | PC: 12b3f | Get default drive |
| 2018-12-25T11:49:55.311386249Z | 42 | PC: 12b19 | Get date 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al 0x12b36: cmp al, 0 0x12b38: jne 0x12b30 0x12b3a: ret 0x12b3b: mov ah, 0x19 0x12b3d: int 0x21 0x12b3f: mov cx, 0x1111 0x12b42: mov dx, 0 |
| 2018-12-25T11:49:55.314027085Z | 19 | PC: 12b55 | Delete file |
| 2018-12-25T11:49:55.322905526Z | 44 | PC: 12b25 | Get time 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al 0x12b36: cmp al, 0 0x12b38: jne 0x12b30 0x12b3a: ret 0x12b3b: mov ah, 0x19 0x12b3d: int 0x21 0x12b3f: mov cx, 0x1111 0x12b42: mov dx, 0 0x12b45: int 0x26 0x12b47: add sp, 2 0x12b4a: ret 0x12b4b: mov ah, 0x13 0x12b4d: push cs |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3681,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:49:55.099285663Z | 26 | PC: 12a73 | Set disk transfer address |
| 2018-12-25T11:49:55.101327017Z | 37 | PC: 12a81 | Set interrupt vector (Interrupt = '1' AKA 'Character input') |
| 2018-12-25T11:49:55.119672239Z | 37 | PC: 12a85 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input') |
| 2018-12-25T11:49:55.120802313Z | 78 | PC: 12ad1 | Find first file |
| 2018-12-25T11:49:55.12760406Z | 61 | PC: 12d4a | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:49:55.134010851Z | 63 | PC: 12d59 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T11:49:55.140685133Z | 66 | PC: 12d68 | Move file pointer |
| 2018-12-25T11:49:55.142513294Z | 66 | PC: 12d77 | Move file pointer |
| 2018-12-25T11:49:55.144394987Z | 64 | PC: 12d83 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:49:55.147432227Z | 66 | PC: 12d8f | Move file pointer |
| 2018-12-25T11:49:55.149074222Z | 44 | PC: 12d93 | Get time 0x12d93: mov byte ptr [bp + 0x376], dl 0x12d97: call 0x12dad 0x12d9a: mov ah, 0x40 0x12d9c: mov cx, 0x376 0x12d9f: lea dx, word ptr [bp + 6] 0x12da3: int 0x21 0x12da5: call 0x12dad 0x12da8: mov ah, 0x3e 0x12daa: int 0x21 0x12dac: ret 0x12dad: lea si, word ptr [bp + 0x20] 0x12db1: mov cx, 0x337 0x12db4: xor byte ptr [si], 0 0x12db7: inc si 0x12db8: dec cx 0x12db9: jne 0x12db4 0x12dbb: ret 0x12dbc: add word ptr [bx], di 0x12dbe: aas 0x12dbf: aas |
| 2018-12-25T11:49:55.1530482Z | 64 | PC: 12da5 | Write file or device (Write 886 bytes on handle 5) |
| 2018-12-25T11:49:55.168142821Z | 62 | PC: 12dac | Close file |
| 2018-12-25T11:49:55.176113937Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:49:55.17949587Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:49:55.186112078Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:49:55.192554564Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:49:55.1952184Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:49:55.196816271Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:49:55.199630359Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:49:55.201801589Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:49:55.204798718Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:49:55.213573459Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:49:55.235071626Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:49:55.237841385Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:49:55.244006048Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:49:55.250924567Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:49:55.252349132Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:49:55.253694546Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:49:55.257285475Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:49:55.258619613Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:49:55.260966062Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:49:55.269199162Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:49:55.27795085Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:49:55.280894493Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:49:55.287401433Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:49:55.294118698Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:49:55.295448098Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:49:55.29673816Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:49:55.311953318Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:49:55.313186097Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:49:55.315373299Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:49:55.324734785Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:49:55.332602064Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:49:55.334963586Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:49:55.342001667Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:49:55.348340197Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:49:55.349910181Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:49:55.351990308Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:49:55.355202411Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:49:55.356588681Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:49:55.359921806Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:49:55.368912734Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:49:55.376960953Z | 26 | PC: 12aeb | Set disk transfer address |
| 2018-12-25T11:49:55.378881346Z | 42 | PC: 12af7 | Get date 0x12af7: cmp dh, 7 0x12afa: jne 0x12b04 0x12afc: cmp dl, 0xe 0x12aff: jne 0x12b04 0x12b01: call 0x12b2e 0x12b04: mov ah, 0x2a 0x12b06: int 0x21 0x12b08: cmp dh, 0xb 0x12b0b: jl 0x12b15 0x12b0d: cmp dl, 8 0x12b10: jl 0x12b15 0x12b12: call 0x12b3b 0x12b15: mov ah, 0x2a 0x12b17: int 0x21 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 |
| 2018-12-25T11:49:55.381407985Z | 42 | PC: 12b08 | Get date 0x12b08: cmp dh, 0xb 0x12b0b: jl 0x12b15 0x12b0d: cmp dl, 8 0x12b10: jl 0x12b15 0x12b12: call 0x12b3b 0x12b15: mov ah, 0x2a 0x12b17: int 0x21 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al |
| 2018-12-25T11:49:55.383683551Z | 42 | PC: 12b19 | Get date 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al 0x12b36: cmp al, 0 0x12b38: jne 0x12b30 0x12b3a: ret 0x12b3b: mov ah, 0x19 0x12b3d: int 0x21 0x12b3f: mov cx, 0x1111 0x12b42: mov dx, 0 |
| 2018-12-25T11:49:55.385939695Z | 44 | PC: 12b25 | Get time 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al 0x12b36: cmp al, 0 0x12b38: jne 0x12b30 0x12b3a: ret 0x12b3b: mov ah, 0x19 0x12b3d: int 0x21 0x12b3f: mov cx, 0x1111 0x12b42: mov dx, 0 0x12b45: int 0x26 0x12b47: add sp, 2 0x12b4a: ret 0x12b4b: mov ah, 0x13 0x12b4d: push cs |
{"DateBased":true,"Day":1,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3681,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:49:55.619842032Z | 26 | PC: 12a73 | Set disk transfer address |
| 2018-12-25T11:49:55.628537698Z | 37 | PC: 12a81 | Set interrupt vector (Interrupt = '1' AKA 'Character input') |
| 2018-12-25T11:49:55.629801807Z | 37 | PC: 12a85 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input') |
| 2018-12-25T11:49:55.630916073Z | 78 | PC: 12ad1 | Find first file |
| 2018-12-25T11:49:55.638461806Z | 61 | PC: 12d4a | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:49:55.645651826Z | 63 | PC: 12d59 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T11:49:55.652641144Z | 66 | PC: 12d68 | Move file pointer |
| 2018-12-25T11:49:55.657100611Z | 66 | PC: 12d77 | Move file pointer |
| 2018-12-25T11:49:55.659490897Z | 64 | PC: 12d83 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:49:55.663229509Z | 66 | PC: 12d8f | Move file pointer |
| 2018-12-25T11:49:55.664514524Z | 44 | PC: 12d93 | Get time 0x12d93: mov byte ptr [bp + 0x376], dl 0x12d97: call 0x12dad 0x12d9a: mov ah, 0x40 0x12d9c: mov cx, 0x376 0x12d9f: lea dx, word ptr [bp + 6] 0x12da3: int 0x21 0x12da5: call 0x12dad 0x12da8: mov ah, 0x3e 0x12daa: int 0x21 0x12dac: ret 0x12dad: lea si, word ptr [bp + 0x20] 0x12db1: mov cx, 0x337 0x12db4: xor byte ptr [si], 0 0x12db7: inc si 0x12db8: dec cx 0x12db9: jne 0x12db4 0x12dbb: ret 0x12dbc: add word ptr [bx], di 0x12dbe: aas 0x12dbf: aas |
| 2018-12-25T11:49:55.66773366Z | 64 | PC: 12da5 | Write file or device (Write 886 bytes on handle 5) |
| 2018-12-25T11:49:55.683852133Z | 62 | PC: 12dac | Close file |
| 2018-12-25T11:49:55.696205688Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:49:55.700046525Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:49:55.706630547Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:49:55.72447455Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:49:55.726805734Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:49:55.728110715Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:49:55.730619211Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:49:55.732619147Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:49:55.735003952Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:49:55.752802641Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:49:55.761947124Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:49:55.764841649Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:49:55.771417265Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:49:55.778456934Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:49:55.779890397Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:49:55.781258063Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:49:55.784983935Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:49:55.786586818Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:49:55.789191475Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:49:55.798125994Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:49:55.821888601Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:49:55.827606405Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:49:55.841656941Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:49:55.848727916Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:49:55.850493201Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:49:55.852955029Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:49:55.856311622Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:49:55.858014958Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:49:55.860709989Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:49:55.870756973Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:49:55.879041751Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:49:55.881755129Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:49:55.888889913Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:49:55.895499153Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:49:55.897268924Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:49:55.899967872Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:49:55.903808451Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:49:55.905627605Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:49:55.909168874Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:49:55.918139011Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:49:55.926702031Z | 26 | PC: 12aeb | Set disk transfer address |
| 2018-12-25T11:49:55.928419426Z | 42 | PC: 12af7 | Get date 0x12af7: cmp dh, 7 0x12afa: jne 0x12b04 0x12afc: cmp dl, 0xe 0x12aff: jne 0x12b04 0x12b01: call 0x12b2e 0x12b04: mov ah, 0x2a 0x12b06: int 0x21 0x12b08: cmp dh, 0xb 0x12b0b: jl 0x12b15 0x12b0d: cmp dl, 8 0x12b10: jl 0x12b15 0x12b12: call 0x12b3b 0x12b15: mov ah, 0x2a 0x12b17: int 0x21 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 |
| 2018-12-25T11:49:55.931671889Z | 42 | PC: 12b08 | Get date 0x12b08: cmp dh, 0xb 0x12b0b: jl 0x12b15 0x12b0d: cmp dl, 8 0x12b10: jl 0x12b15 0x12b12: call 0x12b3b 0x12b15: mov ah, 0x2a 0x12b17: int 0x21 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al |
| 2018-12-25T11:49:55.934095606Z | 42 | PC: 12b19 | Get date 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al 0x12b36: cmp al, 0 0x12b38: jne 0x12b30 0x12b3a: ret 0x12b3b: mov ah, 0x19 0x12b3d: int 0x21 0x12b3f: mov cx, 0x1111 0x12b42: mov dx, 0 |
| 2018-12-25T11:49:55.936525666Z | 19 | PC: 12b55 | Delete file |
| 2018-12-25T11:49:55.943290573Z | 44 | PC: 12b25 | Get time 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al 0x12b36: cmp al, 0 0x12b38: jne 0x12b30 0x12b3a: ret 0x12b3b: mov ah, 0x19 0x12b3d: int 0x21 0x12b3f: mov cx, 0x1111 0x12b42: mov dx, 0 0x12b45: int 0x26 0x12b47: add sp, 2 0x12b4a: ret 0x12b4b: mov ah, 0x13 0x12b4d: push cs |
| 2018-12-25T11:49:55.94652802Z | 9 | PC: 12b88 | Display string (Could not find end pointer) |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3681,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:49:57.548620385Z | 26 | PC: 12a73 | Set disk transfer address |
| 2018-12-25T11:49:57.550395355Z | 37 | PC: 12a81 | Set interrupt vector (Interrupt = '1' AKA 'Character input') |
| 2018-12-25T11:49:57.551448525Z | 37 | PC: 12a85 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input') |
| 2018-12-25T11:49:57.552481147Z | 78 | PC: 12ad1 | Find first file |
| 2018-12-25T11:49:57.556652727Z | 61 | PC: 12d4a | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:49:57.564041952Z | 63 | PC: 12d59 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T11:49:57.57099619Z | 66 | PC: 12d68 | Move file pointer |
| 2018-12-25T11:49:57.572514671Z | 66 | PC: 12d77 | Move file pointer |
| 2018-12-25T11:49:57.574223254Z | 64 | PC: 12d83 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:49:57.577045354Z | 66 | PC: 12d8f | Move file pointer |
| 2018-12-25T11:49:57.578434257Z | 44 | PC: 12d93 | Get time 0x12d93: mov byte ptr [bp + 0x376], dl 0x12d97: call 0x12dad 0x12d9a: mov ah, 0x40 0x12d9c: mov cx, 0x376 0x12d9f: lea dx, word ptr [bp + 6] 0x12da3: int 0x21 0x12da5: call 0x12dad 0x12da8: mov ah, 0x3e 0x12daa: int 0x21 0x12dac: ret 0x12dad: lea si, word ptr [bp + 0x20] 0x12db1: mov cx, 0x337 0x12db4: xor byte ptr [si], 0 0x12db7: inc si 0x12db8: dec cx 0x12db9: jne 0x12db4 0x12dbb: ret 0x12dbc: add word ptr [bx], di 0x12dbe: aas 0x12dbf: aas |
| 2018-12-25T11:49:57.584750546Z | 64 | PC: 12da5 | Write file or device (Write 886 bytes on handle 5) |
| 2018-12-25T11:49:57.597249621Z | 62 | PC: 12dac | Close file |
| 2018-12-25T11:49:57.607049933Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:49:57.611328159Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:49:57.616202355Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:49:57.621158044Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:49:57.623161721Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:49:57.624457341Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:49:57.62643977Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:49:57.628024077Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:49:57.630354594Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:49:57.640295668Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:49:57.649996183Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:49:57.653419595Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:49:57.660922225Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:49:57.668902341Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:49:57.671146156Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:49:57.672872002Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:49:57.676198666Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:49:57.678648924Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:49:57.682251039Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:49:57.69188368Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:49:57.702495553Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:49:57.706252852Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:49:57.713644328Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:49:57.721409117Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:49:57.723028324Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:49:57.724612151Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:49:57.728703297Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:49:57.730401646Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:49:57.733170357Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:49:57.742592174Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:49:57.753220001Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:49:57.75650628Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:49:57.764152438Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:49:57.772060433Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:49:57.773684749Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:49:57.775419637Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:49:57.779341142Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:49:57.781025584Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:49:57.783849949Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:49:57.795426986Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:49:57.804745905Z | 26 | PC: 12aeb | Set disk transfer address |
| 2018-12-25T11:49:57.80600271Z | 42 | PC: 12af7 | Get date 0x12af7: cmp dh, 7 0x12afa: jne 0x12b04 0x12afc: cmp dl, 0xe 0x12aff: jne 0x12b04 0x12b01: call 0x12b2e 0x12b04: mov ah, 0x2a 0x12b06: int 0x21 0x12b08: cmp dh, 0xb 0x12b0b: jl 0x12b15 0x12b0d: cmp dl, 8 0x12b10: jl 0x12b15 0x12b12: call 0x12b3b 0x12b15: mov ah, 0x2a 0x12b17: int 0x21 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 |
| 2018-12-25T11:49:57.808953548Z | 42 | PC: 12b08 | Get date 0x12b08: cmp dh, 0xb 0x12b0b: jl 0x12b15 0x12b0d: cmp dl, 8 0x12b10: jl 0x12b15 0x12b12: call 0x12b3b 0x12b15: mov ah, 0x2a 0x12b17: int 0x21 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al |
| 2018-12-25T11:49:57.81203527Z | 42 | PC: 12b19 | Get date 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al 0x12b36: cmp al, 0 0x12b38: jne 0x12b30 0x12b3a: ret 0x12b3b: mov ah, 0x19 0x12b3d: int 0x21 0x12b3f: mov cx, 0x1111 0x12b42: mov dx, 0 |
| 2018-12-25T11:49:57.81551413Z | 44 | PC: 12b25 | Get time 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al 0x12b36: cmp al, 0 0x12b38: jne 0x12b30 0x12b3a: ret 0x12b3b: mov ah, 0x19 0x12b3d: int 0x21 0x12b3f: mov cx, 0x1111 0x12b42: mov dx, 0 0x12b45: int 0x26 0x12b47: add sp, 2 0x12b4a: ret 0x12b4b: mov ah, 0x13 0x12b4d: push cs |
{"DateBased":true,"Day":1,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3681,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:49:57.58242656Z | 26 | PC: 12a73 | Set disk transfer address |
| 2018-12-25T11:49:57.584673149Z | 37 | PC: 12a81 | Set interrupt vector (Interrupt = '1' AKA 'Character input') |
| 2018-12-25T11:49:57.585999087Z | 37 | PC: 12a85 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input') |
| 2018-12-25T11:49:57.587319285Z | 78 | PC: 12ad1 | Find first file |
| 2018-12-25T11:49:57.594502963Z | 61 | PC: 12d4a | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:49:57.602249Z | 63 | PC: 12d59 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T11:49:57.619156352Z | 66 | PC: 12d68 | Move file pointer |
| 2018-12-25T11:49:57.621157647Z | 66 | PC: 12d77 | Move file pointer |
| 2018-12-25T11:49:57.625022472Z | 64 | PC: 12d83 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:49:57.627876417Z | 66 | PC: 12d8f | Move file pointer |
| 2018-12-25T11:49:57.629990079Z | 44 | PC: 12d93 | Get time 0x12d93: mov byte ptr [bp + 0x376], dl 0x12d97: call 0x12dad 0x12d9a: mov ah, 0x40 0x12d9c: mov cx, 0x376 0x12d9f: lea dx, word ptr [bp + 6] 0x12da3: int 0x21 0x12da5: call 0x12dad 0x12da8: mov ah, 0x3e 0x12daa: int 0x21 0x12dac: ret 0x12dad: lea si, word ptr [bp + 0x20] 0x12db1: mov cx, 0x337 0x12db4: xor byte ptr [si], 0 0x12db7: inc si 0x12db8: dec cx 0x12db9: jne 0x12db4 0x12dbb: ret 0x12dbc: add word ptr [bx], di 0x12dbe: aas 0x12dbf: aas |
| 2018-12-25T11:49:57.634062993Z | 64 | PC: 12da5 | Write file or device (Write 886 bytes on handle 5) |
| 2018-12-25T11:49:57.649739108Z | 62 | PC: 12dac | Close file |
| 2018-12-25T11:49:57.658889917Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:49:57.662645211Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:49:57.670106907Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:49:57.678358366Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:49:57.681856926Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:49:57.683808017Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:49:57.687118574Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:49:57.689505288Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:49:57.692288593Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:49:57.702440377Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:49:57.712298355Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:49:57.716092458Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:49:57.73260281Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:49:57.740214678Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:49:57.743891312Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:49:57.749427644Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:49:57.755019484Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:49:57.758006159Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:49:57.769927913Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:49:57.781895327Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:49:57.792870028Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:49:57.796406173Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:49:57.804276172Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:49:57.812761003Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:49:57.815125595Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:49:57.817111738Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:49:57.82121175Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:49:57.822878486Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:49:57.825650015Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:49:58.07100615Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:49:58.15603984Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:49:58.159476319Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:49:58.167284115Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:49:58.176015918Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:49:58.177570975Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:49:58.179160879Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:49:58.182152637Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:49:58.183277159Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:49:58.18511097Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:49:58.421055399Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:49:58.528760958Z | 26 | PC: 12aeb | Set disk transfer address |
| 2018-12-25T11:49:58.530490261Z | 42 | PC: 12af7 | Get date 0x12af7: cmp dh, 7 0x12afa: jne 0x12b04 0x12afc: cmp dl, 0xe 0x12aff: jne 0x12b04 0x12b01: call 0x12b2e 0x12b04: mov ah, 0x2a 0x12b06: int 0x21 0x12b08: cmp dh, 0xb 0x12b0b: jl 0x12b15 0x12b0d: cmp dl, 8 0x12b10: jl 0x12b15 0x12b12: call 0x12b3b 0x12b15: mov ah, 0x2a 0x12b17: int 0x21 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 |
| 2018-12-25T11:49:58.535062577Z | 42 | PC: 12b08 | Get date 0x12b08: cmp dh, 0xb 0x12b0b: jl 0x12b15 0x12b0d: cmp dl, 8 0x12b10: jl 0x12b15 0x12b12: call 0x12b3b 0x12b15: mov ah, 0x2a 0x12b17: int 0x21 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al |
| 2018-12-25T11:49:58.53832162Z | 42 | PC: 12b19 | Get date 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al 0x12b36: cmp al, 0 0x12b38: jne 0x12b30 0x12b3a: ret 0x12b3b: mov ah, 0x19 0x12b3d: int 0x21 0x12b3f: mov cx, 0x1111 0x12b42: mov dx, 0 |
| 2018-12-25T11:49:58.541352526Z | 19 | PC: 12b55 | Delete file |
| 2018-12-25T11:49:58.547920184Z | 44 | PC: 12b25 | Get time 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al 0x12b36: cmp al, 0 0x12b38: jne 0x12b30 0x12b3a: ret 0x12b3b: mov ah, 0x19 0x12b3d: int 0x21 0x12b3f: mov cx, 0x1111 0x12b42: mov dx, 0 0x12b45: int 0x26 0x12b47: add sp, 2 0x12b4a: ret 0x12b4b: mov ah, 0x13 0x12b4d: push cs |