{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":4357,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:51:30.800067733Z | 71 | PC: 12b2a | Get current directory |
| 2018-12-25T11:51:30.803169033Z | 59 | PC: 12b35 | Change current directory |
| 2018-12-25T11:51:30.807144753Z | 26 | PC: 12be9 | Set disk transfer address |
| 2018-12-25T11:51:30.808224984Z | 78 | PC: 12bf7 | Find first file |
| 2018-12-25T11:51:30.814677487Z | 61 | PC: 12c23 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:51:30.821460357Z | 63 | PC: 12c35 | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T11:51:30.827973359Z | 44 | PC: 12c69 | Get time 0x12c69: add dl, dh 0x12c6b: je 0x12c65 0x12c6d: mov si, 0x115 0x12c70: add si, word ptr [0x106] 0x12c74: mov byte ptr [si], dl 0x12c76: mov ax, 0x4301 0x12c79: xor cx, cx 0x12c7b: mov dx, si 0x12c7d: add dx, 0xb1 0x12c81: int 0x21 0x12c83: mov ah, 0x3e 0x12c85: int 0x21 0x12c87: mov ax, 0x3d02 0x12c8a: int 0x21 0x12c8c: jb 0x12c44 0x12c8e: mov di, dx 0x12c90: add di, 0x5d 0x12c93: stosw word ptr es:[di], ax 0x12c94: xchg ax, bx 0x12c95: mov ah, 0x40 |
| 2018-12-25T11:51:30.831334478Z | 67 | PC: 12c83 | Get or set file attributes |
| 2018-12-25T11:51:30.85045697Z | 62 | PC: 12c87 | Close file |
| 2018-12-25T11:51:30.852504984Z | 61 | PC: 12c8c | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:51:30.859295042Z | 64 | PC: 12c9f | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:51:30.867071413Z | 64 | PC: 12cb1 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T11:51:30.869935772Z | 64 | PC: 12cc6 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T11:51:30.872808147Z | 66 | PC: 12ccf | Move file pointer |
| 2018-12-25T11:51:30.87539677Z | 64 | PC: 12a7f | Write file or device (Write 1117 bytes on handle 5) |
| 2018-12-25T11:51:30.88414218Z | 87 | PC: 12ce8 | Get or set file date and time |
| 2018-12-25T11:51:30.886050371Z | 62 | PC: 12cec | Close file |
| 2018-12-25T11:51:30.8945101Z | 67 | PC: 12cfd | Get or set file attributes |
| 2018-12-25T11:51:30.904290459Z | 79 | PC: 12c0b | Find next file |
| 2018-12-25T11:51:30.906902284Z | 61 | PC: 12c23 | Open file (See above) |
| 2018-12-25T11:51:30.913712539Z | 63 | PC: 12c35 | Read file or device (See above) |
| 2018-12-25T11:51:30.920307525Z | 44 | PC: 12c69 | Get time (See above) |
| 2018-12-25T11:51:30.922718001Z | 67 | PC: 12c83 | Get or set file attributes (See above) |
| 2018-12-25T11:51:30.932949244Z | 62 | PC: 12c87 | Close file (See above) |
| 2018-12-25T11:51:30.934895404Z | 61 | PC: 12c8c | Open file (See above) |
| 2018-12-25T11:51:30.941522048Z | 64 | PC: 12c9f | Write file or device (See above) |
| 2018-12-25T11:51:30.945464637Z | 64 | PC: 12cb1 | Write file or device (See above) |
| 2018-12-25T11:51:30.948118218Z | 64 | PC: 12cc6 | Write file or device (See above) |
| 2018-12-25T11:51:30.950545732Z | 66 | PC: 12ccf | Move file pointer (See above) |
| 2018-12-25T11:51:30.956955236Z | 64 | PC: 12a7f | Write file or device (See above) |
| 2018-12-25T11:51:30.982002831Z | 87 | PC: 12ce8 | Get or set file date and time (See above) |
| 2018-12-25T11:51:30.983527953Z | 62 | PC: 12cec | Close file (See above) |
| 2018-12-25T11:51:30.991395022Z | 67 | PC: 12cfd | Get or set file attributes (See above) |
| 2018-12-25T11:51:31.001756361Z | 79 | PC: 12c0b | Find next file (See above) |
| 2018-12-25T11:51:31.004411486Z | 61 | PC: 12c23 | Open file (See above) |
| 2018-12-25T11:51:31.010955263Z | 63 | PC: 12c35 | Read file or device (See above) |
| 2018-12-25T11:51:31.021926219Z | 44 | PC: 12c69 | Get time (See above) |
| 2018-12-25T11:51:31.024378679Z | 67 | PC: 12c83 | Get or set file attributes (See above) |
| 2018-12-25T11:51:31.035338821Z | 62 | PC: 12c87 | Close file (See above) |
| 2018-12-25T11:51:31.037830896Z | 61 | PC: 12c8c | Open file (See above) |
| 2018-12-25T11:51:31.044745435Z | 64 | PC: 12c9f | Write file or device (See above) |
| 2018-12-25T11:51:31.048175989Z | 64 | PC: 12cb1 | Write file or device (See above) |
| 2018-12-25T11:51:31.051573075Z | 64 | PC: 12cc6 | Write file or device (See above) |
| 2018-12-25T11:51:31.054289888Z | 66 | PC: 12ccf | Move file pointer (See above) |
| 2018-12-25T11:51:31.056349054Z | 64 | PC: 12a7f | Write file or device (See above) |
| 2018-12-25T11:51:31.066435576Z | 87 | PC: 12ce8 | Get or set file date and time (See above) |
| 2018-12-25T11:51:31.068418827Z | 62 | PC: 12cec | Close file (See above) |
| 2018-12-25T11:51:31.076242965Z | 67 | PC: 12cfd | Get or set file attributes (See above) |
| 2018-12-25T11:51:31.086640351Z | 42 | PC: 12b50 | Get date 0x12b50: cmp dx, 0x709 0x12b54: je 0x12b59 0x12b56: jmp 0x12d6f 0x12b59: jmp 0x12d03 0x12b5c: and ah, bh 0x12b5e: movsw word ptr es:[di], word ptr [si] 0x12b5f: mov ax, 0x5c4c 0x12b62: add word ptr [di], ax 0x12b64: add byte ptr [di - 0x75], dl 0x12b67: in al, dx 0x12b68: sub sp, 0x2c 0x12b6b: push si 0x12b6c: jmp 0x12bde 0x12b6e: nop 0x12b6f: mov ah, 0x1a 0x12b71: lea dx, word ptr [bp - 0x2c] 0x12b74: int 0x21 0x12b76: mov ah, 0x4e 0x12b78: mov cx, 0x10 0x12b7b: mov dx, 0x19f |
| 2018-12-25T11:51:31.089261535Z | 59 | PC: 12d7a | Change current directory |
| 2018-12-25T11:51:31.093474086Z | 59 | PC: 12d81 | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":4357,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:51:32.811067809Z | 71 | PC: 12b2a | Get current directory |
| 2018-12-25T11:51:32.814195365Z | 59 | PC: 12b35 | Change current directory |
| 2018-12-25T11:51:32.816798706Z | 26 | PC: 12be9 | Set disk transfer address |
| 2018-12-25T11:51:32.817526982Z | 78 | PC: 12bf7 | Find first file |
| 2018-12-25T11:51:32.824232572Z | 61 | PC: 12c23 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:51:32.831134786Z | 63 | PC: 12c35 | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T11:51:32.835002053Z | 44 | PC: 12c69 | Get time 0x12c69: add dl, dh 0x12c6b: je 0x12c65 0x12c6d: mov si, 0x115 0x12c70: add si, word ptr [0x106] 0x12c74: mov byte ptr [si], dl 0x12c76: mov ax, 0x4301 0x12c79: xor cx, cx 0x12c7b: mov dx, si 0x12c7d: add dx, 0xb1 0x12c81: int 0x21 0x12c83: mov ah, 0x3e 0x12c85: int 0x21 0x12c87: mov ax, 0x3d02 0x12c8a: int 0x21 0x12c8c: jb 0x12c44 0x12c8e: mov di, dx 0x12c90: add di, 0x5d 0x12c93: stosw word ptr es:[di], ax 0x12c94: xchg ax, bx 0x12c95: mov ah, 0x40 |
| 2018-12-25T11:51:32.836589113Z | 67 | PC: 12c83 | Get or set file attributes |
| 2018-12-25T11:51:32.849921943Z | 62 | PC: 12c87 | Close file |
| 2018-12-25T11:51:32.851031956Z | 61 | PC: 12c8c | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:51:32.86008061Z | 64 | PC: 12c9f | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:51:32.866604525Z | 64 | PC: 12cb1 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T11:51:32.868399353Z | 64 | PC: 12cc6 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T11:51:32.869949563Z | 66 | PC: 12ccf | Move file pointer |
| 2018-12-25T11:51:32.872135763Z | 64 | PC: 12a7f | Write file or device (Write 1117 bytes on handle 5) |
| 2018-12-25T11:51:32.880918525Z | 87 | PC: 12ce8 | Get or set file date and time |
| 2018-12-25T11:51:32.882566531Z | 62 | PC: 12cec | Close file |
| 2018-12-25T11:51:32.891242233Z | 67 | PC: 12cfd | Get or set file attributes |
| 2018-12-25T11:51:32.901157006Z | 79 | PC: 12c0b | Find next file |
| 2018-12-25T11:51:32.903741679Z | 61 | PC: 12c23 | Open file (See above) |
| 2018-12-25T11:51:32.911113811Z | 63 | PC: 12c35 | Read file or device (See above) |
| 2018-12-25T11:51:32.917335664Z | 44 | PC: 12c69 | Get time (See above) |
| 2018-12-25T11:51:32.919319016Z | 67 | PC: 12c83 | Get or set file attributes (See above) |
| 2018-12-25T11:51:32.929672347Z | 62 | PC: 12c87 | Close file (See above) |
| 2018-12-25T11:51:32.931498013Z | 61 | PC: 12c8c | Open file (See above) |
| 2018-12-25T11:51:32.937980973Z | 64 | PC: 12c9f | Write file or device (See above) |
| 2018-12-25T11:51:32.941201092Z | 64 | PC: 12cb1 | Write file or device (See above) |
| 2018-12-25T11:51:32.943825155Z | 64 | PC: 12cc6 | Write file or device (See above) |
| 2018-12-25T11:51:32.946322496Z | 66 | PC: 12ccf | Move file pointer (See above) |
| 2018-12-25T11:51:32.949090222Z | 64 | PC: 12a7f | Write file or device (See above) |
| 2018-12-25T11:51:32.958032942Z | 87 | PC: 12ce8 | Get or set file date and time (See above) |
| 2018-12-25T11:51:32.959507504Z | 62 | PC: 12cec | Close file (See above) |
| 2018-12-25T11:51:32.967728844Z | 67 | PC: 12cfd | Get or set file attributes (See above) |
| 2018-12-25T11:51:32.978004479Z | 79 | PC: 12c0b | Find next file (See above) |
| 2018-12-25T11:51:32.98099698Z | 61 | PC: 12c23 | Open file (See above) |
| 2018-12-25T11:51:32.988360426Z | 63 | PC: 12c35 | Read file or device (See above) |
| 2018-12-25T11:51:32.995451882Z | 44 | PC: 12c69 | Get time (See above) |
| 2018-12-25T11:51:32.997541339Z | 67 | PC: 12c83 | Get or set file attributes (See above) |
| 2018-12-25T11:51:33.007426063Z | 62 | PC: 12c87 | Close file (See above) |
| 2018-12-25T11:51:33.009705202Z | 61 | PC: 12c8c | Open file (See above) |
| 2018-12-25T11:51:33.016216221Z | 64 | PC: 12c9f | Write file or device (See above) |
| 2018-12-25T11:51:33.018084623Z | 64 | PC: 12cb1 | Write file or device (See above) |
| 2018-12-25T11:51:33.020338139Z | 64 | PC: 12cc6 | Write file or device (See above) |
| 2018-12-25T11:51:33.022506507Z | 66 | PC: 12ccf | Move file pointer (See above) |
| 2018-12-25T11:51:33.02412259Z | 64 | PC: 12a7f | Write file or device (See above) |
| 2018-12-25T11:51:33.032999211Z | 87 | PC: 12ce8 | Get or set file date and time (See above) |
| 2018-12-25T11:51:33.034403721Z | 62 | PC: 12cec | Close file (See above) |
| 2018-12-25T11:51:33.041803376Z | 67 | PC: 12cfd | Get or set file attributes (See above) |
| 2018-12-25T11:51:33.052298189Z | 42 | PC: 12b50 | Get date 0x12b50: cmp dx, 0x709 0x12b54: je 0x12b59 0x12b56: jmp 0x12d6f 0x12b59: jmp 0x12d03 0x12b5c: and ah, bh 0x12b5e: movsw word ptr es:[di], word ptr [si] 0x12b5f: mov ax, 0x5c4c 0x12b62: add word ptr [di], ax 0x12b64: add byte ptr [di - 0x75], dl 0x12b67: in al, dx 0x12b68: sub sp, 0x2c 0x12b6b: push si 0x12b6c: jmp 0x12bde 0x12b6e: nop 0x12b6f: mov ah, 0x1a 0x12b71: lea dx, word ptr [bp - 0x2c] 0x12b74: int 0x21 0x12b76: mov ah, 0x4e 0x12b78: mov cx, 0x10 0x12b7b: mov dx, 0x19f |
| 2018-12-25T11:51:33.054312256Z | 59 | PC: 12d7a | Change current directory |
| 2018-12-25T11:51:33.057896189Z | 59 | PC: 12d81 | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":4357,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:51:32.890640874Z | 71 | PC: 12b2a | Get current directory |
| 2018-12-25T11:51:32.893441524Z | 59 | PC: 12b35 | Change current directory |
| 2018-12-25T11:51:32.896310149Z | 26 | PC: 12be9 | Set disk transfer address |
| 2018-12-25T11:51:32.897841396Z | 78 | PC: 12bf7 | Find first file |
| 2018-12-25T11:51:32.904957994Z | 61 | PC: 12c23 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:51:32.912160818Z | 63 | PC: 12c35 | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T11:51:32.919199904Z | 44 | PC: 12c69 | Get time 0x12c69: add dl, dh 0x12c6b: je 0x12c65 0x12c6d: mov si, 0x115 0x12c70: add si, word ptr [0x106] 0x12c74: mov byte ptr [si], dl 0x12c76: mov ax, 0x4301 0x12c79: xor cx, cx 0x12c7b: mov dx, si 0x12c7d: add dx, 0xb1 0x12c81: int 0x21 0x12c83: mov ah, 0x3e 0x12c85: int 0x21 0x12c87: mov ax, 0x3d02 0x12c8a: int 0x21 0x12c8c: jb 0x12c44 0x12c8e: mov di, dx 0x12c90: add di, 0x5d 0x12c93: stosw word ptr es:[di], ax 0x12c94: xchg ax, bx 0x12c95: mov ah, 0x40 |
| 2018-12-25T11:51:32.921666909Z | 67 | PC: 12c83 | Get or set file attributes |
| 2018-12-25T11:51:32.9360426Z | 62 | PC: 12c87 | Close file |
| 2018-12-25T11:51:32.937869646Z | 61 | PC: 12c8c | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:51:32.945286788Z | 64 | PC: 12c9f | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:51:32.94872961Z | 64 | PC: 12cb1 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T11:51:32.950703947Z | 64 | PC: 12cc6 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T11:51:32.952563069Z | 66 | PC: 12ccf | Move file pointer |
| 2018-12-25T11:51:32.954364145Z | 64 | PC: 12a7f | Write file or device (Write 1117 bytes on handle 5) |
| 2018-12-25T11:51:32.962947396Z | 87 | PC: 12ce8 | Get or set file date and time |
| 2018-12-25T11:51:32.964519755Z | 62 | PC: 12cec | Close file |
| 2018-12-25T11:51:32.974297551Z | 67 | PC: 12cfd | Get or set file attributes |
| 2018-12-25T11:51:32.985040418Z | 79 | PC: 12c0b | Find next file |
| 2018-12-25T11:51:32.987817673Z | 61 | PC: 12c23 | Open file (See above) |
| 2018-12-25T11:51:32.995381917Z | 63 | PC: 12c35 | Read file or device (See above) |
| 2018-12-25T11:51:33.002435599Z | 44 | PC: 12c69 | Get time (See above) |
| 2018-12-25T11:51:33.004776711Z | 67 | PC: 12c83 | Get or set file attributes (See above) |
| 2018-12-25T11:51:33.016628212Z | 62 | PC: 12c87 | Close file (See above) |
| 2018-12-25T11:51:33.018471974Z | 61 | PC: 12c8c | Open file (See above) |
| 2018-12-25T11:51:33.02598099Z | 64 | PC: 12c9f | Write file or device (See above) |
| 2018-12-25T11:51:33.029915904Z | 64 | PC: 12cb1 | Write file or device (See above) |
| 2018-12-25T11:51:33.033017534Z | 64 | PC: 12cc6 | Write file or device (See above) |
| 2018-12-25T11:51:33.035612198Z | 66 | PC: 12ccf | Move file pointer (See above) |
| 2018-12-25T11:51:33.037440086Z | 64 | PC: 12a7f | Write file or device (See above) |
| 2018-12-25T11:51:33.04755043Z | 87 | PC: 12ce8 | Get or set file date and time (See above) |
| 2018-12-25T11:51:33.048957317Z | 62 | PC: 12cec | Close file (See above) |
| 2018-12-25T11:51:33.057414071Z | 67 | PC: 12cfd | Get or set file attributes (See above) |
| 2018-12-25T11:51:33.068623658Z | 79 | PC: 12c0b | Find next file (See above) |
| 2018-12-25T11:51:33.071522488Z | 61 | PC: 12c23 | Open file (See above) |
| 2018-12-25T11:51:33.078737459Z | 63 | PC: 12c35 | Read file or device (See above) |
| 2018-12-25T11:51:33.088166956Z | 44 | PC: 12c69 | Get time (See above) |
| 2018-12-25T11:51:33.091631151Z | 67 | PC: 12c83 | Get or set file attributes (See above) |
| 2018-12-25T11:51:33.102832451Z | 62 | PC: 12c87 | Close file (See above) |
| 2018-12-25T11:51:33.105827217Z | 61 | PC: 12c8c | Open file (See above) |
| 2018-12-25T11:51:33.113583067Z | 64 | PC: 12c9f | Write file or device (See above) |
| 2018-12-25T11:51:33.116838613Z | 64 | PC: 12cb1 | Write file or device (See above) |
| 2018-12-25T11:51:33.120517788Z | 64 | PC: 12cc6 | Write file or device (See above) |
| 2018-12-25T11:51:33.123559008Z | 66 | PC: 12ccf | Move file pointer (See above) |
| 2018-12-25T11:51:33.125550704Z | 64 | PC: 12a7f | Write file or device (See above) |
| 2018-12-25T11:51:33.13568399Z | 87 | PC: 12ce8 | Get or set file date and time (See above) |
| 2018-12-25T11:51:33.137535094Z | 62 | PC: 12cec | Close file (See above) |
| 2018-12-25T11:51:33.145843828Z | 67 | PC: 12cfd | Get or set file attributes (See above) |
| 2018-12-25T11:51:33.157144853Z | 42 | PC: 12b50 | Get date 0x12b50: cmp dx, 0x709 0x12b54: je 0x12b59 0x12b56: jmp 0x12d6f 0x12b59: jmp 0x12d03 0x12b5c: and ah, bh 0x12b5e: movsw word ptr es:[di], word ptr [si] 0x12b5f: mov ax, 0x5c4c 0x12b62: add word ptr [di], ax 0x12b64: add byte ptr [di - 0x75], dl 0x12b67: in al, dx 0x12b68: sub sp, 0x2c 0x12b6b: push si 0x12b6c: jmp 0x12bde 0x12b6e: nop 0x12b6f: mov ah, 0x1a 0x12b71: lea dx, word ptr [bp - 0x2c] 0x12b74: int 0x21 0x12b76: mov ah, 0x4e 0x12b78: mov cx, 0x10 0x12b7b: mov dx, 0x19f |
| 2018-12-25T11:51:33.159582345Z | 59 | PC: 12d7a | Change current directory |
| 2018-12-25T11:51:33.164248471Z | 59 | PC: 12d81 | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":4357,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:51:33.037905213Z | 71 | PC: 12b2a | Get current directory |
| 2018-12-25T11:51:33.041316719Z | 59 | PC: 12b35 | Change current directory |
| 2018-12-25T11:51:33.045062672Z | 26 | PC: 12be9 | Set disk transfer address |
| 2018-12-25T11:51:33.04604206Z | 78 | PC: 12bf7 | Find first file |
| 2018-12-25T11:51:33.052046155Z | 61 | PC: 12c23 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:51:33.057410724Z | 63 | PC: 12c35 | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T11:51:33.063795295Z | 44 | PC: 12c69 | Get time 0x12c69: add dl, dh 0x12c6b: je 0x12c65 0x12c6d: mov si, 0x115 0x12c70: add si, word ptr [0x106] 0x12c74: mov byte ptr [si], dl 0x12c76: mov ax, 0x4301 0x12c79: xor cx, cx 0x12c7b: mov dx, si 0x12c7d: add dx, 0xb1 0x12c81: int 0x21 0x12c83: mov ah, 0x3e 0x12c85: int 0x21 0x12c87: mov ax, 0x3d02 0x12c8a: int 0x21 0x12c8c: jb 0x12c44 0x12c8e: mov di, dx 0x12c90: add di, 0x5d 0x12c93: stosw word ptr es:[di], ax 0x12c94: xchg ax, bx 0x12c95: mov ah, 0x40 |
| 2018-12-25T11:51:33.066108228Z | 67 | PC: 12c83 | Get or set file attributes |
| 2018-12-25T11:51:33.084778469Z | 62 | PC: 12c87 | Close file |
| 2018-12-25T11:51:33.087174676Z | 61 | PC: 12c8c | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:51:33.093831973Z | 64 | PC: 12c9f | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:51:33.100817261Z | 64 | PC: 12cb1 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T11:51:33.102894852Z | 64 | PC: 12cc6 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T11:51:33.104765781Z | 66 | PC: 12ccf | Move file pointer |
| 2018-12-25T11:51:33.113265099Z | 64 | PC: 12a7f | Write file or device (Write 1117 bytes on handle 5) |
| 2018-12-25T11:51:33.1199278Z | 87 | PC: 12ce8 | Get or set file date and time |
| 2018-12-25T11:51:33.121482325Z | 62 | PC: 12cec | Close file |
| 2018-12-25T11:51:33.129878152Z | 67 | PC: 12cfd | Get or set file attributes |
| 2018-12-25T11:51:33.140145947Z | 79 | PC: 12c0b | Find next file |
| 2018-12-25T11:51:33.142659327Z | 61 | PC: 12c23 | Open file (See above) |
| 2018-12-25T11:51:33.149529821Z | 63 | PC: 12c35 | Read file or device (See above) |
| 2018-12-25T11:51:33.156298577Z | 44 | PC: 12c69 | Get time (See above) |
| 2018-12-25T11:51:33.159420471Z | 67 | PC: 12c83 | Get or set file attributes (See above) |
| 2018-12-25T11:51:33.17031753Z | 62 | PC: 12c87 | Close file (See above) |
| 2018-12-25T11:51:33.172825966Z | 61 | PC: 12c8c | Open file (See above) |
| 2018-12-25T11:51:33.179465106Z | 64 | PC: 12c9f | Write file or device (See above) |
| 2018-12-25T11:51:33.183352845Z | 64 | PC: 12cb1 | Write file or device (See above) |
| 2018-12-25T11:51:33.186016319Z | 64 | PC: 12cc6 | Write file or device (See above) |
| 2018-12-25T11:51:33.188507557Z | 66 | PC: 12ccf | Move file pointer (See above) |
| 2018-12-25T11:51:33.190243686Z | 64 | PC: 12a7f | Write file or device (See above) |
| 2018-12-25T11:51:33.20004463Z | 87 | PC: 12ce8 | Get or set file date and time (See above) |
| 2018-12-25T11:51:33.201861731Z | 62 | PC: 12cec | Close file (See above) |
| 2018-12-25T11:51:33.211148897Z | 67 | PC: 12cfd | Get or set file attributes (See above) |
| 2018-12-25T11:51:33.231069891Z | 79 | PC: 12c0b | Find next file (See above) |
| 2018-12-25T11:51:33.23383742Z | 61 | PC: 12c23 | Open file (See above) |
| 2018-12-25T11:51:33.240765249Z | 63 | PC: 12c35 | Read file or device (See above) |
| 2018-12-25T11:51:33.249496124Z | 44 | PC: 12c69 | Get time (See above) |
| 2018-12-25T11:51:33.251630558Z | 67 | PC: 12c83 | Get or set file attributes (See above) |
| 2018-12-25T11:51:33.259748386Z | 62 | PC: 12c87 | Close file (See above) |
| 2018-12-25T11:51:33.261598136Z | 61 | PC: 12c8c | Open file (See above) |
| 2018-12-25T11:51:33.26583241Z | 64 | PC: 12c9f | Write file or device (See above) |
| 2018-12-25T11:51:33.267994561Z | 64 | PC: 12cb1 | Write file or device (See above) |
| 2018-12-25T11:51:33.271547104Z | 64 | PC: 12cc6 | Write file or device (See above) |
| 2018-12-25T11:51:33.274536988Z | 66 | PC: 12ccf | Move file pointer (See above) |
| 2018-12-25T11:51:33.276822171Z | 64 | PC: 12a7f | Write file or device (See above) |
| 2018-12-25T11:51:33.286946871Z | 87 | PC: 12ce8 | Get or set file date and time (See above) |
| 2018-12-25T11:51:33.28924591Z | 62 | PC: 12cec | Close file (See above) |
| 2018-12-25T11:51:33.297215138Z | 67 | PC: 12cfd | Get or set file attributes (See above) |
| 2018-12-25T11:51:33.311336268Z | 42 | PC: 12b50 | Get date 0x12b50: cmp dx, 0x709 0x12b54: je 0x12b59 0x12b56: jmp 0x12d6f 0x12b59: jmp 0x12d03 0x12b5c: and ah, bh 0x12b5e: movsw word ptr es:[di], word ptr [si] 0x12b5f: mov ax, 0x5c4c 0x12b62: add word ptr [di], ax 0x12b64: add byte ptr [di - 0x75], dl 0x12b67: in al, dx 0x12b68: sub sp, 0x2c 0x12b6b: push si 0x12b6c: jmp 0x12bde 0x12b6e: nop 0x12b6f: mov ah, 0x1a 0x12b71: lea dx, word ptr [bp - 0x2c] 0x12b74: int 0x21 0x12b76: mov ah, 0x4e 0x12b78: mov cx, 0x10 0x12b7b: mov dx, 0x19f |
| 2018-12-25T11:51:33.314286547Z | 59 | PC: 12d7a | Change current directory |
| 2018-12-25T11:51:33.318796605Z | 59 | PC: 12d81 | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":4357,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:51:33.279860852Z | 71 | PC: 12b2a | Get current directory |
| 2018-12-25T11:51:33.283092995Z | 59 | PC: 12b35 | Change current directory |
| 2018-12-25T11:51:33.286868879Z | 26 | PC: 12be9 | Set disk transfer address |
| 2018-12-25T11:51:33.287801187Z | 78 | PC: 12bf7 | Find first file |
| 2018-12-25T11:51:33.295127071Z | 61 | PC: 12c23 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:51:33.301491996Z | 63 | PC: 12c35 | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T11:51:33.308224504Z | 44 | PC: 12c69 | Get time 0x12c69: add dl, dh 0x12c6b: je 0x12c65 0x12c6d: mov si, 0x115 0x12c70: add si, word ptr [0x106] 0x12c74: mov byte ptr [si], dl 0x12c76: mov ax, 0x4301 0x12c79: xor cx, cx 0x12c7b: mov dx, si 0x12c7d: add dx, 0xb1 0x12c81: int 0x21 0x12c83: mov ah, 0x3e 0x12c85: int 0x21 0x12c87: mov ax, 0x3d02 0x12c8a: int 0x21 0x12c8c: jb 0x12c44 0x12c8e: mov di, dx 0x12c90: add di, 0x5d 0x12c93: stosw word ptr es:[di], ax 0x12c94: xchg ax, bx 0x12c95: mov ah, 0x40 |
| 2018-12-25T11:51:33.3108664Z | 67 | PC: 12c83 | Get or set file attributes |
| 2018-12-25T11:51:33.32674054Z | 62 | PC: 12c87 | Close file |
| 2018-12-25T11:51:33.328397948Z | 61 | PC: 12c8c | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:51:33.335689028Z | 64 | PC: 12c9f | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:51:33.352364245Z | 64 | PC: 12cb1 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T11:51:33.355991139Z | 64 | PC: 12cc6 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T11:51:33.358963819Z | 66 | PC: 12ccf | Move file pointer |
| 2018-12-25T11:51:33.362772421Z | 64 | PC: 12a7f | Write file or device (Write 1117 bytes on handle 5) |
| 2018-12-25T11:51:33.372167297Z | 87 | PC: 12ce8 | Get or set file date and time |
| 2018-12-25T11:51:33.373682996Z | 62 | PC: 12cec | Close file |
| 2018-12-25T11:51:33.379161959Z | 67 | PC: 12cfd | Get or set file attributes |
| 2018-12-25T11:51:33.385361439Z | 79 | PC: 12c0b | Find next file |
| 2018-12-25T11:51:33.387447465Z | 61 | PC: 12c23 | Open file (See above) |
| 2018-12-25T11:51:33.39263441Z | 63 | PC: 12c35 | Read file or device (See above) |
| 2018-12-25T11:51:33.396757933Z | 44 | PC: 12c69 | Get time (See above) |
| 2018-12-25T11:51:33.398373942Z | 67 | PC: 12c83 | Get or set file attributes (See above) |
| 2018-12-25T11:51:33.411930733Z | 62 | PC: 12c87 | Close file (See above) |
| 2018-12-25T11:51:33.413765357Z | 61 | PC: 12c8c | Open file (See above) |
| 2018-12-25T11:51:33.418908481Z | 64 | PC: 12c9f | Write file or device (See above) |
| 2018-12-25T11:51:33.422445059Z | 64 | PC: 12cb1 | Write file or device (See above) |
| 2018-12-25T11:51:33.424222652Z | 64 | PC: 12cc6 | Write file or device (See above) |
| 2018-12-25T11:51:33.42626124Z | 66 | PC: 12ccf | Move file pointer (See above) |
| 2018-12-25T11:51:33.428682582Z | 64 | PC: 12a7f | Write file or device (See above) |
| 2018-12-25T11:51:33.434504642Z | 87 | PC: 12ce8 | Get or set file date and time (See above) |
| 2018-12-25T11:51:33.435688534Z | 62 | PC: 12cec | Close file (See above) |
| 2018-12-25T11:51:33.441701046Z | 67 | PC: 12cfd | Get or set file attributes (See above) |
| 2018-12-25T11:51:33.450170576Z | 79 | PC: 12c0b | Find next file (See above) |
| 2018-12-25T11:51:33.452804203Z | 61 | PC: 12c23 | Open file (See above) |
| 2018-12-25T11:51:33.457560888Z | 63 | PC: 12c35 | Read file or device (See above) |
| 2018-12-25T11:51:33.462288797Z | 44 | PC: 12c69 | Get time (See above) |
| 2018-12-25T11:51:33.464344095Z | 67 | PC: 12c83 | Get or set file attributes (See above) |
| 2018-12-25T11:51:33.471404067Z | 62 | PC: 12c87 | Close file (See above) |
| 2018-12-25T11:51:33.472700382Z | 61 | PC: 12c8c | Open file (See above) |
| 2018-12-25T11:51:33.476837074Z | 64 | PC: 12c9f | Write file or device (See above) |
| 2018-12-25T11:51:33.479405616Z | 64 | PC: 12cb1 | Write file or device (See above) |
| 2018-12-25T11:51:33.481410261Z | 64 | PC: 12cc6 | Write file or device (See above) |
| 2018-12-25T11:51:33.483127035Z | 66 | PC: 12ccf | Move file pointer (See above) |
| 2018-12-25T11:51:33.484686716Z | 64 | PC: 12a7f | Write file or device (See above) |
| 2018-12-25T11:51:33.495226027Z | 87 | PC: 12ce8 | Get or set file date and time (See above) |
| 2018-12-25T11:51:33.507278335Z | 62 | PC: 12cec | Close file (See above) |
| 2018-12-25T11:51:33.515105737Z | 67 | PC: 12cfd | Get or set file attributes (See above) |
| 2018-12-25T11:51:33.525732918Z | 42 | PC: 12b50 | Get date 0x12b50: cmp dx, 0x709 0x12b54: je 0x12b59 0x12b56: jmp 0x12d6f 0x12b59: jmp 0x12d03 0x12b5c: and ah, bh 0x12b5e: movsw word ptr es:[di], word ptr [si] 0x12b5f: mov ax, 0x5c4c 0x12b62: add word ptr [di], ax 0x12b64: add byte ptr [di - 0x75], dl 0x12b67: in al, dx 0x12b68: sub sp, 0x2c 0x12b6b: push si 0x12b6c: jmp 0x12bde 0x12b6e: nop 0x12b6f: mov ah, 0x1a 0x12b71: lea dx, word ptr [bp - 0x2c] 0x12b74: int 0x21 0x12b76: mov ah, 0x4e 0x12b78: mov cx, 0x10 0x12b7b: mov dx, 0x19f |
| 2018-12-25T11:51:33.527996645Z | 59 | PC: 12d7a | Change current directory |
| 2018-12-25T11:51:33.531946538Z | 59 | PC: 12d81 | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":4357,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:51:33.37256857Z | 71 | PC: 12b2a | Get current directory |
| 2018-12-25T11:51:33.376897975Z | 59 | PC: 12b35 | Change current directory |
| 2018-12-25T11:51:33.381495527Z | 26 | PC: 12be9 | Set disk transfer address |
| 2018-12-25T11:51:33.38291074Z | 78 | PC: 12bf7 | Find first file |
| 2018-12-25T11:51:33.394784734Z | 61 | PC: 12c23 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:51:33.406507489Z | 63 | PC: 12c35 | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T11:51:33.41359927Z | 44 | PC: 12c69 | Get time 0x12c69: add dl, dh 0x12c6b: je 0x12c65 0x12c6d: mov si, 0x115 0x12c70: add si, word ptr [0x106] 0x12c74: mov byte ptr [si], dl 0x12c76: mov ax, 0x4301 0x12c79: xor cx, cx 0x12c7b: mov dx, si 0x12c7d: add dx, 0xb1 0x12c81: int 0x21 0x12c83: mov ah, 0x3e 0x12c85: int 0x21 0x12c87: mov ax, 0x3d02 0x12c8a: int 0x21 0x12c8c: jb 0x12c44 0x12c8e: mov di, dx 0x12c90: add di, 0x5d 0x12c93: stosw word ptr es:[di], ax 0x12c94: xchg ax, bx 0x12c95: mov ah, 0x40 |
| 2018-12-25T11:51:33.415650886Z | 67 | PC: 12c83 | Get or set file attributes |
| 2018-12-25T11:51:33.438434275Z | 62 | PC: 12c87 | Close file |
| 2018-12-25T11:51:33.44118998Z | 61 | PC: 12c8c | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:51:33.452644604Z | 64 | PC: 12c9f | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:51:33.461296875Z | 64 | PC: 12cb1 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T11:51:33.465117563Z | 64 | PC: 12cc6 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T11:51:33.481142251Z | 66 | PC: 12ccf | Move file pointer |
| 2018-12-25T11:51:33.485861931Z | 64 | PC: 12a7f | Write file or device (Write 1117 bytes on handle 5) |
| 2018-12-25T11:51:33.495466691Z | 87 | PC: 12ce8 | Get or set file date and time |
| 2018-12-25T11:51:33.496875356Z | 62 | PC: 12cec | Close file |
| 2018-12-25T11:51:33.505342924Z | 67 | PC: 12cfd | Get or set file attributes |
| 2018-12-25T11:51:33.514981686Z | 79 | PC: 12c0b | Find next file |
| 2018-12-25T11:51:33.517527337Z | 61 | PC: 12c23 | Open file (See above) |
| 2018-12-25T11:51:33.524430972Z | 63 | PC: 12c35 | Read file or device (See above) |
| 2018-12-25T11:51:33.530662649Z | 44 | PC: 12c69 | Get time (See above) |
| 2018-12-25T11:51:33.532745849Z | 67 | PC: 12c83 | Get or set file attributes (See above) |
| 2018-12-25T11:51:33.542479345Z | 62 | PC: 12c87 | Close file (See above) |
| 2018-12-25T11:51:33.558815148Z | 61 | PC: 12c8c | Open file (See above) |
| 2018-12-25T11:51:33.567769398Z | 64 | PC: 12c9f | Write file or device (See above) |
| 2018-12-25T11:51:33.570740769Z | 64 | PC: 12cb1 | Write file or device (See above) |
| 2018-12-25T11:51:33.574560664Z | 64 | PC: 12cc6 | Write file or device (See above) |
| 2018-12-25T11:51:33.577947248Z | 66 | PC: 12ccf | Move file pointer (See above) |
| 2018-12-25T11:51:33.580063786Z | 64 | PC: 12a7f | Write file or device (See above) |
| 2018-12-25T11:51:33.590866693Z | 87 | PC: 12ce8 | Get or set file date and time (See above) |
| 2018-12-25T11:51:33.592635612Z | 62 | PC: 12cec | Close file (See above) |
| 2018-12-25T11:51:33.600693764Z | 67 | PC: 12cfd | Get or set file attributes (See above) |
| 2018-12-25T11:51:33.611185265Z | 79 | PC: 12c0b | Find next file (See above) |
| 2018-12-25T11:51:33.614403642Z | 61 | PC: 12c23 | Open file (See above) |
| 2018-12-25T11:51:33.621108008Z | 63 | PC: 12c35 | Read file or device (See above) |
| 2018-12-25T11:51:33.628136669Z | 44 | PC: 12c69 | Get time (See above) |
| 2018-12-25T11:51:33.630318965Z | 67 | PC: 12c83 | Get or set file attributes (See above) |
| 2018-12-25T11:51:33.640551945Z | 62 | PC: 12c87 | Close file (See above) |
| 2018-12-25T11:51:33.643252254Z | 61 | PC: 12c8c | Open file (See above) |
| 2018-12-25T11:51:33.650046856Z | 64 | PC: 12c9f | Write file or device (See above) |
| 2018-12-25T11:51:33.652682706Z | 64 | PC: 12cb1 | Write file or device (See above) |
| 2018-12-25T11:51:33.655921308Z | 64 | PC: 12cc6 | Write file or device (See above) |
| 2018-12-25T11:51:33.658657349Z | 66 | PC: 12ccf | Move file pointer (See above) |
| 2018-12-25T11:51:33.660636216Z | 64 | PC: 12a7f | Write file or device (See above) |
| 2018-12-25T11:51:33.670724109Z | 87 | PC: 12ce8 | Get or set file date and time (See above) |
| 2018-12-25T11:51:33.672385783Z | 62 | PC: 12cec | Close file (See above) |
| 2018-12-25T11:51:33.679919692Z | 67 | PC: 12cfd | Get or set file attributes (See above) |
| 2018-12-25T11:51:33.690340057Z | 42 | PC: 12b50 | Get date 0x12b50: cmp dx, 0x709 0x12b54: je 0x12b59 0x12b56: jmp 0x12d6f 0x12b59: jmp 0x12d03 0x12b5c: and ah, bh 0x12b5e: movsw word ptr es:[di], word ptr [si] 0x12b5f: mov ax, 0x5c4c 0x12b62: add word ptr [di], ax 0x12b64: add byte ptr [di - 0x75], dl 0x12b67: in al, dx 0x12b68: sub sp, 0x2c 0x12b6b: push si 0x12b6c: jmp 0x12bde 0x12b6e: nop 0x12b6f: mov ah, 0x1a 0x12b71: lea dx, word ptr [bp - 0x2c] 0x12b74: int 0x21 0x12b76: mov ah, 0x4e 0x12b78: mov cx, 0x10 0x12b7b: mov dx, 0x19f |
| 2018-12-25T11:51:33.692690195Z | 59 | PC: 12d7a | Change current directory |
| 2018-12-25T11:51:33.696815252Z | 59 | PC: 12d81 | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":4357,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:51:33.40625404Z | 71 | PC: 12b2a | Get current directory |
| 2018-12-25T11:51:33.409622436Z | 59 | PC: 12b35 | Change current directory |
| 2018-12-25T11:51:33.413820384Z | 26 | PC: 12be9 | Set disk transfer address |
| 2018-12-25T11:51:33.415161978Z | 78 | PC: 12bf7 | Find first file |
| 2018-12-25T11:51:33.427018432Z | 61 | PC: 12c23 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:51:33.434225565Z | 63 | PC: 12c35 | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T11:51:33.440718197Z | 44 | PC: 12c69 | Get time 0x12c69: add dl, dh 0x12c6b: je 0x12c65 0x12c6d: mov si, 0x115 0x12c70: add si, word ptr [0x106] 0x12c74: mov byte ptr [si], dl 0x12c76: mov ax, 0x4301 0x12c79: xor cx, cx 0x12c7b: mov dx, si 0x12c7d: add dx, 0xb1 0x12c81: int 0x21 0x12c83: mov ah, 0x3e 0x12c85: int 0x21 0x12c87: mov ax, 0x3d02 0x12c8a: int 0x21 0x12c8c: jb 0x12c44 0x12c8e: mov di, dx 0x12c90: add di, 0x5d 0x12c93: stosw word ptr es:[di], ax 0x12c94: xchg ax, bx 0x12c95: mov ah, 0x40 |
| 2018-12-25T11:51:33.443962141Z | 67 | PC: 12c83 | Get or set file attributes |
| 2018-12-25T11:51:33.46052235Z | 62 | PC: 12c87 | Close file |
| 2018-12-25T11:51:33.462662415Z | 61 | PC: 12c8c | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:51:33.469916629Z | 64 | PC: 12c9f | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:51:33.472903527Z | 64 | PC: 12cb1 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T11:51:33.475713218Z | 64 | PC: 12cc6 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T11:51:33.479024802Z | 66 | PC: 12ccf | Move file pointer |
| 2018-12-25T11:51:33.480894825Z | 64 | PC: 12a7f | Write file or device (Write 1117 bytes on handle 5) |
| 2018-12-25T11:51:33.489632901Z | 87 | PC: 12ce8 | Get or set file date and time |
| 2018-12-25T11:51:33.491285474Z | 62 | PC: 12cec | Close file |
| 2018-12-25T11:51:33.498660039Z | 67 | PC: 12cfd | Get or set file attributes |
| 2018-12-25T11:51:33.508554005Z | 79 | PC: 12c0b | Find next file |
| 2018-12-25T11:51:33.511578397Z | 61 | PC: 12c23 | Open file (See above) |
| 2018-12-25T11:51:33.518397428Z | 63 | PC: 12c35 | Read file or device (See above) |
| 2018-12-25T11:51:33.524858554Z | 44 | PC: 12c69 | Get time (See above) |
| 2018-12-25T11:51:33.526949998Z | 67 | PC: 12c83 | Get or set file attributes (See above) |
| 2018-12-25T11:51:33.533344429Z | 62 | PC: 12c87 | Close file (See above) |
| 2018-12-25T11:51:33.534475916Z | 61 | PC: 12c8c | Open file (See above) |
| 2018-12-25T11:51:33.538428158Z | 64 | PC: 12c9f | Write file or device (See above) |
| 2018-12-25T11:51:33.541210874Z | 64 | PC: 12cb1 | Write file or device (See above) |
| 2018-12-25T11:51:33.543102149Z | 64 | PC: 12cc6 | Write file or device (See above) |
| 2018-12-25T11:51:33.544909575Z | 66 | PC: 12ccf | Move file pointer (See above) |
| 2018-12-25T11:51:33.547239666Z | 64 | PC: 12a7f | Write file or device (See above) |
| 2018-12-25T11:51:33.566608776Z | 87 | PC: 12ce8 | Get or set file date and time (See above) |
| 2018-12-25T11:51:33.569047437Z | 62 | PC: 12cec | Close file (See above) |
| 2018-12-25T11:51:33.577737726Z | 67 | PC: 12cfd | Get or set file attributes (See above) |
| 2018-12-25T11:51:33.587943609Z | 79 | PC: 12c0b | Find next file (See above) |
| 2018-12-25T11:51:33.590792882Z | 61 | PC: 12c23 | Open file (See above) |
| 2018-12-25T11:51:33.598362255Z | 63 | PC: 12c35 | Read file or device (See above) |
| 2018-12-25T11:51:33.604825649Z | 44 | PC: 12c69 | Get time (See above) |
| 2018-12-25T11:51:33.607253917Z | 67 | PC: 12c83 | Get or set file attributes (See above) |
| 2018-12-25T11:51:33.618319044Z | 62 | PC: 12c87 | Close file (See above) |
| 2018-12-25T11:51:33.620740695Z | 61 | PC: 12c8c | Open file (See above) |
| 2018-12-25T11:51:33.627616974Z | 64 | PC: 12c9f | Write file or device (See above) |
| 2018-12-25T11:51:33.632214897Z | 64 | PC: 12cb1 | Write file or device (See above) |
| 2018-12-25T11:51:33.635450096Z | 64 | PC: 12cc6 | Write file or device (See above) |
| 2018-12-25T11:51:33.638321499Z | 66 | PC: 12ccf | Move file pointer (See above) |
| 2018-12-25T11:51:33.640220264Z | 64 | PC: 12a7f | Write file or device (See above) |
| 2018-12-25T11:51:33.649865164Z | 87 | PC: 12ce8 | Get or set file date and time (See above) |
| 2018-12-25T11:51:33.651911918Z | 62 | PC: 12cec | Close file (See above) |
| 2018-12-25T11:51:33.65951939Z | 67 | PC: 12cfd | Get or set file attributes (See above) |
| 2018-12-25T11:51:33.66935751Z | 42 | PC: 12b50 | Get date 0x12b50: cmp dx, 0x709 0x12b54: je 0x12b59 0x12b56: jmp 0x12d6f 0x12b59: jmp 0x12d03 0x12b5c: and ah, bh 0x12b5e: movsw word ptr es:[di], word ptr [si] 0x12b5f: mov ax, 0x5c4c 0x12b62: add word ptr [di], ax 0x12b64: add byte ptr [di - 0x75], dl 0x12b67: in al, dx 0x12b68: sub sp, 0x2c 0x12b6b: push si 0x12b6c: jmp 0x12bde 0x12b6e: nop 0x12b6f: mov ah, 0x1a 0x12b71: lea dx, word ptr [bp - 0x2c] 0x12b74: int 0x21 0x12b76: mov ah, 0x4e 0x12b78: mov cx, 0x10 0x12b7b: mov dx, 0x19f |
| 2018-12-25T11:51:33.67149303Z | 59 | PC: 12d7a | Change current directory |
| 2018-12-25T11:51:33.675678904Z | 59 | PC: 12d81 | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":4357,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:51:33.417878429Z | 71 | PC: 12b2a | Get current directory |
| 2018-12-25T11:51:33.42139927Z | 59 | PC: 12b35 | Change current directory |
| 2018-12-25T11:51:33.42632314Z | 26 | PC: 12be9 | Set disk transfer address |
| 2018-12-25T11:51:33.427400716Z | 78 | PC: 12bf7 | Find first file |
| 2018-12-25T11:51:33.434305056Z | 61 | PC: 12c23 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:51:33.443617445Z | 63 | PC: 12c35 | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T11:51:33.451189246Z | 44 | PC: 12c69 | Get time 0x12c69: add dl, dh 0x12c6b: je 0x12c65 0x12c6d: mov si, 0x115 0x12c70: add si, word ptr [0x106] 0x12c74: mov byte ptr [si], dl 0x12c76: mov ax, 0x4301 0x12c79: xor cx, cx 0x12c7b: mov dx, si 0x12c7d: add dx, 0xb1 0x12c81: int 0x21 0x12c83: mov ah, 0x3e 0x12c85: int 0x21 0x12c87: mov ax, 0x3d02 0x12c8a: int 0x21 0x12c8c: jb 0x12c44 0x12c8e: mov di, dx 0x12c90: add di, 0x5d 0x12c93: stosw word ptr es:[di], ax 0x12c94: xchg ax, bx 0x12c95: mov ah, 0x40 |
| 2018-12-25T11:51:33.454179422Z | 67 | PC: 12c83 | Get or set file attributes |
| 2018-12-25T11:51:33.474715129Z | 62 | PC: 12c87 | Close file |
| 2018-12-25T11:51:33.476786094Z | 61 | PC: 12c8c | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:51:33.485200631Z | 64 | PC: 12c9f | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:51:33.494018603Z | 64 | PC: 12cb1 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T11:51:33.497371288Z | 64 | PC: 12cc6 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T11:51:33.500644952Z | 66 | PC: 12ccf | Move file pointer |
| 2018-12-25T11:51:33.5036246Z | 64 | PC: 12a7f | Write file or device (Write 1117 bytes on handle 5) |
| 2018-12-25T11:51:33.514114816Z | 87 | PC: 12ce8 | Get or set file date and time |
| 2018-12-25T11:51:33.516060047Z | 62 | PC: 12cec | Close file |
| 2018-12-25T11:51:33.525347946Z | 67 | PC: 12cfd | Get or set file attributes |
| 2018-12-25T11:51:33.538989514Z | 79 | PC: 12c0b | Find next file |
| 2018-12-25T11:51:33.542496892Z | 61 | PC: 12c23 | Open file (See above) |
| 2018-12-25T11:51:33.550987739Z | 63 | PC: 12c35 | Read file or device (See above) |
| 2018-12-25T11:51:33.559386331Z | 44 | PC: 12c69 | Get time (See above) |
| 2018-12-25T11:51:33.562231104Z | 67 | PC: 12c83 | Get or set file attributes (See above) |
| 2018-12-25T11:51:33.574175281Z | 62 | PC: 12c87 | Close file (See above) |
| 2018-12-25T11:51:33.576912552Z | 61 | PC: 12c8c | Open file (See above) |
| 2018-12-25T11:51:33.584697103Z | 64 | PC: 12c9f | Write file or device (See above) |
| 2018-12-25T11:51:33.588142735Z | 64 | PC: 12cb1 | Write file or device (See above) |
| 2018-12-25T11:51:33.592091268Z | 64 | PC: 12cc6 | Write file or device (See above) |
| 2018-12-25T11:51:33.595265415Z | 66 | PC: 12ccf | Move file pointer (See above) |
| 2018-12-25T11:51:33.597670227Z | 64 | PC: 12a7f | Write file or device (See above) |
| 2018-12-25T11:51:33.609055585Z | 87 | PC: 12ce8 | Get or set file date and time (See above) |
| 2018-12-25T11:51:33.610830269Z | 62 | PC: 12cec | Close file (See above) |
| 2018-12-25T11:51:33.620107447Z | 67 | PC: 12cfd | Get or set file attributes (See above) |
| 2018-12-25T11:51:33.631866145Z | 79 | PC: 12c0b | Find next file (See above) |
| 2018-12-25T11:51:33.6353574Z | 61 | PC: 12c23 | Open file (See above) |
| 2018-12-25T11:51:33.643197703Z | 63 | PC: 12c35 | Read file or device (See above) |
| 2018-12-25T11:51:33.651209813Z | 44 | PC: 12c69 | Get time (See above) |
| 2018-12-25T11:51:33.654257831Z | 67 | PC: 12c83 | Get or set file attributes (See above) |
| 2018-12-25T11:51:33.664660993Z | 62 | PC: 12c87 | Close file (See above) |
| 2018-12-25T11:51:33.666709611Z | 61 | PC: 12c8c | Open file (See above) |
| 2018-12-25T11:51:33.674405113Z | 64 | PC: 12c9f | Write file or device (See above) |
| 2018-12-25T11:51:33.677339173Z | 64 | PC: 12cb1 | Write file or device (See above) |
| 2018-12-25T11:51:33.680920517Z | 64 | PC: 12cc6 | Write file or device (See above) |
| 2018-12-25T11:51:33.6843126Z | 66 | PC: 12ccf | Move file pointer (See above) |
| 2018-12-25T11:51:33.686445613Z | 64 | PC: 12a7f | Write file or device (See above) |
| 2018-12-25T11:51:33.695835368Z | 87 | PC: 12ce8 | Get or set file date and time (See above) |
| 2018-12-25T11:51:33.697898314Z | 62 | PC: 12cec | Close file (See above) |
| 2018-12-25T11:51:33.726310561Z | 67 | PC: 12cfd | Get or set file attributes (See above) |
| 2018-12-25T11:51:33.737702923Z | 42 | PC: 12b50 | Get date 0x12b50: cmp dx, 0x709 0x12b54: je 0x12b59 0x12b56: jmp 0x12d6f 0x12b59: jmp 0x12d03 0x12b5c: and ah, bh 0x12b5e: movsw word ptr es:[di], word ptr [si] 0x12b5f: mov ax, 0x5c4c 0x12b62: add word ptr [di], ax 0x12b64: add byte ptr [di - 0x75], dl 0x12b67: in al, dx 0x12b68: sub sp, 0x2c 0x12b6b: push si 0x12b6c: jmp 0x12bde 0x12b6e: nop 0x12b6f: mov ah, 0x1a 0x12b71: lea dx, word ptr [bp - 0x2c] 0x12b74: int 0x21 0x12b76: mov ah, 0x4e 0x12b78: mov cx, 0x10 0x12b7b: mov dx, 0x19f |
| 2018-12-25T11:51:33.741169788Z | 59 | PC: 12d7a | Change current directory |
| 2018-12-25T11:51:33.745853134Z | 59 | PC: 12d81 | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":4357,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:51:33.443312421Z | 71 | PC: 12b2a | Get current directory |
| 2018-12-25T11:51:33.446829258Z | 59 | PC: 12b35 | Change current directory |
| 2018-12-25T11:51:33.451306218Z | 26 | PC: 12be9 | Set disk transfer address |
| 2018-12-25T11:51:33.452665285Z | 78 | PC: 12bf7 | Find first file |
| 2018-12-25T11:51:33.464186149Z | 61 | PC: 12c23 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:51:33.470839892Z | 63 | PC: 12c35 | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T11:51:33.477353878Z | 44 | PC: 12c69 | Get time 0x12c69: add dl, dh 0x12c6b: je 0x12c65 0x12c6d: mov si, 0x115 0x12c70: add si, word ptr [0x106] 0x12c74: mov byte ptr [si], dl 0x12c76: mov ax, 0x4301 0x12c79: xor cx, cx 0x12c7b: mov dx, si 0x12c7d: add dx, 0xb1 0x12c81: int 0x21 0x12c83: mov ah, 0x3e 0x12c85: int 0x21 0x12c87: mov ax, 0x3d02 0x12c8a: int 0x21 0x12c8c: jb 0x12c44 0x12c8e: mov di, dx 0x12c90: add di, 0x5d 0x12c93: stosw word ptr es:[di], ax 0x12c94: xchg ax, bx 0x12c95: mov ah, 0x40 |
| 2018-12-25T11:51:33.479957011Z | 67 | PC: 12c83 | Get or set file attributes |
| 2018-12-25T11:51:33.495816428Z | 62 | PC: 12c87 | Close file |
| 2018-12-25T11:51:33.49784058Z | 61 | PC: 12c8c | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:51:33.504307457Z | 64 | PC: 12c9f | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:51:33.511629939Z | 64 | PC: 12cb1 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T11:51:33.514335204Z | 64 | PC: 12cc6 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T11:51:33.517121995Z | 66 | PC: 12ccf | Move file pointer |
| 2018-12-25T11:51:33.520164512Z | 64 | PC: 12a7f | Write file or device (Write 1117 bytes on handle 5) |
| 2018-12-25T11:51:33.529879379Z | 87 | PC: 12ce8 | Get or set file date and time |
| 2018-12-25T11:51:33.531419202Z | 62 | PC: 12cec | Close file |
| 2018-12-25T11:51:33.540094466Z | 67 | PC: 12cfd | Get or set file attributes |
| 2018-12-25T11:51:33.550279327Z | 79 | PC: 12c0b | Find next file |
| 2018-12-25T11:51:33.553044532Z | 61 | PC: 12c23 | Open file (See above) |
| 2018-12-25T11:51:33.560713786Z | 63 | PC: 12c35 | Read file or device (See above) |
| 2018-12-25T11:51:33.567022371Z | 44 | PC: 12c69 | Get time (See above) |
| 2018-12-25T11:51:33.569181782Z | 67 | PC: 12c83 | Get or set file attributes (See above) |
| 2018-12-25T11:51:33.588190812Z | 62 | PC: 12c87 | Close file (See above) |
| 2018-12-25T11:51:33.590059525Z | 61 | PC: 12c8c | Open file (See above) |
| 2018-12-25T11:51:33.594649641Z | 64 | PC: 12c9f | Write file or device (See above) |
| 2018-12-25T11:51:33.602482996Z | 64 | PC: 12cb1 | Write file or device (See above) |
| 2018-12-25T11:51:33.605126539Z | 64 | PC: 12cc6 | Write file or device (See above) |
| 2018-12-25T11:51:33.607695179Z | 66 | PC: 12ccf | Move file pointer (See above) |
| 2018-12-25T11:51:33.610064126Z | 64 | PC: 12a7f | Write file or device (See above) |
| 2018-12-25T11:51:33.616829212Z | 87 | PC: 12ce8 | Get or set file date and time (See above) |
| 2018-12-25T11:51:33.618729546Z | 62 | PC: 12cec | Close file (See above) |
| 2018-12-25T11:51:33.626523691Z | 67 | PC: 12cfd | Get or set file attributes (See above) |
| 2018-12-25T11:51:33.634667303Z | 79 | PC: 12c0b | Find next file (See above) |
| 2018-12-25T11:51:33.636540702Z | 61 | PC: 12c23 | Open file (See above) |
| 2018-12-25T11:51:33.640911386Z | 63 | PC: 12c35 | Read file or device (See above) |
| 2018-12-25T11:51:33.645721176Z | 44 | PC: 12c69 | Get time (See above) |
| 2018-12-25T11:51:33.647530353Z | 67 | PC: 12c83 | Get or set file attributes (See above) |
| 2018-12-25T11:51:33.654322354Z | 62 | PC: 12c87 | Close file (See above) |
| 2018-12-25T11:51:33.656524687Z | 61 | PC: 12c8c | Open file (See above) |
| 2018-12-25T11:51:33.663777992Z | 64 | PC: 12c9f | Write file or device (See above) |
| 2018-12-25T11:51:33.670570785Z | 64 | PC: 12cb1 | Write file or device (See above) |
| 2018-12-25T11:51:33.673482401Z | 64 | PC: 12cc6 | Write file or device (See above) |
| 2018-12-25T11:51:33.675903666Z | 66 | PC: 12ccf | Move file pointer (See above) |
| 2018-12-25T11:51:33.677274484Z | 64 | PC: 12a7f | Write file or device (See above) |
| 2018-12-25T11:51:33.684029253Z | 87 | PC: 12ce8 | Get or set file date and time (See above) |
| 2018-12-25T11:51:33.685195177Z | 62 | PC: 12cec | Close file (See above) |
| 2018-12-25T11:51:33.693086802Z | 67 | PC: 12cfd | Get or set file attributes (See above) |
| 2018-12-25T11:51:33.714932496Z | 42 | PC: 12b50 | Get date 0x12b50: cmp dx, 0x709 0x12b54: je 0x12b59 0x12b56: jmp 0x12d6f 0x12b59: jmp 0x12d03 0x12b5c: and ah, bh 0x12b5e: movsw word ptr es:[di], word ptr [si] 0x12b5f: mov ax, 0x5c4c 0x12b62: add word ptr [di], ax 0x12b64: add byte ptr [di - 0x75], dl 0x12b67: in al, dx 0x12b68: sub sp, 0x2c 0x12b6b: push si 0x12b6c: jmp 0x12bde 0x12b6e: nop 0x12b6f: mov ah, 0x1a 0x12b71: lea dx, word ptr [bp - 0x2c] 0x12b74: int 0x21 0x12b76: mov ah, 0x4e 0x12b78: mov cx, 0x10 0x12b7b: mov dx, 0x19f |
| 2018-12-25T11:51:33.716956019Z | 59 | PC: 12d7a | Change current directory |
| 2018-12-25T11:51:33.720728201Z | 59 | PC: 12d81 | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":4357,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:51:33.593243229Z | 71 | PC: 12b2a | Get current directory |
| 2018-12-25T11:51:33.596786774Z | 59 | PC: 12b35 | Change current directory |
| 2018-12-25T11:51:33.610334647Z | 26 | PC: 12be9 | Set disk transfer address |
| 2018-12-25T11:51:33.611750525Z | 78 | PC: 12bf7 | Find first file |
| 2018-12-25T11:51:33.619247111Z | 61 | PC: 12c23 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:51:33.628110938Z | 63 | PC: 12c35 | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T11:51:33.63593358Z | 44 | PC: 12c69 | Get time 0x12c69: add dl, dh 0x12c6b: je 0x12c65 0x12c6d: mov si, 0x115 0x12c70: add si, word ptr [0x106] 0x12c74: mov byte ptr [si], dl 0x12c76: mov ax, 0x4301 0x12c79: xor cx, cx 0x12c7b: mov dx, si 0x12c7d: add dx, 0xb1 0x12c81: int 0x21 0x12c83: mov ah, 0x3e 0x12c85: int 0x21 0x12c87: mov ax, 0x3d02 0x12c8a: int 0x21 0x12c8c: jb 0x12c44 0x12c8e: mov di, dx 0x12c90: add di, 0x5d 0x12c93: stosw word ptr es:[di], ax 0x12c94: xchg ax, bx 0x12c95: mov ah, 0x40 |
| 2018-12-25T11:51:33.638753481Z | 67 | PC: 12c83 | Get or set file attributes |
| 2018-12-25T11:51:33.659451143Z | 62 | PC: 12c87 | Close file |
| 2018-12-25T11:51:33.662606758Z | 61 | PC: 12c8c | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:51:33.670411168Z | 64 | PC: 12c9f | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:51:33.678403802Z | 64 | PC: 12cb1 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T11:51:33.682493581Z | 64 | PC: 12cc6 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T11:51:33.686033104Z | 66 | PC: 12ccf | Move file pointer |
| 2018-12-25T11:51:33.688692588Z | 64 | PC: 12a7f | Write file or device (Write 1117 bytes on handle 5) |
| 2018-12-25T11:51:33.700102444Z | 87 | PC: 12ce8 | Get or set file date and time |
| 2018-12-25T11:51:33.702126402Z | 62 | PC: 12cec | Close file |
| 2018-12-25T11:51:33.712582213Z | 67 | PC: 12cfd | Get or set file attributes |
| 2018-12-25T11:51:33.733747115Z | 79 | PC: 12c0b | Find next file |
| 2018-12-25T11:51:33.744212908Z | 61 | PC: 12c23 | Open file (See above) |
| 2018-12-25T11:51:33.749116672Z | 63 | PC: 12c35 | Read file or device (See above) |
| 2018-12-25T11:51:33.763072361Z | 44 | PC: 12c69 | Get time (See above) |
| 2018-12-25T11:51:33.766231031Z | 67 | PC: 12c83 | Get or set file attributes (See above) |
| 2018-12-25T11:51:33.777775521Z | 62 | PC: 12c87 | Close file (See above) |
| 2018-12-25T11:51:33.780759328Z | 61 | PC: 12c8c | Open file (See above) |
| 2018-12-25T11:51:33.790207259Z | 64 | PC: 12c9f | Write file or device (See above) |
| 2018-12-25T11:51:33.79435707Z | 64 | PC: 12cb1 | Write file or device (See above) |
| 2018-12-25T11:51:33.797968324Z | 64 | PC: 12cc6 | Write file or device (See above) |
| 2018-12-25T11:51:33.803011308Z | 66 | PC: 12ccf | Move file pointer (See above) |
| 2018-12-25T11:51:33.806945338Z | 64 | PC: 12a7f | Write file or device (See above) |
| 2018-12-25T11:51:33.817364147Z | 87 | PC: 12ce8 | Get or set file date and time (See above) |
| 2018-12-25T11:51:33.821937375Z | 62 | PC: 12cec | Close file (See above) |
| 2018-12-25T11:51:33.830997637Z | 67 | PC: 12cfd | Get or set file attributes (See above) |
| 2018-12-25T11:51:33.842342291Z | 79 | PC: 12c0b | Find next file (See above) |
| 2018-12-25T11:51:33.846023524Z | 61 | PC: 12c23 | Open file (See above) |
| 2018-12-25T11:51:33.854064796Z | 63 | PC: 12c35 | Read file or device (See above) |
| 2018-12-25T11:51:33.861391435Z | 44 | PC: 12c69 | Get time (See above) |
| 2018-12-25T11:51:33.863876444Z | 67 | PC: 12c83 | Get or set file attributes (See above) |
| 2018-12-25T11:51:33.876522741Z | 62 | PC: 12c87 | Close file (See above) |
| 2018-12-25T11:51:33.878831856Z | 61 | PC: 12c8c | Open file (See above) |
| 2018-12-25T11:51:33.886398064Z | 64 | PC: 12c9f | Write file or device (See above) |
| 2018-12-25T11:51:33.890049572Z | 64 | PC: 12cb1 | Write file or device (See above) |
| 2018-12-25T11:51:33.892719615Z | 64 | PC: 12cc6 | Write file or device (See above) |
| 2018-12-25T11:51:33.895264417Z | 66 | PC: 12ccf | Move file pointer (See above) |
| 2018-12-25T11:51:33.897640236Z | 64 | PC: 12a7f | Write file or device (See above) |
| 2018-12-25T11:51:33.907961797Z | 87 | PC: 12ce8 | Get or set file date and time (See above) |
| 2018-12-25T11:51:33.909717321Z | 62 | PC: 12cec | Close file (See above) |
| 2018-12-25T11:51:33.918963515Z | 67 | PC: 12cfd | Get or set file attributes (See above) |
| 2018-12-25T11:51:33.930399125Z | 42 | PC: 12b50 | Get date 0x12b50: cmp dx, 0x709 0x12b54: je 0x12b59 0x12b56: jmp 0x12d6f 0x12b59: jmp 0x12d03 0x12b5c: and ah, bh 0x12b5e: movsw word ptr es:[di], word ptr [si] 0x12b5f: mov ax, 0x5c4c 0x12b62: add word ptr [di], ax 0x12b64: add byte ptr [di - 0x75], dl 0x12b67: in al, dx 0x12b68: sub sp, 0x2c 0x12b6b: push si 0x12b6c: jmp 0x12bde 0x12b6e: nop 0x12b6f: mov ah, 0x1a 0x12b71: lea dx, word ptr [bp - 0x2c] 0x12b74: int 0x21 0x12b76: mov ah, 0x4e 0x12b78: mov cx, 0x10 0x12b7b: mov dx, 0x19f |
| 2018-12-25T11:51:33.932623873Z | 59 | PC: 12d7a | Change current directory |
| 2018-12-25T11:51:33.937759721Z | 59 | PC: 12d81 | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":4357,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:51:33.668479775Z | 71 | PC: 12b2a | Get current directory |
| 2018-12-25T11:51:33.672376918Z | 59 | PC: 12b35 | Change current directory |
| 2018-12-25T11:51:33.676420226Z | 26 | PC: 12be9 | Set disk transfer address |
| 2018-12-25T11:51:33.677572363Z | 78 | PC: 12bf7 | Find first file |
| 2018-12-25T11:51:33.68886176Z | 61 | PC: 12c23 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:51:33.700472003Z | 63 | PC: 12c35 | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T11:51:33.707603201Z | 44 | PC: 12c69 | Get time 0x12c69: add dl, dh 0x12c6b: je 0x12c65 0x12c6d: mov si, 0x115 0x12c70: add si, word ptr [0x106] 0x12c74: mov byte ptr [si], dl 0x12c76: mov ax, 0x4301 0x12c79: xor cx, cx 0x12c7b: mov dx, si 0x12c7d: add dx, 0xb1 0x12c81: int 0x21 0x12c83: mov ah, 0x3e 0x12c85: int 0x21 0x12c87: mov ax, 0x3d02 0x12c8a: int 0x21 0x12c8c: jb 0x12c44 0x12c8e: mov di, dx 0x12c90: add di, 0x5d 0x12c93: stosw word ptr es:[di], ax 0x12c94: xchg ax, bx 0x12c95: mov ah, 0x40 |
| 2018-12-25T11:51:33.710400532Z | 67 | PC: 12c83 | Get or set file attributes |
| 2018-12-25T11:51:33.727568011Z | 62 | PC: 12c87 | Close file |
| 2018-12-25T11:51:33.729131746Z | 61 | PC: 12c8c | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:51:33.733354652Z | 64 | PC: 12c9f | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:51:33.736356781Z | 64 | PC: 12cb1 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T11:51:33.739386274Z | 64 | PC: 12cc6 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T11:51:33.741150598Z | 66 | PC: 12ccf | Move file pointer |
| 2018-12-25T11:51:33.74315677Z | 64 | PC: 12a7f | Write file or device (Write 1117 bytes on handle 5) |
| 2018-12-25T11:51:33.749032982Z | 87 | PC: 12ce8 | Get or set file date and time |
| 2018-12-25T11:51:33.7504882Z | 62 | PC: 12cec | Close file |
| 2018-12-25T11:51:33.75849261Z | 67 | PC: 12cfd | Get or set file attributes |
| 2018-12-25T11:51:33.768461372Z | 79 | PC: 12c0b | Find next file |
| 2018-12-25T11:51:33.771036311Z | 61 | PC: 12c23 | Open file (See above) |
| 2018-12-25T11:51:33.786331781Z | 63 | PC: 12c35 | Read file or device (See above) |
| 2018-12-25T11:51:33.792776907Z | 44 | PC: 12c69 | Get time (See above) |
| 2018-12-25T11:51:33.794881729Z | 67 | PC: 12c83 | Get or set file attributes (See above) |
| 2018-12-25T11:51:33.805918158Z | 62 | PC: 12c87 | Close file (See above) |
| 2018-12-25T11:51:33.807804852Z | 61 | PC: 12c8c | Open file (See above) |
| 2018-12-25T11:51:33.81433922Z | 64 | PC: 12c9f | Write file or device (See above) |
| 2018-12-25T11:51:33.816533354Z | 64 | PC: 12cb1 | Write file or device (See above) |
| 2018-12-25T11:51:33.81922555Z | 64 | PC: 12cc6 | Write file or device (See above) |
| 2018-12-25T11:51:33.821494391Z | 66 | PC: 12ccf | Move file pointer (See above) |
| 2018-12-25T11:51:33.823158338Z | 64 | PC: 12a7f | Write file or device (See above) |
| 2018-12-25T11:51:33.831934429Z | 87 | PC: 12ce8 | Get or set file date and time (See above) |
| 2018-12-25T11:51:33.833122542Z | 62 | PC: 12cec | Close file (See above) |
| 2018-12-25T11:51:33.840404793Z | 67 | PC: 12cfd | Get or set file attributes (See above) |
| 2018-12-25T11:51:33.850661449Z | 79 | PC: 12c0b | Find next file (See above) |
| 2018-12-25T11:51:33.853429719Z | 61 | PC: 12c23 | Open file (See above) |
| 2018-12-25T11:51:33.85990289Z | 63 | PC: 12c35 | Read file or device (See above) |
| 2018-12-25T11:51:33.866891153Z | 44 | PC: 12c69 | Get time (See above) |
| 2018-12-25T11:51:33.869132061Z | 67 | PC: 12c83 | Get or set file attributes (See above) |
| 2018-12-25T11:51:33.878960607Z | 62 | PC: 12c87 | Close file (See above) |
| 2018-12-25T11:51:33.881340874Z | 61 | PC: 12c8c | Open file (See above) |
| 2018-12-25T11:51:33.888021887Z | 64 | PC: 12c9f | Write file or device (See above) |
| 2018-12-25T11:51:33.890933848Z | 64 | PC: 12cb1 | Write file or device (See above) |
| 2018-12-25T11:51:33.894441337Z | 64 | PC: 12cc6 | Write file or device (See above) |
| 2018-12-25T11:51:33.89718795Z | 66 | PC: 12ccf | Move file pointer (See above) |
| 2018-12-25T11:51:33.899197384Z | 64 | PC: 12a7f | Write file or device (See above) |
| 2018-12-25T11:51:33.90927338Z | 87 | PC: 12ce8 | Get or set file date and time (See above) |
| 2018-12-25T11:51:33.910982997Z | 62 | PC: 12cec | Close file (See above) |
| 2018-12-25T11:51:33.925009435Z | 67 | PC: 12cfd | Get or set file attributes (See above) |
| 2018-12-25T11:51:33.935717129Z | 42 | PC: 12b50 | Get date 0x12b50: cmp dx, 0x709 0x12b54: je 0x12b59 0x12b56: jmp 0x12d6f 0x12b59: jmp 0x12d03 0x12b5c: and ah, bh 0x12b5e: movsw word ptr es:[di], word ptr [si] 0x12b5f: mov ax, 0x5c4c 0x12b62: add word ptr [di], ax 0x12b64: add byte ptr [di - 0x75], dl 0x12b67: in al, dx 0x12b68: sub sp, 0x2c 0x12b6b: push si 0x12b6c: jmp 0x12bde 0x12b6e: nop 0x12b6f: mov ah, 0x1a 0x12b71: lea dx, word ptr [bp - 0x2c] 0x12b74: int 0x21 0x12b76: mov ah, 0x4e 0x12b78: mov cx, 0x10 0x12b7b: mov dx, 0x19f |
| 2018-12-25T11:51:33.938458294Z | 59 | PC: 12d7a | Change current directory |
| 2018-12-25T11:51:33.942545753Z | 59 | PC: 12d81 | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":4357,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:51:33.712816105Z | 71 | PC: 12b2a | Get current directory |
| 2018-12-25T11:51:33.714943194Z | 59 | PC: 12b35 | Change current directory |
| 2018-12-25T11:51:33.717726528Z | 26 | PC: 12be9 | Set disk transfer address |
| 2018-12-25T11:51:33.719211678Z | 78 | PC: 12bf7 | Find first file |
| 2018-12-25T11:51:33.726674894Z | 61 | PC: 12c23 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:51:33.739800047Z | 63 | PC: 12c35 | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T11:51:33.748365542Z | 44 | PC: 12c69 | Get time 0x12c69: add dl, dh 0x12c6b: je 0x12c65 0x12c6d: mov si, 0x115 0x12c70: add si, word ptr [0x106] 0x12c74: mov byte ptr [si], dl 0x12c76: mov ax, 0x4301 0x12c79: xor cx, cx 0x12c7b: mov dx, si 0x12c7d: add dx, 0xb1 0x12c81: int 0x21 0x12c83: mov ah, 0x3e 0x12c85: int 0x21 0x12c87: mov ax, 0x3d02 0x12c8a: int 0x21 0x12c8c: jb 0x12c44 0x12c8e: mov di, dx 0x12c90: add di, 0x5d 0x12c93: stosw word ptr es:[di], ax 0x12c94: xchg ax, bx 0x12c95: mov ah, 0x40 |
| 2018-12-25T11:51:33.751185921Z | 67 | PC: 12c83 | Get or set file attributes |
| 2018-12-25T11:51:33.769358948Z | 62 | PC: 12c87 | Close file |
| 2018-12-25T11:51:33.771499813Z | 61 | PC: 12c8c | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:51:33.782567658Z | 64 | PC: 12c9f | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:51:33.785697426Z | 64 | PC: 12cb1 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T11:51:33.78913844Z | 64 | PC: 12cc6 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T11:51:33.792211775Z | 66 | PC: 12ccf | Move file pointer |
| 2018-12-25T11:51:33.794167008Z | 64 | PC: 12a7f | Write file or device (Write 1117 bytes on handle 5) |
| 2018-12-25T11:51:33.810317684Z | 87 | PC: 12ce8 | Get or set file date and time |
| 2018-12-25T11:51:33.813353329Z | 62 | PC: 12cec | Close file |
| 2018-12-25T11:51:33.822230576Z | 67 | PC: 12cfd | Get or set file attributes |
| 2018-12-25T11:51:33.836302913Z | 79 | PC: 12c0b | Find next file |
| 2018-12-25T11:51:33.840152775Z | 61 | PC: 12c23 | Open file (See above) |
| 2018-12-25T11:51:33.84478828Z | 63 | PC: 12c35 | Read file or device (See above) |
| 2018-12-25T11:51:33.850422023Z | 44 | PC: 12c69 | Get time (See above) |
| 2018-12-25T11:51:33.852806693Z | 67 | PC: 12c83 | Get or set file attributes (See above) |
| 2018-12-25T11:51:33.861112953Z | 62 | PC: 12c87 | Close file (See above) |
| 2018-12-25T11:51:33.862536261Z | 61 | PC: 12c8c | Open file (See above) |
| 2018-12-25T11:51:33.867756643Z | 64 | PC: 12c9f | Write file or device (See above) |
| 2018-12-25T11:51:33.870300581Z | 64 | PC: 12cb1 | Write file or device (See above) |
| 2018-12-25T11:51:33.872419698Z | 64 | PC: 12cc6 | Write file or device (See above) |
| 2018-12-25T11:51:33.875042137Z | 66 | PC: 12ccf | Move file pointer (See above) |
| 2018-12-25T11:51:33.876653324Z | 64 | PC: 12a7f | Write file or device (See above) |
| 2018-12-25T11:51:33.882624799Z | 87 | PC: 12ce8 | Get or set file date and time (See above) |
| 2018-12-25T11:51:33.890030431Z | 62 | PC: 12cec | Close file (See above) |
| 2018-12-25T11:51:33.899045509Z | 67 | PC: 12cfd | Get or set file attributes (See above) |
| 2018-12-25T11:51:33.905913639Z | 79 | PC: 12c0b | Find next file (See above) |
| 2018-12-25T11:51:33.908784868Z | 61 | PC: 12c23 | Open file (See above) |
| 2018-12-25T11:51:33.918777306Z | 63 | PC: 12c35 | Read file or device (See above) |
| 2018-12-25T11:51:33.926436518Z | 44 | PC: 12c69 | Get time (See above) |
| 2018-12-25T11:51:33.92950638Z | 67 | PC: 12c83 | Get or set file attributes (See above) |
| 2018-12-25T11:51:33.937683182Z | 62 | PC: 12c87 | Close file (See above) |
| 2018-12-25T11:51:33.939126254Z | 61 | PC: 12c8c | Open file (See above) |
| 2018-12-25T11:51:33.944469524Z | 64 | PC: 12c9f | Write file or device (See above) |
| 2018-12-25T11:51:33.947336561Z | 64 | PC: 12cb1 | Write file or device (See above) |
| 2018-12-25T11:51:33.950510503Z | 64 | PC: 12cc6 | Write file or device (See above) |
| 2018-12-25T11:51:33.953436114Z | 66 | PC: 12ccf | Move file pointer (See above) |
| 2018-12-25T11:51:33.956063239Z | 64 | PC: 12a7f | Write file or device (See above) |
| 2018-12-25T11:51:33.9640351Z | 87 | PC: 12ce8 | Get or set file date and time (See above) |
| 2018-12-25T11:51:33.965984342Z | 62 | PC: 12cec | Close file (See above) |
| 2018-12-25T11:51:33.972972684Z | 67 | PC: 12cfd | Get or set file attributes (See above) |
| 2018-12-25T11:51:33.980498403Z | 42 | PC: 12b50 | Get date 0x12b50: cmp dx, 0x709 0x12b54: je 0x12b59 0x12b56: jmp 0x12d6f 0x12b59: jmp 0x12d03 0x12b5c: and ah, bh 0x12b5e: movsw word ptr es:[di], word ptr [si] 0x12b5f: mov ax, 0x5c4c 0x12b62: add word ptr [di], ax 0x12b64: add byte ptr [di - 0x75], dl 0x12b67: in al, dx 0x12b68: sub sp, 0x2c 0x12b6b: push si 0x12b6c: jmp 0x12bde 0x12b6e: nop 0x12b6f: mov ah, 0x1a 0x12b71: lea dx, word ptr [bp - 0x2c] 0x12b74: int 0x21 0x12b76: mov ah, 0x4e 0x12b78: mov cx, 0x10 0x12b7b: mov dx, 0x19f |
| 2018-12-25T11:51:33.982384683Z | 59 | PC: 12d7a | Change current directory |
| 2018-12-25T11:51:33.986172872Z | 59 | PC: 12d81 | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":4357,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:51:33.936624274Z | 71 | PC: 12b2a | Get current directory |
| 2018-12-25T11:51:33.9403612Z | 59 | PC: 12b35 | Change current directory |
| 2018-12-25T11:51:33.944707132Z | 26 | PC: 12be9 | Set disk transfer address |
| 2018-12-25T11:51:33.946115021Z | 78 | PC: 12bf7 | Find first file |
| 2018-12-25T11:51:33.953073194Z | 61 | PC: 12c23 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:51:33.966104844Z | 63 | PC: 12c35 | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T11:51:33.972462208Z | 44 | PC: 12c69 | Get time 0x12c69: add dl, dh 0x12c6b: je 0x12c65 0x12c6d: mov si, 0x115 0x12c70: add si, word ptr [0x106] 0x12c74: mov byte ptr [si], dl 0x12c76: mov ax, 0x4301 0x12c79: xor cx, cx 0x12c7b: mov dx, si 0x12c7d: add dx, 0xb1 0x12c81: int 0x21 0x12c83: mov ah, 0x3e 0x12c85: int 0x21 0x12c87: mov ax, 0x3d02 0x12c8a: int 0x21 0x12c8c: jb 0x12c44 0x12c8e: mov di, dx 0x12c90: add di, 0x5d 0x12c93: stosw word ptr es:[di], ax 0x12c94: xchg ax, bx 0x12c95: mov ah, 0x40 |
| 2018-12-25T11:51:33.975322496Z | 67 | PC: 12c83 | Get or set file attributes |
| 2018-12-25T11:51:34.004090784Z | 62 | PC: 12c87 | Close file |
| 2018-12-25T11:51:34.006614345Z | 61 | PC: 12c8c | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:51:34.013333258Z | 64 | PC: 12c9f | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:51:34.020384894Z | 64 | PC: 12cb1 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T11:51:34.022922298Z | 64 | PC: 12cc6 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T11:51:34.025465233Z | 66 | PC: 12ccf | Move file pointer |
| 2018-12-25T11:51:34.027800884Z | 64 | PC: 12a7f | Write file or device (Write 1117 bytes on handle 5) |
| 2018-12-25T11:51:34.036704428Z | 87 | PC: 12ce8 | Get or set file date and time |
| 2018-12-25T11:51:34.038382569Z | 62 | PC: 12cec | Close file |
| 2018-12-25T11:51:34.052206524Z | 67 | PC: 12cfd | Get or set file attributes |
| 2018-12-25T11:51:34.062911294Z | 79 | PC: 12c0b | Find next file |
| 2018-12-25T11:51:34.06590381Z | 61 | PC: 12c23 | Open file (See above) |
| 2018-12-25T11:51:34.073193945Z | 63 | PC: 12c35 | Read file or device (See above) |
| 2018-12-25T11:51:34.079927384Z | 44 | PC: 12c69 | Get time (See above) |
| 2018-12-25T11:51:34.082153693Z | 67 | PC: 12c83 | Get or set file attributes (See above) |
| 2018-12-25T11:51:34.092739605Z | 62 | PC: 12c87 | Close file (See above) |
| 2018-12-25T11:51:34.094933666Z | 61 | PC: 12c8c | Open file (See above) |
| 2018-12-25T11:51:34.101795911Z | 64 | PC: 12c9f | Write file or device (See above) |
| 2018-12-25T11:51:34.105817468Z | 64 | PC: 12cb1 | Write file or device (See above) |
| 2018-12-25T11:51:34.108845253Z | 64 | PC: 12cc6 | Write file or device (See above) |
| 2018-12-25T11:51:34.112270105Z | 66 | PC: 12ccf | Move file pointer (See above) |
| 2018-12-25T11:51:34.114857779Z | 64 | PC: 12a7f | Write file or device (See above) |
| 2018-12-25T11:51:34.124267793Z | 87 | PC: 12ce8 | Get or set file date and time (See above) |
| 2018-12-25T11:51:34.125767708Z | 62 | PC: 12cec | Close file (See above) |
| 2018-12-25T11:51:34.13370034Z | 67 | PC: 12cfd | Get or set file attributes (See above) |
| 2018-12-25T11:51:34.143558704Z | 79 | PC: 12c0b | Find next file (See above) |
| 2018-12-25T11:51:34.146063962Z | 61 | PC: 12c23 | Open file (See above) |
| 2018-12-25T11:51:34.152760783Z | 63 | PC: 12c35 | Read file or device (See above) |
| 2018-12-25T11:51:34.1595735Z | 44 | PC: 12c69 | Get time (See above) |
| 2018-12-25T11:51:34.162123461Z | 67 | PC: 12c83 | Get or set file attributes (See above) |
| 2018-12-25T11:51:34.17179492Z | 62 | PC: 12c87 | Close file (See above) |
| 2018-12-25T11:51:34.174546564Z | 61 | PC: 12c8c | Open file (See above) |
| 2018-12-25T11:51:34.180980522Z | 64 | PC: 12c9f | Write file or device (See above) |
| 2018-12-25T11:51:34.183667956Z | 64 | PC: 12cb1 | Write file or device (See above) |
| 2018-12-25T11:51:34.187090836Z | 64 | PC: 12cc6 | Write file or device (See above) |
| 2018-12-25T11:51:34.190403439Z | 66 | PC: 12ccf | Move file pointer (See above) |
| 2018-12-25T11:51:34.192148791Z | 64 | PC: 12a7f | Write file or device (See above) |
| 2018-12-25T11:51:34.202019979Z | 87 | PC: 12ce8 | Get or set file date and time (See above) |
| 2018-12-25T11:51:34.203812448Z | 62 | PC: 12cec | Close file (See above) |
| 2018-12-25T11:51:34.211411366Z | 67 | PC: 12cfd | Get or set file attributes (See above) |
| 2018-12-25T11:51:34.222159642Z | 42 | PC: 12b50 | Get date 0x12b50: cmp dx, 0x709 0x12b54: je 0x12b59 0x12b56: jmp 0x12d6f 0x12b59: jmp 0x12d03 0x12b5c: and ah, bh 0x12b5e: movsw word ptr es:[di], word ptr [si] 0x12b5f: mov ax, 0x5c4c 0x12b62: add word ptr [di], ax 0x12b64: add byte ptr [di - 0x75], dl 0x12b67: in al, dx 0x12b68: sub sp, 0x2c 0x12b6b: push si 0x12b6c: jmp 0x12bde 0x12b6e: nop 0x12b6f: mov ah, 0x1a 0x12b71: lea dx, word ptr [bp - 0x2c] 0x12b74: int 0x21 0x12b76: mov ah, 0x4e 0x12b78: mov cx, 0x10 0x12b7b: mov dx, 0x19f |
| 2018-12-25T11:51:34.22455015Z | 59 | PC: 12d7a | Change current directory |
| 2018-12-25T11:51:34.228789781Z | 59 | PC: 12d81 | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":4357,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:51:34.143801555Z | 71 | PC: 12b2a | Get current directory |
| 2018-12-25T11:51:34.147935849Z | 59 | PC: 12b35 | Change current directory |
| 2018-12-25T11:51:34.15222174Z | 26 | PC: 12be9 | Set disk transfer address |
| 2018-12-25T11:51:34.153470034Z | 78 | PC: 12bf7 | Find first file |
| 2018-12-25T11:51:34.160147868Z | 61 | PC: 12c23 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:51:34.166464836Z | 63 | PC: 12c35 | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T11:51:34.172646301Z | 44 | PC: 12c69 | Get time 0x12c69: add dl, dh 0x12c6b: je 0x12c65 0x12c6d: mov si, 0x115 0x12c70: add si, word ptr [0x106] 0x12c74: mov byte ptr [si], dl 0x12c76: mov ax, 0x4301 0x12c79: xor cx, cx 0x12c7b: mov dx, si 0x12c7d: add dx, 0xb1 0x12c81: int 0x21 0x12c83: mov ah, 0x3e 0x12c85: int 0x21 0x12c87: mov ax, 0x3d02 0x12c8a: int 0x21 0x12c8c: jb 0x12c44 0x12c8e: mov di, dx 0x12c90: add di, 0x5d 0x12c93: stosw word ptr es:[di], ax 0x12c94: xchg ax, bx 0x12c95: mov ah, 0x40 |
| 2018-12-25T11:51:34.182259493Z | 67 | PC: 12c83 | Get or set file attributes |
| 2018-12-25T11:51:34.199828866Z | 62 | PC: 12c87 | Close file |
| 2018-12-25T11:51:34.201925302Z | 61 | PC: 12c8c | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:51:34.214149287Z | 64 | PC: 12c9f | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:51:34.221224569Z | 64 | PC: 12cb1 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T11:51:34.224026019Z | 64 | PC: 12cc6 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T11:51:34.227035138Z | 66 | PC: 12ccf | Move file pointer |
| 2018-12-25T11:51:34.229326632Z | 64 | PC: 12a7f | Write file or device (Write 1117 bytes on handle 5) |
| 2018-12-25T11:51:34.238564106Z | 87 | PC: 12ce8 | Get or set file date and time |
| 2018-12-25T11:51:34.240300877Z | 62 | PC: 12cec | Close file |
| 2018-12-25T11:51:34.248123039Z | 67 | PC: 12cfd | Get or set file attributes |
| 2018-12-25T11:51:34.254255717Z | 79 | PC: 12c0b | Find next file |
| 2018-12-25T11:51:34.255972278Z | 61 | PC: 12c23 | Open file (See above) |
| 2018-12-25T11:51:34.260577409Z | 63 | PC: 12c35 | Read file or device (See above) |
| 2018-12-25T11:51:34.26456614Z | 44 | PC: 12c69 | Get time (See above) |
| 2018-12-25T11:51:34.266312016Z | 67 | PC: 12c83 | Get or set file attributes (See above) |
| 2018-12-25T11:51:34.272988207Z | 62 | PC: 12c87 | Close file (See above) |
| 2018-12-25T11:51:34.274618629Z | 61 | PC: 12c8c | Open file (See above) |
| 2018-12-25T11:51:34.281724651Z | 64 | PC: 12c9f | Write file or device (See above) |
| 2018-12-25T11:51:34.286444794Z | 64 | PC: 12cb1 | Write file or device (See above) |
| 2018-12-25T11:51:34.28835796Z | 64 | PC: 12cc6 | Write file or device (See above) |
| 2018-12-25T11:51:34.290139465Z | 66 | PC: 12ccf | Move file pointer (See above) |
| 2018-12-25T11:51:34.291990508Z | 64 | PC: 12a7f | Write file or device (See above) |
| 2018-12-25T11:51:34.297751313Z | 87 | PC: 12ce8 | Get or set file date and time (See above) |
| 2018-12-25T11:51:34.298974273Z | 62 | PC: 12cec | Close file (See above) |
| 2018-12-25T11:51:34.323448452Z | 67 | PC: 12cfd | Get or set file attributes (See above) |
| 2018-12-25T11:51:34.333651911Z | 79 | PC: 12c0b | Find next file (See above) |
| 2018-12-25T11:51:34.336650176Z | 61 | PC: 12c23 | Open file (See above) |
| 2018-12-25T11:51:34.343761102Z | 63 | PC: 12c35 | Read file or device (See above) |
| 2018-12-25T11:51:34.350560699Z | 44 | PC: 12c69 | Get time (See above) |
| 2018-12-25T11:51:34.352652854Z | 67 | PC: 12c83 | Get or set file attributes (See above) |
| 2018-12-25T11:51:34.364016179Z | 62 | PC: 12c87 | Close file (See above) |
| 2018-12-25T11:51:34.365835983Z | 61 | PC: 12c8c | Open file (See above) |
| 2018-12-25T11:51:34.372367304Z | 64 | PC: 12c9f | Write file or device (See above) |
| 2018-12-25T11:51:34.382700843Z | 64 | PC: 12cb1 | Write file or device (See above) |
| 2018-12-25T11:51:34.3853937Z | 64 | PC: 12cc6 | Write file or device (See above) |
| 2018-12-25T11:51:34.387973727Z | 66 | PC: 12ccf | Move file pointer (See above) |
| 2018-12-25T11:51:34.390020908Z | 64 | PC: 12a7f | Write file or device (See above) |
| 2018-12-25T11:51:34.399591971Z | 87 | PC: 12ce8 | Get or set file date and time (See above) |
| 2018-12-25T11:51:34.401106299Z | 62 | PC: 12cec | Close file (See above) |
| 2018-12-25T11:51:34.408598387Z | 67 | PC: 12cfd | Get or set file attributes (See above) |
| 2018-12-25T11:51:34.419767234Z | 42 | PC: 12b50 | Get date 0x12b50: cmp dx, 0x709 0x12b54: je 0x12b59 0x12b56: jmp 0x12d6f 0x12b59: jmp 0x12d03 0x12b5c: and ah, bh 0x12b5e: movsw word ptr es:[di], word ptr [si] 0x12b5f: mov ax, 0x5c4c 0x12b62: add word ptr [di], ax 0x12b64: add byte ptr [di - 0x75], dl 0x12b67: in al, dx 0x12b68: sub sp, 0x2c 0x12b6b: push si 0x12b6c: jmp 0x12bde 0x12b6e: nop 0x12b6f: mov ah, 0x1a 0x12b71: lea dx, word ptr [bp - 0x2c] 0x12b74: int 0x21 0x12b76: mov ah, 0x4e 0x12b78: mov cx, 0x10 0x12b7b: mov dx, 0x19f |
| 2018-12-25T11:51:34.422060008Z | 59 | PC: 12d7a | Change current directory |
| 2018-12-25T11:51:34.426168905Z | 59 | PC: 12d81 | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":4357,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:51:35.275136023Z | 71 | PC: 12b2a | Get current directory |
| 2018-12-25T11:51:35.278959305Z | 59 | PC: 12b35 | Change current directory |
| 2018-12-25T11:51:35.284376173Z | 26 | PC: 12be9 | Set disk transfer address |
| 2018-12-25T11:51:35.285972807Z | 78 | PC: 12bf7 | Find first file |
| 2018-12-25T11:51:35.298672795Z | 61 | PC: 12c23 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:51:35.312540518Z | 63 | PC: 12c35 | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T11:51:35.319702496Z | 44 | PC: 12c69 | Get time 0x12c69: add dl, dh 0x12c6b: je 0x12c65 0x12c6d: mov si, 0x115 0x12c70: add si, word ptr [0x106] 0x12c74: mov byte ptr [si], dl 0x12c76: mov ax, 0x4301 0x12c79: xor cx, cx 0x12c7b: mov dx, si 0x12c7d: add dx, 0xb1 0x12c81: int 0x21 0x12c83: mov ah, 0x3e 0x12c85: int 0x21 0x12c87: mov ax, 0x3d02 0x12c8a: int 0x21 0x12c8c: jb 0x12c44 0x12c8e: mov di, dx 0x12c90: add di, 0x5d 0x12c93: stosw word ptr es:[di], ax 0x12c94: xchg ax, bx 0x12c95: mov ah, 0x40 |
| 2018-12-25T11:51:35.322149335Z | 67 | PC: 12c83 | Get or set file attributes |
| 2018-12-25T11:51:35.338942717Z | 62 | PC: 12c87 | Close file |
| 2018-12-25T11:51:35.341014533Z | 61 | PC: 12c8c | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:51:35.348724843Z | 64 | PC: 12c9f | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:51:35.353407301Z | 64 | PC: 12cb1 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T11:51:35.356513907Z | 64 | PC: 12cc6 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T11:51:35.359815894Z | 66 | PC: 12ccf | Move file pointer |
| 2018-12-25T11:51:35.363119484Z | 64 | PC: 12a7f | Write file or device (Write 1117 bytes on handle 5) |
| 2018-12-25T11:51:35.373445501Z | 87 | PC: 12ce8 | Get or set file date and time |
| 2018-12-25T11:51:35.375215072Z | 62 | PC: 12cec | Close file |
| 2018-12-25T11:51:35.384823746Z | 67 | PC: 12cfd | Get or set file attributes |
| 2018-12-25T11:51:35.396721261Z | 79 | PC: 12c0b | Find next file |
| 2018-12-25T11:51:35.399765758Z | 61 | PC: 12c23 | Open file (See above) |
| 2018-12-25T11:51:35.40716455Z | 63 | PC: 12c35 | Read file or device (See above) |
| 2018-12-25T11:51:35.415294628Z | 44 | PC: 12c69 | Get time (See above) |
| 2018-12-25T11:51:35.417727277Z | 67 | PC: 12c83 | Get or set file attributes (See above) |
| 2018-12-25T11:51:35.428859088Z | 62 | PC: 12c87 | Close file (See above) |
| 2018-12-25T11:51:35.431935451Z | 61 | PC: 12c8c | Open file (See above) |
| 2018-12-25T11:51:35.439406156Z | 64 | PC: 12c9f | Write file or device (See above) |
| 2018-12-25T11:51:35.442530806Z | 64 | PC: 12cb1 | Write file or device (See above) |
| 2018-12-25T11:51:35.447244736Z | 64 | PC: 12cc6 | Write file or device (See above) |
| 2018-12-25T11:51:35.450482881Z | 66 | PC: 12ccf | Move file pointer (See above) |
| 2018-12-25T11:51:35.452905446Z | 64 | PC: 12a7f | Write file or device (See above) |
| 2018-12-25T11:51:35.463616816Z | 87 | PC: 12ce8 | Get or set file date and time (See above) |
| 2018-12-25T11:51:35.466492684Z | 62 | PC: 12cec | Close file (See above) |
| 2018-12-25T11:51:35.475540983Z | 67 | PC: 12cfd | Get or set file attributes (See above) |
| 2018-12-25T11:51:35.486868603Z | 79 | PC: 12c0b | Find next file (See above) |
| 2018-12-25T11:51:35.494053547Z | 61 | PC: 12c23 | Open file (See above) |
| 2018-12-25T11:51:35.502697162Z | 63 | PC: 12c35 | Read file or device (See above) |
| 2018-12-25T11:51:35.510009068Z | 44 | PC: 12c69 | Get time (See above) |
| 2018-12-25T11:51:35.514003256Z | 67 | PC: 12c83 | Get or set file attributes (See above) |
| 2018-12-25T11:51:35.528266745Z | 62 | PC: 12c87 | Close file (See above) |
| 2018-12-25T11:51:35.53030717Z | 61 | PC: 12c8c | Open file (See above) |
| 2018-12-25T11:51:35.538909457Z | 64 | PC: 12c9f | Write file or device (See above) |
| 2018-12-25T11:51:35.542420249Z | 64 | PC: 12cb1 | Write file or device (See above) |
| 2018-12-25T11:51:35.545786918Z | 64 | PC: 12cc6 | Write file or device (See above) |
| 2018-12-25T11:51:35.550023112Z | 66 | PC: 12ccf | Move file pointer (See above) |
| 2018-12-25T11:51:35.552237003Z | 64 | PC: 12a7f | Write file or device (See above) |
| 2018-12-25T11:51:35.563633506Z | 87 | PC: 12ce8 | Get or set file date and time (See above) |
| 2018-12-25T11:51:35.566149431Z | 62 | PC: 12cec | Close file (See above) |
| 2018-12-25T11:51:35.57592099Z | 67 | PC: 12cfd | Get or set file attributes (See above) |
| 2018-12-25T11:51:35.588657326Z | 42 | PC: 12b50 | Get date 0x12b50: cmp dx, 0x709 0x12b54: je 0x12b59 0x12b56: jmp 0x12d6f 0x12b59: jmp 0x12d03 0x12b5c: and ah, bh 0x12b5e: movsw word ptr es:[di], word ptr [si] 0x12b5f: mov ax, 0x5c4c 0x12b62: add word ptr [di], ax 0x12b64: add byte ptr [di - 0x75], dl 0x12b67: in al, dx 0x12b68: sub sp, 0x2c 0x12b6b: push si 0x12b6c: jmp 0x12bde 0x12b6e: nop 0x12b6f: mov ah, 0x1a 0x12b71: lea dx, word ptr [bp - 0x2c] 0x12b74: int 0x21 0x12b76: mov ah, 0x4e 0x12b78: mov cx, 0x10 0x12b7b: mov dx, 0x19f |
| 2018-12-25T11:51:35.591590579Z | 59 | PC: 12d7a | Change current directory |
| 2018-12-25T11:51:35.59737489Z | 59 | PC: 12d81 | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":4357,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:51:35.534084485Z | 71 | PC: 12b2a | Get current directory |
| 2018-12-25T11:51:35.537907628Z | 59 | PC: 12b35 | Change current directory |
| 2018-12-25T11:51:35.542747321Z | 26 | PC: 12be9 | Set disk transfer address |
| 2018-12-25T11:51:35.544122559Z | 78 | PC: 12bf7 | Find first file |
| 2018-12-25T11:51:35.557480253Z | 61 | PC: 12c23 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:51:35.565538551Z | 63 | PC: 12c35 | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T11:51:35.574548738Z | 44 | PC: 12c69 | Get time 0x12c69: add dl, dh 0x12c6b: je 0x12c65 0x12c6d: mov si, 0x115 0x12c70: add si, word ptr [0x106] 0x12c74: mov byte ptr [si], dl 0x12c76: mov ax, 0x4301 0x12c79: xor cx, cx 0x12c7b: mov dx, si 0x12c7d: add dx, 0xb1 0x12c81: int 0x21 0x12c83: mov ah, 0x3e 0x12c85: int 0x21 0x12c87: mov ax, 0x3d02 0x12c8a: int 0x21 0x12c8c: jb 0x12c44 0x12c8e: mov di, dx 0x12c90: add di, 0x5d 0x12c93: stosw word ptr es:[di], ax 0x12c94: xchg ax, bx 0x12c95: mov ah, 0x40 |
| 2018-12-25T11:51:35.577659427Z | 67 | PC: 12c83 | Get or set file attributes |
| 2018-12-25T11:51:35.596198683Z | 62 | PC: 12c87 | Close file |
| 2018-12-25T11:51:35.598664282Z | 61 | PC: 12c8c | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:51:35.607228864Z | 64 | PC: 12c9f | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:51:35.611085172Z | 64 | PC: 12cb1 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T11:51:35.614412182Z | 64 | PC: 12cc6 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T11:51:35.617606639Z | 66 | PC: 12ccf | Move file pointer |
| 2018-12-25T11:51:35.620576399Z | 64 | PC: 12a7f | Write file or device (Write 1117 bytes on handle 5) |
| 2018-12-25T11:51:35.631526224Z | 87 | PC: 12ce8 | Get or set file date and time |
| 2018-12-25T11:51:35.633634079Z | 62 | PC: 12cec | Close file |
| 2018-12-25T11:51:35.644110518Z | 67 | PC: 12cfd | Get or set file attributes |
| 2018-12-25T11:51:35.656008229Z | 79 | PC: 12c0b | Find next file |
| 2018-12-25T11:51:35.659259824Z | 61 | PC: 12c23 | Open file (See above) |
| 2018-12-25T11:51:35.667672754Z | 63 | PC: 12c35 | Read file or device (See above) |
| 2018-12-25T11:51:35.674991354Z | 44 | PC: 12c69 | Get time (See above) |
| 2018-12-25T11:51:35.677398504Z | 67 | PC: 12c83 | Get or set file attributes (See above) |
| 2018-12-25T11:51:35.689658349Z | 62 | PC: 12c87 | Close file (See above) |
| 2018-12-25T11:51:35.692484947Z | 61 | PC: 12c8c | Open file (See above) |
| 2018-12-25T11:51:35.699908837Z | 64 | PC: 12c9f | Write file or device (See above) |
| 2018-12-25T11:51:35.703813454Z | 64 | PC: 12cb1 | Write file or device (See above) |
| 2018-12-25T11:51:35.706732611Z | 64 | PC: 12cc6 | Write file or device (See above) |
| 2018-12-25T11:51:35.709562434Z | 66 | PC: 12ccf | Move file pointer (See above) |
| 2018-12-25T11:51:35.711535994Z | 64 | PC: 12a7f | Write file or device (See above) |
| 2018-12-25T11:51:35.722376323Z | 87 | PC: 12ce8 | Get or set file date and time (See above) |
| 2018-12-25T11:51:35.724478397Z | 62 | PC: 12cec | Close file (See above) |
| 2018-12-25T11:51:35.736588155Z | 67 | PC: 12cfd | Get or set file attributes (See above) |
| 2018-12-25T11:51:35.748680584Z | 79 | PC: 12c0b | Find next file (See above) |
| 2018-12-25T11:51:35.75165911Z | 61 | PC: 12c23 | Open file (See above) |
| 2018-12-25T11:51:35.75967022Z | 63 | PC: 12c35 | Read file or device (See above) |
| 2018-12-25T11:51:35.767400439Z | 44 | PC: 12c69 | Get time (See above) |
| 2018-12-25T11:51:35.769774068Z | 67 | PC: 12c83 | Get or set file attributes (See above) |
| 2018-12-25T11:51:35.780725841Z | 62 | PC: 12c87 | Close file (See above) |
| 2018-12-25T11:51:35.783662403Z | 61 | PC: 12c8c | Open file (See above) |
| 2018-12-25T11:51:35.790930705Z | 64 | PC: 12c9f | Write file or device (See above) |
| 2018-12-25T11:51:35.794008934Z | 64 | PC: 12cb1 | Write file or device (See above) |
| 2018-12-25T11:51:35.797604018Z | 64 | PC: 12cc6 | Write file or device (See above) |
| 2018-12-25T11:51:35.800383798Z | 66 | PC: 12ccf | Move file pointer (See above) |
| 2018-12-25T11:51:35.802301387Z | 64 | PC: 12a7f | Write file or device (See above) |
| 2018-12-25T11:51:35.812163665Z | 87 | PC: 12ce8 | Get or set file date and time (See above) |
| 2018-12-25T11:51:35.814041292Z | 62 | PC: 12cec | Close file (See above) |
| 2018-12-25T11:51:35.822862829Z | 67 | PC: 12cfd | Get or set file attributes (See above) |
| 2018-12-25T11:51:35.833798137Z | 42 | PC: 12b50 | Get date 0x12b50: cmp dx, 0x709 0x12b54: je 0x12b59 0x12b56: jmp 0x12d6f 0x12b59: jmp 0x12d03 0x12b5c: and ah, bh 0x12b5e: movsw word ptr es:[di], word ptr [si] 0x12b5f: mov ax, 0x5c4c 0x12b62: add word ptr [di], ax 0x12b64: add byte ptr [di - 0x75], dl 0x12b67: in al, dx 0x12b68: sub sp, 0x2c 0x12b6b: push si 0x12b6c: jmp 0x12bde 0x12b6e: nop 0x12b6f: mov ah, 0x1a 0x12b71: lea dx, word ptr [bp - 0x2c] 0x12b74: int 0x21 0x12b76: mov ah, 0x4e 0x12b78: mov cx, 0x10 0x12b7b: mov dx, 0x19f |
| 2018-12-25T11:51:35.837262104Z | 59 | PC: 12d7a | Change current directory |
| 2018-12-25T11:51:35.84179893Z | 59 | PC: 12d81 | Change current directory |