{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":6923,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:00:41.148768608Z | 53 | PC: 12ae5 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:00:41.149913557Z | 37 | PC: 12af8 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:00:41.151548594Z | 71 | PC: 12b03 | Get current directory |
| 2018-12-25T12:00:41.155951726Z | 25 | PC: 12b08 | Get default drive |
| 2018-12-25T12:00:41.157057719Z | 26 | PC: 12b2f | Set disk transfer address |
| 2018-12-25T12:00:41.158886893Z | 42 | PC: 12b33 | Get date 0x12b33: cmp dx, 0x202 0x12b37: jne 0x12b3c 0x12b39: jmp 0x12cfe 0x12b3c: mov ah, 0x4e 0x12b3e: lea dx, word ptr [si + 0x442] 0x12b42: mov cx, 7 0x12b45: int 0x21 0x12b47: jae 0x12b8e 0x12b49: mov ah, 0x1a 0x12b4b: lea dx, word ptr [si + 0x522] 0x12b4f: int 0x21 0x12b51: mov ah, 0x3b 0x12b53: lea dx, word ptr [si + 0x44c] 0x12b57: int 0x21 0x12b59: jb 0x12b5d 0x12b5b: jmp 0x12b27 0x12b5d: cmp byte ptr [si + 0x467], 1 0x12b62: je 0x12b7e 0x12b64: mov al, 1 0x12b66: mov byte ptr [si + 0x467], al |
| 2018-12-25T12:00:41.161601629Z | 78 | PC: 12b47 | Find first file |
| 2018-12-25T12:00:41.168753177Z | 67 | PC: 12ba3 | Get or set file attributes |
| 2018-12-25T12:00:42.147546464Z | 61 | PC: 12d50 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:00:42.155172207Z | 63 | PC: 12bca | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T12:00:42.162440027Z | 66 | PC: 12d46 | Move file pointer |
| 2018-12-25T12:00:42.165283183Z | 44 | PC: 12c36 | Get time 0x12c36: cmp dx, 0 0x12c39: je 0x12c32 0x12c3b: mov word ptr [si + 0x119], dx 0x12c3f: mov cl, 8 0x12c41: ror dx, cl 0x12c43: mov word ptr [si + 0x465], dx 0x12c47: cmp dl, 0x1e 0x12c4a: jle 0x12c4f 0x12c4c: jmp 0x12c6e 0x12c4e: nop 0x12c4f: lea si, word ptr [bp + 0x143] 0x12c53: lea di, word ptr [bp + 0x11b] 0x12c57: mov cx, 0x10 0x12c5a: call 0x12d15 0x12c5d: lea si, word ptr [bp + 0x153] 0x12c61: lea di, word ptr [bp + 0x133] 0x12c65: mov cx, 6 0x12c68: call 0x12d15 0x12c6b: jmp 0x12c8a 0x12c6d: nop |
| 2018-12-25T12:00:42.168528873Z | 64 | PC: 12a7f | Write file or device (Write 870 bytes on handle 5) |
| 2018-12-25T12:00:42.184729703Z | 66 | PC: 12d3a | Move file pointer |
| 2018-12-25T12:00:42.186339162Z | 64 | PC: 12cae | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:00:42.193903708Z | 87 | PC: 12cbf | Get or set file date and time |
| 2018-12-25T12:00:42.195598044Z | 62 | PC: 12cc3 | Close file |
| 2018-12-25T12:00:42.204701834Z | 67 | PC: 12cd2 | Get or set file attributes |
| 2018-12-25T12:00:42.212269545Z | 59 | PC: 12cda | Change current directory |
| 2018-12-25T12:00:42.21533278Z | 26 | PC: 12ce1 | Set disk transfer address |
| 2018-12-25T12:00:42.216375346Z | 37 | PC: 12cec | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":6923,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:00:41.694220474Z | 53 | PC: 12ae5 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:00:41.696321404Z | 37 | PC: 12af8 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:00:41.697720561Z | 71 | PC: 12b03 | Get current directory |
| 2018-12-25T12:00:41.700396627Z | 25 | PC: 12b08 | Get default drive |
| 2018-12-25T12:00:41.703029673Z | 26 | PC: 12b2f | Set disk transfer address |
| 2018-12-25T12:00:41.704309795Z | 42 | PC: 12b33 | Get date 0x12b33: cmp dx, 0x202 0x12b37: jne 0x12b3c 0x12b39: jmp 0x12cfe 0x12b3c: mov ah, 0x4e 0x12b3e: lea dx, word ptr [si + 0x442] 0x12b42: mov cx, 7 0x12b45: int 0x21 0x12b47: jae 0x12b8e 0x12b49: mov ah, 0x1a 0x12b4b: lea dx, word ptr [si + 0x522] 0x12b4f: int 0x21 0x12b51: mov ah, 0x3b 0x12b53: lea dx, word ptr [si + 0x44c] 0x12b57: int 0x21 0x12b59: jb 0x12b5d 0x12b5b: jmp 0x12b27 0x12b5d: cmp byte ptr [si + 0x467], 1 0x12b62: je 0x12b7e 0x12b64: mov al, 1 0x12b66: mov byte ptr [si + 0x467], al |
| 2018-12-25T12:00:41.706694927Z | 78 | PC: 12b47 | Find first file |
| 2018-12-25T12:00:41.714013115Z | 67 | PC: 12ba3 | Get or set file attributes |
| 2018-12-25T12:00:41.740640755Z | 61 | PC: 12d50 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:00:41.747912522Z | 63 | PC: 12bca | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T12:00:41.754968602Z | 66 | PC: 12d46 | Move file pointer |
| 2018-12-25T12:00:41.757367206Z | 44 | PC: 12c36 | Get time 0x12c36: cmp dx, 0 0x12c39: je 0x12c32 0x12c3b: mov word ptr [si + 0x119], dx 0x12c3f: mov cl, 8 0x12c41: ror dx, cl 0x12c43: mov word ptr [si + 0x465], dx 0x12c47: cmp dl, 0x1e 0x12c4a: jle 0x12c4f 0x12c4c: jmp 0x12c6e 0x12c4e: nop 0x12c4f: lea si, word ptr [bp + 0x143] 0x12c53: lea di, word ptr [bp + 0x11b] 0x12c57: mov cx, 0x10 0x12c5a: call 0x12d15 0x12c5d: lea si, word ptr [bp + 0x153] 0x12c61: lea di, word ptr [bp + 0x133] 0x12c65: mov cx, 6 0x12c68: call 0x12d15 0x12c6b: jmp 0x12c8a 0x12c6d: nop |
| 2018-12-25T12:00:41.760018486Z | 64 | PC: 12a7f | Write file or device (Write 870 bytes on handle 5) |
| 2018-12-25T12:00:41.768803357Z | 66 | PC: 12d3a | Move file pointer |
| 2018-12-25T12:00:41.770382546Z | 64 | PC: 12cae | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:00:41.776754278Z | 87 | PC: 12cbf | Get or set file date and time |
| 2018-12-25T12:00:41.778476302Z | 62 | PC: 12cc3 | Close file |
| 2018-12-25T12:00:41.784896962Z | 67 | PC: 12cd2 | Get or set file attributes |
| 2018-12-25T12:00:41.790994391Z | 59 | PC: 12cda | Change current directory |
| 2018-12-25T12:00:41.793513003Z | 26 | PC: 12ce1 | Set disk transfer address |
| 2018-12-25T12:00:41.795406501Z | 37 | PC: 12cec | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":6923,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:00:42.0662836Z | 53 | PC: 12ae5 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:00:42.067883579Z | 37 | PC: 12af8 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:00:42.069048825Z | 71 | PC: 12b03 | Get current directory |
| 2018-12-25T12:00:42.072005916Z | 25 | PC: 12b08 | Get default drive |
| 2018-12-25T12:00:42.076985789Z | 26 | PC: 12b2f | Set disk transfer address |
| 2018-12-25T12:00:42.078179377Z | 42 | PC: 12b33 | Get date 0x12b33: cmp dx, 0x202 0x12b37: jne 0x12b3c 0x12b39: jmp 0x12cfe 0x12b3c: mov ah, 0x4e 0x12b3e: lea dx, word ptr [si + 0x442] 0x12b42: mov cx, 7 0x12b45: int 0x21 0x12b47: jae 0x12b8e 0x12b49: mov ah, 0x1a 0x12b4b: lea dx, word ptr [si + 0x522] 0x12b4f: int 0x21 0x12b51: mov ah, 0x3b 0x12b53: lea dx, word ptr [si + 0x44c] 0x12b57: int 0x21 0x12b59: jb 0x12b5d 0x12b5b: jmp 0x12b27 0x12b5d: cmp byte ptr [si + 0x467], 1 0x12b62: je 0x12b7e 0x12b64: mov al, 1 0x12b66: mov byte ptr [si + 0x467], al |
| 2018-12-25T12:00:42.080416438Z | 78 | PC: 12b47 | Find first file |
| 2018-12-25T12:00:42.086857065Z | 67 | PC: 12ba3 | Get or set file attributes |
| 2018-12-25T12:00:42.185651792Z | 61 | PC: 12d50 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:00:42.194024806Z | 63 | PC: 12bca | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T12:00:42.201974045Z | 66 | PC: 12d46 | Move file pointer |
| 2018-12-25T12:00:42.204577652Z | 44 | PC: 12c36 | Get time 0x12c36: cmp dx, 0 0x12c39: je 0x12c32 0x12c3b: mov word ptr [si + 0x119], dx 0x12c3f: mov cl, 8 0x12c41: ror dx, cl 0x12c43: mov word ptr [si + 0x465], dx 0x12c47: cmp dl, 0x1e 0x12c4a: jle 0x12c4f 0x12c4c: jmp 0x12c6e 0x12c4e: nop 0x12c4f: lea si, word ptr [bp + 0x143] 0x12c53: lea di, word ptr [bp + 0x11b] 0x12c57: mov cx, 0x10 0x12c5a: call 0x12d15 0x12c5d: lea si, word ptr [bp + 0x153] 0x12c61: lea di, word ptr [bp + 0x133] 0x12c65: mov cx, 6 0x12c68: call 0x12d15 0x12c6b: jmp 0x12c8a 0x12c6d: nop |
| 2018-12-25T12:00:42.207674458Z | 64 | PC: 12a7f | Write file or device (Write 870 bytes on handle 5) |
| 2018-12-25T12:00:42.217957929Z | 66 | PC: 12d3a | Move file pointer |
| 2018-12-25T12:00:42.220435347Z | 64 | PC: 12cae | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:00:42.227631247Z | 87 | PC: 12cbf | Get or set file date and time |
| 2018-12-25T12:00:42.229242991Z | 62 | PC: 12cc3 | Close file |
| 2018-12-25T12:00:42.238498333Z | 67 | PC: 12cd2 | Get or set file attributes |
| 2018-12-25T12:00:42.249586613Z | 59 | PC: 12cda | Change current directory |
| 2018-12-25T12:00:42.254119159Z | 26 | PC: 12ce1 | Set disk transfer address |
| 2018-12-25T12:00:42.257474427Z | 37 | PC: 12cec | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":6923,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:00:42.732891208Z | 53 | PC: 12ae5 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:00:42.73471873Z | 37 | PC: 12af8 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:00:42.736698218Z | 71 | PC: 12b03 | Get current directory |
| 2018-12-25T12:00:42.740027923Z | 25 | PC: 12b08 | Get default drive |
| 2018-12-25T12:00:42.741491054Z | 26 | PC: 12b2f | Set disk transfer address |
| 2018-12-25T12:00:42.743416309Z | 42 | PC: 12b33 | Get date 0x12b33: cmp dx, 0x202 0x12b37: jne 0x12b3c 0x12b39: jmp 0x12cfe 0x12b3c: mov ah, 0x4e 0x12b3e: lea dx, word ptr [si + 0x442] 0x12b42: mov cx, 7 0x12b45: int 0x21 0x12b47: jae 0x12b8e 0x12b49: mov ah, 0x1a 0x12b4b: lea dx, word ptr [si + 0x522] 0x12b4f: int 0x21 0x12b51: mov ah, 0x3b 0x12b53: lea dx, word ptr [si + 0x44c] 0x12b57: int 0x21 0x12b59: jb 0x12b5d 0x12b5b: jmp 0x12b27 0x12b5d: cmp byte ptr [si + 0x467], 1 0x12b62: je 0x12b7e 0x12b64: mov al, 1 0x12b66: mov byte ptr [si + 0x467], al |
| 2018-12-25T12:00:42.746465186Z | 78 | PC: 12b47 | Find first file |
| 2018-12-25T12:00:42.753209013Z | 67 | PC: 12ba3 | Get or set file attributes |
| 2018-12-25T12:00:42.770085487Z | 61 | PC: 12d50 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:00:42.777484856Z | 63 | PC: 12bca | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T12:00:42.784635713Z | 66 | PC: 12d46 | Move file pointer |
| 2018-12-25T12:00:42.787240847Z | 44 | PC: 12c36 | Get time 0x12c36: cmp dx, 0 0x12c39: je 0x12c32 0x12c3b: mov word ptr [si + 0x119], dx 0x12c3f: mov cl, 8 0x12c41: ror dx, cl 0x12c43: mov word ptr [si + 0x465], dx 0x12c47: cmp dl, 0x1e 0x12c4a: jle 0x12c4f 0x12c4c: jmp 0x12c6e 0x12c4e: nop 0x12c4f: lea si, word ptr [bp + 0x143] 0x12c53: lea di, word ptr [bp + 0x11b] 0x12c57: mov cx, 0x10 0x12c5a: call 0x12d15 0x12c5d: lea si, word ptr [bp + 0x153] 0x12c61: lea di, word ptr [bp + 0x133] 0x12c65: mov cx, 6 0x12c68: call 0x12d15 0x12c6b: jmp 0x12c8a 0x12c6d: nop |
| 2018-12-25T12:00:42.790299485Z | 64 | PC: 12a7f | Write file or device (Write 870 bytes on handle 5) |
| 2018-12-25T12:00:42.800376957Z | 66 | PC: 12d3a | Move file pointer |
| 2018-12-25T12:00:42.802509349Z | 64 | PC: 12cae | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:00:42.810533411Z | 87 | PC: 12cbf | Get or set file date and time |
| 2018-12-25T12:00:42.812154125Z | 62 | PC: 12cc3 | Close file |
| 2018-12-25T12:00:42.820734575Z | 67 | PC: 12cd2 | Get or set file attributes |
| 2018-12-25T12:00:42.832080962Z | 59 | PC: 12cda | Change current directory |
| 2018-12-25T12:00:42.836653305Z | 26 | PC: 12ce1 | Set disk transfer address |
| 2018-12-25T12:00:42.837923053Z | 37 | PC: 12cec | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |