{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":7648,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:02:12.441534785Z | 71 | PC: 12b2b | Get current directory |
| 2018-12-25T12:02:12.444959587Z | 59 | PC: 12b36 | Change current directory |
| 2018-12-25T12:02:12.449461694Z | 26 | PC: 12bea | Set disk transfer address |
| 2018-12-25T12:02:12.450515113Z | 78 | PC: 12bf8 | Find first file |
| 2018-12-25T12:02:12.456722557Z | 61 | PC: 12c24 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:02:12.463121079Z | 63 | PC: 12c36 | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T12:02:12.469194126Z | 44 | PC: 12c6a | Get time 0x12c6a: add dl, dh 0x12c6c: je 0x12c66 0x12c6e: mov si, 0x115 0x12c71: add si, word ptr [0x106] 0x12c75: mov byte ptr [si], dl 0x12c77: mov ax, 0x4301 0x12c7a: xor cx, cx 0x12c7c: mov dx, si 0x12c7e: add dx, 0xb2 0x12c82: int 0x21 0x12c84: mov ah, 0x3e 0x12c86: int 0x21 0x12c88: mov ax, 0x3d02 0x12c8b: int 0x21 0x12c8d: jb 0x12c45 0x12c8f: mov di, dx 0x12c91: add di, 0x5d 0x12c94: stosw word ptr es:[di], ax 0x12c95: xchg ax, bx 0x12c96: mov ah, 0x40 |
| 2018-12-25T12:02:12.477072763Z | 67 | PC: 12c84 | Get or set file attributes |
| 2018-12-25T12:02:12.493854088Z | 62 | PC: 12c88 | Close file |
| 2018-12-25T12:02:12.495372786Z | 61 | PC: 12c8d | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:02:12.500996009Z | 64 | PC: 12ca0 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:02:12.503870129Z | 64 | PC: 12cb2 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:02:12.50602703Z | 64 | PC: 12cc7 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:02:12.508141965Z | 66 | PC: 12cd0 | Move file pointer |
| 2018-12-25T12:02:12.510483627Z | 64 | PC: 12a80 | Write file or device (Write 1118 bytes on handle 5) |
| 2018-12-25T12:02:12.519414535Z | 87 | PC: 12ce9 | Get or set file date and time |
| 2018-12-25T12:02:12.521224757Z | 62 | PC: 12ced | Close file |
| 2018-12-25T12:02:12.528991761Z | 67 | PC: 12cfe | Get or set file attributes |
| 2018-12-25T12:02:12.537712506Z | 79 | PC: 12c0c | Find next file |
| 2018-12-25T12:02:12.540060567Z | 61 | PC: 12c24 | Open file (See above) |
| 2018-12-25T12:02:12.546414545Z | 63 | PC: 12c36 | Read file or device (See above) |
| 2018-12-25T12:02:12.55199516Z | 44 | PC: 12c6a | Get time (See above) |
| 2018-12-25T12:02:12.553848651Z | 67 | PC: 12c84 | Get or set file attributes (See above) |
| 2018-12-25T12:02:12.564412337Z | 62 | PC: 12c88 | Close file (See above) |
| 2018-12-25T12:02:12.566223736Z | 61 | PC: 12c8d | Open file (See above) |
| 2018-12-25T12:02:12.577445678Z | 64 | PC: 12ca0 | Write file or device (See above) |
| 2018-12-25T12:02:12.585184781Z | 64 | PC: 12cb2 | Write file or device (See above) |
| 2018-12-25T12:02:12.588191776Z | 64 | PC: 12cc7 | Write file or device (See above) |
| 2018-12-25T12:02:12.590796301Z | 66 | PC: 12cd0 | Move file pointer (See above) |
| 2018-12-25T12:02:12.592780259Z | 64 | PC: 12a80 | Write file or device (See above) |
| 2018-12-25T12:02:12.598808829Z | 87 | PC: 12ce9 | Get or set file date and time (See above) |
| 2018-12-25T12:02:12.600305789Z | 62 | PC: 12ced | Close file (See above) |
| 2018-12-25T12:02:12.607668498Z | 67 | PC: 12cfe | Get or set file attributes (See above) |
| 2018-12-25T12:02:12.617802463Z | 79 | PC: 12c0c | Find next file (See above) |
| 2018-12-25T12:02:12.620293337Z | 61 | PC: 12c24 | Open file (See above) |
| 2018-12-25T12:02:12.626791855Z | 63 | PC: 12c36 | Read file or device (See above) |
| 2018-12-25T12:02:12.631390415Z | 44 | PC: 12c6a | Get time (See above) |
| 2018-12-25T12:02:12.632801054Z | 67 | PC: 12c84 | Get or set file attributes (See above) |
| 2018-12-25T12:02:12.639224419Z | 62 | PC: 12c88 | Close file (See above) |
| 2018-12-25T12:02:12.641369922Z | 61 | PC: 12c8d | Open file (See above) |
| 2018-12-25T12:02:12.65317481Z | 64 | PC: 12ca0 | Write file or device (See above) |
| 2018-12-25T12:02:12.659690796Z | 64 | PC: 12cb2 | Write file or device (See above) |
| 2018-12-25T12:02:12.662532783Z | 64 | PC: 12cc7 | Write file or device (See above) |
| 2018-12-25T12:02:12.664865407Z | 66 | PC: 12cd0 | Move file pointer (See above) |
| 2018-12-25T12:02:12.66734558Z | 64 | PC: 12a80 | Write file or device (See above) |
| 2018-12-25T12:02:12.676961711Z | 87 | PC: 12ce9 | Get or set file date and time (See above) |
| 2018-12-25T12:02:12.678422124Z | 62 | PC: 12ced | Close file (See above) |
| 2018-12-25T12:02:12.68592961Z | 67 | PC: 12cfe | Get or set file attributes (See above) |
| 2018-12-25T12:02:12.706476383Z | 42 | PC: 12b51 | Get date 0x12b51: cmp dx, 0x709 0x12b55: je 0x12b5a 0x12b57: jmp 0x12d70 0x12b5a: jmp 0x12d04 0x12b5d: and ah, bh 0x12b5f: movsw word ptr es:[di], word ptr [si] 0x12b60: mov ax, 0x5c4c 0x12b63: add word ptr [di], ax 0x12b65: add byte ptr [di - 0x75], dl 0x12b68: in al, dx 0x12b69: sub sp, 0x2c 0x12b6c: push si 0x12b6d: jmp 0x12bdf 0x12b6f: nop 0x12b70: mov ah, 0x1a 0x12b72: lea dx, word ptr [bp - 0x2c] 0x12b75: int 0x21 0x12b77: mov ah, 0x4e 0x12b79: mov cx, 0x10 0x12b7c: mov dx, 0x1a0 |
| 2018-12-25T12:02:12.708611915Z | 59 | PC: 12d7b | Change current directory |
| 2018-12-25T12:02:12.712342534Z | 59 | PC: 12d82 | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":7648,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:02:15.195318635Z | 71 | PC: 12b2b | Get current directory |
| 2018-12-25T12:02:15.198166324Z | 59 | PC: 12b36 | Change current directory |
| 2018-12-25T12:02:15.201046633Z | 26 | PC: 12bea | Set disk transfer address |
| 2018-12-25T12:02:15.201876309Z | 78 | PC: 12bf8 | Find first file |
| 2018-12-25T12:02:15.209995167Z | 61 | PC: 12c24 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:02:15.215025601Z | 63 | PC: 12c36 | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T12:02:15.222359131Z | 44 | PC: 12c6a | Get time 0x12c6a: add dl, dh 0x12c6c: je 0x12c66 0x12c6e: mov si, 0x115 0x12c71: add si, word ptr [0x106] 0x12c75: mov byte ptr [si], dl 0x12c77: mov ax, 0x4301 0x12c7a: xor cx, cx 0x12c7c: mov dx, si 0x12c7e: add dx, 0xb2 0x12c82: int 0x21 0x12c84: mov ah, 0x3e 0x12c86: int 0x21 0x12c88: mov ax, 0x3d02 0x12c8b: int 0x21 0x12c8d: jb 0x12c45 0x12c8f: mov di, dx 0x12c91: add di, 0x5d 0x12c94: stosw word ptr es:[di], ax 0x12c95: xchg ax, bx 0x12c96: mov ah, 0x40 |
| 2018-12-25T12:02:15.225034465Z | 67 | PC: 12c84 | Get or set file attributes |
| 2018-12-25T12:02:16.157814154Z | 62 | PC: 12c88 | Close file |
| 2018-12-25T12:02:16.160329144Z | 61 | PC: 12c8d | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:02:16.168227271Z | 64 | PC: 12ca0 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:02:16.171680273Z | 64 | PC: 12cb2 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:02:16.174348286Z | 64 | PC: 12cc7 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:02:16.177003109Z | 66 | PC: 12cd0 | Move file pointer |
| 2018-12-25T12:02:16.179357074Z | 64 | PC: 12a80 | Write file or device (Write 1118 bytes on handle 5) |
| 2018-12-25T12:02:16.22156004Z | 87 | PC: 12ce9 | Get or set file date and time |
| 2018-12-25T12:02:16.223102641Z | 62 | PC: 12ced | Close file |
| 2018-12-25T12:02:16.274214909Z | 67 | PC: 12cfe | Get or set file attributes |
| 2018-12-25T12:02:16.327724761Z | 79 | PC: 12c0c | Find next file |
| 2018-12-25T12:02:16.330581275Z | 61 | PC: 12c24 | Open file (See above) |
| 2018-12-25T12:02:16.348218311Z | 63 | PC: 12c36 | Read file or device (See above) |
| 2018-12-25T12:02:16.368877851Z | 44 | PC: 12c6a | Get time (See above) |
| 2018-12-25T12:02:16.371072116Z | 67 | PC: 12c84 | Get or set file attributes (See above) |
| 2018-12-25T12:02:16.409394837Z | 62 | PC: 12c88 | Close file (See above) |
| 2018-12-25T12:02:16.411553742Z | 61 | PC: 12c8d | Open file (See above) |
| 2018-12-25T12:02:16.41894695Z | 64 | PC: 12ca0 | Write file or device (See above) |
| 2018-12-25T12:02:16.431174993Z | 64 | PC: 12cb2 | Write file or device (See above) |
| 2018-12-25T12:02:16.434232152Z | 64 | PC: 12cc7 | Write file or device (See above) |
| 2018-12-25T12:02:16.437177909Z | 66 | PC: 12cd0 | Move file pointer (See above) |
| 2018-12-25T12:02:16.439624106Z | 64 | PC: 12a80 | Write file or device (See above) |
| 2018-12-25T12:02:16.500124248Z | 87 | PC: 12ce9 | Get or set file date and time (See above) |
| 2018-12-25T12:02:16.502124477Z | 62 | PC: 12ced | Close file (See above) |
| 2018-12-25T12:02:16.549073978Z | 67 | PC: 12cfe | Get or set file attributes (See above) |
| 2018-12-25T12:02:16.632407915Z | 79 | PC: 12c0c | Find next file (See above) |
| 2018-12-25T12:02:16.635268275Z | 61 | PC: 12c24 | Open file (See above) |
| 2018-12-25T12:02:16.643168121Z | 63 | PC: 12c36 | Read file or device (See above) |
| 2018-12-25T12:02:16.650998581Z | 44 | PC: 12c6a | Get time (See above) |
| 2018-12-25T12:02:16.653471891Z | 67 | PC: 12c84 | Get or set file attributes (See above) |
| 2018-12-25T12:02:16.741146802Z | 62 | PC: 12c88 | Close file (See above) |
| 2018-12-25T12:02:16.744664603Z | 61 | PC: 12c8d | Open file (See above) |
| 2018-12-25T12:02:16.752398076Z | 64 | PC: 12ca0 | Write file or device (See above) |
| 2018-12-25T12:02:16.755852509Z | 64 | PC: 12cb2 | Write file or device (See above) |
| 2018-12-25T12:02:16.759984989Z | 64 | PC: 12cc7 | Write file or device (See above) |
| 2018-12-25T12:02:16.762842424Z | 66 | PC: 12cd0 | Move file pointer (See above) |
| 2018-12-25T12:02:16.764914943Z | 64 | PC: 12a80 | Write file or device (See above) |
| 2018-12-25T12:02:16.793110278Z | 87 | PC: 12ce9 | Get or set file date and time (See above) |
| 2018-12-25T12:02:16.809946242Z | 62 | PC: 12ced | Close file (See above) |
| 2018-12-25T12:02:16.818726334Z | 67 | PC: 12cfe | Get or set file attributes (See above) |
| 2018-12-25T12:02:16.831297437Z | 42 | PC: 12b51 | Get date 0x12b51: cmp dx, 0x709 0x12b55: je 0x12b5a 0x12b57: jmp 0x12d70 0x12b5a: jmp 0x12d04 0x12b5d: and ah, bh 0x12b5f: movsw word ptr es:[di], word ptr [si] 0x12b60: mov ax, 0x5c4c 0x12b63: add word ptr [di], ax 0x12b65: add byte ptr [di - 0x75], dl 0x12b68: in al, dx 0x12b69: sub sp, 0x2c 0x12b6c: push si 0x12b6d: jmp 0x12bdf 0x12b6f: nop 0x12b70: mov ah, 0x1a 0x12b72: lea dx, word ptr [bp - 0x2c] 0x12b75: int 0x21 0x12b77: mov ah, 0x4e 0x12b79: mov cx, 0x10 0x12b7c: mov dx, 0x1a0 |
| 2018-12-25T12:02:16.834527909Z | 59 | PC: 12d7b | Change current directory |
| 2018-12-25T12:02:16.839427396Z | 59 | PC: 12d82 | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":7648,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:02:15.514977677Z | 71 | PC: 12b2b | Get current directory |
| 2018-12-25T12:02:15.517966841Z | 59 | PC: 12b36 | Change current directory |
| 2018-12-25T12:02:15.521714387Z | 26 | PC: 12bea | Set disk transfer address |
| 2018-12-25T12:02:15.522592841Z | 78 | PC: 12bf8 | Find first file |
| 2018-12-25T12:02:15.528969456Z | 61 | PC: 12c24 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:02:15.535156726Z | 63 | PC: 12c36 | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T12:02:15.541216327Z | 44 | PC: 12c6a | Get time 0x12c6a: add dl, dh 0x12c6c: je 0x12c66 0x12c6e: mov si, 0x115 0x12c71: add si, word ptr [0x106] 0x12c75: mov byte ptr [si], dl 0x12c77: mov ax, 0x4301 0x12c7a: xor cx, cx 0x12c7c: mov dx, si 0x12c7e: add dx, 0xb2 0x12c82: int 0x21 0x12c84: mov ah, 0x3e 0x12c86: int 0x21 0x12c88: mov ax, 0x3d02 0x12c8b: int 0x21 0x12c8d: jb 0x12c45 0x12c8f: mov di, dx 0x12c91: add di, 0x5d 0x12c94: stosw word ptr es:[di], ax 0x12c95: xchg ax, bx 0x12c96: mov ah, 0x40 |
| 2018-12-25T12:02:15.543517605Z | 67 | PC: 12c84 | Get or set file attributes |
| 2018-12-25T12:02:16.235332489Z | 62 | PC: 12c88 | Close file |
| 2018-12-25T12:02:16.237114056Z | 61 | PC: 12c8d | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:02:16.248992875Z | 64 | PC: 12ca0 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:02:16.255924448Z | 64 | PC: 12cb2 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:02:16.258770611Z | 64 | PC: 12cc7 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:02:16.262686185Z | 66 | PC: 12cd0 | Move file pointer |
| 2018-12-25T12:02:16.264903528Z | 64 | PC: 12a80 | Write file or device (Write 1118 bytes on handle 5) |
| 2018-12-25T12:02:16.274302625Z | 87 | PC: 12ce9 | Get or set file date and time |
| 2018-12-25T12:02:16.275893836Z | 62 | PC: 12ced | Close file |
| 2018-12-25T12:02:16.284826477Z | 67 | PC: 12cfe | Get or set file attributes |
| 2018-12-25T12:02:16.294601653Z | 79 | PC: 12c0c | Find next file |
| 2018-12-25T12:02:16.297499298Z | 61 | PC: 12c24 | Open file (See above) |
| 2018-12-25T12:02:16.304527945Z | 63 | PC: 12c36 | Read file or device (See above) |
| 2018-12-25T12:02:16.311355126Z | 44 | PC: 12c6a | Get time (See above) |
| 2018-12-25T12:02:16.313779092Z | 67 | PC: 12c84 | Get or set file attributes (See above) |
| 2018-12-25T12:02:16.324803056Z | 62 | PC: 12c88 | Close file (See above) |
| 2018-12-25T12:02:16.326499761Z | 61 | PC: 12c8d | Open file (See above) |
| 2018-12-25T12:02:16.333016636Z | 64 | PC: 12ca0 | Write file or device (See above) |
| 2018-12-25T12:02:16.338054263Z | 64 | PC: 12cb2 | Write file or device (See above) |
| 2018-12-25T12:02:16.340629935Z | 64 | PC: 12cc7 | Write file or device (See above) |
| 2018-12-25T12:02:16.343132885Z | 66 | PC: 12cd0 | Move file pointer (See above) |
| 2018-12-25T12:02:16.35389682Z | 64 | PC: 12a80 | Write file or device (See above) |
| 2018-12-25T12:02:16.362772346Z | 87 | PC: 12ce9 | Get or set file date and time (See above) |
| 2018-12-25T12:02:16.364322432Z | 62 | PC: 12ced | Close file (See above) |
| 2018-12-25T12:02:16.37271036Z | 67 | PC: 12cfe | Get or set file attributes (See above) |
| 2018-12-25T12:02:16.382922943Z | 79 | PC: 12c0c | Find next file (See above) |
| 2018-12-25T12:02:16.385400664Z | 61 | PC: 12c24 | Open file (See above) |
| 2018-12-25T12:02:16.392953239Z | 63 | PC: 12c36 | Read file or device (See above) |
| 2018-12-25T12:02:16.399676303Z | 44 | PC: 12c6a | Get time (See above) |
| 2018-12-25T12:02:16.401675348Z | 67 | PC: 12c84 | Get or set file attributes (See above) |
| 2018-12-25T12:02:16.411097967Z | 62 | PC: 12c88 | Close file (See above) |
| 2018-12-25T12:02:16.413076871Z | 61 | PC: 12c8d | Open file (See above) |
| 2018-12-25T12:02:16.419443767Z | 64 | PC: 12ca0 | Write file or device (See above) |
| 2018-12-25T12:02:16.422099545Z | 64 | PC: 12cb2 | Write file or device (See above) |
| 2018-12-25T12:02:16.425594782Z | 64 | PC: 12cc7 | Write file or device (See above) |
| 2018-12-25T12:02:16.428064312Z | 66 | PC: 12cd0 | Move file pointer (See above) |
| 2018-12-25T12:02:16.43004948Z | 64 | PC: 12a80 | Write file or device (See above) |
| 2018-12-25T12:02:16.439847147Z | 87 | PC: 12ce9 | Get or set file date and time (See above) |
| 2018-12-25T12:02:16.441255141Z | 62 | PC: 12ced | Close file (See above) |
| 2018-12-25T12:02:16.44853496Z | 67 | PC: 12cfe | Get or set file attributes (See above) |
| 2018-12-25T12:02:16.459135139Z | 42 | PC: 12b51 | Get date 0x12b51: cmp dx, 0x709 0x12b55: je 0x12b5a 0x12b57: jmp 0x12d70 0x12b5a: jmp 0x12d04 0x12b5d: and ah, bh 0x12b5f: movsw word ptr es:[di], word ptr [si] 0x12b60: mov ax, 0x5c4c 0x12b63: add word ptr [di], ax 0x12b65: add byte ptr [di - 0x75], dl 0x12b68: in al, dx 0x12b69: sub sp, 0x2c 0x12b6c: push si 0x12b6d: jmp 0x12bdf 0x12b6f: nop 0x12b70: mov ah, 0x1a 0x12b72: lea dx, word ptr [bp - 0x2c] 0x12b75: int 0x21 0x12b77: mov ah, 0x4e 0x12b79: mov cx, 0x10 0x12b7c: mov dx, 0x1a0 |
| 2018-12-25T12:02:16.461116501Z | 59 | PC: 12d7b | Change current directory |
| 2018-12-25T12:02:16.46483953Z | 59 | PC: 12d82 | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":7648,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:02:15.948383599Z | 71 | PC: 12b2b | Get current directory |
| 2018-12-25T12:02:15.951692241Z | 59 | PC: 12b36 | Change current directory |
| 2018-12-25T12:02:15.956046417Z | 26 | PC: 12bea | Set disk transfer address |
| 2018-12-25T12:02:15.95716557Z | 78 | PC: 12bf8 | Find first file |
| 2018-12-25T12:02:15.968288591Z | 61 | PC: 12c24 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:02:15.979383993Z | 63 | PC: 12c36 | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T12:02:15.986105121Z | 44 | PC: 12c6a | Get time 0x12c6a: add dl, dh 0x12c6c: je 0x12c66 0x12c6e: mov si, 0x115 0x12c71: add si, word ptr [0x106] 0x12c75: mov byte ptr [si], dl 0x12c77: mov ax, 0x4301 0x12c7a: xor cx, cx 0x12c7c: mov dx, si 0x12c7e: add dx, 0xb2 0x12c82: int 0x21 0x12c84: mov ah, 0x3e 0x12c86: int 0x21 0x12c88: mov ax, 0x3d02 0x12c8b: int 0x21 0x12c8d: jb 0x12c45 0x12c8f: mov di, dx 0x12c91: add di, 0x5d 0x12c94: stosw word ptr es:[di], ax 0x12c95: xchg ax, bx 0x12c96: mov ah, 0x40 |
| 2018-12-25T12:02:15.988566665Z | 67 | PC: 12c84 | Get or set file attributes |
| 2018-12-25T12:02:16.235141509Z | 62 | PC: 12c88 | Close file |
| 2018-12-25T12:02:16.237087385Z | 61 | PC: 12c8d | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:02:16.244717218Z | 64 | PC: 12ca0 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:02:16.248729038Z | 64 | PC: 12cb2 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:02:16.250685064Z | 64 | PC: 12cc7 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:02:16.252775295Z | 66 | PC: 12cd0 | Move file pointer |
| 2018-12-25T12:02:16.253998715Z | 64 | PC: 12a80 | Write file or device (Write 1118 bytes on handle 5) |
| 2018-12-25T12:02:16.260140809Z | 87 | PC: 12ce9 | Get or set file date and time |
| 2018-12-25T12:02:16.262084822Z | 62 | PC: 12ced | Close file |
| 2018-12-25T12:02:16.269591255Z | 67 | PC: 12cfe | Get or set file attributes |
| 2018-12-25T12:02:16.279229822Z | 79 | PC: 12c0c | Find next file |
| 2018-12-25T12:02:16.281627057Z | 61 | PC: 12c24 | Open file (See above) |
| 2018-12-25T12:02:16.293068256Z | 63 | PC: 12c36 | Read file or device (See above) |
| 2018-12-25T12:02:16.299234022Z | 44 | PC: 12c6a | Get time (See above) |
| 2018-12-25T12:02:16.301217319Z | 67 | PC: 12c84 | Get or set file attributes (See above) |
| 2018-12-25T12:02:16.31192371Z | 62 | PC: 12c88 | Close file (See above) |
| 2018-12-25T12:02:16.313858733Z | 61 | PC: 12c8d | Open file (See above) |
| 2018-12-25T12:02:16.320576803Z | 64 | PC: 12ca0 | Write file or device (See above) |
| 2018-12-25T12:02:16.330500285Z | 64 | PC: 12cb2 | Write file or device (See above) |
| 2018-12-25T12:02:16.333256217Z | 64 | PC: 12cc7 | Write file or device (See above) |
| 2018-12-25T12:02:16.335743697Z | 66 | PC: 12cd0 | Move file pointer (See above) |
| 2018-12-25T12:02:16.338091735Z | 64 | PC: 12a80 | Write file or device (See above) |
| 2018-12-25T12:02:16.346991268Z | 87 | PC: 12ce9 | Get or set file date and time (See above) |
| 2018-12-25T12:02:16.348453181Z | 62 | PC: 12ced | Close file (See above) |
| 2018-12-25T12:02:16.356523391Z | 67 | PC: 12cfe | Get or set file attributes (See above) |
| 2018-12-25T12:02:16.366529184Z | 79 | PC: 12c0c | Find next file (See above) |
| 2018-12-25T12:02:16.369253502Z | 61 | PC: 12c24 | Open file (See above) |
| 2018-12-25T12:02:16.376176841Z | 63 | PC: 12c36 | Read file or device (See above) |
| 2018-12-25T12:02:16.382451564Z | 44 | PC: 12c6a | Get time (See above) |
| 2018-12-25T12:02:16.384430693Z | 67 | PC: 12c84 | Get or set file attributes (See above) |
| 2018-12-25T12:02:16.400321362Z | 62 | PC: 12c88 | Close file (See above) |
| 2018-12-25T12:02:16.402941909Z | 61 | PC: 12c8d | Open file (See above) |
| 2018-12-25T12:02:16.409796203Z | 64 | PC: 12ca0 | Write file or device (See above) |
| 2018-12-25T12:02:16.413529932Z | 64 | PC: 12cb2 | Write file or device (See above) |
| 2018-12-25T12:02:16.416546158Z | 64 | PC: 12cc7 | Write file or device (See above) |
| 2018-12-25T12:02:16.419512267Z | 66 | PC: 12cd0 | Move file pointer (See above) |
| 2018-12-25T12:02:16.422179897Z | 64 | PC: 12a80 | Write file or device (See above) |
| 2018-12-25T12:02:16.432561506Z | 87 | PC: 12ce9 | Get or set file date and time (See above) |
| 2018-12-25T12:02:16.434309128Z | 62 | PC: 12ced | Close file (See above) |
| 2018-12-25T12:02:16.442394882Z | 67 | PC: 12cfe | Get or set file attributes (See above) |
| 2018-12-25T12:02:16.455060867Z | 42 | PC: 12b51 | Get date 0x12b51: cmp dx, 0x709 0x12b55: je 0x12b5a 0x12b57: jmp 0x12d70 0x12b5a: jmp 0x12d04 0x12b5d: and ah, bh 0x12b5f: movsw word ptr es:[di], word ptr [si] 0x12b60: mov ax, 0x5c4c 0x12b63: add word ptr [di], ax 0x12b65: add byte ptr [di - 0x75], dl 0x12b68: in al, dx 0x12b69: sub sp, 0x2c 0x12b6c: push si 0x12b6d: jmp 0x12bdf 0x12b6f: nop 0x12b70: mov ah, 0x1a 0x12b72: lea dx, word ptr [bp - 0x2c] 0x12b75: int 0x21 0x12b77: mov ah, 0x4e 0x12b79: mov cx, 0x10 0x12b7c: mov dx, 0x1a0 |
| 2018-12-25T12:02:16.457123046Z | 59 | PC: 12d7b | Change current directory |
| 2018-12-25T12:02:16.460977327Z | 59 | PC: 12d82 | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":7648,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:02:17.028635219Z | 71 | PC: 12b2b | Get current directory |
| 2018-12-25T12:02:17.03184056Z | 59 | PC: 12b36 | Change current directory |
| 2018-12-25T12:02:17.035701944Z | 26 | PC: 12bea | Set disk transfer address |
| 2018-12-25T12:02:17.0366801Z | 78 | PC: 12bf8 | Find first file |
| 2018-12-25T12:02:17.04781511Z | 61 | PC: 12c24 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:02:17.058656565Z | 63 | PC: 12c36 | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T12:02:17.064766309Z | 44 | PC: 12c6a | Get time 0x12c6a: add dl, dh 0x12c6c: je 0x12c66 0x12c6e: mov si, 0x115 0x12c71: add si, word ptr [0x106] 0x12c75: mov byte ptr [si], dl 0x12c77: mov ax, 0x4301 0x12c7a: xor cx, cx 0x12c7c: mov dx, si 0x12c7e: add dx, 0xb2 0x12c82: int 0x21 0x12c84: mov ah, 0x3e 0x12c86: int 0x21 0x12c88: mov ax, 0x3d02 0x12c8b: int 0x21 0x12c8d: jb 0x12c45 0x12c8f: mov di, dx 0x12c91: add di, 0x5d 0x12c94: stosw word ptr es:[di], ax 0x12c95: xchg ax, bx 0x12c96: mov ah, 0x40 |
| 2018-12-25T12:02:17.06885222Z | 67 | PC: 12c84 | Get or set file attributes |
| 2018-12-25T12:02:17.084672717Z | 62 | PC: 12c88 | Close file |
| 2018-12-25T12:02:17.086305253Z | 61 | PC: 12c8d | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:02:17.093042018Z | 64 | PC: 12ca0 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:02:17.096171447Z | 64 | PC: 12cb2 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:02:17.098564494Z | 64 | PC: 12cc7 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:02:17.101193806Z | 66 | PC: 12cd0 | Move file pointer |
| 2018-12-25T12:02:17.102628722Z | 64 | PC: 12a80 | Write file or device (Write 1118 bytes on handle 5) |
| 2018-12-25T12:02:17.108381316Z | 87 | PC: 12ce9 | Get or set file date and time |
| 2018-12-25T12:02:17.109620385Z | 62 | PC: 12ced | Close file |
| 2018-12-25T12:02:17.114577873Z | 67 | PC: 12cfe | Get or set file attributes |
| 2018-12-25T12:02:17.120514503Z | 79 | PC: 12c0c | Find next file |
| 2018-12-25T12:02:17.122400508Z | 61 | PC: 12c24 | Open file (See above) |
| 2018-12-25T12:02:17.126582606Z | 63 | PC: 12c36 | Read file or device (See above) |
| 2018-12-25T12:02:17.130467495Z | 44 | PC: 12c6a | Get time (See above) |
| 2018-12-25T12:02:17.131833453Z | 67 | PC: 12c84 | Get or set file attributes (See above) |
| 2018-12-25T12:02:17.140492232Z | 62 | PC: 12c88 | Close file (See above) |
| 2018-12-25T12:02:17.141874006Z | 61 | PC: 12c8d | Open file (See above) |
| 2018-12-25T12:02:17.145982261Z | 64 | PC: 12ca0 | Write file or device (See above) |
| 2018-12-25T12:02:17.150626832Z | 64 | PC: 12cb2 | Write file or device (See above) |
| 2018-12-25T12:02:17.152449116Z | 64 | PC: 12cc7 | Write file or device (See above) |
| 2018-12-25T12:02:17.154166432Z | 66 | PC: 12cd0 | Move file pointer (See above) |
| 2018-12-25T12:02:17.156097878Z | 64 | PC: 12a80 | Write file or device (See above) |
| 2018-12-25T12:02:17.161787195Z | 87 | PC: 12ce9 | Get or set file date and time (See above) |
| 2018-12-25T12:02:17.163025217Z | 62 | PC: 12ced | Close file (See above) |
| 2018-12-25T12:02:17.168620079Z | 67 | PC: 12cfe | Get or set file attributes (See above) |
| 2018-12-25T12:02:17.174942543Z | 79 | PC: 12c0c | Find next file (See above) |
| 2018-12-25T12:02:17.177850428Z | 61 | PC: 12c24 | Open file (See above) |
| 2018-12-25T12:02:17.185254262Z | 63 | PC: 12c36 | Read file or device (See above) |
| 2018-12-25T12:02:17.191829984Z | 44 | PC: 12c6a | Get time (See above) |
| 2018-12-25T12:02:17.194724704Z | 67 | PC: 12c84 | Get or set file attributes (See above) |
| 2018-12-25T12:02:17.208124691Z | 62 | PC: 12c88 | Close file (See above) |
| 2018-12-25T12:02:17.20987413Z | 61 | PC: 12c8d | Open file (See above) |
| 2018-12-25T12:02:17.216341067Z | 64 | PC: 12ca0 | Write file or device (See above) |
| 2018-12-25T12:02:17.223277563Z | 64 | PC: 12cb2 | Write file or device (See above) |
| 2018-12-25T12:02:17.225932383Z | 64 | PC: 12cc7 | Write file or device (See above) |
| 2018-12-25T12:02:17.228498374Z | 66 | PC: 12cd0 | Move file pointer (See above) |
| 2018-12-25T12:02:17.231364242Z | 64 | PC: 12a80 | Write file or device (See above) |
| 2018-12-25T12:02:17.240182149Z | 87 | PC: 12ce9 | Get or set file date and time (See above) |
| 2018-12-25T12:02:17.241742854Z | 62 | PC: 12ced | Close file (See above) |
| 2018-12-25T12:02:17.250385006Z | 67 | PC: 12cfe | Get or set file attributes (See above) |
| 2018-12-25T12:02:17.260575037Z | 42 | PC: 12b51 | Get date 0x12b51: cmp dx, 0x709 0x12b55: je 0x12b5a 0x12b57: jmp 0x12d70 0x12b5a: jmp 0x12d04 0x12b5d: and ah, bh 0x12b5f: movsw word ptr es:[di], word ptr [si] 0x12b60: mov ax, 0x5c4c 0x12b63: add word ptr [di], ax 0x12b65: add byte ptr [di - 0x75], dl 0x12b68: in al, dx 0x12b69: sub sp, 0x2c 0x12b6c: push si 0x12b6d: jmp 0x12bdf 0x12b6f: nop 0x12b70: mov ah, 0x1a 0x12b72: lea dx, word ptr [bp - 0x2c] 0x12b75: int 0x21 0x12b77: mov ah, 0x4e 0x12b79: mov cx, 0x10 0x12b7c: mov dx, 0x1a0 |
| 2018-12-25T12:02:17.262625035Z | 59 | PC: 12d7b | Change current directory |
| 2018-12-25T12:02:17.267326068Z | 59 | PC: 12d82 | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":7648,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:02:17.036231159Z | 71 | PC: 12b2b | Get current directory |
| 2018-12-25T12:02:17.040710418Z | 59 | PC: 12b36 | Change current directory |
| 2018-12-25T12:02:17.045356228Z | 26 | PC: 12bea | Set disk transfer address |
| 2018-12-25T12:02:17.046606964Z | 78 | PC: 12bf8 | Find first file |
| 2018-12-25T12:02:17.059400299Z | 61 | PC: 12c24 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:02:17.072954708Z | 63 | PC: 12c36 | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T12:02:17.080132377Z | 44 | PC: 12c6a | Get time 0x12c6a: add dl, dh 0x12c6c: je 0x12c66 0x12c6e: mov si, 0x115 0x12c71: add si, word ptr [0x106] 0x12c75: mov byte ptr [si], dl 0x12c77: mov ax, 0x4301 0x12c7a: xor cx, cx 0x12c7c: mov dx, si 0x12c7e: add dx, 0xb2 0x12c82: int 0x21 0x12c84: mov ah, 0x3e 0x12c86: int 0x21 0x12c88: mov ax, 0x3d02 0x12c8b: int 0x21 0x12c8d: jb 0x12c45 0x12c8f: mov di, dx 0x12c91: add di, 0x5d 0x12c94: stosw word ptr es:[di], ax 0x12c95: xchg ax, bx 0x12c96: mov ah, 0x40 |
| 2018-12-25T12:02:17.082576816Z | 67 | PC: 12c84 | Get or set file attributes |
| 2018-12-25T12:02:17.101555174Z | 62 | PC: 12c88 | Close file |
| 2018-12-25T12:02:17.10361293Z | 61 | PC: 12c8d | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:02:17.11109829Z | 64 | PC: 12ca0 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:02:17.114869869Z | 64 | PC: 12cb2 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:02:17.118786325Z | 64 | PC: 12cc7 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:02:17.12185436Z | 66 | PC: 12cd0 | Move file pointer |
| 2018-12-25T12:02:17.124803296Z | 64 | PC: 12a80 | Write file or device (Write 1118 bytes on handle 5) |
| 2018-12-25T12:02:17.135636923Z | 87 | PC: 12ce9 | Get or set file date and time |
| 2018-12-25T12:02:17.138574741Z | 62 | PC: 12ced | Close file |
| 2018-12-25T12:02:17.148286223Z | 67 | PC: 12cfe | Get or set file attributes |
| 2018-12-25T12:02:17.159279546Z | 79 | PC: 12c0c | Find next file |
| 2018-12-25T12:02:17.162130384Z | 61 | PC: 12c24 | Open file (See above) |
| 2018-12-25T12:02:17.169369151Z | 63 | PC: 12c36 | Read file or device (See above) |
| 2018-12-25T12:02:17.176657309Z | 44 | PC: 12c6a | Get time (See above) |
| 2018-12-25T12:02:17.179421839Z | 67 | PC: 12c84 | Get or set file attributes (See above) |
| 2018-12-25T12:02:17.190775272Z | 62 | PC: 12c88 | Close file (See above) |
| 2018-12-25T12:02:17.192951854Z | 61 | PC: 12c8d | Open file (See above) |
| 2018-12-25T12:02:17.197583418Z | 64 | PC: 12ca0 | Write file or device (See above) |
| 2018-12-25T12:02:17.201464096Z | 64 | PC: 12cb2 | Write file or device (See above) |
| 2018-12-25T12:02:17.204665053Z | 64 | PC: 12cc7 | Write file or device (See above) |
| 2018-12-25T12:02:17.207489373Z | 66 | PC: 12cd0 | Move file pointer (See above) |
| 2018-12-25T12:02:17.209663082Z | 64 | PC: 12a80 | Write file or device (See above) |
| 2018-12-25T12:02:17.232109817Z | 87 | PC: 12ce9 | Get or set file date and time (See above) |
| 2018-12-25T12:02:17.233942218Z | 62 | PC: 12ced | Close file (See above) |
| 2018-12-25T12:02:17.243156946Z | 67 | PC: 12cfe | Get or set file attributes (See above) |
| 2018-12-25T12:02:17.255330512Z | 79 | PC: 12c0c | Find next file (See above) |
| 2018-12-25T12:02:17.258780129Z | 61 | PC: 12c24 | Open file (See above) |
| 2018-12-25T12:02:17.266682439Z | 63 | PC: 12c36 | Read file or device (See above) |
| 2018-12-25T12:02:17.273944135Z | 44 | PC: 12c6a | Get time (See above) |
| 2018-12-25T12:02:17.277222661Z | 67 | PC: 12c84 | Get or set file attributes (See above) |
| 2018-12-25T12:02:17.288015767Z | 62 | PC: 12c88 | Close file (See above) |
| 2018-12-25T12:02:17.289934099Z | 61 | PC: 12c8d | Open file (See above) |
| 2018-12-25T12:02:17.298260825Z | 64 | PC: 12ca0 | Write file or device (See above) |
| 2018-12-25T12:02:17.301216669Z | 64 | PC: 12cb2 | Write file or device (See above) |
| 2018-12-25T12:02:17.303934303Z | 64 | PC: 12cc7 | Write file or device (See above) |
| 2018-12-25T12:02:17.308035992Z | 66 | PC: 12cd0 | Move file pointer (See above) |
| 2018-12-25T12:02:17.310526477Z | 64 | PC: 12a80 | Write file or device (See above) |
| 2018-12-25T12:02:17.320780411Z | 87 | PC: 12ce9 | Get or set file date and time (See above) |
| 2018-12-25T12:02:17.323242167Z | 62 | PC: 12ced | Close file (See above) |
| 2018-12-25T12:02:17.331701439Z | 67 | PC: 12cfe | Get or set file attributes (See above) |
| 2018-12-25T12:02:17.342754978Z | 42 | PC: 12b51 | Get date 0x12b51: cmp dx, 0x709 0x12b55: je 0x12b5a 0x12b57: jmp 0x12d70 0x12b5a: jmp 0x12d04 0x12b5d: and ah, bh 0x12b5f: movsw word ptr es:[di], word ptr [si] 0x12b60: mov ax, 0x5c4c 0x12b63: add word ptr [di], ax 0x12b65: add byte ptr [di - 0x75], dl 0x12b68: in al, dx 0x12b69: sub sp, 0x2c 0x12b6c: push si 0x12b6d: jmp 0x12bdf 0x12b6f: nop 0x12b70: mov ah, 0x1a 0x12b72: lea dx, word ptr [bp - 0x2c] 0x12b75: int 0x21 0x12b77: mov ah, 0x4e 0x12b79: mov cx, 0x10 0x12b7c: mov dx, 0x1a0 |
| 2018-12-25T12:02:17.345726717Z | 59 | PC: 12d7b | Change current directory |
| 2018-12-25T12:02:17.350485441Z | 59 | PC: 12d82 | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":7648,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:02:19.732800564Z | 71 | PC: 12b2b | Get current directory |
| 2018-12-25T12:02:19.736192707Z | 59 | PC: 12b36 | Change current directory |
| 2018-12-25T12:02:19.740689054Z | 26 | PC: 12bea | Set disk transfer address |
| 2018-12-25T12:02:19.742105363Z | 78 | PC: 12bf8 | Find first file |
| 2018-12-25T12:02:19.74879304Z | 61 | PC: 12c24 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:02:19.755681345Z | 63 | PC: 12c36 | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T12:02:19.762062799Z | 44 | PC: 12c6a | Get time 0x12c6a: add dl, dh 0x12c6c: je 0x12c66 0x12c6e: mov si, 0x115 0x12c71: add si, word ptr [0x106] 0x12c75: mov byte ptr [si], dl 0x12c77: mov ax, 0x4301 0x12c7a: xor cx, cx 0x12c7c: mov dx, si 0x12c7e: add dx, 0xb2 0x12c82: int 0x21 0x12c84: mov ah, 0x3e 0x12c86: int 0x21 0x12c88: mov ax, 0x3d02 0x12c8b: int 0x21 0x12c8d: jb 0x12c45 0x12c8f: mov di, dx 0x12c91: add di, 0x5d 0x12c94: stosw word ptr es:[di], ax 0x12c95: xchg ax, bx 0x12c96: mov ah, 0x40 |
| 2018-12-25T12:02:19.764587748Z | 67 | PC: 12c84 | Get or set file attributes |
| 2018-12-25T12:02:19.782745077Z | 62 | PC: 12c88 | Close file |
| 2018-12-25T12:02:19.784815008Z | 61 | PC: 12c8d | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:02:19.796769354Z | 64 | PC: 12ca0 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:02:19.804449607Z | 64 | PC: 12cb2 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:02:19.80705791Z | 64 | PC: 12cc7 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:02:19.809614782Z | 66 | PC: 12cd0 | Move file pointer |
| 2018-12-25T12:02:19.812404717Z | 64 | PC: 12a80 | Write file or device (Write 1118 bytes on handle 5) |
| 2018-12-25T12:02:19.821646023Z | 87 | PC: 12ce9 | Get or set file date and time |
| 2018-12-25T12:02:19.823188821Z | 62 | PC: 12ced | Close file |
| 2018-12-25T12:02:19.831493682Z | 67 | PC: 12cfe | Get or set file attributes |
| 2018-12-25T12:02:19.841383136Z | 79 | PC: 12c0c | Find next file |
| 2018-12-25T12:02:19.843927437Z | 61 | PC: 12c24 | Open file (See above) |
| 2018-12-25T12:02:19.850836835Z | 63 | PC: 12c36 | Read file or device (See above) |
| 2018-12-25T12:02:19.857191434Z | 44 | PC: 12c6a | Get time (See above) |
| 2018-12-25T12:02:19.859237715Z | 67 | PC: 12c84 | Get or set file attributes (See above) |
| 2018-12-25T12:02:19.870649917Z | 62 | PC: 12c88 | Close file (See above) |
| 2018-12-25T12:02:19.872524045Z | 61 | PC: 12c8d | Open file (See above) |
| 2018-12-25T12:02:19.879719464Z | 64 | PC: 12ca0 | Write file or device (See above) |
| 2018-12-25T12:02:19.883981697Z | 64 | PC: 12cb2 | Write file or device (See above) |
| 2018-12-25T12:02:19.8866015Z | 64 | PC: 12cc7 | Write file or device (See above) |
| 2018-12-25T12:02:19.889083073Z | 66 | PC: 12cd0 | Move file pointer (See above) |
| 2018-12-25T12:02:19.891335166Z | 64 | PC: 12a80 | Write file or device (See above) |
| 2018-12-25T12:02:19.900634412Z | 87 | PC: 12ce9 | Get or set file date and time (See above) |
| 2018-12-25T12:02:19.902377382Z | 62 | PC: 12ced | Close file (See above) |
| 2018-12-25T12:02:19.910327455Z | 67 | PC: 12cfe | Get or set file attributes (See above) |
| 2018-12-25T12:02:19.921106705Z | 79 | PC: 12c0c | Find next file (See above) |
| 2018-12-25T12:02:19.924419848Z | 61 | PC: 12c24 | Open file (See above) |
| 2018-12-25T12:02:19.931734825Z | 63 | PC: 12c36 | Read file or device (See above) |
| 2018-12-25T12:02:19.938077002Z | 44 | PC: 12c6a | Get time (See above) |
| 2018-12-25T12:02:19.940059229Z | 67 | PC: 12c84 | Get or set file attributes (See above) |
| 2018-12-25T12:02:19.949953832Z | 62 | PC: 12c88 | Close file (See above) |
| 2018-12-25T12:02:19.951730896Z | 61 | PC: 12c8d | Open file (See above) |
| 2018-12-25T12:02:19.958993091Z | 64 | PC: 12ca0 | Write file or device (See above) |
| 2018-12-25T12:02:19.961892886Z | 64 | PC: 12cb2 | Write file or device (See above) |
| 2018-12-25T12:02:19.968178349Z | 64 | PC: 12cc7 | Write file or device (See above) |
| 2018-12-25T12:02:19.970772427Z | 66 | PC: 12cd0 | Move file pointer (See above) |
| 2018-12-25T12:02:19.972816332Z | 64 | PC: 12a80 | Write file or device (See above) |
| 2018-12-25T12:02:19.982317623Z | 87 | PC: 12ce9 | Get or set file date and time (See above) |
| 2018-12-25T12:02:19.983860827Z | 62 | PC: 12ced | Close file (See above) |
| 2018-12-25T12:02:19.991649362Z | 67 | PC: 12cfe | Get or set file attributes (See above) |
| 2018-12-25T12:02:20.003521639Z | 42 | PC: 12b51 | Get date 0x12b51: cmp dx, 0x709 0x12b55: je 0x12b5a 0x12b57: jmp 0x12d70 0x12b5a: jmp 0x12d04 0x12b5d: and ah, bh 0x12b5f: movsw word ptr es:[di], word ptr [si] 0x12b60: mov ax, 0x5c4c 0x12b63: add word ptr [di], ax 0x12b65: add byte ptr [di - 0x75], dl 0x12b68: in al, dx 0x12b69: sub sp, 0x2c 0x12b6c: push si 0x12b6d: jmp 0x12bdf 0x12b6f: nop 0x12b70: mov ah, 0x1a 0x12b72: lea dx, word ptr [bp - 0x2c] 0x12b75: int 0x21 0x12b77: mov ah, 0x4e 0x12b79: mov cx, 0x10 0x12b7c: mov dx, 0x1a0 |
| 2018-12-25T12:02:20.006427363Z | 59 | PC: 12d7b | Change current directory |
| 2018-12-25T12:02:20.010318042Z | 59 | PC: 12d82 | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":7648,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:02:19.763137199Z | 71 | PC: 12b2b | Get current directory |
| 2018-12-25T12:02:19.766681059Z | 59 | PC: 12b36 | Change current directory |
| 2018-12-25T12:02:19.769536743Z | 26 | PC: 12bea | Set disk transfer address |
| 2018-12-25T12:02:19.770613581Z | 78 | PC: 12bf8 | Find first file |
| 2018-12-25T12:02:19.777489898Z | 61 | PC: 12c24 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:02:19.788280443Z | 63 | PC: 12c36 | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T12:02:19.801339325Z | 44 | PC: 12c6a | Get time 0x12c6a: add dl, dh 0x12c6c: je 0x12c66 0x12c6e: mov si, 0x115 0x12c71: add si, word ptr [0x106] 0x12c75: mov byte ptr [si], dl 0x12c77: mov ax, 0x4301 0x12c7a: xor cx, cx 0x12c7c: mov dx, si 0x12c7e: add dx, 0xb2 0x12c82: int 0x21 0x12c84: mov ah, 0x3e 0x12c86: int 0x21 0x12c88: mov ax, 0x3d02 0x12c8b: int 0x21 0x12c8d: jb 0x12c45 0x12c8f: mov di, dx 0x12c91: add di, 0x5d 0x12c94: stosw word ptr es:[di], ax 0x12c95: xchg ax, bx 0x12c96: mov ah, 0x40 |
| 2018-12-25T12:02:19.803738849Z | 67 | PC: 12c84 | Get or set file attributes |
| 2018-12-25T12:02:19.824093668Z | 62 | PC: 12c88 | Close file |
| 2018-12-25T12:02:19.82681245Z | 61 | PC: 12c8d | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:02:19.834961728Z | 64 | PC: 12ca0 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:02:19.842832838Z | 64 | PC: 12cb2 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:02:19.845824534Z | 64 | PC: 12cc7 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:02:19.848694044Z | 66 | PC: 12cd0 | Move file pointer |
| 2018-12-25T12:02:19.851549586Z | 64 | PC: 12a80 | Write file or device (Write 1118 bytes on handle 5) |
| 2018-12-25T12:02:19.862687505Z | 87 | PC: 12ce9 | Get or set file date and time |
| 2018-12-25T12:02:19.864253343Z | 62 | PC: 12ced | Close file |
| 2018-12-25T12:02:19.873745741Z | 67 | PC: 12cfe | Get or set file attributes |
| 2018-12-25T12:02:19.884683069Z | 79 | PC: 12c0c | Find next file |
| 2018-12-25T12:02:19.887845006Z | 61 | PC: 12c24 | Open file (See above) |
| 2018-12-25T12:02:19.895986398Z | 63 | PC: 12c36 | Read file or device (See above) |
| 2018-12-25T12:02:19.902864986Z | 44 | PC: 12c6a | Get time (See above) |
| 2018-12-25T12:02:19.905069087Z | 67 | PC: 12c84 | Get or set file attributes (See above) |
| 2018-12-25T12:02:19.915749291Z | 62 | PC: 12c88 | Close file (See above) |
| 2018-12-25T12:02:19.917816208Z | 61 | PC: 12c8d | Open file (See above) |
| 2018-12-25T12:02:19.924964605Z | 64 | PC: 12ca0 | Write file or device (See above) |
| 2018-12-25T12:02:19.927879825Z | 64 | PC: 12cb2 | Write file or device (See above) |
| 2018-12-25T12:02:19.930870717Z | 64 | PC: 12cc7 | Write file or device (See above) |
| 2018-12-25T12:02:19.933582034Z | 66 | PC: 12cd0 | Move file pointer (See above) |
| 2018-12-25T12:02:19.935467108Z | 64 | PC: 12a80 | Write file or device (See above) |
| 2018-12-25T12:02:19.945451312Z | 87 | PC: 12ce9 | Get or set file date and time (See above) |
| 2018-12-25T12:02:19.950265563Z | 62 | PC: 12ced | Close file (See above) |
| 2018-12-25T12:02:19.958930825Z | 67 | PC: 12cfe | Get or set file attributes (See above) |
| 2018-12-25T12:02:19.969909976Z | 79 | PC: 12c0c | Find next file (See above) |
| 2018-12-25T12:02:19.973177412Z | 61 | PC: 12c24 | Open file (See above) |
| 2018-12-25T12:02:19.980650668Z | 63 | PC: 12c36 | Read file or device (See above) |
| 2018-12-25T12:02:19.988634642Z | 44 | PC: 12c6a | Get time (See above) |
| 2018-12-25T12:02:19.9913084Z | 67 | PC: 12c84 | Get or set file attributes (See above) |
| 2018-12-25T12:02:20.002689923Z | 62 | PC: 12c88 | Close file (See above) |
| 2018-12-25T12:02:20.005226796Z | 61 | PC: 12c8d | Open file (See above) |
| 2018-12-25T12:02:20.012790862Z | 64 | PC: 12ca0 | Write file or device (See above) |
| 2018-12-25T12:02:20.015839677Z | 64 | PC: 12cb2 | Write file or device (See above) |
| 2018-12-25T12:02:20.020139637Z | 64 | PC: 12cc7 | Write file or device (See above) |
| 2018-12-25T12:02:20.023607187Z | 66 | PC: 12cd0 | Move file pointer (See above) |
| 2018-12-25T12:02:20.026042361Z | 64 | PC: 12a80 | Write file or device (See above) |
| 2018-12-25T12:02:20.036870201Z | 87 | PC: 12ce9 | Get or set file date and time (See above) |
| 2018-12-25T12:02:20.03851489Z | 62 | PC: 12ced | Close file (See above) |
| 2018-12-25T12:02:20.04463594Z | 67 | PC: 12cfe | Get or set file attributes (See above) |
| 2018-12-25T12:02:20.051866798Z | 42 | PC: 12b51 | Get date 0x12b51: cmp dx, 0x709 0x12b55: je 0x12b5a 0x12b57: jmp 0x12d70 0x12b5a: jmp 0x12d04 0x12b5d: and ah, bh 0x12b5f: movsw word ptr es:[di], word ptr [si] 0x12b60: mov ax, 0x5c4c 0x12b63: add word ptr [di], ax 0x12b65: add byte ptr [di - 0x75], dl 0x12b68: in al, dx 0x12b69: sub sp, 0x2c 0x12b6c: push si 0x12b6d: jmp 0x12bdf 0x12b6f: nop 0x12b70: mov ah, 0x1a 0x12b72: lea dx, word ptr [bp - 0x2c] 0x12b75: int 0x21 0x12b77: mov ah, 0x4e 0x12b79: mov cx, 0x10 0x12b7c: mov dx, 0x1a0 |
| 2018-12-25T12:02:20.054050271Z | 59 | PC: 12d7b | Change current directory |
| 2018-12-25T12:02:20.057052872Z | 59 | PC: 12d82 | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":7648,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:02:19.970998942Z | 71 | PC: 12b2b | Get current directory |
| 2018-12-25T12:02:19.973273893Z | 59 | PC: 12b36 | Change current directory |
| 2018-12-25T12:02:19.976324841Z | 26 | PC: 12bea | Set disk transfer address |
| 2018-12-25T12:02:19.977224633Z | 78 | PC: 12bf8 | Find first file |
| 2018-12-25T12:02:19.9815185Z | 61 | PC: 12c24 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:02:19.985949748Z | 63 | PC: 12c36 | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T12:02:19.989980502Z | 44 | PC: 12c6a | Get time 0x12c6a: add dl, dh 0x12c6c: je 0x12c66 0x12c6e: mov si, 0x115 0x12c71: add si, word ptr [0x106] 0x12c75: mov byte ptr [si], dl 0x12c77: mov ax, 0x4301 0x12c7a: xor cx, cx 0x12c7c: mov dx, si 0x12c7e: add dx, 0xb2 0x12c82: int 0x21 0x12c84: mov ah, 0x3e 0x12c86: int 0x21 0x12c88: mov ax, 0x3d02 0x12c8b: int 0x21 0x12c8d: jb 0x12c45 0x12c8f: mov di, dx 0x12c91: add di, 0x5d 0x12c94: stosw word ptr es:[di], ax 0x12c95: xchg ax, bx 0x12c96: mov ah, 0x40 |
| 2018-12-25T12:02:19.991436538Z | 67 | PC: 12c84 | Get or set file attributes |
| 2018-12-25T12:02:20.011301419Z | 62 | PC: 12c88 | Close file |
| 2018-12-25T12:02:20.013276834Z | 61 | PC: 12c8d | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:02:20.026050008Z | 64 | PC: 12ca0 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:02:20.031369959Z | 64 | PC: 12cb2 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:02:20.033667683Z | 64 | PC: 12cc7 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:02:20.03551208Z | 66 | PC: 12cd0 | Move file pointer |
| 2018-12-25T12:02:20.037439006Z | 64 | PC: 12a80 | Write file or device (Write 1118 bytes on handle 5) |
| 2018-12-25T12:02:20.043338609Z | 87 | PC: 12ce9 | Get or set file date and time |
| 2018-12-25T12:02:20.0446059Z | 62 | PC: 12ced | Close file |
| 2018-12-25T12:02:20.050728587Z | 67 | PC: 12cfe | Get or set file attributes |
| 2018-12-25T12:02:20.057276707Z | 79 | PC: 12c0c | Find next file |
| 2018-12-25T12:02:20.06007872Z | 61 | PC: 12c24 | Open file (See above) |
| 2018-12-25T12:02:20.067785025Z | 63 | PC: 12c36 | Read file or device (See above) |
| 2018-12-25T12:02:20.074843999Z | 44 | PC: 12c6a | Get time (See above) |
| 2018-12-25T12:02:20.080187371Z | 67 | PC: 12c84 | Get or set file attributes (See above) |
| 2018-12-25T12:02:20.091401655Z | 62 | PC: 12c88 | Close file (See above) |
| 2018-12-25T12:02:20.09319246Z | 61 | PC: 12c8d | Open file (See above) |
| 2018-12-25T12:02:20.101071842Z | 64 | PC: 12ca0 | Write file or device (See above) |
| 2018-12-25T12:02:20.104303607Z | 64 | PC: 12cb2 | Write file or device (See above) |
| 2018-12-25T12:02:20.107047138Z | 64 | PC: 12cc7 | Write file or device (See above) |
| 2018-12-25T12:02:20.109760597Z | 66 | PC: 12cd0 | Move file pointer (See above) |
| 2018-12-25T12:02:20.111616566Z | 64 | PC: 12a80 | Write file or device (See above) |
| 2018-12-25T12:02:20.134801487Z | 87 | PC: 12ce9 | Get or set file date and time (See above) |
| 2018-12-25T12:02:20.136640778Z | 62 | PC: 12ced | Close file (See above) |
| 2018-12-25T12:02:20.145400904Z | 67 | PC: 12cfe | Get or set file attributes (See above) |
| 2018-12-25T12:02:20.156564052Z | 79 | PC: 12c0c | Find next file (See above) |
| 2018-12-25T12:02:20.159998614Z | 61 | PC: 12c24 | Open file (See above) |
| 2018-12-25T12:02:20.167029892Z | 63 | PC: 12c36 | Read file or device (See above) |
| 2018-12-25T12:02:20.174508898Z | 44 | PC: 12c6a | Get time (See above) |
| 2018-12-25T12:02:20.176768326Z | 67 | PC: 12c84 | Get or set file attributes (See above) |
| 2018-12-25T12:02:20.187748365Z | 62 | PC: 12c88 | Close file (See above) |
| 2018-12-25T12:02:20.190145279Z | 61 | PC: 12c8d | Open file (See above) |
| 2018-12-25T12:02:20.197292768Z | 64 | PC: 12ca0 | Write file or device (See above) |
| 2018-12-25T12:02:20.200166409Z | 64 | PC: 12cb2 | Write file or device (See above) |
| 2018-12-25T12:02:20.203439941Z | 64 | PC: 12cc7 | Write file or device (See above) |
| 2018-12-25T12:02:20.206576738Z | 66 | PC: 12cd0 | Move file pointer (See above) |
| 2018-12-25T12:02:20.208593127Z | 64 | PC: 12a80 | Write file or device (See above) |
| 2018-12-25T12:02:20.218948823Z | 87 | PC: 12ce9 | Get or set file date and time (See above) |
| 2018-12-25T12:02:20.221343742Z | 62 | PC: 12ced | Close file (See above) |
| 2018-12-25T12:02:20.229720792Z | 67 | PC: 12cfe | Get or set file attributes (See above) |
| 2018-12-25T12:02:20.240983474Z | 42 | PC: 12b51 | Get date 0x12b51: cmp dx, 0x709 0x12b55: je 0x12b5a 0x12b57: jmp 0x12d70 0x12b5a: jmp 0x12d04 0x12b5d: and ah, bh 0x12b5f: movsw word ptr es:[di], word ptr [si] 0x12b60: mov ax, 0x5c4c 0x12b63: add word ptr [di], ax 0x12b65: add byte ptr [di - 0x75], dl 0x12b68: in al, dx 0x12b69: sub sp, 0x2c 0x12b6c: push si 0x12b6d: jmp 0x12bdf 0x12b6f: nop 0x12b70: mov ah, 0x1a 0x12b72: lea dx, word ptr [bp - 0x2c] 0x12b75: int 0x21 0x12b77: mov ah, 0x4e 0x12b79: mov cx, 0x10 0x12b7c: mov dx, 0x1a0 |
| 2018-12-25T12:02:20.243267673Z | 59 | PC: 12d7b | Change current directory |
| 2018-12-25T12:02:20.247542462Z | 59 | PC: 12d82 | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":7648,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:02:20.417959411Z | 71 | PC: 12b2b | Get current directory |
| 2018-12-25T12:02:20.420814157Z | 59 | PC: 12b36 | Change current directory |
| 2018-12-25T12:02:20.423994948Z | 26 | PC: 12bea | Set disk transfer address |
| 2018-12-25T12:02:20.425124117Z | 78 | PC: 12bf8 | Find first file |
| 2018-12-25T12:02:20.431071972Z | 61 | PC: 12c24 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:02:20.437761793Z | 63 | PC: 12c36 | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T12:02:20.444037771Z | 44 | PC: 12c6a | Get time 0x12c6a: add dl, dh 0x12c6c: je 0x12c66 0x12c6e: mov si, 0x115 0x12c71: add si, word ptr [0x106] 0x12c75: mov byte ptr [si], dl 0x12c77: mov ax, 0x4301 0x12c7a: xor cx, cx 0x12c7c: mov dx, si 0x12c7e: add dx, 0xb2 0x12c82: int 0x21 0x12c84: mov ah, 0x3e 0x12c86: int 0x21 0x12c88: mov ax, 0x3d02 0x12c8b: int 0x21 0x12c8d: jb 0x12c45 0x12c8f: mov di, dx 0x12c91: add di, 0x5d 0x12c94: stosw word ptr es:[di], ax 0x12c95: xchg ax, bx 0x12c96: mov ah, 0x40 |
| 2018-12-25T12:02:20.446434845Z | 67 | PC: 12c84 | Get or set file attributes |
| 2018-12-25T12:02:20.464811436Z | 62 | PC: 12c88 | Close file |
| 2018-12-25T12:02:20.466509278Z | 61 | PC: 12c8d | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:02:20.477369218Z | 64 | PC: 12ca0 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:02:20.484468869Z | 64 | PC: 12cb2 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:02:20.487002783Z | 64 | PC: 12cc7 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:02:20.489469011Z | 66 | PC: 12cd0 | Move file pointer |
| 2018-12-25T12:02:20.491894984Z | 64 | PC: 12a80 | Write file or device (Write 1118 bytes on handle 5) |
| 2018-12-25T12:02:20.500614058Z | 87 | PC: 12ce9 | Get or set file date and time |
| 2018-12-25T12:02:20.502062415Z | 62 | PC: 12ced | Close file |
| 2018-12-25T12:02:20.51052861Z | 67 | PC: 12cfe | Get or set file attributes |
| 2018-12-25T12:02:20.520020202Z | 79 | PC: 12c0c | Find next file |
| 2018-12-25T12:02:20.522463389Z | 61 | PC: 12c24 | Open file (See above) |
| 2018-12-25T12:02:20.529508621Z | 63 | PC: 12c36 | Read file or device (See above) |
| 2018-12-25T12:02:20.535570218Z | 44 | PC: 12c6a | Get time (See above) |
| 2018-12-25T12:02:20.537487282Z | 67 | PC: 12c84 | Get or set file attributes (See above) |
| 2018-12-25T12:02:20.547925774Z | 62 | PC: 12c88 | Close file (See above) |
| 2018-12-25T12:02:20.555837521Z | 61 | PC: 12c8d | Open file (See above) |
| 2018-12-25T12:02:20.562011937Z | 64 | PC: 12ca0 | Write file or device (See above) |
| 2018-12-25T12:02:20.564963663Z | 64 | PC: 12cb2 | Write file or device (See above) |
| 2018-12-25T12:02:20.567712182Z | 64 | PC: 12cc7 | Write file or device (See above) |
| 2018-12-25T12:02:20.570217447Z | 66 | PC: 12cd0 | Move file pointer (See above) |
| 2018-12-25T12:02:20.571880261Z | 64 | PC: 12a80 | Write file or device (See above) |
| 2018-12-25T12:02:20.580841675Z | 87 | PC: 12ce9 | Get or set file date and time (See above) |
| 2018-12-25T12:02:20.582221676Z | 62 | PC: 12ced | Close file (See above) |
| 2018-12-25T12:02:20.589626473Z | 67 | PC: 12cfe | Get or set file attributes (See above) |
| 2018-12-25T12:02:20.60633241Z | 79 | PC: 12c0c | Find next file (See above) |
| 2018-12-25T12:02:20.60905923Z | 61 | PC: 12c24 | Open file (See above) |
| 2018-12-25T12:02:20.615300174Z | 63 | PC: 12c36 | Read file or device (See above) |
| 2018-12-25T12:02:20.622182168Z | 44 | PC: 12c6a | Get time (See above) |
| 2018-12-25T12:02:20.624242152Z | 67 | PC: 12c84 | Get or set file attributes (See above) |
| 2018-12-25T12:02:20.633735345Z | 62 | PC: 12c88 | Close file (See above) |
| 2018-12-25T12:02:20.635835859Z | 61 | PC: 12c8d | Open file (See above) |
| 2018-12-25T12:02:20.642094297Z | 64 | PC: 12ca0 | Write file or device (See above) |
| 2018-12-25T12:02:20.644710664Z | 64 | PC: 12cb2 | Write file or device (See above) |
| 2018-12-25T12:02:20.648042412Z | 64 | PC: 12cc7 | Write file or device (See above) |
| 2018-12-25T12:02:20.650483432Z | 66 | PC: 12cd0 | Move file pointer (See above) |
| 2018-12-25T12:02:20.652217262Z | 64 | PC: 12a80 | Write file or device (See above) |
| 2018-12-25T12:02:20.661266248Z | 87 | PC: 12ce9 | Get or set file date and time (See above) |
| 2018-12-25T12:02:20.662842115Z | 62 | PC: 12ced | Close file (See above) |
| 2018-12-25T12:02:20.670343035Z | 67 | PC: 12cfe | Get or set file attributes (See above) |
| 2018-12-25T12:02:20.68018654Z | 42 | PC: 12b51 | Get date 0x12b51: cmp dx, 0x709 0x12b55: je 0x12b5a 0x12b57: jmp 0x12d70 0x12b5a: jmp 0x12d04 0x12b5d: and ah, bh 0x12b5f: movsw word ptr es:[di], word ptr [si] 0x12b60: mov ax, 0x5c4c 0x12b63: add word ptr [di], ax 0x12b65: add byte ptr [di - 0x75], dl 0x12b68: in al, dx 0x12b69: sub sp, 0x2c 0x12b6c: push si 0x12b6d: jmp 0x12bdf 0x12b6f: nop 0x12b70: mov ah, 0x1a 0x12b72: lea dx, word ptr [bp - 0x2c] 0x12b75: int 0x21 0x12b77: mov ah, 0x4e 0x12b79: mov cx, 0x10 0x12b7c: mov dx, 0x1a0 |
| 2018-12-25T12:02:20.68229459Z | 59 | PC: 12d7b | Change current directory |
| 2018-12-25T12:02:20.687146236Z | 59 | PC: 12d82 | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":7648,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:02:20.517109774Z | 71 | PC: 12b2b | Get current directory |
| 2018-12-25T12:02:20.520396405Z | 59 | PC: 12b36 | Change current directory |
| 2018-12-25T12:02:20.524901905Z | 26 | PC: 12bea | Set disk transfer address |
| 2018-12-25T12:02:20.52598331Z | 78 | PC: 12bf8 | Find first file |
| 2018-12-25T12:02:20.538583748Z | 61 | PC: 12c24 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:02:20.5474281Z | 63 | PC: 12c36 | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T12:02:20.554724311Z | 44 | PC: 12c6a | Get time 0x12c6a: add dl, dh 0x12c6c: je 0x12c66 0x12c6e: mov si, 0x115 0x12c71: add si, word ptr [0x106] 0x12c75: mov byte ptr [si], dl 0x12c77: mov ax, 0x4301 0x12c7a: xor cx, cx 0x12c7c: mov dx, si 0x12c7e: add dx, 0xb2 0x12c82: int 0x21 0x12c84: mov ah, 0x3e 0x12c86: int 0x21 0x12c88: mov ax, 0x3d02 0x12c8b: int 0x21 0x12c8d: jb 0x12c45 0x12c8f: mov di, dx 0x12c91: add di, 0x5d 0x12c94: stosw word ptr es:[di], ax 0x12c95: xchg ax, bx 0x12c96: mov ah, 0x40 |
| 2018-12-25T12:02:20.557378942Z | 67 | PC: 12c84 | Get or set file attributes |
| 2018-12-25T12:02:20.575105633Z | 62 | PC: 12c88 | Close file |
| 2018-12-25T12:02:20.577249845Z | 61 | PC: 12c8d | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:02:20.5820121Z | 64 | PC: 12ca0 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:02:20.585529798Z | 64 | PC: 12cb2 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:02:20.590639725Z | 64 | PC: 12cc7 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:02:20.593498484Z | 66 | PC: 12cd0 | Move file pointer |
| 2018-12-25T12:02:20.596057153Z | 64 | PC: 12a80 | Write file or device (Write 1118 bytes on handle 5) |
| 2018-12-25T12:02:20.605185138Z | 87 | PC: 12ce9 | Get or set file date and time |
| 2018-12-25T12:02:20.606857031Z | 62 | PC: 12ced | Close file |
| 2018-12-25T12:02:20.613207361Z | 67 | PC: 12cfe | Get or set file attributes |
| 2018-12-25T12:02:20.624672732Z | 79 | PC: 12c0c | Find next file |
| 2018-12-25T12:02:20.626562687Z | 61 | PC: 12c24 | Open file (See above) |
| 2018-12-25T12:02:20.631138561Z | 63 | PC: 12c36 | Read file or device (See above) |
| 2018-12-25T12:02:20.63582826Z | 44 | PC: 12c6a | Get time (See above) |
| 2018-12-25T12:02:20.63739173Z | 67 | PC: 12c84 | Get or set file attributes (See above) |
| 2018-12-25T12:02:20.644229369Z | 62 | PC: 12c88 | Close file (See above) |
| 2018-12-25T12:02:20.646714752Z | 61 | PC: 12c8d | Open file (See above) |
| 2018-12-25T12:02:20.66121562Z | 64 | PC: 12ca0 | Write file or device (See above) |
| 2018-12-25T12:02:20.666383706Z | 64 | PC: 12cb2 | Write file or device (See above) |
| 2018-12-25T12:02:20.668814873Z | 64 | PC: 12cc7 | Write file or device (See above) |
| 2018-12-25T12:02:20.671635972Z | 66 | PC: 12cd0 | Move file pointer (See above) |
| 2018-12-25T12:02:20.673778444Z | 64 | PC: 12a80 | Write file or device (See above) |
| 2018-12-25T12:02:20.681487695Z | 87 | PC: 12ce9 | Get or set file date and time (See above) |
| 2018-12-25T12:02:20.682948602Z | 62 | PC: 12ced | Close file (See above) |
| 2018-12-25T12:02:20.688250012Z | 67 | PC: 12cfe | Get or set file attributes (See above) |
| 2018-12-25T12:02:20.695794863Z | 79 | PC: 12c0c | Find next file (See above) |
| 2018-12-25T12:02:20.700963623Z | 61 | PC: 12c24 | Open file (See above) |
| 2018-12-25T12:02:20.705366989Z | 63 | PC: 12c36 | Read file or device (See above) |
| 2018-12-25T12:02:20.710526444Z | 44 | PC: 12c6a | Get time (See above) |
| 2018-12-25T12:02:20.712501753Z | 67 | PC: 12c84 | Get or set file attributes (See above) |
| 2018-12-25T12:02:20.719642247Z | 62 | PC: 12c88 | Close file (See above) |
| 2018-12-25T12:02:20.722231782Z | 61 | PC: 12c8d | Open file (See above) |
| 2018-12-25T12:02:20.732548279Z | 64 | PC: 12ca0 | Write file or device (See above) |
| 2018-12-25T12:02:20.740289095Z | 64 | PC: 12cb2 | Write file or device (See above) |
| 2018-12-25T12:02:20.743274456Z | 64 | PC: 12cc7 | Write file or device (See above) |
| 2018-12-25T12:02:20.746275207Z | 66 | PC: 12cd0 | Move file pointer (See above) |
| 2018-12-25T12:02:20.74863158Z | 64 | PC: 12a80 | Write file or device (See above) |
| 2018-12-25T12:02:20.758815929Z | 87 | PC: 12ce9 | Get or set file date and time (See above) |
| 2018-12-25T12:02:20.761633724Z | 62 | PC: 12ced | Close file (See above) |
| 2018-12-25T12:02:20.780004927Z | 67 | PC: 12cfe | Get or set file attributes (See above) |
| 2018-12-25T12:02:20.790969174Z | 42 | PC: 12b51 | Get date 0x12b51: cmp dx, 0x709 0x12b55: je 0x12b5a 0x12b57: jmp 0x12d70 0x12b5a: jmp 0x12d04 0x12b5d: and ah, bh 0x12b5f: movsw word ptr es:[di], word ptr [si] 0x12b60: mov ax, 0x5c4c 0x12b63: add word ptr [di], ax 0x12b65: add byte ptr [di - 0x75], dl 0x12b68: in al, dx 0x12b69: sub sp, 0x2c 0x12b6c: push si 0x12b6d: jmp 0x12bdf 0x12b6f: nop 0x12b70: mov ah, 0x1a 0x12b72: lea dx, word ptr [bp - 0x2c] 0x12b75: int 0x21 0x12b77: mov ah, 0x4e 0x12b79: mov cx, 0x10 0x12b7c: mov dx, 0x1a0 |
| 2018-12-25T12:02:20.793997208Z | 59 | PC: 12d7b | Change current directory |
| 2018-12-25T12:02:20.798384679Z | 59 | PC: 12d82 | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":7648,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:02:20.583878874Z | 71 | PC: 12b2b | Get current directory |
| 2018-12-25T12:02:20.58772789Z | 59 | PC: 12b36 | Change current directory |
| 2018-12-25T12:02:20.592460269Z | 26 | PC: 12bea | Set disk transfer address |
| 2018-12-25T12:02:20.594018283Z | 78 | PC: 12bf8 | Find first file |
| 2018-12-25T12:02:20.600700216Z | 61 | PC: 12c24 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:02:20.608443694Z | 63 | PC: 12c36 | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T12:02:20.613539514Z | 44 | PC: 12c6a | Get time 0x12c6a: add dl, dh 0x12c6c: je 0x12c66 0x12c6e: mov si, 0x115 0x12c71: add si, word ptr [0x106] 0x12c75: mov byte ptr [si], dl 0x12c77: mov ax, 0x4301 0x12c7a: xor cx, cx 0x12c7c: mov dx, si 0x12c7e: add dx, 0xb2 0x12c82: int 0x21 0x12c84: mov ah, 0x3e 0x12c86: int 0x21 0x12c88: mov ax, 0x3d02 0x12c8b: int 0x21 0x12c8d: jb 0x12c45 0x12c8f: mov di, dx 0x12c91: add di, 0x5d 0x12c94: stosw word ptr es:[di], ax 0x12c95: xchg ax, bx 0x12c96: mov ah, 0x40 |
| 2018-12-25T12:02:20.6153564Z | 67 | PC: 12c84 | Get or set file attributes |
| 2018-12-25T12:02:20.632228894Z | 62 | PC: 12c88 | Close file |
| 2018-12-25T12:02:20.634388677Z | 61 | PC: 12c8d | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:02:20.642448528Z | 64 | PC: 12ca0 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:02:20.652332337Z | 64 | PC: 12cb2 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:02:20.655505613Z | 64 | PC: 12cc7 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:02:20.659960874Z | 66 | PC: 12cd0 | Move file pointer |
| 2018-12-25T12:02:20.663077417Z | 64 | PC: 12a80 | Write file or device (Write 1118 bytes on handle 5) |
| 2018-12-25T12:02:20.673102695Z | 87 | PC: 12ce9 | Get or set file date and time |
| 2018-12-25T12:02:20.674996015Z | 62 | PC: 12ced | Close file |
| 2018-12-25T12:02:20.683731229Z | 67 | PC: 12cfe | Get or set file attributes |
| 2018-12-25T12:02:20.695058241Z | 79 | PC: 12c0c | Find next file |
| 2018-12-25T12:02:20.699021375Z | 61 | PC: 12c24 | Open file (See above) |
| 2018-12-25T12:02:20.706761897Z | 63 | PC: 12c36 | Read file or device (See above) |
| 2018-12-25T12:02:20.716031579Z | 44 | PC: 12c6a | Get time (See above) |
| 2018-12-25T12:02:20.718841049Z | 67 | PC: 12c84 | Get or set file attributes (See above) |
| 2018-12-25T12:02:20.730106671Z | 62 | PC: 12c88 | Close file (See above) |
| 2018-12-25T12:02:20.732970892Z | 61 | PC: 12c8d | Open file (See above) |
| 2018-12-25T12:02:20.740533542Z | 64 | PC: 12ca0 | Write file or device (See above) |
| 2018-12-25T12:02:20.742571553Z | 64 | PC: 12cb2 | Write file or device (See above) |
| 2018-12-25T12:02:20.746144665Z | 64 | PC: 12cc7 | Write file or device (See above) |
| 2018-12-25T12:02:20.748319238Z | 66 | PC: 12cd0 | Move file pointer (See above) |
| 2018-12-25T12:02:20.749889172Z | 64 | PC: 12a80 | Write file or device (See above) |
| 2018-12-25T12:02:20.759702207Z | 87 | PC: 12ce9 | Get or set file date and time (See above) |
| 2018-12-25T12:02:20.761711626Z | 62 | PC: 12ced | Close file (See above) |
| 2018-12-25T12:02:20.770561789Z | 67 | PC: 12cfe | Get or set file attributes (See above) |
| 2018-12-25T12:02:20.783110957Z | 79 | PC: 12c0c | Find next file (See above) |
| 2018-12-25T12:02:20.786820007Z | 61 | PC: 12c24 | Open file (See above) |
| 2018-12-25T12:02:20.794496466Z | 63 | PC: 12c36 | Read file or device (See above) |
| 2018-12-25T12:02:20.802020183Z | 44 | PC: 12c6a | Get time (See above) |
| 2018-12-25T12:02:20.804789264Z | 67 | PC: 12c84 | Get or set file attributes (See above) |
| 2018-12-25T12:02:20.816098293Z | 62 | PC: 12c88 | Close file (See above) |
| 2018-12-25T12:02:20.818356707Z | 61 | PC: 12c8d | Open file (See above) |
| 2018-12-25T12:02:20.827132841Z | 64 | PC: 12ca0 | Write file or device (See above) |
| 2018-12-25T12:02:20.830158597Z | 64 | PC: 12cb2 | Write file or device (See above) |
| 2018-12-25T12:02:20.833390075Z | 64 | PC: 12cc7 | Write file or device (See above) |
| 2018-12-25T12:02:20.836698357Z | 66 | PC: 12cd0 | Move file pointer (See above) |
| 2018-12-25T12:02:20.83873223Z | 64 | PC: 12a80 | Write file or device (See above) |
| 2018-12-25T12:02:20.8496191Z | 87 | PC: 12ce9 | Get or set file date and time (See above) |
| 2018-12-25T12:02:20.855245059Z | 62 | PC: 12ced | Close file (See above) |
| 2018-12-25T12:02:20.864134362Z | 67 | PC: 12cfe | Get or set file attributes (See above) |
| 2018-12-25T12:02:20.875381826Z | 42 | PC: 12b51 | Get date 0x12b51: cmp dx, 0x709 0x12b55: je 0x12b5a 0x12b57: jmp 0x12d70 0x12b5a: jmp 0x12d04 0x12b5d: and ah, bh 0x12b5f: movsw word ptr es:[di], word ptr [si] 0x12b60: mov ax, 0x5c4c 0x12b63: add word ptr [di], ax 0x12b65: add byte ptr [di - 0x75], dl 0x12b68: in al, dx 0x12b69: sub sp, 0x2c 0x12b6c: push si 0x12b6d: jmp 0x12bdf 0x12b6f: nop 0x12b70: mov ah, 0x1a 0x12b72: lea dx, word ptr [bp - 0x2c] 0x12b75: int 0x21 0x12b77: mov ah, 0x4e 0x12b79: mov cx, 0x10 0x12b7c: mov dx, 0x1a0 |
| 2018-12-25T12:02:20.879200352Z | 59 | PC: 12d7b | Change current directory |
| 2018-12-25T12:02:20.884364138Z | 59 | PC: 12d82 | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":7648,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:02:20.869601669Z | 71 | PC: 12b2b | Get current directory |
| 2018-12-25T12:02:20.874208365Z | 59 | PC: 12b36 | Change current directory |
| 2018-12-25T12:02:20.879516241Z | 26 | PC: 12bea | Set disk transfer address |
| 2018-12-25T12:02:20.885764194Z | 78 | PC: 12bf8 | Find first file |
| 2018-12-25T12:02:20.901777236Z | 61 | PC: 12c24 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:02:20.917205608Z | 63 | PC: 12c36 | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T12:02:20.92522191Z | 44 | PC: 12c6a | Get time 0x12c6a: add dl, dh 0x12c6c: je 0x12c66 0x12c6e: mov si, 0x115 0x12c71: add si, word ptr [0x106] 0x12c75: mov byte ptr [si], dl 0x12c77: mov ax, 0x4301 0x12c7a: xor cx, cx 0x12c7c: mov dx, si 0x12c7e: add dx, 0xb2 0x12c82: int 0x21 0x12c84: mov ah, 0x3e 0x12c86: int 0x21 0x12c88: mov ax, 0x3d02 0x12c8b: int 0x21 0x12c8d: jb 0x12c45 0x12c8f: mov di, dx 0x12c91: add di, 0x5d 0x12c94: stosw word ptr es:[di], ax 0x12c95: xchg ax, bx 0x12c96: mov ah, 0x40 |
| 2018-12-25T12:02:20.927825076Z | 67 | PC: 12c84 | Get or set file attributes |
| 2018-12-25T12:02:20.955568975Z | 62 | PC: 12c88 | Close file |
| 2018-12-25T12:02:20.957715564Z | 61 | PC: 12c8d | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:02:20.969596058Z | 64 | PC: 12ca0 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:02:20.973850414Z | 64 | PC: 12cb2 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:02:20.977054441Z | 64 | PC: 12cc7 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:02:20.980333496Z | 66 | PC: 12cd0 | Move file pointer |
| 2018-12-25T12:02:20.983996872Z | 64 | PC: 12a80 | Write file or device (Write 1118 bytes on handle 5) |
| 2018-12-25T12:02:20.995053303Z | 87 | PC: 12ce9 | Get or set file date and time |
| 2018-12-25T12:02:20.997347525Z | 62 | PC: 12ced | Close file |
| 2018-12-25T12:02:21.009450543Z | 67 | PC: 12cfe | Get or set file attributes |
| 2018-12-25T12:02:21.021194465Z | 79 | PC: 12c0c | Find next file |
| 2018-12-25T12:02:21.024255274Z | 61 | PC: 12c24 | Open file (See above) |
| 2018-12-25T12:02:21.031718179Z | 63 | PC: 12c36 | Read file or device (See above) |
| 2018-12-25T12:02:21.046003774Z | 44 | PC: 12c6a | Get time (See above) |
| 2018-12-25T12:02:21.048421852Z | 67 | PC: 12c84 | Get or set file attributes (See above) |
| 2018-12-25T12:02:21.05972103Z | 62 | PC: 12c88 | Close file (See above) |
| 2018-12-25T12:02:21.062399833Z | 61 | PC: 12c8d | Open file (See above) |
| 2018-12-25T12:02:21.070603745Z | 64 | PC: 12ca0 | Write file or device (See above) |
| 2018-12-25T12:02:21.073741907Z | 64 | PC: 12cb2 | Write file or device (See above) |
| 2018-12-25T12:02:21.077640964Z | 64 | PC: 12cc7 | Write file or device (See above) |
| 2018-12-25T12:02:21.080752242Z | 66 | PC: 12cd0 | Move file pointer (See above) |
| 2018-12-25T12:02:21.082742852Z | 64 | PC: 12a80 | Write file or device (See above) |
| 2018-12-25T12:02:21.093428105Z | 87 | PC: 12ce9 | Get or set file date and time (See above) |
| 2018-12-25T12:02:21.095429232Z | 62 | PC: 12ced | Close file (See above) |
| 2018-12-25T12:02:21.104213517Z | 67 | PC: 12cfe | Get or set file attributes (See above) |
| 2018-12-25T12:02:21.11557441Z | 79 | PC: 12c0c | Find next file (See above) |
| 2018-12-25T12:02:21.118510552Z | 61 | PC: 12c24 | Open file (See above) |
| 2018-12-25T12:02:21.125714938Z | 63 | PC: 12c36 | Read file or device (See above) |
| 2018-12-25T12:02:21.133478759Z | 44 | PC: 12c6a | Get time (See above) |
| 2018-12-25T12:02:21.137296757Z | 67 | PC: 12c84 | Get or set file attributes (See above) |
| 2018-12-25T12:02:21.153599579Z | 62 | PC: 12c88 | Close file (See above) |
| 2018-12-25T12:02:21.155503214Z | 61 | PC: 12c8d | Open file (See above) |
| 2018-12-25T12:02:21.16442824Z | 64 | PC: 12ca0 | Write file or device (See above) |
| 2018-12-25T12:02:21.16788737Z | 64 | PC: 12cb2 | Write file or device (See above) |
| 2018-12-25T12:02:21.171369354Z | 64 | PC: 12cc7 | Write file or device (See above) |
| 2018-12-25T12:02:21.174577124Z | 66 | PC: 12cd0 | Move file pointer (See above) |
| 2018-12-25T12:02:21.176955611Z | 64 | PC: 12a80 | Write file or device (See above) |
| 2018-12-25T12:02:21.18745858Z | 87 | PC: 12ce9 | Get or set file date and time (See above) |
| 2018-12-25T12:02:21.194699496Z | 62 | PC: 12ced | Close file (See above) |
| 2018-12-25T12:02:21.20367832Z | 67 | PC: 12cfe | Get or set file attributes (See above) |
| 2018-12-25T12:02:21.21533306Z | 42 | PC: 12b51 | Get date 0x12b51: cmp dx, 0x709 0x12b55: je 0x12b5a 0x12b57: jmp 0x12d70 0x12b5a: jmp 0x12d04 0x12b5d: and ah, bh 0x12b5f: movsw word ptr es:[di], word ptr [si] 0x12b60: mov ax, 0x5c4c 0x12b63: add word ptr [di], ax 0x12b65: add byte ptr [di - 0x75], dl 0x12b68: in al, dx 0x12b69: sub sp, 0x2c 0x12b6c: push si 0x12b6d: jmp 0x12bdf 0x12b6f: nop 0x12b70: mov ah, 0x1a 0x12b72: lea dx, word ptr [bp - 0x2c] 0x12b75: int 0x21 0x12b77: mov ah, 0x4e 0x12b79: mov cx, 0x10 0x12b7c: mov dx, 0x1a0 |
| 2018-12-25T12:02:21.218511301Z | 59 | PC: 12d7b | Change current directory |
| 2018-12-25T12:02:21.221707511Z | 59 | PC: 12d82 | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":7648,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:02:20.935738076Z | 71 | PC: 12b2b | Get current directory |
| 2018-12-25T12:02:20.939236085Z | 59 | PC: 12b36 | Change current directory |
| 2018-12-25T12:02:20.943269571Z | 26 | PC: 12bea | Set disk transfer address |
| 2018-12-25T12:02:20.944323191Z | 78 | PC: 12bf8 | Find first file |
| 2018-12-25T12:02:20.955824025Z | 61 | PC: 12c24 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:02:20.960008043Z | 63 | PC: 12c36 | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T12:02:20.966287742Z | 44 | PC: 12c6a | Get time 0x12c6a: add dl, dh 0x12c6c: je 0x12c66 0x12c6e: mov si, 0x115 0x12c71: add si, word ptr [0x106] 0x12c75: mov byte ptr [si], dl 0x12c77: mov ax, 0x4301 0x12c7a: xor cx, cx 0x12c7c: mov dx, si 0x12c7e: add dx, 0xb2 0x12c82: int 0x21 0x12c84: mov ah, 0x3e 0x12c86: int 0x21 0x12c88: mov ax, 0x3d02 0x12c8b: int 0x21 0x12c8d: jb 0x12c45 0x12c8f: mov di, dx 0x12c91: add di, 0x5d 0x12c94: stosw word ptr es:[di], ax 0x12c95: xchg ax, bx 0x12c96: mov ah, 0x40 |
| 2018-12-25T12:02:20.971152239Z | 67 | PC: 12c84 | Get or set file attributes |
| 2018-12-25T12:02:20.985528418Z | 62 | PC: 12c88 | Close file |
| 2018-12-25T12:02:20.987319889Z | 61 | PC: 12c8d | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:02:20.994196447Z | 64 | PC: 12ca0 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:02:20.997384821Z | 64 | PC: 12cb2 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:02:21.000085486Z | 64 | PC: 12cc7 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:02:21.002757885Z | 66 | PC: 12cd0 | Move file pointer |
| 2018-12-25T12:02:21.005413015Z | 64 | PC: 12a80 | Write file or device (Write 1118 bytes on handle 5) |
| 2018-12-25T12:02:21.014295459Z | 87 | PC: 12ce9 | Get or set file date and time |
| 2018-12-25T12:02:21.015714558Z | 62 | PC: 12ced | Close file |
| 2018-12-25T12:02:21.023495965Z | 67 | PC: 12cfe | Get or set file attributes |
| 2018-12-25T12:02:21.032358997Z | 79 | PC: 12c0c | Find next file |
| 2018-12-25T12:02:21.036452677Z | 61 | PC: 12c24 | Open file (See above) |
| 2018-12-25T12:02:21.043234723Z | 63 | PC: 12c36 | Read file or device (See above) |
| 2018-12-25T12:02:21.048909168Z | 44 | PC: 12c6a | Get time (See above) |
| 2018-12-25T12:02:21.050846Z | 67 | PC: 12c84 | Get or set file attributes (See above) |
| 2018-12-25T12:02:21.060184437Z | 62 | PC: 12c88 | Close file (See above) |
| 2018-12-25T12:02:21.06183904Z | 61 | PC: 12c8d | Open file (See above) |
| 2018-12-25T12:02:21.067658796Z | 64 | PC: 12ca0 | Write file or device (See above) |
| 2018-12-25T12:02:21.070544577Z | 64 | PC: 12cb2 | Write file or device (See above) |
| 2018-12-25T12:02:21.073406881Z | 64 | PC: 12cc7 | Write file or device (See above) |
| 2018-12-25T12:02:21.076029897Z | 66 | PC: 12cd0 | Move file pointer (See above) |
| 2018-12-25T12:02:21.078619315Z | 64 | PC: 12a80 | Write file or device (See above) |
| 2018-12-25T12:02:21.088677077Z | 87 | PC: 12ce9 | Get or set file date and time (See above) |
| 2018-12-25T12:02:21.090547169Z | 62 | PC: 12ced | Close file (See above) |
| 2018-12-25T12:02:21.106431817Z | 67 | PC: 12cfe | Get or set file attributes (See above) |
| 2018-12-25T12:02:21.116690583Z | 79 | PC: 12c0c | Find next file (See above) |
| 2018-12-25T12:02:21.119230225Z | 61 | PC: 12c24 | Open file (See above) |
| 2018-12-25T12:02:21.126125793Z | 63 | PC: 12c36 | Read file or device (See above) |
| 2018-12-25T12:02:21.13301891Z | 44 | PC: 12c6a | Get time (See above) |
| 2018-12-25T12:02:21.135034602Z | 67 | PC: 12c84 | Get or set file attributes (See above) |
| 2018-12-25T12:02:21.144864686Z | 62 | PC: 12c88 | Close file (See above) |
| 2018-12-25T12:02:21.146538524Z | 61 | PC: 12c8d | Open file (See above) |
| 2018-12-25T12:02:21.152698767Z | 64 | PC: 12ca0 | Write file or device (See above) |
| 2018-12-25T12:02:21.155440584Z | 64 | PC: 12cb2 | Write file or device (See above) |
| 2018-12-25T12:02:21.158357637Z | 64 | PC: 12cc7 | Write file or device (See above) |
| 2018-12-25T12:02:21.16122052Z | 66 | PC: 12cd0 | Move file pointer (See above) |
| 2018-12-25T12:02:21.163227912Z | 64 | PC: 12a80 | Write file or device (See above) |
| 2018-12-25T12:02:21.173100339Z | 87 | PC: 12ce9 | Get or set file date and time (See above) |
| 2018-12-25T12:02:21.174619283Z | 62 | PC: 12ced | Close file (See above) |
| 2018-12-25T12:02:21.181792959Z | 67 | PC: 12cfe | Get or set file attributes (See above) |
| 2018-12-25T12:02:21.191405312Z | 42 | PC: 12b51 | Get date 0x12b51: cmp dx, 0x709 0x12b55: je 0x12b5a 0x12b57: jmp 0x12d70 0x12b5a: jmp 0x12d04 0x12b5d: and ah, bh 0x12b5f: movsw word ptr es:[di], word ptr [si] 0x12b60: mov ax, 0x5c4c 0x12b63: add word ptr [di], ax 0x12b65: add byte ptr [di - 0x75], dl 0x12b68: in al, dx 0x12b69: sub sp, 0x2c 0x12b6c: push si 0x12b6d: jmp 0x12bdf 0x12b6f: nop 0x12b70: mov ah, 0x1a 0x12b72: lea dx, word ptr [bp - 0x2c] 0x12b75: int 0x21 0x12b77: mov ah, 0x4e 0x12b79: mov cx, 0x10 0x12b7c: mov dx, 0x1a0 |
| 2018-12-25T12:02:21.192846065Z | 59 | PC: 12d7b | Change current directory |
| 2018-12-25T12:02:21.195766903Z | 59 | PC: 12d82 | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":7648,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:02:21.051328394Z | 71 | PC: 12b2b | Get current directory |
| 2018-12-25T12:02:21.054999884Z | 59 | PC: 12b36 | Change current directory |
| 2018-12-25T12:02:21.060037568Z | 26 | PC: 12bea | Set disk transfer address |
| 2018-12-25T12:02:21.061205342Z | 78 | PC: 12bf8 | Find first file |
| 2018-12-25T12:02:21.067968011Z | 61 | PC: 12c24 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:02:21.075647881Z | 63 | PC: 12c36 | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T12:02:21.084171206Z | 44 | PC: 12c6a | Get time 0x12c6a: add dl, dh 0x12c6c: je 0x12c66 0x12c6e: mov si, 0x115 0x12c71: add si, word ptr [0x106] 0x12c75: mov byte ptr [si], dl 0x12c77: mov ax, 0x4301 0x12c7a: xor cx, cx 0x12c7c: mov dx, si 0x12c7e: add dx, 0xb2 0x12c82: int 0x21 0x12c84: mov ah, 0x3e 0x12c86: int 0x21 0x12c88: mov ax, 0x3d02 0x12c8b: int 0x21 0x12c8d: jb 0x12c45 0x12c8f: mov di, dx 0x12c91: add di, 0x5d 0x12c94: stosw word ptr es:[di], ax 0x12c95: xchg ax, bx 0x12c96: mov ah, 0x40 |
| 2018-12-25T12:02:21.086574645Z | 67 | PC: 12c84 | Get or set file attributes |
| 2018-12-25T12:02:21.103356312Z | 62 | PC: 12c88 | Close file |
| 2018-12-25T12:02:21.105856074Z | 61 | PC: 12c8d | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:02:21.113685958Z | 64 | PC: 12ca0 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:02:21.118105122Z | 64 | PC: 12cb2 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:02:21.121267881Z | 64 | PC: 12cc7 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:02:21.124116516Z | 66 | PC: 12cd0 | Move file pointer |
| 2018-12-25T12:02:21.139600901Z | 64 | PC: 12a80 | Write file or device (Write 1118 bytes on handle 5) |
| 2018-12-25T12:02:21.150128365Z | 87 | PC: 12ce9 | Get or set file date and time |
| 2018-12-25T12:02:21.151739168Z | 62 | PC: 12ced | Close file |
| 2018-12-25T12:02:21.160289855Z | 67 | PC: 12cfe | Get or set file attributes |
| 2018-12-25T12:02:21.172229366Z | 79 | PC: 12c0c | Find next file |
| 2018-12-25T12:02:21.175048709Z | 61 | PC: 12c24 | Open file (See above) |
| 2018-12-25T12:02:21.179810756Z | 63 | PC: 12c36 | Read file or device (See above) |
| 2018-12-25T12:02:21.184568696Z | 44 | PC: 12c6a | Get time (See above) |
| 2018-12-25T12:02:21.186338322Z | 67 | PC: 12c84 | Get or set file attributes (See above) |
| 2018-12-25T12:02:21.194181669Z | 62 | PC: 12c88 | Close file (See above) |
| 2018-12-25T12:02:21.197482728Z | 61 | PC: 12c8d | Open file (See above) |
| 2018-12-25T12:02:21.203671591Z | 64 | PC: 12ca0 | Write file or device (See above) |
| 2018-12-25T12:02:21.210409274Z | 64 | PC: 12cb2 | Write file or device (See above) |
| 2018-12-25T12:02:21.21723963Z | 64 | PC: 12cc7 | Write file or device (See above) |
| 2018-12-25T12:02:21.22057332Z | 66 | PC: 12cd0 | Move file pointer (See above) |
| 2018-12-25T12:02:21.223158769Z | 64 | PC: 12a80 | Write file or device (See above) |
| 2018-12-25T12:02:21.249029596Z | 87 | PC: 12ce9 | Get or set file date and time (See above) |
| 2018-12-25T12:02:21.250796163Z | 62 | PC: 12ced | Close file (See above) |
| 2018-12-25T12:02:21.260436668Z | 67 | PC: 12cfe | Get or set file attributes (See above) |
| 2018-12-25T12:02:21.273836398Z | 79 | PC: 12c0c | Find next file (See above) |
| 2018-12-25T12:02:21.276958652Z | 61 | PC: 12c24 | Open file (See above) |
| 2018-12-25T12:02:21.284481432Z | 63 | PC: 12c36 | Read file or device (See above) |
| 2018-12-25T12:02:21.292338171Z | 44 | PC: 12c6a | Get time (See above) |
| 2018-12-25T12:02:21.294968273Z | 67 | PC: 12c84 | Get or set file attributes (See above) |
| 2018-12-25T12:02:21.307675461Z | 62 | PC: 12c88 | Close file (See above) |
| 2018-12-25T12:02:21.310183816Z | 61 | PC: 12c8d | Open file (See above) |
| 2018-12-25T12:02:21.318176615Z | 64 | PC: 12ca0 | Write file or device (See above) |
| 2018-12-25T12:02:21.32128169Z | 64 | PC: 12cb2 | Write file or device (See above) |
| 2018-12-25T12:02:21.324260288Z | 64 | PC: 12cc7 | Write file or device (See above) |
| 2018-12-25T12:02:21.32811956Z | 66 | PC: 12cd0 | Move file pointer (See above) |
| 2018-12-25T12:02:21.330316097Z | 64 | PC: 12a80 | Write file or device (See above) |
| 2018-12-25T12:02:21.340700334Z | 87 | PC: 12ce9 | Get or set file date and time (See above) |
| 2018-12-25T12:02:21.3438652Z | 62 | PC: 12ced | Close file (See above) |
| 2018-12-25T12:02:21.353263123Z | 67 | PC: 12cfe | Get or set file attributes (See above) |
| 2018-12-25T12:02:21.364688793Z | 42 | PC: 12b51 | Get date 0x12b51: cmp dx, 0x709 0x12b55: je 0x12b5a 0x12b57: jmp 0x12d70 0x12b5a: jmp 0x12d04 0x12b5d: and ah, bh 0x12b5f: movsw word ptr es:[di], word ptr [si] 0x12b60: mov ax, 0x5c4c 0x12b63: add word ptr [di], ax 0x12b65: add byte ptr [di - 0x75], dl 0x12b68: in al, dx 0x12b69: sub sp, 0x2c 0x12b6c: push si 0x12b6d: jmp 0x12bdf 0x12b6f: nop 0x12b70: mov ah, 0x1a 0x12b72: lea dx, word ptr [bp - 0x2c] 0x12b75: int 0x21 0x12b77: mov ah, 0x4e 0x12b79: mov cx, 0x10 0x12b7c: mov dx, 0x1a0 |
| 2018-12-25T12:02:21.368759748Z | 59 | PC: 12d7b | Change current directory |
| 2018-12-25T12:02:21.373361896Z | 59 | PC: 12d82 | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":7648,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:02:21.240163586Z | 242 | PC: 12a68 | UNKNOWN! |
| 2018-12-25T12:02:21.244497599Z | 242 | PC: 12b5b | UNKNOWN! |
| 2018-12-25T12:02:21.246563804Z | 74 | PC: 12bc4 | Reallocate memory |
| 2018-12-25T12:02:21.248384442Z | 53 | PC: 12bc9 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:02:21.254115029Z | 42 | PC: 12bdf | Get date 0x12bdf: cmp cx, 0x7c6 0x12be3: je 0x12c09 0x12be5: cmp al, 1 0x12be7: jne 0x12c11 0x12be9: cmp dl, 0x17 0x12bec: jne 0x12c1e 0x12bee: call 0x12cc5 0x12bf1: mov ax, cs 0x12bf3: mov ds, ax 0x12bf5: cmp byte ptr [0x92], 1 0x12bfa: jne 0x12c3d 0x12bfc: mov ah, 9 0x12bfe: mov dx, 0xc2 0x12c01: int 0x21 0x12c03: mov ax, 0x4c01 0x12c06: int 0x21 0x12c08: hlt 0x12c09: mov byte ptr [0x91], 0x10 0x12c0e: jmp 0x12c3d 0x12c10: nop |
| 2018-12-25T12:02:21.256618102Z | 37 | PC: 12c45 | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:02:21.258167125Z | 75 | PC: 12c71 | Execute program |
| 2018-12-25T12:02:21.275004521Z | 9 | PC: 13353 | Display string (String= 'This is a COM sacrificial goat exactly 400H bytes long ') |
| 2018-12-25T12:02:21.280717321Z | 0 | PC: 13357 | Program terminate |
| 2018-12-25T12:02:21.28387662Z | 73 | PC: 12c77 | Release memory |
| 2018-12-25T12:02:21.287099683Z | 77 | PC: 12c7b | Get program return code |
| 2018-12-25T12:02:21.288633058Z | 49 | PC: 12c89 | Terminate and stay resident (Return code = '0' | Memory size = '119') |