{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":7,"TimeBased":true,"OriginalID":7868,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:02:52.36666065Z | 48 | PC: 12d51 | Get DOS version |
| 2018-12-25T12:02:52.369729524Z | 47 | PC: 12d5d | Get disk transfer address |
| 2018-12-25T12:02:52.371648943Z | 26 | PC: 12d70 | Set disk transfer address |
| 2018-12-25T12:02:52.373326644Z | 44 | PC: 12d80 | Get time 0x12d80: and dh, 7 0x12d83: jne 0x12da0 0x12d85: jmp 0x12da3 0x12d87: nop 0x12d88: mov ax, 0x508 0x12d8b: mov cx, 0x8001 0x12d8e: mov dx, 0 0x12d91: int 0xd 0x12d93: xor al, al 0x12d95: mov dx, 0x9fff 0x12d98: out dx, al 0x12d99: dec dx 0x12d9a: jne 0x12d98 0x12d9c: inc al 0x12d9e: jmp 0x12d95 0x12da0: jmp 0x12dc3 0x12da2: nop 0x12da3: mov al, byte ptr [0x373] 0x12da6: call 0x12db6 0x12da9: cmp byte ptr [0x373], 0x19 |
| 2018-12-25T12:02:52.376545039Z | 78 | PC: 12e4e | Find first file |
| 2018-12-25T12:02:52.386708903Z | 67 | PC: 12e8c | Get or set file attributes |
| 2018-12-25T12:02:52.39547129Z | 67 | PC: 12e9e | Get or set file attributes |
| 2018-12-25T12:02:52.42807775Z | 61 | PC: 12ea9 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:02:52.436845389Z | 87 | PC: 12eb5 | Get or set file date and time |
| 2018-12-25T12:02:52.439114164Z | 44 | PC: 12ec1 | Get time 0x12ec1: and dh, 7 0x12ec4: jmp 0x12ec7 0x12ec6: nop 0x12ec7: mov ah, 0x3f 0x12ec9: mov cx, 3 0x12ecc: mov dx, 0x2f 0x12ecf: nop 0x12ed0: add dx, si 0x12ed2: int 0x21 0x12ed4: jb 0x12f2b 0x12ed6: cmp ax, 3 0x12ed9: jne 0x12f2b 0x12edb: mov ax, 0x4202 0x12ede: mov cx, 0 0x12ee1: mov dx, 0 0x12ee4: int 0x21 0x12ee6: jb 0x12f2b 0x12ee8: mov cx, ax 0x12eea: sub ax, 3 0x12eed: mov word ptr [si + 0x33], ax |
| 2018-12-25T12:02:52.442099234Z | 63 | PC: 12ed4 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:02:52.453467404Z | 66 | PC: 12ee6 | Move file pointer |
| 2018-12-25T12:02:52.45528943Z | 64 | PC: 12f0a | Write file or device (Write 742 bytes on handle 5) |
| 2018-12-25T12:02:52.465110398Z | 66 | PC: 12f1c | Move file pointer |
| 2018-12-25T12:02:52.467979437Z | 64 | PC: 12f2b | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:02:52.477733314Z | 87 | PC: 12f3e | Get or set file date and time |
| 2018-12-25T12:02:52.480187476Z | 62 | PC: 12f42 | Close file |
| 2018-12-25T12:02:52.491663847Z | 67 | PC: 12f51 | Get or set file attributes |
| 2018-12-25T12:02:52.509797211Z | 26 | PC: 12f5e | Set disk transfer address |
| 2018-12-25T12:02:52.511657948Z | 48 | PC: 12a6b | Get DOS version |
| 2018-12-25T12:02:52.514871892Z | 47 | PC: 12a77 | Get disk transfer address |
| 2018-12-25T12:02:52.517817149Z | 26 | PC: 12a8a | Set disk transfer address |
| 2018-12-25T12:02:52.51959401Z | 44 | PC: 12a9a | Get time 0x12a9a: and dh, 7 0x12a9d: jne 0x12aba 0x12a9f: jmp 0x12abd 0x12aa1: nop 0x12aa2: mov ax, 0x508 0x12aa5: mov cx, 0x8001 0x12aa8: mov dx, 0 0x12aab: int 0xd 0x12aad: xor al, al 0x12aaf: mov dx, 0x9fff 0x12ab2: out dx, al 0x12ab3: dec dx 0x12ab4: jne 0x12ab2 0x12ab6: inc al 0x12ab8: jmp 0x12aaf 0x12aba: jmp 0x12add 0x12abc: nop 0x12abd: mov al, byte ptr [0x373] 0x12ac0: call 0x12ad0 0x12ac3: cmp byte ptr [0x373], 0x19 |
| 2018-12-25T12:02:52.522623041Z | 78 | PC: 12b68 | Find first file |
| 2018-12-25T12:02:52.530814861Z | 79 | PC: 12b6e | Find next file |
| 2018-12-25T12:02:52.53427794Z | 67 | PC: 12ba6 | Get or set file attributes |
| 2018-12-25T12:02:52.540978693Z | 67 | PC: 12bb8 | Get or set file attributes |
| 2018-12-25T12:02:52.553248068Z | 61 | PC: 12bc3 | Open file (Filename = 'PRINT.COM') |
| 2018-12-25T12:02:52.567124775Z | 87 | PC: 12bcf | Get or set file date and time |
| 2018-12-25T12:02:52.569161631Z | 44 | PC: 12bdb | Get time 0x12bdb: and dh, 7 0x12bde: jmp 0x12be1 0x12be0: nop 0x12be1: mov ah, 0x3f 0x12be3: mov cx, 3 0x12be6: mov dx, 0x2f 0x12be9: nop 0x12bea: add dx, si 0x12bec: int 0x21 0x12bee: jb 0x12c45 0x12bf0: cmp ax, 3 0x12bf3: jne 0x12c45 0x12bf5: mov ax, 0x4202 0x12bf8: mov cx, 0 0x12bfb: mov dx, 0 0x12bfe: int 0x21 0x12c00: jb 0x12c45 0x12c02: mov cx, ax 0x12c04: sub ax, 3 0x12c07: mov word ptr [si + 0x33], ax |
| 2018-12-25T12:02:52.572834316Z | 63 | PC: 12bee | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:02:52.580693742Z | 66 | PC: 12c00 | Move file pointer |
| 2018-12-25T12:02:52.583304515Z | 64 | PC: 12c24 | Write file or device (Write 742 bytes on handle 5) |
| 2018-12-25T12:02:52.592424013Z | 66 | PC: 12c36 | Move file pointer |
| 2018-12-25T12:02:52.595439594Z | 64 | PC: 12c45 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:02:52.603380436Z | 87 | PC: 12c58 | Get or set file date and time |
| 2018-12-25T12:02:52.605516503Z | 62 | PC: 12c5c | Close file |
| 2018-12-25T12:02:52.614975116Z | 67 | PC: 12c6b | Get or set file attributes |
| 2018-12-25T12:02:52.628045466Z | 26 | PC: 12c78 | Set disk transfer address |
{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":7868,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:02:52.473378555Z | 48 | PC: 12d51 | Get DOS version |
| 2018-12-25T12:02:52.47650801Z | 47 | PC: 12d5d | Get disk transfer address |
| 2018-12-25T12:02:52.478306134Z | 26 | PC: 12d70 | Set disk transfer address |
| 2018-12-25T12:02:52.479565162Z | 44 | PC: 12d80 | Get time 0x12d80: and dh, 7 0x12d83: jne 0x12da0 0x12d85: jmp 0x12da3 0x12d87: nop 0x12d88: mov ax, 0x508 0x12d8b: mov cx, 0x8001 0x12d8e: mov dx, 0 0x12d91: int 0xd 0x12d93: xor al, al 0x12d95: mov dx, 0x9fff 0x12d98: out dx, al 0x12d99: dec dx 0x12d9a: jne 0x12d98 0x12d9c: inc al 0x12d9e: jmp 0x12d95 0x12da0: jmp 0x12dc3 0x12da2: nop 0x12da3: mov al, byte ptr [0x373] 0x12da6: call 0x12db6 0x12da9: cmp byte ptr [0x373], 0x19 |
| 2018-12-25T12:02:52.482914747Z | 78 | PC: 12e4e | Find first file |
| 2018-12-25T12:02:52.490712659Z | 67 | PC: 12e8c | Get or set file attributes |
| 2018-12-25T12:02:52.497294158Z | 67 | PC: 12e9e | Get or set file attributes |
| 2018-12-25T12:02:52.517874628Z | 61 | PC: 12ea9 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:02:52.527049793Z | 87 | PC: 12eb5 | Get or set file date and time |
| 2018-12-25T12:02:52.528487478Z | 44 | PC: 12ec1 | Get time 0x12ec1: and dh, 7 0x12ec4: jmp 0x12ec7 0x12ec6: nop 0x12ec7: mov ah, 0x3f 0x12ec9: mov cx, 3 0x12ecc: mov dx, 0x2f 0x12ecf: nop 0x12ed0: add dx, si 0x12ed2: int 0x21 0x12ed4: jb 0x12f2b 0x12ed6: cmp ax, 3 0x12ed9: jne 0x12f2b 0x12edb: mov ax, 0x4202 0x12ede: mov cx, 0 0x12ee1: mov dx, 0 0x12ee4: int 0x21 0x12ee6: jb 0x12f2b 0x12ee8: mov cx, ax 0x12eea: sub ax, 3 0x12eed: mov word ptr [si + 0x33], ax |
| 2018-12-25T12:02:52.530734827Z | 63 | PC: 12ed4 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:02:52.538684603Z | 66 | PC: 12ee6 | Move file pointer |
| 2018-12-25T12:02:52.540559871Z | 64 | PC: 12f0a | Write file or device (Write 742 bytes on handle 5) |
| 2018-12-25T12:02:52.549795302Z | 66 | PC: 12f1c | Move file pointer |
| 2018-12-25T12:02:52.552062179Z | 64 | PC: 12f2b | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:02:52.563830673Z | 87 | PC: 12f3e | Get or set file date and time |
| 2018-12-25T12:02:52.565470792Z | 62 | PC: 12f42 | Close file |
| 2018-12-25T12:02:52.574482871Z | 67 | PC: 12f51 | Get or set file attributes |
| 2018-12-25T12:02:52.585186258Z | 26 | PC: 12f5e | Set disk transfer address |
| 2018-12-25T12:02:52.586224193Z | 48 | PC: 12a6b | Get DOS version |
| 2018-12-25T12:02:52.589162534Z | 47 | PC: 12a77 | Get disk transfer address |
| 2018-12-25T12:02:52.590764239Z | 26 | PC: 12a8a | Set disk transfer address |
| 2018-12-25T12:02:52.59239364Z | 44 | PC: 12a9a | Get time 0x12a9a: and dh, 7 0x12a9d: jne 0x12aba 0x12a9f: jmp 0x12abd 0x12aa1: nop 0x12aa2: mov ax, 0x508 0x12aa5: mov cx, 0x8001 0x12aa8: mov dx, 0 0x12aab: int 0xd 0x12aad: xor al, al 0x12aaf: mov dx, 0x9fff 0x12ab2: out dx, al 0x12ab3: dec dx 0x12ab4: jne 0x12ab2 0x12ab6: inc al 0x12ab8: jmp 0x12aaf 0x12aba: jmp 0x12add 0x12abc: nop 0x12abd: mov al, byte ptr [0x373] 0x12ac0: call 0x12ad0 0x12ac3: cmp byte ptr [0x373], 0x19 |
| 2018-12-25T12:02:52.595671055Z | 78 | PC: 12b68 | Find first file |
| 2018-12-25T12:02:52.603848088Z | 79 | PC: 12b6e | Find next file |
| 2018-12-25T12:02:52.606742468Z | 67 | PC: 12ba6 | Get or set file attributes |
| 2018-12-25T12:02:52.612890941Z | 67 | PC: 12bb8 | Get or set file attributes |
| 2018-12-25T12:02:52.626009442Z | 61 | PC: 12bc3 | Open file (Filename = 'PRINT.COM') |
| 2018-12-25T12:02:52.633487633Z | 87 | PC: 12bcf | Get or set file date and time |
| 2018-12-25T12:02:52.635146043Z | 44 | PC: 12bdb | Get time 0x12bdb: and dh, 7 0x12bde: jmp 0x12be1 0x12be0: nop 0x12be1: mov ah, 0x3f 0x12be3: mov cx, 3 0x12be6: mov dx, 0x2f 0x12be9: nop 0x12bea: add dx, si 0x12bec: int 0x21 0x12bee: jb 0x12c45 0x12bf0: cmp ax, 3 0x12bf3: jne 0x12c45 0x12bf5: mov ax, 0x4202 0x12bf8: mov cx, 0 0x12bfb: mov dx, 0 0x12bfe: int 0x21 0x12c00: jb 0x12c45 0x12c02: mov cx, ax 0x12c04: sub ax, 3 0x12c07: mov word ptr [si + 0x33], ax |
| 2018-12-25T12:02:52.638913607Z | 63 | PC: 12bee | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:02:52.645914581Z | 66 | PC: 12c00 | Move file pointer |
| 2018-12-25T12:02:52.647563334Z | 64 | PC: 12c24 | Write file or device (Write 742 bytes on handle 5) |
| 2018-12-25T12:02:52.656634316Z | 66 | PC: 12c36 | Move file pointer |
| 2018-12-25T12:02:52.6581113Z | 64 | PC: 12c45 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:02:52.665622968Z | 87 | PC: 12c58 | Get or set file date and time |
| 2018-12-25T12:02:52.667668838Z | 62 | PC: 12c5c | Close file |
| 2018-12-25T12:02:52.676892883Z | 67 | PC: 12c6b | Get or set file attributes |
| 2018-12-25T12:02:52.687799413Z | 26 | PC: 12c78 | Set disk transfer address |
{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":7868,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:02:52.460843447Z | 48 | PC: 12d51 | Get DOS version |
| 2018-12-25T12:02:52.462345137Z | 47 | PC: 12d5d | Get disk transfer address |
| 2018-12-25T12:02:52.47129878Z | 26 | PC: 12d70 | Set disk transfer address |
| 2018-12-25T12:02:52.473945729Z | 44 | PC: 12d80 | Get time 0x12d80: and dh, 7 0x12d83: jne 0x12da0 0x12d85: jmp 0x12da3 0x12d87: nop 0x12d88: mov ax, 0x508 0x12d8b: mov cx, 0x8001 0x12d8e: mov dx, 0 0x12d91: int 0xd 0x12d93: xor al, al 0x12d95: mov dx, 0x9fff 0x12d98: out dx, al 0x12d99: dec dx 0x12d9a: jne 0x12d98 0x12d9c: inc al 0x12d9e: jmp 0x12d95 0x12da0: jmp 0x12dc3 0x12da2: nop 0x12da3: mov al, byte ptr [0x373] 0x12da6: call 0x12db6 0x12da9: cmp byte ptr [0x373], 0x19 |
| 2018-12-25T12:02:52.478903808Z | 78 | PC: 12e4e | Find first file |
| 2018-12-25T12:02:52.48376114Z | 67 | PC: 12e8c | Get or set file attributes |
| 2018-12-25T12:02:52.488193662Z | 67 | PC: 12e9e | Get or set file attributes |
| 2018-12-25T12:02:52.515122119Z | 61 | PC: 12ea9 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:02:52.530490172Z | 87 | PC: 12eb5 | Get or set file date and time |
| 2018-12-25T12:02:52.532603619Z | 44 | PC: 12ec1 | Get time 0x12ec1: and dh, 7 0x12ec4: jmp 0x12ec7 0x12ec6: nop 0x12ec7: mov ah, 0x3f 0x12ec9: mov cx, 3 0x12ecc: mov dx, 0x2f 0x12ecf: nop 0x12ed0: add dx, si 0x12ed2: int 0x21 0x12ed4: jb 0x12f2b 0x12ed6: cmp ax, 3 0x12ed9: jne 0x12f2b 0x12edb: mov ax, 0x4202 0x12ede: mov cx, 0 0x12ee1: mov dx, 0 0x12ee4: int 0x21 0x12ee6: jb 0x12f2b 0x12ee8: mov cx, ax 0x12eea: sub ax, 3 0x12eed: mov word ptr [si + 0x33], ax |
| 2018-12-25T12:02:52.535479192Z | 63 | PC: 12ed4 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:02:52.543779791Z | 66 | PC: 12ee6 | Move file pointer |
| 2018-12-25T12:02:52.545334609Z | 64 | PC: 12f0a | Write file or device (Write 742 bytes on handle 5) |
| 2018-12-25T12:02:52.555641791Z | 66 | PC: 12f1c | Move file pointer |
| 2018-12-25T12:02:52.557785814Z | 64 | PC: 12f2b | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:02:52.566082233Z | 87 | PC: 12f3e | Get or set file date and time |
| 2018-12-25T12:02:52.568171491Z | 62 | PC: 12f42 | Close file |
| 2018-12-25T12:02:52.577354175Z | 67 | PC: 12f51 | Get or set file attributes |
| 2018-12-25T12:02:52.589103133Z | 26 | PC: 12f5e | Set disk transfer address |
| 2018-12-25T12:02:52.590810024Z | 48 | PC: 12a6b | Get DOS version |
| 2018-12-25T12:02:52.592518926Z | 47 | PC: 12a77 | Get disk transfer address |
| 2018-12-25T12:02:52.594947775Z | 26 | PC: 12a8a | Set disk transfer address |
| 2018-12-25T12:02:52.596187354Z | 44 | PC: 12a9a | Get time 0x12a9a: and dh, 7 0x12a9d: jne 0x12aba 0x12a9f: jmp 0x12abd 0x12aa1: nop 0x12aa2: mov ax, 0x508 0x12aa5: mov cx, 0x8001 0x12aa8: mov dx, 0 0x12aab: int 0xd 0x12aad: xor al, al 0x12aaf: mov dx, 0x9fff 0x12ab2: out dx, al 0x12ab3: dec dx 0x12ab4: jne 0x12ab2 0x12ab6: inc al 0x12ab8: jmp 0x12aaf 0x12aba: jmp 0x12add 0x12abc: nop 0x12abd: mov al, byte ptr [0x373] 0x12ac0: call 0x12ad0 0x12ac3: cmp byte ptr [0x373], 0x19 |
| 2018-12-25T12:02:52.598617552Z | 78 | PC: 12b68 | Find first file |
| 2018-12-25T12:02:52.605992277Z | 79 | PC: 12b6e | Find next file |
| 2018-12-25T12:02:52.609022404Z | 67 | PC: 12ba6 | Get or set file attributes |
| 2018-12-25T12:02:52.615702497Z | 67 | PC: 12bb8 | Get or set file attributes |
| 2018-12-25T12:02:52.630517444Z | 61 | PC: 12bc3 | Open file (Filename = 'PRINT.COM') |
| 2018-12-25T12:02:52.648614907Z | 87 | PC: 12bcf | Get or set file date and time |
| 2018-12-25T12:02:52.650446015Z | 44 | PC: 12bdb | Get time 0x12bdb: and dh, 7 0x12bde: jmp 0x12be1 0x12be0: nop 0x12be1: mov ah, 0x3f 0x12be3: mov cx, 3 0x12be6: mov dx, 0x2f 0x12be9: nop 0x12bea: add dx, si 0x12bec: int 0x21 0x12bee: jb 0x12c45 0x12bf0: cmp ax, 3 0x12bf3: jne 0x12c45 0x12bf5: mov ax, 0x4202 0x12bf8: mov cx, 0 0x12bfb: mov dx, 0 0x12bfe: int 0x21 0x12c00: jb 0x12c45 0x12c02: mov cx, ax 0x12c04: sub ax, 3 0x12c07: mov word ptr [si + 0x33], ax |
| 2018-12-25T12:02:52.6531899Z | 63 | PC: 12bee | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:02:52.661706543Z | 66 | PC: 12c00 | Move file pointer |
| 2018-12-25T12:02:52.663357002Z | 64 | PC: 12c24 | Write file or device (Write 742 bytes on handle 5) |
| 2018-12-25T12:02:52.673345096Z | 66 | PC: 12c36 | Move file pointer |
| 2018-12-25T12:02:52.675685689Z | 64 | PC: 12c45 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:02:52.690958289Z | 87 | PC: 12c58 | Get or set file date and time |
| 2018-12-25T12:02:52.69346502Z | 62 | PC: 12c5c | Close file |
| 2018-12-25T12:02:52.713333783Z | 67 | PC: 12c6b | Get or set file attributes |
| 2018-12-25T12:02:52.731142613Z | 26 | PC: 12c78 | Set disk transfer address |
{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":7,"TimeBased":true,"OriginalID":7868,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:02:52.552551192Z | 48 | PC: 12d51 | Get DOS version |
| 2018-12-25T12:02:52.554222054Z | 47 | PC: 12d5d | Get disk transfer address |
| 2018-12-25T12:02:52.562207897Z | 26 | PC: 12d70 | Set disk transfer address |
| 2018-12-25T12:02:52.563843194Z | 44 | PC: 12d80 | Get time 0x12d80: and dh, 7 0x12d83: jne 0x12da0 0x12d85: jmp 0x12da3 0x12d87: nop 0x12d88: mov ax, 0x508 0x12d8b: mov cx, 0x8001 0x12d8e: mov dx, 0 0x12d91: int 0xd 0x12d93: xor al, al 0x12d95: mov dx, 0x9fff 0x12d98: out dx, al 0x12d99: dec dx 0x12d9a: jne 0x12d98 0x12d9c: inc al 0x12d9e: jmp 0x12d95 0x12da0: jmp 0x12dc3 0x12da2: nop 0x12da3: mov al, byte ptr [0x373] 0x12da6: call 0x12db6 0x12da9: cmp byte ptr [0x373], 0x19 |
| 2018-12-25T12:02:52.566798463Z | 78 | PC: 12e4e | Find first file |
| 2018-12-25T12:02:52.574424536Z | 67 | PC: 12e8c | Get or set file attributes |
| 2018-12-25T12:02:52.581081752Z | 67 | PC: 12e9e | Get or set file attributes |
| 2018-12-25T12:02:52.598585778Z | 61 | PC: 12ea9 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:02:52.607650637Z | 87 | PC: 12eb5 | Get or set file date and time |
| 2018-12-25T12:02:52.609476441Z | 44 | PC: 12ec1 | Get time 0x12ec1: and dh, 7 0x12ec4: jmp 0x12ec7 0x12ec6: nop 0x12ec7: mov ah, 0x3f 0x12ec9: mov cx, 3 0x12ecc: mov dx, 0x2f 0x12ecf: nop 0x12ed0: add dx, si 0x12ed2: int 0x21 0x12ed4: jb 0x12f2b 0x12ed6: cmp ax, 3 0x12ed9: jne 0x12f2b 0x12edb: mov ax, 0x4202 0x12ede: mov cx, 0 0x12ee1: mov dx, 0 0x12ee4: int 0x21 0x12ee6: jb 0x12f2b 0x12ee8: mov cx, ax 0x12eea: sub ax, 3 0x12eed: mov word ptr [si + 0x33], ax |
| 2018-12-25T12:02:52.611961995Z | 63 | PC: 12ed4 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:02:52.619769226Z | 66 | PC: 12ee6 | Move file pointer |
| 2018-12-25T12:02:52.621446486Z | 64 | PC: 12f0a | Write file or device (Write 742 bytes on handle 5) |
| 2018-12-25T12:02:52.630850732Z | 66 | PC: 12f1c | Move file pointer |
| 2018-12-25T12:02:52.632728268Z | 64 | PC: 12f2b | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:02:52.640462343Z | 87 | PC: 12f3e | Get or set file date and time |
| 2018-12-25T12:02:52.642206088Z | 62 | PC: 12f42 | Close file |
| 2018-12-25T12:02:52.651177525Z | 67 | PC: 12f51 | Get or set file attributes |
| 2018-12-25T12:02:52.667448249Z | 26 | PC: 12f5e | Set disk transfer address |
| 2018-12-25T12:02:52.670331875Z | 48 | PC: 12a6b | Get DOS version |
| 2018-12-25T12:02:52.671626664Z | 47 | PC: 12a77 | Get disk transfer address |
| 2018-12-25T12:02:52.673795114Z | 26 | PC: 12a8a | Set disk transfer address |
| 2018-12-25T12:02:52.675030962Z | 44 | PC: 12a9a | Get time 0x12a9a: and dh, 7 0x12a9d: jne 0x12aba 0x12a9f: jmp 0x12abd 0x12aa1: nop 0x12aa2: mov ax, 0x508 0x12aa5: mov cx, 0x8001 0x12aa8: mov dx, 0 0x12aab: int 0xd 0x12aad: xor al, al 0x12aaf: mov dx, 0x9fff 0x12ab2: out dx, al 0x12ab3: dec dx 0x12ab4: jne 0x12ab2 0x12ab6: inc al 0x12ab8: jmp 0x12aaf 0x12aba: jmp 0x12add 0x12abc: nop 0x12abd: mov al, byte ptr [0x373] 0x12ac0: call 0x12ad0 0x12ac3: cmp byte ptr [0x373], 0x19 |
| 2018-12-25T12:02:52.678519939Z | 78 | PC: 12b68 | Find first file |
| 2018-12-25T12:02:52.686777946Z | 79 | PC: 12b6e | Find next file |
| 2018-12-25T12:02:52.690135849Z | 67 | PC: 12ba6 | Get or set file attributes |
| 2018-12-25T12:02:52.696894104Z | 67 | PC: 12bb8 | Get or set file attributes |
| 2018-12-25T12:02:52.712930277Z | 61 | PC: 12bc3 | Open file (Filename = 'PRINT.COM') |
| 2018-12-25T12:02:52.721112267Z | 87 | PC: 12bcf | Get or set file date and time |
| 2018-12-25T12:02:52.723064542Z | 44 | PC: 12bdb | Get time 0x12bdb: and dh, 7 0x12bde: jmp 0x12be1 0x12be0: nop 0x12be1: mov ah, 0x3f 0x12be3: mov cx, 3 0x12be6: mov dx, 0x2f 0x12be9: nop 0x12bea: add dx, si 0x12bec: int 0x21 0x12bee: jb 0x12c45 0x12bf0: cmp ax, 3 0x12bf3: jne 0x12c45 0x12bf5: mov ax, 0x4202 0x12bf8: mov cx, 0 0x12bfb: mov dx, 0 0x12bfe: int 0x21 0x12c00: jb 0x12c45 0x12c02: mov cx, ax 0x12c04: sub ax, 3 0x12c07: mov word ptr [si + 0x33], ax |
| 2018-12-25T12:02:52.735807796Z | 63 | PC: 12bee | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:02:52.743545303Z | 66 | PC: 12c00 | Move file pointer |
| 2018-12-25T12:02:52.745676854Z | 64 | PC: 12c24 | Write file or device (Write 742 bytes on handle 5) |
| 2018-12-25T12:02:52.756742672Z | 66 | PC: 12c36 | Move file pointer |
| 2018-12-25T12:02:52.759021438Z | 64 | PC: 12c45 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:02:52.767053001Z | 87 | PC: 12c58 | Get or set file date and time |
| 2018-12-25T12:02:52.768889547Z | 62 | PC: 12c5c | Close file |
| 2018-12-25T12:02:52.779421852Z | 67 | PC: 12c6b | Get or set file attributes |
| 2018-12-25T12:02:52.791646436Z | 26 | PC: 12c78 | Set disk transfer address |
{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":7868,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:02:52.750124077Z | 48 | PC: 12d51 | Get DOS version |
| 2018-12-25T12:02:52.752125967Z | 47 | PC: 12d5d | Get disk transfer address |
| 2018-12-25T12:02:52.753326431Z | 26 | PC: 12d70 | Set disk transfer address |
| 2018-12-25T12:02:52.754357289Z | 44 | PC: 12d80 | Get time 0x12d80: and dh, 7 0x12d83: jne 0x12da0 0x12d85: jmp 0x12da3 0x12d87: nop 0x12d88: mov ax, 0x508 0x12d8b: mov cx, 0x8001 0x12d8e: mov dx, 0 0x12d91: int 0xd 0x12d93: xor al, al 0x12d95: mov dx, 0x9fff 0x12d98: out dx, al 0x12d99: dec dx 0x12d9a: jne 0x12d98 0x12d9c: inc al 0x12d9e: jmp 0x12d95 0x12da0: jmp 0x12dc3 0x12da2: nop 0x12da3: mov al, byte ptr [0x373] 0x12da6: call 0x12db6 0x12da9: cmp byte ptr [0x373], 0x19 |
| 2018-12-25T12:02:52.756918551Z | 78 | PC: 12e4e | Find first file |
| 2018-12-25T12:02:52.762764905Z | 67 | PC: 12e8c | Get or set file attributes |
| 2018-12-25T12:02:52.768585454Z | 67 | PC: 12e9e | Get or set file attributes |
| 2018-12-25T12:02:52.785782615Z | 61 | PC: 12ea9 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:02:52.792326905Z | 87 | PC: 12eb5 | Get or set file date and time |
| 2018-12-25T12:02:52.793730414Z | 44 | PC: 12ec1 | Get time 0x12ec1: and dh, 7 0x12ec4: jmp 0x12ec7 0x12ec6: nop 0x12ec7: mov ah, 0x3f 0x12ec9: mov cx, 3 0x12ecc: mov dx, 0x2f 0x12ecf: nop 0x12ed0: add dx, si 0x12ed2: int 0x21 0x12ed4: jb 0x12f2b 0x12ed6: cmp ax, 3 0x12ed9: jne 0x12f2b 0x12edb: mov ax, 0x4202 0x12ede: mov cx, 0 0x12ee1: mov dx, 0 0x12ee4: int 0x21 0x12ee6: jb 0x12f2b 0x12ee8: mov cx, ax 0x12eea: sub ax, 3 0x12eed: mov word ptr [si + 0x33], ax |
| 2018-12-25T12:02:52.797296352Z | 63 | PC: 12ed4 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:02:52.80420031Z | 66 | PC: 12ee6 | Move file pointer |
| 2018-12-25T12:02:52.80567625Z | 64 | PC: 12f0a | Write file or device (Write 742 bytes on handle 5) |
| 2018-12-25T12:02:52.815638662Z | 66 | PC: 12f1c | Move file pointer |
| 2018-12-25T12:02:52.817546175Z | 64 | PC: 12f2b | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:02:52.823905327Z | 87 | PC: 12f3e | Get or set file date and time |
| 2018-12-25T12:02:52.82642333Z | 62 | PC: 12f42 | Close file |
| 2018-12-25T12:02:52.834953639Z | 67 | PC: 12f51 | Get or set file attributes |
| 2018-12-25T12:02:52.844510329Z | 26 | PC: 12f5e | Set disk transfer address |
| 2018-12-25T12:02:52.845522465Z | 48 | PC: 12a6b | Get DOS version |
| 2018-12-25T12:02:52.847051055Z | 47 | PC: 12a77 | Get disk transfer address |
| 2018-12-25T12:02:52.848035801Z | 26 | PC: 12a8a | Set disk transfer address |
| 2018-12-25T12:02:52.848940748Z | 44 | PC: 12a9a | Get time 0x12a9a: and dh, 7 0x12a9d: jne 0x12aba 0x12a9f: jmp 0x12abd 0x12aa1: nop 0x12aa2: mov ax, 0x508 0x12aa5: mov cx, 0x8001 0x12aa8: mov dx, 0 0x12aab: int 0xd 0x12aad: xor al, al 0x12aaf: mov dx, 0x9fff 0x12ab2: out dx, al 0x12ab3: dec dx 0x12ab4: jne 0x12ab2 0x12ab6: inc al 0x12ab8: jmp 0x12aaf 0x12aba: jmp 0x12add 0x12abc: nop 0x12abd: mov al, byte ptr [0x373] 0x12ac0: call 0x12ad0 0x12ac3: cmp byte ptr [0x373], 0x19 |
| 2018-12-25T12:02:52.851681497Z | 78 | PC: 12b68 | Find first file |
| 2018-12-25T12:02:52.857641222Z | 79 | PC: 12b6e | Find next file |
| 2018-12-25T12:02:52.860129449Z | 67 | PC: 12ba6 | Get or set file attributes |
| 2018-12-25T12:02:52.866441461Z | 67 | PC: 12bb8 | Get or set file attributes |
| 2018-12-25T12:02:52.878688228Z | 61 | PC: 12bc3 | Open file (Filename = 'PRINT.COM') |
| 2018-12-25T12:02:52.885033025Z | 87 | PC: 12bcf | Get or set file date and time |
| 2018-12-25T12:02:52.88792857Z | 44 | PC: 12bdb | Get time 0x12bdb: and dh, 7 0x12bde: jmp 0x12be1 0x12be0: nop 0x12be1: mov ah, 0x3f 0x12be3: mov cx, 3 0x12be6: mov dx, 0x2f 0x12be9: nop 0x12bea: add dx, si 0x12bec: int 0x21 0x12bee: jb 0x12c45 0x12bf0: cmp ax, 3 0x12bf3: jne 0x12c45 0x12bf5: mov ax, 0x4202 0x12bf8: mov cx, 0 0x12bfb: mov dx, 0 0x12bfe: int 0x21 0x12c00: jb 0x12c45 0x12c02: mov cx, ax 0x12c04: sub ax, 3 0x12c07: mov word ptr [si + 0x33], ax |
| 2018-12-25T12:02:52.889927603Z | 63 | PC: 12bee | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:02:52.896221919Z | 66 | PC: 12c00 | Move file pointer |
| 2018-12-25T12:02:52.898285906Z | 64 | PC: 12c24 | Write file or device (Write 742 bytes on handle 5) |
| 2018-12-25T12:02:52.906677199Z | 66 | PC: 12c36 | Move file pointer |
| 2018-12-25T12:02:52.908634935Z | 64 | PC: 12c45 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:02:52.919535291Z | 87 | PC: 12c58 | Get or set file date and time |
| 2018-12-25T12:02:52.921446844Z | 62 | PC: 12c5c | Close file |
| 2018-12-25T12:02:52.930460736Z | 67 | PC: 12c6b | Get or set file attributes |
| 2018-12-25T12:02:52.940877917Z | 26 | PC: 12c78 | Set disk transfer address |
{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":7,"TimeBased":true,"OriginalID":7868,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:02:52.790057772Z | 48 | PC: 12d51 | Get DOS version |
| 2018-12-25T12:02:52.79197879Z | 47 | PC: 12d5d | Get disk transfer address |
| 2018-12-25T12:02:52.794064685Z | 26 | PC: 12d70 | Set disk transfer address |
| 2018-12-25T12:02:52.805845468Z | 44 | PC: 12d80 | Get time 0x12d80: and dh, 7 0x12d83: jne 0x12da0 0x12d85: jmp 0x12da3 0x12d87: nop 0x12d88: mov ax, 0x508 0x12d8b: mov cx, 0x8001 0x12d8e: mov dx, 0 0x12d91: int 0xd 0x12d93: xor al, al 0x12d95: mov dx, 0x9fff 0x12d98: out dx, al 0x12d99: dec dx 0x12d9a: jne 0x12d98 0x12d9c: inc al 0x12d9e: jmp 0x12d95 0x12da0: jmp 0x12dc3 0x12da2: nop 0x12da3: mov al, byte ptr [0x373] 0x12da6: call 0x12db6 0x12da9: cmp byte ptr [0x373], 0x19 |
| 2018-12-25T12:02:52.80871482Z | 78 | PC: 12e4e | Find first file |
| 2018-12-25T12:02:52.81566807Z | 67 | PC: 12e8c | Get or set file attributes |
| 2018-12-25T12:02:52.821856304Z | 67 | PC: 12e9e | Get or set file attributes |
| 2018-12-25T12:02:52.846256876Z | 61 | PC: 12ea9 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:02:52.855783414Z | 87 | PC: 12eb5 | Get or set file date and time |
| 2018-12-25T12:02:52.85795177Z | 44 | PC: 12ec1 | Get time 0x12ec1: and dh, 7 0x12ec4: jmp 0x12ec7 0x12ec6: nop 0x12ec7: mov ah, 0x3f 0x12ec9: mov cx, 3 0x12ecc: mov dx, 0x2f 0x12ecf: nop 0x12ed0: add dx, si 0x12ed2: int 0x21 0x12ed4: jb 0x12f2b 0x12ed6: cmp ax, 3 0x12ed9: jne 0x12f2b 0x12edb: mov ax, 0x4202 0x12ede: mov cx, 0 0x12ee1: mov dx, 0 0x12ee4: int 0x21 0x12ee6: jb 0x12f2b 0x12ee8: mov cx, ax 0x12eea: sub ax, 3 0x12eed: mov word ptr [si + 0x33], ax |
| 2018-12-25T12:02:52.860936801Z | 63 | PC: 12ed4 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:02:52.880820972Z | 66 | PC: 12ee6 | Move file pointer |
| 2018-12-25T12:02:52.883326939Z | 64 | PC: 12f0a | Write file or device (Write 742 bytes on handle 5) |
| 2018-12-25T12:02:52.893898344Z | 66 | PC: 12f1c | Move file pointer |
| 2018-12-25T12:02:52.897135293Z | 64 | PC: 12f2b | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:02:52.906183758Z | 87 | PC: 12f3e | Get or set file date and time |
| 2018-12-25T12:02:52.907892549Z | 62 | PC: 12f42 | Close file |
| 2018-12-25T12:02:52.921120626Z | 67 | PC: 12f51 | Get or set file attributes |
| 2018-12-25T12:02:52.933377426Z | 26 | PC: 12f5e | Set disk transfer address |
| 2018-12-25T12:02:52.934475132Z | 48 | PC: 12a6b | Get DOS version |
| 2018-12-25T12:02:52.93672553Z | 47 | PC: 12a77 | Get disk transfer address |
| 2018-12-25T12:02:52.938283813Z | 26 | PC: 12a8a | Set disk transfer address |
| 2018-12-25T12:02:52.939599118Z | 44 | PC: 12a9a | Get time 0x12a9a: and dh, 7 0x12a9d: jne 0x12aba 0x12a9f: jmp 0x12abd 0x12aa1: nop 0x12aa2: mov ax, 0x508 0x12aa5: mov cx, 0x8001 0x12aa8: mov dx, 0 0x12aab: int 0xd 0x12aad: xor al, al 0x12aaf: mov dx, 0x9fff 0x12ab2: out dx, al 0x12ab3: dec dx 0x12ab4: jne 0x12ab2 0x12ab6: inc al 0x12ab8: jmp 0x12aaf 0x12aba: jmp 0x12add 0x12abc: nop 0x12abd: mov al, byte ptr [0x373] 0x12ac0: call 0x12ad0 0x12ac3: cmp byte ptr [0x373], 0x19 |
| 2018-12-25T12:02:52.942458765Z | 78 | PC: 12b68 | Find first file |
| 2018-12-25T12:02:52.951134268Z | 79 | PC: 12b6e | Find next file |
| 2018-12-25T12:02:52.954445019Z | 67 | PC: 12ba6 | Get or set file attributes |
| 2018-12-25T12:02:52.96113352Z | 67 | PC: 12bb8 | Get or set file attributes |
| 2018-12-25T12:02:52.973259439Z | 61 | PC: 12bc3 | Open file (Filename = 'PRINT.COM') |
| 2018-12-25T12:02:52.981088346Z | 87 | PC: 12bcf | Get or set file date and time |
| 2018-12-25T12:02:52.983064661Z | 44 | PC: 12bdb | Get time 0x12bdb: and dh, 7 0x12bde: jmp 0x12be1 0x12be0: nop 0x12be1: mov ah, 0x3f 0x12be3: mov cx, 3 0x12be6: mov dx, 0x2f 0x12be9: nop 0x12bea: add dx, si 0x12bec: int 0x21 0x12bee: jb 0x12c45 0x12bf0: cmp ax, 3 0x12bf3: jne 0x12c45 0x12bf5: mov ax, 0x4202 0x12bf8: mov cx, 0 0x12bfb: mov dx, 0 0x12bfe: int 0x21 0x12c00: jb 0x12c45 0x12c02: mov cx, ax 0x12c04: sub ax, 3 0x12c07: mov word ptr [si + 0x33], ax |
| 2018-12-25T12:02:52.986041314Z | 63 | PC: 12bee | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:02:52.994382702Z | 66 | PC: 12c00 | Move file pointer |
| 2018-12-25T12:02:52.996222694Z | 64 | PC: 12c24 | Write file or device (Write 742 bytes on handle 5) |
| 2018-12-25T12:02:53.01855986Z | 66 | PC: 12c36 | Move file pointer |
| 2018-12-25T12:02:53.020588136Z | 64 | PC: 12c45 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:02:53.028115171Z | 87 | PC: 12c58 | Get or set file date and time |
| 2018-12-25T12:02:53.032311759Z | 62 | PC: 12c5c | Close file |
| 2018-12-25T12:02:53.041050358Z | 67 | PC: 12c6b | Get or set file attributes |
| 2018-12-25T12:02:53.052850779Z | 26 | PC: 12c78 | Set disk transfer address |