{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":8131,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:03:34.344494888Z | 9 | PC: 12aff | Display string (String= '�') |
| 2018-12-25T12:03:34.347851762Z | 47 | PC: 12b0d | Get disk transfer address |
| 2018-12-25T12:03:34.349000885Z | 26 | PC: 12b1b | Set disk transfer address |
| 2018-12-25T12:03:34.350079969Z | 78 | PC: 12bdb | Find first file |
| 2018-12-25T12:03:34.357358992Z | 47 | PC: 12be1 | Get disk transfer address |
| 2018-12-25T12:03:34.35847985Z | 9 | PC: 12b4b | Display string (String= '�') |
| 2018-12-25T12:03:34.360956475Z | 61 | PC: 12b70 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:03:34.367955948Z | 63 | PC: 12b7e | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:03:34.375114683Z | 66 | PC: 12ba9 | Move file pointer |
| 2018-12-25T12:03:34.376406131Z | 64 | PC: 12bb2 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:03:34.378931656Z | 66 | PC: 12bbe | Move file pointer |
| 2018-12-25T12:03:34.383821123Z | 64 | PC: 12bca | Write file or device (Write 597 bytes on handle 5) |
| 2018-12-25T12:03:34.397649575Z | 62 | PC: 12bd1 | Close file |
| 2018-12-25T12:03:34.405859625Z | 79 | PC: 12bf7 | Find next file |
| 2018-12-25T12:03:34.409815182Z | 9 | PC: 12b4b | Display string (See above) |
| 2018-12-25T12:03:34.412187094Z | 61 | PC: 12b70 | Open file (See above) |
| 2018-12-25T12:03:34.418817937Z | 63 | PC: 12b7e | Read file or device (See above) |
| 2018-12-25T12:03:34.439806781Z | 66 | PC: 12ba9 | Move file pointer (See above) |
| 2018-12-25T12:03:34.44146465Z | 64 | PC: 12bb2 | Write file or device (See above) |
| 2018-12-25T12:03:34.444418123Z | 66 | PC: 12bbe | Move file pointer (See above) |
| 2018-12-25T12:03:34.446648031Z | 64 | PC: 12bca | Write file or device (See above) |
| 2018-12-25T12:03:34.455132165Z | 62 | PC: 12bd1 | Close file (See above) |
| 2018-12-25T12:03:34.463108342Z | 79 | PC: 12bf7 | Find next file (See above) |
| 2018-12-25T12:03:34.46688356Z | 9 | PC: 12b4b | Display string (See above) |
| 2018-12-25T12:03:34.469473294Z | 61 | PC: 12b70 | Open file (See above) |
| 2018-12-25T12:03:34.475876114Z | 63 | PC: 12b7e | Read file or device (See above) |
| 2018-12-25T12:03:34.483193234Z | 66 | PC: 12ba9 | Move file pointer (See above) |
| 2018-12-25T12:03:34.485085488Z | 64 | PC: 12bb2 | Write file or device (See above) |
| 2018-12-25T12:03:34.487727783Z | 66 | PC: 12bbe | Move file pointer (See above) |
| 2018-12-25T12:03:34.489767663Z | 64 | PC: 12bca | Write file or device (See above) |
| 2018-12-25T12:03:34.499987636Z | 62 | PC: 12bd1 | Close file (See above) |
| 2018-12-25T12:03:34.508259044Z | 79 | PC: 12bf7 | Find next file (See above) |
| 2018-12-25T12:03:34.518447305Z | 9 | PC: 12b4b | Display string (See above) |
| 2018-12-25T12:03:34.520989786Z | 61 | PC: 12b70 | Open file (See above) |
| 2018-12-25T12:03:34.528398986Z | 63 | PC: 12b7e | Read file or device (See above) |
| 2018-12-25T12:03:34.535719522Z | 66 | PC: 12ba9 | Move file pointer (See above) |
| 2018-12-25T12:03:34.537438764Z | 64 | PC: 12bb2 | Write file or device (See above) |
| 2018-12-25T12:03:34.541724153Z | 66 | PC: 12bbe | Move file pointer (See above) |
| 2018-12-25T12:03:34.543114075Z | 64 | PC: 12bca | Write file or device (See above) |
| 2018-12-25T12:03:34.551621361Z | 62 | PC: 12bd1 | Close file (See above) |
| 2018-12-25T12:03:34.559697927Z | 79 | PC: 12bf7 | Find next file (See above) |
| 2018-12-25T12:03:34.562568944Z | 9 | PC: 12b4b | Display string (See above) |
| 2018-12-25T12:03:34.565360886Z | 61 | PC: 12b70 | Open file (See above) |
| 2018-12-25T12:03:34.572388147Z | 63 | PC: 12b7e | Read file or device (See above) |
| 2018-12-25T12:03:34.578805447Z | 66 | PC: 12ba9 | Move file pointer (See above) |
| 2018-12-25T12:03:34.58101203Z | 64 | PC: 12bb2 | Write file or device (See above) |
| 2018-12-25T12:03:34.583850793Z | 66 | PC: 12bbe | Move file pointer (See above) |
| 2018-12-25T12:03:34.585490927Z | 64 | PC: 12bca | Write file or device (See above) |
| 2018-12-25T12:03:34.594453118Z | 62 | PC: 12bd1 | Close file (See above) |
| 2018-12-25T12:03:34.602631706Z | 79 | PC: 12bf7 | Find next file (See above) |
| 2018-12-25T12:03:34.605574826Z | 9 | PC: 12b4b | Display string (See above) |
| 2018-12-25T12:03:34.609050393Z | 61 | PC: 12b70 | Open file (See above) |
| 2018-12-25T12:03:34.61611113Z | 63 | PC: 12b7e | Read file or device (See above) |
| 2018-12-25T12:03:34.62261286Z | 66 | PC: 12ba9 | Move file pointer (See above) |
| 2018-12-25T12:03:34.625002898Z | 64 | PC: 12bb2 | Write file or device (See above) |
| 2018-12-25T12:03:34.627637829Z | 66 | PC: 12bbe | Move file pointer (See above) |
| 2018-12-25T12:03:34.629036235Z | 64 | PC: 12bca | Write file or device (See above) |
| 2018-12-25T12:03:34.637868283Z | 62 | PC: 12bd1 | Close file (See above) |
| 2018-12-25T12:03:34.646399138Z | 79 | PC: 12bf7 | Find next file (See above) |
| 2018-12-25T12:03:34.649023524Z | 9 | PC: 12b4b | Display string (See above) |
| 2018-12-25T12:03:34.651666939Z | 61 | PC: 12b70 | Open file (See above) |
| 2018-12-25T12:03:34.658645897Z | 63 | PC: 12b7e | Read file or device (See above) |
| 2018-12-25T12:03:34.665723691Z | 66 | PC: 12ba9 | Move file pointer (See above) |
| 2018-12-25T12:03:34.667441724Z | 64 | PC: 12bb2 | Write file or device (See above) |
| 2018-12-25T12:03:34.670979479Z | 66 | PC: 12bbe | Move file pointer (See above) |
| 2018-12-25T12:03:34.672390347Z | 64 | PC: 12bca | Write file or device (See above) |
| 2018-12-25T12:03:34.680319637Z | 62 | PC: 12bd1 | Close file (See above) |
| 2018-12-25T12:03:34.689123733Z | 79 | PC: 12bf7 | Find next file (See above) |
| 2018-12-25T12:03:34.692728518Z | 9 | PC: 12b4b | Display string (See above) |
| 2018-12-25T12:03:34.694952879Z | 61 | PC: 12b70 | Open file (See above) |
| 2018-12-25T12:03:34.703122179Z | 63 | PC: 12b7e | Read file or device (See above) |
| 2018-12-25T12:03:34.705850281Z | 62 | PC: 12bd1 | Close file (See above) |
| 2018-12-25T12:03:34.70777303Z | 79 | PC: 12bf7 | Find next file (See above) |
| 2018-12-25T12:03:34.710911983Z | 42 | PC: 12c00 | Get date 0x12c00: cmp dh, dl 0x12c02: je 0x12c04 0x12c04: mov ah, 0x2c 0x12c06: int 0x21 0x12c08: cmp ch, cl 0x12c0a: jne 0x12c0f 0x12c0c: call 0x12c10 0x12c0f: ret 0x12c10: push bx 0x12c11: push dx 0x12c12: cli 0x12c13: mov al, 0xad 0x12c15: out 0x64, al 0x12c17: jmp 0x12c19 0x12c19: sti 0x12c1a: mov cx, 0x18 0x12c1d: push cx 0x12c1e: pop cx 0x12c1f: cmp cx, 0 0x12c22: je 0x12c78 |
| 2018-12-25T12:03:34.713138Z | 44 | PC: 12c08 | Get time 0x12c08: cmp ch, cl 0x12c0a: jne 0x12c0f 0x12c0c: call 0x12c10 0x12c0f: ret 0x12c10: push bx 0x12c11: push dx 0x12c12: cli 0x12c13: mov al, 0xad 0x12c15: out 0x64, al 0x12c17: jmp 0x12c19 0x12c19: sti 0x12c1a: mov cx, 0x18 0x12c1d: push cx 0x12c1e: pop cx 0x12c1f: cmp cx, 0 0x12c22: je 0x12c78 0x12c24: dec cx 0x12c25: push cx 0x12c26: mov ax, 0x701 0x12c29: mov bh, 7 |
| 2018-12-25T12:03:35.14348181Z | 78 | PC: 12cb2 | Find first file |
| 2018-12-25T12:03:35.152143994Z | 26 | PC: 12b30 | Set disk transfer address |
{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":1,"Second":0,"TimeBased":true,"OriginalID":8131,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:03:35.138382547Z | 9 | PC: 12aff | Display string (String= '�') |
| 2018-12-25T12:03:35.141791919Z | 47 | PC: 12b0d | Get disk transfer address |
| 2018-12-25T12:03:35.143523447Z | 26 | PC: 12b1b | Set disk transfer address |
| 2018-12-25T12:03:35.144753328Z | 78 | PC: 12bdb | Find first file |
| 2018-12-25T12:03:35.152134781Z | 47 | PC: 12be1 | Get disk transfer address |
| 2018-12-25T12:03:35.161300333Z | 9 | PC: 12b4b | Display string (String= '�') |
| 2018-12-25T12:03:35.164153439Z | 61 | PC: 12b70 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:03:35.171849985Z | 63 | PC: 12b7e | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:03:35.185246885Z | 66 | PC: 12ba9 | Move file pointer |
| 2018-12-25T12:03:35.187049566Z | 64 | PC: 12bb2 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:03:35.19117717Z | 66 | PC: 12bbe | Move file pointer |
| 2018-12-25T12:03:35.193542552Z | 64 | PC: 12bca | Write file or device (Write 597 bytes on handle 5) |
| 2018-12-25T12:03:35.209011738Z | 62 | PC: 12bd1 | Close file |
| 2018-12-25T12:03:35.217965547Z | 79 | PC: 12bf7 | Find next file |
| 2018-12-25T12:03:35.221479886Z | 9 | PC: 12b4b | Display string (See above) |
| 2018-12-25T12:03:35.223966929Z | 61 | PC: 12b70 | Open file (See above) |
| 2018-12-25T12:03:35.231200125Z | 63 | PC: 12b7e | Read file or device (See above) |
| 2018-12-25T12:03:35.2402644Z | 66 | PC: 12ba9 | Move file pointer (See above) |
| 2018-12-25T12:03:35.242195025Z | 64 | PC: 12bb2 | Write file or device (See above) |
| 2018-12-25T12:03:35.246233892Z | 66 | PC: 12bbe | Move file pointer (See above) |
| 2018-12-25T12:03:35.248336656Z | 64 | PC: 12bca | Write file or device (See above) |
| 2018-12-25T12:03:35.258293894Z | 62 | PC: 12bd1 | Close file (See above) |
| 2018-12-25T12:03:35.268060821Z | 79 | PC: 12bf7 | Find next file (See above) |
| 2018-12-25T12:03:35.2713872Z | 9 | PC: 12b4b | Display string (See above) |
| 2018-12-25T12:03:35.274685708Z | 61 | PC: 12b70 | Open file (See above) |
| 2018-12-25T12:03:35.278994418Z | 63 | PC: 12b7e | Read file or device (See above) |
| 2018-12-25T12:03:35.28486648Z | 66 | PC: 12ba9 | Move file pointer (See above) |
| 2018-12-25T12:03:35.288117264Z | 64 | PC: 12bb2 | Write file or device (See above) |
| 2018-12-25T12:03:35.291670864Z | 66 | PC: 12bbe | Move file pointer (See above) |
| 2018-12-25T12:03:35.293714065Z | 64 | PC: 12bca | Write file or device (See above) |
| 2018-12-25T12:03:35.303541919Z | 62 | PC: 12bd1 | Close file (See above) |
| 2018-12-25T12:03:35.313033273Z | 79 | PC: 12bf7 | Find next file (See above) |
| 2018-12-25T12:03:35.316374685Z | 9 | PC: 12b4b | Display string (See above) |
| 2018-12-25T12:03:35.319868018Z | 61 | PC: 12b70 | Open file (See above) |
| 2018-12-25T12:03:35.324785391Z | 63 | PC: 12b7e | Read file or device (See above) |
| 2018-12-25T12:03:35.33060222Z | 66 | PC: 12ba9 | Move file pointer (See above) |
| 2018-12-25T12:03:35.333749581Z | 64 | PC: 12bb2 | Write file or device (See above) |
| 2018-12-25T12:03:35.336796314Z | 66 | PC: 12bbe | Move file pointer (See above) |
| 2018-12-25T12:03:35.338488918Z | 64 | PC: 12bca | Write file or device (See above) |
| 2018-12-25T12:03:35.347861384Z | 62 | PC: 12bd1 | Close file (See above) |
| 2018-12-25T12:03:35.356897321Z | 79 | PC: 12bf7 | Find next file (See above) |
| 2018-12-25T12:03:35.35992949Z | 9 | PC: 12b4b | Display string (See above) |
| 2018-12-25T12:03:35.36240537Z | 61 | PC: 12b70 | Open file (See above) |
| 2018-12-25T12:03:35.3717853Z | 63 | PC: 12b7e | Read file or device (See above) |
| 2018-12-25T12:03:35.378970488Z | 66 | PC: 12ba9 | Move file pointer (See above) |
| 2018-12-25T12:03:35.381123462Z | 64 | PC: 12bb2 | Write file or device (See above) |
| 2018-12-25T12:03:35.392311969Z | 66 | PC: 12bbe | Move file pointer (See above) |
| 2018-12-25T12:03:35.394344943Z | 64 | PC: 12bca | Write file or device (See above) |
| 2018-12-25T12:03:35.404027795Z | 62 | PC: 12bd1 | Close file (See above) |
| 2018-12-25T12:03:35.413923501Z | 79 | PC: 12bf7 | Find next file (See above) |
| 2018-12-25T12:03:35.416827423Z | 9 | PC: 12b4b | Display string (See above) |
| 2018-12-25T12:03:35.418960176Z | 61 | PC: 12b70 | Open file (See above) |
| 2018-12-25T12:03:35.42693191Z | 63 | PC: 12b7e | Read file or device (See above) |
| 2018-12-25T12:03:35.434153618Z | 66 | PC: 12ba9 | Move file pointer (See above) |
| 2018-12-25T12:03:35.436254938Z | 64 | PC: 12bb2 | Write file or device (See above) |
| 2018-12-25T12:03:35.440343754Z | 66 | PC: 12bbe | Move file pointer (See above) |
| 2018-12-25T12:03:35.44269605Z | 64 | PC: 12bca | Write file or device (See above) |
| 2018-12-25T12:03:35.452845857Z | 62 | PC: 12bd1 | Close file (See above) |
| 2018-12-25T12:03:35.462202078Z | 79 | PC: 12bf7 | Find next file (See above) |
| 2018-12-25T12:03:35.465298725Z | 9 | PC: 12b4b | Display string (See above) |
| 2018-12-25T12:03:35.467510216Z | 61 | PC: 12b70 | Open file (See above) |
| 2018-12-25T12:03:35.475481165Z | 63 | PC: 12b7e | Read file or device (See above) |
| 2018-12-25T12:03:35.483803687Z | 66 | PC: 12ba9 | Move file pointer (See above) |
| 2018-12-25T12:03:35.485284808Z | 64 | PC: 12bb2 | Write file or device (See above) |
| 2018-12-25T12:03:35.488145102Z | 66 | PC: 12bbe | Move file pointer (See above) |
| 2018-12-25T12:03:35.492115426Z | 64 | PC: 12bca | Write file or device (See above) |
| 2018-12-25T12:03:35.501108242Z | 62 | PC: 12bd1 | Close file (See above) |
| 2018-12-25T12:03:35.513145938Z | 79 | PC: 12bf7 | Find next file (See above) |
| 2018-12-25T12:03:35.518471695Z | 9 | PC: 12b4b | Display string (See above) |
| 2018-12-25T12:03:35.520322485Z | 61 | PC: 12b70 | Open file (See above) |
| 2018-12-25T12:03:35.524820708Z | 63 | PC: 12b7e | Read file or device (See above) |
| 2018-12-25T12:03:35.526963928Z | 62 | PC: 12bd1 | Close file (See above) |
| 2018-12-25T12:03:35.528646588Z | 79 | PC: 12bf7 | Find next file (See above) |
| 2018-12-25T12:03:35.530613547Z | 42 | PC: 12c00 | Get date 0x12c00: cmp dh, dl 0x12c02: je 0x12c04 0x12c04: mov ah, 0x2c 0x12c06: int 0x21 0x12c08: cmp ch, cl 0x12c0a: jne 0x12c0f 0x12c0c: call 0x12c10 0x12c0f: ret 0x12c10: push bx 0x12c11: push dx 0x12c12: cli 0x12c13: mov al, 0xad 0x12c15: out 0x64, al 0x12c17: jmp 0x12c19 0x12c19: sti 0x12c1a: mov cx, 0x18 0x12c1d: push cx 0x12c1e: pop cx 0x12c1f: cmp cx, 0 0x12c22: je 0x12c78 |
| 2018-12-25T12:03:35.532111193Z | 44 | PC: 12c08 | Get time 0x12c08: cmp ch, cl 0x12c0a: jne 0x12c0f 0x12c0c: call 0x12c10 0x12c0f: ret 0x12c10: push bx 0x12c11: push dx 0x12c12: cli 0x12c13: mov al, 0xad 0x12c15: out 0x64, al 0x12c17: jmp 0x12c19 0x12c19: sti 0x12c1a: mov cx, 0x18 0x12c1d: push cx 0x12c1e: pop cx 0x12c1f: cmp cx, 0 0x12c22: je 0x12c78 0x12c24: dec cx 0x12c25: push cx 0x12c26: mov ax, 0x701 0x12c29: mov bh, 7 |
| 2018-12-25T12:03:35.533903718Z | 78 | PC: 12cb2 | Find first file |
| 2018-12-25T12:03:35.538484212Z | 26 | PC: 12b30 | Set disk transfer address |
{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":8131,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:03:35.25480204Z | 9 | PC: 12aff | Display string (String= '�') |
| 2018-12-25T12:03:35.257925758Z | 47 | PC: 12b0d | Get disk transfer address |
| 2018-12-25T12:03:35.259478145Z | 26 | PC: 12b1b | Set disk transfer address |
| 2018-12-25T12:03:35.260843133Z | 78 | PC: 12bdb | Find first file |
| 2018-12-25T12:03:35.269104784Z | 47 | PC: 12be1 | Get disk transfer address |
| 2018-12-25T12:03:35.272205269Z | 9 | PC: 12b4b | Display string (String= '�') |
| 2018-12-25T12:03:35.275164757Z | 61 | PC: 12b70 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:03:35.282885667Z | 63 | PC: 12b7e | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:03:35.291364981Z | 66 | PC: 12ba9 | Move file pointer |
| 2018-12-25T12:03:35.293002861Z | 64 | PC: 12bb2 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:03:35.295967202Z | 66 | PC: 12bbe | Move file pointer |
| 2018-12-25T12:03:35.298281055Z | 64 | PC: 12bca | Write file or device (Write 597 bytes on handle 5) |
| 2018-12-25T12:03:35.312879182Z | 62 | PC: 12bd1 | Close file |
| 2018-12-25T12:03:35.32239683Z | 79 | PC: 12bf7 | Find next file |
| 2018-12-25T12:03:35.32709501Z | 9 | PC: 12b4b | Display string (See above) |
| 2018-12-25T12:03:35.329183374Z | 61 | PC: 12b70 | Open file (See above) |
| 2018-12-25T12:03:35.333673428Z | 63 | PC: 12b7e | Read file or device (See above) |
| 2018-12-25T12:03:35.338517659Z | 66 | PC: 12ba9 | Move file pointer (See above) |
| 2018-12-25T12:03:35.339782653Z | 64 | PC: 12bb2 | Write file or device (See above) |
| 2018-12-25T12:03:35.341881554Z | 66 | PC: 12bbe | Move file pointer (See above) |
| 2018-12-25T12:03:35.343672664Z | 64 | PC: 12bca | Write file or device (See above) |
| 2018-12-25T12:03:35.352702597Z | 62 | PC: 12bd1 | Close file (See above) |
| 2018-12-25T12:03:35.360529357Z | 79 | PC: 12bf7 | Find next file (See above) |
| 2018-12-25T12:03:35.363160887Z | 9 | PC: 12b4b | Display string (See above) |
| 2018-12-25T12:03:35.365319427Z | 61 | PC: 12b70 | Open file (See above) |
| 2018-12-25T12:03:35.372732407Z | 63 | PC: 12b7e | Read file or device (See above) |
| 2018-12-25T12:03:35.380216989Z | 66 | PC: 12ba9 | Move file pointer (See above) |
| 2018-12-25T12:03:35.382510107Z | 64 | PC: 12bb2 | Write file or device (See above) |
| 2018-12-25T12:03:35.38615173Z | 66 | PC: 12bbe | Move file pointer (See above) |
| 2018-12-25T12:03:35.38824471Z | 64 | PC: 12bca | Write file or device (See above) |
| 2018-12-25T12:03:35.397925923Z | 62 | PC: 12bd1 | Close file (See above) |
| 2018-12-25T12:03:35.408533505Z | 79 | PC: 12bf7 | Find next file (See above) |
| 2018-12-25T12:03:35.411646448Z | 9 | PC: 12b4b | Display string (See above) |
| 2018-12-25T12:03:35.415301915Z | 61 | PC: 12b70 | Open file (See above) |
| 2018-12-25T12:03:35.42242874Z | 63 | PC: 12b7e | Read file or device (See above) |
| 2018-12-25T12:03:35.44217797Z | 66 | PC: 12ba9 | Move file pointer (See above) |
| 2018-12-25T12:03:35.444462663Z | 64 | PC: 12bb2 | Write file or device (See above) |
| 2018-12-25T12:03:35.447594159Z | 66 | PC: 12bbe | Move file pointer (See above) |
| 2018-12-25T12:03:35.449315311Z | 64 | PC: 12bca | Write file or device (See above) |
| 2018-12-25T12:03:35.459686782Z | 62 | PC: 12bd1 | Close file (See above) |
| 2018-12-25T12:03:35.469019936Z | 79 | PC: 12bf7 | Find next file (See above) |
| 2018-12-25T12:03:35.472310722Z | 9 | PC: 12b4b | Display string (See above) |
| 2018-12-25T12:03:35.475867167Z | 61 | PC: 12b70 | Open file (See above) |
| 2018-12-25T12:03:35.483168799Z | 63 | PC: 12b7e | Read file or device (See above) |
| 2018-12-25T12:03:35.490747198Z | 66 | PC: 12ba9 | Move file pointer (See above) |
| 2018-12-25T12:03:35.493599015Z | 64 | PC: 12bb2 | Write file or device (See above) |
| 2018-12-25T12:03:35.498693051Z | 66 | PC: 12bbe | Move file pointer (See above) |
| 2018-12-25T12:03:35.500686093Z | 64 | PC: 12bca | Write file or device (See above) |
| 2018-12-25T12:03:35.509729987Z | 62 | PC: 12bd1 | Close file (See above) |
| 2018-12-25T12:03:35.519356283Z | 79 | PC: 12bf7 | Find next file (See above) |
| 2018-12-25T12:03:35.522945936Z | 9 | PC: 12b4b | Display string (See above) |
| 2018-12-25T12:03:35.525863838Z | 61 | PC: 12b70 | Open file (See above) |
| 2018-12-25T12:03:35.53391055Z | 63 | PC: 12b7e | Read file or device (See above) |
| 2018-12-25T12:03:35.541324998Z | 66 | PC: 12ba9 | Move file pointer (See above) |
| 2018-12-25T12:03:35.542991476Z | 64 | PC: 12bb2 | Write file or device (See above) |
| 2018-12-25T12:03:35.546580569Z | 66 | PC: 12bbe | Move file pointer (See above) |
| 2018-12-25T12:03:35.548076365Z | 64 | PC: 12bca | Write file or device (See above) |
| 2018-12-25T12:03:35.557966583Z | 62 | PC: 12bd1 | Close file (See above) |
| 2018-12-25T12:03:35.56984104Z | 79 | PC: 12bf7 | Find next file (See above) |
| 2018-12-25T12:03:35.573731839Z | 9 | PC: 12b4b | Display string (See above) |
| 2018-12-25T12:03:35.576643679Z | 61 | PC: 12b70 | Open file (See above) |
| 2018-12-25T12:03:35.585197903Z | 63 | PC: 12b7e | Read file or device (See above) |
| 2018-12-25T12:03:35.593114376Z | 66 | PC: 12ba9 | Move file pointer (See above) |
| 2018-12-25T12:03:35.595021895Z | 64 | PC: 12bb2 | Write file or device (See above) |
| 2018-12-25T12:03:35.598228706Z | 66 | PC: 12bbe | Move file pointer (See above) |
| 2018-12-25T12:03:35.600688136Z | 64 | PC: 12bca | Write file or device (See above) |
| 2018-12-25T12:03:35.610035456Z | 62 | PC: 12bd1 | Close file (See above) |
| 2018-12-25T12:03:35.618806207Z | 79 | PC: 12bf7 | Find next file (See above) |
| 2018-12-25T12:03:35.62255192Z | 9 | PC: 12b4b | Display string (See above) |
| 2018-12-25T12:03:35.626271882Z | 61 | PC: 12b70 | Open file (See above) |
| 2018-12-25T12:03:35.633896648Z | 63 | PC: 12b7e | Read file or device (See above) |
| 2018-12-25T12:03:35.638180734Z | 62 | PC: 12bd1 | Close file (See above) |
| 2018-12-25T12:03:35.640541763Z | 79 | PC: 12bf7 | Find next file (See above) |
| 2018-12-25T12:03:35.64358702Z | 42 | PC: 12c00 | Get date 0x12c00: cmp dh, dl 0x12c02: je 0x12c04 0x12c04: mov ah, 0x2c 0x12c06: int 0x21 0x12c08: cmp ch, cl 0x12c0a: jne 0x12c0f 0x12c0c: call 0x12c10 0x12c0f: ret 0x12c10: push bx 0x12c11: push dx 0x12c12: cli 0x12c13: mov al, 0xad 0x12c15: out 0x64, al 0x12c17: jmp 0x12c19 0x12c19: sti 0x12c1a: mov cx, 0x18 0x12c1d: push cx 0x12c1e: pop cx 0x12c1f: cmp cx, 0 0x12c22: je 0x12c78 |
| 2018-12-25T12:03:35.647193802Z | 44 | PC: 12c08 | Get time 0x12c08: cmp ch, cl 0x12c0a: jne 0x12c0f 0x12c0c: call 0x12c10 0x12c0f: ret 0x12c10: push bx 0x12c11: push dx 0x12c12: cli 0x12c13: mov al, 0xad 0x12c15: out 0x64, al 0x12c17: jmp 0x12c19 0x12c19: sti 0x12c1a: mov cx, 0x18 0x12c1d: push cx 0x12c1e: pop cx 0x12c1f: cmp cx, 0 0x12c22: je 0x12c78 0x12c24: dec cx 0x12c25: push cx 0x12c26: mov ax, 0x701 0x12c29: mov bh, 7 |
| 2018-12-25T12:03:36.076664925Z | 78 | PC: 12cb2 | Find first file |
| 2018-12-25T12:03:36.083302985Z | 26 | PC: 12b30 | Set disk transfer address |
{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":1,"Second":0,"TimeBased":true,"OriginalID":8131,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:03:35.4660122Z | 9 | PC: 12aff | Display string (String= '�') |
| 2018-12-25T12:03:35.469301132Z | 47 | PC: 12b0d | Get disk transfer address |
| 2018-12-25T12:03:35.470791163Z | 26 | PC: 12b1b | Set disk transfer address |
| 2018-12-25T12:03:35.471903978Z | 78 | PC: 12bdb | Find first file |
| 2018-12-25T12:03:35.478284375Z | 47 | PC: 12be1 | Get disk transfer address |
| 2018-12-25T12:03:35.480504549Z | 9 | PC: 12b4b | Display string (String= '�') |
| 2018-12-25T12:03:35.482979881Z | 61 | PC: 12b70 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:03:35.490970066Z | 63 | PC: 12b7e | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:03:35.499117604Z | 66 | PC: 12ba9 | Move file pointer |
| 2018-12-25T12:03:35.50058228Z | 64 | PC: 12bb2 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:03:35.502435806Z | 66 | PC: 12bbe | Move file pointer |
| 2018-12-25T12:03:35.503936226Z | 64 | PC: 12bca | Write file or device (Write 597 bytes on handle 5) |
| 2018-12-25T12:03:35.517543412Z | 62 | PC: 12bd1 | Close file |
| 2018-12-25T12:03:35.527141954Z | 79 | PC: 12bf7 | Find next file |
| 2018-12-25T12:03:35.530326137Z | 9 | PC: 12b4b | Display string (See above) |
| 2018-12-25T12:03:35.536854301Z | 61 | PC: 12b70 | Open file (See above) |
| 2018-12-25T12:03:35.548290169Z | 63 | PC: 12b7e | Read file or device (See above) |
| 2018-12-25T12:03:35.556029176Z | 66 | PC: 12ba9 | Move file pointer (See above) |
| 2018-12-25T12:03:35.558280748Z | 64 | PC: 12bb2 | Write file or device (See above) |
| 2018-12-25T12:03:35.561051187Z | 66 | PC: 12bbe | Move file pointer (See above) |
| 2018-12-25T12:03:35.563012154Z | 64 | PC: 12bca | Write file or device (See above) |
| 2018-12-25T12:03:35.573180399Z | 62 | PC: 12bd1 | Close file (See above) |
| 2018-12-25T12:03:35.581691106Z | 79 | PC: 12bf7 | Find next file (See above) |
| 2018-12-25T12:03:35.593171538Z | 9 | PC: 12b4b | Display string (See above) |
| 2018-12-25T12:03:35.596826369Z | 61 | PC: 12b70 | Open file (See above) |
| 2018-12-25T12:03:35.608495623Z | 63 | PC: 12b7e | Read file or device (See above) |
| 2018-12-25T12:03:35.6209602Z | 66 | PC: 12ba9 | Move file pointer (See above) |
| 2018-12-25T12:03:35.622892807Z | 64 | PC: 12bb2 | Write file or device (See above) |
| 2018-12-25T12:03:35.625168402Z | 66 | PC: 12bbe | Move file pointer (See above) |
| 2018-12-25T12:03:35.626644104Z | 64 | PC: 12bca | Write file or device (See above) |
| 2018-12-25T12:03:35.641295592Z | 62 | PC: 12bd1 | Close file (See above) |
| 2018-12-25T12:03:35.659754813Z | 79 | PC: 12bf7 | Find next file (See above) |
| 2018-12-25T12:03:35.66569246Z | 9 | PC: 12b4b | Display string (See above) |
| 2018-12-25T12:03:35.670324354Z | 61 | PC: 12b70 | Open file (See above) |
| 2018-12-25T12:03:35.678220485Z | 63 | PC: 12b7e | Read file or device (See above) |
| 2018-12-25T12:03:35.687362729Z | 66 | PC: 12ba9 | Move file pointer (See above) |
| 2018-12-25T12:03:35.689625831Z | 64 | PC: 12bb2 | Write file or device (See above) |
| 2018-12-25T12:03:35.693893063Z | 66 | PC: 12bbe | Move file pointer (See above) |
| 2018-12-25T12:03:35.69617835Z | 64 | PC: 12bca | Write file or device (See above) |
| 2018-12-25T12:03:35.706582583Z | 62 | PC: 12bd1 | Close file (See above) |
| 2018-12-25T12:03:35.723559008Z | 79 | PC: 12bf7 | Find next file (See above) |
| 2018-12-25T12:03:35.726666757Z | 9 | PC: 12b4b | Display string (See above) |
| 2018-12-25T12:03:35.729052841Z | 61 | PC: 12b70 | Open file (See above) |
| 2018-12-25T12:03:35.737675733Z | 63 | PC: 12b7e | Read file or device (See above) |
| 2018-12-25T12:03:35.744671107Z | 66 | PC: 12ba9 | Move file pointer (See above) |
| 2018-12-25T12:03:35.746159544Z | 64 | PC: 12bb2 | Write file or device (See above) |
| 2018-12-25T12:03:35.749639183Z | 66 | PC: 12bbe | Move file pointer (See above) |
| 2018-12-25T12:03:35.7512777Z | 64 | PC: 12bca | Write file or device (See above) |
| 2018-12-25T12:03:35.762361818Z | 62 | PC: 12bd1 | Close file (See above) |
| 2018-12-25T12:03:35.772192859Z | 79 | PC: 12bf7 | Find next file (See above) |
| 2018-12-25T12:03:35.7751317Z | 9 | PC: 12b4b | Display string (See above) |
| 2018-12-25T12:03:35.777479041Z | 61 | PC: 12b70 | Open file (See above) |
| 2018-12-25T12:03:35.785181803Z | 63 | PC: 12b7e | Read file or device (See above) |
| 2018-12-25T12:03:35.789519562Z | 66 | PC: 12ba9 | Move file pointer (See above) |
| 2018-12-25T12:03:35.790706355Z | 64 | PC: 12bb2 | Write file or device (See above) |
| 2018-12-25T12:03:35.792742035Z | 66 | PC: 12bbe | Move file pointer (See above) |
| 2018-12-25T12:03:35.79448535Z | 64 | PC: 12bca | Write file or device (See above) |
| 2018-12-25T12:03:35.800644567Z | 62 | PC: 12bd1 | Close file (See above) |
| 2018-12-25T12:03:35.806482676Z | 79 | PC: 12bf7 | Find next file (See above) |
| 2018-12-25T12:03:35.811429997Z | 9 | PC: 12b4b | Display string (See above) |
| 2018-12-25T12:03:35.814064753Z | 61 | PC: 12b70 | Open file (See above) |
| 2018-12-25T12:03:35.821201926Z | 63 | PC: 12b7e | Read file or device (See above) |
| 2018-12-25T12:03:35.828886987Z | 66 | PC: 12ba9 | Move file pointer (See above) |
| 2018-12-25T12:03:35.830428091Z | 64 | PC: 12bb2 | Write file or device (See above) |
| 2018-12-25T12:03:35.833508271Z | 66 | PC: 12bbe | Move file pointer (See above) |
| 2018-12-25T12:03:35.836112454Z | 64 | PC: 12bca | Write file or device (See above) |
| 2018-12-25T12:03:35.845628228Z | 62 | PC: 12bd1 | Close file (See above) |
| 2018-12-25T12:03:35.854769456Z | 79 | PC: 12bf7 | Find next file (See above) |
| 2018-12-25T12:03:35.858654768Z | 9 | PC: 12b4b | Display string (See above) |
| 2018-12-25T12:03:35.861438472Z | 61 | PC: 12b70 | Open file (See above) |
| 2018-12-25T12:03:35.869031486Z | 63 | PC: 12b7e | Read file or device (See above) |
| 2018-12-25T12:03:35.873056859Z | 62 | PC: 12bd1 | Close file (See above) |
| 2018-12-25T12:03:35.876335485Z | 79 | PC: 12bf7 | Find next file (See above) |
| 2018-12-25T12:03:35.87931856Z | 42 | PC: 12c00 | Get date 0x12c00: cmp dh, dl 0x12c02: je 0x12c04 0x12c04: mov ah, 0x2c 0x12c06: int 0x21 0x12c08: cmp ch, cl 0x12c0a: jne 0x12c0f 0x12c0c: call 0x12c10 0x12c0f: ret 0x12c10: push bx 0x12c11: push dx 0x12c12: cli 0x12c13: mov al, 0xad 0x12c15: out 0x64, al 0x12c17: jmp 0x12c19 0x12c19: sti 0x12c1a: mov cx, 0x18 0x12c1d: push cx 0x12c1e: pop cx 0x12c1f: cmp cx, 0 0x12c22: je 0x12c78 |
| 2018-12-25T12:03:35.882014142Z | 44 | PC: 12c08 | Get time 0x12c08: cmp ch, cl 0x12c0a: jne 0x12c0f 0x12c0c: call 0x12c10 0x12c0f: ret 0x12c10: push bx 0x12c11: push dx 0x12c12: cli 0x12c13: mov al, 0xad 0x12c15: out 0x64, al 0x12c17: jmp 0x12c19 0x12c19: sti 0x12c1a: mov cx, 0x18 0x12c1d: push cx 0x12c1e: pop cx 0x12c1f: cmp cx, 0 0x12c22: je 0x12c78 0x12c24: dec cx 0x12c25: push cx 0x12c26: mov ax, 0x701 0x12c29: mov bh, 7 |
| 2018-12-25T12:03:35.885796417Z | 78 | PC: 12cb2 | Find first file |
| 2018-12-25T12:03:35.892599638Z | 26 | PC: 12b30 | Set disk transfer address |