{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":8224,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:03:57.119890541Z | 71 | PC: 12b28 | Get current directory |
| 2018-12-25T12:03:57.123324889Z | 59 | PC: 12b33 | Change current directory |
| 2018-12-25T12:03:57.127338743Z | 26 | PC: 12be6 | Set disk transfer address |
| 2018-12-25T12:03:57.128377049Z | 78 | PC: 12bf4 | Find first file |
| 2018-12-25T12:03:57.142222528Z | 61 | PC: 12c1f | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:03:57.148704173Z | 63 | PC: 12c31 | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T12:03:57.155212263Z | 44 | PC: 12c64 | Get time 0x12c64: add dl, dh 0x12c66: je 0x12c60 0x12c68: mov si, 0x115 0x12c6b: add si, word ptr [0x106] 0x12c6f: mov byte ptr [si], dl 0x12c71: mov ax, 0x4301 0x12c74: xor cx, cx 0x12c76: mov dx, si 0x12c78: add dx, 0xaf 0x12c7c: int 0x21 0x12c7e: mov ah, 0x3e 0x12c80: int 0x21 0x12c82: mov ax, 0x3d02 0x12c85: int 0x21 0x12c87: jb 0x12c40 0x12c89: mov di, dx 0x12c8b: add di, 0x5d 0x12c8e: stosw word ptr es:[di], ax 0x12c8f: xchg ax, bx 0x12c90: mov ah, 0x40 |
| 2018-12-25T12:03:57.158098877Z | 67 | PC: 12c7e | Get or set file attributes |
| 2018-12-25T12:03:57.177653816Z | 62 | PC: 12c82 | Close file |
| 2018-12-25T12:03:57.179579921Z | 61 | PC: 12c87 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:03:57.187089215Z | 64 | PC: 12c9a | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:03:57.195372715Z | 64 | PC: 12cac | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:03:57.19810284Z | 64 | PC: 12cc1 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:03:57.201635714Z | 66 | PC: 12cca | Move file pointer |
| 2018-12-25T12:03:57.206317079Z | 64 | PC: 12a7d | Write file or device (Write 1110 bytes on handle 5) |
| 2018-12-25T12:03:57.215134596Z | 87 | PC: 12ce3 | Get or set file date and time |
| 2018-12-25T12:03:57.216702066Z | 62 | PC: 12ce7 | Close file |
| 2018-12-25T12:03:57.225342337Z | 67 | PC: 12cf8 | Get or set file attributes |
| 2018-12-25T12:03:57.234904622Z | 79 | PC: 12c07 | Find next file |
| 2018-12-25T12:03:57.237314044Z | 61 | PC: 12c1f | Open file (See above) |
| 2018-12-25T12:03:57.245080831Z | 63 | PC: 12c31 | Read file or device (See above) |
| 2018-12-25T12:03:57.251641243Z | 44 | PC: 12c64 | Get time (See above) |
| 2018-12-25T12:03:57.253646449Z | 67 | PC: 12c7e | Get or set file attributes (See above) |
| 2018-12-25T12:03:57.264137817Z | 62 | PC: 12c82 | Close file (See above) |
| 2018-12-25T12:03:57.265741727Z | 61 | PC: 12c87 | Open file (See above) |
| 2018-12-25T12:03:57.272121225Z | 64 | PC: 12c9a | Write file or device (See above) |
| 2018-12-25T12:03:57.275327347Z | 64 | PC: 12cac | Write file or device (See above) |
| 2018-12-25T12:03:57.277995505Z | 64 | PC: 12cc1 | Write file or device (See above) |
| 2018-12-25T12:03:57.280480416Z | 66 | PC: 12cca | Move file pointer (See above) |
| 2018-12-25T12:03:57.282903749Z | 64 | PC: 12a7d | Write file or device (See above) |
| 2018-12-25T12:03:57.292032227Z | 87 | PC: 12ce3 | Get or set file date and time (See above) |
| 2018-12-25T12:03:57.293605369Z | 62 | PC: 12ce7 | Close file (See above) |
| 2018-12-25T12:03:57.301993615Z | 67 | PC: 12cf8 | Get or set file attributes (See above) |
| 2018-12-25T12:03:57.308755102Z | 79 | PC: 12c07 | Find next file (See above) |
| 2018-12-25T12:03:57.310596913Z | 61 | PC: 12c1f | Open file (See above) |
| 2018-12-25T12:03:57.315085463Z | 63 | PC: 12c31 | Read file or device (See above) |
| 2018-12-25T12:03:57.321544691Z | 44 | PC: 12c64 | Get time (See above) |
| 2018-12-25T12:03:57.323952791Z | 67 | PC: 12c7e | Get or set file attributes (See above) |
| 2018-12-25T12:03:57.331070207Z | 62 | PC: 12c82 | Close file (See above) |
| 2018-12-25T12:03:57.335965411Z | 61 | PC: 12c87 | Open file (See above) |
| 2018-12-25T12:03:57.342378475Z | 64 | PC: 12c9a | Write file or device (See above) |
| 2018-12-25T12:03:57.344947097Z | 64 | PC: 12cac | Write file or device (See above) |
| 2018-12-25T12:03:57.347668843Z | 64 | PC: 12cc1 | Write file or device (See above) |
| 2018-12-25T12:03:57.350033967Z | 66 | PC: 12cca | Move file pointer (See above) |
| 2018-12-25T12:03:57.351760076Z | 64 | PC: 12a7d | Write file or device (See above) |
| 2018-12-25T12:03:57.360737661Z | 87 | PC: 12ce3 | Get or set file date and time (See above) |
| 2018-12-25T12:03:57.362069428Z | 62 | PC: 12ce7 | Close file (See above) |
| 2018-12-25T12:03:57.369264747Z | 67 | PC: 12cf8 | Get or set file attributes (See above) |
| 2018-12-25T12:03:57.379800083Z | 42 | PC: 12b4e | Get date 0x12b4e: cmp dx, 0x709 0x12b52: je 0x12b57 0x12b54: jmp 0x12d68 0x12b57: jmp 0x12cfd 0x12b5a: and ah, bh 0x12b5c: movsw word ptr es:[di], word ptr [si] 0x12b5d: mov ax, 0x5c4c 0x12b60: add word ptr [di], ax 0x12b62: add byte ptr [di - 0x75], dl 0x12b65: in al, dx 0x12b66: sub sp, 0x2c 0x12b69: push si 0x12b6a: jmp 0x12bdb 0x12b6c: mov ah, 0x1a 0x12b6e: lea dx, word ptr [bp - 0x2c] 0x12b71: int 0x21 0x12b73: mov ah, 0x4e 0x12b75: mov cx, 0x10 0x12b78: mov dx, 0x19d 0x12b7b: add dx, word ptr [0x106] |
| 2018-12-25T12:03:57.381929877Z | 59 | PC: 12d73 | Change current directory |
| 2018-12-25T12:03:57.385816925Z | 59 | PC: 12d7a | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":8224,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:03:57.192127442Z | 71 | PC: 12b28 | Get current directory |
| 2018-12-25T12:03:57.19518986Z | 59 | PC: 12b33 | Change current directory |
| 2018-12-25T12:03:57.198960698Z | 26 | PC: 12be6 | Set disk transfer address |
| 2018-12-25T12:03:57.199874588Z | 78 | PC: 12bf4 | Find first file |
| 2018-12-25T12:03:57.210809738Z | 61 | PC: 12c1f | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:03:57.221965024Z | 63 | PC: 12c31 | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T12:03:57.228243475Z | 44 | PC: 12c64 | Get time 0x12c64: add dl, dh 0x12c66: je 0x12c60 0x12c68: mov si, 0x115 0x12c6b: add si, word ptr [0x106] 0x12c6f: mov byte ptr [si], dl 0x12c71: mov ax, 0x4301 0x12c74: xor cx, cx 0x12c76: mov dx, si 0x12c78: add dx, 0xaf 0x12c7c: int 0x21 0x12c7e: mov ah, 0x3e 0x12c80: int 0x21 0x12c82: mov ax, 0x3d02 0x12c85: int 0x21 0x12c87: jb 0x12c40 0x12c89: mov di, dx 0x12c8b: add di, 0x5d 0x12c8e: stosw word ptr es:[di], ax 0x12c8f: xchg ax, bx 0x12c90: mov ah, 0x40 |
| 2018-12-25T12:03:57.230839035Z | 67 | PC: 12c7e | Get or set file attributes |
| 2018-12-25T12:03:57.246295987Z | 62 | PC: 12c82 | Close file |
| 2018-12-25T12:03:57.248173279Z | 61 | PC: 12c87 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:03:57.254852326Z | 64 | PC: 12c9a | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:03:57.257612944Z | 64 | PC: 12cac | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:03:57.260094874Z | 64 | PC: 12cc1 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:03:57.262606279Z | 66 | PC: 12cca | Move file pointer |
| 2018-12-25T12:03:57.264721094Z | 64 | PC: 12a7d | Write file or device (Write 1110 bytes on handle 5) |
| 2018-12-25T12:03:57.273551583Z | 87 | PC: 12ce3 | Get or set file date and time |
| 2018-12-25T12:03:57.275467768Z | 62 | PC: 12ce7 | Close file |
| 2018-12-25T12:03:57.283520837Z | 67 | PC: 12cf8 | Get or set file attributes |
| 2018-12-25T12:03:57.293437521Z | 79 | PC: 12c07 | Find next file |
| 2018-12-25T12:03:57.296302911Z | 61 | PC: 12c1f | Open file (See above) |
| 2018-12-25T12:03:57.303956063Z | 63 | PC: 12c31 | Read file or device (See above) |
| 2018-12-25T12:03:57.310396965Z | 44 | PC: 12c64 | Get time (See above) |
| 2018-12-25T12:03:57.312687618Z | 67 | PC: 12c7e | Get or set file attributes (See above) |
| 2018-12-25T12:03:57.323222174Z | 62 | PC: 12c82 | Close file (See above) |
| 2018-12-25T12:03:57.325225091Z | 61 | PC: 12c87 | Open file (See above) |
| 2018-12-25T12:03:57.332186071Z | 64 | PC: 12c9a | Write file or device (See above) |
| 2018-12-25T12:03:57.335403605Z | 64 | PC: 12cac | Write file or device (See above) |
| 2018-12-25T12:03:57.337838239Z | 64 | PC: 12cc1 | Write file or device (See above) |
| 2018-12-25T12:03:57.340237592Z | 66 | PC: 12cca | Move file pointer (See above) |
| 2018-12-25T12:03:57.342783712Z | 64 | PC: 12a7d | Write file or device (See above) |
| 2018-12-25T12:03:57.351574297Z | 87 | PC: 12ce3 | Get or set file date and time (See above) |
| 2018-12-25T12:03:57.352906339Z | 62 | PC: 12ce7 | Close file (See above) |
| 2018-12-25T12:03:57.361111717Z | 67 | PC: 12cf8 | Get or set file attributes (See above) |
| 2018-12-25T12:03:57.37096285Z | 79 | PC: 12c07 | Find next file (See above) |
| 2018-12-25T12:03:57.373339164Z | 61 | PC: 12c1f | Open file (See above) |
| 2018-12-25T12:03:57.380022906Z | 63 | PC: 12c31 | Read file or device (See above) |
| 2018-12-25T12:03:57.386333475Z | 44 | PC: 12c64 | Get time (See above) |
| 2018-12-25T12:03:57.38826475Z | 67 | PC: 12c7e | Get or set file attributes (See above) |
| 2018-12-25T12:03:57.398263125Z | 62 | PC: 12c82 | Close file (See above) |
| 2018-12-25T12:03:57.400108166Z | 61 | PC: 12c87 | Open file (See above) |
| 2018-12-25T12:03:57.406409257Z | 64 | PC: 12c9a | Write file or device (See above) |
| 2018-12-25T12:03:57.409651577Z | 64 | PC: 12cac | Write file or device (See above) |
| 2018-12-25T12:03:57.412184567Z | 64 | PC: 12cc1 | Write file or device (See above) |
| 2018-12-25T12:03:57.414806418Z | 66 | PC: 12cca | Move file pointer (See above) |
| 2018-12-25T12:03:57.416765926Z | 64 | PC: 12a7d | Write file or device (See above) |
| 2018-12-25T12:03:57.425747621Z | 87 | PC: 12ce3 | Get or set file date and time (See above) |
| 2018-12-25T12:03:57.427060827Z | 62 | PC: 12ce7 | Close file (See above) |
| 2018-12-25T12:03:57.4353573Z | 67 | PC: 12cf8 | Get or set file attributes (See above) |
| 2018-12-25T12:03:57.445086436Z | 42 | PC: 12b4e | Get date 0x12b4e: cmp dx, 0x709 0x12b52: je 0x12b57 0x12b54: jmp 0x12d68 0x12b57: jmp 0x12cfd 0x12b5a: and ah, bh 0x12b5c: movsw word ptr es:[di], word ptr [si] 0x12b5d: mov ax, 0x5c4c 0x12b60: add word ptr [di], ax 0x12b62: add byte ptr [di - 0x75], dl 0x12b65: in al, dx 0x12b66: sub sp, 0x2c 0x12b69: push si 0x12b6a: jmp 0x12bdb 0x12b6c: mov ah, 0x1a 0x12b6e: lea dx, word ptr [bp - 0x2c] 0x12b71: int 0x21 0x12b73: mov ah, 0x4e 0x12b75: mov cx, 0x10 0x12b78: mov dx, 0x19d 0x12b7b: add dx, word ptr [0x106] |
| 2018-12-25T12:03:57.447685624Z | 59 | PC: 12d73 | Change current directory |
| 2018-12-25T12:03:57.451715846Z | 59 | PC: 12d7a | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":8224,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:03:57.198827731Z | 71 | PC: 12b28 | Get current directory |
| 2018-12-25T12:03:57.203262596Z | 59 | PC: 12b33 | Change current directory |
| 2018-12-25T12:03:57.207511296Z | 26 | PC: 12be6 | Set disk transfer address |
| 2018-12-25T12:03:57.208591518Z | 78 | PC: 12bf4 | Find first file |
| 2018-12-25T12:03:57.219859488Z | 61 | PC: 12c1f | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:03:57.23124023Z | 63 | PC: 12c31 | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T12:03:57.237927936Z | 44 | PC: 12c64 | Get time 0x12c64: add dl, dh 0x12c66: je 0x12c60 0x12c68: mov si, 0x115 0x12c6b: add si, word ptr [0x106] 0x12c6f: mov byte ptr [si], dl 0x12c71: mov ax, 0x4301 0x12c74: xor cx, cx 0x12c76: mov dx, si 0x12c78: add dx, 0xaf 0x12c7c: int 0x21 0x12c7e: mov ah, 0x3e 0x12c80: int 0x21 0x12c82: mov ax, 0x3d02 0x12c85: int 0x21 0x12c87: jb 0x12c40 0x12c89: mov di, dx 0x12c8b: add di, 0x5d 0x12c8e: stosw word ptr es:[di], ax 0x12c8f: xchg ax, bx 0x12c90: mov ah, 0x40 |
| 2018-12-25T12:03:57.240711222Z | 67 | PC: 12c7e | Get or set file attributes |
| 2018-12-25T12:03:57.256356065Z | 62 | PC: 12c82 | Close file |
| 2018-12-25T12:03:57.258481047Z | 61 | PC: 12c87 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:03:57.266643088Z | 64 | PC: 12c9a | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:03:57.269506304Z | 64 | PC: 12cac | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:03:57.272036348Z | 64 | PC: 12cc1 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:03:57.274573977Z | 66 | PC: 12cca | Move file pointer |
| 2018-12-25T12:03:57.277342201Z | 64 | PC: 12a7d | Write file or device (Write 1110 bytes on handle 5) |
| 2018-12-25T12:03:57.28647597Z | 87 | PC: 12ce3 | Get or set file date and time |
| 2018-12-25T12:03:57.288253431Z | 62 | PC: 12ce7 | Close file |
| 2018-12-25T12:03:57.296147677Z | 67 | PC: 12cf8 | Get or set file attributes |
| 2018-12-25T12:03:57.303180795Z | 79 | PC: 12c07 | Find next file |
| 2018-12-25T12:03:57.305700836Z | 61 | PC: 12c1f | Open file (See above) |
| 2018-12-25T12:03:57.313111503Z | 63 | PC: 12c31 | Read file or device (See above) |
| 2018-12-25T12:03:57.319326879Z | 44 | PC: 12c64 | Get time (See above) |
| 2018-12-25T12:03:57.321539699Z | 67 | PC: 12c7e | Get or set file attributes (See above) |
| 2018-12-25T12:03:57.331761167Z | 62 | PC: 12c82 | Close file (See above) |
| 2018-12-25T12:03:57.333441972Z | 61 | PC: 12c87 | Open file (See above) |
| 2018-12-25T12:03:57.339868474Z | 64 | PC: 12c9a | Write file or device (See above) |
| 2018-12-25T12:03:57.343042206Z | 64 | PC: 12cac | Write file or device (See above) |
| 2018-12-25T12:03:57.345581058Z | 64 | PC: 12cc1 | Write file or device (See above) |
| 2018-12-25T12:03:57.347991027Z | 66 | PC: 12cca | Move file pointer (See above) |
| 2018-12-25T12:03:57.350446065Z | 64 | PC: 12a7d | Write file or device (See above) |
| 2018-12-25T12:03:57.359206873Z | 87 | PC: 12ce3 | Get or set file date and time (See above) |
| 2018-12-25T12:03:57.360486728Z | 62 | PC: 12ce7 | Close file (See above) |
| 2018-12-25T12:03:57.3684537Z | 67 | PC: 12cf8 | Get or set file attributes (See above) |
| 2018-12-25T12:03:57.378682113Z | 79 | PC: 12c07 | Find next file (See above) |
| 2018-12-25T12:03:57.38108613Z | 61 | PC: 12c1f | Open file (See above) |
| 2018-12-25T12:03:57.38935816Z | 63 | PC: 12c31 | Read file or device (See above) |
| 2018-12-25T12:03:57.395422721Z | 44 | PC: 12c64 | Get time (See above) |
| 2018-12-25T12:03:57.397306954Z | 67 | PC: 12c7e | Get or set file attributes (See above) |
| 2018-12-25T12:03:57.407619567Z | 62 | PC: 12c82 | Close file (See above) |
| 2018-12-25T12:03:57.409211534Z | 61 | PC: 12c87 | Open file (See above) |
| 2018-12-25T12:03:57.4154847Z | 64 | PC: 12c9a | Write file or device (See above) |
| 2018-12-25T12:03:57.418745581Z | 64 | PC: 12cac | Write file or device (See above) |
| 2018-12-25T12:03:57.42117815Z | 64 | PC: 12cc1 | Write file or device (See above) |
| 2018-12-25T12:03:57.424034076Z | 66 | PC: 12cca | Move file pointer (See above) |
| 2018-12-25T12:03:57.426499721Z | 64 | PC: 12a7d | Write file or device (See above) |
| 2018-12-25T12:03:57.435419497Z | 87 | PC: 12ce3 | Get or set file date and time (See above) |
| 2018-12-25T12:03:57.436736351Z | 62 | PC: 12ce7 | Close file (See above) |
| 2018-12-25T12:03:57.444754098Z | 67 | PC: 12cf8 | Get or set file attributes (See above) |
| 2018-12-25T12:03:57.454205427Z | 42 | PC: 12b4e | Get date 0x12b4e: cmp dx, 0x709 0x12b52: je 0x12b57 0x12b54: jmp 0x12d68 0x12b57: jmp 0x12cfd 0x12b5a: and ah, bh 0x12b5c: movsw word ptr es:[di], word ptr [si] 0x12b5d: mov ax, 0x5c4c 0x12b60: add word ptr [di], ax 0x12b62: add byte ptr [di - 0x75], dl 0x12b65: in al, dx 0x12b66: sub sp, 0x2c 0x12b69: push si 0x12b6a: jmp 0x12bdb 0x12b6c: mov ah, 0x1a 0x12b6e: lea dx, word ptr [bp - 0x2c] 0x12b71: int 0x21 0x12b73: mov ah, 0x4e 0x12b75: mov cx, 0x10 0x12b78: mov dx, 0x19d 0x12b7b: add dx, word ptr [0x106] |
| 2018-12-25T12:03:57.456111476Z | 59 | PC: 12d73 | Change current directory |
| 2018-12-25T12:03:57.46023584Z | 59 | PC: 12d7a | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":8224,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:03:57.553086454Z | 71 | PC: 12b28 | Get current directory |
| 2018-12-25T12:03:57.55673098Z | 59 | PC: 12b33 | Change current directory |
| 2018-12-25T12:03:57.561137592Z | 26 | PC: 12be6 | Set disk transfer address |
| 2018-12-25T12:03:57.562325412Z | 78 | PC: 12bf4 | Find first file |
| 2018-12-25T12:03:57.569533791Z | 61 | PC: 12c1f | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:03:57.576716695Z | 63 | PC: 12c31 | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T12:03:57.58370457Z | 44 | PC: 12c64 | Get time 0x12c64: add dl, dh 0x12c66: je 0x12c60 0x12c68: mov si, 0x115 0x12c6b: add si, word ptr [0x106] 0x12c6f: mov byte ptr [si], dl 0x12c71: mov ax, 0x4301 0x12c74: xor cx, cx 0x12c76: mov dx, si 0x12c78: add dx, 0xaf 0x12c7c: int 0x21 0x12c7e: mov ah, 0x3e 0x12c80: int 0x21 0x12c82: mov ax, 0x3d02 0x12c85: int 0x21 0x12c87: jb 0x12c40 0x12c89: mov di, dx 0x12c8b: add di, 0x5d 0x12c8e: stosw word ptr es:[di], ax 0x12c8f: xchg ax, bx 0x12c90: mov ah, 0x40 |
| 2018-12-25T12:03:57.586173502Z | 67 | PC: 12c7e | Get or set file attributes |
| 2018-12-25T12:03:57.60838059Z | 62 | PC: 12c82 | Close file |
| 2018-12-25T12:03:57.610997615Z | 61 | PC: 12c87 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:03:57.61817438Z | 64 | PC: 12c9a | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:03:57.626420825Z | 64 | PC: 12cac | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:03:57.629110016Z | 64 | PC: 12cc1 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:03:57.631783185Z | 66 | PC: 12cca | Move file pointer |
| 2018-12-25T12:03:57.634210108Z | 64 | PC: 12a7d | Write file or device (Write 1110 bytes on handle 5) |
| 2018-12-25T12:03:57.64359127Z | 87 | PC: 12ce3 | Get or set file date and time |
| 2018-12-25T12:03:57.645189445Z | 62 | PC: 12ce7 | Close file |
| 2018-12-25T12:03:57.657177603Z | 67 | PC: 12cf8 | Get or set file attributes |
| 2018-12-25T12:03:57.668120168Z | 79 | PC: 12c07 | Find next file |
| 2018-12-25T12:03:57.670852045Z | 61 | PC: 12c1f | Open file (See above) |
| 2018-12-25T12:03:57.679036503Z | 63 | PC: 12c31 | Read file or device (See above) |
| 2018-12-25T12:03:57.686222064Z | 44 | PC: 12c64 | Get time (See above) |
| 2018-12-25T12:03:57.688721148Z | 67 | PC: 12c7e | Get or set file attributes (See above) |
| 2018-12-25T12:03:57.700391703Z | 62 | PC: 12c82 | Close file (See above) |
| 2018-12-25T12:03:57.702150839Z | 61 | PC: 12c87 | Open file (See above) |
| 2018-12-25T12:03:57.709209646Z | 64 | PC: 12c9a | Write file or device (See above) |
| 2018-12-25T12:03:57.71257834Z | 64 | PC: 12cac | Write file or device (See above) |
| 2018-12-25T12:03:57.715301883Z | 64 | PC: 12cc1 | Write file or device (See above) |
| 2018-12-25T12:03:57.717620656Z | 66 | PC: 12cca | Move file pointer (See above) |
| 2018-12-25T12:03:57.719737612Z | 64 | PC: 12a7d | Write file or device (See above) |
| 2018-12-25T12:03:57.727879376Z | 87 | PC: 12ce3 | Get or set file date and time (See above) |
| 2018-12-25T12:03:57.729284523Z | 62 | PC: 12ce7 | Close file (See above) |
| 2018-12-25T12:03:57.737137765Z | 67 | PC: 12cf8 | Get or set file attributes (See above) |
| 2018-12-25T12:03:57.747257744Z | 79 | PC: 12c07 | Find next file (See above) |
| 2018-12-25T12:03:57.749752237Z | 61 | PC: 12c1f | Open file (See above) |
| 2018-12-25T12:03:57.755487501Z | 63 | PC: 12c31 | Read file or device (See above) |
| 2018-12-25T12:03:57.761823181Z | 44 | PC: 12c64 | Get time (See above) |
| 2018-12-25T12:03:57.764241988Z | 67 | PC: 12c7e | Get or set file attributes (See above) |
| 2018-12-25T12:03:57.958723201Z | 62 | PC: 12c82 | Close file (See above) |
| 2018-12-25T12:03:57.961149855Z | 61 | PC: 12c87 | Open file (See above) |
| 2018-12-25T12:03:57.968483509Z | 64 | PC: 12c9a | Write file or device (See above) |
| 2018-12-25T12:03:57.971388946Z | 64 | PC: 12cac | Write file or device (See above) |
| 2018-12-25T12:03:57.974796636Z | 64 | PC: 12cc1 | Write file or device (See above) |
| 2018-12-25T12:03:57.977588427Z | 66 | PC: 12cca | Move file pointer (See above) |
| 2018-12-25T12:03:57.980295645Z | 64 | PC: 12a7d | Write file or device (See above) |
| 2018-12-25T12:03:57.995382554Z | 87 | PC: 12ce3 | Get or set file date and time (See above) |
| 2018-12-25T12:03:57.996904428Z | 62 | PC: 12ce7 | Close file (See above) |
| 2018-12-25T12:03:58.010888272Z | 67 | PC: 12cf8 | Get or set file attributes (See above) |
| 2018-12-25T12:03:58.031902926Z | 42 | PC: 12b4e | Get date 0x12b4e: cmp dx, 0x709 0x12b52: je 0x12b57 0x12b54: jmp 0x12d68 0x12b57: jmp 0x12cfd 0x12b5a: and ah, bh 0x12b5c: movsw word ptr es:[di], word ptr [si] 0x12b5d: mov ax, 0x5c4c 0x12b60: add word ptr [di], ax 0x12b62: add byte ptr [di - 0x75], dl 0x12b65: in al, dx 0x12b66: sub sp, 0x2c 0x12b69: push si 0x12b6a: jmp 0x12bdb 0x12b6c: mov ah, 0x1a 0x12b6e: lea dx, word ptr [bp - 0x2c] 0x12b71: int 0x21 0x12b73: mov ah, 0x4e 0x12b75: mov cx, 0x10 0x12b78: mov dx, 0x19d 0x12b7b: add dx, word ptr [0x106] |
| 2018-12-25T12:03:58.034160905Z | 59 | PC: 12d73 | Change current directory |
| 2018-12-25T12:03:58.038276451Z | 59 | PC: 12d7a | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":8224,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:03:57.562298093Z | 71 | PC: 12b28 | Get current directory |
| 2018-12-25T12:03:57.566727228Z | 59 | PC: 12b33 | Change current directory |
| 2018-12-25T12:03:57.571060887Z | 26 | PC: 12be6 | Set disk transfer address |
| 2018-12-25T12:03:57.572083372Z | 78 | PC: 12bf4 | Find first file |
| 2018-12-25T12:03:57.584488628Z | 61 | PC: 12c1f | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:03:57.591700561Z | 63 | PC: 12c31 | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T12:03:57.59865353Z | 44 | PC: 12c64 | Get time 0x12c64: add dl, dh 0x12c66: je 0x12c60 0x12c68: mov si, 0x115 0x12c6b: add si, word ptr [0x106] 0x12c6f: mov byte ptr [si], dl 0x12c71: mov ax, 0x4301 0x12c74: xor cx, cx 0x12c76: mov dx, si 0x12c78: add dx, 0xaf 0x12c7c: int 0x21 0x12c7e: mov ah, 0x3e 0x12c80: int 0x21 0x12c82: mov ax, 0x3d02 0x12c85: int 0x21 0x12c87: jb 0x12c40 0x12c89: mov di, dx 0x12c8b: add di, 0x5d 0x12c8e: stosw word ptr es:[di], ax 0x12c8f: xchg ax, bx 0x12c90: mov ah, 0x40 |
| 2018-12-25T12:03:57.600888403Z | 67 | PC: 12c7e | Get or set file attributes |
| 2018-12-25T12:03:57.618032489Z | 62 | PC: 12c82 | Close file |
| 2018-12-25T12:03:57.619834215Z | 61 | PC: 12c87 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:03:57.627012814Z | 64 | PC: 12c9a | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:03:57.633663809Z | 64 | PC: 12cac | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:03:57.636515882Z | 64 | PC: 12cc1 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:03:57.639235943Z | 66 | PC: 12cca | Move file pointer |
| 2018-12-25T12:03:57.641801556Z | 64 | PC: 12a7d | Write file or device (Write 1110 bytes on handle 5) |
| 2018-12-25T12:03:57.652399711Z | 87 | PC: 12ce3 | Get or set file date and time |
| 2018-12-25T12:03:57.653953109Z | 62 | PC: 12ce7 | Close file |
| 2018-12-25T12:03:57.662292787Z | 67 | PC: 12cf8 | Get or set file attributes |
| 2018-12-25T12:03:57.672995445Z | 79 | PC: 12c07 | Find next file |
| 2018-12-25T12:03:57.67576724Z | 61 | PC: 12c1f | Open file (See above) |
| 2018-12-25T12:03:57.682763696Z | 63 | PC: 12c31 | Read file or device (See above) |
| 2018-12-25T12:03:57.689794145Z | 44 | PC: 12c64 | Get time (See above) |
| 2018-12-25T12:03:57.69206258Z | 67 | PC: 12c7e | Get or set file attributes (See above) |
| 2018-12-25T12:03:57.702896065Z | 62 | PC: 12c82 | Close file (See above) |
| 2018-12-25T12:03:57.705383086Z | 61 | PC: 12c87 | Open file (See above) |
| 2018-12-25T12:03:57.718428743Z | 64 | PC: 12c9a | Write file or device (See above) |
| 2018-12-25T12:03:57.725512779Z | 64 | PC: 12cac | Write file or device (See above) |
| 2018-12-25T12:03:57.728414989Z | 64 | PC: 12cc1 | Write file or device (See above) |
| 2018-12-25T12:03:57.731235125Z | 66 | PC: 12cca | Move file pointer (See above) |
| 2018-12-25T12:03:57.733213049Z | 64 | PC: 12a7d | Write file or device (See above) |
| 2018-12-25T12:03:57.743212933Z | 87 | PC: 12ce3 | Get or set file date and time (See above) |
| 2018-12-25T12:03:57.744999927Z | 62 | PC: 12ce7 | Close file (See above) |
| 2018-12-25T12:03:57.753295288Z | 67 | PC: 12cf8 | Get or set file attributes (See above) |
| 2018-12-25T12:03:57.929210776Z | 79 | PC: 12c07 | Find next file (See above) |
| 2018-12-25T12:03:57.932141856Z | 61 | PC: 12c1f | Open file (See above) |
| 2018-12-25T12:03:57.940027612Z | 63 | PC: 12c31 | Read file or device (See above) |
| 2018-12-25T12:03:57.947764991Z | 44 | PC: 12c64 | Get time (See above) |
| 2018-12-25T12:03:57.950232306Z | 67 | PC: 12c7e | Get or set file attributes (See above) |
| 2018-12-25T12:03:57.96953258Z | 62 | PC: 12c82 | Close file (See above) |
| 2018-12-25T12:03:57.971593946Z | 61 | PC: 12c87 | Open file (See above) |
| 2018-12-25T12:03:57.978784649Z | 64 | PC: 12c9a | Write file or device (See above) |
| 2018-12-25T12:03:57.981475285Z | 64 | PC: 12cac | Write file or device (See above) |
| 2018-12-25T12:03:57.984173417Z | 64 | PC: 12cc1 | Write file or device (See above) |
| 2018-12-25T12:03:57.986961063Z | 66 | PC: 12cca | Move file pointer (See above) |
| 2018-12-25T12:03:57.98886455Z | 64 | PC: 12a7d | Write file or device (See above) |
| 2018-12-25T12:03:58.005296746Z | 87 | PC: 12ce3 | Get or set file date and time (See above) |
| 2018-12-25T12:03:58.006554794Z | 62 | PC: 12ce7 | Close file (See above) |
| 2018-12-25T12:03:58.062784744Z | 67 | PC: 12cf8 | Get or set file attributes (See above) |
| 2018-12-25T12:03:58.084058742Z | 42 | PC: 12b4e | Get date 0x12b4e: cmp dx, 0x709 0x12b52: je 0x12b57 0x12b54: jmp 0x12d68 0x12b57: jmp 0x12cfd 0x12b5a: and ah, bh 0x12b5c: movsw word ptr es:[di], word ptr [si] 0x12b5d: mov ax, 0x5c4c 0x12b60: add word ptr [di], ax 0x12b62: add byte ptr [di - 0x75], dl 0x12b65: in al, dx 0x12b66: sub sp, 0x2c 0x12b69: push si 0x12b6a: jmp 0x12bdb 0x12b6c: mov ah, 0x1a 0x12b6e: lea dx, word ptr [bp - 0x2c] 0x12b71: int 0x21 0x12b73: mov ah, 0x4e 0x12b75: mov cx, 0x10 0x12b78: mov dx, 0x19d 0x12b7b: add dx, word ptr [0x106] |
| 2018-12-25T12:03:58.086883414Z | 59 | PC: 12d73 | Change current directory |
| 2018-12-25T12:03:58.091304865Z | 59 | PC: 12d7a | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":8224,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:03:57.687405011Z | 71 | PC: 12b28 | Get current directory |
| 2018-12-25T12:03:57.690744801Z | 59 | PC: 12b33 | Change current directory |
| 2018-12-25T12:03:57.694651734Z | 26 | PC: 12be6 | Set disk transfer address |
| 2018-12-25T12:03:57.695580702Z | 78 | PC: 12bf4 | Find first file |
| 2018-12-25T12:03:57.706277138Z | 61 | PC: 12c1f | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:03:57.717681109Z | 63 | PC: 12c31 | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T12:03:57.724201513Z | 44 | PC: 12c64 | Get time 0x12c64: add dl, dh 0x12c66: je 0x12c60 0x12c68: mov si, 0x115 0x12c6b: add si, word ptr [0x106] 0x12c6f: mov byte ptr [si], dl 0x12c71: mov ax, 0x4301 0x12c74: xor cx, cx 0x12c76: mov dx, si 0x12c78: add dx, 0xaf 0x12c7c: int 0x21 0x12c7e: mov ah, 0x3e 0x12c80: int 0x21 0x12c82: mov ax, 0x3d02 0x12c85: int 0x21 0x12c87: jb 0x12c40 0x12c89: mov di, dx 0x12c8b: add di, 0x5d 0x12c8e: stosw word ptr es:[di], ax 0x12c8f: xchg ax, bx 0x12c90: mov ah, 0x40 |
| 2018-12-25T12:03:57.726082497Z | 67 | PC: 12c7e | Get or set file attributes |
| 2018-12-25T12:03:57.741417385Z | 62 | PC: 12c82 | Close file |
| 2018-12-25T12:03:57.743109366Z | 61 | PC: 12c87 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:03:57.749426312Z | 64 | PC: 12c9a | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:03:57.752984455Z | 64 | PC: 12cac | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:03:57.755536248Z | 64 | PC: 12cc1 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:03:57.757871389Z | 66 | PC: 12cca | Move file pointer |
| 2018-12-25T12:03:57.760144575Z | 64 | PC: 12a7d | Write file or device (Write 1110 bytes on handle 5) |
| 2018-12-25T12:03:57.769338892Z | 87 | PC: 12ce3 | Get or set file date and time |
| 2018-12-25T12:03:57.771214428Z | 62 | PC: 12ce7 | Close file |
| 2018-12-25T12:03:57.779978174Z | 67 | PC: 12cf8 | Get or set file attributes |
| 2018-12-25T12:03:57.790170891Z | 79 | PC: 12c07 | Find next file |
| 2018-12-25T12:03:57.793072964Z | 61 | PC: 12c1f | Open file (See above) |
| 2018-12-25T12:03:57.80015893Z | 63 | PC: 12c31 | Read file or device (See above) |
| 2018-12-25T12:03:57.806757092Z | 44 | PC: 12c64 | Get time (See above) |
| 2018-12-25T12:03:57.808746896Z | 67 | PC: 12c7e | Get or set file attributes (See above) |
| 2018-12-25T12:03:57.818175277Z | 62 | PC: 12c82 | Close file (See above) |
| 2018-12-25T12:03:57.831024985Z | 61 | PC: 12c87 | Open file (See above) |
| 2018-12-25T12:03:57.83747605Z | 64 | PC: 12c9a | Write file or device (See above) |
| 2018-12-25T12:03:57.840205568Z | 64 | PC: 12cac | Write file or device (See above) |
| 2018-12-25T12:03:57.843564716Z | 64 | PC: 12cc1 | Write file or device (See above) |
| 2018-12-25T12:03:57.846262546Z | 66 | PC: 12cca | Move file pointer (See above) |
| 2018-12-25T12:03:57.848095045Z | 64 | PC: 12a7d | Write file or device (See above) |
| 2018-12-25T12:03:57.85760579Z | 87 | PC: 12ce3 | Get or set file date and time (See above) |
| 2018-12-25T12:03:57.859049779Z | 62 | PC: 12ce7 | Close file (See above) |
| 2018-12-25T12:03:57.866412677Z | 67 | PC: 12cf8 | Get or set file attributes (See above) |
| 2018-12-25T12:03:57.877016097Z | 79 | PC: 12c07 | Find next file (See above) |
| 2018-12-25T12:03:57.879605831Z | 61 | PC: 12c1f | Open file (See above) |
| 2018-12-25T12:03:57.886040635Z | 63 | PC: 12c31 | Read file or device (See above) |
| 2018-12-25T12:03:57.892903676Z | 44 | PC: 12c64 | Get time (See above) |
| 2018-12-25T12:03:57.895257451Z | 67 | PC: 12c7e | Get or set file attributes (See above) |
| 2018-12-25T12:03:57.905072279Z | 62 | PC: 12c82 | Close file (See above) |
| 2018-12-25T12:03:57.907894505Z | 61 | PC: 12c87 | Open file (See above) |
| 2018-12-25T12:03:57.914938847Z | 64 | PC: 12c9a | Write file or device (See above) |
| 2018-12-25T12:03:57.91777982Z | 64 | PC: 12cac | Write file or device (See above) |
| 2018-12-25T12:03:57.921054318Z | 64 | PC: 12cc1 | Write file or device (See above) |
| 2018-12-25T12:03:57.923635906Z | 66 | PC: 12cca | Move file pointer (See above) |
| 2018-12-25T12:03:57.925419452Z | 64 | PC: 12a7d | Write file or device (See above) |
| 2018-12-25T12:03:57.935057666Z | 87 | PC: 12ce3 | Get or set file date and time (See above) |
| 2018-12-25T12:03:57.936630315Z | 62 | PC: 12ce7 | Close file (See above) |
| 2018-12-25T12:03:57.94448622Z | 67 | PC: 12cf8 | Get or set file attributes (See above) |
| 2018-12-25T12:03:57.955599496Z | 42 | PC: 12b4e | Get date 0x12b4e: cmp dx, 0x709 0x12b52: je 0x12b57 0x12b54: jmp 0x12d68 0x12b57: jmp 0x12cfd 0x12b5a: and ah, bh 0x12b5c: movsw word ptr es:[di], word ptr [si] 0x12b5d: mov ax, 0x5c4c 0x12b60: add word ptr [di], ax 0x12b62: add byte ptr [di - 0x75], dl 0x12b65: in al, dx 0x12b66: sub sp, 0x2c 0x12b69: push si 0x12b6a: jmp 0x12bdb 0x12b6c: mov ah, 0x1a 0x12b6e: lea dx, word ptr [bp - 0x2c] 0x12b71: int 0x21 0x12b73: mov ah, 0x4e 0x12b75: mov cx, 0x10 0x12b78: mov dx, 0x19d 0x12b7b: add dx, word ptr [0x106] |
| 2018-12-25T12:03:57.95775331Z | 59 | PC: 12d73 | Change current directory |
| 2018-12-25T12:03:57.961605423Z | 59 | PC: 12d7a | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":8224,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:03:57.822578612Z | 71 | PC: 12b28 | Get current directory |
| 2018-12-25T12:03:57.827053958Z | 59 | PC: 12b33 | Change current directory |
| 2018-12-25T12:03:57.831105702Z | 26 | PC: 12be6 | Set disk transfer address |
| 2018-12-25T12:03:57.832212667Z | 78 | PC: 12bf4 | Find first file |
| 2018-12-25T12:03:57.839237872Z | 61 | PC: 12c1f | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:03:57.845815753Z | 63 | PC: 12c31 | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T12:03:57.852195709Z | 44 | PC: 12c64 | Get time 0x12c64: add dl, dh 0x12c66: je 0x12c60 0x12c68: mov si, 0x115 0x12c6b: add si, word ptr [0x106] 0x12c6f: mov byte ptr [si], dl 0x12c71: mov ax, 0x4301 0x12c74: xor cx, cx 0x12c76: mov dx, si 0x12c78: add dx, 0xaf 0x12c7c: int 0x21 0x12c7e: mov ah, 0x3e 0x12c80: int 0x21 0x12c82: mov ax, 0x3d02 0x12c85: int 0x21 0x12c87: jb 0x12c40 0x12c89: mov di, dx 0x12c8b: add di, 0x5d 0x12c8e: stosw word ptr es:[di], ax 0x12c8f: xchg ax, bx 0x12c90: mov ah, 0x40 |
| 2018-12-25T12:03:57.854778893Z | 67 | PC: 12c7e | Get or set file attributes |
| 2018-12-25T12:03:57.873186057Z | 62 | PC: 12c82 | Close file |
| 2018-12-25T12:03:57.874858018Z | 61 | PC: 12c87 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:03:57.881224831Z | 64 | PC: 12c9a | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:03:57.888317941Z | 64 | PC: 12cac | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:03:57.890619851Z | 64 | PC: 12cc1 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:03:57.893015512Z | 66 | PC: 12cca | Move file pointer |
| 2018-12-25T12:03:57.895471147Z | 64 | PC: 12a7d | Write file or device (Write 1110 bytes on handle 5) |
| 2018-12-25T12:03:57.905012672Z | 87 | PC: 12ce3 | Get or set file date and time |
| 2018-12-25T12:03:57.906744916Z | 62 | PC: 12ce7 | Close file |
| 2018-12-25T12:03:57.91485202Z | 67 | PC: 12cf8 | Get or set file attributes |
| 2018-12-25T12:03:57.924589914Z | 79 | PC: 12c07 | Find next file |
| 2018-12-25T12:03:57.927250565Z | 61 | PC: 12c1f | Open file (See above) |
| 2018-12-25T12:03:57.935533863Z | 63 | PC: 12c31 | Read file or device (See above) |
| 2018-12-25T12:03:57.942177969Z | 44 | PC: 12c64 | Get time (See above) |
| 2018-12-25T12:03:57.94426715Z | 67 | PC: 12c7e | Get or set file attributes (See above) |
| 2018-12-25T12:03:57.959129832Z | 62 | PC: 12c82 | Close file (See above) |
| 2018-12-25T12:03:57.960852333Z | 61 | PC: 12c87 | Open file (See above) |
| 2018-12-25T12:03:57.974068571Z | 64 | PC: 12c9a | Write file or device (See above) |
| 2018-12-25T12:03:57.977150901Z | 64 | PC: 12cac | Write file or device (See above) |
| 2018-12-25T12:03:57.980547781Z | 64 | PC: 12cc1 | Write file or device (See above) |
| 2018-12-25T12:03:57.983381343Z | 66 | PC: 12cca | Move file pointer (See above) |
| 2018-12-25T12:03:57.985862602Z | 64 | PC: 12a7d | Write file or device (See above) |
| 2018-12-25T12:03:57.995103988Z | 87 | PC: 12ce3 | Get or set file date and time (See above) |
| 2018-12-25T12:03:57.99668066Z | 62 | PC: 12ce7 | Close file (See above) |
| 2018-12-25T12:03:58.004745432Z | 67 | PC: 12cf8 | Get or set file attributes (See above) |
| 2018-12-25T12:03:58.014941762Z | 79 | PC: 12c07 | Find next file (See above) |
| 2018-12-25T12:03:58.017687845Z | 61 | PC: 12c1f | Open file (See above) |
| 2018-12-25T12:03:58.024274493Z | 63 | PC: 12c31 | Read file or device (See above) |
| 2018-12-25T12:03:58.030858469Z | 44 | PC: 12c64 | Get time (See above) |
| 2018-12-25T12:03:58.033033088Z | 67 | PC: 12c7e | Get or set file attributes (See above) |
| 2018-12-25T12:03:58.043543981Z | 62 | PC: 12c82 | Close file (See above) |
| 2018-12-25T12:03:58.045971452Z | 61 | PC: 12c87 | Open file (See above) |
| 2018-12-25T12:03:58.052926934Z | 64 | PC: 12c9a | Write file or device (See above) |
| 2018-12-25T12:03:58.055845956Z | 64 | PC: 12cac | Write file or device (See above) |
| 2018-12-25T12:03:58.059187487Z | 64 | PC: 12cc1 | Write file or device (See above) |
| 2018-12-25T12:03:58.061928129Z | 66 | PC: 12cca | Move file pointer (See above) |
| 2018-12-25T12:03:58.063939932Z | 64 | PC: 12a7d | Write file or device (See above) |
| 2018-12-25T12:03:58.073524593Z | 87 | PC: 12ce3 | Get or set file date and time (See above) |
| 2018-12-25T12:03:58.075063663Z | 62 | PC: 12ce7 | Close file (See above) |
| 2018-12-25T12:03:58.082648387Z | 67 | PC: 12cf8 | Get or set file attributes (See above) |
| 2018-12-25T12:03:58.092514989Z | 42 | PC: 12b4e | Get date 0x12b4e: cmp dx, 0x709 0x12b52: je 0x12b57 0x12b54: jmp 0x12d68 0x12b57: jmp 0x12cfd 0x12b5a: and ah, bh 0x12b5c: movsw word ptr es:[di], word ptr [si] 0x12b5d: mov ax, 0x5c4c 0x12b60: add word ptr [di], ax 0x12b62: add byte ptr [di - 0x75], dl 0x12b65: in al, dx 0x12b66: sub sp, 0x2c 0x12b69: push si 0x12b6a: jmp 0x12bdb 0x12b6c: mov ah, 0x1a 0x12b6e: lea dx, word ptr [bp - 0x2c] 0x12b71: int 0x21 0x12b73: mov ah, 0x4e 0x12b75: mov cx, 0x10 0x12b78: mov dx, 0x19d 0x12b7b: add dx, word ptr [0x106] |
| 2018-12-25T12:03:58.094598428Z | 59 | PC: 12d73 | Change current directory |
| 2018-12-25T12:03:58.098843875Z | 59 | PC: 12d7a | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":8224,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:03:57.914367573Z | 71 | PC: 12b28 | Get current directory |
| 2018-12-25T12:03:57.917896544Z | 59 | PC: 12b33 | Change current directory |
| 2018-12-25T12:03:57.921697499Z | 26 | PC: 12be6 | Set disk transfer address |
| 2018-12-25T12:03:57.922652175Z | 78 | PC: 12bf4 | Find first file |
| 2018-12-25T12:03:57.928384584Z | 61 | PC: 12c1f | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:03:57.935480741Z | 63 | PC: 12c31 | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T12:03:57.941534263Z | 44 | PC: 12c64 | Get time 0x12c64: add dl, dh 0x12c66: je 0x12c60 0x12c68: mov si, 0x115 0x12c6b: add si, word ptr [0x106] 0x12c6f: mov byte ptr [si], dl 0x12c71: mov ax, 0x4301 0x12c74: xor cx, cx 0x12c76: mov dx, si 0x12c78: add dx, 0xaf 0x12c7c: int 0x21 0x12c7e: mov ah, 0x3e 0x12c80: int 0x21 0x12c82: mov ax, 0x3d02 0x12c85: int 0x21 0x12c87: jb 0x12c40 0x12c89: mov di, dx 0x12c8b: add di, 0x5d 0x12c8e: stosw word ptr es:[di], ax 0x12c8f: xchg ax, bx 0x12c90: mov ah, 0x40 |
| 2018-12-25T12:03:57.94359848Z | 67 | PC: 12c7e | Get or set file attributes |
| 2018-12-25T12:03:57.968020652Z | 62 | PC: 12c82 | Close file |
| 2018-12-25T12:03:57.96976049Z | 61 | PC: 12c87 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:03:57.976115547Z | 64 | PC: 12c9a | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:03:57.983514791Z | 64 | PC: 12cac | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:03:57.986122631Z | 64 | PC: 12cc1 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:03:57.988632894Z | 66 | PC: 12cca | Move file pointer |
| 2018-12-25T12:03:57.991276373Z | 64 | PC: 12a7d | Write file or device (Write 1110 bytes on handle 5) |
| 2018-12-25T12:03:58.000109294Z | 87 | PC: 12ce3 | Get or set file date and time |
| 2018-12-25T12:03:58.001468492Z | 62 | PC: 12ce7 | Close file |
| 2018-12-25T12:03:58.008752508Z | 67 | PC: 12cf8 | Get or set file attributes |
| 2018-12-25T12:03:58.018451014Z | 79 | PC: 12c07 | Find next file |
| 2018-12-25T12:03:58.020803034Z | 61 | PC: 12c1f | Open file (See above) |
| 2018-12-25T12:03:58.026853743Z | 63 | PC: 12c31 | Read file or device (See above) |
| 2018-12-25T12:03:58.03449934Z | 44 | PC: 12c64 | Get time (See above) |
| 2018-12-25T12:03:58.036478843Z | 67 | PC: 12c7e | Get or set file attributes (See above) |
| 2018-12-25T12:03:58.046656779Z | 62 | PC: 12c82 | Close file (See above) |
| 2018-12-25T12:03:58.048952344Z | 61 | PC: 12c87 | Open file (See above) |
| 2018-12-25T12:03:58.055294398Z | 64 | PC: 12c9a | Write file or device (See above) |
| 2018-12-25T12:03:58.057077247Z | 64 | PC: 12cac | Write file or device (See above) |
| 2018-12-25T12:03:58.05991963Z | 64 | PC: 12cc1 | Write file or device (See above) |
| 2018-12-25T12:03:58.062367373Z | 66 | PC: 12cca | Move file pointer (See above) |
| 2018-12-25T12:03:58.064119605Z | 64 | PC: 12a7d | Write file or device (See above) |
| 2018-12-25T12:03:58.074005804Z | 87 | PC: 12ce3 | Get or set file date and time (See above) |
| 2018-12-25T12:03:58.075400407Z | 62 | PC: 12ce7 | Close file (See above) |
| 2018-12-25T12:03:58.082884408Z | 67 | PC: 12cf8 | Get or set file attributes (See above) |
| 2018-12-25T12:03:58.094618225Z | 79 | PC: 12c07 | Find next file (See above) |
| 2018-12-25T12:03:58.097282891Z | 61 | PC: 12c1f | Open file (See above) |
| 2018-12-25T12:03:58.104282507Z | 63 | PC: 12c31 | Read file or device (See above) |
| 2018-12-25T12:03:58.111503958Z | 44 | PC: 12c64 | Get time (See above) |
| 2018-12-25T12:03:58.113527346Z | 67 | PC: 12c7e | Get or set file attributes (See above) |
| 2018-12-25T12:03:58.123445559Z | 62 | PC: 12c82 | Close file (See above) |
| 2018-12-25T12:03:58.125683406Z | 61 | PC: 12c87 | Open file (See above) |
| 2018-12-25T12:03:58.132048214Z | 64 | PC: 12c9a | Write file or device (See above) |
| 2018-12-25T12:03:58.134658386Z | 64 | PC: 12cac | Write file or device (See above) |
| 2018-12-25T12:03:58.138081904Z | 64 | PC: 12cc1 | Write file or device (See above) |
| 2018-12-25T12:03:58.140695991Z | 66 | PC: 12cca | Move file pointer (See above) |
| 2018-12-25T12:03:58.142416478Z | 64 | PC: 12a7d | Write file or device (See above) |
| 2018-12-25T12:03:58.151877912Z | 87 | PC: 12ce3 | Get or set file date and time (See above) |
| 2018-12-25T12:03:58.153252935Z | 62 | PC: 12ce7 | Close file (See above) |
| 2018-12-25T12:03:58.160623073Z | 67 | PC: 12cf8 | Get or set file attributes (See above) |
| 2018-12-25T12:03:58.170931622Z | 42 | PC: 12b4e | Get date 0x12b4e: cmp dx, 0x709 0x12b52: je 0x12b57 0x12b54: jmp 0x12d68 0x12b57: jmp 0x12cfd 0x12b5a: and ah, bh 0x12b5c: movsw word ptr es:[di], word ptr [si] 0x12b5d: mov ax, 0x5c4c 0x12b60: add word ptr [di], ax 0x12b62: add byte ptr [di - 0x75], dl 0x12b65: in al, dx 0x12b66: sub sp, 0x2c 0x12b69: push si 0x12b6a: jmp 0x12bdb 0x12b6c: mov ah, 0x1a 0x12b6e: lea dx, word ptr [bp - 0x2c] 0x12b71: int 0x21 0x12b73: mov ah, 0x4e 0x12b75: mov cx, 0x10 0x12b78: mov dx, 0x19d 0x12b7b: add dx, word ptr [0x106] |
| 2018-12-25T12:03:58.172959173Z | 59 | PC: 12d73 | Change current directory |
| 2018-12-25T12:03:58.176743109Z | 59 | PC: 12d7a | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":8224,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:03:58.990960693Z | 71 | PC: 12b28 | Get current directory |
| 2018-12-25T12:03:58.99411152Z | 59 | PC: 12b33 | Change current directory |
| 2018-12-25T12:03:58.998450579Z | 26 | PC: 12be6 | Set disk transfer address |
| 2018-12-25T12:03:58.999370171Z | 78 | PC: 12bf4 | Find first file |
| 2018-12-25T12:03:59.006089917Z | 61 | PC: 12c1f | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:03:59.013284482Z | 63 | PC: 12c31 | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T12:03:59.01977738Z | 44 | PC: 12c64 | Get time 0x12c64: add dl, dh 0x12c66: je 0x12c60 0x12c68: mov si, 0x115 0x12c6b: add si, word ptr [0x106] 0x12c6f: mov byte ptr [si], dl 0x12c71: mov ax, 0x4301 0x12c74: xor cx, cx 0x12c76: mov dx, si 0x12c78: add dx, 0xaf 0x12c7c: int 0x21 0x12c7e: mov ah, 0x3e 0x12c80: int 0x21 0x12c82: mov ax, 0x3d02 0x12c85: int 0x21 0x12c87: jb 0x12c40 0x12c89: mov di, dx 0x12c8b: add di, 0x5d 0x12c8e: stosw word ptr es:[di], ax 0x12c8f: xchg ax, bx 0x12c90: mov ah, 0x40 |
| 2018-12-25T12:03:59.024651808Z | 67 | PC: 12c7e | Get or set file attributes |
| 2018-12-25T12:03:59.044151201Z | 62 | PC: 12c82 | Close file |
| 2018-12-25T12:03:59.045768157Z | 61 | PC: 12c87 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:03:59.052042672Z | 64 | PC: 12c9a | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:03:59.058739843Z | 64 | PC: 12cac | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:03:59.061150804Z | 64 | PC: 12cc1 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:03:59.063472056Z | 66 | PC: 12cca | Move file pointer |
| 2018-12-25T12:03:59.065531719Z | 64 | PC: 12a7d | Write file or device (Write 1110 bytes on handle 5) |
| 2018-12-25T12:03:59.074058505Z | 87 | PC: 12ce3 | Get or set file date and time |
| 2018-12-25T12:03:59.075371628Z | 62 | PC: 12ce7 | Close file |
| 2018-12-25T12:03:59.083197251Z | 67 | PC: 12cf8 | Get or set file attributes |
| 2018-12-25T12:03:59.092719405Z | 79 | PC: 12c07 | Find next file |
| 2018-12-25T12:03:59.095534545Z | 61 | PC: 12c1f | Open file (See above) |
| 2018-12-25T12:03:59.102723926Z | 63 | PC: 12c31 | Read file or device (See above) |
| 2018-12-25T12:03:59.109041623Z | 44 | PC: 12c64 | Get time (See above) |
| 2018-12-25T12:03:59.111034328Z | 67 | PC: 12c7e | Get or set file attributes (See above) |
| 2018-12-25T12:03:59.121917193Z | 62 | PC: 12c82 | Close file (See above) |
| 2018-12-25T12:03:59.12389549Z | 61 | PC: 12c87 | Open file (See above) |
| 2018-12-25T12:03:59.13072965Z | 64 | PC: 12c9a | Write file or device (See above) |
| 2018-12-25T12:03:59.134694455Z | 64 | PC: 12cac | Write file or device (See above) |
| 2018-12-25T12:03:59.137324659Z | 64 | PC: 12cc1 | Write file or device (See above) |
| 2018-12-25T12:03:59.139943259Z | 66 | PC: 12cca | Move file pointer (See above) |
| 2018-12-25T12:03:59.142389403Z | 64 | PC: 12a7d | Write file or device (See above) |
| 2018-12-25T12:03:59.151267881Z | 87 | PC: 12ce3 | Get or set file date and time (See above) |
| 2018-12-25T12:03:59.152636322Z | 62 | PC: 12ce7 | Close file (See above) |
| 2018-12-25T12:03:59.160577554Z | 67 | PC: 12cf8 | Get or set file attributes (See above) |
| 2018-12-25T12:03:59.170711569Z | 79 | PC: 12c07 | Find next file (See above) |
| 2018-12-25T12:03:59.173304439Z | 61 | PC: 12c1f | Open file (See above) |
| 2018-12-25T12:03:59.180624167Z | 63 | PC: 12c31 | Read file or device (See above) |
| 2018-12-25T12:03:59.186875592Z | 44 | PC: 12c64 | Get time (See above) |
| 2018-12-25T12:03:59.188826182Z | 67 | PC: 12c7e | Get or set file attributes (See above) |
| 2018-12-25T12:03:59.19841819Z | 62 | PC: 12c82 | Close file (See above) |
| 2018-12-25T12:03:59.200215762Z | 61 | PC: 12c87 | Open file (See above) |
| 2018-12-25T12:03:59.206522582Z | 64 | PC: 12c9a | Write file or device (See above) |
| 2018-12-25T12:03:59.209073355Z | 64 | PC: 12cac | Write file or device (See above) |
| 2018-12-25T12:03:59.211754246Z | 64 | PC: 12cc1 | Write file or device (See above) |
| 2018-12-25T12:03:59.214095616Z | 66 | PC: 12cca | Move file pointer (See above) |
| 2018-12-25T12:03:59.215885784Z | 64 | PC: 12a7d | Write file or device (See above) |
| 2018-12-25T12:03:59.224874836Z | 87 | PC: 12ce3 | Get or set file date and time (See above) |
| 2018-12-25T12:03:59.226333302Z | 62 | PC: 12ce7 | Close file (See above) |
| 2018-12-25T12:03:59.234122329Z | 67 | PC: 12cf8 | Get or set file attributes (See above) |
| 2018-12-25T12:03:59.244023535Z | 42 | PC: 12b4e | Get date 0x12b4e: cmp dx, 0x709 0x12b52: je 0x12b57 0x12b54: jmp 0x12d68 0x12b57: jmp 0x12cfd 0x12b5a: and ah, bh 0x12b5c: movsw word ptr es:[di], word ptr [si] 0x12b5d: mov ax, 0x5c4c 0x12b60: add word ptr [di], ax 0x12b62: add byte ptr [di - 0x75], dl 0x12b65: in al, dx 0x12b66: sub sp, 0x2c 0x12b69: push si 0x12b6a: jmp 0x12bdb 0x12b6c: mov ah, 0x1a 0x12b6e: lea dx, word ptr [bp - 0x2c] 0x12b71: int 0x21 0x12b73: mov ah, 0x4e 0x12b75: mov cx, 0x10 0x12b78: mov dx, 0x19d 0x12b7b: add dx, word ptr [0x106] |
| 2018-12-25T12:03:59.245979332Z | 59 | PC: 12d73 | Change current directory |
| 2018-12-25T12:03:59.249595726Z | 59 | PC: 12d7a | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":8224,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:04:00.436146093Z | 71 | PC: 12b28 | Get current directory |
| 2018-12-25T12:04:00.43958226Z | 59 | PC: 12b33 | Change current directory |
| 2018-12-25T12:04:00.443770334Z | 26 | PC: 12be6 | Set disk transfer address |
| 2018-12-25T12:04:00.444823803Z | 78 | PC: 12bf4 | Find first file |
| 2018-12-25T12:04:00.451381074Z | 61 | PC: 12c1f | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:04:00.458460449Z | 63 | PC: 12c31 | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T12:04:00.465141551Z | 44 | PC: 12c64 | Get time 0x12c64: add dl, dh 0x12c66: je 0x12c60 0x12c68: mov si, 0x115 0x12c6b: add si, word ptr [0x106] 0x12c6f: mov byte ptr [si], dl 0x12c71: mov ax, 0x4301 0x12c74: xor cx, cx 0x12c76: mov dx, si 0x12c78: add dx, 0xaf 0x12c7c: int 0x21 0x12c7e: mov ah, 0x3e 0x12c80: int 0x21 0x12c82: mov ax, 0x3d02 0x12c85: int 0x21 0x12c87: jb 0x12c40 0x12c89: mov di, dx 0x12c8b: add di, 0x5d 0x12c8e: stosw word ptr es:[di], ax 0x12c8f: xchg ax, bx 0x12c90: mov ah, 0x40 |
| 2018-12-25T12:04:00.467322009Z | 67 | PC: 12c7e | Get or set file attributes |
| 2018-12-25T12:04:00.493686331Z | 62 | PC: 12c82 | Close file |
| 2018-12-25T12:04:00.495450523Z | 61 | PC: 12c87 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:04:00.502593378Z | 64 | PC: 12c9a | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:04:00.50632146Z | 64 | PC: 12cac | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:04:00.509201523Z | 64 | PC: 12cc1 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:04:00.512679634Z | 66 | PC: 12cca | Move file pointer |
| 2018-12-25T12:04:00.514970714Z | 64 | PC: 12a7d | Write file or device (Write 1110 bytes on handle 5) |
| 2018-12-25T12:04:00.524779564Z | 87 | PC: 12ce3 | Get or set file date and time |
| 2018-12-25T12:04:00.526148012Z | 62 | PC: 12ce7 | Close file |
| 2018-12-25T12:04:00.53447557Z | 67 | PC: 12cf8 | Get or set file attributes |
| 2018-12-25T12:04:00.545106592Z | 79 | PC: 12c07 | Find next file |
| 2018-12-25T12:04:00.547708816Z | 61 | PC: 12c1f | Open file (See above) |
| 2018-12-25T12:04:00.555026804Z | 63 | PC: 12c31 | Read file or device (See above) |
| 2018-12-25T12:04:00.561966613Z | 44 | PC: 12c64 | Get time (See above) |
| 2018-12-25T12:04:00.56418657Z | 67 | PC: 12c7e | Get or set file attributes (See above) |
| 2018-12-25T12:04:00.576053381Z | 62 | PC: 12c82 | Close file (See above) |
| 2018-12-25T12:04:00.577810298Z | 61 | PC: 12c87 | Open file (See above) |
| 2018-12-25T12:04:00.584936432Z | 64 | PC: 12c9a | Write file or device (See above) |
| 2018-12-25T12:04:00.587965232Z | 64 | PC: 12cac | Write file or device (See above) |
| 2018-12-25T12:04:00.590775528Z | 64 | PC: 12cc1 | Write file or device (See above) |
| 2018-12-25T12:04:00.593470392Z | 66 | PC: 12cca | Move file pointer (See above) |
| 2018-12-25T12:04:00.595559926Z | 64 | PC: 12a7d | Write file or device (See above) |
| 2018-12-25T12:04:00.602820302Z | 87 | PC: 12ce3 | Get or set file date and time (See above) |
| 2018-12-25T12:04:00.60428272Z | 62 | PC: 12ce7 | Close file (See above) |
| 2018-12-25T12:04:00.612776361Z | 67 | PC: 12cf8 | Get or set file attributes (See above) |
| 2018-12-25T12:04:00.619334611Z | 79 | PC: 12c07 | Find next file (See above) |
| 2018-12-25T12:04:00.621070412Z | 61 | PC: 12c1f | Open file (See above) |
| 2018-12-25T12:04:00.625128846Z | 63 | PC: 12c31 | Read file or device (See above) |
| 2018-12-25T12:04:00.630476089Z | 44 | PC: 12c64 | Get time (See above) |
| 2018-12-25T12:04:00.631901258Z | 67 | PC: 12c7e | Get or set file attributes (See above) |
| 2018-12-25T12:04:00.639847324Z | 62 | PC: 12c82 | Close file (See above) |
| 2018-12-25T12:04:00.641355334Z | 61 | PC: 12c87 | Open file (See above) |
| 2018-12-25T12:04:00.645465434Z | 64 | PC: 12c9a | Write file or device (See above) |
| 2018-12-25T12:04:00.649659011Z | 64 | PC: 12cac | Write file or device (See above) |
| 2018-12-25T12:04:00.651703136Z | 64 | PC: 12cc1 | Write file or device (See above) |
| 2018-12-25T12:04:00.65344159Z | 66 | PC: 12cca | Move file pointer (See above) |
| 2018-12-25T12:04:00.654656359Z | 64 | PC: 12a7d | Write file or device (See above) |
| 2018-12-25T12:04:00.660807901Z | 87 | PC: 12ce3 | Get or set file date and time (See above) |
| 2018-12-25T12:04:00.661904984Z | 62 | PC: 12ce7 | Close file (See above) |
| 2018-12-25T12:04:00.667023074Z | 67 | PC: 12cf8 | Get or set file attributes (See above) |
| 2018-12-25T12:04:00.673753792Z | 42 | PC: 12b4e | Get date 0x12b4e: cmp dx, 0x709 0x12b52: je 0x12b57 0x12b54: jmp 0x12d68 0x12b57: jmp 0x12cfd 0x12b5a: and ah, bh 0x12b5c: movsw word ptr es:[di], word ptr [si] 0x12b5d: mov ax, 0x5c4c 0x12b60: add word ptr [di], ax 0x12b62: add byte ptr [di - 0x75], dl 0x12b65: in al, dx 0x12b66: sub sp, 0x2c 0x12b69: push si 0x12b6a: jmp 0x12bdb 0x12b6c: mov ah, 0x1a 0x12b6e: lea dx, word ptr [bp - 0x2c] 0x12b71: int 0x21 0x12b73: mov ah, 0x4e 0x12b75: mov cx, 0x10 0x12b78: mov dx, 0x19d 0x12b7b: add dx, word ptr [0x106] |
| 2018-12-25T12:04:00.675269849Z | 59 | PC: 12d73 | Change current directory |
| 2018-12-25T12:04:00.677841991Z | 59 | PC: 12d7a | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":8224,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:04:00.943893204Z | 71 | PC: 12b28 | Get current directory |
| 2018-12-25T12:04:00.947521316Z | 59 | PC: 12b33 | Change current directory |
| 2018-12-25T12:04:00.951182854Z | 26 | PC: 12be6 | Set disk transfer address |
| 2018-12-25T12:04:00.952430713Z | 78 | PC: 12bf4 | Find first file |
| 2018-12-25T12:04:00.962819832Z | 61 | PC: 12c1f | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:04:00.973020047Z | 63 | PC: 12c31 | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T12:04:00.978673814Z | 44 | PC: 12c64 | Get time 0x12c64: add dl, dh 0x12c66: je 0x12c60 0x12c68: mov si, 0x115 0x12c6b: add si, word ptr [0x106] 0x12c6f: mov byte ptr [si], dl 0x12c71: mov ax, 0x4301 0x12c74: xor cx, cx 0x12c76: mov dx, si 0x12c78: add dx, 0xaf 0x12c7c: int 0x21 0x12c7e: mov ah, 0x3e 0x12c80: int 0x21 0x12c82: mov ax, 0x3d02 0x12c85: int 0x21 0x12c87: jb 0x12c40 0x12c89: mov di, dx 0x12c8b: add di, 0x5d 0x12c8e: stosw word ptr es:[di], ax 0x12c8f: xchg ax, bx 0x12c90: mov ah, 0x40 |
| 2018-12-25T12:04:00.982236132Z | 67 | PC: 12c7e | Get or set file attributes |
| 2018-12-25T12:04:01.15959829Z | 62 | PC: 12c82 | Close file |
| 2018-12-25T12:04:01.161669269Z | 61 | PC: 12c87 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:04:01.169140329Z | 64 | PC: 12c9a | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:04:01.171639072Z | 64 | PC: 12cac | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:04:01.174444046Z | 64 | PC: 12cc1 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:04:01.176936212Z | 66 | PC: 12cca | Move file pointer |
| 2018-12-25T12:04:01.179538853Z | 64 | PC: 12a7d | Write file or device (Write 1110 bytes on handle 5) |
| 2018-12-25T12:04:01.189534334Z | 87 | PC: 12ce3 | Get or set file date and time |
| 2018-12-25T12:04:01.190933136Z | 62 | PC: 12ce7 | Close file |
| 2018-12-25T12:04:01.199886699Z | 67 | PC: 12cf8 | Get or set file attributes |
| 2018-12-25T12:04:01.210842072Z | 79 | PC: 12c07 | Find next file |
| 2018-12-25T12:04:01.21441942Z | 61 | PC: 12c1f | Open file (See above) |
| 2018-12-25T12:04:01.221943992Z | 63 | PC: 12c31 | Read file or device (See above) |
| 2018-12-25T12:04:01.229015395Z | 44 | PC: 12c64 | Get time (See above) |
| 2018-12-25T12:04:01.231232538Z | 67 | PC: 12c7e | Get or set file attributes (See above) |
| 2018-12-25T12:04:01.242409417Z | 62 | PC: 12c82 | Close file (See above) |
| 2018-12-25T12:04:01.244314171Z | 61 | PC: 12c87 | Open file (See above) |
| 2018-12-25T12:04:01.251607507Z | 64 | PC: 12c9a | Write file or device (See above) |
| 2018-12-25T12:04:01.255053213Z | 64 | PC: 12cac | Write file or device (See above) |
| 2018-12-25T12:04:01.25786542Z | 64 | PC: 12cc1 | Write file or device (See above) |
| 2018-12-25T12:04:01.260566146Z | 66 | PC: 12cca | Move file pointer (See above) |
| 2018-12-25T12:04:01.262867062Z | 64 | PC: 12a7d | Write file or device (See above) |
| 2018-12-25T12:04:01.27264311Z | 87 | PC: 12ce3 | Get or set file date and time (See above) |
| 2018-12-25T12:04:01.27475291Z | 62 | PC: 12ce7 | Close file (See above) |
| 2018-12-25T12:04:01.283438411Z | 67 | PC: 12cf8 | Get or set file attributes (See above) |
| 2018-12-25T12:04:01.29372982Z | 79 | PC: 12c07 | Find next file (See above) |
| 2018-12-25T12:04:01.296387592Z | 61 | PC: 12c1f | Open file (See above) |
| 2018-12-25T12:04:01.303523652Z | 63 | PC: 12c31 | Read file or device (See above) |
| 2018-12-25T12:04:01.310345229Z | 44 | PC: 12c64 | Get time (See above) |
| 2018-12-25T12:04:01.312599253Z | 67 | PC: 12c7e | Get or set file attributes (See above) |
| 2018-12-25T12:04:01.323110752Z | 62 | PC: 12c82 | Close file (See above) |
| 2018-12-25T12:04:01.325099211Z | 61 | PC: 12c87 | Open file (See above) |
| 2018-12-25T12:04:01.33191844Z | 64 | PC: 12c9a | Write file or device (See above) |
| 2018-12-25T12:04:01.33547924Z | 64 | PC: 12cac | Write file or device (See above) |
| 2018-12-25T12:04:01.338159746Z | 64 | PC: 12cc1 | Write file or device (See above) |
| 2018-12-25T12:04:01.340607806Z | 66 | PC: 12cca | Move file pointer (See above) |
| 2018-12-25T12:04:01.34242747Z | 64 | PC: 12a7d | Write file or device (See above) |
| 2018-12-25T12:04:01.351204826Z | 87 | PC: 12ce3 | Get or set file date and time (See above) |
| 2018-12-25T12:04:01.352725965Z | 62 | PC: 12ce7 | Close file (See above) |
| 2018-12-25T12:04:01.36061087Z | 67 | PC: 12cf8 | Get or set file attributes (See above) |
| 2018-12-25T12:04:01.37100931Z | 42 | PC: 12b4e | Get date 0x12b4e: cmp dx, 0x709 0x12b52: je 0x12b57 0x12b54: jmp 0x12d68 0x12b57: jmp 0x12cfd 0x12b5a: and ah, bh 0x12b5c: movsw word ptr es:[di], word ptr [si] 0x12b5d: mov ax, 0x5c4c 0x12b60: add word ptr [di], ax 0x12b62: add byte ptr [di - 0x75], dl 0x12b65: in al, dx 0x12b66: sub sp, 0x2c 0x12b69: push si 0x12b6a: jmp 0x12bdb 0x12b6c: mov ah, 0x1a 0x12b6e: lea dx, word ptr [bp - 0x2c] 0x12b71: int 0x21 0x12b73: mov ah, 0x4e 0x12b75: mov cx, 0x10 0x12b78: mov dx, 0x19d 0x12b7b: add dx, word ptr [0x106] |
| 2018-12-25T12:04:01.373202919Z | 59 | PC: 12d73 | Change current directory |
| 2018-12-25T12:04:01.377306705Z | 59 | PC: 12d7a | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":8224,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:04:00.996925248Z | 71 | PC: 12b28 | Get current directory |
| 2018-12-25T12:04:01.00048451Z | 59 | PC: 12b33 | Change current directory |
| 2018-12-25T12:04:01.004903484Z | 26 | PC: 12be6 | Set disk transfer address |
| 2018-12-25T12:04:01.006002315Z | 78 | PC: 12bf4 | Find first file |
| 2018-12-25T12:04:01.025427311Z | 61 | PC: 12c1f | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:04:01.032829383Z | 63 | PC: 12c31 | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T12:04:01.039748662Z | 44 | PC: 12c64 | Get time 0x12c64: add dl, dh 0x12c66: je 0x12c60 0x12c68: mov si, 0x115 0x12c6b: add si, word ptr [0x106] 0x12c6f: mov byte ptr [si], dl 0x12c71: mov ax, 0x4301 0x12c74: xor cx, cx 0x12c76: mov dx, si 0x12c78: add dx, 0xaf 0x12c7c: int 0x21 0x12c7e: mov ah, 0x3e 0x12c80: int 0x21 0x12c82: mov ax, 0x3d02 0x12c85: int 0x21 0x12c87: jb 0x12c40 0x12c89: mov di, dx 0x12c8b: add di, 0x5d 0x12c8e: stosw word ptr es:[di], ax 0x12c8f: xchg ax, bx 0x12c90: mov ah, 0x40 |
| 2018-12-25T12:04:01.041975447Z | 67 | PC: 12c7e | Get or set file attributes |
| 2018-12-25T12:04:01.158888648Z | 62 | PC: 12c82 | Close file |
| 2018-12-25T12:04:01.160933811Z | 61 | PC: 12c87 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:04:01.168810336Z | 64 | PC: 12c9a | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:04:01.172433103Z | 64 | PC: 12cac | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:04:01.175158636Z | 64 | PC: 12cc1 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:04:01.17850539Z | 66 | PC: 12cca | Move file pointer |
| 2018-12-25T12:04:01.181245405Z | 64 | PC: 12a7d | Write file or device (Write 1110 bytes on handle 5) |
| 2018-12-25T12:04:01.192134044Z | 87 | PC: 12ce3 | Get or set file date and time |
| 2018-12-25T12:04:01.19510861Z | 62 | PC: 12ce7 | Close file |
| 2018-12-25T12:04:01.204533495Z | 67 | PC: 12cf8 | Get or set file attributes |
| 2018-12-25T12:04:01.220922172Z | 79 | PC: 12c07 | Find next file |
| 2018-12-25T12:04:01.224152752Z | 61 | PC: 12c1f | Open file (See above) |
| 2018-12-25T12:04:01.239677608Z | 63 | PC: 12c31 | Read file or device (See above) |
| 2018-12-25T12:04:01.247265379Z | 44 | PC: 12c64 | Get time (See above) |
| 2018-12-25T12:04:01.249895056Z | 67 | PC: 12c7e | Get or set file attributes (See above) |
| 2018-12-25T12:04:01.262410726Z | 62 | PC: 12c82 | Close file (See above) |
| 2018-12-25T12:04:01.264469939Z | 61 | PC: 12c87 | Open file (See above) |
| 2018-12-25T12:04:01.27200165Z | 64 | PC: 12c9a | Write file or device (See above) |
| 2018-12-25T12:04:01.275026294Z | 64 | PC: 12cac | Write file or device (See above) |
| 2018-12-25T12:04:01.278100109Z | 64 | PC: 12cc1 | Write file or device (See above) |
| 2018-12-25T12:04:01.28092503Z | 66 | PC: 12cca | Move file pointer (See above) |
| 2018-12-25T12:04:01.283373666Z | 64 | PC: 12a7d | Write file or device (See above) |
| 2018-12-25T12:04:01.294676039Z | 87 | PC: 12ce3 | Get or set file date and time (See above) |
| 2018-12-25T12:04:01.296334968Z | 62 | PC: 12ce7 | Close file (See above) |
| 2018-12-25T12:04:01.305365679Z | 67 | PC: 12cf8 | Get or set file attributes (See above) |
| 2018-12-25T12:04:01.317091457Z | 79 | PC: 12c07 | Find next file (See above) |
| 2018-12-25T12:04:01.32080962Z | 61 | PC: 12c1f | Open file (See above) |
| 2018-12-25T12:04:01.328799942Z | 63 | PC: 12c31 | Read file or device (See above) |
| 2018-12-25T12:04:01.336623356Z | 44 | PC: 12c64 | Get time (See above) |
| 2018-12-25T12:04:01.338944892Z | 67 | PC: 12c7e | Get or set file attributes (See above) |
| 2018-12-25T12:04:01.350179327Z | 62 | PC: 12c82 | Close file (See above) |
| 2018-12-25T12:04:01.353714833Z | 61 | PC: 12c87 | Open file (See above) |
| 2018-12-25T12:04:01.361583409Z | 64 | PC: 12c9a | Write file or device (See above) |
| 2018-12-25T12:04:01.364612362Z | 64 | PC: 12cac | Write file or device (See above) |
| 2018-12-25T12:04:01.367869039Z | 64 | PC: 12cc1 | Write file or device (See above) |
| 2018-12-25T12:04:01.370826209Z | 66 | PC: 12cca | Move file pointer (See above) |
| 2018-12-25T12:04:01.37292272Z | 64 | PC: 12a7d | Write file or device (See above) |
| 2018-12-25T12:04:01.383274505Z | 87 | PC: 12ce3 | Get or set file date and time (See above) |
| 2018-12-25T12:04:01.385802194Z | 62 | PC: 12ce7 | Close file (See above) |
| 2018-12-25T12:04:01.395010455Z | 67 | PC: 12cf8 | Get or set file attributes (See above) |
| 2018-12-25T12:04:01.405946844Z | 42 | PC: 12b4e | Get date 0x12b4e: cmp dx, 0x709 0x12b52: je 0x12b57 0x12b54: jmp 0x12d68 0x12b57: jmp 0x12cfd 0x12b5a: and ah, bh 0x12b5c: movsw word ptr es:[di], word ptr [si] 0x12b5d: mov ax, 0x5c4c 0x12b60: add word ptr [di], ax 0x12b62: add byte ptr [di - 0x75], dl 0x12b65: in al, dx 0x12b66: sub sp, 0x2c 0x12b69: push si 0x12b6a: jmp 0x12bdb 0x12b6c: mov ah, 0x1a 0x12b6e: lea dx, word ptr [bp - 0x2c] 0x12b71: int 0x21 0x12b73: mov ah, 0x4e 0x12b75: mov cx, 0x10 0x12b78: mov dx, 0x19d 0x12b7b: add dx, word ptr [0x106] |
| 2018-12-25T12:04:01.408881227Z | 59 | PC: 12d73 | Change current directory |
| 2018-12-25T12:04:01.413372036Z | 59 | PC: 12d7a | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":8224,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:04:00.976399297Z | 71 | PC: 12b28 | Get current directory |
| 2018-12-25T12:04:00.985246238Z | 59 | PC: 12b33 | Change current directory |
| 2018-12-25T12:04:00.989714066Z | 26 | PC: 12be6 | Set disk transfer address |
| 2018-12-25T12:04:00.991035937Z | 78 | PC: 12bf4 | Find first file |
| 2018-12-25T12:04:01.006522238Z | 61 | PC: 12c1f | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:04:01.014106811Z | 63 | PC: 12c31 | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T12:04:01.021703872Z | 44 | PC: 12c64 | Get time 0x12c64: add dl, dh 0x12c66: je 0x12c60 0x12c68: mov si, 0x115 0x12c6b: add si, word ptr [0x106] 0x12c6f: mov byte ptr [si], dl 0x12c71: mov ax, 0x4301 0x12c74: xor cx, cx 0x12c76: mov dx, si 0x12c78: add dx, 0xaf 0x12c7c: int 0x21 0x12c7e: mov ah, 0x3e 0x12c80: int 0x21 0x12c82: mov ax, 0x3d02 0x12c85: int 0x21 0x12c87: jb 0x12c40 0x12c89: mov di, dx 0x12c8b: add di, 0x5d 0x12c8e: stosw word ptr es:[di], ax 0x12c8f: xchg ax, bx 0x12c90: mov ah, 0x40 |
| 2018-12-25T12:04:01.024116031Z | 67 | PC: 12c7e | Get or set file attributes |
| 2018-12-25T12:04:01.159554224Z | 62 | PC: 12c82 | Close file |
| 2018-12-25T12:04:01.161723957Z | 61 | PC: 12c87 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:04:01.169668215Z | 64 | PC: 12c9a | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:04:01.178652966Z | 64 | PC: 12cac | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:04:01.18195315Z | 64 | PC: 12cc1 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:04:01.185270836Z | 66 | PC: 12cca | Move file pointer |
| 2018-12-25T12:04:01.188583651Z | 64 | PC: 12a7d | Write file or device (Write 1110 bytes on handle 5) |
| 2018-12-25T12:04:01.198770689Z | 87 | PC: 12ce3 | Get or set file date and time |
| 2018-12-25T12:04:01.20050888Z | 62 | PC: 12ce7 | Close file |
| 2018-12-25T12:04:01.210546657Z | 67 | PC: 12cf8 | Get or set file attributes |
| 2018-12-25T12:04:01.222446738Z | 79 | PC: 12c07 | Find next file |
| 2018-12-25T12:04:01.225529461Z | 61 | PC: 12c1f | Open file (See above) |
| 2018-12-25T12:04:01.233511789Z | 63 | PC: 12c31 | Read file or device (See above) |
| 2018-12-25T12:04:01.241474915Z | 44 | PC: 12c64 | Get time (See above) |
| 2018-12-25T12:04:01.244147621Z | 67 | PC: 12c7e | Get or set file attributes (See above) |
| 2018-12-25T12:04:01.250938098Z | 62 | PC: 12c82 | Close file (See above) |
| 2018-12-25T12:04:01.252662051Z | 61 | PC: 12c87 | Open file (See above) |
| 2018-12-25T12:04:01.258533358Z | 64 | PC: 12c9a | Write file or device (See above) |
| 2018-12-25T12:04:01.26098096Z | 64 | PC: 12cac | Write file or device (See above) |
| 2018-12-25T12:04:01.263752337Z | 64 | PC: 12cc1 | Write file or device (See above) |
| 2018-12-25T12:04:01.266063183Z | 66 | PC: 12cca | Move file pointer (See above) |
| 2018-12-25T12:04:01.267681268Z | 64 | PC: 12a7d | Write file or device (See above) |
| 2018-12-25T12:04:01.275980932Z | 87 | PC: 12ce3 | Get or set file date and time (See above) |
| 2018-12-25T12:04:01.277503265Z | 62 | PC: 12ce7 | Close file (See above) |
| 2018-12-25T12:04:01.284781133Z | 67 | PC: 12cf8 | Get or set file attributes (See above) |
| 2018-12-25T12:04:01.29248117Z | 79 | PC: 12c07 | Find next file (See above) |
| 2018-12-25T12:04:01.295332573Z | 61 | PC: 12c1f | Open file (See above) |
| 2018-12-25T12:04:01.302308633Z | 63 | PC: 12c31 | Read file or device (See above) |
| 2018-12-25T12:04:01.310234621Z | 44 | PC: 12c64 | Get time (See above) |
| 2018-12-25T12:04:01.312604526Z | 67 | PC: 12c7e | Get or set file attributes (See above) |
| 2018-12-25T12:04:01.32388106Z | 62 | PC: 12c82 | Close file (See above) |
| 2018-12-25T12:04:01.326204511Z | 61 | PC: 12c87 | Open file (See above) |
| 2018-12-25T12:04:01.330821779Z | 64 | PC: 12c9a | Write file or device (See above) |
| 2018-12-25T12:04:01.33388806Z | 64 | PC: 12cac | Write file or device (See above) |
| 2018-12-25T12:04:01.336621261Z | 64 | PC: 12cc1 | Write file or device (See above) |
| 2018-12-25T12:04:01.339901153Z | 66 | PC: 12cca | Move file pointer (See above) |
| 2018-12-25T12:04:01.342205755Z | 64 | PC: 12a7d | Write file or device (See above) |
| 2018-12-25T12:04:01.35347148Z | 87 | PC: 12ce3 | Get or set file date and time (See above) |
| 2018-12-25T12:04:01.355726599Z | 62 | PC: 12ce7 | Close file (See above) |
| 2018-12-25T12:04:01.364209284Z | 67 | PC: 12cf8 | Get or set file attributes (See above) |
| 2018-12-25T12:04:01.374904328Z | 42 | PC: 12b4e | Get date 0x12b4e: cmp dx, 0x709 0x12b52: je 0x12b57 0x12b54: jmp 0x12d68 0x12b57: jmp 0x12cfd 0x12b5a: and ah, bh 0x12b5c: movsw word ptr es:[di], word ptr [si] 0x12b5d: mov ax, 0x5c4c 0x12b60: add word ptr [di], ax 0x12b62: add byte ptr [di - 0x75], dl 0x12b65: in al, dx 0x12b66: sub sp, 0x2c 0x12b69: push si 0x12b6a: jmp 0x12bdb 0x12b6c: mov ah, 0x1a 0x12b6e: lea dx, word ptr [bp - 0x2c] 0x12b71: int 0x21 0x12b73: mov ah, 0x4e 0x12b75: mov cx, 0x10 0x12b78: mov dx, 0x19d 0x12b7b: add dx, word ptr [0x106] |
| 2018-12-25T12:04:01.37748756Z | 59 | PC: 12d73 | Change current directory |
| 2018-12-25T12:04:01.381938678Z | 59 | PC: 12d7a | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":8224,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:04:01.070266454Z | 71 | PC: 12b28 | Get current directory |
| 2018-12-25T12:04:01.073911376Z | 59 | PC: 12b33 | Change current directory |
| 2018-12-25T12:04:01.076995302Z | 26 | PC: 12be6 | Set disk transfer address |
| 2018-12-25T12:04:01.078058039Z | 78 | PC: 12bf4 | Find first file |
| 2018-12-25T12:04:01.083424892Z | 61 | PC: 12c1f | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:04:01.089303704Z | 63 | PC: 12c31 | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T12:04:01.094879936Z | 44 | PC: 12c64 | Get time 0x12c64: add dl, dh 0x12c66: je 0x12c60 0x12c68: mov si, 0x115 0x12c6b: add si, word ptr [0x106] 0x12c6f: mov byte ptr [si], dl 0x12c71: mov ax, 0x4301 0x12c74: xor cx, cx 0x12c76: mov dx, si 0x12c78: add dx, 0xaf 0x12c7c: int 0x21 0x12c7e: mov ah, 0x3e 0x12c80: int 0x21 0x12c82: mov ax, 0x3d02 0x12c85: int 0x21 0x12c87: jb 0x12c40 0x12c89: mov di, dx 0x12c8b: add di, 0x5d 0x12c8e: stosw word ptr es:[di], ax 0x12c8f: xchg ax, bx 0x12c90: mov ah, 0x40 |
| 2018-12-25T12:04:01.096772588Z | 67 | PC: 12c7e | Get or set file attributes |
| 2018-12-25T12:04:01.160574521Z | 62 | PC: 12c82 | Close file |
| 2018-12-25T12:04:01.163896279Z | 61 | PC: 12c87 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:04:01.176971947Z | 64 | PC: 12c9a | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:04:01.18536205Z | 64 | PC: 12cac | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:04:01.188454843Z | 64 | PC: 12cc1 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:04:01.19141959Z | 66 | PC: 12cca | Move file pointer |
| 2018-12-25T12:04:01.194436738Z | 64 | PC: 12a7d | Write file or device (Write 1110 bytes on handle 5) |
| 2018-12-25T12:04:01.206519575Z | 87 | PC: 12ce3 | Get or set file date and time |
| 2018-12-25T12:04:01.208516261Z | 62 | PC: 12ce7 | Close file |
| 2018-12-25T12:04:01.221508281Z | 67 | PC: 12cf8 | Get or set file attributes |
| 2018-12-25T12:04:01.232649964Z | 79 | PC: 12c07 | Find next file |
| 2018-12-25T12:04:01.235739903Z | 61 | PC: 12c1f | Open file (See above) |
| 2018-12-25T12:04:01.243283771Z | 63 | PC: 12c31 | Read file or device (See above) |
| 2018-12-25T12:04:01.251202935Z | 44 | PC: 12c64 | Get time (See above) |
| 2018-12-25T12:04:01.253899556Z | 67 | PC: 12c7e | Get or set file attributes (See above) |
| 2018-12-25T12:04:01.265452727Z | 62 | PC: 12c82 | Close file (See above) |
| 2018-12-25T12:04:01.268323677Z | 61 | PC: 12c87 | Open file (See above) |
| 2018-12-25T12:04:01.276154482Z | 64 | PC: 12c9a | Write file or device (See above) |
| 2018-12-25T12:04:01.279687578Z | 64 | PC: 12cac | Write file or device (See above) |
| 2018-12-25T12:04:01.283487992Z | 64 | PC: 12cc1 | Write file or device (See above) |
| 2018-12-25T12:04:01.286529571Z | 66 | PC: 12cca | Move file pointer (See above) |
| 2018-12-25T12:04:01.288790153Z | 64 | PC: 12a7d | Write file or device (See above) |
| 2018-12-25T12:04:01.299468162Z | 87 | PC: 12ce3 | Get or set file date and time (See above) |
| 2018-12-25T12:04:01.301557753Z | 62 | PC: 12ce7 | Close file (See above) |
| 2018-12-25T12:04:01.310394898Z | 67 | PC: 12cf8 | Get or set file attributes (See above) |
| 2018-12-25T12:04:01.320261412Z | 79 | PC: 12c07 | Find next file (See above) |
| 2018-12-25T12:04:01.322741022Z | 61 | PC: 12c1f | Open file (See above) |
| 2018-12-25T12:04:01.326913489Z | 63 | PC: 12c31 | Read file or device (See above) |
| 2018-12-25T12:04:01.33182481Z | 44 | PC: 12c64 | Get time (See above) |
| 2018-12-25T12:04:01.33394343Z | 67 | PC: 12c7e | Get or set file attributes (See above) |
| 2018-12-25T12:04:01.34124632Z | 62 | PC: 12c82 | Close file (See above) |
| 2018-12-25T12:04:01.342817317Z | 61 | PC: 12c87 | Open file (See above) |
| 2018-12-25T12:04:01.347255992Z | 64 | PC: 12c9a | Write file or device (See above) |
| 2018-12-25T12:04:01.349180764Z | 64 | PC: 12cac | Write file or device (See above) |
| 2018-12-25T12:04:01.351056543Z | 64 | PC: 12cc1 | Write file or device (See above) |
| 2018-12-25T12:04:01.35328327Z | 66 | PC: 12cca | Move file pointer (See above) |
| 2018-12-25T12:04:01.35471678Z | 64 | PC: 12a7d | Write file or device (See above) |
| 2018-12-25T12:04:01.36069169Z | 87 | PC: 12ce3 | Get or set file date and time (See above) |
| 2018-12-25T12:04:01.362076617Z | 62 | PC: 12ce7 | Close file (See above) |
| 2018-12-25T12:04:01.367965945Z | 67 | PC: 12cf8 | Get or set file attributes (See above) |
| 2018-12-25T12:04:01.376511502Z | 42 | PC: 12b4e | Get date 0x12b4e: cmp dx, 0x709 0x12b52: je 0x12b57 0x12b54: jmp 0x12d68 0x12b57: jmp 0x12cfd 0x12b5a: and ah, bh 0x12b5c: movsw word ptr es:[di], word ptr [si] 0x12b5d: mov ax, 0x5c4c 0x12b60: add word ptr [di], ax 0x12b62: add byte ptr [di - 0x75], dl 0x12b65: in al, dx 0x12b66: sub sp, 0x2c 0x12b69: push si 0x12b6a: jmp 0x12bdb 0x12b6c: mov ah, 0x1a 0x12b6e: lea dx, word ptr [bp - 0x2c] 0x12b71: int 0x21 0x12b73: mov ah, 0x4e 0x12b75: mov cx, 0x10 0x12b78: mov dx, 0x19d 0x12b7b: add dx, word ptr [0x106] |
| 2018-12-25T12:04:01.378937794Z | 59 | PC: 12d73 | Change current directory |
| 2018-12-25T12:04:01.381619811Z | 59 | PC: 12d7a | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":8224,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:04:01.111311808Z | 71 | PC: 12b28 | Get current directory |
| 2018-12-25T12:04:01.114631247Z | 59 | PC: 12b33 | Change current directory |
| 2018-12-25T12:04:01.119652869Z | 26 | PC: 12be6 | Set disk transfer address |
| 2018-12-25T12:04:01.12135807Z | 78 | PC: 12bf4 | Find first file |
| 2018-12-25T12:04:01.128196917Z | 61 | PC: 12c1f | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:04:01.136000939Z | 63 | PC: 12c31 | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T12:04:01.142970552Z | 44 | PC: 12c64 | Get time 0x12c64: add dl, dh 0x12c66: je 0x12c60 0x12c68: mov si, 0x115 0x12c6b: add si, word ptr [0x106] 0x12c6f: mov byte ptr [si], dl 0x12c71: mov ax, 0x4301 0x12c74: xor cx, cx 0x12c76: mov dx, si 0x12c78: add dx, 0xaf 0x12c7c: int 0x21 0x12c7e: mov ah, 0x3e 0x12c80: int 0x21 0x12c82: mov ax, 0x3d02 0x12c85: int 0x21 0x12c87: jb 0x12c40 0x12c89: mov di, dx 0x12c8b: add di, 0x5d 0x12c8e: stosw word ptr es:[di], ax 0x12c8f: xchg ax, bx 0x12c90: mov ah, 0x40 |
| 2018-12-25T12:04:01.145277046Z | 67 | PC: 12c7e | Get or set file attributes |
| 2018-12-25T12:04:01.168463333Z | 62 | PC: 12c82 | Close file |
| 2018-12-25T12:04:01.17040283Z | 61 | PC: 12c87 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:04:01.178216543Z | 64 | PC: 12c9a | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:04:01.187494527Z | 64 | PC: 12cac | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:04:01.190248172Z | 64 | PC: 12cc1 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:04:01.192928816Z | 66 | PC: 12cca | Move file pointer |
| 2018-12-25T12:04:01.195176876Z | 64 | PC: 12a7d | Write file or device (Write 1110 bytes on handle 5) |
| 2018-12-25T12:04:01.211692959Z | 87 | PC: 12ce3 | Get or set file date and time |
| 2018-12-25T12:04:01.21385559Z | 62 | PC: 12ce7 | Close file |
| 2018-12-25T12:04:01.223112074Z | 67 | PC: 12cf8 | Get or set file attributes |
| 2018-12-25T12:04:01.234731958Z | 79 | PC: 12c07 | Find next file |
| 2018-12-25T12:04:01.237576405Z | 61 | PC: 12c1f | Open file (See above) |
| 2018-12-25T12:04:01.246272274Z | 63 | PC: 12c31 | Read file or device (See above) |
| 2018-12-25T12:04:01.253462678Z | 44 | PC: 12c64 | Get time (See above) |
| 2018-12-25T12:04:01.256263504Z | 67 | PC: 12c7e | Get or set file attributes (See above) |
| 2018-12-25T12:04:01.26739627Z | 62 | PC: 12c82 | Close file (See above) |
| 2018-12-25T12:04:01.278283635Z | 61 | PC: 12c87 | Open file (See above) |
| 2018-12-25T12:04:01.285956346Z | 64 | PC: 12c9a | Write file or device (See above) |
| 2018-12-25T12:04:01.289108656Z | 64 | PC: 12cac | Write file or device (See above) |
| 2018-12-25T12:04:01.292807727Z | 64 | PC: 12cc1 | Write file or device (See above) |
| 2018-12-25T12:04:01.296112118Z | 66 | PC: 12cca | Move file pointer (See above) |
| 2018-12-25T12:04:01.298599746Z | 64 | PC: 12a7d | Write file or device (See above) |
| 2018-12-25T12:04:01.310219762Z | 87 | PC: 12ce3 | Get or set file date and time (See above) |
| 2018-12-25T12:04:01.311934287Z | 62 | PC: 12ce7 | Close file (See above) |
| 2018-12-25T12:04:01.320387301Z | 67 | PC: 12cf8 | Get or set file attributes (See above) |
| 2018-12-25T12:04:01.332580553Z | 79 | PC: 12c07 | Find next file (See above) |
| 2018-12-25T12:04:01.335569094Z | 61 | PC: 12c1f | Open file (See above) |
| 2018-12-25T12:04:01.342882445Z | 63 | PC: 12c31 | Read file or device (See above) |
| 2018-12-25T12:04:01.350871252Z | 44 | PC: 12c64 | Get time (See above) |
| 2018-12-25T12:04:01.353825921Z | 67 | PC: 12c7e | Get or set file attributes (See above) |
| 2018-12-25T12:04:01.365244378Z | 62 | PC: 12c82 | Close file (See above) |
| 2018-12-25T12:04:01.367309526Z | 61 | PC: 12c87 | Open file (See above) |
| 2018-12-25T12:04:01.375729807Z | 64 | PC: 12c9a | Write file or device (See above) |
| 2018-12-25T12:04:01.379001761Z | 64 | PC: 12cac | Write file or device (See above) |
| 2018-12-25T12:04:01.38190626Z | 64 | PC: 12cc1 | Write file or device (See above) |
| 2018-12-25T12:04:01.385806449Z | 66 | PC: 12cca | Move file pointer (See above) |
| 2018-12-25T12:04:01.388084219Z | 64 | PC: 12a7d | Write file or device (See above) |
| 2018-12-25T12:04:01.39864571Z | 87 | PC: 12ce3 | Get or set file date and time (See above) |
| 2018-12-25T12:04:01.400741608Z | 62 | PC: 12ce7 | Close file (See above) |
| 2018-12-25T12:04:01.410289477Z | 67 | PC: 12cf8 | Get or set file attributes (See above) |
| 2018-12-25T12:04:01.421152281Z | 42 | PC: 12b4e | Get date 0x12b4e: cmp dx, 0x709 0x12b52: je 0x12b57 0x12b54: jmp 0x12d68 0x12b57: jmp 0x12cfd 0x12b5a: and ah, bh 0x12b5c: movsw word ptr es:[di], word ptr [si] 0x12b5d: mov ax, 0x5c4c 0x12b60: add word ptr [di], ax 0x12b62: add byte ptr [di - 0x75], dl 0x12b65: in al, dx 0x12b66: sub sp, 0x2c 0x12b69: push si 0x12b6a: jmp 0x12bdb 0x12b6c: mov ah, 0x1a 0x12b6e: lea dx, word ptr [bp - 0x2c] 0x12b71: int 0x21 0x12b73: mov ah, 0x4e 0x12b75: mov cx, 0x10 0x12b78: mov dx, 0x19d 0x12b7b: add dx, word ptr [0x106] |
| 2018-12-25T12:04:01.424274948Z | 59 | PC: 12d73 | Change current directory |
| 2018-12-25T12:04:01.428728745Z | 59 | PC: 12d7a | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":8224,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:04:01.167208948Z | 71 | PC: 12b28 | Get current directory |
| 2018-12-25T12:04:01.171744059Z | 59 | PC: 12b33 | Change current directory |
| 2018-12-25T12:04:01.176147596Z | 26 | PC: 12be6 | Set disk transfer address |
| 2018-12-25T12:04:01.177598936Z | 78 | PC: 12bf4 | Find first file |
| 2018-12-25T12:04:01.184485454Z | 61 | PC: 12c1f | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:04:01.19167115Z | 63 | PC: 12c31 | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T12:04:01.198447999Z | 44 | PC: 12c64 | Get time 0x12c64: add dl, dh 0x12c66: je 0x12c60 0x12c68: mov si, 0x115 0x12c6b: add si, word ptr [0x106] 0x12c6f: mov byte ptr [si], dl 0x12c71: mov ax, 0x4301 0x12c74: xor cx, cx 0x12c76: mov dx, si 0x12c78: add dx, 0xaf 0x12c7c: int 0x21 0x12c7e: mov ah, 0x3e 0x12c80: int 0x21 0x12c82: mov ax, 0x3d02 0x12c85: int 0x21 0x12c87: jb 0x12c40 0x12c89: mov di, dx 0x12c8b: add di, 0x5d 0x12c8e: stosw word ptr es:[di], ax 0x12c8f: xchg ax, bx 0x12c90: mov ah, 0x40 |
| 2018-12-25T12:04:01.200981366Z | 67 | PC: 12c7e | Get or set file attributes |
| 2018-12-25T12:04:01.220687514Z | 62 | PC: 12c82 | Close file |
| 2018-12-25T12:04:01.223476169Z | 61 | PC: 12c87 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:04:01.230490569Z | 64 | PC: 12c9a | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:04:01.237578349Z | 64 | PC: 12cac | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:04:01.240305661Z | 64 | PC: 12cc1 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:04:01.243530484Z | 66 | PC: 12cca | Move file pointer |
| 2018-12-25T12:04:01.245776216Z | 64 | PC: 12a7d | Write file or device (Write 1110 bytes on handle 5) |
| 2018-12-25T12:04:01.255589864Z | 87 | PC: 12ce3 | Get or set file date and time |
| 2018-12-25T12:04:01.257141577Z | 62 | PC: 12ce7 | Close file |
| 2018-12-25T12:04:01.266617844Z | 67 | PC: 12cf8 | Get or set file attributes |
| 2018-12-25T12:04:01.277663698Z | 79 | PC: 12c07 | Find next file |
| 2018-12-25T12:04:01.280658732Z | 61 | PC: 12c1f | Open file (See above) |
| 2018-12-25T12:04:01.290162496Z | 63 | PC: 12c31 | Read file or device (See above) |
| 2018-12-25T12:04:01.297277341Z | 44 | PC: 12c64 | Get time (See above) |
| 2018-12-25T12:04:01.299652705Z | 67 | PC: 12c7e | Get or set file attributes (See above) |
| 2018-12-25T12:04:01.311834687Z | 62 | PC: 12c82 | Close file (See above) |
| 2018-12-25T12:04:01.313873027Z | 61 | PC: 12c87 | Open file (See above) |
| 2018-12-25T12:04:01.321193859Z | 64 | PC: 12c9a | Write file or device (See above) |
| 2018-12-25T12:04:01.324359984Z | 64 | PC: 12cac | Write file or device (See above) |
| 2018-12-25T12:04:01.327798506Z | 64 | PC: 12cc1 | Write file or device (See above) |
| 2018-12-25T12:04:01.330573557Z | 66 | PC: 12cca | Move file pointer (See above) |
| 2018-12-25T12:04:01.332503678Z | 64 | PC: 12a7d | Write file or device (See above) |
| 2018-12-25T12:04:01.344480549Z | 87 | PC: 12ce3 | Get or set file date and time (See above) |
| 2018-12-25T12:04:01.345976139Z | 62 | PC: 12ce7 | Close file (See above) |
| 2018-12-25T12:04:01.354666116Z | 67 | PC: 12cf8 | Get or set file attributes (See above) |
| 2018-12-25T12:04:01.366018198Z | 79 | PC: 12c07 | Find next file (See above) |
| 2018-12-25T12:04:01.368632519Z | 61 | PC: 12c1f | Open file (See above) |
| 2018-12-25T12:04:01.375576891Z | 63 | PC: 12c31 | Read file or device (See above) |
| 2018-12-25T12:04:01.383817645Z | 44 | PC: 12c64 | Get time (See above) |
| 2018-12-25T12:04:01.386254429Z | 67 | PC: 12c7e | Get or set file attributes (See above) |
| 2018-12-25T12:04:01.397732019Z | 62 | PC: 12c82 | Close file (See above) |
| 2018-12-25T12:04:01.399594251Z | 61 | PC: 12c87 | Open file (See above) |
| 2018-12-25T12:04:01.404340409Z | 64 | PC: 12c9a | Write file or device (See above) |
| 2018-12-25T12:04:01.407272141Z | 64 | PC: 12cac | Write file or device (See above) |
| 2018-12-25T12:04:01.410696011Z | 64 | PC: 12cc1 | Write file or device (See above) |
| 2018-12-25T12:04:01.415034616Z | 66 | PC: 12cca | Move file pointer (See above) |
| 2018-12-25T12:04:01.41714066Z | 64 | PC: 12a7d | Write file or device (See above) |
| 2018-12-25T12:04:01.428753638Z | 87 | PC: 12ce3 | Get or set file date and time (See above) |
| 2018-12-25T12:04:01.429928375Z | 62 | PC: 12ce7 | Close file (See above) |
| 2018-12-25T12:04:01.438673138Z | 67 | PC: 12cf8 | Get or set file attributes (See above) |
| 2018-12-25T12:04:01.449965794Z | 42 | PC: 12b4e | Get date 0x12b4e: cmp dx, 0x709 0x12b52: je 0x12b57 0x12b54: jmp 0x12d68 0x12b57: jmp 0x12cfd 0x12b5a: and ah, bh 0x12b5c: movsw word ptr es:[di], word ptr [si] 0x12b5d: mov ax, 0x5c4c 0x12b60: add word ptr [di], ax 0x12b62: add byte ptr [di - 0x75], dl 0x12b65: in al, dx 0x12b66: sub sp, 0x2c 0x12b69: push si 0x12b6a: jmp 0x12bdb 0x12b6c: mov ah, 0x1a 0x12b6e: lea dx, word ptr [bp - 0x2c] 0x12b71: int 0x21 0x12b73: mov ah, 0x4e 0x12b75: mov cx, 0x10 0x12b78: mov dx, 0x19d 0x12b7b: add dx, word ptr [0x106] |
| 2018-12-25T12:04:01.452519337Z | 59 | PC: 12d73 | Change current directory |
| 2018-12-25T12:04:01.45697163Z | 59 | PC: 12d7a | Change current directory |