{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":8490,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:04:51.276485977Z | 47 | PC: 12ac4 | Get disk transfer address |
| 2018-12-25T12:04:51.278371559Z | 26 | PC: 12ad2 | Set disk transfer address |
| 2018-12-25T12:04:51.27970937Z | 42 | PC: 12ad6 | Get date 0x12ad6: mov word ptr cs:[di + 0xe], cx 0x12ada: mov word ptr cs:[di + 0x10], dx 0x12ade: sub cx, 1 0x12ae1: mov dh, 0xb 0x12ae3: mov dl, 0x1c 0x12ae5: mov ah, 0x2b 0x12ae7: int 0x21 0x12ae9: pop dx 0x12aea: add dx, 3 0x12aed: call 0x12bab 0x12af0: call 0x12bd4 0x12af3: call 0x12c17 0x12af6: mov ah, 0x1a 0x12af8: mov dx, word ptr cs:[di + 0xc] 0x12afc: int 0x21 0x12afe: mov cx, word ptr cs:[di + 0xe] 0x12b02: mov dx, word ptr cs:[di + 0x10] 0x12b06: mov ah, 0x2b 0x12b08: int 0x21 0x12b0a: cli |
| 2018-12-25T12:04:51.281633503Z | 43 | PC: 12ae9 | Set date |
| 2018-12-25T12:04:51.285245578Z | 78 | PC: 12bb3 | Find first file |
| 2018-12-25T12:04:51.29539506Z | 47 | PC: 12bb9 | Get disk transfer address |
| 2018-12-25T12:04:51.296374542Z | 61 | PC: 12b57 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:04:51.309076631Z | 63 | PC: 12b65 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:04:51.31511776Z | 66 | PC: 12b81 | Move file pointer |
| 2018-12-25T12:04:51.316400873Z | 64 | PC: 12b8a | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:04:51.319117814Z | 66 | PC: 12b96 | Move file pointer |
| 2018-12-25T12:04:51.320438053Z | 64 | PC: 12ba2 | Write file or device (Write 480 bytes on handle 5) |
| 2018-12-25T12:04:51.334683982Z | 62 | PC: 12ba9 | Close file |
| 2018-12-25T12:04:51.342144393Z | 79 | PC: 12bcf | Find next file |
| 2018-12-25T12:04:51.346964955Z | 61 | PC: 12b57 | Open file (See above) |
| 2018-12-25T12:04:51.353047522Z | 63 | PC: 12b65 | Read file or device (See above) |
| 2018-12-25T12:04:51.359003763Z | 66 | PC: 12b81 | Move file pointer (See above) |
| 2018-12-25T12:04:51.361320832Z | 64 | PC: 12b8a | Write file or device (See above) |
| 2018-12-25T12:04:51.363657717Z | 66 | PC: 12b96 | Move file pointer (See above) |
| 2018-12-25T12:04:51.364731425Z | 64 | PC: 12ba2 | Write file or device (See above) |
| 2018-12-25T12:04:51.368172935Z | 62 | PC: 12ba9 | Close file (See above) |
| 2018-12-25T12:04:51.375447255Z | 79 | PC: 12bcf | Find next file (See above) |
| 2018-12-25T12:04:51.377880175Z | 61 | PC: 12b57 | Open file (See above) |
| 2018-12-25T12:04:51.384714677Z | 63 | PC: 12b65 | Read file or device (See above) |
| 2018-12-25T12:04:51.390865115Z | 66 | PC: 12b81 | Move file pointer (See above) |
| 2018-12-25T12:04:51.392219786Z | 64 | PC: 12b8a | Write file or device (See above) |
| 2018-12-25T12:04:51.398531548Z | 66 | PC: 12b96 | Move file pointer (See above) |
| 2018-12-25T12:04:51.400387294Z | 64 | PC: 12ba2 | Write file or device (See above) |
| 2018-12-25T12:04:51.405755802Z | 62 | PC: 12ba9 | Close file (See above) |
| 2018-12-25T12:04:51.411361731Z | 79 | PC: 12bcf | Find next file (See above) |
| 2018-12-25T12:04:51.413977734Z | 61 | PC: 12b57 | Open file (See above) |
| 2018-12-25T12:04:51.420275977Z | 63 | PC: 12b65 | Read file or device (See above) |
| 2018-12-25T12:04:51.427129584Z | 66 | PC: 12b81 | Move file pointer (See above) |
| 2018-12-25T12:04:51.42850144Z | 64 | PC: 12b8a | Write file or device (See above) |
| 2018-12-25T12:04:51.43102803Z | 66 | PC: 12b96 | Move file pointer (See above) |
| 2018-12-25T12:04:51.432929569Z | 64 | PC: 12ba2 | Write file or device (See above) |
| 2018-12-25T12:04:51.435456585Z | 62 | PC: 12ba9 | Close file (See above) |
| 2018-12-25T12:04:51.442955141Z | 79 | PC: 12bcf | Find next file (See above) |
| 2018-12-25T12:04:51.445622925Z | 61 | PC: 12b57 | Open file (See above) |
| 2018-12-25T12:04:51.452235798Z | 63 | PC: 12b65 | Read file or device (See above) |
| 2018-12-25T12:04:51.458386823Z | 66 | PC: 12b81 | Move file pointer (See above) |
| 2018-12-25T12:04:51.460425103Z | 64 | PC: 12b8a | Write file or device (See above) |
| 2018-12-25T12:04:51.463278894Z | 66 | PC: 12b96 | Move file pointer (See above) |
| 2018-12-25T12:04:51.46491836Z | 64 | PC: 12ba2 | Write file or device (See above) |
| 2018-12-25T12:04:51.46865703Z | 62 | PC: 12ba9 | Close file (See above) |
| 2018-12-25T12:04:51.477544642Z | 79 | PC: 12bcf | Find next file (See above) |
| 2018-12-25T12:04:51.480488699Z | 61 | PC: 12b57 | Open file (See above) |
| 2018-12-25T12:04:51.487482153Z | 63 | PC: 12b65 | Read file or device (See above) |
| 2018-12-25T12:04:51.495053866Z | 66 | PC: 12b81 | Move file pointer (See above) |
| 2018-12-25T12:04:51.496720723Z | 64 | PC: 12b8a | Write file or device (See above) |
| 2018-12-25T12:04:51.499508897Z | 66 | PC: 12b96 | Move file pointer (See above) |
| 2018-12-25T12:04:51.50177044Z | 64 | PC: 12ba2 | Write file or device (See above) |
| 2018-12-25T12:04:51.51037285Z | 62 | PC: 12ba9 | Close file (See above) |
| 2018-12-25T12:04:51.518006321Z | 79 | PC: 12bcf | Find next file (See above) |
| 2018-12-25T12:04:51.521416774Z | 61 | PC: 12b57 | Open file (See above) |
| 2018-12-25T12:04:51.527758734Z | 63 | PC: 12b65 | Read file or device (See above) |
| 2018-12-25T12:04:51.533716067Z | 66 | PC: 12b81 | Move file pointer (See above) |
| 2018-12-25T12:04:51.535231861Z | 64 | PC: 12b8a | Write file or device (See above) |
| 2018-12-25T12:04:51.538324735Z | 66 | PC: 12b96 | Move file pointer (See above) |
| 2018-12-25T12:04:51.540196897Z | 64 | PC: 12ba2 | Write file or device (See above) |
| 2018-12-25T12:04:51.543344925Z | 62 | PC: 12ba9 | Close file (See above) |
| 2018-12-25T12:04:51.550813473Z | 79 | PC: 12bcf | Find next file (See above) |
| 2018-12-25T12:04:51.55330833Z | 61 | PC: 12b57 | Open file (See above) |
| 2018-12-25T12:04:51.560073923Z | 63 | PC: 12b65 | Read file or device (See above) |
| 2018-12-25T12:04:51.566177939Z | 62 | PC: 12ba9 | Close file (See above) |
| 2018-12-25T12:04:51.56778913Z | 79 | PC: 12bcf | Find next file (See above) |
| 2018-12-25T12:04:51.570496291Z | 44 | PC: 12bdc | Get time 0x12bdc: cmp cl, 0 0x12bdf: jne 0x12c0a 0x12be1: mov bl, 0 0x12be3: mov ax, 0x701 0x12be6: mov bh, 7 0x12be8: mov cx, 0 0x12beb: mov dx, 0x184f 0x12bee: int 0x10 0x12bf0: call 0x12c0f 0x12bf3: mov ax, 0x601 0x12bf6: mov bh, 7 0x12bf8: mov cx, 0 0x12bfb: mov dx, 0x184f 0x12bfe: int 0x10 0x12c00: call 0x12c0f 0x12c03: inc bl 0x12c05: cmp bl, 0xd 0x12c08: jne 0x12be3 0x12c0a: pop dx 0x12c0b: pop cx |
| 2018-12-25T12:04:51.63878913Z | 78 | PC: 12c3c | Find first file |
| 2018-12-25T12:04:51.642201923Z | 26 | PC: 12afe | Set disk transfer address |
| 2018-12-25T12:04:51.64346239Z | 43 | PC: 12b0a | Set date |
{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":1,"Second":0,"TimeBased":true,"OriginalID":8490,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:04:52.49667826Z | 47 | PC: 12ac4 | Get disk transfer address |
| 2018-12-25T12:04:52.498225898Z | 26 | PC: 12ad2 | Set disk transfer address |
| 2018-12-25T12:04:52.499433291Z | 42 | PC: 12ad6 | Get date 0x12ad6: mov word ptr cs:[di + 0xe], cx 0x12ada: mov word ptr cs:[di + 0x10], dx 0x12ade: sub cx, 1 0x12ae1: mov dh, 0xb 0x12ae3: mov dl, 0x1c 0x12ae5: mov ah, 0x2b 0x12ae7: int 0x21 0x12ae9: pop dx 0x12aea: add dx, 3 0x12aed: call 0x12bab 0x12af0: call 0x12bd4 0x12af3: call 0x12c17 0x12af6: mov ah, 0x1a 0x12af8: mov dx, word ptr cs:[di + 0xc] 0x12afc: int 0x21 0x12afe: mov cx, word ptr cs:[di + 0xe] 0x12b02: mov dx, word ptr cs:[di + 0x10] 0x12b06: mov ah, 0x2b 0x12b08: int 0x21 0x12b0a: cli |
| 2018-12-25T12:04:52.501413229Z | 43 | PC: 12ae9 | Set date |
| 2018-12-25T12:04:52.505555319Z | 78 | PC: 12bb3 | Find first file |
| 2018-12-25T12:04:52.516417713Z | 47 | PC: 12bb9 | Get disk transfer address |
| 2018-12-25T12:04:52.517398513Z | 61 | PC: 12b57 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:04:52.524577503Z | 63 | PC: 12b65 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:04:52.53083419Z | 66 | PC: 12b81 | Move file pointer |
| 2018-12-25T12:04:52.532146113Z | 64 | PC: 12b8a | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:04:52.534669186Z | 66 | PC: 12b96 | Move file pointer |
| 2018-12-25T12:04:52.53612866Z | 64 | PC: 12ba2 | Write file or device (Write 480 bytes on handle 5) |
| 2018-12-25T12:04:52.549457596Z | 62 | PC: 12ba9 | Close file |
| 2018-12-25T12:04:52.557087954Z | 79 | PC: 12bcf | Find next file |
| 2018-12-25T12:04:52.560087091Z | 61 | PC: 12b57 | Open file (See above) |
| 2018-12-25T12:04:52.56627622Z | 63 | PC: 12b65 | Read file or device (See above) |
| 2018-12-25T12:04:52.572445351Z | 66 | PC: 12b81 | Move file pointer (See above) |
| 2018-12-25T12:04:52.573981722Z | 64 | PC: 12b8a | Write file or device (See above) |
| 2018-12-25T12:04:52.577078274Z | 66 | PC: 12b96 | Move file pointer (See above) |
| 2018-12-25T12:04:52.579911377Z | 64 | PC: 12ba2 | Write file or device (See above) |
| 2018-12-25T12:04:52.582802216Z | 62 | PC: 12ba9 | Close file (See above) |
| 2018-12-25T12:04:52.591116936Z | 79 | PC: 12bcf | Find next file (See above) |
| 2018-12-25T12:04:52.59353644Z | 61 | PC: 12b57 | Open file (See above) |
| 2018-12-25T12:04:52.600373329Z | 63 | PC: 12b65 | Read file or device (See above) |
| 2018-12-25T12:04:52.606536672Z | 66 | PC: 12b81 | Move file pointer (See above) |
| 2018-12-25T12:04:52.607782562Z | 64 | PC: 12b8a | Write file or device (See above) |
| 2018-12-25T12:04:52.610810423Z | 66 | PC: 12b96 | Move file pointer (See above) |
| 2018-12-25T12:04:52.61200814Z | 64 | PC: 12ba2 | Write file or device (See above) |
| 2018-12-25T12:04:52.619760014Z | 62 | PC: 12ba9 | Close file (See above) |
| 2018-12-25T12:04:52.628131535Z | 79 | PC: 12bcf | Find next file (See above) |
| 2018-12-25T12:04:52.634888522Z | 61 | PC: 12b57 | Open file (See above) |
| 2018-12-25T12:04:52.641088814Z | 63 | PC: 12b65 | Read file or device (See above) |
| 2018-12-25T12:04:52.647746271Z | 66 | PC: 12b81 | Move file pointer (See above) |
| 2018-12-25T12:04:52.648768991Z | 64 | PC: 12b8a | Write file or device (See above) |
| 2018-12-25T12:04:52.650980009Z | 66 | PC: 12b96 | Move file pointer (See above) |
| 2018-12-25T12:04:52.652895996Z | 64 | PC: 12ba2 | Write file or device (See above) |
| 2018-12-25T12:04:52.655217076Z | 62 | PC: 12ba9 | Close file (See above) |
| 2018-12-25T12:04:52.660875206Z | 79 | PC: 12bcf | Find next file (See above) |
| 2018-12-25T12:04:52.663326033Z | 61 | PC: 12b57 | Open file (See above) |
| 2018-12-25T12:04:52.668538407Z | 63 | PC: 12b65 | Read file or device (See above) |
| 2018-12-25T12:04:52.672322059Z | 66 | PC: 12b81 | Move file pointer (See above) |
| 2018-12-25T12:04:52.673682897Z | 64 | PC: 12b8a | Write file or device (See above) |
| 2018-12-25T12:04:52.675568204Z | 66 | PC: 12b96 | Move file pointer (See above) |
| 2018-12-25T12:04:52.676808655Z | 64 | PC: 12ba2 | Write file or device (See above) |
| 2018-12-25T12:04:52.679799903Z | 62 | PC: 12ba9 | Close file (See above) |
| 2018-12-25T12:04:52.687079253Z | 79 | PC: 12bcf | Find next file (See above) |
| 2018-12-25T12:04:52.68940543Z | 61 | PC: 12b57 | Open file (See above) |
| 2018-12-25T12:04:52.696044457Z | 63 | PC: 12b65 | Read file or device (See above) |
| 2018-12-25T12:04:52.702156151Z | 66 | PC: 12b81 | Move file pointer (See above) |
| 2018-12-25T12:04:52.703354512Z | 64 | PC: 12b8a | Write file or device (See above) |
| 2018-12-25T12:04:52.706272452Z | 66 | PC: 12b96 | Move file pointer (See above) |
| 2018-12-25T12:04:52.707458475Z | 64 | PC: 12ba2 | Write file or device (See above) |
| 2018-12-25T12:04:52.715004178Z | 62 | PC: 12ba9 | Close file (See above) |
| 2018-12-25T12:04:52.723521412Z | 79 | PC: 12bcf | Find next file (See above) |
| 2018-12-25T12:04:52.726037534Z | 61 | PC: 12b57 | Open file (See above) |
| 2018-12-25T12:04:52.732213814Z | 63 | PC: 12b65 | Read file or device (See above) |
| 2018-12-25T12:04:52.738704762Z | 66 | PC: 12b81 | Move file pointer (See above) |
| 2018-12-25T12:04:52.739891299Z | 64 | PC: 12b8a | Write file or device (See above) |
| 2018-12-25T12:04:52.742322448Z | 66 | PC: 12b96 | Move file pointer (See above) |
| 2018-12-25T12:04:52.743956219Z | 64 | PC: 12ba2 | Write file or device (See above) |
| 2018-12-25T12:04:52.74637364Z | 62 | PC: 12ba9 | Close file (See above) |
| 2018-12-25T12:04:52.753597658Z | 79 | PC: 12bcf | Find next file (See above) |
| 2018-12-25T12:04:52.756421112Z | 61 | PC: 12b57 | Open file (See above) |
| 2018-12-25T12:04:52.762659368Z | 63 | PC: 12b65 | Read file or device (See above) |
| 2018-12-25T12:04:52.768691296Z | 62 | PC: 12ba9 | Close file (See above) |
| 2018-12-25T12:04:52.770705137Z | 79 | PC: 12bcf | Find next file (See above) |
| 2018-12-25T12:04:52.772928086Z | 44 | PC: 12bdc | Get time 0x12bdc: cmp cl, 0 0x12bdf: jne 0x12c0a 0x12be1: mov bl, 0 0x12be3: mov ax, 0x701 0x12be6: mov bh, 7 0x12be8: mov cx, 0 0x12beb: mov dx, 0x184f 0x12bee: int 0x10 0x12bf0: call 0x12c0f 0x12bf3: mov ax, 0x601 0x12bf6: mov bh, 7 0x12bf8: mov cx, 0 0x12bfb: mov dx, 0x184f 0x12bfe: int 0x10 0x12c00: call 0x12c0f 0x12c03: inc bl 0x12c05: cmp bl, 0xd 0x12c08: jne 0x12be3 0x12c0a: pop dx 0x12c0b: pop cx |
| 2018-12-25T12:04:52.775452429Z | 78 | PC: 12c3c | Find first file |
| 2018-12-25T12:04:52.782401043Z | 26 | PC: 12afe | Set disk transfer address |
| 2018-12-25T12:04:52.783354931Z | 43 | PC: 12b0a | Set date |
{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":1,"Second":0,"TimeBased":true,"OriginalID":8490,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:04:54.128183523Z | 47 | PC: 12ac4 | Get disk transfer address |
| 2018-12-25T12:04:54.130313008Z | 26 | PC: 12ad2 | Set disk transfer address |
| 2018-12-25T12:04:54.131520521Z | 42 | PC: 12ad6 | Get date 0x12ad6: mov word ptr cs:[di + 0xe], cx 0x12ada: mov word ptr cs:[di + 0x10], dx 0x12ade: sub cx, 1 0x12ae1: mov dh, 0xb 0x12ae3: mov dl, 0x1c 0x12ae5: mov ah, 0x2b 0x12ae7: int 0x21 0x12ae9: pop dx 0x12aea: add dx, 3 0x12aed: call 0x12bab 0x12af0: call 0x12bd4 0x12af3: call 0x12c17 0x12af6: mov ah, 0x1a 0x12af8: mov dx, word ptr cs:[di + 0xc] 0x12afc: int 0x21 0x12afe: mov cx, word ptr cs:[di + 0xe] 0x12b02: mov dx, word ptr cs:[di + 0x10] 0x12b06: mov ah, 0x2b 0x12b08: int 0x21 0x12b0a: cli |
| 2018-12-25T12:04:54.133756304Z | 43 | PC: 12ae9 | Set date |
| 2018-12-25T12:04:54.138187741Z | 78 | PC: 12bb3 | Find first file |
| 2018-12-25T12:04:54.148613605Z | 47 | PC: 12bb9 | Get disk transfer address |
| 2018-12-25T12:04:54.149693339Z | 61 | PC: 12b57 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:04:54.15647394Z | 63 | PC: 12b65 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:04:54.162980582Z | 66 | PC: 12b81 | Move file pointer |
| 2018-12-25T12:04:54.164218582Z | 64 | PC: 12b8a | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:04:54.166710108Z | 66 | PC: 12b96 | Move file pointer |
| 2018-12-25T12:04:54.169844937Z | 64 | PC: 12ba2 | Write file or device (Write 480 bytes on handle 5) |
| 2018-12-25T12:04:54.183859109Z | 62 | PC: 12ba9 | Close file |
| 2018-12-25T12:04:54.188791846Z | 79 | PC: 12bcf | Find next file |
| 2018-12-25T12:04:54.20007694Z | 61 | PC: 12b57 | Open file (See above) |
| 2018-12-25T12:04:54.205392015Z | 63 | PC: 12b65 | Read file or device (See above) |
| 2018-12-25T12:04:54.211850382Z | 66 | PC: 12b81 | Move file pointer (See above) |
| 2018-12-25T12:04:54.214301119Z | 64 | PC: 12b8a | Write file or device (See above) |
| 2018-12-25T12:04:54.216807796Z | 66 | PC: 12b96 | Move file pointer (See above) |
| 2018-12-25T12:04:54.218179089Z | 64 | PC: 12ba2 | Write file or device (See above) |
| 2018-12-25T12:04:54.221350244Z | 62 | PC: 12ba9 | Close file (See above) |
| 2018-12-25T12:04:54.226637605Z | 79 | PC: 12bcf | Find next file (See above) |
| 2018-12-25T12:04:54.228771142Z | 61 | PC: 12b57 | Open file (See above) |
| 2018-12-25T12:04:54.235513028Z | 63 | PC: 12b65 | Read file or device (See above) |
| 2018-12-25T12:04:54.241497336Z | 66 | PC: 12b81 | Move file pointer (See above) |
| 2018-12-25T12:04:54.242754864Z | 64 | PC: 12b8a | Write file or device (See above) |
| 2018-12-25T12:04:54.24591141Z | 66 | PC: 12b96 | Move file pointer (See above) |
| 2018-12-25T12:04:54.247248653Z | 64 | PC: 12ba2 | Write file or device (See above) |
| 2018-12-25T12:04:54.255164577Z | 62 | PC: 12ba9 | Close file (See above) |
| 2018-12-25T12:04:54.263566342Z | 79 | PC: 12bcf | Find next file (See above) |
| 2018-12-25T12:04:54.266262892Z | 61 | PC: 12b57 | Open file (See above) |
| 2018-12-25T12:04:54.272628221Z | 63 | PC: 12b65 | Read file or device (See above) |
| 2018-12-25T12:04:54.279069339Z | 66 | PC: 12b81 | Move file pointer (See above) |
| 2018-12-25T12:04:54.280674197Z | 64 | PC: 12b8a | Write file or device (See above) |
| 2018-12-25T12:04:54.283185209Z | 66 | PC: 12b96 | Move file pointer (See above) |
| 2018-12-25T12:04:54.284714943Z | 64 | PC: 12ba2 | Write file or device (See above) |
| 2018-12-25T12:04:54.287780402Z | 62 | PC: 12ba9 | Close file (See above) |
| 2018-12-25T12:04:54.295415564Z | 79 | PC: 12bcf | Find next file (See above) |
| 2018-12-25T12:04:54.298035098Z | 61 | PC: 12b57 | Open file (See above) |
| 2018-12-25T12:04:54.304367052Z | 63 | PC: 12b65 | Read file or device (See above) |
| 2018-12-25T12:04:54.310363501Z | 66 | PC: 12b81 | Move file pointer (See above) |
| 2018-12-25T12:04:54.311516303Z | 64 | PC: 12b8a | Write file or device (See above) |
| 2018-12-25T12:04:54.313941564Z | 66 | PC: 12b96 | Move file pointer (See above) |
| 2018-12-25T12:04:54.315136469Z | 64 | PC: 12ba2 | Write file or device (See above) |
| 2018-12-25T12:04:54.317495943Z | 62 | PC: 12ba9 | Close file (See above) |
| 2018-12-25T12:04:54.325358489Z | 79 | PC: 12bcf | Find next file (See above) |
| 2018-12-25T12:04:54.327771312Z | 61 | PC: 12b57 | Open file (See above) |
| 2018-12-25T12:04:54.334125127Z | 63 | PC: 12b65 | Read file or device (See above) |
| 2018-12-25T12:04:54.340812599Z | 66 | PC: 12b81 | Move file pointer (See above) |
| 2018-12-25T12:04:54.342137366Z | 64 | PC: 12b8a | Write file or device (See above) |
| 2018-12-25T12:04:54.344579851Z | 66 | PC: 12b96 | Move file pointer (See above) |
| 2018-12-25T12:04:54.346158021Z | 64 | PC: 12ba2 | Write file or device (See above) |
| 2018-12-25T12:04:54.351605424Z | 62 | PC: 12ba9 | Close file (See above) |
| 2018-12-25T12:04:54.359874391Z | 79 | PC: 12bcf | Find next file (See above) |
| 2018-12-25T12:04:54.362804763Z | 61 | PC: 12b57 | Open file (See above) |
| 2018-12-25T12:04:54.369060558Z | 63 | PC: 12b65 | Read file or device (See above) |
| 2018-12-25T12:04:54.375192029Z | 66 | PC: 12b81 | Move file pointer (See above) |
| 2018-12-25T12:04:54.377506687Z | 64 | PC: 12b8a | Write file or device (See above) |
| 2018-12-25T12:04:54.379930935Z | 66 | PC: 12b96 | Move file pointer (See above) |
| 2018-12-25T12:04:54.381191297Z | 64 | PC: 12ba2 | Write file or device (See above) |
| 2018-12-25T12:04:54.384495106Z | 62 | PC: 12ba9 | Close file (See above) |
| 2018-12-25T12:04:54.392315238Z | 79 | PC: 12bcf | Find next file (See above) |
| 2018-12-25T12:04:54.394778304Z | 61 | PC: 12b57 | Open file (See above) |
| 2018-12-25T12:04:54.402276744Z | 63 | PC: 12b65 | Read file or device (See above) |
| 2018-12-25T12:04:54.408632072Z | 62 | PC: 12ba9 | Close file (See above) |
| 2018-12-25T12:04:54.410572462Z | 79 | PC: 12bcf | Find next file (See above) |
| 2018-12-25T12:04:54.413403523Z | 44 | PC: 12bdc | Get time 0x12bdc: cmp cl, 0 0x12bdf: jne 0x12c0a 0x12be1: mov bl, 0 0x12be3: mov ax, 0x701 0x12be6: mov bh, 7 0x12be8: mov cx, 0 0x12beb: mov dx, 0x184f 0x12bee: int 0x10 0x12bf0: call 0x12c0f 0x12bf3: mov ax, 0x601 0x12bf6: mov bh, 7 0x12bf8: mov cx, 0 0x12bfb: mov dx, 0x184f 0x12bfe: int 0x10 0x12c00: call 0x12c0f 0x12c03: inc bl 0x12c05: cmp bl, 0xd 0x12c08: jne 0x12be3 0x12c0a: pop dx 0x12c0b: pop cx |
| 2018-12-25T12:04:54.41548754Z | 78 | PC: 12c3c | Find first file |
| 2018-12-25T12:04:54.420912636Z | 26 | PC: 12afe | Set disk transfer address |
| 2018-12-25T12:04:54.422325281Z | 43 | PC: 12b0a | Set date |
{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":8490,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:04:54.220331604Z | 47 | PC: 12ac4 | Get disk transfer address |
| 2018-12-25T12:04:54.221971545Z | 26 | PC: 12ad2 | Set disk transfer address |
| 2018-12-25T12:04:54.223295524Z | 42 | PC: 12ad6 | Get date 0x12ad6: mov word ptr cs:[di + 0xe], cx 0x12ada: mov word ptr cs:[di + 0x10], dx 0x12ade: sub cx, 1 0x12ae1: mov dh, 0xb 0x12ae3: mov dl, 0x1c 0x12ae5: mov ah, 0x2b 0x12ae7: int 0x21 0x12ae9: pop dx 0x12aea: add dx, 3 0x12aed: call 0x12bab 0x12af0: call 0x12bd4 0x12af3: call 0x12c17 0x12af6: mov ah, 0x1a 0x12af8: mov dx, word ptr cs:[di + 0xc] 0x12afc: int 0x21 0x12afe: mov cx, word ptr cs:[di + 0xe] 0x12b02: mov dx, word ptr cs:[di + 0x10] 0x12b06: mov ah, 0x2b 0x12b08: int 0x21 0x12b0a: cli |
| 2018-12-25T12:04:54.225223273Z | 43 | PC: 12ae9 | Set date |
| 2018-12-25T12:04:54.229113316Z | 78 | PC: 12bb3 | Find first file |
| 2018-12-25T12:04:54.239743114Z | 47 | PC: 12bb9 | Get disk transfer address |
| 2018-12-25T12:04:54.240766301Z | 61 | PC: 12b57 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:04:54.247429624Z | 63 | PC: 12b65 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:04:54.253439735Z | 66 | PC: 12b81 | Move file pointer |
| 2018-12-25T12:04:54.254838435Z | 64 | PC: 12b8a | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:04:54.258266121Z | 66 | PC: 12b96 | Move file pointer |
| 2018-12-25T12:04:54.259555908Z | 64 | PC: 12ba2 | Write file or device (Write 480 bytes on handle 5) |
| 2018-12-25T12:04:54.272954174Z | 62 | PC: 12ba9 | Close file |
| 2018-12-25T12:04:54.2788619Z | 79 | PC: 12bcf | Find next file |
| 2018-12-25T12:04:54.28076339Z | 61 | PC: 12b57 | Open file (See above) |
| 2018-12-25T12:04:54.285223758Z | 63 | PC: 12b65 | Read file or device (See above) |
| 2018-12-25T12:04:54.29031081Z | 66 | PC: 12b81 | Move file pointer (See above) |
| 2018-12-25T12:04:54.29121238Z | 64 | PC: 12b8a | Write file or device (See above) |
| 2018-12-25T12:04:54.292946694Z | 66 | PC: 12b96 | Move file pointer (See above) |
| 2018-12-25T12:04:54.294526036Z | 64 | PC: 12ba2 | Write file or device (See above) |
| 2018-12-25T12:04:54.296634899Z | 62 | PC: 12ba9 | Close file (See above) |
| 2018-12-25T12:04:54.302092658Z | 79 | PC: 12bcf | Find next file (See above) |
| 2018-12-25T12:04:54.303805492Z | 61 | PC: 12b57 | Open file (See above) |
| 2018-12-25T12:04:54.308156435Z | 63 | PC: 12b65 | Read file or device (See above) |
| 2018-12-25T12:04:54.312069464Z | 66 | PC: 12b81 | Move file pointer (See above) |
| 2018-12-25T12:04:54.312946516Z | 64 | PC: 12b8a | Write file or device (See above) |
| 2018-12-25T12:04:54.315064022Z | 66 | PC: 12b96 | Move file pointer (See above) |
| 2018-12-25T12:04:54.316226627Z | 64 | PC: 12ba2 | Write file or device (See above) |
| 2018-12-25T12:04:54.321971106Z | 62 | PC: 12ba9 | Close file (See above) |
| 2018-12-25T12:04:54.328146475Z | 79 | PC: 12bcf | Find next file (See above) |
| 2018-12-25T12:04:54.330221034Z | 61 | PC: 12b57 | Open file (See above) |
| 2018-12-25T12:04:54.334812353Z | 63 | PC: 12b65 | Read file or device (See above) |
| 2018-12-25T12:04:54.339628028Z | 66 | PC: 12b81 | Move file pointer (See above) |
| 2018-12-25T12:04:54.341424772Z | 64 | PC: 12b8a | Write file or device (See above) |
| 2018-12-25T12:04:54.343964193Z | 66 | PC: 12b96 | Move file pointer (See above) |
| 2018-12-25T12:04:54.355498093Z | 64 | PC: 12ba2 | Write file or device (See above) |
| 2018-12-25T12:04:54.357311613Z | 62 | PC: 12ba9 | Close file (See above) |
| 2018-12-25T12:04:54.364510738Z | 79 | PC: 12bcf | Find next file (See above) |
| 2018-12-25T12:04:54.368653736Z | 61 | PC: 12b57 | Open file (See above) |
| 2018-12-25T12:04:54.375100005Z | 63 | PC: 12b65 | Read file or device (See above) |
| 2018-12-25T12:04:54.381259482Z | 66 | PC: 12b81 | Move file pointer (See above) |
| 2018-12-25T12:04:54.383232431Z | 64 | PC: 12b8a | Write file or device (See above) |
| 2018-12-25T12:04:54.38631194Z | 66 | PC: 12b96 | Move file pointer (See above) |
| 2018-12-25T12:04:54.387702604Z | 64 | PC: 12ba2 | Write file or device (See above) |
| 2018-12-25T12:04:54.390881745Z | 62 | PC: 12ba9 | Close file (See above) |
| 2018-12-25T12:04:54.398442859Z | 79 | PC: 12bcf | Find next file (See above) |
| 2018-12-25T12:04:54.400963792Z | 61 | PC: 12b57 | Open file (See above) |
| 2018-12-25T12:04:54.416849244Z | 63 | PC: 12b65 | Read file or device (See above) |
| 2018-12-25T12:04:54.424116145Z | 66 | PC: 12b81 | Move file pointer (See above) |
| 2018-12-25T12:04:54.425617631Z | 64 | PC: 12b8a | Write file or device (See above) |
| 2018-12-25T12:04:54.429300224Z | 66 | PC: 12b96 | Move file pointer (See above) |
| 2018-12-25T12:04:54.430763065Z | 64 | PC: 12ba2 | Write file or device (See above) |
| 2018-12-25T12:04:54.438610919Z | 62 | PC: 12ba9 | Close file (See above) |
| 2018-12-25T12:04:54.447395197Z | 79 | PC: 12bcf | Find next file (See above) |
| 2018-12-25T12:04:54.449918415Z | 61 | PC: 12b57 | Open file (See above) |
| 2018-12-25T12:04:54.456362008Z | 63 | PC: 12b65 | Read file or device (See above) |
| 2018-12-25T12:04:54.462847442Z | 66 | PC: 12b81 | Move file pointer (See above) |
| 2018-12-25T12:04:54.464237601Z | 64 | PC: 12b8a | Write file or device (See above) |
| 2018-12-25T12:04:54.466741887Z | 66 | PC: 12b96 | Move file pointer (See above) |
| 2018-12-25T12:04:54.468730992Z | 64 | PC: 12ba2 | Write file or device (See above) |
| 2018-12-25T12:04:54.471335726Z | 62 | PC: 12ba9 | Close file (See above) |
| 2018-12-25T12:04:54.479836443Z | 79 | PC: 12bcf | Find next file (See above) |
| 2018-12-25T12:04:54.48255635Z | 61 | PC: 12b57 | Open file (See above) |
| 2018-12-25T12:04:54.489370977Z | 63 | PC: 12b65 | Read file or device (See above) |
| 2018-12-25T12:04:54.495702755Z | 62 | PC: 12ba9 | Close file (See above) |
| 2018-12-25T12:04:54.497571439Z | 79 | PC: 12bcf | Find next file (See above) |
| 2018-12-25T12:04:54.499901518Z | 44 | PC: 12bdc | Get time 0x12bdc: cmp cl, 0 0x12bdf: jne 0x12c0a 0x12be1: mov bl, 0 0x12be3: mov ax, 0x701 0x12be6: mov bh, 7 0x12be8: mov cx, 0 0x12beb: mov dx, 0x184f 0x12bee: int 0x10 0x12bf0: call 0x12c0f 0x12bf3: mov ax, 0x601 0x12bf6: mov bh, 7 0x12bf8: mov cx, 0 0x12bfb: mov dx, 0x184f 0x12bfe: int 0x10 0x12c00: call 0x12c0f 0x12c03: inc bl 0x12c05: cmp bl, 0xd 0x12c08: jne 0x12be3 0x12c0a: pop dx 0x12c0b: pop cx |
| 2018-12-25T12:04:54.578251258Z | 78 | PC: 12c3c | Find first file |
| 2018-12-25T12:04:54.58373598Z | 26 | PC: 12afe | Set disk transfer address |
| 2018-12-25T12:04:54.585408914Z | 43 | PC: 12b0a | Set date |