{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":8553,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:21:19.836834764Z | 71 | PC: 12b2e | Get current directory |
| 2018-12-25T12:21:19.841058617Z | 59 | PC: 12b3a | Change current directory |
| 2018-12-25T12:21:19.846369064Z | 26 | PC: 12bf0 | Set disk transfer address |
| 2018-12-25T12:21:19.848408268Z | 78 | PC: 12bfe | Find first file |
| 2018-12-25T12:21:19.861660932Z | 61 | PC: 12c2a | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:21:19.870179385Z | 63 | PC: 12c3d | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T12:21:19.878508275Z | 44 | PC: 12c73 | Get time 0x12c73: add dl, dh 0x12c75: je 0x12c6f 0x12c77: mov si, 0x115 0x12c7a: add si, word ptr [0x106] 0x12c7e: mov byte ptr [si], dl 0x12c80: mov ax, 0x4301 0x12c83: xor cx, cx 0x12c85: mov dx, si 0x12c87: add dx, 0xb2 0x12c8b: int 0x21 0x12c8d: mov ah, 0x3e 0x12c8f: int 0x21 0x12c91: mov ax, 0x3d02 0x12c94: int 0x21 0x12c96: jb 0x12c4c 0x12c98: mov di, dx 0x12c9a: add di, 0x63 0x12c9e: stosw word ptr es:[di], ax 0x12c9f: xchg ax, bx 0x12ca0: mov ah, 0x40 |
| 2018-12-25T12:21:19.881222033Z | 67 | PC: 12c8d | Get or set file attributes |
| 2018-12-25T12:21:19.902231967Z | 62 | PC: 12c91 | Close file |
| 2018-12-25T12:21:19.904919173Z | 61 | PC: 12c96 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:21:19.913167244Z | 64 | PC: 12cab | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:21:19.917625163Z | 64 | PC: 12cbe | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:21:19.920911067Z | 64 | PC: 12cd3 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:21:19.924128281Z | 66 | PC: 12cdc | Move file pointer |
| 2018-12-25T12:21:19.934691388Z | 64 | PC: 12a80 | Write file or device (Write 1136 bytes on handle 5) |
| 2018-12-25T12:21:19.946088201Z | 87 | PC: 12cf6 | Get or set file date and time |
| 2018-12-25T12:21:19.948876666Z | 62 | PC: 12cfa | Close file |
| 2018-12-25T12:21:19.958185561Z | 67 | PC: 12d0d | Get or set file attributes |
| 2018-12-25T12:21:19.969446946Z | 79 | PC: 12c12 | Find next file |
| 2018-12-25T12:21:19.97251923Z | 61 | PC: 12c2a | Open file (See above) |
| 2018-12-25T12:21:19.979962329Z | 63 | PC: 12c3d | Read file or device (See above) |
| 2018-12-25T12:21:19.988397948Z | 44 | PC: 12c73 | Get time (See above) |
| 2018-12-25T12:21:19.991229434Z | 67 | PC: 12c8d | Get or set file attributes (See above) |
| 2018-12-25T12:21:20.003194626Z | 62 | PC: 12c91 | Close file (See above) |
| 2018-12-25T12:21:20.005925784Z | 61 | PC: 12c96 | Open file (See above) |
| 2018-12-25T12:21:20.01372872Z | 64 | PC: 12cab | Write file or device (See above) |
| 2018-12-25T12:21:20.017243558Z | 64 | PC: 12cbe | Write file or device (See above) |
| 2018-12-25T12:21:20.020952243Z | 64 | PC: 12cd3 | Write file or device (See above) |
| 2018-12-25T12:21:20.02469032Z | 66 | PC: 12cdc | Move file pointer (See above) |
| 2018-12-25T12:21:20.026940642Z | 64 | PC: 12a80 | Write file or device (See above) |
| 2018-12-25T12:21:20.037659707Z | 87 | PC: 12cf6 | Get or set file date and time (See above) |
| 2018-12-25T12:21:20.039412924Z | 62 | PC: 12cfa | Close file (See above) |
| 2018-12-25T12:21:20.048056478Z | 67 | PC: 12d0d | Get or set file attributes (See above) |
| 2018-12-25T12:21:20.072949204Z | 79 | PC: 12c12 | Find next file (See above) |
| 2018-12-25T12:21:20.089974564Z | 61 | PC: 12c2a | Open file (See above) |
| 2018-12-25T12:21:20.100657181Z | 63 | PC: 12c3d | Read file or device (See above) |
| 2018-12-25T12:21:20.108768773Z | 44 | PC: 12c73 | Get time (See above) |
| 2018-12-25T12:21:20.111246466Z | 67 | PC: 12c8d | Get or set file attributes (See above) |
| 2018-12-25T12:21:20.123415436Z | 62 | PC: 12c91 | Close file (See above) |
| 2018-12-25T12:21:20.12636106Z | 61 | PC: 12c96 | Open file (See above) |
| 2018-12-25T12:21:20.134476957Z | 64 | PC: 12cab | Write file or device (See above) |
| 2018-12-25T12:21:20.138036838Z | 64 | PC: 12cbe | Write file or device (See above) |
| 2018-12-25T12:21:20.142033037Z | 64 | PC: 12cd3 | Write file or device (See above) |
| 2018-12-25T12:21:20.145773114Z | 66 | PC: 12cdc | Move file pointer (See above) |
| 2018-12-25T12:21:20.148732361Z | 64 | PC: 12a80 | Write file or device (See above) |
| 2018-12-25T12:21:20.159605151Z | 87 | PC: 12cf6 | Get or set file date and time (See above) |
| 2018-12-25T12:21:20.162008238Z | 62 | PC: 12cfa | Close file (See above) |
| 2018-12-25T12:21:20.170689076Z | 67 | PC: 12d0d | Get or set file attributes (See above) |
| 2018-12-25T12:21:20.182172152Z | 42 | PC: 12b57 | Get date 0x12b57: cmp dx, 0x709 0x12b5b: je 0x12b60 0x12b5d: jmp 0x12d80 0x12b60: jmp 0x12d13 0x12b63: and ah, bh 0x12b65: movsw word ptr es:[di], word ptr [si] 0x12b66: mov ax, 0x5c4c 0x12b69: add word ptr [di], ax 0x12b6b: add byte ptr [di - 0x75], dl 0x12b6e: in al, dx 0x12b6f: sub sp, 0x2c 0x12b72: push si 0x12b73: jmp 0x12be5 0x12b75: nop 0x12b76: mov ah, 0x1a 0x12b78: lea dx, word ptr [bp - 0x2c] 0x12b7b: int 0x21 0x12b7d: mov ah, 0x4e 0x12b7f: mov cx, 0x10 0x12b82: mov dx, 0x1a0 |
| 2018-12-25T12:21:20.190260069Z | 59 | PC: 12d8b | Change current directory |
| 2018-12-25T12:21:20.196165714Z | 59 | PC: 12d93 | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":8553,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:21:20.044660784Z | 71 | PC: 12b2e | Get current directory |
| 2018-12-25T12:21:20.04822603Z | 59 | PC: 12b3a | Change current directory |
| 2018-12-25T12:21:20.053494077Z | 26 | PC: 12bf0 | Set disk transfer address |
| 2018-12-25T12:21:20.054796469Z | 78 | PC: 12bfe | Find first file |
| 2018-12-25T12:21:20.061556991Z | 61 | PC: 12c2a | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:21:20.07034203Z | 63 | PC: 12c3d | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T12:21:20.077766991Z | 44 | PC: 12c73 | Get time 0x12c73: add dl, dh 0x12c75: je 0x12c6f 0x12c77: mov si, 0x115 0x12c7a: add si, word ptr [0x106] 0x12c7e: mov byte ptr [si], dl 0x12c80: mov ax, 0x4301 0x12c83: xor cx, cx 0x12c85: mov dx, si 0x12c87: add dx, 0xb2 0x12c8b: int 0x21 0x12c8d: mov ah, 0x3e 0x12c8f: int 0x21 0x12c91: mov ax, 0x3d02 0x12c94: int 0x21 0x12c96: jb 0x12c4c 0x12c98: mov di, dx 0x12c9a: add di, 0x63 0x12c9e: stosw word ptr es:[di], ax 0x12c9f: xchg ax, bx 0x12ca0: mov ah, 0x40 |
| 2018-12-25T12:21:20.080497516Z | 67 | PC: 12c8d | Get or set file attributes |
| 2018-12-25T12:21:20.100805311Z | 62 | PC: 12c91 | Close file |
| 2018-12-25T12:21:20.103810835Z | 61 | PC: 12c96 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:21:20.117711405Z | 64 | PC: 12cab | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:21:20.125414872Z | 64 | PC: 12cbe | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:21:20.129138749Z | 64 | PC: 12cd3 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:21:20.132095522Z | 66 | PC: 12cdc | Move file pointer |
| 2018-12-25T12:21:20.134254724Z | 64 | PC: 12a80 | Write file or device (Write 1136 bytes on handle 5) |
| 2018-12-25T12:21:20.145366401Z | 87 | PC: 12cf6 | Get or set file date and time |
| 2018-12-25T12:21:20.147520557Z | 62 | PC: 12cfa | Close file |
| 2018-12-25T12:21:20.156667008Z | 67 | PC: 12d0d | Get or set file attributes |
| 2018-12-25T12:21:20.174114668Z | 79 | PC: 12c12 | Find next file |
| 2018-12-25T12:21:20.17747811Z | 61 | PC: 12c2a | Open file (See above) |
| 2018-12-25T12:21:20.185250929Z | 63 | PC: 12c3d | Read file or device (See above) |
| 2018-12-25T12:21:20.193407519Z | 44 | PC: 12c73 | Get time (See above) |
| 2018-12-25T12:21:20.196552841Z | 67 | PC: 12c8d | Get or set file attributes (See above) |
| 2018-12-25T12:21:20.208178704Z | 62 | PC: 12c91 | Close file (See above) |
| 2018-12-25T12:21:20.210464617Z | 61 | PC: 12c96 | Open file (See above) |
| 2018-12-25T12:21:20.218659332Z | 64 | PC: 12cab | Write file or device (See above) |
| 2018-12-25T12:21:20.221841758Z | 64 | PC: 12cbe | Write file or device (See above) |
| 2018-12-25T12:21:20.224861463Z | 64 | PC: 12cd3 | Write file or device (See above) |
| 2018-12-25T12:21:20.229114973Z | 66 | PC: 12cdc | Move file pointer (See above) |
| 2018-12-25T12:21:20.231683049Z | 64 | PC: 12a80 | Write file or device (See above) |
| 2018-12-25T12:21:20.242608212Z | 87 | PC: 12cf6 | Get or set file date and time (See above) |
| 2018-12-25T12:21:20.245073252Z | 62 | PC: 12cfa | Close file (See above) |
| 2018-12-25T12:21:20.254188908Z | 67 | PC: 12d0d | Get or set file attributes (See above) |
| 2018-12-25T12:21:20.265690919Z | 79 | PC: 12c12 | Find next file (See above) |
| 2018-12-25T12:21:20.269611749Z | 61 | PC: 12c2a | Open file (See above) |
| 2018-12-25T12:21:20.277094039Z | 63 | PC: 12c3d | Read file or device (See above) |
| 2018-12-25T12:21:20.284845395Z | 44 | PC: 12c73 | Get time (See above) |
| 2018-12-25T12:21:20.288034597Z | 67 | PC: 12c8d | Get or set file attributes (See above) |
| 2018-12-25T12:21:20.299499458Z | 62 | PC: 12c91 | Close file (See above) |
| 2018-12-25T12:21:20.301945187Z | 61 | PC: 12c96 | Open file (See above) |
| 2018-12-25T12:21:20.311144795Z | 64 | PC: 12cab | Write file or device (See above) |
| 2018-12-25T12:21:20.314802547Z | 64 | PC: 12cbe | Write file or device (See above) |
| 2018-12-25T12:21:20.318098023Z | 64 | PC: 12cd3 | Write file or device (See above) |
| 2018-12-25T12:21:20.321499487Z | 66 | PC: 12cdc | Move file pointer (See above) |
| 2018-12-25T12:21:20.333024465Z | 64 | PC: 12a80 | Write file or device (See above) |
| 2018-12-25T12:21:20.35813751Z | 87 | PC: 12cf6 | Get or set file date and time (See above) |
| 2018-12-25T12:21:20.360862477Z | 62 | PC: 12cfa | Close file (See above) |
| 2018-12-25T12:21:20.376645322Z | 67 | PC: 12d0d | Get or set file attributes (See above) |
| 2018-12-25T12:21:20.38961052Z | 42 | PC: 12b57 | Get date 0x12b57: cmp dx, 0x709 0x12b5b: je 0x12b60 0x12b5d: jmp 0x12d80 0x12b60: jmp 0x12d13 0x12b63: and ah, bh 0x12b65: movsw word ptr es:[di], word ptr [si] 0x12b66: mov ax, 0x5c4c 0x12b69: add word ptr [di], ax 0x12b6b: add byte ptr [di - 0x75], dl 0x12b6e: in al, dx 0x12b6f: sub sp, 0x2c 0x12b72: push si 0x12b73: jmp 0x12be5 0x12b75: nop 0x12b76: mov ah, 0x1a 0x12b78: lea dx, word ptr [bp - 0x2c] 0x12b7b: int 0x21 0x12b7d: mov ah, 0x4e 0x12b7f: mov cx, 0x10 0x12b82: mov dx, 0x1a0 |
| 2018-12-25T12:21:20.392060118Z | 59 | PC: 12d8b | Change current directory |
| 2018-12-25T12:21:20.397519572Z | 59 | PC: 12d93 | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":8553,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:21:20.028991829Z | 71 | PC: 12b2e | Get current directory |
| 2018-12-25T12:21:20.031022559Z | 59 | PC: 12b3a | Change current directory |
| 2018-12-25T12:21:20.033418174Z | 26 | PC: 12bf0 | Set disk transfer address |
| 2018-12-25T12:21:20.034100178Z | 78 | PC: 12bfe | Find first file |
| 2018-12-25T12:21:20.043993662Z | 61 | PC: 12c2a | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:21:20.051232289Z | 63 | PC: 12c3d | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T12:21:20.05540577Z | 44 | PC: 12c73 | Get time 0x12c73: add dl, dh 0x12c75: je 0x12c6f 0x12c77: mov si, 0x115 0x12c7a: add si, word ptr [0x106] 0x12c7e: mov byte ptr [si], dl 0x12c80: mov ax, 0x4301 0x12c83: xor cx, cx 0x12c85: mov dx, si 0x12c87: add dx, 0xb2 0x12c8b: int 0x21 0x12c8d: mov ah, 0x3e 0x12c8f: int 0x21 0x12c91: mov ax, 0x3d02 0x12c94: int 0x21 0x12c96: jb 0x12c4c 0x12c98: mov di, dx 0x12c9a: add di, 0x63 0x12c9e: stosw word ptr es:[di], ax 0x12c9f: xchg ax, bx 0x12ca0: mov ah, 0x40 |
| 2018-12-25T12:21:20.057160247Z | 67 | PC: 12c8d | Get or set file attributes |
| 2018-12-25T12:21:20.930425886Z | 62 | PC: 12c91 | Close file |
| 2018-12-25T12:21:20.93203895Z | 61 | PC: 12c96 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:21:20.93832488Z | 64 | PC: 12cab | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:21:20.944640452Z | 64 | PC: 12cbe | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:21:20.946506247Z | 64 | PC: 12cd3 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:21:20.948629237Z | 66 | PC: 12cdc | Move file pointer |
| 2018-12-25T12:21:20.949792953Z | 64 | PC: 12a80 | Write file or device (Write 1136 bytes on handle 5) |
| 2018-12-25T12:21:21.03573463Z | 87 | PC: 12cf6 | Get or set file date and time |
| 2018-12-25T12:21:21.037026846Z | 62 | PC: 12cfa | Close file |
| 2018-12-25T12:21:21.11767891Z | 67 | PC: 12d0d | Get or set file attributes |
| 2018-12-25T12:21:21.192002406Z | 79 | PC: 12c12 | Find next file |
| 2018-12-25T12:21:21.194910317Z | 61 | PC: 12c2a | Open file (See above) |
| 2018-12-25T12:21:21.201611026Z | 63 | PC: 12c3d | Read file or device (See above) |
| 2018-12-25T12:21:21.208205785Z | 44 | PC: 12c73 | Get time (See above) |
| 2018-12-25T12:21:21.210230896Z | 67 | PC: 12c8d | Get or set file attributes (See above) |
| 2018-12-25T12:21:21.219960846Z | 62 | PC: 12c91 | Close file (See above) |
| 2018-12-25T12:21:21.221578291Z | 61 | PC: 12c96 | Open file (See above) |
| 2018-12-25T12:21:21.228261614Z | 64 | PC: 12cab | Write file or device (See above) |
| 2018-12-25T12:21:21.230293453Z | 64 | PC: 12cbe | Write file or device (See above) |
| 2018-12-25T12:21:21.231905827Z | 64 | PC: 12cd3 | Write file or device (See above) |
| 2018-12-25T12:21:21.233853967Z | 66 | PC: 12cdc | Move file pointer (See above) |
| 2018-12-25T12:21:21.235120221Z | 64 | PC: 12a80 | Write file or device (See above) |
| 2018-12-25T12:21:21.241126122Z | 87 | PC: 12cf6 | Get or set file date and time (See above) |
| 2018-12-25T12:21:21.242389977Z | 62 | PC: 12cfa | Close file (See above) |
| 2018-12-25T12:21:21.24730292Z | 67 | PC: 12d0d | Get or set file attributes (See above) |
| 2018-12-25T12:21:21.253219737Z | 79 | PC: 12c12 | Find next file (See above) |
| 2018-12-25T12:21:21.255023323Z | 61 | PC: 12c2a | Open file (See above) |
| 2018-12-25T12:21:21.259095542Z | 63 | PC: 12c3d | Read file or device (See above) |
| 2018-12-25T12:21:21.26312295Z | 44 | PC: 12c73 | Get time (See above) |
| 2018-12-25T12:21:21.264689424Z | 67 | PC: 12c8d | Get or set file attributes (See above) |
| 2018-12-25T12:21:21.273606062Z | 62 | PC: 12c91 | Close file (See above) |
| 2018-12-25T12:21:21.274925303Z | 61 | PC: 12c96 | Open file (See above) |
| 2018-12-25T12:21:21.279394788Z | 64 | PC: 12cab | Write file or device (See above) |
| 2018-12-25T12:21:21.283944729Z | 64 | PC: 12cbe | Write file or device (See above) |
| 2018-12-25T12:21:21.285730168Z | 64 | PC: 12cd3 | Write file or device (See above) |
| 2018-12-25T12:21:21.287579796Z | 66 | PC: 12cdc | Move file pointer (See above) |
| 2018-12-25T12:21:21.289067485Z | 64 | PC: 12a80 | Write file or device (See above) |
| 2018-12-25T12:21:21.294714464Z | 87 | PC: 12cf6 | Get or set file date and time (See above) |
| 2018-12-25T12:21:21.295768004Z | 62 | PC: 12cfa | Close file (See above) |
| 2018-12-25T12:21:21.300874379Z | 67 | PC: 12d0d | Get or set file attributes (See above) |
| 2018-12-25T12:21:21.307097041Z | 42 | PC: 12b57 | Get date 0x12b57: cmp dx, 0x709 0x12b5b: je 0x12b60 0x12b5d: jmp 0x12d80 0x12b60: jmp 0x12d13 0x12b63: and ah, bh 0x12b65: movsw word ptr es:[di], word ptr [si] 0x12b66: mov ax, 0x5c4c 0x12b69: add word ptr [di], ax 0x12b6b: add byte ptr [di - 0x75], dl 0x12b6e: in al, dx 0x12b6f: sub sp, 0x2c 0x12b72: push si 0x12b73: jmp 0x12be5 0x12b75: nop 0x12b76: mov ah, 0x1a 0x12b78: lea dx, word ptr [bp - 0x2c] 0x12b7b: int 0x21 0x12b7d: mov ah, 0x4e 0x12b7f: mov cx, 0x10 0x12b82: mov dx, 0x1a0 |
| 2018-12-25T12:21:21.30869858Z | 59 | PC: 12d8b | Change current directory |
| 2018-12-25T12:21:21.311236343Z | 59 | PC: 12d93 | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":8553,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:21:20.294097767Z | 71 | PC: 12b2e | Get current directory |
| 2018-12-25T12:21:20.296945468Z | 59 | PC: 12b3a | Change current directory |
| 2018-12-25T12:21:20.300141531Z | 26 | PC: 12bf0 | Set disk transfer address |
| 2018-12-25T12:21:20.300845835Z | 78 | PC: 12bfe | Find first file |
| 2018-12-25T12:21:20.311587887Z | 61 | PC: 12c2a | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:21:20.317556219Z | 63 | PC: 12c3d | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T12:21:20.323326873Z | 44 | PC: 12c73 | Get time 0x12c73: add dl, dh 0x12c75: je 0x12c6f 0x12c77: mov si, 0x115 0x12c7a: add si, word ptr [0x106] 0x12c7e: mov byte ptr [si], dl 0x12c80: mov ax, 0x4301 0x12c83: xor cx, cx 0x12c85: mov dx, si 0x12c87: add dx, 0xb2 0x12c8b: int 0x21 0x12c8d: mov ah, 0x3e 0x12c8f: int 0x21 0x12c91: mov ax, 0x3d02 0x12c94: int 0x21 0x12c96: jb 0x12c4c 0x12c98: mov di, dx 0x12c9a: add di, 0x63 0x12c9e: stosw word ptr es:[di], ax 0x12c9f: xchg ax, bx 0x12ca0: mov ah, 0x40 |
| 2018-12-25T12:21:20.3253462Z | 67 | PC: 12c8d | Get or set file attributes |
| 2018-12-25T12:21:20.931203197Z | 62 | PC: 12c91 | Close file |
| 2018-12-25T12:21:20.932724744Z | 61 | PC: 12c96 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:21:20.937667275Z | 64 | PC: 12cab | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:21:20.940286155Z | 64 | PC: 12cbe | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:21:20.942779752Z | 64 | PC: 12cd3 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:21:20.945516669Z | 66 | PC: 12cdc | Move file pointer |
| 2018-12-25T12:21:20.946935213Z | 64 | PC: 12a80 | Write file or device (Write 1136 bytes on handle 5) |
| 2018-12-25T12:21:21.035785364Z | 87 | PC: 12cf6 | Get or set file date and time |
| 2018-12-25T12:21:21.037342006Z | 62 | PC: 12cfa | Close file |
| 2018-12-25T12:21:21.117696371Z | 67 | PC: 12d0d | Get or set file attributes |
| 2018-12-25T12:21:21.191951874Z | 79 | PC: 12c12 | Find next file |
| 2018-12-25T12:21:21.194328156Z | 61 | PC: 12c2a | Open file (See above) |
| 2018-12-25T12:21:21.200899244Z | 63 | PC: 12c3d | Read file or device (See above) |
| 2018-12-25T12:21:21.207053961Z | 44 | PC: 12c73 | Get time (See above) |
| 2018-12-25T12:21:21.208962963Z | 67 | PC: 12c8d | Get or set file attributes (See above) |
| 2018-12-25T12:21:21.218647185Z | 62 | PC: 12c91 | Close file (See above) |
| 2018-12-25T12:21:21.220035084Z | 61 | PC: 12c96 | Open file (See above) |
| 2018-12-25T12:21:21.226414519Z | 64 | PC: 12cab | Write file or device (See above) |
| 2018-12-25T12:21:21.229119973Z | 64 | PC: 12cbe | Write file or device (See above) |
| 2018-12-25T12:21:21.230728619Z | 64 | PC: 12cd3 | Write file or device (See above) |
| 2018-12-25T12:21:21.23235896Z | 66 | PC: 12cdc | Move file pointer (See above) |
| 2018-12-25T12:21:21.234207962Z | 64 | PC: 12a80 | Write file or device (See above) |
| 2018-12-25T12:21:21.242798427Z | 87 | PC: 12cf6 | Get or set file date and time (See above) |
| 2018-12-25T12:21:21.24420616Z | 62 | PC: 12cfa | Close file (See above) |
| 2018-12-25T12:21:21.251364085Z | 67 | PC: 12d0d | Get or set file attributes (See above) |
| 2018-12-25T12:21:21.260943875Z | 79 | PC: 12c12 | Find next file (See above) |
| 2018-12-25T12:21:21.263496973Z | 61 | PC: 12c2a | Open file (See above) |
| 2018-12-25T12:21:21.268429498Z | 63 | PC: 12c3d | Read file or device (See above) |
| 2018-12-25T12:21:21.272560053Z | 44 | PC: 12c73 | Get time (See above) |
| 2018-12-25T12:21:21.274067726Z | 67 | PC: 12c8d | Get or set file attributes (See above) |
| 2018-12-25T12:21:21.280775571Z | 62 | PC: 12c91 | Close file (See above) |
| 2018-12-25T12:21:21.282404384Z | 61 | PC: 12c96 | Open file (See above) |
| 2018-12-25T12:21:21.288615551Z | 64 | PC: 12cab | Write file or device (See above) |
| 2018-12-25T12:21:21.291568364Z | 64 | PC: 12cbe | Write file or device (See above) |
| 2018-12-25T12:21:21.293945776Z | 64 | PC: 12cd3 | Write file or device (See above) |
| 2018-12-25T12:21:21.296269818Z | 66 | PC: 12cdc | Move file pointer (See above) |
| 2018-12-25T12:21:21.298328999Z | 64 | PC: 12a80 | Write file or device (See above) |
| 2018-12-25T12:21:21.306785057Z | 87 | PC: 12cf6 | Get or set file date and time (See above) |
| 2018-12-25T12:21:21.30806358Z | 62 | PC: 12cfa | Close file (See above) |
| 2018-12-25T12:21:21.315213818Z | 67 | PC: 12d0d | Get or set file attributes (See above) |
| 2018-12-25T12:21:21.326850866Z | 42 | PC: 12b57 | Get date 0x12b57: cmp dx, 0x709 0x12b5b: je 0x12b60 0x12b5d: jmp 0x12d80 0x12b60: jmp 0x12d13 0x12b63: and ah, bh 0x12b65: movsw word ptr es:[di], word ptr [si] 0x12b66: mov ax, 0x5c4c 0x12b69: add word ptr [di], ax 0x12b6b: add byte ptr [di - 0x75], dl 0x12b6e: in al, dx 0x12b6f: sub sp, 0x2c 0x12b72: push si 0x12b73: jmp 0x12be5 0x12b75: nop 0x12b76: mov ah, 0x1a 0x12b78: lea dx, word ptr [bp - 0x2c] 0x12b7b: int 0x21 0x12b7d: mov ah, 0x4e 0x12b7f: mov cx, 0x10 0x12b82: mov dx, 0x1a0 |
| 2018-12-25T12:21:21.328831728Z | 59 | PC: 12d8b | Change current directory |
| 2018-12-25T12:21:21.332976434Z | 59 | PC: 12d93 | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":8553,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:21:20.51122221Z | 71 | PC: 12b2e | Get current directory |
| 2018-12-25T12:21:20.513374956Z | 59 | PC: 12b3a | Change current directory |
| 2018-12-25T12:21:20.515719193Z | 26 | PC: 12bf0 | Set disk transfer address |
| 2018-12-25T12:21:20.51636998Z | 78 | PC: 12bfe | Find first file |
| 2018-12-25T12:21:20.523093989Z | 61 | PC: 12c2a | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:21:20.52978116Z | 63 | PC: 12c3d | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T12:21:20.533525835Z | 44 | PC: 12c73 | Get time 0x12c73: add dl, dh 0x12c75: je 0x12c6f 0x12c77: mov si, 0x115 0x12c7a: add si, word ptr [0x106] 0x12c7e: mov byte ptr [si], dl 0x12c80: mov ax, 0x4301 0x12c83: xor cx, cx 0x12c85: mov dx, si 0x12c87: add dx, 0xb2 0x12c8b: int 0x21 0x12c8d: mov ah, 0x3e 0x12c8f: int 0x21 0x12c91: mov ax, 0x3d02 0x12c94: int 0x21 0x12c96: jb 0x12c4c 0x12c98: mov di, dx 0x12c9a: add di, 0x63 0x12c9e: stosw word ptr es:[di], ax 0x12c9f: xchg ax, bx 0x12ca0: mov ah, 0x40 |
| 2018-12-25T12:21:20.535132261Z | 67 | PC: 12c8d | Get or set file attributes |
| 2018-12-25T12:21:20.929975263Z | 62 | PC: 12c91 | Close file |
| 2018-12-25T12:21:20.932551074Z | 61 | PC: 12c96 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:21:20.939344377Z | 64 | PC: 12cab | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:21:20.94567705Z | 64 | PC: 12cbe | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:21:20.948113008Z | 64 | PC: 12cd3 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:21:20.950784382Z | 66 | PC: 12cdc | Move file pointer |
| 2018-12-25T12:21:20.952447391Z | 64 | PC: 12a80 | Write file or device (Write 1136 bytes on handle 5) |
| 2018-12-25T12:21:21.035642074Z | 87 | PC: 12cf6 | Get or set file date and time |
| 2018-12-25T12:21:21.037351218Z | 62 | PC: 12cfa | Close file |
| 2018-12-25T12:21:21.117654169Z | 67 | PC: 12d0d | Get or set file attributes |
| 2018-12-25T12:21:21.192111532Z | 79 | PC: 12c12 | Find next file |
| 2018-12-25T12:21:21.195094455Z | 61 | PC: 12c2a | Open file (See above) |
| 2018-12-25T12:21:21.199288304Z | 63 | PC: 12c3d | Read file or device (See above) |
| 2018-12-25T12:21:21.203211269Z | 44 | PC: 12c73 | Get time (See above) |
| 2018-12-25T12:21:21.204876373Z | 67 | PC: 12c8d | Get or set file attributes (See above) |
| 2018-12-25T12:21:21.211342876Z | 62 | PC: 12c91 | Close file (See above) |
| 2018-12-25T12:21:21.212493064Z | 61 | PC: 12c96 | Open file (See above) |
| 2018-12-25T12:21:21.216652284Z | 64 | PC: 12cab | Write file or device (See above) |
| 2018-12-25T12:21:21.218587629Z | 64 | PC: 12cbe | Write file or device (See above) |
| 2018-12-25T12:21:21.220278441Z | 64 | PC: 12cd3 | Write file or device (See above) |
| 2018-12-25T12:21:21.222345749Z | 66 | PC: 12cdc | Move file pointer (See above) |
| 2018-12-25T12:21:21.223647937Z | 64 | PC: 12a80 | Write file or device (See above) |
| 2018-12-25T12:21:21.229294357Z | 87 | PC: 12cf6 | Get or set file date and time (See above) |
| 2018-12-25T12:21:21.230869043Z | 62 | PC: 12cfa | Close file (See above) |
| 2018-12-25T12:21:21.23629288Z | 67 | PC: 12d0d | Get or set file attributes (See above) |
| 2018-12-25T12:21:21.245502693Z | 79 | PC: 12c12 | Find next file (See above) |
| 2018-12-25T12:21:21.248068724Z | 61 | PC: 12c2a | Open file (See above) |
| 2018-12-25T12:21:21.254053835Z | 63 | PC: 12c3d | Read file or device (See above) |
| 2018-12-25T12:21:21.26024779Z | 44 | PC: 12c73 | Get time (See above) |
| 2018-12-25T12:21:21.262065359Z | 67 | PC: 12c8d | Get or set file attributes (See above) |
| 2018-12-25T12:21:21.270061436Z | 62 | PC: 12c91 | Close file (See above) |
| 2018-12-25T12:21:21.272467343Z | 61 | PC: 12c96 | Open file (See above) |
| 2018-12-25T12:21:21.277282841Z | 64 | PC: 12cab | Write file or device (See above) |
| 2018-12-25T12:21:21.283672368Z | 64 | PC: 12cbe | Write file or device (See above) |
| 2018-12-25T12:21:21.285373089Z | 64 | PC: 12cd3 | Write file or device (See above) |
| 2018-12-25T12:21:21.288011005Z | 66 | PC: 12cdc | Move file pointer (See above) |
| 2018-12-25T12:21:21.290091418Z | 64 | PC: 12a80 | Write file or device (See above) |
| 2018-12-25T12:21:21.298153562Z | 87 | PC: 12cf6 | Get or set file date and time (See above) |
| 2018-12-25T12:21:21.29955781Z | 62 | PC: 12cfa | Close file (See above) |
| 2018-12-25T12:21:21.304736495Z | 67 | PC: 12d0d | Get or set file attributes (See above) |
| 2018-12-25T12:21:21.312642058Z | 42 | PC: 12b57 | Get date 0x12b57: cmp dx, 0x709 0x12b5b: je 0x12b60 0x12b5d: jmp 0x12d80 0x12b60: jmp 0x12d13 0x12b63: and ah, bh 0x12b65: movsw word ptr es:[di], word ptr [si] 0x12b66: mov ax, 0x5c4c 0x12b69: add word ptr [di], ax 0x12b6b: add byte ptr [di - 0x75], dl 0x12b6e: in al, dx 0x12b6f: sub sp, 0x2c 0x12b72: push si 0x12b73: jmp 0x12be5 0x12b75: nop 0x12b76: mov ah, 0x1a 0x12b78: lea dx, word ptr [bp - 0x2c] 0x12b7b: int 0x21 0x12b7d: mov ah, 0x4e 0x12b7f: mov cx, 0x10 0x12b82: mov dx, 0x1a0 |
| 2018-12-25T12:21:21.314620598Z | 59 | PC: 12d8b | Change current directory |
| 2018-12-25T12:21:21.318543391Z | 59 | PC: 12d93 | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":8553,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:21:20.750428866Z | 71 | PC: 12b2e | Get current directory |
| 2018-12-25T12:21:20.752435285Z | 59 | PC: 12b3a | Change current directory |
| 2018-12-25T12:21:20.754789894Z | 26 | PC: 12bf0 | Set disk transfer address |
| 2018-12-25T12:21:20.75544188Z | 78 | PC: 12bfe | Find first file |
| 2018-12-25T12:21:20.763049865Z | 61 | PC: 12c2a | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:21:20.76991719Z | 63 | PC: 12c3d | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T12:21:20.773689138Z | 44 | PC: 12c73 | Get time 0x12c73: add dl, dh 0x12c75: je 0x12c6f 0x12c77: mov si, 0x115 0x12c7a: add si, word ptr [0x106] 0x12c7e: mov byte ptr [si], dl 0x12c80: mov ax, 0x4301 0x12c83: xor cx, cx 0x12c85: mov dx, si 0x12c87: add dx, 0xb2 0x12c8b: int 0x21 0x12c8d: mov ah, 0x3e 0x12c8f: int 0x21 0x12c91: mov ax, 0x3d02 0x12c94: int 0x21 0x12c96: jb 0x12c4c 0x12c98: mov di, dx 0x12c9a: add di, 0x63 0x12c9e: stosw word ptr es:[di], ax 0x12c9f: xchg ax, bx 0x12ca0: mov ah, 0x40 |
| 2018-12-25T12:21:20.775316496Z | 67 | PC: 12c8d | Get or set file attributes |
| 2018-12-25T12:21:20.929459757Z | 62 | PC: 12c91 | Close file |
| 2018-12-25T12:21:20.931266903Z | 61 | PC: 12c96 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:21:20.935679491Z | 64 | PC: 12cab | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:21:20.937511008Z | 64 | PC: 12cbe | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:21:20.939193559Z | 64 | PC: 12cd3 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:21:20.941104361Z | 66 | PC: 12cdc | Move file pointer |
| 2018-12-25T12:21:20.942352958Z | 64 | PC: 12a80 | Write file or device (Write 1136 bytes on handle 5) |
| 2018-12-25T12:21:21.000148108Z | 87 | PC: 12cf6 | Get or set file date and time |
| 2018-12-25T12:21:21.001281667Z | 62 | PC: 12cfa | Close file |
| 2018-12-25T12:21:21.076734005Z | 67 | PC: 12d0d | Get or set file attributes |
| 2018-12-25T12:21:21.15549398Z | 79 | PC: 12c12 | Find next file |
| 2018-12-25T12:21:21.157982619Z | 61 | PC: 12c2a | Open file (See above) |
| 2018-12-25T12:21:21.164240773Z | 63 | PC: 12c3d | Read file or device (See above) |
| 2018-12-25T12:21:21.170319222Z | 44 | PC: 12c73 | Get time (See above) |
| 2018-12-25T12:21:21.172219603Z | 67 | PC: 12c8d | Get or set file attributes (See above) |
| 2018-12-25T12:21:21.198770734Z | 62 | PC: 12c91 | Close file (See above) |
| 2018-12-25T12:21:21.200317378Z | 61 | PC: 12c96 | Open file (See above) |
| 2018-12-25T12:21:21.206611073Z | 64 | PC: 12cab | Write file or device (See above) |
| 2018-12-25T12:21:21.213403675Z | 64 | PC: 12cbe | Write file or device (See above) |
| 2018-12-25T12:21:21.215725044Z | 64 | PC: 12cd3 | Write file or device (See above) |
| 2018-12-25T12:21:21.218072569Z | 66 | PC: 12cdc | Move file pointer (See above) |
| 2018-12-25T12:21:21.220183863Z | 64 | PC: 12a80 | Write file or device (See above) |
| 2018-12-25T12:21:21.23056776Z | 87 | PC: 12cf6 | Get or set file date and time (See above) |
| 2018-12-25T12:21:21.23195394Z | 62 | PC: 12cfa | Close file (See above) |
| 2018-12-25T12:21:21.239185659Z | 67 | PC: 12d0d | Get or set file attributes (See above) |
| 2018-12-25T12:21:21.248782558Z | 79 | PC: 12c12 | Find next file (See above) |
| 2018-12-25T12:21:21.251195429Z | 61 | PC: 12c2a | Open file (See above) |
| 2018-12-25T12:21:21.257820572Z | 63 | PC: 12c3d | Read file or device (See above) |
| 2018-12-25T12:21:21.264309822Z | 44 | PC: 12c73 | Get time (See above) |
| 2018-12-25T12:21:21.266289399Z | 67 | PC: 12c8d | Get or set file attributes (See above) |
| 2018-12-25T12:21:21.275867029Z | 62 | PC: 12c91 | Close file (See above) |
| 2018-12-25T12:21:21.277092014Z | 61 | PC: 12c96 | Open file (See above) |
| 2018-12-25T12:21:21.281049483Z | 64 | PC: 12cab | Write file or device (See above) |
| 2018-12-25T12:21:21.283412174Z | 64 | PC: 12cbe | Write file or device (See above) |
| 2018-12-25T12:21:21.285023247Z | 64 | PC: 12cd3 | Write file or device (See above) |
| 2018-12-25T12:21:21.286645546Z | 66 | PC: 12cdc | Move file pointer (See above) |
| 2018-12-25T12:21:21.28829416Z | 64 | PC: 12a80 | Write file or device (See above) |
| 2018-12-25T12:21:21.29652997Z | 87 | PC: 12cf6 | Get or set file date and time (See above) |
| 2018-12-25T12:21:21.297626336Z | 62 | PC: 12cfa | Close file (See above) |
| 2018-12-25T12:21:21.303714866Z | 67 | PC: 12d0d | Get or set file attributes (See above) |
| 2018-12-25T12:21:21.309961331Z | 42 | PC: 12b57 | Get date 0x12b57: cmp dx, 0x709 0x12b5b: je 0x12b60 0x12b5d: jmp 0x12d80 0x12b60: jmp 0x12d13 0x12b63: and ah, bh 0x12b65: movsw word ptr es:[di], word ptr [si] 0x12b66: mov ax, 0x5c4c 0x12b69: add word ptr [di], ax 0x12b6b: add byte ptr [di - 0x75], dl 0x12b6e: in al, dx 0x12b6f: sub sp, 0x2c 0x12b72: push si 0x12b73: jmp 0x12be5 0x12b75: nop 0x12b76: mov ah, 0x1a 0x12b78: lea dx, word ptr [bp - 0x2c] 0x12b7b: int 0x21 0x12b7d: mov ah, 0x4e 0x12b7f: mov cx, 0x10 0x12b82: mov dx, 0x1a0 |
| 2018-12-25T12:21:21.311230533Z | 59 | PC: 12d8b | Change current directory |
| 2018-12-25T12:21:21.31686081Z | 59 | PC: 12d93 | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":8553,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:21:20.996314174Z | 71 | PC: 12b2e | Get current directory |
| 2018-12-25T12:21:20.998558615Z | 59 | PC: 12b3a | Change current directory |
| 2018-12-25T12:21:21.000967274Z | 26 | PC: 12bf0 | Set disk transfer address |
| 2018-12-25T12:21:21.00166744Z | 78 | PC: 12bfe | Find first file |
| 2018-12-25T12:21:21.008664155Z | 61 | PC: 12c2a | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:21:21.015486945Z | 63 | PC: 12c3d | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T12:21:21.019343137Z | 44 | PC: 12c73 | Get time 0x12c73: add dl, dh 0x12c75: je 0x12c6f 0x12c77: mov si, 0x115 0x12c7a: add si, word ptr [0x106] 0x12c7e: mov byte ptr [si], dl 0x12c80: mov ax, 0x4301 0x12c83: xor cx, cx 0x12c85: mov dx, si 0x12c87: add dx, 0xb2 0x12c8b: int 0x21 0x12c8d: mov ah, 0x3e 0x12c8f: int 0x21 0x12c91: mov ax, 0x3d02 0x12c94: int 0x21 0x12c96: jb 0x12c4c 0x12c98: mov di, dx 0x12c9a: add di, 0x63 0x12c9e: stosw word ptr es:[di], ax 0x12c9f: xchg ax, bx 0x12ca0: mov ah, 0x40 |
| 2018-12-25T12:21:21.021308278Z | 67 | PC: 12c8d | Get or set file attributes |
| 2018-12-25T12:21:21.118215801Z | 62 | PC: 12c91 | Close file |
| 2018-12-25T12:21:21.119530663Z | 61 | PC: 12c96 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:21:21.123909787Z | 64 | PC: 12cab | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:21:21.12826576Z | 64 | PC: 12cbe | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:21:21.129898432Z | 64 | PC: 12cd3 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:21:21.13175248Z | 66 | PC: 12cdc | Move file pointer |
| 2018-12-25T12:21:21.132948783Z | 64 | PC: 12a80 | Write file or device (Write 1136 bytes on handle 5) |
| 2018-12-25T12:21:21.198892987Z | 87 | PC: 12cf6 | Get or set file date and time |
| 2018-12-25T12:21:21.199953142Z | 62 | PC: 12cfa | Close file |
| 2018-12-25T12:21:21.20513238Z | 67 | PC: 12d0d | Get or set file attributes |
| 2018-12-25T12:21:21.211208225Z | 79 | PC: 12c12 | Find next file |
| 2018-12-25T12:21:21.21325124Z | 61 | PC: 12c2a | Open file (See above) |
| 2018-12-25T12:21:21.217386898Z | 63 | PC: 12c3d | Read file or device (See above) |
| 2018-12-25T12:21:21.223411687Z | 44 | PC: 12c73 | Get time (See above) |
| 2018-12-25T12:21:21.22531269Z | 67 | PC: 12c8d | Get or set file attributes (See above) |
| 2018-12-25T12:21:21.236526176Z | 62 | PC: 12c91 | Close file (See above) |
| 2018-12-25T12:21:21.238137242Z | 61 | PC: 12c96 | Open file (See above) |
| 2018-12-25T12:21:21.242296464Z | 64 | PC: 12cab | Write file or device (See above) |
| 2018-12-25T12:21:21.246809852Z | 64 | PC: 12cbe | Write file or device (See above) |
| 2018-12-25T12:21:21.248501949Z | 64 | PC: 12cd3 | Write file or device (See above) |
| 2018-12-25T12:21:21.250054255Z | 66 | PC: 12cdc | Move file pointer (See above) |
| 2018-12-25T12:21:21.251666699Z | 64 | PC: 12a80 | Write file or device (See above) |
| 2018-12-25T12:21:21.25709932Z | 87 | PC: 12cf6 | Get or set file date and time (See above) |
| 2018-12-25T12:21:21.258099673Z | 62 | PC: 12cfa | Close file (See above) |
| 2018-12-25T12:21:21.263097415Z | 67 | PC: 12d0d | Get or set file attributes (See above) |
| 2018-12-25T12:21:21.271065338Z | 79 | PC: 12c12 | Find next file (See above) |
| 2018-12-25T12:21:21.272750121Z | 61 | PC: 12c2a | Open file (See above) |
| 2018-12-25T12:21:21.277296217Z | 63 | PC: 12c3d | Read file or device (See above) |
| 2018-12-25T12:21:21.281236421Z | 44 | PC: 12c73 | Get time (See above) |
| 2018-12-25T12:21:21.282573631Z | 67 | PC: 12c8d | Get or set file attributes (See above) |
| 2018-12-25T12:21:21.288675134Z | 62 | PC: 12c91 | Close file (See above) |
| 2018-12-25T12:21:21.289794724Z | 61 | PC: 12c96 | Open file (See above) |
| 2018-12-25T12:21:21.296657761Z | 64 | PC: 12cab | Write file or device (See above) |
| 2018-12-25T12:21:21.30117327Z | 64 | PC: 12cbe | Write file or device (See above) |
| 2018-12-25T12:21:21.303282166Z | 64 | PC: 12cd3 | Write file or device (See above) |
| 2018-12-25T12:21:21.304939769Z | 66 | PC: 12cdc | Move file pointer (See above) |
| 2018-12-25T12:21:21.306561158Z | 64 | PC: 12a80 | Write file or device (See above) |
| 2018-12-25T12:21:21.311975299Z | 87 | PC: 12cf6 | Get or set file date and time (See above) |
| 2018-12-25T12:21:21.312917575Z | 62 | PC: 12cfa | Close file (See above) |
| 2018-12-25T12:21:21.320234329Z | 67 | PC: 12d0d | Get or set file attributes (See above) |
| 2018-12-25T12:21:21.329752015Z | 42 | PC: 12b57 | Get date 0x12b57: cmp dx, 0x709 0x12b5b: je 0x12b60 0x12b5d: jmp 0x12d80 0x12b60: jmp 0x12d13 0x12b63: and ah, bh 0x12b65: movsw word ptr es:[di], word ptr [si] 0x12b66: mov ax, 0x5c4c 0x12b69: add word ptr [di], ax 0x12b6b: add byte ptr [di - 0x75], dl 0x12b6e: in al, dx 0x12b6f: sub sp, 0x2c 0x12b72: push si 0x12b73: jmp 0x12be5 0x12b75: nop 0x12b76: mov ah, 0x1a 0x12b78: lea dx, word ptr [bp - 0x2c] 0x12b7b: int 0x21 0x12b7d: mov ah, 0x4e 0x12b7f: mov cx, 0x10 0x12b82: mov dx, 0x1a0 |
| 2018-12-25T12:21:21.331747797Z | 59 | PC: 12d8b | Change current directory |
| 2018-12-25T12:21:21.335975261Z | 59 | PC: 12d93 | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":8553,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:21:21.244357911Z | 71 | PC: 12b2e | Get current directory |
| 2018-12-25T12:21:21.246675487Z | 59 | PC: 12b3a | Change current directory |
| 2018-12-25T12:21:21.249123062Z | 26 | PC: 12bf0 | Set disk transfer address |
| 2018-12-25T12:21:21.24982729Z | 78 | PC: 12bfe | Find first file |
| 2018-12-25T12:21:21.257137045Z | 61 | PC: 12c2a | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:21:21.26820633Z | 63 | PC: 12c3d | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T12:21:21.275101621Z | 44 | PC: 12c73 | Get time 0x12c73: add dl, dh 0x12c75: je 0x12c6f 0x12c77: mov si, 0x115 0x12c7a: add si, word ptr [0x106] 0x12c7e: mov byte ptr [si], dl 0x12c80: mov ax, 0x4301 0x12c83: xor cx, cx 0x12c85: mov dx, si 0x12c87: add dx, 0xb2 0x12c8b: int 0x21 0x12c8d: mov ah, 0x3e 0x12c8f: int 0x21 0x12c91: mov ax, 0x3d02 0x12c94: int 0x21 0x12c96: jb 0x12c4c 0x12c98: mov di, dx 0x12c9a: add di, 0x63 0x12c9e: stosw word ptr es:[di], ax 0x12c9f: xchg ax, bx 0x12ca0: mov ah, 0x40 |
| 2018-12-25T12:21:21.277621878Z | 67 | PC: 12c8d | Get or set file attributes |
| 2018-12-25T12:21:21.287930471Z | 62 | PC: 12c91 | Close file |
| 2018-12-25T12:21:21.289531839Z | 61 | PC: 12c96 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:21:21.296202841Z | 64 | PC: 12cab | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:21:21.298772421Z | 64 | PC: 12cbe | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:21:21.301153254Z | 64 | PC: 12cd3 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:21:21.303715421Z | 66 | PC: 12cdc | Move file pointer |
| 2018-12-25T12:21:21.305504731Z | 64 | PC: 12a80 | Write file or device (Write 1136 bytes on handle 5) |
| 2018-12-25T12:21:21.313329132Z | 87 | PC: 12cf6 | Get or set file date and time |
| 2018-12-25T12:21:21.31446271Z | 62 | PC: 12cfa | Close file |
| 2018-12-25T12:21:21.321145085Z | 67 | PC: 12d0d | Get or set file attributes |
| 2018-12-25T12:21:21.330091913Z | 79 | PC: 12c12 | Find next file |
| 2018-12-25T12:21:21.332493176Z | 61 | PC: 12c2a | Open file (See above) |
| 2018-12-25T12:21:21.339386945Z | 63 | PC: 12c3d | Read file or device (See above) |
| 2018-12-25T12:21:21.345236673Z | 44 | PC: 12c73 | Get time (See above) |
| 2018-12-25T12:21:21.346873799Z | 67 | PC: 12c8d | Get or set file attributes (See above) |
| 2018-12-25T12:21:21.356599484Z | 62 | PC: 12c91 | Close file (See above) |
| 2018-12-25T12:21:21.358288094Z | 61 | PC: 12c96 | Open file (See above) |
| 2018-12-25T12:21:21.364715379Z | 64 | PC: 12cab | Write file or device (See above) |
| 2018-12-25T12:21:21.367589307Z | 64 | PC: 12cbe | Write file or device (See above) |
| 2018-12-25T12:21:21.370050569Z | 64 | PC: 12cd3 | Write file or device (See above) |
| 2018-12-25T12:21:21.372750902Z | 66 | PC: 12cdc | Move file pointer (See above) |
| 2018-12-25T12:21:21.374954355Z | 64 | PC: 12a80 | Write file or device (See above) |
| 2018-12-25T12:21:21.383670656Z | 87 | PC: 12cf6 | Get or set file date and time (See above) |
| 2018-12-25T12:21:21.384972639Z | 62 | PC: 12cfa | Close file (See above) |
| 2018-12-25T12:21:21.392016917Z | 67 | PC: 12d0d | Get or set file attributes (See above) |
| 2018-12-25T12:21:21.398455416Z | 79 | PC: 12c12 | Find next file (See above) |
| 2018-12-25T12:21:21.400514784Z | 61 | PC: 12c2a | Open file (See above) |
| 2018-12-25T12:21:21.404953562Z | 63 | PC: 12c3d | Read file or device (See above) |
| 2018-12-25T12:21:21.408844385Z | 44 | PC: 12c73 | Get time (See above) |
| 2018-12-25T12:21:21.410134125Z | 67 | PC: 12c8d | Get or set file attributes (See above) |
| 2018-12-25T12:21:21.416438155Z | 62 | PC: 12c91 | Close file (See above) |
| 2018-12-25T12:21:21.417705105Z | 61 | PC: 12c96 | Open file (See above) |
| 2018-12-25T12:21:21.422205001Z | 64 | PC: 12cab | Write file or device (See above) |
| 2018-12-25T12:21:21.425442747Z | 64 | PC: 12cbe | Write file or device (See above) |
| 2018-12-25T12:21:21.427082789Z | 64 | PC: 12cd3 | Write file or device (See above) |
| 2018-12-25T12:21:21.428636388Z | 66 | PC: 12cdc | Move file pointer (See above) |
| 2018-12-25T12:21:21.430162488Z | 64 | PC: 12a80 | Write file or device (See above) |
| 2018-12-25T12:21:21.436195199Z | 87 | PC: 12cf6 | Get or set file date and time (See above) |
| 2018-12-25T12:21:21.437133888Z | 62 | PC: 12cfa | Close file (See above) |
| 2018-12-25T12:21:21.442255045Z | 67 | PC: 12d0d | Get or set file attributes (See above) |
| 2018-12-25T12:21:21.448344152Z | 42 | PC: 12b57 | Get date 0x12b57: cmp dx, 0x709 0x12b5b: je 0x12b60 0x12b5d: jmp 0x12d80 0x12b60: jmp 0x12d13 0x12b63: and ah, bh 0x12b65: movsw word ptr es:[di], word ptr [si] 0x12b66: mov ax, 0x5c4c 0x12b69: add word ptr [di], ax 0x12b6b: add byte ptr [di - 0x75], dl 0x12b6e: in al, dx 0x12b6f: sub sp, 0x2c 0x12b72: push si 0x12b73: jmp 0x12be5 0x12b75: nop 0x12b76: mov ah, 0x1a 0x12b78: lea dx, word ptr [bp - 0x2c] 0x12b7b: int 0x21 0x12b7d: mov ah, 0x4e 0x12b7f: mov cx, 0x10 0x12b82: mov dx, 0x1a0 |
| 2018-12-25T12:21:21.449729703Z | 59 | PC: 12d8b | Change current directory |
| 2018-12-25T12:21:21.455510162Z | 59 | PC: 12d93 | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":8553,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:21:21.481611671Z | 71 | PC: 12b2e | Get current directory |
| 2018-12-25T12:21:21.484379344Z | 59 | PC: 12b3a | Change current directory |
| 2018-12-25T12:21:21.486926091Z | 26 | PC: 12bf0 | Set disk transfer address |
| 2018-12-25T12:21:21.487644692Z | 78 | PC: 12bfe | Find first file |
| 2018-12-25T12:21:21.494378787Z | 61 | PC: 12c2a | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:21:21.501772812Z | 63 | PC: 12c3d | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T12:21:21.505557139Z | 44 | PC: 12c73 | Get time 0x12c73: add dl, dh 0x12c75: je 0x12c6f 0x12c77: mov si, 0x115 0x12c7a: add si, word ptr [0x106] 0x12c7e: mov byte ptr [si], dl 0x12c80: mov ax, 0x4301 0x12c83: xor cx, cx 0x12c85: mov dx, si 0x12c87: add dx, 0xb2 0x12c8b: int 0x21 0x12c8d: mov ah, 0x3e 0x12c8f: int 0x21 0x12c91: mov ax, 0x3d02 0x12c94: int 0x21 0x12c96: jb 0x12c4c 0x12c98: mov di, dx 0x12c9a: add di, 0x63 0x12c9e: stosw word ptr es:[di], ax 0x12c9f: xchg ax, bx 0x12ca0: mov ah, 0x40 |
| 2018-12-25T12:21:21.507239728Z | 67 | PC: 12c8d | Get or set file attributes |
| 2018-12-25T12:21:21.513525261Z | 62 | PC: 12c91 | Close file |
| 2018-12-25T12:21:21.514618807Z | 61 | PC: 12c96 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:21:21.518859047Z | 64 | PC: 12cab | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:21:21.520584177Z | 64 | PC: 12cbe | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:21:21.522249507Z | 64 | PC: 12cd3 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:21:21.523965471Z | 66 | PC: 12cdc | Move file pointer |
| 2018-12-25T12:21:21.525479452Z | 64 | PC: 12a80 | Write file or device (Write 1136 bytes on handle 5) |
| 2018-12-25T12:21:21.531425054Z | 87 | PC: 12cf6 | Get or set file date and time |
| 2018-12-25T12:21:21.532571957Z | 62 | PC: 12cfa | Close file |
| 2018-12-25T12:21:21.537575457Z | 67 | PC: 12d0d | Get or set file attributes |
| 2018-12-25T12:21:21.543890052Z | 79 | PC: 12c12 | Find next file |
| 2018-12-25T12:21:21.546313838Z | 61 | PC: 12c2a | Open file (See above) |
| 2018-12-25T12:21:21.550493864Z | 63 | PC: 12c3d | Read file or device (See above) |
| 2018-12-25T12:21:21.554487345Z | 44 | PC: 12c73 | Get time (See above) |
| 2018-12-25T12:21:21.556060951Z | 67 | PC: 12c8d | Get or set file attributes (See above) |
| 2018-12-25T12:21:21.56406267Z | 62 | PC: 12c91 | Close file (See above) |
| 2018-12-25T12:21:21.565336715Z | 61 | PC: 12c96 | Open file (See above) |
| 2018-12-25T12:21:21.577950797Z | 64 | PC: 12cab | Write file or device (See above) |
| 2018-12-25T12:21:21.582540204Z | 64 | PC: 12cbe | Write file or device (See above) |
| 2018-12-25T12:21:21.584303547Z | 64 | PC: 12cd3 | Write file or device (See above) |
| 2018-12-25T12:21:21.586067408Z | 66 | PC: 12cdc | Move file pointer (See above) |
| 2018-12-25T12:21:21.587460123Z | 64 | PC: 12a80 | Write file or device (See above) |
| 2018-12-25T12:21:21.593010796Z | 87 | PC: 12cf6 | Get or set file date and time (See above) |
| 2018-12-25T12:21:21.594412553Z | 62 | PC: 12cfa | Close file (See above) |
| 2018-12-25T12:21:21.599503048Z | 67 | PC: 12d0d | Get or set file attributes (See above) |
| 2018-12-25T12:21:21.605727647Z | 79 | PC: 12c12 | Find next file (See above) |
| 2018-12-25T12:21:21.607575104Z | 61 | PC: 12c2a | Open file (See above) |
| 2018-12-25T12:21:21.611962534Z | 63 | PC: 12c3d | Read file or device (See above) |
| 2018-12-25T12:21:21.617389602Z | 44 | PC: 12c73 | Get time (See above) |
| 2018-12-25T12:21:21.618970612Z | 67 | PC: 12c8d | Get or set file attributes (See above) |
| 2018-12-25T12:21:21.625288771Z | 62 | PC: 12c91 | Close file (See above) |
| 2018-12-25T12:21:21.626403962Z | 61 | PC: 12c96 | Open file (See above) |
| 2018-12-25T12:21:21.633219184Z | 64 | PC: 12cab | Write file or device (See above) |
| 2018-12-25T12:21:21.637426147Z | 64 | PC: 12cbe | Write file or device (See above) |
| 2018-12-25T12:21:21.639447923Z | 64 | PC: 12cd3 | Write file or device (See above) |
| 2018-12-25T12:21:21.640997489Z | 66 | PC: 12cdc | Move file pointer (See above) |
| 2018-12-25T12:21:21.642433709Z | 64 | PC: 12a80 | Write file or device (See above) |
| 2018-12-25T12:21:21.647827909Z | 87 | PC: 12cf6 | Get or set file date and time (See above) |
| 2018-12-25T12:21:21.64877091Z | 62 | PC: 12cfa | Close file (See above) |
| 2018-12-25T12:21:21.653692622Z | 67 | PC: 12d0d | Get or set file attributes (See above) |
| 2018-12-25T12:21:21.659707915Z | 42 | PC: 12b57 | Get date 0x12b57: cmp dx, 0x709 0x12b5b: je 0x12b60 0x12b5d: jmp 0x12d80 0x12b60: jmp 0x12d13 0x12b63: and ah, bh 0x12b65: movsw word ptr es:[di], word ptr [si] 0x12b66: mov ax, 0x5c4c 0x12b69: add word ptr [di], ax 0x12b6b: add byte ptr [di - 0x75], dl 0x12b6e: in al, dx 0x12b6f: sub sp, 0x2c 0x12b72: push si 0x12b73: jmp 0x12be5 0x12b75: nop 0x12b76: mov ah, 0x1a 0x12b78: lea dx, word ptr [bp - 0x2c] 0x12b7b: int 0x21 0x12b7d: mov ah, 0x4e 0x12b7f: mov cx, 0x10 0x12b82: mov dx, 0x1a0 |
| 2018-12-25T12:21:21.661079754Z | 59 | PC: 12d8b | Change current directory |
| 2018-12-25T12:21:21.664383206Z | 59 | PC: 12d93 | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":8553,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:21:21.694327538Z | 71 | PC: 12b2e | Get current directory |
| 2018-12-25T12:21:21.696498732Z | 59 | PC: 12b3a | Change current directory |
| 2018-12-25T12:21:21.698844892Z | 26 | PC: 12bf0 | Set disk transfer address |
| 2018-12-25T12:21:21.699523603Z | 78 | PC: 12bfe | Find first file |
| 2018-12-25T12:21:21.70617405Z | 61 | PC: 12c2a | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:21:21.712926998Z | 63 | PC: 12c3d | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T12:21:21.716621208Z | 44 | PC: 12c73 | Get time 0x12c73: add dl, dh 0x12c75: je 0x12c6f 0x12c77: mov si, 0x115 0x12c7a: add si, word ptr [0x106] 0x12c7e: mov byte ptr [si], dl 0x12c80: mov ax, 0x4301 0x12c83: xor cx, cx 0x12c85: mov dx, si 0x12c87: add dx, 0xb2 0x12c8b: int 0x21 0x12c8d: mov ah, 0x3e 0x12c8f: int 0x21 0x12c91: mov ax, 0x3d02 0x12c94: int 0x21 0x12c96: jb 0x12c4c 0x12c98: mov di, dx 0x12c9a: add di, 0x63 0x12c9e: stosw word ptr es:[di], ax 0x12c9f: xchg ax, bx 0x12ca0: mov ah, 0x40 |
| 2018-12-25T12:21:21.718130638Z | 67 | PC: 12c8d | Get or set file attributes |
| 2018-12-25T12:21:21.725502066Z | 62 | PC: 12c91 | Close file |
| 2018-12-25T12:21:21.726536849Z | 61 | PC: 12c96 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:21:21.731024128Z | 64 | PC: 12cab | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:21:21.734981827Z | 64 | PC: 12cbe | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:21:21.736522044Z | 64 | PC: 12cd3 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:21:21.738167442Z | 66 | PC: 12cdc | Move file pointer |
| 2018-12-25T12:21:21.739370224Z | 64 | PC: 12a80 | Write file or device (Write 1136 bytes on handle 5) |
| 2018-12-25T12:21:21.744777876Z | 87 | PC: 12cf6 | Get or set file date and time |
| 2018-12-25T12:21:21.745664242Z | 62 | PC: 12cfa | Close file |
| 2018-12-25T12:21:21.750612119Z | 67 | PC: 12d0d | Get or set file attributes |
| 2018-12-25T12:21:21.756532646Z | 79 | PC: 12c12 | Find next file |
| 2018-12-25T12:21:21.758141839Z | 61 | PC: 12c2a | Open file (See above) |
| 2018-12-25T12:21:21.762504918Z | 63 | PC: 12c3d | Read file or device (See above) |
| 2018-12-25T12:21:21.766570251Z | 44 | PC: 12c73 | Get time (See above) |
| 2018-12-25T12:21:21.7679846Z | 67 | PC: 12c8d | Get or set file attributes (See above) |
| 2018-12-25T12:21:21.774710609Z | 62 | PC: 12c91 | Close file (See above) |
| 2018-12-25T12:21:21.775920501Z | 61 | PC: 12c96 | Open file (See above) |
| 2018-12-25T12:21:21.782806927Z | 64 | PC: 12cab | Write file or device (See above) |
| 2018-12-25T12:21:21.787488939Z | 64 | PC: 12cbe | Write file or device (See above) |
| 2018-12-25T12:21:21.789222429Z | 64 | PC: 12cd3 | Write file or device (See above) |
| 2018-12-25T12:21:21.791587862Z | 66 | PC: 12cdc | Move file pointer (See above) |
| 2018-12-25T12:21:21.793382857Z | 64 | PC: 12a80 | Write file or device (See above) |
| 2018-12-25T12:21:21.799102571Z | 87 | PC: 12cf6 | Get or set file date and time (See above) |
| 2018-12-25T12:21:21.800036598Z | 62 | PC: 12cfa | Close file (See above) |
| 2018-12-25T12:21:21.804870935Z | 67 | PC: 12d0d | Get or set file attributes (See above) |
| 2018-12-25T12:21:21.810713841Z | 79 | PC: 12c12 | Find next file (See above) |
| 2018-12-25T12:21:21.812237884Z | 61 | PC: 12c2a | Open file (See above) |
| 2018-12-25T12:21:21.816471269Z | 63 | PC: 12c3d | Read file or device (See above) |
| 2018-12-25T12:21:21.820710566Z | 44 | PC: 12c73 | Get time (See above) |
| 2018-12-25T12:21:21.822047007Z | 67 | PC: 12c8d | Get or set file attributes (See above) |
| 2018-12-25T12:21:21.828578749Z | 62 | PC: 12c91 | Close file (See above) |
| 2018-12-25T12:21:21.829705354Z | 61 | PC: 12c96 | Open file (See above) |
| 2018-12-25T12:21:21.836762106Z | 64 | PC: 12cab | Write file or device (See above) |
| 2018-12-25T12:21:21.842249813Z | 64 | PC: 12cbe | Write file or device (See above) |
| 2018-12-25T12:21:21.843958745Z | 64 | PC: 12cd3 | Write file or device (See above) |
| 2018-12-25T12:21:21.845526393Z | 66 | PC: 12cdc | Move file pointer (See above) |
| 2018-12-25T12:21:21.847027792Z | 64 | PC: 12a80 | Write file or device (See above) |
| 2018-12-25T12:21:21.852608832Z | 87 | PC: 12cf6 | Get or set file date and time (See above) |
| 2018-12-25T12:21:21.853632568Z | 62 | PC: 12cfa | Close file (See above) |
| 2018-12-25T12:21:21.859437431Z | 67 | PC: 12d0d | Get or set file attributes (See above) |
| 2018-12-25T12:21:21.868814695Z | 42 | PC: 12b57 | Get date 0x12b57: cmp dx, 0x709 0x12b5b: je 0x12b60 0x12b5d: jmp 0x12d80 0x12b60: jmp 0x12d13 0x12b63: and ah, bh 0x12b65: movsw word ptr es:[di], word ptr [si] 0x12b66: mov ax, 0x5c4c 0x12b69: add word ptr [di], ax 0x12b6b: add byte ptr [di - 0x75], dl 0x12b6e: in al, dx 0x12b6f: sub sp, 0x2c 0x12b72: push si 0x12b73: jmp 0x12be5 0x12b75: nop 0x12b76: mov ah, 0x1a 0x12b78: lea dx, word ptr [bp - 0x2c] 0x12b7b: int 0x21 0x12b7d: mov ah, 0x4e 0x12b7f: mov cx, 0x10 0x12b82: mov dx, 0x1a0 |
| 2018-12-25T12:21:21.870369625Z | 59 | PC: 12d8b | Change current directory |
| 2018-12-25T12:21:21.873211117Z | 59 | PC: 12d93 | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":8553,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:21:21.948815476Z | 71 | PC: 12b2e | Get current directory |
| 2018-12-25T12:21:21.951913512Z | 59 | PC: 12b3a | Change current directory |
| 2018-12-25T12:21:21.955660642Z | 26 | PC: 12bf0 | Set disk transfer address |
| 2018-12-25T12:21:21.956543372Z | 78 | PC: 12bfe | Find first file |
| 2018-12-25T12:21:21.967705815Z | 61 | PC: 12c2a | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:21:21.972864677Z | 63 | PC: 12c3d | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T12:21:21.979119963Z | 44 | PC: 12c73 | Get time 0x12c73: add dl, dh 0x12c75: je 0x12c6f 0x12c77: mov si, 0x115 0x12c7a: add si, word ptr [0x106] 0x12c7e: mov byte ptr [si], dl 0x12c80: mov ax, 0x4301 0x12c83: xor cx, cx 0x12c85: mov dx, si 0x12c87: add dx, 0xb2 0x12c8b: int 0x21 0x12c8d: mov ah, 0x3e 0x12c8f: int 0x21 0x12c91: mov ax, 0x3d02 0x12c94: int 0x21 0x12c96: jb 0x12c4c 0x12c98: mov di, dx 0x12c9a: add di, 0x63 0x12c9e: stosw word ptr es:[di], ax 0x12c9f: xchg ax, bx 0x12ca0: mov ah, 0x40 |
| 2018-12-25T12:21:21.981473025Z | 67 | PC: 12c8d | Get or set file attributes |
| 2018-12-25T12:21:21.991211721Z | 62 | PC: 12c91 | Close file |
| 2018-12-25T12:21:21.992789816Z | 61 | PC: 12c96 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:21:21.999584295Z | 64 | PC: 12cab | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:21:22.002173701Z | 64 | PC: 12cbe | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:21:22.004537812Z | 64 | PC: 12cd3 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:21:22.00742363Z | 66 | PC: 12cdc | Move file pointer |
| 2018-12-25T12:21:22.009274001Z | 64 | PC: 12a80 | Write file or device (Write 1136 bytes on handle 5) |
| 2018-12-25T12:21:22.018231656Z | 87 | PC: 12cf6 | Get or set file date and time |
| 2018-12-25T12:21:22.019883392Z | 62 | PC: 12cfa | Close file |
| 2018-12-25T12:21:22.028552073Z | 67 | PC: 12d0d | Get or set file attributes |
| 2018-12-25T12:21:22.038036989Z | 79 | PC: 12c12 | Find next file |
| 2018-12-25T12:21:22.040664939Z | 61 | PC: 12c2a | Open file (See above) |
| 2018-12-25T12:21:22.047025092Z | 63 | PC: 12c3d | Read file or device (See above) |
| 2018-12-25T12:21:22.053214138Z | 44 | PC: 12c73 | Get time (See above) |
| 2018-12-25T12:21:22.055165219Z | 67 | PC: 12c8d | Get or set file attributes (See above) |
| 2018-12-25T12:21:22.064921357Z | 62 | PC: 12c91 | Close file (See above) |
| 2018-12-25T12:21:22.066474053Z | 61 | PC: 12c96 | Open file (See above) |
| 2018-12-25T12:21:22.072758011Z | 64 | PC: 12cab | Write file or device (See above) |
| 2018-12-25T12:21:22.075768804Z | 64 | PC: 12cbe | Write file or device (See above) |
| 2018-12-25T12:21:22.078092022Z | 64 | PC: 12cd3 | Write file or device (See above) |
| 2018-12-25T12:21:22.080471215Z | 66 | PC: 12cdc | Move file pointer (See above) |
| 2018-12-25T12:21:22.08247741Z | 64 | PC: 12a80 | Write file or device (See above) |
| 2018-12-25T12:21:22.091576099Z | 87 | PC: 12cf6 | Get or set file date and time (See above) |
| 2018-12-25T12:21:22.092886823Z | 62 | PC: 12cfa | Close file (See above) |
| 2018-12-25T12:21:22.100493157Z | 67 | PC: 12d0d | Get or set file attributes (See above) |
| 2018-12-25T12:21:22.108832362Z | 79 | PC: 12c12 | Find next file (See above) |
| 2018-12-25T12:21:22.110546949Z | 61 | PC: 12c2a | Open file (See above) |
| 2018-12-25T12:21:22.114805286Z | 63 | PC: 12c3d | Read file or device (See above) |
| 2018-12-25T12:21:22.118983322Z | 44 | PC: 12c73 | Get time (See above) |
| 2018-12-25T12:21:22.120272336Z | 67 | PC: 12c8d | Get or set file attributes (See above) |
| 2018-12-25T12:21:22.12719476Z | 62 | PC: 12c91 | Close file (See above) |
| 2018-12-25T12:21:22.128314281Z | 61 | PC: 12c96 | Open file (See above) |
| 2018-12-25T12:21:22.135595838Z | 64 | PC: 12cab | Write file or device (See above) |
| 2018-12-25T12:21:22.139954155Z | 64 | PC: 12cbe | Write file or device (See above) |
| 2018-12-25T12:21:22.141566547Z | 64 | PC: 12cd3 | Write file or device (See above) |
| 2018-12-25T12:21:22.143245835Z | 66 | PC: 12cdc | Move file pointer (See above) |
| 2018-12-25T12:21:22.14478012Z | 64 | PC: 12a80 | Write file or device (See above) |
| 2018-12-25T12:21:22.150143592Z | 87 | PC: 12cf6 | Get or set file date and time (See above) |
| 2018-12-25T12:21:22.151104744Z | 62 | PC: 12cfa | Close file (See above) |
| 2018-12-25T12:21:22.156624644Z | 67 | PC: 12d0d | Get or set file attributes (See above) |
| 2018-12-25T12:21:22.166181152Z | 42 | PC: 12b57 | Get date 0x12b57: cmp dx, 0x709 0x12b5b: je 0x12b60 0x12b5d: jmp 0x12d80 0x12b60: jmp 0x12d13 0x12b63: and ah, bh 0x12b65: movsw word ptr es:[di], word ptr [si] 0x12b66: mov ax, 0x5c4c 0x12b69: add word ptr [di], ax 0x12b6b: add byte ptr [di - 0x75], dl 0x12b6e: in al, dx 0x12b6f: sub sp, 0x2c 0x12b72: push si 0x12b73: jmp 0x12be5 0x12b75: nop 0x12b76: mov ah, 0x1a 0x12b78: lea dx, word ptr [bp - 0x2c] 0x12b7b: int 0x21 0x12b7d: mov ah, 0x4e 0x12b7f: mov cx, 0x10 0x12b82: mov dx, 0x1a0 |
| 2018-12-25T12:21:22.168112894Z | 59 | PC: 12d8b | Change current directory |
| 2018-12-25T12:21:22.172100997Z | 59 | PC: 12d93 | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":8553,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:21:22.195995178Z | 71 | PC: 12b2e | Get current directory |
| 2018-12-25T12:21:22.198224Z | 59 | PC: 12b3a | Change current directory |
| 2018-12-25T12:21:22.200679659Z | 26 | PC: 12bf0 | Set disk transfer address |
| 2018-12-25T12:21:22.201381965Z | 78 | PC: 12bfe | Find first file |
| 2018-12-25T12:21:22.208165395Z | 61 | PC: 12c2a | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:21:22.214891795Z | 63 | PC: 12c3d | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T12:21:22.218746377Z | 44 | PC: 12c73 | Get time 0x12c73: add dl, dh 0x12c75: je 0x12c6f 0x12c77: mov si, 0x115 0x12c7a: add si, word ptr [0x106] 0x12c7e: mov byte ptr [si], dl 0x12c80: mov ax, 0x4301 0x12c83: xor cx, cx 0x12c85: mov dx, si 0x12c87: add dx, 0xb2 0x12c8b: int 0x21 0x12c8d: mov ah, 0x3e 0x12c8f: int 0x21 0x12c91: mov ax, 0x3d02 0x12c94: int 0x21 0x12c96: jb 0x12c4c 0x12c98: mov di, dx 0x12c9a: add di, 0x63 0x12c9e: stosw word ptr es:[di], ax 0x12c9f: xchg ax, bx 0x12ca0: mov ah, 0x40 |
| 2018-12-25T12:21:22.220769274Z | 67 | PC: 12c8d | Get or set file attributes |
| 2018-12-25T12:21:22.226757921Z | 62 | PC: 12c91 | Close file |
| 2018-12-25T12:21:22.227813114Z | 61 | PC: 12c96 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:21:22.231989169Z | 64 | PC: 12cab | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:21:22.233687156Z | 64 | PC: 12cbe | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:21:22.235231455Z | 64 | PC: 12cd3 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:21:22.236991919Z | 66 | PC: 12cdc | Move file pointer |
| 2018-12-25T12:21:22.238297063Z | 64 | PC: 12a80 | Write file or device (Write 1136 bytes on handle 5) |
| 2018-12-25T12:21:22.243826455Z | 87 | PC: 12cf6 | Get or set file date and time |
| 2018-12-25T12:21:22.244913966Z | 62 | PC: 12cfa | Close file |
| 2018-12-25T12:21:22.250133952Z | 67 | PC: 12d0d | Get or set file attributes |
| 2018-12-25T12:21:22.256021026Z | 79 | PC: 12c12 | Find next file |
| 2018-12-25T12:21:22.257740939Z | 61 | PC: 12c2a | Open file (See above) |
| 2018-12-25T12:21:22.26239671Z | 63 | PC: 12c3d | Read file or device (See above) |
| 2018-12-25T12:21:22.266761157Z | 44 | PC: 12c73 | Get time (See above) |
| 2018-12-25T12:21:22.268151935Z | 67 | PC: 12c8d | Get or set file attributes (See above) |
| 2018-12-25T12:21:22.276696781Z | 62 | PC: 12c91 | Close file (See above) |
| 2018-12-25T12:21:22.277932784Z | 61 | PC: 12c96 | Open file (See above) |
| 2018-12-25T12:21:22.286368134Z | 64 | PC: 12cab | Write file or device (See above) |
| 2018-12-25T12:21:22.290726942Z | 64 | PC: 12cbe | Write file or device (See above) |
| 2018-12-25T12:21:22.292329885Z | 64 | PC: 12cd3 | Write file or device (See above) |
| 2018-12-25T12:21:22.296027273Z | 66 | PC: 12cdc | Move file pointer (See above) |
| 2018-12-25T12:21:22.29734331Z | 64 | PC: 12a80 | Write file or device (See above) |
| 2018-12-25T12:21:22.302805159Z | 87 | PC: 12cf6 | Get or set file date and time (See above) |
| 2018-12-25T12:21:22.303787494Z | 62 | PC: 12cfa | Close file (See above) |
| 2018-12-25T12:21:22.308769208Z | 67 | PC: 12d0d | Get or set file attributes (See above) |
| 2018-12-25T12:21:22.315109579Z | 79 | PC: 12c12 | Find next file (See above) |
| 2018-12-25T12:21:22.31677552Z | 61 | PC: 12c2a | Open file (See above) |
| 2018-12-25T12:21:22.321415969Z | 63 | PC: 12c3d | Read file or device (See above) |
| 2018-12-25T12:21:22.325552097Z | 44 | PC: 12c73 | Get time (See above) |
| 2018-12-25T12:21:22.327557976Z | 67 | PC: 12c8d | Get or set file attributes (See above) |
| 2018-12-25T12:21:22.337549312Z | 62 | PC: 12c91 | Close file (See above) |
| 2018-12-25T12:21:22.339133826Z | 61 | PC: 12c96 | Open file (See above) |
| 2018-12-25T12:21:22.350536565Z | 64 | PC: 12cab | Write file or device (See above) |
| 2018-12-25T12:21:22.357153216Z | 64 | PC: 12cbe | Write file or device (See above) |
| 2018-12-25T12:21:22.359536739Z | 64 | PC: 12cd3 | Write file or device (See above) |
| 2018-12-25T12:21:22.361872313Z | 66 | PC: 12cdc | Move file pointer (See above) |
| 2018-12-25T12:21:22.363825323Z | 64 | PC: 12a80 | Write file or device (See above) |
| 2018-12-25T12:21:22.37231384Z | 87 | PC: 12cf6 | Get or set file date and time (See above) |
| 2018-12-25T12:21:22.373544678Z | 62 | PC: 12cfa | Close file (See above) |
| 2018-12-25T12:21:22.381079928Z | 67 | PC: 12d0d | Get or set file attributes (See above) |
| 2018-12-25T12:21:22.390526123Z | 42 | PC: 12b57 | Get date 0x12b57: cmp dx, 0x709 0x12b5b: je 0x12b60 0x12b5d: jmp 0x12d80 0x12b60: jmp 0x12d13 0x12b63: and ah, bh 0x12b65: movsw word ptr es:[di], word ptr [si] 0x12b66: mov ax, 0x5c4c 0x12b69: add word ptr [di], ax 0x12b6b: add byte ptr [di - 0x75], dl 0x12b6e: in al, dx 0x12b6f: sub sp, 0x2c 0x12b72: push si 0x12b73: jmp 0x12be5 0x12b75: nop 0x12b76: mov ah, 0x1a 0x12b78: lea dx, word ptr [bp - 0x2c] 0x12b7b: int 0x21 0x12b7d: mov ah, 0x4e 0x12b7f: mov cx, 0x10 0x12b82: mov dx, 0x1a0 |
| 2018-12-25T12:21:22.392434838Z | 59 | PC: 12d8b | Change current directory |
| 2018-12-25T12:21:22.396565023Z | 59 | PC: 12d93 | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":8553,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:21:22.459157088Z | 71 | PC: 12b2e | Get current directory |
| 2018-12-25T12:21:22.462126129Z | 59 | PC: 12b3a | Change current directory |
| 2018-12-25T12:21:22.46575972Z | 26 | PC: 12bf0 | Set disk transfer address |
| 2018-12-25T12:21:22.466738928Z | 78 | PC: 12bfe | Find first file |
| 2018-12-25T12:21:22.477717644Z | 61 | PC: 12c2a | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:21:22.481711049Z | 63 | PC: 12c3d | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T12:21:22.485655534Z | 44 | PC: 12c73 | Get time 0x12c73: add dl, dh 0x12c75: je 0x12c6f 0x12c77: mov si, 0x115 0x12c7a: add si, word ptr [0x106] 0x12c7e: mov byte ptr [si], dl 0x12c80: mov ax, 0x4301 0x12c83: xor cx, cx 0x12c85: mov dx, si 0x12c87: add dx, 0xb2 0x12c8b: int 0x21 0x12c8d: mov ah, 0x3e 0x12c8f: int 0x21 0x12c91: mov ax, 0x3d02 0x12c94: int 0x21 0x12c96: jb 0x12c4c 0x12c98: mov di, dx 0x12c9a: add di, 0x63 0x12c9e: stosw word ptr es:[di], ax 0x12c9f: xchg ax, bx 0x12ca0: mov ah, 0x40 |
| 2018-12-25T12:21:22.488001034Z | 67 | PC: 12c8d | Get or set file attributes |
| 2018-12-25T12:21:22.495152145Z | 62 | PC: 12c91 | Close file |
| 2018-12-25T12:21:22.497467249Z | 61 | PC: 12c96 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:21:22.504831604Z | 64 | PC: 12cab | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:21:22.508249059Z | 64 | PC: 12cbe | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:21:22.510714231Z | 64 | PC: 12cd3 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:21:22.513049178Z | 66 | PC: 12cdc | Move file pointer |
| 2018-12-25T12:21:22.514912488Z | 64 | PC: 12a80 | Write file or device (Write 1136 bytes on handle 5) |
| 2018-12-25T12:21:22.523685417Z | 87 | PC: 12cf6 | Get or set file date and time |
| 2018-12-25T12:21:22.525087479Z | 62 | PC: 12cfa | Close file |
| 2018-12-25T12:21:22.532469583Z | 67 | PC: 12d0d | Get or set file attributes |
| 2018-12-25T12:21:22.545431849Z | 79 | PC: 12c12 | Find next file |
| 2018-12-25T12:21:22.547777454Z | 61 | PC: 12c2a | Open file (See above) |
| 2018-12-25T12:21:22.554084673Z | 63 | PC: 12c3d | Read file or device (See above) |
| 2018-12-25T12:21:22.559961111Z | 44 | PC: 12c73 | Get time (See above) |
| 2018-12-25T12:21:22.561845892Z | 67 | PC: 12c8d | Get or set file attributes (See above) |
| 2018-12-25T12:21:22.571450772Z | 62 | PC: 12c91 | Close file (See above) |
| 2018-12-25T12:21:22.572744435Z | 61 | PC: 12c96 | Open file (See above) |
| 2018-12-25T12:21:22.576644088Z | 64 | PC: 12cab | Write file or device (See above) |
| 2018-12-25T12:21:22.578704897Z | 64 | PC: 12cbe | Write file or device (See above) |
| 2018-12-25T12:21:22.580340322Z | 64 | PC: 12cd3 | Write file or device (See above) |
| 2018-12-25T12:21:22.581921173Z | 66 | PC: 12cdc | Move file pointer (See above) |
| 2018-12-25T12:21:22.583388407Z | 64 | PC: 12a80 | Write file or device (See above) |
| 2018-12-25T12:21:22.591799701Z | 87 | PC: 12cf6 | Get or set file date and time (See above) |
| 2018-12-25T12:21:22.593072052Z | 62 | PC: 12cfa | Close file (See above) |
| 2018-12-25T12:21:22.600583852Z | 67 | PC: 12d0d | Get or set file attributes (See above) |
| 2018-12-25T12:21:22.610127073Z | 79 | PC: 12c12 | Find next file (See above) |
| 2018-12-25T12:21:22.61241774Z | 61 | PC: 12c2a | Open file (See above) |
| 2018-12-25T12:21:22.618763653Z | 63 | PC: 12c3d | Read file or device (See above) |
| 2018-12-25T12:21:22.624730367Z | 44 | PC: 12c73 | Get time (See above) |
| 2018-12-25T12:21:22.626797133Z | 67 | PC: 12c8d | Get or set file attributes (See above) |
| 2018-12-25T12:21:22.636410562Z | 62 | PC: 12c91 | Close file (See above) |
| 2018-12-25T12:21:22.637916603Z | 61 | PC: 12c96 | Open file (See above) |
| 2018-12-25T12:21:22.643925928Z | 64 | PC: 12cab | Write file or device (See above) |
| 2018-12-25T12:21:22.646835703Z | 64 | PC: 12cbe | Write file or device (See above) |
| 2018-12-25T12:21:22.649203433Z | 64 | PC: 12cd3 | Write file or device (See above) |
| 2018-12-25T12:21:22.651524452Z | 66 | PC: 12cdc | Move file pointer (See above) |
| 2018-12-25T12:21:22.653507046Z | 64 | PC: 12a80 | Write file or device (See above) |
| 2018-12-25T12:21:22.662053704Z | 87 | PC: 12cf6 | Get or set file date and time (See above) |
| 2018-12-25T12:21:22.663456659Z | 62 | PC: 12cfa | Close file (See above) |
| 2018-12-25T12:21:22.671046991Z | 67 | PC: 12d0d | Get or set file attributes (See above) |
| 2018-12-25T12:21:22.677286616Z | 42 | PC: 12b57 | Get date 0x12b57: cmp dx, 0x709 0x12b5b: je 0x12b60 0x12b5d: jmp 0x12d80 0x12b60: jmp 0x12d13 0x12b63: and ah, bh 0x12b65: movsw word ptr es:[di], word ptr [si] 0x12b66: mov ax, 0x5c4c 0x12b69: add word ptr [di], ax 0x12b6b: add byte ptr [di - 0x75], dl 0x12b6e: in al, dx 0x12b6f: sub sp, 0x2c 0x12b72: push si 0x12b73: jmp 0x12be5 0x12b75: nop 0x12b76: mov ah, 0x1a 0x12b78: lea dx, word ptr [bp - 0x2c] 0x12b7b: int 0x21 0x12b7d: mov ah, 0x4e 0x12b7f: mov cx, 0x10 0x12b82: mov dx, 0x1a0 |
| 2018-12-25T12:21:22.678625636Z | 59 | PC: 12d8b | Change current directory |
| 2018-12-25T12:21:22.681381011Z | 59 | PC: 12d93 | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":8553,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:21:22.68767015Z | 71 | PC: 12b2e | Get current directory |
| 2018-12-25T12:21:22.6907974Z | 59 | PC: 12b3a | Change current directory |
| 2018-12-25T12:21:22.69465703Z | 26 | PC: 12bf0 | Set disk transfer address |
| 2018-12-25T12:21:22.695614125Z | 78 | PC: 12bfe | Find first file |
| 2018-12-25T12:21:22.70563916Z | 61 | PC: 12c2a | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:21:22.711963034Z | 63 | PC: 12c3d | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T12:21:22.718076968Z | 44 | PC: 12c73 | Get time 0x12c73: add dl, dh 0x12c75: je 0x12c6f 0x12c77: mov si, 0x115 0x12c7a: add si, word ptr [0x106] 0x12c7e: mov byte ptr [si], dl 0x12c80: mov ax, 0x4301 0x12c83: xor cx, cx 0x12c85: mov dx, si 0x12c87: add dx, 0xb2 0x12c8b: int 0x21 0x12c8d: mov ah, 0x3e 0x12c8f: int 0x21 0x12c91: mov ax, 0x3d02 0x12c94: int 0x21 0x12c96: jb 0x12c4c 0x12c98: mov di, dx 0x12c9a: add di, 0x63 0x12c9e: stosw word ptr es:[di], ax 0x12c9f: xchg ax, bx 0x12ca0: mov ah, 0x40 |
| 2018-12-25T12:21:22.720562264Z | 67 | PC: 12c8d | Get or set file attributes |
| 2018-12-25T12:21:22.730214478Z | 62 | PC: 12c91 | Close file |
| 2018-12-25T12:21:22.731772916Z | 61 | PC: 12c96 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:21:22.738409697Z | 64 | PC: 12cab | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:21:22.741012129Z | 64 | PC: 12cbe | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:21:22.743415565Z | 64 | PC: 12cd3 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:21:22.74631502Z | 66 | PC: 12cdc | Move file pointer |
| 2018-12-25T12:21:22.748019311Z | 64 | PC: 12a80 | Write file or device (Write 1136 bytes on handle 5) |
| 2018-12-25T12:21:22.756881509Z | 87 | PC: 12cf6 | Get or set file date and time |
| 2018-12-25T12:21:22.758437775Z | 62 | PC: 12cfa | Close file |
| 2018-12-25T12:21:22.766058196Z | 67 | PC: 12d0d | Get or set file attributes |
| 2018-12-25T12:21:22.773698495Z | 79 | PC: 12c12 | Find next file |
| 2018-12-25T12:21:22.775523789Z | 61 | PC: 12c2a | Open file (See above) |
| 2018-12-25T12:21:22.779944794Z | 63 | PC: 12c3d | Read file or device (See above) |
| 2018-12-25T12:21:22.783783004Z | 44 | PC: 12c73 | Get time (See above) |
| 2018-12-25T12:21:22.785110457Z | 67 | PC: 12c8d | Get or set file attributes (See above) |
| 2018-12-25T12:21:22.791301205Z | 62 | PC: 12c91 | Close file (See above) |
| 2018-12-25T12:21:22.792389421Z | 61 | PC: 12c96 | Open file (See above) |
| 2018-12-25T12:21:22.796290191Z | 64 | PC: 12cab | Write file or device (See above) |
| 2018-12-25T12:21:22.798634174Z | 64 | PC: 12cbe | Write file or device (See above) |
| 2018-12-25T12:21:22.801103077Z | 64 | PC: 12cd3 | Write file or device (See above) |
| 2018-12-25T12:21:22.803531749Z | 66 | PC: 12cdc | Move file pointer (See above) |
| 2018-12-25T12:21:22.806144567Z | 64 | PC: 12a80 | Write file or device (See above) |
| 2018-12-25T12:21:22.812311419Z | 87 | PC: 12cf6 | Get or set file date and time (See above) |
| 2018-12-25T12:21:22.813494337Z | 62 | PC: 12cfa | Close file (See above) |
| 2018-12-25T12:21:22.821365287Z | 67 | PC: 12d0d | Get or set file attributes (See above) |
| 2018-12-25T12:21:22.833639923Z | 79 | PC: 12c12 | Find next file (See above) |
| 2018-12-25T12:21:22.83602421Z | 61 | PC: 12c2a | Open file (See above) |
| 2018-12-25T12:21:22.842683492Z | 63 | PC: 12c3d | Read file or device (See above) |
| 2018-12-25T12:21:22.848743424Z | 44 | PC: 12c73 | Get time (See above) |
| 2018-12-25T12:21:22.850663302Z | 67 | PC: 12c8d | Get or set file attributes (See above) |
| 2018-12-25T12:21:22.860333809Z | 62 | PC: 12c91 | Close file (See above) |
| 2018-12-25T12:21:22.861891695Z | 61 | PC: 12c96 | Open file (See above) |
| 2018-12-25T12:21:22.868126213Z | 64 | PC: 12cab | Write file or device (See above) |
| 2018-12-25T12:21:22.871080747Z | 64 | PC: 12cbe | Write file or device (See above) |
| 2018-12-25T12:21:22.873446839Z | 64 | PC: 12cd3 | Write file or device (See above) |
| 2018-12-25T12:21:22.87574871Z | 66 | PC: 12cdc | Move file pointer (See above) |
| 2018-12-25T12:21:22.877900212Z | 64 | PC: 12a80 | Write file or device (See above) |
| 2018-12-25T12:21:22.886500081Z | 87 | PC: 12cf6 | Get or set file date and time (See above) |
| 2018-12-25T12:21:22.887789464Z | 62 | PC: 12cfa | Close file (See above) |
| 2018-12-25T12:21:22.895523608Z | 67 | PC: 12d0d | Get or set file attributes (See above) |
| 2018-12-25T12:21:22.905024641Z | 42 | PC: 12b57 | Get date 0x12b57: cmp dx, 0x709 0x12b5b: je 0x12b60 0x12b5d: jmp 0x12d80 0x12b60: jmp 0x12d13 0x12b63: and ah, bh 0x12b65: movsw word ptr es:[di], word ptr [si] 0x12b66: mov ax, 0x5c4c 0x12b69: add word ptr [di], ax 0x12b6b: add byte ptr [di - 0x75], dl 0x12b6e: in al, dx 0x12b6f: sub sp, 0x2c 0x12b72: push si 0x12b73: jmp 0x12be5 0x12b75: nop 0x12b76: mov ah, 0x1a 0x12b78: lea dx, word ptr [bp - 0x2c] 0x12b7b: int 0x21 0x12b7d: mov ah, 0x4e 0x12b7f: mov cx, 0x10 0x12b82: mov dx, 0x1a0 |
| 2018-12-25T12:21:22.906937149Z | 59 | PC: 12d8b | Change current directory |
| 2018-12-25T12:21:22.911067223Z | 59 | PC: 12d93 | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":8553,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:21:22.930670499Z | 71 | PC: 12b2e | Get current directory |
| 2018-12-25T12:21:22.93239074Z | 59 | PC: 12b3a | Change current directory |
| 2018-12-25T12:21:22.934859946Z | 26 | PC: 12bf0 | Set disk transfer address |
| 2018-12-25T12:21:22.935834545Z | 78 | PC: 12bfe | Find first file |
| 2018-12-25T12:21:22.942377619Z | 61 | PC: 12c2a | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:21:22.949226423Z | 63 | PC: 12c3d | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T12:21:22.954730117Z | 44 | PC: 12c73 | Get time 0x12c73: add dl, dh 0x12c75: je 0x12c6f 0x12c77: mov si, 0x115 0x12c7a: add si, word ptr [0x106] 0x12c7e: mov byte ptr [si], dl 0x12c80: mov ax, 0x4301 0x12c83: xor cx, cx 0x12c85: mov dx, si 0x12c87: add dx, 0xb2 0x12c8b: int 0x21 0x12c8d: mov ah, 0x3e 0x12c8f: int 0x21 0x12c91: mov ax, 0x3d02 0x12c94: int 0x21 0x12c96: jb 0x12c4c 0x12c98: mov di, dx 0x12c9a: add di, 0x63 0x12c9e: stosw word ptr es:[di], ax 0x12c9f: xchg ax, bx 0x12ca0: mov ah, 0x40 |
| 2018-12-25T12:21:22.956863368Z | 67 | PC: 12c8d | Get or set file attributes |
| 2018-12-25T12:21:22.965110695Z | 62 | PC: 12c91 | Close file |
| 2018-12-25T12:21:22.967628561Z | 61 | PC: 12c96 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:21:22.974058579Z | 64 | PC: 12cab | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:21:22.976632706Z | 64 | PC: 12cbe | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:21:22.979391055Z | 64 | PC: 12cd3 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:21:22.981703869Z | 66 | PC: 12cdc | Move file pointer |
| 2018-12-25T12:21:22.983320403Z | 64 | PC: 12a80 | Write file or device (Write 1136 bytes on handle 5) |
| 2018-12-25T12:21:22.992553156Z | 87 | PC: 12cf6 | Get or set file date and time |
| 2018-12-25T12:21:22.993913948Z | 62 | PC: 12cfa | Close file |
| 2018-12-25T12:21:23.00134311Z | 67 | PC: 12d0d | Get or set file attributes |
| 2018-12-25T12:21:23.008683265Z | 79 | PC: 12c12 | Find next file |
| 2018-12-25T12:21:23.010611701Z | 61 | PC: 12c2a | Open file (See above) |
| 2018-12-25T12:21:23.022994596Z | 63 | PC: 12c3d | Read file or device (See above) |
| 2018-12-25T12:21:23.029497908Z | 44 | PC: 12c73 | Get time (See above) |
| 2018-12-25T12:21:23.031511716Z | 67 | PC: 12c8d | Get or set file attributes (See above) |
| 2018-12-25T12:21:23.041092267Z | 62 | PC: 12c91 | Close file (See above) |
| 2018-12-25T12:21:23.043072321Z | 61 | PC: 12c96 | Open file (See above) |
| 2018-12-25T12:21:23.049529349Z | 64 | PC: 12cab | Write file or device (See above) |
| 2018-12-25T12:21:23.052099896Z | 64 | PC: 12cbe | Write file or device (See above) |
| 2018-12-25T12:21:23.054915511Z | 64 | PC: 12cd3 | Write file or device (See above) |
| 2018-12-25T12:21:23.057309875Z | 66 | PC: 12cdc | Move file pointer (See above) |
| 2018-12-25T12:21:23.058963308Z | 64 | PC: 12a80 | Write file or device (See above) |
| 2018-12-25T12:21:23.067753348Z | 87 | PC: 12cf6 | Get or set file date and time (See above) |
| 2018-12-25T12:21:23.069319358Z | 62 | PC: 12cfa | Close file (See above) |
| 2018-12-25T12:21:23.076593923Z | 67 | PC: 12d0d | Get or set file attributes (See above) |
| 2018-12-25T12:21:23.086515885Z | 79 | PC: 12c12 | Find next file (See above) |
| 2018-12-25T12:21:23.089062286Z | 61 | PC: 12c2a | Open file (See above) |
| 2018-12-25T12:21:23.095328109Z | 63 | PC: 12c3d | Read file or device (See above) |
| 2018-12-25T12:21:23.101428653Z | 44 | PC: 12c73 | Get time (See above) |
| 2018-12-25T12:21:23.10454816Z | 67 | PC: 12c8d | Get or set file attributes (See above) |
| 2018-12-25T12:21:23.11421932Z | 62 | PC: 12c91 | Close file (See above) |
| 2018-12-25T12:21:23.115862071Z | 61 | PC: 12c96 | Open file (See above) |
| 2018-12-25T12:21:23.122723147Z | 64 | PC: 12cab | Write file or device (See above) |
| 2018-12-25T12:21:23.125287965Z | 64 | PC: 12cbe | Write file or device (See above) |
| 2018-12-25T12:21:23.127681564Z | 64 | PC: 12cd3 | Write file or device (See above) |
| 2018-12-25T12:21:23.130412103Z | 66 | PC: 12cdc | Move file pointer (See above) |
| 2018-12-25T12:21:23.132074259Z | 64 | PC: 12a80 | Write file or device (See above) |
| 2018-12-25T12:21:23.140713106Z | 87 | PC: 12cf6 | Get or set file date and time (See above) |
| 2018-12-25T12:21:23.142466167Z | 62 | PC: 12cfa | Close file (See above) |
| 2018-12-25T12:21:23.150158434Z | 67 | PC: 12d0d | Get or set file attributes (See above) |
| 2018-12-25T12:21:23.159754155Z | 42 | PC: 12b57 | Get date 0x12b57: cmp dx, 0x709 0x12b5b: je 0x12b60 0x12b5d: jmp 0x12d80 0x12b60: jmp 0x12d13 0x12b63: and ah, bh 0x12b65: movsw word ptr es:[di], word ptr [si] 0x12b66: mov ax, 0x5c4c 0x12b69: add word ptr [di], ax 0x12b6b: add byte ptr [di - 0x75], dl 0x12b6e: in al, dx 0x12b6f: sub sp, 0x2c 0x12b72: push si 0x12b73: jmp 0x12be5 0x12b75: nop 0x12b76: mov ah, 0x1a 0x12b78: lea dx, word ptr [bp - 0x2c] 0x12b7b: int 0x21 0x12b7d: mov ah, 0x4e 0x12b7f: mov cx, 0x10 0x12b82: mov dx, 0x1a0 |
| 2018-12-25T12:21:23.162187984Z | 59 | PC: 12d8b | Change current directory |
| 2018-12-25T12:21:23.165947719Z | 59 | PC: 12d93 | Change current directory |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":8553,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:21:23.176675903Z | 71 | PC: 12b2e | Get current directory |
| 2018-12-25T12:21:23.179722678Z | 59 | PC: 12b3a | Change current directory |
| 2018-12-25T12:21:23.183605291Z | 26 | PC: 12bf0 | Set disk transfer address |
| 2018-12-25T12:21:23.184494056Z | 78 | PC: 12bfe | Find first file |
| 2018-12-25T12:21:23.195647892Z | 61 | PC: 12c2a | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:21:23.202417057Z | 63 | PC: 12c3d | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T12:21:23.208547393Z | 44 | PC: 12c73 | Get time 0x12c73: add dl, dh 0x12c75: je 0x12c6f 0x12c77: mov si, 0x115 0x12c7a: add si, word ptr [0x106] 0x12c7e: mov byte ptr [si], dl 0x12c80: mov ax, 0x4301 0x12c83: xor cx, cx 0x12c85: mov dx, si 0x12c87: add dx, 0xb2 0x12c8b: int 0x21 0x12c8d: mov ah, 0x3e 0x12c8f: int 0x21 0x12c91: mov ax, 0x3d02 0x12c94: int 0x21 0x12c96: jb 0x12c4c 0x12c98: mov di, dx 0x12c9a: add di, 0x63 0x12c9e: stosw word ptr es:[di], ax 0x12c9f: xchg ax, bx 0x12ca0: mov ah, 0x40 |
| 2018-12-25T12:21:23.210966173Z | 67 | PC: 12c8d | Get or set file attributes |
| 2018-12-25T12:21:23.22082172Z | 62 | PC: 12c91 | Close file |
| 2018-12-25T12:21:23.222873205Z | 61 | PC: 12c96 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:21:23.230120413Z | 64 | PC: 12cab | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:21:23.23308356Z | 64 | PC: 12cbe | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:21:23.236120821Z | 64 | PC: 12cd3 | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T12:21:23.240231008Z | 66 | PC: 12cdc | Move file pointer |
| 2018-12-25T12:21:23.24191073Z | 64 | PC: 12a80 | Write file or device (Write 1136 bytes on handle 5) |
| 2018-12-25T12:21:23.250023375Z | 87 | PC: 12cf6 | Get or set file date and time |
| 2018-12-25T12:21:23.251664765Z | 62 | PC: 12cfa | Close file |
| 2018-12-25T12:21:23.256550488Z | 67 | PC: 12d0d | Get or set file attributes |
| 2018-12-25T12:21:23.264189979Z | 79 | PC: 12c12 | Find next file |
| 2018-12-25T12:21:23.266293208Z | 61 | PC: 12c2a | Open file (See above) |
| 2018-12-25T12:21:23.270259635Z | 63 | PC: 12c3d | Read file or device (See above) |
| 2018-12-25T12:21:23.274220474Z | 44 | PC: 12c73 | Get time (See above) |
| 2018-12-25T12:21:23.276052074Z | 67 | PC: 12c8d | Get or set file attributes (See above) |
| 2018-12-25T12:21:23.282319636Z | 62 | PC: 12c91 | Close file (See above) |
| 2018-12-25T12:21:23.284052416Z | 61 | PC: 12c96 | Open file (See above) |
| 2018-12-25T12:21:23.29096544Z | 64 | PC: 12cab | Write file or device (See above) |
| 2018-12-25T12:21:23.293567635Z | 64 | PC: 12cbe | Write file or device (See above) |
| 2018-12-25T12:21:23.295964917Z | 64 | PC: 12cd3 | Write file or device (See above) |
| 2018-12-25T12:21:23.298710517Z | 66 | PC: 12cdc | Move file pointer (See above) |
| 2018-12-25T12:21:23.300862028Z | 64 | PC: 12a80 | Write file or device (See above) |
| 2018-12-25T12:21:23.309601544Z | 87 | PC: 12cf6 | Get or set file date and time (See above) |
| 2018-12-25T12:21:23.311202127Z | 62 | PC: 12cfa | Close file (See above) |
| 2018-12-25T12:21:23.31877404Z | 67 | PC: 12d0d | Get or set file attributes (See above) |
| 2018-12-25T12:21:23.330997597Z | 79 | PC: 12c12 | Find next file (See above) |
| 2018-12-25T12:21:23.333600287Z | 61 | PC: 12c2a | Open file (See above) |
| 2018-12-25T12:21:23.340184482Z | 63 | PC: 12c3d | Read file or device (See above) |
| 2018-12-25T12:21:23.346418802Z | 44 | PC: 12c73 | Get time (See above) |
| 2018-12-25T12:21:23.348678943Z | 67 | PC: 12c8d | Get or set file attributes (See above) |
| 2018-12-25T12:21:23.35925567Z | 62 | PC: 12c91 | Close file (See above) |
| 2018-12-25T12:21:23.360941858Z | 61 | PC: 12c96 | Open file (See above) |
| 2018-12-25T12:21:23.367630038Z | 64 | PC: 12cab | Write file or device (See above) |
| 2018-12-25T12:21:23.379010633Z | 64 | PC: 12cbe | Write file or device (See above) |
| 2018-12-25T12:21:23.381537132Z | 64 | PC: 12cd3 | Write file or device (See above) |
| 2018-12-25T12:21:23.383955607Z | 66 | PC: 12cdc | Move file pointer (See above) |
| 2018-12-25T12:21:23.386394225Z | 64 | PC: 12a80 | Write file or device (See above) |
| 2018-12-25T12:21:23.395202195Z | 87 | PC: 12cf6 | Get or set file date and time (See above) |
| 2018-12-25T12:21:23.396528936Z | 62 | PC: 12cfa | Close file (See above) |
| 2018-12-25T12:21:23.404522337Z | 67 | PC: 12d0d | Get or set file attributes (See above) |
| 2018-12-25T12:21:23.414273693Z | 42 | PC: 12b57 | Get date 0x12b57: cmp dx, 0x709 0x12b5b: je 0x12b60 0x12b5d: jmp 0x12d80 0x12b60: jmp 0x12d13 0x12b63: and ah, bh 0x12b65: movsw word ptr es:[di], word ptr [si] 0x12b66: mov ax, 0x5c4c 0x12b69: add word ptr [di], ax 0x12b6b: add byte ptr [di - 0x75], dl 0x12b6e: in al, dx 0x12b6f: sub sp, 0x2c 0x12b72: push si 0x12b73: jmp 0x12be5 0x12b75: nop 0x12b76: mov ah, 0x1a 0x12b78: lea dx, word ptr [bp - 0x2c] 0x12b7b: int 0x21 0x12b7d: mov ah, 0x4e 0x12b7f: mov cx, 0x10 0x12b82: mov dx, 0x1a0 |
| 2018-12-25T12:21:23.416329998Z | 59 | PC: 12d8b | Change current directory |
| 2018-12-25T12:21:23.420545261Z | 59 | PC: 12d93 | Change current directory |