{"DateBased":true,"Day":1,"Month":7,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":898,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:41:57.430821864Z | 26 | PC: 12a73 | Set disk transfer address |
| 2018-12-25T11:41:57.432687324Z | 37 | PC: 12a81 | Set interrupt vector (Interrupt = '1' AKA 'Character input') |
| 2018-12-25T11:41:57.434962798Z | 37 | PC: 12a85 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input') |
| 2018-12-25T11:41:57.436543429Z | 78 | PC: 12ad1 | Find first file |
| 2018-12-25T11:41:57.443288333Z | 61 | PC: 12d4a | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:41:57.451512453Z | 63 | PC: 12d59 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T11:41:57.458589933Z | 66 | PC: 12d68 | Move file pointer |
| 2018-12-25T11:41:57.460535956Z | 66 | PC: 12d77 | Move file pointer |
| 2018-12-25T11:41:57.463043484Z | 64 | PC: 12d83 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:41:57.466791092Z | 66 | PC: 12d8f | Move file pointer |
| 2018-12-25T11:41:57.468644891Z | 44 | PC: 12d93 | Get time 0x12d93: mov byte ptr [bp + 0x476], dl 0x12d97: call 0x12dad 0x12d9a: mov ah, 0x40 0x12d9c: mov cx, 0x376 0x12d9f: lea dx, word ptr [bp + 0x106] 0x12da3: int 0x21 0x12da5: call 0x12dad 0x12da8: mov ah, 0x3e 0x12daa: int 0x21 0x12dac: ret 0x12dad: lea si, word ptr [bp + 0x120] 0x12db1: mov cx, 0x337 0x12db4: xor byte ptr [si], 0 0x12db7: inc si 0x12db8: dec cx 0x12db9: jne 0x12db4 0x12dbb: ret 0x12dbc: add word ptr [bx], di 0x12dbe: aas 0x12dbf: aas |
| 2018-12-25T11:41:57.472008832Z | 64 | PC: 12da5 | Write file or device (Write 886 bytes on handle 5) |
| 2018-12-25T11:41:57.489884215Z | 62 | PC: 12dac | Close file |
| 2018-12-25T11:41:57.499410051Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:41:57.502824501Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:41:57.510631096Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:41:57.517813225Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:41:57.519717938Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:41:57.522207353Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:41:57.525129171Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:41:57.526676862Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:41:57.529965813Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:41:57.539374Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:41:57.548410405Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:41:57.551512256Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:41:57.563108577Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:41:57.576076094Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:41:57.57943242Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:41:57.581593276Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:41:57.585023022Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:41:57.586583837Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:41:57.589910427Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:41:57.600408701Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:41:57.623986318Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:41:57.62890162Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:41:57.64164542Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:41:57.652488696Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:41:57.655963257Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:41:57.65864093Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:41:57.662182337Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:41:57.665091102Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:41:57.66969482Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:41:57.679690874Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:41:57.688302985Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:41:57.691921797Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:41:57.70149411Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:41:57.711986171Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:41:57.713796056Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:41:57.715878139Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:41:57.719223733Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:41:57.721705418Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:41:57.724775716Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:41:57.734318725Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:41:57.747014143Z | 26 | PC: 12aeb | Set disk transfer address |
| 2018-12-25T11:41:57.749182312Z | 42 | PC: 12af7 | Get date 0x12af7: cmp dh, 7 0x12afa: jne 0x12b04 0x12afc: cmp dl, 0xe 0x12aff: jne 0x12b04 0x12b01: call 0x12b2e 0x12b04: mov ah, 0x2a 0x12b06: int 0x21 0x12b08: cmp dh, 0xb 0x12b0b: jl 0x12b15 0x12b0d: cmp dl, 8 0x12b10: jl 0x12b15 0x12b12: call 0x12b3b 0x12b15: mov ah, 0x2a 0x12b17: int 0x21 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 |
| 2018-12-25T11:41:57.751495988Z | 42 | PC: 12b08 | Get date 0x12b08: cmp dh, 0xb 0x12b0b: jl 0x12b15 0x12b0d: cmp dl, 8 0x12b10: jl 0x12b15 0x12b12: call 0x12b3b 0x12b15: mov ah, 0x2a 0x12b17: int 0x21 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al |
| 2018-12-25T11:41:57.754755186Z | 42 | PC: 12b19 | Get date 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al 0x12b36: cmp al, 0 0x12b38: jne 0x12b30 0x12b3a: ret 0x12b3b: mov ah, 0x19 0x12b3d: int 0x21 0x12b3f: mov cx, 0x1111 0x12b42: mov dx, 0 |
| 2018-12-25T11:41:57.75774604Z | 19 | PC: 12b55 | Delete file |
| 2018-12-25T11:41:57.764254339Z | 44 | PC: 12b25 | Get time 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al 0x12b36: cmp al, 0 0x12b38: jne 0x12b30 0x12b3a: ret 0x12b3b: mov ah, 0x19 0x12b3d: int 0x21 0x12b3f: mov cx, 0x1111 0x12b42: mov dx, 0 0x12b45: int 0x26 0x12b47: add sp, 2 0x12b4a: ret 0x12b4b: mov ah, 0x13 0x12b4d: push cs |
{"DateBased":true,"Day":14,"Month":7,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":898,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:41:57.556923717Z | 26 | PC: 12a73 | Set disk transfer address |
| 2018-12-25T11:41:57.558631918Z | 37 | PC: 12a81 | Set interrupt vector (Interrupt = '1' AKA 'Character input') |
| 2018-12-25T11:41:57.561445361Z | 37 | PC: 12a85 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input') |
| 2018-12-25T11:41:57.563235654Z | 78 | PC: 12ad1 | Find first file |
| 2018-12-25T11:41:57.570375789Z | 61 | PC: 12d4a | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:41:57.579432411Z | 63 | PC: 12d59 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T11:41:57.588337475Z | 66 | PC: 12d68 | Move file pointer |
| 2018-12-25T11:41:57.595475456Z | 66 | PC: 12d77 | Move file pointer |
| 2018-12-25T11:41:57.59834644Z | 64 | PC: 12d83 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:41:57.601874243Z | 66 | PC: 12d8f | Move file pointer |
| 2018-12-25T11:41:57.603777249Z | 44 | PC: 12d93 | Get time 0x12d93: mov byte ptr [bp + 0x476], dl 0x12d97: call 0x12dad 0x12d9a: mov ah, 0x40 0x12d9c: mov cx, 0x376 0x12d9f: lea dx, word ptr [bp + 0x106] 0x12da3: int 0x21 0x12da5: call 0x12dad 0x12da8: mov ah, 0x3e 0x12daa: int 0x21 0x12dac: ret 0x12dad: lea si, word ptr [bp + 0x120] 0x12db1: mov cx, 0x337 0x12db4: xor byte ptr [si], 0 0x12db7: inc si 0x12db8: dec cx 0x12db9: jne 0x12db4 0x12dbb: ret 0x12dbc: add word ptr [bx], di 0x12dbe: aas 0x12dbf: aas |
| 2018-12-25T11:41:57.606921112Z | 64 | PC: 12da5 | Write file or device (Write 886 bytes on handle 5) |
| 2018-12-25T11:41:57.624037526Z | 62 | PC: 12dac | Close file |
| 2018-12-25T11:41:57.631256874Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:41:57.633637325Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:41:57.639411009Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:41:57.644668646Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:41:57.646210357Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:41:57.648019545Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:41:57.651379033Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:41:57.653792934Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:41:57.658118284Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:41:57.670074556Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:41:57.683468445Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:41:57.687362524Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:41:57.694999231Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:41:57.702451446Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:41:57.705105176Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:41:57.707321783Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:41:57.710504016Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:41:57.712856589Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:41:57.728676145Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:41:57.73944951Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:41:57.749122543Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:41:57.753470235Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:41:57.760997339Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:41:57.769037125Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:41:57.771617476Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:41:57.773771235Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:41:57.777587516Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:41:57.780646433Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:41:57.784337105Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:41:57.795212354Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:41:57.805309901Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:41:57.80897395Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:41:57.816738635Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:41:57.825268783Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:41:57.827594065Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:41:57.830183908Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:41:57.833680383Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:41:57.836060518Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:41:57.839917391Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:41:57.849546219Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:41:57.859291372Z | 26 | PC: 12aeb | Set disk transfer address |
| 2018-12-25T11:41:57.860886023Z | 42 | PC: 12af7 | Get date 0x12af7: cmp dh, 7 0x12afa: jne 0x12b04 0x12afc: cmp dl, 0xe 0x12aff: jne 0x12b04 0x12b01: call 0x12b2e 0x12b04: mov ah, 0x2a 0x12b06: int 0x21 0x12b08: cmp dh, 0xb 0x12b0b: jl 0x12b15 0x12b0d: cmp dl, 8 0x12b10: jl 0x12b15 0x12b12: call 0x12b3b 0x12b15: mov ah, 0x2a 0x12b17: int 0x21 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 |
| 2018-12-25T11:41:57.864059788Z | 42 | PC: 12b08 | Get date 0x12b08: cmp dh, 0xb 0x12b0b: jl 0x12b15 0x12b0d: cmp dl, 8 0x12b10: jl 0x12b15 0x12b12: call 0x12b3b 0x12b15: mov ah, 0x2a 0x12b17: int 0x21 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al |
| 2018-12-25T11:41:57.867781187Z | 42 | PC: 12b19 | Get date 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al 0x12b36: cmp al, 0 0x12b38: jne 0x12b30 0x12b3a: ret 0x12b3b: mov ah, 0x19 0x12b3d: int 0x21 0x12b3f: mov cx, 0x1111 0x12b42: mov dx, 0 |
| 2018-12-25T11:41:57.870583631Z | 19 | PC: 12b55 | Delete file |
| 2018-12-25T11:41:57.877411962Z | 44 | PC: 12b25 | Get time 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al 0x12b36: cmp al, 0 0x12b38: jne 0x12b30 0x12b3a: ret 0x12b3b: mov ah, 0x19 0x12b3d: int 0x21 0x12b3f: mov cx, 0x1111 0x12b42: mov dx, 0 0x12b45: int 0x26 0x12b47: add sp, 2 0x12b4a: ret 0x12b4b: mov ah, 0x13 0x12b4d: push cs |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":898,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:41:57.832991563Z | 26 | PC: 12a73 | Set disk transfer address |
| 2018-12-25T11:41:57.834431257Z | 37 | PC: 12a81 | Set interrupt vector (Interrupt = '1' AKA 'Character input') |
| 2018-12-25T11:41:57.835512759Z | 37 | PC: 12a85 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input') |
| 2018-12-25T11:41:57.836598079Z | 78 | PC: 12ad1 | Find first file |
| 2018-12-25T11:41:57.84311648Z | 61 | PC: 12d4a | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:41:57.84944992Z | 63 | PC: 12d59 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T11:41:57.855507168Z | 66 | PC: 12d68 | Move file pointer |
| 2018-12-25T11:41:57.856988742Z | 66 | PC: 12d77 | Move file pointer |
| 2018-12-25T11:41:57.858675625Z | 64 | PC: 12d83 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:41:57.86110394Z | 66 | PC: 12d8f | Move file pointer |
| 2018-12-25T11:41:57.862304646Z | 44 | PC: 12d93 | Get time 0x12d93: mov byte ptr [bp + 0x476], dl 0x12d97: call 0x12dad 0x12d9a: mov ah, 0x40 0x12d9c: mov cx, 0x376 0x12d9f: lea dx, word ptr [bp + 0x106] 0x12da3: int 0x21 0x12da5: call 0x12dad 0x12da8: mov ah, 0x3e 0x12daa: int 0x21 0x12dac: ret 0x12dad: lea si, word ptr [bp + 0x120] 0x12db1: mov cx, 0x337 0x12db4: xor byte ptr [si], 0 0x12db7: inc si 0x12db8: dec cx 0x12db9: jne 0x12db4 0x12dbb: ret 0x12dbc: add word ptr [bx], di 0x12dbe: aas 0x12dbf: aas |
| 2018-12-25T11:41:57.865477637Z | 64 | PC: 12da5 | Write file or device (Write 886 bytes on handle 5) |
| 2018-12-25T11:41:57.927556953Z | 62 | PC: 12dac | Close file |
| 2018-12-25T11:41:57.935943941Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:41:57.939690708Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:41:57.946209405Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:41:57.952993169Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:41:57.955517701Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:41:57.957146145Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:41:57.959947183Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:41:57.964638641Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:41:57.96722066Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:41:57.976600213Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:41:57.984558778Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:41:57.988282283Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:41:57.994655153Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:41:58.000765758Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:41:58.003388702Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:41:58.00478523Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:41:58.008271592Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:41:58.011239945Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:41:58.013622628Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:41:58.021530444Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:41:58.030198054Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:41:58.033041387Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:41:58.039526748Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:41:58.046496695Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:41:58.04851366Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:41:58.050737549Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:41:58.054080113Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:41:58.055460923Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:41:58.057771285Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:41:58.067793271Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:41:58.076044006Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:41:58.079290246Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:41:58.083707368Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:41:58.087618862Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:41:58.088603227Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:41:58.08971286Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:41:58.092682838Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:41:58.093808791Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:41:58.095599043Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:41:58.101149587Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:41:58.109305035Z | 26 | PC: 12aeb | Set disk transfer address |
| 2018-12-25T11:41:58.110299862Z | 42 | PC: 12af7 | Get date 0x12af7: cmp dh, 7 0x12afa: jne 0x12b04 0x12afc: cmp dl, 0xe 0x12aff: jne 0x12b04 0x12b01: call 0x12b2e 0x12b04: mov ah, 0x2a 0x12b06: int 0x21 0x12b08: cmp dh, 0xb 0x12b0b: jl 0x12b15 0x12b0d: cmp dl, 8 0x12b10: jl 0x12b15 0x12b12: call 0x12b3b 0x12b15: mov ah, 0x2a 0x12b17: int 0x21 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 |
| 2018-12-25T11:41:58.112779847Z | 42 | PC: 12b08 | Get date 0x12b08: cmp dh, 0xb 0x12b0b: jl 0x12b15 0x12b0d: cmp dl, 8 0x12b10: jl 0x12b15 0x12b12: call 0x12b3b 0x12b15: mov ah, 0x2a 0x12b17: int 0x21 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al |
| 2018-12-25T11:41:58.114710027Z | 42 | PC: 12b19 | Get date 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al 0x12b36: cmp al, 0 0x12b38: jne 0x12b30 0x12b3a: ret 0x12b3b: mov ah, 0x19 0x12b3d: int 0x21 0x12b3f: mov cx, 0x1111 0x12b42: mov dx, 0 |
| 2018-12-25T11:41:58.116768181Z | 44 | PC: 12b25 | Get time 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al 0x12b36: cmp al, 0 0x12b38: jne 0x12b30 0x12b3a: ret 0x12b3b: mov ah, 0x19 0x12b3d: int 0x21 0x12b3f: mov cx, 0x1111 0x12b42: mov dx, 0 0x12b45: int 0x26 0x12b47: add sp, 2 0x12b4a: ret 0x12b4b: mov ah, 0x13 0x12b4d: push cs |
{"DateBased":true,"Day":1,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":898,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:41:58.103172695Z | 26 | PC: 12a73 | Set disk transfer address |
| 2018-12-25T11:41:58.104910796Z | 37 | PC: 12a81 | Set interrupt vector (Interrupt = '1' AKA 'Character input') |
| 2018-12-25T11:41:58.105958884Z | 37 | PC: 12a85 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input') |
| 2018-12-25T11:41:58.107108269Z | 78 | PC: 12ad1 | Find first file |
| 2018-12-25T11:41:58.113982697Z | 61 | PC: 12d4a | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:41:58.120344789Z | 63 | PC: 12d59 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T11:41:58.128805209Z | 66 | PC: 12d68 | Move file pointer |
| 2018-12-25T11:41:58.133095771Z | 66 | PC: 12d77 | Move file pointer |
| 2018-12-25T11:41:58.136635396Z | 64 | PC: 12d83 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:41:58.14034035Z | 66 | PC: 12d8f | Move file pointer |
| 2018-12-25T11:41:58.141596512Z | 44 | PC: 12d93 | Get time 0x12d93: mov byte ptr [bp + 0x476], dl 0x12d97: call 0x12dad 0x12d9a: mov ah, 0x40 0x12d9c: mov cx, 0x376 0x12d9f: lea dx, word ptr [bp + 0x106] 0x12da3: int 0x21 0x12da5: call 0x12dad 0x12da8: mov ah, 0x3e 0x12daa: int 0x21 0x12dac: ret 0x12dad: lea si, word ptr [bp + 0x120] 0x12db1: mov cx, 0x337 0x12db4: xor byte ptr [si], 0 0x12db7: inc si 0x12db8: dec cx 0x12db9: jne 0x12db4 0x12dbb: ret 0x12dbc: add word ptr [bx], di 0x12dbe: aas 0x12dbf: aas |
| 2018-12-25T11:41:58.147538256Z | 64 | PC: 12da5 | Write file or device (Write 886 bytes on handle 5) |
| 2018-12-25T11:41:58.165390952Z | 62 | PC: 12dac | Close file |
| 2018-12-25T11:41:58.173192395Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:41:58.176559887Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:41:58.183109011Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:41:58.189556405Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:41:58.191855067Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:41:58.19322694Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:41:58.195847137Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:41:58.198804384Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:41:58.20149378Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:41:58.209786699Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:41:58.219794136Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:41:58.2227662Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:41:58.230031474Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:41:58.237155843Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:41:58.239028896Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:41:58.240468593Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:41:58.243850337Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:41:58.245632131Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:41:58.248376347Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:41:58.261924858Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:41:58.270220021Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:41:58.273408663Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:41:58.282314772Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:41:58.28882476Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:41:58.290095501Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:41:58.291581039Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:41:58.29503245Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:41:58.296644632Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:41:58.299212085Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:41:58.308704303Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:41:58.316874751Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:41:58.319658909Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:41:58.3278048Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:41:58.332625121Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:41:58.333730049Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:41:58.335265168Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:41:58.337427759Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:41:58.338380757Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:41:58.340525001Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:41:58.346028964Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:41:58.351491928Z | 26 | PC: 12aeb | Set disk transfer address |
| 2018-12-25T11:41:58.353671191Z | 42 | PC: 12af7 | Get date 0x12af7: cmp dh, 7 0x12afa: jne 0x12b04 0x12afc: cmp dl, 0xe 0x12aff: jne 0x12b04 0x12b01: call 0x12b2e 0x12b04: mov ah, 0x2a 0x12b06: int 0x21 0x12b08: cmp dh, 0xb 0x12b0b: jl 0x12b15 0x12b0d: cmp dl, 8 0x12b10: jl 0x12b15 0x12b12: call 0x12b3b 0x12b15: mov ah, 0x2a 0x12b17: int 0x21 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 |
| 2018-12-25T11:41:58.355977112Z | 42 | PC: 12b08 | Get date 0x12b08: cmp dh, 0xb 0x12b0b: jl 0x12b15 0x12b0d: cmp dl, 8 0x12b10: jl 0x12b15 0x12b12: call 0x12b3b 0x12b15: mov ah, 0x2a 0x12b17: int 0x21 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al |
| 2018-12-25T11:41:58.358062037Z | 42 | PC: 12b19 | Get date 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al 0x12b36: cmp al, 0 0x12b38: jne 0x12b30 0x12b3a: ret 0x12b3b: mov ah, 0x19 0x12b3d: int 0x21 0x12b3f: mov cx, 0x1111 0x12b42: mov dx, 0 |
| 2018-12-25T11:41:58.360569091Z | 19 | PC: 12b55 | Delete file |
| 2018-12-25T11:41:58.364536172Z | 44 | PC: 12b25 | Get time 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al 0x12b36: cmp al, 0 0x12b38: jne 0x12b30 0x12b3a: ret 0x12b3b: mov ah, 0x19 0x12b3d: int 0x21 0x12b3f: mov cx, 0x1111 0x12b42: mov dx, 0 0x12b45: int 0x26 0x12b47: add sp, 2 0x12b4a: ret 0x12b4b: mov ah, 0x13 0x12b4d: push cs |
{"DateBased":true,"Day":8,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":898,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:41:58.373629872Z | 26 | PC: 12a73 | Set disk transfer address |
| 2018-12-25T11:41:58.376818177Z | 37 | PC: 12a81 | Set interrupt vector (Interrupt = '1' AKA 'Character input') |
| 2018-12-25T11:41:58.378253682Z | 37 | PC: 12a85 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input') |
| 2018-12-25T11:41:58.379765876Z | 78 | PC: 12ad1 | Find first file |
| 2018-12-25T11:41:58.387953546Z | 61 | PC: 12d4a | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:41:58.394593213Z | 63 | PC: 12d59 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T11:41:58.400926555Z | 66 | PC: 12d68 | Move file pointer |
| 2018-12-25T11:41:58.402679362Z | 66 | PC: 12d77 | Move file pointer |
| 2018-12-25T11:41:58.404382944Z | 64 | PC: 12d83 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:41:58.407375903Z | 66 | PC: 12d8f | Move file pointer |
| 2018-12-25T11:41:58.409017235Z | 44 | PC: 12d93 | Get time 0x12d93: mov byte ptr [bp + 0x476], dl 0x12d97: call 0x12dad 0x12d9a: mov ah, 0x40 0x12d9c: mov cx, 0x376 0x12d9f: lea dx, word ptr [bp + 0x106] 0x12da3: int 0x21 0x12da5: call 0x12dad 0x12da8: mov ah, 0x3e 0x12daa: int 0x21 0x12dac: ret 0x12dad: lea si, word ptr [bp + 0x120] 0x12db1: mov cx, 0x337 0x12db4: xor byte ptr [si], 0 0x12db7: inc si 0x12db8: dec cx 0x12db9: jne 0x12db4 0x12dbb: ret 0x12dbc: add word ptr [bx], di 0x12dbe: aas 0x12dbf: aas |
| 2018-12-25T11:41:58.411696738Z | 64 | PC: 12da5 | Write file or device (Write 886 bytes on handle 5) |
| 2018-12-25T11:41:58.426357027Z | 62 | PC: 12dac | Close file |
| 2018-12-25T11:41:58.434421659Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:41:58.442967489Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:41:58.449709812Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:41:58.456396586Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:41:58.458735422Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:41:58.460005399Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:41:58.462480481Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:41:58.464733928Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:41:58.467210125Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:41:58.475451783Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:41:58.484542811Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:41:58.487506485Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:41:58.493898911Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:41:58.50215443Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:41:58.503485633Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:41:58.505029843Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:41:58.523452411Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:41:58.524857453Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:41:58.5279295Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:41:58.536829197Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:41:58.545428966Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:41:58.547946636Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:41:58.554935437Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:41:58.561536421Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:41:58.563314492Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:41:58.565734076Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:41:58.568686568Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:41:58.570403266Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:41:58.573889134Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:41:58.582518976Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:41:58.591312178Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:41:58.594220361Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:41:58.602138514Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:41:58.609393672Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:41:58.611211853Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:41:58.613949804Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:41:58.617121147Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:41:58.618358881Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:41:58.621127145Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:41:58.629664787Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:41:58.636603387Z | 26 | PC: 12aeb | Set disk transfer address |
| 2018-12-25T11:41:58.638044528Z | 42 | PC: 12af7 | Get date 0x12af7: cmp dh, 7 0x12afa: jne 0x12b04 0x12afc: cmp dl, 0xe 0x12aff: jne 0x12b04 0x12b01: call 0x12b2e 0x12b04: mov ah, 0x2a 0x12b06: int 0x21 0x12b08: cmp dh, 0xb 0x12b0b: jl 0x12b15 0x12b0d: cmp dl, 8 0x12b10: jl 0x12b15 0x12b12: call 0x12b3b 0x12b15: mov ah, 0x2a 0x12b17: int 0x21 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 |
| 2018-12-25T11:41:58.639767204Z | 42 | PC: 12b08 | Get date 0x12b08: cmp dh, 0xb 0x12b0b: jl 0x12b15 0x12b0d: cmp dl, 8 0x12b10: jl 0x12b15 0x12b12: call 0x12b3b 0x12b15: mov ah, 0x2a 0x12b17: int 0x21 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al |
| 2018-12-25T11:41:58.641292034Z | 25 | PC: 12b3f | Get default drive |
| 2018-12-25T11:41:58.64389463Z | 42 | PC: 12b19 | Get date 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al 0x12b36: cmp al, 0 0x12b38: jne 0x12b30 0x12b3a: ret 0x12b3b: mov ah, 0x19 0x12b3d: int 0x21 0x12b3f: mov cx, 0x1111 0x12b42: mov dx, 0 |
| 2018-12-25T11:41:58.645490196Z | 19 | PC: 12b55 | Delete file |
| 2018-12-25T11:41:58.651379598Z | 44 | PC: 12b25 | Get time 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al 0x12b36: cmp al, 0 0x12b38: jne 0x12b30 0x12b3a: ret 0x12b3b: mov ah, 0x19 0x12b3d: int 0x21 0x12b3f: mov cx, 0x1111 0x12b42: mov dx, 0 0x12b45: int 0x26 0x12b47: add sp, 2 0x12b4a: ret 0x12b4b: mov ah, 0x13 0x12b4d: push cs |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":898,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:41:58.54950692Z | 26 | PC: 12a73 | Set disk transfer address |
| 2018-12-25T11:41:58.558254237Z | 37 | PC: 12a81 | Set interrupt vector (Interrupt = '1' AKA 'Character input') |
| 2018-12-25T11:41:58.560041408Z | 37 | PC: 12a85 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input') |
| 2018-12-25T11:41:58.561517606Z | 78 | PC: 12ad1 | Find first file |
| 2018-12-25T11:41:58.56849101Z | 61 | PC: 12d4a | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:41:58.575199045Z | 63 | PC: 12d59 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T11:41:58.581439499Z | 66 | PC: 12d68 | Move file pointer |
| 2018-12-25T11:41:58.582980166Z | 66 | PC: 12d77 | Move file pointer |
| 2018-12-25T11:41:58.59864656Z | 64 | PC: 12d83 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:41:58.601309914Z | 66 | PC: 12d8f | Move file pointer |
| 2018-12-25T11:41:58.602745953Z | 44 | PC: 12d93 | Get time 0x12d93: mov byte ptr [bp + 0x476], dl 0x12d97: call 0x12dad 0x12d9a: mov ah, 0x40 0x12d9c: mov cx, 0x376 0x12d9f: lea dx, word ptr [bp + 0x106] 0x12da3: int 0x21 0x12da5: call 0x12dad 0x12da8: mov ah, 0x3e 0x12daa: int 0x21 0x12dac: ret 0x12dad: lea si, word ptr [bp + 0x120] 0x12db1: mov cx, 0x337 0x12db4: xor byte ptr [si], 0 0x12db7: inc si 0x12db8: dec cx 0x12db9: jne 0x12db4 0x12dbb: ret 0x12dbc: add word ptr [bx], di 0x12dbe: aas 0x12dbf: aas |
| 2018-12-25T11:41:58.606359856Z | 64 | PC: 12da5 | Write file or device (Write 886 bytes on handle 5) |
| 2018-12-25T11:41:58.623888247Z | 62 | PC: 12dac | Close file |
| 2018-12-25T11:41:58.631518085Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:41:58.63523107Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:41:58.641940133Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:41:58.648430612Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:41:58.652176819Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:41:58.65363441Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:41:58.65641547Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:41:58.659978989Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:41:58.662453385Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:41:58.67104406Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:41:58.679611011Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:41:58.682392639Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:41:58.68894157Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:41:58.696357184Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:41:58.698164267Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:41:58.699439579Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:41:58.702834618Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:41:58.704571471Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:41:58.707067873Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:41:58.715825029Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:41:58.723680462Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:41:58.726971871Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:41:58.73388412Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:41:58.7406788Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:41:58.741985982Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:41:58.744057007Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:41:58.746548936Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:41:58.747966867Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:41:58.750754103Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:41:58.758717412Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:41:58.766742259Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:41:58.770210942Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:41:58.777120234Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:41:58.78353744Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:41:58.785386668Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:41:58.787934097Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:41:58.790794652Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:41:58.792349933Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:41:58.796044363Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:41:58.804094506Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:41:58.81175428Z | 26 | PC: 12aeb | Set disk transfer address |
| 2018-12-25T11:41:58.813824677Z | 42 | PC: 12af7 | Get date 0x12af7: cmp dh, 7 0x12afa: jne 0x12b04 0x12afc: cmp dl, 0xe 0x12aff: jne 0x12b04 0x12b01: call 0x12b2e 0x12b04: mov ah, 0x2a 0x12b06: int 0x21 0x12b08: cmp dh, 0xb 0x12b0b: jl 0x12b15 0x12b0d: cmp dl, 8 0x12b10: jl 0x12b15 0x12b12: call 0x12b3b 0x12b15: mov ah, 0x2a 0x12b17: int 0x21 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 |
| 2018-12-25T11:41:58.815794676Z | 42 | PC: 12b08 | Get date 0x12b08: cmp dh, 0xb 0x12b0b: jl 0x12b15 0x12b0d: cmp dl, 8 0x12b10: jl 0x12b15 0x12b12: call 0x12b3b 0x12b15: mov ah, 0x2a 0x12b17: int 0x21 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al |
| 2018-12-25T11:41:58.817735426Z | 42 | PC: 12b19 | Get date 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al 0x12b36: cmp al, 0 0x12b38: jne 0x12b30 0x12b3a: ret 0x12b3b: mov ah, 0x19 0x12b3d: int 0x21 0x12b3f: mov cx, 0x1111 0x12b42: mov dx, 0 |
| 2018-12-25T11:41:58.82043562Z | 44 | PC: 12b25 | Get time 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al 0x12b36: cmp al, 0 0x12b38: jne 0x12b30 0x12b3a: ret 0x12b3b: mov ah, 0x19 0x12b3d: int 0x21 0x12b3f: mov cx, 0x1111 0x12b42: mov dx, 0 0x12b45: int 0x26 0x12b47: add sp, 2 0x12b4a: ret 0x12b4b: mov ah, 0x13 0x12b4d: push cs |
{"DateBased":true,"Day":1,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":898,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:41:58.647627646Z | 26 | PC: 12a73 | Set disk transfer address |
| 2018-12-25T11:41:58.649191844Z | 37 | PC: 12a81 | Set interrupt vector (Interrupt = '1' AKA 'Character input') |
| 2018-12-25T11:41:58.651122761Z | 37 | PC: 12a85 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input') |
| 2018-12-25T11:41:58.652473287Z | 78 | PC: 12ad1 | Find first file |
| 2018-12-25T11:41:58.659285171Z | 61 | PC: 12d4a | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:41:58.675247152Z | 63 | PC: 12d59 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T11:41:58.683324211Z | 66 | PC: 12d68 | Move file pointer |
| 2018-12-25T11:41:58.685097907Z | 66 | PC: 12d77 | Move file pointer |
| 2018-12-25T11:41:58.687472409Z | 64 | PC: 12d83 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:41:58.690926029Z | 66 | PC: 12d8f | Move file pointer |
| 2018-12-25T11:41:58.692510733Z | 44 | PC: 12d93 | Get time 0x12d93: mov byte ptr [bp + 0x476], dl 0x12d97: call 0x12dad 0x12d9a: mov ah, 0x40 0x12d9c: mov cx, 0x376 0x12d9f: lea dx, word ptr [bp + 0x106] 0x12da3: int 0x21 0x12da5: call 0x12dad 0x12da8: mov ah, 0x3e 0x12daa: int 0x21 0x12dac: ret 0x12dad: lea si, word ptr [bp + 0x120] 0x12db1: mov cx, 0x337 0x12db4: xor byte ptr [si], 0 0x12db7: inc si 0x12db8: dec cx 0x12db9: jne 0x12db4 0x12dbb: ret 0x12dbc: add word ptr [bx], di 0x12dbe: aas 0x12dbf: aas |
| 2018-12-25T11:41:58.696235759Z | 64 | PC: 12da5 | Write file or device (Write 886 bytes on handle 5) |
| 2018-12-25T11:41:58.712352573Z | 62 | PC: 12dac | Close file |
| 2018-12-25T11:41:58.721606638Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:41:58.725302248Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:41:58.733044272Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:41:58.741719499Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:41:58.743653749Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:41:58.745403111Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:41:58.747806742Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:41:58.749113868Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:41:58.752335904Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:41:58.759887405Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:41:58.768290455Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:41:58.771469855Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:41:58.777680247Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:41:58.783728883Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:41:58.793730652Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:41:58.795627792Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:41:58.79824025Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:41:58.80051681Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:41:58.802968165Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:41:58.811609918Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:41:58.819463909Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:41:58.821524773Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:41:58.829182509Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:41:58.837193763Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:41:58.839072747Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:41:58.840675712Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:41:58.843689621Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:41:58.846089665Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:41:58.849035823Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:41:58.858380026Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:41:58.870103452Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:41:58.873034517Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:41:58.880996862Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:41:58.888670773Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:41:58.890298421Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:41:58.891874583Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:41:58.895823778Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:41:58.8974957Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:41:58.900419915Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:41:58.910139085Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:41:58.919166141Z | 26 | PC: 12aeb | Set disk transfer address |
| 2018-12-25T11:41:58.920760753Z | 42 | PC: 12af7 | Get date 0x12af7: cmp dh, 7 0x12afa: jne 0x12b04 0x12afc: cmp dl, 0xe 0x12aff: jne 0x12b04 0x12b01: call 0x12b2e 0x12b04: mov ah, 0x2a 0x12b06: int 0x21 0x12b08: cmp dh, 0xb 0x12b0b: jl 0x12b15 0x12b0d: cmp dl, 8 0x12b10: jl 0x12b15 0x12b12: call 0x12b3b 0x12b15: mov ah, 0x2a 0x12b17: int 0x21 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 |
| 2018-12-25T11:41:58.923736394Z | 42 | PC: 12b08 | Get date 0x12b08: cmp dh, 0xb 0x12b0b: jl 0x12b15 0x12b0d: cmp dl, 8 0x12b10: jl 0x12b15 0x12b12: call 0x12b3b 0x12b15: mov ah, 0x2a 0x12b17: int 0x21 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al |
| 2018-12-25T11:41:58.926679201Z | 42 | PC: 12b19 | Get date 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al 0x12b36: cmp al, 0 0x12b38: jne 0x12b30 0x12b3a: ret 0x12b3b: mov ah, 0x19 0x12b3d: int 0x21 0x12b3f: mov cx, 0x1111 0x12b42: mov dx, 0 |
| 2018-12-25T11:41:58.929452798Z | 19 | PC: 12b55 | Delete file |
| 2018-12-25T11:41:58.936547059Z | 44 | PC: 12b25 | Get time 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al 0x12b36: cmp al, 0 0x12b38: jne 0x12b30 0x12b3a: ret 0x12b3b: mov ah, 0x19 0x12b3d: int 0x21 0x12b3f: mov cx, 0x1111 0x12b42: mov dx, 0 0x12b45: int 0x26 0x12b47: add sp, 2 0x12b4a: ret 0x12b4b: mov ah, 0x13 0x12b4d: push cs |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":898,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:41:58.659355505Z | 26 | PC: 12a73 | Set disk transfer address |
| 2018-12-25T11:41:58.661421743Z | 37 | PC: 12a81 | Set interrupt vector (Interrupt = '1' AKA 'Character input') |
| 2018-12-25T11:41:58.662515106Z | 37 | PC: 12a85 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input') |
| 2018-12-25T11:41:58.663644265Z | 78 | PC: 12ad1 | Find first file |
| 2018-12-25T11:41:58.670436233Z | 61 | PC: 12d4a | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:41:58.677153335Z | 63 | PC: 12d59 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T11:41:58.683598225Z | 66 | PC: 12d68 | Move file pointer |
| 2018-12-25T11:41:58.685513686Z | 66 | PC: 12d77 | Move file pointer |
| 2018-12-25T11:41:58.687560916Z | 64 | PC: 12d83 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:41:58.690381809Z | 66 | PC: 12d8f | Move file pointer |
| 2018-12-25T11:41:58.691961833Z | 44 | PC: 12d93 | Get time 0x12d93: mov byte ptr [bp + 0x476], dl 0x12d97: call 0x12dad 0x12d9a: mov ah, 0x40 0x12d9c: mov cx, 0x376 0x12d9f: lea dx, word ptr [bp + 0x106] 0x12da3: int 0x21 0x12da5: call 0x12dad 0x12da8: mov ah, 0x3e 0x12daa: int 0x21 0x12dac: ret 0x12dad: lea si, word ptr [bp + 0x120] 0x12db1: mov cx, 0x337 0x12db4: xor byte ptr [si], 0 0x12db7: inc si 0x12db8: dec cx 0x12db9: jne 0x12db4 0x12dbb: ret 0x12dbc: add word ptr [bx], di 0x12dbe: aas 0x12dbf: aas |
| 2018-12-25T11:41:58.695136016Z | 64 | PC: 12da5 | Write file or device (Write 886 bytes on handle 5) |
| 2018-12-25T11:41:58.709692095Z | 62 | PC: 12dac | Close file |
| 2018-12-25T11:41:58.720178639Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:41:58.723416341Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:41:58.73052268Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:41:58.737010043Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:41:58.739663347Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:41:58.744518151Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:41:58.747009663Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:41:58.749590867Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:41:58.751915846Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:41:58.76691911Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:41:58.773469384Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:41:58.776174488Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:41:58.781691681Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:41:58.786013261Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:41:58.787550727Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:41:58.788744396Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:41:58.79152759Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:41:58.793284924Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:41:58.795217686Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:41:58.800919977Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:41:58.80712335Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:41:58.808941348Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:41:58.81430938Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:41:58.819427554Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:41:58.820564431Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:41:58.821924255Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:41:58.824504428Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:41:58.825651511Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:41:58.827374485Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:41:58.833496709Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:41:58.853128012Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:41:58.855723218Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:41:58.862800385Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:41:58.868863281Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:41:58.870213462Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:41:58.872198585Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:41:58.87511572Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:41:58.876477545Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:41:58.879321407Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:41:58.887353159Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:41:58.895177067Z | 26 | PC: 12aeb | Set disk transfer address |
| 2018-12-25T11:41:58.897382634Z | 42 | PC: 12af7 | Get date 0x12af7: cmp dh, 7 0x12afa: jne 0x12b04 0x12afc: cmp dl, 0xe 0x12aff: jne 0x12b04 0x12b01: call 0x12b2e 0x12b04: mov ah, 0x2a 0x12b06: int 0x21 0x12b08: cmp dh, 0xb 0x12b0b: jl 0x12b15 0x12b0d: cmp dl, 8 0x12b10: jl 0x12b15 0x12b12: call 0x12b3b 0x12b15: mov ah, 0x2a 0x12b17: int 0x21 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 |
| 2018-12-25T11:41:58.899430145Z | 42 | PC: 12b08 | Get date 0x12b08: cmp dh, 0xb 0x12b0b: jl 0x12b15 0x12b0d: cmp dl, 8 0x12b10: jl 0x12b15 0x12b12: call 0x12b3b 0x12b15: mov ah, 0x2a 0x12b17: int 0x21 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al |
| 2018-12-25T11:41:58.901493827Z | 42 | PC: 12b19 | Get date 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al 0x12b36: cmp al, 0 0x12b38: jne 0x12b30 0x12b3a: ret 0x12b3b: mov ah, 0x19 0x12b3d: int 0x21 0x12b3f: mov cx, 0x1111 0x12b42: mov dx, 0 |
| 2018-12-25T11:41:58.904724408Z | 44 | PC: 12b25 | Get time 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al 0x12b36: cmp al, 0 0x12b38: jne 0x12b30 0x12b3a: ret 0x12b3b: mov ah, 0x19 0x12b3d: int 0x21 0x12b3f: mov cx, 0x1111 0x12b42: mov dx, 0 0x12b45: int 0x26 0x12b47: add sp, 2 0x12b4a: ret 0x12b4b: mov ah, 0x13 0x12b4d: push cs |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":898,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:41:58.822027406Z | 26 | PC: 12a73 | Set disk transfer address |
| 2018-12-25T11:41:58.823071387Z | 37 | PC: 12a81 | Set interrupt vector (Interrupt = '1' AKA 'Character input') |
| 2018-12-25T11:41:58.824419741Z | 37 | PC: 12a85 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input') |
| 2018-12-25T11:41:58.825633469Z | 78 | PC: 12ad1 | Find first file |
| 2018-12-25T11:41:58.83149279Z | 61 | PC: 12d4a | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:41:58.836825085Z | 63 | PC: 12d59 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T11:41:58.842377122Z | 66 | PC: 12d68 | Move file pointer |
| 2018-12-25T11:41:58.844150174Z | 66 | PC: 12d77 | Move file pointer |
| 2018-12-25T11:41:58.846216601Z | 64 | PC: 12d83 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:41:58.849193575Z | 66 | PC: 12d8f | Move file pointer |
| 2018-12-25T11:41:58.851123621Z | 44 | PC: 12d93 | Get time 0x12d93: mov byte ptr [bp + 0x476], dl 0x12d97: call 0x12dad 0x12d9a: mov ah, 0x40 0x12d9c: mov cx, 0x376 0x12d9f: lea dx, word ptr [bp + 0x106] 0x12da3: int 0x21 0x12da5: call 0x12dad 0x12da8: mov ah, 0x3e 0x12daa: int 0x21 0x12dac: ret 0x12dad: lea si, word ptr [bp + 0x120] 0x12db1: mov cx, 0x337 0x12db4: xor byte ptr [si], 0 0x12db7: inc si 0x12db8: dec cx 0x12db9: jne 0x12db4 0x12dbb: ret 0x12dbc: add word ptr [bx], di 0x12dbe: aas 0x12dbf: aas |
| 2018-12-25T11:41:58.857158035Z | 64 | PC: 12da5 | Write file or device (Write 886 bytes on handle 5) |
| 2018-12-25T11:41:58.870583303Z | 62 | PC: 12dac | Close file |
| 2018-12-25T11:41:58.876935394Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:41:58.88174172Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:41:58.886687114Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:41:58.890911983Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:41:58.892024445Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:41:58.89386829Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:41:58.895907759Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:41:58.897331018Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:41:58.901800963Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:41:58.911569786Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:41:58.92097568Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:41:58.930019652Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:41:58.938951278Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:41:58.946678479Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:41:58.951829425Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:41:58.953651873Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:41:58.957193665Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:41:58.959867403Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:41:58.963476691Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:41:58.973019305Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:41:58.983444397Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:41:58.987587998Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:41:58.994691462Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:41:58.999626068Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:41:59.00168403Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:41:59.003093089Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:41:59.005299238Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:41:59.007163847Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:41:59.009352102Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:41:59.015988454Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:41:59.023584941Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:41:59.027444599Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:41:59.035233313Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:41:59.043477519Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:41:59.048955969Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:41:59.050917517Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:41:59.054264866Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:41:59.056683942Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:41:59.059880873Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:41:59.069272419Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:41:59.079632398Z | 26 | PC: 12aeb | Set disk transfer address |
| 2018-12-25T11:41:59.080984654Z | 42 | PC: 12af7 | Get date 0x12af7: cmp dh, 7 0x12afa: jne 0x12b04 0x12afc: cmp dl, 0xe 0x12aff: jne 0x12b04 0x12b01: call 0x12b2e 0x12b04: mov ah, 0x2a 0x12b06: int 0x21 0x12b08: cmp dh, 0xb 0x12b0b: jl 0x12b15 0x12b0d: cmp dl, 8 0x12b10: jl 0x12b15 0x12b12: call 0x12b3b 0x12b15: mov ah, 0x2a 0x12b17: int 0x21 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 |
| 2018-12-25T11:41:59.083399895Z | 42 | PC: 12b08 | Get date 0x12b08: cmp dh, 0xb 0x12b0b: jl 0x12b15 0x12b0d: cmp dl, 8 0x12b10: jl 0x12b15 0x12b12: call 0x12b3b 0x12b15: mov ah, 0x2a 0x12b17: int 0x21 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al |
| 2018-12-25T11:41:59.086608306Z | 42 | PC: 12b19 | Get date 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al 0x12b36: cmp al, 0 0x12b38: jne 0x12b30 0x12b3a: ret 0x12b3b: mov ah, 0x19 0x12b3d: int 0x21 0x12b3f: mov cx, 0x1111 0x12b42: mov dx, 0 |
| 2018-12-25T11:41:59.089126169Z | 44 | PC: 12b25 | Get time 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al 0x12b36: cmp al, 0 0x12b38: jne 0x12b30 0x12b3a: ret 0x12b3b: mov ah, 0x19 0x12b3d: int 0x21 0x12b3f: mov cx, 0x1111 0x12b42: mov dx, 0 0x12b45: int 0x26 0x12b47: add sp, 2 0x12b4a: ret 0x12b4b: mov ah, 0x13 0x12b4d: push cs |
{"DateBased":true,"Day":1,"Month":7,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":898,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:41:59.060701078Z | 26 | PC: 12a73 | Set disk transfer address |
| 2018-12-25T11:41:59.062976058Z | 37 | PC: 12a81 | Set interrupt vector (Interrupt = '1' AKA 'Character input') |
| 2018-12-25T11:41:59.064400178Z | 37 | PC: 12a85 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input') |
| 2018-12-25T11:41:59.065663189Z | 78 | PC: 12ad1 | Find first file |
| 2018-12-25T11:41:59.07294251Z | 61 | PC: 12d4a | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:41:59.081884354Z | 63 | PC: 12d59 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T11:41:59.0894915Z | 66 | PC: 12d68 | Move file pointer |
| 2018-12-25T11:41:59.091318655Z | 66 | PC: 12d77 | Move file pointer |
| 2018-12-25T11:41:59.093286451Z | 64 | PC: 12d83 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:41:59.096202456Z | 66 | PC: 12d8f | Move file pointer |
| 2018-12-25T11:41:59.097871657Z | 44 | PC: 12d93 | Get time 0x12d93: mov byte ptr [bp + 0x476], dl 0x12d97: call 0x12dad 0x12d9a: mov ah, 0x40 0x12d9c: mov cx, 0x376 0x12d9f: lea dx, word ptr [bp + 0x106] 0x12da3: int 0x21 0x12da5: call 0x12dad 0x12da8: mov ah, 0x3e 0x12daa: int 0x21 0x12dac: ret 0x12dad: lea si, word ptr [bp + 0x120] 0x12db1: mov cx, 0x337 0x12db4: xor byte ptr [si], 0 0x12db7: inc si 0x12db8: dec cx 0x12db9: jne 0x12db4 0x12dbb: ret 0x12dbc: add word ptr [bx], di 0x12dbe: aas 0x12dbf: aas |
| 2018-12-25T11:41:59.101870503Z | 64 | PC: 12da5 | Write file or device (Write 886 bytes on handle 5) |
| 2018-12-25T11:41:59.117502808Z | 62 | PC: 12dac | Close file |
| 2018-12-25T11:41:59.132986548Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:41:59.137464949Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:41:59.145314248Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:41:59.153395592Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:41:59.156461667Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:41:59.158888079Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:41:59.162270396Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:41:59.164497156Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:41:59.168169488Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:41:59.177403396Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:41:59.189923209Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:41:59.194235944Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:41:59.201743394Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:41:59.208845259Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:41:59.211960321Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:41:59.213710686Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:41:59.216567359Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:41:59.220530505Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:41:59.223590174Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:41:59.233266514Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:41:59.242261695Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:41:59.246127888Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:41:59.253547273Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:41:59.260649495Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:41:59.263078834Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:41:59.264986984Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:41:59.268183445Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:41:59.270909267Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:41:59.27382404Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:41:59.282897592Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:41:59.293132688Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:41:59.295858372Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:41:59.301232985Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:41:59.306702939Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:41:59.308276233Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:41:59.309556141Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:41:59.312343028Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:41:59.31393584Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:41:59.316372168Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:41:59.325461441Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:41:59.340484063Z | 26 | PC: 12aeb | Set disk transfer address |
| 2018-12-25T11:41:59.347555281Z | 42 | PC: 12af7 | Get date 0x12af7: cmp dh, 7 0x12afa: jne 0x12b04 0x12afc: cmp dl, 0xe 0x12aff: jne 0x12b04 0x12b01: call 0x12b2e 0x12b04: mov ah, 0x2a 0x12b06: int 0x21 0x12b08: cmp dh, 0xb 0x12b0b: jl 0x12b15 0x12b0d: cmp dl, 8 0x12b10: jl 0x12b15 0x12b12: call 0x12b3b 0x12b15: mov ah, 0x2a 0x12b17: int 0x21 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 |
| 2018-12-25T11:41:59.350056203Z | 42 | PC: 12b08 | Get date 0x12b08: cmp dh, 0xb 0x12b0b: jl 0x12b15 0x12b0d: cmp dl, 8 0x12b10: jl 0x12b15 0x12b12: call 0x12b3b 0x12b15: mov ah, 0x2a 0x12b17: int 0x21 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al |
| 2018-12-25T11:41:59.353436835Z | 42 | PC: 12b19 | Get date 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al 0x12b36: cmp al, 0 0x12b38: jne 0x12b30 0x12b3a: ret 0x12b3b: mov ah, 0x19 0x12b3d: int 0x21 0x12b3f: mov cx, 0x1111 0x12b42: mov dx, 0 |
| 2018-12-25T11:41:59.356474724Z | 19 | PC: 12b55 | Delete file |
| 2018-12-25T11:41:59.364499906Z | 44 | PC: 12b25 | Get time 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al 0x12b36: cmp al, 0 0x12b38: jne 0x12b30 0x12b3a: ret 0x12b3b: mov ah, 0x19 0x12b3d: int 0x21 0x12b3f: mov cx, 0x1111 0x12b42: mov dx, 0 0x12b45: int 0x26 0x12b47: add sp, 2 0x12b4a: ret 0x12b4b: mov ah, 0x13 0x12b4d: push cs |
{"DateBased":true,"Day":14,"Month":7,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":898,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:41:59.143188958Z | 26 | PC: 12a73 | Set disk transfer address |
| 2018-12-25T11:41:59.144815476Z | 37 | PC: 12a81 | Set interrupt vector (Interrupt = '1' AKA 'Character input') |
| 2018-12-25T11:41:59.147021389Z | 37 | PC: 12a85 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input') |
| 2018-12-25T11:41:59.148473808Z | 78 | PC: 12ad1 | Find first file |
| 2018-12-25T11:41:59.155040565Z | 61 | PC: 12d4a | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:41:59.162851134Z | 63 | PC: 12d59 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T11:41:59.17053395Z | 66 | PC: 12d68 | Move file pointer |
| 2018-12-25T11:41:59.172421109Z | 66 | PC: 12d77 | Move file pointer |
| 2018-12-25T11:41:59.175350959Z | 64 | PC: 12d83 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:41:59.178463903Z | 66 | PC: 12d8f | Move file pointer |
| 2018-12-25T11:41:59.180296776Z | 44 | PC: 12d93 | Get time 0x12d93: mov byte ptr [bp + 0x476], dl 0x12d97: call 0x12dad 0x12d9a: mov ah, 0x40 0x12d9c: mov cx, 0x376 0x12d9f: lea dx, word ptr [bp + 0x106] 0x12da3: int 0x21 0x12da5: call 0x12dad 0x12da8: mov ah, 0x3e 0x12daa: int 0x21 0x12dac: ret 0x12dad: lea si, word ptr [bp + 0x120] 0x12db1: mov cx, 0x337 0x12db4: xor byte ptr [si], 0 0x12db7: inc si 0x12db8: dec cx 0x12db9: jne 0x12db4 0x12dbb: ret 0x12dbc: add word ptr [bx], di 0x12dbe: aas 0x12dbf: aas |
| 2018-12-25T11:41:59.183322745Z | 64 | PC: 12da5 | Write file or device (Write 886 bytes on handle 5) |
| 2018-12-25T11:41:59.198436396Z | 62 | PC: 12dac | Close file |
| 2018-12-25T11:41:59.206818001Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:41:59.210119722Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:41:59.216868381Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:41:59.224593195Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:41:59.226696735Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:41:59.229471726Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:41:59.232401729Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:41:59.233993023Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:41:59.237442677Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:41:59.247342001Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:41:59.257261185Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:41:59.261477856Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:41:59.269042093Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:41:59.276466524Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:41:59.286118535Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:41:59.296177284Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:41:59.299959888Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:41:59.302891877Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:41:59.306262999Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:41:59.316876281Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:41:59.327081846Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:41:59.333773853Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:41:59.343644217Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:41:59.351133016Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:41:59.353347799Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:41:59.354971089Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:41:59.358279528Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:41:59.361259386Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:41:59.364397743Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:41:59.374081941Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:41:59.388263882Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:41:59.392228768Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:41:59.400044016Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:41:59.409033899Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:41:59.41103025Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:41:59.413088399Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:41:59.416928575Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:41:59.419275754Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:41:59.422536255Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:41:59.432353074Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:41:59.442507722Z | 26 | PC: 12aeb | Set disk transfer address |
| 2018-12-25T11:41:59.443729121Z | 42 | PC: 12af7 | Get date 0x12af7: cmp dh, 7 0x12afa: jne 0x12b04 0x12afc: cmp dl, 0xe 0x12aff: jne 0x12b04 0x12b01: call 0x12b2e 0x12b04: mov ah, 0x2a 0x12b06: int 0x21 0x12b08: cmp dh, 0xb 0x12b0b: jl 0x12b15 0x12b0d: cmp dl, 8 0x12b10: jl 0x12b15 0x12b12: call 0x12b3b 0x12b15: mov ah, 0x2a 0x12b17: int 0x21 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 |
| 2018-12-25T11:41:59.447263038Z | 42 | PC: 12b08 | Get date 0x12b08: cmp dh, 0xb 0x12b0b: jl 0x12b15 0x12b0d: cmp dl, 8 0x12b10: jl 0x12b15 0x12b12: call 0x12b3b 0x12b15: mov ah, 0x2a 0x12b17: int 0x21 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al |
| 2018-12-25T11:41:59.451173725Z | 42 | PC: 12b19 | Get date 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al 0x12b36: cmp al, 0 0x12b38: jne 0x12b30 0x12b3a: ret 0x12b3b: mov ah, 0x19 0x12b3d: int 0x21 0x12b3f: mov cx, 0x1111 0x12b42: mov dx, 0 |
| 2018-12-25T11:41:59.459057032Z | 19 | PC: 12b55 | Delete file |
| 2018-12-25T11:41:59.4657522Z | 44 | PC: 12b25 | Get time 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al 0x12b36: cmp al, 0 0x12b38: jne 0x12b30 0x12b3a: ret 0x12b3b: mov ah, 0x19 0x12b3d: int 0x21 0x12b3f: mov cx, 0x1111 0x12b42: mov dx, 0 0x12b45: int 0x26 0x12b47: add sp, 2 0x12b4a: ret 0x12b4b: mov ah, 0x13 0x12b4d: push cs |
| 2018-12-25T11:41:59.468969952Z | 9 | PC: 12b88 | Display string (Could not find end pointer) |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":898,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:41:59.300921142Z | 26 | PC: 12a73 | Set disk transfer address |
| 2018-12-25T11:41:59.302187863Z | 37 | PC: 12a81 | Set interrupt vector (Interrupt = '1' AKA 'Character input') |
| 2018-12-25T11:41:59.303005795Z | 37 | PC: 12a85 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input') |
| 2018-12-25T11:41:59.304080167Z | 78 | PC: 12ad1 | Find first file |
| 2018-12-25T11:41:59.310556261Z | 61 | PC: 12d4a | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:41:59.322759911Z | 63 | PC: 12d59 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T11:41:59.335921363Z | 66 | PC: 12d68 | Move file pointer |
| 2018-12-25T11:41:59.337331799Z | 66 | PC: 12d77 | Move file pointer |
| 2018-12-25T11:41:59.339359313Z | 64 | PC: 12d83 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:41:59.342738287Z | 66 | PC: 12d8f | Move file pointer |
| 2018-12-25T11:41:59.343888415Z | 44 | PC: 12d93 | Get time 0x12d93: mov byte ptr [bp + 0x476], dl 0x12d97: call 0x12dad 0x12d9a: mov ah, 0x40 0x12d9c: mov cx, 0x376 0x12d9f: lea dx, word ptr [bp + 0x106] 0x12da3: int 0x21 0x12da5: call 0x12dad 0x12da8: mov ah, 0x3e 0x12daa: int 0x21 0x12dac: ret 0x12dad: lea si, word ptr [bp + 0x120] 0x12db1: mov cx, 0x337 0x12db4: xor byte ptr [si], 0 0x12db7: inc si 0x12db8: dec cx 0x12db9: jne 0x12db4 0x12dbb: ret 0x12dbc: add word ptr [bx], di 0x12dbe: aas 0x12dbf: aas |
| 2018-12-25T11:41:59.347546592Z | 64 | PC: 12da5 | Write file or device (Write 886 bytes on handle 5) |
| 2018-12-25T11:41:59.362796264Z | 62 | PC: 12dac | Close file |
| 2018-12-25T11:41:59.370525795Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:41:59.373794035Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:41:59.380201401Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:41:59.38723364Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:41:59.389536494Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:41:59.390844745Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:41:59.393347467Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:41:59.395244654Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:41:59.397655179Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:41:59.406204177Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:41:59.416290552Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:41:59.418987239Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:41:59.426031837Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:41:59.43940633Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:41:59.441488209Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:41:59.443307027Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:41:59.446106463Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:41:59.448083653Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:41:59.451001031Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:41:59.459760474Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:41:59.466905089Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:41:59.4693313Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:41:59.473360206Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:41:59.480415085Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:41:59.481956784Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:41:59.483534345Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:41:59.485659346Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:41:59.486753255Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:41:59.488371955Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:41:59.494277392Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:41:59.500166322Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:41:59.501968861Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:41:59.507981441Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:41:59.512266197Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:41:59.513111861Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:41:59.514953489Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:41:59.517667103Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:41:59.519159814Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:41:59.522135328Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:41:59.530821034Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:41:59.538821344Z | 26 | PC: 12aeb | Set disk transfer address |
| 2018-12-25T11:41:59.539953507Z | 42 | PC: 12af7 | Get date 0x12af7: cmp dh, 7 0x12afa: jne 0x12b04 0x12afc: cmp dl, 0xe 0x12aff: jne 0x12b04 0x12b01: call 0x12b2e 0x12b04: mov ah, 0x2a 0x12b06: int 0x21 0x12b08: cmp dh, 0xb 0x12b0b: jl 0x12b15 0x12b0d: cmp dl, 8 0x12b10: jl 0x12b15 0x12b12: call 0x12b3b 0x12b15: mov ah, 0x2a 0x12b17: int 0x21 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 |
| 2018-12-25T11:41:59.541981473Z | 42 | PC: 12b08 | Get date 0x12b08: cmp dh, 0xb 0x12b0b: jl 0x12b15 0x12b0d: cmp dl, 8 0x12b10: jl 0x12b15 0x12b12: call 0x12b3b 0x12b15: mov ah, 0x2a 0x12b17: int 0x21 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al |
| 2018-12-25T11:41:59.54406154Z | 42 | PC: 12b19 | Get date 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al 0x12b36: cmp al, 0 0x12b38: jne 0x12b30 0x12b3a: ret 0x12b3b: mov ah, 0x19 0x12b3d: int 0x21 0x12b3f: mov cx, 0x1111 0x12b42: mov dx, 0 |
| 2018-12-25T11:41:59.546423657Z | 44 | PC: 12b25 | Get time 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al 0x12b36: cmp al, 0 0x12b38: jne 0x12b30 0x12b3a: ret 0x12b3b: mov ah, 0x19 0x12b3d: int 0x21 0x12b3f: mov cx, 0x1111 0x12b42: mov dx, 0 0x12b45: int 0x26 0x12b47: add sp, 2 0x12b4a: ret 0x12b4b: mov ah, 0x13 0x12b4d: push cs |
{"DateBased":true,"Day":1,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":898,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:41:59.399175524Z | 26 | PC: 12a73 | Set disk transfer address |
| 2018-12-25T11:41:59.414446651Z | 37 | PC: 12a81 | Set interrupt vector (Interrupt = '1' AKA 'Character input') |
| 2018-12-25T11:41:59.415923469Z | 37 | PC: 12a85 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input') |
| 2018-12-25T11:41:59.41748561Z | 78 | PC: 12ad1 | Find first file |
| 2018-12-25T11:41:59.424779601Z | 61 | PC: 12d4a | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:41:59.432358259Z | 63 | PC: 12d59 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T11:41:59.439720094Z | 66 | PC: 12d68 | Move file pointer |
| 2018-12-25T11:41:59.441936264Z | 66 | PC: 12d77 | Move file pointer |
| 2018-12-25T11:41:59.443979674Z | 64 | PC: 12d83 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:41:59.446478404Z | 66 | PC: 12d8f | Move file pointer |
| 2018-12-25T11:41:59.448057031Z | 44 | PC: 12d93 | Get time 0x12d93: mov byte ptr [bp + 0x476], dl 0x12d97: call 0x12dad 0x12d9a: mov ah, 0x40 0x12d9c: mov cx, 0x376 0x12d9f: lea dx, word ptr [bp + 0x106] 0x12da3: int 0x21 0x12da5: call 0x12dad 0x12da8: mov ah, 0x3e 0x12daa: int 0x21 0x12dac: ret 0x12dad: lea si, word ptr [bp + 0x120] 0x12db1: mov cx, 0x337 0x12db4: xor byte ptr [si], 0 0x12db7: inc si 0x12db8: dec cx 0x12db9: jne 0x12db4 0x12dbb: ret 0x12dbc: add word ptr [bx], di 0x12dbe: aas 0x12dbf: aas |
| 2018-12-25T11:41:59.458065948Z | 64 | PC: 12da5 | Write file or device (Write 886 bytes on handle 5) |
| 2018-12-25T11:41:59.474524297Z | 62 | PC: 12dac | Close file |
| 2018-12-25T11:41:59.483744081Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:41:59.487437778Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:41:59.495023351Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:41:59.502344312Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:41:59.505335402Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:41:59.513609116Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:41:59.516638309Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:41:59.524985288Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:41:59.528130333Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:41:59.537732418Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:41:59.547335941Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:41:59.550919723Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:41:59.558868668Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:41:59.567009598Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:41:59.570200985Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:41:59.572152407Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:41:59.575419142Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:41:59.582590436Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:41:59.587612527Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:41:59.599027442Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:41:59.611390479Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:41:59.614273809Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:41:59.6211995Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:41:59.628187123Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:41:59.630089227Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:41:59.63169078Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:41:59.634662996Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:41:59.636302943Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:41:59.639080185Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:41:59.648093296Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:41:59.668367476Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:41:59.672094663Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:41:59.677689673Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:41:59.684694785Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:41:59.685855599Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:41:59.688585326Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:41:59.692744225Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:41:59.69422726Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:41:59.697085135Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:41:59.706600829Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:41:59.715589935Z | 26 | PC: 12aeb | Set disk transfer address |
| 2018-12-25T11:41:59.717019983Z | 42 | PC: 12af7 | Get date 0x12af7: cmp dh, 7 0x12afa: jne 0x12b04 0x12afc: cmp dl, 0xe 0x12aff: jne 0x12b04 0x12b01: call 0x12b2e 0x12b04: mov ah, 0x2a 0x12b06: int 0x21 0x12b08: cmp dh, 0xb 0x12b0b: jl 0x12b15 0x12b0d: cmp dl, 8 0x12b10: jl 0x12b15 0x12b12: call 0x12b3b 0x12b15: mov ah, 0x2a 0x12b17: int 0x21 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 |
| 2018-12-25T11:41:59.720395675Z | 42 | PC: 12b08 | Get date 0x12b08: cmp dh, 0xb 0x12b0b: jl 0x12b15 0x12b0d: cmp dl, 8 0x12b10: jl 0x12b15 0x12b12: call 0x12b3b 0x12b15: mov ah, 0x2a 0x12b17: int 0x21 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al |
| 2018-12-25T11:41:59.722997239Z | 42 | PC: 12b19 | Get date 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al 0x12b36: cmp al, 0 0x12b38: jne 0x12b30 0x12b3a: ret 0x12b3b: mov ah, 0x19 0x12b3d: int 0x21 0x12b3f: mov cx, 0x1111 0x12b42: mov dx, 0 |
| 2018-12-25T11:41:59.725271265Z | 19 | PC: 12b55 | Delete file |
| 2018-12-25T11:41:59.732245496Z | 44 | PC: 12b25 | Get time 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al 0x12b36: cmp al, 0 0x12b38: jne 0x12b30 0x12b3a: ret 0x12b3b: mov ah, 0x19 0x12b3d: int 0x21 0x12b3f: mov cx, 0x1111 0x12b42: mov dx, 0 0x12b45: int 0x26 0x12b47: add sp, 2 0x12b4a: ret 0x12b4b: mov ah, 0x13 0x12b4d: push cs |
{"DateBased":true,"Day":8,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":898,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:41:59.418137542Z | 26 | PC: 12a73 | Set disk transfer address |
| 2018-12-25T11:41:59.433181654Z | 37 | PC: 12a81 | Set interrupt vector (Interrupt = '1' AKA 'Character input') |
| 2018-12-25T11:41:59.435085151Z | 37 | PC: 12a85 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input') |
| 2018-12-25T11:41:59.439578534Z | 78 | PC: 12ad1 | Find first file |
| 2018-12-25T11:41:59.44702294Z | 61 | PC: 12d4a | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:41:59.459771742Z | 63 | PC: 12d59 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T11:41:59.468043485Z | 66 | PC: 12d68 | Move file pointer |
| 2018-12-25T11:41:59.470379325Z | 66 | PC: 12d77 | Move file pointer |
| 2018-12-25T11:41:59.47350189Z | 64 | PC: 12d83 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:41:59.476478946Z | 66 | PC: 12d8f | Move file pointer |
| 2018-12-25T11:41:59.478391381Z | 44 | PC: 12d93 | Get time 0x12d93: mov byte ptr [bp + 0x476], dl 0x12d97: call 0x12dad 0x12d9a: mov ah, 0x40 0x12d9c: mov cx, 0x376 0x12d9f: lea dx, word ptr [bp + 0x106] 0x12da3: int 0x21 0x12da5: call 0x12dad 0x12da8: mov ah, 0x3e 0x12daa: int 0x21 0x12dac: ret 0x12dad: lea si, word ptr [bp + 0x120] 0x12db1: mov cx, 0x337 0x12db4: xor byte ptr [si], 0 0x12db7: inc si 0x12db8: dec cx 0x12db9: jne 0x12db4 0x12dbb: ret 0x12dbc: add word ptr [bx], di 0x12dbe: aas 0x12dbf: aas |
| 2018-12-25T11:41:59.482207258Z | 64 | PC: 12da5 | Write file or device (Write 886 bytes on handle 5) |
| 2018-12-25T11:41:59.499882593Z | 62 | PC: 12dac | Close file |
| 2018-12-25T11:41:59.512737398Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:41:59.517127413Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:41:59.525283064Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:41:59.532468545Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:41:59.534534578Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:41:59.53647043Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:41:59.539621469Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:41:59.541375448Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:41:59.545454351Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:41:59.555605074Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:41:59.564783169Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:41:59.569504241Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:41:59.576780441Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:41:59.591329596Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:41:59.59590957Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:41:59.59786438Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:41:59.601067985Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:41:59.603191598Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:41:59.608868147Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:41:59.618176932Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:41:59.627740916Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:41:59.631042524Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:41:59.638451302Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:41:59.645466343Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:41:59.651652547Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:41:59.653309247Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:41:59.655628057Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:41:59.657404161Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:41:59.660248362Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:41:59.668762266Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:41:59.677097893Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:41:59.680605644Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:41:59.688228945Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:41:59.696155821Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:41:59.697923599Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:41:59.700044872Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:41:59.704434524Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:41:59.706497035Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:41:59.70930034Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:41:59.718771653Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:41:59.728794588Z | 26 | PC: 12aeb | Set disk transfer address |
| 2018-12-25T11:41:59.730041879Z | 42 | PC: 12af7 | Get date 0x12af7: cmp dh, 7 0x12afa: jne 0x12b04 0x12afc: cmp dl, 0xe 0x12aff: jne 0x12b04 0x12b01: call 0x12b2e 0x12b04: mov ah, 0x2a 0x12b06: int 0x21 0x12b08: cmp dh, 0xb 0x12b0b: jl 0x12b15 0x12b0d: cmp dl, 8 0x12b10: jl 0x12b15 0x12b12: call 0x12b3b 0x12b15: mov ah, 0x2a 0x12b17: int 0x21 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 |
| 2018-12-25T11:41:59.732564123Z | 42 | PC: 12b08 | Get date 0x12b08: cmp dh, 0xb 0x12b0b: jl 0x12b15 0x12b0d: cmp dl, 8 0x12b10: jl 0x12b15 0x12b12: call 0x12b3b 0x12b15: mov ah, 0x2a 0x12b17: int 0x21 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al |
| 2018-12-25T11:41:59.736278559Z | 25 | PC: 12b3f | Get default drive |
| 2018-12-25T11:41:59.739628741Z | 42 | PC: 12b19 | Get date 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al 0x12b36: cmp al, 0 0x12b38: jne 0x12b30 0x12b3a: ret 0x12b3b: mov ah, 0x19 0x12b3d: int 0x21 0x12b3f: mov cx, 0x1111 0x12b42: mov dx, 0 |
| 2018-12-25T11:41:59.742037186Z | 19 | PC: 12b55 | Delete file |
| 2018-12-25T11:41:59.753390828Z | 44 | PC: 12b25 | Get time 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al 0x12b36: cmp al, 0 0x12b38: jne 0x12b30 0x12b3a: ret 0x12b3b: mov ah, 0x19 0x12b3d: int 0x21 0x12b3f: mov cx, 0x1111 0x12b42: mov dx, 0 0x12b45: int 0x26 0x12b47: add sp, 2 0x12b4a: ret 0x12b4b: mov ah, 0x13 0x12b4d: push cs |
| 2018-12-25T11:41:59.756599623Z | 9 | PC: 12b88 | Display string (Could not find end pointer) |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":898,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:41:59.686262735Z | 26 | PC: 12a73 | Set disk transfer address |
| 2018-12-25T11:41:59.687637832Z | 37 | PC: 12a81 | Set interrupt vector (Interrupt = '1' AKA 'Character input') |
| 2018-12-25T11:41:59.688831884Z | 37 | PC: 12a85 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input') |
| 2018-12-25T11:41:59.689964931Z | 78 | PC: 12ad1 | Find first file |
| 2018-12-25T11:41:59.702866639Z | 61 | PC: 12d4a | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:41:59.707816463Z | 63 | PC: 12d59 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T11:41:59.712229883Z | 66 | PC: 12d68 | Move file pointer |
| 2018-12-25T11:41:59.714176077Z | 66 | PC: 12d77 | Move file pointer |
| 2018-12-25T11:41:59.715470879Z | 64 | PC: 12d83 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:41:59.717488446Z | 66 | PC: 12d8f | Move file pointer |
| 2018-12-25T11:41:59.719946841Z | 44 | PC: 12d93 | Get time 0x12d93: mov byte ptr [bp + 0x476], dl 0x12d97: call 0x12dad 0x12d9a: mov ah, 0x40 0x12d9c: mov cx, 0x376 0x12d9f: lea dx, word ptr [bp + 0x106] 0x12da3: int 0x21 0x12da5: call 0x12dad 0x12da8: mov ah, 0x3e 0x12daa: int 0x21 0x12dac: ret 0x12dad: lea si, word ptr [bp + 0x120] 0x12db1: mov cx, 0x337 0x12db4: xor byte ptr [si], 0 0x12db7: inc si 0x12db8: dec cx 0x12db9: jne 0x12db4 0x12dbb: ret 0x12dbc: add word ptr [bx], di 0x12dbe: aas 0x12dbf: aas |
| 2018-12-25T11:41:59.72177796Z | 64 | PC: 12da5 | Write file or device (Write 886 bytes on handle 5) |
| 2018-12-25T11:41:59.734919166Z | 62 | PC: 12dac | Close file |
| 2018-12-25T11:41:59.742696198Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:41:59.75378779Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:41:59.768136091Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:41:59.776809528Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:41:59.779750922Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:41:59.78115776Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:41:59.783748149Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:41:59.785729106Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:41:59.788194137Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:41:59.796432588Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:41:59.805761348Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:41:59.808356173Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:41:59.820266168Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:41:59.82775929Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:41:59.829229661Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:41:59.830733871Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:41:59.834724816Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:41:59.837735758Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:41:59.840369872Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:41:59.848845773Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:41:59.857605347Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:41:59.860649442Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:41:59.867381589Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:41:59.874399937Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:41:59.875994448Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:41:59.87754936Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:41:59.880796388Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:41:59.882409539Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:41:59.885029116Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:41:59.893832741Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:41:59.902553638Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:41:59.905780551Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:41:59.912846793Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:41:59.91922417Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:41:59.92075076Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:41:59.922832532Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:41:59.925511946Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:41:59.927000846Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:41:59.930171997Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:41:59.938469026Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:41:59.946894781Z | 26 | PC: 12aeb | Set disk transfer address |
| 2018-12-25T11:41:59.948817607Z | 42 | PC: 12af7 | Get date 0x12af7: cmp dh, 7 0x12afa: jne 0x12b04 0x12afc: cmp dl, 0xe 0x12aff: jne 0x12b04 0x12b01: call 0x12b2e 0x12b04: mov ah, 0x2a 0x12b06: int 0x21 0x12b08: cmp dh, 0xb 0x12b0b: jl 0x12b15 0x12b0d: cmp dl, 8 0x12b10: jl 0x12b15 0x12b12: call 0x12b3b 0x12b15: mov ah, 0x2a 0x12b17: int 0x21 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 |
| 2018-12-25T11:41:59.951162106Z | 42 | PC: 12b08 | Get date 0x12b08: cmp dh, 0xb 0x12b0b: jl 0x12b15 0x12b0d: cmp dl, 8 0x12b10: jl 0x12b15 0x12b12: call 0x12b3b 0x12b15: mov ah, 0x2a 0x12b17: int 0x21 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al |
| 2018-12-25T11:41:59.953459244Z | 42 | PC: 12b19 | Get date 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al 0x12b36: cmp al, 0 0x12b38: jne 0x12b30 0x12b3a: ret 0x12b3b: mov ah, 0x19 0x12b3d: int 0x21 0x12b3f: mov cx, 0x1111 0x12b42: mov dx, 0 |
| 2018-12-25T11:41:59.956829993Z | 44 | PC: 12b25 | Get time 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al 0x12b36: cmp al, 0 0x12b38: jne 0x12b30 0x12b3a: ret 0x12b3b: mov ah, 0x19 0x12b3d: int 0x21 0x12b3f: mov cx, 0x1111 0x12b42: mov dx, 0 0x12b45: int 0x26 0x12b47: add sp, 2 0x12b4a: ret 0x12b4b: mov ah, 0x13 0x12b4d: push cs |
{"DateBased":true,"Day":1,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":898,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:42:00.170407643Z | 26 | PC: 12a73 | Set disk transfer address |
| 2018-12-25T11:42:00.172588458Z | 37 | PC: 12a81 | Set interrupt vector (Interrupt = '1' AKA 'Character input') |
| 2018-12-25T11:42:00.173574117Z | 37 | PC: 12a85 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input') |
| 2018-12-25T11:42:00.175005214Z | 78 | PC: 12ad1 | Find first file |
| 2018-12-25T11:42:00.182950615Z | 61 | PC: 12d4a | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:42:00.189386564Z | 63 | PC: 12d59 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T11:42:00.196224229Z | 66 | PC: 12d68 | Move file pointer |
| 2018-12-25T11:42:00.198178498Z | 66 | PC: 12d77 | Move file pointer |
| 2018-12-25T11:42:00.200354637Z | 64 | PC: 12d83 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:42:00.203045191Z | 66 | PC: 12d8f | Move file pointer |
| 2018-12-25T11:42:00.204658041Z | 44 | PC: 12d93 | Get time 0x12d93: mov byte ptr [bp + 0x476], dl 0x12d97: call 0x12dad 0x12d9a: mov ah, 0x40 0x12d9c: mov cx, 0x376 0x12d9f: lea dx, word ptr [bp + 0x106] 0x12da3: int 0x21 0x12da5: call 0x12dad 0x12da8: mov ah, 0x3e 0x12daa: int 0x21 0x12dac: ret 0x12dad: lea si, word ptr [bp + 0x120] 0x12db1: mov cx, 0x337 0x12db4: xor byte ptr [si], 0 0x12db7: inc si 0x12db8: dec cx 0x12db9: jne 0x12db4 0x12dbb: ret 0x12dbc: add word ptr [bx], di 0x12dbe: aas 0x12dbf: aas |
| 2018-12-25T11:42:00.207458419Z | 64 | PC: 12da5 | Write file or device (Write 886 bytes on handle 5) |
| 2018-12-25T11:42:00.222067178Z | 62 | PC: 12dac | Close file |
| 2018-12-25T11:42:00.231348482Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:42:00.234737263Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:42:00.240053833Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:42:00.246529298Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:42:00.248904707Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:42:00.251012665Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:42:00.254247818Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:42:00.256165519Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:42:00.258930545Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:42:00.498669929Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:42:00.85075368Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:42:00.853675762Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:42:00.861374936Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:42:00.867783968Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:42:00.86900693Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:42:00.870849968Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:42:00.888068377Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:42:00.891150525Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:42:00.893623959Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:42:00.89987318Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:42:00.905031869Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:42:00.907814693Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:42:00.911881264Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:42:00.915826634Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:42:00.917699568Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:42:00.919079386Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:42:00.922080972Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:42:00.924321876Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:42:00.927120677Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:42:00.935770778Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:42:00.944399792Z | 79 | PC: 12ad1 | Find next file (See above) |
| 2018-12-25T11:42:00.946949744Z | 61 | PC: 12d4a | Open file (See above) |
| 2018-12-25T11:42:00.953363197Z | 63 | PC: 12d59 | Read file or device (See above) |
| 2018-12-25T11:42:00.96025832Z | 66 | PC: 12d68 | Move file pointer (See above) |
| 2018-12-25T11:42:00.96161737Z | 66 | PC: 12d77 | Move file pointer (See above) |
| 2018-12-25T11:42:00.962865343Z | 64 | PC: 12d83 | Write file or device (See above) |
| 2018-12-25T11:42:00.96606674Z | 66 | PC: 12d8f | Move file pointer (See above) |
| 2018-12-25T11:42:00.967607983Z | 44 | PC: 12d93 | Get time (See above) |
| 2018-12-25T11:42:00.970179097Z | 64 | PC: 12da5 | Write file or device (See above) |
| 2018-12-25T11:42:00.979237688Z | 62 | PC: 12dac | Close file (See above) |
| 2018-12-25T11:42:00.987583483Z | 26 | PC: 12aeb | Set disk transfer address |
| 2018-12-25T11:42:00.988883824Z | 42 | PC: 12af7 | Get date 0x12af7: cmp dh, 7 0x12afa: jne 0x12b04 0x12afc: cmp dl, 0xe 0x12aff: jne 0x12b04 0x12b01: call 0x12b2e 0x12b04: mov ah, 0x2a 0x12b06: int 0x21 0x12b08: cmp dh, 0xb 0x12b0b: jl 0x12b15 0x12b0d: cmp dl, 8 0x12b10: jl 0x12b15 0x12b12: call 0x12b3b 0x12b15: mov ah, 0x2a 0x12b17: int 0x21 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 |
| 2018-12-25T11:42:00.991438817Z | 42 | PC: 12b08 | Get date 0x12b08: cmp dh, 0xb 0x12b0b: jl 0x12b15 0x12b0d: cmp dl, 8 0x12b10: jl 0x12b15 0x12b12: call 0x12b3b 0x12b15: mov ah, 0x2a 0x12b17: int 0x21 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al |
| 2018-12-25T11:42:00.994060875Z | 42 | PC: 12b19 | Get date 0x12b19: cmp dh, 3 0x12b1c: jl 0x12b21 0x12b1e: call 0x12b4b 0x12b21: mov ah, 0x2c 0x12b23: int 0x21 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al 0x12b36: cmp al, 0 0x12b38: jne 0x12b30 0x12b3a: ret 0x12b3b: mov ah, 0x19 0x12b3d: int 0x21 0x12b3f: mov cx, 0x1111 0x12b42: mov dx, 0 |
| 2018-12-25T11:42:00.996292175Z | 19 | PC: 12b55 | Delete file |
| 2018-12-25T11:42:01.003540541Z | 44 | PC: 12b25 | Get time 0x12b25: cmp dl, 0x19 0x12b28: jge 0x12b2d 0x12b2a: call 0x12b7e 0x12b2d: ret 0x12b2e: mov al, 0x25 0x12b30: out 0x70, al 0x12b32: out 0x71, al 0x12b34: dec al 0x12b36: cmp al, 0 0x12b38: jne 0x12b30 0x12b3a: ret 0x12b3b: mov ah, 0x19 0x12b3d: int 0x21 0x12b3f: mov cx, 0x1111 0x12b42: mov dx, 0 0x12b45: int 0x26 0x12b47: add sp, 2 0x12b4a: ret 0x12b4b: mov ah, 0x13 0x12b4d: push cs |