{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11924,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:31:29.977519737Z | 48 | PC: 15169 | Get DOS version |
| 2018-12-25T12:31:29.979705175Z | 47 | PC: 15175 | Get disk transfer address |
| 2018-12-25T12:31:29.980816095Z | 26 | PC: 15188 | Set disk transfer address |
| 2018-12-25T12:31:29.981851518Z | 42 | PC: 15198 | Get date 0x15198: cmp cx, 0x7c6 0x1519c: jge 0x151a1 0x1519e: jmp 0x151d9 0x151a0: nop 0x151a1: mov ah, 0x2a 0x151a3: int 0x21 0x151a5: cmp dh, 9 0x151a8: jge 0x151ad 0x151aa: jmp 0x151d9 0x151ac: nop 0x151ad: mov ah, 0x2a 0x151af: int 0x21 0x151b1: cmp dl, 4 0x151b4: jge 0x151b9 0x151b6: jmp 0x151d9 0x151b8: nop 0x151b9: mov al, byte ptr [0x359] 0x151bc: call 0x151cc 0x151bf: cmp byte ptr [0x359], 0x19 0x151c4: je 0x151d9 |
| 2018-12-25T12:31:29.985084651Z | 78 | PC: 1525c | Find first file |
| 2018-12-25T12:31:29.991315233Z | 67 | PC: 1529a | Get or set file attributes |
| 2018-12-25T12:31:29.996843476Z | 67 | PC: 152ac | Get or set file attributes |
| 2018-12-25T12:31:30.018673076Z | 61 | PC: 152b7 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:31:30.030281352Z | 87 | PC: 152c3 | Get or set file date and time |
| 2018-12-25T12:31:30.031864786Z | 44 | PC: 152cf | Get time 0x152cf: and dh, 7 0x152d2: jmp 0x152d5 0x152d4: nop 0x152d5: mov ah, 0x3f 0x152d7: mov cx, 3 0x152da: mov dx, 0x1d 0x152dd: nop 0x152de: add dx, si 0x152e0: int 0x21 0x152e2: jb 0x15339 0x152e4: cmp ax, 3 0x152e7: jne 0x15339 0x152e9: mov ax, 0x4202 0x152ec: mov cx, 0 0x152ef: mov dx, 0 0x152f2: int 0x21 0x152f4: jb 0x15339 0x152f6: mov cx, ax 0x152f8: sub ax, 3 0x152fb: mov word ptr [si + 0x21], ax |
| 2018-12-25T12:31:30.034243051Z | 63 | PC: 152e2 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:31:30.040903762Z | 66 | PC: 152f4 | Move file pointer |
| 2018-12-25T12:31:30.0424789Z | 64 | PC: 15318 | Write file or device (Write 716 bytes on handle 5) |
| 2018-12-25T12:31:30.051072041Z | 66 | PC: 1532a | Move file pointer |
| 2018-12-25T12:31:30.053380322Z | 64 | PC: 15339 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:31:30.05973573Z | 87 | PC: 1534c | Get or set file date and time |
| 2018-12-25T12:31:30.061427615Z | 62 | PC: 15350 | Close file |
| 2018-12-25T12:31:30.069695046Z | 67 | PC: 1535f | Get or set file attributes |
| 2018-12-25T12:31:30.079409041Z | 26 | PC: 1536c | Set disk transfer address |
| 2018-12-25T12:31:30.080583416Z | 76 | PC: 1514d | Terminate with return code (Return code = '0') |
{"DateBased":true,"Day":1,"Month":1,"Year":1990,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11924,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:31:30.089745732Z | 48 | PC: 15169 | Get DOS version |
| 2018-12-25T12:31:30.091761373Z | 47 | PC: 15175 | Get disk transfer address |
| 2018-12-25T12:31:30.093104851Z | 26 | PC: 15188 | Set disk transfer address |
| 2018-12-25T12:31:30.09433018Z | 42 | PC: 15198 | Get date 0x15198: cmp cx, 0x7c6 0x1519c: jge 0x151a1 0x1519e: jmp 0x151d9 0x151a0: nop 0x151a1: mov ah, 0x2a 0x151a3: int 0x21 0x151a5: cmp dh, 9 0x151a8: jge 0x151ad 0x151aa: jmp 0x151d9 0x151ac: nop 0x151ad: mov ah, 0x2a 0x151af: int 0x21 0x151b1: cmp dl, 4 0x151b4: jge 0x151b9 0x151b6: jmp 0x151d9 0x151b8: nop 0x151b9: mov al, byte ptr [0x359] 0x151bc: call 0x151cc 0x151bf: cmp byte ptr [0x359], 0x19 0x151c4: je 0x151d9 |
| 2018-12-25T12:31:30.097256566Z | 42 | PC: 151a5 | Get date 0x151a5: cmp dh, 9 0x151a8: jge 0x151ad 0x151aa: jmp 0x151d9 0x151ac: nop 0x151ad: mov ah, 0x2a 0x151af: int 0x21 0x151b1: cmp dl, 4 0x151b4: jge 0x151b9 0x151b6: jmp 0x151d9 0x151b8: nop 0x151b9: mov al, byte ptr [0x359] 0x151bc: call 0x151cc 0x151bf: cmp byte ptr [0x359], 0x19 0x151c4: je 0x151d9 0x151c6: inc byte ptr [0x359] 0x151ca: loop 0x151b9 0x151cc: mov ah, 5 0x151ce: mov ch, 0 0x151d0: mov dh, 0 0x151d2: mov dl, byte ptr [0x359] |
| 2018-12-25T12:31:30.100409307Z | 78 | PC: 1525c | Find first file |
| 2018-12-25T12:31:30.107510336Z | 67 | PC: 1529a | Get or set file attributes |
| 2018-12-25T12:31:30.114209131Z | 67 | PC: 152ac | Get or set file attributes |
| 2018-12-25T12:31:30.407455615Z | 61 | PC: 152b7 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:31:30.415232046Z | 87 | PC: 152c3 | Get or set file date and time |
| 2018-12-25T12:31:30.417215252Z | 44 | PC: 152cf | Get time 0x152cf: and dh, 7 0x152d2: jmp 0x152d5 0x152d4: nop 0x152d5: mov ah, 0x3f 0x152d7: mov cx, 3 0x152da: mov dx, 0x1d 0x152dd: nop 0x152de: add dx, si 0x152e0: int 0x21 0x152e2: jb 0x15339 0x152e4: cmp ax, 3 0x152e7: jne 0x15339 0x152e9: mov ax, 0x4202 0x152ec: mov cx, 0 0x152ef: mov dx, 0 0x152f2: int 0x21 0x152f4: jb 0x15339 0x152f6: mov cx, ax 0x152f8: sub ax, 3 0x152fb: mov word ptr [si + 0x21], ax |
| 2018-12-25T12:31:30.4210559Z | 63 | PC: 152e2 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:31:30.42902038Z | 66 | PC: 152f4 | Move file pointer |
| 2018-12-25T12:31:30.43108477Z | 64 | PC: 15318 | Write file or device (Write 716 bytes on handle 5) |
| 2018-12-25T12:31:30.442143087Z | 66 | PC: 1532a | Move file pointer |
| 2018-12-25T12:31:30.444653718Z | 64 | PC: 15339 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:31:30.456910463Z | 87 | PC: 1534c | Get or set file date and time |
| 2018-12-25T12:31:30.459820785Z | 62 | PC: 15350 | Close file |
| 2018-12-25T12:31:30.469236343Z | 67 | PC: 1535f | Get or set file attributes |
| 2018-12-25T12:31:30.48273913Z | 26 | PC: 1536c | Set disk transfer address |
| 2018-12-25T12:31:30.485325632Z | 76 | PC: 1514d | Terminate with return code (Return code = '0') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11924,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:31:30.611437581Z | 48 | PC: 15169 | Get DOS version |
| 2018-12-25T12:31:30.614900067Z | 47 | PC: 15175 | Get disk transfer address |
| 2018-12-25T12:31:30.616550398Z | 26 | PC: 15188 | Set disk transfer address |
| 2018-12-25T12:31:30.618200075Z | 42 | PC: 15198 | Get date 0x15198: cmp cx, 0x7c6 0x1519c: jge 0x151a1 0x1519e: jmp 0x151d9 0x151a0: nop 0x151a1: mov ah, 0x2a 0x151a3: int 0x21 0x151a5: cmp dh, 9 0x151a8: jge 0x151ad 0x151aa: jmp 0x151d9 0x151ac: nop 0x151ad: mov ah, 0x2a 0x151af: int 0x21 0x151b1: cmp dl, 4 0x151b4: jge 0x151b9 0x151b6: jmp 0x151d9 0x151b8: nop 0x151b9: mov al, byte ptr [0x359] 0x151bc: call 0x151cc 0x151bf: cmp byte ptr [0x359], 0x19 0x151c4: je 0x151d9 |
| 2018-12-25T12:31:30.622241178Z | 78 | PC: 1525c | Find first file |
| 2018-12-25T12:31:30.629465143Z | 67 | PC: 1529a | Get or set file attributes |
| 2018-12-25T12:31:30.636232871Z | 67 | PC: 152ac | Get or set file attributes |
| 2018-12-25T12:31:30.6546284Z | 61 | PC: 152b7 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:31:30.663411743Z | 87 | PC: 152c3 | Get or set file date and time |
| 2018-12-25T12:31:30.665444355Z | 44 | PC: 152cf | Get time 0x152cf: and dh, 7 0x152d2: jmp 0x152d5 0x152d4: nop 0x152d5: mov ah, 0x3f 0x152d7: mov cx, 3 0x152da: mov dx, 0x1d 0x152dd: nop 0x152de: add dx, si 0x152e0: int 0x21 0x152e2: jb 0x15339 0x152e4: cmp ax, 3 0x152e7: jne 0x15339 0x152e9: mov ax, 0x4202 0x152ec: mov cx, 0 0x152ef: mov dx, 0 0x152f2: int 0x21 0x152f4: jb 0x15339 0x152f6: mov cx, ax 0x152f8: sub ax, 3 0x152fb: mov word ptr [si + 0x21], ax |
| 2018-12-25T12:31:30.668428203Z | 63 | PC: 152e2 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:31:30.688849895Z | 66 | PC: 152f4 | Move file pointer |
| 2018-12-25T12:31:30.690832226Z | 64 | PC: 15318 | Write file or device (Write 716 bytes on handle 5) |
| 2018-12-25T12:31:30.700653431Z | 66 | PC: 1532a | Move file pointer |
| 2018-12-25T12:31:30.703070028Z | 64 | PC: 15339 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:31:30.710682972Z | 87 | PC: 1534c | Get or set file date and time |
| 2018-12-25T12:31:30.712800268Z | 62 | PC: 15350 | Close file |
| 2018-12-25T12:31:30.725061937Z | 67 | PC: 1535f | Get or set file attributes |
| 2018-12-25T12:31:30.736542436Z | 26 | PC: 1536c | Set disk transfer address |
| 2018-12-25T12:31:30.738212422Z | 76 | PC: 1514d | Terminate with return code (Return code = '0') |
{"DateBased":true,"Day":1,"Month":9,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11924,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:31:31.137857617Z | 48 | PC: 15169 | Get DOS version |
| 2018-12-25T12:31:31.139589474Z | 47 | PC: 15175 | Get disk transfer address |
| 2018-12-25T12:31:31.140774902Z | 26 | PC: 15188 | Set disk transfer address |
| 2018-12-25T12:31:31.141949458Z | 42 | PC: 15198 | Get date 0x15198: cmp cx, 0x7c6 0x1519c: jge 0x151a1 0x1519e: jmp 0x151d9 0x151a0: nop 0x151a1: mov ah, 0x2a 0x151a3: int 0x21 0x151a5: cmp dh, 9 0x151a8: jge 0x151ad 0x151aa: jmp 0x151d9 0x151ac: nop 0x151ad: mov ah, 0x2a 0x151af: int 0x21 0x151b1: cmp dl, 4 0x151b4: jge 0x151b9 0x151b6: jmp 0x151d9 0x151b8: nop 0x151b9: mov al, byte ptr [0x359] 0x151bc: call 0x151cc 0x151bf: cmp byte ptr [0x359], 0x19 0x151c4: je 0x151d9 |
| 2018-12-25T12:31:31.144951305Z | 78 | PC: 1525c | Find first file |
| 2018-12-25T12:31:31.151657606Z | 67 | PC: 1529a | Get or set file attributes |
| 2018-12-25T12:31:31.158074193Z | 67 | PC: 152ac | Get or set file attributes |
| 2018-12-25T12:31:31.176945172Z | 61 | PC: 152b7 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:31:31.184403708Z | 87 | PC: 152c3 | Get or set file date and time |
| 2018-12-25T12:31:31.186363746Z | 44 | PC: 152cf | Get time 0x152cf: and dh, 7 0x152d2: jmp 0x152d5 0x152d4: nop 0x152d5: mov ah, 0x3f 0x152d7: mov cx, 3 0x152da: mov dx, 0x1d 0x152dd: nop 0x152de: add dx, si 0x152e0: int 0x21 0x152e2: jb 0x15339 0x152e4: cmp ax, 3 0x152e7: jne 0x15339 0x152e9: mov ax, 0x4202 0x152ec: mov cx, 0 0x152ef: mov dx, 0 0x152f2: int 0x21 0x152f4: jb 0x15339 0x152f6: mov cx, ax 0x152f8: sub ax, 3 0x152fb: mov word ptr [si + 0x21], ax |
| 2018-12-25T12:31:31.189094217Z | 63 | PC: 152e2 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:31:31.197145632Z | 66 | PC: 152f4 | Move file pointer |
| 2018-12-25T12:31:31.199019001Z | 64 | PC: 15318 | Write file or device (Write 716 bytes on handle 5) |
| 2018-12-25T12:31:31.208875871Z | 66 | PC: 1532a | Move file pointer |
| 2018-12-25T12:31:31.21145904Z | 64 | PC: 15339 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:31:31.218850561Z | 87 | PC: 1534c | Get or set file date and time |
| 2018-12-25T12:31:31.220784821Z | 62 | PC: 15350 | Close file |
| 2018-12-25T12:31:31.230373887Z | 67 | PC: 1535f | Get or set file attributes |
| 2018-12-25T12:31:31.24159737Z | 26 | PC: 1536c | Set disk transfer address |
| 2018-12-25T12:31:31.243130297Z | 76 | PC: 1514d | Terminate with return code (Return code = '0') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11924,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:31:32.295564159Z | 48 | PC: 15169 | Get DOS version |
| 2018-12-25T12:31:32.297209445Z | 47 | PC: 15175 | Get disk transfer address |
| 2018-12-25T12:31:32.298385498Z | 26 | PC: 15188 | Set disk transfer address |
| 2018-12-25T12:31:32.29993678Z | 42 | PC: 15198 | Get date 0x15198: cmp cx, 0x7c6 0x1519c: jge 0x151a1 0x1519e: jmp 0x151d9 0x151a0: nop 0x151a1: mov ah, 0x2a 0x151a3: int 0x21 0x151a5: cmp dh, 9 0x151a8: jge 0x151ad 0x151aa: jmp 0x151d9 0x151ac: nop 0x151ad: mov ah, 0x2a 0x151af: int 0x21 0x151b1: cmp dl, 4 0x151b4: jge 0x151b9 0x151b6: jmp 0x151d9 0x151b8: nop 0x151b9: mov al, byte ptr [0x359] 0x151bc: call 0x151cc 0x151bf: cmp byte ptr [0x359], 0x19 0x151c4: je 0x151d9 |
| 2018-12-25T12:31:32.305080652Z | 78 | PC: 1525c | Find first file |
| 2018-12-25T12:31:32.318653582Z | 67 | PC: 1529a | Get or set file attributes |
| 2018-12-25T12:31:32.331880474Z | 67 | PC: 152ac | Get or set file attributes |
| 2018-12-25T12:31:32.363058258Z | 61 | PC: 152b7 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:31:32.369614506Z | 87 | PC: 152c3 | Get or set file date and time |
| 2018-12-25T12:31:32.371013361Z | 44 | PC: 152cf | Get time 0x152cf: and dh, 7 0x152d2: jmp 0x152d5 0x152d4: nop 0x152d5: mov ah, 0x3f 0x152d7: mov cx, 3 0x152da: mov dx, 0x1d 0x152dd: nop 0x152de: add dx, si 0x152e0: int 0x21 0x152e2: jb 0x15339 0x152e4: cmp ax, 3 0x152e7: jne 0x15339 0x152e9: mov ax, 0x4202 0x152ec: mov cx, 0 0x152ef: mov dx, 0 0x152f2: int 0x21 0x152f4: jb 0x15339 0x152f6: mov cx, ax 0x152f8: sub ax, 3 0x152fb: mov word ptr [si + 0x21], ax |
| 2018-12-25T12:31:32.382023353Z | 63 | PC: 152e2 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:31:32.388407587Z | 66 | PC: 152f4 | Move file pointer |
| 2018-12-25T12:31:32.389869042Z | 64 | PC: 15318 | Write file or device (Write 716 bytes on handle 5) |
| 2018-12-25T12:31:32.416566282Z | 66 | PC: 1532a | Move file pointer |
| 2018-12-25T12:31:32.418382738Z | 64 | PC: 15339 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:31:32.425140692Z | 87 | PC: 1534c | Get or set file date and time |
| 2018-12-25T12:31:32.42696478Z | 62 | PC: 15350 | Close file |
| 2018-12-25T12:31:32.435552471Z | 67 | PC: 1535f | Get or set file attributes |
| 2018-12-25T12:31:32.445540674Z | 26 | PC: 1536c | Set disk transfer address |
| 2018-12-25T12:31:32.446981311Z | 76 | PC: 1514d | Terminate with return code (Return code = '0') |
{"DateBased":true,"Day":4,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11924,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:31:32.371147817Z | 48 | PC: 15169 | Get DOS version |
| 2018-12-25T12:31:32.373628275Z | 47 | PC: 15175 | Get disk transfer address |
| 2018-12-25T12:31:32.375368695Z | 26 | PC: 15188 | Set disk transfer address |
| 2018-12-25T12:31:32.376618801Z | 42 | PC: 15198 | Get date 0x15198: cmp cx, 0x7c6 0x1519c: jge 0x151a1 0x1519e: jmp 0x151d9 0x151a0: nop 0x151a1: mov ah, 0x2a 0x151a3: int 0x21 0x151a5: cmp dh, 9 0x151a8: jge 0x151ad 0x151aa: jmp 0x151d9 0x151ac: nop 0x151ad: mov ah, 0x2a 0x151af: int 0x21 0x151b1: cmp dl, 4 0x151b4: jge 0x151b9 0x151b6: jmp 0x151d9 0x151b8: nop 0x151b9: mov al, byte ptr [0x359] 0x151bc: call 0x151cc 0x151bf: cmp byte ptr [0x359], 0x19 0x151c4: je 0x151d9 |
| 2018-12-25T12:31:32.380087474Z | 78 | PC: 1525c | Find first file |
| 2018-12-25T12:31:32.388223655Z | 67 | PC: 1529a | Get or set file attributes |
| 2018-12-25T12:31:32.394736388Z | 67 | PC: 152ac | Get or set file attributes |
| 2018-12-25T12:31:32.420963745Z | 61 | PC: 152b7 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:31:32.429984144Z | 87 | PC: 152c3 | Get or set file date and time |
| 2018-12-25T12:31:32.432225754Z | 44 | PC: 152cf | Get time 0x152cf: and dh, 7 0x152d2: jmp 0x152d5 0x152d4: nop 0x152d5: mov ah, 0x3f 0x152d7: mov cx, 3 0x152da: mov dx, 0x1d 0x152dd: nop 0x152de: add dx, si 0x152e0: int 0x21 0x152e2: jb 0x15339 0x152e4: cmp ax, 3 0x152e7: jne 0x15339 0x152e9: mov ax, 0x4202 0x152ec: mov cx, 0 0x152ef: mov dx, 0 0x152f2: int 0x21 0x152f4: jb 0x15339 0x152f6: mov cx, ax 0x152f8: sub ax, 3 0x152fb: mov word ptr [si + 0x21], ax |
| 2018-12-25T12:31:32.434887794Z | 63 | PC: 152e2 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:31:32.44581856Z | 66 | PC: 152f4 | Move file pointer |
| 2018-12-25T12:31:32.447897766Z | 64 | PC: 15318 | Write file or device (Write 716 bytes on handle 5) |
| 2018-12-25T12:31:32.459157727Z | 66 | PC: 1532a | Move file pointer |
| 2018-12-25T12:31:32.462178876Z | 64 | PC: 15339 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:31:32.472301003Z | 87 | PC: 1534c | Get or set file date and time |
| 2018-12-25T12:31:32.474030819Z | 62 | PC: 15350 | Close file |
| 2018-12-25T12:31:32.485667194Z | 67 | PC: 1535f | Get or set file attributes |
| 2018-12-25T12:31:32.497212913Z | 26 | PC: 1536c | Set disk transfer address |
| 2018-12-25T12:31:32.4989217Z | 76 | PC: 1514d | Terminate with return code (Return code = '0') |