{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13652,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:38:40.63252974Z | 48 | PC: 13de1 | Get DOS version |
| 2018-12-25T12:38:40.633834518Z | 47 | PC: 13ded | Get disk transfer address |
| 2018-12-25T12:38:40.635061784Z | 26 | PC: 13e00 | Set disk transfer address |
| 2018-12-25T12:38:40.636056629Z | 42 | PC: 13e10 | Get date 0x13e10: cmp cx, 0x7c6 0x13e14: jge 0x13e19 0x13e16: jmp 0x13e4c 0x13e18: nop 0x13e19: mov ah, 0x2a 0x13e1b: int 0x21 0x13e1d: cmp dh, 0xa 0x13e20: jge 0x13e25 0x13e22: jmp 0x13e4c 0x13e24: nop 0x13e25: mov ah, 0x2a 0x13e27: int 0x21 0x13e29: cmp dl, 0x1f 0x13e2c: jge 0x13e31 0x13e2e: jmp 0x13e4c 0x13e30: nop 0x13e31: mov al, byte ptr [0x3c8] 0x13e34: call 0x13e44 0x13e37: cmp byte ptr [0x3c8], 0x19 0x13e3c: je 0x13e4c |
| 2018-12-25T12:38:40.638010587Z | 78 | PC: 13ed4 | Find first file |
| 2018-12-25T12:38:40.64344673Z | 67 | PC: 13f1b | Get or set file attributes |
| 2018-12-25T12:38:40.648224503Z | 67 | PC: 13f2d | Get or set file attributes |
| 2018-12-25T12:38:40.664750914Z | 61 | PC: 13f38 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:38:40.67850302Z | 87 | PC: 13f44 | Get or set file date and time |
| 2018-12-25T12:38:40.680191878Z | 44 | PC: 13f50 | Get time 0x13f50: and dh, 7 0x13f53: jmp 0x13f56 0x13f55: nop 0x13f56: mov ah, 0x3f 0x13f58: mov cx, 3 0x13f5b: mov dx, 0x80 0x13f5e: nop 0x13f5f: add dx, si 0x13f61: int 0x21 0x13f63: jb 0x13fbc 0x13f65: cmp ax, 3 0x13f68: jne 0x13fbc 0x13f6a: mov cx, 0x4202 0x13f6d: mov ax, cx 0x13f6f: mov cx, 0 0x13f72: mov dx, 0 0x13f75: int 0x21 0x13f77: jb 0x13fbc 0x13f79: mov cx, ax 0x13f7b: sub ax, 3 |
| 2018-12-25T12:38:40.683316926Z | 63 | PC: 13f63 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:38:40.691493063Z | 66 | PC: 13f77 | Move file pointer |
| 2018-12-25T12:38:40.693709531Z | 64 | PC: 13f9b | Write file or device (Write 827 bytes on handle 5) |
| 2018-12-25T12:38:40.703798524Z | 66 | PC: 13fad | Move file pointer |
| 2018-12-25T12:38:40.706518942Z | 64 | PC: 13fbc | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:38:40.713935723Z | 87 | PC: 13fcf | Get or set file date and time |
| 2018-12-25T12:38:40.715570685Z | 62 | PC: 13fd3 | Close file |
| 2018-12-25T12:38:40.725076759Z | 67 | PC: 13fe2 | Get or set file attributes |
| 2018-12-25T12:38:40.736586415Z | 26 | PC: 13fef | Set disk transfer address |
| 2018-12-25T12:38:40.738032362Z | 76 | PC: 12a45 | Terminate with return code (Return code = '0') |
{"DateBased":true,"Day":1,"Month":1,"Year":1990,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13652,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:38:40.609461062Z | 48 | PC: 13de1 | Get DOS version |
| 2018-12-25T12:38:40.610914641Z | 47 | PC: 13ded | Get disk transfer address |
| 2018-12-25T12:38:40.612052668Z | 26 | PC: 13e00 | Set disk transfer address |
| 2018-12-25T12:38:40.613344719Z | 42 | PC: 13e10 | Get date 0x13e10: cmp cx, 0x7c6 0x13e14: jge 0x13e19 0x13e16: jmp 0x13e4c 0x13e18: nop 0x13e19: mov ah, 0x2a 0x13e1b: int 0x21 0x13e1d: cmp dh, 0xa 0x13e20: jge 0x13e25 0x13e22: jmp 0x13e4c 0x13e24: nop 0x13e25: mov ah, 0x2a 0x13e27: int 0x21 0x13e29: cmp dl, 0x1f 0x13e2c: jge 0x13e31 0x13e2e: jmp 0x13e4c 0x13e30: nop 0x13e31: mov al, byte ptr [0x3c8] 0x13e34: call 0x13e44 0x13e37: cmp byte ptr [0x3c8], 0x19 0x13e3c: je 0x13e4c |
| 2018-12-25T12:38:40.630398348Z | 42 | PC: 13e1d | Get date 0x13e1d: cmp dh, 0xa 0x13e20: jge 0x13e25 0x13e22: jmp 0x13e4c 0x13e24: nop 0x13e25: mov ah, 0x2a 0x13e27: int 0x21 0x13e29: cmp dl, 0x1f 0x13e2c: jge 0x13e31 0x13e2e: jmp 0x13e4c 0x13e30: nop 0x13e31: mov al, byte ptr [0x3c8] 0x13e34: call 0x13e44 0x13e37: cmp byte ptr [0x3c8], 0x19 0x13e3c: je 0x13e4c 0x13e3e: inc byte ptr [0x3c8] 0x13e42: loop 0x13e31 0x13e44: mov dx, 0x34d 0x13e47: mov ah, 9 0x13e49: int 0x21 0x13e4b: ret |
| 2018-12-25T12:38:40.633001498Z | 78 | PC: 13ed4 | Find first file |
| 2018-12-25T12:38:40.639688718Z | 67 | PC: 13f1b | Get or set file attributes |
| 2018-12-25T12:38:40.645893748Z | 67 | PC: 13f2d | Get or set file attributes |
| 2018-12-25T12:38:41.244477871Z | 61 | PC: 13f38 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:38:41.251602793Z | 87 | PC: 13f44 | Get or set file date and time |
| 2018-12-25T12:38:41.254564219Z | 44 | PC: 13f50 | Get time 0x13f50: and dh, 7 0x13f53: jmp 0x13f56 0x13f55: nop 0x13f56: mov ah, 0x3f 0x13f58: mov cx, 3 0x13f5b: mov dx, 0x80 0x13f5e: nop 0x13f5f: add dx, si 0x13f61: int 0x21 0x13f63: jb 0x13fbc 0x13f65: cmp ax, 3 0x13f68: jne 0x13fbc 0x13f6a: mov cx, 0x4202 0x13f6d: mov ax, cx 0x13f6f: mov cx, 0 0x13f72: mov dx, 0 0x13f75: int 0x21 0x13f77: jb 0x13fbc 0x13f79: mov cx, ax 0x13f7b: sub ax, 3 |
| 2018-12-25T12:38:41.258753041Z | 63 | PC: 13f63 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:38:41.26560869Z | 66 | PC: 13f77 | Move file pointer |
| 2018-12-25T12:38:41.269093166Z | 64 | PC: 13f9b | Write file or device (Write 827 bytes on handle 5) |
| 2018-12-25T12:38:41.281948909Z | 66 | PC: 13fad | Move file pointer |
| 2018-12-25T12:38:41.283258023Z | 64 | PC: 13fbc | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:38:41.289868708Z | 87 | PC: 13fcf | Get or set file date and time |
| 2018-12-25T12:38:41.291769257Z | 62 | PC: 13fd3 | Close file |
| 2018-12-25T12:38:41.301621592Z | 67 | PC: 13fe2 | Get or set file attributes |
| 2018-12-25T12:38:41.312187282Z | 26 | PC: 13fef | Set disk transfer address |
| 2018-12-25T12:38:41.315678782Z | 76 | PC: 12a45 | Terminate with return code (Return code = '0') |
{"DateBased":true,"Day":1,"Month":10,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13652,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:38:40.644658164Z | 48 | PC: 13de1 | Get DOS version |
| 2018-12-25T12:38:40.648109387Z | 47 | PC: 13ded | Get disk transfer address |
| 2018-12-25T12:38:40.648881563Z | 26 | PC: 13e00 | Set disk transfer address |
| 2018-12-25T12:38:40.649630293Z | 42 | PC: 13e10 | Get date 0x13e10: cmp cx, 0x7c6 0x13e14: jge 0x13e19 0x13e16: jmp 0x13e4c 0x13e18: nop 0x13e19: mov ah, 0x2a 0x13e1b: int 0x21 0x13e1d: cmp dh, 0xa 0x13e20: jge 0x13e25 0x13e22: jmp 0x13e4c 0x13e24: nop 0x13e25: mov ah, 0x2a 0x13e27: int 0x21 0x13e29: cmp dl, 0x1f 0x13e2c: jge 0x13e31 0x13e2e: jmp 0x13e4c 0x13e30: nop 0x13e31: mov al, byte ptr [0x3c8] 0x13e34: call 0x13e44 0x13e37: cmp byte ptr [0x3c8], 0x19 0x13e3c: je 0x13e4c |
| 2018-12-25T12:38:40.651653866Z | 78 | PC: 13ed4 | Find first file |
| 2018-12-25T12:38:40.655614668Z | 67 | PC: 13f1b | Get or set file attributes |
| 2018-12-25T12:38:40.659307865Z | 67 | PC: 13f2d | Get or set file attributes |
| 2018-12-25T12:38:41.240135114Z | 61 | PC: 13f38 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:38:41.24749382Z | 87 | PC: 13f44 | Get or set file date and time |
| 2018-12-25T12:38:41.249152482Z | 44 | PC: 13f50 | Get time 0x13f50: and dh, 7 0x13f53: jmp 0x13f56 0x13f55: nop 0x13f56: mov ah, 0x3f 0x13f58: mov cx, 3 0x13f5b: mov dx, 0x80 0x13f5e: nop 0x13f5f: add dx, si 0x13f61: int 0x21 0x13f63: jb 0x13fbc 0x13f65: cmp ax, 3 0x13f68: jne 0x13fbc 0x13f6a: mov cx, 0x4202 0x13f6d: mov ax, cx 0x13f6f: mov cx, 0 0x13f72: mov dx, 0 0x13f75: int 0x21 0x13f77: jb 0x13fbc 0x13f79: mov cx, ax 0x13f7b: sub ax, 3 |
| 2018-12-25T12:38:41.252569889Z | 63 | PC: 13f63 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:38:41.259299763Z | 66 | PC: 13f77 | Move file pointer |
| 2018-12-25T12:38:41.260630588Z | 64 | PC: 13f9b | Write file or device (Write 827 bytes on handle 5) |
| 2018-12-25T12:38:41.270073715Z | 66 | PC: 13fad | Move file pointer |
| 2018-12-25T12:38:41.284086692Z | 64 | PC: 13fbc | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:38:41.305724148Z | 87 | PC: 13fcf | Get or set file date and time |
| 2018-12-25T12:38:41.307490691Z | 62 | PC: 13fd3 | Close file |
| 2018-12-25T12:38:41.315463674Z | 67 | PC: 13fe2 | Get or set file attributes |
| 2018-12-25T12:38:41.32538131Z | 26 | PC: 13fef | Set disk transfer address |
| 2018-12-25T12:38:41.326822237Z | 76 | PC: 12a45 | Terminate with return code (Return code = '0') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13652,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:38:40.709394543Z | 48 | PC: 13de1 | Get DOS version |
| 2018-12-25T12:38:40.711047947Z | 47 | PC: 13ded | Get disk transfer address |
| 2018-12-25T12:38:40.712059386Z | 26 | PC: 13e00 | Set disk transfer address |
| 2018-12-25T12:38:40.712928377Z | 42 | PC: 13e10 | Get date 0x13e10: cmp cx, 0x7c6 0x13e14: jge 0x13e19 0x13e16: jmp 0x13e4c 0x13e18: nop 0x13e19: mov ah, 0x2a 0x13e1b: int 0x21 0x13e1d: cmp dh, 0xa 0x13e20: jge 0x13e25 0x13e22: jmp 0x13e4c 0x13e24: nop 0x13e25: mov ah, 0x2a 0x13e27: int 0x21 0x13e29: cmp dl, 0x1f 0x13e2c: jge 0x13e31 0x13e2e: jmp 0x13e4c 0x13e30: nop 0x13e31: mov al, byte ptr [0x3c8] 0x13e34: call 0x13e44 0x13e37: cmp byte ptr [0x3c8], 0x19 0x13e3c: je 0x13e4c |
| 2018-12-25T12:38:40.7144942Z | 78 | PC: 13ed4 | Find first file |
| 2018-12-25T12:38:40.718665114Z | 67 | PC: 13f1b | Get or set file attributes |
| 2018-12-25T12:38:40.72231138Z | 67 | PC: 13f2d | Get or set file attributes |
| 2018-12-25T12:38:40.736168138Z | 61 | PC: 13f38 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:38:40.743585588Z | 87 | PC: 13f44 | Get or set file date and time |
| 2018-12-25T12:38:40.744965797Z | 44 | PC: 13f50 | Get time 0x13f50: and dh, 7 0x13f53: jmp 0x13f56 0x13f55: nop 0x13f56: mov ah, 0x3f 0x13f58: mov cx, 3 0x13f5b: mov dx, 0x80 0x13f5e: nop 0x13f5f: add dx, si 0x13f61: int 0x21 0x13f63: jb 0x13fbc 0x13f65: cmp ax, 3 0x13f68: jne 0x13fbc 0x13f6a: mov cx, 0x4202 0x13f6d: mov ax, cx 0x13f6f: mov cx, 0 0x13f72: mov dx, 0 0x13f75: int 0x21 0x13f77: jb 0x13fbc 0x13f79: mov cx, ax 0x13f7b: sub ax, 3 |
| 2018-12-25T12:38:40.747188684Z | 63 | PC: 13f63 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:38:40.758279728Z | 66 | PC: 13f77 | Move file pointer |
| 2018-12-25T12:38:40.760226287Z | 64 | PC: 13f9b | Write file or device (Write 827 bytes on handle 5) |
| 2018-12-25T12:38:40.769145479Z | 66 | PC: 13fad | Move file pointer |
| 2018-12-25T12:38:40.771477373Z | 64 | PC: 13fbc | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:38:40.776252425Z | 87 | PC: 13fcf | Get or set file date and time |
| 2018-12-25T12:38:40.777837826Z | 62 | PC: 13fd3 | Close file |
| 2018-12-25T12:38:40.787322118Z | 67 | PC: 13fe2 | Get or set file attributes |
| 2018-12-25T12:38:40.798240969Z | 26 | PC: 13fef | Set disk transfer address |
| 2018-12-25T12:38:40.799419646Z | 76 | PC: 12a45 | Terminate with return code (Return code = '0') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13652,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:38:40.950154274Z | 48 | PC: 13de1 | Get DOS version |
| 2018-12-25T12:38:40.951422747Z | 47 | PC: 13ded | Get disk transfer address |
| 2018-12-25T12:38:40.95219277Z | 26 | PC: 13e00 | Set disk transfer address |
| 2018-12-25T12:38:40.952959854Z | 42 | PC: 13e10 | Get date 0x13e10: cmp cx, 0x7c6 0x13e14: jge 0x13e19 0x13e16: jmp 0x13e4c 0x13e18: nop 0x13e19: mov ah, 0x2a 0x13e1b: int 0x21 0x13e1d: cmp dh, 0xa 0x13e20: jge 0x13e25 0x13e22: jmp 0x13e4c 0x13e24: nop 0x13e25: mov ah, 0x2a 0x13e27: int 0x21 0x13e29: cmp dl, 0x1f 0x13e2c: jge 0x13e31 0x13e2e: jmp 0x13e4c 0x13e30: nop 0x13e31: mov al, byte ptr [0x3c8] 0x13e34: call 0x13e44 0x13e37: cmp byte ptr [0x3c8], 0x19 0x13e3c: je 0x13e4c |
| 2018-12-25T12:38:40.954782114Z | 78 | PC: 13ed4 | Find first file |
| 2018-12-25T12:38:40.958431363Z | 67 | PC: 13f1b | Get or set file attributes |
| 2018-12-25T12:38:40.961702592Z | 67 | PC: 13f2d | Get or set file attributes |
| 2018-12-25T12:38:41.241059063Z | 61 | PC: 13f38 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:38:41.248436771Z | 87 | PC: 13f44 | Get or set file date and time |
| 2018-12-25T12:38:41.250104211Z | 44 | PC: 13f50 | Get time 0x13f50: and dh, 7 0x13f53: jmp 0x13f56 0x13f55: nop 0x13f56: mov ah, 0x3f 0x13f58: mov cx, 3 0x13f5b: mov dx, 0x80 0x13f5e: nop 0x13f5f: add dx, si 0x13f61: int 0x21 0x13f63: jb 0x13fbc 0x13f65: cmp ax, 3 0x13f68: jne 0x13fbc 0x13f6a: mov cx, 0x4202 0x13f6d: mov ax, cx 0x13f6f: mov cx, 0 0x13f72: mov dx, 0 0x13f75: int 0x21 0x13f77: jb 0x13fbc 0x13f79: mov cx, ax 0x13f7b: sub ax, 3 |
| 2018-12-25T12:38:41.252781661Z | 63 | PC: 13f63 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:38:41.259956454Z | 66 | PC: 13f77 | Move file pointer |
| 2018-12-25T12:38:41.261568482Z | 64 | PC: 13f9b | Write file or device (Write 827 bytes on handle 5) |
| 2018-12-25T12:38:41.270058839Z | 66 | PC: 13fad | Move file pointer |
| 2018-12-25T12:38:41.272213812Z | 64 | PC: 13fbc | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:38:41.278880402Z | 87 | PC: 13fcf | Get or set file date and time |
| 2018-12-25T12:38:41.280604944Z | 62 | PC: 13fd3 | Close file |
| 2018-12-25T12:38:41.289821101Z | 67 | PC: 13fe2 | Get or set file attributes |
| 2018-12-25T12:38:41.299830547Z | 26 | PC: 13fef | Set disk transfer address |
| 2018-12-25T12:38:41.300875329Z | 76 | PC: 12a45 | Terminate with return code (Return code = '0') |
{"DateBased":true,"Day":31,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13652,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:38:41.010180893Z | 48 | PC: 13de1 | Get DOS version |
| 2018-12-25T12:38:41.012298342Z | 47 | PC: 13ded | Get disk transfer address |
| 2018-12-25T12:38:41.013266876Z | 26 | PC: 13e00 | Set disk transfer address |
| 2018-12-25T12:38:41.014157527Z | 42 | PC: 13e10 | Get date 0x13e10: cmp cx, 0x7c6 0x13e14: jge 0x13e19 0x13e16: jmp 0x13e4c 0x13e18: nop 0x13e19: mov ah, 0x2a 0x13e1b: int 0x21 0x13e1d: cmp dh, 0xa 0x13e20: jge 0x13e25 0x13e22: jmp 0x13e4c 0x13e24: nop 0x13e25: mov ah, 0x2a 0x13e27: int 0x21 0x13e29: cmp dl, 0x1f 0x13e2c: jge 0x13e31 0x13e2e: jmp 0x13e4c 0x13e30: nop 0x13e31: mov al, byte ptr [0x3c8] 0x13e34: call 0x13e44 0x13e37: cmp byte ptr [0x3c8], 0x19 0x13e3c: je 0x13e4c |
| 2018-12-25T12:38:41.016666422Z | 78 | PC: 13ed4 | Find first file |
| 2018-12-25T12:38:41.023228439Z | 67 | PC: 13f1b | Get or set file attributes |
| 2018-12-25T12:38:41.028795944Z | 67 | PC: 13f2d | Get or set file attributes |
| 2018-12-25T12:38:41.240916066Z | 61 | PC: 13f38 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:38:41.248229538Z | 87 | PC: 13f44 | Get or set file date and time |
| 2018-12-25T12:38:41.250036548Z | 44 | PC: 13f50 | Get time 0x13f50: and dh, 7 0x13f53: jmp 0x13f56 0x13f55: nop 0x13f56: mov ah, 0x3f 0x13f58: mov cx, 3 0x13f5b: mov dx, 0x80 0x13f5e: nop 0x13f5f: add dx, si 0x13f61: int 0x21 0x13f63: jb 0x13fbc 0x13f65: cmp ax, 3 0x13f68: jne 0x13fbc 0x13f6a: mov cx, 0x4202 0x13f6d: mov ax, cx 0x13f6f: mov cx, 0 0x13f72: mov dx, 0 0x13f75: int 0x21 0x13f77: jb 0x13fbc 0x13f79: mov cx, ax 0x13f7b: sub ax, 3 |
| 2018-12-25T12:38:41.252543815Z | 63 | PC: 13f63 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:38:41.263062736Z | 66 | PC: 13f77 | Move file pointer |
| 2018-12-25T12:38:41.264506999Z | 64 | PC: 13f9b | Write file or device (Write 827 bytes on handle 5) |
| 2018-12-25T12:38:41.27499143Z | 66 | PC: 13fad | Move file pointer |
| 2018-12-25T12:38:41.277285718Z | 64 | PC: 13fbc | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:38:41.284071022Z | 87 | PC: 13fcf | Get or set file date and time |
| 2018-12-25T12:38:41.285997898Z | 62 | PC: 13fd3 | Close file |
| 2018-12-25T12:38:41.295474907Z | 67 | PC: 13fe2 | Get or set file attributes |
| 2018-12-25T12:38:41.305477152Z | 26 | PC: 13fef | Set disk transfer address |
| 2018-12-25T12:38:41.306921759Z | 76 | PC: 12a45 | Terminate with return code (Return code = '0') |