Sample viewer

{"DateBased":true,"Day":1,"Month":1,"Year":1990,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16045,"SideJobID":0}

.

GIF

Syscalls:

{"DateBased":true,"Day":3,"Month":1,"Year":1990,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16045,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:45:08.37905449Z	26	PC: 13c19 | Set disk transfer address
2018-12-25T12:45:08.380463413Z	48	PC: 13c1d | Get DOS version
2018-12-25T12:45:08.381673108Z	25	PC: 13c25 | Get default drive
2018-12-25T12:45:08.383819847Z	44	PC: 13c49 | Get time 0x13c49: xchg ax, cx 0x13c4a: test al, 2 0x13c4c: jne 0x13c7f 0x13c4e: add ax, dx 0x13c50: mov word ptr [0x21], ax 0x13c53: mov ah, 0x2a 0x13c55: int 0x21 0x13c57: cmp cx, 0x7c6 0x13c5b: jb 0x13c83 0x13c5d: mov al, dh 0x13c5f: add dh, dh 0x13c61: add al, dh 0x13c63: cmp al, dl 0x13c65: jne 0x13c83 0x13c67: mov ax, 0xa000 0x13c6a: mov ds, ax 0x13c6c: cwde 0x13c6d: cdq 0x13c6e: xchg ax, bx 0x13c6f: mov ah, 0x19
2018-12-25T12:45:08.386067486Z	42	PC: 13c57 | Get date 0x13c57: cmp cx, 0x7c6 0x13c5b: jb 0x13c83 0x13c5d: mov al, dh 0x13c5f: add dh, dh 0x13c61: add al, dh 0x13c63: cmp al, dl 0x13c65: jne 0x13c83 0x13c67: mov ax, 0xa000 0x13c6a: mov ds, ax 0x13c6c: cwde 0x13c6d: cdq 0x13c6e: xchg ax, bx 0x13c6f: mov ah, 0x19 0x13c71: int 0x21 0x13c73: mov cx, 0xd0 0x13c76: cmp al, 2 0x13c78: jb 0x13c7c 0x13c7a: mov ch, 2 0x13c7c: int 0x26 0x13c7e: pop dx
2018-12-25T12:45:08.388655249Z	25	PC: 13c73 | Get default drive
2018-12-25T12:45:08.408512614Z	26	PC: 13d8b | Set disk transfer address
2018-12-25T12:45:08.409718823Z	9	PC: 13bc2 | Display string (Could not find end pointer)
2018-12-25T12:45:08.416838543Z	76	PC: 13bc8 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16045,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:45:08.467279384Z	26	PC: 13c19 | Set disk transfer address
2018-12-25T12:45:08.469705665Z	48	PC: 13c1d | Get DOS version
2018-12-25T12:45:08.471202137Z	25	PC: 13c25 | Get default drive
2018-12-25T12:45:08.473530247Z	44	PC: 13c49 | Get time 0x13c49: xchg ax, cx 0x13c4a: test al, 2 0x13c4c: jne 0x13c7f 0x13c4e: add ax, dx 0x13c50: mov word ptr [0x21], ax 0x13c53: mov ah, 0x2a 0x13c55: int 0x21 0x13c57: cmp cx, 0x7c6 0x13c5b: jb 0x13c83 0x13c5d: mov al, dh 0x13c5f: add dh, dh 0x13c61: add al, dh 0x13c63: cmp al, dl 0x13c65: jne 0x13c83 0x13c67: mov ax, 0xa000 0x13c6a: mov ds, ax 0x13c6c: cwde 0x13c6d: cdq 0x13c6e: xchg ax, bx 0x13c6f: mov ah, 0x19
2018-12-25T12:45:08.476998033Z	42	PC: 13c57 | Get date 0x13c57: cmp cx, 0x7c6 0x13c5b: jb 0x13c83 0x13c5d: mov al, dh 0x13c5f: add dh, dh 0x13c61: add al, dh 0x13c63: cmp al, dl 0x13c65: jne 0x13c83 0x13c67: mov ax, 0xa000 0x13c6a: mov ds, ax 0x13c6c: cwde 0x13c6d: cdq 0x13c6e: xchg ax, bx 0x13c6f: mov ah, 0x19 0x13c71: int 0x21 0x13c73: mov cx, 0xd0 0x13c76: cmp al, 2 0x13c78: jb 0x13c7c 0x13c7a: mov ch, 2 0x13c7c: int 0x26 0x13c7e: pop dx
2018-12-25T12:45:08.47986733Z	78	PC: 13c91 | Find first file
2018-12-25T12:45:08.486869308Z	61	PC: 13ccd | Open file (Filename = 'TEST.EXE')
2018-12-25T12:45:08.494418929Z	63	PC: 13cda | Read file or device (Read 24 bytes on handle 5)
2018-12-25T12:45:08.497730898Z	66	PC: 13d0f | Move file pointer
2018-12-25T12:45:08.49962794Z	64	PC: 13d31 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:45:08.5036853Z	64	PC: 13be7 | Write file or device (Write 509 bytes on handle 5)
2018-12-25T12:45:08.52142593Z	66	PC: 13d5f | Move file pointer
2018-12-25T12:45:08.524435218Z	64	PC: 13d67 | Write file or device (Write 24 bytes on handle 5)
2018-12-25T12:45:08.528551832Z	87	PC: 13d75 | Get or set file date and time
2018-12-25T12:45:08.531250491Z	62	PC: 13d79 | Close file
2018-12-25T12:45:08.540120883Z	26	PC: 13d8b | Set disk transfer address
2018-12-25T12:45:08.541489604Z	9	PC: 13bc2 | Display string (Could not find end pointer)
2018-12-25T12:45:08.548219771Z	76	PC: 13bc8 | Terminate with return code (Return code = '0')