{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":7,"TimeBased":true,"OriginalID":17110,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:54:51.200801074Z | 48 | PC: 13c68 | Get DOS version |
| 2018-12-25T12:54:51.206515801Z | 47 | PC: 13c74 | Get disk transfer address |
| 2018-12-25T12:54:51.208419864Z | 26 | PC: 13c84 | Set disk transfer address |
| 2018-12-25T12:54:51.21012211Z | 78 | PC: 13d06 | Find first file |
| 2018-12-25T12:54:51.215263173Z | 67 | PC: 13d3f | Get or set file attributes |
| 2018-12-25T12:54:51.219090117Z | 67 | PC: 13d51 | Get or set file attributes |
| 2018-12-25T12:54:51.234063161Z | 61 | PC: 13d5c | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:54:51.241432075Z | 87 | PC: 13d68 | Get or set file date and time |
| 2018-12-25T12:54:51.242515892Z | 44 | PC: 13d72 | Get time 0x13d72: and dh, 7 0x13d75: jne 0x13d87 0x13d77: mov ah, 0x40 0x13d79: mov cx, 5 0x13d7c: mov dx, si 0x13d7e: add dx, 0x8a 0x13d82: int 0x21 0x13d84: jmp 0x13de9 0x13d86: nop 0x13d87: mov ah, 0x3f 0x13d89: mov cx, 3 0x13d8c: mov dx, 0xa 0x13d8f: nop 0x13d90: add dx, si 0x13d92: int 0x21 0x13d94: jb 0x13de9 0x13d96: cmp ax, 3 0x13d99: jne 0x13de9 0x13d9b: mov ax, 0x4202 0x13d9e: mov cx, 0 |
| 2018-12-25T12:54:51.244036931Z | 63 | PC: 13d94 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:54:51.248951794Z | 66 | PC: 13da6 | Move file pointer |
| 2018-12-25T12:54:51.250559515Z | 64 | PC: 13dc9 | Write file or device (Write 618 bytes on handle 5) |
| 2018-12-25T12:54:51.259557986Z | 66 | PC: 13ddb | Move file pointer |
| 2018-12-25T12:54:51.261014716Z | 64 | PC: 13de9 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:54:51.268281533Z | 87 | PC: 13dfc | Get or set file date and time |
| 2018-12-25T12:54:51.269611125Z | 62 | PC: 13e00 | Close file |
| 2018-12-25T12:54:51.277077416Z | 67 | PC: 13e0e | Get or set file attributes |
| 2018-12-25T12:54:51.287161923Z | 26 | PC: 13e18 | Set disk transfer address |
| 2018-12-25T12:54:51.288393246Z | 88 | PC: 12a51 | case 0xGet or set allocation strateg: |
| 2018-12-25T12:54:51.28950109Z | 88 | PC: 12a5a | case 0xGet or set allocation strateg: |
| 2018-12-25T12:54:51.291803412Z | 9 | PC: 13c42 | Display string (String= ' Microsoft (R) DOS Version 5.0 MS-DOS Shell') |
| 2018-12-25T12:54:51.295895627Z | 9 | PC: 13c4b | Display string (String= ' Copyright (c) Microsoft Corp 1991. All rights reserved. ') |
| 2018-12-25T12:54:51.304930261Z | 53 | PC: 13c23 | Get interrupt vector (Interrupt = '21' AKA 'Sequential write') |
| 2018-12-25T12:54:51.307238289Z | 37 | PC: 13c34 | Set interrupt vector (Interrupt = '21' AKA 'Sequential write') |
| 2018-12-25T12:54:51.308389485Z | 53 | PC: 13c08 | Get interrupt vector (Interrupt = '51' AKA 'Get or set Ctrl-Break') |
| 2018-12-25T12:54:51.309513567Z | 37 | PC: 13c19 | Set interrupt vector (Interrupt = '51' AKA 'Get or set Ctrl-Break') |
| 2018-12-25T12:54:51.310949699Z | 53 | PC: 12f0b | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address') |
| 2018-12-25T12:54:51.312161447Z | 37 | PC: 12f1e | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address') |
| 2018-12-25T12:54:51.31351236Z | 74 | PC: 13b56 | Reallocate memory |
| 2018-12-25T12:54:51.315989459Z | 37 | PC: 13b6d | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records') |
| 2018-12-25T12:54:51.317174329Z | 37 | PC: 13b75 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:54:51.318197779Z | 74 | PC: 12a7d | Reallocate memory |
| 2018-12-25T12:54:51.31991929Z | 88 | PC: 12aa4 | case 0xGet or set allocation strateg: |
| 2018-12-25T12:54:51.321244533Z | 88 | PC: 12ab0 | case 0xGet or set allocation strateg: |
| 2018-12-25T12:54:51.322468621Z | 75 | PC: 12b11 | Execute program |
| 2018-12-25T12:54:51.329466997Z | 9 | PC: 12bb4 | Display string (String= ' Unable to load MS-DOS Shell, Retry (y/n)?') |
| 2018-12-25T12:54:51.334699588Z | 12 | PC: 12bc5 | Flush input buffer and input |
{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":17110,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:54:52.977853612Z | 48 | PC: 13c68 | Get DOS version |
| 2018-12-25T12:54:52.979488031Z | 47 | PC: 13c74 | Get disk transfer address |
| 2018-12-25T12:54:52.980430084Z | 26 | PC: 13c84 | Set disk transfer address |
| 2018-12-25T12:54:52.981430732Z | 78 | PC: 13d06 | Find first file |
| 2018-12-25T12:54:52.987571185Z | 67 | PC: 13d3f | Get or set file attributes |
| 2018-12-25T12:54:52.993041819Z | 67 | PC: 13d51 | Get or set file attributes |
| 2018-12-25T12:54:53.010182032Z | 61 | PC: 13d5c | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:54:53.017289811Z | 87 | PC: 13d68 | Get or set file date and time |
| 2018-12-25T12:54:53.018901195Z | 44 | PC: 13d72 | Get time 0x13d72: and dh, 7 0x13d75: jne 0x13d87 0x13d77: mov ah, 0x40 0x13d79: mov cx, 5 0x13d7c: mov dx, si 0x13d7e: add dx, 0x8a 0x13d82: int 0x21 0x13d84: jmp 0x13de9 0x13d86: nop 0x13d87: mov ah, 0x3f 0x13d89: mov cx, 3 0x13d8c: mov dx, 0xa 0x13d8f: nop 0x13d90: add dx, si 0x13d92: int 0x21 0x13d94: jb 0x13de9 0x13d96: cmp ax, 3 0x13d99: jne 0x13de9 0x13d9b: mov ax, 0x4202 0x13d9e: mov cx, 0 |
| 2018-12-25T12:54:53.021335556Z | 63 | PC: 13d94 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:54:53.028139003Z | 66 | PC: 13da6 | Move file pointer |
| 2018-12-25T12:54:53.029422076Z | 64 | PC: 13dc9 | Write file or device (Write 618 bytes on handle 5) |
| 2018-12-25T12:54:53.038062312Z | 66 | PC: 13ddb | Move file pointer |
| 2018-12-25T12:54:53.039785495Z | 64 | PC: 13de9 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:54:53.046447421Z | 87 | PC: 13dfc | Get or set file date and time |
| 2018-12-25T12:54:53.048186297Z | 62 | PC: 13e00 | Close file |
| 2018-12-25T12:54:53.056995321Z | 67 | PC: 13e0e | Get or set file attributes |
| 2018-12-25T12:54:53.066905121Z | 26 | PC: 13e18 | Set disk transfer address |
| 2018-12-25T12:54:53.068088675Z | 88 | PC: 12a51 | case 0xGet or set allocation strateg: |
| 2018-12-25T12:54:53.069150069Z | 88 | PC: 12a5a | case 0xGet or set allocation strateg: |
| 2018-12-25T12:54:53.070675474Z | 9 | PC: 13c42 | Display string (String= ' Microsoft (R) DOS Version 5.0 MS-DOS Shell') |
| 2018-12-25T12:54:53.074713571Z | 9 | PC: 13c4b | Display string (String= ' Copyright (c) Microsoft Corp 1991. All rights reserved. ') |
| 2018-12-25T12:54:53.083988543Z | 53 | PC: 13c23 | Get interrupt vector (Interrupt = '21' AKA 'Sequential write') |
| 2018-12-25T12:54:53.086095057Z | 37 | PC: 13c34 | Set interrupt vector (Interrupt = '21' AKA 'Sequential write') |
| 2018-12-25T12:54:53.087119167Z | 53 | PC: 13c08 | Get interrupt vector (Interrupt = '51' AKA 'Get or set Ctrl-Break') |
| 2018-12-25T12:54:53.088145547Z | 37 | PC: 13c19 | Set interrupt vector (Interrupt = '51' AKA 'Get or set Ctrl-Break') |
| 2018-12-25T12:54:53.089696649Z | 53 | PC: 12f0b | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address') |
| 2018-12-25T12:54:53.091213241Z | 37 | PC: 12f1e | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address') |
| 2018-12-25T12:54:53.092929158Z | 74 | PC: 13b56 | Reallocate memory |
| 2018-12-25T12:54:53.095160701Z | 37 | PC: 13b6d | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records') |
| 2018-12-25T12:54:53.09642105Z | 37 | PC: 13b75 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:54:53.097529666Z | 74 | PC: 12a7d | Reallocate memory |
| 2018-12-25T12:54:53.100105209Z | 88 | PC: 12aa4 | case 0xGet or set allocation strateg: |
| 2018-12-25T12:54:53.10210411Z | 88 | PC: 12ab0 | case 0xGet or set allocation strateg: |
| 2018-12-25T12:54:53.104289742Z | 75 | PC: 12b11 | Execute program |
| 2018-12-25T12:54:53.113099967Z | 9 | PC: 12bb4 | Display string (String= ' Unable to load MS-DOS Shell, Retry (y/n)?') |
| 2018-12-25T12:54:53.116993128Z | 12 | PC: 12bc5 | Flush input buffer and input |