{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3114,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:48:13.447770401Z | 48 | PC: 15169 | Get DOS version |
| 2018-12-25T11:48:13.457504673Z | 47 | PC: 15175 | Get disk transfer address |
| 2018-12-25T11:48:13.458566057Z | 26 | PC: 15188 | Set disk transfer address |
| 2018-12-25T11:48:13.459455353Z | 42 | PC: 15198 | Get date 0x15198: cmp cx, 0x7c6 0x1519c: jge 0x151a1 0x1519e: jmp 0x151d9 0x151a0: nop 0x151a1: mov ah, 0x2a 0x151a3: int 0x21 0x151a5: cmp dh, 0xa 0x151a8: jge 0x151ad 0x151aa: jmp 0x151d9 0x151ac: nop 0x151ad: mov ah, 0x2a 0x151af: int 0x21 0x151b1: cmp dl, 0x1f 0x151b4: jge 0x151b9 0x151b6: jmp 0x151d9 0x151b8: nop 0x151b9: mov al, byte ptr [0x359] 0x151bc: call 0x151cc 0x151bf: cmp byte ptr [0x359], 0x19 0x151c4: je 0x151d9 |
| 2018-12-25T11:48:13.462037414Z | 78 | PC: 1525c | Find first file |
| 2018-12-25T11:48:13.467897047Z | 67 | PC: 1529a | Get or set file attributes |
| 2018-12-25T11:48:13.473336752Z | 67 | PC: 152ac | Get or set file attributes |
| 2018-12-25T11:48:13.70258564Z | 61 | PC: 152b7 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:48:13.7075337Z | 87 | PC: 152c3 | Get or set file date and time |
| 2018-12-25T11:48:13.708728402Z | 44 | PC: 152cf | Get time 0x152cf: and dh, 7 0x152d2: jmp 0x152d5 0x152d4: nop 0x152d5: mov ah, 0x3f 0x152d7: mov cx, 3 0x152da: mov dx, 0x1d 0x152dd: nop 0x152de: add dx, si 0x152e0: int 0x21 0x152e2: jb 0x15339 0x152e4: cmp ax, 3 0x152e7: jne 0x15339 0x152e9: mov ax, 0x4202 0x152ec: mov cx, 0 0x152ef: mov dx, 0 0x152f2: int 0x21 0x152f4: jb 0x15339 0x152f6: mov cx, ax 0x152f8: sub ax, 3 0x152fb: mov word ptr [si + 0x21], ax |
| 2018-12-25T11:48:13.710492042Z | 63 | PC: 152e2 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T11:48:13.715373057Z | 66 | PC: 152f4 | Move file pointer |
| 2018-12-25T11:48:13.716585189Z | 64 | PC: 15318 | Write file or device (Write 716 bytes on handle 5) |
| 2018-12-25T11:48:13.722627008Z | 66 | PC: 1532a | Move file pointer |
| 2018-12-25T11:48:13.724237976Z | 64 | PC: 15339 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T11:48:13.7285306Z | 87 | PC: 1534c | Get or set file date and time |
| 2018-12-25T11:48:13.72966751Z | 62 | PC: 15350 | Close file |
| 2018-12-25T11:48:13.735243911Z | 67 | PC: 1535f | Get or set file attributes |
| 2018-12-25T11:48:13.741759468Z | 26 | PC: 1536c | Set disk transfer address |
| 2018-12-25T11:48:13.742977239Z | 76 | PC: 1514d | Terminate with return code (Return code = '0') |
{"DateBased":true,"Day":1,"Month":1,"Year":1990,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3114,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:48:13.609641917Z | 48 | PC: 15169 | Get DOS version |
| 2018-12-25T11:48:13.611448302Z | 47 | PC: 15175 | Get disk transfer address |
| 2018-12-25T11:48:13.613492441Z | 26 | PC: 15188 | Set disk transfer address |
| 2018-12-25T11:48:13.615508993Z | 42 | PC: 15198 | Get date 0x15198: cmp cx, 0x7c6 0x1519c: jge 0x151a1 0x1519e: jmp 0x151d9 0x151a0: nop 0x151a1: mov ah, 0x2a 0x151a3: int 0x21 0x151a5: cmp dh, 0xa 0x151a8: jge 0x151ad 0x151aa: jmp 0x151d9 0x151ac: nop 0x151ad: mov ah, 0x2a 0x151af: int 0x21 0x151b1: cmp dl, 0x1f 0x151b4: jge 0x151b9 0x151b6: jmp 0x151d9 0x151b8: nop 0x151b9: mov al, byte ptr [0x359] 0x151bc: call 0x151cc 0x151bf: cmp byte ptr [0x359], 0x19 0x151c4: je 0x151d9 |
| 2018-12-25T11:48:13.618555723Z | 42 | PC: 151a5 | Get date 0x151a5: cmp dh, 0xa 0x151a8: jge 0x151ad 0x151aa: jmp 0x151d9 0x151ac: nop 0x151ad: mov ah, 0x2a 0x151af: int 0x21 0x151b1: cmp dl, 0x1f 0x151b4: jge 0x151b9 0x151b6: jmp 0x151d9 0x151b8: nop 0x151b9: mov al, byte ptr [0x359] 0x151bc: call 0x151cc 0x151bf: cmp byte ptr [0x359], 0x19 0x151c4: je 0x151d9 0x151c6: inc byte ptr [0x359] 0x151ca: loop 0x151b9 0x151cc: mov ah, 5 0x151ce: mov ch, 0 0x151d0: mov dh, 0 0x151d2: mov dl, byte ptr [0x359] |
| 2018-12-25T11:48:13.621536621Z | 78 | PC: 1525c | Find first file |
| 2018-12-25T11:48:13.628724856Z | 67 | PC: 1529a | Get or set file attributes |
| 2018-12-25T11:48:13.634995035Z | 67 | PC: 152ac | Get or set file attributes |
| 2018-12-25T11:48:13.652711678Z | 61 | PC: 152b7 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:48:13.660127326Z | 87 | PC: 152c3 | Get or set file date and time |
| 2018-12-25T11:48:13.661806644Z | 44 | PC: 152cf | Get time 0x152cf: and dh, 7 0x152d2: jmp 0x152d5 0x152d4: nop 0x152d5: mov ah, 0x3f 0x152d7: mov cx, 3 0x152da: mov dx, 0x1d 0x152dd: nop 0x152de: add dx, si 0x152e0: int 0x21 0x152e2: jb 0x15339 0x152e4: cmp ax, 3 0x152e7: jne 0x15339 0x152e9: mov ax, 0x4202 0x152ec: mov cx, 0 0x152ef: mov dx, 0 0x152f2: int 0x21 0x152f4: jb 0x15339 0x152f6: mov cx, ax 0x152f8: sub ax, 3 0x152fb: mov word ptr [si + 0x21], ax |
| 2018-12-25T11:48:13.668617331Z | 63 | PC: 152e2 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T11:48:13.676277454Z | 66 | PC: 152f4 | Move file pointer |
| 2018-12-25T11:48:13.67791406Z | 64 | PC: 15318 | Write file or device (Write 716 bytes on handle 5) |
| 2018-12-25T11:48:13.688459423Z | 66 | PC: 1532a | Move file pointer |
| 2018-12-25T11:48:13.690315936Z | 64 | PC: 15339 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T11:48:13.698193891Z | 87 | PC: 1534c | Get or set file date and time |
| 2018-12-25T11:48:13.700630335Z | 62 | PC: 15350 | Close file |
| 2018-12-25T11:48:13.710334235Z | 67 | PC: 1535f | Get or set file attributes |
| 2018-12-25T11:48:13.723318082Z | 26 | PC: 1536c | Set disk transfer address |
| 2018-12-25T11:48:13.724911022Z | 76 | PC: 1514d | Terminate with return code (Return code = '0') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3114,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:48:13.815926115Z | 48 | PC: 15169 | Get DOS version |
| 2018-12-25T11:48:13.817351344Z | 47 | PC: 15175 | Get disk transfer address |
| 2018-12-25T11:48:13.818329539Z | 26 | PC: 15188 | Set disk transfer address |
| 2018-12-25T11:48:13.819328601Z | 42 | PC: 15198 | Get date 0x15198: cmp cx, 0x7c6 0x1519c: jge 0x151a1 0x1519e: jmp 0x151d9 0x151a0: nop 0x151a1: mov ah, 0x2a 0x151a3: int 0x21 0x151a5: cmp dh, 0xa 0x151a8: jge 0x151ad 0x151aa: jmp 0x151d9 0x151ac: nop 0x151ad: mov ah, 0x2a 0x151af: int 0x21 0x151b1: cmp dl, 0x1f 0x151b4: jge 0x151b9 0x151b6: jmp 0x151d9 0x151b8: nop 0x151b9: mov al, byte ptr [0x359] 0x151bc: call 0x151cc 0x151bf: cmp byte ptr [0x359], 0x19 0x151c4: je 0x151d9 |
| 2018-12-25T11:48:13.822061545Z | 78 | PC: 1525c | Find first file |
| 2018-12-25T11:48:13.827884979Z | 67 | PC: 1529a | Get or set file attributes |
| 2018-12-25T11:48:13.833286179Z | 67 | PC: 152ac | Get or set file attributes |
| 2018-12-25T11:48:13.858544477Z | 61 | PC: 152b7 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:48:13.865058303Z | 87 | PC: 152c3 | Get or set file date and time |
| 2018-12-25T11:48:13.866479597Z | 44 | PC: 152cf | Get time 0x152cf: and dh, 7 0x152d2: jmp 0x152d5 0x152d4: nop 0x152d5: mov ah, 0x3f 0x152d7: mov cx, 3 0x152da: mov dx, 0x1d 0x152dd: nop 0x152de: add dx, si 0x152e0: int 0x21 0x152e2: jb 0x15339 0x152e4: cmp ax, 3 0x152e7: jne 0x15339 0x152e9: mov ax, 0x4202 0x152ec: mov cx, 0 0x152ef: mov dx, 0 0x152f2: int 0x21 0x152f4: jb 0x15339 0x152f6: mov cx, ax 0x152f8: sub ax, 3 0x152fb: mov word ptr [si + 0x21], ax |
| 2018-12-25T11:48:13.868991265Z | 63 | PC: 152e2 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T11:48:13.875275342Z | 66 | PC: 152f4 | Move file pointer |
| 2018-12-25T11:48:13.876617448Z | 64 | PC: 15318 | Write file or device (Write 716 bytes on handle 5) |
| 2018-12-25T11:48:13.885416324Z | 66 | PC: 1532a | Move file pointer |
| 2018-12-25T11:48:13.887729251Z | 64 | PC: 15339 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T11:48:13.897405974Z | 87 | PC: 1534c | Get or set file date and time |
| 2018-12-25T11:48:13.899337961Z | 62 | PC: 15350 | Close file |
| 2018-12-25T11:48:13.907934969Z | 67 | PC: 1535f | Get or set file attributes |
| 2018-12-25T11:48:13.918485233Z | 26 | PC: 1536c | Set disk transfer address |
| 2018-12-25T11:48:13.919684998Z | 76 | PC: 1514d | Terminate with return code (Return code = '0') |
{"DateBased":true,"Day":1,"Month":10,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3114,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:48:13.900751084Z | 48 | PC: 15169 | Get DOS version |
| 2018-12-25T11:48:13.90246307Z | 47 | PC: 15175 | Get disk transfer address |
| 2018-12-25T11:48:13.90475424Z | 26 | PC: 15188 | Set disk transfer address |
| 2018-12-25T11:48:13.905926704Z | 42 | PC: 15198 | Get date 0x15198: cmp cx, 0x7c6 0x1519c: jge 0x151a1 0x1519e: jmp 0x151d9 0x151a0: nop 0x151a1: mov ah, 0x2a 0x151a3: int 0x21 0x151a5: cmp dh, 0xa 0x151a8: jge 0x151ad 0x151aa: jmp 0x151d9 0x151ac: nop 0x151ad: mov ah, 0x2a 0x151af: int 0x21 0x151b1: cmp dl, 0x1f 0x151b4: jge 0x151b9 0x151b6: jmp 0x151d9 0x151b8: nop 0x151b9: mov al, byte ptr [0x359] 0x151bc: call 0x151cc 0x151bf: cmp byte ptr [0x359], 0x19 0x151c4: je 0x151d9 |
| 2018-12-25T11:48:13.908438222Z | 78 | PC: 1525c | Find first file |
| 2018-12-25T11:48:13.916045171Z | 67 | PC: 1529a | Get or set file attributes |
| 2018-12-25T11:48:13.922173765Z | 67 | PC: 152ac | Get or set file attributes |
| 2018-12-25T11:48:13.942187377Z | 61 | PC: 152b7 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:48:13.950647054Z | 87 | PC: 152c3 | Get or set file date and time |
| 2018-12-25T11:48:13.95233387Z | 44 | PC: 152cf | Get time 0x152cf: and dh, 7 0x152d2: jmp 0x152d5 0x152d4: nop 0x152d5: mov ah, 0x3f 0x152d7: mov cx, 3 0x152da: mov dx, 0x1d 0x152dd: nop 0x152de: add dx, si 0x152e0: int 0x21 0x152e2: jb 0x15339 0x152e4: cmp ax, 3 0x152e7: jne 0x15339 0x152e9: mov ax, 0x4202 0x152ec: mov cx, 0 0x152ef: mov dx, 0 0x152f2: int 0x21 0x152f4: jb 0x15339 0x152f6: mov cx, ax 0x152f8: sub ax, 3 0x152fb: mov word ptr [si + 0x21], ax |
| 2018-12-25T11:48:13.954843299Z | 63 | PC: 152e2 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T11:48:13.963725357Z | 66 | PC: 152f4 | Move file pointer |
| 2018-12-25T11:48:13.965590487Z | 64 | PC: 15318 | Write file or device (Write 716 bytes on handle 5) |
| 2018-12-25T11:48:13.975417421Z | 66 | PC: 1532a | Move file pointer |
| 2018-12-25T11:48:13.978334166Z | 64 | PC: 15339 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T11:48:13.98603697Z | 87 | PC: 1534c | Get or set file date and time |
| 2018-12-25T11:48:13.987758161Z | 62 | PC: 15350 | Close file |
| 2018-12-25T11:48:13.997151959Z | 67 | PC: 1535f | Get or set file attributes |
| 2018-12-25T11:48:14.008949056Z | 26 | PC: 1536c | Set disk transfer address |
| 2018-12-25T11:48:14.010706685Z | 76 | PC: 1514d | Terminate with return code (Return code = '0') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3114,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:48:14.007640308Z | 48 | PC: 15169 | Get DOS version |
| 2018-12-25T11:48:14.010010321Z | 47 | PC: 15175 | Get disk transfer address |
| 2018-12-25T11:48:14.011318895Z | 26 | PC: 15188 | Set disk transfer address |
| 2018-12-25T11:48:14.012633365Z | 42 | PC: 15198 | Get date 0x15198: cmp cx, 0x7c6 0x1519c: jge 0x151a1 0x1519e: jmp 0x151d9 0x151a0: nop 0x151a1: mov ah, 0x2a 0x151a3: int 0x21 0x151a5: cmp dh, 0xa 0x151a8: jge 0x151ad 0x151aa: jmp 0x151d9 0x151ac: nop 0x151ad: mov ah, 0x2a 0x151af: int 0x21 0x151b1: cmp dl, 0x1f 0x151b4: jge 0x151b9 0x151b6: jmp 0x151d9 0x151b8: nop 0x151b9: mov al, byte ptr [0x359] 0x151bc: call 0x151cc 0x151bf: cmp byte ptr [0x359], 0x19 0x151c4: je 0x151d9 |
| 2018-12-25T11:48:14.015525658Z | 78 | PC: 1525c | Find first file |
| 2018-12-25T11:48:14.022337583Z | 67 | PC: 1529a | Get or set file attributes |
| 2018-12-25T11:48:14.028130667Z | 67 | PC: 152ac | Get or set file attributes |
| 2018-12-25T11:48:14.044972021Z | 61 | PC: 152b7 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:48:14.056643038Z | 87 | PC: 152c3 | Get or set file date and time |
| 2018-12-25T11:48:14.057942561Z | 44 | PC: 152cf | Get time 0x152cf: and dh, 7 0x152d2: jmp 0x152d5 0x152d4: nop 0x152d5: mov ah, 0x3f 0x152d7: mov cx, 3 0x152da: mov dx, 0x1d 0x152dd: nop 0x152de: add dx, si 0x152e0: int 0x21 0x152e2: jb 0x15339 0x152e4: cmp ax, 3 0x152e7: jne 0x15339 0x152e9: mov ax, 0x4202 0x152ec: mov cx, 0 0x152ef: mov dx, 0 0x152f2: int 0x21 0x152f4: jb 0x15339 0x152f6: mov cx, ax 0x152f8: sub ax, 3 0x152fb: mov word ptr [si + 0x21], ax |
| 2018-12-25T11:48:14.060072999Z | 63 | PC: 152e2 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T11:48:14.066546244Z | 66 | PC: 152f4 | Move file pointer |
| 2018-12-25T11:48:14.067897123Z | 64 | PC: 15318 | Write file or device (Write 716 bytes on handle 5) |
| 2018-12-25T11:48:14.076220381Z | 66 | PC: 1532a | Move file pointer |
| 2018-12-25T11:48:14.078293172Z | 64 | PC: 15339 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T11:48:14.084540007Z | 87 | PC: 1534c | Get or set file date and time |
| 2018-12-25T11:48:14.085858465Z | 62 | PC: 15350 | Close file |
| 2018-12-25T11:48:14.093682836Z | 67 | PC: 1535f | Get or set file attributes |
| 2018-12-25T11:48:14.107013882Z | 26 | PC: 1536c | Set disk transfer address |
| 2018-12-25T11:48:14.108365604Z | 76 | PC: 1514d | Terminate with return code (Return code = '0') |
{"DateBased":true,"Day":31,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3114,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:48:14.028551148Z | 48 | PC: 15169 | Get DOS version |
| 2018-12-25T11:48:14.031140003Z | 47 | PC: 15175 | Get disk transfer address |
| 2018-12-25T11:48:14.032705263Z | 26 | PC: 15188 | Set disk transfer address |
| 2018-12-25T11:48:14.034052175Z | 42 | PC: 15198 | Get date 0x15198: cmp cx, 0x7c6 0x1519c: jge 0x151a1 0x1519e: jmp 0x151d9 0x151a0: nop 0x151a1: mov ah, 0x2a 0x151a3: int 0x21 0x151a5: cmp dh, 0xa 0x151a8: jge 0x151ad 0x151aa: jmp 0x151d9 0x151ac: nop 0x151ad: mov ah, 0x2a 0x151af: int 0x21 0x151b1: cmp dl, 0x1f 0x151b4: jge 0x151b9 0x151b6: jmp 0x151d9 0x151b8: nop 0x151b9: mov al, byte ptr [0x359] 0x151bc: call 0x151cc 0x151bf: cmp byte ptr [0x359], 0x19 0x151c4: je 0x151d9 |
| 2018-12-25T11:48:14.037613559Z | 78 | PC: 1525c | Find first file |
| 2018-12-25T11:48:14.051938675Z | 67 | PC: 1529a | Get or set file attributes |
| 2018-12-25T11:48:14.058864739Z | 67 | PC: 152ac | Get or set file attributes |
| 2018-12-25T11:48:14.076817037Z | 61 | PC: 152b7 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:48:14.084377942Z | 87 | PC: 152c3 | Get or set file date and time |
| 2018-12-25T11:48:14.086229209Z | 44 | PC: 152cf | Get time 0x152cf: and dh, 7 0x152d2: jmp 0x152d5 0x152d4: nop 0x152d5: mov ah, 0x3f 0x152d7: mov cx, 3 0x152da: mov dx, 0x1d 0x152dd: nop 0x152de: add dx, si 0x152e0: int 0x21 0x152e2: jb 0x15339 0x152e4: cmp ax, 3 0x152e7: jne 0x15339 0x152e9: mov ax, 0x4202 0x152ec: mov cx, 0 0x152ef: mov dx, 0 0x152f2: int 0x21 0x152f4: jb 0x15339 0x152f6: mov cx, ax 0x152f8: sub ax, 3 0x152fb: mov word ptr [si + 0x21], ax |
| 2018-12-25T11:48:14.088988416Z | 63 | PC: 152e2 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T11:48:14.097051174Z | 66 | PC: 152f4 | Move file pointer |
| 2018-12-25T11:48:14.09871456Z | 64 | PC: 15318 | Write file or device (Write 716 bytes on handle 5) |
| 2018-12-25T11:48:14.107753707Z | 66 | PC: 1532a | Move file pointer |
| 2018-12-25T11:48:14.110257866Z | 64 | PC: 15339 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T11:48:14.118218607Z | 87 | PC: 1534c | Get or set file date and time |
| 2018-12-25T11:48:14.119979119Z | 62 | PC: 15350 | Close file |
| 2018-12-25T11:48:14.130031283Z | 67 | PC: 1535f | Get or set file attributes |
| 2018-12-25T11:48:14.140987075Z | 26 | PC: 1536c | Set disk transfer address |
| 2018-12-25T11:48:14.142343175Z | 76 | PC: 1514d | Terminate with return code (Return code = '0') |