{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9663,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:23:25.745385886Z | 48 | PC: 12a6b | Get DOS version |
| 2018-12-25T12:23:25.746706099Z | 47 | PC: 12a77 | Get disk transfer address |
| 2018-12-25T12:23:25.748619709Z | 26 | PC: 12a8a | Set disk transfer address |
| 2018-12-25T12:23:25.749881174Z | 42 | PC: 12a9a | Get date 0x12a9a: cmp cx, 0x7c6 0x12a9e: jge 0x12aa3 0x12aa0: jmp 0x12adb 0x12aa2: nop 0x12aa3: mov ah, 0x2a 0x12aa5: int 0x21 0x12aa7: cmp dh, 0xa 0x12aaa: jge 0x12aaf 0x12aac: jmp 0x12adb 0x12aae: nop 0x12aaf: mov ah, 0x2a 0x12ab1: int 0x21 0x12ab3: cmp dl, 0x1f 0x12ab6: jge 0x12abb 0x12ab8: jmp 0x12adb 0x12aba: nop 0x12abb: mov al, byte ptr [0x35c] 0x12abe: call 0x12ace 0x12ac1: cmp byte ptr [0x35c], 0x19 0x12ac6: je 0x12adb |
| 2018-12-25T12:23:25.752418525Z | 78 | PC: 12b5e | Find first file |
| 2018-12-25T12:23:25.762197732Z | 67 | PC: 12b9c | Get or set file attributes |
| 2018-12-25T12:23:25.769281118Z | 67 | PC: 12baf | Get or set file attributes |
| 2018-12-25T12:23:25.796665549Z | 61 | PC: 12bba | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:23:25.804718581Z | 87 | PC: 12bc6 | Get or set file date and time |
| 2018-12-25T12:23:25.806428967Z | 44 | PC: 12bd2 | Get time 0x12bd2: and dh, 7 0x12bd5: jmp 0x12bd8 0x12bd7: nop 0x12bd8: mov ah, 0x3f 0x12bda: mov cx, 3 0x12bdd: mov dx, 0x1d 0x12be0: nop 0x12be1: add dx, si 0x12be3: int 0x21 0x12be5: jb 0x12c3c 0x12be7: cmp ax, 3 0x12bea: jne 0x12c3c 0x12bec: mov ax, 0x4202 0x12bef: mov cx, 0 0x12bf2: mov dx, 0 0x12bf5: int 0x21 0x12bf7: jb 0x12c3c 0x12bf9: mov cx, ax 0x12bfb: sub ax, 3 0x12bfe: mov word ptr [si + 0x21], ax |
| 2018-12-25T12:23:25.808862404Z | 63 | PC: 12be5 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:23:25.816364219Z | 66 | PC: 12bf7 | Move file pointer |
| 2018-12-25T12:23:25.818914629Z | 64 | PC: 12c1b | Write file or device (Write 719 bytes on handle 5) |
| 2018-12-25T12:23:25.82975279Z | 66 | PC: 12c2d | Move file pointer |
| 2018-12-25T12:23:25.831593383Z | 64 | PC: 12c3c | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:23:25.840461576Z | 87 | PC: 12c51 | Get or set file date and time |
| 2018-12-25T12:23:25.842632352Z | 62 | PC: 12c55 | Close file |
| 2018-12-25T12:23:25.852198223Z | 67 | PC: 12c64 | Get or set file attributes |
| 2018-12-25T12:23:25.864687889Z | 26 | PC: 12c71 | Set disk transfer address |
{"DateBased":true,"Day":1,"Month":1,"Year":1990,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9663,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:23:26.160619486Z | 48 | PC: 12a6b | Get DOS version |
| 2018-12-25T12:23:26.162295447Z | 47 | PC: 12a77 | Get disk transfer address |
| 2018-12-25T12:23:26.164262078Z | 26 | PC: 12a8a | Set disk transfer address |
| 2018-12-25T12:23:26.165876926Z | 42 | PC: 12a9a | Get date 0x12a9a: cmp cx, 0x7c6 0x12a9e: jge 0x12aa3 0x12aa0: jmp 0x12adb 0x12aa2: nop 0x12aa3: mov ah, 0x2a 0x12aa5: int 0x21 0x12aa7: cmp dh, 0xa 0x12aaa: jge 0x12aaf 0x12aac: jmp 0x12adb 0x12aae: nop 0x12aaf: mov ah, 0x2a 0x12ab1: int 0x21 0x12ab3: cmp dl, 0x1f 0x12ab6: jge 0x12abb 0x12ab8: jmp 0x12adb 0x12aba: nop 0x12abb: mov al, byte ptr [0x35c] 0x12abe: call 0x12ace 0x12ac1: cmp byte ptr [0x35c], 0x19 0x12ac6: je 0x12adb |
| 2018-12-25T12:23:26.168689123Z | 42 | PC: 12aa7 | Get date 0x12aa7: cmp dh, 0xa 0x12aaa: jge 0x12aaf 0x12aac: jmp 0x12adb 0x12aae: nop 0x12aaf: mov ah, 0x2a 0x12ab1: int 0x21 0x12ab3: cmp dl, 0x1f 0x12ab6: jge 0x12abb 0x12ab8: jmp 0x12adb 0x12aba: nop 0x12abb: mov al, byte ptr [0x35c] 0x12abe: call 0x12ace 0x12ac1: cmp byte ptr [0x35c], 0x19 0x12ac6: je 0x12adb 0x12ac8: inc byte ptr [0x35c] 0x12acc: loop 0x12abb 0x12ace: mov ah, 5 0x12ad0: mov ch, 0 0x12ad2: mov dh, 0 0x12ad4: mov dl, byte ptr [0x35c] |
| 2018-12-25T12:23:26.17213788Z | 78 | PC: 12b5e | Find first file |
| 2018-12-25T12:23:26.178941275Z | 67 | PC: 12b9c | Get or set file attributes |
| 2018-12-25T12:23:26.185881325Z | 67 | PC: 12baf | Get or set file attributes |
| 2018-12-25T12:23:26.203859876Z | 61 | PC: 12bba | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:23:26.219460814Z | 87 | PC: 12bc6 | Get or set file date and time |
| 2018-12-25T12:23:26.221313052Z | 44 | PC: 12bd2 | Get time 0x12bd2: and dh, 7 0x12bd5: jmp 0x12bd8 0x12bd7: nop 0x12bd8: mov ah, 0x3f 0x12bda: mov cx, 3 0x12bdd: mov dx, 0x1d 0x12be0: nop 0x12be1: add dx, si 0x12be3: int 0x21 0x12be5: jb 0x12c3c 0x12be7: cmp ax, 3 0x12bea: jne 0x12c3c 0x12bec: mov ax, 0x4202 0x12bef: mov cx, 0 0x12bf2: mov dx, 0 0x12bf5: int 0x21 0x12bf7: jb 0x12c3c 0x12bf9: mov cx, ax 0x12bfb: sub ax, 3 0x12bfe: mov word ptr [si + 0x21], ax |
| 2018-12-25T12:23:26.224612593Z | 63 | PC: 12be5 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:23:26.231758256Z | 66 | PC: 12bf7 | Move file pointer |
| 2018-12-25T12:23:26.233381747Z | 64 | PC: 12c1b | Write file or device (Write 719 bytes on handle 5) |
| 2018-12-25T12:23:26.24330944Z | 66 | PC: 12c2d | Move file pointer |
| 2018-12-25T12:23:26.245298756Z | 64 | PC: 12c3c | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:23:26.254343832Z | 87 | PC: 12c51 | Get or set file date and time |
| 2018-12-25T12:23:26.256435788Z | 62 | PC: 12c55 | Close file |
| 2018-12-25T12:23:26.265778287Z | 67 | PC: 12c64 | Get or set file attributes |
| 2018-12-25T12:23:26.276632191Z | 26 | PC: 12c71 | Set disk transfer address |
{"DateBased":true,"Day":1,"Month":10,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9663,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:23:26.430675333Z | 48 | PC: 12a6b | Get DOS version |
| 2018-12-25T12:23:26.432426912Z | 47 | PC: 12a77 | Get disk transfer address |
| 2018-12-25T12:23:26.433499987Z | 26 | PC: 12a8a | Set disk transfer address |
| 2018-12-25T12:23:26.434553254Z | 42 | PC: 12a9a | Get date 0x12a9a: cmp cx, 0x7c6 0x12a9e: jge 0x12aa3 0x12aa0: jmp 0x12adb 0x12aa2: nop 0x12aa3: mov ah, 0x2a 0x12aa5: int 0x21 0x12aa7: cmp dh, 0xa 0x12aaa: jge 0x12aaf 0x12aac: jmp 0x12adb 0x12aae: nop 0x12aaf: mov ah, 0x2a 0x12ab1: int 0x21 0x12ab3: cmp dl, 0x1f 0x12ab6: jge 0x12abb 0x12ab8: jmp 0x12adb 0x12aba: nop 0x12abb: mov al, byte ptr [0x35c] 0x12abe: call 0x12ace 0x12ac1: cmp byte ptr [0x35c], 0x19 0x12ac6: je 0x12adb |
| 2018-12-25T12:23:26.438441147Z | 78 | PC: 12b5e | Find first file |
| 2018-12-25T12:23:26.444345334Z | 67 | PC: 12b9c | Get or set file attributes |
| 2018-12-25T12:23:26.449789635Z | 67 | PC: 12baf | Get or set file attributes |
| 2018-12-25T12:23:26.464974329Z | 61 | PC: 12bba | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:23:26.472355956Z | 87 | PC: 12bc6 | Get or set file date and time |
| 2018-12-25T12:23:26.473960407Z | 44 | PC: 12bd2 | Get time 0x12bd2: and dh, 7 0x12bd5: jmp 0x12bd8 0x12bd7: nop 0x12bd8: mov ah, 0x3f 0x12bda: mov cx, 3 0x12bdd: mov dx, 0x1d 0x12be0: nop 0x12be1: add dx, si 0x12be3: int 0x21 0x12be5: jb 0x12c3c 0x12be7: cmp ax, 3 0x12bea: jne 0x12c3c 0x12bec: mov ax, 0x4202 0x12bef: mov cx, 0 0x12bf2: mov dx, 0 0x12bf5: int 0x21 0x12bf7: jb 0x12c3c 0x12bf9: mov cx, ax 0x12bfb: sub ax, 3 0x12bfe: mov word ptr [si + 0x21], ax |
| 2018-12-25T12:23:26.476305635Z | 63 | PC: 12be5 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:23:26.483465868Z | 66 | PC: 12bf7 | Move file pointer |
| 2018-12-25T12:23:26.484722307Z | 64 | PC: 12c1b | Write file or device (Write 719 bytes on handle 5) |
| 2018-12-25T12:23:26.493630254Z | 66 | PC: 12c2d | Move file pointer |
| 2018-12-25T12:23:26.495861356Z | 64 | PC: 12c3c | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:23:26.502972726Z | 87 | PC: 12c51 | Get or set file date and time |
| 2018-12-25T12:23:26.504694094Z | 62 | PC: 12c55 | Close file |
| 2018-12-25T12:23:26.513983988Z | 67 | PC: 12c64 | Get or set file attributes |
| 2018-12-25T12:23:26.523998207Z | 26 | PC: 12c71 | Set disk transfer address |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9663,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:23:26.439301706Z | 48 | PC: 12a6b | Get DOS version |
| 2018-12-25T12:23:26.441354879Z | 47 | PC: 12a77 | Get disk transfer address |
| 2018-12-25T12:23:26.442426695Z | 26 | PC: 12a8a | Set disk transfer address |
| 2018-12-25T12:23:26.443463022Z | 42 | PC: 12a9a | Get date 0x12a9a: cmp cx, 0x7c6 0x12a9e: jge 0x12aa3 0x12aa0: jmp 0x12adb 0x12aa2: nop 0x12aa3: mov ah, 0x2a 0x12aa5: int 0x21 0x12aa7: cmp dh, 0xa 0x12aaa: jge 0x12aaf 0x12aac: jmp 0x12adb 0x12aae: nop 0x12aaf: mov ah, 0x2a 0x12ab1: int 0x21 0x12ab3: cmp dl, 0x1f 0x12ab6: jge 0x12abb 0x12ab8: jmp 0x12adb 0x12aba: nop 0x12abb: mov al, byte ptr [0x35c] 0x12abe: call 0x12ace 0x12ac1: cmp byte ptr [0x35c], 0x19 0x12ac6: je 0x12adb |
| 2018-12-25T12:23:26.446175819Z | 78 | PC: 12b5e | Find first file |
| 2018-12-25T12:23:26.452039844Z | 67 | PC: 12b9c | Get or set file attributes |
| 2018-12-25T12:23:26.457411136Z | 67 | PC: 12baf | Get or set file attributes |
| 2018-12-25T12:23:26.474164765Z | 61 | PC: 12bba | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:23:26.480592451Z | 87 | PC: 12bc6 | Get or set file date and time |
| 2018-12-25T12:23:26.48186144Z | 44 | PC: 12bd2 | Get time 0x12bd2: and dh, 7 0x12bd5: jmp 0x12bd8 0x12bd7: nop 0x12bd8: mov ah, 0x3f 0x12bda: mov cx, 3 0x12bdd: mov dx, 0x1d 0x12be0: nop 0x12be1: add dx, si 0x12be3: int 0x21 0x12be5: jb 0x12c3c 0x12be7: cmp ax, 3 0x12bea: jne 0x12c3c 0x12bec: mov ax, 0x4202 0x12bef: mov cx, 0 0x12bf2: mov dx, 0 0x12bf5: int 0x21 0x12bf7: jb 0x12c3c 0x12bf9: mov cx, ax 0x12bfb: sub ax, 3 0x12bfe: mov word ptr [si + 0x21], ax |
| 2018-12-25T12:23:26.494125033Z | 63 | PC: 12be5 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:23:26.502875872Z | 66 | PC: 12bf7 | Move file pointer |
| 2018-12-25T12:23:26.50452365Z | 64 | PC: 12c1b | Write file or device (Write 719 bytes on handle 5) |
| 2018-12-25T12:23:26.518827052Z | 66 | PC: 12c2d | Move file pointer |
| 2018-12-25T12:23:26.522458827Z | 64 | PC: 12c3c | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:23:26.528874096Z | 87 | PC: 12c51 | Get or set file date and time |
| 2018-12-25T12:23:26.533438146Z | 62 | PC: 12c55 | Close file |
| 2018-12-25T12:23:26.542783033Z | 67 | PC: 12c64 | Get or set file attributes |
| 2018-12-25T12:23:26.55268158Z | 26 | PC: 12c71 | Set disk transfer address |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9663,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:23:26.603770014Z | 48 | PC: 12a6b | Get DOS version |
| 2018-12-25T12:23:26.606400872Z | 47 | PC: 12a77 | Get disk transfer address |
| 2018-12-25T12:23:26.607504051Z | 26 | PC: 12a8a | Set disk transfer address |
| 2018-12-25T12:23:26.6085695Z | 42 | PC: 12a9a | Get date 0x12a9a: cmp cx, 0x7c6 0x12a9e: jge 0x12aa3 0x12aa0: jmp 0x12adb 0x12aa2: nop 0x12aa3: mov ah, 0x2a 0x12aa5: int 0x21 0x12aa7: cmp dh, 0xa 0x12aaa: jge 0x12aaf 0x12aac: jmp 0x12adb 0x12aae: nop 0x12aaf: mov ah, 0x2a 0x12ab1: int 0x21 0x12ab3: cmp dl, 0x1f 0x12ab6: jge 0x12abb 0x12ab8: jmp 0x12adb 0x12aba: nop 0x12abb: mov al, byte ptr [0x35c] 0x12abe: call 0x12ace 0x12ac1: cmp byte ptr [0x35c], 0x19 0x12ac6: je 0x12adb |
| 2018-12-25T12:23:26.612134288Z | 78 | PC: 12b5e | Find first file |
| 2018-12-25T12:23:26.618179191Z | 67 | PC: 12b9c | Get or set file attributes |
| 2018-12-25T12:23:26.623908658Z | 67 | PC: 12baf | Get or set file attributes |
| 2018-12-25T12:23:26.640813203Z | 61 | PC: 12bba | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:23:26.648385371Z | 87 | PC: 12bc6 | Get or set file date and time |
| 2018-12-25T12:23:26.649654366Z | 44 | PC: 12bd2 | Get time 0x12bd2: and dh, 7 0x12bd5: jmp 0x12bd8 0x12bd7: nop 0x12bd8: mov ah, 0x3f 0x12bda: mov cx, 3 0x12bdd: mov dx, 0x1d 0x12be0: nop 0x12be1: add dx, si 0x12be3: int 0x21 0x12be5: jb 0x12c3c 0x12be7: cmp ax, 3 0x12bea: jne 0x12c3c 0x12bec: mov ax, 0x4202 0x12bef: mov cx, 0 0x12bf2: mov dx, 0 0x12bf5: int 0x21 0x12bf7: jb 0x12c3c 0x12bf9: mov cx, ax 0x12bfb: sub ax, 3 0x12bfe: mov word ptr [si + 0x21], ax |
| 2018-12-25T12:23:26.652372762Z | 63 | PC: 12be5 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:23:26.668789689Z | 66 | PC: 12bf7 | Move file pointer |
| 2018-12-25T12:23:26.672551543Z | 64 | PC: 12c1b | Write file or device (Write 719 bytes on handle 5) |
| 2018-12-25T12:23:26.680702687Z | 66 | PC: 12c2d | Move file pointer |
| 2018-12-25T12:23:26.6846653Z | 64 | PC: 12c3c | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:23:26.690833706Z | 87 | PC: 12c51 | Get or set file date and time |
| 2018-12-25T12:23:26.692383349Z | 62 | PC: 12c55 | Close file |
| 2018-12-25T12:23:26.70112977Z | 67 | PC: 12c64 | Get or set file attributes |
| 2018-12-25T12:23:26.710858926Z | 26 | PC: 12c71 | Set disk transfer address |
{"DateBased":true,"Day":31,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9663,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:23:27.410606084Z | 48 | PC: 12a6b | Get DOS version |
| 2018-12-25T12:23:27.412560443Z | 47 | PC: 12a77 | Get disk transfer address |
| 2018-12-25T12:23:27.413894625Z | 26 | PC: 12a8a | Set disk transfer address |
| 2018-12-25T12:23:27.415006827Z | 42 | PC: 12a9a | Get date 0x12a9a: cmp cx, 0x7c6 0x12a9e: jge 0x12aa3 0x12aa0: jmp 0x12adb 0x12aa2: nop 0x12aa3: mov ah, 0x2a 0x12aa5: int 0x21 0x12aa7: cmp dh, 0xa 0x12aaa: jge 0x12aaf 0x12aac: jmp 0x12adb 0x12aae: nop 0x12aaf: mov ah, 0x2a 0x12ab1: int 0x21 0x12ab3: cmp dl, 0x1f 0x12ab6: jge 0x12abb 0x12ab8: jmp 0x12adb 0x12aba: nop 0x12abb: mov al, byte ptr [0x35c] 0x12abe: call 0x12ace 0x12ac1: cmp byte ptr [0x35c], 0x19 0x12ac6: je 0x12adb |
| 2018-12-25T12:23:27.417190514Z | 78 | PC: 12b5e | Find first file |
| 2018-12-25T12:23:27.423873175Z | 67 | PC: 12b9c | Get or set file attributes |
| 2018-12-25T12:23:27.429589352Z | 67 | PC: 12baf | Get or set file attributes |
| 2018-12-25T12:23:27.447757111Z | 61 | PC: 12bba | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:23:27.456824566Z | 87 | PC: 12bc6 | Get or set file date and time |
| 2018-12-25T12:23:27.458974266Z | 44 | PC: 12bd2 | Get time 0x12bd2: and dh, 7 0x12bd5: jmp 0x12bd8 0x12bd7: nop 0x12bd8: mov ah, 0x3f 0x12bda: mov cx, 3 0x12bdd: mov dx, 0x1d 0x12be0: nop 0x12be1: add dx, si 0x12be3: int 0x21 0x12be5: jb 0x12c3c 0x12be7: cmp ax, 3 0x12bea: jne 0x12c3c 0x12bec: mov ax, 0x4202 0x12bef: mov cx, 0 0x12bf2: mov dx, 0 0x12bf5: int 0x21 0x12bf7: jb 0x12c3c 0x12bf9: mov cx, ax 0x12bfb: sub ax, 3 0x12bfe: mov word ptr [si + 0x21], ax |
| 2018-12-25T12:23:27.461389507Z | 63 | PC: 12be5 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:23:27.471489158Z | 66 | PC: 12bf7 | Move file pointer |
| 2018-12-25T12:23:27.472808958Z | 64 | PC: 12c1b | Write file or device (Write 719 bytes on handle 5) |
| 2018-12-25T12:23:27.481325917Z | 66 | PC: 12c2d | Move file pointer |
| 2018-12-25T12:23:27.483623364Z | 64 | PC: 12c3c | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:23:27.491405404Z | 87 | PC: 12c51 | Get or set file date and time |
| 2018-12-25T12:23:27.493154516Z | 62 | PC: 12c55 | Close file |
| 2018-12-25T12:23:27.501327343Z | 67 | PC: 12c64 | Get or set file attributes |
| 2018-12-25T12:23:27.511291067Z | 26 | PC: 12c71 | Set disk transfer address |