{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":5,"TimeBased":true,"OriginalID":4076,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:50:58.335856995Z | 44 | PC: 15164 | Get time 0x15164: cmp dh, 5 0x15167: jbe 0x1516e 0x15169: sub dh, 5 0x1516c: jmp 0x15164 0x1516e: mov di, 0xff6e 0x15171: mov byte ptr [di], dh 0x15173: mov ah, 0x1a 0x15175: mov dx, 0xff80 0x15178: int 0x21 0x1517a: push si 0x1517b: mov ah, 0x47 0x1517d: mov si, 0xff01 0x15180: xor dl, dl 0x15182: push ds 0x15183: int 0x21 0x15185: pop ds 0x15186: mov di, 0xff00 0x15189: mov byte ptr [di], 0x5c 0x1518c: pop si 0x1518d: mov ah, 0x2c |
| 2018-12-25T11:50:58.339518511Z | 26 | PC: 1517a | Set disk transfer address |
| 2018-12-25T11:50:58.341226807Z | 71 | PC: 15185 | Get current directory |
| 2018-12-25T11:50:58.344637037Z | 44 | PC: 15191 | Get time 0x15191: sub dh, 0 0x15194: je 0x151c5 0x15196: sub dh, 0xa 0x15199: je 0x151c8 0x1519b: mov di, 0xff6f 0x1519e: mov byte ptr [di], 0 0x151a1: mov dx, 0x241 0x151a4: add dx, si 0x151a6: mov cx, 0xffff 0x151a9: mov ah, 0x4e 0x151ab: int 0x21 0x151ad: jb 0x151cd 0x151af: call 0x15223 0x151b2: and ax, ax 0x151b4: je 0x15217 0x151b6: mov ah, 0x4f 0x151b8: int 0x21 0x151ba: jb 0x151cd 0x151bc: call 0x15223 0x151bf: and ax, ax |
| 2018-12-25T11:50:58.347497448Z | 78 | PC: 151ad | Find first file |
| 2018-12-25T11:50:58.354686385Z | 67 | PC: 152b9 | Get or set file attributes |
| 2018-12-25T11:50:58.372365354Z | 61 | PC: 1522e | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:50:58.379668795Z | 66 | PC: 1523d | Move file pointer |
| 2018-12-25T11:50:58.38192887Z | 63 | PC: 1524b | Read file or device (Read 5 bytes on handle 5) |
| 2018-12-25T11:50:58.389274359Z | 66 | PC: 15270 | Move file pointer |
| 2018-12-25T11:50:58.392097293Z | 64 | PC: 1528e | Write file or device (Write 5 bytes on handle 5) |
| 2018-12-25T11:50:58.395887081Z | 66 | PC: 1529a | Move file pointer |
| 2018-12-25T11:50:58.398508556Z | 64 | PC: 15421 | Write file or device (Write 764 bytes on handle 5) |
| 2018-12-25T11:50:58.408744101Z | 87 | PC: 152dd | Get or set file date and time |
| 2018-12-25T11:50:58.411425063Z | 62 | PC: 152a6 | Close file |
| 2018-12-25T11:50:58.419920808Z | 67 | PC: 152cb | Get or set file attributes |
| 2018-12-25T11:50:58.431017652Z | 59 | PC: 151ea | Change current directory |
| 2018-12-25T11:50:58.436828125Z | 26 | PC: 151f2 | Set disk transfer address |
| 2018-12-25T11:50:58.438848891Z | 9 | PC: 12a51 | Display string (String= 'This is a sample! (10.000 bytes)') |
| 2018-12-25T11:50:58.441758763Z | 76 | PC: 12a56 | Terminate with return code (Return code = '0') |
{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":4076,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:50:58.438165734Z | 44 | PC: 15164 | Get time 0x15164: cmp dh, 5 0x15167: jbe 0x1516e 0x15169: sub dh, 5 0x1516c: jmp 0x15164 0x1516e: mov di, 0xff6e 0x15171: mov byte ptr [di], dh 0x15173: mov ah, 0x1a 0x15175: mov dx, 0xff80 0x15178: int 0x21 0x1517a: push si 0x1517b: mov ah, 0x47 0x1517d: mov si, 0xff01 0x15180: xor dl, dl 0x15182: push ds 0x15183: int 0x21 0x15185: pop ds 0x15186: mov di, 0xff00 0x15189: mov byte ptr [di], 0x5c 0x1518c: pop si 0x1518d: mov ah, 0x2c |
| 2018-12-25T11:50:58.442168071Z | 26 | PC: 1517a | Set disk transfer address |
| 2018-12-25T11:50:58.4436145Z | 71 | PC: 15185 | Get current directory |
| 2018-12-25T11:50:58.446995409Z | 44 | PC: 15191 | Get time 0x15191: sub dh, 0 0x15194: je 0x151c5 0x15196: sub dh, 0xa 0x15199: je 0x151c8 0x1519b: mov di, 0xff6f 0x1519e: mov byte ptr [di], 0 0x151a1: mov dx, 0x241 0x151a4: add dx, si 0x151a6: mov cx, 0xffff 0x151a9: mov ah, 0x4e 0x151ab: int 0x21 0x151ad: jb 0x151cd 0x151af: call 0x15223 0x151b2: and ax, ax 0x151b4: je 0x15217 0x151b6: mov ah, 0x4f 0x151b8: int 0x21 0x151ba: jb 0x151cd 0x151bc: call 0x15223 0x151bf: and ax, ax |
| 2018-12-25T11:50:58.450083262Z | 78 | PC: 151ad | Find first file |
| 2018-12-25T11:50:58.47296855Z | 67 | PC: 152b9 | Get or set file attributes |
| 2018-12-25T11:50:58.497379101Z | 61 | PC: 1522e | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:50:58.50667967Z | 66 | PC: 1523d | Move file pointer |
| 2018-12-25T11:50:58.512087578Z | 63 | PC: 1524b | Read file or device (Read 5 bytes on handle 5) |
| 2018-12-25T11:50:58.524656844Z | 66 | PC: 15270 | Move file pointer |
| 2018-12-25T11:50:58.526356972Z | 64 | PC: 1528e | Write file or device (Write 5 bytes on handle 5) |
| 2018-12-25T11:50:58.53011731Z | 66 | PC: 1529a | Move file pointer |
| 2018-12-25T11:50:58.532439373Z | 64 | PC: 15421 | Write file or device (Write 764 bytes on handle 5) |
| 2018-12-25T11:50:58.542957429Z | 87 | PC: 152dd | Get or set file date and time |
| 2018-12-25T11:50:58.545783345Z | 62 | PC: 152a6 | Close file |
| 2018-12-25T11:50:58.562040108Z | 67 | PC: 152cb | Get or set file attributes |
| 2018-12-25T11:50:58.576334676Z | 59 | PC: 151ea | Change current directory |
| 2018-12-25T11:50:58.5830506Z | 26 | PC: 151f2 | Set disk transfer address |
| 2018-12-25T11:50:58.585141156Z | 9 | PC: 12a51 | Display string (String= 'This is a sample! (10.000 bytes)') |
| 2018-12-25T11:50:58.588244847Z | 76 | PC: 12a56 | Terminate with return code (Return code = '0') |
{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":4076,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:50:58.469502197Z | 44 | PC: 15164 | Get time 0x15164: cmp dh, 5 0x15167: jbe 0x1516e 0x15169: sub dh, 5 0x1516c: jmp 0x15164 0x1516e: mov di, 0xff6e 0x15171: mov byte ptr [di], dh 0x15173: mov ah, 0x1a 0x15175: mov dx, 0xff80 0x15178: int 0x21 0x1517a: push si 0x1517b: mov ah, 0x47 0x1517d: mov si, 0xff01 0x15180: xor dl, dl 0x15182: push ds 0x15183: int 0x21 0x15185: pop ds 0x15186: mov di, 0xff00 0x15189: mov byte ptr [di], 0x5c 0x1518c: pop si 0x1518d: mov ah, 0x2c |
| 2018-12-25T11:50:58.472464319Z | 26 | PC: 1517a | Set disk transfer address |
| 2018-12-25T11:50:58.473555861Z | 71 | PC: 15185 | Get current directory |
| 2018-12-25T11:50:58.476356864Z | 44 | PC: 15191 | Get time 0x15191: sub dh, 0 0x15194: je 0x151c5 0x15196: sub dh, 0xa 0x15199: je 0x151c8 0x1519b: mov di, 0xff6f 0x1519e: mov byte ptr [di], 0 0x151a1: mov dx, 0x241 0x151a4: add dx, si 0x151a6: mov cx, 0xffff 0x151a9: mov ah, 0x4e 0x151ab: int 0x21 0x151ad: jb 0x151cd 0x151af: call 0x15223 0x151b2: and ax, ax 0x151b4: je 0x15217 0x151b6: mov ah, 0x4f 0x151b8: int 0x21 0x151ba: jb 0x151cd 0x151bc: call 0x15223 0x151bf: and ax, ax |
| 2018-12-25T11:50:58.479054702Z | 78 | PC: 151ad | Find first file |
| 2018-12-25T11:50:58.485852349Z | 67 | PC: 152b9 | Get or set file attributes |
| 2018-12-25T11:50:58.507638911Z | 61 | PC: 1522e | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:50:58.514289584Z | 66 | PC: 1523d | Move file pointer |
| 2018-12-25T11:50:58.515937137Z | 63 | PC: 1524b | Read file or device (Read 5 bytes on handle 5) |
| 2018-12-25T11:50:58.522127261Z | 66 | PC: 15270 | Move file pointer |
| 2018-12-25T11:50:58.523417154Z | 64 | PC: 1528e | Write file or device (Write 5 bytes on handle 5) |
| 2018-12-25T11:50:58.526936939Z | 66 | PC: 1529a | Move file pointer |
| 2018-12-25T11:50:58.52965144Z | 64 | PC: 15421 | Write file or device (Write 764 bytes on handle 5) |
| 2018-12-25T11:50:58.538678933Z | 87 | PC: 152dd | Get or set file date and time |
| 2018-12-25T11:50:58.540937179Z | 62 | PC: 152a6 | Close file |
| 2018-12-25T11:50:58.548376593Z | 67 | PC: 152cb | Get or set file attributes |
| 2018-12-25T11:50:58.558651412Z | 59 | PC: 151ea | Change current directory |
| 2018-12-25T11:50:58.563747923Z | 26 | PC: 151f2 | Set disk transfer address |
| 2018-12-25T11:50:58.565261246Z | 9 | PC: 12a51 | Display string (String= 'This is a sample! (10.000 bytes)') |
| 2018-12-25T11:50:58.567814193Z | 76 | PC: 12a56 | Terminate with return code (Return code = '0') |
{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":4076,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:50:58.878685361Z | 44 | PC: 15164 | Get time 0x15164: cmp dh, 5 0x15167: jbe 0x1516e 0x15169: sub dh, 5 0x1516c: jmp 0x15164 0x1516e: mov di, 0xff6e 0x15171: mov byte ptr [di], dh 0x15173: mov ah, 0x1a 0x15175: mov dx, 0xff80 0x15178: int 0x21 0x1517a: push si 0x1517b: mov ah, 0x47 0x1517d: mov si, 0xff01 0x15180: xor dl, dl 0x15182: push ds 0x15183: int 0x21 0x15185: pop ds 0x15186: mov di, 0xff00 0x15189: mov byte ptr [di], 0x5c 0x1518c: pop si 0x1518d: mov ah, 0x2c |
| 2018-12-25T11:50:58.881348426Z | 26 | PC: 1517a | Set disk transfer address |
| 2018-12-25T11:50:58.882572437Z | 71 | PC: 15185 | Get current directory |
| 2018-12-25T11:50:58.885424721Z | 44 | PC: 15191 | Get time 0x15191: sub dh, 0 0x15194: je 0x151c5 0x15196: sub dh, 0xa 0x15199: je 0x151c8 0x1519b: mov di, 0xff6f 0x1519e: mov byte ptr [di], 0 0x151a1: mov dx, 0x241 0x151a4: add dx, si 0x151a6: mov cx, 0xffff 0x151a9: mov ah, 0x4e 0x151ab: int 0x21 0x151ad: jb 0x151cd 0x151af: call 0x15223 0x151b2: and ax, ax 0x151b4: je 0x15217 0x151b6: mov ah, 0x4f 0x151b8: int 0x21 0x151ba: jb 0x151cd 0x151bc: call 0x15223 0x151bf: and ax, ax |
| 2018-12-25T11:50:58.888466205Z | 78 | PC: 151ad | Find first file |
| 2018-12-25T11:50:58.894999932Z | 67 | PC: 152b9 | Get or set file attributes |
| 2018-12-25T11:50:58.912538813Z | 61 | PC: 1522e | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:50:58.919077551Z | 66 | PC: 1523d | Move file pointer |
| 2018-12-25T11:50:58.920985471Z | 63 | PC: 1524b | Read file or device (Read 5 bytes on handle 5) |
| 2018-12-25T11:50:58.92727481Z | 66 | PC: 15270 | Move file pointer |
| 2018-12-25T11:50:58.928573151Z | 64 | PC: 1528e | Write file or device (Write 5 bytes on handle 5) |
| 2018-12-25T11:50:58.932105246Z | 66 | PC: 1529a | Move file pointer |
| 2018-12-25T11:50:58.934163429Z | 64 | PC: 15421 | Write file or device (Write 764 bytes on handle 5) |
| 2018-12-25T11:50:58.94309111Z | 87 | PC: 152dd | Get or set file date and time |
| 2018-12-25T11:50:58.950834832Z | 62 | PC: 152a6 | Close file |
| 2018-12-25T11:50:58.958565005Z | 67 | PC: 152cb | Get or set file attributes |
| 2018-12-25T11:50:58.968953333Z | 59 | PC: 151ea | Change current directory |
| 2018-12-25T11:50:58.97578181Z | 26 | PC: 151f2 | Set disk transfer address |
| 2018-12-25T11:50:58.977559988Z | 9 | PC: 12a51 | Display string (String= 'This is a sample! (10.000 bytes)') |
| 2018-12-25T11:50:58.979874217Z | 76 | PC: 12a56 | Terminate with return code (Return code = '0') |
{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":10,"TimeBased":true,"OriginalID":4076,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:50:59.257161138Z | 44 | PC: 15164 | Get time 0x15164: cmp dh, 5 0x15167: jbe 0x1516e 0x15169: sub dh, 5 0x1516c: jmp 0x15164 0x1516e: mov di, 0xff6e 0x15171: mov byte ptr [di], dh 0x15173: mov ah, 0x1a 0x15175: mov dx, 0xff80 0x15178: int 0x21 0x1517a: push si 0x1517b: mov ah, 0x47 0x1517d: mov si, 0xff01 0x15180: xor dl, dl 0x15182: push ds 0x15183: int 0x21 0x15185: pop ds 0x15186: mov di, 0xff00 0x15189: mov byte ptr [di], 0x5c 0x1518c: pop si 0x1518d: mov ah, 0x2c |
| 2018-12-25T11:50:59.261398555Z | 26 | PC: 1517a | Set disk transfer address |
| 2018-12-25T11:50:59.262732683Z | 71 | PC: 15185 | Get current directory |
| 2018-12-25T11:50:59.265894764Z | 44 | PC: 15191 | Get time 0x15191: sub dh, 0 0x15194: je 0x151c5 0x15196: sub dh, 0xa 0x15199: je 0x151c8 0x1519b: mov di, 0xff6f 0x1519e: mov byte ptr [di], 0 0x151a1: mov dx, 0x241 0x151a4: add dx, si 0x151a6: mov cx, 0xffff 0x151a9: mov ah, 0x4e 0x151ab: int 0x21 0x151ad: jb 0x151cd 0x151af: call 0x15223 0x151b2: and ax, ax 0x151b4: je 0x15217 0x151b6: mov ah, 0x4f 0x151b8: int 0x21 0x151ba: jb 0x151cd 0x151bc: call 0x15223 0x151bf: and ax, ax |
| 2018-12-25T11:50:59.277859593Z | 78 | PC: 151ad | Find first file |
| 2018-12-25T11:50:59.284310129Z | 67 | PC: 152b9 | Get or set file attributes |
| 2018-12-25T11:50:59.300987602Z | 61 | PC: 1522e | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:50:59.308681662Z | 66 | PC: 1523d | Move file pointer |
| 2018-12-25T11:50:59.310314053Z | 63 | PC: 1524b | Read file or device (Read 5 bytes on handle 5) |
| 2018-12-25T11:50:59.335896359Z | 66 | PC: 15270 | Move file pointer |
| 2018-12-25T11:50:59.338437243Z | 64 | PC: 1528e | Write file or device (Write 5 bytes on handle 5) |
| 2018-12-25T11:50:59.342787474Z | 66 | PC: 1529a | Move file pointer |
| 2018-12-25T11:50:59.344982065Z | 64 | PC: 15421 | Write file or device (Write 764 bytes on handle 5) |
| 2018-12-25T11:50:59.35464557Z | 87 | PC: 152dd | Get or set file date and time |
| 2018-12-25T11:50:59.357019491Z | 62 | PC: 152a6 | Close file |
| 2018-12-25T11:50:59.364447626Z | 67 | PC: 152cb | Get or set file attributes |
| 2018-12-25T11:50:59.374932814Z | 59 | PC: 151ea | Change current directory |
| 2018-12-25T11:50:59.378943223Z | 26 | PC: 151f2 | Set disk transfer address |
| 2018-12-25T11:50:59.37994319Z | 9 | PC: 12a51 | Display string (String= 'This is a sample! (10.000 bytes)') |
| 2018-12-25T11:50:59.382872248Z | 76 | PC: 12a56 | Terminate with return code (Return code = '0') |