{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":3127,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:48:24.361116794Z | 42 | PC: 15162 | Get date 0x15162: cmp dl, 0xf 0x15165: je 0x15169 0x15167: jmp 0x15186 0x15169: cli 0x1516a: mov ah, 2 0x1516c: cdq 0x1516d: mov cx, 0x100 0x15170: int 0x26 0x15172: jmp 0x15174 0x15174: cli 0x15175: mov al, 3 0x15177: mov cx, 0x2bc 0x1517a: mov dx, 0 0x1517d: mov ds, word ptr [di + 0x63] 0x15180: mov bx, word ptr [di + 0x37] 0x15183: call 0x25169 0x15186: ret 0x15187: lodsb al, byte ptr [si] 0x15188: xor al, ah 0x1518a: stosb byte ptr es:[di], al |
| 2018-12-25T11:48:24.36355579Z | 71 | PC: 1524e | Get current directory |
| 2018-12-25T11:48:24.366210195Z | 59 | PC: 15259 | Change current directory |
| 2018-12-25T11:48:24.370571339Z | 26 | PC: 1530c | Set disk transfer address |
| 2018-12-25T11:48:24.372065278Z | 78 | PC: 1531a | Find first file |
| 2018-12-25T11:48:24.38292081Z | 61 | PC: 15345 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:48:24.389158906Z | 63 | PC: 15357 | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T11:48:24.393669078Z | 44 | PC: 15392 | Get time 0x15392: add dl, dh 0x15394: je 0x1538e 0x15396: mov si, 0x115 0x15399: add si, word ptr [0x106] 0x1539d: mov byte ptr [si], dl 0x1539f: mov ax, 0x4301 0x153a2: xor cx, cx 0x153a4: mov dx, si 0x153a6: add dx, 0xc7 0x153aa: int 0x21 0x153ac: mov ah, 0x3e 0x153ae: int 0x21 0x153b0: mov ax, 0x3d02 0x153b3: int 0x21 0x153b5: jb 0x15366 0x153b7: mov di, dx 0x153b9: add di, 0x63 0x153bc: stosw word ptr es:[di], ax 0x153bd: xchg ax, bx 0x153be: mov ah, 0x40 |
| 2018-12-25T11:48:24.395139309Z | 67 | PC: 153ac | Get or set file attributes |
| 2018-12-25T11:48:24.414709943Z | 62 | PC: 153b0 | Close file |
| 2018-12-25T11:48:24.417290636Z | 61 | PC: 153b5 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:48:24.424463275Z | 64 | PC: 153c8 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:48:24.427384755Z | 64 | PC: 153da | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T11:48:24.430744285Z | 64 | PC: 153ef | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T11:48:24.433591948Z | 66 | PC: 153f8 | Move file pointer |
| 2018-12-25T11:48:24.435235918Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:24.437841112Z | 64 | PC: 1519d | Write file or device (Write 1104 bytes on handle 5) |
| 2018-12-25T11:48:24.446681456Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:24.448959908Z | 87 | PC: 15411 | Get or set file date and time |
| 2018-12-25T11:48:24.450881377Z | 62 | PC: 15415 | Close file |
| 2018-12-25T11:48:24.459264339Z | 67 | PC: 15426 | Get or set file attributes |
| 2018-12-25T11:48:24.469099917Z | 79 | PC: 1532d | Find next file |
| 2018-12-25T11:48:24.472190211Z | 61 | PC: 15345 | Open file (See above) |
| 2018-12-25T11:48:24.47969849Z | 63 | PC: 15357 | Read file or device (See above) |
| 2018-12-25T11:48:24.486745102Z | 44 | PC: 15392 | Get time (See above) |
| 2018-12-25T11:48:24.489524376Z | 67 | PC: 153ac | Get or set file attributes (See above) |
| 2018-12-25T11:48:24.50119072Z | 62 | PC: 153b0 | Close file (See above) |
| 2018-12-25T11:48:24.503445356Z | 61 | PC: 153b5 | Open file (See above) |
| 2018-12-25T11:48:24.511339412Z | 64 | PC: 153c8 | Write file or device (See above) |
| 2018-12-25T11:48:24.518064779Z | 64 | PC: 153da | Write file or device (See above) |
| 2018-12-25T11:48:24.520700319Z | 64 | PC: 153ef | Write file or device (See above) |
| 2018-12-25T11:48:24.524007396Z | 66 | PC: 153f8 | Move file pointer (See above) |
| 2018-12-25T11:48:24.527784374Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:24.530070238Z | 64 | PC: 1519d | Write file or device (See above) |
| 2018-12-25T11:48:24.538891937Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:24.541374547Z | 87 | PC: 15411 | Get or set file date and time (See above) |
| 2018-12-25T11:48:24.543028088Z | 62 | PC: 15415 | Close file (See above) |
| 2018-12-25T11:48:24.551045834Z | 67 | PC: 15426 | Get or set file attributes (See above) |
| 2018-12-25T11:48:24.56195448Z | 79 | PC: 1532d | Find next file (See above) |
| 2018-12-25T11:48:24.56456486Z | 61 | PC: 15345 | Open file (See above) |
| 2018-12-25T11:48:24.571114159Z | 63 | PC: 15357 | Read file or device (See above) |
| 2018-12-25T11:48:24.577669167Z | 44 | PC: 15392 | Get time (See above) |
| 2018-12-25T11:48:24.580111291Z | 67 | PC: 153ac | Get or set file attributes (See above) |
| 2018-12-25T11:48:24.590784223Z | 62 | PC: 153b0 | Close file (See above) |
| 2018-12-25T11:48:24.597594024Z | 61 | PC: 153b5 | Open file (See above) |
| 2018-12-25T11:48:24.604406331Z | 64 | PC: 153c8 | Write file or device (See above) |
| 2018-12-25T11:48:24.607395444Z | 64 | PC: 153da | Write file or device (See above) |
| 2018-12-25T11:48:24.610904853Z | 64 | PC: 153ef | Write file or device (See above) |
| 2018-12-25T11:48:24.613251751Z | 66 | PC: 153f8 | Move file pointer (See above) |
| 2018-12-25T11:48:24.614475111Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:24.62064481Z | 64 | PC: 1519d | Write file or device (See above) |
| 2018-12-25T11:48:24.630446396Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:24.632473711Z | 87 | PC: 15411 | Get or set file date and time (See above) |
| 2018-12-25T11:48:24.634595565Z | 62 | PC: 15415 | Close file (See above) |
| 2018-12-25T11:48:24.642033567Z | 67 | PC: 15426 | Get or set file attributes (See above) |
| 2018-12-25T11:48:24.651674803Z | 42 | PC: 15274 | Get date 0x15274: cmp dx, 0x1602 0x15278: je 0x1527d 0x1527a: jmp 0x15496 0x1527d: jmp 0x1542b 0x15280: and ah, bh 0x15282: movsw word ptr es:[di], word ptr [si] 0x15283: mov ax, 0x5c4c 0x15286: add word ptr [di], ax 0x15288: add byte ptr [di - 0x75], dl 0x1528b: in al, dx 0x1528c: sub sp, 0x2c 0x1528f: push si 0x15290: jmp 0x15301 0x15292: mov ah, 0x1a 0x15294: lea dx, word ptr [bp - 0x2c] 0x15297: int 0x21 0x15299: mov ah, 0x4e 0x1529b: mov cx, 0x10 0x1529e: mov dx, 0x1b5 0x152a1: add dx, word ptr [0x106] |
| 2018-12-25T11:48:24.65416726Z | 59 | PC: 154a1 | Change current directory |
| 2018-12-25T11:48:24.657940117Z | 59 | PC: 154a8 | Change current directory |
| 2018-12-25T11:48:24.659577344Z | 9 | PC: 12a51 | Display string (String= 'This is a sample! (10.000 bytes)') |
| 2018-12-25T11:48:24.66396174Z | 76 | PC: 12a56 | Terminate with return code (Return code = '0') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":3127,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:48:25.340519059Z | 42 | PC: 15162 | Get date 0x15162: cmp dl, 0xf 0x15165: je 0x15169 0x15167: jmp 0x15186 0x15169: cli 0x1516a: mov ah, 2 0x1516c: cdq 0x1516d: mov cx, 0x100 0x15170: int 0x26 0x15172: jmp 0x15174 0x15174: cli 0x15175: mov al, 3 0x15177: mov cx, 0x2bc 0x1517a: mov dx, 0 0x1517d: mov ds, word ptr [di + 0x63] 0x15180: mov bx, word ptr [di + 0x37] 0x15183: call 0x25169 0x15186: ret 0x15187: lodsb al, byte ptr [si] 0x15188: xor al, ah 0x1518a: stosb byte ptr es:[di], al |
| 2018-12-25T11:48:25.343981473Z | 71 | PC: 1524e | Get current directory |
| 2018-12-25T11:48:25.346638132Z | 59 | PC: 15259 | Change current directory |
| 2018-12-25T11:48:25.350276727Z | 26 | PC: 1530c | Set disk transfer address |
| 2018-12-25T11:48:25.351772762Z | 78 | PC: 1531a | Find first file |
| 2018-12-25T11:48:25.35729237Z | 61 | PC: 15345 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:48:25.363477314Z | 63 | PC: 15357 | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T11:48:25.369685912Z | 44 | PC: 15392 | Get time 0x15392: add dl, dh 0x15394: je 0x1538e 0x15396: mov si, 0x115 0x15399: add si, word ptr [0x106] 0x1539d: mov byte ptr [si], dl 0x1539f: mov ax, 0x4301 0x153a2: xor cx, cx 0x153a4: mov dx, si 0x153a6: add dx, 0xc7 0x153aa: int 0x21 0x153ac: mov ah, 0x3e 0x153ae: int 0x21 0x153b0: mov ax, 0x3d02 0x153b3: int 0x21 0x153b5: jb 0x15366 0x153b7: mov di, dx 0x153b9: add di, 0x63 0x153bc: stosw word ptr es:[di], ax 0x153bd: xchg ax, bx 0x153be: mov ah, 0x40 |
| 2018-12-25T11:48:25.371684512Z | 67 | PC: 153ac | Get or set file attributes |
| 2018-12-25T11:48:25.388683581Z | 62 | PC: 153b0 | Close file |
| 2018-12-25T11:48:25.391178621Z | 61 | PC: 153b5 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:48:25.397336077Z | 64 | PC: 153c8 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:48:25.399855366Z | 64 | PC: 153da | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T11:48:25.402513339Z | 64 | PC: 153ef | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T11:48:25.405573142Z | 66 | PC: 153f8 | Move file pointer |
| 2018-12-25T11:48:25.406806586Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:25.408715612Z | 64 | PC: 1519d | Write file or device (Write 1104 bytes on handle 5) |
| 2018-12-25T11:48:25.417422487Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:25.41951104Z | 87 | PC: 15411 | Get or set file date and time |
| 2018-12-25T11:48:25.420889489Z | 62 | PC: 15415 | Close file |
| 2018-12-25T11:48:25.428213519Z | 67 | PC: 15426 | Get or set file attributes |
| 2018-12-25T11:48:25.437635656Z | 79 | PC: 1532d | Find next file |
| 2018-12-25T11:48:25.440180184Z | 61 | PC: 15345 | Open file (See above) |
| 2018-12-25T11:48:25.446968506Z | 63 | PC: 15357 | Read file or device (See above) |
| 2018-12-25T11:48:25.450897682Z | 44 | PC: 15392 | Get time (See above) |
| 2018-12-25T11:48:25.452272683Z | 67 | PC: 153ac | Get or set file attributes (See above) |
| 2018-12-25T11:48:25.45872485Z | 62 | PC: 153b0 | Close file (See above) |
| 2018-12-25T11:48:25.460430482Z | 61 | PC: 153b5 | Open file (See above) |
| 2018-12-25T11:48:25.466916063Z | 64 | PC: 153c8 | Write file or device (See above) |
| 2018-12-25T11:48:25.469307765Z | 64 | PC: 153da | Write file or device (See above) |
| 2018-12-25T11:48:25.470998857Z | 64 | PC: 153ef | Write file or device (See above) |
| 2018-12-25T11:48:25.472574971Z | 66 | PC: 153f8 | Move file pointer (See above) |
| 2018-12-25T11:48:25.473870978Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:25.475243279Z | 64 | PC: 1519d | Write file or device (See above) |
| 2018-12-25T11:48:25.480970382Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:25.48278617Z | 87 | PC: 15411 | Get or set file date and time (See above) |
| 2018-12-25T11:48:25.484179764Z | 62 | PC: 15415 | Close file (See above) |
| 2018-12-25T11:48:25.488897177Z | 67 | PC: 15426 | Get or set file attributes (See above) |
| 2018-12-25T11:48:25.49500303Z | 79 | PC: 1532d | Find next file (See above) |
| 2018-12-25T11:48:25.496604031Z | 61 | PC: 15345 | Open file (See above) |
| 2018-12-25T11:48:25.500565649Z | 63 | PC: 15357 | Read file or device (See above) |
| 2018-12-25T11:48:25.50507023Z | 44 | PC: 15392 | Get time (See above) |
| 2018-12-25T11:48:25.506412881Z | 67 | PC: 153ac | Get or set file attributes (See above) |
| 2018-12-25T11:48:25.512488298Z | 62 | PC: 153b0 | Close file (See above) |
| 2018-12-25T11:48:25.513975163Z | 61 | PC: 153b5 | Open file (See above) |
| 2018-12-25T11:48:25.520222325Z | 64 | PC: 153c8 | Write file or device (See above) |
| 2018-12-25T11:48:25.522787858Z | 64 | PC: 153da | Write file or device (See above) |
| 2018-12-25T11:48:25.526183093Z | 64 | PC: 153ef | Write file or device (See above) |
| 2018-12-25T11:48:25.528626585Z | 66 | PC: 153f8 | Move file pointer (See above) |
| 2018-12-25T11:48:25.530124353Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:25.532698847Z | 64 | PC: 1519d | Write file or device (See above) |
| 2018-12-25T11:48:25.540771764Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:25.542804698Z | 87 | PC: 15411 | Get or set file date and time (See above) |
| 2018-12-25T11:48:25.544700412Z | 62 | PC: 15415 | Close file (See above) |
| 2018-12-25T11:48:25.552734353Z | 67 | PC: 15426 | Get or set file attributes (See above) |
| 2018-12-25T11:48:25.562392585Z | 42 | PC: 15274 | Get date 0x15274: cmp dx, 0x1602 0x15278: je 0x1527d 0x1527a: jmp 0x15496 0x1527d: jmp 0x1542b 0x15280: and ah, bh 0x15282: movsw word ptr es:[di], word ptr [si] 0x15283: mov ax, 0x5c4c 0x15286: add word ptr [di], ax 0x15288: add byte ptr [di - 0x75], dl 0x1528b: in al, dx 0x1528c: sub sp, 0x2c 0x1528f: push si 0x15290: jmp 0x15301 0x15292: mov ah, 0x1a 0x15294: lea dx, word ptr [bp - 0x2c] 0x15297: int 0x21 0x15299: mov ah, 0x4e 0x1529b: mov cx, 0x10 0x1529e: mov dx, 0x1b5 0x152a1: add dx, word ptr [0x106] |
| 2018-12-25T11:48:25.565631905Z | 59 | PC: 154a1 | Change current directory |
| 2018-12-25T11:48:25.569642475Z | 59 | PC: 154a8 | Change current directory |
| 2018-12-25T11:48:25.571581604Z | 9 | PC: 12a51 | Display string (String= 'This is a sample! (10.000 bytes)') |
| 2018-12-25T11:48:25.576021225Z | 76 | PC: 12a56 | Terminate with return code (Return code = '0') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":3127,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:48:25.428711915Z | 42 | PC: 15162 | Get date 0x15162: cmp dl, 0xf 0x15165: je 0x15169 0x15167: jmp 0x15186 0x15169: cli 0x1516a: mov ah, 2 0x1516c: cdq 0x1516d: mov cx, 0x100 0x15170: int 0x26 0x15172: jmp 0x15174 0x15174: cli 0x15175: mov al, 3 0x15177: mov cx, 0x2bc 0x1517a: mov dx, 0 0x1517d: mov ds, word ptr [di + 0x63] 0x15180: mov bx, word ptr [di + 0x37] 0x15183: call 0x25169 0x15186: ret 0x15187: lodsb al, byte ptr [si] 0x15188: xor al, ah 0x1518a: stosb byte ptr es:[di], al |
| 2018-12-25T11:48:25.431479814Z | 71 | PC: 1524e | Get current directory |
| 2018-12-25T11:48:25.434578533Z | 59 | PC: 15259 | Change current directory |
| 2018-12-25T11:48:25.438774665Z | 26 | PC: 1530c | Set disk transfer address |
| 2018-12-25T11:48:25.440829758Z | 78 | PC: 1531a | Find first file |
| 2018-12-25T11:48:25.452662026Z | 61 | PC: 15345 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:48:25.459381458Z | 63 | PC: 15357 | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T11:48:25.466841507Z | 44 | PC: 15392 | Get time 0x15392: add dl, dh 0x15394: je 0x1538e 0x15396: mov si, 0x115 0x15399: add si, word ptr [0x106] 0x1539d: mov byte ptr [si], dl 0x1539f: mov ax, 0x4301 0x153a2: xor cx, cx 0x153a4: mov dx, si 0x153a6: add dx, 0xc7 0x153aa: int 0x21 0x153ac: mov ah, 0x3e 0x153ae: int 0x21 0x153b0: mov ax, 0x3d02 0x153b3: int 0x21 0x153b5: jb 0x15366 0x153b7: mov di, dx 0x153b9: add di, 0x63 0x153bc: stosw word ptr es:[di], ax 0x153bd: xchg ax, bx 0x153be: mov ah, 0x40 |
| 2018-12-25T11:48:25.469182835Z | 67 | PC: 153ac | Get or set file attributes |
| 2018-12-25T11:48:25.754227547Z | 62 | PC: 153b0 | Close file |
| 2018-12-25T11:48:25.757097229Z | 61 | PC: 153b5 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:48:25.765327232Z | 64 | PC: 153c8 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:48:25.768451885Z | 64 | PC: 153da | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T11:48:25.770684937Z | 64 | PC: 153ef | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T11:48:25.77530741Z | 66 | PC: 153f8 | Move file pointer |
| 2018-12-25T11:48:25.7773431Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:25.780082457Z | 64 | PC: 1519d | Write file or device (Write 1104 bytes on handle 5) |
| 2018-12-25T11:48:25.791953835Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:25.794887888Z | 87 | PC: 15411 | Get or set file date and time |
| 2018-12-25T11:48:25.797028549Z | 62 | PC: 15415 | Close file |
| 2018-12-25T11:48:25.806785304Z | 67 | PC: 15426 | Get or set file attributes |
| 2018-12-25T11:48:25.81811856Z | 79 | PC: 1532d | Find next file |
| 2018-12-25T11:48:25.820958646Z | 61 | PC: 15345 | Open file (See above) |
| 2018-12-25T11:48:25.828531745Z | 63 | PC: 15357 | Read file or device (See above) |
| 2018-12-25T11:48:25.835752563Z | 44 | PC: 15392 | Get time (See above) |
| 2018-12-25T11:48:25.839709304Z | 67 | PC: 153ac | Get or set file attributes (See above) |
| 2018-12-25T11:48:25.858239647Z | 62 | PC: 153b0 | Close file (See above) |
| 2018-12-25T11:48:25.861835201Z | 61 | PC: 153b5 | Open file (See above) |
| 2018-12-25T11:48:25.869189025Z | 64 | PC: 153c8 | Write file or device (See above) |
| 2018-12-25T11:48:25.872243373Z | 64 | PC: 153da | Write file or device (See above) |
| 2018-12-25T11:48:25.875927235Z | 64 | PC: 153ef | Write file or device (See above) |
| 2018-12-25T11:48:25.878884312Z | 66 | PC: 153f8 | Move file pointer (See above) |
| 2018-12-25T11:48:25.880823533Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:25.883781909Z | 64 | PC: 1519d | Write file or device (See above) |
| 2018-12-25T11:48:25.893845975Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:25.896712202Z | 87 | PC: 15411 | Get or set file date and time (See above) |
| 2018-12-25T11:48:25.899418676Z | 62 | PC: 15415 | Close file (See above) |
| 2018-12-25T11:48:25.908619953Z | 67 | PC: 15426 | Get or set file attributes (See above) |
| 2018-12-25T11:48:25.920337557Z | 79 | PC: 1532d | Find next file (See above) |
| 2018-12-25T11:48:25.931051916Z | 61 | PC: 15345 | Open file (See above) |
| 2018-12-25T11:48:25.938639711Z | 63 | PC: 15357 | Read file or device (See above) |
| 2018-12-25T11:48:25.946203305Z | 44 | PC: 15392 | Get time (See above) |
| 2018-12-25T11:48:25.949092028Z | 67 | PC: 153ac | Get or set file attributes (See above) |
| 2018-12-25T11:48:25.960326012Z | 62 | PC: 153b0 | Close file (See above) |
| 2018-12-25T11:48:25.962243152Z | 61 | PC: 153b5 | Open file (See above) |
| 2018-12-25T11:48:25.977086582Z | 64 | PC: 153c8 | Write file or device (See above) |
| 2018-12-25T11:48:25.980338609Z | 64 | PC: 153da | Write file or device (See above) |
| 2018-12-25T11:48:25.983340027Z | 64 | PC: 153ef | Write file or device (See above) |
| 2018-12-25T11:48:25.986861542Z | 66 | PC: 153f8 | Move file pointer (See above) |
| 2018-12-25T11:48:25.989067872Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:25.991536448Z | 64 | PC: 1519d | Write file or device (See above) |
| 2018-12-25T11:48:26.001575018Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:26.004609132Z | 87 | PC: 15411 | Get or set file date and time (See above) |
| 2018-12-25T11:48:26.006858726Z | 62 | PC: 15415 | Close file (See above) |
| 2018-12-25T11:48:26.016003771Z | 67 | PC: 15426 | Get or set file attributes (See above) |
| 2018-12-25T11:48:26.028541736Z | 42 | PC: 15274 | Get date 0x15274: cmp dx, 0x1602 0x15278: je 0x1527d 0x1527a: jmp 0x15496 0x1527d: jmp 0x1542b 0x15280: and ah, bh 0x15282: movsw word ptr es:[di], word ptr [si] 0x15283: mov ax, 0x5c4c 0x15286: add word ptr [di], ax 0x15288: add byte ptr [di - 0x75], dl 0x1528b: in al, dx 0x1528c: sub sp, 0x2c 0x1528f: push si 0x15290: jmp 0x15301 0x15292: mov ah, 0x1a 0x15294: lea dx, word ptr [bp - 0x2c] 0x15297: int 0x21 0x15299: mov ah, 0x4e 0x1529b: mov cx, 0x10 0x1529e: mov dx, 0x1b5 0x152a1: add dx, word ptr [0x106] |
| 2018-12-25T11:48:26.031106624Z | 59 | PC: 154a1 | Change current directory |
| 2018-12-25T11:48:26.035965767Z | 59 | PC: 154a8 | Change current directory |
| 2018-12-25T11:48:26.039263515Z | 9 | PC: 12a51 | Display string (String= 'This is a sample! (10.000 bytes)') |
| 2018-12-25T11:48:26.044138894Z | 76 | PC: 12a56 | Terminate with return code (Return code = '0') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":3127,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:48:25.455614498Z | 42 | PC: 15162 | Get date 0x15162: cmp dl, 0xf 0x15165: je 0x15169 0x15167: jmp 0x15186 0x15169: cli 0x1516a: mov ah, 2 0x1516c: cdq 0x1516d: mov cx, 0x100 0x15170: int 0x26 0x15172: jmp 0x15174 0x15174: cli 0x15175: mov al, 3 0x15177: mov cx, 0x2bc 0x1517a: mov dx, 0 0x1517d: mov ds, word ptr [di + 0x63] 0x15180: mov bx, word ptr [di + 0x37] 0x15183: call 0x25169 0x15186: ret 0x15187: lodsb al, byte ptr [si] 0x15188: xor al, ah 0x1518a: stosb byte ptr es:[di], al |
| 2018-12-25T11:48:25.458732395Z | 71 | PC: 1524e | Get current directory |
| 2018-12-25T11:48:25.461829031Z | 59 | PC: 15259 | Change current directory |
| 2018-12-25T11:48:25.466206431Z | 26 | PC: 1530c | Set disk transfer address |
| 2018-12-25T11:48:25.468146317Z | 78 | PC: 1531a | Find first file |
| 2018-12-25T11:48:25.480080912Z | 61 | PC: 15345 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:48:25.493102719Z | 63 | PC: 15357 | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T11:48:25.500426581Z | 44 | PC: 15392 | Get time 0x15392: add dl, dh 0x15394: je 0x1538e 0x15396: mov si, 0x115 0x15399: add si, word ptr [0x106] 0x1539d: mov byte ptr [si], dl 0x1539f: mov ax, 0x4301 0x153a2: xor cx, cx 0x153a4: mov dx, si 0x153a6: add dx, 0xc7 0x153aa: int 0x21 0x153ac: mov ah, 0x3e 0x153ae: int 0x21 0x153b0: mov ax, 0x3d02 0x153b3: int 0x21 0x153b5: jb 0x15366 0x153b7: mov di, dx 0x153b9: add di, 0x63 0x153bc: stosw word ptr es:[di], ax 0x153bd: xchg ax, bx 0x153be: mov ah, 0x40 |
| 2018-12-25T11:48:25.502941409Z | 67 | PC: 153ac | Get or set file attributes |
| 2018-12-25T11:48:25.748622195Z | 62 | PC: 153b0 | Close file |
| 2018-12-25T11:48:25.754711517Z | 61 | PC: 153b5 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:48:25.762789352Z | 64 | PC: 153c8 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:48:25.76614713Z | 64 | PC: 153da | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T11:48:25.769657386Z | 64 | PC: 153ef | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T11:48:25.773628965Z | 66 | PC: 153f8 | Move file pointer |
| 2018-12-25T11:48:25.775750411Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:25.778279999Z | 64 | PC: 1519d | Write file or device (Write 1104 bytes on handle 5) |
| 2018-12-25T11:48:25.789194048Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:25.793109798Z | 87 | PC: 15411 | Get or set file date and time |
| 2018-12-25T11:48:25.795374988Z | 62 | PC: 15415 | Close file |
| 2018-12-25T11:48:25.806804536Z | 67 | PC: 15426 | Get or set file attributes |
| 2018-12-25T11:48:25.818023962Z | 79 | PC: 1532d | Find next file |
| 2018-12-25T11:48:25.821371018Z | 61 | PC: 15345 | Open file (See above) |
| 2018-12-25T11:48:25.829543574Z | 63 | PC: 15357 | Read file or device (See above) |
| 2018-12-25T11:48:25.837652609Z | 44 | PC: 15392 | Get time (See above) |
| 2018-12-25T11:48:25.840401928Z | 67 | PC: 153ac | Get or set file attributes (See above) |
| 2018-12-25T11:48:25.851548486Z | 62 | PC: 153b0 | Close file (See above) |
| 2018-12-25T11:48:25.854349326Z | 61 | PC: 153b5 | Open file (See above) |
| 2018-12-25T11:48:25.862845422Z | 64 | PC: 153c8 | Write file or device (See above) |
| 2018-12-25T11:48:25.866239639Z | 64 | PC: 153da | Write file or device (See above) |
| 2018-12-25T11:48:25.870011598Z | 64 | PC: 153ef | Write file or device (See above) |
| 2018-12-25T11:48:25.872996791Z | 66 | PC: 153f8 | Move file pointer (See above) |
| 2018-12-25T11:48:25.87453437Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:25.877437156Z | 64 | PC: 1519d | Write file or device (See above) |
| 2018-12-25T11:48:25.887394046Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:25.889741629Z | 87 | PC: 15411 | Get or set file date and time (See above) |
| 2018-12-25T11:48:25.893364929Z | 62 | PC: 15415 | Close file (See above) |
| 2018-12-25T11:48:25.9005067Z | 67 | PC: 15426 | Get or set file attributes (See above) |
| 2018-12-25T11:48:25.911228675Z | 79 | PC: 1532d | Find next file (See above) |
| 2018-12-25T11:48:25.914967612Z | 61 | PC: 15345 | Open file (See above) |
| 2018-12-25T11:48:25.92316697Z | 63 | PC: 15357 | Read file or device (See above) |
| 2018-12-25T11:48:25.930473155Z | 44 | PC: 15392 | Get time (See above) |
| 2018-12-25T11:48:25.933557247Z | 67 | PC: 153ac | Get or set file attributes (See above) |
| 2018-12-25T11:48:25.944634153Z | 62 | PC: 153b0 | Close file (See above) |
| 2018-12-25T11:48:25.946699375Z | 61 | PC: 153b5 | Open file (See above) |
| 2018-12-25T11:48:25.95447821Z | 64 | PC: 153c8 | Write file or device (See above) |
| 2018-12-25T11:48:25.957627912Z | 64 | PC: 153da | Write file or device (See above) |
| 2018-12-25T11:48:25.960497784Z | 64 | PC: 153ef | Write file or device (See above) |
| 2018-12-25T11:48:25.963968326Z | 66 | PC: 153f8 | Move file pointer (See above) |
| 2018-12-25T11:48:25.966327401Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:25.968903014Z | 64 | PC: 1519d | Write file or device (See above) |
| 2018-12-25T11:48:25.980007106Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:25.984318695Z | 87 | PC: 15411 | Get or set file date and time (See above) |
| 2018-12-25T11:48:25.985992344Z | 62 | PC: 15415 | Close file (See above) |
| 2018-12-25T11:48:25.995989011Z | 67 | PC: 15426 | Get or set file attributes (See above) |
| 2018-12-25T11:48:26.007915589Z | 42 | PC: 15274 | Get date 0x15274: cmp dx, 0x1602 0x15278: je 0x1527d 0x1527a: jmp 0x15496 0x1527d: jmp 0x1542b 0x15280: and ah, bh 0x15282: movsw word ptr es:[di], word ptr [si] 0x15283: mov ax, 0x5c4c 0x15286: add word ptr [di], ax 0x15288: add byte ptr [di - 0x75], dl 0x1528b: in al, dx 0x1528c: sub sp, 0x2c 0x1528f: push si 0x15290: jmp 0x15301 0x15292: mov ah, 0x1a 0x15294: lea dx, word ptr [bp - 0x2c] 0x15297: int 0x21 0x15299: mov ah, 0x4e 0x1529b: mov cx, 0x10 0x1529e: mov dx, 0x1b5 0x152a1: add dx, word ptr [0x106] |
| 2018-12-25T11:48:26.010712552Z | 59 | PC: 154a1 | Change current directory |
| 2018-12-25T11:48:26.015566827Z | 59 | PC: 154a8 | Change current directory |
| 2018-12-25T11:48:26.018896149Z | 9 | PC: 12a51 | Display string (String= 'This is a sample! (10.000 bytes)') |
| 2018-12-25T11:48:26.026043868Z | 76 | PC: 12a56 | Terminate with return code (Return code = '0') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":3127,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:48:25.581933393Z | 42 | PC: 15162 | Get date 0x15162: cmp dl, 0xf 0x15165: je 0x15169 0x15167: jmp 0x15186 0x15169: cli 0x1516a: mov ah, 2 0x1516c: cdq 0x1516d: mov cx, 0x100 0x15170: int 0x26 0x15172: jmp 0x15174 0x15174: cli 0x15175: mov al, 3 0x15177: mov cx, 0x2bc 0x1517a: mov dx, 0 0x1517d: mov ds, word ptr [di + 0x63] 0x15180: mov bx, word ptr [di + 0x37] 0x15183: call 0x25169 0x15186: ret 0x15187: lodsb al, byte ptr [si] 0x15188: xor al, ah 0x1518a: stosb byte ptr es:[di], al |
| 2018-12-25T11:48:25.594774413Z | 71 | PC: 1524e | Get current directory |
| 2018-12-25T11:48:25.597660754Z | 59 | PC: 15259 | Change current directory |
| 2018-12-25T11:48:25.601563711Z | 26 | PC: 1530c | Set disk transfer address |
| 2018-12-25T11:48:25.613019885Z | 78 | PC: 1531a | Find first file |
| 2018-12-25T11:48:25.624586039Z | 61 | PC: 15345 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:48:25.635995445Z | 63 | PC: 15357 | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T11:48:25.64374646Z | 44 | PC: 15392 | Get time 0x15392: add dl, dh 0x15394: je 0x1538e 0x15396: mov si, 0x115 0x15399: add si, word ptr [0x106] 0x1539d: mov byte ptr [si], dl 0x1539f: mov ax, 0x4301 0x153a2: xor cx, cx 0x153a4: mov dx, si 0x153a6: add dx, 0xc7 0x153aa: int 0x21 0x153ac: mov ah, 0x3e 0x153ae: int 0x21 0x153b0: mov ax, 0x3d02 0x153b3: int 0x21 0x153b5: jb 0x15366 0x153b7: mov di, dx 0x153b9: add di, 0x63 0x153bc: stosw word ptr es:[di], ax 0x153bd: xchg ax, bx 0x153be: mov ah, 0x40 |
| 2018-12-25T11:48:25.645764056Z | 67 | PC: 153ac | Get or set file attributes |
| 2018-12-25T11:48:25.662025258Z | 62 | PC: 153b0 | Close file |
| 2018-12-25T11:48:25.664470418Z | 61 | PC: 153b5 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:48:25.668662486Z | 64 | PC: 153c8 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:48:25.670999125Z | 64 | PC: 153da | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T11:48:25.677269488Z | 64 | PC: 153ef | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T11:48:25.679797333Z | 66 | PC: 153f8 | Move file pointer |
| 2018-12-25T11:48:25.681096613Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:25.683118732Z | 64 | PC: 1519d | Write file or device (Write 1104 bytes on handle 5) |
| 2018-12-25T11:48:25.689269133Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:25.691424125Z | 87 | PC: 15411 | Get or set file date and time |
| 2018-12-25T11:48:25.693042252Z | 62 | PC: 15415 | Close file |
| 2018-12-25T11:48:25.700170076Z | 67 | PC: 15426 | Get or set file attributes |
| 2018-12-25T11:48:25.710605547Z | 79 | PC: 1532d | Find next file |
| 2018-12-25T11:48:25.71410671Z | 61 | PC: 15345 | Open file (See above) |
| 2018-12-25T11:48:25.721140994Z | 63 | PC: 15357 | Read file or device (See above) |
| 2018-12-25T11:48:25.727291187Z | 44 | PC: 15392 | Get time (See above) |
| 2018-12-25T11:48:25.730365905Z | 67 | PC: 153ac | Get or set file attributes (See above) |
| 2018-12-25T11:48:25.740673765Z | 62 | PC: 153b0 | Close file (See above) |
| 2018-12-25T11:48:25.742709189Z | 61 | PC: 153b5 | Open file (See above) |
| 2018-12-25T11:48:25.74996073Z | 64 | PC: 153c8 | Write file or device (See above) |
| 2018-12-25T11:48:25.753098635Z | 64 | PC: 153da | Write file or device (See above) |
| 2018-12-25T11:48:25.756161808Z | 64 | PC: 153ef | Write file or device (See above) |
| 2018-12-25T11:48:25.759521012Z | 66 | PC: 153f8 | Move file pointer (See above) |
| 2018-12-25T11:48:25.76123816Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:25.763747739Z | 64 | PC: 1519d | Write file or device (See above) |
| 2018-12-25T11:48:25.772276689Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:25.775874142Z | 87 | PC: 15411 | Get or set file date and time (See above) |
| 2018-12-25T11:48:25.777717395Z | 62 | PC: 15415 | Close file (See above) |
| 2018-12-25T11:48:25.786860305Z | 67 | PC: 15426 | Get or set file attributes (See above) |
| 2018-12-25T11:48:25.797836761Z | 79 | PC: 1532d | Find next file (See above) |
| 2018-12-25T11:48:25.800699097Z | 61 | PC: 15345 | Open file (See above) |
| 2018-12-25T11:48:25.807128317Z | 63 | PC: 15357 | Read file or device (See above) |
| 2018-12-25T11:48:25.814366262Z | 44 | PC: 15392 | Get time (See above) |
| 2018-12-25T11:48:25.81712983Z | 67 | PC: 153ac | Get or set file attributes (See above) |
| 2018-12-25T11:48:25.826885037Z | 62 | PC: 153b0 | Close file (See above) |
| 2018-12-25T11:48:25.829737495Z | 61 | PC: 153b5 | Open file (See above) |
| 2018-12-25T11:48:25.836827654Z | 64 | PC: 153c8 | Write file or device (See above) |
| 2018-12-25T11:48:25.839691893Z | 64 | PC: 153da | Write file or device (See above) |
| 2018-12-25T11:48:25.842774092Z | 64 | PC: 153ef | Write file or device (See above) |
| 2018-12-25T11:48:25.845287822Z | 66 | PC: 153f8 | Move file pointer (See above) |
| 2018-12-25T11:48:25.846607941Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:25.849114394Z | 64 | PC: 1519d | Write file or device (See above) |
| 2018-12-25T11:48:25.858781193Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:25.861204157Z | 87 | PC: 15411 | Get or set file date and time (See above) |
| 2018-12-25T11:48:25.863372845Z | 62 | PC: 15415 | Close file (See above) |
| 2018-12-25T11:48:25.870989821Z | 67 | PC: 15426 | Get or set file attributes (See above) |
| 2018-12-25T11:48:25.88042261Z | 42 | PC: 15274 | Get date 0x15274: cmp dx, 0x1602 0x15278: je 0x1527d 0x1527a: jmp 0x15496 0x1527d: jmp 0x1542b 0x15280: and ah, bh 0x15282: movsw word ptr es:[di], word ptr [si] 0x15283: mov ax, 0x5c4c 0x15286: add word ptr [di], ax 0x15288: add byte ptr [di - 0x75], dl 0x1528b: in al, dx 0x1528c: sub sp, 0x2c 0x1528f: push si 0x15290: jmp 0x15301 0x15292: mov ah, 0x1a 0x15294: lea dx, word ptr [bp - 0x2c] 0x15297: int 0x21 0x15299: mov ah, 0x4e 0x1529b: mov cx, 0x10 0x1529e: mov dx, 0x1b5 0x152a1: add dx, word ptr [0x106] |
| 2018-12-25T11:48:25.882494017Z | 59 | PC: 154a1 | Change current directory |
| 2018-12-25T11:48:25.884974726Z | 59 | PC: 154a8 | Change current directory |
| 2018-12-25T11:48:25.886147123Z | 9 | PC: 12a51 | Display string (String= 'This is a sample! (10.000 bytes)') |
| 2018-12-25T11:48:25.888913016Z | 76 | PC: 12a56 | Terminate with return code (Return code = '0') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":3127,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:48:25.951773801Z | 42 | PC: 15162 | Get date 0x15162: cmp dl, 0xf 0x15165: je 0x15169 0x15167: jmp 0x15186 0x15169: cli 0x1516a: mov ah, 2 0x1516c: cdq 0x1516d: mov cx, 0x100 0x15170: int 0x26 0x15172: jmp 0x15174 0x15174: cli 0x15175: mov al, 3 0x15177: mov cx, 0x2bc 0x1517a: mov dx, 0 0x1517d: mov ds, word ptr [di + 0x63] 0x15180: mov bx, word ptr [di + 0x37] 0x15183: call 0x25169 0x15186: ret 0x15187: lodsb al, byte ptr [si] 0x15188: xor al, ah 0x1518a: stosb byte ptr es:[di], al |
| 2018-12-25T11:48:25.955067347Z | 71 | PC: 1524e | Get current directory |
| 2018-12-25T11:48:25.964911109Z | 59 | PC: 15259 | Change current directory |
| 2018-12-25T11:48:25.970056207Z | 26 | PC: 1530c | Set disk transfer address |
| 2018-12-25T11:48:25.971395341Z | 78 | PC: 1531a | Find first file |
| 2018-12-25T11:48:25.978736225Z | 61 | PC: 15345 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:48:25.98638644Z | 63 | PC: 15357 | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T11:48:25.99374996Z | 44 | PC: 15392 | Get time 0x15392: add dl, dh 0x15394: je 0x1538e 0x15396: mov si, 0x115 0x15399: add si, word ptr [0x106] 0x1539d: mov byte ptr [si], dl 0x1539f: mov ax, 0x4301 0x153a2: xor cx, cx 0x153a4: mov dx, si 0x153a6: add dx, 0xc7 0x153aa: int 0x21 0x153ac: mov ah, 0x3e 0x153ae: int 0x21 0x153b0: mov ax, 0x3d02 0x153b3: int 0x21 0x153b5: jb 0x15366 0x153b7: mov di, dx 0x153b9: add di, 0x63 0x153bc: stosw word ptr es:[di], ax 0x153bd: xchg ax, bx 0x153be: mov ah, 0x40 |
| 2018-12-25T11:48:25.996749398Z | 67 | PC: 153ac | Get or set file attributes |
| 2018-12-25T11:48:26.014271611Z | 62 | PC: 153b0 | Close file |
| 2018-12-25T11:48:26.016375079Z | 61 | PC: 153b5 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:48:26.026075257Z | 64 | PC: 153c8 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:48:26.031495639Z | 64 | PC: 153da | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T11:48:26.035033941Z | 64 | PC: 153ef | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T11:48:26.039901802Z | 66 | PC: 153f8 | Move file pointer |
| 2018-12-25T11:48:26.042089549Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:26.044755803Z | 64 | PC: 1519d | Write file or device (Write 1104 bytes on handle 5) |
| 2018-12-25T11:48:26.056072829Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:26.058586298Z | 87 | PC: 15411 | Get or set file date and time |
| 2018-12-25T11:48:26.060640783Z | 62 | PC: 15415 | Close file |
| 2018-12-25T11:48:26.06977698Z | 67 | PC: 15426 | Get or set file attributes |
| 2018-12-25T11:48:26.08095269Z | 79 | PC: 1532d | Find next file |
| 2018-12-25T11:48:26.084153721Z | 61 | PC: 15345 | Open file (See above) |
| 2018-12-25T11:48:26.092741466Z | 63 | PC: 15357 | Read file or device (See above) |
| 2018-12-25T11:48:26.097023528Z | 44 | PC: 15392 | Get time (See above) |
| 2018-12-25T11:48:26.098564791Z | 67 | PC: 153ac | Get or set file attributes (See above) |
| 2018-12-25T11:48:26.106145468Z | 62 | PC: 153b0 | Close file (See above) |
| 2018-12-25T11:48:26.108696135Z | 61 | PC: 153b5 | Open file (See above) |
| 2018-12-25T11:48:26.115761026Z | 64 | PC: 153c8 | Write file or device (See above) |
| 2018-12-25T11:48:26.117744737Z | 64 | PC: 153da | Write file or device (See above) |
| 2018-12-25T11:48:26.119905274Z | 64 | PC: 153ef | Write file or device (See above) |
| 2018-12-25T11:48:26.130841995Z | 66 | PC: 153f8 | Move file pointer (See above) |
| 2018-12-25T11:48:26.13265361Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:26.13544442Z | 64 | PC: 1519d | Write file or device (See above) |
| 2018-12-25T11:48:26.144538547Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:26.14693927Z | 87 | PC: 15411 | Get or set file date and time (See above) |
| 2018-12-25T11:48:26.149278909Z | 62 | PC: 15415 | Close file (See above) |
| 2018-12-25T11:48:26.156609553Z | 67 | PC: 15426 | Get or set file attributes (See above) |
| 2018-12-25T11:48:26.163669915Z | 79 | PC: 1532d | Find next file (See above) |
| 2018-12-25T11:48:26.166702979Z | 61 | PC: 15345 | Open file (See above) |
| 2018-12-25T11:48:26.1711491Z | 63 | PC: 15357 | Read file or device (See above) |
| 2018-12-25T11:48:26.175610519Z | 44 | PC: 15392 | Get time (See above) |
| 2018-12-25T11:48:26.178364797Z | 67 | PC: 153ac | Get or set file attributes (See above) |
| 2018-12-25T11:48:26.187538121Z | 62 | PC: 153b0 | Close file (See above) |
| 2018-12-25T11:48:26.189137133Z | 61 | PC: 153b5 | Open file (See above) |
| 2018-12-25T11:48:26.194192394Z | 64 | PC: 153c8 | Write file or device (See above) |
| 2018-12-25T11:48:26.19881063Z | 64 | PC: 153da | Write file or device (See above) |
| 2018-12-25T11:48:26.201002944Z | 64 | PC: 153ef | Write file or device (See above) |
| 2018-12-25T11:48:26.203265505Z | 66 | PC: 153f8 | Move file pointer (See above) |
| 2018-12-25T11:48:26.205032318Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:26.206755042Z | 64 | PC: 1519d | Write file or device (See above) |
| 2018-12-25T11:48:26.213441928Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:26.215368505Z | 87 | PC: 15411 | Get or set file date and time (See above) |
| 2018-12-25T11:48:26.216629753Z | 62 | PC: 15415 | Close file (See above) |
| 2018-12-25T11:48:26.224973801Z | 67 | PC: 15426 | Get or set file attributes (See above) |
| 2018-12-25T11:48:26.232850647Z | 42 | PC: 15274 | Get date 0x15274: cmp dx, 0x1602 0x15278: je 0x1527d 0x1527a: jmp 0x15496 0x1527d: jmp 0x1542b 0x15280: and ah, bh 0x15282: movsw word ptr es:[di], word ptr [si] 0x15283: mov ax, 0x5c4c 0x15286: add word ptr [di], ax 0x15288: add byte ptr [di - 0x75], dl 0x1528b: in al, dx 0x1528c: sub sp, 0x2c 0x1528f: push si 0x15290: jmp 0x15301 0x15292: mov ah, 0x1a 0x15294: lea dx, word ptr [bp - 0x2c] 0x15297: int 0x21 0x15299: mov ah, 0x4e 0x1529b: mov cx, 0x10 0x1529e: mov dx, 0x1b5 0x152a1: add dx, word ptr [0x106] |
| 2018-12-25T11:48:26.235871816Z | 59 | PC: 154a1 | Change current directory |
| 2018-12-25T11:48:26.241026632Z | 59 | PC: 154a8 | Change current directory |
| 2018-12-25T11:48:26.244325822Z | 9 | PC: 12a51 | Display string (String= 'This is a sample! (10.000 bytes)') |
| 2018-12-25T11:48:26.24840248Z | 76 | PC: 12a56 | Terminate with return code (Return code = '0') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":3127,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:48:26.040117759Z | 42 | PC: 15162 | Get date 0x15162: cmp dl, 0xf 0x15165: je 0x15169 0x15167: jmp 0x15186 0x15169: cli 0x1516a: mov ah, 2 0x1516c: cdq 0x1516d: mov cx, 0x100 0x15170: int 0x26 0x15172: jmp 0x15174 0x15174: cli 0x15175: mov al, 3 0x15177: mov cx, 0x2bc 0x1517a: mov dx, 0 0x1517d: mov ds, word ptr [di + 0x63] 0x15180: mov bx, word ptr [di + 0x37] 0x15183: call 0x25169 0x15186: ret 0x15187: lodsb al, byte ptr [si] 0x15188: xor al, ah 0x1518a: stosb byte ptr es:[di], al |
| 2018-12-25T11:48:26.042417807Z | 71 | PC: 1524e | Get current directory |
| 2018-12-25T11:48:26.044726505Z | 59 | PC: 15259 | Change current directory |
| 2018-12-25T11:48:26.047740035Z | 26 | PC: 1530c | Set disk transfer address |
| 2018-12-25T11:48:26.049946609Z | 78 | PC: 1531a | Find first file |
| 2018-12-25T11:48:26.062079107Z | 61 | PC: 15345 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:48:26.073446121Z | 63 | PC: 15357 | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T11:48:26.079018753Z | 44 | PC: 15392 | Get time 0x15392: add dl, dh 0x15394: je 0x1538e 0x15396: mov si, 0x115 0x15399: add si, word ptr [0x106] 0x1539d: mov byte ptr [si], dl 0x1539f: mov ax, 0x4301 0x153a2: xor cx, cx 0x153a4: mov dx, si 0x153a6: add dx, 0xc7 0x153aa: int 0x21 0x153ac: mov ah, 0x3e 0x153ae: int 0x21 0x153b0: mov ax, 0x3d02 0x153b3: int 0x21 0x153b5: jb 0x15366 0x153b7: mov di, dx 0x153b9: add di, 0x63 0x153bc: stosw word ptr es:[di], ax 0x153bd: xchg ax, bx 0x153be: mov ah, 0x40 |
| 2018-12-25T11:48:26.082604407Z | 67 | PC: 153ac | Get or set file attributes |
| 2018-12-25T11:48:26.099405555Z | 62 | PC: 153b0 | Close file |
| 2018-12-25T11:48:26.101006186Z | 61 | PC: 153b5 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:48:26.10696377Z | 64 | PC: 153c8 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:48:26.109722445Z | 64 | PC: 153da | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T11:48:26.11302772Z | 64 | PC: 153ef | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T11:48:26.120604522Z | 66 | PC: 153f8 | Move file pointer |
| 2018-12-25T11:48:26.121771147Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:26.123326587Z | 64 | PC: 1519d | Write file or device (Write 1104 bytes on handle 5) |
| 2018-12-25T11:48:26.130103963Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:26.132915893Z | 87 | PC: 15411 | Get or set file date and time |
| 2018-12-25T11:48:26.134314179Z | 62 | PC: 15415 | Close file |
| 2018-12-25T11:48:26.143526422Z | 67 | PC: 15426 | Get or set file attributes |
| 2018-12-25T11:48:26.15495796Z | 79 | PC: 1532d | Find next file |
| 2018-12-25T11:48:26.158667091Z | 61 | PC: 15345 | Open file (See above) |
| 2018-12-25T11:48:26.166098129Z | 63 | PC: 15357 | Read file or device (See above) |
| 2018-12-25T11:48:26.173500132Z | 44 | PC: 15392 | Get time (See above) |
| 2018-12-25T11:48:26.176030066Z | 67 | PC: 153ac | Get or set file attributes (See above) |
| 2018-12-25T11:48:26.188053396Z | 62 | PC: 153b0 | Close file (See above) |
| 2018-12-25T11:48:26.190844427Z | 61 | PC: 153b5 | Open file (See above) |
| 2018-12-25T11:48:26.198711027Z | 64 | PC: 153c8 | Write file or device (See above) |
| 2018-12-25T11:48:26.202226491Z | 64 | PC: 153da | Write file or device (See above) |
| 2018-12-25T11:48:26.20645289Z | 64 | PC: 153ef | Write file or device (See above) |
| 2018-12-25T11:48:26.210238866Z | 66 | PC: 153f8 | Move file pointer (See above) |
| 2018-12-25T11:48:26.212213704Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:26.215320715Z | 64 | PC: 1519d | Write file or device (See above) |
| 2018-12-25T11:48:26.225592807Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:26.228321688Z | 87 | PC: 15411 | Get or set file date and time (See above) |
| 2018-12-25T11:48:26.231066862Z | 62 | PC: 15415 | Close file (See above) |
| 2018-12-25T11:48:26.239825176Z | 67 | PC: 15426 | Get or set file attributes (See above) |
| 2018-12-25T11:48:26.251195097Z | 79 | PC: 1532d | Find next file (See above) |
| 2018-12-25T11:48:26.255558026Z | 61 | PC: 15345 | Open file (See above) |
| 2018-12-25T11:48:26.263635572Z | 63 | PC: 15357 | Read file or device (See above) |
| 2018-12-25T11:48:26.271058974Z | 44 | PC: 15392 | Get time (See above) |
| 2018-12-25T11:48:26.274260813Z | 67 | PC: 153ac | Get or set file attributes (See above) |
| 2018-12-25T11:48:26.286741861Z | 62 | PC: 153b0 | Close file (See above) |
| 2018-12-25T11:48:26.291110614Z | 61 | PC: 153b5 | Open file (See above) |
| 2018-12-25T11:48:26.299445477Z | 64 | PC: 153c8 | Write file or device (See above) |
| 2018-12-25T11:48:26.302832173Z | 64 | PC: 153da | Write file or device (See above) |
| 2018-12-25T11:48:26.305776461Z | 64 | PC: 153ef | Write file or device (See above) |
| 2018-12-25T11:48:26.308454627Z | 66 | PC: 153f8 | Move file pointer (See above) |
| 2018-12-25T11:48:26.309964772Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:26.312078161Z | 64 | PC: 1519d | Write file or device (See above) |
| 2018-12-25T11:48:26.327251747Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:26.330634944Z | 87 | PC: 15411 | Get or set file date and time (See above) |
| 2018-12-25T11:48:26.332923438Z | 62 | PC: 15415 | Close file (See above) |
| 2018-12-25T11:48:26.341976752Z | 67 | PC: 15426 | Get or set file attributes (See above) |
| 2018-12-25T11:48:26.354144501Z | 42 | PC: 15274 | Get date 0x15274: cmp dx, 0x1602 0x15278: je 0x1527d 0x1527a: jmp 0x15496 0x1527d: jmp 0x1542b 0x15280: and ah, bh 0x15282: movsw word ptr es:[di], word ptr [si] 0x15283: mov ax, 0x5c4c 0x15286: add word ptr [di], ax 0x15288: add byte ptr [di - 0x75], dl 0x1528b: in al, dx 0x1528c: sub sp, 0x2c 0x1528f: push si 0x15290: jmp 0x15301 0x15292: mov ah, 0x1a 0x15294: lea dx, word ptr [bp - 0x2c] 0x15297: int 0x21 0x15299: mov ah, 0x4e 0x1529b: mov cx, 0x10 0x1529e: mov dx, 0x1b5 0x152a1: add dx, word ptr [0x106] |
| 2018-12-25T11:48:26.357289606Z | 59 | PC: 154a1 | Change current directory |
| 2018-12-25T11:48:26.362997628Z | 59 | PC: 154a8 | Change current directory |
| 2018-12-25T11:48:26.366081832Z | 9 | PC: 12a51 | Display string (String= 'This is a sample! (10.000 bytes)') |
| 2018-12-25T11:48:26.370404697Z | 76 | PC: 12a56 | Terminate with return code (Return code = '0') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":3127,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:48:26.204829361Z | 42 | PC: 15162 | Get date 0x15162: cmp dl, 0xf 0x15165: je 0x15169 0x15167: jmp 0x15186 0x15169: cli 0x1516a: mov ah, 2 0x1516c: cdq 0x1516d: mov cx, 0x100 0x15170: int 0x26 0x15172: jmp 0x15174 0x15174: cli 0x15175: mov al, 3 0x15177: mov cx, 0x2bc 0x1517a: mov dx, 0 0x1517d: mov ds, word ptr [di + 0x63] 0x15180: mov bx, word ptr [di + 0x37] 0x15183: call 0x25169 0x15186: ret 0x15187: lodsb al, byte ptr [si] 0x15188: xor al, ah 0x1518a: stosb byte ptr es:[di], al |
| 2018-12-25T11:48:26.209154372Z | 71 | PC: 1524e | Get current directory |
| 2018-12-25T11:48:26.212858879Z | 59 | PC: 15259 | Change current directory |
| 2018-12-25T11:48:26.217831291Z | 26 | PC: 1530c | Set disk transfer address |
| 2018-12-25T11:48:26.222195638Z | 78 | PC: 1531a | Find first file |
| 2018-12-25T11:48:26.229360964Z | 61 | PC: 15345 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:48:26.237050717Z | 63 | PC: 15357 | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T11:48:26.245405077Z | 44 | PC: 15392 | Get time 0x15392: add dl, dh 0x15394: je 0x1538e 0x15396: mov si, 0x115 0x15399: add si, word ptr [0x106] 0x1539d: mov byte ptr [si], dl 0x1539f: mov ax, 0x4301 0x153a2: xor cx, cx 0x153a4: mov dx, si 0x153a6: add dx, 0xc7 0x153aa: int 0x21 0x153ac: mov ah, 0x3e 0x153ae: int 0x21 0x153b0: mov ax, 0x3d02 0x153b3: int 0x21 0x153b5: jb 0x15366 0x153b7: mov di, dx 0x153b9: add di, 0x63 0x153bc: stosw word ptr es:[di], ax 0x153bd: xchg ax, bx 0x153be: mov ah, 0x40 |
| 2018-12-25T11:48:26.249204299Z | 67 | PC: 153ac | Get or set file attributes |
| 2018-12-25T11:48:26.268549925Z | 62 | PC: 153b0 | Close file |
| 2018-12-25T11:48:26.272984668Z | 61 | PC: 153b5 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:48:26.282226692Z | 64 | PC: 153c8 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:48:26.285869221Z | 64 | PC: 153da | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T11:48:26.289513119Z | 64 | PC: 153ef | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T11:48:26.293111082Z | 66 | PC: 153f8 | Move file pointer |
| 2018-12-25T11:48:26.294737687Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:26.296475353Z | 64 | PC: 1519d | Write file or device (Write 1104 bytes on handle 5) |
| 2018-12-25T11:48:26.305268653Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:26.319025081Z | 87 | PC: 15411 | Get or set file date and time |
| 2018-12-25T11:48:26.320863677Z | 62 | PC: 15415 | Close file |
| 2018-12-25T11:48:26.327931147Z | 67 | PC: 15426 | Get or set file attributes |
| 2018-12-25T11:48:26.346950012Z | 79 | PC: 1532d | Find next file |
| 2018-12-25T11:48:26.350069753Z | 61 | PC: 15345 | Open file (See above) |
| 2018-12-25T11:48:26.357718418Z | 63 | PC: 15357 | Read file or device (See above) |
| 2018-12-25T11:48:26.365951451Z | 44 | PC: 15392 | Get time (See above) |
| 2018-12-25T11:48:26.370538685Z | 67 | PC: 153ac | Get or set file attributes (See above) |
| 2018-12-25T11:48:26.381404946Z | 62 | PC: 153b0 | Close file (See above) |
| 2018-12-25T11:48:26.383974097Z | 61 | PC: 153b5 | Open file (See above) |
| 2018-12-25T11:48:26.391199116Z | 64 | PC: 153c8 | Write file or device (See above) |
| 2018-12-25T11:48:26.394172598Z | 64 | PC: 153da | Write file or device (See above) |
| 2018-12-25T11:48:26.399301049Z | 64 | PC: 153ef | Write file or device (See above) |
| 2018-12-25T11:48:26.402686796Z | 66 | PC: 153f8 | Move file pointer (See above) |
| 2018-12-25T11:48:26.404517815Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:26.407478006Z | 64 | PC: 1519d | Write file or device (See above) |
| 2018-12-25T11:48:26.416915796Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:26.419322383Z | 87 | PC: 15411 | Get or set file date and time (See above) |
| 2018-12-25T11:48:26.421469835Z | 62 | PC: 15415 | Close file (See above) |
| 2018-12-25T11:48:26.430146738Z | 67 | PC: 15426 | Get or set file attributes (See above) |
| 2018-12-25T11:48:26.441232479Z | 79 | PC: 1532d | Find next file (See above) |
| 2018-12-25T11:48:26.444996483Z | 61 | PC: 15345 | Open file (See above) |
| 2018-12-25T11:48:26.452723097Z | 63 | PC: 15357 | Read file or device (See above) |
| 2018-12-25T11:48:26.459947718Z | 44 | PC: 15392 | Get time (See above) |
| 2018-12-25T11:48:26.462600928Z | 67 | PC: 153ac | Get or set file attributes (See above) |
| 2018-12-25T11:48:26.475617745Z | 62 | PC: 153b0 | Close file (See above) |
| 2018-12-25T11:48:26.478353784Z | 61 | PC: 153b5 | Open file (See above) |
| 2018-12-25T11:48:26.485825148Z | 64 | PC: 153c8 | Write file or device (See above) |
| 2018-12-25T11:48:26.489721516Z | 64 | PC: 153da | Write file or device (See above) |
| 2018-12-25T11:48:26.492774646Z | 64 | PC: 153ef | Write file or device (See above) |
| 2018-12-25T11:48:26.495579692Z | 66 | PC: 153f8 | Move file pointer (See above) |
| 2018-12-25T11:48:26.497644718Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:26.500069827Z | 64 | PC: 1519d | Write file or device (See above) |
| 2018-12-25T11:48:26.509569714Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:26.512552397Z | 87 | PC: 15411 | Get or set file date and time (See above) |
| 2018-12-25T11:48:26.514094072Z | 62 | PC: 15415 | Close file (See above) |
| 2018-12-25T11:48:26.52315727Z | 67 | PC: 15426 | Get or set file attributes (See above) |
| 2018-12-25T11:48:26.534903167Z | 42 | PC: 15274 | Get date 0x15274: cmp dx, 0x1602 0x15278: je 0x1527d 0x1527a: jmp 0x15496 0x1527d: jmp 0x1542b 0x15280: and ah, bh 0x15282: movsw word ptr es:[di], word ptr [si] 0x15283: mov ax, 0x5c4c 0x15286: add word ptr [di], ax 0x15288: add byte ptr [di - 0x75], dl 0x1528b: in al, dx 0x1528c: sub sp, 0x2c 0x1528f: push si 0x15290: jmp 0x15301 0x15292: mov ah, 0x1a 0x15294: lea dx, word ptr [bp - 0x2c] 0x15297: int 0x21 0x15299: mov ah, 0x4e 0x1529b: mov cx, 0x10 0x1529e: mov dx, 0x1b5 0x152a1: add dx, word ptr [0x106] |
| 2018-12-25T11:48:26.541387676Z | 59 | PC: 154a1 | Change current directory |
| 2018-12-25T11:48:26.545875814Z | 59 | PC: 154a8 | Change current directory |
| 2018-12-25T11:48:26.54833683Z | 9 | PC: 12a51 | Display string (String= 'This is a sample! (10.000 bytes)') |
| 2018-12-25T11:48:26.553053389Z | 76 | PC: 12a56 | Terminate with return code (Return code = '0') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":3127,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:48:26.269444794Z | 42 | PC: 15162 | Get date 0x15162: cmp dl, 0xf 0x15165: je 0x15169 0x15167: jmp 0x15186 0x15169: cli 0x1516a: mov ah, 2 0x1516c: cdq 0x1516d: mov cx, 0x100 0x15170: int 0x26 0x15172: jmp 0x15174 0x15174: cli 0x15175: mov al, 3 0x15177: mov cx, 0x2bc 0x1517a: mov dx, 0 0x1517d: mov ds, word ptr [di + 0x63] 0x15180: mov bx, word ptr [di + 0x37] 0x15183: call 0x25169 0x15186: ret 0x15187: lodsb al, byte ptr [si] 0x15188: xor al, ah 0x1518a: stosb byte ptr es:[di], al |
| 2018-12-25T11:48:26.272451834Z | 71 | PC: 1524e | Get current directory |
| 2018-12-25T11:48:26.275505938Z | 59 | PC: 15259 | Change current directory |
| 2018-12-25T11:48:26.279566291Z | 26 | PC: 1530c | Set disk transfer address |
| 2018-12-25T11:48:26.280716953Z | 78 | PC: 1531a | Find first file |
| 2018-12-25T11:48:26.293513514Z | 61 | PC: 15345 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:48:26.301333013Z | 63 | PC: 15357 | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T11:48:26.311271234Z | 44 | PC: 15392 | Get time 0x15392: add dl, dh 0x15394: je 0x1538e 0x15396: mov si, 0x115 0x15399: add si, word ptr [0x106] 0x1539d: mov byte ptr [si], dl 0x1539f: mov ax, 0x4301 0x153a2: xor cx, cx 0x153a4: mov dx, si 0x153a6: add dx, 0xc7 0x153aa: int 0x21 0x153ac: mov ah, 0x3e 0x153ae: int 0x21 0x153b0: mov ax, 0x3d02 0x153b3: int 0x21 0x153b5: jb 0x15366 0x153b7: mov di, dx 0x153b9: add di, 0x63 0x153bc: stosw word ptr es:[di], ax 0x153bd: xchg ax, bx 0x153be: mov ah, 0x40 |
| 2018-12-25T11:48:26.31356986Z | 67 | PC: 153ac | Get or set file attributes |
| 2018-12-25T11:48:26.327679091Z | 62 | PC: 153b0 | Close file |
| 2018-12-25T11:48:26.329519424Z | 61 | PC: 153b5 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:48:26.335073932Z | 64 | PC: 153c8 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:48:26.337219171Z | 64 | PC: 153da | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T11:48:26.339266293Z | 64 | PC: 153ef | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T11:48:26.346404271Z | 66 | PC: 153f8 | Move file pointer |
| 2018-12-25T11:48:26.347704887Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:26.349393732Z | 64 | PC: 1519d | Write file or device (Write 1104 bytes on handle 5) |
| 2018-12-25T11:48:26.355858193Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:26.357793409Z | 87 | PC: 15411 | Get or set file date and time |
| 2018-12-25T11:48:26.359268138Z | 62 | PC: 15415 | Close file |
| 2018-12-25T11:48:26.365083455Z | 67 | PC: 15426 | Get or set file attributes |
| 2018-12-25T11:48:26.381644368Z | 79 | PC: 1532d | Find next file |
| 2018-12-25T11:48:26.383700468Z | 61 | PC: 15345 | Open file (See above) |
| 2018-12-25T11:48:26.388418915Z | 63 | PC: 15357 | Read file or device (See above) |
| 2018-12-25T11:48:26.394028326Z | 44 | PC: 15392 | Get time (See above) |
| 2018-12-25T11:48:26.396454138Z | 67 | PC: 153ac | Get or set file attributes (See above) |
| 2018-12-25T11:48:26.409061411Z | 62 | PC: 153b0 | Close file (See above) |
| 2018-12-25T11:48:26.41143502Z | 61 | PC: 153b5 | Open file (See above) |
| 2018-12-25T11:48:26.418849164Z | 64 | PC: 153c8 | Write file or device (See above) |
| 2018-12-25T11:48:26.422959142Z | 64 | PC: 153da | Write file or device (See above) |
| 2018-12-25T11:48:26.425262357Z | 64 | PC: 153ef | Write file or device (See above) |
| 2018-12-25T11:48:26.427208124Z | 66 | PC: 153f8 | Move file pointer (See above) |
| 2018-12-25T11:48:26.428492038Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:26.430926474Z | 64 | PC: 1519d | Write file or device (See above) |
| 2018-12-25T11:48:26.44098451Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:26.443058144Z | 87 | PC: 15411 | Get or set file date and time (See above) |
| 2018-12-25T11:48:26.444897596Z | 62 | PC: 15415 | Close file (See above) |
| 2018-12-25T11:48:26.453294719Z | 67 | PC: 15426 | Get or set file attributes (See above) |
| 2018-12-25T11:48:26.462091217Z | 79 | PC: 1532d | Find next file (See above) |
| 2018-12-25T11:48:26.464298096Z | 61 | PC: 15345 | Open file (See above) |
| 2018-12-25T11:48:26.4684268Z | 63 | PC: 15357 | Read file or device (See above) |
| 2018-12-25T11:48:26.472535085Z | 44 | PC: 15392 | Get time (See above) |
| 2018-12-25T11:48:26.474444641Z | 67 | PC: 153ac | Get or set file attributes (See above) |
| 2018-12-25T11:48:26.480826767Z | 62 | PC: 153b0 | Close file (See above) |
| 2018-12-25T11:48:26.482319436Z | 61 | PC: 153b5 | Open file (See above) |
| 2018-12-25T11:48:26.489887762Z | 64 | PC: 153c8 | Write file or device (See above) |
| 2018-12-25T11:48:26.492838111Z | 64 | PC: 153da | Write file or device (See above) |
| 2018-12-25T11:48:26.495542504Z | 64 | PC: 153ef | Write file or device (See above) |
| 2018-12-25T11:48:26.498832337Z | 66 | PC: 153f8 | Move file pointer (See above) |
| 2018-12-25T11:48:26.500355792Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:26.502569687Z | 64 | PC: 1519d | Write file or device (See above) |
| 2018-12-25T11:48:26.516109241Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:26.518624094Z | 87 | PC: 15411 | Get or set file date and time (See above) |
| 2018-12-25T11:48:26.520378772Z | 62 | PC: 15415 | Close file (See above) |
| 2018-12-25T11:48:26.527409941Z | 67 | PC: 15426 | Get or set file attributes (See above) |
| 2018-12-25T11:48:26.538453495Z | 42 | PC: 15274 | Get date 0x15274: cmp dx, 0x1602 0x15278: je 0x1527d 0x1527a: jmp 0x15496 0x1527d: jmp 0x1542b 0x15280: and ah, bh 0x15282: movsw word ptr es:[di], word ptr [si] 0x15283: mov ax, 0x5c4c 0x15286: add word ptr [di], ax 0x15288: add byte ptr [di - 0x75], dl 0x1528b: in al, dx 0x1528c: sub sp, 0x2c 0x1528f: push si 0x15290: jmp 0x15301 0x15292: mov ah, 0x1a 0x15294: lea dx, word ptr [bp - 0x2c] 0x15297: int 0x21 0x15299: mov ah, 0x4e 0x1529b: mov cx, 0x10 0x1529e: mov dx, 0x1b5 0x152a1: add dx, word ptr [0x106] |
| 2018-12-25T11:48:26.54137717Z | 59 | PC: 154a1 | Change current directory |
| 2018-12-25T11:48:26.546082128Z | 59 | PC: 154a8 | Change current directory |
| 2018-12-25T11:48:26.54884901Z | 9 | PC: 12a51 | Display string (String= 'This is a sample! (10.000 bytes)') |
| 2018-12-25T11:48:26.55305007Z | 76 | PC: 12a56 | Terminate with return code (Return code = '0') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":3127,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:48:26.35211133Z | 42 | PC: 15162 | Get date 0x15162: cmp dl, 0xf 0x15165: je 0x15169 0x15167: jmp 0x15186 0x15169: cli 0x1516a: mov ah, 2 0x1516c: cdq 0x1516d: mov cx, 0x100 0x15170: int 0x26 0x15172: jmp 0x15174 0x15174: cli 0x15175: mov al, 3 0x15177: mov cx, 0x2bc 0x1517a: mov dx, 0 0x1517d: mov ds, word ptr [di + 0x63] 0x15180: mov bx, word ptr [di + 0x37] 0x15183: call 0x25169 0x15186: ret 0x15187: lodsb al, byte ptr [si] 0x15188: xor al, ah 0x1518a: stosb byte ptr es:[di], al |
| 2018-12-25T11:48:26.354555225Z | 71 | PC: 1524e | Get current directory |
| 2018-12-25T11:48:26.357175869Z | 59 | PC: 15259 | Change current directory |
| 2018-12-25T11:48:26.360938115Z | 26 | PC: 1530c | Set disk transfer address |
| 2018-12-25T11:48:26.362382818Z | 78 | PC: 1531a | Find first file |
| 2018-12-25T11:48:26.37281032Z | 61 | PC: 15345 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:48:26.384057817Z | 63 | PC: 15357 | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T11:48:26.390589894Z | 44 | PC: 15392 | Get time 0x15392: add dl, dh 0x15394: je 0x1538e 0x15396: mov si, 0x115 0x15399: add si, word ptr [0x106] 0x1539d: mov byte ptr [si], dl 0x1539f: mov ax, 0x4301 0x153a2: xor cx, cx 0x153a4: mov dx, si 0x153a6: add dx, 0xc7 0x153aa: int 0x21 0x153ac: mov ah, 0x3e 0x153ae: int 0x21 0x153b0: mov ax, 0x3d02 0x153b3: int 0x21 0x153b5: jb 0x15366 0x153b7: mov di, dx 0x153b9: add di, 0x63 0x153bc: stosw word ptr es:[di], ax 0x153bd: xchg ax, bx 0x153be: mov ah, 0x40 |
| 2018-12-25T11:48:26.392098931Z | 67 | PC: 153ac | Get or set file attributes |
| 2018-12-25T11:48:26.40549233Z | 62 | PC: 153b0 | Close file |
| 2018-12-25T11:48:26.407488229Z | 61 | PC: 153b5 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:48:26.413606744Z | 64 | PC: 153c8 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:48:26.420106609Z | 64 | PC: 153da | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T11:48:26.423107509Z | 64 | PC: 153ef | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T11:48:26.425430625Z | 66 | PC: 153f8 | Move file pointer |
| 2018-12-25T11:48:26.426607379Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:26.429553903Z | 64 | PC: 1519d | Write file or device (Write 1104 bytes on handle 5) |
| 2018-12-25T11:48:26.437671735Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:26.439858074Z | 87 | PC: 15411 | Get or set file date and time |
| 2018-12-25T11:48:26.441828662Z | 62 | PC: 15415 | Close file |
| 2018-12-25T11:48:26.449193465Z | 67 | PC: 15426 | Get or set file attributes |
| 2018-12-25T11:48:26.458460993Z | 79 | PC: 1532d | Find next file |
| 2018-12-25T11:48:26.461753312Z | 61 | PC: 15345 | Open file (See above) |
| 2018-12-25T11:48:26.468612632Z | 63 | PC: 15357 | Read file or device (See above) |
| 2018-12-25T11:48:26.47451393Z | 44 | PC: 15392 | Get time (See above) |
| 2018-12-25T11:48:26.476879586Z | 67 | PC: 153ac | Get or set file attributes (See above) |
| 2018-12-25T11:48:26.487558894Z | 62 | PC: 153b0 | Close file (See above) |
| 2018-12-25T11:48:26.489150308Z | 61 | PC: 153b5 | Open file (See above) |
| 2018-12-25T11:48:26.50780462Z | 64 | PC: 153c8 | Write file or device (See above) |
| 2018-12-25T11:48:26.514217626Z | 64 | PC: 153da | Write file or device (See above) |
| 2018-12-25T11:48:26.51771087Z | 64 | PC: 153ef | Write file or device (See above) |
| 2018-12-25T11:48:26.52058749Z | 66 | PC: 153f8 | Move file pointer (See above) |
| 2018-12-25T11:48:26.522914084Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:26.525105407Z | 64 | PC: 1519d | Write file or device (See above) |
| 2018-12-25T11:48:26.534199902Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:26.54075056Z | 87 | PC: 15411 | Get or set file date and time (See above) |
| 2018-12-25T11:48:26.542537766Z | 62 | PC: 15415 | Close file (See above) |
| 2018-12-25T11:48:26.550350806Z | 67 | PC: 15426 | Get or set file attributes (See above) |
| 2018-12-25T11:48:26.56007607Z | 79 | PC: 1532d | Find next file (See above) |
| 2018-12-25T11:48:26.5627807Z | 61 | PC: 15345 | Open file (See above) |
| 2018-12-25T11:48:26.569634463Z | 63 | PC: 15357 | Read file or device (See above) |
| 2018-12-25T11:48:26.577271549Z | 44 | PC: 15392 | Get time (See above) |
| 2018-12-25T11:48:26.579504967Z | 67 | PC: 153ac | Get or set file attributes (See above) |
| 2018-12-25T11:48:26.588961146Z | 62 | PC: 153b0 | Close file (See above) |
| 2018-12-25T11:48:26.59127711Z | 61 | PC: 153b5 | Open file (See above) |
| 2018-12-25T11:48:26.602777352Z | 64 | PC: 153c8 | Write file or device (See above) |
| 2018-12-25T11:48:26.60926508Z | 64 | PC: 153da | Write file or device (See above) |
| 2018-12-25T11:48:26.613203866Z | 64 | PC: 153ef | Write file or device (See above) |
| 2018-12-25T11:48:26.615804997Z | 66 | PC: 153f8 | Move file pointer (See above) |
| 2018-12-25T11:48:26.617119134Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:26.620233613Z | 64 | PC: 1519d | Write file or device (See above) |
| 2018-12-25T11:48:26.629469033Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:26.631628303Z | 87 | PC: 15411 | Get or set file date and time (See above) |
| 2018-12-25T11:48:26.633917511Z | 62 | PC: 15415 | Close file (See above) |
| 2018-12-25T11:48:26.642482432Z | 67 | PC: 15426 | Get or set file attributes (See above) |
| 2018-12-25T11:48:26.652794609Z | 42 | PC: 15274 | Get date 0x15274: cmp dx, 0x1602 0x15278: je 0x1527d 0x1527a: jmp 0x15496 0x1527d: jmp 0x1542b 0x15280: and ah, bh 0x15282: movsw word ptr es:[di], word ptr [si] 0x15283: mov ax, 0x5c4c 0x15286: add word ptr [di], ax 0x15288: add byte ptr [di - 0x75], dl 0x1528b: in al, dx 0x1528c: sub sp, 0x2c 0x1528f: push si 0x15290: jmp 0x15301 0x15292: mov ah, 0x1a 0x15294: lea dx, word ptr [bp - 0x2c] 0x15297: int 0x21 0x15299: mov ah, 0x4e 0x1529b: mov cx, 0x10 0x1529e: mov dx, 0x1b5 0x152a1: add dx, word ptr [0x106] |
| 2018-12-25T11:48:26.655474464Z | 59 | PC: 154a1 | Change current directory |
| 2018-12-25T11:48:26.660050091Z | 59 | PC: 154a8 | Change current directory |
| 2018-12-25T11:48:26.663033231Z | 9 | PC: 12a51 | Display string (String= 'This is a sample! (10.000 bytes)') |
| 2018-12-25T11:48:26.667580247Z | 76 | PC: 12a56 | Terminate with return code (Return code = '0') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":3127,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:48:26.627791784Z | 42 | PC: 15162 | Get date 0x15162: cmp dl, 0xf 0x15165: je 0x15169 0x15167: jmp 0x15186 0x15169: cli 0x1516a: mov ah, 2 0x1516c: cdq 0x1516d: mov cx, 0x100 0x15170: int 0x26 0x15172: jmp 0x15174 0x15174: cli 0x15175: mov al, 3 0x15177: mov cx, 0x2bc 0x1517a: mov dx, 0 0x1517d: mov ds, word ptr [di + 0x63] 0x15180: mov bx, word ptr [di + 0x37] 0x15183: call 0x25169 0x15186: ret 0x15187: lodsb al, byte ptr [si] 0x15188: xor al, ah 0x1518a: stosb byte ptr es:[di], al |
| 2018-12-25T11:48:26.6297107Z | 71 | PC: 1524e | Get current directory |
| 2018-12-25T11:48:26.632437974Z | 59 | PC: 15259 | Change current directory |
| 2018-12-25T11:48:26.635063016Z | 26 | PC: 1530c | Set disk transfer address |
| 2018-12-25T11:48:26.636967804Z | 78 | PC: 1531a | Find first file |
| 2018-12-25T11:48:26.644007674Z | 61 | PC: 15345 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:48:26.651749713Z | 63 | PC: 15357 | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T11:48:26.656970407Z | 44 | PC: 15392 | Get time 0x15392: add dl, dh 0x15394: je 0x1538e 0x15396: mov si, 0x115 0x15399: add si, word ptr [0x106] 0x1539d: mov byte ptr [si], dl 0x1539f: mov ax, 0x4301 0x153a2: xor cx, cx 0x153a4: mov dx, si 0x153a6: add dx, 0xc7 0x153aa: int 0x21 0x153ac: mov ah, 0x3e 0x153ae: int 0x21 0x153b0: mov ax, 0x3d02 0x153b3: int 0x21 0x153b5: jb 0x15366 0x153b7: mov di, dx 0x153b9: add di, 0x63 0x153bc: stosw word ptr es:[di], ax 0x153bd: xchg ax, bx 0x153be: mov ah, 0x40 |
| 2018-12-25T11:48:26.659068613Z | 67 | PC: 153ac | Get or set file attributes |
| 2018-12-25T11:48:26.677623977Z | 62 | PC: 153b0 | Close file |
| 2018-12-25T11:48:26.683285551Z | 61 | PC: 153b5 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:48:26.690994303Z | 64 | PC: 153c8 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:48:26.697628027Z | 64 | PC: 153da | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T11:48:26.700849963Z | 64 | PC: 153ef | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T11:48:26.703317125Z | 66 | PC: 153f8 | Move file pointer |
| 2018-12-25T11:48:26.704728507Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:26.708560055Z | 64 | PC: 1519d | Write file or device (Write 1104 bytes on handle 5) |
| 2018-12-25T11:48:26.720277004Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:26.722460605Z | 87 | PC: 15411 | Get or set file date and time |
| 2018-12-25T11:48:26.724205714Z | 62 | PC: 15415 | Close file |
| 2018-12-25T11:48:26.73182437Z | 67 | PC: 15426 | Get or set file attributes |
| 2018-12-25T11:48:26.741647124Z | 79 | PC: 1532d | Find next file |
| 2018-12-25T11:48:26.744123836Z | 61 | PC: 15345 | Open file (See above) |
| 2018-12-25T11:48:26.750903993Z | 63 | PC: 15357 | Read file or device (See above) |
| 2018-12-25T11:48:26.757057669Z | 44 | PC: 15392 | Get time (See above) |
| 2018-12-25T11:48:26.765172124Z | 67 | PC: 153ac | Get or set file attributes (See above) |
| 2018-12-25T11:48:26.775361254Z | 62 | PC: 153b0 | Close file (See above) |
| 2018-12-25T11:48:26.777245053Z | 61 | PC: 153b5 | Open file (See above) |
| 2018-12-25T11:48:26.784090756Z | 64 | PC: 153c8 | Write file or device (See above) |
| 2018-12-25T11:48:26.787414721Z | 64 | PC: 153da | Write file or device (See above) |
| 2018-12-25T11:48:26.790075309Z | 64 | PC: 153ef | Write file or device (See above) |
| 2018-12-25T11:48:26.792733213Z | 66 | PC: 153f8 | Move file pointer (See above) |
| 2018-12-25T11:48:26.795030604Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:26.797157565Z | 64 | PC: 1519d | Write file or device (See above) |
| 2018-12-25T11:48:26.805531365Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:26.808441013Z | 87 | PC: 15411 | Get or set file date and time (See above) |
| 2018-12-25T11:48:26.809873515Z | 62 | PC: 15415 | Close file (See above) |
| 2018-12-25T11:48:26.817899288Z | 67 | PC: 15426 | Get or set file attributes (See above) |
| 2018-12-25T11:48:26.828146282Z | 79 | PC: 1532d | Find next file (See above) |
| 2018-12-25T11:48:26.830819894Z | 61 | PC: 15345 | Open file (See above) |
| 2018-12-25T11:48:26.837489434Z | 63 | PC: 15357 | Read file or device (See above) |
| 2018-12-25T11:48:26.844406828Z | 44 | PC: 15392 | Get time (See above) |
| 2018-12-25T11:48:26.846742049Z | 67 | PC: 153ac | Get or set file attributes (See above) |
| 2018-12-25T11:48:26.856447471Z | 62 | PC: 153b0 | Close file (See above) |
| 2018-12-25T11:48:26.858161661Z | 61 | PC: 153b5 | Open file (See above) |
| 2018-12-25T11:48:26.862915066Z | 64 | PC: 153c8 | Write file or device (See above) |
| 2018-12-25T11:48:26.864826784Z | 64 | PC: 153da | Write file or device (See above) |
| 2018-12-25T11:48:26.867219642Z | 64 | PC: 153ef | Write file or device (See above) |
| 2018-12-25T11:48:26.86945718Z | 66 | PC: 153f8 | Move file pointer (See above) |
| 2018-12-25T11:48:26.870554272Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:26.872619939Z | 64 | PC: 1519d | Write file or device (See above) |
| 2018-12-25T11:48:26.878477568Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:26.880057858Z | 87 | PC: 15411 | Get or set file date and time (See above) |
| 2018-12-25T11:48:26.882772227Z | 62 | PC: 15415 | Close file (See above) |
| 2018-12-25T11:48:26.887920253Z | 67 | PC: 15426 | Get or set file attributes (See above) |
| 2018-12-25T11:48:26.895387471Z | 42 | PC: 15274 | Get date 0x15274: cmp dx, 0x1602 0x15278: je 0x1527d 0x1527a: jmp 0x15496 0x1527d: jmp 0x1542b 0x15280: and ah, bh 0x15282: movsw word ptr es:[di], word ptr [si] 0x15283: mov ax, 0x5c4c 0x15286: add word ptr [di], ax 0x15288: add byte ptr [di - 0x75], dl 0x1528b: in al, dx 0x1528c: sub sp, 0x2c 0x1528f: push si 0x15290: jmp 0x15301 0x15292: mov ah, 0x1a 0x15294: lea dx, word ptr [bp - 0x2c] 0x15297: int 0x21 0x15299: mov ah, 0x4e 0x1529b: mov cx, 0x10 0x1529e: mov dx, 0x1b5 0x152a1: add dx, word ptr [0x106] |
| 2018-12-25T11:48:26.897740409Z | 59 | PC: 154a1 | Change current directory |
| 2018-12-25T11:48:26.902001272Z | 59 | PC: 154a8 | Change current directory |
| 2018-12-25T11:48:26.904034432Z | 9 | PC: 12a51 | Display string (String= 'This is a sample! (10.000 bytes)') |
| 2018-12-25T11:48:26.908272625Z | 76 | PC: 12a56 | Terminate with return code (Return code = '0') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":3127,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:48:26.806940672Z | 42 | PC: 15162 | Get date 0x15162: cmp dl, 0xf 0x15165: je 0x15169 0x15167: jmp 0x15186 0x15169: cli 0x1516a: mov ah, 2 0x1516c: cdq 0x1516d: mov cx, 0x100 0x15170: int 0x26 0x15172: jmp 0x15174 0x15174: cli 0x15175: mov al, 3 0x15177: mov cx, 0x2bc 0x1517a: mov dx, 0 0x1517d: mov ds, word ptr [di + 0x63] 0x15180: mov bx, word ptr [di + 0x37] 0x15183: call 0x25169 0x15186: ret 0x15187: lodsb al, byte ptr [si] 0x15188: xor al, ah 0x1518a: stosb byte ptr es:[di], al |
| 2018-12-25T11:48:26.808975331Z | 71 | PC: 1524e | Get current directory |
| 2018-12-25T11:48:26.810814843Z | 59 | PC: 15259 | Change current directory |
| 2018-12-25T11:48:26.813282789Z | 26 | PC: 1530c | Set disk transfer address |
| 2018-12-25T11:48:26.814567681Z | 78 | PC: 1531a | Find first file |
| 2018-12-25T11:48:26.818392478Z | 61 | PC: 15345 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:48:26.822586185Z | 63 | PC: 15357 | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T11:48:26.828383049Z | 44 | PC: 15392 | Get time 0x15392: add dl, dh 0x15394: je 0x1538e 0x15396: mov si, 0x115 0x15399: add si, word ptr [0x106] 0x1539d: mov byte ptr [si], dl 0x1539f: mov ax, 0x4301 0x153a2: xor cx, cx 0x153a4: mov dx, si 0x153a6: add dx, 0xc7 0x153aa: int 0x21 0x153ac: mov ah, 0x3e 0x153ae: int 0x21 0x153b0: mov ax, 0x3d02 0x153b3: int 0x21 0x153b5: jb 0x15366 0x153b7: mov di, dx 0x153b9: add di, 0x63 0x153bc: stosw word ptr es:[di], ax 0x153bd: xchg ax, bx 0x153be: mov ah, 0x40 |
| 2018-12-25T11:48:26.829863571Z | 67 | PC: 153ac | Get or set file attributes |
| 2018-12-25T11:48:26.844139637Z | 62 | PC: 153b0 | Close file |
| 2018-12-25T11:48:26.846465583Z | 61 | PC: 153b5 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:48:26.857882098Z | 64 | PC: 153c8 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:48:26.866569685Z | 64 | PC: 153da | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T11:48:26.869709332Z | 64 | PC: 153ef | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T11:48:26.872505518Z | 66 | PC: 153f8 | Move file pointer |
| 2018-12-25T11:48:26.873968488Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:26.876815864Z | 64 | PC: 1519d | Write file or device (Write 1104 bytes on handle 5) |
| 2018-12-25T11:48:26.884986129Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:26.887038891Z | 87 | PC: 15411 | Get or set file date and time |
| 2018-12-25T11:48:26.889387203Z | 62 | PC: 15415 | Close file |
| 2018-12-25T11:48:26.897878065Z | 67 | PC: 15426 | Get or set file attributes |
| 2018-12-25T11:48:26.907722168Z | 79 | PC: 1532d | Find next file |
| 2018-12-25T11:48:26.910580681Z | 61 | PC: 15345 | Open file (See above) |
| 2018-12-25T11:48:26.916626232Z | 63 | PC: 15357 | Read file or device (See above) |
| 2018-12-25T11:48:26.922633769Z | 44 | PC: 15392 | Get time (See above) |
| 2018-12-25T11:48:26.925492631Z | 67 | PC: 153ac | Get or set file attributes (See above) |
| 2018-12-25T11:48:26.935461272Z | 62 | PC: 153b0 | Close file (See above) |
| 2018-12-25T11:48:26.937069352Z | 61 | PC: 153b5 | Open file (See above) |
| 2018-12-25T11:48:26.943843964Z | 64 | PC: 153c8 | Write file or device (See above) |
| 2018-12-25T11:48:26.946522433Z | 64 | PC: 153da | Write file or device (See above) |
| 2018-12-25T11:48:26.949079512Z | 64 | PC: 153ef | Write file or device (See above) |
| 2018-12-25T11:48:26.952249558Z | 66 | PC: 153f8 | Move file pointer (See above) |
| 2018-12-25T11:48:26.953614527Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:26.955690465Z | 64 | PC: 1519d | Write file or device (See above) |
| 2018-12-25T11:48:26.964353232Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:26.966312329Z | 87 | PC: 15411 | Get or set file date and time (See above) |
| 2018-12-25T11:48:26.967575868Z | 62 | PC: 15415 | Close file (See above) |
| 2018-12-25T11:48:26.975354781Z | 67 | PC: 15426 | Get or set file attributes (See above) |
| 2018-12-25T11:48:26.984750473Z | 79 | PC: 1532d | Find next file (See above) |
| 2018-12-25T11:48:26.987972225Z | 61 | PC: 15345 | Open file (See above) |
| 2018-12-25T11:48:26.994476461Z | 63 | PC: 15357 | Read file or device (See above) |
| 2018-12-25T11:48:27.001019225Z | 44 | PC: 15392 | Get time (See above) |
| 2018-12-25T11:48:27.003090708Z | 67 | PC: 153ac | Get or set file attributes (See above) |
| 2018-12-25T11:48:27.013189531Z | 62 | PC: 153b0 | Close file (See above) |
| 2018-12-25T11:48:27.014782913Z | 61 | PC: 153b5 | Open file (See above) |
| 2018-12-25T11:48:27.034828997Z | 64 | PC: 153c8 | Write file or device (See above) |
| 2018-12-25T11:48:27.043156031Z | 64 | PC: 153da | Write file or device (See above) |
| 2018-12-25T11:48:27.044940585Z | 64 | PC: 153ef | Write file or device (See above) |
| 2018-12-25T11:48:27.046835242Z | 66 | PC: 153f8 | Move file pointer (See above) |
| 2018-12-25T11:48:27.048561107Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:27.050635627Z | 64 | PC: 1519d | Write file or device (See above) |
| 2018-12-25T11:48:27.059007666Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:27.061627596Z | 87 | PC: 15411 | Get or set file date and time (See above) |
| 2018-12-25T11:48:27.063020259Z | 62 | PC: 15415 | Close file (See above) |
| 2018-12-25T11:48:27.070619266Z | 67 | PC: 15426 | Get or set file attributes (See above) |
| 2018-12-25T11:48:27.081504253Z | 42 | PC: 15274 | Get date 0x15274: cmp dx, 0x1602 0x15278: je 0x1527d 0x1527a: jmp 0x15496 0x1527d: jmp 0x1542b 0x15280: and ah, bh 0x15282: movsw word ptr es:[di], word ptr [si] 0x15283: mov ax, 0x5c4c 0x15286: add word ptr [di], ax 0x15288: add byte ptr [di - 0x75], dl 0x1528b: in al, dx 0x1528c: sub sp, 0x2c 0x1528f: push si 0x15290: jmp 0x15301 0x15292: mov ah, 0x1a 0x15294: lea dx, word ptr [bp - 0x2c] 0x15297: int 0x21 0x15299: mov ah, 0x4e 0x1529b: mov cx, 0x10 0x1529e: mov dx, 0x1b5 0x152a1: add dx, word ptr [0x106] |
| 2018-12-25T11:48:27.083792235Z | 59 | PC: 154a1 | Change current directory |
| 2018-12-25T11:48:27.087688374Z | 59 | PC: 154a8 | Change current directory |
| 2018-12-25T11:48:27.089981928Z | 9 | PC: 12a51 | Display string (String= 'This is a sample! (10.000 bytes)') |
| 2018-12-25T11:48:27.093492406Z | 76 | PC: 12a56 | Terminate with return code (Return code = '0') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":3127,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:48:26.892792894Z | 42 | PC: 15162 | Get date 0x15162: cmp dl, 0xf 0x15165: je 0x15169 0x15167: jmp 0x15186 0x15169: cli 0x1516a: mov ah, 2 0x1516c: cdq 0x1516d: mov cx, 0x100 0x15170: int 0x26 0x15172: jmp 0x15174 0x15174: cli 0x15175: mov al, 3 0x15177: mov cx, 0x2bc 0x1517a: mov dx, 0 0x1517d: mov ds, word ptr [di + 0x63] 0x15180: mov bx, word ptr [di + 0x37] 0x15183: call 0x25169 0x15186: ret 0x15187: lodsb al, byte ptr [si] 0x15188: xor al, ah 0x1518a: stosb byte ptr es:[di], al |
| 2018-12-25T11:48:26.900986693Z | 71 | PC: 1524e | Get current directory |
| 2018-12-25T11:48:26.904331768Z | 59 | PC: 15259 | Change current directory |
| 2018-12-25T11:48:26.908765315Z | 26 | PC: 1530c | Set disk transfer address |
| 2018-12-25T11:48:26.911173343Z | 78 | PC: 1531a | Find first file |
| 2018-12-25T11:48:26.9180505Z | 61 | PC: 15345 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:48:26.925524459Z | 63 | PC: 15357 | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T11:48:26.932884888Z | 44 | PC: 15392 | Get time 0x15392: add dl, dh 0x15394: je 0x1538e 0x15396: mov si, 0x115 0x15399: add si, word ptr [0x106] 0x1539d: mov byte ptr [si], dl 0x1539f: mov ax, 0x4301 0x153a2: xor cx, cx 0x153a4: mov dx, si 0x153a6: add dx, 0xc7 0x153aa: int 0x21 0x153ac: mov ah, 0x3e 0x153ae: int 0x21 0x153b0: mov ax, 0x3d02 0x153b3: int 0x21 0x153b5: jb 0x15366 0x153b7: mov di, dx 0x153b9: add di, 0x63 0x153bc: stosw word ptr es:[di], ax 0x153bd: xchg ax, bx 0x153be: mov ah, 0x40 |
| 2018-12-25T11:48:26.935817931Z | 67 | PC: 153ac | Get or set file attributes |
| 2018-12-25T11:48:26.957267469Z | 62 | PC: 153b0 | Close file |
| 2018-12-25T11:48:26.959406225Z | 61 | PC: 153b5 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:48:26.968321984Z | 64 | PC: 153c8 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:48:26.975606422Z | 64 | PC: 153da | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T11:48:26.978321859Z | 64 | PC: 153ef | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T11:48:26.981519021Z | 66 | PC: 153f8 | Move file pointer |
| 2018-12-25T11:48:26.982964007Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:26.985116067Z | 64 | PC: 1519d | Write file or device (Write 1104 bytes on handle 5) |
| 2018-12-25T11:48:26.996885558Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:26.999438756Z | 87 | PC: 15411 | Get or set file date and time |
| 2018-12-25T11:48:27.001217688Z | 62 | PC: 15415 | Close file |
| 2018-12-25T11:48:27.010325998Z | 67 | PC: 15426 | Get or set file attributes |
| 2018-12-25T11:48:27.02169651Z | 79 | PC: 1532d | Find next file |
| 2018-12-25T11:48:27.024532568Z | 61 | PC: 15345 | Open file (See above) |
| 2018-12-25T11:48:27.032212983Z | 63 | PC: 15357 | Read file or device (See above) |
| 2018-12-25T11:48:27.039467223Z | 44 | PC: 15392 | Get time (See above) |
| 2018-12-25T11:48:27.041739661Z | 67 | PC: 153ac | Get or set file attributes (See above) |
| 2018-12-25T11:48:27.342222459Z | 62 | PC: 153b0 | Close file (See above) |
| 2018-12-25T11:48:27.344351478Z | 61 | PC: 153b5 | Open file (See above) |
| 2018-12-25T11:48:27.351786333Z | 64 | PC: 153c8 | Write file or device (See above) |
| 2018-12-25T11:48:27.355292782Z | 64 | PC: 153da | Write file or device (See above) |
| 2018-12-25T11:48:27.359144157Z | 64 | PC: 153ef | Write file or device (See above) |
| 2018-12-25T11:48:27.361107653Z | 66 | PC: 153f8 | Move file pointer (See above) |
| 2018-12-25T11:48:27.362201416Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:27.364442707Z | 64 | PC: 1519d | Write file or device (See above) |
| 2018-12-25T11:48:27.695174677Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:27.698205349Z | 87 | PC: 15411 | Get or set file date and time (See above) |
| 2018-12-25T11:48:27.701617398Z | 62 | PC: 15415 | Close file (See above) |
| 2018-12-25T11:48:28.027095351Z | 67 | PC: 15426 | Get or set file attributes (See above) |
| 2018-12-25T11:48:28.038619528Z | 79 | PC: 1532d | Find next file (See above) |
| 2018-12-25T11:48:28.046128852Z | 61 | PC: 15345 | Open file (See above) |
| 2018-12-25T11:48:28.054334956Z | 63 | PC: 15357 | Read file or device (See above) |
| 2018-12-25T11:48:28.061923655Z | 44 | PC: 15392 | Get time (See above) |
| 2018-12-25T11:48:28.0649978Z | 67 | PC: 153ac | Get or set file attributes (See above) |
| 2018-12-25T11:48:28.077877744Z | 62 | PC: 153b0 | Close file (See above) |
| 2018-12-25T11:48:28.080280691Z | 61 | PC: 153b5 | Open file (See above) |
| 2018-12-25T11:48:28.088156407Z | 64 | PC: 153c8 | Write file or device (See above) |
| 2018-12-25T11:48:28.092783727Z | 64 | PC: 153da | Write file or device (See above) |
| 2018-12-25T11:48:28.096125795Z | 64 | PC: 153ef | Write file or device (See above) |
| 2018-12-25T11:48:28.099403436Z | 66 | PC: 153f8 | Move file pointer (See above) |
| 2018-12-25T11:48:28.1023141Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:28.105544572Z | 64 | PC: 1519d | Write file or device (See above) |
| 2018-12-25T11:48:28.115964622Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:28.119596484Z | 87 | PC: 15411 | Get or set file date and time (See above) |
| 2018-12-25T11:48:28.122019775Z | 62 | PC: 15415 | Close file (See above) |
| 2018-12-25T11:48:28.13098699Z | 67 | PC: 15426 | Get or set file attributes (See above) |
| 2018-12-25T11:48:28.145386834Z | 42 | PC: 15274 | Get date 0x15274: cmp dx, 0x1602 0x15278: je 0x1527d 0x1527a: jmp 0x15496 0x1527d: jmp 0x1542b 0x15280: and ah, bh 0x15282: movsw word ptr es:[di], word ptr [si] 0x15283: mov ax, 0x5c4c 0x15286: add word ptr [di], ax 0x15288: add byte ptr [di - 0x75], dl 0x1528b: in al, dx 0x1528c: sub sp, 0x2c 0x1528f: push si 0x15290: jmp 0x15301 0x15292: mov ah, 0x1a 0x15294: lea dx, word ptr [bp - 0x2c] 0x15297: int 0x21 0x15299: mov ah, 0x4e 0x1529b: mov cx, 0x10 0x1529e: mov dx, 0x1b5 0x152a1: add dx, word ptr [0x106] |
| 2018-12-25T11:48:28.149145457Z | 59 | PC: 154a1 | Change current directory |
| 2018-12-25T11:48:28.154043058Z | 59 | PC: 154a8 | Change current directory |
| 2018-12-25T11:48:28.156484808Z | 9 | PC: 12a51 | Display string (String= 'This is a sample! (10.000 bytes)') |
| 2018-12-25T11:48:28.162001437Z | 76 | PC: 12a56 | Terminate with return code (Return code = '0') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":3127,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:48:27.096467838Z | 42 | PC: 15162 | Get date 0x15162: cmp dl, 0xf 0x15165: je 0x15169 0x15167: jmp 0x15186 0x15169: cli 0x1516a: mov ah, 2 0x1516c: cdq 0x1516d: mov cx, 0x100 0x15170: int 0x26 0x15172: jmp 0x15174 0x15174: cli 0x15175: mov al, 3 0x15177: mov cx, 0x2bc 0x1517a: mov dx, 0 0x1517d: mov ds, word ptr [di + 0x63] 0x15180: mov bx, word ptr [di + 0x37] 0x15183: call 0x25169 0x15186: ret 0x15187: lodsb al, byte ptr [si] 0x15188: xor al, ah 0x1518a: stosb byte ptr es:[di], al |
| 2018-12-25T11:48:27.110457993Z | 71 | PC: 1524e | Get current directory |
| 2018-12-25T11:48:27.113305753Z | 59 | PC: 15259 | Change current directory |
| 2018-12-25T11:48:27.117214756Z | 26 | PC: 1530c | Set disk transfer address |
| 2018-12-25T11:48:27.118588975Z | 78 | PC: 1531a | Find first file |
| 2018-12-25T11:48:27.129213765Z | 61 | PC: 15345 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:48:27.140288819Z | 63 | PC: 15357 | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T11:48:27.147486025Z | 44 | PC: 15392 | Get time 0x15392: add dl, dh 0x15394: je 0x1538e 0x15396: mov si, 0x115 0x15399: add si, word ptr [0x106] 0x1539d: mov byte ptr [si], dl 0x1539f: mov ax, 0x4301 0x153a2: xor cx, cx 0x153a4: mov dx, si 0x153a6: add dx, 0xc7 0x153aa: int 0x21 0x153ac: mov ah, 0x3e 0x153ae: int 0x21 0x153b0: mov ax, 0x3d02 0x153b3: int 0x21 0x153b5: jb 0x15366 0x153b7: mov di, dx 0x153b9: add di, 0x63 0x153bc: stosw word ptr es:[di], ax 0x153bd: xchg ax, bx 0x153be: mov ah, 0x40 |
| 2018-12-25T11:48:27.149905421Z | 67 | PC: 153ac | Get or set file attributes |
| 2018-12-25T11:48:27.165395647Z | 62 | PC: 153b0 | Close file |
| 2018-12-25T11:48:27.167162237Z | 61 | PC: 153b5 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:48:27.177216811Z | 64 | PC: 153c8 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:48:27.180074471Z | 64 | PC: 153da | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T11:48:27.182838008Z | 64 | PC: 153ef | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T11:48:27.185685586Z | 66 | PC: 153f8 | Move file pointer |
| 2018-12-25T11:48:27.187313414Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:27.189463252Z | 64 | PC: 1519d | Write file or device (Write 1104 bytes on handle 5) |
| 2018-12-25T11:48:27.19834448Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:27.200480582Z | 87 | PC: 15411 | Get or set file date and time |
| 2018-12-25T11:48:27.201823821Z | 62 | PC: 15415 | Close file |
| 2018-12-25T11:48:27.220348777Z | 67 | PC: 15426 | Get or set file attributes |
| 2018-12-25T11:48:27.23048311Z | 79 | PC: 1532d | Find next file |
| 2018-12-25T11:48:27.233043764Z | 61 | PC: 15345 | Open file (See above) |
| 2018-12-25T11:48:27.24032076Z | 63 | PC: 15357 | Read file or device (See above) |
| 2018-12-25T11:48:27.247085231Z | 44 | PC: 15392 | Get time (See above) |
| 2018-12-25T11:48:27.249256349Z | 67 | PC: 153ac | Get or set file attributes (See above) |
| 2018-12-25T11:48:27.259571089Z | 62 | PC: 153b0 | Close file (See above) |
| 2018-12-25T11:48:27.261635949Z | 61 | PC: 153b5 | Open file (See above) |
| 2018-12-25T11:48:27.26840019Z | 64 | PC: 153c8 | Write file or device (See above) |
| 2018-12-25T11:48:27.271921324Z | 64 | PC: 153da | Write file or device (See above) |
| 2018-12-25T11:48:27.274651739Z | 64 | PC: 153ef | Write file or device (See above) |
| 2018-12-25T11:48:27.277516263Z | 66 | PC: 153f8 | Move file pointer (See above) |
| 2018-12-25T11:48:27.282076487Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:27.287858401Z | 64 | PC: 1519d | Write file or device (See above) |
| 2018-12-25T11:48:27.297221153Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:27.299936587Z | 87 | PC: 15411 | Get or set file date and time (See above) |
| 2018-12-25T11:48:27.301671142Z | 62 | PC: 15415 | Close file (See above) |
| 2018-12-25T11:48:27.309686656Z | 67 | PC: 15426 | Get or set file attributes (See above) |
| 2018-12-25T11:48:27.321936029Z | 79 | PC: 1532d | Find next file (See above) |
| 2018-12-25T11:48:27.324578851Z | 61 | PC: 15345 | Open file (See above) |
| 2018-12-25T11:48:27.331276756Z | 63 | PC: 15357 | Read file or device (See above) |
| 2018-12-25T11:48:27.338060377Z | 44 | PC: 15392 | Get time (See above) |
| 2018-12-25T11:48:27.340362596Z | 67 | PC: 153ac | Get or set file attributes (See above) |
| 2018-12-25T11:48:27.35036019Z | 62 | PC: 153b0 | Close file (See above) |
| 2018-12-25T11:48:27.353660701Z | 61 | PC: 153b5 | Open file (See above) |
| 2018-12-25T11:48:27.365169104Z | 64 | PC: 153c8 | Write file or device (See above) |
| 2018-12-25T11:48:27.371457886Z | 64 | PC: 153da | Write file or device (See above) |
| 2018-12-25T11:48:27.374067355Z | 64 | PC: 153ef | Write file or device (See above) |
| 2018-12-25T11:48:27.377043042Z | 66 | PC: 153f8 | Move file pointer (See above) |
| 2018-12-25T11:48:27.37830227Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:27.380262677Z | 64 | PC: 1519d | Write file or device (See above) |
| 2018-12-25T11:48:27.388826373Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:27.390775367Z | 87 | PC: 15411 | Get or set file date and time (See above) |
| 2018-12-25T11:48:27.392057686Z | 62 | PC: 15415 | Close file (See above) |
| 2018-12-25T11:48:27.399860652Z | 67 | PC: 15426 | Get or set file attributes (See above) |
| 2018-12-25T11:48:27.409407377Z | 42 | PC: 15274 | Get date 0x15274: cmp dx, 0x1602 0x15278: je 0x1527d 0x1527a: jmp 0x15496 0x1527d: jmp 0x1542b 0x15280: and ah, bh 0x15282: movsw word ptr es:[di], word ptr [si] 0x15283: mov ax, 0x5c4c 0x15286: add word ptr [di], ax 0x15288: add byte ptr [di - 0x75], dl 0x1528b: in al, dx 0x1528c: sub sp, 0x2c 0x1528f: push si 0x15290: jmp 0x15301 0x15292: mov ah, 0x1a 0x15294: lea dx, word ptr [bp - 0x2c] 0x15297: int 0x21 0x15299: mov ah, 0x4e 0x1529b: mov cx, 0x10 0x1529e: mov dx, 0x1b5 0x152a1: add dx, word ptr [0x106] |
| 2018-12-25T11:48:27.411831346Z | 59 | PC: 154a1 | Change current directory |
| 2018-12-25T11:48:27.415749846Z | 59 | PC: 154a8 | Change current directory |
| 2018-12-25T11:48:27.417403898Z | 9 | PC: 12a51 | Display string (String= 'This is a sample! (10.000 bytes)') |
| 2018-12-25T11:48:27.420867494Z | 76 | PC: 12a56 | Terminate with return code (Return code = '0') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":3127,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:48:27.620888712Z | 42 | PC: 15162 | Get date 0x15162: cmp dl, 0xf 0x15165: je 0x15169 0x15167: jmp 0x15186 0x15169: cli 0x1516a: mov ah, 2 0x1516c: cdq 0x1516d: mov cx, 0x100 0x15170: int 0x26 0x15172: jmp 0x15174 0x15174: cli 0x15175: mov al, 3 0x15177: mov cx, 0x2bc 0x1517a: mov dx, 0 0x1517d: mov ds, word ptr [di + 0x63] 0x15180: mov bx, word ptr [di + 0x37] 0x15183: call 0x25169 0x15186: ret 0x15187: lodsb al, byte ptr [si] 0x15188: xor al, ah 0x1518a: stosb byte ptr es:[di], al |
| 2018-12-25T11:48:27.626398982Z | 71 | PC: 1524e | Get current directory |
| 2018-12-25T11:48:27.629114526Z | 59 | PC: 15259 | Change current directory |
| 2018-12-25T11:48:27.632930433Z | 26 | PC: 1530c | Set disk transfer address |
| 2018-12-25T11:48:27.651024757Z | 78 | PC: 1531a | Find first file |
| 2018-12-25T11:48:27.660103913Z | 61 | PC: 15345 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:48:27.671312164Z | 63 | PC: 15357 | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T11:48:27.682684563Z | 44 | PC: 15392 | Get time 0x15392: add dl, dh 0x15394: je 0x1538e 0x15396: mov si, 0x115 0x15399: add si, word ptr [0x106] 0x1539d: mov byte ptr [si], dl 0x1539f: mov ax, 0x4301 0x153a2: xor cx, cx 0x153a4: mov dx, si 0x153a6: add dx, 0xc7 0x153aa: int 0x21 0x153ac: mov ah, 0x3e 0x153ae: int 0x21 0x153b0: mov ax, 0x3d02 0x153b3: int 0x21 0x153b5: jb 0x15366 0x153b7: mov di, dx 0x153b9: add di, 0x63 0x153bc: stosw word ptr es:[di], ax 0x153bd: xchg ax, bx 0x153be: mov ah, 0x40 |
| 2018-12-25T11:48:27.685052739Z | 67 | PC: 153ac | Get or set file attributes |
| 2018-12-25T11:48:27.700643602Z | 62 | PC: 153b0 | Close file |
| 2018-12-25T11:48:27.701910188Z | 61 | PC: 153b5 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:48:27.706356413Z | 64 | PC: 153c8 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:48:27.709037858Z | 64 | PC: 153da | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T11:48:27.711516473Z | 64 | PC: 153ef | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T11:48:27.717337652Z | 66 | PC: 153f8 | Move file pointer |
| 2018-12-25T11:48:27.718908487Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:27.721153108Z | 64 | PC: 1519d | Write file or device (Write 1104 bytes on handle 5) |
| 2018-12-25T11:48:27.730138292Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:27.732176393Z | 87 | PC: 15411 | Get or set file date and time |
| 2018-12-25T11:48:27.733462744Z | 62 | PC: 15415 | Close file |
| 2018-12-25T11:48:27.741214653Z | 67 | PC: 15426 | Get or set file attributes |
| 2018-12-25T11:48:27.751349544Z | 79 | PC: 1532d | Find next file |
| 2018-12-25T11:48:27.753922954Z | 61 | PC: 15345 | Open file (See above) |
| 2018-12-25T11:48:27.770350512Z | 63 | PC: 15357 | Read file or device (See above) |
| 2018-12-25T11:48:27.776732784Z | 44 | PC: 15392 | Get time (See above) |
| 2018-12-25T11:48:27.779025615Z | 67 | PC: 153ac | Get or set file attributes (See above) |
| 2018-12-25T11:48:27.789918105Z | 62 | PC: 153b0 | Close file (See above) |
| 2018-12-25T11:48:27.79178558Z | 61 | PC: 153b5 | Open file (See above) |
| 2018-12-25T11:48:27.798484514Z | 64 | PC: 153c8 | Write file or device (See above) |
| 2018-12-25T11:48:27.80173588Z | 64 | PC: 153da | Write file or device (See above) |
| 2018-12-25T11:48:27.804897484Z | 64 | PC: 153ef | Write file or device (See above) |
| 2018-12-25T11:48:27.807409725Z | 66 | PC: 153f8 | Move file pointer (See above) |
| 2018-12-25T11:48:27.808934289Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:27.8113095Z | 64 | PC: 1519d | Write file or device (See above) |
| 2018-12-25T11:48:27.819751046Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:27.825288877Z | 87 | PC: 15411 | Get or set file date and time (See above) |
| 2018-12-25T11:48:27.826819632Z | 62 | PC: 15415 | Close file (See above) |
| 2018-12-25T11:48:27.834907081Z | 67 | PC: 15426 | Get or set file attributes (See above) |
| 2018-12-25T11:48:27.85254738Z | 79 | PC: 1532d | Find next file (See above) |
| 2018-12-25T11:48:27.855698887Z | 61 | PC: 15345 | Open file (See above) |
| 2018-12-25T11:48:27.862452087Z | 63 | PC: 15357 | Read file or device (See above) |
| 2018-12-25T11:48:27.869620426Z | 44 | PC: 15392 | Get time (See above) |
| 2018-12-25T11:48:27.873005409Z | 67 | PC: 153ac | Get or set file attributes (See above) |
| 2018-12-25T11:48:27.883603363Z | 62 | PC: 153b0 | Close file (See above) |
| 2018-12-25T11:48:27.88531232Z | 61 | PC: 153b5 | Open file (See above) |
| 2018-12-25T11:48:27.8926452Z | 64 | PC: 153c8 | Write file or device (See above) |
| 2018-12-25T11:48:27.896403894Z | 64 | PC: 153da | Write file or device (See above) |
| 2018-12-25T11:48:27.899314202Z | 64 | PC: 153ef | Write file or device (See above) |
| 2018-12-25T11:48:27.902597635Z | 66 | PC: 153f8 | Move file pointer (See above) |
| 2018-12-25T11:48:27.904249923Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:27.906662224Z | 64 | PC: 1519d | Write file or device (See above) |
| 2018-12-25T11:48:27.919199248Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:27.921535979Z | 87 | PC: 15411 | Get or set file date and time (See above) |
| 2018-12-25T11:48:27.923184698Z | 62 | PC: 15415 | Close file (See above) |
| 2018-12-25T11:48:27.931927043Z | 67 | PC: 15426 | Get or set file attributes (See above) |
| 2018-12-25T11:48:27.942158073Z | 42 | PC: 15274 | Get date 0x15274: cmp dx, 0x1602 0x15278: je 0x1527d 0x1527a: jmp 0x15496 0x1527d: jmp 0x1542b 0x15280: and ah, bh 0x15282: movsw word ptr es:[di], word ptr [si] 0x15283: mov ax, 0x5c4c 0x15286: add word ptr [di], ax 0x15288: add byte ptr [di - 0x75], dl 0x1528b: in al, dx 0x1528c: sub sp, 0x2c 0x1528f: push si 0x15290: jmp 0x15301 0x15292: mov ah, 0x1a 0x15294: lea dx, word ptr [bp - 0x2c] 0x15297: int 0x21 0x15299: mov ah, 0x4e 0x1529b: mov cx, 0x10 0x1529e: mov dx, 0x1b5 0x152a1: add dx, word ptr [0x106] |
| 2018-12-25T11:48:27.944604331Z | 59 | PC: 154a1 | Change current directory |
| 2018-12-25T11:48:27.949202179Z | 59 | PC: 154a8 | Change current directory |
| 2018-12-25T11:48:27.951347656Z | 9 | PC: 12a51 | Display string (String= 'This is a sample! (10.000 bytes)') |
| 2018-12-25T11:48:27.954754517Z | 76 | PC: 12a56 | Terminate with return code (Return code = '0') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":3127,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:48:28.090902221Z | 42 | PC: 15162 | Get date 0x15162: cmp dl, 0xf 0x15165: je 0x15169 0x15167: jmp 0x15186 0x15169: cli 0x1516a: mov ah, 2 0x1516c: cdq 0x1516d: mov cx, 0x100 0x15170: int 0x26 0x15172: jmp 0x15174 0x15174: cli 0x15175: mov al, 3 0x15177: mov cx, 0x2bc 0x1517a: mov dx, 0 0x1517d: mov ds, word ptr [di + 0x63] 0x15180: mov bx, word ptr [di + 0x37] 0x15183: call 0x25169 0x15186: ret 0x15187: lodsb al, byte ptr [si] 0x15188: xor al, ah 0x1518a: stosb byte ptr es:[di], al |
| 2018-12-25T11:48:28.094034474Z | 71 | PC: 1524e | Get current directory |
| 2018-12-25T11:48:28.097097686Z | 59 | PC: 15259 | Change current directory |
| 2018-12-25T11:48:28.101418777Z | 26 | PC: 1530c | Set disk transfer address |
| 2018-12-25T11:48:28.102611728Z | 78 | PC: 1531a | Find first file |
| 2018-12-25T11:48:28.114416261Z | 61 | PC: 15345 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:48:28.120455018Z | 63 | PC: 15357 | Read file or device (Read 8 bytes on handle 5) |
| 2018-12-25T11:48:28.125991689Z | 44 | PC: 15392 | Get time 0x15392: add dl, dh 0x15394: je 0x1538e 0x15396: mov si, 0x115 0x15399: add si, word ptr [0x106] 0x1539d: mov byte ptr [si], dl 0x1539f: mov ax, 0x4301 0x153a2: xor cx, cx 0x153a4: mov dx, si 0x153a6: add dx, 0xc7 0x153aa: int 0x21 0x153ac: mov ah, 0x3e 0x153ae: int 0x21 0x153b0: mov ax, 0x3d02 0x153b3: int 0x21 0x153b5: jb 0x15366 0x153b7: mov di, dx 0x153b9: add di, 0x63 0x153bc: stosw word ptr es:[di], ax 0x153bd: xchg ax, bx 0x153be: mov ah, 0x40 |
| 2018-12-25T11:48:28.129761236Z | 67 | PC: 153ac | Get or set file attributes |
| 2018-12-25T11:48:28.14642465Z | 62 | PC: 153b0 | Close file |
| 2018-12-25T11:48:28.148554389Z | 61 | PC: 153b5 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:48:28.156289346Z | 64 | PC: 153c8 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:48:28.159285866Z | 64 | PC: 153da | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T11:48:28.161448212Z | 64 | PC: 153ef | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-25T11:48:28.164140909Z | 66 | PC: 153f8 | Move file pointer |
| 2018-12-25T11:48:28.165970488Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:28.171293926Z | 64 | PC: 1519d | Write file or device (Write 1104 bytes on handle 5) |
| 2018-12-25T11:48:28.184672847Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:28.18777142Z | 87 | PC: 15411 | Get or set file date and time |
| 2018-12-25T11:48:28.190130586Z | 62 | PC: 15415 | Close file |
| 2018-12-25T11:48:28.199753033Z | 67 | PC: 15426 | Get or set file attributes |
| 2018-12-25T11:48:28.21345838Z | 79 | PC: 1532d | Find next file |
| 2018-12-25T11:48:28.215594292Z | 61 | PC: 15345 | Open file (See above) |
| 2018-12-25T11:48:28.220363144Z | 63 | PC: 15357 | Read file or device (See above) |
| 2018-12-25T11:48:28.225612628Z | 44 | PC: 15392 | Get time (See above) |
| 2018-12-25T11:48:28.228052608Z | 67 | PC: 153ac | Get or set file attributes (See above) |
| 2018-12-25T11:48:28.237351046Z | 62 | PC: 153b0 | Close file (See above) |
| 2018-12-25T11:48:28.240598246Z | 61 | PC: 153b5 | Open file (See above) |
| 2018-12-25T11:48:28.256019209Z | 64 | PC: 153c8 | Write file or device (See above) |
| 2018-12-25T11:48:28.263660429Z | 64 | PC: 153da | Write file or device (See above) |
| 2018-12-25T11:48:28.268162594Z | 64 | PC: 153ef | Write file or device (See above) |
| 2018-12-25T11:48:28.271167091Z | 66 | PC: 153f8 | Move file pointer (See above) |
| 2018-12-25T11:48:28.273643629Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:28.288706507Z | 64 | PC: 1519d | Write file or device (See above) |
| 2018-12-25T11:48:28.304905029Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:28.306916103Z | 87 | PC: 15411 | Get or set file date and time (See above) |
| 2018-12-25T11:48:28.309277905Z | 62 | PC: 15415 | Close file (See above) |
| 2018-12-25T11:48:28.31723012Z | 67 | PC: 15426 | Get or set file attributes (See above) |
| 2018-12-25T11:48:28.323891378Z | 79 | PC: 1532d | Find next file (See above) |
| 2018-12-25T11:48:28.325922184Z | 61 | PC: 15345 | Open file (See above) |
| 2018-12-25T11:48:28.331257066Z | 63 | PC: 15357 | Read file or device (See above) |
| 2018-12-25T11:48:28.335629759Z | 44 | PC: 15392 | Get time (See above) |
| 2018-12-25T11:48:28.337248988Z | 67 | PC: 153ac | Get or set file attributes (See above) |
| 2018-12-25T11:48:28.344671639Z | 62 | PC: 153b0 | Close file (See above) |
| 2018-12-25T11:48:28.345957476Z | 61 | PC: 153b5 | Open file (See above) |
| 2018-12-25T11:48:28.350363484Z | 64 | PC: 153c8 | Write file or device (See above) |
| 2018-12-25T11:48:28.353641455Z | 64 | PC: 153da | Write file or device (See above) |
| 2018-12-25T11:48:28.356967542Z | 64 | PC: 153ef | Write file or device (See above) |
| 2018-12-25T11:48:28.360301994Z | 66 | PC: 153f8 | Move file pointer (See above) |
| 2018-12-25T11:48:28.363079933Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:28.365559725Z | 64 | PC: 1519d | Write file or device (See above) |
| 2018-12-25T11:48:28.376496947Z | 42 | PC: 15162 | Get date (See above) |
| 2018-12-25T11:48:28.379678875Z | 87 | PC: 15411 | Get or set file date and time (See above) |
| 2018-12-25T11:48:28.382012307Z | 62 | PC: 15415 | Close file (See above) |
| 2018-12-25T11:48:28.391470813Z | 67 | PC: 15426 | Get or set file attributes (See above) |
| 2018-12-25T11:48:28.4033215Z | 42 | PC: 15274 | Get date 0x15274: cmp dx, 0x1602 0x15278: je 0x1527d 0x1527a: jmp 0x15496 0x1527d: jmp 0x1542b 0x15280: and ah, bh 0x15282: movsw word ptr es:[di], word ptr [si] 0x15283: mov ax, 0x5c4c 0x15286: add word ptr [di], ax 0x15288: add byte ptr [di - 0x75], dl 0x1528b: in al, dx 0x1528c: sub sp, 0x2c 0x1528f: push si 0x15290: jmp 0x15301 0x15292: mov ah, 0x1a 0x15294: lea dx, word ptr [bp - 0x2c] 0x15297: int 0x21 0x15299: mov ah, 0x4e 0x1529b: mov cx, 0x10 0x1529e: mov dx, 0x1b5 0x152a1: add dx, word ptr [0x106] |
| 2018-12-25T11:48:28.406725805Z | 59 | PC: 154a1 | Change current directory |
| 2018-12-25T11:48:28.411550955Z | 59 | PC: 154a8 | Change current directory |
| 2018-12-25T11:48:28.414477023Z | 9 | PC: 12a51 | Display string (String= 'This is a sample! (10.000 bytes)') |
| 2018-12-25T11:48:28.419437662Z | 76 | PC: 12a56 | Terminate with return code (Return code = '0') |