{"DateBased":true,"Day":6,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10569,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:28:23.175055646Z | 47 | PC: 12c67 | Get disk transfer address |
| 2018-12-25T12:28:23.176353567Z | 26 | PC: 12c73 | Set disk transfer address |
| 2018-12-25T12:28:23.177793158Z | 14 | PC: 12c79 | Set default drive (Drive = 'C') |
| 2018-12-25T12:28:23.179896789Z | 53 | PC: 12c21 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:28:23.181780518Z | 37 | PC: 12c2b | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:28:23.183619498Z | 78 | PC: 12c38 | Find first file |
| 2018-12-25T12:28:23.190350531Z | 59 | PC: 12c49 | Change current directory |
| 2018-12-25T12:28:23.194915301Z | 25 | PC: 12c4f | Get default drive |
| 2018-12-25T12:28:23.19663391Z | 14 | PC: 12c59 | Set default drive (Drive = 'A') |
| 2018-12-25T12:28:23.197975235Z | 78 | PC: 12c38 | Find first file (See above) |
| 2018-12-25T12:28:23.213867123Z | 61 | PC: 12b1a | Open file (Filename = 'TEST.EXE') |
| 2018-12-25T12:28:23.221604549Z | 63 | PC: 12b27 | Read file or device (Read 26 bytes on handle 5) |
| 2018-12-25T12:28:23.224734223Z | 66 | PC: 12b85 | Move file pointer |
| 2018-12-25T12:28:23.228133495Z | 64 | PC: 12bf5 | Write file or device (Write 164 bytes on handle 5) |
| 2018-12-25T12:28:23.232555783Z | 64 | PC: 12c00 | Write file or device (Write 552 bytes on handle 5) |
| 2018-12-25T12:28:23.247507089Z | 66 | PC: 12c09 | Move file pointer |
| 2018-12-25T12:28:23.25014756Z | 64 | PC: 12c14 | Write file or device (Write 26 bytes on handle 5) |
| 2018-12-25T12:28:23.253399858Z | 62 | PC: 12c18 | Close file |
| 2018-12-25T12:28:23.262710223Z | 79 | PC: 12c38 | Find next file (See above) |
| 2018-12-25T12:28:23.266489987Z | 59 | PC: 12c49 | Change current directory (See above) |
| 2018-12-25T12:28:23.271690752Z | 25 | PC: 12c4f | Get default drive (See above) |
| 2018-12-25T12:28:23.273728792Z | 37 | PC: 12c62 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:28:23.275694749Z | 42 | PC: 12ae8 | Get date 0x12ae8: cmp dl, 0xd 0x12aeb: je 0x12af4 0x12aed: cmp dl, 6 0x12af0: je 0x12af4 0x12af2: jmp 0x12b00 0x12af4: mov ah, 0x2c 0x12af6: int 0x21 0x12af8: cmp dh, 0x1e 0x12afb: jae 0x12b00 0x12afd: call 0x12b01 0x12b00: ret 0x12b01: mov ah, 0xe 0x12b03: mov dl, 2 0x12b05: int 0x21 0x12b07: mov cx, 6 0x12b0a: mov al, 7 0x12b0c: int 0x29 0x12b0e: loop 0x12b0a 0x12b10: ret 0x12b11: mov ax, 0x3d02 |
| 2018-12-25T12:28:23.281655368Z | 44 | PC: 12af8 | Get time 0x12af8: cmp dh, 0x1e 0x12afb: jae 0x12b00 0x12afd: call 0x12b01 0x12b00: ret 0x12b01: mov ah, 0xe 0x12b03: mov dl, 2 0x12b05: int 0x21 0x12b07: mov cx, 6 0x12b0a: mov al, 7 0x12b0c: int 0x29 0x12b0e: loop 0x12b0a 0x12b10: ret 0x12b11: mov ax, 0x3d02 0x12b14: lea dx, word ptr [bp + 0x2ea] 0x12b18: int 0x21 0x12b1a: mov bx, ax 0x12b1c: mov ah, 0x3f 0x12b1e: lea dx, word ptr [bp + 0x2b2] 0x12b22: mov cx, 0x1a 0x12b25: int 0x21 |
| 2018-12-25T12:28:23.283899736Z | 14 | PC: 12b07 | Set default drive (Drive = 'C') |
| 2018-12-25T12:28:23.286381822Z | 14 | PC: 12c92 | Set default drive (Drive = 'C') |
| 2018-12-25T12:28:23.288514357Z | 26 | PC: 12c98 | Set disk transfer address |
| 2018-12-25T12:28:23.289865656Z | 76 | PC: 13147 | Terminate with return code (Return code = '0') |
{"DateBased":true,"Day":13,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10569,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:28:23.388628809Z | 47 | PC: 12c67 | Get disk transfer address |
| 2018-12-25T12:28:23.390630296Z | 26 | PC: 12c73 | Set disk transfer address |
| 2018-12-25T12:28:23.393133217Z | 14 | PC: 12c79 | Set default drive (Drive = 'C') |
| 2018-12-25T12:28:23.394910664Z | 53 | PC: 12c21 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:28:23.39656594Z | 37 | PC: 12c2b | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:28:23.401438125Z | 78 | PC: 12c38 | Find first file |
| 2018-12-25T12:28:23.407659429Z | 59 | PC: 12c49 | Change current directory |
| 2018-12-25T12:28:23.41198692Z | 25 | PC: 12c4f | Get default drive |
| 2018-12-25T12:28:23.414589948Z | 14 | PC: 12c59 | Set default drive (Drive = 'A') |
| 2018-12-25T12:28:23.416295055Z | 78 | PC: 12c38 | Find first file (See above) |
| 2018-12-25T12:28:23.423215997Z | 61 | PC: 12b1a | Open file (Filename = 'TEST.EXE') |
| 2018-12-25T12:28:23.431641314Z | 63 | PC: 12b27 | Read file or device (Read 26 bytes on handle 5) |
| 2018-12-25T12:28:23.435138441Z | 66 | PC: 12b85 | Move file pointer |
| 2018-12-25T12:28:23.43778885Z | 64 | PC: 12bf5 | Write file or device (Write 164 bytes on handle 5) |
| 2018-12-25T12:28:23.441612002Z | 64 | PC: 12c00 | Write file or device (Write 552 bytes on handle 5) |
| 2018-12-25T12:28:23.458860449Z | 66 | PC: 12c09 | Move file pointer |
| 2018-12-25T12:28:23.460731128Z | 64 | PC: 12c14 | Write file or device (Write 26 bytes on handle 5) |
| 2018-12-25T12:28:23.464163166Z | 62 | PC: 12c18 | Close file |
| 2018-12-25T12:28:23.474277212Z | 79 | PC: 12c38 | Find next file (See above) |
| 2018-12-25T12:28:23.477822316Z | 59 | PC: 12c49 | Change current directory (See above) |
| 2018-12-25T12:28:23.483498542Z | 25 | PC: 12c4f | Get default drive (See above) |
| 2018-12-25T12:28:23.485451069Z | 37 | PC: 12c62 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:28:23.487191353Z | 42 | PC: 12ae8 | Get date 0x12ae8: cmp dl, 0xd 0x12aeb: je 0x12af4 0x12aed: cmp dl, 6 0x12af0: je 0x12af4 0x12af2: jmp 0x12b00 0x12af4: mov ah, 0x2c 0x12af6: int 0x21 0x12af8: cmp dh, 0x1e 0x12afb: jae 0x12b00 0x12afd: call 0x12b01 0x12b00: ret 0x12b01: mov ah, 0xe 0x12b03: mov dl, 2 0x12b05: int 0x21 0x12b07: mov cx, 6 0x12b0a: mov al, 7 0x12b0c: int 0x29 0x12b0e: loop 0x12b0a 0x12b10: ret 0x12b11: mov ax, 0x3d02 |
| 2018-12-25T12:28:23.490102982Z | 44 | PC: 12af8 | Get time 0x12af8: cmp dh, 0x1e 0x12afb: jae 0x12b00 0x12afd: call 0x12b01 0x12b00: ret 0x12b01: mov ah, 0xe 0x12b03: mov dl, 2 0x12b05: int 0x21 0x12b07: mov cx, 6 0x12b0a: mov al, 7 0x12b0c: int 0x29 0x12b0e: loop 0x12b0a 0x12b10: ret 0x12b11: mov ax, 0x3d02 0x12b14: lea dx, word ptr [bp + 0x2ea] 0x12b18: int 0x21 0x12b1a: mov bx, ax 0x12b1c: mov ah, 0x3f 0x12b1e: lea dx, word ptr [bp + 0x2b2] 0x12b22: mov cx, 0x1a 0x12b25: int 0x21 |
| 2018-12-25T12:28:23.497453164Z | 14 | PC: 12b07 | Set default drive (Drive = 'C') |
| 2018-12-25T12:28:23.506909346Z | 14 | PC: 12c92 | Set default drive (Drive = 'C') |
| 2018-12-25T12:28:23.509292927Z | 26 | PC: 12c98 | Set disk transfer address |
| 2018-12-25T12:28:23.511515959Z | 76 | PC: 13147 | Terminate with return code (Return code = '0') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10569,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:28:23.480855301Z | 47 | PC: 12c67 | Get disk transfer address |
| 2018-12-25T12:28:23.482485207Z | 26 | PC: 12c73 | Set disk transfer address |
| 2018-12-25T12:28:23.484150133Z | 14 | PC: 12c79 | Set default drive (Drive = 'C') |
| 2018-12-25T12:28:23.48577985Z | 53 | PC: 12c21 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:28:23.487976344Z | 37 | PC: 12c2b | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:28:23.489267814Z | 78 | PC: 12c38 | Find first file |
| 2018-12-25T12:28:23.494657442Z | 59 | PC: 12c49 | Change current directory |
| 2018-12-25T12:28:23.49917314Z | 25 | PC: 12c4f | Get default drive |
| 2018-12-25T12:28:23.500274925Z | 14 | PC: 12c59 | Set default drive (Drive = 'A') |
| 2018-12-25T12:28:23.501441003Z | 78 | PC: 12c38 | Find first file (See above) |
| 2018-12-25T12:28:23.514085275Z | 61 | PC: 12b1a | Open file (Filename = 'TEST.EXE') |
| 2018-12-25T12:28:23.520667138Z | 63 | PC: 12b27 | Read file or device (Read 26 bytes on handle 5) |
| 2018-12-25T12:28:23.523476809Z | 66 | PC: 12b85 | Move file pointer |
| 2018-12-25T12:28:23.525904532Z | 64 | PC: 12bf5 | Write file or device (Write 164 bytes on handle 5) |
| 2018-12-25T12:28:23.529911588Z | 64 | PC: 12c00 | Write file or device (Write 552 bytes on handle 5) |
| 2018-12-25T12:28:23.544993494Z | 66 | PC: 12c09 | Move file pointer |
| 2018-12-25T12:28:23.546638905Z | 64 | PC: 12c14 | Write file or device (Write 26 bytes on handle 5) |
| 2018-12-25T12:28:23.549962959Z | 62 | PC: 12c18 | Close file |
| 2018-12-25T12:28:23.557896057Z | 79 | PC: 12c38 | Find next file (See above) |
| 2018-12-25T12:28:23.560243547Z | 59 | PC: 12c49 | Change current directory (See above) |
| 2018-12-25T12:28:23.564913578Z | 25 | PC: 12c4f | Get default drive (See above) |
| 2018-12-25T12:28:23.566264415Z | 37 | PC: 12c62 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:28:23.567569925Z | 42 | PC: 12ae8 | Get date 0x12ae8: cmp dl, 0xd 0x12aeb: je 0x12af4 0x12aed: cmp dl, 6 0x12af0: je 0x12af4 0x12af2: jmp 0x12b00 0x12af4: mov ah, 0x2c 0x12af6: int 0x21 0x12af8: cmp dh, 0x1e 0x12afb: jae 0x12b00 0x12afd: call 0x12b01 0x12b00: ret 0x12b01: mov ah, 0xe 0x12b03: mov dl, 2 0x12b05: int 0x21 0x12b07: mov cx, 6 0x12b0a: mov al, 7 0x12b0c: int 0x29 0x12b0e: loop 0x12b0a 0x12b10: ret 0x12b11: mov ax, 0x3d02 |
| 2018-12-25T12:28:23.570431601Z | 14 | PC: 12c92 | Set default drive (Drive = 'C') |
| 2018-12-25T12:28:23.571948262Z | 26 | PC: 12c98 | Set disk transfer address |
| 2018-12-25T12:28:23.573235128Z | 76 | PC: 13147 | Terminate with return code (Return code = '0') |