{"DateBased":true,"Day":6,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":136,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:40:16.191319433Z | 250 | PC: 12b46 | UNKNOWN! |
| 2018-12-25T11:40:16.204741863Z | 255 | PC: 12b4b | UNKNOWN! |
| 2018-12-25T11:40:16.205625088Z | 26 | PC: 12bc4 | Set disk transfer address |
| 2018-12-25T11:40:16.241532194Z | 71 | PC: 12bcf | Get current directory |
| 2018-12-25T11:40:16.256141986Z | 53 | PC: 12bd9 | Get interrupt vector (Interrupt = '3' AKA 'Auxiliary input') |
| 2018-12-25T11:40:16.308980299Z | 37 | PC: 12bf4 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input') |
| 2018-12-25T11:40:16.3101843Z | 53 | PC: 12bf9 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T11:40:16.311422358Z | 37 | PC: 12c09 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T11:40:16.313836892Z | 78 | PC: 12c16 | Find first file |
| 2018-12-25T11:40:16.320626434Z | 61 | PC: 12dab | Open file (Filename = 'TEST.EXE') |
| 2018-12-25T11:40:16.367959715Z | 63 | PC: 12c29 | Read file or device (Read 26 bytes on handle 5) |
| 2018-12-25T11:40:16.372514565Z | 62 | PC: 12c2d | Close file |
| 2018-12-25T11:40:16.374867171Z | 79 | PC: 12c16 | Find next file (See above) |
| 2018-12-25T11:40:16.377622456Z | 42 | PC: 12c47 | Get date 0x12c47: cmp dh, 4 0x12c4a: je 0x12c9f 0x12c4c: cmp dl, 6 0x12c4f: je 0x12c9f 0x12c51: mov ax, 0x2524 0x12c54: lds dx, ptr [bp + 0x3e5] 0x12c58: int 0x21 0x12c5a: mov ax, 0x2503 0x12c5d: lds dx, ptr [bp + 0x3e9] 0x12c61: int 0x21 0x12c63: push cs 0x12c64: pop ds 0x12c65: mov ah, 0x3b 0x12c67: lea dx, word ptr [bp + 0x3ed] 0x12c6b: int 0x21 0x12c6d: mov ah, 0x1a 0x12c6f: mov dx, 0x80 0x12c72: pop es 0x12c73: pop ds 0x12c74: int 0x21 |
| 2018-12-25T11:40:16.380957096Z | 9 | PC: 12ca7 | Display string (String= ' Help.. Help.. I`m Sinking........ ') |
| 2018-12-25T11:40:16.388935245Z | 37 | PC: 12c5a | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T11:40:16.390178852Z | 37 | PC: 12c63 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input') |
| 2018-12-25T11:40:16.392094978Z | 59 | PC: 12c6d | Change current directory |
| 2018-12-25T11:40:16.396540184Z | 26 | PC: 12c76 | Set disk transfer address |
| 2018-12-25T11:40:16.397701174Z | 9 | PC: 12a49 | Display string (Could not find end pointer) |
| 2018-12-25T11:40:16.406650625Z | 76 | PC: 12a4e | Terminate with return code (Return code = '0') |
{"DateBased":true,"Day":1,"Month":4,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":136,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:40:16.304942702Z | 250 | PC: 12b46 | UNKNOWN! |
| 2018-12-25T11:40:16.306192366Z | 255 | PC: 12b4b | UNKNOWN! |
| 2018-12-25T11:40:16.307453585Z | 26 | PC: 12bc4 | Set disk transfer address |
| 2018-12-25T11:40:16.343005484Z | 71 | PC: 12bcf | Get current directory |
| 2018-12-25T11:40:16.354624213Z | 53 | PC: 12bd9 | Get interrupt vector (Interrupt = '3' AKA 'Auxiliary input') |
| 2018-12-25T11:40:16.408062809Z | 37 | PC: 12bf4 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input') |
| 2018-12-25T11:40:16.409358223Z | 53 | PC: 12bf9 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T11:40:16.410834817Z | 37 | PC: 12c09 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T11:40:16.412692427Z | 78 | PC: 12c16 | Find first file |
| 2018-12-25T11:40:16.417142146Z | 61 | PC: 12dab | Open file (Filename = 'TEST.EXE') |
| 2018-12-25T11:40:16.4663217Z | 63 | PC: 12c29 | Read file or device (Read 26 bytes on handle 5) |
| 2018-12-25T11:40:16.469848039Z | 62 | PC: 12c2d | Close file |
| 2018-12-25T11:40:16.472006132Z | 79 | PC: 12c16 | Find next file (See above) |
| 2018-12-25T11:40:16.47451361Z | 42 | PC: 12c47 | Get date 0x12c47: cmp dh, 4 0x12c4a: je 0x12c9f 0x12c4c: cmp dl, 6 0x12c4f: je 0x12c9f 0x12c51: mov ax, 0x2524 0x12c54: lds dx, ptr [bp + 0x3e5] 0x12c58: int 0x21 0x12c5a: mov ax, 0x2503 0x12c5d: lds dx, ptr [bp + 0x3e9] 0x12c61: int 0x21 0x12c63: push cs 0x12c64: pop ds 0x12c65: mov ah, 0x3b 0x12c67: lea dx, word ptr [bp + 0x3ed] 0x12c6b: int 0x21 0x12c6d: mov ah, 0x1a 0x12c6f: mov dx, 0x80 0x12c72: pop es 0x12c73: pop ds 0x12c74: int 0x21 |
| 2018-12-25T11:40:16.477601601Z | 9 | PC: 12ca7 | Display string (String= ' Help.. Help.. I`m Sinking........ ') |
| 2018-12-25T11:40:16.484945024Z | 37 | PC: 12c5a | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T11:40:16.486110519Z | 37 | PC: 12c63 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input') |
| 2018-12-25T11:40:16.487621965Z | 59 | PC: 12c6d | Change current directory |
| 2018-12-25T11:40:16.491961954Z | 26 | PC: 12c76 | Set disk transfer address |
| 2018-12-25T11:40:16.493161488Z | 9 | PC: 12a49 | Display string (Could not find end pointer) |
| 2018-12-25T11:40:16.501502982Z | 76 | PC: 12a4e | Terminate with return code (Return code = '0') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":136,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:40:16.401958485Z | 250 | PC: 12b46 | UNKNOWN! |
| 2018-12-25T11:40:16.403022426Z | 255 | PC: 12b4b | UNKNOWN! |
| 2018-12-25T11:40:16.403916844Z | 26 | PC: 12bc4 | Set disk transfer address |
| 2018-12-25T11:40:16.407672209Z | 71 | PC: 12bcf | Get current directory |
| 2018-12-25T11:40:16.411215209Z | 53 | PC: 12bd9 | Get interrupt vector (Interrupt = '3' AKA 'Auxiliary input') |
| 2018-12-25T11:40:16.466530226Z | 37 | PC: 12bf4 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input') |
| 2018-12-25T11:40:16.467832311Z | 53 | PC: 12bf9 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T11:40:16.469539014Z | 37 | PC: 12c09 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T11:40:16.471038344Z | 78 | PC: 12c16 | Find first file |
| 2018-12-25T11:40:16.478416865Z | 61 | PC: 12dab | Open file (Filename = 'TEST.EXE') |
| 2018-12-25T11:40:16.523408667Z | 63 | PC: 12c29 | Read file or device (Read 26 bytes on handle 5) |
| 2018-12-25T11:40:16.526898958Z | 62 | PC: 12c2d | Close file |
| 2018-12-25T11:40:16.528819491Z | 79 | PC: 12c16 | Find next file (See above) |
| 2018-12-25T11:40:16.531391725Z | 42 | PC: 12c47 | Get date 0x12c47: cmp dh, 4 0x12c4a: je 0x12c9f 0x12c4c: cmp dl, 6 0x12c4f: je 0x12c9f 0x12c51: mov ax, 0x2524 0x12c54: lds dx, ptr [bp + 0x3e5] 0x12c58: int 0x21 0x12c5a: mov ax, 0x2503 0x12c5d: lds dx, ptr [bp + 0x3e9] 0x12c61: int 0x21 0x12c63: push cs 0x12c64: pop ds 0x12c65: mov ah, 0x3b 0x12c67: lea dx, word ptr [bp + 0x3ed] 0x12c6b: int 0x21 0x12c6d: mov ah, 0x1a 0x12c6f: mov dx, 0x80 0x12c72: pop es 0x12c73: pop ds 0x12c74: int 0x21 |
| 2018-12-25T11:40:16.534349602Z | 37 | PC: 12c5a | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T11:40:16.535509237Z | 37 | PC: 12c63 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input') |
| 2018-12-25T11:40:16.536749923Z | 59 | PC: 12c6d | Change current directory |
| 2018-12-25T11:40:16.542322562Z | 26 | PC: 12c76 | Set disk transfer address |
| 2018-12-25T11:40:16.543698865Z | 9 | PC: 12a49 | Display string (Could not find end pointer) |
| 2018-12-25T11:40:16.551562624Z | 76 | PC: 12a4e | Terminate with return code (Return code = '0') |