{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":15805,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:44:31.098378113Z | 53 | PC: 1531a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:44:31.100412322Z | 37 | PC: 1532b | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:44:31.101662315Z | 26 | PC: 151b5 | Set disk transfer address |
| 2018-12-25T12:44:31.10264295Z | 25 | PC: 151b9 | Get default drive |
| 2018-12-25T12:44:31.103807296Z | 14 | PC: 151c4 | Set default drive (Drive = 'C') |
| 2018-12-25T12:44:31.105496598Z | 78 | PC: 1521f | Find first file |
| 2018-12-25T12:44:31.109133332Z | 61 | PC: 1522c | Open file (Filename = 'COMMAND.COM') |
| 2018-12-25T12:44:31.113001914Z | 66 | PC: 152f5 | Move file pointer |
| 2018-12-25T12:44:31.114792697Z | 87 | PC: 15245 | Get or set file date and time |
| 2018-12-25T12:44:31.116223417Z | 44 | PC: 15261 | Get time 0x15261: cmp dx, 0x100 0x15265: jbe 0x1525d 0x15267: mov word ptr ds:[bp + 0x11f], dx 0x1526c: and dx, 7 0x1526f: add dx, dx 0x15271: mov word ptr [0xfa], dx 0x15275: mov ax, 0x4200 0x15278: call 0x152ef 0x1527b: mov ah, 0x3f 0x1527d: lea dx, word ptr [bp + 0x142] 0x15281: mov di, dx 0x15283: mov cx, 4 0x15286: int 0x21 0x15288: jb 0x152e3 0x1528a: xchg ax, cx 0x1528b: mov al, 0x4d 0x1528d: repne scasb al, byte ptr es:[di] 0x1528f: je 0x1524d 0x15291: mov ax, 0x4202 0x15294: call 0x152ef |
| 2018-12-25T12:44:31.118061521Z | 66 | PC: 152f5 | Move file pointer (See above) |
| 2018-12-25T12:44:31.119609052Z | 63 | PC: 15288 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T12:44:31.121776931Z | 66 | PC: 152f5 | Move file pointer (See above) |
| 2018-12-25T12:44:31.123080121Z | 64 | PC: 152d0 | Write file or device (Write 584 bytes on handle 5) |
| 2018-12-25T12:44:31.466040787Z | 66 | PC: 152f5 | Move file pointer (See above) |
| 2018-12-25T12:44:31.468652836Z | 64 | PC: 152e3 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:44:31.472251575Z | 87 | PC: 152ea | Get or set file date and time |
| 2018-12-25T12:44:31.475009133Z | 62 | PC: 152ee | Close file |
| 2018-12-25T12:44:31.484597655Z | 14 | PC: 151d0 | Set default drive (Drive = 'A') |
| 2018-12-25T12:44:31.486329659Z | 78 | PC: 1521f | Find first file (See above) |
| 2018-12-25T12:44:31.493611142Z | 61 | PC: 1522c | Open file (See above) |
| 2018-12-25T12:44:31.501561681Z | 66 | PC: 152f5 | Move file pointer (See above) |
| 2018-12-25T12:44:31.503302472Z | 62 | PC: 15251 | Close file |
| 2018-12-25T12:44:31.505542237Z | 79 | PC: 1521f | Find next file (See above) |
| 2018-12-25T12:44:31.508020059Z | 61 | PC: 1522c | Open file (See above) |
| 2018-12-25T12:44:31.515743502Z | 66 | PC: 152f5 | Move file pointer (See above) |
| 2018-12-25T12:44:31.517682119Z | 62 | PC: 15251 | Close file (See above) |
| 2018-12-25T12:44:31.520645015Z | 79 | PC: 1521f | Find next file (See above) |
| 2018-12-25T12:44:31.523830888Z | 61 | PC: 1522c | Open file (See above) |
| 2018-12-25T12:44:31.532752042Z | 66 | PC: 152f5 | Move file pointer (See above) |
| 2018-12-25T12:44:31.540397444Z | 62 | PC: 15251 | Close file (See above) |
| 2018-12-25T12:44:31.543044222Z | 79 | PC: 1521f | Find next file (See above) |
| 2018-12-25T12:44:31.54686966Z | 61 | PC: 1522c | Open file (See above) |
| 2018-12-25T12:44:31.557222333Z | 66 | PC: 152f5 | Move file pointer (See above) |
| 2018-12-25T12:44:31.559152462Z | 62 | PC: 15251 | Close file (See above) |
| 2018-12-25T12:44:31.560493619Z | 79 | PC: 1521f | Find next file (See above) |
| 2018-12-25T12:44:31.562692631Z | 61 | PC: 1522c | Open file (See above) |
| 2018-12-25T12:44:31.567629718Z | 66 | PC: 152f5 | Move file pointer (See above) |
| 2018-12-25T12:44:31.568790403Z | 62 | PC: 15251 | Close file (See above) |
| 2018-12-25T12:44:31.570460258Z | 79 | PC: 1521f | Find next file (See above) |
| 2018-12-25T12:44:31.572481426Z | 61 | PC: 1522c | Open file (See above) |
| 2018-12-25T12:44:31.576686247Z | 66 | PC: 152f5 | Move file pointer (See above) |
| 2018-12-25T12:44:31.577733322Z | 62 | PC: 15251 | Close file (See above) |
| 2018-12-25T12:44:31.579426415Z | 79 | PC: 1521f | Find next file (See above) |
| 2018-12-25T12:44:31.581228372Z | 61 | PC: 1522c | Open file (See above) |
| 2018-12-25T12:44:31.585699394Z | 66 | PC: 152f5 | Move file pointer (See above) |
| 2018-12-25T12:44:31.587422003Z | 62 | PC: 15251 | Close file (See above) |
| 2018-12-25T12:44:31.588746972Z | 79 | PC: 1521f | Find next file (See above) |
| 2018-12-25T12:44:31.591164935Z | 61 | PC: 1522c | Open file (See above) |
| 2018-12-25T12:44:31.596646834Z | 66 | PC: 152f5 | Move file pointer (See above) |
| 2018-12-25T12:44:31.597848924Z | 87 | PC: 15245 | Get or set file date and time (See above) |
| 2018-12-25T12:44:31.598995184Z | 44 | PC: 15261 | Get time (See above) |
| 2018-12-25T12:44:31.60110968Z | 66 | PC: 152f5 | Move file pointer (See above) |
| 2018-12-25T12:44:31.602239688Z | 63 | PC: 15288 | Read file or device (See above) |
| 2018-12-25T12:44:31.6043284Z | 62 | PC: 15251 | Close file (See above) |
| 2018-12-25T12:44:31.606104644Z | 79 | PC: 1521f | Find next file (See above) |
{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":15805,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:44:31.880709962Z | 53 | PC: 1531a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:44:31.893290906Z | 37 | PC: 1532b | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:44:31.895714208Z | 26 | PC: 151b5 | Set disk transfer address |
| 2018-12-25T12:44:31.897170633Z | 25 | PC: 151b9 | Get default drive |
| 2018-12-25T12:44:31.900038083Z | 14 | PC: 151c4 | Set default drive (Drive = 'C') |
| 2018-12-25T12:44:31.901809847Z | 78 | PC: 1521f | Find first file |
| 2018-12-25T12:44:31.907693987Z | 61 | PC: 1522c | Open file (Filename = 'COMMAND.COM') |
| 2018-12-25T12:44:31.914405793Z | 66 | PC: 152f5 | Move file pointer |
| 2018-12-25T12:44:31.916149196Z | 87 | PC: 15245 | Get or set file date and time |
| 2018-12-25T12:44:31.917833256Z | 44 | PC: 15261 | Get time 0x15261: cmp dx, 0x100 0x15265: jbe 0x1525d 0x15267: mov word ptr ds:[bp + 0x11f], dx 0x1526c: and dx, 7 0x1526f: add dx, dx 0x15271: mov word ptr [0xfa], dx 0x15275: mov ax, 0x4200 0x15278: call 0x152ef 0x1527b: mov ah, 0x3f 0x1527d: lea dx, word ptr [bp + 0x142] 0x15281: mov di, dx 0x15283: mov cx, 4 0x15286: int 0x21 0x15288: jb 0x152e3 0x1528a: xchg ax, cx 0x1528b: mov al, 0x4d 0x1528d: repne scasb al, byte ptr es:[di] 0x1528f: je 0x1524d 0x15291: mov ax, 0x4202 0x15294: call 0x152ef |
| 2018-12-25T12:44:31.920459131Z | 66 | PC: 152f5 | Move file pointer (See above) |
| 2018-12-25T12:44:31.922662502Z | 63 | PC: 15288 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T12:44:31.92529818Z | 66 | PC: 152f5 | Move file pointer (See above) |
| 2018-12-25T12:44:31.926777703Z | 64 | PC: 152d0 | Write file or device (Write 584 bytes on handle 5) |
| 2018-12-25T12:44:32.283047006Z | 66 | PC: 152f5 | Move file pointer (See above) |
| 2018-12-25T12:44:32.28437127Z | 64 | PC: 152e3 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:44:32.286384133Z | 87 | PC: 152ea | Get or set file date and time |
| 2018-12-25T12:44:32.288169675Z | 62 | PC: 152ee | Close file |
| 2018-12-25T12:44:32.292925348Z | 14 | PC: 151d0 | Set default drive (Drive = 'A') |
| 2018-12-25T12:44:32.293873707Z | 78 | PC: 1521f | Find first file (See above) |
| 2018-12-25T12:44:32.298697045Z | 61 | PC: 1522c | Open file (See above) |
| 2018-12-25T12:44:32.303241231Z | 66 | PC: 152f5 | Move file pointer (See above) |
| 2018-12-25T12:44:32.304307702Z | 62 | PC: 15251 | Close file |
| 2018-12-25T12:44:32.316497875Z | 79 | PC: 1521f | Find next file (See above) |
| 2018-12-25T12:44:32.319402242Z | 61 | PC: 1522c | Open file (See above) |
| 2018-12-25T12:44:32.327467336Z | 66 | PC: 152f5 | Move file pointer (See above) |
| 2018-12-25T12:44:32.329269801Z | 62 | PC: 15251 | Close file (See above) |
| 2018-12-25T12:44:32.331187877Z | 79 | PC: 1521f | Find next file (See above) |
| 2018-12-25T12:44:32.333882409Z | 61 | PC: 1522c | Open file (See above) |
| 2018-12-25T12:44:32.341325526Z | 66 | PC: 152f5 | Move file pointer (See above) |
| 2018-12-25T12:44:32.343178047Z | 62 | PC: 15251 | Close file (See above) |
| 2018-12-25T12:44:32.34527205Z | 79 | PC: 1521f | Find next file (See above) |
| 2018-12-25T12:44:32.348105514Z | 61 | PC: 1522c | Open file (See above) |
| 2018-12-25T12:44:32.355918808Z | 66 | PC: 152f5 | Move file pointer (See above) |
| 2018-12-25T12:44:32.357541712Z | 62 | PC: 15251 | Close file (See above) |
| 2018-12-25T12:44:32.359542477Z | 79 | PC: 1521f | Find next file (See above) |
| 2018-12-25T12:44:32.362788299Z | 61 | PC: 1522c | Open file (See above) |
| 2018-12-25T12:44:32.369998748Z | 66 | PC: 152f5 | Move file pointer (See above) |
| 2018-12-25T12:44:32.371449373Z | 62 | PC: 15251 | Close file (See above) |
| 2018-12-25T12:44:32.374757538Z | 79 | PC: 1521f | Find next file (See above) |
| 2018-12-25T12:44:32.377678435Z | 61 | PC: 1522c | Open file (See above) |
| 2018-12-25T12:44:32.38487012Z | 66 | PC: 152f5 | Move file pointer (See above) |
| 2018-12-25T12:44:32.387850261Z | 62 | PC: 15251 | Close file (See above) |
| 2018-12-25T12:44:32.389734695Z | 79 | PC: 1521f | Find next file (See above) |
| 2018-12-25T12:44:32.392937654Z | 61 | PC: 1522c | Open file (See above) |
| 2018-12-25T12:44:32.401234381Z | 66 | PC: 152f5 | Move file pointer (See above) |
| 2018-12-25T12:44:32.40278533Z | 62 | PC: 15251 | Close file (See above) |
| 2018-12-25T12:44:32.404792192Z | 79 | PC: 1521f | Find next file (See above) |
| 2018-12-25T12:44:32.407716408Z | 61 | PC: 1522c | Open file (See above) |
| 2018-12-25T12:44:32.415225707Z | 66 | PC: 152f5 | Move file pointer (See above) |
| 2018-12-25T12:44:32.416575372Z | 87 | PC: 15245 | Get or set file date and time (See above) |
| 2018-12-25T12:44:32.417860825Z | 44 | PC: 15261 | Get time (See above) |
| 2018-12-25T12:44:32.420413723Z | 66 | PC: 152f5 | Move file pointer (See above) |
| 2018-12-25T12:44:32.421970841Z | 63 | PC: 15288 | Read file or device (See above) |
| 2018-12-25T12:44:32.424753673Z | 62 | PC: 15251 | Close file (See above) |
| 2018-12-25T12:44:32.426791216Z | 79 | PC: 1521f | Find next file (See above) |
| 2018-12-25T12:44:32.456327302Z | 63 | PC: 15e63 | Read file or device (Read 24864 bytes on handle 4774) |
| 2018-12-25T12:44:32.457819119Z | 89 | PC: 15fa8 | Get extended error info |
| 2018-12-25T12:44:32.461175705Z | 64 | PC: 19838 | Write file or device (Write 34 bytes on handle 2) |
| 2018-12-25T12:44:32.4665139Z | 64 | PC: 19838 | Write file or device (See above) |
| 2018-12-25T12:44:32.469449057Z | 100 | PC: 19d8b | Set wait for external event flag |