{"DateBased":true,"Day":11,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16358,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:52:33.171195695Z | 42 | PC: 12a52 | Get date 0x12a52: cmp dh, 0xb 0x12a55: jb 0x12a6f 0x12a57: cmp dh, 0xc 0x12a5a: jg 0x12a6f 0x12a5c: cmp dl, 0xb 0x12a5f: jb 0x12a6f 0x12a61: cmp dl, 0x19 0x12a64: jg 0x12a6f 0x12a66: mov ah, 9 0x12a68: mov dx, 0x24e 0x12a6b: int 0x21 0x12a6d: int 0x20 0x12a6f: mov ax, word ptr [0x2e5] 0x12a72: mov word ptr [0x2e1], ax 0x12a75: mov bx, word ptr [0x2e7] 0x12a79: mov word ptr [0x2e3], bx 0x12a7d: mov ah, 0x1a 0x12a7f: lea dx, word ptr [0x2fd] 0x12a83: int 0x21 0x12a85: mov ah, 0x4e |
| 2018-12-25T12:52:33.173694907Z | 9 | PC: 12a6d | Display string (String= ' Brotherhood... I am seeking my brothers "DEICIDE" and "MORGOTH"... ') |
{"DateBased":true,"Day":26,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16358,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:52:33.466897439Z | 42 | PC: 12a52 | Get date 0x12a52: cmp dh, 0xb 0x12a55: jb 0x12a6f 0x12a57: cmp dh, 0xc 0x12a5a: jg 0x12a6f 0x12a5c: cmp dl, 0xb 0x12a5f: jb 0x12a6f 0x12a61: cmp dl, 0x19 0x12a64: jg 0x12a6f 0x12a66: mov ah, 9 0x12a68: mov dx, 0x24e 0x12a6b: int 0x21 0x12a6d: int 0x20 0x12a6f: mov ax, word ptr [0x2e5] 0x12a72: mov word ptr [0x2e1], ax 0x12a75: mov bx, word ptr [0x2e7] 0x12a79: mov word ptr [0x2e3], bx 0x12a7d: mov ah, 0x1a 0x12a7f: lea dx, word ptr [0x2fd] 0x12a83: int 0x21 0x12a85: mov ah, 0x4e |
| 2018-12-25T12:52:33.469380731Z | 26 | PC: 12a85 | Set disk transfer address |
| 2018-12-25T12:52:33.470335026Z | 78 | PC: 12a90 | Find first file |
| 2018-12-25T12:52:33.476362704Z | 79 | PC: 12af0 | Find next file |
| 2018-12-25T12:52:33.479287527Z | 79 | PC: 12af0 | Find next file (See above) |
| 2018-12-25T12:52:33.481633321Z | 79 | PC: 12af0 | Find next file (See above) |
| 2018-12-25T12:52:33.484012883Z | 79 | PC: 12af0 | Find next file (See above) |
| 2018-12-25T12:52:33.486993841Z | 79 | PC: 12af0 | Find next file (See above) |
| 2018-12-25T12:52:33.489490988Z | 79 | PC: 12af0 | Find next file (See above) |
| 2018-12-25T12:52:33.492684168Z | 79 | PC: 12af0 | Find next file (See above) |
| 2018-12-25T12:52:33.502415763Z | 61 | PC: 12ab1 | Open file (Filename = 'TEST.COM') |
| 2018-12-25T12:52:33.508747704Z | 63 | PC: 12ac0 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T12:52:33.511144103Z | 62 | PC: 12ac4 | Close file |
| 2018-12-25T12:52:33.512716951Z | 79 | PC: 12af0 | Find next file (See above) |
| 2018-12-25T12:52:33.515130837Z | 26 | PC: 12b89 | Set disk transfer address |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16358,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:52:33.740413061Z | 42 | PC: 12a52 | Get date 0x12a52: cmp dh, 0xb 0x12a55: jb 0x12a6f 0x12a57: cmp dh, 0xc 0x12a5a: jg 0x12a6f 0x12a5c: cmp dl, 0xb 0x12a5f: jb 0x12a6f 0x12a61: cmp dl, 0x19 0x12a64: jg 0x12a6f 0x12a66: mov ah, 9 0x12a68: mov dx, 0x24e 0x12a6b: int 0x21 0x12a6d: int 0x20 0x12a6f: mov ax, word ptr [0x2e5] 0x12a72: mov word ptr [0x2e1], ax 0x12a75: mov bx, word ptr [0x2e7] 0x12a79: mov word ptr [0x2e3], bx 0x12a7d: mov ah, 0x1a 0x12a7f: lea dx, word ptr [0x2fd] 0x12a83: int 0x21 0x12a85: mov ah, 0x4e |
| 2018-12-25T12:52:33.742928217Z | 26 | PC: 12a85 | Set disk transfer address |
| 2018-12-25T12:52:33.744391758Z | 78 | PC: 12a90 | Find first file |
| 2018-12-25T12:52:33.75051629Z | 79 | PC: 12af0 | Find next file |
| 2018-12-25T12:52:33.753733547Z | 79 | PC: 12af0 | Find next file (See above) |
| 2018-12-25T12:52:33.756438108Z | 79 | PC: 12af0 | Find next file (See above) |
| 2018-12-25T12:52:33.758910831Z | 79 | PC: 12af0 | Find next file (See above) |
| 2018-12-25T12:52:33.762554314Z | 79 | PC: 12af0 | Find next file (See above) |
| 2018-12-25T12:52:33.764961659Z | 79 | PC: 12af0 | Find next file (See above) |
| 2018-12-25T12:52:33.767285399Z | 79 | PC: 12af0 | Find next file (See above) |
| 2018-12-25T12:52:33.770172654Z | 61 | PC: 12ab1 | Open file (Filename = 'TEST.COM') |
| 2018-12-25T12:52:33.776419036Z | 63 | PC: 12ac0 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T12:52:33.778765799Z | 62 | PC: 12ac4 | Close file |
| 2018-12-25T12:52:33.781355925Z | 79 | PC: 12af0 | Find next file (See above) |
| 2018-12-25T12:52:33.783709881Z | 26 | PC: 12b89 | Set disk transfer address |
{"DateBased":true,"Day":1,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16358,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:52:33.985337572Z | 42 | PC: 12a52 | Get date 0x12a52: cmp dh, 0xb 0x12a55: jb 0x12a6f 0x12a57: cmp dh, 0xc 0x12a5a: jg 0x12a6f 0x12a5c: cmp dl, 0xb 0x12a5f: jb 0x12a6f 0x12a61: cmp dl, 0x19 0x12a64: jg 0x12a6f 0x12a66: mov ah, 9 0x12a68: mov dx, 0x24e 0x12a6b: int 0x21 0x12a6d: int 0x20 0x12a6f: mov ax, word ptr [0x2e5] 0x12a72: mov word ptr [0x2e1], ax 0x12a75: mov bx, word ptr [0x2e7] 0x12a79: mov word ptr [0x2e3], bx 0x12a7d: mov ah, 0x1a 0x12a7f: lea dx, word ptr [0x2fd] 0x12a83: int 0x21 0x12a85: mov ah, 0x4e |
| 2018-12-25T12:52:33.987889602Z | 26 | PC: 12a85 | Set disk transfer address |
| 2018-12-25T12:52:33.988801148Z | 78 | PC: 12a90 | Find first file |
| 2018-12-25T12:52:33.994521221Z | 79 | PC: 12af0 | Find next file |
| 2018-12-25T12:52:33.997428289Z | 79 | PC: 12af0 | Find next file (See above) |
| 2018-12-25T12:52:33.999846527Z | 79 | PC: 12af0 | Find next file (See above) |
| 2018-12-25T12:52:34.002217007Z | 79 | PC: 12af0 | Find next file (See above) |
| 2018-12-25T12:52:34.005023486Z | 79 | PC: 12af0 | Find next file (See above) |
| 2018-12-25T12:52:34.008341195Z | 79 | PC: 12af0 | Find next file (See above) |
| 2018-12-25T12:52:34.01089462Z | 79 | PC: 12af0 | Find next file (See above) |
| 2018-12-25T12:52:34.013826619Z | 61 | PC: 12ab1 | Open file (Filename = 'TEST.COM') |
| 2018-12-25T12:52:34.020286766Z | 63 | PC: 12ac0 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T12:52:34.022624666Z | 62 | PC: 12ac4 | Close file |
| 2018-12-25T12:52:34.024740703Z | 79 | PC: 12af0 | Find next file (See above) |
| 2018-12-25T12:52:34.027020151Z | 26 | PC: 12b89 | Set disk transfer address |