{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":16381,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:52:41.06982822Z | 42 | PC: 12a77 | Get date 0x12a77: cmp cx, 0x7bc 0x12a7b: jle 0x12a8d 0x12a7d: jmp 0x12a80 0x12a7f: nop 0x12a80: mov ah, 0x2a 0x12a82: int 0x21 0x12a84: cmp dx, 0xb19 0x12a88: je 0x12acb 0x12a8a: jmp 0x12a99 0x12a8c: nop 0x12a8d: mov ah, 0x2c 0x12a8f: int 0x21 0x12a91: cmp cl, 0x1e 0x12a94: jge 0x12ab2 0x12a96: jmp 0x12a99 0x12a98: nop 0x12a99: mov dx, 0x2df 0x12a9c: mov ah, 0x4e 0x12a9e: xor cx, cx 0x12aa0: int 0x21 |
| 2018-12-25T12:52:41.072058241Z | 44 | PC: 12a91 | Get time 0x12a91: cmp cl, 0x1e 0x12a94: jge 0x12ab2 0x12a96: jmp 0x12a99 0x12a98: nop 0x12a99: mov dx, 0x2df 0x12a9c: mov ah, 0x4e 0x12a9e: xor cx, cx 0x12aa0: int 0x21 0x12aa2: jb 0x12aa7 0x12aa4: jmp 0x12b08 0x12aa6: nop 0x12aa7: mov dx, 0x2e3 0x12aaa: mov ah, 0x3b 0x12aac: int 0x21 0x12aae: jb 0x12af7 0x12ab0: jmp 0x12a99 0x12ab2: push ax 0x12ab3: push bx 0x12ab4: mov bx, 0x268 0x12ab7: call 0x12ad8 |
| 2018-12-25T12:52:41.075685216Z | 78 | PC: 12aa2 | Find first file |
| 2018-12-25T12:52:41.081440313Z | 61 | PC: 12b29 | Open file (Filename = '*.*') |
| 2018-12-25T12:52:41.086146508Z | 62 | PC: 12b34 | Close file |
| 2018-12-25T12:52:41.088299672Z | 79 | PC: 12ac3 | Find next file |
| 2018-12-25T12:52:41.090698575Z | 61 | PC: 12b29 | Open file (See above) |
| 2018-12-25T12:52:41.100206778Z | 62 | PC: 12b34 | Close file (See above) |
| 2018-12-25T12:52:41.108515517Z | 79 | PC: 12ac3 | Find next file (See above) |
| 2018-12-25T12:52:41.114894465Z | 61 | PC: 12b29 | Open file (See above) |
| 2018-12-25T12:52:41.12026657Z | 62 | PC: 12b34 | Close file (See above) |
| 2018-12-25T12:52:41.122603447Z | 79 | PC: 12ac3 | Find next file (See above) |
| 2018-12-25T12:52:41.125240399Z | 61 | PC: 12b29 | Open file (See above) |
| 2018-12-25T12:52:41.130027301Z | 62 | PC: 12b34 | Close file (See above) |
| 2018-12-25T12:52:41.131443361Z | 79 | PC: 12ac3 | Find next file (See above) |
| 2018-12-25T12:52:41.133955297Z | 61 | PC: 12b29 | Open file (See above) |
| 2018-12-25T12:52:41.139031287Z | 62 | PC: 12b34 | Close file (See above) |
| 2018-12-25T12:52:41.140512124Z | 79 | PC: 12ac3 | Find next file (See above) |
| 2018-12-25T12:52:41.143623474Z | 61 | PC: 12b29 | Open file (See above) |
| 2018-12-25T12:52:41.148272875Z | 62 | PC: 12b34 | Close file (See above) |
| 2018-12-25T12:52:41.149557677Z | 79 | PC: 12ac3 | Find next file (See above) |
| 2018-12-25T12:52:41.152569839Z | 61 | PC: 12b29 | Open file (See above) |
| 2018-12-25T12:52:41.157709538Z | 62 | PC: 12b34 | Close file (See above) |
| 2018-12-25T12:52:41.159449465Z | 79 | PC: 12ac3 | Find next file (See above) |
| 2018-12-25T12:52:41.162741142Z | 61 | PC: 12b29 | Open file (See above) |
| 2018-12-25T12:52:41.167929674Z | 62 | PC: 12b34 | Close file (See above) |
| 2018-12-25T12:52:41.169249352Z | 79 | PC: 12ac3 | Find next file (See above) |
| 2018-12-25T12:52:41.172122387Z | 61 | PC: 12b29 | Open file (See above) |
| 2018-12-25T12:52:41.176758359Z | 62 | PC: 12b34 | Close file (See above) |
| 2018-12-25T12:52:41.178044247Z | 61 | PC: 12b45 | Open file (Filename = 'TEST.COM') |
| 2018-12-25T12:52:41.185698078Z | 64 | PC: 12a6f | Write file or device (Write 493 bytes on handle 2) |
| 2018-12-25T12:52:41.192287853Z | 87 | PC: 12b59 | Get or set file date and time |
| 2018-12-25T12:52:41.193657325Z | 62 | PC: 12b61 | Close file |
| 2018-12-25T12:52:41.207272426Z | 67 | PC: 12b6e | Get or set file attributes |
| 2018-12-25T12:52:41.211865999Z | 79 | PC: 12ac3 | Find next file (See above) |
| 2018-12-25T12:52:41.21411829Z | 59 | PC: 12aae | Change current directory |
| 2018-12-25T12:52:41.218569716Z | 44 | PC: 12afb | Get time 0x12afb: cmp dh, 0xa 0x12afe: ja 0x12b06 0x12b00: mov bx, 0x2b9 0x12b03: call 0x22ad8 0x12b06: int 0x20 0x12b08: mov bx, 0x80 0x12b0b: mov ax, word ptr [bx + 0x15] 0x12b0e: mov word ptr [0x2e6], ax 0x12b11: mov ax, word ptr [bx + 0x16] 0x12b14: mov word ptr [0x2e8], ax 0x12b17: mov ax, word ptr [bx + 0x18] 0x12b1a: mov word ptr [0x2ea], ax 0x12b1d: mov ax, word ptr [bx + 0x1a] 0x12b20: mov word ptr [0x2ec], ax 0x12b23: mov al, 2 0x12b25: mov ah, 0x3d 0x12b27: int 0x21 0x12b29: mov word ptr [0x2ee], ax 0x12b2c: mov bx, word ptr [0x2ee] 0x12b30: mov ah, 0x3e |
| 2018-12-25T12:52:41.221106714Z | 2 | PC: 12ae6 | Character output (Char = '0d') |
| 2018-12-25T12:52:41.223060444Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:52:41.226965581Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:52:41.228872999Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:52:41.230684318Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:52:41.23326166Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:52:41.235171821Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:52:41.237041955Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:52:41.239678234Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:52:41.241713402Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:52:41.24360406Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:52:41.245682986Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:52:41.248046361Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:52:41.250037242Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:52:41.252371498Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:52:41.254327585Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:52:41.256242924Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:52:41.258578171Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:52:41.261694777Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:52:41.263504186Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:52:41.2658386Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:52:41.267751707Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:52:41.269628123Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:52:41.271964706Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:52:41.274072847Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:52:41.275940973Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:52:41.278524985Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:52:41.28092773Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:52:41.284527973Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:52:41.287010758Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:52:41.289805253Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:52:41.29174159Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:52:41.293686777Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:52:41.296232581Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:52:41.300470495Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:52:41.303893096Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:52:41.305975471Z | 2 | PC: 12ae6 | Character output (See above) |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":16381,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:52:45.579985444Z | 42 | PC: 12a77 | Get date 0x12a77: cmp cx, 0x7bc 0x12a7b: jle 0x12a8d 0x12a7d: jmp 0x12a80 0x12a7f: nop 0x12a80: mov ah, 0x2a 0x12a82: int 0x21 0x12a84: cmp dx, 0xb19 0x12a88: je 0x12acb 0x12a8a: jmp 0x12a99 0x12a8c: nop 0x12a8d: mov ah, 0x2c 0x12a8f: int 0x21 0x12a91: cmp cl, 0x1e 0x12a94: jge 0x12ab2 0x12a96: jmp 0x12a99 0x12a98: nop 0x12a99: mov dx, 0x2df 0x12a9c: mov ah, 0x4e 0x12a9e: xor cx, cx 0x12aa0: int 0x21 |
| 2018-12-25T12:52:45.582468228Z | 44 | PC: 12a91 | Get time 0x12a91: cmp cl, 0x1e 0x12a94: jge 0x12ab2 0x12a96: jmp 0x12a99 0x12a98: nop 0x12a99: mov dx, 0x2df 0x12a9c: mov ah, 0x4e 0x12a9e: xor cx, cx 0x12aa0: int 0x21 0x12aa2: jb 0x12aa7 0x12aa4: jmp 0x12b08 0x12aa6: nop 0x12aa7: mov dx, 0x2e3 0x12aaa: mov ah, 0x3b 0x12aac: int 0x21 0x12aae: jb 0x12af7 0x12ab0: jmp 0x12a99 0x12ab2: push ax 0x12ab3: push bx 0x12ab4: mov bx, 0x268 0x12ab7: call 0x12ad8 |
| 2018-12-25T12:52:45.584556272Z | 78 | PC: 12aa2 | Find first file |
| 2018-12-25T12:52:45.590369772Z | 61 | PC: 12b29 | Open file (Filename = '*.*') |
| 2018-12-25T12:52:45.595766939Z | 62 | PC: 12b34 | Close file |
| 2018-12-25T12:52:45.597422114Z | 79 | PC: 12ac3 | Find next file |
| 2018-12-25T12:52:45.599732797Z | 61 | PC: 12b29 | Open file (See above) |
| 2018-12-25T12:52:45.610108982Z | 62 | PC: 12b34 | Close file (See above) |
| 2018-12-25T12:52:45.611515239Z | 79 | PC: 12ac3 | Find next file (See above) |
| 2018-12-25T12:52:45.617643162Z | 61 | PC: 12b29 | Open file (See above) |
| 2018-12-25T12:52:45.622800635Z | 62 | PC: 12b34 | Close file (See above) |
| 2018-12-25T12:52:45.624352599Z | 79 | PC: 12ac3 | Find next file (See above) |
| 2018-12-25T12:52:45.626790159Z | 61 | PC: 12b29 | Open file (See above) |
| 2018-12-25T12:52:45.631858084Z | 62 | PC: 12b34 | Close file (See above) |
| 2018-12-25T12:52:45.633165975Z | 79 | PC: 12ac3 | Find next file (See above) |
| 2018-12-25T12:52:45.635489526Z | 61 | PC: 12b29 | Open file (See above) |
| 2018-12-25T12:52:45.640236909Z | 62 | PC: 12b34 | Close file (See above) |
| 2018-12-25T12:52:45.641802427Z | 79 | PC: 12ac3 | Find next file (See above) |
| 2018-12-25T12:52:45.644135017Z | 61 | PC: 12b29 | Open file (See above) |
| 2018-12-25T12:52:45.649094883Z | 62 | PC: 12b34 | Close file (See above) |
| 2018-12-25T12:52:45.65085624Z | 79 | PC: 12ac3 | Find next file (See above) |
| 2018-12-25T12:52:45.659881164Z | 61 | PC: 12b29 | Open file (See above) |
| 2018-12-25T12:52:45.669184463Z | 62 | PC: 12b34 | Close file (See above) |
| 2018-12-25T12:52:45.670608859Z | 79 | PC: 12ac3 | Find next file (See above) |
| 2018-12-25T12:52:45.676701782Z | 61 | PC: 12b29 | Open file (See above) |
| 2018-12-25T12:52:45.686844099Z | 62 | PC: 12b34 | Close file (See above) |
| 2018-12-25T12:52:45.68850586Z | 79 | PC: 12ac3 | Find next file (See above) |
| 2018-12-25T12:52:45.694587764Z | 61 | PC: 12b29 | Open file (See above) |
| 2018-12-25T12:52:45.699256039Z | 62 | PC: 12b34 | Close file (See above) |
| 2018-12-25T12:52:45.700964494Z | 61 | PC: 12b45 | Open file (Filename = 'TEST.COM') |
| 2018-12-25T12:52:45.707649783Z | 64 | PC: 12a6f | Write file or device (Write 493 bytes on handle 2) |
| 2018-12-25T12:52:45.714180383Z | 87 | PC: 12b59 | Get or set file date and time |
| 2018-12-25T12:52:45.716453898Z | 62 | PC: 12b61 | Close file |
| 2018-12-25T12:52:45.72908706Z | 67 | PC: 12b6e | Get or set file attributes |
| 2018-12-25T12:52:45.733588445Z | 79 | PC: 12ac3 | Find next file (See above) |
| 2018-12-25T12:52:45.73666585Z | 59 | PC: 12aae | Change current directory |
| 2018-12-25T12:52:45.745750386Z | 44 | PC: 12afb | Get time 0x12afb: cmp dh, 0xa 0x12afe: ja 0x12b06 0x12b00: mov bx, 0x2b9 0x12b03: call 0x22ad8 0x12b06: int 0x20 0x12b08: mov bx, 0x80 0x12b0b: mov ax, word ptr [bx + 0x15] 0x12b0e: mov word ptr [0x2e6], ax 0x12b11: mov ax, word ptr [bx + 0x16] 0x12b14: mov word ptr [0x2e8], ax 0x12b17: mov ax, word ptr [bx + 0x18] 0x12b1a: mov word ptr [0x2ea], ax 0x12b1d: mov ax, word ptr [bx + 0x1a] 0x12b20: mov word ptr [0x2ec], ax 0x12b23: mov al, 2 0x12b25: mov ah, 0x3d 0x12b27: int 0x21 0x12b29: mov word ptr [0x2ee], ax 0x12b2c: mov bx, word ptr [0x2ee] 0x12b30: mov ah, 0x3e |
| 2018-12-25T12:52:45.748158764Z | 2 | PC: 12ae6 | Character output (Char = '0d') |
| 2018-12-25T12:52:45.751325722Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:52:45.754829409Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:52:45.756811009Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:52:45.759622749Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:52:45.76158373Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:52:45.763531192Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:52:45.765716325Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:52:45.767955Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:52:45.770002115Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:52:45.772106601Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:52:45.77489737Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:52:45.777155523Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:52:45.779591447Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:52:45.782140467Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:52:45.784411461Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:52:45.786864262Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:52:45.789466288Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:52:45.791623018Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:52:45.793940929Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:52:45.796132094Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:52:45.79801797Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:52:45.800173115Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:52:45.802848066Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:52:45.804925735Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:52:45.807121621Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:52:45.809374829Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:52:45.813896409Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:52:45.817740892Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:52:45.838699072Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:52:45.840694633Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:52:45.842092695Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:52:45.843621366Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:52:45.845136815Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:52:45.84642336Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:52:45.848894954Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:52:45.850346238Z | 2 | PC: 12ae6 | Character output (See above) |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":11,"TimeBased":true,"OriginalID":16381,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:52:45.861881262Z | 42 | PC: 12a77 | Get date 0x12a77: cmp cx, 0x7bc 0x12a7b: jle 0x12a8d 0x12a7d: jmp 0x12a80 0x12a7f: nop 0x12a80: mov ah, 0x2a 0x12a82: int 0x21 0x12a84: cmp dx, 0xb19 0x12a88: je 0x12acb 0x12a8a: jmp 0x12a99 0x12a8c: nop 0x12a8d: mov ah, 0x2c 0x12a8f: int 0x21 0x12a91: cmp cl, 0x1e 0x12a94: jge 0x12ab2 0x12a96: jmp 0x12a99 0x12a98: nop 0x12a99: mov dx, 0x2df 0x12a9c: mov ah, 0x4e 0x12a9e: xor cx, cx 0x12aa0: int 0x21 |
| 2018-12-25T12:52:45.864604384Z | 44 | PC: 12a91 | Get time 0x12a91: cmp cl, 0x1e 0x12a94: jge 0x12ab2 0x12a96: jmp 0x12a99 0x12a98: nop 0x12a99: mov dx, 0x2df 0x12a9c: mov ah, 0x4e 0x12a9e: xor cx, cx 0x12aa0: int 0x21 0x12aa2: jb 0x12aa7 0x12aa4: jmp 0x12b08 0x12aa6: nop 0x12aa7: mov dx, 0x2e3 0x12aaa: mov ah, 0x3b 0x12aac: int 0x21 0x12aae: jb 0x12af7 0x12ab0: jmp 0x12a99 0x12ab2: push ax 0x12ab3: push bx 0x12ab4: mov bx, 0x268 0x12ab7: call 0x12ad8 |
| 2018-12-25T12:52:45.866639532Z | 78 | PC: 12aa2 | Find first file |
| 2018-12-25T12:52:45.872266362Z | 61 | PC: 12b29 | Open file (Filename = '*.*') |
| 2018-12-25T12:52:45.876997798Z | 62 | PC: 12b34 | Close file |
| 2018-12-25T12:52:45.878807243Z | 79 | PC: 12ac3 | Find next file |
| 2018-12-25T12:52:45.881172731Z | 61 | PC: 12b29 | Open file (See above) |
| 2018-12-25T12:52:45.890518427Z | 62 | PC: 12b34 | Close file (See above) |
| 2018-12-25T12:52:45.892054574Z | 79 | PC: 12ac3 | Find next file (See above) |
| 2018-12-25T12:52:45.898189599Z | 61 | PC: 12b29 | Open file (See above) |
| 2018-12-25T12:52:45.907991905Z | 62 | PC: 12b34 | Close file (See above) |
| 2018-12-25T12:52:45.910300988Z | 79 | PC: 12ac3 | Find next file (See above) |
| 2018-12-25T12:52:45.916514252Z | 61 | PC: 12b29 | Open file (See above) |
| 2018-12-25T12:52:45.921190469Z | 62 | PC: 12b34 | Close file (See above) |
| 2018-12-25T12:52:45.922893827Z | 79 | PC: 12ac3 | Find next file (See above) |
| 2018-12-25T12:52:45.925469515Z | 61 | PC: 12b29 | Open file (See above) |
| 2018-12-25T12:52:45.930301347Z | 62 | PC: 12b34 | Close file (See above) |
| 2018-12-25T12:52:45.932153041Z | 79 | PC: 12ac3 | Find next file (See above) |
| 2018-12-25T12:52:45.93453677Z | 61 | PC: 12b29 | Open file (See above) |
| 2018-12-25T12:52:45.9393895Z | 62 | PC: 12b34 | Close file (See above) |
| 2018-12-25T12:52:45.941630578Z | 79 | PC: 12ac3 | Find next file (See above) |
| 2018-12-25T12:52:45.943973182Z | 61 | PC: 12b29 | Open file (See above) |
| 2018-12-25T12:52:45.948554097Z | 62 | PC: 12b34 | Close file (See above) |
| 2018-12-25T12:52:45.950291367Z | 79 | PC: 12ac3 | Find next file (See above) |
| 2018-12-25T12:52:45.952765563Z | 61 | PC: 12b29 | Open file (See above) |
| 2018-12-25T12:52:45.962150216Z | 62 | PC: 12b34 | Close file (See above) |
| 2018-12-25T12:52:45.964504385Z | 79 | PC: 12ac3 | Find next file (See above) |
| 2018-12-25T12:52:45.971160611Z | 61 | PC: 12b29 | Open file (See above) |
| 2018-12-25T12:52:45.975865429Z | 62 | PC: 12b34 | Close file (See above) |
| 2018-12-25T12:52:45.982667426Z | 61 | PC: 12b45 | Open file (Filename = 'TEST.COM') |
| 2018-12-25T12:52:46.001018263Z | 64 | PC: 12a6f | Write file or device (Write 493 bytes on handle 2) |
| 2018-12-25T12:52:46.007709934Z | 87 | PC: 12b59 | Get or set file date and time |
| 2018-12-25T12:52:46.009694043Z | 62 | PC: 12b61 | Close file |
| 2018-12-25T12:52:46.025971138Z | 67 | PC: 12b6e | Get or set file attributes |
| 2018-12-25T12:52:46.030708749Z | 79 | PC: 12ac3 | Find next file (See above) |
| 2018-12-25T12:52:46.033571468Z | 59 | PC: 12aae | Change current directory |
| 2018-12-25T12:52:46.042700113Z | 44 | PC: 12afb | Get time 0x12afb: cmp dh, 0xa 0x12afe: ja 0x12b06 0x12b00: mov bx, 0x2b9 0x12b03: call 0x22ad8 0x12b06: int 0x20 0x12b08: mov bx, 0x80 0x12b0b: mov ax, word ptr [bx + 0x15] 0x12b0e: mov word ptr [0x2e6], ax 0x12b11: mov ax, word ptr [bx + 0x16] 0x12b14: mov word ptr [0x2e8], ax 0x12b17: mov ax, word ptr [bx + 0x18] 0x12b1a: mov word ptr [0x2ea], ax 0x12b1d: mov ax, word ptr [bx + 0x1a] 0x12b20: mov word ptr [0x2ec], ax 0x12b23: mov al, 2 0x12b25: mov ah, 0x3d 0x12b27: int 0x21 0x12b29: mov word ptr [0x2ee], ax 0x12b2c: mov bx, word ptr [0x2ee] 0x12b30: mov ah, 0x3e |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":11,"TimeBased":true,"OriginalID":16381,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:52:46.109371844Z | 42 | PC: 12a77 | Get date 0x12a77: cmp cx, 0x7bc 0x12a7b: jle 0x12a8d 0x12a7d: jmp 0x12a80 0x12a7f: nop 0x12a80: mov ah, 0x2a 0x12a82: int 0x21 0x12a84: cmp dx, 0xb19 0x12a88: je 0x12acb 0x12a8a: jmp 0x12a99 0x12a8c: nop 0x12a8d: mov ah, 0x2c 0x12a8f: int 0x21 0x12a91: cmp cl, 0x1e 0x12a94: jge 0x12ab2 0x12a96: jmp 0x12a99 0x12a98: nop 0x12a99: mov dx, 0x2df 0x12a9c: mov ah, 0x4e 0x12a9e: xor cx, cx 0x12aa0: int 0x21 |
| 2018-12-25T12:52:46.111088082Z | 44 | PC: 12a91 | Get time 0x12a91: cmp cl, 0x1e 0x12a94: jge 0x12ab2 0x12a96: jmp 0x12a99 0x12a98: nop 0x12a99: mov dx, 0x2df 0x12a9c: mov ah, 0x4e 0x12a9e: xor cx, cx 0x12aa0: int 0x21 0x12aa2: jb 0x12aa7 0x12aa4: jmp 0x12b08 0x12aa6: nop 0x12aa7: mov dx, 0x2e3 0x12aaa: mov ah, 0x3b 0x12aac: int 0x21 0x12aae: jb 0x12af7 0x12ab0: jmp 0x12a99 0x12ab2: push ax 0x12ab3: push bx 0x12ab4: mov bx, 0x268 0x12ab7: call 0x12ad8 |
| 2018-12-25T12:52:46.112479392Z | 78 | PC: 12aa2 | Find first file |
| 2018-12-25T12:52:46.116212182Z | 61 | PC: 12b29 | Open file (Filename = '*.*') |
| 2018-12-25T12:52:46.119659769Z | 62 | PC: 12b34 | Close file |
| 2018-12-25T12:52:46.121105709Z | 79 | PC: 12ac3 | Find next file |
| 2018-12-25T12:52:46.122688815Z | 61 | PC: 12b29 | Open file (See above) |
| 2018-12-25T12:52:46.129069855Z | 62 | PC: 12b34 | Close file (See above) |
| 2018-12-25T12:52:46.130271703Z | 79 | PC: 12ac3 | Find next file (See above) |
| 2018-12-25T12:52:46.13414096Z | 61 | PC: 12b29 | Open file (See above) |
| 2018-12-25T12:52:46.141253279Z | 62 | PC: 12b34 | Close file (See above) |
| 2018-12-25T12:52:46.14309057Z | 79 | PC: 12ac3 | Find next file (See above) |
| 2018-12-25T12:52:46.149693499Z | 61 | PC: 12b29 | Open file (See above) |
| 2018-12-25T12:52:46.154810131Z | 62 | PC: 12b34 | Close file (See above) |
| 2018-12-25T12:52:46.156643012Z | 79 | PC: 12ac3 | Find next file (See above) |
| 2018-12-25T12:52:46.15908749Z | 61 | PC: 12b29 | Open file (See above) |
| 2018-12-25T12:52:46.163866045Z | 62 | PC: 12b34 | Close file (See above) |
| 2018-12-25T12:52:46.166103455Z | 79 | PC: 12ac3 | Find next file (See above) |
| 2018-12-25T12:52:46.168478249Z | 61 | PC: 12b29 | Open file (See above) |
| 2018-12-25T12:52:46.173164577Z | 62 | PC: 12b34 | Close file (See above) |
| 2018-12-25T12:52:46.181146284Z | 79 | PC: 12ac3 | Find next file (See above) |
| 2018-12-25T12:52:46.188884593Z | 61 | PC: 12b29 | Open file (See above) |
| 2018-12-25T12:52:46.193861238Z | 62 | PC: 12b34 | Close file (See above) |
| 2018-12-25T12:52:46.200605986Z | 79 | PC: 12ac3 | Find next file (See above) |
| 2018-12-25T12:52:46.203161379Z | 61 | PC: 12b29 | Open file (See above) |
| 2018-12-25T12:52:46.212661392Z | 62 | PC: 12b34 | Close file (See above) |
| 2018-12-25T12:52:46.215196258Z | 79 | PC: 12ac3 | Find next file (See above) |
| 2018-12-25T12:52:46.22192309Z | 61 | PC: 12b29 | Open file (See above) |
| 2018-12-25T12:52:46.226874214Z | 62 | PC: 12b34 | Close file (See above) |
| 2018-12-25T12:52:46.22939938Z | 61 | PC: 12b45 | Open file (Filename = 'TEST.COM') |
| 2018-12-25T12:52:46.235766189Z | 64 | PC: 12a6f | Write file or device (Write 493 bytes on handle 2) |
| 2018-12-25T12:52:46.248485005Z | 87 | PC: 12b59 | Get or set file date and time |
| 2018-12-25T12:52:46.249841027Z | 62 | PC: 12b61 | Close file |
| 2018-12-25T12:52:46.263668163Z | 67 | PC: 12b6e | Get or set file attributes |
| 2018-12-25T12:52:46.268298352Z | 79 | PC: 12ac3 | Find next file (See above) |
| 2018-12-25T12:52:46.270711228Z | 59 | PC: 12aae | Change current directory |
| 2018-12-25T12:52:46.275867397Z | 44 | PC: 12afb | Get time 0x12afb: cmp dh, 0xa 0x12afe: ja 0x12b06 0x12b00: mov bx, 0x2b9 0x12b03: call 0x22ad8 0x12b06: int 0x20 0x12b08: mov bx, 0x80 0x12b0b: mov ax, word ptr [bx + 0x15] 0x12b0e: mov word ptr [0x2e6], ax 0x12b11: mov ax, word ptr [bx + 0x16] 0x12b14: mov word ptr [0x2e8], ax 0x12b17: mov ax, word ptr [bx + 0x18] 0x12b1a: mov word ptr [0x2ea], ax 0x12b1d: mov ax, word ptr [bx + 0x1a] 0x12b20: mov word ptr [0x2ec], ax 0x12b23: mov al, 2 0x12b25: mov ah, 0x3d 0x12b27: int 0x21 0x12b29: mov word ptr [0x2ee], ax 0x12b2c: mov bx, word ptr [0x2ee] 0x12b30: mov ah, 0x3e |