{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":2475,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:45:54.436689276Z | 44 | PC: 13222 | Get time 0x13222: cmp dh, 5 0x13225: jg 0x13237 0x13227: mov ah, 9 0x13229: mov dx, 0x329 0x1322c: pop cx 0x1322d: add dx, cx 0x1322f: push cx 0x13230: int 0x21 0x13232: mov ax, 0x4c00 0x13235: int 0x21 0x13237: mov bx, 0x2c 0x1323a: mov dx, word ptr [bx] 0x1323c: push dx 0x1323d: pop ds 0x1323e: xor si, si 0x13240: inc si 0x13241: cmp byte ptr [si], 0 0x13244: jne 0x13240 0x13246: push cs 0x13247: pop ds |
| 2018-12-25T11:45:54.439156101Z | 9 | PC: 13232 | Display string (String= 'Bad COM format.') |
| 2018-12-25T11:45:54.44207928Z | 76 | PC: 13237 | Terminate with return code (Return code = '0') |
{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":6,"TimeBased":true,"OriginalID":2475,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:45:54.46904347Z | 44 | PC: 13222 | Get time 0x13222: cmp dh, 5 0x13225: jg 0x13237 0x13227: mov ah, 9 0x13229: mov dx, 0x329 0x1322c: pop cx 0x1322d: add dx, cx 0x1322f: push cx 0x13230: int 0x21 0x13232: mov ax, 0x4c00 0x13235: int 0x21 0x13237: mov bx, 0x2c 0x1323a: mov dx, word ptr [bx] 0x1323c: push dx 0x1323d: pop ds 0x1323e: xor si, si 0x13240: inc si 0x13241: cmp byte ptr [si], 0 0x13244: jne 0x13240 0x13246: push cs 0x13247: pop ds |
| 2018-12-25T11:45:54.472724539Z | 26 | PC: 13264 | Set disk transfer address |
| 2018-12-25T11:45:54.473870339Z | 61 | PC: 1326c | Open file (Filename = 'P$G') |
| 2018-12-25T11:45:54.479910882Z | 78 | PC: 132a1 | Find first file |
| 2018-12-25T11:45:54.486121566Z | 61 | PC: 132cc | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:45:54.492441223Z | 63 | PC: 132de | Read file or device (Read 6 bytes on handle 5) |
| 2018-12-25T11:45:54.498673922Z | 62 | PC: 132e2 | Close file |
| 2018-12-25T11:45:54.500895391Z | 67 | PC: 1334a | Get or set file attributes |
| 2018-12-25T11:45:54.516242735Z | 61 | PC: 13351 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:45:54.52774324Z | 87 | PC: 13373 | Get or set file date and time |
| 2018-12-25T11:45:54.529664708Z | 66 | PC: 13381 | Move file pointer |
| 2018-12-25T11:45:54.536279043Z | 64 | PC: 133be | Write file or device (Write 600 bytes on handle 5) |
| 2018-12-25T11:45:54.545043952Z | 66 | PC: 133d8 | Move file pointer |
| 2018-12-25T11:45:54.546903503Z | 64 | PC: 133e6 | Write file or device (Write 6 bytes on handle 5) |
| 2018-12-25T11:45:54.553330326Z | 87 | PC: 133f0 | Get or set file date and time |
| 2018-12-25T11:45:54.555028217Z | 62 | PC: 133f4 | Close file |
| 2018-12-25T11:45:54.563318952Z | 26 | PC: 13402 | Set disk transfer address |
| 2018-12-25T11:45:54.56592774Z | 67 | PC: 9f3ad | Get or set file attributes |
| 2018-12-25T11:45:54.874153746Z | 61 | PC: 9f3b2 | Open file (Filename = 'c:\dos\format.com') |
| 2018-12-25T11:45:54.88556211Z | 87 | PC: 9f3be | Get or set file date and time |
| 2018-12-25T11:45:54.88839739Z | 63 | PC: 9f3d4 | Read file or device (Read 5 bytes on handle 5) |
| 2018-12-25T11:45:54.894980435Z | 66 | PC: 9f3e6 | Move file pointer |
| 2018-12-25T11:45:54.897226815Z | 44 | PC: 9f45e | Get time 0x9f45e: mov di, 0x535 0x9f461: mov cx, 0x4f3 0x9f464: add byte ptr cs:[di], cl 0x9f467: add byte ptr cs:[di], dl 0x9f46a: cmp dl, 0x1e 0x9f46d: jb 0x9f475 0x9f46f: xor byte ptr cs:[di], dl 0x9f472: jmp 0x9f478 0x9f474: nop 0x9f475: add byte ptr cs:[di], dl 0x9f478: inc di 0x9f479: loop 0x9f464 0x9f47b: cmp dl, 0x1e 0x9f47e: jae 0x9f486 0x9f480: mov byte ptr cs:[0x52a], 0x28 0x9f486: mov byte ptr cs:[0x528], dl 0x9f48b: pop ax 0x9f48c: pop dx 0x9f48d: pop si 0x9f48e: pop es |
| 2018-12-25T11:45:54.902022053Z | 44 | PC: 9f335 | Get time 0x9f335: cmp dl, 0x62 0x9f338: jb 0x9f34e 0x9f33a: mov ax, cs 0x9f33c: push ax 0x9f33d: pop ds 0x9f33e: mov dx, 0x4a9 0x9f341: mov ah, 0x40 0x9f343: mov byte ptr cs:[0x4bc], 1 0x9f349: mov cx, 0xf 0x9f34c: int 0x21 0x9f34e: pop ax 0x9f34f: pop dx 0x9f350: pop ds 0x9f351: pop cx 0x9f352: jmp 0x9f367 0x9f354: nop 0x9f355: pushf 0x9f356: pushaw 0x9f357: push ax 0x9f358: push dx |
| 2018-12-25T11:45:54.904328719Z | 64 | PC: 9f411 | Write file or device (Write 1300 bytes on handle 5) |
| 2018-12-25T11:45:54.912170032Z | 66 | PC: 9f41a | Move file pointer |
| 2018-12-25T11:45:54.91488678Z | 44 | PC: 9f335 | Get time (See above) |
| 2018-12-25T11:45:54.917345638Z | 64 | PC: 9f424 | Write file or device (Write 5 bytes on handle 5) |
| 2018-12-25T11:45:54.920532923Z | 87 | PC: 9f436 | Get or set file date and time |
| 2018-12-25T11:45:54.923065741Z | 62 | PC: 9f446 | Close file |
| 2018-12-25T11:45:54.932755441Z | 44 | PC: 12ab6 | Get time 0x12ab6: cmp dh, 5 0x12ab9: jg 0x12acb 0x12abb: mov ah, 9 0x12abd: mov dx, 0x329 0x12ac0: pop cx 0x12ac1: add dx, cx 0x12ac3: push cx 0x12ac4: int 0x21 0x12ac6: mov ax, 0x4c00 0x12ac9: int 0x21 0x12acb: mov bx, 0x2c 0x12ace: mov dx, word ptr [bx] 0x12ad0: push dx 0x12ad1: pop ds 0x12ad2: xor si, si 0x12ad4: inc si 0x12ad5: cmp byte ptr [si], 0 0x12ad8: jne 0x12ad4 0x12ada: push cs 0x12adb: pop ds |
| 2018-12-25T11:45:54.935407717Z | 26 | PC: 12af8 | Set disk transfer address |
| 2018-12-25T11:45:54.937424358Z | 61 | PC: 12b00 | Open file (Filename = 'P$G') |
| 2018-12-25T11:45:54.94379462Z | 78 | PC: 9f30d | Find first file |
| 2018-12-25T11:45:54.949670906Z | 47 | PC: 9f50b | Get disk transfer address |
| 2018-12-25T11:45:54.951977591Z | 52 | PC: 9f54c | Get InDOS flag pointer |
| 2018-12-25T11:45:54.960252397Z | 61 | PC: 12b60 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:45:54.967012076Z | 63 | PC: 12b72 | Read file or device (Read 6 bytes on handle 5) |
| 2018-12-25T11:45:54.970892359Z | 62 | PC: 12b76 | Close file |
| 2018-12-25T11:45:54.972992091Z | 79 | PC: 9f30d | Find next file (See above) |
| 2018-12-25T11:45:54.975864939Z | 47 | PC: 9f50b | Get disk transfer address (See above) |
| 2018-12-25T11:45:54.978070925Z | 52 | PC: 9f54c | Get InDOS flag pointer (See above) |
| 2018-12-25T11:45:54.979902066Z | 61 | PC: 12bb1 | Open file (Filename = 'PRINT.COM') |
| 2018-12-25T11:45:54.986936071Z | 63 | PC: 12bc3 | Read file or device (Read 6 bytes on handle 5) |
| 2018-12-25T11:45:54.994125191Z | 62 | PC: 12bc7 | Close file |
| 2018-12-25T11:45:54.996348705Z | 67 | PC: 12bde | Get or set file attributes |
| 2018-12-25T11:45:55.018831308Z | 61 | PC: 12be5 | Open file (Filename = 'PRINT.COM') |
| 2018-12-25T11:45:55.027234612Z | 87 | PC: 12c07 | Get or set file date and time |
| 2018-12-25T11:45:55.029248441Z | 66 | PC: 12c15 | Move file pointer |
| 2018-12-25T11:45:55.031096463Z | 44 | PC: 9f335 | Get time (See above) |
| 2018-12-25T11:45:55.033459147Z | 64 | PC: 12c52 | Write file or device (Write 600 bytes on handle 5) |
| 2018-12-25T11:45:55.04304826Z | 66 | PC: 12c6c | Move file pointer |
| 2018-12-25T11:45:55.044952874Z | 44 | PC: 9f335 | Get time (See above) |
| 2018-12-25T11:45:55.047714107Z | 64 | PC: 12c7a | Write file or device (Write 6 bytes on handle 5) |
| 2018-12-25T11:45:55.062113356Z | 87 | PC: 12c84 | Get or set file date and time |
| 2018-12-25T11:45:55.064083402Z | 62 | PC: 12c88 | Close file |
| 2018-12-25T11:45:55.071928093Z | 26 | PC: 12c96 | Set disk transfer address |
| 2018-12-25T11:45:55.074060043Z | 9 | PC: 12a49 | Display string (String= 'VIRSTOP is not installed or not working! ') |
| 2018-12-25T11:45:55.078061457Z | 76 | PC: 12a4e | Terminate with return code (Return code = '1') |
{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":2475,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:45:54.923089029Z | 44 | PC: 13222 | Get time 0x13222: cmp dh, 5 0x13225: jg 0x13237 0x13227: mov ah, 9 0x13229: mov dx, 0x329 0x1322c: pop cx 0x1322d: add dx, cx 0x1322f: push cx 0x13230: int 0x21 0x13232: mov ax, 0x4c00 0x13235: int 0x21 0x13237: mov bx, 0x2c 0x1323a: mov dx, word ptr [bx] 0x1323c: push dx 0x1323d: pop ds 0x1323e: xor si, si 0x13240: inc si 0x13241: cmp byte ptr [si], 0 0x13244: jne 0x13240 0x13246: push cs 0x13247: pop ds |
| 2018-12-25T11:45:54.930064576Z | 9 | PC: 13232 | Display string (String= 'Bad COM format.') |
| 2018-12-25T11:45:54.932243132Z | 76 | PC: 13237 | Terminate with return code (Return code = '0') |
{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":6,"TimeBased":true,"OriginalID":2475,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:45:55.58253447Z | 44 | PC: 13222 | Get time 0x13222: cmp dh, 5 0x13225: jg 0x13237 0x13227: mov ah, 9 0x13229: mov dx, 0x329 0x1322c: pop cx 0x1322d: add dx, cx 0x1322f: push cx 0x13230: int 0x21 0x13232: mov ax, 0x4c00 0x13235: int 0x21 0x13237: mov bx, 0x2c 0x1323a: mov dx, word ptr [bx] 0x1323c: push dx 0x1323d: pop ds 0x1323e: xor si, si 0x13240: inc si 0x13241: cmp byte ptr [si], 0 0x13244: jne 0x13240 0x13246: push cs 0x13247: pop ds |
| 2018-12-25T11:45:55.585282989Z | 26 | PC: 13264 | Set disk transfer address |
| 2018-12-25T11:45:55.586435377Z | 61 | PC: 1326c | Open file (Filename = 'P$G') |
| 2018-12-25T11:45:55.592526629Z | 78 | PC: 132a1 | Find first file |
| 2018-12-25T11:45:55.599717751Z | 61 | PC: 132cc | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:45:55.606075714Z | 63 | PC: 132de | Read file or device (Read 6 bytes on handle 5) |
| 2018-12-25T11:45:55.612511824Z | 62 | PC: 132e2 | Close file |
| 2018-12-25T11:45:55.618988277Z | 67 | PC: 1334a | Get or set file attributes |
| 2018-12-25T11:45:55.635273431Z | 61 | PC: 13351 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:45:55.647311824Z | 87 | PC: 13373 | Get or set file date and time |
| 2018-12-25T11:45:55.649019593Z | 66 | PC: 13381 | Move file pointer |
| 2018-12-25T11:45:55.651004741Z | 64 | PC: 133be | Write file or device (Write 600 bytes on handle 5) |
| 2018-12-25T11:45:55.660262661Z | 66 | PC: 133d8 | Move file pointer |
| 2018-12-25T11:45:55.662262168Z | 64 | PC: 133e6 | Write file or device (Write 6 bytes on handle 5) |
| 2018-12-25T11:45:55.666960082Z | 87 | PC: 133f0 | Get or set file date and time |
| 2018-12-25T11:45:55.668358355Z | 62 | PC: 133f4 | Close file |
| 2018-12-25T11:45:55.673611913Z | 26 | PC: 13402 | Set disk transfer address |
| 2018-12-25T11:45:55.676134195Z | 67 | PC: 9f3ad | Get or set file attributes |
| 2018-12-25T11:45:55.990209813Z | 61 | PC: 9f3b2 | Open file (Filename = 'c:\dos\format.com') |
| 2018-12-25T11:45:55.997169398Z | 87 | PC: 9f3be | Get or set file date and time |
| 2018-12-25T11:45:55.999856882Z | 63 | PC: 9f3d4 | Read file or device (Read 5 bytes on handle 5) |
| 2018-12-25T11:45:56.005238955Z | 66 | PC: 9f3e6 | Move file pointer |
| 2018-12-25T11:45:56.007053746Z | 44 | PC: 9f45e | Get time 0x9f45e: mov di, 0x535 0x9f461: mov cx, 0x4f3 0x9f464: add byte ptr cs:[di], cl 0x9f467: add byte ptr cs:[di], dl 0x9f46a: cmp dl, 0x1e 0x9f46d: jb 0x9f475 0x9f46f: xor byte ptr cs:[di], dl 0x9f472: jmp 0x9f478 0x9f474: nop 0x9f475: add byte ptr cs:[di], dl 0x9f478: inc di 0x9f479: loop 0x9f464 0x9f47b: cmp dl, 0x1e 0x9f47e: jae 0x9f486 0x9f480: mov byte ptr cs:[0x52a], 0x28 0x9f486: mov byte ptr cs:[0x528], dl 0x9f48b: pop ax 0x9f48c: pop dx 0x9f48d: pop si 0x9f48e: pop es |
| 2018-12-25T11:45:56.011068699Z | 44 | PC: 9f335 | Get time 0x9f335: cmp dl, 0x62 0x9f338: jb 0x9f34e 0x9f33a: mov ax, cs 0x9f33c: push ax 0x9f33d: pop ds 0x9f33e: mov dx, 0x4a9 0x9f341: mov ah, 0x40 0x9f343: mov byte ptr cs:[0x4bc], 1 0x9f349: mov cx, 0xf 0x9f34c: int 0x21 0x9f34e: pop ax 0x9f34f: pop dx 0x9f350: pop ds 0x9f351: pop cx 0x9f352: jmp 0x9f367 0x9f354: nop 0x9f355: pushf 0x9f356: pushaw 0x9f357: push ax 0x9f358: push dx |
| 2018-12-25T11:45:56.01298853Z | 64 | PC: 9f411 | Write file or device (Write 1300 bytes on handle 5) |
| 2018-12-25T11:45:56.021369406Z | 66 | PC: 9f41a | Move file pointer |
| 2018-12-25T11:45:56.023346178Z | 44 | PC: 9f335 | Get time (See above) |
| 2018-12-25T11:45:56.025271854Z | 64 | PC: 9f424 | Write file or device (Write 5 bytes on handle 5) |
| 2018-12-25T11:45:56.028204978Z | 87 | PC: 9f436 | Get or set file date and time |
| 2018-12-25T11:45:56.031099987Z | 62 | PC: 9f446 | Close file |
| 2018-12-25T11:45:56.038478151Z | 44 | PC: 12ab6 | Get time 0x12ab6: cmp dh, 5 0x12ab9: jg 0x12acb 0x12abb: mov ah, 9 0x12abd: mov dx, 0x329 0x12ac0: pop cx 0x12ac1: add dx, cx 0x12ac3: push cx 0x12ac4: int 0x21 0x12ac6: mov ax, 0x4c00 0x12ac9: int 0x21 0x12acb: mov bx, 0x2c 0x12ace: mov dx, word ptr [bx] 0x12ad0: push dx 0x12ad1: pop ds 0x12ad2: xor si, si 0x12ad4: inc si 0x12ad5: cmp byte ptr [si], 0 0x12ad8: jne 0x12ad4 0x12ada: push cs 0x12adb: pop ds |
| 2018-12-25T11:45:56.040787105Z | 26 | PC: 12af8 | Set disk transfer address |
| 2018-12-25T11:45:56.042223967Z | 61 | PC: 12b00 | Open file (Filename = 'P$G') |
| 2018-12-25T11:45:56.049717276Z | 78 | PC: 9f30d | Find first file |
| 2018-12-25T11:45:56.055590665Z | 47 | PC: 9f50b | Get disk transfer address |
| 2018-12-25T11:45:56.056871232Z | 52 | PC: 9f54c | Get InDOS flag pointer |
| 2018-12-25T11:45:56.058734066Z | 61 | PC: 12b60 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:45:56.065094843Z | 63 | PC: 12b72 | Read file or device (Read 6 bytes on handle 5) |
| 2018-12-25T11:45:56.068133602Z | 62 | PC: 12b76 | Close file |
| 2018-12-25T11:45:56.07087839Z | 79 | PC: 9f30d | Find next file (See above) |
| 2018-12-25T11:45:56.073612328Z | 47 | PC: 9f50b | Get disk transfer address (See above) |
| 2018-12-25T11:45:56.074999007Z | 52 | PC: 9f54c | Get InDOS flag pointer (See above) |
| 2018-12-25T11:45:56.078019537Z | 61 | PC: 12bb1 | Open file (Filename = 'PRINT.COM') |
| 2018-12-25T11:45:56.0848325Z | 63 | PC: 12bc3 | Read file or device (Read 6 bytes on handle 5) |
| 2018-12-25T11:45:56.091502149Z | 62 | PC: 12bc7 | Close file |
| 2018-12-25T11:45:56.093932585Z | 67 | PC: 12bde | Get or set file attributes |
| 2018-12-25T11:45:56.103760757Z | 61 | PC: 12be5 | Open file (Filename = 'PRINT.COM') |
| 2018-12-25T11:45:56.110231555Z | 87 | PC: 12c07 | Get or set file date and time |
| 2018-12-25T11:45:56.112346907Z | 66 | PC: 12c15 | Move file pointer |
| 2018-12-25T11:45:56.113801602Z | 44 | PC: 9f335 | Get time (See above) |
| 2018-12-25T11:45:56.115793975Z | 64 | PC: 12c52 | Write file or device (Write 600 bytes on handle 5) |
| 2018-12-25T11:45:56.124501957Z | 66 | PC: 12c6c | Move file pointer |
| 2018-12-25T11:45:56.126710718Z | 44 | PC: 9f335 | Get time (See above) |
| 2018-12-25T11:45:56.132411559Z | 64 | PC: 12c7a | Write file or device (Write 6 bytes on handle 5) |
| 2018-12-25T11:45:56.139745299Z | 87 | PC: 12c84 | Get or set file date and time |
| 2018-12-25T11:45:56.142017841Z | 62 | PC: 12c88 | Close file |
| 2018-12-25T11:45:56.149997626Z | 26 | PC: 12c96 | Set disk transfer address |
| 2018-12-25T11:45:56.152438984Z | 9 | PC: 12a49 | Display string (String= 'VIRSTOP is not installed or not working! ') |
| 2018-12-25T11:45:56.156302454Z | 76 | PC: 12a4e | Terminate with return code (Return code = '1') |
{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":6,"TimeBased":true,"OriginalID":2475,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:45:56.533077635Z | 44 | PC: 13222 | Get time 0x13222: cmp dh, 5 0x13225: jg 0x13237 0x13227: mov ah, 9 0x13229: mov dx, 0x329 0x1322c: pop cx 0x1322d: add dx, cx 0x1322f: push cx 0x13230: int 0x21 0x13232: mov ax, 0x4c00 0x13235: int 0x21 0x13237: mov bx, 0x2c 0x1323a: mov dx, word ptr [bx] 0x1323c: push dx 0x1323d: pop ds 0x1323e: xor si, si 0x13240: inc si 0x13241: cmp byte ptr [si], 0 0x13244: jne 0x13240 0x13246: push cs 0x13247: pop ds |
| 2018-12-25T11:45:56.536663748Z | 26 | PC: 13264 | Set disk transfer address |
| 2018-12-25T11:45:56.53811853Z | 61 | PC: 1326c | Open file (Filename = 'P$G') |
| 2018-12-25T11:45:56.545497937Z | 78 | PC: 132a1 | Find first file |
| 2018-12-25T11:45:56.552501566Z | 61 | PC: 132cc | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:45:56.560721184Z | 63 | PC: 132de | Read file or device (Read 6 bytes on handle 5) |
| 2018-12-25T11:45:56.567734662Z | 62 | PC: 132e2 | Close file |
| 2018-12-25T11:45:56.569958697Z | 67 | PC: 1334a | Get or set file attributes |
| 2018-12-25T11:45:56.588914167Z | 61 | PC: 13351 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:45:56.602527501Z | 87 | PC: 13373 | Get or set file date and time |
| 2018-12-25T11:45:56.604468043Z | 66 | PC: 13381 | Move file pointer |
| 2018-12-25T11:45:56.607653959Z | 64 | PC: 133be | Write file or device (Write 600 bytes on handle 5) |
| 2018-12-25T11:45:56.617248335Z | 66 | PC: 133d8 | Move file pointer |
| 2018-12-25T11:45:56.619258783Z | 64 | PC: 133e6 | Write file or device (Write 6 bytes on handle 5) |
| 2018-12-25T11:45:56.627240962Z | 87 | PC: 133f0 | Get or set file date and time |
| 2018-12-25T11:45:56.628999062Z | 62 | PC: 133f4 | Close file |
| 2018-12-25T11:45:56.637587843Z | 26 | PC: 13402 | Set disk transfer address |
| 2018-12-25T11:45:56.640448914Z | 67 | PC: 9f3ad | Get or set file attributes |
| 2018-12-25T11:45:56.983546119Z | 61 | PC: 9f3b2 | Open file (Filename = 'c:\dos\format.com') |
| 2018-12-25T11:45:56.991444978Z | 87 | PC: 9f3be | Get or set file date and time |
| 2018-12-25T11:45:56.993216092Z | 63 | PC: 9f3d4 | Read file or device (Read 5 bytes on handle 5) |
| 2018-12-25T11:45:57.001132995Z | 66 | PC: 9f3e6 | Move file pointer |
| 2018-12-25T11:45:57.003632539Z | 44 | PC: 9f45e | Get time 0x9f45e: mov di, 0x535 0x9f461: mov cx, 0x4f3 0x9f464: add byte ptr cs:[di], cl 0x9f467: add byte ptr cs:[di], dl 0x9f46a: cmp dl, 0x1e 0x9f46d: jb 0x9f475 0x9f46f: xor byte ptr cs:[di], dl 0x9f472: jmp 0x9f478 0x9f474: nop 0x9f475: add byte ptr cs:[di], dl 0x9f478: inc di 0x9f479: loop 0x9f464 0x9f47b: cmp dl, 0x1e 0x9f47e: jae 0x9f486 0x9f480: mov byte ptr cs:[0x52a], 0x28 0x9f486: mov byte ptr cs:[0x528], dl 0x9f48b: pop ax 0x9f48c: pop dx 0x9f48d: pop si 0x9f48e: pop es |
| 2018-12-25T11:45:57.007911383Z | 44 | PC: 9f335 | Get time 0x9f335: cmp dl, 0x62 0x9f338: jb 0x9f34e 0x9f33a: mov ax, cs 0x9f33c: push ax 0x9f33d: pop ds 0x9f33e: mov dx, 0x4a9 0x9f341: mov ah, 0x40 0x9f343: mov byte ptr cs:[0x4bc], 1 0x9f349: mov cx, 0xf 0x9f34c: int 0x21 0x9f34e: pop ax 0x9f34f: pop dx 0x9f350: pop ds 0x9f351: pop cx 0x9f352: jmp 0x9f367 0x9f354: nop 0x9f355: pushf 0x9f356: pushaw 0x9f357: push ax 0x9f358: push dx |
| 2018-12-25T11:45:57.011291605Z | 64 | PC: 9f411 | Write file or device (Write 1300 bytes on handle 5) |
| 2018-12-25T11:45:57.019871786Z | 66 | PC: 9f41a | Move file pointer |
| 2018-12-25T11:45:57.021663376Z | 44 | PC: 9f335 | Get time (See above) |
| 2018-12-25T11:45:57.025077141Z | 64 | PC: 9f424 | Write file or device (Write 5 bytes on handle 5) |
| 2018-12-25T11:45:57.028606576Z | 87 | PC: 9f436 | Get or set file date and time |
| 2018-12-25T11:45:57.030325325Z | 62 | PC: 9f446 | Close file |
| 2018-12-25T11:45:57.038569303Z | 44 | PC: 12ab6 | Get time 0x12ab6: cmp dh, 5 0x12ab9: jg 0x12acb 0x12abb: mov ah, 9 0x12abd: mov dx, 0x329 0x12ac0: pop cx 0x12ac1: add dx, cx 0x12ac3: push cx 0x12ac4: int 0x21 0x12ac6: mov ax, 0x4c00 0x12ac9: int 0x21 0x12acb: mov bx, 0x2c 0x12ace: mov dx, word ptr [bx] 0x12ad0: push dx 0x12ad1: pop ds 0x12ad2: xor si, si 0x12ad4: inc si 0x12ad5: cmp byte ptr [si], 0 0x12ad8: jne 0x12ad4 0x12ada: push cs 0x12adb: pop ds |
| 2018-12-25T11:45:57.041504724Z | 26 | PC: 12af8 | Set disk transfer address |
| 2018-12-25T11:45:57.043190178Z | 61 | PC: 12b00 | Open file (Filename = 'P$G') |
| 2018-12-25T11:45:57.051211845Z | 78 | PC: 9f30d | Find first file |
| 2018-12-25T11:45:57.058199627Z | 47 | PC: 9f50b | Get disk transfer address |
| 2018-12-25T11:45:57.060079942Z | 52 | PC: 9f54c | Get InDOS flag pointer |
| 2018-12-25T11:45:57.064205692Z | 61 | PC: 12b60 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:45:57.072463847Z | 63 | PC: 12b72 | Read file or device (Read 6 bytes on handle 5) |
| 2018-12-25T11:45:57.075667403Z | 62 | PC: 12b76 | Close file |
| 2018-12-25T11:45:57.078045431Z | 79 | PC: 9f30d | Find next file (See above) |
| 2018-12-25T11:45:57.08194041Z | 47 | PC: 9f50b | Get disk transfer address (See above) |
| 2018-12-25T11:45:57.083861355Z | 52 | PC: 9f54c | Get InDOS flag pointer (See above) |
| 2018-12-25T11:45:57.085990635Z | 61 | PC: 12bb1 | Open file (Filename = 'PRINT.COM') |
| 2018-12-25T11:45:57.094223567Z | 63 | PC: 12bc3 | Read file or device (Read 6 bytes on handle 5) |
| 2018-12-25T11:45:57.102153448Z | 62 | PC: 12bc7 | Close file |
| 2018-12-25T11:45:57.104363241Z | 67 | PC: 12bde | Get or set file attributes |
| 2018-12-25T11:45:57.116015839Z | 61 | PC: 12be5 | Open file (Filename = 'PRINT.COM') |
| 2018-12-25T11:45:57.123528817Z | 87 | PC: 12c07 | Get or set file date and time |
| 2018-12-25T11:45:57.125166918Z | 66 | PC: 12c15 | Move file pointer |
| 2018-12-25T11:45:57.127537699Z | 44 | PC: 9f335 | Get time (See above) |
| 2018-12-25T11:45:57.129823621Z | 64 | PC: 12c52 | Write file or device (Write 600 bytes on handle 5) |
| 2018-12-25T11:45:57.139216798Z | 66 | PC: 12c6c | Move file pointer |
| 2018-12-25T11:45:57.141414088Z | 44 | PC: 9f335 | Get time (See above) |
| 2018-12-25T11:45:57.143716471Z | 64 | PC: 12c7a | Write file or device (Write 6 bytes on handle 5) |
| 2018-12-25T11:45:57.151460907Z | 87 | PC: 12c84 | Get or set file date and time |
| 2018-12-25T11:45:57.153785806Z | 62 | PC: 12c88 | Close file |
| 2018-12-25T11:45:57.162435563Z | 26 | PC: 12c96 | Set disk transfer address |
| 2018-12-25T11:45:57.163746851Z | 9 | PC: 12a49 | Display string (String= 'VIRSTOP is not installed or not working! ') |
| 2018-12-25T11:45:57.168606722Z | 76 | PC: 12a4e | Terminate with return code (Return code = '1') |
{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":2475,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:45:56.726293388Z | 44 | PC: 13222 | Get time 0x13222: cmp dh, 5 0x13225: jg 0x13237 0x13227: mov ah, 9 0x13229: mov dx, 0x329 0x1322c: pop cx 0x1322d: add dx, cx 0x1322f: push cx 0x13230: int 0x21 0x13232: mov ax, 0x4c00 0x13235: int 0x21 0x13237: mov bx, 0x2c 0x1323a: mov dx, word ptr [bx] 0x1323c: push dx 0x1323d: pop ds 0x1323e: xor si, si 0x13240: inc si 0x13241: cmp byte ptr [si], 0 0x13244: jne 0x13240 0x13246: push cs 0x13247: pop ds |
| 2018-12-25T11:45:56.728536917Z | 9 | PC: 13232 | Display string (String= 'Bad COM format.') |
| 2018-12-25T11:45:56.730652732Z | 76 | PC: 13237 | Terminate with return code (Return code = '0') |