{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":2847,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:47:26.252571456Z | 25 | PC: 152fc | Get default drive |
| 2018-12-25T11:47:26.25494348Z | 53 | PC: 15305 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T11:47:26.256299195Z | 37 | PC: 15319 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T11:47:26.258074253Z | 26 | PC: 15322 | Set disk transfer address |
| 2018-12-25T11:47:26.260338903Z | 78 | PC: 1534e | Find first file |
| 2018-12-25T11:47:26.267550231Z | 47 | PC: 1535e | Get disk transfer address |
| 2018-12-25T11:47:26.269136616Z | 67 | PC: 1539c | Get or set file attributes |
| 2018-12-25T11:47:26.275594465Z | 61 | PC: 153ef | Open file (Filename = 'TEST.EXE') |
| 2018-12-25T11:47:26.283048345Z | 63 | PC: 15409 | Read file or device (Read 24 bytes on handle 5) |
| 2018-12-25T11:47:26.286439237Z | 62 | PC: 154f6 | Close file |
| 2018-12-25T11:47:26.288484195Z | 79 | PC: 15549 | Find next file |
| 2018-12-25T11:47:26.291500278Z | 26 | PC: 15322 | Set disk transfer address (See above) |
| 2018-12-25T11:47:26.292564195Z | 78 | PC: 1534e | Find first file (See above) |
| 2018-12-25T11:47:26.297477077Z | 26 | PC: 15322 | Set disk transfer address (See above) |
| 2018-12-25T11:47:26.29906309Z | 78 | PC: 1534e | Find first file (See above) |
| 2018-12-25T11:47:26.303528614Z | 26 | PC: 15322 | Set disk transfer address (See above) |
| 2018-12-25T11:47:26.30465915Z | 78 | PC: 1534e | Find first file (See above) |
| 2018-12-25T11:47:26.326851149Z | 26 | PC: 1556e | Set disk transfer address |
| 2018-12-25T11:47:26.328078111Z | 78 | PC: 15585 | Find first file |
| 2018-12-25T11:47:26.335020712Z | 79 | PC: 15585 | Find next file (See above) |
| 2018-12-25T11:47:26.344100804Z | 79 | PC: 15585 | Find next file (See above) |
| 2018-12-25T11:47:26.347570332Z | 79 | PC: 15585 | Find next file (See above) |
| 2018-12-25T11:47:26.350463534Z | 79 | PC: 15585 | Find next file (See above) |
| 2018-12-25T11:47:26.354597194Z | 79 | PC: 15585 | Find next file (See above) |
| 2018-12-25T11:47:26.357584347Z | 79 | PC: 15585 | Find next file (See above) |
| 2018-12-25T11:47:26.36059403Z | 79 | PC: 15585 | Find next file (See above) |
| 2018-12-25T11:47:26.363813552Z | 79 | PC: 15585 | Find next file (See above) |
| 2018-12-25T11:47:26.366500189Z | 79 | PC: 15585 | Find next file (See above) |
| 2018-12-25T11:47:26.368893039Z | 37 | PC: 15611 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T11:47:26.369872412Z | 42 | PC: 15615 | Get date 0x15615: cmp dx, 0x10e 0x15619: jne 0x1568a 0x1561b: push cs 0x1561c: pop ds 0x1561d: mov dx, 0x4ba 0x15620: mov ah, 9 0x15622: int 0x21 0x15624: mov ax, 0x201 0x15627: mov cx, 1 0x1562a: mov dx, 0x80 0x1562d: push cs 0x1562e: pop es 0x1562f: mov bx, 0x6c3 0x15632: int 0x13 0x15634: jb 0x1568a 0x15636: mov ah, 0x2c 0x15638: int 0x21 0x1563a: mov byte ptr cs:[0x24], dl 0x1563f: mov cx, 0x200 0x15642: mov bx, 0x6c3 |
| 2018-12-25T11:47:26.372759792Z | 44 | PC: 1568e | Get time 0x1568e: cmp ch, 0x16 0x15691: jb 0x1569c 0x15693: push cs 0x15694: pop ds 0x15695: mov dx, 0x637 0x15698: mov ah, 9 0x1569a: int 0x21 0x1569c: popf 0x1569d: pop bp 0x1569e: pop di 0x1569f: pop si 0x156a0: pop dx 0x156a1: pop cx 0x156a2: pop bx 0x156a3: pop ax 0x156a4: mov word ptr cs:[0x380], ax 0x156a8: mov es, word ptr cs:[0x33] 0x156ad: mov ds, word ptr cs:[0x31] 0x156b2: mov ax, ds 0x156b4: add ax, 0x10 |
| 2018-12-25T11:47:26.375045948Z | 9 | PC: 12a54 | Display string (Could not find end pointer) |
| 2018-12-25T11:47:26.379314308Z | 76 | PC: 12a59 | Terminate with return code (Return code = '0') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":2847,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:47:26.343737495Z | 25 | PC: 152fc | Get default drive |
| 2018-12-25T11:47:26.345708315Z | 53 | PC: 15305 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T11:47:26.359437174Z | 37 | PC: 15319 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T11:47:26.361371468Z | 26 | PC: 15322 | Set disk transfer address |
| 2018-12-25T11:47:26.363301134Z | 78 | PC: 1534e | Find first file |
| 2018-12-25T11:47:26.370013826Z | 47 | PC: 1535e | Get disk transfer address |
| 2018-12-25T11:47:26.37208836Z | 67 | PC: 1539c | Get or set file attributes |
| 2018-12-25T11:47:26.382706289Z | 61 | PC: 153ef | Open file (Filename = 'TEST.EXE') |
| 2018-12-25T11:47:26.390187881Z | 63 | PC: 15409 | Read file or device (Read 24 bytes on handle 5) |
| 2018-12-25T11:47:26.392908366Z | 62 | PC: 154f6 | Close file |
| 2018-12-25T11:47:26.395281309Z | 79 | PC: 15549 | Find next file |
| 2018-12-25T11:47:26.398177512Z | 26 | PC: 15322 | Set disk transfer address (See above) |
| 2018-12-25T11:47:26.399474423Z | 78 | PC: 1534e | Find first file (See above) |
| 2018-12-25T11:47:26.404024265Z | 26 | PC: 15322 | Set disk transfer address (See above) |
| 2018-12-25T11:47:26.405585069Z | 78 | PC: 1534e | Find first file (See above) |
| 2018-12-25T11:47:26.409493522Z | 26 | PC: 15322 | Set disk transfer address (See above) |
| 2018-12-25T11:47:26.41083563Z | 78 | PC: 1534e | Find first file (See above) |
| 2018-12-25T11:47:26.419936677Z | 26 | PC: 1556e | Set disk transfer address |
| 2018-12-25T11:47:26.420873592Z | 78 | PC: 15585 | Find first file |
| 2018-12-25T11:47:26.426329329Z | 79 | PC: 15585 | Find next file (See above) |
| 2018-12-25T11:47:26.433554411Z | 79 | PC: 15585 | Find next file (See above) |
| 2018-12-25T11:47:26.435931362Z | 79 | PC: 15585 | Find next file (See above) |
| 2018-12-25T11:47:26.438315571Z | 79 | PC: 15585 | Find next file (See above) |
| 2018-12-25T11:47:26.446605393Z | 79 | PC: 15585 | Find next file (See above) |
| 2018-12-25T11:47:26.448930198Z | 79 | PC: 15585 | Find next file (See above) |
| 2018-12-25T11:47:26.451204227Z | 79 | PC: 15585 | Find next file (See above) |
| 2018-12-25T11:47:26.453760677Z | 79 | PC: 15585 | Find next file (See above) |
| 2018-12-25T11:47:26.455794827Z | 79 | PC: 15585 | Find next file (See above) |
| 2018-12-25T11:47:26.457610982Z | 37 | PC: 15611 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T11:47:26.459169186Z | 42 | PC: 15615 | Get date 0x15615: cmp dx, 0x10e 0x15619: jne 0x1568a 0x1561b: push cs 0x1561c: pop ds 0x1561d: mov dx, 0x4ba 0x15620: mov ah, 9 0x15622: int 0x21 0x15624: mov ax, 0x201 0x15627: mov cx, 1 0x1562a: mov dx, 0x80 0x1562d: push cs 0x1562e: pop es 0x1562f: mov bx, 0x6c3 0x15632: int 0x13 0x15634: jb 0x1568a 0x15636: mov ah, 0x2c 0x15638: int 0x21 0x1563a: mov byte ptr cs:[0x24], dl 0x1563f: mov cx, 0x200 0x15642: mov bx, 0x6c3 |
| 2018-12-25T11:47:26.460927118Z | 44 | PC: 1568e | Get time 0x1568e: cmp ch, 0x16 0x15691: jb 0x1569c 0x15693: push cs 0x15694: pop ds 0x15695: mov dx, 0x637 0x15698: mov ah, 9 0x1569a: int 0x21 0x1569c: popf 0x1569d: pop bp 0x1569e: pop di 0x1569f: pop si 0x156a0: pop dx 0x156a1: pop cx 0x156a2: pop bx 0x156a3: pop ax 0x156a4: mov word ptr cs:[0x380], ax 0x156a8: mov es, word ptr cs:[0x33] 0x156ad: mov ds, word ptr cs:[0x31] 0x156b2: mov ax, ds 0x156b4: add ax, 0x10 |
| 2018-12-25T11:47:26.462691088Z | 9 | PC: 12a54 | Display string (Could not find end pointer) |
| 2018-12-25T11:47:26.46591026Z | 76 | PC: 12a59 | Terminate with return code (Return code = '0') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":22,"Min":0,"Second":0,"TimeBased":true,"OriginalID":2847,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:47:26.427331318Z | 25 | PC: 152fc | Get default drive |
| 2018-12-25T11:47:26.429645059Z | 53 | PC: 15305 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T11:47:26.430938164Z | 37 | PC: 15319 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T11:47:26.43244101Z | 26 | PC: 15322 | Set disk transfer address |
| 2018-12-25T11:47:26.434515112Z | 78 | PC: 1534e | Find first file |
| 2018-12-25T11:47:26.442175712Z | 47 | PC: 1535e | Get disk transfer address |
| 2018-12-25T11:47:26.443656765Z | 67 | PC: 1539c | Get or set file attributes |
| 2018-12-25T11:47:26.450508802Z | 61 | PC: 153ef | Open file (Filename = 'TEST.EXE') |
| 2018-12-25T11:47:26.457025391Z | 63 | PC: 15409 | Read file or device (Read 24 bytes on handle 5) |
| 2018-12-25T11:47:26.45977995Z | 62 | PC: 154f6 | Close file |
| 2018-12-25T11:47:26.461918946Z | 79 | PC: 15549 | Find next file |
| 2018-12-25T11:47:26.464792599Z | 26 | PC: 15322 | Set disk transfer address (See above) |
| 2018-12-25T11:47:26.466011104Z | 78 | PC: 1534e | Find first file (See above) |
| 2018-12-25T11:47:26.469953115Z | 26 | PC: 15322 | Set disk transfer address (See above) |
| 2018-12-25T11:47:26.471591987Z | 78 | PC: 1534e | Find first file (See above) |
| 2018-12-25T11:47:26.476323974Z | 26 | PC: 15322 | Set disk transfer address (See above) |
| 2018-12-25T11:47:26.477877693Z | 78 | PC: 1534e | Find first file (See above) |
| 2018-12-25T11:47:26.483554271Z | 26 | PC: 1556e | Set disk transfer address |
| 2018-12-25T11:47:26.484796866Z | 78 | PC: 15585 | Find first file |
| 2018-12-25T11:47:26.490959346Z | 79 | PC: 15585 | Find next file (See above) |
| 2018-12-25T11:47:26.494768993Z | 79 | PC: 15585 | Find next file (See above) |
| 2018-12-25T11:47:26.497286402Z | 79 | PC: 15585 | Find next file (See above) |
| 2018-12-25T11:47:26.499707953Z | 79 | PC: 15585 | Find next file (See above) |
| 2018-12-25T11:47:26.503201437Z | 79 | PC: 15585 | Find next file (See above) |
| 2018-12-25T11:47:26.505606199Z | 79 | PC: 15585 | Find next file (See above) |
| 2018-12-25T11:47:26.507948001Z | 79 | PC: 15585 | Find next file (See above) |
| 2018-12-25T11:47:26.510993664Z | 79 | PC: 15585 | Find next file (See above) |
| 2018-12-25T11:47:26.522786973Z | 79 | PC: 15585 | Find next file (See above) |
| 2018-12-25T11:47:26.524910619Z | 37 | PC: 15611 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T11:47:26.526558197Z | 42 | PC: 15615 | Get date 0x15615: cmp dx, 0x10e 0x15619: jne 0x1568a 0x1561b: push cs 0x1561c: pop ds 0x1561d: mov dx, 0x4ba 0x15620: mov ah, 9 0x15622: int 0x21 0x15624: mov ax, 0x201 0x15627: mov cx, 1 0x1562a: mov dx, 0x80 0x1562d: push cs 0x1562e: pop es 0x1562f: mov bx, 0x6c3 0x15632: int 0x13 0x15634: jb 0x1568a 0x15636: mov ah, 0x2c 0x15638: int 0x21 0x1563a: mov byte ptr cs:[0x24], dl 0x1563f: mov cx, 0x200 0x15642: mov bx, 0x6c3 |
| 2018-12-25T11:47:26.528484883Z | 44 | PC: 1568e | Get time 0x1568e: cmp ch, 0x16 0x15691: jb 0x1569c 0x15693: push cs 0x15694: pop ds 0x15695: mov dx, 0x637 0x15698: mov ah, 9 0x1569a: int 0x21 0x1569c: popf 0x1569d: pop bp 0x1569e: pop di 0x1569f: pop si 0x156a0: pop dx 0x156a1: pop cx 0x156a2: pop bx 0x156a3: pop ax 0x156a4: mov word ptr cs:[0x380], ax 0x156a8: mov es, word ptr cs:[0x33] 0x156ad: mov ds, word ptr cs:[0x31] 0x156b2: mov ax, ds 0x156b4: add ax, 0x10 |
| 2018-12-25T11:47:26.530877749Z | 9 | PC: 1569c | Display string (String= ' You work too much!!! Go to bed!!! Pracujesz zbyt wiele!!! Idz spac!!! ') |
| 2018-12-25T11:47:26.538812861Z | 9 | PC: 12a54 | Display string (Could not find end pointer) |
| 2018-12-25T11:47:26.542111983Z | 76 | PC: 12a59 | Terminate with return code (Return code = '0') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":22,"Min":0,"Second":0,"TimeBased":true,"OriginalID":2847,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:47:26.502051395Z | 25 | PC: 152fc | Get default drive |
| 2018-12-25T11:47:26.503570234Z | 53 | PC: 15305 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T11:47:26.504726263Z | 37 | PC: 15319 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T11:47:26.50577411Z | 26 | PC: 15322 | Set disk transfer address |
| 2018-12-25T11:47:26.507072545Z | 78 | PC: 1534e | Find first file |
| 2018-12-25T11:47:26.514264394Z | 47 | PC: 1535e | Get disk transfer address |
| 2018-12-25T11:47:26.515279006Z | 67 | PC: 1539c | Get or set file attributes |
| 2018-12-25T11:47:26.521418538Z | 61 | PC: 153ef | Open file (Filename = 'TEST.EXE') |
| 2018-12-25T11:47:26.528810115Z | 63 | PC: 15409 | Read file or device (Read 24 bytes on handle 5) |
| 2018-12-25T11:47:26.531373918Z | 62 | PC: 154f6 | Close file |
| 2018-12-25T11:47:26.533147616Z | 79 | PC: 15549 | Find next file |
| 2018-12-25T11:47:26.535851373Z | 26 | PC: 15322 | Set disk transfer address (See above) |
| 2018-12-25T11:47:26.536962295Z | 78 | PC: 1534e | Find first file (See above) |
| 2018-12-25T11:47:26.541288182Z | 26 | PC: 15322 | Set disk transfer address (See above) |
| 2018-12-25T11:47:26.5426009Z | 78 | PC: 1534e | Find first file (See above) |
| 2018-12-25T11:47:26.547047143Z | 26 | PC: 15322 | Set disk transfer address (See above) |
| 2018-12-25T11:47:26.548167831Z | 78 | PC: 1534e | Find first file (See above) |
| 2018-12-25T11:47:26.552814178Z | 26 | PC: 1556e | Set disk transfer address |
| 2018-12-25T11:47:26.553954525Z | 78 | PC: 15585 | Find first file |
| 2018-12-25T11:47:26.560180058Z | 79 | PC: 15585 | Find next file (See above) |
| 2018-12-25T11:47:26.563321239Z | 79 | PC: 15585 | Find next file (See above) |
| 2018-12-25T11:47:26.566017701Z | 79 | PC: 15585 | Find next file (See above) |
| 2018-12-25T11:47:26.568540854Z | 79 | PC: 15585 | Find next file (See above) |
| 2018-12-25T11:47:26.571606919Z | 79 | PC: 15585 | Find next file (See above) |
| 2018-12-25T11:47:26.574305568Z | 79 | PC: 15585 | Find next file (See above) |
| 2018-12-25T11:47:26.577796973Z | 79 | PC: 15585 | Find next file (See above) |
| 2018-12-25T11:47:26.580566604Z | 79 | PC: 15585 | Find next file (See above) |
| 2018-12-25T11:47:26.583291633Z | 79 | PC: 15585 | Find next file (See above) |
| 2018-12-25T11:47:26.5858623Z | 37 | PC: 15611 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T11:47:26.587372717Z | 42 | PC: 15615 | Get date 0x15615: cmp dx, 0x10e 0x15619: jne 0x1568a 0x1561b: push cs 0x1561c: pop ds 0x1561d: mov dx, 0x4ba 0x15620: mov ah, 9 0x15622: int 0x21 0x15624: mov ax, 0x201 0x15627: mov cx, 1 0x1562a: mov dx, 0x80 0x1562d: push cs 0x1562e: pop es 0x1562f: mov bx, 0x6c3 0x15632: int 0x13 0x15634: jb 0x1568a 0x15636: mov ah, 0x2c 0x15638: int 0x21 0x1563a: mov byte ptr cs:[0x24], dl 0x1563f: mov cx, 0x200 0x15642: mov bx, 0x6c3 |
| 2018-12-25T11:47:26.589855479Z | 44 | PC: 1568e | Get time 0x1568e: cmp ch, 0x16 0x15691: jb 0x1569c 0x15693: push cs 0x15694: pop ds 0x15695: mov dx, 0x637 0x15698: mov ah, 9 0x1569a: int 0x21 0x1569c: popf 0x1569d: pop bp 0x1569e: pop di 0x1569f: pop si 0x156a0: pop dx 0x156a1: pop cx 0x156a2: pop bx 0x156a3: pop ax 0x156a4: mov word ptr cs:[0x380], ax 0x156a8: mov es, word ptr cs:[0x33] 0x156ad: mov ds, word ptr cs:[0x31] 0x156b2: mov ax, ds 0x156b4: add ax, 0x10 |
| 2018-12-25T11:47:26.59211201Z | 9 | PC: 1569c | Display string (String= ' You work too much!!! Go to bed!!! Pracujesz zbyt wiele!!! Idz spac!!! ') |
| 2018-12-25T11:47:26.601121268Z | 9 | PC: 12a54 | Display string (Could not find end pointer) |
| 2018-12-25T11:47:26.605130292Z | 76 | PC: 12a59 | Terminate with return code (Return code = '0') |