{"DateBased":true,"Day":1,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3122,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:48:14.853821557Z | 22 | PC: 13e4b | Create or truncate file |
| 2018-12-25T11:48:14.856312054Z | 11 | PC: 13e4f | Get input status |
| 2018-12-25T11:48:14.859027005Z | 250 | PC: 13e57 | UNKNOWN! |
| 2018-12-25T11:48:14.860092017Z | 75 | PC: 14017 | Execute program |
| 2018-12-25T11:48:14.862901738Z | 42 | PC: 1402b | Get date 0x1402b: cmp dh, 0xc 0x1402e: jne 0x14050 0x14030: cmp dl, 0x18 0x14033: jne 0x14050 0x14035: mov ah, 0x19 0x14037: int 0x21 0x14039: mov dx, 0 0x1403c: mov cx, 0x10 0x1403f: mov bx, 0 0x14042: int 0x26 0x14044: mov ah, 9 0x14046: mov dx, 0xe 0x14049: int 0x21 0x1404b: jmp 0x1404b 0x1404d: jmp 0x1442f 0x14050: mov ah, 0x2a 0x14052: int 0x21 0x14054: cmp dh, 0xc 0x14057: jne 0x14060 0x14059: cmp dl, 0x19 |
| 2018-12-25T11:48:14.865190023Z | 42 | PC: 14054 | Get date 0x14054: cmp dh, 0xc 0x14057: jne 0x14060 0x14059: cmp dl, 0x19 0x1405c: jne 0x14060 0x1405e: jmp 0x14035 0x14060: mov ah, 0x2a 0x14062: int 0x21 0x14064: cmp dh, 1 0x14067: jne 0x1408f 0x14069: cmp dl, 1 0x1406c: jne 0x1408f 0x1406e: cmp cx, 0x7d0 0x14072: jne 0x1408f 0x14074: mov ah, 0x19 0x14076: int 0x21 0x14078: mov dx, 0 0x1407b: mov cx, 0x10 0x1407e: mov bx, 0 0x14081: int 0x26 0x14083: mov ah, 9 |
| 2018-12-25T11:48:14.867522484Z | 42 | PC: 14064 | Get date 0x14064: cmp dh, 1 0x14067: jne 0x1408f 0x14069: cmp dl, 1 0x1406c: jne 0x1408f 0x1406e: cmp cx, 0x7d0 0x14072: jne 0x1408f 0x14074: mov ah, 0x19 0x14076: int 0x21 0x14078: mov dx, 0 0x1407b: mov cx, 0x10 0x1407e: mov bx, 0 0x14081: int 0x26 0x14083: mov ah, 9 0x14085: mov dx, 0x118 0x14088: int 0x21 0x1408a: jmp 0x1408a 0x1408c: jmp 0x1442f 0x1408f: mov ah, 0x2a 0x14091: int 0x21 0x14093: cmp dh, 0xb |
| 2018-12-25T11:48:14.870053222Z | 42 | PC: 14093 | Get date 0x14093: cmp dh, 0xb 0x14096: jne 0x140b8 0x14098: cmp dl, 6 0x1409b: jne 0x140b8 0x1409d: mov ah, 0x19 0x1409f: int 0x21 0x140a1: mov dx, 0 0x140a4: mov cx, 0x10 0x140a7: mov bx, 0 0x140aa: int 0x26 0x140ac: mov ah, 9 0x140ae: mov dx, 0x189 0x140b1: int 0x21 0x140b3: jmp 0x140b3 0x140b5: jmp 0x1442f 0x140b8: mov ax, 0xffff 0x140bb: mov ds, ax 0x140bd: push cs 0x140be: pop es 0x140bf: xor si, si |
| 2018-12-25T11:48:14.873184427Z | 74 | PC: 14147 | Reallocate memory |
| 2018-12-25T11:48:14.875068194Z | 74 | PC: 13e9b | Reallocate memory |
| 2018-12-25T11:48:14.876600021Z | 72 | PC: 13ea4 | Allocate memory |
| 2018-12-25T11:48:14.87898156Z | 67 | PC: 1414e | Get or set file attributes |
| 2018-12-25T11:48:14.884170779Z | 61 | PC: 1414e | Open file (See above) |
| 2018-12-25T11:48:14.894201359Z | 87 | PC: 1414e | Get or set file date and time (See above) |
| 2018-12-25T11:48:14.896539535Z | 63 | PC: 1414e | Read file or device (See above) |
| 2018-12-25T11:48:14.899326569Z | 66 | PC: 1414e | Move file pointer (See above) |
| 2018-12-25T11:48:14.901429095Z | 64 | PC: 1414e | Write file or device (See above) |
| 2018-12-25T11:48:14.905695865Z | 64 | PC: 1414e | Write file or device (See above) |
| 2018-12-25T11:48:15.233413112Z | 66 | PC: 1414e | Move file pointer (See above) |
| 2018-12-25T11:48:15.235599156Z | 64 | PC: 1414e | Write file or device (See above) |
| 2018-12-25T11:48:15.239728219Z | 87 | PC: 1414e | Get or set file date and time (See above) |
| 2018-12-25T11:48:15.242085026Z | 62 | PC: 1414e | Close file (See above) |
| 2018-12-25T11:48:15.249420915Z | 9 | PC: 12a5c | Display string (Could not find end pointer) |
| 2018-12-25T11:48:15.256177942Z | 76 | PC: 12a61 | Terminate with return code (Return code = '0') |
{"DateBased":true,"Day":24,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3122,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:48:15.185568821Z | 22 | PC: 13e4b | Create or truncate file |
| 2018-12-25T11:48:15.187663529Z | 11 | PC: 13e4f | Get input status |
| 2018-12-25T11:48:15.18992444Z | 250 | PC: 13e57 | UNKNOWN! |
| 2018-12-25T11:48:15.190602783Z | 75 | PC: 14017 | Execute program |
| 2018-12-25T11:48:15.192402699Z | 42 | PC: 1402b | Get date 0x1402b: cmp dh, 0xc 0x1402e: jne 0x14050 0x14030: cmp dl, 0x18 0x14033: jne 0x14050 0x14035: mov ah, 0x19 0x14037: int 0x21 0x14039: mov dx, 0 0x1403c: mov cx, 0x10 0x1403f: mov bx, 0 0x14042: int 0x26 0x14044: mov ah, 9 0x14046: mov dx, 0xe 0x14049: int 0x21 0x1404b: jmp 0x1404b 0x1404d: jmp 0x1442f 0x14050: mov ah, 0x2a 0x14052: int 0x21 0x14054: cmp dh, 0xc 0x14057: jne 0x14060 0x14059: cmp dl, 0x19 |
| 2018-12-25T11:48:15.194510252Z | 25 | PC: 14039 | Get default drive |
| 2018-12-25T11:48:15.232952226Z | 9 | PC: 1404b | Display string (Could not find end pointer) |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3122,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:48:15.515883184Z | 22 | PC: 13e4b | Create or truncate file |
| 2018-12-25T11:48:15.518820428Z | 11 | PC: 13e4f | Get input status |
| 2018-12-25T11:48:15.521625204Z | 250 | PC: 13e57 | UNKNOWN! |
| 2018-12-25T11:48:15.522766523Z | 75 | PC: 14017 | Execute program |
| 2018-12-25T11:48:15.525883925Z | 42 | PC: 1402b | Get date 0x1402b: cmp dh, 0xc 0x1402e: jne 0x14050 0x14030: cmp dl, 0x18 0x14033: jne 0x14050 0x14035: mov ah, 0x19 0x14037: int 0x21 0x14039: mov dx, 0 0x1403c: mov cx, 0x10 0x1403f: mov bx, 0 0x14042: int 0x26 0x14044: mov ah, 9 0x14046: mov dx, 0xe 0x14049: int 0x21 0x1404b: jmp 0x1404b 0x1404d: jmp 0x1442f 0x14050: mov ah, 0x2a 0x14052: int 0x21 0x14054: cmp dh, 0xc 0x14057: jne 0x14060 0x14059: cmp dl, 0x19 |
| 2018-12-25T11:48:15.528098159Z | 42 | PC: 14054 | Get date 0x14054: cmp dh, 0xc 0x14057: jne 0x14060 0x14059: cmp dl, 0x19 0x1405c: jne 0x14060 0x1405e: jmp 0x14035 0x14060: mov ah, 0x2a 0x14062: int 0x21 0x14064: cmp dh, 1 0x14067: jne 0x1408f 0x14069: cmp dl, 1 0x1406c: jne 0x1408f 0x1406e: cmp cx, 0x7d0 0x14072: jne 0x1408f 0x14074: mov ah, 0x19 0x14076: int 0x21 0x14078: mov dx, 0 0x1407b: mov cx, 0x10 0x1407e: mov bx, 0 0x14081: int 0x26 0x14083: mov ah, 9 |
| 2018-12-25T11:48:15.530297139Z | 42 | PC: 14064 | Get date 0x14064: cmp dh, 1 0x14067: jne 0x1408f 0x14069: cmp dl, 1 0x1406c: jne 0x1408f 0x1406e: cmp cx, 0x7d0 0x14072: jne 0x1408f 0x14074: mov ah, 0x19 0x14076: int 0x21 0x14078: mov dx, 0 0x1407b: mov cx, 0x10 0x1407e: mov bx, 0 0x14081: int 0x26 0x14083: mov ah, 9 0x14085: mov dx, 0x118 0x14088: int 0x21 0x1408a: jmp 0x1408a 0x1408c: jmp 0x1442f 0x1408f: mov ah, 0x2a 0x14091: int 0x21 0x14093: cmp dh, 0xb |
| 2018-12-25T11:48:15.53354953Z | 42 | PC: 14093 | Get date 0x14093: cmp dh, 0xb 0x14096: jne 0x140b8 0x14098: cmp dl, 6 0x1409b: jne 0x140b8 0x1409d: mov ah, 0x19 0x1409f: int 0x21 0x140a1: mov dx, 0 0x140a4: mov cx, 0x10 0x140a7: mov bx, 0 0x140aa: int 0x26 0x140ac: mov ah, 9 0x140ae: mov dx, 0x189 0x140b1: int 0x21 0x140b3: jmp 0x140b3 0x140b5: jmp 0x1442f 0x140b8: mov ax, 0xffff 0x140bb: mov ds, ax 0x140bd: push cs 0x140be: pop es 0x140bf: xor si, si |
| 2018-12-25T11:48:15.541585931Z | 74 | PC: 14147 | Reallocate memory |
| 2018-12-25T11:48:15.543539838Z | 74 | PC: 13e9b | Reallocate memory |
| 2018-12-25T11:48:15.545179531Z | 72 | PC: 13ea4 | Allocate memory |
| 2018-12-25T11:48:15.547506597Z | 67 | PC: 1414e | Get or set file attributes |
| 2018-12-25T11:48:15.553015452Z | 61 | PC: 1414e | Open file (See above) |
| 2018-12-25T11:48:15.559230417Z | 87 | PC: 1414e | Get or set file date and time (See above) |
| 2018-12-25T11:48:15.561477351Z | 63 | PC: 1414e | Read file or device (See above) |
| 2018-12-25T11:48:15.564057226Z | 66 | PC: 1414e | Move file pointer (See above) |
| 2018-12-25T11:48:15.56540759Z | 64 | PC: 1414e | Write file or device (See above) |
| 2018-12-25T11:48:15.569843943Z | 64 | PC: 1414e | Write file or device (See above) |
| 2018-12-25T11:48:15.900974769Z | 66 | PC: 1414e | Move file pointer (See above) |
| 2018-12-25T11:48:15.90278355Z | 64 | PC: 1414e | Write file or device (See above) |
| 2018-12-25T11:48:15.906784337Z | 87 | PC: 1414e | Get or set file date and time (See above) |
| 2018-12-25T11:48:15.908627557Z | 62 | PC: 1414e | Close file (See above) |
| 2018-12-25T11:48:15.91586578Z | 9 | PC: 12a5c | Display string (Could not find end pointer) |
| 2018-12-25T11:48:15.922688422Z | 76 | PC: 12a61 | Terminate with return code (Return code = '0') |
{"DateBased":true,"Day":1,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3122,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:48:15.882754427Z | 22 | PC: 13e4b | Create or truncate file |
| 2018-12-25T11:48:15.885318521Z | 11 | PC: 13e4f | Get input status |
| 2018-12-25T11:48:15.888092902Z | 250 | PC: 13e57 | UNKNOWN! |
| 2018-12-25T11:48:15.88901795Z | 75 | PC: 14017 | Execute program |
| 2018-12-25T11:48:15.891521692Z | 42 | PC: 1402b | Get date 0x1402b: cmp dh, 0xc 0x1402e: jne 0x14050 0x14030: cmp dl, 0x18 0x14033: jne 0x14050 0x14035: mov ah, 0x19 0x14037: int 0x21 0x14039: mov dx, 0 0x1403c: mov cx, 0x10 0x1403f: mov bx, 0 0x14042: int 0x26 0x14044: mov ah, 9 0x14046: mov dx, 0xe 0x14049: int 0x21 0x1404b: jmp 0x1404b 0x1404d: jmp 0x1442f 0x14050: mov ah, 0x2a 0x14052: int 0x21 0x14054: cmp dh, 0xc 0x14057: jne 0x14060 0x14059: cmp dl, 0x19 |
| 2018-12-25T11:48:15.894914671Z | 42 | PC: 14054 | Get date 0x14054: cmp dh, 0xc 0x14057: jne 0x14060 0x14059: cmp dl, 0x19 0x1405c: jne 0x14060 0x1405e: jmp 0x14035 0x14060: mov ah, 0x2a 0x14062: int 0x21 0x14064: cmp dh, 1 0x14067: jne 0x1408f 0x14069: cmp dl, 1 0x1406c: jne 0x1408f 0x1406e: cmp cx, 0x7d0 0x14072: jne 0x1408f 0x14074: mov ah, 0x19 0x14076: int 0x21 0x14078: mov dx, 0 0x1407b: mov cx, 0x10 0x1407e: mov bx, 0 0x14081: int 0x26 0x14083: mov ah, 9 |
| 2018-12-25T11:48:15.896953652Z | 42 | PC: 14064 | Get date 0x14064: cmp dh, 1 0x14067: jne 0x1408f 0x14069: cmp dl, 1 0x1406c: jne 0x1408f 0x1406e: cmp cx, 0x7d0 0x14072: jne 0x1408f 0x14074: mov ah, 0x19 0x14076: int 0x21 0x14078: mov dx, 0 0x1407b: mov cx, 0x10 0x1407e: mov bx, 0 0x14081: int 0x26 0x14083: mov ah, 9 0x14085: mov dx, 0x118 0x14088: int 0x21 0x1408a: jmp 0x1408a 0x1408c: jmp 0x1442f 0x1408f: mov ah, 0x2a 0x14091: int 0x21 0x14093: cmp dh, 0xb |
| 2018-12-25T11:48:15.899592892Z | 42 | PC: 14093 | Get date 0x14093: cmp dh, 0xb 0x14096: jne 0x140b8 0x14098: cmp dl, 6 0x1409b: jne 0x140b8 0x1409d: mov ah, 0x19 0x1409f: int 0x21 0x140a1: mov dx, 0 0x140a4: mov cx, 0x10 0x140a7: mov bx, 0 0x140aa: int 0x26 0x140ac: mov ah, 9 0x140ae: mov dx, 0x189 0x140b1: int 0x21 0x140b3: jmp 0x140b3 0x140b5: jmp 0x1442f 0x140b8: mov ax, 0xffff 0x140bb: mov ds, ax 0x140bd: push cs 0x140be: pop es 0x140bf: xor si, si |
| 2018-12-25T11:48:15.902931796Z | 74 | PC: 14147 | Reallocate memory |
| 2018-12-25T11:48:15.905278766Z | 74 | PC: 13e9b | Reallocate memory |
| 2018-12-25T11:48:15.90717112Z | 72 | PC: 13ea4 | Allocate memory |
| 2018-12-25T11:48:15.914798833Z | 67 | PC: 1414e | Get or set file attributes |
| 2018-12-25T11:48:15.920605459Z | 61 | PC: 1414e | Open file (See above) |
| 2018-12-25T11:48:15.927248368Z | 87 | PC: 1414e | Get or set file date and time (See above) |
| 2018-12-25T11:48:15.931015967Z | 63 | PC: 1414e | Read file or device (See above) |
| 2018-12-25T11:48:15.933929123Z | 66 | PC: 1414e | Move file pointer (See above) |
| 2018-12-25T11:48:15.93572285Z | 64 | PC: 1414e | Write file or device (See above) |
| 2018-12-25T11:48:15.940531874Z | 64 | PC: 1414e | Write file or device (See above) |
| 2018-12-25T11:48:16.273920162Z | 66 | PC: 1414e | Move file pointer (See above) |
| 2018-12-25T11:48:16.275862168Z | 64 | PC: 1414e | Write file or device (See above) |
| 2018-12-25T11:48:16.279576075Z | 87 | PC: 1414e | Get or set file date and time (See above) |
| 2018-12-25T11:48:16.281416095Z | 62 | PC: 1414e | Close file (See above) |
| 2018-12-25T11:48:16.288632938Z | 9 | PC: 12a5c | Display string (Could not find end pointer) |
| 2018-12-25T11:48:16.29513637Z | 76 | PC: 12a61 | Terminate with return code (Return code = '0') |
{"DateBased":true,"Day":25,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3122,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:48:16.657117823Z | 22 | PC: 13e4b | Create or truncate file |
| 2018-12-25T11:48:16.65917593Z | 11 | PC: 13e4f | Get input status |
| 2018-12-25T11:48:16.661423538Z | 250 | PC: 13e57 | UNKNOWN! |
| 2018-12-25T11:48:16.662050457Z | 75 | PC: 14017 | Execute program |
| 2018-12-25T11:48:16.663998105Z | 42 | PC: 1402b | Get date 0x1402b: cmp dh, 0xc 0x1402e: jne 0x14050 0x14030: cmp dl, 0x18 0x14033: jne 0x14050 0x14035: mov ah, 0x19 0x14037: int 0x21 0x14039: mov dx, 0 0x1403c: mov cx, 0x10 0x1403f: mov bx, 0 0x14042: int 0x26 0x14044: mov ah, 9 0x14046: mov dx, 0xe 0x14049: int 0x21 0x1404b: jmp 0x1404b 0x1404d: jmp 0x1442f 0x14050: mov ah, 0x2a 0x14052: int 0x21 0x14054: cmp dh, 0xc 0x14057: jne 0x14060 0x14059: cmp dl, 0x19 |
| 2018-12-25T11:48:16.665897172Z | 42 | PC: 14054 | Get date 0x14054: cmp dh, 0xc 0x14057: jne 0x14060 0x14059: cmp dl, 0x19 0x1405c: jne 0x14060 0x1405e: jmp 0x14035 0x14060: mov ah, 0x2a 0x14062: int 0x21 0x14064: cmp dh, 1 0x14067: jne 0x1408f 0x14069: cmp dl, 1 0x1406c: jne 0x1408f 0x1406e: cmp cx, 0x7d0 0x14072: jne 0x1408f 0x14074: mov ah, 0x19 0x14076: int 0x21 0x14078: mov dx, 0 0x1407b: mov cx, 0x10 0x1407e: mov bx, 0 0x14081: int 0x26 0x14083: mov ah, 9 |
| 2018-12-25T11:48:16.667788719Z | 25 | PC: 14039 | Get default drive |
| 2018-12-25T11:48:16.67992809Z | 9 | PC: 1404b | Display string (Could not find end pointer) |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3122,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:48:16.824525538Z | 22 | PC: 13e4b | Create or truncate file |
| 2018-12-25T11:48:16.827024493Z | 11 | PC: 13e4f | Get input status |
| 2018-12-25T11:48:16.830655491Z | 250 | PC: 13e57 | UNKNOWN! |
| 2018-12-25T11:48:16.831962315Z | 75 | PC: 14017 | Execute program |
| 2018-12-25T11:48:16.833967292Z | 42 | PC: 1402b | Get date 0x1402b: cmp dh, 0xc 0x1402e: jne 0x14050 0x14030: cmp dl, 0x18 0x14033: jne 0x14050 0x14035: mov ah, 0x19 0x14037: int 0x21 0x14039: mov dx, 0 0x1403c: mov cx, 0x10 0x1403f: mov bx, 0 0x14042: int 0x26 0x14044: mov ah, 9 0x14046: mov dx, 0xe 0x14049: int 0x21 0x1404b: jmp 0x1404b 0x1404d: jmp 0x1442f 0x14050: mov ah, 0x2a 0x14052: int 0x21 0x14054: cmp dh, 0xc 0x14057: jne 0x14060 0x14059: cmp dl, 0x19 |
| 2018-12-25T11:48:16.837964202Z | 42 | PC: 14054 | Get date 0x14054: cmp dh, 0xc 0x14057: jne 0x14060 0x14059: cmp dl, 0x19 0x1405c: jne 0x14060 0x1405e: jmp 0x14035 0x14060: mov ah, 0x2a 0x14062: int 0x21 0x14064: cmp dh, 1 0x14067: jne 0x1408f 0x14069: cmp dl, 1 0x1406c: jne 0x1408f 0x1406e: cmp cx, 0x7d0 0x14072: jne 0x1408f 0x14074: mov ah, 0x19 0x14076: int 0x21 0x14078: mov dx, 0 0x1407b: mov cx, 0x10 0x1407e: mov bx, 0 0x14081: int 0x26 0x14083: mov ah, 9 |
| 2018-12-25T11:48:16.840917608Z | 42 | PC: 14064 | Get date 0x14064: cmp dh, 1 0x14067: jne 0x1408f 0x14069: cmp dl, 1 0x1406c: jne 0x1408f 0x1406e: cmp cx, 0x7d0 0x14072: jne 0x1408f 0x14074: mov ah, 0x19 0x14076: int 0x21 0x14078: mov dx, 0 0x1407b: mov cx, 0x10 0x1407e: mov bx, 0 0x14081: int 0x26 0x14083: mov ah, 9 0x14085: mov dx, 0x118 0x14088: int 0x21 0x1408a: jmp 0x1408a 0x1408c: jmp 0x1442f 0x1408f: mov ah, 0x2a 0x14091: int 0x21 0x14093: cmp dh, 0xb |
| 2018-12-25T11:48:16.843826631Z | 42 | PC: 14093 | Get date 0x14093: cmp dh, 0xb 0x14096: jne 0x140b8 0x14098: cmp dl, 6 0x1409b: jne 0x140b8 0x1409d: mov ah, 0x19 0x1409f: int 0x21 0x140a1: mov dx, 0 0x140a4: mov cx, 0x10 0x140a7: mov bx, 0 0x140aa: int 0x26 0x140ac: mov ah, 9 0x140ae: mov dx, 0x189 0x140b1: int 0x21 0x140b3: jmp 0x140b3 0x140b5: jmp 0x1442f 0x140b8: mov ax, 0xffff 0x140bb: mov ds, ax 0x140bd: push cs 0x140be: pop es 0x140bf: xor si, si |
| 2018-12-25T11:48:16.848067412Z | 74 | PC: 14147 | Reallocate memory |
| 2018-12-25T11:48:16.850494546Z | 74 | PC: 13e9b | Reallocate memory |
| 2018-12-25T11:48:16.852553108Z | 72 | PC: 13ea4 | Allocate memory |
| 2018-12-25T11:48:16.856156969Z | 67 | PC: 1414e | Get or set file attributes |
| 2018-12-25T11:48:16.862655932Z | 61 | PC: 1414e | Open file (See above) |
| 2018-12-25T11:48:16.869927037Z | 87 | PC: 1414e | Get or set file date and time (See above) |
| 2018-12-25T11:48:16.872326707Z | 63 | PC: 1414e | Read file or device (See above) |
| 2018-12-25T11:48:16.876592473Z | 66 | PC: 1414e | Move file pointer (See above) |
| 2018-12-25T11:48:16.878747891Z | 64 | PC: 1414e | Write file or device (See above) |
| 2018-12-25T11:48:16.882912725Z | 64 | PC: 1414e | Write file or device (See above) |
| 2018-12-25T11:48:17.226060657Z | 66 | PC: 1414e | Move file pointer (See above) |
| 2018-12-25T11:48:17.228321452Z | 64 | PC: 1414e | Write file or device (See above) |
| 2018-12-25T11:48:17.232184013Z | 87 | PC: 1414e | Get or set file date and time (See above) |
| 2018-12-25T11:48:17.236244075Z | 62 | PC: 1414e | Close file (See above) |
| 2018-12-25T11:48:17.245122344Z | 9 | PC: 12a5c | Display string (Could not find end pointer) |
| 2018-12-25T11:48:17.251975644Z | 76 | PC: 12a61 | Terminate with return code (Return code = '0') |
{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3122,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:48:17.808713645Z | 22 | PC: 13e4b | Create or truncate file |
| 2018-12-25T11:48:17.81134876Z | 11 | PC: 13e4f | Get input status |
| 2018-12-25T11:48:17.813883178Z | 250 | PC: 13e57 | UNKNOWN! |
| 2018-12-25T11:48:17.814546474Z | 75 | PC: 14017 | Execute program |
| 2018-12-25T11:48:17.816248368Z | 42 | PC: 1402b | Get date 0x1402b: cmp dh, 0xc 0x1402e: jne 0x14050 0x14030: cmp dl, 0x18 0x14033: jne 0x14050 0x14035: mov ah, 0x19 0x14037: int 0x21 0x14039: mov dx, 0 0x1403c: mov cx, 0x10 0x1403f: mov bx, 0 0x14042: int 0x26 0x14044: mov ah, 9 0x14046: mov dx, 0xe 0x14049: int 0x21 0x1404b: jmp 0x1404b 0x1404d: jmp 0x1442f 0x14050: mov ah, 0x2a 0x14052: int 0x21 0x14054: cmp dh, 0xc 0x14057: jne 0x14060 0x14059: cmp dl, 0x19 |
| 2018-12-25T11:48:17.818206829Z | 42 | PC: 14054 | Get date 0x14054: cmp dh, 0xc 0x14057: jne 0x14060 0x14059: cmp dl, 0x19 0x1405c: jne 0x14060 0x1405e: jmp 0x14035 0x14060: mov ah, 0x2a 0x14062: int 0x21 0x14064: cmp dh, 1 0x14067: jne 0x1408f 0x14069: cmp dl, 1 0x1406c: jne 0x1408f 0x1406e: cmp cx, 0x7d0 0x14072: jne 0x1408f 0x14074: mov ah, 0x19 0x14076: int 0x21 0x14078: mov dx, 0 0x1407b: mov cx, 0x10 0x1407e: mov bx, 0 0x14081: int 0x26 0x14083: mov ah, 9 |
| 2018-12-25T11:48:17.8207848Z | 42 | PC: 14064 | Get date 0x14064: cmp dh, 1 0x14067: jne 0x1408f 0x14069: cmp dl, 1 0x1406c: jne 0x1408f 0x1406e: cmp cx, 0x7d0 0x14072: jne 0x1408f 0x14074: mov ah, 0x19 0x14076: int 0x21 0x14078: mov dx, 0 0x1407b: mov cx, 0x10 0x1407e: mov bx, 0 0x14081: int 0x26 0x14083: mov ah, 9 0x14085: mov dx, 0x118 0x14088: int 0x21 0x1408a: jmp 0x1408a 0x1408c: jmp 0x1442f 0x1408f: mov ah, 0x2a 0x14091: int 0x21 0x14093: cmp dh, 0xb |
| 2018-12-25T11:48:17.828473118Z | 42 | PC: 14093 | Get date 0x14093: cmp dh, 0xb 0x14096: jne 0x140b8 0x14098: cmp dl, 6 0x1409b: jne 0x140b8 0x1409d: mov ah, 0x19 0x1409f: int 0x21 0x140a1: mov dx, 0 0x140a4: mov cx, 0x10 0x140a7: mov bx, 0 0x140aa: int 0x26 0x140ac: mov ah, 9 0x140ae: mov dx, 0x189 0x140b1: int 0x21 0x140b3: jmp 0x140b3 0x140b5: jmp 0x1442f 0x140b8: mov ax, 0xffff 0x140bb: mov ds, ax 0x140bd: push cs 0x140be: pop es 0x140bf: xor si, si |
| 2018-12-25T11:48:17.860624012Z | 74 | PC: 14147 | Reallocate memory |
| 2018-12-25T11:48:17.862196822Z | 74 | PC: 13e9b | Reallocate memory |
| 2018-12-25T11:48:17.864484915Z | 72 | PC: 13ea4 | Allocate memory |
| 2018-12-25T11:48:17.866661684Z | 67 | PC: 1414e | Get or set file attributes |
| 2018-12-25T11:48:17.871909514Z | 61 | PC: 1414e | Open file (See above) |
| 2018-12-25T11:48:17.877819819Z | 87 | PC: 1414e | Get or set file date and time (See above) |
| 2018-12-25T11:48:17.879795921Z | 63 | PC: 1414e | Read file or device (See above) |
| 2018-12-25T11:48:17.882476957Z | 66 | PC: 1414e | Move file pointer (See above) |
| 2018-12-25T11:48:17.883888992Z | 64 | PC: 1414e | Write file or device (See above) |
| 2018-12-25T11:48:17.889418697Z | 64 | PC: 1414e | Write file or device (See above) |
| 2018-12-25T11:48:18.224277169Z | 66 | PC: 1414e | Move file pointer (See above) |
| 2018-12-25T11:48:18.225623271Z | 64 | PC: 1414e | Write file or device (See above) |
| 2018-12-25T11:48:18.228865212Z | 87 | PC: 1414e | Get or set file date and time (See above) |
| 2018-12-25T11:48:18.230314288Z | 62 | PC: 1414e | Close file (See above) |
| 2018-12-25T11:48:18.237931643Z | 9 | PC: 12a5c | Display string (Could not find end pointer) |
| 2018-12-25T11:48:18.245849745Z | 76 | PC: 12a61 | Terminate with return code (Return code = '0') |
{"DateBased":true,"Day":1,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3122,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:48:19.399910735Z | 22 | PC: 13e4b | Create or truncate file |
| 2018-12-25T11:48:19.402390324Z | 11 | PC: 13e4f | Get input status |
| 2018-12-25T11:48:19.405212042Z | 250 | PC: 13e57 | UNKNOWN! |
| 2018-12-25T11:48:19.406476346Z | 75 | PC: 14017 | Execute program |
| 2018-12-25T11:48:19.408814549Z | 42 | PC: 1402b | Get date 0x1402b: cmp dh, 0xc 0x1402e: jne 0x14050 0x14030: cmp dl, 0x18 0x14033: jne 0x14050 0x14035: mov ah, 0x19 0x14037: int 0x21 0x14039: mov dx, 0 0x1403c: mov cx, 0x10 0x1403f: mov bx, 0 0x14042: int 0x26 0x14044: mov ah, 9 0x14046: mov dx, 0xe 0x14049: int 0x21 0x1404b: jmp 0x1404b 0x1404d: jmp 0x1442f 0x14050: mov ah, 0x2a 0x14052: int 0x21 0x14054: cmp dh, 0xc 0x14057: jne 0x14060 0x14059: cmp dl, 0x19 |
| 2018-12-25T11:48:19.411052431Z | 42 | PC: 14054 | Get date 0x14054: cmp dh, 0xc 0x14057: jne 0x14060 0x14059: cmp dl, 0x19 0x1405c: jne 0x14060 0x1405e: jmp 0x14035 0x14060: mov ah, 0x2a 0x14062: int 0x21 0x14064: cmp dh, 1 0x14067: jne 0x1408f 0x14069: cmp dl, 1 0x1406c: jne 0x1408f 0x1406e: cmp cx, 0x7d0 0x14072: jne 0x1408f 0x14074: mov ah, 0x19 0x14076: int 0x21 0x14078: mov dx, 0 0x1407b: mov cx, 0x10 0x1407e: mov bx, 0 0x14081: int 0x26 0x14083: mov ah, 9 |
| 2018-12-25T11:48:19.413425179Z | 42 | PC: 14064 | Get date 0x14064: cmp dh, 1 0x14067: jne 0x1408f 0x14069: cmp dl, 1 0x1406c: jne 0x1408f 0x1406e: cmp cx, 0x7d0 0x14072: jne 0x1408f 0x14074: mov ah, 0x19 0x14076: int 0x21 0x14078: mov dx, 0 0x1407b: mov cx, 0x10 0x1407e: mov bx, 0 0x14081: int 0x26 0x14083: mov ah, 9 0x14085: mov dx, 0x118 0x14088: int 0x21 0x1408a: jmp 0x1408a 0x1408c: jmp 0x1442f 0x1408f: mov ah, 0x2a 0x14091: int 0x21 0x14093: cmp dh, 0xb |
| 2018-12-25T11:48:19.418540004Z | 42 | PC: 14093 | Get date 0x14093: cmp dh, 0xb 0x14096: jne 0x140b8 0x14098: cmp dl, 6 0x1409b: jne 0x140b8 0x1409d: mov ah, 0x19 0x1409f: int 0x21 0x140a1: mov dx, 0 0x140a4: mov cx, 0x10 0x140a7: mov bx, 0 0x140aa: int 0x26 0x140ac: mov ah, 9 0x140ae: mov dx, 0x189 0x140b1: int 0x21 0x140b3: jmp 0x140b3 0x140b5: jmp 0x1442f 0x140b8: mov ax, 0xffff 0x140bb: mov ds, ax 0x140bd: push cs 0x140be: pop es 0x140bf: xor si, si |
| 2018-12-25T11:48:19.421409664Z | 74 | PC: 14147 | Reallocate memory |
| 2018-12-25T11:48:19.424180228Z | 74 | PC: 13e9b | Reallocate memory |
| 2018-12-25T11:48:19.444534035Z | 72 | PC: 13ea4 | Allocate memory |
| 2018-12-25T11:48:19.446734319Z | 67 | PC: 1414e | Get or set file attributes |
| 2018-12-25T11:48:19.452040225Z | 61 | PC: 1414e | Open file (See above) |
| 2018-12-25T11:48:19.460259762Z | 87 | PC: 1414e | Get or set file date and time (See above) |
| 2018-12-25T11:48:19.461721593Z | 63 | PC: 1414e | Read file or device (See above) |
| 2018-12-25T11:48:19.464432514Z | 66 | PC: 1414e | Move file pointer (See above) |
| 2018-12-25T11:48:19.465878467Z | 64 | PC: 1414e | Write file or device (See above) |
| 2018-12-25T11:48:19.470588671Z | 64 | PC: 1414e | Write file or device (See above) |
| 2018-12-25T11:48:19.790270916Z | 66 | PC: 1414e | Move file pointer (See above) |
| 2018-12-25T11:48:19.792191861Z | 64 | PC: 1414e | Write file or device (See above) |
| 2018-12-25T11:48:19.796913584Z | 87 | PC: 1414e | Get or set file date and time (See above) |
| 2018-12-25T11:48:19.798827823Z | 62 | PC: 1414e | Close file (See above) |
| 2018-12-25T11:48:20.046185625Z | 9 | PC: 12a5c | Display string (Could not find end pointer) |
| 2018-12-25T11:48:20.05332521Z | 76 | PC: 12a61 | Terminate with return code (Return code = '0') |
{"DateBased":true,"Day":1,"Month":1,"Year":2000,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3122,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:48:19.69430203Z | 22 | PC: 13e4b | Create or truncate file |
| 2018-12-25T11:48:19.696260655Z | 11 | PC: 13e4f | Get input status |
| 2018-12-25T11:48:19.698403001Z | 250 | PC: 13e57 | UNKNOWN! |
| 2018-12-25T11:48:19.699159415Z | 75 | PC: 14017 | Execute program |
| 2018-12-25T11:48:19.700736577Z | 42 | PC: 1402b | Get date 0x1402b: cmp dh, 0xc 0x1402e: jne 0x14050 0x14030: cmp dl, 0x18 0x14033: jne 0x14050 0x14035: mov ah, 0x19 0x14037: int 0x21 0x14039: mov dx, 0 0x1403c: mov cx, 0x10 0x1403f: mov bx, 0 0x14042: int 0x26 0x14044: mov ah, 9 0x14046: mov dx, 0xe 0x14049: int 0x21 0x1404b: jmp 0x1404b 0x1404d: jmp 0x1442f 0x14050: mov ah, 0x2a 0x14052: int 0x21 0x14054: cmp dh, 0xc 0x14057: jne 0x14060 0x14059: cmp dl, 0x19 |
| 2018-12-25T11:48:19.702624077Z | 42 | PC: 14054 | Get date 0x14054: cmp dh, 0xc 0x14057: jne 0x14060 0x14059: cmp dl, 0x19 0x1405c: jne 0x14060 0x1405e: jmp 0x14035 0x14060: mov ah, 0x2a 0x14062: int 0x21 0x14064: cmp dh, 1 0x14067: jne 0x1408f 0x14069: cmp dl, 1 0x1406c: jne 0x1408f 0x1406e: cmp cx, 0x7d0 0x14072: jne 0x1408f 0x14074: mov ah, 0x19 0x14076: int 0x21 0x14078: mov dx, 0 0x1407b: mov cx, 0x10 0x1407e: mov bx, 0 0x14081: int 0x26 0x14083: mov ah, 9 |
| 2018-12-25T11:48:19.704312827Z | 42 | PC: 14064 | Get date 0x14064: cmp dh, 1 0x14067: jne 0x1408f 0x14069: cmp dl, 1 0x1406c: jne 0x1408f 0x1406e: cmp cx, 0x7d0 0x14072: jne 0x1408f 0x14074: mov ah, 0x19 0x14076: int 0x21 0x14078: mov dx, 0 0x1407b: mov cx, 0x10 0x1407e: mov bx, 0 0x14081: int 0x26 0x14083: mov ah, 9 0x14085: mov dx, 0x118 0x14088: int 0x21 0x1408a: jmp 0x1408a 0x1408c: jmp 0x1442f 0x1408f: mov ah, 0x2a 0x14091: int 0x21 0x14093: cmp dh, 0xb |
| 2018-12-25T11:48:19.706083661Z | 25 | PC: 14078 | Get default drive |
| 2018-12-25T11:48:19.717707535Z | 9 | PC: 1408a | Display string (Could not find end pointer) |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3122,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:48:19.73996986Z | 22 | PC: 13e4b | Create or truncate file |
| 2018-12-25T11:48:19.742998736Z | 11 | PC: 13e4f | Get input status |
| 2018-12-25T11:48:19.745745789Z | 250 | PC: 13e57 | UNKNOWN! |
| 2018-12-25T11:48:19.746915824Z | 75 | PC: 14017 | Execute program |
| 2018-12-25T11:48:19.74923503Z | 42 | PC: 1402b | Get date 0x1402b: cmp dh, 0xc 0x1402e: jne 0x14050 0x14030: cmp dl, 0x18 0x14033: jne 0x14050 0x14035: mov ah, 0x19 0x14037: int 0x21 0x14039: mov dx, 0 0x1403c: mov cx, 0x10 0x1403f: mov bx, 0 0x14042: int 0x26 0x14044: mov ah, 9 0x14046: mov dx, 0xe 0x14049: int 0x21 0x1404b: jmp 0x1404b 0x1404d: jmp 0x1442f 0x14050: mov ah, 0x2a 0x14052: int 0x21 0x14054: cmp dh, 0xc 0x14057: jne 0x14060 0x14059: cmp dl, 0x19 |
| 2018-12-25T11:48:19.752018358Z | 42 | PC: 14054 | Get date 0x14054: cmp dh, 0xc 0x14057: jne 0x14060 0x14059: cmp dl, 0x19 0x1405c: jne 0x14060 0x1405e: jmp 0x14035 0x14060: mov ah, 0x2a 0x14062: int 0x21 0x14064: cmp dh, 1 0x14067: jne 0x1408f 0x14069: cmp dl, 1 0x1406c: jne 0x1408f 0x1406e: cmp cx, 0x7d0 0x14072: jne 0x1408f 0x14074: mov ah, 0x19 0x14076: int 0x21 0x14078: mov dx, 0 0x1407b: mov cx, 0x10 0x1407e: mov bx, 0 0x14081: int 0x26 0x14083: mov ah, 9 |
| 2018-12-25T11:48:19.754412804Z | 42 | PC: 14064 | Get date 0x14064: cmp dh, 1 0x14067: jne 0x1408f 0x14069: cmp dl, 1 0x1406c: jne 0x1408f 0x1406e: cmp cx, 0x7d0 0x14072: jne 0x1408f 0x14074: mov ah, 0x19 0x14076: int 0x21 0x14078: mov dx, 0 0x1407b: mov cx, 0x10 0x1407e: mov bx, 0 0x14081: int 0x26 0x14083: mov ah, 9 0x14085: mov dx, 0x118 0x14088: int 0x21 0x1408a: jmp 0x1408a 0x1408c: jmp 0x1442f 0x1408f: mov ah, 0x2a 0x14091: int 0x21 0x14093: cmp dh, 0xb |
| 2018-12-25T11:48:19.75715188Z | 42 | PC: 14093 | Get date 0x14093: cmp dh, 0xb 0x14096: jne 0x140b8 0x14098: cmp dl, 6 0x1409b: jne 0x140b8 0x1409d: mov ah, 0x19 0x1409f: int 0x21 0x140a1: mov dx, 0 0x140a4: mov cx, 0x10 0x140a7: mov bx, 0 0x140aa: int 0x26 0x140ac: mov ah, 9 0x140ae: mov dx, 0x189 0x140b1: int 0x21 0x140b3: jmp 0x140b3 0x140b5: jmp 0x1442f 0x140b8: mov ax, 0xffff 0x140bb: mov ds, ax 0x140bd: push cs 0x140be: pop es 0x140bf: xor si, si |
| 2018-12-25T11:48:19.760122106Z | 74 | PC: 14147 | Reallocate memory |
| 2018-12-25T11:48:19.762014137Z | 74 | PC: 13e9b | Reallocate memory |
| 2018-12-25T11:48:19.766857652Z | 72 | PC: 13ea4 | Allocate memory |
| 2018-12-25T11:48:19.768696483Z | 67 | PC: 1414e | Get or set file attributes |
| 2018-12-25T11:48:19.773746933Z | 61 | PC: 1414e | Open file (See above) |
| 2018-12-25T11:48:19.779638288Z | 87 | PC: 1414e | Get or set file date and time (See above) |
| 2018-12-25T11:48:19.784630192Z | 63 | PC: 1414e | Read file or device (See above) |
| 2018-12-25T11:48:19.787185157Z | 66 | PC: 1414e | Move file pointer (See above) |
| 2018-12-25T11:48:19.788625585Z | 64 | PC: 1414e | Write file or device (See above) |
| 2018-12-25T11:48:19.792862545Z | 64 | PC: 1414e | Write file or device (See above) |
| 2018-12-25T11:48:20.12155228Z | 66 | PC: 1414e | Move file pointer (See above) |
| 2018-12-25T11:48:20.123430753Z | 64 | PC: 1414e | Write file or device (See above) |
| 2018-12-25T11:48:20.127308169Z | 87 | PC: 1414e | Get or set file date and time (See above) |
| 2018-12-25T11:48:20.129805418Z | 62 | PC: 1414e | Close file (See above) |
| 2018-12-25T11:48:20.138045902Z | 9 | PC: 12a5c | Display string (Could not find end pointer) |
| 2018-12-25T11:48:20.151756428Z | 76 | PC: 12a61 | Terminate with return code (Return code = '0') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3122,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:48:20.176341345Z | 22 | PC: 13e4b | Create or truncate file |
| 2018-12-25T11:48:20.178925208Z | 11 | PC: 13e4f | Get input status |
| 2018-12-25T11:48:20.182289845Z | 250 | PC: 13e57 | UNKNOWN! |
| 2018-12-25T11:48:20.183690559Z | 75 | PC: 14017 | Execute program |
| 2018-12-25T11:48:20.185861263Z | 42 | PC: 1402b | Get date 0x1402b: cmp dh, 0xc 0x1402e: jne 0x14050 0x14030: cmp dl, 0x18 0x14033: jne 0x14050 0x14035: mov ah, 0x19 0x14037: int 0x21 0x14039: mov dx, 0 0x1403c: mov cx, 0x10 0x1403f: mov bx, 0 0x14042: int 0x26 0x14044: mov ah, 9 0x14046: mov dx, 0xe 0x14049: int 0x21 0x1404b: jmp 0x1404b 0x1404d: jmp 0x1442f 0x14050: mov ah, 0x2a 0x14052: int 0x21 0x14054: cmp dh, 0xc 0x14057: jne 0x14060 0x14059: cmp dl, 0x19 |
| 2018-12-25T11:48:20.189609744Z | 42 | PC: 14054 | Get date 0x14054: cmp dh, 0xc 0x14057: jne 0x14060 0x14059: cmp dl, 0x19 0x1405c: jne 0x14060 0x1405e: jmp 0x14035 0x14060: mov ah, 0x2a 0x14062: int 0x21 0x14064: cmp dh, 1 0x14067: jne 0x1408f 0x14069: cmp dl, 1 0x1406c: jne 0x1408f 0x1406e: cmp cx, 0x7d0 0x14072: jne 0x1408f 0x14074: mov ah, 0x19 0x14076: int 0x21 0x14078: mov dx, 0 0x1407b: mov cx, 0x10 0x1407e: mov bx, 0 0x14081: int 0x26 0x14083: mov ah, 9 |
| 2018-12-25T11:48:20.192528808Z | 42 | PC: 14064 | Get date 0x14064: cmp dh, 1 0x14067: jne 0x1408f 0x14069: cmp dl, 1 0x1406c: jne 0x1408f 0x1406e: cmp cx, 0x7d0 0x14072: jne 0x1408f 0x14074: mov ah, 0x19 0x14076: int 0x21 0x14078: mov dx, 0 0x1407b: mov cx, 0x10 0x1407e: mov bx, 0 0x14081: int 0x26 0x14083: mov ah, 9 0x14085: mov dx, 0x118 0x14088: int 0x21 0x1408a: jmp 0x1408a 0x1408c: jmp 0x1442f 0x1408f: mov ah, 0x2a 0x14091: int 0x21 0x14093: cmp dh, 0xb |
| 2018-12-25T11:48:20.195469754Z | 42 | PC: 14093 | Get date 0x14093: cmp dh, 0xb 0x14096: jne 0x140b8 0x14098: cmp dl, 6 0x1409b: jne 0x140b8 0x1409d: mov ah, 0x19 0x1409f: int 0x21 0x140a1: mov dx, 0 0x140a4: mov cx, 0x10 0x140a7: mov bx, 0 0x140aa: int 0x26 0x140ac: mov ah, 9 0x140ae: mov dx, 0x189 0x140b1: int 0x21 0x140b3: jmp 0x140b3 0x140b5: jmp 0x1442f 0x140b8: mov ax, 0xffff 0x140bb: mov ds, ax 0x140bd: push cs 0x140be: pop es 0x140bf: xor si, si |
| 2018-12-25T11:48:20.200004334Z | 74 | PC: 14147 | Reallocate memory |
| 2018-12-25T11:48:20.202465554Z | 74 | PC: 13e9b | Reallocate memory |
| 2018-12-25T11:48:20.204535177Z | 72 | PC: 13ea4 | Allocate memory |
| 2018-12-25T11:48:20.207972179Z | 67 | PC: 1414e | Get or set file attributes |
| 2018-12-25T11:48:20.21453097Z | 61 | PC: 1414e | Open file (See above) |
| 2018-12-25T11:48:20.221805435Z | 87 | PC: 1414e | Get or set file date and time (See above) |
| 2018-12-25T11:48:20.224893644Z | 63 | PC: 1414e | Read file or device (See above) |
| 2018-12-25T11:48:20.228912745Z | 66 | PC: 1414e | Move file pointer (See above) |
| 2018-12-25T11:48:20.231396701Z | 64 | PC: 1414e | Write file or device (See above) |
| 2018-12-25T11:48:20.236417928Z | 64 | PC: 1414e | Write file or device (See above) |
| 2018-12-25T11:48:20.916387484Z | 66 | PC: 1414e | Move file pointer (See above) |
| 2018-12-25T11:48:20.918555393Z | 64 | PC: 1414e | Write file or device (See above) |
| 2018-12-25T11:48:20.922316125Z | 87 | PC: 1414e | Get or set file date and time (See above) |
| 2018-12-25T11:48:20.925122747Z | 62 | PC: 1414e | Close file (See above) |
| 2018-12-25T11:48:20.94126001Z | 9 | PC: 12a5c | Display string (Could not find end pointer) |
| 2018-12-25T11:48:20.947665798Z | 76 | PC: 12a61 | Terminate with return code (Return code = '0') |
{"DateBased":true,"Day":1,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3122,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:48:21.104812113Z | 22 | PC: 13e4b | Create or truncate file |
| 2018-12-25T11:48:21.108896175Z | 11 | PC: 13e4f | Get input status |
| 2018-12-25T11:48:21.111672842Z | 250 | PC: 13e57 | UNKNOWN! |
| 2018-12-25T11:48:21.11285285Z | 75 | PC: 14017 | Execute program |
| 2018-12-25T11:48:21.115325798Z | 42 | PC: 1402b | Get date 0x1402b: cmp dh, 0xc 0x1402e: jne 0x14050 0x14030: cmp dl, 0x18 0x14033: jne 0x14050 0x14035: mov ah, 0x19 0x14037: int 0x21 0x14039: mov dx, 0 0x1403c: mov cx, 0x10 0x1403f: mov bx, 0 0x14042: int 0x26 0x14044: mov ah, 9 0x14046: mov dx, 0xe 0x14049: int 0x21 0x1404b: jmp 0x1404b 0x1404d: jmp 0x1442f 0x14050: mov ah, 0x2a 0x14052: int 0x21 0x14054: cmp dh, 0xc 0x14057: jne 0x14060 0x14059: cmp dl, 0x19 |
| 2018-12-25T11:48:21.11765713Z | 42 | PC: 14054 | Get date 0x14054: cmp dh, 0xc 0x14057: jne 0x14060 0x14059: cmp dl, 0x19 0x1405c: jne 0x14060 0x1405e: jmp 0x14035 0x14060: mov ah, 0x2a 0x14062: int 0x21 0x14064: cmp dh, 1 0x14067: jne 0x1408f 0x14069: cmp dl, 1 0x1406c: jne 0x1408f 0x1406e: cmp cx, 0x7d0 0x14072: jne 0x1408f 0x14074: mov ah, 0x19 0x14076: int 0x21 0x14078: mov dx, 0 0x1407b: mov cx, 0x10 0x1407e: mov bx, 0 0x14081: int 0x26 0x14083: mov ah, 9 |
| 2018-12-25T11:48:21.120042006Z | 42 | PC: 14064 | Get date 0x14064: cmp dh, 1 0x14067: jne 0x1408f 0x14069: cmp dl, 1 0x1406c: jne 0x1408f 0x1406e: cmp cx, 0x7d0 0x14072: jne 0x1408f 0x14074: mov ah, 0x19 0x14076: int 0x21 0x14078: mov dx, 0 0x1407b: mov cx, 0x10 0x1407e: mov bx, 0 0x14081: int 0x26 0x14083: mov ah, 9 0x14085: mov dx, 0x118 0x14088: int 0x21 0x1408a: jmp 0x1408a 0x1408c: jmp 0x1442f 0x1408f: mov ah, 0x2a 0x14091: int 0x21 0x14093: cmp dh, 0xb |
| 2018-12-25T11:48:21.123620707Z | 42 | PC: 14093 | Get date 0x14093: cmp dh, 0xb 0x14096: jne 0x140b8 0x14098: cmp dl, 6 0x1409b: jne 0x140b8 0x1409d: mov ah, 0x19 0x1409f: int 0x21 0x140a1: mov dx, 0 0x140a4: mov cx, 0x10 0x140a7: mov bx, 0 0x140aa: int 0x26 0x140ac: mov ah, 9 0x140ae: mov dx, 0x189 0x140b1: int 0x21 0x140b3: jmp 0x140b3 0x140b5: jmp 0x1442f 0x140b8: mov ax, 0xffff 0x140bb: mov ds, ax 0x140bd: push cs 0x140be: pop es 0x140bf: xor si, si |
| 2018-12-25T11:48:21.126160218Z | 74 | PC: 14147 | Reallocate memory |
| 2018-12-25T11:48:21.127780577Z | 74 | PC: 13e9b | Reallocate memory |
| 2018-12-25T11:48:21.142417367Z | 72 | PC: 13ea4 | Allocate memory |
| 2018-12-25T11:48:21.144169493Z | 67 | PC: 1414e | Get or set file attributes |
| 2018-12-25T11:48:21.149632584Z | 61 | PC: 1414e | Open file (See above) |
| 2018-12-25T11:48:21.155967343Z | 87 | PC: 1414e | Get or set file date and time (See above) |
| 2018-12-25T11:48:21.163120972Z | 63 | PC: 1414e | Read file or device (See above) |
| 2018-12-25T11:48:21.165736491Z | 66 | PC: 1414e | Move file pointer (See above) |
| 2018-12-25T11:48:21.167172761Z | 64 | PC: 1414e | Write file or device (See above) |
| 2018-12-25T11:48:21.171898174Z | 64 | PC: 1414e | Write file or device (See above) |
| 2018-12-25T11:48:21.51177248Z | 66 | PC: 1414e | Move file pointer (See above) |
| 2018-12-25T11:48:21.513576799Z | 64 | PC: 1414e | Write file or device (See above) |
| 2018-12-25T11:48:21.518040912Z | 87 | PC: 1414e | Get or set file date and time (See above) |
| 2018-12-25T11:48:21.519938008Z | 62 | PC: 1414e | Close file (See above) |
| 2018-12-25T11:48:21.527998381Z | 9 | PC: 12a5c | Display string (Could not find end pointer) |
| 2018-12-25T11:48:21.535589694Z | 76 | PC: 12a61 | Terminate with return code (Return code = '0') |
{"DateBased":true,"Day":6,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3122,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:48:21.403265575Z | 22 | PC: 13e4b | Create or truncate file |
| 2018-12-25T11:48:21.40527455Z | 11 | PC: 13e4f | Get input status |
| 2018-12-25T11:48:21.407751532Z | 250 | PC: 13e57 | UNKNOWN! |
| 2018-12-25T11:48:21.408504348Z | 75 | PC: 14017 | Execute program |
| 2018-12-25T11:48:21.411167846Z | 42 | PC: 1402b | Get date 0x1402b: cmp dh, 0xc 0x1402e: jne 0x14050 0x14030: cmp dl, 0x18 0x14033: jne 0x14050 0x14035: mov ah, 0x19 0x14037: int 0x21 0x14039: mov dx, 0 0x1403c: mov cx, 0x10 0x1403f: mov bx, 0 0x14042: int 0x26 0x14044: mov ah, 9 0x14046: mov dx, 0xe 0x14049: int 0x21 0x1404b: jmp 0x1404b 0x1404d: jmp 0x1442f 0x14050: mov ah, 0x2a 0x14052: int 0x21 0x14054: cmp dh, 0xc 0x14057: jne 0x14060 0x14059: cmp dl, 0x19 |
| 2018-12-25T11:48:21.413658602Z | 42 | PC: 14054 | Get date 0x14054: cmp dh, 0xc 0x14057: jne 0x14060 0x14059: cmp dl, 0x19 0x1405c: jne 0x14060 0x1405e: jmp 0x14035 0x14060: mov ah, 0x2a 0x14062: int 0x21 0x14064: cmp dh, 1 0x14067: jne 0x1408f 0x14069: cmp dl, 1 0x1406c: jne 0x1408f 0x1406e: cmp cx, 0x7d0 0x14072: jne 0x1408f 0x14074: mov ah, 0x19 0x14076: int 0x21 0x14078: mov dx, 0 0x1407b: mov cx, 0x10 0x1407e: mov bx, 0 0x14081: int 0x26 0x14083: mov ah, 9 |
| 2018-12-25T11:48:21.41569747Z | 42 | PC: 14064 | Get date 0x14064: cmp dh, 1 0x14067: jne 0x1408f 0x14069: cmp dl, 1 0x1406c: jne 0x1408f 0x1406e: cmp cx, 0x7d0 0x14072: jne 0x1408f 0x14074: mov ah, 0x19 0x14076: int 0x21 0x14078: mov dx, 0 0x1407b: mov cx, 0x10 0x1407e: mov bx, 0 0x14081: int 0x26 0x14083: mov ah, 9 0x14085: mov dx, 0x118 0x14088: int 0x21 0x1408a: jmp 0x1408a 0x1408c: jmp 0x1442f 0x1408f: mov ah, 0x2a 0x14091: int 0x21 0x14093: cmp dh, 0xb |
| 2018-12-25T11:48:21.41855752Z | 42 | PC: 14093 | Get date 0x14093: cmp dh, 0xb 0x14096: jne 0x140b8 0x14098: cmp dl, 6 0x1409b: jne 0x140b8 0x1409d: mov ah, 0x19 0x1409f: int 0x21 0x140a1: mov dx, 0 0x140a4: mov cx, 0x10 0x140a7: mov bx, 0 0x140aa: int 0x26 0x140ac: mov ah, 9 0x140ae: mov dx, 0x189 0x140b1: int 0x21 0x140b3: jmp 0x140b3 0x140b5: jmp 0x1442f 0x140b8: mov ax, 0xffff 0x140bb: mov ds, ax 0x140bd: push cs 0x140be: pop es 0x140bf: xor si, si |
| 2018-12-25T11:48:21.42069355Z | 25 | PC: 140a1 | Get default drive |
| 2018-12-25T11:48:21.511522524Z | 9 | PC: 140b3 | Display string (Could not find end pointer) |