{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5143,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:53:47.464395896Z | 84 | PC: 12fa6 | Get verify flag |
| 2018-12-25T11:53:47.466742006Z | 53 | PC: 12fd5 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:53:47.467917418Z | 37 | PC: 12fe5 | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:53:47.469224514Z | 42 | PC: 12fed | Get date 0x12fed: cmp dh, dl 0x12fef: jne 0x1300c 0x12ff1: mov ah, 0x3c 0x12ff3: lea dx, word ptr [bp + 0x17d] 0x12ff7: xor cx, cx 0x12ff9: int 0x21 0x12ffb: mov bx, ax 0x12ffd: mov ah, 0x40 0x12fff: mov cx, 0x2bc 0x13002: lea dx, word ptr [bp + 0x18b] 0x13006: int 0x21 0x13008: mov ah, 0x3e 0x1300a: int 0x21 0x1300c: ret 0x1300d: and word ptr [bp + si + 0x55], cx 0x13010: inc sp 0x13011: pop cx 0x13012: inc bx 0x13014: dec di 0x13015: dec bp |
| 2018-12-25T11:53:47.472536331Z | 60 | PC: 12ffb | Create or truncate file |
| 2018-12-25T11:53:47.486221898Z | 64 | PC: 13008 | Write file or device (Write 700 bytes on handle 5) |
| 2018-12-25T11:53:47.494140438Z | 62 | PC: 1300c | Close file |
| 2018-12-25T11:53:47.503429503Z | 25 | PC: 12f7e | Get default drive |
| 2018-12-25T11:53:47.505196567Z | 9 | PC: 12a8b | Display string (Could not find end pointer) |
| 2018-12-25T11:53:47.508430348Z | 42 | PC: 12ad0 | Get date 0x12ad0: push cx 0x12ad1: push dx 0x12ad2: mov ah, al 0x12ad4: mov si, 0x511 0x12ad7: mov dx, 0xba 0x12ada: call 0x12bdf 0x12add: pop ax 0x12ade: push ax 0x12adf: cwde 0x12ae0: push ax 0x12ae1: mov dx, 0xde 0x12ae4: call 0x12c0b 0x12ae7: pop ax 0x12ae8: aam 0x12aea: mov bx, 0x5448 0x12aed: cmp ah, 1 0x12af0: je 0x12b08 0x12af2: cmp al, 3 0x12af4: ja 0x12b08 0x12af6: or al, al |
| 2018-12-25T11:53:47.511669573Z | 25 | PC: 12b83 | Get default drive |
| 2018-12-25T11:53:47.512805683Z | 54 | PC: 12b90 | Get free disk space |
| 2018-12-25T11:53:47.522141446Z | 76 | PC: 12bdf | Terminate with return code (Return code = '0') |
{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5143,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:53:47.603222806Z | 84 | PC: 12fa6 | Get verify flag |
| 2018-12-25T11:53:47.604768888Z | 53 | PC: 12fd5 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:53:47.606173395Z | 37 | PC: 12fe5 | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:53:47.607501814Z | 42 | PC: 12fed | Get date 0x12fed: cmp dh, dl 0x12fef: jne 0x1300c 0x12ff1: mov ah, 0x3c 0x12ff3: lea dx, word ptr [bp + 0x17d] 0x12ff7: xor cx, cx 0x12ff9: int 0x21 0x12ffb: mov bx, ax 0x12ffd: mov ah, 0x40 0x12fff: mov cx, 0x2bc 0x13002: lea dx, word ptr [bp + 0x18b] 0x13006: int 0x21 0x13008: mov ah, 0x3e 0x1300a: int 0x21 0x1300c: ret 0x1300d: and word ptr [bp + si + 0x55], cx 0x13010: inc sp 0x13011: pop cx 0x13012: inc bx 0x13014: dec di 0x13015: dec bp |
| 2018-12-25T11:53:47.611198178Z | 25 | PC: 12f7e | Get default drive |
| 2018-12-25T11:53:47.615364731Z | 9 | PC: 12a8b | Display string (Could not find end pointer) |
| 2018-12-25T11:53:47.618871141Z | 42 | PC: 12ad0 | Get date 0x12ad0: push cx 0x12ad1: push dx 0x12ad2: mov ah, al 0x12ad4: mov si, 0x511 0x12ad7: mov dx, 0xba 0x12ada: call 0x12bdf 0x12add: pop ax 0x12ade: push ax 0x12adf: cwde 0x12ae0: push ax 0x12ae1: mov dx, 0xde 0x12ae4: call 0x12c0b 0x12ae7: pop ax 0x12ae8: aam 0x12aea: mov bx, 0x5448 0x12aed: cmp ah, 1 0x12af0: je 0x12b08 0x12af2: cmp al, 3 0x12af4: ja 0x12b08 0x12af6: or al, al |
| 2018-12-25T11:53:47.621581872Z | 25 | PC: 12b83 | Get default drive |
| 2018-12-25T11:53:47.623097137Z | 54 | PC: 12b90 | Get free disk space |
| 2018-12-25T11:53:47.633637431Z | 76 | PC: 12bdf | Terminate with return code (Return code = '0') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5143,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:53:47.844436651Z | 84 | PC: 12fa6 | Get verify flag |
| 2018-12-25T11:53:47.846386881Z | 53 | PC: 12fd5 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:53:47.84902934Z | 37 | PC: 12fe5 | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:53:47.850517985Z | 42 | PC: 12fed | Get date 0x12fed: cmp dh, dl 0x12fef: jne 0x1300c 0x12ff1: mov ah, 0x3c 0x12ff3: lea dx, word ptr [bp + 0x17d] 0x12ff7: xor cx, cx 0x12ff9: int 0x21 0x12ffb: mov bx, ax 0x12ffd: mov ah, 0x40 0x12fff: mov cx, 0x2bc 0x13002: lea dx, word ptr [bp + 0x18b] 0x13006: int 0x21 0x13008: mov ah, 0x3e 0x1300a: int 0x21 0x1300c: ret 0x1300d: and word ptr [bp + si + 0x55], cx 0x13010: inc sp 0x13011: pop cx 0x13012: inc bx 0x13014: dec di 0x13015: dec bp |
| 2018-12-25T11:53:47.85304311Z | 60 | PC: 12ffb | Create or truncate file |
| 2018-12-25T11:53:47.872432245Z | 64 | PC: 13008 | Write file or device (Write 700 bytes on handle 5) |
| 2018-12-25T11:53:47.882014931Z | 62 | PC: 1300c | Close file |
| 2018-12-25T11:53:47.892979701Z | 25 | PC: 12f7e | Get default drive |
| 2018-12-25T11:53:47.895979113Z | 9 | PC: 12a8b | Display string (Could not find end pointer) |
| 2018-12-25T11:53:47.89956432Z | 42 | PC: 12ad0 | Get date 0x12ad0: push cx 0x12ad1: push dx 0x12ad2: mov ah, al 0x12ad4: mov si, 0x511 0x12ad7: mov dx, 0xba 0x12ada: call 0x12bdf 0x12add: pop ax 0x12ade: push ax 0x12adf: cwde 0x12ae0: push ax 0x12ae1: mov dx, 0xde 0x12ae4: call 0x12c0b 0x12ae7: pop ax 0x12ae8: aam 0x12aea: mov bx, 0x5448 0x12aed: cmp ah, 1 0x12af0: je 0x12b08 0x12af2: cmp al, 3 0x12af4: ja 0x12b08 0x12af6: or al, al |
| 2018-12-25T11:53:47.90243421Z | 25 | PC: 12b83 | Get default drive |
| 2018-12-25T11:53:47.904226094Z | 54 | PC: 12b90 | Get free disk space |
| 2018-12-25T11:53:47.917181092Z | 76 | PC: 12bdf | Terminate with return code (Return code = '0') |
{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5143,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:53:47.913512111Z | 84 | PC: 12fa6 | Get verify flag |
| 2018-12-25T11:53:47.91501093Z | 53 | PC: 12fd5 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:53:47.915974207Z | 37 | PC: 12fe5 | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:53:47.916921298Z | 42 | PC: 12fed | Get date 0x12fed: cmp dh, dl 0x12fef: jne 0x1300c 0x12ff1: mov ah, 0x3c 0x12ff3: lea dx, word ptr [bp + 0x17d] 0x12ff7: xor cx, cx 0x12ff9: int 0x21 0x12ffb: mov bx, ax 0x12ffd: mov ah, 0x40 0x12fff: mov cx, 0x2bc 0x13002: lea dx, word ptr [bp + 0x18b] 0x13006: int 0x21 0x13008: mov ah, 0x3e 0x1300a: int 0x21 0x1300c: ret 0x1300d: and word ptr [bp + si + 0x55], cx 0x13010: inc sp 0x13011: pop cx 0x13012: inc bx 0x13014: dec di 0x13015: dec bp |
| 2018-12-25T11:53:47.920619473Z | 25 | PC: 12f7e | Get default drive |
| 2018-12-25T11:53:47.922208621Z | 9 | PC: 12a8b | Display string (Could not find end pointer) |
| 2018-12-25T11:53:47.926155996Z | 42 | PC: 12ad0 | Get date 0x12ad0: push cx 0x12ad1: push dx 0x12ad2: mov ah, al 0x12ad4: mov si, 0x511 0x12ad7: mov dx, 0xba 0x12ada: call 0x12bdf 0x12add: pop ax 0x12ade: push ax 0x12adf: cwde 0x12ae0: push ax 0x12ae1: mov dx, 0xde 0x12ae4: call 0x12c0b 0x12ae7: pop ax 0x12ae8: aam 0x12aea: mov bx, 0x5448 0x12aed: cmp ah, 1 0x12af0: je 0x12b08 0x12af2: cmp al, 3 0x12af4: ja 0x12b08 0x12af6: or al, al |
| 2018-12-25T11:53:47.929204603Z | 25 | PC: 12b83 | Get default drive |
| 2018-12-25T11:53:47.930999705Z | 54 | PC: 12b90 | Get free disk space |
| 2018-12-25T11:53:47.937550069Z | 76 | PC: 12bdf | Terminate with return code (Return code = '0') |