{"DateBased":true,"Day":7,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6057,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:58:18.00358172Z | 42 | PC: 12a98 | Get date 0x12a98: cmp al, 1 0x12a9a: jne 0x12ac4 0x12a9c: cmp dl, 0x10 0x12a9f: jne 0x12ac4 0x12aa1: mov ah, 0x19 0x12aa3: int 0x21 0x12aa5: lea bx, word ptr [bp + 0x2bb] 0x12aa9: mov cx, 1 0x12aac: xor dx, dx 0x12aae: int 0x26 0x12ab0: jb 0x12ab3 0x12ab2: popf 0x12ab3: lea dx, word ptr [bp + 0x2eb] 0x12ab7: mov ah, 9 0x12ab9: int 0x21 0x12abb: int 5 0x12abd: xor ah, ah 0x12abf: int 0x16 0x12ac1: jmp 0x12d1f 0x12ac4: lea si, word ptr [bp + 0x46c] |
| 2018-12-25T11:58:18.006636933Z | 71 | PC: 12ace | Get current directory |
| 2018-12-25T11:58:18.010212804Z | 71 | PC: 12ad8 | Get current directory |
| 2018-12-25T11:58:18.013232967Z | 47 | PC: 12b47 | Get disk transfer address |
| 2018-12-25T11:58:18.015952563Z | 26 | PC: 12b59 | Set disk transfer address |
| 2018-12-25T11:58:18.017206773Z | 78 | PC: 12b66 | Find first file |
| 2018-12-25T11:58:18.022114208Z | 78 | PC: 12c76 | Find first file |
| 2018-12-25T11:58:18.026872341Z | 67 | PC: 12c8f | Get or set file attributes |
| 2018-12-25T11:58:18.039645649Z | 61 | PC: 12ca6 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:58:18.045270702Z | 63 | PC: 12cb3 | Read file or device (Read 2 bytes on handle 5) |
| 2018-12-25T11:58:18.050164038Z | 66 | PC: 12c6a | Move file pointer |
| 2018-12-25T11:58:18.051472334Z | 63 | PC: 12cd6 | Read file or device (Read 15 bytes on handle 5) |
| 2018-12-25T11:58:18.054013483Z | 66 | PC: 12cdf | Move file pointer |
| 2018-12-25T11:58:18.055079541Z | 64 | PC: 12cf5 | Write file or device (Write 1020 bytes on handle 5) |
| 2018-12-25T11:58:18.06267715Z | 66 | PC: 12c6a | Move file pointer (See above) |
| 2018-12-25T11:58:18.064424798Z | 64 | PC: 12d04 | Write file or device (Write 15 bytes on handle 5) |
| 2018-12-25T11:58:18.071468286Z | 62 | PC: 12d09 | Close file |
| 2018-12-25T11:58:18.084491514Z | 67 | PC: 12c60 | Get or set file attributes |
| 2018-12-25T11:58:18.087633334Z | 79 | PC: 12c7f | Find next file |
| 2018-12-25T11:58:18.089546453Z | 67 | PC: 12c8f | Get or set file attributes (See above) |
| 2018-12-25T11:58:18.100941056Z | 61 | PC: 12ca6 | Open file (See above) |
| 2018-12-25T11:58:18.107608203Z | 63 | PC: 12cb3 | Read file or device (See above) |
| 2018-12-25T11:58:18.113930108Z | 66 | PC: 12c6a | Move file pointer (See above) |
| 2018-12-25T11:58:18.116711521Z | 63 | PC: 12cd6 | Read file or device (See above) |
| 2018-12-25T11:58:18.119353462Z | 66 | PC: 12cdf | Move file pointer (See above) |
| 2018-12-25T11:58:18.120780253Z | 64 | PC: 12cf5 | Write file or device (See above) |
| 2018-12-25T11:58:18.130873346Z | 66 | PC: 12c6a | Move file pointer (See above) |
| 2018-12-25T11:58:18.13243934Z | 64 | PC: 12d04 | Write file or device (See above) |
| 2018-12-25T11:58:18.139717797Z | 62 | PC: 12d09 | Close file (See above) |
| 2018-12-25T11:58:18.149587047Z | 67 | PC: 12c60 | Get or set file attributes (See above) |
| 2018-12-25T11:58:18.16228795Z | 79 | PC: 12c7f | Find next file (See above) |
| 2018-12-25T11:58:18.164987967Z | 67 | PC: 12c8f | Get or set file attributes (See above) |
| 2018-12-25T11:58:18.175010286Z | 61 | PC: 12ca6 | Open file (See above) |
| 2018-12-25T11:58:18.181963436Z | 63 | PC: 12cb3 | Read file or device (See above) |
| 2018-12-25T11:58:18.188051663Z | 66 | PC: 12c6a | Move file pointer (See above) |
| 2018-12-25T11:58:18.189498539Z | 63 | PC: 12cd6 | Read file or device (See above) |
| 2018-12-25T11:58:18.193303849Z | 66 | PC: 12cdf | Move file pointer (See above) |
| 2018-12-25T11:58:18.194704531Z | 64 | PC: 12cf5 | Write file or device (See above) |
| 2018-12-25T11:58:18.203006202Z | 66 | PC: 12c6a | Move file pointer (See above) |
| 2018-12-25T11:58:18.205509701Z | 64 | PC: 12d04 | Write file or device (See above) |
| 2018-12-25T11:58:18.21241455Z | 62 | PC: 12d09 | Close file (See above) |
| 2018-12-25T11:58:18.221553271Z | 67 | PC: 12c60 | Get or set file attributes (See above) |
| 2018-12-25T11:58:18.227672481Z | 26 | PC: 12d1c | Set disk transfer address |
| 2018-12-25T11:58:18.229545192Z | 59 | PC: 12af6 | Change current directory |
| 2018-12-25T11:58:18.234559419Z | 59 | PC: 12b02 | Change current directory |
| 2018-12-25T11:58:18.236669172Z | 76 | PC: 12a45 | Terminate with return code (Return code = '0') |
{"DateBased":true,"Day":16,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6057,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:58:18.06154204Z | 42 | PC: 12a98 | Get date 0x12a98: cmp al, 1 0x12a9a: jne 0x12ac4 0x12a9c: cmp dl, 0x10 0x12a9f: jne 0x12ac4 0x12aa1: mov ah, 0x19 0x12aa3: int 0x21 0x12aa5: lea bx, word ptr [bp + 0x2bb] 0x12aa9: mov cx, 1 0x12aac: xor dx, dx 0x12aae: int 0x26 0x12ab0: jb 0x12ab3 0x12ab2: popf 0x12ab3: lea dx, word ptr [bp + 0x2eb] 0x12ab7: mov ah, 9 0x12ab9: int 0x21 0x12abb: int 5 0x12abd: xor ah, ah 0x12abf: int 0x16 0x12ac1: jmp 0x12d1f 0x12ac4: lea si, word ptr [bp + 0x46c] |
| 2018-12-25T11:58:18.065702347Z | 25 | PC: 12aa5 | Get default drive |
| 2018-12-25T11:58:18.079424194Z | 9 | PC: 12abb | Display string (String= ' Welcome to the Dark Apocalypse... Your computer will never escape... You might as well read this and weep! The Dark Apocalypse v1.00 by Crypt Keeper [RoT] ���Reign of Terror��� [DARK APOCALYPSE] Press any key to continue...') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6057,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:58:18.236181875Z | 42 | PC: 12a98 | Get date 0x12a98: cmp al, 1 0x12a9a: jne 0x12ac4 0x12a9c: cmp dl, 0x10 0x12a9f: jne 0x12ac4 0x12aa1: mov ah, 0x19 0x12aa3: int 0x21 0x12aa5: lea bx, word ptr [bp + 0x2bb] 0x12aa9: mov cx, 1 0x12aac: xor dx, dx 0x12aae: int 0x26 0x12ab0: jb 0x12ab3 0x12ab2: popf 0x12ab3: lea dx, word ptr [bp + 0x2eb] 0x12ab7: mov ah, 9 0x12ab9: int 0x21 0x12abb: int 5 0x12abd: xor ah, ah 0x12abf: int 0x16 0x12ac1: jmp 0x12d1f 0x12ac4: lea si, word ptr [bp + 0x46c] |
| 2018-12-25T11:58:18.238515328Z | 71 | PC: 12ace | Get current directory |
| 2018-12-25T11:58:18.241170116Z | 71 | PC: 12ad8 | Get current directory |
| 2018-12-25T11:58:18.243800715Z | 47 | PC: 12b47 | Get disk transfer address |
| 2018-12-25T11:58:18.245535271Z | 26 | PC: 12b59 | Set disk transfer address |
| 2018-12-25T11:58:18.247213391Z | 78 | PC: 12b66 | Find first file |
| 2018-12-25T11:58:18.255141687Z | 78 | PC: 12c76 | Find first file |
| 2018-12-25T11:58:18.27102003Z | 67 | PC: 12c8f | Get or set file attributes |
| 2018-12-25T11:58:18.286098403Z | 61 | PC: 12ca6 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:58:18.292447665Z | 63 | PC: 12cb3 | Read file or device (Read 2 bytes on handle 5) |
| 2018-12-25T11:58:18.299426937Z | 66 | PC: 12c6a | Move file pointer |
| 2018-12-25T11:58:18.301052367Z | 63 | PC: 12cd6 | Read file or device (Read 15 bytes on handle 5) |
| 2018-12-25T11:58:18.303970623Z | 66 | PC: 12cdf | Move file pointer |
| 2018-12-25T11:58:18.305966269Z | 64 | PC: 12cf5 | Write file or device (Write 1020 bytes on handle 5) |
| 2018-12-25T11:58:18.31470172Z | 66 | PC: 12c6a | Move file pointer (See above) |
| 2018-12-25T11:58:18.316251447Z | 64 | PC: 12d04 | Write file or device (Write 15 bytes on handle 5) |
| 2018-12-25T11:58:18.322757334Z | 62 | PC: 12d09 | Close file |
| 2018-12-25T11:58:18.334741948Z | 67 | PC: 12c60 | Get or set file attributes |
| 2018-12-25T11:58:18.339511309Z | 79 | PC: 12c7f | Find next file |
| 2018-12-25T11:58:18.342255878Z | 67 | PC: 12c8f | Get or set file attributes (See above) |
| 2018-12-25T11:58:18.352167405Z | 61 | PC: 12ca6 | Open file (See above) |
| 2018-12-25T11:58:18.358690365Z | 63 | PC: 12cb3 | Read file or device (See above) |
| 2018-12-25T11:58:18.364979856Z | 66 | PC: 12c6a | Move file pointer (See above) |
| 2018-12-25T11:58:18.367943085Z | 63 | PC: 12cd6 | Read file or device (See above) |
| 2018-12-25T11:58:18.371009088Z | 66 | PC: 12cdf | Move file pointer (See above) |
| 2018-12-25T11:58:18.372905719Z | 64 | PC: 12cf5 | Write file or device (See above) |
| 2018-12-25T11:58:18.382308208Z | 66 | PC: 12c6a | Move file pointer (See above) |
| 2018-12-25T11:58:18.384950575Z | 64 | PC: 12d04 | Write file or device (See above) |
| 2018-12-25T11:58:18.391660676Z | 62 | PC: 12d09 | Close file (See above) |
| 2018-12-25T11:58:18.401901816Z | 67 | PC: 12c60 | Get or set file attributes (See above) |
| 2018-12-25T11:58:18.406349525Z | 79 | PC: 12c7f | Find next file (See above) |
| 2018-12-25T11:58:18.408394715Z | 67 | PC: 12c8f | Get or set file attributes (See above) |
| 2018-12-25T11:58:18.41535838Z | 61 | PC: 12ca6 | Open file (See above) |
| 2018-12-25T11:58:18.420132422Z | 63 | PC: 12cb3 | Read file or device (See above) |
| 2018-12-25T11:58:18.424381871Z | 66 | PC: 12c6a | Move file pointer (See above) |
| 2018-12-25T11:58:18.425748132Z | 63 | PC: 12cd6 | Read file or device (See above) |
| 2018-12-25T11:58:18.427844679Z | 66 | PC: 12cdf | Move file pointer (See above) |
| 2018-12-25T11:58:18.43116854Z | 64 | PC: 12cf5 | Write file or device (See above) |
| 2018-12-25T11:58:18.438069401Z | 66 | PC: 12c6a | Move file pointer (See above) |
| 2018-12-25T11:58:18.439526388Z | 64 | PC: 12d04 | Write file or device (See above) |
| 2018-12-25T11:58:18.443853089Z | 62 | PC: 12d09 | Close file (See above) |
| 2018-12-25T11:58:18.453017266Z | 67 | PC: 12c60 | Get or set file attributes (See above) |
| 2018-12-25T11:58:18.462667591Z | 26 | PC: 12d1c | Set disk transfer address |
| 2018-12-25T11:58:18.464099575Z | 59 | PC: 12af6 | Change current directory |
| 2018-12-25T11:58:18.473737415Z | 59 | PC: 12b02 | Change current directory |
| 2018-12-25T11:58:18.476459505Z | 76 | PC: 12a45 | Terminate with return code (Return code = '0') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6057,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:58:18.328859002Z | 42 | PC: 12a98 | Get date 0x12a98: cmp al, 1 0x12a9a: jne 0x12ac4 0x12a9c: cmp dl, 0x10 0x12a9f: jne 0x12ac4 0x12aa1: mov ah, 0x19 0x12aa3: int 0x21 0x12aa5: lea bx, word ptr [bp + 0x2bb] 0x12aa9: mov cx, 1 0x12aac: xor dx, dx 0x12aae: int 0x26 0x12ab0: jb 0x12ab3 0x12ab2: popf 0x12ab3: lea dx, word ptr [bp + 0x2eb] 0x12ab7: mov ah, 9 0x12ab9: int 0x21 0x12abb: int 5 0x12abd: xor ah, ah 0x12abf: int 0x16 0x12ac1: jmp 0x12d1f 0x12ac4: lea si, word ptr [bp + 0x46c] |
| 2018-12-25T11:58:18.331084106Z | 71 | PC: 12ace | Get current directory |
| 2018-12-25T11:58:18.33301824Z | 71 | PC: 12ad8 | Get current directory |
| 2018-12-25T11:58:18.335072008Z | 47 | PC: 12b47 | Get disk transfer address |
| 2018-12-25T11:58:18.336714178Z | 26 | PC: 12b59 | Set disk transfer address |
| 2018-12-25T11:58:18.337653057Z | 78 | PC: 12b66 | Find first file |
| 2018-12-25T11:58:18.341430918Z | 78 | PC: 12c76 | Find first file |
| 2018-12-25T11:58:18.345861029Z | 67 | PC: 12c8f | Get or set file attributes |
| 2018-12-25T11:58:18.362652012Z | 61 | PC: 12ca6 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:58:18.38306566Z | 63 | PC: 12cb3 | Read file or device (Read 2 bytes on handle 5) |
| 2018-12-25T11:58:18.391820987Z | 66 | PC: 12c6a | Move file pointer |
| 2018-12-25T11:58:18.394396965Z | 63 | PC: 12cd6 | Read file or device (Read 15 bytes on handle 5) |
| 2018-12-25T11:58:18.397299042Z | 66 | PC: 12cdf | Move file pointer |
| 2018-12-25T11:58:18.399086395Z | 64 | PC: 12cf5 | Write file or device (Write 1020 bytes on handle 5) |
| 2018-12-25T11:58:18.408360214Z | 66 | PC: 12c6a | Move file pointer (See above) |
| 2018-12-25T11:58:18.409615022Z | 64 | PC: 12d04 | Write file or device (Write 15 bytes on handle 5) |
| 2018-12-25T11:58:18.41669555Z | 62 | PC: 12d09 | Close file |
| 2018-12-25T11:58:18.425258072Z | 67 | PC: 12c60 | Get or set file attributes |
| 2018-12-25T11:58:18.430055549Z | 79 | PC: 12c7f | Find next file |
| 2018-12-25T11:58:18.432837936Z | 67 | PC: 12c8f | Get or set file attributes (See above) |
| 2018-12-25T11:58:18.442583435Z | 61 | PC: 12ca6 | Open file (See above) |
| 2018-12-25T11:58:18.448995786Z | 63 | PC: 12cb3 | Read file or device (See above) |
| 2018-12-25T11:58:18.45553464Z | 66 | PC: 12c6a | Move file pointer (See above) |
| 2018-12-25T11:58:18.472158176Z | 63 | PC: 12cd6 | Read file or device (See above) |
| 2018-12-25T11:58:18.474832276Z | 66 | PC: 12cdf | Move file pointer (See above) |
| 2018-12-25T11:58:18.47647548Z | 64 | PC: 12cf5 | Write file or device (See above) |
| 2018-12-25T11:58:18.485536459Z | 66 | PC: 12c6a | Move file pointer (See above) |
| 2018-12-25T11:58:18.487012789Z | 64 | PC: 12d04 | Write file or device (See above) |
| 2018-12-25T11:58:18.493378656Z | 62 | PC: 12d09 | Close file (See above) |
| 2018-12-25T11:58:18.50177879Z | 67 | PC: 12c60 | Get or set file attributes (See above) |
| 2018-12-25T11:58:18.506678133Z | 79 | PC: 12c7f | Find next file (See above) |
| 2018-12-25T11:58:18.509569244Z | 67 | PC: 12c8f | Get or set file attributes (See above) |
| 2018-12-25T11:58:18.519350196Z | 61 | PC: 12ca6 | Open file (See above) |
| 2018-12-25T11:58:18.52684164Z | 63 | PC: 12cb3 | Read file or device (See above) |
| 2018-12-25T11:58:18.534148354Z | 66 | PC: 12c6a | Move file pointer (See above) |
| 2018-12-25T11:58:18.535765577Z | 63 | PC: 12cd6 | Read file or device (See above) |
| 2018-12-25T11:58:18.539518854Z | 66 | PC: 12cdf | Move file pointer (See above) |
| 2018-12-25T11:58:18.54126068Z | 64 | PC: 12cf5 | Write file or device (See above) |
| 2018-12-25T11:58:18.554667543Z | 66 | PC: 12c6a | Move file pointer (See above) |
| 2018-12-25T11:58:18.556718512Z | 64 | PC: 12d04 | Write file or device (See above) |
| 2018-12-25T11:58:18.563298823Z | 62 | PC: 12d09 | Close file (See above) |
| 2018-12-25T11:58:18.571393276Z | 67 | PC: 12c60 | Get or set file attributes (See above) |
| 2018-12-25T11:58:18.576219073Z | 26 | PC: 12d1c | Set disk transfer address |
| 2018-12-25T11:58:18.578307512Z | 59 | PC: 12af6 | Change current directory |
| 2018-12-25T11:58:18.582484753Z | 59 | PC: 12b02 | Change current directory |
| 2018-12-25T11:58:18.584249471Z | 76 | PC: 12a45 | Terminate with return code (Return code = '0') |
{"DateBased":true,"Day":7,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6057,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:58:18.534432857Z | 42 | PC: 12a98 | Get date 0x12a98: cmp al, 1 0x12a9a: jne 0x12ac4 0x12a9c: cmp dl, 0x10 0x12a9f: jne 0x12ac4 0x12aa1: mov ah, 0x19 0x12aa3: int 0x21 0x12aa5: lea bx, word ptr [bp + 0x2bb] 0x12aa9: mov cx, 1 0x12aac: xor dx, dx 0x12aae: int 0x26 0x12ab0: jb 0x12ab3 0x12ab2: popf 0x12ab3: lea dx, word ptr [bp + 0x2eb] 0x12ab7: mov ah, 9 0x12ab9: int 0x21 0x12abb: int 5 0x12abd: xor ah, ah 0x12abf: int 0x16 0x12ac1: jmp 0x12d1f 0x12ac4: lea si, word ptr [bp + 0x46c] |
| 2018-12-25T11:58:18.54382626Z | 71 | PC: 12ace | Get current directory |
| 2018-12-25T11:58:18.54695158Z | 71 | PC: 12ad8 | Get current directory |
| 2018-12-25T11:58:18.550142069Z | 47 | PC: 12b47 | Get disk transfer address |
| 2018-12-25T11:58:18.552187159Z | 26 | PC: 12b59 | Set disk transfer address |
| 2018-12-25T11:58:18.553889001Z | 78 | PC: 12b66 | Find first file |
| 2018-12-25T11:58:18.560852389Z | 78 | PC: 12c76 | Find first file |
| 2018-12-25T11:58:18.567571412Z | 67 | PC: 12c8f | Get or set file attributes |
| 2018-12-25T11:58:18.593492141Z | 61 | PC: 12ca6 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:58:18.6038786Z | 63 | PC: 12cb3 | Read file or device (Read 2 bytes on handle 5) |
| 2018-12-25T11:58:18.612503367Z | 66 | PC: 12c6a | Move file pointer |
| 2018-12-25T11:58:18.616614562Z | 63 | PC: 12cd6 | Read file or device (Read 15 bytes on handle 5) |
| 2018-12-25T11:58:18.619374876Z | 66 | PC: 12cdf | Move file pointer |
| 2018-12-25T11:58:18.620955429Z | 64 | PC: 12cf5 | Write file or device (Write 1020 bytes on handle 5) |
| 2018-12-25T11:58:18.63145559Z | 66 | PC: 12c6a | Move file pointer (See above) |
| 2018-12-25T11:58:18.633075533Z | 64 | PC: 12d04 | Write file or device (Write 15 bytes on handle 5) |
| 2018-12-25T11:58:18.640353774Z | 62 | PC: 12d09 | Close file |
| 2018-12-25T11:58:18.654562223Z | 67 | PC: 12c60 | Get or set file attributes |
| 2018-12-25T11:58:18.659995763Z | 79 | PC: 12c7f | Find next file |
| 2018-12-25T11:58:18.662962106Z | 67 | PC: 12c8f | Get or set file attributes (See above) |
| 2018-12-25T11:58:18.674993725Z | 61 | PC: 12ca6 | Open file (See above) |
| 2018-12-25T11:58:18.682445177Z | 63 | PC: 12cb3 | Read file or device (See above) |
| 2018-12-25T11:58:18.689664403Z | 66 | PC: 12c6a | Move file pointer (See above) |
| 2018-12-25T11:58:18.692833525Z | 63 | PC: 12cd6 | Read file or device (See above) |
| 2018-12-25T11:58:18.696338221Z | 66 | PC: 12cdf | Move file pointer (See above) |
| 2018-12-25T11:58:18.698384347Z | 64 | PC: 12cf5 | Write file or device (See above) |
| 2018-12-25T11:58:18.708565021Z | 66 | PC: 12c6a | Move file pointer (See above) |
| 2018-12-25T11:58:18.710158269Z | 64 | PC: 12d04 | Write file or device (See above) |
| 2018-12-25T11:58:18.717540863Z | 62 | PC: 12d09 | Close file (See above) |
| 2018-12-25T11:58:18.72613373Z | 67 | PC: 12c60 | Get or set file attributes (See above) |
| 2018-12-25T11:58:18.729853162Z | 79 | PC: 12c7f | Find next file (See above) |
| 2018-12-25T11:58:18.735420756Z | 67 | PC: 12c8f | Get or set file attributes (See above) |
| 2018-12-25T11:58:18.747797569Z | 61 | PC: 12ca6 | Open file (See above) |
| 2018-12-25T11:58:18.756422036Z | 63 | PC: 12cb3 | Read file or device (See above) |
| 2018-12-25T11:58:18.763890845Z | 66 | PC: 12c6a | Move file pointer (See above) |
| 2018-12-25T11:58:18.765621096Z | 63 | PC: 12cd6 | Read file or device (See above) |
| 2018-12-25T11:58:18.769183658Z | 66 | PC: 12cdf | Move file pointer (See above) |
| 2018-12-25T11:58:18.771300259Z | 64 | PC: 12cf5 | Write file or device (See above) |
| 2018-12-25T11:58:18.781693475Z | 66 | PC: 12c6a | Move file pointer (See above) |
| 2018-12-25T11:58:18.784781742Z | 64 | PC: 12d04 | Write file or device (See above) |
| 2018-12-25T11:58:18.79234375Z | 62 | PC: 12d09 | Close file (See above) |
| 2018-12-25T11:58:18.802220161Z | 67 | PC: 12c60 | Get or set file attributes (See above) |
| 2018-12-25T11:58:18.808370475Z | 26 | PC: 12d1c | Set disk transfer address |
| 2018-12-25T11:58:18.809899875Z | 59 | PC: 12af6 | Change current directory |
| 2018-12-25T11:58:18.814811042Z | 59 | PC: 12b02 | Change current directory |
| 2018-12-25T11:58:18.817222676Z | 76 | PC: 12a45 | Terminate with return code (Return code = '0') |
{"DateBased":true,"Day":16,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6057,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:58:19.515986458Z | 42 | PC: 12a98 | Get date 0x12a98: cmp al, 1 0x12a9a: jne 0x12ac4 0x12a9c: cmp dl, 0x10 0x12a9f: jne 0x12ac4 0x12aa1: mov ah, 0x19 0x12aa3: int 0x21 0x12aa5: lea bx, word ptr [bp + 0x2bb] 0x12aa9: mov cx, 1 0x12aac: xor dx, dx 0x12aae: int 0x26 0x12ab0: jb 0x12ab3 0x12ab2: popf 0x12ab3: lea dx, word ptr [bp + 0x2eb] 0x12ab7: mov ah, 9 0x12ab9: int 0x21 0x12abb: int 5 0x12abd: xor ah, ah 0x12abf: int 0x16 0x12ac1: jmp 0x12d1f 0x12ac4: lea si, word ptr [bp + 0x46c] |
| 2018-12-25T11:58:19.518635055Z | 25 | PC: 12aa5 | Get default drive |
| 2018-12-25T11:58:19.533999075Z | 9 | PC: 12abb | Display string (String= ' Welcome to the Dark Apocalypse... Your computer will never escape... You might as well read this and weep! The Dark Apocalypse v1.00 by Crypt Keeper [RoT] ���Reign of Terror��� [DARK APOCALYPSE] Press any key to continue...') |