{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":7497,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:01:49.893129217Z | 42 | PC: 12a77 | Get date 0x12a77: cmp cx, 0x7bc 0x12a7b: jle 0x12a8d 0x12a7d: jmp 0x12a80 0x12a7f: nop 0x12a80: mov ah, 0x2a 0x12a82: int 0x21 0x12a84: cmp dx, 0xb19 0x12a88: je 0x12acb 0x12a8a: jmp 0x12a99 0x12a8c: nop 0x12a8d: mov ah, 0x2c 0x12a8f: int 0x21 0x12a91: cmp cl, 0x1e 0x12a94: jge 0x12ab2 0x12a96: jmp 0x12a99 0x12a98: nop 0x12a99: mov dx, 0x2df 0x12a9c: mov ah, 0x4e 0x12a9e: xor cx, cx 0x12aa0: int 0x21 |
| 2018-12-25T12:01:49.894995672Z | 44 | PC: 12a91 | Get time 0x12a91: cmp cl, 0x1e 0x12a94: jge 0x12ab2 0x12a96: jmp 0x12a99 0x12a98: nop 0x12a99: mov dx, 0x2df 0x12a9c: mov ah, 0x4e 0x12a9e: xor cx, cx 0x12aa0: int 0x21 0x12aa2: jb 0x12aa7 0x12aa4: jmp 0x12b08 0x12aa6: nop 0x12aa7: mov dx, 0x2e3 0x12aaa: mov ah, 0x3b 0x12aac: int 0x21 0x12aae: jb 0x12af7 0x12ab0: jmp 0x12a99 0x12ab2: push ax 0x12ab3: push bx 0x12ab4: mov bx, 0x268 0x12ab7: call 0x12ad8 |
| 2018-12-25T12:01:49.897089777Z | 78 | PC: 12aa2 | Find first file |
| 2018-12-25T12:01:49.903706306Z | 61 | PC: 12b29 | Open file (Filename = '*.*') |
| 2018-12-25T12:01:49.909265362Z | 62 | PC: 12b34 | Close file |
| 2018-12-25T12:01:49.911215077Z | 79 | PC: 12ac3 | Find next file |
| 2018-12-25T12:01:49.913933868Z | 61 | PC: 12b29 | Open file (See above) |
| 2018-12-25T12:01:49.919526176Z | 62 | PC: 12b34 | Close file (See above) |
| 2018-12-25T12:01:49.921239148Z | 79 | PC: 12ac3 | Find next file (See above) |
| 2018-12-25T12:01:49.924018284Z | 61 | PC: 12b29 | Open file (See above) |
| 2018-12-25T12:01:49.929524131Z | 62 | PC: 12b34 | Close file (See above) |
| 2018-12-25T12:01:49.931394741Z | 79 | PC: 12ac3 | Find next file (See above) |
| 2018-12-25T12:01:49.933997097Z | 61 | PC: 12b29 | Open file (See above) |
| 2018-12-25T12:01:49.939224969Z | 62 | PC: 12b34 | Close file (See above) |
| 2018-12-25T12:01:49.941245978Z | 79 | PC: 12ac3 | Find next file (See above) |
| 2018-12-25T12:01:49.94373849Z | 61 | PC: 12b29 | Open file (See above) |
| 2018-12-25T12:01:49.948996298Z | 62 | PC: 12b34 | Close file (See above) |
| 2018-12-25T12:01:49.951063213Z | 79 | PC: 12ac3 | Find next file (See above) |
| 2018-12-25T12:01:49.953755881Z | 61 | PC: 12b29 | Open file (See above) |
| 2018-12-25T12:01:49.958975158Z | 62 | PC: 12b34 | Close file (See above) |
| 2018-12-25T12:01:49.960854992Z | 79 | PC: 12ac3 | Find next file (See above) |
| 2018-12-25T12:01:49.964465298Z | 61 | PC: 12b29 | Open file (See above) |
| 2018-12-25T12:01:49.969874541Z | 62 | PC: 12b34 | Close file (See above) |
| 2018-12-25T12:01:49.97200621Z | 79 | PC: 12ac3 | Find next file (See above) |
| 2018-12-25T12:01:49.97470525Z | 61 | PC: 12b29 | Open file (See above) |
| 2018-12-25T12:01:49.980069959Z | 62 | PC: 12b34 | Close file (See above) |
| 2018-12-25T12:01:49.982063446Z | 79 | PC: 12ac3 | Find next file (See above) |
| 2018-12-25T12:01:49.984899576Z | 61 | PC: 12b29 | Open file (See above) |
| 2018-12-25T12:01:49.990331522Z | 62 | PC: 12b34 | Close file (See above) |
| 2018-12-25T12:01:49.995722293Z | 79 | PC: 12ac3 | Find next file (See above) |
| 2018-12-25T12:01:49.998552847Z | 59 | PC: 12aae | Change current directory |
| 2018-12-25T12:01:50.002940617Z | 44 | PC: 12afb | Get time 0x12afb: cmp dh, 0xa 0x12afe: ja 0x12b06 0x12b00: mov bx, 0x2b9 0x12b03: call 0x22ad8 0x12b06: int 0x20 0x12b08: mov bx, 0x80 0x12b0b: mov ax, word ptr [bx + 0x15] 0x12b0e: mov word ptr [0x2e6], ax 0x12b11: mov ax, word ptr [bx + 0x16] 0x12b14: mov word ptr [0x2e8], ax 0x12b17: mov ax, word ptr [bx + 0x18] 0x12b1a: mov word ptr [0x2ea], ax 0x12b1d: mov ax, word ptr [bx + 0x1a] 0x12b20: mov word ptr [0x2ec], ax 0x12b23: mov al, 2 0x12b25: mov ah, 0x3d 0x12b27: int 0x21 0x12b29: mov word ptr [0x2ee], ax 0x12b2c: mov bx, word ptr [0x2ee] 0x12b30: mov ah, 0x3e |
| 2018-12-25T12:01:50.005392368Z | 2 | PC: 12ae6 | Character output (Char = '0d') |
| 2018-12-25T12:01:50.007860514Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:01:50.011906877Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:01:50.014094737Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:01:50.01747272Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:01:50.020002381Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:01:50.022207975Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:01:50.025541398Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:01:50.027867433Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:01:50.030914035Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:01:50.034169359Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:01:50.03696011Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:01:50.039140553Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:01:50.041614235Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:01:50.045032566Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:01:50.047418806Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:01:50.049585884Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:01:50.051874808Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:01:50.054081839Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:01:50.056271565Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:01:50.058910808Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:01:50.06114293Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:01:50.063322475Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:01:50.066213061Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:01:50.069018052Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:01:50.071798227Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:01:50.084154538Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:01:50.086878538Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:01:50.090543617Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:01:50.093837701Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:01:50.096235352Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:01:50.098579802Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:01:50.101403033Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:01:50.104143977Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:01:50.106672683Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:01:50.110943286Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:01:50.115652898Z | 2 | PC: 12ae6 | Character output (See above) |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":7497,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:01:50.185960358Z | 42 | PC: 12a77 | Get date 0x12a77: cmp cx, 0x7bc 0x12a7b: jle 0x12a8d 0x12a7d: jmp 0x12a80 0x12a7f: nop 0x12a80: mov ah, 0x2a 0x12a82: int 0x21 0x12a84: cmp dx, 0xb19 0x12a88: je 0x12acb 0x12a8a: jmp 0x12a99 0x12a8c: nop 0x12a8d: mov ah, 0x2c 0x12a8f: int 0x21 0x12a91: cmp cl, 0x1e 0x12a94: jge 0x12ab2 0x12a96: jmp 0x12a99 0x12a98: nop 0x12a99: mov dx, 0x2df 0x12a9c: mov ah, 0x4e 0x12a9e: xor cx, cx 0x12aa0: int 0x21 |
| 2018-12-25T12:01:50.188994532Z | 44 | PC: 12a91 | Get time 0x12a91: cmp cl, 0x1e 0x12a94: jge 0x12ab2 0x12a96: jmp 0x12a99 0x12a98: nop 0x12a99: mov dx, 0x2df 0x12a9c: mov ah, 0x4e 0x12a9e: xor cx, cx 0x12aa0: int 0x21 0x12aa2: jb 0x12aa7 0x12aa4: jmp 0x12b08 0x12aa6: nop 0x12aa7: mov dx, 0x2e3 0x12aaa: mov ah, 0x3b 0x12aac: int 0x21 0x12aae: jb 0x12af7 0x12ab0: jmp 0x12a99 0x12ab2: push ax 0x12ab3: push bx 0x12ab4: mov bx, 0x268 0x12ab7: call 0x12ad8 |
| 2018-12-25T12:01:50.19132899Z | 78 | PC: 12aa2 | Find first file |
| 2018-12-25T12:01:50.198349806Z | 61 | PC: 12b29 | Open file (Filename = '*.*') |
| 2018-12-25T12:01:50.20449906Z | 62 | PC: 12b34 | Close file |
| 2018-12-25T12:01:50.206447108Z | 79 | PC: 12ac3 | Find next file |
| 2018-12-25T12:01:50.209126581Z | 61 | PC: 12b29 | Open file (See above) |
| 2018-12-25T12:01:50.214342216Z | 62 | PC: 12b34 | Close file (See above) |
| 2018-12-25T12:01:50.216704586Z | 79 | PC: 12ac3 | Find next file (See above) |
| 2018-12-25T12:01:50.219583718Z | 61 | PC: 12b29 | Open file (See above) |
| 2018-12-25T12:01:50.225380633Z | 62 | PC: 12b34 | Close file (See above) |
| 2018-12-25T12:01:50.227233643Z | 79 | PC: 12ac3 | Find next file (See above) |
| 2018-12-25T12:01:50.229948392Z | 61 | PC: 12b29 | Open file (See above) |
| 2018-12-25T12:01:50.235459341Z | 62 | PC: 12b34 | Close file (See above) |
| 2018-12-25T12:01:50.236951735Z | 79 | PC: 12ac3 | Find next file (See above) |
| 2018-12-25T12:01:50.238750299Z | 61 | PC: 12b29 | Open file (See above) |
| 2018-12-25T12:01:50.241903673Z | 62 | PC: 12b34 | Close file (See above) |
| 2018-12-25T12:01:50.243371161Z | 79 | PC: 12ac3 | Find next file (See above) |
| 2018-12-25T12:01:50.246194288Z | 61 | PC: 12b29 | Open file (See above) |
| 2018-12-25T12:01:50.251444892Z | 62 | PC: 12b34 | Close file (See above) |
| 2018-12-25T12:01:50.254091613Z | 79 | PC: 12ac3 | Find next file (See above) |
| 2018-12-25T12:01:50.25703613Z | 61 | PC: 12b29 | Open file (See above) |
| 2018-12-25T12:01:50.262551305Z | 62 | PC: 12b34 | Close file (See above) |
| 2018-12-25T12:01:50.26459792Z | 79 | PC: 12ac3 | Find next file (See above) |
| 2018-12-25T12:01:50.267348069Z | 61 | PC: 12b29 | Open file (See above) |
| 2018-12-25T12:01:50.272799045Z | 62 | PC: 12b34 | Close file (See above) |
| 2018-12-25T12:01:50.274745577Z | 79 | PC: 12ac3 | Find next file (See above) |
| 2018-12-25T12:01:50.277556096Z | 61 | PC: 12b29 | Open file (See above) |
| 2018-12-25T12:01:50.282783478Z | 62 | PC: 12b34 | Close file (See above) |
| 2018-12-25T12:01:50.284539962Z | 79 | PC: 12ac3 | Find next file (See above) |
| 2018-12-25T12:01:50.287266166Z | 59 | PC: 12aae | Change current directory |
| 2018-12-25T12:01:50.291772141Z | 44 | PC: 12afb | Get time 0x12afb: cmp dh, 0xa 0x12afe: ja 0x12b06 0x12b00: mov bx, 0x2b9 0x12b03: call 0x22ad8 0x12b06: int 0x20 0x12b08: mov bx, 0x80 0x12b0b: mov ax, word ptr [bx + 0x15] 0x12b0e: mov word ptr [0x2e6], ax 0x12b11: mov ax, word ptr [bx + 0x16] 0x12b14: mov word ptr [0x2e8], ax 0x12b17: mov ax, word ptr [bx + 0x18] 0x12b1a: mov word ptr [0x2ea], ax 0x12b1d: mov ax, word ptr [bx + 0x1a] 0x12b20: mov word ptr [0x2ec], ax 0x12b23: mov al, 2 0x12b25: mov ah, 0x3d 0x12b27: int 0x21 0x12b29: mov word ptr [0x2ee], ax 0x12b2c: mov bx, word ptr [0x2ee] 0x12b30: mov ah, 0x3e |
| 2018-12-25T12:01:50.293940136Z | 2 | PC: 12ae6 | Character output (Char = '0d') |
| 2018-12-25T12:01:50.296400558Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:01:50.301272107Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:01:50.30350089Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:01:50.306335776Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:01:50.30918602Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:01:50.311484973Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:01:50.314025893Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:01:50.316268547Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:01:50.319963684Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:01:50.32248108Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:01:50.324809369Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:01:50.326803057Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:01:50.328969076Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:01:50.331169168Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:01:50.333168606Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:01:50.335704569Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:01:50.33782548Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:01:50.339808029Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:01:50.342271102Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:01:50.344203061Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:01:50.345651836Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:01:50.347516061Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:01:50.349994071Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:01:50.352232649Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:01:50.354549006Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:01:50.356826528Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:01:50.358814675Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:01:50.362605701Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:01:50.364863675Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:01:50.367091424Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:01:50.370002255Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:01:50.372514918Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:01:50.374683064Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:01:50.376603365Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:01:50.381126734Z | 2 | PC: 12ae6 | Character output (See above) |
| 2018-12-25T12:01:50.383041739Z | 2 | PC: 12ae6 | Character output (See above) |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":11,"TimeBased":true,"OriginalID":7497,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:01:50.363550317Z | 42 | PC: 12a77 | Get date 0x12a77: cmp cx, 0x7bc 0x12a7b: jle 0x12a8d 0x12a7d: jmp 0x12a80 0x12a7f: nop 0x12a80: mov ah, 0x2a 0x12a82: int 0x21 0x12a84: cmp dx, 0xb19 0x12a88: je 0x12acb 0x12a8a: jmp 0x12a99 0x12a8c: nop 0x12a8d: mov ah, 0x2c 0x12a8f: int 0x21 0x12a91: cmp cl, 0x1e 0x12a94: jge 0x12ab2 0x12a96: jmp 0x12a99 0x12a98: nop 0x12a99: mov dx, 0x2df 0x12a9c: mov ah, 0x4e 0x12a9e: xor cx, cx 0x12aa0: int 0x21 |
| 2018-12-25T12:01:50.366558704Z | 44 | PC: 12a91 | Get time 0x12a91: cmp cl, 0x1e 0x12a94: jge 0x12ab2 0x12a96: jmp 0x12a99 0x12a98: nop 0x12a99: mov dx, 0x2df 0x12a9c: mov ah, 0x4e 0x12a9e: xor cx, cx 0x12aa0: int 0x21 0x12aa2: jb 0x12aa7 0x12aa4: jmp 0x12b08 0x12aa6: nop 0x12aa7: mov dx, 0x2e3 0x12aaa: mov ah, 0x3b 0x12aac: int 0x21 0x12aae: jb 0x12af7 0x12ab0: jmp 0x12a99 0x12ab2: push ax 0x12ab3: push bx 0x12ab4: mov bx, 0x268 0x12ab7: call 0x12ad8 |
| 2018-12-25T12:01:50.368923748Z | 78 | PC: 12aa2 | Find first file |
| 2018-12-25T12:01:50.374863466Z | 61 | PC: 12b29 | Open file (Filename = '*.*') |
| 2018-12-25T12:01:50.380916802Z | 62 | PC: 12b34 | Close file |
| 2018-12-25T12:01:50.38314118Z | 79 | PC: 12ac3 | Find next file |
| 2018-12-25T12:01:50.385898035Z | 61 | PC: 12b29 | Open file (See above) |
| 2018-12-25T12:01:50.396238319Z | 62 | PC: 12b34 | Close file (See above) |
| 2018-12-25T12:01:50.398049207Z | 79 | PC: 12ac3 | Find next file (See above) |
| 2018-12-25T12:01:50.404653333Z | 61 | PC: 12b29 | Open file (See above) |
| 2018-12-25T12:01:50.410656545Z | 62 | PC: 12b34 | Close file (See above) |
| 2018-12-25T12:01:50.412482955Z | 79 | PC: 12ac3 | Find next file (See above) |
| 2018-12-25T12:01:50.415128924Z | 61 | PC: 12b29 | Open file (See above) |
| 2018-12-25T12:01:50.420256782Z | 62 | PC: 12b34 | Close file (See above) |
| 2018-12-25T12:01:50.422882306Z | 79 | PC: 12ac3 | Find next file (See above) |
| 2018-12-25T12:01:50.428690595Z | 61 | PC: 12b29 | Open file (See above) |
| 2018-12-25T12:01:50.433800674Z | 62 | PC: 12b34 | Close file (See above) |
| 2018-12-25T12:01:50.439123643Z | 79 | PC: 12ac3 | Find next file (See above) |
| 2018-12-25T12:01:50.441678046Z | 61 | PC: 12b29 | Open file (See above) |
| 2018-12-25T12:01:50.44688146Z | 62 | PC: 12b34 | Close file (See above) |
| 2018-12-25T12:01:50.449473938Z | 79 | PC: 12ac3 | Find next file (See above) |
| 2018-12-25T12:01:50.45213934Z | 61 | PC: 12b29 | Open file (See above) |
| 2018-12-25T12:01:50.457521867Z | 62 | PC: 12b34 | Close file (See above) |
| 2018-12-25T12:01:50.466651931Z | 79 | PC: 12ac3 | Find next file (See above) |
| 2018-12-25T12:01:50.469552961Z | 61 | PC: 12b29 | Open file (See above) |
| 2018-12-25T12:01:50.475100959Z | 62 | PC: 12b34 | Close file (See above) |
| 2018-12-25T12:01:50.477619629Z | 79 | PC: 12ac3 | Find next file (See above) |
| 2018-12-25T12:01:50.480578967Z | 61 | PC: 12b29 | Open file (See above) |
| 2018-12-25T12:01:50.48596069Z | 62 | PC: 12b34 | Close file (See above) |
| 2018-12-25T12:01:50.488702319Z | 79 | PC: 12ac3 | Find next file (See above) |
| 2018-12-25T12:01:50.491457761Z | 59 | PC: 12aae | Change current directory |
| 2018-12-25T12:01:50.496466836Z | 44 | PC: 12afb | Get time 0x12afb: cmp dh, 0xa 0x12afe: ja 0x12b06 0x12b00: mov bx, 0x2b9 0x12b03: call 0x22ad8 0x12b06: int 0x20 0x12b08: mov bx, 0x80 0x12b0b: mov ax, word ptr [bx + 0x15] 0x12b0e: mov word ptr [0x2e6], ax 0x12b11: mov ax, word ptr [bx + 0x16] 0x12b14: mov word ptr [0x2e8], ax 0x12b17: mov ax, word ptr [bx + 0x18] 0x12b1a: mov word ptr [0x2ea], ax 0x12b1d: mov ax, word ptr [bx + 0x1a] 0x12b20: mov word ptr [0x2ec], ax 0x12b23: mov al, 2 0x12b25: mov ah, 0x3d 0x12b27: int 0x21 0x12b29: mov word ptr [0x2ee], ax 0x12b2c: mov bx, word ptr [0x2ee] 0x12b30: mov ah, 0x3e |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":11,"TimeBased":true,"OriginalID":7497,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:01:50.651332251Z | 42 | PC: 12a77 | Get date 0x12a77: cmp cx, 0x7bc 0x12a7b: jle 0x12a8d 0x12a7d: jmp 0x12a80 0x12a7f: nop 0x12a80: mov ah, 0x2a 0x12a82: int 0x21 0x12a84: cmp dx, 0xb19 0x12a88: je 0x12acb 0x12a8a: jmp 0x12a99 0x12a8c: nop 0x12a8d: mov ah, 0x2c 0x12a8f: int 0x21 0x12a91: cmp cl, 0x1e 0x12a94: jge 0x12ab2 0x12a96: jmp 0x12a99 0x12a98: nop 0x12a99: mov dx, 0x2df 0x12a9c: mov ah, 0x4e 0x12a9e: xor cx, cx 0x12aa0: int 0x21 |
| 2018-12-25T12:01:50.653881341Z | 44 | PC: 12a91 | Get time 0x12a91: cmp cl, 0x1e 0x12a94: jge 0x12ab2 0x12a96: jmp 0x12a99 0x12a98: nop 0x12a99: mov dx, 0x2df 0x12a9c: mov ah, 0x4e 0x12a9e: xor cx, cx 0x12aa0: int 0x21 0x12aa2: jb 0x12aa7 0x12aa4: jmp 0x12b08 0x12aa6: nop 0x12aa7: mov dx, 0x2e3 0x12aaa: mov ah, 0x3b 0x12aac: int 0x21 0x12aae: jb 0x12af7 0x12ab0: jmp 0x12a99 0x12ab2: push ax 0x12ab3: push bx 0x12ab4: mov bx, 0x268 0x12ab7: call 0x12ad8 |
| 2018-12-25T12:01:50.6565427Z | 78 | PC: 12aa2 | Find first file |
| 2018-12-25T12:01:50.663056274Z | 61 | PC: 12b29 | Open file (Filename = '*.*') |
| 2018-12-25T12:01:50.668379065Z | 62 | PC: 12b34 | Close file |
| 2018-12-25T12:01:50.671668624Z | 79 | PC: 12ac3 | Find next file |
| 2018-12-25T12:01:50.674226388Z | 61 | PC: 12b29 | Open file (See above) |
| 2018-12-25T12:01:50.67943974Z | 62 | PC: 12b34 | Close file (See above) |
| 2018-12-25T12:01:50.682046662Z | 79 | PC: 12ac3 | Find next file (See above) |
| 2018-12-25T12:01:50.684794942Z | 61 | PC: 12b29 | Open file (See above) |
| 2018-12-25T12:01:50.690155659Z | 62 | PC: 12b34 | Close file (See above) |
| 2018-12-25T12:01:50.692168671Z | 79 | PC: 12ac3 | Find next file (See above) |
| 2018-12-25T12:01:50.695192114Z | 61 | PC: 12b29 | Open file (See above) |
| 2018-12-25T12:01:50.701451385Z | 62 | PC: 12b34 | Close file (See above) |
| 2018-12-25T12:01:50.703649332Z | 79 | PC: 12ac3 | Find next file (See above) |
| 2018-12-25T12:01:50.706448797Z | 61 | PC: 12b29 | Open file (See above) |
| 2018-12-25T12:01:50.711717992Z | 62 | PC: 12b34 | Close file (See above) |
| 2018-12-25T12:01:50.713214693Z | 79 | PC: 12ac3 | Find next file (See above) |
| 2018-12-25T12:01:50.717017958Z | 61 | PC: 12b29 | Open file (See above) |
| 2018-12-25T12:01:50.722337211Z | 62 | PC: 12b34 | Close file (See above) |
| 2018-12-25T12:01:50.72382671Z | 79 | PC: 12ac3 | Find next file (See above) |
| 2018-12-25T12:01:50.727182883Z | 61 | PC: 12b29 | Open file (See above) |
| 2018-12-25T12:01:50.750392734Z | 62 | PC: 12b34 | Close file (See above) |
| 2018-12-25T12:01:50.751799422Z | 79 | PC: 12ac3 | Find next file (See above) |
| 2018-12-25T12:01:50.754931038Z | 61 | PC: 12b29 | Open file (See above) |
| 2018-12-25T12:01:50.760306701Z | 62 | PC: 12b34 | Close file (See above) |
| 2018-12-25T12:01:50.761811133Z | 79 | PC: 12ac3 | Find next file (See above) |
| 2018-12-25T12:01:50.768440779Z | 61 | PC: 12b29 | Open file (See above) |
| 2018-12-25T12:01:50.773943999Z | 62 | PC: 12b34 | Close file (See above) |
| 2018-12-25T12:01:50.775552064Z | 79 | PC: 12ac3 | Find next file (See above) |
| 2018-12-25T12:01:50.778490296Z | 59 | PC: 12aae | Change current directory |
| 2018-12-25T12:01:50.78295855Z | 44 | PC: 12afb | Get time 0x12afb: cmp dh, 0xa 0x12afe: ja 0x12b06 0x12b00: mov bx, 0x2b9 0x12b03: call 0x22ad8 0x12b06: int 0x20 0x12b08: mov bx, 0x80 0x12b0b: mov ax, word ptr [bx + 0x15] 0x12b0e: mov word ptr [0x2e6], ax 0x12b11: mov ax, word ptr [bx + 0x16] 0x12b14: mov word ptr [0x2e8], ax 0x12b17: mov ax, word ptr [bx + 0x18] 0x12b1a: mov word ptr [0x2ea], ax 0x12b1d: mov ax, word ptr [bx + 0x1a] 0x12b20: mov word ptr [0x2ec], ax 0x12b23: mov al, 2 0x12b25: mov ah, 0x3d 0x12b27: int 0x21 0x12b29: mov word ptr [0x2ee], ax 0x12b2c: mov bx, word ptr [0x2ee] 0x12b30: mov ah, 0x3e |