{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":938,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:42:06.939010739Z | 61 | PC: 141c4 | Open file (Filename = '') |
| 2018-12-25T11:42:06.948870368Z | 42 | PC: 141d9 | Get date 0x141d9: cmp cx, 0x7d0 0x141dd: jne 0x141eb 0x141df: cmp dx, 0x101 0x141e3: jne 0x141eb 0x141e5: mov byte ptr cs:[bp + 0x5ac], 1 0x141eb: ret 0x141ec: add byte ptr [si + 0x76], bl 0x141ef: js 0x1421f 0x141f1: jo 0x14266 0x141f3: add byte ptr [bx + di + 0x4e], ah 0x141f6: push sp 0x141f7: imul bp, word ptr [di], 0x6956 0x141fb: push dx 0x141fc: inc sp 0x141fe: inc cx 0x141ff: push sp 0x14200: add byte ptr [bp + di + 0x48], ah 0x14203: dec bx 0x14204: dec sp 0x14205: imul dx, word ptr [bp + di + 0x54], 0x4d2e |
| 2018-12-25T11:42:06.953695035Z | 192 | PC: 13c56 | UNKNOWN! |
| 2018-12-25T11:42:06.954893409Z | 74 | PC: 13cb6 | Reallocate memory |
| 2018-12-25T11:42:06.957015647Z | 74 | PC: 13cbe | Reallocate memory |
| 2018-12-25T11:42:06.959182957Z | 72 | PC: 13cc5 | Allocate memory |
| 2018-12-25T11:42:06.961498975Z | 53 | PC: 13ce4 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:42:06.963164181Z | 37 | PC: 13cf5 | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:42:06.964407379Z | 9 | PC: 12a5c | Display string (Could not find end pointer) |
| 2018-12-25T11:42:06.969724564Z | 76 | PC: 12a61 | Terminate with return code (Return code = '0') |
{"DateBased":true,"Day":1,"Month":1,"Year":2000,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":938,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T13:06:45.989952112Z | 61 | PC: 141c4 | Open file (Filename = '') |
| 2018-12-25T13:06:45.997322717Z | 42 | PC: 141d9 | Get date 0x141d9: cmp cx, 0x7d0 0x141dd: jne 0x141eb 0x141df: cmp dx, 0x101 0x141e3: jne 0x141eb 0x141e5: mov byte ptr cs:[bp + 0x5ac], 1 0x141eb: ret 0x141ec: add byte ptr [si + 0x76], bl 0x141ef: js 0x1421f 0x141f1: jo 0x14266 0x141f3: add byte ptr [bx + di + 0x4e], ah 0x141f6: push sp 0x141f7: imul bp, word ptr [di], 0x6956 0x141fb: push dx 0x141fc: inc sp 0x141fe: inc cx 0x141ff: push sp 0x14200: add byte ptr [bp + di + 0x48], ah 0x14203: dec bx 0x14204: dec sp 0x14205: imul dx, word ptr [bp + di + 0x54], 0x4d2e |
| 2018-12-25T13:06:46.000051894Z | 192 | PC: 13c56 | UNKNOWN! |
| 2018-12-25T13:06:46.001310456Z | 74 | PC: 13cb6 | Reallocate memory |
| 2018-12-25T13:06:46.003669908Z | 74 | PC: 13cbe | Reallocate memory |
| 2018-12-25T13:06:46.005185535Z | 72 | PC: 13cc5 | Allocate memory |
| 2018-12-25T13:06:46.006622676Z | 53 | PC: 13ce4 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T13:06:46.007626779Z | 37 | PC: 13cf5 | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T13:06:46.009036624Z | 53 | PC: 13d02 | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive') |
| 2018-12-25T13:06:46.010600331Z | 37 | PC: 13d12 | Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive') |
| 2018-12-25T13:06:46.011891936Z | 9 | PC: 12a5c | Display string (Could not find end pointer) |
| 2018-12-25T13:06:46.018305077Z | 76 | PC: 12a61 | Terminate with return code (Return code = '0') |
{"DateBased":true,"Day":2,"Month":1,"Year":2000,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":938,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:42:09.156081637Z | 61 | PC: 141c4 | Open file (Filename = '') |
| 2018-12-25T11:42:09.164393509Z | 42 | PC: 141d9 | Get date 0x141d9: cmp cx, 0x7d0 0x141dd: jne 0x141eb 0x141df: cmp dx, 0x101 0x141e3: jne 0x141eb 0x141e5: mov byte ptr cs:[bp + 0x5ac], 1 0x141eb: ret 0x141ec: add byte ptr [si + 0x76], bl 0x141ef: js 0x1421f 0x141f1: jo 0x14266 0x141f3: add byte ptr [bx + di + 0x4e], ah 0x141f6: push sp 0x141f7: imul bp, word ptr [di], 0x6956 0x141fb: push dx 0x141fc: inc sp 0x141fe: inc cx 0x141ff: push sp 0x14200: add byte ptr [bp + di + 0x48], ah 0x14203: dec bx 0x14204: dec sp 0x14205: imul dx, word ptr [bp + di + 0x54], 0x4d2e |
| 2018-12-25T11:42:09.167012785Z | 192 | PC: 13c56 | UNKNOWN! |
| 2018-12-25T11:42:09.168112023Z | 74 | PC: 13cb6 | Reallocate memory |
| 2018-12-25T11:42:09.170340929Z | 74 | PC: 13cbe | Reallocate memory |
| 2018-12-25T11:42:09.171821708Z | 72 | PC: 13cc5 | Allocate memory |
| 2018-12-25T11:42:09.173207467Z | 53 | PC: 13ce4 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:42:09.174436161Z | 37 | PC: 13cf5 | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:42:09.175873792Z | 9 | PC: 12a5c | Display string (Could not find end pointer) |
| 2018-12-25T11:42:09.179461174Z | 76 | PC: 12a61 | Terminate with return code (Return code = '0') |
{"DateBased":true,"Day":2,"Month":1,"Year":2000,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":938,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:42:09.271095361Z | 61 | PC: 141c4 | Open file (Filename = '') |
| 2018-12-25T11:42:09.275665219Z | 42 | PC: 141d9 | Get date 0x141d9: cmp cx, 0x7d0 0x141dd: jne 0x141eb 0x141df: cmp dx, 0x101 0x141e3: jne 0x141eb 0x141e5: mov byte ptr cs:[bp + 0x5ac], 1 0x141eb: ret 0x141ec: add byte ptr [si + 0x76], bl 0x141ef: js 0x1421f 0x141f1: jo 0x14266 0x141f3: add byte ptr [bx + di + 0x4e], ah 0x141f6: push sp 0x141f7: imul bp, word ptr [di], 0x6956 0x141fb: push dx 0x141fc: inc sp 0x141fe: inc cx 0x141ff: push sp 0x14200: add byte ptr [bp + di + 0x48], ah 0x14203: dec bx 0x14204: dec sp 0x14205: imul dx, word ptr [bp + di + 0x54], 0x4d2e |
| 2018-12-25T11:42:09.284335541Z | 192 | PC: 13c56 | UNKNOWN! |
| 2018-12-25T11:42:09.285061026Z | 74 | PC: 13cb6 | Reallocate memory |
| 2018-12-25T11:42:09.287042398Z | 74 | PC: 13cbe | Reallocate memory |
| 2018-12-25T11:42:09.29978937Z | 72 | PC: 13cc5 | Allocate memory |
| 2018-12-25T11:42:09.301473131Z | 53 | PC: 13ce4 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:42:09.303340414Z | 37 | PC: 13cf5 | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:42:09.304934934Z | 9 | PC: 12a5c | Display string (Could not find end pointer) |
| 2018-12-25T11:42:09.310514958Z | 76 | PC: 12a61 | Terminate with return code (Return code = '0') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":938,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:42:12.130471128Z | 61 | PC: 141c4 | Open file (Filename = '') |
| 2018-12-25T11:42:12.134791843Z | 42 | PC: 141d9 | Get date 0x141d9: cmp cx, 0x7d0 0x141dd: jne 0x141eb 0x141df: cmp dx, 0x101 0x141e3: jne 0x141eb 0x141e5: mov byte ptr cs:[bp + 0x5ac], 1 0x141eb: ret 0x141ec: add byte ptr [si + 0x76], bl 0x141ef: js 0x1421f 0x141f1: jo 0x14266 0x141f3: add byte ptr [bx + di + 0x4e], ah 0x141f6: push sp 0x141f7: imul bp, word ptr [di], 0x6956 0x141fb: push dx 0x141fc: inc sp 0x141fe: inc cx 0x141ff: push sp 0x14200: add byte ptr [bp + di + 0x48], ah 0x14203: dec bx 0x14204: dec sp 0x14205: imul dx, word ptr [bp + di + 0x54], 0x4d2e |
| 2018-12-25T11:42:12.136268958Z | 192 | PC: 13c56 | UNKNOWN! |
| 2018-12-25T11:42:12.137723016Z | 74 | PC: 13cb6 | Reallocate memory |
| 2018-12-25T11:42:12.139770273Z | 74 | PC: 13cbe | Reallocate memory |
| 2018-12-25T11:42:12.141167983Z | 72 | PC: 13cc5 | Allocate memory |
| 2018-12-25T11:42:12.14244504Z | 53 | PC: 13ce4 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:42:12.143899936Z | 37 | PC: 13cf5 | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:42:12.145508461Z | 9 | PC: 12a5c | Display string (Could not find end pointer) |
| 2018-12-25T11:42:12.154165184Z | 76 | PC: 12a61 | Terminate with return code (Return code = '0') |
{"DateBased":true,"Day":1,"Month":1,"Year":2000,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":938,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:42:15.198250712Z | 61 | PC: 141c4 | Open file (Filename = '') |
| 2018-12-25T11:42:15.207213037Z | 42 | PC: 141d9 | Get date 0x141d9: cmp cx, 0x7d0 0x141dd: jne 0x141eb 0x141df: cmp dx, 0x101 0x141e3: jne 0x141eb 0x141e5: mov byte ptr cs:[bp + 0x5ac], 1 0x141eb: ret 0x141ec: add byte ptr [si + 0x76], bl 0x141ef: js 0x1421f 0x141f1: jo 0x14266 0x141f3: add byte ptr [bx + di + 0x4e], ah 0x141f6: push sp 0x141f7: imul bp, word ptr [di], 0x6956 0x141fb: push dx 0x141fc: inc sp 0x141fe: inc cx 0x141ff: push sp 0x14200: add byte ptr [bp + di + 0x48], ah 0x14203: dec bx 0x14204: dec sp 0x14205: imul dx, word ptr [bp + di + 0x54], 0x4d2e |
| 2018-12-25T11:42:15.209156491Z | 192 | PC: 13c56 | UNKNOWN! |
| 2018-12-25T11:42:15.209773109Z | 74 | PC: 13cb6 | Reallocate memory |
| 2018-12-25T11:42:15.211747Z | 74 | PC: 13cbe | Reallocate memory |
| 2018-12-25T11:42:15.212949305Z | 72 | PC: 13cc5 | Allocate memory |
| 2018-12-25T11:42:15.214475693Z | 53 | PC: 13ce4 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:42:15.21642665Z | 37 | PC: 13cf5 | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:42:15.217451615Z | 53 | PC: 13d02 | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive') |
| 2018-12-25T11:42:15.218476912Z | 37 | PC: 13d12 | Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive') |
| 2018-12-25T11:42:15.220369321Z | 9 | PC: 12a5c | Display string (Could not find end pointer) |
| 2018-12-25T11:42:15.225673385Z | 76 | PC: 12a61 | Terminate with return code (Return code = '0') |