{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11439,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:30:35.59464371Z | 255 | PC: 12a6c | UNKNOWN! |
| 2018-12-25T12:30:35.596170348Z | 42 | PC: 12a78 | Get date 0x12a78: cmp cx, 0x7c7 0x12a7c: jb 0x12a97 0x12a7e: jge 0x12a83 0x12a80: jmp 0x12add 0x12a82: nop 0x12a83: mov ah, 0x2a 0x12a85: int 0x21 0x12a87: cmp dh, 6 0x12a8a: jge 0x12a8f 0x12a8c: jmp 0x12add 0x12a8e: nop 0x12a8f: cmp dl, 0x16 0x12a92: jge 0x12ab5 0x12a94: jmp 0x12add 0x12a96: nop 0x12a97: cmp cx, 0x7c6 0x12a9b: je 0x12aaa 0x12a9d: mov ah, 0x2b 0x12a9f: mov cx, 0x7c6 0x12aa2: int 0x21 |
| 2018-12-25T12:30:35.598879369Z | 43 | PC: 12aa4 | Set date |
| 2018-12-25T12:30:35.602437736Z | 45 | PC: 12aaa | Set time |
| 2018-12-25T12:30:35.606358399Z | 44 | PC: 12aae | Get time 0x12aae: cmp cl, 0xf 0x12ab1: jae 0x12abf 0x12ab3: jmp 0x12a83 0x12ab5: mov ah, 9 0x12ab7: mov dx, si 0x12ab9: add dx, 0x40 0x12abd: int 0x21 0x12abf: cmp byte ptr [si], 0x1a 0x12ac4: ja 0x12add 0x12ac6: pushf 0x12ac7: mov al, byte ptr [si] 0x12acb: mov cx, 0x100 0x12ace: mov dx, 0 0x12ad1: mov bx, 1 0x12ad4: int 0x26 0x12ad6: popf 0x12ad7: inc byte ptr [si] 0x12adb: jmp 0x12abf 0x12add: push es 0x12ade: mov ah, 0x2f |
| 2018-12-25T12:30:35.609128402Z | 42 | PC: 12a87 | Get date 0x12a87: cmp dh, 6 0x12a8a: jge 0x12a8f 0x12a8c: jmp 0x12add 0x12a8e: nop 0x12a8f: cmp dl, 0x16 0x12a92: jge 0x12ab5 0x12a94: jmp 0x12add 0x12a96: nop 0x12a97: cmp cx, 0x7c6 0x12a9b: je 0x12aaa 0x12a9d: mov ah, 0x2b 0x12a9f: mov cx, 0x7c6 0x12aa2: int 0x21 0x12aa4: mov ah, 0x2d 0x12aa6: mov cl, 1 0x12aa8: int 0x21 0x12aaa: mov ah, 0x2c 0x12aac: int 0x21 0x12aae: cmp cl, 0xf 0x12ab1: jae 0x12abf |
| 2018-12-25T12:30:35.611319502Z | 47 | PC: 12ae2 | Get disk transfer address |
| 2018-12-25T12:30:35.612683982Z | 26 | PC: 12af5 | Set disk transfer address |
| 2018-12-25T12:30:35.61436194Z | 78 | PC: 12b80 | Find first file |
| 2018-12-25T12:30:35.625113657Z | 79 | PC: 12b86 | Find next file |
| 2018-12-25T12:30:35.62792382Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T12:30:35.631440685Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T12:30:35.6349555Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T12:30:35.637691101Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T12:30:35.641030819Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T12:30:35.643467446Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T12:30:35.645821947Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T12:30:35.648721129Z | 78 | PC: 12b80 | Find first file (See above) |
| 2018-12-25T12:30:35.657378138Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T12:30:35.66035239Z | 67 | PC: 12bbf | Get or set file attributes |
| 2018-12-25T12:30:35.667211023Z | 67 | PC: 12bd2 | Get or set file attributes |
| 2018-12-25T12:30:35.998390614Z | 61 | PC: 12bdd | Open file (Filename = 'C:\DOS\FORMAT.COM') |
| 2018-12-25T12:30:36.005089506Z | 87 | PC: 12be9 | Get or set file date and time |
| 2018-12-25T12:30:36.007098026Z | 44 | PC: 12bf5 | Get time 0x12bf5: mov ah, 0x3f 0x12bf7: mov cx, 3 0x12bfa: mov dx, 0x68 0x12bfd: nop 0x12bfe: add dx, si 0x12c00: int 0x21 0x12c02: jb 0x12c5a 0x12c04: cmp ax, 3 0x12c07: jne 0x12c5a 0x12c09: mov ax, 0x4202 0x12c0c: mov cx, 0 0x12c0f: mov dx, 0 0x12c12: int 0x21 0x12c14: jb 0x12c5a 0x12c16: mov cx, ax 0x12c18: sub ax, 3 0x12c1b: mov word ptr [si + 0x6c], ax 0x12c1f: add cx, 0x350 0x12c23: mov di, si 0x12c25: sub di, 0x24e |
| 2018-12-25T12:30:36.009131615Z | 63 | PC: 12c02 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:30:36.014490897Z | 66 | PC: 12c14 | Move file pointer |
| 2018-12-25T12:30:36.016429153Z | 64 | PC: 12c39 | Write file or device (Write 824 bytes on handle 5) |
| 2018-12-25T12:30:36.024430829Z | 66 | PC: 12c4b | Move file pointer |
| 2018-12-25T12:30:36.025695293Z | 64 | PC: 12c5a | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:30:36.028993189Z | 87 | PC: 12c6f | Get or set file date and time |
| 2018-12-25T12:30:36.03037428Z | 62 | PC: 12c73 | Close file |
| 2018-12-25T12:30:36.03664029Z | 67 | PC: 12c82 | Get or set file attributes |
| 2018-12-25T12:30:36.046858051Z | 26 | PC: 12c8f | Set disk transfer address |
{"DateBased":true,"Day":1,"Month":1,"Year":1990,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11439,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:30:36.738369257Z | 255 | PC: 12a6c | UNKNOWN! |
| 2018-12-25T12:30:36.739097335Z | 42 | PC: 12a78 | Get date 0x12a78: cmp cx, 0x7c7 0x12a7c: jb 0x12a97 0x12a7e: jge 0x12a83 0x12a80: jmp 0x12add 0x12a82: nop 0x12a83: mov ah, 0x2a 0x12a85: int 0x21 0x12a87: cmp dh, 6 0x12a8a: jge 0x12a8f 0x12a8c: jmp 0x12add 0x12a8e: nop 0x12a8f: cmp dl, 0x16 0x12a92: jge 0x12ab5 0x12a94: jmp 0x12add 0x12a96: nop 0x12a97: cmp cx, 0x7c6 0x12a9b: je 0x12aaa 0x12a9d: mov ah, 0x2b 0x12a9f: mov cx, 0x7c6 0x12aa2: int 0x21 |
| 2018-12-25T12:30:36.741578839Z | 44 | PC: 12aae | Get time 0x12aae: cmp cl, 0xf 0x12ab1: jae 0x12abf 0x12ab3: jmp 0x12a83 0x12ab5: mov ah, 9 0x12ab7: mov dx, si 0x12ab9: add dx, 0x40 0x12abd: int 0x21 0x12abf: cmp byte ptr [si], 0x1a 0x12ac4: ja 0x12add 0x12ac6: pushf 0x12ac7: mov al, byte ptr [si] 0x12acb: mov cx, 0x100 0x12ace: mov dx, 0 0x12ad1: mov bx, 1 0x12ad4: int 0x26 0x12ad6: popf 0x12ad7: inc byte ptr [si] 0x12adb: jmp 0x12abf 0x12add: push es 0x12ade: mov ah, 0x2f |
| 2018-12-25T12:30:36.744607031Z | 47 | PC: 12ae2 | Get disk transfer address |
| 2018-12-25T12:30:36.745862294Z | 26 | PC: 12af5 | Set disk transfer address |
| 2018-12-25T12:30:36.747817178Z | 78 | PC: 12b80 | Find first file |
| 2018-12-25T12:30:36.754545936Z | 79 | PC: 12b86 | Find next file |
| 2018-12-25T12:30:36.757289518Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T12:30:36.760638696Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T12:30:36.763465759Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T12:30:36.766337247Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T12:30:36.769309747Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T12:30:36.772328869Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T12:30:36.775572857Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T12:30:36.778591412Z | 78 | PC: 12b80 | Find first file (See above) |
| 2018-12-25T12:30:36.788482736Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T12:30:36.791734722Z | 67 | PC: 12bbf | Get or set file attributes |
| 2018-12-25T12:30:36.799511728Z | 67 | PC: 12bd2 | Get or set file attributes |
| 2018-12-25T12:30:38.31185167Z | 61 | PC: 12bdd | Open file (Filename = 'C:\DOS\FORMAT.COM') |
| 2018-12-25T12:30:38.319557744Z | 87 | PC: 12be9 | Get or set file date and time |
| 2018-12-25T12:30:38.321031064Z | 44 | PC: 12bf5 | Get time 0x12bf5: mov ah, 0x3f 0x12bf7: mov cx, 3 0x12bfa: mov dx, 0x68 0x12bfd: nop 0x12bfe: add dx, si 0x12c00: int 0x21 0x12c02: jb 0x12c5a 0x12c04: cmp ax, 3 0x12c07: jne 0x12c5a 0x12c09: mov ax, 0x4202 0x12c0c: mov cx, 0 0x12c0f: mov dx, 0 0x12c12: int 0x21 0x12c14: jb 0x12c5a 0x12c16: mov cx, ax 0x12c18: sub ax, 3 0x12c1b: mov word ptr [si + 0x6c], ax 0x12c1f: add cx, 0x350 0x12c23: mov di, si 0x12c25: sub di, 0x24e |
| 2018-12-25T12:30:38.330315212Z | 63 | PC: 12c02 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:30:38.336656738Z | 66 | PC: 12c14 | Move file pointer |
| 2018-12-25T12:30:38.338571007Z | 64 | PC: 12c39 | Write file or device (Write 824 bytes on handle 5) |
| 2018-12-25T12:30:38.409681395Z | 66 | PC: 12c4b | Move file pointer |
| 2018-12-25T12:30:38.411138757Z | 64 | PC: 12c5a | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:30:38.414131627Z | 87 | PC: 12c6f | Get or set file date and time |
| 2018-12-25T12:30:38.416246375Z | 62 | PC: 12c73 | Close file |
| 2018-12-25T12:30:38.550926742Z | 67 | PC: 12c82 | Get or set file attributes |
| 2018-12-25T12:30:38.690675238Z | 26 | PC: 12c8f | Set disk transfer address |
{"DateBased":true,"Day":1,"Month":1,"Year":1991,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11439,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:30:37.007486801Z | 255 | PC: 12a6c | UNKNOWN! |
| 2018-12-25T12:30:37.008825274Z | 42 | PC: 12a78 | Get date 0x12a78: cmp cx, 0x7c7 0x12a7c: jb 0x12a97 0x12a7e: jge 0x12a83 0x12a80: jmp 0x12add 0x12a82: nop 0x12a83: mov ah, 0x2a 0x12a85: int 0x21 0x12a87: cmp dh, 6 0x12a8a: jge 0x12a8f 0x12a8c: jmp 0x12add 0x12a8e: nop 0x12a8f: cmp dl, 0x16 0x12a92: jge 0x12ab5 0x12a94: jmp 0x12add 0x12a96: nop 0x12a97: cmp cx, 0x7c6 0x12a9b: je 0x12aaa 0x12a9d: mov ah, 0x2b 0x12a9f: mov cx, 0x7c6 0x12aa2: int 0x21 |
| 2018-12-25T12:30:37.011635606Z | 42 | PC: 12a87 | Get date 0x12a87: cmp dh, 6 0x12a8a: jge 0x12a8f 0x12a8c: jmp 0x12add 0x12a8e: nop 0x12a8f: cmp dl, 0x16 0x12a92: jge 0x12ab5 0x12a94: jmp 0x12add 0x12a96: nop 0x12a97: cmp cx, 0x7c6 0x12a9b: je 0x12aaa 0x12a9d: mov ah, 0x2b 0x12a9f: mov cx, 0x7c6 0x12aa2: int 0x21 0x12aa4: mov ah, 0x2d 0x12aa6: mov cl, 1 0x12aa8: int 0x21 0x12aaa: mov ah, 0x2c 0x12aac: int 0x21 0x12aae: cmp cl, 0xf 0x12ab1: jae 0x12abf |
| 2018-12-25T12:30:37.014091471Z | 47 | PC: 12ae2 | Get disk transfer address |
| 2018-12-25T12:30:37.016015535Z | 26 | PC: 12af5 | Set disk transfer address |
| 2018-12-25T12:30:37.017138917Z | 78 | PC: 12b80 | Find first file |
| 2018-12-25T12:30:37.022942158Z | 79 | PC: 12b86 | Find next file |
| 2018-12-25T12:30:37.025835266Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T12:30:37.028239015Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T12:30:37.030606041Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T12:30:37.033389328Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T12:30:37.035410057Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T12:30:37.037114864Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T12:30:37.04761247Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T12:30:37.050060637Z | 78 | PC: 12b80 | Find first file (See above) |
| 2018-12-25T12:30:37.058572733Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T12:30:37.06161554Z | 67 | PC: 12bbf | Get or set file attributes |
| 2018-12-25T12:30:37.067606896Z | 67 | PC: 12bd2 | Get or set file attributes |
| 2018-12-25T12:30:37.39296107Z | 61 | PC: 12bdd | Open file (Filename = 'C:\DOS\FORMAT.COM') |
| 2018-12-25T12:30:37.401105105Z | 87 | PC: 12be9 | Get or set file date and time |
| 2018-12-25T12:30:37.403285162Z | 44 | PC: 12bf5 | Get time 0x12bf5: mov ah, 0x3f 0x12bf7: mov cx, 3 0x12bfa: mov dx, 0x68 0x12bfd: nop 0x12bfe: add dx, si 0x12c00: int 0x21 0x12c02: jb 0x12c5a 0x12c04: cmp ax, 3 0x12c07: jne 0x12c5a 0x12c09: mov ax, 0x4202 0x12c0c: mov cx, 0 0x12c0f: mov dx, 0 0x12c12: int 0x21 0x12c14: jb 0x12c5a 0x12c16: mov cx, ax 0x12c18: sub ax, 3 0x12c1b: mov word ptr [si + 0x6c], ax 0x12c1f: add cx, 0x350 0x12c23: mov di, si 0x12c25: sub di, 0x24e |
| 2018-12-25T12:30:37.405305579Z | 63 | PC: 12c02 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:30:37.410598175Z | 66 | PC: 12c14 | Move file pointer |
| 2018-12-25T12:30:37.412382479Z | 64 | PC: 12c39 | Write file or device (Write 824 bytes on handle 5) |
| 2018-12-25T12:30:37.419844526Z | 66 | PC: 12c4b | Move file pointer |
| 2018-12-25T12:30:37.421071171Z | 64 | PC: 12c5a | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:30:37.424474415Z | 87 | PC: 12c6f | Get or set file date and time |
| 2018-12-25T12:30:37.426344239Z | 62 | PC: 12c73 | Close file |
| 2018-12-25T12:30:37.432836106Z | 67 | PC: 12c82 | Get or set file attributes |
| 2018-12-25T12:30:37.439990088Z | 26 | PC: 12c8f | Set disk transfer address |
{"DateBased":true,"Day":1,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11439,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:30:37.496716926Z | 255 | PC: 12a6c | UNKNOWN! |
| 2018-12-25T12:30:37.497925519Z | 42 | PC: 12a78 | Get date 0x12a78: cmp cx, 0x7c7 0x12a7c: jb 0x12a97 0x12a7e: jge 0x12a83 0x12a80: jmp 0x12add 0x12a82: nop 0x12a83: mov ah, 0x2a 0x12a85: int 0x21 0x12a87: cmp dh, 6 0x12a8a: jge 0x12a8f 0x12a8c: jmp 0x12add 0x12a8e: nop 0x12a8f: cmp dl, 0x16 0x12a92: jge 0x12ab5 0x12a94: jmp 0x12add 0x12a96: nop 0x12a97: cmp cx, 0x7c6 0x12a9b: je 0x12aaa 0x12a9d: mov ah, 0x2b 0x12a9f: mov cx, 0x7c6 0x12aa2: int 0x21 |
| 2018-12-25T12:30:37.499898816Z | 43 | PC: 12aa4 | Set date |
| 2018-12-25T12:30:37.509370517Z | 45 | PC: 12aaa | Set time |
| 2018-12-25T12:30:37.518643329Z | 44 | PC: 12aae | Get time 0x12aae: cmp cl, 0xf 0x12ab1: jae 0x12abf 0x12ab3: jmp 0x12a83 0x12ab5: mov ah, 9 0x12ab7: mov dx, si 0x12ab9: add dx, 0x40 0x12abd: int 0x21 0x12abf: cmp byte ptr [si], 0x1a 0x12ac4: ja 0x12add 0x12ac6: pushf 0x12ac7: mov al, byte ptr [si] 0x12acb: mov cx, 0x100 0x12ace: mov dx, 0 0x12ad1: mov bx, 1 0x12ad4: int 0x26 0x12ad6: popf 0x12ad7: inc byte ptr [si] 0x12adb: jmp 0x12abf 0x12add: push es 0x12ade: mov ah, 0x2f |
| 2018-12-25T12:30:37.520341039Z | 42 | PC: 12a87 | Get date 0x12a87: cmp dh, 6 0x12a8a: jge 0x12a8f 0x12a8c: jmp 0x12add 0x12a8e: nop 0x12a8f: cmp dl, 0x16 0x12a92: jge 0x12ab5 0x12a94: jmp 0x12add 0x12a96: nop 0x12a97: cmp cx, 0x7c6 0x12a9b: je 0x12aaa 0x12a9d: mov ah, 0x2b 0x12a9f: mov cx, 0x7c6 0x12aa2: int 0x21 0x12aa4: mov ah, 0x2d 0x12aa6: mov cl, 1 0x12aa8: int 0x21 0x12aaa: mov ah, 0x2c 0x12aac: int 0x21 0x12aae: cmp cl, 0xf 0x12ab1: jae 0x12abf |
| 2018-12-25T12:30:37.521972421Z | 47 | PC: 12ae2 | Get disk transfer address |
| 2018-12-25T12:30:37.523418455Z | 26 | PC: 12af5 | Set disk transfer address |
| 2018-12-25T12:30:37.524507701Z | 78 | PC: 12b80 | Find first file |
| 2018-12-25T12:30:37.533080757Z | 79 | PC: 12b86 | Find next file |
| 2018-12-25T12:30:37.535816619Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T12:30:37.537947722Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T12:30:37.54035107Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T12:30:37.543141036Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T12:30:37.545531164Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T12:30:37.548090576Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T12:30:37.550763753Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T12:30:37.554118565Z | 78 | PC: 12b80 | Find first file (See above) |
| 2018-12-25T12:30:37.562850371Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T12:30:37.565821096Z | 67 | PC: 12bbf | Get or set file attributes |
| 2018-12-25T12:30:37.573043368Z | 67 | PC: 12bd2 | Get or set file attributes |
| 2018-12-25T12:30:39.223956162Z | 61 | PC: 12bdd | Open file (Filename = 'C:\DOS\FORMAT.COM') |
| 2018-12-25T12:30:39.230937655Z | 87 | PC: 12be9 | Get or set file date and time |
| 2018-12-25T12:30:39.233267486Z | 44 | PC: 12bf5 | Get time 0x12bf5: mov ah, 0x3f 0x12bf7: mov cx, 3 0x12bfa: mov dx, 0x68 0x12bfd: nop 0x12bfe: add dx, si 0x12c00: int 0x21 0x12c02: jb 0x12c5a 0x12c04: cmp ax, 3 0x12c07: jne 0x12c5a 0x12c09: mov ax, 0x4202 0x12c0c: mov cx, 0 0x12c0f: mov dx, 0 0x12c12: int 0x21 0x12c14: jb 0x12c5a 0x12c16: mov cx, ax 0x12c18: sub ax, 3 0x12c1b: mov word ptr [si + 0x6c], ax 0x12c1f: add cx, 0x350 0x12c23: mov di, si 0x12c25: sub di, 0x24e |
| 2018-12-25T12:30:39.234760818Z | 63 | PC: 12c02 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:30:39.240114803Z | 66 | PC: 12c14 | Move file pointer |
| 2018-12-25T12:30:39.242164982Z | 64 | PC: 12c39 | Write file or device (Write 824 bytes on handle 5) |
| 2018-12-25T12:30:39.264906755Z | 66 | PC: 12c4b | Move file pointer |
| 2018-12-25T12:30:39.266227661Z | 64 | PC: 12c5a | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:30:39.29469308Z | 87 | PC: 12c6f | Get or set file date and time |
| 2018-12-25T12:30:39.296129175Z | 62 | PC: 12c73 | Close file |
| 2018-12-25T12:30:39.335970949Z | 67 | PC: 12c82 | Get or set file attributes |
| 2018-12-25T12:30:39.38156859Z | 26 | PC: 12c8f | Set disk transfer address |
{"DateBased":true,"Day":22,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11439,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T13:07:19.001805841Z | 255 | PC: 12a6c | UNKNOWN! |
| 2018-12-25T13:07:19.003430747Z | 42 | PC: 12a78 | Get date 0x12a78: cmp cx, 0x7c7 0x12a7c: jb 0x12a97 0x12a7e: jge 0x12a83 0x12a80: jmp 0x12add 0x12a82: nop 0x12a83: mov ah, 0x2a 0x12a85: int 0x21 0x12a87: cmp dh, 6 0x12a8a: jge 0x12a8f 0x12a8c: jmp 0x12add 0x12a8e: nop 0x12a8f: cmp dl, 0x16 0x12a92: jge 0x12ab5 0x12a94: jmp 0x12add 0x12a96: nop 0x12a97: cmp cx, 0x7c6 0x12a9b: je 0x12aaa 0x12a9d: mov ah, 0x2b 0x12a9f: mov cx, 0x7c6 0x12aa2: int 0x21 |
| 2018-12-25T13:07:19.005174908Z | 43 | PC: 12aa4 | Set date |
| 2018-12-25T13:07:19.007716176Z | 45 | PC: 12aaa | Set time |
| 2018-12-25T13:07:19.010397283Z | 44 | PC: 12aae | Get time 0x12aae: cmp cl, 0xf 0x12ab1: jae 0x12abf 0x12ab3: jmp 0x12a83 0x12ab5: mov ah, 9 0x12ab7: mov dx, si 0x12ab9: add dx, 0x40 0x12abd: int 0x21 0x12abf: cmp byte ptr [si], 0x1a 0x12ac4: ja 0x12add 0x12ac6: pushf 0x12ac7: mov al, byte ptr [si] 0x12acb: mov cx, 0x100 0x12ace: mov dx, 0 0x12ad1: mov bx, 1 0x12ad4: int 0x26 0x12ad6: popf 0x12ad7: inc byte ptr [si] 0x12adb: jmp 0x12abf 0x12add: push es 0x12ade: mov ah, 0x2f |
| 2018-12-25T13:07:19.012488931Z | 42 | PC: 12a87 | Get date 0x12a87: cmp dh, 6 0x12a8a: jge 0x12a8f 0x12a8c: jmp 0x12add 0x12a8e: nop 0x12a8f: cmp dl, 0x16 0x12a92: jge 0x12ab5 0x12a94: jmp 0x12add 0x12a96: nop 0x12a97: cmp cx, 0x7c6 0x12a9b: je 0x12aaa 0x12a9d: mov ah, 0x2b 0x12a9f: mov cx, 0x7c6 0x12aa2: int 0x21 0x12aa4: mov ah, 0x2d 0x12aa6: mov cl, 1 0x12aa8: int 0x21 0x12aaa: mov ah, 0x2c 0x12aac: int 0x21 0x12aae: cmp cl, 0xf 0x12ab1: jae 0x12abf |
| 2018-12-25T13:07:19.01424335Z | 9 | PC: 12abf | Display string (String= ' Violator strikes again... ') |
| 2018-12-25T13:07:19.018879789Z | 47 | PC: 12ae2 | Get disk transfer address |
| 2018-12-25T13:07:19.020109325Z | 26 | PC: 12af5 | Set disk transfer address |
| 2018-12-25T13:07:19.021520571Z | 78 | PC: 12b80 | Find first file |
| 2018-12-25T13:07:19.028952879Z | 79 | PC: 12b86 | Find next file |
| 2018-12-25T13:07:19.031016775Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T13:07:19.03366925Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T13:07:19.036627776Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T13:07:19.040820187Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T13:07:19.043522992Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T13:07:19.046619451Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T13:07:19.049698637Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T13:07:19.052253947Z | 78 | PC: 12b80 | Find first file (See above) |
| 2018-12-25T13:07:19.062176495Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T13:07:19.065597765Z | 67 | PC: 12bbf | Get or set file attributes |
| 2018-12-25T13:07:19.073655995Z | 67 | PC: 12bd2 | Get or set file attributes |
| 2018-12-25T13:07:21.049301306Z | 61 | PC: 12bdd | Open file (Filename = 'C:\DOS\FORMAT.COM') |
| 2018-12-25T13:07:21.057085834Z | 87 | PC: 12be9 | Get or set file date and time |
| 2018-12-25T13:07:21.060598807Z | 44 | PC: 12bf5 | Get time 0x12bf5: mov ah, 0x3f 0x12bf7: mov cx, 3 0x12bfa: mov dx, 0x68 0x12bfd: nop 0x12bfe: add dx, si 0x12c00: int 0x21 0x12c02: jb 0x12c5a 0x12c04: cmp ax, 3 0x12c07: jne 0x12c5a 0x12c09: mov ax, 0x4202 0x12c0c: mov cx, 0 0x12c0f: mov dx, 0 0x12c12: int 0x21 0x12c14: jb 0x12c5a 0x12c16: mov cx, ax 0x12c18: sub ax, 3 0x12c1b: mov word ptr [si + 0x6c], ax 0x12c1f: add cx, 0x350 0x12c23: mov di, si 0x12c25: sub di, 0x24e |
| 2018-12-25T13:07:21.063400923Z | 63 | PC: 12c02 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T13:07:21.070096875Z | 66 | PC: 12c14 | Move file pointer |
| 2018-12-25T13:07:21.073769783Z | 64 | PC: 12c39 | Write file or device (Write 824 bytes on handle 5) |
| 2018-12-25T13:07:21.090749136Z | 66 | PC: 12c4b | Move file pointer |
| 2018-12-25T13:07:21.092657509Z | 64 | PC: 12c5a | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T13:07:21.09867584Z | 87 | PC: 12c6f | Get or set file date and time |
| 2018-12-25T13:07:21.100497107Z | 62 | PC: 12c73 | Close file |
| 2018-12-25T13:07:21.12023342Z | 67 | PC: 12c82 | Get or set file attributes |
| 2018-12-25T13:07:21.136440174Z | 26 | PC: 12c8f | Set disk transfer address |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11439,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:30:37.638378038Z | 255 | PC: 12a6c | UNKNOWN! |
| 2018-12-25T12:30:37.63965555Z | 42 | PC: 12a78 | Get date 0x12a78: cmp cx, 0x7c7 0x12a7c: jb 0x12a97 0x12a7e: jge 0x12a83 0x12a80: jmp 0x12add 0x12a82: nop 0x12a83: mov ah, 0x2a 0x12a85: int 0x21 0x12a87: cmp dh, 6 0x12a8a: jge 0x12a8f 0x12a8c: jmp 0x12add 0x12a8e: nop 0x12a8f: cmp dl, 0x16 0x12a92: jge 0x12ab5 0x12a94: jmp 0x12add 0x12a96: nop 0x12a97: cmp cx, 0x7c6 0x12a9b: je 0x12aaa 0x12a9d: mov ah, 0x2b 0x12a9f: mov cx, 0x7c6 0x12aa2: int 0x21 |
| 2018-12-25T12:30:37.641753093Z | 43 | PC: 12aa4 | Set date |
| 2018-12-25T12:30:37.644956706Z | 45 | PC: 12aaa | Set time |
| 2018-12-25T12:30:37.648822109Z | 44 | PC: 12aae | Get time 0x12aae: cmp cl, 0xf 0x12ab1: jae 0x12abf 0x12ab3: jmp 0x12a83 0x12ab5: mov ah, 9 0x12ab7: mov dx, si 0x12ab9: add dx, 0x40 0x12abd: int 0x21 0x12abf: cmp byte ptr [si], 0x1a 0x12ac4: ja 0x12add 0x12ac6: pushf 0x12ac7: mov al, byte ptr [si] 0x12acb: mov cx, 0x100 0x12ace: mov dx, 0 0x12ad1: mov bx, 1 0x12ad4: int 0x26 0x12ad6: popf 0x12ad7: inc byte ptr [si] 0x12adb: jmp 0x12abf 0x12add: push es 0x12ade: mov ah, 0x2f |
| 2018-12-25T12:30:37.651370762Z | 42 | PC: 12a87 | Get date 0x12a87: cmp dh, 6 0x12a8a: jge 0x12a8f 0x12a8c: jmp 0x12add 0x12a8e: nop 0x12a8f: cmp dl, 0x16 0x12a92: jge 0x12ab5 0x12a94: jmp 0x12add 0x12a96: nop 0x12a97: cmp cx, 0x7c6 0x12a9b: je 0x12aaa 0x12a9d: mov ah, 0x2b 0x12a9f: mov cx, 0x7c6 0x12aa2: int 0x21 0x12aa4: mov ah, 0x2d 0x12aa6: mov cl, 1 0x12aa8: int 0x21 0x12aaa: mov ah, 0x2c 0x12aac: int 0x21 0x12aae: cmp cl, 0xf 0x12ab1: jae 0x12abf |
| 2018-12-25T12:30:37.653353547Z | 47 | PC: 12ae2 | Get disk transfer address |
| 2018-12-25T12:30:37.655221847Z | 26 | PC: 12af5 | Set disk transfer address |
| 2018-12-25T12:30:37.656666534Z | 78 | PC: 12b80 | Find first file |
| 2018-12-25T12:30:37.667391114Z | 79 | PC: 12b86 | Find next file |
| 2018-12-25T12:30:37.670884122Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T12:30:37.673370467Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T12:30:37.676130097Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T12:30:37.679176505Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T12:30:37.681654272Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T12:30:37.68404419Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T12:30:37.686630728Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T12:30:37.690686591Z | 78 | PC: 12b80 | Find first file (See above) |
| 2018-12-25T12:30:37.699210695Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T12:30:37.702096981Z | 67 | PC: 12bbf | Get or set file attributes |
| 2018-12-25T12:30:37.709009146Z | 67 | PC: 12bd2 | Get or set file attributes |
| 2018-12-25T12:30:39.224219912Z | 61 | PC: 12bdd | Open file (Filename = 'C:\DOS\FORMAT.COM') |
| 2018-12-25T12:30:39.23117616Z | 87 | PC: 12be9 | Get or set file date and time |
| 2018-12-25T12:30:39.233271329Z | 44 | PC: 12bf5 | Get time 0x12bf5: mov ah, 0x3f 0x12bf7: mov cx, 3 0x12bfa: mov dx, 0x68 0x12bfd: nop 0x12bfe: add dx, si 0x12c00: int 0x21 0x12c02: jb 0x12c5a 0x12c04: cmp ax, 3 0x12c07: jne 0x12c5a 0x12c09: mov ax, 0x4202 0x12c0c: mov cx, 0 0x12c0f: mov dx, 0 0x12c12: int 0x21 0x12c14: jb 0x12c5a 0x12c16: mov cx, ax 0x12c18: sub ax, 3 0x12c1b: mov word ptr [si + 0x6c], ax 0x12c1f: add cx, 0x350 0x12c23: mov di, si 0x12c25: sub di, 0x24e |
| 2018-12-25T12:30:39.235609784Z | 63 | PC: 12c02 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:30:39.241144213Z | 66 | PC: 12c14 | Move file pointer |
| 2018-12-25T12:30:39.243048819Z | 64 | PC: 12c39 | Write file or device (Write 824 bytes on handle 5) |
| 2018-12-25T12:30:39.275353837Z | 66 | PC: 12c4b | Move file pointer |
| 2018-12-25T12:30:39.276645866Z | 64 | PC: 12c5a | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:30:39.280423144Z | 87 | PC: 12c6f | Get or set file date and time |
| 2018-12-25T12:30:39.281987922Z | 62 | PC: 12c73 | Close file |
| 2018-12-25T12:30:39.336347627Z | 67 | PC: 12c82 | Get or set file attributes |
| 2018-12-25T12:30:39.367644381Z | 26 | PC: 12c8f | Set disk transfer address |