{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":6,"Second":0,"TimeBased":true,"OriginalID":1482,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:43:51.435978042Z | 42 | PC: 2b576 | Get date 0x2b576: cmp cx, 0x7cb 0x2b57a: jne 0x2b586 0x2b57c: cmp dh, 4 0x2b57f: ja 0x2b586 0x2b581: cmp dl, 0xf 0x2b584: jb 0x2b5cf 0x2b586: mov al, 0xff 0x2b588: mov ah, 0xf 0x2b58a: xchg al, ah 0x2b58c: nop 0x2b58d: int 0x21 0x2b58f: cmp ax, 0x101 0x2b592: jne 0x2b598 0x2b594: call 0x2b5d3 0x2b597: nop 0x2b598: mov ax, 0x3521 0x2b59b: nop 0x2b59c: int 0x21 0x2b59e: cmp word ptr es:[0xa], 0x4254 0x2b5a5: jne 0x2b5b3 |
| 2018-12-25T11:43:51.438140398Z | 255 | PC: 2b58f | UNKNOWN! |
| 2018-12-25T11:43:51.439041991Z | 53 | PC: 2b59e | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:43:51.440638546Z | 240 | PC: 2b5cd | UNKNOWN! |
| 2018-12-25T11:43:51.441560583Z | 44 | PC: 2b4ca | Get time 0x2b4ca: cmp cl, 6 0x2b4cd: jne 0x2b504 0x2b4cf: mov ax, 0xb800 0x2b4d2: mov es, ax 0x2b4d4: mov cx, 0x30 0x2b4d7: push cx 0x2b4d8: mov cx, 0x7c0 0x2b4db: xor si, si 0x2b4dd: mov ah, byte ptr es:[si] 0x2b4e0: cmp ah, 0x77 0x2b4e3: jb 0x2b4f2 0x2b4e5: dec ah 0x2b4e7: mov byte ptr es:[si], ah 0x2b4ea: mov byte ptr es:[si + 1], 0x79 0x2b4ef: jmp 0x2b4fc 0x2b4f1: nop 0x2b4f2: inc ah 0x2b4f4: mov byte ptr es:[si], ah 0x2b4f7: mov byte ptr es:[si + 1], 0x8f 0x2b4fc: inc si |
| 2018-12-25T11:43:51.531924814Z | 48 | PC: 317c4 | Get DOS version |
| 2018-12-25T11:43:51.534275905Z | 74 | PC: 3183b | Reallocate memory |
| 2018-12-25T11:43:51.536123386Z | 72 | PC: 32d67 | Allocate memory |
| 2018-12-25T11:43:51.538576802Z | 74 | PC: 32d17 | Reallocate memory |
| 2018-12-25T11:43:51.541190758Z | 48 | PC: 31ac4 | Get DOS version |
| 2018-12-25T11:43:51.542904397Z | 53 | PC: 318c5 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate') |
| 2018-12-25T11:43:51.544284418Z | 37 | PC: 318d7 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate') |
| 2018-12-25T11:43:51.546042533Z | 68 | PC: 31963 | I/O control for devices (Set for = ' ���2����E�$� �!�E�') |
| 2018-12-25T11:43:51.547514227Z | 68 | PC: 31963 | I/O control for devices (See above) |
| 2018-12-25T11:43:51.549545134Z | 68 | PC: 31963 | I/O control for devices (See above) |
| 2018-12-25T11:43:51.551689593Z | 68 | PC: 31963 | I/O control for devices (See above) |
| 2018-12-25T11:43:51.553145778Z | 68 | PC: 31963 | I/O control for devices (See above) |
| 2018-12-25T11:43:51.55465949Z | 48 | PC: 30865 | Get DOS version |
| 2018-12-25T11:43:51.557256552Z | 37 | PC: 137ce | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T11:43:51.571735544Z | 37 | PC: 137db | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records') |
| 2018-12-25T11:43:51.572978549Z | 25 | PC: 14dd2 | Get default drive |
| 2018-12-25T11:43:51.5745219Z | 25 | PC: 33626 | Get default drive |
| 2018-12-25T11:43:51.576088673Z | 71 | PC: 331db | Get current directory |
| 2018-12-25T11:43:51.593642151Z | 64 | PC: 32a30 | Write file or device (Write 132 bytes on handle 1) |
| 2018-12-25T11:43:51.600690899Z | 64 | PC: 32a30 | Write file or device (See above) |
| 2018-12-25T11:43:51.604445876Z | 64 | PC: 32a30 | Write file or device (See above) |
| 2018-12-25T11:43:51.607257386Z | 42 | PC: 13c58 | Get date 0x13c58: cmp cx, 0x7cd 0x13c5c: ja 0x13c71 0x13c5e: jb 0x13c6c 0x13c60: cmp dh, 9 0x13c63: ja 0x13c71 0x13c65: jb 0x13c6c 0x13c67: cmp dl, 0xf 0x13c6a: ja 0x13c71 0x13c6c: mov word ptr [bp - 4], 1 0x13c71: cmp word ptr [bp - 4], 0 0x13c75: jne 0x13ca4 0x13c77: push 3 0x13c79: lcall 0x14b0:0x131 0x13c7e: push 1 0x13c80: lcall 0x14b0:0x131 0x13c85: push 0 0x13c87: lcall 0x13ef:0x9d8 0x13c8c: or ax, ax 0x13c8e: jne 0x13c9d 0x13c90: push 2 |
| 2018-12-25T11:43:51.611966866Z | 64 | PC: 32a96 | Write file or device (Write 22 bytes on handle 1) |
| 2018-12-25T11:43:51.618090794Z | 64 | PC: 32a30 | Write file or device (See above) |
| 2018-12-25T11:43:51.623410506Z | 64 | PC: 32a96 | Write file or device (See above) |
| 2018-12-25T11:43:51.630154629Z | 48 | PC: 30865 | Get DOS version (See above) |
| 2018-12-25T11:43:51.631434757Z | 82 | PC: 15326 | Get DOS internal pointers (SYSVARS) |
| 2018-12-25T11:43:51.6340208Z | 82 | PC: 151ed | Get DOS internal pointers (SYSVARS) |
| 2018-12-25T11:43:51.635588654Z | 88 | PC: 151c0 | case 0xGet or set allocation strateg: |
| 2018-12-25T11:43:51.637198712Z | 88 | PC: 151dc | case 0xGet or set allocation strateg: |
| 2018-12-25T11:43:51.640807865Z | 88 | PC: 151dc | case 0xGet or set allocation strateg: (See above) |
| 2018-12-25T11:43:51.644510275Z | 64 | PC: 32a30 | Write file or device (See above) |
| 2018-12-25T11:43:51.650496827Z | 64 | PC: 32a96 | Write file or device (See above) |
| 2018-12-25T11:43:51.654643813Z | 61 | PC: 326e1 | Open file (Filename = 'A:\TEST.EXE') |
| 2018-12-25T11:43:51.661221493Z | 68 | PC: 32713 | I/O control for devices (Set for = 'A:\TEST.EXE') |
| 2018-12-25T11:43:51.66261918Z | 67 | PC: 32813 | Get or set file attributes |
| 2018-12-25T11:43:51.667964323Z | 66 | PC: 32688 | Move file pointer |
| 2018-12-25T11:43:51.669787115Z | 63 | PC: 32898 | Read file or device (Read 512 bytes on handle 5) |
| 2018-12-25T11:43:51.67588328Z | 66 | PC: 32688 | Move file pointer (See above) |
| 2018-12-25T11:43:51.677248908Z | 63 | PC: 32898 | Read file or device (See above) |
| 2018-12-25T11:43:51.679335536Z | 66 | PC: 32688 | Move file pointer (See above) |
| 2018-12-25T11:43:51.680641577Z | 63 | PC: 32898 | Read file or device (See above) |
| 2018-12-25T11:43:51.689601831Z | 66 | PC: 32688 | Move file pointer (See above) |
| 2018-12-25T11:43:51.692108937Z | 63 | PC: 32898 | Read file or device (See above) |
| 2018-12-25T11:43:51.700849861Z | 62 | PC: 3260e | Close file |
| 2018-12-25T11:43:51.702821943Z | 61 | PC: 326e1 | Open file (See above) |
| 2018-12-25T11:43:51.709380484Z | 68 | PC: 32713 | I/O control for devices (See above) |
| 2018-12-25T11:43:51.710835477Z | 67 | PC: 32813 | Get or set file attributes (See above) |
| 2018-12-25T11:43:51.7159663Z | 66 | PC: 32688 | Move file pointer (See above) |
| 2018-12-25T11:43:51.717432511Z | 66 | PC: 32688 | Move file pointer (See above) |
| 2018-12-25T11:43:51.718797616Z | 63 | PC: 32898 | Read file or device (See above) |
| 2018-12-25T11:43:51.721182186Z | 66 | PC: 32688 | Move file pointer (See above) |
| 2018-12-25T11:43:51.722957479Z | 66 | PC: 32688 | Move file pointer (See above) |
| 2018-12-25T11:43:51.724342256Z | 63 | PC: 32898 | Read file or device (See above) |
| 2018-12-25T11:43:51.730540094Z | 62 | PC: 3260e | Close file (See above) |
| 2018-12-25T11:43:51.733876913Z | 64 | PC: 32a30 | Write file or device (See above) |
| 2018-12-25T11:43:51.738799484Z | 14 | PC: 3381b | Set default drive (Drive = 'A') |
| 2018-12-25T11:43:51.740748565Z | 59 | PC: 14d8c | Change current directory |
| 2018-12-25T11:43:51.744709496Z | 37 | PC: 31a1f | Set interrupt vector (Interrupt = '0' AKA 'Program terminate') |
| 2018-12-25T11:43:51.745783191Z | 76 | PC: 31a04 | Terminate with return code (Return code = '1') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":6,"Second":0,"TimeBased":true,"OriginalID":1482,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:43:51.537651667Z | 42 | PC: 2b576 | Get date 0x2b576: cmp cx, 0x7cb 0x2b57a: jne 0x2b586 0x2b57c: cmp dh, 4 0x2b57f: ja 0x2b586 0x2b581: cmp dl, 0xf 0x2b584: jb 0x2b5cf 0x2b586: mov al, 0xff 0x2b588: mov ah, 0xf 0x2b58a: xchg al, ah 0x2b58c: nop 0x2b58d: int 0x21 0x2b58f: cmp ax, 0x101 0x2b592: jne 0x2b598 0x2b594: call 0x2b5d3 0x2b597: nop 0x2b598: mov ax, 0x3521 0x2b59b: nop 0x2b59c: int 0x21 0x2b59e: cmp word ptr es:[0xa], 0x4254 0x2b5a5: jne 0x2b5b3 |
| 2018-12-25T11:43:51.540000963Z | 255 | PC: 2b58f | UNKNOWN! |
| 2018-12-25T11:43:51.540607958Z | 53 | PC: 2b59e | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:43:51.542158713Z | 240 | PC: 2b5cd | UNKNOWN! |
| 2018-12-25T11:43:51.543339588Z | 44 | PC: 2b4ca | Get time 0x2b4ca: cmp cl, 6 0x2b4cd: jne 0x2b504 0x2b4cf: mov ax, 0xb800 0x2b4d2: mov es, ax 0x2b4d4: mov cx, 0x30 0x2b4d7: push cx 0x2b4d8: mov cx, 0x7c0 0x2b4db: xor si, si 0x2b4dd: mov ah, byte ptr es:[si] 0x2b4e0: cmp ah, 0x77 0x2b4e3: jb 0x2b4f2 0x2b4e5: dec ah 0x2b4e7: mov byte ptr es:[si], ah 0x2b4ea: mov byte ptr es:[si + 1], 0x79 0x2b4ef: jmp 0x2b4fc 0x2b4f1: nop 0x2b4f2: inc ah 0x2b4f4: mov byte ptr es:[si], ah 0x2b4f7: mov byte ptr es:[si + 1], 0x8f 0x2b4fc: inc si |
| 2018-12-25T11:43:51.644976373Z | 48 | PC: 317c4 | Get DOS version |
| 2018-12-25T11:43:51.646638908Z | 74 | PC: 3183b | Reallocate memory |
| 2018-12-25T11:43:51.648323977Z | 72 | PC: 32d67 | Allocate memory |
| 2018-12-25T11:43:51.650721948Z | 74 | PC: 32d17 | Reallocate memory |
| 2018-12-25T11:43:51.652969348Z | 48 | PC: 31ac4 | Get DOS version |
| 2018-12-25T11:43:51.654484627Z | 53 | PC: 318c5 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate') |
| 2018-12-25T11:43:51.655501272Z | 37 | PC: 318d7 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate') |
| 2018-12-25T11:43:51.65720644Z | 68 | PC: 31963 | I/O control for devices (Set for = ' ���2����E�$� �!�E�') |
| 2018-12-25T11:43:51.658392774Z | 68 | PC: 31963 | I/O control for devices (See above) |
| 2018-12-25T11:43:51.659525135Z | 68 | PC: 31963 | I/O control for devices (See above) |
| 2018-12-25T11:43:51.661059755Z | 68 | PC: 31963 | I/O control for devices (See above) |
| 2018-12-25T11:43:51.66252049Z | 68 | PC: 31963 | I/O control for devices (See above) |
| 2018-12-25T11:43:51.663688922Z | 48 | PC: 30865 | Get DOS version |
| 2018-12-25T11:43:51.665758404Z | 37 | PC: 137ce | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T11:43:51.666676943Z | 37 | PC: 137db | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records') |
| 2018-12-25T11:43:51.667585766Z | 25 | PC: 14dd2 | Get default drive |
| 2018-12-25T11:43:51.669526345Z | 25 | PC: 33626 | Get default drive |
| 2018-12-25T11:43:51.670608325Z | 71 | PC: 331db | Get current directory |
| 2018-12-25T11:43:51.68441779Z | 64 | PC: 32a30 | Write file or device (Write 132 bytes on handle 1) |
| 2018-12-25T11:43:51.6910079Z | 64 | PC: 32a30 | Write file or device (See above) |
| 2018-12-25T11:43:51.695508333Z | 64 | PC: 32a30 | Write file or device (See above) |
| 2018-12-25T11:43:51.698961004Z | 42 | PC: 13c58 | Get date 0x13c58: cmp cx, 0x7cd 0x13c5c: ja 0x13c71 0x13c5e: jb 0x13c6c 0x13c60: cmp dh, 9 0x13c63: ja 0x13c71 0x13c65: jb 0x13c6c 0x13c67: cmp dl, 0xf 0x13c6a: ja 0x13c71 0x13c6c: mov word ptr [bp - 4], 1 0x13c71: cmp word ptr [bp - 4], 0 0x13c75: jne 0x13ca4 0x13c77: push 3 0x13c79: lcall 0x14b0:0x131 0x13c7e: push 1 0x13c80: lcall 0x14b0:0x131 0x13c85: push 0 0x13c87: lcall 0x13ef:0x9d8 0x13c8c: or ax, ax 0x13c8e: jne 0x13c9d 0x13c90: push 2 |
| 2018-12-25T11:43:51.703605166Z | 64 | PC: 32a96 | Write file or device (Write 22 bytes on handle 1) |
| 2018-12-25T11:43:51.709750577Z | 64 | PC: 32a30 | Write file or device (See above) |
| 2018-12-25T11:43:51.714290814Z | 64 | PC: 32a96 | Write file or device (See above) |
| 2018-12-25T11:43:51.720130213Z | 48 | PC: 30865 | Get DOS version (See above) |
| 2018-12-25T11:43:51.721596841Z | 82 | PC: 15326 | Get DOS internal pointers (SYSVARS) |
| 2018-12-25T11:43:51.723785211Z | 82 | PC: 151ed | Get DOS internal pointers (SYSVARS) |
| 2018-12-25T11:43:51.72583098Z | 88 | PC: 151c0 | case 0xGet or set allocation strateg: |
| 2018-12-25T11:43:51.727251612Z | 88 | PC: 151dc | case 0xGet or set allocation strateg: |
| 2018-12-25T11:43:51.731192112Z | 88 | PC: 151dc | case 0xGet or set allocation strateg: (See above) |
| 2018-12-25T11:43:51.73537227Z | 64 | PC: 32a30 | Write file or device (See above) |
| 2018-12-25T11:43:51.741241386Z | 64 | PC: 32a96 | Write file or device (See above) |
| 2018-12-25T11:43:51.746267689Z | 61 | PC: 326e1 | Open file (Filename = 'A:\TEST.EXE') |
| 2018-12-25T11:43:51.756196313Z | 68 | PC: 32713 | I/O control for devices (Set for = 'A:\TEST.EXE') |
| 2018-12-25T11:43:51.761647312Z | 67 | PC: 32813 | Get or set file attributes |
| 2018-12-25T11:43:51.768893166Z | 66 | PC: 32688 | Move file pointer |
| 2018-12-25T11:43:51.771003765Z | 63 | PC: 32898 | Read file or device (Read 512 bytes on handle 5) |
| 2018-12-25T11:43:51.779366025Z | 66 | PC: 32688 | Move file pointer (See above) |
| 2018-12-25T11:43:51.78107349Z | 63 | PC: 32898 | Read file or device (See above) |
| 2018-12-25T11:43:51.783058375Z | 66 | PC: 32688 | Move file pointer (See above) |
| 2018-12-25T11:43:51.785378747Z | 63 | PC: 32898 | Read file or device (See above) |
| 2018-12-25T11:43:51.795970059Z | 66 | PC: 32688 | Move file pointer (See above) |
| 2018-12-25T11:43:51.797830038Z | 63 | PC: 32898 | Read file or device (See above) |
| 2018-12-25T11:43:51.809050172Z | 62 | PC: 3260e | Close file |
| 2018-12-25T11:43:51.811830183Z | 61 | PC: 326e1 | Open file (See above) |
| 2018-12-25T11:43:51.820212907Z | 68 | PC: 32713 | I/O control for devices (See above) |
| 2018-12-25T11:43:51.822811657Z | 67 | PC: 32813 | Get or set file attributes (See above) |
| 2018-12-25T11:43:51.829881253Z | 66 | PC: 32688 | Move file pointer (See above) |
| 2018-12-25T11:43:51.832102056Z | 66 | PC: 32688 | Move file pointer (See above) |
| 2018-12-25T11:43:51.835364237Z | 63 | PC: 32898 | Read file or device (See above) |
| 2018-12-25T11:43:51.838830145Z | 66 | PC: 32688 | Move file pointer (See above) |
| 2018-12-25T11:43:51.841074252Z | 66 | PC: 32688 | Move file pointer (See above) |
| 2018-12-25T11:43:51.844210666Z | 63 | PC: 32898 | Read file or device (See above) |
| 2018-12-25T11:43:51.851994971Z | 62 | PC: 3260e | Close file (See above) |
| 2018-12-25T11:43:51.855813414Z | 64 | PC: 32a30 | Write file or device (See above) |
| 2018-12-25T11:43:51.862633067Z | 14 | PC: 3381b | Set default drive (Drive = 'A') |
| 2018-12-25T11:43:51.864535742Z | 59 | PC: 14d8c | Change current directory |
| 2018-12-25T11:43:51.869674762Z | 37 | PC: 31a1f | Set interrupt vector (Interrupt = '0' AKA 'Program terminate') |
| 2018-12-25T11:43:51.872127899Z | 76 | PC: 31a04 | Terminate with return code (Return code = '1') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":1482,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:43:52.575105555Z | 42 | PC: 2b576 | Get date 0x2b576: cmp cx, 0x7cb 0x2b57a: jne 0x2b586 0x2b57c: cmp dh, 4 0x2b57f: ja 0x2b586 0x2b581: cmp dl, 0xf 0x2b584: jb 0x2b5cf 0x2b586: mov al, 0xff 0x2b588: mov ah, 0xf 0x2b58a: xchg al, ah 0x2b58c: nop 0x2b58d: int 0x21 0x2b58f: cmp ax, 0x101 0x2b592: jne 0x2b598 0x2b594: call 0x2b5d3 0x2b597: nop 0x2b598: mov ax, 0x3521 0x2b59b: nop 0x2b59c: int 0x21 0x2b59e: cmp word ptr es:[0xa], 0x4254 0x2b5a5: jne 0x2b5b3 |
| 2018-12-25T11:43:52.578034171Z | 255 | PC: 2b58f | UNKNOWN! |
| 2018-12-25T11:43:52.579243678Z | 53 | PC: 2b59e | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:43:52.585826855Z | 240 | PC: 2b5cd | UNKNOWN! |
| 2018-12-25T11:43:52.587134596Z | 44 | PC: 2b4ca | Get time 0x2b4ca: cmp cl, 6 0x2b4cd: jne 0x2b504 0x2b4cf: mov ax, 0xb800 0x2b4d2: mov es, ax 0x2b4d4: mov cx, 0x30 0x2b4d7: push cx 0x2b4d8: mov cx, 0x7c0 0x2b4db: xor si, si 0x2b4dd: mov ah, byte ptr es:[si] 0x2b4e0: cmp ah, 0x77 0x2b4e3: jb 0x2b4f2 0x2b4e5: dec ah 0x2b4e7: mov byte ptr es:[si], ah 0x2b4ea: mov byte ptr es:[si + 1], 0x79 0x2b4ef: jmp 0x2b4fc 0x2b4f1: nop 0x2b4f2: inc ah 0x2b4f4: mov byte ptr es:[si], ah 0x2b4f7: mov byte ptr es:[si + 1], 0x8f 0x2b4fc: inc si |
| 2018-12-25T11:43:52.623385454Z | 48 | PC: 317c4 | Get DOS version |
| 2018-12-25T11:43:52.625978995Z | 74 | PC: 3183b | Reallocate memory |
| 2018-12-25T11:43:52.629275823Z | 72 | PC: 32d67 | Allocate memory |
| 2018-12-25T11:43:52.633224796Z | 74 | PC: 32d17 | Reallocate memory |
| 2018-12-25T11:43:52.635869692Z | 48 | PC: 31ac4 | Get DOS version |
| 2018-12-25T11:43:52.647955529Z | 53 | PC: 318c5 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate') |
| 2018-12-25T11:43:52.649474866Z | 37 | PC: 318d7 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate') |
| 2018-12-25T11:43:52.65125067Z | 68 | PC: 31963 | I/O control for devices (Set for = ' ���2����E�$� �!�E�') |
| 2018-12-25T11:43:52.657749141Z | 68 | PC: 31963 | I/O control for devices (See above) |
| 2018-12-25T11:43:52.659361079Z | 68 | PC: 31963 | I/O control for devices (See above) |
| 2018-12-25T11:43:52.661599079Z | 68 | PC: 31963 | I/O control for devices (See above) |
| 2018-12-25T11:43:52.664279076Z | 68 | PC: 31963 | I/O control for devices (See above) |
| 2018-12-25T11:43:52.667107432Z | 48 | PC: 30865 | Get DOS version |
| 2018-12-25T11:43:52.670266758Z | 37 | PC: 137ce | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T11:43:52.672399925Z | 37 | PC: 137db | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records') |
| 2018-12-25T11:43:52.673810445Z | 25 | PC: 14dd2 | Get default drive |
| 2018-12-25T11:43:52.675499909Z | 25 | PC: 33626 | Get default drive |
| 2018-12-25T11:43:52.677793661Z | 71 | PC: 331db | Get current directory |
| 2018-12-25T11:43:52.698588033Z | 64 | PC: 32a30 | Write file or device (Write 132 bytes on handle 1) |
| 2018-12-25T11:43:52.705065552Z | 64 | PC: 32a30 | Write file or device (See above) |
| 2018-12-25T11:43:52.710178013Z | 64 | PC: 32a30 | Write file or device (See above) |
| 2018-12-25T11:43:52.713413386Z | 42 | PC: 13c58 | Get date 0x13c58: cmp cx, 0x7cd 0x13c5c: ja 0x13c71 0x13c5e: jb 0x13c6c 0x13c60: cmp dh, 9 0x13c63: ja 0x13c71 0x13c65: jb 0x13c6c 0x13c67: cmp dl, 0xf 0x13c6a: ja 0x13c71 0x13c6c: mov word ptr [bp - 4], 1 0x13c71: cmp word ptr [bp - 4], 0 0x13c75: jne 0x13ca4 0x13c77: push 3 0x13c79: lcall 0x14b0:0x131 0x13c7e: push 1 0x13c80: lcall 0x14b0:0x131 0x13c85: push 0 0x13c87: lcall 0x13ef:0x9d8 0x13c8c: or ax, ax 0x13c8e: jne 0x13c9d 0x13c90: push 2 |
| 2018-12-25T11:43:52.717663348Z | 64 | PC: 32a96 | Write file or device (Write 22 bytes on handle 1) |
| 2018-12-25T11:43:52.725906563Z | 64 | PC: 32a30 | Write file or device (See above) |
| 2018-12-25T11:43:52.730708698Z | 64 | PC: 32a96 | Write file or device (See above) |
| 2018-12-25T11:43:52.736344939Z | 48 | PC: 30865 | Get DOS version (See above) |
| 2018-12-25T11:43:52.739156104Z | 82 | PC: 15326 | Get DOS internal pointers (SYSVARS) |
| 2018-12-25T11:43:52.741540069Z | 82 | PC: 151ed | Get DOS internal pointers (SYSVARS) |
| 2018-12-25T11:43:52.742901944Z | 88 | PC: 151c0 | case 0xGet or set allocation strateg: |
| 2018-12-25T11:43:52.744865077Z | 88 | PC: 151dc | case 0xGet or set allocation strateg: |
| 2018-12-25T11:43:52.74914452Z | 88 | PC: 151dc | case 0xGet or set allocation strateg: (See above) |
| 2018-12-25T11:43:52.752785039Z | 64 | PC: 32a30 | Write file or device (See above) |
| 2018-12-25T11:43:52.76015368Z | 64 | PC: 32a96 | Write file or device (See above) |
| 2018-12-25T11:43:52.765372186Z | 61 | PC: 326e1 | Open file (Filename = 'A:\TEST.EXE') |
| 2018-12-25T11:43:52.772978448Z | 68 | PC: 32713 | I/O control for devices (Set for = 'A:\TEST.EXE') |
| 2018-12-25T11:43:52.775451502Z | 67 | PC: 32813 | Get or set file attributes |
| 2018-12-25T11:43:52.784055753Z | 66 | PC: 32688 | Move file pointer |
| 2018-12-25T11:43:52.786728989Z | 63 | PC: 32898 | Read file or device (Read 512 bytes on handle 5) |
| 2018-12-25T11:43:52.795470976Z | 66 | PC: 32688 | Move file pointer (See above) |
| 2018-12-25T11:43:52.79736401Z | 63 | PC: 32898 | Read file or device (See above) |
| 2018-12-25T11:43:52.79957163Z | 66 | PC: 32688 | Move file pointer (See above) |
| 2018-12-25T11:43:52.802048686Z | 63 | PC: 32898 | Read file or device (See above) |
| 2018-12-25T11:43:52.813087265Z | 66 | PC: 32688 | Move file pointer (See above) |
| 2018-12-25T11:43:52.815248209Z | 63 | PC: 32898 | Read file or device (See above) |
| 2018-12-25T11:43:52.827445132Z | 62 | PC: 3260e | Close file |
| 2018-12-25T11:43:52.830635579Z | 61 | PC: 326e1 | Open file (See above) |
| 2018-12-25T11:43:52.838274763Z | 68 | PC: 32713 | I/O control for devices (See above) |
| 2018-12-25T11:43:52.841074627Z | 67 | PC: 32813 | Get or set file attributes (See above) |
| 2018-12-25T11:43:52.854163054Z | 66 | PC: 32688 | Move file pointer (See above) |
| 2018-12-25T11:43:52.85595894Z | 66 | PC: 32688 | Move file pointer (See above) |
| 2018-12-25T11:43:52.858302192Z | 63 | PC: 32898 | Read file or device (See above) |
| 2018-12-25T11:43:52.862069927Z | 66 | PC: 32688 | Move file pointer (See above) |
| 2018-12-25T11:43:52.86432849Z | 66 | PC: 32688 | Move file pointer (See above) |
| 2018-12-25T11:43:52.867220515Z | 63 | PC: 32898 | Read file or device (See above) |
| 2018-12-25T11:43:52.876456082Z | 62 | PC: 3260e | Close file (See above) |
| 2018-12-25T11:43:52.88053707Z | 64 | PC: 32a30 | Write file or device (See above) |
| 2018-12-25T11:43:52.886929078Z | 14 | PC: 3381b | Set default drive (Drive = 'A') |
| 2018-12-25T11:43:52.889219182Z | 59 | PC: 14d8c | Change current directory |
| 2018-12-25T11:43:52.894337077Z | 37 | PC: 31a1f | Set interrupt vector (Interrupt = '0' AKA 'Program terminate') |
| 2018-12-25T11:43:52.895864873Z | 76 | PC: 31a04 | Terminate with return code (Return code = '1') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":1482,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:43:55.3755917Z | 42 | PC: 2b576 | Get date 0x2b576: cmp cx, 0x7cb 0x2b57a: jne 0x2b586 0x2b57c: cmp dh, 4 0x2b57f: ja 0x2b586 0x2b581: cmp dl, 0xf 0x2b584: jb 0x2b5cf 0x2b586: mov al, 0xff 0x2b588: mov ah, 0xf 0x2b58a: xchg al, ah 0x2b58c: nop 0x2b58d: int 0x21 0x2b58f: cmp ax, 0x101 0x2b592: jne 0x2b598 0x2b594: call 0x2b5d3 0x2b597: nop 0x2b598: mov ax, 0x3521 0x2b59b: nop 0x2b59c: int 0x21 0x2b59e: cmp word ptr es:[0xa], 0x4254 0x2b5a5: jne 0x2b5b3 |
| 2018-12-25T11:43:55.378513012Z | 255 | PC: 2b58f | UNKNOWN! |
| 2018-12-25T11:43:55.379265909Z | 53 | PC: 2b59e | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:43:55.381458503Z | 240 | PC: 2b5cd | UNKNOWN! |
| 2018-12-25T11:43:55.382752881Z | 44 | PC: 2b4ca | Get time 0x2b4ca: cmp cl, 6 0x2b4cd: jne 0x2b504 0x2b4cf: mov ax, 0xb800 0x2b4d2: mov es, ax 0x2b4d4: mov cx, 0x30 0x2b4d7: push cx 0x2b4d8: mov cx, 0x7c0 0x2b4db: xor si, si 0x2b4dd: mov ah, byte ptr es:[si] 0x2b4e0: cmp ah, 0x77 0x2b4e3: jb 0x2b4f2 0x2b4e5: dec ah 0x2b4e7: mov byte ptr es:[si], ah 0x2b4ea: mov byte ptr es:[si + 1], 0x79 0x2b4ef: jmp 0x2b4fc 0x2b4f1: nop 0x2b4f2: inc ah 0x2b4f4: mov byte ptr es:[si], ah 0x2b4f7: mov byte ptr es:[si + 1], 0x8f 0x2b4fc: inc si |
| 2018-12-25T11:43:55.422571778Z | 48 | PC: 317c4 | Get DOS version |
| 2018-12-25T11:43:55.4258155Z | 74 | PC: 3183b | Reallocate memory |
| 2018-12-25T11:43:55.42785043Z | 72 | PC: 32d67 | Allocate memory |
| 2018-12-25T11:43:55.430974819Z | 74 | PC: 32d17 | Reallocate memory |
| 2018-12-25T11:43:55.434033088Z | 48 | PC: 31ac4 | Get DOS version |
| 2018-12-25T11:43:55.435730738Z | 53 | PC: 318c5 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate') |
| 2018-12-25T11:43:55.437196732Z | 37 | PC: 318d7 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate') |
| 2018-12-25T11:43:55.440329086Z | 68 | PC: 31963 | I/O control for devices (Set for = ' ���2����E�$� �!�E�') |
| 2018-12-25T11:43:55.442264928Z | 68 | PC: 31963 | I/O control for devices (See above) |
| 2018-12-25T11:43:55.444251662Z | 68 | PC: 31963 | I/O control for devices (See above) |
| 2018-12-25T11:43:55.4472984Z | 68 | PC: 31963 | I/O control for devices (See above) |
| 2018-12-25T11:43:55.449042082Z | 68 | PC: 31963 | I/O control for devices (See above) |
| 2018-12-25T11:43:55.450838573Z | 48 | PC: 30865 | Get DOS version |
| 2018-12-25T11:43:55.453693977Z | 37 | PC: 137ce | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T11:43:55.455519621Z | 37 | PC: 137db | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records') |
| 2018-12-25T11:43:55.457342559Z | 25 | PC: 14dd2 | Get default drive |
| 2018-12-25T11:43:55.459449687Z | 25 | PC: 33626 | Get default drive |
| 2018-12-25T11:43:55.460941016Z | 71 | PC: 331db | Get current directory |
| 2018-12-25T11:43:55.48175048Z | 64 | PC: 32a30 | Write file or device (Write 132 bytes on handle 1) |
| 2018-12-25T11:43:55.488393197Z | 64 | PC: 32a30 | Write file or device (See above) |
| 2018-12-25T11:43:55.493237441Z | 64 | PC: 32a30 | Write file or device (See above) |
| 2018-12-25T11:43:55.4963782Z | 42 | PC: 13c58 | Get date 0x13c58: cmp cx, 0x7cd 0x13c5c: ja 0x13c71 0x13c5e: jb 0x13c6c 0x13c60: cmp dh, 9 0x13c63: ja 0x13c71 0x13c65: jb 0x13c6c 0x13c67: cmp dl, 0xf 0x13c6a: ja 0x13c71 0x13c6c: mov word ptr [bp - 4], 1 0x13c71: cmp word ptr [bp - 4], 0 0x13c75: jne 0x13ca4 0x13c77: push 3 0x13c79: lcall 0x14b0:0x131 0x13c7e: push 1 0x13c80: lcall 0x14b0:0x131 0x13c85: push 0 0x13c87: lcall 0x13ef:0x9d8 0x13c8c: or ax, ax 0x13c8e: jne 0x13c9d 0x13c90: push 2 |
| 2018-12-25T11:43:55.500834397Z | 64 | PC: 32a96 | Write file or device (Write 22 bytes on handle 1) |
| 2018-12-25T11:43:55.507554439Z | 64 | PC: 32a30 | Write file or device (See above) |
| 2018-12-25T11:43:55.512177192Z | 64 | PC: 32a96 | Write file or device (See above) |
| 2018-12-25T11:43:55.517682823Z | 48 | PC: 30865 | Get DOS version (See above) |
| 2018-12-25T11:43:55.520004356Z | 82 | PC: 15326 | Get DOS internal pointers (SYSVARS) |
| 2018-12-25T11:43:55.522469035Z | 82 | PC: 151ed | Get DOS internal pointers (SYSVARS) |
| 2018-12-25T11:43:55.523858518Z | 88 | PC: 151c0 | case 0xGet or set allocation strateg: |
| 2018-12-25T11:43:55.526463664Z | 88 | PC: 151dc | case 0xGet or set allocation strateg: |
| 2018-12-25T11:43:55.530398911Z | 88 | PC: 151dc | case 0xGet or set allocation strateg: (See above) |
| 2018-12-25T11:43:55.53366245Z | 64 | PC: 32a30 | Write file or device (See above) |
| 2018-12-25T11:43:55.540633351Z | 64 | PC: 32a96 | Write file or device (See above) |
| 2018-12-25T11:43:55.546343593Z | 61 | PC: 326e1 | Open file (Filename = 'A:\TEST.EXE') |
| 2018-12-25T11:43:55.553862519Z | 68 | PC: 32713 | I/O control for devices (Set for = 'A:\TEST.EXE') |
| 2018-12-25T11:43:55.556828289Z | 67 | PC: 32813 | Get or set file attributes |
| 2018-12-25T11:43:55.56429363Z | 66 | PC: 32688 | Move file pointer |
| 2018-12-25T11:43:55.567465989Z | 63 | PC: 32898 | Read file or device (Read 512 bytes on handle 5) |
| 2018-12-25T11:43:55.576357897Z | 66 | PC: 32688 | Move file pointer (See above) |
| 2018-12-25T11:43:55.578204395Z | 63 | PC: 32898 | Read file or device (See above) |
| 2018-12-25T11:43:55.580488604Z | 66 | PC: 32688 | Move file pointer (See above) |
| 2018-12-25T11:43:55.583296179Z | 63 | PC: 32898 | Read file or device (See above) |
| 2018-12-25T11:43:55.596474232Z | 66 | PC: 32688 | Move file pointer (See above) |
| 2018-12-25T11:43:55.598134183Z | 63 | PC: 32898 | Read file or device (See above) |
| 2018-12-25T11:43:55.609895722Z | 62 | PC: 3260e | Close file |
| 2018-12-25T11:43:55.61250804Z | 61 | PC: 326e1 | Open file (See above) |
| 2018-12-25T11:43:55.620139973Z | 68 | PC: 32713 | I/O control for devices (See above) |
| 2018-12-25T11:43:55.622415722Z | 67 | PC: 32813 | Get or set file attributes (See above) |
| 2018-12-25T11:43:55.629046959Z | 66 | PC: 32688 | Move file pointer (See above) |
| 2018-12-25T11:43:55.631531196Z | 66 | PC: 32688 | Move file pointer (See above) |
| 2018-12-25T11:43:55.633364153Z | 63 | PC: 32898 | Read file or device (See above) |
| 2018-12-25T11:43:55.636660509Z | 66 | PC: 32688 | Move file pointer (See above) |
| 2018-12-25T11:43:55.638229057Z | 66 | PC: 32688 | Move file pointer (See above) |
| 2018-12-25T11:43:55.639829749Z | 63 | PC: 32898 | Read file or device (See above) |
| 2018-12-25T11:43:55.647576537Z | 62 | PC: 3260e | Close file (See above) |
| 2018-12-25T11:43:55.651517289Z | 64 | PC: 32a30 | Write file or device (See above) |
| 2018-12-25T11:43:55.658184324Z | 14 | PC: 3381b | Set default drive (Drive = 'A') |
| 2018-12-25T11:43:55.660832097Z | 59 | PC: 14d8c | Change current directory |
| 2018-12-25T11:43:55.666199957Z | 37 | PC: 31a1f | Set interrupt vector (Interrupt = '0' AKA 'Program terminate') |
| 2018-12-25T11:43:55.667968439Z | 76 | PC: 31a04 | Terminate with return code (Return code = '1') |