{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1628,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:43:58.339701971Z | 255 | PC: 12a6a | UNKNOWN! |
| 2018-12-25T11:43:58.341450782Z | 42 | PC: 12a76 | Get date 0x12a76: cmp cx, 0x7c7 0x12a7a: jb 0x12a92 0x12a7c: jge 0x12a80 0x12a7e: jmp 0x12ad1 0x12a80: mov ah, 0x2a 0x12a82: int 0x21 0x12a84: cmp dh, 6 0x12a87: jge 0x12a8b 0x12a89: jmp 0x12ad1 0x12a8b: cmp dl, 0x16 0x12a8e: jge 0x12ab0 0x12a90: jmp 0x12ad1 0x12a92: cmp cx, 0x7c6 0x12a96: je 0x12aa5 0x12a98: mov ah, 0x2b 0x12a9a: mov cx, 0x7c6 0x12a9d: int 0x21 0x12a9f: mov ah, 0x2d 0x12aa1: mov cl, 1 0x12aa3: int 0x21 |
| 2018-12-25T11:43:58.343716499Z | 43 | PC: 12a9f | Set date |
| 2018-12-25T11:43:58.347515647Z | 45 | PC: 12aa5 | Set time |
| 2018-12-25T11:43:58.350972534Z | 44 | PC: 12aa9 | Get time 0x12aa9: cmp cl, 0xf 0x12aac: jae 0x12ab9 0x12aae: jmp 0x12a80 0x12ab0: mov ah, 9 0x12ab2: mov dx, si 0x12ab4: add dx, 0x40 0x12ab7: int 0x21 0x12ab9: cmp byte ptr [si], 0x1a 0x12abc: ja 0x12ad1 0x12abe: pushf 0x12abf: mov al, byte ptr [si] 0x12ac1: mov cx, 0x100 0x12ac4: mov dx, 0 0x12ac7: mov bx, 1 0x12aca: int 0x26 0x12acc: popf 0x12acd: inc byte ptr [si] 0x12acf: jmp 0x12ab9 0x12ad1: push es 0x12ad2: mov ah, 0x2f |
| 2018-12-25T11:43:58.353486481Z | 42 | PC: 12a84 | Get date 0x12a84: cmp dh, 6 0x12a87: jge 0x12a8b 0x12a89: jmp 0x12ad1 0x12a8b: cmp dl, 0x16 0x12a8e: jge 0x12ab0 0x12a90: jmp 0x12ad1 0x12a92: cmp cx, 0x7c6 0x12a96: je 0x12aa5 0x12a98: mov ah, 0x2b 0x12a9a: mov cx, 0x7c6 0x12a9d: int 0x21 0x12a9f: mov ah, 0x2d 0x12aa1: mov cl, 1 0x12aa3: int 0x21 0x12aa5: mov ah, 0x2c 0x12aa7: int 0x21 0x12aa9: cmp cl, 0xf 0x12aac: jae 0x12ab9 0x12aae: jmp 0x12a80 0x12ab0: mov ah, 9 |
| 2018-12-25T11:43:58.355634787Z | 47 | PC: 12ad6 | Get disk transfer address |
| 2018-12-25T11:43:58.356780227Z | 26 | PC: 12ae6 | Set disk transfer address |
| 2018-12-25T11:43:58.358755356Z | 78 | PC: 12b66 | Find first file |
| 2018-12-25T11:43:58.369608886Z | 79 | PC: 12b6c | Find next file |
| 2018-12-25T11:43:58.372362713Z | 79 | PC: 12b6c | Find next file (See above) |
| 2018-12-25T11:43:58.375982092Z | 79 | PC: 12b6c | Find next file (See above) |
| 2018-12-25T11:43:58.378047679Z | 79 | PC: 12b6c | Find next file (See above) |
| 2018-12-25T11:43:58.38274384Z | 79 | PC: 12b6c | Find next file (See above) |
| 2018-12-25T11:43:58.385278192Z | 79 | PC: 12b6c | Find next file (See above) |
| 2018-12-25T11:43:58.387266541Z | 79 | PC: 12b6c | Find next file (See above) |
| 2018-12-25T11:43:58.388970697Z | 79 | PC: 12b6c | Find next file (See above) |
| 2018-12-25T11:43:58.391380712Z | 78 | PC: 12b66 | Find first file (See above) |
| 2018-12-25T11:43:58.401446972Z | 79 | PC: 12b6c | Find next file (See above) |
| 2018-12-25T11:43:58.404820187Z | 67 | PC: 12ba3 | Get or set file attributes |
| 2018-12-25T11:43:58.41108821Z | 67 | PC: 12bb3 | Get or set file attributes |
| 2018-12-25T11:44:02.317627896Z | 61 | PC: 12bbd | Open file (Filename = 'C:\DOS\FORMAT.COM') |
| 2018-12-25T11:44:02.324642323Z | 87 | PC: 12bc9 | Get or set file date and time |
| 2018-12-25T11:44:02.326103952Z | 44 | PC: 12bd3 | Get time 0x12bd3: mov ah, 0x3f 0x12bd5: mov cx, 3 0x12bd8: mov dx, 0x68 0x12bdb: add dx, si 0x12bdd: int 0x21 0x12bdf: jb 0x12c34 0x12be1: cmp ax, 3 0x12be4: jne 0x12c34 0x12be6: mov ax, 0x4202 0x12be9: mov cx, 0 0x12bec: mov dx, 0 0x12bef: int 0x21 0x12bf1: jb 0x12c34 0x12bf3: mov cx, ax 0x12bf5: sub ax, 3 0x12bf8: mov word ptr [si + 0x6c], ax 0x12bfb: add cx, 0x323 0x12bff: mov di, si 0x12c01: sub di, 0x221 0x12c05: mov word ptr [di], cx |
| 2018-12-25T11:44:02.329791613Z | 63 | PC: 12bdf | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T11:44:02.335601996Z | 66 | PC: 12bf1 | Move file pointer |
| 2018-12-25T11:44:02.337438829Z | 64 | PC: 12c14 | Write file or device (Write 779 bytes on handle 5) |
| 2018-12-25T11:44:02.346187547Z | 66 | PC: 12c26 | Move file pointer |
| 2018-12-25T11:44:02.348327282Z | 64 | PC: 12c34 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T11:44:02.351561915Z | 87 | PC: 12c45 | Get or set file date and time |
| 2018-12-25T11:44:02.354512946Z | 62 | PC: 12c49 | Close file |
| 2018-12-25T11:44:02.361126678Z | 67 | PC: 12c56 | Get or set file attributes |
| 2018-12-25T11:44:02.371745868Z | 26 | PC: 12c61 | Set disk transfer address |
{"DateBased":true,"Day":1,"Month":1,"Year":1990,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1628,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:43:58.345139766Z | 255 | PC: 12a6a | UNKNOWN! |
| 2018-12-25T11:43:58.346313714Z | 42 | PC: 12a76 | Get date 0x12a76: cmp cx, 0x7c7 0x12a7a: jb 0x12a92 0x12a7c: jge 0x12a80 0x12a7e: jmp 0x12ad1 0x12a80: mov ah, 0x2a 0x12a82: int 0x21 0x12a84: cmp dh, 6 0x12a87: jge 0x12a8b 0x12a89: jmp 0x12ad1 0x12a8b: cmp dl, 0x16 0x12a8e: jge 0x12ab0 0x12a90: jmp 0x12ad1 0x12a92: cmp cx, 0x7c6 0x12a96: je 0x12aa5 0x12a98: mov ah, 0x2b 0x12a9a: mov cx, 0x7c6 0x12a9d: int 0x21 0x12a9f: mov ah, 0x2d 0x12aa1: mov cl, 1 0x12aa3: int 0x21 |
| 2018-12-25T11:43:58.347831357Z | 44 | PC: 12aa9 | Get time 0x12aa9: cmp cl, 0xf 0x12aac: jae 0x12ab9 0x12aae: jmp 0x12a80 0x12ab0: mov ah, 9 0x12ab2: mov dx, si 0x12ab4: add dx, 0x40 0x12ab7: int 0x21 0x12ab9: cmp byte ptr [si], 0x1a 0x12abc: ja 0x12ad1 0x12abe: pushf 0x12abf: mov al, byte ptr [si] 0x12ac1: mov cx, 0x100 0x12ac4: mov dx, 0 0x12ac7: mov bx, 1 0x12aca: int 0x26 0x12acc: popf 0x12acd: inc byte ptr [si] 0x12acf: jmp 0x12ab9 0x12ad1: push es 0x12ad2: mov ah, 0x2f |
| 2018-12-25T11:43:58.350682395Z | 47 | PC: 12ad6 | Get disk transfer address |
| 2018-12-25T11:43:58.351853837Z | 26 | PC: 12ae6 | Set disk transfer address |
| 2018-12-25T11:43:58.353116264Z | 78 | PC: 12b66 | Find first file |
| 2018-12-25T11:43:58.358961932Z | 79 | PC: 12b6c | Find next file |
| 2018-12-25T11:43:58.361777247Z | 79 | PC: 12b6c | Find next file (See above) |
| 2018-12-25T11:43:58.364127856Z | 79 | PC: 12b6c | Find next file (See above) |
| 2018-12-25T11:43:58.366457286Z | 79 | PC: 12b6c | Find next file (See above) |
| 2018-12-25T11:43:58.369166816Z | 79 | PC: 12b6c | Find next file (See above) |
| 2018-12-25T11:43:58.371722084Z | 79 | PC: 12b6c | Find next file (See above) |
| 2018-12-25T11:43:58.374119884Z | 79 | PC: 12b6c | Find next file (See above) |
| 2018-12-25T11:43:58.37670932Z | 79 | PC: 12b6c | Find next file (See above) |
| 2018-12-25T11:43:58.379607764Z | 78 | PC: 12b66 | Find first file (See above) |
| 2018-12-25T11:43:58.407774896Z | 79 | PC: 12b6c | Find next file (See above) |
| 2018-12-25T11:43:58.410753616Z | 67 | PC: 12ba3 | Get or set file attributes |
| 2018-12-25T11:43:58.416615339Z | 67 | PC: 12bb3 | Get or set file attributes |
| 2018-12-25T11:44:02.317631906Z | 61 | PC: 12bbd | Open file (Filename = 'C:\DOS\FORMAT.COM') |
| 2018-12-25T11:44:02.32360989Z | 87 | PC: 12bc9 | Get or set file date and time |
| 2018-12-25T11:44:02.326697588Z | 44 | PC: 12bd3 | Get time 0x12bd3: mov ah, 0x3f 0x12bd5: mov cx, 3 0x12bd8: mov dx, 0x68 0x12bdb: add dx, si 0x12bdd: int 0x21 0x12bdf: jb 0x12c34 0x12be1: cmp ax, 3 0x12be4: jne 0x12c34 0x12be6: mov ax, 0x4202 0x12be9: mov cx, 0 0x12bec: mov dx, 0 0x12bef: int 0x21 0x12bf1: jb 0x12c34 0x12bf3: mov cx, ax 0x12bf5: sub ax, 3 0x12bf8: mov word ptr [si + 0x6c], ax 0x12bfb: add cx, 0x323 0x12bff: mov di, si 0x12c01: sub di, 0x221 0x12c05: mov word ptr [di], cx |
| 2018-12-25T11:44:02.329108601Z | 63 | PC: 12bdf | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T11:44:02.33544751Z | 66 | PC: 12bf1 | Move file pointer |
| 2018-12-25T11:44:02.338287347Z | 64 | PC: 12c14 | Write file or device (Write 779 bytes on handle 5) |
| 2018-12-25T11:44:02.346721608Z | 66 | PC: 12c26 | Move file pointer |
| 2018-12-25T11:44:02.348428296Z | 64 | PC: 12c34 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T11:44:02.352504448Z | 87 | PC: 12c45 | Get or set file date and time |
| 2018-12-25T11:44:02.354386385Z | 62 | PC: 12c49 | Close file |
| 2018-12-25T11:44:02.360879694Z | 67 | PC: 12c56 | Get or set file attributes |
| 2018-12-25T11:44:02.371357062Z | 26 | PC: 12c61 | Set disk transfer address |
{"DateBased":true,"Day":1,"Month":1,"Year":1991,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1628,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:43:58.535295761Z | 255 | PC: 12a6a | UNKNOWN! |
| 2018-12-25T11:43:58.536670303Z | 42 | PC: 12a76 | Get date 0x12a76: cmp cx, 0x7c7 0x12a7a: jb 0x12a92 0x12a7c: jge 0x12a80 0x12a7e: jmp 0x12ad1 0x12a80: mov ah, 0x2a 0x12a82: int 0x21 0x12a84: cmp dh, 6 0x12a87: jge 0x12a8b 0x12a89: jmp 0x12ad1 0x12a8b: cmp dl, 0x16 0x12a8e: jge 0x12ab0 0x12a90: jmp 0x12ad1 0x12a92: cmp cx, 0x7c6 0x12a96: je 0x12aa5 0x12a98: mov ah, 0x2b 0x12a9a: mov cx, 0x7c6 0x12a9d: int 0x21 0x12a9f: mov ah, 0x2d 0x12aa1: mov cl, 1 0x12aa3: int 0x21 |
| 2018-12-25T11:43:58.539379363Z | 42 | PC: 12a84 | Get date 0x12a84: cmp dh, 6 0x12a87: jge 0x12a8b 0x12a89: jmp 0x12ad1 0x12a8b: cmp dl, 0x16 0x12a8e: jge 0x12ab0 0x12a90: jmp 0x12ad1 0x12a92: cmp cx, 0x7c6 0x12a96: je 0x12aa5 0x12a98: mov ah, 0x2b 0x12a9a: mov cx, 0x7c6 0x12a9d: int 0x21 0x12a9f: mov ah, 0x2d 0x12aa1: mov cl, 1 0x12aa3: int 0x21 0x12aa5: mov ah, 0x2c 0x12aa7: int 0x21 0x12aa9: cmp cl, 0xf 0x12aac: jae 0x12ab9 0x12aae: jmp 0x12a80 0x12ab0: mov ah, 9 |
| 2018-12-25T11:43:58.541773083Z | 47 | PC: 12ad6 | Get disk transfer address |
| 2018-12-25T11:43:58.542901964Z | 26 | PC: 12ae6 | Set disk transfer address |
| 2018-12-25T11:43:58.550682428Z | 78 | PC: 12b66 | Find first file |
| 2018-12-25T11:43:58.557917617Z | 79 | PC: 12b6c | Find next file |
| 2018-12-25T11:43:58.561297674Z | 79 | PC: 12b6c | Find next file (See above) |
| 2018-12-25T11:43:58.565053836Z | 79 | PC: 12b6c | Find next file (See above) |
| 2018-12-25T11:43:58.567839967Z | 79 | PC: 12b6c | Find next file (See above) |
| 2018-12-25T11:43:58.570669464Z | 79 | PC: 12b6c | Find next file (See above) |
| 2018-12-25T11:43:58.582928094Z | 79 | PC: 12b6c | Find next file (See above) |
| 2018-12-25T11:43:58.585942823Z | 79 | PC: 12b6c | Find next file (See above) |
| 2018-12-25T11:43:58.599727135Z | 79 | PC: 12b6c | Find next file (See above) |
| 2018-12-25T11:43:58.602626438Z | 78 | PC: 12b66 | Find first file (See above) |
| 2018-12-25T11:43:58.613593606Z | 79 | PC: 12b6c | Find next file (See above) |
| 2018-12-25T11:43:58.617678371Z | 67 | PC: 12ba3 | Get or set file attributes |
| 2018-12-25T11:43:58.626251019Z | 67 | PC: 12bb3 | Get or set file attributes |
| 2018-12-25T11:43:59.941601077Z | 61 | PC: 12bbd | Open file (Filename = 'C:\DOS\FORMAT.COM') |
| 2018-12-25T11:43:59.950353256Z | 87 | PC: 12bc9 | Get or set file date and time |
| 2018-12-25T11:43:59.953550213Z | 44 | PC: 12bd3 | Get time 0x12bd3: mov ah, 0x3f 0x12bd5: mov cx, 3 0x12bd8: mov dx, 0x68 0x12bdb: add dx, si 0x12bdd: int 0x21 0x12bdf: jb 0x12c34 0x12be1: cmp ax, 3 0x12be4: jne 0x12c34 0x12be6: mov ax, 0x4202 0x12be9: mov cx, 0 0x12bec: mov dx, 0 0x12bef: int 0x21 0x12bf1: jb 0x12c34 0x12bf3: mov cx, ax 0x12bf5: sub ax, 3 0x12bf8: mov word ptr [si + 0x6c], ax 0x12bfb: add cx, 0x323 0x12bff: mov di, si 0x12c01: sub di, 0x221 0x12c05: mov word ptr [di], cx |
| 2018-12-25T11:43:59.95650038Z | 63 | PC: 12bdf | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T11:43:59.965548643Z | 66 | PC: 12bf1 | Move file pointer |
| 2018-12-25T11:43:59.967535634Z | 64 | PC: 12c14 | Write file or device (Write 779 bytes on handle 5) |
| 2018-12-25T11:43:59.980781642Z | 66 | PC: 12c26 | Move file pointer |
| 2018-12-25T11:43:59.983172331Z | 64 | PC: 12c34 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T11:43:59.987739496Z | 87 | PC: 12c45 | Get or set file date and time |
| 2018-12-25T11:43:59.991122983Z | 62 | PC: 12c49 | Close file |
| 2018-12-25T11:44:00.000753117Z | 67 | PC: 12c56 | Get or set file attributes |
| 2018-12-25T11:44:00.013473171Z | 26 | PC: 12c61 | Set disk transfer address |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1628,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:43:58.608174868Z | 255 | PC: 12a6a | UNKNOWN! |
| 2018-12-25T11:43:58.610146888Z | 42 | PC: 12a76 | Get date 0x12a76: cmp cx, 0x7c7 0x12a7a: jb 0x12a92 0x12a7c: jge 0x12a80 0x12a7e: jmp 0x12ad1 0x12a80: mov ah, 0x2a 0x12a82: int 0x21 0x12a84: cmp dh, 6 0x12a87: jge 0x12a8b 0x12a89: jmp 0x12ad1 0x12a8b: cmp dl, 0x16 0x12a8e: jge 0x12ab0 0x12a90: jmp 0x12ad1 0x12a92: cmp cx, 0x7c6 0x12a96: je 0x12aa5 0x12a98: mov ah, 0x2b 0x12a9a: mov cx, 0x7c6 0x12a9d: int 0x21 0x12a9f: mov ah, 0x2d 0x12aa1: mov cl, 1 0x12aa3: int 0x21 |
| 2018-12-25T11:43:58.61288319Z | 43 | PC: 12a9f | Set date |
| 2018-12-25T11:43:58.617360797Z | 45 | PC: 12aa5 | Set time |
| 2018-12-25T11:43:58.622137122Z | 44 | PC: 12aa9 | Get time 0x12aa9: cmp cl, 0xf 0x12aac: jae 0x12ab9 0x12aae: jmp 0x12a80 0x12ab0: mov ah, 9 0x12ab2: mov dx, si 0x12ab4: add dx, 0x40 0x12ab7: int 0x21 0x12ab9: cmp byte ptr [si], 0x1a 0x12abc: ja 0x12ad1 0x12abe: pushf 0x12abf: mov al, byte ptr [si] 0x12ac1: mov cx, 0x100 0x12ac4: mov dx, 0 0x12ac7: mov bx, 1 0x12aca: int 0x26 0x12acc: popf 0x12acd: inc byte ptr [si] 0x12acf: jmp 0x12ab9 0x12ad1: push es 0x12ad2: mov ah, 0x2f |
| 2018-12-25T11:43:58.63157421Z | 42 | PC: 12a84 | Get date 0x12a84: cmp dh, 6 0x12a87: jge 0x12a8b 0x12a89: jmp 0x12ad1 0x12a8b: cmp dl, 0x16 0x12a8e: jge 0x12ab0 0x12a90: jmp 0x12ad1 0x12a92: cmp cx, 0x7c6 0x12a96: je 0x12aa5 0x12a98: mov ah, 0x2b 0x12a9a: mov cx, 0x7c6 0x12a9d: int 0x21 0x12a9f: mov ah, 0x2d 0x12aa1: mov cl, 1 0x12aa3: int 0x21 0x12aa5: mov ah, 0x2c 0x12aa7: int 0x21 0x12aa9: cmp cl, 0xf 0x12aac: jae 0x12ab9 0x12aae: jmp 0x12a80 0x12ab0: mov ah, 9 |
| 2018-12-25T11:43:58.634093621Z | 47 | PC: 12ad6 | Get disk transfer address |
| 2018-12-25T11:43:58.635314304Z | 26 | PC: 12ae6 | Set disk transfer address |
| 2018-12-25T11:43:58.63706616Z | 78 | PC: 12b66 | Find first file |
| 2018-12-25T11:43:58.649618938Z | 79 | PC: 12b6c | Find next file |
| 2018-12-25T11:43:58.652544086Z | 79 | PC: 12b6c | Find next file (See above) |
| 2018-12-25T11:43:58.659971816Z | 79 | PC: 12b6c | Find next file (See above) |
| 2018-12-25T11:43:58.663318176Z | 79 | PC: 12b6c | Find next file (See above) |
| 2018-12-25T11:43:58.666550369Z | 79 | PC: 12b6c | Find next file (See above) |
| 2018-12-25T11:43:58.670320879Z | 79 | PC: 12b6c | Find next file (See above) |
| 2018-12-25T11:43:58.673505158Z | 79 | PC: 12b6c | Find next file (See above) |
| 2018-12-25T11:43:58.676628167Z | 79 | PC: 12b6c | Find next file (See above) |
| 2018-12-25T11:43:58.68173371Z | 78 | PC: 12b66 | Find first file (See above) |
| 2018-12-25T11:43:58.691952019Z | 79 | PC: 12b6c | Find next file (See above) |
| 2018-12-25T11:43:58.695271771Z | 67 | PC: 12ba3 | Get or set file attributes |
| 2018-12-25T11:43:58.701929502Z | 67 | PC: 12bb3 | Get or set file attributes |
| 2018-12-25T11:43:59.958929776Z | 61 | PC: 12bbd | Open file (Filename = 'C:\DOS\FORMAT.COM') |
| 2018-12-25T11:43:59.968432035Z | 87 | PC: 12bc9 | Get or set file date and time |
| 2018-12-25T11:43:59.971351155Z | 44 | PC: 12bd3 | Get time 0x12bd3: mov ah, 0x3f 0x12bd5: mov cx, 3 0x12bd8: mov dx, 0x68 0x12bdb: add dx, si 0x12bdd: int 0x21 0x12bdf: jb 0x12c34 0x12be1: cmp ax, 3 0x12be4: jne 0x12c34 0x12be6: mov ax, 0x4202 0x12be9: mov cx, 0 0x12bec: mov dx, 0 0x12bef: int 0x21 0x12bf1: jb 0x12c34 0x12bf3: mov cx, ax 0x12bf5: sub ax, 3 0x12bf8: mov word ptr [si + 0x6c], ax 0x12bfb: add cx, 0x323 0x12bff: mov di, si 0x12c01: sub di, 0x221 0x12c05: mov word ptr [di], cx |
| 2018-12-25T11:43:59.976825839Z | 63 | PC: 12bdf | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T11:43:59.98356354Z | 66 | PC: 12bf1 | Move file pointer |
| 2018-12-25T11:43:59.985421572Z | 64 | PC: 12c14 | Write file or device (Write 779 bytes on handle 5) |
| 2018-12-25T11:43:59.995889357Z | 66 | PC: 12c26 | Move file pointer |
| 2018-12-25T11:43:59.997822371Z | 64 | PC: 12c34 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T11:44:00.001341777Z | 87 | PC: 12c45 | Get or set file date and time |
| 2018-12-25T11:44:00.004998071Z | 62 | PC: 12c49 | Close file |
| 2018-12-25T11:44:00.012553796Z | 67 | PC: 12c56 | Get or set file attributes |
| 2018-12-25T11:44:00.023838575Z | 26 | PC: 12c61 | Set disk transfer address |
{"DateBased":true,"Day":1,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1628,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:43:58.692344126Z | 255 | PC: 12a6a | UNKNOWN! |
| 2018-12-25T11:43:58.693784295Z | 42 | PC: 12a76 | Get date 0x12a76: cmp cx, 0x7c7 0x12a7a: jb 0x12a92 0x12a7c: jge 0x12a80 0x12a7e: jmp 0x12ad1 0x12a80: mov ah, 0x2a 0x12a82: int 0x21 0x12a84: cmp dh, 6 0x12a87: jge 0x12a8b 0x12a89: jmp 0x12ad1 0x12a8b: cmp dl, 0x16 0x12a8e: jge 0x12ab0 0x12a90: jmp 0x12ad1 0x12a92: cmp cx, 0x7c6 0x12a96: je 0x12aa5 0x12a98: mov ah, 0x2b 0x12a9a: mov cx, 0x7c6 0x12a9d: int 0x21 0x12a9f: mov ah, 0x2d 0x12aa1: mov cl, 1 0x12aa3: int 0x21 |
| 2018-12-25T11:43:58.696204576Z | 43 | PC: 12a9f | Set date |
| 2018-12-25T11:43:58.699742474Z | 45 | PC: 12aa5 | Set time |
| 2018-12-25T11:43:58.710683112Z | 44 | PC: 12aa9 | Get time 0x12aa9: cmp cl, 0xf 0x12aac: jae 0x12ab9 0x12aae: jmp 0x12a80 0x12ab0: mov ah, 9 0x12ab2: mov dx, si 0x12ab4: add dx, 0x40 0x12ab7: int 0x21 0x12ab9: cmp byte ptr [si], 0x1a 0x12abc: ja 0x12ad1 0x12abe: pushf 0x12abf: mov al, byte ptr [si] 0x12ac1: mov cx, 0x100 0x12ac4: mov dx, 0 0x12ac7: mov bx, 1 0x12aca: int 0x26 0x12acc: popf 0x12acd: inc byte ptr [si] 0x12acf: jmp 0x12ab9 0x12ad1: push es 0x12ad2: mov ah, 0x2f |
| 2018-12-25T11:43:58.716940334Z | 42 | PC: 12a84 | Get date 0x12a84: cmp dh, 6 0x12a87: jge 0x12a8b 0x12a89: jmp 0x12ad1 0x12a8b: cmp dl, 0x16 0x12a8e: jge 0x12ab0 0x12a90: jmp 0x12ad1 0x12a92: cmp cx, 0x7c6 0x12a96: je 0x12aa5 0x12a98: mov ah, 0x2b 0x12a9a: mov cx, 0x7c6 0x12a9d: int 0x21 0x12a9f: mov ah, 0x2d 0x12aa1: mov cl, 1 0x12aa3: int 0x21 0x12aa5: mov ah, 0x2c 0x12aa7: int 0x21 0x12aa9: cmp cl, 0xf 0x12aac: jae 0x12ab9 0x12aae: jmp 0x12a80 0x12ab0: mov ah, 9 |
| 2018-12-25T11:43:58.720173692Z | 47 | PC: 12ad6 | Get disk transfer address |
| 2018-12-25T11:43:58.721814963Z | 26 | PC: 12ae6 | Set disk transfer address |
| 2018-12-25T11:43:58.723190824Z | 78 | PC: 12b66 | Find first file |
| 2018-12-25T11:43:58.734888544Z | 79 | PC: 12b6c | Find next file |
| 2018-12-25T11:43:58.737719751Z | 79 | PC: 12b6c | Find next file (See above) |
| 2018-12-25T11:43:58.740732351Z | 79 | PC: 12b6c | Find next file (See above) |
| 2018-12-25T11:43:58.74348274Z | 79 | PC: 12b6c | Find next file (See above) |
| 2018-12-25T11:43:58.74763665Z | 79 | PC: 12b6c | Find next file (See above) |
| 2018-12-25T11:43:58.751276286Z | 79 | PC: 12b6c | Find next file (See above) |
| 2018-12-25T11:43:58.753967365Z | 79 | PC: 12b6c | Find next file (See above) |
| 2018-12-25T11:43:58.756664863Z | 79 | PC: 12b6c | Find next file (See above) |
| 2018-12-25T11:43:58.760198971Z | 78 | PC: 12b66 | Find first file (See above) |
| 2018-12-25T11:43:58.770672568Z | 79 | PC: 12b6c | Find next file (See above) |
| 2018-12-25T11:43:58.774056712Z | 67 | PC: 12ba3 | Get or set file attributes |
| 2018-12-25T11:43:58.781058191Z | 67 | PC: 12bb3 | Get or set file attributes |
| 2018-12-25T11:43:59.958806645Z | 61 | PC: 12bbd | Open file (Filename = 'C:\DOS\FORMAT.COM') |
| 2018-12-25T11:43:59.967401994Z | 87 | PC: 12bc9 | Get or set file date and time |
| 2018-12-25T11:43:59.972831229Z | 44 | PC: 12bd3 | Get time 0x12bd3: mov ah, 0x3f 0x12bd5: mov cx, 3 0x12bd8: mov dx, 0x68 0x12bdb: add dx, si 0x12bdd: int 0x21 0x12bdf: jb 0x12c34 0x12be1: cmp ax, 3 0x12be4: jne 0x12c34 0x12be6: mov ax, 0x4202 0x12be9: mov cx, 0 0x12bec: mov dx, 0 0x12bef: int 0x21 0x12bf1: jb 0x12c34 0x12bf3: mov cx, ax 0x12bf5: sub ax, 3 0x12bf8: mov word ptr [si + 0x6c], ax 0x12bfb: add cx, 0x323 0x12bff: mov di, si 0x12c01: sub di, 0x221 0x12c05: mov word ptr [di], cx |
| 2018-12-25T11:43:59.975817605Z | 63 | PC: 12bdf | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T11:43:59.999665782Z | 66 | PC: 12bf1 | Move file pointer |
| 2018-12-25T11:44:00.003462382Z | 64 | PC: 12c14 | Write file or device (Write 779 bytes on handle 5) |
| 2018-12-25T11:44:00.012346528Z | 66 | PC: 12c26 | Move file pointer |
| 2018-12-25T11:44:00.014345971Z | 64 | PC: 12c34 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T11:44:00.018731124Z | 87 | PC: 12c45 | Get or set file date and time |
| 2018-12-25T11:44:00.021160968Z | 62 | PC: 12c49 | Close file |
| 2018-12-25T11:44:00.027336642Z | 67 | PC: 12c56 | Get or set file attributes |
| 2018-12-25T11:44:00.040199205Z | 26 | PC: 12c61 | Set disk transfer address |
{"DateBased":true,"Day":22,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1628,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:43:58.885273186Z | 255 | PC: 12a6a | UNKNOWN! |
| 2018-12-25T11:43:58.902963712Z | 42 | PC: 12a76 | Get date 0x12a76: cmp cx, 0x7c7 0x12a7a: jb 0x12a92 0x12a7c: jge 0x12a80 0x12a7e: jmp 0x12ad1 0x12a80: mov ah, 0x2a 0x12a82: int 0x21 0x12a84: cmp dh, 6 0x12a87: jge 0x12a8b 0x12a89: jmp 0x12ad1 0x12a8b: cmp dl, 0x16 0x12a8e: jge 0x12ab0 0x12a90: jmp 0x12ad1 0x12a92: cmp cx, 0x7c6 0x12a96: je 0x12aa5 0x12a98: mov ah, 0x2b 0x12a9a: mov cx, 0x7c6 0x12a9d: int 0x21 0x12a9f: mov ah, 0x2d 0x12aa1: mov cl, 1 0x12aa3: int 0x21 |
| 2018-12-25T11:43:58.904983316Z | 43 | PC: 12a9f | Set date |
| 2018-12-25T11:43:58.908020949Z | 45 | PC: 12aa5 | Set time |
| 2018-12-25T11:43:58.911209022Z | 44 | PC: 12aa9 | Get time 0x12aa9: cmp cl, 0xf 0x12aac: jae 0x12ab9 0x12aae: jmp 0x12a80 0x12ab0: mov ah, 9 0x12ab2: mov dx, si 0x12ab4: add dx, 0x40 0x12ab7: int 0x21 0x12ab9: cmp byte ptr [si], 0x1a 0x12abc: ja 0x12ad1 0x12abe: pushf 0x12abf: mov al, byte ptr [si] 0x12ac1: mov cx, 0x100 0x12ac4: mov dx, 0 0x12ac7: mov bx, 1 0x12aca: int 0x26 0x12acc: popf 0x12acd: inc byte ptr [si] 0x12acf: jmp 0x12ab9 0x12ad1: push es 0x12ad2: mov ah, 0x2f |
| 2018-12-25T11:43:58.913191954Z | 42 | PC: 12a84 | Get date 0x12a84: cmp dh, 6 0x12a87: jge 0x12a8b 0x12a89: jmp 0x12ad1 0x12a8b: cmp dl, 0x16 0x12a8e: jge 0x12ab0 0x12a90: jmp 0x12ad1 0x12a92: cmp cx, 0x7c6 0x12a96: je 0x12aa5 0x12a98: mov ah, 0x2b 0x12a9a: mov cx, 0x7c6 0x12a9d: int 0x21 0x12a9f: mov ah, 0x2d 0x12aa1: mov cl, 1 0x12aa3: int 0x21 0x12aa5: mov ah, 0x2c 0x12aa7: int 0x21 0x12aa9: cmp cl, 0xf 0x12aac: jae 0x12ab9 0x12aae: jmp 0x12a80 0x12ab0: mov ah, 9 |
| 2018-12-25T11:43:58.915160006Z | 9 | PC: 12ab9 | Display string (String= ' Violator strikes again... ') |
| 2018-12-25T11:43:58.920978769Z | 47 | PC: 12ad6 | Get disk transfer address |
| 2018-12-25T11:43:58.922497124Z | 26 | PC: 12ae6 | Set disk transfer address |
| 2018-12-25T11:43:58.923269859Z | 78 | PC: 12b66 | Find first file |
| 2018-12-25T11:43:58.929730097Z | 79 | PC: 12b6c | Find next file |
| 2018-12-25T11:43:58.931558147Z | 79 | PC: 12b6c | Find next file (See above) |
| 2018-12-25T11:43:58.933072555Z | 79 | PC: 12b6c | Find next file (See above) |
| 2018-12-25T11:43:58.934624303Z | 79 | PC: 12b6c | Find next file (See above) |
| 2018-12-25T11:43:58.936672251Z | 79 | PC: 12b6c | Find next file (See above) |
| 2018-12-25T11:43:58.93835875Z | 79 | PC: 12b6c | Find next file (See above) |
| 2018-12-25T11:43:58.940832306Z | 79 | PC: 12b6c | Find next file (See above) |
| 2018-12-25T11:43:58.946993426Z | 79 | PC: 12b6c | Find next file (See above) |
| 2018-12-25T11:43:58.948665975Z | 78 | PC: 12b66 | Find first file (See above) |
| 2018-12-25T11:43:58.95472883Z | 79 | PC: 12b6c | Find next file (See above) |
| 2018-12-25T11:43:58.957722393Z | 67 | PC: 12ba3 | Get or set file attributes |
| 2018-12-25T11:43:58.961360789Z | 67 | PC: 12bb3 | Get or set file attributes |
| 2018-12-25T11:44:02.324174184Z | 61 | PC: 12bbd | Open file (Filename = 'C:\DOS\FORMAT.COM') |
| 2018-12-25T11:44:02.333289208Z | 87 | PC: 12bc9 | Get or set file date and time |
| 2018-12-25T11:44:02.33473927Z | 44 | PC: 12bd3 | Get time 0x12bd3: mov ah, 0x3f 0x12bd5: mov cx, 3 0x12bd8: mov dx, 0x68 0x12bdb: add dx, si 0x12bdd: int 0x21 0x12bdf: jb 0x12c34 0x12be1: cmp ax, 3 0x12be4: jne 0x12c34 0x12be6: mov ax, 0x4202 0x12be9: mov cx, 0 0x12bec: mov dx, 0 0x12bef: int 0x21 0x12bf1: jb 0x12c34 0x12bf3: mov cx, ax 0x12bf5: sub ax, 3 0x12bf8: mov word ptr [si + 0x6c], ax 0x12bfb: add cx, 0x323 0x12bff: mov di, si 0x12c01: sub di, 0x221 0x12c05: mov word ptr [di], cx |
| 2018-12-25T11:44:02.336695456Z | 63 | PC: 12bdf | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T11:44:02.342955433Z | 66 | PC: 12bf1 | Move file pointer |
| 2018-12-25T11:44:02.344262515Z | 64 | PC: 12c14 | Write file or device (Write 779 bytes on handle 5) |
| 2018-12-25T11:44:02.351786558Z | 66 | PC: 12c26 | Move file pointer |
| 2018-12-25T11:44:02.353483256Z | 64 | PC: 12c34 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T11:44:02.356906604Z | 87 | PC: 12c45 | Get or set file date and time |
| 2018-12-25T11:44:02.358327206Z | 62 | PC: 12c49 | Close file |
| 2018-12-25T11:44:02.364664103Z | 67 | PC: 12c56 | Get or set file attributes |
| 2018-12-25T11:44:02.381991569Z | 26 | PC: 12c61 | Set disk transfer address |