{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":312,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:40:30.082760589Z | 42 | PC: 294ce | Get date 0x294ce: cmp cx, 0x7cb 0x294d2: jne 0x294de 0x294d4: cmp dh, 4 0x294d7: ja 0x294de 0x294d9: cmp dl, 0xf 0x294dc: jb 0x29527 0x294de: mov al, 0xff 0x294e0: mov ah, 0xf 0x294e2: xchg al, ah 0x294e4: nop 0x294e5: int 0x21 0x294e7: cmp ax, 0x101 0x294ea: jne 0x294f0 0x294ec: call 0x2952b 0x294ef: nop 0x294f0: mov ax, 0x3521 0x294f3: nop 0x294f4: int 0x21 0x294f6: cmp word ptr es:[0xa], 0x4254 0x294fd: jne 0x2950b |
| 2018-12-25T11:40:30.084733351Z | 255 | PC: 294e7 | UNKNOWN! |
| 2018-12-25T11:40:30.08532355Z | 53 | PC: 294f6 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:40:30.0865468Z | 240 | PC: 29525 | UNKNOWN! |
| 2018-12-25T11:40:30.08745008Z | 44 | PC: 29422 | Get time 0x29422: cmp cl, 6 0x29425: jne 0x2945c 0x29427: mov ax, 0xb800 0x2942a: mov es, ax 0x2942c: mov cx, 0x30 0x2942f: push cx 0x29430: mov cx, 0x7c0 0x29433: xor si, si 0x29435: mov ah, byte ptr es:[si] 0x29438: cmp ah, 0x77 0x2943b: jb 0x2944a 0x2943d: dec ah 0x2943f: mov byte ptr es:[si], ah 0x29442: mov byte ptr es:[si + 1], 0x79 0x29447: jmp 0x29454 0x29449: nop 0x2944a: inc ah 0x2944c: mov byte ptr es:[si], ah 0x2944f: mov byte ptr es:[si + 1], 0x8f 0x29454: inc si |
| 2018-12-25T11:40:30.099355745Z | 48 | PC: 2e12e | Get DOS version |
| 2018-12-25T11:40:30.1007981Z | 74 | PC: 2e1a5 | Reallocate memory |
| 2018-12-25T11:40:30.102313816Z | 72 | PC: 2f6d1 | Allocate memory |
| 2018-12-25T11:40:30.104444616Z | 74 | PC: 2f681 | Reallocate memory |
| 2018-12-25T11:40:30.106428855Z | 48 | PC: 2e42e | Get DOS version |
| 2018-12-25T11:40:30.107672363Z | 53 | PC: 2e22f | Get interrupt vector (Interrupt = '0' AKA 'Program terminate') |
| 2018-12-25T11:40:30.108586742Z | 37 | PC: 2e241 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate') |
| 2018-12-25T11:40:30.11018484Z | 68 | PC: 2e2cd | I/O control for devices (Set for = '��E�$� �!�E�') |
| 2018-12-25T11:40:30.111300708Z | 68 | PC: 2e2cd | I/O control for devices (See above) |
| 2018-12-25T11:40:30.112371142Z | 68 | PC: 2e2cd | I/O control for devices (See above) |
| 2018-12-25T11:40:30.114146513Z | 68 | PC: 2e2cd | I/O control for devices (See above) |
| 2018-12-25T11:40:30.115378308Z | 68 | PC: 2e2cd | I/O control for devices (See above) |
| 2018-12-25T11:40:30.116632021Z | 48 | PC: 2ddb5 | Get DOS version |
| 2018-12-25T11:40:30.118471536Z | 37 | PC: 137c9 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T11:40:30.11948739Z | 37 | PC: 137d6 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records') |
| 2018-12-25T11:40:30.120501268Z | 25 | PC: 14c8a | Get default drive |
| 2018-12-25T11:40:30.122153061Z | 25 | PC: 2ff90 | Get default drive |
| 2018-12-25T11:40:30.123611478Z | 71 | PC: 2fb45 | Get current directory |
| 2018-12-25T11:40:30.141827382Z | 64 | PC: 2f39a | Write file or device (Write 132 bytes on handle 1) |
| 2018-12-25T11:40:30.158920054Z | 64 | PC: 2f39a | Write file or device (See above) |
| 2018-12-25T11:40:30.163850821Z | 64 | PC: 2f39a | Write file or device (See above) |
| 2018-12-25T11:40:30.1666315Z | 42 | PC: 13c53 | Get date 0x13c53: cmp cx, 0x7cd 0x13c57: ja 0x13c6c 0x13c59: jb 0x13c67 0x13c5b: cmp dh, 5 0x13c5e: ja 0x13c6c 0x13c60: jb 0x13c67 0x13c62: cmp dl, 0xf 0x13c65: ja 0x13c6c 0x13c67: mov word ptr [bp - 4], 1 0x13c6c: cmp word ptr [bp - 4], 0 0x13c70: jne 0x13c9f 0x13c72: push 3 0x13c74: lcall 0x14a6:0x123 0x13c79: push 1 0x13c7b: lcall 0x14a6:0x123 0x13c80: push 0 0x13c82: lcall 0x13e4:0x9da 0x13c87: or ax, ax 0x13c89: jne 0x13c98 0x13c8b: push 2 |
| 2018-12-25T11:40:30.169388131Z | 64 | PC: 2f400 | Write file or device (Write 22 bytes on handle 1) |
| 2018-12-25T11:40:30.174874602Z | 64 | PC: 2f39a | Write file or device (See above) |
| 2018-12-25T11:40:30.179029182Z | 64 | PC: 2f400 | Write file or device (See above) |
| 2018-12-25T11:40:30.183892515Z | 48 | PC: 2ddb5 | Get DOS version (See above) |
| 2018-12-25T11:40:30.18504021Z | 82 | PC: 151b3 | Get DOS internal pointers (SYSVARS) |
| 2018-12-25T11:40:30.187444534Z | 82 | PC: 150a5 | Get DOS internal pointers (SYSVARS) |
| 2018-12-25T11:40:30.188493821Z | 88 | PC: 15078 | case 0xGet or set allocation strateg: |
| 2018-12-25T11:40:30.189554518Z | 88 | PC: 15094 | case 0xGet or set allocation strateg: |
| 2018-12-25T11:40:30.192135624Z | 88 | PC: 15094 | case 0xGet or set allocation strateg: (See above) |
| 2018-12-25T11:40:30.19495862Z | 64 | PC: 2f39a | Write file or device (See above) |
| 2018-12-25T11:40:30.200153302Z | 64 | PC: 2f400 | Write file or device (See above) |
| 2018-12-25T11:40:30.205109759Z | 61 | PC: 2f04b | Open file (Filename = 'A:\TEST.EXE') |
| 2018-12-25T11:40:30.212223764Z | 68 | PC: 2f07d | I/O control for devices (Set for = 'A:\TEST.EXE') |
| 2018-12-25T11:40:30.213686711Z | 67 | PC: 2f17d | Get or set file attributes |
| 2018-12-25T11:40:30.220068988Z | 66 | PC: 2eff2 | Move file pointer |
| 2018-12-25T11:40:30.221919163Z | 63 | PC: 2f202 | Read file or device (Read 512 bytes on handle 5) |
| 2018-12-25T11:40:30.229722706Z | 66 | PC: 2eff2 | Move file pointer (See above) |
| 2018-12-25T11:40:30.231690251Z | 63 | PC: 2f202 | Read file or device (See above) |
| 2018-12-25T11:40:30.238258457Z | 63 | PC: 2f202 | Read file or device (See above) |
| 2018-12-25T11:40:30.240879152Z | 66 | PC: 2eff2 | Move file pointer (See above) |
| 2018-12-25T11:40:30.242733999Z | 63 | PC: 2f202 | Read file or device (See above) |
| 2018-12-25T11:40:30.25220662Z | 66 | PC: 2eff2 | Move file pointer (See above) |
| 2018-12-25T11:40:30.253566027Z | 63 | PC: 2f202 | Read file or device (See above) |
| 2018-12-25T11:40:30.262944495Z | 62 | PC: 2ef78 | Close file |
| 2018-12-25T11:40:30.265004962Z | 61 | PC: 2f04b | Open file (See above) |
| 2018-12-25T11:40:30.272128648Z | 68 | PC: 2f07d | I/O control for devices (See above) |
| 2018-12-25T11:40:30.273686363Z | 67 | PC: 2f17d | Get or set file attributes (See above) |
| 2018-12-25T11:40:30.279297137Z | 66 | PC: 2eff2 | Move file pointer (See above) |
| 2018-12-25T11:40:30.281051892Z | 66 | PC: 2eff2 | Move file pointer (See above) |
| 2018-12-25T11:40:30.282476744Z | 63 | PC: 2f202 | Read file or device (See above) |
| 2018-12-25T11:40:30.284990283Z | 66 | PC: 2eff2 | Move file pointer (See above) |
| 2018-12-25T11:40:30.286879531Z | 66 | PC: 2eff2 | Move file pointer (See above) |
| 2018-12-25T11:40:30.288308304Z | 63 | PC: 2f202 | Read file or device (See above) |
| 2018-12-25T11:40:30.294916683Z | 62 | PC: 2ef78 | Close file (See above) |
| 2018-12-25T11:40:30.298520281Z | 64 | PC: 2f39a | Write file or device (See above) |
| 2018-12-25T11:40:30.303745606Z | 14 | PC: 3016b | Set default drive (Drive = 'A') |
| 2018-12-25T11:40:30.304965091Z | 59 | PC: 14c44 | Change current directory |
| 2018-12-25T11:40:30.309874149Z | 37 | PC: 2e389 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate') |
| 2018-12-25T11:40:30.310922853Z | 76 | PC: 2e36e | Terminate with return code (Return code = '1') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":312,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T13:06:47.880921912Z | 42 | PC: 294ce | Get date 0x294ce: cmp cx, 0x7cb 0x294d2: jne 0x294de 0x294d4: cmp dh, 4 0x294d7: ja 0x294de 0x294d9: cmp dl, 0xf 0x294dc: jb 0x29527 0x294de: mov al, 0xff 0x294e0: mov ah, 0xf 0x294e2: xchg al, ah 0x294e4: nop 0x294e5: int 0x21 0x294e7: cmp ax, 0x101 0x294ea: jne 0x294f0 0x294ec: call 0x2952b 0x294ef: nop 0x294f0: mov ax, 0x3521 0x294f3: nop 0x294f4: int 0x21 0x294f6: cmp word ptr es:[0xa], 0x4254 0x294fd: jne 0x2950b |
| 2018-12-25T13:06:47.884761124Z | 255 | PC: 294e7 | UNKNOWN! |
| 2018-12-25T13:06:47.886011064Z | 53 | PC: 294f6 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T13:06:47.887712059Z | 240 | PC: 29525 | UNKNOWN! |
| 2018-12-25T13:06:47.892475119Z | 44 | PC: 29422 | Get time 0x29422: cmp cl, 6 0x29425: jne 0x2945c 0x29427: mov ax, 0xb800 0x2942a: mov es, ax 0x2942c: mov cx, 0x30 0x2942f: push cx 0x29430: mov cx, 0x7c0 0x29433: xor si, si 0x29435: mov ah, byte ptr es:[si] 0x29438: cmp ah, 0x77 0x2943b: jb 0x2944a 0x2943d: dec ah 0x2943f: mov byte ptr es:[si], ah 0x29442: mov byte ptr es:[si + 1], 0x79 0x29447: jmp 0x29454 0x29449: nop 0x2944a: inc ah 0x2944c: mov byte ptr es:[si], ah 0x2944f: mov byte ptr es:[si + 1], 0x8f 0x29454: inc si |
| 2018-12-25T13:06:47.907819138Z | 48 | PC: 2e12e | Get DOS version |
| 2018-12-25T13:06:47.90991554Z | 74 | PC: 2e1a5 | Reallocate memory |
| 2018-12-25T13:06:47.91288636Z | 72 | PC: 2f6d1 | Allocate memory |
| 2018-12-25T13:06:47.915792107Z | 74 | PC: 2f681 | Reallocate memory |
| 2018-12-25T13:06:47.917940854Z | 48 | PC: 2e42e | Get DOS version |
| 2018-12-25T13:06:47.920594096Z | 53 | PC: 2e22f | Get interrupt vector (Interrupt = '0' AKA 'Program terminate') |
| 2018-12-25T13:06:47.922430679Z | 37 | PC: 2e241 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate') |
| 2018-12-25T13:06:47.924314487Z | 68 | PC: 2e2cd | I/O control for devices (Set for = '��E�$� �!�E�') |
| 2018-12-25T13:06:47.926615187Z | 68 | PC: 2e2cd | I/O control for devices (See above) |
| 2018-12-25T13:06:47.928408212Z | 68 | PC: 2e2cd | I/O control for devices (See above) |
| 2018-12-25T13:06:47.931131781Z | 68 | PC: 2e2cd | I/O control for devices (See above) |
| 2018-12-25T13:06:47.933606009Z | 68 | PC: 2e2cd | I/O control for devices (See above) |
| 2018-12-25T13:06:47.935468517Z | 48 | PC: 2ddb5 | Get DOS version |
| 2018-12-25T13:06:47.936919085Z | 37 | PC: 137c9 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T13:06:47.938689842Z | 37 | PC: 137d6 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records') |
| 2018-12-25T13:06:47.947815492Z | 25 | PC: 14c8a | Get default drive |
| 2018-12-25T13:06:47.949037381Z | 25 | PC: 2ff90 | Get default drive |
| 2018-12-25T13:06:47.950822756Z | 71 | PC: 2fb45 | Get current directory |
| 2018-12-25T13:06:47.971548845Z | 64 | PC: 2f39a | Write file or device (Write 132 bytes on handle 1) |
| 2018-12-25T13:06:47.978120833Z | 64 | PC: 2f39a | Write file or device (See above) |
| 2018-12-25T13:06:47.983678724Z | 64 | PC: 2f39a | Write file or device (See above) |
| 2018-12-25T13:06:47.996898309Z | 42 | PC: 13c53 | Get date 0x13c53: cmp cx, 0x7cd 0x13c57: ja 0x13c6c 0x13c59: jb 0x13c67 0x13c5b: cmp dh, 5 0x13c5e: ja 0x13c6c 0x13c60: jb 0x13c67 0x13c62: cmp dl, 0xf 0x13c65: ja 0x13c6c 0x13c67: mov word ptr [bp - 4], 1 0x13c6c: cmp word ptr [bp - 4], 0 0x13c70: jne 0x13c9f 0x13c72: push 3 0x13c74: lcall 0x14a6:0x123 0x13c79: push 1 0x13c7b: lcall 0x14a6:0x123 0x13c80: push 0 0x13c82: lcall 0x13e4:0x9da 0x13c87: or ax, ax 0x13c89: jne 0x13c98 0x13c8b: push 2 |
| 2018-12-25T13:06:48.000939014Z | 64 | PC: 2f400 | Write file or device (Write 22 bytes on handle 1) |
| 2018-12-25T13:06:48.008023531Z | 64 | PC: 2f39a | Write file or device (See above) |
| 2018-12-25T13:06:48.013016819Z | 64 | PC: 2f400 | Write file or device (See above) |
| 2018-12-25T13:06:48.018889468Z | 48 | PC: 2ddb5 | Get DOS version (See above) |
| 2018-12-25T13:06:48.021039885Z | 82 | PC: 151b3 | Get DOS internal pointers (SYSVARS) |
| 2018-12-25T13:06:48.023565178Z | 82 | PC: 150a5 | Get DOS internal pointers (SYSVARS) |
| 2018-12-25T13:06:48.025024959Z | 88 | PC: 15078 | case 0xGet or set allocation strateg: |
| 2018-12-25T13:06:48.027273232Z | 88 | PC: 15094 | case 0xGet or set allocation strateg: |
| 2018-12-25T13:06:48.029979575Z | 88 | PC: 15094 | case 0xGet or set allocation strateg: (See above) |
| 2018-12-25T13:06:48.033189534Z | 64 | PC: 2f39a | Write file or device (See above) |
| 2018-12-25T13:06:48.039403807Z | 64 | PC: 2f400 | Write file or device (See above) |
| 2018-12-25T13:06:48.045025158Z | 61 | PC: 2f04b | Open file (Filename = 'A:\TEST.EXE') |
| 2018-12-25T13:06:48.053337811Z | 68 | PC: 2f07d | I/O control for devices (Set for = 'A:\TEST.EXE') |
| 2018-12-25T13:06:48.055105135Z | 67 | PC: 2f17d | Get or set file attributes |
| 2018-12-25T13:06:48.062583247Z | 66 | PC: 2eff2 | Move file pointer |
| 2018-12-25T13:06:48.064324856Z | 63 | PC: 2f202 | Read file or device (Read 512 bytes on handle 5) |
| 2018-12-25T13:06:48.072197806Z | 66 | PC: 2eff2 | Move file pointer (See above) |
| 2018-12-25T13:06:48.074496264Z | 63 | PC: 2f202 | Read file or device (See above) |
| 2018-12-25T13:06:48.087247384Z | 63 | PC: 2f202 | Read file or device (See above) |
| 2018-12-25T13:06:48.090706643Z | 66 | PC: 2eff2 | Move file pointer (See above) |
| 2018-12-25T13:06:48.093197563Z | 63 | PC: 2f202 | Read file or device (See above) |
| 2018-12-25T13:06:48.104993Z | 66 | PC: 2eff2 | Move file pointer (See above) |
| 2018-12-25T13:06:48.107054855Z | 63 | PC: 2f202 | Read file or device (See above) |
| 2018-12-25T13:06:48.126495956Z | 62 | PC: 2ef78 | Close file |
| 2018-12-25T13:06:48.129148542Z | 61 | PC: 2f04b | Open file (See above) |
| 2018-12-25T13:06:48.136701714Z | 68 | PC: 2f07d | I/O control for devices (See above) |
| 2018-12-25T13:06:48.139300612Z | 67 | PC: 2f17d | Get or set file attributes (See above) |
| 2018-12-25T13:06:48.146166071Z | 66 | PC: 2eff2 | Move file pointer (See above) |
| 2018-12-25T13:06:48.148232029Z | 66 | PC: 2eff2 | Move file pointer (See above) |
| 2018-12-25T13:06:48.157972884Z | 63 | PC: 2f202 | Read file or device (See above) |
| 2018-12-25T13:06:48.161443523Z | 66 | PC: 2eff2 | Move file pointer (See above) |
| 2018-12-25T13:06:48.163829944Z | 66 | PC: 2eff2 | Move file pointer (See above) |
| 2018-12-25T13:06:48.166460634Z | 63 | PC: 2f202 | Read file or device (See above) |
| 2018-12-25T13:06:48.174456919Z | 62 | PC: 2ef78 | Close file (See above) |
| 2018-12-25T13:06:48.178634107Z | 64 | PC: 2f39a | Write file or device (See above) |
| 2018-12-25T13:06:48.185630318Z | 14 | PC: 3016b | Set default drive (Drive = 'A') |
| 2018-12-25T13:06:48.187283014Z | 59 | PC: 14c44 | Change current directory |
| 2018-12-25T13:06:48.193218323Z | 37 | PC: 2e389 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate') |
| 2018-12-25T13:06:48.195854098Z | 76 | PC: 2e36e | Terminate with return code (Return code = '1') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":6,"Second":0,"TimeBased":true,"OriginalID":312,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:40:30.553497137Z | 42 | PC: 294ce | Get date 0x294ce: cmp cx, 0x7cb 0x294d2: jne 0x294de 0x294d4: cmp dh, 4 0x294d7: ja 0x294de 0x294d9: cmp dl, 0xf 0x294dc: jb 0x29527 0x294de: mov al, 0xff 0x294e0: mov ah, 0xf 0x294e2: xchg al, ah 0x294e4: nop 0x294e5: int 0x21 0x294e7: cmp ax, 0x101 0x294ea: jne 0x294f0 0x294ec: call 0x2952b 0x294ef: nop 0x294f0: mov ax, 0x3521 0x294f3: nop 0x294f4: int 0x21 0x294f6: cmp word ptr es:[0xa], 0x4254 0x294fd: jne 0x2950b |
| 2018-12-25T11:40:30.555694728Z | 255 | PC: 294e7 | UNKNOWN! |
| 2018-12-25T11:40:30.556379234Z | 53 | PC: 294f6 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:40:30.557892269Z | 240 | PC: 29525 | UNKNOWN! |
| 2018-12-25T11:40:30.55885222Z | 44 | PC: 29422 | Get time 0x29422: cmp cl, 6 0x29425: jne 0x2945c 0x29427: mov ax, 0xb800 0x2942a: mov es, ax 0x2942c: mov cx, 0x30 0x2942f: push cx 0x29430: mov cx, 0x7c0 0x29433: xor si, si 0x29435: mov ah, byte ptr es:[si] 0x29438: cmp ah, 0x77 0x2943b: jb 0x2944a 0x2943d: dec ah 0x2943f: mov byte ptr es:[si], ah 0x29442: mov byte ptr es:[si + 1], 0x79 0x29447: jmp 0x29454 0x29449: nop 0x2944a: inc ah 0x2944c: mov byte ptr es:[si], ah 0x2944f: mov byte ptr es:[si + 1], 0x8f 0x29454: inc si |
| 2018-12-25T11:40:30.627933662Z | 48 | PC: 2e12e | Get DOS version |
| 2018-12-25T11:40:30.629637598Z | 74 | PC: 2e1a5 | Reallocate memory |
| 2018-12-25T11:40:30.632657408Z | 72 | PC: 2f6d1 | Allocate memory |
| 2018-12-25T11:40:30.634817031Z | 74 | PC: 2f681 | Reallocate memory |
| 2018-12-25T11:40:30.637379837Z | 48 | PC: 2e42e | Get DOS version |
| 2018-12-25T11:40:30.63866623Z | 53 | PC: 2e22f | Get interrupt vector (Interrupt = '0' AKA 'Program terminate') |
| 2018-12-25T11:40:30.639700441Z | 37 | PC: 2e241 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate') |
| 2018-12-25T11:40:30.641235238Z | 68 | PC: 2e2cd | I/O control for devices (Set for = '��E�$� �!�E�') |
| 2018-12-25T11:40:30.642541585Z | 68 | PC: 2e2cd | I/O control for devices (See above) |
| 2018-12-25T11:40:30.643755158Z | 68 | PC: 2e2cd | I/O control for devices (See above) |
| 2018-12-25T11:40:30.645444862Z | 68 | PC: 2e2cd | I/O control for devices (See above) |
| 2018-12-25T11:40:30.646761984Z | 68 | PC: 2e2cd | I/O control for devices (See above) |
| 2018-12-25T11:40:30.648096581Z | 48 | PC: 2ddb5 | Get DOS version |
| 2018-12-25T11:40:30.64966797Z | 37 | PC: 137c9 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T11:40:30.650815788Z | 37 | PC: 137d6 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records') |
| 2018-12-25T11:40:30.651892612Z | 25 | PC: 14c8a | Get default drive |
| 2018-12-25T11:40:30.655758705Z | 25 | PC: 2ff90 | Get default drive |
| 2018-12-25T11:40:30.657541227Z | 71 | PC: 2fb45 | Get current directory |
| 2018-12-25T11:40:30.675817797Z | 64 | PC: 2f39a | Write file or device (Write 132 bytes on handle 1) |
| 2018-12-25T11:40:30.681919024Z | 64 | PC: 2f39a | Write file or device (See above) |
| 2018-12-25T11:40:30.685916216Z | 64 | PC: 2f39a | Write file or device (See above) |
| 2018-12-25T11:40:30.688520254Z | 42 | PC: 13c53 | Get date 0x13c53: cmp cx, 0x7cd 0x13c57: ja 0x13c6c 0x13c59: jb 0x13c67 0x13c5b: cmp dh, 5 0x13c5e: ja 0x13c6c 0x13c60: jb 0x13c67 0x13c62: cmp dl, 0xf 0x13c65: ja 0x13c6c 0x13c67: mov word ptr [bp - 4], 1 0x13c6c: cmp word ptr [bp - 4], 0 0x13c70: jne 0x13c9f 0x13c72: push 3 0x13c74: lcall 0x14a6:0x123 0x13c79: push 1 0x13c7b: lcall 0x14a6:0x123 0x13c80: push 0 0x13c82: lcall 0x13e4:0x9da 0x13c87: or ax, ax 0x13c89: jne 0x13c98 0x13c8b: push 2 |
| 2018-12-25T11:40:30.692256767Z | 64 | PC: 2f400 | Write file or device (Write 22 bytes on handle 1) |
| 2018-12-25T11:40:30.70954219Z | 64 | PC: 2f39a | Write file or device (See above) |
| 2018-12-25T11:40:30.713515198Z | 64 | PC: 2f400 | Write file or device (See above) |
| 2018-12-25T11:40:30.71923596Z | 48 | PC: 2ddb5 | Get DOS version (See above) |
| 2018-12-25T11:40:30.720356314Z | 82 | PC: 151b3 | Get DOS internal pointers (SYSVARS) |
| 2018-12-25T11:40:30.722261778Z | 82 | PC: 150a5 | Get DOS internal pointers (SYSVARS) |
| 2018-12-25T11:40:30.723874315Z | 88 | PC: 15078 | case 0xGet or set allocation strateg: |
| 2018-12-25T11:40:30.725030132Z | 88 | PC: 15094 | case 0xGet or set allocation strateg: |
| 2018-12-25T11:40:30.727128266Z | 88 | PC: 15094 | case 0xGet or set allocation strateg: (See above) |
| 2018-12-25T11:40:30.730311046Z | 64 | PC: 2f39a | Write file or device (See above) |
| 2018-12-25T11:40:30.735705019Z | 64 | PC: 2f400 | Write file or device (See above) |
| 2018-12-25T11:40:30.740488237Z | 61 | PC: 2f04b | Open file (Filename = 'A:\TEST.EXE') |
| 2018-12-25T11:40:30.747542004Z | 68 | PC: 2f07d | I/O control for devices (Set for = 'A:\TEST.EXE') |
| 2018-12-25T11:40:30.749055415Z | 67 | PC: 2f17d | Get or set file attributes |
| 2018-12-25T11:40:30.754969652Z | 66 | PC: 2eff2 | Move file pointer |
| 2018-12-25T11:40:30.756552163Z | 63 | PC: 2f202 | Read file or device (Read 512 bytes on handle 5) |
| 2018-12-25T11:40:30.76335093Z | 66 | PC: 2eff2 | Move file pointer (See above) |
| 2018-12-25T11:40:30.765022718Z | 63 | PC: 2f202 | Read file or device (See above) |
| 2018-12-25T11:40:30.779098001Z | 63 | PC: 2f202 | Read file or device (See above) |
| 2018-12-25T11:40:30.781779369Z | 66 | PC: 2eff2 | Move file pointer (See above) |
| 2018-12-25T11:40:30.784423069Z | 63 | PC: 2f202 | Read file or device (See above) |
| 2018-12-25T11:40:30.794414726Z | 66 | PC: 2eff2 | Move file pointer (See above) |
| 2018-12-25T11:40:30.795922224Z | 63 | PC: 2f202 | Read file or device (See above) |
| 2018-12-25T11:40:30.805575785Z | 62 | PC: 2ef78 | Close file |
| 2018-12-25T11:40:30.80839081Z | 61 | PC: 2f04b | Open file (See above) |
| 2018-12-25T11:40:30.814979498Z | 68 | PC: 2f07d | I/O control for devices (See above) |
| 2018-12-25T11:40:30.818018776Z | 67 | PC: 2f17d | Get or set file attributes (See above) |
| 2018-12-25T11:40:30.823948933Z | 66 | PC: 2eff2 | Move file pointer (See above) |
| 2018-12-25T11:40:30.825456044Z | 66 | PC: 2eff2 | Move file pointer (See above) |
| 2018-12-25T11:40:30.827433077Z | 63 | PC: 2f202 | Read file or device (See above) |
| 2018-12-25T11:40:30.83069089Z | 66 | PC: 2eff2 | Move file pointer (See above) |
| 2018-12-25T11:40:30.83224075Z | 66 | PC: 2eff2 | Move file pointer (See above) |
| 2018-12-25T11:40:30.834124085Z | 63 | PC: 2f202 | Read file or device (See above) |
| 2018-12-25T11:40:30.840844029Z | 62 | PC: 2ef78 | Close file (See above) |
| 2018-12-25T11:40:30.844054577Z | 64 | PC: 2f39a | Write file or device (See above) |
| 2018-12-25T11:40:30.85045679Z | 14 | PC: 3016b | Set default drive (Drive = 'A') |
| 2018-12-25T11:40:30.851872282Z | 59 | PC: 14c44 | Change current directory |
| 2018-12-25T11:40:30.856672138Z | 37 | PC: 2e389 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate') |
| 2018-12-25T11:40:30.858443334Z | 76 | PC: 2e36e | Terminate with return code (Return code = '1') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":6,"Second":0,"TimeBased":true,"OriginalID":312,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:40:30.803081653Z | 42 | PC: 294ce | Get date 0x294ce: cmp cx, 0x7cb 0x294d2: jne 0x294de 0x294d4: cmp dh, 4 0x294d7: ja 0x294de 0x294d9: cmp dl, 0xf 0x294dc: jb 0x29527 0x294de: mov al, 0xff 0x294e0: mov ah, 0xf 0x294e2: xchg al, ah 0x294e4: nop 0x294e5: int 0x21 0x294e7: cmp ax, 0x101 0x294ea: jne 0x294f0 0x294ec: call 0x2952b 0x294ef: nop 0x294f0: mov ax, 0x3521 0x294f3: nop 0x294f4: int 0x21 0x294f6: cmp word ptr es:[0xa], 0x4254 0x294fd: jne 0x2950b |
| 2018-12-25T11:40:30.805280383Z | 255 | PC: 294e7 | UNKNOWN! |
| 2018-12-25T11:40:30.806185077Z | 53 | PC: 294f6 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:40:30.807808686Z | 240 | PC: 29525 | UNKNOWN! |
| 2018-12-25T11:40:30.808795599Z | 44 | PC: 29422 | Get time 0x29422: cmp cl, 6 0x29425: jne 0x2945c 0x29427: mov ax, 0xb800 0x2942a: mov es, ax 0x2942c: mov cx, 0x30 0x2942f: push cx 0x29430: mov cx, 0x7c0 0x29433: xor si, si 0x29435: mov ah, byte ptr es:[si] 0x29438: cmp ah, 0x77 0x2943b: jb 0x2944a 0x2943d: dec ah 0x2943f: mov byte ptr es:[si], ah 0x29442: mov byte ptr es:[si + 1], 0x79 0x29447: jmp 0x29454 0x29449: nop 0x2944a: inc ah 0x2944c: mov byte ptr es:[si], ah 0x2944f: mov byte ptr es:[si + 1], 0x8f 0x29454: inc si |
| 2018-12-25T11:40:30.876398779Z | 48 | PC: 2e12e | Get DOS version |
| 2018-12-25T11:40:30.878738769Z | 74 | PC: 2e1a5 | Reallocate memory |
| 2018-12-25T11:40:30.880403301Z | 72 | PC: 2f6d1 | Allocate memory |
| 2018-12-25T11:40:30.88274517Z | 74 | PC: 2f681 | Reallocate memory |
| 2018-12-25T11:40:30.884716902Z | 48 | PC: 2e42e | Get DOS version |
| 2018-12-25T11:40:30.886362612Z | 53 | PC: 2e22f | Get interrupt vector (Interrupt = '0' AKA 'Program terminate') |
| 2018-12-25T11:40:30.887615944Z | 37 | PC: 2e241 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate') |
| 2018-12-25T11:40:30.88908198Z | 68 | PC: 2e2cd | I/O control for devices (Set for = '��E�$� �!�E�') |
| 2018-12-25T11:40:30.89162921Z | 68 | PC: 2e2cd | I/O control for devices (See above) |
| 2018-12-25T11:40:30.892967143Z | 68 | PC: 2e2cd | I/O control for devices (See above) |
| 2018-12-25T11:40:30.894805035Z | 68 | PC: 2e2cd | I/O control for devices (See above) |
| 2018-12-25T11:40:30.89635772Z | 68 | PC: 2e2cd | I/O control for devices (See above) |
| 2018-12-25T11:40:30.897786817Z | 48 | PC: 2ddb5 | Get DOS version |
| 2018-12-25T11:40:30.899692265Z | 37 | PC: 137c9 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T11:40:30.901084619Z | 37 | PC: 137d6 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records') |
| 2018-12-25T11:40:30.902309285Z | 25 | PC: 14c8a | Get default drive |
| 2018-12-25T11:40:30.904032435Z | 25 | PC: 2ff90 | Get default drive |
| 2018-12-25T11:40:30.905370687Z | 71 | PC: 2fb45 | Get current directory |
| 2018-12-25T11:40:30.923120277Z | 64 | PC: 2f39a | Write file or device (Write 132 bytes on handle 1) |
| 2018-12-25T11:40:30.930138915Z | 64 | PC: 2f39a | Write file or device (See above) |
| 2018-12-25T11:40:30.933827506Z | 64 | PC: 2f39a | Write file or device (See above) |
| 2018-12-25T11:40:30.936454009Z | 42 | PC: 13c53 | Get date 0x13c53: cmp cx, 0x7cd 0x13c57: ja 0x13c6c 0x13c59: jb 0x13c67 0x13c5b: cmp dh, 5 0x13c5e: ja 0x13c6c 0x13c60: jb 0x13c67 0x13c62: cmp dl, 0xf 0x13c65: ja 0x13c6c 0x13c67: mov word ptr [bp - 4], 1 0x13c6c: cmp word ptr [bp - 4], 0 0x13c70: jne 0x13c9f 0x13c72: push 3 0x13c74: lcall 0x14a6:0x123 0x13c79: push 1 0x13c7b: lcall 0x14a6:0x123 0x13c80: push 0 0x13c82: lcall 0x13e4:0x9da 0x13c87: or ax, ax 0x13c89: jne 0x13c98 0x13c8b: push 2 |
| 2018-12-25T11:40:30.961936006Z | 64 | PC: 2f400 | Write file or device (Write 22 bytes on handle 1) |
| 2018-12-25T11:40:30.967627492Z | 64 | PC: 2f39a | Write file or device (See above) |
| 2018-12-25T11:40:30.971725607Z | 64 | PC: 2f400 | Write file or device (See above) |
| 2018-12-25T11:40:30.985336813Z | 48 | PC: 2ddb5 | Get DOS version (See above) |
| 2018-12-25T11:40:30.986634632Z | 82 | PC: 151b3 | Get DOS internal pointers (SYSVARS) |
| 2018-12-25T11:40:30.988784713Z | 82 | PC: 150a5 | Get DOS internal pointers (SYSVARS) |
| 2018-12-25T11:40:30.991270724Z | 88 | PC: 15078 | case 0xGet or set allocation strateg: |
| 2018-12-25T11:40:31.006531418Z | 88 | PC: 15094 | case 0xGet or set allocation strateg: |
| 2018-12-25T11:40:31.008714777Z | 88 | PC: 15094 | case 0xGet or set allocation strateg: (See above) |
| 2018-12-25T11:40:31.012474326Z | 64 | PC: 2f39a | Write file or device (See above) |
| 2018-12-25T11:40:31.017887454Z | 64 | PC: 2f400 | Write file or device (See above) |
| 2018-12-25T11:40:31.02392537Z | 61 | PC: 2f04b | Open file (Filename = 'A:\TEST.EXE') |
| 2018-12-25T11:40:31.030863684Z | 68 | PC: 2f07d | I/O control for devices (Set for = 'A:\TEST.EXE') |
| 2018-12-25T11:40:31.032510054Z | 67 | PC: 2f17d | Get or set file attributes |
| 2018-12-25T11:40:31.03842689Z | 66 | PC: 2eff2 | Move file pointer |
| 2018-12-25T11:40:31.040475954Z | 63 | PC: 2f202 | Read file or device (Read 512 bytes on handle 5) |
| 2018-12-25T11:40:31.047369731Z | 66 | PC: 2eff2 | Move file pointer (See above) |
| 2018-12-25T11:40:31.048878854Z | 63 | PC: 2f202 | Read file or device (See above) |
| 2018-12-25T11:40:31.056067516Z | 63 | PC: 2f202 | Read file or device (See above) |
| 2018-12-25T11:40:31.058680188Z | 66 | PC: 2eff2 | Move file pointer (See above) |
| 2018-12-25T11:40:31.060269905Z | 63 | PC: 2f202 | Read file or device (See above) |
| 2018-12-25T11:40:31.070223383Z | 66 | PC: 2eff2 | Move file pointer (See above) |
| 2018-12-25T11:40:31.071675676Z | 63 | PC: 2f202 | Read file or device (See above) |
| 2018-12-25T11:40:31.081525465Z | 62 | PC: 2ef78 | Close file |
| 2018-12-25T11:40:31.083776464Z | 61 | PC: 2f04b | Open file (See above) |
| 2018-12-25T11:40:31.09077076Z | 68 | PC: 2f07d | I/O control for devices (See above) |
| 2018-12-25T11:40:31.092688045Z | 67 | PC: 2f17d | Get or set file attributes (See above) |
| 2018-12-25T11:40:31.098359988Z | 66 | PC: 2eff2 | Move file pointer (See above) |
| 2018-12-25T11:40:31.099742965Z | 66 | PC: 2eff2 | Move file pointer (See above) |
| 2018-12-25T11:40:31.101508559Z | 63 | PC: 2f202 | Read file or device (See above) |
| 2018-12-25T11:40:31.104038831Z | 66 | PC: 2eff2 | Move file pointer (See above) |
| 2018-12-25T11:40:31.105463379Z | 66 | PC: 2eff2 | Move file pointer (See above) |
| 2018-12-25T11:40:31.107465905Z | 63 | PC: 2f202 | Read file or device (See above) |
| 2018-12-25T11:40:31.114222047Z | 62 | PC: 2ef78 | Close file (See above) |
| 2018-12-25T11:40:31.117483098Z | 64 | PC: 2f39a | Write file or device (See above) |
| 2018-12-25T11:40:31.123174888Z | 14 | PC: 3016b | Set default drive (Drive = 'A') |
| 2018-12-25T11:40:31.124594598Z | 59 | PC: 14c44 | Change current directory |
| 2018-12-25T11:40:31.129025297Z | 37 | PC: 2e389 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate') |
| 2018-12-25T11:40:31.13058282Z | 76 | PC: 2e36e | Terminate with return code (Return code = '1') |