{"DateBased":true,"Day":1,"Month":1,"Year":1990,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4620,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:52:26.438452279Z | 255 | PC: 12a6b | UNKNOWN! |
| 2018-12-25T11:52:26.439683064Z | 42 | PC: 12a77 | Get date 0x12a77: cmp cx, 0x7c7 0x12a7b: jb 0x12a93 0x12a7d: jge 0x12a81 0x12a7f: jmp 0x12ad3 0x12a81: mov ah, 0x2a 0x12a83: int 0x21 0x12a85: cmp dh, 6 0x12a88: jge 0x12a8c 0x12a8a: jmp 0x12ad3 0x12a8c: cmp dl, 0x16 0x12a8f: jge 0x12ab1 0x12a91: jmp 0x12ad3 0x12a93: cmp cx, 0x7c6 0x12a97: je 0x12aa6 0x12a99: mov ah, 0x2b 0x12a9b: mov cx, 0x7c6 0x12a9e: int 0x21 0x12aa0: mov ah, 0x2d 0x12aa2: mov cl, 1 0x12aa4: int 0x21 |
| 2018-12-25T11:52:26.441964167Z | 44 | PC: 12aaa | Get time 0x12aaa: cmp cl, 0xf 0x12aad: jae 0x12abb 0x12aaf: jmp 0x12a81 0x12ab1: mov ah, 9 0x12ab3: mov dx, si 0x12ab5: add dx, 0x40 0x12ab9: int 0x21 0x12abb: cmp byte ptr [si], 0x1a 0x12abe: ja 0x12ad3 0x12ac0: pushf 0x12ac1: mov al, byte ptr [si] 0x12ac3: mov cx, 0x100 0x12ac6: mov dx, 0 0x12ac9: mov bx, 1 0x12acc: int 0x26 0x12ace: popf 0x12acf: inc byte ptr [si] 0x12ad1: jmp 0x12abb 0x12ad3: push es 0x12ad4: mov ah, 0x2f |
| 2018-12-25T11:52:26.445040963Z | 47 | PC: 12ad8 | Get disk transfer address |
| 2018-12-25T11:52:26.446796562Z | 26 | PC: 12ae8 | Set disk transfer address |
| 2018-12-25T11:52:26.456983973Z | 78 | PC: 12b6d | Find first file |
| 2018-12-25T11:52:26.463626516Z | 79 | PC: 12b73 | Find next file |
| 2018-12-25T11:52:26.466585841Z | 79 | PC: 12b73 | Find next file (See above) |
| 2018-12-25T11:52:26.469853571Z | 79 | PC: 12b73 | Find next file (See above) |
| 2018-12-25T11:52:26.473115616Z | 79 | PC: 12b73 | Find next file (See above) |
| 2018-12-25T11:52:26.476365916Z | 79 | PC: 12b73 | Find next file (See above) |
| 2018-12-25T11:52:26.483408823Z | 79 | PC: 12b73 | Find next file (See above) |
| 2018-12-25T11:52:26.486114002Z | 79 | PC: 12b73 | Find next file (See above) |
| 2018-12-25T11:52:26.488770055Z | 78 | PC: 12b6d | Find first file (See above) |
| 2018-12-25T11:52:26.500107446Z | 79 | PC: 12b73 | Find next file (See above) |
| 2018-12-25T11:52:26.50346763Z | 67 | PC: 12baa | Get or set file attributes |
| 2018-12-25T11:52:26.511507466Z | 67 | PC: 12bba | Get or set file attributes |
| 2018-12-25T11:52:29.15736888Z | 61 | PC: 12bc4 | Open file (Filename = 'C:\DOS\FORMAT.COM') |
| 2018-12-25T11:52:29.166310642Z | 87 | PC: 12bd0 | Get or set file date and time |
| 2018-12-25T11:52:29.1683824Z | 44 | PC: 12bda | Get time 0x12bda: mov ah, 0x3f 0x12bdc: mov cx, 3 0x12bdf: mov dx, 0x68 0x12be2: add dx, si 0x12be4: int 0x21 0x12be6: jb 0x12c3c 0x12be8: cmp ax, 3 0x12beb: jne 0x12c3c 0x12bed: mov ax, 0x4202 0x12bf0: mov cx, 0 0x12bf3: mov dx, 0 0x12bf6: int 0x21 0x12bf8: jb 0x12c3c 0x12bfa: mov cx, ax 0x12bfc: sub ax, 3 0x12bff: mov word ptr [si + 0x6c], ax 0x12c02: add cx, 0x32b 0x12c06: mov di, si 0x12c08: sub di, 0x229 0x12c0c: mov word ptr [di], cx |
| 2018-12-25T11:52:29.172317699Z | 63 | PC: 12be6 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T11:52:29.182882072Z | 66 | PC: 12bf8 | Move file pointer |
| 2018-12-25T11:52:29.184950979Z | 64 | PC: 12c1b | Write file or device (Write 787 bytes on handle 5) |
| 2018-12-25T11:52:29.198623295Z | 66 | PC: 12c2d | Move file pointer |
| 2018-12-25T11:52:29.200441991Z | 64 | PC: 12c3c | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T11:52:29.204222328Z | 87 | PC: 12c4d | Get or set file date and time |
| 2018-12-25T11:52:29.206449023Z | 62 | PC: 12c51 | Close file |
| 2018-12-25T11:52:29.216767802Z | 67 | PC: 12c5e | Get or set file attributes |
| 2018-12-25T11:52:29.231461351Z | 26 | PC: 12c69 | Set disk transfer address |
{"DateBased":true,"Day":1,"Month":1,"Year":1991,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4620,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:52:26.516408084Z | 255 | PC: 12a6b | UNKNOWN! |
| 2018-12-25T11:52:26.516967809Z | 42 | PC: 12a77 | Get date 0x12a77: cmp cx, 0x7c7 0x12a7b: jb 0x12a93 0x12a7d: jge 0x12a81 0x12a7f: jmp 0x12ad3 0x12a81: mov ah, 0x2a 0x12a83: int 0x21 0x12a85: cmp dh, 6 0x12a88: jge 0x12a8c 0x12a8a: jmp 0x12ad3 0x12a8c: cmp dl, 0x16 0x12a8f: jge 0x12ab1 0x12a91: jmp 0x12ad3 0x12a93: cmp cx, 0x7c6 0x12a97: je 0x12aa6 0x12a99: mov ah, 0x2b 0x12a9b: mov cx, 0x7c6 0x12a9e: int 0x21 0x12aa0: mov ah, 0x2d 0x12aa2: mov cl, 1 0x12aa4: int 0x21 |
| 2018-12-25T11:52:26.518617067Z | 42 | PC: 12a85 | Get date 0x12a85: cmp dh, 6 0x12a88: jge 0x12a8c 0x12a8a: jmp 0x12ad3 0x12a8c: cmp dl, 0x16 0x12a8f: jge 0x12ab1 0x12a91: jmp 0x12ad3 0x12a93: cmp cx, 0x7c6 0x12a97: je 0x12aa6 0x12a99: mov ah, 0x2b 0x12a9b: mov cx, 0x7c6 0x12a9e: int 0x21 0x12aa0: mov ah, 0x2d 0x12aa2: mov cl, 1 0x12aa4: int 0x21 0x12aa6: mov ah, 0x2c 0x12aa8: int 0x21 0x12aaa: cmp cl, 0xf 0x12aad: jae 0x12abb 0x12aaf: jmp 0x12a81 0x12ab1: mov ah, 9 |
| 2018-12-25T11:52:26.519953145Z | 47 | PC: 12ad8 | Get disk transfer address |
| 2018-12-25T11:52:26.520665408Z | 26 | PC: 12ae8 | Set disk transfer address |
| 2018-12-25T11:52:26.522021494Z | 78 | PC: 12b6d | Find first file |
| 2018-12-25T11:52:26.525777431Z | 79 | PC: 12b73 | Find next file |
| 2018-12-25T11:52:26.527369173Z | 79 | PC: 12b73 | Find next file (See above) |
| 2018-12-25T11:52:26.529639117Z | 79 | PC: 12b73 | Find next file (See above) |
| 2018-12-25T11:52:26.532112174Z | 79 | PC: 12b73 | Find next file (See above) |
| 2018-12-25T11:52:26.534437007Z | 79 | PC: 12b73 | Find next file (See above) |
| 2018-12-25T11:52:26.537229085Z | 79 | PC: 12b73 | Find next file (See above) |
| 2018-12-25T11:52:26.53975962Z | 79 | PC: 12b73 | Find next file (See above) |
| 2018-12-25T11:52:26.542111219Z | 78 | PC: 12b6d | Find first file (See above) |
| 2018-12-25T11:52:26.550778516Z | 79 | PC: 12b73 | Find next file (See above) |
| 2018-12-25T11:52:26.553693088Z | 67 | PC: 12baa | Get or set file attributes |
| 2018-12-25T11:52:26.55996964Z | 67 | PC: 12bba | Get or set file attributes |
| 2018-12-25T11:52:30.684926527Z | 61 | PC: 12bc4 | Open file (Filename = 'C:\DOS\FORMAT.COM') |
| 2018-12-25T11:52:30.694269148Z | 87 | PC: 12bd0 | Get or set file date and time |
| 2018-12-25T11:52:30.695510709Z | 44 | PC: 12bda | Get time 0x12bda: mov ah, 0x3f 0x12bdc: mov cx, 3 0x12bdf: mov dx, 0x68 0x12be2: add dx, si 0x12be4: int 0x21 0x12be6: jb 0x12c3c 0x12be8: cmp ax, 3 0x12beb: jne 0x12c3c 0x12bed: mov ax, 0x4202 0x12bf0: mov cx, 0 0x12bf3: mov dx, 0 0x12bf6: int 0x21 0x12bf8: jb 0x12c3c 0x12bfa: mov cx, ax 0x12bfc: sub ax, 3 0x12bff: mov word ptr [si + 0x6c], ax 0x12c02: add cx, 0x32b 0x12c06: mov di, si 0x12c08: sub di, 0x229 0x12c0c: mov word ptr [di], cx |
| 2018-12-25T11:52:30.697866622Z | 63 | PC: 12be6 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T11:52:30.710135037Z | 66 | PC: 12bf8 | Move file pointer |
| 2018-12-25T11:52:30.711405043Z | 64 | PC: 12c1b | Write file or device (Write 787 bytes on handle 5) |
| 2018-12-25T11:52:30.724371688Z | 66 | PC: 12c2d | Move file pointer |
| 2018-12-25T11:52:30.726129589Z | 64 | PC: 12c3c | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T11:52:30.729603297Z | 87 | PC: 12c4d | Get or set file date and time |
| 2018-12-25T11:52:30.732788057Z | 62 | PC: 12c51 | Close file |
| 2018-12-25T11:52:30.77082993Z | 67 | PC: 12c5e | Get or set file attributes |
| 2018-12-25T11:52:30.796654097Z | 26 | PC: 12c69 | Set disk transfer address |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4620,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:52:26.622747096Z | 255 | PC: 12a6b | UNKNOWN! |
| 2018-12-25T11:52:26.623859447Z | 42 | PC: 12a77 | Get date 0x12a77: cmp cx, 0x7c7 0x12a7b: jb 0x12a93 0x12a7d: jge 0x12a81 0x12a7f: jmp 0x12ad3 0x12a81: mov ah, 0x2a 0x12a83: int 0x21 0x12a85: cmp dh, 6 0x12a88: jge 0x12a8c 0x12a8a: jmp 0x12ad3 0x12a8c: cmp dl, 0x16 0x12a8f: jge 0x12ab1 0x12a91: jmp 0x12ad3 0x12a93: cmp cx, 0x7c6 0x12a97: je 0x12aa6 0x12a99: mov ah, 0x2b 0x12a9b: mov cx, 0x7c6 0x12a9e: int 0x21 0x12aa0: mov ah, 0x2d 0x12aa2: mov cl, 1 0x12aa4: int 0x21 |
| 2018-12-25T11:52:26.625827386Z | 43 | PC: 12aa0 | Set date |
| 2018-12-25T11:52:26.628855363Z | 45 | PC: 12aa6 | Set time |
| 2018-12-25T11:52:26.632277711Z | 44 | PC: 12aaa | Get time 0x12aaa: cmp cl, 0xf 0x12aad: jae 0x12abb 0x12aaf: jmp 0x12a81 0x12ab1: mov ah, 9 0x12ab3: mov dx, si 0x12ab5: add dx, 0x40 0x12ab9: int 0x21 0x12abb: cmp byte ptr [si], 0x1a 0x12abe: ja 0x12ad3 0x12ac0: pushf 0x12ac1: mov al, byte ptr [si] 0x12ac3: mov cx, 0x100 0x12ac6: mov dx, 0 0x12ac9: mov bx, 1 0x12acc: int 0x26 0x12ace: popf 0x12acf: inc byte ptr [si] 0x12ad1: jmp 0x12abb 0x12ad3: push es 0x12ad4: mov ah, 0x2f |
| 2018-12-25T11:52:26.634531334Z | 42 | PC: 12a85 | Get date 0x12a85: cmp dh, 6 0x12a88: jge 0x12a8c 0x12a8a: jmp 0x12ad3 0x12a8c: cmp dl, 0x16 0x12a8f: jge 0x12ab1 0x12a91: jmp 0x12ad3 0x12a93: cmp cx, 0x7c6 0x12a97: je 0x12aa6 0x12a99: mov ah, 0x2b 0x12a9b: mov cx, 0x7c6 0x12a9e: int 0x21 0x12aa0: mov ah, 0x2d 0x12aa2: mov cl, 1 0x12aa4: int 0x21 0x12aa6: mov ah, 0x2c 0x12aa8: int 0x21 0x12aaa: cmp cl, 0xf 0x12aad: jae 0x12abb 0x12aaf: jmp 0x12a81 0x12ab1: mov ah, 9 |
| 2018-12-25T11:52:26.636576065Z | 47 | PC: 12ad8 | Get disk transfer address |
| 2018-12-25T11:52:26.638105176Z | 26 | PC: 12ae8 | Set disk transfer address |
| 2018-12-25T11:52:26.641011973Z | 78 | PC: 12b6d | Find first file |
| 2018-12-25T11:52:26.651484381Z | 79 | PC: 12b73 | Find next file |
| 2018-12-25T11:52:26.654448862Z | 79 | PC: 12b73 | Find next file (See above) |
| 2018-12-25T11:52:26.657064862Z | 79 | PC: 12b73 | Find next file (See above) |
| 2018-12-25T11:52:26.659570262Z | 79 | PC: 12b73 | Find next file (See above) |
| 2018-12-25T11:52:26.662680035Z | 79 | PC: 12b73 | Find next file (See above) |
| 2018-12-25T11:52:26.665086315Z | 79 | PC: 12b73 | Find next file (See above) |
| 2018-12-25T11:52:26.667467168Z | 79 | PC: 12b73 | Find next file (See above) |
| 2018-12-25T11:52:26.670703069Z | 78 | PC: 12b6d | Find first file (See above) |
| 2018-12-25T11:52:26.679411651Z | 79 | PC: 12b73 | Find next file (See above) |
| 2018-12-25T11:52:26.683054104Z | 67 | PC: 12baa | Get or set file attributes |
| 2018-12-25T11:52:26.705472952Z | 67 | PC: 12bba | Get or set file attributes |
| 2018-12-25T11:52:30.683399423Z | 61 | PC: 12bc4 | Open file (Filename = 'C:\DOS\FORMAT.COM') |
| 2018-12-25T11:52:30.688228004Z | 87 | PC: 12bd0 | Get or set file date and time |
| 2018-12-25T11:52:30.689502035Z | 44 | PC: 12bda | Get time 0x12bda: mov ah, 0x3f 0x12bdc: mov cx, 3 0x12bdf: mov dx, 0x68 0x12be2: add dx, si 0x12be4: int 0x21 0x12be6: jb 0x12c3c 0x12be8: cmp ax, 3 0x12beb: jne 0x12c3c 0x12bed: mov ax, 0x4202 0x12bf0: mov cx, 0 0x12bf3: mov dx, 0 0x12bf6: int 0x21 0x12bf8: jb 0x12c3c 0x12bfa: mov cx, ax 0x12bfc: sub ax, 3 0x12bff: mov word ptr [si + 0x6c], ax 0x12c02: add cx, 0x32b 0x12c06: mov di, si 0x12c08: sub di, 0x229 0x12c0c: mov word ptr [di], cx |
| 2018-12-25T11:52:30.691720037Z | 63 | PC: 12be6 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T11:52:30.710103318Z | 66 | PC: 12bf8 | Move file pointer |
| 2018-12-25T11:52:30.711657283Z | 64 | PC: 12c1b | Write file or device (Write 787 bytes on handle 5) |
| 2018-12-25T11:52:30.729533722Z | 66 | PC: 12c2d | Move file pointer |
| 2018-12-25T11:52:30.730823136Z | 64 | PC: 12c3c | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T11:52:30.733450695Z | 87 | PC: 12c4d | Get or set file date and time |
| 2018-12-25T11:52:30.735821411Z | 62 | PC: 12c51 | Close file |
| 2018-12-25T11:52:30.825921163Z | 67 | PC: 12c5e | Get or set file attributes |
| 2018-12-25T11:52:30.861080145Z | 26 | PC: 12c69 | Set disk transfer address |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4620,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:52:26.790097011Z | 255 | PC: 12a6b | UNKNOWN! |
| 2018-12-25T11:52:26.791212073Z | 42 | PC: 12a77 | Get date 0x12a77: cmp cx, 0x7c7 0x12a7b: jb 0x12a93 0x12a7d: jge 0x12a81 0x12a7f: jmp 0x12ad3 0x12a81: mov ah, 0x2a 0x12a83: int 0x21 0x12a85: cmp dh, 6 0x12a88: jge 0x12a8c 0x12a8a: jmp 0x12ad3 0x12a8c: cmp dl, 0x16 0x12a8f: jge 0x12ab1 0x12a91: jmp 0x12ad3 0x12a93: cmp cx, 0x7c6 0x12a97: je 0x12aa6 0x12a99: mov ah, 0x2b 0x12a9b: mov cx, 0x7c6 0x12a9e: int 0x21 0x12aa0: mov ah, 0x2d 0x12aa2: mov cl, 1 0x12aa4: int 0x21 |
| 2018-12-25T11:52:26.793278901Z | 43 | PC: 12aa0 | Set date |
| 2018-12-25T11:52:26.796251112Z | 45 | PC: 12aa6 | Set time |
| 2018-12-25T11:52:26.800060096Z | 44 | PC: 12aaa | Get time 0x12aaa: cmp cl, 0xf 0x12aad: jae 0x12abb 0x12aaf: jmp 0x12a81 0x12ab1: mov ah, 9 0x12ab3: mov dx, si 0x12ab5: add dx, 0x40 0x12ab9: int 0x21 0x12abb: cmp byte ptr [si], 0x1a 0x12abe: ja 0x12ad3 0x12ac0: pushf 0x12ac1: mov al, byte ptr [si] 0x12ac3: mov cx, 0x100 0x12ac6: mov dx, 0 0x12ac9: mov bx, 1 0x12acc: int 0x26 0x12ace: popf 0x12acf: inc byte ptr [si] 0x12ad1: jmp 0x12abb 0x12ad3: push es 0x12ad4: mov ah, 0x2f |
| 2018-12-25T11:52:26.803207945Z | 42 | PC: 12a85 | Get date 0x12a85: cmp dh, 6 0x12a88: jge 0x12a8c 0x12a8a: jmp 0x12ad3 0x12a8c: cmp dl, 0x16 0x12a8f: jge 0x12ab1 0x12a91: jmp 0x12ad3 0x12a93: cmp cx, 0x7c6 0x12a97: je 0x12aa6 0x12a99: mov ah, 0x2b 0x12a9b: mov cx, 0x7c6 0x12a9e: int 0x21 0x12aa0: mov ah, 0x2d 0x12aa2: mov cl, 1 0x12aa4: int 0x21 0x12aa6: mov ah, 0x2c 0x12aa8: int 0x21 0x12aaa: cmp cl, 0xf 0x12aad: jae 0x12abb 0x12aaf: jmp 0x12a81 0x12ab1: mov ah, 9 |
| 2018-12-25T11:52:26.805159505Z | 47 | PC: 12ad8 | Get disk transfer address |
| 2018-12-25T11:52:26.806657088Z | 26 | PC: 12ae8 | Set disk transfer address |
| 2018-12-25T11:52:26.807806513Z | 78 | PC: 12b6d | Find first file |
| 2018-12-25T11:52:26.818407769Z | 79 | PC: 12b73 | Find next file |
| 2018-12-25T11:52:26.830433764Z | 79 | PC: 12b73 | Find next file (See above) |
| 2018-12-25T11:52:26.833802967Z | 79 | PC: 12b73 | Find next file (See above) |
| 2018-12-25T11:52:26.836196682Z | 79 | PC: 12b73 | Find next file (See above) |
| 2018-12-25T11:52:26.851145636Z | 79 | PC: 12b73 | Find next file (See above) |
| 2018-12-25T11:52:26.854113412Z | 79 | PC: 12b73 | Find next file (See above) |
| 2018-12-25T11:52:26.857355158Z | 79 | PC: 12b73 | Find next file (See above) |
| 2018-12-25T11:52:26.85972234Z | 78 | PC: 12b6d | Find first file (See above) |
| 2018-12-25T11:52:26.865186059Z | 79 | PC: 12b73 | Find next file (See above) |
| 2018-12-25T11:52:26.867182792Z | 67 | PC: 12baa | Get or set file attributes |
| 2018-12-25T11:52:26.873559856Z | 67 | PC: 12bba | Get or set file attributes |
| 2018-12-25T11:52:31.805471523Z | 61 | PC: 12bc4 | Open file (Filename = 'C:\DOS\FORMAT.COM') |
| 2018-12-25T11:52:31.812891575Z | 87 | PC: 12bd0 | Get or set file date and time |
| 2018-12-25T11:52:31.815101794Z | 44 | PC: 12bda | Get time 0x12bda: mov ah, 0x3f 0x12bdc: mov cx, 3 0x12bdf: mov dx, 0x68 0x12be2: add dx, si 0x12be4: int 0x21 0x12be6: jb 0x12c3c 0x12be8: cmp ax, 3 0x12beb: jne 0x12c3c 0x12bed: mov ax, 0x4202 0x12bf0: mov cx, 0 0x12bf3: mov dx, 0 0x12bf6: int 0x21 0x12bf8: jb 0x12c3c 0x12bfa: mov cx, ax 0x12bfc: sub ax, 3 0x12bff: mov word ptr [si + 0x6c], ax 0x12c02: add cx, 0x32b 0x12c06: mov di, si 0x12c08: sub di, 0x229 0x12c0c: mov word ptr [di], cx |
| 2018-12-25T11:52:31.817695679Z | 63 | PC: 12be6 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T11:52:31.836113454Z | 66 | PC: 12bf8 | Move file pointer |
| 2018-12-25T11:52:31.851089941Z | 64 | PC: 12c1b | Write file or device (Write 787 bytes on handle 5) |
| 2018-12-25T11:52:32.08809536Z | 66 | PC: 12c2d | Move file pointer |
| 2018-12-25T11:52:32.089931874Z | 64 | PC: 12c3c | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T11:52:32.093163851Z | 87 | PC: 12c4d | Get or set file date and time |
| 2018-12-25T11:52:32.094907443Z | 62 | PC: 12c51 | Close file |
| 2018-12-25T11:52:32.247618941Z | 67 | PC: 12c5e | Get or set file attributes |
| 2018-12-25T11:52:32.278608023Z | 26 | PC: 12c69 | Set disk transfer address |
{"DateBased":true,"Day":1,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4620,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:52:26.912405053Z | 255 | PC: 12a6b | UNKNOWN! |
| 2018-12-25T11:52:26.913234165Z | 42 | PC: 12a77 | Get date 0x12a77: cmp cx, 0x7c7 0x12a7b: jb 0x12a93 0x12a7d: jge 0x12a81 0x12a7f: jmp 0x12ad3 0x12a81: mov ah, 0x2a 0x12a83: int 0x21 0x12a85: cmp dh, 6 0x12a88: jge 0x12a8c 0x12a8a: jmp 0x12ad3 0x12a8c: cmp dl, 0x16 0x12a8f: jge 0x12ab1 0x12a91: jmp 0x12ad3 0x12a93: cmp cx, 0x7c6 0x12a97: je 0x12aa6 0x12a99: mov ah, 0x2b 0x12a9b: mov cx, 0x7c6 0x12a9e: int 0x21 0x12aa0: mov ah, 0x2d 0x12aa2: mov cl, 1 0x12aa4: int 0x21 |
| 2018-12-25T11:52:26.915804364Z | 43 | PC: 12aa0 | Set date |
| 2018-12-25T11:52:26.918230342Z | 45 | PC: 12aa6 | Set time |
| 2018-12-25T11:52:26.920402184Z | 44 | PC: 12aaa | Get time 0x12aaa: cmp cl, 0xf 0x12aad: jae 0x12abb 0x12aaf: jmp 0x12a81 0x12ab1: mov ah, 9 0x12ab3: mov dx, si 0x12ab5: add dx, 0x40 0x12ab9: int 0x21 0x12abb: cmp byte ptr [si], 0x1a 0x12abe: ja 0x12ad3 0x12ac0: pushf 0x12ac1: mov al, byte ptr [si] 0x12ac3: mov cx, 0x100 0x12ac6: mov dx, 0 0x12ac9: mov bx, 1 0x12acc: int 0x26 0x12ace: popf 0x12acf: inc byte ptr [si] 0x12ad1: jmp 0x12abb 0x12ad3: push es 0x12ad4: mov ah, 0x2f |
| 2018-12-25T11:52:26.922045873Z | 42 | PC: 12a85 | Get date 0x12a85: cmp dh, 6 0x12a88: jge 0x12a8c 0x12a8a: jmp 0x12ad3 0x12a8c: cmp dl, 0x16 0x12a8f: jge 0x12ab1 0x12a91: jmp 0x12ad3 0x12a93: cmp cx, 0x7c6 0x12a97: je 0x12aa6 0x12a99: mov ah, 0x2b 0x12a9b: mov cx, 0x7c6 0x12a9e: int 0x21 0x12aa0: mov ah, 0x2d 0x12aa2: mov cl, 1 0x12aa4: int 0x21 0x12aa6: mov ah, 0x2c 0x12aa8: int 0x21 0x12aaa: cmp cl, 0xf 0x12aad: jae 0x12abb 0x12aaf: jmp 0x12a81 0x12ab1: mov ah, 9 |
| 2018-12-25T11:52:26.924271934Z | 47 | PC: 12ad8 | Get disk transfer address |
| 2018-12-25T11:52:26.925374012Z | 26 | PC: 12ae8 | Set disk transfer address |
| 2018-12-25T11:52:26.927038375Z | 78 | PC: 12b6d | Find first file |
| 2018-12-25T11:52:26.939520099Z | 79 | PC: 12b73 | Find next file |
| 2018-12-25T11:52:26.942195289Z | 79 | PC: 12b73 | Find next file (See above) |
| 2018-12-25T11:52:26.945348958Z | 79 | PC: 12b73 | Find next file (See above) |
| 2018-12-25T11:52:26.947975953Z | 79 | PC: 12b73 | Find next file (See above) |
| 2018-12-25T11:52:26.950596651Z | 79 | PC: 12b73 | Find next file (See above) |
| 2018-12-25T11:52:26.953624421Z | 79 | PC: 12b73 | Find next file (See above) |
| 2018-12-25T11:52:26.95627084Z | 79 | PC: 12b73 | Find next file (See above) |
| 2018-12-25T11:52:26.958705021Z | 78 | PC: 12b6d | Find first file (See above) |
| 2018-12-25T11:52:26.968799402Z | 79 | PC: 12b73 | Find next file (See above) |
| 2018-12-25T11:52:26.972102465Z | 67 | PC: 12baa | Get or set file attributes |
| 2018-12-25T11:52:26.978692909Z | 67 | PC: 12bba | Get or set file attributes |
| 2018-12-25T11:52:29.157493847Z | 61 | PC: 12bc4 | Open file (Filename = 'C:\DOS\FORMAT.COM') |
| 2018-12-25T11:52:29.166907124Z | 87 | PC: 12bd0 | Get or set file date and time |
| 2018-12-25T11:52:29.168626663Z | 44 | PC: 12bda | Get time 0x12bda: mov ah, 0x3f 0x12bdc: mov cx, 3 0x12bdf: mov dx, 0x68 0x12be2: add dx, si 0x12be4: int 0x21 0x12be6: jb 0x12c3c 0x12be8: cmp ax, 3 0x12beb: jne 0x12c3c 0x12bed: mov ax, 0x4202 0x12bf0: mov cx, 0 0x12bf3: mov dx, 0 0x12bf6: int 0x21 0x12bf8: jb 0x12c3c 0x12bfa: mov cx, ax 0x12bfc: sub ax, 3 0x12bff: mov word ptr [si + 0x6c], ax 0x12c02: add cx, 0x32b 0x12c06: mov di, si 0x12c08: sub di, 0x229 0x12c0c: mov word ptr [di], cx |
| 2018-12-25T11:52:29.17169775Z | 63 | PC: 12be6 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T11:52:29.179374837Z | 66 | PC: 12bf8 | Move file pointer |
| 2018-12-25T11:52:29.181405279Z | 64 | PC: 12c1b | Write file or device (Write 787 bytes on handle 5) |
| 2018-12-25T11:52:29.190256772Z | 66 | PC: 12c2d | Move file pointer |
| 2018-12-25T11:52:29.19352792Z | 64 | PC: 12c3c | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T11:52:29.197061914Z | 87 | PC: 12c4d | Get or set file date and time |
| 2018-12-25T11:52:29.199093446Z | 62 | PC: 12c51 | Close file |
| 2018-12-25T11:52:29.207893887Z | 67 | PC: 12c5e | Get or set file attributes |
| 2018-12-25T11:52:29.218844991Z | 26 | PC: 12c69 | Set disk transfer address |
{"DateBased":true,"Day":22,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4620,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:52:27.035606968Z | 255 | PC: 12a6b | UNKNOWN! |
| 2018-12-25T11:52:27.036708047Z | 42 | PC: 12a77 | Get date 0x12a77: cmp cx, 0x7c7 0x12a7b: jb 0x12a93 0x12a7d: jge 0x12a81 0x12a7f: jmp 0x12ad3 0x12a81: mov ah, 0x2a 0x12a83: int 0x21 0x12a85: cmp dh, 6 0x12a88: jge 0x12a8c 0x12a8a: jmp 0x12ad3 0x12a8c: cmp dl, 0x16 0x12a8f: jge 0x12ab1 0x12a91: jmp 0x12ad3 0x12a93: cmp cx, 0x7c6 0x12a97: je 0x12aa6 0x12a99: mov ah, 0x2b 0x12a9b: mov cx, 0x7c6 0x12a9e: int 0x21 0x12aa0: mov ah, 0x2d 0x12aa2: mov cl, 1 0x12aa4: int 0x21 |
| 2018-12-25T11:52:27.03897986Z | 43 | PC: 12aa0 | Set date |
| 2018-12-25T11:52:27.042350848Z | 45 | PC: 12aa6 | Set time |
| 2018-12-25T11:52:27.046194178Z | 44 | PC: 12aaa | Get time 0x12aaa: cmp cl, 0xf 0x12aad: jae 0x12abb 0x12aaf: jmp 0x12a81 0x12ab1: mov ah, 9 0x12ab3: mov dx, si 0x12ab5: add dx, 0x40 0x12ab9: int 0x21 0x12abb: cmp byte ptr [si], 0x1a 0x12abe: ja 0x12ad3 0x12ac0: pushf 0x12ac1: mov al, byte ptr [si] 0x12ac3: mov cx, 0x100 0x12ac6: mov dx, 0 0x12ac9: mov bx, 1 0x12acc: int 0x26 0x12ace: popf 0x12acf: inc byte ptr [si] 0x12ad1: jmp 0x12abb 0x12ad3: push es 0x12ad4: mov ah, 0x2f |
| 2018-12-25T11:52:27.048713349Z | 42 | PC: 12a85 | Get date 0x12a85: cmp dh, 6 0x12a88: jge 0x12a8c 0x12a8a: jmp 0x12ad3 0x12a8c: cmp dl, 0x16 0x12a8f: jge 0x12ab1 0x12a91: jmp 0x12ad3 0x12a93: cmp cx, 0x7c6 0x12a97: je 0x12aa6 0x12a99: mov ah, 0x2b 0x12a9b: mov cx, 0x7c6 0x12a9e: int 0x21 0x12aa0: mov ah, 0x2d 0x12aa2: mov cl, 1 0x12aa4: int 0x21 0x12aa6: mov ah, 0x2c 0x12aa8: int 0x21 0x12aaa: cmp cl, 0xf 0x12aad: jae 0x12abb 0x12aaf: jmp 0x12a81 0x12ab1: mov ah, 9 |
| 2018-12-25T11:52:27.050768665Z | 9 | PC: 12abb | Display string (String= ' Violator strikes again... ') |
| 2018-12-25T11:52:27.057163085Z | 47 | PC: 12ad8 | Get disk transfer address |
| 2018-12-25T11:52:27.058513753Z | 26 | PC: 12ae8 | Set disk transfer address |
| 2018-12-25T11:52:27.059676998Z | 78 | PC: 12b6d | Find first file |
| 2018-12-25T11:52:27.071768459Z | 79 | PC: 12b73 | Find next file |
| 2018-12-25T11:52:27.07579688Z | 79 | PC: 12b73 | Find next file (See above) |
| 2018-12-25T11:52:27.078580535Z | 79 | PC: 12b73 | Find next file (See above) |
| 2018-12-25T11:52:27.08129244Z | 79 | PC: 12b73 | Find next file (See above) |
| 2018-12-25T11:52:27.084532044Z | 79 | PC: 12b73 | Find next file (See above) |
| 2018-12-25T11:52:27.087201987Z | 79 | PC: 12b73 | Find next file (See above) |
| 2018-12-25T11:52:27.089798188Z | 79 | PC: 12b73 | Find next file (See above) |
| 2018-12-25T11:52:27.092694409Z | 78 | PC: 12b6d | Find first file (See above) |
| 2018-12-25T11:52:27.102427763Z | 79 | PC: 12b73 | Find next file (See above) |
| 2018-12-25T11:52:27.105557504Z | 67 | PC: 12baa | Get or set file attributes |
| 2018-12-25T11:52:27.113294218Z | 67 | PC: 12bba | Get or set file attributes |
| 2018-12-25T11:52:29.157759876Z | 61 | PC: 12bc4 | Open file (Filename = 'C:\DOS\FORMAT.COM') |
| 2018-12-25T11:52:29.165857391Z | 87 | PC: 12bd0 | Get or set file date and time |
| 2018-12-25T11:52:29.168692307Z | 44 | PC: 12bda | Get time 0x12bda: mov ah, 0x3f 0x12bdc: mov cx, 3 0x12bdf: mov dx, 0x68 0x12be2: add dx, si 0x12be4: int 0x21 0x12be6: jb 0x12c3c 0x12be8: cmp ax, 3 0x12beb: jne 0x12c3c 0x12bed: mov ax, 0x4202 0x12bf0: mov cx, 0 0x12bf3: mov dx, 0 0x12bf6: int 0x21 0x12bf8: jb 0x12c3c 0x12bfa: mov cx, ax 0x12bfc: sub ax, 3 0x12bff: mov word ptr [si + 0x6c], ax 0x12c02: add cx, 0x32b 0x12c06: mov di, si 0x12c08: sub di, 0x229 0x12c0c: mov word ptr [di], cx |
| 2018-12-25T11:52:29.172020745Z | 63 | PC: 12be6 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T11:52:29.180700665Z | 66 | PC: 12bf8 | Move file pointer |
| 2018-12-25T11:52:29.183059813Z | 64 | PC: 12c1b | Write file or device (Write 787 bytes on handle 5) |
| 2018-12-25T11:52:29.196574673Z | 66 | PC: 12c2d | Move file pointer |
| 2018-12-25T11:52:29.198554037Z | 64 | PC: 12c3c | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T11:52:29.202100136Z | 87 | PC: 12c4d | Get or set file date and time |
| 2018-12-25T11:52:29.204866398Z | 62 | PC: 12c51 | Close file |
| 2018-12-25T11:52:29.212673775Z | 67 | PC: 12c5e | Get or set file attributes |
| 2018-12-25T11:52:29.223364606Z | 26 | PC: 12c69 | Set disk transfer address |