{"DateBased":true,"Day":1,"Month":12,"Year":1988,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5561,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:54:46.399999104Z | 25 | PC: 12b4c | Get default drive |
| 2018-12-25T11:54:46.401448793Z | 42 | PC: 12b8d | Get date 0x12b8d: cmp cx, 0x7c4 0x12b91: jge 0x12b9a 0x12b93: jmp 0x12bbd 0x12b95: mov byte ptr [bx + di], cl 0x12b97: xchg ax, sp 0x12b98: adc al, byte ptr [bx + di] 0x12b9a: jg 0x12bab 0x12b9c: cmp dh, 0xc 0x12b9f: jl 0x12bbd 0x12ba1: cmp dl, 5 0x12ba4: jl 0x12bbd 0x12ba6: cmp dl, 0x1c 0x12ba9: jl 0x12bb6 0x12bab: mov word ptr [si + 0x877], 0xffdc 0x12bb1: mov byte ptr [si + 0x872], 0x88 0x12bb6: cmp byte ptr [si + 4], 0xf8 0x12bbb: jae 0x12bd2 0x12bbd: mov byte ptr cs:[si + 0xee], 0 0x12bc3: jmp 0x12d5b 0x12bc6: cmp byte ptr [si + 4], 0xf8 |
| 2018-12-25T11:54:46.403822006Z | 14 | PC: 12d94 | Set default drive (Drive = 'A') |
| 2018-12-25T11:54:46.406741247Z | 49 | PC: 14744 | Terminate and stay resident (Return code = '0' | Memory size = '480') |
{"DateBased":true,"Day":5,"Month":12,"Year":1988,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5561,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:54:46.88845101Z | 25 | PC: 12b4c | Get default drive |
| 2018-12-25T11:54:46.890283422Z | 42 | PC: 12b8d | Get date 0x12b8d: cmp cx, 0x7c4 0x12b91: jge 0x12b9a 0x12b93: jmp 0x12bbd 0x12b95: mov byte ptr [bx + di], cl 0x12b97: xchg ax, sp 0x12b98: adc al, byte ptr [bx + di] 0x12b9a: jg 0x12bab 0x12b9c: cmp dh, 0xc 0x12b9f: jl 0x12bbd 0x12ba1: cmp dl, 5 0x12ba4: jl 0x12bbd 0x12ba6: cmp dl, 0x1c 0x12ba9: jl 0x12bb6 0x12bab: mov word ptr [si + 0x877], 0xffdc 0x12bb1: mov byte ptr [si + 0x872], 0x88 0x12bb6: cmp byte ptr [si + 4], 0xf8 0x12bbb: jae 0x12bd2 0x12bbd: mov byte ptr cs:[si + 0xee], 0 0x12bc3: jmp 0x12d5b 0x12bc6: cmp byte ptr [si + 4], 0xf8 |
| 2018-12-25T11:54:46.892569849Z | 67 | PC: 12d33 | Get or set file attributes |
| 2018-12-25T11:54:46.898648541Z | 71 | PC: 12c44 | Get current directory |
| 2018-12-25T11:54:46.902836984Z | 59 | PC: 12d33 | Change current directory (See above) |
| 2018-12-25T11:54:46.907030612Z | 26 | PC: 12c5e | Set disk transfer address |
| 2018-12-25T11:54:46.908311987Z | 78 | PC: 12d33 | Find first file (See above) |
| 2018-12-25T11:54:46.914712009Z | 25 | PC: 12e35 | Get default drive |
| 2018-12-25T11:54:46.916718695Z | 71 | PC: 12e4f | Get current directory |
| 2018-12-25T11:54:46.919369694Z | 67 | PC: 12d33 | Get or set file attributes (See above) |
| 2018-12-25T11:54:46.928169538Z | 67 | PC: 12d33 | Get or set file attributes (See above) |
| 2018-12-25T11:54:46.944544215Z | 61 | PC: 12d33 | Open file (See above) |
| 2018-12-25T11:54:46.950433471Z | 87 | PC: 12ebd | Get or set file date and time |
| 2018-12-25T11:54:46.951632386Z | 63 | PC: 12ed5 | Read file or device (Read 28 bytes on handle 5) |
| 2018-12-25T11:54:46.95776334Z | 66 | PC: 13068 | Move file pointer |
| 2018-12-25T11:54:46.959035574Z | 66 | PC: 13068 | Move file pointer (See above) |
| 2018-12-25T11:54:46.960257487Z | 64 | PC: 12f24 | Write file or device (Write 5 bytes on handle 5) |
| 2018-12-25T11:54:46.962986135Z | 64 | PC: 12f30 | Write file or device (Write 3061 bytes on handle 5) |
| 2018-12-25T11:54:46.970184475Z | 66 | PC: 12f39 | Move file pointer |
| 2018-12-25T11:54:46.971362889Z | 64 | PC: 12f4c | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T11:54:46.978176413Z | 87 | PC: 12eb2 | Get or set file date and time |
| 2018-12-25T11:54:46.979733525Z | 62 | PC: 12eb6 | Close file |
| 2018-12-25T11:54:46.98634348Z | 59 | PC: 12d33 | Change current directory (See above) |
| 2018-12-25T11:54:46.991346446Z | 59 | PC: 12d5b | Change current directory |
| 2018-12-25T11:54:46.99301516Z | 14 | PC: 12d94 | Set default drive (Drive = 'A') |
| 2018-12-25T11:54:46.995862344Z | 49 | PC: 14744 | Terminate and stay resident (Return code = '0' | Memory size = '480') |
{"DateBased":true,"Day":28,"Month":12,"Year":1988,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5561,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:54:47.300797627Z | 25 | PC: 12b4c | Get default drive |
| 2018-12-25T11:54:47.302715566Z | 42 | PC: 12b8d | Get date 0x12b8d: cmp cx, 0x7c4 0x12b91: jge 0x12b9a 0x12b93: jmp 0x12bbd 0x12b95: mov byte ptr [bx + di], cl 0x12b97: xchg ax, sp 0x12b98: adc al, byte ptr [bx + di] 0x12b9a: jg 0x12bab 0x12b9c: cmp dh, 0xc 0x12b9f: jl 0x12bbd 0x12ba1: cmp dl, 5 0x12ba4: jl 0x12bbd 0x12ba6: cmp dl, 0x1c 0x12ba9: jl 0x12bb6 0x12bab: mov word ptr [si + 0x877], 0xffdc 0x12bb1: mov byte ptr [si + 0x872], 0x88 0x12bb6: cmp byte ptr [si + 4], 0xf8 0x12bbb: jae 0x12bd2 0x12bbd: mov byte ptr cs:[si + 0xee], 0 0x12bc3: jmp 0x12d5b 0x12bc6: cmp byte ptr [si + 4], 0xf8 |
| 2018-12-25T11:54:47.304782184Z | 67 | PC: 12d33 | Get or set file attributes |
| 2018-12-25T11:54:47.310134339Z | 71 | PC: 12c44 | Get current directory |
| 2018-12-25T11:54:47.313313794Z | 59 | PC: 12d33 | Change current directory (See above) |
| 2018-12-25T11:54:47.317741266Z | 26 | PC: 12c5e | Set disk transfer address |
| 2018-12-25T11:54:47.319083504Z | 78 | PC: 12d33 | Find first file (See above) |
| 2018-12-25T11:54:47.329728478Z | 25 | PC: 12e35 | Get default drive |
| 2018-12-25T11:54:47.331546932Z | 71 | PC: 12e4f | Get current directory |
| 2018-12-25T11:54:47.339354537Z | 67 | PC: 12d33 | Get or set file attributes (See above) |
| 2018-12-25T11:54:47.345074467Z | 67 | PC: 12d33 | Get or set file attributes (See above) |
| 2018-12-25T11:54:47.361060301Z | 61 | PC: 12d33 | Open file (See above) |
| 2018-12-25T11:54:47.367532473Z | 87 | PC: 12ebd | Get or set file date and time |
| 2018-12-25T11:54:47.36892844Z | 63 | PC: 12ed5 | Read file or device (Read 28 bytes on handle 5) |
| 2018-12-25T11:54:47.375348164Z | 66 | PC: 13068 | Move file pointer |
| 2018-12-25T11:54:47.37636501Z | 66 | PC: 13068 | Move file pointer (See above) |
| 2018-12-25T11:54:47.377270567Z | 64 | PC: 12f24 | Write file or device (Write 5 bytes on handle 5) |
| 2018-12-25T11:54:47.379773126Z | 64 | PC: 12f30 | Write file or device (Write 3061 bytes on handle 5) |
| 2018-12-25T11:54:47.386887126Z | 66 | PC: 12f39 | Move file pointer |
| 2018-12-25T11:54:47.389152477Z | 64 | PC: 12f4c | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T11:54:47.40386307Z | 87 | PC: 12eb2 | Get or set file date and time |
| 2018-12-25T11:54:47.406148937Z | 62 | PC: 12eb6 | Close file |
| 2018-12-25T11:54:47.414295354Z | 59 | PC: 12d33 | Change current directory (See above) |
| 2018-12-25T11:54:47.419202707Z | 59 | PC: 12d5b | Change current directory |
| 2018-12-25T11:54:47.421360062Z | 14 | PC: 12d94 | Set default drive (Drive = 'A') |
| 2018-12-25T11:54:47.424408075Z | 49 | PC: 14744 | Terminate and stay resident (Return code = '0' | Memory size = '480') |
{"DateBased":true,"Day":1,"Month":1,"Year":1989,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5561,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:54:47.608550006Z | 25 | PC: 12b4c | Get default drive |
| 2018-12-25T11:54:47.610997431Z | 42 | PC: 12b8d | Get date 0x12b8d: cmp cx, 0x7c4 0x12b91: jge 0x12b9a 0x12b93: jmp 0x12bbd 0x12b95: mov byte ptr [bx + di], cl 0x12b97: xchg ax, sp 0x12b98: adc al, byte ptr [bx + di] 0x12b9a: jg 0x12bab 0x12b9c: cmp dh, 0xc 0x12b9f: jl 0x12bbd 0x12ba1: cmp dl, 5 0x12ba4: jl 0x12bbd 0x12ba6: cmp dl, 0x1c 0x12ba9: jl 0x12bb6 0x12bab: mov word ptr [si + 0x877], 0xffdc 0x12bb1: mov byte ptr [si + 0x872], 0x88 0x12bb6: cmp byte ptr [si + 4], 0xf8 0x12bbb: jae 0x12bd2 0x12bbd: mov byte ptr cs:[si + 0xee], 0 0x12bc3: jmp 0x12d5b 0x12bc6: cmp byte ptr [si + 4], 0xf8 |
| 2018-12-25T11:54:47.61382493Z | 67 | PC: 12d33 | Get or set file attributes |
| 2018-12-25T11:54:47.621670633Z | 71 | PC: 12c44 | Get current directory |
| 2018-12-25T11:54:47.631993039Z | 59 | PC: 12d33 | Change current directory (See above) |
| 2018-12-25T11:54:47.636977417Z | 26 | PC: 12c5e | Set disk transfer address |
| 2018-12-25T11:54:47.638646418Z | 78 | PC: 12d33 | Find first file (See above) |
| 2018-12-25T11:54:47.645319714Z | 25 | PC: 12e35 | Get default drive |
| 2018-12-25T11:54:47.646811347Z | 71 | PC: 12e4f | Get current directory |
| 2018-12-25T11:54:47.649956291Z | 67 | PC: 12d33 | Get or set file attributes (See above) |
| 2018-12-25T11:54:47.662600562Z | 67 | PC: 12d33 | Get or set file attributes (See above) |
| 2018-12-25T11:54:47.687846818Z | 61 | PC: 12d33 | Open file (See above) |
| 2018-12-25T11:54:47.695609789Z | 87 | PC: 12ebd | Get or set file date and time |
| 2018-12-25T11:54:47.697585293Z | 63 | PC: 12ed5 | Read file or device (Read 28 bytes on handle 5) |
| 2018-12-25T11:54:47.705883813Z | 66 | PC: 13068 | Move file pointer |
| 2018-12-25T11:54:47.708179001Z | 66 | PC: 13068 | Move file pointer (See above) |
| 2018-12-25T11:54:47.710104373Z | 64 | PC: 12f24 | Write file or device (Write 5 bytes on handle 5) |
| 2018-12-25T11:54:47.714267685Z | 64 | PC: 12f30 | Write file or device (Write 3061 bytes on handle 5) |
| 2018-12-25T11:54:47.724137506Z | 66 | PC: 12f39 | Move file pointer |
| 2018-12-25T11:54:47.727246626Z | 64 | PC: 12f4c | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T11:54:47.74063192Z | 87 | PC: 12eb2 | Get or set file date and time |
| 2018-12-25T11:54:47.743053926Z | 62 | PC: 12eb6 | Close file |
| 2018-12-25T11:54:47.751793284Z | 59 | PC: 12d33 | Change current directory (See above) |
| 2018-12-25T11:54:47.756252597Z | 59 | PC: 12d5b | Change current directory |
| 2018-12-25T11:54:47.759091217Z | 14 | PC: 12d94 | Set default drive (Drive = 'A') |
| 2018-12-25T11:54:47.762515253Z | 49 | PC: 14744 | Terminate and stay resident (Return code = '0' | Memory size = '480') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5561,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:54:47.898905609Z | 25 | PC: 12b4c | Get default drive |
| 2018-12-25T11:54:47.905059508Z | 42 | PC: 12b8d | Get date 0x12b8d: cmp cx, 0x7c4 0x12b91: jge 0x12b9a 0x12b93: jmp 0x12bbd 0x12b95: mov byte ptr [bx + di], cl 0x12b97: xchg ax, sp 0x12b98: adc al, byte ptr [bx + di] 0x12b9a: jg 0x12bab 0x12b9c: cmp dh, 0xc 0x12b9f: jl 0x12bbd 0x12ba1: cmp dl, 5 0x12ba4: jl 0x12bbd 0x12ba6: cmp dl, 0x1c 0x12ba9: jl 0x12bb6 0x12bab: mov word ptr [si + 0x877], 0xffdc 0x12bb1: mov byte ptr [si + 0x872], 0x88 0x12bb6: cmp byte ptr [si + 4], 0xf8 0x12bbb: jae 0x12bd2 0x12bbd: mov byte ptr cs:[si + 0xee], 0 0x12bc3: jmp 0x12d5b 0x12bc6: cmp byte ptr [si + 4], 0xf8 |
| 2018-12-25T11:54:47.908306269Z | 14 | PC: 12d94 | Set default drive (Drive = 'A') |
| 2018-12-25T11:54:47.911208473Z | 49 | PC: 14744 | Terminate and stay resident (Return code = '0' | Memory size = '480') |
{"DateBased":true,"Day":1,"Month":1,"Year":1988,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5561,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:54:48.161858735Z | 25 | PC: 12b4c | Get default drive |
| 2018-12-25T11:54:48.169852039Z | 42 | PC: 12b8d | Get date 0x12b8d: cmp cx, 0x7c4 0x12b91: jge 0x12b9a 0x12b93: jmp 0x12bbd 0x12b95: mov byte ptr [bx + di], cl 0x12b97: xchg ax, sp 0x12b98: adc al, byte ptr [bx + di] 0x12b9a: jg 0x12bab 0x12b9c: cmp dh, 0xc 0x12b9f: jl 0x12bbd 0x12ba1: cmp dl, 5 0x12ba4: jl 0x12bbd 0x12ba6: cmp dl, 0x1c 0x12ba9: jl 0x12bb6 0x12bab: mov word ptr [si + 0x877], 0xffdc 0x12bb1: mov byte ptr [si + 0x872], 0x88 0x12bb6: cmp byte ptr [si + 4], 0xf8 0x12bbb: jae 0x12bd2 0x12bbd: mov byte ptr cs:[si + 0xee], 0 0x12bc3: jmp 0x12d5b 0x12bc6: cmp byte ptr [si + 4], 0xf8 |
| 2018-12-25T11:54:48.171952518Z | 14 | PC: 12d94 | Set default drive (Drive = 'A') |
| 2018-12-25T11:54:48.176055611Z | 49 | PC: 14744 | Terminate and stay resident (Return code = '0' | Memory size = '480') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5561,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:54:49.018634339Z | 25 | PC: 12b4c | Get default drive |
| 2018-12-25T11:54:49.020630687Z | 42 | PC: 12b8d | Get date 0x12b8d: cmp cx, 0x7c4 0x12b91: jge 0x12b9a 0x12b93: jmp 0x12bbd 0x12b95: mov byte ptr [bx + di], cl 0x12b97: xchg ax, sp 0x12b98: adc al, byte ptr [bx + di] 0x12b9a: jg 0x12bab 0x12b9c: cmp dh, 0xc 0x12b9f: jl 0x12bbd 0x12ba1: cmp dl, 5 0x12ba4: jl 0x12bbd 0x12ba6: cmp dl, 0x1c 0x12ba9: jl 0x12bb6 0x12bab: mov word ptr [si + 0x877], 0xffdc 0x12bb1: mov byte ptr [si + 0x872], 0x88 0x12bb6: cmp byte ptr [si + 4], 0xf8 0x12bbb: jae 0x12bd2 0x12bbd: mov byte ptr cs:[si + 0xee], 0 0x12bc3: jmp 0x12d5b 0x12bc6: cmp byte ptr [si + 4], 0xf8 |
| 2018-12-25T11:54:49.022195076Z | 14 | PC: 12d94 | Set default drive (Drive = 'A') |
| 2018-12-25T11:54:49.026765973Z | 49 | PC: 14744 | Terminate and stay resident (Return code = '0' | Memory size = '480') |
{"DateBased":true,"Day":1,"Month":1,"Year":1988,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5561,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:54:50.120906705Z | 25 | PC: 12b4c | Get default drive |
| 2018-12-25T11:54:50.123454771Z | 42 | PC: 12b8d | Get date 0x12b8d: cmp cx, 0x7c4 0x12b91: jge 0x12b9a 0x12b93: jmp 0x12bbd 0x12b95: mov byte ptr [bx + di], cl 0x12b97: xchg ax, sp 0x12b98: adc al, byte ptr [bx + di] 0x12b9a: jg 0x12bab 0x12b9c: cmp dh, 0xc 0x12b9f: jl 0x12bbd 0x12ba1: cmp dl, 5 0x12ba4: jl 0x12bbd 0x12ba6: cmp dl, 0x1c 0x12ba9: jl 0x12bb6 0x12bab: mov word ptr [si + 0x877], 0xffdc 0x12bb1: mov byte ptr [si + 0x872], 0x88 0x12bb6: cmp byte ptr [si + 4], 0xf8 0x12bbb: jae 0x12bd2 0x12bbd: mov byte ptr cs:[si + 0xee], 0 0x12bc3: jmp 0x12d5b 0x12bc6: cmp byte ptr [si + 4], 0xf8 |
| 2018-12-25T11:54:50.126150446Z | 14 | PC: 12d94 | Set default drive (Drive = 'A') |
| 2018-12-25T11:54:50.12925345Z | 49 | PC: 14744 | Terminate and stay resident (Return code = '0' | Memory size = '480') |
{"DateBased":true,"Day":1,"Month":12,"Year":1988,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5561,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:54:50.269723736Z | 25 | PC: 12b4c | Get default drive |
| 2018-12-25T11:54:50.270996282Z | 42 | PC: 12b8d | Get date 0x12b8d: cmp cx, 0x7c4 0x12b91: jge 0x12b9a 0x12b93: jmp 0x12bbd 0x12b95: mov byte ptr [bx + di], cl 0x12b97: xchg ax, sp 0x12b98: adc al, byte ptr [bx + di] 0x12b9a: jg 0x12bab 0x12b9c: cmp dh, 0xc 0x12b9f: jl 0x12bbd 0x12ba1: cmp dl, 5 0x12ba4: jl 0x12bbd 0x12ba6: cmp dl, 0x1c 0x12ba9: jl 0x12bb6 0x12bab: mov word ptr [si + 0x877], 0xffdc 0x12bb1: mov byte ptr [si + 0x872], 0x88 0x12bb6: cmp byte ptr [si + 4], 0xf8 0x12bbb: jae 0x12bd2 0x12bbd: mov byte ptr cs:[si + 0xee], 0 0x12bc3: jmp 0x12d5b 0x12bc6: cmp byte ptr [si + 4], 0xf8 |
| 2018-12-25T11:54:50.273834912Z | 14 | PC: 12d94 | Set default drive (Drive = 'A') |
| 2018-12-25T11:54:50.276863112Z | 49 | PC: 14744 | Terminate and stay resident (Return code = '0' | Memory size = '480') |
{"DateBased":true,"Day":5,"Month":12,"Year":1988,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5561,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:54:50.469642509Z | 25 | PC: 12b4c | Get default drive |
| 2018-12-25T11:54:50.471326245Z | 42 | PC: 12b8d | Get date 0x12b8d: cmp cx, 0x7c4 0x12b91: jge 0x12b9a 0x12b93: jmp 0x12bbd 0x12b95: mov byte ptr [bx + di], cl 0x12b97: xchg ax, sp 0x12b98: adc al, byte ptr [bx + di] 0x12b9a: jg 0x12bab 0x12b9c: cmp dh, 0xc 0x12b9f: jl 0x12bbd 0x12ba1: cmp dl, 5 0x12ba4: jl 0x12bbd 0x12ba6: cmp dl, 0x1c 0x12ba9: jl 0x12bb6 0x12bab: mov word ptr [si + 0x877], 0xffdc 0x12bb1: mov byte ptr [si + 0x872], 0x88 0x12bb6: cmp byte ptr [si + 4], 0xf8 0x12bbb: jae 0x12bd2 0x12bbd: mov byte ptr cs:[si + 0xee], 0 0x12bc3: jmp 0x12d5b 0x12bc6: cmp byte ptr [si + 4], 0xf8 |
| 2018-12-25T11:54:50.473411835Z | 67 | PC: 12d33 | Get or set file attributes |
| 2018-12-25T11:54:50.478588725Z | 71 | PC: 12c44 | Get current directory |
| 2018-12-25T11:54:50.481829079Z | 59 | PC: 12d33 | Change current directory (See above) |
| 2018-12-25T11:54:50.485863069Z | 26 | PC: 12c5e | Set disk transfer address |
| 2018-12-25T11:54:50.486951002Z | 78 | PC: 12d33 | Find first file (See above) |
| 2018-12-25T11:54:50.493434065Z | 25 | PC: 12e35 | Get default drive |
| 2018-12-25T11:54:50.494609406Z | 71 | PC: 12e4f | Get current directory |
| 2018-12-25T11:54:50.49757228Z | 67 | PC: 12d33 | Get or set file attributes (See above) |
| 2018-12-25T11:54:50.508565063Z | 67 | PC: 12d33 | Get or set file attributes (See above) |
| 2018-12-25T11:54:50.526876301Z | 61 | PC: 12d33 | Open file (See above) |
| 2018-12-25T11:54:50.533566904Z | 87 | PC: 12ebd | Get or set file date and time |
| 2018-12-25T11:54:50.536202648Z | 63 | PC: 12ed5 | Read file or device (Read 28 bytes on handle 5) |
| 2018-12-25T11:54:50.542559596Z | 66 | PC: 13068 | Move file pointer |
| 2018-12-25T11:54:50.544168441Z | 66 | PC: 13068 | Move file pointer (See above) |
| 2018-12-25T11:54:50.545778417Z | 64 | PC: 12f24 | Write file or device (Write 5 bytes on handle 5) |
| 2018-12-25T11:54:50.548781503Z | 64 | PC: 12f30 | Write file or device (Write 3061 bytes on handle 5) |
| 2018-12-25T11:54:50.557386772Z | 66 | PC: 12f39 | Move file pointer |
| 2018-12-25T11:54:50.558766902Z | 64 | PC: 12f4c | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T11:54:50.576107833Z | 87 | PC: 12eb2 | Get or set file date and time |
| 2018-12-25T11:54:50.577859978Z | 62 | PC: 12eb6 | Close file |
| 2018-12-25T11:54:50.586324576Z | 59 | PC: 12d33 | Change current directory (See above) |
| 2018-12-25T11:54:50.591269615Z | 59 | PC: 12d5b | Change current directory |
| 2018-12-25T11:54:50.593033829Z | 14 | PC: 12d94 | Set default drive (Drive = 'A') |
| 2018-12-25T11:54:50.595921439Z | 49 | PC: 14744 | Terminate and stay resident (Return code = '0' | Memory size = '480') |
{"DateBased":true,"Day":28,"Month":12,"Year":1988,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5561,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:54:50.432846846Z | 25 | PC: 12b4c | Get default drive |
| 2018-12-25T11:54:50.440350075Z | 42 | PC: 12b8d | Get date 0x12b8d: cmp cx, 0x7c4 0x12b91: jge 0x12b9a 0x12b93: jmp 0x12bbd 0x12b95: mov byte ptr [bx + di], cl 0x12b97: xchg ax, sp 0x12b98: adc al, byte ptr [bx + di] 0x12b9a: jg 0x12bab 0x12b9c: cmp dh, 0xc 0x12b9f: jl 0x12bbd 0x12ba1: cmp dl, 5 0x12ba4: jl 0x12bbd 0x12ba6: cmp dl, 0x1c 0x12ba9: jl 0x12bb6 0x12bab: mov word ptr [si + 0x877], 0xffdc 0x12bb1: mov byte ptr [si + 0x872], 0x88 0x12bb6: cmp byte ptr [si + 4], 0xf8 0x12bbb: jae 0x12bd2 0x12bbd: mov byte ptr cs:[si + 0xee], 0 0x12bc3: jmp 0x12d5b 0x12bc6: cmp byte ptr [si + 4], 0xf8 |
| 2018-12-25T11:54:50.441941701Z | 67 | PC: 12d33 | Get or set file attributes |
| 2018-12-25T11:54:50.44566107Z | 71 | PC: 12c44 | Get current directory |
| 2018-12-25T11:54:50.447611242Z | 59 | PC: 12d33 | Change current directory (See above) |
| 2018-12-25T11:54:50.457085203Z | 26 | PC: 12c5e | Set disk transfer address |
| 2018-12-25T11:54:50.458384671Z | 78 | PC: 12d33 | Find first file (See above) |
| 2018-12-25T11:54:50.471773547Z | 25 | PC: 12e35 | Get default drive |
| 2018-12-25T11:54:50.473440212Z | 71 | PC: 12e4f | Get current directory |
| 2018-12-25T11:54:50.476654604Z | 67 | PC: 12d33 | Get or set file attributes (See above) |
| 2018-12-25T11:54:50.483165372Z | 67 | PC: 12d33 | Get or set file attributes (See above) |
| 2018-12-25T11:54:50.502784268Z | 61 | PC: 12d33 | Open file (See above) |
| 2018-12-25T11:54:50.510466031Z | 87 | PC: 12ebd | Get or set file date and time |
| 2018-12-25T11:54:50.512147954Z | 63 | PC: 12ed5 | Read file or device (Read 28 bytes on handle 5) |
| 2018-12-25T11:54:50.524345227Z | 66 | PC: 13068 | Move file pointer |
| 2018-12-25T11:54:50.526003688Z | 66 | PC: 13068 | Move file pointer (See above) |
| 2018-12-25T11:54:50.527496956Z | 64 | PC: 12f24 | Write file or device (Write 5 bytes on handle 5) |
| 2018-12-25T11:54:50.531126176Z | 64 | PC: 12f30 | Write file or device (Write 3061 bytes on handle 5) |
| 2018-12-25T11:54:50.541682196Z | 66 | PC: 12f39 | Move file pointer |
| 2018-12-25T11:54:50.54335714Z | 64 | PC: 12f4c | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T11:54:50.561119328Z | 87 | PC: 12eb2 | Get or set file date and time |
| 2018-12-25T11:54:50.563051946Z | 62 | PC: 12eb6 | Close file |
| 2018-12-25T11:54:50.572505672Z | 59 | PC: 12d33 | Change current directory (See above) |
| 2018-12-25T11:54:50.576960227Z | 59 | PC: 12d5b | Change current directory |
| 2018-12-25T11:54:50.579343028Z | 14 | PC: 12d94 | Set default drive (Drive = 'A') |
| 2018-12-25T11:54:50.582953766Z | 49 | PC: 14744 | Terminate and stay resident (Return code = '0' | Memory size = '480') |
{"DateBased":true,"Day":1,"Month":1,"Year":1989,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5561,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:54:50.63256147Z | 25 | PC: 12b4c | Get default drive |
| 2018-12-25T11:54:50.634439474Z | 42 | PC: 12b8d | Get date 0x12b8d: cmp cx, 0x7c4 0x12b91: jge 0x12b9a 0x12b93: jmp 0x12bbd 0x12b95: mov byte ptr [bx + di], cl 0x12b97: xchg ax, sp 0x12b98: adc al, byte ptr [bx + di] 0x12b9a: jg 0x12bab 0x12b9c: cmp dh, 0xc 0x12b9f: jl 0x12bbd 0x12ba1: cmp dl, 5 0x12ba4: jl 0x12bbd 0x12ba6: cmp dl, 0x1c 0x12ba9: jl 0x12bb6 0x12bab: mov word ptr [si + 0x877], 0xffdc 0x12bb1: mov byte ptr [si + 0x872], 0x88 0x12bb6: cmp byte ptr [si + 4], 0xf8 0x12bbb: jae 0x12bd2 0x12bbd: mov byte ptr cs:[si + 0xee], 0 0x12bc3: jmp 0x12d5b 0x12bc6: cmp byte ptr [si + 4], 0xf8 |
| 2018-12-25T11:54:50.637730502Z | 67 | PC: 12d33 | Get or set file attributes |
| 2018-12-25T11:54:50.64373227Z | 71 | PC: 12c44 | Get current directory |
| 2018-12-25T11:54:50.65522931Z | 59 | PC: 12d33 | Change current directory (See above) |
| 2018-12-25T11:54:50.661289213Z | 26 | PC: 12c5e | Set disk transfer address |
| 2018-12-25T11:54:50.662596733Z | 78 | PC: 12d33 | Find first file (See above) |
| 2018-12-25T11:54:50.669305285Z | 25 | PC: 12e35 | Get default drive |
| 2018-12-25T11:54:50.671359742Z | 71 | PC: 12e4f | Get current directory |
| 2018-12-25T11:54:50.674675129Z | 67 | PC: 12d33 | Get or set file attributes (See above) |
| 2018-12-25T11:54:50.68711113Z | 67 | PC: 12d33 | Get or set file attributes (See above) |
| 2018-12-25T11:54:50.708252585Z | 61 | PC: 12d33 | Open file (See above) |
| 2018-12-25T11:54:50.717500245Z | 87 | PC: 12ebd | Get or set file date and time |
| 2018-12-25T11:54:50.719406324Z | 63 | PC: 12ed5 | Read file or device (Read 28 bytes on handle 5) |
| 2018-12-25T11:54:50.728378346Z | 66 | PC: 13068 | Move file pointer |
| 2018-12-25T11:54:50.730013137Z | 66 | PC: 13068 | Move file pointer (See above) |
| 2018-12-25T11:54:50.731580743Z | 64 | PC: 12f24 | Write file or device (Write 5 bytes on handle 5) |
| 2018-12-25T11:54:50.734983035Z | 64 | PC: 12f30 | Write file or device (Write 3061 bytes on handle 5) |
| 2018-12-25T11:54:50.74543598Z | 66 | PC: 12f39 | Move file pointer |
| 2018-12-25T11:54:50.747019899Z | 64 | PC: 12f4c | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T11:54:50.754434969Z | 87 | PC: 12eb2 | Get or set file date and time |
| 2018-12-25T11:54:50.757951699Z | 62 | PC: 12eb6 | Close file |
| 2018-12-25T11:54:50.767995696Z | 59 | PC: 12d33 | Change current directory (See above) |
| 2018-12-25T11:54:50.774176103Z | 59 | PC: 12d5b | Change current directory |
| 2018-12-25T11:54:50.776916906Z | 14 | PC: 12d94 | Set default drive (Drive = 'A') |
| 2018-12-25T11:54:50.780708163Z | 49 | PC: 14744 | Terminate and stay resident (Return code = '0' | Memory size = '480') |