{"DateBased":true,"Day":1,"Month":1,"Year":1991,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6886,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:00:26.526490267Z | 255 | PC: 12a6c | UNKNOWN! |
| 2018-12-25T12:00:26.537483098Z | 42 | PC: 12a7b | Get date 0x12a7b: cmp cx, 0x7c7 0x12a7f: jb 0x12a96 0x12a81: jge 0x12a86 0x12a83: jmp 0x12ac9 0x12a85: nop 0x12a86: cmp dh, 6 0x12a89: jge 0x12a8e 0x12a8b: jmp 0x12ac9 0x12a8d: nop 0x12a8e: cmp dl, 0x16 0x12a91: jge 0x12aa1 0x12a93: jmp 0x12ac9 0x12a95: nop 0x12a96: mov ah, 0x2c 0x12a98: int 0x21 0x12a9a: cmp dh, 3 0x12a9d: jle 0x12aa1 0x12a9f: jmp 0x12a86 0x12aa1: mov ah, 9 0x12aa3: mov dx, si |
| 2018-12-25T12:00:26.540593698Z | 47 | PC: 12ace | Get disk transfer address |
| 2018-12-25T12:00:26.542002846Z | 26 | PC: 12ae1 | Set disk transfer address |
| 2018-12-25T12:00:26.544088916Z | 78 | PC: 12b6c | Find first file |
| 2018-12-25T12:00:26.551392794Z | 79 | PC: 12b72 | Find next file |
| 2018-12-25T12:00:26.554450805Z | 79 | PC: 12b72 | Find next file (See above) |
| 2018-12-25T12:00:26.558304335Z | 79 | PC: 12b72 | Find next file (See above) |
| 2018-12-25T12:00:26.561356086Z | 79 | PC: 12b72 | Find next file (See above) |
| 2018-12-25T12:00:26.564383785Z | 79 | PC: 12b72 | Find next file (See above) |
| 2018-12-25T12:00:26.567073486Z | 79 | PC: 12b72 | Find next file (See above) |
| 2018-12-25T12:00:26.570889172Z | 79 | PC: 12b72 | Find next file (See above) |
| 2018-12-25T12:00:26.573577591Z | 79 | PC: 12b72 | Find next file (See above) |
| 2018-12-25T12:00:26.57620422Z | 78 | PC: 12b6c | Find first file (See above) |
| 2018-12-25T12:00:26.586380743Z | 79 | PC: 12b72 | Find next file (See above) |
| 2018-12-25T12:00:26.589650696Z | 67 | PC: 12bab | Get or set file attributes |
| 2018-12-25T12:00:26.595837801Z | 67 | PC: 12bbd | Get or set file attributes |
| 2018-12-25T12:00:27.448072366Z | 61 | PC: 12bc8 | Open file (Filename = 'C:\DOS\FORMAT.COM') |
| 2018-12-25T12:00:27.457485385Z | 87 | PC: 12bd4 | Get or set file date and time |
| 2018-12-25T12:00:27.458863449Z | 44 | PC: 12be0 | Get time 0x12be0: mov ah, 0x3f 0x12be2: mov cx, 3 0x12be5: mov dx, 0x68 0x12be8: nop 0x12be9: add dx, si 0x12beb: int 0x21 0x12bed: jb 0x12c45 0x12bef: cmp ax, 3 0x12bf2: jne 0x12c45 0x12bf4: mov ax, 0x4202 0x12bf7: mov cx, 0 0x12bfa: mov dx, 0 0x12bfd: int 0x21 0x12bff: jb 0x12c45 0x12c01: mov cx, ax 0x12c03: sub ax, 3 0x12c06: mov word ptr [si + 0x6c], ax 0x12c09: nop 0x12c0a: add cx, 0x339 0x12c0e: mov di, si |
| 2018-12-25T12:00:27.461740834Z | 63 | PC: 12bed | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:00:27.467236637Z | 66 | PC: 12bff | Move file pointer |
| 2018-12-25T12:00:27.46866641Z | 64 | PC: 12c24 | Write file or device (Write 801 bytes on handle 5) |
| 2018-12-25T12:00:27.498216247Z | 66 | PC: 12c36 | Move file pointer |
| 2018-12-25T12:00:27.500557583Z | 64 | PC: 12c45 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:00:27.503620401Z | 87 | PC: 12c58 | Get or set file date and time |
| 2018-12-25T12:00:27.505649601Z | 62 | PC: 12c5c | Close file |
| 2018-12-25T12:00:27.517511953Z | 67 | PC: 12c6b | Get or set file attributes |
| 2018-12-25T12:00:27.527456263Z | 26 | PC: 12c78 | Set disk transfer address |
{"DateBased":true,"Day":1,"Month":6,"Year":1991,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6886,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:00:26.576376762Z | 255 | PC: 12a6c | UNKNOWN! |
| 2018-12-25T12:00:26.57861086Z | 42 | PC: 12a7b | Get date 0x12a7b: cmp cx, 0x7c7 0x12a7f: jb 0x12a96 0x12a81: jge 0x12a86 0x12a83: jmp 0x12ac9 0x12a85: nop 0x12a86: cmp dh, 6 0x12a89: jge 0x12a8e 0x12a8b: jmp 0x12ac9 0x12a8d: nop 0x12a8e: cmp dl, 0x16 0x12a91: jge 0x12aa1 0x12a93: jmp 0x12ac9 0x12a95: nop 0x12a96: mov ah, 0x2c 0x12a98: int 0x21 0x12a9a: cmp dh, 3 0x12a9d: jle 0x12aa1 0x12a9f: jmp 0x12a86 0x12aa1: mov ah, 9 0x12aa3: mov dx, si |
| 2018-12-25T12:00:26.580960524Z | 47 | PC: 12ace | Get disk transfer address |
| 2018-12-25T12:00:26.582343936Z | 26 | PC: 12ae1 | Set disk transfer address |
| 2018-12-25T12:00:26.594459107Z | 78 | PC: 12b6c | Find first file |
| 2018-12-25T12:00:26.600474556Z | 79 | PC: 12b72 | Find next file |
| 2018-12-25T12:00:26.602825438Z | 79 | PC: 12b72 | Find next file (See above) |
| 2018-12-25T12:00:26.605976599Z | 79 | PC: 12b72 | Find next file (See above) |
| 2018-12-25T12:00:26.609113736Z | 79 | PC: 12b72 | Find next file (See above) |
| 2018-12-25T12:00:26.611546788Z | 79 | PC: 12b72 | Find next file (See above) |
| 2018-12-25T12:00:26.613946352Z | 79 | PC: 12b72 | Find next file (See above) |
| 2018-12-25T12:00:26.616869837Z | 79 | PC: 12b72 | Find next file (See above) |
| 2018-12-25T12:00:26.620165285Z | 79 | PC: 12b72 | Find next file (See above) |
| 2018-12-25T12:00:26.622393145Z | 78 | PC: 12b6c | Find first file (See above) |
| 2018-12-25T12:00:26.631441516Z | 79 | PC: 12b72 | Find next file (See above) |
| 2018-12-25T12:00:26.634519374Z | 67 | PC: 12bab | Get or set file attributes |
| 2018-12-25T12:00:26.640304918Z | 67 | PC: 12bbd | Get or set file attributes |
| 2018-12-25T12:00:27.449263946Z | 61 | PC: 12bc8 | Open file (Filename = 'C:\DOS\FORMAT.COM') |
| 2018-12-25T12:00:27.456762356Z | 87 | PC: 12bd4 | Get or set file date and time |
| 2018-12-25T12:00:27.458146763Z | 44 | PC: 12be0 | Get time 0x12be0: mov ah, 0x3f 0x12be2: mov cx, 3 0x12be5: mov dx, 0x68 0x12be8: nop 0x12be9: add dx, si 0x12beb: int 0x21 0x12bed: jb 0x12c45 0x12bef: cmp ax, 3 0x12bf2: jne 0x12c45 0x12bf4: mov ax, 0x4202 0x12bf7: mov cx, 0 0x12bfa: mov dx, 0 0x12bfd: int 0x21 0x12bff: jb 0x12c45 0x12c01: mov cx, ax 0x12c03: sub ax, 3 0x12c06: mov word ptr [si + 0x6c], ax 0x12c09: nop 0x12c0a: add cx, 0x339 0x12c0e: mov di, si |
| 2018-12-25T12:00:27.460785037Z | 63 | PC: 12bed | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:00:27.468149059Z | 66 | PC: 12bff | Move file pointer |
| 2018-12-25T12:00:27.47158526Z | 64 | PC: 12c24 | Write file or device (Write 801 bytes on handle 5) |
| 2018-12-25T12:00:27.481822375Z | 66 | PC: 12c36 | Move file pointer |
| 2018-12-25T12:00:27.483661111Z | 64 | PC: 12c45 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:00:27.487412646Z | 87 | PC: 12c58 | Get or set file date and time |
| 2018-12-25T12:00:27.489347275Z | 62 | PC: 12c5c | Close file |
| 2018-12-25T12:00:27.499773753Z | 67 | PC: 12c6b | Get or set file attributes |
| 2018-12-25T12:00:27.50969281Z | 26 | PC: 12c78 | Set disk transfer address |
{"DateBased":true,"Day":22,"Month":6,"Year":1991,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6886,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:00:26.919412782Z | 255 | PC: 12a6c | UNKNOWN! |
| 2018-12-25T12:00:26.921375173Z | 42 | PC: 12a7b | Get date 0x12a7b: cmp cx, 0x7c7 0x12a7f: jb 0x12a96 0x12a81: jge 0x12a86 0x12a83: jmp 0x12ac9 0x12a85: nop 0x12a86: cmp dh, 6 0x12a89: jge 0x12a8e 0x12a8b: jmp 0x12ac9 0x12a8d: nop 0x12a8e: cmp dl, 0x16 0x12a91: jge 0x12aa1 0x12a93: jmp 0x12ac9 0x12a95: nop 0x12a96: mov ah, 0x2c 0x12a98: int 0x21 0x12a9a: cmp dh, 3 0x12a9d: jle 0x12aa1 0x12a9f: jmp 0x12a86 0x12aa1: mov ah, 9 0x12aa3: mov dx, si |
| 2018-12-25T12:00:26.924588149Z | 9 | PC: 12aab | Display string (String= ' Violator strikes again... ') |
| 2018-12-25T12:00:26.931328465Z | 47 | PC: 12ace | Get disk transfer address |
| 2018-12-25T12:00:26.933314218Z | 26 | PC: 12ae1 | Set disk transfer address |
| 2018-12-25T12:00:26.935991742Z | 78 | PC: 12b6c | Find first file |
| 2018-12-25T12:00:26.943012526Z | 79 | PC: 12b72 | Find next file |
| 2018-12-25T12:00:26.946188497Z | 79 | PC: 12b72 | Find next file (See above) |
| 2018-12-25T12:00:26.950061542Z | 79 | PC: 12b72 | Find next file (See above) |
| 2018-12-25T12:00:26.953668431Z | 79 | PC: 12b72 | Find next file (See above) |
| 2018-12-25T12:00:26.956590753Z | 79 | PC: 12b72 | Find next file (See above) |
| 2018-12-25T12:00:26.960051816Z | 79 | PC: 12b72 | Find next file (See above) |
| 2018-12-25T12:00:26.966070284Z | 79 | PC: 12b72 | Find next file (See above) |
| 2018-12-25T12:00:26.96871673Z | 79 | PC: 12b72 | Find next file (See above) |
| 2018-12-25T12:00:26.971647525Z | 78 | PC: 12b6c | Find first file (See above) |
| 2018-12-25T12:00:26.982251386Z | 79 | PC: 12b72 | Find next file (See above) |
| 2018-12-25T12:00:26.986022299Z | 67 | PC: 12bab | Get or set file attributes |
| 2018-12-25T12:00:26.99431499Z | 67 | PC: 12bbd | Get or set file attributes |
| 2018-12-25T12:00:27.336959686Z | 61 | PC: 12bc8 | Open file (Filename = 'C:\DOS\FORMAT.COM') |
| 2018-12-25T12:00:27.348407394Z | 87 | PC: 12bd4 | Get or set file date and time |
| 2018-12-25T12:00:27.353092815Z | 44 | PC: 12be0 | Get time 0x12be0: mov ah, 0x3f 0x12be2: mov cx, 3 0x12be5: mov dx, 0x68 0x12be8: nop 0x12be9: add dx, si 0x12beb: int 0x21 0x12bed: jb 0x12c45 0x12bef: cmp ax, 3 0x12bf2: jne 0x12c45 0x12bf4: mov ax, 0x4202 0x12bf7: mov cx, 0 0x12bfa: mov dx, 0 0x12bfd: int 0x21 0x12bff: jb 0x12c45 0x12c01: mov cx, ax 0x12c03: sub ax, 3 0x12c06: mov word ptr [si + 0x6c], ax 0x12c09: nop 0x12c0a: add cx, 0x339 0x12c0e: mov di, si |
| 2018-12-25T12:00:27.356394046Z | 63 | PC: 12bed | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:00:27.363184829Z | 66 | PC: 12bff | Move file pointer |
| 2018-12-25T12:00:27.36532589Z | 64 | PC: 12c24 | Write file or device (Write 801 bytes on handle 5) |
| 2018-12-25T12:00:27.381362673Z | 66 | PC: 12c36 | Move file pointer |
| 2018-12-25T12:00:27.384112474Z | 64 | PC: 12c45 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:00:27.387832064Z | 87 | PC: 12c58 | Get or set file date and time |
| 2018-12-25T12:00:27.397551507Z | 62 | PC: 12c5c | Close file |
| 2018-12-25T12:00:27.409959346Z | 67 | PC: 12c6b | Get or set file attributes |
| 2018-12-25T12:00:27.422513883Z | 26 | PC: 12c78 | Set disk transfer address |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6886,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:00:29.276977531Z | 255 | PC: 12a6c | UNKNOWN! |
| 2018-12-25T12:00:29.278184955Z | 42 | PC: 12a7b | Get date 0x12a7b: cmp cx, 0x7c7 0x12a7f: jb 0x12a96 0x12a81: jge 0x12a86 0x12a83: jmp 0x12ac9 0x12a85: nop 0x12a86: cmp dh, 6 0x12a89: jge 0x12a8e 0x12a8b: jmp 0x12ac9 0x12a8d: nop 0x12a8e: cmp dl, 0x16 0x12a91: jge 0x12aa1 0x12a93: jmp 0x12ac9 0x12a95: nop 0x12a96: mov ah, 0x2c 0x12a98: int 0x21 0x12a9a: cmp dh, 3 0x12a9d: jle 0x12aa1 0x12a9f: jmp 0x12a86 0x12aa1: mov ah, 9 0x12aa3: mov dx, si |
| 2018-12-25T12:00:29.281563558Z | 44 | PC: 12a9a | Get time 0x12a9a: cmp dh, 3 0x12a9d: jle 0x12aa1 0x12a9f: jmp 0x12a86 0x12aa1: mov ah, 9 0x12aa3: mov dx, si 0x12aa5: add dx, 0x40 0x12aa8: nop 0x12aa9: int 0x21 0x12aab: cmp byte ptr [si], 0x1a 0x12aae: nop 0x12aaf: nop 0x12ab0: ja 0x12ac9 0x12ab2: pushf 0x12ab3: mov al, byte ptr [si] 0x12ab5: nop 0x12ab6: nop 0x12ab7: mov cx, 0x100 0x12aba: mov dx, 0 0x12abd: mov bx, 1 0x12ac0: int 0x26 |
| 2018-12-25T12:00:29.284410071Z | 9 | PC: 12aab | Display string (String= ' Violator strikes again... ') |
| 2018-12-25T12:00:29.291384035Z | 47 | PC: 12ace | Get disk transfer address |
| 2018-12-25T12:00:29.294398541Z | 26 | PC: 12ae1 | Set disk transfer address |
| 2018-12-25T12:00:29.296161356Z | 78 | PC: 12b6c | Find first file |
| 2018-12-25T12:00:29.302984203Z | 79 | PC: 12b72 | Find next file |
| 2018-12-25T12:00:29.30658625Z | 79 | PC: 12b72 | Find next file (See above) |
| 2018-12-25T12:00:29.309734283Z | 79 | PC: 12b72 | Find next file (See above) |
| 2018-12-25T12:00:29.313687021Z | 79 | PC: 12b72 | Find next file (See above) |
| 2018-12-25T12:00:29.318293908Z | 79 | PC: 12b72 | Find next file (See above) |
| 2018-12-25T12:00:29.322040642Z | 79 | PC: 12b72 | Find next file (See above) |
| 2018-12-25T12:00:29.325561932Z | 79 | PC: 12b72 | Find next file (See above) |
| 2018-12-25T12:00:29.329112358Z | 79 | PC: 12b72 | Find next file (See above) |
| 2018-12-25T12:00:29.333049189Z | 78 | PC: 12b6c | Find first file (See above) |
| 2018-12-25T12:00:29.346724084Z | 79 | PC: 12b72 | Find next file (See above) |
| 2018-12-25T12:00:29.364863188Z | 67 | PC: 12bab | Get or set file attributes |
| 2018-12-25T12:00:29.372611401Z | 67 | PC: 12bbd | Get or set file attributes |
| 2018-12-25T12:00:29.71903788Z | 61 | PC: 12bc8 | Open file (Filename = 'C:\DOS\FORMAT.COM') |
| 2018-12-25T12:00:29.724113411Z | 87 | PC: 12bd4 | Get or set file date and time |
| 2018-12-25T12:00:29.726831106Z | 44 | PC: 12be0 | Get time 0x12be0: mov ah, 0x3f 0x12be2: mov cx, 3 0x12be5: mov dx, 0x68 0x12be8: nop 0x12be9: add dx, si 0x12beb: int 0x21 0x12bed: jb 0x12c45 0x12bef: cmp ax, 3 0x12bf2: jne 0x12c45 0x12bf4: mov ax, 0x4202 0x12bf7: mov cx, 0 0x12bfa: mov dx, 0 0x12bfd: int 0x21 0x12bff: jb 0x12c45 0x12c01: mov cx, ax 0x12c03: sub ax, 3 0x12c06: mov word ptr [si + 0x6c], ax 0x12c09: nop 0x12c0a: add cx, 0x339 0x12c0e: mov di, si |
| 2018-12-25T12:00:29.730362125Z | 63 | PC: 12bed | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:00:29.734705967Z | 66 | PC: 12bff | Move file pointer |
| 2018-12-25T12:00:29.737025502Z | 64 | PC: 12c24 | Write file or device (Write 801 bytes on handle 5) |
| 2018-12-25T12:00:29.743373559Z | 66 | PC: 12c36 | Move file pointer |
| 2018-12-25T12:00:29.74445994Z | 64 | PC: 12c45 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:00:29.749717205Z | 87 | PC: 12c58 | Get or set file date and time |
| 2018-12-25T12:00:29.75149653Z | 62 | PC: 12c5c | Close file |
| 2018-12-25T12:00:29.760807285Z | 67 | PC: 12c6b | Get or set file attributes |
| 2018-12-25T12:00:29.7737861Z | 26 | PC: 12c78 | Set disk transfer address |