{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7649,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:02:18.376304862Z | 64 | PC: 0 | Write file or device (Write 2 bytes on handle 1) |
| 2018-12-25T12:02:18.381771147Z | 41 | PC: 94fae | Parse filename |
| 2018-12-25T12:02:18.385345129Z | 41 | PC: 9502f | Parse filename |
| 2018-12-25T12:02:18.388200186Z | 41 | PC: 9504c | Parse filename |
| 2018-12-25T12:02:18.390075599Z | 26 | PC: 984f7 | Set disk transfer address |
| 2018-12-25T12:02:18.392677045Z | 71 | PC: 986f3 | Get current directory |
| 2018-12-25T12:02:18.395785707Z | 78 | PC: 986fe | Find first file |
| 2018-12-25T12:02:18.401521809Z | 71 | PC: 986f3 | Get current directory (See above) |
| 2018-12-25T12:02:18.403588531Z | 78 | PC: 986fe | Find first file (See above) |
| 2018-12-25T12:02:18.410379301Z | 64 | PC: 9a848 | Write file or device (Write 26 bytes on handle 2) |
| 2018-12-25T12:02:18.413236489Z | 37 | PC: 123c4 | Set interrupt vector (Interrupt = '34' AKA 'Random write') |
| 2018-12-25T12:02:18.414875447Z | 37 | PC: 123cb | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records') |
| 2018-12-25T12:02:18.415823754Z | 37 | PC: 123d2 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:02:18.416607826Z | 62 | PC: 122ab | Close file |
| 2018-12-25T12:02:18.419062592Z | 62 | PC: 122ab | Close file (See above) |
| 2018-12-25T12:02:18.420657819Z | 62 | PC: 122ab | Close file (See above) |
| 2018-12-25T12:02:18.422160256Z | 62 | PC: 122ab | Close file (See above) |
| 2018-12-25T12:02:18.424482822Z | 62 | PC: 122ab | Close file (See above) |
| 2018-12-25T12:02:18.425916395Z | 62 | PC: 122ab | Close file (See above) |
| 2018-12-25T12:02:18.427257227Z | 62 | PC: 122ab | Close file (See above) |
| 2018-12-25T12:02:18.42885327Z | 62 | PC: 122ab | Close file (See above) |
| 2018-12-25T12:02:18.430705477Z | 62 | PC: 122ab | Close file (See above) |
| 2018-12-25T12:02:18.432056595Z | 62 | PC: 122ab | Close file (See above) |
| 2018-12-25T12:02:18.43335627Z | 62 | PC: 122ab | Close file (See above) |
| 2018-12-25T12:02:18.434874552Z | 62 | PC: 122ab | Close file (See above) |
| 2018-12-25T12:02:18.436312176Z | 62 | PC: 122ab | Close file (See above) |
| 2018-12-25T12:02:18.437754668Z | 62 | PC: 122ab | Close file (See above) |
| 2018-12-25T12:02:18.439711089Z | 62 | PC: 122ab | Close file (See above) |
| 2018-12-25T12:02:18.441351797Z | 99 | PC: 9a5d7 | Get DBCS lead byte table pointer |
| 2018-12-25T12:02:18.44248584Z | 56 | PC: 94df9 | Get or set country info |
| 2018-12-25T12:02:18.444669891Z | 64 | PC: 9a848 | Write file or device (See above) |
| 2018-12-25T12:02:18.449406504Z | 25 | PC: 94e62 | Get default drive |
| 2018-12-25T12:02:18.450820658Z | 71 | PC: 970dd | Get current directory |
| 2018-12-25T12:02:18.455227302Z | 64 | PC: 9a848 | Write file or device (See above) |
| 2018-12-25T12:02:18.458263347Z | 2 | PC: 970b2 | Character output (Char = '3e') |
| 2018-12-25T12:02:18.460304481Z | 93 | PC: 94f20 | File sharing functions |
| 2018-12-25T12:02:18.462866635Z | 93 | PC: 94f27 | File sharing functions |
| 2018-12-25T12:02:18.464695583Z | 10 | PC: 94f39 | Buffered keyboard input |
| 2018-12-25T12:02:33.42344016Z | 0 | PC: 0 | Program terminate (See above) |
| 2018-12-25T12:02:34.778137872Z | 0 | PC: 0 | Program terminate (See above) |
| 2018-12-25T12:02:34.88052737Z | 64 | PC: 9a848 | Write file or device (See above) |
| 2018-12-25T12:02:34.887131937Z | 41 | PC: 94fae | Parse filename (See above) |
| 2018-12-25T12:02:34.889168116Z | 41 | PC: 9502f | Parse filename (See above) |
| 2018-12-25T12:02:34.890874514Z | 41 | PC: 9504c | Parse filename (See above) |
| 2018-12-25T12:02:34.895120239Z | 26 | PC: 984f7 | Set disk transfer address (See above) |
| 2018-12-25T12:02:34.896702172Z | 71 | PC: 986f3 | Get current directory (See above) |
| 2018-12-25T12:02:34.904202045Z | 78 | PC: 986fe | Find first file (See above) |
| 2018-12-25T12:02:34.915157776Z | 71 | PC: 9856c | Get current directory |
| 2018-12-25T12:02:34.918101132Z | 73 | PC: 97c09 | Release memory |
| 2018-12-25T12:02:34.919391885Z | 75 | PC: 11821 | Execute program |
| 2018-12-25T12:02:34.933650192Z | 9 | PC: 12a47 | Display string (String= 'Hello, World! ') |
| 2018-12-25T12:02:34.938055083Z | 76 | PC: 12a4b | Terminate with return code (Return code = '36') |
{"DateBased":true,"Day":7,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7649,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:02:18.689319306Z | 242 | PC: 12a68 | UNKNOWN! |
| 2018-12-25T12:02:18.690588088Z | 242 | PC: 12b5b | UNKNOWN! |
| 2018-12-25T12:02:18.691671207Z | 74 | PC: 12bc4 | Reallocate memory |
| 2018-12-25T12:02:18.692884892Z | 53 | PC: 12bc9 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:02:18.694518306Z | 42 | PC: 12bdf | Get date 0x12bdf: cmp cx, 0x7c6 0x12be3: je 0x12c09 0x12be5: cmp al, 1 0x12be7: jne 0x12c11 0x12be9: cmp dl, 0x17 0x12bec: jne 0x12c1e 0x12bee: call 0x12cc5 0x12bf1: mov ax, cs 0x12bf3: mov ds, ax 0x12bf5: cmp byte ptr [0x92], 1 0x12bfa: jne 0x12c3d 0x12bfc: mov ah, 9 0x12bfe: mov dx, 0xc2 0x12c01: int 0x21 0x12c03: mov ax, 0x4c01 0x12c06: int 0x21 0x12c08: hlt 0x12c09: mov byte ptr [0x91], 0x10 0x12c0e: jmp 0x12c3d 0x12c10: nop |
| 2018-12-25T12:02:18.696649567Z | 53 | PC: 12c23 | Get interrupt vector (Interrupt = '22' AKA 'Create or truncate file') |
| 2018-12-25T12:02:18.697807669Z | 37 | PC: 12c33 | Set interrupt vector (Interrupt = '22' AKA 'Create or truncate file') |
| 2018-12-25T12:02:18.699321881Z | 37 | PC: 12c45 | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:02:18.700699535Z | 75 | PC: 12c71 | Execute program |
| 2018-12-25T12:02:18.715193287Z | 9 | PC: 13353 | Display string (String= 'This is a COM sacrificial goat exactly 400H bytes long ') |
| 2018-12-25T12:02:18.720887331Z | 0 | PC: 13357 | Program terminate |
| 2018-12-25T12:02:18.724340551Z | 73 | PC: 12c77 | Release memory |
| 2018-12-25T12:02:18.72671869Z | 77 | PC: 12c7b | Get program return code |
| 2018-12-25T12:02:18.728496865Z | 49 | PC: 12c89 | Terminate and stay resident (Return code = '0' | Memory size = '119') |
{"DateBased":true,"Day":23,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7649,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:02:18.715990277Z | 242 | PC: 12a68 | UNKNOWN! |
| 2018-12-25T12:02:18.717121606Z | 242 | PC: 12b5b | UNKNOWN! |
| 2018-12-25T12:02:18.7181888Z | 74 | PC: 12bc4 | Reallocate memory |
| 2018-12-25T12:02:18.719375164Z | 53 | PC: 12bc9 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:02:18.720809831Z | 42 | PC: 12bdf | Get date 0x12bdf: cmp cx, 0x7c6 0x12be3: je 0x12c09 0x12be5: cmp al, 1 0x12be7: jne 0x12c11 0x12be9: cmp dl, 0x17 0x12bec: jne 0x12c1e 0x12bee: call 0x12cc5 0x12bf1: mov ax, cs 0x12bf3: mov ds, ax 0x12bf5: cmp byte ptr [0x92], 1 0x12bfa: jne 0x12c3d 0x12bfc: mov ah, 9 0x12bfe: mov dx, 0xc2 0x12c01: int 0x21 0x12c03: mov ax, 0x4c01 0x12c06: int 0x21 0x12c08: hlt 0x12c09: mov byte ptr [0x91], 0x10 0x12c0e: jmp 0x12c3d 0x12c10: nop |
| 2018-12-25T12:02:18.72301402Z | 37 | PC: 12c45 | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:02:18.723938023Z | 75 | PC: 12c71 | Execute program |
| 2018-12-25T12:02:18.740928704Z | 9 | PC: 13353 | Display string (String= 'This is a COM sacrificial goat exactly 400H bytes long ') |
| 2018-12-25T12:02:18.747337979Z | 0 | PC: 13357 | Program terminate |
| 2018-12-25T12:02:18.750338068Z | 73 | PC: 12c77 | Release memory |
| 2018-12-25T12:02:18.75175735Z | 77 | PC: 12c7b | Get program return code |
| 2018-12-25T12:02:18.753166718Z | 49 | PC: 12c89 | Terminate and stay resident (Return code = '0' | Memory size = '119') |
{"DateBased":true,"Day":23,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7649,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:02:18.842254183Z | 242 | PC: 12a68 | UNKNOWN! |
| 2018-12-25T12:02:18.844184267Z | 242 | PC: 12b5b | UNKNOWN! |
| 2018-12-25T12:02:18.845363828Z | 74 | PC: 12bc4 | Reallocate memory |
| 2018-12-25T12:02:18.84664411Z | 53 | PC: 12bc9 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:02:18.848094999Z | 42 | PC: 12bdf | Get date 0x12bdf: cmp cx, 0x7c6 0x12be3: je 0x12c09 0x12be5: cmp al, 1 0x12be7: jne 0x12c11 0x12be9: cmp dl, 0x17 0x12bec: jne 0x12c1e 0x12bee: call 0x12cc5 0x12bf1: mov ax, cs 0x12bf3: mov ds, ax 0x12bf5: cmp byte ptr [0x92], 1 0x12bfa: jne 0x12c3d 0x12bfc: mov ah, 9 0x12bfe: mov dx, 0xc2 0x12c01: int 0x21 0x12c03: mov ax, 0x4c01 0x12c06: int 0x21 0x12c08: hlt 0x12c09: mov byte ptr [0x91], 0x10 0x12c0e: jmp 0x12c3d 0x12c10: nop |
| 2018-12-25T12:02:18.850595003Z | 53 | PC: 12cfe | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:02:18.851644601Z | 37 | PC: 12d10 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:02:18.853818172Z | 37 | PC: 12d26 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:02:18.855810713Z | 37 | PC: 12c45 | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:02:18.857290774Z | 75 | PC: 12c71 | Execute program |
| 2018-12-25T12:02:18.873045907Z | 9 | PC: 13353 | Display string (String= 'This is a COM sacrificial goat exactly 400H bytes long ') |
| 2018-12-25T12:02:18.879686968Z | 0 | PC: 13357 | Program terminate |
| 2018-12-25T12:02:18.883355439Z | 73 | PC: 12c77 | Release memory |
| 2018-12-25T12:02:18.884960117Z | 77 | PC: 12c7b | Get program return code |
| 2018-12-25T12:02:18.887373734Z | 49 | PC: 12c89 | Terminate and stay resident (Return code = '0' | Memory size = '119') |
{"DateBased":true,"Day":1,"Month":1,"Year":1990,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7649,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:02:18.847987821Z | 242 | PC: 12a68 | UNKNOWN! |
| 2018-12-25T12:02:18.856140745Z | 242 | PC: 12b5b | UNKNOWN! |
| 2018-12-25T12:02:18.857365596Z | 74 | PC: 12bc4 | Reallocate memory |
| 2018-12-25T12:02:18.858672709Z | 53 | PC: 12bc9 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:02:18.860406372Z | 42 | PC: 12bdf | Get date 0x12bdf: cmp cx, 0x7c6 0x12be3: je 0x12c09 0x12be5: cmp al, 1 0x12be7: jne 0x12c11 0x12be9: cmp dl, 0x17 0x12bec: jne 0x12c1e 0x12bee: call 0x12cc5 0x12bf1: mov ax, cs 0x12bf3: mov ds, ax 0x12bf5: cmp byte ptr [0x92], 1 0x12bfa: jne 0x12c3d 0x12bfc: mov ah, 9 0x12bfe: mov dx, 0xc2 0x12c01: int 0x21 0x12c03: mov ax, 0x4c01 0x12c06: int 0x21 0x12c08: hlt 0x12c09: mov byte ptr [0x91], 0x10 0x12c0e: jmp 0x12c3d 0x12c10: nop |
| 2018-12-25T12:02:18.862501712Z | 37 | PC: 12c45 | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:02:18.863932184Z | 75 | PC: 12c71 | Execute program |
| 2018-12-25T12:02:18.878738303Z | 9 | PC: 13353 | Display string (String= 'This is a COM sacrificial goat exactly 400H bytes long ') |
| 2018-12-25T12:02:18.884018998Z | 0 | PC: 13357 | Program terminate |
| 2018-12-25T12:02:18.886822255Z | 73 | PC: 12c77 | Release memory |
| 2018-12-25T12:02:18.889188414Z | 77 | PC: 12c7b | Get program return code |
| 2018-12-25T12:02:18.890379433Z | 49 | PC: 12c89 | Terminate and stay resident (Return code = '0' | Memory size = '119') |