{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9120,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:22:25.78068933Z | 255 | PC: 12a6c | UNKNOWN! |
| 2018-12-25T12:22:25.78176717Z | 42 | PC: 12a78 | Get date 0x12a78: cmp cx, 0x7c7 0x12a7c: jb 0x12a97 0x12a7e: jge 0x12a83 0x12a80: jmp 0x12add 0x12a82: nop 0x12a83: mov ah, 0x2a 0x12a85: int 0x21 0x12a87: cmp dh, 6 0x12a8a: jge 0x12a8f 0x12a8c: jmp 0x12add 0x12a8e: nop 0x12a8f: cmp dl, 0x16 0x12a92: jge 0x12ab5 0x12a94: jmp 0x12add 0x12a96: nop 0x12a97: cmp cx, 0x7c6 0x12a9b: je 0x12aaa 0x12a9d: mov ah, 0x2b 0x12a9f: mov cx, 0x7c6 0x12aa2: int 0x21 |
| 2018-12-25T12:22:25.783588631Z | 43 | PC: 12aa4 | Set date |
| 2018-12-25T12:22:25.78605562Z | 45 | PC: 12aaa | Set time |
| 2018-12-25T12:22:25.788485895Z | 44 | PC: 12aae | Get time 0x12aae: cmp cl, 0xf 0x12ab1: jae 0x12abf 0x12ab3: jmp 0x12a83 0x12ab5: mov ah, 9 0x12ab7: mov dx, si 0x12ab9: add dx, 0x40 0x12abc: nop 0x12abd: int 0x21 0x12abf: cmp byte ptr [si], 0x1a 0x12ac2: nop 0x12ac3: nop 0x12ac4: ja 0x12add 0x12ac6: pushf 0x12ac7: mov al, byte ptr [si] 0x12ac9: nop 0x12aca: nop 0x12acb: mov cx, 0x100 0x12ace: mov dx, 0 0x12ad1: mov bx, 1 0x12ad4: int 0x26 |
| 2018-12-25T12:22:25.790764407Z | 42 | PC: 12a87 | Get date 0x12a87: cmp dh, 6 0x12a8a: jge 0x12a8f 0x12a8c: jmp 0x12add 0x12a8e: nop 0x12a8f: cmp dl, 0x16 0x12a92: jge 0x12ab5 0x12a94: jmp 0x12add 0x12a96: nop 0x12a97: cmp cx, 0x7c6 0x12a9b: je 0x12aaa 0x12a9d: mov ah, 0x2b 0x12a9f: mov cx, 0x7c6 0x12aa2: int 0x21 0x12aa4: mov ah, 0x2d 0x12aa6: mov cl, 1 0x12aa8: int 0x21 0x12aaa: mov ah, 0x2c 0x12aac: int 0x21 0x12aae: cmp cl, 0xf 0x12ab1: jae 0x12abf |
| 2018-12-25T12:22:25.792657049Z | 47 | PC: 12ae2 | Get disk transfer address |
| 2018-12-25T12:22:25.794462683Z | 26 | PC: 12af5 | Set disk transfer address |
| 2018-12-25T12:22:25.796591164Z | 78 | PC: 12b80 | Find first file |
| 2018-12-25T12:22:25.804475712Z | 79 | PC: 12b86 | Find next file |
| 2018-12-25T12:22:25.807578302Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T12:22:25.810258196Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T12:22:25.812611706Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T12:22:25.815065437Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T12:22:25.817726643Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T12:22:25.82012761Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T12:22:25.822643707Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T12:22:25.825234332Z | 78 | PC: 12b80 | Find first file (See above) |
| 2018-12-25T12:22:25.834376932Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T12:22:25.837298428Z | 67 | PC: 12bbf | Get or set file attributes |
| 2018-12-25T12:22:25.843739746Z | 67 | PC: 12bd1 | Get or set file attributes |
| 2018-12-25T12:22:29.247700556Z | 61 | PC: 12bdc | Open file (Filename = 'C:\DOS\FORMAT.COM') |
| 2018-12-25T12:22:29.254309954Z | 87 | PC: 12be8 | Get or set file date and time |
| 2018-12-25T12:22:29.261841523Z | 44 | PC: 12bf4 | Get time 0x12bf4: mov ah, 0x3f 0x12bf6: mov cx, 3 0x12bf9: mov dx, 0x68 0x12bfc: nop 0x12bfd: add dx, si 0x12bff: int 0x21 0x12c01: jb 0x12c59 0x12c03: cmp ax, 3 0x12c06: jne 0x12c59 0x12c08: mov ax, 0x4202 0x12c0b: mov cx, 0 0x12c0e: mov dx, 0 0x12c11: int 0x21 0x12c13: jb 0x12c59 0x12c15: mov cx, ax 0x12c17: sub ax, 3 0x12c1a: mov word ptr [si + 0x6c], ax 0x12c1d: nop 0x12c1e: add cx, 0x34d 0x12c22: mov di, si |
| 2018-12-25T12:22:29.264329667Z | 63 | PC: 12c01 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:22:29.314706104Z | 66 | PC: 12c13 | Move file pointer |
| 2018-12-25T12:22:29.317701765Z | 64 | PC: 12c38 | Write file or device (Write 821 bytes on handle 5) |
| 2018-12-25T12:22:29.325629753Z | 66 | PC: 12c4a | Move file pointer |
| 2018-12-25T12:22:29.327358029Z | 64 | PC: 12c59 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:22:29.331000833Z | 87 | PC: 12c6c | Get or set file date and time |
| 2018-12-25T12:22:29.332353022Z | 62 | PC: 12c70 | Close file |
| 2018-12-25T12:22:29.338740314Z | 67 | PC: 12c7f | Get or set file attributes |
| 2018-12-25T12:22:29.348931379Z | 26 | PC: 12c8c | Set disk transfer address |
{"DateBased":true,"Day":1,"Month":1,"Year":1990,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9120,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:22:26.001717846Z | 255 | PC: 12a6c | UNKNOWN! |
| 2018-12-25T12:22:26.003062429Z | 42 | PC: 12a78 | Get date 0x12a78: cmp cx, 0x7c7 0x12a7c: jb 0x12a97 0x12a7e: jge 0x12a83 0x12a80: jmp 0x12add 0x12a82: nop 0x12a83: mov ah, 0x2a 0x12a85: int 0x21 0x12a87: cmp dh, 6 0x12a8a: jge 0x12a8f 0x12a8c: jmp 0x12add 0x12a8e: nop 0x12a8f: cmp dl, 0x16 0x12a92: jge 0x12ab5 0x12a94: jmp 0x12add 0x12a96: nop 0x12a97: cmp cx, 0x7c6 0x12a9b: je 0x12aaa 0x12a9d: mov ah, 0x2b 0x12a9f: mov cx, 0x7c6 0x12aa2: int 0x21 |
| 2018-12-25T12:22:26.005370248Z | 44 | PC: 12aae | Get time 0x12aae: cmp cl, 0xf 0x12ab1: jae 0x12abf 0x12ab3: jmp 0x12a83 0x12ab5: mov ah, 9 0x12ab7: mov dx, si 0x12ab9: add dx, 0x40 0x12abc: nop 0x12abd: int 0x21 0x12abf: cmp byte ptr [si], 0x1a 0x12ac2: nop 0x12ac3: nop 0x12ac4: ja 0x12add 0x12ac6: pushf 0x12ac7: mov al, byte ptr [si] 0x12ac9: nop 0x12aca: nop 0x12acb: mov cx, 0x100 0x12ace: mov dx, 0 0x12ad1: mov bx, 1 0x12ad4: int 0x26 |
| 2018-12-25T12:22:26.008139779Z | 47 | PC: 12ae2 | Get disk transfer address |
| 2018-12-25T12:22:26.009948142Z | 26 | PC: 12af5 | Set disk transfer address |
| 2018-12-25T12:22:26.011158926Z | 78 | PC: 12b80 | Find first file |
| 2018-12-25T12:22:26.016812293Z | 79 | PC: 12b86 | Find next file |
| 2018-12-25T12:22:26.019774802Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T12:22:26.022291625Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T12:22:26.025259404Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T12:22:26.029020627Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T12:22:26.033540807Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T12:22:26.036483996Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T12:22:26.045485402Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T12:22:26.04786496Z | 78 | PC: 12b80 | Find first file (See above) |
| 2018-12-25T12:22:26.056364295Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T12:22:26.059193494Z | 67 | PC: 12bbf | Get or set file attributes |
| 2018-12-25T12:22:26.065783057Z | 67 | PC: 12bd1 | Get or set file attributes |
| 2018-12-25T12:22:29.254579377Z | 61 | PC: 12bdc | Open file (Filename = 'C:\DOS\FORMAT.COM') |
| 2018-12-25T12:22:29.261292154Z | 87 | PC: 12be8 | Get or set file date and time |
| 2018-12-25T12:22:29.263140009Z | 44 | PC: 12bf4 | Get time 0x12bf4: mov ah, 0x3f 0x12bf6: mov cx, 3 0x12bf9: mov dx, 0x68 0x12bfc: nop 0x12bfd: add dx, si 0x12bff: int 0x21 0x12c01: jb 0x12c59 0x12c03: cmp ax, 3 0x12c06: jne 0x12c59 0x12c08: mov ax, 0x4202 0x12c0b: mov cx, 0 0x12c0e: mov dx, 0 0x12c11: int 0x21 0x12c13: jb 0x12c59 0x12c15: mov cx, ax 0x12c17: sub ax, 3 0x12c1a: mov word ptr [si + 0x6c], ax 0x12c1d: nop 0x12c1e: add cx, 0x34d 0x12c22: mov di, si |
| 2018-12-25T12:22:29.265140413Z | 63 | PC: 12c01 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:22:29.317325955Z | 66 | PC: 12c13 | Move file pointer |
| 2018-12-25T12:22:29.325731716Z | 64 | PC: 12c38 | Write file or device (Write 821 bytes on handle 5) |
| 2018-12-25T12:22:29.339545358Z | 66 | PC: 12c4a | Move file pointer |
| 2018-12-25T12:22:29.341221746Z | 64 | PC: 12c59 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:22:29.348847458Z | 87 | PC: 12c6c | Get or set file date and time |
| 2018-12-25T12:22:29.350908427Z | 62 | PC: 12c70 | Close file |
| 2018-12-25T12:22:29.358446189Z | 67 | PC: 12c7f | Get or set file attributes |
| 2018-12-25T12:22:29.370884495Z | 26 | PC: 12c8c | Set disk transfer address |
{"DateBased":true,"Day":1,"Month":1,"Year":1991,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9120,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:22:26.039409685Z | 255 | PC: 12a6c | UNKNOWN! |
| 2018-12-25T12:22:26.045656878Z | 42 | PC: 12a78 | Get date 0x12a78: cmp cx, 0x7c7 0x12a7c: jb 0x12a97 0x12a7e: jge 0x12a83 0x12a80: jmp 0x12add 0x12a82: nop 0x12a83: mov ah, 0x2a 0x12a85: int 0x21 0x12a87: cmp dh, 6 0x12a8a: jge 0x12a8f 0x12a8c: jmp 0x12add 0x12a8e: nop 0x12a8f: cmp dl, 0x16 0x12a92: jge 0x12ab5 0x12a94: jmp 0x12add 0x12a96: nop 0x12a97: cmp cx, 0x7c6 0x12a9b: je 0x12aaa 0x12a9d: mov ah, 0x2b 0x12a9f: mov cx, 0x7c6 0x12aa2: int 0x21 |
| 2018-12-25T12:22:26.047785376Z | 42 | PC: 12a87 | Get date 0x12a87: cmp dh, 6 0x12a8a: jge 0x12a8f 0x12a8c: jmp 0x12add 0x12a8e: nop 0x12a8f: cmp dl, 0x16 0x12a92: jge 0x12ab5 0x12a94: jmp 0x12add 0x12a96: nop 0x12a97: cmp cx, 0x7c6 0x12a9b: je 0x12aaa 0x12a9d: mov ah, 0x2b 0x12a9f: mov cx, 0x7c6 0x12aa2: int 0x21 0x12aa4: mov ah, 0x2d 0x12aa6: mov cl, 1 0x12aa8: int 0x21 0x12aaa: mov ah, 0x2c 0x12aac: int 0x21 0x12aae: cmp cl, 0xf 0x12ab1: jae 0x12abf |
| 2018-12-25T12:22:26.049832606Z | 47 | PC: 12ae2 | Get disk transfer address |
| 2018-12-25T12:22:26.051198088Z | 26 | PC: 12af5 | Set disk transfer address |
| 2018-12-25T12:22:26.052288283Z | 78 | PC: 12b80 | Find first file |
| 2018-12-25T12:22:26.057862701Z | 79 | PC: 12b86 | Find next file |
| 2018-12-25T12:22:26.060630686Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T12:22:26.063052933Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T12:22:26.065463596Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T12:22:26.068715323Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T12:22:26.070994902Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T12:22:26.073295207Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T12:22:26.084365953Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T12:22:26.086952021Z | 78 | PC: 12b80 | Find first file (See above) |
| 2018-12-25T12:22:26.095598314Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T12:22:26.09896375Z | 67 | PC: 12bbf | Get or set file attributes |
| 2018-12-25T12:22:26.104934227Z | 67 | PC: 12bd1 | Get or set file attributes |
| 2018-12-25T12:22:29.247566156Z | 61 | PC: 12bdc | Open file (Filename = 'C:\DOS\FORMAT.COM') |
| 2018-12-25T12:22:29.254326499Z | 87 | PC: 12be8 | Get or set file date and time |
| 2018-12-25T12:22:29.256031867Z | 44 | PC: 12bf4 | Get time 0x12bf4: mov ah, 0x3f 0x12bf6: mov cx, 3 0x12bf9: mov dx, 0x68 0x12bfc: nop 0x12bfd: add dx, si 0x12bff: int 0x21 0x12c01: jb 0x12c59 0x12c03: cmp ax, 3 0x12c06: jne 0x12c59 0x12c08: mov ax, 0x4202 0x12c0b: mov cx, 0 0x12c0e: mov dx, 0 0x12c11: int 0x21 0x12c13: jb 0x12c59 0x12c15: mov cx, ax 0x12c17: sub ax, 3 0x12c1a: mov word ptr [si + 0x6c], ax 0x12c1d: nop 0x12c1e: add cx, 0x34d 0x12c22: mov di, si |
| 2018-12-25T12:22:29.258083245Z | 63 | PC: 12c01 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:22:29.314216308Z | 66 | PC: 12c13 | Move file pointer |
| 2018-12-25T12:22:29.316288425Z | 64 | PC: 12c38 | Write file or device (Write 821 bytes on handle 5) |
| 2018-12-25T12:22:29.322832969Z | 66 | PC: 12c4a | Move file pointer |
| 2018-12-25T12:22:29.324391459Z | 64 | PC: 12c59 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:22:29.328520876Z | 87 | PC: 12c6c | Get or set file date and time |
| 2018-12-25T12:22:29.330304806Z | 62 | PC: 12c70 | Close file |
| 2018-12-25T12:22:29.341578442Z | 67 | PC: 12c7f | Get or set file attributes |
| 2018-12-25T12:22:29.366467359Z | 26 | PC: 12c8c | Set disk transfer address |
{"DateBased":true,"Day":22,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9120,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:22:26.435519381Z | 255 | PC: 12a6c | UNKNOWN! |
| 2018-12-25T12:22:26.436955889Z | 42 | PC: 12a78 | Get date 0x12a78: cmp cx, 0x7c7 0x12a7c: jb 0x12a97 0x12a7e: jge 0x12a83 0x12a80: jmp 0x12add 0x12a82: nop 0x12a83: mov ah, 0x2a 0x12a85: int 0x21 0x12a87: cmp dh, 6 0x12a8a: jge 0x12a8f 0x12a8c: jmp 0x12add 0x12a8e: nop 0x12a8f: cmp dl, 0x16 0x12a92: jge 0x12ab5 0x12a94: jmp 0x12add 0x12a96: nop 0x12a97: cmp cx, 0x7c6 0x12a9b: je 0x12aaa 0x12a9d: mov ah, 0x2b 0x12a9f: mov cx, 0x7c6 0x12aa2: int 0x21 |
| 2018-12-25T12:22:26.439250976Z | 43 | PC: 12aa4 | Set date |
| 2018-12-25T12:22:26.442849597Z | 45 | PC: 12aaa | Set time |
| 2018-12-25T12:22:26.445613808Z | 44 | PC: 12aae | Get time 0x12aae: cmp cl, 0xf 0x12ab1: jae 0x12abf 0x12ab3: jmp 0x12a83 0x12ab5: mov ah, 9 0x12ab7: mov dx, si 0x12ab9: add dx, 0x40 0x12abc: nop 0x12abd: int 0x21 0x12abf: cmp byte ptr [si], 0x1a 0x12ac2: nop 0x12ac3: nop 0x12ac4: ja 0x12add 0x12ac6: pushf 0x12ac7: mov al, byte ptr [si] 0x12ac9: nop 0x12aca: nop 0x12acb: mov cx, 0x100 0x12ace: mov dx, 0 0x12ad1: mov bx, 1 0x12ad4: int 0x26 |
| 2018-12-25T12:22:26.447845546Z | 42 | PC: 12a87 | Get date 0x12a87: cmp dh, 6 0x12a8a: jge 0x12a8f 0x12a8c: jmp 0x12add 0x12a8e: nop 0x12a8f: cmp dl, 0x16 0x12a92: jge 0x12ab5 0x12a94: jmp 0x12add 0x12a96: nop 0x12a97: cmp cx, 0x7c6 0x12a9b: je 0x12aaa 0x12a9d: mov ah, 0x2b 0x12a9f: mov cx, 0x7c6 0x12aa2: int 0x21 0x12aa4: mov ah, 0x2d 0x12aa6: mov cl, 1 0x12aa8: int 0x21 0x12aaa: mov ah, 0x2c 0x12aac: int 0x21 0x12aae: cmp cl, 0xf 0x12ab1: jae 0x12abf |
| 2018-12-25T12:22:26.449915938Z | 9 | PC: 12abf | Display string (String= ' Violator strikes again... ') |
| 2018-12-25T12:22:26.468807212Z | 47 | PC: 12ae2 | Get disk transfer address |
| 2018-12-25T12:22:26.47092378Z | 26 | PC: 12af5 | Set disk transfer address |
| 2018-12-25T12:22:26.472591457Z | 78 | PC: 12b80 | Find first file |
| 2018-12-25T12:22:26.483101964Z | 79 | PC: 12b86 | Find next file |
| 2018-12-25T12:22:26.486053753Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T12:22:26.488428279Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T12:22:26.490804158Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T12:22:26.493743513Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T12:22:26.496039367Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T12:22:26.498328677Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T12:22:26.501101443Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T12:22:26.502706024Z | 78 | PC: 12b80 | Find first file (See above) |
| 2018-12-25T12:22:26.511260893Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T12:22:26.514442077Z | 67 | PC: 12bbf | Get or set file attributes |
| 2018-12-25T12:22:26.520325945Z | 67 | PC: 12bd1 | Get or set file attributes |
| 2018-12-25T12:22:29.318985512Z | 61 | PC: 12bdc | Open file (Filename = 'C:\DOS\FORMAT.COM') |
| 2018-12-25T12:22:29.331264223Z | 87 | PC: 12be8 | Get or set file date and time |
| 2018-12-25T12:22:29.333057043Z | 44 | PC: 12bf4 | Get time 0x12bf4: mov ah, 0x3f 0x12bf6: mov cx, 3 0x12bf9: mov dx, 0x68 0x12bfc: nop 0x12bfd: add dx, si 0x12bff: int 0x21 0x12c01: jb 0x12c59 0x12c03: cmp ax, 3 0x12c06: jne 0x12c59 0x12c08: mov ax, 0x4202 0x12c0b: mov cx, 0 0x12c0e: mov dx, 0 0x12c11: int 0x21 0x12c13: jb 0x12c59 0x12c15: mov cx, ax 0x12c17: sub ax, 3 0x12c1a: mov word ptr [si + 0x6c], ax 0x12c1d: nop 0x12c1e: add cx, 0x34d 0x12c22: mov di, si |
| 2018-12-25T12:22:29.335542579Z | 63 | PC: 12c01 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:22:29.341624294Z | 66 | PC: 12c13 | Move file pointer |
| 2018-12-25T12:22:29.343033931Z | 64 | PC: 12c38 | Write file or device (Write 821 bytes on handle 5) |
| 2018-12-25T12:22:29.352021279Z | 66 | PC: 12c4a | Move file pointer |
| 2018-12-25T12:22:29.353897778Z | 64 | PC: 12c59 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:22:29.35654447Z | 87 | PC: 12c6c | Get or set file date and time |
| 2018-12-25T12:22:29.357834973Z | 62 | PC: 12c70 | Close file |
| 2018-12-25T12:22:29.364541711Z | 67 | PC: 12c7f | Get or set file attributes |
| 2018-12-25T12:22:29.370833448Z | 26 | PC: 12c8c | Set disk transfer address |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9120,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:22:26.502173305Z | 255 | PC: 12a6c | UNKNOWN! |
| 2018-12-25T12:22:26.503837238Z | 42 | PC: 12a78 | Get date 0x12a78: cmp cx, 0x7c7 0x12a7c: jb 0x12a97 0x12a7e: jge 0x12a83 0x12a80: jmp 0x12add 0x12a82: nop 0x12a83: mov ah, 0x2a 0x12a85: int 0x21 0x12a87: cmp dh, 6 0x12a8a: jge 0x12a8f 0x12a8c: jmp 0x12add 0x12a8e: nop 0x12a8f: cmp dl, 0x16 0x12a92: jge 0x12ab5 0x12a94: jmp 0x12add 0x12a96: nop 0x12a97: cmp cx, 0x7c6 0x12a9b: je 0x12aaa 0x12a9d: mov ah, 0x2b 0x12a9f: mov cx, 0x7c6 0x12aa2: int 0x21 |
| 2018-12-25T12:22:26.506539796Z | 43 | PC: 12aa4 | Set date |
| 2018-12-25T12:22:26.509540605Z | 45 | PC: 12aaa | Set time |
| 2018-12-25T12:22:26.512811022Z | 44 | PC: 12aae | Get time 0x12aae: cmp cl, 0xf 0x12ab1: jae 0x12abf 0x12ab3: jmp 0x12a83 0x12ab5: mov ah, 9 0x12ab7: mov dx, si 0x12ab9: add dx, 0x40 0x12abc: nop 0x12abd: int 0x21 0x12abf: cmp byte ptr [si], 0x1a 0x12ac2: nop 0x12ac3: nop 0x12ac4: ja 0x12add 0x12ac6: pushf 0x12ac7: mov al, byte ptr [si] 0x12ac9: nop 0x12aca: nop 0x12acb: mov cx, 0x100 0x12ace: mov dx, 0 0x12ad1: mov bx, 1 0x12ad4: int 0x26 |
| 2018-12-25T12:22:26.514789408Z | 42 | PC: 12a87 | Get date 0x12a87: cmp dh, 6 0x12a8a: jge 0x12a8f 0x12a8c: jmp 0x12add 0x12a8e: nop 0x12a8f: cmp dl, 0x16 0x12a92: jge 0x12ab5 0x12a94: jmp 0x12add 0x12a96: nop 0x12a97: cmp cx, 0x7c6 0x12a9b: je 0x12aaa 0x12a9d: mov ah, 0x2b 0x12a9f: mov cx, 0x7c6 0x12aa2: int 0x21 0x12aa4: mov ah, 0x2d 0x12aa6: mov cl, 1 0x12aa8: int 0x21 0x12aaa: mov ah, 0x2c 0x12aac: int 0x21 0x12aae: cmp cl, 0xf 0x12ab1: jae 0x12abf |
| 2018-12-25T12:22:26.516699685Z | 47 | PC: 12ae2 | Get disk transfer address |
| 2018-12-25T12:22:26.518047355Z | 26 | PC: 12af5 | Set disk transfer address |
| 2018-12-25T12:22:26.519103364Z | 78 | PC: 12b80 | Find first file |
| 2018-12-25T12:22:26.529552481Z | 79 | PC: 12b86 | Find next file |
| 2018-12-25T12:22:26.531975863Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T12:22:26.534332111Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T12:22:26.536605209Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T12:22:26.538923196Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T12:22:26.541582016Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T12:22:26.543633864Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T12:22:26.545664561Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T12:22:26.548092182Z | 78 | PC: 12b80 | Find first file (See above) |
| 2018-12-25T12:22:26.555593512Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T12:22:26.558123472Z | 67 | PC: 12bbf | Get or set file attributes |
| 2018-12-25T12:22:26.563710065Z | 67 | PC: 12bd1 | Get or set file attributes |
| 2018-12-25T12:22:29.325544676Z | 61 | PC: 12bdc | Open file (Filename = 'C:\DOS\FORMAT.COM') |
| 2018-12-25T12:22:29.332611061Z | 87 | PC: 12be8 | Get or set file date and time |
| 2018-12-25T12:22:29.335691218Z | 44 | PC: 12bf4 | Get time 0x12bf4: mov ah, 0x3f 0x12bf6: mov cx, 3 0x12bf9: mov dx, 0x68 0x12bfc: nop 0x12bfd: add dx, si 0x12bff: int 0x21 0x12c01: jb 0x12c59 0x12c03: cmp ax, 3 0x12c06: jne 0x12c59 0x12c08: mov ax, 0x4202 0x12c0b: mov cx, 0 0x12c0e: mov dx, 0 0x12c11: int 0x21 0x12c13: jb 0x12c59 0x12c15: mov cx, ax 0x12c17: sub ax, 3 0x12c1a: mov word ptr [si + 0x6c], ax 0x12c1d: nop 0x12c1e: add cx, 0x34d 0x12c22: mov di, si |
| 2018-12-25T12:22:29.33780535Z | 63 | PC: 12c01 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:22:29.341452068Z | 66 | PC: 12c13 | Move file pointer |
| 2018-12-25T12:22:29.343124699Z | 64 | PC: 12c38 | Write file or device (Write 821 bytes on handle 5) |
| 2018-12-25T12:22:29.348116966Z | 66 | PC: 12c4a | Move file pointer |
| 2018-12-25T12:22:29.349124189Z | 64 | PC: 12c59 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:22:29.351525693Z | 87 | PC: 12c6c | Get or set file date and time |
| 2018-12-25T12:22:29.352604559Z | 62 | PC: 12c70 | Close file |
| 2018-12-25T12:22:29.357205699Z | 67 | PC: 12c7f | Get or set file attributes |
| 2018-12-25T12:22:29.364568642Z | 26 | PC: 12c8c | Set disk transfer address |
{"DateBased":true,"Day":1,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9120,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:22:26.915060369Z | 255 | PC: 12a6c | UNKNOWN! |
| 2018-12-25T12:22:26.916108464Z | 42 | PC: 12a78 | Get date 0x12a78: cmp cx, 0x7c7 0x12a7c: jb 0x12a97 0x12a7e: jge 0x12a83 0x12a80: jmp 0x12add 0x12a82: nop 0x12a83: mov ah, 0x2a 0x12a85: int 0x21 0x12a87: cmp dh, 6 0x12a8a: jge 0x12a8f 0x12a8c: jmp 0x12add 0x12a8e: nop 0x12a8f: cmp dl, 0x16 0x12a92: jge 0x12ab5 0x12a94: jmp 0x12add 0x12a96: nop 0x12a97: cmp cx, 0x7c6 0x12a9b: je 0x12aaa 0x12a9d: mov ah, 0x2b 0x12a9f: mov cx, 0x7c6 0x12aa2: int 0x21 |
| 2018-12-25T12:22:26.918132382Z | 43 | PC: 12aa4 | Set date |
| 2018-12-25T12:22:26.92120185Z | 45 | PC: 12aaa | Set time |
| 2018-12-25T12:22:26.92524401Z | 44 | PC: 12aae | Get time 0x12aae: cmp cl, 0xf 0x12ab1: jae 0x12abf 0x12ab3: jmp 0x12a83 0x12ab5: mov ah, 9 0x12ab7: mov dx, si 0x12ab9: add dx, 0x40 0x12abc: nop 0x12abd: int 0x21 0x12abf: cmp byte ptr [si], 0x1a 0x12ac2: nop 0x12ac3: nop 0x12ac4: ja 0x12add 0x12ac6: pushf 0x12ac7: mov al, byte ptr [si] 0x12ac9: nop 0x12aca: nop 0x12acb: mov cx, 0x100 0x12ace: mov dx, 0 0x12ad1: mov bx, 1 0x12ad4: int 0x26 |
| 2018-12-25T12:22:26.927216929Z | 42 | PC: 12a87 | Get date 0x12a87: cmp dh, 6 0x12a8a: jge 0x12a8f 0x12a8c: jmp 0x12add 0x12a8e: nop 0x12a8f: cmp dl, 0x16 0x12a92: jge 0x12ab5 0x12a94: jmp 0x12add 0x12a96: nop 0x12a97: cmp cx, 0x7c6 0x12a9b: je 0x12aaa 0x12a9d: mov ah, 0x2b 0x12a9f: mov cx, 0x7c6 0x12aa2: int 0x21 0x12aa4: mov ah, 0x2d 0x12aa6: mov cl, 1 0x12aa8: int 0x21 0x12aaa: mov ah, 0x2c 0x12aac: int 0x21 0x12aae: cmp cl, 0xf 0x12ab1: jae 0x12abf |
| 2018-12-25T12:22:26.929155915Z | 47 | PC: 12ae2 | Get disk transfer address |
| 2018-12-25T12:22:26.930249709Z | 26 | PC: 12af5 | Set disk transfer address |
| 2018-12-25T12:22:26.938882332Z | 78 | PC: 12b80 | Find first file |
| 2018-12-25T12:22:26.95970528Z | 79 | PC: 12b86 | Find next file |
| 2018-12-25T12:22:26.962261954Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T12:22:26.964818982Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T12:22:26.967219908Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T12:22:26.969563078Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T12:22:26.972435608Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T12:22:26.975585031Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T12:22:26.97789782Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T12:22:26.980575175Z | 78 | PC: 12b80 | Find first file (See above) |
| 2018-12-25T12:22:26.989307604Z | 79 | PC: 12b86 | Find next file (See above) |
| 2018-12-25T12:22:26.992371861Z | 67 | PC: 12bbf | Get or set file attributes |
| 2018-12-25T12:22:27.01110884Z | 67 | PC: 12bd1 | Get or set file attributes |
| 2018-12-25T12:22:29.313472511Z | 61 | PC: 12bdc | Open file (Filename = 'C:\DOS\FORMAT.COM') |
| 2018-12-25T12:22:29.320684857Z | 87 | PC: 12be8 | Get or set file date and time |
| 2018-12-25T12:22:29.323255554Z | 44 | PC: 12bf4 | Get time 0x12bf4: mov ah, 0x3f 0x12bf6: mov cx, 3 0x12bf9: mov dx, 0x68 0x12bfc: nop 0x12bfd: add dx, si 0x12bff: int 0x21 0x12c01: jb 0x12c59 0x12c03: cmp ax, 3 0x12c06: jne 0x12c59 0x12c08: mov ax, 0x4202 0x12c0b: mov cx, 0 0x12c0e: mov dx, 0 0x12c11: int 0x21 0x12c13: jb 0x12c59 0x12c15: mov cx, ax 0x12c17: sub ax, 3 0x12c1a: mov word ptr [si + 0x6c], ax 0x12c1d: nop 0x12c1e: add cx, 0x34d 0x12c22: mov di, si |
| 2018-12-25T12:22:29.325727989Z | 63 | PC: 12c01 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:22:29.33143431Z | 66 | PC: 12c13 | Move file pointer |
| 2018-12-25T12:22:29.333908296Z | 64 | PC: 12c38 | Write file or device (Write 821 bytes on handle 5) |
| 2018-12-25T12:22:29.3424175Z | 66 | PC: 12c4a | Move file pointer |
| 2018-12-25T12:22:29.346957091Z | 64 | PC: 12c59 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:22:29.355187239Z | 87 | PC: 12c6c | Get or set file date and time |
| 2018-12-25T12:22:29.356947105Z | 62 | PC: 12c70 | Close file |
| 2018-12-25T12:22:29.366907301Z | 67 | PC: 12c7f | Get or set file attributes |
| 2018-12-25T12:22:29.392948561Z | 26 | PC: 12c8c | Set disk transfer address |