{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9917,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:24:08.802523638Z | 25 | PC: 12b4c | Get default drive |
| 2018-12-25T12:24:08.805044904Z | 42 | PC: 12b73 | Get date 0x12b73: cmp cx, 0x7c4 0x12b77: jge 0x12b8d 0x12b79: cmp byte ptr [si + 4], 1 0x12b7e: jne 0x12bb4 0x12b80: mov word ptr [si + 0x82f], 0xffdc 0x12b86: mov byte ptr [si + 0x82a], 0x88 0x12b8b: jmp 0x12bab 0x12b8d: jg 0x12b99 0x12b8f: cmp dh, 0xc 0x12b92: jne 0x12ba4 0x12b94: cmp dl, 0x1c 0x12b97: jl 0x12ba4 0x12b99: mov word ptr [si + 0x82f], 0xffdc 0x12b9f: mov byte ptr [si + 0x82a], 0x88 0x12ba4: cmp byte ptr [si + 4], 0xf8 0x12ba9: jae 0x12bc0 0x12bab: mov byte ptr cs:[si + 0xee], 0 0x12bb1: jmp 0x12d29 0x12bb4: cmp byte ptr [si + 4], 0xf8 0x12bb9: jae 0x12bc0 |
| 2018-12-25T12:24:08.807085464Z | 67 | PC: 12d01 | Get or set file attributes |
| 2018-12-25T12:24:08.808890806Z | 71 | PC: 12c2a | Get current directory |
| 2018-12-25T12:24:08.812142032Z | 59 | PC: 12d01 | Change current directory (See above) |
| 2018-12-25T12:24:08.816805129Z | 26 | PC: 12c44 | Set disk transfer address |
| 2018-12-25T12:24:08.818644887Z | 78 | PC: 12d01 | Find first file (See above) |
| 2018-12-25T12:24:08.825594631Z | 25 | PC: 12df9 | Get default drive |
| 2018-12-25T12:24:08.826743513Z | 71 | PC: 12e13 | Get current directory |
| 2018-12-25T12:24:08.829594725Z | 67 | PC: 12d01 | Get or set file attributes (See above) |
| 2018-12-25T12:24:08.839844132Z | 67 | PC: 12d01 | Get or set file attributes (See above) |
| 2018-12-25T12:24:08.858565004Z | 61 | PC: 12d01 | Open file (See above) |
| 2018-12-25T12:24:08.869725393Z | 87 | PC: 12e81 | Get or set file date and time |
| 2018-12-25T12:24:08.871018869Z | 63 | PC: 12e99 | Read file or device (Read 28 bytes on handle 5) |
| 2018-12-25T12:24:08.878044827Z | 66 | PC: 13020 | Move file pointer |
| 2018-12-25T12:24:08.87933748Z | 66 | PC: 13020 | Move file pointer (See above) |
| 2018-12-25T12:24:08.880608856Z | 64 | PC: 12ee2 | Write file or device (Write 5 bytes on handle 5) |
| 2018-12-25T12:24:08.883826768Z | 64 | PC: 12eee | Write file or device (Write 2925 bytes on handle 5) |
| 2018-12-25T12:24:08.892720282Z | 66 | PC: 12ef7 | Move file pointer |
| 2018-12-25T12:24:08.894514944Z | 64 | PC: 12f0a | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:24:08.902943464Z | 87 | PC: 12e76 | Get or set file date and time |
| 2018-12-25T12:24:08.904467381Z | 62 | PC: 12e7a | Close file |
| 2018-12-25T12:24:08.912825993Z | 59 | PC: 12d01 | Change current directory (See above) |
| 2018-12-25T12:24:08.918460502Z | 59 | PC: 12d29 | Change current directory |
| 2018-12-25T12:24:08.920249272Z | 14 | PC: 12d58 | Set default drive (Drive = 'A') |
| 2018-12-25T12:24:08.923263223Z | 49 | PC: 146c4 | Terminate and stay resident (Return code = '0' | Memory size = '472') |
{"DateBased":true,"Day":1,"Month":1,"Year":1988,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9917,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:24:09.064123505Z | 25 | PC: 12b4c | Get default drive |
| 2018-12-25T12:24:09.066260468Z | 42 | PC: 12b73 | Get date 0x12b73: cmp cx, 0x7c4 0x12b77: jge 0x12b8d 0x12b79: cmp byte ptr [si + 4], 1 0x12b7e: jne 0x12bb4 0x12b80: mov word ptr [si + 0x82f], 0xffdc 0x12b86: mov byte ptr [si + 0x82a], 0x88 0x12b8b: jmp 0x12bab 0x12b8d: jg 0x12b99 0x12b8f: cmp dh, 0xc 0x12b92: jne 0x12ba4 0x12b94: cmp dl, 0x1c 0x12b97: jl 0x12ba4 0x12b99: mov word ptr [si + 0x82f], 0xffdc 0x12b9f: mov byte ptr [si + 0x82a], 0x88 0x12ba4: cmp byte ptr [si + 4], 0xf8 0x12ba9: jae 0x12bc0 0x12bab: mov byte ptr cs:[si + 0xee], 0 0x12bb1: jmp 0x12d29 0x12bb4: cmp byte ptr [si + 4], 0xf8 0x12bb9: jae 0x12bc0 |
| 2018-12-25T12:24:09.068811017Z | 67 | PC: 12d01 | Get or set file attributes |
| 2018-12-25T12:24:09.071254387Z | 71 | PC: 12c2a | Get current directory |
| 2018-12-25T12:24:09.075372746Z | 59 | PC: 12d01 | Change current directory (See above) |
| 2018-12-25T12:24:09.080490417Z | 26 | PC: 12c44 | Set disk transfer address |
| 2018-12-25T12:24:09.081884266Z | 78 | PC: 12d01 | Find first file (See above) |
| 2018-12-25T12:24:09.089555414Z | 25 | PC: 12df9 | Get default drive |
| 2018-12-25T12:24:09.091389622Z | 71 | PC: 12e13 | Get current directory |
| 2018-12-25T12:24:09.094591074Z | 67 | PC: 12d01 | Get or set file attributes (See above) |
| 2018-12-25T12:24:09.100494807Z | 67 | PC: 12d01 | Get or set file attributes (See above) |
| 2018-12-25T12:24:09.116712834Z | 61 | PC: 12d01 | Open file (See above) |
| 2018-12-25T12:24:09.1233306Z | 87 | PC: 12e81 | Get or set file date and time |
| 2018-12-25T12:24:09.125004588Z | 63 | PC: 12e99 | Read file or device (Read 28 bytes on handle 5) |
| 2018-12-25T12:24:09.131982597Z | 66 | PC: 13020 | Move file pointer |
| 2018-12-25T12:24:09.133493721Z | 66 | PC: 13020 | Move file pointer (See above) |
| 2018-12-25T12:24:09.134996543Z | 64 | PC: 12ee2 | Write file or device (Write 5 bytes on handle 5) |
| 2018-12-25T12:24:09.139992398Z | 64 | PC: 12eee | Write file or device (Write 2925 bytes on handle 5) |
| 2018-12-25T12:24:09.152727328Z | 66 | PC: 12ef7 | Move file pointer |
| 2018-12-25T12:24:09.154734558Z | 64 | PC: 12f0a | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:24:09.162607291Z | 87 | PC: 12e76 | Get or set file date and time |
| 2018-12-25T12:24:09.165012837Z | 62 | PC: 12e7a | Close file |
| 2018-12-25T12:24:09.173050225Z | 59 | PC: 12d01 | Change current directory (See above) |
| 2018-12-25T12:24:09.176851692Z | 59 | PC: 12d29 | Change current directory |
| 2018-12-25T12:24:09.182017939Z | 14 | PC: 12d58 | Set default drive (Drive = 'A') |
| 2018-12-25T12:24:09.183738449Z | 49 | PC: 146c4 | Terminate and stay resident (Return code = '0' | Memory size = '472') |
{"DateBased":true,"Day":1,"Month":12,"Year":1988,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9917,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:24:09.120837606Z | 25 | PC: 12b4c | Get default drive |
| 2018-12-25T12:24:09.122754624Z | 42 | PC: 12b73 | Get date 0x12b73: cmp cx, 0x7c4 0x12b77: jge 0x12b8d 0x12b79: cmp byte ptr [si + 4], 1 0x12b7e: jne 0x12bb4 0x12b80: mov word ptr [si + 0x82f], 0xffdc 0x12b86: mov byte ptr [si + 0x82a], 0x88 0x12b8b: jmp 0x12bab 0x12b8d: jg 0x12b99 0x12b8f: cmp dh, 0xc 0x12b92: jne 0x12ba4 0x12b94: cmp dl, 0x1c 0x12b97: jl 0x12ba4 0x12b99: mov word ptr [si + 0x82f], 0xffdc 0x12b9f: mov byte ptr [si + 0x82a], 0x88 0x12ba4: cmp byte ptr [si + 4], 0xf8 0x12ba9: jae 0x12bc0 0x12bab: mov byte ptr cs:[si + 0xee], 0 0x12bb1: jmp 0x12d29 0x12bb4: cmp byte ptr [si + 4], 0xf8 0x12bb9: jae 0x12bc0 |
| 2018-12-25T12:24:09.125564459Z | 67 | PC: 12d01 | Get or set file attributes |
| 2018-12-25T12:24:09.127722279Z | 71 | PC: 12c2a | Get current directory |
| 2018-12-25T12:24:09.131105051Z | 59 | PC: 12d01 | Change current directory (See above) |
| 2018-12-25T12:24:09.135371531Z | 26 | PC: 12c44 | Set disk transfer address |
| 2018-12-25T12:24:09.136635367Z | 78 | PC: 12d01 | Find first file (See above) |
| 2018-12-25T12:24:09.142428135Z | 25 | PC: 12df9 | Get default drive |
| 2018-12-25T12:24:09.144245172Z | 71 | PC: 12e13 | Get current directory |
| 2018-12-25T12:24:09.148971775Z | 67 | PC: 12d01 | Get or set file attributes (See above) |
| 2018-12-25T12:24:09.152761702Z | 67 | PC: 12d01 | Get or set file attributes (See above) |
| 2018-12-25T12:24:09.168472141Z | 61 | PC: 12d01 | Open file (See above) |
| 2018-12-25T12:24:09.174991992Z | 87 | PC: 12e81 | Get or set file date and time |
| 2018-12-25T12:24:09.176565457Z | 63 | PC: 12e99 | Read file or device (Read 28 bytes on handle 5) |
| 2018-12-25T12:24:09.185802097Z | 66 | PC: 13020 | Move file pointer |
| 2018-12-25T12:24:09.187856074Z | 66 | PC: 13020 | Move file pointer (See above) |
| 2018-12-25T12:24:09.189472127Z | 64 | PC: 12ee2 | Write file or device (Write 5 bytes on handle 5) |
| 2018-12-25T12:24:09.193287897Z | 64 | PC: 12eee | Write file or device (Write 2925 bytes on handle 5) |
| 2018-12-25T12:24:09.202931889Z | 66 | PC: 12ef7 | Move file pointer |
| 2018-12-25T12:24:09.213474421Z | 64 | PC: 12f0a | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:24:09.224903979Z | 87 | PC: 12e76 | Get or set file date and time |
| 2018-12-25T12:24:09.231260991Z | 62 | PC: 12e7a | Close file |
| 2018-12-25T12:24:09.239679918Z | 59 | PC: 12d01 | Change current directory (See above) |
| 2018-12-25T12:24:09.244444908Z | 59 | PC: 12d29 | Change current directory |
| 2018-12-25T12:24:09.246504367Z | 14 | PC: 12d58 | Set default drive (Drive = 'A') |
| 2018-12-25T12:24:09.249553426Z | 49 | PC: 146c4 | Terminate and stay resident (Return code = '0' | Memory size = '472') |
{"DateBased":true,"Day":28,"Month":12,"Year":1988,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9917,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:24:09.235409763Z | 25 | PC: 12b4c | Get default drive |
| 2018-12-25T12:24:09.237981759Z | 42 | PC: 12b73 | Get date 0x12b73: cmp cx, 0x7c4 0x12b77: jge 0x12b8d 0x12b79: cmp byte ptr [si + 4], 1 0x12b7e: jne 0x12bb4 0x12b80: mov word ptr [si + 0x82f], 0xffdc 0x12b86: mov byte ptr [si + 0x82a], 0x88 0x12b8b: jmp 0x12bab 0x12b8d: jg 0x12b99 0x12b8f: cmp dh, 0xc 0x12b92: jne 0x12ba4 0x12b94: cmp dl, 0x1c 0x12b97: jl 0x12ba4 0x12b99: mov word ptr [si + 0x82f], 0xffdc 0x12b9f: mov byte ptr [si + 0x82a], 0x88 0x12ba4: cmp byte ptr [si + 4], 0xf8 0x12ba9: jae 0x12bc0 0x12bab: mov byte ptr cs:[si + 0xee], 0 0x12bb1: jmp 0x12d29 0x12bb4: cmp byte ptr [si + 4], 0xf8 0x12bb9: jae 0x12bc0 |
| 2018-12-25T12:24:09.240791095Z | 67 | PC: 12d01 | Get or set file attributes |
| 2018-12-25T12:24:09.243088783Z | 71 | PC: 12c2a | Get current directory |
| 2018-12-25T12:24:09.24711207Z | 59 | PC: 12d01 | Change current directory (See above) |
| 2018-12-25T12:24:09.25144108Z | 26 | PC: 12c44 | Set disk transfer address |
| 2018-12-25T12:24:09.252793354Z | 78 | PC: 12d01 | Find first file (See above) |
| 2018-12-25T12:24:09.259576459Z | 25 | PC: 12df9 | Get default drive |
| 2018-12-25T12:24:09.265720609Z | 71 | PC: 12e13 | Get current directory |
| 2018-12-25T12:24:09.268468182Z | 67 | PC: 12d01 | Get or set file attributes (See above) |
| 2018-12-25T12:24:09.274036711Z | 67 | PC: 12d01 | Get or set file attributes (See above) |
| 2018-12-25T12:24:09.289689332Z | 61 | PC: 12d01 | Open file (See above) |
| 2018-12-25T12:24:09.307009616Z | 87 | PC: 12e81 | Get or set file date and time |
| 2018-12-25T12:24:09.308621325Z | 63 | PC: 12e99 | Read file or device (Read 28 bytes on handle 5) |
| 2018-12-25T12:24:09.33188864Z | 66 | PC: 13020 | Move file pointer |
| 2018-12-25T12:24:09.333959214Z | 66 | PC: 13020 | Move file pointer (See above) |
| 2018-12-25T12:24:09.335317235Z | 64 | PC: 12ee2 | Write file or device (Write 5 bytes on handle 5) |
| 2018-12-25T12:24:09.338927319Z | 64 | PC: 12eee | Write file or device (Write 2925 bytes on handle 5) |
| 2018-12-25T12:24:09.351220189Z | 66 | PC: 12ef7 | Move file pointer |
| 2018-12-25T12:24:09.352825062Z | 64 | PC: 12f0a | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:24:09.366080085Z | 87 | PC: 12e76 | Get or set file date and time |
| 2018-12-25T12:24:09.372159104Z | 62 | PC: 12e7a | Close file |
| 2018-12-25T12:24:09.404684384Z | 59 | PC: 12d01 | Change current directory (See above) |
| 2018-12-25T12:24:09.408686048Z | 59 | PC: 12d29 | Change current directory |
| 2018-12-25T12:24:09.411263482Z | 14 | PC: 12d58 | Set default drive (Drive = 'A') |
| 2018-12-25T12:24:09.414048073Z | 49 | PC: 146c4 | Terminate and stay resident (Return code = '0' | Memory size = '472') |
{"DateBased":true,"Day":1,"Month":1,"Year":1989,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9917,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:24:09.320156088Z | 25 | PC: 12b4c | Get default drive |
| 2018-12-25T12:24:09.322167287Z | 42 | PC: 12b73 | Get date 0x12b73: cmp cx, 0x7c4 0x12b77: jge 0x12b8d 0x12b79: cmp byte ptr [si + 4], 1 0x12b7e: jne 0x12bb4 0x12b80: mov word ptr [si + 0x82f], 0xffdc 0x12b86: mov byte ptr [si + 0x82a], 0x88 0x12b8b: jmp 0x12bab 0x12b8d: jg 0x12b99 0x12b8f: cmp dh, 0xc 0x12b92: jne 0x12ba4 0x12b94: cmp dl, 0x1c 0x12b97: jl 0x12ba4 0x12b99: mov word ptr [si + 0x82f], 0xffdc 0x12b9f: mov byte ptr [si + 0x82a], 0x88 0x12ba4: cmp byte ptr [si + 4], 0xf8 0x12ba9: jae 0x12bc0 0x12bab: mov byte ptr cs:[si + 0xee], 0 0x12bb1: jmp 0x12d29 0x12bb4: cmp byte ptr [si + 4], 0xf8 0x12bb9: jae 0x12bc0 |
| 2018-12-25T12:24:09.324240369Z | 67 | PC: 12d01 | Get or set file attributes |
| 2018-12-25T12:24:09.326115178Z | 71 | PC: 12c2a | Get current directory |
| 2018-12-25T12:24:09.329851845Z | 59 | PC: 12d01 | Change current directory (See above) |
| 2018-12-25T12:24:09.333691989Z | 26 | PC: 12c44 | Set disk transfer address |
| 2018-12-25T12:24:09.334693602Z | 78 | PC: 12d01 | Find first file (See above) |
| 2018-12-25T12:24:09.345472305Z | 25 | PC: 12df9 | Get default drive |
| 2018-12-25T12:24:09.347283325Z | 71 | PC: 12e13 | Get current directory |
| 2018-12-25T12:24:09.349959517Z | 67 | PC: 12d01 | Get or set file attributes (See above) |
| 2018-12-25T12:24:09.355342492Z | 67 | PC: 12d01 | Get or set file attributes (See above) |
| 2018-12-25T12:24:09.372812996Z | 61 | PC: 12d01 | Open file (See above) |
| 2018-12-25T12:24:09.379490083Z | 87 | PC: 12e81 | Get or set file date and time |
| 2018-12-25T12:24:09.381099758Z | 63 | PC: 12e99 | Read file or device (Read 28 bytes on handle 5) |
| 2018-12-25T12:24:09.388216054Z | 66 | PC: 13020 | Move file pointer |
| 2018-12-25T12:24:09.389582177Z | 66 | PC: 13020 | Move file pointer (See above) |
| 2018-12-25T12:24:09.391193428Z | 64 | PC: 12ee2 | Write file or device (Write 5 bytes on handle 5) |
| 2018-12-25T12:24:09.394524058Z | 64 | PC: 12eee | Write file or device (Write 2925 bytes on handle 5) |
| 2018-12-25T12:24:09.403220447Z | 66 | PC: 12ef7 | Move file pointer |
| 2018-12-25T12:24:09.421263666Z | 64 | PC: 12f0a | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:24:09.428871823Z | 87 | PC: 12e76 | Get or set file date and time |
| 2018-12-25T12:24:09.430836557Z | 62 | PC: 12e7a | Close file |
| 2018-12-25T12:24:09.438994449Z | 59 | PC: 12d01 | Change current directory (See above) |
| 2018-12-25T12:24:09.445336225Z | 59 | PC: 12d29 | Change current directory |
| 2018-12-25T12:24:09.447237663Z | 14 | PC: 12d58 | Set default drive (Drive = 'A') |
| 2018-12-25T12:24:09.449955751Z | 49 | PC: 146c4 | Terminate and stay resident (Return code = '0' | Memory size = '472') |
{"DateBased":true,"Day":1,"Month":1,"Year":1988,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9917,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:24:09.474497328Z | 25 | PC: 12b4c | Get default drive |
| 2018-12-25T12:24:09.47714772Z | 42 | PC: 12b73 | Get date 0x12b73: cmp cx, 0x7c4 0x12b77: jge 0x12b8d 0x12b79: cmp byte ptr [si + 4], 1 0x12b7e: jne 0x12bb4 0x12b80: mov word ptr [si + 0x82f], 0xffdc 0x12b86: mov byte ptr [si + 0x82a], 0x88 0x12b8b: jmp 0x12bab 0x12b8d: jg 0x12b99 0x12b8f: cmp dh, 0xc 0x12b92: jne 0x12ba4 0x12b94: cmp dl, 0x1c 0x12b97: jl 0x12ba4 0x12b99: mov word ptr [si + 0x82f], 0xffdc 0x12b9f: mov byte ptr [si + 0x82a], 0x88 0x12ba4: cmp byte ptr [si + 4], 0xf8 0x12ba9: jae 0x12bc0 0x12bab: mov byte ptr cs:[si + 0xee], 0 0x12bb1: jmp 0x12d29 0x12bb4: cmp byte ptr [si + 4], 0xf8 0x12bb9: jae 0x12bc0 |
| 2018-12-25T12:24:09.48022716Z | 67 | PC: 12d01 | Get or set file attributes |
| 2018-12-25T12:24:09.482510246Z | 71 | PC: 12c2a | Get current directory |
| 2018-12-25T12:24:09.486977696Z | 59 | PC: 12d01 | Change current directory (See above) |
| 2018-12-25T12:24:09.490866177Z | 26 | PC: 12c44 | Set disk transfer address |
| 2018-12-25T12:24:09.491953459Z | 78 | PC: 12d01 | Find first file (See above) |
| 2018-12-25T12:24:09.498457345Z | 25 | PC: 12df9 | Get default drive |
| 2018-12-25T12:24:09.49979776Z | 71 | PC: 12e13 | Get current directory |
| 2018-12-25T12:24:09.502613123Z | 67 | PC: 12d01 | Get or set file attributes (See above) |
| 2018-12-25T12:24:09.508530443Z | 67 | PC: 12d01 | Get or set file attributes (See above) |
| 2018-12-25T12:24:09.537808894Z | 61 | PC: 12d01 | Open file (See above) |
| 2018-12-25T12:24:09.544689748Z | 87 | PC: 12e81 | Get or set file date and time |
| 2018-12-25T12:24:09.546194933Z | 63 | PC: 12e99 | Read file or device (Read 28 bytes on handle 5) |
| 2018-12-25T12:24:09.553640599Z | 66 | PC: 13020 | Move file pointer |
| 2018-12-25T12:24:09.556172985Z | 66 | PC: 13020 | Move file pointer (See above) |
| 2018-12-25T12:24:09.558794132Z | 64 | PC: 12ee2 | Write file or device (Write 5 bytes on handle 5) |
| 2018-12-25T12:24:09.563079845Z | 64 | PC: 12eee | Write file or device (Write 2925 bytes on handle 5) |
| 2018-12-25T12:24:09.579794357Z | 66 | PC: 12ef7 | Move file pointer |
| 2018-12-25T12:24:09.581752912Z | 64 | PC: 12f0a | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:24:09.58853472Z | 87 | PC: 12e76 | Get or set file date and time |
| 2018-12-25T12:24:09.590761378Z | 62 | PC: 12e7a | Close file |
| 2018-12-25T12:24:09.598708932Z | 59 | PC: 12d01 | Change current directory (See above) |
| 2018-12-25T12:24:09.603250775Z | 59 | PC: 12d29 | Change current directory |
| 2018-12-25T12:24:09.605863533Z | 14 | PC: 12d58 | Set default drive (Drive = 'A') |
| 2018-12-25T12:24:09.609110341Z | 49 | PC: 146c4 | Terminate and stay resident (Return code = '0' | Memory size = '472') |
{"DateBased":true,"Day":1,"Month":12,"Year":1988,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9917,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:24:09.508884144Z | 25 | PC: 12b4c | Get default drive |
| 2018-12-25T12:24:09.532406792Z | 42 | PC: 12b73 | Get date 0x12b73: cmp cx, 0x7c4 0x12b77: jge 0x12b8d 0x12b79: cmp byte ptr [si + 4], 1 0x12b7e: jne 0x12bb4 0x12b80: mov word ptr [si + 0x82f], 0xffdc 0x12b86: mov byte ptr [si + 0x82a], 0x88 0x12b8b: jmp 0x12bab 0x12b8d: jg 0x12b99 0x12b8f: cmp dh, 0xc 0x12b92: jne 0x12ba4 0x12b94: cmp dl, 0x1c 0x12b97: jl 0x12ba4 0x12b99: mov word ptr [si + 0x82f], 0xffdc 0x12b9f: mov byte ptr [si + 0x82a], 0x88 0x12ba4: cmp byte ptr [si + 4], 0xf8 0x12ba9: jae 0x12bc0 0x12bab: mov byte ptr cs:[si + 0xee], 0 0x12bb1: jmp 0x12d29 0x12bb4: cmp byte ptr [si + 4], 0xf8 0x12bb9: jae 0x12bc0 |
| 2018-12-25T12:24:09.534867584Z | 67 | PC: 12d01 | Get or set file attributes |
| 2018-12-25T12:24:09.536991722Z | 71 | PC: 12c2a | Get current directory |
| 2018-12-25T12:24:09.540642214Z | 59 | PC: 12d01 | Change current directory (See above) |
| 2018-12-25T12:24:09.54501525Z | 26 | PC: 12c44 | Set disk transfer address |
| 2018-12-25T12:24:09.546116103Z | 78 | PC: 12d01 | Find first file (See above) |
| 2018-12-25T12:24:09.553065378Z | 25 | PC: 12df9 | Get default drive |
| 2018-12-25T12:24:09.554232633Z | 71 | PC: 12e13 | Get current directory |
| 2018-12-25T12:24:09.55733763Z | 67 | PC: 12d01 | Get or set file attributes (See above) |
| 2018-12-25T12:24:09.5691045Z | 67 | PC: 12d01 | Get or set file attributes (See above) |
| 2018-12-25T12:24:10.561037696Z | 61 | PC: 12d01 | Open file (See above) |
| 2018-12-25T12:24:10.569002289Z | 87 | PC: 12e81 | Get or set file date and time |
| 2018-12-25T12:24:10.571038671Z | 63 | PC: 12e99 | Read file or device (Read 28 bytes on handle 5) |
| 2018-12-25T12:24:10.579236222Z | 66 | PC: 13020 | Move file pointer |
| 2018-12-25T12:24:10.580901856Z | 66 | PC: 13020 | Move file pointer (See above) |
| 2018-12-25T12:24:10.58264117Z | 64 | PC: 12ee2 | Write file or device (Write 5 bytes on handle 5) |
| 2018-12-25T12:24:10.586574748Z | 64 | PC: 12eee | Write file or device (Write 2925 bytes on handle 5) |
| 2018-12-25T12:24:10.600787252Z | 66 | PC: 12ef7 | Move file pointer |
| 2018-12-25T12:24:10.602661714Z | 64 | PC: 12f0a | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:24:10.611302506Z | 87 | PC: 12e76 | Get or set file date and time |
| 2018-12-25T12:24:10.613609927Z | 62 | PC: 12e7a | Close file |
| 2018-12-25T12:24:10.623134951Z | 59 | PC: 12d01 | Change current directory (See above) |
| 2018-12-25T12:24:10.628464545Z | 59 | PC: 12d29 | Change current directory |
| 2018-12-25T12:24:10.631143938Z | 14 | PC: 12d58 | Set default drive (Drive = 'A') |
| 2018-12-25T12:24:10.634251021Z | 49 | PC: 146c4 | Terminate and stay resident (Return code = '0' | Memory size = '472') |
{"DateBased":true,"Day":28,"Month":12,"Year":1988,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9917,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:24:10.226200002Z | 25 | PC: 12b4c | Get default drive |
| 2018-12-25T12:24:10.228986563Z | 42 | PC: 12b73 | Get date 0x12b73: cmp cx, 0x7c4 0x12b77: jge 0x12b8d 0x12b79: cmp byte ptr [si + 4], 1 0x12b7e: jne 0x12bb4 0x12b80: mov word ptr [si + 0x82f], 0xffdc 0x12b86: mov byte ptr [si + 0x82a], 0x88 0x12b8b: jmp 0x12bab 0x12b8d: jg 0x12b99 0x12b8f: cmp dh, 0xc 0x12b92: jne 0x12ba4 0x12b94: cmp dl, 0x1c 0x12b97: jl 0x12ba4 0x12b99: mov word ptr [si + 0x82f], 0xffdc 0x12b9f: mov byte ptr [si + 0x82a], 0x88 0x12ba4: cmp byte ptr [si + 4], 0xf8 0x12ba9: jae 0x12bc0 0x12bab: mov byte ptr cs:[si + 0xee], 0 0x12bb1: jmp 0x12d29 0x12bb4: cmp byte ptr [si + 4], 0xf8 0x12bb9: jae 0x12bc0 |
| 2018-12-25T12:24:10.230624488Z | 67 | PC: 12d01 | Get or set file attributes |
| 2018-12-25T12:24:10.232808288Z | 71 | PC: 12c2a | Get current directory |
| 2018-12-25T12:24:10.236148028Z | 59 | PC: 12d01 | Change current directory (See above) |
| 2018-12-25T12:24:10.240636752Z | 26 | PC: 12c44 | Set disk transfer address |
| 2018-12-25T12:24:10.241669577Z | 78 | PC: 12d01 | Find first file (See above) |
| 2018-12-25T12:24:10.254299079Z | 25 | PC: 12df9 | Get default drive |
| 2018-12-25T12:24:10.255800928Z | 71 | PC: 12e13 | Get current directory |
| 2018-12-25T12:24:10.259006206Z | 67 | PC: 12d01 | Get or set file attributes (See above) |
| 2018-12-25T12:24:10.26544948Z | 67 | PC: 12d01 | Get or set file attributes (See above) |
| 2018-12-25T12:24:10.568418663Z | 61 | PC: 12d01 | Open file (See above) |
| 2018-12-25T12:24:10.576622705Z | 87 | PC: 12e81 | Get or set file date and time |
| 2018-12-25T12:24:10.57878688Z | 63 | PC: 12e99 | Read file or device (Read 28 bytes on handle 5) |
| 2018-12-25T12:24:10.587893369Z | 66 | PC: 13020 | Move file pointer |
| 2018-12-25T12:24:10.589849974Z | 66 | PC: 13020 | Move file pointer (See above) |
| 2018-12-25T12:24:10.591411996Z | 64 | PC: 12ee2 | Write file or device (Write 5 bytes on handle 5) |
| 2018-12-25T12:24:10.595321524Z | 64 | PC: 12eee | Write file or device (Write 2925 bytes on handle 5) |
| 2018-12-25T12:24:10.605849493Z | 66 | PC: 12ef7 | Move file pointer |
| 2018-12-25T12:24:10.607834044Z | 64 | PC: 12f0a | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:24:10.616098383Z | 87 | PC: 12e76 | Get or set file date and time |
| 2018-12-25T12:24:10.617703466Z | 62 | PC: 12e7a | Close file |
| 2018-12-25T12:24:10.626587778Z | 59 | PC: 12d01 | Change current directory (See above) |
| 2018-12-25T12:24:10.631871218Z | 59 | PC: 12d29 | Change current directory |
| 2018-12-25T12:24:10.633968492Z | 14 | PC: 12d58 | Set default drive (Drive = 'A') |
| 2018-12-25T12:24:10.637724002Z | 49 | PC: 146c4 | Terminate and stay resident (Return code = '0' | Memory size = '472') |
{"DateBased":true,"Day":1,"Month":1,"Year":1989,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9917,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:24:10.265454948Z | 25 | PC: 12b4c | Get default drive |
| 2018-12-25T12:24:10.26742135Z | 42 | PC: 12b73 | Get date 0x12b73: cmp cx, 0x7c4 0x12b77: jge 0x12b8d 0x12b79: cmp byte ptr [si + 4], 1 0x12b7e: jne 0x12bb4 0x12b80: mov word ptr [si + 0x82f], 0xffdc 0x12b86: mov byte ptr [si + 0x82a], 0x88 0x12b8b: jmp 0x12bab 0x12b8d: jg 0x12b99 0x12b8f: cmp dh, 0xc 0x12b92: jne 0x12ba4 0x12b94: cmp dl, 0x1c 0x12b97: jl 0x12ba4 0x12b99: mov word ptr [si + 0x82f], 0xffdc 0x12b9f: mov byte ptr [si + 0x82a], 0x88 0x12ba4: cmp byte ptr [si + 4], 0xf8 0x12ba9: jae 0x12bc0 0x12bab: mov byte ptr cs:[si + 0xee], 0 0x12bb1: jmp 0x12d29 0x12bb4: cmp byte ptr [si + 4], 0xf8 0x12bb9: jae 0x12bc0 |
| 2018-12-25T12:24:10.269630611Z | 67 | PC: 12d01 | Get or set file attributes |
| 2018-12-25T12:24:10.271637046Z | 71 | PC: 12c2a | Get current directory |
| 2018-12-25T12:24:10.275893022Z | 59 | PC: 12d01 | Change current directory (See above) |
| 2018-12-25T12:24:10.280224262Z | 26 | PC: 12c44 | Set disk transfer address |
| 2018-12-25T12:24:10.281707454Z | 78 | PC: 12d01 | Find first file (See above) |
| 2018-12-25T12:24:10.28924811Z | 25 | PC: 12df9 | Get default drive |
| 2018-12-25T12:24:10.290449561Z | 71 | PC: 12e13 | Get current directory |
| 2018-12-25T12:24:10.29331983Z | 67 | PC: 12d01 | Get or set file attributes (See above) |
| 2018-12-25T12:24:10.306720689Z | 67 | PC: 12d01 | Get or set file attributes (See above) |
| 2018-12-25T12:24:10.324711769Z | 61 | PC: 12d01 | Open file (See above) |
| 2018-12-25T12:24:10.331132297Z | 87 | PC: 12e81 | Get or set file date and time |
| 2018-12-25T12:24:10.332444875Z | 63 | PC: 12e99 | Read file or device (Read 28 bytes on handle 5) |
| 2018-12-25T12:24:10.340001669Z | 66 | PC: 13020 | Move file pointer |
| 2018-12-25T12:24:10.341611492Z | 66 | PC: 13020 | Move file pointer (See above) |
| 2018-12-25T12:24:10.34315386Z | 64 | PC: 12ee2 | Write file or device (Write 5 bytes on handle 5) |
| 2018-12-25T12:24:10.35484332Z | 64 | PC: 12eee | Write file or device (Write 2925 bytes on handle 5) |
| 2018-12-25T12:24:10.36352629Z | 66 | PC: 12ef7 | Move file pointer |
| 2018-12-25T12:24:10.364968819Z | 64 | PC: 12f0a | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:24:10.374054344Z | 87 | PC: 12e76 | Get or set file date and time |
| 2018-12-25T12:24:10.376395503Z | 62 | PC: 12e7a | Close file |
| 2018-12-25T12:24:10.384344675Z | 59 | PC: 12d01 | Change current directory (See above) |
| 2018-12-25T12:24:10.388847542Z | 59 | PC: 12d29 | Change current directory |
| 2018-12-25T12:24:10.390900483Z | 14 | PC: 12d58 | Set default drive (Drive = 'A') |
| 2018-12-25T12:24:10.394457503Z | 49 | PC: 146c4 | Terminate and stay resident (Return code = '0' | Memory size = '472') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9917,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:24:10.389718168Z | 25 | PC: 12b4c | Get default drive |
| 2018-12-25T12:24:10.390861167Z | 42 | PC: 12b73 | Get date 0x12b73: cmp cx, 0x7c4 0x12b77: jge 0x12b8d 0x12b79: cmp byte ptr [si + 4], 1 0x12b7e: jne 0x12bb4 0x12b80: mov word ptr [si + 0x82f], 0xffdc 0x12b86: mov byte ptr [si + 0x82a], 0x88 0x12b8b: jmp 0x12bab 0x12b8d: jg 0x12b99 0x12b8f: cmp dh, 0xc 0x12b92: jne 0x12ba4 0x12b94: cmp dl, 0x1c 0x12b97: jl 0x12ba4 0x12b99: mov word ptr [si + 0x82f], 0xffdc 0x12b9f: mov byte ptr [si + 0x82a], 0x88 0x12ba4: cmp byte ptr [si + 4], 0xf8 0x12ba9: jae 0x12bc0 0x12bab: mov byte ptr cs:[si + 0xee], 0 0x12bb1: jmp 0x12d29 0x12bb4: cmp byte ptr [si + 4], 0xf8 0x12bb9: jae 0x12bc0 |
| 2018-12-25T12:24:10.393357068Z | 67 | PC: 12d01 | Get or set file attributes |
| 2018-12-25T12:24:10.39562925Z | 71 | PC: 12c2a | Get current directory |
| 2018-12-25T12:24:10.399306393Z | 59 | PC: 12d01 | Change current directory (See above) |
| 2018-12-25T12:24:10.404233407Z | 26 | PC: 12c44 | Set disk transfer address |
| 2018-12-25T12:24:10.405336019Z | 78 | PC: 12d01 | Find first file (See above) |
| 2018-12-25T12:24:10.411921719Z | 25 | PC: 12df9 | Get default drive |
| 2018-12-25T12:24:10.419082147Z | 71 | PC: 12e13 | Get current directory |
| 2018-12-25T12:24:10.422348599Z | 67 | PC: 12d01 | Get or set file attributes (See above) |
| 2018-12-25T12:24:10.434143019Z | 67 | PC: 12d01 | Get or set file attributes (See above) |
| 2018-12-25T12:24:10.579990149Z | 61 | PC: 12d01 | Open file (See above) |
| 2018-12-25T12:24:10.588972588Z | 87 | PC: 12e81 | Get or set file date and time |
| 2018-12-25T12:24:10.590984236Z | 63 | PC: 12e99 | Read file or device (Read 28 bytes on handle 5) |
| 2018-12-25T12:24:10.598844612Z | 66 | PC: 13020 | Move file pointer |
| 2018-12-25T12:24:10.601608753Z | 66 | PC: 13020 | Move file pointer (See above) |
| 2018-12-25T12:24:10.603698416Z | 64 | PC: 12ee2 | Write file or device (Write 5 bytes on handle 5) |
| 2018-12-25T12:24:10.60706752Z | 64 | PC: 12eee | Write file or device (Write 2925 bytes on handle 5) |
| 2018-12-25T12:24:10.619397199Z | 66 | PC: 12ef7 | Move file pointer |
| 2018-12-25T12:24:10.620772382Z | 64 | PC: 12f0a | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:24:10.637474927Z | 87 | PC: 12e76 | Get or set file date and time |
| 2018-12-25T12:24:10.639259883Z | 62 | PC: 12e7a | Close file |
| 2018-12-25T12:24:10.645272602Z | 59 | PC: 12d01 | Change current directory (See above) |
| 2018-12-25T12:24:10.648153082Z | 59 | PC: 12d29 | Change current directory |
| 2018-12-25T12:24:10.650459032Z | 14 | PC: 12d58 | Set default drive (Drive = 'A') |
| 2018-12-25T12:24:10.652514409Z | 49 | PC: 146c4 | Terminate and stay resident (Return code = '0' | Memory size = '472') |