{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10913,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:29:34.334681914Z | 250 | PC: 12a99 | UNKNOWN! |
| 2018-12-25T12:29:34.336133918Z | 48 | PC: 12aa5 | Get DOS version |
| 2018-12-25T12:29:34.337487816Z | 82 | PC: 12afb | Get DOS internal pointers (SYSVARS) |
| 2018-12-25T12:29:34.339128823Z | 42 | PC: 12b37 | Get date 0x12b37: mov cl, 8 0x12b39: cmp dh, 2 0x12b3c: je 0x12b43 0x12b3e: cmp dh, 0xa 0x12b41: jne 0x12b48 0x12b43: mov cl, bh 0x12b45: call 0x12f21 0x12b48: mov byte ptr cs:[bp + 0x5fc], cl 0x12b4d: inc word ptr cs:[bp + 0xb3a] 0x12b52: mov ax, 0x1294 0x12b55: dec ax 0x12b56: mov ds, ax 0x12b58: mov bx, 0xa64 0x12b5b: push bx 0x12b5c: mov cl, 4 0x12b5e: shr bx, cl 0x12b60: inc bx 0x12b61: inc bx 0x12b62: add bx, bx 0x12b64: mov byte ptr [0], 0x5a |
| 2018-12-25T12:29:34.341498457Z | 62 | PC: 12ae1 | Close file |
| 2018-12-25T12:29:34.416926081Z | 93 | PC: 19d43 | File sharing functions |
{"DateBased":true,"Day":1,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10913,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:29:34.591915232Z | 250 | PC: 12a99 | UNKNOWN! |
| 2018-12-25T12:29:34.593379304Z | 48 | PC: 12aa5 | Get DOS version |
| 2018-12-25T12:29:34.594908763Z | 82 | PC: 12afb | Get DOS internal pointers (SYSVARS) |
| 2018-12-25T12:29:34.596815234Z | 42 | PC: 12b37 | Get date 0x12b37: mov cl, 8 0x12b39: cmp dh, 2 0x12b3c: je 0x12b43 0x12b3e: cmp dh, 0xa 0x12b41: jne 0x12b48 0x12b43: mov cl, bh 0x12b45: call 0x12f21 0x12b48: mov byte ptr cs:[bp + 0x5fc], cl 0x12b4d: inc word ptr cs:[bp + 0xb3a] 0x12b52: mov ax, 0x1294 0x12b55: dec ax 0x12b56: mov ds, ax 0x12b58: mov bx, 0xa64 0x12b5b: push bx 0x12b5c: mov cl, 4 0x12b5e: shr bx, cl 0x12b60: inc bx 0x12b61: inc bx 0x12b62: add bx, bx 0x12b64: mov byte ptr [0], 0x5a |
| 2018-12-25T12:29:34.600076165Z | 62 | PC: 12ae1 | Close file |
| 2018-12-25T12:29:34.619970099Z | 59 | PC: 15509 | Change current directory |
| 2018-12-25T12:29:34.62222698Z | 78 | PC: 9ee7d | Find first file |
| 2018-12-25T12:29:34.62493254Z | 89 | PC: 15fa8 | Get extended error info |
{"DateBased":true,"Day":1,"Month":10,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10913,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:29:35.030155486Z | 250 | PC: 12a99 | UNKNOWN! |
| 2018-12-25T12:29:35.032047396Z | 48 | PC: 12aa5 | Get DOS version |
| 2018-12-25T12:29:35.033890156Z | 82 | PC: 12afb | Get DOS internal pointers (SYSVARS) |
| 2018-12-25T12:29:35.036340033Z | 42 | PC: 12b37 | Get date 0x12b37: mov cl, 8 0x12b39: cmp dh, 2 0x12b3c: je 0x12b43 0x12b3e: cmp dh, 0xa 0x12b41: jne 0x12b48 0x12b43: mov cl, bh 0x12b45: call 0x12f21 0x12b48: mov byte ptr cs:[bp + 0x5fc], cl 0x12b4d: inc word ptr cs:[bp + 0xb3a] 0x12b52: mov ax, 0x1294 0x12b55: dec ax 0x12b56: mov ds, ax 0x12b58: mov bx, 0xa64 0x12b5b: push bx 0x12b5c: mov cl, 4 0x12b5e: shr bx, cl 0x12b60: inc bx 0x12b61: inc bx 0x12b62: add bx, bx 0x12b64: mov byte ptr [0], 0x5a |
| 2018-12-25T12:29:35.040150378Z | 62 | PC: 12ae1 | Close file |
| 2018-12-25T12:29:35.079103503Z | 41 | PC: 184ee | Parse filename |