{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11397,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:30:27.764989174Z | 51 | PC: 12a5c | Get or set Ctrl-Break |
| 2018-12-25T12:30:27.766121164Z | 51 | PC: 12a64 | Get or set Ctrl-Break |
| 2018-12-25T12:30:27.768258922Z | 53 | PC: 12a69 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:30:27.769809344Z | 37 | PC: 12a75 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:30:27.77121974Z | 26 | PC: 12a7d | Set disk transfer address |
| 2018-12-25T12:30:27.773632881Z | 59 | PC: 12a9f | Change current directory |
| 2018-12-25T12:30:27.778510098Z | 87 | PC: 12aa6 | Get or set file date and time |
| 2018-12-25T12:30:27.780521086Z | 62 | PC: 12aaa | Close file |
| 2018-12-25T12:30:27.786136649Z | 42 | PC: 12ab3 | Get date 0x12ab3: cmp dl, 1 0x12ab6: je 0x12abb 0x12ab8: jmp 0x12ad9 0x12abb: cli 0x12abc: mov ah, 2 0x12abe: cdq 0x12abf: mov cx, 0x100 0x12ac2: int 0x26 0x12ac4: jmp 0x12ac7 0x12ac7: mov al, 3 0x12ac9: mov cx, 0x700 0x12acc: mov dx, 0 0x12acf: mov ds, word ptr [di + 0x99] 0x12ad3: mov bx, word ptr [di + 0x55] 0x12ad6: call 0x22abb 0x12ad9: mov dx, word ptr [bp + 0x1b9] 0x12add: mov ax, 0x4301 0x12ae0: int 0x21 0x12ae2: ret 0x12ae3: mov ax, 0x4200 |
| 2018-12-25T12:30:27.788861351Z | 67 | PC: 12ae2 | Get or set file attributes |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11397,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:30:28.949021773Z | 51 | PC: 12a5c | Get or set Ctrl-Break |
| 2018-12-25T12:30:28.949902443Z | 51 | PC: 12a64 | Get or set Ctrl-Break |
| 2018-12-25T12:30:28.951282053Z | 53 | PC: 12a69 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:30:28.953857224Z | 37 | PC: 12a75 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:30:28.955240116Z | 26 | PC: 12a7d | Set disk transfer address |
| 2018-12-25T12:30:28.9565181Z | 59 | PC: 12a9f | Change current directory |
| 2018-12-25T12:30:28.962373761Z | 87 | PC: 12aa6 | Get or set file date and time |
| 2018-12-25T12:30:28.964064507Z | 62 | PC: 12aaa | Close file |
| 2018-12-25T12:30:28.965712482Z | 42 | PC: 12ab3 | Get date 0x12ab3: cmp dl, 1 0x12ab6: je 0x12abb 0x12ab8: jmp 0x12ad9 0x12abb: cli 0x12abc: mov ah, 2 0x12abe: cdq 0x12abf: mov cx, 0x100 0x12ac2: int 0x26 0x12ac4: jmp 0x12ac7 0x12ac7: mov al, 3 0x12ac9: mov cx, 0x700 0x12acc: mov dx, 0 0x12acf: mov ds, word ptr [di + 0x99] 0x12ad3: mov bx, word ptr [di + 0x55] 0x12ad6: call 0x22abb 0x12ad9: mov dx, word ptr [bp + 0x1b9] 0x12add: mov ax, 0x4301 0x12ae0: int 0x21 0x12ae2: ret 0x12ae3: mov ax, 0x4200 |
| 2018-12-25T12:30:32.143910281Z | 51 | PC: 12a5c | Get or set Ctrl-Break (See above) |
| 2018-12-25T12:30:32.146433297Z | 51 | PC: 12a64 | Get or set Ctrl-Break (See above) |
| 2018-12-25T12:30:32.14781793Z | 53 | PC: 12a69 | Get interrupt vector (See above) |
| 2018-12-25T12:30:32.149595479Z | 37 | PC: 12a75 | Set interrupt vector (See above) |
| 2018-12-25T12:30:32.152307723Z | 26 | PC: 12a7d | Set disk transfer address (See above) |
| 2018-12-25T12:30:32.153924536Z | 59 | PC: 12a9f | Change current directory (See above) |