{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15534,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:43:43.565984668Z | 26 | PC: 13ef7 | Set disk transfer address |
| 2018-12-25T12:43:43.567613488Z | 53 | PC: 13efc | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:43:43.568806185Z | 37 | PC: 13f06 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:43:43.569909621Z | 42 | PC: 13c81 | Get date 0x13c81: cmp dl, 0xe 0x13c84: jne 0x13ca4 0x13c86: test dh, 1 0x13c89: je 0x13ca4 0x13c8b: xor ax, ax 0x13c8d: out 0x70, al 0x13c8f: xchg ah, al 0x13c91: out 0x71, al 0x13c93: xchg ah, al 0x13c95: inc al 0x13c97: jne 0x13c8d 0x13c99: mov ax, 0x301 0x13c9c: mov dx, 0x80 0x13c9f: mov cx, 1 0x13ca2: int 0x13 0x13ca4: ret 0x13ca5: mov di, word ptr [0x3b4] 0x13ca9: mov word ptr [di], 0x2e2a 0x13cad: mov word ptr [di + 2], 0x5845 0x13cb2: mov word ptr [di + 4], 0x45 |
| 2018-12-25T12:43:43.57355726Z | 79 | PC: 13cb9 | Find next file |
| 2018-12-25T12:43:43.57608155Z | 79 | PC: 13cb9 | Find next file (See above) |
| 2018-12-25T12:43:43.578083071Z | 37 | PC: 13f28 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:43:43.579803479Z | 26 | PC: 13f30 | Set disk transfer address |
| 2018-12-25T12:43:43.581139491Z | 9 | PC: 12a5c | Display string (Could not find end pointer) |
| 2018-12-25T12:43:43.586422051Z | 76 | PC: 12a61 | Terminate with return code (Return code = '0') |
{"DateBased":true,"Day":14,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15534,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:43:43.70687376Z | 26 | PC: 13ef7 | Set disk transfer address |
| 2018-12-25T12:43:43.708527643Z | 53 | PC: 13efc | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:43:43.710323227Z | 37 | PC: 13f06 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:43:43.711720117Z | 42 | PC: 13c81 | Get date 0x13c81: cmp dl, 0xe 0x13c84: jne 0x13ca4 0x13c86: test dh, 1 0x13c89: je 0x13ca4 0x13c8b: xor ax, ax 0x13c8d: out 0x70, al 0x13c8f: xchg ah, al 0x13c91: out 0x71, al 0x13c93: xchg ah, al 0x13c95: inc al 0x13c97: jne 0x13c8d 0x13c99: mov ax, 0x301 0x13c9c: mov dx, 0x80 0x13c9f: mov cx, 1 0x13ca2: int 0x13 0x13ca4: ret 0x13ca5: mov di, word ptr [0x3b4] 0x13ca9: mov word ptr [di], 0x2e2a 0x13cad: mov word ptr [di + 2], 0x5845 0x13cb2: mov word ptr [di + 4], 0x45 |
| 2018-12-25T12:43:44.132139552Z | 78 | PC: 13cb9 | Find first file |
| 2018-12-25T12:43:44.142671137Z | 67 | PC: 13e90 | Get or set file attributes |
| 2018-12-25T12:43:44.149779142Z | 67 | PC: 13e9f | Get or set file attributes |
| 2018-12-25T12:43:44.161953404Z | 61 | PC: 13ea4 | Open file (Filename = 'C:\DOS\ATTRIB.EXE') |
| 2018-12-25T12:43:44.17222373Z | 63 | PC: 13eb1 | Read file or device (Read 28 bytes on handle 5) |
| 2018-12-25T12:43:44.179019295Z | 66 | PC: 13e37 | Move file pointer |
| 2018-12-25T12:43:44.181479084Z | 64 | PC: 13e41 | Write file or device (Write 28 bytes on handle 5) |
| 2018-12-25T12:43:44.185881601Z | 66 | PC: 13e57 | Move file pointer |
| 2018-12-25T12:43:44.187920739Z | 64 | PC: 13e61 | Write file or device (Write 789 bytes on handle 5) |
| 2018-12-25T12:43:44.196823568Z | 87 | PC: 13ec8 | Get or set file date and time |
| 2018-12-25T12:43:44.198771615Z | 62 | PC: 13ecc | Close file |
| 2018-12-25T12:43:44.20401275Z | 67 | PC: 13ed5 | Get or set file attributes |
| 2018-12-25T12:43:44.21077553Z | 37 | PC: 13f28 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:43:44.213782344Z | 26 | PC: 13f30 | Set disk transfer address |
| 2018-12-25T12:43:44.215165001Z | 9 | PC: 12a5c | Display string (Could not find end pointer) |
| 2018-12-25T12:43:44.220399994Z | 76 | PC: 12a61 | Terminate with return code (Return code = '0') |