{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16690,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:53:36.459611755Z | 47 | PC: 16881 | Get disk transfer address |
| 2018-12-25T12:53:36.46548745Z | 53 | PC: 16894 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:53:36.467034223Z | 42 | PC: 1735d | Get date 0x1735d: nop 0x1735e: nop 0x1735f: mov word ptr [0x4000], cx 0x17363: nop 0x17364: nop 0x17365: nop 0x17366: mov word ptr [0x4002], dx 0x1736a: nop 0x1736b: mov ah, 0x2c 0x1736d: nop 0x1736e: nop 0x1736f: nop 0x17370: int 0x21 0x17372: nop 0x17373: nop 0x17374: nop 0x17375: nop 0x17376: sbb word ptr [0x4000], cx 0x1737a: nop 0x1737b: nop |
| 2018-12-25T12:53:36.469560125Z | 44 | PC: 17372 | Get time 0x17372: nop 0x17373: nop 0x17374: nop 0x17375: nop 0x17376: sbb word ptr [0x4000], cx 0x1737a: nop 0x1737b: nop 0x1737c: xor word ptr [0x4002], dx 0x17380: nop 0x17381: nop 0x17382: popaw 0x17383: nop 0x17384: ret 0x17385: nop 0x17386: nop 0x17387: nop 0x17388: pushaw 0x17389: nop 0x1738a: nop 0x1738b: nop |
| 2018-12-25T12:53:36.472277132Z | 37 | PC: 168d8 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:53:36.474814625Z | 26 | PC: 168e3 | Set disk transfer address |
| 2018-12-25T12:53:36.484415547Z | 78 | PC: 16966 | Find first file |
| 2018-12-25T12:53:36.491173895Z | 67 | PC: 1697d | Get or set file attributes |
| 2018-12-25T12:53:36.498125627Z | 67 | PC: 1699a | Get or set file attributes |
| 2018-12-25T12:53:36.524918227Z | 61 | PC: 169a5 | Open file (Filename = 'TEST.EXE') |
| 2018-12-25T12:53:36.532685079Z | 87 | PC: 169b9 | Get or set file date and time |
| 2018-12-25T12:53:36.536342654Z | 63 | PC: 169d5 | Read file or device (Read 32 bytes on handle 5) |
| 2018-12-25T12:53:36.541285354Z | 87 | PC: 16b45 | Get or set file date and time |
| 2018-12-25T12:53:36.543438934Z | 62 | PC: 16b4b | Close file |
| 2018-12-25T12:53:36.552173889Z | 67 | PC: 16b63 | Get or set file attributes |
| 2018-12-25T12:53:36.563573805Z | 79 | PC: 16966 | Find next file (See above) |
| 2018-12-25T12:53:36.566663667Z | 37 | PC: 16b81 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:53:36.56876508Z | 26 | PC: 16b92 | Set disk transfer address |
| 2018-12-25T12:53:36.570701948Z | 42 | PC: 173db | Get date 0x173db: nop 0x173dc: nop 0x173dd: nop 0x173de: nop 0x173df: cmp dx, 0x918 0x173e3: nop 0x173e4: nop 0x173e5: nop 0x173e6: jne 0x1771d 0x173ea: nop 0x173eb: nop 0x173ec: nop 0x173ed: mov ax, 0x43 0x173f0: nop 0x173f1: test ax, 1 0x173f4: nop 0x173f5: nop 0x173f6: nop 0x173f7: jne 0x1771d 0x173fb: nop |
| 2018-12-25T12:53:36.573549433Z | 9 | PC: 12aeb | Display string (Could not find end pointer) |
| 2018-12-25T12:53:36.582160701Z | 76 | PC: 12af0 | Terminate with return code (Return code = '0') |
{"DateBased":true,"Day":24,"Month":9,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16690,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:53:36.70044252Z | 47 | PC: 16881 | Get disk transfer address |
| 2018-12-25T12:53:36.701807716Z | 53 | PC: 16894 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:53:36.702593078Z | 42 | PC: 1735d | Get date 0x1735d: nop 0x1735e: nop 0x1735f: mov word ptr [0x4000], cx 0x17363: nop 0x17364: nop 0x17365: nop 0x17366: mov word ptr [0x4002], dx 0x1736a: nop 0x1736b: mov ah, 0x2c 0x1736d: nop 0x1736e: nop 0x1736f: nop 0x17370: int 0x21 0x17372: nop 0x17373: nop 0x17374: nop 0x17375: nop 0x17376: sbb word ptr [0x4000], cx 0x1737a: nop 0x1737b: nop |
| 2018-12-25T12:53:36.703849085Z | 44 | PC: 17372 | Get time 0x17372: nop 0x17373: nop 0x17374: nop 0x17375: nop 0x17376: sbb word ptr [0x4000], cx 0x1737a: nop 0x1737b: nop 0x1737c: xor word ptr [0x4002], dx 0x17380: nop 0x17381: nop 0x17382: popaw 0x17383: nop 0x17384: ret 0x17385: nop 0x17386: nop 0x17387: nop 0x17388: pushaw 0x17389: nop 0x1738a: nop 0x1738b: nop |
| 2018-12-25T12:53:36.705594127Z | 37 | PC: 168d8 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:53:36.706308579Z | 26 | PC: 168e3 | Set disk transfer address |
| 2018-12-25T12:53:36.706974181Z | 78 | PC: 16966 | Find first file |
| 2018-12-25T12:53:36.710752091Z | 67 | PC: 1697d | Get or set file attributes |
| 2018-12-25T12:53:36.714162715Z | 67 | PC: 1699a | Get or set file attributes |
| 2018-12-25T12:53:36.728046186Z | 61 | PC: 169a5 | Open file (Filename = 'TEST.EXE') |
| 2018-12-25T12:53:36.73707485Z | 87 | PC: 169b9 | Get or set file date and time |
| 2018-12-25T12:53:36.738193689Z | 63 | PC: 169d5 | Read file or device (Read 32 bytes on handle 5) |
| 2018-12-25T12:53:36.739945125Z | 87 | PC: 16b45 | Get or set file date and time |
| 2018-12-25T12:53:36.741391506Z | 62 | PC: 16b4b | Close file |
| 2018-12-25T12:53:36.749681844Z | 67 | PC: 16b63 | Get or set file attributes |
| 2018-12-25T12:53:36.761597265Z | 79 | PC: 16966 | Find next file (See above) |
| 2018-12-25T12:53:36.764197277Z | 37 | PC: 16b81 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:53:36.765849021Z | 26 | PC: 16b92 | Set disk transfer address |
| 2018-12-25T12:53:36.766811869Z | 42 | PC: 173db | Get date 0x173db: nop 0x173dc: nop 0x173dd: nop 0x173de: nop 0x173df: cmp dx, 0x918 0x173e3: nop 0x173e4: nop 0x173e5: nop 0x173e6: jne 0x1771d 0x173ea: nop 0x173eb: nop 0x173ec: nop 0x173ed: mov ax, 0x43 0x173f0: nop 0x173f1: test ax, 1 0x173f4: nop 0x173f5: nop 0x173f6: nop 0x173f7: jne 0x1771d 0x173fb: nop |
| 2018-12-25T12:53:36.769281235Z | 9 | PC: 12aeb | Display string (Could not find end pointer) |
| 2018-12-25T12:53:36.775575432Z | 76 | PC: 12af0 | Terminate with return code (Return code = '0') |