{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17692,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:56:22.760038852Z | 42 | PC: 12ac6 | Get date 0x12ac6: cmp al, 5 0x12ac8: jne 0x12ad8 0x12aca: mov ax, word ptr es:[0x46c] 0x12ace: test ax, 0x61 0x12ad1: jne 0x12ad8 0x12ad3: or word ptr [0x7a8], 4 0x12ad8: mov ax, word ptr es:[0x8e] 0x12adc: mov word ptr [0x7a2], ax 0x12adf: mov ax, word ptr es:[0x8c] 0x12ae3: mov word ptr [0x7a0], ax 0x12ae6: mov word ptr es:[0x8e], cs 0x12aeb: mov word ptr es:[0x8c], 0x2e9 0x12af2: mov ax, word ptr es:[0x92] 0x12af6: mov word ptr [0x7a6], ax 0x12af9: mov ax, word ptr es:[0x90] 0x12afd: mov word ptr [0x7a4], ax 0x12b00: mov word ptr es:[0x92], cs 0x12b05: mov word ptr es:[0x90], 0x2ea 0x12b0c: mov ah, 0x30 0x12b0e: int 0x21 |
| 2018-12-25T12:56:22.763495718Z | 48 | PC: 12b10 | Get DOS version |
| 2018-12-25T12:56:22.764507801Z | 26 | PC: 12bd6 | Set disk transfer address |
| 2018-12-25T12:56:22.765514397Z | 78 | PC: 12be0 | Find first file |
| 2018-12-25T12:56:22.772296619Z | 61 | PC: 12c4e | Open file (Filename = 'p') |
| 2018-12-25T12:56:22.778967381Z | 63 | PC: 12c5f | Read file or device (Read 24 bytes on handle 5) |
| 2018-12-25T12:56:22.781344448Z | 66 | PC: 12ca1 | Move file pointer |
| 2018-12-25T12:56:22.783148556Z | 63 | PC: 12cb0 | Read file or device (Read 16 bytes on handle 5) |
| 2018-12-25T12:56:22.786012224Z | 62 | PC: 12d71 | Close file |
| 2018-12-25T12:56:22.787676675Z | 79 | PC: 12c46 | Find next file |
| 2018-12-25T12:56:22.790708309Z | 55 | PC: 12b1d | Get or set switch character |
| 2018-12-25T12:56:22.792019191Z | 26 | PC: 12bb7 | Set disk transfer address |
{"DateBased":true,"Day":4,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17692,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:56:22.881977257Z | 42 | PC: 12ac6 | Get date 0x12ac6: cmp al, 5 0x12ac8: jne 0x12ad8 0x12aca: mov ax, word ptr es:[0x46c] 0x12ace: test ax, 0x61 0x12ad1: jne 0x12ad8 0x12ad3: or word ptr [0x7a8], 4 0x12ad8: mov ax, word ptr es:[0x8e] 0x12adc: mov word ptr [0x7a2], ax 0x12adf: mov ax, word ptr es:[0x8c] 0x12ae3: mov word ptr [0x7a0], ax 0x12ae6: mov word ptr es:[0x8e], cs 0x12aeb: mov word ptr es:[0x8c], 0x2e9 0x12af2: mov ax, word ptr es:[0x92] 0x12af6: mov word ptr [0x7a6], ax 0x12af9: mov ax, word ptr es:[0x90] 0x12afd: mov word ptr [0x7a4], ax 0x12b00: mov word ptr es:[0x92], cs 0x12b05: mov word ptr es:[0x90], 0x2ea 0x12b0c: mov ah, 0x30 0x12b0e: int 0x21 |
| 2018-12-25T12:56:22.898217178Z | 48 | PC: 12b10 | Get DOS version |
| 2018-12-25T12:56:22.899638312Z | 26 | PC: 12bd6 | Set disk transfer address |
| 2018-12-25T12:56:22.900928972Z | 78 | PC: 12be0 | Find first file |
| 2018-12-25T12:56:22.908542599Z | 61 | PC: 12c4e | Open file (Filename = 'p') |
| 2018-12-25T12:56:22.915829486Z | 63 | PC: 12c5f | Read file or device (Read 24 bytes on handle 5) |
| 2018-12-25T12:56:22.918832724Z | 66 | PC: 12ca1 | Move file pointer |
| 2018-12-25T12:56:22.922855816Z | 63 | PC: 12cb0 | Read file or device (Read 16 bytes on handle 5) |
| 2018-12-25T12:56:22.926801873Z | 62 | PC: 12d71 | Close file |
| 2018-12-25T12:56:22.929324627Z | 79 | PC: 12c46 | Find next file |
| 2018-12-25T12:56:22.9330993Z | 55 | PC: 12b1d | Get or set switch character |
| 2018-12-25T12:56:22.936119618Z | 26 | PC: 12bb7 | Set disk transfer address |