{"DateBased":true,"Day":1,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2044,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:44:48.515932253Z | 42 | PC: 12aac | Get date 0x12aac: cmp dh, 0xc 0x12aaf: jne 0x12ad7 0x12ab1: cmp dl, 1 0x12ab4: jne 0x12ad7 0x12ab6: mov dx, 0x12a 0x12ab9: mov ah, 9 0x12abb: int 0x21 0x12abd: mov ah, 5 0x12abf: mov al, 2 0x12ac1: mov ch, 0 0x12ac3: mov dh, 0 0x12ac5: mov dl, 0x80 0x12ac7: int 0x13 0x12ac9: mov ah, 6 0x12acb: int 0x13 0x12acd: mov ah, 5 0x12acf: mov dl, 0 0x12ad1: int 0x13 0x12ad3: mov ah, 0x4c 0x12ad5: int 0x21 |
| 2018-12-25T11:44:48.526654702Z | 9 | PC: 12abd | Display string (String= 'Dead Drive Running! ') |
| 2018-12-25T11:44:48.530740897Z | 76 | PC: 12ad7 | Terminate with return code (Return code = '2') |
{"DateBased":true,"Day":2,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2044,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:44:48.951948977Z | 42 | PC: 12aac | Get date 0x12aac: cmp dh, 0xc 0x12aaf: jne 0x12ad7 0x12ab1: cmp dl, 1 0x12ab4: jne 0x12ad7 0x12ab6: mov dx, 0x12a 0x12ab9: mov ah, 9 0x12abb: int 0x21 0x12abd: mov ah, 5 0x12abf: mov al, 2 0x12ac1: mov ch, 0 0x12ac3: mov dh, 0 0x12ac5: mov dl, 0x80 0x12ac7: int 0x13 0x12ac9: mov ah, 6 0x12acb: int 0x13 0x12acd: mov ah, 5 0x12acf: mov dl, 0 0x12ad1: int 0x13 0x12ad3: mov ah, 0x4c 0x12ad5: int 0x21 |
| 2018-12-25T11:44:48.95471305Z | 53 | PC: 12ae9 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T11:44:48.955990169Z | 37 | PC: 12afa | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T11:44:48.957225562Z | 26 | PC: 12b07 | Set disk transfer address |
| 2018-12-25T11:44:48.958925518Z | 78 | PC: 12b11 | Find first file |
| 2018-12-25T11:44:48.9630976Z | 79 | PC: 12b37 | Find next file |
| 2018-12-25T11:44:48.964739827Z | 79 | PC: 12b37 | Find next file (See above) |
| 2018-12-25T11:44:48.966571668Z | 79 | PC: 12b37 | Find next file (See above) |
| 2018-12-25T11:44:48.968500996Z | 79 | PC: 12b37 | Find next file (See above) |
| 2018-12-25T11:44:48.970119199Z | 79 | PC: 12b37 | Find next file (See above) |
| 2018-12-25T11:44:48.971845979Z | 67 | PC: 12b5e | Get or set file attributes |
| 2018-12-25T11:44:48.975901291Z | 67 | PC: 12b68 | Get or set file attributes |
| 2018-12-25T11:44:49.215390617Z | 61 | PC: 12b6d | Open file (Filename = 'MANDEL.COM') |
| 2018-12-25T11:44:49.22659908Z | 87 | PC: 12b76 | Get or set file date and time |
| 2018-12-25T11:44:49.228766253Z | 63 | PC: 12b88 | Read file or device (Read 500 bytes on handle 5) |
| 2018-12-25T11:44:49.23672346Z | 66 | PC: 12b99 | Move file pointer |
| 2018-12-25T11:44:49.238334977Z | 64 | PC: 12baa | Write file or device (Write 291 bytes on handle 5) |
| 2018-12-25T11:44:49.247584776Z | 64 | PC: 12bbb | Write file or device (Write 500 bytes on handle 5) |
| 2018-12-25T11:44:49.255646267Z | 66 | PC: 12bcc | Move file pointer |
| 2018-12-25T11:44:49.257350125Z | 44 | PC: 12bd2 | Get time 0x12bd2: mov byte ptr [0x107], dh 0x12bd6: call 0x22a48 0x12bd9: mov ah, 0x40 0x12bdb: mov dx, 0x100 0x12bde: mov cx, 0x1f4 0x12be1: int 0x21 0x12be3: jb 0x12c27 0x12be5: cmp ax, 0x1f4 0x12be8: jne 0x12c27 0x12bea: jmp 0x12bf8 0x12bec: nop 0x12bed: mov al, 0 0x12bef: iret 0x12bf0: sub byte ptr [di + 0x4d88], cl 0x12bf4: push bp 0x12bf5: add word ptr [bx + 0x11], dx 0x12bf8: mov ax, 0x5701 0x12bfb: mov cx, word ptr [0x2b0] 0x12bff: mov dx, word ptr [0x2b2] 0x12c03: and cl, 0xe0 |
| 2018-12-25T11:44:49.264579234Z | 25 | PC: 12a5c | Get default drive |
| 2018-12-25T11:44:49.265993162Z | 14 | PC: 12a62 | Set default drive (Drive = '') |
| 2018-12-25T11:44:49.267214657Z | 64 | PC: 12be3 | Write file or device (Write 500 bytes on handle 5) |
| 2018-12-25T11:44:49.274746836Z | 87 | PC: 12c0b | Get or set file date and time |
| 2018-12-25T11:44:49.276359075Z | 62 | PC: 12c0f | Close file |
| 2018-12-25T11:44:49.283707822Z | 26 | PC: 12c16 | Set disk transfer address |
| 2018-12-25T11:44:49.286240945Z | 37 | PC: 12c26 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2044,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:44:49.086678302Z | 42 | PC: 12aac | Get date 0x12aac: cmp dh, 0xc 0x12aaf: jne 0x12ad7 0x12ab1: cmp dl, 1 0x12ab4: jne 0x12ad7 0x12ab6: mov dx, 0x12a 0x12ab9: mov ah, 9 0x12abb: int 0x21 0x12abd: mov ah, 5 0x12abf: mov al, 2 0x12ac1: mov ch, 0 0x12ac3: mov dh, 0 0x12ac5: mov dl, 0x80 0x12ac7: int 0x13 0x12ac9: mov ah, 6 0x12acb: int 0x13 0x12acd: mov ah, 5 0x12acf: mov dl, 0 0x12ad1: int 0x13 0x12ad3: mov ah, 0x4c 0x12ad5: int 0x21 |
| 2018-12-25T11:44:49.08880074Z | 53 | PC: 12ae9 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T11:44:49.089675723Z | 37 | PC: 12afa | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T11:44:49.090479523Z | 26 | PC: 12b07 | Set disk transfer address |
| 2018-12-25T11:44:49.091627273Z | 78 | PC: 12b11 | Find first file |
| 2018-12-25T11:44:49.095461693Z | 79 | PC: 12b37 | Find next file |
| 2018-12-25T11:44:49.097040311Z | 79 | PC: 12b37 | Find next file (See above) |
| 2018-12-25T11:44:49.107120579Z | 79 | PC: 12b37 | Find next file (See above) |
| 2018-12-25T11:44:49.108772864Z | 79 | PC: 12b37 | Find next file (See above) |
| 2018-12-25T11:44:49.11039142Z | 79 | PC: 12b37 | Find next file (See above) |
| 2018-12-25T11:44:49.112698147Z | 67 | PC: 12b5e | Get or set file attributes |
| 2018-12-25T11:44:49.118713266Z | 67 | PC: 12b68 | Get or set file attributes |
| 2018-12-25T11:44:49.215051169Z | 61 | PC: 12b6d | Open file (Filename = 'MANDEL.COM') |
| 2018-12-25T11:44:49.219980395Z | 87 | PC: 12b76 | Get or set file date and time |
| 2018-12-25T11:44:49.223455679Z | 63 | PC: 12b88 | Read file or device (Read 500 bytes on handle 5) |
| 2018-12-25T11:44:49.227844412Z | 66 | PC: 12b99 | Move file pointer |
| 2018-12-25T11:44:49.228982217Z | 64 | PC: 12baa | Write file or device (Write 291 bytes on handle 5) |
| 2018-12-25T11:44:49.23497942Z | 64 | PC: 12bbb | Write file or device (Write 500 bytes on handle 5) |
| 2018-12-25T11:44:49.240478313Z | 66 | PC: 12bcc | Move file pointer |
| 2018-12-25T11:44:49.242054945Z | 44 | PC: 12bd2 | Get time 0x12bd2: mov byte ptr [0x107], dh 0x12bd6: call 0x22a48 0x12bd9: mov ah, 0x40 0x12bdb: mov dx, 0x100 0x12bde: mov cx, 0x1f4 0x12be1: int 0x21 0x12be3: jb 0x12c27 0x12be5: cmp ax, 0x1f4 0x12be8: jne 0x12c27 0x12bea: jmp 0x12bf8 0x12bec: nop 0x12bed: mov al, 0 0x12bef: iret 0x12bf0: sub byte ptr [di + 0x4d88], cl 0x12bf4: push bp 0x12bf5: add word ptr [bx + 0x11], dx 0x12bf8: mov ax, 0x5701 0x12bfb: mov cx, word ptr [0x2b0] 0x12bff: mov dx, word ptr [0x2b2] 0x12c03: and cl, 0xe0 |
| 2018-12-25T11:44:49.245624671Z | 25 | PC: 12a5c | Get default drive |
| 2018-12-25T11:44:49.247039005Z | 14 | PC: 12a62 | Set default drive (Drive = '') |
| 2018-12-25T11:44:49.248210691Z | 64 | PC: 12be3 | Write file or device (Write 500 bytes on handle 5) |
| 2018-12-25T11:44:49.256504671Z | 87 | PC: 12c0b | Get or set file date and time |
| 2018-12-25T11:44:49.257993478Z | 62 | PC: 12c0f | Close file |
| 2018-12-25T11:44:49.263563954Z | 26 | PC: 12c16 | Set disk transfer address |
| 2018-12-25T11:44:49.265406034Z | 37 | PC: 12c26 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |