{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3626,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:49:45.667656586Z | 48 | PC: 13042 | Get DOS version |
| 2018-12-25T11:49:45.670145181Z | 44 | PC: 1304a | Get time 0x1304a: mov byte ptr [0x103], dl 0x1304e: mov ah, 0x2a 0x13050: int 0x21 0x13052: cmp dl, 0x19 0x13055: jl 0x1305b 0x13057: cmp al, 5 0x13059: je 0x1305e 0x1305b: jmp 0x130d2 0x1305d: nop 0x1305e: mov si, 0x138 0x13061: mov ax, 0xb800 0x13064: mov es, ax 0x13066: mov di, 0 0x13069: mov cx, 0x504 0x1306c: call 0x13074 0x1306f: jmp 0x1306f 0x13071: jmp 0x130fe 0x13074: jcxz 0x130d1 0x13076: mov dx, di 0x13078: xor ax, ax |
| 2018-12-25T11:49:45.679115152Z | 42 | PC: 13052 | Get date 0x13052: cmp dl, 0x19 0x13055: jl 0x1305b 0x13057: cmp al, 5 0x13059: je 0x1305e 0x1305b: jmp 0x130d2 0x1305d: nop 0x1305e: mov si, 0x138 0x13061: mov ax, 0xb800 0x13064: mov es, ax 0x13066: mov di, 0 0x13069: mov cx, 0x504 0x1306c: call 0x13074 0x1306f: jmp 0x1306f 0x13071: jmp 0x130fe 0x13074: jcxz 0x130d1 0x13076: mov dx, di 0x13078: xor ax, ax 0x1307a: cld 0x1307b: lodsb al, byte ptr [si] 0x1307c: cmp al, 0x20 |
| 2018-12-25T11:49:45.685479661Z | 26 | PC: 130d9 | Set disk transfer address |
| 2018-12-25T11:49:45.686847943Z | 25 | PC: 130dd | Get default drive |
| 2018-12-25T11:49:45.689278108Z | 71 | PC: 130e8 | Get current directory |
| 2018-12-25T11:49:45.6922369Z | 59 | PC: 130ef | Change current directory |
| 2018-12-25T11:49:45.697292926Z | 78 | PC: 130f9 | Find first file |
| 2018-12-25T11:49:45.703626268Z | 79 | PC: 13105 | Find next file |
| 2018-12-25T11:49:45.705130696Z | 87 | PC: 131e1 | Get or set file date and time |
| 2018-12-25T11:49:45.706447009Z | 67 | PC: 131ed | Get or set file attributes |
| 2018-12-25T11:49:45.712464288Z | 59 | PC: 131f4 | Change current directory |
| 2018-12-25T11:49:45.715385503Z | 59 | PC: 131fb | Change current directory |
| 2018-12-25T11:49:45.717004125Z | 76 | PC: 13200 | Terminate with return code (Return code = '0') |
{"DateBased":true,"Day":25,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3626,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:49:45.689295103Z | 48 | PC: 13042 | Get DOS version |
| 2018-12-25T11:49:45.690940003Z | 44 | PC: 1304a | Get time 0x1304a: mov byte ptr [0x103], dl 0x1304e: mov ah, 0x2a 0x13050: int 0x21 0x13052: cmp dl, 0x19 0x13055: jl 0x1305b 0x13057: cmp al, 5 0x13059: je 0x1305e 0x1305b: jmp 0x130d2 0x1305d: nop 0x1305e: mov si, 0x138 0x13061: mov ax, 0xb800 0x13064: mov es, ax 0x13066: mov di, 0 0x13069: mov cx, 0x504 0x1306c: call 0x13074 0x1306f: jmp 0x1306f 0x13071: jmp 0x130fe 0x13074: jcxz 0x130d1 0x13076: mov dx, di 0x13078: xor ax, ax |
| 2018-12-25T11:49:45.693605525Z | 42 | PC: 13052 | Get date 0x13052: cmp dl, 0x19 0x13055: jl 0x1305b 0x13057: cmp al, 5 0x13059: je 0x1305e 0x1305b: jmp 0x130d2 0x1305d: nop 0x1305e: mov si, 0x138 0x13061: mov ax, 0xb800 0x13064: mov es, ax 0x13066: mov di, 0 0x13069: mov cx, 0x504 0x1306c: call 0x13074 0x1306f: jmp 0x1306f 0x13071: jmp 0x130fe 0x13074: jcxz 0x130d1 0x13076: mov dx, di 0x13078: xor ax, ax 0x1307a: cld 0x1307b: lodsb al, byte ptr [si] 0x1307c: cmp al, 0x20 |
{"DateBased":true,"Day":26,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3626,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:49:45.71901769Z | 48 | PC: 13042 | Get DOS version |
| 2018-12-25T11:49:45.721217806Z | 44 | PC: 1304a | Get time 0x1304a: mov byte ptr [0x103], dl 0x1304e: mov ah, 0x2a 0x13050: int 0x21 0x13052: cmp dl, 0x19 0x13055: jl 0x1305b 0x13057: cmp al, 5 0x13059: je 0x1305e 0x1305b: jmp 0x130d2 0x1305d: nop 0x1305e: mov si, 0x138 0x13061: mov ax, 0xb800 0x13064: mov es, ax 0x13066: mov di, 0 0x13069: mov cx, 0x504 0x1306c: call 0x13074 0x1306f: jmp 0x1306f 0x13071: jmp 0x130fe 0x13074: jcxz 0x130d1 0x13076: mov dx, di 0x13078: xor ax, ax |
| 2018-12-25T11:49:45.723604466Z | 42 | PC: 13052 | Get date 0x13052: cmp dl, 0x19 0x13055: jl 0x1305b 0x13057: cmp al, 5 0x13059: je 0x1305e 0x1305b: jmp 0x130d2 0x1305d: nop 0x1305e: mov si, 0x138 0x13061: mov ax, 0xb800 0x13064: mov es, ax 0x13066: mov di, 0 0x13069: mov cx, 0x504 0x1306c: call 0x13074 0x1306f: jmp 0x1306f 0x13071: jmp 0x130fe 0x13074: jcxz 0x130d1 0x13076: mov dx, di 0x13078: xor ax, ax 0x1307a: cld 0x1307b: lodsb al, byte ptr [si] 0x1307c: cmp al, 0x20 |
| 2018-12-25T11:49:45.726023779Z | 26 | PC: 130d9 | Set disk transfer address |
| 2018-12-25T11:49:45.727755922Z | 25 | PC: 130dd | Get default drive |
| 2018-12-25T11:49:45.729410261Z | 71 | PC: 130e8 | Get current directory |
| 2018-12-25T11:49:45.732548365Z | 59 | PC: 130ef | Change current directory |
| 2018-12-25T11:49:45.737160595Z | 78 | PC: 130f9 | Find first file |
| 2018-12-25T11:49:45.741816779Z | 79 | PC: 13105 | Find next file |
| 2018-12-25T11:49:45.743585715Z | 87 | PC: 131e1 | Get or set file date and time |
| 2018-12-25T11:49:45.744747685Z | 67 | PC: 131ed | Get or set file attributes |
| 2018-12-25T11:49:45.752914615Z | 59 | PC: 131f4 | Change current directory |
| 2018-12-25T11:49:45.75687261Z | 59 | PC: 131fb | Change current directory |
| 2018-12-25T11:49:45.758588099Z | 76 | PC: 13200 | Terminate with return code (Return code = '0') |