{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":638,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:41:24.115635946Z | 48 | PC: 13036 | Get DOS version |
| 2018-12-25T11:41:24.117046502Z | 44 | PC: 1303e | Get time 0x1303e: mov byte ptr [0x103], dl 0x13042: mov ah, 0x2a 0x13044: int 0x21 0x13046: cmp dl, 0x19 0x13049: jl 0x1304f 0x1304b: cmp al, 5 0x1304d: je 0x13052 0x1304f: jmp 0x130c6 0x13051: nop 0x13052: mov si, 0x138 0x13055: mov ax, 0xb800 0x13058: mov es, ax 0x1305a: mov di, 0 0x1305d: mov cx, 0x504 0x13060: call 0x13068 0x13063: jmp 0x13063 0x13065: jmp 0x130f2 0x13068: jcxz 0x130c5 0x1306a: mov dx, di 0x1306c: xor ax, ax |
| 2018-12-25T11:41:24.118977265Z | 42 | PC: 13046 | Get date 0x13046: cmp dl, 0x19 0x13049: jl 0x1304f 0x1304b: cmp al, 5 0x1304d: je 0x13052 0x1304f: jmp 0x130c6 0x13051: nop 0x13052: mov si, 0x138 0x13055: mov ax, 0xb800 0x13058: mov es, ax 0x1305a: mov di, 0 0x1305d: mov cx, 0x504 0x13060: call 0x13068 0x13063: jmp 0x13063 0x13065: jmp 0x130f2 0x13068: jcxz 0x130c5 0x1306a: mov dx, di 0x1306c: xor ax, ax 0x1306e: cld 0x1306f: lodsb al, byte ptr [si] 0x13070: cmp al, 0x20 |
| 2018-12-25T11:41:24.120858427Z | 26 | PC: 130cd | Set disk transfer address |
| 2018-12-25T11:41:24.121889554Z | 25 | PC: 130d1 | Get default drive |
| 2018-12-25T11:41:24.123344688Z | 71 | PC: 130dc | Get current directory |
| 2018-12-25T11:41:24.126281816Z | 59 | PC: 130e3 | Change current directory |
| 2018-12-25T11:41:24.130289225Z | 78 | PC: 130ed | Find first file |
| 2018-12-25T11:41:24.13608989Z | 87 | PC: 131d1 | Get or set file date and time |
| 2018-12-25T11:41:24.137381506Z | 67 | PC: 131dd | Get or set file attributes |
| 2018-12-25T11:41:24.14266668Z | 59 | PC: 131e4 | Change current directory |
| 2018-12-25T11:41:24.146718563Z | 59 | PC: 131eb | Change current directory |
| 2018-12-25T11:41:24.148236546Z | 76 | PC: 131f0 | Terminate with return code (Return code = '0') |
{"DateBased":true,"Day":25,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":638,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:41:24.30830307Z | 48 | PC: 13036 | Get DOS version |
| 2018-12-25T11:41:24.309923227Z | 44 | PC: 1303e | Get time 0x1303e: mov byte ptr [0x103], dl 0x13042: mov ah, 0x2a 0x13044: int 0x21 0x13046: cmp dl, 0x19 0x13049: jl 0x1304f 0x1304b: cmp al, 5 0x1304d: je 0x13052 0x1304f: jmp 0x130c6 0x13051: nop 0x13052: mov si, 0x138 0x13055: mov ax, 0xb800 0x13058: mov es, ax 0x1305a: mov di, 0 0x1305d: mov cx, 0x504 0x13060: call 0x13068 0x13063: jmp 0x13063 0x13065: jmp 0x130f2 0x13068: jcxz 0x130c5 0x1306a: mov dx, di 0x1306c: xor ax, ax |
| 2018-12-25T11:41:24.312169851Z | 42 | PC: 13046 | Get date 0x13046: cmp dl, 0x19 0x13049: jl 0x1304f 0x1304b: cmp al, 5 0x1304d: je 0x13052 0x1304f: jmp 0x130c6 0x13051: nop 0x13052: mov si, 0x138 0x13055: mov ax, 0xb800 0x13058: mov es, ax 0x1305a: mov di, 0 0x1305d: mov cx, 0x504 0x13060: call 0x13068 0x13063: jmp 0x13063 0x13065: jmp 0x130f2 0x13068: jcxz 0x130c5 0x1306a: mov dx, di 0x1306c: xor ax, ax 0x1306e: cld 0x1306f: lodsb al, byte ptr [si] 0x13070: cmp al, 0x20 |
{"DateBased":true,"Day":26,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":638,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:41:24.470600442Z | 48 | PC: 13036 | Get DOS version |
| 2018-12-25T11:41:24.472128664Z | 44 | PC: 1303e | Get time 0x1303e: mov byte ptr [0x103], dl 0x13042: mov ah, 0x2a 0x13044: int 0x21 0x13046: cmp dl, 0x19 0x13049: jl 0x1304f 0x1304b: cmp al, 5 0x1304d: je 0x13052 0x1304f: jmp 0x130c6 0x13051: nop 0x13052: mov si, 0x138 0x13055: mov ax, 0xb800 0x13058: mov es, ax 0x1305a: mov di, 0 0x1305d: mov cx, 0x504 0x13060: call 0x13068 0x13063: jmp 0x13063 0x13065: jmp 0x130f2 0x13068: jcxz 0x130c5 0x1306a: mov dx, di 0x1306c: xor ax, ax |
| 2018-12-25T11:41:24.474051615Z | 42 | PC: 13046 | Get date 0x13046: cmp dl, 0x19 0x13049: jl 0x1304f 0x1304b: cmp al, 5 0x1304d: je 0x13052 0x1304f: jmp 0x130c6 0x13051: nop 0x13052: mov si, 0x138 0x13055: mov ax, 0xb800 0x13058: mov es, ax 0x1305a: mov di, 0 0x1305d: mov cx, 0x504 0x13060: call 0x13068 0x13063: jmp 0x13063 0x13065: jmp 0x130f2 0x13068: jcxz 0x130c5 0x1306a: mov dx, di 0x1306c: xor ax, ax 0x1306e: cld 0x1306f: lodsb al, byte ptr [si] 0x13070: cmp al, 0x20 |
| 2018-12-25T11:41:24.47601695Z | 26 | PC: 130cd | Set disk transfer address |
| 2018-12-25T11:41:24.47727505Z | 25 | PC: 130d1 | Get default drive |
| 2018-12-25T11:41:24.478187929Z | 71 | PC: 130dc | Get current directory |
| 2018-12-25T11:41:24.480771856Z | 59 | PC: 130e3 | Change current directory |
| 2018-12-25T11:41:24.484933646Z | 78 | PC: 130ed | Find first file |
| 2018-12-25T11:41:24.494961781Z | 87 | PC: 131d1 | Get or set file date and time |
| 2018-12-25T11:41:24.496297302Z | 67 | PC: 131dd | Get or set file attributes |
| 2018-12-25T11:41:24.506714384Z | 59 | PC: 131e4 | Change current directory |
| 2018-12-25T11:41:24.515358268Z | 59 | PC: 131eb | Change current directory |
| 2018-12-25T11:41:24.516935688Z | 76 | PC: 131f0 | Terminate with return code (Return code = '0') |