{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":668,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:41:25.117974675Z | 25 | PC: 12a5e | Get default drive |
| 2018-12-25T11:41:25.120258559Z | 14 | PC: 12a68 | Set default drive (Drive = 'C') |
| 2018-12-25T11:41:25.121978629Z | 71 | PC: 12a71 | Get current directory |
| 2018-12-25T11:41:25.125039233Z | 59 | PC: 12a79 | Change current directory |
| 2018-12-25T11:41:25.136713569Z | 26 | PC: 12a81 | Set disk transfer address |
| 2018-12-25T11:41:25.138198082Z | 71 | PC: 12a8a | Get current directory |
| 2018-12-25T11:41:25.140473126Z | 53 | PC: 12a8f | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T11:41:25.141672756Z | 37 | PC: 12aa0 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T11:41:25.143881501Z | 78 | PC: 12aab | Find first file |
| 2018-12-25T11:41:25.149696638Z | 59 | PC: 12ab7 | Change current directory |
| 2018-12-25T11:41:25.163781911Z | 42 | PC: 12b69 | Get date 0x12b69: cmp dl, 0x1e 0x12b6c: je 0x12b70 0x12b6e: jmp 0x12bb9 0x12b70: mov ah, 0x4e 0x12b72: mov cx, 7 0x12b75: lea dx, word ptr [bp + 0x508] 0x12b79: int 0x21 0x12b7b: jae 0x12b7f 0x12b7d: jmp 0x12b9c 0x12b7f: mov ax, 0x3d02 0x12b82: lea dx, word ptr [bp + 0x55e] 0x12b86: int 0x21 0x12b88: xchg ax, bx 0x12b89: mov ah, 0x40 0x12b8b: mov cx, 0x71 0x12b8e: lea dx, word ptr [bp + 0x2b5] 0x12b92: int 0x21 0x12b94: mov ah, 0x3e 0x12b96: int 0x21 0x12b98: mov ah, 0x4f |
| 2018-12-25T11:41:25.166700753Z | 59 | PC: 12bc1 | Change current directory |
| 2018-12-25T11:41:25.16935834Z | 37 | PC: 12bca | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T11:41:25.171548928Z | 26 | PC: 12bd2 | Set disk transfer address |
{"DateBased":true,"Day":30,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":668,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:41:25.10508581Z | 25 | PC: 12a5e | Get default drive |
| 2018-12-25T11:41:25.106766963Z | 14 | PC: 12a68 | Set default drive (Drive = 'C') |
| 2018-12-25T11:41:25.108607302Z | 71 | PC: 12a71 | Get current directory |
| 2018-12-25T11:41:25.111180732Z | 59 | PC: 12a79 | Change current directory |
| 2018-12-25T11:41:25.122949593Z | 26 | PC: 12a81 | Set disk transfer address |
| 2018-12-25T11:41:25.125028851Z | 71 | PC: 12a8a | Get current directory |
| 2018-12-25T11:41:25.127824588Z | 53 | PC: 12a8f | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T11:41:25.129295462Z | 37 | PC: 12aa0 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T11:41:25.131767381Z | 78 | PC: 12aab | Find first file |
| 2018-12-25T11:41:25.138599414Z | 59 | PC: 12ab7 | Change current directory |
| 2018-12-25T11:41:25.14318391Z | 42 | PC: 12b69 | Get date 0x12b69: cmp dl, 0x1e 0x12b6c: je 0x12b70 0x12b6e: jmp 0x12bb9 0x12b70: mov ah, 0x4e 0x12b72: mov cx, 7 0x12b75: lea dx, word ptr [bp + 0x508] 0x12b79: int 0x21 0x12b7b: jae 0x12b7f 0x12b7d: jmp 0x12b9c 0x12b7f: mov ax, 0x3d02 0x12b82: lea dx, word ptr [bp + 0x55e] 0x12b86: int 0x21 0x12b88: xchg ax, bx 0x12b89: mov ah, 0x40 0x12b8b: mov cx, 0x71 0x12b8e: lea dx, word ptr [bp + 0x2b5] 0x12b92: int 0x21 0x12b94: mov ah, 0x3e 0x12b96: int 0x21 0x12b98: mov ah, 0x4f |
| 2018-12-25T11:41:25.146591783Z | 78 | PC: 12b7b | Find first file |
| 2018-12-25T11:41:25.152567374Z | 9 | PC: 12ba4 | Display string (Could not find end pointer) |
| 2018-12-25T11:41:25.170759986Z | 59 | PC: 12bc1 | Change current directory |
| 2018-12-25T11:41:25.17368024Z | 37 | PC: 12bca | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T11:41:25.175403026Z | 26 | PC: 12bd2 | Set disk transfer address |