{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7056,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:00:49.839533631Z | 71 | PC: 12b9a | Get current directory |
| 2018-12-25T12:00:49.843295231Z | 53 | PC: 12cdf | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:00:49.844309037Z | 53 | PC: 12bac | Get interrupt vector (Interrupt = '42' AKA 'Get date') |
| 2018-12-25T12:00:49.845485332Z | 37 | PC: 12cef | Set interrupt vector (Interrupt = '42' AKA 'Get date') |
| 2018-12-25T12:00:49.846830001Z | 26 | PC: 12bc6 | Set disk transfer address |
| 2018-12-25T12:00:49.848173145Z | 78 | PC: 12cef | Find first file (See above) |
| 2018-12-25T12:00:49.854692147Z | 61 | PC: 12cef | Open file (See above) |
| 2018-12-25T12:00:49.859421477Z | 63 | PC: 12cef | Read file or device (See above) |
| 2018-12-25T12:00:52.253289919Z | 64 | PC: 12cef | Write file or device (See above) |
| 2018-12-25T12:00:52.267569521Z | 64 | PC: 12cef | Write file or device (See above) |
| 2018-12-25T12:00:52.271430357Z | 62 | PC: 12cef | Close file (See above) |
| 2018-12-25T12:00:52.274687283Z | 59 | PC: 12c3d | Change current directory |
| 2018-12-25T12:00:52.285741612Z | 26 | PC: 12c44 | Set disk transfer address |
| 2018-12-25T12:00:52.287120855Z | 37 | PC: 12cef | Set interrupt vector (See above) |
| 2018-12-25T12:00:52.289255054Z | 42 | PC: 12c56 | Get date 0x12c56: cmp dx, 0x701 0x12c5a: jne 0x12c64 0x12c5c: mov ah, 9 0x12c5e: lea dx, word ptr [si + 0x2e9] 0x12c62: int 0x21 0x12c64: push 0x100 0x12c67: ret 0x12c68: mov ax, word ptr es:[di + 0x11] 0x12c6c: mov word ptr es:[di + 0x15], ax 0x12c70: sub ax, 3 0x12c73: mov word ptr [si + 0x2e6], ax 0x12c77: mov ah, 0x40 0x12c79: mov cx, 0x22e 0x12c7c: nop 0x12c7d: lea dx, word ptr [si + 0x104] 0x12c81: call 0x12ce8 0x12c84: mov word ptr es:[di + 0x15], 0 0x12c8a: mov ah, 0x40 0x12c8c: mov cx, 4 0x12c8f: lea dx, word ptr [si + 0x2e5] |
{"DateBased":true,"Day":1,"Month":7,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7056,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:00:50.044419357Z | 71 | PC: 12b9a | Get current directory |
| 2018-12-25T12:00:50.047882302Z | 53 | PC: 12cdf | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:00:50.048935223Z | 53 | PC: 12bac | Get interrupt vector (Interrupt = '42' AKA 'Get date') |
| 2018-12-25T12:00:50.049947255Z | 37 | PC: 12cef | Set interrupt vector (Interrupt = '42' AKA 'Get date') |
| 2018-12-25T12:00:50.051036453Z | 26 | PC: 12bc6 | Set disk transfer address |
| 2018-12-25T12:00:50.052104427Z | 78 | PC: 12cef | Find first file (See above) |
| 2018-12-25T12:00:50.057783723Z | 61 | PC: 12cef | Open file (See above) |
| 2018-12-25T12:00:50.066594998Z | 63 | PC: 12cef | Read file or device (See above) |
| 2018-12-25T12:00:52.452290661Z | 64 | PC: 12cef | Write file or device (See above) |
| 2018-12-25T12:00:52.463485812Z | 64 | PC: 12cef | Write file or device (See above) |
| 2018-12-25T12:00:52.46636606Z | 62 | PC: 12cef | Close file (See above) |
| 2018-12-25T12:00:52.469024552Z | 59 | PC: 12c3d | Change current directory |
| 2018-12-25T12:00:52.477681667Z | 26 | PC: 12c44 | Set disk transfer address |
| 2018-12-25T12:00:52.478743584Z | 37 | PC: 12cef | Set interrupt vector (See above) |
| 2018-12-25T12:00:52.480441564Z | 42 | PC: 12c56 | Get date 0x12c56: cmp dx, 0x701 0x12c5a: jne 0x12c64 0x12c5c: mov ah, 9 0x12c5e: lea dx, word ptr [si + 0x2e9] 0x12c62: int 0x21 0x12c64: push 0x100 0x12c67: ret 0x12c68: mov ax, word ptr es:[di + 0x11] 0x12c6c: mov word ptr es:[di + 0x15], ax 0x12c70: sub ax, 3 0x12c73: mov word ptr [si + 0x2e6], ax 0x12c77: mov ah, 0x40 0x12c79: mov cx, 0x22e 0x12c7c: nop 0x12c7d: lea dx, word ptr [si + 0x104] 0x12c81: call 0x12ce8 0x12c84: mov word ptr es:[di + 0x15], 0 0x12c8a: mov ah, 0x40 0x12c8c: mov cx, 4 0x12c8f: lea dx, word ptr [si + 0x2e5] |