{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9228,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:22:42.542801814Z | 47 | PC: 132d7 | Get disk transfer address |
| 2018-12-25T12:22:42.545072817Z | 26 | PC: 132ec | Set disk transfer address |
| 2018-12-25T12:22:42.547458572Z | 78 | PC: 132f5 | Find first file |
| 2018-12-25T12:22:42.554489147Z | 61 | PC: 132ff | Open file (Filename = 'TEST.EXE') |
| 2018-12-25T12:22:42.56207212Z | 63 | PC: 13318 | Read file or device (Read 28 bytes on handle 5) |
| 2018-12-25T12:22:42.565201399Z | 62 | PC: 1332b | Close file |
| 2018-12-25T12:22:42.567054362Z | 79 | PC: 1332f | Find next file |
| 2018-12-25T12:22:42.569616337Z | 59 | PC: 13486 | Change current directory |
| 2018-12-25T12:22:42.580301547Z | 26 | PC: 13494 | Set disk transfer address |
| 2018-12-25T12:22:42.581376124Z | 42 | PC: 1349a | Get date 0x1349a: cmp dl, 0xd 0x1349d: jne 0x134a7 0x1349f: cmp dh, 7 0x134a2: jne 0x134a7 0x134a4: call 0x134e4 0x134a7: xor ax, ax 0x134a9: mov ds, ax 0x134ab: mov si, 0x90 0x134ae: mov ax, word ptr cs:[0x43b] 0x134b2: mov bx, word ptr cs:[0x43d] 0x134b7: mov word ptr [si], ax 0x134b9: mov word ptr [si + 2], bx 0x134bc: mov ds, word ptr cs:[0x44b] 0x134c1: mov es, word ptr cs:[0x451] 0x134c6: cli 0x134c7: mov ss, word ptr cs:[0x447] 0x134cc: mov sp, word ptr cs:[0x449] 0x134d1: xor ax, ax 0x134d3: xor bx, bx 0x134d5: xor cx, cx |
| 2018-12-25T12:22:42.583495342Z | 9 | PC: 1325a | Display string (Could not find end pointer) |
| 2018-12-25T12:22:42.586094723Z | 76 | PC: 1325f | Terminate with return code (Return code = '0') |
{"DateBased":true,"Day":13,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9228,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:22:42.882898229Z | 47 | PC: 132d7 | Get disk transfer address |
| 2018-12-25T12:22:42.885766726Z | 26 | PC: 132ec | Set disk transfer address |
| 2018-12-25T12:22:42.887105665Z | 78 | PC: 132f5 | Find first file |
| 2018-12-25T12:22:42.893272905Z | 61 | PC: 132ff | Open file (Filename = 'TEST.EXE') |
| 2018-12-25T12:22:42.901128826Z | 63 | PC: 13318 | Read file or device (Read 28 bytes on handle 5) |
| 2018-12-25T12:22:42.903714499Z | 62 | PC: 1332b | Close file |
| 2018-12-25T12:22:42.905391304Z | 79 | PC: 1332f | Find next file |
| 2018-12-25T12:22:42.907973514Z | 59 | PC: 13486 | Change current directory |
| 2018-12-25T12:22:42.912760572Z | 26 | PC: 13494 | Set disk transfer address |
| 2018-12-25T12:22:42.91373775Z | 42 | PC: 1349a | Get date 0x1349a: cmp dl, 0xd 0x1349d: jne 0x134a7 0x1349f: cmp dh, 7 0x134a2: jne 0x134a7 0x134a4: call 0x134e4 0x134a7: xor ax, ax 0x134a9: mov ds, ax 0x134ab: mov si, 0x90 0x134ae: mov ax, word ptr cs:[0x43b] 0x134b2: mov bx, word ptr cs:[0x43d] 0x134b7: mov word ptr [si], ax 0x134b9: mov word ptr [si + 2], bx 0x134bc: mov ds, word ptr cs:[0x44b] 0x134c1: mov es, word ptr cs:[0x451] 0x134c6: cli 0x134c7: mov ss, word ptr cs:[0x447] 0x134cc: mov sp, word ptr cs:[0x449] 0x134d1: xor ax, ax 0x134d3: xor bx, bx 0x134d5: xor cx, cx |
| 2018-12-25T12:22:42.915379454Z | 9 | PC: 1325a | Display string (Could not find end pointer) |
| 2018-12-25T12:22:42.917339252Z | 76 | PC: 1325f | Terminate with return code (Return code = '0') |
{"DateBased":true,"Day":13,"Month":7,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9228,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:22:43.130581736Z | 47 | PC: 132d7 | Get disk transfer address |
| 2018-12-25T12:22:43.132021549Z | 26 | PC: 132ec | Set disk transfer address |
| 2018-12-25T12:22:43.133020753Z | 78 | PC: 132f5 | Find first file |
| 2018-12-25T12:22:43.140258514Z | 61 | PC: 132ff | Open file (Filename = 'TEST.EXE') |
| 2018-12-25T12:22:43.147784027Z | 63 | PC: 13318 | Read file or device (Read 28 bytes on handle 5) |
| 2018-12-25T12:22:43.150111421Z | 62 | PC: 1332b | Close file |
| 2018-12-25T12:22:43.151621431Z | 79 | PC: 1332f | Find next file |
| 2018-12-25T12:22:43.153634369Z | 59 | PC: 13486 | Change current directory |
| 2018-12-25T12:22:43.158410309Z | 26 | PC: 13494 | Set disk transfer address |
| 2018-12-25T12:22:43.159488785Z | 42 | PC: 1349a | Get date 0x1349a: cmp dl, 0xd 0x1349d: jne 0x134a7 0x1349f: cmp dh, 7 0x134a2: jne 0x134a7 0x134a4: call 0x134e4 0x134a7: xor ax, ax 0x134a9: mov ds, ax 0x134ab: mov si, 0x90 0x134ae: mov ax, word ptr cs:[0x43b] 0x134b2: mov bx, word ptr cs:[0x43d] 0x134b7: mov word ptr [si], ax 0x134b9: mov word ptr [si + 2], bx 0x134bc: mov ds, word ptr cs:[0x44b] 0x134c1: mov es, word ptr cs:[0x451] 0x134c6: cli 0x134c7: mov ss, word ptr cs:[0x447] 0x134cc: mov sp, word ptr cs:[0x449] 0x134d1: xor ax, ax 0x134d3: xor bx, bx 0x134d5: xor cx, cx |
| 2018-12-25T12:22:43.16210191Z | 53 | PC: 134e9 | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo') |
| 2018-12-25T12:22:43.171957016Z | 82 | PC: 134fd | Get DOS internal pointers (SYSVARS) |
| 2018-12-25T12:22:43.173272352Z | 37 | PC: 13544 | Set interrupt vector (Interrupt = '8' AKA 'Console input without echo') |
| 2018-12-25T12:22:43.174460351Z | 9 | PC: 1325a | Display string (Could not find end pointer) |
| 2018-12-25T12:22:43.177622163Z | 76 | PC: 1325f | Terminate with return code (Return code = '0') |