{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13078,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:37:26.20080779Z | 74 | PC: 13de9 | Reallocate memory |
| 2018-12-25T12:37:26.202902626Z | 25 | PC: 13df9 | Get default drive |
| 2018-12-25T12:37:26.204080769Z | 26 | PC: 13ed5 | Set disk transfer address |
| 2018-12-25T12:37:26.205100699Z | 42 | PC: 13ed9 | Get date 0x13ed9: cmp dh, 9 0x13edc: je 0x13edc 0x13ede: cld 0x13edf: mov si, 0x2a8 0x13ee2: add si, di 0x13ee4: mov di, 0x100 0x13ee7: mov cx, 4 0x13eea: rep movsb byte ptr es:[di], byte ptr [si] 0x13eec: popf 0x13eed: mov bx, 0x100 0x13ef0: jmp bx 0x13ef2: push es 0x13ef3: mov ax, 0x40 0x13ef6: mov es, ax 0x13ef8: mov dx, word ptr es:[0x6c] 0x13efd: mov word ptr cs:[di + 0x114], dx 0x13f02: pop es 0x13f03: push di 0x13f04: mov si, di 0x13f06: add si, 0x119 |
| 2018-12-25T12:37:26.207731637Z | 9 | PC: 13dc6 | Display string (String= 'CDEFG-This is a 5000 byte COM test, 1994 ') |
{"DateBased":true,"Day":1,"Month":9,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13078,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:37:27.013691491Z | 74 | PC: 13de9 | Reallocate memory |
| 2018-12-25T12:37:27.015645852Z | 25 | PC: 13df9 | Get default drive |
| 2018-12-25T12:37:27.01656736Z | 26 | PC: 13ed5 | Set disk transfer address |
| 2018-12-25T12:37:27.017643785Z | 42 | PC: 13ed9 | Get date 0x13ed9: cmp dh, 9 0x13edc: je 0x13edc 0x13ede: cld 0x13edf: mov si, 0x2a8 0x13ee2: add si, di 0x13ee4: mov di, 0x100 0x13ee7: mov cx, 4 0x13eea: rep movsb byte ptr es:[di], byte ptr [si] 0x13eec: popf 0x13eed: mov bx, 0x100 0x13ef0: jmp bx 0x13ef2: push es 0x13ef3: mov ax, 0x40 0x13ef6: mov es, ax 0x13ef8: mov dx, word ptr es:[0x6c] 0x13efd: mov word ptr cs:[di + 0x114], dx 0x13f02: pop es 0x13f03: push di 0x13f04: mov si, di 0x13f06: add si, 0x119 |