{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":139,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:40:17.134124965Z | 26 | PC: 17c45 | Set disk transfer address |
| 2018-12-25T11:40:17.1365902Z | 42 | PC: 17c4c | Get date 0x17c4c: cmp al, 2 0x17c4e: jne 0x17c53 0x17c50: call 0x17d5b 0x17c53: jmp 0x17c55 0x17c55: mov word ptr [si + 0x5c], 0x7feb 0x17c5a: push si 0x17c5b: mov di, 0xfc00 0x17c5e: xor si, si 0x17c60: mov cx, 0x100 0x17c63: rep movsb byte ptr es:[di], byte ptr [si] 0x17c65: pop si 0x17c66: mov word ptr [si + 0x5c], 0xbf56 0x17c6b: push si 0x17c6c: mov di, 0x100 0x17c6f: add si, 0x21a 0x17c73: mov cx, 4 0x17c76: rep movsb byte ptr es:[di], byte ptr [si] 0x17c78: pop si 0x17c79: mov ah, 0x4e 0x17c7b: lea dx, word ptr [si + 0x210] |
{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":139,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:40:17.259827528Z | 26 | PC: 17c45 | Set disk transfer address |
| 2018-12-25T11:40:17.262366641Z | 42 | PC: 17c4c | Get date 0x17c4c: cmp al, 2 0x17c4e: jne 0x17c53 0x17c50: call 0x17d5b 0x17c53: jmp 0x17c55 0x17c55: mov word ptr [si + 0x5c], 0x7feb 0x17c5a: push si 0x17c5b: mov di, 0xfc00 0x17c5e: xor si, si 0x17c60: mov cx, 0x100 0x17c63: rep movsb byte ptr es:[di], byte ptr [si] 0x17c65: pop si 0x17c66: mov word ptr [si + 0x5c], 0xbf56 0x17c6b: push si 0x17c6c: mov di, 0x100 0x17c6f: add si, 0x21a 0x17c73: mov cx, 4 0x17c76: rep movsb byte ptr es:[di], byte ptr [si] 0x17c78: pop si 0x17c79: mov ah, 0x4e 0x17c7b: lea dx, word ptr [si + 0x210] |
| 2018-12-25T11:40:17.264710075Z | 42 | PC: 17cdd | Get date 0x17cdd: cmp byte ptr [si + 0x21d], 0x5e 0x17ce2: je 0x17d3f 0x17ce4: mov ax, 0x5700 0x17ce7: int 0x21 0x17ce9: push cx 0x17cea: push dx 0x17ceb: push es 0x17cec: push bx 0x17ced: mov ax, 0x1220 0x17cf0: int 0x2f 0x17cf2: mov bl, byte ptr es:[di] 0x17cf5: mov ax, 0x1216 0x17cf8: int 0x2f 0x17cfa: mov byte ptr es:[di + 2], 2 0x17cff: pop bx 0x17d00: pop es 0x17d01: mov ax, 0x4202 0x17d04: xor cx, cx 0x17d06: xor dx, dx 0x17d08: int 0x21 |
| 2018-12-25T11:40:17.267030951Z | 87 | PC: 17ce9 | Get or set file date and time |
| 2018-12-25T11:40:17.27051344Z | 66 | PC: 17d0a | Move file pointer |
| 2018-12-25T11:40:17.272443163Z | 64 | PC: 17d24 | Write file or device (Write 1585 bytes on handle 0) |
| 2018-12-25T11:40:17.279452648Z | 66 | PC: 17d2d | Move file pointer |
| 2018-12-25T11:40:17.281995595Z | 64 | PC: 17d38 | Write file or device (Write 4 bytes on handle 0) |
| 2018-12-25T11:40:17.285480624Z | 87 | PC: 17d3f | Get or set file date and time |
| 2018-12-25T11:40:17.287585838Z | 62 | PC: 17d43 | Close file |
| 2018-12-25T11:40:17.290141186Z | 79 | PC: 17d47 | Find next file |