{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17243,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:55:16.979372537Z | 42 | PC: 12a4c | Get date 0x12a4c: cmp dh, 7 0x12a4f: jne 0x12a5a 0x12a51: mov ah, 9 0x12a53: lea dx, word ptr [si + 0x201] 0x12a57: int 0x21 0x12a59: jmp 0x129e8 0x12a5b: test byte ptr [bx + di], bl 0x12a5d: add dl, byte ptr [bp + 0xbf] 0x12a61: add word ptr [bx + di + 5], di 0x12a65: cld 0x12a66: rep movsb byte ptr es:[di], byte ptr [si] 0x12a68: xchg ax, si 0x12a69: mov ah, 0x1a 0x12a6b: lea dx, word ptr [si + 0x25c] 0x12a6f: int 0x21 0x12a71: mov ah, 0x4e 0x12a73: mov cx, 2 0x12a76: lea dx, word ptr [si + 0x213] 0x12a7a: int 0x21 0x12a7c: jb 0x12a93 |
| 2018-12-25T12:55:16.98229421Z | 26 | PC: 12a71 | Set disk transfer address |
| 2018-12-25T12:55:16.983848629Z | 78 | PC: 12a7c | Find first file |
| 2018-12-25T12:55:16.990919788Z | 67 | PC: 12b1f | Get or set file attributes |
| 2018-12-25T12:55:17.008827928Z | 61 | PC: 12b1f | Open file (See above) |
| 2018-12-25T12:55:17.016251157Z | 63 | PC: 12b77 | Read file or device (Read 5 bytes on handle 5) |
| 2018-12-25T12:55:17.023261312Z | 66 | PC: 12b77 | Move file pointer (See above) |
| 2018-12-25T12:55:17.024834054Z | 63 | PC: 12b77 | Read file or device (See above) |
| 2018-12-25T12:55:17.027773217Z | 64 | PC: 12b77 | Write file or device (See above) |
| 2018-12-25T12:55:17.03659605Z | 66 | PC: 12b77 | Move file pointer (See above) |
| 2018-12-25T12:55:17.038036573Z | 64 | PC: 12b77 | Write file or device (See above) |
| 2018-12-25T12:55:17.045381367Z | 67 | PC: 12b1f | Get or set file attributes (See above) |
| 2018-12-25T12:55:17.058035941Z | 62 | PC: 12b77 | Close file (See above) |
{"DateBased":true,"Day":1,"Month":7,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17243,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:55:17.11894666Z | 42 | PC: 12a4c | Get date 0x12a4c: cmp dh, 7 0x12a4f: jne 0x12a5a 0x12a51: mov ah, 9 0x12a53: lea dx, word ptr [si + 0x201] 0x12a57: int 0x21 0x12a59: jmp 0x129e8 0x12a5b: test byte ptr [bx + di], bl 0x12a5d: add dl, byte ptr [bp + 0xbf] 0x12a61: add word ptr [bx + di + 5], di 0x12a65: cld 0x12a66: rep movsb byte ptr es:[di], byte ptr [si] 0x12a68: xchg ax, si 0x12a69: mov ah, 0x1a 0x12a6b: lea dx, word ptr [si + 0x25c] 0x12a6f: int 0x21 0x12a71: mov ah, 0x4e 0x12a73: mov cx, 2 0x12a76: lea dx, word ptr [si + 0x213] 0x12a7a: int 0x21 0x12a7c: jb 0x12a93 |
| 2018-12-25T12:55:17.121357937Z | 9 | PC: 12a59 | Display string (String= '[330]�by ICE-9') |
| 2018-12-25T12:55:17.13714366Z | 64 | PC: 19838 | Write file or device (Write 30 bytes on handle 2) |
| 2018-12-25T12:55:17.140123797Z | 64 | PC: 19838 | Write file or device (See above) |
| 2018-12-25T12:55:17.143247195Z | 64 | PC: 19838 | Write file or device (See above) |
| 2018-12-25T12:55:17.14501179Z | 100 | PC: 19d8b | Set wait for external event flag |
| 2018-12-25T12:55:17.145744556Z | 46 | PC: 13d69 | Set verify flag |