{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3130,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:48:25.554170203Z | 18 | PC: 150e0 | Find next file |
| 2018-12-25T11:48:25.561195646Z | 72 | PC: 14fe5 | Allocate memory |
| 2018-12-25T11:48:25.563221114Z | 98 | PC: 14feb | Get current PSP |
| 2018-12-25T11:48:25.564375645Z | 74 | PC: 14ffe | Reallocate memory |
| 2018-12-25T11:48:25.568074505Z | 72 | PC: 14fe5 | Allocate memory (See above) |
| 2018-12-25T11:48:25.569386503Z | 18 | PC: 9f4ec | Find next file |
| 2018-12-25T11:48:25.570581996Z | 42 | PC: 9f51a | Get date 0x9f51a: cmp al, 0 0x9f51c: jne 0x9f54b 0x9f51e: mov ah, 2 0x9f520: int 0x1a 0x9f522: cmp cx, 0x2200 0x9f526: jbe 0x9f54b 0x9f528: mov cx, word ptr es:[0x20] 0x9f52d: mov dx, word ptr es:[0x22] 0x9f532: mov word ptr cs:[0xe7], cx 0x9f537: mov word ptr cs:[0xe9], dx 0x9f53c: pop cx 0x9f53d: mov word ptr es:[0x20], 0x142 0x9f544: mov word ptr es:[0x22], cx 0x9f549: jmp 0x9f54c 0x9f54b: pop cx 0x9f54c: pop es 0x9f54d: pop ds 0x9f54e: pop dx 0x9f54f: pop cx 0x9f550: pop bx |
| 2018-12-25T11:48:25.572542877Z | 42 | PC: 9f66c | Get date 0x9f66c: cmp dl, 0x16 0x9f66f: jne 0x9f677 0x9f671: call 0x9f953 0x9f674: call 0x9f9f8 0x9f677: mov cx, cs 0x9f679: mov ds, cx 0x9f67b: mov ax, word ptr cs:[0x172] 0x9f67f: mov bx, word ptr cs:[0x170] 0x9f684: pop ss 0x9f685: pop es 0x9f686: pop ds 0x9f687: mov cx, ds 0x9f689: add ax, cx 0x9f68b: add ax, 0x10 0x9f68e: mov sp, word ptr cs:[0x176] 0x9f693: add ax, word ptr cs:[0x174] 0x9f698: mov ss, ax 0x9f69a: sub ax, word ptr cs:[0x174] 0x9f69f: push ax 0x9f6a0: push bx |
| 2018-12-25T11:48:25.574274347Z | 9 | PC: 14f4a | Display string (Could not find end pointer) |
| 2018-12-25T11:48:25.577453274Z | 76 | PC: 14f50 | Terminate with return code (Return code = '0') |
{"DateBased":true,"Day":6,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3130,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:48:25.720962619Z | 18 | PC: 150e0 | Find next file |
| 2018-12-25T11:48:25.723177099Z | 72 | PC: 14fe5 | Allocate memory |
| 2018-12-25T11:48:25.725030912Z | 98 | PC: 14feb | Get current PSP |
| 2018-12-25T11:48:25.726019033Z | 74 | PC: 14ffe | Reallocate memory |
| 2018-12-25T11:48:25.728019696Z | 72 | PC: 14fe5 | Allocate memory (See above) |
| 2018-12-25T11:48:25.729848862Z | 18 | PC: 9f4ec | Find next file |
| 2018-12-25T11:48:25.731559809Z | 42 | PC: 9f51a | Get date 0x9f51a: cmp al, 0 0x9f51c: jne 0x9f54b 0x9f51e: mov ah, 2 0x9f520: int 0x1a 0x9f522: cmp cx, 0x2200 0x9f526: jbe 0x9f54b 0x9f528: mov cx, word ptr es:[0x20] 0x9f52d: mov dx, word ptr es:[0x22] 0x9f532: mov word ptr cs:[0xe7], cx 0x9f537: mov word ptr cs:[0xe9], dx 0x9f53c: pop cx 0x9f53d: mov word ptr es:[0x20], 0x142 0x9f544: mov word ptr es:[0x22], cx 0x9f549: jmp 0x9f54c 0x9f54b: pop cx 0x9f54c: pop es 0x9f54d: pop ds 0x9f54e: pop dx 0x9f54f: pop cx 0x9f550: pop bx |
| 2018-12-25T11:48:25.734433064Z | 42 | PC: 9f66c | Get date 0x9f66c: cmp dl, 0x16 0x9f66f: jne 0x9f677 0x9f671: call 0x9f953 0x9f674: call 0x9f9f8 0x9f677: mov cx, cs 0x9f679: mov ds, cx 0x9f67b: mov ax, word ptr cs:[0x172] 0x9f67f: mov bx, word ptr cs:[0x170] 0x9f684: pop ss 0x9f685: pop es 0x9f686: pop ds 0x9f687: mov cx, ds 0x9f689: add ax, cx 0x9f68b: add ax, 0x10 0x9f68e: mov sp, word ptr cs:[0x176] 0x9f693: add ax, word ptr cs:[0x174] 0x9f698: mov ss, ax 0x9f69a: sub ax, word ptr cs:[0x174] 0x9f69f: push ax 0x9f6a0: push bx |
| 2018-12-25T11:48:25.736869169Z | 9 | PC: 14f4a | Display string (Could not find end pointer) |
| 2018-12-25T11:48:25.742698342Z | 76 | PC: 14f50 | Terminate with return code (Return code = '0') |
{"DateBased":true,"Day":22,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3130,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:48:26.128720415Z | 18 | PC: 150e0 | Find next file |
| 2018-12-25T11:48:26.134879874Z | 72 | PC: 14fe5 | Allocate memory |
| 2018-12-25T11:48:26.136364739Z | 98 | PC: 14feb | Get current PSP |
| 2018-12-25T11:48:26.137079382Z | 74 | PC: 14ffe | Reallocate memory |
| 2018-12-25T11:48:26.139332089Z | 72 | PC: 14fe5 | Allocate memory (See above) |
| 2018-12-25T11:48:26.141480544Z | 18 | PC: 9f4ec | Find next file |
| 2018-12-25T11:48:26.143598295Z | 42 | PC: 9f51a | Get date 0x9f51a: cmp al, 0 0x9f51c: jne 0x9f54b 0x9f51e: mov ah, 2 0x9f520: int 0x1a 0x9f522: cmp cx, 0x2200 0x9f526: jbe 0x9f54b 0x9f528: mov cx, word ptr es:[0x20] 0x9f52d: mov dx, word ptr es:[0x22] 0x9f532: mov word ptr cs:[0xe7], cx 0x9f537: mov word ptr cs:[0xe9], dx 0x9f53c: pop cx 0x9f53d: mov word ptr es:[0x20], 0x142 0x9f544: mov word ptr es:[0x22], cx 0x9f549: jmp 0x9f54c 0x9f54b: pop cx 0x9f54c: pop es 0x9f54d: pop ds 0x9f54e: pop dx 0x9f54f: pop cx 0x9f550: pop bx |
| 2018-12-25T11:48:26.146284456Z | 42 | PC: 9f66c | Get date 0x9f66c: cmp dl, 0x16 0x9f66f: jne 0x9f677 0x9f671: call 0x9f953 0x9f674: call 0x9f9f8 0x9f677: mov cx, cs 0x9f679: mov ds, cx 0x9f67b: mov ax, word ptr cs:[0x172] 0x9f67f: mov bx, word ptr cs:[0x170] 0x9f684: pop ss 0x9f685: pop es 0x9f686: pop ds 0x9f687: mov cx, ds 0x9f689: add ax, cx 0x9f68b: add ax, 0x10 0x9f68e: mov sp, word ptr cs:[0x176] 0x9f693: add ax, word ptr cs:[0x174] 0x9f698: mov ss, ax 0x9f69a: sub ax, word ptr cs:[0x174] 0x9f69f: push ax 0x9f6a0: push bx |
| 2018-12-25T11:48:30.519668272Z | 9 | PC: 14f4a | Display string (Could not find end pointer) |
| 2018-12-25T11:48:30.525909537Z | 76 | PC: 14f50 | Terminate with return code (Return code = '0') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3130,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:48:26.224533359Z | 18 | PC: 150e0 | Find next file |
| 2018-12-25T11:48:26.226518061Z | 72 | PC: 14fe5 | Allocate memory |
| 2018-12-25T11:48:26.228060193Z | 98 | PC: 14feb | Get current PSP |
| 2018-12-25T11:48:26.228795481Z | 74 | PC: 14ffe | Reallocate memory |
| 2018-12-25T11:48:26.230489904Z | 72 | PC: 14fe5 | Allocate memory (See above) |
| 2018-12-25T11:48:26.232368535Z | 18 | PC: 9f4ec | Find next file |
| 2018-12-25T11:48:26.233955742Z | 42 | PC: 9f51a | Get date 0x9f51a: cmp al, 0 0x9f51c: jne 0x9f54b 0x9f51e: mov ah, 2 0x9f520: int 0x1a 0x9f522: cmp cx, 0x2200 0x9f526: jbe 0x9f54b 0x9f528: mov cx, word ptr es:[0x20] 0x9f52d: mov dx, word ptr es:[0x22] 0x9f532: mov word ptr cs:[0xe7], cx 0x9f537: mov word ptr cs:[0xe9], dx 0x9f53c: pop cx 0x9f53d: mov word ptr es:[0x20], 0x142 0x9f544: mov word ptr es:[0x22], cx 0x9f549: jmp 0x9f54c 0x9f54b: pop cx 0x9f54c: pop es 0x9f54d: pop ds 0x9f54e: pop dx 0x9f54f: pop cx 0x9f550: pop bx |
| 2018-12-25T11:48:26.236584859Z | 42 | PC: 9f66c | Get date 0x9f66c: cmp dl, 0x16 0x9f66f: jne 0x9f677 0x9f671: call 0x9f953 0x9f674: call 0x9f9f8 0x9f677: mov cx, cs 0x9f679: mov ds, cx 0x9f67b: mov ax, word ptr cs:[0x172] 0x9f67f: mov bx, word ptr cs:[0x170] 0x9f684: pop ss 0x9f685: pop es 0x9f686: pop ds 0x9f687: mov cx, ds 0x9f689: add ax, cx 0x9f68b: add ax, 0x10 0x9f68e: mov sp, word ptr cs:[0x176] 0x9f693: add ax, word ptr cs:[0x174] 0x9f698: mov ss, ax 0x9f69a: sub ax, word ptr cs:[0x174] 0x9f69f: push ax 0x9f6a0: push bx |
| 2018-12-25T11:48:26.239033865Z | 9 | PC: 14f4a | Display string (Could not find end pointer) |
| 2018-12-25T11:48:26.244341915Z | 76 | PC: 14f50 | Terminate with return code (Return code = '0') |