{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":564,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:41:21.331482568Z | 42 | PC: 12a90 | Get date 0x12a90: cmp al, 0 0x12a92: jne 0x12ae3 0x12a94: mov ah, 9 0x12a96: mov dx, 0x4a4 0x12a99: int 0x21 0x12a9b: mov ax, 0x201 0x12a9e: mov dx, 0x80 0x12aa1: mov cx, 1 0x12aa4: push cs 0x12aa5: pop es 0x12aa6: mov bx, 0x7e8 0x12aa9: int 0x13 0x12aab: jae 0x12aaf 0x12aad: jmp 0x12ae3 0x12aaf: add bx, 0x1be 0x12ab3: cmp byte ptr [bx], 0x80 0x12ab6: jne 0x12ae3 0x12ab8: mov ax, 0x201 0x12abb: mov dl, 0x80 0x12abd: mov dh, byte ptr [bx + 1] |
| 2018-12-25T11:41:21.336107011Z | 26 | PC: 12b7b | Set disk transfer address |
| 2018-12-25T11:41:21.337632907Z | 78 | PC: 12b8d | Find first file |
| 2018-12-25T11:41:21.344296539Z | 79 | PC: 12b9e | Find next file |
| 2018-12-25T11:41:21.34699683Z | 79 | PC: 12b9e | Find next file (See above) |
| 2018-12-25T11:41:21.353189217Z | 61 | PC: 12be7 | Open file (Filename = '\*.*') |
| 2018-12-25T11:41:21.359063274Z | 79 | PC: 12b9e | Find next file (See above) |
| 2018-12-25T11:41:21.362384424Z | 61 | PC: 12be7 | Open file (See above) |
| 2018-12-25T11:41:21.368351456Z | 79 | PC: 12b9e | Find next file (See above) |
| 2018-12-25T11:41:21.371147286Z | 61 | PC: 12be7 | Open file (See above) |
| 2018-12-25T11:41:21.376337459Z | 79 | PC: 12b9e | Find next file (See above) |
| 2018-12-25T11:41:21.37958426Z | 61 | PC: 12be7 | Open file (See above) |
| 2018-12-25T11:41:21.391039035Z | 79 | PC: 12b9e | Find next file (See above) |
| 2018-12-25T11:41:21.39821207Z | 61 | PC: 12be7 | Open file (See above) |
| 2018-12-25T11:41:21.404371711Z | 79 | PC: 12b9e | Find next file (See above) |
| 2018-12-25T11:41:21.407192371Z | 61 | PC: 12be7 | Open file (See above) |
| 2018-12-25T11:41:21.41252283Z | 79 | PC: 12b9e | Find next file (See above) |
| 2018-12-25T11:41:21.415875745Z | 61 | PC: 12be7 | Open file (See above) |
| 2018-12-25T11:41:21.421219895Z | 79 | PC: 12b9e | Find next file (See above) |
| 2018-12-25T11:41:21.42406644Z | 26 | PC: 12b7b | Set disk transfer address (See above) |
| 2018-12-25T11:41:21.426227935Z | 78 | PC: 12b8d | Find first file (See above) |
| 2018-12-25T11:41:21.432624721Z | 9 | PC: 12b66 | Display string (Could not find end pointer) |
| 2018-12-25T11:41:21.437006769Z | 76 | PC: 12b6d | Terminate with return code (Return code = '9') |
{"DateBased":true,"Day":6,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":564,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:41:21.331348536Z | 42 | PC: 12a90 | Get date 0x12a90: cmp al, 0 0x12a92: jne 0x12ae3 0x12a94: mov ah, 9 0x12a96: mov dx, 0x4a4 0x12a99: int 0x21 0x12a9b: mov ax, 0x201 0x12a9e: mov dx, 0x80 0x12aa1: mov cx, 1 0x12aa4: push cs 0x12aa5: pop es 0x12aa6: mov bx, 0x7e8 0x12aa9: int 0x13 0x12aab: jae 0x12aaf 0x12aad: jmp 0x12ae3 0x12aaf: add bx, 0x1be 0x12ab3: cmp byte ptr [bx], 0x80 0x12ab6: jne 0x12ae3 0x12ab8: mov ax, 0x201 0x12abb: mov dl, 0x80 0x12abd: mov dh, byte ptr [bx + 1] |
| 2018-12-25T11:41:21.333632798Z | 9 | PC: 12a9b | Display string (String= '[XtZ] by dEAdhEAd (16.01.97) ') |
| 2018-12-25T11:41:21.670574853Z | 26 | PC: 12b7b | Set disk transfer address |
| 2018-12-25T11:41:21.672479046Z | 78 | PC: 12b8d | Find first file |
| 2018-12-25T11:41:21.679498345Z | 79 | PC: 12b9e | Find next file |
| 2018-12-25T11:41:21.68410716Z | 79 | PC: 12b9e | Find next file (See above) |
| 2018-12-25T11:41:21.687135388Z | 61 | PC: 12be7 | Open file (Filename = '\*.*') |
| 2018-12-25T11:41:21.692357968Z | 79 | PC: 12b9e | Find next file (See above) |
| 2018-12-25T11:41:21.696181034Z | 61 | PC: 12be7 | Open file (See above) |
| 2018-12-25T11:41:21.701448274Z | 79 | PC: 12b9e | Find next file (See above) |
| 2018-12-25T11:41:21.704534123Z | 61 | PC: 12be7 | Open file (See above) |
| 2018-12-25T11:41:21.711085116Z | 79 | PC: 12b9e | Find next file (See above) |
| 2018-12-25T11:41:21.71407659Z | 61 | PC: 12be7 | Open file (See above) |
| 2018-12-25T11:41:21.719176339Z | 79 | PC: 12b9e | Find next file (See above) |
| 2018-12-25T11:41:21.722071388Z | 61 | PC: 12be7 | Open file (See above) |
| 2018-12-25T11:41:21.727635048Z | 79 | PC: 12b9e | Find next file (See above) |
| 2018-12-25T11:41:21.730330612Z | 61 | PC: 12be7 | Open file (See above) |
| 2018-12-25T11:41:21.735321684Z | 79 | PC: 12b9e | Find next file (See above) |
| 2018-12-25T11:41:21.738127281Z | 61 | PC: 12be7 | Open file (See above) |
| 2018-12-25T11:41:21.743293535Z | 79 | PC: 12b9e | Find next file (See above) |
| 2018-12-25T11:41:21.745832395Z | 26 | PC: 12b7b | Set disk transfer address (See above) |
| 2018-12-25T11:41:21.747520076Z | 78 | PC: 12b8d | Find first file (See above) |
| 2018-12-25T11:41:21.753840508Z | 9 | PC: 12b66 | Display string (Could not find end pointer) |
| 2018-12-25T11:41:21.759728787Z | 76 | PC: 12b6d | Terminate with return code (Return code = '9') |