{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8110,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:03:24.7904085Z | 42 | PC: 12fcf | Get date 0x12fcf: cmp dh, 0xc 0x12fd2: je 0x13020 0x12fd4: mov ah, 0xb 0x12fd6: int 0x21 0x12fd8: mov ax, 0xfa01 0x12fdb: mov dx, 0x5945 0x12fde: int 0x21 0x12fe0: jmp 0x12fe7 0x12fe2: nop 0x12fe3: mov ah, 0x4c 0x12fe5: int 0x21 0x12fe7: mov ah, 0x2a 0x12fe9: jmp 0x12fec 0x12feb: nop 0x12fec: int 0x21 0x12fee: cmp dl, 4 0x12ff1: jne 0x13048 0x12ff3: cmp dh, 0xa 0x12ff6: jne 0x13048 0x12ff8: mov cx, 0 |
| 2018-12-25T12:03:24.79344761Z | 11 | PC: 12fd8 | Get input status |
| 2018-12-25T12:03:24.797852877Z | 250 | PC: 12fe0 | UNKNOWN! |
| 2018-12-25T12:03:24.799207219Z | 42 | PC: 12fee | Get date 0x12fee: cmp dl, 4 0x12ff1: jne 0x13048 0x12ff3: cmp dh, 0xa 0x12ff6: jne 0x13048 0x12ff8: mov cx, 0 0x12ffb: mov bx, 0x37a 0x12ffe: mov cx, 0x3f 0x13001: nop 0x13002: mov al, byte ptr [bx] 0x13004: sub al, 0x41 0x13006: mov byte ptr [bx], al 0x13008: inc bx 0x13009: loop 0x13002 0x1300b: lea dx, word ptr [bp + 0x37a] 0x1300f: jmp 0x13012 0x13011: nop 0x13012: mov ah, 9 0x13014: jmp 0x13017 0x13016: nop 0x13017: int 0x21 |
| 2018-12-25T12:03:24.802179956Z | 71 | PC: 1305b | Get current directory |
| 2018-12-25T12:03:24.806571325Z | 71 | PC: 1306b | Get current directory |
| 2018-12-25T12:03:24.810335953Z | 47 | PC: 1310a | Get disk transfer address |
| 2018-12-25T12:03:24.812220046Z | 26 | PC: 13123 | Set disk transfer address |
| 2018-12-25T12:03:24.817868303Z | 78 | PC: 13136 | Find first file |
| 2018-12-25T12:03:24.824989529Z | 67 | PC: 1315b | Get or set file attributes |
| 2018-12-25T12:03:24.842946347Z | 61 | PC: 13163 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:03:24.856788535Z | 63 | PC: 1317d | Read file or device (Read 28 bytes on handle 5) |
| 2018-12-25T12:03:24.865671807Z | 66 | PC: 131cf | Move file pointer |
| 2018-12-25T12:03:24.86762321Z | 62 | PC: 13264 | Close file |
| 2018-12-25T12:03:24.869880322Z | 67 | PC: 13286 | Get or set file attributes |
| 2018-12-25T12:03:24.877796629Z | 79 | PC: 13145 | Find next file |
| 2018-12-25T12:03:24.880807591Z | 67 | PC: 1315b | Get or set file attributes (See above) |
| 2018-12-25T12:03:24.891413645Z | 61 | PC: 13163 | Open file (See above) |
| 2018-12-25T12:03:24.899319271Z | 63 | PC: 1317d | Read file or device (See above) |
| 2018-12-25T12:03:24.906277777Z | 66 | PC: 131cf | Move file pointer (See above) |
| 2018-12-25T12:03:24.908146383Z | 62 | PC: 13264 | Close file (See above) |
| 2018-12-25T12:03:24.911093342Z | 67 | PC: 13286 | Get or set file attributes (See above) |
| 2018-12-25T12:03:24.916648135Z | 79 | PC: 13145 | Find next file (See above) |
| 2018-12-25T12:03:24.919856915Z | 67 | PC: 1315b | Get or set file attributes (See above) |
| 2018-12-25T12:03:24.93415187Z | 61 | PC: 13163 | Open file (See above) |
| 2018-12-25T12:03:24.942031339Z | 63 | PC: 1317d | Read file or device (See above) |
| 2018-12-25T12:03:24.949415737Z | 66 | PC: 131cf | Move file pointer (See above) |
| 2018-12-25T12:03:24.951381985Z | 62 | PC: 13264 | Close file (See above) |
| 2018-12-25T12:03:24.954129469Z | 67 | PC: 13286 | Get or set file attributes (See above) |
| 2018-12-25T12:03:24.959619255Z | 79 | PC: 13145 | Find next file (See above) |
| 2018-12-25T12:03:24.962724718Z | 67 | PC: 1315b | Get or set file attributes (See above) |
| 2018-12-25T12:03:24.981281309Z | 61 | PC: 13163 | Open file (See above) |
| 2018-12-25T12:03:24.988281029Z | 63 | PC: 1317d | Read file or device (See above) |
| 2018-12-25T12:03:24.996435482Z | 66 | PC: 131cf | Move file pointer (See above) |
| 2018-12-25T12:03:24.999397664Z | 62 | PC: 13264 | Close file (See above) |
| 2018-12-25T12:03:25.001857537Z | 67 | PC: 13286 | Get or set file attributes (See above) |
| 2018-12-25T12:03:25.008058661Z | 79 | PC: 13145 | Find next file (See above) |
| 2018-12-25T12:03:25.012420677Z | 67 | PC: 1315b | Get or set file attributes (See above) |
| 2018-12-25T12:03:25.023690913Z | 61 | PC: 13163 | Open file (See above) |
| 2018-12-25T12:03:25.030877476Z | 63 | PC: 1317d | Read file or device (See above) |
| 2018-12-25T12:03:25.03889047Z | 66 | PC: 131cf | Move file pointer (See above) |
| 2018-12-25T12:03:25.040852115Z | 62 | PC: 13264 | Close file (See above) |
| 2018-12-25T12:03:25.042806377Z | 67 | PC: 13286 | Get or set file attributes (See above) |
| 2018-12-25T12:03:25.047953419Z | 79 | PC: 13145 | Find next file (See above) |
| 2018-12-25T12:03:25.05090242Z | 67 | PC: 1315b | Get or set file attributes (See above) |
| 2018-12-25T12:03:25.06444337Z | 61 | PC: 13163 | Open file (See above) |
| 2018-12-25T12:03:25.071556283Z | 63 | PC: 1317d | Read file or device (See above) |
| 2018-12-25T12:03:25.078981236Z | 66 | PC: 131cf | Move file pointer (See above) |
| 2018-12-25T12:03:25.080633734Z | 62 | PC: 13264 | Close file (See above) |
| 2018-12-25T12:03:25.082509461Z | 67 | PC: 13286 | Get or set file attributes (See above) |
| 2018-12-25T12:03:25.088271768Z | 79 | PC: 13145 | Find next file (See above) |
| 2018-12-25T12:03:25.091070448Z | 67 | PC: 1315b | Get or set file attributes (See above) |
| 2018-12-25T12:03:25.101331726Z | 61 | PC: 13163 | Open file (See above) |
| 2018-12-25T12:03:25.109320241Z | 63 | PC: 1317d | Read file or device (See above) |
| 2018-12-25T12:03:25.116146016Z | 66 | PC: 131cf | Move file pointer (See above) |
| 2018-12-25T12:03:25.117656355Z | 62 | PC: 13264 | Close file (See above) |
| 2018-12-25T12:03:25.122334882Z | 67 | PC: 13286 | Get or set file attributes (See above) |
| 2018-12-25T12:03:25.127565837Z | 79 | PC: 13145 | Find next file (See above) |
| 2018-12-25T12:03:25.130385876Z | 67 | PC: 1315b | Get or set file attributes (See above) |
| 2018-12-25T12:03:25.141588535Z | 61 | PC: 13163 | Open file (See above) |
| 2018-12-25T12:03:25.148761157Z | 63 | PC: 1317d | Read file or device (See above) |
| 2018-12-25T12:03:25.155765261Z | 66 | PC: 131cf | Move file pointer (See above) |
| 2018-12-25T12:03:25.158022512Z | 62 | PC: 13264 | Close file (See above) |
| 2018-12-25T12:03:25.160187955Z | 67 | PC: 13286 | Get or set file attributes (See above) |
| 2018-12-25T12:03:25.165772927Z | 79 | PC: 13145 | Find next file (See above) |
| 2018-12-25T12:03:25.169861396Z | 67 | PC: 1315b | Get or set file attributes (See above) |
| 2018-12-25T12:03:25.180840973Z | 61 | PC: 13163 | Open file (See above) |
| 2018-12-25T12:03:25.189051063Z | 63 | PC: 1317d | Read file or device (See above) |
| 2018-12-25T12:03:25.196939111Z | 62 | PC: 13264 | Close file (See above) |
| 2018-12-25T12:03:25.199587224Z | 67 | PC: 13286 | Get or set file attributes (See above) |
| 2018-12-25T12:03:25.204929493Z | 79 | PC: 13145 | Find next file (See above) |
| 2018-12-25T12:03:25.207701029Z | 26 | PC: 132a2 | Set disk transfer address |
| 2018-12-25T12:03:25.210040606Z | 59 | PC: 13095 | Change current directory |
| 2018-12-25T12:03:25.21455468Z | 59 | PC: 130a4 | Change current directory |
| 2018-12-25T12:03:25.21652596Z | 81 | PC: 130b6 | Get current PSP |
| 2018-12-25T12:03:25.226592742Z | 44 | PC: 12af4 | Get time 0x12af4: mov word ptr [2], cx 0x12af8: mov word ptr [4], dx 0x12afc: push ds 0x12afd: pop es 0x12afe: mov di, 0x25e 0x12b01: mov cx, 0x12c 0x12b04: mov ax, 0 0x12b07: cld 0x12b08: rep stosd dword ptr es:[di], eax 0x12b0a: mov word ptr [0x57e], 1 0x12b10: jmp 0x12b16 0x12b12: inc word ptr [0x57e] 0x12b16: push 0x14 0x12b18: call 0x22a40 0x12b1b: mov di, word ptr [0x57e] 0x12b1f: mov byte ptr [di + 0x519], al 0x12b23: mov di, word ptr [0x57e] 0x12b27: mov byte ptr [di + 0x4b5], 0 0x12b2c: cmp word ptr [0x57e], 0x64 0x12b31: jne 0x12b12 |
{"DateBased":true,"Day":1,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8110,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:03:24.810273077Z | 42 | PC: 12fcf | Get date 0x12fcf: cmp dh, 0xc 0x12fd2: je 0x13020 0x12fd4: mov ah, 0xb 0x12fd6: int 0x21 0x12fd8: mov ax, 0xfa01 0x12fdb: mov dx, 0x5945 0x12fde: int 0x21 0x12fe0: jmp 0x12fe7 0x12fe2: nop 0x12fe3: mov ah, 0x4c 0x12fe5: int 0x21 0x12fe7: mov ah, 0x2a 0x12fe9: jmp 0x12fec 0x12feb: nop 0x12fec: int 0x21 0x12fee: cmp dl, 4 0x12ff1: jne 0x13048 0x12ff3: cmp dh, 0xa 0x12ff6: jne 0x13048 0x12ff8: mov cx, 0 |
| 2018-12-25T12:03:24.81283185Z | 95 | PC: 13028 | Network redirection functions |
| 2018-12-25T12:03:24.814083921Z | 9 | PC: 13045 | Display string (String= ' GError by C.S. (c) 1997 Romania � Gener��a��������n�����a�����KN�����a���a���a��a������') |
| 2018-12-25T12:03:24.822856379Z | 71 | PC: 1305b | Get current directory |
| 2018-12-25T12:03:24.825388172Z | 71 | PC: 1306b | Get current directory |
| 2018-12-25T12:03:24.827164428Z | 47 | PC: 1310a | Get disk transfer address |
| 2018-12-25T12:03:24.828530452Z | 26 | PC: 13123 | Set disk transfer address |
| 2018-12-25T12:03:24.830129074Z | 78 | PC: 13136 | Find first file |
| 2018-12-25T12:03:24.833390643Z | 26 | PC: 132a2 | Set disk transfer address |
| 2018-12-25T12:03:24.834793965Z | 59 | PC: 13095 | Change current directory |
| 2018-12-25T12:03:24.837266112Z | 59 | PC: 130a4 | Change current directory |
| 2018-12-25T12:03:24.840000878Z | 81 | PC: 130b6 | Get current PSP |
| 2018-12-25T12:03:24.84807926Z | 44 | PC: 12af4 | Get time 0x12af4: mov word ptr [2], cx 0x12af8: mov word ptr [4], dx 0x12afc: push ds 0x12afd: pop es 0x12afe: mov di, 0x25e 0x12b01: mov cx, 0x12c 0x12b04: mov ax, 0 0x12b07: cld 0x12b08: rep stosd dword ptr es:[di], eax 0x12b0a: mov word ptr [0x57e], 1 0x12b10: jmp 0x12b16 0x12b12: inc word ptr [0x57e] 0x12b16: push 0x14 0x12b18: call 0x22a40 0x12b1b: mov di, word ptr [0x57e] 0x12b1f: mov byte ptr [di + 0x519], al 0x12b23: mov di, word ptr [0x57e] 0x12b27: mov byte ptr [di + 0x4b5], 0 0x12b2c: cmp word ptr [0x57e], 0x64 0x12b31: jne 0x12b12 |