{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":8640,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:21:36.151164065Z | 53 | PC: 13f2b | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:21:36.152889354Z | 44 | PC: 13f55 | Get time 0x13f55: cmp cl, 0 0x13f58: jne 0x13f5d 0x13f5a: call 0x13fa9 0x13f5d: popf 0x13f5e: mov ax, 0x100 0x13f61: push ax 0x13f62: ret 0x13f63: add si, 3 0x13f66: mov ax, cs 0x13f68: mov es, ax 0x13f6a: mov di, 0x100 0x13f6d: mov cx, 3 0x13f70: rep movsb byte ptr es:[di], byte ptr [si] 0x13f72: sub si, 6 0x13f75: ret 0x13f76: mov ax, 0x4202 0x13f79: xor cx, cx 0x13f7b: mov dx, 0 0x13f7e: int 0x21 0x13f80: mov dx, ax |
| 2018-12-25T12:21:36.154851648Z | 9 | PC: 13fb6 | Display string (Could not find end pointer) |
{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":1,"Second":0,"TimeBased":true,"OriginalID":8640,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:21:36.340423217Z | 53 | PC: 13f2b | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:21:36.342139753Z | 44 | PC: 13f55 | Get time 0x13f55: cmp cl, 0 0x13f58: jne 0x13f5d 0x13f5a: call 0x13fa9 0x13f5d: popf 0x13f5e: mov ax, 0x100 0x13f61: push ax 0x13f62: ret 0x13f63: add si, 3 0x13f66: mov ax, cs 0x13f68: mov es, ax 0x13f6a: mov di, 0x100 0x13f6d: mov cx, 3 0x13f70: rep movsb byte ptr es:[di], byte ptr [si] 0x13f72: sub si, 6 0x13f75: ret 0x13f76: mov ax, 0x4202 0x13f79: xor cx, cx 0x13f7b: mov dx, 0 0x13f7e: int 0x21 0x13f80: mov dx, ax |
| 2018-12-25T12:21:36.344074672Z | 9 | PC: 12a85 | Display string (String= ' ') |
| 2018-12-25T12:21:36.349246449Z | 0 | PC: 12a89 | Program terminate |