{"DateBased":true,"Day":1,"Month":4,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13318,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:38:00.16824877Z | 42 | PC: 12a8c | Get date 0x12a8c: cmp dh, 4 0x12a8f: jne 0x12a9d 0x12a91: cmp dl, 1 0x12a94: jne 0x12a9d 0x12a96: mov dx, 0x3d8 0x12a99: mov ah, 9 0x12a9b: int 0x21 0x12a9d: mov ax, 0xda00 0x12aa0: int 0x21 0x12aa2: cmp bx, 0x11ff 0x12aa6: jne 0x12aab 0x12aa8: jmp 0x12af2 0x12aaa: nop 0x12aab: cli 0x12aac: mov ax, cs 0x12aae: mov ss, ax 0x12ab0: mov sp, 0x641 0x12ab3: sti 0x12ab4: mov bx, 0x80 0x12ab7: mov ah, 0x4a |
| 2018-12-25T12:38:00.17111833Z | 9 | PC: 12a9d | Display string (String= 'Your PC is Cloned!!') |
| 2018-12-25T12:38:00.177931317Z | 218 | PC: 12aa2 | UNKNOWN! |
| 2018-12-25T12:38:00.179506191Z | 74 | PC: 12abb | Reallocate memory |
| 2018-12-25T12:38:00.181289552Z | 53 | PC: 12ac6 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:38:00.186485433Z | 37 | PC: 12ad6 | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:38:00.189309048Z | 75 | PC: 12b93 | Execute program |
| 2018-12-25T12:38:00.195961922Z | 73 | PC: 12aea | Release memory |
| 2018-12-25T12:38:00.198264091Z | 49 | PC: 12af2 | Terminate and stay resident (Return code = '0' | Memory size = '128') |
{"DateBased":true,"Day":2,"Month":4,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13318,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:38:00.71910939Z | 42 | PC: 12a8c | Get date 0x12a8c: cmp dh, 4 0x12a8f: jne 0x12a9d 0x12a91: cmp dl, 1 0x12a94: jne 0x12a9d 0x12a96: mov dx, 0x3d8 0x12a99: mov ah, 9 0x12a9b: int 0x21 0x12a9d: mov ax, 0xda00 0x12aa0: int 0x21 0x12aa2: cmp bx, 0x11ff 0x12aa6: jne 0x12aab 0x12aa8: jmp 0x12af2 0x12aaa: nop 0x12aab: cli 0x12aac: mov ax, cs 0x12aae: mov ss, ax 0x12ab0: mov sp, 0x641 0x12ab3: sti 0x12ab4: mov bx, 0x80 0x12ab7: mov ah, 0x4a |
| 2018-12-25T12:38:00.722865497Z | 218 | PC: 12aa2 | UNKNOWN! |
| 2018-12-25T12:38:00.723994842Z | 74 | PC: 12abb | Reallocate memory |
| 2018-12-25T12:38:00.725850664Z | 53 | PC: 12ac6 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:38:00.727527984Z | 37 | PC: 12ad6 | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:38:00.730098681Z | 75 | PC: 12b93 | Execute program |
| 2018-12-25T12:38:00.737583969Z | 73 | PC: 12aea | Release memory |
| 2018-12-25T12:38:00.73944629Z | 49 | PC: 12af2 | Terminate and stay resident (Return code = '0' | Memory size = '128') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13318,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:38:03.845803691Z | 42 | PC: 12a8c | Get date 0x12a8c: cmp dh, 4 0x12a8f: jne 0x12a9d 0x12a91: cmp dl, 1 0x12a94: jne 0x12a9d 0x12a96: mov dx, 0x3d8 0x12a99: mov ah, 9 0x12a9b: int 0x21 0x12a9d: mov ax, 0xda00 0x12aa0: int 0x21 0x12aa2: cmp bx, 0x11ff 0x12aa6: jne 0x12aab 0x12aa8: jmp 0x12af2 0x12aaa: nop 0x12aab: cli 0x12aac: mov ax, cs 0x12aae: mov ss, ax 0x12ab0: mov sp, 0x641 0x12ab3: sti 0x12ab4: mov bx, 0x80 0x12ab7: mov ah, 0x4a |
| 2018-12-25T12:38:03.848757201Z | 218 | PC: 12aa2 | UNKNOWN! |
| 2018-12-25T12:38:03.849811898Z | 74 | PC: 12abb | Reallocate memory |
| 2018-12-25T12:38:03.851408302Z | 53 | PC: 12ac6 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:38:03.85352403Z | 37 | PC: 12ad6 | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:38:03.854880381Z | 75 | PC: 12b93 | Execute program |
| 2018-12-25T12:38:03.861204456Z | 73 | PC: 12aea | Release memory |
| 2018-12-25T12:38:03.86284596Z | 49 | PC: 12af2 | Terminate and stay resident (Return code = '0' | Memory size = '128') |