{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14863,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:41:50.178062043Z | 42 | PC: 162ea | Get date 0x162ea: cmp dx, 0xb19 0x162ee: jne 0x1635d 0x162f0: xor ax, ax 0x162f2: mov es, ax 0x162f4: cli 0x162f5: mov ax, word ptr es:[0x7b4] 0x162f9: mov word ptr es:[0x3e8], ax 0x162fd: mov ax, word ptr es:[0x7b6] 0x16301: mov word ptr es:[0x3ea], ax 0x16305: push cs 0x16306: pop es 0x16307: mov ah, 8 0x16309: mov dl, 0x80 0x1630b: int 0xfa 0x1630d: push cx 0x1630e: push dx 0x1630f: mov ah, 3 0x16311: mov al, cl 0x16313: and al, 0x3f 0x16315: mov cx, 1 |
| 2018-12-25T12:41:50.181595375Z | 43 | PC: 16372 | Set date |
| 2018-12-25T12:41:50.433910834Z | 42 | PC: 13aef | Get date 0x13aef: shr dx, 3 0x13af2: mov word ptr cs:[0xe80], dx 0x13af7: mov word ptr cs:[0xe9a], dx 0x13afc: mov word ptr cs:[0xaeb], dx 0x13b01: mov word ptr cs:[0x2fc], 0 0x13b08: mov word ptr [0x127e], ss 0x13b0c: mov word ptr [0x1280], sp 0x13b10: add word ptr cs:[0x2e8], 1 0x13b16: mov ax, cs 0x13b18: mov es, ax 0x13b1a: mov ds, ax 0x13b1c: mov bx, 0x1160 0x13b1f: mov dx, 0x12c8 0x13b22: mov ax, 0x4b00 0x13b25: pushf 0x13b26: lcall ptr [0x2f4] 0x13b2a: cli 0x13b2b: mov ss, word ptr cs:[0x127e] 0x13b30: mov sp, word ptr cs:[0x1280] 0x13b35: mov ax, cs |
| 2018-12-25T12:41:50.462643485Z | 42 | PC: 176ba | Get date 0x176ba: cmp dx, 0xb19 0x176be: jne 0x1772d 0x176c0: xor ax, ax 0x176c2: mov es, ax 0x176c4: cli 0x176c5: mov ax, word ptr es:[0x7b4] 0x176c9: mov word ptr es:[0x3e8], ax 0x176cd: mov ax, word ptr es:[0x7b6] 0x176d1: mov word ptr es:[0x3ea], ax 0x176d5: push cs 0x176d6: pop es 0x176d7: mov ah, 8 0x176d9: mov dl, 0x80 0x176db: int 0xfa 0x176dd: push cx 0x176de: push dx 0x176df: mov ah, 3 0x176e1: mov al, cl 0x176e3: and al, 0x3f 0x176e5: mov cx, 1 |
| 2018-12-25T12:41:50.470777082Z | 43 | PC: 17742 | Set date |
| 2018-12-25T12:41:50.472480712Z | 9 | PC: 13e21 | Display string (String= 'This is a sample!') |
| 2018-12-25T12:41:50.475609019Z | 76 | PC: 13e26 | Terminate with return code (Return code = '0') |
| 2018-12-25T12:41:50.480110382Z | 77 | PC: 13b3f | Get program return code |
{"DateBased":true,"Day":25,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14863,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:41:50.299069674Z | 42 | PC: 162ea | Get date 0x162ea: cmp dx, 0xb19 0x162ee: jne 0x1635d 0x162f0: xor ax, ax 0x162f2: mov es, ax 0x162f4: cli 0x162f5: mov ax, word ptr es:[0x7b4] 0x162f9: mov word ptr es:[0x3e8], ax 0x162fd: mov ax, word ptr es:[0x7b6] 0x16301: mov word ptr es:[0x3ea], ax 0x16305: push cs 0x16306: pop es 0x16307: mov ah, 8 0x16309: mov dl, 0x80 0x1630b: int 0xfa 0x1630d: push cx 0x1630e: push dx 0x1630f: mov ah, 3 0x16311: mov al, cl 0x16313: and al, 0x3f 0x16315: mov cx, 1 |
| 2018-12-25T12:42:02.341552269Z | 43 | PC: 16372 | Set date |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14863,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:41:50.392368995Z | 42 | PC: 162ea | Get date 0x162ea: cmp dx, 0xb19 0x162ee: jne 0x1635d 0x162f0: xor ax, ax 0x162f2: mov es, ax 0x162f4: cli 0x162f5: mov ax, word ptr es:[0x7b4] 0x162f9: mov word ptr es:[0x3e8], ax 0x162fd: mov ax, word ptr es:[0x7b6] 0x16301: mov word ptr es:[0x3ea], ax 0x16305: push cs 0x16306: pop es 0x16307: mov ah, 8 0x16309: mov dl, 0x80 0x1630b: int 0xfa 0x1630d: push cx 0x1630e: push dx 0x1630f: mov ah, 3 0x16311: mov al, cl 0x16313: and al, 0x3f 0x16315: mov cx, 1 |
| 2018-12-25T12:41:50.394955679Z | 43 | PC: 16372 | Set date |
| 2018-12-25T12:41:50.61458577Z | 42 | PC: 13aef | Get date 0x13aef: shr dx, 3 0x13af2: mov word ptr cs:[0xe80], dx 0x13af7: mov word ptr cs:[0xe9a], dx 0x13afc: mov word ptr cs:[0xaeb], dx 0x13b01: mov word ptr cs:[0x2fc], 0 0x13b08: mov word ptr [0x127e], ss 0x13b0c: mov word ptr [0x1280], sp 0x13b10: add word ptr cs:[0x2e8], 1 0x13b16: mov ax, cs 0x13b18: mov es, ax 0x13b1a: mov ds, ax 0x13b1c: mov bx, 0x1160 0x13b1f: mov dx, 0x12c8 0x13b22: mov ax, 0x4b00 0x13b25: pushf 0x13b26: lcall ptr [0x2f4] 0x13b2a: cli 0x13b2b: mov ss, word ptr cs:[0x127e] 0x13b30: mov sp, word ptr cs:[0x1280] 0x13b35: mov ax, cs |
| 2018-12-25T12:41:50.631654156Z | 42 | PC: 176ba | Get date 0x176ba: cmp dx, 0xb19 0x176be: jne 0x1772d 0x176c0: xor ax, ax 0x176c2: mov es, ax 0x176c4: cli 0x176c5: mov ax, word ptr es:[0x7b4] 0x176c9: mov word ptr es:[0x3e8], ax 0x176cd: mov ax, word ptr es:[0x7b6] 0x176d1: mov word ptr es:[0x3ea], ax 0x176d5: push cs 0x176d6: pop es 0x176d7: mov ah, 8 0x176d9: mov dl, 0x80 0x176db: int 0xfa 0x176dd: push cx 0x176de: push dx 0x176df: mov ah, 3 0x176e1: mov al, cl 0x176e3: and al, 0x3f 0x176e5: mov cx, 1 |
| 2018-12-25T12:41:50.635065462Z | 43 | PC: 17742 | Set date |
| 2018-12-25T12:41:50.6364888Z | 9 | PC: 13e21 | Display string (String= 'This is a sample!') |
| 2018-12-25T12:41:50.639174404Z | 76 | PC: 13e26 | Terminate with return code (Return code = '0') |
| 2018-12-25T12:41:50.643653149Z | 77 | PC: 13b3f | Get program return code |
{"DateBased":true,"Day":25,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14863,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:41:50.5286421Z | 42 | PC: 162ea | Get date 0x162ea: cmp dx, 0xb19 0x162ee: jne 0x1635d 0x162f0: xor ax, ax 0x162f2: mov es, ax 0x162f4: cli 0x162f5: mov ax, word ptr es:[0x7b4] 0x162f9: mov word ptr es:[0x3e8], ax 0x162fd: mov ax, word ptr es:[0x7b6] 0x16301: mov word ptr es:[0x3ea], ax 0x16305: push cs 0x16306: pop es 0x16307: mov ah, 8 0x16309: mov dl, 0x80 0x1630b: int 0xfa 0x1630d: push cx 0x1630e: push dx 0x1630f: mov ah, 3 0x16311: mov al, cl 0x16313: and al, 0x3f 0x16315: mov cx, 1 |
| 2018-12-25T12:42:02.341096821Z | 43 | PC: 16372 | Set date |