{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15752,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:44:24.345201298Z | 48 | PC: 1305b | Get DOS version |
| 2018-12-25T12:44:24.347078445Z | 51 | PC: 13067 | Get or set Ctrl-Break |
| 2018-12-25T12:44:24.348276805Z | 53 | PC: 1309a | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:44:24.349594724Z | 37 | PC: 130aa | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:44:24.351228565Z | 44 | PC: 9e250 | Get time 0x9e250: in al, 0x40 0x9e252: mov ah, al 0x9e254: in al, 0x40 0x9e256: xor ax, cx 0x9e258: xor dx, ax 0x9e25a: jmp 0x9e277 0x9e25c: push dx 0x9e25d: push cx 0x9e25e: push bx 0x9e25f: mov ax, 0x5a04 0x9e262: mov dx, 0x65c4 0x9e265: mov cx, 7 0x9e268: shl ax, 1 0x9e26a: rcl dx, 1 0x9e26c: mov bl, al 0x9e26e: xor bl, dh 0x9e270: jns 0x9e274 0x9e272: inc al 0x9e274: loop 0x9e268 0x9e276: pop bx |
| 2018-12-25T12:44:24.355022886Z | 51 | PC: 130af | Get or set Ctrl-Break |
| 2018-12-25T12:44:24.356481916Z | 42 | PC: 130b3 | Get date 0x130b3: cmp al, 5 0x130b5: jne 0x130c4 0x130b7: mov ah, 0x2c 0x130b9: int 0x21 0x130bb: or dh, dh 0x130bd: jne 0x130c4 0x130bf: mov ax, 0x33dc 0x130c2: int 0x21 0x130c4: pop si 0x130c5: pop di 0x130c6: pop es 0x130c7: pop ds 0x130c8: pop ax 0x130c9: add si, 0x9c3 0x130cd: sub si, di 0x130cf: cmp byte ptr cs:[si], 0x4d 0x130d3: je 0x130dc 0x130d5: push di 0x130d6: mov cx, 0x1c 0x130d9: rep movsb byte ptr es:[di], byte ptr [si] |
| 2018-12-25T12:44:24.35958663Z | 76 | PC: 12a4a | Terminate with return code (Return code = '0') |
{"DateBased":true,"Day":4,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15752,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:44:24.349368445Z | 48 | PC: 1305b | Get DOS version |
| 2018-12-25T12:44:24.351499579Z | 51 | PC: 13067 | Get or set Ctrl-Break |
| 2018-12-25T12:44:24.35253353Z | 53 | PC: 1309a | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:44:24.354012471Z | 37 | PC: 130aa | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:44:24.35619692Z | 44 | PC: 9e250 | Get time 0x9e250: in al, 0x40 0x9e252: mov ah, al 0x9e254: in al, 0x40 0x9e256: xor ax, cx 0x9e258: xor dx, ax 0x9e25a: jmp 0x9e277 0x9e25c: push dx 0x9e25d: push cx 0x9e25e: push bx 0x9e25f: mov ax, 0x5a04 0x9e262: mov dx, 0x65c4 0x9e265: mov cx, 7 0x9e268: shl ax, 1 0x9e26a: rcl dx, 1 0x9e26c: mov bl, al 0x9e26e: xor bl, dh 0x9e270: jns 0x9e274 0x9e272: inc al 0x9e274: loop 0x9e268 0x9e276: pop bx |
| 2018-12-25T12:44:24.367299613Z | 51 | PC: 130af | Get or set Ctrl-Break |
| 2018-12-25T12:44:24.368713035Z | 42 | PC: 130b3 | Get date 0x130b3: cmp al, 5 0x130b5: jne 0x130c4 0x130b7: mov ah, 0x2c 0x130b9: int 0x21 0x130bb: or dh, dh 0x130bd: jne 0x130c4 0x130bf: mov ax, 0x33dc 0x130c2: int 0x21 0x130c4: pop si 0x130c5: pop di 0x130c6: pop es 0x130c7: pop ds 0x130c8: pop ax 0x130c9: add si, 0x9c3 0x130cd: sub si, di 0x130cf: cmp byte ptr cs:[si], 0x4d 0x130d3: je 0x130dc 0x130d5: push di 0x130d6: mov cx, 0x1c 0x130d9: rep movsb byte ptr es:[di], byte ptr [si] |
| 2018-12-25T12:44:24.373092473Z | 44 | PC: 130bb | Get time 0x130bb: or dh, dh 0x130bd: jne 0x130c4 0x130bf: mov ax, 0x33dc 0x130c2: int 0x21 0x130c4: pop si 0x130c5: pop di 0x130c6: pop es 0x130c7: pop ds 0x130c8: pop ax 0x130c9: add si, 0x9c3 0x130cd: sub si, di 0x130cf: cmp byte ptr cs:[si], 0x4d 0x130d3: je 0x130dc 0x130d5: push di 0x130d6: mov cx, 0x1c 0x130d9: rep movsb byte ptr es:[di], byte ptr [si] 0x130db: ret 0x130dc: mov bx, ds 0x130de: add bx, 0x10 0x130e1: mov cx, bx |
| 2018-12-25T12:44:24.376436093Z | 76 | PC: 12a4a | Terminate with return code (Return code = '0') |