{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16303,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:52:30.90884834Z | 42 | PC: 1327a | Get date 0x1327a: cmp dh, 0xc 0x1327d: jne 0x132eb 0x1327f: mov byte ptr cs:[0x24], 2 0x13285: mov al, byte ptr [0x24] 0x13288: mov cx, 0x64 0x1328b: xor dx, dx 0x1328d: inc dx 0x1328e: mov bx, 0 0x13291: int 0x26 0x13293: add sp, 2 0x13296: clc 0x13297: mov word ptr [0x3c4], ds 0x1329b: mov cx, 0xffff 0x1329e: mov bx, 0x3bc 0x132a1: int 0x26 0x132a3: add sp, 2 0x132a6: clc 0x132a7: mov ah, 0xd 0x132a9: mov dl, byte ptr cs:[0x24] 0x132ae: sub dl, 2 |
| 2018-12-25T12:52:30.911286363Z | 42 | PC: 13002 | Get date 0x13002: mov byte ptr [0x2b], al 0x13005: mov byte ptr cs:[0x2e], 0 0x1300b: mov ah, 0x2f 0x1300d: int 0x21 0x1300f: mov word ptr [0x27], bx 0x13013: mov word ptr [0x29], es 0x13017: mov ax, cs 0x13019: mov es, ax 0x1301b: mov ah, 0x1a 0x1301d: mov dx, 0x926 0x13020: int 0x21 0x13022: mov ax, 0x3524 0x13025: int 0x21 0x13027: mov word ptr [0x1c], bx 0x1302b: mov word ptr [0x1e], es 0x1302f: mov ax, cs 0x13031: mov es, ax 0x13033: mov dx, 0x6ab 0x13036: mov ax, 0x2524 0x13039: int 0x21 |
| 2018-12-25T12:52:30.913156759Z | 47 | PC: 1300f | Get disk transfer address |
| 2018-12-25T12:52:30.914039463Z | 26 | PC: 13022 | Set disk transfer address |
| 2018-12-25T12:52:30.915549816Z | 53 | PC: 13027 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:52:30.916541463Z | 37 | PC: 1303b | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:52:30.918212467Z | 44 | PC: 13424 | Get time 0x13424: xor ax, ax 0x13426: add al, ch 0x13428: xor ch, ch 0x1342a: add ax, cx 0x1342c: xchg dh, dl 0x1342e: mov cx, dx 0x13430: xor ch, ch 0x13432: add ax, cx 0x13434: xchg dh, dl 0x13436: mov cx, dx 0x13438: xor ch, ch 0x1343a: mul cx 0x1343c: pop bp 0x1343d: mov cx, bp 0x1343f: div cx 0x13441: mov bp, dx 0x13443: pop ds 0x13444: pop es 0x13445: pop di 0x13446: pop si |
| 2018-12-25T12:52:30.920775222Z | 25 | PC: 1315e | Get default drive |
| 2018-12-25T12:52:30.922161035Z | 54 | PC: 13169 | Get free disk space |
| 2018-12-25T12:52:30.931095326Z | 42 | PC: 1335d | Get date 0x1335d: and al, 1 0x1335f: cmp al, 1 0x13361: jne 0x13367 0x13363: clc 0x13364: jmp 0x13368 0x13366: nop 0x13367: stc 0x13368: pop ds 0x13369: pop es 0x1336a: pop di 0x1336b: pop si 0x1336c: pop dx 0x1336d: pop cx 0x1336e: pop bx 0x1336f: pop ax 0x13370: ret 0x13371: pushf 0x13372: push es 0x13373: mov ax, cs 0x13375: mov es, ax |
| 2018-12-25T12:52:30.933571068Z | 37 | PC: 13103 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:52:30.93459182Z | 26 | PC: 1310c | Set disk transfer address |
| 2018-12-25T12:52:30.936894802Z | 76 | PC: 12f28 | Terminate with return code (Return code = '76') |
{"DateBased":true,"Day":1,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16303,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:52:31.04950429Z | 42 | PC: 1327a | Get date 0x1327a: cmp dh, 0xc 0x1327d: jne 0x132eb 0x1327f: mov byte ptr cs:[0x24], 2 0x13285: mov al, byte ptr [0x24] 0x13288: mov cx, 0x64 0x1328b: xor dx, dx 0x1328d: inc dx 0x1328e: mov bx, 0 0x13291: int 0x26 0x13293: add sp, 2 0x13296: clc 0x13297: mov word ptr [0x3c4], ds 0x1329b: mov cx, 0xffff 0x1329e: mov bx, 0x3bc 0x132a1: int 0x26 0x132a3: add sp, 2 0x132a6: clc 0x132a7: mov ah, 0xd 0x132a9: mov dl, byte ptr cs:[0x24] 0x132ae: sub dl, 2 |