{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":2261,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:45:23.924970491Z | 75 | PC: 1303f | Execute program |
| 2018-12-25T11:45:23.926817026Z | 26 | PC: 13081 | Set disk transfer address |
| 2018-12-25T11:45:23.927927983Z | 53 | PC: 13086 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:45:23.929272845Z | 37 | PC: 13097 | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:45:23.930406535Z | 44 | PC: 1309c | Get time 0x1309c: cmp ch, 6 0x1309f: jb 0x130bb 0x130a1: cmp ch, 0xe 0x130a4: ja 0x130bb 0x130a6: mov ax, 0x3528 0x130a9: int 0x21 0x130ab: mov word ptr [0xcf], bx 0x130af: mov word ptr [0xd1], es 0x130b3: mov ax, 0x2528 0x130b6: mov dx, 0x4bc 0x130b9: int 0x21 0x130bb: pop es 0x130bc: pop ds 0x130bd: pop bx 0x130be: cli 0x130bf: mov ss, word ptr cs:[bx + 0xa2] 0x130c4: mov sp, word ptr cs:[bx + 0xa4] 0x130c9: sti 0x130ca: ljmp ptr cs:[bx + 0xa8] 0x130cf: pop dx |
{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":6,"Min":0,"Second":0,"TimeBased":true,"OriginalID":2261,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:45:24.057918928Z | 75 | PC: 1303f | Execute program |
| 2018-12-25T11:45:24.059687992Z | 26 | PC: 13081 | Set disk transfer address |
| 2018-12-25T11:45:24.060575346Z | 53 | PC: 13086 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:45:24.061523724Z | 37 | PC: 13097 | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:45:24.063021507Z | 44 | PC: 1309c | Get time 0x1309c: cmp ch, 6 0x1309f: jb 0x130bb 0x130a1: cmp ch, 0xe 0x130a4: ja 0x130bb 0x130a6: mov ax, 0x3528 0x130a9: int 0x21 0x130ab: mov word ptr [0xcf], bx 0x130af: mov word ptr [0xd1], es 0x130b3: mov ax, 0x2528 0x130b6: mov dx, 0x4bc 0x130b9: int 0x21 0x130bb: pop es 0x130bc: pop ds 0x130bd: pop bx 0x130be: cli 0x130bf: mov ss, word ptr cs:[bx + 0xa2] 0x130c4: mov sp, word ptr cs:[bx + 0xa4] 0x130c9: sti 0x130ca: ljmp ptr cs:[bx + 0xa8] 0x130cf: pop dx |
| 2018-12-25T11:45:24.06528291Z | 53 | PC: 130ab | Get interrupt vector (Interrupt = '40' AKA 'Random block write') |
| 2018-12-25T11:45:24.066395094Z | 37 | PC: 130bb | Set interrupt vector (Interrupt = '40' AKA 'Random block write') |
{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":15,"Min":0,"Second":0,"TimeBased":true,"OriginalID":2261,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:45:24.163075858Z | 75 | PC: 1303f | Execute program |
| 2018-12-25T11:45:24.16480185Z | 26 | PC: 13081 | Set disk transfer address |
| 2018-12-25T11:45:24.166529838Z | 53 | PC: 13086 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:45:24.167995302Z | 37 | PC: 13097 | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:45:24.16931215Z | 44 | PC: 1309c | Get time 0x1309c: cmp ch, 6 0x1309f: jb 0x130bb 0x130a1: cmp ch, 0xe 0x130a4: ja 0x130bb 0x130a6: mov ax, 0x3528 0x130a9: int 0x21 0x130ab: mov word ptr [0xcf], bx 0x130af: mov word ptr [0xd1], es 0x130b3: mov ax, 0x2528 0x130b6: mov dx, 0x4bc 0x130b9: int 0x21 0x130bb: pop es 0x130bc: pop ds 0x130bd: pop bx 0x130be: cli 0x130bf: mov ss, word ptr cs:[bx + 0xa2] 0x130c4: mov sp, word ptr cs:[bx + 0xa4] 0x130c9: sti 0x130ca: ljmp ptr cs:[bx + 0xa8] 0x130cf: pop dx |