{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3031,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:47:59.417071683Z | 42 | PC: 12a44 | Get date 0x12a44: cmp dl, 0x15 0x12a47: je 0x12a53 0x12a49: mov ah, 9 0x12a4b: mov dx, 0x1f8 0x12a4e: int 0x21 0x12a50: jmp 0x12a64 0x12a52: nop 0x12a53: mov ah, 9 0x12a55: mov dx, 0x1c1 0x12a58: int 0x21 0x12a5a: mov cx, 0x3e8 0x12a5d: mov ax, 0xe07 0x12a60: int 0x10 0x12a62: loop 0x12a60 0x12a64: jmp 0x12b52 0x12a67: pushf 0x12a68: cmp ah, 0x4b 0x12a6b: je 0x12a6f 0x12a6d: jmp 0x12aa8 0x12a6f: mov ax, 0x4301 |
| 2018-12-25T11:47:59.420014652Z | 9 | PC: 12a50 | Display string (String= 'Bad command or filename ') |
| 2018-12-25T11:47:59.423804322Z | 53 | PC: 12b57 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:47:59.424794296Z | 37 | PC: 12b69 | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:47:59.430560633Z | 49 | PC: 12b70 | Terminate and stay resident (Return code = '0' | Memory size = '35') |
{"DateBased":true,"Day":21,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3031,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:47:59.87053391Z | 42 | PC: 12a44 | Get date 0x12a44: cmp dl, 0x15 0x12a47: je 0x12a53 0x12a49: mov ah, 9 0x12a4b: mov dx, 0x1f8 0x12a4e: int 0x21 0x12a50: jmp 0x12a64 0x12a52: nop 0x12a53: mov ah, 9 0x12a55: mov dx, 0x1c1 0x12a58: int 0x21 0x12a5a: mov cx, 0x3e8 0x12a5d: mov ax, 0xe07 0x12a60: int 0x10 0x12a62: loop 0x12a60 0x12a64: jmp 0x12b52 0x12a67: pushf 0x12a68: cmp ah, 0x4b 0x12a6b: je 0x12a6f 0x12a6d: jmp 0x12aa8 0x12a6f: mov ax, 0x4301 |
| 2018-12-25T11:47:59.873236093Z | 9 | PC: 12a5a | Display string (String= 'Hey Bud.. You picked the leave with the virus on it! ') |
| 2018-12-25T11:47:59.88197292Z | 53 | PC: 12b57 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:47:59.883120878Z | 37 | PC: 12b69 | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:47:59.885225896Z | 49 | PC: 12b70 | Terminate and stay resident (Return code = '0' | Memory size = '35') |