{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4477,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:51:53.069875351Z | 25 | PC: 12b91 | Get default drive |
| 2018-12-25T11:51:53.071632136Z | 42 | PC: 12bd2 | Get date 0x12bd2: cmp cx, 0x7c4 0x12bd6: jge 0x12bdf 0x12bd8: retf 0x12bd9: or word ptr [si - 0x43ee], dx 0x12bdd: push cs 0x12bde: add byte ptr [bx + 0xf], bh 0x12be1: cmp dh, 0xc 0x12be4: jl 0x12c02 0x12be6: cmp dl, 5 0x12be9: jl 0x12c02 0x12beb: cmp dl, 0x1c 0x12bee: jl 0x12bfb 0x12bf0: mov word ptr [si + 0x877], 0xffdc 0x12bf6: mov byte ptr [si + 0x872], 0x88 0x12bfb: cmp byte ptr [si + 4], 0xf8 0x12bff: nop 0x12c00: jae 0x12c17 0x12c02: mov byte ptr cs:[si + 0xee], 0 0x12c08: jmp 0x12da0 0x12c0b: cmp byte ptr [si + 4], 0xf8 |
{"DateBased":true,"Day":1,"Month":1,"Year":1988,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4477,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:51:53.078629899Z | 25 | PC: 12b91 | Get default drive |
| 2018-12-25T11:51:53.08855181Z | 42 | PC: 12bd2 | Get date 0x12bd2: cmp cx, 0x7c4 0x12bd6: jge 0x12bdf 0x12bd8: retf 0x12bd9: or word ptr [si - 0x43ee], dx 0x12bdd: push cs 0x12bde: add byte ptr [bx + 0xf], bh 0x12be1: cmp dh, 0xc 0x12be4: jl 0x12c02 0x12be6: cmp dl, 5 0x12be9: jl 0x12c02 0x12beb: cmp dl, 0x1c 0x12bee: jl 0x12bfb 0x12bf0: mov word ptr [si + 0x877], 0xffdc 0x12bf6: mov byte ptr [si + 0x872], 0x88 0x12bfb: cmp byte ptr [si + 4], 0xf8 0x12bff: nop 0x12c00: jae 0x12c17 0x12c02: mov byte ptr cs:[si + 0xee], 0 0x12c08: jmp 0x12da0 0x12c0b: cmp byte ptr [si + 4], 0xf8 |
| 2018-12-25T11:51:53.090921676Z | 14 | PC: 12dd9 | Set default drive (Drive = 'A') |