{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7167,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:00:57.452925494Z | 48 | PC: 12a54 | Get DOS version |
| 2018-12-25T12:00:57.454415184Z | 51 | PC: 12a60 | Get or set Ctrl-Break |
| 2018-12-25T12:00:57.45533748Z | 53 | PC: 12a92 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:00:57.45641149Z | 37 | PC: 12aa2 | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:00:57.457948529Z | 44 | PC: 9e24c | Get time 0x9e24c: in al, 0x40 0x9e24e: mov ah, al 0x9e250: in al, 0x40 0x9e252: xor ax, cx 0x9e254: xor dx, ax 0x9e256: jmp 0x9e273 0x9e258: push dx 0x9e259: push cx 0x9e25a: push bx 0x9e25b: mov ax, 0 0x9e25e: mov dx, 0 0x9e261: mov cx, 7 0x9e264: shl ax, 1 0x9e266: rcl dx, 1 0x9e268: mov bl, al 0x9e26a: xor bl, dh 0x9e26c: jns 0x9e270 0x9e26e: inc al 0x9e270: loop 0x9e264 0x9e272: pop bx |
| 2018-12-25T12:00:57.459842227Z | 51 | PC: 12aa7 | Get or set Ctrl-Break |
| 2018-12-25T12:00:57.460761421Z | 42 | PC: 12aab | Get date 0x12aab: cmp al, 5 0x12aad: jne 0x12abc 0x12aaf: mov ah, 0x2c 0x12ab1: int 0x21 0x12ab3: or dh, dh 0x12ab5: jne 0x12abc 0x12ab7: mov ax, 0x33dc 0x12aba: int 0x21 0x12abc: pop si 0x12abd: pop di 0x12abe: pop es 0x12abf: pop ds 0x12ac0: pop ax 0x12ac1: add si, 0x9bf 0x12ac5: sub si, di 0x12ac7: cmp byte ptr cs:[si], 0x4d 0x12acb: je 0x12ad4 0x12acd: push di 0x12ace: mov cx, 0x1c 0x12ad1: rep movsb byte ptr es:[di], byte ptr [si] |
{"DateBased":true,"Day":4,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7167,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:00:57.46111651Z | 48 | PC: 12a54 | Get DOS version |
| 2018-12-25T12:00:57.464234206Z | 51 | PC: 12a60 | Get or set Ctrl-Break |
| 2018-12-25T12:00:57.465874038Z | 53 | PC: 12a92 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:00:57.467533514Z | 37 | PC: 12aa2 | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:00:57.46967097Z | 44 | PC: 9e24c | Get time 0x9e24c: in al, 0x40 0x9e24e: mov ah, al 0x9e250: in al, 0x40 0x9e252: xor ax, cx 0x9e254: xor dx, ax 0x9e256: jmp 0x9e273 0x9e258: push dx 0x9e259: push cx 0x9e25a: push bx 0x9e25b: mov ax, 0 0x9e25e: mov dx, 0 0x9e261: mov cx, 7 0x9e264: shl ax, 1 0x9e266: rcl dx, 1 0x9e268: mov bl, al 0x9e26a: xor bl, dh 0x9e26c: jns 0x9e270 0x9e26e: inc al 0x9e270: loop 0x9e264 0x9e272: pop bx |
| 2018-12-25T12:00:57.477802767Z | 51 | PC: 12aa7 | Get or set Ctrl-Break |
| 2018-12-25T12:00:57.478927878Z | 42 | PC: 12aab | Get date 0x12aab: cmp al, 5 0x12aad: jne 0x12abc 0x12aaf: mov ah, 0x2c 0x12ab1: int 0x21 0x12ab3: or dh, dh 0x12ab5: jne 0x12abc 0x12ab7: mov ax, 0x33dc 0x12aba: int 0x21 0x12abc: pop si 0x12abd: pop di 0x12abe: pop es 0x12abf: pop ds 0x12ac0: pop ax 0x12ac1: add si, 0x9bf 0x12ac5: sub si, di 0x12ac7: cmp byte ptr cs:[si], 0x4d 0x12acb: je 0x12ad4 0x12acd: push di 0x12ace: mov cx, 0x1c 0x12ad1: rep movsb byte ptr es:[di], byte ptr [si] |
| 2018-12-25T12:00:57.481688993Z | 44 | PC: 12ab3 | Get time 0x12ab3: or dh, dh 0x12ab5: jne 0x12abc 0x12ab7: mov ax, 0x33dc 0x12aba: int 0x21 0x12abc: pop si 0x12abd: pop di 0x12abe: pop es 0x12abf: pop ds 0x12ac0: pop ax 0x12ac1: add si, 0x9bf 0x12ac5: sub si, di 0x12ac7: cmp byte ptr cs:[si], 0x4d 0x12acb: je 0x12ad4 0x12acd: push di 0x12ace: mov cx, 0x1c 0x12ad1: rep movsb byte ptr es:[di], byte ptr [si] 0x12ad3: ret 0x12ad4: mov bx, ds 0x12ad6: add bx, 0x10 0x12ad9: mov cx, bx |