{"DateBased":true,"Day":1,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7185,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:00:58.040030602Z | 255 | PC: 14fa5 | UNKNOWN! |
| 2018-12-25T12:00:58.0744606Z | 42 | PC: 1505f | Get date 0x1505f: cmp dh, 3 0x15062: jne 0x15072 0x15064: mov ah, 0x2c 0x15066: int 0x21 0x15068: cmp dh, 0xa 0x1506b: jge 0x15072 0x1506d: mov byte ptr [0x700], 1 0x15072: cmp byte ptr [0x707], 1 0x15077: je 0x1507c 0x15079: jmp 0x15101 0x1507c: mov word ptr [0x710], 0x23a 0x15082: mov word ptr [0x712], ds 0x15086: ljmp ptr [0x710] 0x1508a: mov word ptr [0x710], 0 0x15090: mov word ptr [0x712], 0x80 0x15096: mov word ptr [0x714], es 0x1509a: mov word ptr [0x716], 0x5c 0x150a0: mov word ptr [0x718], es 0x150a4: mov word ptr [0x71a], 0x6c 0x150aa: mov word ptr [0x71c], es |
| 2018-12-25T12:00:58.076755761Z | 44 | PC: 15068 | Get time 0x15068: cmp dh, 0xa 0x1506b: jge 0x15072 0x1506d: mov byte ptr [0x700], 1 0x15072: cmp byte ptr [0x707], 1 0x15077: je 0x1507c 0x15079: jmp 0x15101 0x1507c: mov word ptr [0x710], 0x23a 0x15082: mov word ptr [0x712], ds 0x15086: ljmp ptr [0x710] 0x1508a: mov word ptr [0x710], 0 0x15090: mov word ptr [0x712], 0x80 0x15096: mov word ptr [0x714], es 0x1509a: mov word ptr [0x716], 0x5c 0x150a0: mov word ptr [0x718], es 0x150a4: mov word ptr [0x71a], 0x6c 0x150aa: mov word ptr [0x71c], es 0x150ae: mov ah, 0x4a 0x150b0: mov bx, 0x75 0x150b3: int 0x21 0x150b5: mov es, word ptr es:[bx + si] |
| 2018-12-25T12:00:58.078744833Z | 74 | PC: 12ba5 | Reallocate memory |
| 2018-12-25T12:00:58.080329602Z | 75 | PC: 12bd5 | Execute program |
| 2018-12-25T12:00:58.090126268Z | 76 | PC: 156fd | Terminate with return code (Return code = '0') |
| 2018-12-25T12:00:58.091994881Z | 73 | PC: 12be5 | Release memory |
| 2018-12-25T12:00:58.093070061Z | 49 | PC: 12bf1 | Terminate and stay resident (Return code = '0' | Memory size = '117') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7185,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:00:58.150258576Z | 255 | PC: 14fa5 | UNKNOWN! |
| 2018-12-25T12:00:58.176224605Z | 42 | PC: 1505f | Get date 0x1505f: cmp dh, 3 0x15062: jne 0x15072 0x15064: mov ah, 0x2c 0x15066: int 0x21 0x15068: cmp dh, 0xa 0x1506b: jge 0x15072 0x1506d: mov byte ptr [0x700], 1 0x15072: cmp byte ptr [0x707], 1 0x15077: je 0x1507c 0x15079: jmp 0x15101 0x1507c: mov word ptr [0x710], 0x23a 0x15082: mov word ptr [0x712], ds 0x15086: ljmp ptr [0x710] 0x1508a: mov word ptr [0x710], 0 0x15090: mov word ptr [0x712], 0x80 0x15096: mov word ptr [0x714], es 0x1509a: mov word ptr [0x716], 0x5c 0x150a0: mov word ptr [0x718], es 0x150a4: mov word ptr [0x71a], 0x6c 0x150aa: mov word ptr [0x71c], es |
| 2018-12-25T12:00:58.178408107Z | 74 | PC: 12ba5 | Reallocate memory |
| 2018-12-25T12:00:58.179985479Z | 75 | PC: 12bd5 | Execute program |
| 2018-12-25T12:00:58.196787115Z | 76 | PC: 156fd | Terminate with return code (Return code = '0') |
| 2018-12-25T12:00:58.200143412Z | 73 | PC: 12be5 | Release memory |
| 2018-12-25T12:00:58.201771934Z | 49 | PC: 12bf1 | Terminate and stay resident (Return code = '0' | Memory size = '117') |