{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":7564,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:01:56.703007152Z | 255 | PC: 130c4 | UNKNOWN! |
| 2018-12-25T12:01:56.704871557Z | 53 | PC: 130cf | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:01:56.70602242Z | 240 | PC: 130fe | UNKNOWN! |
| 2018-12-25T12:01:56.706858493Z | 42 | PC: 12f74 | Get date 0x12f74: cmp cx, 0x7cb 0x12f78: jne 0x12f8a 0x12f7a: cmp dh, 3 0x12f7d: jne 0x12f8a 0x12f7f: cmp dl, 8 0x12f82: jb 0x12f8a 0x12f84: mov byte ptr cs:[0x70e], 1 0x12f8a: call 0x13112 0x12f8d: nop 0x12f8e: mov word ptr cs:[0x6f5], es 0x12f93: nop 0x12f94: mov word ptr cs:[0x6f9], es 0x12f99: mov word ptr cs:[0x6fd], es 0x12f9e: mov byte ptr cs:[0x7ba], 0 0x12fa4: mov cx, 0x7bb 0x12fa7: xor si, si 0x12fa9: push es 0x12faa: pop ax 0x12fab: add ax, 0x10 0x12fae: mov es, ax |
| 2018-12-25T12:01:56.710429302Z | 74 | PC: 12fd1 | Reallocate memory |
| 2018-12-25T12:01:56.713986103Z | 75 | PC: 1301d | Execute program |
| 2018-12-25T12:01:56.727768416Z | 255 | PC: 13a04 | UNKNOWN! |
| 2018-12-25T12:01:56.728572941Z | 53 | PC: 13a0f | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:01:56.731293845Z | 76 | PC: 13385 | Terminate with return code (Return code = '0') |
| 2018-12-25T12:01:56.735240236Z | 73 | PC: 12c45 | Release memory |
| 2018-12-25T12:01:56.736659009Z | 44 | PC: 1302b | Get time 0x1302b: cmp cl, 3 0x1302e: je 0x13038 0x13030: mov al, 0x31 0x13032: mov dx, 0x8c 0x13035: call 0x22c3c 0x13038: push cs 0x13039: pop ds 0x1303a: push cs 0x1303b: pop es 0x1303c: call 0x22afc 0x1303f: and al, 2 0x13041: cmp al, 2 0x13043: jne 0x13073 0x13045: mov ah, 0x19 0x13047: int 0x21 0x13049: mov dl, al 0x1304b: cmp dl, 2 0x1304e: jb 0x13053 0x13050: add dl, 0x7e 0x13053: mov ax, 0x309 |
| 2018-12-25T12:01:56.747224231Z | 49 | PC: 12c45 | Terminate and stay resident (See above) |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":7564,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:01:56.760511817Z | 255 | PC: 130c4 | UNKNOWN! |
| 2018-12-25T12:01:56.762087878Z | 53 | PC: 130cf | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:01:56.762902829Z | 240 | PC: 130fe | UNKNOWN! |
| 2018-12-25T12:01:56.763466255Z | 42 | PC: 12f74 | Get date 0x12f74: cmp cx, 0x7cb 0x12f78: jne 0x12f8a 0x12f7a: cmp dh, 3 0x12f7d: jne 0x12f8a 0x12f7f: cmp dl, 8 0x12f82: jb 0x12f8a 0x12f84: mov byte ptr cs:[0x70e], 1 0x12f8a: call 0x13112 0x12f8d: nop 0x12f8e: mov word ptr cs:[0x6f5], es 0x12f93: nop 0x12f94: mov word ptr cs:[0x6f9], es 0x12f99: mov word ptr cs:[0x6fd], es 0x12f9e: mov byte ptr cs:[0x7ba], 0 0x12fa4: mov cx, 0x7bb 0x12fa7: xor si, si 0x12fa9: push es 0x12faa: pop ax 0x12fab: add ax, 0x10 0x12fae: mov es, ax |
| 2018-12-25T12:01:56.765737425Z | 74 | PC: 12fd1 | Reallocate memory |
| 2018-12-25T12:01:56.767655427Z | 75 | PC: 1301d | Execute program |
| 2018-12-25T12:01:56.780136012Z | 255 | PC: 13a04 | UNKNOWN! |
| 2018-12-25T12:01:56.781198595Z | 53 | PC: 13a0f | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:01:56.782693262Z | 76 | PC: 13385 | Terminate with return code (Return code = '0') |
| 2018-12-25T12:01:56.785471658Z | 73 | PC: 12c45 | Release memory |
| 2018-12-25T12:01:56.786734259Z | 44 | PC: 1302b | Get time 0x1302b: cmp cl, 3 0x1302e: je 0x13038 0x13030: mov al, 0x31 0x13032: mov dx, 0x8c 0x13035: call 0x22c3c 0x13038: push cs 0x13039: pop ds 0x1303a: push cs 0x1303b: pop es 0x1303c: call 0x22afc 0x1303f: and al, 2 0x13041: cmp al, 2 0x13043: jne 0x13073 0x13045: mov ah, 0x19 0x13047: int 0x21 0x13049: mov dl, al 0x1304b: cmp dl, 2 0x1304e: jb 0x13053 0x13050: add dl, 0x7e 0x13053: mov ax, 0x309 |
| 2018-12-25T12:01:56.789508888Z | 49 | PC: 12c45 | Terminate and stay resident (See above) |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":3,"Second":0,"TimeBased":true,"OriginalID":7564,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:01:56.851409451Z | 255 | PC: 130c4 | UNKNOWN! |
| 2018-12-25T12:01:56.854047403Z | 53 | PC: 130cf | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:01:56.855237463Z | 240 | PC: 130fe | UNKNOWN! |
| 2018-12-25T12:01:56.855990167Z | 42 | PC: 12f74 | Get date 0x12f74: cmp cx, 0x7cb 0x12f78: jne 0x12f8a 0x12f7a: cmp dh, 3 0x12f7d: jne 0x12f8a 0x12f7f: cmp dl, 8 0x12f82: jb 0x12f8a 0x12f84: mov byte ptr cs:[0x70e], 1 0x12f8a: call 0x13112 0x12f8d: nop 0x12f8e: mov word ptr cs:[0x6f5], es 0x12f93: nop 0x12f94: mov word ptr cs:[0x6f9], es 0x12f99: mov word ptr cs:[0x6fd], es 0x12f9e: mov byte ptr cs:[0x7ba], 0 0x12fa4: mov cx, 0x7bb 0x12fa7: xor si, si 0x12fa9: push es 0x12faa: pop ax 0x12fab: add ax, 0x10 0x12fae: mov es, ax |
| 2018-12-25T12:01:56.859717978Z | 74 | PC: 12fd1 | Reallocate memory |
| 2018-12-25T12:01:56.861025474Z | 75 | PC: 1301d | Execute program |
| 2018-12-25T12:01:56.874879961Z | 255 | PC: 13a04 | UNKNOWN! |
| 2018-12-25T12:01:56.876262825Z | 53 | PC: 13a0f | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:01:56.883118435Z | 76 | PC: 13385 | Terminate with return code (Return code = '0') |
| 2018-12-25T12:01:56.887932366Z | 73 | PC: 12c45 | Release memory |
| 2018-12-25T12:01:56.889743351Z | 44 | PC: 1302b | Get time 0x1302b: cmp cl, 3 0x1302e: je 0x13038 0x13030: mov al, 0x31 0x13032: mov dx, 0x8c 0x13035: call 0x22c3c 0x13038: push cs 0x13039: pop ds 0x1303a: push cs 0x1303b: pop es 0x1303c: call 0x22afc 0x1303f: and al, 2 0x13041: cmp al, 2 0x13043: jne 0x13073 0x13045: mov ah, 0x19 0x13047: int 0x21 0x13049: mov dl, al 0x1304b: cmp dl, 2 0x1304e: jb 0x13053 0x13050: add dl, 0x7e 0x13053: mov ax, 0x309 |
| 2018-12-25T12:01:56.892780117Z | 25 | PC: 13049 | Get default drive |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":3,"Second":0,"TimeBased":true,"OriginalID":7564,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:01:56.875209726Z | 255 | PC: 130c4 | UNKNOWN! |
| 2018-12-25T12:01:56.876847012Z | 53 | PC: 130cf | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:01:56.878013224Z | 240 | PC: 130fe | UNKNOWN! |
| 2018-12-25T12:01:56.878800581Z | 42 | PC: 12f74 | Get date 0x12f74: cmp cx, 0x7cb 0x12f78: jne 0x12f8a 0x12f7a: cmp dh, 3 0x12f7d: jne 0x12f8a 0x12f7f: cmp dl, 8 0x12f82: jb 0x12f8a 0x12f84: mov byte ptr cs:[0x70e], 1 0x12f8a: call 0x13112 0x12f8d: nop 0x12f8e: mov word ptr cs:[0x6f5], es 0x12f93: nop 0x12f94: mov word ptr cs:[0x6f9], es 0x12f99: mov word ptr cs:[0x6fd], es 0x12f9e: mov byte ptr cs:[0x7ba], 0 0x12fa4: mov cx, 0x7bb 0x12fa7: xor si, si 0x12fa9: push es 0x12faa: pop ax 0x12fab: add ax, 0x10 0x12fae: mov es, ax |
| 2018-12-25T12:01:56.882196989Z | 74 | PC: 12fd1 | Reallocate memory |
| 2018-12-25T12:01:56.884448125Z | 75 | PC: 1301d | Execute program |
| 2018-12-25T12:01:56.898318517Z | 255 | PC: 13a04 | UNKNOWN! |
| 2018-12-25T12:01:56.915297514Z | 53 | PC: 13a0f | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:01:56.928524155Z | 76 | PC: 13385 | Terminate with return code (Return code = '0') |
| 2018-12-25T12:01:56.931811198Z | 73 | PC: 12c45 | Release memory |
| 2018-12-25T12:01:56.942370268Z | 44 | PC: 1302b | Get time 0x1302b: cmp cl, 3 0x1302e: je 0x13038 0x13030: mov al, 0x31 0x13032: mov dx, 0x8c 0x13035: call 0x22c3c 0x13038: push cs 0x13039: pop ds 0x1303a: push cs 0x1303b: pop es 0x1303c: call 0x22afc 0x1303f: and al, 2 0x13041: cmp al, 2 0x13043: jne 0x13073 0x13045: mov ah, 0x19 0x13047: int 0x21 0x13049: mov dl, al 0x1304b: cmp dl, 2 0x1304e: jb 0x13053 0x13050: add dl, 0x7e 0x13053: mov ax, 0x309 |
| 2018-12-25T12:01:56.945005775Z | 25 | PC: 13049 | Get default drive |