{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8453,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:04:40.419192487Z | 48 | PC: 12a54 | Get DOS version |
| 2018-12-25T12:04:40.420804617Z | 51 | PC: 12a60 | Get or set Ctrl-Break |
| 2018-12-25T12:04:40.421715868Z | 53 | PC: 12a92 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:04:40.42278083Z | 37 | PC: 12aa2 | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:04:40.424548419Z | 44 | PC: 9e25b | Get time 0x9e25b: in al, 0x40 0x9e25d: mov ah, al 0x9e25f: in al, 0x40 0x9e261: xor ax, cx 0x9e263: xor dx, ax 0x9e265: jmp 0x9e282 0x9e267: push dx 0x9e268: push cx 0x9e269: push bx 0x9e26a: mov ax, 0 0x9e26d: mov dx, 0 0x9e270: mov cx, 7 0x9e273: shl ax, 1 0x9e275: rcl dx, 1 0x9e277: mov bl, al 0x9e279: xor bl, dh 0x9e27b: jns 0x9e27f 0x9e27d: inc al 0x9e27f: loop 0x9e273 0x9e281: pop bx |
| 2018-12-25T12:04:40.426846791Z | 51 | PC: 12aa7 | Get or set Ctrl-Break |
| 2018-12-25T12:04:40.427568834Z | 42 | PC: 12aab | Get date 0x12aab: cmp al, 5 0x12aad: jne 0x12abc 0x12aaf: mov ah, 0x2c 0x12ab1: int 0x21 0x12ab3: or dh, dh 0x12ab5: jne 0x12abc 0x12ab7: mov ax, 0x33dc 0x12aba: int 0x21 0x12abc: pop si 0x12abd: pop di 0x12abe: pop es 0x12abf: pop ds 0x12ac0: pop ax 0x12ac1: add si, 0x8ce 0x12ac5: cmp byte ptr cs:[si], 0x4d 0x12ac9: je 0x12ad2 0x12acb: push di 0x12acc: mov cx, 0x1c 0x12acf: rep movsb byte ptr es:[di], byte ptr [si] 0x12ad1: ret |
{"DateBased":true,"Day":4,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8453,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:04:41.121783525Z | 48 | PC: 12a54 | Get DOS version |
| 2018-12-25T12:04:41.124052797Z | 51 | PC: 12a60 | Get or set Ctrl-Break |
| 2018-12-25T12:04:41.124946662Z | 53 | PC: 12a92 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:04:41.126018134Z | 37 | PC: 12aa2 | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:04:41.12809916Z | 44 | PC: 9e25b | Get time 0x9e25b: in al, 0x40 0x9e25d: mov ah, al 0x9e25f: in al, 0x40 0x9e261: xor ax, cx 0x9e263: xor dx, ax 0x9e265: jmp 0x9e282 0x9e267: push dx 0x9e268: push cx 0x9e269: push bx 0x9e26a: mov ax, 0 0x9e26d: mov dx, 0 0x9e270: mov cx, 7 0x9e273: shl ax, 1 0x9e275: rcl dx, 1 0x9e277: mov bl, al 0x9e279: xor bl, dh 0x9e27b: jns 0x9e27f 0x9e27d: inc al 0x9e27f: loop 0x9e273 0x9e281: pop bx |
| 2018-12-25T12:04:41.130059359Z | 51 | PC: 12aa7 | Get or set Ctrl-Break |
| 2018-12-25T12:04:41.130858998Z | 42 | PC: 12aab | Get date 0x12aab: cmp al, 5 0x12aad: jne 0x12abc 0x12aaf: mov ah, 0x2c 0x12ab1: int 0x21 0x12ab3: or dh, dh 0x12ab5: jne 0x12abc 0x12ab7: mov ax, 0x33dc 0x12aba: int 0x21 0x12abc: pop si 0x12abd: pop di 0x12abe: pop es 0x12abf: pop ds 0x12ac0: pop ax 0x12ac1: add si, 0x8ce 0x12ac5: cmp byte ptr cs:[si], 0x4d 0x12ac9: je 0x12ad2 0x12acb: push di 0x12acc: mov cx, 0x1c 0x12acf: rep movsb byte ptr es:[di], byte ptr [si] 0x12ad1: ret |
| 2018-12-25T12:04:41.133061864Z | 44 | PC: 12ab3 | Get time 0x12ab3: or dh, dh 0x12ab5: jne 0x12abc 0x12ab7: mov ax, 0x33dc 0x12aba: int 0x21 0x12abc: pop si 0x12abd: pop di 0x12abe: pop es 0x12abf: pop ds 0x12ac0: pop ax 0x12ac1: add si, 0x8ce 0x12ac5: cmp byte ptr cs:[si], 0x4d 0x12ac9: je 0x12ad2 0x12acb: push di 0x12acc: mov cx, 0x1c 0x12acf: rep movsb byte ptr es:[di], byte ptr [si] 0x12ad1: ret 0x12ad2: mov bx, ds 0x12ad4: add bx, 0x10 0x12ad7: mov cx, bx 0x12ad9: add bx, word ptr cs:[si + 0xe] |