{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":886,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:41:57.071889629Z | 119 | PC: 12a6a | UNKNOWN! |
| 2018-12-25T11:41:57.073463398Z | 42 | PC: 12a73 | Get date 0x12a73: cmp dx, 0x606 0x12a77: jne 0x12a7c 0x12a79: call 0x12cb9 0x12a7c: mov ah, 0x4a 0x12a7e: mov bx, 0xffff 0x12a81: int 0x21 0x12a83: sub bx, 0x38 0x12a86: mov ah, 0x4a 0x12a88: int 0x21 0x12a8a: mov ah, 0x48 0x12a8c: mov bx, 0x37 0x12a8f: int 0x21 0x12a91: jb 0x12ae2 0x12a93: dec ax 0x12a94: mov es, ax 0x12a96: mov word ptr es:[1], 8 0x12a9d: push ax 0x12a9e: mov ax, 0x3521 0x12aa1: int 0x21 0x12aa3: mov word ptr [0x2ec], bx |
| 2018-12-25T11:41:57.075404086Z | 74 | PC: 12a83 | Reallocate memory |
| 2018-12-25T11:41:57.07669463Z | 74 | PC: 12a8a | Reallocate memory |
| 2018-12-25T11:41:57.078717265Z | 72 | PC: 12a91 | Allocate memory |
| 2018-12-25T11:41:57.080107022Z | 53 | PC: 12aa3 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:41:57.081170678Z | 53 | PC: 12aaf | Get interrupt vector (Interrupt = '37' AKA 'Set interrupt vector') |
| 2018-12-25T11:41:57.083035678Z | 37 | PC: 12ae2 | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:41:57.084385007Z | 44 | PC: 12af6 | Get time 0x12af6: cmp dl, 1 0x12af9: ja 0x12afe 0x12afb: call 0x12c73 0x12afe: mov ax, 0x100 0x12b01: jmp ax 0x12b03: int 0x20 0x12b05: nop 0x12b06: jmp 0x12b09 0x12b09: cmp ax, 0x7777 0x12b0c: jne 0x12b12 0x12b0e: mov ax, 0x6952 0x12b11: iret 0x12b12: cmp ax, 0x4b00 0x12b15: je 0x12b77 0x12b17: cmp ah, 0x3d 0x12b1a: jne 0x12b1f 0x12b1c: jmp 0x12c30 0x12b1f: cmp ah, 0x11 0x12b22: je 0x12b2c 0x12b24: cmp ah, 0x12 |
{"DateBased":true,"Day":6,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":886,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:41:57.284769527Z | 119 | PC: 12a6a | UNKNOWN! |
| 2018-12-25T11:41:57.286975496Z | 42 | PC: 12a73 | Get date 0x12a73: cmp dx, 0x606 0x12a77: jne 0x12a7c 0x12a79: call 0x12cb9 0x12a7c: mov ah, 0x4a 0x12a7e: mov bx, 0xffff 0x12a81: int 0x21 0x12a83: sub bx, 0x38 0x12a86: mov ah, 0x4a 0x12a88: int 0x21 0x12a8a: mov ah, 0x48 0x12a8c: mov bx, 0x37 0x12a8f: int 0x21 0x12a91: jb 0x12ae2 0x12a93: dec ax 0x12a94: mov es, ax 0x12a96: mov word ptr es:[1], 8 0x12a9d: push ax 0x12a9e: mov ax, 0x3521 0x12aa1: int 0x21 0x12aa3: mov word ptr [0x2ec], bx |
| 2018-12-25T11:41:59.232092563Z | 74 | PC: 12a83 | Reallocate memory |
| 2018-12-25T11:41:59.234490245Z | 74 | PC: 12a8a | Reallocate memory |
| 2018-12-25T11:41:59.236578708Z | 72 | PC: 12a91 | Allocate memory |
| 2018-12-25T11:41:59.239648759Z | 53 | PC: 12aa3 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:41:59.241399082Z | 53 | PC: 12aaf | Get interrupt vector (Interrupt = '37' AKA 'Set interrupt vector') |
| 2018-12-25T11:41:59.243708608Z | 37 | PC: 12ae2 | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:41:59.24669294Z | 44 | PC: 12af6 | Get time 0x12af6: cmp dl, 1 0x12af9: ja 0x12afe 0x12afb: call 0x12c73 0x12afe: mov ax, 0x100 0x12b01: jmp ax 0x12b03: int 0x20 0x12b05: nop 0x12b06: jmp 0x12b09 0x12b09: cmp ax, 0x7777 0x12b0c: jne 0x12b12 0x12b0e: mov ax, 0x6952 0x12b11: iret 0x12b12: cmp ax, 0x4b00 0x12b15: je 0x12b77 0x12b17: cmp ah, 0x3d 0x12b1a: jne 0x12b1f 0x12b1c: jmp 0x12c30 0x12b1f: cmp ah, 0x11 0x12b22: je 0x12b2c 0x12b24: cmp ah, 0x12 |