{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9540,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:23:17.2427346Z | 53 | PC: 12aec | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:23:17.245072044Z | 37 | PC: 12afd | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:23:17.246765284Z | 78 | PC: 12b23 | Find first file |
| 2018-12-25T12:23:17.25324534Z | 42 | PC: 12b75 | Get date 0x12b75: cmp cx, 0x7ca 0x12b79: jb 0x12bbd 0x12b7b: mov ah, 9 0x12b7d: mov dx, 0x209 0x12b80: int 0x21 0x12b82: mov cx, 2 0x12b85: push cx 0x12b86: cli 0x12b87: mov dx, 0x2ee0 0x12b8a: sub dx, word ptr cs:[0x88] 0x12b8f: add byte ptr [bx + si], al 0x12b91: add byte ptr [bx + si], al 0x12b93: add byte ptr [di + 1], dl 0x12b96: push di 0x12b97: adc word ptr [bx + si], ax 0x12b99: add byte ptr [bx + si], al 0x12b9b: add byte ptr [bx + si], al 0x12b9d: add byte ptr [bx + si], al 0x12b9f: add byte ptr [bx + si], al 0x12ba1: add byte ptr [bx + si], al |
| 2018-12-25T12:23:17.277389668Z | 42 | PC: 1514b | Get date 0x1514b: mov ax, 0x4c00 0x1514e: int 0x21 0x15150: cdq 0x15152: call 0x19426 0x15155: call 0x15849 0x15158: test word ptr [0xa590], 1 0x1515e: je 0x1516e 0x15160: mov ax, word ptr [0xa343] 0x15163: mov word ptr [0xa341], ax 0x15166: mov si, 0xa34d 0x15169: mov di, 0xa349 0x1516c: movsw word ptr es:[di], word ptr [si] 0x1516d: movsw word ptr es:[di], word ptr [si] 0x1516e: mov ax, word ptr [0xa337] 0x15171: mov si, 0xa33b 0x15174: mov di, 0xa333 0x15177: movsw word ptr es:[di], word ptr [si] 0x15178: movsw word ptr es:[di], word ptr [si] 0x15179: call 0x15790 0x1517c: mov ah, 0x36 |
| 2018-12-25T12:23:17.280280852Z | 76 | PC: 15150 | Terminate with return code (Return code = '0') |
{"DateBased":true,"Day":1,"Month":1,"Year":1994,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9540,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:23:17.268336776Z | 53 | PC: 12aec | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:23:17.270514228Z | 37 | PC: 12afd | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:23:17.279282707Z | 78 | PC: 12b23 | Find first file |
| 2018-12-25T12:23:17.285977976Z | 42 | PC: 12b75 | Get date 0x12b75: cmp cx, 0x7ca 0x12b79: jb 0x12bbd 0x12b7b: mov ah, 9 0x12b7d: mov dx, 0x209 0x12b80: int 0x21 0x12b82: mov cx, 2 0x12b85: push cx 0x12b86: cli 0x12b87: mov dx, 0x2ee0 0x12b8a: sub dx, word ptr cs:[0x88] 0x12b8f: add byte ptr [bx + si], al 0x12b91: add byte ptr [bx + si], al 0x12b93: add byte ptr [di + 1], dl 0x12b96: push di 0x12b97: adc word ptr [bx + si], ax 0x12b99: add byte ptr [bx + si], al 0x12b9b: add byte ptr [bx + si], al 0x12b9d: add byte ptr [bx + si], al 0x12b9f: add byte ptr [bx + si], al 0x12ba1: add byte ptr [bx + si], al |
| 2018-12-25T12:23:17.288780149Z | 9 | PC: 12b82 | Display string (Could not find end pointer) |
| 2018-12-25T12:23:17.586685879Z | 9 | PC: 1514b | Display string (Could not find end pointer) |
| 2018-12-25T12:23:17.802347506Z | 76 | PC: 15150 | Terminate with return code (Return code = '0') |