{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1187,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:42:57.981773879Z | 42 | PC: 12a9a | Get date 0x12a9a: cmp dh, 0xc 0x12a9d: jne 0x12aa7 0x12a9f: cmp dl, 0x19 0x12aa2: jne 0x12aa7 0x12aa4: jmp 0x12c84 0x12aa7: cmp dh, 5 0x12aaa: jne 0x12ab4 0x12aac: cmp dl, 1 0x12aaf: jne 0x12ab4 0x12ab1: jmp 0x12c84 0x12ab4: call 0x12c62 0x12ab7: call 0x12c4f 0x12aba: mov si, bp 0x12abc: add si, 0x2c5 0x12ac0: lodsw ax, word ptr [si] 0x12ac1: cmp ax, 5 0x12ac4: ja 0x12ac9 0x12ac6: jmp 0x12b20 0x12ac8: nop 0x12ac9: call 0x12c36 |
| 2018-12-25T11:42:57.983673716Z | 26 | PC: 12c6c | Set disk transfer address |
| 2018-12-25T11:42:57.985307988Z | 78 | PC: 12c5c | Find first file |
{"DateBased":true,"Day":1,"Month":5,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1187,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:42:58.308844847Z | 42 | PC: 12a9a | Get date 0x12a9a: cmp dh, 0xc 0x12a9d: jne 0x12aa7 0x12a9f: cmp dl, 0x19 0x12aa2: jne 0x12aa7 0x12aa4: jmp 0x12c84 0x12aa7: cmp dh, 5 0x12aaa: jne 0x12ab4 0x12aac: cmp dl, 1 0x12aaf: jne 0x12ab4 0x12ab1: jmp 0x12c84 0x12ab4: call 0x12c62 0x12ab7: call 0x12c4f 0x12aba: mov si, bp 0x12abc: add si, 0x2c5 0x12ac0: lodsw ax, word ptr [si] 0x12ac1: cmp ax, 5 0x12ac4: ja 0x12ac9 0x12ac6: jmp 0x12b20 0x12ac8: nop 0x12ac9: call 0x12c36 |
| 2018-12-25T11:42:58.311297471Z | 65 | PC: 12c8b | Delete file (Filename = 'A:\TEST.EXE') |
{"DateBased":true,"Day":2,"Month":5,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1187,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:42:58.422070808Z | 42 | PC: 12a9a | Get date 0x12a9a: cmp dh, 0xc 0x12a9d: jne 0x12aa7 0x12a9f: cmp dl, 0x19 0x12aa2: jne 0x12aa7 0x12aa4: jmp 0x12c84 0x12aa7: cmp dh, 5 0x12aaa: jne 0x12ab4 0x12aac: cmp dl, 1 0x12aaf: jne 0x12ab4 0x12ab1: jmp 0x12c84 0x12ab4: call 0x12c62 0x12ab7: call 0x12c4f 0x12aba: mov si, bp 0x12abc: add si, 0x2c5 0x12ac0: lodsw ax, word ptr [si] 0x12ac1: cmp ax, 5 0x12ac4: ja 0x12ac9 0x12ac6: jmp 0x12b20 0x12ac8: nop 0x12ac9: call 0x12c36 |
| 2018-12-25T11:42:58.424459819Z | 26 | PC: 12c6c | Set disk transfer address |
| 2018-12-25T11:42:58.425467835Z | 78 | PC: 12c5c | Find first file |
{"DateBased":true,"Day":1,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1187,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:42:58.738795697Z | 42 | PC: 12a9a | Get date 0x12a9a: cmp dh, 0xc 0x12a9d: jne 0x12aa7 0x12a9f: cmp dl, 0x19 0x12aa2: jne 0x12aa7 0x12aa4: jmp 0x12c84 0x12aa7: cmp dh, 5 0x12aaa: jne 0x12ab4 0x12aac: cmp dl, 1 0x12aaf: jne 0x12ab4 0x12ab1: jmp 0x12c84 0x12ab4: call 0x12c62 0x12ab7: call 0x12c4f 0x12aba: mov si, bp 0x12abc: add si, 0x2c5 0x12ac0: lodsw ax, word ptr [si] 0x12ac1: cmp ax, 5 0x12ac4: ja 0x12ac9 0x12ac6: jmp 0x12b20 0x12ac8: nop 0x12ac9: call 0x12c36 |
| 2018-12-25T11:42:58.741116284Z | 26 | PC: 12c6c | Set disk transfer address |
| 2018-12-25T11:42:58.74213852Z | 78 | PC: 12c5c | Find first file |
{"DateBased":true,"Day":25,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1187,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:42:59.04539133Z | 42 | PC: 12a9a | Get date 0x12a9a: cmp dh, 0xc 0x12a9d: jne 0x12aa7 0x12a9f: cmp dl, 0x19 0x12aa2: jne 0x12aa7 0x12aa4: jmp 0x12c84 0x12aa7: cmp dh, 5 0x12aaa: jne 0x12ab4 0x12aac: cmp dl, 1 0x12aaf: jne 0x12ab4 0x12ab1: jmp 0x12c84 0x12ab4: call 0x12c62 0x12ab7: call 0x12c4f 0x12aba: mov si, bp 0x12abc: add si, 0x2c5 0x12ac0: lodsw ax, word ptr [si] 0x12ac1: cmp ax, 5 0x12ac4: ja 0x12ac9 0x12ac6: jmp 0x12b20 0x12ac8: nop 0x12ac9: call 0x12c36 |
| 2018-12-25T11:42:59.050410123Z | 65 | PC: 12c8b | Delete file (Filename = 'A:\TEST.EXE') |