{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":15277,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:43:04.630645018Z | 48 | PC: 12ab9 | Get DOS version |
| 2018-12-25T12:43:04.631995326Z | 44 | PC: 12ac1 | Get time 0x12ac1: cmp dh, 0x3b 0x12ac4: jne 0x12ad3 0x12ac6: mov ax, word ptr [bp + 0x3f1] 0x12aca: nop 0x12acb: cmp ax, 0x19 0x12ace: jl 0x12ad3 0x12ad0: call 0x12cd8 0x12ad3: call 0x12b5e 0x12ad6: cmp ah, 1 0x12ad9: je 0x12ade 0x12adb: call 0x12b83 0x12ade: pop bp 0x12adf: pop di 0x12ae0: pop si 0x12ae1: pop es 0x12ae2: pop ds 0x12ae3: pop dx 0x12ae4: pop cx 0x12ae5: pop bx 0x12ae6: pop ax |
| 2018-12-25T12:43:04.638599557Z | 53 | PC: 12ba6 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address') |
| 2018-12-25T12:43:04.639592406Z | 37 | PC: 12bc5 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address') |
| 2018-12-25T12:43:04.640721884Z | 53 | PC: 12bca | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:43:04.641882233Z | 37 | PC: 12be4 | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:43:04.642884676Z | 9 | PC: 12a48 | Display string (String= 'Fear loaded and ready to infect... ') |
| 2018-12-25T12:43:04.647429712Z | 76 | PC: 12a4d | Terminate with return code (Return code = '0') |
{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":59,"TimeBased":true,"OriginalID":15277,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:43:05.197266399Z | 48 | PC: 12ab9 | Get DOS version |
| 2018-12-25T12:43:05.199167308Z | 44 | PC: 12ac1 | Get time 0x12ac1: cmp dh, 0x3b 0x12ac4: jne 0x12ad3 0x12ac6: mov ax, word ptr [bp + 0x3f1] 0x12aca: nop 0x12acb: cmp ax, 0x19 0x12ace: jl 0x12ad3 0x12ad0: call 0x12cd8 0x12ad3: call 0x12b5e 0x12ad6: cmp ah, 1 0x12ad9: je 0x12ade 0x12adb: call 0x12b83 0x12ade: pop bp 0x12adf: pop di 0x12ae0: pop si 0x12ae1: pop es 0x12ae2: pop ds 0x12ae3: pop dx 0x12ae4: pop cx 0x12ae5: pop bx 0x12ae6: pop ax |
| 2018-12-25T12:43:05.202140083Z | 53 | PC: 12ba6 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address') |
| 2018-12-25T12:43:05.203490865Z | 37 | PC: 12bc5 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address') |
| 2018-12-25T12:43:05.204830332Z | 53 | PC: 12bca | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:43:05.206833391Z | 37 | PC: 12be4 | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:43:05.208438036Z | 9 | PC: 12a48 | Display string (String= 'Fear loaded and ready to infect... ') |
| 2018-12-25T12:43:05.213333688Z | 76 | PC: 12a4d | Terminate with return code (Return code = '0') |
{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":15277,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:43:05.610922736Z | 48 | PC: 12ab9 | Get DOS version |
| 2018-12-25T12:43:05.612617531Z | 44 | PC: 12ac1 | Get time 0x12ac1: cmp dh, 0x3b 0x12ac4: jne 0x12ad3 0x12ac6: mov ax, word ptr [bp + 0x3f1] 0x12aca: nop 0x12acb: cmp ax, 0x19 0x12ace: jl 0x12ad3 0x12ad0: call 0x12cd8 0x12ad3: call 0x12b5e 0x12ad6: cmp ah, 1 0x12ad9: je 0x12ade 0x12adb: call 0x12b83 0x12ade: pop bp 0x12adf: pop di 0x12ae0: pop si 0x12ae1: pop es 0x12ae2: pop ds 0x12ae3: pop dx 0x12ae4: pop cx 0x12ae5: pop bx 0x12ae6: pop ax |
| 2018-12-25T12:43:05.616605302Z | 53 | PC: 12ba6 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address') |
| 2018-12-25T12:43:05.618319244Z | 37 | PC: 12bc5 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address') |
| 2018-12-25T12:43:05.619949477Z | 53 | PC: 12bca | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:43:05.622706125Z | 37 | PC: 12be4 | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:43:05.624565554Z | 9 | PC: 12a48 | Display string (String= 'Fear loaded and ready to infect... ') |
| 2018-12-25T12:43:05.629444294Z | 76 | PC: 12a4d | Terminate with return code (Return code = '0') |
{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":59,"TimeBased":true,"OriginalID":15277,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:43:05.977293666Z | 48 | PC: 12ab9 | Get DOS version |
| 2018-12-25T12:43:05.983565647Z | 44 | PC: 12ac1 | Get time 0x12ac1: cmp dh, 0x3b 0x12ac4: jne 0x12ad3 0x12ac6: mov ax, word ptr [bp + 0x3f1] 0x12aca: nop 0x12acb: cmp ax, 0x19 0x12ace: jl 0x12ad3 0x12ad0: call 0x12cd8 0x12ad3: call 0x12b5e 0x12ad6: cmp ah, 1 0x12ad9: je 0x12ade 0x12adb: call 0x12b83 0x12ade: pop bp 0x12adf: pop di 0x12ae0: pop si 0x12ae1: pop es 0x12ae2: pop ds 0x12ae3: pop dx 0x12ae4: pop cx 0x12ae5: pop bx 0x12ae6: pop ax |
| 2018-12-25T12:43:05.986017515Z | 53 | PC: 12ba6 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address') |
| 2018-12-25T12:43:05.987229975Z | 37 | PC: 12bc5 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address') |
| 2018-12-25T12:43:06.000555921Z | 53 | PC: 12bca | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:43:06.002155577Z | 37 | PC: 12be4 | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:43:06.0036153Z | 9 | PC: 12a48 | Display string (String= 'Fear loaded and ready to infect... ') |
| 2018-12-25T12:43:06.008745491Z | 76 | PC: 12a4d | Terminate with return code (Return code = '0') |