{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17170,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:55:06.553816611Z | 78 | PC: 12a4c | Find first file |
| 2018-12-25T12:55:06.559970452Z | 61 | PC: 12b93 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:55:06.566456171Z | 63 | PC: 12b9e | Read file or device (Read 2 bytes on handle 5) |
| 2018-12-25T12:55:06.572736488Z | 66 | PC: 12baf | Move file pointer |
| 2018-12-25T12:55:06.574839483Z | 64 | PC: 12bb9 | Write file or device (Write 495 bytes on handle 5) |
| 2018-12-25T12:55:06.577378077Z | 62 | PC: 12bbd | Close file |
| 2018-12-25T12:55:06.592497594Z | 42 | PC: 12a5b | Get date 0x12a5b: cmp dl, 0x1e 0x12a5e: jne 0x12a65 0x12a60: cmp dh, 9 0x12a63: je 0x12a67 0x12a65: int 0x20 0x12a67: mov byte ptr [0x287], 0 0x12a6c: mov ah, 0 0x12a6e: mov al, 3 0x12a70: int 0x10 0x12a72: mov ah, 8 0x12a74: int 0x10 0x12a76: mov byte ptr [0x289], al 0x12a79: cmp byte ptr [0x289], 0 0x12a7e: jne 0x12a85 0x12a80: mov byte ptr [0x289], 0xf 0x12a85: mov ah, 1 0x12a87: mov cl, 0 0x12a89: mov ch, 0x40 0x12a8b: int 0x10 0x12a8d: mov cl, 0 |
{"DateBased":true,"Day":30,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17170,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:55:06.960263285Z | 78 | PC: 12a4c | Find first file |
| 2018-12-25T12:55:06.965933891Z | 61 | PC: 12b93 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:55:06.97161184Z | 63 | PC: 12b9e | Read file or device (Read 2 bytes on handle 5) |
| 2018-12-25T12:55:06.979683857Z | 66 | PC: 12baf | Move file pointer |
| 2018-12-25T12:55:06.994616165Z | 64 | PC: 12bb9 | Write file or device (Write 495 bytes on handle 5) |
| 2018-12-25T12:55:06.997665697Z | 62 | PC: 12bbd | Close file |
| 2018-12-25T12:55:07.012641364Z | 42 | PC: 12a5b | Get date 0x12a5b: cmp dl, 0x1e 0x12a5e: jne 0x12a65 0x12a60: cmp dh, 9 0x12a63: je 0x12a67 0x12a65: int 0x20 0x12a67: mov byte ptr [0x287], 0 0x12a6c: mov ah, 0 0x12a6e: mov al, 3 0x12a70: int 0x10 0x12a72: mov ah, 8 0x12a74: int 0x10 0x12a76: mov byte ptr [0x289], al 0x12a79: cmp byte ptr [0x289], 0 0x12a7e: jne 0x12a85 0x12a80: mov byte ptr [0x289], 0xf 0x12a85: mov ah, 1 0x12a87: mov cl, 0 0x12a89: mov ch, 0x40 0x12a8b: int 0x10 0x12a8d: mov cl, 0 |
{"DateBased":true,"Day":30,"Month":9,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17170,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:55:07.405257773Z | 78 | PC: 12a4c | Find first file |
| 2018-12-25T12:55:07.412009935Z | 61 | PC: 12b93 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:55:07.421015375Z | 63 | PC: 12b9e | Read file or device (Read 2 bytes on handle 5) |
| 2018-12-25T12:55:07.428108733Z | 66 | PC: 12baf | Move file pointer |
| 2018-12-25T12:55:07.429756457Z | 64 | PC: 12bb9 | Write file or device (Write 495 bytes on handle 5) |
| 2018-12-25T12:55:07.433459414Z | 62 | PC: 12bbd | Close file |
| 2018-12-25T12:55:07.449245146Z | 42 | PC: 12a5b | Get date 0x12a5b: cmp dl, 0x1e 0x12a5e: jne 0x12a65 0x12a60: cmp dh, 9 0x12a63: je 0x12a67 0x12a65: int 0x20 0x12a67: mov byte ptr [0x287], 0 0x12a6c: mov ah, 0 0x12a6e: mov al, 3 0x12a70: int 0x10 0x12a72: mov ah, 8 0x12a74: int 0x10 0x12a76: mov byte ptr [0x289], al 0x12a79: cmp byte ptr [0x289], 0 0x12a7e: jne 0x12a85 0x12a80: mov byte ptr [0x289], 0xf 0x12a85: mov ah, 1 0x12a87: mov cl, 0 0x12a89: mov ch, 0x40 0x12a8b: int 0x10 0x12a8d: mov cl, 0 |
| 2018-12-25T12:55:07.462131217Z | 9 | PC: 12ab4 | Display string (String= '(o) (o)') |