{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":544,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:41:17.508813937Z | 78 | PC: 12a4c | Find first file |
| 2018-12-25T11:41:17.515862751Z | 61 | PC: 12b98 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:41:17.524067471Z | 63 | PC: 12ba3 | Read file or device (Read 2 bytes on handle 5) |
| 2018-12-25T11:41:17.535250553Z | 66 | PC: 12bb5 | Move file pointer |
| 2018-12-25T11:41:17.537251593Z | 64 | PC: 12bbf | Write file or device (Write 508 bytes on handle 5) |
| 2018-12-25T11:41:17.54109638Z | 62 | PC: 12bc3 | Close file |
| 2018-12-25T11:41:17.555863084Z | 42 | PC: 12a5f | Get date 0x12a5f: cmp dl, 3 0x12a62: jne 0x12a69 0x12a64: cmp dh, 0xa 0x12a67: je 0x12a6b 0x12a69: int 0x20 0x12a6b: mov byte ptr [0x28d], 0 0x12a70: mov ah, 0 0x12a72: mov al, 3 0x12a74: int 0x10 0x12a76: mov ah, 8 0x12a78: int 0x10 0x12a7a: mov byte ptr [0x28f], al 0x12a7d: cmp byte ptr [0x28f], 0 0x12a82: jne 0x12a89 0x12a84: mov byte ptr [0x28f], 0xf 0x12a89: mov ah, 1 0x12a8b: mov cl, 0 0x12a8d: mov ch, 0x40 0x12a8f: int 0x10 0x12a91: mov cl, 0 |
{"DateBased":true,"Day":3,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":544,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:41:17.981718543Z | 78 | PC: 12a4c | Find first file |
| 2018-12-25T11:41:17.988973501Z | 61 | PC: 12b98 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:41:17.99750922Z | 63 | PC: 12ba3 | Read file or device (Read 2 bytes on handle 5) |
| 2018-12-25T11:41:18.005234762Z | 66 | PC: 12bb5 | Move file pointer |
| 2018-12-25T11:41:18.007413034Z | 64 | PC: 12bbf | Write file or device (Write 508 bytes on handle 5) |
| 2018-12-25T11:41:18.01202198Z | 62 | PC: 12bc3 | Close file |
| 2018-12-25T11:41:18.027017663Z | 42 | PC: 12a5f | Get date 0x12a5f: cmp dl, 3 0x12a62: jne 0x12a69 0x12a64: cmp dh, 0xa 0x12a67: je 0x12a6b 0x12a69: int 0x20 0x12a6b: mov byte ptr [0x28d], 0 0x12a70: mov ah, 0 0x12a72: mov al, 3 0x12a74: int 0x10 0x12a76: mov ah, 8 0x12a78: int 0x10 0x12a7a: mov byte ptr [0x28f], al 0x12a7d: cmp byte ptr [0x28f], 0 0x12a82: jne 0x12a89 0x12a84: mov byte ptr [0x28f], 0xf 0x12a89: mov ah, 1 0x12a8b: mov cl, 0 0x12a8d: mov ch, 0x40 0x12a8f: int 0x10 0x12a91: mov cl, 0 |
{"DateBased":true,"Day":3,"Month":10,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":544,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:41:18.345948384Z | 78 | PC: 12a4c | Find first file |
| 2018-12-25T11:41:18.353470264Z | 61 | PC: 12b98 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:41:18.361206942Z | 63 | PC: 12ba3 | Read file or device (Read 2 bytes on handle 5) |
| 2018-12-25T11:41:18.368583106Z | 66 | PC: 12bb5 | Move file pointer |
| 2018-12-25T11:41:18.370713239Z | 64 | PC: 12bbf | Write file or device (Write 508 bytes on handle 5) |
| 2018-12-25T11:41:18.37420722Z | 62 | PC: 12bc3 | Close file |
| 2018-12-25T11:41:18.394768859Z | 42 | PC: 12a5f | Get date 0x12a5f: cmp dl, 3 0x12a62: jne 0x12a69 0x12a64: cmp dh, 0xa 0x12a67: je 0x12a6b 0x12a69: int 0x20 0x12a6b: mov byte ptr [0x28d], 0 0x12a70: mov ah, 0 0x12a72: mov al, 3 0x12a74: int 0x10 0x12a76: mov ah, 8 0x12a78: int 0x10 0x12a7a: mov byte ptr [0x28f], al 0x12a7d: cmp byte ptr [0x28f], 0 0x12a82: jne 0x12a89 0x12a84: mov byte ptr [0x28f], 0xf 0x12a89: mov ah, 1 0x12a8b: mov cl, 0 0x12a8d: mov ch, 0x40 0x12a8f: int 0x10 0x12a91: mov cl, 0 |
| 2018-12-25T11:41:18.406726961Z | 9 | PC: 12ab8 | Display string (String= '(o) (o)') |