{"DateBased":true,"Day":3,"Month":10,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6818,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:00:18.801308371Z | 78 | PC: 12a4c | Find first file |
| 2018-12-25T12:00:18.805586886Z | 61 | PC: 12b93 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:00:18.809431324Z | 63 | PC: 12b9e | Read file or device (Read 2 bytes on handle 5) |
| 2018-12-25T12:00:18.813389884Z | 66 | PC: 12baf | Move file pointer |
| 2018-12-25T12:00:18.815274135Z | 64 | PC: 12bba | Write file or device (Write 496 bytes on handle 5) |
| 2018-12-25T12:00:18.817948559Z | 62 | PC: 12bbe | Close file |
| 2018-12-25T12:00:19.229345506Z | 42 | PC: 12a5b | Get date 0x12a5b: cmp dl, 3 0x12a5e: jne 0x12a65 0x12a60: cmp dh, 0xa 0x12a63: je 0x12a67 0x12a65: int 0x20 0x12a67: mov byte ptr [0x288], 0 0x12a6c: mov ah, 0 0x12a6e: mov al, 3 0x12a70: int 0x10 0x12a72: mov ah, 8 0x12a74: int 0x10 0x12a76: mov byte ptr [0x28a], al 0x12a79: cmp byte ptr [0x28a], 0 0x12a7e: jne 0x12a85 0x12a80: mov byte ptr [0x28a], 0xf 0x12a85: mov ah, 1 0x12a87: mov cl, 0 0x12a89: mov ch, 0x40 0x12a8b: int 0x10 0x12a8d: mov cl, 0 |
| 2018-12-25T12:00:19.241879747Z | 9 | PC: 12ab4 | Display string (String= '(o) (o)') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6818,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:00:18.965599253Z | 78 | PC: 12a4c | Find first file |
| 2018-12-25T12:00:18.97189435Z | 61 | PC: 12b93 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:00:18.978019419Z | 63 | PC: 12b9e | Read file or device (Read 2 bytes on handle 5) |
| 2018-12-25T12:00:18.983971866Z | 66 | PC: 12baf | Move file pointer |
| 2018-12-25T12:00:18.985478114Z | 64 | PC: 12bba | Write file or device (Write 496 bytes on handle 5) |
| 2018-12-25T12:00:18.987290659Z | 62 | PC: 12bbe | Close file |
| 2018-12-25T12:00:19.230802924Z | 42 | PC: 12a5b | Get date 0x12a5b: cmp dl, 3 0x12a5e: jne 0x12a65 0x12a60: cmp dh, 0xa 0x12a63: je 0x12a67 0x12a65: int 0x20 0x12a67: mov byte ptr [0x288], 0 0x12a6c: mov ah, 0 0x12a6e: mov al, 3 0x12a70: int 0x10 0x12a72: mov ah, 8 0x12a74: int 0x10 0x12a76: mov byte ptr [0x28a], al 0x12a79: cmp byte ptr [0x28a], 0 0x12a7e: jne 0x12a85 0x12a80: mov byte ptr [0x28a], 0xf 0x12a85: mov ah, 1 0x12a87: mov cl, 0 0x12a89: mov ch, 0x40 0x12a8b: int 0x10 0x12a8d: mov cl, 0 |
{"DateBased":true,"Day":3,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6818,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:00:19.110426015Z | 78 | PC: 12a4c | Find first file |
| 2018-12-25T12:00:19.116764226Z | 61 | PC: 12b93 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:00:19.123698754Z | 63 | PC: 12b9e | Read file or device (Read 2 bytes on handle 5) |
| 2018-12-25T12:00:19.129897846Z | 66 | PC: 12baf | Move file pointer |
| 2018-12-25T12:00:19.132158436Z | 64 | PC: 12bba | Write file or device (Write 496 bytes on handle 5) |
| 2018-12-25T12:00:19.142955148Z | 62 | PC: 12bbe | Close file |
| 2018-12-25T12:00:19.230363176Z | 42 | PC: 12a5b | Get date 0x12a5b: cmp dl, 3 0x12a5e: jne 0x12a65 0x12a60: cmp dh, 0xa 0x12a63: je 0x12a67 0x12a65: int 0x20 0x12a67: mov byte ptr [0x288], 0 0x12a6c: mov ah, 0 0x12a6e: mov al, 3 0x12a70: int 0x10 0x12a72: mov ah, 8 0x12a74: int 0x10 0x12a76: mov byte ptr [0x28a], al 0x12a79: cmp byte ptr [0x28a], 0 0x12a7e: jne 0x12a85 0x12a80: mov byte ptr [0x28a], 0xf 0x12a85: mov ah, 1 0x12a87: mov cl, 0 0x12a89: mov ch, 0x40 0x12a8b: int 0x10 0x12a8d: mov cl, 0 |