{"DateBased":true,"Day":21,"Month":10,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7275,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:01:16.903473565Z | 26 | PC: 12a66 | Set disk transfer address |
| 2018-12-25T12:01:16.905344299Z | 71 | PC: 12a70 | Get current directory |
| 2018-12-25T12:01:16.908108288Z | 78 | PC: 12bb5 | Find first file |
| 2018-12-25T12:01:16.914284052Z | 78 | PC: 12bdd | Find first file |
| 2018-12-25T12:01:16.919986849Z | 59 | PC: 12b8e | Change current directory |
| 2018-12-25T12:01:16.924041737Z | 78 | PC: 12bb5 | Find first file (See above) |
| 2018-12-25T12:01:16.929515418Z | 78 | PC: 12bdd | Find first file (See above) |
| 2018-12-25T12:01:16.935129993Z | 59 | PC: 12b75 | Change current directory |
| 2018-12-25T12:01:16.936972681Z | 42 | PC: 12b79 | Get date 0x12b79: cmp dh, 0xa 0x12b7c: jne 0x12b85 0x12b7e: cmp dl, 0x15 0x12b81: jne 0x12b85 0x12b83: jmp 0x12b93 0x12b85: ret 0x12b86: mov ah, 0x3b 0x12b88: lea dx, word ptr [bp + 0x3fb] 0x12b8c: int 0x21 0x12b8e: jb 0x12b69 0x12b90: jmp 0x12a76 0x12b93: mov al, 2 0x12b95: mov cx, 0x29a 0x12b98: mov dx, 0 0x12b9b: mov bx, 0x2b4 0x12b9e: int 0x26 0x12ba0: lea dx, word ptr [bp + 0x42f] 0x12ba4: mov ah, 9 0x12ba6: int 0x21 0x12ba8: jmp 0x12ba8 |
| 2018-12-25T12:01:16.939434034Z | 9 | PC: 12ba8 | Display string (String= 'Happy Birthday Freaky!') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7275,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:01:17.439140646Z | 26 | PC: 12a66 | Set disk transfer address |
| 2018-12-25T12:01:17.456109088Z | 71 | PC: 12a70 | Get current directory |
| 2018-12-25T12:01:17.460372171Z | 78 | PC: 12bb5 | Find first file |
| 2018-12-25T12:01:17.466971462Z | 78 | PC: 12bdd | Find first file |
| 2018-12-25T12:01:17.473523879Z | 59 | PC: 12b8e | Change current directory |
| 2018-12-25T12:01:17.478596994Z | 78 | PC: 12bb5 | Find first file (See above) |
| 2018-12-25T12:01:17.484909368Z | 78 | PC: 12bdd | Find first file (See above) |
| 2018-12-25T12:01:17.491248301Z | 59 | PC: 12b75 | Change current directory |
| 2018-12-25T12:01:17.494446885Z | 42 | PC: 12b79 | Get date 0x12b79: cmp dh, 0xa 0x12b7c: jne 0x12b85 0x12b7e: cmp dl, 0x15 0x12b81: jne 0x12b85 0x12b83: jmp 0x12b93 0x12b85: ret 0x12b86: mov ah, 0x3b 0x12b88: lea dx, word ptr [bp + 0x3fb] 0x12b8c: int 0x21 0x12b8e: jb 0x12b69 0x12b90: jmp 0x12a76 0x12b93: mov al, 2 0x12b95: mov cx, 0x29a 0x12b98: mov dx, 0 0x12b9b: mov bx, 0x2b4 0x12b9e: int 0x26 0x12ba0: lea dx, word ptr [bp + 0x42f] 0x12ba4: mov ah, 9 0x12ba6: int 0x21 0x12ba8: jmp 0x12ba8 |
{"DateBased":true,"Day":1,"Month":10,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7275,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:01:17.546520795Z | 26 | PC: 12a66 | Set disk transfer address |
| 2018-12-25T12:01:17.548560382Z | 71 | PC: 12a70 | Get current directory |
| 2018-12-25T12:01:17.552393379Z | 78 | PC: 12bb5 | Find first file |
| 2018-12-25T12:01:17.558839611Z | 78 | PC: 12bdd | Find first file |
| 2018-12-25T12:01:17.565227474Z | 59 | PC: 12b8e | Change current directory |
| 2018-12-25T12:01:17.570761299Z | 78 | PC: 12bb5 | Find first file (See above) |
| 2018-12-25T12:01:17.583281524Z | 78 | PC: 12bdd | Find first file (See above) |
| 2018-12-25T12:01:17.595585424Z | 59 | PC: 12b75 | Change current directory |
| 2018-12-25T12:01:17.598319395Z | 42 | PC: 12b79 | Get date 0x12b79: cmp dh, 0xa 0x12b7c: jne 0x12b85 0x12b7e: cmp dl, 0x15 0x12b81: jne 0x12b85 0x12b83: jmp 0x12b93 0x12b85: ret 0x12b86: mov ah, 0x3b 0x12b88: lea dx, word ptr [bp + 0x3fb] 0x12b8c: int 0x21 0x12b8e: jb 0x12b69 0x12b90: jmp 0x12a76 0x12b93: mov al, 2 0x12b95: mov cx, 0x29a 0x12b98: mov dx, 0 0x12b9b: mov bx, 0x2b4 0x12b9e: int 0x26 0x12ba0: lea dx, word ptr [bp + 0x42f] 0x12ba4: mov ah, 9 0x12ba6: int 0x21 0x12ba8: jmp 0x12ba8 |