{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7358,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:01:23.866795614Z | 78 | PC: 12a4c | Find first file |
| 2018-12-25T12:01:23.87341018Z | 61 | PC: 12b93 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:01:23.880922447Z | 63 | PC: 12b9e | Read file or device (Read 2 bytes on handle 5) |
| 2018-12-25T12:01:23.887154224Z | 66 | PC: 12baf | Move file pointer |
| 2018-12-25T12:01:23.890106384Z | 64 | PC: 12bb9 | Write file or device (Write 413 bytes on handle 5) |
| 2018-12-25T12:01:23.89306075Z | 62 | PC: 12bbd | Close file |
| 2018-12-25T12:01:23.907706627Z | 42 | PC: 12a5b | Get date 0x12a5b: cmp dl, 3 0x12a5e: jne 0x12a65 0x12a60: cmp dh, 0xa 0x12a63: je 0x12a67 0x12a65: int 0x20 0x12a67: mov byte ptr [0x285], 0 0x12a6c: mov ah, 0 0x12a6e: mov al, 3 0x12a70: int 0x10 0x12a72: mov ah, 8 0x12a74: int 0x10 0x12a76: mov byte ptr [0x287], al 0x12a79: cmp byte ptr [0x287], 0 0x12a7e: jne 0x12a85 0x12a80: mov byte ptr [0x287], 0xf 0x12a85: mov ah, 1 0x12a87: mov cl, 0 0x12a89: mov ch, 0x40 0x12a8b: int 0x10 0x12a8d: mov cl, 0 |
{"DateBased":true,"Day":3,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7358,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:01:24.19104158Z | 78 | PC: 12a4c | Find first file |
| 2018-12-25T12:01:24.197546194Z | 61 | PC: 12b93 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:01:24.203730243Z | 63 | PC: 12b9e | Read file or device (Read 2 bytes on handle 5) |
| 2018-12-25T12:01:24.20971346Z | 66 | PC: 12baf | Move file pointer |
| 2018-12-25T12:01:24.211397969Z | 64 | PC: 12bb9 | Write file or device (Write 413 bytes on handle 5) |
| 2018-12-25T12:01:24.214171081Z | 62 | PC: 12bbd | Close file |
| 2018-12-25T12:01:24.227733566Z | 42 | PC: 12a5b | Get date 0x12a5b: cmp dl, 3 0x12a5e: jne 0x12a65 0x12a60: cmp dh, 0xa 0x12a63: je 0x12a67 0x12a65: int 0x20 0x12a67: mov byte ptr [0x285], 0 0x12a6c: mov ah, 0 0x12a6e: mov al, 3 0x12a70: int 0x10 0x12a72: mov ah, 8 0x12a74: int 0x10 0x12a76: mov byte ptr [0x287], al 0x12a79: cmp byte ptr [0x287], 0 0x12a7e: jne 0x12a85 0x12a80: mov byte ptr [0x287], 0xf 0x12a85: mov ah, 1 0x12a87: mov cl, 0 0x12a89: mov ch, 0x40 0x12a8b: int 0x10 0x12a8d: mov cl, 0 |
{"DateBased":true,"Day":3,"Month":10,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7358,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:01:24.541224317Z | 78 | PC: 12a4c | Find first file |
| 2018-12-25T12:01:24.556807952Z | 61 | PC: 12b93 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:01:24.565745594Z | 63 | PC: 12b9e | Read file or device (Read 2 bytes on handle 5) |
| 2018-12-25T12:01:24.573387435Z | 66 | PC: 12baf | Move file pointer |
| 2018-12-25T12:01:24.575503531Z | 64 | PC: 12bb9 | Write file or device (Write 413 bytes on handle 5) |
| 2018-12-25T12:01:24.580168734Z | 62 | PC: 12bbd | Close file |
| 2018-12-25T12:01:24.602819829Z | 42 | PC: 12a5b | Get date 0x12a5b: cmp dl, 3 0x12a5e: jne 0x12a65 0x12a60: cmp dh, 0xa 0x12a63: je 0x12a67 0x12a65: int 0x20 0x12a67: mov byte ptr [0x285], 0 0x12a6c: mov ah, 0 0x12a6e: mov al, 3 0x12a70: int 0x10 0x12a72: mov ah, 8 0x12a74: int 0x10 0x12a76: mov byte ptr [0x287], al 0x12a79: cmp byte ptr [0x287], 0 0x12a7e: jne 0x12a85 0x12a80: mov byte ptr [0x287], 0xf 0x12a85: mov ah, 1 0x12a87: mov cl, 0 0x12a89: mov ch, 0x40 0x12a8b: int 0x10 0x12a8d: mov cl, 0 |
| 2018-12-25T12:01:24.616818381Z | 9 | PC: 12ab4 | Display string (String= '(o) (o)') |