{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10313,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:27:41.868342986Z | 42 | PC: 12a9e | Get date 0x12a9e: cmp al, 1 0x12aa0: jne 0x12aa9 0x12aa2: push ds 0x12aa3: push es 0x12aa4: call 0x12c3f 0x12aa7: pop es 0x12aa8: pop ds 0x12aa9: push ds 0x12aaa: push es 0x12aab: mov ax, 0x3524 0x12aae: int 0x21 0x12ab0: push es 0x12ab1: push bx 0x12ab2: lea dx, word ptr [bp + 0x1f3] 0x12ab6: mov ax, 0x2524 0x12ab9: int 0x21 0x12abb: push cs 0x12abc: pop es 0x12abd: push cs 0x12abe: pop ds |
| 2018-12-25T12:27:41.870301182Z | 53 | PC: 12ab0 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:27:41.871543796Z | 37 | PC: 12abb | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:27:41.872710962Z | 71 | PC: 12ac9 | Get current directory |
| 2018-12-25T12:27:41.874788674Z | 26 | PC: 12ad1 | Set disk transfer address |
| 2018-12-25T12:27:41.877182091Z | 78 | PC: 12b3d | Find first file |
| 2018-12-25T12:27:41.881385428Z | 67 | PC: 12b48 | Get or set file attributes |
| 2018-12-25T12:27:41.885468379Z | 67 | PC: 12b54 | Get or set file attributes |
| 2018-12-25T12:27:41.901136736Z | 61 | PC: 12b5d | Open file (Filename = 'TEST.EXE') |
| 2018-12-25T12:27:41.90807237Z | 87 | PC: 12b63 | Get or set file date and time |
| 2018-12-25T12:27:41.909419259Z | 63 | PC: 12b70 | Read file or device (Read 26 bytes on handle 5) |
| 2018-12-25T12:27:41.912937851Z | 66 | PC: 12b78 | Move file pointer |
| 2018-12-25T12:27:41.914541051Z | 44 | PC: 12be3 | Get time 0x12be3: mov byte ptr [bp + 0x70f], dh 0x12be7: cmp dl, 0 0x12bea: je 0x12bdf 0x12bec: call 0x22a77 0x12bef: mov ax, 0x4200 0x12bf2: xor cx, cx 0x12bf4: cdq 0x12bf5: int 0x21 0x12bf7: lea dx, word ptr [bp + 0x77d] 0x12bfb: mov ah, 0x40 0x12bfd: mov cx, 0x1a 0x12c00: int 0x21 0x12c02: inc byte ptr [bp + 0x77c] 0x12c06: mov ax, 0x5701 0x12c09: pop dx 0x12c0a: pop cx 0x12c0b: int 0x21 0x12c0d: mov ah, 0x3e 0x12c0f: int 0x21 0x12c11: pop ax |
| 2018-12-25T12:27:41.917615106Z | 64 | PC: 12a85 | Write file or device (Write 1552 bytes on handle 5) |
| 2018-12-25T12:27:41.932130694Z | 66 | PC: 12bf7 | Move file pointer |
| 2018-12-25T12:27:41.933665262Z | 64 | PC: 12c02 | Write file or device (Write 26 bytes on handle 5) |
| 2018-12-25T12:27:41.936197062Z | 87 | PC: 12c0d | Get or set file date and time |
| 2018-12-25T12:27:41.937642074Z | 62 | PC: 12c11 | Close file |
| 2018-12-25T12:27:41.945312214Z | 67 | PC: 12c16 | Get or set file attributes |
| 2018-12-25T12:27:41.954626511Z | 79 | PC: 12b3d | Find next file (See above) |
| 2018-12-25T12:27:41.956960622Z | 59 | PC: 12af8 | Change current directory |
| 2018-12-25T12:27:41.961252594Z | 59 | PC: 12b07 | Change current directory |
| 2018-12-25T12:27:41.965172771Z | 37 | PC: 12b0e | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:27:41.967244388Z | 26 | PC: 12b17 | Set disk transfer address |
{"DateBased":true,"Day":7,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10313,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:27:42.269263848Z | 42 | PC: 12a9e | Get date 0x12a9e: cmp al, 1 0x12aa0: jne 0x12aa9 0x12aa2: push ds 0x12aa3: push es 0x12aa4: call 0x12c3f 0x12aa7: pop es 0x12aa8: pop ds 0x12aa9: push ds 0x12aaa: push es 0x12aab: mov ax, 0x3524 0x12aae: int 0x21 0x12ab0: push es 0x12ab1: push bx 0x12ab2: lea dx, word ptr [bp + 0x1f3] 0x12ab6: mov ax, 0x2524 0x12ab9: int 0x21 0x12abb: push cs 0x12abc: pop es 0x12abd: push cs 0x12abe: pop ds |