{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11060,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:29:51.738410225Z | 26 | PC: 12e93 | Set disk transfer address |
| 2018-12-25T12:29:51.740444398Z | 78 | PC: 12eef | Find first file |
| 2018-12-25T12:29:51.74631398Z | 67 | PC: 12eb7 | Get or set file attributes |
| 2018-12-25T12:29:51.765205674Z | 66 | PC: 12f4b | Move file pointer |
| 2018-12-25T12:29:51.768684785Z | 63 | PC: 12f58 | Read file or device (Read 6 bytes on handle 5) |
| 2018-12-25T12:29:51.785801475Z | 66 | PC: 12f77 | Move file pointer |
| 2018-12-25T12:29:51.787397161Z | 64 | PC: 12f84 | Write file or device (Write 6 bytes on handle 5) |
| 2018-12-25T12:29:51.79072095Z | 66 | PC: 12f91 | Move file pointer |
| 2018-12-25T12:29:51.792739843Z | 64 | PC: 12fb0 | Write file or device (Write 544 bytes on handle 5) |
| 2018-12-25T12:29:51.801165389Z | 87 | PC: 12fc2 | Get or set file date and time |
| 2018-12-25T12:29:51.816169106Z | 62 | PC: 12fca | Close file |
| 2018-12-25T12:29:51.823588805Z | 67 | PC: 12fe3 | Get or set file attributes |
| 2018-12-25T12:29:51.834078675Z | 79 | PC: 12ef8 | Find next file |
| 2018-12-25T12:29:51.836666074Z | 79 | PC: 12ef8 | Find next file (See above) |
| 2018-12-25T12:29:51.840146104Z | 79 | PC: 12ef8 | Find next file (See above) |
| 2018-12-25T12:29:51.842595604Z | 79 | PC: 12ef8 | Find next file (See above) |
| 2018-12-25T12:29:51.844986191Z | 79 | PC: 12ef8 | Find next file (See above) |
| 2018-12-25T12:29:51.847975177Z | 67 | PC: 12eb7 | Get or set file attributes (See above) |
| 2018-12-25T12:29:51.858852652Z | 66 | PC: 12f4b | Move file pointer (See above) |
| 2018-12-25T12:29:51.860057519Z | 63 | PC: 12f58 | Read file or device (See above) |
| 2018-12-25T12:29:51.868878127Z | 66 | PC: 12f77 | Move file pointer (See above) |
| 2018-12-25T12:29:51.870439168Z | 64 | PC: 12f84 | Write file or device (See above) |
| 2018-12-25T12:29:51.873312517Z | 66 | PC: 12f91 | Move file pointer (See above) |
| 2018-12-25T12:29:51.876065823Z | 64 | PC: 12fb0 | Write file or device (See above) |
| 2018-12-25T12:29:51.885161637Z | 87 | PC: 12fc2 | Get or set file date and time (See above) |
| 2018-12-25T12:29:51.886697141Z | 62 | PC: 12fca | Close file (See above) |
| 2018-12-25T12:29:51.894775047Z | 67 | PC: 12fe3 | Get or set file attributes (See above) |
| 2018-12-25T12:29:51.90428537Z | 79 | PC: 12ef8 | Find next file (See above) |
| 2018-12-25T12:29:51.906792422Z | 79 | PC: 12ef8 | Find next file (See above) |
| 2018-12-25T12:29:51.909740606Z | 67 | PC: 12eb7 | Get or set file attributes (See above) |
| 2018-12-25T12:29:51.920685101Z | 66 | PC: 12f4b | Move file pointer (See above) |
| 2018-12-25T12:29:51.92194027Z | 63 | PC: 12f58 | Read file or device (See above) |
| 2018-12-25T12:29:51.924947488Z | 87 | PC: 12fc2 | Get or set file date and time (See above) |
| 2018-12-25T12:29:51.926751542Z | 62 | PC: 12fca | Close file (See above) |
| 2018-12-25T12:29:51.935276703Z | 67 | PC: 12fe3 | Get or set file attributes (See above) |
| 2018-12-25T12:29:51.943484615Z | 79 | PC: 12ef8 | Find next file (See above) |
| 2018-12-25T12:29:51.945028282Z | 26 | PC: 12fed | Set disk transfer address |
| 2018-12-25T12:29:51.945666464Z | 42 | PC: 12e5d | Get date 0x12e5d: and al, 1 0x12e5f: jne 0x12e69 0x12e61: lea dx, word ptr [bp + 0x2f5] 0x12e65: mov ah, 9 0x12e67: int 0x21 0x12e69: ret 0x12e6a: lea si, word ptr [bp + 0x1a6] 0x12e6e: mov di, 0x100 0x12e71: mov cx, 6 0x12e74: cld 0x12e75: rep movsb byte ptr es:[di], byte ptr [si] 0x12e77: xor dx, dx 0x12e79: mov ds, dx 0x12e7b: mov si, 0x90 0x12e7e: lea dx, word ptr [bp + 0x2d3] 0x12e82: cli 0x12e83: mov word ptr [si + 2], cs 0x12e86: mov word ptr [si], dx 0x12e88: sti 0x12e89: push cs |
| 2018-12-25T12:29:51.94843643Z | 9 | PC: 12e69 | Display string (String= '���� Don`t touch me! Keep your hands out! ۲�� ') |
{"DateBased":true,"Day":7,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11060,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:29:52.203936551Z | 26 | PC: 12e93 | Set disk transfer address |
| 2018-12-25T12:29:52.205588073Z | 78 | PC: 12eef | Find first file |
| 2018-12-25T12:29:52.212197139Z | 67 | PC: 12eb7 | Get or set file attributes |
| 2018-12-25T12:29:52.229842582Z | 66 | PC: 12f4b | Move file pointer |
| 2018-12-25T12:29:52.231957206Z | 63 | PC: 12f58 | Read file or device (Read 6 bytes on handle 5) |
| 2018-12-25T12:29:52.238291531Z | 66 | PC: 12f77 | Move file pointer |
| 2018-12-25T12:29:52.240215217Z | 64 | PC: 12f84 | Write file or device (Write 6 bytes on handle 5) |
| 2018-12-25T12:29:52.246561992Z | 66 | PC: 12f91 | Move file pointer |
| 2018-12-25T12:29:52.250668149Z | 64 | PC: 12fb0 | Write file or device (Write 544 bytes on handle 5) |
| 2018-12-25T12:29:52.261444316Z | 87 | PC: 12fc2 | Get or set file date and time |
| 2018-12-25T12:29:52.262870027Z | 62 | PC: 12fca | Close file |
| 2018-12-25T12:29:52.274885598Z | 67 | PC: 12fe3 | Get or set file attributes |
| 2018-12-25T12:29:52.284865778Z | 79 | PC: 12ef8 | Find next file |
| 2018-12-25T12:29:52.28807874Z | 79 | PC: 12ef8 | Find next file (See above) |
| 2018-12-25T12:29:52.291208208Z | 79 | PC: 12ef8 | Find next file (See above) |
| 2018-12-25T12:29:52.293584862Z | 79 | PC: 12ef8 | Find next file (See above) |
| 2018-12-25T12:29:52.296103686Z | 79 | PC: 12ef8 | Find next file (See above) |
| 2018-12-25T12:29:52.299209825Z | 67 | PC: 12eb7 | Get or set file attributes (See above) |
| 2018-12-25T12:29:52.309987838Z | 66 | PC: 12f4b | Move file pointer (See above) |
| 2018-12-25T12:29:52.311164893Z | 63 | PC: 12f58 | Read file or device (See above) |
| 2018-12-25T12:29:52.317856149Z | 66 | PC: 12f77 | Move file pointer (See above) |
| 2018-12-25T12:29:52.319085218Z | 64 | PC: 12f84 | Write file or device (See above) |
| 2018-12-25T12:29:52.321484258Z | 66 | PC: 12f91 | Move file pointer (See above) |
| 2018-12-25T12:29:52.323879176Z | 64 | PC: 12fb0 | Write file or device (See above) |
| 2018-12-25T12:29:52.332414503Z | 87 | PC: 12fc2 | Get or set file date and time (See above) |
| 2018-12-25T12:29:52.333926947Z | 62 | PC: 12fca | Close file (See above) |
| 2018-12-25T12:29:52.34365698Z | 67 | PC: 12fe3 | Get or set file attributes (See above) |
| 2018-12-25T12:29:52.353139777Z | 79 | PC: 12ef8 | Find next file (See above) |
| 2018-12-25T12:29:52.355777179Z | 79 | PC: 12ef8 | Find next file (See above) |
| 2018-12-25T12:29:52.370387266Z | 67 | PC: 12eb7 | Get or set file attributes (See above) |
| 2018-12-25T12:29:52.381350205Z | 66 | PC: 12f4b | Move file pointer (See above) |
| 2018-12-25T12:29:52.38276136Z | 63 | PC: 12f58 | Read file or device (See above) |
| 2018-12-25T12:29:52.386469137Z | 87 | PC: 12fc2 | Get or set file date and time (See above) |
| 2018-12-25T12:29:52.387896593Z | 62 | PC: 12fca | Close file (See above) |
| 2018-12-25T12:29:52.394835079Z | 67 | PC: 12fe3 | Get or set file attributes (See above) |
| 2018-12-25T12:29:52.408009399Z | 79 | PC: 12ef8 | Find next file (See above) |
| 2018-12-25T12:29:52.410847194Z | 26 | PC: 12fed | Set disk transfer address |
| 2018-12-25T12:29:52.41213714Z | 42 | PC: 12e5d | Get date 0x12e5d: and al, 1 0x12e5f: jne 0x12e69 0x12e61: lea dx, word ptr [bp + 0x2f5] 0x12e65: mov ah, 9 0x12e67: int 0x21 0x12e69: ret 0x12e6a: lea si, word ptr [bp + 0x1a6] 0x12e6e: mov di, 0x100 0x12e71: mov cx, 6 0x12e74: cld 0x12e75: rep movsb byte ptr es:[di], byte ptr [si] 0x12e77: xor dx, dx 0x12e79: mov ds, dx 0x12e7b: mov si, 0x90 0x12e7e: lea dx, word ptr [bp + 0x2d3] 0x12e82: cli 0x12e83: mov word ptr [si + 2], cs 0x12e86: mov word ptr [si], dx 0x12e88: sti 0x12e89: push cs |