{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12672,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:35:55.238285544Z | 26 | PC: 12ad0 | Set disk transfer address |
| 2018-12-25T12:35:55.240567125Z | 71 | PC: 12af2 | Get current directory |
| 2018-12-25T12:35:55.245294467Z | 78 | PC: 12b0e | Find first file |
| 2018-12-25T12:35:55.253227437Z | 61 | PC: 12bde | Open file (Filename = 'TEST.EXE') |
| 2018-12-25T12:35:55.260801819Z | 87 | PC: 12bed | Get or set file date and time |
| 2018-12-25T12:35:55.263728118Z | 63 | PC: 12c06 | Read file or device (Read 29 bytes on handle 5) |
| 2018-12-25T12:35:55.266954414Z | 66 | PC: 12c4b | Move file pointer |
| 2018-12-25T12:35:55.268900418Z | 87 | PC: 12c3b | Get or set file date and time |
| 2018-12-25T12:35:55.271602701Z | 62 | PC: 12c3f | Close file |
| 2018-12-25T12:35:55.286956536Z | 79 | PC: 12b45 | Find next file |
| 2018-12-25T12:35:55.289918797Z | 59 | PC: 12b51 | Change current directory |
| 2018-12-25T12:35:55.295170303Z | 42 | PC: 12b61 | Get date 0x12b61: cmp al, 1 0x12b63: jne 0x12b73 0x12b65: mov al, byte ptr cs:[bp + 0x355] 0x12b6a: and al, 0x14 0x12b6c: cmp al, 0x14 0x12b6e: jne 0x12b73 0x12b70: call 0x12e01 0x12b73: inc byte ptr cs:[bp + 0x356] 0x12b78: lea ax, word ptr [bp + 0x356] 0x12b7c: mov dx, 0x3b00 0x12b7f: xchg ax, dx 0x12b80: int 0x21 0x12b82: call 0x12e73 0x12b85: mov dx, 0x1a00 0x12b88: mov ax, 0x80 0x12b8b: xchg ax, dx 0x12b8c: int 0x21 0x12b8e: mov cx, 8 0x12b91: lea si, word ptr [bp + 0x189] 0x12b95: lea di, word ptr [bp + 0x181] |
| 2018-12-25T12:35:55.297926525Z | 59 | PC: 12b82 | Change current directory |
| 2018-12-25T12:35:55.302907817Z | 26 | PC: 12b8e | Set disk transfer address |
| 2018-12-25T12:35:55.305099434Z | 26 | PC: 12ad0 | Set disk transfer address (See above) |
| 2018-12-25T12:35:55.306512837Z | 71 | PC: 12af2 | Get current directory (See above) |
| 2018-12-25T12:35:55.310221201Z | 78 | PC: 12b0e | Find first file (See above) |
| 2018-12-25T12:35:55.316897237Z | 61 | PC: 12bde | Open file (See above) |
| 2018-12-25T12:35:55.33048401Z | 87 | PC: 12bed | Get or set file date and time (See above) |
| 2018-12-25T12:35:55.332027078Z | 63 | PC: 12c06 | Read file or device (See above) |
| 2018-12-25T12:35:55.33921184Z | 66 | PC: 12c4b | Move file pointer (See above) |
| 2018-12-25T12:35:55.341954569Z | 87 | PC: 12c3b | Get or set file date and time (See above) |
| 2018-12-25T12:35:55.343643075Z | 62 | PC: 12c3f | Close file (See above) |
| 2018-12-25T12:35:55.351505435Z | 79 | PC: 12b45 | Find next file (See above) |
| 2018-12-25T12:35:55.355397598Z | 59 | PC: 12b51 | Change current directory (See above) |
| 2018-12-25T12:35:55.360297325Z | 42 | PC: 12b61 | Get date (See above) |
| 2018-12-25T12:35:55.36307101Z | 59 | PC: 12b82 | Change current directory (See above) |
| 2018-12-25T12:35:55.368424622Z | 26 | PC: 12b8e | Set disk transfer address (See above) |
| 2018-12-25T12:35:55.370237908Z | 240 | PC: 5 | UNKNOWN! |
| 2018-12-25T12:35:55.390726321Z | 78 | PC: 151b2 | Find first file |
| 2018-12-25T12:35:55.396787334Z | 2 | PC: 160a2 | Character output (Char = '20') |
| 2018-12-25T12:35:55.39981241Z | 71 | PC: 16104 | Get current directory |
{"DateBased":true,"Day":7,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12672,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:35:56.367145967Z | 26 | PC: 12ad0 | Set disk transfer address |
| 2018-12-25T12:35:56.369017205Z | 71 | PC: 12af2 | Get current directory |
| 2018-12-25T12:35:56.372883982Z | 78 | PC: 12b0e | Find first file |
| 2018-12-25T12:35:56.37976797Z | 61 | PC: 12bde | Open file (Filename = 'TEST.EXE') |
| 2018-12-25T12:35:56.392594196Z | 87 | PC: 12bed | Get or set file date and time |
| 2018-12-25T12:35:56.395029084Z | 63 | PC: 12c06 | Read file or device (Read 29 bytes on handle 5) |
| 2018-12-25T12:35:56.402328797Z | 66 | PC: 12c4b | Move file pointer |
| 2018-12-25T12:35:56.404241328Z | 87 | PC: 12c3b | Get or set file date and time |
| 2018-12-25T12:35:56.407257229Z | 62 | PC: 12c3f | Close file |
| 2018-12-25T12:35:56.421699467Z | 79 | PC: 12b45 | Find next file |
| 2018-12-25T12:35:56.424696222Z | 59 | PC: 12b51 | Change current directory |
| 2018-12-25T12:35:56.43561627Z | 42 | PC: 12b61 | Get date 0x12b61: cmp al, 1 0x12b63: jne 0x12b73 0x12b65: mov al, byte ptr cs:[bp + 0x355] 0x12b6a: and al, 0x14 0x12b6c: cmp al, 0x14 0x12b6e: jne 0x12b73 0x12b70: call 0x12e01 0x12b73: inc byte ptr cs:[bp + 0x356] 0x12b78: lea ax, word ptr [bp + 0x356] 0x12b7c: mov dx, 0x3b00 0x12b7f: xchg ax, dx 0x12b80: int 0x21 0x12b82: call 0x12e73 0x12b85: mov dx, 0x1a00 0x12b88: mov ax, 0x80 0x12b8b: xchg ax, dx 0x12b8c: int 0x21 0x12b8e: mov cx, 8 0x12b91: lea si, word ptr [bp + 0x189] 0x12b95: lea di, word ptr [bp + 0x181] |
| 2018-12-25T12:35:56.438196201Z | 59 | PC: 12b82 | Change current directory |
| 2018-12-25T12:35:56.443148242Z | 26 | PC: 12b8e | Set disk transfer address |
| 2018-12-25T12:35:56.447510522Z | 26 | PC: 12ad0 | Set disk transfer address (See above) |
| 2018-12-25T12:35:56.448935419Z | 71 | PC: 12af2 | Get current directory (See above) |
| 2018-12-25T12:35:56.452666229Z | 78 | PC: 12b0e | Find first file (See above) |
| 2018-12-25T12:35:56.480123491Z | 61 | PC: 12bde | Open file (See above) |
| 2018-12-25T12:35:56.513580837Z | 87 | PC: 12bed | Get or set file date and time (See above) |
| 2018-12-25T12:35:56.515497215Z | 63 | PC: 12c06 | Read file or device (See above) |
| 2018-12-25T12:35:56.522896554Z | 66 | PC: 12c4b | Move file pointer (See above) |
| 2018-12-25T12:35:56.525515776Z | 87 | PC: 12c3b | Get or set file date and time (See above) |
| 2018-12-25T12:35:56.527497356Z | 62 | PC: 12c3f | Close file (See above) |
| 2018-12-25T12:35:56.535310346Z | 79 | PC: 12b45 | Find next file (See above) |
| 2018-12-25T12:35:56.53852782Z | 59 | PC: 12b51 | Change current directory (See above) |
| 2018-12-25T12:35:56.543384976Z | 42 | PC: 12b61 | Get date (See above) |
| 2018-12-25T12:35:56.546160241Z | 59 | PC: 12b82 | Change current directory (See above) |
| 2018-12-25T12:35:56.551399807Z | 26 | PC: 12b8e | Set disk transfer address (See above) |
| 2018-12-25T12:35:56.552760759Z | 240 | PC: 5 | UNKNOWN! |