{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":13616,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:38:35.093638273Z | 78 | PC: 12a6e | Find first file |
| 2018-12-25T12:38:35.100208191Z | 78 | PC: 12a6e | Find first file (See above) |
| 2018-12-25T12:38:35.10592661Z | 79 | PC: 12a6e | Find next file (See above) |
| 2018-12-25T12:38:35.10835738Z | 79 | PC: 12a6e | Find next file (See above) |
| 2018-12-25T12:38:35.111211214Z | 79 | PC: 12a6e | Find next file (See above) |
| 2018-12-25T12:38:35.119966551Z | 79 | PC: 12a6e | Find next file (See above) |
| 2018-12-25T12:38:35.123089457Z | 79 | PC: 12a6e | Find next file (See above) |
| 2018-12-25T12:38:35.125735741Z | 79 | PC: 12a6e | Find next file (See above) |
| 2018-12-25T12:38:35.129184396Z | 79 | PC: 12a6e | Find next file (See above) |
| 2018-12-25T12:38:35.132713762Z | 67 | PC: 12b3c | Get or set file attributes |
| 2018-12-25T12:38:35.149526208Z | 61 | PC: 12b32 | Open file (Filename = 'TEST.COM') |
| 2018-12-25T12:38:35.156816135Z | 44 | PC: 12aa1 | Get time 0x12aa1: cmp dh, 0 0x12aa4: je 0x12a9d 0x12aa6: mov byte ptr cs:[0x2dd], dh 0x12aab: call 0x12bdd 0x12aae: inc byte ptr cs:[0x2de] 0x12ab3: mov ax, 0x5701 0x12ab6: push bx 0x12ab7: mov cx, word ptr [bx + 0x16] 0x12aba: mov dx, word ptr [bx + 0x18] 0x12abd: pop bx 0x12abe: int 0x21 0x12ac0: mov ah, 0x3e 0x12ac2: int 0x21 0x12ac4: xor cx, cx 0x12ac6: mov bx, 0x80 0x12ac9: mov cl, byte ptr [bx + 0x15] 0x12acc: call 0x12b34 0x12acf: ret 0x12ad0: mov ah, 0x2a 0x12ad2: int 0x21 |
| 2018-12-25T12:38:35.159269559Z | 64 | PC: 12c30 | Write file or device (Write 478 bytes on handle 5) |
| 2018-12-25T12:38:35.162337072Z | 87 | PC: 12ac0 | Get or set file date and time |
| 2018-12-25T12:38:35.165682649Z | 62 | PC: 12ac4 | Close file |
| 2018-12-25T12:38:35.17295367Z | 67 | PC: 12b3c | Get or set file attributes (See above) |
| 2018-12-25T12:38:35.182968694Z | 79 | PC: 12a6e | Find next file (See above) |
| 2018-12-25T12:38:35.18635534Z | 42 | PC: 12ad4 | Get date 0x12ad4: cmp cx, 0x7c9 0x12ad8: jb 0x12b2a 0x12ada: cmp dl, 0xd 0x12add: jne 0x12b2a 0x12adf: mov ah, 0x2c 0x12ae1: int 0x21 0x12ae3: cmp ch, 0xd 0x12ae6: jne 0x12b2a 0x12ae8: mov ah, 9 0x12aea: mov dx, 0x205 0x12aed: int 0x21 0x12aef: mov cx, 2 0x12af2: push cx 0x12af3: cli 0x12af4: mov dx, 0x2ee0 0x12af7: sub dx, word ptr cs:[0x1388] 0x12afc: mov bx, 0x64 0x12aff: mov al, 0xb6 0x12b01: out 0x43, al 0x12b03: mov ax, bx |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":13616,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:38:36.371816892Z | 78 | PC: 12a6e | Find first file |
| 2018-12-25T12:38:36.378283768Z | 78 | PC: 12a6e | Find first file (See above) |
| 2018-12-25T12:38:36.383892235Z | 79 | PC: 12a6e | Find next file (See above) |
| 2018-12-25T12:38:36.38631322Z | 79 | PC: 12a6e | Find next file (See above) |
| 2018-12-25T12:38:36.388674571Z | 79 | PC: 12a6e | Find next file (See above) |
| 2018-12-25T12:38:36.391659842Z | 79 | PC: 12a6e | Find next file (See above) |
| 2018-12-25T12:38:36.406768394Z | 79 | PC: 12a6e | Find next file (See above) |
| 2018-12-25T12:38:36.409236298Z | 79 | PC: 12a6e | Find next file (See above) |
| 2018-12-25T12:38:36.412416034Z | 79 | PC: 12a6e | Find next file (See above) |
| 2018-12-25T12:38:36.414967732Z | 67 | PC: 12b3c | Get or set file attributes |
| 2018-12-25T12:38:36.430931081Z | 61 | PC: 12b32 | Open file (Filename = 'TEST.COM') |
| 2018-12-25T12:38:36.437702019Z | 44 | PC: 12aa1 | Get time 0x12aa1: cmp dh, 0 0x12aa4: je 0x12a9d 0x12aa6: mov byte ptr cs:[0x2dd], dh 0x12aab: call 0x12bdd 0x12aae: inc byte ptr cs:[0x2de] 0x12ab3: mov ax, 0x5701 0x12ab6: push bx 0x12ab7: mov cx, word ptr [bx + 0x16] 0x12aba: mov dx, word ptr [bx + 0x18] 0x12abd: pop bx 0x12abe: int 0x21 0x12ac0: mov ah, 0x3e 0x12ac2: int 0x21 0x12ac4: xor cx, cx 0x12ac6: mov bx, 0x80 0x12ac9: mov cl, byte ptr [bx + 0x15] 0x12acc: call 0x12b34 0x12acf: ret 0x12ad0: mov ah, 0x2a 0x12ad2: int 0x21 |
| 2018-12-25T12:38:36.44018758Z | 64 | PC: 12c30 | Write file or device (Write 478 bytes on handle 5) |
| 2018-12-25T12:38:36.443387736Z | 87 | PC: 12ac0 | Get or set file date and time |
| 2018-12-25T12:38:36.445720496Z | 62 | PC: 12ac4 | Close file |
| 2018-12-25T12:38:36.452897548Z | 67 | PC: 12b3c | Get or set file attributes (See above) |
| 2018-12-25T12:38:36.462783369Z | 79 | PC: 12a6e | Find next file (See above) |
| 2018-12-25T12:38:36.465666944Z | 42 | PC: 12ad4 | Get date 0x12ad4: cmp cx, 0x7c9 0x12ad8: jb 0x12b2a 0x12ada: cmp dl, 0xd 0x12add: jne 0x12b2a 0x12adf: mov ah, 0x2c 0x12ae1: int 0x21 0x12ae3: cmp ch, 0xd 0x12ae6: jne 0x12b2a 0x12ae8: mov ah, 9 0x12aea: mov dx, 0x205 0x12aed: int 0x21 0x12aef: mov cx, 2 0x12af2: push cx 0x12af3: cli 0x12af4: mov dx, 0x2ee0 0x12af7: sub dx, word ptr cs:[0x1388] 0x12afc: mov bx, 0x64 0x12aff: mov al, 0xb6 0x12b01: out 0x43, al 0x12b03: mov ax, bx |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":13616,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:38:36.6421068Z | 78 | PC: 12a6e | Find first file |
| 2018-12-25T12:38:36.648693793Z | 78 | PC: 12a6e | Find first file (See above) |
| 2018-12-25T12:38:36.655582966Z | 79 | PC: 12a6e | Find next file (See above) |
| 2018-12-25T12:38:36.65838262Z | 79 | PC: 12a6e | Find next file (See above) |
| 2018-12-25T12:38:36.661182899Z | 79 | PC: 12a6e | Find next file (See above) |
| 2018-12-25T12:38:36.668461212Z | 79 | PC: 12a6e | Find next file (See above) |
| 2018-12-25T12:38:36.672036989Z | 79 | PC: 12a6e | Find next file (See above) |
| 2018-12-25T12:38:36.675433667Z | 79 | PC: 12a6e | Find next file (See above) |
| 2018-12-25T12:38:36.679357409Z | 79 | PC: 12a6e | Find next file (See above) |
| 2018-12-25T12:38:36.68303125Z | 67 | PC: 12b3c | Get or set file attributes |
| 2018-12-25T12:38:36.701646924Z | 61 | PC: 12b32 | Open file (Filename = 'TEST.COM') |
| 2018-12-25T12:38:36.710319841Z | 44 | PC: 12aa1 | Get time 0x12aa1: cmp dh, 0 0x12aa4: je 0x12a9d 0x12aa6: mov byte ptr cs:[0x2dd], dh 0x12aab: call 0x12bdd 0x12aae: inc byte ptr cs:[0x2de] 0x12ab3: mov ax, 0x5701 0x12ab6: push bx 0x12ab7: mov cx, word ptr [bx + 0x16] 0x12aba: mov dx, word ptr [bx + 0x18] 0x12abd: pop bx 0x12abe: int 0x21 0x12ac0: mov ah, 0x3e 0x12ac2: int 0x21 0x12ac4: xor cx, cx 0x12ac6: mov bx, 0x80 0x12ac9: mov cl, byte ptr [bx + 0x15] 0x12acc: call 0x12b34 0x12acf: ret 0x12ad0: mov ah, 0x2a 0x12ad2: int 0x21 |
| 2018-12-25T12:38:36.713032348Z | 64 | PC: 12c30 | Write file or device (Write 478 bytes on handle 5) |
| 2018-12-25T12:38:36.716324551Z | 87 | PC: 12ac0 | Get or set file date and time |
| 2018-12-25T12:38:36.71804156Z | 62 | PC: 12ac4 | Close file |
| 2018-12-25T12:38:36.726787765Z | 67 | PC: 12b3c | Get or set file attributes (See above) |
| 2018-12-25T12:38:36.737877687Z | 79 | PC: 12a6e | Find next file (See above) |
| 2018-12-25T12:38:36.740794907Z | 42 | PC: 12ad4 | Get date 0x12ad4: cmp cx, 0x7c9 0x12ad8: jb 0x12b2a 0x12ada: cmp dl, 0xd 0x12add: jne 0x12b2a 0x12adf: mov ah, 0x2c 0x12ae1: int 0x21 0x12ae3: cmp ch, 0xd 0x12ae6: jne 0x12b2a 0x12ae8: mov ah, 9 0x12aea: mov dx, 0x205 0x12aed: int 0x21 0x12aef: mov cx, 2 0x12af2: push cx 0x12af3: cli 0x12af4: mov dx, 0x2ee0 0x12af7: sub dx, word ptr cs:[0x1388] 0x12afc: mov bx, 0x64 0x12aff: mov al, 0xb6 0x12b01: out 0x43, al 0x12b03: mov ax, bx |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":13616,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:38:36.950627903Z | 78 | PC: 12a6e | Find first file |
| 2018-12-25T12:38:36.962800785Z | 78 | PC: 12a6e | Find first file (See above) |
| 2018-12-25T12:38:36.976304084Z | 79 | PC: 12a6e | Find next file (See above) |
| 2018-12-25T12:38:36.97878199Z | 79 | PC: 12a6e | Find next file (See above) |
| 2018-12-25T12:38:36.981110635Z | 79 | PC: 12a6e | Find next file (See above) |
| 2018-12-25T12:38:36.984272464Z | 79 | PC: 12a6e | Find next file (See above) |
| 2018-12-25T12:38:36.986753909Z | 79 | PC: 12a6e | Find next file (See above) |
| 2018-12-25T12:38:36.989162439Z | 79 | PC: 12a6e | Find next file (See above) |
| 2018-12-25T12:38:36.992930521Z | 79 | PC: 12a6e | Find next file (See above) |
| 2018-12-25T12:38:36.99572438Z | 67 | PC: 12b3c | Get or set file attributes |
| 2018-12-25T12:38:37.01411386Z | 61 | PC: 12b32 | Open file (Filename = 'TEST.COM') |
| 2018-12-25T12:38:37.022084424Z | 44 | PC: 12aa1 | Get time 0x12aa1: cmp dh, 0 0x12aa4: je 0x12a9d 0x12aa6: mov byte ptr cs:[0x2dd], dh 0x12aab: call 0x12bdd 0x12aae: inc byte ptr cs:[0x2de] 0x12ab3: mov ax, 0x5701 0x12ab6: push bx 0x12ab7: mov cx, word ptr [bx + 0x16] 0x12aba: mov dx, word ptr [bx + 0x18] 0x12abd: pop bx 0x12abe: int 0x21 0x12ac0: mov ah, 0x3e 0x12ac2: int 0x21 0x12ac4: xor cx, cx 0x12ac6: mov bx, 0x80 0x12ac9: mov cl, byte ptr [bx + 0x15] 0x12acc: call 0x12b34 0x12acf: ret 0x12ad0: mov ah, 0x2a 0x12ad2: int 0x21 |
| 2018-12-25T12:38:37.025195931Z | 64 | PC: 12c30 | Write file or device (Write 478 bytes on handle 5) |
| 2018-12-25T12:38:37.028625697Z | 87 | PC: 12ac0 | Get or set file date and time |
| 2018-12-25T12:38:37.030985752Z | 62 | PC: 12ac4 | Close file |
| 2018-12-25T12:38:37.039213145Z | 67 | PC: 12b3c | Get or set file attributes (See above) |
| 2018-12-25T12:38:37.050786453Z | 79 | PC: 12a6e | Find next file (See above) |
| 2018-12-25T12:38:37.05393247Z | 42 | PC: 12ad4 | Get date 0x12ad4: cmp cx, 0x7c9 0x12ad8: jb 0x12b2a 0x12ada: cmp dl, 0xd 0x12add: jne 0x12b2a 0x12adf: mov ah, 0x2c 0x12ae1: int 0x21 0x12ae3: cmp ch, 0xd 0x12ae6: jne 0x12b2a 0x12ae8: mov ah, 9 0x12aea: mov dx, 0x205 0x12aed: int 0x21 0x12aef: mov cx, 2 0x12af2: push cx 0x12af3: cli 0x12af4: mov dx, 0x2ee0 0x12af7: sub dx, word ptr cs:[0x1388] 0x12afc: mov bx, 0x64 0x12aff: mov al, 0xb6 0x12b01: out 0x43, al 0x12b03: mov ax, bx |