{"DateBased":true,"Day":22,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13755,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:38:55.412988102Z | 42 | PC: 13c5d | Get date 0x13c5d: cmp dx, 0x116 0x13c61: je 0x13c66 0x13c63: jmp 0x13f2a 0x13c66: mov al, 0xf5 0x13c68: out 0x60, al 0x13c6a: push ds 0x13c6b: pop es 0x13c6c: mov byte ptr [0x75e], 0x80 0x13c71: mov ah, 8 0x13c73: mov dl, byte ptr [0x75e] 0x13c77: int 0x13 0x13c79: mov byte ptr [0x75f], dh 0x13c7d: mov byte ptr [0x760], 0 0x13c82: mov byte ptr [0x761], 0 0x13c87: cld 0x13c88: mov cx, 0x100 0x13c8b: mov di, 0x76e 0x13c8e: mov ax, 0x1080 0x13c91: rep stosd dword ptr es:[di], eax 0x13c93: mov ax, 0x510 |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13755,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:38:55.446866052Z | 42 | PC: 13c5d | Get date 0x13c5d: cmp dx, 0x116 0x13c61: je 0x13c66 0x13c63: jmp 0x13f2a 0x13c66: mov al, 0xf5 0x13c68: out 0x60, al 0x13c6a: push ds 0x13c6b: pop es 0x13c6c: mov byte ptr [0x75e], 0x80 0x13c71: mov ah, 8 0x13c73: mov dl, byte ptr [0x75e] 0x13c77: int 0x13 0x13c79: mov byte ptr [0x75f], dh 0x13c7d: mov byte ptr [0x760], 0 0x13c82: mov byte ptr [0x761], 0 0x13c87: cld 0x13c88: mov cx, 0x100 0x13c8b: mov di, 0x76e 0x13c8e: mov ax, 0x1080 0x13c91: rep stosd dword ptr es:[di], eax 0x13c93: mov ax, 0x510 |
| 2018-12-25T12:38:55.449862489Z | 26 | PC: 13f31 | Set disk transfer address |
| 2018-12-25T12:38:55.451540936Z | 78 | PC: 13fa4 | Find first file |
| 2018-12-25T12:38:55.458393491Z | 79 | PC: 13fea | Find next file |
| 2018-12-25T12:38:55.461817276Z | 79 | PC: 13fea | Find next file (See above) |
| 2018-12-25T12:38:55.463696813Z | 79 | PC: 13fea | Find next file (See above) |
| 2018-12-25T12:38:55.473932825Z | 79 | PC: 13fea | Find next file (See above) |
| 2018-12-25T12:38:55.486449001Z | 79 | PC: 13fea | Find next file (See above) |
| 2018-12-25T12:38:55.489377938Z | 79 | PC: 13fea | Find next file (See above) |
| 2018-12-25T12:38:55.491969428Z | 79 | PC: 13fea | Find next file (See above) |
| 2018-12-25T12:38:55.494953917Z | 78 | PC: 13fa4 | Find first file (See above) |
| 2018-12-25T12:38:55.501054833Z | 67 | PC: 1406d | Get or set file attributes |
| 2018-12-25T12:38:55.516852998Z | 61 | PC: 14074 | Open file (Filename = 'TEST.EXE') |
| 2018-12-25T12:38:55.524125535Z | 63 | PC: 1409b | Read file or device (Read 2 bytes on handle 5) |
| 2018-12-25T12:38:55.528087515Z | 66 | PC: 140b0 | Move file pointer |
| 2018-12-25T12:38:55.529807644Z | 63 | PC: 140ba | Read file or device (Read 11 bytes on handle 5) |
| 2018-12-25T12:38:55.53322898Z | 62 | PC: 14258 | Close file |
| 2018-12-25T12:38:55.536920965Z | 67 | PC: 14264 | Get or set file attributes |
| 2018-12-25T12:38:55.548703075Z | 79 | PC: 13fea | Find next file (See above) |
| 2018-12-25T12:38:55.551186166Z | 26 | PC: 1404a | Set disk transfer address |
| 2018-12-25T12:38:55.553018949Z | 9 | PC: 12a5c | Display string (Could not find end pointer) |
| 2018-12-25T12:38:55.558682123Z | 76 | PC: 12a61 | Terminate with return code (Return code = '0') |