{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14098,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:39:45.884729704Z | 44 | PC: 12c9d | Get time 0x12c9d: mov word ptr [0x405], dx 0x12ca1: mov bx, dx 0x12ca3: xor dx, cx 0x12ca5: mov ax, dx 0x12ca7: xor dx, dx 0x12ca9: div word ptr [0x401] 0x12cad: add dx, 0x117 0x12cb1: mov word ptr [0x124], dx 0x12cb5: mov si, dx 0x12cb7: mov dx, word ptr [0x405] 0x12cbb: and dx, 3 0x12cbe: cmp dx, 2 0x12cc1: je 0x12cd2 0x12cc3: cmp dx, 3 0x12cc6: je 0x12cdc 0x12cc8: mov word ptr [0x122], 0x16f7 0x12cce: not word ptr [si] 0x12cd0: jmp 0x12ce4 0x12cd2: mov word ptr [0x122], 0xed1 0x12cd8: rol word ptr [si], 1 |
| 2018-12-25T12:39:45.887804041Z | 42 | PC: 12ceb | Get date 0x12ceb: xor dx, word ptr [0x403] 0x12cef: mov word ptr [0x104], dx 0x12cf3: mov bx, dx 0x12cf5: xor dx, cx 0x12cf7: xor dx, word ptr [0x405] 0x12cfb: mov ax, dx 0x12cfd: xor dx, dx 0x12cff: div word ptr [0x3ff] 0x12d03: add dx, 0x11e 0x12d07: mov word ptr [0x102], dx 0x12d0b: mov si, dx 0x12d0d: mov cx, word ptr [0x403] 0x12d11: xor cx, word ptr [0x405] 0x12d15: and cx, 3 0x12d18: cmp cx, 2 0x12d1b: je 0x12d2c 0x12d1d: cmp cx, 3 0x12d20: je 0x12d36 0x12d22: mov word ptr [0x100], 0x3681 0x12d28: xor word ptr [si], bx |
| 2018-12-25T12:39:45.890039189Z | 47 | PC: 12ad8 | Get disk transfer address |
| 2018-12-25T12:39:45.891130737Z | 26 | PC: 12ae3 | Set disk transfer address |
| 2018-12-25T12:39:45.898824134Z | 78 | PC: 12bd1 | Find first file |
| 2018-12-25T12:39:45.905077714Z | 79 | PC: 12bd1 | Find next file (See above) |
| 2018-12-25T12:39:45.907656356Z | 79 | PC: 12bd1 | Find next file (See above) |
| 2018-12-25T12:39:45.910457334Z | 79 | PC: 12bd1 | Find next file (See above) |
| 2018-12-25T12:39:45.913483359Z | 79 | PC: 12bd1 | Find next file (See above) |
| 2018-12-25T12:39:45.916081444Z | 79 | PC: 12bd1 | Find next file (See above) |
| 2018-12-25T12:39:45.918636322Z | 79 | PC: 12bd1 | Find next file (See above) |
| 2018-12-25T12:39:45.92201061Z | 79 | PC: 12bd1 | Find next file (See above) |
| 2018-12-25T12:39:45.925221452Z | 67 | PC: 12c16 | Get or set file attributes |
| 2018-12-25T12:39:45.9419422Z | 26 | PC: 12b1a | Set disk transfer address |
| 2018-12-25T12:39:45.945819755Z | 61 | PC: 12d74 | Open file (Filename = '.\TEST.COM') |
| 2018-12-25T12:39:45.953067764Z | 63 | PC: 12d86 | Read file or device (Read 1191 bytes on handle 5) |
| 2018-12-25T12:39:45.960080176Z | 66 | PC: 12d9f | Move file pointer |
| 2018-12-25T12:39:45.961792085Z | 64 | PC: 12daf | Write file or device (Write 1191 bytes on handle 5) |
| 2018-12-25T12:39:45.970443659Z | 66 | PC: 12dc0 | Move file pointer |
| 2018-12-25T12:39:46.005135111Z | 64 | PC: 12ddb | Write file or device (Write 39 bytes on handle 5) |
| 2018-12-25T12:39:46.009716628Z | 64 | PC: 12de9 | Write file or device (Write 1152 bytes on handle 5) |
| 2018-12-25T12:39:46.017419226Z | 87 | PC: 12e08 | Get or set file date and time |
| 2018-12-25T12:39:46.018954671Z | 62 | PC: 12e0c | Close file |
| 2018-12-25T12:39:46.027920361Z | 42 | PC: 12a87 | Get date 0x12a87: and dx, 0x101 0x12a8b: cmp dx, 0x101 0x12a8f: jne 0x12acd 0x12a91: mov ax, 0x2c00 0x12a94: int 0x21 0x12a96: and cx, 0x101 0x12a9a: cmp cx, 0x101 0x12a9e: jne 0x12acd 0x12aa0: and dh, 1 0x12aa3: cmp dh, 1 0x12aa6: jne 0x12acd 0x12aa8: mov ax, 0x900 0x12aab: mov dx, 0x52f 0x12aae: int 0x21 0x12ab0: mov ax, 0x600 0x12ab3: mov dx, 0xff 0x12ab6: int 0x21 0x12ab8: je 0x12ab0 0x12aba: cmp al, 0x6e 0x12abc: je 0x12acd |
| 2018-12-25T12:39:46.030051926Z | 44 | PC: 12a96 | Get time 0x12a96: and cx, 0x101 0x12a9a: cmp cx, 0x101 0x12a9e: jne 0x12acd 0x12aa0: and dh, 1 0x12aa3: cmp dh, 1 0x12aa6: jne 0x12acd 0x12aa8: mov ax, 0x900 0x12aab: mov dx, 0x52f 0x12aae: int 0x21 0x12ab0: mov ax, 0x600 0x12ab3: mov dx, 0xff 0x12ab6: int 0x21 0x12ab8: je 0x12ab0 0x12aba: cmp al, 0x6e 0x12abc: je 0x12acd 0x12abe: cmp al, 0x4e 0x12ac0: je 0x12acd 0x12ac2: cmp al, 0x79 0x12ac4: je 0x12aca 0x12ac6: cmp al, 0x59 |
{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14098,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:39:46.040783748Z | 44 | PC: 12c9d | Get time 0x12c9d: mov word ptr [0x405], dx 0x12ca1: mov bx, dx 0x12ca3: xor dx, cx 0x12ca5: mov ax, dx 0x12ca7: xor dx, dx 0x12ca9: div word ptr [0x401] 0x12cad: add dx, 0x117 0x12cb1: mov word ptr [0x124], dx 0x12cb5: mov si, dx 0x12cb7: mov dx, word ptr [0x405] 0x12cbb: and dx, 3 0x12cbe: cmp dx, 2 0x12cc1: je 0x12cd2 0x12cc3: cmp dx, 3 0x12cc6: je 0x12cdc 0x12cc8: mov word ptr [0x122], 0x16f7 0x12cce: not word ptr [si] 0x12cd0: jmp 0x12ce4 0x12cd2: mov word ptr [0x122], 0xed1 0x12cd8: rol word ptr [si], 1 |
| 2018-12-25T12:39:46.044115405Z | 42 | PC: 12ceb | Get date 0x12ceb: xor dx, word ptr [0x403] 0x12cef: mov word ptr [0x104], dx 0x12cf3: mov bx, dx 0x12cf5: xor dx, cx 0x12cf7: xor dx, word ptr [0x405] 0x12cfb: mov ax, dx 0x12cfd: xor dx, dx 0x12cff: div word ptr [0x3ff] 0x12d03: add dx, 0x11e 0x12d07: mov word ptr [0x102], dx 0x12d0b: mov si, dx 0x12d0d: mov cx, word ptr [0x403] 0x12d11: xor cx, word ptr [0x405] 0x12d15: and cx, 3 0x12d18: cmp cx, 2 0x12d1b: je 0x12d2c 0x12d1d: cmp cx, 3 0x12d20: je 0x12d36 0x12d22: mov word ptr [0x100], 0x3681 0x12d28: xor word ptr [si], bx |
| 2018-12-25T12:39:46.046684167Z | 47 | PC: 12ad8 | Get disk transfer address |
| 2018-12-25T12:39:46.048040043Z | 26 | PC: 12ae3 | Set disk transfer address |
| 2018-12-25T12:39:46.049650445Z | 78 | PC: 12bd1 | Find first file |
| 2018-12-25T12:39:46.057849082Z | 79 | PC: 12bd1 | Find next file (See above) |
| 2018-12-25T12:39:46.060952492Z | 79 | PC: 12bd1 | Find next file (See above) |
| 2018-12-25T12:39:46.067448304Z | 79 | PC: 12bd1 | Find next file (See above) |
| 2018-12-25T12:39:46.071016054Z | 79 | PC: 12bd1 | Find next file (See above) |
| 2018-12-25T12:39:46.073847871Z | 79 | PC: 12bd1 | Find next file (See above) |
| 2018-12-25T12:39:46.077098399Z | 79 | PC: 12bd1 | Find next file (See above) |
| 2018-12-25T12:39:46.080574248Z | 79 | PC: 12bd1 | Find next file (See above) |
| 2018-12-25T12:39:46.08340986Z | 67 | PC: 12c16 | Get or set file attributes |
| 2018-12-25T12:39:46.10097203Z | 26 | PC: 12b1a | Set disk transfer address |
| 2018-12-25T12:39:46.102473364Z | 61 | PC: 12d74 | Open file (Filename = '.\TEST.COM') |
| 2018-12-25T12:39:46.110037645Z | 63 | PC: 12d86 | Read file or device (Read 1191 bytes on handle 5) |
| 2018-12-25T12:39:46.118866189Z | 66 | PC: 12d9f | Move file pointer |
| 2018-12-25T12:39:46.120840263Z | 64 | PC: 12daf | Write file or device (Write 1191 bytes on handle 5) |
| 2018-12-25T12:39:46.13072999Z | 66 | PC: 12dc0 | Move file pointer |
| 2018-12-25T12:39:46.176957754Z | 64 | PC: 12ddb | Write file or device (Write 39 bytes on handle 5) |
| 2018-12-25T12:39:46.182491392Z | 64 | PC: 12de9 | Write file or device (Write 1152 bytes on handle 5) |
| 2018-12-25T12:39:46.191046851Z | 87 | PC: 12e08 | Get or set file date and time |
| 2018-12-25T12:39:46.192975091Z | 62 | PC: 12e0c | Close file |
| 2018-12-25T12:39:46.202370379Z | 42 | PC: 12a87 | Get date 0x12a87: and dx, 0x101 0x12a8b: cmp dx, 0x101 0x12a8f: jne 0x12acd 0x12a91: mov ax, 0x2c00 0x12a94: int 0x21 0x12a96: and cx, 0x101 0x12a9a: cmp cx, 0x101 0x12a9e: jne 0x12acd 0x12aa0: and dh, 1 0x12aa3: cmp dh, 1 0x12aa6: jne 0x12acd 0x12aa8: mov ax, 0x900 0x12aab: mov dx, 0x52f 0x12aae: int 0x21 0x12ab0: mov ax, 0x600 0x12ab3: mov dx, 0xff 0x12ab6: int 0x21 0x12ab8: je 0x12ab0 0x12aba: cmp al, 0x6e 0x12abc: je 0x12acd |