{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":15430,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:43:22.557258158Z | 44 | PC: 133fc | Get time 0x133fc: cmp dh, 1 0x133ff: jne 0x13411 0x13401: mov ax, 0x301 0x13404: mov ch, dh 0x13406: mov cl, dl 0x13408: mov dx, 0x80 0x1340b: lea bx, word ptr [bp + 0x100] 0x1340f: int 0x13 0x13411: call 0x13414 0x13414: mov di, sp 0x13416: mov bp, word ptr ss:[di] 0x13419: sub bp, 0x11c 0x1341d: inc sp 0x1341e: inc sp 0x1341f: push ds 0x13420: push es 0x13421: push cs 0x13422: pop ds 0x13423: call 0x135b3 0x13426: div word ptr [si - 0x72ef] |
| 2018-12-25T12:43:22.560626118Z | 26 | PC: 1342f | Set disk transfer address |
| 2018-12-25T12:43:22.562605493Z | 71 | PC: 13458 | Get current directory |
| 2018-12-25T12:43:22.566204012Z | 78 | PC: 13463 | Find first file |
| 2018-12-25T12:43:22.573686509Z | 61 | PC: 1347b | Open file (Filename = 'TEST.EXE') |
| 2018-12-25T12:43:22.582164619Z | 63 | PC: 13487 | Read file or device (Read 24 bytes on handle 5) |
| 2018-12-25T12:43:22.585192578Z | 62 | PC: 13528 | Close file |
| 2018-12-25T12:43:22.587165765Z | 67 | PC: 13536 | Get or set file attributes |
| 2018-12-25T12:43:22.605942951Z | 79 | PC: 13463 | Find next file (See above) |
| 2018-12-25T12:43:22.6086188Z | 59 | PC: 1346d | Change current directory |
| 2018-12-25T12:43:22.618433274Z | 59 | PC: 13543 | Change current directory |
| 2018-12-25T12:43:22.621268929Z | 72 | PC: 1354a | Allocate memory |
| 2018-12-25T12:43:22.623248476Z | 9 | PC: 133f2 | Display string (Could not find end pointer) |
| 2018-12-25T12:43:22.628772154Z | 76 | PC: 133f8 | Terminate with return code (Return code = '0') |
{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":15430,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:43:23.334462178Z | 44 | PC: 133fc | Get time 0x133fc: cmp dh, 1 0x133ff: jne 0x13411 0x13401: mov ax, 0x301 0x13404: mov ch, dh 0x13406: mov cl, dl 0x13408: mov dx, 0x80 0x1340b: lea bx, word ptr [bp + 0x100] 0x1340f: int 0x13 0x13411: call 0x13414 0x13414: mov di, sp 0x13416: mov bp, word ptr ss:[di] 0x13419: sub bp, 0x11c 0x1341d: inc sp 0x1341e: inc sp 0x1341f: push ds 0x13420: push es 0x13421: push cs 0x13422: pop ds 0x13423: call 0x135b3 0x13426: div word ptr [si - 0x72ef] |
| 2018-12-25T12:43:23.337420094Z | 26 | PC: 1342f | Set disk transfer address |
| 2018-12-25T12:43:23.339852033Z | 71 | PC: 13458 | Get current directory |
| 2018-12-25T12:43:23.343373852Z | 78 | PC: 13463 | Find first file |
| 2018-12-25T12:43:23.350423431Z | 61 | PC: 1347b | Open file (Filename = 'TEST.EXE') |
| 2018-12-25T12:43:23.358673286Z | 63 | PC: 13487 | Read file or device (Read 24 bytes on handle 5) |
| 2018-12-25T12:43:23.361941672Z | 62 | PC: 13528 | Close file |
| 2018-12-25T12:43:23.364302872Z | 67 | PC: 13536 | Get or set file attributes |
| 2018-12-25T12:43:23.382554691Z | 79 | PC: 13463 | Find next file (See above) |
| 2018-12-25T12:43:23.385602023Z | 59 | PC: 1346d | Change current directory |
| 2018-12-25T12:43:23.39598138Z | 59 | PC: 13543 | Change current directory |
| 2018-12-25T12:43:23.399255569Z | 72 | PC: 1354a | Allocate memory |
| 2018-12-25T12:43:23.401291425Z | 9 | PC: 133f2 | Display string (Could not find end pointer) |
| 2018-12-25T12:43:23.406706437Z | 76 | PC: 133f8 | Terminate with return code (Return code = '0') |