{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15595,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:43:56.714107948Z | 26 | PC: 12b75 | Set disk transfer address |
| 2018-12-25T12:43:56.716129827Z | 71 | PC: 12b7f | Get current directory |
| 2018-12-25T12:43:56.719736492Z | 78 | PC: 12b87 | Find first file |
| 2018-12-25T12:43:56.725809284Z | 61 | PC: 12b95 | Open file (Filename = 'TEST.EXE') |
| 2018-12-25T12:43:56.732982388Z | 63 | PC: 12ba1 | Read file or device (Read 26 bytes on handle 5) |
| 2018-12-25T12:43:56.735562536Z | 66 | PC: 12bb4 | Move file pointer |
| 2018-12-25T12:43:56.737047507Z | 64 | PC: 12bc9 | Write file or device (Write 530 bytes on handle 5) |
| 2018-12-25T12:43:56.751197512Z | 66 | PC: 12bd1 | Move file pointer |
| 2018-12-25T12:43:56.753973344Z | 64 | PC: 12bdc | Write file or device (Write 26 bytes on handle 5) |
| 2018-12-25T12:43:56.756861496Z | 62 | PC: 12be0 | Close file |
| 2018-12-25T12:43:56.764761023Z | 79 | PC: 12b87 | Find next file (See above) |
| 2018-12-25T12:43:56.767385698Z | 59 | PC: 12cba | Change current directory |
| 2018-12-25T12:43:56.776366127Z | 42 | PC: 12be8 | Get date 0x12be8: cmp dl, 1 0x12beb: jne 0x12bf7 0x12bed: mov ah, 9 0x12bef: lea dx, word ptr [bp + 0x2af] 0x12bf3: int 0x21 0x12bf5: jmp 0x12bf5 0x12bf7: lea dx, word ptr [bp + 0x358] 0x12bfb: mov ah, 0x3b 0x12bfd: int 0x21 0x12bff: pop ds 0x12c00: mov dx, 0x80 0x12c03: mov ah, 0x1a 0x12c05: int 0x21 0x12c07: push ds 0x12c08: pop es 0x12c09: mov ax, es 0x12c0b: add ax, 0x10 0x12c0e: add word ptr cs:[bp + 0x1df], ax 0x12c13: cli 0x12c14: mov ss, ax |
| 2018-12-25T12:43:56.778400881Z | 9 | PC: 12bf5 | Display string (String= ' Love to LISA :) ') |
{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15595,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:43:57.777794476Z | 26 | PC: 12b75 | Set disk transfer address |
| 2018-12-25T12:43:57.779449402Z | 71 | PC: 12b7f | Get current directory |
| 2018-12-25T12:43:57.78290533Z | 78 | PC: 12b87 | Find first file |
| 2018-12-25T12:43:57.789400796Z | 61 | PC: 12b95 | Open file (Filename = 'TEST.EXE') |
| 2018-12-25T12:43:57.803732591Z | 63 | PC: 12ba1 | Read file or device (Read 26 bytes on handle 5) |
| 2018-12-25T12:43:57.807469859Z | 66 | PC: 12bb4 | Move file pointer |
| 2018-12-25T12:43:57.809032684Z | 64 | PC: 12bc9 | Write file or device (Write 530 bytes on handle 5) |
| 2018-12-25T12:43:57.824091271Z | 66 | PC: 12bd1 | Move file pointer |
| 2018-12-25T12:43:57.825321283Z | 64 | PC: 12bdc | Write file or device (Write 26 bytes on handle 5) |
| 2018-12-25T12:43:57.827896602Z | 62 | PC: 12be0 | Close file |
| 2018-12-25T12:43:57.837348557Z | 79 | PC: 12b87 | Find next file (See above) |
| 2018-12-25T12:43:57.842217363Z | 59 | PC: 12cba | Change current directory |
| 2018-12-25T12:43:57.846789294Z | 42 | PC: 12be8 | Get date 0x12be8: cmp dl, 1 0x12beb: jne 0x12bf7 0x12bed: mov ah, 9 0x12bef: lea dx, word ptr [bp + 0x2af] 0x12bf3: int 0x21 0x12bf5: jmp 0x12bf5 0x12bf7: lea dx, word ptr [bp + 0x358] 0x12bfb: mov ah, 0x3b 0x12bfd: int 0x21 0x12bff: pop ds 0x12c00: mov dx, 0x80 0x12c03: mov ah, 0x1a 0x12c05: int 0x21 0x12c07: push ds 0x12c08: pop es 0x12c09: mov ax, es 0x12c0b: add ax, 0x10 0x12c0e: add word ptr cs:[bp + 0x1df], ax 0x12c13: cli 0x12c14: mov ss, ax |
| 2018-12-25T12:43:57.849323833Z | 59 | PC: 12bff | Change current directory |
| 2018-12-25T12:43:57.85140951Z | 26 | PC: 12c07 | Set disk transfer address |