{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15650,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:44:08.631656605Z | 78 | PC: 12a57 | Find first file |
| 2018-12-25T12:44:08.639186262Z | 67 | PC: 12a72 | Get or set file attributes |
| 2018-12-25T12:44:08.645205425Z | 61 | PC: 12a7a | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:44:08.652599417Z | 64 | PC: 12a85 | Write file or device (Write 4182 bytes on handle 5) |
| 2018-12-25T12:44:08.667837087Z | 62 | PC: 12a89 | Close file |
| 2018-12-25T12:44:08.677020044Z | 79 | PC: 12a57 | Find next file (See above) |
| 2018-12-25T12:44:08.679868359Z | 67 | PC: 12a72 | Get or set file attributes (See above) |
| 2018-12-25T12:44:08.690850506Z | 61 | PC: 12a7a | Open file (See above) |
| 2018-12-25T12:44:08.702488218Z | 64 | PC: 12a85 | Write file or device (See above) |
| 2018-12-25T12:44:08.719662462Z | 62 | PC: 12a89 | Close file (See above) |
| 2018-12-25T12:44:08.729052728Z | 79 | PC: 12a57 | Find next file (See above) |
| 2018-12-25T12:44:08.732811101Z | 67 | PC: 12a72 | Get or set file attributes (See above) |
| 2018-12-25T12:44:08.737692149Z | 61 | PC: 12a7a | Open file (See above) |
| 2018-12-25T12:44:08.745049277Z | 64 | PC: 12a85 | Write file or device (See above) |
| 2018-12-25T12:44:08.756215731Z | 62 | PC: 12a89 | Close file (See above) |
| 2018-12-25T12:44:08.765032385Z | 79 | PC: 12a57 | Find next file (See above) |
| 2018-12-25T12:44:08.767911397Z | 67 | PC: 12a72 | Get or set file attributes (See above) |
| 2018-12-25T12:44:08.773214493Z | 61 | PC: 12a7a | Open file (See above) |
| 2018-12-25T12:44:08.781004315Z | 64 | PC: 12a85 | Write file or device (See above) |
| 2018-12-25T12:44:08.79082631Z | 62 | PC: 12a89 | Close file (See above) |
| 2018-12-25T12:44:08.800961396Z | 79 | PC: 12a57 | Find next file (See above) |
| 2018-12-25T12:44:08.804269643Z | 67 | PC: 12a72 | Get or set file attributes (See above) |
| 2018-12-25T12:44:08.817341043Z | 61 | PC: 12a7a | Open file (See above) |
| 2018-12-25T12:44:08.828662201Z | 64 | PC: 12a85 | Write file or device (See above) |
| 2018-12-25T12:44:08.839252971Z | 62 | PC: 12a89 | Close file (See above) |
| 2018-12-25T12:44:08.8482882Z | 79 | PC: 12a57 | Find next file (See above) |
| 2018-12-25T12:44:08.851528927Z | 67 | PC: 12a72 | Get or set file attributes (See above) |
| 2018-12-25T12:44:08.857723143Z | 61 | PC: 12a7a | Open file (See above) |
| 2018-12-25T12:44:08.866334796Z | 64 | PC: 12a85 | Write file or device (See above) |
| 2018-12-25T12:44:08.876765944Z | 62 | PC: 12a89 | Close file (See above) |
| 2018-12-25T12:44:08.886847996Z | 79 | PC: 12a57 | Find next file (See above) |
| 2018-12-25T12:44:08.889898341Z | 67 | PC: 12a72 | Get or set file attributes (See above) |
| 2018-12-25T12:44:08.894839787Z | 61 | PC: 12a7a | Open file (See above) |
| 2018-12-25T12:44:08.903315497Z | 64 | PC: 12a85 | Write file or device (See above) |
| 2018-12-25T12:44:08.912989373Z | 62 | PC: 12a89 | Close file (See above) |
| 2018-12-25T12:44:08.922083277Z | 79 | PC: 12a57 | Find next file (See above) |
| 2018-12-25T12:44:08.925247849Z | 59 | PC: 12a64 | Change current directory |
| 2018-12-25T12:44:08.935517936Z | 42 | PC: 12a91 | Get date 0x12a91: cmp dl, 0xf 0x12a94: jne 0x12acc 0x12a96: nop 0x12a97: nop 0x12a98: nop 0x12a99: call 0x12ace 0x12a9c: push cs 0x12a9d: pop ds 0x12a9e: mov ax, 0xb800 0x12aa1: mov es, ax 0x12aa3: xor di, di 0x12aa5: mov si, 0x1b6 0x12aa8: mov cx, 0xfa0 0x12aab: nop 0x12aac: rep movsd dword ptr es:[di], dword ptr [si] 0x12aae: xor ax, ax 0x12ab0: int 0x16 0x12ab2: cdq 0x12ab3: xor cx, cx 0x12ab5: mov ax, 0x5701 |
{"DateBased":true,"Day":15,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15650,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:44:08.677366885Z | 78 | PC: f7e7 | Find first file |
| 2018-12-25T12:44:08.684630954Z | 67 | PC: f802 | Get or set file attributes |
| 2018-12-25T12:44:08.690825946Z | 61 | PC: f80a | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:44:08.69843284Z | 64 | PC: f815 | Write file or device (Write 4182 bytes on handle 5) |
| 2018-12-25T12:44:08.717342086Z | 62 | PC: f819 | Close file |
| 2018-12-25T12:44:08.727229447Z | 79 | PC: f7e7 | Find next file (See above) |
| 2018-12-25T12:44:08.73058432Z | 67 | PC: f802 | Get or set file attributes (See above) |
| 2018-12-25T12:44:08.735761336Z | 61 | PC: f80a | Open file (See above) |
| 2018-12-25T12:44:08.744012522Z | 64 | PC: f815 | Write file or device (See above) |
| 2018-12-25T12:44:08.754480333Z | 62 | PC: f819 | Close file (See above) |
| 2018-12-25T12:44:08.76351375Z | 79 | PC: f7e7 | Find next file (See above) |
| 2018-12-25T12:44:08.767312242Z | 67 | PC: f802 | Get or set file attributes (See above) |
| 2018-12-25T12:44:08.772422221Z | 61 | PC: f80a | Open file (See above) |
| 2018-12-25T12:44:08.785378035Z | 64 | PC: f815 | Write file or device (See above) |
| 2018-12-25T12:44:08.797284924Z | 62 | PC: f819 | Close file (See above) |
| 2018-12-25T12:44:08.808518199Z | 79 | PC: f7e7 | Find next file (See above) |
| 2018-12-25T12:44:08.811651747Z | 67 | PC: f802 | Get or set file attributes (See above) |
| 2018-12-25T12:44:08.816813359Z | 61 | PC: f80a | Open file (See above) |
| 2018-12-25T12:44:08.825909908Z | 64 | PC: f815 | Write file or device (See above) |
| 2018-12-25T12:44:08.836603165Z | 62 | PC: f819 | Close file (See above) |
| 2018-12-25T12:44:08.847645613Z | 79 | PC: f7e7 | Find next file (See above) |
| 2018-12-25T12:44:08.851697503Z | 67 | PC: f802 | Get or set file attributes (See above) |
| 2018-12-25T12:44:08.857293778Z | 61 | PC: f80a | Open file (See above) |
| 2018-12-25T12:44:08.86454084Z | 64 | PC: f815 | Write file or device (See above) |
| 2018-12-25T12:44:08.875402475Z | 62 | PC: f819 | Close file (See above) |
| 2018-12-25T12:44:08.884373525Z | 79 | PC: f7e7 | Find next file (See above) |
| 2018-12-25T12:44:08.887177286Z | 67 | PC: f802 | Get or set file attributes (See above) |
| 2018-12-25T12:44:08.89233619Z | 61 | PC: f80a | Open file (See above) |
| 2018-12-25T12:44:08.89943821Z | 64 | PC: f815 | Write file or device (See above) |
| 2018-12-25T12:44:08.909598318Z | 62 | PC: f819 | Close file (See above) |
| 2018-12-25T12:44:08.919966984Z | 79 | PC: f7e7 | Find next file (See above) |
| 2018-12-25T12:44:08.92290515Z | 67 | PC: f802 | Get or set file attributes (See above) |
| 2018-12-25T12:44:08.927596025Z | 61 | PC: f80a | Open file (See above) |
| 2018-12-25T12:44:08.935123473Z | 64 | PC: f815 | Write file or device (See above) |
| 2018-12-25T12:44:08.946102778Z | 62 | PC: f819 | Close file (See above) |
| 2018-12-25T12:44:08.95564087Z | 79 | PC: f7e7 | Find next file (See above) |
| 2018-12-25T12:44:08.95908746Z | 59 | PC: f7f4 | Change current directory |
| 2018-12-25T12:44:08.964992852Z | 42 | PC: f821 | Get date 0xf821: cmp dl, 0xf 0xf824: jne 0xf85c 0xf826: nop 0xf827: nop 0xf828: nop 0xf829: call 0xf85e 0xf82c: push cs 0xf82d: pop ds 0xf82e: mov ax, 0xb800 0xf831: mov es, ax 0xf833: xor di, di 0xf835: mov si, 0x1b6 0xf838: mov cx, 0xfa0 0xf83b: nop 0xf83c: rep movsd dword ptr es:[di], dword ptr [si] 0xf83e: xor ax, ax 0xf840: int 0x16 0xf842: cdq 0xf843: xor cx, cx 0xf845: mov ax, 0x5701 |
| 2018-12-25T12:44:08.967984302Z | 78 | PC: f865 | Find first file |
| 2018-12-25T12:44:08.980828348Z | 65 | PC: f873 | Delete file (Filename = 'TEST.EXE') |
| 2018-12-25T12:44:08.996322078Z | 79 | PC: f877 | Find next file |