{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":16864,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:54:07.59591722Z | 47 | PC: 12e4d | Get disk transfer address |
| 2018-12-25T12:54:07.601001834Z | 26 | PC: 12e5c | Set disk transfer address |
| 2018-12-25T12:54:07.602298758Z | 25 | PC: 12e60 | Get default drive |
| 2018-12-25T12:54:07.603506219Z | 14 | PC: 12e69 | Set default drive (Drive = 'A') |
| 2018-12-25T12:54:07.618738775Z | 14 | PC: 12f09 | Set default drive (Drive = 'A') |
| 2018-12-25T12:54:07.622254822Z | 78 | PC: 12f13 | Find first file |
| 2018-12-25T12:54:07.629631475Z | 61 | PC: 12f4a | Open file (Filename = '') |
| 2018-12-25T12:54:07.6374748Z | 63 | PC: 12f5e | Read file or device (Read 16 bytes on handle 5) |
| 2018-12-25T12:54:07.645366865Z | 62 | PC: 12f8d | Close file |
| 2018-12-25T12:54:07.647627837Z | 67 | PC: 12ff0 | Get or set file attributes |
| 2018-12-25T12:54:07.658661003Z | 61 | PC: 12ffe | Open file (Filename = '') |
| 2018-12-25T12:54:07.666569143Z | 64 | PC: 13011 | Write file or device (Write 16 bytes on handle 5) |
| 2018-12-25T12:54:07.670436201Z | 66 | PC: 13027 | Move file pointer |
| 2018-12-25T12:54:07.67194757Z | 64 | PC: 1303e | Write file or device (Write 25 bytes on handle 5) |
| 2018-12-25T12:54:07.676221124Z | 64 | PC: 1305f | Write file or device (Write 893 bytes on handle 5) |
| 2018-12-25T12:54:07.685802591Z | 87 | PC: 13075 | Get or set file date and time |
| 2018-12-25T12:54:07.687496319Z | 62 | PC: 1307d | Close file |
| 2018-12-25T12:54:07.697292062Z | 67 | PC: 1308d | Get or set file attributes |
| 2018-12-25T12:54:07.708995246Z | 44 | PC: 13091 | Get time 0x13091: mov al, dh 0x13093: xor ah, ah 0x13095: cmp al, 5 0x13097: jg 0x130cb 0x13099: mov ax, 0x600 0x1309c: mov cx, 0 0x1309f: mov dx, 0x184f 0x130a2: mov bx, 0x87 0x130a5: int 0x10 0x130a7: mov ax, 0x200 0x130aa: mov bx, 0 0x130ad: mov dx, 0xb00 0x130b0: int 0x10 0x130b2: mov dx, 0x32c 0x130b5: mov ah, 9 0x130b7: int 0x21 0x130b9: mov ah, 8 0x130bb: int 0x21 0x130bd: mov ax, 0x600 0x130c0: mov cx, 0 |
| 2018-12-25T12:54:07.713444201Z | 9 | PC: 130b9 | Display string (Could not find end pointer) |
| 2018-12-25T12:54:07.728006517Z | 8 | PC: 130bd | Console input without echo |
{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":6,"TimeBased":true,"OriginalID":16864,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:54:07.868314772Z | 47 | PC: 12e4d | Get disk transfer address |
| 2018-12-25T12:54:07.870354042Z | 26 | PC: 12e5c | Set disk transfer address |
| 2018-12-25T12:54:07.871315713Z | 25 | PC: 12e60 | Get default drive |
| 2018-12-25T12:54:07.872429833Z | 14 | PC: 12e69 | Set default drive (Drive = 'A') |
| 2018-12-25T12:54:07.888192397Z | 14 | PC: 12f09 | Set default drive (Drive = 'A') |
| 2018-12-25T12:54:07.88930374Z | 78 | PC: 12f13 | Find first file |
| 2018-12-25T12:54:07.894936727Z | 61 | PC: 12f4a | Open file (Filename = '') |
| 2018-12-25T12:54:07.901165001Z | 63 | PC: 12f5e | Read file or device (Read 16 bytes on handle 5) |
| 2018-12-25T12:54:07.907347573Z | 62 | PC: 12f8d | Close file |
| 2018-12-25T12:54:07.90899978Z | 67 | PC: 12ff0 | Get or set file attributes |
| 2018-12-25T12:54:07.921098238Z | 61 | PC: 12ffe | Open file (Filename = '') |
| 2018-12-25T12:54:07.932652957Z | 64 | PC: 13011 | Write file or device (Write 16 bytes on handle 5) |
| 2018-12-25T12:54:07.938979889Z | 66 | PC: 13027 | Move file pointer |
| 2018-12-25T12:54:07.94024246Z | 64 | PC: 1303e | Write file or device (Write 25 bytes on handle 5) |
| 2018-12-25T12:54:07.953195458Z | 64 | PC: 1305f | Write file or device (Write 893 bytes on handle 5) |
| 2018-12-25T12:54:07.961382948Z | 87 | PC: 13075 | Get or set file date and time |
| 2018-12-25T12:54:07.962709578Z | 62 | PC: 1307d | Close file |
| 2018-12-25T12:54:07.973198858Z | 67 | PC: 1308d | Get or set file attributes |
| 2018-12-25T12:54:07.982753717Z | 44 | PC: 13091 | Get time 0x13091: mov al, dh 0x13093: xor ah, ah 0x13095: cmp al, 5 0x13097: jg 0x130cb 0x13099: mov ax, 0x600 0x1309c: mov cx, 0 0x1309f: mov dx, 0x184f 0x130a2: mov bx, 0x87 0x130a5: int 0x10 0x130a7: mov ax, 0x200 0x130aa: mov bx, 0 0x130ad: mov dx, 0xb00 0x130b0: int 0x10 0x130b2: mov dx, 0x32c 0x130b5: mov ah, 9 0x130b7: int 0x21 0x130b9: mov ah, 8 0x130bb: int 0x21 0x130bd: mov ax, 0x600 0x130c0: mov cx, 0 |
| 2018-12-25T12:54:07.984755636Z | 14 | PC: 130d3 | Set default drive (Drive = 'A') |
| 2018-12-25T12:54:07.986873482Z | 26 | PC: 130df | Set disk transfer address |