{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17151,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:55:04.773297882Z | 42 | PC: 12e4d | Get date 0x12e4d: cmp cx, 0x7c9 0x12e51: jbe 0x12e56 0x12e53: jmp 0x130ac 0x12e56: mov ah, 0x2a 0x12e58: int 0x21 0x12e5a: cmp dh, 5 0x12e5d: jbe 0x12e62 0x12e5f: jmp 0x130ac 0x12e62: mov si, 0x3fe 0x12e65: add si, word ptr [0x103] 0x12e69: lodsw ax, word ptr [si] 0x12e6a: inc ax 0x12e6b: mov di, 0x3fe 0x12e6e: add di, word ptr [0x103] 0x12e72: stosw word ptr es:[di], ax 0x12e73: xor cx, cx 0x12e75: push ds 0x12e76: mov ds, cx 0x12e78: mov si, 0x200 0x12e7b: lodsw ax, word ptr [si] |
| 2018-12-25T12:55:04.775730148Z | 42 | PC: 12e5a | Get date 0x12e5a: cmp dh, 5 0x12e5d: jbe 0x12e62 0x12e5f: jmp 0x130ac 0x12e62: mov si, 0x3fe 0x12e65: add si, word ptr [0x103] 0x12e69: lodsw ax, word ptr [si] 0x12e6a: inc ax 0x12e6b: mov di, 0x3fe 0x12e6e: add di, word ptr [0x103] 0x12e72: stosw word ptr es:[di], ax 0x12e73: xor cx, cx 0x12e75: push ds 0x12e76: mov ds, cx 0x12e78: mov si, 0x200 0x12e7b: lodsw ax, word ptr [si] 0x12e7c: pop ds 0x12e7d: cmp ax, 0 0x12e80: jne 0x12e92 0x12e82: mov ah, 2 0x12e84: int 0x1a |
| 2018-12-25T12:55:04.777933903Z | 78 | PC: 12ece | Find first file |
| 2018-12-25T12:55:04.786602691Z | 47 | PC: 12eeb | Get disk transfer address |
| 2018-12-25T12:55:04.788048717Z | 61 | PC: 12f1f | Open file (Filename = 'c:\dos\EDIT.COM') |
| 2018-12-25T12:55:04.794677135Z | 87 | PC: 12f26 | Get or set file date and time |
| 2018-12-25T12:55:04.795964012Z | 66 | PC: 130d9 | Move file pointer |
| 2018-12-25T12:55:04.797653942Z | 66 | PC: 130d9 | Move file pointer (See above) |
| 2018-12-25T12:55:04.798916464Z | 63 | PC: 12f82 | Read file or device (Read 5 bytes on handle 5) |
| 2018-12-25T12:55:04.804291186Z | 66 | PC: 130d9 | Move file pointer (See above) |
| 2018-12-25T12:55:04.805944146Z | 64 | PC: 12ffb | Write file or device (Write 5 bytes on handle 5) |
| 2018-12-25T12:55:04.808815052Z | 66 | PC: 130d9 | Move file pointer (See above) |
| 2018-12-25T12:55:04.811340485Z | 64 | PC: 13042 | Write file or device (Write 1678 bytes on handle 5) |
| 2018-12-25T12:55:05.223721081Z | 87 | PC: 1305b | Get or set file date and time |
| 2018-12-25T12:55:05.225013724Z | 62 | PC: 1305f | Close file |
| 2018-12-25T12:55:05.231223158Z | 42 | PC: 13063 | Get date 0x13063: cmp dl, 5 0x13066: je 0x1309d 0x13068: cmp dl, 6 0x1306b: je 0x1309d 0x1306d: cmp dl, 0xa 0x13070: je 0x1309d 0x13072: cmp dl, 0xb 0x13075: je 0x1309d 0x13077: cmp dl, 0xf 0x1307a: je 0x1309d 0x1307c: cmp dl, 0x10 0x1307f: je 0x1309d 0x13081: cmp dl, 0x14 0x13084: je 0x1309d 0x13086: cmp dl, 0x15 0x13089: je 0x1309d 0x1308b: cmp dl, 0x19 0x1308e: je 0x1309d 0x13090: cmp dl, 0x1a 0x13093: je 0x1309d |
| 2018-12-25T12:55:05.233447128Z | 9 | PC: 12e26 | Display string (String= 'BCDEF- This is a 1000 byte COM test, 1994 ') |
{"DateBased":true,"Day":1,"Month":1,"Year":1993,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17151,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:55:04.858515956Z | 42 | PC: 12e4d | Get date 0x12e4d: cmp cx, 0x7c9 0x12e51: jbe 0x12e56 0x12e53: jmp 0x130ac 0x12e56: mov ah, 0x2a 0x12e58: int 0x21 0x12e5a: cmp dh, 5 0x12e5d: jbe 0x12e62 0x12e5f: jmp 0x130ac 0x12e62: mov si, 0x3fe 0x12e65: add si, word ptr [0x103] 0x12e69: lodsw ax, word ptr [si] 0x12e6a: inc ax 0x12e6b: mov di, 0x3fe 0x12e6e: add di, word ptr [0x103] 0x12e72: stosw word ptr es:[di], ax 0x12e73: xor cx, cx 0x12e75: push ds 0x12e76: mov ds, cx 0x12e78: mov si, 0x200 0x12e7b: lodsw ax, word ptr [si] |
| 2018-12-25T12:55:04.861252097Z | 42 | PC: 12e5a | Get date 0x12e5a: cmp dh, 5 0x12e5d: jbe 0x12e62 0x12e5f: jmp 0x130ac 0x12e62: mov si, 0x3fe 0x12e65: add si, word ptr [0x103] 0x12e69: lodsw ax, word ptr [si] 0x12e6a: inc ax 0x12e6b: mov di, 0x3fe 0x12e6e: add di, word ptr [0x103] 0x12e72: stosw word ptr es:[di], ax 0x12e73: xor cx, cx 0x12e75: push ds 0x12e76: mov ds, cx 0x12e78: mov si, 0x200 0x12e7b: lodsw ax, word ptr [si] 0x12e7c: pop ds 0x12e7d: cmp ax, 0 0x12e80: jne 0x12e92 0x12e82: mov ah, 2 0x12e84: int 0x1a |
| 2018-12-25T12:55:04.86412499Z | 78 | PC: 12ece | Find first file |
| 2018-12-25T12:55:04.87407526Z | 47 | PC: 12eeb | Get disk transfer address |
| 2018-12-25T12:55:04.876296901Z | 61 | PC: 12f1f | Open file (Filename = 'c:\dos\EDIT.COM') |
| 2018-12-25T12:55:04.884101455Z | 87 | PC: 12f26 | Get or set file date and time |
| 2018-12-25T12:55:04.885887758Z | 66 | PC: 130d9 | Move file pointer |
| 2018-12-25T12:55:04.887589287Z | 66 | PC: 130d9 | Move file pointer (See above) |
| 2018-12-25T12:55:04.889466477Z | 63 | PC: 12f82 | Read file or device (Read 5 bytes on handle 5) |
| 2018-12-25T12:55:04.895725382Z | 66 | PC: 130d9 | Move file pointer (See above) |
| 2018-12-25T12:55:04.897220265Z | 64 | PC: 12ffb | Write file or device (Write 5 bytes on handle 5) |
| 2018-12-25T12:55:04.908965493Z | 66 | PC: 130d9 | Move file pointer (See above) |
| 2018-12-25T12:55:04.912447844Z | 64 | PC: 13042 | Write file or device (Write 1678 bytes on handle 5) |
| 2018-12-25T12:55:05.375954069Z | 87 | PC: 1305b | Get or set file date and time |
| 2018-12-25T12:55:05.378279475Z | 62 | PC: 1305f | Close file |
| 2018-12-25T12:55:05.388622178Z | 42 | PC: 13063 | Get date 0x13063: cmp dl, 5 0x13066: je 0x1309d 0x13068: cmp dl, 6 0x1306b: je 0x1309d 0x1306d: cmp dl, 0xa 0x13070: je 0x1309d 0x13072: cmp dl, 0xb 0x13075: je 0x1309d 0x13077: cmp dl, 0xf 0x1307a: je 0x1309d 0x1307c: cmp dl, 0x10 0x1307f: je 0x1309d 0x13081: cmp dl, 0x14 0x13084: je 0x1309d 0x13086: cmp dl, 0x15 0x13089: je 0x1309d 0x1308b: cmp dl, 0x19 0x1308e: je 0x1309d 0x13090: cmp dl, 0x1a 0x13093: je 0x1309d |
| 2018-12-25T12:55:05.390733152Z | 9 | PC: 12e26 | Display string (String= 'BCDEF- This is a 1000 byte COM test, 1994 ') |