{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":30,"Second":16,"TimeBased":true,"OriginalID":309,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:40:26.456566319Z | 105 | PC: 151c0 | Get or set media id |
| 2018-12-25T11:40:26.457783989Z | 74 | PC: 151d9 | Reallocate memory |
| 2018-12-25T11:40:26.459737227Z | 74 | PC: 151ea | Reallocate memory |
| 2018-12-25T11:40:26.460957529Z | 72 | PC: 151fa | Allocate memory |
| 2018-12-25T11:40:26.462375563Z | 53 | PC: 1522b | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:40:26.464368348Z | 37 | PC: 15245 | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:40:26.465740127Z | 78 | PC: 15614 | Find first file |
| 2018-12-25T11:40:26.475657706Z | 67 | PC: 15626 | Get or set file attributes |
| 2018-12-25T11:40:26.482803783Z | 67 | PC: 1563a | Get or set file attributes |
| 2018-12-25T11:40:27.467162819Z | 61 | PC: 15643 | Open file (Filename = 'C:\WINDOWS\WIN.COM') |
| 2018-12-25T11:40:27.481795248Z | 87 | PC: 15658 | Get or set file date and time |
| 2018-12-25T11:40:27.483729022Z | 63 | PC: 1566e | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T11:40:27.490527125Z | 66 | PC: 156b4 | Move file pointer |
| 2018-12-25T11:40:27.491922002Z | 44 | PC: 15bdb | Get time 0x15bdb: xchg ax, dx 0x15bdc: xor ax, 0xffff 0x15bdf: xor dx, dx 0x15be1: div bx 0x15be3: xchg ax, dx 0x15be4: pop cx 0x15be5: pop dx 0x15be6: pop bx 0x15be7: ret 0x15be8: call 0x25bd3 0x15beb: mov cx, bx 0x15bed: mul bx 0x15bef: add si, ax 0x15bf1: rep movsb byte ptr es:[di], byte ptr [si] 0x15bf3: ret 0x15bf4: mov di, sp 0x15bf6: call 0x15bfa 0x15bf9: ret 0x15bfa: dec di 0x15bfb: dec di |
| 2018-12-25T11:40:27.49428391Z | 44 | PC: 15bdb | Get time (See above) |
| 2018-12-25T11:40:27.497058545Z | 44 | PC: 15bdb | Get time (See above) |
| 2018-12-25T11:40:27.499404266Z | 44 | PC: 15bdb | Get time (See above) |
| 2018-12-25T11:40:27.501707674Z | 44 | PC: 15bdb | Get time (See above) |
| 2018-12-25T11:40:27.505167073Z | 44 | PC: 15bdb | Get time (See above) |
| 2018-12-25T11:40:27.507466917Z | 44 | PC: 15bdb | Get time (See above) |
| 2018-12-25T11:40:27.509907977Z | 44 | PC: 15bdb | Get time (See above) |
| 2018-12-25T11:40:27.512802633Z | 44 | PC: 15bdb | Get time (See above) |
| 2018-12-25T11:40:27.514954529Z | 44 | PC: 15bdb | Get time (See above) |
| 2018-12-25T11:40:27.517045792Z | 44 | PC: 15bdb | Get time (See above) |
| 2018-12-25T11:40:27.525042656Z | 44 | PC: 15bdb | Get time (See above) |
| 2018-12-25T11:40:27.527229602Z | 44 | PC: 15bdb | Get time (See above) |
| 2018-12-25T11:40:27.529423192Z | 44 | PC: 15bdb | Get time (See above) |
| 2018-12-25T11:40:27.533030145Z | 44 | PC: 15bdb | Get time (See above) |
| 2018-12-25T11:40:27.5364983Z | 44 | PC: 15bdb | Get time (See above) |
| 2018-12-25T11:40:27.541723393Z | 44 | PC: 15b71 | Get time 0x15b71: mov byte ptr cs:[bp + 0x119e], dl 0x15b76: lea si, word ptr [bp + 0x1b6] 0x15b7a: lea di, word ptr [bp + 0x119f] 0x15b7e: mov cx, 0xfe8 0x15b81: mov al, byte ptr cs:[bp + 0x119d] 0x15b86: cmp al, 0 0x15b88: je 0x15bc2 0x15b8a: cmp al, 1 0x15b8c: je 0x15bba 0x15b8e: cmp al, 2 0x15b90: je 0x15bb2 0x15b92: cmp al, 3 0x15b94: je 0x15baa 0x15b96: cmp al, 4 0x15b98: je 0x15ba2 0x15b9a: lodsb al, byte ptr [si] 0x15b9b: neg al 0x15b9d: stosb byte ptr es:[di], al 0x15b9e: loop 0x15b9a 0x15ba0: jmp 0x15bc8 |
| 2018-12-25T11:40:27.546356846Z | 64 | PC: 156cf | Write file or device (Write 135 bytes on handle 5) |
| 2018-12-25T11:40:27.552736265Z | 64 | PC: 156e3 | Write file or device (Write 4073 bytes on handle 5) |
| 2018-12-25T11:40:27.562639432Z | 66 | PC: 156fa | Move file pointer |
| 2018-12-25T11:40:27.564894798Z | 64 | PC: 1570e | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:40:27.56843803Z | 87 | PC: 1572b | Get or set file date and time |
| 2018-12-25T11:40:27.569698984Z | 62 | PC: 1572f | Close file |
| 2018-12-25T11:40:27.577156023Z | 67 | PC: 15745 | Get or set file attributes |
| 2018-12-25T11:40:27.581845437Z | 44 | PC: 1559f | Get time 0x1559f: cmp cl, 0x1e 0x155a2: jne 0x155ac 0x155a4: cmp dh, 0xf 0x155a7: ja 0x155ac 0x155a9: jmp 0x15752 0x155ac: cmp byte ptr cs:[0], 0xcd 0x155b2: je 0x155d8 0x155b4: mov ax, es 0x155b6: add ax, 0x10 0x155b9: add word ptr cs:[bp + 0x5d1], ax 0x155be: cli 0x155bf: add ax, word ptr cs:[bp + 0x5d3] 0x155c4: mov ss, ax 0x155c6: mov sp, word ptr cs:[bp + 0x5d5] 0x155cb: sti 0x155cc: call 0x155f3 0x155cf: ljmp 0xfff0:0x100 |
| 2018-12-25T11:40:27.583824545Z | 9 | PC: 12a4a | Display string (Could not find end pointer) |
| 2018-12-25T11:40:27.602673934Z | 76 | PC: 12a4e | Terminate with return code (Return code = '36') |
{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":309,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:40:26.655001596Z | 105 | PC: 151c0 | Get or set media id |
| 2018-12-25T11:40:26.656446169Z | 74 | PC: 151d9 | Reallocate memory |
| 2018-12-25T11:40:26.657514854Z | 74 | PC: 151ea | Reallocate memory |
| 2018-12-25T11:40:26.658637431Z | 72 | PC: 151fa | Allocate memory |
| 2018-12-25T11:40:26.660215295Z | 53 | PC: 1522b | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:40:26.660997154Z | 37 | PC: 15245 | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:40:26.661821707Z | 78 | PC: 15614 | Find first file |
| 2018-12-25T11:40:26.671483691Z | 67 | PC: 15626 | Get or set file attributes |
| 2018-12-25T11:40:26.678201411Z | 67 | PC: 1563a | Get or set file attributes |
| 2018-12-25T11:40:27.466199604Z | 61 | PC: 15643 | Open file (Filename = 'C:\WINDOWS\WIN.COM') |
| 2018-12-25T11:40:27.473325715Z | 87 | PC: 15658 | Get or set file date and time |
| 2018-12-25T11:40:27.474700357Z | 63 | PC: 1566e | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T11:40:27.479938105Z | 66 | PC: 156b4 | Move file pointer |
| 2018-12-25T11:40:27.481574194Z | 44 | PC: 15bdb | Get time 0x15bdb: xchg ax, dx 0x15bdc: xor ax, 0xffff 0x15bdf: xor dx, dx 0x15be1: div bx 0x15be3: xchg ax, dx 0x15be4: pop cx 0x15be5: pop dx 0x15be6: pop bx 0x15be7: ret 0x15be8: call 0x25bd3 0x15beb: mov cx, bx 0x15bed: mul bx 0x15bef: add si, ax 0x15bf1: rep movsb byte ptr es:[di], byte ptr [si] 0x15bf3: ret 0x15bf4: mov di, sp 0x15bf6: call 0x15bfa 0x15bf9: ret 0x15bfa: dec di 0x15bfb: dec di |
| 2018-12-25T11:40:27.483740665Z | 44 | PC: 15bdb | Get time (See above) |
| 2018-12-25T11:40:27.48638291Z | 44 | PC: 15bdb | Get time (See above) |
| 2018-12-25T11:40:27.488674241Z | 44 | PC: 15bdb | Get time (See above) |
| 2018-12-25T11:40:27.491666682Z | 44 | PC: 15bdb | Get time (See above) |
| 2018-12-25T11:40:27.493961035Z | 44 | PC: 15bdb | Get time (See above) |
| 2018-12-25T11:40:27.496171337Z | 44 | PC: 15bdb | Get time (See above) |
| 2018-12-25T11:40:27.498564024Z | 44 | PC: 15bdb | Get time (See above) |
| 2018-12-25T11:40:27.500643477Z | 44 | PC: 15bdb | Get time (See above) |
| 2018-12-25T11:40:27.502809337Z | 44 | PC: 15bdb | Get time (See above) |
| 2018-12-25T11:40:27.504868131Z | 44 | PC: 15bdb | Get time (See above) |
| 2018-12-25T11:40:27.506298282Z | 44 | PC: 15bdb | Get time (See above) |
| 2018-12-25T11:40:27.507875094Z | 44 | PC: 15bdb | Get time (See above) |
| 2018-12-25T11:40:27.510374868Z | 44 | PC: 15bdb | Get time (See above) |
| 2018-12-25T11:40:27.51267118Z | 44 | PC: 15bdb | Get time (See above) |
| 2018-12-25T11:40:27.514989333Z | 44 | PC: 15bdb | Get time (See above) |
| 2018-12-25T11:40:27.516828096Z | 44 | PC: 15b71 | Get time 0x15b71: mov byte ptr cs:[bp + 0x119e], dl 0x15b76: lea si, word ptr [bp + 0x1b6] 0x15b7a: lea di, word ptr [bp + 0x119f] 0x15b7e: mov cx, 0xfe8 0x15b81: mov al, byte ptr cs:[bp + 0x119d] 0x15b86: cmp al, 0 0x15b88: je 0x15bc2 0x15b8a: cmp al, 1 0x15b8c: je 0x15bba 0x15b8e: cmp al, 2 0x15b90: je 0x15bb2 0x15b92: cmp al, 3 0x15b94: je 0x15baa 0x15b96: cmp al, 4 0x15b98: je 0x15ba2 0x15b9a: lodsb al, byte ptr [si] 0x15b9b: neg al 0x15b9d: stosb byte ptr es:[di], al 0x15b9e: loop 0x15b9a 0x15ba0: jmp 0x15bc8 |
| 2018-12-25T11:40:27.518525741Z | 64 | PC: 156cf | Write file or device (Write 135 bytes on handle 5) |
| 2018-12-25T11:40:27.522894698Z | 64 | PC: 156e3 | Write file or device (Write 4073 bytes on handle 5) |
| 2018-12-25T11:40:27.529920619Z | 66 | PC: 156fa | Move file pointer |
| 2018-12-25T11:40:27.531750999Z | 64 | PC: 1570e | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:40:27.535234534Z | 87 | PC: 1572b | Get or set file date and time |
| 2018-12-25T11:40:27.537545946Z | 62 | PC: 1572f | Close file |
| 2018-12-25T11:40:27.544635235Z | 67 | PC: 15745 | Get or set file attributes |
| 2018-12-25T11:40:27.548946835Z | 44 | PC: 1559f | Get time 0x1559f: cmp cl, 0x1e 0x155a2: jne 0x155ac 0x155a4: cmp dh, 0xf 0x155a7: ja 0x155ac 0x155a9: jmp 0x15752 0x155ac: cmp byte ptr cs:[0], 0xcd 0x155b2: je 0x155d8 0x155b4: mov ax, es 0x155b6: add ax, 0x10 0x155b9: add word ptr cs:[bp + 0x5d1], ax 0x155be: cli 0x155bf: add ax, word ptr cs:[bp + 0x5d3] 0x155c4: mov ss, ax 0x155c6: mov sp, word ptr cs:[bp + 0x5d5] 0x155cb: sti 0x155cc: call 0x155f3 0x155cf: ljmp 0xfff0:0x100 |
| 2018-12-25T11:40:27.551227573Z | 9 | PC: 12a4a | Display string (Could not find end pointer) |
| 2018-12-25T11:40:27.570206938Z | 76 | PC: 12a4e | Terminate with return code (Return code = '36') |
{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":30,"Second":0,"TimeBased":true,"OriginalID":309,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:40:26.857792342Z | 105 | PC: 151c0 | Get or set media id |
| 2018-12-25T11:40:26.859471497Z | 74 | PC: 151d9 | Reallocate memory |
| 2018-12-25T11:40:26.8608581Z | 74 | PC: 151ea | Reallocate memory |
| 2018-12-25T11:40:26.861996649Z | 72 | PC: 151fa | Allocate memory |
| 2018-12-25T11:40:26.863779514Z | 53 | PC: 1522b | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:40:26.864796275Z | 37 | PC: 15245 | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:40:26.865775286Z | 78 | PC: 15614 | Find first file |
| 2018-12-25T11:40:26.87486188Z | 67 | PC: 15626 | Get or set file attributes |
| 2018-12-25T11:40:26.88065944Z | 67 | PC: 1563a | Get or set file attributes |
| 2018-12-25T11:40:27.466813576Z | 61 | PC: 15643 | Open file (Filename = 'C:\WINDOWS\WIN.COM') |
| 2018-12-25T11:40:27.474205064Z | 87 | PC: 15658 | Get or set file date and time |
| 2018-12-25T11:40:27.475558753Z | 63 | PC: 1566e | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T11:40:27.480843419Z | 66 | PC: 156b4 | Move file pointer |
| 2018-12-25T11:40:27.482623657Z | 44 | PC: 15bdb | Get time 0x15bdb: xchg ax, dx 0x15bdc: xor ax, 0xffff 0x15bdf: xor dx, dx 0x15be1: div bx 0x15be3: xchg ax, dx 0x15be4: pop cx 0x15be5: pop dx 0x15be6: pop bx 0x15be7: ret 0x15be8: call 0x25bd3 0x15beb: mov cx, bx 0x15bed: mul bx 0x15bef: add si, ax 0x15bf1: rep movsb byte ptr es:[di], byte ptr [si] 0x15bf3: ret 0x15bf4: mov di, sp 0x15bf6: call 0x15bfa 0x15bf9: ret 0x15bfa: dec di 0x15bfb: dec di |
| 2018-12-25T11:40:27.484708876Z | 44 | PC: 15bdb | Get time (See above) |
| 2018-12-25T11:40:27.486781625Z | 44 | PC: 15bdb | Get time (See above) |
| 2018-12-25T11:40:27.48930065Z | 44 | PC: 15bdb | Get time (See above) |
| 2018-12-25T11:40:27.491456455Z | 44 | PC: 15bdb | Get time (See above) |
| 2018-12-25T11:40:27.49344831Z | 44 | PC: 15bdb | Get time (See above) |
| 2018-12-25T11:40:27.495833748Z | 44 | PC: 15bdb | Get time (See above) |
| 2018-12-25T11:40:27.498784786Z | 44 | PC: 15bdb | Get time (See above) |
| 2018-12-25T11:40:27.500882472Z | 44 | PC: 15bdb | Get time (See above) |
| 2018-12-25T11:40:27.503157714Z | 44 | PC: 15bdb | Get time (See above) |
| 2018-12-25T11:40:27.50528775Z | 44 | PC: 15bdb | Get time (See above) |
| 2018-12-25T11:40:27.507310418Z | 44 | PC: 15bdb | Get time (See above) |
| 2018-12-25T11:40:27.509538914Z | 44 | PC: 15bdb | Get time (See above) |
| 2018-12-25T11:40:27.51177373Z | 44 | PC: 15bdb | Get time (See above) |
| 2018-12-25T11:40:27.513816899Z | 44 | PC: 15bdb | Get time (See above) |
| 2018-12-25T11:40:27.515917671Z | 44 | PC: 15bdb | Get time (See above) |
| 2018-12-25T11:40:27.518785369Z | 44 | PC: 15b71 | Get time 0x15b71: mov byte ptr cs:[bp + 0x119e], dl 0x15b76: lea si, word ptr [bp + 0x1b6] 0x15b7a: lea di, word ptr [bp + 0x119f] 0x15b7e: mov cx, 0xfe8 0x15b81: mov al, byte ptr cs:[bp + 0x119d] 0x15b86: cmp al, 0 0x15b88: je 0x15bc2 0x15b8a: cmp al, 1 0x15b8c: je 0x15bba 0x15b8e: cmp al, 2 0x15b90: je 0x15bb2 0x15b92: cmp al, 3 0x15b94: je 0x15baa 0x15b96: cmp al, 4 0x15b98: je 0x15ba2 0x15b9a: lodsb al, byte ptr [si] 0x15b9b: neg al 0x15b9d: stosb byte ptr es:[di], al 0x15b9e: loop 0x15b9a 0x15ba0: jmp 0x15bc8 |
| 2018-12-25T11:40:27.521110333Z | 64 | PC: 156cf | Write file or device (Write 135 bytes on handle 5) |
| 2018-12-25T11:40:27.527012796Z | 64 | PC: 156e3 | Write file or device (Write 4073 bytes on handle 5) |
| 2018-12-25T11:40:27.536676467Z | 66 | PC: 156fa | Move file pointer |
| 2018-12-25T11:40:27.53961879Z | 64 | PC: 1570e | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:40:27.541332886Z | 87 | PC: 1572b | Get or set file date and time |
| 2018-12-25T11:40:27.543299076Z | 62 | PC: 1572f | Close file |
| 2018-12-25T11:40:27.548036937Z | 67 | PC: 15745 | Get or set file attributes |
| 2018-12-25T11:40:27.551923502Z | 44 | PC: 1559f | Get time 0x1559f: cmp cl, 0x1e 0x155a2: jne 0x155ac 0x155a4: cmp dh, 0xf 0x155a7: ja 0x155ac 0x155a9: jmp 0x15752 0x155ac: cmp byte ptr cs:[0], 0xcd 0x155b2: je 0x155d8 0x155b4: mov ax, es 0x155b6: add ax, 0x10 0x155b9: add word ptr cs:[bp + 0x5d1], ax 0x155be: cli 0x155bf: add ax, word ptr cs:[bp + 0x5d3] 0x155c4: mov ss, ax 0x155c6: mov sp, word ptr cs:[bp + 0x5d5] 0x155cb: sti 0x155cc: call 0x155f3 0x155cf: ljmp 0xfff0:0x100 |
| 2018-12-25T11:40:27.560897001Z | 44 | PC: 15bdb | Get time (See above) |