{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":2,"TimeBased":true,"OriginalID":4000,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:50:47.840212415Z | 44 | PC: 12af4 | Get time 0x12af4: xor dx, cx 0x12af6: xor al, dh 0x12af8: and al, 7 0x12afa: cmp al, 2 0x12afc: jae 0x12b00 0x12afe: add al, 2 0x12b00: cmp al, 4 0x12b02: jne 0x12b05 0x12b04: inc ax 0x12b05: mov ah, al 0x12b07: or ax, 0x5058 0x12b0a: shr dl, 1 0x12b0c: jb 0x12b24 0x12b0e: mov byte ptr [di + 0x11], al 0x12b11: jmp 0x12b2f 0x12b13: add ch, cl 0x12b15: add byte ptr fs:[bp + si], ch 0x12b18: inc bx 0x12b1a: dec di 0x12b1b: dec bp |
| 2018-12-25T11:50:47.842798603Z | 26 | PC: 12b4c | Set disk transfer address |
| 2018-12-25T11:50:47.843839755Z | 78 | PC: 12b57 | Find first file |
| 2018-12-25T11:50:47.850259804Z | 79 | PC: 12b57 | Find next file (See above) |
| 2018-12-25T11:50:47.853173729Z | 79 | PC: 12b57 | Find next file (See above) |
| 2018-12-25T11:50:47.855859436Z | 61 | PC: 12b72 | Open file (Filename = 'HELLO.COM') |
| 2018-12-25T11:50:47.862796038Z | 63 | PC: 12b7c | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T11:50:47.869974995Z | 66 | PC: 12b9d | Move file pointer |
| 2018-12-25T11:50:47.871609109Z | 64 | PC: 12c0a | Write file or device (Write 349 bytes on handle 5) |
| 2018-12-25T11:50:47.874549065Z | 66 | PC: 12bbe | Move file pointer |
| 2018-12-25T11:50:47.876118606Z | 64 | PC: 12bc8 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T11:50:47.879065539Z | 87 | PC: 12bd8 | Get or set file date and time |
| 2018-12-25T11:50:47.880645822Z | 62 | PC: 12bdc | Close file |
| 2018-12-25T11:50:47.895868992Z | 79 | PC: 12b57 | Find next file (See above) |
| 2018-12-25T11:50:47.898821471Z | 79 | PC: 12b57 | Find next file (See above) |
| 2018-12-25T11:50:47.9015347Z | 79 | PC: 12b57 | Find next file (See above) |
| 2018-12-25T11:50:47.904225042Z | 79 | PC: 12b57 | Find next file (See above) |
| 2018-12-25T11:50:47.908196711Z | 79 | PC: 12b57 | Find next file (See above) |
| 2018-12-25T11:50:47.910875195Z | 79 | PC: 12b57 | Find next file (See above) |
| 2018-12-25T11:50:47.913985607Z | 26 | PC: 12b95 | Set disk transfer address |
| 2018-12-25T11:50:47.918440059Z | 74 | PC: 12cdc | Reallocate memory |
| 2018-12-25T11:50:47.91999134Z | 25 | PC: 12d13 | Get default drive |
{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":4000,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:50:48.033400226Z | 44 | PC: 12af4 | Get time 0x12af4: xor dx, cx 0x12af6: xor al, dh 0x12af8: and al, 7 0x12afa: cmp al, 2 0x12afc: jae 0x12b00 0x12afe: add al, 2 0x12b00: cmp al, 4 0x12b02: jne 0x12b05 0x12b04: inc ax 0x12b05: mov ah, al 0x12b07: or ax, 0x5058 0x12b0a: shr dl, 1 0x12b0c: jb 0x12b24 0x12b0e: mov byte ptr [di + 0x11], al 0x12b11: jmp 0x12b2f 0x12b13: add ch, cl 0x12b15: add byte ptr fs:[bp + si], ch 0x12b18: inc bx 0x12b1a: dec di 0x12b1b: dec bp |
| 2018-12-25T11:50:48.038859286Z | 26 | PC: 12b4c | Set disk transfer address |
| 2018-12-25T11:50:48.039825528Z | 78 | PC: 12b57 | Find first file |
| 2018-12-25T11:50:48.046057758Z | 79 | PC: 12b57 | Find next file (See above) |
| 2018-12-25T11:50:48.051499775Z | 79 | PC: 12b57 | Find next file (See above) |
| 2018-12-25T11:50:48.054220393Z | 61 | PC: 12b72 | Open file (Filename = 'HELLO.COM') |
| 2018-12-25T11:50:48.060564692Z | 63 | PC: 12b7c | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T11:50:48.068245277Z | 66 | PC: 12b9d | Move file pointer |
| 2018-12-25T11:50:48.069820346Z | 64 | PC: 12c0a | Write file or device (Write 349 bytes on handle 5) |
| 2018-12-25T11:50:48.072396633Z | 66 | PC: 12bbe | Move file pointer |
| 2018-12-25T11:50:48.073888121Z | 64 | PC: 12bc8 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T11:50:48.076684416Z | 87 | PC: 12bd8 | Get or set file date and time |
| 2018-12-25T11:50:48.07805065Z | 62 | PC: 12bdc | Close file |
| 2018-12-25T11:50:48.091278741Z | 79 | PC: 12b57 | Find next file (See above) |
| 2018-12-25T11:50:48.094347052Z | 79 | PC: 12b57 | Find next file (See above) |
| 2018-12-25T11:50:48.096838601Z | 79 | PC: 12b57 | Find next file (See above) |
| 2018-12-25T11:50:48.099150509Z | 79 | PC: 12b57 | Find next file (See above) |
| 2018-12-25T11:50:48.101764251Z | 79 | PC: 12b57 | Find next file (See above) |
| 2018-12-25T11:50:48.104093309Z | 79 | PC: 12b57 | Find next file (See above) |
| 2018-12-25T11:50:48.107747143Z | 26 | PC: 12b95 | Set disk transfer address |
| 2018-12-25T11:50:48.110713733Z | 74 | PC: 12cdc | Reallocate memory |
| 2018-12-25T11:50:48.112095761Z | 25 | PC: 12d13 | Get default drive |