{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4268,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:51:22.13447636Z | 250 | PC: 12c21 | UNKNOWN! |
| 2018-12-25T11:51:22.135737246Z | 42 | PC: 12c29 | Get date 0x12c29: cmp dl, 0x13 0x12c2c: jne 0x12c35 0x12c2e: mov byte ptr cs:[bp + 0x69f], 1 0x12c34: nop 0x12c35: mov ax, es 0x12c37: dec ax 0x12c38: mov ds, ax 0x12c3a: cmp byte ptr [0], 0x5a 0x12c3f: jne 0x12c86 0x12c41: sub word ptr [3], 0x180 0x12c47: sub word ptr [0x12], 0x180 0x12c4d: mov es, word ptr [0x12] 0x12c51: push cs 0x12c52: pop ds 0x12c53: mov si, bp 0x12c55: mov cx, 0x43a 0x12c58: xor di, di 0x12c5a: rep movsd dword ptr es:[di], dword ptr [si] 0x12c5c: xor ax, ax 0x12c5e: mov ds, ax |
| 2018-12-25T11:51:22.138414164Z | 44 | PC: 13067 | Get time 0x13067: ret 0x13068: and byte ptr [bx + 0x20], bl 0x1306b: push ax 0x1306c: dec cx 0x1306d: pop di 0x1306e: push di 0x1306f: pop di 0x13070: jb 0x130bf 0x13072: pop di 0x13073: jbe 0x130a6 0x13075: xor byte ptr cs:[bx + si], dh 0x13078: and byte ptr [di], ch 0x1307a: and byte ptr [bp + di + 0x6f], al 0x1307d: and byte ptr fs:[bp + si + 0x79], ah 0x13083: and byte ptr [bx + 0x69], bl 0x13086: jb 0x130f7 0x13088: outsb dx, byte ptr gs:[esi] 0x1308b: and byte ptr [bx + di + 0x6e], ch 0x1308e: and byte ptr [bx + di + 0x70], al 0x13091: jb 0x130fc |
| 2018-12-25T11:51:22.140621276Z | 9 | PC: 12aa2 | Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ') |
{"DateBased":true,"Day":19,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4268,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:51:22.343113913Z | 250 | PC: 12c21 | UNKNOWN! |
| 2018-12-25T11:51:22.344280779Z | 42 | PC: 12c29 | Get date 0x12c29: cmp dl, 0x13 0x12c2c: jne 0x12c35 0x12c2e: mov byte ptr cs:[bp + 0x69f], 1 0x12c34: nop 0x12c35: mov ax, es 0x12c37: dec ax 0x12c38: mov ds, ax 0x12c3a: cmp byte ptr [0], 0x5a 0x12c3f: jne 0x12c86 0x12c41: sub word ptr [3], 0x180 0x12c47: sub word ptr [0x12], 0x180 0x12c4d: mov es, word ptr [0x12] 0x12c51: push cs 0x12c52: pop ds 0x12c53: mov si, bp 0x12c55: mov cx, 0x43a 0x12c58: xor di, di 0x12c5a: rep movsd dword ptr es:[di], dword ptr [si] 0x12c5c: xor ax, ax 0x12c5e: mov ds, ax |
| 2018-12-25T11:51:22.34674288Z | 44 | PC: 13067 | Get time 0x13067: ret 0x13068: and byte ptr [bx + 0x20], bl 0x1306b: push ax 0x1306c: dec cx 0x1306d: pop di 0x1306e: push di 0x1306f: pop di 0x13070: jb 0x130bf 0x13072: pop di 0x13073: jbe 0x130a6 0x13075: xor byte ptr cs:[bx + si], dh 0x13078: and byte ptr [di], ch 0x1307a: and byte ptr [bp + di + 0x6f], al 0x1307d: and byte ptr fs:[bp + si + 0x79], ah 0x13083: and byte ptr [bx + 0x69], bl 0x13086: jb 0x130f7 0x13088: outsb dx, byte ptr gs:[esi] 0x1308b: and byte ptr [bx + di + 0x6e], ch 0x1308e: and byte ptr [bx + di + 0x70], al 0x13091: jb 0x130fc |
| 2018-12-25T11:51:22.349197713Z | 57 | PC: 9ead3 | Create subdirectory |
| 2018-12-25T11:51:22.368199456Z | 59 | PC: 9ead7 | Change current directory |
| 2018-12-25T11:51:22.376076775Z | 60 | PC: 9eae3 | Create or truncate file |
| 2018-12-25T11:51:22.387609197Z | 62 | PC: 9eaea | Close file |
| 2018-12-25T11:51:22.389885731Z | 60 | PC: 9eae3 | Create or truncate file (See above) |
| 2018-12-25T11:51:22.400941136Z | 62 | PC: 9eaea | Close file (See above) |
| 2018-12-25T11:51:22.402936426Z | 60 | PC: 9eae3 | Create or truncate file (See above) |
| 2018-12-25T11:51:22.415035589Z | 62 | PC: 9eaea | Close file (See above) |
| 2018-12-25T11:51:22.417092479Z | 60 | PC: 9eae3 | Create or truncate file (See above) |
| 2018-12-25T11:51:22.428232188Z | 62 | PC: 9eaea | Close file (See above) |
| 2018-12-25T11:51:22.430554207Z | 60 | PC: 9eae3 | Create or truncate file (See above) |
| 2018-12-25T11:51:22.442024446Z | 62 | PC: 9eaea | Close file (See above) |
| 2018-12-25T11:51:22.443744023Z | 60 | PC: 9eae3 | Create or truncate file (See above) |
| 2018-12-25T11:51:22.457950819Z | 62 | PC: 9eaea | Close file (See above) |
| 2018-12-25T11:51:22.460906098Z | 60 | PC: 9eae3 | Create or truncate file (See above) |
| 2018-12-25T11:51:22.472052084Z | 62 | PC: 9eaea | Close file (See above) |
| 2018-12-25T11:51:22.474111698Z | 60 | PC: 9eae3 | Create or truncate file (See above) |
| 2018-12-25T11:51:22.486268521Z | 62 | PC: 9eaea | Close file (See above) |
| 2018-12-25T11:51:22.488281695Z | 60 | PC: 9eae3 | Create or truncate file (See above) |
| 2018-12-25T11:51:22.499766688Z | 62 | PC: 9eaea | Close file (See above) |
| 2018-12-25T11:51:22.502123194Z | 60 | PC: 9eae3 | Create or truncate file (See above) |
| 2018-12-25T11:51:22.51428585Z | 62 | PC: 9eaea | Close file (See above) |
| 2018-12-25T11:51:22.516104929Z | 60 | PC: 9eae3 | Create or truncate file (See above) |
| 2018-12-25T11:51:22.528270972Z | 62 | PC: 9eaea | Close file (See above) |
| 2018-12-25T11:51:22.530548227Z | 60 | PC: 9eae3 | Create or truncate file (See above) |
| 2018-12-25T11:51:22.541986987Z | 62 | PC: 9eaea | Close file (See above) |
| 2018-12-25T11:51:22.544745027Z | 60 | PC: 9eae3 | Create or truncate file (See above) |
| 2018-12-25T11:51:22.557071272Z | 62 | PC: 9eaea | Close file (See above) |
| 2018-12-25T11:51:22.559355607Z | 60 | PC: 9eae3 | Create or truncate file (See above) |
| 2018-12-25T11:51:22.564989302Z | 60 | PC: 9eae3 | Create or truncate file (See above) |
| 2018-12-25T11:51:22.567478136Z | 60 | PC: 9eae3 | Create or truncate file (See above) |
| 2018-12-25T11:51:22.579423204Z | 60 | PC: 9eae3 | Create or truncate file (See above) |
| 2018-12-25T11:51:22.584956188Z | 59 | PC: 9eaf7 | Change current directory |
| 2018-12-25T11:51:22.58976368Z | 9 | PC: 12aa2 | Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ') |